diff --git a/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-mqtt/CMakeLists.txt b/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-mqtt/CMakeLists.txt
new file mode 100644
index 000000000..5b3dab115
--- /dev/null
+++ b/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-mqtt/CMakeLists.txt
@@ -0,0 +1,101 @@
+project(lws-minimal-secure-streams-mqtt C)
+cmake_minimum_required(VERSION 2.8.12)
+find_package(libwebsockets CONFIG REQUIRED)
+
+set(requirements 1)
+require_lws_config(LWS_ROLE_MQTT 1 requirements)
+require_lws_config(LWS_WITHOUT_CLIENT 0 requirements)
+require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements)
+require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements)
+
+require_lws_config(LWS_WITH_SECURE_STREAMS_PROXY_API 1 has_ss_proxy)
+require_lws_config(LWS_WITH_SYS_STATE 1 has_sys_state)
+
+if (requirements)
+
+	add_executable(${PROJECT_NAME} minimal-secure-streams-mqtt.c)
+
+	if (websockets_shared)
+		target_link_libraries(${PROJECT_NAME} websockets_shared ${LIBWEBSOCKETS_DEP_LIBS})
+		add_dependencies(${PROJECT_NAME} websockets_shared)
+	else()
+		target_link_libraries(${PROJECT_NAME} websockets ${LIBWEBSOCKETS_DEP_LIBS})
+	endif()
+
+	# also make a -client build using SSPC if enabled
+
+	if (has_ss_proxy OR LWS_WITH_SECURE_STREAMS_PROXY_API)
+		add_compile_options(-DLWS_SS_USE_SSPC)
+
+		add_executable(${PROJECT_NAME}-client minimal-secure-streams-mqtt.c)
+
+		if (websockets_shared)
+			target_link_libraries(${PROJECT_NAME}-client websockets_shared ${LIBWEBSOCKETS_DEP_LIBS})
+			add_dependencies(${PROJECT_NAME}-client websockets_shared)
+		else()
+			target_link_libraries(${PROJECT_NAME}-client websockets ${LIBWEBSOCKETS_DEP_LIBS})
+		endif()
+	endif()
+
+	# ctest
+
+	if (LWS_CTEST_INTERNET_AVAILABLE AND NOT WIN32)
+
+		# the direct selftest
+
+		add_test(NAME mqttss-warmcat COMMAND ${PROJECT_NAME})
+		set_tests_properties(mqttss-warmcat
+			     PROPERTIES
+			     WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-mqtt
+			     TIMEOUT 30)
+
+		# via the proxy
+
+		if (has_sys_state AND
+		    (HAS_LWS_WITH_SECURE_STREAMS_PROXY_API OR LWS_WITH_SECURE_STREAMS_PROXY_API))
+
+			#
+			# Define test dep to bring up and take down the test proxy
+			#
+
+			if (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
+				# uds abstract namespace for linux
+				set(CTEST_SOCKET_PATH "@ctest-mqttssp-$ENV{SAI_PROJECT}-$ENV{SAI_OVN}")
+			else()
+				# filesystem socket for others
+				set(CTEST_SOCKET_PATH "/tmp/ctest-mqttssp-$ENV{SAI_PROJECT}-$ENV{SAI_OVN}")
+			endif()
+			add_test(NAME st_mqttssproxy COMMAND
+				${CMAKE_SOURCE_DIR}/scripts/ctest-background.sh
+				mqttssproxy $<TARGET_FILE:lws-minimal-secure-streams-proxy>
+				-i ${CTEST_SOCKET_PATH} )
+			set_tests_properties(st_mqttssproxy PROPERTIES WORKING_DIRECTORY . FIXTURES_SETUP mqttssproxy TIMEOUT 800)
+
+			add_test(NAME ki_mqttssproxy COMMAND
+				${CMAKE_SOURCE_DIR}/scripts/ctest-background-kill.sh
+				mqttssproxy $<TARGET_FILE:lws-minimal-secure-streams-proxy>
+				-i ${CTEST_SOCKET_PATH})
+			set_tests_properties(ki_mqttssproxy PROPERTIES FIXTURES_CLEANUP mqttssproxy)
+
+			#
+			# the client part that will connect to the proxy
+			#
+
+			add_test(NAME mqttsspc-minimal COMMAND ${PROJECT_NAME}-client --ssproxy-iface +${CTEST_SOCKET_PATH})
+
+			set(fixlist "mqttssproxy")
+			if (DEFINED ENV{SAI_OVN})
+				list(APPEND fixlist "res_mqttssproxy")
+			endif()
+
+			set_tests_properties(mqttsspc-minimal PROPERTIES
+				WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-mqtt
+				FIXTURES_REQUIRED "${fixlist}"
+				TIMEOUT 40)
+
+		endif()
+
+	endif()
+
+endif()
+
diff --git a/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-mqtt/README.md b/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-mqtt/README.md
new file mode 100644
index 000000000..69aa81263
--- /dev/null
+++ b/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-mqtt/README.md
@@ -0,0 +1,67 @@
+# lws minimal secure streams mqtt
+
+The application connects test.mosquitto.org and exchange MQTT messages.
+
+For TLS connetion, you can generate your own certificate on
+https://test.mosquitto.org/ssl/
+
+## build
+
+```
+ $ cmake . && make
+```
+
+## usage
+
+Commandline option|Meaning
+---|---
+-d <loglevel>|Debug verbosity in decimal, eg, -d15
+--test-nontls|Connect test.mosquitto.org without tls
+
+```
+[2021/11/08 08:53:07:1372] U: LWS secure streams mqtt test client [-d<verb>]
+[2021/11/08 08:53:07:1378] N: lws_create_context: LWS: 4.3.99-v4.3.0-89-g57e60f25, NET CLI SRV H1 H2 WS MQTT SS-JSON-POL SSPROX ConMon IPv6-absent
+[2021/11/08 08:53:07:1380] N: __lws_lc_tag:  ++ [98522|wsi|0|pipe] (1)
+[2021/11/08 08:53:07:1405] N: __lws_lc_tag:  ++ [98522|vh|0|mosq_org||-1] (1)
+[2021/11/08 08:53:07:1546] N: __lws_lc_tag:  ++ [98522|vh|1|_ss_default||-1] (2)
+[2021/11/08 08:53:07:1662] N: __lws_lc_tag:  ++ [98522|wsiSScli|0|mosq_tls] (1)
+[2021/11/08 08:53:07:1662] N: [98522|wsiSScli|0|mosq_tls]: lws_ss_check_next_state_ss: (unset) -> LWSSSCS_CREATING
+[2021/11/08 08:53:07:1662] U: myss_state: LWSSSCS_CREATING, ord 0x0
+[2021/11/08 08:53:07:1662] N: [98522|wsiSScli|0|mosq_tls]: lws_ss_check_next_state_ss: LWSSSCS_CREATING -> LWSSSCS_POLL
+[2021/11/08 08:53:07:1662] U: myss_state: LWSSSCS_POLL, ord 0x0
+[2021/11/08 08:53:07:1662] N: secstream_connect_munge_mqtt - Client ID = SN12345678
+[2021/11/08 08:53:07:1662] N: [98522|wsiSScli|0|mosq_tls]: lws_ss_check_next_state_ss: LWSSSCS_POLL -> LWSSSCS_CONNECTING
+[2021/11/08 08:53:07:1662] U: myss_state: LWSSSCS_CONNECTING, ord 0x0
+[2021/11/08 08:53:07:1663] N: lws_mqtt_generate_id: User space provided a client ID 'SN12345678'
+[2021/11/08 08:53:07:1663] N: __lws_lc_tag:  ++ [98522|wsicli|0|MQTT/mqtt/test.mosquitto.org/([98522|wsiSScli|0|mosq_tls])] (1)
+[2021/11/08 08:53:07:1716] N: [98522|wsicli|0|MQTT/mqtt/test.mosquitto.org/([98522|wsiSScli|0|mosq_tls])]: lws_client_connect_3_connect: trying 5.196.95.208
+[2021/11/08 08:53:07:1718] U: myss_state: LWSSSCS_EVENT_WAIT_CANCELLED, ord 0x0
+[2021/11/08 08:53:07:3293] N: lws_ssl_client_bio_create: set system client cert 0
+[2021/11/08 08:53:13:9751] N: __lws_lc_tag:  ++ [98522|mux|0|mosq_org|mqtt_sid1] (1)
+[2021/11/08 08:53:13:9752] N: _lws_mqtt_rx_parser: migrated nwsi [98522|wsicli|0|MQTT/mqtt/test.mosquitto.org/([98522|wsiSScli|0|mosq_tls])] to sid 1 [98522|mux|0|mosq_org|mqtt_sid1]
+[2021/11/08 08:53:13:9753] N: secstream_mqtt: [98522|wsiSScli|0|mosq_tls]: WRITEABLE
+[2021/11/08 08:53:13:9753] N: secstream_mqtt_subscribe, expbuf - test/topic1
+[2021/11/08 08:53:13:9753] N: secstream_mqtt_subscribe: subscribing test/topic1
+[2021/11/08 08:53:14:1969] N: [98522|wsiSScli|0|mosq_tls]: lws_ss_check_next_state_ss: LWSSSCS_CONNECTING -> LWSSSCS_CONNECTED
+[2021/11/08 08:53:14:1970] U: myss_state: LWSSSCS_CONNECTED, ord 0x0
+[2021/11/08 08:53:14:1970] N: secstream_mqtt: [98522|wsiSScli|0|mosq_tls]: WRITEABLE
+[2021/11/08 08:53:14:1970] U: Start of message
+[2021/11/08 08:53:14:1970] U: myss_tx: h: 0x7fa25160a880, [0]sending 0 - 23 flags 0x3
+[2021/11/08 08:53:14:1970] N: secstream_mqtt_publish, expbuf - test/topic1
+[2021/11/08 08:53:14:1970] N: secstream_mqtt_publish: payload len 23
+[2021/11/08 08:53:14:1972] N: [98522|wsiSScli|0|mosq_tls]: lws_ss_check_next_state_ss: LWSSSCS_CONNECTED -> LWSSSCS_QOS_ACK_REMOTE
+[2021/11/08 08:53:14:1972] U: myss_state: LWSSSCS_QOS_ACK_REMOTE, ord 0x0
+[2021/11/08 08:53:18:5310] U: myss_rx: len 23, flags: 3
+[2021/11/08 08:53:18:5312] N: __lws_lc_untag:  -- [98522|wsi|0|pipe] (0) 11.393s
+[2021/11/08 08:53:18:5312] N: [98522|wsiSScli|0|mosq_tls]: lws_ss_check_next_state_ss: LWSSSCS_QOS_ACK_REMOTE -> LWSSSCS_DISCONNECTED
+[2021/11/08 08:53:18:5312] U: myss_state: LWSSSCS_DISCONNECTED, ord 0x0
+[2021/11/08 08:53:18:5312] N: __lws_lc_untag:  -- [98522|mux|0|mosq_org|mqtt_sid1] (0) 4.556s
+[2021/11/08 08:53:18:5317] N: __lws_lc_untag:  -- [98522|vh|0|mosq_org||-1] (1) 11.391s
+[2021/11/08 08:53:18:5318] N: __lws_lc_untag:  -- [98522|wsicli|0|MQTT/mqtt/test.mosquitto.org/([98522|wsiSScli|0|mosq_tls])] (0) 11.365s
+[2021/11/08 08:53:18:5318] N: [98522|wsiSScli|0|mosq_tls]: lws_ss_check_next_state_ss: LWSSSCS_DISCONNECTED -> LWSSSCS_DESTROYING
+[2021/11/08 08:53:18:5319] U: myss_state: LWSSSCS_DESTROYING, ord 0x0
+[2021/11/08 08:53:18:5319] N: __lws_lc_untag:  -- [98522|wsiSScli|0|mosq_tls] (0) 11.365s
+[2021/11/08 08:53:18:5355] N: __lws_lc_untag:  -- [98522|vh|1|_ss_default||-1] (0) 11.380s
+[2021/11/08 08:53:18:5356] U: Completed: OK (seen expected 0)
+```
+
diff --git a/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-mqtt/minimal-secure-streams-mqtt.c b/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-mqtt/minimal-secure-streams-mqtt.c
new file mode 100644
index 000000000..1059864a1
--- /dev/null
+++ b/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-mqtt/minimal-secure-streams-mqtt.c
@@ -0,0 +1,545 @@
+/*
+ * lws-minimal-secure-streams-mqtt
+ *
+ * Written in 2021 by Andy Green <andy@warmcat.com>
+ *
+ * This file is made available under the Creative Commons CC0 1.0
+ * Universal Public Domain Dedication.
+ *
+ *
+ * This demonstrates a minimal mqtt client using secure streams api.
+ *
+ * It connects test.mosquitto.org and exchange MQTT messages.
+ *
+ */
+
+#include <libwebsockets.h>
+#include <string.h>
+#include <signal.h>
+
+#define TEST_CLIENT_ID "SN12345678"
+
+static int interrupted, bad = 1, test_nontls;
+static lws_state_notify_link_t nl;
+
+#if !defined(LWS_SS_USE_SSPC)
+static const char * const default_ss_policy =
+	"{"
+	  "\"release\":"			"\"01234567\","
+	  "\"product\":"			"\"myproduct\","
+	  "\"schema-version\":"			"1,"
+	  "\"retry\": ["	/* named backoff / retry strategies */
+		"{\"default\": {"
+			"\"backoff\": ["	 "1000,"
+						 "2000,"
+						 "3000,"
+						 "5000,"
+						"10000"
+				"],"
+			"\"conceal\":"		"5,"
+			"\"jitterpc\":"		"20,"
+			"\"svalidping\":"	"300,"
+			"\"svalidhup\":"	"310"
+		"}}"
+	  "],"
+	  "\"certs\": [" /* named individual certificates in BASE64 DER */
+		"{\"test_mosq_org\": \""
+		"MIIEAzCCAuugAwIBAgIUBY1hlCGvdj4NhBXkZ/uLUZNILAwwDQYJKoZIhvcNAQEL"
+		"BQAwgZAxCzAJBgNVBAYTAkdCMRcwFQYDVQQIDA5Vbml0ZWQgS2luZ2RvbTEOMAwG"
+		"A1UEBwwFRGVyYnkxEjAQBgNVBAoMCU1vc3F1aXR0bzELMAkGA1UECwwCQ0ExFjAU"
+		"BgNVBAMMDW1vc3F1aXR0by5vcmcxHzAdBgkqhkiG9w0BCQEWEHJvZ2VyQGF0Y2hv"
+		"by5vcmcwHhcNMjAwNjA5MTEwNjM5WhcNMzAwNjA3MTEwNjM5WjCBkDELMAkGA1UE"
+		"BhMCR0IxFzAVBgNVBAgMDlVuaXRlZCBLaW5nZG9tMQ4wDAYDVQQHDAVEZXJieTES"
+		"MBAGA1UECgwJTW9zcXVpdHRvMQswCQYDVQQLDAJDQTEWMBQGA1UEAwwNbW9zcXVp"
+		"dHRvLm9yZzEfMB0GCSqGSIb3DQEJARYQcm9nZXJAYXRjaG9vLm9yZzCCASIwDQYJ"
+		"KoZIhvcNAQEBBQADggEPADCCAQoCggEBAME0HKmIzfTOwkKLT3THHe+ObdizamPg"
+		"UZmD64Tf3zJdNeYGYn4CEXbyP6fy3tWc8S2boW6dzrH8SdFf9uo320GJA9B7U1FW"
+		"Te3xda/Lm3JFfaHjkWw7jBwcauQZjpGINHapHRlpiCZsquAthOgxW9SgDgYlGzEA"
+		"s06pkEFiMw+qDfLo/sxFKB6vQlFekMeCymjLCbNwPJyqyhFmPWwio/PDMruBTzPH"
+		"3cioBnrJWKXc3OjXdLGFJOfj7pP0j/dr2LH72eSvv3PQQFl90CZPFhrCUcRHSSxo"
+		"E6yjGOdnz7f6PveLIB574kQORwt8ePn0yidrTC1ictikED3nHYhMUOUCAwEAAaNT"
+		"MFEwHQYDVR0OBBYEFPVV6xBUFPiGKDyo5V3+Hbh4N9YSMB8GA1UdIwQYMBaAFPVV"
+		"6xBUFPiGKDyo5V3+Hbh4N9YSMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL"
+		"BQADggEBAGa9kS21N70ThM6/Hj9D7mbVxKLBjVWe2TPsGfbl3rEDfZ+OKRZ2j6AC"
+		"6r7jb4TZO3dzF2p6dgbrlU71Y/4K0TdzIjRj3cQ3KSm41JvUQ0hZ/c04iGDg/xWf"
+		"+pp58nfPAYwuerruPNWmlStWAXf0UTqRtg4hQDWBuUFDJTuWuuBvEXudz74eh/wK"
+		"sMwfu1HFvjy5Z0iMDU8PUDepjVolOCue9ashlS4EB5IECdSR2TItnAIiIwimx839"
+		"LdUdRudafMu5T5Xma182OC0/u/xRlEm+tvKGGmfFcN0piqVl8OrSPBgIlb+1IKJE"
+		"m/XriWr/Cq4h/JfB7NTsezVslgkBaoU="
+		"\"}"
+	  "],"
+	  "\"trust_stores\": [" /* named cert chains */
+		"{"
+			"\"name\": \"mosq_org\","
+			"\"stack\": ["
+				"\"test_mosq_org\""
+			"]"
+		"}"
+	  "],"
+	  "\"s\": [" /* the supported stream types */
+		"{\"mosq_nontls\": {"
+			"\"endpoint\":"		"\"test.mosquitto.org\","
+			"\"port\":"		"1883,"
+			"\"protocol\":"		"\"mqtt\","
+			"\"mqtt_topic\":"	"\"test/topic1\","
+			"\"mqtt_subscribe\":"	"\"test/topic1\","
+			"\"mqtt_qos\":"         "0,"
+			"\"retry\":"            "\"default\","
+	        	"\"mqtt_keep_alive\":"  "60,"
+			"\"mqtt_clean_start\":" "true,"
+			"\"mqtt_will_topic\":"  "\"good/bye\","
+			"\"mqtt_will_message\":" "\"sign-off\","
+			"\"mqtt_will_qos\":"    "0,"
+			"\"mqtt_will_retain\":" "0,"
+			"\"aws_iot\":" "false"
+		"}},"
+		"{\"mosq_tls\": {"
+			"\"endpoint\":"		"\"test.mosquitto.org\","
+			"\"port\":"		"8884,"
+			"\"tls\":"              "true,"
+			"\"client_cert\":"      "0,"
+			"\"tls_trust_store\":"  "\"mosq_org\","
+			"\"protocol\":"		"\"mqtt\","
+			"\"mqtt_topic\":"	"\"test/topic1\","
+			"\"mqtt_subscribe\":"	"\"test/topic1\","
+			"\"mqtt_qos\":"         "0,"
+			"\"retry\":"            "\"default\","
+	        	"\"mqtt_keep_alive\":"  "60,"
+			"\"mqtt_clean_start\":" "true,"
+			"\"mqtt_will_topic\":"  "\"good/bye\","
+			"\"mqtt_will_message\":" "\"sign-off\","
+			"\"mqtt_will_qos\":"    "0,"
+			"\"mqtt_will_retain\":" "0,"
+			"\"aws_iot\":" "false"
+		"}}"
+
+		"]"
+	"}"
+;
+#endif
+
+typedef struct myss {
+	struct lws_ss_handle 	*ss;
+	void			*opaque_data;
+	/* ... application specific state ... */
+	lws_sorted_usec_list_t sul;
+	size_t size;
+	int tx_count;
+} myss_t;
+
+static const uint8_t client_key[] = {
+	0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
+	0xd9, 0x64, 0x2a, 0x43, 0x48, 0x0d, 0xe0, 0x31, 0xa0, 0x2d, 0xc7, 0x4c, 
+	0x6d, 0xd0, 0x3a, 0x16, 0xe4, 0x90, 0x13, 0xfa, 0xb2, 0x04, 0x24, 0xf9,
+	0xd5, 0x3c, 0xa9, 0x5c, 0x77, 0x1a, 0xb3, 0x92, 0x64, 0xc0, 0x9f, 0x76,
+	0xfb, 0x4e, 0x83, 0x8c, 0x50, 0xa2, 0xa3, 0xd4, 0xff, 0xd3, 0x2f, 0x59,
+	0xb8, 0xee, 0x7a, 0x8f, 0xcd, 0x41, 0x6c, 0x38, 0xf1, 0x79, 0xc9, 0xe7, 
+	0x8b, 0xdd, 0xe6, 0x2e, 0x0c, 0xe4, 0x29, 0x5e, 0x3d, 0xf0, 0x7f, 0x36,
+	0x87, 0xeb, 0xce, 0xc5, 0xc4, 0xe1, 0x5c, 0x68, 0xed, 0x2b, 0x4e, 0xb0,
+	0xee, 0x96, 0xe8, 0xc1, 0xa9, 0xea, 0x85, 0x03, 0x7b, 0x2c, 0x6b, 0xf0,
+	0x7d, 0x98, 0x4b, 0x7a, 0xd2, 0x9d, 0x26, 0x31, 0x74, 0xf6, 0x21, 0x10, 
+	0x2f, 0x79, 0x7f, 0x79, 0x5d, 0x82, 0xb8, 0x10, 0x7d, 0x82, 0x52, 0xd0,
+	0xc2, 0x91, 0xc9, 0x9c, 0xa6, 0x38, 0x00, 0x6b, 0x56, 0x73, 0x41, 0x01,
+	0x6f, 0x67, 0x80, 0x3e, 0xfe, 0x18, 0x91, 0xa0, 0x9f, 0x12, 0x0b, 0x3e,
+	0x72, 0xed, 0xe2, 0xbd, 0x5e, 0xa6, 0xd1, 0xd3, 0xbf, 0x1a, 0x76, 0x98, 
+	0xd4, 0xab, 0xf7, 0x72, 0x52, 0x05, 0xc5, 0x1f, 0xb1, 0xcd, 0x61, 0xc5,
+	0x02, 0x60, 0xc9, 0x6d, 0xc1, 0xcb, 0x80, 0x39, 0x77, 0x0c, 0x99, 0xd6,
+	0xdd, 0x83, 0xd2, 0x9e, 0x71, 0xd7, 0x2d, 0x4a, 0xa4, 0x51, 0xd8, 0xb0,
+	0x71, 0xaf, 0xf6, 0x92, 0x45, 0x89, 0x4a, 0x5f, 0x3d, 0x66, 0x92, 0xda, 
+	0x7c, 0xc4, 0x14, 0x1b, 0x2c, 0x15, 0x61, 0xba, 0x95, 0xd3, 0xed, 0xe7,
+	0x7d, 0x75, 0x33, 0x43, 0xec, 0x9a, 0x15, 0x27, 0x12, 0xd2, 0x0b, 0x46,
+	0x9f, 0x0a, 0xb7, 0xb8, 0x6d, 0x8a, 0xe6, 0xb4, 0x57, 0x28, 0x12, 0x48,
+	0x33, 0x44, 0x45, 0x72, 0xe6, 0x92, 0xac, 0x1e, 0xca, 0xed, 0xb8, 0x0f, 
+	0xfb, 0x4f, 0x11, 0x6b, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
+	0x01, 0x00, 0xa3, 0x9f, 0x17, 0x8c, 0x42, 0x7c, 0x67, 0x25, 0x12, 0xe9,
+	0xc1, 0xda, 0xcd, 0xc0, 0x6f, 0x28, 0x71, 0xe9, 0xdb, 0x8f, 0xd2, 0x52,
+	0xfa, 0x3d, 0xac, 0x78, 0x97, 0x04, 0x88, 0x84, 0xe9, 0x69, 0xa3, 0x39, 
+	0xb4, 0x0c, 0x8a, 0xc4, 0x22, 0x91, 0x06, 0xd4, 0x13, 0x39, 0xab, 0x3f,
+	0x99, 0xa1, 0x0f, 0x67, 0x37, 0x8a, 0x6a, 0xb3, 0xf6, 0x2f, 0xb9, 0xd8,
+	0xaf, 0xd5, 0xfe, 0x59, 0x0a, 0xf9, 0xd8, 0x2c, 0x16, 0xd2, 0xdf, 0x0d,
+	0xd7, 0xc2, 0x04, 0x75, 0xc0, 0xd0, 0xec, 0x09, 0xaf, 0x53, 0x2e, 0x47, 
+	0x6d, 0x58, 0x10, 0x8c, 0x37, 0x2e, 0x24, 0xa4, 0xe6, 0x6e, 0xa3, 0x53,
+	0xe0, 0xfe, 0x46, 0x99, 0xcd, 0x1d, 0xe9, 0xcd, 0xec, 0x44, 0x47, 0x43,
+	0x45, 0xc9, 0x77, 0xe2, 0x1b, 0xc7, 0x0e, 0x51, 0xe8, 0x16, 0x49, 0x51,
+	0x40, 0xe1, 0xed, 0xc0, 0x6b, 0x1d, 0xe3, 0xa1, 0xbc, 0xf5, 0xa8, 0xf9, 
+	0x2c, 0xa6, 0x89, 0x6d, 0xfe, 0x60, 0x72, 0x1a, 0xa8, 0xc4, 0x5c, 0x7c,
+	0x5d, 0x46, 0x46, 0xfc, 0xc2, 0x91, 0x6e, 0x76, 0x90, 0x6c, 0x1d, 0xa8,
+	0x39, 0x94, 0xf9, 0x85, 0x46, 0x36, 0xa7, 0x5a, 0xa2, 0x84, 0x35, 0xf8,
+	0x1d, 0xb4, 0xa4, 0x3b, 0x83, 0x9a, 0xd2, 0x25, 0xa2, 0xcd, 0xca, 0x93, 
+	0xcf, 0x8a, 0xb6, 0x26, 0x25, 0x0e, 0x7c, 0xd9, 0x33, 0x5f, 0xf8, 0x8e,
+	0x59, 0x51, 0x88, 0x7b, 0x51, 0x0b, 0xdb, 0x72, 0x4b, 0xfe, 0x74, 0xe5,
+	0x77, 0x8e, 0xc9, 0xe3, 0x59, 0x28, 0xee, 0x20, 0x6f, 0xd2, 0x12, 0x5f,
+	0x6a, 0x55, 0xc4, 0x47, 0xd5, 0x20, 0xb6, 0x03, 0xb6, 0x97, 0xd2, 0xc1, 
+	0xa4, 0x1a, 0x4f, 0xec, 0x99, 0xe3, 0x98, 0xa7, 0x6c, 0xad, 0xd5, 0xb2,
+	0x99, 0xa3, 0xf8, 0x1a, 0x38, 0x5b, 0xbc, 0x9c, 0x80, 0x79, 0x1f, 0x48,
+	0x86, 0x09, 0xab, 0xfc, 0xd8, 0xd9, 0x02, 0x81, 0x81, 0x00, 0xff, 0xc1,
+	0xc0, 0x3c, 0xac, 0x68, 0xab, 0x38, 0xce, 0xc9, 0xbb, 0xa6, 0xb9, 0x6e, 
+	0x29, 0x09, 0xbe, 0xf5, 0x3a, 0xf6, 0xc5, 0x22, 0x88, 0xc7, 0x2a, 0xfc,
+	0x36, 0x7a, 0x6b, 0xbc, 0x90, 0x10, 0xe5, 0x27, 0x94, 0xc2, 0xa7, 0xf8,
+	0x78, 0x4c, 0x50, 0xe5, 0xde, 0x14, 0x58, 0xb0, 0x18, 0x95, 0x92, 0x84,
+	0x6e, 0x0c, 0x6d, 0xe6, 0x3a, 0x7e, 0x34, 0x99, 0x27, 0x4b, 0x85, 0x18, 
+	0xf3, 0x20, 0x96, 0xa8, 0x8a, 0x80, 0xb1, 0xd6, 0x53, 0x49, 0xfd, 0xc7,
+	0x44, 0x51, 0x6c, 0x7c, 0xa9, 0x20, 0x6e, 0xea, 0x4e, 0x5f, 0xce, 0xa4,
+	0x66, 0x94, 0xee, 0x75, 0xa9, 0xf7, 0xee, 0xe5, 0x19, 0x49, 0xf7, 0xb3,
+	0x15, 0xc3, 0x2a, 0x94, 0x19, 0x44, 0x31, 0xd2, 0x4f, 0xdc, 0x97, 0x50,
+	0x66, 0x93, 0xcc, 0x72, 0xc8, 0x73, 0x77, 0xfb, 0x78, 0xf2, 0xcb, 0xc1,
+	0x8b, 0xce, 0x36, 0x68, 0x8b, 0x5d, 0x02, 0x81, 0x81, 0x00, 0xd9, 0x99,
+	0x13, 0x88, 0xb5, 0x9f, 0xa5, 0x5f, 0xb2, 0x69, 0xdd, 0x83, 0x00, 0x56,
+	0x94, 0xfb, 0x91, 0x08, 0x73, 0x4e, 0x2b, 0x3e, 0x22, 0x79, 0x7f, 0x67, 
+	0x57, 0xd8, 0x84, 0x80, 0x9c, 0xb7, 0x92, 0xec, 0x73, 0x89, 0x5a, 0x20,
+	0x9f, 0x90, 0x61, 0x4e, 0x74, 0x18, 0x53, 0x6d, 0x39, 0x21, 0xb6, 0xad,
+	0x29, 0xea, 0x1d, 0xd1, 0xac, 0x62, 0x43, 0xdb, 0x13, 0xe2, 0x3c, 0x4f,
+	0x4a, 0xa6, 0x8a, 0x9e, 0x3f, 0x3a, 0x37, 0x55, 0x9c, 0xea, 0x6d, 0x76,
+	0xf5, 0x5f, 0x53, 0x0f, 0xb3, 0x08, 0xb1, 0x66, 0xa5, 0x21, 0x3b, 0x60,
+	0xf9, 0x4f, 0xc0, 0xbc, 0x12, 0x3e, 0x71, 0xdd, 0x36, 0x63, 0x0c, 0x92,
+	0x44, 0x9a, 0x19, 0x1f, 0x52, 0x45, 0x68, 0x57, 0xe3, 0xde, 0x87, 0xd3,
+	0x7b, 0x12, 0xa2, 0x9a, 0xbe, 0x47, 0xfc, 0x80, 0x34, 0x05, 0x0e, 0xfc, 
+	0xe5, 0x95, 0xec, 0x2a, 0x0b, 0x67, 0x02, 0x81, 0x81, 0x00, 0xd8, 0x22,
+	0x8c, 0xaa, 0xb9, 0xa8, 0xda, 0xc9, 0xef, 0x37, 0x5c, 0x75, 0xd1, 0x4e,
+	0xdf, 0x2f, 0x75, 0x49, 0x18, 0xc3, 0x62, 0x65, 0x84, 0xe1, 0x8b, 0xda,
+	0x08, 0xcf, 0xfc, 0x2c, 0x26, 0x33, 0xa0, 0xf4, 0x8a, 0x2a, 0xd6, 0x78, 
+	0x8c, 0x71, 0x32, 0x0c, 0x90, 0x58, 0xf1, 0x7a, 0x1f, 0xcc, 0x87, 0x3d,
+	0x93, 0x22, 0xbd, 0xdd, 0x4a, 0xa1, 0x4d, 0x22, 0x00, 0xab, 0x39, 0x97,
+	0x94, 0x1f, 0x7e, 0x32, 0x80, 0x99, 0xb1, 0xb0, 0x46, 0x42, 0xc9, 0x4c,
+	0x94, 0xd7, 0x9a, 0xae, 0xde, 0xde, 0xa1, 0xdd, 0x30, 0xce, 0x96, 0x7b, 
+	0x28, 0x95, 0xc3, 0xcf, 0x7c, 0x0c, 0x22, 0xbf, 0x49, 0x57, 0xd1, 0x14,
+	0x6e, 0xd7, 0xb8, 0x2b, 0xe0, 0x0e, 0x59, 0x6c, 0x3a, 0x41, 0x59, 0x3e,
+	0x80, 0xf1, 0x76, 0x5d, 0xaa, 0x38, 0xaa, 0xb4, 0xc1, 0xc9, 0xad, 0x97,
+	0xaa, 0xe6, 0x61, 0xe4, 0x87, 0xa1, 0x02, 0x81, 0x80, 0x60, 0xbc, 0xfd, 
+	0x42, 0x39, 0xfc, 0xcf, 0xb8, 0xcb, 0xc8, 0xe5, 0x01, 0xe8, 0x94, 0x95,
+	0x87, 0x81, 0xe3, 0x0f, 0xe0, 0x20, 0xb9, 0x6e, 0xfa, 0x34, 0xf9, 0xec,
+	0xc4, 0x05, 0xa4, 0x68, 0x07, 0xf4, 0xf9, 0xca, 0x23, 0xb6, 0x3d, 0xea,
+	0xb2, 0x75, 0x90, 0x3b, 0x6c, 0xd5, 0x2a, 0x29, 0xcc, 0x23, 0x3a, 0xb8, 
+	0xf7, 0xac, 0x6a, 0x1b, 0x09, 0x54, 0xc1, 0x81, 0x05, 0x83, 0x6a, 0x7c,
+	0xf5, 0xad, 0x8a, 0xcc, 0xf1, 0x44, 0xc8, 0x7b, 0x0a, 0x7d, 0xbf, 0xf5,
+	0x36, 0x7b, 0xe6, 0xee, 0xe1, 0x5e, 0x7d, 0x13, 0xcc, 0xc2, 0x69, 0x4a,
+	0x6d, 0x7a, 0x72, 0x22, 0x6a, 0x40, 0x94, 0xe8, 0x29, 0x00, 0xdd, 0xc6, 
+	0x41, 0xfc, 0x09, 0x40, 0xba, 0x3a, 0xb9, 0x58, 0x45, 0x06, 0x7d, 0xae,
+	0xa9, 0x8a, 0x40, 0xe1, 0x77, 0x7f, 0x7a, 0x3f, 0xa6, 0x40, 0x13, 0x8e,
+	0xbe, 0x28, 0x50, 0x48, 0xe1, 0x02, 0x81, 0x80, 0x29, 0x09, 0x92, 0xd7,
+	0x60, 0xb9, 0x05, 0xa9, 0xfb, 0xc7, 0x42, 0x58, 0xa2, 0x50, 0x64, 0x88, 
+	0xc8, 0xa5, 0xed, 0x2e, 0x9d, 0xb6, 0x78, 0xed, 0xd1, 0x17, 0x0d, 0xd7,
+	0x21, 0x6d, 0x8b, 0xff, 0x04, 0xe7, 0xe4, 0xc4, 0x45, 0x40, 0x73, 0xf8,
+	0x9d, 0xa1, 0x24, 0xb0, 0x11, 0x1c, 0x54, 0xce, 0xef, 0x70, 0xe9, 0xd5,
+	0x26, 0xc1, 0xd6, 0xce, 0xa6, 0x4b, 0x21, 0xc6, 0x19, 0x00, 0x8e, 0x89, 
+	0xe8, 0x8f, 0xb0, 0x11, 0x03, 0x00, 0xda, 0x5f, 0x9a, 0x53, 0x2a, 0x2b,
+	0x23, 0x01, 0xa9, 0x25, 0xe4, 0xbb, 0xf8, 0xf4, 0x15, 0x92, 0x95, 0xb1,
+	0xb1, 0x13, 0xff, 0xea, 0xb9, 0x2d, 0x86, 0xe3, 0xd8, 0xe0, 0x41, 0xe0,
+	0x7b, 0x18, 0x8d, 0x7a, 0x79, 0x10, 0x13, 0x0f, 0xfc, 0xca, 0x08, 0x4d,
+	0xa8, 0x9e, 0xcb, 0x66, 0x7c, 0x53, 0xea, 0xae, 0xee, 0xf1, 0x8b, 0x2f,
+	0x94, 0x08, 0x72, 0x7c
+};
+
+static const uint8_t client_cert_der[] = {
+	0x30, 0x82, 0x03, 0x9b, 0x30, 0x82, 0x02, 0x83, 0xa0, 0x03, 0x02, 0x01,
+	0x02, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 
+	0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x90, 0x31, 0x0b,
+	0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31,
+	0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x55, 0x6e,
+	0x69, 0x74, 0x65, 0x64, 0x20, 0x4b, 0x69, 0x6e, 0x67, 0x64, 0x6f, 0x6d, 
+	0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x05, 0x44,
+	0x65, 0x72, 0x62, 0x79, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
+	0x0a, 0x0c, 0x09, 0x4d, 0x6f, 0x73, 0x71, 0x75, 0x69, 0x74, 0x74, 0x6f,
+	0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x02, 0x43, 
+	0x41, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0d,
+	0x6d, 0x6f, 0x73, 0x71, 0x75, 0x69, 0x74, 0x74, 0x6f, 0x2e, 0x6f, 0x72,
+	0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+	0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x72, 0x6f, 0x67, 0x65, 0x72, 0x40, 
+	0x61, 0x74, 0x63, 0x68, 0x6f, 0x6f, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e,
+	0x17, 0x0d, 0x32, 0x31, 0x31, 0x31, 0x30, 0x33, 0x32, 0x32, 0x33, 0x39,
+	0x35, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x32, 0x30, 0x31, 0x32,
+	0x32, 0x33, 0x39, 0x35, 0x31, 0x5a, 0x30, 0x75, 0x31, 0x0b, 0x30, 0x09, 
+	0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
+	0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69,
+	0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
+	0x55, 0x04, 0x07, 0x0c, 0x09, 0x53, 0x75, 0x6e, 0x6e, 0x79, 0x76, 0x61, 
+	0x6c, 0x65, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+	0x0d, 0x6c, 0x69, 0x62, 0x77, 0x65, 0x62, 0x73, 0x6f, 0x63, 0x6b, 0x65,
+	0x74, 0x73, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+	0x0d, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x74, 0x72, 0x65, 
+	0x61, 0x6d, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+	0x04, 0x4d, 0x51, 0x54, 0x54, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06,
+	0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,
+	0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 
+	0x01, 0x00, 0xd9, 0x64, 0x2a, 0x43, 0x48, 0x0d, 0xe0, 0x31, 0xa0, 0x2d,
+	0xc7, 0x4c, 0x6d, 0xd0, 0x3a, 0x16, 0xe4, 0x90, 0x13, 0xfa, 0xb2, 0x04,
+	0x24, 0xf9, 0xd5, 0x3c, 0xa9, 0x5c, 0x77, 0x1a, 0xb3, 0x92, 0x64, 0xc0,
+	0x9f, 0x76, 0xfb, 0x4e, 0x83, 0x8c, 0x50, 0xa2, 0xa3, 0xd4, 0xff, 0xd3, 
+	0x2f, 0x59, 0xb8, 0xee, 0x7a, 0x8f, 0xcd, 0x41, 0x6c, 0x38, 0xf1, 0x79,
+	0xc9, 0xe7, 0x8b, 0xdd, 0xe6, 0x2e, 0x0c, 0xe4, 0x29, 0x5e, 0x3d, 0xf0,
+	0x7f, 0x36, 0x87, 0xeb, 0xce, 0xc5, 0xc4, 0xe1, 0x5c, 0x68, 0xed, 0x2b,
+	0x4e, 0xb0, 0xee, 0x96, 0xe8, 0xc1, 0xa9, 0xea, 0x85, 0x03, 0x7b, 0x2c, 
+	0x6b, 0xf0, 0x7d, 0x98, 0x4b, 0x7a, 0xd2, 0x9d, 0x26, 0x31, 0x74, 0xf6,
+	0x21, 0x10, 0x2f, 0x79, 0x7f, 0x79, 0x5d, 0x82, 0xb8, 0x10, 0x7d, 0x82,
+	0x52, 0xd0, 0xc2, 0x91, 0xc9, 0x9c, 0xa6, 0x38, 0x00, 0x6b, 0x56, 0x73,
+	0x41, 0x01, 0x6f, 0x67, 0x80, 0x3e, 0xfe, 0x18, 0x91, 0xa0, 0x9f, 0x12, 
+	0x0b, 0x3e, 0x72, 0xed, 0xe2, 0xbd, 0x5e, 0xa6, 0xd1, 0xd3, 0xbf, 0x1a,
+	0x76, 0x98, 0xd4, 0xab, 0xf7, 0x72, 0x52, 0x05, 0xc5, 0x1f, 0xb1, 0xcd,
+	0x61, 0xc5, 0x02, 0x60, 0xc9, 0x6d, 0xc1, 0xcb, 0x80, 0x39, 0x77, 0x0c,
+	0x99, 0xd6, 0xdd, 0x83, 0xd2, 0x9e, 0x71, 0xd7, 0x2d, 0x4a, 0xa4, 0x51, 
+	0xd8, 0xb0, 0x71, 0xaf, 0xf6, 0x92, 0x45, 0x89, 0x4a, 0x5f, 0x3d, 0x66,
+	0x92, 0xda, 0x7c, 0xc4, 0x14, 0x1b, 0x2c, 0x15, 0x61, 0xba, 0x95, 0xd3,
+	0xed, 0xe7, 0x7d, 0x75, 0x33, 0x43, 0xec, 0x9a, 0x15, 0x27, 0x12, 0xd2,
+	0x0b, 0x46, 0x9f, 0x0a, 0xb7, 0xb8, 0x6d, 0x8a, 0xe6, 0xb4, 0x57, 0x28, 
+	0x12, 0x48, 0x33, 0x44, 0x45, 0x72, 0xe6, 0x92, 0xac, 0x1e, 0xca, 0xed,
+	0xb8, 0x0f, 0xfb, 0x4f, 0x11, 0x6b, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
+	0x1a, 0x30, 0x18, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02,
+	0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 
+	0x02, 0x05, 0xe0, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+	0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x61,
+	0x85, 0x63, 0xdb, 0xf1, 0x2d, 0xa2, 0xa8, 0x6f, 0x38, 0xe6, 0x69, 0x65,
+	0x5e, 0xbe, 0x10, 0xc8, 0x53, 0xea, 0xfb, 0xef, 0xa1, 0x4d, 0x37, 0xb5, 
+	0x1c, 0x32, 0x08, 0xf9, 0x09, 0x7a, 0x92, 0x64, 0x25, 0x29, 0x1b, 0x8d,
+	0x67, 0x35, 0x28, 0xd1, 0x2e, 0x21, 0x6d, 0xd4, 0x5a, 0xa9, 0x32, 0xfd,
+	0xc1, 0x64, 0x30, 0x73, 0xd4, 0xd4, 0x4c, 0x60, 0x32, 0x34, 0xe5, 0x60,
+	0x1a, 0x2e, 0x37, 0x6d, 0x5e, 0xb4, 0x4f, 0x0a, 0xbe, 0xc9, 0x3f, 0xab, 
+	0xab, 0xd4, 0xd5, 0x90, 0xd0, 0x4f, 0x5f, 0x98, 0x4a, 0x11, 0x3d, 0xe3,
+	0xdd, 0xa2, 0x48, 0xf3, 0xec, 0xd3, 0xd4, 0x82, 0x5f, 0x8e, 0x52, 0x11,
+	0xe6, 0xa3, 0x86, 0x13, 0xf3, 0x21, 0x53, 0x65, 0x5a, 0x8c, 0x27, 0x18,
+	0xbf, 0x6a, 0x0a, 0x66, 0x05, 0x98, 0x01, 0x11, 0x62, 0x7b, 0xe0, 0x6b,
+	0xc3, 0x25, 0xcb, 0x4f, 0x14, 0x20, 0xf4, 0x2f, 0x59, 0x26, 0xc8, 0x5f,
+	0x87, 0x19, 0x92, 0xca, 0xea, 0xc7, 0xf9, 0x0c, 0x70, 0xa5, 0x4c, 0x99,
+	0x08, 0xd8, 0x20, 0xef, 0x60, 0x42, 0xdf, 0xec, 0x1d, 0xde, 0xdf, 0xd8,
+	0x19, 0x60, 0x05, 0x97, 0x26, 0x70, 0x6f, 0x92, 0xb7, 0xd1, 0x91, 0xd9, 
+	0x54, 0xf0, 0x68, 0x16, 0xf5, 0xb9, 0x94, 0x48, 0x3e, 0x6d, 0x5f, 0xd2,
+	0x11, 0xf2, 0x33, 0x7f, 0x6b, 0x1f, 0x08, 0x77, 0xe1, 0x82, 0x18, 0x04,
+	0x6c, 0x01, 0x39, 0xf9, 0x75, 0xcb, 0x9d, 0x87, 0x62, 0x11, 0x08, 0x15,
+	0xe3, 0xd6, 0x05, 0x79, 0x51, 0xa1, 0x51, 0xb9, 0x9b, 0x61, 0x52, 0x82,
+	0x9f, 0x8f, 0x1b, 0x39, 0xbb, 0xb5, 0xcd, 0xb2, 0x37, 0x74, 0xfd, 0x08,
+	0x85, 0xe7, 0x8f, 0xbd, 0xe1, 0xd0, 0x18, 0x57, 0xd0, 0x3d, 0xbb, 0x37,
+	0x80, 0xbf, 0x3e, 0x5f, 0x6f, 0x2a, 0x1b, 0x73, 0xc7, 0x41, 0xa7, 0x62,
+	0x9a, 0x9b, 0x7f
+};
+
+static void sul_cb(lws_sorted_usec_list_t* sul) {
+	myss_t* m = (myss_t*)lws_container_of(sul, myss_t, sul);
+	lws_ss_state_return_t ret;
+
+	ret = lws_ss_request_tx(m->ss);
+        if (ret != LWSSSSRET_OK || interrupted) {
+            return;
+        }
+
+	lws_sul_schedule(lws_ss_get_context(m->ss), 0, &m->sul, sul_cb,
+			 3 * LWS_USEC_PER_SEC);
+}
+
+/* secure streams payload interface */
+
+static lws_ss_state_return_t
+myss_rx(void *userobj, const uint8_t *buf, size_t len, int flags) {
+	lwsl_user("%s: len %d, flags: %d\n", __func__, (int)len, flags);
+	lwsl_hexdump_info(buf, len);
+
+	if (flags & LWSSS_FLAG_EOM) {
+		bad = 0;
+		interrupted = 1;
+	}
+
+	return LWSSSSRET_OK;
+}
+
+static lws_ss_state_return_t
+myss_tx(void *userobj, lws_ss_tx_ordinal_t ord, uint8_t *buf, size_t *len,
+	int *flags) {
+	myss_t* m = (myss_t*)userobj;
+	size_t os = m->size;
+	*flags = 0;
+
+	if (!m->size) {
+		lwsl_user("Start of message\n");
+ 		*flags |= LWSSS_FLAG_SOM;
+	}
+
+	*len = (size_t) lws_snprintf((char*)buf, *len, "{\"unixtime\":%lu}",
+				     (unsigned long)lws_now_secs());
+	*flags |= LWSSS_FLAG_EOM;
+	m->size = 0;
+
+	lwsl_user("%s: h: %p, [%d]sending %u - %u flags 0x%x\n", __func__, m->ss,
+		  m->tx_count, (unsigned int)os, (unsigned int)(os + *len),
+		  *flags);
+
+	return LWSSSSRET_OK;
+}
+
+static lws_ss_state_return_t
+myss_state(void *userobj, void *sh, lws_ss_constate_t state,
+		lws_ss_tx_ordinal_t ack) {
+	myss_t *m = (myss_t *)userobj;
+
+	lwsl_user("%s: %s, ord 0x%x\n", __func__, lws_ss_state_name((int)state),
+		  (unsigned int)ack);
+
+	switch (state) {
+	case LWSSSCS_CREATING:
+		return lws_ss_request_tx(m->ss);
+	case LWSSSCS_CONNECTED:
+		lws_sul_schedule(lws_ss_get_context(m->ss), 0, &m->sul, sul_cb,
+ 				 1 * LWS_USEC_PER_SEC);
+		break;
+	case LWSSSCS_DESTROYING:
+		lws_sul_schedule(lws_ss_get_context(m->ss), 0, &m->sul, sul_cb,
+ 				 LWS_SET_TIMER_USEC_CANCEL);
+		break;
+
+	case LWSSSCS_ALL_RETRIES_FAILED:
+		/* if we're out of retries, we want to close the app and FAIL */
+		interrupted = 1;
+		break;
+	default:
+		break;
+	}
+
+	return 0;
+}
+
+static int
+app_system_state_nf(lws_state_manager_t *mgr, lws_state_notify_link_t *link,
+		    int current, int target)
+{
+	struct lws_context *context = lws_system_context_from_system_mgr(mgr);
+	/*
+	 * For the things we care about, let's notice if we are trying to get
+	 * past them when we haven't solved them yet, and make the system
+	 * state wait while we trigger the dependent action.
+	 */
+	switch (target) {
+
+#if !defined(LWS_SS_USE_SSPC)
+
+	/*
+	 * The proxy takes responsibility for this stuff if we get things
+	 * done through that
+	 */
+
+	case LWS_SYSTATE_INITIALIZED: /* overlay on the hardcoded policy */
+	case LWS_SYSTATE_POLICY_VALID: /* overlay on the loaded policy */
+
+		if (target != current)
+			break;
+
+	case LWS_SYSTATE_REGISTERED:
+		break;
+#endif
+
+	case LWS_SYSTATE_OPERATIONAL:
+		if (current == LWS_SYSTATE_OPERATIONAL) {
+			lws_ss_info_t ssi;
+
+			/* We're making an outgoing secure stream ourselves */
+
+			memset(&ssi, 0, sizeof(ssi));
+			ssi.handle_offset = offsetof(myss_t, ss);
+			ssi.opaque_user_data_offset = offsetof(myss_t,
+							       opaque_data);
+			ssi.rx = myss_rx;
+			ssi.tx = myss_tx;
+			ssi.state = myss_state;
+			ssi.user_alloc = sizeof(myss_t);
+			ssi.streamtype = test_nontls ? "mosq_nontls" : "mosq_tls";
+
+			if (lws_ss_create(context, 0, &ssi, NULL, NULL,
+					  NULL, NULL)) {
+				lwsl_err("%s: failed to create secure stream\n",
+					 __func__);
+				interrupted = 1;
+				lws_cancel_service(context);
+				return -1;
+			}
+		}
+		break;
+	}
+
+	return 0;
+}
+
+static lws_state_notify_link_t * const app_notifier_list[] = {
+	&nl, NULL
+};
+
+static void
+sigint_handler(int sig)
+{
+	interrupted = 1;
+}
+
+int main(int argc, const char **argv)
+{
+	struct lws_context_creation_info info;
+	struct lws_context *context;
+	int n = 0, expected = 0;
+	const char *p;
+
+	signal(SIGINT, sigint_handler);
+
+	memset(&info, 0, sizeof info);
+	lws_cmdline_option_handle_builtin(argc, argv, &info);
+
+	lwsl_user("LWS secure streams mqtt test client [-d<verb>]\n");
+
+	/* these options are mutually exclusive if given */
+	if (lws_cmdline_option(argc, argv, "--nontls"))
+		test_nontls = 1;
+
+	info.fd_limit_per_thread = 1 + 6 + 1;
+	info.port = CONTEXT_PORT_NO_LISTEN;
+#if defined(LWS_SS_USE_SSPC)
+	info.protocols = lws_sspc_protocols;
+#else
+	info.pss_policies_json = default_ss_policy;
+	info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS |
+		       LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW |
+		       LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
+#endif
+
+	/* integrate us with lws system state management when context created */
+	nl.name = "app";
+	nl.notify_cb = app_system_state_nf;
+	info.register_notifier_list = app_notifier_list;
+
+	/* create the context */
+	context = lws_create_context(&info);
+	if (!context) {
+		lwsl_err("lws init failed\n");
+		goto bail;
+	}
+
+	/*
+	 * Set the related lws_system blobs
+	 *
+	 * ...direct_set() sets a pointer, so the thing pointed to has to have
+	 * a suitable lifetime, eg, something that already exists on the heap or
+	 * a const string in .rodata like this
+	 */
+
+	lws_system_blob_direct_set(
+			lws_system_get_blob(context, LWS_SYSBLOB_TYPE_MQTT_CLIENT_ID, 0),
+			(const uint8_t*)TEST_CLIENT_ID, strlen(TEST_CLIENT_ID));
+
+	lws_system_blob_direct_set(
+			lws_system_get_blob(context, LWS_SYSBLOB_TYPE_CLIENT_CERT_DER, 0),
+			client_cert_der, sizeof(client_cert_der));
+
+	lws_system_blob_direct_set(
+			lws_system_get_blob(context, LWS_SYSBLOB_TYPE_CLIENT_KEY_DER, 0),
+			client_key, sizeof(client_key));
+
+	/* the event loop */
+	while (n >= 0 && !interrupted)
+		n = lws_service(context, 0);
+
+	lws_context_destroy(context);
+
+bail:
+	if ((p = lws_cmdline_option(argc, argv, "--expected-exit")))
+		expected = atoi(p);
+
+	if (bad == expected) {
+		lwsl_user("Completed: OK (seen expected %d)\n", expected);
+		return 0;
+	} else
+		lwsl_err("Completed: failed: exit %d, expected %d\n", bad, expected);
+
+	return 1;
+}
diff --git a/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-proxy/main.c b/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-proxy/main.c
index 0e1fbb59b..9ff4d0d1a 100644
--- a/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-proxy/main.c
+++ b/minimal-examples-lowlevel/secure-streams/minimal-secure-streams-proxy/main.c
@@ -31,15 +31,20 @@
 #include <assert.h>
 #endif
 
+#define TEST_CLIENT_ID "SN12345678"
+
 static int interrupted, bad = 1, port = 0 /* unix domain socket */;
 static const char *ibind = NULL; /* default to unix domain skt "proxy.ss.lws" */
 static lws_state_notify_link_t nl;
 static struct lws_context *context;
 
 /*
- * We just define enough policy so it can fetch the latest one securely
+ * We just define enough policy so it can fetch the latest one securely.
+ *
+ * If using SSPC, we use the proxy's policy, not this
  */
 
+
 static const char * const default_ss_policy =
 	"{"
 	  "\"release\":"			"\"01234567\","
@@ -150,6 +155,190 @@ static char *aws_keyid = NULL,
 	    *aws_key = NULL;
 #endif
 
+static const uint8_t client_key[] = {
+	0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
+	0xd9, 0x64, 0x2a, 0x43, 0x48, 0x0d, 0xe0, 0x31, 0xa0, 0x2d, 0xc7, 0x4c, 
+	0x6d, 0xd0, 0x3a, 0x16, 0xe4, 0x90, 0x13, 0xfa, 0xb2, 0x04, 0x24, 0xf9,
+	0xd5, 0x3c, 0xa9, 0x5c, 0x77, 0x1a, 0xb3, 0x92, 0x64, 0xc0, 0x9f, 0x76,
+	0xfb, 0x4e, 0x83, 0x8c, 0x50, 0xa2, 0xa3, 0xd4, 0xff, 0xd3, 0x2f, 0x59,
+	0xb8, 0xee, 0x7a, 0x8f, 0xcd, 0x41, 0x6c, 0x38, 0xf1, 0x79, 0xc9, 0xe7, 
+	0x8b, 0xdd, 0xe6, 0x2e, 0x0c, 0xe4, 0x29, 0x5e, 0x3d, 0xf0, 0x7f, 0x36,
+	0x87, 0xeb, 0xce, 0xc5, 0xc4, 0xe1, 0x5c, 0x68, 0xed, 0x2b, 0x4e, 0xb0,
+	0xee, 0x96, 0xe8, 0xc1, 0xa9, 0xea, 0x85, 0x03, 0x7b, 0x2c, 0x6b, 0xf0,
+	0x7d, 0x98, 0x4b, 0x7a, 0xd2, 0x9d, 0x26, 0x31, 0x74, 0xf6, 0x21, 0x10, 
+	0x2f, 0x79, 0x7f, 0x79, 0x5d, 0x82, 0xb8, 0x10, 0x7d, 0x82, 0x52, 0xd0,
+	0xc2, 0x91, 0xc9, 0x9c, 0xa6, 0x38, 0x00, 0x6b, 0x56, 0x73, 0x41, 0x01,
+	0x6f, 0x67, 0x80, 0x3e, 0xfe, 0x18, 0x91, 0xa0, 0x9f, 0x12, 0x0b, 0x3e,
+	0x72, 0xed, 0xe2, 0xbd, 0x5e, 0xa6, 0xd1, 0xd3, 0xbf, 0x1a, 0x76, 0x98, 
+	0xd4, 0xab, 0xf7, 0x72, 0x52, 0x05, 0xc5, 0x1f, 0xb1, 0xcd, 0x61, 0xc5,
+	0x02, 0x60, 0xc9, 0x6d, 0xc1, 0xcb, 0x80, 0x39, 0x77, 0x0c, 0x99, 0xd6,
+	0xdd, 0x83, 0xd2, 0x9e, 0x71, 0xd7, 0x2d, 0x4a, 0xa4, 0x51, 0xd8, 0xb0,
+	0x71, 0xaf, 0xf6, 0x92, 0x45, 0x89, 0x4a, 0x5f, 0x3d, 0x66, 0x92, 0xda, 
+	0x7c, 0xc4, 0x14, 0x1b, 0x2c, 0x15, 0x61, 0xba, 0x95, 0xd3, 0xed, 0xe7,
+	0x7d, 0x75, 0x33, 0x43, 0xec, 0x9a, 0x15, 0x27, 0x12, 0xd2, 0x0b, 0x46,
+	0x9f, 0x0a, 0xb7, 0xb8, 0x6d, 0x8a, 0xe6, 0xb4, 0x57, 0x28, 0x12, 0x48,
+	0x33, 0x44, 0x45, 0x72, 0xe6, 0x92, 0xac, 0x1e, 0xca, 0xed, 0xb8, 0x0f, 
+	0xfb, 0x4f, 0x11, 0x6b, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
+	0x01, 0x00, 0xa3, 0x9f, 0x17, 0x8c, 0x42, 0x7c, 0x67, 0x25, 0x12, 0xe9,
+	0xc1, 0xda, 0xcd, 0xc0, 0x6f, 0x28, 0x71, 0xe9, 0xdb, 0x8f, 0xd2, 0x52,
+	0xfa, 0x3d, 0xac, 0x78, 0x97, 0x04, 0x88, 0x84, 0xe9, 0x69, 0xa3, 0x39, 
+	0xb4, 0x0c, 0x8a, 0xc4, 0x22, 0x91, 0x06, 0xd4, 0x13, 0x39, 0xab, 0x3f,
+	0x99, 0xa1, 0x0f, 0x67, 0x37, 0x8a, 0x6a, 0xb3, 0xf6, 0x2f, 0xb9, 0xd8,
+	0xaf, 0xd5, 0xfe, 0x59, 0x0a, 0xf9, 0xd8, 0x2c, 0x16, 0xd2, 0xdf, 0x0d,
+	0xd7, 0xc2, 0x04, 0x75, 0xc0, 0xd0, 0xec, 0x09, 0xaf, 0x53, 0x2e, 0x47, 
+	0x6d, 0x58, 0x10, 0x8c, 0x37, 0x2e, 0x24, 0xa4, 0xe6, 0x6e, 0xa3, 0x53,
+	0xe0, 0xfe, 0x46, 0x99, 0xcd, 0x1d, 0xe9, 0xcd, 0xec, 0x44, 0x47, 0x43,
+	0x45, 0xc9, 0x77, 0xe2, 0x1b, 0xc7, 0x0e, 0x51, 0xe8, 0x16, 0x49, 0x51,
+	0x40, 0xe1, 0xed, 0xc0, 0x6b, 0x1d, 0xe3, 0xa1, 0xbc, 0xf5, 0xa8, 0xf9, 
+	0x2c, 0xa6, 0x89, 0x6d, 0xfe, 0x60, 0x72, 0x1a, 0xa8, 0xc4, 0x5c, 0x7c,
+	0x5d, 0x46, 0x46, 0xfc, 0xc2, 0x91, 0x6e, 0x76, 0x90, 0x6c, 0x1d, 0xa8,
+	0x39, 0x94, 0xf9, 0x85, 0x46, 0x36, 0xa7, 0x5a, 0xa2, 0x84, 0x35, 0xf8,
+	0x1d, 0xb4, 0xa4, 0x3b, 0x83, 0x9a, 0xd2, 0x25, 0xa2, 0xcd, 0xca, 0x93, 
+	0xcf, 0x8a, 0xb6, 0x26, 0x25, 0x0e, 0x7c, 0xd9, 0x33, 0x5f, 0xf8, 0x8e,
+	0x59, 0x51, 0x88, 0x7b, 0x51, 0x0b, 0xdb, 0x72, 0x4b, 0xfe, 0x74, 0xe5,
+	0x77, 0x8e, 0xc9, 0xe3, 0x59, 0x28, 0xee, 0x20, 0x6f, 0xd2, 0x12, 0x5f,
+	0x6a, 0x55, 0xc4, 0x47, 0xd5, 0x20, 0xb6, 0x03, 0xb6, 0x97, 0xd2, 0xc1, 
+	0xa4, 0x1a, 0x4f, 0xec, 0x99, 0xe3, 0x98, 0xa7, 0x6c, 0xad, 0xd5, 0xb2,
+	0x99, 0xa3, 0xf8, 0x1a, 0x38, 0x5b, 0xbc, 0x9c, 0x80, 0x79, 0x1f, 0x48,
+	0x86, 0x09, 0xab, 0xfc, 0xd8, 0xd9, 0x02, 0x81, 0x81, 0x00, 0xff, 0xc1,
+	0xc0, 0x3c, 0xac, 0x68, 0xab, 0x38, 0xce, 0xc9, 0xbb, 0xa6, 0xb9, 0x6e, 
+	0x29, 0x09, 0xbe, 0xf5, 0x3a, 0xf6, 0xc5, 0x22, 0x88, 0xc7, 0x2a, 0xfc,
+	0x36, 0x7a, 0x6b, 0xbc, 0x90, 0x10, 0xe5, 0x27, 0x94, 0xc2, 0xa7, 0xf8,
+	0x78, 0x4c, 0x50, 0xe5, 0xde, 0x14, 0x58, 0xb0, 0x18, 0x95, 0x92, 0x84,
+	0x6e, 0x0c, 0x6d, 0xe6, 0x3a, 0x7e, 0x34, 0x99, 0x27, 0x4b, 0x85, 0x18, 
+	0xf3, 0x20, 0x96, 0xa8, 0x8a, 0x80, 0xb1, 0xd6, 0x53, 0x49, 0xfd, 0xc7,
+	0x44, 0x51, 0x6c, 0x7c, 0xa9, 0x20, 0x6e, 0xea, 0x4e, 0x5f, 0xce, 0xa4,
+	0x66, 0x94, 0xee, 0x75, 0xa9, 0xf7, 0xee, 0xe5, 0x19, 0x49, 0xf7, 0xb3,
+	0x15, 0xc3, 0x2a, 0x94, 0x19, 0x44, 0x31, 0xd2, 0x4f, 0xdc, 0x97, 0x50,
+	0x66, 0x93, 0xcc, 0x72, 0xc8, 0x73, 0x77, 0xfb, 0x78, 0xf2, 0xcb, 0xc1,
+	0x8b, 0xce, 0x36, 0x68, 0x8b, 0x5d, 0x02, 0x81, 0x81, 0x00, 0xd9, 0x99,
+	0x13, 0x88, 0xb5, 0x9f, 0xa5, 0x5f, 0xb2, 0x69, 0xdd, 0x83, 0x00, 0x56,
+	0x94, 0xfb, 0x91, 0x08, 0x73, 0x4e, 0x2b, 0x3e, 0x22, 0x79, 0x7f, 0x67, 
+	0x57, 0xd8, 0x84, 0x80, 0x9c, 0xb7, 0x92, 0xec, 0x73, 0x89, 0x5a, 0x20,
+	0x9f, 0x90, 0x61, 0x4e, 0x74, 0x18, 0x53, 0x6d, 0x39, 0x21, 0xb6, 0xad,
+	0x29, 0xea, 0x1d, 0xd1, 0xac, 0x62, 0x43, 0xdb, 0x13, 0xe2, 0x3c, 0x4f,
+	0x4a, 0xa6, 0x8a, 0x9e, 0x3f, 0x3a, 0x37, 0x55, 0x9c, 0xea, 0x6d, 0x76,
+	0xf5, 0x5f, 0x53, 0x0f, 0xb3, 0x08, 0xb1, 0x66, 0xa5, 0x21, 0x3b, 0x60,
+	0xf9, 0x4f, 0xc0, 0xbc, 0x12, 0x3e, 0x71, 0xdd, 0x36, 0x63, 0x0c, 0x92,
+	0x44, 0x9a, 0x19, 0x1f, 0x52, 0x45, 0x68, 0x57, 0xe3, 0xde, 0x87, 0xd3,
+	0x7b, 0x12, 0xa2, 0x9a, 0xbe, 0x47, 0xfc, 0x80, 0x34, 0x05, 0x0e, 0xfc, 
+	0xe5, 0x95, 0xec, 0x2a, 0x0b, 0x67, 0x02, 0x81, 0x81, 0x00, 0xd8, 0x22,
+	0x8c, 0xaa, 0xb9, 0xa8, 0xda, 0xc9, 0xef, 0x37, 0x5c, 0x75, 0xd1, 0x4e,
+	0xdf, 0x2f, 0x75, 0x49, 0x18, 0xc3, 0x62, 0x65, 0x84, 0xe1, 0x8b, 0xda,
+	0x08, 0xcf, 0xfc, 0x2c, 0x26, 0x33, 0xa0, 0xf4, 0x8a, 0x2a, 0xd6, 0x78, 
+	0x8c, 0x71, 0x32, 0x0c, 0x90, 0x58, 0xf1, 0x7a, 0x1f, 0xcc, 0x87, 0x3d,
+	0x93, 0x22, 0xbd, 0xdd, 0x4a, 0xa1, 0x4d, 0x22, 0x00, 0xab, 0x39, 0x97,
+	0x94, 0x1f, 0x7e, 0x32, 0x80, 0x99, 0xb1, 0xb0, 0x46, 0x42, 0xc9, 0x4c,
+	0x94, 0xd7, 0x9a, 0xae, 0xde, 0xde, 0xa1, 0xdd, 0x30, 0xce, 0x96, 0x7b, 
+	0x28, 0x95, 0xc3, 0xcf, 0x7c, 0x0c, 0x22, 0xbf, 0x49, 0x57, 0xd1, 0x14,
+	0x6e, 0xd7, 0xb8, 0x2b, 0xe0, 0x0e, 0x59, 0x6c, 0x3a, 0x41, 0x59, 0x3e,
+	0x80, 0xf1, 0x76, 0x5d, 0xaa, 0x38, 0xaa, 0xb4, 0xc1, 0xc9, 0xad, 0x97,
+	0xaa, 0xe6, 0x61, 0xe4, 0x87, 0xa1, 0x02, 0x81, 0x80, 0x60, 0xbc, 0xfd, 
+	0x42, 0x39, 0xfc, 0xcf, 0xb8, 0xcb, 0xc8, 0xe5, 0x01, 0xe8, 0x94, 0x95,
+	0x87, 0x81, 0xe3, 0x0f, 0xe0, 0x20, 0xb9, 0x6e, 0xfa, 0x34, 0xf9, 0xec,
+	0xc4, 0x05, 0xa4, 0x68, 0x07, 0xf4, 0xf9, 0xca, 0x23, 0xb6, 0x3d, 0xea,
+	0xb2, 0x75, 0x90, 0x3b, 0x6c, 0xd5, 0x2a, 0x29, 0xcc, 0x23, 0x3a, 0xb8, 
+	0xf7, 0xac, 0x6a, 0x1b, 0x09, 0x54, 0xc1, 0x81, 0x05, 0x83, 0x6a, 0x7c,
+	0xf5, 0xad, 0x8a, 0xcc, 0xf1, 0x44, 0xc8, 0x7b, 0x0a, 0x7d, 0xbf, 0xf5,
+	0x36, 0x7b, 0xe6, 0xee, 0xe1, 0x5e, 0x7d, 0x13, 0xcc, 0xc2, 0x69, 0x4a,
+	0x6d, 0x7a, 0x72, 0x22, 0x6a, 0x40, 0x94, 0xe8, 0x29, 0x00, 0xdd, 0xc6, 
+	0x41, 0xfc, 0x09, 0x40, 0xba, 0x3a, 0xb9, 0x58, 0x45, 0x06, 0x7d, 0xae,
+	0xa9, 0x8a, 0x40, 0xe1, 0x77, 0x7f, 0x7a, 0x3f, 0xa6, 0x40, 0x13, 0x8e,
+	0xbe, 0x28, 0x50, 0x48, 0xe1, 0x02, 0x81, 0x80, 0x29, 0x09, 0x92, 0xd7,
+	0x60, 0xb9, 0x05, 0xa9, 0xfb, 0xc7, 0x42, 0x58, 0xa2, 0x50, 0x64, 0x88, 
+	0xc8, 0xa5, 0xed, 0x2e, 0x9d, 0xb6, 0x78, 0xed, 0xd1, 0x17, 0x0d, 0xd7,
+	0x21, 0x6d, 0x8b, 0xff, 0x04, 0xe7, 0xe4, 0xc4, 0x45, 0x40, 0x73, 0xf8,
+	0x9d, 0xa1, 0x24, 0xb0, 0x11, 0x1c, 0x54, 0xce, 0xef, 0x70, 0xe9, 0xd5,
+	0x26, 0xc1, 0xd6, 0xce, 0xa6, 0x4b, 0x21, 0xc6, 0x19, 0x00, 0x8e, 0x89, 
+	0xe8, 0x8f, 0xb0, 0x11, 0x03, 0x00, 0xda, 0x5f, 0x9a, 0x53, 0x2a, 0x2b,
+	0x23, 0x01, 0xa9, 0x25, 0xe4, 0xbb, 0xf8, 0xf4, 0x15, 0x92, 0x95, 0xb1,
+	0xb1, 0x13, 0xff, 0xea, 0xb9, 0x2d, 0x86, 0xe3, 0xd8, 0xe0, 0x41, 0xe0,
+	0x7b, 0x18, 0x8d, 0x7a, 0x79, 0x10, 0x13, 0x0f, 0xfc, 0xca, 0x08, 0x4d,
+	0xa8, 0x9e, 0xcb, 0x66, 0x7c, 0x53, 0xea, 0xae, 0xee, 0xf1, 0x8b, 0x2f,
+	0x94, 0x08, 0x72, 0x7c
+};
+
+static const uint8_t client_cert_der[] = {
+	0x30, 0x82, 0x03, 0x9b, 0x30, 0x82, 0x02, 0x83, 0xa0, 0x03, 0x02, 0x01,
+	0x02, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 
+	0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x90, 0x31, 0x0b,
+	0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31,
+	0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0e, 0x55, 0x6e,
+	0x69, 0x74, 0x65, 0x64, 0x20, 0x4b, 0x69, 0x6e, 0x67, 0x64, 0x6f, 0x6d, 
+	0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x05, 0x44,
+	0x65, 0x72, 0x62, 0x79, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04,
+	0x0a, 0x0c, 0x09, 0x4d, 0x6f, 0x73, 0x71, 0x75, 0x69, 0x74, 0x74, 0x6f,
+	0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x02, 0x43, 
+	0x41, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0d,
+	0x6d, 0x6f, 0x73, 0x71, 0x75, 0x69, 0x74, 0x74, 0x6f, 0x2e, 0x6f, 0x72,
+	0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+	0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x72, 0x6f, 0x67, 0x65, 0x72, 0x40, 
+	0x61, 0x74, 0x63, 0x68, 0x6f, 0x6f, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e,
+	0x17, 0x0d, 0x32, 0x31, 0x31, 0x31, 0x30, 0x33, 0x32, 0x32, 0x33, 0x39,
+	0x35, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x32, 0x30, 0x31, 0x32,
+	0x32, 0x33, 0x39, 0x35, 0x31, 0x5a, 0x30, 0x75, 0x31, 0x0b, 0x30, 0x09, 
+	0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
+	0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69,
+	0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03,
+	0x55, 0x04, 0x07, 0x0c, 0x09, 0x53, 0x75, 0x6e, 0x6e, 0x79, 0x76, 0x61, 
+	0x6c, 0x65, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c,
+	0x0d, 0x6c, 0x69, 0x62, 0x77, 0x65, 0x62, 0x73, 0x6f, 0x63, 0x6b, 0x65,
+	0x74, 0x73, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+	0x0d, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x74, 0x72, 0x65, 
+	0x61, 0x6d, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+	0x04, 0x4d, 0x51, 0x54, 0x54, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06,
+	0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,
+	0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 
+	0x01, 0x00, 0xd9, 0x64, 0x2a, 0x43, 0x48, 0x0d, 0xe0, 0x31, 0xa0, 0x2d,
+	0xc7, 0x4c, 0x6d, 0xd0, 0x3a, 0x16, 0xe4, 0x90, 0x13, 0xfa, 0xb2, 0x04,
+	0x24, 0xf9, 0xd5, 0x3c, 0xa9, 0x5c, 0x77, 0x1a, 0xb3, 0x92, 0x64, 0xc0,
+	0x9f, 0x76, 0xfb, 0x4e, 0x83, 0x8c, 0x50, 0xa2, 0xa3, 0xd4, 0xff, 0xd3, 
+	0x2f, 0x59, 0xb8, 0xee, 0x7a, 0x8f, 0xcd, 0x41, 0x6c, 0x38, 0xf1, 0x79,
+	0xc9, 0xe7, 0x8b, 0xdd, 0xe6, 0x2e, 0x0c, 0xe4, 0x29, 0x5e, 0x3d, 0xf0,
+	0x7f, 0x36, 0x87, 0xeb, 0xce, 0xc5, 0xc4, 0xe1, 0x5c, 0x68, 0xed, 0x2b,
+	0x4e, 0xb0, 0xee, 0x96, 0xe8, 0xc1, 0xa9, 0xea, 0x85, 0x03, 0x7b, 0x2c, 
+	0x6b, 0xf0, 0x7d, 0x98, 0x4b, 0x7a, 0xd2, 0x9d, 0x26, 0x31, 0x74, 0xf6,
+	0x21, 0x10, 0x2f, 0x79, 0x7f, 0x79, 0x5d, 0x82, 0xb8, 0x10, 0x7d, 0x82,
+	0x52, 0xd0, 0xc2, 0x91, 0xc9, 0x9c, 0xa6, 0x38, 0x00, 0x6b, 0x56, 0x73,
+	0x41, 0x01, 0x6f, 0x67, 0x80, 0x3e, 0xfe, 0x18, 0x91, 0xa0, 0x9f, 0x12, 
+	0x0b, 0x3e, 0x72, 0xed, 0xe2, 0xbd, 0x5e, 0xa6, 0xd1, 0xd3, 0xbf, 0x1a,
+	0x76, 0x98, 0xd4, 0xab, 0xf7, 0x72, 0x52, 0x05, 0xc5, 0x1f, 0xb1, 0xcd,
+	0x61, 0xc5, 0x02, 0x60, 0xc9, 0x6d, 0xc1, 0xcb, 0x80, 0x39, 0x77, 0x0c,
+	0x99, 0xd6, 0xdd, 0x83, 0xd2, 0x9e, 0x71, 0xd7, 0x2d, 0x4a, 0xa4, 0x51, 
+	0xd8, 0xb0, 0x71, 0xaf, 0xf6, 0x92, 0x45, 0x89, 0x4a, 0x5f, 0x3d, 0x66,
+	0x92, 0xda, 0x7c, 0xc4, 0x14, 0x1b, 0x2c, 0x15, 0x61, 0xba, 0x95, 0xd3,
+	0xed, 0xe7, 0x7d, 0x75, 0x33, 0x43, 0xec, 0x9a, 0x15, 0x27, 0x12, 0xd2,
+	0x0b, 0x46, 0x9f, 0x0a, 0xb7, 0xb8, 0x6d, 0x8a, 0xe6, 0xb4, 0x57, 0x28, 
+	0x12, 0x48, 0x33, 0x44, 0x45, 0x72, 0xe6, 0x92, 0xac, 0x1e, 0xca, 0xed,
+	0xb8, 0x0f, 0xfb, 0x4f, 0x11, 0x6b, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
+	0x1a, 0x30, 0x18, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02,
+	0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 
+	0x02, 0x05, 0xe0, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+	0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x61,
+	0x85, 0x63, 0xdb, 0xf1, 0x2d, 0xa2, 0xa8, 0x6f, 0x38, 0xe6, 0x69, 0x65,
+	0x5e, 0xbe, 0x10, 0xc8, 0x53, 0xea, 0xfb, 0xef, 0xa1, 0x4d, 0x37, 0xb5, 
+	0x1c, 0x32, 0x08, 0xf9, 0x09, 0x7a, 0x92, 0x64, 0x25, 0x29, 0x1b, 0x8d,
+	0x67, 0x35, 0x28, 0xd1, 0x2e, 0x21, 0x6d, 0xd4, 0x5a, 0xa9, 0x32, 0xfd,
+	0xc1, 0x64, 0x30, 0x73, 0xd4, 0xd4, 0x4c, 0x60, 0x32, 0x34, 0xe5, 0x60,
+	0x1a, 0x2e, 0x37, 0x6d, 0x5e, 0xb4, 0x4f, 0x0a, 0xbe, 0xc9, 0x3f, 0xab, 
+	0xab, 0xd4, 0xd5, 0x90, 0xd0, 0x4f, 0x5f, 0x98, 0x4a, 0x11, 0x3d, 0xe3,
+	0xdd, 0xa2, 0x48, 0xf3, 0xec, 0xd3, 0xd4, 0x82, 0x5f, 0x8e, 0x52, 0x11,
+	0xe6, 0xa3, 0x86, 0x13, 0xf3, 0x21, 0x53, 0x65, 0x5a, 0x8c, 0x27, 0x18,
+	0xbf, 0x6a, 0x0a, 0x66, 0x05, 0x98, 0x01, 0x11, 0x62, 0x7b, 0xe0, 0x6b,
+	0xc3, 0x25, 0xcb, 0x4f, 0x14, 0x20, 0xf4, 0x2f, 0x59, 0x26, 0xc8, 0x5f,
+	0x87, 0x19, 0x92, 0xca, 0xea, 0xc7, 0xf9, 0x0c, 0x70, 0xa5, 0x4c, 0x99,
+	0x08, 0xd8, 0x20, 0xef, 0x60, 0x42, 0xdf, 0xec, 0x1d, 0xde, 0xdf, 0xd8,
+	0x19, 0x60, 0x05, 0x97, 0x26, 0x70, 0x6f, 0x92, 0xb7, 0xd1, 0x91, 0xd9, 
+	0x54, 0xf0, 0x68, 0x16, 0xf5, 0xb9, 0x94, 0x48, 0x3e, 0x6d, 0x5f, 0xd2,
+	0x11, 0xf2, 0x33, 0x7f, 0x6b, 0x1f, 0x08, 0x77, 0xe1, 0x82, 0x18, 0x04,
+	0x6c, 0x01, 0x39, 0xf9, 0x75, 0xcb, 0x9d, 0x87, 0x62, 0x11, 0x08, 0x15,
+	0xe3, 0xd6, 0x05, 0x79, 0x51, 0xa1, 0x51, 0xb9, 0x9b, 0x61, 0x52, 0x82,
+	0x9f, 0x8f, 0x1b, 0x39, 0xbb, 0xb5, 0xcd, 0xb2, 0x37, 0x74, 0xfd, 0x08,
+	0x85, 0xe7, 0x8f, 0xbd, 0xe1, 0xd0, 0x18, 0x57, 0xd0, 0x3d, 0xbb, 0x37,
+	0x80, 0xbf, 0x3e, 0x5f, 0x6f, 0x2a, 0x1b, 0x73, 0xc7, 0x41, 0xa7, 0x62,
+	0x9a, 0x9b, 0x7f
+};
+
 static int
 app_system_state_nf(lws_state_manager_t *mgr, lws_state_notify_link_t *link,
 		    int current, int target)
@@ -188,6 +377,19 @@ app_system_state_nf(lws_state_manager_t *mgr, lws_state_notify_link_t *link,
 
 			lws_ss_sigv4_set_aws_key(context, 0, aws_keyid, aws_key);
 #endif
+
+			lws_system_blob_direct_set(
+				lws_system_get_blob(context, LWS_SYSBLOB_TYPE_MQTT_CLIENT_ID, 0),
+				(const uint8_t*)TEST_CLIENT_ID, strlen(TEST_CLIENT_ID));
+
+			lws_system_blob_direct_set(
+				lws_system_get_blob(context, LWS_SYSBLOB_TYPE_CLIENT_CERT_DER, 0),
+				client_cert_der, sizeof(client_cert_der));
+
+			lws_system_blob_direct_set(
+				lws_system_get_blob(context, LWS_SYSBLOB_TYPE_CLIENT_KEY_DER, 0),
+				client_key, sizeof(client_key));
+
 			/*
 			 * At this point we have DHCP, ntp, system auth token
 			 * and we can reasonably create the proxy
@@ -272,12 +474,12 @@ int main(int argc, const char **argv)
 
 	lwsl_user("LWS secure streams Proxy [-d<verb>]\n");
 
+	info.fd_limit_per_thread = 1 + 26 + 1;
+	info.port = CONTEXT_PORT_NO_LISTEN;
+	info.pss_policies_json = default_ss_policy;
 	info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS |
 		       LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW |
 		       LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
-	info.fd_limit_per_thread = 1 + 26 + 1;
-	info.pss_policies_json = default_ss_policy;
-	info.port = CONTEXT_PORT_NO_LISTEN;
 
 	/* integrate us with lws system state management when context created */
 	nl.name = "app";