chore: update to go1.19

2022-08-09 17:36:08 +02:00 · 2022-08-09 17:36:08 +02:00 · 45453b20fa
commit 45453b20fa
parent 40d2421db9
61 changed files with 519 additions and 493 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@ -6,7 +6,7 @@ on:
      - '*'
 env:
-  GO_VERSION: 1.17
+  GO_VERSION: 1.19
  CGO_ENABLED: 0
  IN_DOCKER: ""
--- a/.github/workflows/test-unit.yaml
+++ b/.github/workflows/test-unit.yaml
@ -6,7 +6,7 @@ on:
      - '*'
 env:
-  GO_VERSION: 1.17
+  GO_VERSION: 1.19
  IN_DOCKER: ""
 jobs:
--- a/.github/workflows/validate.yaml
+++ b/.github/workflows/validate.yaml
@ -6,8 +6,8 @@ on:
      - '*'
 env:
-  GO_VERSION: 1.17
+  GO_VERSION: 1.19
-  GOLANGCI_LINT_VERSION: v1.47.1
+  GOLANGCI_LINT_VERSION: v1.48.0
  MISSSPELL_VERSION: v0.3.4
  IN_DOCKER: ""
--- a/.golangci.toml
+++ b/.golangci.toml
@ -119,6 +119,7 @@
    "interfacer", # Deprecated
    "maligned", # Deprecated
    "golint", # Deprecated
    "nosnakecase", # Deprecated
    "execinquery", # Not relevant (SQL)
    "sqlclosecheck", # Not relevant (SQL)
    "rowserrcheck", # Not relevant (SQL)
@ -159,6 +160,7 @@
    "containedctx", # too many false-positive
    "maintidx", # kind of duplicate of gocyclo
    "nonamedreturns", # not relevant
    "structcheck", # duplicate of unused
  ]
 [issues]
@ -223,14 +225,9 @@
    path = "pkg/server/router/tcp/manager.go"
    text = "Function 'buildEntryPointHandler' is too long (.+)"
 [[issues.exclude-rules]]
-    path = "integration/fake_dns_server.go"
+    path = "pkg/tls/tlsmanager_test.go"
-    linters = ["nosnakecase"]
+    text = "SA1019: config.ClientCAs.Subjects has been deprecated since Go 1.18"
 [[issues.exclude-rules]]
-    path = "pkg/plugins/providers.go"
+    path = "pkg/types/tls_test.go"
-    linters = ["nosnakecase"]
+    text = "SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18"
- [[issues.exclude-rules]]
+
    path = "pkg/tls/cipher.go"
    linters = ["nosnakecase"]
 [[issues.exclude-rules]]
    text = "O_WRONLY|O_RDWR|O_CREATE|O_TRUNC|O_APPEND"
    linters = ["nosnakecase"]
--- a/.semaphore/semaphore.yml
+++ b/.semaphore/semaphore.yml
@ -19,13 +19,13 @@ global_job_config:
  prologue:
    commands:
      - curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
-      - sudo semgo go1.17
+      - sudo semgo go1.19
      - export "GOPATH=$(go env GOPATH)"
      - export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
      - export "PATH=${GOPATH}/bin:${PATH}"
      - mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
      - export GOPROXY=https://proxy.golang.org,direct
-      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.46.2
+      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.48.0
      - curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
      - checkout
      - cache restore traefik-$(checksum go.sum)
--- a/build.Dockerfile
+++ b/build.Dockerfile
@ -1,4 +1,4 @@
-FROM golang:1.17-alpine
+FROM golang:1.19-alpine
 RUN apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
    && update-ca-certificates \
@ -13,7 +13,7 @@ RUN mkdir -p /usr/local/bin \
    | tar -xzC /usr/local/bin --transform 's#^.+/##x'
 # Download golangci-lint binary to bin folder in $GOPATH
-RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.47.1
+RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.48.0
 # Download misspell binary to bin folder in $GOPATH
 RUN curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4
--- a/docs/content/https/tls.md
+++ b/docs/content/https/tls.md
@ -396,39 +396,6 @@ spec:
  sniStrict: true
 ```
 ### Prefer Server Cipher Suites
 This option allows the server to choose its most preferred cipher suite instead of the client's.
 Please note that this is enabled automatically when `minVersion` or `maxVersion` are set.
 ```yaml tab="File (YAML)"
 # Dynamic configuration
 tls:
  options:
    default:
      preferServerCipherSuites: true
 ```
 ```toml tab="File (TOML)"
 # Dynamic configuration
 [tls.options]
  [tls.options.default]
    preferServerCipherSuites = true
 ```
 ```yaml tab="Kubernetes"
 apiVersion: traefik.containo.us/v1alpha1
 kind: TLSOption
 metadata:
  name: default
  namespace: default
 spec:
  preferServerCipherSuites: true
 ```
 ### ALPN Protocols
 _Optional, Default="h2, http/1.1, acme-tls/1"_
--- a/docs/content/migration/v2.md
+++ b/docs/content/migration/v2.md
@ -473,3 +473,10 @@ In `v2.8`, the `namespace` option of Consul and Consul Catalog providers is depr
 In `v2.8`, the `pilot.token` and `pilot.dashboard` options are deprecated.
 Please check our Blog for migration instructions later this year.
 ## v2.8.2
 Since `v2.5.0`, the `PreferServerCipherSuites` is [deprecated and ignored](https://tip.golang.org/doc/go1.17#crypto/tls) by Go,
 in `v2.8.2` the `preferServerCipherSuites` option is also deprecated and ignored in Traefik.
 In `v2.8.2`, Traefik now reject certificates signed with the SHA-1 hash function. ([details](https://tip.golang.org/doc/go1.18#sha1))
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
@ -1783,9 +1783,10 @@ spec:
                  VersionTLS13. Default: VersionTLS10.'
                type: string
              preferServerCipherSuites:
-                description: PreferServerCipherSuites defines whether the server chooses
+                description: 'PreferServerCipherSuites defines whether the server
-                  a cipher suite among his own instead of among the client's. It is
+                  chooses a cipher suite among his own instead of among the client''s.
-                  enabled automatically when minVersion or maxVersion are set.
+                  It is enabled automatically when minVersion or maxVersion is set.
                  Deprecated: https://github.com/golang/go/issues/45430'
                type: boolean
              sniStrict:
                description: SniStrict defines whether Traefik allows connections
--- a/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
@ -89,9 +89,10 @@ spec:
                  VersionTLS13. Default: VersionTLS10.'
                type: string
              preferServerCipherSuites:
-                description: PreferServerCipherSuites defines whether the server chooses
+                description: 'PreferServerCipherSuites defines whether the server
-                  a cipher suite among his own instead of among the client's. It is
+                  chooses a cipher suite among his own instead of among the client''s.
-                  enabled automatically when minVersion or maxVersion are set.
+                  It is enabled automatically when minVersion or maxVersion is set.
                  Deprecated: https://github.com/golang/go/issues/45430'
                type: boolean
              sniStrict:
                description: SniStrict defines whether Traefik allows connections
--- a/exp.Dockerfile
+++ b/exp.Dockerfile
@ -12,7 +12,7 @@ RUN yarn install
 RUN yarn build
 # BUILD
-FROM golang:1.17-alpine as gobuild
+FROM golang:1.19-alpine as gobuild
 RUN apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
    && update-ca-certificates \
--- a/go.mod
+++ b/go.mod
@ -1,6 +1,6 @@
 module github.com/traefik/traefik/v2
-go 1.17
+go 1.19
 require (
 	github.com/BurntSushi/toml v1.1.0
@ -37,7 +37,7 @@ require (
 	github.com/instana/go-sensor v1.38.3
 	github.com/klauspost/compress v1.14.2
 	github.com/kvtools/valkeyrie v0.4.1
-	github.com/lucas-clemente/quic-go v0.27.0
+	github.com/lucas-clemente/quic-go v0.28.1
 	github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f
 	github.com/miekg/dns v1.1.47
 	github.com/mitchellh/copystructure v1.0.0
@ -56,7 +56,7 @@ require (
 	github.com/stretchr/testify v1.8.0
 	github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
 	github.com/traefik/paerser v0.1.6
-	github.com/traefik/yaegi v0.13.0
+	github.com/traefik/yaegi v0.14.1
 	github.com/uber/jaeger-client-go v2.30.0+incompatible
 	github.com/uber/jaeger-lib v2.2.0+incompatible
 	github.com/unrolled/render v1.0.2
@ -67,7 +67,8 @@ require (
 	go.elastic.co/apm v1.13.1
 	go.elastic.co/apm/module/apmot v1.13.1
 	golang.org/x/mod v0.4.2
-	golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4
+	golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e
 	golang.org/x/text v0.3.7
 	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11
 	golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2
 	google.golang.org/grpc v1.38.0
@ -227,8 +228,9 @@ require (
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/marten-seemann/qpack v0.2.1 // indirect
 	github.com/marten-seemann/qtls-go1-16 v0.1.5 // indirect
-	github.com/marten-seemann/qtls-go1-17 v0.1.1 // indirect
+	github.com/marten-seemann/qtls-go1-17 v0.1.2 // indirect
-	github.com/marten-seemann/qtls-go1-18 v0.1.1 // indirect
+	github.com/marten-seemann/qtls-go1-18 v0.1.2 // indirect
 	github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 // indirect
 	github.com/mattn/go-colorable v0.1.11 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/mattn/go-shellwords v1.0.12 // indirect
@ -311,7 +313,6 @@ require (
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
 	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/api v0.44.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
--- a/go.sum
+++ b/go.sum
@ -55,7 +55,6 @@ github.com/AlecAivazis/survey/v2 v2.2.3 h1:utJR2X4Ibp2fBxdjalQUiMFf3zfQNjA15YE8+
 github.com/AlecAivazis/survey/v2 v2.2.3/go.mod h1:9FJRdMdDm8rnT+zHVbvQT2RTSTLq0Ttd6q3Vl2fahjk=
 github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v19.1.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v32.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/azure-sdk-for-go v40.3.0+incompatible h1:NthZg3psrLxvQLN6rVm07pZ9mv2wvGNaBNGQ3fnPvLE=
 github.com/Azure/azure-sdk-for-go v40.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
@ -140,7 +139,6 @@ github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXY
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
@ -235,7 +233,6 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:l
 github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
 github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
 github.com/aws/aws-sdk-go v1.15.90/go.mod h1:es1KtYUFs7le0xQ3rOihkuoVD90z7D0fR2Qm4S00/gU=
 github.com/aws/aws-sdk-go v1.16.23/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.25.37/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
@ -299,7 +296,6 @@ github.com/cenkalti/backoff/v4 v4.1.1 h1:G2HAfAmvm/GcKan2oOQpBXOd2tT2G57ZnZGWa1P
 github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261/go.mod h1:GJKEexRPVJrBSOjoqN5VNOIKJ5Q3RViH6eu3puDRwx4=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.0/go.mod h1:dgIUBU3pDso/gPgZ1osOZ0iQf77oPR28Tjxl5dIMyVM=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@ -741,7 +737,6 @@ github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3a
 github.com/go-zookeeper/zk v1.0.2 h1:4mx0EYENAdX/B/rbunjlt5+4RTA/a9SMHBRuSKdGxPM=
 github.com/go-zookeeper/zk v1.0.2/go.mod h1:nOB03cncLtlp4t+UAkGSV+9beXP/akpekBwL+UX1Qcw=
 github.com/gobs/pretty v0.0.0-20180724170744-09732c25a95b h1:/vQ+oYKu+JoyaMPDsv5FzwuL2wwWBgBbtj/YLCi4LuA=
 github.com/gobs/pretty v0.0.0-20180724170744-09732c25a95b/go.mod h1:Xo4aNUOrJnVruqWQJBtW6+bTBDTniY8yZum5rF3b5jw=
 github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
 github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
 github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
@ -868,7 +863,6 @@ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
 github.com/google/go-containerregistry v0.0.0-20191015185424-71da34e4d9b3/go.mod h1:ZXFeSndFcK4vB1NR4voH1Zm38K7ViUNiYtfIBDxrwf0=
 github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
 github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
 github.com/google/go-github/v28 v28.1.1 h1:kORf5ekX5qwXO2mGzXXOjMe/g6ap8ahVe0sBEulhSxo=
 github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM=
@ -910,7 +904,6 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go v2.0.0+incompatible h1:j0GKcs05QVmm7yesiZq2+9cxHkNK9YM6zKx4D2qucQU=
 github.com/googleapis/gax-go v2.0.0+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
 github.com/googleapis/gax-go/v2 v2.0.3/go.mod h1:LLvjysVCY1JZeum8Z6l8qUty8fiNwE08qbEPm1M08qg=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
@ -1267,7 +1260,6 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.4/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@ -1314,8 +1306,8 @@ github.com/liquidweb/liquidweb-go v1.6.3/go.mod h1:SuXXp+thr28LnjEw18AYtWwIbWMHS
 github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
 github.com/looplab/fsm v0.1.0 h1:Qte7Zdn/5hBNbXzP7yxVU4OIFHWXBovyTT2LaBTyC20=
 github.com/looplab/fsm v0.1.0/go.mod h1:m2VaOfDHxqXBBMgc26m6yUOwkFn8H2AlJDE+jd/uafI=
-github.com/lucas-clemente/quic-go v0.27.0 h1:v6WY87q9zD4dKASbG8hy/LpzAVNzEQzw8sEIeloJsc4=
+github.com/lucas-clemente/quic-go v0.28.1 h1:Uo0lvVxWg5la9gflIF9lwa39ONq85Xq2D91YNEIslzU=
-github.com/lucas-clemente/quic-go v0.27.0/go.mod h1:AzgQoPda7N+3IqMMMkywBKggIFo2KT6pfnlrQ2QieeI=
+github.com/lucas-clemente/quic-go v0.28.1/go.mod h1:oGz5DKK41cJt5+773+BSO9BXDsREY4HLf7+0odGAPO0=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
 github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
@ -1345,10 +1337,12 @@ github.com/marten-seemann/qpack v0.2.1 h1:jvTsT/HpCn2UZJdP+UUB53FfUUgeOyG5K1ns0O
 github.com/marten-seemann/qpack v0.2.1/go.mod h1:F7Gl5L1jIgN1D11ucXefiuJS9UMVP2opoCp2jDKb7wc=
 github.com/marten-seemann/qtls-go1-16 v0.1.5 h1:o9JrYPPco/Nukd/HpOHMHZoBDXQqoNtUCmny98/1uqQ=
 github.com/marten-seemann/qtls-go1-16 v0.1.5/go.mod h1:gNpI2Ol+lRS3WwSOtIUUtRwZEQMXjYK+dQSBFbethAk=
-github.com/marten-seemann/qtls-go1-17 v0.1.1 h1:DQjHPq+aOzUeh9/lixAGunn6rIOQyWChPSI4+hgW7jc=
+github.com/marten-seemann/qtls-go1-17 v0.1.2 h1:JADBlm0LYiVbuSySCHeY863dNkcpMmDR7s0bLKJeYlQ=
-github.com/marten-seemann/qtls-go1-17 v0.1.1/go.mod h1:C2ekUKcDdz9SDWxec1N/MvcXBpaX9l3Nx67XaR84L5s=
+github.com/marten-seemann/qtls-go1-17 v0.1.2/go.mod h1:C2ekUKcDdz9SDWxec1N/MvcXBpaX9l3Nx67XaR84L5s=
-github.com/marten-seemann/qtls-go1-18 v0.1.1 h1:qp7p7XXUFL7fpBvSS1sWD+uSqPvzNQK43DH+/qEkj0Y=
+github.com/marten-seemann/qtls-go1-18 v0.1.2 h1:JH6jmzbduz0ITVQ7ShevK10Av5+jBEKAHMntXmIV7kM=
-github.com/marten-seemann/qtls-go1-18 v0.1.1/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4=
+github.com/marten-seemann/qtls-go1-18 v0.1.2/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4=
 github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 h1:7m/WlWcSROrcK5NxuXaxYD32BZqe/LEEnBrWcH/cOqQ=
 github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1/go.mod h1:5HTDWtVudo/WFsHKRNuOhWlbdjrfs5JHrYb0wIJqGpI=
 github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
@ -1393,7 +1387,6 @@ github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3N
 github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
 github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
 github.com/miekg/dns v1.1.45/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/miekg/dns v1.1.47 h1:J9bWiXbqMbnZPcY8Qi2E3EWIBsIm6MZzzJB9VRg5gL8=
 github.com/miekg/dns v1.1.47/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME=
 github.com/miekg/pkcs11 v1.0.3 h1:iMwmD7I5225wv84WxIG/bmxz9AXjWvTWIbM/TYHvWtw=
@ -1702,7 +1695,6 @@ github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/qri-io/jsonpointer v0.1.0/go.mod h1:DnJPaYgiKu56EuDp8TU5wFLdZIcAnb/uH9v37ZaMV64=
 github.com/qri-io/jsonschema v0.1.1/go.mod h1:QpzJ6gBQ0GYgGmh7mDQ1YsvvhSgE4rYj0k8t5MBOmUY=
 github.com/rainycape/memcache v0.0.0-20150622160815-1031fa0ce2f2/go.mod h1:7tZKcyumwBO6qip7RNQ5r77yrssm9bfCowcLEBcU5IA=
 github.com/rancher/go-rancher-metadata v0.0.0-20200311180630-7f4c936a06ac h1:wBGhHdXKICZmvAPWS8gQoMyOWDH7QAi9bU4Z1nDWnFU=
 github.com/rancher/go-rancher-metadata v0.0.0-20200311180630-7f4c936a06ac/go.mod h1:67sLWL17mVlO1HFROaTBmU71NB4R8UNCesFHhg0f6LQ=
 github.com/rboyer/safeio v0.2.1/go.mod h1:Cq/cEPK+YXFn622lsQ0K4KsPZSPtaptHHEldsy7Fmig=
@ -1716,7 +1708,6 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
 github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
@ -1791,14 +1782,12 @@ github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic
 github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.0.1 h1:voD4ITNjPL5jjBfgR/r8fPIIBrliWrWHeiJApdr3r4w=
 github.com/smartystreets/assertions v1.0.1/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM=
 github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9 h1:hp2CYQUINdZMHdvTdXtPOY2ainKl4IoMcpAXEf2xj3Q=
 github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM=
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/gunit v1.0.4 h1:tpTjnuH7MLlqhoD21vRoMZbMIi5GmBsAJDFyF67GhZA=
 github.com/smartystreets/gunit v1.0.4/go.mod h1:EH5qMBab2UclzXUcpR8b93eHsIlp9u+pDQIRp5DZNzQ=
 github.com/softlayer/softlayer-go v0.0.0-20180806151055-260589d94c7d/go.mod h1:Cw4GTlQccdRGSEf6KiMju767x0NEHE0YIVPJSaXjlsw=
 github.com/softlayer/softlayer-go v1.0.3 h1:9FONm5xzQ9belQtbdryR6gBg4EF6hX6lrjNKi0IvZkU=
 github.com/softlayer/softlayer-go v1.0.3/go.mod h1:6HepcfAXROz0Rf63krk5hPZyHT6qyx2MNvYyHof7ik4=
@ -1864,7 +1853,6 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154 h1:XGopsea1Dw7ecQ8JscCNQXDGYAKDiWjDeXnpN/+BY9g=
@ -1912,8 +1900,8 @@ github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305 h1:y/1cL5AL2oRcfz
 github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305/go.mod h1:gXOLibKqQTRAVuVZ9gX7G9Ykky8ll8yb4slxsEMoY0c=
 github.com/traefik/paerser v0.1.6 h1:UqqAW0M3r+aF7DibUVwO1PiZ8cXLsUkpFv5hhxPCscA=
 github.com/traefik/paerser v0.1.6/go.mod h1:Dk3Bfz6Zyj13/S8pJyRdx/FNvXlsVRVbtp0UK4ZSiA0=
-github.com/traefik/yaegi v0.13.0 h1:dNwyGNSLHuRw5xswpbuW1TlzzGDciiK6uAighR1tMsc=
+github.com/traefik/yaegi v0.14.1 h1:t0ssyzeZCWTFGd/JnVuDxH/slMQfYg+2CDD4dLW/rU0=
-github.com/traefik/yaegi v0.13.0/go.mod h1:RuCwD8/wsX7b6KoQHOaIFUfuH3gQIK4KWnFFmJMw5VA=
+github.com/traefik/yaegi v0.14.1/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0=
 github.com/transip/gotransip/v6 v6.6.1 h1:nsCU1ErZS5G0FeOpgGXc4FsWvBff9GPswSMggsC4564=
 github.com/transip/gotransip/v6 v6.6.1/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=
@ -2027,10 +2015,8 @@ go.elastic.co/fastjson v1.1.0 h1:3MrGBWWVIxe/xvsbpghtkFoPciPhOCmjsR/HfwEeQR4=
 go.elastic.co/fastjson v1.1.0/go.mod h1:boNGISWMjQsUPy/t6yqt2/1Wx4YNPSe+mZjlyw9vKKI=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.4/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
 go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489 h1:1JFLBqwIgdyHN1ZtgjTBwO+blA6gVOmZurpiMEsETKo=
 go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
 go.etcd.io/etcd/api/v3 v3.5.0 h1:GsV3S+OfZEOCNXdtNkBSR7kgLobAa/SO6tCxRa0GAYw=
 go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
@ -2246,8 +2232,8 @@ golang.org/x/net v0.0.0-20211020060615-d418f374d309/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=
+golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e h1:TsQ7F31D3bUCLeqPT0u+yjp1guoArKaNKmCr22PYgTQ=
-golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/oauth2 v0.0.0-20180724155351-3d292e4d0cdc/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@ -2407,7 +2393,6 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220307203707-22a9840ba4d7/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@ -2434,7 +2419,6 @@ golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210611083556-38a9dc6acbc6/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
 golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@ -2831,7 +2815,6 @@ k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v0.4.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
@ -2872,7 +2855,6 @@ sigs.k8s.io/controller-runtime v0.9.6/go.mod h1:q6PpkM5vqQubEKUKOM6qr06oXGzOBcCb
 sigs.k8s.io/controller-tools v0.6.2/go.mod h1:oaeGpjXn6+ZSEIQkUe/+3I40PNiDYp9aeawbt3xTgJ8=
 sigs.k8s.io/gateway-api v0.4.0 h1:07IJkTt21NetZTHtPKJk2I4XIgDN4BAlTIq1wK7V11o=
 sigs.k8s.io/gateway-api v0.4.0/go.mod h1:r3eiNP+0el+NTLwaTfOrCNXy8TukC+dIM3ggc+fbNWk=
 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e h1:4Z09Hglb792X0kfOBBJUPFEyvVfQWrYT/l8h5EKA6JQ=
 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
@ -2882,7 +2864,6 @@ sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZa
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 software.sslmate.com/src/go-pkcs12 v0.0.0-20210415151418-c5206de65a78/go.mod h1:B7Wf0Ya4DHF9Yw+qfZuJijQYkWicqDa+79Ytmmq3Kjg=
 sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU=
 sourcegraph.com/sourcegraph/go-diff v0.5.0/go.mod h1:kuch7UrkMzY0X+p9CRK03kfuPQ2zzQcaEFbx8wA8rck=
 sourcegraph.com/sqs/pbtypes v0.0.0-20180604144634-d3ebe8f20ae4/go.mod h1:ketZ/q3QxT9HOBeFhu6RdvsftgpsbFHBF5Cas6cDKZ0=
--- a/integration/fixtures/https/clientca/README.md
+++ b/integration/fixtures/https/clientca/README.md
@ -1,9 +1,38 @@
 # This is how the certs were created
 Password: traefik
 ```bash
 # ca1.example.com
 # Country Name (2 letter code) [AU]:.
 # State or Province Name (full name) [Some-State]:.
 # Locality Name (eg, city) []:.
 # Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
 # Organizational Unit Name (eg, section) []:.
 # Common Name (e.g. server FQDN or YOUR name) []:ca1.example.com
 # Email Address []:.
 openssl req -new -newkey rsa:2048 -x509 -days 3650 -extensions v3_ca -keyout ca1.pem -out ca1.crt
 # ca2.example.com
 # Country Name (2 letter code) [AU]:.
 # State or Province Name (full name) [Some-State]:.
 # Locality Name (eg, city) []:.
 # Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
 # Organizational Unit Name (eg, section) []:.
 # Common Name (e.g. server FQDN or YOUR name) []:ca2.example.com
 # Email Address []:.
 openssl req -new -newkey rsa:2048 -x509 -days 3650 -extensions v3_ca -keyout ca2.pem -out ca2.crt
 # ca3.example.com
 # Country Name (2 letter code) [AU]:.
 # State or Province Name (full name) [Some-State]:.
 # Locality Name (eg, city) []:.
 # Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
 # Organizational Unit Name (eg, section) []:.
 # Common Name (e.g. server FQDN or YOUR name) []:ca3.example.com
 # Email Address []:.
 openssl req -new -newkey rsa:2048 -x509 -days 3650 -extensions v3_ca -keyout ca3.pem -out ca3.crt
 openssl rsa -in ca1.pem -out ca1.key
 openssl rsa -in ca2.pem -out ca2.key
 openssl rsa -in ca3.pem -out ca3.key
@ -14,8 +43,58 @@ openssl genrsa -out client1.key 2048
 openssl genrsa -out client2.key 2048
 openssl genrsa -out client3.key 2048
 # Country Name (2 letter code) [AU]:.
 # State or Province Name (full name) [Some-State]:.
 # Locality Name (eg, city) []:.
 # Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
 # Organizational Unit Name (eg, section) []:.
 # Common Name (e.g. server FQDN or YOUR name) []:clien1.example.com
 # Email Address []:.
 # 
 # Please enter the following 'extra' attributes
 # to be sent with your certificate request
 # A challenge password []:
 #
 # Issuer
 #   CN = ca1.example.com
 # Subject
 #   CN = clien1.example.com
 openssl req -key client1.key -new -out client1.csr
 # Country Name (2 letter code) [AU]:.
 # State or Province Name (full name) [Some-State]:.
 # Locality Name (eg, city) []:.
 # Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
 # Organizational Unit Name (eg, section) []:.
 # Common Name (e.g. server FQDN or YOUR name) []:client2.example.com
 # Email Address []:.
 # 
 # Please enter the following 'extra' attributes
 # to be sent with your certificate request
 # A challenge password []:
 #
 # Issuer
 #   CN = ca2.example.com
 # Subject
 #   CN = client2.example.com
 openssl req -key client2.key -new -out client2.csr
 # Country Name (2 letter code) [AU]:.
 # State or Province Name (full name) [Some-State]:.
 # Locality Name (eg, city) []:.
 # Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
 # Organizational Unit Name (eg, section) []:.
 # Common Name (e.g. server FQDN or YOUR name) []:client3.example.com
 # Email Address []:.
 # 
 # Please enter the following 'extra' attributes
 # to be sent with your certificate request
 # A challenge password []:
 #
 # Issuer
 #   CN = ca3.example.com
 # Subject
 #   CN = client3.example.com
 openssl req -key client3.key -new -out client3.csr
 openssl x509 -req -days 3650 -in client1.csr -CA ca1.crt -CAkey ca1.key -CAcreateserial -out client1.crt
--- a/integration/fixtures/https/clientca/ca1.crt
+++ b/integration/fixtures/https/clientca/ca1.crt
@ -1,20 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIDMjCCAhqgAwIBAgIJAKXHiSnQw6LqMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
+MIIDFTCCAf2gAwIBAgIUd9ORKqy5CUX4DnPlEEZ/d+IiUvYwDQYJKoZIhvcNAQEL
-BAMTD2NhMS5leGFtcGxlLmNvbTAeFw0xNjA2MTgxMzAyNDdaFw0yNjA2MTYxMzAy
+BQAwGjEYMBYGA1UEAwwPY2ExLmV4YW1wbGUuY29tMB4XDTIyMDgwODEyNTQwMVoX
-NDdaMBoxGDAWBgNVBAMTD2NhMS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+DTMyMDgwNTEyNTQwMVowGjEYMBYGA1UEAwwPY2ExLmV4YW1wbGUuY29tMIIBIjAN
-BQADggEPADCCAQoCggEBAL9ZNf1Pqu30i/DUyAAbEVFfCvGEmN9hfGAK44IrBqfC
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8AxPNLi5i9HrE2EdUgrKNIaLHaZP
-1ziW2Lfg2AkswNIC/T6M+lcoN0ftPhJpnP2Cdz9U/gF9FMd/XAGY/SOiun7wC8so
+44hVkqbt6eKlTTs2u9TUNQM+DFPOHhZ5vyRCEthNv1gXhIY0K7qcJZd8Ot1+h+Yo
-qdab7CMDlHP1c/XiL7lGEdm9RfynLcJ5JJn2X7mXwEZTviFtiJVmaoAl3TVNy3MZ
+sEoSU3i4WCeYhG5QWgcRmxPsZ40HGd943HkyFPE3MIAkviZ2oLxoU7Iw3F8Ly2n+
-ZyfjNac9sA5idpX66TpVO9tE1gu71nRkBvTEzO/IYv8rcWQmogvH7DN3UurP3RUK
+5oFJOlPrIMKYF4JmMpa5WqHwjAZBkNa9avrjXmNaPHTB0a7DRCeq+qackoaseTJ2
-weij01rekG3OOOXUlQgZO6mhuvrKes9Xoc901bmTkOgTq7wIFf2AZozU4wy6kZfM
+X0wfFSZsd4d0anyhYKaUlJGe8bSukkyXKzl//15zWf9TBtCf+gi38Iprn5jpr8hj
-0sdzmjMpuEr7oROepvtzFiVyNIEGDJ3QvEEY4QJaFvcCAwEAAaN7MHkwHQYDVR0O
+We0o7393UmXwQyKvPZds46p3l4Lx0PRcqf867pBtbpTVJiLVr48G462aPQIDAQAB
-BBYEFFyJ/cSOOvcsfu+WLZbi/u3t8W/uMEoGA1UdIwRDMEGAFFyJ/cSOOvcsfu+W
+o1MwUTAdBgNVHQ4EFgQURvvnzmb0HYP3fSIlUKBTuUljwJ0wHwYDVR0jBBgwFoAU
-LZbi/u3t8W/uoR6kHDAaMRgwFgYDVQQDEw9jYTEuZXhhbXBsZS5jb22CCQClx4kp
+Rvvnzmb0HYP3fSIlUKBTuUljwJ0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-0MOi6jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCOBLJJF0esBVLX
+AQsFAAOCAQEAcBY+kp7Rn4pfJXKCusgaLQ21SKuZXecnZeXYUn8TwUgfjL+oNVzh
-xmj0xa0TREXTxco40e/fmUU1cGYgl1UCCZI7MLDcl6k6Km9Sbp/LCpZx88mtLwGY
+ftQq6kD+CaYXFwAzYMi43nbJevMULqsH3R14ZTeE2zBKu+u4Q+qYQEPfVV59OfQj
-wUss2mQ058kqiUrpb/U8xEbglLrRtsp1y8z7lood/8ru39zj1/9X4MFyqNi6390I
+FxlS9yhmOnQK3FofDNbBXMpV50Zbadgq3uYL+2DiO/bTpZ2zM7jaBJkv6PRhgXM0
-zxZNf2QauUS1TMxgv6UhVE52JaAL+sn2hqA6IaSYeT9NFzFsulCr29mxlIC9SzUr
+lw9Qg9lhQWShWocMXlSS5QTddNlDBLxWI70GARS1Qj6bjhF4WMV04/aAd+m7tVgD
-Mbqri9LKX5aciy78+hQBKdXoJ5raRwttBvULabOrLhZdyvvL6QfcdgRV+JOT7vKn
+ygfs3+y3lvfZxloUDoatVs6sM/03MgZFwSPNWryRzMol3162pPnm6B2PtWsCcJvu
-htQahWSKoqhdpM6Q2pXP42/MyuKXFB5Nk8fnFiIoXH0Bs9vlPLOvToM2jYJ+LlDd
+YnXB6GI9cjYqjofBUQL/OgWBqgyghUbtMQ==
 85qbL4eP
 -----END CERTIFICATE-----
--- a/integration/fixtures/https/clientca/ca1.key
+++ b/integration/fixtures/https/clientca/ca1.key
@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAv1k1/U+q7fSL8NTIABsRUV8K8YSY32F8YArjgisGp8LXOJbY
+MIIEpAIBAAKCAQEA8AxPNLi5i9HrE2EdUgrKNIaLHaZP44hVkqbt6eKlTTs2u9TU
-t+DYCSzA0gL9Poz6Vyg3R+0+Emmc/YJ3P1T+AX0Ux39cAZj9I6K6fvALyyip1pvs
+NQM+DFPOHhZ5vyRCEthNv1gXhIY0K7qcJZd8Ot1+h+YosEoSU3i4WCeYhG5QWgcR
-IwOUc/Vz9eIvuUYR2b1F/KctwnkkmfZfuZfARlO+IW2IlWZqgCXdNU3LcxlnJ+M1
+mxPsZ40HGd943HkyFPE3MIAkviZ2oLxoU7Iw3F8Ly2n+5oFJOlPrIMKYF4JmMpa5
-pz2wDmJ2lfrpOlU720TWC7vWdGQG9MTM78hi/ytxZCaiC8fsM3dS6s/dFQrB6KPT
+WqHwjAZBkNa9avrjXmNaPHTB0a7DRCeq+qackoaseTJ2X0wfFSZsd4d0anyhYKaU
-Wt6Qbc445dSVCBk7qaG6+sp6z1ehz3TVuZOQ6BOrvAgV/YBmjNTjDLqRl8zSx3Oa
+lJGe8bSukkyXKzl//15zWf9TBtCf+gi38Iprn5jpr8hjWe0o7393UmXwQyKvPZds
-Mym4SvuhE56m+3MWJXI0gQYMndC8QRjhAloW9wIDAQABAoIBAGJ9g8mn6R5kImfK
+46p3l4Lx0PRcqf867pBtbpTVJiLVr48G462aPQIDAQABAoIBAGCZQ4J+18QJbKT2
-zksno4lTt2lLS/im0AMLd8E3bkyJgIgTNOeopupKC9HNUhaRMAYOoC24kpudmv3t
+zrrGNsreXbtHwxxYL799R354Q3cJ3iPGKMNQk7aYPvjiqImfyKsWumrGw2gELZhv
-2n1RvRB9FmX9SxlTavCdwQq3egqPGqRpS2lWXWI2dAKa8t+VjniZ8N00G9yeyFUr
+VwjVpht2KMX9e+A9XpSSnvRysrCQR+uCrrYOVXLyUKo7wMJQTzQYQdJVrvOKPPDA
-OGhqEMDiN9oy6/uiZK0jUDIwocjS5FZMBh+epM7/CnKj3uvqarmFXKcJ4ni28ww4
+AOe1bG4yHWf1NquB2XsMbDFZvaSvgHafm5ZGs535TB9hejJ5CvWGaX98RC5lBIsk
-RPrXDm+VvXa30/hK8q8Eo3C3u39TMvNEaRqMP/zqRY89fbpd1+Okno79dugFhz7D
+VMQkRh5A7kynUhcb2ITajaIzNpYtGYaY4arpSrXJ64cmykNC69uviVvYnH6LMnSo
-r/Jae9z4ChFBXegDmA/OkWOdLY5LyvwvpJpONjD/5wImY1OAJlFTg7S+2FcSVvCF
+iwBpgooopK0PsDqfQiqpoo9QwvYUfmv0OooDjeilTUkLWsmn7lPkzaWaHOSC0bLJ
-diUJ7/ECgYEA9pHYlJsWAo/izRUVhKRtBAVVjnlidxExuvOGNXpyPjZd5ruXochu
+04zzo0CgYEA+BSoMb/JD/VbTo1nOyYMGC+KPc2auyl3OwwzFIjRNhY7gTKnSxjK
-J6tAKA0rSE4RsISFVCrkQmjDgjyKa2D+o/hsTTlW3yrD4TSLI8/MrDtfCw9XRqeE
+a4k4mjtbOqVG6xQawmyP4wdgMgzndjD+gyKArG5QIUrwjtk2NBoW2FCkcUGEv8L/
-KqfeqT79Hh0icnsUVYH4eoND9CKuJ/B9NcdyUqRPm7Pnrx07SnhGHd8CgYEAxqqy
+qhrPcgSKAWPz8rgfSP+veIWPuMQfgngFwFlYL9q9YV512gD0kNUOkjsCgYEA97YC
-MPIDO2dadRqUIhWwMPIBegkZC1eeuv4pNEyukZc4+pXRshKXhvhmvz5NgsaSsKxZ
+T3EfxwsLalzjdjuy/ria0lnZJVqFX0/py2Qlf8bNpM9YvAe7llJxrMxF7AEunAt3
-O6FgqzgTceLEubVYF4hvy1TC+3Fc/PFvh4Fo3SKjtiJRJjRREDWBu6hl16Cw/83j
+mVCQBXuvSBpnC/ii/vkUl2lPscukawP2tx6i/nxIzjkgCAOcceRspJrBCFggRykf
-k6Im//8WD1ri9iFf8RjrBwYH1xHqGTkNEUHl+ekCgYEAzlIWD6uCDFzIJGGLIvXP
+C6ZrHJ2wQ+2eGOvL4EEvkSjfujoBoA/8bpS9hecCgYBVJNnZQUajuIUe/78neNZ7
-fvjTsadivE039r7Fw8QVCnfFtUetxyOHAUysH5d9a0BgTvtk8Zv+ao9tYXI1RUrh
+0o0yywdJJ2EpnfVGHfMYCidgH191kcufftgzbx3Pkfw2II9SnWoA9H4aj309fnFL
-aOV8AlaDmbQYOj8UWsAL/OalTgTlO+r6jhLwH2DkvqkUZQUWa8KY4DMszoGihysW
+1qKtC6tq0cqgbIKC/VVL5tmZmXATVLzkyBDcxBwNgB2w92qdZkv2JHkAZCegYssu
-KsUcpYh2UMyGhqKINXVU/rMCgYEAqJxbG9trDtHLHjRuoPcTUJc01aQ/EzdMSpxH
+ijuPKRcIfSAbs2o87zLyEwKBgQCd4tjeIdCLYbLI/KPOvIZ+bNPht3r8oBHaimkO
-0FF8n6he/Z6GGMJaxHyyh4GTO3jZKwU7vrZaWzb+mdvC53KXz3FGoKXRzqIKL8uh
+RqrQIrr4jWCVmKgsTChAZ4M5xhcbRwPYKM1jcU5rushrjPL3aXOCfpFZVd9ahpA+
-wrn8jCJIG97ITMp+OmmPL/veY8HIN3NAwR4QR5jx2hpjIk51JSTm5FEj+k8EBmA7
+b7ycUENnjmmoMgUJYvsMf8cBton8UW2EU3J6Ltgms9HNOJ4eNe5Hq7HOVSKsDwRq
-TPhG/XECgYA9e9B0jgR2aFSAWzpGMZYPW+NdGQlySv94AJmfF8U5J7PmU2BojvVn
+x0t1iQKBgQDSbmsLFg91TqG3iBRY58vcJFxSUZWBSYn0v5TJBcoJn7ryPIwgNDSH
-bhWNSQk2LI/mTjLgB+liYtLqFGkgIrJdbBOQ8hKSBPGQltSR0Dvf0ZK/0F1hqDTW
+gcJKB0N7P7tR8fmkeCNFYixuUhUhMQRgsJ+alOoHzOI/TkD0dUXECHykppy2oxVY
-m3AUvPZthNMNJIYkTav5a246tyKkmg11nUQsgoqdxCrEiLyv48PFnw==
+/rpxpjrhEqzM0TovTXTTQzvHKgJraAdEurDTJk0zPAwsoF+kwpRGZg==
 -----END RSA PRIVATE KEY-----
--- a/integration/fixtures/https/clientca/ca1.srl
+++ b/integration/fixtures/https/clientca/ca1.srl
@ -1 +1 @@
-83E81F36599F4400
+83E81F36599F4402
--- a/integration/fixtures/https/clientca/ca1and2.crt
+++ b/integration/fixtures/https/clientca/ca1and2.crt
@ -1,40 +1,38 @@
 -----BEGIN CERTIFICATE-----
-MIIDMjCCAhqgAwIBAgIJAKXHiSnQw6LqMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
+MIIDFTCCAf2gAwIBAgIUd9ORKqy5CUX4DnPlEEZ/d+IiUvYwDQYJKoZIhvcNAQEL
-BAMTD2NhMS5leGFtcGxlLmNvbTAeFw0xNjA2MTgxMzAyNDdaFw0yNjA2MTYxMzAy
+BQAwGjEYMBYGA1UEAwwPY2ExLmV4YW1wbGUuY29tMB4XDTIyMDgwODEyNTQwMVoX
-NDdaMBoxGDAWBgNVBAMTD2NhMS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+DTMyMDgwNTEyNTQwMVowGjEYMBYGA1UEAwwPY2ExLmV4YW1wbGUuY29tMIIBIjAN
-BQADggEPADCCAQoCggEBAL9ZNf1Pqu30i/DUyAAbEVFfCvGEmN9hfGAK44IrBqfC
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8AxPNLi5i9HrE2EdUgrKNIaLHaZP
-1ziW2Lfg2AkswNIC/T6M+lcoN0ftPhJpnP2Cdz9U/gF9FMd/XAGY/SOiun7wC8so
+44hVkqbt6eKlTTs2u9TUNQM+DFPOHhZ5vyRCEthNv1gXhIY0K7qcJZd8Ot1+h+Yo
-qdab7CMDlHP1c/XiL7lGEdm9RfynLcJ5JJn2X7mXwEZTviFtiJVmaoAl3TVNy3MZ
+sEoSU3i4WCeYhG5QWgcRmxPsZ40HGd943HkyFPE3MIAkviZ2oLxoU7Iw3F8Ly2n+
-ZyfjNac9sA5idpX66TpVO9tE1gu71nRkBvTEzO/IYv8rcWQmogvH7DN3UurP3RUK
+5oFJOlPrIMKYF4JmMpa5WqHwjAZBkNa9avrjXmNaPHTB0a7DRCeq+qackoaseTJ2
-weij01rekG3OOOXUlQgZO6mhuvrKes9Xoc901bmTkOgTq7wIFf2AZozU4wy6kZfM
+X0wfFSZsd4d0anyhYKaUlJGe8bSukkyXKzl//15zWf9TBtCf+gi38Iprn5jpr8hj
-0sdzmjMpuEr7oROepvtzFiVyNIEGDJ3QvEEY4QJaFvcCAwEAAaN7MHkwHQYDVR0O
+We0o7393UmXwQyKvPZds46p3l4Lx0PRcqf867pBtbpTVJiLVr48G462aPQIDAQAB
-BBYEFFyJ/cSOOvcsfu+WLZbi/u3t8W/uMEoGA1UdIwRDMEGAFFyJ/cSOOvcsfu+W
+o1MwUTAdBgNVHQ4EFgQURvvnzmb0HYP3fSIlUKBTuUljwJ0wHwYDVR0jBBgwFoAU
-LZbi/u3t8W/uoR6kHDAaMRgwFgYDVQQDEw9jYTEuZXhhbXBsZS5jb22CCQClx4kp
+Rvvnzmb0HYP3fSIlUKBTuUljwJ0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-0MOi6jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCOBLJJF0esBVLX
+AQsFAAOCAQEAcBY+kp7Rn4pfJXKCusgaLQ21SKuZXecnZeXYUn8TwUgfjL+oNVzh
-xmj0xa0TREXTxco40e/fmUU1cGYgl1UCCZI7MLDcl6k6Km9Sbp/LCpZx88mtLwGY
+ftQq6kD+CaYXFwAzYMi43nbJevMULqsH3R14ZTeE2zBKu+u4Q+qYQEPfVV59OfQj
-wUss2mQ058kqiUrpb/U8xEbglLrRtsp1y8z7lood/8ru39zj1/9X4MFyqNi6390I
+FxlS9yhmOnQK3FofDNbBXMpV50Zbadgq3uYL+2DiO/bTpZ2zM7jaBJkv6PRhgXM0
-zxZNf2QauUS1TMxgv6UhVE52JaAL+sn2hqA6IaSYeT9NFzFsulCr29mxlIC9SzUr
+lw9Qg9lhQWShWocMXlSS5QTddNlDBLxWI70GARS1Qj6bjhF4WMV04/aAd+m7tVgD
-Mbqri9LKX5aciy78+hQBKdXoJ5raRwttBvULabOrLhZdyvvL6QfcdgRV+JOT7vKn
+ygfs3+y3lvfZxloUDoatVs6sM/03MgZFwSPNWryRzMol3162pPnm6B2PtWsCcJvu
-htQahWSKoqhdpM6Q2pXP42/MyuKXFB5Nk8fnFiIoXH0Bs9vlPLOvToM2jYJ+LlDd
+YnXB6GI9cjYqjofBUQL/OgWBqgyghUbtMQ==
 85qbL4eP
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
-MIIDMjCCAhqgAwIBAgIJAKjhXgiuPQexMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
+MIIDFTCCAf2gAwIBAgIUIWnDZc2Ul/6Jjwl1ebxLY2X2WW0wDQYJKoZIhvcNAQEL
-BAMTD2NhMi5leGFtcGxlLmNvbTAeFw0xNjA2MTgxMzAzMjJaFw0yNjA2MTYxMzAz
+BQAwGjEYMBYGA1UEAwwPY2EyLmV4YW1wbGUuY29tMB4XDTIyMDgwODEyNTUwOFoX
-MjJaMBoxGDAWBgNVBAMTD2NhMi5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+DTMyMDgwNTEyNTUwOFowGjEYMBYGA1UEAwwPY2EyLmV4YW1wbGUuY29tMIIBIjAN
-BQADggEPADCCAQoCggEBAMx8S4U3tdeMGn1NEUNWCmD7pIYUCUhtORrn2rqF5b2M
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0u67vlS3M+Camru1bEbatPmfJaya
-ZQJZXAIfWJ7KrGjn8W7KPx8/V2FREHF1Z6v1fpB2rfCIFo97HszhQEt6lduKup2j
+Ovjr0tRzRGzos4V2x4S/j5FSM9a5K2aOaR8LzGlVqAzbBrweY0JJ4BeHmC8istkq
-09ItpFjec7RahwaMksYDwl4PaxgKe2OYdLFJ/QIv8+I01vWPXFmHgZkBHQWhR5nV
+0PPyVYb8w3oLyORwIOF+MxMoHyAGUgzQCPe4uSiqEU3nCtKQlw+MtDuMRYRQMh/M
-TvGM6MU834e+PXxCXfcaC8VYpbHYKYxHmM5Sxa5V9WlppBBshB0OL+KrCPXwPqHl
+45AmUot4ZirAmkZd7UmC6HTPFMHVTmLaquvmuLV17278zKN+g8d2HRQRaSGBLVF4
-StZPkG2p2qJUjCZ38uDx605RYaORZ0eDhrKj4M3lJzOTTcC4I77BzTb74+GcRT+R
+mScwulQJdpoDWdRljpa6oe6pzXjzMqcNwQd8j9zJefs6HFo1xw8DzJUO86PIPzG6
-lJMrWrS22jNZONnawBdbTWIFM4PzaqVvE7qVwZK1M5UCAwEAAaN7MHkwHQYDVR0O
+ZLRlOUvM/D30LBwQLXEDaGxy0Lu9z8q02JX0n0/S++tOXPVB+8Q5hNtTiQIDAQAB
-BBYEFPooSq3ZvoyIzRQ96/dwUC0LDBvRMEoGA1UdIwRDMEGAFPooSq3ZvoyIzRQ9
+o1MwUTAdBgNVHQ4EFgQUZxCwBVEPiTUcnU6bSGQaALZdPP8wHwYDVR0jBBgwFoAU
-6/dwUC0LDBvRoR6kHDAaMRgwFgYDVQQDEw9jYTIuZXhhbXBsZS5jb22CCQCo4V4I
+ZxCwBVEPiTUcnU6bSGQaALZdPP8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-rj0HsTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCvRgu11LrF7G9X
+AQsFAAOCAQEAeVbg19gee+RkL8KMRshCllk2PSnAm6GqSqopAzaJqQg26r+rPWdK
-yuvUwBZJ8FgjAMPwXQIAYg47tlvD9ZDiZgXVulWOm6aHpT520MjNO9f0oKpsrSsh
+LAelyB6h/UegXzFY7D59jURoAES29Bftje+OCxVoeYVamDj/1cqqdspmTdBfGj8e
-7bsO4GSkbTPgGekbw4P3JtXAvlBEB5uabpdmF37Pg9s7dU/MeXCElzWF+yLVAo7o
+25ys++7fl0DLTmGbpLjDFkVw52o8KF56EdZ26ZSHVCqurQACF6BmSed23NasA1VL
-Hj1UlENxh08FzlErNw6Djy2FZAADeSZ3LmHUl+50rrp5/DxrEhkHFm8dTTjFVPnK
+a7HErJv78gR0vIDIsJfxFic2ssEkuAOL1vVTf6sJtc/mD5Q7R/inDsn2kl/7/sfo
-KrnYLM8R7+v2Ysk6hTy4kwyiTKVZurK7ELRvS0RxWhtbVCXJ2HS1lv/LgEH1hyIP
+JRMsUvqT9glNKnrr5vLPwJGhEcS5WgpWdsFD0elB3GoHYJen8EoHYZ+gANPa2rSu
-SwvyZ25JhcGrBAL/jpzTxdDEGsPfUSVfrUhrhDWxg0dzY+ptwdTWHqxyR2YKmOgU
+AiwDPiHEPM9AFUZA9MQMfzsXobZP7WElWg==
 dKYIz/nK
 -----END CERTIFICATE-----
--- a/integration/fixtures/https/clientca/ca2.crt
+++ b/integration/fixtures/https/clientca/ca2.crt
@ -1,20 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIDMjCCAhqgAwIBAgIJAKjhXgiuPQexMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
+MIIDFTCCAf2gAwIBAgIUIWnDZc2Ul/6Jjwl1ebxLY2X2WW0wDQYJKoZIhvcNAQEL
-BAMTD2NhMi5leGFtcGxlLmNvbTAeFw0xNjA2MTgxMzAzMjJaFw0yNjA2MTYxMzAz
+BQAwGjEYMBYGA1UEAwwPY2EyLmV4YW1wbGUuY29tMB4XDTIyMDgwODEyNTUwOFoX
-MjJaMBoxGDAWBgNVBAMTD2NhMi5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+DTMyMDgwNTEyNTUwOFowGjEYMBYGA1UEAwwPY2EyLmV4YW1wbGUuY29tMIIBIjAN
-BQADggEPADCCAQoCggEBAMx8S4U3tdeMGn1NEUNWCmD7pIYUCUhtORrn2rqF5b2M
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0u67vlS3M+Camru1bEbatPmfJaya
-ZQJZXAIfWJ7KrGjn8W7KPx8/V2FREHF1Z6v1fpB2rfCIFo97HszhQEt6lduKup2j
+Ovjr0tRzRGzos4V2x4S/j5FSM9a5K2aOaR8LzGlVqAzbBrweY0JJ4BeHmC8istkq
-09ItpFjec7RahwaMksYDwl4PaxgKe2OYdLFJ/QIv8+I01vWPXFmHgZkBHQWhR5nV
+0PPyVYb8w3oLyORwIOF+MxMoHyAGUgzQCPe4uSiqEU3nCtKQlw+MtDuMRYRQMh/M
-TvGM6MU834e+PXxCXfcaC8VYpbHYKYxHmM5Sxa5V9WlppBBshB0OL+KrCPXwPqHl
+45AmUot4ZirAmkZd7UmC6HTPFMHVTmLaquvmuLV17278zKN+g8d2HRQRaSGBLVF4
-StZPkG2p2qJUjCZ38uDx605RYaORZ0eDhrKj4M3lJzOTTcC4I77BzTb74+GcRT+R
+mScwulQJdpoDWdRljpa6oe6pzXjzMqcNwQd8j9zJefs6HFo1xw8DzJUO86PIPzG6
-lJMrWrS22jNZONnawBdbTWIFM4PzaqVvE7qVwZK1M5UCAwEAAaN7MHkwHQYDVR0O
+ZLRlOUvM/D30LBwQLXEDaGxy0Lu9z8q02JX0n0/S++tOXPVB+8Q5hNtTiQIDAQAB
-BBYEFPooSq3ZvoyIzRQ96/dwUC0LDBvRMEoGA1UdIwRDMEGAFPooSq3ZvoyIzRQ9
+o1MwUTAdBgNVHQ4EFgQUZxCwBVEPiTUcnU6bSGQaALZdPP8wHwYDVR0jBBgwFoAU
-6/dwUC0LDBvRoR6kHDAaMRgwFgYDVQQDEw9jYTIuZXhhbXBsZS5jb22CCQCo4V4I
+ZxCwBVEPiTUcnU6bSGQaALZdPP8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-rj0HsTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCvRgu11LrF7G9X
+AQsFAAOCAQEAeVbg19gee+RkL8KMRshCllk2PSnAm6GqSqopAzaJqQg26r+rPWdK
-yuvUwBZJ8FgjAMPwXQIAYg47tlvD9ZDiZgXVulWOm6aHpT520MjNO9f0oKpsrSsh
+LAelyB6h/UegXzFY7D59jURoAES29Bftje+OCxVoeYVamDj/1cqqdspmTdBfGj8e
-7bsO4GSkbTPgGekbw4P3JtXAvlBEB5uabpdmF37Pg9s7dU/MeXCElzWF+yLVAo7o
+25ys++7fl0DLTmGbpLjDFkVw52o8KF56EdZ26ZSHVCqurQACF6BmSed23NasA1VL
-Hj1UlENxh08FzlErNw6Djy2FZAADeSZ3LmHUl+50rrp5/DxrEhkHFm8dTTjFVPnK
+a7HErJv78gR0vIDIsJfxFic2ssEkuAOL1vVTf6sJtc/mD5Q7R/inDsn2kl/7/sfo
-KrnYLM8R7+v2Ysk6hTy4kwyiTKVZurK7ELRvS0RxWhtbVCXJ2HS1lv/LgEH1hyIP
+JRMsUvqT9glNKnrr5vLPwJGhEcS5WgpWdsFD0elB3GoHYJen8EoHYZ+gANPa2rSu
-SwvyZ25JhcGrBAL/jpzTxdDEGsPfUSVfrUhrhDWxg0dzY+ptwdTWHqxyR2YKmOgU
+AiwDPiHEPM9AFUZA9MQMfzsXobZP7WElWg==
 dKYIz/nK
 -----END CERTIFICATE-----
--- a/integration/fixtures/https/clientca/ca2.key
+++ b/integration/fixtures/https/clientca/ca2.key
@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAzHxLhTe114wafU0RQ1YKYPukhhQJSG05GufauoXlvYxlAllc
+MIIEpAIBAAKCAQEA0u67vlS3M+Camru1bEbatPmfJayaOvjr0tRzRGzos4V2x4S/
-Ah9YnsqsaOfxbso/Hz9XYVEQcXVnq/V+kHat8IgWj3sezOFAS3qV24q6naPT0i2k
+j5FSM9a5K2aOaR8LzGlVqAzbBrweY0JJ4BeHmC8istkq0PPyVYb8w3oLyORwIOF+
-WN5ztFqHBoySxgPCXg9rGAp7Y5h0sUn9Ai/z4jTW9Y9cWYeBmQEdBaFHmdVO8Yzo
+MxMoHyAGUgzQCPe4uSiqEU3nCtKQlw+MtDuMRYRQMh/M45AmUot4ZirAmkZd7UmC
-xTzfh749fEJd9xoLxVilsdgpjEeYzlLFrlX1aWmkEGyEHQ4v4qsI9fA+oeVK1k+Q
+6HTPFMHVTmLaquvmuLV17278zKN+g8d2HRQRaSGBLVF4mScwulQJdpoDWdRljpa6
-banaolSMJnfy4PHrTlFho5FnR4OGsqPgzeUnM5NNwLgjvsHNNvvj4ZxFP5GUkyta
+oe6pzXjzMqcNwQd8j9zJefs6HFo1xw8DzJUO86PIPzG6ZLRlOUvM/D30LBwQLXED
-tLbaM1k42drAF1tNYgUzg/NqpW8TupXBkrUzlQIDAQABAoIBAGFMg2LQL2Zw8+nL
+aGxy0Lu9z8q02JX0n0/S++tOXPVB+8Q5hNtTiQIDAQABAoIBAQCVRaORd0xLJzji
-UfuIZUfgdViXEBO2ZQW4bQtzyu12cFm9y1n3MGPebEs+klL1STPFH/7eY8SY6MuZ
+JdKnNKFUD49jzvk6oKvrALQuCVDIsruzSKt0A2iEDQHvx90iYXktCKI4khhydLCg
-9K8oyXs6RgHfw7gZNk6z9bqROFrqKVBJB3qB3uxiZv1mxjASednn3D2EP1IUqPHz
+l+nF74Di3wCURwF47BpkEmpQP8+VNKxxaIKxzG3JURWH/U8/+Wc9iZyJMHNAAnGW
-EsCHsLRiECaoIHk5USFMtlKHe1pmmsvQrQX7EV9Qg0VSGvQlgxc/Pcg/WeB6uT6u
+pcdySO3kyFUkk8KgjIPCSLdEvh6dTcQEjWmyFQAl5DCZZZ6wbs39EFGLtFXO/27D
-CS2serWpUE2dBUTJisnUuL7F5/3JbPEPbUG4eeTcO8IafvgdOgFEc5qUlYCFFai0
+nkrEyMZh1Lo5QbQjYyqhz3iJVenrc1yc2iubF+0N7iZk3xuMNhMMvbSN6YfcTYn4
-fvjSabXrJO9QE1Huw0gyC/5FHlVr5x4aJ8NzPKcMRYqn7jpdwA0eyLyBo/KtPIbJ
+FaH4XwG0OdFUMzXeI9wEen+VA30uD464ovxbtpQrDOx7bZAHUy8nGp2zyflrvv7p
-6s0PFAECgYEA98cKuyaBXpPyG7/Y0C89Mzlt5+Qr0fpPksH6GEelPJVdhrdXP32W
+A8KparFtAoGBAOn21mp2qfo4XihkeawQ3i/eV3b4Aqfcl+sBq0AnOlTUfdCARGx2
-66ROgCVZpf2pQeCCHfXyWdZQwEdSf+8ee1DJMSNgIm4Usqp6yIDS0iZ7pPWz0KSI
+ciNXgHRwODoAqWf5PtDxzH3fc4EUQWDDgpxVJNMA2yOpCwzgNePzvdv3iTBkB1My
-un/dm3lRE7hFMIQfbNf3rA0WD8Ani3c76eZruwQ5DNdXNOM+z1DN38UCgYEA00V4
+uplkh7pXRkLGv+qyDgy+On8xrHPhBBxMWogT57MXlmy4YYDEjAwGU+ErAoGBAObM
-6UOCcA3romkXuIyeyh/tuJ6K1J3ApUxA+E42f4raSMSMgnlAwpL0Wmt11bBOmToi
+kxB/tZF0VbrZCpTdnjPBH6tR+w2IUSMkgvx3YRc9Lx5TYK+TFmMkDjG/enr88rYA
-UAtwFcTfJRJSOvfmM/nd66592FAV/D4xcDIiNGh4xNDi8LSKmSj0WRYPU3YjkdFN
+kMe6qBzfajfGZKhlaHyG/0rxnuvpJHUjD0XSpF97z6uzETjADMLcE6O48AT6cxZw
-SwI48LmQKMfj3P8fClazKsdcDccfO4pyhEK98ZECgYEAt8QZw1/1hw22/Lm2tgCz
+irpO4eZG0haobSsGlka6K9bMG3KGy75NHNAIdbwbAoGATMhZbe8rsZa2MANpevK+
-JTCswNXLYjqBldjkAenxNROaf/WucdpVeoMr7YLGEIQnakJ2fn4QtmxrC5BaMaRJ
+OG97vOt/058trE6L6S32ksh50eeGjSICK18YJR5/FWoKLrk5yFDSj6y5t27yVdNU
-OTBbZ2RTQnXeR/yEf/x7X31HKrtIF7BP7/Ixi8PYTAXY2vjCzdkHScWS3S+opJlU
+FgJLZ4QsZvOfUMZ0aS8g7AO83ki1rrRDUPwRHzJtOJUJfviYa84yXHPs6Mq8Ep1s
-CE/rCpNBNLLpbMI1rVDCv/kCgYEAkP3/sg67yQ00prx7JBOVsl/hNK/R1YMCQC8p
+SKRfsgLXty57sUrPu1KITKkCgYEA5Ix8rX/pywoKwyaeheAYA2Qg+kQKedIdltFX
-838x1axEjGYfjDeM4zwZaKiRMPsTpgMIo2iGHtqCzh1Zw9B38znLPMD+6uJjhD5m
+LK8C5EJgYIVsXzEmoDJaJAVbQmMt7fENbdt3EnBi/KxnjSIun/IG6K3wE+khgyWe
-jXpKkS8VmvVEmi89Y0mBEFacZAoS9TLwWccHruWa8vHkBror4luIEJbLLUV3wNQO
+wCPhRfSTJ5IBYdM8T9IjWKOQez2Prg7wMaJfrOtAq9NJl6vEMHG3a9Ne8sBtDhvK
-LYjkdJECgYBcIjZ1iQiOmFL8lm/JlPOs2JcT33fjnubreHkiG42dZFN2S8D5MdU5
+hm96NzUCgYBhgRVgTdkRN/mtvwwpCM6+uCKqcLxfzaP8WBPNjCpAnHUhtjTzIu6d
-JBP6IVVllPmbptw9T4wcw+bjVa0LQtQMGZLMxdx5nJp5dmFE0Pj8MjLpLy641Vlx
+rV4KmY4YwP2hpPerHTAFFF0xIGmK8LFf8yYgHZfGmU4RyXkcXPy5V/W+9HoL3BZJ
-5sv2O+eRpt4yCiuHcuvDrKPGTyM2YqF7ilQwSC5Cfki155InnU2QUg==
+taP552nYQgjHYS8a1b0S1KOZdi9aD1XkUAr4yYY4XjtQOAnxxV00ng==
 -----END RSA PRIVATE KEY-----
--- a/integration/fixtures/https/clientca/ca2.srl
+++ b/integration/fixtures/https/clientca/ca2.srl
@ -1 +1 @@
-9EAC6D05226C2216
+9EAC6D05226C2217
--- a/integration/fixtures/https/clientca/ca3.crt
+++ b/integration/fixtures/https/clientca/ca3.crt
@ -1,20 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIDMjCCAhqgAwIBAgIJAK/JGxwwmv1jMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
+MIIDFTCCAf2gAwIBAgIUE2XAk+pNqunIIlDljfERtUQU22UwDQYJKoZIhvcNAQEL
-BAMTD2NhMy5leGFtcGxlLmNvbTAeFw0xNjA2MTgxMzAzNTNaFw0yNjA2MTYxMzAz
+BQAwGjEYMBYGA1UEAwwPY2EzLmV4YW1wbGUuY29tMB4XDTIyMDgwODEyNTUzNloX
-NTNaMBoxGDAWBgNVBAMTD2NhMy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+DTMyMDgwNTEyNTUzNlowGjEYMBYGA1UEAwwPY2EzLmV4YW1wbGUuY29tMIIBIjAN
-BQADggEPADCCAQoCggEBAO0B9iUp5w0m1NWC9QYWhxSE/emmmKcx99DWnzKZoIbj
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrtum7YU8772bC1PwTYoydk7dj0Z
-TSRQtyhx+9c2z1dYAFZQpdVRSKQFn1IO8s51wlIc01KLFflz4EvSfAKZiAnkOOez
+Ku0JQ/rNnesN/PG7vUmdidz5s0j181MSdogyT6tf/w0derMVwBtu1SR1eF1i0Cm2
-wzVQ8JWgKfOJV/ZctFPo4xtdhQmO1+U+YgSfU0ASEhHvHbIPTUJNRTfkJsGygq4q
+5MCEAn8rAz+S2DpLitM+VrgqjJUEzyAhQyGT0nXWXObU2Y483fvC59iJklKGYje7
-/p9uA1TsjM4bh6AkiD1OlGjp0lbkzn3LLYpXWvgGsuejsdVkJS5pn2NKjkqVhhEg
+ezP7cfMJwOO0Ox4NRNY05qKWoLjwWvn7gGSrXeeuoJgwTpPe+aZOEi/Hf05jb4UZ
-g7hKKqm8Nc3mb+vGhw/fNppN/xeOswpMPaW77LppyFoDd/OmqqWrbzn2Fqw1nELh
+KvJCd0SGrk4NU5PmXL7x6NjskXBDwM9hgRTvKM8J9chLqcAoq1bHJUGdIshDY190
-zfo7AkKPyRm8eU3wSTIdmaXx1R5qPjqEmYrrDZ2HXa8CAwEAAaN7MHkwHQYDVR0O
+ReRxMSMskF3VNkTWUiOgDdRTsD8DwB4LLXPPImntwOPGo+JmIDaLAMVtZwIDAQAB
-BBYEFMR6dBZAeGgkxwSC/62xGwLEdXCdMEoGA1UdIwRDMEGAFMR6dBZAeGgkxwSC
+o1MwUTAdBgNVHQ4EFgQU8DqrLr9VwRwdc5T6L2JdkFQu6/wwHwYDVR0jBBgwFoAU
-/62xGwLEdXCdoR6kHDAaMRgwFgYDVQQDEw9jYTMuZXhhbXBsZS5jb22CCQCvyRsc
+8DqrLr9VwRwdc5T6L2JdkFQu6/wwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
-MJr9YzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQB3VgvPnLEEfbj4
+AQsFAAOCAQEAplcU42Wu+cLahP5bfvDFfLR9DkSwKZH1GizByMT7g0AqfZdvGL18
-Z61q8oKneklZV+WpDyWSodI6M1l/0pXJCTDRROJ37KaQHLJRQo+rMJiYKvQkCU+y
+vmV8K/SRd0VKsfrjmOHtgkEM9xbESyIAWZmPNcSu+oQOr52TKSh5p3IXn53KT+Z2
-9JhLdRdMEzy++9hIWiNbDiy3BNMUiQOS1234WVFBosQ6uXNhXbL/Anl4xgiFFRZG
+7xM0yWXSRj9UERmuA3SXYjBRUnFp6GGelsOGRjT4nExIWanGif7U3oYVle9hBucH
-FehjPo0XRvxmBHnrnE1Rce0EmU/1bwVglu8e7mG5bs0gQrXTRlTkxvucyi+B6npF
+5eLn+nhEausv2vGI18Lx4N25/7ieIryWcwlkvGtRl0rB5Pcp75BnSOFeN7DXhNLm
-2vuzxj4q+KgeEYURxCt95JoULtMY2c0VifcdweYDO/2sYEhOVi1N+PhPvZxJD6vR
+zmBD5SQHLDBBnVNI9/JQm414yL7o0/NHQzoGLnvCCJYUk8i1IxwFgS5XC9aQrI+H
-CxIuT6K3nRe58b1J/f7TH/dvURIb1mVG8+EDQVqa1bzH3JfytsIVG5VL1hppQlgZ
+0r/OlDjA9zI+n9QpmYPhjAoNnNeUgCg58w==
 Y0G4haMn
 -----END CERTIFICATE-----
--- a/integration/fixtures/https/clientca/ca3.key
+++ b/integration/fixtures/https/clientca/ca3.key
@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA7QH2JSnnDSbU1YL1BhaHFIT96aaYpzH30NafMpmghuNNJFC3
+MIIEpQIBAAKCAQEArrtum7YU8772bC1PwTYoydk7dj0ZKu0JQ/rNnesN/PG7vUmd
-KHH71zbPV1gAVlCl1VFIpAWfUg7yznXCUhzTUosV+XPgS9J8ApmICeQ457PDNVDw
+idz5s0j181MSdogyT6tf/w0derMVwBtu1SR1eF1i0Cm25MCEAn8rAz+S2DpLitM+
-laAp84lX9ly0U+jjG12FCY7X5T5iBJ9TQBISEe8dsg9NQk1FN+QmwbKCrir+n24D
+VrgqjJUEzyAhQyGT0nXWXObU2Y483fvC59iJklKGYje7ezP7cfMJwOO0Ox4NRNY0
-VOyMzhuHoCSIPU6UaOnSVuTOfcstilda+Aay56Ox1WQlLmmfY0qOSpWGESCDuEoq
+5qKWoLjwWvn7gGSrXeeuoJgwTpPe+aZOEi/Hf05jb4UZKvJCd0SGrk4NU5PmXL7x
-qbw1zeZv68aHD982mk3/F46zCkw9pbvsumnIWgN386aqpatvOfYWrDWcQuHN+jsC
+6NjskXBDwM9hgRTvKM8J9chLqcAoq1bHJUGdIshDY190ReRxMSMskF3VNkTWUiOg
-Qo/JGbx5TfBJMh2ZpfHVHmo+OoSZiusNnYddrwIDAQABAoIBAD87j71YkaFro8sX
+DdRTsD8DwB4LLXPPImntwOPGo+JmIDaLAMVtZwIDAQABAoIBAGG+fdhjGgNkHstS
-NmIabo2l8cx9uyqYZUKdkDnCzRZP3Iv80PEEgClqISVvgB+HQsdH+XZxXZFaFaPJ
+6ZuGpXiMqaOx+AM4SAecJCuj0tZdj40KwjLdx10Qgm1UWi6ub557mp69gnEh/xfR
-vT+FG0hhfUphhQ0VqipTZf0lm50N094MqzNwWOD12rcLAr2EW9s4Nz9WkflCjIop
+AMYAuCnV67HQs/vw6afP5YrSpF2K9rk5BFVUfpDXx7HqIlFAVkXUH08m3Yi59bij
-K9/jMlkAj86q0HUJApen0kNJah4nLPnkqKC9BQipGe2goERHA5N8MS/k/ODJrOzI
+3lr9ma+dtIj67ki0QoNy1lDtz+OFNkwOcga+Z5hMphJIBjL0kxO5AFPYdm6D4qBU
-qdD77wE5oov5sIePsGp3zCKNw89qoVTfkH8eYos6lPsAibYfgm5z7LwEtfe0ZizG
+vpryujop5N0nCiN9FMtsGTDSBR4Ytz1gTYnYTc+1cLZ+u3/+x7hMVoEhFzaR0RQN
-myQfAYZx3Orl2eNxAb0c1dw+hNYKfeNAwn6h4J8AKuBHawZMb2ztlTj0ZludrhQC
+1KXJE/1kwlz4kIBpgYcI0+Rh/kfQ1RWXgLej1NOex5d4RB7a2wH/Kg70JdPzwGKk
-VuwAcrkCgYEA9sFsszjoSO8pXDnbaQ8UNGwy+C1t0fcZIOxIebKPcfipGio0R9vr
+kk8rhzECgYEA3CtpwO267FNGqghk0BEp0J07PLvcQjeRR1rCxRYXb/9xMEtW6p7e
-SXEEfRQb+YdIFkQpe4hwAHt1Q75zh8z+oOTq8EHprxAwI9bzgyaEIHtGibvs99XT
+OEaVT9P8yXs4hWExWcQIIUsyK01men97lSbV+5JOT93KZwQpeLUV0QwhE0srZ43M
-iWSPtL274CISiwSL8NzMl/orD6sDhmJqiXhwtf2SDubUJu3gz13CeRsCgYEA9eMM
+dCAQEOIy7yyvW4DnB4AWduRHiSkiS3eHpe393YqoSrYmkp3jzDz90YkCgYEAyysH
-CYiOc4wLxKqyCqe3R86vnBFVauxp9eq9XTLvD+XoGqOksXupP8rE0jx26ILmKiQZ
+gfb175iLtfc0Lkww+TW/khmE8BK8AEy9SktgZ3Ey+jzEkgkrGjLNDg1jjbzC/uZ0
-z99MGJoQicEpo+BW3L9wr6OJQZSrs+NqWCxlmFRJL+p3sw53B4zjgYaimNl5KH4G
+OBQ9QwRbb0iZ/DVOMI6CoK1RBP7ddyV7+Ie/TGyCchBZGshn2/3umiALo3Tzv+Oh
-8pn7XbyRXtqhSBQ2kuNrkVI4SNxdEi1K+PoZ6v0CgYEAkwVcRsy5WftloVW3rTkW
+7fes5Aq19r5zpB7QEdkXc4A297pM9NXvzgnFO28CgYEAm5t3R+r9dK+6vsvl7IRk
-yMVO+R/YNyoLBtrBtAD4BugpmTVcQRR/dBqqmfvJTzuTb/Dc5oW8dg0ZKWvoWhmB
+6FNoHZmsp4Q8gpDsHX1qnTaN2hM1X+deqamBOAVcoU4ceXBi/82j7VwHHkG7DxLw
-/Utn0A71tSDoDfKc1J+2ScQpmxclceUtTMdl+EK0Fi827S2gU7q7DDI6RfOW/hLV
+1k63Z/FUte/McJipcu2ReMk4yzkSeULn4J8Um8ozM4WCfoqRPmTR+7+Fq7RNz8aw
-d2MThNu4krhl32wMboFmxdECgYACwAhZbvKQ7kcPaw1Uuy18mx4xs6vt5zkELBz0
+MZ8OELlCDmPEyVUcPipRPfkCgYEAtNtlH4icfeEp3Z5l0SD6J551HrWg5aWHviyS
-Fua/mcWvzpa/+W8aLI1pAI4f6Z7jZ8X2Ijw6pjZ7I/LwR0kRbP64qC6X0i7dczS0
+BOT8uJjIbIJT6jxHJlc6utuoV7BFVWwI4TMDJflm+7WBfkZliEwUdLxUd0H6G+o+
-ScLVIlQzOf8evJGuPvAoebYF2aDWSBqRyhEaqkpB8lYNdVRq7io81NuWTQipdGI7
+ZYtR+9JMfQWYjIMCEZAHKySDt8qQga09pPzp50axnSkFAIB9cKX0flkQlY4+m2Um
-SKjTjQKBgBNSbDUWS2CAc+fsM/fBvYHKgrigVcKyvWwvb5LRXpWgPQH4LbqhG4uA
+yB9id/kCgYEAn3f8W70IS+IB/B1p4v38FFF6MRLcaio7G1favMw8mZU/k0B4a0yh
-g/mFTB5B1UBg9exN/dX6uegREdRA1/X+jRAzCqXYTFESo0/UrJhJQZ3waFKJ5PZK
+fMHANkv0XQHvpw+KBbikK3hvQF4iaBE62mMaULKaJ/D7npzyJpYrgIkx1dYiqL5O
-WChrSl6Lg5IMF2jYP5W0HwzbPPgRGibyELYBS5gZdAZpHgZToXeT
+KnMLaUmTpvyksSztyaPSytoQCKV03XeIUGGAPq8KpDZOB0oy1arFIL8=
 -----END RSA PRIVATE KEY-----
--- a/integration/fixtures/https/clientca/ca3.srl
+++ b/integration/fixtures/https/clientca/ca3.srl
@ -1 +1 @@
-813218563E2DA0DE
+813218563E2DA0DF
--- a/integration/fixtures/https/clientca/client1.crt
+++ b/integration/fixtures/https/clientca/client1.crt
@ -1,17 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIICszCCAZsCCQCD6B82WZ9D/jANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDEw9j
+MIICszCCAZsCCQCD6B82WZ9EAjANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9j
-YTEuZXhhbXBsZS5jb20wHhcNMTYwNjE4MTMzODQ0WhcNMjYwNjE2MTMzODQ0WjAd
+YTEuZXhhbXBsZS5jb20wHhcNMjIwODA4MTMwMzMwWhcNMzIwODA1MTMwMzMwWjAd
-MRswGQYDVQQDExJjbGllbjEuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+MRswGQYDVQQDDBJjbGllbjEuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQDH75aclHoZkQfmeH3XpapxyF2/K73SpesY8Y8I3B33WnQc
+A4IBDwAwggEKAoIBAQDqLbCPwvQFGcxCDL4Q/ccmd4OsHYkFNuGt6teqGPuFBphx
-vIy5y554pPJMtGH3ZwiN6ifo3TBEs/2WjSOWYwxfXh3utllYArApelSgUrI7SBkw
+7BUdPB3Q8A4SK5pX4m8YbXQeB563Q1PWW3Sx4sDtZA+vmkq5bOaFXnrDULGHAwAX
-0MqVm9NG+X9cCTeWsCf+nldHOCnCARuyBEpLeRDPVlNmfgdNK2ar0KqqEPnN5UV+
+4SiLcqISKOnO/Bu8h2L8LOjL5eGJUKON0zfSP5/NHS0kDG5auiTfsStzWJd99kxj
-k968nAuqSDtRL7Yl7R/uxEq4MglM/ocxOpGIrLTFh1eclPVaQ/dNsEJpkrnYQlFZ
+CZKsSHfxzWwPQRPle6g0UHF2n+ezF2D+dXQorkECsVyAUB5vaN2lX6e6Sb3r0j/C
-aI1sWDzWoqtpAO15PgBBNnkW9EJGrF8dAds64U2jYBZLMKuHwvuERkEgOKEdUrB3
+UaqMrnVKzTQDaQxzi2R2BnRZ22VaA4dDVk9ZCnm4VbFHLjPIroyIbxF7yqhY2E6y
-uu1dWJxS5BCumWM1C3xs6qsLeonWxZ5GXjjWObZNAgMBAAEwDQYJKoZIhvcNAQEF
+GkyxLo4squP1xm85pM/aNbCCejZuuOKOywmOn8TbAgMBAAEwDQYJKoZIhvcNAQEL
-BQADggEBAJKME0zm/0eokmXMCLJhKYgm8hDKOHKRFRZl7vwy9SC9cwhdlhcPEeeP
+BQADggEBAESVbNkdM6p3MJ6Mvf3Wkm3wRXvdEx5RZo1VKqpNDga1MvNqdN5GBMH+
-5M+dXQCtEQWgo7phoJX8nBipZ/Y0lsvDD/I3XucIkUlbOW4rk18L83nBIN4paKzW
+dmzMHuIgFAIuBbpdDqf1qkOTYm8ZuJib6fbUym6KeRY4VfHiYhB12OC4m9szXU7W
-I4CMJ6FQ72thP7L7wC/lzp3+qUCxmcpGjw9pkU3b1pQPkxBfOvfGtRFMG6E5+xj/
+/9/KkNrZ+mufslqpILkeH3gTyV21q5OWw8c2DESTOhRwpTb3n4Wl4H1p5c/2Q4CA
-MtL3owJzpIH2f7vtmIszBPcgFWpvB0Sq0eJ+TwuC1huvcnmP+YZ7Iz0JhsSRw+pU
+2p0wgeF/ccAf50cmWMVL3Itg5IuuTMxfsobk/yukiYzjSfOuyC6QxxrbHYnX4QmT
-yiO9ByItBbGfK8x+DfUwCVsCL7vNscpjvTCgT3x2FNvS+XmiHZmZtpRGJPzvdI0m
+smMwpA3fqbMOE5ix0HiW1oBfMENtKltcJ2VyGAVItVq+/yrOFIjgJwSQGZygeN+G
-Bd615VD5z+SoG/SiemqDGmt2Ank/zcI=
+lCkaLE7P3IOohkZc/Oo7rlaImVQ+wMc=
 -----END CERTIFICATE-----
--- a/integration/fixtures/https/clientca/client1.csr
+++ b/integration/fixtures/https/clientca/client1.csr
@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIICYjCCAUoCAQAwHTEbMBkGA1UEAxMSY2xpZW4xLmV4YW1wbGUuY29tMIIBIjAN
+MIICYjCCAUoCAQAwHTEbMBkGA1UEAwwSY2xpZW4xLmV4YW1wbGUuY29tMIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx++WnJR6GZEH5nh916Wqcchdvyu9
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6i2wj8L0BRnMQgy+EP3HJneDrB2J
-0qXrGPGPCNwd91p0HLyMucueeKTyTLRh92cIjeon6N0wRLP9lo0jlmMMX14d7rZZ
+BTbhrerXqhj7hQaYcewVHTwd0PAOEiuaV+JvGG10Hgeet0NT1lt0seLA7WQPr5pK
-WAKwKXpUoFKyO0gZMNDKlZvTRvl/XAk3lrAn/p5XRzgpwgEbsgRKS3kQz1ZTZn4H
+uWzmhV56w1CxhwMAF+Eoi3KiEijpzvwbvIdi/Czoy+XhiVCjjdM30j+fzR0tJAxu
-TStmq9CqqhD5zeVFfpPevJwLqkg7US+2Je0f7sRKuDIJTP6HMTqRiKy0xYdXnJT1
+Wrok37Erc1iXffZMYwmSrEh38c1sD0ET5XuoNFBxdp/nsxdg/nV0KK5BArFcgFAe
-WkP3TbBCaZK52EJRWWiNbFg81qKraQDteT4AQTZ5FvRCRqxfHQHbOuFNo2AWSzCr
+b2jdpV+nukm969I/wlGqjK51Ss00A2kMc4tkdgZ0WdtlWgOHQ1ZPWQp5uFWxRy4z
-h8L7hEZBIDihHVKwd7rtXVicUuQQrpljNQt8bOqrC3qJ1sWeRl441jm2TQIDAQAB
+yK6MiG8Re8qoWNhOshpMsS6OLKrj9cZvOaTP2jWwgno2brjijssJjp/E2wIDAQAB
-oAAwDQYJKoZIhvcNAQEFBQADggEBAEZ67vahAVydtW6LTXFI0cVY88vqunCWpOzz
+oAAwDQYJKoZIhvcNAQELBQADggEBACOz/5DF2ViRsYPDIaffzBKcnqSDI5Z8k3C4
-UgJAzUnWG84CGDiyezj/llv/Nq3YbEEpBuxp/prOEwrJXAi/+tjx7wCh2iLJDqo2
+TsWukD2PywYErdDFx6lqcIk5u66JK+wEPDHkLgdIqy/NjSbgKwOOpRheOX8QtD4C
-aNRUiAvR/XZgafxq4NUrAze70u7BWR3QX+XSaxmIEEX1z1KJDGTfY6tYpCZNlUr+
+VVK92T0lmFBcITLToxKnaRvX8udLiQQgmGdJ2XHNSkbkOkdRsGJX6iD1s9TcQ4cY
-/Hl6MXwlpWX0WR26zIrjx5u0dEsY4pviN6NxTZRQJxbQO1H1wHr6poVngOhIdErp
+NV2s7M2HlOxyQH4bXcYyeH0YKHep0mdKssh17ppRRQ4kClubderZqulCCAjXvrpV
-h2ZcqvTcASTkIEdKR6R8E2iYklgxIHNLWKaHZ6aBqW7lW17WKNSiGPfPVAtFhUTk
+hM0/qqPBQd6MO0bWccSBUkl0+ZhWCIxaYEEaTKTsAVeoErT+5qufLgpKVGnYsXS0
-tBmgdVreAwMj+AdaweBVt0uBqb/9UKhqNThEnh4kJn1I0pMJzP4=
+hl3KU4E/NcyRl2gUy+T9467r2OdfojW1swxFpj6i2Kf1HKtsxqs=
 -----END CERTIFICATE REQUEST-----
--- a/integration/fixtures/https/clientca/client1.key
+++ b/integration/fixtures/https/clientca/client1.key
@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAx++WnJR6GZEH5nh916Wqcchdvyu90qXrGPGPCNwd91p0HLyM
+MIIEpQIBAAKCAQEA6i2wj8L0BRnMQgy+EP3HJneDrB2JBTbhrerXqhj7hQaYcewV
-ucueeKTyTLRh92cIjeon6N0wRLP9lo0jlmMMX14d7rZZWAKwKXpUoFKyO0gZMNDK
+HTwd0PAOEiuaV+JvGG10Hgeet0NT1lt0seLA7WQPr5pKuWzmhV56w1CxhwMAF+Eo
-lZvTRvl/XAk3lrAn/p5XRzgpwgEbsgRKS3kQz1ZTZn4HTStmq9CqqhD5zeVFfpPe
+i3KiEijpzvwbvIdi/Czoy+XhiVCjjdM30j+fzR0tJAxuWrok37Erc1iXffZMYwmS
-vJwLqkg7US+2Je0f7sRKuDIJTP6HMTqRiKy0xYdXnJT1WkP3TbBCaZK52EJRWWiN
+rEh38c1sD0ET5XuoNFBxdp/nsxdg/nV0KK5BArFcgFAeb2jdpV+nukm969I/wlGq
-bFg81qKraQDteT4AQTZ5FvRCRqxfHQHbOuFNo2AWSzCrh8L7hEZBIDihHVKwd7rt
+jK51Ss00A2kMc4tkdgZ0WdtlWgOHQ1ZPWQp5uFWxRy4zyK6MiG8Re8qoWNhOshpM
-XVicUuQQrpljNQt8bOqrC3qJ1sWeRl441jm2TQIDAQABAoIBAQCtD942uu7VooxM
+sS6OLKrj9cZvOaTP2jWwgno2brjijssJjp/E2wIDAQABAoIBAQCMX8kH1DAcYqN7
-GpATUfsvclhzWdF9vNC7TpyY9q+ZpFpNZYgKaw5JL73sV1dVZ4IoFT9mec+GKKag
+MFI6szVOzLOEV8wL8SME8tJGZ2VWD2cQWxkpBiFFXrDAmZySc+xucyX43k54woYd
-4pqjWikjg7w1HPJJFEqYHKOUAwDz/3yOnKw+xBslnGF5sSDE9sYnx7eUljDPFVZ7
+54KjIy7M3n88nzuNvUbNyZ3DOLrCGL1UkyaPuK6IPjgxWBR0RZ/DVFRT7T/t5QW1
-yOrmWW0Li5W1afG4ApFkt8KCYx9X8E0Mren2nfqoobM2l2LKFcF1Xs+M0iUAOoeN
+fVhn0rXC6WtmwYDhJ9X0tSo7oW5mFTl5PvF8SG5W2AKjmgnub+NsUO+MGVHqoD+l
-ojS/NTvxjZibm92CMblp7x6e51y+oq3TJFoUwFSAj3U26jyubL5sYpJeAeTxyZg6
+Rl2WIkX8tA1ZtHlcr21KoyPq53mRGThwPbhwUmoNeJdSYoQi6iqYQUVl9EufGgcp
-Y+UcEGmCpW5gsZSvRxvNxzCS4bCl9KOZXvyFtcVswHppfTynba6x8hDF7LkfJS7H
+QLZ40/qle2M6Lo9RrBNlDLUWg7zSTCiBgkVNax6gJeUffqIZJ0laz8/KEJVCLLrZ
-z/Ut+e+hAoGBAO2d2M2316eBpwP7x99DQSFpg7E/emdcfdRuHDEonBeJr2X2Fw0a
+xZwW9/6hAoGBAPv3RCF4F76kXuH2gsW95joLp0sV8XEG4GSWAKhQEMA2oYnnKnFO
-O/ZtUxcccovy4wrJcqiZsmjqetRUZ6ymsOaaASsPG21ChegFjm9D6+ZtejHpbuo3
+zy+LxZ8e/nRG9DK59KKwn1luX2s5TNokt+S+7MbRUiCPCULW1yzD/QFLmIA2UOkD
-8HQ//LW7hqoiRQh3ODihfYCTwwxIIuwAdUzoxpM9Yu57Zg7reYuNh48LAoGBANdn
+8b3As29xmBSi7bulwgX0NAVEXT83pq4CY5SmmrIcZ0BvtYItYrIA5X7rAoGBAO3t
-c003ay1cq1fuuDJKENj10UZGotRdBxt+X1A7MhpMAqSaYJ+V2XOXpuMbIiX/qDfF
+hKnh/EZvRQUQsOxpKrD1PKG/WpOoi4DCyaKgS1EDDDFPdBNdB25KSj+rrIldbbde
-M4hcQhJygoCozNzsynztyIjpGtl57AG95igOi2Hah0OOMt/1Z9UwaukIaHHo8Tyk
+2V+wP+ozHrOfxguT4R1xpgTipD/t0tJA0vBX2M0VegI1arCgScxDl08nvpMtEFUK
-sPZYoxBTstZcdsyHnGdU6n90SA9oYLBB89E3AocHAoGBAITR27M6FTCLl2jxn0qc
+H8lCQ5c98IPESKD3l8D4plXEGRPqNnCBad4l1bXRAoGBAKgjL9a5wfaYzywwiMGV
-FFbx3OwB2JDYMXnBxr5vvbimfMWYpk/rnyLi/zQG8bxqmyCXdCDsML7WeqwfNgha
+4E05u5BSe0R2V0UoCBZJH3R0wEU6+kqUUZOjzONLFnfXZVt4VbQ+8ocGLSxrF0q2
-8L0lzotcGW+cZK9KE9D7/WvDPC+UFSyU8jJ45fBLjz2ghEf0JBf7pORvM/K0i9ix
+l/RQJ8bgpdJOQNrWbM5Vlr7HiGN+W22zER0Tu2mRvu9+be/7Q8cfV5twLF1kMJkL
-dN/1qbH5+Ufm8Chc1Yb9KI37AoGAAbxDoYugwWzNtJenxD/0gsr4NKi9Bxj4xa/u
+xRHMP4y9gXUxVkkhKiwohvyzAoGASLbHTZgIHoqRAGxKdeXqKyy3vAMcLnZbNB3T
-9KaFcNDL9KeJv79lURkXrxy42bWFlW1xTNfxcFSb2I2DmQQPXZJM202FedsRm7H7
+u8TbX8XbqxJKOkS7KaTArlbMIysPhfQR4OGflvbKkkDpKM6oBPSftWyCoBsRzDoN
-+LalSNSJ4nFy13sSqxUIx3fZ35EQ4HwzMMjmB2ulNTTpgBxXlj2I5h35tqYQoVrm
+fXCLjJncsOIcWiCSjT+29XUDFD24eRTgBAUhXQ6L++k3/SHOGiajxyBoPaLdwmJ6
-q/jVfGECgYEAkU0L9bp1NPMzXgVJ2Os1VPSzoOywUQfx4NCJhTA1oZR+20JFsQBN
+tW7AspECgYEAhk0jBX8R9cAXXuXs89vkMMFNlDSA+FgeQJrTEh/Rl8Shvfq9dZGB
-b6g0q6xean0xDuXjDRrjPET5V/GPOQ7stAPTLtqN42XPuRcFzSNj7Skh+ALTP5JS
+QrCGMWPJLB/bK6xU5pARkA2arLY+3+fX+OvuOSSk3nV2lf72HHlkd1Lt8nnoTO2
-bNZgBMwxQsbS89bUjRTDlRK/isuNIyUn0Zn7QlEsZEvJw0cNR3wPOc4=
+Wd9Lh6UaZt+sYsOOH35RgIMmAc6Lm1RC0JOamidqfk1LmY/pG03oAJA=
 -----END RSA PRIVATE KEY-----
--- a/integration/fixtures/https/clientca/client2.crt
+++ b/integration/fixtures/https/clientca/client2.crt
@ -1,17 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIICtDCCAZwCCQCerG0FImwiFjANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDEw9j
+MIICtDCCAZwCCQCerG0FImwiFzANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9j
-YTIuZXhhbXBsZS5jb20wHhcNMTYwNjE4MTgxNDUxWhcNMjYwNjE2MTgxNDUxWjAe
+YTIuZXhhbXBsZS5jb20wHhcNMjIwODA4MTMzODE4WhcNMzIwODA1MTMzODE4WjAe
-MRwwGgYDVQQDExNjbGllbnQyLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEF
+MRwwGgYDVQQDDBNjbGllbnQyLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA9LaFxeiG1qpBTUIEl2vxvojOSWR1xkayaGtGsXBuqucf
+AAOCAQ8AMIIBCgKCAQEAtWkvtUsFBD7REZmm8pUK0ZqOdIIpA5PJgqrrLQ6AOSJ9
-wifulsVC7dw+t7lW42pWutIuR98iflAZ9+tFX7TsEITNIyV64ePn9TF935LW2DFm
+Z7RQq7BJv8f520FjswIQH4o9PdGYjm9JLSfiRto6hmwB/51BT9Km+WkdT+UNBGu6
-AFkqYdZcTJ4qOkdsbbiHznlaIDPbMhIZFd9L8NEhrDTHuTtCav3g5B5V4okJfeNh
+uK7dTbN3BUpei+dbzGxdmBagufQrlK9fkjIF80ZZXmE0c5weLUrhW+E0CPiFeJeH
-iSpKm3WLHP6lFwG1RISLhHTCeIMFxer49iHiQ+A33TV2l0bQGcv4e1+OoRsXGKGs
+oyJf9QcLu2GVmS0Yf3izsBhb0c6JxVG9ZDYiM+EspJZOf5ziSB5D4eEBwvYOzU7l
-3oY6RJZ0GqzjeYqoybsLGBvZPPd2e8nH3RZac66XHMexsHHTV7L2tpWZm+JunMRg
+SwJBdfSYd91oLy2BSvgCgaSRJroANhD+PwBN8Jop7KIQ/bFgg7J/JFfZEWnh3GIC
-hMXONc0b3V9mbUdrjHY/aGDPADEevZA4LLztGUc3VQIDAQABMA0GCSqGSIb3DQEB
+OZsFUbfy+bk66HReoWdr7+0FsWUL7z7YFRuykJFPtQIDAQABMA0GCSqGSIb3DQEB
-BQUAA4IBAQCFo6IXUznH/iSuJtWrMtMkJTEg7o2qKRDgFApzw1J2URdvyYery15w
+CwUAA4IBAQBHutUEmIdT2ZoLYs+S9eXYQlOe8R2ayPBnQTr+Hbb7YRSIeSAJUU/y
-6FddKFvkYhNLFl9Nb3Z8HLxruZrrItqwjR2kIG9lW00uxnwIcgwTibmwDQL5nr7m
+eY3GsPJp3nYa0gWMap6yb2n6pAdLXwqq75rnu82ktf1Y0dx3LBO7VOZ1LwIsn/QH
-1cWzelhY/TVwBpLXRMg1YOXU8NRkT1VjkTUCpyIETI8b+wed67MkrofOadaY+FUL
+bDuH0RdWTGRkS0Bgnd/sSzalxMwHHl23rc0OQVtM4moxeOGs6UxgSZPpTc6nr7sr
-gk1F3yDKz35UYIKnlxKwvrdySE8WFza0PmiXQDtTG1moTpe1BDEK1b60vhfudMBK
+D8wbIMLZjcIiyT+bQ94gVA2d90k50VuG78F0BOJ6DVbpfZQM33tDdiLuxWaR3vAg
-9vhE8kTooF01+su9gLUcrjVknI9H5PHtXID7FDiZ/disIAaWqSQLuvg/Kvb/cAFd
+dLZs0oscCGuIDUqW2vJ7jCzWqTOybsWLIzjSeOBQjOWKtofFgCt9JaccaAHeNVqC
-PwTKgnJQVcTKXkz2leJ6fsvzYwlANob1
+6PYAQLes0qApVjAf0X0lcNrac9rUZame
 -----END CERTIFICATE-----
--- a/integration/fixtures/https/clientca/client2.csr
+++ b/integration/fixtures/https/clientca/client2.csr
@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIICYzCCAUsCAQAwHjEcMBoGA1UEAxMTY2xpZW50Mi5leGFtcGxlLmNvbTCCASIw
+MIICYzCCAUsCAQAwHjEcMBoGA1UEAwwTY2xpZW50Mi5leGFtcGxlLmNvbTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPS2hcXohtaqQU1CBJdr8b6Izklk
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALVpL7VLBQQ+0RGZpvKVCtGajnSC
-dcZGsmhrRrFwbqrnH8In7pbFQu3cPre5VuNqVrrSLkffIn5QGffrRV+07BCEzSMl
+KQOTyYKq6y0OgDkifWe0UKuwSb/H+dtBY7MCEB+KPT3RmI5vSS0n4kbaOoZsAf+d
-euHj5/Uxfd+S1tgxZgBZKmHWXEyeKjpHbG24h855WiAz2zISGRXfS/DRIaw0x7k7
+QU/SpvlpHU/lDQRruriu3U2zdwVKXovnW8xsXZgWoLn0K5SvX5IyBfNGWV5hNHOc
-Qmr94OQeVeKJCX3jYYkqSpt1ixz+pRcBtUSEi4R0wniDBcXq+PYh4kPgN901dpdG
+Hi1K4VvhNAj4hXiXh6MiX/UHC7thlZktGH94s7AYW9HOicVRvWQ2IjPhLKSWTn+c
-0BnL+HtfjqEbFxihrN6GOkSWdBqs43mKqMm7Cxgb2Tz3dnvJx90WWnOulxzHsbBx
+4kgeQ+HhAcL2Ds1O5UsCQXX0mHfdaC8tgUr4AoGkkSa6ADYQ/j8ATfCaKeyiEP2x
-01ey9raVmZvibpzEYITFzjXNG91fZm1Ha4x2P2hgzwAxHr2QOCy87RlHN1UCAwEA
+YIOyfyRX2RFp4dxiAjmbBVG38vm5Ouh0XqFna+/tBbFlC+8+2BUbspCRT7UCAwEA
-AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQDHvJVKkKIqCWrJ9sZWQEYBaki76woJMjFW
+AaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCQQiJafbDXvE99jRB61vHVKYvyznpVAbKh
-Ihyd12mzNfUW25hqfk7stablqu+CM/DhwOqLkxQleGAlp0BFo1wBOUDOgfrH5NVS
+OJB5dXmfGfMmWMDN3Ci6w3+eLLHmz4Fg2s2vXzR0zKb5G1r+1Pj3a54shryrkAGV
-9lAl7L/roEyRGH6V5/Hsbwi8zDsGOzWCuZk/gNGIZpB1c3TRXBUHsdqpz9FReDZf
+pFc2pneNJdYS6OpQZiv4i/ibPlXX4sYQwrxymkwdiAYekXQO5GxhKvZtRC+T4Sn
-0HRD/7CH8hl96ZQTqhHE6+ysHzBB/4CuqbXVtTEhH52FdzCOpt5X0D6Pl/3lNlVd
+lEx8XODGioHIk0858/zACT1uhwYLuK3LS27DlLXKOEhJ/SBudmUrpq1Xjx6nM6A7
-gMHAssoEa5E00XtjeJdxXuIKYbGLgldj6v+hHFX7k9UNveAXgYBbGtUQ9gA+uEf/
+T/4lxsWeqb5RTmcMIoFs+bwMMuwASP67itzRz2GAimbgxzW//gp9ZViO94Lwz5uS
-qosVPEyvULj3aCJ8BSBulzPlhl9rNa/8Q1qUmzyCj28j3E4I22Oo
+4/d1LsX8pWdp2PR5H0JHpI+vHmEazXGzNmpFJIPOY/3uQuicv+lB
 -----END CERTIFICATE REQUEST-----
--- a/integration/fixtures/https/clientca/client2.key
+++ b/integration/fixtures/https/clientca/client2.key
@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA9LaFxeiG1qpBTUIEl2vxvojOSWR1xkayaGtGsXBuqucfwifu
+MIIEpQIBAAKCAQEAtWkvtUsFBD7REZmm8pUK0ZqOdIIpA5PJgqrrLQ6AOSJ9Z7RQ
-lsVC7dw+t7lW42pWutIuR98iflAZ9+tFX7TsEITNIyV64ePn9TF935LW2DFmAFkq
+q7BJv8f520FjswIQH4o9PdGYjm9JLSfiRto6hmwB/51BT9Km+WkdT+UNBGu6uK7d
-YdZcTJ4qOkdsbbiHznlaIDPbMhIZFd9L8NEhrDTHuTtCav3g5B5V4okJfeNhiSpK
+TbN3BUpei+dbzGxdmBagufQrlK9fkjIF80ZZXmE0c5weLUrhW+E0CPiFeJeHoyJf
-m3WLHP6lFwG1RISLhHTCeIMFxer49iHiQ+A33TV2l0bQGcv4e1+OoRsXGKGs3oY6
+9QcLu2GVmS0Yf3izsBhb0c6JxVG9ZDYiM+EspJZOf5ziSB5D4eEBwvYOzU7lSwJB
-RJZ0GqzjeYqoybsLGBvZPPd2e8nH3RZac66XHMexsHHTV7L2tpWZm+JunMRghMXO
+dfSYd91oLy2BSvgCgaSRJroANhD+PwBN8Jop7KIQ/bFgg7J/JFfZEWnh3GICOZsF
-Nc0b3V9mbUdrjHY/aGDPADEevZA4LLztGUc3VQIDAQABAoIBAQDRxjVetjoAgup/
+Ubfy+bk66HReoWdr7+0FsWUL7z7YFRuykJFPtQIDAQABAoIBABSnw1zbC9kt5dQh
-w/wToeEVqEjN+WRMmAYQJQXwzaTQtFgxI/IPJQJ+zLKm5CZrxJichdhOnCUBisD4
+MJcSTUcMWAgAAfd8TkdoepqIuiTHPoweRckmq18Av/ws99Mb+wX8UXjGcp5VIXnY
-GaLarElAz9baLiLsyWXqdoakxUePBKmf2s/OFugAdgVU+C0m0Wz5vmVX/ZwFjCYc
+vrTeiCdiCOA34YXbMFPZmhLMu6yzL3Fzx5LfSj/59cXsM9GUzRtSCD7kBEpLpZAZ
-7dI3mc73xDcBvp7tAL1sT+Tn0PlmA3xURssiqC0J+4EtYzfHl1MvcQuU8JsVQjO3
+zf+jFO3gF37KWc1CZ2J0w935ngja1ti7sxewh04e9e8kIcyZVYUPBLEJSBSGkg/M
-GvGWMr9EBO3oPa6yx3oWD4dn7xHLcCkuSJ6arIvASEaTyPg0Iu7roPrC7AXA+oGq
+boEYXpHkpF2kHvGIZ5Uj/di4B5LpE6kEneWDG2aih0FrnW9t7FWaRXpovSUJ9PR8
-+fbzJMqYZW6pMb8HZmxMt7X/srEq1kiyMYFy5fr+aun/vQ6596xjfFroEENJQY96
+XfmjhvVlBcivNkc/75TlpIUcOrIYaf+PuxqCVOxr/UXOfYVRXa+QZNzXlb5KhMWA
-+jir0biBAoGBAPutA9/2yo/fchRWLgpsWZ1SLXRWewFYqxlA7DluYXvqciYCXuKe
+jbb5R8ECgYEA5E7zsC1jVwT2gTmGbgPaow24Ul5i625H8twipYO6X38Lo/ZHyOEE
-S/+gLqHklHsc8YUwbEgW2oI9GPJ3iQps6XVNBaF9GvGjSrA+R6Ha3IT9ZUgvN4/d
+sSHc/RJG+ioJCHeONlHCqC76+mMBWC05zqpAv2eFpoz7RrzV+koIWOX9B0+7qRrD
-WOYiNRw5+eZ5PfxTufNK6EwXNwKR/siGEnWJ8AH0oNibTVzJHvMYSP2ZAoGBAPjq
+9Wtqme6rJrsQ98AC9WvICrH6RAi4vc8eh5N0MgxUE5ScmlK2Qa+CUlkCgYEAy2oN
-4a9MV6X7eShKHJtkqp33WWQWa3bidlmthhxjhPFlVnjJDj70oKGT5b/YcEFGBxPN
+NXYjgBAoHDEyZqq3cr1A5QPJK44LavBr66dWxjUk5vnX26lnV/aUJKPbdsro3uGU
-JvTFJplQe0kLaeC49fPaEefARJe+HuCfUc1C73/q2o0pzvWf6Ut+W8ZZLKSC7aHH
+DhZega/yE6PdtIEv5477JTonZb6F+FVzum9IlaSYcOKwqEyEozfjzD/hY0rtaOOc
-ZFAiZeMzzbCiqAbAAQFIgDp6m2U9mRYPTxKskoUdAoGBAMPEJzl1XMdhBfnvt0yA
+xg+a+3dmzjFSzwFkcMhmSUajPFrmM5qN80M2JL0CgYEAofHa63IWkAhGLn22fF0h
-T4ziOV0/T9sSP7UbHSTnSYj8KuKKAYjBnVgwH1Xq2dyR/QSfT/sbW8jnAZrJhJ3J
+fh1iTJMFCcjNIljB/rPExK5ifGhanQP4BwllLuIDFLoydB4R8zflotTIVElcD8bs
-bifCS9j72ZOQcy54o3uxJMuF19y4bb3IbbhFb46PQmYWdTLrZb9ryxo1DKNBMTCF
+xUqA6QQuimhgaNnT0lknOJ/S7pfBHn+M1o3eLNhd8PgqXgKGVr2gRO3f/thM6t56
-qaIoM7sxsFQNKbY884ggodYxAoGBAIbKopXL0HbIe65um5kmZSIPjK+fWGhTb+VW
+4mJWvpV+IfF9b/4Rp+AtyekCgYEApLKGZV31GnB6eXEf9N6O0BkJ3SO2k0xcVEa7
-CxaaaaZSywWzUmyTCd0VesdtjDQ8mJ6HbH4FuMYzB9/hN1+CqWV4hFOsETjeslfO
+qr7/1FYdPeLW8qTz5tXgVtZREJrz99o/bTSRaoHSCDLqhIcBCYTMNfUjBw8/G7Xc
-znxJr+nkIp9osXLfOnUwIsCBD6SyZb5CfDbMucHUDqGFI1osZR7txMpmFHo5ZgnF
+kPwfkgIF54i0LmBeGGVdTPf//swg84cvXXIvMyIXHCX1fWQMNgEcSIIoEusqbmfa
-Fnu1Sc6dAoGAbgA9Cf6y8JGwr4/zGPDtaemBTLYMD8m/emdqGPgR7yVWXP/jTMqi
+PTeTNCUCgYEAtV5mnYQZJ354B1BpeexmlPk392V13nvhY2V/cU+82Ze0YTYBFU2+
-o1EEWtpehALZMVZOsmSg7C/1J+nlHbuxPKsjjYK+V7aGsqXGx95lPyemd2cGcJN4
+gXFKL8LmZvnheAET9TKFXCXZueF+0fcEcn8fJ52DXJf72Mlt6aDfdAT+zqxjBLRR
-fgoCyCahp2BnVCp7Gm3B/AzeZlH7n23qvbkJOsKGuocDycR9TIud+fk=
+G3wSPVd5NRDt8njlL3yXa3Cy3JWGzzJi2S5LpCTSMSaLICoc97klw5I=
 -----END RSA PRIVATE KEY-----
--- a/integration/fixtures/https/clientca/client3.crt
+++ b/integration/fixtures/https/clientca/client3.crt
@ -1,17 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIICtDCCAZwCCQCBMhhWPi2g3jANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDEw9j
+MIICtDCCAZwCCQCBMhhWPi2g3zANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9j
-YTMuZXhhbXBsZS5jb20wHhcNMTYwNjE4MTgxNTAwWhcNMjYwNjE2MTgxNTAwWjAe
+YTMuZXhhbXBsZS5jb20wHhcNMjIwODA4MTMzODI0WhcNMzIwODA1MTMzODI0WjAe
-MRwwGgYDVQQDExNjbGllbnQzLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEF
+MRwwGgYDVQQDDBNjbGllbnQzLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAyW1BnimfqeE2TFVCVaFSOnKucZMezOUs5CiNAECbgBPU
+AAOCAQ8AMIIBCgKCAQEAu95ub4QVJeMim1kmwWf6dECWckHG+DYnShnUO7N/p5OX
-ehAYNZCpKlD0ejZjc8/x2m0fnfHnmRdmCDprpI1gZV/dUMQCgmsq83pccnk3qFyn
+4efN62hocvbdYHtyFjkNdS4oWRdW8SsL1CjsuuudBfNhkxP27GbVxXlvuXKKsvhs
-tdDTo0vxTKZhusihipKmVEpvtQP0hMH2De7QjwOpjxnIZwFH8anLr8EyUFNyF8fK
+WG/ADt4/C276mgTub6kJRI2CLSqjUUGX7aVbDrSMlBj/HGBvBu1NIdQEEeXf6VHK
-k5emkMh8Xe5ppOTof36v9N/WPBW2/gxM9aj0l47CUSXjAUD8Fy8DeRtq/COywlnG
+imC7h4k7BQ0QDGyoSv+FZOQrsYFS90fjU+S59sZA6JSA79WvXAYUB2JZhP5FDX3e
-DK25tnrQcX4RBwU9s8pHrXVrvmgLUEc3pWuxrwGJzQ/iY8l1mDDmhqjmcg1uGYOe
+rIXun3Zk37WsD2MQBxEwKrHRZl6FXDyuNbHN+nlup9PV9+LOe5v4qRKZg9yQHBrV
-hs/Olnx7pttUbd36mNXSSkjPeTabgpZDFtljMcTJwwIDAQABMA0GCSqGSIb3DQEB
+vB+tstE2bbgyfWpUaRuvJ7Raii/xckSi9FBrK+aj3QIDAQABMA0GCSqGSIb3DQEB
-BQUAA4IBAQBUSxHFcGKaTBBj9peCgzr+buhPQ7F72uNe0uYZhcCn91KXECiFM+rh
+CwUAA4IBAQA8ZLQtKWIMCLHOGQw+CajTm6ZkuzYpsRhvOB7ikLy2lmfXO3et7cBt
-W13qcfsHDM/PPWN+TXHKzTxCHYv3fGkcAR/bUD206dXbO/T1Oc8UTciJFWXCxMK9
+1gukIk4AmfBskyxvD5v9pbxjxP6mYGYHG8Unitlxv+k0+QPw73loZbCeWIVTAR2k
-zKlZgn48TcAIEhJodVcqWXr8hZ5Grxw4wB2DnTUTr5FuFS/f4gtlflPJzirxZGe8
+6/8TPGPE0nztLzyew5Z/swu2SSXNcqrsSde/h1jh+rVx06C4xZnENzX/wtz/h3dp
-LPZb7QZ+LHxGK39QVY/g9LJxlWzbCytPBR0enb8ijjVj2+Sc+NntvQHqXedNFIql
+XB9Wqb5oTSkZB/5GGMmZTFYwZwLwr92LArC9fvdzeF9OsG5Eo3s4xuRuA/gGc+ea
-ns6X98nQtwFn9/MgLGbqOYNN36b15HddyDRgfZ6zMO3Aeve7GM5GqnpqhyprN91t
+FKMikJmQOHBEbNo795NX8AL3jWCW+tgePwtYB9xr7UGqjT3HfT1eHdETM56mByOK
-gVaVUIxZCUNmcmtWu+a1QtK/MgLIpX4I
+w+RDYChOK2wlf4iA4cFYFCm7M30hcVuw
 -----END CERTIFICATE-----
--- a/integration/fixtures/https/clientca/client3.csr
+++ b/integration/fixtures/https/clientca/client3.csr
@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIICYzCCAUsCAQAwHjEcMBoGA1UEAxMTY2xpZW50My5leGFtcGxlLmNvbTCCASIw
+MIICYzCCAUsCAQAwHjEcMBoGA1UEAwwTY2xpZW50My5leGFtcGxlLmNvbTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMltQZ4pn6nhNkxVQlWhUjpyrnGT
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALvebm+EFSXjIptZJsFn+nRAlnJB
-HszlLOQojQBAm4AT1HoQGDWQqSpQ9Ho2Y3PP8dptH53x55kXZgg6a6SNYGVf3VDE
+xvg2J0oZ1Duzf6eTl+HnzetoaHL23WB7chY5DXUuKFkXVvErC9Qo7LrrnQXzYZMT
-AoJrKvN6XHJ5N6hcp7XQ06NL8UymYbrIoYqSplRKb7UD9ITB9g3u0I8DqY8ZyGcB
+9uxm1cV5b7lyirL4bFhvwA7ePwtu+poE7m+pCUSNgi0qo1FBl+2lWw60jJQY/xxg
-R/Gpy6/BMlBTchfHypOXppDIfF3uaaTk6H9+r/Tf1jwVtv4MTPWo9JeOwlEl4wFA
+bwbtTSHUBBHl3+lRyopgu4eJOwUNEAxsqEr/hWTkK7GBUvdH41PkufbGQOiUgO/V
-/BcvA3kbavwjssJZxgytubZ60HF+EQcFPbPKR611a75oC1BHN6Vrsa8Bic0P4mPJ
+r1wGFAdiWYT+RQ193qyF7p92ZN+1rA9jEAcRMCqx0WZehVw8rjWxzfp5bqfT1ffi
-dZgw5oao5nINbhmDnobPzpZ8e6bbVG3d+pjV0kpIz3k2m4KWQxbZYzHEycMCAwEA
+znub+KkSmYPckBwa1bwfrbLRNm24Mn1qVGkbrye0Woov8XJEovRQayvmo90CAwEA
-AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQB3ApcHgGHXXYqkNHDp3xaXBrsYNnGSoqQq
+AaAAMA0GCSqGSIb3DQEBCwUAA4IBAQA3hpWyHbGn+3r2hdD82pi8sJmZWrvk2a2k
-PoFqNh2SVVh9D25hcfTrCXbv8Ng+rTEZqb4BMrSPxl5vNRQL78M70NMNE1bXcdW3
+1ZriGvHJiZG0lDZfBM/jTNKbIZFyypx4AaMTUJLOmC/Q+pr+WGAmisBt1Fz3v2gw
-XWSh7vLxCAmHx7DKNxQI/96o5lG6FFkmZNYZ4CllqXaW0hV3CTuy4ixGwz4JJ6vI
+pR+Hxt2//lST8wou751m/DS4dbTYIFokCrcQCQ9uaOQ5uYKUOD2A25wRbhl7Hz8T
-caS4OEMB/r+kEm0jReGjalS/KWk61+bZnHWKAkvpPxIFKp8YMi84I+GlE1YfbXiC
+zE18VWHcXSOb02nNRwhsCSLygYoBr5UNGRl7nNWOVIJVFdO125HbCiTDGaTiA9Ng
-kYtwCFmEd5T6Ztz/f/DtCF0JuH+S/2+R+7APD1RbaU8lCMDA292zlVP2mro2WRnZ
+BsbwfvehkiqceeT67QNvnWOiGMCbNjidx/0716YXb6FV1KKGtw96zhy99QTvQn1Q
-GAbynaqxaPQIn+2LBD5ytRx9aHALj58vq/PVpUUKb20RwIf74+t1
+NQ913ch0EJ5JIuCifIquNkRBLlBayrZxN7IU+TKMwlt5uFn5PG0r
 -----END CERTIFICATE REQUEST-----
--- a/integration/fixtures/https/clientca/client3.key
+++ b/integration/fixtures/https/clientca/client3.key
@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAyW1BnimfqeE2TFVCVaFSOnKucZMezOUs5CiNAECbgBPUehAY
+MIIEpAIBAAKCAQEAu95ub4QVJeMim1kmwWf6dECWckHG+DYnShnUO7N/p5OX4efN
-NZCpKlD0ejZjc8/x2m0fnfHnmRdmCDprpI1gZV/dUMQCgmsq83pccnk3qFyntdDT
+62hocvbdYHtyFjkNdS4oWRdW8SsL1CjsuuudBfNhkxP27GbVxXlvuXKKsvhsWG/A
-o0vxTKZhusihipKmVEpvtQP0hMH2De7QjwOpjxnIZwFH8anLr8EyUFNyF8fKk5em
+Dt4/C276mgTub6kJRI2CLSqjUUGX7aVbDrSMlBj/HGBvBu1NIdQEEeXf6VHKimC7
-kMh8Xe5ppOTof36v9N/WPBW2/gxM9aj0l47CUSXjAUD8Fy8DeRtq/COywlnGDK25
+h4k7BQ0QDGyoSv+FZOQrsYFS90fjU+S59sZA6JSA79WvXAYUB2JZhP5FDX3erIXu
-tnrQcX4RBwU9s8pHrXVrvmgLUEc3pWuxrwGJzQ/iY8l1mDDmhqjmcg1uGYOehs/O
+n3Zk37WsD2MQBxEwKrHRZl6FXDyuNbHN+nlup9PV9+LOe5v4qRKZg9yQHBrVvB+t
-lnx7pttUbd36mNXSSkjPeTabgpZDFtljMcTJwwIDAQABAoIBAFYbTqG+SXLlw8B9
+stE2bbgyfWpUaRuvJ7Raii/xckSi9FBrK+aj3QIDAQABAoIBAHjyqoaAslzB7fW1
-8g2JGQ3DWK9UpSYSEk62xxAEjnUCBSLpHnBHlwlv8hMMjRdFHa6yV4G9l7PqPMPn
+X44EMunE6xaD4mTJ+GFsX4ZP+U8ZZh657Ygwn43kAIGs97X25QMbxD4XGJIK9IKS
-tXxys3KiuIl+QVRfW80Z0ctd5l0ivs8Kpm54WH7b4YtnmScT6ea+q2JGfpECGZ17
+FlYAegbquVbG86EeU2He3F63rzOpW5dT2oG38z6ZJB0kL50TZjQMJlKNsLcPU5Bb
-Kcz5U9LIwtLFyWuVmm1XuZp9EZj4HI7XgaktPom2f97k7oyQgKvgHVMUU+KYjS0X
+dFPzSM3Pie3q54++FnpA1J3xMEY0l4a1JtDL7biZvXk5S/2VeBYVKq62561gNwXv
-KTTf+PkSR/laV9TXNTRlFOwblh8tjrb/CohR/REQ5yTM04oRHhD+TkIV2qIUuM5Z
+I1Hv5yhnqOucBQHlWS1zff9vALOhIFKrUJpcA46Cjtm/vTzmCytwi5JCZ0PLtMi9
-P2hmIrMGhoJt01eJlZz73vXBBFAd/rzEIuKBroEG+culxje56qBbMKvfhmVJNuMz
+WBdOt/wH5v9AhHzid+zT+TWPUcrokft9SVEX0j4cHHUufxD7Nw8Q//RvLCwb4ypQ
-6AvkPYECgYEA+yXVRcU7Zqz7rqq7Mw3s3yC6LzE5SNO1hRl9J2N4ldHf4bUeHEuh
+Ot9rhgECgYEA4TrRDoamVwEcOYfXbLJC6XEzhrjpF3+YHZp8d4177J5Vz94QRxLJ
-ztW8Q7XiiftLcCGJPc3QxWRWwC8omhwefJzEmmVgpDeTMVjI/nNpgdgKSQfM77LX
+wlxcBFikuM1dN8kV8cGUzUMRvSZbm2LEuOQW3XsDHeFuaNCwBjx3BLCxHdi1OuHb
-jZtH8q5JH4cMvJbFMV3JN24LSTrctryt+p/Jps3x0FzbgNGEDik7/y0CgYEAzVGB
+JmlkJlIMo2u+IrMCD994pCEGAWUmFHMbiMHwU/ezzdj3ffVEBjo5NoUCgYEA1Yj0
-UESd09YvBjjW+1CJXHwgTh9Qc4L4VhAt7+O83SxGJEeVMYeTi/YHM2X5ytFBq/1w
+p28OMoaQsR/F1pd3Qnib9jQYVtFwD6ly4c9mItNtFn+J5MFbm9H5WgJt7w/eIMxD
-M+j9CWpNi7XoHOCVWZfQjOvsrX5R0s7iBrL9ikkmaEy95VEgywsXTaoJE37/l5GR
+BRWHUgnqVQ+UFQnTESN9AnbfkcTcGfkKgyzuOb+bRjQaCnE6h8rrSFMPFDxJ4nus
-j9s8P6o3KeCyce++2Qi+dHvAUEspLS1nW8KvAq8CgYAKwrw4mRLKe27tNPOAZIBZ
+ruvme3MmVRqHsdbGiGLN7wu+PzK8ZxH1WtmQE3kCgYEAw4GCptFK4oscLPQ1kyzJ
-rxVLIFjL/gYxBb6PCXwJL0zgZto7bCIqso22ePyT3OiGjWlL9J2VV48//MVIlRvZ
+2EljKLap3rPrHwdSs5Qk1ig65M0l5AvzBruVRFCN67yYBiyO1+PpfqORalc5fZAm
-Sv5Bf0Z8wsTTwHIcNOW4YoFOT79AJfGGZ7jVdRI8/5RUIEGis9oDPfvNz2/VhJAP
+ozeagXaeJfnhFSrRIRirV27oz7ek2Q/kY1toi7r9LX4A9a3dRFn/JrljtSJQA8BH
-xPjm5LwPqWreQhveX3XqoQKBgQC86JANVYTNotTTabrLspcf5AkpOACit09ciDhr
+TlbKfpitgymq67NS8PTpZOECgYBwAU6TJKWFyx/KSKg1T2226Bymn9zEbUcib/da
-7uMXsKO8v6wSzUZBUZXggaQqKwy8fUweRvGCFy/QKwesgiqIK3m0H2I9YutQBg/K
+irdAPTZTPsLNwr6SlSj+FZgkdWZGPd5JpGk+lwTbaTh7cJPNwZeo20GZ7HCnDwJ8
-0CcddB6Feo6CDnoYt1SynY8KRCBQyZvfe3zcqvVkb5xf3pF/SV9K943DktQJACyI
+m+y5Tc/cmyetoobZA482eJrIOndm3QhPGF3lExlgOnJCzi2FDI6IfNhlve8lAT55
-LgEuewKBgF48AjNyi7zMgH0h5rsVimtjS7p8PhwZXyN70B/poykR3sxhCnChuNmt
+UPVJwQKBgQCvs9KQxBJBm/+LssLesrCBXJ9ww/Af2BxB1tHD8qUOBB0x/H1KpGex
-47MNOQrNgXCQivrZk1uh4v/itoVCDX/GYz+bqHh8MihALuSX3eRnVPk8oDjoM1lN
+2/pJaUPnHec+Ig5k7jMDyR+AOy68ycUPCRldjQ8Ym1ErB9frOSufm7XFSca335Wa
-Hks5wU7RK8gy14DPtTxfr0ca65v7kzu3nY1UwdFuTjcDwIv8EdGj
+R1hYHsh22gwoUdqAZVgWzo1Y9hq38l3r6sRZFr+2v5QRVE+DE+vSzg==
 -----END RSA PRIVATE KEY-----
--- a/integration/fixtures/k8s/01-traefik-crd.yml
+++ b/integration/fixtures/k8s/01-traefik-crd.yml
@ -1783,9 +1783,10 @@ spec:
                  VersionTLS13. Default: VersionTLS10.'
                type: string
              preferServerCipherSuites:
-                description: PreferServerCipherSuites defines whether the server chooses
+                description: 'PreferServerCipherSuites defines whether the server
-                  a cipher suite among his own instead of among the client's. It is
+                  chooses a cipher suite among his own instead of among the client''s.
-                  enabled automatically when minVersion or maxVersion are set.
+                  It is enabled automatically when minVersion or maxVersion is set.
                  Deprecated: https://github.com/golang/go/issues/45430'
                type: boolean
              sniStrict:
                description: SniStrict defines whether Traefik allows connections
--- a/integration/fixtures/tcp/multi-tls-options.toml
+++ b/integration/fixtures/tcp/multi-tls-options.toml
@ -41,7 +41,7 @@
 [tls.options]
  [tls.options.foo]
-    minVersion = "VersionTLS11"
+    minVersion = "VersionTLS12"
  [tls.options.bar]
-    minVersion = "VersionTLS12"
+    minVersion = "VersionTLS13"
--- a/integration/https_test.go
+++ b/integration/https_test.go
@ -142,7 +142,7 @@ func (s *HTTPSSuite) TestWithTLSOptions(c *check.C) {
 	tr1 := &http.Transport{
 		TLSClientConfig: &tls.Config{
 			InsecureSkipVerify: true,
-			MaxVersion:         tls.VersionTLS11,
+			MaxVersion:         tls.VersionTLS12,
 			ServerName:         "snitest.com",
 		},
 	}
@ -194,7 +194,7 @@ func (s *HTTPSSuite) TestWithTLSOptions(c *check.C) {
 	}
 	_, err = client.Do(req)
 	c.Assert(err, checker.NotNil)
-	c.Assert(err.Error(), checker.Contains, "protocol version not supported")
+	c.Assert(err.Error(), checker.Contains, "tls: no supported versions satisfy MinVersion and MaxVersion")
 	//	with unknown tls option
 	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("unknown TLS options: unknown@file"))
@ -262,7 +262,7 @@ func (s *HTTPSSuite) TestWithConflictingTLSOptions(c *check.C) {
 	}
 	_, err = client.Do(req)
 	c.Assert(err, checker.NotNil)
-	c.Assert(err.Error(), checker.Contains, "protocol version not supported")
+	c.Assert(err.Error(), checker.Contains, "tls: no supported versions satisfy MinVersion and MaxVersion")
 	// with unknown tls option
 	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains(fmt.Sprintf("found different TLS options for routers on the same host %v, so using the default TLS options instead", tr4.TLSClientConfig.ServerName)))
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@ -8,7 +8,6 @@ import (
 	"flag"
 	"fmt"
 	"io/fs"
 	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@ -349,7 +348,7 @@ type tailscaleNotSuite struct{ BaseSuite }
 // TODO(mpl): we could maybe even move this setup to the Makefile, to start it
 // and let it run (forever, or until voluntarily stopped).
 func setupVPN(c *check.C, keyFile string) *tailscaleNotSuite {
-	data, err := ioutil.ReadFile(keyFile)
+	data, err := os.ReadFile(keyFile)
 	if err != nil {
 		if !errors.Is(err, fs.ErrNotExist) {
 			log.Fatal(err)
--- a/integration/keepalive_test.go
+++ b/integration/keepalive_test.go
@ -77,7 +77,7 @@ func (s *KeepAliveSuite) TestShouldRespectConfiguredBackendHttpKeepAliveTime(c *
 	}()
 	server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.WriteHeader(200)
+		w.WriteHeader(http.StatusOK)
 	}))
 	server.Config.ConnState = func(conn net.Conn, state http.ConnState) {
--- a/integration/tcp_test.go
+++ b/integration/tcp_test.go
@ -102,18 +102,18 @@ func (s *TCPSuite) TestTLSOptions(c *check.C) {
 	err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 5*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains("HostSNI(`whoami-c.test`)"))
 	c.Assert(err, checker.IsNil)
-	// Check that we can use a client tls version <= 1.1 with hostSNI 'whoami-c.test'
+	// Check that we can use a client tls version <= 1.2 with hostSNI 'whoami-c.test'
-	out, err := guessWhoTLSMaxVersion("127.0.0.1:8093", "whoami-c.test", true, tls.VersionTLS11)
+	out, err := guessWhoTLSMaxVersion("127.0.0.1:8093", "whoami-c.test", true, tls.VersionTLS12)
 	c.Assert(err, checker.IsNil)
 	c.Assert(out, checker.Contains, "whoami-no-cert")
-	// Check that we can use a client tls version <= 1.2 with hostSNI 'whoami-d.test'
+	// Check that we can use a client tls version <= 1.3 with hostSNI 'whoami-d.test'
-	out, err = guessWhoTLSMaxVersion("127.0.0.1:8093", "whoami-d.test", true, tls.VersionTLS12)
+	out, err = guessWhoTLSMaxVersion("127.0.0.1:8093", "whoami-d.test", true, tls.VersionTLS13)
 	c.Assert(err, checker.IsNil)
 	c.Assert(out, checker.Contains, "whoami-no-cert")
-	// Check that we cannot use a client tls version <= 1.1 with hostSNI 'whoami-d.test'
+	// Check that we cannot use a client tls version <= 1.2 with hostSNI 'whoami-d.test'
-	_, err = guessWhoTLSMaxVersion("127.0.0.1:8093", "whoami-d.test", true, tls.VersionTLS11)
+	_, err = guessWhoTLSMaxVersion("127.0.0.1:8093", "whoami-d.test", true, tls.VersionTLS12)
 	c.Assert(err, checker.NotNil)
 	c.Assert(err.Error(), checker.Contains, "protocol version not supported")
 }
--- a/pkg/middlewares/compress/compress_test.go
+++ b/pkg/middlewares/compress/compress_test.go
@ -401,7 +401,7 @@ func BenchmarkCompress(b *testing.B) {
 			})
 			handler, _ := New(context.Background(), next, dynamic.Compress{}, "testing")
-			req, _ := http.NewRequest("GET", "/whatever", nil)
+			req, _ := http.NewRequest(http.MethodGet, "/whatever", nil)
 			req.Header.Set("Accept-Encoding", "gzip")
 			b.ReportAllocs()
--- a/pkg/middlewares/retry/retry_test.go
+++ b/pkg/middlewares/retry/retry_test.go
@ -222,7 +222,7 @@ func (l *countingRetryListener) Retried(req *http.Request, attempt int) {
 func TestRetryWithFlush(t *testing.T) {
 	next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		rw.WriteHeader(200)
+		rw.WriteHeader(http.StatusOK)
 		_, err := rw.Write([]byte("FULL "))
 		if err != nil {
 			http.Error(rw, err.Error(), http.StatusInternalServerError)
--- a/pkg/provider/kubernetes/crd/fixtures/tcp/with_tls_options.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/tcp/with_tls_options.yml
@ -35,7 +35,6 @@ spec:
      - secret-ca1
      - secret-ca2
    clientAuthType: VerifyClientCertIfGiven
  preferServerCipherSuites: true
 ---
 apiVersion: v1
 kind: Secret
--- a/pkg/provider/kubernetes/crd/fixtures/with_default_tls_options.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/with_default_tls_options.yml
@ -35,7 +35,6 @@ spec:
      - secret-ca-default1
      - secret-ca-default2
    clientAuthType: VerifyClientCertIfGiven
  preferServerCipherSuites: true
 ---
 apiVersion: traefik.containo.us/v1alpha1
--- a/pkg/provider/kubernetes/crd/fixtures/with_default_tls_options_default_namespace.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/with_default_tls_options_default_namespace.yml
@ -35,7 +35,6 @@ spec:
      - secret-ca1
      - secret-ca2
    clientAuthType: VerifyClientCertIfGiven
  preferServerCipherSuites: true
 ---
 apiVersion: traefik.containo.us/v1alpha1
--- a/pkg/provider/kubernetes/crd/fixtures/with_tls_options.yml
+++ b/pkg/provider/kubernetes/crd/fixtures/with_tls_options.yml
@ -35,7 +35,6 @@ spec:
      - secret-ca1
      - secret-ca2
    clientAuthType: VerifyClientCertIfGiven
  preferServerCipherSuites: true
 ---
 apiVersion: traefik.containo.us/v1alpha1
--- a/pkg/provider/kubernetes/crd/kubernetes.go
+++ b/pkg/provider/kubernetes/crd/kubernetes.go
@ -822,7 +822,6 @@ func buildTLSOptions(ctx context.Context, client Client) map[string]tls.Options
 				ClientAuthType: tlsOption.Spec.ClientAuth.ClientAuthType,
 			},
 			SniStrict:     tlsOption.Spec.SniStrict,
 			PreferServerCipherSuites: tlsOption.Spec.PreferServerCipherSuites,
 			ALPNProtocols: alpnProtocols,
 		}
 	}
--- a/pkg/provider/kubernetes/crd/kubernetes_test.go
+++ b/pkg/provider/kubernetes/crd/kubernetes_test.go
@ -667,7 +667,6 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
 								ClientAuthType: "VerifyClientCertIfGiven",
 							},
 							SniStrict: true,
 							PreferServerCipherSuites: true,
 							ALPNProtocols: []string{
 								"h2",
 								"http/1.1",
@ -2749,7 +2748,6 @@ func TestLoadIngressRoutes(t *testing.T) {
 								ClientAuthType: "VerifyClientCertIfGiven",
 							},
 							SniStrict: true,
 							PreferServerCipherSuites: true,
 							ALPNProtocols: []string{
 								"h2",
 								"http/1.1",
@ -2863,7 +2861,6 @@ func TestLoadIngressRoutes(t *testing.T) {
 								ClientAuthType: "VerifyClientCertIfGiven",
 							},
 							SniStrict: true,
 							PreferServerCipherSuites: true,
 							ALPNProtocols: []string{
 								"h2",
 								"http/1.1",
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
@ -42,7 +42,8 @@ type TLSOptionSpec struct {
 	// SniStrict defines whether Traefik allows connections from clients connections that do not specify a server_name extension.
 	SniStrict bool `json:"sniStrict,omitempty"`
 	// PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
-	// It is enabled automatically when minVersion or maxVersion are set.
+	// It is enabled automatically when minVersion or maxVersion is set.
 	// Deprecated: https://github.com/golang/go/issues/45430
 	PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
 	// ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
 	// More info: https://doc.traefik.io/traefik/v2.8/https/tls/#alpn-protocols
--- a/pkg/redactor/redactor_config_test.go
+++ b/pkg/redactor/redactor_config_test.go
@ -443,7 +443,6 @@ func init() {
 					ClientAuthType: "RequireAndVerifyClientCert",
 				},
 				SniStrict: true,
 				PreferServerCipherSuites: true,
 			},
 		},
 		Certificates: []*traefiktls.CertAndStores{
--- a/pkg/redactor/testdata/anonymized-dynamic-config.json
+++ b/pkg/redactor/testdata/anonymized-dynamic-config.json
@ -463,8 +463,7 @@
          "foo"
        ],
        "clientAuth": {},
-        "sniStrict": true,
+        "sniStrict": true
        "preferServerCipherSuites": true
      }
    },
    "stores": {
--- a/pkg/redactor/testdata/secured-dynamic-config.json
+++ b/pkg/redactor/testdata/secured-dynamic-config.json
@ -471,8 +471,7 @@
          ],
          "clientAuthType": "RequireAndVerifyClientCert"
        },
-        "sniStrict": true,
+        "sniStrict": true
        "preferServerCipherSuites": true
      }
    },
    "stores": {
--- a/pkg/rules/parser.go
+++ b/pkg/rules/parser.go
@ -5,6 +5,8 @@ import (
 	"strings"
 	"github.com/vulcand/predicate"
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
 )
 const (
@ -41,7 +43,7 @@ func NewParser(matchers []string) (predicate.Parser, error) {
 		parserFuncs[matcherName] = fn
 		parserFuncs[strings.ToLower(matcherName)] = fn
 		parserFuncs[strings.ToUpper(matcherName)] = fn
-		parserFuncs[strings.Title(strings.ToLower(matcherName))] = fn
+		parserFuncs[cases.Title(language.Und).String(strings.ToLower(matcherName))] = fn
 	}
 	return predicate.NewParser(predicate.Def{
--- a/pkg/server/router/router_test.go
+++ b/pkg/server/router/router_test.go
@ -827,7 +827,7 @@ func BenchmarkRouterServe(b *testing.B) {
 	b.Cleanup(func() { server.Close() })
 	res := &http.Response{
-		StatusCode: 200,
+		StatusCode: http.StatusOK,
 		Body:       io.NopCloser(strings.NewReader("")),
 	}
@ -879,7 +879,7 @@ func BenchmarkRouterServe(b *testing.B) {
 func BenchmarkService(b *testing.B) {
 	res := &http.Response{
-		StatusCode: 200,
+		StatusCode: http.StatusOK,
 		Body:       io.NopCloser(strings.NewReader("")),
 	}
--- a/pkg/server/router/tcp/router_test.go
+++ b/pkg/server/router/tcp/router_test.go
@ -9,6 +9,7 @@ import (
 	"io"
 	"net"
 	"net/http"
 	"net/url"
 	"strings"
 	"testing"
 	"time"
@ -109,8 +110,13 @@ func Test_Routing(t *testing.T) {
 		for {
 			conn, err := tcpBackendListener.Accept()
 			if err != nil {
-				var netErr net.Error
+				var opErr *net.OpError
-				if errors.As(err, &netErr) && netErr.Temporary() {
+				if errors.As(err, &opErr) && opErr.Temporary() {
 					continue
 				}
 				var urlErr *url.Error
 				if errors.As(err, &urlErr) && urlErr.Temporary() {
 					continue
 				}
--- a/pkg/server/server_entrypoint_tcp.go
+++ b/pkg/server/server_entrypoint_tcp.go
@ -7,6 +7,7 @@ import (
 	stdlog "log"
 	"net"
 	"net/http"
 	"net/url"
 	"os"
 	"strings"
 	"sync"
@ -195,8 +196,13 @@ func (e *TCPEntryPoint) Start(ctx context.Context) {
 		if err != nil {
 			logger.Error(err)
-			var netErr net.Error
+			var opErr *net.OpError
-			if errors.As(err, &netErr) && netErr.Temporary() {
+			if errors.As(err, &opErr) && opErr.Temporary() {
 				continue
 			}
 			var urlErr *url.Error
 			if errors.As(err, &urlErr) && urlErr.Temporary() {
 				continue
 			}
--- a/pkg/server/server_entrypoint_tcp_http3.go
+++ b/pkg/server/server_entrypoint_tcp_http3.go
@ -8,7 +8,6 @@ import (
 	"net"
 	"net/http"
 	"sync"
 	"time"
 	"github.com/lucas-clemente/quic-go/http3"
 	"github.com/traefik/traefik/v2/pkg/config/static"
@ -47,24 +46,17 @@ func newHTTP3Server(ctx context.Context, configuration *static.EntryPoint, https
 	}
 	h3.Server = &http3.Server{
 		Port: configuration.HTTP3.AdvertisedPort,
 		Server: &http.Server{
 		Addr:      configuration.GetAddress(),
 		Port:      configuration.HTTP3.AdvertisedPort,
 		Handler:   httpsServer.Server.(*http.Server).Handler,
 			ErrorLog:     httpServerLogger,
 			ReadTimeout:  time.Duration(configuration.Transport.RespondingTimeouts.ReadTimeout),
 			WriteTimeout: time.Duration(configuration.Transport.RespondingTimeouts.WriteTimeout),
 			IdleTimeout:  time.Duration(configuration.Transport.RespondingTimeouts.IdleTimeout),
 		TLSConfig: &tls.Config{GetConfigForClient: h3.getGetConfigForClient},
 		},
 	}
 	previousHandler := httpsServer.Server.(*http.Server).Handler
 	httpsServer.Server.(*http.Server).Handler = http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		err := h3.Server.SetQuicHeaders(rw.Header())
+		if err := h3.Server.SetQuicHeaders(rw.Header()); err != nil {
-		if err != nil {
+			log.FromContext(ctx).Errorf("Failed to set HTTP3 headers: %v", err)
 			log.FromContext(ctx).Errorf("failed to set HTTP3 headers: %v", err)
 		}
 		previousHandler.ServeHTTP(rw, req)
@ -90,3 +82,8 @@ func (e *http3server) getGetConfigForClient(info *tls.ClientHelloInfo) (*tls.Con
 	return e.getter(info)
 }
 func (e *http3server) Shutdown(_ context.Context) error {
 	// TODO: use e.Server.CloseGracefully() when available.
 	return e.Server.Close()
 }
--- a/pkg/server/service/proxy_test.go
+++ b/pkg/server/service/proxy_test.go
@ -20,7 +20,7 @@ func (t *staticTransport) RoundTrip(r *http.Request) (*http.Response, error) {
 func BenchmarkProxy(b *testing.B) {
 	res := &http.Response{
-		StatusCode: 200,
+		StatusCode: http.StatusOK,
 		Body:       io.NopCloser(strings.NewReader("")),
 	}
--- a/pkg/server/service/proxy_websocket_test.go
+++ b/pkg/server/service/proxy_websocket_test.go
@ -456,7 +456,7 @@ func TestWebSocketUpgradeFailed(t *testing.T) {
 	mux := http.NewServeMux()
 	mux.HandleFunc("/ws", func(w http.ResponseWriter, req *http.Request) {
-		w.WriteHeader(400)
+		w.WriteHeader(http.StatusBadRequest)
 	})
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
 		mux.ServeHTTP(w, req)
@ -472,7 +472,7 @@ func TestWebSocketUpgradeFailed(t *testing.T) {
 			req.URL.Path = path
 			f.ServeHTTP(w, req)
 		} else {
-			w.WriteHeader(200)
+			w.WriteHeader(http.StatusOK)
 		}
 	}))
 	defer proxy.Close()
--- a/pkg/tls/tls.go
+++ b/pkg/tls/tls.go
@ -22,7 +22,7 @@ type Options struct {
 	CurvePreferences         []string   `json:"curvePreferences,omitempty" toml:"curvePreferences,omitempty" yaml:"curvePreferences,omitempty" export:"true"`
 	ClientAuth               ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"`
 	SniStrict                bool       `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"`
-	PreferServerCipherSuites bool       `json:"preferServerCipherSuites,omitempty" toml:"preferServerCipherSuites,omitempty" yaml:"preferServerCipherSuites,omitempty" export:"true"`
+	PreferServerCipherSuites bool       `json:"preferServerCipherSuites,omitempty" toml:"preferServerCipherSuites,omitempty" yaml:"preferServerCipherSuites,omitempty" export:"true"` // Deprecated: https://github.com/golang/go/issues/45430
 	ALPNProtocols            []string   `json:"alpnProtocols,omitempty" toml:"alpnProtocols,omitempty" yaml:"alpnProtocols,omitempty" export:"true"`
 }
--- a/pkg/tls/tlsmanager.go
+++ b/pkg/tls/tlsmanager.go
@ -299,18 +299,13 @@ func buildTLSConfig(tlsOption Options) (*tls.Config, error) {
 		}
 	}
 	// Set PreferServerCipherSuites.
 	conf.PreferServerCipherSuites = tlsOption.PreferServerCipherSuites
 	// Set the minimum TLS version if set in the config
 	if minConst, exists := MinVersion[tlsOption.MinVersion]; exists {
 		conf.PreferServerCipherSuites = true
 		conf.MinVersion = minConst
 	}
 	// Set the maximum TLS version if set in the config TOML
 	if maxConst, exists := MaxVersion[tlsOption.MaxVersion]; exists {
 		conf.PreferServerCipherSuites = true
 		conf.MaxVersion = maxConst
 	}
--- a/script/codegen.Dockerfile
+++ b/script/codegen.Dockerfile
@ -1,3 +1,4 @@
 # TODO rewrite this to be able to use go1.19.
 FROM golang:1.17
 ARG USER=$USER