Merge pull request #15 from internetee/log-handshake-errors

Log handshake errors
2025-08-14 19:43:48 +02:00 · 2019-07-29 11:30:51 +03:00 · 2019-07-29 11:30:51 +03:00 · 036c63b3c6
commit 036c63b3c6
parent fa9f9e00e4 0231aae270
13 changed files with 182 additions and 31 deletions
--- a/1
+++ b/1
@ -31,6 +31,7 @@ RUN apt-get update && apt-get install -y \
  libc-dev \
  perl=* \
  procps=* \
  inotify-tools=* \
  libssl1.0.0=* \
  perl-base=* \
  && apt-get clean \
--- a/README.md
+++ b/README.md
@ -139,7 +139,8 @@ tests, there is a small Roda application located in `apps/epp_proxy/priv/test_ba
 It has been written with Ruby 2.6.3.
 There is also a number of generated ssl certificates that are used only for testing. Those are
-valid until 2029 and they are located in `apps/epp_proxy/priv/test_ca`.
+valid until 2029 and they are located in `apps/epp_proxy/priv/test_ca`. The password for test CA
 is `password`.
 You need to start the backend application before running the test suite. To start it as a deamon,
 from the root folder of the project, execute:
--- a/apps/epp_proxy/priv/test_ca/certs/client.crt.pem
+++ b/apps/epp_proxy/priv/test_ca/certs/client.crt.pem
@ -0,0 +1,35 @@
 -----BEGIN CERTIFICATE-----
 MIIGGjCCBAKgAwIBAgICEAgwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkVF
 MREwDwYDVQQIDAhIYXJqdW1hYTEQMA4GA1UEBwwHVGFsbGlubjEjMCEGA1UECgwa
 RWVzdGkgSW50ZXJuZXRpIFNpaHRhc3V0dXMxGjAYBgNVBAMMEWVwcF9wcm94eSB0
 ZXN0IGNhMSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BpbnRlcm5ldC5lZTAeFw0xOTA3
 MjkwNzUxNTdaFw0yOTA3MjYwNzUxNTdaMH4xCzAJBgNVBAYTAkVFMREwDwYDVQQI
 DAhIYXJqdW1hYTEjMCEGA1UECgwaRWVzdGkgSW50ZXJuZXRpIFNpaHRhc3V0dXMx
 FTATBgNVBAMMDHJldm9rZWQgY2VydDEgMB4GCSqGSIb3DQEJARYRaGVsbG9AaW50
 ZXJuZXQuZWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDaFYIwYpsK
 1lCpebo8lR+hBfPg5K1OM7UkE6yNV54UYH1xPUk2iZLxoCnCYZdrfFtzwEfnU+ot
 rv6x+QzNh139bTupaUhetlbHBc/YO4Dp7MEF30wjjLGOacNmlsQi9RhGbegxqoJq
 PB0mEq1ZSPQqsmBs8QxYoL3FhNVJrXvPBCXF2hmf0z+0LbScXRZ8CV5e7PAji5Oe
 LomIPGe9CmVMWRH0JNvLETAEJG0iUPys/zXyBxz9rx9iPAmFhLy4srtvIFQG3tMc
 Xu2r8Vyap7BpaEs4CV36fmWHMQ5xVQgLOAhCKbD7uY2v+gKY6w6dQh1Vm1b9qD1N
 Vk8isJ5WnT5Z4EFvaMq5gGGj1TaTBi4QOie6KVP8iavOKYYkdOoa60XLTtEa5s9b
 cWPS1Bcnl43WR/pPonVvLY3N0VuCjXDwp60GHBGNsVpPa/bUF5wr6BsT7VScFsPM
 QG3Gmc4Kc+jxKj3ysz5yVvIL1v9MzN5tdoHX5MNglP0jtNn7sTBZc8sJg5DGALds
 7d64W1qTRrR41Cu78IUS7iRJRCXU4NLbyzV+BhEyDhiF8TGm+IGVXE+EAHQMXKjt
 Ruzjasf5071bf/eOe50kgVrYDc/JZ2/lJJ/S4cdolz+5PcbExTzdwAeSA/oXKSm6
 2ahveDRn8n6xNHSltjnAWo//9o6WCKHAEQIDAQABo4GJMIGGMAkGA1UdEwQCMAAw
 CwYDVR0PBAQDAgXgMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
 ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUBbVpSL7xVkMpbVxGydzX3snO820wHwYDVR0j
 BBgwFoAU/XfmSnO9pTxls7nPtRWVWQhkaBAwDQYJKoZIhvcNAQELBQADggIBAIrJ
 NfPxjQBCE8sCNYRHj9wbtKb2oBFbz1w1irqi+C7kGhn+sfukmhgPA6L7T84DICon
 nUhl35IX6DuKCqA+G1kGSG7WKfxK8xLxWt5oK5wH63qrrTcezYTmRnFlyIeIyIOm
 Edi6HjVwl3x30aMc5DaC4eOjXJ3JReg5OubQOpBUYCswh8JTR5JCj+ircHiMfbxn
 DO40D431madj/qATR/vZt8UYy53hTSQrIed4EeSD5G3OtnDWfvGwoTdwfnDiDZuO
 auHpUiV0EP1E2P4N06TQWWEEA1cslKNhC9SbTLXlinM9d7QF2wJJ6fiOuUSganYg
 ov9nt6hCTaVC12YTyIO3ZaRIy2KVTtUz0k0ECoiUrF03xqgZrPvixSVokBZnA3uQ
 eBAt2Woi1H9ZR7dhnxG6Fbaf/upiQ3U/kHtW24YG3lmkyhAu5OKpQpqJWXabfnbl
 QRt3HKcGdD1ytUsRpuMJ6Chtai9d5plPOkhcVgWPuawXBSHh4QHaEnEdqgpt3l3j
 WwS2UUiewAbaLCv53LBL+6RRjlcKUInJp/zVRrpdq8hxX48sHCpSIwOckG1wANN2
 68q1LzIWSaKG4LDE4E79FpWT8lnI6ccl0Xo0sbFvOaqMkIFJNXw60HWpUAbjIBTF
 9iuftwIPUbl3aiHR0IQns8Rwk9YUu1lzWe5yn2Nj
 -----END CERTIFICATE-----
--- a/apps/epp_proxy/priv/test_ca/certs/webclient.crt.pem
+++ b/apps/epp_proxy/priv/test_ca/certs/webclient.crt.pem
--- a/apps/epp_proxy/priv/test_ca/crl/crl.pem
+++ b/apps/epp_proxy/priv/test_ca/crl/crl.pem
@ -1,21 +1,22 @@
 -----BEGIN X509 CRL-----
-MIIDfTCCAWUCAQEwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkVFMREwDwYD
+MIIDkjCCAXoCAQEwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkVFMREwDwYD
 VQQIDAhIYXJqdW1hYTEQMA4GA1UEBwwHVGFsbGlubjEjMCEGA1UECgwaRWVzdGkg
 SW50ZXJuZXRpIFNpaHRhc3V0dXMxGjAYBgNVBAMMEWVwcF9wcm94eSB0ZXN0IGNh
-MSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BpbnRlcm5ldC5lZRcNMTkwNzExMTMxMTM0
+MSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BpbnRlcm5ldC5lZRcNMTkwNzI5MDc1NTA5
-WhcNMjkwNzA4MTMxMTM0WjBpMBMCAhACFw0xOTA1MjkwNjM5MTJaMBMCAhADFw0x
+WhcNMjkwNzI2MDc1NTA5WjB+MBMCAhACFw0xOTA1MjkwNjM5MTJaMBMCAhADFw0x
 OTA1MjkwODQxMDJaMBMCAhAEFw0xOTA1MzExMTI0NTJaMBMCAhAFFw0xOTA1MzEx
-MTQyMjJaMBMCAhAGFw0xOTA1MzExMjQzNDlaoDAwLjAfBgNVHSMEGDAWgBT9d+ZK
+MTQyMjJaMBMCAhAGFw0xOTA1MzExMjQzNDlaMBMCAhAHFw0xOTA3MjkwNzU0MzRa
-c72lPGWzuc+1FZVZCGRoEDALBgNVHRQEBAICEAgwDQYJKoZIhvcNAQELBQADggIB
+oDAwLjAfBgNVHSMEGDAWgBT9d+ZKc72lPGWzuc+1FZVZCGRoEDALBgNVHRQEBAIC
-ACv4opvBcQoCEkiKhVlr5bSq0vAVaTu1FloKTay0xsgDGSqQDnPR/B7ELSyoYo2A
+EAkwDQYJKoZIhvcNAQELBQADggIBAEk9pyZjqyYUdnA0Sv7RyevRUQGKbbf3EXdv
-iBuSrQREyvXOtZhlQyTHwCDnAjpgGDGdRbRJAhhbWA9/MC4oqyJLjOFxLspX2S7E
+JLDyvI9rpoyuWPkMT6vPsYght0cf/wO7oaEK/uustvFEYQiJss60jI0XuczWypk9
-Fq4F/DbUZaW8niGGCcAUf8QnilaJLEhUT7qIJW2DpyFLd/1qLK81PBO8VW4fbKQI
+paKu3LhIy6Drm3locY2k0ESrgP9IwNzS5Xr0FiaWRIozbkcawte8M4Nqe8BO5prk
-z2LsrA3NijW+W192LMvHLKnE47ifW1PLM0dJimkVNrkS42ACuwnCOLfLJsIg9aRe
+/5sLjv3eFnD7E445tZhu3vmXkD50FT3PLHVBEz4yS6Fx6nTiv+9QUu8NGf+bc6+o
-QsI1CY+L1F2tROedUFo6noffnm+SyMapna4SEXlQTaA1kfLtLOGVhXpBAgcewIsY
+YKPMy6Lh/wGC7p6sZJCOCjfzLAcqWfB2EW6XU8WeQcQCZ0au7zvZjQownCS9CeJV
-DQQCTn4oEAhZroZMPYJXYXC/pNSMUEBifXR2akO7eE5kLBgf11ZfhuEUqperviiJ
+KVsC4QiUt97FxR2gcEN2GJesywIF11X9o8s1K/Hz3+rrtU1ymoMLeumaRW24z35A
-yLNzoakh3eMazIo5Qr8ZinMWP8HHZJI8GmOvJtVKAvOFmXkVm++Cnl/Ovp8skrTD
+zVsdNwRfSPmt1qHlyaJaFhKG6jw5/nws+/wGFycIjWK0DSORiGCYdKD0cCjKJbNO
-AibySMZSTgoAc+ynZYI5q6HZxJWXN/PQ/++hFyOW9aG1DTLGpV6rO+O4zNldmUIO
+2QJnJlNOaCUUj8ULyiFOtZvdadc4JVW42NI/F+AFy/bnBK0uH6CenK5XwX3kEMme
-DTu+dUmKNamp1a6GcaY5xLSQTfV8InetxwF+gazvcmtEnqagH64EseSz4RZQLtRc
+KD8b5reUcVRhQdVJdAABFJlihIg05yENI7hlH1CKfy4vmlBKl+M2mW9cmNO8O6uS
-kAZLho1rPE35Ok/2eswMvQ9hOkQ7tX9dO35HYoHoVKUzdiBaPP3PCDeCC/Ei5C2n
+KMH8/wLuLga9gYziNT1RmVNFbnpF0hc6CFtSnlVXXTlU/TrxheH8ykrHQhKEkQj+
-Z1rfbtOFwF/36qyz7o+YqHaWHVc9W/koRjtrmXA1soJ2
+3krObDFDCUMKmaGu2nxRYZwLXzUe3wVl1SAxw0eEGyON/N83sLYlcrwWTVzRG3Z7
 RqRHPn+h
 -----END X509 CRL-----
--- a/apps/epp_proxy/priv/test_ca/csrs/client.csr.pem
+++ b/apps/epp_proxy/priv/test_ca/csrs/client.csr.pem
@ -0,0 +1,28 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIE1jCCAr4CAQAwgZAxCzAJBgNVBAYTAkVFMREwDwYDVQQIDAhIYXJqdW1hYTEQ
 MA4GA1UEBwwHVGFsbGlubjEjMCEGA1UECgwaRWVzdGkgSW50ZXJuZXRpIFNpaHRh
 c3V0dXMxFTATBgNVBAMMDHJldm9rZWQgY2VydDEgMB4GCSqGSIb3DQEJARYRaGVs
 bG9AaW50ZXJuZXQuZWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDa
 FYIwYpsK1lCpebo8lR+hBfPg5K1OM7UkE6yNV54UYH1xPUk2iZLxoCnCYZdrfFtz
 wEfnU+otrv6x+QzNh139bTupaUhetlbHBc/YO4Dp7MEF30wjjLGOacNmlsQi9RhG
 begxqoJqPB0mEq1ZSPQqsmBs8QxYoL3FhNVJrXvPBCXF2hmf0z+0LbScXRZ8CV5e
 7PAji5OeLomIPGe9CmVMWRH0JNvLETAEJG0iUPys/zXyBxz9rx9iPAmFhLy4srtv
 IFQG3tMcXu2r8Vyap7BpaEs4CV36fmWHMQ5xVQgLOAhCKbD7uY2v+gKY6w6dQh1V
 m1b9qD1NVk8isJ5WnT5Z4EFvaMq5gGGj1TaTBi4QOie6KVP8iavOKYYkdOoa60XL
 TtEa5s9bcWPS1Bcnl43WR/pPonVvLY3N0VuCjXDwp60GHBGNsVpPa/bUF5wr6BsT
 7VScFsPMQG3Gmc4Kc+jxKj3ysz5yVvIL1v9MzN5tdoHX5MNglP0jtNn7sTBZc8sJ
 g5DGALds7d64W1qTRrR41Cu78IUS7iRJRCXU4NLbyzV+BhEyDhiF8TGm+IGVXE+E
 AHQMXKjtRuzjasf5071bf/eOe50kgVrYDc/JZ2/lJJ/S4cdolz+5PcbExTzdwAeS
 A/oXKSm62ahveDRn8n6xNHSltjnAWo//9o6WCKHAEQIDAQABoAAwDQYJKoZIhvcN
 AQELBQADggIBAM+rpYhoVrsgkItnaLoE5ZFqOsaW+nGyy7IVe8KeTi+sfDo/OOMH
 KoZebwFkKa+5MpR7iGdGhwMsEvQBNwAAElLfVAW2NZQmC8DGwLyRA1yPTWNNvYi9
 oGaLPAvIROnSdd5WImV749zxv9W23pjozYSyFWVRxjhZd6Wj3XLRJFkAtikZZW02
 jnzLGLamILIuGj51d/ukR+uN4hVxnMKKhRpiRJFsjGJj3aai2ptJmvRhp1vrclJg
 Bix1JsLzKbuvPP00EuZXUZ9bRDUW8bpNhvuWUhtS5iFME6mTyqL7PveivLX7Sxuy
 VQ58FNeU68BIrdCSavxHtmgB/vjyMcfcEm7K9C7YPGSedK5evzKbVpkNk2SP5Cl4
 0pLDeLjYRGnf6sDjGK1FVJYAX9AG+8ZiCtSkWfMY/5ClcK5SCeO5QY1Ad3bY1Ez8
 l3IdzKwZK4zq9NZN20r0ZzSZ8kzEqeKotKXIPDjKBDHFk3wu4tkHZf9pyu9PkQjZ
 RpoVmhNFVQ2BRdZANudrMiWgUhxUpQgmRQPnpGbDmdWdvqEoHsTPkHrxgNdb+PxP
 D3NWN28hj9MRve+lSStnN/GXb9DPKyA6vmUHcd9p8EnnmLTy9sqy/smE3zYwDmz2
 QSGz4UhMOAD6/6/9mCLf1qiRpD2JAcYOz7LcVTrqpo3UtHAW/XD9XNPp
 -----END CERTIFICATE REQUEST-----
--- a/apps/epp_proxy/priv/test_ca/csrs/webclient.csr.pem
+++ b/apps/epp_proxy/priv/test_ca/csrs/webclient.csr.pem
--- a/apps/epp_proxy/priv/test_ca/generate_certificates.sh
+++ b/apps/epp_proxy/priv/test_ca/generate_certificates.sh
@ -1,9 +1,15 @@
 # !/bin/sh
 # Use localhost as common name.
-openssl genrsa -out private/webclient.key.pem 4096
+openssl genrsa -out private/client.key.pem 4096
-openssl req -sha256 -config openssl.cnf -new -days 3650 -key private/webclient.key.pem -out csrs/webclient.csr.pem
+openssl req -sha256 -config openssl.cnf -new -days 3650 -key private/client.key.pem -out csrs/client.csr.pem
-openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -extensions usr_cert -notext -md sha256 -in csrs/webclient.csr.pem -days 3650 -out certs/webclient.crt.pem
+openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -extensions usr_cert -notext -md sha256 -in csrs/client.csr.pem -days 3650 -out certs/client.crt.pem
-openssl ca -keyfile private/ca.key.pem -cert certs/ca.crt.pem -gencrl -out crl/crl.pem
+
 openssl genrsa -out private/revoked.key.pem 4096
 openssl req -sha256 -config openssl.cnf -new -days 3650 -key private/revoked.key.pem -out csrs/revoked.csr.pem
 openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -extensions usr_cert -notext -md sha256 -in csrs/revoked.csr.pem -days 3650 -out certs/revoked.crt.pem
 openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -revoke certs/revoked.crt.pem
 openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -crldays 3650 -gencrl -out crl/crl.pem
 openssl req -config openssl.cnf -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout private/apache.key -config server.csr.cnf
 openssl x509 -req -in server.csr -CA certs/ca.crt.pem  -CAkey private/ca.key.pem -CAcreateserial -out certs/apache.crt -days 3650 -sha256 -extfile v3.ext
--- a/apps/epp_proxy/priv/test_ca/private/client.key.pem
+++ b/apps/epp_proxy/priv/test_ca/private/client.key.pem
@ -0,0 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIJKQIBAAKCAgEA2hWCMGKbCtZQqXm6PJUfoQXz4OStTjO1JBOsjVeeFGB9cT1J
 NomS8aApwmGXa3xbc8BH51PqLa7+sfkMzYdd/W07qWlIXrZWxwXP2DuA6ezBBd9M
 I4yxjmnDZpbEIvUYRm3oMaqCajwdJhKtWUj0KrJgbPEMWKC9xYTVSa17zwQlxdoZ
 n9M/tC20nF0WfAleXuzwI4uTni6JiDxnvQplTFkR9CTbyxEwBCRtIlD8rP818gcc
 /a8fYjwJhYS8uLK7byBUBt7THF7tq/FcmqewaWhLOAld+n5lhzEOcVUICzgIQimw
 +7mNr/oCmOsOnUIdVZtW/ag9TVZPIrCeVp0+WeBBb2jKuYBho9U2kwYuEDonuilT
 /ImrzimGJHTqGutFy07RGubPW3Fj0tQXJ5eN1kf6T6J1by2NzdFbgo1w8KetBhwR
 jbFaT2v21BecK+gbE+1UnBbDzEBtxpnOCnPo8So98rM+clbyC9b/TMzebXaB1+TD
 YJT9I7TZ+7EwWXPLCYOQxgC3bO3euFtak0a0eNQru/CFEu4kSUQl1ODS28s1fgYR
 Mg4YhfExpviBlVxPhAB0DFyo7Ubs42rH+dO9W3/3jnudJIFa2A3PyWdv5SSf0uHH
 aJc/uT3GxMU83cAHkgP6Fykputmob3g0Z/J+sTR0pbY5wFqP//aOlgihwBECAwEA
 AQKCAgBPJsNLoF45PrOj7wRC/LSwEqMDGrwzx9yUrXdRDV3Yc3TT5rRt0Ny+Sa0e
 WaFFZ6shhcYTFYfG8N6L5aJZ7imU01J2GDol9fPk5B0dk+sj+8PKx9KwjF3dHFHJ
 KCsjrOUUmstNS19uA0dpDBpSb4H/BSKuJ4adnCmESMPIq+hlqFG1T4VBVsCmOnh0
 z+xbNGNF/KTjocMABE/yXEoieGVvolw7yizjtOdCeZ4KeG5cs3v2zdId2LOBSd0C
 0rxUJLqWiJs2qyTgBSwp3b4Ie5gxiaLTQcMUKU/cE1f0ljIHMFz+9na/xgbAufK7
 YYS6WsaezXRzN96X9R1fr86oDQYVmREnBU5ouUWDMop17M3TRH70mAdaczb2zML3
 cg+uQXjuw45hyD322RySZgz4+nnLcSFJBHzfbfFBnGtwiAfVqc68n5+wVLzJvwji
 zV6MCs7FfvR1+ex/MY9woggkQTHfDX2311N83uD11K6pO5FbRQUSHgNo+/tEYwAq
 niY6fsXPxOPC8udEIbCEOFOGd/xMF9ihvbMWbSVB/ZZFIedrzbk8SPG/rUx+k5wP
 rCte69i/b2yQyfDs9ULYletevHb+CuhIyAvIIkhb1zfM4rmoa6MdHmhJAKb3lzLO
 lAyYmnepFbVek6vqpn+6oJzHCejCAhUoSr1oytBlNUDdvjacYQKCAQEA83t3d+EH
 jgqEZiH9DvZnhrgiX5qtTPieVyl6bpbw8XM4ULmy3fy3ZdFEN/zGJlRYMVA0P4I8
 4GJaULYtDlaPuH1xqhuFrF/gv1aOGChq4M33nNtdjVgWvWKJK6rkPXCYwD8QRK/H
 vz3DQUqn7XEqLEknFWt6SeIseSajrXWLF0F+hy6HmW+eRONHf5HT8EMx3zqMgoE1
 eNyCeJ8Xkja+T7t1xcYKW5zUeDs9nYXPiuk9Mq2zQzqfiIJKnow4HThrd2WKcKKC
 60C7YTGEvEHbUTAzz9C4BaVjEXu7bCfb5ryVfnJH8LHpQ1PgEIVBdJ7OjfXDnAf2
 FqoMiHFAximvPQKCAQEA5UvExUQJTLNrB7K/mn0/2Q9G8zQgpns+EwxD2s9nhpXD
 RLmbPIH5URV1Hf5HchlKp5uY7KB0SgUIjAV6I2FDv/oFNk+pu/PXI2rOcZuPgX3M
 KD5MTw+Gm5NtoYgDemcJUMgAk9ilh7v7YKP8ASwNxikHkQ3oEKPXSW1/mJxiSzpH
 8tpmSFisBAFtBJlMEzt8FGH7a8+DpvbOyxfP4aocF6cgqKtSwgtKJm2EwSyaEMYB
 1cK6wQeY0mpcmtrdSeJaEWnq5deFhEYWOKTaliTQMFgWC6RBGdCp7RGyE0jVQi7F
 iAXFsfkNjVmmSF8PAA/CKOIW0Z1QV/10zP9F5ofhZQKCAQEAuT41TZJ6Ufn0c1Pm
 mSyk5R1QoZYnxYjdxwi6qkrSc5CqxtgRmsy7p45ILaR2CRFgq9wOdEcdE8YgWonP
 y7nVzJI8GSSpVdT4Q/qRTxXpArIRclh/W5sqadn+7Kcu0QPKY3FXajqmaPyPgixP
 iNnxMRJS1vwXZQDbvyzDmKP2N7JPln+zEOyX6GdWrVsAeSpWVjTQVDYDvble1nCL
 2WUm87h2yQp8NOkjyXmgzijRFymOsvDukvaWC6C9LtUVmD2lnYg2hK1Pl7Z/GVo4
 V5ZvSty2fqSYbUtADTwrAwVsS6cswbAmxZxGEUBOF6OagiSUl/LkaOCxvNqRgHlR
 w7JRLQKCAQEA15S6R0HlgHC783vyu1yBGCJN8cET5ZK/1QbWETapPhc2hToAow4M
 i1iiSXXWVIdE8nrPd8KQMzuyQnuvzu3W1ftKxTp2+hiTMGBuAtBgRz4wIbIY6shN
 JZ6iF5oasw2G66VvLZImZ4ytFrp25980gBf5Xj717hctBYNm0ORPYi1EkicWvXRp
 Hkb86bL7nKVzznIlAcMUI3mvCbG0qJXYXcCrawnRAFG/AIw9oaW+oICaHxE7ptru
 qv6HXKzkG2AukGrGCBzvEmMW52DPhxTLjHh1GbLv5kaSTSszAwCaSORSocXTjrX7
 MOeV+Dsvjj5CrU+MZr4CWQgatdZYMRuWJQKCAQB7BGo5ajhebHd9UD1+X+plXBWb
 LxMhvK9f4Z/Q7PUDcQwesyF4/iyLFxdihixPspBpY4YuRAXzXtFrGtzKxfTdBz8O
 pBk++GI8OBA0+qviIYkqg3Yojb05nupAL+by8HHMc2kQwbiZQ0oH1AKZgGcAxe9i
 dI+nSMDWM088bwTDmmUHVE4hdEiYvRza3OefDH4/EQhNhJHvWqgGsaHL0nhmfPVa
 O4ovmZoRqLsCdxuUao2Q2klIFQicKWsnl2J96rIlzgjZGzHUgqkAKnnrYGTdu7oG
 tiQRzzDF0C24sbH2mrX6Q+sjN7KKW1fCIQEufMCbT8nF/gv7SD7Do/H0SFp1
 -----END RSA PRIVATE KEY-----
--- a/apps/epp_proxy/priv/test_ca/private/webclient.key.pem
+++ b/apps/epp_proxy/priv/test_ca/private/webclient.key.pem
--- a/apps/epp_proxy/src/epp_http_client.erl
+++ b/apps/epp_proxy/src/epp_http_client.erl
@ -82,10 +82,12 @@ request_from_map(#{command := Command,
 %% Return form data or an empty list.
 request_body(?helloCommand, _, _) -> "";
 request_body(_Command, RawFrame, nomatch) ->
-    {multipart, [{<<"raw_frame">>, RawFrame}, {<<"frame">>, RawFrame}]};
+    {multipart,
     [{<<"raw_frame">>, RawFrame}, {<<"frame">>, RawFrame}]};
 request_body(_Command, RawFrame, ClTRID) ->
    {multipart,
-     [{<<"raw_frame">>, RawFrame}, {<<"frame">>, RawFrame}, {<<"clTRID">>, ClTRID}]}.
+     [{<<"raw_frame">>, RawFrame}, {<<"frame">>, RawFrame},
      {<<"clTRID">>, ClTRID}]}.
 %% Return a list of properties that each represent a query part in a query string.
 %% [{"user", "eis"}]} becomes later https://example.com?user=eis
--- a/apps/epp_proxy/src/epp_tls_worker.erl
+++ b/apps/epp_proxy/src/epp_tls_worker.erl
@ -43,9 +43,14 @@ start_link(Socket) ->
 %% If certificate is revoked, this will fail right away here.
 %% mod_epp does exactly the same thing.
 handle_cast(serve, State = #state{socket = Socket}) ->
-    {ok, SecureSocket} = ssl:handshake(Socket),
+    {ok, {PeerIp, _PeerPort}} = ssl:peername(Socket),
-    NewState = state_from_socket(SecureSocket, State),
+    case ssl:handshake(Socket) of
-    {noreply, NewState};
+      {ok, SecureSocket} ->
 	  NewState = state_from_socket(SecureSocket, State),
 	  {noreply, NewState};
      {error, Error} ->
 	  log_on_invalid_handshake(PeerIp, Error)
    end;
 %% Step two: Using the state of the connection, get the hello route
 %% from http server.  Send the response from HTTP server back to EPP
 %% client.  When this succeeds, send "process_command" to self and
@ -160,6 +165,13 @@ log_on_timeout(State) ->
    lager:info("Client timed out: [~p]~n", [State]),
    exit(normal).
 log_on_invalid_handshake(Ip, Error) ->
    ReadableIp = epp_util:readable_ip(Ip),
    lager:info("Failed SSL handshake. IP: ~s, Error: "
 	       "[~p]~n",
 	       [ReadableIp, Error]),
    exit(normal).
 %% Extract state info from socket. Fail if you must.
 state_from_socket(Socket, State) ->
    {ok, PeerCert} = ssl:peercert(Socket),
--- a/apps/epp_proxy/test/tls_client_SUITE.erl
+++ b/apps/epp_proxy/test/tls_client_SUITE.erl
@ -11,7 +11,8 @@
         valid_command_test_case/1,
         long_message_test_case/1,
         invalid_command_test_case/1,
-         error_test_case/1]).
+         error_test_case/1,
         revoked_cert_test_case/1]).
 all() ->
    [frame_size_test_case,
@ -20,17 +21,22 @@ all() ->
     valid_command_test_case,
     long_message_test_case,
     invalid_command_test_case,
-     error_test_case].
+     error_test_case,
     revoked_cert_test_case].
 init_per_suite(Config) ->
    application:ensure_all_started(epp_proxy),
    application:ensure_all_started(hackney),
    CWD = code:priv_dir(epp_proxy),
    Options = [binary,
-               {certfile, filename:join(CWD, "test_ca/certs/webclient.crt.pem")},
+               {certfile, filename:join(CWD, "test_ca/certs/client.crt.pem")},
-	       {keyfile, filename:join(CWD, "test_ca/private/webclient.key.pem")},
+	       {keyfile, filename:join(CWD, "test_ca/private/client.key.pem")},
               {active, false}],
-    [{ssl_options, Options} | Config].
+    RevokedOptions = [binary,
               {certfile, filename:join(CWD, "test_ca/certs/revoked.crt.pem")},
 	       {keyfile, filename:join(CWD, "test_ca/private/revoked.key.pem")},
               {active, false}],
    [{ssl_options, Options}, {revoked_options, RevokedOptions} | Config].
 end_per_suite(Config) ->
    application:stop(epp_proxy),
@ -170,6 +176,14 @@ error_test_case(Config) ->
               "Command syntax error."),
    ok.
 revoked_cert_test_case(Config) ->
    Options = proplists:get_value(revoked_options, Config),
    {error, Error} = ssl:connect("localhost", 1443, Options, 2000),
    {tls_alert,
     {certificate_revoked,
      "received CLIENT ALERT: Fatal - Certificate Revoked"}} = Error,
    ok.
 %% Helper functions:
 length_of_data(Data) ->
    EPPEnvelope = binary:part(Data, {0, 4}),