From 36082a2fe36ecd800d784ae44c14f1f18c66a7e9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 09:33:12 +0200 Subject: Adding upstream version 3.7.9. Signed-off-by: Daniel Baumann --- tests/Makefile.am | 674 + tests/Makefile.in | 13699 +++++++++ tests/aead-cipher-vec.c | 131 + tests/alerts.c | 300 + tests/alpn-server-prec.c | 310 + tests/anonself.c | 303 + tests/atfork.c | 124 + tests/auto-verify.c | 687 + tests/base64-raw.c | 266 + tests/base64.c | 251 + tests/buffer.c | 78 + tests/cert-common.h | 1949 ++ tests/cert-reencoding.sh | 272 + tests/cert-repro-20170915.h | 383 + tests/cert-status.c | 262 + tests/cert-tests/Makefile.am | 188 + tests/cert-tests/Makefile.in | 3256 +++ tests/cert-tests/aki.sh | 57 + tests/cert-tests/alt-chain.sh | 68 + tests/cert-tests/cert-critical.sh | 69 + tests/cert-tests/cert-non-digits-time.sh | 47 + tests/cert-tests/cert-sanity.sh | 54 + tests/cert-tests/cert-time.sh | 46 + tests/cert-tests/certtool-crl-decoding.sh | 60 + tests/cert-tests/certtool-ecdsa.sh | 89 + tests/cert-tests/certtool-eddsa.sh | 139 + tests/cert-tests/certtool-long-cn.sh | 59 + tests/cert-tests/certtool-long-oids.sh | 56 + tests/cert-tests/certtool-rsa-pss.sh | 226 + tests/cert-tests/certtool-subca.sh | 108 + tests/cert-tests/certtool-utf8.sh | 41 + tests/cert-tests/certtool-verify-profiles.sh | 78 + tests/cert-tests/certtool.sh | 185 + tests/cert-tests/crl.sh | 308 + tests/cert-tests/crq.sh | 243 + tests/cert-tests/dane.sh | 43 + tests/cert-tests/data/aes-128.p12 | Bin 0 -> 1485 bytes tests/cert-tests/data/aki-cert.pem | 110 + tests/cert-tests/data/alt-chain-new-ca.pem | 22 + tests/cert-tests/data/alt-chain-old-ca.pem | 19 + tests/cert-tests/data/alt-chain.pem | 73 + tests/cert-tests/data/arb-extensions.csr | 78 + tests/cert-tests/data/arb-extensions.pem | 23 + tests/cert-tests/data/attribute-leak-1.pub | Bin 0 -> 5 bytes tests/cert-tests/data/bad-key.pem | 25 + tests/cert-tests/data/bmpstring.pem | 157 + tests/cert-tests/data/ca-certs.pem | 3832 +++ tests/cert-tests/data/ca-crl-invalid.crl | 14 + tests/cert-tests/data/ca-crl-invalid.pem | 21 + tests/cert-tests/data/ca-crl-valid.crl | 14 + tests/cert-tests/data/ca-crl-valid.pem | 21 + tests/cert-tests/data/ca-gnutls-keyid.pem | 43 + tests/cert-tests/data/ca-no-keyid.pem | 40 + tests/cert-tests/data/ca-no-pathlen.pem | 48 + tests/cert-tests/data/ca-public.gpg | 14 + tests/cert-tests/data/ca-secret.gpg | 21 + tests/cert-tests/data/ca-weird-keyid.pem | 49 + tests/cert-tests/data/cert-ca.p12 | Bin 0 -> 2669 bytes tests/cert-tests/data/cert-ecc256-full.pem | 68 + tests/cert-tests/data/cert-ecc256.pem | 18 + tests/cert-tests/data/cert-eddsa.pem | 46 + tests/cert-tests/data/cert-invalid-utf8.der | Bin 0 -> 2442 bytes tests/cert-tests/data/cert-rsa-pss.pem | 29 + tests/cert-tests/data/cert-with-crl.p12 | Bin 0 -> 3386 bytes .../data/cert-with-non-digits-time-ca.pem | 70 + .../cert-tests/data/cert-with-non-digits-time.pem | 38 + tests/cert-tests/data/cert.dsa.1024.pem | 20 + tests/cert-tests/data/cert.dsa.2048.pem | 29 + tests/cert-tests/data/cert.dsa.3072.pem | 37 + tests/cert-tests/data/chain-512-ca.pem | 45 + tests/cert-tests/data/chain-512-leaf.pem | 52 + tests/cert-tests/data/chain-512-subca.pem | 46 + tests/cert-tests/data/chain-eddsa.pem | 18 + tests/cert-tests/data/chain-md5.pem | 73 + .../data/chain-with-critical-on-endcert.pem | 72 + .../data/chain-with-critical-on-intermediate.pem | 72 + .../data/chain-with-critical-on-root.pem | 73 + tests/cert-tests/data/client.p12 | Bin 0 -> 1444 bytes tests/cert-tests/data/code-signing-ca.pem | 62 + tests/cert-tests/data/code-signing-cert.pem | 64 + tests/cert-tests/data/commonName.cer | 52 + tests/cert-tests/data/complex-cert.pem | 94 + tests/cert-tests/data/crit-extensions.pem | 17 + tests/cert-tests/data/crl-demo1.pem | 45 + tests/cert-tests/data/crl-demo2.pem | 45 + tests/cert-tests/data/crl-demo3.pem | 600 + tests/cert-tests/data/crq-cert-no-ca-explicit.pem | 26 + tests/cert-tests/data/crq-cert-no-ca-honor.pem | 26 + tests/cert-tests/data/crq-cert-no-ca.pem | 19 + tests/cert-tests/data/csr-invalid.der | Bin 0 -> 303 bytes tests/cert-tests/data/cve-2019-3829.pem | 66 + tests/cert-tests/data/dane-test.rr | 1 + tests/cert-tests/data/detached.p7b | Bin 0 -> 2579 bytes tests/cert-tests/data/dsa-pubkey-1018.pem | 19 + tests/cert-tests/data/dsa.1024.pem | 12 + tests/cert-tests/data/dsa.2048.pem | 20 + tests/cert-tests/data/dsa.3072.pem | 28 + tests/cert-tests/data/dup-exts.pem | 32 + tests/cert-tests/data/enc2pkcs8.pem | 40 + tests/cert-tests/data/encpkcs8.pem | 38 + tests/cert-tests/data/full.p7b | Bin 0 -> 2609 bytes tests/cert-tests/data/full.p7b.out | 115 + tests/cert-tests/data/funny-spacing.pem | 28 + tests/cert-tests/data/gost-cert-ca.pem | 65 + tests/cert-tests/data/gost-cert-new.pem | 70 + tests/cert-tests/data/gost-cert-nogost.pem | 47 + tests/cert-tests/data/gost-cert.pem | 61 + tests/cert-tests/data/gost01.p12 | Bin 0 -> 1047 bytes tests/cert-tests/data/gost12-2.p12 | Bin 0 -> 1454 bytes tests/cert-tests/data/gost12.p12 | Bin 0 -> 1454 bytes tests/cert-tests/data/gost94-cert.pem | 33 + tests/cert-tests/data/grfc.crt | 89 + tests/cert-tests/data/inhibit-anypolicy.pem | 25 + tests/cert-tests/data/invalid-date-day.der | Bin 0 -> 1063 bytes tests/cert-tests/data/invalid-date-hour.der | Bin 0 -> 1063 bytes tests/cert-tests/data/invalid-date-mins.der | Bin 0 -> 1063 bytes tests/cert-tests/data/invalid-date-month.der | Bin 0 -> 1063 bytes tests/cert-tests/data/invalid-date-secs.der | Bin 0 -> 1063 bytes tests/cert-tests/data/invalid-sig.pem | 38 + tests/cert-tests/data/invalid-sig2.pem | 37 + tests/cert-tests/data/invalid-sig3.pem | 38 + tests/cert-tests/data/invalid-sig4.pem | 23 + tests/cert-tests/data/invalid-sig5.pem | 22 + tests/cert-tests/data/key-ca-1234.p8 | 10 + tests/cert-tests/data/key-ca-dsa.pem | 29 + tests/cert-tests/data/key-ca-empty.p8 | 10 + tests/cert-tests/data/key-ca-null.p8 | 10 + tests/cert-tests/data/key-ca.pem | 15 + tests/cert-tests/data/key-corpus-rc2-1.p12 | Bin 0 -> 2528 bytes tests/cert-tests/data/key-corpus-rc2-1.p12.out | 49 + tests/cert-tests/data/key-corpus-rc2-2.p12 | Bin 0 -> 2556 bytes tests/cert-tests/data/key-corpus-rc2-3.p12 | Bin 0 -> 2530 bytes tests/cert-tests/data/key-dsa.pem | 20 + tests/cert-tests/data/key-ecc.p8 | 8 + tests/cert-tests/data/key-ecc.pem | 7 + tests/cert-tests/data/key-gost01-2-enc.p8 | 6 + tests/cert-tests/data/key-gost01-2-enc.p8.txt | 40 + tests/cert-tests/data/key-gost01-2.p8 | 4 + tests/cert-tests/data/key-gost01-2.p8.txt | 33 + tests/cert-tests/data/key-gost01.p8 | 4 + tests/cert-tests/data/key-gost01.p8.txt | 33 + tests/cert-tests/data/key-gost12-256-2-enc.p8 | 7 + tests/cert-tests/data/key-gost12-256-2-enc.p8.txt | 40 + tests/cert-tests/data/key-gost12-256-2.p8 | 4 + tests/cert-tests/data/key-gost12-256-2.p8.txt | 33 + tests/cert-tests/data/key-gost12-256.p8 | 4 + tests/cert-tests/data/key-gost12-256.p8.txt | 33 + tests/cert-tests/data/key-gost12-512.p8 | 5 + tests/cert-tests/data/key-illegal-rsa-pss.pem | 138 + tests/cert-tests/data/key-illegal.pem | 97 + tests/cert-tests/data/key-invalid1.der | Bin 0 -> 118 bytes tests/cert-tests/data/key-invalid2.der | Bin 0 -> 335 bytes tests/cert-tests/data/key-invalid3.der | Bin 0 -> 70 bytes tests/cert-tests/data/key-invalid4.der | 1 + tests/cert-tests/data/key-invalid5.der | Bin 0 -> 24 bytes tests/cert-tests/data/key-invalid6.der | Bin 0 -> 633 bytes tests/cert-tests/data/key-rsa-pss-raw.pem | 27 + tests/cert-tests/data/key-rsa-pss.pem | 29 + tests/cert-tests/data/key-subca-dsa.pem | 21 + tests/cert-tests/data/key-subca.pem | 15 + tests/cert-tests/data/key-subsubca.pem | 9 + tests/cert-tests/data/key-user.pem | 15 + tests/cert-tests/data/key-utf8-1.p12 | Bin 0 -> 2819 bytes tests/cert-tests/data/key-utf8-2.p12 | Bin 0 -> 2819 bytes tests/cert-tests/data/long-dns.pem | 51 + tests/cert-tests/data/long-oids.pem | 175 + tests/cert-tests/data/long-serial.pem | 25 + tests/cert-tests/data/mac-sha512.p12 | Bin 0 -> 2488 bytes tests/cert-tests/data/mem-leak.p12 | Bin 0 -> 1474 bytes tests/cert-tests/data/multi-value-dn.pem | 65 + tests/cert-tests/data/name-constraints-ip.pem | 53 + tests/cert-tests/data/name-constraints-ip2.pem | 90 + tests/cert-tests/data/no-ca-or-pathlen.pem | 83 + tests/cert-tests/data/no-salt.p12 | Bin 0 -> 2432 bytes tests/cert-tests/data/noclient.p12 | Bin 0 -> 1317 bytes tests/cert-tests/data/openpgp-invalid10.pub | Bin 0 -> 52 bytes tests/cert-tests/data/openpgp-invalid11.pub | Bin 0 -> 32 bytes tests/cert-tests/data/openpgp-invalid9.pub | Bin 0 -> 16 bytes tests/cert-tests/data/openssl-3des.p8 | 17 + tests/cert-tests/data/openssl-3des.p8.txt | 7 + tests/cert-tests/data/openssl-aes128.p8 | 18 + tests/cert-tests/data/openssl-aes128.p8.txt | 7 + tests/cert-tests/data/openssl-aes256.p8 | 18 + tests/cert-tests/data/openssl-aes256.p8.txt | 7 + .../data/openssl-invalid-time-format.pem | 20 + tests/cert-tests/data/openssl-key-ecc.p8 | 8 + tests/cert-tests/data/openssl-keyid.p7b | Bin 0 -> 2323 bytes tests/cert-tests/data/openssl-keyid.p7b.out | 103 + tests/cert-tests/data/openssl.p12 | Bin 0 -> 3669 bytes tests/cert-tests/data/openssl.p7b | Bin 0 -> 1958 bytes tests/cert-tests/data/openssl.p7b.out | 93 + tests/cert-tests/data/p7-combined.out | 82 + tests/cert-tests/data/p8key-illegal.pem | 17 + tests/cert-tests/data/pbes1-no-salt.p12 | Bin 0 -> 2424 bytes tests/cert-tests/data/pkcs1-pad-broken.pem | 118 + tests/cert-tests/data/pkcs1-pad-broken2.pem | 39 + tests/cert-tests/data/pkcs1-pad-broken3.pem | 126 + tests/cert-tests/data/pkcs1-pad-ok.pem | 118 + tests/cert-tests/data/pkcs1-pad-ok2.pem | 39 + tests/cert-tests/data/pkcs12_2certs.p12 | Bin 0 -> 5853 bytes tests/cert-tests/data/pkcs12_5certs.p12 | Bin 0 -> 7338 bytes tests/cert-tests/data/pkcs7-cat-ca.pem | 145 + tests/cert-tests/data/pkcs7-cat.p7 | Bin 0 -> 329940 bytes tests/cert-tests/data/pkcs7-chain-endcert-key.pem | 182 + tests/cert-tests/data/pkcs7-chain-root.pem | 23 + tests/cert-tests/data/pkcs7-chain.pem | 72 + tests/cert-tests/data/pkcs7-detached.txt | 1 + tests/cert-tests/data/pkcs7-eddsa-sig.p7s | Bin 0 -> 776 bytes tests/cert-tests/data/pkcs7.smime | 42 + tests/cert-tests/data/pkcs8-eddsa.pem | 3 + tests/cert-tests/data/pkcs8-eddsa.pem.txt | 25 + tests/cert-tests/data/pkcs8-invalid1.der | Bin 0 -> 735 bytes tests/cert-tests/data/pkcs8-invalid10.der | Bin 0 -> 36 bytes tests/cert-tests/data/pkcs8-invalid11.der | Bin 0 -> 100 bytes tests/cert-tests/data/pkcs8-invalid2.der | Bin 0 -> 674 bytes tests/cert-tests/data/pkcs8-invalid3.der | Bin 0 -> 674 bytes tests/cert-tests/data/pkcs8-invalid4.der | Bin 0 -> 735 bytes tests/cert-tests/data/pkcs8-invalid5.der | Bin 0 -> 674 bytes tests/cert-tests/data/pkcs8-invalid6.der | Bin 0 -> 674 bytes tests/cert-tests/data/pkcs8-invalid7.der | Bin 0 -> 735 bytes tests/cert-tests/data/pkcs8-invalid8.der | Bin 0 -> 596 bytes tests/cert-tests/data/pkcs8-invalid9.der | Bin 0 -> 186 bytes tests/cert-tests/data/pkcs8-pbes1-des-md5.pem | 33 + tests/cert-tests/data/pkcs8-pbes2-sha256.pem | 35 + tests/cert-tests/data/privkey1.pem | 144 + tests/cert-tests/data/privkey2.pem | 69 + tests/cert-tests/data/privkey3.pem | 5 + tests/cert-tests/data/provable-dsa2048-fips.pem | 96 + tests/cert-tests/data/provable-dsa2048.pem | 98 + tests/cert-tests/data/provable2048.pem | 139 + tests/cert-tests/data/provable3072.pem | 187 + tests/cert-tests/data/pubkey-ecc256.pem | 23 + tests/cert-tests/data/pubkey-eddsa.pem | 18 + tests/cert-tests/data/rfc4134-4.5.p7b | Bin 0 -> 1359 bytes tests/cert-tests/data/rfc4134-ca-rsa.pem | 74 + tests/cert-tests/data/rfc4490.p7b | Bin 0 -> 300 bytes tests/cert-tests/data/rfc4490.p7b.out | 14 + .../data/selfsigs/alice-mallory-badsig18.pub | Bin 0 -> 1118 bytes .../data/selfsigs/alice-mallory-irrelevantsig.pub | Bin 0 -> 1071 bytes .../data/selfsigs/alice-mallory-nosig18.pub | Bin 0 -> 971 bytes tests/cert-tests/data/selfsigs/alice.pub | Bin 0 -> 1118 bytes tests/cert-tests/data/sha256.p12 | Bin 0 -> 1411 bytes tests/cert-tests/data/simple-policy.pem | 17 + tests/cert-tests/data/single-ca.p7b | Bin 0 -> 1524 bytes tests/cert-tests/data/single-ca.p7b.out | 67 + .../data/srv-public-127.0.0.1-signed.gpg | 20 + tests/cert-tests/data/srv-public-all-signed.gpg | 23 + .../data/srv-public-localhost-signed.gpg | 20 + tests/cert-tests/data/srv-public.gpg | 17 + tests/cert-tests/data/srv-secret.gpg | 24 + tests/cert-tests/data/subpkt-leak.pub | 1 + tests/cert-tests/data/template-crq.pem | 20 + tests/cert-tests/data/template-date.pem | 23 + tests/cert-tests/data/template-dates-after2038.pem | 23 + tests/cert-tests/data/template-dn.pem | 19 + tests/cert-tests/data/template-generalized.pem | 23 + tests/cert-tests/data/template-krb5name-full.pem | 94 + tests/cert-tests/data/template-krb5name.pem | 23 + tests/cert-tests/data/template-long-dns-crq.pem | 61 + tests/cert-tests/data/template-nc.pem | 24 + tests/cert-tests/data/template-othername-xmpp.pem | 21 + tests/cert-tests/data/template-othername.pem | 22 + tests/cert-tests/data/template-overflow.pem | 23 + tests/cert-tests/data/template-overflow2.pem | 23 + tests/cert-tests/data/template-rsa-sha3-224.pem | 25 + tests/cert-tests/data/template-rsa-sha3-256.pem | 25 + tests/cert-tests/data/template-rsa-sha3-384.pem | 25 + tests/cert-tests/data/template-rsa-sha3-512.pem | 25 + tests/cert-tests/data/template-sgenerate.pem | 22 + tests/cert-tests/data/template-test-ecc.key | 40 + tests/cert-tests/data/template-test.key | 86 + tests/cert-tests/data/template-test.pem | 25 + tests/cert-tests/data/template-tlsfeature.csr | 62 + tests/cert-tests/data/template-tlsfeature.pem | 25 + tests/cert-tests/data/template-unique.pem | 20 + tests/cert-tests/data/template-utf8.pem | 23 + tests/cert-tests/data/test-null.p12 | Bin 0 -> 1649 bytes tests/cert-tests/data/truncated.pub | 1 + tests/cert-tests/data/unclient.p12 | Bin 0 -> 1476 bytes tests/cert-tests/data/unencpkcs8.pem | 79 + tests/cert-tests/data/userid.pem | 59 + tests/cert-tests/data/very-long-dn.pem | 340 + tests/cert-tests/data/x509-v1-with-iid.pem | 19 + tests/cert-tests/data/x509-v1-with-sid.pem | 19 + .../data/x509-v3-with-fractional-time.pem | 22 + tests/cert-tests/data/x509-with-zero-version.pem | 23 + tests/cert-tests/data/xmpp-othername.pem | 175 + tests/cert-tests/dsa.sh | 182 + tests/cert-tests/ecdsa.sh | 104 + .../email-certs/chain.exclude.test.example.com | 39 + .../email-certs/chain.invalid.example.com | 39 + .../cert-tests/email-certs/chain.test.example.com | 38 + .../email-certs/chain.test.example.com-2 | 39 + tests/cert-tests/email.sh | 100 + tests/cert-tests/gost.sh | 165 + tests/cert-tests/illegal-rsa.sh | 81 + tests/cert-tests/inhibit-anypolicy.sh | 87 + tests/cert-tests/invalid-sig.sh | 103 + tests/cert-tests/key-id.sh | 62 + tests/cert-tests/key-invalid.sh | 55 + tests/cert-tests/krb5-test.sh | 108 + tests/cert-tests/md5-test.sh | 59 + tests/cert-tests/name-constraints.sh | 68 + tests/cert-tests/othername-test.sh | 76 + tests/cert-tests/pathlen.sh | 70 + tests/cert-tests/pem-decoding.sh | 223 + tests/cert-tests/pkcs1-pad.sh | 109 + tests/cert-tests/pkcs12-corner-cases.sh | 101 + tests/cert-tests/pkcs12-encode.sh | 108 + tests/cert-tests/pkcs12-gost.sh | 105 + tests/cert-tests/pkcs12-utf8.sh | 88 + tests/cert-tests/pkcs12.sh | 168 + tests/cert-tests/pkcs7-broken-sigs.sh | 69 + tests/cert-tests/pkcs7-cat.sh | 51 + tests/cert-tests/pkcs7-constraints.sh | 114 + tests/cert-tests/pkcs7-constraints2.sh | 114 + tests/cert-tests/pkcs7-eddsa.sh | 124 + tests/cert-tests/pkcs7-list-sign.sh | 81 + tests/cert-tests/pkcs7.sh | 352 + tests/cert-tests/pkcs8-decode.sh | 80 + tests/cert-tests/pkcs8-eddsa.sh | 64 + tests/cert-tests/pkcs8-gost.sh | 70 + tests/cert-tests/pkcs8-invalid.sh | 57 + tests/cert-tests/pkcs8.sh | 152 + tests/cert-tests/privkey-import.sh | 62 + tests/cert-tests/provable-dh-default.sh | 55 + tests/cert-tests/provable-dh.sh | 72 + tests/cert-tests/provable-privkey-dsa2048.sh | 63 + tests/cert-tests/provable-privkey-gen-default.sh | 46 + tests/cert-tests/provable-privkey-rsa2048.sh | 63 + tests/cert-tests/provable-privkey.sh | 133 + tests/cert-tests/reject-invalid-time.sh | 50 + tests/cert-tests/rsa-pss-pad.sh | 74 + tests/cert-tests/sha2-dsa-test.sh | 89 + tests/cert-tests/sha2-test.sh | 105 + tests/cert-tests/sha3-test.sh | 98 + tests/cert-tests/smime.sh | 61 + tests/cert-tests/suppressions.valgrind | 24 + tests/cert-tests/template-exts-test.sh | 90 + tests/cert-tests/template-policy-test.sh | 55 + tests/cert-tests/template-test.sh | 323 + tests/cert-tests/templates/arb-extensions.tmpl | 38 + tests/cert-tests/templates/crit-extensions.tmpl | 30 + tests/cert-tests/templates/inhibit-anypolicy.tmpl | 101 + tests/cert-tests/templates/simple-policy.tmpl | 30 + tests/cert-tests/templates/template-crq.tmpl | 4 + tests/cert-tests/templates/template-date.tmpl | 97 + .../templates/template-dates-after2038.tmpl | 97 + tests/cert-tests/templates/template-dn-err.tmpl | 67 + tests/cert-tests/templates/template-dn.tmpl | 67 + .../cert-tests/templates/template-generalized.tmpl | 97 + tests/cert-tests/templates/template-krb5name.tmpl | 68 + tests/cert-tests/templates/template-long-dns.tmpl | 70 + .../cert-tests/templates/template-long-serial.tmpl | 99 + tests/cert-tests/templates/template-nc.tmpl | 87 + .../templates/template-no-ca-explicit.tmpl | 13 + .../cert-tests/templates/template-no-ca-honor.tmpl | 3 + tests/cert-tests/templates/template-no-ca.tmpl | 2 + .../templates/template-othername-xmpp.tmpl | 67 + tests/cert-tests/templates/template-othername.tmpl | 71 + tests/cert-tests/templates/template-overflow.tmpl | 97 + tests/cert-tests/templates/template-overflow2.tmpl | 97 + tests/cert-tests/templates/template-test.tmpl | 99 + .../templates/template-tlsfeature-crq.tmpl | 23 + .../cert-tests/templates/template-tlsfeature.tmpl | 99 + tests/cert-tests/templates/template-unique.tmpl | 70 + tests/cert-tests/templates/template-utf8.tmpl | 35 + tests/cert-tests/tlsfeature-test.sh | 198 + tests/cert-tests/tolerate-invalid-time.sh | 50 + tests/cert-tests/x25519-and-x448.sh | 101 + tests/cert-tests/x509-duplicate-ext.sh | 46 + tests/cert.c | 142 + tests/cert_verify_inv_utf8.c | 157 + tests/certificate_set_x509_crl.c | 109 + tests/certs-interesting/README.md | 6 + tests/certs-interesting/cert1.der | Bin 0 -> 1044 bytes tests/certs-interesting/cert1.der.err | 1 + tests/certs-interesting/cert10.der | Bin 0 -> 571 bytes tests/certs-interesting/cert2.der | Bin 0 -> 200 bytes tests/certs-interesting/cert2.der.err | 1 + tests/certs-interesting/cert3.der | Bin 0 -> 1044 bytes tests/certs-interesting/cert3.der.err | 1 + tests/certs-interesting/cert4.der | Bin 0 -> 2223 bytes tests/certs-interesting/cert5.der | Bin 0 -> 414 bytes tests/certs-interesting/cert5.der.err | 1 + tests/certs-interesting/cert6.der | Bin 0 -> 65 bytes tests/certs-interesting/cert6.der.err | 1 + tests/certs-interesting/cert7.der | Bin 0 -> 1183 bytes tests/certs-interesting/cert8.der | Bin 0 -> 1114 bytes tests/certs-interesting/cert9.der | Bin 0 -> 1418 bytes tests/certs/ca-cert-ecc.pem | 14 + tests/certs/ca-ecc.pem | 28 + tests/certs/cert-ecc.pem | 13 + tests/certs/cert-ecc256.pem | 18 + tests/certs/cert-ecc384.pem | 19 + tests/certs/cert-ecc521.pem | 19 + tests/certs/cert-ed25519.pem | 12 + tests/certs/cert-rsa-2432.pem | 22 + tests/certs/ecc.pem | 25 + tests/certs/ecc256.pem | 37 + tests/certs/ecc384.pem | 41 + tests/certs/ecc521.pem | 45 + tests/certs/ed25519.pem | 25 + tests/certs/id-on-xmppAddr.pem | 14 + tests/certs/rawpk_priv.pem | 39 + tests/certs/rawpk_pub.pem | 11 + tests/certs/rsa-2432.pem | 32 + tests/certs/rsa-512.pem | 20 + tests/certtool-pkcs11.sh | 193 + tests/certuniqueid.c | 245 + tests/cfg-test.sh | 73 + tests/chainverify-unsorted.c | 767 + tests/chainverify.c | 286 + tests/cipher-alignment.c | 532 + tests/cipher-listings.sh | 98 + tests/cipher-neg-common.c | 125 + tests/cipher-padding.c | 160 + tests/ciphersuite-name.c | 121 + tests/client-fastopen.c | 324 + tests/client-secrets.h | 279 + tests/client-sign-md5-rep.c | 510 + tests/client_dsa_key.c | 110 + tests/cmocka-common.h | 13 + tests/common-cert-key-exchange.c | 619 + tests/common-cert-key-exchange.h | 121 + tests/common-key-tests.h | 95 + tests/conv-utf8.c | 131 + tests/crl-basic.c | 276 + tests/crl_apis.c | 245 + tests/crlverify.c | 385 + tests/crq-basic.c | 226 + tests/crq_apis.c | 549 + tests/crq_key_id.c | 194 + tests/crt_apis.c | 394 + tests/crt_inv_write.c | 216 + tests/crt_type-neg-common.c | 236 + tests/custom-urls-override.c | 282 + tests/custom-urls.c | 281 + tests/cve-2008-4989.c | 263 + tests/cve-2009-1415.c | 117 + tests/cve-2009-1416.c | 89 + tests/dane-strcodes.c | 81 + tests/dane.c | 629 + tests/danetool.sh | 81 + tests/data/large-cert.pem | 2472 ++ tests/data/listings-DTLS1.0 | 11 + tests/data/listings-SSL3.0 | 14 + tests/data/listings-SSL3.0-TLS1.1 | 11 + tests/data/listings-TLS1.0 | 11 + tests/data/listings-TLS1.1 | 11 + tests/data/listings-legacy1 | 4 + tests/data/listings-legacy2 | 4 + tests/data/listings-legacy3 | 4 + tests/data/listings-legacy4 | 4 + tests/data/listings-old-SSL3.0-TLS1.1 | 11 + tests/data/long.crl | Bin 0 -> 377613 bytes tests/data/long.pem | 29149 +++++++++++++++++++ tests/data/pkcs7-cat-ca.pem | 103 + tests/data/test1.cat | Bin 0 -> 329485 bytes tests/data/test1.cat.data | Bin 0 -> 322522 bytes tests/data/test1.cat.out | 7014 +++++ tests/data/test2.cat | Bin 0 -> 1871 bytes tests/data/test2.cat.data | Bin 0 -> 548 bytes tests/data/test2.cat.out | 74 + tests/datefudge-check.c | 51 + tests/dh-compute.c | 231 + tests/dh-fips-approved.sh | 127 + tests/dh-params.c | 114 + tests/dhepskself.c | 308 + tests/dhex509self.c | 395 + tests/dn.c | 158 + tests/dn2.c | 109 + tests/dss-sig-val.c | 241 + tests/dtls-client-with-seccomp.c | 311 + tests/dtls-etm.c | 346 + tests/dtls-handshake-versions.c | 143 + tests/dtls-max-record.c | 153 + tests/dtls-pthread.c | 369 + tests/dtls-rehandshake-anon.c | 382 + tests/dtls-rehandshake-cert-2.c | 400 + tests/dtls-rehandshake-cert-3.c | 392 + tests/dtls-rehandshake-cert.c | 388 + tests/dtls-repro-20170915.c | 47 + tests/dtls-session-ticket-lost.c | 247 + tests/dtls-sliding-window.c | 508 + tests/dtls-with-seccomp.c | 307 + tests/dtls/dtls-resume.sh | 45 + tests/dtls/dtls-stress.c | 1558 + tests/dtls/dtls.sh | 44 + tests/dtls1-2-mtu-check.c | 242 + tests/dtls10-cert-key-exchange.c | 65 + tests/dtls12-cert-key-exchange.c | 76 + tests/duplicate-extensions.c | 226 + tests/eagain-auto-auth.c | 235 + tests/eagain-common.h | 368 + tests/eagain.c | 194 + tests/ecdh-compute.c | 209 + tests/empty_retrieve_function.c | 132 + tests/fallback-scsv.c | 318 + tests/fastopen.sh | 70 + tests/fips-mode-pthread.c | 191 + tests/fips-override-test.c | 141 + tests/fips-rsa-sizes.c | 328 + tests/fips-test.c | 559 + tests/fixtures/templates/arb-extensions.tmpl.exp | 17 + tests/fixtures/templates/crit-extensions.tmpl.exp | 10 + .../fixtures/templates/inhibit-anypolicy.tmpl.exp | 25 + tests/fixtures/templates/simple-policy.tmpl.exp | 9 + tests/fixtures/templates/template-crq.tmpl.exp | 3 + tests/fixtures/templates/template-date.tmpl.exp | 23 + .../templates/template-dates-after2038.tmpl.exp | 23 + tests/fixtures/templates/template-dn-err.tmpl.exp | 14 + tests/fixtures/templates/template-dn.tmpl.exp | 14 + .../templates/template-generalized.tmpl.exp | 23 + .../fixtures/templates/template-krb5name.tmpl.exp | 16 + .../fixtures/templates/template-long-dns.tmpl.exp | 14 + .../templates/template-long-serial.tmpl.exp | 24 + tests/fixtures/templates/template-nc.tmpl.exp | 27 + .../templates/template-no-ca-explicit.tmpl.exp | 11 + .../templates/template-no-ca-honor.tmpl.exp | 3 + tests/fixtures/templates/template-no-ca.tmpl.exp | 2 + .../templates/template-othername-xmpp.tmpl.exp | 15 + .../fixtures/templates/template-othername.tmpl.exp | 18 + .../fixtures/templates/template-overflow.tmpl.exp | 22 + .../fixtures/templates/template-overflow2.tmpl.exp | 22 + tests/fixtures/templates/template-test.tmpl.exp | 24 + .../templates/template-tlsfeature-crq.tmpl.exp | 6 + .../templates/template-tlsfeature.tmpl.exp | 25 + tests/fixtures/templates/template-unique.tmpl.exp | 16 + tests/fixtures/templates/template-utf8.tmpl.exp | 14 + tests/global-init-override.c | 91 + tests/global-init.c | 83 + tests/gnutls-asan.supp | 2 + tests/gnutls-cli-debug.sh | 226 + tests/gnutls-cli-invalid-crl.sh | 188 + tests/gnutls-cli-rawpk.sh | 320 + tests/gnutls-cli-resume.sh | 121 + tests/gnutls-cli-save-data.sh | 82 + tests/gnutls-cli-self-signed.sh | 143 + tests/gnutls-ids.c | 45 + tests/gnutls-strcodes.c | 138 + tests/gnutls_ext_raw_parse.c | 317 + tests/gnutls_ext_raw_parse_dtls.c | 292 + tests/gnutls_hmac_fast.c | 137 + tests/gnutls_ktls.c | 357 + tests/gnutls_ocsp_resp_list_import2.c | 261 + tests/gnutls_record_overhead.c | 110 + tests/gnutls_session_set_id.c | 210 + tests/gnutls_x509_crq_sign.c | 164 + tests/gnutls_x509_crt_list_import.c | 368 + tests/gnutls_x509_crt_sign.c | 265 + tests/gnutls_x509_privkey_import.c | 221 + tests/handshake-false-start.c | 313 + tests/handshake-large-cert.c | 260 + tests/handshake-large-packet.c | 297 + tests/handshake-timeout.c | 234 + tests/handshake-versions.c | 142 + tests/handshake-write.c | 164 + tests/hex.c | 225 + tests/hex.h | 50 + tests/hostname-check-utf8.c | 232 + tests/hostname-check.c | 1220 + tests/id-on-xmppAddr.c | 72 + tests/infoaccess.c | 231 + tests/init_roundtrip.c | 51 + tests/insecure_key.c | 112 + tests/iov.c | 269 + tests/ip-check.c | 212 + tests/ip-utils.c | 152 + tests/kdf-api.c | 205 + tests/key-export-pkcs8.c | 255 + tests/key-import-export.c | 1127 + tests/key-material-dtls.c | 405 + tests/key-material-set-dtls.c | 394 + tests/key-openssl.c | 260 + tests/key-usage-ecdhe-rsa.c | 308 + tests/key-usage-rsa.c | 347 + tests/keylog-env.c | 177 + tests/keylog-func.c | 353 + tests/ktls.sh | 46 + tests/logfile-option.sh | 169 + tests/long-crl.sh | 52 + tests/long-session-id.c | 249 + tests/mini-alpn.c | 304 + tests/mini-chain-unsorted.c | 366 + tests/mini-dtls-discard.c | 305 + tests/mini-dtls-fork.c | 384 + tests/mini-dtls-heartbeat.c | 351 + tests/mini-dtls-hello-verify-48.c | 311 + tests/mini-dtls-hello-verify.c | 351 + tests/mini-dtls-large.c | 353 + tests/mini-dtls-lowmtu.c | 340 + tests/mini-dtls-mtu.c | 315 + tests/mini-dtls-record-asym.c | 361 + tests/mini-dtls-record.c | 406 + tests/mini-dtls-srtp.c | 343 + tests/mini-dtls0-9.c | 326 + tests/mini-eagain-dtls.c | 137 + tests/mini-emsgsize-dtls.c | 191 + tests/mini-global-load.c | 147 + tests/mini-key-material.c | 413 + tests/mini-loss-time.c | 331 + tests/mini-overhead.c | 342 + tests/mini-record-2.c | 462 + tests/mini-record-failure.c | 367 + tests/mini-record-range.c | 345 + tests/mini-record.c | 380 + tests/mini-server-name.c | 331 + tests/mini-session-verify-function.c | 328 + tests/mini-termination.c | 325 + tests/mini-tls-nonblock.c | 356 + tests/mini-x509-2.c | 459 + tests/mini-x509-callbacks-intr.c | 206 + tests/mini-x509-callbacks.c | 302 + tests/mini-x509-cas.c | 126 + tests/mini-x509-ipaddr.c | 269 + tests/mini-x509.c | 268 + tests/missingissuer.c | 272 + tests/missingissuer_aia.c | 249 + tests/mpi.c | 87 + tests/multi-alerts.c | 227 + tests/naked-alerts.c | 175 + tests/name-constraints-ip.c | 720 + tests/name-constraints-merge.c | 376 + tests/name-constraints.c | 331 + tests/no-extensions.c | 212 + tests/no-signal.c | 244 + tests/nul-in-x509-names.c | 148 + tests/null_retrieve_function.c | 126 + tests/ocsp-common.h | 678 + tests/ocsp-filename-memleak.c | 61 + tests/ocsp-tests/certs/ca.key | 144 + tests/ocsp-tests/certs/ca.pem | 18 + tests/ocsp-tests/certs/chain-akamai.com.pem | 54 + .../ocsp-tests/certs/chain-amazon.com-unsorted.pem | 90 + tests/ocsp-tests/certs/chain-amazon.com.pem | 68 + tests/ocsp-tests/certs/ocsp-akamai.com.der | Bin 0 -> 1033 bytes tests/ocsp-tests/certs/ocsp-amazon.com.der | Bin 0 -> 1608 bytes tests/ocsp-tests/certs/ocsp-server.key | 144 + tests/ocsp-tests/certs/ocsp-server.pem | 20 + tests/ocsp-tests/certs/ocsp-staple-unrelated.der | Bin 0 -> 1609 bytes tests/ocsp-tests/certs/ocsp_index.txt | 2 + tests/ocsp-tests/certs/ocsp_index.txt.attr | 1 + tests/ocsp-tests/certs/server_bad.key | 39 + tests/ocsp-tests/certs/server_bad.template | 9 + tests/ocsp-tests/certs/server_good.key | 39 + tests/ocsp-tests/certs/server_good.template | 9 + tests/ocsp-tests/ocsp-load-chain.sh | 67 + tests/ocsp-tests/ocsp-must-staple-connection.sh | 515 + tests/ocsp-tests/ocsp-signer-verify.sh | 61 + tests/ocsp-tests/ocsp-test.sh | 72 + tests/ocsp-tests/ocsp-tls-connection.sh | 231 + tests/ocsp-tests/ocsptool.sh | 89 + tests/ocsp-tests/response1.der | Bin 0 -> 1220 bytes tests/ocsp-tests/response1.pem | 45 + tests/ocsp-tests/response2.der | Bin 0 -> 1318 bytes tests/ocsp-tests/response2.pem | 47 + tests/ocsp-tests/response3.der | 2 + tests/ocsp-tests/signer-verify/response-ca.der | Bin 0 -> 1704 bytes .../signer-verify/response-delegated.der | Bin 0 -> 1707 bytes .../signer-verify/response-non-delegated.der | Bin 0 -> 1789 bytes tests/ocsp-tests/signer-verify/trust.pem | 50 + tests/ocsp-tests/suppressions.valgrind | 8 + tests/ocsp.c | 1686 ++ tests/oids.c | 111 + tests/openconnect-dtls12.c | 320 + tests/openssl.c | 61 + tests/p11-kit-load.sh | 204 + tests/p11-kit-trust-data/Example_Root_CA.p11-kit | 11 + tests/p11-kit-trust-data/Example_Root_CA.pem | 13 + tests/p11-kit-trust.sh | 138 + tests/parse_ca.c | 89 + tests/pcert-list.c | 368 + tests/pkcs1-digest-info.c | 208 + tests/pkcs11/gnutls_pcert_list_import_x509_file.c | 247 + tests/pkcs11/gnutls_x509_crt_list_import_url.c | 202 + tests/pkcs11/list-objects.c | 150 + tests/pkcs11/list-tokens.c | 167 + tests/pkcs11/pkcs11-cert-import-url-exts.c | 140 + tests/pkcs11/pkcs11-cert-import-url4-exts.c | 165 + tests/pkcs11/pkcs11-chainverify.c | 335 + tests/pkcs11/pkcs11-combo.c | 431 + tests/pkcs11/pkcs11-ec-privkey-test.c | 284 + tests/pkcs11/pkcs11-eddsa-privkey-test.c | 299 + tests/pkcs11/pkcs11-get-exts.c | 150 + tests/pkcs11/pkcs11-get-issuer.c | 302 + tests/pkcs11/pkcs11-get-raw-issuer-exts.c | 150 + tests/pkcs11/pkcs11-import-url-privkey.c | 132 + tests/pkcs11/pkcs11-import-with-pin.c | 220 + tests/pkcs11/pkcs11-is-known.c | 656 + tests/pkcs11/pkcs11-mechanisms.c | 120 + tests/pkcs11/pkcs11-mock-ext.h | 33 + tests/pkcs11/pkcs11-mock.c | 2819 ++ tests/pkcs11/pkcs11-mock.h | 99 + tests/pkcs11/pkcs11-mock2.c | 108 + tests/pkcs11/pkcs11-obj-import.c | 254 + tests/pkcs11/pkcs11-obj-raw.c | 188 + tests/pkcs11/pkcs11-pin-func.c | 59 + tests/pkcs11/pkcs11-privkey-always-auth.c | 200 + tests/pkcs11/pkcs11-privkey-export.c | 157 + tests/pkcs11/pkcs11-privkey-fork-reinit.c | 166 + tests/pkcs11/pkcs11-privkey-fork.c | 162 + tests/pkcs11/pkcs11-privkey-generate.c | 173 + tests/pkcs11/pkcs11-privkey-pthread.c | 195 + tests/pkcs11/pkcs11-privkey-safenet-always-auth.c | 182 + tests/pkcs11/pkcs11-privkey.c | 269 + tests/pkcs11/pkcs11-pubkey-import-ecdsa.c | 46 + tests/pkcs11/pkcs11-pubkey-import-rsa.c | 41 + tests/pkcs11/pkcs11-pubkey-import.c | 219 + tests/pkcs11/pkcs11-rsa-pss-privkey-test.c | 274 + tests/pkcs11/pkcs11-token-raw.c | 175 + tests/pkcs11/softhsm.h | 125 + tests/pkcs11/tls-neg-pkcs11-key.c | 488 + tests/pkcs11/tls-neg-pkcs11-no-key.c | 378 + tests/pkcs12_encode.c | 331 + tests/pkcs12_s2k.c | 175 + tests/pkcs12_s2k_pem.c | 289 + tests/pkcs12_simple.c | 153 + tests/pkcs7-cat-parse.c | 133 + tests/pkcs7-cat.sh | 98 + tests/pkcs7-gen.c | 251 + tests/pkcs7-verify-double-free.c | 215 + tests/pkcs7.c | 141 + tests/pkcs8-key-decode-encrypted.c | 75 + tests/pkcs8-key-decode.c | 80 + tests/pkgconfig.sh | 84 + tests/post-client-hello-change-prio.c | 149 + tests/prf.c | 477 + tests/priorities-groups.c | 115 + tests/priorities.c | 159 + tests/priority-init2.c | 298 + tests/priority-mix.c | 164 + tests/priority-set.c | 127 + tests/priority-set2.c | 128 + tests/privkey-keygen.c | 256 + tests/privkey-verify-broken.c | 154 + tests/profile-tests.sh | 243 + tests/protocol-set-allowlist.c | 255 + tests/protocol-set-allowlist.sh | 435 + tests/psk-file.c | 554 + tests/psk.passwd | 5 + tests/pskself.c | 336 + tests/pskself2.c | 347 + tests/psktool.sh | 114 + tests/pubkey-import-export.c | 333 + tests/random-art.c | 141 + tests/rawpk-api.c | 147 + tests/record-pad.c | 415 + tests/record-retvals.c | 461 + tests/record-sendfile.c | 279 + tests/record-sizes-range.c | 171 + tests/record-sizes.c | 162 + tests/record-timeouts.c | 162 + tests/recv-data-before-handshake.c | 308 + tests/rehandshake-ext-secret.c | 148 + tests/rehandshake-switch-cert-allow.c | 148 + tests/rehandshake-switch-cert-client-allow.c | 161 + tests/rehandshake-switch-cert-client.c | 161 + tests/rehandshake-switch-cert.c | 148 + tests/rehandshake-switch-psk-id.c | 191 + tests/rehandshake-switch-srp-id.c | 273 + tests/resume-dtls.c | 587 + tests/resume-lifetime.c | 282 + tests/resume-with-false-start.c | 149 + tests/resume-with-previous-stek.c | 257 + tests/resume-with-record-size-limit.c | 424 + tests/resume-with-stek-expiration.c | 328 + tests/resume.c | 1159 + tests/rfc2253-escape-test.sh | 60 + tests/rfc7633-missing.c | 342 + tests/rfc7633-ok.c | 347 + tests/rng-fork.c | 115 + tests/rng-no-onload.c | 72 + tests/rng-op-key.c | 48 + tests/rng-op-nonce.c | 48 + tests/rng-op-random.c | 48 + tests/rng-op.c | 79 + tests/rng-pthread.c | 126 + tests/rng-sigint.c | 109 + tests/rsa-encrypt-decrypt.c | 216 + tests/rsa-illegal-import.c | 170 + tests/rsa-md5-collision/README | 622 + tests/rsa-md5-collision/colliding-chain-md5-1.pem | 253 + tests/rsa-md5-collision/colliding-chain-md5-2.pem | 252 + tests/rsa-md5-collision/rsa-md5-collision.sh | 70 + tests/rsa-psk-cb.c | 323 + tests/rsa-psk.c | 307 + tests/rsa-rsa-pss.c | 253 + tests/safe-renegotiation/README | 21 + tests/safe-renegotiation/srn0.c | 192 + tests/safe-renegotiation/srn1.c | 165 + tests/safe-renegotiation/srn2.c | 243 + tests/safe-renegotiation/srn3.c | 166 + tests/safe-renegotiation/srn4.c | 196 + tests/safe-renegotiation/srn5.c | 203 + tests/sanity-cpp.cpp | 246 + tests/sanity-lib.sh | 40 + tests/scripts/common.sh | 284 + tests/scripts/starttls-common.sh | 57 + tests/sec-params.c | 110 + tests/seccomp.c | 122 + tests/send-client-cert.c | 194 + tests/send-data-before-handshake.c | 293 + tests/serv-udp.sh | 71 + tests/server-kx-neg-common.c | 278 + tests/server-multi-keys.sh | 103 + tests/server-secrets.h | 315 + tests/server-sign-md5-rep.c | 227 + tests/server-weak-keys.sh | 72 + tests/server_ecdsa_key.c | 101 + tests/session-export-funcs.c | 194 + tests/session-rdn-read.c | 187 + tests/session-tickets-missing.c | 314 + tests/session-tickets-ok.c | 279 + tests/set-default-prio.c | 297 + tests/set_key.c | 306 + tests/set_key_utf8.c | 160 + tests/set_known_dh_params_anon.c | 91 + tests/set_known_dh_params_psk.c | 112 + tests/set_known_dh_params_x509.c | 104 + tests/set_pkcs12_cred.c | 102 + tests/set_x509_key.c | 219 + tests/set_x509_key_file-late.c | 146 + tests/set_x509_key_file.c | 181 + tests/set_x509_key_file_der.c | 127 + tests/set_x509_key_file_legacy.c | 176 + tests/set_x509_key_file_ocsp.c | 383 + tests/set_x509_key_file_ocsp_multi2.c | 249 + tests/set_x509_key_mem.c | 118 + tests/set_x509_key_utf8.c | 190 + tests/set_x509_ocsp_multi_cli.c | 218 + tests/set_x509_ocsp_multi_invalid.c | 261 + tests/set_x509_ocsp_multi_pem.c | 200 + tests/set_x509_ocsp_multi_unknown.c | 237 + tests/set_x509_pkcs12_key.c | 118 + tests/setcredcrash.c | 55 + tests/sign-is-secure.c | 102 + tests/sign-pk-api.c | 68 + tests/sign-verify-data-newapi.c | 172 + tests/sign-verify-data.c | 164 + tests/sign-verify-deterministic.c | 209 + tests/sign-verify-ed25519-rfc8080.c | 144 + tests/sign-verify-ext.c | 242 + tests/sign-verify-ext4.c | 298 + tests/sign-verify-newapi.c | 264 + tests/sign-verify.c | 263 + tests/simple.c | 150 + tests/slow/Makefile.am | 69 + tests/slow/Makefile.in | 2901 ++ tests/slow/README | 1 + tests/slow/cipher-api-test.c | 565 + tests/slow/cipher-openssl-compat.c | 210 + tests/slow/cipher-test.c | 64 + tests/slow/crypto.c | 17 + tests/slow/gendh.c | 52 + tests/slow/gnutls-asan.supp | 1 + tests/slow/hash-large.c | 176 + tests/slow/test-ciphers-api.sh | 26 + tests/slow/test-ciphers-common.sh | 114 + tests/slow/test-ciphers-openssl.sh | 27 + tests/slow/test-ciphers.sh | 27 + tests/slow/test-hash-large.sh | 87 + tests/sni-hostname.sh | 83 + tests/sni-resume.sh | 80 + tests/spki-abstract.c | 145 + tests/spki.c | 227 + tests/srp.c | 368 + tests/srpbase64.c | 186 + tests/ssl2-hello.c | 195 + tests/ssl30-cert-key-exchange.c | 56 + tests/ssl30-cipher-neg.c | 135 + tests/ssl30-server-kx-neg.c | 173 + tests/starttls-ftp.sh | 48 + tests/starttls-ftp.txt | 3 + tests/starttls-lmtp.sh | 48 + tests/starttls-lmtp.txt | 4 + tests/starttls-nntp.sh | 48 + tests/starttls-nntp.txt | 3 + tests/starttls-pop3.sh | 48 + tests/starttls-pop3.txt | 3 + tests/starttls-sieve.sh | 48 + tests/starttls-sieve.txt | 3 + tests/starttls-smtp.sh | 48 + tests/starttls-smtp.txt | 3 + tests/starttls-xmpp.sh | 46 + tests/starttls-xmpp.txt | 3 + tests/starttls.sh | 47 + tests/status-request-ext.c | 344 + tests/status-request-ok.c | 325 + tests/status-request-revoked.c | 472 + tests/status-request.c | 296 + tests/str-idna.c | 151 + tests/str-unicode.c | 123 + tests/strict-der.c | 115 + tests/suite/Makefile.am | 122 + tests/suite/Makefile.in | 2881 ++ tests/suite/README | 2 + tests/suppressions.valgrind | 298 + tests/system-override-curves-allowlist.c | 165 + tests/system-override-curves-allowlist.sh | 211 + tests/system-override-curves.sh | 112 + ...tem-override-default-priority-string.bad.config | 3 + ...em-override-default-priority-string.none.config | 2 + ...rride-default-priority-string.only-tls13.config | 2 + tests/system-override-default-priority-string.sh | 93 + tests/system-override-hash-allowlist.sh | 41 + tests/system-override-hash-filters-prf.sh | 89 + tests/system-override-hash.c | 53 + tests/system-override-hash.sh | 39 + tests/system-override-invalid.sh | 64 + tests/system-override-kx.sh | 104 + tests/system-override-profiles.sh | 105 + tests/system-override-sig-allowlist.sh | 43 + tests/system-override-sig-tls.c | 200 + tests/system-override-sig-tls.sh | 39 + tests/system-override-sig.c | 53 + tests/system-override-sig.sh | 40 + tests/system-override-special-allowlist.sh | 177 + tests/system-override-tls.sh | 125 + tests/system-override-versions-allowlist.sh | 109 + tests/system-override-versions.sh | 106 + tests/system-prio-file.c | 89 + tests/system.prio | 3 + tests/systemkey.sh | 43 + tests/test-chains-issuer-aia.h | 137 + tests/test-chains-issuer.h | 482 + tests/test-chains.h | 4454 +++ tests/testpkcs11-certs/ca-tmpl | 67 + tests/testpkcs11-certs/ca.crt | 15 + tests/testpkcs11-certs/ca.key | 94 + tests/testpkcs11-certs/client-tmpl | 67 + tests/testpkcs11-certs/client.crt | 16 + tests/testpkcs11-certs/client.key | 94 + tests/testpkcs11-certs/server-tmpl | 67 + tests/testpkcs11-certs/server.crt | 16 + tests/testpkcs11-certs/server.key | 94 + tests/testpkcs11.pkcs15 | 45 + tests/testpkcs11.sc-hsm | 50 + tests/testpkcs11.sh | 1234 + tests/testpkcs11.softhsm | 77 + tests/time.c | 94 + tests/tls-channel-binding.c | 455 + tests/tls-client-with-seccomp.c | 299 + tests/tls-crt_type-neg.c | 442 + tests/tls-etm.c | 346 + tests/tls-ext-not-in-dtls.c | 288 + tests/tls-ext-register.c | 366 + tests/tls-force-etm.c | 396 + tests/tls-neg-ext-key.c | 371 + tests/tls-neg-ext4-key.c | 503 + tests/tls-pthread.c | 388 + tests/tls-record-size-limit-asym.c | 277 + tests/tls-record-size-limit.c | 519 + tests/tls-session-ext-override.c | 317 + tests/tls-session-ext-register.c | 397 + tests/tls-session-supplemental.c | 305 + tests/tls-supplemental.c | 305 + tests/tls-with-seccomp.c | 294 + tests/tls10-cert-key-exchange.c | 65 + tests/tls10-cipher-neg.c | 133 + tests/tls10-prf.c | 81 + tests/tls10-server-kx-neg.c | 432 + tests/tls11-cert-key-exchange.c | 73 + tests/tls11-cipher-neg.c | 133 + tests/tls11-server-kx-neg.c | 432 + tests/tls12-anon-upgrade.c | 304 + tests/tls12-cert-key-exchange.c | 181 + tests/tls12-cipher-neg.c | 249 + tests/tls12-ffdhe.c | 395 + tests/tls12-invalid-key-exchanges.c | 180 + tests/tls12-max-record.c | 145 + tests/tls12-prf.c | 113 + tests/tls12-rehandshake-cert-2.c | 404 + tests/tls12-rehandshake-cert-3.c | 334 + tests/tls12-rehandshake-cert-auto.c | 278 + tests/tls12-rehandshake-cert.c | 182 + tests/tls12-rehandshake-set-prio.c | 135 + tests/tls12-server-kx-neg.c | 562 + tests/tls13-cert-key-exchange.c | 185 + tests/tls13-cipher-neg.c | 171 + tests/tls13-compat-mode.c | 140 + tests/tls13-early-data-neg.c | 479 + tests/tls13-early-data-neg2.c | 378 + tests/tls13-early-data.c | 856 + tests/tls13-early-start.c | 346 + tests/tls13-rehandshake-cert.c | 202 + tests/tls13-server-kx-neg.c | 309 + tests/tls13-without-timeout-func.c | 145 + tests/tls13/anti_replay.c | 138 + tests/tls13/change_cipher_spec.c | 360 + tests/tls13/compress-cert-cli.c | 246 + tests/tls13/compress-cert-neg.c | 275 + tests/tls13/compress-cert-neg2.c | 216 + tests/tls13/compress-cert.c | 286 + tests/tls13/cookie.c | 265 + tests/tls13/ext-parse.h | 229 + tests/tls13/hello_retry_request.c | 255 + tests/tls13/hello_retry_request_resume.c | 318 + tests/tls13/key_limits.c | 341 + tests/tls13/key_share.c | 233 + tests/tls13/key_update.c | 276 + tests/tls13/key_update_multiple.c | 232 + tests/tls13/multi-ocsp.c | 212 + tests/tls13/no-auto-send-ticket.c | 315 + tests/tls13/no-psk-exts.c | 259 + tests/tls13/ocsp-client.c | 223 + tests/tls13/post-handshake-with-cert-auto.c | 366 + tests/tls13/post-handshake-with-cert-pkcs11.c | 465 + tests/tls13/post-handshake-with-cert-ticket.c | 385 + tests/tls13/post-handshake-with-cert.c | 384 + tests/tls13/post-handshake-with-psk.c | 367 + tests/tls13/post-handshake-without-cert.c | 262 + tests/tls13/prf-early.c | 471 + tests/tls13/prf.c | 376 + tests/tls13/psk-dumbfw.c | 337 + tests/tls13/psk-ext.c | 205 + tests/tls13/psk-ke-modes.c | 170 + tests/tls13/rnd-check-rollback-val.c | 305 + tests/tls13/rnd-rollback-detection.c | 237 + tests/tls13/supported_versions.c | 353 + tests/tls13/tls12-no-tls13-exts.c | 242 + tests/tlsext-decoding.c | 293 + tests/tlsfeature-crt.c | 99 + tests/tlsfeature-ext.c | 151 + tests/tpm2.sh | 231 + tests/tpmtool_test.sh | 444 + tests/trust-store.c | 73 + tests/trustdb-tofu.c | 290 + tests/urls.c | 54 + tests/utils-adv.c | 375 + tests/utils.c | 353 + tests/utils.h | 213 + tests/version-checks.c | 194 + tests/virt-time.h | 73 + tests/win-certopenstore.c | 70 + tests/windows/Makefile.am | 77 + tests/windows/Makefile.in | 2846 ++ tests/windows/check-output | 17 + tests/windows/cng-windows.c | 192 + tests/windows/crypt32.c | 218 + tests/windows/ncrypt-int.h | 1 + tests/windows/ncrypt.c | 189 + tests/x509-cert-callback-legacy.c | 389 + tests/x509-cert-callback-ocsp.c | 234 + tests/x509-cert-callback.c | 427 + tests/x509-dn-decode-compat.c | 151 + tests/x509-dn-decode.c | 302 + tests/x509-dn.c | 109 + tests/x509-extensions.c | 893 + tests/x509-server-verify.c | 180 + tests/x509-upnconstraint.c | 289 + tests/x509-verify-with-crl.c | 233 + tests/x509_altname.c | 123 + tests/x509cert-ct.c | 311 + tests/x509cert-dir/ca.pem | 13 + tests/x509cert-dntypes.c | 134 + tests/x509cert-invalid.c | 137 + tests/x509cert-tl.c | 402 + tests/x509cert.c | 260 + tests/x509dn.c | 374 + tests/x509self.c | 370 + tests/x509sign-verify-common.h | 231 + tests/x509sign-verify-ecdsa.c | 60 + tests/x509sign-verify-error.c | 197 + tests/x509sign-verify-gost.c | 65 + tests/x509sign-verify-rsa.c | 68 + tests/x509sign-verify.c | 156 + 1067 files changed, 233966 insertions(+) create mode 100644 tests/Makefile.am create mode 100644 tests/Makefile.in create mode 100644 tests/aead-cipher-vec.c create mode 100644 tests/alerts.c create mode 100644 tests/alpn-server-prec.c create mode 100644 tests/anonself.c create mode 100644 tests/atfork.c create mode 100644 tests/auto-verify.c create mode 100644 tests/base64-raw.c create mode 100644 tests/base64.c create mode 100644 tests/buffer.c create mode 100644 tests/cert-common.h create mode 100755 tests/cert-reencoding.sh create mode 100644 tests/cert-repro-20170915.h create mode 100644 tests/cert-status.c create mode 100644 tests/cert-tests/Makefile.am create mode 100644 tests/cert-tests/Makefile.in create mode 100755 tests/cert-tests/aki.sh create mode 100755 tests/cert-tests/alt-chain.sh create mode 100755 tests/cert-tests/cert-critical.sh create mode 100755 tests/cert-tests/cert-non-digits-time.sh create mode 100755 tests/cert-tests/cert-sanity.sh create mode 100755 tests/cert-tests/cert-time.sh create mode 100755 tests/cert-tests/certtool-crl-decoding.sh create mode 100755 tests/cert-tests/certtool-ecdsa.sh create mode 100755 tests/cert-tests/certtool-eddsa.sh create mode 100755 tests/cert-tests/certtool-long-cn.sh create mode 100755 tests/cert-tests/certtool-long-oids.sh create mode 100755 tests/cert-tests/certtool-rsa-pss.sh create mode 100755 tests/cert-tests/certtool-subca.sh create mode 100755 tests/cert-tests/certtool-utf8.sh create mode 100755 tests/cert-tests/certtool-verify-profiles.sh create mode 100755 tests/cert-tests/certtool.sh create mode 100755 tests/cert-tests/crl.sh create mode 100755 tests/cert-tests/crq.sh create mode 100755 tests/cert-tests/dane.sh create mode 100644 tests/cert-tests/data/aes-128.p12 create mode 100644 tests/cert-tests/data/aki-cert.pem create mode 100644 tests/cert-tests/data/alt-chain-new-ca.pem create mode 100644 tests/cert-tests/data/alt-chain-old-ca.pem create mode 100644 tests/cert-tests/data/alt-chain.pem create mode 100644 tests/cert-tests/data/arb-extensions.csr create mode 100644 tests/cert-tests/data/arb-extensions.pem create mode 100644 tests/cert-tests/data/attribute-leak-1.pub create mode 100644 tests/cert-tests/data/bad-key.pem create mode 100644 tests/cert-tests/data/bmpstring.pem create mode 100644 tests/cert-tests/data/ca-certs.pem create mode 100644 tests/cert-tests/data/ca-crl-invalid.crl create mode 100644 tests/cert-tests/data/ca-crl-invalid.pem create mode 100644 tests/cert-tests/data/ca-crl-valid.crl create mode 100644 tests/cert-tests/data/ca-crl-valid.pem create mode 100644 tests/cert-tests/data/ca-gnutls-keyid.pem create mode 100644 tests/cert-tests/data/ca-no-keyid.pem create mode 100644 tests/cert-tests/data/ca-no-pathlen.pem create mode 100644 tests/cert-tests/data/ca-public.gpg create mode 100644 tests/cert-tests/data/ca-secret.gpg create mode 100644 tests/cert-tests/data/ca-weird-keyid.pem create mode 100644 tests/cert-tests/data/cert-ca.p12 create mode 100644 tests/cert-tests/data/cert-ecc256-full.pem create mode 100644 tests/cert-tests/data/cert-ecc256.pem create mode 100644 tests/cert-tests/data/cert-eddsa.pem create mode 100644 tests/cert-tests/data/cert-invalid-utf8.der create mode 100644 tests/cert-tests/data/cert-rsa-pss.pem create mode 100644 tests/cert-tests/data/cert-with-crl.p12 create mode 100644 tests/cert-tests/data/cert-with-non-digits-time-ca.pem create mode 100644 tests/cert-tests/data/cert-with-non-digits-time.pem create mode 100644 tests/cert-tests/data/cert.dsa.1024.pem create mode 100644 tests/cert-tests/data/cert.dsa.2048.pem create mode 100644 tests/cert-tests/data/cert.dsa.3072.pem create mode 100644 tests/cert-tests/data/chain-512-ca.pem create mode 100644 tests/cert-tests/data/chain-512-leaf.pem create mode 100644 tests/cert-tests/data/chain-512-subca.pem create mode 100644 tests/cert-tests/data/chain-eddsa.pem create mode 100644 tests/cert-tests/data/chain-md5.pem create mode 100644 tests/cert-tests/data/chain-with-critical-on-endcert.pem create mode 100644 tests/cert-tests/data/chain-with-critical-on-intermediate.pem create mode 100644 tests/cert-tests/data/chain-with-critical-on-root.pem create mode 100644 tests/cert-tests/data/client.p12 create mode 100644 tests/cert-tests/data/code-signing-ca.pem create mode 100644 tests/cert-tests/data/code-signing-cert.pem create mode 100644 tests/cert-tests/data/commonName.cer create mode 100644 tests/cert-tests/data/complex-cert.pem create mode 100644 tests/cert-tests/data/crit-extensions.pem create mode 100644 tests/cert-tests/data/crl-demo1.pem create mode 100644 tests/cert-tests/data/crl-demo2.pem create mode 100644 tests/cert-tests/data/crl-demo3.pem create mode 100644 tests/cert-tests/data/crq-cert-no-ca-explicit.pem create mode 100644 tests/cert-tests/data/crq-cert-no-ca-honor.pem create mode 100644 tests/cert-tests/data/crq-cert-no-ca.pem create mode 100644 tests/cert-tests/data/csr-invalid.der create mode 100644 tests/cert-tests/data/cve-2019-3829.pem create mode 100644 tests/cert-tests/data/dane-test.rr create mode 100644 tests/cert-tests/data/detached.p7b create mode 100644 tests/cert-tests/data/dsa-pubkey-1018.pem create mode 100644 tests/cert-tests/data/dsa.1024.pem create mode 100644 tests/cert-tests/data/dsa.2048.pem create mode 100644 tests/cert-tests/data/dsa.3072.pem create mode 100644 tests/cert-tests/data/dup-exts.pem create mode 100644 tests/cert-tests/data/enc2pkcs8.pem create mode 100644 tests/cert-tests/data/encpkcs8.pem create mode 100644 tests/cert-tests/data/full.p7b create mode 100644 tests/cert-tests/data/full.p7b.out create mode 100644 tests/cert-tests/data/funny-spacing.pem create mode 100644 tests/cert-tests/data/gost-cert-ca.pem create mode 100644 tests/cert-tests/data/gost-cert-new.pem create mode 100644 tests/cert-tests/data/gost-cert-nogost.pem create mode 100644 tests/cert-tests/data/gost-cert.pem create mode 100644 tests/cert-tests/data/gost01.p12 create mode 100644 tests/cert-tests/data/gost12-2.p12 create mode 100644 tests/cert-tests/data/gost12.p12 create mode 100644 tests/cert-tests/data/gost94-cert.pem create mode 100644 tests/cert-tests/data/grfc.crt create mode 100644 tests/cert-tests/data/inhibit-anypolicy.pem create mode 100644 tests/cert-tests/data/invalid-date-day.der create mode 100644 tests/cert-tests/data/invalid-date-hour.der create mode 100644 tests/cert-tests/data/invalid-date-mins.der create mode 100644 tests/cert-tests/data/invalid-date-month.der create mode 100644 tests/cert-tests/data/invalid-date-secs.der create mode 100644 tests/cert-tests/data/invalid-sig.pem create mode 100644 tests/cert-tests/data/invalid-sig2.pem create mode 100644 tests/cert-tests/data/invalid-sig3.pem create mode 100644 tests/cert-tests/data/invalid-sig4.pem create mode 100644 tests/cert-tests/data/invalid-sig5.pem create mode 100644 tests/cert-tests/data/key-ca-1234.p8 create mode 100644 tests/cert-tests/data/key-ca-dsa.pem create mode 100644 tests/cert-tests/data/key-ca-empty.p8 create mode 100644 tests/cert-tests/data/key-ca-null.p8 create mode 100644 tests/cert-tests/data/key-ca.pem create mode 100644 tests/cert-tests/data/key-corpus-rc2-1.p12 create mode 100644 tests/cert-tests/data/key-corpus-rc2-1.p12.out create mode 100644 tests/cert-tests/data/key-corpus-rc2-2.p12 create mode 100644 tests/cert-tests/data/key-corpus-rc2-3.p12 create mode 100644 tests/cert-tests/data/key-dsa.pem create mode 100644 tests/cert-tests/data/key-ecc.p8 create mode 100644 tests/cert-tests/data/key-ecc.pem create mode 100644 tests/cert-tests/data/key-gost01-2-enc.p8 create mode 100644 tests/cert-tests/data/key-gost01-2-enc.p8.txt create mode 100644 tests/cert-tests/data/key-gost01-2.p8 create mode 100644 tests/cert-tests/data/key-gost01-2.p8.txt create mode 100644 tests/cert-tests/data/key-gost01.p8 create mode 100644 tests/cert-tests/data/key-gost01.p8.txt create mode 100644 tests/cert-tests/data/key-gost12-256-2-enc.p8 create mode 100644 tests/cert-tests/data/key-gost12-256-2-enc.p8.txt create mode 100644 tests/cert-tests/data/key-gost12-256-2.p8 create mode 100644 tests/cert-tests/data/key-gost12-256-2.p8.txt create mode 100644 tests/cert-tests/data/key-gost12-256.p8 create mode 100644 tests/cert-tests/data/key-gost12-256.p8.txt create mode 100644 tests/cert-tests/data/key-gost12-512.p8 create mode 100644 tests/cert-tests/data/key-illegal-rsa-pss.pem create mode 100644 tests/cert-tests/data/key-illegal.pem create mode 100644 tests/cert-tests/data/key-invalid1.der create mode 100644 tests/cert-tests/data/key-invalid2.der create mode 100644 tests/cert-tests/data/key-invalid3.der create mode 100644 tests/cert-tests/data/key-invalid4.der create mode 100644 tests/cert-tests/data/key-invalid5.der create mode 100644 tests/cert-tests/data/key-invalid6.der create mode 100644 tests/cert-tests/data/key-rsa-pss-raw.pem create mode 100644 tests/cert-tests/data/key-rsa-pss.pem create mode 100644 tests/cert-tests/data/key-subca-dsa.pem create mode 100644 tests/cert-tests/data/key-subca.pem create mode 100644 tests/cert-tests/data/key-subsubca.pem create mode 100644 tests/cert-tests/data/key-user.pem create mode 100644 tests/cert-tests/data/key-utf8-1.p12 create mode 100644 tests/cert-tests/data/key-utf8-2.p12 create mode 100644 tests/cert-tests/data/long-dns.pem create mode 100644 tests/cert-tests/data/long-oids.pem create mode 100644 tests/cert-tests/data/long-serial.pem create mode 100644 tests/cert-tests/data/mac-sha512.p12 create mode 100644 tests/cert-tests/data/mem-leak.p12 create mode 100644 tests/cert-tests/data/multi-value-dn.pem create mode 100644 tests/cert-tests/data/name-constraints-ip.pem create mode 100644 tests/cert-tests/data/name-constraints-ip2.pem create mode 100644 tests/cert-tests/data/no-ca-or-pathlen.pem create mode 100644 tests/cert-tests/data/no-salt.p12 create mode 100644 tests/cert-tests/data/noclient.p12 create mode 100644 tests/cert-tests/data/openpgp-invalid10.pub create mode 100644 tests/cert-tests/data/openpgp-invalid11.pub create mode 100644 tests/cert-tests/data/openpgp-invalid9.pub create mode 100644 tests/cert-tests/data/openssl-3des.p8 create mode 100644 tests/cert-tests/data/openssl-3des.p8.txt create mode 100644 tests/cert-tests/data/openssl-aes128.p8 create mode 100644 tests/cert-tests/data/openssl-aes128.p8.txt create mode 100644 tests/cert-tests/data/openssl-aes256.p8 create mode 100644 tests/cert-tests/data/openssl-aes256.p8.txt create mode 100644 tests/cert-tests/data/openssl-invalid-time-format.pem create mode 100644 tests/cert-tests/data/openssl-key-ecc.p8 create mode 100644 tests/cert-tests/data/openssl-keyid.p7b create mode 100644 tests/cert-tests/data/openssl-keyid.p7b.out create mode 100644 tests/cert-tests/data/openssl.p12 create mode 100644 tests/cert-tests/data/openssl.p7b create mode 100644 tests/cert-tests/data/openssl.p7b.out create mode 100644 tests/cert-tests/data/p7-combined.out create mode 100644 tests/cert-tests/data/p8key-illegal.pem create mode 100644 tests/cert-tests/data/pbes1-no-salt.p12 create mode 100644 tests/cert-tests/data/pkcs1-pad-broken.pem create mode 100644 tests/cert-tests/data/pkcs1-pad-broken2.pem create mode 100644 tests/cert-tests/data/pkcs1-pad-broken3.pem create mode 100644 tests/cert-tests/data/pkcs1-pad-ok.pem create mode 100644 tests/cert-tests/data/pkcs1-pad-ok2.pem create mode 100644 tests/cert-tests/data/pkcs12_2certs.p12 create mode 100644 tests/cert-tests/data/pkcs12_5certs.p12 create mode 100644 tests/cert-tests/data/pkcs7-cat-ca.pem create mode 100644 tests/cert-tests/data/pkcs7-cat.p7 create mode 100644 tests/cert-tests/data/pkcs7-chain-endcert-key.pem create mode 100644 tests/cert-tests/data/pkcs7-chain-root.pem create mode 100644 tests/cert-tests/data/pkcs7-chain.pem create mode 100644 tests/cert-tests/data/pkcs7-detached.txt create mode 100644 tests/cert-tests/data/pkcs7-eddsa-sig.p7s create mode 100644 tests/cert-tests/data/pkcs7.smime create mode 100644 tests/cert-tests/data/pkcs8-eddsa.pem create mode 100644 tests/cert-tests/data/pkcs8-eddsa.pem.txt create mode 100644 tests/cert-tests/data/pkcs8-invalid1.der create mode 100644 tests/cert-tests/data/pkcs8-invalid10.der create mode 100644 tests/cert-tests/data/pkcs8-invalid11.der create mode 100644 tests/cert-tests/data/pkcs8-invalid2.der create mode 100644 tests/cert-tests/data/pkcs8-invalid3.der create mode 100644 tests/cert-tests/data/pkcs8-invalid4.der create mode 100644 tests/cert-tests/data/pkcs8-invalid5.der create mode 100644 tests/cert-tests/data/pkcs8-invalid6.der create mode 100644 tests/cert-tests/data/pkcs8-invalid7.der create mode 100644 tests/cert-tests/data/pkcs8-invalid8.der create mode 100644 tests/cert-tests/data/pkcs8-invalid9.der create mode 100644 tests/cert-tests/data/pkcs8-pbes1-des-md5.pem create mode 100644 tests/cert-tests/data/pkcs8-pbes2-sha256.pem create mode 100644 tests/cert-tests/data/privkey1.pem create mode 100644 tests/cert-tests/data/privkey2.pem create mode 100644 tests/cert-tests/data/privkey3.pem create mode 100644 tests/cert-tests/data/provable-dsa2048-fips.pem create mode 100644 tests/cert-tests/data/provable-dsa2048.pem create mode 100644 tests/cert-tests/data/provable2048.pem create mode 100644 tests/cert-tests/data/provable3072.pem create mode 100644 tests/cert-tests/data/pubkey-ecc256.pem create mode 100644 tests/cert-tests/data/pubkey-eddsa.pem create mode 100644 tests/cert-tests/data/rfc4134-4.5.p7b create mode 100644 tests/cert-tests/data/rfc4134-ca-rsa.pem create mode 100644 tests/cert-tests/data/rfc4490.p7b create mode 100644 tests/cert-tests/data/rfc4490.p7b.out create mode 100644 tests/cert-tests/data/selfsigs/alice-mallory-badsig18.pub create mode 100644 tests/cert-tests/data/selfsigs/alice-mallory-irrelevantsig.pub create mode 100644 tests/cert-tests/data/selfsigs/alice-mallory-nosig18.pub create mode 100644 tests/cert-tests/data/selfsigs/alice.pub create mode 100644 tests/cert-tests/data/sha256.p12 create mode 100644 tests/cert-tests/data/simple-policy.pem create mode 100644 tests/cert-tests/data/single-ca.p7b create mode 100644 tests/cert-tests/data/single-ca.p7b.out create mode 100644 tests/cert-tests/data/srv-public-127.0.0.1-signed.gpg create mode 100644 tests/cert-tests/data/srv-public-all-signed.gpg create mode 100644 tests/cert-tests/data/srv-public-localhost-signed.gpg create mode 100644 tests/cert-tests/data/srv-public.gpg create mode 100644 tests/cert-tests/data/srv-secret.gpg create mode 100644 tests/cert-tests/data/subpkt-leak.pub create mode 100644 tests/cert-tests/data/template-crq.pem create mode 100644 tests/cert-tests/data/template-date.pem create mode 100644 tests/cert-tests/data/template-dates-after2038.pem create mode 100644 tests/cert-tests/data/template-dn.pem create mode 100644 tests/cert-tests/data/template-generalized.pem create mode 100644 tests/cert-tests/data/template-krb5name-full.pem create mode 100644 tests/cert-tests/data/template-krb5name.pem create mode 100644 tests/cert-tests/data/template-long-dns-crq.pem create mode 100644 tests/cert-tests/data/template-nc.pem create mode 100644 tests/cert-tests/data/template-othername-xmpp.pem create mode 100644 tests/cert-tests/data/template-othername.pem create mode 100644 tests/cert-tests/data/template-overflow.pem create mode 100644 tests/cert-tests/data/template-overflow2.pem create mode 100644 tests/cert-tests/data/template-rsa-sha3-224.pem create mode 100644 tests/cert-tests/data/template-rsa-sha3-256.pem create mode 100644 tests/cert-tests/data/template-rsa-sha3-384.pem create mode 100644 tests/cert-tests/data/template-rsa-sha3-512.pem create mode 100644 tests/cert-tests/data/template-sgenerate.pem create mode 100644 tests/cert-tests/data/template-test-ecc.key create mode 100644 tests/cert-tests/data/template-test.key create mode 100644 tests/cert-tests/data/template-test.pem create mode 100644 tests/cert-tests/data/template-tlsfeature.csr create mode 100644 tests/cert-tests/data/template-tlsfeature.pem create mode 100644 tests/cert-tests/data/template-unique.pem create mode 100644 tests/cert-tests/data/template-utf8.pem create mode 100644 tests/cert-tests/data/test-null.p12 create mode 100644 tests/cert-tests/data/truncated.pub create mode 100644 tests/cert-tests/data/unclient.p12 create mode 100644 tests/cert-tests/data/unencpkcs8.pem create mode 100644 tests/cert-tests/data/userid.pem create mode 100644 tests/cert-tests/data/very-long-dn.pem create mode 100644 tests/cert-tests/data/x509-v1-with-iid.pem create mode 100644 tests/cert-tests/data/x509-v1-with-sid.pem create mode 100644 tests/cert-tests/data/x509-v3-with-fractional-time.pem create mode 100644 tests/cert-tests/data/x509-with-zero-version.pem create mode 100644 tests/cert-tests/data/xmpp-othername.pem create mode 100755 tests/cert-tests/dsa.sh create mode 100755 tests/cert-tests/ecdsa.sh create mode 100644 tests/cert-tests/email-certs/chain.exclude.test.example.com create mode 100644 tests/cert-tests/email-certs/chain.invalid.example.com create mode 100644 tests/cert-tests/email-certs/chain.test.example.com create mode 100644 tests/cert-tests/email-certs/chain.test.example.com-2 create mode 100755 tests/cert-tests/email.sh create mode 100755 tests/cert-tests/gost.sh create mode 100755 tests/cert-tests/illegal-rsa.sh create mode 100755 tests/cert-tests/inhibit-anypolicy.sh create mode 100755 tests/cert-tests/invalid-sig.sh create mode 100755 tests/cert-tests/key-id.sh create mode 100755 tests/cert-tests/key-invalid.sh create mode 100755 tests/cert-tests/krb5-test.sh create mode 100755 tests/cert-tests/md5-test.sh create mode 100755 tests/cert-tests/name-constraints.sh create mode 100755 tests/cert-tests/othername-test.sh create mode 100755 tests/cert-tests/pathlen.sh create mode 100755 tests/cert-tests/pem-decoding.sh create mode 100755 tests/cert-tests/pkcs1-pad.sh create mode 100755 tests/cert-tests/pkcs12-corner-cases.sh create mode 100755 tests/cert-tests/pkcs12-encode.sh create mode 100755 tests/cert-tests/pkcs12-gost.sh create mode 100755 tests/cert-tests/pkcs12-utf8.sh create mode 100755 tests/cert-tests/pkcs12.sh create mode 100755 tests/cert-tests/pkcs7-broken-sigs.sh create mode 100755 tests/cert-tests/pkcs7-cat.sh create mode 100755 tests/cert-tests/pkcs7-constraints.sh create mode 100755 tests/cert-tests/pkcs7-constraints2.sh create mode 100755 tests/cert-tests/pkcs7-eddsa.sh create mode 100755 tests/cert-tests/pkcs7-list-sign.sh create mode 100755 tests/cert-tests/pkcs7.sh create mode 100755 tests/cert-tests/pkcs8-decode.sh create mode 100755 tests/cert-tests/pkcs8-eddsa.sh create mode 100755 tests/cert-tests/pkcs8-gost.sh create mode 100755 tests/cert-tests/pkcs8-invalid.sh create mode 100755 tests/cert-tests/pkcs8.sh create mode 100755 tests/cert-tests/privkey-import.sh create mode 100755 tests/cert-tests/provable-dh-default.sh create mode 100755 tests/cert-tests/provable-dh.sh create mode 100755 tests/cert-tests/provable-privkey-dsa2048.sh create mode 100755 tests/cert-tests/provable-privkey-gen-default.sh create mode 100755 tests/cert-tests/provable-privkey-rsa2048.sh create mode 100755 tests/cert-tests/provable-privkey.sh create mode 100755 tests/cert-tests/reject-invalid-time.sh create mode 100755 tests/cert-tests/rsa-pss-pad.sh create mode 100755 tests/cert-tests/sha2-dsa-test.sh create mode 100755 tests/cert-tests/sha2-test.sh create mode 100755 tests/cert-tests/sha3-test.sh create mode 100755 tests/cert-tests/smime.sh create mode 100644 tests/cert-tests/suppressions.valgrind create mode 100755 tests/cert-tests/template-exts-test.sh create mode 100755 tests/cert-tests/template-policy-test.sh create mode 100755 tests/cert-tests/template-test.sh create mode 100644 tests/cert-tests/templates/arb-extensions.tmpl create mode 100644 tests/cert-tests/templates/crit-extensions.tmpl create mode 100644 tests/cert-tests/templates/inhibit-anypolicy.tmpl create mode 100644 tests/cert-tests/templates/simple-policy.tmpl create mode 100644 tests/cert-tests/templates/template-crq.tmpl create mode 100644 tests/cert-tests/templates/template-date.tmpl create mode 100644 tests/cert-tests/templates/template-dates-after2038.tmpl create mode 100644 tests/cert-tests/templates/template-dn-err.tmpl create mode 100644 tests/cert-tests/templates/template-dn.tmpl create mode 100644 tests/cert-tests/templates/template-generalized.tmpl create mode 100644 tests/cert-tests/templates/template-krb5name.tmpl create mode 100644 tests/cert-tests/templates/template-long-dns.tmpl create mode 100644 tests/cert-tests/templates/template-long-serial.tmpl create mode 100644 tests/cert-tests/templates/template-nc.tmpl create mode 100644 tests/cert-tests/templates/template-no-ca-explicit.tmpl create mode 100644 tests/cert-tests/templates/template-no-ca-honor.tmpl create mode 100644 tests/cert-tests/templates/template-no-ca.tmpl create mode 100644 tests/cert-tests/templates/template-othername-xmpp.tmpl create mode 100644 tests/cert-tests/templates/template-othername.tmpl create mode 100644 tests/cert-tests/templates/template-overflow.tmpl create mode 100644 tests/cert-tests/templates/template-overflow2.tmpl create mode 100644 tests/cert-tests/templates/template-test.tmpl create mode 100644 tests/cert-tests/templates/template-tlsfeature-crq.tmpl create mode 100644 tests/cert-tests/templates/template-tlsfeature.tmpl create mode 100644 tests/cert-tests/templates/template-unique.tmpl create mode 100644 tests/cert-tests/templates/template-utf8.tmpl create mode 100755 tests/cert-tests/tlsfeature-test.sh create mode 100755 tests/cert-tests/tolerate-invalid-time.sh create mode 100755 tests/cert-tests/x25519-and-x448.sh create mode 100755 tests/cert-tests/x509-duplicate-ext.sh create mode 100644 tests/cert.c create mode 100644 tests/cert_verify_inv_utf8.c create mode 100644 tests/certificate_set_x509_crl.c create mode 100644 tests/certs-interesting/README.md create mode 100644 tests/certs-interesting/cert1.der create mode 100644 tests/certs-interesting/cert1.der.err create mode 100644 tests/certs-interesting/cert10.der create mode 100644 tests/certs-interesting/cert2.der create mode 100644 tests/certs-interesting/cert2.der.err create mode 100644 tests/certs-interesting/cert3.der create mode 100644 tests/certs-interesting/cert3.der.err create mode 100644 tests/certs-interesting/cert4.der create mode 100644 tests/certs-interesting/cert5.der create mode 100644 tests/certs-interesting/cert5.der.err create mode 100644 tests/certs-interesting/cert6.der create mode 100644 tests/certs-interesting/cert6.der.err create mode 100644 tests/certs-interesting/cert7.der create mode 100644 tests/certs-interesting/cert8.der create mode 100644 tests/certs-interesting/cert9.der create mode 100644 tests/certs/ca-cert-ecc.pem create mode 100644 tests/certs/ca-ecc.pem create mode 100644 tests/certs/cert-ecc.pem create mode 100644 tests/certs/cert-ecc256.pem create mode 100644 tests/certs/cert-ecc384.pem create mode 100644 tests/certs/cert-ecc521.pem create mode 100644 tests/certs/cert-ed25519.pem create mode 100644 tests/certs/cert-rsa-2432.pem create mode 100644 tests/certs/ecc.pem create mode 100644 tests/certs/ecc256.pem create mode 100644 tests/certs/ecc384.pem create mode 100644 tests/certs/ecc521.pem create mode 100644 tests/certs/ed25519.pem create mode 100644 tests/certs/id-on-xmppAddr.pem create mode 100644 tests/certs/rawpk_priv.pem create mode 100644 tests/certs/rawpk_pub.pem create mode 100644 tests/certs/rsa-2432.pem create mode 100644 tests/certs/rsa-512.pem create mode 100755 tests/certtool-pkcs11.sh create mode 100644 tests/certuniqueid.c create mode 100644 tests/cfg-test.sh create mode 100644 tests/chainverify-unsorted.c create mode 100644 tests/chainverify.c create mode 100644 tests/cipher-alignment.c create mode 100755 tests/cipher-listings.sh create mode 100644 tests/cipher-neg-common.c create mode 100644 tests/cipher-padding.c create mode 100644 tests/ciphersuite-name.c create mode 100644 tests/client-fastopen.c create mode 100644 tests/client-secrets.h create mode 100644 tests/client-sign-md5-rep.c create mode 100644 tests/client_dsa_key.c create mode 100644 tests/cmocka-common.h create mode 100644 tests/common-cert-key-exchange.c create mode 100644 tests/common-cert-key-exchange.h create mode 100644 tests/common-key-tests.h create mode 100644 tests/conv-utf8.c create mode 100644 tests/crl-basic.c create mode 100644 tests/crl_apis.c create mode 100644 tests/crlverify.c create mode 100644 tests/crq-basic.c create mode 100644 tests/crq_apis.c create mode 100644 tests/crq_key_id.c create mode 100644 tests/crt_apis.c create mode 100644 tests/crt_inv_write.c create mode 100644 tests/crt_type-neg-common.c create mode 100644 tests/custom-urls-override.c create mode 100644 tests/custom-urls.c create mode 100644 tests/cve-2008-4989.c create mode 100644 tests/cve-2009-1415.c create mode 100644 tests/cve-2009-1416.c create mode 100644 tests/dane-strcodes.c create mode 100644 tests/dane.c create mode 100755 tests/danetool.sh create mode 100644 tests/data/large-cert.pem create mode 100644 tests/data/listings-DTLS1.0 create mode 100644 tests/data/listings-SSL3.0 create mode 100644 tests/data/listings-SSL3.0-TLS1.1 create mode 100644 tests/data/listings-TLS1.0 create mode 100644 tests/data/listings-TLS1.1 create mode 100644 tests/data/listings-legacy1 create mode 100644 tests/data/listings-legacy2 create mode 100644 tests/data/listings-legacy3 create mode 100644 tests/data/listings-legacy4 create mode 100644 tests/data/listings-old-SSL3.0-TLS1.1 create mode 100644 tests/data/long.crl create mode 100644 tests/data/long.pem create mode 100644 tests/data/pkcs7-cat-ca.pem create mode 100644 tests/data/test1.cat create mode 100644 tests/data/test1.cat.data create mode 100644 tests/data/test1.cat.out create mode 100644 tests/data/test2.cat create mode 100644 tests/data/test2.cat.data create mode 100644 tests/data/test2.cat.out create mode 100644 tests/datefudge-check.c create mode 100644 tests/dh-compute.c create mode 100755 tests/dh-fips-approved.sh create mode 100644 tests/dh-params.c create mode 100644 tests/dhepskself.c create mode 100644 tests/dhex509self.c create mode 100644 tests/dn.c create mode 100644 tests/dn2.c create mode 100644 tests/dss-sig-val.c create mode 100644 tests/dtls-client-with-seccomp.c create mode 100644 tests/dtls-etm.c create mode 100644 tests/dtls-handshake-versions.c create mode 100644 tests/dtls-max-record.c create mode 100644 tests/dtls-pthread.c create mode 100644 tests/dtls-rehandshake-anon.c create mode 100644 tests/dtls-rehandshake-cert-2.c create mode 100644 tests/dtls-rehandshake-cert-3.c create mode 100644 tests/dtls-rehandshake-cert.c create mode 100644 tests/dtls-repro-20170915.c create mode 100644 tests/dtls-session-ticket-lost.c create mode 100644 tests/dtls-sliding-window.c create mode 100644 tests/dtls-with-seccomp.c create mode 100755 tests/dtls/dtls-resume.sh create mode 100644 tests/dtls/dtls-stress.c create mode 100755 tests/dtls/dtls.sh create mode 100644 tests/dtls1-2-mtu-check.c create mode 100644 tests/dtls10-cert-key-exchange.c create mode 100644 tests/dtls12-cert-key-exchange.c create mode 100644 tests/duplicate-extensions.c create mode 100644 tests/eagain-auto-auth.c create mode 100644 tests/eagain-common.h create mode 100644 tests/eagain.c create mode 100644 tests/ecdh-compute.c create mode 100644 tests/empty_retrieve_function.c create mode 100644 tests/fallback-scsv.c create mode 100755 tests/fastopen.sh create mode 100644 tests/fips-mode-pthread.c create mode 100644 tests/fips-override-test.c create mode 100644 tests/fips-rsa-sizes.c create mode 100644 tests/fips-test.c create mode 100644 tests/fixtures/templates/arb-extensions.tmpl.exp create mode 100644 tests/fixtures/templates/crit-extensions.tmpl.exp create mode 100644 tests/fixtures/templates/inhibit-anypolicy.tmpl.exp create mode 100644 tests/fixtures/templates/simple-policy.tmpl.exp create mode 100644 tests/fixtures/templates/template-crq.tmpl.exp create mode 100644 tests/fixtures/templates/template-date.tmpl.exp create mode 100644 tests/fixtures/templates/template-dates-after2038.tmpl.exp create mode 100644 tests/fixtures/templates/template-dn-err.tmpl.exp create mode 100644 tests/fixtures/templates/template-dn.tmpl.exp create mode 100644 tests/fixtures/templates/template-generalized.tmpl.exp create mode 100644 tests/fixtures/templates/template-krb5name.tmpl.exp create mode 100644 tests/fixtures/templates/template-long-dns.tmpl.exp create mode 100644 tests/fixtures/templates/template-long-serial.tmpl.exp create mode 100644 tests/fixtures/templates/template-nc.tmpl.exp create mode 100644 tests/fixtures/templates/template-no-ca-explicit.tmpl.exp create mode 100644 tests/fixtures/templates/template-no-ca-honor.tmpl.exp create mode 100644 tests/fixtures/templates/template-no-ca.tmpl.exp create mode 100644 tests/fixtures/templates/template-othername-xmpp.tmpl.exp create mode 100644 tests/fixtures/templates/template-othername.tmpl.exp create mode 100644 tests/fixtures/templates/template-overflow.tmpl.exp create mode 100644 tests/fixtures/templates/template-overflow2.tmpl.exp create mode 100644 tests/fixtures/templates/template-test.tmpl.exp create mode 100644 tests/fixtures/templates/template-tlsfeature-crq.tmpl.exp create mode 100644 tests/fixtures/templates/template-tlsfeature.tmpl.exp create mode 100644 tests/fixtures/templates/template-unique.tmpl.exp create mode 100644 tests/fixtures/templates/template-utf8.tmpl.exp create mode 100644 tests/global-init-override.c create mode 100644 tests/global-init.c create mode 100644 tests/gnutls-asan.supp create mode 100755 tests/gnutls-cli-debug.sh create mode 100755 tests/gnutls-cli-invalid-crl.sh create mode 100755 tests/gnutls-cli-rawpk.sh create mode 100755 tests/gnutls-cli-resume.sh create mode 100755 tests/gnutls-cli-save-data.sh create mode 100755 tests/gnutls-cli-self-signed.sh create mode 100644 tests/gnutls-ids.c create mode 100644 tests/gnutls-strcodes.c create mode 100644 tests/gnutls_ext_raw_parse.c create mode 100644 tests/gnutls_ext_raw_parse_dtls.c create mode 100644 tests/gnutls_hmac_fast.c create mode 100644 tests/gnutls_ktls.c create mode 100644 tests/gnutls_ocsp_resp_list_import2.c create mode 100644 tests/gnutls_record_overhead.c create mode 100644 tests/gnutls_session_set_id.c create mode 100644 tests/gnutls_x509_crq_sign.c create mode 100644 tests/gnutls_x509_crt_list_import.c create mode 100644 tests/gnutls_x509_crt_sign.c create mode 100644 tests/gnutls_x509_privkey_import.c create mode 100644 tests/handshake-false-start.c create mode 100644 tests/handshake-large-cert.c create mode 100644 tests/handshake-large-packet.c create mode 100644 tests/handshake-timeout.c create mode 100644 tests/handshake-versions.c create mode 100644 tests/handshake-write.c create mode 100644 tests/hex.c create mode 100644 tests/hex.h create mode 100644 tests/hostname-check-utf8.c create mode 100644 tests/hostname-check.c create mode 100644 tests/id-on-xmppAddr.c create mode 100644 tests/infoaccess.c create mode 100644 tests/init_roundtrip.c create mode 100644 tests/insecure_key.c create mode 100644 tests/iov.c create mode 100644 tests/ip-check.c create mode 100644 tests/ip-utils.c create mode 100644 tests/kdf-api.c create mode 100644 tests/key-export-pkcs8.c create mode 100644 tests/key-import-export.c create mode 100644 tests/key-material-dtls.c create mode 100644 tests/key-material-set-dtls.c create mode 100644 tests/key-openssl.c create mode 100644 tests/key-usage-ecdhe-rsa.c create mode 100644 tests/key-usage-rsa.c create mode 100644 tests/keylog-env.c create mode 100644 tests/keylog-func.c create mode 100755 tests/ktls.sh create mode 100755 tests/logfile-option.sh create mode 100755 tests/long-crl.sh create mode 100644 tests/long-session-id.c create mode 100644 tests/mini-alpn.c create mode 100644 tests/mini-chain-unsorted.c create mode 100644 tests/mini-dtls-discard.c create mode 100644 tests/mini-dtls-fork.c create mode 100644 tests/mini-dtls-heartbeat.c create mode 100644 tests/mini-dtls-hello-verify-48.c create mode 100644 tests/mini-dtls-hello-verify.c create mode 100644 tests/mini-dtls-large.c create mode 100644 tests/mini-dtls-lowmtu.c create mode 100644 tests/mini-dtls-mtu.c create mode 100644 tests/mini-dtls-record-asym.c create mode 100644 tests/mini-dtls-record.c create mode 100644 tests/mini-dtls-srtp.c create mode 100644 tests/mini-dtls0-9.c create mode 100644 tests/mini-eagain-dtls.c create mode 100644 tests/mini-emsgsize-dtls.c create mode 100644 tests/mini-global-load.c create mode 100644 tests/mini-key-material.c create mode 100644 tests/mini-loss-time.c create mode 100644 tests/mini-overhead.c create mode 100644 tests/mini-record-2.c create mode 100644 tests/mini-record-failure.c create mode 100644 tests/mini-record-range.c create mode 100644 tests/mini-record.c create mode 100644 tests/mini-server-name.c create mode 100644 tests/mini-session-verify-function.c create mode 100644 tests/mini-termination.c create mode 100644 tests/mini-tls-nonblock.c create mode 100644 tests/mini-x509-2.c create mode 100644 tests/mini-x509-callbacks-intr.c create mode 100644 tests/mini-x509-callbacks.c create mode 100644 tests/mini-x509-cas.c create mode 100644 tests/mini-x509-ipaddr.c create mode 100644 tests/mini-x509.c create mode 100644 tests/missingissuer.c create mode 100644 tests/missingissuer_aia.c create mode 100644 tests/mpi.c create mode 100644 tests/multi-alerts.c create mode 100644 tests/naked-alerts.c create mode 100644 tests/name-constraints-ip.c create mode 100644 tests/name-constraints-merge.c create mode 100644 tests/name-constraints.c create mode 100644 tests/no-extensions.c create mode 100644 tests/no-signal.c create mode 100644 tests/nul-in-x509-names.c create mode 100644 tests/null_retrieve_function.c create mode 100644 tests/ocsp-common.h create mode 100644 tests/ocsp-filename-memleak.c create mode 100644 tests/ocsp-tests/certs/ca.key create mode 100644 tests/ocsp-tests/certs/ca.pem create mode 100644 tests/ocsp-tests/certs/chain-akamai.com.pem create mode 100644 tests/ocsp-tests/certs/chain-amazon.com-unsorted.pem create mode 100644 tests/ocsp-tests/certs/chain-amazon.com.pem create mode 100644 tests/ocsp-tests/certs/ocsp-akamai.com.der create mode 100644 tests/ocsp-tests/certs/ocsp-amazon.com.der create mode 100644 tests/ocsp-tests/certs/ocsp-server.key create mode 100644 tests/ocsp-tests/certs/ocsp-server.pem create mode 100644 tests/ocsp-tests/certs/ocsp-staple-unrelated.der create mode 100644 tests/ocsp-tests/certs/ocsp_index.txt create mode 100644 tests/ocsp-tests/certs/ocsp_index.txt.attr create mode 100644 tests/ocsp-tests/certs/server_bad.key create mode 100644 tests/ocsp-tests/certs/server_bad.template create mode 100644 tests/ocsp-tests/certs/server_good.key create mode 100644 tests/ocsp-tests/certs/server_good.template create mode 100755 tests/ocsp-tests/ocsp-load-chain.sh create mode 100755 tests/ocsp-tests/ocsp-must-staple-connection.sh create mode 100755 tests/ocsp-tests/ocsp-signer-verify.sh create mode 100755 tests/ocsp-tests/ocsp-test.sh create mode 100755 tests/ocsp-tests/ocsp-tls-connection.sh create mode 100755 tests/ocsp-tests/ocsptool.sh create mode 100644 tests/ocsp-tests/response1.der create mode 100644 tests/ocsp-tests/response1.pem create mode 100644 tests/ocsp-tests/response2.der create mode 100644 tests/ocsp-tests/response2.pem create mode 100644 tests/ocsp-tests/response3.der create mode 100644 tests/ocsp-tests/signer-verify/response-ca.der create mode 100644 tests/ocsp-tests/signer-verify/response-delegated.der create mode 100644 tests/ocsp-tests/signer-verify/response-non-delegated.der create mode 100644 tests/ocsp-tests/signer-verify/trust.pem create mode 100644 tests/ocsp-tests/suppressions.valgrind create mode 100644 tests/ocsp.c create mode 100644 tests/oids.c create mode 100644 tests/openconnect-dtls12.c create mode 100644 tests/openssl.c create mode 100755 tests/p11-kit-load.sh create mode 100644 tests/p11-kit-trust-data/Example_Root_CA.p11-kit create mode 100644 tests/p11-kit-trust-data/Example_Root_CA.pem create mode 100755 tests/p11-kit-trust.sh create mode 100644 tests/parse_ca.c create mode 100644 tests/pcert-list.c create mode 100644 tests/pkcs1-digest-info.c create mode 100644 tests/pkcs11/gnutls_pcert_list_import_x509_file.c create mode 100644 tests/pkcs11/gnutls_x509_crt_list_import_url.c create mode 100644 tests/pkcs11/list-objects.c create mode 100644 tests/pkcs11/list-tokens.c create mode 100644 tests/pkcs11/pkcs11-cert-import-url-exts.c create mode 100644 tests/pkcs11/pkcs11-cert-import-url4-exts.c create mode 100644 tests/pkcs11/pkcs11-chainverify.c create mode 100644 tests/pkcs11/pkcs11-combo.c create mode 100644 tests/pkcs11/pkcs11-ec-privkey-test.c create mode 100644 tests/pkcs11/pkcs11-eddsa-privkey-test.c create mode 100644 tests/pkcs11/pkcs11-get-exts.c create mode 100644 tests/pkcs11/pkcs11-get-issuer.c create mode 100644 tests/pkcs11/pkcs11-get-raw-issuer-exts.c create mode 100644 tests/pkcs11/pkcs11-import-url-privkey.c create mode 100644 tests/pkcs11/pkcs11-import-with-pin.c create mode 100644 tests/pkcs11/pkcs11-is-known.c create mode 100644 tests/pkcs11/pkcs11-mechanisms.c create mode 100644 tests/pkcs11/pkcs11-mock-ext.h create mode 100644 tests/pkcs11/pkcs11-mock.c create mode 100644 tests/pkcs11/pkcs11-mock.h create mode 100644 tests/pkcs11/pkcs11-mock2.c create mode 100644 tests/pkcs11/pkcs11-obj-import.c create mode 100644 tests/pkcs11/pkcs11-obj-raw.c create mode 100644 tests/pkcs11/pkcs11-pin-func.c create mode 100644 tests/pkcs11/pkcs11-privkey-always-auth.c create mode 100644 tests/pkcs11/pkcs11-privkey-export.c create mode 100644 tests/pkcs11/pkcs11-privkey-fork-reinit.c create mode 100644 tests/pkcs11/pkcs11-privkey-fork.c create mode 100644 tests/pkcs11/pkcs11-privkey-generate.c create mode 100644 tests/pkcs11/pkcs11-privkey-pthread.c create mode 100644 tests/pkcs11/pkcs11-privkey-safenet-always-auth.c create mode 100644 tests/pkcs11/pkcs11-privkey.c create mode 100644 tests/pkcs11/pkcs11-pubkey-import-ecdsa.c create mode 100644 tests/pkcs11/pkcs11-pubkey-import-rsa.c create mode 100644 tests/pkcs11/pkcs11-pubkey-import.c create mode 100644 tests/pkcs11/pkcs11-rsa-pss-privkey-test.c create mode 100644 tests/pkcs11/pkcs11-token-raw.c create mode 100644 tests/pkcs11/softhsm.h create mode 100644 tests/pkcs11/tls-neg-pkcs11-key.c create mode 100644 tests/pkcs11/tls-neg-pkcs11-no-key.c create mode 100644 tests/pkcs12_encode.c create mode 100644 tests/pkcs12_s2k.c create mode 100644 tests/pkcs12_s2k_pem.c create mode 100644 tests/pkcs12_simple.c create mode 100644 tests/pkcs7-cat-parse.c create mode 100755 tests/pkcs7-cat.sh create mode 100644 tests/pkcs7-gen.c create mode 100644 tests/pkcs7-verify-double-free.c create mode 100644 tests/pkcs7.c create mode 100644 tests/pkcs8-key-decode-encrypted.c create mode 100644 tests/pkcs8-key-decode.c create mode 100755 tests/pkgconfig.sh create mode 100644 tests/post-client-hello-change-prio.c create mode 100644 tests/prf.c create mode 100644 tests/priorities-groups.c create mode 100644 tests/priorities.c create mode 100644 tests/priority-init2.c create mode 100644 tests/priority-mix.c create mode 100644 tests/priority-set.c create mode 100644 tests/priority-set2.c create mode 100644 tests/privkey-keygen.c create mode 100644 tests/privkey-verify-broken.c create mode 100755 tests/profile-tests.sh create mode 100644 tests/protocol-set-allowlist.c create mode 100755 tests/protocol-set-allowlist.sh create mode 100644 tests/psk-file.c create mode 100644 tests/psk.passwd create mode 100644 tests/pskself.c create mode 100644 tests/pskself2.c create mode 100755 tests/psktool.sh create mode 100644 tests/pubkey-import-export.c create mode 100644 tests/random-art.c create mode 100644 tests/rawpk-api.c create mode 100644 tests/record-pad.c create mode 100644 tests/record-retvals.c create mode 100644 tests/record-sendfile.c create mode 100644 tests/record-sizes-range.c create mode 100644 tests/record-sizes.c create mode 100644 tests/record-timeouts.c create mode 100644 tests/recv-data-before-handshake.c create mode 100644 tests/rehandshake-ext-secret.c create mode 100644 tests/rehandshake-switch-cert-allow.c create mode 100644 tests/rehandshake-switch-cert-client-allow.c create mode 100644 tests/rehandshake-switch-cert-client.c create mode 100644 tests/rehandshake-switch-cert.c create mode 100644 tests/rehandshake-switch-psk-id.c create mode 100644 tests/rehandshake-switch-srp-id.c create mode 100644 tests/resume-dtls.c create mode 100644 tests/resume-lifetime.c create mode 100644 tests/resume-with-false-start.c create mode 100644 tests/resume-with-previous-stek.c create mode 100644 tests/resume-with-record-size-limit.c create mode 100644 tests/resume-with-stek-expiration.c create mode 100644 tests/resume.c create mode 100755 tests/rfc2253-escape-test.sh create mode 100644 tests/rfc7633-missing.c create mode 100644 tests/rfc7633-ok.c create mode 100644 tests/rng-fork.c create mode 100644 tests/rng-no-onload.c create mode 100644 tests/rng-op-key.c create mode 100644 tests/rng-op-nonce.c create mode 100644 tests/rng-op-random.c create mode 100644 tests/rng-op.c create mode 100644 tests/rng-pthread.c create mode 100644 tests/rng-sigint.c create mode 100644 tests/rsa-encrypt-decrypt.c create mode 100644 tests/rsa-illegal-import.c create mode 100644 tests/rsa-md5-collision/README create mode 100644 tests/rsa-md5-collision/colliding-chain-md5-1.pem create mode 100644 tests/rsa-md5-collision/colliding-chain-md5-2.pem create mode 100755 tests/rsa-md5-collision/rsa-md5-collision.sh create mode 100644 tests/rsa-psk-cb.c create mode 100644 tests/rsa-psk.c create mode 100644 tests/rsa-rsa-pss.c create mode 100644 tests/safe-renegotiation/README create mode 100644 tests/safe-renegotiation/srn0.c create mode 100644 tests/safe-renegotiation/srn1.c create mode 100644 tests/safe-renegotiation/srn2.c create mode 100644 tests/safe-renegotiation/srn3.c create mode 100644 tests/safe-renegotiation/srn4.c create mode 100644 tests/safe-renegotiation/srn5.c create mode 100644 tests/sanity-cpp.cpp create mode 100644 tests/sanity-lib.sh create mode 100644 tests/scripts/common.sh create mode 100755 tests/scripts/starttls-common.sh create mode 100644 tests/sec-params.c create mode 100644 tests/seccomp.c create mode 100644 tests/send-client-cert.c create mode 100644 tests/send-data-before-handshake.c create mode 100755 tests/serv-udp.sh create mode 100644 tests/server-kx-neg-common.c create mode 100755 tests/server-multi-keys.sh create mode 100644 tests/server-secrets.h create mode 100644 tests/server-sign-md5-rep.c create mode 100755 tests/server-weak-keys.sh create mode 100644 tests/server_ecdsa_key.c create mode 100644 tests/session-export-funcs.c create mode 100644 tests/session-rdn-read.c create mode 100644 tests/session-tickets-missing.c create mode 100644 tests/session-tickets-ok.c create mode 100644 tests/set-default-prio.c create mode 100644 tests/set_key.c create mode 100644 tests/set_key_utf8.c create mode 100644 tests/set_known_dh_params_anon.c create mode 100644 tests/set_known_dh_params_psk.c create mode 100644 tests/set_known_dh_params_x509.c create mode 100644 tests/set_pkcs12_cred.c create mode 100644 tests/set_x509_key.c create mode 100644 tests/set_x509_key_file-late.c create mode 100644 tests/set_x509_key_file.c create mode 100644 tests/set_x509_key_file_der.c create mode 100644 tests/set_x509_key_file_legacy.c create mode 100644 tests/set_x509_key_file_ocsp.c create mode 100644 tests/set_x509_key_file_ocsp_multi2.c create mode 100644 tests/set_x509_key_mem.c create mode 100644 tests/set_x509_key_utf8.c create mode 100644 tests/set_x509_ocsp_multi_cli.c create mode 100644 tests/set_x509_ocsp_multi_invalid.c create mode 100644 tests/set_x509_ocsp_multi_pem.c create mode 100644 tests/set_x509_ocsp_multi_unknown.c create mode 100644 tests/set_x509_pkcs12_key.c create mode 100644 tests/setcredcrash.c create mode 100644 tests/sign-is-secure.c create mode 100644 tests/sign-pk-api.c create mode 100644 tests/sign-verify-data-newapi.c create mode 100644 tests/sign-verify-data.c create mode 100644 tests/sign-verify-deterministic.c create mode 100644 tests/sign-verify-ed25519-rfc8080.c create mode 100644 tests/sign-verify-ext.c create mode 100644 tests/sign-verify-ext4.c create mode 100644 tests/sign-verify-newapi.c create mode 100644 tests/sign-verify.c create mode 100644 tests/simple.c create mode 100644 tests/slow/Makefile.am create mode 100644 tests/slow/Makefile.in create mode 100644 tests/slow/README create mode 100644 tests/slow/cipher-api-test.c create mode 100644 tests/slow/cipher-openssl-compat.c create mode 100644 tests/slow/cipher-test.c create mode 100644 tests/slow/crypto.c create mode 100644 tests/slow/gendh.c create mode 100644 tests/slow/gnutls-asan.supp create mode 100644 tests/slow/hash-large.c create mode 100755 tests/slow/test-ciphers-api.sh create mode 100644 tests/slow/test-ciphers-common.sh create mode 100755 tests/slow/test-ciphers-openssl.sh create mode 100755 tests/slow/test-ciphers.sh create mode 100755 tests/slow/test-hash-large.sh create mode 100755 tests/sni-hostname.sh create mode 100755 tests/sni-resume.sh create mode 100644 tests/spki-abstract.c create mode 100644 tests/spki.c create mode 100644 tests/srp.c create mode 100644 tests/srpbase64.c create mode 100644 tests/ssl2-hello.c create mode 100644 tests/ssl30-cert-key-exchange.c create mode 100644 tests/ssl30-cipher-neg.c create mode 100644 tests/ssl30-server-kx-neg.c create mode 100755 tests/starttls-ftp.sh create mode 100644 tests/starttls-ftp.txt create mode 100755 tests/starttls-lmtp.sh create mode 100644 tests/starttls-lmtp.txt create mode 100755 tests/starttls-nntp.sh create mode 100644 tests/starttls-nntp.txt create mode 100755 tests/starttls-pop3.sh create mode 100644 tests/starttls-pop3.txt create mode 100755 tests/starttls-sieve.sh create mode 100644 tests/starttls-sieve.txt create mode 100755 tests/starttls-smtp.sh create mode 100644 tests/starttls-smtp.txt create mode 100755 tests/starttls-xmpp.sh create mode 100644 tests/starttls-xmpp.txt create mode 100755 tests/starttls.sh create mode 100644 tests/status-request-ext.c create mode 100644 tests/status-request-ok.c create mode 100644 tests/status-request-revoked.c create mode 100644 tests/status-request.c create mode 100644 tests/str-idna.c create mode 100644 tests/str-unicode.c create mode 100644 tests/strict-der.c create mode 100644 tests/suite/Makefile.am create mode 100644 tests/suite/Makefile.in create mode 100644 tests/suite/README create mode 100644 tests/suppressions.valgrind create mode 100644 tests/system-override-curves-allowlist.c create mode 100755 tests/system-override-curves-allowlist.sh create mode 100755 tests/system-override-curves.sh create mode 100644 tests/system-override-default-priority-string.bad.config create mode 100644 tests/system-override-default-priority-string.none.config create mode 100644 tests/system-override-default-priority-string.only-tls13.config create mode 100755 tests/system-override-default-priority-string.sh create mode 100755 tests/system-override-hash-allowlist.sh create mode 100755 tests/system-override-hash-filters-prf.sh create mode 100644 tests/system-override-hash.c create mode 100755 tests/system-override-hash.sh create mode 100755 tests/system-override-invalid.sh create mode 100755 tests/system-override-kx.sh create mode 100755 tests/system-override-profiles.sh create mode 100755 tests/system-override-sig-allowlist.sh create mode 100644 tests/system-override-sig-tls.c create mode 100755 tests/system-override-sig-tls.sh create mode 100644 tests/system-override-sig.c create mode 100755 tests/system-override-sig.sh create mode 100755 tests/system-override-special-allowlist.sh create mode 100755 tests/system-override-tls.sh create mode 100755 tests/system-override-versions-allowlist.sh create mode 100755 tests/system-override-versions.sh create mode 100644 tests/system-prio-file.c create mode 100644 tests/system.prio create mode 100755 tests/systemkey.sh create mode 100644 tests/test-chains-issuer-aia.h create mode 100644 tests/test-chains-issuer.h create mode 100644 tests/test-chains.h create mode 100644 tests/testpkcs11-certs/ca-tmpl create mode 100644 tests/testpkcs11-certs/ca.crt create mode 100644 tests/testpkcs11-certs/ca.key create mode 100644 tests/testpkcs11-certs/client-tmpl create mode 100644 tests/testpkcs11-certs/client.crt create mode 100644 tests/testpkcs11-certs/client.key create mode 100644 tests/testpkcs11-certs/server-tmpl create mode 100644 tests/testpkcs11-certs/server.crt create mode 100644 tests/testpkcs11-certs/server.key create mode 100644 tests/testpkcs11.pkcs15 create mode 100644 tests/testpkcs11.sc-hsm create mode 100755 tests/testpkcs11.sh create mode 100755 tests/testpkcs11.softhsm create mode 100644 tests/time.c create mode 100644 tests/tls-channel-binding.c create mode 100644 tests/tls-client-with-seccomp.c create mode 100644 tests/tls-crt_type-neg.c create mode 100644 tests/tls-etm.c create mode 100644 tests/tls-ext-not-in-dtls.c create mode 100644 tests/tls-ext-register.c create mode 100644 tests/tls-force-etm.c create mode 100644 tests/tls-neg-ext-key.c create mode 100644 tests/tls-neg-ext4-key.c create mode 100644 tests/tls-pthread.c create mode 100644 tests/tls-record-size-limit-asym.c create mode 100644 tests/tls-record-size-limit.c create mode 100644 tests/tls-session-ext-override.c create mode 100644 tests/tls-session-ext-register.c create mode 100644 tests/tls-session-supplemental.c create mode 100644 tests/tls-supplemental.c create mode 100644 tests/tls-with-seccomp.c create mode 100644 tests/tls10-cert-key-exchange.c create mode 100644 tests/tls10-cipher-neg.c create mode 100644 tests/tls10-prf.c create mode 100644 tests/tls10-server-kx-neg.c create mode 100644 tests/tls11-cert-key-exchange.c create mode 100644 tests/tls11-cipher-neg.c create mode 100644 tests/tls11-server-kx-neg.c create mode 100644 tests/tls12-anon-upgrade.c create mode 100644 tests/tls12-cert-key-exchange.c create mode 100644 tests/tls12-cipher-neg.c create mode 100644 tests/tls12-ffdhe.c create mode 100644 tests/tls12-invalid-key-exchanges.c create mode 100644 tests/tls12-max-record.c create mode 100644 tests/tls12-prf.c create mode 100644 tests/tls12-rehandshake-cert-2.c create mode 100644 tests/tls12-rehandshake-cert-3.c create mode 100644 tests/tls12-rehandshake-cert-auto.c create mode 100644 tests/tls12-rehandshake-cert.c create mode 100644 tests/tls12-rehandshake-set-prio.c create mode 100644 tests/tls12-server-kx-neg.c create mode 100644 tests/tls13-cert-key-exchange.c create mode 100644 tests/tls13-cipher-neg.c create mode 100644 tests/tls13-compat-mode.c create mode 100644 tests/tls13-early-data-neg.c create mode 100644 tests/tls13-early-data-neg2.c create mode 100644 tests/tls13-early-data.c create mode 100644 tests/tls13-early-start.c create mode 100644 tests/tls13-rehandshake-cert.c create mode 100644 tests/tls13-server-kx-neg.c create mode 100644 tests/tls13-without-timeout-func.c create mode 100644 tests/tls13/anti_replay.c create mode 100644 tests/tls13/change_cipher_spec.c create mode 100644 tests/tls13/compress-cert-cli.c create mode 100644 tests/tls13/compress-cert-neg.c create mode 100644 tests/tls13/compress-cert-neg2.c create mode 100644 tests/tls13/compress-cert.c create mode 100644 tests/tls13/cookie.c create mode 100644 tests/tls13/ext-parse.h create mode 100644 tests/tls13/hello_retry_request.c create mode 100644 tests/tls13/hello_retry_request_resume.c create mode 100644 tests/tls13/key_limits.c create mode 100644 tests/tls13/key_share.c create mode 100644 tests/tls13/key_update.c create mode 100644 tests/tls13/key_update_multiple.c create mode 100644 tests/tls13/multi-ocsp.c create mode 100644 tests/tls13/no-auto-send-ticket.c create mode 100644 tests/tls13/no-psk-exts.c create mode 100644 tests/tls13/ocsp-client.c create mode 100644 tests/tls13/post-handshake-with-cert-auto.c create mode 100644 tests/tls13/post-handshake-with-cert-pkcs11.c create mode 100644 tests/tls13/post-handshake-with-cert-ticket.c create mode 100644 tests/tls13/post-handshake-with-cert.c create mode 100644 tests/tls13/post-handshake-with-psk.c create mode 100644 tests/tls13/post-handshake-without-cert.c create mode 100644 tests/tls13/prf-early.c create mode 100644 tests/tls13/prf.c create mode 100644 tests/tls13/psk-dumbfw.c create mode 100644 tests/tls13/psk-ext.c create mode 100644 tests/tls13/psk-ke-modes.c create mode 100644 tests/tls13/rnd-check-rollback-val.c create mode 100644 tests/tls13/rnd-rollback-detection.c create mode 100644 tests/tls13/supported_versions.c create mode 100644 tests/tls13/tls12-no-tls13-exts.c create mode 100644 tests/tlsext-decoding.c create mode 100644 tests/tlsfeature-crt.c create mode 100644 tests/tlsfeature-ext.c create mode 100755 tests/tpm2.sh create mode 100755 tests/tpmtool_test.sh create mode 100644 tests/trust-store.c create mode 100644 tests/trustdb-tofu.c create mode 100644 tests/urls.c create mode 100644 tests/utils-adv.c create mode 100644 tests/utils.c create mode 100644 tests/utils.h create mode 100644 tests/version-checks.c create mode 100644 tests/virt-time.h create mode 100644 tests/win-certopenstore.c create mode 100644 tests/windows/Makefile.am create mode 100644 tests/windows/Makefile.in create mode 100755 tests/windows/check-output create mode 100644 tests/windows/cng-windows.c create mode 100644 tests/windows/crypt32.c create mode 100644 tests/windows/ncrypt-int.h create mode 100644 tests/windows/ncrypt.c create mode 100644 tests/x509-cert-callback-legacy.c create mode 100644 tests/x509-cert-callback-ocsp.c create mode 100644 tests/x509-cert-callback.c create mode 100644 tests/x509-dn-decode-compat.c create mode 100644 tests/x509-dn-decode.c create mode 100644 tests/x509-dn.c create mode 100644 tests/x509-extensions.c create mode 100644 tests/x509-server-verify.c create mode 100644 tests/x509-upnconstraint.c create mode 100644 tests/x509-verify-with-crl.c create mode 100644 tests/x509_altname.c create mode 100644 tests/x509cert-ct.c create mode 100644 tests/x509cert-dir/ca.pem create mode 100644 tests/x509cert-dntypes.c create mode 100644 tests/x509cert-invalid.c create mode 100644 tests/x509cert-tl.c create mode 100644 tests/x509cert.c create mode 100644 tests/x509dn.c create mode 100644 tests/x509self.c create mode 100644 tests/x509sign-verify-common.h create mode 100644 tests/x509sign-verify-ecdsa.c create mode 100644 tests/x509sign-verify-error.c create mode 100644 tests/x509sign-verify-gost.c create mode 100644 tests/x509sign-verify-rsa.c create mode 100644 tests/x509sign-verify.c (limited to 'tests') diff --git a/tests/Makefile.am b/tests/Makefile.am new file mode 100644 index 0000000..3e126f0 --- /dev/null +++ b/tests/Makefile.am @@ -0,0 +1,674 @@ +## Process this file with automake to produce Makefile.in +# Copyright (C) 2004-2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see +# + +SUBDIRS = . cert-tests slow + +TESTS_ENVIRONMENT = + +if WINDOWS +SUBDIRS += windows +endif + +if WANT_TEST_SUITE +SUBDIRS += suite +endif + +EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h test-chains.h \ + ocsp-common.h cmocka-common.h virt-time.h test-chains-issuer.h test-chains-issuer-aia.h \ + certs/ca-cert-ecc.pem certs/cert-ecc256.pem certs/cert-ecc521.pem \ + certs/cert-rsa-2432.pem certs/ecc384.pem certs/ecc.pem hex.h \ + certs/ca-ecc.pem certs/cert-ecc384.pem certs/cert-ecc.pem certs/ecc256.pem \ + certs/ecc521.pem certs/rsa-2432.pem x509cert-dir/ca.pem psk.passwd \ + certs/rawpk_priv.pem certs/rawpk_pub.pem \ + certs/ed25519.pem certs/cert-ed25519.pem certs/rsa-512.pem \ + certs/id-on-xmppAddr.pem \ + system.prio pkcs11/softhsm.h pkcs11/pkcs11-pubkey-import.c gnutls-asan.supp \ + rsa-md5-collision/README safe-renegotiation/README starttls-smtp.txt starttls-ftp.txt \ + starttls-lmtp.txt starttls-pop3.txt starttls-xmpp.txt starttls-nntp.txt starttls-sieve.txt \ + rsa-md5-collision/colliding-chain-md5-2.pem rsa-md5-collision/colliding-chain-md5-1.pem \ + ocsp-tests/certs/ocsp-amazon.com.der ocsp-tests/certs/chain-amazon.com.pem \ + ocsp-tests/certs/chain-amazon.com-unsorted.pem cipher-neg-common.c \ + ocsp-tests/certs/chain-akamai.com.pem ocsp-tests/certs/ocsp-akamai.com.der \ + tls13/ext-parse.h \ + certs-interesting/README.md certs-interesting/cert1.der certs-interesting/cert1.der.err \ + certs-interesting/cert2.der certs-interesting/cert2.der.err certs-interesting/cert3.der \ + certs-interesting/cert3.der.err certs-interesting/cert4.der certs-interesting/cert5.der \ + certs-interesting/cert5.der.err certs-interesting/cert6.der certs-interesting/cert6.der.err \ + certs-interesting/cert7.der certs-interesting/cert8.der \ + certs-interesting/cert9.der certs-interesting/cert10.der \ + certs-interesting/cert3.der.err certs-interesting/cert4.der \ + scripts/common.sh scripts/starttls-common.sh \ + rng-op.c x509sign-verify-common.h common-key-tests.h \ + ocsp-tests/certs/ca.key ocsp-tests/certs/ca.pem ocsp-tests/certs/ocsp-server.key ocsp-tests/certs/ocsp-server.pem ocsp-tests/response1.der \ + ocsp-tests/response2.der ocsp-tests/response3.der ocsp-tests/certs/ocsp_index.txt ocsp-tests/certs/ocsp_index.txt.attr \ + ocsp-tests/response1.pem ocsp-tests/response2.pem \ + ocsp-tests/certs/server_good.key ocsp-tests/certs/server_bad.key ocsp-tests/certs/server_good.template \ + ocsp-tests/certs/server_bad.template ocsp-tests/certs/ocsp-staple-unrelated.der ocsp-tests/suppressions.valgrind \ + ocsp-tests/signer-verify/response-ca.der \ + ocsp-tests/signer-verify/response-delegated.der \ + ocsp-tests/signer-verify/response-non-delegated.der \ + ocsp-tests/signer-verify/trust.pem \ + data/listings-DTLS1.0 data/listings-SSL3.0 data/listings-TLS1.0 data/listings-TLS1.1 \ + data/listings-legacy1 data/listings-legacy2 data/listings-legacy3 data/listings-legacy4 \ + data/listings-old-SSL3.0-TLS1.1 data/listings-SSL3.0-TLS1.1 \ + p11-kit-trust-data/Example_Root_CA.p11-kit server-kx-neg-common.c \ + p11-kit-trust-data/Example_Root_CA.pem data/test1.cat data/test2.cat \ + data/test1.cat.data data/test2.cat.data data/test1.cat.out data/test2.cat.out \ + data/pkcs7-cat-ca.pem data/long.crl data/long.pem data/large-cert.pem \ + testpkcs11.pkcs15 testpkcs11.softhsm testpkcs11.sc-hsm testpkcs11-certs/ca.crt testpkcs11-certs/ca-tmpl \ + testpkcs11-certs/client.key testpkcs11-certs/server.crt testpkcs11-certs/server-tmpl \ + testpkcs11-certs/ca.key testpkcs11-certs/client.crt testpkcs11-certs/client-tmpl testpkcs11-certs/server.key \ + crt_type-neg-common.c \ + system-override-default-priority-string.bad.config system-override-default-priority-string.none.config system-override-default-priority-string.only-tls13.config \ + client-secrets.h server-secrets.h + +AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) +AM_CPPFLAGS = \ + $(P11_KIT_CFLAGS) \ + -I$(top_srcdir)/lib/includes \ + -I$(top_builddir)/lib/includes \ + -I$(top_srcdir)/libdane/includes \ + -I$(top_builddir)/libdane/includes \ + -I$(top_srcdir)/extra/includes \ + -I$(top_builddir)/extra/includes \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/doc/examples + +AM_LDFLAGS = -no-install +COMMON_GNUTLS_LDADD = ../lib/libgnutls.la +COMMON_DEPS_LDADD = $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB) $(LIBSECCOMP) $(LIBRT) +COMMON_LDADD = $(COMMON_GNUTLS_LDADD) $(COMMON_DEPS_LDADD) + +LDADD = $(COMMON_GNUTLS_LDADD) \ + libutils.la \ + $(COMMON_DEPS_LDADD) + +dane_LDADD = $(LDADD) ../libdane/libgnutls-dane.la +dane_strcodes_LDADD = $(LDADD) ../libdane/libgnutls-dane.la + +if ENABLE_MINITASN1 +AM_CPPFLAGS += -I$(srcdir)/../lib/minitasn1 +endif + +noinst_LTLIBRARIES = libutils.la +libutils_la_SOURCES = utils.h utils.c seccomp.c utils-adv.c +libutils_la_LIBADD = ../lib/libgnutls.la + +indirect_tests = system-override-hash system-override-sig system-override-sig-tls + +ctests = tls13/supported_versions tls13/tls12-no-tls13-exts \ + tls13/post-handshake-with-cert tls13/post-handshake-without-cert \ + tls13/cookie tls13/key_share tls13/prf tls13/prf-early \ + tls13/post-handshake-with-cert-ticket \ + tls12-rollback-detection tls11-rollback-detection \ + tls12-check-rollback-val tls11-check-rollback-val \ + tls13/post-handshake-with-psk tls13/post-handshake-with-cert-auto \ + tls13/anti_replay tls13/compress-cert tls13/compress-cert-neg \ + tls13/compress-cert-neg2 tls13/compress-cert-cli + +ctests += tls13/hello_retry_request + +ctests += tls13/hello_retry_request_resume + +ctests += tls13/psk-ext + +ctests += tls13/key_update + +ctests += tls13/key_update_multiple + +ctests += tls13/key_limits + +ctests += tls13/multi-ocsp + +ctests += tls13/ocsp-client + +ctests += tls13/change_cipher_spec + +ctests += tls13-cipher-neg + +ctests += tls13/no-psk-exts + +ctests += tls13/psk-dumbfw + +ctests += tls13/psk-ke-modes + +ctests += tls13-early-start + +ctests += tls13/no-auto-send-ticket + +ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniqueid tls-neg-ext-key \ + mpi certificate_set_x509_crl dn parse_ca x509-dn x509-dn-decode record-sizes \ + hostname-check cve-2008-4989 pkcs12_s2k chainverify missingissuer missingissuer_aia record-sizes-range \ + crq_key_id x509sign-verify sign-verify cve-2009-1415 cve-2009-1416 \ + tls10-server-kx-neg tls11-server-kx-neg tls12-server-kx-neg ssl30-server-kx-neg \ + tls12-cipher-neg tls11-cipher-neg tls10-cipher-neg ssl30-cipher-neg \ + crq_apis init_roundtrip pkcs12_s2k_pem dn2 tls12-rehandshake-cert-3 \ + nul-in-x509-names x509_altname pkcs12_encode mini-x509 gnutls_session_set_id \ + rng-fork mini-eagain-dtls resume-dtls empty_retrieve_function \ + tls13-rehandshake-cert gnutls_ext_raw_parse handshake-large-cert \ + x509cert x509cert-tl x509cert-ct infoaccess mini-dtls-hello-verify sign-verify-ed25519-rfc8080 \ + trustdb-tofu dtls-rehandshake-anon mini-alpn mini-dtls-large \ + mini-termination mini-x509-cas mini-x509-2 pkcs12_simple tls-pthread \ + mini-emsgsize-dtls chainverify-unsorted mini-overhead tls12-ffdhe \ + mini-dtls-heartbeat mini-x509-callbacks key-openssl priorities priorities-groups \ + gnutls_x509_privkey_import gnutls_x509_crt_list_import time x509-server-verify \ + sign-verify-ext4 tls-neg-ext4-key resume-lifetime \ + mini-dtls-srtp rsa-encrypt-decrypt mini-loss-time gnutls-strcodes \ + mini-record mini-dtls-record handshake-timeout mini-record-range \ + cert-status fips-mode-pthread rsa-psk global-init sec-params sign-verify-data \ + fips-test fips-override-test mini-global-load name-constraints x509-extensions \ + long-session-id mini-x509-callbacks-intr mini-dtls-lowmtu set_x509_key_file-late \ + crlverify mini-dtls-discard mini-record-failure openconnect-dtls12 \ + tls12-rehandshake-cert-2 custom-urls set_x509_key_mem set_x509_key_file \ + tls12-rehandshake-cert-auto tls12-rehandshake-set-prio \ + mini-chain-unsorted x509-verify-with-crl mini-dtls-mtu privkey-verify-broken \ + mini-dtls-record-asym key-import-export priority-set priority-set2 \ + pubkey-import-export sign-is-secure spki spki-abstract rsa-rsa-pss \ + mini-dtls-fork dtls-pthread mini-key-material x509cert-invalid \ + tls-ext-register tls-supplemental mini-dtls0-9 duplicate-extensions \ + record-retvals mini-server-name tls-etm tls-force-etm x509-cert-callback alerts \ + client-sign-md5-rep tls12-invalid-key-exchanges session-rdn-read \ + tls13-cert-key-exchange x509-cert-callback-ocsp gnutls_ocsp_resp_list_import2 \ + server-sign-md5-rep privkey-keygen mini-tls-nonblock no-signal pkcs7-gen dtls-etm \ + x509sign-verify-rsa x509sign-verify-ecdsa x509sign-verify-gost \ + cipher-alignment oids atfork prf psk-file priority-init2 post-client-hello-change-prio \ + status-request status-request-ok rfc7633-missing sign-verify-ext \ + fallback-scsv pkcs8-key-decode urls dtls-rehandshake-cert rfc7633-ok \ + key-usage-rsa key-usage-ecdhe-rsa mini-session-verify-function auto-verify \ + record-timeouts mini-dtls-hello-verify-48 set-default-prio \ + tls12-anon-upgrade tlsext-decoding rsa-psk-cb gnutls-ids \ + rehandshake-switch-cert rehandshake-switch-cert-allow rehandshake-switch-cert-client \ + rehandshake-switch-cert-client-allow handshake-versions dtls-handshake-versions \ + dtls-max-record tls12-max-record alpn-server-prec ocsp-filename-memleak \ + dh-params rehandshake-ext-secret pcert-list session-export-funcs \ + handshake-false-start version-checks key-material-dtls key-material-set-dtls \ + name-constraints-merge crl-basic crq-basic \ + send-client-cert custom-urls-override hex rehandshake-switch-psk-id \ + rehandshake-switch-srp-id base64 srpbase64 pkcs1-digest-info set_x509_key \ + set_x509_key_file_der set_x509_pkcs12_key crt_apis tls12-cert-key-exchange \ + tls11-cert-key-exchange tls10-cert-key-exchange ssl30-cert-key-exchange \ + dtls12-cert-key-exchange dtls10-cert-key-exchange x509-cert-callback-legacy \ + keylog-env ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 dtls-session-ticket-lost \ + tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \ + set_x509_key_file_ocsp client-fastopen rng-sigint srp rng-pthread \ + safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \ + safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \ + rsa-illegal-import set_x509_ocsp_multi_invalid set_key set_x509_key_file_ocsp_multi2 \ + set_x509_ocsp_multi_unknown set_x509_ocsp_multi_pem tls-ext-not-in-dtls \ + set_key_utf8 set_x509_key_utf8 insecure_key handshake-large-packet \ + client_dsa_key server_ecdsa_key tls-session-ext-register tls-session-supplemental \ + multi-alerts naked-alerts pkcs7-cat-parse set_known_dh_params_x509 \ + set_known_dh_params_anon set_known_dh_params_psk session-tickets-ok \ + session-tickets-missing set_x509_key_file_legacy status-request-ext \ + gnutls_x509_crt_sign gnutls_x509_crq_sign dtls-repro-20170915 \ + rng-no-onload dtls1-2-mtu-check crl_apis cert_verify_inv_utf8 no-extensions \ + hostname-check-utf8 pkcs8-key-decode-encrypted priority-mix pkcs7 \ + send-data-before-handshake recv-data-before-handshake crt_inv_write \ + x509sign-verify-error rng-op-nonce rng-op-random rng-op-key x509-dn-decode-compat \ + ip-check mini-x509-ipaddr trust-store base64-raw random-art dhex509self \ + dss-sig-val sign-pk-api tls-session-ext-override record-pad \ + tls13-server-kx-neg gnutls_ext_raw_parse_dtls key-export-pkcs8 \ + null_retrieve_function tls-record-size-limit tls-crt_type-neg \ + resume-with-stek-expiration resume-with-previous-stek rawpk-api \ + tls-record-size-limit-asym dh-compute ecdh-compute sign-verify-data-newapi \ + sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \ + tls13-without-timeout-func buffer status-request-revoked \ + set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \ + x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name \ + x509-upnconstraint cipher-padding pkcs7-verify-double-free \ + fips-rsa-sizes + +ctests += tls-channel-binding + +if HAVE_SECCOMP_TESTS +ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp +endif + +if STRICT_DER_TIME +ctests += strict-der +endif + +if !DISABLE_SYSTEM_CONFIG +ctests += system-prio-file +endif + +if HAVE_CMOCKA +CMOCKA_LDADD = $(COMMON_LDADD) $(CMOCKA_LIBS) +ctests += dtls-sliding-window ip-utils name-constraints-ip conv-utf8 str-unicode str-idna \ + tls10-prf tls12-prf gnutls_record_overhead eagain tls12-rehandshake-cert \ + eagain-auto-auth + +gnutls_record_overhead_LDADD = $(CMOCKA_LDADD) +dtls_sliding_window_LDADD = $(CMOCKA_LDADD) +ip_utils_LDADD = $(CMOCKA_LDADD) +name_constraints_ip_LDADD = $(CMOCKA_LDADD) +conv_utf8_LDADD = $(CMOCKA_LDADD) +str_unicode_LDADD = $(CMOCKA_LDADD) +str_idna_LDADD = $(CMOCKA_LDADD) +tls10_prf_LDADD = $(CMOCKA_LDADD) +tls12_prf_LDADD = $(CMOCKA_LDADD) +eagain_LDADD = $(CMOCKA_LDADD) +eagain_auto_auth_LDADD = $(CMOCKA_LDADD) +tls12_rehandshake_cert_LDADD = $(CMOCKA_LDADD) + +gnutls_record_overhead_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +ip_utils_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +endif + +tls_pthread_LDADD = $(LDADD) -lpthread +fips_mode_pthread_LDADD = $(LDADD) -lpthread +dtls_pthread_LDADD = $(LDADD) -lpthread +rng_pthread_LDADD = $(LDADD) -lpthread + +tls12_rollback_detection_CFLAGS = -DTLS12 +tls12_rollback_detection_SOURCES = tls13/rnd-rollback-detection.c +tls12_rollback_detection_LDADD = $(LDADD) ../gl/libgnu.la + +tls11_rollback_detection_CFLAGS = -DTLS11 +tls11_rollback_detection_SOURCES = tls13/rnd-rollback-detection.c +tls11_rollback_detection_LDADD = $(LDADD) ../gl/libgnu.la + +tls12_check_rollback_val_CFLAGS = -DTLS12 +tls12_check_rollback_val_SOURCES = tls13/rnd-check-rollback-val.c +tls12_check_rollback_val_LDADD = $(LDADD) ../gl/libgnu.la + +tls11_check_rollback_val_CFLAGS = -DTLS11 +tls11_check_rollback_val_SOURCES = tls13/rnd-check-rollback-val.c +tls11_check_rollback_val_LDADD = $(LDADD) ../gl/libgnu.la + +# These tests need gnulib for memmem() +tls12_resume_psk_CFLAGS = -DUSE_PSK -DTLS12 +tls12_resume_psk_SOURCES = resume.c +tls12_resume_psk_LDADD = $(LDADD) ../gl/libgnu.la + +tls12_resume_anon_CFLAGS = -DUSE_ANON -DTLS12 +tls12_resume_anon_SOURCES = resume.c +tls12_resume_anon_LDADD = $(LDADD) ../gl/libgnu.la + +tls12_resume_x509_CFLAGS = -DUSE_X509 -DTLS12 +tls12_resume_x509_SOURCES = resume.c +tls12_resume_x509_LDADD = $(LDADD) ../gl/libgnu.la + +tls13_resume_psk_CFLAGS = -DUSE_PSK -DTLS13 +tls13_resume_psk_SOURCES = resume.c +tls13_resume_psk_LDADD = $(LDADD) ../gl/libgnu.la + +tls13_resume_x509_CFLAGS = -DUSE_X509 -DTLS13 +tls13_resume_x509_SOURCES = resume.c +tls13_resume_x509_LDADD = $(LDADD) ../gl/libgnu.la + +dtls_repro_20170915_SOURCES = dtls-repro-20170915.c common-cert-key-exchange.c cert-repro-20170915.h +dtls12_cert_key_exchange_SOURCES = common-cert-key-exchange.c dtls12-cert-key-exchange.c common-cert-key-exchange.h +dtls10_cert_key_exchange_SOURCES = common-cert-key-exchange.c dtls10-cert-key-exchange.c common-cert-key-exchange.h +tls13_cert_key_exchange_SOURCES = common-cert-key-exchange.c tls13-cert-key-exchange.c common-cert-key-exchange.h +tls12_cert_key_exchange_SOURCES = common-cert-key-exchange.c tls12-cert-key-exchange.c common-cert-key-exchange.h +tls11_cert_key_exchange_SOURCES = common-cert-key-exchange.c tls11-cert-key-exchange.c common-cert-key-exchange.h +tls10_cert_key_exchange_SOURCES = common-cert-key-exchange.c tls10-cert-key-exchange.c common-cert-key-exchange.h +ssl30_cert_key_exchange_SOURCES = common-cert-key-exchange.c ssl30-cert-key-exchange.c common-cert-key-exchange.h + +if ENABLE_PKCS11 +if !WINDOWS +noinst_LTLIBRARIES += libpkcs11mock1.la +libpkcs11mock1_la_SOURCES = pkcs11/pkcs11-mock.c pkcs11/pkcs11-mock.h pkcs11/pkcs11-mock-ext.h +libpkcs11mock1_la_LDFLAGS = -shared -rpath $(pkglibdir) -module -no-undefined -avoid-version +libpkcs11mock1_la_LIBADD = ../gl/libgnu.la + +noinst_LTLIBRARIES += libpkcs11mock2.la +libpkcs11mock2_la_SOURCES = pkcs11/pkcs11-mock2.c +libpkcs11mock2_la_LDFLAGS = -shared -rpath $(pkglibdir) -module -no-undefined -avoid-version +libpkcs11mock2_la_LIBADD = ../gl/libgnu.la + +pkcs11_cert_import_url_exts_SOURCES = pkcs11/pkcs11-cert-import-url-exts.c +pkcs11_cert_import_url_exts_DEPENDENCIES = libpkcs11mock1.la libutils.la + +pkcs11_cert_import_url4_exts_SOURCES = pkcs11/pkcs11-cert-import-url4-exts.c +pkcs11_cert_import_url4_exts_DEPENDENCIES = libpkcs11mock1.la libutils.la + +pkcs11_get_exts_SOURCES = pkcs11/pkcs11-get-exts.c +pkcs11_get_exts_DEPENDENCIES = libpkcs11mock1.la libutils.la + +pkcs11_get_raw_issuer_exts_SOURCES = pkcs11/pkcs11-get-raw-issuer-exts.c +pkcs11_get_raw_issuer_exts_DEPENDENCIES = libpkcs11mock1.la libutils.la + +pkcs11_import_url_privkey_SOURCES = pkcs11/pkcs11-import-url-privkey.c +pkcs11_import_url_privkey_DEPENDENCIES = libpkcs11mock1.la libutils.la +pkcs11_import_url_privkey_LDADD = $(LDADD) $(LIBDL) + +pkcs11_token_raw_SOURCES = pkcs11/pkcs11-token-raw.c +pkcs11_token_raw_DEPENDENCIES = libpkcs11mock1.la libutils.la +pkcs11_token_raw_LDADD = $(LDADD) $(LIBDL) + +pkcs11_obj_raw_SOURCES = pkcs11/pkcs11-obj-raw.c +pkcs11_obj_raw_DEPENDENCIES = libpkcs11mock1.la libutils.la +pkcs11_obj_raw_LDADD = $(LDADD) $(LIBDL) + +pkcs11_import_url_privkey_caps_SOURCES = pkcs11/pkcs11-import-url-privkey.c +pkcs11_import_url_privkey_caps_DEPENDENCIES = libpkcs11mock1.la libutils.la +pkcs11_import_url_privkey_caps_LDADD = $(LDADD) $(LIBDL) +pkcs11_import_url_privkey_caps_CFLAGS = -DALL_CAPS_URI + +pkcs11_privkey_fork_SOURCES = pkcs11/pkcs11-privkey-fork.c +pkcs11_privkey_fork_DEPENDENCIES = libpkcs11mock1.la libutils.la +pkcs11_privkey_fork_LDADD = $(LDADD) $(LIBDL) + +pkcs11_privkey_fork_reinit_SOURCES = pkcs11/pkcs11-privkey-fork-reinit.c +pkcs11_privkey_fork_reinit_DEPENDENCIES = libpkcs11mock1.la libutils.la +pkcs11_privkey_fork_reinit_LDADD = $(LDADD) $(LIBDL) + +pkcs11_mechanisms_SOURCES = pkcs11/pkcs11-mechanisms.c +pkcs11_mechanisms_DEPENDENCIES = libpkcs11mock1.la libutils.la +pkcs11_mechanisms_LDADD = $(LDADD) $(LIBDL) + +pkcs11_privkey_export_SOURCES = pkcs11/pkcs11-privkey-export.c +pkcs11_privkey_export_DEPENDENCIES = libpkcs11mock1.la libutils.la +pkcs11_privkey_export_LDADD = $(LDADD) $(LIBDL) + +pkcs11_privkey_always_auth_SOURCES = pkcs11/pkcs11-privkey-always-auth.c +pkcs11_privkey_always_auth_DEPENDENCIES = libpkcs11mock1.la libutils.la +pkcs11_privkey_always_auth_LDADD = $(LDADD) $(LIBDL) + +pkcs11_privkey_safenet_always_auth_SOURCES = pkcs11/pkcs11-privkey-safenet-always-auth.c +pkcs11_privkey_safenet_always_auth_DEPENDENCIES = libpkcs11mock1.la libutils.la +pkcs11_privkey_safenet_always_auth_LDADD = $(LDADD) $(LIBDL) + +pkcs11_pkcs11_privkey_pthread_LDADD = $(LDADD) -lpthread + +ctests += pkcs11-cert-import-url-exts pkcs11-get-exts pkcs11-get-raw-issuer-exts \ + pkcs11-cert-import-url4-exts pkcs11/pkcs11-chainverify pkcs11/pkcs11-get-issuer pkcs11/pkcs11-is-known \ + pkcs11/pkcs11-combo pkcs11/pkcs11-privkey pkcs11/pkcs11-pubkey-import-rsa pkcs11/pkcs11-pubkey-import-ecdsa \ + pkcs11-import-url-privkey pkcs11-privkey-fork pkcs11/pkcs11-ec-privkey-test \ + pkcs11-privkey-always-auth pkcs11-privkey-export pkcs11/pkcs11-import-with-pin \ + pkcs11/pkcs11-privkey-pthread pkcs11/pkcs11-pin-func pkcs11/pkcs11-obj-import \ + pkcs11-privkey-fork-reinit pkcs11-mechanisms pkcs11-privkey-safenet-always-auth \ + pkcs11/pkcs11-rsa-pss-privkey-test pkcs11/tls-neg-pkcs11-key pkcs11/pkcs11-privkey-generate \ + pkcs11/gnutls_x509_crt_list_import_url pkcs11/gnutls_pcert_list_import_x509_file \ + pkcs11/pkcs11-eddsa-privkey-test \ + pkcs11-token-raw pkcs11-obj-raw + +if P11KIT_0_23_11_API +ctests += pkcs11-import-url-privkey-caps +endif + +endif +endif + +if ENABLE_OCSP +ctests += ocsp +endif + +if ENABLE_DANE +ctests += dane dane-strcodes +endif + +rsa_illegal_import_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) + +cipher_alignment_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) +cipher_alignment_LDADD = $(LDADD) $(NETTLE_LIBS) + +if ENABLE_OPENSSL +ctests += openssl +openssl_LDADD = ../extra/libgnutls-openssl.la $(LDADD) +endif + +if HAVE_FORK +ctests += x509self x509dn anonself pskself pskself2 dhepskself \ + setcredcrash tls12-resume-x509 tls12-resume-psk tls12-resume-anon \ + tls13-resume-x509 tls13-resume-psk tls13-early-data \ + tls13-early-data-neg tls13-early-data-neg2 \ + resume-with-record-size-limit +endif + +ctests += record-sendfile + +gc_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +mpi_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +atfork_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +pkcs12_s2k_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +name_constraints_merge_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +murmur3_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +tls13_anti_replay_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +iov_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +buffer_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +if ENABLE_PKCS11 +if !WINDOWS +ctests += tls13/post-handshake-with-cert-pkcs11 pkcs11/tls-neg-pkcs11-no-key \ + global-init-override +tls13_post_handshake_with_cert_pkcs11_DEPENDENCIES = libpkcs11mock2.la libutils.la +tls13_post_handshake_with_cert_pkcs11_LDADD = $(LDADD) $(LIBDL) +pkcs11_tls_neg_pkcs11_no_key_DEPENDENCIES = libpkcs11mock2.la libutils.la +pkcs11_tls_neg_pkcs11_no_key_LDADD = $(LDADD) $(LIBDL) +endif +endif + +dist_check_SCRIPTS = rfc2253-escape-test.sh rsa-md5-collision/rsa-md5-collision.sh systemkey.sh + +if ENABLE_TPM2 +dist_check_SCRIPTS += tpm2.sh +endif + +if ENABLE_KTLS +indirect_tests += gnutls_ktls +dist_check_SCRIPTS += ktls.sh +endif + +if !WINDOWS + +# +# List of tests not available/functional under windows +# + +dist_check_SCRIPTS += dtls/dtls.sh dtls/dtls-resume.sh #dtls/dtls-nb + +indirect_tests += dtls-stress + +dtls_stress_SOURCES = dtls/dtls-stress.c +dtls_stress_LDADD = $(COMMON_GNUTLS_LDADD) \ + $(COMMON_DEPS_LDADD) + +dist_check_SCRIPTS += fastopen.sh pkgconfig.sh starttls.sh starttls-ftp.sh starttls-smtp.sh \ + starttls-lmtp.sh starttls-pop3.sh starttls-xmpp.sh starttls-nntp.sh starttls-sieve.sh \ + ocsp-tests/ocsp-tls-connection.sh ocsp-tests/ocsp-must-staple-connection.sh \ + ocsp-tests/ocsp-test.sh cipher-listings.sh sni-hostname.sh server-multi-keys.sh \ + psktool.sh ocsp-tests/ocsp-load-chain.sh gnutls-cli-save-data.sh gnutls-cli-debug.sh \ + sni-resume.sh ocsp-tests/ocsptool.sh cert-reencoding.sh pkcs7-cat.sh long-crl.sh \ + serv-udp.sh logfile-option.sh gnutls-cli-resume.sh profile-tests.sh \ + server-weak-keys.sh ocsp-tests/ocsp-signer-verify.sh cfg-test.sh \ + sanity-lib.sh + +if !DISABLE_SYSTEM_CONFIG +dist_check_SCRIPTS += system-override-sig.sh system-override-hash.sh \ + system-override-versions.sh system-override-invalid.sh \ + system-override-curves.sh system-override-profiles.sh system-override-tls.sh \ + system-override-kx.sh system-override-default-priority-string.sh \ + system-override-sig-tls.sh system-override-hash-filters-prf.sh + +dist_check_SCRIPTS += system-override-sig-allowlist.sh \ + system-override-hash-allowlist.sh \ + system-override-versions-allowlist.sh \ + system-override-curves-allowlist.sh \ + system-override-special-allowlist.sh \ + protocol-set-allowlist.sh +indirect_tests += system-override-curves-allowlist +indirect_tests += protocol-set-allowlist +endif + +dist_check_SCRIPTS += gnutls-cli-self-signed.sh gnutls-cli-invalid-crl.sh gnutls-cli-rawpk.sh + +dist_check_SCRIPTS += dh-fips-approved.sh + +if ENABLE_PKCS11 +dist_check_SCRIPTS += p11-kit-trust.sh testpkcs11.sh certtool-pkcs11.sh + +if HAVE_PKCS11_TRUST_STORE +if P11KIT_0_23_11_API +dist_check_SCRIPTS += p11-kit-load.sh +indirect_tests += pkcs11/list-tokens pkcs11/list-objects +endif +endif + +endif +if ENABLE_DANE +dist_check_SCRIPTS += danetool.sh +endif + +if ENABLE_TROUSERS +dist_check_SCRIPTS += tpmtool_test.sh +endif + +else + +TESTS_ENVIRONMENT += WINDOWS=1 + +win32_certopenstore_SOURCES = win-certopenstore.c +win32_certopenstore_LDADD = $(LDADD) -lcrypt32 +ctests += win32-certopenstore + +endif + +cpptests = +if ENABLE_CXX +if HAVE_CMOCKA + +cpptests += sanity-cpp + +sanity_cpp_SOURCES = sanity-cpp.cpp +sanity_cpp_LDADD = $(CMOCKA_LDADD) ../lib/libgnutlsxx.la +sanity_cpp_CXXFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl +endif +endif + +if !WINDOWS +indirect_tests += datefudge-check +noinst_PROGRAMS = datefudge-check +endif + +check_PROGRAMS = $(cpptests) $(ctests) $(indirect_tests) +TESTS = $(cpptests) $(ctests) $(dist_check_SCRIPTS) + +TESTS_ENVIRONMENT += \ + CC="$(CC)" \ + CFLAGS="$(CFLAGS)" \ + LC_ALL="C" \ + LSAN_OPTIONS=suppressions=$(srcdir)/gnutls-asan.supp \ + CAFILE=$(srcdir)/cert-tests/data/ca-certs.pem \ + P11MOCKLIB1=$(abs_builddir)/.libs/libpkcs11mock1.so \ + P11MOCKLIB2=$(abs_builddir)/.libs/libpkcs11mock2.so \ + PKCS12_MANY_CERTS_FILE=$(srcdir)/cert-tests/data/pkcs12_5certs.p12 \ + PKCS12FILE=$(srcdir)/cert-tests/data/client.p12 \ + PKCS12PASSWORD=foobar \ + PKCS12FILE_2=$(srcdir)/cert-tests/data/pkcs12_2certs.p12 \ + PKCS12PASSWORD_2="" \ + PKCS12PATH=$(srcdir)/cert-tests/data/ \ + X509CERTDIR=$(srcdir)/x509cert-dir/ \ + GNUTLS_SYSTEM_PRIORITY_FILE=$(abs_top_srcdir)/tests/system.prio \ + PSK_FILE=$(srcdir)/psk.passwd \ + OPENSSL_ia32cap=0x00000000 \ + EXEEXT=$(EXEEXT) \ + GNUTLS_TEST_SUITE_RUN=1 \ + builddir="$(builddir)" \ + top_builddir="$(top_builddir)" \ + abs_top_builddir="$(abs_top_builddir)" \ + libdir="$(libdir)" \ + srcdir="$(srcdir)" + +if ENABLE_SSL3 +TESTS_ENVIRONMENT += ENABLE_SSL3=1 +else +TESTS_ENVIRONMENT += ENABLE_SSL3=0 +endif + +if ENABLE_GOST +TESTS_ENVIRONMENT += ENABLE_GOST=1 +else +TESTS_ENVIRONMENT += ENABLE_GOST=0 +endif + +TEST_EXTENSIONS = .sh +SH_LOG_COMPILER = $(SHELL) + +AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind +LOG_COMPILER = $(LOG_VALGRIND) + +distclean-local: + rm -rf softhsm-*.db softhsm-*.config *.tmp tmp-* x509-crt-list-import-url.config.db port.lock.d + +EXTRA_DIST += \ + fixtures/templates/arb-extensions.tmpl.exp \ + fixtures/templates/crit-extensions.tmpl.exp \ + fixtures/templates/inhibit-anypolicy.tmpl.exp \ + fixtures/templates/simple-policy.tmpl.exp \ + fixtures/templates/template-crq.tmpl.exp \ + fixtures/templates/template-dates-after2038.tmpl.exp \ + fixtures/templates/template-date.tmpl.exp \ + fixtures/templates/template-dn-err.tmpl.exp \ + fixtures/templates/template-dn.tmpl.exp \ + fixtures/templates/template-generalized.tmpl.exp \ + fixtures/templates/template-krb5name.tmpl.exp \ + fixtures/templates/template-long-dns.tmpl.exp \ + fixtures/templates/template-long-serial.tmpl.exp \ + fixtures/templates/template-nc.tmpl.exp \ + fixtures/templates/template-no-ca-explicit.tmpl.exp \ + fixtures/templates/template-no-ca-honor.tmpl.exp \ + fixtures/templates/template-no-ca.tmpl.exp \ + fixtures/templates/template-othername.tmpl.exp \ + fixtures/templates/template-othername-xmpp.tmpl.exp \ + fixtures/templates/template-overflow2.tmpl.exp \ + fixtures/templates/template-overflow.tmpl.exp \ + fixtures/templates/template-test.tmpl.exp \ + fixtures/templates/template-tlsfeature-crq.tmpl.exp \ + fixtures/templates/template-tlsfeature.tmpl.exp \ + fixtures/templates/template-unique.tmpl.exp \ + fixtures/templates/template-utf8.tmpl.exp diff --git a/tests/Makefile.in b/tests/Makefile.in new file mode 100644 index 0000000..7bee5c6 --- /dev/null +++ b/tests/Makefile.in @@ -0,0 +1,13699 @@ +# Makefile.in generated by automake 1.16.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2021 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Copyright (C) 2004-2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see +# + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@WINDOWS_TRUE@am__append_1 = windows +@WANT_TEST_SUITE_TRUE@am__append_2 = suite +@ENABLE_MINITASN1_TRUE@am__append_3 = -I$(srcdir)/../lib/minitasn1 +@HAVE_SECCOMP_TESTS_TRUE@am__append_4 = dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp +@STRICT_DER_TIME_TRUE@am__append_5 = strict-der +@DISABLE_SYSTEM_CONFIG_FALSE@am__append_6 = system-prio-file +@HAVE_CMOCKA_TRUE@am__append_7 = dtls-sliding-window ip-utils name-constraints-ip conv-utf8 str-unicode str-idna \ +@HAVE_CMOCKA_TRUE@ tls10-prf tls12-prf gnutls_record_overhead eagain tls12-rehandshake-cert \ +@HAVE_CMOCKA_TRUE@ eagain-auto-auth + +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am__append_8 = libpkcs11mock1.la \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ libpkcs11mock2.la +@ENABLE_PKCS11_FALSE@pkcs11_cert_import_url_exts_DEPENDENCIES = \ +@ENABLE_PKCS11_FALSE@ $(COMMON_GNUTLS_LDADD) libutils.la \ +@ENABLE_PKCS11_FALSE@ $(am__DEPENDENCIES_2) +@WINDOWS_TRUE@pkcs11_cert_import_url_exts_DEPENDENCIES = \ +@WINDOWS_TRUE@ $(COMMON_GNUTLS_LDADD) libutils.la \ +@WINDOWS_TRUE@ $(am__DEPENDENCIES_2) +@ENABLE_PKCS11_FALSE@pkcs11_cert_import_url4_exts_DEPENDENCIES = \ +@ENABLE_PKCS11_FALSE@ $(COMMON_GNUTLS_LDADD) libutils.la \ +@ENABLE_PKCS11_FALSE@ $(am__DEPENDENCIES_2) +@WINDOWS_TRUE@pkcs11_cert_import_url4_exts_DEPENDENCIES = \ +@WINDOWS_TRUE@ $(COMMON_GNUTLS_LDADD) libutils.la \ +@WINDOWS_TRUE@ $(am__DEPENDENCIES_2) +@ENABLE_PKCS11_FALSE@pkcs11_get_exts_DEPENDENCIES = \ +@ENABLE_PKCS11_FALSE@ $(COMMON_GNUTLS_LDADD) libutils.la \ +@ENABLE_PKCS11_FALSE@ $(am__DEPENDENCIES_2) +@WINDOWS_TRUE@pkcs11_get_exts_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ +@WINDOWS_TRUE@ libutils.la $(am__DEPENDENCIES_2) +@ENABLE_PKCS11_FALSE@pkcs11_get_raw_issuer_exts_DEPENDENCIES = \ +@ENABLE_PKCS11_FALSE@ $(COMMON_GNUTLS_LDADD) libutils.la \ +@ENABLE_PKCS11_FALSE@ $(am__DEPENDENCIES_2) +@WINDOWS_TRUE@pkcs11_get_raw_issuer_exts_DEPENDENCIES = \ +@WINDOWS_TRUE@ $(COMMON_GNUTLS_LDADD) libutils.la \ +@WINDOWS_TRUE@ $(am__DEPENDENCIES_2) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am__append_9 = pkcs11-cert-import-url-exts pkcs11-get-exts pkcs11-get-raw-issuer-exts \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-cert-import-url4-exts pkcs11/pkcs11-chainverify pkcs11/pkcs11-get-issuer pkcs11/pkcs11-is-known \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-combo pkcs11/pkcs11-privkey pkcs11/pkcs11-pubkey-import-rsa pkcs11/pkcs11-pubkey-import-ecdsa \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-import-url-privkey pkcs11-privkey-fork pkcs11/pkcs11-ec-privkey-test \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-privkey-always-auth pkcs11-privkey-export pkcs11/pkcs11-import-with-pin \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-privkey-pthread pkcs11/pkcs11-pin-func pkcs11/pkcs11-obj-import \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-privkey-fork-reinit pkcs11-mechanisms pkcs11-privkey-safenet-always-auth \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-rsa-pss-privkey-test pkcs11/tls-neg-pkcs11-key pkcs11/pkcs11-privkey-generate \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/gnutls_x509_crt_list_import_url pkcs11/gnutls_pcert_list_import_x509_file \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-eddsa-privkey-test \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-token-raw pkcs11-obj-raw + +@ENABLE_PKCS11_TRUE@@P11KIT_0_23_11_API_TRUE@@WINDOWS_FALSE@am__append_10 = pkcs11-import-url-privkey-caps +@ENABLE_OCSP_TRUE@am__append_11 = ocsp +@ENABLE_DANE_TRUE@am__append_12 = dane dane-strcodes +@ENABLE_OPENSSL_TRUE@am__append_13 = openssl +@HAVE_FORK_TRUE@am__append_14 = x509self x509dn anonself pskself pskself2 dhepskself \ +@HAVE_FORK_TRUE@ setcredcrash tls12-resume-x509 tls12-resume-psk tls12-resume-anon \ +@HAVE_FORK_TRUE@ tls13-resume-x509 tls13-resume-psk tls13-early-data \ +@HAVE_FORK_TRUE@ tls13-early-data-neg tls13-early-data-neg2 \ +@HAVE_FORK_TRUE@ resume-with-record-size-limit + +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am__append_15 = tls13/post-handshake-with-cert-pkcs11 pkcs11/tls-neg-pkcs11-no-key \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ global-init-override + +@ENABLE_TPM2_TRUE@am__append_16 = tpm2.sh +@ENABLE_KTLS_TRUE@am__append_17 = gnutls_ktls +@ENABLE_KTLS_TRUE@am__append_18 = ktls.sh + +# +# List of tests not available/functional under windows +# +@WINDOWS_FALSE@am__append_19 = dtls/dtls.sh dtls/dtls-resume.sh \ +@WINDOWS_FALSE@ fastopen.sh pkgconfig.sh starttls.sh \ +@WINDOWS_FALSE@ starttls-ftp.sh starttls-smtp.sh \ +@WINDOWS_FALSE@ starttls-lmtp.sh starttls-pop3.sh \ +@WINDOWS_FALSE@ starttls-xmpp.sh starttls-nntp.sh \ +@WINDOWS_FALSE@ starttls-sieve.sh \ +@WINDOWS_FALSE@ ocsp-tests/ocsp-tls-connection.sh \ +@WINDOWS_FALSE@ ocsp-tests/ocsp-must-staple-connection.sh \ +@WINDOWS_FALSE@ ocsp-tests/ocsp-test.sh cipher-listings.sh \ +@WINDOWS_FALSE@ sni-hostname.sh server-multi-keys.sh psktool.sh \ +@WINDOWS_FALSE@ ocsp-tests/ocsp-load-chain.sh \ +@WINDOWS_FALSE@ gnutls-cli-save-data.sh gnutls-cli-debug.sh \ +@WINDOWS_FALSE@ sni-resume.sh ocsp-tests/ocsptool.sh \ +@WINDOWS_FALSE@ cert-reencoding.sh pkcs7-cat.sh long-crl.sh \ +@WINDOWS_FALSE@ serv-udp.sh logfile-option.sh \ +@WINDOWS_FALSE@ gnutls-cli-resume.sh profile-tests.sh \ +@WINDOWS_FALSE@ server-weak-keys.sh \ +@WINDOWS_FALSE@ ocsp-tests/ocsp-signer-verify.sh cfg-test.sh \ +@WINDOWS_FALSE@ sanity-lib.sh +@WINDOWS_FALSE@am__append_20 = dtls-stress +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@am__append_21 = system-override-sig.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-hash.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-versions.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-invalid.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-curves.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-profiles.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-tls.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-kx.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-default-priority-string.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-sig-tls.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-hash-filters-prf.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-sig-allowlist.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-hash-allowlist.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-versions-allowlist.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-curves-allowlist.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ system-override-special-allowlist.sh \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ protocol-set-allowlist.sh +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@am__append_22 = system-override-curves-allowlist \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ protocol-set-allowlist +@WINDOWS_FALSE@am__append_23 = gnutls-cli-self-signed.sh \ +@WINDOWS_FALSE@ gnutls-cli-invalid-crl.sh gnutls-cli-rawpk.sh \ +@WINDOWS_FALSE@ dh-fips-approved.sh +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am__append_24 = p11-kit-trust.sh testpkcs11.sh certtool-pkcs11.sh +@ENABLE_PKCS11_TRUE@@HAVE_PKCS11_TRUST_STORE_TRUE@@P11KIT_0_23_11_API_TRUE@@WINDOWS_FALSE@am__append_25 = p11-kit-load.sh +@ENABLE_PKCS11_TRUE@@HAVE_PKCS11_TRUST_STORE_TRUE@@P11KIT_0_23_11_API_TRUE@@WINDOWS_FALSE@am__append_26 = pkcs11/list-tokens pkcs11/list-objects +@ENABLE_DANE_TRUE@@WINDOWS_FALSE@am__append_27 = danetool.sh +@ENABLE_TROUSERS_TRUE@@WINDOWS_FALSE@am__append_28 = tpmtool_test.sh +@WINDOWS_TRUE@am__append_29 = WINDOWS=1 +@WINDOWS_TRUE@am__append_30 = win32-certopenstore +@ENABLE_CXX_TRUE@@HAVE_CMOCKA_TRUE@am__append_31 = sanity-cpp +@WINDOWS_FALSE@am__append_32 = datefudge-check +@WINDOWS_FALSE@noinst_PROGRAMS = datefudge-check$(EXEEXT) +check_PROGRAMS = $(am__EXEEXT_2) $(am__EXEEXT_15) $(am__EXEEXT_21) +TESTS = $(am__EXEEXT_2) $(am__EXEEXT_15) $(dist_check_SCRIPTS) +@ENABLE_SSL3_TRUE@am__append_33 = ENABLE_SSL3=1 +@ENABLE_SSL3_FALSE@am__append_34 = ENABLE_SSL3=0 +@ENABLE_GOST_TRUE@am__append_35 = ENABLE_GOST=1 +@ENABLE_GOST_FALSE@am__append_36 = ENABLE_GOST=0 +subdir = tests +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \ + $(top_srcdir)/lib/unistring/m4/inline.m4 \ + $(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \ + $(top_srcdir)/src/gl/m4/atoll.m4 \ + $(top_srcdir)/src/gl/m4/bison.m4 \ + $(top_srcdir)/src/gl/m4/calloc.m4 \ + $(top_srcdir)/src/gl/m4/clock_time.m4 \ + $(top_srcdir)/src/gl/m4/codeset.m4 \ + $(top_srcdir)/src/gl/m4/ctype_h.m4 \ + $(top_srcdir)/src/gl/m4/environ.m4 \ + $(top_srcdir)/src/gl/m4/error.m4 \ + $(top_srcdir)/src/gl/m4/fdopen.m4 \ + $(top_srcdir)/src/gl/m4/flexmember.m4 \ + $(top_srcdir)/src/gl/m4/fpending.m4 \ + $(top_srcdir)/src/gl/m4/fpieee.m4 \ + $(top_srcdir)/src/gl/m4/fseek.m4 \ + $(top_srcdir)/src/gl/m4/ftruncate.m4 \ + $(top_srcdir)/src/gl/m4/getaddrinfo.m4 \ + $(top_srcdir)/src/gl/m4/getcwd.m4 \ + $(top_srcdir)/src/gl/m4/getpagesize.m4 \ + $(top_srcdir)/src/gl/m4/getpass.m4 \ + $(top_srcdir)/src/gl/m4/getprogname.m4 \ + $(top_srcdir)/src/gl/m4/gettime.m4 \ + $(top_srcdir)/src/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/src/gl/m4/hostent.m4 \ + $(top_srcdir)/src/gl/m4/intl-thread-locale.m4 \ + $(top_srcdir)/src/gl/m4/inttostr.m4 \ + $(top_srcdir)/src/gl/m4/ioctl.m4 \ + $(top_srcdir)/src/gl/m4/isblank.m4 \ + $(top_srcdir)/src/gl/m4/langinfo_h.m4 \ + $(top_srcdir)/src/gl/m4/lcmessage.m4 \ + $(top_srcdir)/src/gl/m4/locale-fr.m4 \ + $(top_srcdir)/src/gl/m4/locale-ja.m4 \ + $(top_srcdir)/src/gl/m4/locale-tr.m4 \ + $(top_srcdir)/src/gl/m4/locale-zh.m4 \ + $(top_srcdir)/src/gl/m4/locale_h.m4 \ + $(top_srcdir)/src/gl/m4/localename.m4 \ + $(top_srcdir)/src/gl/m4/lstat.m4 \ + $(top_srcdir)/src/gl/m4/mktime.m4 \ + $(top_srcdir)/src/gl/m4/nanosleep.m4 \ + $(top_srcdir)/src/gl/m4/nstrftime.m4 \ + $(top_srcdir)/src/gl/m4/parse-datetime.m4 \ + $(top_srcdir)/src/gl/m4/perror.m4 \ + $(top_srcdir)/src/gl/m4/pipe.m4 \ + $(top_srcdir)/src/gl/m4/pthread-thread.m4 \ + $(top_srcdir)/src/gl/m4/pthread_h.m4 \ + $(top_srcdir)/src/gl/m4/pthread_sigmask.m4 \ + $(top_srcdir)/src/gl/m4/putenv.m4 \ + $(top_srcdir)/src/gl/m4/raise.m4 \ + $(top_srcdir)/src/gl/m4/reallocarray.m4 \ + $(top_srcdir)/src/gl/m4/sched_h.m4 \ + $(top_srcdir)/src/gl/m4/sched_yield.m4 \ + $(top_srcdir)/src/gl/m4/select.m4 \ + $(top_srcdir)/src/gl/m4/semaphore.m4 \ + $(top_srcdir)/src/gl/m4/servent.m4 \ + $(top_srcdir)/src/gl/m4/setenv.m4 \ + $(top_srcdir)/src/gl/m4/setlocale.m4 \ + $(top_srcdir)/src/gl/m4/setlocale_null.m4 \ + $(top_srcdir)/src/gl/m4/sigaction.m4 \ + $(top_srcdir)/src/gl/m4/signal_h.m4 \ + $(top_srcdir)/src/gl/m4/signalblocking.m4 \ + $(top_srcdir)/src/gl/m4/sleep.m4 \ + $(top_srcdir)/src/gl/m4/sockets.m4 \ + $(top_srcdir)/src/gl/m4/strerror.m4 \ + $(top_srcdir)/src/gl/m4/strerror_r.m4 \ + $(top_srcdir)/src/gl/m4/strtoll.m4 \ + $(top_srcdir)/src/gl/m4/symlink.m4 \ + $(top_srcdir)/src/gl/m4/sys_ioctl_h.m4 \ + $(top_srcdir)/src/gl/m4/sys_select_h.m4 \ + $(top_srcdir)/src/gl/m4/thread.m4 \ + $(top_srcdir)/src/gl/m4/time_rz.m4 \ + $(top_srcdir)/src/gl/m4/timegm.m4 \ + $(top_srcdir)/src/gl/m4/timespec.m4 \ + $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ + $(top_srcdir)/src/gl/m4/tzset.m4 \ + $(top_srcdir)/src/gl/m4/usleep.m4 \ + $(top_srcdir)/src/gl/m4/visibility.m4 \ + $(top_srcdir)/src/gl/m4/xalloc.m4 \ + $(top_srcdir)/src/gl/m4/yield.m4 $(top_srcdir)/m4/00gnulib.m4 \ + $(top_srcdir)/m4/__inline.m4 \ + $(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \ + $(top_srcdir)/m4/arpa_inet_h.m4 \ + $(top_srcdir)/m4/ax_ac_append_to_file.m4 \ + $(top_srcdir)/m4/ax_ac_print_to_file.m4 \ + $(top_srcdir)/m4/ax_add_am_macro_static.m4 \ + $(top_srcdir)/m4/ax_am_macros_static.m4 \ + $(top_srcdir)/m4/ax_check_gnu_make.m4 \ + $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/ax_file_escapes.m4 \ + $(top_srcdir)/m4/builtin-expect.m4 \ + $(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \ + $(top_srcdir)/m4/double-slash-root.m4 $(top_srcdir)/m4/dup2.m4 \ + $(top_srcdir)/m4/eealloc.m4 $(top_srcdir)/m4/errno_h.m4 \ + $(top_srcdir)/m4/explicit_bzero.m4 \ + $(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \ + $(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \ + $(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \ + $(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fopen.m4 \ + $(top_srcdir)/m4/free.m4 $(top_srcdir)/m4/fseeko.m4 \ + $(top_srcdir)/m4/fstat.m4 $(top_srcdir)/m4/ftell.m4 \ + $(top_srcdir)/m4/ftello.m4 $(top_srcdir)/m4/func.m4 \ + $(top_srcdir)/m4/getdelim.m4 $(top_srcdir)/m4/getdtablesize.m4 \ + $(top_srcdir)/m4/getline.m4 $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/gettimeofday.m4 \ + $(top_srcdir)/m4/gnulib-common.m4 \ + $(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \ + $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \ + $(top_srcdir)/m4/host-cpu-c-abi.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \ + $(top_srcdir)/m4/inet_pton.m4 $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/intmax_t.m4 $(top_srcdir)/m4/inttypes.m4 \ + $(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/largefile.m4 \ + $(top_srcdir)/m4/ld-output-def.m4 \ + $(top_srcdir)/m4/ld-version-script.m4 $(top_srcdir)/m4/ldd.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/lock.m4 \ + $(top_srcdir)/m4/lseek.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \ + $(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \ + $(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \ + $(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \ + $(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \ + $(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \ + $(top_srcdir)/m4/netdb_h.m4 $(top_srcdir)/m4/netinet_in_h.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/off_t.m4 \ + $(top_srcdir)/m4/open-cloexec.m4 \ + $(top_srcdir)/m4/open-slash.m4 $(top_srcdir)/m4/open.m4 \ + $(top_srcdir)/m4/pathmax.m4 $(top_srcdir)/m4/pkg.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/printf.m4 \ + $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \ + $(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \ + $(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/size_max.m4 \ + $(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \ + $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sockpfaf.m4 \ + $(top_srcdir)/m4/ssize_t.m4 $(top_srcdir)/m4/stat-time.m4 \ + $(top_srcdir)/m4/stat.m4 $(top_srcdir)/m4/stdalign.m4 \ + $(top_srcdir)/m4/stdbool.m4 $(top_srcdir)/m4/stddef_h.m4 \ + $(top_srcdir)/m4/stdint.m4 $(top_srcdir)/m4/stdint_h.m4 \ + $(top_srcdir)/m4/stdio_h.m4 $(top_srcdir)/m4/stdlib_h.m4 \ + $(top_srcdir)/m4/stpcpy.m4 $(top_srcdir)/m4/strcase.m4 \ + $(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/string_h.m4 \ + $(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \ + $(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \ + $(top_srcdir)/m4/strverscmp.m4 \ + $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \ + $(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \ + $(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \ + $(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \ + $(top_srcdir)/m4/unistd_h.m4 \ + $(top_srcdir)/m4/valgrind-tests.m4 \ + $(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \ + $(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/m4/wchar_h.m4 \ + $(top_srcdir)/m4/wchar_t.m4 $(top_srcdir)/m4/wint_t.m4 \ + $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/m4/zzgnulib.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__dist_check_SCRIPTS_DIST) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +@ENABLE_CXX_TRUE@@HAVE_CMOCKA_TRUE@am__EXEEXT_1 = sanity-cpp$(EXEEXT) +am__EXEEXT_2 = $(am__EXEEXT_1) +@HAVE_SECCOMP_TESTS_TRUE@am__EXEEXT_3 = dtls-with-seccomp$(EXEEXT) \ +@HAVE_SECCOMP_TESTS_TRUE@ tls-with-seccomp$(EXEEXT) \ +@HAVE_SECCOMP_TESTS_TRUE@ dtls-client-with-seccomp$(EXEEXT) \ +@HAVE_SECCOMP_TESTS_TRUE@ tls-client-with-seccomp$(EXEEXT) +@STRICT_DER_TIME_TRUE@am__EXEEXT_4 = strict-der$(EXEEXT) +@DISABLE_SYSTEM_CONFIG_FALSE@am__EXEEXT_5 = system-prio-file$(EXEEXT) +@HAVE_CMOCKA_TRUE@am__EXEEXT_6 = dtls-sliding-window$(EXEEXT) \ +@HAVE_CMOCKA_TRUE@ ip-utils$(EXEEXT) \ +@HAVE_CMOCKA_TRUE@ name-constraints-ip$(EXEEXT) \ +@HAVE_CMOCKA_TRUE@ conv-utf8$(EXEEXT) str-unicode$(EXEEXT) \ +@HAVE_CMOCKA_TRUE@ str-idna$(EXEEXT) tls10-prf$(EXEEXT) \ +@HAVE_CMOCKA_TRUE@ tls12-prf$(EXEEXT) \ +@HAVE_CMOCKA_TRUE@ gnutls_record_overhead$(EXEEXT) \ +@HAVE_CMOCKA_TRUE@ eagain$(EXEEXT) \ +@HAVE_CMOCKA_TRUE@ tls12-rehandshake-cert$(EXEEXT) \ +@HAVE_CMOCKA_TRUE@ eagain-auto-auth$(EXEEXT) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am__EXEEXT_7 = pkcs11-cert-import-url-exts$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-get-exts$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-get-raw-issuer-exts$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-cert-import-url4-exts$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-chainverify$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-get-issuer$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-is-known$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-combo$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-privkey$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-pubkey-import-rsa$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-pubkey-import-ecdsa$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-import-url-privkey$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-privkey-fork$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-ec-privkey-test$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-privkey-always-auth$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-privkey-export$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-import-with-pin$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-privkey-pthread$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-pin-func$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-obj-import$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-privkey-fork-reinit$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-mechanisms$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-privkey-safenet-always-auth$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-rsa-pss-privkey-test$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/tls-neg-pkcs11-key$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-privkey-generate$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/gnutls_x509_crt_list_import_url$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/gnutls_pcert_list_import_x509_file$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-eddsa-privkey-test$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-token-raw$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11-obj-raw$(EXEEXT) +@ENABLE_PKCS11_TRUE@@P11KIT_0_23_11_API_TRUE@@WINDOWS_FALSE@am__EXEEXT_8 = pkcs11-import-url-privkey-caps$(EXEEXT) +@ENABLE_OCSP_TRUE@am__EXEEXT_9 = ocsp$(EXEEXT) +@ENABLE_DANE_TRUE@am__EXEEXT_10 = dane$(EXEEXT) dane-strcodes$(EXEEXT) +@ENABLE_OPENSSL_TRUE@am__EXEEXT_11 = openssl$(EXEEXT) +@HAVE_FORK_TRUE@am__EXEEXT_12 = x509self$(EXEEXT) x509dn$(EXEEXT) \ +@HAVE_FORK_TRUE@ anonself$(EXEEXT) pskself$(EXEEXT) \ +@HAVE_FORK_TRUE@ pskself2$(EXEEXT) dhepskself$(EXEEXT) \ +@HAVE_FORK_TRUE@ setcredcrash$(EXEEXT) \ +@HAVE_FORK_TRUE@ tls12-resume-x509$(EXEEXT) \ +@HAVE_FORK_TRUE@ tls12-resume-psk$(EXEEXT) \ +@HAVE_FORK_TRUE@ tls12-resume-anon$(EXEEXT) \ +@HAVE_FORK_TRUE@ tls13-resume-x509$(EXEEXT) \ +@HAVE_FORK_TRUE@ tls13-resume-psk$(EXEEXT) \ +@HAVE_FORK_TRUE@ tls13-early-data$(EXEEXT) \ +@HAVE_FORK_TRUE@ tls13-early-data-neg$(EXEEXT) \ +@HAVE_FORK_TRUE@ tls13-early-data-neg2$(EXEEXT) \ +@HAVE_FORK_TRUE@ resume-with-record-size-limit$(EXEEXT) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am__EXEEXT_13 = tls13/post-handshake-with-cert-pkcs11$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/tls-neg-pkcs11-no-key$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ global-init-override$(EXEEXT) +@WINDOWS_TRUE@am__EXEEXT_14 = win32-certopenstore$(EXEEXT) +am__EXEEXT_15 = tls13/supported_versions$(EXEEXT) \ + tls13/tls12-no-tls13-exts$(EXEEXT) \ + tls13/post-handshake-with-cert$(EXEEXT) \ + tls13/post-handshake-without-cert$(EXEEXT) \ + tls13/cookie$(EXEEXT) tls13/key_share$(EXEEXT) \ + tls13/prf$(EXEEXT) tls13/prf-early$(EXEEXT) \ + tls13/post-handshake-with-cert-ticket$(EXEEXT) \ + tls12-rollback-detection$(EXEEXT) \ + tls11-rollback-detection$(EXEEXT) \ + tls12-check-rollback-val$(EXEEXT) \ + tls11-check-rollback-val$(EXEEXT) \ + tls13/post-handshake-with-psk$(EXEEXT) \ + tls13/post-handshake-with-cert-auto$(EXEEXT) \ + tls13/anti_replay$(EXEEXT) tls13/compress-cert$(EXEEXT) \ + tls13/compress-cert-neg$(EXEEXT) \ + tls13/compress-cert-neg2$(EXEEXT) \ + tls13/compress-cert-cli$(EXEEXT) \ + tls13/hello_retry_request$(EXEEXT) \ + tls13/hello_retry_request_resume$(EXEEXT) \ + tls13/psk-ext$(EXEEXT) tls13/key_update$(EXEEXT) \ + tls13/key_update_multiple$(EXEEXT) tls13/key_limits$(EXEEXT) \ + tls13/multi-ocsp$(EXEEXT) tls13/ocsp-client$(EXEEXT) \ + tls13/change_cipher_spec$(EXEEXT) tls13-cipher-neg$(EXEEXT) \ + tls13/no-psk-exts$(EXEEXT) tls13/psk-dumbfw$(EXEEXT) \ + tls13/psk-ke-modes$(EXEEXT) tls13-early-start$(EXEEXT) \ + tls13/no-auto-send-ticket$(EXEEXT) mini-record-2$(EXEEXT) \ + simple$(EXEEXT) gnutls_hmac_fast$(EXEEXT) \ + set_pkcs12_cred$(EXEEXT) cert$(EXEEXT) certuniqueid$(EXEEXT) \ + tls-neg-ext-key$(EXEEXT) mpi$(EXEEXT) \ + certificate_set_x509_crl$(EXEEXT) dn$(EXEEXT) \ + parse_ca$(EXEEXT) x509-dn$(EXEEXT) x509-dn-decode$(EXEEXT) \ + record-sizes$(EXEEXT) hostname-check$(EXEEXT) \ + cve-2008-4989$(EXEEXT) pkcs12_s2k$(EXEEXT) \ + chainverify$(EXEEXT) missingissuer$(EXEEXT) \ + missingissuer_aia$(EXEEXT) record-sizes-range$(EXEEXT) \ + crq_key_id$(EXEEXT) x509sign-verify$(EXEEXT) \ + sign-verify$(EXEEXT) cve-2009-1415$(EXEEXT) \ + cve-2009-1416$(EXEEXT) tls10-server-kx-neg$(EXEEXT) \ + tls11-server-kx-neg$(EXEEXT) tls12-server-kx-neg$(EXEEXT) \ + ssl30-server-kx-neg$(EXEEXT) tls12-cipher-neg$(EXEEXT) \ + tls11-cipher-neg$(EXEEXT) tls10-cipher-neg$(EXEEXT) \ + ssl30-cipher-neg$(EXEEXT) crq_apis$(EXEEXT) \ + init_roundtrip$(EXEEXT) pkcs12_s2k_pem$(EXEEXT) dn2$(EXEEXT) \ + tls12-rehandshake-cert-3$(EXEEXT) nul-in-x509-names$(EXEEXT) \ + x509_altname$(EXEEXT) pkcs12_encode$(EXEEXT) \ + mini-x509$(EXEEXT) gnutls_session_set_id$(EXEEXT) \ + rng-fork$(EXEEXT) mini-eagain-dtls$(EXEEXT) \ + resume-dtls$(EXEEXT) empty_retrieve_function$(EXEEXT) \ + tls13-rehandshake-cert$(EXEEXT) gnutls_ext_raw_parse$(EXEEXT) \ + handshake-large-cert$(EXEEXT) x509cert$(EXEEXT) \ + x509cert-tl$(EXEEXT) x509cert-ct$(EXEEXT) infoaccess$(EXEEXT) \ + mini-dtls-hello-verify$(EXEEXT) \ + sign-verify-ed25519-rfc8080$(EXEEXT) trustdb-tofu$(EXEEXT) \ + dtls-rehandshake-anon$(EXEEXT) mini-alpn$(EXEEXT) \ + mini-dtls-large$(EXEEXT) mini-termination$(EXEEXT) \ + mini-x509-cas$(EXEEXT) mini-x509-2$(EXEEXT) \ + pkcs12_simple$(EXEEXT) tls-pthread$(EXEEXT) \ + mini-emsgsize-dtls$(EXEEXT) chainverify-unsorted$(EXEEXT) \ + mini-overhead$(EXEEXT) tls12-ffdhe$(EXEEXT) \ + mini-dtls-heartbeat$(EXEEXT) mini-x509-callbacks$(EXEEXT) \ + key-openssl$(EXEEXT) priorities$(EXEEXT) \ + priorities-groups$(EXEEXT) gnutls_x509_privkey_import$(EXEEXT) \ + gnutls_x509_crt_list_import$(EXEEXT) time$(EXEEXT) \ + x509-server-verify$(EXEEXT) sign-verify-ext4$(EXEEXT) \ + tls-neg-ext4-key$(EXEEXT) resume-lifetime$(EXEEXT) \ + mini-dtls-srtp$(EXEEXT) rsa-encrypt-decrypt$(EXEEXT) \ + mini-loss-time$(EXEEXT) gnutls-strcodes$(EXEEXT) \ + mini-record$(EXEEXT) mini-dtls-record$(EXEEXT) \ + handshake-timeout$(EXEEXT) mini-record-range$(EXEEXT) \ + cert-status$(EXEEXT) fips-mode-pthread$(EXEEXT) \ + rsa-psk$(EXEEXT) global-init$(EXEEXT) sec-params$(EXEEXT) \ + sign-verify-data$(EXEEXT) fips-test$(EXEEXT) \ + fips-override-test$(EXEEXT) mini-global-load$(EXEEXT) \ + name-constraints$(EXEEXT) x509-extensions$(EXEEXT) \ + long-session-id$(EXEEXT) mini-x509-callbacks-intr$(EXEEXT) \ + mini-dtls-lowmtu$(EXEEXT) set_x509_key_file-late$(EXEEXT) \ + crlverify$(EXEEXT) mini-dtls-discard$(EXEEXT) \ + mini-record-failure$(EXEEXT) openconnect-dtls12$(EXEEXT) \ + tls12-rehandshake-cert-2$(EXEEXT) custom-urls$(EXEEXT) \ + set_x509_key_mem$(EXEEXT) set_x509_key_file$(EXEEXT) \ + tls12-rehandshake-cert-auto$(EXEEXT) \ + tls12-rehandshake-set-prio$(EXEEXT) \ + mini-chain-unsorted$(EXEEXT) x509-verify-with-crl$(EXEEXT) \ + mini-dtls-mtu$(EXEEXT) privkey-verify-broken$(EXEEXT) \ + mini-dtls-record-asym$(EXEEXT) key-import-export$(EXEEXT) \ + priority-set$(EXEEXT) priority-set2$(EXEEXT) \ + pubkey-import-export$(EXEEXT) sign-is-secure$(EXEEXT) \ + spki$(EXEEXT) spki-abstract$(EXEEXT) rsa-rsa-pss$(EXEEXT) \ + mini-dtls-fork$(EXEEXT) dtls-pthread$(EXEEXT) \ + mini-key-material$(EXEEXT) x509cert-invalid$(EXEEXT) \ + tls-ext-register$(EXEEXT) tls-supplemental$(EXEEXT) \ + mini-dtls0-9$(EXEEXT) duplicate-extensions$(EXEEXT) \ + record-retvals$(EXEEXT) mini-server-name$(EXEEXT) \ + tls-etm$(EXEEXT) tls-force-etm$(EXEEXT) \ + x509-cert-callback$(EXEEXT) alerts$(EXEEXT) \ + client-sign-md5-rep$(EXEEXT) \ + tls12-invalid-key-exchanges$(EXEEXT) session-rdn-read$(EXEEXT) \ + tls13-cert-key-exchange$(EXEEXT) \ + x509-cert-callback-ocsp$(EXEEXT) \ + gnutls_ocsp_resp_list_import2$(EXEEXT) \ + server-sign-md5-rep$(EXEEXT) privkey-keygen$(EXEEXT) \ + mini-tls-nonblock$(EXEEXT) no-signal$(EXEEXT) \ + pkcs7-gen$(EXEEXT) dtls-etm$(EXEEXT) \ + x509sign-verify-rsa$(EXEEXT) x509sign-verify-ecdsa$(EXEEXT) \ + x509sign-verify-gost$(EXEEXT) cipher-alignment$(EXEEXT) \ + oids$(EXEEXT) atfork$(EXEEXT) prf$(EXEEXT) psk-file$(EXEEXT) \ + priority-init2$(EXEEXT) post-client-hello-change-prio$(EXEEXT) \ + status-request$(EXEEXT) status-request-ok$(EXEEXT) \ + rfc7633-missing$(EXEEXT) sign-verify-ext$(EXEEXT) \ + fallback-scsv$(EXEEXT) pkcs8-key-decode$(EXEEXT) urls$(EXEEXT) \ + dtls-rehandshake-cert$(EXEEXT) rfc7633-ok$(EXEEXT) \ + key-usage-rsa$(EXEEXT) key-usage-ecdhe-rsa$(EXEEXT) \ + mini-session-verify-function$(EXEEXT) auto-verify$(EXEEXT) \ + record-timeouts$(EXEEXT) mini-dtls-hello-verify-48$(EXEEXT) \ + set-default-prio$(EXEEXT) tls12-anon-upgrade$(EXEEXT) \ + tlsext-decoding$(EXEEXT) rsa-psk-cb$(EXEEXT) \ + gnutls-ids$(EXEEXT) rehandshake-switch-cert$(EXEEXT) \ + rehandshake-switch-cert-allow$(EXEEXT) \ + rehandshake-switch-cert-client$(EXEEXT) \ + rehandshake-switch-cert-client-allow$(EXEEXT) \ + handshake-versions$(EXEEXT) dtls-handshake-versions$(EXEEXT) \ + dtls-max-record$(EXEEXT) tls12-max-record$(EXEEXT) \ + alpn-server-prec$(EXEEXT) ocsp-filename-memleak$(EXEEXT) \ + dh-params$(EXEEXT) rehandshake-ext-secret$(EXEEXT) \ + pcert-list$(EXEEXT) session-export-funcs$(EXEEXT) \ + handshake-false-start$(EXEEXT) version-checks$(EXEEXT) \ + key-material-dtls$(EXEEXT) key-material-set-dtls$(EXEEXT) \ + name-constraints-merge$(EXEEXT) crl-basic$(EXEEXT) \ + crq-basic$(EXEEXT) send-client-cert$(EXEEXT) \ + custom-urls-override$(EXEEXT) hex$(EXEEXT) \ + rehandshake-switch-psk-id$(EXEEXT) \ + rehandshake-switch-srp-id$(EXEEXT) base64$(EXEEXT) \ + srpbase64$(EXEEXT) pkcs1-digest-info$(EXEEXT) \ + set_x509_key$(EXEEXT) set_x509_key_file_der$(EXEEXT) \ + set_x509_pkcs12_key$(EXEEXT) crt_apis$(EXEEXT) \ + tls12-cert-key-exchange$(EXEEXT) \ + tls11-cert-key-exchange$(EXEEXT) \ + tls10-cert-key-exchange$(EXEEXT) \ + ssl30-cert-key-exchange$(EXEEXT) \ + dtls12-cert-key-exchange$(EXEEXT) \ + dtls10-cert-key-exchange$(EXEEXT) \ + x509-cert-callback-legacy$(EXEEXT) keylog-env$(EXEEXT) \ + ssl2-hello$(EXEEXT) tlsfeature-ext$(EXEEXT) \ + dtls-rehandshake-cert-2$(EXEEXT) \ + dtls-session-ticket-lost$(EXEEXT) tlsfeature-crt$(EXEEXT) \ + dtls-rehandshake-cert-3$(EXEEXT) \ + resume-with-false-start$(EXEEXT) \ + set_x509_key_file_ocsp$(EXEEXT) client-fastopen$(EXEEXT) \ + rng-sigint$(EXEEXT) srp$(EXEEXT) rng-pthread$(EXEEXT) \ + safe-renegotiation/srn0$(EXEEXT) \ + safe-renegotiation/srn1$(EXEEXT) \ + safe-renegotiation/srn2$(EXEEXT) \ + safe-renegotiation/srn3$(EXEEXT) \ + safe-renegotiation/srn4$(EXEEXT) \ + safe-renegotiation/srn5$(EXEEXT) rsa-illegal-import$(EXEEXT) \ + set_x509_ocsp_multi_invalid$(EXEEXT) set_key$(EXEEXT) \ + set_x509_key_file_ocsp_multi2$(EXEEXT) \ + set_x509_ocsp_multi_unknown$(EXEEXT) \ + set_x509_ocsp_multi_pem$(EXEEXT) tls-ext-not-in-dtls$(EXEEXT) \ + set_key_utf8$(EXEEXT) set_x509_key_utf8$(EXEEXT) \ + insecure_key$(EXEEXT) handshake-large-packet$(EXEEXT) \ + client_dsa_key$(EXEEXT) server_ecdsa_key$(EXEEXT) \ + tls-session-ext-register$(EXEEXT) \ + tls-session-supplemental$(EXEEXT) multi-alerts$(EXEEXT) \ + naked-alerts$(EXEEXT) pkcs7-cat-parse$(EXEEXT) \ + set_known_dh_params_x509$(EXEEXT) \ + set_known_dh_params_anon$(EXEEXT) \ + set_known_dh_params_psk$(EXEEXT) session-tickets-ok$(EXEEXT) \ + session-tickets-missing$(EXEEXT) \ + set_x509_key_file_legacy$(EXEEXT) status-request-ext$(EXEEXT) \ + gnutls_x509_crt_sign$(EXEEXT) gnutls_x509_crq_sign$(EXEEXT) \ + dtls-repro-20170915$(EXEEXT) rng-no-onload$(EXEEXT) \ + dtls1-2-mtu-check$(EXEEXT) crl_apis$(EXEEXT) \ + cert_verify_inv_utf8$(EXEEXT) no-extensions$(EXEEXT) \ + hostname-check-utf8$(EXEEXT) \ + pkcs8-key-decode-encrypted$(EXEEXT) priority-mix$(EXEEXT) \ + pkcs7$(EXEEXT) send-data-before-handshake$(EXEEXT) \ + recv-data-before-handshake$(EXEEXT) crt_inv_write$(EXEEXT) \ + x509sign-verify-error$(EXEEXT) rng-op-nonce$(EXEEXT) \ + rng-op-random$(EXEEXT) rng-op-key$(EXEEXT) \ + x509-dn-decode-compat$(EXEEXT) ip-check$(EXEEXT) \ + mini-x509-ipaddr$(EXEEXT) trust-store$(EXEEXT) \ + base64-raw$(EXEEXT) random-art$(EXEEXT) dhex509self$(EXEEXT) \ + dss-sig-val$(EXEEXT) sign-pk-api$(EXEEXT) \ + tls-session-ext-override$(EXEEXT) record-pad$(EXEEXT) \ + tls13-server-kx-neg$(EXEEXT) \ + gnutls_ext_raw_parse_dtls$(EXEEXT) key-export-pkcs8$(EXEEXT) \ + null_retrieve_function$(EXEEXT) tls-record-size-limit$(EXEEXT) \ + tls-crt_type-neg$(EXEEXT) resume-with-stek-expiration$(EXEEXT) \ + resume-with-previous-stek$(EXEEXT) rawpk-api$(EXEEXT) \ + tls-record-size-limit-asym$(EXEEXT) dh-compute$(EXEEXT) \ + ecdh-compute$(EXEEXT) sign-verify-data-newapi$(EXEEXT) \ + sign-verify-newapi$(EXEEXT) sign-verify-deterministic$(EXEEXT) \ + iov$(EXEEXT) aead-cipher-vec$(EXEEXT) \ + tls13-without-timeout-func$(EXEEXT) buffer$(EXEEXT) \ + status-request-revoked$(EXEEXT) \ + set_x509_ocsp_multi_cli$(EXEEXT) kdf-api$(EXEEXT) \ + keylog-func$(EXEEXT) handshake-write$(EXEEXT) \ + x509cert-dntypes$(EXEEXT) id-on-xmppAddr$(EXEEXT) \ + tls13-compat-mode$(EXEEXT) ciphersuite-name$(EXEEXT) \ + x509-upnconstraint$(EXEEXT) cipher-padding$(EXEEXT) \ + pkcs7-verify-double-free$(EXEEXT) fips-rsa-sizes$(EXEEXT) \ + tls-channel-binding$(EXEEXT) $(am__EXEEXT_3) $(am__EXEEXT_4) \ + $(am__EXEEXT_5) $(am__EXEEXT_6) $(am__EXEEXT_7) \ + $(am__EXEEXT_8) $(am__EXEEXT_9) $(am__EXEEXT_10) \ + $(am__EXEEXT_11) $(am__EXEEXT_12) record-sendfile$(EXEEXT) \ + $(am__EXEEXT_13) $(am__EXEEXT_14) +@ENABLE_KTLS_TRUE@am__EXEEXT_16 = gnutls_ktls$(EXEEXT) +@WINDOWS_FALSE@am__EXEEXT_17 = dtls-stress$(EXEEXT) +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@am__EXEEXT_18 = system-override-curves-allowlist$(EXEEXT) \ +@DISABLE_SYSTEM_CONFIG_FALSE@@WINDOWS_FALSE@ protocol-set-allowlist$(EXEEXT) +@ENABLE_PKCS11_TRUE@@HAVE_PKCS11_TRUST_STORE_TRUE@@P11KIT_0_23_11_API_TRUE@@WINDOWS_FALSE@am__EXEEXT_19 = pkcs11/list-tokens$(EXEEXT) \ +@ENABLE_PKCS11_TRUE@@HAVE_PKCS11_TRUST_STORE_TRUE@@P11KIT_0_23_11_API_TRUE@@WINDOWS_FALSE@ pkcs11/list-objects$(EXEEXT) +@WINDOWS_FALSE@am__EXEEXT_20 = datefudge-check$(EXEEXT) +am__EXEEXT_21 = system-override-hash$(EXEEXT) \ + system-override-sig$(EXEEXT) system-override-sig-tls$(EXEEXT) \ + $(am__EXEEXT_16) $(am__EXEEXT_17) $(am__EXEEXT_18) \ + $(am__EXEEXT_19) $(am__EXEEXT_20) +PROGRAMS = $(noinst_PROGRAMS) +LTLIBRARIES = $(noinst_LTLIBRARIES) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@libpkcs11mock1_la_DEPENDENCIES = \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ ../gl/libgnu.la +am__libpkcs11mock1_la_SOURCES_DIST = pkcs11/pkcs11-mock.c \ + pkcs11/pkcs11-mock.h pkcs11/pkcs11-mock-ext.h +am__dirstamp = $(am__leading_dot)dirstamp +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_libpkcs11mock1_la_OBJECTS = \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-mock.lo +libpkcs11mock1_la_OBJECTS = $(am_libpkcs11mock1_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +libpkcs11mock1_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libpkcs11mock1_la_LDFLAGS) $(LDFLAGS) \ + -o $@ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_libpkcs11mock1_la_rpath = +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@libpkcs11mock2_la_DEPENDENCIES = \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ ../gl/libgnu.la +am__libpkcs11mock2_la_SOURCES_DIST = pkcs11/pkcs11-mock2.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_libpkcs11mock2_la_OBJECTS = \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ pkcs11/pkcs11-mock2.lo +libpkcs11mock2_la_OBJECTS = $(am_libpkcs11mock2_la_OBJECTS) +libpkcs11mock2_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libpkcs11mock2_la_LDFLAGS) $(LDFLAGS) \ + -o $@ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_libpkcs11mock2_la_rpath = +libutils_la_DEPENDENCIES = ../lib/libgnutls.la +am_libutils_la_OBJECTS = utils.lo seccomp.lo utils-adv.lo +libutils_la_OBJECTS = $(am_libutils_la_OBJECTS) +aead_cipher_vec_SOURCES = aead-cipher-vec.c +aead_cipher_vec_OBJECTS = aead-cipher-vec.$(OBJEXT) +aead_cipher_vec_LDADD = $(LDADD) +am__DEPENDENCIES_1 = +am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +aead_cipher_vec_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +alerts_SOURCES = alerts.c +alerts_OBJECTS = alerts.$(OBJEXT) +alerts_LDADD = $(LDADD) +alerts_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +alpn_server_prec_SOURCES = alpn-server-prec.c +alpn_server_prec_OBJECTS = alpn-server-prec.$(OBJEXT) +alpn_server_prec_LDADD = $(LDADD) +alpn_server_prec_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +anonself_SOURCES = anonself.c +anonself_OBJECTS = anonself.$(OBJEXT) +anonself_LDADD = $(LDADD) +anonself_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +atfork_SOURCES = atfork.c +atfork_OBJECTS = atfork-atfork.$(OBJEXT) +atfork_LDADD = $(LDADD) +atfork_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +auto_verify_SOURCES = auto-verify.c +auto_verify_OBJECTS = auto-verify.$(OBJEXT) +auto_verify_LDADD = $(LDADD) +auto_verify_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +base64_SOURCES = base64.c +base64_OBJECTS = base64.$(OBJEXT) +base64_LDADD = $(LDADD) +base64_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +base64_raw_SOURCES = base64-raw.c +base64_raw_OBJECTS = base64-raw.$(OBJEXT) +base64_raw_LDADD = $(LDADD) +base64_raw_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +buffer_SOURCES = buffer.c +buffer_OBJECTS = buffer-buffer.$(OBJEXT) +buffer_LDADD = $(LDADD) +buffer_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +cert_SOURCES = cert.c +cert_OBJECTS = cert.$(OBJEXT) +cert_LDADD = $(LDADD) +cert_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +cert_status_SOURCES = cert-status.c +cert_status_OBJECTS = cert-status.$(OBJEXT) +cert_status_LDADD = $(LDADD) +cert_status_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +cert_verify_inv_utf8_SOURCES = cert_verify_inv_utf8.c +cert_verify_inv_utf8_OBJECTS = cert_verify_inv_utf8.$(OBJEXT) +cert_verify_inv_utf8_LDADD = $(LDADD) +cert_verify_inv_utf8_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +certificate_set_x509_crl_SOURCES = certificate_set_x509_crl.c +certificate_set_x509_crl_OBJECTS = certificate_set_x509_crl.$(OBJEXT) +certificate_set_x509_crl_LDADD = $(LDADD) +certificate_set_x509_crl_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +certuniqueid_SOURCES = certuniqueid.c +certuniqueid_OBJECTS = certuniqueid.$(OBJEXT) +certuniqueid_LDADD = $(LDADD) +certuniqueid_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +chainverify_SOURCES = chainverify.c +chainverify_OBJECTS = chainverify.$(OBJEXT) +chainverify_LDADD = $(LDADD) +chainverify_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +chainverify_unsorted_SOURCES = chainverify-unsorted.c +chainverify_unsorted_OBJECTS = chainverify-unsorted.$(OBJEXT) +chainverify_unsorted_LDADD = $(LDADD) +chainverify_unsorted_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +cipher_alignment_SOURCES = cipher-alignment.c +cipher_alignment_OBJECTS = \ + cipher_alignment-cipher-alignment.$(OBJEXT) +am__DEPENDENCIES_3 = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +cipher_alignment_DEPENDENCIES = $(am__DEPENDENCIES_3) \ + $(am__DEPENDENCIES_1) +cipher_padding_SOURCES = cipher-padding.c +cipher_padding_OBJECTS = cipher-padding.$(OBJEXT) +cipher_padding_LDADD = $(LDADD) +cipher_padding_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +ciphersuite_name_SOURCES = ciphersuite-name.c +ciphersuite_name_OBJECTS = ciphersuite-name.$(OBJEXT) +ciphersuite_name_LDADD = $(LDADD) +ciphersuite_name_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +client_fastopen_SOURCES = client-fastopen.c +client_fastopen_OBJECTS = client-fastopen.$(OBJEXT) +client_fastopen_LDADD = $(LDADD) +client_fastopen_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +client_sign_md5_rep_SOURCES = client-sign-md5-rep.c +client_sign_md5_rep_OBJECTS = client-sign-md5-rep.$(OBJEXT) +client_sign_md5_rep_LDADD = $(LDADD) +client_sign_md5_rep_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +client_dsa_key_SOURCES = client_dsa_key.c +client_dsa_key_OBJECTS = client_dsa_key.$(OBJEXT) +client_dsa_key_LDADD = $(LDADD) +client_dsa_key_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +conv_utf8_SOURCES = conv-utf8.c +conv_utf8_OBJECTS = conv-utf8.$(OBJEXT) +am__DEPENDENCIES_4 = $(COMMON_GNUTLS_LDADD) $(am__DEPENDENCIES_2) +@HAVE_CMOCKA_TRUE@am__DEPENDENCIES_5 = $(am__DEPENDENCIES_4) \ +@HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_1) +@HAVE_CMOCKA_TRUE@conv_utf8_DEPENDENCIES = $(am__DEPENDENCIES_5) +crl_basic_SOURCES = crl-basic.c +crl_basic_OBJECTS = crl-basic.$(OBJEXT) +crl_basic_LDADD = $(LDADD) +crl_basic_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +crl_apis_SOURCES = crl_apis.c +crl_apis_OBJECTS = crl_apis.$(OBJEXT) +crl_apis_LDADD = $(LDADD) +crl_apis_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +crlverify_SOURCES = crlverify.c +crlverify_OBJECTS = crlverify.$(OBJEXT) +crlverify_LDADD = $(LDADD) +crlverify_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +crq_basic_SOURCES = crq-basic.c +crq_basic_OBJECTS = crq-basic.$(OBJEXT) +crq_basic_LDADD = $(LDADD) +crq_basic_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +crq_apis_SOURCES = crq_apis.c +crq_apis_OBJECTS = crq_apis.$(OBJEXT) +crq_apis_LDADD = $(LDADD) +crq_apis_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +crq_key_id_SOURCES = crq_key_id.c +crq_key_id_OBJECTS = crq_key_id.$(OBJEXT) +crq_key_id_LDADD = $(LDADD) +crq_key_id_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +crt_apis_SOURCES = crt_apis.c +crt_apis_OBJECTS = crt_apis.$(OBJEXT) +crt_apis_LDADD = $(LDADD) +crt_apis_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +crt_inv_write_SOURCES = crt_inv_write.c +crt_inv_write_OBJECTS = crt_inv_write.$(OBJEXT) +crt_inv_write_LDADD = $(LDADD) +crt_inv_write_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +custom_urls_SOURCES = custom-urls.c +custom_urls_OBJECTS = custom-urls.$(OBJEXT) +custom_urls_LDADD = $(LDADD) +custom_urls_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +custom_urls_override_SOURCES = custom-urls-override.c +custom_urls_override_OBJECTS = custom-urls-override.$(OBJEXT) +custom_urls_override_LDADD = $(LDADD) +custom_urls_override_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +cve_2008_4989_SOURCES = cve-2008-4989.c +cve_2008_4989_OBJECTS = cve-2008-4989.$(OBJEXT) +cve_2008_4989_LDADD = $(LDADD) +cve_2008_4989_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +cve_2009_1415_SOURCES = cve-2009-1415.c +cve_2009_1415_OBJECTS = cve-2009-1415.$(OBJEXT) +cve_2009_1415_LDADD = $(LDADD) +cve_2009_1415_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +cve_2009_1416_SOURCES = cve-2009-1416.c +cve_2009_1416_OBJECTS = cve-2009-1416.$(OBJEXT) +cve_2009_1416_LDADD = $(LDADD) +cve_2009_1416_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dane_SOURCES = dane.c +dane_OBJECTS = dane.$(OBJEXT) +dane_DEPENDENCIES = $(am__DEPENDENCIES_3) ../libdane/libgnutls-dane.la +dane_strcodes_SOURCES = dane-strcodes.c +dane_strcodes_OBJECTS = dane-strcodes.$(OBJEXT) +dane_strcodes_DEPENDENCIES = $(am__DEPENDENCIES_3) \ + ../libdane/libgnutls-dane.la +datefudge_check_SOURCES = datefudge-check.c +datefudge_check_OBJECTS = datefudge-check.$(OBJEXT) +datefudge_check_LDADD = $(LDADD) +datefudge_check_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dh_compute_SOURCES = dh-compute.c +dh_compute_OBJECTS = dh-compute.$(OBJEXT) +dh_compute_LDADD = $(LDADD) +dh_compute_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dh_params_SOURCES = dh-params.c +dh_params_OBJECTS = dh-params.$(OBJEXT) +dh_params_LDADD = $(LDADD) +dh_params_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dhepskself_SOURCES = dhepskself.c +dhepskself_OBJECTS = dhepskself.$(OBJEXT) +dhepskself_LDADD = $(LDADD) +dhepskself_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dhex509self_SOURCES = dhex509self.c +dhex509self_OBJECTS = dhex509self.$(OBJEXT) +dhex509self_LDADD = $(LDADD) +dhex509self_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dn_SOURCES = dn.c +dn_OBJECTS = dn.$(OBJEXT) +dn_LDADD = $(LDADD) +dn_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dn2_SOURCES = dn2.c +dn2_OBJECTS = dn2.$(OBJEXT) +dn2_LDADD = $(LDADD) +dn2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dss_sig_val_SOURCES = dss-sig-val.c +dss_sig_val_OBJECTS = dss-sig-val.$(OBJEXT) +dss_sig_val_LDADD = $(LDADD) +dss_sig_val_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dtls_client_with_seccomp_SOURCES = dtls-client-with-seccomp.c +dtls_client_with_seccomp_OBJECTS = dtls-client-with-seccomp.$(OBJEXT) +dtls_client_with_seccomp_LDADD = $(LDADD) +dtls_client_with_seccomp_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +dtls_etm_SOURCES = dtls-etm.c +dtls_etm_OBJECTS = dtls-etm.$(OBJEXT) +dtls_etm_LDADD = $(LDADD) +dtls_etm_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dtls_handshake_versions_SOURCES = dtls-handshake-versions.c +dtls_handshake_versions_OBJECTS = dtls-handshake-versions.$(OBJEXT) +dtls_handshake_versions_LDADD = $(LDADD) +dtls_handshake_versions_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +dtls_max_record_SOURCES = dtls-max-record.c +dtls_max_record_OBJECTS = dtls-max-record.$(OBJEXT) +dtls_max_record_LDADD = $(LDADD) +dtls_max_record_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dtls_pthread_SOURCES = dtls-pthread.c +dtls_pthread_OBJECTS = dtls-pthread.$(OBJEXT) +dtls_pthread_DEPENDENCIES = $(am__DEPENDENCIES_3) +dtls_rehandshake_anon_SOURCES = dtls-rehandshake-anon.c +dtls_rehandshake_anon_OBJECTS = dtls-rehandshake-anon.$(OBJEXT) +dtls_rehandshake_anon_LDADD = $(LDADD) +dtls_rehandshake_anon_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +dtls_rehandshake_cert_SOURCES = dtls-rehandshake-cert.c +dtls_rehandshake_cert_OBJECTS = dtls-rehandshake-cert.$(OBJEXT) +dtls_rehandshake_cert_LDADD = $(LDADD) +dtls_rehandshake_cert_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +dtls_rehandshake_cert_2_SOURCES = dtls-rehandshake-cert-2.c +dtls_rehandshake_cert_2_OBJECTS = dtls-rehandshake-cert-2.$(OBJEXT) +dtls_rehandshake_cert_2_LDADD = $(LDADD) +dtls_rehandshake_cert_2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +dtls_rehandshake_cert_3_SOURCES = dtls-rehandshake-cert-3.c +dtls_rehandshake_cert_3_OBJECTS = dtls-rehandshake-cert-3.$(OBJEXT) +dtls_rehandshake_cert_3_LDADD = $(LDADD) +dtls_rehandshake_cert_3_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +am_dtls_repro_20170915_OBJECTS = dtls-repro-20170915.$(OBJEXT) \ + common-cert-key-exchange.$(OBJEXT) +dtls_repro_20170915_OBJECTS = $(am_dtls_repro_20170915_OBJECTS) +dtls_repro_20170915_LDADD = $(LDADD) +dtls_repro_20170915_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dtls_session_ticket_lost_SOURCES = dtls-session-ticket-lost.c +dtls_session_ticket_lost_OBJECTS = dtls-session-ticket-lost.$(OBJEXT) +dtls_session_ticket_lost_LDADD = $(LDADD) +dtls_session_ticket_lost_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +dtls_sliding_window_SOURCES = dtls-sliding-window.c +dtls_sliding_window_OBJECTS = dtls-sliding-window.$(OBJEXT) +@HAVE_CMOCKA_TRUE@dtls_sliding_window_DEPENDENCIES = \ +@HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_5) +am__dtls_stress_SOURCES_DIST = dtls/dtls-stress.c +@WINDOWS_FALSE@am_dtls_stress_OBJECTS = dtls/dtls-stress.$(OBJEXT) +dtls_stress_OBJECTS = $(am_dtls_stress_OBJECTS) +@WINDOWS_FALSE@dtls_stress_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ +@WINDOWS_FALSE@ $(am__DEPENDENCIES_2) +dtls_with_seccomp_SOURCES = dtls-with-seccomp.c +dtls_with_seccomp_OBJECTS = dtls-with-seccomp.$(OBJEXT) +dtls_with_seccomp_LDADD = $(LDADD) +dtls_with_seccomp_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +dtls1_2_mtu_check_SOURCES = dtls1-2-mtu-check.c +dtls1_2_mtu_check_OBJECTS = dtls1-2-mtu-check.$(OBJEXT) +dtls1_2_mtu_check_LDADD = $(LDADD) +dtls1_2_mtu_check_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +am_dtls10_cert_key_exchange_OBJECTS = \ + common-cert-key-exchange.$(OBJEXT) \ + dtls10-cert-key-exchange.$(OBJEXT) +dtls10_cert_key_exchange_OBJECTS = \ + $(am_dtls10_cert_key_exchange_OBJECTS) +dtls10_cert_key_exchange_LDADD = $(LDADD) +dtls10_cert_key_exchange_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +am_dtls12_cert_key_exchange_OBJECTS = \ + common-cert-key-exchange.$(OBJEXT) \ + dtls12-cert-key-exchange.$(OBJEXT) +dtls12_cert_key_exchange_OBJECTS = \ + $(am_dtls12_cert_key_exchange_OBJECTS) +dtls12_cert_key_exchange_LDADD = $(LDADD) +dtls12_cert_key_exchange_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +duplicate_extensions_SOURCES = duplicate-extensions.c +duplicate_extensions_OBJECTS = duplicate-extensions.$(OBJEXT) +duplicate_extensions_LDADD = $(LDADD) +duplicate_extensions_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +eagain_SOURCES = eagain.c +eagain_OBJECTS = eagain.$(OBJEXT) +@HAVE_CMOCKA_TRUE@eagain_DEPENDENCIES = $(am__DEPENDENCIES_5) +eagain_auto_auth_SOURCES = eagain-auto-auth.c +eagain_auto_auth_OBJECTS = eagain-auto-auth.$(OBJEXT) +@HAVE_CMOCKA_TRUE@eagain_auto_auth_DEPENDENCIES = \ +@HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_5) +ecdh_compute_SOURCES = ecdh-compute.c +ecdh_compute_OBJECTS = ecdh-compute.$(OBJEXT) +ecdh_compute_LDADD = $(LDADD) +ecdh_compute_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +empty_retrieve_function_SOURCES = empty_retrieve_function.c +empty_retrieve_function_OBJECTS = empty_retrieve_function.$(OBJEXT) +empty_retrieve_function_LDADD = $(LDADD) +empty_retrieve_function_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +fallback_scsv_SOURCES = fallback-scsv.c +fallback_scsv_OBJECTS = fallback-scsv.$(OBJEXT) +fallback_scsv_LDADD = $(LDADD) +fallback_scsv_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +fips_mode_pthread_SOURCES = fips-mode-pthread.c +fips_mode_pthread_OBJECTS = fips-mode-pthread.$(OBJEXT) +fips_mode_pthread_DEPENDENCIES = $(am__DEPENDENCIES_3) +fips_override_test_SOURCES = fips-override-test.c +fips_override_test_OBJECTS = fips-override-test.$(OBJEXT) +fips_override_test_LDADD = $(LDADD) +fips_override_test_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +fips_rsa_sizes_SOURCES = fips-rsa-sizes.c +fips_rsa_sizes_OBJECTS = fips-rsa-sizes.$(OBJEXT) +fips_rsa_sizes_LDADD = $(LDADD) +fips_rsa_sizes_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +fips_test_SOURCES = fips-test.c +fips_test_OBJECTS = fips-test.$(OBJEXT) +fips_test_LDADD = $(LDADD) +fips_test_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +global_init_SOURCES = global-init.c +global_init_OBJECTS = global-init.$(OBJEXT) +global_init_LDADD = $(LDADD) +global_init_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +global_init_override_SOURCES = global-init-override.c +global_init_override_OBJECTS = global-init-override.$(OBJEXT) +global_init_override_LDADD = $(LDADD) +global_init_override_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +gnutls_ids_SOURCES = gnutls-ids.c +gnutls_ids_OBJECTS = gnutls-ids.$(OBJEXT) +gnutls_ids_LDADD = $(LDADD) +gnutls_ids_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +gnutls_strcodes_SOURCES = gnutls-strcodes.c +gnutls_strcodes_OBJECTS = gnutls-strcodes.$(OBJEXT) +gnutls_strcodes_LDADD = $(LDADD) +gnutls_strcodes_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +gnutls_ext_raw_parse_SOURCES = gnutls_ext_raw_parse.c +gnutls_ext_raw_parse_OBJECTS = gnutls_ext_raw_parse.$(OBJEXT) +gnutls_ext_raw_parse_LDADD = $(LDADD) +gnutls_ext_raw_parse_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +gnutls_ext_raw_parse_dtls_SOURCES = gnutls_ext_raw_parse_dtls.c +gnutls_ext_raw_parse_dtls_OBJECTS = \ + gnutls_ext_raw_parse_dtls.$(OBJEXT) +gnutls_ext_raw_parse_dtls_LDADD = $(LDADD) +gnutls_ext_raw_parse_dtls_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +gnutls_hmac_fast_SOURCES = gnutls_hmac_fast.c +gnutls_hmac_fast_OBJECTS = gnutls_hmac_fast.$(OBJEXT) +gnutls_hmac_fast_LDADD = $(LDADD) +gnutls_hmac_fast_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +gnutls_ktls_SOURCES = gnutls_ktls.c +gnutls_ktls_OBJECTS = gnutls_ktls.$(OBJEXT) +gnutls_ktls_LDADD = $(LDADD) +gnutls_ktls_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +gnutls_ocsp_resp_list_import2_SOURCES = \ + gnutls_ocsp_resp_list_import2.c +gnutls_ocsp_resp_list_import2_OBJECTS = \ + gnutls_ocsp_resp_list_import2.$(OBJEXT) +gnutls_ocsp_resp_list_import2_LDADD = $(LDADD) +gnutls_ocsp_resp_list_import2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +gnutls_record_overhead_SOURCES = gnutls_record_overhead.c +gnutls_record_overhead_OBJECTS = \ + gnutls_record_overhead-gnutls_record_overhead.$(OBJEXT) +@HAVE_CMOCKA_TRUE@gnutls_record_overhead_DEPENDENCIES = \ +@HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_5) +gnutls_session_set_id_SOURCES = gnutls_session_set_id.c +gnutls_session_set_id_OBJECTS = gnutls_session_set_id.$(OBJEXT) +gnutls_session_set_id_LDADD = $(LDADD) +gnutls_session_set_id_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +gnutls_x509_crq_sign_SOURCES = gnutls_x509_crq_sign.c +gnutls_x509_crq_sign_OBJECTS = gnutls_x509_crq_sign.$(OBJEXT) +gnutls_x509_crq_sign_LDADD = $(LDADD) +gnutls_x509_crq_sign_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +gnutls_x509_crt_list_import_SOURCES = gnutls_x509_crt_list_import.c +gnutls_x509_crt_list_import_OBJECTS = \ + gnutls_x509_crt_list_import.$(OBJEXT) +gnutls_x509_crt_list_import_LDADD = $(LDADD) +gnutls_x509_crt_list_import_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +gnutls_x509_crt_sign_SOURCES = gnutls_x509_crt_sign.c +gnutls_x509_crt_sign_OBJECTS = gnutls_x509_crt_sign.$(OBJEXT) +gnutls_x509_crt_sign_LDADD = $(LDADD) +gnutls_x509_crt_sign_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +gnutls_x509_privkey_import_SOURCES = gnutls_x509_privkey_import.c +gnutls_x509_privkey_import_OBJECTS = \ + gnutls_x509_privkey_import.$(OBJEXT) +gnutls_x509_privkey_import_LDADD = $(LDADD) +gnutls_x509_privkey_import_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +handshake_false_start_SOURCES = handshake-false-start.c +handshake_false_start_OBJECTS = handshake-false-start.$(OBJEXT) +handshake_false_start_LDADD = $(LDADD) +handshake_false_start_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +handshake_large_cert_SOURCES = handshake-large-cert.c +handshake_large_cert_OBJECTS = handshake-large-cert.$(OBJEXT) +handshake_large_cert_LDADD = $(LDADD) +handshake_large_cert_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +handshake_large_packet_SOURCES = handshake-large-packet.c +handshake_large_packet_OBJECTS = handshake-large-packet.$(OBJEXT) +handshake_large_packet_LDADD = $(LDADD) +handshake_large_packet_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +handshake_timeout_SOURCES = handshake-timeout.c +handshake_timeout_OBJECTS = handshake-timeout.$(OBJEXT) +handshake_timeout_LDADD = $(LDADD) +handshake_timeout_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +handshake_versions_SOURCES = handshake-versions.c +handshake_versions_OBJECTS = handshake-versions.$(OBJEXT) +handshake_versions_LDADD = $(LDADD) +handshake_versions_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +handshake_write_SOURCES = handshake-write.c +handshake_write_OBJECTS = handshake-write.$(OBJEXT) +handshake_write_LDADD = $(LDADD) +handshake_write_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +hex_SOURCES = hex.c +hex_OBJECTS = hex.$(OBJEXT) +hex_LDADD = $(LDADD) +hex_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +hostname_check_SOURCES = hostname-check.c +hostname_check_OBJECTS = hostname-check.$(OBJEXT) +hostname_check_LDADD = $(LDADD) +hostname_check_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +hostname_check_utf8_SOURCES = hostname-check-utf8.c +hostname_check_utf8_OBJECTS = hostname-check-utf8.$(OBJEXT) +hostname_check_utf8_LDADD = $(LDADD) +hostname_check_utf8_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +id_on_xmppAddr_SOURCES = id-on-xmppAddr.c +id_on_xmppAddr_OBJECTS = id-on-xmppAddr.$(OBJEXT) +id_on_xmppAddr_LDADD = $(LDADD) +id_on_xmppAddr_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +infoaccess_SOURCES = infoaccess.c +infoaccess_OBJECTS = infoaccess.$(OBJEXT) +infoaccess_LDADD = $(LDADD) +infoaccess_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +init_roundtrip_SOURCES = init_roundtrip.c +init_roundtrip_OBJECTS = init_roundtrip.$(OBJEXT) +init_roundtrip_LDADD = $(LDADD) +init_roundtrip_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +insecure_key_SOURCES = insecure_key.c +insecure_key_OBJECTS = insecure_key.$(OBJEXT) +insecure_key_LDADD = $(LDADD) +insecure_key_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +iov_SOURCES = iov.c +iov_OBJECTS = iov-iov.$(OBJEXT) +iov_LDADD = $(LDADD) +iov_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +ip_check_SOURCES = ip-check.c +ip_check_OBJECTS = ip-check.$(OBJEXT) +ip_check_LDADD = $(LDADD) +ip_check_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +ip_utils_SOURCES = ip-utils.c +ip_utils_OBJECTS = ip_utils-ip-utils.$(OBJEXT) +@HAVE_CMOCKA_TRUE@ip_utils_DEPENDENCIES = $(am__DEPENDENCIES_5) +kdf_api_SOURCES = kdf-api.c +kdf_api_OBJECTS = kdf-api.$(OBJEXT) +kdf_api_LDADD = $(LDADD) +kdf_api_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +key_export_pkcs8_SOURCES = key-export-pkcs8.c +key_export_pkcs8_OBJECTS = key-export-pkcs8.$(OBJEXT) +key_export_pkcs8_LDADD = $(LDADD) +key_export_pkcs8_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +key_import_export_SOURCES = key-import-export.c +key_import_export_OBJECTS = key-import-export.$(OBJEXT) +key_import_export_LDADD = $(LDADD) +key_import_export_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +key_material_dtls_SOURCES = key-material-dtls.c +key_material_dtls_OBJECTS = key-material-dtls.$(OBJEXT) +key_material_dtls_LDADD = $(LDADD) +key_material_dtls_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +key_material_set_dtls_SOURCES = key-material-set-dtls.c +key_material_set_dtls_OBJECTS = key-material-set-dtls.$(OBJEXT) +key_material_set_dtls_LDADD = $(LDADD) +key_material_set_dtls_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +key_openssl_SOURCES = key-openssl.c +key_openssl_OBJECTS = key-openssl.$(OBJEXT) +key_openssl_LDADD = $(LDADD) +key_openssl_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +key_usage_ecdhe_rsa_SOURCES = key-usage-ecdhe-rsa.c +key_usage_ecdhe_rsa_OBJECTS = key-usage-ecdhe-rsa.$(OBJEXT) +key_usage_ecdhe_rsa_LDADD = $(LDADD) +key_usage_ecdhe_rsa_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +key_usage_rsa_SOURCES = key-usage-rsa.c +key_usage_rsa_OBJECTS = key-usage-rsa.$(OBJEXT) +key_usage_rsa_LDADD = $(LDADD) +key_usage_rsa_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +keylog_env_SOURCES = keylog-env.c +keylog_env_OBJECTS = keylog-env.$(OBJEXT) +keylog_env_LDADD = $(LDADD) +keylog_env_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +keylog_func_SOURCES = keylog-func.c +keylog_func_OBJECTS = keylog-func.$(OBJEXT) +keylog_func_LDADD = $(LDADD) +keylog_func_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +long_session_id_SOURCES = long-session-id.c +long_session_id_OBJECTS = long-session-id.$(OBJEXT) +long_session_id_LDADD = $(LDADD) +long_session_id_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_alpn_SOURCES = mini-alpn.c +mini_alpn_OBJECTS = mini-alpn.$(OBJEXT) +mini_alpn_LDADD = $(LDADD) +mini_alpn_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_chain_unsorted_SOURCES = mini-chain-unsorted.c +mini_chain_unsorted_OBJECTS = mini-chain-unsorted.$(OBJEXT) +mini_chain_unsorted_LDADD = $(LDADD) +mini_chain_unsorted_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_dtls_discard_SOURCES = mini-dtls-discard.c +mini_dtls_discard_OBJECTS = mini-dtls-discard.$(OBJEXT) +mini_dtls_discard_LDADD = $(LDADD) +mini_dtls_discard_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_dtls_fork_SOURCES = mini-dtls-fork.c +mini_dtls_fork_OBJECTS = mini-dtls-fork.$(OBJEXT) +mini_dtls_fork_LDADD = $(LDADD) +mini_dtls_fork_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_dtls_heartbeat_SOURCES = mini-dtls-heartbeat.c +mini_dtls_heartbeat_OBJECTS = mini-dtls-heartbeat.$(OBJEXT) +mini_dtls_heartbeat_LDADD = $(LDADD) +mini_dtls_heartbeat_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_dtls_hello_verify_SOURCES = mini-dtls-hello-verify.c +mini_dtls_hello_verify_OBJECTS = mini-dtls-hello-verify.$(OBJEXT) +mini_dtls_hello_verify_LDADD = $(LDADD) +mini_dtls_hello_verify_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +mini_dtls_hello_verify_48_SOURCES = mini-dtls-hello-verify-48.c +mini_dtls_hello_verify_48_OBJECTS = \ + mini-dtls-hello-verify-48.$(OBJEXT) +mini_dtls_hello_verify_48_LDADD = $(LDADD) +mini_dtls_hello_verify_48_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +mini_dtls_large_SOURCES = mini-dtls-large.c +mini_dtls_large_OBJECTS = mini-dtls-large.$(OBJEXT) +mini_dtls_large_LDADD = $(LDADD) +mini_dtls_large_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_dtls_lowmtu_SOURCES = mini-dtls-lowmtu.c +mini_dtls_lowmtu_OBJECTS = mini-dtls-lowmtu.$(OBJEXT) +mini_dtls_lowmtu_LDADD = $(LDADD) +mini_dtls_lowmtu_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_dtls_mtu_SOURCES = mini-dtls-mtu.c +mini_dtls_mtu_OBJECTS = mini-dtls-mtu.$(OBJEXT) +mini_dtls_mtu_LDADD = $(LDADD) +mini_dtls_mtu_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_dtls_record_SOURCES = mini-dtls-record.c +mini_dtls_record_OBJECTS = mini-dtls-record.$(OBJEXT) +mini_dtls_record_LDADD = $(LDADD) +mini_dtls_record_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_dtls_record_asym_SOURCES = mini-dtls-record-asym.c +mini_dtls_record_asym_OBJECTS = mini-dtls-record-asym.$(OBJEXT) +mini_dtls_record_asym_LDADD = $(LDADD) +mini_dtls_record_asym_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +mini_dtls_srtp_SOURCES = mini-dtls-srtp.c +mini_dtls_srtp_OBJECTS = mini-dtls-srtp.$(OBJEXT) +mini_dtls_srtp_LDADD = $(LDADD) +mini_dtls_srtp_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_dtls0_9_SOURCES = mini-dtls0-9.c +mini_dtls0_9_OBJECTS = mini-dtls0-9.$(OBJEXT) +mini_dtls0_9_LDADD = $(LDADD) +mini_dtls0_9_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_eagain_dtls_SOURCES = mini-eagain-dtls.c +mini_eagain_dtls_OBJECTS = mini-eagain-dtls.$(OBJEXT) +mini_eagain_dtls_LDADD = $(LDADD) +mini_eagain_dtls_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_emsgsize_dtls_SOURCES = mini-emsgsize-dtls.c +mini_emsgsize_dtls_OBJECTS = mini-emsgsize-dtls.$(OBJEXT) +mini_emsgsize_dtls_LDADD = $(LDADD) +mini_emsgsize_dtls_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_global_load_SOURCES = mini-global-load.c +mini_global_load_OBJECTS = mini-global-load.$(OBJEXT) +mini_global_load_LDADD = $(LDADD) +mini_global_load_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_key_material_SOURCES = mini-key-material.c +mini_key_material_OBJECTS = mini-key-material.$(OBJEXT) +mini_key_material_LDADD = $(LDADD) +mini_key_material_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_loss_time_SOURCES = mini-loss-time.c +mini_loss_time_OBJECTS = mini-loss-time.$(OBJEXT) +mini_loss_time_LDADD = $(LDADD) +mini_loss_time_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_overhead_SOURCES = mini-overhead.c +mini_overhead_OBJECTS = mini-overhead.$(OBJEXT) +mini_overhead_LDADD = $(LDADD) +mini_overhead_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_record_SOURCES = mini-record.c +mini_record_OBJECTS = mini-record.$(OBJEXT) +mini_record_LDADD = $(LDADD) +mini_record_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_record_2_SOURCES = mini-record-2.c +mini_record_2_OBJECTS = mini-record-2.$(OBJEXT) +mini_record_2_LDADD = $(LDADD) +mini_record_2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_record_failure_SOURCES = mini-record-failure.c +mini_record_failure_OBJECTS = mini-record-failure.$(OBJEXT) +mini_record_failure_LDADD = $(LDADD) +mini_record_failure_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_record_range_SOURCES = mini-record-range.c +mini_record_range_OBJECTS = mini-record-range.$(OBJEXT) +mini_record_range_LDADD = $(LDADD) +mini_record_range_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_server_name_SOURCES = mini-server-name.c +mini_server_name_OBJECTS = mini-server-name.$(OBJEXT) +mini_server_name_LDADD = $(LDADD) +mini_server_name_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_session_verify_function_SOURCES = mini-session-verify-function.c +mini_session_verify_function_OBJECTS = \ + mini-session-verify-function.$(OBJEXT) +mini_session_verify_function_LDADD = $(LDADD) +mini_session_verify_function_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +mini_termination_SOURCES = mini-termination.c +mini_termination_OBJECTS = mini-termination.$(OBJEXT) +mini_termination_LDADD = $(LDADD) +mini_termination_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_tls_nonblock_SOURCES = mini-tls-nonblock.c +mini_tls_nonblock_OBJECTS = mini-tls-nonblock.$(OBJEXT) +mini_tls_nonblock_LDADD = $(LDADD) +mini_tls_nonblock_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_x509_SOURCES = mini-x509.c +mini_x509_OBJECTS = mini-x509.$(OBJEXT) +mini_x509_LDADD = $(LDADD) +mini_x509_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_x509_2_SOURCES = mini-x509-2.c +mini_x509_2_OBJECTS = mini-x509-2.$(OBJEXT) +mini_x509_2_LDADD = $(LDADD) +mini_x509_2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_x509_callbacks_SOURCES = mini-x509-callbacks.c +mini_x509_callbacks_OBJECTS = mini-x509-callbacks.$(OBJEXT) +mini_x509_callbacks_LDADD = $(LDADD) +mini_x509_callbacks_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_x509_callbacks_intr_SOURCES = mini-x509-callbacks-intr.c +mini_x509_callbacks_intr_OBJECTS = mini-x509-callbacks-intr.$(OBJEXT) +mini_x509_callbacks_intr_LDADD = $(LDADD) +mini_x509_callbacks_intr_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +mini_x509_cas_SOURCES = mini-x509-cas.c +mini_x509_cas_OBJECTS = mini-x509-cas.$(OBJEXT) +mini_x509_cas_LDADD = $(LDADD) +mini_x509_cas_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mini_x509_ipaddr_SOURCES = mini-x509-ipaddr.c +mini_x509_ipaddr_OBJECTS = mini-x509-ipaddr.$(OBJEXT) +mini_x509_ipaddr_LDADD = $(LDADD) +mini_x509_ipaddr_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +missingissuer_SOURCES = missingissuer.c +missingissuer_OBJECTS = missingissuer.$(OBJEXT) +missingissuer_LDADD = $(LDADD) +missingissuer_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +missingissuer_aia_SOURCES = missingissuer_aia.c +missingissuer_aia_OBJECTS = missingissuer_aia.$(OBJEXT) +missingissuer_aia_LDADD = $(LDADD) +missingissuer_aia_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +mpi_SOURCES = mpi.c +mpi_OBJECTS = mpi-mpi.$(OBJEXT) +mpi_LDADD = $(LDADD) +mpi_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +multi_alerts_SOURCES = multi-alerts.c +multi_alerts_OBJECTS = multi-alerts.$(OBJEXT) +multi_alerts_LDADD = $(LDADD) +multi_alerts_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +naked_alerts_SOURCES = naked-alerts.c +naked_alerts_OBJECTS = naked-alerts.$(OBJEXT) +naked_alerts_LDADD = $(LDADD) +naked_alerts_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +name_constraints_SOURCES = name-constraints.c +name_constraints_OBJECTS = name-constraints.$(OBJEXT) +name_constraints_LDADD = $(LDADD) +name_constraints_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +name_constraints_ip_SOURCES = name-constraints-ip.c +name_constraints_ip_OBJECTS = name-constraints-ip.$(OBJEXT) +@HAVE_CMOCKA_TRUE@name_constraints_ip_DEPENDENCIES = \ +@HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_5) +name_constraints_merge_SOURCES = name-constraints-merge.c +name_constraints_merge_OBJECTS = \ + name_constraints_merge-name-constraints-merge.$(OBJEXT) +name_constraints_merge_LDADD = $(LDADD) +name_constraints_merge_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +no_extensions_SOURCES = no-extensions.c +no_extensions_OBJECTS = no-extensions.$(OBJEXT) +no_extensions_LDADD = $(LDADD) +no_extensions_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +no_signal_SOURCES = no-signal.c +no_signal_OBJECTS = no-signal.$(OBJEXT) +no_signal_LDADD = $(LDADD) +no_signal_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +nul_in_x509_names_SOURCES = nul-in-x509-names.c +nul_in_x509_names_OBJECTS = nul-in-x509-names.$(OBJEXT) +nul_in_x509_names_LDADD = $(LDADD) +nul_in_x509_names_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +null_retrieve_function_SOURCES = null_retrieve_function.c +null_retrieve_function_OBJECTS = null_retrieve_function.$(OBJEXT) +null_retrieve_function_LDADD = $(LDADD) +null_retrieve_function_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +ocsp_SOURCES = ocsp.c +ocsp_OBJECTS = ocsp.$(OBJEXT) +ocsp_LDADD = $(LDADD) +ocsp_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +ocsp_filename_memleak_SOURCES = ocsp-filename-memleak.c +ocsp_filename_memleak_OBJECTS = ocsp-filename-memleak.$(OBJEXT) +ocsp_filename_memleak_LDADD = $(LDADD) +ocsp_filename_memleak_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +oids_SOURCES = oids.c +oids_OBJECTS = oids.$(OBJEXT) +oids_LDADD = $(LDADD) +oids_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +openconnect_dtls12_SOURCES = openconnect-dtls12.c +openconnect_dtls12_OBJECTS = openconnect-dtls12.$(OBJEXT) +openconnect_dtls12_LDADD = $(LDADD) +openconnect_dtls12_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +openssl_SOURCES = openssl.c +openssl_OBJECTS = openssl.$(OBJEXT) +@ENABLE_OPENSSL_TRUE@openssl_DEPENDENCIES = \ +@ENABLE_OPENSSL_TRUE@ ../extra/libgnutls-openssl.la \ +@ENABLE_OPENSSL_TRUE@ $(am__DEPENDENCIES_3) +parse_ca_SOURCES = parse_ca.c +parse_ca_OBJECTS = parse_ca.$(OBJEXT) +parse_ca_LDADD = $(LDADD) +parse_ca_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pcert_list_SOURCES = pcert-list.c +pcert_list_OBJECTS = pcert-list.$(OBJEXT) +pcert_list_LDADD = $(LDADD) +pcert_list_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pkcs1_digest_info_SOURCES = pkcs1-digest-info.c +pkcs1_digest_info_OBJECTS = pkcs1-digest-info.$(OBJEXT) +pkcs1_digest_info_LDADD = $(LDADD) +pkcs1_digest_info_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +am__pkcs11_cert_import_url_exts_SOURCES_DIST = \ + pkcs11/pkcs11-cert-import-url-exts.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_cert_import_url_exts_OBJECTS = pkcs11/pkcs11-cert-import-url-exts.$(OBJEXT) +pkcs11_cert_import_url_exts_OBJECTS = \ + $(am_pkcs11_cert_import_url_exts_OBJECTS) +pkcs11_cert_import_url_exts_LDADD = $(LDADD) +am__pkcs11_cert_import_url4_exts_SOURCES_DIST = \ + pkcs11/pkcs11-cert-import-url4-exts.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_cert_import_url4_exts_OBJECTS = pkcs11/pkcs11-cert-import-url4-exts.$(OBJEXT) +pkcs11_cert_import_url4_exts_OBJECTS = \ + $(am_pkcs11_cert_import_url4_exts_OBJECTS) +pkcs11_cert_import_url4_exts_LDADD = $(LDADD) +am__pkcs11_get_exts_SOURCES_DIST = pkcs11/pkcs11-get-exts.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_get_exts_OBJECTS = pkcs11/pkcs11-get-exts.$(OBJEXT) +pkcs11_get_exts_OBJECTS = $(am_pkcs11_get_exts_OBJECTS) +pkcs11_get_exts_LDADD = $(LDADD) +am__pkcs11_get_raw_issuer_exts_SOURCES_DIST = \ + pkcs11/pkcs11-get-raw-issuer-exts.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_get_raw_issuer_exts_OBJECTS = pkcs11/pkcs11-get-raw-issuer-exts.$(OBJEXT) +pkcs11_get_raw_issuer_exts_OBJECTS = \ + $(am_pkcs11_get_raw_issuer_exts_OBJECTS) +pkcs11_get_raw_issuer_exts_LDADD = $(LDADD) +am__pkcs11_import_url_privkey_SOURCES_DIST = \ + pkcs11/pkcs11-import-url-privkey.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_import_url_privkey_OBJECTS = pkcs11/pkcs11-import-url-privkey.$(OBJEXT) +pkcs11_import_url_privkey_OBJECTS = \ + $(am_pkcs11_import_url_privkey_OBJECTS) +am__pkcs11_import_url_privkey_caps_SOURCES_DIST = \ + pkcs11/pkcs11-import-url-privkey.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_import_url_privkey_caps_OBJECTS = pkcs11/import_url_privkey_caps-pkcs11-import-url-privkey.$(OBJEXT) +pkcs11_import_url_privkey_caps_OBJECTS = \ + $(am_pkcs11_import_url_privkey_caps_OBJECTS) +pkcs11_import_url_privkey_caps_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(pkcs11_import_url_privkey_caps_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am__pkcs11_mechanisms_SOURCES_DIST = pkcs11/pkcs11-mechanisms.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_mechanisms_OBJECTS = pkcs11/pkcs11-mechanisms.$(OBJEXT) +pkcs11_mechanisms_OBJECTS = $(am_pkcs11_mechanisms_OBJECTS) +am__pkcs11_obj_raw_SOURCES_DIST = pkcs11/pkcs11-obj-raw.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_obj_raw_OBJECTS = pkcs11/pkcs11-obj-raw.$(OBJEXT) +pkcs11_obj_raw_OBJECTS = $(am_pkcs11_obj_raw_OBJECTS) +am__pkcs11_privkey_always_auth_SOURCES_DIST = \ + pkcs11/pkcs11-privkey-always-auth.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_privkey_always_auth_OBJECTS = pkcs11/pkcs11-privkey-always-auth.$(OBJEXT) +pkcs11_privkey_always_auth_OBJECTS = \ + $(am_pkcs11_privkey_always_auth_OBJECTS) +am__pkcs11_privkey_export_SOURCES_DIST = \ + pkcs11/pkcs11-privkey-export.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_privkey_export_OBJECTS = pkcs11/pkcs11-privkey-export.$(OBJEXT) +pkcs11_privkey_export_OBJECTS = $(am_pkcs11_privkey_export_OBJECTS) +am__pkcs11_privkey_fork_SOURCES_DIST = pkcs11/pkcs11-privkey-fork.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_privkey_fork_OBJECTS = pkcs11/pkcs11-privkey-fork.$(OBJEXT) +pkcs11_privkey_fork_OBJECTS = $(am_pkcs11_privkey_fork_OBJECTS) +am__pkcs11_privkey_fork_reinit_SOURCES_DIST = \ + pkcs11/pkcs11-privkey-fork-reinit.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_privkey_fork_reinit_OBJECTS = pkcs11/pkcs11-privkey-fork-reinit.$(OBJEXT) +pkcs11_privkey_fork_reinit_OBJECTS = \ + $(am_pkcs11_privkey_fork_reinit_OBJECTS) +am__pkcs11_privkey_safenet_always_auth_SOURCES_DIST = \ + pkcs11/pkcs11-privkey-safenet-always-auth.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_privkey_safenet_always_auth_OBJECTS = pkcs11/pkcs11-privkey-safenet-always-auth.$(OBJEXT) +pkcs11_privkey_safenet_always_auth_OBJECTS = \ + $(am_pkcs11_privkey_safenet_always_auth_OBJECTS) +am__pkcs11_token_raw_SOURCES_DIST = pkcs11/pkcs11-token-raw.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@am_pkcs11_token_raw_OBJECTS = pkcs11/pkcs11-token-raw.$(OBJEXT) +pkcs11_token_raw_OBJECTS = $(am_pkcs11_token_raw_OBJECTS) +pkcs11_gnutls_pcert_list_import_x509_file_SOURCES = \ + pkcs11/gnutls_pcert_list_import_x509_file.c +pkcs11_gnutls_pcert_list_import_x509_file_OBJECTS = \ + pkcs11/gnutls_pcert_list_import_x509_file.$(OBJEXT) +pkcs11_gnutls_pcert_list_import_x509_file_LDADD = $(LDADD) +pkcs11_gnutls_pcert_list_import_x509_file_DEPENDENCIES = \ + $(COMMON_GNUTLS_LDADD) libutils.la $(am__DEPENDENCIES_2) +pkcs11_gnutls_x509_crt_list_import_url_SOURCES = \ + pkcs11/gnutls_x509_crt_list_import_url.c +pkcs11_gnutls_x509_crt_list_import_url_OBJECTS = \ + pkcs11/gnutls_x509_crt_list_import_url.$(OBJEXT) +pkcs11_gnutls_x509_crt_list_import_url_LDADD = $(LDADD) +pkcs11_gnutls_x509_crt_list_import_url_DEPENDENCIES = \ + $(COMMON_GNUTLS_LDADD) libutils.la $(am__DEPENDENCIES_2) +pkcs11_list_objects_SOURCES = pkcs11/list-objects.c +pkcs11_list_objects_OBJECTS = pkcs11/list-objects.$(OBJEXT) +pkcs11_list_objects_LDADD = $(LDADD) +pkcs11_list_objects_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pkcs11_list_tokens_SOURCES = pkcs11/list-tokens.c +pkcs11_list_tokens_OBJECTS = pkcs11/list-tokens.$(OBJEXT) +pkcs11_list_tokens_LDADD = $(LDADD) +pkcs11_list_tokens_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pkcs11_pkcs11_chainverify_SOURCES = pkcs11/pkcs11-chainverify.c +pkcs11_pkcs11_chainverify_OBJECTS = \ + pkcs11/pkcs11-chainverify.$(OBJEXT) +pkcs11_pkcs11_chainverify_LDADD = $(LDADD) +pkcs11_pkcs11_chainverify_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +pkcs11_pkcs11_combo_SOURCES = pkcs11/pkcs11-combo.c +pkcs11_pkcs11_combo_OBJECTS = pkcs11/pkcs11-combo.$(OBJEXT) +pkcs11_pkcs11_combo_LDADD = $(LDADD) +pkcs11_pkcs11_combo_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pkcs11_pkcs11_ec_privkey_test_SOURCES = \ + pkcs11/pkcs11-ec-privkey-test.c +pkcs11_pkcs11_ec_privkey_test_OBJECTS = \ + pkcs11/pkcs11-ec-privkey-test.$(OBJEXT) +pkcs11_pkcs11_ec_privkey_test_LDADD = $(LDADD) +pkcs11_pkcs11_ec_privkey_test_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +pkcs11_pkcs11_eddsa_privkey_test_SOURCES = \ + pkcs11/pkcs11-eddsa-privkey-test.c +pkcs11_pkcs11_eddsa_privkey_test_OBJECTS = \ + pkcs11/pkcs11-eddsa-privkey-test.$(OBJEXT) +pkcs11_pkcs11_eddsa_privkey_test_LDADD = $(LDADD) +pkcs11_pkcs11_eddsa_privkey_test_DEPENDENCIES = \ + $(COMMON_GNUTLS_LDADD) libutils.la $(am__DEPENDENCIES_2) +pkcs11_pkcs11_get_issuer_SOURCES = pkcs11/pkcs11-get-issuer.c +pkcs11_pkcs11_get_issuer_OBJECTS = pkcs11/pkcs11-get-issuer.$(OBJEXT) +pkcs11_pkcs11_get_issuer_LDADD = $(LDADD) +pkcs11_pkcs11_get_issuer_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +pkcs11_pkcs11_import_with_pin_SOURCES = \ + pkcs11/pkcs11-import-with-pin.c +pkcs11_pkcs11_import_with_pin_OBJECTS = \ + pkcs11/pkcs11-import-with-pin.$(OBJEXT) +pkcs11_pkcs11_import_with_pin_LDADD = $(LDADD) +pkcs11_pkcs11_import_with_pin_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +pkcs11_pkcs11_is_known_SOURCES = pkcs11/pkcs11-is-known.c +pkcs11_pkcs11_is_known_OBJECTS = pkcs11/pkcs11-is-known.$(OBJEXT) +pkcs11_pkcs11_is_known_LDADD = $(LDADD) +pkcs11_pkcs11_is_known_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +pkcs11_pkcs11_obj_import_SOURCES = pkcs11/pkcs11-obj-import.c +pkcs11_pkcs11_obj_import_OBJECTS = pkcs11/pkcs11-obj-import.$(OBJEXT) +pkcs11_pkcs11_obj_import_LDADD = $(LDADD) +pkcs11_pkcs11_obj_import_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +pkcs11_pkcs11_pin_func_SOURCES = pkcs11/pkcs11-pin-func.c +pkcs11_pkcs11_pin_func_OBJECTS = pkcs11/pkcs11-pin-func.$(OBJEXT) +pkcs11_pkcs11_pin_func_LDADD = $(LDADD) +pkcs11_pkcs11_pin_func_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +pkcs11_pkcs11_privkey_SOURCES = pkcs11/pkcs11-privkey.c +pkcs11_pkcs11_privkey_OBJECTS = pkcs11/pkcs11-privkey.$(OBJEXT) +pkcs11_pkcs11_privkey_LDADD = $(LDADD) +pkcs11_pkcs11_privkey_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +pkcs11_pkcs11_privkey_generate_SOURCES = \ + pkcs11/pkcs11-privkey-generate.c +pkcs11_pkcs11_privkey_generate_OBJECTS = \ + pkcs11/pkcs11-privkey-generate.$(OBJEXT) +pkcs11_pkcs11_privkey_generate_LDADD = $(LDADD) +pkcs11_pkcs11_privkey_generate_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +pkcs11_pkcs11_privkey_pthread_SOURCES = \ + pkcs11/pkcs11-privkey-pthread.c +pkcs11_pkcs11_privkey_pthread_OBJECTS = \ + pkcs11/pkcs11-privkey-pthread.$(OBJEXT) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_pkcs11_privkey_pthread_DEPENDENCIES = \ +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@ $(am__DEPENDENCIES_3) +pkcs11_pkcs11_pubkey_import_ecdsa_SOURCES = \ + pkcs11/pkcs11-pubkey-import-ecdsa.c +pkcs11_pkcs11_pubkey_import_ecdsa_OBJECTS = \ + pkcs11/pkcs11-pubkey-import-ecdsa.$(OBJEXT) +pkcs11_pkcs11_pubkey_import_ecdsa_LDADD = $(LDADD) +pkcs11_pkcs11_pubkey_import_ecdsa_DEPENDENCIES = \ + $(COMMON_GNUTLS_LDADD) libutils.la $(am__DEPENDENCIES_2) +pkcs11_pkcs11_pubkey_import_rsa_SOURCES = \ + pkcs11/pkcs11-pubkey-import-rsa.c +pkcs11_pkcs11_pubkey_import_rsa_OBJECTS = \ + pkcs11/pkcs11-pubkey-import-rsa.$(OBJEXT) +pkcs11_pkcs11_pubkey_import_rsa_LDADD = $(LDADD) +pkcs11_pkcs11_pubkey_import_rsa_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +pkcs11_pkcs11_rsa_pss_privkey_test_SOURCES = \ + pkcs11/pkcs11-rsa-pss-privkey-test.c +pkcs11_pkcs11_rsa_pss_privkey_test_OBJECTS = \ + pkcs11/pkcs11-rsa-pss-privkey-test.$(OBJEXT) +pkcs11_pkcs11_rsa_pss_privkey_test_LDADD = $(LDADD) +pkcs11_pkcs11_rsa_pss_privkey_test_DEPENDENCIES = \ + $(COMMON_GNUTLS_LDADD) libutils.la $(am__DEPENDENCIES_2) +pkcs11_tls_neg_pkcs11_key_SOURCES = pkcs11/tls-neg-pkcs11-key.c +pkcs11_tls_neg_pkcs11_key_OBJECTS = \ + pkcs11/tls-neg-pkcs11-key.$(OBJEXT) +pkcs11_tls_neg_pkcs11_key_LDADD = $(LDADD) +pkcs11_tls_neg_pkcs11_key_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +pkcs11_tls_neg_pkcs11_no_key_SOURCES = pkcs11/tls-neg-pkcs11-no-key.c +pkcs11_tls_neg_pkcs11_no_key_OBJECTS = \ + pkcs11/tls-neg-pkcs11-no-key.$(OBJEXT) +pkcs12_encode_SOURCES = pkcs12_encode.c +pkcs12_encode_OBJECTS = pkcs12_encode.$(OBJEXT) +pkcs12_encode_LDADD = $(LDADD) +pkcs12_encode_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pkcs12_s2k_SOURCES = pkcs12_s2k.c +pkcs12_s2k_OBJECTS = pkcs12_s2k-pkcs12_s2k.$(OBJEXT) +pkcs12_s2k_LDADD = $(LDADD) +pkcs12_s2k_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pkcs12_s2k_pem_SOURCES = pkcs12_s2k_pem.c +pkcs12_s2k_pem_OBJECTS = pkcs12_s2k_pem.$(OBJEXT) +pkcs12_s2k_pem_LDADD = $(LDADD) +pkcs12_s2k_pem_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pkcs12_simple_SOURCES = pkcs12_simple.c +pkcs12_simple_OBJECTS = pkcs12_simple.$(OBJEXT) +pkcs12_simple_LDADD = $(LDADD) +pkcs12_simple_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pkcs7_SOURCES = pkcs7.c +pkcs7_OBJECTS = pkcs7.$(OBJEXT) +pkcs7_LDADD = $(LDADD) +pkcs7_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pkcs7_cat_parse_SOURCES = pkcs7-cat-parse.c +pkcs7_cat_parse_OBJECTS = pkcs7-cat-parse.$(OBJEXT) +pkcs7_cat_parse_LDADD = $(LDADD) +pkcs7_cat_parse_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pkcs7_gen_SOURCES = pkcs7-gen.c +pkcs7_gen_OBJECTS = pkcs7-gen.$(OBJEXT) +pkcs7_gen_LDADD = $(LDADD) +pkcs7_gen_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pkcs7_verify_double_free_SOURCES = pkcs7-verify-double-free.c +pkcs7_verify_double_free_OBJECTS = pkcs7-verify-double-free.$(OBJEXT) +pkcs7_verify_double_free_LDADD = $(LDADD) +pkcs7_verify_double_free_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +pkcs8_key_decode_SOURCES = pkcs8-key-decode.c +pkcs8_key_decode_OBJECTS = pkcs8-key-decode.$(OBJEXT) +pkcs8_key_decode_LDADD = $(LDADD) +pkcs8_key_decode_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pkcs8_key_decode_encrypted_SOURCES = pkcs8-key-decode-encrypted.c +pkcs8_key_decode_encrypted_OBJECTS = \ + pkcs8-key-decode-encrypted.$(OBJEXT) +pkcs8_key_decode_encrypted_LDADD = $(LDADD) +pkcs8_key_decode_encrypted_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +post_client_hello_change_prio_SOURCES = \ + post-client-hello-change-prio.c +post_client_hello_change_prio_OBJECTS = \ + post-client-hello-change-prio.$(OBJEXT) +post_client_hello_change_prio_LDADD = $(LDADD) +post_client_hello_change_prio_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +prf_SOURCES = prf.c +prf_OBJECTS = prf.$(OBJEXT) +prf_LDADD = $(LDADD) +prf_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +priorities_SOURCES = priorities.c +priorities_OBJECTS = priorities.$(OBJEXT) +priorities_LDADD = $(LDADD) +priorities_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +priorities_groups_SOURCES = priorities-groups.c +priorities_groups_OBJECTS = priorities-groups.$(OBJEXT) +priorities_groups_LDADD = $(LDADD) +priorities_groups_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +priority_init2_SOURCES = priority-init2.c +priority_init2_OBJECTS = priority-init2.$(OBJEXT) +priority_init2_LDADD = $(LDADD) +priority_init2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +priority_mix_SOURCES = priority-mix.c +priority_mix_OBJECTS = priority-mix.$(OBJEXT) +priority_mix_LDADD = $(LDADD) +priority_mix_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +priority_set_SOURCES = priority-set.c +priority_set_OBJECTS = priority-set.$(OBJEXT) +priority_set_LDADD = $(LDADD) +priority_set_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +priority_set2_SOURCES = priority-set2.c +priority_set2_OBJECTS = priority-set2.$(OBJEXT) +priority_set2_LDADD = $(LDADD) +priority_set2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +privkey_keygen_SOURCES = privkey-keygen.c +privkey_keygen_OBJECTS = privkey-keygen.$(OBJEXT) +privkey_keygen_LDADD = $(LDADD) +privkey_keygen_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +privkey_verify_broken_SOURCES = privkey-verify-broken.c +privkey_verify_broken_OBJECTS = privkey-verify-broken.$(OBJEXT) +privkey_verify_broken_LDADD = $(LDADD) +privkey_verify_broken_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +protocol_set_allowlist_SOURCES = protocol-set-allowlist.c +protocol_set_allowlist_OBJECTS = protocol-set-allowlist.$(OBJEXT) +protocol_set_allowlist_LDADD = $(LDADD) +protocol_set_allowlist_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +psk_file_SOURCES = psk-file.c +psk_file_OBJECTS = psk-file.$(OBJEXT) +psk_file_LDADD = $(LDADD) +psk_file_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pskself_SOURCES = pskself.c +pskself_OBJECTS = pskself.$(OBJEXT) +pskself_LDADD = $(LDADD) +pskself_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pskself2_SOURCES = pskself2.c +pskself2_OBJECTS = pskself2.$(OBJEXT) +pskself2_LDADD = $(LDADD) +pskself2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +pubkey_import_export_SOURCES = pubkey-import-export.c +pubkey_import_export_OBJECTS = pubkey-import-export.$(OBJEXT) +pubkey_import_export_LDADD = $(LDADD) +pubkey_import_export_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +random_art_SOURCES = random-art.c +random_art_OBJECTS = random-art.$(OBJEXT) +random_art_LDADD = $(LDADD) +random_art_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rawpk_api_SOURCES = rawpk-api.c +rawpk_api_OBJECTS = rawpk-api.$(OBJEXT) +rawpk_api_LDADD = $(LDADD) +rawpk_api_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +record_pad_SOURCES = record-pad.c +record_pad_OBJECTS = record-pad.$(OBJEXT) +record_pad_LDADD = $(LDADD) +record_pad_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +record_retvals_SOURCES = record-retvals.c +record_retvals_OBJECTS = record-retvals.$(OBJEXT) +record_retvals_LDADD = $(LDADD) +record_retvals_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +record_sendfile_SOURCES = record-sendfile.c +record_sendfile_OBJECTS = record-sendfile.$(OBJEXT) +record_sendfile_LDADD = $(LDADD) +record_sendfile_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +record_sizes_SOURCES = record-sizes.c +record_sizes_OBJECTS = record-sizes.$(OBJEXT) +record_sizes_LDADD = $(LDADD) +record_sizes_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +record_sizes_range_SOURCES = record-sizes-range.c +record_sizes_range_OBJECTS = record-sizes-range.$(OBJEXT) +record_sizes_range_LDADD = $(LDADD) +record_sizes_range_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +record_timeouts_SOURCES = record-timeouts.c +record_timeouts_OBJECTS = record-timeouts.$(OBJEXT) +record_timeouts_LDADD = $(LDADD) +record_timeouts_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +recv_data_before_handshake_SOURCES = recv-data-before-handshake.c +recv_data_before_handshake_OBJECTS = \ + recv-data-before-handshake.$(OBJEXT) +recv_data_before_handshake_LDADD = $(LDADD) +recv_data_before_handshake_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +rehandshake_ext_secret_SOURCES = rehandshake-ext-secret.c +rehandshake_ext_secret_OBJECTS = rehandshake-ext-secret.$(OBJEXT) +rehandshake_ext_secret_LDADD = $(LDADD) +rehandshake_ext_secret_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +rehandshake_switch_cert_SOURCES = rehandshake-switch-cert.c +rehandshake_switch_cert_OBJECTS = rehandshake-switch-cert.$(OBJEXT) +rehandshake_switch_cert_LDADD = $(LDADD) +rehandshake_switch_cert_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +rehandshake_switch_cert_allow_SOURCES = \ + rehandshake-switch-cert-allow.c +rehandshake_switch_cert_allow_OBJECTS = \ + rehandshake-switch-cert-allow.$(OBJEXT) +rehandshake_switch_cert_allow_LDADD = $(LDADD) +rehandshake_switch_cert_allow_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +rehandshake_switch_cert_client_SOURCES = \ + rehandshake-switch-cert-client.c +rehandshake_switch_cert_client_OBJECTS = \ + rehandshake-switch-cert-client.$(OBJEXT) +rehandshake_switch_cert_client_LDADD = $(LDADD) +rehandshake_switch_cert_client_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +rehandshake_switch_cert_client_allow_SOURCES = \ + rehandshake-switch-cert-client-allow.c +rehandshake_switch_cert_client_allow_OBJECTS = \ + rehandshake-switch-cert-client-allow.$(OBJEXT) +rehandshake_switch_cert_client_allow_LDADD = $(LDADD) +rehandshake_switch_cert_client_allow_DEPENDENCIES = \ + $(COMMON_GNUTLS_LDADD) libutils.la $(am__DEPENDENCIES_2) +rehandshake_switch_psk_id_SOURCES = rehandshake-switch-psk-id.c +rehandshake_switch_psk_id_OBJECTS = \ + rehandshake-switch-psk-id.$(OBJEXT) +rehandshake_switch_psk_id_LDADD = $(LDADD) +rehandshake_switch_psk_id_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +rehandshake_switch_srp_id_SOURCES = rehandshake-switch-srp-id.c +rehandshake_switch_srp_id_OBJECTS = \ + rehandshake-switch-srp-id.$(OBJEXT) +rehandshake_switch_srp_id_LDADD = $(LDADD) +rehandshake_switch_srp_id_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +resume_dtls_SOURCES = resume-dtls.c +resume_dtls_OBJECTS = resume-dtls.$(OBJEXT) +resume_dtls_LDADD = $(LDADD) +resume_dtls_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +resume_lifetime_SOURCES = resume-lifetime.c +resume_lifetime_OBJECTS = resume-lifetime.$(OBJEXT) +resume_lifetime_LDADD = $(LDADD) +resume_lifetime_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +resume_with_false_start_SOURCES = resume-with-false-start.c +resume_with_false_start_OBJECTS = resume-with-false-start.$(OBJEXT) +resume_with_false_start_LDADD = $(LDADD) +resume_with_false_start_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +resume_with_previous_stek_SOURCES = resume-with-previous-stek.c +resume_with_previous_stek_OBJECTS = \ + resume-with-previous-stek.$(OBJEXT) +resume_with_previous_stek_LDADD = $(LDADD) +resume_with_previous_stek_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +resume_with_record_size_limit_SOURCES = \ + resume-with-record-size-limit.c +resume_with_record_size_limit_OBJECTS = \ + resume-with-record-size-limit.$(OBJEXT) +resume_with_record_size_limit_LDADD = $(LDADD) +resume_with_record_size_limit_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +resume_with_stek_expiration_SOURCES = resume-with-stek-expiration.c +resume_with_stek_expiration_OBJECTS = \ + resume-with-stek-expiration.$(OBJEXT) +resume_with_stek_expiration_LDADD = $(LDADD) +resume_with_stek_expiration_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +rfc7633_missing_SOURCES = rfc7633-missing.c +rfc7633_missing_OBJECTS = rfc7633-missing.$(OBJEXT) +rfc7633_missing_LDADD = $(LDADD) +rfc7633_missing_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rfc7633_ok_SOURCES = rfc7633-ok.c +rfc7633_ok_OBJECTS = rfc7633-ok.$(OBJEXT) +rfc7633_ok_LDADD = $(LDADD) +rfc7633_ok_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rng_fork_SOURCES = rng-fork.c +rng_fork_OBJECTS = rng-fork.$(OBJEXT) +rng_fork_LDADD = $(LDADD) +rng_fork_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rng_no_onload_SOURCES = rng-no-onload.c +rng_no_onload_OBJECTS = rng-no-onload.$(OBJEXT) +rng_no_onload_LDADD = $(LDADD) +rng_no_onload_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rng_op_key_SOURCES = rng-op-key.c +rng_op_key_OBJECTS = rng-op-key.$(OBJEXT) +rng_op_key_LDADD = $(LDADD) +rng_op_key_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rng_op_nonce_SOURCES = rng-op-nonce.c +rng_op_nonce_OBJECTS = rng-op-nonce.$(OBJEXT) +rng_op_nonce_LDADD = $(LDADD) +rng_op_nonce_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rng_op_random_SOURCES = rng-op-random.c +rng_op_random_OBJECTS = rng-op-random.$(OBJEXT) +rng_op_random_LDADD = $(LDADD) +rng_op_random_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rng_pthread_SOURCES = rng-pthread.c +rng_pthread_OBJECTS = rng-pthread.$(OBJEXT) +rng_pthread_DEPENDENCIES = $(am__DEPENDENCIES_3) +rng_sigint_SOURCES = rng-sigint.c +rng_sigint_OBJECTS = rng-sigint.$(OBJEXT) +rng_sigint_LDADD = $(LDADD) +rng_sigint_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rsa_encrypt_decrypt_SOURCES = rsa-encrypt-decrypt.c +rsa_encrypt_decrypt_OBJECTS = rsa-encrypt-decrypt.$(OBJEXT) +rsa_encrypt_decrypt_LDADD = $(LDADD) +rsa_encrypt_decrypt_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rsa_illegal_import_SOURCES = rsa-illegal-import.c +rsa_illegal_import_OBJECTS = \ + rsa_illegal_import-rsa-illegal-import.$(OBJEXT) +rsa_illegal_import_LDADD = $(LDADD) +rsa_illegal_import_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rsa_psk_SOURCES = rsa-psk.c +rsa_psk_OBJECTS = rsa-psk.$(OBJEXT) +rsa_psk_LDADD = $(LDADD) +rsa_psk_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rsa_psk_cb_SOURCES = rsa-psk-cb.c +rsa_psk_cb_OBJECTS = rsa-psk-cb.$(OBJEXT) +rsa_psk_cb_LDADD = $(LDADD) +rsa_psk_cb_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +rsa_rsa_pss_SOURCES = rsa-rsa-pss.c +rsa_rsa_pss_OBJECTS = rsa-rsa-pss.$(OBJEXT) +rsa_rsa_pss_LDADD = $(LDADD) +rsa_rsa_pss_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +safe_renegotiation_srn0_SOURCES = safe-renegotiation/srn0.c +safe_renegotiation_srn0_OBJECTS = safe-renegotiation/srn0.$(OBJEXT) +safe_renegotiation_srn0_LDADD = $(LDADD) +safe_renegotiation_srn0_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +safe_renegotiation_srn1_SOURCES = safe-renegotiation/srn1.c +safe_renegotiation_srn1_OBJECTS = safe-renegotiation/srn1.$(OBJEXT) +safe_renegotiation_srn1_LDADD = $(LDADD) +safe_renegotiation_srn1_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +safe_renegotiation_srn2_SOURCES = safe-renegotiation/srn2.c +safe_renegotiation_srn2_OBJECTS = safe-renegotiation/srn2.$(OBJEXT) +safe_renegotiation_srn2_LDADD = $(LDADD) +safe_renegotiation_srn2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +safe_renegotiation_srn3_SOURCES = safe-renegotiation/srn3.c +safe_renegotiation_srn3_OBJECTS = safe-renegotiation/srn3.$(OBJEXT) +safe_renegotiation_srn3_LDADD = $(LDADD) +safe_renegotiation_srn3_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +safe_renegotiation_srn4_SOURCES = safe-renegotiation/srn4.c +safe_renegotiation_srn4_OBJECTS = safe-renegotiation/srn4.$(OBJEXT) +safe_renegotiation_srn4_LDADD = $(LDADD) +safe_renegotiation_srn4_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +safe_renegotiation_srn5_SOURCES = safe-renegotiation/srn5.c +safe_renegotiation_srn5_OBJECTS = safe-renegotiation/srn5.$(OBJEXT) +safe_renegotiation_srn5_LDADD = $(LDADD) +safe_renegotiation_srn5_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +am__sanity_cpp_SOURCES_DIST = sanity-cpp.cpp +@ENABLE_CXX_TRUE@@HAVE_CMOCKA_TRUE@am_sanity_cpp_OBJECTS = sanity_cpp-sanity-cpp.$(OBJEXT) +sanity_cpp_OBJECTS = $(am_sanity_cpp_OBJECTS) +@ENABLE_CXX_TRUE@@HAVE_CMOCKA_TRUE@sanity_cpp_DEPENDENCIES = \ +@ENABLE_CXX_TRUE@@HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_5) \ +@ENABLE_CXX_TRUE@@HAVE_CMOCKA_TRUE@ ../lib/libgnutlsxx.la +sanity_cpp_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(sanity_cpp_CXXFLAGS) \ + $(CXXFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +sec_params_SOURCES = sec-params.c +sec_params_OBJECTS = sec-params.$(OBJEXT) +sec_params_LDADD = $(LDADD) +sec_params_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +send_client_cert_SOURCES = send-client-cert.c +send_client_cert_OBJECTS = send-client-cert.$(OBJEXT) +send_client_cert_LDADD = $(LDADD) +send_client_cert_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +send_data_before_handshake_SOURCES = send-data-before-handshake.c +send_data_before_handshake_OBJECTS = \ + send-data-before-handshake.$(OBJEXT) +send_data_before_handshake_LDADD = $(LDADD) +send_data_before_handshake_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +server_sign_md5_rep_SOURCES = server-sign-md5-rep.c +server_sign_md5_rep_OBJECTS = server-sign-md5-rep.$(OBJEXT) +server_sign_md5_rep_LDADD = $(LDADD) +server_sign_md5_rep_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +server_ecdsa_key_SOURCES = server_ecdsa_key.c +server_ecdsa_key_OBJECTS = server_ecdsa_key.$(OBJEXT) +server_ecdsa_key_LDADD = $(LDADD) +server_ecdsa_key_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +session_export_funcs_SOURCES = session-export-funcs.c +session_export_funcs_OBJECTS = session-export-funcs.$(OBJEXT) +session_export_funcs_LDADD = $(LDADD) +session_export_funcs_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +session_rdn_read_SOURCES = session-rdn-read.c +session_rdn_read_OBJECTS = session-rdn-read.$(OBJEXT) +session_rdn_read_LDADD = $(LDADD) +session_rdn_read_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +session_tickets_missing_SOURCES = session-tickets-missing.c +session_tickets_missing_OBJECTS = session-tickets-missing.$(OBJEXT) +session_tickets_missing_LDADD = $(LDADD) +session_tickets_missing_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +session_tickets_ok_SOURCES = session-tickets-ok.c +session_tickets_ok_OBJECTS = session-tickets-ok.$(OBJEXT) +session_tickets_ok_LDADD = $(LDADD) +session_tickets_ok_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +set_default_prio_SOURCES = set-default-prio.c +set_default_prio_OBJECTS = set-default-prio.$(OBJEXT) +set_default_prio_LDADD = $(LDADD) +set_default_prio_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +set_key_SOURCES = set_key.c +set_key_OBJECTS = set_key.$(OBJEXT) +set_key_LDADD = $(LDADD) +set_key_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +set_key_utf8_SOURCES = set_key_utf8.c +set_key_utf8_OBJECTS = set_key_utf8.$(OBJEXT) +set_key_utf8_LDADD = $(LDADD) +set_key_utf8_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +set_known_dh_params_anon_SOURCES = set_known_dh_params_anon.c +set_known_dh_params_anon_OBJECTS = set_known_dh_params_anon.$(OBJEXT) +set_known_dh_params_anon_LDADD = $(LDADD) +set_known_dh_params_anon_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +set_known_dh_params_psk_SOURCES = set_known_dh_params_psk.c +set_known_dh_params_psk_OBJECTS = set_known_dh_params_psk.$(OBJEXT) +set_known_dh_params_psk_LDADD = $(LDADD) +set_known_dh_params_psk_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +set_known_dh_params_x509_SOURCES = set_known_dh_params_x509.c +set_known_dh_params_x509_OBJECTS = set_known_dh_params_x509.$(OBJEXT) +set_known_dh_params_x509_LDADD = $(LDADD) +set_known_dh_params_x509_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +set_pkcs12_cred_SOURCES = set_pkcs12_cred.c +set_pkcs12_cred_OBJECTS = set_pkcs12_cred.$(OBJEXT) +set_pkcs12_cred_LDADD = $(LDADD) +set_pkcs12_cred_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +set_x509_key_SOURCES = set_x509_key.c +set_x509_key_OBJECTS = set_x509_key.$(OBJEXT) +set_x509_key_LDADD = $(LDADD) +set_x509_key_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +set_x509_key_file_SOURCES = set_x509_key_file.c +set_x509_key_file_OBJECTS = set_x509_key_file.$(OBJEXT) +set_x509_key_file_LDADD = $(LDADD) +set_x509_key_file_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +set_x509_key_file_late_SOURCES = set_x509_key_file-late.c +set_x509_key_file_late_OBJECTS = set_x509_key_file-late.$(OBJEXT) +set_x509_key_file_late_LDADD = $(LDADD) +set_x509_key_file_late_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +set_x509_key_file_der_SOURCES = set_x509_key_file_der.c +set_x509_key_file_der_OBJECTS = set_x509_key_file_der.$(OBJEXT) +set_x509_key_file_der_LDADD = $(LDADD) +set_x509_key_file_der_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +set_x509_key_file_legacy_SOURCES = set_x509_key_file_legacy.c +set_x509_key_file_legacy_OBJECTS = set_x509_key_file_legacy.$(OBJEXT) +set_x509_key_file_legacy_LDADD = $(LDADD) +set_x509_key_file_legacy_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +set_x509_key_file_ocsp_SOURCES = set_x509_key_file_ocsp.c +set_x509_key_file_ocsp_OBJECTS = set_x509_key_file_ocsp.$(OBJEXT) +set_x509_key_file_ocsp_LDADD = $(LDADD) +set_x509_key_file_ocsp_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +set_x509_key_file_ocsp_multi2_SOURCES = \ + set_x509_key_file_ocsp_multi2.c +set_x509_key_file_ocsp_multi2_OBJECTS = \ + set_x509_key_file_ocsp_multi2.$(OBJEXT) +set_x509_key_file_ocsp_multi2_LDADD = $(LDADD) +set_x509_key_file_ocsp_multi2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +set_x509_key_mem_SOURCES = set_x509_key_mem.c +set_x509_key_mem_OBJECTS = set_x509_key_mem.$(OBJEXT) +set_x509_key_mem_LDADD = $(LDADD) +set_x509_key_mem_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +set_x509_key_utf8_SOURCES = set_x509_key_utf8.c +set_x509_key_utf8_OBJECTS = set_x509_key_utf8.$(OBJEXT) +set_x509_key_utf8_LDADD = $(LDADD) +set_x509_key_utf8_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +set_x509_ocsp_multi_cli_SOURCES = set_x509_ocsp_multi_cli.c +set_x509_ocsp_multi_cli_OBJECTS = set_x509_ocsp_multi_cli.$(OBJEXT) +set_x509_ocsp_multi_cli_LDADD = $(LDADD) +set_x509_ocsp_multi_cli_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +set_x509_ocsp_multi_invalid_SOURCES = set_x509_ocsp_multi_invalid.c +set_x509_ocsp_multi_invalid_OBJECTS = \ + set_x509_ocsp_multi_invalid.$(OBJEXT) +set_x509_ocsp_multi_invalid_LDADD = $(LDADD) +set_x509_ocsp_multi_invalid_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +set_x509_ocsp_multi_pem_SOURCES = set_x509_ocsp_multi_pem.c +set_x509_ocsp_multi_pem_OBJECTS = set_x509_ocsp_multi_pem.$(OBJEXT) +set_x509_ocsp_multi_pem_LDADD = $(LDADD) +set_x509_ocsp_multi_pem_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +set_x509_ocsp_multi_unknown_SOURCES = set_x509_ocsp_multi_unknown.c +set_x509_ocsp_multi_unknown_OBJECTS = \ + set_x509_ocsp_multi_unknown.$(OBJEXT) +set_x509_ocsp_multi_unknown_LDADD = $(LDADD) +set_x509_ocsp_multi_unknown_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +set_x509_pkcs12_key_SOURCES = set_x509_pkcs12_key.c +set_x509_pkcs12_key_OBJECTS = set_x509_pkcs12_key.$(OBJEXT) +set_x509_pkcs12_key_LDADD = $(LDADD) +set_x509_pkcs12_key_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +setcredcrash_SOURCES = setcredcrash.c +setcredcrash_OBJECTS = setcredcrash.$(OBJEXT) +setcredcrash_LDADD = $(LDADD) +setcredcrash_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +sign_is_secure_SOURCES = sign-is-secure.c +sign_is_secure_OBJECTS = sign-is-secure.$(OBJEXT) +sign_is_secure_LDADD = $(LDADD) +sign_is_secure_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +sign_pk_api_SOURCES = sign-pk-api.c +sign_pk_api_OBJECTS = sign-pk-api.$(OBJEXT) +sign_pk_api_LDADD = $(LDADD) +sign_pk_api_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +sign_verify_SOURCES = sign-verify.c +sign_verify_OBJECTS = sign-verify.$(OBJEXT) +sign_verify_LDADD = $(LDADD) +sign_verify_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +sign_verify_data_SOURCES = sign-verify-data.c +sign_verify_data_OBJECTS = sign-verify-data.$(OBJEXT) +sign_verify_data_LDADD = $(LDADD) +sign_verify_data_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +sign_verify_data_newapi_SOURCES = sign-verify-data-newapi.c +sign_verify_data_newapi_OBJECTS = sign-verify-data-newapi.$(OBJEXT) +sign_verify_data_newapi_LDADD = $(LDADD) +sign_verify_data_newapi_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +sign_verify_deterministic_SOURCES = sign-verify-deterministic.c +sign_verify_deterministic_OBJECTS = \ + sign-verify-deterministic.$(OBJEXT) +sign_verify_deterministic_LDADD = $(LDADD) +sign_verify_deterministic_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +sign_verify_ed25519_rfc8080_SOURCES = sign-verify-ed25519-rfc8080.c +sign_verify_ed25519_rfc8080_OBJECTS = \ + sign-verify-ed25519-rfc8080.$(OBJEXT) +sign_verify_ed25519_rfc8080_LDADD = $(LDADD) +sign_verify_ed25519_rfc8080_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +sign_verify_ext_SOURCES = sign-verify-ext.c +sign_verify_ext_OBJECTS = sign-verify-ext.$(OBJEXT) +sign_verify_ext_LDADD = $(LDADD) +sign_verify_ext_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +sign_verify_ext4_SOURCES = sign-verify-ext4.c +sign_verify_ext4_OBJECTS = sign-verify-ext4.$(OBJEXT) +sign_verify_ext4_LDADD = $(LDADD) +sign_verify_ext4_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +sign_verify_newapi_SOURCES = sign-verify-newapi.c +sign_verify_newapi_OBJECTS = sign-verify-newapi.$(OBJEXT) +sign_verify_newapi_LDADD = $(LDADD) +sign_verify_newapi_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +simple_SOURCES = simple.c +simple_OBJECTS = simple.$(OBJEXT) +simple_LDADD = $(LDADD) +simple_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +spki_SOURCES = spki.c +spki_OBJECTS = spki.$(OBJEXT) +spki_LDADD = $(LDADD) +spki_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +spki_abstract_SOURCES = spki-abstract.c +spki_abstract_OBJECTS = spki-abstract.$(OBJEXT) +spki_abstract_LDADD = $(LDADD) +spki_abstract_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +srp_SOURCES = srp.c +srp_OBJECTS = srp.$(OBJEXT) +srp_LDADD = $(LDADD) +srp_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +srpbase64_SOURCES = srpbase64.c +srpbase64_OBJECTS = srpbase64.$(OBJEXT) +srpbase64_LDADD = $(LDADD) +srpbase64_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +ssl2_hello_SOURCES = ssl2-hello.c +ssl2_hello_OBJECTS = ssl2-hello.$(OBJEXT) +ssl2_hello_LDADD = $(LDADD) +ssl2_hello_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +am_ssl30_cert_key_exchange_OBJECTS = \ + common-cert-key-exchange.$(OBJEXT) \ + ssl30-cert-key-exchange.$(OBJEXT) +ssl30_cert_key_exchange_OBJECTS = \ + $(am_ssl30_cert_key_exchange_OBJECTS) +ssl30_cert_key_exchange_LDADD = $(LDADD) +ssl30_cert_key_exchange_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +ssl30_cipher_neg_SOURCES = ssl30-cipher-neg.c +ssl30_cipher_neg_OBJECTS = ssl30-cipher-neg.$(OBJEXT) +ssl30_cipher_neg_LDADD = $(LDADD) +ssl30_cipher_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +ssl30_server_kx_neg_SOURCES = ssl30-server-kx-neg.c +ssl30_server_kx_neg_OBJECTS = ssl30-server-kx-neg.$(OBJEXT) +ssl30_server_kx_neg_LDADD = $(LDADD) +ssl30_server_kx_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +status_request_SOURCES = status-request.c +status_request_OBJECTS = status-request.$(OBJEXT) +status_request_LDADD = $(LDADD) +status_request_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +status_request_ext_SOURCES = status-request-ext.c +status_request_ext_OBJECTS = status-request-ext.$(OBJEXT) +status_request_ext_LDADD = $(LDADD) +status_request_ext_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +status_request_ok_SOURCES = status-request-ok.c +status_request_ok_OBJECTS = status-request-ok.$(OBJEXT) +status_request_ok_LDADD = $(LDADD) +status_request_ok_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +status_request_revoked_SOURCES = status-request-revoked.c +status_request_revoked_OBJECTS = status-request-revoked.$(OBJEXT) +status_request_revoked_LDADD = $(LDADD) +status_request_revoked_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +str_idna_SOURCES = str-idna.c +str_idna_OBJECTS = str-idna.$(OBJEXT) +@HAVE_CMOCKA_TRUE@str_idna_DEPENDENCIES = $(am__DEPENDENCIES_5) +str_unicode_SOURCES = str-unicode.c +str_unicode_OBJECTS = str-unicode.$(OBJEXT) +@HAVE_CMOCKA_TRUE@str_unicode_DEPENDENCIES = $(am__DEPENDENCIES_5) +strict_der_SOURCES = strict-der.c +strict_der_OBJECTS = strict-der.$(OBJEXT) +strict_der_LDADD = $(LDADD) +strict_der_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +system_override_curves_allowlist_SOURCES = \ + system-override-curves-allowlist.c +system_override_curves_allowlist_OBJECTS = \ + system-override-curves-allowlist.$(OBJEXT) +system_override_curves_allowlist_LDADD = $(LDADD) +system_override_curves_allowlist_DEPENDENCIES = \ + $(COMMON_GNUTLS_LDADD) libutils.la $(am__DEPENDENCIES_2) +system_override_hash_SOURCES = system-override-hash.c +system_override_hash_OBJECTS = system-override-hash.$(OBJEXT) +system_override_hash_LDADD = $(LDADD) +system_override_hash_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +system_override_sig_SOURCES = system-override-sig.c +system_override_sig_OBJECTS = system-override-sig.$(OBJEXT) +system_override_sig_LDADD = $(LDADD) +system_override_sig_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +system_override_sig_tls_SOURCES = system-override-sig-tls.c +system_override_sig_tls_OBJECTS = system-override-sig-tls.$(OBJEXT) +system_override_sig_tls_LDADD = $(LDADD) +system_override_sig_tls_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +system_prio_file_SOURCES = system-prio-file.c +system_prio_file_OBJECTS = system-prio-file.$(OBJEXT) +system_prio_file_LDADD = $(LDADD) +system_prio_file_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +time_SOURCES = time.c +time_OBJECTS = time.$(OBJEXT) +time_LDADD = $(LDADD) +time_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls_channel_binding_SOURCES = tls-channel-binding.c +tls_channel_binding_OBJECTS = tls-channel-binding.$(OBJEXT) +tls_channel_binding_LDADD = $(LDADD) +tls_channel_binding_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls_client_with_seccomp_SOURCES = tls-client-with-seccomp.c +tls_client_with_seccomp_OBJECTS = tls-client-with-seccomp.$(OBJEXT) +tls_client_with_seccomp_LDADD = $(LDADD) +tls_client_with_seccomp_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls_crt_type_neg_SOURCES = tls-crt_type-neg.c +tls_crt_type_neg_OBJECTS = tls-crt_type-neg.$(OBJEXT) +tls_crt_type_neg_LDADD = $(LDADD) +tls_crt_type_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls_etm_SOURCES = tls-etm.c +tls_etm_OBJECTS = tls-etm.$(OBJEXT) +tls_etm_LDADD = $(LDADD) +tls_etm_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls_ext_not_in_dtls_SOURCES = tls-ext-not-in-dtls.c +tls_ext_not_in_dtls_OBJECTS = tls-ext-not-in-dtls.$(OBJEXT) +tls_ext_not_in_dtls_LDADD = $(LDADD) +tls_ext_not_in_dtls_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls_ext_register_SOURCES = tls-ext-register.c +tls_ext_register_OBJECTS = tls-ext-register.$(OBJEXT) +tls_ext_register_LDADD = $(LDADD) +tls_ext_register_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls_force_etm_SOURCES = tls-force-etm.c +tls_force_etm_OBJECTS = tls-force-etm.$(OBJEXT) +tls_force_etm_LDADD = $(LDADD) +tls_force_etm_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls_neg_ext_key_SOURCES = tls-neg-ext-key.c +tls_neg_ext_key_OBJECTS = tls-neg-ext-key.$(OBJEXT) +tls_neg_ext_key_LDADD = $(LDADD) +tls_neg_ext_key_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls_neg_ext4_key_SOURCES = tls-neg-ext4-key.c +tls_neg_ext4_key_OBJECTS = tls-neg-ext4-key.$(OBJEXT) +tls_neg_ext4_key_LDADD = $(LDADD) +tls_neg_ext4_key_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls_pthread_SOURCES = tls-pthread.c +tls_pthread_OBJECTS = tls-pthread.$(OBJEXT) +tls_pthread_DEPENDENCIES = $(am__DEPENDENCIES_3) +tls_record_size_limit_SOURCES = tls-record-size-limit.c +tls_record_size_limit_OBJECTS = tls-record-size-limit.$(OBJEXT) +tls_record_size_limit_LDADD = $(LDADD) +tls_record_size_limit_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls_record_size_limit_asym_SOURCES = tls-record-size-limit-asym.c +tls_record_size_limit_asym_OBJECTS = \ + tls-record-size-limit-asym.$(OBJEXT) +tls_record_size_limit_asym_LDADD = $(LDADD) +tls_record_size_limit_asym_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls_session_ext_override_SOURCES = tls-session-ext-override.c +tls_session_ext_override_OBJECTS = tls-session-ext-override.$(OBJEXT) +tls_session_ext_override_LDADD = $(LDADD) +tls_session_ext_override_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls_session_ext_register_SOURCES = tls-session-ext-register.c +tls_session_ext_register_OBJECTS = tls-session-ext-register.$(OBJEXT) +tls_session_ext_register_LDADD = $(LDADD) +tls_session_ext_register_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls_session_supplemental_SOURCES = tls-session-supplemental.c +tls_session_supplemental_OBJECTS = tls-session-supplemental.$(OBJEXT) +tls_session_supplemental_LDADD = $(LDADD) +tls_session_supplemental_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls_supplemental_SOURCES = tls-supplemental.c +tls_supplemental_OBJECTS = tls-supplemental.$(OBJEXT) +tls_supplemental_LDADD = $(LDADD) +tls_supplemental_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls_with_seccomp_SOURCES = tls-with-seccomp.c +tls_with_seccomp_OBJECTS = tls-with-seccomp.$(OBJEXT) +tls_with_seccomp_LDADD = $(LDADD) +tls_with_seccomp_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +am_tls10_cert_key_exchange_OBJECTS = \ + common-cert-key-exchange.$(OBJEXT) \ + tls10-cert-key-exchange.$(OBJEXT) +tls10_cert_key_exchange_OBJECTS = \ + $(am_tls10_cert_key_exchange_OBJECTS) +tls10_cert_key_exchange_LDADD = $(LDADD) +tls10_cert_key_exchange_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls10_cipher_neg_SOURCES = tls10-cipher-neg.c +tls10_cipher_neg_OBJECTS = tls10-cipher-neg.$(OBJEXT) +tls10_cipher_neg_LDADD = $(LDADD) +tls10_cipher_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls10_prf_SOURCES = tls10-prf.c +tls10_prf_OBJECTS = tls10-prf.$(OBJEXT) +@HAVE_CMOCKA_TRUE@tls10_prf_DEPENDENCIES = $(am__DEPENDENCIES_5) +tls10_server_kx_neg_SOURCES = tls10-server-kx-neg.c +tls10_server_kx_neg_OBJECTS = tls10-server-kx-neg.$(OBJEXT) +tls10_server_kx_neg_LDADD = $(LDADD) +tls10_server_kx_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +am_tls11_cert_key_exchange_OBJECTS = \ + common-cert-key-exchange.$(OBJEXT) \ + tls11-cert-key-exchange.$(OBJEXT) +tls11_cert_key_exchange_OBJECTS = \ + $(am_tls11_cert_key_exchange_OBJECTS) +tls11_cert_key_exchange_LDADD = $(LDADD) +tls11_cert_key_exchange_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +am_tls11_check_rollback_val_OBJECTS = tls13/tls11_check_rollback_val-rnd-check-rollback-val.$(OBJEXT) +tls11_check_rollback_val_OBJECTS = \ + $(am_tls11_check_rollback_val_OBJECTS) +tls11_check_rollback_val_DEPENDENCIES = $(am__DEPENDENCIES_3) \ + ../gl/libgnu.la +tls11_check_rollback_val_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(tls11_check_rollback_val_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +tls11_cipher_neg_SOURCES = tls11-cipher-neg.c +tls11_cipher_neg_OBJECTS = tls11-cipher-neg.$(OBJEXT) +tls11_cipher_neg_LDADD = $(LDADD) +tls11_cipher_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +am_tls11_rollback_detection_OBJECTS = tls13/tls11_rollback_detection-rnd-rollback-detection.$(OBJEXT) +tls11_rollback_detection_OBJECTS = \ + $(am_tls11_rollback_detection_OBJECTS) +tls11_rollback_detection_DEPENDENCIES = $(am__DEPENDENCIES_3) \ + ../gl/libgnu.la +tls11_rollback_detection_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(tls11_rollback_detection_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +tls11_server_kx_neg_SOURCES = tls11-server-kx-neg.c +tls11_server_kx_neg_OBJECTS = tls11-server-kx-neg.$(OBJEXT) +tls11_server_kx_neg_LDADD = $(LDADD) +tls11_server_kx_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls12_anon_upgrade_SOURCES = tls12-anon-upgrade.c +tls12_anon_upgrade_OBJECTS = tls12-anon-upgrade.$(OBJEXT) +tls12_anon_upgrade_LDADD = $(LDADD) +tls12_anon_upgrade_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +am_tls12_cert_key_exchange_OBJECTS = \ + common-cert-key-exchange.$(OBJEXT) \ + tls12-cert-key-exchange.$(OBJEXT) +tls12_cert_key_exchange_OBJECTS = \ + $(am_tls12_cert_key_exchange_OBJECTS) +tls12_cert_key_exchange_LDADD = $(LDADD) +tls12_cert_key_exchange_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +am_tls12_check_rollback_val_OBJECTS = tls13/tls12_check_rollback_val-rnd-check-rollback-val.$(OBJEXT) +tls12_check_rollback_val_OBJECTS = \ + $(am_tls12_check_rollback_val_OBJECTS) +tls12_check_rollback_val_DEPENDENCIES = $(am__DEPENDENCIES_3) \ + ../gl/libgnu.la +tls12_check_rollback_val_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(tls12_check_rollback_val_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +tls12_cipher_neg_SOURCES = tls12-cipher-neg.c +tls12_cipher_neg_OBJECTS = tls12-cipher-neg.$(OBJEXT) +tls12_cipher_neg_LDADD = $(LDADD) +tls12_cipher_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls12_ffdhe_SOURCES = tls12-ffdhe.c +tls12_ffdhe_OBJECTS = tls12-ffdhe.$(OBJEXT) +tls12_ffdhe_LDADD = $(LDADD) +tls12_ffdhe_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls12_invalid_key_exchanges_SOURCES = tls12-invalid-key-exchanges.c +tls12_invalid_key_exchanges_OBJECTS = \ + tls12-invalid-key-exchanges.$(OBJEXT) +tls12_invalid_key_exchanges_LDADD = $(LDADD) +tls12_invalid_key_exchanges_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls12_max_record_SOURCES = tls12-max-record.c +tls12_max_record_OBJECTS = tls12-max-record.$(OBJEXT) +tls12_max_record_LDADD = $(LDADD) +tls12_max_record_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls12_prf_SOURCES = tls12-prf.c +tls12_prf_OBJECTS = tls12-prf.$(OBJEXT) +@HAVE_CMOCKA_TRUE@tls12_prf_DEPENDENCIES = $(am__DEPENDENCIES_5) +tls12_rehandshake_cert_SOURCES = tls12-rehandshake-cert.c +tls12_rehandshake_cert_OBJECTS = tls12-rehandshake-cert.$(OBJEXT) +@HAVE_CMOCKA_TRUE@tls12_rehandshake_cert_DEPENDENCIES = \ +@HAVE_CMOCKA_TRUE@ $(am__DEPENDENCIES_5) +tls12_rehandshake_cert_2_SOURCES = tls12-rehandshake-cert-2.c +tls12_rehandshake_cert_2_OBJECTS = tls12-rehandshake-cert-2.$(OBJEXT) +tls12_rehandshake_cert_2_LDADD = $(LDADD) +tls12_rehandshake_cert_2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls12_rehandshake_cert_3_SOURCES = tls12-rehandshake-cert-3.c +tls12_rehandshake_cert_3_OBJECTS = tls12-rehandshake-cert-3.$(OBJEXT) +tls12_rehandshake_cert_3_LDADD = $(LDADD) +tls12_rehandshake_cert_3_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls12_rehandshake_cert_auto_SOURCES = tls12-rehandshake-cert-auto.c +tls12_rehandshake_cert_auto_OBJECTS = \ + tls12-rehandshake-cert-auto.$(OBJEXT) +tls12_rehandshake_cert_auto_LDADD = $(LDADD) +tls12_rehandshake_cert_auto_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls12_rehandshake_set_prio_SOURCES = tls12-rehandshake-set-prio.c +tls12_rehandshake_set_prio_OBJECTS = \ + tls12-rehandshake-set-prio.$(OBJEXT) +tls12_rehandshake_set_prio_LDADD = $(LDADD) +tls12_rehandshake_set_prio_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +am_tls12_resume_anon_OBJECTS = tls12_resume_anon-resume.$(OBJEXT) +tls12_resume_anon_OBJECTS = $(am_tls12_resume_anon_OBJECTS) +tls12_resume_anon_DEPENDENCIES = $(am__DEPENDENCIES_3) ../gl/libgnu.la +tls12_resume_anon_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(tls12_resume_anon_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ + -o $@ +am_tls12_resume_psk_OBJECTS = tls12_resume_psk-resume.$(OBJEXT) +tls12_resume_psk_OBJECTS = $(am_tls12_resume_psk_OBJECTS) +tls12_resume_psk_DEPENDENCIES = $(am__DEPENDENCIES_3) ../gl/libgnu.la +tls12_resume_psk_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(tls12_resume_psk_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ + -o $@ +am_tls12_resume_x509_OBJECTS = tls12_resume_x509-resume.$(OBJEXT) +tls12_resume_x509_OBJECTS = $(am_tls12_resume_x509_OBJECTS) +tls12_resume_x509_DEPENDENCIES = $(am__DEPENDENCIES_3) ../gl/libgnu.la +tls12_resume_x509_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(tls12_resume_x509_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ + -o $@ +am_tls12_rollback_detection_OBJECTS = tls13/tls12_rollback_detection-rnd-rollback-detection.$(OBJEXT) +tls12_rollback_detection_OBJECTS = \ + $(am_tls12_rollback_detection_OBJECTS) +tls12_rollback_detection_DEPENDENCIES = $(am__DEPENDENCIES_3) \ + ../gl/libgnu.la +tls12_rollback_detection_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(tls12_rollback_detection_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +tls12_server_kx_neg_SOURCES = tls12-server-kx-neg.c +tls12_server_kx_neg_OBJECTS = tls12-server-kx-neg.$(OBJEXT) +tls12_server_kx_neg_LDADD = $(LDADD) +tls12_server_kx_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +am_tls13_cert_key_exchange_OBJECTS = \ + common-cert-key-exchange.$(OBJEXT) \ + tls13-cert-key-exchange.$(OBJEXT) +tls13_cert_key_exchange_OBJECTS = \ + $(am_tls13_cert_key_exchange_OBJECTS) +tls13_cert_key_exchange_LDADD = $(LDADD) +tls13_cert_key_exchange_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_cipher_neg_SOURCES = tls13-cipher-neg.c +tls13_cipher_neg_OBJECTS = tls13-cipher-neg.$(OBJEXT) +tls13_cipher_neg_LDADD = $(LDADD) +tls13_cipher_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_compat_mode_SOURCES = tls13-compat-mode.c +tls13_compat_mode_OBJECTS = tls13-compat-mode.$(OBJEXT) +tls13_compat_mode_LDADD = $(LDADD) +tls13_compat_mode_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_early_data_SOURCES = tls13-early-data.c +tls13_early_data_OBJECTS = tls13-early-data.$(OBJEXT) +tls13_early_data_LDADD = $(LDADD) +tls13_early_data_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_early_data_neg_SOURCES = tls13-early-data-neg.c +tls13_early_data_neg_OBJECTS = tls13-early-data-neg.$(OBJEXT) +tls13_early_data_neg_LDADD = $(LDADD) +tls13_early_data_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_early_data_neg2_SOURCES = tls13-early-data-neg2.c +tls13_early_data_neg2_OBJECTS = tls13-early-data-neg2.$(OBJEXT) +tls13_early_data_neg2_LDADD = $(LDADD) +tls13_early_data_neg2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_early_start_SOURCES = tls13-early-start.c +tls13_early_start_OBJECTS = tls13-early-start.$(OBJEXT) +tls13_early_start_LDADD = $(LDADD) +tls13_early_start_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_rehandshake_cert_SOURCES = tls13-rehandshake-cert.c +tls13_rehandshake_cert_OBJECTS = tls13-rehandshake-cert.$(OBJEXT) +tls13_rehandshake_cert_LDADD = $(LDADD) +tls13_rehandshake_cert_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +am_tls13_resume_psk_OBJECTS = tls13_resume_psk-resume.$(OBJEXT) +tls13_resume_psk_OBJECTS = $(am_tls13_resume_psk_OBJECTS) +tls13_resume_psk_DEPENDENCIES = $(am__DEPENDENCIES_3) ../gl/libgnu.la +tls13_resume_psk_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(tls13_resume_psk_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ + -o $@ +am_tls13_resume_x509_OBJECTS = tls13_resume_x509-resume.$(OBJEXT) +tls13_resume_x509_OBJECTS = $(am_tls13_resume_x509_OBJECTS) +tls13_resume_x509_DEPENDENCIES = $(am__DEPENDENCIES_3) ../gl/libgnu.la +tls13_resume_x509_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(tls13_resume_x509_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) \ + -o $@ +tls13_server_kx_neg_SOURCES = tls13-server-kx-neg.c +tls13_server_kx_neg_OBJECTS = tls13-server-kx-neg.$(OBJEXT) +tls13_server_kx_neg_LDADD = $(LDADD) +tls13_server_kx_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_without_timeout_func_SOURCES = tls13-without-timeout-func.c +tls13_without_timeout_func_OBJECTS = \ + tls13-without-timeout-func.$(OBJEXT) +tls13_without_timeout_func_LDADD = $(LDADD) +tls13_without_timeout_func_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_anti_replay_SOURCES = tls13/anti_replay.c +tls13_anti_replay_OBJECTS = tls13/anti_replay-anti_replay.$(OBJEXT) +tls13_anti_replay_LDADD = $(LDADD) +tls13_anti_replay_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_change_cipher_spec_SOURCES = tls13/change_cipher_spec.c +tls13_change_cipher_spec_OBJECTS = tls13/change_cipher_spec.$(OBJEXT) +tls13_change_cipher_spec_LDADD = $(LDADD) +tls13_change_cipher_spec_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_compress_cert_SOURCES = tls13/compress-cert.c +tls13_compress_cert_OBJECTS = tls13/compress-cert.$(OBJEXT) +tls13_compress_cert_LDADD = $(LDADD) +tls13_compress_cert_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_compress_cert_cli_SOURCES = tls13/compress-cert-cli.c +tls13_compress_cert_cli_OBJECTS = tls13/compress-cert-cli.$(OBJEXT) +tls13_compress_cert_cli_LDADD = $(LDADD) +tls13_compress_cert_cli_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_compress_cert_neg_SOURCES = tls13/compress-cert-neg.c +tls13_compress_cert_neg_OBJECTS = tls13/compress-cert-neg.$(OBJEXT) +tls13_compress_cert_neg_LDADD = $(LDADD) +tls13_compress_cert_neg_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_compress_cert_neg2_SOURCES = tls13/compress-cert-neg2.c +tls13_compress_cert_neg2_OBJECTS = tls13/compress-cert-neg2.$(OBJEXT) +tls13_compress_cert_neg2_LDADD = $(LDADD) +tls13_compress_cert_neg2_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_cookie_SOURCES = tls13/cookie.c +tls13_cookie_OBJECTS = tls13/cookie.$(OBJEXT) +tls13_cookie_LDADD = $(LDADD) +tls13_cookie_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_hello_retry_request_SOURCES = tls13/hello_retry_request.c +tls13_hello_retry_request_OBJECTS = \ + tls13/hello_retry_request.$(OBJEXT) +tls13_hello_retry_request_LDADD = $(LDADD) +tls13_hello_retry_request_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_hello_retry_request_resume_SOURCES = \ + tls13/hello_retry_request_resume.c +tls13_hello_retry_request_resume_OBJECTS = \ + tls13/hello_retry_request_resume.$(OBJEXT) +tls13_hello_retry_request_resume_LDADD = $(LDADD) +tls13_hello_retry_request_resume_DEPENDENCIES = \ + $(COMMON_GNUTLS_LDADD) libutils.la $(am__DEPENDENCIES_2) +tls13_key_limits_SOURCES = tls13/key_limits.c +tls13_key_limits_OBJECTS = tls13/key_limits.$(OBJEXT) +tls13_key_limits_LDADD = $(LDADD) +tls13_key_limits_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_key_share_SOURCES = tls13/key_share.c +tls13_key_share_OBJECTS = tls13/key_share.$(OBJEXT) +tls13_key_share_LDADD = $(LDADD) +tls13_key_share_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_key_update_SOURCES = tls13/key_update.c +tls13_key_update_OBJECTS = tls13/key_update.$(OBJEXT) +tls13_key_update_LDADD = $(LDADD) +tls13_key_update_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_key_update_multiple_SOURCES = tls13/key_update_multiple.c +tls13_key_update_multiple_OBJECTS = \ + tls13/key_update_multiple.$(OBJEXT) +tls13_key_update_multiple_LDADD = $(LDADD) +tls13_key_update_multiple_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_multi_ocsp_SOURCES = tls13/multi-ocsp.c +tls13_multi_ocsp_OBJECTS = tls13/multi-ocsp.$(OBJEXT) +tls13_multi_ocsp_LDADD = $(LDADD) +tls13_multi_ocsp_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_no_auto_send_ticket_SOURCES = tls13/no-auto-send-ticket.c +tls13_no_auto_send_ticket_OBJECTS = \ + tls13/no-auto-send-ticket.$(OBJEXT) +tls13_no_auto_send_ticket_LDADD = $(LDADD) +tls13_no_auto_send_ticket_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_no_psk_exts_SOURCES = tls13/no-psk-exts.c +tls13_no_psk_exts_OBJECTS = tls13/no-psk-exts.$(OBJEXT) +tls13_no_psk_exts_LDADD = $(LDADD) +tls13_no_psk_exts_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_ocsp_client_SOURCES = tls13/ocsp-client.c +tls13_ocsp_client_OBJECTS = tls13/ocsp-client.$(OBJEXT) +tls13_ocsp_client_LDADD = $(LDADD) +tls13_ocsp_client_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_post_handshake_with_cert_SOURCES = \ + tls13/post-handshake-with-cert.c +tls13_post_handshake_with_cert_OBJECTS = \ + tls13/post-handshake-with-cert.$(OBJEXT) +tls13_post_handshake_with_cert_LDADD = $(LDADD) +tls13_post_handshake_with_cert_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_post_handshake_with_cert_auto_SOURCES = \ + tls13/post-handshake-with-cert-auto.c +tls13_post_handshake_with_cert_auto_OBJECTS = \ + tls13/post-handshake-with-cert-auto.$(OBJEXT) +tls13_post_handshake_with_cert_auto_LDADD = $(LDADD) +tls13_post_handshake_with_cert_auto_DEPENDENCIES = \ + $(COMMON_GNUTLS_LDADD) libutils.la $(am__DEPENDENCIES_2) +tls13_post_handshake_with_cert_pkcs11_SOURCES = \ + tls13/post-handshake-with-cert-pkcs11.c +tls13_post_handshake_with_cert_pkcs11_OBJECTS = \ + tls13/post-handshake-with-cert-pkcs11.$(OBJEXT) +tls13_post_handshake_with_cert_ticket_SOURCES = \ + tls13/post-handshake-with-cert-ticket.c +tls13_post_handshake_with_cert_ticket_OBJECTS = \ + tls13/post-handshake-with-cert-ticket.$(OBJEXT) +tls13_post_handshake_with_cert_ticket_LDADD = $(LDADD) +tls13_post_handshake_with_cert_ticket_DEPENDENCIES = \ + $(COMMON_GNUTLS_LDADD) libutils.la $(am__DEPENDENCIES_2) +tls13_post_handshake_with_psk_SOURCES = \ + tls13/post-handshake-with-psk.c +tls13_post_handshake_with_psk_OBJECTS = \ + tls13/post-handshake-with-psk.$(OBJEXT) +tls13_post_handshake_with_psk_LDADD = $(LDADD) +tls13_post_handshake_with_psk_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_post_handshake_without_cert_SOURCES = \ + tls13/post-handshake-without-cert.c +tls13_post_handshake_without_cert_OBJECTS = \ + tls13/post-handshake-without-cert.$(OBJEXT) +tls13_post_handshake_without_cert_LDADD = $(LDADD) +tls13_post_handshake_without_cert_DEPENDENCIES = \ + $(COMMON_GNUTLS_LDADD) libutils.la $(am__DEPENDENCIES_2) +tls13_prf_SOURCES = tls13/prf.c +tls13_prf_OBJECTS = tls13/prf.$(OBJEXT) +tls13_prf_LDADD = $(LDADD) +tls13_prf_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_prf_early_SOURCES = tls13/prf-early.c +tls13_prf_early_OBJECTS = tls13/prf-early.$(OBJEXT) +tls13_prf_early_LDADD = $(LDADD) +tls13_prf_early_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_psk_dumbfw_SOURCES = tls13/psk-dumbfw.c +tls13_psk_dumbfw_OBJECTS = tls13/psk-dumbfw.$(OBJEXT) +tls13_psk_dumbfw_LDADD = $(LDADD) +tls13_psk_dumbfw_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_psk_ext_SOURCES = tls13/psk-ext.c +tls13_psk_ext_OBJECTS = tls13/psk-ext.$(OBJEXT) +tls13_psk_ext_LDADD = $(LDADD) +tls13_psk_ext_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_psk_ke_modes_SOURCES = tls13/psk-ke-modes.c +tls13_psk_ke_modes_OBJECTS = tls13/psk-ke-modes.$(OBJEXT) +tls13_psk_ke_modes_LDADD = $(LDADD) +tls13_psk_ke_modes_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tls13_supported_versions_SOURCES = tls13/supported_versions.c +tls13_supported_versions_OBJECTS = tls13/supported_versions.$(OBJEXT) +tls13_supported_versions_LDADD = $(LDADD) +tls13_supported_versions_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tls13_tls12_no_tls13_exts_SOURCES = tls13/tls12-no-tls13-exts.c +tls13_tls12_no_tls13_exts_OBJECTS = \ + tls13/tls12-no-tls13-exts.$(OBJEXT) +tls13_tls12_no_tls13_exts_LDADD = $(LDADD) +tls13_tls12_no_tls13_exts_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +tlsext_decoding_SOURCES = tlsext-decoding.c +tlsext_decoding_OBJECTS = tlsext-decoding.$(OBJEXT) +tlsext_decoding_LDADD = $(LDADD) +tlsext_decoding_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tlsfeature_crt_SOURCES = tlsfeature-crt.c +tlsfeature_crt_OBJECTS = tlsfeature-crt.$(OBJEXT) +tlsfeature_crt_LDADD = $(LDADD) +tlsfeature_crt_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +tlsfeature_ext_SOURCES = tlsfeature-ext.c +tlsfeature_ext_OBJECTS = tlsfeature-ext.$(OBJEXT) +tlsfeature_ext_LDADD = $(LDADD) +tlsfeature_ext_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +trust_store_SOURCES = trust-store.c +trust_store_OBJECTS = trust-store.$(OBJEXT) +trust_store_LDADD = $(LDADD) +trust_store_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +trustdb_tofu_SOURCES = trustdb-tofu.c +trustdb_tofu_OBJECTS = trustdb-tofu.$(OBJEXT) +trustdb_tofu_LDADD = $(LDADD) +trustdb_tofu_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +urls_SOURCES = urls.c +urls_OBJECTS = urls.$(OBJEXT) +urls_LDADD = $(LDADD) +urls_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +version_checks_SOURCES = version-checks.c +version_checks_OBJECTS = version-checks.$(OBJEXT) +version_checks_LDADD = $(LDADD) +version_checks_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +am__win32_certopenstore_SOURCES_DIST = win-certopenstore.c +@WINDOWS_TRUE@am_win32_certopenstore_OBJECTS = \ +@WINDOWS_TRUE@ win-certopenstore.$(OBJEXT) +win32_certopenstore_OBJECTS = $(am_win32_certopenstore_OBJECTS) +@WINDOWS_TRUE@win32_certopenstore_DEPENDENCIES = \ +@WINDOWS_TRUE@ $(am__DEPENDENCIES_3) +x509_cert_callback_SOURCES = x509-cert-callback.c +x509_cert_callback_OBJECTS = x509-cert-callback.$(OBJEXT) +x509_cert_callback_LDADD = $(LDADD) +x509_cert_callback_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509_cert_callback_legacy_SOURCES = x509-cert-callback-legacy.c +x509_cert_callback_legacy_OBJECTS = \ + x509-cert-callback-legacy.$(OBJEXT) +x509_cert_callback_legacy_LDADD = $(LDADD) +x509_cert_callback_legacy_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +x509_cert_callback_ocsp_SOURCES = x509-cert-callback-ocsp.c +x509_cert_callback_ocsp_OBJECTS = x509-cert-callback-ocsp.$(OBJEXT) +x509_cert_callback_ocsp_LDADD = $(LDADD) +x509_cert_callback_ocsp_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +x509_dn_SOURCES = x509-dn.c +x509_dn_OBJECTS = x509-dn.$(OBJEXT) +x509_dn_LDADD = $(LDADD) +x509_dn_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509_dn_decode_SOURCES = x509-dn-decode.c +x509_dn_decode_OBJECTS = x509-dn-decode.$(OBJEXT) +x509_dn_decode_LDADD = $(LDADD) +x509_dn_decode_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509_dn_decode_compat_SOURCES = x509-dn-decode-compat.c +x509_dn_decode_compat_OBJECTS = x509-dn-decode-compat.$(OBJEXT) +x509_dn_decode_compat_LDADD = $(LDADD) +x509_dn_decode_compat_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +x509_extensions_SOURCES = x509-extensions.c +x509_extensions_OBJECTS = x509-extensions.$(OBJEXT) +x509_extensions_LDADD = $(LDADD) +x509_extensions_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509_server_verify_SOURCES = x509-server-verify.c +x509_server_verify_OBJECTS = x509-server-verify.$(OBJEXT) +x509_server_verify_LDADD = $(LDADD) +x509_server_verify_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509_upnconstraint_SOURCES = x509-upnconstraint.c +x509_upnconstraint_OBJECTS = x509-upnconstraint.$(OBJEXT) +x509_upnconstraint_LDADD = $(LDADD) +x509_upnconstraint_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509_verify_with_crl_SOURCES = x509-verify-with-crl.c +x509_verify_with_crl_OBJECTS = x509-verify-with-crl.$(OBJEXT) +x509_verify_with_crl_LDADD = $(LDADD) +x509_verify_with_crl_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509_altname_SOURCES = x509_altname.c +x509_altname_OBJECTS = x509_altname.$(OBJEXT) +x509_altname_LDADD = $(LDADD) +x509_altname_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509cert_SOURCES = x509cert.c +x509cert_OBJECTS = x509cert.$(OBJEXT) +x509cert_LDADD = $(LDADD) +x509cert_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509cert_ct_SOURCES = x509cert-ct.c +x509cert_ct_OBJECTS = x509cert-ct.$(OBJEXT) +x509cert_ct_LDADD = $(LDADD) +x509cert_ct_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509cert_dntypes_SOURCES = x509cert-dntypes.c +x509cert_dntypes_OBJECTS = x509cert-dntypes.$(OBJEXT) +x509cert_dntypes_LDADD = $(LDADD) +x509cert_dntypes_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509cert_invalid_SOURCES = x509cert-invalid.c +x509cert_invalid_OBJECTS = x509cert-invalid.$(OBJEXT) +x509cert_invalid_LDADD = $(LDADD) +x509cert_invalid_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509cert_tl_SOURCES = x509cert-tl.c +x509cert_tl_OBJECTS = x509cert-tl.$(OBJEXT) +x509cert_tl_LDADD = $(LDADD) +x509cert_tl_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509dn_SOURCES = x509dn.c +x509dn_OBJECTS = x509dn.$(OBJEXT) +x509dn_LDADD = $(LDADD) +x509dn_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509self_SOURCES = x509self.c +x509self_OBJECTS = x509self.$(OBJEXT) +x509self_LDADD = $(LDADD) +x509self_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509sign_verify_SOURCES = x509sign-verify.c +x509sign_verify_OBJECTS = x509sign-verify.$(OBJEXT) +x509sign_verify_LDADD = $(LDADD) +x509sign_verify_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509sign_verify_ecdsa_SOURCES = x509sign-verify-ecdsa.c +x509sign_verify_ecdsa_OBJECTS = x509sign-verify-ecdsa.$(OBJEXT) +x509sign_verify_ecdsa_LDADD = $(LDADD) +x509sign_verify_ecdsa_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +x509sign_verify_error_SOURCES = x509sign-verify-error.c +x509sign_verify_error_OBJECTS = x509sign-verify-error.$(OBJEXT) +x509sign_verify_error_LDADD = $(LDADD) +x509sign_verify_error_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) \ + libutils.la $(am__DEPENDENCIES_2) +x509sign_verify_gost_SOURCES = x509sign-verify-gost.c +x509sign_verify_gost_OBJECTS = x509sign-verify-gost.$(OBJEXT) +x509sign_verify_gost_LDADD = $(LDADD) +x509sign_verify_gost_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +x509sign_verify_rsa_SOURCES = x509sign-verify-rsa.c +x509sign_verify_rsa_OBJECTS = x509sign-verify-rsa.$(OBJEXT) +x509sign_verify_rsa_LDADD = $(LDADD) +x509sign_verify_rsa_DEPENDENCIES = $(COMMON_GNUTLS_LDADD) libutils.la \ + $(am__DEPENDENCIES_2) +am__dist_check_SCRIPTS_DIST = rfc2253-escape-test.sh \ + rsa-md5-collision/rsa-md5-collision.sh systemkey.sh tpm2.sh \ + ktls.sh dtls/dtls.sh dtls/dtls-resume.sh fastopen.sh \ + pkgconfig.sh starttls.sh starttls-ftp.sh starttls-smtp.sh \ + starttls-lmtp.sh starttls-pop3.sh starttls-xmpp.sh \ + starttls-nntp.sh starttls-sieve.sh \ + ocsp-tests/ocsp-tls-connection.sh \ + ocsp-tests/ocsp-must-staple-connection.sh \ + ocsp-tests/ocsp-test.sh cipher-listings.sh sni-hostname.sh \ + server-multi-keys.sh psktool.sh ocsp-tests/ocsp-load-chain.sh \ + gnutls-cli-save-data.sh gnutls-cli-debug.sh sni-resume.sh \ + ocsp-tests/ocsptool.sh cert-reencoding.sh pkcs7-cat.sh \ + long-crl.sh serv-udp.sh logfile-option.sh gnutls-cli-resume.sh \ + profile-tests.sh server-weak-keys.sh \ + ocsp-tests/ocsp-signer-verify.sh cfg-test.sh sanity-lib.sh \ + system-override-sig.sh system-override-hash.sh \ + system-override-versions.sh system-override-invalid.sh \ + system-override-curves.sh system-override-profiles.sh \ + system-override-tls.sh system-override-kx.sh \ + system-override-default-priority-string.sh \ + system-override-sig-tls.sh system-override-hash-filters-prf.sh \ + system-override-sig-allowlist.sh \ + system-override-hash-allowlist.sh \ + system-override-versions-allowlist.sh \ + system-override-curves-allowlist.sh \ + system-override-special-allowlist.sh protocol-set-allowlist.sh \ + gnutls-cli-self-signed.sh gnutls-cli-invalid-crl.sh \ + gnutls-cli-rawpk.sh dh-fips-approved.sh p11-kit-trust.sh \ + testpkcs11.sh certtool-pkcs11.sh p11-kit-load.sh danetool.sh \ + tpmtool_test.sh +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/aead-cipher-vec.Po \ + ./$(DEPDIR)/alerts.Po ./$(DEPDIR)/alpn-server-prec.Po \ + ./$(DEPDIR)/anonself.Po ./$(DEPDIR)/atfork-atfork.Po \ + ./$(DEPDIR)/auto-verify.Po ./$(DEPDIR)/base64-raw.Po \ + ./$(DEPDIR)/base64.Po ./$(DEPDIR)/buffer-buffer.Po \ + ./$(DEPDIR)/cert-status.Po ./$(DEPDIR)/cert.Po \ + ./$(DEPDIR)/cert_verify_inv_utf8.Po \ + ./$(DEPDIR)/certificate_set_x509_crl.Po \ + ./$(DEPDIR)/certuniqueid.Po \ + ./$(DEPDIR)/chainverify-unsorted.Po ./$(DEPDIR)/chainverify.Po \ + ./$(DEPDIR)/cipher-padding.Po \ + ./$(DEPDIR)/cipher_alignment-cipher-alignment.Po \ + ./$(DEPDIR)/ciphersuite-name.Po ./$(DEPDIR)/client-fastopen.Po \ + ./$(DEPDIR)/client-sign-md5-rep.Po \ + ./$(DEPDIR)/client_dsa_key.Po \ + ./$(DEPDIR)/common-cert-key-exchange.Po \ + ./$(DEPDIR)/conv-utf8.Po ./$(DEPDIR)/crl-basic.Po \ + ./$(DEPDIR)/crl_apis.Po ./$(DEPDIR)/crlverify.Po \ + ./$(DEPDIR)/crq-basic.Po ./$(DEPDIR)/crq_apis.Po \ + ./$(DEPDIR)/crq_key_id.Po ./$(DEPDIR)/crt_apis.Po \ + ./$(DEPDIR)/crt_inv_write.Po \ + ./$(DEPDIR)/custom-urls-override.Po ./$(DEPDIR)/custom-urls.Po \ + ./$(DEPDIR)/cve-2008-4989.Po ./$(DEPDIR)/cve-2009-1415.Po \ + ./$(DEPDIR)/cve-2009-1416.Po ./$(DEPDIR)/dane-strcodes.Po \ + ./$(DEPDIR)/dane.Po ./$(DEPDIR)/datefudge-check.Po \ + ./$(DEPDIR)/dh-compute.Po ./$(DEPDIR)/dh-params.Po \ + ./$(DEPDIR)/dhepskself.Po ./$(DEPDIR)/dhex509self.Po \ + ./$(DEPDIR)/dn.Po ./$(DEPDIR)/dn2.Po \ + ./$(DEPDIR)/dss-sig-val.Po \ + ./$(DEPDIR)/dtls-client-with-seccomp.Po \ + ./$(DEPDIR)/dtls-etm.Po ./$(DEPDIR)/dtls-handshake-versions.Po \ + ./$(DEPDIR)/dtls-max-record.Po ./$(DEPDIR)/dtls-pthread.Po \ + ./$(DEPDIR)/dtls-rehandshake-anon.Po \ + ./$(DEPDIR)/dtls-rehandshake-cert-2.Po \ + ./$(DEPDIR)/dtls-rehandshake-cert-3.Po \ + ./$(DEPDIR)/dtls-rehandshake-cert.Po \ + ./$(DEPDIR)/dtls-repro-20170915.Po \ + ./$(DEPDIR)/dtls-session-ticket-lost.Po \ + ./$(DEPDIR)/dtls-sliding-window.Po \ + ./$(DEPDIR)/dtls-with-seccomp.Po \ + ./$(DEPDIR)/dtls1-2-mtu-check.Po \ + ./$(DEPDIR)/dtls10-cert-key-exchange.Po \ + ./$(DEPDIR)/dtls12-cert-key-exchange.Po \ + ./$(DEPDIR)/duplicate-extensions.Po \ + ./$(DEPDIR)/eagain-auto-auth.Po ./$(DEPDIR)/eagain.Po \ + ./$(DEPDIR)/ecdh-compute.Po \ + ./$(DEPDIR)/empty_retrieve_function.Po \ + ./$(DEPDIR)/fallback-scsv.Po ./$(DEPDIR)/fips-mode-pthread.Po \ + ./$(DEPDIR)/fips-override-test.Po \ + ./$(DEPDIR)/fips-rsa-sizes.Po ./$(DEPDIR)/fips-test.Po \ + ./$(DEPDIR)/global-init-override.Po ./$(DEPDIR)/global-init.Po \ + ./$(DEPDIR)/gnutls-ids.Po ./$(DEPDIR)/gnutls-strcodes.Po \ + ./$(DEPDIR)/gnutls_ext_raw_parse.Po \ + ./$(DEPDIR)/gnutls_ext_raw_parse_dtls.Po \ + ./$(DEPDIR)/gnutls_hmac_fast.Po ./$(DEPDIR)/gnutls_ktls.Po \ + ./$(DEPDIR)/gnutls_ocsp_resp_list_import2.Po \ + ./$(DEPDIR)/gnutls_record_overhead-gnutls_record_overhead.Po \ + ./$(DEPDIR)/gnutls_session_set_id.Po \ + ./$(DEPDIR)/gnutls_x509_crq_sign.Po \ + ./$(DEPDIR)/gnutls_x509_crt_list_import.Po \ + ./$(DEPDIR)/gnutls_x509_crt_sign.Po \ + ./$(DEPDIR)/gnutls_x509_privkey_import.Po \ + ./$(DEPDIR)/handshake-false-start.Po \ + ./$(DEPDIR)/handshake-large-cert.Po \ + ./$(DEPDIR)/handshake-large-packet.Po \ + ./$(DEPDIR)/handshake-timeout.Po \ + ./$(DEPDIR)/handshake-versions.Po \ + ./$(DEPDIR)/handshake-write.Po ./$(DEPDIR)/hex.Po \ + ./$(DEPDIR)/hostname-check-utf8.Po \ + ./$(DEPDIR)/hostname-check.Po ./$(DEPDIR)/id-on-xmppAddr.Po \ + ./$(DEPDIR)/infoaccess.Po ./$(DEPDIR)/init_roundtrip.Po \ + ./$(DEPDIR)/insecure_key.Po ./$(DEPDIR)/iov-iov.Po \ + ./$(DEPDIR)/ip-check.Po ./$(DEPDIR)/ip_utils-ip-utils.Po \ + ./$(DEPDIR)/kdf-api.Po ./$(DEPDIR)/key-export-pkcs8.Po \ + ./$(DEPDIR)/key-import-export.Po \ + ./$(DEPDIR)/key-material-dtls.Po \ + ./$(DEPDIR)/key-material-set-dtls.Po \ + ./$(DEPDIR)/key-openssl.Po ./$(DEPDIR)/key-usage-ecdhe-rsa.Po \ + ./$(DEPDIR)/key-usage-rsa.Po ./$(DEPDIR)/keylog-env.Po \ + ./$(DEPDIR)/keylog-func.Po ./$(DEPDIR)/long-session-id.Po \ + ./$(DEPDIR)/mini-alpn.Po ./$(DEPDIR)/mini-chain-unsorted.Po \ + ./$(DEPDIR)/mini-dtls-discard.Po ./$(DEPDIR)/mini-dtls-fork.Po \ + ./$(DEPDIR)/mini-dtls-heartbeat.Po \ + ./$(DEPDIR)/mini-dtls-hello-verify-48.Po \ + ./$(DEPDIR)/mini-dtls-hello-verify.Po \ + ./$(DEPDIR)/mini-dtls-large.Po ./$(DEPDIR)/mini-dtls-lowmtu.Po \ + ./$(DEPDIR)/mini-dtls-mtu.Po \ + ./$(DEPDIR)/mini-dtls-record-asym.Po \ + ./$(DEPDIR)/mini-dtls-record.Po ./$(DEPDIR)/mini-dtls-srtp.Po \ + ./$(DEPDIR)/mini-dtls0-9.Po ./$(DEPDIR)/mini-eagain-dtls.Po \ + ./$(DEPDIR)/mini-emsgsize-dtls.Po \ + ./$(DEPDIR)/mini-global-load.Po \ + ./$(DEPDIR)/mini-key-material.Po ./$(DEPDIR)/mini-loss-time.Po \ + ./$(DEPDIR)/mini-overhead.Po ./$(DEPDIR)/mini-record-2.Po \ + ./$(DEPDIR)/mini-record-failure.Po \ + ./$(DEPDIR)/mini-record-range.Po ./$(DEPDIR)/mini-record.Po \ + ./$(DEPDIR)/mini-server-name.Po \ + ./$(DEPDIR)/mini-session-verify-function.Po \ + ./$(DEPDIR)/mini-termination.Po \ + ./$(DEPDIR)/mini-tls-nonblock.Po ./$(DEPDIR)/mini-x509-2.Po \ + ./$(DEPDIR)/mini-x509-callbacks-intr.Po \ + ./$(DEPDIR)/mini-x509-callbacks.Po \ + ./$(DEPDIR)/mini-x509-cas.Po ./$(DEPDIR)/mini-x509-ipaddr.Po \ + ./$(DEPDIR)/mini-x509.Po ./$(DEPDIR)/missingissuer.Po \ + ./$(DEPDIR)/missingissuer_aia.Po ./$(DEPDIR)/mpi-mpi.Po \ + ./$(DEPDIR)/multi-alerts.Po ./$(DEPDIR)/naked-alerts.Po \ + ./$(DEPDIR)/name-constraints-ip.Po \ + ./$(DEPDIR)/name-constraints.Po \ + ./$(DEPDIR)/name_constraints_merge-name-constraints-merge.Po \ + ./$(DEPDIR)/no-extensions.Po ./$(DEPDIR)/no-signal.Po \ + ./$(DEPDIR)/nul-in-x509-names.Po \ + ./$(DEPDIR)/null_retrieve_function.Po \ + ./$(DEPDIR)/ocsp-filename-memleak.Po ./$(DEPDIR)/ocsp.Po \ + ./$(DEPDIR)/oids.Po ./$(DEPDIR)/openconnect-dtls12.Po \ + ./$(DEPDIR)/openssl.Po ./$(DEPDIR)/parse_ca.Po \ + ./$(DEPDIR)/pcert-list.Po ./$(DEPDIR)/pkcs1-digest-info.Po \ + ./$(DEPDIR)/pkcs12_encode.Po \ + ./$(DEPDIR)/pkcs12_s2k-pkcs12_s2k.Po \ + ./$(DEPDIR)/pkcs12_s2k_pem.Po ./$(DEPDIR)/pkcs12_simple.Po \ + ./$(DEPDIR)/pkcs7-cat-parse.Po ./$(DEPDIR)/pkcs7-gen.Po \ + ./$(DEPDIR)/pkcs7-verify-double-free.Po ./$(DEPDIR)/pkcs7.Po \ + ./$(DEPDIR)/pkcs8-key-decode-encrypted.Po \ + ./$(DEPDIR)/pkcs8-key-decode.Po \ + ./$(DEPDIR)/post-client-hello-change-prio.Po \ + ./$(DEPDIR)/prf.Po ./$(DEPDIR)/priorities-groups.Po \ + ./$(DEPDIR)/priorities.Po ./$(DEPDIR)/priority-init2.Po \ + ./$(DEPDIR)/priority-mix.Po ./$(DEPDIR)/priority-set.Po \ + ./$(DEPDIR)/priority-set2.Po ./$(DEPDIR)/privkey-keygen.Po \ + ./$(DEPDIR)/privkey-verify-broken.Po \ + ./$(DEPDIR)/protocol-set-allowlist.Po ./$(DEPDIR)/psk-file.Po \ + ./$(DEPDIR)/pskself.Po ./$(DEPDIR)/pskself2.Po \ + ./$(DEPDIR)/pubkey-import-export.Po ./$(DEPDIR)/random-art.Po \ + ./$(DEPDIR)/rawpk-api.Po ./$(DEPDIR)/record-pad.Po \ + ./$(DEPDIR)/record-retvals.Po ./$(DEPDIR)/record-sendfile.Po \ + ./$(DEPDIR)/record-sizes-range.Po ./$(DEPDIR)/record-sizes.Po \ + ./$(DEPDIR)/record-timeouts.Po \ + ./$(DEPDIR)/recv-data-before-handshake.Po \ + ./$(DEPDIR)/rehandshake-ext-secret.Po \ + ./$(DEPDIR)/rehandshake-switch-cert-allow.Po \ + ./$(DEPDIR)/rehandshake-switch-cert-client-allow.Po \ + ./$(DEPDIR)/rehandshake-switch-cert-client.Po \ + ./$(DEPDIR)/rehandshake-switch-cert.Po \ + ./$(DEPDIR)/rehandshake-switch-psk-id.Po \ + ./$(DEPDIR)/rehandshake-switch-srp-id.Po \ + ./$(DEPDIR)/resume-dtls.Po ./$(DEPDIR)/resume-lifetime.Po \ + ./$(DEPDIR)/resume-with-false-start.Po \ + ./$(DEPDIR)/resume-with-previous-stek.Po \ + ./$(DEPDIR)/resume-with-record-size-limit.Po \ + ./$(DEPDIR)/resume-with-stek-expiration.Po \ + ./$(DEPDIR)/rfc7633-missing.Po ./$(DEPDIR)/rfc7633-ok.Po \ + ./$(DEPDIR)/rng-fork.Po ./$(DEPDIR)/rng-no-onload.Po \ + ./$(DEPDIR)/rng-op-key.Po ./$(DEPDIR)/rng-op-nonce.Po \ + ./$(DEPDIR)/rng-op-random.Po ./$(DEPDIR)/rng-pthread.Po \ + ./$(DEPDIR)/rng-sigint.Po ./$(DEPDIR)/rsa-encrypt-decrypt.Po \ + ./$(DEPDIR)/rsa-psk-cb.Po ./$(DEPDIR)/rsa-psk.Po \ + ./$(DEPDIR)/rsa-rsa-pss.Po \ + ./$(DEPDIR)/rsa_illegal_import-rsa-illegal-import.Po \ + ./$(DEPDIR)/sanity_cpp-sanity-cpp.Po ./$(DEPDIR)/sec-params.Po \ + ./$(DEPDIR)/seccomp.Plo ./$(DEPDIR)/send-client-cert.Po \ + ./$(DEPDIR)/send-data-before-handshake.Po \ + ./$(DEPDIR)/server-sign-md5-rep.Po \ + ./$(DEPDIR)/server_ecdsa_key.Po \ + ./$(DEPDIR)/session-export-funcs.Po \ + ./$(DEPDIR)/session-rdn-read.Po \ + ./$(DEPDIR)/session-tickets-missing.Po \ + ./$(DEPDIR)/session-tickets-ok.Po \ + ./$(DEPDIR)/set-default-prio.Po ./$(DEPDIR)/set_key.Po \ + ./$(DEPDIR)/set_key_utf8.Po \ + ./$(DEPDIR)/set_known_dh_params_anon.Po \ + ./$(DEPDIR)/set_known_dh_params_psk.Po \ + ./$(DEPDIR)/set_known_dh_params_x509.Po \ + ./$(DEPDIR)/set_pkcs12_cred.Po ./$(DEPDIR)/set_x509_key.Po \ + ./$(DEPDIR)/set_x509_key_file-late.Po \ + ./$(DEPDIR)/set_x509_key_file.Po \ + ./$(DEPDIR)/set_x509_key_file_der.Po \ + ./$(DEPDIR)/set_x509_key_file_legacy.Po \ + ./$(DEPDIR)/set_x509_key_file_ocsp.Po \ + ./$(DEPDIR)/set_x509_key_file_ocsp_multi2.Po \ + ./$(DEPDIR)/set_x509_key_mem.Po \ + ./$(DEPDIR)/set_x509_key_utf8.Po \ + ./$(DEPDIR)/set_x509_ocsp_multi_cli.Po \ + ./$(DEPDIR)/set_x509_ocsp_multi_invalid.Po \ + ./$(DEPDIR)/set_x509_ocsp_multi_pem.Po \ + ./$(DEPDIR)/set_x509_ocsp_multi_unknown.Po \ + ./$(DEPDIR)/set_x509_pkcs12_key.Po ./$(DEPDIR)/setcredcrash.Po \ + ./$(DEPDIR)/sign-is-secure.Po ./$(DEPDIR)/sign-pk-api.Po \ + ./$(DEPDIR)/sign-verify-data-newapi.Po \ + ./$(DEPDIR)/sign-verify-data.Po \ + ./$(DEPDIR)/sign-verify-deterministic.Po \ + ./$(DEPDIR)/sign-verify-ed25519-rfc8080.Po \ + ./$(DEPDIR)/sign-verify-ext.Po ./$(DEPDIR)/sign-verify-ext4.Po \ + ./$(DEPDIR)/sign-verify-newapi.Po ./$(DEPDIR)/sign-verify.Po \ + ./$(DEPDIR)/simple.Po ./$(DEPDIR)/spki-abstract.Po \ + ./$(DEPDIR)/spki.Po ./$(DEPDIR)/srp.Po \ + ./$(DEPDIR)/srpbase64.Po ./$(DEPDIR)/ssl2-hello.Po \ + ./$(DEPDIR)/ssl30-cert-key-exchange.Po \ + ./$(DEPDIR)/ssl30-cipher-neg.Po \ + ./$(DEPDIR)/ssl30-server-kx-neg.Po \ + ./$(DEPDIR)/status-request-ext.Po \ + ./$(DEPDIR)/status-request-ok.Po \ + ./$(DEPDIR)/status-request-revoked.Po \ + ./$(DEPDIR)/status-request.Po ./$(DEPDIR)/str-idna.Po \ + ./$(DEPDIR)/str-unicode.Po ./$(DEPDIR)/strict-der.Po \ + ./$(DEPDIR)/system-override-curves-allowlist.Po \ + ./$(DEPDIR)/system-override-hash.Po \ + ./$(DEPDIR)/system-override-sig-tls.Po \ + ./$(DEPDIR)/system-override-sig.Po \ + ./$(DEPDIR)/system-prio-file.Po ./$(DEPDIR)/time.Po \ + ./$(DEPDIR)/tls-channel-binding.Po \ + ./$(DEPDIR)/tls-client-with-seccomp.Po \ + ./$(DEPDIR)/tls-crt_type-neg.Po ./$(DEPDIR)/tls-etm.Po \ + ./$(DEPDIR)/tls-ext-not-in-dtls.Po \ + ./$(DEPDIR)/tls-ext-register.Po ./$(DEPDIR)/tls-force-etm.Po \ + ./$(DEPDIR)/tls-neg-ext-key.Po ./$(DEPDIR)/tls-neg-ext4-key.Po \ + ./$(DEPDIR)/tls-pthread.Po \ + ./$(DEPDIR)/tls-record-size-limit-asym.Po \ + ./$(DEPDIR)/tls-record-size-limit.Po \ + ./$(DEPDIR)/tls-session-ext-override.Po \ + ./$(DEPDIR)/tls-session-ext-register.Po \ + ./$(DEPDIR)/tls-session-supplemental.Po \ + ./$(DEPDIR)/tls-supplemental.Po \ + ./$(DEPDIR)/tls-with-seccomp.Po \ + ./$(DEPDIR)/tls10-cert-key-exchange.Po \ + ./$(DEPDIR)/tls10-cipher-neg.Po ./$(DEPDIR)/tls10-prf.Po \ + ./$(DEPDIR)/tls10-server-kx-neg.Po \ + ./$(DEPDIR)/tls11-cert-key-exchange.Po \ + ./$(DEPDIR)/tls11-cipher-neg.Po \ + ./$(DEPDIR)/tls11-server-kx-neg.Po \ + ./$(DEPDIR)/tls12-anon-upgrade.Po \ + ./$(DEPDIR)/tls12-cert-key-exchange.Po \ + ./$(DEPDIR)/tls12-cipher-neg.Po ./$(DEPDIR)/tls12-ffdhe.Po \ + ./$(DEPDIR)/tls12-invalid-key-exchanges.Po \ + ./$(DEPDIR)/tls12-max-record.Po ./$(DEPDIR)/tls12-prf.Po \ + ./$(DEPDIR)/tls12-rehandshake-cert-2.Po \ + ./$(DEPDIR)/tls12-rehandshake-cert-3.Po \ + ./$(DEPDIR)/tls12-rehandshake-cert-auto.Po \ + ./$(DEPDIR)/tls12-rehandshake-cert.Po \ + ./$(DEPDIR)/tls12-rehandshake-set-prio.Po \ + ./$(DEPDIR)/tls12-server-kx-neg.Po \ + ./$(DEPDIR)/tls12_resume_anon-resume.Po \ + ./$(DEPDIR)/tls12_resume_psk-resume.Po \ + ./$(DEPDIR)/tls12_resume_x509-resume.Po \ + ./$(DEPDIR)/tls13-cert-key-exchange.Po \ + ./$(DEPDIR)/tls13-cipher-neg.Po \ + ./$(DEPDIR)/tls13-compat-mode.Po \ + ./$(DEPDIR)/tls13-early-data-neg.Po \ + ./$(DEPDIR)/tls13-early-data-neg2.Po \ + ./$(DEPDIR)/tls13-early-data.Po \ + ./$(DEPDIR)/tls13-early-start.Po \ + ./$(DEPDIR)/tls13-rehandshake-cert.Po \ + ./$(DEPDIR)/tls13-server-kx-neg.Po \ + ./$(DEPDIR)/tls13-without-timeout-func.Po \ + ./$(DEPDIR)/tls13_resume_psk-resume.Po \ + ./$(DEPDIR)/tls13_resume_x509-resume.Po \ + ./$(DEPDIR)/tlsext-decoding.Po ./$(DEPDIR)/tlsfeature-crt.Po \ + ./$(DEPDIR)/tlsfeature-ext.Po ./$(DEPDIR)/trust-store.Po \ + ./$(DEPDIR)/trustdb-tofu.Po ./$(DEPDIR)/urls.Po \ + ./$(DEPDIR)/utils-adv.Plo ./$(DEPDIR)/utils.Plo \ + ./$(DEPDIR)/version-checks.Po ./$(DEPDIR)/win-certopenstore.Po \ + ./$(DEPDIR)/x509-cert-callback-legacy.Po \ + ./$(DEPDIR)/x509-cert-callback-ocsp.Po \ + ./$(DEPDIR)/x509-cert-callback.Po \ + ./$(DEPDIR)/x509-dn-decode-compat.Po \ + ./$(DEPDIR)/x509-dn-decode.Po ./$(DEPDIR)/x509-dn.Po \ + ./$(DEPDIR)/x509-extensions.Po \ + ./$(DEPDIR)/x509-server-verify.Po \ + ./$(DEPDIR)/x509-upnconstraint.Po \ + ./$(DEPDIR)/x509-verify-with-crl.Po \ + ./$(DEPDIR)/x509_altname.Po ./$(DEPDIR)/x509cert-ct.Po \ + ./$(DEPDIR)/x509cert-dntypes.Po \ + ./$(DEPDIR)/x509cert-invalid.Po ./$(DEPDIR)/x509cert-tl.Po \ + ./$(DEPDIR)/x509cert.Po ./$(DEPDIR)/x509dn.Po \ + ./$(DEPDIR)/x509self.Po ./$(DEPDIR)/x509sign-verify-ecdsa.Po \ + ./$(DEPDIR)/x509sign-verify-error.Po \ + ./$(DEPDIR)/x509sign-verify-gost.Po \ + ./$(DEPDIR)/x509sign-verify-rsa.Po \ + ./$(DEPDIR)/x509sign-verify.Po dtls/$(DEPDIR)/dtls-stress.Po \ + pkcs11/$(DEPDIR)/gnutls_pcert_list_import_x509_file.Po \ + pkcs11/$(DEPDIR)/gnutls_x509_crt_list_import_url.Po \ + pkcs11/$(DEPDIR)/import_url_privkey_caps-pkcs11-import-url-privkey.Po \ + pkcs11/$(DEPDIR)/list-objects.Po \ + pkcs11/$(DEPDIR)/list-tokens.Po \ + pkcs11/$(DEPDIR)/pkcs11-cert-import-url-exts.Po \ + pkcs11/$(DEPDIR)/pkcs11-cert-import-url4-exts.Po \ + pkcs11/$(DEPDIR)/pkcs11-chainverify.Po \ + pkcs11/$(DEPDIR)/pkcs11-combo.Po \ + pkcs11/$(DEPDIR)/pkcs11-ec-privkey-test.Po \ + pkcs11/$(DEPDIR)/pkcs11-eddsa-privkey-test.Po \ + pkcs11/$(DEPDIR)/pkcs11-get-exts.Po \ + pkcs11/$(DEPDIR)/pkcs11-get-issuer.Po \ + pkcs11/$(DEPDIR)/pkcs11-get-raw-issuer-exts.Po \ + pkcs11/$(DEPDIR)/pkcs11-import-url-privkey.Po \ + pkcs11/$(DEPDIR)/pkcs11-import-with-pin.Po \ + pkcs11/$(DEPDIR)/pkcs11-is-known.Po \ + pkcs11/$(DEPDIR)/pkcs11-mechanisms.Po \ + pkcs11/$(DEPDIR)/pkcs11-mock.Plo \ + pkcs11/$(DEPDIR)/pkcs11-mock2.Plo \ + pkcs11/$(DEPDIR)/pkcs11-obj-import.Po \ + pkcs11/$(DEPDIR)/pkcs11-obj-raw.Po \ + pkcs11/$(DEPDIR)/pkcs11-pin-func.Po \ + pkcs11/$(DEPDIR)/pkcs11-privkey-always-auth.Po \ + pkcs11/$(DEPDIR)/pkcs11-privkey-export.Po \ + pkcs11/$(DEPDIR)/pkcs11-privkey-fork-reinit.Po \ + pkcs11/$(DEPDIR)/pkcs11-privkey-fork.Po \ + pkcs11/$(DEPDIR)/pkcs11-privkey-generate.Po \ + pkcs11/$(DEPDIR)/pkcs11-privkey-pthread.Po \ + pkcs11/$(DEPDIR)/pkcs11-privkey-safenet-always-auth.Po \ + pkcs11/$(DEPDIR)/pkcs11-privkey.Po \ + pkcs11/$(DEPDIR)/pkcs11-pubkey-import-ecdsa.Po \ + pkcs11/$(DEPDIR)/pkcs11-pubkey-import-rsa.Po \ + pkcs11/$(DEPDIR)/pkcs11-rsa-pss-privkey-test.Po \ + pkcs11/$(DEPDIR)/pkcs11-token-raw.Po \ + pkcs11/$(DEPDIR)/tls-neg-pkcs11-key.Po \ + pkcs11/$(DEPDIR)/tls-neg-pkcs11-no-key.Po \ + safe-renegotiation/$(DEPDIR)/srn0.Po \ + safe-renegotiation/$(DEPDIR)/srn1.Po \ + safe-renegotiation/$(DEPDIR)/srn2.Po \ + safe-renegotiation/$(DEPDIR)/srn3.Po \ + safe-renegotiation/$(DEPDIR)/srn4.Po \ + safe-renegotiation/$(DEPDIR)/srn5.Po \ + tls13/$(DEPDIR)/anti_replay-anti_replay.Po \ + tls13/$(DEPDIR)/change_cipher_spec.Po \ + tls13/$(DEPDIR)/compress-cert-cli.Po \ + tls13/$(DEPDIR)/compress-cert-neg.Po \ + tls13/$(DEPDIR)/compress-cert-neg2.Po \ + tls13/$(DEPDIR)/compress-cert.Po tls13/$(DEPDIR)/cookie.Po \ + tls13/$(DEPDIR)/hello_retry_request.Po \ + tls13/$(DEPDIR)/hello_retry_request_resume.Po \ + tls13/$(DEPDIR)/key_limits.Po tls13/$(DEPDIR)/key_share.Po \ + tls13/$(DEPDIR)/key_update.Po \ + tls13/$(DEPDIR)/key_update_multiple.Po \ + tls13/$(DEPDIR)/multi-ocsp.Po \ + tls13/$(DEPDIR)/no-auto-send-ticket.Po \ + tls13/$(DEPDIR)/no-psk-exts.Po tls13/$(DEPDIR)/ocsp-client.Po \ + tls13/$(DEPDIR)/post-handshake-with-cert-auto.Po \ + tls13/$(DEPDIR)/post-handshake-with-cert-pkcs11.Po \ + tls13/$(DEPDIR)/post-handshake-with-cert-ticket.Po \ + tls13/$(DEPDIR)/post-handshake-with-cert.Po \ + tls13/$(DEPDIR)/post-handshake-with-psk.Po \ + tls13/$(DEPDIR)/post-handshake-without-cert.Po \ + tls13/$(DEPDIR)/prf-early.Po tls13/$(DEPDIR)/prf.Po \ + tls13/$(DEPDIR)/psk-dumbfw.Po tls13/$(DEPDIR)/psk-ext.Po \ + tls13/$(DEPDIR)/psk-ke-modes.Po \ + tls13/$(DEPDIR)/supported_versions.Po \ + tls13/$(DEPDIR)/tls11_check_rollback_val-rnd-check-rollback-val.Po \ + tls13/$(DEPDIR)/tls11_rollback_detection-rnd-rollback-detection.Po \ + tls13/$(DEPDIR)/tls12-no-tls13-exts.Po \ + tls13/$(DEPDIR)/tls12_check_rollback_val-rnd-check-rollback-val.Po \ + tls13/$(DEPDIR)/tls12_rollback_detection-rnd-rollback-detection.Po +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) +LTCXXCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CXXFLAGS) $(CXXFLAGS) +AM_V_CXX = $(am__v_CXX_@AM_V@) +am__v_CXX_ = $(am__v_CXX_@AM_DEFAULT_V@) +am__v_CXX_0 = @echo " CXX " $@; +am__v_CXX_1 = +CXXLD = $(CXX) +CXXLINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \ + $(CXXFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CXXLD = $(am__v_CXXLD_@AM_V@) +am__v_CXXLD_ = $(am__v_CXXLD_@AM_DEFAULT_V@) +am__v_CXXLD_0 = @echo " CXXLD " $@; +am__v_CXXLD_1 = +SOURCES = $(libpkcs11mock1_la_SOURCES) $(libpkcs11mock2_la_SOURCES) \ + $(libutils_la_SOURCES) aead-cipher-vec.c alerts.c \ + alpn-server-prec.c anonself.c atfork.c auto-verify.c base64.c \ + base64-raw.c buffer.c cert.c cert-status.c \ + cert_verify_inv_utf8.c certificate_set_x509_crl.c \ + certuniqueid.c chainverify.c chainverify-unsorted.c \ + cipher-alignment.c cipher-padding.c ciphersuite-name.c \ + client-fastopen.c client-sign-md5-rep.c client_dsa_key.c \ + conv-utf8.c crl-basic.c crl_apis.c crlverify.c crq-basic.c \ + crq_apis.c crq_key_id.c crt_apis.c crt_inv_write.c \ + custom-urls.c custom-urls-override.c cve-2008-4989.c \ + cve-2009-1415.c cve-2009-1416.c dane.c dane-strcodes.c \ + datefudge-check.c dh-compute.c dh-params.c dhepskself.c \ + dhex509self.c dn.c dn2.c dss-sig-val.c \ + dtls-client-with-seccomp.c dtls-etm.c \ + dtls-handshake-versions.c dtls-max-record.c dtls-pthread.c \ + dtls-rehandshake-anon.c dtls-rehandshake-cert.c \ + dtls-rehandshake-cert-2.c dtls-rehandshake-cert-3.c \ + $(dtls_repro_20170915_SOURCES) dtls-session-ticket-lost.c \ + dtls-sliding-window.c $(dtls_stress_SOURCES) \ + dtls-with-seccomp.c dtls1-2-mtu-check.c \ + $(dtls10_cert_key_exchange_SOURCES) \ + $(dtls12_cert_key_exchange_SOURCES) duplicate-extensions.c \ + eagain.c eagain-auto-auth.c ecdh-compute.c \ + empty_retrieve_function.c fallback-scsv.c fips-mode-pthread.c \ + fips-override-test.c fips-rsa-sizes.c fips-test.c \ + global-init.c global-init-override.c gnutls-ids.c \ + gnutls-strcodes.c gnutls_ext_raw_parse.c \ + gnutls_ext_raw_parse_dtls.c gnutls_hmac_fast.c gnutls_ktls.c \ + gnutls_ocsp_resp_list_import2.c gnutls_record_overhead.c \ + gnutls_session_set_id.c gnutls_x509_crq_sign.c \ + gnutls_x509_crt_list_import.c gnutls_x509_crt_sign.c \ + gnutls_x509_privkey_import.c handshake-false-start.c \ + handshake-large-cert.c handshake-large-packet.c \ + handshake-timeout.c handshake-versions.c handshake-write.c \ + hex.c hostname-check.c hostname-check-utf8.c id-on-xmppAddr.c \ + infoaccess.c init_roundtrip.c insecure_key.c iov.c ip-check.c \ + ip-utils.c kdf-api.c key-export-pkcs8.c key-import-export.c \ + key-material-dtls.c key-material-set-dtls.c key-openssl.c \ + key-usage-ecdhe-rsa.c key-usage-rsa.c keylog-env.c \ + keylog-func.c long-session-id.c mini-alpn.c \ + mini-chain-unsorted.c mini-dtls-discard.c mini-dtls-fork.c \ + mini-dtls-heartbeat.c mini-dtls-hello-verify.c \ + mini-dtls-hello-verify-48.c mini-dtls-large.c \ + mini-dtls-lowmtu.c mini-dtls-mtu.c mini-dtls-record.c \ + mini-dtls-record-asym.c mini-dtls-srtp.c mini-dtls0-9.c \ + mini-eagain-dtls.c mini-emsgsize-dtls.c mini-global-load.c \ + mini-key-material.c mini-loss-time.c mini-overhead.c \ + mini-record.c mini-record-2.c mini-record-failure.c \ + mini-record-range.c mini-server-name.c \ + mini-session-verify-function.c mini-termination.c \ + mini-tls-nonblock.c mini-x509.c mini-x509-2.c \ + mini-x509-callbacks.c mini-x509-callbacks-intr.c \ + mini-x509-cas.c mini-x509-ipaddr.c missingissuer.c \ + missingissuer_aia.c mpi.c multi-alerts.c naked-alerts.c \ + name-constraints.c name-constraints-ip.c \ + name-constraints-merge.c no-extensions.c no-signal.c \ + nul-in-x509-names.c null_retrieve_function.c ocsp.c \ + ocsp-filename-memleak.c oids.c openconnect-dtls12.c openssl.c \ + parse_ca.c pcert-list.c pkcs1-digest-info.c \ + $(pkcs11_cert_import_url_exts_SOURCES) \ + $(pkcs11_cert_import_url4_exts_SOURCES) \ + $(pkcs11_get_exts_SOURCES) \ + $(pkcs11_get_raw_issuer_exts_SOURCES) \ + $(pkcs11_import_url_privkey_SOURCES) \ + $(pkcs11_import_url_privkey_caps_SOURCES) \ + $(pkcs11_mechanisms_SOURCES) $(pkcs11_obj_raw_SOURCES) \ + $(pkcs11_privkey_always_auth_SOURCES) \ + $(pkcs11_privkey_export_SOURCES) \ + $(pkcs11_privkey_fork_SOURCES) \ + $(pkcs11_privkey_fork_reinit_SOURCES) \ + $(pkcs11_privkey_safenet_always_auth_SOURCES) \ + $(pkcs11_token_raw_SOURCES) \ + pkcs11/gnutls_pcert_list_import_x509_file.c \ + pkcs11/gnutls_x509_crt_list_import_url.c pkcs11/list-objects.c \ + pkcs11/list-tokens.c pkcs11/pkcs11-chainverify.c \ + pkcs11/pkcs11-combo.c pkcs11/pkcs11-ec-privkey-test.c \ + pkcs11/pkcs11-eddsa-privkey-test.c pkcs11/pkcs11-get-issuer.c \ + pkcs11/pkcs11-import-with-pin.c pkcs11/pkcs11-is-known.c \ + pkcs11/pkcs11-obj-import.c pkcs11/pkcs11-pin-func.c \ + pkcs11/pkcs11-privkey.c pkcs11/pkcs11-privkey-generate.c \ + pkcs11/pkcs11-privkey-pthread.c \ + pkcs11/pkcs11-pubkey-import-ecdsa.c \ + pkcs11/pkcs11-pubkey-import-rsa.c \ + pkcs11/pkcs11-rsa-pss-privkey-test.c \ + pkcs11/tls-neg-pkcs11-key.c pkcs11/tls-neg-pkcs11-no-key.c \ + pkcs12_encode.c pkcs12_s2k.c pkcs12_s2k_pem.c pkcs12_simple.c \ + pkcs7.c pkcs7-cat-parse.c pkcs7-gen.c \ + pkcs7-verify-double-free.c pkcs8-key-decode.c \ + pkcs8-key-decode-encrypted.c post-client-hello-change-prio.c \ + prf.c priorities.c priorities-groups.c priority-init2.c \ + priority-mix.c priority-set.c priority-set2.c privkey-keygen.c \ + privkey-verify-broken.c protocol-set-allowlist.c psk-file.c \ + pskself.c pskself2.c pubkey-import-export.c random-art.c \ + rawpk-api.c record-pad.c record-retvals.c record-sendfile.c \ + record-sizes.c record-sizes-range.c record-timeouts.c \ + recv-data-before-handshake.c rehandshake-ext-secret.c \ + rehandshake-switch-cert.c rehandshake-switch-cert-allow.c \ + rehandshake-switch-cert-client.c \ + rehandshake-switch-cert-client-allow.c \ + rehandshake-switch-psk-id.c rehandshake-switch-srp-id.c \ + resume-dtls.c resume-lifetime.c resume-with-false-start.c \ + resume-with-previous-stek.c resume-with-record-size-limit.c \ + resume-with-stek-expiration.c rfc7633-missing.c rfc7633-ok.c \ + rng-fork.c rng-no-onload.c rng-op-key.c rng-op-nonce.c \ + rng-op-random.c rng-pthread.c rng-sigint.c \ + rsa-encrypt-decrypt.c rsa-illegal-import.c rsa-psk.c \ + rsa-psk-cb.c rsa-rsa-pss.c safe-renegotiation/srn0.c \ + safe-renegotiation/srn1.c safe-renegotiation/srn2.c \ + safe-renegotiation/srn3.c safe-renegotiation/srn4.c \ + safe-renegotiation/srn5.c $(sanity_cpp_SOURCES) sec-params.c \ + send-client-cert.c send-data-before-handshake.c \ + server-sign-md5-rep.c server_ecdsa_key.c \ + session-export-funcs.c session-rdn-read.c \ + session-tickets-missing.c session-tickets-ok.c \ + set-default-prio.c set_key.c set_key_utf8.c \ + set_known_dh_params_anon.c set_known_dh_params_psk.c \ + set_known_dh_params_x509.c set_pkcs12_cred.c set_x509_key.c \ + set_x509_key_file.c set_x509_key_file-late.c \ + set_x509_key_file_der.c set_x509_key_file_legacy.c \ + set_x509_key_file_ocsp.c set_x509_key_file_ocsp_multi2.c \ + set_x509_key_mem.c set_x509_key_utf8.c \ + set_x509_ocsp_multi_cli.c set_x509_ocsp_multi_invalid.c \ + set_x509_ocsp_multi_pem.c set_x509_ocsp_multi_unknown.c \ + set_x509_pkcs12_key.c setcredcrash.c sign-is-secure.c \ + sign-pk-api.c sign-verify.c sign-verify-data.c \ + sign-verify-data-newapi.c sign-verify-deterministic.c \ + sign-verify-ed25519-rfc8080.c sign-verify-ext.c \ + sign-verify-ext4.c sign-verify-newapi.c simple.c spki.c \ + spki-abstract.c srp.c srpbase64.c ssl2-hello.c \ + $(ssl30_cert_key_exchange_SOURCES) ssl30-cipher-neg.c \ + ssl30-server-kx-neg.c status-request.c status-request-ext.c \ + status-request-ok.c status-request-revoked.c str-idna.c \ + str-unicode.c strict-der.c system-override-curves-allowlist.c \ + system-override-hash.c system-override-sig.c \ + system-override-sig-tls.c system-prio-file.c time.c \ + tls-channel-binding.c tls-client-with-seccomp.c \ + tls-crt_type-neg.c tls-etm.c tls-ext-not-in-dtls.c \ + tls-ext-register.c tls-force-etm.c tls-neg-ext-key.c \ + tls-neg-ext4-key.c tls-pthread.c tls-record-size-limit.c \ + tls-record-size-limit-asym.c tls-session-ext-override.c \ + tls-session-ext-register.c tls-session-supplemental.c \ + tls-supplemental.c tls-with-seccomp.c \ + $(tls10_cert_key_exchange_SOURCES) tls10-cipher-neg.c \ + tls10-prf.c tls10-server-kx-neg.c \ + $(tls11_cert_key_exchange_SOURCES) \ + $(tls11_check_rollback_val_SOURCES) tls11-cipher-neg.c \ + $(tls11_rollback_detection_SOURCES) tls11-server-kx-neg.c \ + tls12-anon-upgrade.c $(tls12_cert_key_exchange_SOURCES) \ + $(tls12_check_rollback_val_SOURCES) tls12-cipher-neg.c \ + tls12-ffdhe.c tls12-invalid-key-exchanges.c tls12-max-record.c \ + tls12-prf.c tls12-rehandshake-cert.c \ + tls12-rehandshake-cert-2.c tls12-rehandshake-cert-3.c \ + tls12-rehandshake-cert-auto.c tls12-rehandshake-set-prio.c \ + $(tls12_resume_anon_SOURCES) $(tls12_resume_psk_SOURCES) \ + $(tls12_resume_x509_SOURCES) \ + $(tls12_rollback_detection_SOURCES) tls12-server-kx-neg.c \ + $(tls13_cert_key_exchange_SOURCES) tls13-cipher-neg.c \ + tls13-compat-mode.c tls13-early-data.c tls13-early-data-neg.c \ + tls13-early-data-neg2.c tls13-early-start.c \ + tls13-rehandshake-cert.c $(tls13_resume_psk_SOURCES) \ + $(tls13_resume_x509_SOURCES) tls13-server-kx-neg.c \ + tls13-without-timeout-func.c tls13/anti_replay.c \ + tls13/change_cipher_spec.c tls13/compress-cert.c \ + tls13/compress-cert-cli.c tls13/compress-cert-neg.c \ + tls13/compress-cert-neg2.c tls13/cookie.c \ + tls13/hello_retry_request.c tls13/hello_retry_request_resume.c \ + tls13/key_limits.c tls13/key_share.c tls13/key_update.c \ + tls13/key_update_multiple.c tls13/multi-ocsp.c \ + tls13/no-auto-send-ticket.c tls13/no-psk-exts.c \ + tls13/ocsp-client.c tls13/post-handshake-with-cert.c \ + tls13/post-handshake-with-cert-auto.c \ + tls13/post-handshake-with-cert-pkcs11.c \ + tls13/post-handshake-with-cert-ticket.c \ + tls13/post-handshake-with-psk.c \ + tls13/post-handshake-without-cert.c tls13/prf.c \ + tls13/prf-early.c tls13/psk-dumbfw.c tls13/psk-ext.c \ + tls13/psk-ke-modes.c tls13/supported_versions.c \ + tls13/tls12-no-tls13-exts.c tlsext-decoding.c tlsfeature-crt.c \ + tlsfeature-ext.c trust-store.c trustdb-tofu.c urls.c \ + version-checks.c $(win32_certopenstore_SOURCES) \ + x509-cert-callback.c x509-cert-callback-legacy.c \ + x509-cert-callback-ocsp.c x509-dn.c x509-dn-decode.c \ + x509-dn-decode-compat.c x509-extensions.c x509-server-verify.c \ + x509-upnconstraint.c x509-verify-with-crl.c x509_altname.c \ + x509cert.c x509cert-ct.c x509cert-dntypes.c x509cert-invalid.c \ + x509cert-tl.c x509dn.c x509self.c x509sign-verify.c \ + x509sign-verify-ecdsa.c x509sign-verify-error.c \ + x509sign-verify-gost.c x509sign-verify-rsa.c +DIST_SOURCES = $(am__libpkcs11mock1_la_SOURCES_DIST) \ + $(am__libpkcs11mock2_la_SOURCES_DIST) $(libutils_la_SOURCES) \ + aead-cipher-vec.c alerts.c alpn-server-prec.c anonself.c \ + atfork.c auto-verify.c base64.c base64-raw.c buffer.c cert.c \ + cert-status.c cert_verify_inv_utf8.c \ + certificate_set_x509_crl.c certuniqueid.c chainverify.c \ + chainverify-unsorted.c cipher-alignment.c cipher-padding.c \ + ciphersuite-name.c client-fastopen.c client-sign-md5-rep.c \ + client_dsa_key.c conv-utf8.c crl-basic.c crl_apis.c \ + crlverify.c crq-basic.c crq_apis.c crq_key_id.c crt_apis.c \ + crt_inv_write.c custom-urls.c custom-urls-override.c \ + cve-2008-4989.c cve-2009-1415.c cve-2009-1416.c dane.c \ + dane-strcodes.c datefudge-check.c dh-compute.c dh-params.c \ + dhepskself.c dhex509self.c dn.c dn2.c dss-sig-val.c \ + dtls-client-with-seccomp.c dtls-etm.c \ + dtls-handshake-versions.c dtls-max-record.c dtls-pthread.c \ + dtls-rehandshake-anon.c dtls-rehandshake-cert.c \ + dtls-rehandshake-cert-2.c dtls-rehandshake-cert-3.c \ + $(dtls_repro_20170915_SOURCES) dtls-session-ticket-lost.c \ + dtls-sliding-window.c $(am__dtls_stress_SOURCES_DIST) \ + dtls-with-seccomp.c dtls1-2-mtu-check.c \ + $(dtls10_cert_key_exchange_SOURCES) \ + $(dtls12_cert_key_exchange_SOURCES) duplicate-extensions.c \ + eagain.c eagain-auto-auth.c ecdh-compute.c \ + empty_retrieve_function.c fallback-scsv.c fips-mode-pthread.c \ + fips-override-test.c fips-rsa-sizes.c fips-test.c \ + global-init.c global-init-override.c gnutls-ids.c \ + gnutls-strcodes.c gnutls_ext_raw_parse.c \ + gnutls_ext_raw_parse_dtls.c gnutls_hmac_fast.c gnutls_ktls.c \ + gnutls_ocsp_resp_list_import2.c gnutls_record_overhead.c \ + gnutls_session_set_id.c gnutls_x509_crq_sign.c \ + gnutls_x509_crt_list_import.c gnutls_x509_crt_sign.c \ + gnutls_x509_privkey_import.c handshake-false-start.c \ + handshake-large-cert.c handshake-large-packet.c \ + handshake-timeout.c handshake-versions.c handshake-write.c \ + hex.c hostname-check.c hostname-check-utf8.c id-on-xmppAddr.c \ + infoaccess.c init_roundtrip.c insecure_key.c iov.c ip-check.c \ + ip-utils.c kdf-api.c key-export-pkcs8.c key-import-export.c \ + key-material-dtls.c key-material-set-dtls.c key-openssl.c \ + key-usage-ecdhe-rsa.c key-usage-rsa.c keylog-env.c \ + keylog-func.c long-session-id.c mini-alpn.c \ + mini-chain-unsorted.c mini-dtls-discard.c mini-dtls-fork.c \ + mini-dtls-heartbeat.c mini-dtls-hello-verify.c \ + mini-dtls-hello-verify-48.c mini-dtls-large.c \ + mini-dtls-lowmtu.c mini-dtls-mtu.c mini-dtls-record.c \ + mini-dtls-record-asym.c mini-dtls-srtp.c mini-dtls0-9.c \ + mini-eagain-dtls.c mini-emsgsize-dtls.c mini-global-load.c \ + mini-key-material.c mini-loss-time.c mini-overhead.c \ + mini-record.c mini-record-2.c mini-record-failure.c \ + mini-record-range.c mini-server-name.c \ + mini-session-verify-function.c mini-termination.c \ + mini-tls-nonblock.c mini-x509.c mini-x509-2.c \ + mini-x509-callbacks.c mini-x509-callbacks-intr.c \ + mini-x509-cas.c mini-x509-ipaddr.c missingissuer.c \ + missingissuer_aia.c mpi.c multi-alerts.c naked-alerts.c \ + name-constraints.c name-constraints-ip.c \ + name-constraints-merge.c no-extensions.c no-signal.c \ + nul-in-x509-names.c null_retrieve_function.c ocsp.c \ + ocsp-filename-memleak.c oids.c openconnect-dtls12.c openssl.c \ + parse_ca.c pcert-list.c pkcs1-digest-info.c \ + $(am__pkcs11_cert_import_url_exts_SOURCES_DIST) \ + $(am__pkcs11_cert_import_url4_exts_SOURCES_DIST) \ + $(am__pkcs11_get_exts_SOURCES_DIST) \ + $(am__pkcs11_get_raw_issuer_exts_SOURCES_DIST) \ + $(am__pkcs11_import_url_privkey_SOURCES_DIST) \ + $(am__pkcs11_import_url_privkey_caps_SOURCES_DIST) \ + $(am__pkcs11_mechanisms_SOURCES_DIST) \ + $(am__pkcs11_obj_raw_SOURCES_DIST) \ + $(am__pkcs11_privkey_always_auth_SOURCES_DIST) \ + $(am__pkcs11_privkey_export_SOURCES_DIST) \ + $(am__pkcs11_privkey_fork_SOURCES_DIST) \ + $(am__pkcs11_privkey_fork_reinit_SOURCES_DIST) \ + $(am__pkcs11_privkey_safenet_always_auth_SOURCES_DIST) \ + $(am__pkcs11_token_raw_SOURCES_DIST) \ + pkcs11/gnutls_pcert_list_import_x509_file.c \ + pkcs11/gnutls_x509_crt_list_import_url.c pkcs11/list-objects.c \ + pkcs11/list-tokens.c pkcs11/pkcs11-chainverify.c \ + pkcs11/pkcs11-combo.c pkcs11/pkcs11-ec-privkey-test.c \ + pkcs11/pkcs11-eddsa-privkey-test.c pkcs11/pkcs11-get-issuer.c \ + pkcs11/pkcs11-import-with-pin.c pkcs11/pkcs11-is-known.c \ + pkcs11/pkcs11-obj-import.c pkcs11/pkcs11-pin-func.c \ + pkcs11/pkcs11-privkey.c pkcs11/pkcs11-privkey-generate.c \ + pkcs11/pkcs11-privkey-pthread.c \ + pkcs11/pkcs11-pubkey-import-ecdsa.c \ + pkcs11/pkcs11-pubkey-import-rsa.c \ + pkcs11/pkcs11-rsa-pss-privkey-test.c \ + pkcs11/tls-neg-pkcs11-key.c pkcs11/tls-neg-pkcs11-no-key.c \ + pkcs12_encode.c pkcs12_s2k.c pkcs12_s2k_pem.c pkcs12_simple.c \ + pkcs7.c pkcs7-cat-parse.c pkcs7-gen.c \ + pkcs7-verify-double-free.c pkcs8-key-decode.c \ + pkcs8-key-decode-encrypted.c post-client-hello-change-prio.c \ + prf.c priorities.c priorities-groups.c priority-init2.c \ + priority-mix.c priority-set.c priority-set2.c privkey-keygen.c \ + privkey-verify-broken.c protocol-set-allowlist.c psk-file.c \ + pskself.c pskself2.c pubkey-import-export.c random-art.c \ + rawpk-api.c record-pad.c record-retvals.c record-sendfile.c \ + record-sizes.c record-sizes-range.c record-timeouts.c \ + recv-data-before-handshake.c rehandshake-ext-secret.c \ + rehandshake-switch-cert.c rehandshake-switch-cert-allow.c \ + rehandshake-switch-cert-client.c \ + rehandshake-switch-cert-client-allow.c \ + rehandshake-switch-psk-id.c rehandshake-switch-srp-id.c \ + resume-dtls.c resume-lifetime.c resume-with-false-start.c \ + resume-with-previous-stek.c resume-with-record-size-limit.c \ + resume-with-stek-expiration.c rfc7633-missing.c rfc7633-ok.c \ + rng-fork.c rng-no-onload.c rng-op-key.c rng-op-nonce.c \ + rng-op-random.c rng-pthread.c rng-sigint.c \ + rsa-encrypt-decrypt.c rsa-illegal-import.c rsa-psk.c \ + rsa-psk-cb.c rsa-rsa-pss.c safe-renegotiation/srn0.c \ + safe-renegotiation/srn1.c safe-renegotiation/srn2.c \ + safe-renegotiation/srn3.c safe-renegotiation/srn4.c \ + safe-renegotiation/srn5.c $(am__sanity_cpp_SOURCES_DIST) \ + sec-params.c send-client-cert.c send-data-before-handshake.c \ + server-sign-md5-rep.c server_ecdsa_key.c \ + session-export-funcs.c session-rdn-read.c \ + session-tickets-missing.c session-tickets-ok.c \ + set-default-prio.c set_key.c set_key_utf8.c \ + set_known_dh_params_anon.c set_known_dh_params_psk.c \ + set_known_dh_params_x509.c set_pkcs12_cred.c set_x509_key.c \ + set_x509_key_file.c set_x509_key_file-late.c \ + set_x509_key_file_der.c set_x509_key_file_legacy.c \ + set_x509_key_file_ocsp.c set_x509_key_file_ocsp_multi2.c \ + set_x509_key_mem.c set_x509_key_utf8.c \ + set_x509_ocsp_multi_cli.c set_x509_ocsp_multi_invalid.c \ + set_x509_ocsp_multi_pem.c set_x509_ocsp_multi_unknown.c \ + set_x509_pkcs12_key.c setcredcrash.c sign-is-secure.c \ + sign-pk-api.c sign-verify.c sign-verify-data.c \ + sign-verify-data-newapi.c sign-verify-deterministic.c \ + sign-verify-ed25519-rfc8080.c sign-verify-ext.c \ + sign-verify-ext4.c sign-verify-newapi.c simple.c spki.c \ + spki-abstract.c srp.c srpbase64.c ssl2-hello.c \ + $(ssl30_cert_key_exchange_SOURCES) ssl30-cipher-neg.c \ + ssl30-server-kx-neg.c status-request.c status-request-ext.c \ + status-request-ok.c status-request-revoked.c str-idna.c \ + str-unicode.c strict-der.c system-override-curves-allowlist.c \ + system-override-hash.c system-override-sig.c \ + system-override-sig-tls.c system-prio-file.c time.c \ + tls-channel-binding.c tls-client-with-seccomp.c \ + tls-crt_type-neg.c tls-etm.c tls-ext-not-in-dtls.c \ + tls-ext-register.c tls-force-etm.c tls-neg-ext-key.c \ + tls-neg-ext4-key.c tls-pthread.c tls-record-size-limit.c \ + tls-record-size-limit-asym.c tls-session-ext-override.c \ + tls-session-ext-register.c tls-session-supplemental.c \ + tls-supplemental.c tls-with-seccomp.c \ + $(tls10_cert_key_exchange_SOURCES) tls10-cipher-neg.c \ + tls10-prf.c tls10-server-kx-neg.c \ + $(tls11_cert_key_exchange_SOURCES) \ + $(tls11_check_rollback_val_SOURCES) tls11-cipher-neg.c \ + $(tls11_rollback_detection_SOURCES) tls11-server-kx-neg.c \ + tls12-anon-upgrade.c $(tls12_cert_key_exchange_SOURCES) \ + $(tls12_check_rollback_val_SOURCES) tls12-cipher-neg.c \ + tls12-ffdhe.c tls12-invalid-key-exchanges.c tls12-max-record.c \ + tls12-prf.c tls12-rehandshake-cert.c \ + tls12-rehandshake-cert-2.c tls12-rehandshake-cert-3.c \ + tls12-rehandshake-cert-auto.c tls12-rehandshake-set-prio.c \ + $(tls12_resume_anon_SOURCES) $(tls12_resume_psk_SOURCES) \ + $(tls12_resume_x509_SOURCES) \ + $(tls12_rollback_detection_SOURCES) tls12-server-kx-neg.c \ + $(tls13_cert_key_exchange_SOURCES) tls13-cipher-neg.c \ + tls13-compat-mode.c tls13-early-data.c tls13-early-data-neg.c \ + tls13-early-data-neg2.c tls13-early-start.c \ + tls13-rehandshake-cert.c $(tls13_resume_psk_SOURCES) \ + $(tls13_resume_x509_SOURCES) tls13-server-kx-neg.c \ + tls13-without-timeout-func.c tls13/anti_replay.c \ + tls13/change_cipher_spec.c tls13/compress-cert.c \ + tls13/compress-cert-cli.c tls13/compress-cert-neg.c \ + tls13/compress-cert-neg2.c tls13/cookie.c \ + tls13/hello_retry_request.c tls13/hello_retry_request_resume.c \ + tls13/key_limits.c tls13/key_share.c tls13/key_update.c \ + tls13/key_update_multiple.c tls13/multi-ocsp.c \ + tls13/no-auto-send-ticket.c tls13/no-psk-exts.c \ + tls13/ocsp-client.c tls13/post-handshake-with-cert.c \ + tls13/post-handshake-with-cert-auto.c \ + tls13/post-handshake-with-cert-pkcs11.c \ + tls13/post-handshake-with-cert-ticket.c \ + tls13/post-handshake-with-psk.c \ + tls13/post-handshake-without-cert.c tls13/prf.c \ + tls13/prf-early.c tls13/psk-dumbfw.c tls13/psk-ext.c \ + tls13/psk-ke-modes.c tls13/supported_versions.c \ + tls13/tls12-no-tls13-exts.c tlsext-decoding.c tlsfeature-crt.c \ + tlsfeature-ext.c trust-store.c trustdb-tofu.c urls.c \ + version-checks.c $(am__win32_certopenstore_SOURCES_DIST) \ + x509-cert-callback.c x509-cert-callback-legacy.c \ + x509-cert-callback-ocsp.c x509-dn.c x509-dn-decode.c \ + x509-dn-decode-compat.c x509-extensions.c x509-server-verify.c \ + x509-upnconstraint.c x509-verify-with-crl.c x509_altname.c \ + x509cert.c x509cert-ct.c x509cert-dntypes.c x509cert-invalid.c \ + x509cert-tl.c x509dn.c x509self.c x509sign-verify.c \ + x509sign-verify-ecdsa.c x509sign-verify-error.c \ + x509sign-verify-gost.c x509sign-verify-rsa.c +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + check recheck distdir distdir-am +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red=''; \ + grn=''; \ + lgn=''; \ + blu=''; \ + mgn=''; \ + brg=''; \ + std=''; \ + fi; \ +} +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__recheck_rx = ^[ ]*:recheck:[ ]* +am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* +am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* +# A command that, given a newline-separated list of test names on the +# standard input, print the name of the tests that are to be re-run +# upon "make recheck". +am__list_recheck_tests = $(AWK) '{ \ + recheck = 1; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + { \ + if ((getline line2 < ($$0 ".log")) < 0) \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ + { \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ + { \ + break; \ + } \ + }; \ + if (recheck) \ + print $$0; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# A command that, given a newline-separated list of test names on the +# standard input, create the global log from their .trs and .log files. +am__create_global_log = $(AWK) ' \ +function fatal(msg) \ +{ \ + print "fatal: making $@: " msg | "cat >&2"; \ + exit 1; \ +} \ +function rst_section(header) \ +{ \ + print header; \ + len = length(header); \ + for (i = 1; i <= len; i = i + 1) \ + printf "="; \ + printf "\n\n"; \ +} \ +{ \ + copy_in_global_log = 1; \ + global_test_result = "RUN"; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".trs"); \ + if (line ~ /$(am__global_test_result_rx)/) \ + { \ + sub("$(am__global_test_result_rx)", "", line); \ + sub("[ ]*$$", "", line); \ + global_test_result = line; \ + } \ + else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ + copy_in_global_log = 0; \ + }; \ + if (copy_in_global_log) \ + { \ + rst_section(global_test_result ": " $$0); \ + while ((rc = (getline line < ($$0 ".log"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".log"); \ + print line; \ + }; \ + printf "\n"; \ + }; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# Restructured Text title. +am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } +# Solaris 10 'make', and several other traditional 'make' implementations, +# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it +# by disabling -e (using the XSI extension "set +e") if it's set. +am__sh_e_setup = case $$- in *e*) set +e;; esac +# Default flags passed to test drivers. +am__common_driver_flags = \ + --color-tests "$$am__color_tests" \ + --enable-hard-errors "$$am__enable_hard_errors" \ + --expect-failure "$$am__expect_failure" +# To be inserted before the command running the test. Creates the +# directory for the log if needed. Stores in $dir the directory +# containing $f, in $tst the test, in $log the log. Executes the +# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and +# passes TESTS_ENVIRONMENT. Set up options for the wrapper that +# will run the test scripts (or their associated LOG_COMPILER, if +# thy have one). +am__check_pre = \ +$(am__sh_e_setup); \ +$(am__vpath_adj_setup) $(am__vpath_adj) \ +$(am__tty_colors); \ +srcdir=$(srcdir); export srcdir; \ +case "$@" in \ + */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ + *) am__odir=.;; \ +esac; \ +test "x$$am__odir" = x"." || test -d "$$am__odir" \ + || $(MKDIR_P) "$$am__odir" || exit $$?; \ +if test -f "./$$f"; then dir=./; \ +elif test -f "$$f"; then dir=; \ +else dir="$(srcdir)/"; fi; \ +tst=$$dir$$f; log='$@'; \ +if test -n '$(DISABLE_HARD_ERRORS)'; then \ + am__enable_hard_errors=no; \ +else \ + am__enable_hard_errors=yes; \ +fi; \ +case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ + am__expect_failure=yes;; \ + *) \ + am__expect_failure=no;; \ +esac; \ +$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) +# A shell command to get the names of the tests scripts with any registered +# extension removed (i.e., equivalently, the names of the test logs, with +# the '.log' extension removed). The result is saved in the shell variable +# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, +# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", +# since that might cause problem with VPATH rewrites for suffix-less tests. +# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. +am__set_TESTS_bases = \ + bases='$(TEST_LOGS)'; \ + bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ + bases=`echo $$bases` +AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' +RECHECK_LOGS = $(TEST_LOGS) +TEST_SUITE_LOG = test-suite.log +LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver +LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) +am__set_b = \ + case '$@' in \ + */*) \ + case '$*' in \ + */*) b='$*';; \ + *) b=`echo '$@' | sed 's/\.log$$//'`; \ + esac;; \ + *) \ + b='$*';; \ + esac +am__test_logs1 = $(TESTS:=.log) +am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) +TEST_LOGS = $(am__test_logs2:.sh.log=.log) +SH_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver +SH_LOG_COMPILE = $(SH_LOG_COMPILER) $(AM_SH_LOG_FLAGS) $(SH_LOG_FLAGS) +DIST_SUBDIRS = . cert-tests slow windows suite +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp \ + $(top_srcdir)/build-aux/test-driver +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +AARCH64_CCASFLAGS = @AARCH64_CCASFLAGS@ +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind +APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +ASN1PARSER = @ASN1PARSER@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ +BYTESWAP_H = @BYTESWAP_H@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CFLAG_VISIBILITY = @CFLAG_VISIBILITY@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ +CONFIG_INCLUDE = @CONFIG_INCLUDE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CXX_LT_AGE = @CXX_LT_AGE@ +CXX_LT_CURRENT = @CXX_LT_CURRENT@ +CXX_LT_REVISION = @CXX_LT_REVISION@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_VALGRINDFLAGS = @DEFAULT_VALGRINDFLAGS@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DLL_SSL_VERSION = @DLL_SSL_VERSION@ +DLL_VERSION = @DLL_VERSION@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ +EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ +ENABLE_PADLOCK = @ENABLE_PADLOCK@ +ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ +ENOLINK_VALUE = @ENOLINK_VALUE@ +EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ +EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ +ERRNO_H = @ERRNO_H@ +ETAGS = @ETAGS@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FILECMD = @FILECMD@ +FIPS140_LIBS = @FIPS140_LIBS@ +FLOAT_H = @FLOAT_H@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETADDRINFO_LIB = @GETADDRINFO_LIB@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GL_GGL_GNULIB_ACCEPT = @GL_GGL_GNULIB_ACCEPT@ +GL_GGL_GNULIB_ACCEPT4 = @GL_GGL_GNULIB_ACCEPT4@ +GL_GGL_GNULIB_ACCESS = @GL_GGL_GNULIB_ACCESS@ +GL_GGL_GNULIB_ALIGNED_ALLOC = @GL_GGL_GNULIB_ALIGNED_ALLOC@ +GL_GGL_GNULIB_ATOLL = @GL_GGL_GNULIB_ATOLL@ +GL_GGL_GNULIB_BIND = @GL_GGL_GNULIB_BIND@ +GL_GGL_GNULIB_BTOWC = @GL_GGL_GNULIB_BTOWC@ +GL_GGL_GNULIB_CALLOC_POSIX = @GL_GGL_GNULIB_CALLOC_POSIX@ +GL_GGL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GGL_GNULIB_CANONICALIZE_FILE_NAME@ +GL_GGL_GNULIB_CHDIR = @GL_GGL_GNULIB_CHDIR@ +GL_GGL_GNULIB_CHOWN = @GL_GGL_GNULIB_CHOWN@ +GL_GGL_GNULIB_CLOSE = @GL_GGL_GNULIB_CLOSE@ +GL_GGL_GNULIB_CONNECT = @GL_GGL_GNULIB_CONNECT@ +GL_GGL_GNULIB_COPY_FILE_RANGE = @GL_GGL_GNULIB_COPY_FILE_RANGE@ +GL_GGL_GNULIB_CREAT = @GL_GGL_GNULIB_CREAT@ +GL_GGL_GNULIB_CTIME = @GL_GGL_GNULIB_CTIME@ +GL_GGL_GNULIB_DPRINTF = @GL_GGL_GNULIB_DPRINTF@ +GL_GGL_GNULIB_DUP = @GL_GGL_GNULIB_DUP@ +GL_GGL_GNULIB_DUP2 = @GL_GGL_GNULIB_DUP2@ +GL_GGL_GNULIB_DUP3 = @GL_GGL_GNULIB_DUP3@ +GL_GGL_GNULIB_DUPLOCALE = @GL_GGL_GNULIB_DUPLOCALE@ +GL_GGL_GNULIB_ENVIRON = @GL_GGL_GNULIB_ENVIRON@ +GL_GGL_GNULIB_EUIDACCESS = @GL_GGL_GNULIB_EUIDACCESS@ +GL_GGL_GNULIB_EXECL = @GL_GGL_GNULIB_EXECL@ +GL_GGL_GNULIB_EXECLE = @GL_GGL_GNULIB_EXECLE@ +GL_GGL_GNULIB_EXECLP = @GL_GGL_GNULIB_EXECLP@ +GL_GGL_GNULIB_EXECV = @GL_GGL_GNULIB_EXECV@ +GL_GGL_GNULIB_EXECVE = @GL_GGL_GNULIB_EXECVE@ +GL_GGL_GNULIB_EXECVP = @GL_GGL_GNULIB_EXECVP@ +GL_GGL_GNULIB_EXECVPE = @GL_GGL_GNULIB_EXECVPE@ +GL_GGL_GNULIB_EXPLICIT_BZERO = @GL_GGL_GNULIB_EXPLICIT_BZERO@ +GL_GGL_GNULIB_FACCESSAT = @GL_GGL_GNULIB_FACCESSAT@ +GL_GGL_GNULIB_FCHDIR = @GL_GGL_GNULIB_FCHDIR@ +GL_GGL_GNULIB_FCHMODAT = @GL_GGL_GNULIB_FCHMODAT@ +GL_GGL_GNULIB_FCHOWNAT = @GL_GGL_GNULIB_FCHOWNAT@ +GL_GGL_GNULIB_FCLOSE = @GL_GGL_GNULIB_FCLOSE@ +GL_GGL_GNULIB_FCNTL = @GL_GGL_GNULIB_FCNTL@ +GL_GGL_GNULIB_FDATASYNC = @GL_GGL_GNULIB_FDATASYNC@ +GL_GGL_GNULIB_FDOPEN = @GL_GGL_GNULIB_FDOPEN@ +GL_GGL_GNULIB_FFLUSH = @GL_GGL_GNULIB_FFLUSH@ +GL_GGL_GNULIB_FFS = @GL_GGL_GNULIB_FFS@ +GL_GGL_GNULIB_FFSL = @GL_GGL_GNULIB_FFSL@ +GL_GGL_GNULIB_FFSLL = @GL_GGL_GNULIB_FFSLL@ +GL_GGL_GNULIB_FGETC = @GL_GGL_GNULIB_FGETC@ +GL_GGL_GNULIB_FGETS = @GL_GGL_GNULIB_FGETS@ +GL_GGL_GNULIB_FOPEN = @GL_GGL_GNULIB_FOPEN@ +GL_GGL_GNULIB_FPRINTF = @GL_GGL_GNULIB_FPRINTF@ +GL_GGL_GNULIB_FPRINTF_POSIX = @GL_GGL_GNULIB_FPRINTF_POSIX@ +GL_GGL_GNULIB_FPURGE = @GL_GGL_GNULIB_FPURGE@ +GL_GGL_GNULIB_FPUTC = @GL_GGL_GNULIB_FPUTC@ +GL_GGL_GNULIB_FPUTS = @GL_GGL_GNULIB_FPUTS@ +GL_GGL_GNULIB_FREAD = @GL_GGL_GNULIB_FREAD@ +GL_GGL_GNULIB_FREE_POSIX = @GL_GGL_GNULIB_FREE_POSIX@ +GL_GGL_GNULIB_FREOPEN = @GL_GGL_GNULIB_FREOPEN@ +GL_GGL_GNULIB_FSCANF = @GL_GGL_GNULIB_FSCANF@ +GL_GGL_GNULIB_FSEEK = @GL_GGL_GNULIB_FSEEK@ +GL_GGL_GNULIB_FSEEKO = @GL_GGL_GNULIB_FSEEKO@ +GL_GGL_GNULIB_FSTAT = @GL_GGL_GNULIB_FSTAT@ +GL_GGL_GNULIB_FSTATAT = @GL_GGL_GNULIB_FSTATAT@ +GL_GGL_GNULIB_FSYNC = @GL_GGL_GNULIB_FSYNC@ +GL_GGL_GNULIB_FTELL = @GL_GGL_GNULIB_FTELL@ +GL_GGL_GNULIB_FTELLO = @GL_GGL_GNULIB_FTELLO@ +GL_GGL_GNULIB_FTRUNCATE = @GL_GGL_GNULIB_FTRUNCATE@ +GL_GGL_GNULIB_FUTIMENS = @GL_GGL_GNULIB_FUTIMENS@ +GL_GGL_GNULIB_FWRITE = @GL_GGL_GNULIB_FWRITE@ +GL_GGL_GNULIB_GETADDRINFO = @GL_GGL_GNULIB_GETADDRINFO@ +GL_GGL_GNULIB_GETC = @GL_GGL_GNULIB_GETC@ +GL_GGL_GNULIB_GETCHAR = @GL_GGL_GNULIB_GETCHAR@ +GL_GGL_GNULIB_GETCWD = @GL_GGL_GNULIB_GETCWD@ +GL_GGL_GNULIB_GETDELIM = @GL_GGL_GNULIB_GETDELIM@ +GL_GGL_GNULIB_GETDOMAINNAME = @GL_GGL_GNULIB_GETDOMAINNAME@ +GL_GGL_GNULIB_GETDTABLESIZE = @GL_GGL_GNULIB_GETDTABLESIZE@ +GL_GGL_GNULIB_GETENTROPY = @GL_GGL_GNULIB_GETENTROPY@ +GL_GGL_GNULIB_GETGROUPS = @GL_GGL_GNULIB_GETGROUPS@ +GL_GGL_GNULIB_GETHOSTNAME = @GL_GGL_GNULIB_GETHOSTNAME@ +GL_GGL_GNULIB_GETLINE = @GL_GGL_GNULIB_GETLINE@ +GL_GGL_GNULIB_GETLOADAVG = @GL_GGL_GNULIB_GETLOADAVG@ +GL_GGL_GNULIB_GETLOGIN = @GL_GGL_GNULIB_GETLOGIN@ +GL_GGL_GNULIB_GETLOGIN_R = @GL_GGL_GNULIB_GETLOGIN_R@ +GL_GGL_GNULIB_GETOPT_POSIX = @GL_GGL_GNULIB_GETOPT_POSIX@ +GL_GGL_GNULIB_GETPAGESIZE = @GL_GGL_GNULIB_GETPAGESIZE@ +GL_GGL_GNULIB_GETPASS = @GL_GGL_GNULIB_GETPASS@ +GL_GGL_GNULIB_GETPEERNAME = @GL_GGL_GNULIB_GETPEERNAME@ +GL_GGL_GNULIB_GETSOCKNAME = @GL_GGL_GNULIB_GETSOCKNAME@ +GL_GGL_GNULIB_GETSOCKOPT = @GL_GGL_GNULIB_GETSOCKOPT@ +GL_GGL_GNULIB_GETSUBOPT = @GL_GGL_GNULIB_GETSUBOPT@ +GL_GGL_GNULIB_GETTIMEOFDAY = @GL_GGL_GNULIB_GETTIMEOFDAY@ +GL_GGL_GNULIB_GETUMASK = @GL_GGL_GNULIB_GETUMASK@ +GL_GGL_GNULIB_GETUSERSHELL = @GL_GGL_GNULIB_GETUSERSHELL@ +GL_GGL_GNULIB_GRANTPT = @GL_GGL_GNULIB_GRANTPT@ +GL_GGL_GNULIB_GROUP_MEMBER = @GL_GGL_GNULIB_GROUP_MEMBER@ +GL_GGL_GNULIB_IMAXABS = @GL_GGL_GNULIB_IMAXABS@ +GL_GGL_GNULIB_IMAXDIV = @GL_GGL_GNULIB_IMAXDIV@ +GL_GGL_GNULIB_INET_NTOP = @GL_GGL_GNULIB_INET_NTOP@ +GL_GGL_GNULIB_INET_PTON = @GL_GGL_GNULIB_INET_PTON@ +GL_GGL_GNULIB_IOCTL = @GL_GGL_GNULIB_IOCTL@ +GL_GGL_GNULIB_ISATTY = @GL_GGL_GNULIB_ISATTY@ +GL_GGL_GNULIB_ISBLANK = @GL_GGL_GNULIB_ISBLANK@ +GL_GGL_GNULIB_LCHMOD = @GL_GGL_GNULIB_LCHMOD@ +GL_GGL_GNULIB_LCHOWN = @GL_GGL_GNULIB_LCHOWN@ +GL_GGL_GNULIB_LINK = @GL_GGL_GNULIB_LINK@ +GL_GGL_GNULIB_LINKAT = @GL_GGL_GNULIB_LINKAT@ +GL_GGL_GNULIB_LISTEN = @GL_GGL_GNULIB_LISTEN@ +GL_GGL_GNULIB_LOCALECONV = @GL_GGL_GNULIB_LOCALECONV@ +GL_GGL_GNULIB_LOCALENAME = @GL_GGL_GNULIB_LOCALENAME@ +GL_GGL_GNULIB_LOCALTIME = @GL_GGL_GNULIB_LOCALTIME@ +GL_GGL_GNULIB_LSEEK = @GL_GGL_GNULIB_LSEEK@ +GL_GGL_GNULIB_LSTAT = @GL_GGL_GNULIB_LSTAT@ +GL_GGL_GNULIB_MALLOC_POSIX = @GL_GGL_GNULIB_MALLOC_POSIX@ +GL_GGL_GNULIB_MBRLEN = @GL_GGL_GNULIB_MBRLEN@ +GL_GGL_GNULIB_MBRTOWC = @GL_GGL_GNULIB_MBRTOWC@ +GL_GGL_GNULIB_MBSCASECMP = @GL_GGL_GNULIB_MBSCASECMP@ +GL_GGL_GNULIB_MBSCASESTR = @GL_GGL_GNULIB_MBSCASESTR@ +GL_GGL_GNULIB_MBSCHR = @GL_GGL_GNULIB_MBSCHR@ +GL_GGL_GNULIB_MBSCSPN = @GL_GGL_GNULIB_MBSCSPN@ +GL_GGL_GNULIB_MBSINIT = @GL_GGL_GNULIB_MBSINIT@ +GL_GGL_GNULIB_MBSLEN = @GL_GGL_GNULIB_MBSLEN@ +GL_GGL_GNULIB_MBSNCASECMP = @GL_GGL_GNULIB_MBSNCASECMP@ +GL_GGL_GNULIB_MBSNLEN = @GL_GGL_GNULIB_MBSNLEN@ +GL_GGL_GNULIB_MBSNRTOWCS = @GL_GGL_GNULIB_MBSNRTOWCS@ +GL_GGL_GNULIB_MBSPBRK = @GL_GGL_GNULIB_MBSPBRK@ +GL_GGL_GNULIB_MBSPCASECMP = @GL_GGL_GNULIB_MBSPCASECMP@ +GL_GGL_GNULIB_MBSRCHR = @GL_GGL_GNULIB_MBSRCHR@ +GL_GGL_GNULIB_MBSRTOWCS = @GL_GGL_GNULIB_MBSRTOWCS@ +GL_GGL_GNULIB_MBSSEP = @GL_GGL_GNULIB_MBSSEP@ +GL_GGL_GNULIB_MBSSPN = @GL_GGL_GNULIB_MBSSPN@ +GL_GGL_GNULIB_MBSSTR = @GL_GGL_GNULIB_MBSSTR@ +GL_GGL_GNULIB_MBSTOK_R = @GL_GGL_GNULIB_MBSTOK_R@ +GL_GGL_GNULIB_MBTOWC = @GL_GGL_GNULIB_MBTOWC@ +GL_GGL_GNULIB_MDA_ACCESS = @GL_GGL_GNULIB_MDA_ACCESS@ +GL_GGL_GNULIB_MDA_CHDIR = @GL_GGL_GNULIB_MDA_CHDIR@ +GL_GGL_GNULIB_MDA_CHMOD = @GL_GGL_GNULIB_MDA_CHMOD@ +GL_GGL_GNULIB_MDA_CLOSE = @GL_GGL_GNULIB_MDA_CLOSE@ +GL_GGL_GNULIB_MDA_CREAT = @GL_GGL_GNULIB_MDA_CREAT@ +GL_GGL_GNULIB_MDA_DUP = @GL_GGL_GNULIB_MDA_DUP@ +GL_GGL_GNULIB_MDA_DUP2 = @GL_GGL_GNULIB_MDA_DUP2@ +GL_GGL_GNULIB_MDA_ECVT = @GL_GGL_GNULIB_MDA_ECVT@ +GL_GGL_GNULIB_MDA_EXECL = @GL_GGL_GNULIB_MDA_EXECL@ +GL_GGL_GNULIB_MDA_EXECLE = @GL_GGL_GNULIB_MDA_EXECLE@ +GL_GGL_GNULIB_MDA_EXECLP = @GL_GGL_GNULIB_MDA_EXECLP@ +GL_GGL_GNULIB_MDA_EXECV = @GL_GGL_GNULIB_MDA_EXECV@ +GL_GGL_GNULIB_MDA_EXECVE = @GL_GGL_GNULIB_MDA_EXECVE@ +GL_GGL_GNULIB_MDA_EXECVP = @GL_GGL_GNULIB_MDA_EXECVP@ +GL_GGL_GNULIB_MDA_EXECVPE = @GL_GGL_GNULIB_MDA_EXECVPE@ +GL_GGL_GNULIB_MDA_FCLOSEALL = @GL_GGL_GNULIB_MDA_FCLOSEALL@ +GL_GGL_GNULIB_MDA_FCVT = @GL_GGL_GNULIB_MDA_FCVT@ +GL_GGL_GNULIB_MDA_FDOPEN = @GL_GGL_GNULIB_MDA_FDOPEN@ +GL_GGL_GNULIB_MDA_FILENO = @GL_GGL_GNULIB_MDA_FILENO@ +GL_GGL_GNULIB_MDA_GCVT = @GL_GGL_GNULIB_MDA_GCVT@ +GL_GGL_GNULIB_MDA_GETCWD = @GL_GGL_GNULIB_MDA_GETCWD@ +GL_GGL_GNULIB_MDA_GETPID = @GL_GGL_GNULIB_MDA_GETPID@ +GL_GGL_GNULIB_MDA_GETW = @GL_GGL_GNULIB_MDA_GETW@ +GL_GGL_GNULIB_MDA_ISATTY = @GL_GGL_GNULIB_MDA_ISATTY@ +GL_GGL_GNULIB_MDA_LSEEK = @GL_GGL_GNULIB_MDA_LSEEK@ +GL_GGL_GNULIB_MDA_MEMCCPY = @GL_GGL_GNULIB_MDA_MEMCCPY@ +GL_GGL_GNULIB_MDA_MKDIR = @GL_GGL_GNULIB_MDA_MKDIR@ +GL_GGL_GNULIB_MDA_MKTEMP = @GL_GGL_GNULIB_MDA_MKTEMP@ +GL_GGL_GNULIB_MDA_OPEN = @GL_GGL_GNULIB_MDA_OPEN@ +GL_GGL_GNULIB_MDA_PUTENV = @GL_GGL_GNULIB_MDA_PUTENV@ +GL_GGL_GNULIB_MDA_PUTW = @GL_GGL_GNULIB_MDA_PUTW@ +GL_GGL_GNULIB_MDA_READ = @GL_GGL_GNULIB_MDA_READ@ +GL_GGL_GNULIB_MDA_RMDIR = @GL_GGL_GNULIB_MDA_RMDIR@ +GL_GGL_GNULIB_MDA_STRDUP = @GL_GGL_GNULIB_MDA_STRDUP@ +GL_GGL_GNULIB_MDA_SWAB = @GL_GGL_GNULIB_MDA_SWAB@ +GL_GGL_GNULIB_MDA_TEMPNAM = @GL_GGL_GNULIB_MDA_TEMPNAM@ +GL_GGL_GNULIB_MDA_TZSET = @GL_GGL_GNULIB_MDA_TZSET@ +GL_GGL_GNULIB_MDA_UMASK = @GL_GGL_GNULIB_MDA_UMASK@ +GL_GGL_GNULIB_MDA_UNLINK = @GL_GGL_GNULIB_MDA_UNLINK@ +GL_GGL_GNULIB_MDA_WCSDUP = @GL_GGL_GNULIB_MDA_WCSDUP@ +GL_GGL_GNULIB_MDA_WRITE = @GL_GGL_GNULIB_MDA_WRITE@ +GL_GGL_GNULIB_MEMCHR = @GL_GGL_GNULIB_MEMCHR@ +GL_GGL_GNULIB_MEMMEM = @GL_GGL_GNULIB_MEMMEM@ +GL_GGL_GNULIB_MEMPCPY = @GL_GGL_GNULIB_MEMPCPY@ +GL_GGL_GNULIB_MEMRCHR = @GL_GGL_GNULIB_MEMRCHR@ +GL_GGL_GNULIB_MKDIR = @GL_GGL_GNULIB_MKDIR@ +GL_GGL_GNULIB_MKDIRAT = @GL_GGL_GNULIB_MKDIRAT@ +GL_GGL_GNULIB_MKDTEMP = @GL_GGL_GNULIB_MKDTEMP@ +GL_GGL_GNULIB_MKFIFO = @GL_GGL_GNULIB_MKFIFO@ +GL_GGL_GNULIB_MKFIFOAT = @GL_GGL_GNULIB_MKFIFOAT@ +GL_GGL_GNULIB_MKNOD = @GL_GGL_GNULIB_MKNOD@ +GL_GGL_GNULIB_MKNODAT = @GL_GGL_GNULIB_MKNODAT@ +GL_GGL_GNULIB_MKOSTEMP = @GL_GGL_GNULIB_MKOSTEMP@ +GL_GGL_GNULIB_MKOSTEMPS = @GL_GGL_GNULIB_MKOSTEMPS@ +GL_GGL_GNULIB_MKSTEMP = @GL_GGL_GNULIB_MKSTEMP@ +GL_GGL_GNULIB_MKSTEMPS = @GL_GGL_GNULIB_MKSTEMPS@ +GL_GGL_GNULIB_MKTIME = @GL_GGL_GNULIB_MKTIME@ +GL_GGL_GNULIB_NANOSLEEP = @GL_GGL_GNULIB_NANOSLEEP@ +GL_GGL_GNULIB_NL_LANGINFO = @GL_GGL_GNULIB_NL_LANGINFO@ +GL_GGL_GNULIB_NONBLOCKING = @GL_GGL_GNULIB_NONBLOCKING@ +GL_GGL_GNULIB_OBSTACK_PRINTF = @GL_GGL_GNULIB_OBSTACK_PRINTF@ +GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX@ +GL_GGL_GNULIB_OPEN = @GL_GGL_GNULIB_OPEN@ +GL_GGL_GNULIB_OPENAT = @GL_GGL_GNULIB_OPENAT@ +GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT@ +GL_GGL_GNULIB_PCLOSE = @GL_GGL_GNULIB_PCLOSE@ +GL_GGL_GNULIB_PERROR = @GL_GGL_GNULIB_PERROR@ +GL_GGL_GNULIB_PIPE = @GL_GGL_GNULIB_PIPE@ +GL_GGL_GNULIB_PIPE2 = @GL_GGL_GNULIB_PIPE2@ +GL_GGL_GNULIB_POPEN = @GL_GGL_GNULIB_POPEN@ +GL_GGL_GNULIB_POSIX_MEMALIGN = @GL_GGL_GNULIB_POSIX_MEMALIGN@ +GL_GGL_GNULIB_POSIX_OPENPT = @GL_GGL_GNULIB_POSIX_OPENPT@ +GL_GGL_GNULIB_PREAD = @GL_GGL_GNULIB_PREAD@ +GL_GGL_GNULIB_PRINTF = @GL_GGL_GNULIB_PRINTF@ +GL_GGL_GNULIB_PRINTF_POSIX = @GL_GGL_GNULIB_PRINTF_POSIX@ +GL_GGL_GNULIB_PSELECT = @GL_GGL_GNULIB_PSELECT@ +GL_GGL_GNULIB_PTHREAD_COND = @GL_GGL_GNULIB_PTHREAD_COND@ +GL_GGL_GNULIB_PTHREAD_MUTEX = @GL_GGL_GNULIB_PTHREAD_MUTEX@ +GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK = @GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK@ +GL_GGL_GNULIB_PTHREAD_ONCE = @GL_GGL_GNULIB_PTHREAD_ONCE@ +GL_GGL_GNULIB_PTHREAD_RWLOCK = @GL_GGL_GNULIB_PTHREAD_RWLOCK@ +GL_GGL_GNULIB_PTHREAD_SIGMASK = @GL_GGL_GNULIB_PTHREAD_SIGMASK@ +GL_GGL_GNULIB_PTHREAD_SPIN = @GL_GGL_GNULIB_PTHREAD_SPIN@ +GL_GGL_GNULIB_PTHREAD_THREAD = @GL_GGL_GNULIB_PTHREAD_THREAD@ +GL_GGL_GNULIB_PTHREAD_TSS = @GL_GGL_GNULIB_PTHREAD_TSS@ +GL_GGL_GNULIB_PTSNAME = @GL_GGL_GNULIB_PTSNAME@ +GL_GGL_GNULIB_PTSNAME_R = @GL_GGL_GNULIB_PTSNAME_R@ +GL_GGL_GNULIB_PUTC = @GL_GGL_GNULIB_PUTC@ +GL_GGL_GNULIB_PUTCHAR = @GL_GGL_GNULIB_PUTCHAR@ +GL_GGL_GNULIB_PUTENV = @GL_GGL_GNULIB_PUTENV@ +GL_GGL_GNULIB_PUTS = @GL_GGL_GNULIB_PUTS@ +GL_GGL_GNULIB_PWRITE = @GL_GGL_GNULIB_PWRITE@ +GL_GGL_GNULIB_QSORT_R = @GL_GGL_GNULIB_QSORT_R@ +GL_GGL_GNULIB_RAISE = @GL_GGL_GNULIB_RAISE@ +GL_GGL_GNULIB_RANDOM = @GL_GGL_GNULIB_RANDOM@ +GL_GGL_GNULIB_RANDOM_R = @GL_GGL_GNULIB_RANDOM_R@ +GL_GGL_GNULIB_RAWMEMCHR = @GL_GGL_GNULIB_RAWMEMCHR@ +GL_GGL_GNULIB_READ = @GL_GGL_GNULIB_READ@ +GL_GGL_GNULIB_READLINK = @GL_GGL_GNULIB_READLINK@ +GL_GGL_GNULIB_READLINKAT = @GL_GGL_GNULIB_READLINKAT@ +GL_GGL_GNULIB_REALLOCARRAY = @GL_GGL_GNULIB_REALLOCARRAY@ +GL_GGL_GNULIB_REALLOC_POSIX = @GL_GGL_GNULIB_REALLOC_POSIX@ +GL_GGL_GNULIB_REALPATH = @GL_GGL_GNULIB_REALPATH@ +GL_GGL_GNULIB_RECV = @GL_GGL_GNULIB_RECV@ +GL_GGL_GNULIB_RECVFROM = @GL_GGL_GNULIB_RECVFROM@ +GL_GGL_GNULIB_REMOVE = @GL_GGL_GNULIB_REMOVE@ +GL_GGL_GNULIB_RENAME = @GL_GGL_GNULIB_RENAME@ +GL_GGL_GNULIB_RENAMEAT = @GL_GGL_GNULIB_RENAMEAT@ +GL_GGL_GNULIB_RMDIR = @GL_GGL_GNULIB_RMDIR@ +GL_GGL_GNULIB_RPMATCH = @GL_GGL_GNULIB_RPMATCH@ +GL_GGL_GNULIB_SCANF = @GL_GGL_GNULIB_SCANF@ +GL_GGL_GNULIB_SCHED_YIELD = @GL_GGL_GNULIB_SCHED_YIELD@ +GL_GGL_GNULIB_SECURE_GETENV = @GL_GGL_GNULIB_SECURE_GETENV@ +GL_GGL_GNULIB_SELECT = @GL_GGL_GNULIB_SELECT@ +GL_GGL_GNULIB_SEND = @GL_GGL_GNULIB_SEND@ +GL_GGL_GNULIB_SENDTO = @GL_GGL_GNULIB_SENDTO@ +GL_GGL_GNULIB_SETENV = @GL_GGL_GNULIB_SETENV@ +GL_GGL_GNULIB_SETHOSTNAME = @GL_GGL_GNULIB_SETHOSTNAME@ +GL_GGL_GNULIB_SETLOCALE = @GL_GGL_GNULIB_SETLOCALE@ +GL_GGL_GNULIB_SETLOCALE_NULL = @GL_GGL_GNULIB_SETLOCALE_NULL@ +GL_GGL_GNULIB_SETSOCKOPT = @GL_GGL_GNULIB_SETSOCKOPT@ +GL_GGL_GNULIB_SHUTDOWN = @GL_GGL_GNULIB_SHUTDOWN@ +GL_GGL_GNULIB_SIGABBREV_NP = @GL_GGL_GNULIB_SIGABBREV_NP@ +GL_GGL_GNULIB_SIGACTION = @GL_GGL_GNULIB_SIGACTION@ +GL_GGL_GNULIB_SIGDESCR_NP = @GL_GGL_GNULIB_SIGDESCR_NP@ +GL_GGL_GNULIB_SIGNAL_H_SIGPIPE = @GL_GGL_GNULIB_SIGNAL_H_SIGPIPE@ +GL_GGL_GNULIB_SIGPROCMASK = @GL_GGL_GNULIB_SIGPROCMASK@ +GL_GGL_GNULIB_SLEEP = @GL_GGL_GNULIB_SLEEP@ +GL_GGL_GNULIB_SNPRINTF = @GL_GGL_GNULIB_SNPRINTF@ +GL_GGL_GNULIB_SOCKET = @GL_GGL_GNULIB_SOCKET@ +GL_GGL_GNULIB_SPRINTF_POSIX = @GL_GGL_GNULIB_SPRINTF_POSIX@ +GL_GGL_GNULIB_STAT = @GL_GGL_GNULIB_STAT@ +GL_GGL_GNULIB_STDIO_H_NONBLOCKING = @GL_GGL_GNULIB_STDIO_H_NONBLOCKING@ +GL_GGL_GNULIB_STDIO_H_SIGPIPE = @GL_GGL_GNULIB_STDIO_H_SIGPIPE@ +GL_GGL_GNULIB_STPCPY = @GL_GGL_GNULIB_STPCPY@ +GL_GGL_GNULIB_STPNCPY = @GL_GGL_GNULIB_STPNCPY@ +GL_GGL_GNULIB_STRCASESTR = @GL_GGL_GNULIB_STRCASESTR@ +GL_GGL_GNULIB_STRCHRNUL = @GL_GGL_GNULIB_STRCHRNUL@ +GL_GGL_GNULIB_STRDUP = @GL_GGL_GNULIB_STRDUP@ +GL_GGL_GNULIB_STRERROR = @GL_GGL_GNULIB_STRERROR@ +GL_GGL_GNULIB_STRERRORNAME_NP = @GL_GGL_GNULIB_STRERRORNAME_NP@ +GL_GGL_GNULIB_STRERROR_R = @GL_GGL_GNULIB_STRERROR_R@ +GL_GGL_GNULIB_STRFTIME = @GL_GGL_GNULIB_STRFTIME@ +GL_GGL_GNULIB_STRNCAT = @GL_GGL_GNULIB_STRNCAT@ +GL_GGL_GNULIB_STRNDUP = @GL_GGL_GNULIB_STRNDUP@ +GL_GGL_GNULIB_STRNLEN = @GL_GGL_GNULIB_STRNLEN@ +GL_GGL_GNULIB_STRPBRK = @GL_GGL_GNULIB_STRPBRK@ +GL_GGL_GNULIB_STRPTIME = @GL_GGL_GNULIB_STRPTIME@ +GL_GGL_GNULIB_STRSEP = @GL_GGL_GNULIB_STRSEP@ +GL_GGL_GNULIB_STRSIGNAL = @GL_GGL_GNULIB_STRSIGNAL@ +GL_GGL_GNULIB_STRSTR = @GL_GGL_GNULIB_STRSTR@ +GL_GGL_GNULIB_STRTOD = @GL_GGL_GNULIB_STRTOD@ +GL_GGL_GNULIB_STRTOIMAX = @GL_GGL_GNULIB_STRTOIMAX@ +GL_GGL_GNULIB_STRTOK_R = @GL_GGL_GNULIB_STRTOK_R@ +GL_GGL_GNULIB_STRTOL = @GL_GGL_GNULIB_STRTOL@ +GL_GGL_GNULIB_STRTOLD = @GL_GGL_GNULIB_STRTOLD@ +GL_GGL_GNULIB_STRTOLL = @GL_GGL_GNULIB_STRTOLL@ +GL_GGL_GNULIB_STRTOUL = @GL_GGL_GNULIB_STRTOUL@ +GL_GGL_GNULIB_STRTOULL = @GL_GGL_GNULIB_STRTOULL@ +GL_GGL_GNULIB_STRTOUMAX = @GL_GGL_GNULIB_STRTOUMAX@ +GL_GGL_GNULIB_STRVERSCMP = @GL_GGL_GNULIB_STRVERSCMP@ +GL_GGL_GNULIB_SYMLINK = @GL_GGL_GNULIB_SYMLINK@ +GL_GGL_GNULIB_SYMLINKAT = @GL_GGL_GNULIB_SYMLINKAT@ +GL_GGL_GNULIB_SYSTEM_POSIX = @GL_GGL_GNULIB_SYSTEM_POSIX@ +GL_GGL_GNULIB_TIMEGM = @GL_GGL_GNULIB_TIMEGM@ +GL_GGL_GNULIB_TIMESPEC_GET = @GL_GGL_GNULIB_TIMESPEC_GET@ +GL_GGL_GNULIB_TIME_R = @GL_GGL_GNULIB_TIME_R@ +GL_GGL_GNULIB_TIME_RZ = @GL_GGL_GNULIB_TIME_RZ@ +GL_GGL_GNULIB_TMPFILE = @GL_GGL_GNULIB_TMPFILE@ +GL_GGL_GNULIB_TRUNCATE = @GL_GGL_GNULIB_TRUNCATE@ +GL_GGL_GNULIB_TTYNAME_R = @GL_GGL_GNULIB_TTYNAME_R@ +GL_GGL_GNULIB_TZSET = @GL_GGL_GNULIB_TZSET@ +GL_GGL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GGL_GNULIB_UNISTD_H_NONBLOCKING@ +GL_GGL_GNULIB_UNISTD_H_SIGPIPE = @GL_GGL_GNULIB_UNISTD_H_SIGPIPE@ +GL_GGL_GNULIB_UNLINK = @GL_GGL_GNULIB_UNLINK@ +GL_GGL_GNULIB_UNLINKAT = @GL_GGL_GNULIB_UNLINKAT@ +GL_GGL_GNULIB_UNLOCKPT = @GL_GGL_GNULIB_UNLOCKPT@ +GL_GGL_GNULIB_UNSETENV = @GL_GGL_GNULIB_UNSETENV@ +GL_GGL_GNULIB_USLEEP = @GL_GGL_GNULIB_USLEEP@ +GL_GGL_GNULIB_UTIMENSAT = @GL_GGL_GNULIB_UTIMENSAT@ +GL_GGL_GNULIB_VASPRINTF = @GL_GGL_GNULIB_VASPRINTF@ +GL_GGL_GNULIB_VDPRINTF = @GL_GGL_GNULIB_VDPRINTF@ +GL_GGL_GNULIB_VFPRINTF = @GL_GGL_GNULIB_VFPRINTF@ +GL_GGL_GNULIB_VFPRINTF_POSIX = @GL_GGL_GNULIB_VFPRINTF_POSIX@ +GL_GGL_GNULIB_VFSCANF = @GL_GGL_GNULIB_VFSCANF@ +GL_GGL_GNULIB_VPRINTF = @GL_GGL_GNULIB_VPRINTF@ +GL_GGL_GNULIB_VPRINTF_POSIX = @GL_GGL_GNULIB_VPRINTF_POSIX@ +GL_GGL_GNULIB_VSCANF = @GL_GGL_GNULIB_VSCANF@ +GL_GGL_GNULIB_VSNPRINTF = @GL_GGL_GNULIB_VSNPRINTF@ +GL_GGL_GNULIB_VSPRINTF_POSIX = @GL_GGL_GNULIB_VSPRINTF_POSIX@ +GL_GGL_GNULIB_WCPCPY = @GL_GGL_GNULIB_WCPCPY@ +GL_GGL_GNULIB_WCPNCPY = @GL_GGL_GNULIB_WCPNCPY@ +GL_GGL_GNULIB_WCRTOMB = @GL_GGL_GNULIB_WCRTOMB@ +GL_GGL_GNULIB_WCSCASECMP = @GL_GGL_GNULIB_WCSCASECMP@ +GL_GGL_GNULIB_WCSCAT = @GL_GGL_GNULIB_WCSCAT@ +GL_GGL_GNULIB_WCSCHR = @GL_GGL_GNULIB_WCSCHR@ +GL_GGL_GNULIB_WCSCMP = @GL_GGL_GNULIB_WCSCMP@ +GL_GGL_GNULIB_WCSCOLL = @GL_GGL_GNULIB_WCSCOLL@ +GL_GGL_GNULIB_WCSCPY = @GL_GGL_GNULIB_WCSCPY@ +GL_GGL_GNULIB_WCSCSPN = @GL_GGL_GNULIB_WCSCSPN@ +GL_GGL_GNULIB_WCSDUP = @GL_GGL_GNULIB_WCSDUP@ +GL_GGL_GNULIB_WCSFTIME = @GL_GGL_GNULIB_WCSFTIME@ +GL_GGL_GNULIB_WCSLEN = @GL_GGL_GNULIB_WCSLEN@ +GL_GGL_GNULIB_WCSNCASECMP = @GL_GGL_GNULIB_WCSNCASECMP@ +GL_GGL_GNULIB_WCSNCAT = @GL_GGL_GNULIB_WCSNCAT@ +GL_GGL_GNULIB_WCSNCMP = @GL_GGL_GNULIB_WCSNCMP@ +GL_GGL_GNULIB_WCSNCPY = @GL_GGL_GNULIB_WCSNCPY@ +GL_GGL_GNULIB_WCSNLEN = @GL_GGL_GNULIB_WCSNLEN@ +GL_GGL_GNULIB_WCSNRTOMBS = @GL_GGL_GNULIB_WCSNRTOMBS@ +GL_GGL_GNULIB_WCSPBRK = @GL_GGL_GNULIB_WCSPBRK@ +GL_GGL_GNULIB_WCSRCHR = @GL_GGL_GNULIB_WCSRCHR@ +GL_GGL_GNULIB_WCSRTOMBS = @GL_GGL_GNULIB_WCSRTOMBS@ +GL_GGL_GNULIB_WCSSPN = @GL_GGL_GNULIB_WCSSPN@ +GL_GGL_GNULIB_WCSSTR = @GL_GGL_GNULIB_WCSSTR@ +GL_GGL_GNULIB_WCSTOK = @GL_GGL_GNULIB_WCSTOK@ +GL_GGL_GNULIB_WCSWIDTH = @GL_GGL_GNULIB_WCSWIDTH@ +GL_GGL_GNULIB_WCSXFRM = @GL_GGL_GNULIB_WCSXFRM@ +GL_GGL_GNULIB_WCTOB = @GL_GGL_GNULIB_WCTOB@ +GL_GGL_GNULIB_WCTOMB = @GL_GGL_GNULIB_WCTOMB@ +GL_GGL_GNULIB_WCWIDTH = @GL_GGL_GNULIB_WCWIDTH@ +GL_GGL_GNULIB_WMEMCHR = @GL_GGL_GNULIB_WMEMCHR@ +GL_GGL_GNULIB_WMEMCMP = @GL_GGL_GNULIB_WMEMCMP@ +GL_GGL_GNULIB_WMEMCPY = @GL_GGL_GNULIB_WMEMCPY@ +GL_GGL_GNULIB_WMEMMOVE = @GL_GGL_GNULIB_WMEMMOVE@ +GL_GGL_GNULIB_WMEMPCPY = @GL_GGL_GNULIB_WMEMPCPY@ +GL_GGL_GNULIB_WMEMSET = @GL_GGL_GNULIB_WMEMSET@ +GL_GGL_GNULIB_WRITE = @GL_GGL_GNULIB_WRITE@ +GL_GGL_GNULIB__EXIT = @GL_GGL_GNULIB__EXIT@ +GL_GNULIB_ACCEPT = @GL_GNULIB_ACCEPT@ +GL_GNULIB_ACCEPT4 = @GL_GNULIB_ACCEPT4@ +GL_GNULIB_ACCESS = @GL_GNULIB_ACCESS@ +GL_GNULIB_ALIGNED_ALLOC = @GL_GNULIB_ALIGNED_ALLOC@ +GL_GNULIB_ATOLL = @GL_GNULIB_ATOLL@ +GL_GNULIB_BIND = @GL_GNULIB_BIND@ +GL_GNULIB_BTOWC = @GL_GNULIB_BTOWC@ +GL_GNULIB_CALLOC_POSIX = @GL_GNULIB_CALLOC_POSIX@ +GL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GNULIB_CANONICALIZE_FILE_NAME@ +GL_GNULIB_CHDIR = @GL_GNULIB_CHDIR@ +GL_GNULIB_CHOWN = @GL_GNULIB_CHOWN@ +GL_GNULIB_CLOSE = @GL_GNULIB_CLOSE@ +GL_GNULIB_CONNECT = @GL_GNULIB_CONNECT@ +GL_GNULIB_COPY_FILE_RANGE = @GL_GNULIB_COPY_FILE_RANGE@ +GL_GNULIB_CREAT = @GL_GNULIB_CREAT@ +GL_GNULIB_CTIME = @GL_GNULIB_CTIME@ +GL_GNULIB_DPRINTF = @GL_GNULIB_DPRINTF@ +GL_GNULIB_DUP = @GL_GNULIB_DUP@ +GL_GNULIB_DUP2 = @GL_GNULIB_DUP2@ +GL_GNULIB_DUP3 = @GL_GNULIB_DUP3@ +GL_GNULIB_ENVIRON = @GL_GNULIB_ENVIRON@ +GL_GNULIB_EUIDACCESS = @GL_GNULIB_EUIDACCESS@ +GL_GNULIB_EXECL = @GL_GNULIB_EXECL@ +GL_GNULIB_EXECLE = @GL_GNULIB_EXECLE@ +GL_GNULIB_EXECLP = @GL_GNULIB_EXECLP@ +GL_GNULIB_EXECV = @GL_GNULIB_EXECV@ +GL_GNULIB_EXECVE = @GL_GNULIB_EXECVE@ +GL_GNULIB_EXECVP = @GL_GNULIB_EXECVP@ +GL_GNULIB_EXECVPE = @GL_GNULIB_EXECVPE@ +GL_GNULIB_EXPLICIT_BZERO = @GL_GNULIB_EXPLICIT_BZERO@ +GL_GNULIB_FACCESSAT = @GL_GNULIB_FACCESSAT@ +GL_GNULIB_FCHDIR = @GL_GNULIB_FCHDIR@ +GL_GNULIB_FCHMODAT = @GL_GNULIB_FCHMODAT@ +GL_GNULIB_FCHOWNAT = @GL_GNULIB_FCHOWNAT@ +GL_GNULIB_FCLOSE = @GL_GNULIB_FCLOSE@ +GL_GNULIB_FCNTL = @GL_GNULIB_FCNTL@ +GL_GNULIB_FDATASYNC = @GL_GNULIB_FDATASYNC@ +GL_GNULIB_FDOPEN = @GL_GNULIB_FDOPEN@ +GL_GNULIB_FFLUSH = @GL_GNULIB_FFLUSH@ +GL_GNULIB_FFS = @GL_GNULIB_FFS@ +GL_GNULIB_FFSL = @GL_GNULIB_FFSL@ +GL_GNULIB_FFSLL = @GL_GNULIB_FFSLL@ +GL_GNULIB_FGETC = @GL_GNULIB_FGETC@ +GL_GNULIB_FGETS = @GL_GNULIB_FGETS@ +GL_GNULIB_FOPEN = @GL_GNULIB_FOPEN@ +GL_GNULIB_FPRINTF = @GL_GNULIB_FPRINTF@ +GL_GNULIB_FPRINTF_POSIX = @GL_GNULIB_FPRINTF_POSIX@ +GL_GNULIB_FPURGE = @GL_GNULIB_FPURGE@ +GL_GNULIB_FPUTC = @GL_GNULIB_FPUTC@ +GL_GNULIB_FPUTS = @GL_GNULIB_FPUTS@ +GL_GNULIB_FREAD = @GL_GNULIB_FREAD@ +GL_GNULIB_FREE_POSIX = @GL_GNULIB_FREE_POSIX@ +GL_GNULIB_FREOPEN = @GL_GNULIB_FREOPEN@ +GL_GNULIB_FSCANF = @GL_GNULIB_FSCANF@ +GL_GNULIB_FSEEK = @GL_GNULIB_FSEEK@ +GL_GNULIB_FSEEKO = @GL_GNULIB_FSEEKO@ +GL_GNULIB_FSTAT = @GL_GNULIB_FSTAT@ +GL_GNULIB_FSTATAT = @GL_GNULIB_FSTATAT@ +GL_GNULIB_FSYNC = @GL_GNULIB_FSYNC@ +GL_GNULIB_FTELL = @GL_GNULIB_FTELL@ +GL_GNULIB_FTELLO = @GL_GNULIB_FTELLO@ +GL_GNULIB_FTRUNCATE = @GL_GNULIB_FTRUNCATE@ +GL_GNULIB_FUTIMENS = @GL_GNULIB_FUTIMENS@ +GL_GNULIB_FWRITE = @GL_GNULIB_FWRITE@ +GL_GNULIB_GETADDRINFO = @GL_GNULIB_GETADDRINFO@ +GL_GNULIB_GETC = @GL_GNULIB_GETC@ +GL_GNULIB_GETCHAR = @GL_GNULIB_GETCHAR@ +GL_GNULIB_GETCWD = @GL_GNULIB_GETCWD@ +GL_GNULIB_GETDELIM = @GL_GNULIB_GETDELIM@ +GL_GNULIB_GETDOMAINNAME = @GL_GNULIB_GETDOMAINNAME@ +GL_GNULIB_GETDTABLESIZE = @GL_GNULIB_GETDTABLESIZE@ +GL_GNULIB_GETENTROPY = @GL_GNULIB_GETENTROPY@ +GL_GNULIB_GETGROUPS = @GL_GNULIB_GETGROUPS@ +GL_GNULIB_GETHOSTNAME = @GL_GNULIB_GETHOSTNAME@ +GL_GNULIB_GETLINE = @GL_GNULIB_GETLINE@ +GL_GNULIB_GETLOADAVG = @GL_GNULIB_GETLOADAVG@ +GL_GNULIB_GETLOGIN = @GL_GNULIB_GETLOGIN@ +GL_GNULIB_GETLOGIN_R = @GL_GNULIB_GETLOGIN_R@ +GL_GNULIB_GETOPT_POSIX = @GL_GNULIB_GETOPT_POSIX@ +GL_GNULIB_GETPAGESIZE = @GL_GNULIB_GETPAGESIZE@ +GL_GNULIB_GETPASS = @GL_GNULIB_GETPASS@ +GL_GNULIB_GETPEERNAME = @GL_GNULIB_GETPEERNAME@ +GL_GNULIB_GETSOCKNAME = @GL_GNULIB_GETSOCKNAME@ +GL_GNULIB_GETSOCKOPT = @GL_GNULIB_GETSOCKOPT@ +GL_GNULIB_GETSUBOPT = @GL_GNULIB_GETSUBOPT@ +GL_GNULIB_GETTIMEOFDAY = @GL_GNULIB_GETTIMEOFDAY@ +GL_GNULIB_GETUMASK = @GL_GNULIB_GETUMASK@ +GL_GNULIB_GETUSERSHELL = @GL_GNULIB_GETUSERSHELL@ +GL_GNULIB_GRANTPT = @GL_GNULIB_GRANTPT@ +GL_GNULIB_GROUP_MEMBER = @GL_GNULIB_GROUP_MEMBER@ +GL_GNULIB_IMAXABS = @GL_GNULIB_IMAXABS@ +GL_GNULIB_IMAXDIV = @GL_GNULIB_IMAXDIV@ +GL_GNULIB_INET_NTOP = @GL_GNULIB_INET_NTOP@ +GL_GNULIB_INET_PTON = @GL_GNULIB_INET_PTON@ +GL_GNULIB_ISATTY = @GL_GNULIB_ISATTY@ +GL_GNULIB_LCHMOD = @GL_GNULIB_LCHMOD@ +GL_GNULIB_LCHOWN = @GL_GNULIB_LCHOWN@ +GL_GNULIB_LINK = @GL_GNULIB_LINK@ +GL_GNULIB_LINKAT = @GL_GNULIB_LINKAT@ +GL_GNULIB_LISTEN = @GL_GNULIB_LISTEN@ +GL_GNULIB_LOCALTIME = @GL_GNULIB_LOCALTIME@ +GL_GNULIB_LSEEK = @GL_GNULIB_LSEEK@ +GL_GNULIB_LSTAT = @GL_GNULIB_LSTAT@ +GL_GNULIB_MALLOC_POSIX = @GL_GNULIB_MALLOC_POSIX@ +GL_GNULIB_MBRLEN = @GL_GNULIB_MBRLEN@ +GL_GNULIB_MBRTOWC = @GL_GNULIB_MBRTOWC@ +GL_GNULIB_MBSCASECMP = @GL_GNULIB_MBSCASECMP@ +GL_GNULIB_MBSCASESTR = @GL_GNULIB_MBSCASESTR@ +GL_GNULIB_MBSCHR = @GL_GNULIB_MBSCHR@ +GL_GNULIB_MBSCSPN = @GL_GNULIB_MBSCSPN@ +GL_GNULIB_MBSINIT = @GL_GNULIB_MBSINIT@ +GL_GNULIB_MBSLEN = @GL_GNULIB_MBSLEN@ +GL_GNULIB_MBSNCASECMP = @GL_GNULIB_MBSNCASECMP@ +GL_GNULIB_MBSNLEN = @GL_GNULIB_MBSNLEN@ +GL_GNULIB_MBSNRTOWCS = @GL_GNULIB_MBSNRTOWCS@ +GL_GNULIB_MBSPBRK = @GL_GNULIB_MBSPBRK@ +GL_GNULIB_MBSPCASECMP = @GL_GNULIB_MBSPCASECMP@ +GL_GNULIB_MBSRCHR = @GL_GNULIB_MBSRCHR@ +GL_GNULIB_MBSRTOWCS = @GL_GNULIB_MBSRTOWCS@ +GL_GNULIB_MBSSEP = @GL_GNULIB_MBSSEP@ +GL_GNULIB_MBSSPN = @GL_GNULIB_MBSSPN@ +GL_GNULIB_MBSSTR = @GL_GNULIB_MBSSTR@ +GL_GNULIB_MBSTOK_R = @GL_GNULIB_MBSTOK_R@ +GL_GNULIB_MBTOWC = @GL_GNULIB_MBTOWC@ +GL_GNULIB_MDA_ACCESS = @GL_GNULIB_MDA_ACCESS@ +GL_GNULIB_MDA_CHDIR = @GL_GNULIB_MDA_CHDIR@ +GL_GNULIB_MDA_CHMOD = @GL_GNULIB_MDA_CHMOD@ +GL_GNULIB_MDA_CLOSE = @GL_GNULIB_MDA_CLOSE@ +GL_GNULIB_MDA_CREAT = @GL_GNULIB_MDA_CREAT@ +GL_GNULIB_MDA_DUP = @GL_GNULIB_MDA_DUP@ +GL_GNULIB_MDA_DUP2 = @GL_GNULIB_MDA_DUP2@ +GL_GNULIB_MDA_ECVT = @GL_GNULIB_MDA_ECVT@ +GL_GNULIB_MDA_EXECL = @GL_GNULIB_MDA_EXECL@ +GL_GNULIB_MDA_EXECLE = @GL_GNULIB_MDA_EXECLE@ +GL_GNULIB_MDA_EXECLP = @GL_GNULIB_MDA_EXECLP@ +GL_GNULIB_MDA_EXECV = @GL_GNULIB_MDA_EXECV@ +GL_GNULIB_MDA_EXECVE = @GL_GNULIB_MDA_EXECVE@ +GL_GNULIB_MDA_EXECVP = @GL_GNULIB_MDA_EXECVP@ +GL_GNULIB_MDA_EXECVPE = @GL_GNULIB_MDA_EXECVPE@ +GL_GNULIB_MDA_FCLOSEALL = @GL_GNULIB_MDA_FCLOSEALL@ +GL_GNULIB_MDA_FCVT = @GL_GNULIB_MDA_FCVT@ +GL_GNULIB_MDA_FDOPEN = @GL_GNULIB_MDA_FDOPEN@ +GL_GNULIB_MDA_FILENO = @GL_GNULIB_MDA_FILENO@ +GL_GNULIB_MDA_GCVT = @GL_GNULIB_MDA_GCVT@ +GL_GNULIB_MDA_GETCWD = @GL_GNULIB_MDA_GETCWD@ +GL_GNULIB_MDA_GETPID = @GL_GNULIB_MDA_GETPID@ +GL_GNULIB_MDA_GETW = @GL_GNULIB_MDA_GETW@ +GL_GNULIB_MDA_ISATTY = @GL_GNULIB_MDA_ISATTY@ +GL_GNULIB_MDA_LSEEK = @GL_GNULIB_MDA_LSEEK@ +GL_GNULIB_MDA_MEMCCPY = @GL_GNULIB_MDA_MEMCCPY@ +GL_GNULIB_MDA_MKDIR = @GL_GNULIB_MDA_MKDIR@ +GL_GNULIB_MDA_MKTEMP = @GL_GNULIB_MDA_MKTEMP@ +GL_GNULIB_MDA_OPEN = @GL_GNULIB_MDA_OPEN@ +GL_GNULIB_MDA_PUTENV = @GL_GNULIB_MDA_PUTENV@ +GL_GNULIB_MDA_PUTW = @GL_GNULIB_MDA_PUTW@ +GL_GNULIB_MDA_READ = @GL_GNULIB_MDA_READ@ +GL_GNULIB_MDA_RMDIR = @GL_GNULIB_MDA_RMDIR@ +GL_GNULIB_MDA_STRDUP = @GL_GNULIB_MDA_STRDUP@ +GL_GNULIB_MDA_SWAB = @GL_GNULIB_MDA_SWAB@ +GL_GNULIB_MDA_TEMPNAM = @GL_GNULIB_MDA_TEMPNAM@ +GL_GNULIB_MDA_TZSET = @GL_GNULIB_MDA_TZSET@ +GL_GNULIB_MDA_UMASK = @GL_GNULIB_MDA_UMASK@ +GL_GNULIB_MDA_UNLINK = @GL_GNULIB_MDA_UNLINK@ +GL_GNULIB_MDA_WCSDUP = @GL_GNULIB_MDA_WCSDUP@ +GL_GNULIB_MDA_WRITE = @GL_GNULIB_MDA_WRITE@ +GL_GNULIB_MEMCHR = @GL_GNULIB_MEMCHR@ +GL_GNULIB_MEMMEM = @GL_GNULIB_MEMMEM@ +GL_GNULIB_MEMPCPY = @GL_GNULIB_MEMPCPY@ +GL_GNULIB_MEMRCHR = @GL_GNULIB_MEMRCHR@ +GL_GNULIB_MKDIR = @GL_GNULIB_MKDIR@ +GL_GNULIB_MKDIRAT = @GL_GNULIB_MKDIRAT@ +GL_GNULIB_MKDTEMP = @GL_GNULIB_MKDTEMP@ +GL_GNULIB_MKFIFO = @GL_GNULIB_MKFIFO@ +GL_GNULIB_MKFIFOAT = @GL_GNULIB_MKFIFOAT@ +GL_GNULIB_MKNOD = @GL_GNULIB_MKNOD@ +GL_GNULIB_MKNODAT = @GL_GNULIB_MKNODAT@ +GL_GNULIB_MKOSTEMP = @GL_GNULIB_MKOSTEMP@ +GL_GNULIB_MKOSTEMPS = @GL_GNULIB_MKOSTEMPS@ +GL_GNULIB_MKSTEMP = @GL_GNULIB_MKSTEMP@ +GL_GNULIB_MKSTEMPS = @GL_GNULIB_MKSTEMPS@ +GL_GNULIB_MKTIME = @GL_GNULIB_MKTIME@ +GL_GNULIB_NANOSLEEP = @GL_GNULIB_NANOSLEEP@ +GL_GNULIB_NONBLOCKING = @GL_GNULIB_NONBLOCKING@ +GL_GNULIB_OBSTACK_PRINTF = @GL_GNULIB_OBSTACK_PRINTF@ +GL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GNULIB_OBSTACK_PRINTF_POSIX@ +GL_GNULIB_OPEN = @GL_GNULIB_OPEN@ +GL_GNULIB_OPENAT = @GL_GNULIB_OPENAT@ +GL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GNULIB_OVERRIDES_STRUCT_STAT@ +GL_GNULIB_PCLOSE = @GL_GNULIB_PCLOSE@ +GL_GNULIB_PERROR = @GL_GNULIB_PERROR@ +GL_GNULIB_PIPE = @GL_GNULIB_PIPE@ +GL_GNULIB_PIPE2 = @GL_GNULIB_PIPE2@ +GL_GNULIB_POPEN = @GL_GNULIB_POPEN@ +GL_GNULIB_POSIX_MEMALIGN = @GL_GNULIB_POSIX_MEMALIGN@ +GL_GNULIB_POSIX_OPENPT = @GL_GNULIB_POSIX_OPENPT@ +GL_GNULIB_PREAD = @GL_GNULIB_PREAD@ +GL_GNULIB_PRINTF = @GL_GNULIB_PRINTF@ +GL_GNULIB_PRINTF_POSIX = @GL_GNULIB_PRINTF_POSIX@ +GL_GNULIB_PTSNAME = @GL_GNULIB_PTSNAME@ +GL_GNULIB_PTSNAME_R = @GL_GNULIB_PTSNAME_R@ +GL_GNULIB_PUTC = @GL_GNULIB_PUTC@ +GL_GNULIB_PUTCHAR = @GL_GNULIB_PUTCHAR@ +GL_GNULIB_PUTENV = @GL_GNULIB_PUTENV@ +GL_GNULIB_PUTS = @GL_GNULIB_PUTS@ +GL_GNULIB_PWRITE = @GL_GNULIB_PWRITE@ +GL_GNULIB_QSORT_R = @GL_GNULIB_QSORT_R@ +GL_GNULIB_RANDOM = @GL_GNULIB_RANDOM@ +GL_GNULIB_RANDOM_R = @GL_GNULIB_RANDOM_R@ +GL_GNULIB_RAWMEMCHR = @GL_GNULIB_RAWMEMCHR@ +GL_GNULIB_READ = @GL_GNULIB_READ@ +GL_GNULIB_READLINK = @GL_GNULIB_READLINK@ +GL_GNULIB_READLINKAT = @GL_GNULIB_READLINKAT@ +GL_GNULIB_REALLOCARRAY = @GL_GNULIB_REALLOCARRAY@ +GL_GNULIB_REALLOC_POSIX = @GL_GNULIB_REALLOC_POSIX@ +GL_GNULIB_REALPATH = @GL_GNULIB_REALPATH@ +GL_GNULIB_RECV = @GL_GNULIB_RECV@ +GL_GNULIB_RECVFROM = @GL_GNULIB_RECVFROM@ +GL_GNULIB_REMOVE = @GL_GNULIB_REMOVE@ +GL_GNULIB_RENAME = @GL_GNULIB_RENAME@ +GL_GNULIB_RENAMEAT = @GL_GNULIB_RENAMEAT@ +GL_GNULIB_RMDIR = @GL_GNULIB_RMDIR@ +GL_GNULIB_RPMATCH = @GL_GNULIB_RPMATCH@ +GL_GNULIB_SCANF = @GL_GNULIB_SCANF@ +GL_GNULIB_SECURE_GETENV = @GL_GNULIB_SECURE_GETENV@ +GL_GNULIB_SEND = @GL_GNULIB_SEND@ +GL_GNULIB_SENDTO = @GL_GNULIB_SENDTO@ +GL_GNULIB_SETENV = @GL_GNULIB_SETENV@ +GL_GNULIB_SETHOSTNAME = @GL_GNULIB_SETHOSTNAME@ +GL_GNULIB_SETSOCKOPT = @GL_GNULIB_SETSOCKOPT@ +GL_GNULIB_SHUTDOWN = @GL_GNULIB_SHUTDOWN@ +GL_GNULIB_SIGABBREV_NP = @GL_GNULIB_SIGABBREV_NP@ +GL_GNULIB_SIGDESCR_NP = @GL_GNULIB_SIGDESCR_NP@ +GL_GNULIB_SLEEP = @GL_GNULIB_SLEEP@ +GL_GNULIB_SNPRINTF = @GL_GNULIB_SNPRINTF@ +GL_GNULIB_SOCKET = @GL_GNULIB_SOCKET@ +GL_GNULIB_SPRINTF_POSIX = @GL_GNULIB_SPRINTF_POSIX@ +GL_GNULIB_STAT = @GL_GNULIB_STAT@ +GL_GNULIB_STDIO_H_NONBLOCKING = @GL_GNULIB_STDIO_H_NONBLOCKING@ +GL_GNULIB_STDIO_H_SIGPIPE = @GL_GNULIB_STDIO_H_SIGPIPE@ +GL_GNULIB_STPCPY = @GL_GNULIB_STPCPY@ +GL_GNULIB_STPNCPY = @GL_GNULIB_STPNCPY@ +GL_GNULIB_STRCASESTR = @GL_GNULIB_STRCASESTR@ +GL_GNULIB_STRCHRNUL = @GL_GNULIB_STRCHRNUL@ +GL_GNULIB_STRDUP = @GL_GNULIB_STRDUP@ +GL_GNULIB_STRERROR = @GL_GNULIB_STRERROR@ +GL_GNULIB_STRERRORNAME_NP = @GL_GNULIB_STRERRORNAME_NP@ +GL_GNULIB_STRERROR_R = @GL_GNULIB_STRERROR_R@ +GL_GNULIB_STRFTIME = @GL_GNULIB_STRFTIME@ +GL_GNULIB_STRNCAT = @GL_GNULIB_STRNCAT@ +GL_GNULIB_STRNDUP = @GL_GNULIB_STRNDUP@ +GL_GNULIB_STRNLEN = @GL_GNULIB_STRNLEN@ +GL_GNULIB_STRPBRK = @GL_GNULIB_STRPBRK@ +GL_GNULIB_STRPTIME = @GL_GNULIB_STRPTIME@ +GL_GNULIB_STRSEP = @GL_GNULIB_STRSEP@ +GL_GNULIB_STRSIGNAL = @GL_GNULIB_STRSIGNAL@ +GL_GNULIB_STRSTR = @GL_GNULIB_STRSTR@ +GL_GNULIB_STRTOD = @GL_GNULIB_STRTOD@ +GL_GNULIB_STRTOIMAX = @GL_GNULIB_STRTOIMAX@ +GL_GNULIB_STRTOK_R = @GL_GNULIB_STRTOK_R@ +GL_GNULIB_STRTOL = @GL_GNULIB_STRTOL@ +GL_GNULIB_STRTOLD = @GL_GNULIB_STRTOLD@ +GL_GNULIB_STRTOLL = @GL_GNULIB_STRTOLL@ +GL_GNULIB_STRTOUL = @GL_GNULIB_STRTOUL@ +GL_GNULIB_STRTOULL = @GL_GNULIB_STRTOULL@ +GL_GNULIB_STRTOUMAX = @GL_GNULIB_STRTOUMAX@ +GL_GNULIB_STRVERSCMP = @GL_GNULIB_STRVERSCMP@ +GL_GNULIB_SYMLINK = @GL_GNULIB_SYMLINK@ +GL_GNULIB_SYMLINKAT = @GL_GNULIB_SYMLINKAT@ +GL_GNULIB_SYSTEM_POSIX = @GL_GNULIB_SYSTEM_POSIX@ +GL_GNULIB_TIMEGM = @GL_GNULIB_TIMEGM@ +GL_GNULIB_TIMESPEC_GET = @GL_GNULIB_TIMESPEC_GET@ +GL_GNULIB_TIME_R = @GL_GNULIB_TIME_R@ +GL_GNULIB_TIME_RZ = @GL_GNULIB_TIME_RZ@ +GL_GNULIB_TMPFILE = @GL_GNULIB_TMPFILE@ +GL_GNULIB_TRUNCATE = @GL_GNULIB_TRUNCATE@ +GL_GNULIB_TTYNAME_R = @GL_GNULIB_TTYNAME_R@ +GL_GNULIB_TZSET = @GL_GNULIB_TZSET@ +GL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GNULIB_UNISTD_H_NONBLOCKING@ +GL_GNULIB_UNISTD_H_SIGPIPE = @GL_GNULIB_UNISTD_H_SIGPIPE@ +GL_GNULIB_UNLINK = @GL_GNULIB_UNLINK@ +GL_GNULIB_UNLINKAT = @GL_GNULIB_UNLINKAT@ +GL_GNULIB_UNLOCKPT = @GL_GNULIB_UNLOCKPT@ +GL_GNULIB_UNSETENV = @GL_GNULIB_UNSETENV@ +GL_GNULIB_USLEEP = @GL_GNULIB_USLEEP@ +GL_GNULIB_UTIMENSAT = @GL_GNULIB_UTIMENSAT@ +GL_GNULIB_VASPRINTF = @GL_GNULIB_VASPRINTF@ +GL_GNULIB_VDPRINTF = @GL_GNULIB_VDPRINTF@ +GL_GNULIB_VFPRINTF = @GL_GNULIB_VFPRINTF@ +GL_GNULIB_VFPRINTF_POSIX = @GL_GNULIB_VFPRINTF_POSIX@ +GL_GNULIB_VFSCANF = @GL_GNULIB_VFSCANF@ +GL_GNULIB_VPRINTF = @GL_GNULIB_VPRINTF@ +GL_GNULIB_VPRINTF_POSIX = @GL_GNULIB_VPRINTF_POSIX@ +GL_GNULIB_VSCANF = @GL_GNULIB_VSCANF@ +GL_GNULIB_VSNPRINTF = @GL_GNULIB_VSNPRINTF@ +GL_GNULIB_VSPRINTF_POSIX = @GL_GNULIB_VSPRINTF_POSIX@ +GL_GNULIB_WCPCPY = @GL_GNULIB_WCPCPY@ +GL_GNULIB_WCPNCPY = @GL_GNULIB_WCPNCPY@ +GL_GNULIB_WCRTOMB = @GL_GNULIB_WCRTOMB@ +GL_GNULIB_WCSCASECMP = @GL_GNULIB_WCSCASECMP@ +GL_GNULIB_WCSCAT = @GL_GNULIB_WCSCAT@ +GL_GNULIB_WCSCHR = @GL_GNULIB_WCSCHR@ +GL_GNULIB_WCSCMP = @GL_GNULIB_WCSCMP@ +GL_GNULIB_WCSCOLL = @GL_GNULIB_WCSCOLL@ +GL_GNULIB_WCSCPY = @GL_GNULIB_WCSCPY@ +GL_GNULIB_WCSCSPN = @GL_GNULIB_WCSCSPN@ +GL_GNULIB_WCSDUP = @GL_GNULIB_WCSDUP@ +GL_GNULIB_WCSFTIME = @GL_GNULIB_WCSFTIME@ +GL_GNULIB_WCSLEN = @GL_GNULIB_WCSLEN@ +GL_GNULIB_WCSNCASECMP = @GL_GNULIB_WCSNCASECMP@ +GL_GNULIB_WCSNCAT = @GL_GNULIB_WCSNCAT@ +GL_GNULIB_WCSNCMP = @GL_GNULIB_WCSNCMP@ +GL_GNULIB_WCSNCPY = @GL_GNULIB_WCSNCPY@ +GL_GNULIB_WCSNLEN = @GL_GNULIB_WCSNLEN@ +GL_GNULIB_WCSNRTOMBS = @GL_GNULIB_WCSNRTOMBS@ +GL_GNULIB_WCSPBRK = @GL_GNULIB_WCSPBRK@ +GL_GNULIB_WCSRCHR = @GL_GNULIB_WCSRCHR@ +GL_GNULIB_WCSRTOMBS = @GL_GNULIB_WCSRTOMBS@ +GL_GNULIB_WCSSPN = @GL_GNULIB_WCSSPN@ +GL_GNULIB_WCSSTR = @GL_GNULIB_WCSSTR@ +GL_GNULIB_WCSTOK = @GL_GNULIB_WCSTOK@ +GL_GNULIB_WCSWIDTH = @GL_GNULIB_WCSWIDTH@ +GL_GNULIB_WCSXFRM = @GL_GNULIB_WCSXFRM@ +GL_GNULIB_WCTOB = @GL_GNULIB_WCTOB@ +GL_GNULIB_WCTOMB = @GL_GNULIB_WCTOMB@ +GL_GNULIB_WCWIDTH = @GL_GNULIB_WCWIDTH@ +GL_GNULIB_WMEMCHR = @GL_GNULIB_WMEMCHR@ +GL_GNULIB_WMEMCMP = @GL_GNULIB_WMEMCMP@ +GL_GNULIB_WMEMCPY = @GL_GNULIB_WMEMCPY@ +GL_GNULIB_WMEMMOVE = @GL_GNULIB_WMEMMOVE@ +GL_GNULIB_WMEMPCPY = @GL_GNULIB_WMEMPCPY@ +GL_GNULIB_WMEMSET = @GL_GNULIB_WMEMSET@ +GL_GNULIB_WRITE = @GL_GNULIB_WRITE@ +GL_GNULIB__EXIT = @GL_GNULIB__EXIT@ +GMP_CFLAGS = @GMP_CFLAGS@ +GMP_LIBS = @GMP_LIBS@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNULIBHEADERS_OVERRIDE_WINT_T = @GNULIBHEADERS_OVERRIDE_WINT_T@ +GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@ +GNUTLS_LIBS_PRIVATE = @GNUTLS_LIBS_PRIVATE@ +GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@ +GPERF = @GPERF@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GUILD = @GUILD@ +GUILE = @GUILE@ +GUILE_CFLAGS = @GUILE_CFLAGS@ +GUILE_CONFIG = @GUILE_CONFIG@ +GUILE_EFFECTIVE_VERSION = @GUILE_EFFECTIVE_VERSION@ +GUILE_EXTENSION = @GUILE_EXTENSION@ +GUILE_LDFLAGS = @GUILE_LDFLAGS@ +GUILE_LIBS = @GUILE_LIBS@ +GUILE_LTLIBS = @GUILE_LTLIBS@ +GUILE_SITE = @GUILE_SITE@ +GUILE_SITE_CCACHE = @GUILE_SITE_CCACHE@ +GUILE_TOOLS = @GUILE_TOOLS@ +HAVE_ACCEPT4 = @HAVE_ACCEPT4@ +HAVE_ALIGNED_ALLOC = @HAVE_ALIGNED_ALLOC@ +HAVE_ALLOCA_H = @HAVE_ALLOCA_H@ +HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@ +HAVE_ATOLL = @HAVE_ATOLL@ +HAVE_BTOWC = @HAVE_BTOWC@ +HAVE_C99_STDINT_H = @HAVE_C99_STDINT_H@ +HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@ +HAVE_CHOWN = @HAVE_CHOWN@ +HAVE_COPY_FILE_RANGE = @HAVE_COPY_FILE_RANGE@ +HAVE_CRTDEFS_H = @HAVE_CRTDEFS_H@ +HAVE_DECL_ECVT = @HAVE_DECL_ECVT@ +HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@ +HAVE_DECL_EXECVPE = @HAVE_DECL_EXECVPE@ +HAVE_DECL_FCHDIR = @HAVE_DECL_FCHDIR@ +HAVE_DECL_FCLOSEALL = @HAVE_DECL_FCLOSEALL@ +HAVE_DECL_FCVT = @HAVE_DECL_FCVT@ +HAVE_DECL_FDATASYNC = @HAVE_DECL_FDATASYNC@ +HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@ +HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@ +HAVE_DECL_FSEEKO = @HAVE_DECL_FSEEKO@ +HAVE_DECL_FTELLO = @HAVE_DECL_FTELLO@ +HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@ +HAVE_DECL_GCVT = @HAVE_DECL_GCVT@ +HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@ +HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@ +HAVE_DECL_GETDOMAINNAME = @HAVE_DECL_GETDOMAINNAME@ +HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@ +HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@ +HAVE_DECL_GETLOGIN = @HAVE_DECL_GETLOGIN@ +HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@ +HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@ +HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@ +HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@ +HAVE_DECL_IMAXABS = @HAVE_DECL_IMAXABS@ +HAVE_DECL_IMAXDIV = @HAVE_DECL_IMAXDIV@ +HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@ +HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@ +HAVE_DECL_INITSTATE = @HAVE_DECL_INITSTATE@ +HAVE_DECL_LOCALTIME_R = @HAVE_DECL_LOCALTIME_R@ +HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@ +HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@ +HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@ +HAVE_DECL_SETENV = @HAVE_DECL_SETENV@ +HAVE_DECL_SETHOSTNAME = @HAVE_DECL_SETHOSTNAME@ +HAVE_DECL_SETSTATE = @HAVE_DECL_SETSTATE@ +HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@ +HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@ +HAVE_DECL_STRERROR_R = @HAVE_DECL_STRERROR_R@ +HAVE_DECL_STRNCASECMP = @HAVE_DECL_STRNCASECMP@ +HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@ +HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@ +HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@ +HAVE_DECL_STRTOIMAX = @HAVE_DECL_STRTOIMAX@ +HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@ +HAVE_DECL_STRTOUMAX = @HAVE_DECL_STRTOUMAX@ +HAVE_DECL_TRUNCATE = @HAVE_DECL_TRUNCATE@ +HAVE_DECL_TTYNAME_R = @HAVE_DECL_TTYNAME_R@ +HAVE_DECL_UNSETENV = @HAVE_DECL_UNSETENV@ +HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@ +HAVE_DECL_WCSDUP = @HAVE_DECL_WCSDUP@ +HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@ +HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@ +HAVE_DPRINTF = @HAVE_DPRINTF@ +HAVE_DUP3 = @HAVE_DUP3@ +HAVE_DUPLOCALE = @HAVE_DUPLOCALE@ +HAVE_EUIDACCESS = @HAVE_EUIDACCESS@ +HAVE_EXECVPE = @HAVE_EXECVPE@ +HAVE_EXPLICIT_BZERO = @HAVE_EXPLICIT_BZERO@ +HAVE_FACCESSAT = @HAVE_FACCESSAT@ +HAVE_FCHDIR = @HAVE_FCHDIR@ +HAVE_FCHMODAT = @HAVE_FCHMODAT@ +HAVE_FCHOWNAT = @HAVE_FCHOWNAT@ +HAVE_FCNTL = @HAVE_FCNTL@ +HAVE_FDATASYNC = @HAVE_FDATASYNC@ +HAVE_FEATURES_H = @HAVE_FEATURES_H@ +HAVE_FFS = @HAVE_FFS@ +HAVE_FFSL = @HAVE_FFSL@ +HAVE_FFSLL = @HAVE_FFSLL@ +HAVE_FREELOCALE = @HAVE_FREELOCALE@ +HAVE_FSEEKO = @HAVE_FSEEKO@ +HAVE_FSTATAT = @HAVE_FSTATAT@ +HAVE_FSYNC = @HAVE_FSYNC@ +HAVE_FTELLO = @HAVE_FTELLO@ +HAVE_FTRUNCATE = @HAVE_FTRUNCATE@ +HAVE_FUTIMENS = @HAVE_FUTIMENS@ +HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@ +HAVE_GETENTROPY = @HAVE_GETENTROPY@ +HAVE_GETGROUPS = @HAVE_GETGROUPS@ +HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@ +HAVE_GETLOGIN = @HAVE_GETLOGIN@ +HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@ +HAVE_GETPASS = @HAVE_GETPASS@ +HAVE_GETSUBOPT = @HAVE_GETSUBOPT@ +HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@ +HAVE_GETUMASK = @HAVE_GETUMASK@ +HAVE_GRANTPT = @HAVE_GRANTPT@ +HAVE_GROUP_MEMBER = @HAVE_GROUP_MEMBER@ +HAVE_IMAXDIV_T = @HAVE_IMAXDIV_T@ +HAVE_INITSTATE = @HAVE_INITSTATE@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_ISBLANK = @HAVE_ISBLANK@ +HAVE_LANGINFO_ALTMON = @HAVE_LANGINFO_ALTMON@ +HAVE_LANGINFO_CODESET = @HAVE_LANGINFO_CODESET@ +HAVE_LANGINFO_ERA = @HAVE_LANGINFO_ERA@ +HAVE_LANGINFO_H = @HAVE_LANGINFO_H@ +HAVE_LANGINFO_T_FMT_AMPM = @HAVE_LANGINFO_T_FMT_AMPM@ +HAVE_LANGINFO_YESEXPR = @HAVE_LANGINFO_YESEXPR@ +HAVE_LCHMOD = @HAVE_LCHMOD@ +HAVE_LCHOWN = @HAVE_LCHOWN@ +HAVE_LIBCRYPTO = @HAVE_LIBCRYPTO@ +HAVE_LIBDL = @HAVE_LIBDL@ +HAVE_LIBEV = @HAVE_LIBEV@ +HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ +HAVE_LIBRT = @HAVE_LIBRT@ +HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@ +HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_LINK = @HAVE_LINK@ +HAVE_LINKAT = @HAVE_LINKAT@ +HAVE_LSTAT = @HAVE_LSTAT@ +HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ +HAVE_MBRLEN = @HAVE_MBRLEN@ +HAVE_MBRTOWC = @HAVE_MBRTOWC@ +HAVE_MBSINIT = @HAVE_MBSINIT@ +HAVE_MBSLEN = @HAVE_MBSLEN@ +HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@ +HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@ +HAVE_MBTOWC = @HAVE_MBTOWC@ +HAVE_MEMPCPY = @HAVE_MEMPCPY@ +HAVE_MKDIRAT = @HAVE_MKDIRAT@ +HAVE_MKDTEMP = @HAVE_MKDTEMP@ +HAVE_MKFIFO = @HAVE_MKFIFO@ +HAVE_MKFIFOAT = @HAVE_MKFIFOAT@ +HAVE_MKNOD = @HAVE_MKNOD@ +HAVE_MKNODAT = @HAVE_MKNODAT@ +HAVE_MKOSTEMP = @HAVE_MKOSTEMP@ +HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@ +HAVE_MKSTEMP = @HAVE_MKSTEMP@ +HAVE_MKSTEMPS = @HAVE_MKSTEMPS@ +HAVE_MSVC_INVALID_PARAMETER_HANDLER = @HAVE_MSVC_INVALID_PARAMETER_HANDLER@ +HAVE_NANOSLEEP = @HAVE_NANOSLEEP@ +HAVE_NETDB_H = @HAVE_NETDB_H@ +HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@ +HAVE_NEWLOCALE = @HAVE_NEWLOCALE@ +HAVE_NL_LANGINFO = @HAVE_NL_LANGINFO@ +HAVE_OPENAT = @HAVE_OPENAT@ +HAVE_OS_H = @HAVE_OS_H@ +HAVE_PCLOSE = @HAVE_PCLOSE@ +HAVE_PIPE = @HAVE_PIPE@ +HAVE_PIPE2 = @HAVE_PIPE2@ +HAVE_POPEN = @HAVE_POPEN@ +HAVE_POSIX_MEMALIGN = @HAVE_POSIX_MEMALIGN@ +HAVE_POSIX_OPENPT = @HAVE_POSIX_OPENPT@ +HAVE_POSIX_SIGNALBLOCKING = @HAVE_POSIX_SIGNALBLOCKING@ +HAVE_PREAD = @HAVE_PREAD@ +HAVE_PSELECT = @HAVE_PSELECT@ +HAVE_PTHREAD_ATTR_DESTROY = @HAVE_PTHREAD_ATTR_DESTROY@ +HAVE_PTHREAD_ATTR_GETDETACHSTATE = @HAVE_PTHREAD_ATTR_GETDETACHSTATE@ +HAVE_PTHREAD_ATTR_INIT = @HAVE_PTHREAD_ATTR_INIT@ +HAVE_PTHREAD_ATTR_SETDETACHSTATE = @HAVE_PTHREAD_ATTR_SETDETACHSTATE@ +HAVE_PTHREAD_CONDATTR_DESTROY = @HAVE_PTHREAD_CONDATTR_DESTROY@ +HAVE_PTHREAD_CONDATTR_INIT = @HAVE_PTHREAD_CONDATTR_INIT@ +HAVE_PTHREAD_COND_BROADCAST = @HAVE_PTHREAD_COND_BROADCAST@ +HAVE_PTHREAD_COND_DESTROY = @HAVE_PTHREAD_COND_DESTROY@ +HAVE_PTHREAD_COND_INIT = @HAVE_PTHREAD_COND_INIT@ +HAVE_PTHREAD_COND_SIGNAL = @HAVE_PTHREAD_COND_SIGNAL@ +HAVE_PTHREAD_COND_TIMEDWAIT = @HAVE_PTHREAD_COND_TIMEDWAIT@ +HAVE_PTHREAD_COND_WAIT = @HAVE_PTHREAD_COND_WAIT@ +HAVE_PTHREAD_CREATE = @HAVE_PTHREAD_CREATE@ +HAVE_PTHREAD_CREATE_DETACHED = @HAVE_PTHREAD_CREATE_DETACHED@ +HAVE_PTHREAD_DETACH = @HAVE_PTHREAD_DETACH@ +HAVE_PTHREAD_EQUAL = @HAVE_PTHREAD_EQUAL@ +HAVE_PTHREAD_EXIT = @HAVE_PTHREAD_EXIT@ +HAVE_PTHREAD_GETSPECIFIC = @HAVE_PTHREAD_GETSPECIFIC@ +HAVE_PTHREAD_H = @HAVE_PTHREAD_H@ +HAVE_PTHREAD_JOIN = @HAVE_PTHREAD_JOIN@ +HAVE_PTHREAD_KEY_CREATE = @HAVE_PTHREAD_KEY_CREATE@ +HAVE_PTHREAD_KEY_DELETE = @HAVE_PTHREAD_KEY_DELETE@ +HAVE_PTHREAD_MUTEXATTR_DESTROY = @HAVE_PTHREAD_MUTEXATTR_DESTROY@ +HAVE_PTHREAD_MUTEXATTR_GETROBUST = @HAVE_PTHREAD_MUTEXATTR_GETROBUST@ +HAVE_PTHREAD_MUTEXATTR_GETTYPE = @HAVE_PTHREAD_MUTEXATTR_GETTYPE@ +HAVE_PTHREAD_MUTEXATTR_INIT = @HAVE_PTHREAD_MUTEXATTR_INIT@ +HAVE_PTHREAD_MUTEXATTR_SETROBUST = @HAVE_PTHREAD_MUTEXATTR_SETROBUST@ +HAVE_PTHREAD_MUTEXATTR_SETTYPE = @HAVE_PTHREAD_MUTEXATTR_SETTYPE@ +HAVE_PTHREAD_MUTEX_DESTROY = @HAVE_PTHREAD_MUTEX_DESTROY@ +HAVE_PTHREAD_MUTEX_INIT = @HAVE_PTHREAD_MUTEX_INIT@ +HAVE_PTHREAD_MUTEX_LOCK = @HAVE_PTHREAD_MUTEX_LOCK@ +HAVE_PTHREAD_MUTEX_RECURSIVE = @HAVE_PTHREAD_MUTEX_RECURSIVE@ +HAVE_PTHREAD_MUTEX_ROBUST = @HAVE_PTHREAD_MUTEX_ROBUST@ +HAVE_PTHREAD_MUTEX_TIMEDLOCK = @HAVE_PTHREAD_MUTEX_TIMEDLOCK@ +HAVE_PTHREAD_MUTEX_TRYLOCK = @HAVE_PTHREAD_MUTEX_TRYLOCK@ +HAVE_PTHREAD_MUTEX_UNLOCK = @HAVE_PTHREAD_MUTEX_UNLOCK@ +HAVE_PTHREAD_ONCE = @HAVE_PTHREAD_ONCE@ +HAVE_PTHREAD_PROCESS_SHARED = @HAVE_PTHREAD_PROCESS_SHARED@ +HAVE_PTHREAD_RWLOCKATTR_DESTROY = @HAVE_PTHREAD_RWLOCKATTR_DESTROY@ +HAVE_PTHREAD_RWLOCKATTR_INIT = @HAVE_PTHREAD_RWLOCKATTR_INIT@ +HAVE_PTHREAD_RWLOCK_DESTROY = @HAVE_PTHREAD_RWLOCK_DESTROY@ +HAVE_PTHREAD_RWLOCK_INIT = @HAVE_PTHREAD_RWLOCK_INIT@ +HAVE_PTHREAD_RWLOCK_RDLOCK = @HAVE_PTHREAD_RWLOCK_RDLOCK@ +HAVE_PTHREAD_RWLOCK_TIMEDRDLOCK = @HAVE_PTHREAD_RWLOCK_TIMEDRDLOCK@ +HAVE_PTHREAD_RWLOCK_TIMEDWRLOCK = @HAVE_PTHREAD_RWLOCK_TIMEDWRLOCK@ +HAVE_PTHREAD_RWLOCK_TRYRDLOCK = @HAVE_PTHREAD_RWLOCK_TRYRDLOCK@ +HAVE_PTHREAD_RWLOCK_TRYWRLOCK = @HAVE_PTHREAD_RWLOCK_TRYWRLOCK@ +HAVE_PTHREAD_RWLOCK_UNLOCK = @HAVE_PTHREAD_RWLOCK_UNLOCK@ +HAVE_PTHREAD_RWLOCK_WRLOCK = @HAVE_PTHREAD_RWLOCK_WRLOCK@ +HAVE_PTHREAD_SELF = @HAVE_PTHREAD_SELF@ +HAVE_PTHREAD_SETSPECIFIC = @HAVE_PTHREAD_SETSPECIFIC@ +HAVE_PTHREAD_SIGMASK = @HAVE_PTHREAD_SIGMASK@ +HAVE_PTHREAD_SPINLOCK_T = @HAVE_PTHREAD_SPINLOCK_T@ +HAVE_PTHREAD_SPIN_DESTROY = @HAVE_PTHREAD_SPIN_DESTROY@ +HAVE_PTHREAD_SPIN_INIT = @HAVE_PTHREAD_SPIN_INIT@ +HAVE_PTHREAD_SPIN_LOCK = @HAVE_PTHREAD_SPIN_LOCK@ +HAVE_PTHREAD_SPIN_TRYLOCK = @HAVE_PTHREAD_SPIN_TRYLOCK@ +HAVE_PTHREAD_SPIN_UNLOCK = @HAVE_PTHREAD_SPIN_UNLOCK@ +HAVE_PTHREAD_T = @HAVE_PTHREAD_T@ +HAVE_PTSNAME = @HAVE_PTSNAME@ +HAVE_PTSNAME_R = @HAVE_PTSNAME_R@ +HAVE_PWRITE = @HAVE_PWRITE@ +HAVE_QSORT_R = @HAVE_QSORT_R@ +HAVE_RAISE = @HAVE_RAISE@ +HAVE_RANDOM = @HAVE_RANDOM@ +HAVE_RANDOM_H = @HAVE_RANDOM_H@ +HAVE_RANDOM_R = @HAVE_RANDOM_R@ +HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@ +HAVE_READLINK = @HAVE_READLINK@ +HAVE_READLINKAT = @HAVE_READLINKAT@ +HAVE_REALLOCARRAY = @HAVE_REALLOCARRAY@ +HAVE_REALPATH = @HAVE_REALPATH@ +HAVE_RENAMEAT = @HAVE_RENAMEAT@ +HAVE_RPMATCH = @HAVE_RPMATCH@ +HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@ +HAVE_SCHED_H = @HAVE_SCHED_H@ +HAVE_SCHED_YIELD = @HAVE_SCHED_YIELD@ +HAVE_SECURE_GETENV = @HAVE_SECURE_GETENV@ +HAVE_SETENV = @HAVE_SETENV@ +HAVE_SETHOSTNAME = @HAVE_SETHOSTNAME@ +HAVE_SETSTATE = @HAVE_SETSTATE@ +HAVE_SIGABBREV_NP = @HAVE_SIGABBREV_NP@ +HAVE_SIGACTION = @HAVE_SIGACTION@ +HAVE_SIGDESCR_NP = @HAVE_SIGDESCR_NP@ +HAVE_SIGHANDLER_T = @HAVE_SIGHANDLER_T@ +HAVE_SIGINFO_T = @HAVE_SIGINFO_T@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_SIGSET_T = @HAVE_SIGSET_T@ +HAVE_SLEEP = @HAVE_SLEEP@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_STPCPY = @HAVE_STPCPY@ +HAVE_STPNCPY = @HAVE_STPNCPY@ +HAVE_STRCASECMP = @HAVE_STRCASECMP@ +HAVE_STRCASESTR = @HAVE_STRCASESTR@ +HAVE_STRCHRNUL = @HAVE_STRCHRNUL@ +HAVE_STRERRORNAME_NP = @HAVE_STRERRORNAME_NP@ +HAVE_STRINGS_H = @HAVE_STRINGS_H@ +HAVE_STRPBRK = @HAVE_STRPBRK@ +HAVE_STRPTIME = @HAVE_STRPTIME@ +HAVE_STRSEP = @HAVE_STRSEP@ +HAVE_STRTOD = @HAVE_STRTOD@ +HAVE_STRTOL = @HAVE_STRTOL@ +HAVE_STRTOLD = @HAVE_STRTOLD@ +HAVE_STRTOLL = @HAVE_STRTOLL@ +HAVE_STRTOUL = @HAVE_STRTOUL@ +HAVE_STRTOULL = @HAVE_STRTOULL@ +HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@ +HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@ +HAVE_STRUCT_SCHED_PARAM = @HAVE_STRUCT_SCHED_PARAM@ +HAVE_STRUCT_SIGACTION_SA_SIGACTION = @HAVE_STRUCT_SIGACTION_SA_SIGACTION@ +HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@ +HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = @HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@ +HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@ +HAVE_STRVERSCMP = @HAVE_STRVERSCMP@ +HAVE_SYMLINK = @HAVE_SYMLINK@ +HAVE_SYMLINKAT = @HAVE_SYMLINKAT@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_CDEFS_H = @HAVE_SYS_CDEFS_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@ +HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@ +HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@ +HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@ +HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@ +HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ +HAVE_TIMEGM = @HAVE_TIMEGM@ +HAVE_TIMESPEC_GET = @HAVE_TIMESPEC_GET@ +HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ +HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ +HAVE_UNISTD_H = @HAVE_UNISTD_H@ +HAVE_UNLINKAT = @HAVE_UNLINKAT@ +HAVE_UNLOCKPT = @HAVE_UNLOCKPT@ +HAVE_USLEEP = @HAVE_USLEEP@ +HAVE_UTIMENSAT = @HAVE_UTIMENSAT@ +HAVE_VASPRINTF = @HAVE_VASPRINTF@ +HAVE_VDPRINTF = @HAVE_VDPRINTF@ +HAVE_VISIBILITY = @HAVE_VISIBILITY@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ +HAVE_WCHAR_T = @HAVE_WCHAR_T@ +HAVE_WCPCPY = @HAVE_WCPCPY@ +HAVE_WCPNCPY = @HAVE_WCPNCPY@ +HAVE_WCRTOMB = @HAVE_WCRTOMB@ +HAVE_WCSCASECMP = @HAVE_WCSCASECMP@ +HAVE_WCSCAT = @HAVE_WCSCAT@ +HAVE_WCSCHR = @HAVE_WCSCHR@ +HAVE_WCSCMP = @HAVE_WCSCMP@ +HAVE_WCSCOLL = @HAVE_WCSCOLL@ +HAVE_WCSCPY = @HAVE_WCSCPY@ +HAVE_WCSCSPN = @HAVE_WCSCSPN@ +HAVE_WCSDUP = @HAVE_WCSDUP@ +HAVE_WCSFTIME = @HAVE_WCSFTIME@ +HAVE_WCSLEN = @HAVE_WCSLEN@ +HAVE_WCSNCASECMP = @HAVE_WCSNCASECMP@ +HAVE_WCSNCAT = @HAVE_WCSNCAT@ +HAVE_WCSNCMP = @HAVE_WCSNCMP@ +HAVE_WCSNCPY = @HAVE_WCSNCPY@ +HAVE_WCSNLEN = @HAVE_WCSNLEN@ +HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@ +HAVE_WCSPBRK = @HAVE_WCSPBRK@ +HAVE_WCSRCHR = @HAVE_WCSRCHR@ +HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@ +HAVE_WCSSPN = @HAVE_WCSSPN@ +HAVE_WCSSTR = @HAVE_WCSSTR@ +HAVE_WCSTOK = @HAVE_WCSTOK@ +HAVE_WCSWIDTH = @HAVE_WCSWIDTH@ +HAVE_WCSXFRM = @HAVE_WCSXFRM@ +HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@ +HAVE_WINT_T = @HAVE_WINT_T@ +HAVE_WMEMCHR = @HAVE_WMEMCHR@ +HAVE_WMEMCMP = @HAVE_WMEMCMP@ +HAVE_WMEMCPY = @HAVE_WMEMCPY@ +HAVE_WMEMMOVE = @HAVE_WMEMMOVE@ +HAVE_WMEMPCPY = @HAVE_WMEMPCPY@ +HAVE_WMEMSET = @HAVE_WMEMSET@ +HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@ +HAVE_XLOCALE_H = @HAVE_XLOCALE_H@ +HAVE__BOOL = @HAVE__BOOL@ +HAVE__EXIT = @HAVE__EXIT@ +HOGWEED_CFLAGS = @HOGWEED_CFLAGS@ +HOGWEED_LIBS = @HOGWEED_LIBS@ +HOSTENT_LIB = @HOSTENT_LIB@ +HTML_DIR = @HTML_DIR@ +INCLUDE_NEXT = @INCLUDE_NEXT@ +INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@ +INET_NTOP_LIB = @INET_NTOP_LIB@ +INET_PTON_LIB = @INET_PTON_LIB@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INT32_MAX_LT_INTMAX_MAX = @INT32_MAX_LT_INTMAX_MAX@ +INT64_MAX_EQ_LONG_MAX = @INT64_MAX_EQ_LONG_MAX@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDDPOSTPROC = @LDDPOSTPROC@ +LDDPROG = @LDDPROG@ +LDFLAGS = @LDFLAGS@ +LIBATOMIC_LIBS = @LIBATOMIC_LIBS@ +LIBBROTLIDEC_CFLAGS = @LIBBROTLIDEC_CFLAGS@ +LIBBROTLIDEC_LIBS = @LIBBROTLIDEC_LIBS@ +LIBBROTLIENC_CFLAGS = @LIBBROTLIENC_CFLAGS@ +LIBBROTLIENC_LIBS = @LIBBROTLIENC_LIBS@ +LIBCRYPTO = @LIBCRYPTO@ +LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@ +LIBDL = @LIBDL@ +LIBDL_PREFIX = @LIBDL_PREFIX@ +LIBEV = @LIBEV@ +LIBEV_LIBS = @LIBEV_LIBS@ +LIBEV_PREFIX = @LIBEV_PREFIX@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBICONV = @LIBICONV@ +LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@ +LIBIDN2_LIBS = @LIBIDN2_LIBS@ +LIBINTL = @LIBINTL@ +LIBKCAPI_CFLAGS = @LIBKCAPI_CFLAGS@ +LIBKCAPI_LIBS = @LIBKCAPI_LIBS@ +LIBMULTITHREAD = @LIBMULTITHREAD@ +LIBOBJS = @LIBOBJS@ +LIBPMULTITHREAD = @LIBPMULTITHREAD@ +LIBPTHREAD = @LIBPTHREAD@ +LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@ +LIBRT = @LIBRT@ +LIBRT_PREFIX = @LIBRT_PREFIX@ +LIBS = @LIBS@ +LIBSECCOMP = @LIBSECCOMP@ +LIBSECCOMP_PREFIX = @LIBSECCOMP_PREFIX@ +LIBSOCKET = @LIBSOCKET@ +LIBSTDTHREAD = @LIBSTDTHREAD@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@ +LIBTHREAD = @LIBTHREAD@ +LIBTOOL = @LIBTOOL@ +LIBUNISTRING = @LIBUNISTRING@ +LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@ +LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@ +LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@ +LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@ +LIBZ = @LIBZ@ +LIBZSTD_CFLAGS = @LIBZSTD_CFLAGS@ +LIBZSTD_LIBS = @LIBZSTD_LIBS@ +LIBZ_PC = @LIBZ_PC@ +LIBZ_PREFIX = @LIBZ_PREFIX@ +LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ +LIB_NANOSLEEP = @LIB_NANOSLEEP@ +LIB_PTHREAD = @LIB_PTHREAD@ +LIB_PTHREAD_SIGMASK = @LIB_PTHREAD_SIGMASK@ +LIB_SCHED_YIELD = @LIB_SCHED_YIELD@ +LIB_SELECT = @LIB_SELECT@ +LIB_SEMAPHORE = @LIB_SEMAPHORE@ +LIB_SETLOCALE = @LIB_SETLOCALE@ +LIB_SETLOCALE_NULL = @LIB_SETLOCALE_NULL@ +LIMITS_H = @LIMITS_H@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LOCALENAME_ENHANCE_LOCALE_FUNCS = @LOCALENAME_ENHANCE_LOCALE_FUNCS@ +LOCALE_FR = @LOCALE_FR@ +LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@ +LOCALE_JA = @LOCALE_JA@ +LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@ +LOCALE_ZH_CN = @LOCALE_ZH_CN@ +LOG_VALGRIND = @LOG_VALGRIND@ +LTALLOCA = @LTALLOCA@ +LTLIBCRYPTO = @LTLIBCRYPTO@ +LTLIBDL = @LTLIBDL@ +LTLIBEV = @LTLIBEV@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBMULTITHREAD = @LTLIBMULTITHREAD@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIBPTHREAD = @LTLIBPTHREAD@ +LTLIBRT = @LTLIBRT@ +LTLIBSECCOMP = @LTLIBSECCOMP@ +LTLIBTHREAD = @LTLIBTHREAD@ +LTLIBZ = @LTLIBZ@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_DANE_AGE = @LT_DANE_AGE@ +LT_DANE_CURRENT = @LT_DANE_CURRENT@ +LT_DANE_REVISION = @LT_DANE_REVISION@ +LT_REVISION = @LT_REVISION@ +LT_SSL_AGE = @LT_SSL_AGE@ +LT_SSL_CURRENT = @LT_SSL_CURRENT@ +LT_SSL_REVISION = @LT_SSL_REVISION@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LT_XSSL_AGE = @LT_XSSL_AGE@ +LT_XSSL_CURRENT = @LT_XSSL_CURRENT@ +LT_XSSL_REVISION = @LT_XSSL_REVISION@ +MAINT = @MAINT@ +MAJOR_VERSION = @MAJOR_VERSION@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MINOR_VERSION = @MINOR_VERSION@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGMERGE = @MSGMERGE@ +MSGMERGE_FOR_MSGFMT_OPTION = @MSGMERGE_FOR_MSGFMT_OPTION@ +NETINET_IN_H = @NETINET_IN_H@ +NETTLE_CFLAGS = @NETTLE_CFLAGS@ +NETTLE_LIBS = @NETTLE_LIBS@ +NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_CTYPE_H = @NEXT_AS_FIRST_DIRECTIVE_CTYPE_H@ +NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@ +NEXT_AS_FIRST_DIRECTIVE_FCNTL_H = @NEXT_AS_FIRST_DIRECTIVE_FCNTL_H@ +NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@ +NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H = @NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H = @NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H@ +NEXT_AS_FIRST_DIRECTIVE_LIMITS_H = @NEXT_AS_FIRST_DIRECTIVE_LIMITS_H@ +NEXT_AS_FIRST_DIRECTIVE_LOCALE_H = @NEXT_AS_FIRST_DIRECTIVE_LOCALE_H@ +NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@ +NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@ +NEXT_AS_FIRST_DIRECTIVE_PTHREAD_H = @NEXT_AS_FIRST_DIRECTIVE_PTHREAD_H@ +NEXT_AS_FIRST_DIRECTIVE_SCHED_H = @NEXT_AS_FIRST_DIRECTIVE_SCHED_H@ +NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H = @NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H@ +NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@ +NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@ +NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@ +NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@ +NEXT_AS_FIRST_DIRECTIVE_STRINGS_H = @NEXT_AS_FIRST_DIRECTIVE_STRINGS_H@ +NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H@ +NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@ +NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@ +NEXT_CTYPE_H = @NEXT_CTYPE_H@ +NEXT_ERRNO_H = @NEXT_ERRNO_H@ +NEXT_FCNTL_H = @NEXT_FCNTL_H@ +NEXT_FLOAT_H = @NEXT_FLOAT_H@ +NEXT_INTTYPES_H = @NEXT_INTTYPES_H@ +NEXT_LANGINFO_H = @NEXT_LANGINFO_H@ +NEXT_LIMITS_H = @NEXT_LIMITS_H@ +NEXT_LOCALE_H = @NEXT_LOCALE_H@ +NEXT_NETDB_H = @NEXT_NETDB_H@ +NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@ +NEXT_PTHREAD_H = @NEXT_PTHREAD_H@ +NEXT_SCHED_H = @NEXT_SCHED_H@ +NEXT_SIGNAL_H = @NEXT_SIGNAL_H@ +NEXT_STDDEF_H = @NEXT_STDDEF_H@ +NEXT_STDINT_H = @NEXT_STDINT_H@ +NEXT_STDIO_H = @NEXT_STDIO_H@ +NEXT_STDLIB_H = @NEXT_STDLIB_H@ +NEXT_STRINGS_H = @NEXT_STRINGS_H@ +NEXT_STRING_H = @NEXT_STRING_H@ +NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@ +NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@ +NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@ +NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@ +NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@ +NEXT_SYS_TYPES_H = @NEXT_SYS_TYPES_H@ +NEXT_SYS_UIO_H = @NEXT_SYS_UIO_H@ +NEXT_TIME_H = @NEXT_TIME_H@ +NEXT_UNISTD_H = @NEXT_UNISTD_H@ +NEXT_WCHAR_H = @NEXT_WCHAR_H@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NUMBER_VERSION = @NUMBER_VERSION@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PARSE_DATETIME_BISON = @PARSE_DATETIME_BISON@ +PATCH_VERSION = @PATCH_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKCS12_ITER_COUNT = @PKCS12_ITER_COUNT@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PMCCABE = @PMCCABE@ +POSUB = @POSUB@ +PRAGMA_COLUMNS = @PRAGMA_COLUMNS@ +PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@ +PRIPTR_PREFIX = @PRIPTR_PREFIX@ +PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +REPLACE_ACCESS = @REPLACE_ACCESS@ +REPLACE_ALIGNED_ALLOC = @REPLACE_ALIGNED_ALLOC@ +REPLACE_BTOWC = @REPLACE_BTOWC@ +REPLACE_CALLOC = @REPLACE_CALLOC@ +REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@ +REPLACE_CHOWN = @REPLACE_CHOWN@ +REPLACE_CLOSE = @REPLACE_CLOSE@ +REPLACE_CREAT = @REPLACE_CREAT@ +REPLACE_CTIME = @REPLACE_CTIME@ +REPLACE_DPRINTF = @REPLACE_DPRINTF@ +REPLACE_DUP = @REPLACE_DUP@ +REPLACE_DUP2 = @REPLACE_DUP2@ +REPLACE_DUPLOCALE = @REPLACE_DUPLOCALE@ +REPLACE_EXECL = @REPLACE_EXECL@ +REPLACE_EXECLE = @REPLACE_EXECLE@ +REPLACE_EXECLP = @REPLACE_EXECLP@ +REPLACE_EXECV = @REPLACE_EXECV@ +REPLACE_EXECVE = @REPLACE_EXECVE@ +REPLACE_EXECVP = @REPLACE_EXECVP@ +REPLACE_EXECVPE = @REPLACE_EXECVPE@ +REPLACE_FACCESSAT = @REPLACE_FACCESSAT@ +REPLACE_FCHMODAT = @REPLACE_FCHMODAT@ +REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@ +REPLACE_FCLOSE = @REPLACE_FCLOSE@ +REPLACE_FCNTL = @REPLACE_FCNTL@ +REPLACE_FDOPEN = @REPLACE_FDOPEN@ +REPLACE_FFLUSH = @REPLACE_FFLUSH@ +REPLACE_FFSLL = @REPLACE_FFSLL@ +REPLACE_FOPEN = @REPLACE_FOPEN@ +REPLACE_FPRINTF = @REPLACE_FPRINTF@ +REPLACE_FPURGE = @REPLACE_FPURGE@ +REPLACE_FREE = @REPLACE_FREE@ +REPLACE_FREELOCALE = @REPLACE_FREELOCALE@ +REPLACE_FREOPEN = @REPLACE_FREOPEN@ +REPLACE_FSEEK = @REPLACE_FSEEK@ +REPLACE_FSEEKO = @REPLACE_FSEEKO@ +REPLACE_FSTAT = @REPLACE_FSTAT@ +REPLACE_FSTATAT = @REPLACE_FSTATAT@ +REPLACE_FTELL = @REPLACE_FTELL@ +REPLACE_FTELLO = @REPLACE_FTELLO@ +REPLACE_FTRUNCATE = @REPLACE_FTRUNCATE@ +REPLACE_FUTIMENS = @REPLACE_FUTIMENS@ +REPLACE_GAI_STRERROR = @REPLACE_GAI_STRERROR@ +REPLACE_GETADDRINFO = @REPLACE_GETADDRINFO@ +REPLACE_GETCWD = @REPLACE_GETCWD@ +REPLACE_GETDELIM = @REPLACE_GETDELIM@ +REPLACE_GETDOMAINNAME = @REPLACE_GETDOMAINNAME@ +REPLACE_GETDTABLESIZE = @REPLACE_GETDTABLESIZE@ +REPLACE_GETGROUPS = @REPLACE_GETGROUPS@ +REPLACE_GETLINE = @REPLACE_GETLINE@ +REPLACE_GETLOGIN_R = @REPLACE_GETLOGIN_R@ +REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@ +REPLACE_GETPASS = @REPLACE_GETPASS@ +REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@ +REPLACE_GMTIME = @REPLACE_GMTIME@ +REPLACE_INET_NTOP = @REPLACE_INET_NTOP@ +REPLACE_INET_PTON = @REPLACE_INET_PTON@ +REPLACE_INITSTATE = @REPLACE_INITSTATE@ +REPLACE_IOCTL = @REPLACE_IOCTL@ +REPLACE_ISATTY = @REPLACE_ISATTY@ +REPLACE_ITOLD = @REPLACE_ITOLD@ +REPLACE_LCHOWN = @REPLACE_LCHOWN@ +REPLACE_LINK = @REPLACE_LINK@ +REPLACE_LINKAT = @REPLACE_LINKAT@ +REPLACE_LOCALECONV = @REPLACE_LOCALECONV@ +REPLACE_LOCALTIME = @REPLACE_LOCALTIME@ +REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@ +REPLACE_LSEEK = @REPLACE_LSEEK@ +REPLACE_LSTAT = @REPLACE_LSTAT@ +REPLACE_MALLOC = @REPLACE_MALLOC@ +REPLACE_MBRLEN = @REPLACE_MBRLEN@ +REPLACE_MBRTOWC = @REPLACE_MBRTOWC@ +REPLACE_MBSINIT = @REPLACE_MBSINIT@ +REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@ +REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@ +REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@ +REPLACE_MBTOWC = @REPLACE_MBTOWC@ +REPLACE_MEMCHR = @REPLACE_MEMCHR@ +REPLACE_MEMMEM = @REPLACE_MEMMEM@ +REPLACE_MKDIR = @REPLACE_MKDIR@ +REPLACE_MKFIFO = @REPLACE_MKFIFO@ +REPLACE_MKFIFOAT = @REPLACE_MKFIFOAT@ +REPLACE_MKNOD = @REPLACE_MKNOD@ +REPLACE_MKNODAT = @REPLACE_MKNODAT@ +REPLACE_MKSTEMP = @REPLACE_MKSTEMP@ +REPLACE_MKTIME = @REPLACE_MKTIME@ +REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@ +REPLACE_NEWLOCALE = @REPLACE_NEWLOCALE@ +REPLACE_NL_LANGINFO = @REPLACE_NL_LANGINFO@ +REPLACE_NULL = @REPLACE_NULL@ +REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@ +REPLACE_OPEN = @REPLACE_OPEN@ +REPLACE_OPENAT = @REPLACE_OPENAT@ +REPLACE_PERROR = @REPLACE_PERROR@ +REPLACE_POPEN = @REPLACE_POPEN@ +REPLACE_POSIX_MEMALIGN = @REPLACE_POSIX_MEMALIGN@ +REPLACE_PREAD = @REPLACE_PREAD@ +REPLACE_PRINTF = @REPLACE_PRINTF@ +REPLACE_PSELECT = @REPLACE_PSELECT@ +REPLACE_PTHREAD_ATTR_DESTROY = @REPLACE_PTHREAD_ATTR_DESTROY@ +REPLACE_PTHREAD_ATTR_GETDETACHSTATE = @REPLACE_PTHREAD_ATTR_GETDETACHSTATE@ +REPLACE_PTHREAD_ATTR_INIT = @REPLACE_PTHREAD_ATTR_INIT@ +REPLACE_PTHREAD_ATTR_SETDETACHSTATE = @REPLACE_PTHREAD_ATTR_SETDETACHSTATE@ +REPLACE_PTHREAD_CONDATTR_DESTROY = @REPLACE_PTHREAD_CONDATTR_DESTROY@ +REPLACE_PTHREAD_CONDATTR_INIT = @REPLACE_PTHREAD_CONDATTR_INIT@ +REPLACE_PTHREAD_COND_BROADCAST = @REPLACE_PTHREAD_COND_BROADCAST@ +REPLACE_PTHREAD_COND_DESTROY = @REPLACE_PTHREAD_COND_DESTROY@ +REPLACE_PTHREAD_COND_INIT = @REPLACE_PTHREAD_COND_INIT@ +REPLACE_PTHREAD_COND_SIGNAL = @REPLACE_PTHREAD_COND_SIGNAL@ +REPLACE_PTHREAD_COND_TIMEDWAIT = @REPLACE_PTHREAD_COND_TIMEDWAIT@ +REPLACE_PTHREAD_COND_WAIT = @REPLACE_PTHREAD_COND_WAIT@ +REPLACE_PTHREAD_CREATE = @REPLACE_PTHREAD_CREATE@ +REPLACE_PTHREAD_DETACH = @REPLACE_PTHREAD_DETACH@ +REPLACE_PTHREAD_EQUAL = @REPLACE_PTHREAD_EQUAL@ +REPLACE_PTHREAD_EXIT = @REPLACE_PTHREAD_EXIT@ +REPLACE_PTHREAD_GETSPECIFIC = @REPLACE_PTHREAD_GETSPECIFIC@ +REPLACE_PTHREAD_JOIN = @REPLACE_PTHREAD_JOIN@ +REPLACE_PTHREAD_KEY_CREATE = @REPLACE_PTHREAD_KEY_CREATE@ +REPLACE_PTHREAD_KEY_DELETE = @REPLACE_PTHREAD_KEY_DELETE@ +REPLACE_PTHREAD_MUTEXATTR_DESTROY = @REPLACE_PTHREAD_MUTEXATTR_DESTROY@ +REPLACE_PTHREAD_MUTEXATTR_GETROBUST = @REPLACE_PTHREAD_MUTEXATTR_GETROBUST@ +REPLACE_PTHREAD_MUTEXATTR_GETTYPE = @REPLACE_PTHREAD_MUTEXATTR_GETTYPE@ +REPLACE_PTHREAD_MUTEXATTR_INIT = @REPLACE_PTHREAD_MUTEXATTR_INIT@ +REPLACE_PTHREAD_MUTEXATTR_SETROBUST = @REPLACE_PTHREAD_MUTEXATTR_SETROBUST@ +REPLACE_PTHREAD_MUTEXATTR_SETTYPE = @REPLACE_PTHREAD_MUTEXATTR_SETTYPE@ +REPLACE_PTHREAD_MUTEX_DESTROY = @REPLACE_PTHREAD_MUTEX_DESTROY@ +REPLACE_PTHREAD_MUTEX_INIT = @REPLACE_PTHREAD_MUTEX_INIT@ +REPLACE_PTHREAD_MUTEX_LOCK = @REPLACE_PTHREAD_MUTEX_LOCK@ +REPLACE_PTHREAD_MUTEX_TIMEDLOCK = @REPLACE_PTHREAD_MUTEX_TIMEDLOCK@ +REPLACE_PTHREAD_MUTEX_TRYLOCK = @REPLACE_PTHREAD_MUTEX_TRYLOCK@ +REPLACE_PTHREAD_MUTEX_UNLOCK = @REPLACE_PTHREAD_MUTEX_UNLOCK@ +REPLACE_PTHREAD_ONCE = @REPLACE_PTHREAD_ONCE@ +REPLACE_PTHREAD_RWLOCKATTR_DESTROY = @REPLACE_PTHREAD_RWLOCKATTR_DESTROY@ +REPLACE_PTHREAD_RWLOCKATTR_INIT = @REPLACE_PTHREAD_RWLOCKATTR_INIT@ +REPLACE_PTHREAD_RWLOCK_DESTROY = @REPLACE_PTHREAD_RWLOCK_DESTROY@ +REPLACE_PTHREAD_RWLOCK_INIT = @REPLACE_PTHREAD_RWLOCK_INIT@ +REPLACE_PTHREAD_RWLOCK_RDLOCK = @REPLACE_PTHREAD_RWLOCK_RDLOCK@ +REPLACE_PTHREAD_RWLOCK_TIMEDRDLOCK = @REPLACE_PTHREAD_RWLOCK_TIMEDRDLOCK@ +REPLACE_PTHREAD_RWLOCK_TIMEDWRLOCK = @REPLACE_PTHREAD_RWLOCK_TIMEDWRLOCK@ +REPLACE_PTHREAD_RWLOCK_TRYRDLOCK = @REPLACE_PTHREAD_RWLOCK_TRYRDLOCK@ +REPLACE_PTHREAD_RWLOCK_TRYWRLOCK = @REPLACE_PTHREAD_RWLOCK_TRYWRLOCK@ +REPLACE_PTHREAD_RWLOCK_UNLOCK = @REPLACE_PTHREAD_RWLOCK_UNLOCK@ +REPLACE_PTHREAD_RWLOCK_WRLOCK = @REPLACE_PTHREAD_RWLOCK_WRLOCK@ +REPLACE_PTHREAD_SELF = @REPLACE_PTHREAD_SELF@ +REPLACE_PTHREAD_SETSPECIFIC = @REPLACE_PTHREAD_SETSPECIFIC@ +REPLACE_PTHREAD_SIGMASK = @REPLACE_PTHREAD_SIGMASK@ +REPLACE_PTHREAD_SPIN_DESTROY = @REPLACE_PTHREAD_SPIN_DESTROY@ +REPLACE_PTHREAD_SPIN_INIT = @REPLACE_PTHREAD_SPIN_INIT@ +REPLACE_PTHREAD_SPIN_LOCK = @REPLACE_PTHREAD_SPIN_LOCK@ +REPLACE_PTHREAD_SPIN_TRYLOCK = @REPLACE_PTHREAD_SPIN_TRYLOCK@ +REPLACE_PTHREAD_SPIN_UNLOCK = @REPLACE_PTHREAD_SPIN_UNLOCK@ +REPLACE_PTSNAME = @REPLACE_PTSNAME@ +REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ +REPLACE_PUTENV = @REPLACE_PUTENV@ +REPLACE_PWRITE = @REPLACE_PWRITE@ +REPLACE_QSORT_R = @REPLACE_QSORT_R@ +REPLACE_RAISE = @REPLACE_RAISE@ +REPLACE_RANDOM = @REPLACE_RANDOM@ +REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ +REPLACE_READ = @REPLACE_READ@ +REPLACE_READLINK = @REPLACE_READLINK@ +REPLACE_READLINKAT = @REPLACE_READLINKAT@ +REPLACE_REALLOC = @REPLACE_REALLOC@ +REPLACE_REALLOCARRAY = @REPLACE_REALLOCARRAY@ +REPLACE_REALPATH = @REPLACE_REALPATH@ +REPLACE_REMOVE = @REPLACE_REMOVE@ +REPLACE_RENAME = @REPLACE_RENAME@ +REPLACE_RENAMEAT = @REPLACE_RENAMEAT@ +REPLACE_RMDIR = @REPLACE_RMDIR@ +REPLACE_SCHED_YIELD = @REPLACE_SCHED_YIELD@ +REPLACE_SELECT = @REPLACE_SELECT@ +REPLACE_SETENV = @REPLACE_SETENV@ +REPLACE_SETLOCALE = @REPLACE_SETLOCALE@ +REPLACE_SETSTATE = @REPLACE_SETSTATE@ +REPLACE_SLEEP = @REPLACE_SLEEP@ +REPLACE_SNPRINTF = @REPLACE_SNPRINTF@ +REPLACE_SPRINTF = @REPLACE_SPRINTF@ +REPLACE_STAT = @REPLACE_STAT@ +REPLACE_STDIO_READ_FUNCS = @REPLACE_STDIO_READ_FUNCS@ +REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@ +REPLACE_STPNCPY = @REPLACE_STPNCPY@ +REPLACE_STRCASESTR = @REPLACE_STRCASESTR@ +REPLACE_STRCHRNUL = @REPLACE_STRCHRNUL@ +REPLACE_STRDUP = @REPLACE_STRDUP@ +REPLACE_STRERROR = @REPLACE_STRERROR@ +REPLACE_STRERRORNAME_NP = @REPLACE_STRERRORNAME_NP@ +REPLACE_STRERROR_R = @REPLACE_STRERROR_R@ +REPLACE_STRFTIME = @REPLACE_STRFTIME@ +REPLACE_STRNCAT = @REPLACE_STRNCAT@ +REPLACE_STRNDUP = @REPLACE_STRNDUP@ +REPLACE_STRNLEN = @REPLACE_STRNLEN@ +REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@ +REPLACE_STRSTR = @REPLACE_STRSTR@ +REPLACE_STRTOD = @REPLACE_STRTOD@ +REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@ +REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ +REPLACE_STRTOL = @REPLACE_STRTOL@ +REPLACE_STRTOLD = @REPLACE_STRTOLD@ +REPLACE_STRTOLL = @REPLACE_STRTOLL@ +REPLACE_STRTOUL = @REPLACE_STRTOUL@ +REPLACE_STRTOULL = @REPLACE_STRTOULL@ +REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ +REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@ +REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ +REPLACE_SYMLINK = @REPLACE_SYMLINK@ +REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ +REPLACE_TIMEGM = @REPLACE_TIMEGM@ +REPLACE_TMPFILE = @REPLACE_TMPFILE@ +REPLACE_TRUNCATE = @REPLACE_TRUNCATE@ +REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ +REPLACE_TZSET = @REPLACE_TZSET@ +REPLACE_UNLINK = @REPLACE_UNLINK@ +REPLACE_UNLINKAT = @REPLACE_UNLINKAT@ +REPLACE_UNSETENV = @REPLACE_UNSETENV@ +REPLACE_USLEEP = @REPLACE_USLEEP@ +REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@ +REPLACE_VASPRINTF = @REPLACE_VASPRINTF@ +REPLACE_VDPRINTF = @REPLACE_VDPRINTF@ +REPLACE_VFPRINTF = @REPLACE_VFPRINTF@ +REPLACE_VPRINTF = @REPLACE_VPRINTF@ +REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@ +REPLACE_VSPRINTF = @REPLACE_VSPRINTF@ +REPLACE_WCRTOMB = @REPLACE_WCRTOMB@ +REPLACE_WCSFTIME = @REPLACE_WCSFTIME@ +REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@ +REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@ +REPLACE_WCSTOK = @REPLACE_WCSTOK@ +REPLACE_WCSWIDTH = @REPLACE_WCSWIDTH@ +REPLACE_WCTOB = @REPLACE_WCTOB@ +REPLACE_WCTOMB = @REPLACE_WCTOMB@ +REPLACE_WCWIDTH = @REPLACE_WCWIDTH@ +REPLACE_WRITE = @REPLACE_WRITE@ +SED = @SED@ +SERVENT_LIB = @SERVENT_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDALIGN_H = @STDALIGN_H@ +STDBOOL_H = @STDBOOL_H@ +STDDEF_H = @STDDEF_H@ +STDINT_H = @STDINT_H@ +STRIP = @STRIP@ +SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@ +SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_TIME_UTC = @TIME_H_DEFINES_TIME_UTC@ +TROUSERS_LIB = @TROUSERS_LIB@ +TSS2_CFLAGS = @TSS2_CFLAGS@ +TSS2_LIBS = @TSS2_LIBS@ +TSS_CFLAGS = @TSS_CFLAGS@ +TSS_LIBS = @TSS_LIBS@ +UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ +UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ +UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ +UNBOUND_LIBS = @UNBOUND_LIBS@ +UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ +UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ +UNISTD_H_HAVE_SYS_RANDOM_H = @UNISTD_H_HAVE_SYS_RANDOM_H@ +UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ +UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +USE_NLS = @USE_NLS@ +VALGRIND = @VALGRIND@ +VALGRINDFLAGS = @VALGRINDFLAGS@ +VALGRIND_PROGRAM = @VALGRIND_PROGRAM@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ +WERROR_CFLAGS = @WERROR_CFLAGS@ +WINDOWS_64_BIT_OFF_T = @WINDOWS_64_BIT_OFF_T@ +WINDOWS_64_BIT_ST_SIZE = @WINDOWS_64_BIT_ST_SIZE@ +WINDOWS_STAT_INODES = @WINDOWS_STAT_INODES@ +WINDOWS_STAT_TIMESPEC = @WINDOWS_STAT_TIMESPEC@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ +WSTACK_CFLAGS = @WSTACK_CFLAGS@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +YIELD_LIB = @YIELD_LIB@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +ac_cv_sizeof_time_t = @ac_cv_sizeof_time_t@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +ggl_LIBOBJS = @ggl_LIBOBJS@ +ggl_LTLIBOBJS = @ggl_LTLIBOBJS@ +ggltests_LIBOBJS = @ggltests_LIBOBJS@ +ggltests_LTLIBOBJS = @ggltests_LTLIBOBJS@ +ggltests_WITNESS = @ggltests_WITNESS@ +gl_LIBOBJS = @gl_LIBOBJS@ +gl_LTLIBOBJS = @gl_LTLIBOBJS@ +gltests_LIBOBJS = @gltests_LIBOBJS@ +gltests_LTLIBOBJS = @gltests_LTLIBOBJS@ +gltests_WITNESS = @gltests_WITNESS@ +gnutls_so = @gnutls_so@ +guile_snarf = @guile_snarf@ +guileextensiondir = @guileextensiondir@ +guilesiteccachedir = @guilesiteccachedir@ +guilesitedir = @guilesitedir@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +ifGNUmake = @ifGNUmake@ +ifnGNUmake = @ifnGNUmake@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +maybe_guileextensiondir = @maybe_guileextensiondir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +unistring_LIBOBJS = @unistring_LIBOBJS@ +unistring_LTLIBOBJS = @unistring_LTLIBOBJS@ +unistringtests_LIBOBJS = @unistringtests_LIBOBJS@ +unistringtests_LTLIBOBJS = @unistringtests_LTLIBOBJS@ +unistringtests_WITNESS = @unistringtests_WITNESS@ +SUBDIRS = . cert-tests slow $(am__append_1) $(am__append_2) +TESTS_ENVIRONMENT = $(am__append_29) CC="$(CC)" CFLAGS="$(CFLAGS)" \ + LC_ALL="C" \ + LSAN_OPTIONS=suppressions=$(srcdir)/gnutls-asan.supp \ + CAFILE=$(srcdir)/cert-tests/data/ca-certs.pem \ + P11MOCKLIB1=$(abs_builddir)/.libs/libpkcs11mock1.so \ + P11MOCKLIB2=$(abs_builddir)/.libs/libpkcs11mock2.so \ + PKCS12_MANY_CERTS_FILE=$(srcdir)/cert-tests/data/pkcs12_5certs.p12 \ + PKCS12FILE=$(srcdir)/cert-tests/data/client.p12 \ + PKCS12PASSWORD=foobar \ + PKCS12FILE_2=$(srcdir)/cert-tests/data/pkcs12_2certs.p12 \ + PKCS12PASSWORD_2="" PKCS12PATH=$(srcdir)/cert-tests/data/ \ + X509CERTDIR=$(srcdir)/x509cert-dir/ \ + GNUTLS_SYSTEM_PRIORITY_FILE=$(abs_top_srcdir)/tests/system.prio \ + PSK_FILE=$(srcdir)/psk.passwd OPENSSL_ia32cap=0x00000000 \ + EXEEXT=$(EXEEXT) GNUTLS_TEST_SUITE_RUN=1 \ + builddir="$(builddir)" top_builddir="$(top_builddir)" \ + abs_top_builddir="$(abs_top_builddir)" libdir="$(libdir)" \ + srcdir="$(srcdir)" $(am__append_33) $(am__append_34) \ + $(am__append_35) $(am__append_36) +EXTRA_DIST = suppressions.valgrind eagain-common.h cert-common.h \ + test-chains.h ocsp-common.h cmocka-common.h virt-time.h \ + test-chains-issuer.h test-chains-issuer-aia.h \ + certs/ca-cert-ecc.pem certs/cert-ecc256.pem \ + certs/cert-ecc521.pem certs/cert-rsa-2432.pem certs/ecc384.pem \ + certs/ecc.pem hex.h certs/ca-ecc.pem certs/cert-ecc384.pem \ + certs/cert-ecc.pem certs/ecc256.pem certs/ecc521.pem \ + certs/rsa-2432.pem x509cert-dir/ca.pem psk.passwd \ + certs/rawpk_priv.pem certs/rawpk_pub.pem certs/ed25519.pem \ + certs/cert-ed25519.pem certs/rsa-512.pem \ + certs/id-on-xmppAddr.pem system.prio pkcs11/softhsm.h \ + pkcs11/pkcs11-pubkey-import.c gnutls-asan.supp \ + rsa-md5-collision/README safe-renegotiation/README \ + starttls-smtp.txt starttls-ftp.txt starttls-lmtp.txt \ + starttls-pop3.txt starttls-xmpp.txt starttls-nntp.txt \ + starttls-sieve.txt rsa-md5-collision/colliding-chain-md5-2.pem \ + rsa-md5-collision/colliding-chain-md5-1.pem \ + ocsp-tests/certs/ocsp-amazon.com.der \ + ocsp-tests/certs/chain-amazon.com.pem \ + ocsp-tests/certs/chain-amazon.com-unsorted.pem \ + cipher-neg-common.c ocsp-tests/certs/chain-akamai.com.pem \ + ocsp-tests/certs/ocsp-akamai.com.der tls13/ext-parse.h \ + certs-interesting/README.md certs-interesting/cert1.der \ + certs-interesting/cert1.der.err certs-interesting/cert2.der \ + certs-interesting/cert2.der.err certs-interesting/cert3.der \ + certs-interesting/cert3.der.err certs-interesting/cert4.der \ + certs-interesting/cert5.der certs-interesting/cert5.der.err \ + certs-interesting/cert6.der certs-interesting/cert6.der.err \ + certs-interesting/cert7.der certs-interesting/cert8.der \ + certs-interesting/cert9.der certs-interesting/cert10.der \ + certs-interesting/cert3.der.err certs-interesting/cert4.der \ + scripts/common.sh scripts/starttls-common.sh rng-op.c \ + x509sign-verify-common.h common-key-tests.h \ + ocsp-tests/certs/ca.key ocsp-tests/certs/ca.pem \ + ocsp-tests/certs/ocsp-server.key \ + ocsp-tests/certs/ocsp-server.pem ocsp-tests/response1.der \ + ocsp-tests/response2.der ocsp-tests/response3.der \ + ocsp-tests/certs/ocsp_index.txt \ + ocsp-tests/certs/ocsp_index.txt.attr ocsp-tests/response1.pem \ + ocsp-tests/response2.pem ocsp-tests/certs/server_good.key \ + ocsp-tests/certs/server_bad.key \ + ocsp-tests/certs/server_good.template \ + ocsp-tests/certs/server_bad.template \ + ocsp-tests/certs/ocsp-staple-unrelated.der \ + ocsp-tests/suppressions.valgrind \ + ocsp-tests/signer-verify/response-ca.der \ + ocsp-tests/signer-verify/response-delegated.der \ + ocsp-tests/signer-verify/response-non-delegated.der \ + ocsp-tests/signer-verify/trust.pem data/listings-DTLS1.0 \ + data/listings-SSL3.0 data/listings-TLS1.0 data/listings-TLS1.1 \ + data/listings-legacy1 data/listings-legacy2 \ + data/listings-legacy3 data/listings-legacy4 \ + data/listings-old-SSL3.0-TLS1.1 data/listings-SSL3.0-TLS1.1 \ + p11-kit-trust-data/Example_Root_CA.p11-kit \ + server-kx-neg-common.c p11-kit-trust-data/Example_Root_CA.pem \ + data/test1.cat data/test2.cat data/test1.cat.data \ + data/test2.cat.data data/test1.cat.out data/test2.cat.out \ + data/pkcs7-cat-ca.pem data/long.crl data/long.pem \ + data/large-cert.pem testpkcs11.pkcs15 testpkcs11.softhsm \ + testpkcs11.sc-hsm testpkcs11-certs/ca.crt \ + testpkcs11-certs/ca-tmpl testpkcs11-certs/client.key \ + testpkcs11-certs/server.crt testpkcs11-certs/server-tmpl \ + testpkcs11-certs/ca.key testpkcs11-certs/client.crt \ + testpkcs11-certs/client-tmpl testpkcs11-certs/server.key \ + crt_type-neg-common.c \ + system-override-default-priority-string.bad.config \ + system-override-default-priority-string.none.config \ + system-override-default-priority-string.only-tls13.config \ + client-secrets.h server-secrets.h \ + fixtures/templates/arb-extensions.tmpl.exp \ + fixtures/templates/crit-extensions.tmpl.exp \ + fixtures/templates/inhibit-anypolicy.tmpl.exp \ + fixtures/templates/simple-policy.tmpl.exp \ + fixtures/templates/template-crq.tmpl.exp \ + fixtures/templates/template-dates-after2038.tmpl.exp \ + fixtures/templates/template-date.tmpl.exp \ + fixtures/templates/template-dn-err.tmpl.exp \ + fixtures/templates/template-dn.tmpl.exp \ + fixtures/templates/template-generalized.tmpl.exp \ + fixtures/templates/template-krb5name.tmpl.exp \ + fixtures/templates/template-long-dns.tmpl.exp \ + fixtures/templates/template-long-serial.tmpl.exp \ + fixtures/templates/template-nc.tmpl.exp \ + fixtures/templates/template-no-ca-explicit.tmpl.exp \ + fixtures/templates/template-no-ca-honor.tmpl.exp \ + fixtures/templates/template-no-ca.tmpl.exp \ + fixtures/templates/template-othername.tmpl.exp \ + fixtures/templates/template-othername-xmpp.tmpl.exp \ + fixtures/templates/template-overflow2.tmpl.exp \ + fixtures/templates/template-overflow.tmpl.exp \ + fixtures/templates/template-test.tmpl.exp \ + fixtures/templates/template-tlsfeature-crq.tmpl.exp \ + fixtures/templates/template-tlsfeature.tmpl.exp \ + fixtures/templates/template-unique.tmpl.exp \ + fixtures/templates/template-utf8.tmpl.exp +AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) +AM_CPPFLAGS = $(P11_KIT_CFLAGS) -I$(top_srcdir)/lib/includes \ + -I$(top_builddir)/lib/includes \ + -I$(top_srcdir)/libdane/includes \ + -I$(top_builddir)/libdane/includes \ + -I$(top_srcdir)/extra/includes \ + -I$(top_builddir)/extra/includes -I$(top_srcdir)/lib \ + -I$(top_srcdir)/doc/examples $(am__append_3) +AM_LDFLAGS = -no-install +COMMON_GNUTLS_LDADD = ../lib/libgnutls.la +COMMON_DEPS_LDADD = $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB) $(LIBSECCOMP) $(LIBRT) +COMMON_LDADD = $(COMMON_GNUTLS_LDADD) $(COMMON_DEPS_LDADD) +LDADD = $(COMMON_GNUTLS_LDADD) \ + libutils.la \ + $(COMMON_DEPS_LDADD) + +dane_LDADD = $(LDADD) ../libdane/libgnutls-dane.la +dane_strcodes_LDADD = $(LDADD) ../libdane/libgnutls-dane.la +noinst_LTLIBRARIES = libutils.la $(am__append_8) +libutils_la_SOURCES = utils.h utils.c seccomp.c utils-adv.c +libutils_la_LIBADD = ../lib/libgnutls.la +indirect_tests = system-override-hash system-override-sig \ + system-override-sig-tls $(am__append_17) $(am__append_20) \ + $(am__append_22) $(am__append_26) $(am__append_32) +ctests = tls13/supported_versions tls13/tls12-no-tls13-exts \ + tls13/post-handshake-with-cert \ + tls13/post-handshake-without-cert tls13/cookie tls13/key_share \ + tls13/prf tls13/prf-early \ + tls13/post-handshake-with-cert-ticket tls12-rollback-detection \ + tls11-rollback-detection tls12-check-rollback-val \ + tls11-check-rollback-val tls13/post-handshake-with-psk \ + tls13/post-handshake-with-cert-auto tls13/anti_replay \ + tls13/compress-cert tls13/compress-cert-neg \ + tls13/compress-cert-neg2 tls13/compress-cert-cli \ + tls13/hello_retry_request tls13/hello_retry_request_resume \ + tls13/psk-ext tls13/key_update tls13/key_update_multiple \ + tls13/key_limits tls13/multi-ocsp tls13/ocsp-client \ + tls13/change_cipher_spec tls13-cipher-neg tls13/no-psk-exts \ + tls13/psk-dumbfw tls13/psk-ke-modes tls13-early-start \ + tls13/no-auto-send-ticket mini-record-2 simple \ + gnutls_hmac_fast set_pkcs12_cred cert certuniqueid \ + tls-neg-ext-key mpi certificate_set_x509_crl dn parse_ca \ + x509-dn x509-dn-decode record-sizes hostname-check \ + cve-2008-4989 pkcs12_s2k chainverify missingissuer \ + missingissuer_aia record-sizes-range crq_key_id \ + x509sign-verify sign-verify cve-2009-1415 cve-2009-1416 \ + tls10-server-kx-neg tls11-server-kx-neg tls12-server-kx-neg \ + ssl30-server-kx-neg tls12-cipher-neg tls11-cipher-neg \ + tls10-cipher-neg ssl30-cipher-neg crq_apis init_roundtrip \ + pkcs12_s2k_pem dn2 tls12-rehandshake-cert-3 nul-in-x509-names \ + x509_altname pkcs12_encode mini-x509 gnutls_session_set_id \ + rng-fork mini-eagain-dtls resume-dtls empty_retrieve_function \ + tls13-rehandshake-cert gnutls_ext_raw_parse \ + handshake-large-cert x509cert x509cert-tl x509cert-ct \ + infoaccess mini-dtls-hello-verify sign-verify-ed25519-rfc8080 \ + trustdb-tofu dtls-rehandshake-anon mini-alpn mini-dtls-large \ + mini-termination mini-x509-cas mini-x509-2 pkcs12_simple \ + tls-pthread mini-emsgsize-dtls chainverify-unsorted \ + mini-overhead tls12-ffdhe mini-dtls-heartbeat \ + mini-x509-callbacks key-openssl priorities priorities-groups \ + gnutls_x509_privkey_import gnutls_x509_crt_list_import time \ + x509-server-verify sign-verify-ext4 tls-neg-ext4-key \ + resume-lifetime mini-dtls-srtp rsa-encrypt-decrypt \ + mini-loss-time gnutls-strcodes mini-record mini-dtls-record \ + handshake-timeout mini-record-range cert-status \ + fips-mode-pthread rsa-psk global-init sec-params \ + sign-verify-data fips-test fips-override-test mini-global-load \ + name-constraints x509-extensions long-session-id \ + mini-x509-callbacks-intr mini-dtls-lowmtu \ + set_x509_key_file-late crlverify mini-dtls-discard \ + mini-record-failure openconnect-dtls12 \ + tls12-rehandshake-cert-2 custom-urls set_x509_key_mem \ + set_x509_key_file tls12-rehandshake-cert-auto \ + tls12-rehandshake-set-prio mini-chain-unsorted \ + x509-verify-with-crl mini-dtls-mtu privkey-verify-broken \ + mini-dtls-record-asym key-import-export priority-set \ + priority-set2 pubkey-import-export sign-is-secure spki \ + spki-abstract rsa-rsa-pss mini-dtls-fork dtls-pthread \ + mini-key-material x509cert-invalid tls-ext-register \ + tls-supplemental mini-dtls0-9 duplicate-extensions \ + record-retvals mini-server-name tls-etm tls-force-etm \ + x509-cert-callback alerts client-sign-md5-rep \ + tls12-invalid-key-exchanges session-rdn-read \ + tls13-cert-key-exchange x509-cert-callback-ocsp \ + gnutls_ocsp_resp_list_import2 server-sign-md5-rep \ + privkey-keygen mini-tls-nonblock no-signal pkcs7-gen dtls-etm \ + x509sign-verify-rsa x509sign-verify-ecdsa x509sign-verify-gost \ + cipher-alignment oids atfork prf psk-file priority-init2 \ + post-client-hello-change-prio status-request status-request-ok \ + rfc7633-missing sign-verify-ext fallback-scsv pkcs8-key-decode \ + urls dtls-rehandshake-cert rfc7633-ok key-usage-rsa \ + key-usage-ecdhe-rsa mini-session-verify-function auto-verify \ + record-timeouts mini-dtls-hello-verify-48 set-default-prio \ + tls12-anon-upgrade tlsext-decoding rsa-psk-cb gnutls-ids \ + rehandshake-switch-cert rehandshake-switch-cert-allow \ + rehandshake-switch-cert-client \ + rehandshake-switch-cert-client-allow handshake-versions \ + dtls-handshake-versions dtls-max-record tls12-max-record \ + alpn-server-prec ocsp-filename-memleak dh-params \ + rehandshake-ext-secret pcert-list session-export-funcs \ + handshake-false-start version-checks key-material-dtls \ + key-material-set-dtls name-constraints-merge crl-basic \ + crq-basic send-client-cert custom-urls-override hex \ + rehandshake-switch-psk-id rehandshake-switch-srp-id base64 \ + srpbase64 pkcs1-digest-info set_x509_key set_x509_key_file_der \ + set_x509_pkcs12_key crt_apis tls12-cert-key-exchange \ + tls11-cert-key-exchange tls10-cert-key-exchange \ + ssl30-cert-key-exchange dtls12-cert-key-exchange \ + dtls10-cert-key-exchange x509-cert-callback-legacy keylog-env \ + ssl2-hello tlsfeature-ext dtls-rehandshake-cert-2 \ + dtls-session-ticket-lost tlsfeature-crt \ + dtls-rehandshake-cert-3 resume-with-false-start \ + set_x509_key_file_ocsp client-fastopen rng-sigint srp \ + rng-pthread safe-renegotiation/srn0 safe-renegotiation/srn1 \ + safe-renegotiation/srn2 safe-renegotiation/srn3 \ + safe-renegotiation/srn4 safe-renegotiation/srn5 \ + rsa-illegal-import set_x509_ocsp_multi_invalid set_key \ + set_x509_key_file_ocsp_multi2 set_x509_ocsp_multi_unknown \ + set_x509_ocsp_multi_pem tls-ext-not-in-dtls set_key_utf8 \ + set_x509_key_utf8 insecure_key handshake-large-packet \ + client_dsa_key server_ecdsa_key tls-session-ext-register \ + tls-session-supplemental multi-alerts naked-alerts \ + pkcs7-cat-parse set_known_dh_params_x509 \ + set_known_dh_params_anon set_known_dh_params_psk \ + session-tickets-ok session-tickets-missing \ + set_x509_key_file_legacy status-request-ext \ + gnutls_x509_crt_sign gnutls_x509_crq_sign dtls-repro-20170915 \ + rng-no-onload dtls1-2-mtu-check crl_apis cert_verify_inv_utf8 \ + no-extensions hostname-check-utf8 pkcs8-key-decode-encrypted \ + priority-mix pkcs7 send-data-before-handshake \ + recv-data-before-handshake crt_inv_write x509sign-verify-error \ + rng-op-nonce rng-op-random rng-op-key x509-dn-decode-compat \ + ip-check mini-x509-ipaddr trust-store base64-raw random-art \ + dhex509self dss-sig-val sign-pk-api tls-session-ext-override \ + record-pad tls13-server-kx-neg gnutls_ext_raw_parse_dtls \ + key-export-pkcs8 null_retrieve_function tls-record-size-limit \ + tls-crt_type-neg resume-with-stek-expiration \ + resume-with-previous-stek rawpk-api tls-record-size-limit-asym \ + dh-compute ecdh-compute sign-verify-data-newapi \ + sign-verify-newapi sign-verify-deterministic iov \ + aead-cipher-vec tls13-without-timeout-func buffer \ + status-request-revoked set_x509_ocsp_multi_cli kdf-api \ + keylog-func handshake-write x509cert-dntypes id-on-xmppAddr \ + tls13-compat-mode ciphersuite-name x509-upnconstraint \ + cipher-padding pkcs7-verify-double-free fips-rsa-sizes \ + tls-channel-binding $(am__append_4) $(am__append_5) \ + $(am__append_6) $(am__append_7) $(am__append_9) \ + $(am__append_10) $(am__append_11) $(am__append_12) \ + $(am__append_13) $(am__append_14) record-sendfile \ + $(am__append_15) $(am__append_30) +@HAVE_CMOCKA_TRUE@CMOCKA_LDADD = $(COMMON_LDADD) $(CMOCKA_LIBS) +@HAVE_CMOCKA_TRUE@gnutls_record_overhead_LDADD = $(CMOCKA_LDADD) +@HAVE_CMOCKA_TRUE@dtls_sliding_window_LDADD = $(CMOCKA_LDADD) +@HAVE_CMOCKA_TRUE@ip_utils_LDADD = $(CMOCKA_LDADD) +@HAVE_CMOCKA_TRUE@name_constraints_ip_LDADD = $(CMOCKA_LDADD) +@HAVE_CMOCKA_TRUE@conv_utf8_LDADD = $(CMOCKA_LDADD) +@HAVE_CMOCKA_TRUE@str_unicode_LDADD = $(CMOCKA_LDADD) +@HAVE_CMOCKA_TRUE@str_idna_LDADD = $(CMOCKA_LDADD) +@HAVE_CMOCKA_TRUE@tls10_prf_LDADD = $(CMOCKA_LDADD) +@HAVE_CMOCKA_TRUE@tls12_prf_LDADD = $(CMOCKA_LDADD) +@HAVE_CMOCKA_TRUE@eagain_LDADD = $(CMOCKA_LDADD) +@HAVE_CMOCKA_TRUE@eagain_auto_auth_LDADD = $(CMOCKA_LDADD) +@HAVE_CMOCKA_TRUE@tls12_rehandshake_cert_LDADD = $(CMOCKA_LDADD) +@HAVE_CMOCKA_TRUE@gnutls_record_overhead_CPPFLAGS = $(AM_CPPFLAGS) \ +@HAVE_CMOCKA_TRUE@ -I$(top_srcdir)/gl \ +@HAVE_CMOCKA_TRUE@ -I$(top_builddir)/gl + +@HAVE_CMOCKA_TRUE@ip_utils_CPPFLAGS = $(AM_CPPFLAGS) \ +@HAVE_CMOCKA_TRUE@ -I$(top_srcdir)/gl \ +@HAVE_CMOCKA_TRUE@ -I$(top_builddir)/gl + +tls_pthread_LDADD = $(LDADD) -lpthread +fips_mode_pthread_LDADD = $(LDADD) -lpthread +dtls_pthread_LDADD = $(LDADD) -lpthread +rng_pthread_LDADD = $(LDADD) -lpthread +tls12_rollback_detection_CFLAGS = -DTLS12 +tls12_rollback_detection_SOURCES = tls13/rnd-rollback-detection.c +tls12_rollback_detection_LDADD = $(LDADD) ../gl/libgnu.la +tls11_rollback_detection_CFLAGS = -DTLS11 +tls11_rollback_detection_SOURCES = tls13/rnd-rollback-detection.c +tls11_rollback_detection_LDADD = $(LDADD) ../gl/libgnu.la +tls12_check_rollback_val_CFLAGS = -DTLS12 +tls12_check_rollback_val_SOURCES = tls13/rnd-check-rollback-val.c +tls12_check_rollback_val_LDADD = $(LDADD) ../gl/libgnu.la +tls11_check_rollback_val_CFLAGS = -DTLS11 +tls11_check_rollback_val_SOURCES = tls13/rnd-check-rollback-val.c +tls11_check_rollback_val_LDADD = $(LDADD) ../gl/libgnu.la + +# These tests need gnulib for memmem() +tls12_resume_psk_CFLAGS = -DUSE_PSK -DTLS12 +tls12_resume_psk_SOURCES = resume.c +tls12_resume_psk_LDADD = $(LDADD) ../gl/libgnu.la +tls12_resume_anon_CFLAGS = -DUSE_ANON -DTLS12 +tls12_resume_anon_SOURCES = resume.c +tls12_resume_anon_LDADD = $(LDADD) ../gl/libgnu.la +tls12_resume_x509_CFLAGS = -DUSE_X509 -DTLS12 +tls12_resume_x509_SOURCES = resume.c +tls12_resume_x509_LDADD = $(LDADD) ../gl/libgnu.la +tls13_resume_psk_CFLAGS = -DUSE_PSK -DTLS13 +tls13_resume_psk_SOURCES = resume.c +tls13_resume_psk_LDADD = $(LDADD) ../gl/libgnu.la +tls13_resume_x509_CFLAGS = -DUSE_X509 -DTLS13 +tls13_resume_x509_SOURCES = resume.c +tls13_resume_x509_LDADD = $(LDADD) ../gl/libgnu.la +dtls_repro_20170915_SOURCES = dtls-repro-20170915.c common-cert-key-exchange.c cert-repro-20170915.h +dtls12_cert_key_exchange_SOURCES = common-cert-key-exchange.c dtls12-cert-key-exchange.c common-cert-key-exchange.h +dtls10_cert_key_exchange_SOURCES = common-cert-key-exchange.c dtls10-cert-key-exchange.c common-cert-key-exchange.h +tls13_cert_key_exchange_SOURCES = common-cert-key-exchange.c tls13-cert-key-exchange.c common-cert-key-exchange.h +tls12_cert_key_exchange_SOURCES = common-cert-key-exchange.c tls12-cert-key-exchange.c common-cert-key-exchange.h +tls11_cert_key_exchange_SOURCES = common-cert-key-exchange.c tls11-cert-key-exchange.c common-cert-key-exchange.h +tls10_cert_key_exchange_SOURCES = common-cert-key-exchange.c tls10-cert-key-exchange.c common-cert-key-exchange.h +ssl30_cert_key_exchange_SOURCES = common-cert-key-exchange.c ssl30-cert-key-exchange.c common-cert-key-exchange.h +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@libpkcs11mock1_la_SOURCES = pkcs11/pkcs11-mock.c pkcs11/pkcs11-mock.h pkcs11/pkcs11-mock-ext.h +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@libpkcs11mock1_la_LDFLAGS = -shared -rpath $(pkglibdir) -module -no-undefined -avoid-version +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@libpkcs11mock1_la_LIBADD = ../gl/libgnu.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@libpkcs11mock2_la_SOURCES = pkcs11/pkcs11-mock2.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@libpkcs11mock2_la_LDFLAGS = -shared -rpath $(pkglibdir) -module -no-undefined -avoid-version +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@libpkcs11mock2_la_LIBADD = ../gl/libgnu.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_cert_import_url_exts_SOURCES = pkcs11/pkcs11-cert-import-url-exts.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_cert_import_url_exts_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_cert_import_url4_exts_SOURCES = pkcs11/pkcs11-cert-import-url4-exts.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_cert_import_url4_exts_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_get_exts_SOURCES = pkcs11/pkcs11-get-exts.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_get_exts_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_get_raw_issuer_exts_SOURCES = pkcs11/pkcs11-get-raw-issuer-exts.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_get_raw_issuer_exts_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_import_url_privkey_SOURCES = pkcs11/pkcs11-import-url-privkey.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_import_url_privkey_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_import_url_privkey_LDADD = $(LDADD) $(LIBDL) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_token_raw_SOURCES = pkcs11/pkcs11-token-raw.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_token_raw_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_token_raw_LDADD = $(LDADD) $(LIBDL) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_obj_raw_SOURCES = pkcs11/pkcs11-obj-raw.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_obj_raw_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_obj_raw_LDADD = $(LDADD) $(LIBDL) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_import_url_privkey_caps_SOURCES = pkcs11/pkcs11-import-url-privkey.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_import_url_privkey_caps_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_import_url_privkey_caps_LDADD = $(LDADD) $(LIBDL) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_import_url_privkey_caps_CFLAGS = -DALL_CAPS_URI +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_fork_SOURCES = pkcs11/pkcs11-privkey-fork.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_fork_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_fork_LDADD = $(LDADD) $(LIBDL) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_fork_reinit_SOURCES = pkcs11/pkcs11-privkey-fork-reinit.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_fork_reinit_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_fork_reinit_LDADD = $(LDADD) $(LIBDL) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_mechanisms_SOURCES = pkcs11/pkcs11-mechanisms.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_mechanisms_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_mechanisms_LDADD = $(LDADD) $(LIBDL) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_export_SOURCES = pkcs11/pkcs11-privkey-export.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_export_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_export_LDADD = $(LDADD) $(LIBDL) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_always_auth_SOURCES = pkcs11/pkcs11-privkey-always-auth.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_always_auth_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_always_auth_LDADD = $(LDADD) $(LIBDL) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_safenet_always_auth_SOURCES = pkcs11/pkcs11-privkey-safenet-always-auth.c +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_safenet_always_auth_DEPENDENCIES = libpkcs11mock1.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_privkey_safenet_always_auth_LDADD = $(LDADD) $(LIBDL) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_pkcs11_privkey_pthread_LDADD = $(LDADD) -lpthread +rsa_illegal_import_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) +cipher_alignment_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) +cipher_alignment_LDADD = $(LDADD) $(NETTLE_LIBS) +@ENABLE_OPENSSL_TRUE@openssl_LDADD = ../extra/libgnutls-openssl.la $(LDADD) +gc_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +mpi_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +atfork_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +pkcs12_s2k_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +name_constraints_merge_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +murmur3_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +tls13_anti_replay_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +iov_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +buffer_CPPFLAGS = $(AM_CPPFLAGS) \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl + +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@tls13_post_handshake_with_cert_pkcs11_DEPENDENCIES = libpkcs11mock2.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@tls13_post_handshake_with_cert_pkcs11_LDADD = $(LDADD) $(LIBDL) +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_tls_neg_pkcs11_no_key_DEPENDENCIES = libpkcs11mock2.la libutils.la +@ENABLE_PKCS11_TRUE@@WINDOWS_FALSE@pkcs11_tls_neg_pkcs11_no_key_LDADD = $(LDADD) $(LIBDL) +dist_check_SCRIPTS = rfc2253-escape-test.sh \ + rsa-md5-collision/rsa-md5-collision.sh systemkey.sh \ + $(am__append_16) $(am__append_18) $(am__append_19) \ + $(am__append_21) $(am__append_23) $(am__append_24) \ + $(am__append_25) $(am__append_27) $(am__append_28) +@WINDOWS_FALSE@dtls_stress_SOURCES = dtls/dtls-stress.c +@WINDOWS_FALSE@dtls_stress_LDADD = $(COMMON_GNUTLS_LDADD) \ +@WINDOWS_FALSE@ $(COMMON_DEPS_LDADD) + +@WINDOWS_TRUE@win32_certopenstore_SOURCES = win-certopenstore.c +@WINDOWS_TRUE@win32_certopenstore_LDADD = $(LDADD) -lcrypt32 +cpptests = $(am__append_31) +@ENABLE_CXX_TRUE@@HAVE_CMOCKA_TRUE@sanity_cpp_SOURCES = sanity-cpp.cpp +@ENABLE_CXX_TRUE@@HAVE_CMOCKA_TRUE@sanity_cpp_LDADD = $(CMOCKA_LDADD) ../lib/libgnutlsxx.la +@ENABLE_CXX_TRUE@@HAVE_CMOCKA_TRUE@sanity_cpp_CXXFLAGS = $(AM_CPPFLAGS) \ +@ENABLE_CXX_TRUE@@HAVE_CMOCKA_TRUE@ -I$(top_srcdir)/gl \ +@ENABLE_CXX_TRUE@@HAVE_CMOCKA_TRUE@ -I$(top_builddir)/gl + +TEST_EXTENSIONS = .sh +SH_LOG_COMPILER = $(SHELL) +LOG_COMPILER = $(LOG_VALGRIND) +all: all-recursive + +.SUFFIXES: +.SUFFIXES: .c .cpp .lo .log .o .obj .sh .sh$(EXEEXT) .trs +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign tests/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +pkcs11/$(am__dirstamp): + @$(MKDIR_P) pkcs11 + @: > pkcs11/$(am__dirstamp) +pkcs11/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) pkcs11/$(DEPDIR) + @: > pkcs11/$(DEPDIR)/$(am__dirstamp) +pkcs11/pkcs11-mock.lo: pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +libpkcs11mock1.la: $(libpkcs11mock1_la_OBJECTS) $(libpkcs11mock1_la_DEPENDENCIES) $(EXTRA_libpkcs11mock1_la_DEPENDENCIES) + $(AM_V_CCLD)$(libpkcs11mock1_la_LINK) $(am_libpkcs11mock1_la_rpath) $(libpkcs11mock1_la_OBJECTS) $(libpkcs11mock1_la_LIBADD) $(LIBS) +pkcs11/pkcs11-mock2.lo: pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +libpkcs11mock2.la: $(libpkcs11mock2_la_OBJECTS) $(libpkcs11mock2_la_DEPENDENCIES) $(EXTRA_libpkcs11mock2_la_DEPENDENCIES) + $(AM_V_CCLD)$(libpkcs11mock2_la_LINK) $(am_libpkcs11mock2_la_rpath) $(libpkcs11mock2_la_OBJECTS) $(libpkcs11mock2_la_LIBADD) $(LIBS) + +libutils.la: $(libutils_la_OBJECTS) $(libutils_la_DEPENDENCIES) $(EXTRA_libutils_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) $(libutils_la_OBJECTS) $(libutils_la_LIBADD) $(LIBS) + +aead-cipher-vec$(EXEEXT): $(aead_cipher_vec_OBJECTS) $(aead_cipher_vec_DEPENDENCIES) $(EXTRA_aead_cipher_vec_DEPENDENCIES) + @rm -f aead-cipher-vec$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(aead_cipher_vec_OBJECTS) $(aead_cipher_vec_LDADD) $(LIBS) + +alerts$(EXEEXT): $(alerts_OBJECTS) $(alerts_DEPENDENCIES) $(EXTRA_alerts_DEPENDENCIES) + @rm -f alerts$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(alerts_OBJECTS) $(alerts_LDADD) $(LIBS) + +alpn-server-prec$(EXEEXT): $(alpn_server_prec_OBJECTS) $(alpn_server_prec_DEPENDENCIES) $(EXTRA_alpn_server_prec_DEPENDENCIES) + @rm -f alpn-server-prec$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(alpn_server_prec_OBJECTS) $(alpn_server_prec_LDADD) $(LIBS) + +anonself$(EXEEXT): $(anonself_OBJECTS) $(anonself_DEPENDENCIES) $(EXTRA_anonself_DEPENDENCIES) + @rm -f anonself$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(anonself_OBJECTS) $(anonself_LDADD) $(LIBS) + +atfork$(EXEEXT): $(atfork_OBJECTS) $(atfork_DEPENDENCIES) $(EXTRA_atfork_DEPENDENCIES) + @rm -f atfork$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(atfork_OBJECTS) $(atfork_LDADD) $(LIBS) + +auto-verify$(EXEEXT): $(auto_verify_OBJECTS) $(auto_verify_DEPENDENCIES) $(EXTRA_auto_verify_DEPENDENCIES) + @rm -f auto-verify$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(auto_verify_OBJECTS) $(auto_verify_LDADD) $(LIBS) + +base64$(EXEEXT): $(base64_OBJECTS) $(base64_DEPENDENCIES) $(EXTRA_base64_DEPENDENCIES) + @rm -f base64$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(base64_OBJECTS) $(base64_LDADD) $(LIBS) + +base64-raw$(EXEEXT): $(base64_raw_OBJECTS) $(base64_raw_DEPENDENCIES) $(EXTRA_base64_raw_DEPENDENCIES) + @rm -f base64-raw$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(base64_raw_OBJECTS) $(base64_raw_LDADD) $(LIBS) + +buffer$(EXEEXT): $(buffer_OBJECTS) $(buffer_DEPENDENCIES) $(EXTRA_buffer_DEPENDENCIES) + @rm -f buffer$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(buffer_OBJECTS) $(buffer_LDADD) $(LIBS) + +cert$(EXEEXT): $(cert_OBJECTS) $(cert_DEPENDENCIES) $(EXTRA_cert_DEPENDENCIES) + @rm -f cert$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cert_OBJECTS) $(cert_LDADD) $(LIBS) + +cert-status$(EXEEXT): $(cert_status_OBJECTS) $(cert_status_DEPENDENCIES) $(EXTRA_cert_status_DEPENDENCIES) + @rm -f cert-status$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cert_status_OBJECTS) $(cert_status_LDADD) $(LIBS) + +cert_verify_inv_utf8$(EXEEXT): $(cert_verify_inv_utf8_OBJECTS) $(cert_verify_inv_utf8_DEPENDENCIES) $(EXTRA_cert_verify_inv_utf8_DEPENDENCIES) + @rm -f cert_verify_inv_utf8$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cert_verify_inv_utf8_OBJECTS) $(cert_verify_inv_utf8_LDADD) $(LIBS) + +certificate_set_x509_crl$(EXEEXT): $(certificate_set_x509_crl_OBJECTS) $(certificate_set_x509_crl_DEPENDENCIES) $(EXTRA_certificate_set_x509_crl_DEPENDENCIES) + @rm -f certificate_set_x509_crl$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(certificate_set_x509_crl_OBJECTS) $(certificate_set_x509_crl_LDADD) $(LIBS) + +certuniqueid$(EXEEXT): $(certuniqueid_OBJECTS) $(certuniqueid_DEPENDENCIES) $(EXTRA_certuniqueid_DEPENDENCIES) + @rm -f certuniqueid$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(certuniqueid_OBJECTS) $(certuniqueid_LDADD) $(LIBS) + +chainverify$(EXEEXT): $(chainverify_OBJECTS) $(chainverify_DEPENDENCIES) $(EXTRA_chainverify_DEPENDENCIES) + @rm -f chainverify$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(chainverify_OBJECTS) $(chainverify_LDADD) $(LIBS) + +chainverify-unsorted$(EXEEXT): $(chainverify_unsorted_OBJECTS) $(chainverify_unsorted_DEPENDENCIES) $(EXTRA_chainverify_unsorted_DEPENDENCIES) + @rm -f chainverify-unsorted$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(chainverify_unsorted_OBJECTS) $(chainverify_unsorted_LDADD) $(LIBS) + +cipher-alignment$(EXEEXT): $(cipher_alignment_OBJECTS) $(cipher_alignment_DEPENDENCIES) $(EXTRA_cipher_alignment_DEPENDENCIES) + @rm -f cipher-alignment$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cipher_alignment_OBJECTS) $(cipher_alignment_LDADD) $(LIBS) + +cipher-padding$(EXEEXT): $(cipher_padding_OBJECTS) $(cipher_padding_DEPENDENCIES) $(EXTRA_cipher_padding_DEPENDENCIES) + @rm -f cipher-padding$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cipher_padding_OBJECTS) $(cipher_padding_LDADD) $(LIBS) + +ciphersuite-name$(EXEEXT): $(ciphersuite_name_OBJECTS) $(ciphersuite_name_DEPENDENCIES) $(EXTRA_ciphersuite_name_DEPENDENCIES) + @rm -f ciphersuite-name$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ciphersuite_name_OBJECTS) $(ciphersuite_name_LDADD) $(LIBS) + +client-fastopen$(EXEEXT): $(client_fastopen_OBJECTS) $(client_fastopen_DEPENDENCIES) $(EXTRA_client_fastopen_DEPENDENCIES) + @rm -f client-fastopen$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(client_fastopen_OBJECTS) $(client_fastopen_LDADD) $(LIBS) + +client-sign-md5-rep$(EXEEXT): $(client_sign_md5_rep_OBJECTS) $(client_sign_md5_rep_DEPENDENCIES) $(EXTRA_client_sign_md5_rep_DEPENDENCIES) + @rm -f client-sign-md5-rep$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(client_sign_md5_rep_OBJECTS) $(client_sign_md5_rep_LDADD) $(LIBS) + +client_dsa_key$(EXEEXT): $(client_dsa_key_OBJECTS) $(client_dsa_key_DEPENDENCIES) $(EXTRA_client_dsa_key_DEPENDENCIES) + @rm -f client_dsa_key$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(client_dsa_key_OBJECTS) $(client_dsa_key_LDADD) $(LIBS) + +conv-utf8$(EXEEXT): $(conv_utf8_OBJECTS) $(conv_utf8_DEPENDENCIES) $(EXTRA_conv_utf8_DEPENDENCIES) + @rm -f conv-utf8$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(conv_utf8_OBJECTS) $(conv_utf8_LDADD) $(LIBS) + +crl-basic$(EXEEXT): $(crl_basic_OBJECTS) $(crl_basic_DEPENDENCIES) $(EXTRA_crl_basic_DEPENDENCIES) + @rm -f crl-basic$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(crl_basic_OBJECTS) $(crl_basic_LDADD) $(LIBS) + +crl_apis$(EXEEXT): $(crl_apis_OBJECTS) $(crl_apis_DEPENDENCIES) $(EXTRA_crl_apis_DEPENDENCIES) + @rm -f crl_apis$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(crl_apis_OBJECTS) $(crl_apis_LDADD) $(LIBS) + +crlverify$(EXEEXT): $(crlverify_OBJECTS) $(crlverify_DEPENDENCIES) $(EXTRA_crlverify_DEPENDENCIES) + @rm -f crlverify$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(crlverify_OBJECTS) $(crlverify_LDADD) $(LIBS) + +crq-basic$(EXEEXT): $(crq_basic_OBJECTS) $(crq_basic_DEPENDENCIES) $(EXTRA_crq_basic_DEPENDENCIES) + @rm -f crq-basic$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(crq_basic_OBJECTS) $(crq_basic_LDADD) $(LIBS) + +crq_apis$(EXEEXT): $(crq_apis_OBJECTS) $(crq_apis_DEPENDENCIES) $(EXTRA_crq_apis_DEPENDENCIES) + @rm -f crq_apis$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(crq_apis_OBJECTS) $(crq_apis_LDADD) $(LIBS) + +crq_key_id$(EXEEXT): $(crq_key_id_OBJECTS) $(crq_key_id_DEPENDENCIES) $(EXTRA_crq_key_id_DEPENDENCIES) + @rm -f crq_key_id$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(crq_key_id_OBJECTS) $(crq_key_id_LDADD) $(LIBS) + +crt_apis$(EXEEXT): $(crt_apis_OBJECTS) $(crt_apis_DEPENDENCIES) $(EXTRA_crt_apis_DEPENDENCIES) + @rm -f crt_apis$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(crt_apis_OBJECTS) $(crt_apis_LDADD) $(LIBS) + +crt_inv_write$(EXEEXT): $(crt_inv_write_OBJECTS) $(crt_inv_write_DEPENDENCIES) $(EXTRA_crt_inv_write_DEPENDENCIES) + @rm -f crt_inv_write$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(crt_inv_write_OBJECTS) $(crt_inv_write_LDADD) $(LIBS) + +custom-urls$(EXEEXT): $(custom_urls_OBJECTS) $(custom_urls_DEPENDENCIES) $(EXTRA_custom_urls_DEPENDENCIES) + @rm -f custom-urls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(custom_urls_OBJECTS) $(custom_urls_LDADD) $(LIBS) + +custom-urls-override$(EXEEXT): $(custom_urls_override_OBJECTS) $(custom_urls_override_DEPENDENCIES) $(EXTRA_custom_urls_override_DEPENDENCIES) + @rm -f custom-urls-override$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(custom_urls_override_OBJECTS) $(custom_urls_override_LDADD) $(LIBS) + +cve-2008-4989$(EXEEXT): $(cve_2008_4989_OBJECTS) $(cve_2008_4989_DEPENDENCIES) $(EXTRA_cve_2008_4989_DEPENDENCIES) + @rm -f cve-2008-4989$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cve_2008_4989_OBJECTS) $(cve_2008_4989_LDADD) $(LIBS) + +cve-2009-1415$(EXEEXT): $(cve_2009_1415_OBJECTS) $(cve_2009_1415_DEPENDENCIES) $(EXTRA_cve_2009_1415_DEPENDENCIES) + @rm -f cve-2009-1415$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cve_2009_1415_OBJECTS) $(cve_2009_1415_LDADD) $(LIBS) + +cve-2009-1416$(EXEEXT): $(cve_2009_1416_OBJECTS) $(cve_2009_1416_DEPENDENCIES) $(EXTRA_cve_2009_1416_DEPENDENCIES) + @rm -f cve-2009-1416$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cve_2009_1416_OBJECTS) $(cve_2009_1416_LDADD) $(LIBS) + +dane$(EXEEXT): $(dane_OBJECTS) $(dane_DEPENDENCIES) $(EXTRA_dane_DEPENDENCIES) + @rm -f dane$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dane_OBJECTS) $(dane_LDADD) $(LIBS) + +dane-strcodes$(EXEEXT): $(dane_strcodes_OBJECTS) $(dane_strcodes_DEPENDENCIES) $(EXTRA_dane_strcodes_DEPENDENCIES) + @rm -f dane-strcodes$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dane_strcodes_OBJECTS) $(dane_strcodes_LDADD) $(LIBS) + +datefudge-check$(EXEEXT): $(datefudge_check_OBJECTS) $(datefudge_check_DEPENDENCIES) $(EXTRA_datefudge_check_DEPENDENCIES) + @rm -f datefudge-check$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(datefudge_check_OBJECTS) $(datefudge_check_LDADD) $(LIBS) + +dh-compute$(EXEEXT): $(dh_compute_OBJECTS) $(dh_compute_DEPENDENCIES) $(EXTRA_dh_compute_DEPENDENCIES) + @rm -f dh-compute$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dh_compute_OBJECTS) $(dh_compute_LDADD) $(LIBS) + +dh-params$(EXEEXT): $(dh_params_OBJECTS) $(dh_params_DEPENDENCIES) $(EXTRA_dh_params_DEPENDENCIES) + @rm -f dh-params$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dh_params_OBJECTS) $(dh_params_LDADD) $(LIBS) + +dhepskself$(EXEEXT): $(dhepskself_OBJECTS) $(dhepskself_DEPENDENCIES) $(EXTRA_dhepskself_DEPENDENCIES) + @rm -f dhepskself$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dhepskself_OBJECTS) $(dhepskself_LDADD) $(LIBS) + +dhex509self$(EXEEXT): $(dhex509self_OBJECTS) $(dhex509self_DEPENDENCIES) $(EXTRA_dhex509self_DEPENDENCIES) + @rm -f dhex509self$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dhex509self_OBJECTS) $(dhex509self_LDADD) $(LIBS) + +dn$(EXEEXT): $(dn_OBJECTS) $(dn_DEPENDENCIES) $(EXTRA_dn_DEPENDENCIES) + @rm -f dn$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dn_OBJECTS) $(dn_LDADD) $(LIBS) + +dn2$(EXEEXT): $(dn2_OBJECTS) $(dn2_DEPENDENCIES) $(EXTRA_dn2_DEPENDENCIES) + @rm -f dn2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dn2_OBJECTS) $(dn2_LDADD) $(LIBS) + +dss-sig-val$(EXEEXT): $(dss_sig_val_OBJECTS) $(dss_sig_val_DEPENDENCIES) $(EXTRA_dss_sig_val_DEPENDENCIES) + @rm -f dss-sig-val$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dss_sig_val_OBJECTS) $(dss_sig_val_LDADD) $(LIBS) + +dtls-client-with-seccomp$(EXEEXT): $(dtls_client_with_seccomp_OBJECTS) $(dtls_client_with_seccomp_DEPENDENCIES) $(EXTRA_dtls_client_with_seccomp_DEPENDENCIES) + @rm -f dtls-client-with-seccomp$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_client_with_seccomp_OBJECTS) $(dtls_client_with_seccomp_LDADD) $(LIBS) + +dtls-etm$(EXEEXT): $(dtls_etm_OBJECTS) $(dtls_etm_DEPENDENCIES) $(EXTRA_dtls_etm_DEPENDENCIES) + @rm -f dtls-etm$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_etm_OBJECTS) $(dtls_etm_LDADD) $(LIBS) + +dtls-handshake-versions$(EXEEXT): $(dtls_handshake_versions_OBJECTS) $(dtls_handshake_versions_DEPENDENCIES) $(EXTRA_dtls_handshake_versions_DEPENDENCIES) + @rm -f dtls-handshake-versions$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_handshake_versions_OBJECTS) $(dtls_handshake_versions_LDADD) $(LIBS) + +dtls-max-record$(EXEEXT): $(dtls_max_record_OBJECTS) $(dtls_max_record_DEPENDENCIES) $(EXTRA_dtls_max_record_DEPENDENCIES) + @rm -f dtls-max-record$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_max_record_OBJECTS) $(dtls_max_record_LDADD) $(LIBS) + +dtls-pthread$(EXEEXT): $(dtls_pthread_OBJECTS) $(dtls_pthread_DEPENDENCIES) $(EXTRA_dtls_pthread_DEPENDENCIES) + @rm -f dtls-pthread$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_pthread_OBJECTS) $(dtls_pthread_LDADD) $(LIBS) + +dtls-rehandshake-anon$(EXEEXT): $(dtls_rehandshake_anon_OBJECTS) $(dtls_rehandshake_anon_DEPENDENCIES) $(EXTRA_dtls_rehandshake_anon_DEPENDENCIES) + @rm -f dtls-rehandshake-anon$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_rehandshake_anon_OBJECTS) $(dtls_rehandshake_anon_LDADD) $(LIBS) + +dtls-rehandshake-cert$(EXEEXT): $(dtls_rehandshake_cert_OBJECTS) $(dtls_rehandshake_cert_DEPENDENCIES) $(EXTRA_dtls_rehandshake_cert_DEPENDENCIES) + @rm -f dtls-rehandshake-cert$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_rehandshake_cert_OBJECTS) $(dtls_rehandshake_cert_LDADD) $(LIBS) + +dtls-rehandshake-cert-2$(EXEEXT): $(dtls_rehandshake_cert_2_OBJECTS) $(dtls_rehandshake_cert_2_DEPENDENCIES) $(EXTRA_dtls_rehandshake_cert_2_DEPENDENCIES) + @rm -f dtls-rehandshake-cert-2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_rehandshake_cert_2_OBJECTS) $(dtls_rehandshake_cert_2_LDADD) $(LIBS) + +dtls-rehandshake-cert-3$(EXEEXT): $(dtls_rehandshake_cert_3_OBJECTS) $(dtls_rehandshake_cert_3_DEPENDENCIES) $(EXTRA_dtls_rehandshake_cert_3_DEPENDENCIES) + @rm -f dtls-rehandshake-cert-3$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_rehandshake_cert_3_OBJECTS) $(dtls_rehandshake_cert_3_LDADD) $(LIBS) + +dtls-repro-20170915$(EXEEXT): $(dtls_repro_20170915_OBJECTS) $(dtls_repro_20170915_DEPENDENCIES) $(EXTRA_dtls_repro_20170915_DEPENDENCIES) + @rm -f dtls-repro-20170915$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_repro_20170915_OBJECTS) $(dtls_repro_20170915_LDADD) $(LIBS) + +dtls-session-ticket-lost$(EXEEXT): $(dtls_session_ticket_lost_OBJECTS) $(dtls_session_ticket_lost_DEPENDENCIES) $(EXTRA_dtls_session_ticket_lost_DEPENDENCIES) + @rm -f dtls-session-ticket-lost$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_session_ticket_lost_OBJECTS) $(dtls_session_ticket_lost_LDADD) $(LIBS) + +dtls-sliding-window$(EXEEXT): $(dtls_sliding_window_OBJECTS) $(dtls_sliding_window_DEPENDENCIES) $(EXTRA_dtls_sliding_window_DEPENDENCIES) + @rm -f dtls-sliding-window$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_sliding_window_OBJECTS) $(dtls_sliding_window_LDADD) $(LIBS) +dtls/$(am__dirstamp): + @$(MKDIR_P) dtls + @: > dtls/$(am__dirstamp) +dtls/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) dtls/$(DEPDIR) + @: > dtls/$(DEPDIR)/$(am__dirstamp) +dtls/dtls-stress.$(OBJEXT): dtls/$(am__dirstamp) \ + dtls/$(DEPDIR)/$(am__dirstamp) + +dtls-stress$(EXEEXT): $(dtls_stress_OBJECTS) $(dtls_stress_DEPENDENCIES) $(EXTRA_dtls_stress_DEPENDENCIES) + @rm -f dtls-stress$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_stress_OBJECTS) $(dtls_stress_LDADD) $(LIBS) + +dtls-with-seccomp$(EXEEXT): $(dtls_with_seccomp_OBJECTS) $(dtls_with_seccomp_DEPENDENCIES) $(EXTRA_dtls_with_seccomp_DEPENDENCIES) + @rm -f dtls-with-seccomp$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls_with_seccomp_OBJECTS) $(dtls_with_seccomp_LDADD) $(LIBS) + +dtls1-2-mtu-check$(EXEEXT): $(dtls1_2_mtu_check_OBJECTS) $(dtls1_2_mtu_check_DEPENDENCIES) $(EXTRA_dtls1_2_mtu_check_DEPENDENCIES) + @rm -f dtls1-2-mtu-check$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls1_2_mtu_check_OBJECTS) $(dtls1_2_mtu_check_LDADD) $(LIBS) + +dtls10-cert-key-exchange$(EXEEXT): $(dtls10_cert_key_exchange_OBJECTS) $(dtls10_cert_key_exchange_DEPENDENCIES) $(EXTRA_dtls10_cert_key_exchange_DEPENDENCIES) + @rm -f dtls10-cert-key-exchange$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls10_cert_key_exchange_OBJECTS) $(dtls10_cert_key_exchange_LDADD) $(LIBS) + +dtls12-cert-key-exchange$(EXEEXT): $(dtls12_cert_key_exchange_OBJECTS) $(dtls12_cert_key_exchange_DEPENDENCIES) $(EXTRA_dtls12_cert_key_exchange_DEPENDENCIES) + @rm -f dtls12-cert-key-exchange$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(dtls12_cert_key_exchange_OBJECTS) $(dtls12_cert_key_exchange_LDADD) $(LIBS) + +duplicate-extensions$(EXEEXT): $(duplicate_extensions_OBJECTS) $(duplicate_extensions_DEPENDENCIES) $(EXTRA_duplicate_extensions_DEPENDENCIES) + @rm -f duplicate-extensions$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(duplicate_extensions_OBJECTS) $(duplicate_extensions_LDADD) $(LIBS) + +eagain$(EXEEXT): $(eagain_OBJECTS) $(eagain_DEPENDENCIES) $(EXTRA_eagain_DEPENDENCIES) + @rm -f eagain$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(eagain_OBJECTS) $(eagain_LDADD) $(LIBS) + +eagain-auto-auth$(EXEEXT): $(eagain_auto_auth_OBJECTS) $(eagain_auto_auth_DEPENDENCIES) $(EXTRA_eagain_auto_auth_DEPENDENCIES) + @rm -f eagain-auto-auth$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(eagain_auto_auth_OBJECTS) $(eagain_auto_auth_LDADD) $(LIBS) + +ecdh-compute$(EXEEXT): $(ecdh_compute_OBJECTS) $(ecdh_compute_DEPENDENCIES) $(EXTRA_ecdh_compute_DEPENDENCIES) + @rm -f ecdh-compute$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ecdh_compute_OBJECTS) $(ecdh_compute_LDADD) $(LIBS) + +empty_retrieve_function$(EXEEXT): $(empty_retrieve_function_OBJECTS) $(empty_retrieve_function_DEPENDENCIES) $(EXTRA_empty_retrieve_function_DEPENDENCIES) + @rm -f empty_retrieve_function$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(empty_retrieve_function_OBJECTS) $(empty_retrieve_function_LDADD) $(LIBS) + +fallback-scsv$(EXEEXT): $(fallback_scsv_OBJECTS) $(fallback_scsv_DEPENDENCIES) $(EXTRA_fallback_scsv_DEPENDENCIES) + @rm -f fallback-scsv$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(fallback_scsv_OBJECTS) $(fallback_scsv_LDADD) $(LIBS) + +fips-mode-pthread$(EXEEXT): $(fips_mode_pthread_OBJECTS) $(fips_mode_pthread_DEPENDENCIES) $(EXTRA_fips_mode_pthread_DEPENDENCIES) + @rm -f fips-mode-pthread$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(fips_mode_pthread_OBJECTS) $(fips_mode_pthread_LDADD) $(LIBS) + +fips-override-test$(EXEEXT): $(fips_override_test_OBJECTS) $(fips_override_test_DEPENDENCIES) $(EXTRA_fips_override_test_DEPENDENCIES) + @rm -f fips-override-test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(fips_override_test_OBJECTS) $(fips_override_test_LDADD) $(LIBS) + +fips-rsa-sizes$(EXEEXT): $(fips_rsa_sizes_OBJECTS) $(fips_rsa_sizes_DEPENDENCIES) $(EXTRA_fips_rsa_sizes_DEPENDENCIES) + @rm -f fips-rsa-sizes$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(fips_rsa_sizes_OBJECTS) $(fips_rsa_sizes_LDADD) $(LIBS) + +fips-test$(EXEEXT): $(fips_test_OBJECTS) $(fips_test_DEPENDENCIES) $(EXTRA_fips_test_DEPENDENCIES) + @rm -f fips-test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(fips_test_OBJECTS) $(fips_test_LDADD) $(LIBS) + +global-init$(EXEEXT): $(global_init_OBJECTS) $(global_init_DEPENDENCIES) $(EXTRA_global_init_DEPENDENCIES) + @rm -f global-init$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(global_init_OBJECTS) $(global_init_LDADD) $(LIBS) + +global-init-override$(EXEEXT): $(global_init_override_OBJECTS) $(global_init_override_DEPENDENCIES) $(EXTRA_global_init_override_DEPENDENCIES) + @rm -f global-init-override$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(global_init_override_OBJECTS) $(global_init_override_LDADD) $(LIBS) + +gnutls-ids$(EXEEXT): $(gnutls_ids_OBJECTS) $(gnutls_ids_DEPENDENCIES) $(EXTRA_gnutls_ids_DEPENDENCIES) + @rm -f gnutls-ids$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_ids_OBJECTS) $(gnutls_ids_LDADD) $(LIBS) + +gnutls-strcodes$(EXEEXT): $(gnutls_strcodes_OBJECTS) $(gnutls_strcodes_DEPENDENCIES) $(EXTRA_gnutls_strcodes_DEPENDENCIES) + @rm -f gnutls-strcodes$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_strcodes_OBJECTS) $(gnutls_strcodes_LDADD) $(LIBS) + +gnutls_ext_raw_parse$(EXEEXT): $(gnutls_ext_raw_parse_OBJECTS) $(gnutls_ext_raw_parse_DEPENDENCIES) $(EXTRA_gnutls_ext_raw_parse_DEPENDENCIES) + @rm -f gnutls_ext_raw_parse$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_ext_raw_parse_OBJECTS) $(gnutls_ext_raw_parse_LDADD) $(LIBS) + +gnutls_ext_raw_parse_dtls$(EXEEXT): $(gnutls_ext_raw_parse_dtls_OBJECTS) $(gnutls_ext_raw_parse_dtls_DEPENDENCIES) $(EXTRA_gnutls_ext_raw_parse_dtls_DEPENDENCIES) + @rm -f gnutls_ext_raw_parse_dtls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_ext_raw_parse_dtls_OBJECTS) $(gnutls_ext_raw_parse_dtls_LDADD) $(LIBS) + +gnutls_hmac_fast$(EXEEXT): $(gnutls_hmac_fast_OBJECTS) $(gnutls_hmac_fast_DEPENDENCIES) $(EXTRA_gnutls_hmac_fast_DEPENDENCIES) + @rm -f gnutls_hmac_fast$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_hmac_fast_OBJECTS) $(gnutls_hmac_fast_LDADD) $(LIBS) + +gnutls_ktls$(EXEEXT): $(gnutls_ktls_OBJECTS) $(gnutls_ktls_DEPENDENCIES) $(EXTRA_gnutls_ktls_DEPENDENCIES) + @rm -f gnutls_ktls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_ktls_OBJECTS) $(gnutls_ktls_LDADD) $(LIBS) + +gnutls_ocsp_resp_list_import2$(EXEEXT): $(gnutls_ocsp_resp_list_import2_OBJECTS) $(gnutls_ocsp_resp_list_import2_DEPENDENCIES) $(EXTRA_gnutls_ocsp_resp_list_import2_DEPENDENCIES) + @rm -f gnutls_ocsp_resp_list_import2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_ocsp_resp_list_import2_OBJECTS) $(gnutls_ocsp_resp_list_import2_LDADD) $(LIBS) + +gnutls_record_overhead$(EXEEXT): $(gnutls_record_overhead_OBJECTS) $(gnutls_record_overhead_DEPENDENCIES) $(EXTRA_gnutls_record_overhead_DEPENDENCIES) + @rm -f gnutls_record_overhead$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_record_overhead_OBJECTS) $(gnutls_record_overhead_LDADD) $(LIBS) + +gnutls_session_set_id$(EXEEXT): $(gnutls_session_set_id_OBJECTS) $(gnutls_session_set_id_DEPENDENCIES) $(EXTRA_gnutls_session_set_id_DEPENDENCIES) + @rm -f gnutls_session_set_id$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_session_set_id_OBJECTS) $(gnutls_session_set_id_LDADD) $(LIBS) + +gnutls_x509_crq_sign$(EXEEXT): $(gnutls_x509_crq_sign_OBJECTS) $(gnutls_x509_crq_sign_DEPENDENCIES) $(EXTRA_gnutls_x509_crq_sign_DEPENDENCIES) + @rm -f gnutls_x509_crq_sign$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_x509_crq_sign_OBJECTS) $(gnutls_x509_crq_sign_LDADD) $(LIBS) + +gnutls_x509_crt_list_import$(EXEEXT): $(gnutls_x509_crt_list_import_OBJECTS) $(gnutls_x509_crt_list_import_DEPENDENCIES) $(EXTRA_gnutls_x509_crt_list_import_DEPENDENCIES) + @rm -f gnutls_x509_crt_list_import$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_x509_crt_list_import_OBJECTS) $(gnutls_x509_crt_list_import_LDADD) $(LIBS) + +gnutls_x509_crt_sign$(EXEEXT): $(gnutls_x509_crt_sign_OBJECTS) $(gnutls_x509_crt_sign_DEPENDENCIES) $(EXTRA_gnutls_x509_crt_sign_DEPENDENCIES) + @rm -f gnutls_x509_crt_sign$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_x509_crt_sign_OBJECTS) $(gnutls_x509_crt_sign_LDADD) $(LIBS) + +gnutls_x509_privkey_import$(EXEEXT): $(gnutls_x509_privkey_import_OBJECTS) $(gnutls_x509_privkey_import_DEPENDENCIES) $(EXTRA_gnutls_x509_privkey_import_DEPENDENCIES) + @rm -f gnutls_x509_privkey_import$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gnutls_x509_privkey_import_OBJECTS) $(gnutls_x509_privkey_import_LDADD) $(LIBS) + +handshake-false-start$(EXEEXT): $(handshake_false_start_OBJECTS) $(handshake_false_start_DEPENDENCIES) $(EXTRA_handshake_false_start_DEPENDENCIES) + @rm -f handshake-false-start$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(handshake_false_start_OBJECTS) $(handshake_false_start_LDADD) $(LIBS) + +handshake-large-cert$(EXEEXT): $(handshake_large_cert_OBJECTS) $(handshake_large_cert_DEPENDENCIES) $(EXTRA_handshake_large_cert_DEPENDENCIES) + @rm -f handshake-large-cert$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(handshake_large_cert_OBJECTS) $(handshake_large_cert_LDADD) $(LIBS) + +handshake-large-packet$(EXEEXT): $(handshake_large_packet_OBJECTS) $(handshake_large_packet_DEPENDENCIES) $(EXTRA_handshake_large_packet_DEPENDENCIES) + @rm -f handshake-large-packet$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(handshake_large_packet_OBJECTS) $(handshake_large_packet_LDADD) $(LIBS) + +handshake-timeout$(EXEEXT): $(handshake_timeout_OBJECTS) $(handshake_timeout_DEPENDENCIES) $(EXTRA_handshake_timeout_DEPENDENCIES) + @rm -f handshake-timeout$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(handshake_timeout_OBJECTS) $(handshake_timeout_LDADD) $(LIBS) + +handshake-versions$(EXEEXT): $(handshake_versions_OBJECTS) $(handshake_versions_DEPENDENCIES) $(EXTRA_handshake_versions_DEPENDENCIES) + @rm -f handshake-versions$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(handshake_versions_OBJECTS) $(handshake_versions_LDADD) $(LIBS) + +handshake-write$(EXEEXT): $(handshake_write_OBJECTS) $(handshake_write_DEPENDENCIES) $(EXTRA_handshake_write_DEPENDENCIES) + @rm -f handshake-write$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(handshake_write_OBJECTS) $(handshake_write_LDADD) $(LIBS) + +hex$(EXEEXT): $(hex_OBJECTS) $(hex_DEPENDENCIES) $(EXTRA_hex_DEPENDENCIES) + @rm -f hex$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(hex_OBJECTS) $(hex_LDADD) $(LIBS) + +hostname-check$(EXEEXT): $(hostname_check_OBJECTS) $(hostname_check_DEPENDENCIES) $(EXTRA_hostname_check_DEPENDENCIES) + @rm -f hostname-check$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(hostname_check_OBJECTS) $(hostname_check_LDADD) $(LIBS) + +hostname-check-utf8$(EXEEXT): $(hostname_check_utf8_OBJECTS) $(hostname_check_utf8_DEPENDENCIES) $(EXTRA_hostname_check_utf8_DEPENDENCIES) + @rm -f hostname-check-utf8$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(hostname_check_utf8_OBJECTS) $(hostname_check_utf8_LDADD) $(LIBS) + +id-on-xmppAddr$(EXEEXT): $(id_on_xmppAddr_OBJECTS) $(id_on_xmppAddr_DEPENDENCIES) $(EXTRA_id_on_xmppAddr_DEPENDENCIES) + @rm -f id-on-xmppAddr$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(id_on_xmppAddr_OBJECTS) $(id_on_xmppAddr_LDADD) $(LIBS) + +infoaccess$(EXEEXT): $(infoaccess_OBJECTS) $(infoaccess_DEPENDENCIES) $(EXTRA_infoaccess_DEPENDENCIES) + @rm -f infoaccess$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(infoaccess_OBJECTS) $(infoaccess_LDADD) $(LIBS) + +init_roundtrip$(EXEEXT): $(init_roundtrip_OBJECTS) $(init_roundtrip_DEPENDENCIES) $(EXTRA_init_roundtrip_DEPENDENCIES) + @rm -f init_roundtrip$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(init_roundtrip_OBJECTS) $(init_roundtrip_LDADD) $(LIBS) + +insecure_key$(EXEEXT): $(insecure_key_OBJECTS) $(insecure_key_DEPENDENCIES) $(EXTRA_insecure_key_DEPENDENCIES) + @rm -f insecure_key$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(insecure_key_OBJECTS) $(insecure_key_LDADD) $(LIBS) + +iov$(EXEEXT): $(iov_OBJECTS) $(iov_DEPENDENCIES) $(EXTRA_iov_DEPENDENCIES) + @rm -f iov$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(iov_OBJECTS) $(iov_LDADD) $(LIBS) + +ip-check$(EXEEXT): $(ip_check_OBJECTS) $(ip_check_DEPENDENCIES) $(EXTRA_ip_check_DEPENDENCIES) + @rm -f ip-check$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ip_check_OBJECTS) $(ip_check_LDADD) $(LIBS) + +ip-utils$(EXEEXT): $(ip_utils_OBJECTS) $(ip_utils_DEPENDENCIES) $(EXTRA_ip_utils_DEPENDENCIES) + @rm -f ip-utils$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ip_utils_OBJECTS) $(ip_utils_LDADD) $(LIBS) + +kdf-api$(EXEEXT): $(kdf_api_OBJECTS) $(kdf_api_DEPENDENCIES) $(EXTRA_kdf_api_DEPENDENCIES) + @rm -f kdf-api$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(kdf_api_OBJECTS) $(kdf_api_LDADD) $(LIBS) + +key-export-pkcs8$(EXEEXT): $(key_export_pkcs8_OBJECTS) $(key_export_pkcs8_DEPENDENCIES) $(EXTRA_key_export_pkcs8_DEPENDENCIES) + @rm -f key-export-pkcs8$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(key_export_pkcs8_OBJECTS) $(key_export_pkcs8_LDADD) $(LIBS) + +key-import-export$(EXEEXT): $(key_import_export_OBJECTS) $(key_import_export_DEPENDENCIES) $(EXTRA_key_import_export_DEPENDENCIES) + @rm -f key-import-export$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(key_import_export_OBJECTS) $(key_import_export_LDADD) $(LIBS) + +key-material-dtls$(EXEEXT): $(key_material_dtls_OBJECTS) $(key_material_dtls_DEPENDENCIES) $(EXTRA_key_material_dtls_DEPENDENCIES) + @rm -f key-material-dtls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(key_material_dtls_OBJECTS) $(key_material_dtls_LDADD) $(LIBS) + +key-material-set-dtls$(EXEEXT): $(key_material_set_dtls_OBJECTS) $(key_material_set_dtls_DEPENDENCIES) $(EXTRA_key_material_set_dtls_DEPENDENCIES) + @rm -f key-material-set-dtls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(key_material_set_dtls_OBJECTS) $(key_material_set_dtls_LDADD) $(LIBS) + +key-openssl$(EXEEXT): $(key_openssl_OBJECTS) $(key_openssl_DEPENDENCIES) $(EXTRA_key_openssl_DEPENDENCIES) + @rm -f key-openssl$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(key_openssl_OBJECTS) $(key_openssl_LDADD) $(LIBS) + +key-usage-ecdhe-rsa$(EXEEXT): $(key_usage_ecdhe_rsa_OBJECTS) $(key_usage_ecdhe_rsa_DEPENDENCIES) $(EXTRA_key_usage_ecdhe_rsa_DEPENDENCIES) + @rm -f key-usage-ecdhe-rsa$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(key_usage_ecdhe_rsa_OBJECTS) $(key_usage_ecdhe_rsa_LDADD) $(LIBS) + +key-usage-rsa$(EXEEXT): $(key_usage_rsa_OBJECTS) $(key_usage_rsa_DEPENDENCIES) $(EXTRA_key_usage_rsa_DEPENDENCIES) + @rm -f key-usage-rsa$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(key_usage_rsa_OBJECTS) $(key_usage_rsa_LDADD) $(LIBS) + +keylog-env$(EXEEXT): $(keylog_env_OBJECTS) $(keylog_env_DEPENDENCIES) $(EXTRA_keylog_env_DEPENDENCIES) + @rm -f keylog-env$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(keylog_env_OBJECTS) $(keylog_env_LDADD) $(LIBS) + +keylog-func$(EXEEXT): $(keylog_func_OBJECTS) $(keylog_func_DEPENDENCIES) $(EXTRA_keylog_func_DEPENDENCIES) + @rm -f keylog-func$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(keylog_func_OBJECTS) $(keylog_func_LDADD) $(LIBS) + +long-session-id$(EXEEXT): $(long_session_id_OBJECTS) $(long_session_id_DEPENDENCIES) $(EXTRA_long_session_id_DEPENDENCIES) + @rm -f long-session-id$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(long_session_id_OBJECTS) $(long_session_id_LDADD) $(LIBS) + +mini-alpn$(EXEEXT): $(mini_alpn_OBJECTS) $(mini_alpn_DEPENDENCIES) $(EXTRA_mini_alpn_DEPENDENCIES) + @rm -f mini-alpn$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_alpn_OBJECTS) $(mini_alpn_LDADD) $(LIBS) + +mini-chain-unsorted$(EXEEXT): $(mini_chain_unsorted_OBJECTS) $(mini_chain_unsorted_DEPENDENCIES) $(EXTRA_mini_chain_unsorted_DEPENDENCIES) + @rm -f mini-chain-unsorted$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_chain_unsorted_OBJECTS) $(mini_chain_unsorted_LDADD) $(LIBS) + +mini-dtls-discard$(EXEEXT): $(mini_dtls_discard_OBJECTS) $(mini_dtls_discard_DEPENDENCIES) $(EXTRA_mini_dtls_discard_DEPENDENCIES) + @rm -f mini-dtls-discard$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_dtls_discard_OBJECTS) $(mini_dtls_discard_LDADD) $(LIBS) + +mini-dtls-fork$(EXEEXT): $(mini_dtls_fork_OBJECTS) $(mini_dtls_fork_DEPENDENCIES) $(EXTRA_mini_dtls_fork_DEPENDENCIES) + @rm -f mini-dtls-fork$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_dtls_fork_OBJECTS) $(mini_dtls_fork_LDADD) $(LIBS) + +mini-dtls-heartbeat$(EXEEXT): $(mini_dtls_heartbeat_OBJECTS) $(mini_dtls_heartbeat_DEPENDENCIES) $(EXTRA_mini_dtls_heartbeat_DEPENDENCIES) + @rm -f mini-dtls-heartbeat$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_dtls_heartbeat_OBJECTS) $(mini_dtls_heartbeat_LDADD) $(LIBS) + +mini-dtls-hello-verify$(EXEEXT): $(mini_dtls_hello_verify_OBJECTS) $(mini_dtls_hello_verify_DEPENDENCIES) $(EXTRA_mini_dtls_hello_verify_DEPENDENCIES) + @rm -f mini-dtls-hello-verify$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_dtls_hello_verify_OBJECTS) $(mini_dtls_hello_verify_LDADD) $(LIBS) + +mini-dtls-hello-verify-48$(EXEEXT): $(mini_dtls_hello_verify_48_OBJECTS) $(mini_dtls_hello_verify_48_DEPENDENCIES) $(EXTRA_mini_dtls_hello_verify_48_DEPENDENCIES) + @rm -f mini-dtls-hello-verify-48$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_dtls_hello_verify_48_OBJECTS) $(mini_dtls_hello_verify_48_LDADD) $(LIBS) + +mini-dtls-large$(EXEEXT): $(mini_dtls_large_OBJECTS) $(mini_dtls_large_DEPENDENCIES) $(EXTRA_mini_dtls_large_DEPENDENCIES) + @rm -f mini-dtls-large$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_dtls_large_OBJECTS) $(mini_dtls_large_LDADD) $(LIBS) + +mini-dtls-lowmtu$(EXEEXT): $(mini_dtls_lowmtu_OBJECTS) $(mini_dtls_lowmtu_DEPENDENCIES) $(EXTRA_mini_dtls_lowmtu_DEPENDENCIES) + @rm -f mini-dtls-lowmtu$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_dtls_lowmtu_OBJECTS) $(mini_dtls_lowmtu_LDADD) $(LIBS) + +mini-dtls-mtu$(EXEEXT): $(mini_dtls_mtu_OBJECTS) $(mini_dtls_mtu_DEPENDENCIES) $(EXTRA_mini_dtls_mtu_DEPENDENCIES) + @rm -f mini-dtls-mtu$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_dtls_mtu_OBJECTS) $(mini_dtls_mtu_LDADD) $(LIBS) + +mini-dtls-record$(EXEEXT): $(mini_dtls_record_OBJECTS) $(mini_dtls_record_DEPENDENCIES) $(EXTRA_mini_dtls_record_DEPENDENCIES) + @rm -f mini-dtls-record$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_dtls_record_OBJECTS) $(mini_dtls_record_LDADD) $(LIBS) + +mini-dtls-record-asym$(EXEEXT): $(mini_dtls_record_asym_OBJECTS) $(mini_dtls_record_asym_DEPENDENCIES) $(EXTRA_mini_dtls_record_asym_DEPENDENCIES) + @rm -f mini-dtls-record-asym$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_dtls_record_asym_OBJECTS) $(mini_dtls_record_asym_LDADD) $(LIBS) + +mini-dtls-srtp$(EXEEXT): $(mini_dtls_srtp_OBJECTS) $(mini_dtls_srtp_DEPENDENCIES) $(EXTRA_mini_dtls_srtp_DEPENDENCIES) + @rm -f mini-dtls-srtp$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_dtls_srtp_OBJECTS) $(mini_dtls_srtp_LDADD) $(LIBS) + +mini-dtls0-9$(EXEEXT): $(mini_dtls0_9_OBJECTS) $(mini_dtls0_9_DEPENDENCIES) $(EXTRA_mini_dtls0_9_DEPENDENCIES) + @rm -f mini-dtls0-9$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_dtls0_9_OBJECTS) $(mini_dtls0_9_LDADD) $(LIBS) + +mini-eagain-dtls$(EXEEXT): $(mini_eagain_dtls_OBJECTS) $(mini_eagain_dtls_DEPENDENCIES) $(EXTRA_mini_eagain_dtls_DEPENDENCIES) + @rm -f mini-eagain-dtls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_eagain_dtls_OBJECTS) $(mini_eagain_dtls_LDADD) $(LIBS) + +mini-emsgsize-dtls$(EXEEXT): $(mini_emsgsize_dtls_OBJECTS) $(mini_emsgsize_dtls_DEPENDENCIES) $(EXTRA_mini_emsgsize_dtls_DEPENDENCIES) + @rm -f mini-emsgsize-dtls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_emsgsize_dtls_OBJECTS) $(mini_emsgsize_dtls_LDADD) $(LIBS) + +mini-global-load$(EXEEXT): $(mini_global_load_OBJECTS) $(mini_global_load_DEPENDENCIES) $(EXTRA_mini_global_load_DEPENDENCIES) + @rm -f mini-global-load$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_global_load_OBJECTS) $(mini_global_load_LDADD) $(LIBS) + +mini-key-material$(EXEEXT): $(mini_key_material_OBJECTS) $(mini_key_material_DEPENDENCIES) $(EXTRA_mini_key_material_DEPENDENCIES) + @rm -f mini-key-material$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_key_material_OBJECTS) $(mini_key_material_LDADD) $(LIBS) + +mini-loss-time$(EXEEXT): $(mini_loss_time_OBJECTS) $(mini_loss_time_DEPENDENCIES) $(EXTRA_mini_loss_time_DEPENDENCIES) + @rm -f mini-loss-time$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_loss_time_OBJECTS) $(mini_loss_time_LDADD) $(LIBS) + +mini-overhead$(EXEEXT): $(mini_overhead_OBJECTS) $(mini_overhead_DEPENDENCIES) $(EXTRA_mini_overhead_DEPENDENCIES) + @rm -f mini-overhead$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_overhead_OBJECTS) $(mini_overhead_LDADD) $(LIBS) + +mini-record$(EXEEXT): $(mini_record_OBJECTS) $(mini_record_DEPENDENCIES) $(EXTRA_mini_record_DEPENDENCIES) + @rm -f mini-record$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_record_OBJECTS) $(mini_record_LDADD) $(LIBS) + +mini-record-2$(EXEEXT): $(mini_record_2_OBJECTS) $(mini_record_2_DEPENDENCIES) $(EXTRA_mini_record_2_DEPENDENCIES) + @rm -f mini-record-2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_record_2_OBJECTS) $(mini_record_2_LDADD) $(LIBS) + +mini-record-failure$(EXEEXT): $(mini_record_failure_OBJECTS) $(mini_record_failure_DEPENDENCIES) $(EXTRA_mini_record_failure_DEPENDENCIES) + @rm -f mini-record-failure$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_record_failure_OBJECTS) $(mini_record_failure_LDADD) $(LIBS) + +mini-record-range$(EXEEXT): $(mini_record_range_OBJECTS) $(mini_record_range_DEPENDENCIES) $(EXTRA_mini_record_range_DEPENDENCIES) + @rm -f mini-record-range$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_record_range_OBJECTS) $(mini_record_range_LDADD) $(LIBS) + +mini-server-name$(EXEEXT): $(mini_server_name_OBJECTS) $(mini_server_name_DEPENDENCIES) $(EXTRA_mini_server_name_DEPENDENCIES) + @rm -f mini-server-name$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_server_name_OBJECTS) $(mini_server_name_LDADD) $(LIBS) + +mini-session-verify-function$(EXEEXT): $(mini_session_verify_function_OBJECTS) $(mini_session_verify_function_DEPENDENCIES) $(EXTRA_mini_session_verify_function_DEPENDENCIES) + @rm -f mini-session-verify-function$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_session_verify_function_OBJECTS) $(mini_session_verify_function_LDADD) $(LIBS) + +mini-termination$(EXEEXT): $(mini_termination_OBJECTS) $(mini_termination_DEPENDENCIES) $(EXTRA_mini_termination_DEPENDENCIES) + @rm -f mini-termination$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_termination_OBJECTS) $(mini_termination_LDADD) $(LIBS) + +mini-tls-nonblock$(EXEEXT): $(mini_tls_nonblock_OBJECTS) $(mini_tls_nonblock_DEPENDENCIES) $(EXTRA_mini_tls_nonblock_DEPENDENCIES) + @rm -f mini-tls-nonblock$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_tls_nonblock_OBJECTS) $(mini_tls_nonblock_LDADD) $(LIBS) + +mini-x509$(EXEEXT): $(mini_x509_OBJECTS) $(mini_x509_DEPENDENCIES) $(EXTRA_mini_x509_DEPENDENCIES) + @rm -f mini-x509$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_x509_OBJECTS) $(mini_x509_LDADD) $(LIBS) + +mini-x509-2$(EXEEXT): $(mini_x509_2_OBJECTS) $(mini_x509_2_DEPENDENCIES) $(EXTRA_mini_x509_2_DEPENDENCIES) + @rm -f mini-x509-2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_x509_2_OBJECTS) $(mini_x509_2_LDADD) $(LIBS) + +mini-x509-callbacks$(EXEEXT): $(mini_x509_callbacks_OBJECTS) $(mini_x509_callbacks_DEPENDENCIES) $(EXTRA_mini_x509_callbacks_DEPENDENCIES) + @rm -f mini-x509-callbacks$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_x509_callbacks_OBJECTS) $(mini_x509_callbacks_LDADD) $(LIBS) + +mini-x509-callbacks-intr$(EXEEXT): $(mini_x509_callbacks_intr_OBJECTS) $(mini_x509_callbacks_intr_DEPENDENCIES) $(EXTRA_mini_x509_callbacks_intr_DEPENDENCIES) + @rm -f mini-x509-callbacks-intr$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_x509_callbacks_intr_OBJECTS) $(mini_x509_callbacks_intr_LDADD) $(LIBS) + +mini-x509-cas$(EXEEXT): $(mini_x509_cas_OBJECTS) $(mini_x509_cas_DEPENDENCIES) $(EXTRA_mini_x509_cas_DEPENDENCIES) + @rm -f mini-x509-cas$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_x509_cas_OBJECTS) $(mini_x509_cas_LDADD) $(LIBS) + +mini-x509-ipaddr$(EXEEXT): $(mini_x509_ipaddr_OBJECTS) $(mini_x509_ipaddr_DEPENDENCIES) $(EXTRA_mini_x509_ipaddr_DEPENDENCIES) + @rm -f mini-x509-ipaddr$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_x509_ipaddr_OBJECTS) $(mini_x509_ipaddr_LDADD) $(LIBS) + +missingissuer$(EXEEXT): $(missingissuer_OBJECTS) $(missingissuer_DEPENDENCIES) $(EXTRA_missingissuer_DEPENDENCIES) + @rm -f missingissuer$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(missingissuer_OBJECTS) $(missingissuer_LDADD) $(LIBS) + +missingissuer_aia$(EXEEXT): $(missingissuer_aia_OBJECTS) $(missingissuer_aia_DEPENDENCIES) $(EXTRA_missingissuer_aia_DEPENDENCIES) + @rm -f missingissuer_aia$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(missingissuer_aia_OBJECTS) $(missingissuer_aia_LDADD) $(LIBS) + +mpi$(EXEEXT): $(mpi_OBJECTS) $(mpi_DEPENDENCIES) $(EXTRA_mpi_DEPENDENCIES) + @rm -f mpi$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mpi_OBJECTS) $(mpi_LDADD) $(LIBS) + +multi-alerts$(EXEEXT): $(multi_alerts_OBJECTS) $(multi_alerts_DEPENDENCIES) $(EXTRA_multi_alerts_DEPENDENCIES) + @rm -f multi-alerts$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(multi_alerts_OBJECTS) $(multi_alerts_LDADD) $(LIBS) + +naked-alerts$(EXEEXT): $(naked_alerts_OBJECTS) $(naked_alerts_DEPENDENCIES) $(EXTRA_naked_alerts_DEPENDENCIES) + @rm -f naked-alerts$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(naked_alerts_OBJECTS) $(naked_alerts_LDADD) $(LIBS) + +name-constraints$(EXEEXT): $(name_constraints_OBJECTS) $(name_constraints_DEPENDENCIES) $(EXTRA_name_constraints_DEPENDENCIES) + @rm -f name-constraints$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(name_constraints_OBJECTS) $(name_constraints_LDADD) $(LIBS) + +name-constraints-ip$(EXEEXT): $(name_constraints_ip_OBJECTS) $(name_constraints_ip_DEPENDENCIES) $(EXTRA_name_constraints_ip_DEPENDENCIES) + @rm -f name-constraints-ip$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(name_constraints_ip_OBJECTS) $(name_constraints_ip_LDADD) $(LIBS) + +name-constraints-merge$(EXEEXT): $(name_constraints_merge_OBJECTS) $(name_constraints_merge_DEPENDENCIES) $(EXTRA_name_constraints_merge_DEPENDENCIES) + @rm -f name-constraints-merge$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(name_constraints_merge_OBJECTS) $(name_constraints_merge_LDADD) $(LIBS) + +no-extensions$(EXEEXT): $(no_extensions_OBJECTS) $(no_extensions_DEPENDENCIES) $(EXTRA_no_extensions_DEPENDENCIES) + @rm -f no-extensions$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(no_extensions_OBJECTS) $(no_extensions_LDADD) $(LIBS) + +no-signal$(EXEEXT): $(no_signal_OBJECTS) $(no_signal_DEPENDENCIES) $(EXTRA_no_signal_DEPENDENCIES) + @rm -f no-signal$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(no_signal_OBJECTS) $(no_signal_LDADD) $(LIBS) + +nul-in-x509-names$(EXEEXT): $(nul_in_x509_names_OBJECTS) $(nul_in_x509_names_DEPENDENCIES) $(EXTRA_nul_in_x509_names_DEPENDENCIES) + @rm -f nul-in-x509-names$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(nul_in_x509_names_OBJECTS) $(nul_in_x509_names_LDADD) $(LIBS) + +null_retrieve_function$(EXEEXT): $(null_retrieve_function_OBJECTS) $(null_retrieve_function_DEPENDENCIES) $(EXTRA_null_retrieve_function_DEPENDENCIES) + @rm -f null_retrieve_function$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(null_retrieve_function_OBJECTS) $(null_retrieve_function_LDADD) $(LIBS) + +ocsp$(EXEEXT): $(ocsp_OBJECTS) $(ocsp_DEPENDENCIES) $(EXTRA_ocsp_DEPENDENCIES) + @rm -f ocsp$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ocsp_OBJECTS) $(ocsp_LDADD) $(LIBS) + +ocsp-filename-memleak$(EXEEXT): $(ocsp_filename_memleak_OBJECTS) $(ocsp_filename_memleak_DEPENDENCIES) $(EXTRA_ocsp_filename_memleak_DEPENDENCIES) + @rm -f ocsp-filename-memleak$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ocsp_filename_memleak_OBJECTS) $(ocsp_filename_memleak_LDADD) $(LIBS) + +oids$(EXEEXT): $(oids_OBJECTS) $(oids_DEPENDENCIES) $(EXTRA_oids_DEPENDENCIES) + @rm -f oids$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(oids_OBJECTS) $(oids_LDADD) $(LIBS) + +openconnect-dtls12$(EXEEXT): $(openconnect_dtls12_OBJECTS) $(openconnect_dtls12_DEPENDENCIES) $(EXTRA_openconnect_dtls12_DEPENDENCIES) + @rm -f openconnect-dtls12$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(openconnect_dtls12_OBJECTS) $(openconnect_dtls12_LDADD) $(LIBS) + +openssl$(EXEEXT): $(openssl_OBJECTS) $(openssl_DEPENDENCIES) $(EXTRA_openssl_DEPENDENCIES) + @rm -f openssl$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(openssl_OBJECTS) $(openssl_LDADD) $(LIBS) + +parse_ca$(EXEEXT): $(parse_ca_OBJECTS) $(parse_ca_DEPENDENCIES) $(EXTRA_parse_ca_DEPENDENCIES) + @rm -f parse_ca$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(parse_ca_OBJECTS) $(parse_ca_LDADD) $(LIBS) + +pcert-list$(EXEEXT): $(pcert_list_OBJECTS) $(pcert_list_DEPENDENCIES) $(EXTRA_pcert_list_DEPENDENCIES) + @rm -f pcert-list$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pcert_list_OBJECTS) $(pcert_list_LDADD) $(LIBS) + +pkcs1-digest-info$(EXEEXT): $(pkcs1_digest_info_OBJECTS) $(pkcs1_digest_info_DEPENDENCIES) $(EXTRA_pkcs1_digest_info_DEPENDENCIES) + @rm -f pkcs1-digest-info$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs1_digest_info_OBJECTS) $(pkcs1_digest_info_LDADD) $(LIBS) +pkcs11/pkcs11-cert-import-url-exts.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-cert-import-url-exts$(EXEEXT): $(pkcs11_cert_import_url_exts_OBJECTS) $(pkcs11_cert_import_url_exts_DEPENDENCIES) $(EXTRA_pkcs11_cert_import_url_exts_DEPENDENCIES) + @rm -f pkcs11-cert-import-url-exts$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_cert_import_url_exts_OBJECTS) $(pkcs11_cert_import_url_exts_LDADD) $(LIBS) +pkcs11/pkcs11-cert-import-url4-exts.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-cert-import-url4-exts$(EXEEXT): $(pkcs11_cert_import_url4_exts_OBJECTS) $(pkcs11_cert_import_url4_exts_DEPENDENCIES) $(EXTRA_pkcs11_cert_import_url4_exts_DEPENDENCIES) + @rm -f pkcs11-cert-import-url4-exts$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_cert_import_url4_exts_OBJECTS) $(pkcs11_cert_import_url4_exts_LDADD) $(LIBS) +pkcs11/pkcs11-get-exts.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-get-exts$(EXEEXT): $(pkcs11_get_exts_OBJECTS) $(pkcs11_get_exts_DEPENDENCIES) $(EXTRA_pkcs11_get_exts_DEPENDENCIES) + @rm -f pkcs11-get-exts$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_get_exts_OBJECTS) $(pkcs11_get_exts_LDADD) $(LIBS) +pkcs11/pkcs11-get-raw-issuer-exts.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-get-raw-issuer-exts$(EXEEXT): $(pkcs11_get_raw_issuer_exts_OBJECTS) $(pkcs11_get_raw_issuer_exts_DEPENDENCIES) $(EXTRA_pkcs11_get_raw_issuer_exts_DEPENDENCIES) + @rm -f pkcs11-get-raw-issuer-exts$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_get_raw_issuer_exts_OBJECTS) $(pkcs11_get_raw_issuer_exts_LDADD) $(LIBS) +pkcs11/pkcs11-import-url-privkey.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-import-url-privkey$(EXEEXT): $(pkcs11_import_url_privkey_OBJECTS) $(pkcs11_import_url_privkey_DEPENDENCIES) $(EXTRA_pkcs11_import_url_privkey_DEPENDENCIES) + @rm -f pkcs11-import-url-privkey$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_import_url_privkey_OBJECTS) $(pkcs11_import_url_privkey_LDADD) $(LIBS) +pkcs11/import_url_privkey_caps-pkcs11-import-url-privkey.$(OBJEXT): \ + pkcs11/$(am__dirstamp) pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-import-url-privkey-caps$(EXEEXT): $(pkcs11_import_url_privkey_caps_OBJECTS) $(pkcs11_import_url_privkey_caps_DEPENDENCIES) $(EXTRA_pkcs11_import_url_privkey_caps_DEPENDENCIES) + @rm -f pkcs11-import-url-privkey-caps$(EXEEXT) + $(AM_V_CCLD)$(pkcs11_import_url_privkey_caps_LINK) $(pkcs11_import_url_privkey_caps_OBJECTS) $(pkcs11_import_url_privkey_caps_LDADD) $(LIBS) +pkcs11/pkcs11-mechanisms.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-mechanisms$(EXEEXT): $(pkcs11_mechanisms_OBJECTS) $(pkcs11_mechanisms_DEPENDENCIES) $(EXTRA_pkcs11_mechanisms_DEPENDENCIES) + @rm -f pkcs11-mechanisms$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_mechanisms_OBJECTS) $(pkcs11_mechanisms_LDADD) $(LIBS) +pkcs11/pkcs11-obj-raw.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-obj-raw$(EXEEXT): $(pkcs11_obj_raw_OBJECTS) $(pkcs11_obj_raw_DEPENDENCIES) $(EXTRA_pkcs11_obj_raw_DEPENDENCIES) + @rm -f pkcs11-obj-raw$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_obj_raw_OBJECTS) $(pkcs11_obj_raw_LDADD) $(LIBS) +pkcs11/pkcs11-privkey-always-auth.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-privkey-always-auth$(EXEEXT): $(pkcs11_privkey_always_auth_OBJECTS) $(pkcs11_privkey_always_auth_DEPENDENCIES) $(EXTRA_pkcs11_privkey_always_auth_DEPENDENCIES) + @rm -f pkcs11-privkey-always-auth$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_privkey_always_auth_OBJECTS) $(pkcs11_privkey_always_auth_LDADD) $(LIBS) +pkcs11/pkcs11-privkey-export.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-privkey-export$(EXEEXT): $(pkcs11_privkey_export_OBJECTS) $(pkcs11_privkey_export_DEPENDENCIES) $(EXTRA_pkcs11_privkey_export_DEPENDENCIES) + @rm -f pkcs11-privkey-export$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_privkey_export_OBJECTS) $(pkcs11_privkey_export_LDADD) $(LIBS) +pkcs11/pkcs11-privkey-fork.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-privkey-fork$(EXEEXT): $(pkcs11_privkey_fork_OBJECTS) $(pkcs11_privkey_fork_DEPENDENCIES) $(EXTRA_pkcs11_privkey_fork_DEPENDENCIES) + @rm -f pkcs11-privkey-fork$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_privkey_fork_OBJECTS) $(pkcs11_privkey_fork_LDADD) $(LIBS) +pkcs11/pkcs11-privkey-fork-reinit.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-privkey-fork-reinit$(EXEEXT): $(pkcs11_privkey_fork_reinit_OBJECTS) $(pkcs11_privkey_fork_reinit_DEPENDENCIES) $(EXTRA_pkcs11_privkey_fork_reinit_DEPENDENCIES) + @rm -f pkcs11-privkey-fork-reinit$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_privkey_fork_reinit_OBJECTS) $(pkcs11_privkey_fork_reinit_LDADD) $(LIBS) +pkcs11/pkcs11-privkey-safenet-always-auth.$(OBJEXT): \ + pkcs11/$(am__dirstamp) pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-privkey-safenet-always-auth$(EXEEXT): $(pkcs11_privkey_safenet_always_auth_OBJECTS) $(pkcs11_privkey_safenet_always_auth_DEPENDENCIES) $(EXTRA_pkcs11_privkey_safenet_always_auth_DEPENDENCIES) + @rm -f pkcs11-privkey-safenet-always-auth$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_privkey_safenet_always_auth_OBJECTS) $(pkcs11_privkey_safenet_always_auth_LDADD) $(LIBS) +pkcs11/pkcs11-token-raw.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11-token-raw$(EXEEXT): $(pkcs11_token_raw_OBJECTS) $(pkcs11_token_raw_DEPENDENCIES) $(EXTRA_pkcs11_token_raw_DEPENDENCIES) + @rm -f pkcs11-token-raw$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_token_raw_OBJECTS) $(pkcs11_token_raw_LDADD) $(LIBS) +pkcs11/gnutls_pcert_list_import_x509_file.$(OBJEXT): \ + pkcs11/$(am__dirstamp) pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/gnutls_pcert_list_import_x509_file$(EXEEXT): $(pkcs11_gnutls_pcert_list_import_x509_file_OBJECTS) $(pkcs11_gnutls_pcert_list_import_x509_file_DEPENDENCIES) $(EXTRA_pkcs11_gnutls_pcert_list_import_x509_file_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/gnutls_pcert_list_import_x509_file$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_gnutls_pcert_list_import_x509_file_OBJECTS) $(pkcs11_gnutls_pcert_list_import_x509_file_LDADD) $(LIBS) +pkcs11/gnutls_x509_crt_list_import_url.$(OBJEXT): \ + pkcs11/$(am__dirstamp) pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/gnutls_x509_crt_list_import_url$(EXEEXT): $(pkcs11_gnutls_x509_crt_list_import_url_OBJECTS) $(pkcs11_gnutls_x509_crt_list_import_url_DEPENDENCIES) $(EXTRA_pkcs11_gnutls_x509_crt_list_import_url_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/gnutls_x509_crt_list_import_url$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_gnutls_x509_crt_list_import_url_OBJECTS) $(pkcs11_gnutls_x509_crt_list_import_url_LDADD) $(LIBS) +pkcs11/list-objects.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/list-objects$(EXEEXT): $(pkcs11_list_objects_OBJECTS) $(pkcs11_list_objects_DEPENDENCIES) $(EXTRA_pkcs11_list_objects_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/list-objects$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_list_objects_OBJECTS) $(pkcs11_list_objects_LDADD) $(LIBS) +pkcs11/list-tokens.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/list-tokens$(EXEEXT): $(pkcs11_list_tokens_OBJECTS) $(pkcs11_list_tokens_DEPENDENCIES) $(EXTRA_pkcs11_list_tokens_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/list-tokens$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_list_tokens_OBJECTS) $(pkcs11_list_tokens_LDADD) $(LIBS) +pkcs11/pkcs11-chainverify.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-chainverify$(EXEEXT): $(pkcs11_pkcs11_chainverify_OBJECTS) $(pkcs11_pkcs11_chainverify_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_chainverify_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-chainverify$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_chainverify_OBJECTS) $(pkcs11_pkcs11_chainverify_LDADD) $(LIBS) +pkcs11/pkcs11-combo.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-combo$(EXEEXT): $(pkcs11_pkcs11_combo_OBJECTS) $(pkcs11_pkcs11_combo_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_combo_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-combo$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_combo_OBJECTS) $(pkcs11_pkcs11_combo_LDADD) $(LIBS) +pkcs11/pkcs11-ec-privkey-test.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-ec-privkey-test$(EXEEXT): $(pkcs11_pkcs11_ec_privkey_test_OBJECTS) $(pkcs11_pkcs11_ec_privkey_test_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_ec_privkey_test_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-ec-privkey-test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_ec_privkey_test_OBJECTS) $(pkcs11_pkcs11_ec_privkey_test_LDADD) $(LIBS) +pkcs11/pkcs11-eddsa-privkey-test.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-eddsa-privkey-test$(EXEEXT): $(pkcs11_pkcs11_eddsa_privkey_test_OBJECTS) $(pkcs11_pkcs11_eddsa_privkey_test_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_eddsa_privkey_test_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-eddsa-privkey-test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_eddsa_privkey_test_OBJECTS) $(pkcs11_pkcs11_eddsa_privkey_test_LDADD) $(LIBS) +pkcs11/pkcs11-get-issuer.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-get-issuer$(EXEEXT): $(pkcs11_pkcs11_get_issuer_OBJECTS) $(pkcs11_pkcs11_get_issuer_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_get_issuer_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-get-issuer$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_get_issuer_OBJECTS) $(pkcs11_pkcs11_get_issuer_LDADD) $(LIBS) +pkcs11/pkcs11-import-with-pin.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-import-with-pin$(EXEEXT): $(pkcs11_pkcs11_import_with_pin_OBJECTS) $(pkcs11_pkcs11_import_with_pin_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_import_with_pin_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-import-with-pin$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_import_with_pin_OBJECTS) $(pkcs11_pkcs11_import_with_pin_LDADD) $(LIBS) +pkcs11/pkcs11-is-known.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-is-known$(EXEEXT): $(pkcs11_pkcs11_is_known_OBJECTS) $(pkcs11_pkcs11_is_known_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_is_known_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-is-known$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_is_known_OBJECTS) $(pkcs11_pkcs11_is_known_LDADD) $(LIBS) +pkcs11/pkcs11-obj-import.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-obj-import$(EXEEXT): $(pkcs11_pkcs11_obj_import_OBJECTS) $(pkcs11_pkcs11_obj_import_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_obj_import_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-obj-import$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_obj_import_OBJECTS) $(pkcs11_pkcs11_obj_import_LDADD) $(LIBS) +pkcs11/pkcs11-pin-func.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-pin-func$(EXEEXT): $(pkcs11_pkcs11_pin_func_OBJECTS) $(pkcs11_pkcs11_pin_func_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_pin_func_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-pin-func$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_pin_func_OBJECTS) $(pkcs11_pkcs11_pin_func_LDADD) $(LIBS) +pkcs11/pkcs11-privkey.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-privkey$(EXEEXT): $(pkcs11_pkcs11_privkey_OBJECTS) $(pkcs11_pkcs11_privkey_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_privkey_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-privkey$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_privkey_OBJECTS) $(pkcs11_pkcs11_privkey_LDADD) $(LIBS) +pkcs11/pkcs11-privkey-generate.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-privkey-generate$(EXEEXT): $(pkcs11_pkcs11_privkey_generate_OBJECTS) $(pkcs11_pkcs11_privkey_generate_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_privkey_generate_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-privkey-generate$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_privkey_generate_OBJECTS) $(pkcs11_pkcs11_privkey_generate_LDADD) $(LIBS) +pkcs11/pkcs11-privkey-pthread.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-privkey-pthread$(EXEEXT): $(pkcs11_pkcs11_privkey_pthread_OBJECTS) $(pkcs11_pkcs11_privkey_pthread_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_privkey_pthread_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-privkey-pthread$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_privkey_pthread_OBJECTS) $(pkcs11_pkcs11_privkey_pthread_LDADD) $(LIBS) +pkcs11/pkcs11-pubkey-import-ecdsa.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-pubkey-import-ecdsa$(EXEEXT): $(pkcs11_pkcs11_pubkey_import_ecdsa_OBJECTS) $(pkcs11_pkcs11_pubkey_import_ecdsa_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_pubkey_import_ecdsa_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-pubkey-import-ecdsa$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_pubkey_import_ecdsa_OBJECTS) $(pkcs11_pkcs11_pubkey_import_ecdsa_LDADD) $(LIBS) +pkcs11/pkcs11-pubkey-import-rsa.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-pubkey-import-rsa$(EXEEXT): $(pkcs11_pkcs11_pubkey_import_rsa_OBJECTS) $(pkcs11_pkcs11_pubkey_import_rsa_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_pubkey_import_rsa_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-pubkey-import-rsa$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_pubkey_import_rsa_OBJECTS) $(pkcs11_pkcs11_pubkey_import_rsa_LDADD) $(LIBS) +pkcs11/pkcs11-rsa-pss-privkey-test.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/pkcs11-rsa-pss-privkey-test$(EXEEXT): $(pkcs11_pkcs11_rsa_pss_privkey_test_OBJECTS) $(pkcs11_pkcs11_rsa_pss_privkey_test_DEPENDENCIES) $(EXTRA_pkcs11_pkcs11_rsa_pss_privkey_test_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/pkcs11-rsa-pss-privkey-test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_pkcs11_rsa_pss_privkey_test_OBJECTS) $(pkcs11_pkcs11_rsa_pss_privkey_test_LDADD) $(LIBS) +pkcs11/tls-neg-pkcs11-key.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/tls-neg-pkcs11-key$(EXEEXT): $(pkcs11_tls_neg_pkcs11_key_OBJECTS) $(pkcs11_tls_neg_pkcs11_key_DEPENDENCIES) $(EXTRA_pkcs11_tls_neg_pkcs11_key_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/tls-neg-pkcs11-key$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_tls_neg_pkcs11_key_OBJECTS) $(pkcs11_tls_neg_pkcs11_key_LDADD) $(LIBS) +pkcs11/tls-neg-pkcs11-no-key.$(OBJEXT): pkcs11/$(am__dirstamp) \ + pkcs11/$(DEPDIR)/$(am__dirstamp) + +pkcs11/tls-neg-pkcs11-no-key$(EXEEXT): $(pkcs11_tls_neg_pkcs11_no_key_OBJECTS) $(pkcs11_tls_neg_pkcs11_no_key_DEPENDENCIES) $(EXTRA_pkcs11_tls_neg_pkcs11_no_key_DEPENDENCIES) pkcs11/$(am__dirstamp) + @rm -f pkcs11/tls-neg-pkcs11-no-key$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs11_tls_neg_pkcs11_no_key_OBJECTS) $(pkcs11_tls_neg_pkcs11_no_key_LDADD) $(LIBS) + +pkcs12_encode$(EXEEXT): $(pkcs12_encode_OBJECTS) $(pkcs12_encode_DEPENDENCIES) $(EXTRA_pkcs12_encode_DEPENDENCIES) + @rm -f pkcs12_encode$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs12_encode_OBJECTS) $(pkcs12_encode_LDADD) $(LIBS) + +pkcs12_s2k$(EXEEXT): $(pkcs12_s2k_OBJECTS) $(pkcs12_s2k_DEPENDENCIES) $(EXTRA_pkcs12_s2k_DEPENDENCIES) + @rm -f pkcs12_s2k$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs12_s2k_OBJECTS) $(pkcs12_s2k_LDADD) $(LIBS) + +pkcs12_s2k_pem$(EXEEXT): $(pkcs12_s2k_pem_OBJECTS) $(pkcs12_s2k_pem_DEPENDENCIES) $(EXTRA_pkcs12_s2k_pem_DEPENDENCIES) + @rm -f pkcs12_s2k_pem$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs12_s2k_pem_OBJECTS) $(pkcs12_s2k_pem_LDADD) $(LIBS) + +pkcs12_simple$(EXEEXT): $(pkcs12_simple_OBJECTS) $(pkcs12_simple_DEPENDENCIES) $(EXTRA_pkcs12_simple_DEPENDENCIES) + @rm -f pkcs12_simple$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs12_simple_OBJECTS) $(pkcs12_simple_LDADD) $(LIBS) + +pkcs7$(EXEEXT): $(pkcs7_OBJECTS) $(pkcs7_DEPENDENCIES) $(EXTRA_pkcs7_DEPENDENCIES) + @rm -f pkcs7$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs7_OBJECTS) $(pkcs7_LDADD) $(LIBS) + +pkcs7-cat-parse$(EXEEXT): $(pkcs7_cat_parse_OBJECTS) $(pkcs7_cat_parse_DEPENDENCIES) $(EXTRA_pkcs7_cat_parse_DEPENDENCIES) + @rm -f pkcs7-cat-parse$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs7_cat_parse_OBJECTS) $(pkcs7_cat_parse_LDADD) $(LIBS) + +pkcs7-gen$(EXEEXT): $(pkcs7_gen_OBJECTS) $(pkcs7_gen_DEPENDENCIES) $(EXTRA_pkcs7_gen_DEPENDENCIES) + @rm -f pkcs7-gen$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs7_gen_OBJECTS) $(pkcs7_gen_LDADD) $(LIBS) + +pkcs7-verify-double-free$(EXEEXT): $(pkcs7_verify_double_free_OBJECTS) $(pkcs7_verify_double_free_DEPENDENCIES) $(EXTRA_pkcs7_verify_double_free_DEPENDENCIES) + @rm -f pkcs7-verify-double-free$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs7_verify_double_free_OBJECTS) $(pkcs7_verify_double_free_LDADD) $(LIBS) + +pkcs8-key-decode$(EXEEXT): $(pkcs8_key_decode_OBJECTS) $(pkcs8_key_decode_DEPENDENCIES) $(EXTRA_pkcs8_key_decode_DEPENDENCIES) + @rm -f pkcs8-key-decode$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs8_key_decode_OBJECTS) $(pkcs8_key_decode_LDADD) $(LIBS) + +pkcs8-key-decode-encrypted$(EXEEXT): $(pkcs8_key_decode_encrypted_OBJECTS) $(pkcs8_key_decode_encrypted_DEPENDENCIES) $(EXTRA_pkcs8_key_decode_encrypted_DEPENDENCIES) + @rm -f pkcs8-key-decode-encrypted$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pkcs8_key_decode_encrypted_OBJECTS) $(pkcs8_key_decode_encrypted_LDADD) $(LIBS) + +post-client-hello-change-prio$(EXEEXT): $(post_client_hello_change_prio_OBJECTS) $(post_client_hello_change_prio_DEPENDENCIES) $(EXTRA_post_client_hello_change_prio_DEPENDENCIES) + @rm -f post-client-hello-change-prio$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(post_client_hello_change_prio_OBJECTS) $(post_client_hello_change_prio_LDADD) $(LIBS) + +prf$(EXEEXT): $(prf_OBJECTS) $(prf_DEPENDENCIES) $(EXTRA_prf_DEPENDENCIES) + @rm -f prf$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(prf_OBJECTS) $(prf_LDADD) $(LIBS) + +priorities$(EXEEXT): $(priorities_OBJECTS) $(priorities_DEPENDENCIES) $(EXTRA_priorities_DEPENDENCIES) + @rm -f priorities$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(priorities_OBJECTS) $(priorities_LDADD) $(LIBS) + +priorities-groups$(EXEEXT): $(priorities_groups_OBJECTS) $(priorities_groups_DEPENDENCIES) $(EXTRA_priorities_groups_DEPENDENCIES) + @rm -f priorities-groups$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(priorities_groups_OBJECTS) $(priorities_groups_LDADD) $(LIBS) + +priority-init2$(EXEEXT): $(priority_init2_OBJECTS) $(priority_init2_DEPENDENCIES) $(EXTRA_priority_init2_DEPENDENCIES) + @rm -f priority-init2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(priority_init2_OBJECTS) $(priority_init2_LDADD) $(LIBS) + +priority-mix$(EXEEXT): $(priority_mix_OBJECTS) $(priority_mix_DEPENDENCIES) $(EXTRA_priority_mix_DEPENDENCIES) + @rm -f priority-mix$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(priority_mix_OBJECTS) $(priority_mix_LDADD) $(LIBS) + +priority-set$(EXEEXT): $(priority_set_OBJECTS) $(priority_set_DEPENDENCIES) $(EXTRA_priority_set_DEPENDENCIES) + @rm -f priority-set$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(priority_set_OBJECTS) $(priority_set_LDADD) $(LIBS) + +priority-set2$(EXEEXT): $(priority_set2_OBJECTS) $(priority_set2_DEPENDENCIES) $(EXTRA_priority_set2_DEPENDENCIES) + @rm -f priority-set2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(priority_set2_OBJECTS) $(priority_set2_LDADD) $(LIBS) + +privkey-keygen$(EXEEXT): $(privkey_keygen_OBJECTS) $(privkey_keygen_DEPENDENCIES) $(EXTRA_privkey_keygen_DEPENDENCIES) + @rm -f privkey-keygen$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(privkey_keygen_OBJECTS) $(privkey_keygen_LDADD) $(LIBS) + +privkey-verify-broken$(EXEEXT): $(privkey_verify_broken_OBJECTS) $(privkey_verify_broken_DEPENDENCIES) $(EXTRA_privkey_verify_broken_DEPENDENCIES) + @rm -f privkey-verify-broken$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(privkey_verify_broken_OBJECTS) $(privkey_verify_broken_LDADD) $(LIBS) + +protocol-set-allowlist$(EXEEXT): $(protocol_set_allowlist_OBJECTS) $(protocol_set_allowlist_DEPENDENCIES) $(EXTRA_protocol_set_allowlist_DEPENDENCIES) + @rm -f protocol-set-allowlist$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(protocol_set_allowlist_OBJECTS) $(protocol_set_allowlist_LDADD) $(LIBS) + +psk-file$(EXEEXT): $(psk_file_OBJECTS) $(psk_file_DEPENDENCIES) $(EXTRA_psk_file_DEPENDENCIES) + @rm -f psk-file$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(psk_file_OBJECTS) $(psk_file_LDADD) $(LIBS) + +pskself$(EXEEXT): $(pskself_OBJECTS) $(pskself_DEPENDENCIES) $(EXTRA_pskself_DEPENDENCIES) + @rm -f pskself$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pskself_OBJECTS) $(pskself_LDADD) $(LIBS) + +pskself2$(EXEEXT): $(pskself2_OBJECTS) $(pskself2_DEPENDENCIES) $(EXTRA_pskself2_DEPENDENCIES) + @rm -f pskself2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pskself2_OBJECTS) $(pskself2_LDADD) $(LIBS) + +pubkey-import-export$(EXEEXT): $(pubkey_import_export_OBJECTS) $(pubkey_import_export_DEPENDENCIES) $(EXTRA_pubkey_import_export_DEPENDENCIES) + @rm -f pubkey-import-export$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(pubkey_import_export_OBJECTS) $(pubkey_import_export_LDADD) $(LIBS) + +random-art$(EXEEXT): $(random_art_OBJECTS) $(random_art_DEPENDENCIES) $(EXTRA_random_art_DEPENDENCIES) + @rm -f random-art$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(random_art_OBJECTS) $(random_art_LDADD) $(LIBS) + +rawpk-api$(EXEEXT): $(rawpk_api_OBJECTS) $(rawpk_api_DEPENDENCIES) $(EXTRA_rawpk_api_DEPENDENCIES) + @rm -f rawpk-api$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rawpk_api_OBJECTS) $(rawpk_api_LDADD) $(LIBS) + +record-pad$(EXEEXT): $(record_pad_OBJECTS) $(record_pad_DEPENDENCIES) $(EXTRA_record_pad_DEPENDENCIES) + @rm -f record-pad$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(record_pad_OBJECTS) $(record_pad_LDADD) $(LIBS) + +record-retvals$(EXEEXT): $(record_retvals_OBJECTS) $(record_retvals_DEPENDENCIES) $(EXTRA_record_retvals_DEPENDENCIES) + @rm -f record-retvals$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(record_retvals_OBJECTS) $(record_retvals_LDADD) $(LIBS) + +record-sendfile$(EXEEXT): $(record_sendfile_OBJECTS) $(record_sendfile_DEPENDENCIES) $(EXTRA_record_sendfile_DEPENDENCIES) + @rm -f record-sendfile$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(record_sendfile_OBJECTS) $(record_sendfile_LDADD) $(LIBS) + +record-sizes$(EXEEXT): $(record_sizes_OBJECTS) $(record_sizes_DEPENDENCIES) $(EXTRA_record_sizes_DEPENDENCIES) + @rm -f record-sizes$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(record_sizes_OBJECTS) $(record_sizes_LDADD) $(LIBS) + +record-sizes-range$(EXEEXT): $(record_sizes_range_OBJECTS) $(record_sizes_range_DEPENDENCIES) $(EXTRA_record_sizes_range_DEPENDENCIES) + @rm -f record-sizes-range$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(record_sizes_range_OBJECTS) $(record_sizes_range_LDADD) $(LIBS) + +record-timeouts$(EXEEXT): $(record_timeouts_OBJECTS) $(record_timeouts_DEPENDENCIES) $(EXTRA_record_timeouts_DEPENDENCIES) + @rm -f record-timeouts$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(record_timeouts_OBJECTS) $(record_timeouts_LDADD) $(LIBS) + +recv-data-before-handshake$(EXEEXT): $(recv_data_before_handshake_OBJECTS) $(recv_data_before_handshake_DEPENDENCIES) $(EXTRA_recv_data_before_handshake_DEPENDENCIES) + @rm -f recv-data-before-handshake$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(recv_data_before_handshake_OBJECTS) $(recv_data_before_handshake_LDADD) $(LIBS) + +rehandshake-ext-secret$(EXEEXT): $(rehandshake_ext_secret_OBJECTS) $(rehandshake_ext_secret_DEPENDENCIES) $(EXTRA_rehandshake_ext_secret_DEPENDENCIES) + @rm -f rehandshake-ext-secret$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rehandshake_ext_secret_OBJECTS) $(rehandshake_ext_secret_LDADD) $(LIBS) + +rehandshake-switch-cert$(EXEEXT): $(rehandshake_switch_cert_OBJECTS) $(rehandshake_switch_cert_DEPENDENCIES) $(EXTRA_rehandshake_switch_cert_DEPENDENCIES) + @rm -f rehandshake-switch-cert$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rehandshake_switch_cert_OBJECTS) $(rehandshake_switch_cert_LDADD) $(LIBS) + +rehandshake-switch-cert-allow$(EXEEXT): $(rehandshake_switch_cert_allow_OBJECTS) $(rehandshake_switch_cert_allow_DEPENDENCIES) $(EXTRA_rehandshake_switch_cert_allow_DEPENDENCIES) + @rm -f rehandshake-switch-cert-allow$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rehandshake_switch_cert_allow_OBJECTS) $(rehandshake_switch_cert_allow_LDADD) $(LIBS) + +rehandshake-switch-cert-client$(EXEEXT): $(rehandshake_switch_cert_client_OBJECTS) $(rehandshake_switch_cert_client_DEPENDENCIES) $(EXTRA_rehandshake_switch_cert_client_DEPENDENCIES) + @rm -f rehandshake-switch-cert-client$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rehandshake_switch_cert_client_OBJECTS) $(rehandshake_switch_cert_client_LDADD) $(LIBS) + +rehandshake-switch-cert-client-allow$(EXEEXT): $(rehandshake_switch_cert_client_allow_OBJECTS) $(rehandshake_switch_cert_client_allow_DEPENDENCIES) $(EXTRA_rehandshake_switch_cert_client_allow_DEPENDENCIES) + @rm -f rehandshake-switch-cert-client-allow$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rehandshake_switch_cert_client_allow_OBJECTS) $(rehandshake_switch_cert_client_allow_LDADD) $(LIBS) + +rehandshake-switch-psk-id$(EXEEXT): $(rehandshake_switch_psk_id_OBJECTS) $(rehandshake_switch_psk_id_DEPENDENCIES) $(EXTRA_rehandshake_switch_psk_id_DEPENDENCIES) + @rm -f rehandshake-switch-psk-id$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rehandshake_switch_psk_id_OBJECTS) $(rehandshake_switch_psk_id_LDADD) $(LIBS) + +rehandshake-switch-srp-id$(EXEEXT): $(rehandshake_switch_srp_id_OBJECTS) $(rehandshake_switch_srp_id_DEPENDENCIES) $(EXTRA_rehandshake_switch_srp_id_DEPENDENCIES) + @rm -f rehandshake-switch-srp-id$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rehandshake_switch_srp_id_OBJECTS) $(rehandshake_switch_srp_id_LDADD) $(LIBS) + +resume-dtls$(EXEEXT): $(resume_dtls_OBJECTS) $(resume_dtls_DEPENDENCIES) $(EXTRA_resume_dtls_DEPENDENCIES) + @rm -f resume-dtls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(resume_dtls_OBJECTS) $(resume_dtls_LDADD) $(LIBS) + +resume-lifetime$(EXEEXT): $(resume_lifetime_OBJECTS) $(resume_lifetime_DEPENDENCIES) $(EXTRA_resume_lifetime_DEPENDENCIES) + @rm -f resume-lifetime$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(resume_lifetime_OBJECTS) $(resume_lifetime_LDADD) $(LIBS) + +resume-with-false-start$(EXEEXT): $(resume_with_false_start_OBJECTS) $(resume_with_false_start_DEPENDENCIES) $(EXTRA_resume_with_false_start_DEPENDENCIES) + @rm -f resume-with-false-start$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(resume_with_false_start_OBJECTS) $(resume_with_false_start_LDADD) $(LIBS) + +resume-with-previous-stek$(EXEEXT): $(resume_with_previous_stek_OBJECTS) $(resume_with_previous_stek_DEPENDENCIES) $(EXTRA_resume_with_previous_stek_DEPENDENCIES) + @rm -f resume-with-previous-stek$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(resume_with_previous_stek_OBJECTS) $(resume_with_previous_stek_LDADD) $(LIBS) + +resume-with-record-size-limit$(EXEEXT): $(resume_with_record_size_limit_OBJECTS) $(resume_with_record_size_limit_DEPENDENCIES) $(EXTRA_resume_with_record_size_limit_DEPENDENCIES) + @rm -f resume-with-record-size-limit$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(resume_with_record_size_limit_OBJECTS) $(resume_with_record_size_limit_LDADD) $(LIBS) + +resume-with-stek-expiration$(EXEEXT): $(resume_with_stek_expiration_OBJECTS) $(resume_with_stek_expiration_DEPENDENCIES) $(EXTRA_resume_with_stek_expiration_DEPENDENCIES) + @rm -f resume-with-stek-expiration$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(resume_with_stek_expiration_OBJECTS) $(resume_with_stek_expiration_LDADD) $(LIBS) + +rfc7633-missing$(EXEEXT): $(rfc7633_missing_OBJECTS) $(rfc7633_missing_DEPENDENCIES) $(EXTRA_rfc7633_missing_DEPENDENCIES) + @rm -f rfc7633-missing$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rfc7633_missing_OBJECTS) $(rfc7633_missing_LDADD) $(LIBS) + +rfc7633-ok$(EXEEXT): $(rfc7633_ok_OBJECTS) $(rfc7633_ok_DEPENDENCIES) $(EXTRA_rfc7633_ok_DEPENDENCIES) + @rm -f rfc7633-ok$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rfc7633_ok_OBJECTS) $(rfc7633_ok_LDADD) $(LIBS) + +rng-fork$(EXEEXT): $(rng_fork_OBJECTS) $(rng_fork_DEPENDENCIES) $(EXTRA_rng_fork_DEPENDENCIES) + @rm -f rng-fork$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rng_fork_OBJECTS) $(rng_fork_LDADD) $(LIBS) + +rng-no-onload$(EXEEXT): $(rng_no_onload_OBJECTS) $(rng_no_onload_DEPENDENCIES) $(EXTRA_rng_no_onload_DEPENDENCIES) + @rm -f rng-no-onload$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rng_no_onload_OBJECTS) $(rng_no_onload_LDADD) $(LIBS) + +rng-op-key$(EXEEXT): $(rng_op_key_OBJECTS) $(rng_op_key_DEPENDENCIES) $(EXTRA_rng_op_key_DEPENDENCIES) + @rm -f rng-op-key$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rng_op_key_OBJECTS) $(rng_op_key_LDADD) $(LIBS) + +rng-op-nonce$(EXEEXT): $(rng_op_nonce_OBJECTS) $(rng_op_nonce_DEPENDENCIES) $(EXTRA_rng_op_nonce_DEPENDENCIES) + @rm -f rng-op-nonce$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rng_op_nonce_OBJECTS) $(rng_op_nonce_LDADD) $(LIBS) + +rng-op-random$(EXEEXT): $(rng_op_random_OBJECTS) $(rng_op_random_DEPENDENCIES) $(EXTRA_rng_op_random_DEPENDENCIES) + @rm -f rng-op-random$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rng_op_random_OBJECTS) $(rng_op_random_LDADD) $(LIBS) + +rng-pthread$(EXEEXT): $(rng_pthread_OBJECTS) $(rng_pthread_DEPENDENCIES) $(EXTRA_rng_pthread_DEPENDENCIES) + @rm -f rng-pthread$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rng_pthread_OBJECTS) $(rng_pthread_LDADD) $(LIBS) + +rng-sigint$(EXEEXT): $(rng_sigint_OBJECTS) $(rng_sigint_DEPENDENCIES) $(EXTRA_rng_sigint_DEPENDENCIES) + @rm -f rng-sigint$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rng_sigint_OBJECTS) $(rng_sigint_LDADD) $(LIBS) + +rsa-encrypt-decrypt$(EXEEXT): $(rsa_encrypt_decrypt_OBJECTS) $(rsa_encrypt_decrypt_DEPENDENCIES) $(EXTRA_rsa_encrypt_decrypt_DEPENDENCIES) + @rm -f rsa-encrypt-decrypt$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rsa_encrypt_decrypt_OBJECTS) $(rsa_encrypt_decrypt_LDADD) $(LIBS) + +rsa-illegal-import$(EXEEXT): $(rsa_illegal_import_OBJECTS) $(rsa_illegal_import_DEPENDENCIES) $(EXTRA_rsa_illegal_import_DEPENDENCIES) + @rm -f rsa-illegal-import$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rsa_illegal_import_OBJECTS) $(rsa_illegal_import_LDADD) $(LIBS) + +rsa-psk$(EXEEXT): $(rsa_psk_OBJECTS) $(rsa_psk_DEPENDENCIES) $(EXTRA_rsa_psk_DEPENDENCIES) + @rm -f rsa-psk$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rsa_psk_OBJECTS) $(rsa_psk_LDADD) $(LIBS) + +rsa-psk-cb$(EXEEXT): $(rsa_psk_cb_OBJECTS) $(rsa_psk_cb_DEPENDENCIES) $(EXTRA_rsa_psk_cb_DEPENDENCIES) + @rm -f rsa-psk-cb$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rsa_psk_cb_OBJECTS) $(rsa_psk_cb_LDADD) $(LIBS) + +rsa-rsa-pss$(EXEEXT): $(rsa_rsa_pss_OBJECTS) $(rsa_rsa_pss_DEPENDENCIES) $(EXTRA_rsa_rsa_pss_DEPENDENCIES) + @rm -f rsa-rsa-pss$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rsa_rsa_pss_OBJECTS) $(rsa_rsa_pss_LDADD) $(LIBS) +safe-renegotiation/$(am__dirstamp): + @$(MKDIR_P) safe-renegotiation + @: > safe-renegotiation/$(am__dirstamp) +safe-renegotiation/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) safe-renegotiation/$(DEPDIR) + @: > safe-renegotiation/$(DEPDIR)/$(am__dirstamp) +safe-renegotiation/srn0.$(OBJEXT): safe-renegotiation/$(am__dirstamp) \ + safe-renegotiation/$(DEPDIR)/$(am__dirstamp) + +safe-renegotiation/srn0$(EXEEXT): $(safe_renegotiation_srn0_OBJECTS) $(safe_renegotiation_srn0_DEPENDENCIES) $(EXTRA_safe_renegotiation_srn0_DEPENDENCIES) safe-renegotiation/$(am__dirstamp) + @rm -f safe-renegotiation/srn0$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(safe_renegotiation_srn0_OBJECTS) $(safe_renegotiation_srn0_LDADD) $(LIBS) +safe-renegotiation/srn1.$(OBJEXT): safe-renegotiation/$(am__dirstamp) \ + safe-renegotiation/$(DEPDIR)/$(am__dirstamp) + +safe-renegotiation/srn1$(EXEEXT): $(safe_renegotiation_srn1_OBJECTS) $(safe_renegotiation_srn1_DEPENDENCIES) $(EXTRA_safe_renegotiation_srn1_DEPENDENCIES) safe-renegotiation/$(am__dirstamp) + @rm -f safe-renegotiation/srn1$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(safe_renegotiation_srn1_OBJECTS) $(safe_renegotiation_srn1_LDADD) $(LIBS) +safe-renegotiation/srn2.$(OBJEXT): safe-renegotiation/$(am__dirstamp) \ + safe-renegotiation/$(DEPDIR)/$(am__dirstamp) + +safe-renegotiation/srn2$(EXEEXT): $(safe_renegotiation_srn2_OBJECTS) $(safe_renegotiation_srn2_DEPENDENCIES) $(EXTRA_safe_renegotiation_srn2_DEPENDENCIES) safe-renegotiation/$(am__dirstamp) + @rm -f safe-renegotiation/srn2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(safe_renegotiation_srn2_OBJECTS) $(safe_renegotiation_srn2_LDADD) $(LIBS) +safe-renegotiation/srn3.$(OBJEXT): safe-renegotiation/$(am__dirstamp) \ + safe-renegotiation/$(DEPDIR)/$(am__dirstamp) + +safe-renegotiation/srn3$(EXEEXT): $(safe_renegotiation_srn3_OBJECTS) $(safe_renegotiation_srn3_DEPENDENCIES) $(EXTRA_safe_renegotiation_srn3_DEPENDENCIES) safe-renegotiation/$(am__dirstamp) + @rm -f safe-renegotiation/srn3$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(safe_renegotiation_srn3_OBJECTS) $(safe_renegotiation_srn3_LDADD) $(LIBS) +safe-renegotiation/srn4.$(OBJEXT): safe-renegotiation/$(am__dirstamp) \ + safe-renegotiation/$(DEPDIR)/$(am__dirstamp) + +safe-renegotiation/srn4$(EXEEXT): $(safe_renegotiation_srn4_OBJECTS) $(safe_renegotiation_srn4_DEPENDENCIES) $(EXTRA_safe_renegotiation_srn4_DEPENDENCIES) safe-renegotiation/$(am__dirstamp) + @rm -f safe-renegotiation/srn4$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(safe_renegotiation_srn4_OBJECTS) $(safe_renegotiation_srn4_LDADD) $(LIBS) +safe-renegotiation/srn5.$(OBJEXT): safe-renegotiation/$(am__dirstamp) \ + safe-renegotiation/$(DEPDIR)/$(am__dirstamp) + +safe-renegotiation/srn5$(EXEEXT): $(safe_renegotiation_srn5_OBJECTS) $(safe_renegotiation_srn5_DEPENDENCIES) $(EXTRA_safe_renegotiation_srn5_DEPENDENCIES) safe-renegotiation/$(am__dirstamp) + @rm -f safe-renegotiation/srn5$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(safe_renegotiation_srn5_OBJECTS) $(safe_renegotiation_srn5_LDADD) $(LIBS) + +sanity-cpp$(EXEEXT): $(sanity_cpp_OBJECTS) $(sanity_cpp_DEPENDENCIES) $(EXTRA_sanity_cpp_DEPENDENCIES) + @rm -f sanity-cpp$(EXEEXT) + $(AM_V_CXXLD)$(sanity_cpp_LINK) $(sanity_cpp_OBJECTS) $(sanity_cpp_LDADD) $(LIBS) + +sec-params$(EXEEXT): $(sec_params_OBJECTS) $(sec_params_DEPENDENCIES) $(EXTRA_sec_params_DEPENDENCIES) + @rm -f sec-params$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sec_params_OBJECTS) $(sec_params_LDADD) $(LIBS) + +send-client-cert$(EXEEXT): $(send_client_cert_OBJECTS) $(send_client_cert_DEPENDENCIES) $(EXTRA_send_client_cert_DEPENDENCIES) + @rm -f send-client-cert$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(send_client_cert_OBJECTS) $(send_client_cert_LDADD) $(LIBS) + +send-data-before-handshake$(EXEEXT): $(send_data_before_handshake_OBJECTS) $(send_data_before_handshake_DEPENDENCIES) $(EXTRA_send_data_before_handshake_DEPENDENCIES) + @rm -f send-data-before-handshake$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(send_data_before_handshake_OBJECTS) $(send_data_before_handshake_LDADD) $(LIBS) + +server-sign-md5-rep$(EXEEXT): $(server_sign_md5_rep_OBJECTS) $(server_sign_md5_rep_DEPENDENCIES) $(EXTRA_server_sign_md5_rep_DEPENDENCIES) + @rm -f server-sign-md5-rep$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(server_sign_md5_rep_OBJECTS) $(server_sign_md5_rep_LDADD) $(LIBS) + +server_ecdsa_key$(EXEEXT): $(server_ecdsa_key_OBJECTS) $(server_ecdsa_key_DEPENDENCIES) $(EXTRA_server_ecdsa_key_DEPENDENCIES) + @rm -f server_ecdsa_key$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(server_ecdsa_key_OBJECTS) $(server_ecdsa_key_LDADD) $(LIBS) + +session-export-funcs$(EXEEXT): $(session_export_funcs_OBJECTS) $(session_export_funcs_DEPENDENCIES) $(EXTRA_session_export_funcs_DEPENDENCIES) + @rm -f session-export-funcs$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(session_export_funcs_OBJECTS) $(session_export_funcs_LDADD) $(LIBS) + +session-rdn-read$(EXEEXT): $(session_rdn_read_OBJECTS) $(session_rdn_read_DEPENDENCIES) $(EXTRA_session_rdn_read_DEPENDENCIES) + @rm -f session-rdn-read$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(session_rdn_read_OBJECTS) $(session_rdn_read_LDADD) $(LIBS) + +session-tickets-missing$(EXEEXT): $(session_tickets_missing_OBJECTS) $(session_tickets_missing_DEPENDENCIES) $(EXTRA_session_tickets_missing_DEPENDENCIES) + @rm -f session-tickets-missing$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(session_tickets_missing_OBJECTS) $(session_tickets_missing_LDADD) $(LIBS) + +session-tickets-ok$(EXEEXT): $(session_tickets_ok_OBJECTS) $(session_tickets_ok_DEPENDENCIES) $(EXTRA_session_tickets_ok_DEPENDENCIES) + @rm -f session-tickets-ok$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(session_tickets_ok_OBJECTS) $(session_tickets_ok_LDADD) $(LIBS) + +set-default-prio$(EXEEXT): $(set_default_prio_OBJECTS) $(set_default_prio_DEPENDENCIES) $(EXTRA_set_default_prio_DEPENDENCIES) + @rm -f set-default-prio$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_default_prio_OBJECTS) $(set_default_prio_LDADD) $(LIBS) + +set_key$(EXEEXT): $(set_key_OBJECTS) $(set_key_DEPENDENCIES) $(EXTRA_set_key_DEPENDENCIES) + @rm -f set_key$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_key_OBJECTS) $(set_key_LDADD) $(LIBS) + +set_key_utf8$(EXEEXT): $(set_key_utf8_OBJECTS) $(set_key_utf8_DEPENDENCIES) $(EXTRA_set_key_utf8_DEPENDENCIES) + @rm -f set_key_utf8$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_key_utf8_OBJECTS) $(set_key_utf8_LDADD) $(LIBS) + +set_known_dh_params_anon$(EXEEXT): $(set_known_dh_params_anon_OBJECTS) $(set_known_dh_params_anon_DEPENDENCIES) $(EXTRA_set_known_dh_params_anon_DEPENDENCIES) + @rm -f set_known_dh_params_anon$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_known_dh_params_anon_OBJECTS) $(set_known_dh_params_anon_LDADD) $(LIBS) + +set_known_dh_params_psk$(EXEEXT): $(set_known_dh_params_psk_OBJECTS) $(set_known_dh_params_psk_DEPENDENCIES) $(EXTRA_set_known_dh_params_psk_DEPENDENCIES) + @rm -f set_known_dh_params_psk$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_known_dh_params_psk_OBJECTS) $(set_known_dh_params_psk_LDADD) $(LIBS) + +set_known_dh_params_x509$(EXEEXT): $(set_known_dh_params_x509_OBJECTS) $(set_known_dh_params_x509_DEPENDENCIES) $(EXTRA_set_known_dh_params_x509_DEPENDENCIES) + @rm -f set_known_dh_params_x509$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_known_dh_params_x509_OBJECTS) $(set_known_dh_params_x509_LDADD) $(LIBS) + +set_pkcs12_cred$(EXEEXT): $(set_pkcs12_cred_OBJECTS) $(set_pkcs12_cred_DEPENDENCIES) $(EXTRA_set_pkcs12_cred_DEPENDENCIES) + @rm -f set_pkcs12_cred$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_pkcs12_cred_OBJECTS) $(set_pkcs12_cred_LDADD) $(LIBS) + +set_x509_key$(EXEEXT): $(set_x509_key_OBJECTS) $(set_x509_key_DEPENDENCIES) $(EXTRA_set_x509_key_DEPENDENCIES) + @rm -f set_x509_key$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_key_OBJECTS) $(set_x509_key_LDADD) $(LIBS) + +set_x509_key_file$(EXEEXT): $(set_x509_key_file_OBJECTS) $(set_x509_key_file_DEPENDENCIES) $(EXTRA_set_x509_key_file_DEPENDENCIES) + @rm -f set_x509_key_file$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_key_file_OBJECTS) $(set_x509_key_file_LDADD) $(LIBS) + +set_x509_key_file-late$(EXEEXT): $(set_x509_key_file_late_OBJECTS) $(set_x509_key_file_late_DEPENDENCIES) $(EXTRA_set_x509_key_file_late_DEPENDENCIES) + @rm -f set_x509_key_file-late$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_key_file_late_OBJECTS) $(set_x509_key_file_late_LDADD) $(LIBS) + +set_x509_key_file_der$(EXEEXT): $(set_x509_key_file_der_OBJECTS) $(set_x509_key_file_der_DEPENDENCIES) $(EXTRA_set_x509_key_file_der_DEPENDENCIES) + @rm -f set_x509_key_file_der$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_key_file_der_OBJECTS) $(set_x509_key_file_der_LDADD) $(LIBS) + +set_x509_key_file_legacy$(EXEEXT): $(set_x509_key_file_legacy_OBJECTS) $(set_x509_key_file_legacy_DEPENDENCIES) $(EXTRA_set_x509_key_file_legacy_DEPENDENCIES) + @rm -f set_x509_key_file_legacy$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_key_file_legacy_OBJECTS) $(set_x509_key_file_legacy_LDADD) $(LIBS) + +set_x509_key_file_ocsp$(EXEEXT): $(set_x509_key_file_ocsp_OBJECTS) $(set_x509_key_file_ocsp_DEPENDENCIES) $(EXTRA_set_x509_key_file_ocsp_DEPENDENCIES) + @rm -f set_x509_key_file_ocsp$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_key_file_ocsp_OBJECTS) $(set_x509_key_file_ocsp_LDADD) $(LIBS) + +set_x509_key_file_ocsp_multi2$(EXEEXT): $(set_x509_key_file_ocsp_multi2_OBJECTS) $(set_x509_key_file_ocsp_multi2_DEPENDENCIES) $(EXTRA_set_x509_key_file_ocsp_multi2_DEPENDENCIES) + @rm -f set_x509_key_file_ocsp_multi2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_key_file_ocsp_multi2_OBJECTS) $(set_x509_key_file_ocsp_multi2_LDADD) $(LIBS) + +set_x509_key_mem$(EXEEXT): $(set_x509_key_mem_OBJECTS) $(set_x509_key_mem_DEPENDENCIES) $(EXTRA_set_x509_key_mem_DEPENDENCIES) + @rm -f set_x509_key_mem$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_key_mem_OBJECTS) $(set_x509_key_mem_LDADD) $(LIBS) + +set_x509_key_utf8$(EXEEXT): $(set_x509_key_utf8_OBJECTS) $(set_x509_key_utf8_DEPENDENCIES) $(EXTRA_set_x509_key_utf8_DEPENDENCIES) + @rm -f set_x509_key_utf8$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_key_utf8_OBJECTS) $(set_x509_key_utf8_LDADD) $(LIBS) + +set_x509_ocsp_multi_cli$(EXEEXT): $(set_x509_ocsp_multi_cli_OBJECTS) $(set_x509_ocsp_multi_cli_DEPENDENCIES) $(EXTRA_set_x509_ocsp_multi_cli_DEPENDENCIES) + @rm -f set_x509_ocsp_multi_cli$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_ocsp_multi_cli_OBJECTS) $(set_x509_ocsp_multi_cli_LDADD) $(LIBS) + +set_x509_ocsp_multi_invalid$(EXEEXT): $(set_x509_ocsp_multi_invalid_OBJECTS) $(set_x509_ocsp_multi_invalid_DEPENDENCIES) $(EXTRA_set_x509_ocsp_multi_invalid_DEPENDENCIES) + @rm -f set_x509_ocsp_multi_invalid$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_ocsp_multi_invalid_OBJECTS) $(set_x509_ocsp_multi_invalid_LDADD) $(LIBS) + +set_x509_ocsp_multi_pem$(EXEEXT): $(set_x509_ocsp_multi_pem_OBJECTS) $(set_x509_ocsp_multi_pem_DEPENDENCIES) $(EXTRA_set_x509_ocsp_multi_pem_DEPENDENCIES) + @rm -f set_x509_ocsp_multi_pem$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_ocsp_multi_pem_OBJECTS) $(set_x509_ocsp_multi_pem_LDADD) $(LIBS) + +set_x509_ocsp_multi_unknown$(EXEEXT): $(set_x509_ocsp_multi_unknown_OBJECTS) $(set_x509_ocsp_multi_unknown_DEPENDENCIES) $(EXTRA_set_x509_ocsp_multi_unknown_DEPENDENCIES) + @rm -f set_x509_ocsp_multi_unknown$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_ocsp_multi_unknown_OBJECTS) $(set_x509_ocsp_multi_unknown_LDADD) $(LIBS) + +set_x509_pkcs12_key$(EXEEXT): $(set_x509_pkcs12_key_OBJECTS) $(set_x509_pkcs12_key_DEPENDENCIES) $(EXTRA_set_x509_pkcs12_key_DEPENDENCIES) + @rm -f set_x509_pkcs12_key$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(set_x509_pkcs12_key_OBJECTS) $(set_x509_pkcs12_key_LDADD) $(LIBS) + +setcredcrash$(EXEEXT): $(setcredcrash_OBJECTS) $(setcredcrash_DEPENDENCIES) $(EXTRA_setcredcrash_DEPENDENCIES) + @rm -f setcredcrash$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(setcredcrash_OBJECTS) $(setcredcrash_LDADD) $(LIBS) + +sign-is-secure$(EXEEXT): $(sign_is_secure_OBJECTS) $(sign_is_secure_DEPENDENCIES) $(EXTRA_sign_is_secure_DEPENDENCIES) + @rm -f sign-is-secure$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sign_is_secure_OBJECTS) $(sign_is_secure_LDADD) $(LIBS) + +sign-pk-api$(EXEEXT): $(sign_pk_api_OBJECTS) $(sign_pk_api_DEPENDENCIES) $(EXTRA_sign_pk_api_DEPENDENCIES) + @rm -f sign-pk-api$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sign_pk_api_OBJECTS) $(sign_pk_api_LDADD) $(LIBS) + +sign-verify$(EXEEXT): $(sign_verify_OBJECTS) $(sign_verify_DEPENDENCIES) $(EXTRA_sign_verify_DEPENDENCIES) + @rm -f sign-verify$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sign_verify_OBJECTS) $(sign_verify_LDADD) $(LIBS) + +sign-verify-data$(EXEEXT): $(sign_verify_data_OBJECTS) $(sign_verify_data_DEPENDENCIES) $(EXTRA_sign_verify_data_DEPENDENCIES) + @rm -f sign-verify-data$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sign_verify_data_OBJECTS) $(sign_verify_data_LDADD) $(LIBS) + +sign-verify-data-newapi$(EXEEXT): $(sign_verify_data_newapi_OBJECTS) $(sign_verify_data_newapi_DEPENDENCIES) $(EXTRA_sign_verify_data_newapi_DEPENDENCIES) + @rm -f sign-verify-data-newapi$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sign_verify_data_newapi_OBJECTS) $(sign_verify_data_newapi_LDADD) $(LIBS) + +sign-verify-deterministic$(EXEEXT): $(sign_verify_deterministic_OBJECTS) $(sign_verify_deterministic_DEPENDENCIES) $(EXTRA_sign_verify_deterministic_DEPENDENCIES) + @rm -f sign-verify-deterministic$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sign_verify_deterministic_OBJECTS) $(sign_verify_deterministic_LDADD) $(LIBS) + +sign-verify-ed25519-rfc8080$(EXEEXT): $(sign_verify_ed25519_rfc8080_OBJECTS) $(sign_verify_ed25519_rfc8080_DEPENDENCIES) $(EXTRA_sign_verify_ed25519_rfc8080_DEPENDENCIES) + @rm -f sign-verify-ed25519-rfc8080$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sign_verify_ed25519_rfc8080_OBJECTS) $(sign_verify_ed25519_rfc8080_LDADD) $(LIBS) + +sign-verify-ext$(EXEEXT): $(sign_verify_ext_OBJECTS) $(sign_verify_ext_DEPENDENCIES) $(EXTRA_sign_verify_ext_DEPENDENCIES) + @rm -f sign-verify-ext$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sign_verify_ext_OBJECTS) $(sign_verify_ext_LDADD) $(LIBS) + +sign-verify-ext4$(EXEEXT): $(sign_verify_ext4_OBJECTS) $(sign_verify_ext4_DEPENDENCIES) $(EXTRA_sign_verify_ext4_DEPENDENCIES) + @rm -f sign-verify-ext4$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sign_verify_ext4_OBJECTS) $(sign_verify_ext4_LDADD) $(LIBS) + +sign-verify-newapi$(EXEEXT): $(sign_verify_newapi_OBJECTS) $(sign_verify_newapi_DEPENDENCIES) $(EXTRA_sign_verify_newapi_DEPENDENCIES) + @rm -f sign-verify-newapi$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(sign_verify_newapi_OBJECTS) $(sign_verify_newapi_LDADD) $(LIBS) + +simple$(EXEEXT): $(simple_OBJECTS) $(simple_DEPENDENCIES) $(EXTRA_simple_DEPENDENCIES) + @rm -f simple$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(simple_OBJECTS) $(simple_LDADD) $(LIBS) + +spki$(EXEEXT): $(spki_OBJECTS) $(spki_DEPENDENCIES) $(EXTRA_spki_DEPENDENCIES) + @rm -f spki$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(spki_OBJECTS) $(spki_LDADD) $(LIBS) + +spki-abstract$(EXEEXT): $(spki_abstract_OBJECTS) $(spki_abstract_DEPENDENCIES) $(EXTRA_spki_abstract_DEPENDENCIES) + @rm -f spki-abstract$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(spki_abstract_OBJECTS) $(spki_abstract_LDADD) $(LIBS) + +srp$(EXEEXT): $(srp_OBJECTS) $(srp_DEPENDENCIES) $(EXTRA_srp_DEPENDENCIES) + @rm -f srp$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(srp_OBJECTS) $(srp_LDADD) $(LIBS) + +srpbase64$(EXEEXT): $(srpbase64_OBJECTS) $(srpbase64_DEPENDENCIES) $(EXTRA_srpbase64_DEPENDENCIES) + @rm -f srpbase64$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(srpbase64_OBJECTS) $(srpbase64_LDADD) $(LIBS) + +ssl2-hello$(EXEEXT): $(ssl2_hello_OBJECTS) $(ssl2_hello_DEPENDENCIES) $(EXTRA_ssl2_hello_DEPENDENCIES) + @rm -f ssl2-hello$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ssl2_hello_OBJECTS) $(ssl2_hello_LDADD) $(LIBS) + +ssl30-cert-key-exchange$(EXEEXT): $(ssl30_cert_key_exchange_OBJECTS) $(ssl30_cert_key_exchange_DEPENDENCIES) $(EXTRA_ssl30_cert_key_exchange_DEPENDENCIES) + @rm -f ssl30-cert-key-exchange$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ssl30_cert_key_exchange_OBJECTS) $(ssl30_cert_key_exchange_LDADD) $(LIBS) + +ssl30-cipher-neg$(EXEEXT): $(ssl30_cipher_neg_OBJECTS) $(ssl30_cipher_neg_DEPENDENCIES) $(EXTRA_ssl30_cipher_neg_DEPENDENCIES) + @rm -f ssl30-cipher-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ssl30_cipher_neg_OBJECTS) $(ssl30_cipher_neg_LDADD) $(LIBS) + +ssl30-server-kx-neg$(EXEEXT): $(ssl30_server_kx_neg_OBJECTS) $(ssl30_server_kx_neg_DEPENDENCIES) $(EXTRA_ssl30_server_kx_neg_DEPENDENCIES) + @rm -f ssl30-server-kx-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ssl30_server_kx_neg_OBJECTS) $(ssl30_server_kx_neg_LDADD) $(LIBS) + +status-request$(EXEEXT): $(status_request_OBJECTS) $(status_request_DEPENDENCIES) $(EXTRA_status_request_DEPENDENCIES) + @rm -f status-request$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(status_request_OBJECTS) $(status_request_LDADD) $(LIBS) + +status-request-ext$(EXEEXT): $(status_request_ext_OBJECTS) $(status_request_ext_DEPENDENCIES) $(EXTRA_status_request_ext_DEPENDENCIES) + @rm -f status-request-ext$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(status_request_ext_OBJECTS) $(status_request_ext_LDADD) $(LIBS) + +status-request-ok$(EXEEXT): $(status_request_ok_OBJECTS) $(status_request_ok_DEPENDENCIES) $(EXTRA_status_request_ok_DEPENDENCIES) + @rm -f status-request-ok$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(status_request_ok_OBJECTS) $(status_request_ok_LDADD) $(LIBS) + +status-request-revoked$(EXEEXT): $(status_request_revoked_OBJECTS) $(status_request_revoked_DEPENDENCIES) $(EXTRA_status_request_revoked_DEPENDENCIES) + @rm -f status-request-revoked$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(status_request_revoked_OBJECTS) $(status_request_revoked_LDADD) $(LIBS) + +str-idna$(EXEEXT): $(str_idna_OBJECTS) $(str_idna_DEPENDENCIES) $(EXTRA_str_idna_DEPENDENCIES) + @rm -f str-idna$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(str_idna_OBJECTS) $(str_idna_LDADD) $(LIBS) + +str-unicode$(EXEEXT): $(str_unicode_OBJECTS) $(str_unicode_DEPENDENCIES) $(EXTRA_str_unicode_DEPENDENCIES) + @rm -f str-unicode$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(str_unicode_OBJECTS) $(str_unicode_LDADD) $(LIBS) + +strict-der$(EXEEXT): $(strict_der_OBJECTS) $(strict_der_DEPENDENCIES) $(EXTRA_strict_der_DEPENDENCIES) + @rm -f strict-der$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(strict_der_OBJECTS) $(strict_der_LDADD) $(LIBS) + +system-override-curves-allowlist$(EXEEXT): $(system_override_curves_allowlist_OBJECTS) $(system_override_curves_allowlist_DEPENDENCIES) $(EXTRA_system_override_curves_allowlist_DEPENDENCIES) + @rm -f system-override-curves-allowlist$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(system_override_curves_allowlist_OBJECTS) $(system_override_curves_allowlist_LDADD) $(LIBS) + +system-override-hash$(EXEEXT): $(system_override_hash_OBJECTS) $(system_override_hash_DEPENDENCIES) $(EXTRA_system_override_hash_DEPENDENCIES) + @rm -f system-override-hash$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(system_override_hash_OBJECTS) $(system_override_hash_LDADD) $(LIBS) + +system-override-sig$(EXEEXT): $(system_override_sig_OBJECTS) $(system_override_sig_DEPENDENCIES) $(EXTRA_system_override_sig_DEPENDENCIES) + @rm -f system-override-sig$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(system_override_sig_OBJECTS) $(system_override_sig_LDADD) $(LIBS) + +system-override-sig-tls$(EXEEXT): $(system_override_sig_tls_OBJECTS) $(system_override_sig_tls_DEPENDENCIES) $(EXTRA_system_override_sig_tls_DEPENDENCIES) + @rm -f system-override-sig-tls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(system_override_sig_tls_OBJECTS) $(system_override_sig_tls_LDADD) $(LIBS) + +system-prio-file$(EXEEXT): $(system_prio_file_OBJECTS) $(system_prio_file_DEPENDENCIES) $(EXTRA_system_prio_file_DEPENDENCIES) + @rm -f system-prio-file$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(system_prio_file_OBJECTS) $(system_prio_file_LDADD) $(LIBS) + +time$(EXEEXT): $(time_OBJECTS) $(time_DEPENDENCIES) $(EXTRA_time_DEPENDENCIES) + @rm -f time$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(time_OBJECTS) $(time_LDADD) $(LIBS) + +tls-channel-binding$(EXEEXT): $(tls_channel_binding_OBJECTS) $(tls_channel_binding_DEPENDENCIES) $(EXTRA_tls_channel_binding_DEPENDENCIES) + @rm -f tls-channel-binding$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_channel_binding_OBJECTS) $(tls_channel_binding_LDADD) $(LIBS) + +tls-client-with-seccomp$(EXEEXT): $(tls_client_with_seccomp_OBJECTS) $(tls_client_with_seccomp_DEPENDENCIES) $(EXTRA_tls_client_with_seccomp_DEPENDENCIES) + @rm -f tls-client-with-seccomp$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_client_with_seccomp_OBJECTS) $(tls_client_with_seccomp_LDADD) $(LIBS) + +tls-crt_type-neg$(EXEEXT): $(tls_crt_type_neg_OBJECTS) $(tls_crt_type_neg_DEPENDENCIES) $(EXTRA_tls_crt_type_neg_DEPENDENCIES) + @rm -f tls-crt_type-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_crt_type_neg_OBJECTS) $(tls_crt_type_neg_LDADD) $(LIBS) + +tls-etm$(EXEEXT): $(tls_etm_OBJECTS) $(tls_etm_DEPENDENCIES) $(EXTRA_tls_etm_DEPENDENCIES) + @rm -f tls-etm$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_etm_OBJECTS) $(tls_etm_LDADD) $(LIBS) + +tls-ext-not-in-dtls$(EXEEXT): $(tls_ext_not_in_dtls_OBJECTS) $(tls_ext_not_in_dtls_DEPENDENCIES) $(EXTRA_tls_ext_not_in_dtls_DEPENDENCIES) + @rm -f tls-ext-not-in-dtls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_ext_not_in_dtls_OBJECTS) $(tls_ext_not_in_dtls_LDADD) $(LIBS) + +tls-ext-register$(EXEEXT): $(tls_ext_register_OBJECTS) $(tls_ext_register_DEPENDENCIES) $(EXTRA_tls_ext_register_DEPENDENCIES) + @rm -f tls-ext-register$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_ext_register_OBJECTS) $(tls_ext_register_LDADD) $(LIBS) + +tls-force-etm$(EXEEXT): $(tls_force_etm_OBJECTS) $(tls_force_etm_DEPENDENCIES) $(EXTRA_tls_force_etm_DEPENDENCIES) + @rm -f tls-force-etm$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_force_etm_OBJECTS) $(tls_force_etm_LDADD) $(LIBS) + +tls-neg-ext-key$(EXEEXT): $(tls_neg_ext_key_OBJECTS) $(tls_neg_ext_key_DEPENDENCIES) $(EXTRA_tls_neg_ext_key_DEPENDENCIES) + @rm -f tls-neg-ext-key$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_neg_ext_key_OBJECTS) $(tls_neg_ext_key_LDADD) $(LIBS) + +tls-neg-ext4-key$(EXEEXT): $(tls_neg_ext4_key_OBJECTS) $(tls_neg_ext4_key_DEPENDENCIES) $(EXTRA_tls_neg_ext4_key_DEPENDENCIES) + @rm -f tls-neg-ext4-key$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_neg_ext4_key_OBJECTS) $(tls_neg_ext4_key_LDADD) $(LIBS) + +tls-pthread$(EXEEXT): $(tls_pthread_OBJECTS) $(tls_pthread_DEPENDENCIES) $(EXTRA_tls_pthread_DEPENDENCIES) + @rm -f tls-pthread$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_pthread_OBJECTS) $(tls_pthread_LDADD) $(LIBS) + +tls-record-size-limit$(EXEEXT): $(tls_record_size_limit_OBJECTS) $(tls_record_size_limit_DEPENDENCIES) $(EXTRA_tls_record_size_limit_DEPENDENCIES) + @rm -f tls-record-size-limit$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_record_size_limit_OBJECTS) $(tls_record_size_limit_LDADD) $(LIBS) + +tls-record-size-limit-asym$(EXEEXT): $(tls_record_size_limit_asym_OBJECTS) $(tls_record_size_limit_asym_DEPENDENCIES) $(EXTRA_tls_record_size_limit_asym_DEPENDENCIES) + @rm -f tls-record-size-limit-asym$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_record_size_limit_asym_OBJECTS) $(tls_record_size_limit_asym_LDADD) $(LIBS) + +tls-session-ext-override$(EXEEXT): $(tls_session_ext_override_OBJECTS) $(tls_session_ext_override_DEPENDENCIES) $(EXTRA_tls_session_ext_override_DEPENDENCIES) + @rm -f tls-session-ext-override$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_session_ext_override_OBJECTS) $(tls_session_ext_override_LDADD) $(LIBS) + +tls-session-ext-register$(EXEEXT): $(tls_session_ext_register_OBJECTS) $(tls_session_ext_register_DEPENDENCIES) $(EXTRA_tls_session_ext_register_DEPENDENCIES) + @rm -f tls-session-ext-register$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_session_ext_register_OBJECTS) $(tls_session_ext_register_LDADD) $(LIBS) + +tls-session-supplemental$(EXEEXT): $(tls_session_supplemental_OBJECTS) $(tls_session_supplemental_DEPENDENCIES) $(EXTRA_tls_session_supplemental_DEPENDENCIES) + @rm -f tls-session-supplemental$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_session_supplemental_OBJECTS) $(tls_session_supplemental_LDADD) $(LIBS) + +tls-supplemental$(EXEEXT): $(tls_supplemental_OBJECTS) $(tls_supplemental_DEPENDENCIES) $(EXTRA_tls_supplemental_DEPENDENCIES) + @rm -f tls-supplemental$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_supplemental_OBJECTS) $(tls_supplemental_LDADD) $(LIBS) + +tls-with-seccomp$(EXEEXT): $(tls_with_seccomp_OBJECTS) $(tls_with_seccomp_DEPENDENCIES) $(EXTRA_tls_with_seccomp_DEPENDENCIES) + @rm -f tls-with-seccomp$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls_with_seccomp_OBJECTS) $(tls_with_seccomp_LDADD) $(LIBS) + +tls10-cert-key-exchange$(EXEEXT): $(tls10_cert_key_exchange_OBJECTS) $(tls10_cert_key_exchange_DEPENDENCIES) $(EXTRA_tls10_cert_key_exchange_DEPENDENCIES) + @rm -f tls10-cert-key-exchange$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls10_cert_key_exchange_OBJECTS) $(tls10_cert_key_exchange_LDADD) $(LIBS) + +tls10-cipher-neg$(EXEEXT): $(tls10_cipher_neg_OBJECTS) $(tls10_cipher_neg_DEPENDENCIES) $(EXTRA_tls10_cipher_neg_DEPENDENCIES) + @rm -f tls10-cipher-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls10_cipher_neg_OBJECTS) $(tls10_cipher_neg_LDADD) $(LIBS) + +tls10-prf$(EXEEXT): $(tls10_prf_OBJECTS) $(tls10_prf_DEPENDENCIES) $(EXTRA_tls10_prf_DEPENDENCIES) + @rm -f tls10-prf$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls10_prf_OBJECTS) $(tls10_prf_LDADD) $(LIBS) + +tls10-server-kx-neg$(EXEEXT): $(tls10_server_kx_neg_OBJECTS) $(tls10_server_kx_neg_DEPENDENCIES) $(EXTRA_tls10_server_kx_neg_DEPENDENCIES) + @rm -f tls10-server-kx-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls10_server_kx_neg_OBJECTS) $(tls10_server_kx_neg_LDADD) $(LIBS) + +tls11-cert-key-exchange$(EXEEXT): $(tls11_cert_key_exchange_OBJECTS) $(tls11_cert_key_exchange_DEPENDENCIES) $(EXTRA_tls11_cert_key_exchange_DEPENDENCIES) + @rm -f tls11-cert-key-exchange$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls11_cert_key_exchange_OBJECTS) $(tls11_cert_key_exchange_LDADD) $(LIBS) +tls13/$(am__dirstamp): + @$(MKDIR_P) tls13 + @: > tls13/$(am__dirstamp) +tls13/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) tls13/$(DEPDIR) + @: > tls13/$(DEPDIR)/$(am__dirstamp) +tls13/tls11_check_rollback_val-rnd-check-rollback-val.$(OBJEXT): \ + tls13/$(am__dirstamp) tls13/$(DEPDIR)/$(am__dirstamp) + +tls11-check-rollback-val$(EXEEXT): $(tls11_check_rollback_val_OBJECTS) $(tls11_check_rollback_val_DEPENDENCIES) $(EXTRA_tls11_check_rollback_val_DEPENDENCIES) + @rm -f tls11-check-rollback-val$(EXEEXT) + $(AM_V_CCLD)$(tls11_check_rollback_val_LINK) $(tls11_check_rollback_val_OBJECTS) $(tls11_check_rollback_val_LDADD) $(LIBS) + +tls11-cipher-neg$(EXEEXT): $(tls11_cipher_neg_OBJECTS) $(tls11_cipher_neg_DEPENDENCIES) $(EXTRA_tls11_cipher_neg_DEPENDENCIES) + @rm -f tls11-cipher-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls11_cipher_neg_OBJECTS) $(tls11_cipher_neg_LDADD) $(LIBS) +tls13/tls11_rollback_detection-rnd-rollback-detection.$(OBJEXT): \ + tls13/$(am__dirstamp) tls13/$(DEPDIR)/$(am__dirstamp) + +tls11-rollback-detection$(EXEEXT): $(tls11_rollback_detection_OBJECTS) $(tls11_rollback_detection_DEPENDENCIES) $(EXTRA_tls11_rollback_detection_DEPENDENCIES) + @rm -f tls11-rollback-detection$(EXEEXT) + $(AM_V_CCLD)$(tls11_rollback_detection_LINK) $(tls11_rollback_detection_OBJECTS) $(tls11_rollback_detection_LDADD) $(LIBS) + +tls11-server-kx-neg$(EXEEXT): $(tls11_server_kx_neg_OBJECTS) $(tls11_server_kx_neg_DEPENDENCIES) $(EXTRA_tls11_server_kx_neg_DEPENDENCIES) + @rm -f tls11-server-kx-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls11_server_kx_neg_OBJECTS) $(tls11_server_kx_neg_LDADD) $(LIBS) + +tls12-anon-upgrade$(EXEEXT): $(tls12_anon_upgrade_OBJECTS) $(tls12_anon_upgrade_DEPENDENCIES) $(EXTRA_tls12_anon_upgrade_DEPENDENCIES) + @rm -f tls12-anon-upgrade$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_anon_upgrade_OBJECTS) $(tls12_anon_upgrade_LDADD) $(LIBS) + +tls12-cert-key-exchange$(EXEEXT): $(tls12_cert_key_exchange_OBJECTS) $(tls12_cert_key_exchange_DEPENDENCIES) $(EXTRA_tls12_cert_key_exchange_DEPENDENCIES) + @rm -f tls12-cert-key-exchange$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_cert_key_exchange_OBJECTS) $(tls12_cert_key_exchange_LDADD) $(LIBS) +tls13/tls12_check_rollback_val-rnd-check-rollback-val.$(OBJEXT): \ + tls13/$(am__dirstamp) tls13/$(DEPDIR)/$(am__dirstamp) + +tls12-check-rollback-val$(EXEEXT): $(tls12_check_rollback_val_OBJECTS) $(tls12_check_rollback_val_DEPENDENCIES) $(EXTRA_tls12_check_rollback_val_DEPENDENCIES) + @rm -f tls12-check-rollback-val$(EXEEXT) + $(AM_V_CCLD)$(tls12_check_rollback_val_LINK) $(tls12_check_rollback_val_OBJECTS) $(tls12_check_rollback_val_LDADD) $(LIBS) + +tls12-cipher-neg$(EXEEXT): $(tls12_cipher_neg_OBJECTS) $(tls12_cipher_neg_DEPENDENCIES) $(EXTRA_tls12_cipher_neg_DEPENDENCIES) + @rm -f tls12-cipher-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_cipher_neg_OBJECTS) $(tls12_cipher_neg_LDADD) $(LIBS) + +tls12-ffdhe$(EXEEXT): $(tls12_ffdhe_OBJECTS) $(tls12_ffdhe_DEPENDENCIES) $(EXTRA_tls12_ffdhe_DEPENDENCIES) + @rm -f tls12-ffdhe$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_ffdhe_OBJECTS) $(tls12_ffdhe_LDADD) $(LIBS) + +tls12-invalid-key-exchanges$(EXEEXT): $(tls12_invalid_key_exchanges_OBJECTS) $(tls12_invalid_key_exchanges_DEPENDENCIES) $(EXTRA_tls12_invalid_key_exchanges_DEPENDENCIES) + @rm -f tls12-invalid-key-exchanges$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_invalid_key_exchanges_OBJECTS) $(tls12_invalid_key_exchanges_LDADD) $(LIBS) + +tls12-max-record$(EXEEXT): $(tls12_max_record_OBJECTS) $(tls12_max_record_DEPENDENCIES) $(EXTRA_tls12_max_record_DEPENDENCIES) + @rm -f tls12-max-record$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_max_record_OBJECTS) $(tls12_max_record_LDADD) $(LIBS) + +tls12-prf$(EXEEXT): $(tls12_prf_OBJECTS) $(tls12_prf_DEPENDENCIES) $(EXTRA_tls12_prf_DEPENDENCIES) + @rm -f tls12-prf$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_prf_OBJECTS) $(tls12_prf_LDADD) $(LIBS) + +tls12-rehandshake-cert$(EXEEXT): $(tls12_rehandshake_cert_OBJECTS) $(tls12_rehandshake_cert_DEPENDENCIES) $(EXTRA_tls12_rehandshake_cert_DEPENDENCIES) + @rm -f tls12-rehandshake-cert$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_rehandshake_cert_OBJECTS) $(tls12_rehandshake_cert_LDADD) $(LIBS) + +tls12-rehandshake-cert-2$(EXEEXT): $(tls12_rehandshake_cert_2_OBJECTS) $(tls12_rehandshake_cert_2_DEPENDENCIES) $(EXTRA_tls12_rehandshake_cert_2_DEPENDENCIES) + @rm -f tls12-rehandshake-cert-2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_rehandshake_cert_2_OBJECTS) $(tls12_rehandshake_cert_2_LDADD) $(LIBS) + +tls12-rehandshake-cert-3$(EXEEXT): $(tls12_rehandshake_cert_3_OBJECTS) $(tls12_rehandshake_cert_3_DEPENDENCIES) $(EXTRA_tls12_rehandshake_cert_3_DEPENDENCIES) + @rm -f tls12-rehandshake-cert-3$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_rehandshake_cert_3_OBJECTS) $(tls12_rehandshake_cert_3_LDADD) $(LIBS) + +tls12-rehandshake-cert-auto$(EXEEXT): $(tls12_rehandshake_cert_auto_OBJECTS) $(tls12_rehandshake_cert_auto_DEPENDENCIES) $(EXTRA_tls12_rehandshake_cert_auto_DEPENDENCIES) + @rm -f tls12-rehandshake-cert-auto$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_rehandshake_cert_auto_OBJECTS) $(tls12_rehandshake_cert_auto_LDADD) $(LIBS) + +tls12-rehandshake-set-prio$(EXEEXT): $(tls12_rehandshake_set_prio_OBJECTS) $(tls12_rehandshake_set_prio_DEPENDENCIES) $(EXTRA_tls12_rehandshake_set_prio_DEPENDENCIES) + @rm -f tls12-rehandshake-set-prio$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_rehandshake_set_prio_OBJECTS) $(tls12_rehandshake_set_prio_LDADD) $(LIBS) + +tls12-resume-anon$(EXEEXT): $(tls12_resume_anon_OBJECTS) $(tls12_resume_anon_DEPENDENCIES) $(EXTRA_tls12_resume_anon_DEPENDENCIES) + @rm -f tls12-resume-anon$(EXEEXT) + $(AM_V_CCLD)$(tls12_resume_anon_LINK) $(tls12_resume_anon_OBJECTS) $(tls12_resume_anon_LDADD) $(LIBS) + +tls12-resume-psk$(EXEEXT): $(tls12_resume_psk_OBJECTS) $(tls12_resume_psk_DEPENDENCIES) $(EXTRA_tls12_resume_psk_DEPENDENCIES) + @rm -f tls12-resume-psk$(EXEEXT) + $(AM_V_CCLD)$(tls12_resume_psk_LINK) $(tls12_resume_psk_OBJECTS) $(tls12_resume_psk_LDADD) $(LIBS) + +tls12-resume-x509$(EXEEXT): $(tls12_resume_x509_OBJECTS) $(tls12_resume_x509_DEPENDENCIES) $(EXTRA_tls12_resume_x509_DEPENDENCIES) + @rm -f tls12-resume-x509$(EXEEXT) + $(AM_V_CCLD)$(tls12_resume_x509_LINK) $(tls12_resume_x509_OBJECTS) $(tls12_resume_x509_LDADD) $(LIBS) +tls13/tls12_rollback_detection-rnd-rollback-detection.$(OBJEXT): \ + tls13/$(am__dirstamp) tls13/$(DEPDIR)/$(am__dirstamp) + +tls12-rollback-detection$(EXEEXT): $(tls12_rollback_detection_OBJECTS) $(tls12_rollback_detection_DEPENDENCIES) $(EXTRA_tls12_rollback_detection_DEPENDENCIES) + @rm -f tls12-rollback-detection$(EXEEXT) + $(AM_V_CCLD)$(tls12_rollback_detection_LINK) $(tls12_rollback_detection_OBJECTS) $(tls12_rollback_detection_LDADD) $(LIBS) + +tls12-server-kx-neg$(EXEEXT): $(tls12_server_kx_neg_OBJECTS) $(tls12_server_kx_neg_DEPENDENCIES) $(EXTRA_tls12_server_kx_neg_DEPENDENCIES) + @rm -f tls12-server-kx-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls12_server_kx_neg_OBJECTS) $(tls12_server_kx_neg_LDADD) $(LIBS) + +tls13-cert-key-exchange$(EXEEXT): $(tls13_cert_key_exchange_OBJECTS) $(tls13_cert_key_exchange_DEPENDENCIES) $(EXTRA_tls13_cert_key_exchange_DEPENDENCIES) + @rm -f tls13-cert-key-exchange$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_cert_key_exchange_OBJECTS) $(tls13_cert_key_exchange_LDADD) $(LIBS) + +tls13-cipher-neg$(EXEEXT): $(tls13_cipher_neg_OBJECTS) $(tls13_cipher_neg_DEPENDENCIES) $(EXTRA_tls13_cipher_neg_DEPENDENCIES) + @rm -f tls13-cipher-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_cipher_neg_OBJECTS) $(tls13_cipher_neg_LDADD) $(LIBS) + +tls13-compat-mode$(EXEEXT): $(tls13_compat_mode_OBJECTS) $(tls13_compat_mode_DEPENDENCIES) $(EXTRA_tls13_compat_mode_DEPENDENCIES) + @rm -f tls13-compat-mode$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_compat_mode_OBJECTS) $(tls13_compat_mode_LDADD) $(LIBS) + +tls13-early-data$(EXEEXT): $(tls13_early_data_OBJECTS) $(tls13_early_data_DEPENDENCIES) $(EXTRA_tls13_early_data_DEPENDENCIES) + @rm -f tls13-early-data$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_early_data_OBJECTS) $(tls13_early_data_LDADD) $(LIBS) + +tls13-early-data-neg$(EXEEXT): $(tls13_early_data_neg_OBJECTS) $(tls13_early_data_neg_DEPENDENCIES) $(EXTRA_tls13_early_data_neg_DEPENDENCIES) + @rm -f tls13-early-data-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_early_data_neg_OBJECTS) $(tls13_early_data_neg_LDADD) $(LIBS) + +tls13-early-data-neg2$(EXEEXT): $(tls13_early_data_neg2_OBJECTS) $(tls13_early_data_neg2_DEPENDENCIES) $(EXTRA_tls13_early_data_neg2_DEPENDENCIES) + @rm -f tls13-early-data-neg2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_early_data_neg2_OBJECTS) $(tls13_early_data_neg2_LDADD) $(LIBS) + +tls13-early-start$(EXEEXT): $(tls13_early_start_OBJECTS) $(tls13_early_start_DEPENDENCIES) $(EXTRA_tls13_early_start_DEPENDENCIES) + @rm -f tls13-early-start$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_early_start_OBJECTS) $(tls13_early_start_LDADD) $(LIBS) + +tls13-rehandshake-cert$(EXEEXT): $(tls13_rehandshake_cert_OBJECTS) $(tls13_rehandshake_cert_DEPENDENCIES) $(EXTRA_tls13_rehandshake_cert_DEPENDENCIES) + @rm -f tls13-rehandshake-cert$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_rehandshake_cert_OBJECTS) $(tls13_rehandshake_cert_LDADD) $(LIBS) + +tls13-resume-psk$(EXEEXT): $(tls13_resume_psk_OBJECTS) $(tls13_resume_psk_DEPENDENCIES) $(EXTRA_tls13_resume_psk_DEPENDENCIES) + @rm -f tls13-resume-psk$(EXEEXT) + $(AM_V_CCLD)$(tls13_resume_psk_LINK) $(tls13_resume_psk_OBJECTS) $(tls13_resume_psk_LDADD) $(LIBS) + +tls13-resume-x509$(EXEEXT): $(tls13_resume_x509_OBJECTS) $(tls13_resume_x509_DEPENDENCIES) $(EXTRA_tls13_resume_x509_DEPENDENCIES) + @rm -f tls13-resume-x509$(EXEEXT) + $(AM_V_CCLD)$(tls13_resume_x509_LINK) $(tls13_resume_x509_OBJECTS) $(tls13_resume_x509_LDADD) $(LIBS) + +tls13-server-kx-neg$(EXEEXT): $(tls13_server_kx_neg_OBJECTS) $(tls13_server_kx_neg_DEPENDENCIES) $(EXTRA_tls13_server_kx_neg_DEPENDENCIES) + @rm -f tls13-server-kx-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_server_kx_neg_OBJECTS) $(tls13_server_kx_neg_LDADD) $(LIBS) + +tls13-without-timeout-func$(EXEEXT): $(tls13_without_timeout_func_OBJECTS) $(tls13_without_timeout_func_DEPENDENCIES) $(EXTRA_tls13_without_timeout_func_DEPENDENCIES) + @rm -f tls13-without-timeout-func$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_without_timeout_func_OBJECTS) $(tls13_without_timeout_func_LDADD) $(LIBS) +tls13/anti_replay-anti_replay.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/anti_replay$(EXEEXT): $(tls13_anti_replay_OBJECTS) $(tls13_anti_replay_DEPENDENCIES) $(EXTRA_tls13_anti_replay_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/anti_replay$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_anti_replay_OBJECTS) $(tls13_anti_replay_LDADD) $(LIBS) +tls13/change_cipher_spec.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/change_cipher_spec$(EXEEXT): $(tls13_change_cipher_spec_OBJECTS) $(tls13_change_cipher_spec_DEPENDENCIES) $(EXTRA_tls13_change_cipher_spec_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/change_cipher_spec$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_change_cipher_spec_OBJECTS) $(tls13_change_cipher_spec_LDADD) $(LIBS) +tls13/compress-cert.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/compress-cert$(EXEEXT): $(tls13_compress_cert_OBJECTS) $(tls13_compress_cert_DEPENDENCIES) $(EXTRA_tls13_compress_cert_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/compress-cert$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_compress_cert_OBJECTS) $(tls13_compress_cert_LDADD) $(LIBS) +tls13/compress-cert-cli.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/compress-cert-cli$(EXEEXT): $(tls13_compress_cert_cli_OBJECTS) $(tls13_compress_cert_cli_DEPENDENCIES) $(EXTRA_tls13_compress_cert_cli_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/compress-cert-cli$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_compress_cert_cli_OBJECTS) $(tls13_compress_cert_cli_LDADD) $(LIBS) +tls13/compress-cert-neg.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/compress-cert-neg$(EXEEXT): $(tls13_compress_cert_neg_OBJECTS) $(tls13_compress_cert_neg_DEPENDENCIES) $(EXTRA_tls13_compress_cert_neg_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/compress-cert-neg$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_compress_cert_neg_OBJECTS) $(tls13_compress_cert_neg_LDADD) $(LIBS) +tls13/compress-cert-neg2.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/compress-cert-neg2$(EXEEXT): $(tls13_compress_cert_neg2_OBJECTS) $(tls13_compress_cert_neg2_DEPENDENCIES) $(EXTRA_tls13_compress_cert_neg2_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/compress-cert-neg2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_compress_cert_neg2_OBJECTS) $(tls13_compress_cert_neg2_LDADD) $(LIBS) +tls13/cookie.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/cookie$(EXEEXT): $(tls13_cookie_OBJECTS) $(tls13_cookie_DEPENDENCIES) $(EXTRA_tls13_cookie_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/cookie$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_cookie_OBJECTS) $(tls13_cookie_LDADD) $(LIBS) +tls13/hello_retry_request.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/hello_retry_request$(EXEEXT): $(tls13_hello_retry_request_OBJECTS) $(tls13_hello_retry_request_DEPENDENCIES) $(EXTRA_tls13_hello_retry_request_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/hello_retry_request$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_hello_retry_request_OBJECTS) $(tls13_hello_retry_request_LDADD) $(LIBS) +tls13/hello_retry_request_resume.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/hello_retry_request_resume$(EXEEXT): $(tls13_hello_retry_request_resume_OBJECTS) $(tls13_hello_retry_request_resume_DEPENDENCIES) $(EXTRA_tls13_hello_retry_request_resume_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/hello_retry_request_resume$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_hello_retry_request_resume_OBJECTS) $(tls13_hello_retry_request_resume_LDADD) $(LIBS) +tls13/key_limits.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/key_limits$(EXEEXT): $(tls13_key_limits_OBJECTS) $(tls13_key_limits_DEPENDENCIES) $(EXTRA_tls13_key_limits_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/key_limits$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_key_limits_OBJECTS) $(tls13_key_limits_LDADD) $(LIBS) +tls13/key_share.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/key_share$(EXEEXT): $(tls13_key_share_OBJECTS) $(tls13_key_share_DEPENDENCIES) $(EXTRA_tls13_key_share_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/key_share$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_key_share_OBJECTS) $(tls13_key_share_LDADD) $(LIBS) +tls13/key_update.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/key_update$(EXEEXT): $(tls13_key_update_OBJECTS) $(tls13_key_update_DEPENDENCIES) $(EXTRA_tls13_key_update_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/key_update$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_key_update_OBJECTS) $(tls13_key_update_LDADD) $(LIBS) +tls13/key_update_multiple.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/key_update_multiple$(EXEEXT): $(tls13_key_update_multiple_OBJECTS) $(tls13_key_update_multiple_DEPENDENCIES) $(EXTRA_tls13_key_update_multiple_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/key_update_multiple$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_key_update_multiple_OBJECTS) $(tls13_key_update_multiple_LDADD) $(LIBS) +tls13/multi-ocsp.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/multi-ocsp$(EXEEXT): $(tls13_multi_ocsp_OBJECTS) $(tls13_multi_ocsp_DEPENDENCIES) $(EXTRA_tls13_multi_ocsp_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/multi-ocsp$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_multi_ocsp_OBJECTS) $(tls13_multi_ocsp_LDADD) $(LIBS) +tls13/no-auto-send-ticket.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/no-auto-send-ticket$(EXEEXT): $(tls13_no_auto_send_ticket_OBJECTS) $(tls13_no_auto_send_ticket_DEPENDENCIES) $(EXTRA_tls13_no_auto_send_ticket_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/no-auto-send-ticket$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_no_auto_send_ticket_OBJECTS) $(tls13_no_auto_send_ticket_LDADD) $(LIBS) +tls13/no-psk-exts.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/no-psk-exts$(EXEEXT): $(tls13_no_psk_exts_OBJECTS) $(tls13_no_psk_exts_DEPENDENCIES) $(EXTRA_tls13_no_psk_exts_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/no-psk-exts$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_no_psk_exts_OBJECTS) $(tls13_no_psk_exts_LDADD) $(LIBS) +tls13/ocsp-client.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/ocsp-client$(EXEEXT): $(tls13_ocsp_client_OBJECTS) $(tls13_ocsp_client_DEPENDENCIES) $(EXTRA_tls13_ocsp_client_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/ocsp-client$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_ocsp_client_OBJECTS) $(tls13_ocsp_client_LDADD) $(LIBS) +tls13/post-handshake-with-cert.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/post-handshake-with-cert$(EXEEXT): $(tls13_post_handshake_with_cert_OBJECTS) $(tls13_post_handshake_with_cert_DEPENDENCIES) $(EXTRA_tls13_post_handshake_with_cert_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/post-handshake-with-cert$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_post_handshake_with_cert_OBJECTS) $(tls13_post_handshake_with_cert_LDADD) $(LIBS) +tls13/post-handshake-with-cert-auto.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/post-handshake-with-cert-auto$(EXEEXT): $(tls13_post_handshake_with_cert_auto_OBJECTS) $(tls13_post_handshake_with_cert_auto_DEPENDENCIES) $(EXTRA_tls13_post_handshake_with_cert_auto_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/post-handshake-with-cert-auto$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_post_handshake_with_cert_auto_OBJECTS) $(tls13_post_handshake_with_cert_auto_LDADD) $(LIBS) +tls13/post-handshake-with-cert-pkcs11.$(OBJEXT): \ + tls13/$(am__dirstamp) tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/post-handshake-with-cert-pkcs11$(EXEEXT): $(tls13_post_handshake_with_cert_pkcs11_OBJECTS) $(tls13_post_handshake_with_cert_pkcs11_DEPENDENCIES) $(EXTRA_tls13_post_handshake_with_cert_pkcs11_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/post-handshake-with-cert-pkcs11$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_post_handshake_with_cert_pkcs11_OBJECTS) $(tls13_post_handshake_with_cert_pkcs11_LDADD) $(LIBS) +tls13/post-handshake-with-cert-ticket.$(OBJEXT): \ + tls13/$(am__dirstamp) tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/post-handshake-with-cert-ticket$(EXEEXT): $(tls13_post_handshake_with_cert_ticket_OBJECTS) $(tls13_post_handshake_with_cert_ticket_DEPENDENCIES) $(EXTRA_tls13_post_handshake_with_cert_ticket_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/post-handshake-with-cert-ticket$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_post_handshake_with_cert_ticket_OBJECTS) $(tls13_post_handshake_with_cert_ticket_LDADD) $(LIBS) +tls13/post-handshake-with-psk.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/post-handshake-with-psk$(EXEEXT): $(tls13_post_handshake_with_psk_OBJECTS) $(tls13_post_handshake_with_psk_DEPENDENCIES) $(EXTRA_tls13_post_handshake_with_psk_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/post-handshake-with-psk$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_post_handshake_with_psk_OBJECTS) $(tls13_post_handshake_with_psk_LDADD) $(LIBS) +tls13/post-handshake-without-cert.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/post-handshake-without-cert$(EXEEXT): $(tls13_post_handshake_without_cert_OBJECTS) $(tls13_post_handshake_without_cert_DEPENDENCIES) $(EXTRA_tls13_post_handshake_without_cert_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/post-handshake-without-cert$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_post_handshake_without_cert_OBJECTS) $(tls13_post_handshake_without_cert_LDADD) $(LIBS) +tls13/prf.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/prf$(EXEEXT): $(tls13_prf_OBJECTS) $(tls13_prf_DEPENDENCIES) $(EXTRA_tls13_prf_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/prf$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_prf_OBJECTS) $(tls13_prf_LDADD) $(LIBS) +tls13/prf-early.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/prf-early$(EXEEXT): $(tls13_prf_early_OBJECTS) $(tls13_prf_early_DEPENDENCIES) $(EXTRA_tls13_prf_early_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/prf-early$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_prf_early_OBJECTS) $(tls13_prf_early_LDADD) $(LIBS) +tls13/psk-dumbfw.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/psk-dumbfw$(EXEEXT): $(tls13_psk_dumbfw_OBJECTS) $(tls13_psk_dumbfw_DEPENDENCIES) $(EXTRA_tls13_psk_dumbfw_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/psk-dumbfw$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_psk_dumbfw_OBJECTS) $(tls13_psk_dumbfw_LDADD) $(LIBS) +tls13/psk-ext.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/psk-ext$(EXEEXT): $(tls13_psk_ext_OBJECTS) $(tls13_psk_ext_DEPENDENCIES) $(EXTRA_tls13_psk_ext_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/psk-ext$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_psk_ext_OBJECTS) $(tls13_psk_ext_LDADD) $(LIBS) +tls13/psk-ke-modes.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/psk-ke-modes$(EXEEXT): $(tls13_psk_ke_modes_OBJECTS) $(tls13_psk_ke_modes_DEPENDENCIES) $(EXTRA_tls13_psk_ke_modes_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/psk-ke-modes$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_psk_ke_modes_OBJECTS) $(tls13_psk_ke_modes_LDADD) $(LIBS) +tls13/supported_versions.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/supported_versions$(EXEEXT): $(tls13_supported_versions_OBJECTS) $(tls13_supported_versions_DEPENDENCIES) $(EXTRA_tls13_supported_versions_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/supported_versions$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_supported_versions_OBJECTS) $(tls13_supported_versions_LDADD) $(LIBS) +tls13/tls12-no-tls13-exts.$(OBJEXT): tls13/$(am__dirstamp) \ + tls13/$(DEPDIR)/$(am__dirstamp) + +tls13/tls12-no-tls13-exts$(EXEEXT): $(tls13_tls12_no_tls13_exts_OBJECTS) $(tls13_tls12_no_tls13_exts_DEPENDENCIES) $(EXTRA_tls13_tls12_no_tls13_exts_DEPENDENCIES) tls13/$(am__dirstamp) + @rm -f tls13/tls12-no-tls13-exts$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tls13_tls12_no_tls13_exts_OBJECTS) $(tls13_tls12_no_tls13_exts_LDADD) $(LIBS) + +tlsext-decoding$(EXEEXT): $(tlsext_decoding_OBJECTS) $(tlsext_decoding_DEPENDENCIES) $(EXTRA_tlsext_decoding_DEPENDENCIES) + @rm -f tlsext-decoding$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tlsext_decoding_OBJECTS) $(tlsext_decoding_LDADD) $(LIBS) + +tlsfeature-crt$(EXEEXT): $(tlsfeature_crt_OBJECTS) $(tlsfeature_crt_DEPENDENCIES) $(EXTRA_tlsfeature_crt_DEPENDENCIES) + @rm -f tlsfeature-crt$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tlsfeature_crt_OBJECTS) $(tlsfeature_crt_LDADD) $(LIBS) + +tlsfeature-ext$(EXEEXT): $(tlsfeature_ext_OBJECTS) $(tlsfeature_ext_DEPENDENCIES) $(EXTRA_tlsfeature_ext_DEPENDENCIES) + @rm -f tlsfeature-ext$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tlsfeature_ext_OBJECTS) $(tlsfeature_ext_LDADD) $(LIBS) + +trust-store$(EXEEXT): $(trust_store_OBJECTS) $(trust_store_DEPENDENCIES) $(EXTRA_trust_store_DEPENDENCIES) + @rm -f trust-store$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(trust_store_OBJECTS) $(trust_store_LDADD) $(LIBS) + +trustdb-tofu$(EXEEXT): $(trustdb_tofu_OBJECTS) $(trustdb_tofu_DEPENDENCIES) $(EXTRA_trustdb_tofu_DEPENDENCIES) + @rm -f trustdb-tofu$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(trustdb_tofu_OBJECTS) $(trustdb_tofu_LDADD) $(LIBS) + +urls$(EXEEXT): $(urls_OBJECTS) $(urls_DEPENDENCIES) $(EXTRA_urls_DEPENDENCIES) + @rm -f urls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(urls_OBJECTS) $(urls_LDADD) $(LIBS) + +version-checks$(EXEEXT): $(version_checks_OBJECTS) $(version_checks_DEPENDENCIES) $(EXTRA_version_checks_DEPENDENCIES) + @rm -f version-checks$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(version_checks_OBJECTS) $(version_checks_LDADD) $(LIBS) + +win32-certopenstore$(EXEEXT): $(win32_certopenstore_OBJECTS) $(win32_certopenstore_DEPENDENCIES) $(EXTRA_win32_certopenstore_DEPENDENCIES) + @rm -f win32-certopenstore$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(win32_certopenstore_OBJECTS) $(win32_certopenstore_LDADD) $(LIBS) + +x509-cert-callback$(EXEEXT): $(x509_cert_callback_OBJECTS) $(x509_cert_callback_DEPENDENCIES) $(EXTRA_x509_cert_callback_DEPENDENCIES) + @rm -f x509-cert-callback$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509_cert_callback_OBJECTS) $(x509_cert_callback_LDADD) $(LIBS) + +x509-cert-callback-legacy$(EXEEXT): $(x509_cert_callback_legacy_OBJECTS) $(x509_cert_callback_legacy_DEPENDENCIES) $(EXTRA_x509_cert_callback_legacy_DEPENDENCIES) + @rm -f x509-cert-callback-legacy$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509_cert_callback_legacy_OBJECTS) $(x509_cert_callback_legacy_LDADD) $(LIBS) + +x509-cert-callback-ocsp$(EXEEXT): $(x509_cert_callback_ocsp_OBJECTS) $(x509_cert_callback_ocsp_DEPENDENCIES) $(EXTRA_x509_cert_callback_ocsp_DEPENDENCIES) + @rm -f x509-cert-callback-ocsp$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509_cert_callback_ocsp_OBJECTS) $(x509_cert_callback_ocsp_LDADD) $(LIBS) + +x509-dn$(EXEEXT): $(x509_dn_OBJECTS) $(x509_dn_DEPENDENCIES) $(EXTRA_x509_dn_DEPENDENCIES) + @rm -f x509-dn$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509_dn_OBJECTS) $(x509_dn_LDADD) $(LIBS) + +x509-dn-decode$(EXEEXT): $(x509_dn_decode_OBJECTS) $(x509_dn_decode_DEPENDENCIES) $(EXTRA_x509_dn_decode_DEPENDENCIES) + @rm -f x509-dn-decode$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509_dn_decode_OBJECTS) $(x509_dn_decode_LDADD) $(LIBS) + +x509-dn-decode-compat$(EXEEXT): $(x509_dn_decode_compat_OBJECTS) $(x509_dn_decode_compat_DEPENDENCIES) $(EXTRA_x509_dn_decode_compat_DEPENDENCIES) + @rm -f x509-dn-decode-compat$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509_dn_decode_compat_OBJECTS) $(x509_dn_decode_compat_LDADD) $(LIBS) + +x509-extensions$(EXEEXT): $(x509_extensions_OBJECTS) $(x509_extensions_DEPENDENCIES) $(EXTRA_x509_extensions_DEPENDENCIES) + @rm -f x509-extensions$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509_extensions_OBJECTS) $(x509_extensions_LDADD) $(LIBS) + +x509-server-verify$(EXEEXT): $(x509_server_verify_OBJECTS) $(x509_server_verify_DEPENDENCIES) $(EXTRA_x509_server_verify_DEPENDENCIES) + @rm -f x509-server-verify$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509_server_verify_OBJECTS) $(x509_server_verify_LDADD) $(LIBS) + +x509-upnconstraint$(EXEEXT): $(x509_upnconstraint_OBJECTS) $(x509_upnconstraint_DEPENDENCIES) $(EXTRA_x509_upnconstraint_DEPENDENCIES) + @rm -f x509-upnconstraint$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509_upnconstraint_OBJECTS) $(x509_upnconstraint_LDADD) $(LIBS) + +x509-verify-with-crl$(EXEEXT): $(x509_verify_with_crl_OBJECTS) $(x509_verify_with_crl_DEPENDENCIES) $(EXTRA_x509_verify_with_crl_DEPENDENCIES) + @rm -f x509-verify-with-crl$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509_verify_with_crl_OBJECTS) $(x509_verify_with_crl_LDADD) $(LIBS) + +x509_altname$(EXEEXT): $(x509_altname_OBJECTS) $(x509_altname_DEPENDENCIES) $(EXTRA_x509_altname_DEPENDENCIES) + @rm -f x509_altname$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509_altname_OBJECTS) $(x509_altname_LDADD) $(LIBS) + +x509cert$(EXEEXT): $(x509cert_OBJECTS) $(x509cert_DEPENDENCIES) $(EXTRA_x509cert_DEPENDENCIES) + @rm -f x509cert$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509cert_OBJECTS) $(x509cert_LDADD) $(LIBS) + +x509cert-ct$(EXEEXT): $(x509cert_ct_OBJECTS) $(x509cert_ct_DEPENDENCIES) $(EXTRA_x509cert_ct_DEPENDENCIES) + @rm -f x509cert-ct$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509cert_ct_OBJECTS) $(x509cert_ct_LDADD) $(LIBS) + +x509cert-dntypes$(EXEEXT): $(x509cert_dntypes_OBJECTS) $(x509cert_dntypes_DEPENDENCIES) $(EXTRA_x509cert_dntypes_DEPENDENCIES) + @rm -f x509cert-dntypes$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509cert_dntypes_OBJECTS) $(x509cert_dntypes_LDADD) $(LIBS) + +x509cert-invalid$(EXEEXT): $(x509cert_invalid_OBJECTS) $(x509cert_invalid_DEPENDENCIES) $(EXTRA_x509cert_invalid_DEPENDENCIES) + @rm -f x509cert-invalid$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509cert_invalid_OBJECTS) $(x509cert_invalid_LDADD) $(LIBS) + +x509cert-tl$(EXEEXT): $(x509cert_tl_OBJECTS) $(x509cert_tl_DEPENDENCIES) $(EXTRA_x509cert_tl_DEPENDENCIES) + @rm -f x509cert-tl$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509cert_tl_OBJECTS) $(x509cert_tl_LDADD) $(LIBS) + +x509dn$(EXEEXT): $(x509dn_OBJECTS) $(x509dn_DEPENDENCIES) $(EXTRA_x509dn_DEPENDENCIES) + @rm -f x509dn$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509dn_OBJECTS) $(x509dn_LDADD) $(LIBS) + +x509self$(EXEEXT): $(x509self_OBJECTS) $(x509self_DEPENDENCIES) $(EXTRA_x509self_DEPENDENCIES) + @rm -f x509self$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509self_OBJECTS) $(x509self_LDADD) $(LIBS) + +x509sign-verify$(EXEEXT): $(x509sign_verify_OBJECTS) $(x509sign_verify_DEPENDENCIES) $(EXTRA_x509sign_verify_DEPENDENCIES) + @rm -f x509sign-verify$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509sign_verify_OBJECTS) $(x509sign_verify_LDADD) $(LIBS) + +x509sign-verify-ecdsa$(EXEEXT): $(x509sign_verify_ecdsa_OBJECTS) $(x509sign_verify_ecdsa_DEPENDENCIES) $(EXTRA_x509sign_verify_ecdsa_DEPENDENCIES) + @rm -f x509sign-verify-ecdsa$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509sign_verify_ecdsa_OBJECTS) $(x509sign_verify_ecdsa_LDADD) $(LIBS) + +x509sign-verify-error$(EXEEXT): $(x509sign_verify_error_OBJECTS) $(x509sign_verify_error_DEPENDENCIES) $(EXTRA_x509sign_verify_error_DEPENDENCIES) + @rm -f x509sign-verify-error$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509sign_verify_error_OBJECTS) $(x509sign_verify_error_LDADD) $(LIBS) + +x509sign-verify-gost$(EXEEXT): $(x509sign_verify_gost_OBJECTS) $(x509sign_verify_gost_DEPENDENCIES) $(EXTRA_x509sign_verify_gost_DEPENDENCIES) + @rm -f x509sign-verify-gost$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509sign_verify_gost_OBJECTS) $(x509sign_verify_gost_LDADD) $(LIBS) + +x509sign-verify-rsa$(EXEEXT): $(x509sign_verify_rsa_OBJECTS) $(x509sign_verify_rsa_DEPENDENCIES) $(EXTRA_x509sign_verify_rsa_DEPENDENCIES) + @rm -f x509sign-verify-rsa$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(x509sign_verify_rsa_OBJECTS) $(x509sign_verify_rsa_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + -rm -f dtls/*.$(OBJEXT) + -rm -f pkcs11/*.$(OBJEXT) + -rm -f pkcs11/*.lo + -rm -f safe-renegotiation/*.$(OBJEXT) + -rm -f tls13/*.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aead-cipher-vec.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alerts.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alpn-server-prec.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/anonself.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atfork-atfork.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auto-verify.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64-raw.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/buffer-buffer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert-status.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_verify_inv_utf8.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certificate_set_x509_crl.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certuniqueid.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chainverify-unsorted.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chainverify.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher-padding.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher_alignment-cipher-alignment.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ciphersuite-name.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client-fastopen.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client-sign-md5-rep.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/client_dsa_key.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common-cert-key-exchange.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/conv-utf8.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl-basic.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl_apis.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crlverify.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crq-basic.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crq_apis.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crq_key_id.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crt_apis.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crt_inv_write.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/custom-urls-override.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/custom-urls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cve-2008-4989.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cve-2009-1415.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cve-2009-1416.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dane-strcodes.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dane.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/datefudge-check.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dh-compute.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dh-params.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhepskself.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhex509self.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dn.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dn2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dss-sig-val.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-client-with-seccomp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-etm.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-handshake-versions.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-max-record.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-pthread.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-rehandshake-anon.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-rehandshake-cert-2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-rehandshake-cert-3.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-rehandshake-cert.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-repro-20170915.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-session-ticket-lost.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-sliding-window.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls-with-seccomp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls1-2-mtu-check.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls10-cert-key-exchange.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dtls12-cert-key-exchange.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/duplicate-extensions.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eagain-auto-auth.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eagain.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecdh-compute.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/empty_retrieve_function.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fallback-scsv.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips-mode-pthread.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips-override-test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips-rsa-sizes.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips-test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/global-init-override.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/global-init.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls-ids.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls-strcodes.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_ext_raw_parse.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_ext_raw_parse_dtls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_hmac_fast.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_ktls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_ocsp_resp_list_import2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_record_overhead-gnutls_record_overhead.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_session_set_id.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_x509_crq_sign.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_x509_crt_list_import.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_x509_crt_sign.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_x509_privkey_import.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/handshake-false-start.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/handshake-large-cert.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/handshake-large-packet.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/handshake-timeout.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/handshake-versions.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/handshake-write.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hex.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hostname-check-utf8.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hostname-check.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id-on-xmppAddr.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/infoaccess.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init_roundtrip.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/insecure_key.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iov-iov.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ip-check.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ip_utils-ip-utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kdf-api.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/key-export-pkcs8.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/key-import-export.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/key-material-dtls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/key-material-set-dtls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/key-openssl.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/key-usage-ecdhe-rsa.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/key-usage-rsa.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keylog-env.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keylog-func.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/long-session-id.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-alpn.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-chain-unsorted.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-dtls-discard.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-dtls-fork.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-dtls-heartbeat.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-dtls-hello-verify-48.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-dtls-hello-verify.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-dtls-large.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-dtls-lowmtu.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-dtls-mtu.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-dtls-record-asym.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-dtls-record.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-dtls-srtp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-dtls0-9.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-eagain-dtls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-emsgsize-dtls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-global-load.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-key-material.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-loss-time.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-overhead.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-record-2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-record-failure.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-record-range.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-record.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-server-name.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-session-verify-function.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-termination.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-tls-nonblock.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-x509-2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-x509-callbacks-intr.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-x509-callbacks.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-x509-cas.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-x509-ipaddr.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-x509.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/missingissuer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/missingissuer_aia.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mpi-mpi.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multi-alerts.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/naked-alerts.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/name-constraints-ip.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/name-constraints.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/name_constraints_merge-name-constraints-merge.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/no-extensions.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/no-signal.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nul-in-x509-names.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/null_retrieve_function.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp-filename-memleak.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/oids.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openconnect-dtls12.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse_ca.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pcert-list.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs1-digest-info.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs12_encode.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs12_s2k-pkcs12_s2k.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs12_s2k_pem.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs12_simple.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7-cat-parse.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7-gen.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7-verify-double-free.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs8-key-decode-encrypted.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs8-key-decode.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/post-client-hello-change-prio.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/priorities-groups.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/priorities.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/priority-init2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/priority-mix.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/priority-set.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/priority-set2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-keygen.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey-verify-broken.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protocol-set-allowlist.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/psk-file.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pskself.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pskself2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey-import-export.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random-art.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rawpk-api.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/record-pad.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/record-retvals.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/record-sendfile.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/record-sizes-range.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/record-sizes.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/record-timeouts.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/recv-data-before-handshake.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rehandshake-ext-secret.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rehandshake-switch-cert-allow.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rehandshake-switch-cert-client-allow.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rehandshake-switch-cert-client.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rehandshake-switch-cert.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rehandshake-switch-psk-id.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rehandshake-switch-srp-id.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resume-dtls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resume-lifetime.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resume-with-false-start.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resume-with-previous-stek.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resume-with-record-size-limit.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resume-with-stek-expiration.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc7633-missing.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc7633-ok.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rng-fork.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rng-no-onload.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rng-op-key.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rng-op-nonce.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rng-op-random.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rng-pthread.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rng-sigint.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa-encrypt-decrypt.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa-psk-cb.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa-psk.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa-rsa-pss.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rsa_illegal_import-rsa-illegal-import.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sanity_cpp-sanity-cpp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sec-params.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/seccomp.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send-client-cert.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send-data-before-handshake.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server-sign-md5-rep.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/server_ecdsa_key.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/session-export-funcs.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/session-rdn-read.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/session-tickets-missing.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/session-tickets-ok.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set-default-prio.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_key.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_key_utf8.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_known_dh_params_anon.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_known_dh_params_psk.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_known_dh_params_x509.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_pkcs12_cred.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_key.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_key_file-late.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_key_file.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_key_file_der.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_key_file_legacy.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_key_file_ocsp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_key_file_ocsp_multi2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_key_mem.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_key_utf8.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_ocsp_multi_cli.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_ocsp_multi_invalid.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_ocsp_multi_pem.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_ocsp_multi_unknown.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/set_x509_pkcs12_key.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/setcredcrash.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign-is-secure.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign-pk-api.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign-verify-data-newapi.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign-verify-data.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign-verify-deterministic.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign-verify-ed25519-rfc8080.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign-verify-ext.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign-verify-ext4.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign-verify-newapi.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign-verify.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/simple.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/spki-abstract.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/spki.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/srpbase64.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl2-hello.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl30-cert-key-exchange.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl30-cipher-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ssl30-server-kx-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/status-request-ext.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/status-request-ok.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/status-request-revoked.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/status-request.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/str-idna.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/str-unicode.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strict-der.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/system-override-curves-allowlist.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/system-override-hash.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/system-override-sig-tls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/system-override-sig.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/system-prio-file.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/time.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-channel-binding.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-client-with-seccomp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-crt_type-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-etm.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-ext-not-in-dtls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-ext-register.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-force-etm.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-neg-ext-key.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-neg-ext4-key.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-pthread.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-record-size-limit-asym.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-record-size-limit.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-session-ext-override.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-session-ext-register.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-session-supplemental.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-supplemental.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls-with-seccomp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls10-cert-key-exchange.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls10-cipher-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls10-prf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls10-server-kx-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls11-cert-key-exchange.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls11-cipher-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls11-server-kx-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-anon-upgrade.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-cert-key-exchange.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-cipher-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-ffdhe.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-invalid-key-exchanges.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-max-record.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-prf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-rehandshake-cert-2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-rehandshake-cert-3.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-rehandshake-cert-auto.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-rehandshake-cert.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-rehandshake-set-prio.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12-server-kx-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12_resume_anon-resume.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12_resume_psk-resume.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls12_resume_x509-resume.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13-cert-key-exchange.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13-cipher-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13-compat-mode.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13-early-data-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13-early-data-neg2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13-early-data.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13-early-start.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13-rehandshake-cert.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13-server-kx-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13-without-timeout-func.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_resume_psk-resume.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tls13_resume_x509-resume.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tlsext-decoding.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tlsfeature-crt.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tlsfeature-ext.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trust-store.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trustdb-tofu.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/urls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils-adv.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/version-checks.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/win-certopenstore.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509-cert-callback-legacy.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509-cert-callback-ocsp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509-cert-callback.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509-dn-decode-compat.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509-dn-decode.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509-dn.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509-extensions.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509-server-verify.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509-upnconstraint.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509-verify-with-crl.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_altname.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509cert-ct.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509cert-dntypes.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509cert-invalid.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509cert-tl.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509cert.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509dn.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509self.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509sign-verify-ecdsa.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509sign-verify-error.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509sign-verify-gost.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509sign-verify-rsa.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509sign-verify.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@dtls/$(DEPDIR)/dtls-stress.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/gnutls_pcert_list_import_x509_file.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/gnutls_x509_crt_list_import_url.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/import_url_privkey_caps-pkcs11-import-url-privkey.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/list-objects.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/list-tokens.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-cert-import-url-exts.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-cert-import-url4-exts.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-chainverify.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-combo.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-ec-privkey-test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-eddsa-privkey-test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-get-exts.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-get-issuer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-get-raw-issuer-exts.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-import-url-privkey.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-import-with-pin.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-is-known.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-mechanisms.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-mock.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-mock2.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-obj-import.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-obj-raw.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-pin-func.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-privkey-always-auth.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-privkey-export.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-privkey-fork-reinit.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-privkey-fork.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-privkey-generate.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-privkey-pthread.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-privkey-safenet-always-auth.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-privkey.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-pubkey-import-ecdsa.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-pubkey-import-rsa.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-rsa-pss-privkey-test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/pkcs11-token-raw.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/tls-neg-pkcs11-key.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@pkcs11/$(DEPDIR)/tls-neg-pkcs11-no-key.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@safe-renegotiation/$(DEPDIR)/srn0.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@safe-renegotiation/$(DEPDIR)/srn1.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@safe-renegotiation/$(DEPDIR)/srn2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@safe-renegotiation/$(DEPDIR)/srn3.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@safe-renegotiation/$(DEPDIR)/srn4.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@safe-renegotiation/$(DEPDIR)/srn5.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/anti_replay-anti_replay.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/change_cipher_spec.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/compress-cert-cli.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/compress-cert-neg.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/compress-cert-neg2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/compress-cert.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/cookie.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/hello_retry_request.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/hello_retry_request_resume.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/key_limits.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/key_share.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/key_update.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/key_update_multiple.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/multi-ocsp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/no-auto-send-ticket.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/no-psk-exts.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/ocsp-client.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/post-handshake-with-cert-auto.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/post-handshake-with-cert-pkcs11.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/post-handshake-with-cert-ticket.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/post-handshake-with-cert.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/post-handshake-with-psk.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/post-handshake-without-cert.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/prf-early.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/prf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/psk-dumbfw.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/psk-ext.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/psk-ke-modes.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/supported_versions.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/tls11_check_rollback_val-rnd-check-rollback-val.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/tls11_rollback_detection-rnd-rollback-detection.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/tls12-no-tls13-exts.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/tls12_check_rollback_val-rnd-check-rollback-val.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tls13/$(DEPDIR)/tls12_rollback_detection-rnd-rollback-detection.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +atfork-atfork.o: atfork.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atfork_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atfork-atfork.o -MD -MP -MF $(DEPDIR)/atfork-atfork.Tpo -c -o atfork-atfork.o `test -f 'atfork.c' || echo '$(srcdir)/'`atfork.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/atfork-atfork.Tpo $(DEPDIR)/atfork-atfork.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='atfork.c' object='atfork-atfork.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atfork_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atfork-atfork.o `test -f 'atfork.c' || echo '$(srcdir)/'`atfork.c + +atfork-atfork.obj: atfork.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atfork_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT atfork-atfork.obj -MD -MP -MF $(DEPDIR)/atfork-atfork.Tpo -c -o atfork-atfork.obj `if test -f 'atfork.c'; then $(CYGPATH_W) 'atfork.c'; else $(CYGPATH_W) '$(srcdir)/atfork.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/atfork-atfork.Tpo $(DEPDIR)/atfork-atfork.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='atfork.c' object='atfork-atfork.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(atfork_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o atfork-atfork.obj `if test -f 'atfork.c'; then $(CYGPATH_W) 'atfork.c'; else $(CYGPATH_W) '$(srcdir)/atfork.c'; fi` + +buffer-buffer.o: buffer.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(buffer_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT buffer-buffer.o -MD -MP -MF $(DEPDIR)/buffer-buffer.Tpo -c -o buffer-buffer.o `test -f 'buffer.c' || echo '$(srcdir)/'`buffer.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/buffer-buffer.Tpo $(DEPDIR)/buffer-buffer.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='buffer.c' object='buffer-buffer.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(buffer_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o buffer-buffer.o `test -f 'buffer.c' || echo '$(srcdir)/'`buffer.c + +buffer-buffer.obj: buffer.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(buffer_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT buffer-buffer.obj -MD -MP -MF $(DEPDIR)/buffer-buffer.Tpo -c -o buffer-buffer.obj `if test -f 'buffer.c'; then $(CYGPATH_W) 'buffer.c'; else $(CYGPATH_W) '$(srcdir)/buffer.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/buffer-buffer.Tpo $(DEPDIR)/buffer-buffer.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='buffer.c' object='buffer-buffer.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(buffer_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o buffer-buffer.obj `if test -f 'buffer.c'; then $(CYGPATH_W) 'buffer.c'; else $(CYGPATH_W) '$(srcdir)/buffer.c'; fi` + +cipher_alignment-cipher-alignment.o: cipher-alignment.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(cipher_alignment_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cipher_alignment-cipher-alignment.o -MD -MP -MF $(DEPDIR)/cipher_alignment-cipher-alignment.Tpo -c -o cipher_alignment-cipher-alignment.o `test -f 'cipher-alignment.c' || echo '$(srcdir)/'`cipher-alignment.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cipher_alignment-cipher-alignment.Tpo $(DEPDIR)/cipher_alignment-cipher-alignment.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cipher-alignment.c' object='cipher_alignment-cipher-alignment.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(cipher_alignment_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cipher_alignment-cipher-alignment.o `test -f 'cipher-alignment.c' || echo '$(srcdir)/'`cipher-alignment.c + +cipher_alignment-cipher-alignment.obj: cipher-alignment.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(cipher_alignment_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cipher_alignment-cipher-alignment.obj -MD -MP -MF $(DEPDIR)/cipher_alignment-cipher-alignment.Tpo -c -o cipher_alignment-cipher-alignment.obj `if test -f 'cipher-alignment.c'; then $(CYGPATH_W) 'cipher-alignment.c'; else $(CYGPATH_W) '$(srcdir)/cipher-alignment.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cipher_alignment-cipher-alignment.Tpo $(DEPDIR)/cipher_alignment-cipher-alignment.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cipher-alignment.c' object='cipher_alignment-cipher-alignment.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(cipher_alignment_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cipher_alignment-cipher-alignment.obj `if test -f 'cipher-alignment.c'; then $(CYGPATH_W) 'cipher-alignment.c'; else $(CYGPATH_W) '$(srcdir)/cipher-alignment.c'; fi` + +gnutls_record_overhead-gnutls_record_overhead.o: gnutls_record_overhead.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gnutls_record_overhead_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gnutls_record_overhead-gnutls_record_overhead.o -MD -MP -MF $(DEPDIR)/gnutls_record_overhead-gnutls_record_overhead.Tpo -c -o gnutls_record_overhead-gnutls_record_overhead.o `test -f 'gnutls_record_overhead.c' || echo '$(srcdir)/'`gnutls_record_overhead.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gnutls_record_overhead-gnutls_record_overhead.Tpo $(DEPDIR)/gnutls_record_overhead-gnutls_record_overhead.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gnutls_record_overhead.c' object='gnutls_record_overhead-gnutls_record_overhead.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gnutls_record_overhead_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gnutls_record_overhead-gnutls_record_overhead.o `test -f 'gnutls_record_overhead.c' || echo '$(srcdir)/'`gnutls_record_overhead.c + +gnutls_record_overhead-gnutls_record_overhead.obj: gnutls_record_overhead.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gnutls_record_overhead_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gnutls_record_overhead-gnutls_record_overhead.obj -MD -MP -MF $(DEPDIR)/gnutls_record_overhead-gnutls_record_overhead.Tpo -c -o gnutls_record_overhead-gnutls_record_overhead.obj `if test -f 'gnutls_record_overhead.c'; then $(CYGPATH_W) 'gnutls_record_overhead.c'; else $(CYGPATH_W) '$(srcdir)/gnutls_record_overhead.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gnutls_record_overhead-gnutls_record_overhead.Tpo $(DEPDIR)/gnutls_record_overhead-gnutls_record_overhead.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gnutls_record_overhead.c' object='gnutls_record_overhead-gnutls_record_overhead.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(gnutls_record_overhead_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gnutls_record_overhead-gnutls_record_overhead.obj `if test -f 'gnutls_record_overhead.c'; then $(CYGPATH_W) 'gnutls_record_overhead.c'; else $(CYGPATH_W) '$(srcdir)/gnutls_record_overhead.c'; fi` + +iov-iov.o: iov.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(iov_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT iov-iov.o -MD -MP -MF $(DEPDIR)/iov-iov.Tpo -c -o iov-iov.o `test -f 'iov.c' || echo '$(srcdir)/'`iov.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/iov-iov.Tpo $(DEPDIR)/iov-iov.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='iov.c' object='iov-iov.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(iov_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o iov-iov.o `test -f 'iov.c' || echo '$(srcdir)/'`iov.c + +iov-iov.obj: iov.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(iov_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT iov-iov.obj -MD -MP -MF $(DEPDIR)/iov-iov.Tpo -c -o iov-iov.obj `if test -f 'iov.c'; then $(CYGPATH_W) 'iov.c'; else $(CYGPATH_W) '$(srcdir)/iov.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/iov-iov.Tpo $(DEPDIR)/iov-iov.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='iov.c' object='iov-iov.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(iov_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o iov-iov.obj `if test -f 'iov.c'; then $(CYGPATH_W) 'iov.c'; else $(CYGPATH_W) '$(srcdir)/iov.c'; fi` + +ip_utils-ip-utils.o: ip-utils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ip_utils_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ip_utils-ip-utils.o -MD -MP -MF $(DEPDIR)/ip_utils-ip-utils.Tpo -c -o ip_utils-ip-utils.o `test -f 'ip-utils.c' || echo '$(srcdir)/'`ip-utils.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ip_utils-ip-utils.Tpo $(DEPDIR)/ip_utils-ip-utils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ip-utils.c' object='ip_utils-ip-utils.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ip_utils_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ip_utils-ip-utils.o `test -f 'ip-utils.c' || echo '$(srcdir)/'`ip-utils.c + +ip_utils-ip-utils.obj: ip-utils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ip_utils_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ip_utils-ip-utils.obj -MD -MP -MF $(DEPDIR)/ip_utils-ip-utils.Tpo -c -o ip_utils-ip-utils.obj `if test -f 'ip-utils.c'; then $(CYGPATH_W) 'ip-utils.c'; else $(CYGPATH_W) '$(srcdir)/ip-utils.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ip_utils-ip-utils.Tpo $(DEPDIR)/ip_utils-ip-utils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ip-utils.c' object='ip_utils-ip-utils.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ip_utils_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ip_utils-ip-utils.obj `if test -f 'ip-utils.c'; then $(CYGPATH_W) 'ip-utils.c'; else $(CYGPATH_W) '$(srcdir)/ip-utils.c'; fi` + +mpi-mpi.o: mpi.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mpi_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mpi-mpi.o -MD -MP -MF $(DEPDIR)/mpi-mpi.Tpo -c -o mpi-mpi.o `test -f 'mpi.c' || echo '$(srcdir)/'`mpi.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mpi-mpi.Tpo $(DEPDIR)/mpi-mpi.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mpi.c' object='mpi-mpi.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mpi_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mpi-mpi.o `test -f 'mpi.c' || echo '$(srcdir)/'`mpi.c + +mpi-mpi.obj: mpi.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mpi_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mpi-mpi.obj -MD -MP -MF $(DEPDIR)/mpi-mpi.Tpo -c -o mpi-mpi.obj `if test -f 'mpi.c'; then $(CYGPATH_W) 'mpi.c'; else $(CYGPATH_W) '$(srcdir)/mpi.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/mpi-mpi.Tpo $(DEPDIR)/mpi-mpi.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mpi.c' object='mpi-mpi.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mpi_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mpi-mpi.obj `if test -f 'mpi.c'; then $(CYGPATH_W) 'mpi.c'; else $(CYGPATH_W) '$(srcdir)/mpi.c'; fi` + +name_constraints_merge-name-constraints-merge.o: name-constraints-merge.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(name_constraints_merge_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT name_constraints_merge-name-constraints-merge.o -MD -MP -MF $(DEPDIR)/name_constraints_merge-name-constraints-merge.Tpo -c -o name_constraints_merge-name-constraints-merge.o `test -f 'name-constraints-merge.c' || echo '$(srcdir)/'`name-constraints-merge.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/name_constraints_merge-name-constraints-merge.Tpo $(DEPDIR)/name_constraints_merge-name-constraints-merge.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='name-constraints-merge.c' object='name_constraints_merge-name-constraints-merge.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(name_constraints_merge_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o name_constraints_merge-name-constraints-merge.o `test -f 'name-constraints-merge.c' || echo '$(srcdir)/'`name-constraints-merge.c + +name_constraints_merge-name-constraints-merge.obj: name-constraints-merge.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(name_constraints_merge_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT name_constraints_merge-name-constraints-merge.obj -MD -MP -MF $(DEPDIR)/name_constraints_merge-name-constraints-merge.Tpo -c -o name_constraints_merge-name-constraints-merge.obj `if test -f 'name-constraints-merge.c'; then $(CYGPATH_W) 'name-constraints-merge.c'; else $(CYGPATH_W) '$(srcdir)/name-constraints-merge.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/name_constraints_merge-name-constraints-merge.Tpo $(DEPDIR)/name_constraints_merge-name-constraints-merge.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='name-constraints-merge.c' object='name_constraints_merge-name-constraints-merge.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(name_constraints_merge_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o name_constraints_merge-name-constraints-merge.obj `if test -f 'name-constraints-merge.c'; then $(CYGPATH_W) 'name-constraints-merge.c'; else $(CYGPATH_W) '$(srcdir)/name-constraints-merge.c'; fi` + +pkcs11/import_url_privkey_caps-pkcs11-import-url-privkey.o: pkcs11/pkcs11-import-url-privkey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkcs11_import_url_privkey_caps_CFLAGS) $(CFLAGS) -MT pkcs11/import_url_privkey_caps-pkcs11-import-url-privkey.o -MD -MP -MF pkcs11/$(DEPDIR)/import_url_privkey_caps-pkcs11-import-url-privkey.Tpo -c -o pkcs11/import_url_privkey_caps-pkcs11-import-url-privkey.o `test -f 'pkcs11/pkcs11-import-url-privkey.c' || echo '$(srcdir)/'`pkcs11/pkcs11-import-url-privkey.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pkcs11/$(DEPDIR)/import_url_privkey_caps-pkcs11-import-url-privkey.Tpo pkcs11/$(DEPDIR)/import_url_privkey_caps-pkcs11-import-url-privkey.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkcs11/pkcs11-import-url-privkey.c' object='pkcs11/import_url_privkey_caps-pkcs11-import-url-privkey.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkcs11_import_url_privkey_caps_CFLAGS) $(CFLAGS) -c -o pkcs11/import_url_privkey_caps-pkcs11-import-url-privkey.o `test -f 'pkcs11/pkcs11-import-url-privkey.c' || echo '$(srcdir)/'`pkcs11/pkcs11-import-url-privkey.c + +pkcs11/import_url_privkey_caps-pkcs11-import-url-privkey.obj: pkcs11/pkcs11-import-url-privkey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkcs11_import_url_privkey_caps_CFLAGS) $(CFLAGS) -MT pkcs11/import_url_privkey_caps-pkcs11-import-url-privkey.obj -MD -MP -MF pkcs11/$(DEPDIR)/import_url_privkey_caps-pkcs11-import-url-privkey.Tpo -c -o pkcs11/import_url_privkey_caps-pkcs11-import-url-privkey.obj `if test -f 'pkcs11/pkcs11-import-url-privkey.c'; then $(CYGPATH_W) 'pkcs11/pkcs11-import-url-privkey.c'; else $(CYGPATH_W) '$(srcdir)/pkcs11/pkcs11-import-url-privkey.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) pkcs11/$(DEPDIR)/import_url_privkey_caps-pkcs11-import-url-privkey.Tpo pkcs11/$(DEPDIR)/import_url_privkey_caps-pkcs11-import-url-privkey.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkcs11/pkcs11-import-url-privkey.c' object='pkcs11/import_url_privkey_caps-pkcs11-import-url-privkey.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkcs11_import_url_privkey_caps_CFLAGS) $(CFLAGS) -c -o pkcs11/import_url_privkey_caps-pkcs11-import-url-privkey.obj `if test -f 'pkcs11/pkcs11-import-url-privkey.c'; then $(CYGPATH_W) 'pkcs11/pkcs11-import-url-privkey.c'; else $(CYGPATH_W) '$(srcdir)/pkcs11/pkcs11-import-url-privkey.c'; fi` + +pkcs12_s2k-pkcs12_s2k.o: pkcs12_s2k.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(pkcs12_s2k_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs12_s2k-pkcs12_s2k.o -MD -MP -MF $(DEPDIR)/pkcs12_s2k-pkcs12_s2k.Tpo -c -o pkcs12_s2k-pkcs12_s2k.o `test -f 'pkcs12_s2k.c' || echo '$(srcdir)/'`pkcs12_s2k.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkcs12_s2k-pkcs12_s2k.Tpo $(DEPDIR)/pkcs12_s2k-pkcs12_s2k.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkcs12_s2k.c' object='pkcs12_s2k-pkcs12_s2k.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(pkcs12_s2k_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs12_s2k-pkcs12_s2k.o `test -f 'pkcs12_s2k.c' || echo '$(srcdir)/'`pkcs12_s2k.c + +pkcs12_s2k-pkcs12_s2k.obj: pkcs12_s2k.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(pkcs12_s2k_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs12_s2k-pkcs12_s2k.obj -MD -MP -MF $(DEPDIR)/pkcs12_s2k-pkcs12_s2k.Tpo -c -o pkcs12_s2k-pkcs12_s2k.obj `if test -f 'pkcs12_s2k.c'; then $(CYGPATH_W) 'pkcs12_s2k.c'; else $(CYGPATH_W) '$(srcdir)/pkcs12_s2k.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkcs12_s2k-pkcs12_s2k.Tpo $(DEPDIR)/pkcs12_s2k-pkcs12_s2k.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkcs12_s2k.c' object='pkcs12_s2k-pkcs12_s2k.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(pkcs12_s2k_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs12_s2k-pkcs12_s2k.obj `if test -f 'pkcs12_s2k.c'; then $(CYGPATH_W) 'pkcs12_s2k.c'; else $(CYGPATH_W) '$(srcdir)/pkcs12_s2k.c'; fi` + +rsa_illegal_import-rsa-illegal-import.o: rsa-illegal-import.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rsa_illegal_import_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rsa_illegal_import-rsa-illegal-import.o -MD -MP -MF $(DEPDIR)/rsa_illegal_import-rsa-illegal-import.Tpo -c -o rsa_illegal_import-rsa-illegal-import.o `test -f 'rsa-illegal-import.c' || echo '$(srcdir)/'`rsa-illegal-import.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/rsa_illegal_import-rsa-illegal-import.Tpo $(DEPDIR)/rsa_illegal_import-rsa-illegal-import.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='rsa-illegal-import.c' object='rsa_illegal_import-rsa-illegal-import.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rsa_illegal_import_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rsa_illegal_import-rsa-illegal-import.o `test -f 'rsa-illegal-import.c' || echo '$(srcdir)/'`rsa-illegal-import.c + +rsa_illegal_import-rsa-illegal-import.obj: rsa-illegal-import.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rsa_illegal_import_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rsa_illegal_import-rsa-illegal-import.obj -MD -MP -MF $(DEPDIR)/rsa_illegal_import-rsa-illegal-import.Tpo -c -o rsa_illegal_import-rsa-illegal-import.obj `if test -f 'rsa-illegal-import.c'; then $(CYGPATH_W) 'rsa-illegal-import.c'; else $(CYGPATH_W) '$(srcdir)/rsa-illegal-import.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/rsa_illegal_import-rsa-illegal-import.Tpo $(DEPDIR)/rsa_illegal_import-rsa-illegal-import.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='rsa-illegal-import.c' object='rsa_illegal_import-rsa-illegal-import.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rsa_illegal_import_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rsa_illegal_import-rsa-illegal-import.obj `if test -f 'rsa-illegal-import.c'; then $(CYGPATH_W) 'rsa-illegal-import.c'; else $(CYGPATH_W) '$(srcdir)/rsa-illegal-import.c'; fi` + +tls13/tls11_check_rollback_val-rnd-check-rollback-val.o: tls13/rnd-check-rollback-val.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls11_check_rollback_val_CFLAGS) $(CFLAGS) -MT tls13/tls11_check_rollback_val-rnd-check-rollback-val.o -MD -MP -MF tls13/$(DEPDIR)/tls11_check_rollback_val-rnd-check-rollback-val.Tpo -c -o tls13/tls11_check_rollback_val-rnd-check-rollback-val.o `test -f 'tls13/rnd-check-rollback-val.c' || echo '$(srcdir)/'`tls13/rnd-check-rollback-val.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tls13/$(DEPDIR)/tls11_check_rollback_val-rnd-check-rollback-val.Tpo tls13/$(DEPDIR)/tls11_check_rollback_val-rnd-check-rollback-val.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tls13/rnd-check-rollback-val.c' object='tls13/tls11_check_rollback_val-rnd-check-rollback-val.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls11_check_rollback_val_CFLAGS) $(CFLAGS) -c -o tls13/tls11_check_rollback_val-rnd-check-rollback-val.o `test -f 'tls13/rnd-check-rollback-val.c' || echo '$(srcdir)/'`tls13/rnd-check-rollback-val.c + +tls13/tls11_check_rollback_val-rnd-check-rollback-val.obj: tls13/rnd-check-rollback-val.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls11_check_rollback_val_CFLAGS) $(CFLAGS) -MT tls13/tls11_check_rollback_val-rnd-check-rollback-val.obj -MD -MP -MF tls13/$(DEPDIR)/tls11_check_rollback_val-rnd-check-rollback-val.Tpo -c -o tls13/tls11_check_rollback_val-rnd-check-rollback-val.obj `if test -f 'tls13/rnd-check-rollback-val.c'; then $(CYGPATH_W) 'tls13/rnd-check-rollback-val.c'; else $(CYGPATH_W) '$(srcdir)/tls13/rnd-check-rollback-val.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tls13/$(DEPDIR)/tls11_check_rollback_val-rnd-check-rollback-val.Tpo tls13/$(DEPDIR)/tls11_check_rollback_val-rnd-check-rollback-val.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tls13/rnd-check-rollback-val.c' object='tls13/tls11_check_rollback_val-rnd-check-rollback-val.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls11_check_rollback_val_CFLAGS) $(CFLAGS) -c -o tls13/tls11_check_rollback_val-rnd-check-rollback-val.obj `if test -f 'tls13/rnd-check-rollback-val.c'; then $(CYGPATH_W) 'tls13/rnd-check-rollback-val.c'; else $(CYGPATH_W) '$(srcdir)/tls13/rnd-check-rollback-val.c'; fi` + +tls13/tls11_rollback_detection-rnd-rollback-detection.o: tls13/rnd-rollback-detection.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls11_rollback_detection_CFLAGS) $(CFLAGS) -MT tls13/tls11_rollback_detection-rnd-rollback-detection.o -MD -MP -MF tls13/$(DEPDIR)/tls11_rollback_detection-rnd-rollback-detection.Tpo -c -o tls13/tls11_rollback_detection-rnd-rollback-detection.o `test -f 'tls13/rnd-rollback-detection.c' || echo '$(srcdir)/'`tls13/rnd-rollback-detection.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tls13/$(DEPDIR)/tls11_rollback_detection-rnd-rollback-detection.Tpo tls13/$(DEPDIR)/tls11_rollback_detection-rnd-rollback-detection.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tls13/rnd-rollback-detection.c' object='tls13/tls11_rollback_detection-rnd-rollback-detection.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls11_rollback_detection_CFLAGS) $(CFLAGS) -c -o tls13/tls11_rollback_detection-rnd-rollback-detection.o `test -f 'tls13/rnd-rollback-detection.c' || echo '$(srcdir)/'`tls13/rnd-rollback-detection.c + +tls13/tls11_rollback_detection-rnd-rollback-detection.obj: tls13/rnd-rollback-detection.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls11_rollback_detection_CFLAGS) $(CFLAGS) -MT tls13/tls11_rollback_detection-rnd-rollback-detection.obj -MD -MP -MF tls13/$(DEPDIR)/tls11_rollback_detection-rnd-rollback-detection.Tpo -c -o tls13/tls11_rollback_detection-rnd-rollback-detection.obj `if test -f 'tls13/rnd-rollback-detection.c'; then $(CYGPATH_W) 'tls13/rnd-rollback-detection.c'; else $(CYGPATH_W) '$(srcdir)/tls13/rnd-rollback-detection.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tls13/$(DEPDIR)/tls11_rollback_detection-rnd-rollback-detection.Tpo tls13/$(DEPDIR)/tls11_rollback_detection-rnd-rollback-detection.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tls13/rnd-rollback-detection.c' object='tls13/tls11_rollback_detection-rnd-rollback-detection.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls11_rollback_detection_CFLAGS) $(CFLAGS) -c -o tls13/tls11_rollback_detection-rnd-rollback-detection.obj `if test -f 'tls13/rnd-rollback-detection.c'; then $(CYGPATH_W) 'tls13/rnd-rollback-detection.c'; else $(CYGPATH_W) '$(srcdir)/tls13/rnd-rollback-detection.c'; fi` + +tls13/tls12_check_rollback_val-rnd-check-rollback-val.o: tls13/rnd-check-rollback-val.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_check_rollback_val_CFLAGS) $(CFLAGS) -MT tls13/tls12_check_rollback_val-rnd-check-rollback-val.o -MD -MP -MF tls13/$(DEPDIR)/tls12_check_rollback_val-rnd-check-rollback-val.Tpo -c -o tls13/tls12_check_rollback_val-rnd-check-rollback-val.o `test -f 'tls13/rnd-check-rollback-val.c' || echo '$(srcdir)/'`tls13/rnd-check-rollback-val.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tls13/$(DEPDIR)/tls12_check_rollback_val-rnd-check-rollback-val.Tpo tls13/$(DEPDIR)/tls12_check_rollback_val-rnd-check-rollback-val.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tls13/rnd-check-rollback-val.c' object='tls13/tls12_check_rollback_val-rnd-check-rollback-val.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_check_rollback_val_CFLAGS) $(CFLAGS) -c -o tls13/tls12_check_rollback_val-rnd-check-rollback-val.o `test -f 'tls13/rnd-check-rollback-val.c' || echo '$(srcdir)/'`tls13/rnd-check-rollback-val.c + +tls13/tls12_check_rollback_val-rnd-check-rollback-val.obj: tls13/rnd-check-rollback-val.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_check_rollback_val_CFLAGS) $(CFLAGS) -MT tls13/tls12_check_rollback_val-rnd-check-rollback-val.obj -MD -MP -MF tls13/$(DEPDIR)/tls12_check_rollback_val-rnd-check-rollback-val.Tpo -c -o tls13/tls12_check_rollback_val-rnd-check-rollback-val.obj `if test -f 'tls13/rnd-check-rollback-val.c'; then $(CYGPATH_W) 'tls13/rnd-check-rollback-val.c'; else $(CYGPATH_W) '$(srcdir)/tls13/rnd-check-rollback-val.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tls13/$(DEPDIR)/tls12_check_rollback_val-rnd-check-rollback-val.Tpo tls13/$(DEPDIR)/tls12_check_rollback_val-rnd-check-rollback-val.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tls13/rnd-check-rollback-val.c' object='tls13/tls12_check_rollback_val-rnd-check-rollback-val.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_check_rollback_val_CFLAGS) $(CFLAGS) -c -o tls13/tls12_check_rollback_val-rnd-check-rollback-val.obj `if test -f 'tls13/rnd-check-rollback-val.c'; then $(CYGPATH_W) 'tls13/rnd-check-rollback-val.c'; else $(CYGPATH_W) '$(srcdir)/tls13/rnd-check-rollback-val.c'; fi` + +tls12_resume_anon-resume.o: resume.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_resume_anon_CFLAGS) $(CFLAGS) -MT tls12_resume_anon-resume.o -MD -MP -MF $(DEPDIR)/tls12_resume_anon-resume.Tpo -c -o tls12_resume_anon-resume.o `test -f 'resume.c' || echo '$(srcdir)/'`resume.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tls12_resume_anon-resume.Tpo $(DEPDIR)/tls12_resume_anon-resume.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='resume.c' object='tls12_resume_anon-resume.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_resume_anon_CFLAGS) $(CFLAGS) -c -o tls12_resume_anon-resume.o `test -f 'resume.c' || echo '$(srcdir)/'`resume.c + +tls12_resume_anon-resume.obj: resume.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_resume_anon_CFLAGS) $(CFLAGS) -MT tls12_resume_anon-resume.obj -MD -MP -MF $(DEPDIR)/tls12_resume_anon-resume.Tpo -c -o tls12_resume_anon-resume.obj `if test -f 'resume.c'; then $(CYGPATH_W) 'resume.c'; else $(CYGPATH_W) '$(srcdir)/resume.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tls12_resume_anon-resume.Tpo $(DEPDIR)/tls12_resume_anon-resume.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='resume.c' object='tls12_resume_anon-resume.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_resume_anon_CFLAGS) $(CFLAGS) -c -o tls12_resume_anon-resume.obj `if test -f 'resume.c'; then $(CYGPATH_W) 'resume.c'; else $(CYGPATH_W) '$(srcdir)/resume.c'; fi` + +tls12_resume_psk-resume.o: resume.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_resume_psk_CFLAGS) $(CFLAGS) -MT tls12_resume_psk-resume.o -MD -MP -MF $(DEPDIR)/tls12_resume_psk-resume.Tpo -c -o tls12_resume_psk-resume.o `test -f 'resume.c' || echo '$(srcdir)/'`resume.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tls12_resume_psk-resume.Tpo $(DEPDIR)/tls12_resume_psk-resume.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='resume.c' object='tls12_resume_psk-resume.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_resume_psk_CFLAGS) $(CFLAGS) -c -o tls12_resume_psk-resume.o `test -f 'resume.c' || echo '$(srcdir)/'`resume.c + +tls12_resume_psk-resume.obj: resume.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_resume_psk_CFLAGS) $(CFLAGS) -MT tls12_resume_psk-resume.obj -MD -MP -MF $(DEPDIR)/tls12_resume_psk-resume.Tpo -c -o tls12_resume_psk-resume.obj `if test -f 'resume.c'; then $(CYGPATH_W) 'resume.c'; else $(CYGPATH_W) '$(srcdir)/resume.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tls12_resume_psk-resume.Tpo $(DEPDIR)/tls12_resume_psk-resume.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='resume.c' object='tls12_resume_psk-resume.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_resume_psk_CFLAGS) $(CFLAGS) -c -o tls12_resume_psk-resume.obj `if test -f 'resume.c'; then $(CYGPATH_W) 'resume.c'; else $(CYGPATH_W) '$(srcdir)/resume.c'; fi` + +tls12_resume_x509-resume.o: resume.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_resume_x509_CFLAGS) $(CFLAGS) -MT tls12_resume_x509-resume.o -MD -MP -MF $(DEPDIR)/tls12_resume_x509-resume.Tpo -c -o tls12_resume_x509-resume.o `test -f 'resume.c' || echo '$(srcdir)/'`resume.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tls12_resume_x509-resume.Tpo $(DEPDIR)/tls12_resume_x509-resume.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='resume.c' object='tls12_resume_x509-resume.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_resume_x509_CFLAGS) $(CFLAGS) -c -o tls12_resume_x509-resume.o `test -f 'resume.c' || echo '$(srcdir)/'`resume.c + +tls12_resume_x509-resume.obj: resume.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_resume_x509_CFLAGS) $(CFLAGS) -MT tls12_resume_x509-resume.obj -MD -MP -MF $(DEPDIR)/tls12_resume_x509-resume.Tpo -c -o tls12_resume_x509-resume.obj `if test -f 'resume.c'; then $(CYGPATH_W) 'resume.c'; else $(CYGPATH_W) '$(srcdir)/resume.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tls12_resume_x509-resume.Tpo $(DEPDIR)/tls12_resume_x509-resume.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='resume.c' object='tls12_resume_x509-resume.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_resume_x509_CFLAGS) $(CFLAGS) -c -o tls12_resume_x509-resume.obj `if test -f 'resume.c'; then $(CYGPATH_W) 'resume.c'; else $(CYGPATH_W) '$(srcdir)/resume.c'; fi` + +tls13/tls12_rollback_detection-rnd-rollback-detection.o: tls13/rnd-rollback-detection.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_rollback_detection_CFLAGS) $(CFLAGS) -MT tls13/tls12_rollback_detection-rnd-rollback-detection.o -MD -MP -MF tls13/$(DEPDIR)/tls12_rollback_detection-rnd-rollback-detection.Tpo -c -o tls13/tls12_rollback_detection-rnd-rollback-detection.o `test -f 'tls13/rnd-rollback-detection.c' || echo '$(srcdir)/'`tls13/rnd-rollback-detection.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tls13/$(DEPDIR)/tls12_rollback_detection-rnd-rollback-detection.Tpo tls13/$(DEPDIR)/tls12_rollback_detection-rnd-rollback-detection.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tls13/rnd-rollback-detection.c' object='tls13/tls12_rollback_detection-rnd-rollback-detection.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_rollback_detection_CFLAGS) $(CFLAGS) -c -o tls13/tls12_rollback_detection-rnd-rollback-detection.o `test -f 'tls13/rnd-rollback-detection.c' || echo '$(srcdir)/'`tls13/rnd-rollback-detection.c + +tls13/tls12_rollback_detection-rnd-rollback-detection.obj: tls13/rnd-rollback-detection.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_rollback_detection_CFLAGS) $(CFLAGS) -MT tls13/tls12_rollback_detection-rnd-rollback-detection.obj -MD -MP -MF tls13/$(DEPDIR)/tls12_rollback_detection-rnd-rollback-detection.Tpo -c -o tls13/tls12_rollback_detection-rnd-rollback-detection.obj `if test -f 'tls13/rnd-rollback-detection.c'; then $(CYGPATH_W) 'tls13/rnd-rollback-detection.c'; else $(CYGPATH_W) '$(srcdir)/tls13/rnd-rollback-detection.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tls13/$(DEPDIR)/tls12_rollback_detection-rnd-rollback-detection.Tpo tls13/$(DEPDIR)/tls12_rollback_detection-rnd-rollback-detection.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tls13/rnd-rollback-detection.c' object='tls13/tls12_rollback_detection-rnd-rollback-detection.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls12_rollback_detection_CFLAGS) $(CFLAGS) -c -o tls13/tls12_rollback_detection-rnd-rollback-detection.obj `if test -f 'tls13/rnd-rollback-detection.c'; then $(CYGPATH_W) 'tls13/rnd-rollback-detection.c'; else $(CYGPATH_W) '$(srcdir)/tls13/rnd-rollback-detection.c'; fi` + +tls13_resume_psk-resume.o: resume.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls13_resume_psk_CFLAGS) $(CFLAGS) -MT tls13_resume_psk-resume.o -MD -MP -MF $(DEPDIR)/tls13_resume_psk-resume.Tpo -c -o tls13_resume_psk-resume.o `test -f 'resume.c' || echo '$(srcdir)/'`resume.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tls13_resume_psk-resume.Tpo $(DEPDIR)/tls13_resume_psk-resume.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='resume.c' object='tls13_resume_psk-resume.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls13_resume_psk_CFLAGS) $(CFLAGS) -c -o tls13_resume_psk-resume.o `test -f 'resume.c' || echo '$(srcdir)/'`resume.c + +tls13_resume_psk-resume.obj: resume.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls13_resume_psk_CFLAGS) $(CFLAGS) -MT tls13_resume_psk-resume.obj -MD -MP -MF $(DEPDIR)/tls13_resume_psk-resume.Tpo -c -o tls13_resume_psk-resume.obj `if test -f 'resume.c'; then $(CYGPATH_W) 'resume.c'; else $(CYGPATH_W) '$(srcdir)/resume.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tls13_resume_psk-resume.Tpo $(DEPDIR)/tls13_resume_psk-resume.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='resume.c' object='tls13_resume_psk-resume.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls13_resume_psk_CFLAGS) $(CFLAGS) -c -o tls13_resume_psk-resume.obj `if test -f 'resume.c'; then $(CYGPATH_W) 'resume.c'; else $(CYGPATH_W) '$(srcdir)/resume.c'; fi` + +tls13_resume_x509-resume.o: resume.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls13_resume_x509_CFLAGS) $(CFLAGS) -MT tls13_resume_x509-resume.o -MD -MP -MF $(DEPDIR)/tls13_resume_x509-resume.Tpo -c -o tls13_resume_x509-resume.o `test -f 'resume.c' || echo '$(srcdir)/'`resume.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tls13_resume_x509-resume.Tpo $(DEPDIR)/tls13_resume_x509-resume.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='resume.c' object='tls13_resume_x509-resume.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls13_resume_x509_CFLAGS) $(CFLAGS) -c -o tls13_resume_x509-resume.o `test -f 'resume.c' || echo '$(srcdir)/'`resume.c + +tls13_resume_x509-resume.obj: resume.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls13_resume_x509_CFLAGS) $(CFLAGS) -MT tls13_resume_x509-resume.obj -MD -MP -MF $(DEPDIR)/tls13_resume_x509-resume.Tpo -c -o tls13_resume_x509-resume.obj `if test -f 'resume.c'; then $(CYGPATH_W) 'resume.c'; else $(CYGPATH_W) '$(srcdir)/resume.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tls13_resume_x509-resume.Tpo $(DEPDIR)/tls13_resume_x509-resume.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='resume.c' object='tls13_resume_x509-resume.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tls13_resume_x509_CFLAGS) $(CFLAGS) -c -o tls13_resume_x509-resume.obj `if test -f 'resume.c'; then $(CYGPATH_W) 'resume.c'; else $(CYGPATH_W) '$(srcdir)/resume.c'; fi` + +tls13/anti_replay-anti_replay.o: tls13/anti_replay.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tls13_anti_replay_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tls13/anti_replay-anti_replay.o -MD -MP -MF tls13/$(DEPDIR)/anti_replay-anti_replay.Tpo -c -o tls13/anti_replay-anti_replay.o `test -f 'tls13/anti_replay.c' || echo '$(srcdir)/'`tls13/anti_replay.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tls13/$(DEPDIR)/anti_replay-anti_replay.Tpo tls13/$(DEPDIR)/anti_replay-anti_replay.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tls13/anti_replay.c' object='tls13/anti_replay-anti_replay.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tls13_anti_replay_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tls13/anti_replay-anti_replay.o `test -f 'tls13/anti_replay.c' || echo '$(srcdir)/'`tls13/anti_replay.c + +tls13/anti_replay-anti_replay.obj: tls13/anti_replay.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tls13_anti_replay_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tls13/anti_replay-anti_replay.obj -MD -MP -MF tls13/$(DEPDIR)/anti_replay-anti_replay.Tpo -c -o tls13/anti_replay-anti_replay.obj `if test -f 'tls13/anti_replay.c'; then $(CYGPATH_W) 'tls13/anti_replay.c'; else $(CYGPATH_W) '$(srcdir)/tls13/anti_replay.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tls13/$(DEPDIR)/anti_replay-anti_replay.Tpo tls13/$(DEPDIR)/anti_replay-anti_replay.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tls13/anti_replay.c' object='tls13/anti_replay-anti_replay.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tls13_anti_replay_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o tls13/anti_replay-anti_replay.obj `if test -f 'tls13/anti_replay.c'; then $(CYGPATH_W) 'tls13/anti_replay.c'; else $(CYGPATH_W) '$(srcdir)/tls13/anti_replay.c'; fi` + +.cpp.o: +@am__fastdepCXX_TRUE@ $(AM_V_CXX)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(CXXCOMPILE) -c -o $@ $< + +.cpp.obj: +@am__fastdepCXX_TRUE@ $(AM_V_CXX)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.cpp.lo: +@am__fastdepCXX_TRUE@ $(AM_V_CXX)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCXX_TRUE@ $(LTCXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(LTCXXCOMPILE) -c -o $@ $< + +sanity_cpp-sanity-cpp.o: sanity-cpp.cpp +@am__fastdepCXX_TRUE@ $(AM_V_CXX)$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sanity_cpp_CXXFLAGS) $(CXXFLAGS) -MT sanity_cpp-sanity-cpp.o -MD -MP -MF $(DEPDIR)/sanity_cpp-sanity-cpp.Tpo -c -o sanity_cpp-sanity-cpp.o `test -f 'sanity-cpp.cpp' || echo '$(srcdir)/'`sanity-cpp.cpp +@am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/sanity_cpp-sanity-cpp.Tpo $(DEPDIR)/sanity_cpp-sanity-cpp.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='sanity-cpp.cpp' object='sanity_cpp-sanity-cpp.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sanity_cpp_CXXFLAGS) $(CXXFLAGS) -c -o sanity_cpp-sanity-cpp.o `test -f 'sanity-cpp.cpp' || echo '$(srcdir)/'`sanity-cpp.cpp + +sanity_cpp-sanity-cpp.obj: sanity-cpp.cpp +@am__fastdepCXX_TRUE@ $(AM_V_CXX)$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sanity_cpp_CXXFLAGS) $(CXXFLAGS) -MT sanity_cpp-sanity-cpp.obj -MD -MP -MF $(DEPDIR)/sanity_cpp-sanity-cpp.Tpo -c -o sanity_cpp-sanity-cpp.obj `if test -f 'sanity-cpp.cpp'; then $(CYGPATH_W) 'sanity-cpp.cpp'; else $(CYGPATH_W) '$(srcdir)/sanity-cpp.cpp'; fi` +@am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/sanity_cpp-sanity-cpp.Tpo $(DEPDIR)/sanity_cpp-sanity-cpp.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='sanity-cpp.cpp' object='sanity_cpp-sanity-cpp.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(sanity_cpp_CXXFLAGS) $(CXXFLAGS) -c -o sanity_cpp-sanity-cpp.obj `if test -f 'sanity-cpp.cpp'; then $(CYGPATH_W) 'sanity-cpp.cpp'; else $(CYGPATH_W) '$(srcdir)/sanity-cpp.cpp'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + -rm -rf pkcs11/.libs pkcs11/_libs + -rm -rf safe-renegotiation/.libs safe-renegotiation/_libs + -rm -rf tls13/.libs tls13/_libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +# Recover from deleted '.trs' file; this should ensure that +# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create +# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells +# to avoid problems with "make -n". +.log.trs: + rm -f $< $@ + $(MAKE) $(AM_MAKEFLAGS) $< + +# Leading 'am--fnord' is there to ensure the list of targets does not +# expand to empty, as could happen e.g. with make check TESTS=''. +am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) +am--force-recheck: + @: + +$(TEST_SUITE_LOG): $(TEST_LOGS) + @$(am__set_TESTS_bases); \ + am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ + redo_bases=`for i in $$bases; do \ + am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ + done`; \ + if test -n "$$redo_bases"; then \ + redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ + redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ + if $(am__make_dryrun); then :; else \ + rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ + fi; \ + if test -n "$$am__remaking_logs"; then \ + echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ + "recursion detected" >&2; \ + elif test -n "$$redo_logs"; then \ + am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ + fi; \ + if $(am__make_dryrun); then :; else \ + st=0; \ + errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ + for i in $$redo_bases; do \ + test -f $$i.trs && test -r $$i.trs \ + || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ + test -f $$i.log && test -r $$i.log \ + || { echo "$$errmsg $$i.log" >&2; st=1; }; \ + done; \ + test $$st -eq 0 || exit 1; \ + fi + @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ + ws='[ ]'; \ + results=`for b in $$bases; do echo $$b.trs; done`; \ + test -n "$$results" || results=/dev/null; \ + all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ + pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ + fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ + skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ + xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ + xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ + error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ + if test `expr $$fail + $$xpass + $$error` -eq 0; then \ + success=true; \ + else \ + success=false; \ + fi; \ + br='==================='; br=$$br$$br$$br$$br; \ + result_count () \ + { \ + if test x"$$1" = x"--maybe-color"; then \ + maybe_colorize=yes; \ + elif test x"$$1" = x"--no-color"; then \ + maybe_colorize=no; \ + else \ + echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ + shift; \ + desc=$$1 count=$$2; \ + if test $$maybe_colorize = yes && test $$count -gt 0; then \ + color_start=$$3 color_end=$$std; \ + else \ + color_start= color_end=; \ + fi; \ + echo "$${color_start}# $$desc $$count$${color_end}"; \ + }; \ + create_testsuite_report () \ + { \ + result_count $$1 "TOTAL:" $$all "$$brg"; \ + result_count $$1 "PASS: " $$pass "$$grn"; \ + result_count $$1 "SKIP: " $$skip "$$blu"; \ + result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ + result_count $$1 "FAIL: " $$fail "$$red"; \ + result_count $$1 "XPASS:" $$xpass "$$red"; \ + result_count $$1 "ERROR:" $$error "$$mgn"; \ + }; \ + { \ + echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ + $(am__rst_title); \ + create_testsuite_report --no-color; \ + echo; \ + echo ".. contents:: :depth: 2"; \ + echo; \ + for b in $$bases; do echo $$b; done \ + | $(am__create_global_log); \ + } >$(TEST_SUITE_LOG).tmp || exit 1; \ + mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ + if $$success; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ + fi; \ + echo "$${col}$$br$${std}"; \ + echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ + echo "$${col}$$br$${std}"; \ + create_testsuite_report --maybe-color; \ + echo "$$col$$br$$std"; \ + if $$success; then :; else \ + echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ + if test -n "$(PACKAGE_BUGREPORT)"; then \ + echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ + fi; \ + echo "$$col$$br$$std"; \ + fi; \ + $$success || exit 1 + +check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS) + @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list + @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + trs_list=`for i in $$bases; do echo $$i.trs; done`; \ + log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ + exit $$?; +recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS) + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + bases=`for i in $$bases; do echo $$i; done \ + | $(am__list_recheck_tests)` || exit 1; \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + log_list=`echo $$log_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ + am__force_recheck=am--force-recheck \ + TEST_LOGS="$$log_list"; \ + exit $$? +sanity-cpp.log: sanity-cpp$(EXEEXT) + @p='sanity-cpp$(EXEEXT)'; \ + b='sanity-cpp'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/supported_versions.log: tls13/supported_versions$(EXEEXT) + @p='tls13/supported_versions$(EXEEXT)'; \ + b='tls13/supported_versions'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/tls12-no-tls13-exts.log: tls13/tls12-no-tls13-exts$(EXEEXT) + @p='tls13/tls12-no-tls13-exts$(EXEEXT)'; \ + b='tls13/tls12-no-tls13-exts'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/post-handshake-with-cert.log: tls13/post-handshake-with-cert$(EXEEXT) + @p='tls13/post-handshake-with-cert$(EXEEXT)'; \ + b='tls13/post-handshake-with-cert'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/post-handshake-without-cert.log: tls13/post-handshake-without-cert$(EXEEXT) + @p='tls13/post-handshake-without-cert$(EXEEXT)'; \ + b='tls13/post-handshake-without-cert'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/cookie.log: tls13/cookie$(EXEEXT) + @p='tls13/cookie$(EXEEXT)'; \ + b='tls13/cookie'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/key_share.log: tls13/key_share$(EXEEXT) + @p='tls13/key_share$(EXEEXT)'; \ + b='tls13/key_share'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/prf.log: tls13/prf$(EXEEXT) + @p='tls13/prf$(EXEEXT)'; \ + b='tls13/prf'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/prf-early.log: tls13/prf-early$(EXEEXT) + @p='tls13/prf-early$(EXEEXT)'; \ + b='tls13/prf-early'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/post-handshake-with-cert-ticket.log: tls13/post-handshake-with-cert-ticket$(EXEEXT) + @p='tls13/post-handshake-with-cert-ticket$(EXEEXT)'; \ + b='tls13/post-handshake-with-cert-ticket'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-rollback-detection.log: tls12-rollback-detection$(EXEEXT) + @p='tls12-rollback-detection$(EXEEXT)'; \ + b='tls12-rollback-detection'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls11-rollback-detection.log: tls11-rollback-detection$(EXEEXT) + @p='tls11-rollback-detection$(EXEEXT)'; \ + b='tls11-rollback-detection'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-check-rollback-val.log: tls12-check-rollback-val$(EXEEXT) + @p='tls12-check-rollback-val$(EXEEXT)'; \ + b='tls12-check-rollback-val'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls11-check-rollback-val.log: tls11-check-rollback-val$(EXEEXT) + @p='tls11-check-rollback-val$(EXEEXT)'; \ + b='tls11-check-rollback-val'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/post-handshake-with-psk.log: tls13/post-handshake-with-psk$(EXEEXT) + @p='tls13/post-handshake-with-psk$(EXEEXT)'; \ + b='tls13/post-handshake-with-psk'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/post-handshake-with-cert-auto.log: tls13/post-handshake-with-cert-auto$(EXEEXT) + @p='tls13/post-handshake-with-cert-auto$(EXEEXT)'; \ + b='tls13/post-handshake-with-cert-auto'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/anti_replay.log: tls13/anti_replay$(EXEEXT) + @p='tls13/anti_replay$(EXEEXT)'; \ + b='tls13/anti_replay'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/compress-cert.log: tls13/compress-cert$(EXEEXT) + @p='tls13/compress-cert$(EXEEXT)'; \ + b='tls13/compress-cert'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/compress-cert-neg.log: tls13/compress-cert-neg$(EXEEXT) + @p='tls13/compress-cert-neg$(EXEEXT)'; \ + b='tls13/compress-cert-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/compress-cert-neg2.log: tls13/compress-cert-neg2$(EXEEXT) + @p='tls13/compress-cert-neg2$(EXEEXT)'; \ + b='tls13/compress-cert-neg2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/compress-cert-cli.log: tls13/compress-cert-cli$(EXEEXT) + @p='tls13/compress-cert-cli$(EXEEXT)'; \ + b='tls13/compress-cert-cli'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/hello_retry_request.log: tls13/hello_retry_request$(EXEEXT) + @p='tls13/hello_retry_request$(EXEEXT)'; \ + b='tls13/hello_retry_request'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/hello_retry_request_resume.log: tls13/hello_retry_request_resume$(EXEEXT) + @p='tls13/hello_retry_request_resume$(EXEEXT)'; \ + b='tls13/hello_retry_request_resume'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/psk-ext.log: tls13/psk-ext$(EXEEXT) + @p='tls13/psk-ext$(EXEEXT)'; \ + b='tls13/psk-ext'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/key_update.log: tls13/key_update$(EXEEXT) + @p='tls13/key_update$(EXEEXT)'; \ + b='tls13/key_update'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/key_update_multiple.log: tls13/key_update_multiple$(EXEEXT) + @p='tls13/key_update_multiple$(EXEEXT)'; \ + b='tls13/key_update_multiple'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/key_limits.log: tls13/key_limits$(EXEEXT) + @p='tls13/key_limits$(EXEEXT)'; \ + b='tls13/key_limits'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/multi-ocsp.log: tls13/multi-ocsp$(EXEEXT) + @p='tls13/multi-ocsp$(EXEEXT)'; \ + b='tls13/multi-ocsp'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/ocsp-client.log: tls13/ocsp-client$(EXEEXT) + @p='tls13/ocsp-client$(EXEEXT)'; \ + b='tls13/ocsp-client'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/change_cipher_spec.log: tls13/change_cipher_spec$(EXEEXT) + @p='tls13/change_cipher_spec$(EXEEXT)'; \ + b='tls13/change_cipher_spec'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13-cipher-neg.log: tls13-cipher-neg$(EXEEXT) + @p='tls13-cipher-neg$(EXEEXT)'; \ + b='tls13-cipher-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/no-psk-exts.log: tls13/no-psk-exts$(EXEEXT) + @p='tls13/no-psk-exts$(EXEEXT)'; \ + b='tls13/no-psk-exts'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/psk-dumbfw.log: tls13/psk-dumbfw$(EXEEXT) + @p='tls13/psk-dumbfw$(EXEEXT)'; \ + b='tls13/psk-dumbfw'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/psk-ke-modes.log: tls13/psk-ke-modes$(EXEEXT) + @p='tls13/psk-ke-modes$(EXEEXT)'; \ + b='tls13/psk-ke-modes'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13-early-start.log: tls13-early-start$(EXEEXT) + @p='tls13-early-start$(EXEEXT)'; \ + b='tls13-early-start'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/no-auto-send-ticket.log: tls13/no-auto-send-ticket$(EXEEXT) + @p='tls13/no-auto-send-ticket$(EXEEXT)'; \ + b='tls13/no-auto-send-ticket'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-record-2.log: mini-record-2$(EXEEXT) + @p='mini-record-2$(EXEEXT)'; \ + b='mini-record-2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +simple.log: simple$(EXEEXT) + @p='simple$(EXEEXT)'; \ + b='simple'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gnutls_hmac_fast.log: gnutls_hmac_fast$(EXEEXT) + @p='gnutls_hmac_fast$(EXEEXT)'; \ + b='gnutls_hmac_fast'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_pkcs12_cred.log: set_pkcs12_cred$(EXEEXT) + @p='set_pkcs12_cred$(EXEEXT)'; \ + b='set_pkcs12_cred'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +cert.log: cert$(EXEEXT) + @p='cert$(EXEEXT)'; \ + b='cert'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +certuniqueid.log: certuniqueid$(EXEEXT) + @p='certuniqueid$(EXEEXT)'; \ + b='certuniqueid'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-neg-ext-key.log: tls-neg-ext-key$(EXEEXT) + @p='tls-neg-ext-key$(EXEEXT)'; \ + b='tls-neg-ext-key'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mpi.log: mpi$(EXEEXT) + @p='mpi$(EXEEXT)'; \ + b='mpi'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +certificate_set_x509_crl.log: certificate_set_x509_crl$(EXEEXT) + @p='certificate_set_x509_crl$(EXEEXT)'; \ + b='certificate_set_x509_crl'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dn.log: dn$(EXEEXT) + @p='dn$(EXEEXT)'; \ + b='dn'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +parse_ca.log: parse_ca$(EXEEXT) + @p='parse_ca$(EXEEXT)'; \ + b='parse_ca'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509-dn.log: x509-dn$(EXEEXT) + @p='x509-dn$(EXEEXT)'; \ + b='x509-dn'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509-dn-decode.log: x509-dn-decode$(EXEEXT) + @p='x509-dn-decode$(EXEEXT)'; \ + b='x509-dn-decode'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +record-sizes.log: record-sizes$(EXEEXT) + @p='record-sizes$(EXEEXT)'; \ + b='record-sizes'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +hostname-check.log: hostname-check$(EXEEXT) + @p='hostname-check$(EXEEXT)'; \ + b='hostname-check'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +cve-2008-4989.log: cve-2008-4989$(EXEEXT) + @p='cve-2008-4989$(EXEEXT)'; \ + b='cve-2008-4989'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs12_s2k.log: pkcs12_s2k$(EXEEXT) + @p='pkcs12_s2k$(EXEEXT)'; \ + b='pkcs12_s2k'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +chainverify.log: chainverify$(EXEEXT) + @p='chainverify$(EXEEXT)'; \ + b='chainverify'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +missingissuer.log: missingissuer$(EXEEXT) + @p='missingissuer$(EXEEXT)'; \ + b='missingissuer'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +missingissuer_aia.log: missingissuer_aia$(EXEEXT) + @p='missingissuer_aia$(EXEEXT)'; \ + b='missingissuer_aia'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +record-sizes-range.log: record-sizes-range$(EXEEXT) + @p='record-sizes-range$(EXEEXT)'; \ + b='record-sizes-range'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +crq_key_id.log: crq_key_id$(EXEEXT) + @p='crq_key_id$(EXEEXT)'; \ + b='crq_key_id'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509sign-verify.log: x509sign-verify$(EXEEXT) + @p='x509sign-verify$(EXEEXT)'; \ + b='x509sign-verify'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sign-verify.log: sign-verify$(EXEEXT) + @p='sign-verify$(EXEEXT)'; \ + b='sign-verify'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +cve-2009-1415.log: cve-2009-1415$(EXEEXT) + @p='cve-2009-1415$(EXEEXT)'; \ + b='cve-2009-1415'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +cve-2009-1416.log: cve-2009-1416$(EXEEXT) + @p='cve-2009-1416$(EXEEXT)'; \ + b='cve-2009-1416'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls10-server-kx-neg.log: tls10-server-kx-neg$(EXEEXT) + @p='tls10-server-kx-neg$(EXEEXT)'; \ + b='tls10-server-kx-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls11-server-kx-neg.log: tls11-server-kx-neg$(EXEEXT) + @p='tls11-server-kx-neg$(EXEEXT)'; \ + b='tls11-server-kx-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-server-kx-neg.log: tls12-server-kx-neg$(EXEEXT) + @p='tls12-server-kx-neg$(EXEEXT)'; \ + b='tls12-server-kx-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ssl30-server-kx-neg.log: ssl30-server-kx-neg$(EXEEXT) + @p='ssl30-server-kx-neg$(EXEEXT)'; \ + b='ssl30-server-kx-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-cipher-neg.log: tls12-cipher-neg$(EXEEXT) + @p='tls12-cipher-neg$(EXEEXT)'; \ + b='tls12-cipher-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls11-cipher-neg.log: tls11-cipher-neg$(EXEEXT) + @p='tls11-cipher-neg$(EXEEXT)'; \ + b='tls11-cipher-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls10-cipher-neg.log: tls10-cipher-neg$(EXEEXT) + @p='tls10-cipher-neg$(EXEEXT)'; \ + b='tls10-cipher-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ssl30-cipher-neg.log: ssl30-cipher-neg$(EXEEXT) + @p='ssl30-cipher-neg$(EXEEXT)'; \ + b='ssl30-cipher-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +crq_apis.log: crq_apis$(EXEEXT) + @p='crq_apis$(EXEEXT)'; \ + b='crq_apis'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +init_roundtrip.log: init_roundtrip$(EXEEXT) + @p='init_roundtrip$(EXEEXT)'; \ + b='init_roundtrip'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs12_s2k_pem.log: pkcs12_s2k_pem$(EXEEXT) + @p='pkcs12_s2k_pem$(EXEEXT)'; \ + b='pkcs12_s2k_pem'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dn2.log: dn2$(EXEEXT) + @p='dn2$(EXEEXT)'; \ + b='dn2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-rehandshake-cert-3.log: tls12-rehandshake-cert-3$(EXEEXT) + @p='tls12-rehandshake-cert-3$(EXEEXT)'; \ + b='tls12-rehandshake-cert-3'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +nul-in-x509-names.log: nul-in-x509-names$(EXEEXT) + @p='nul-in-x509-names$(EXEEXT)'; \ + b='nul-in-x509-names'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509_altname.log: x509_altname$(EXEEXT) + @p='x509_altname$(EXEEXT)'; \ + b='x509_altname'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs12_encode.log: pkcs12_encode$(EXEEXT) + @p='pkcs12_encode$(EXEEXT)'; \ + b='pkcs12_encode'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-x509.log: mini-x509$(EXEEXT) + @p='mini-x509$(EXEEXT)'; \ + b='mini-x509'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gnutls_session_set_id.log: gnutls_session_set_id$(EXEEXT) + @p='gnutls_session_set_id$(EXEEXT)'; \ + b='gnutls_session_set_id'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rng-fork.log: rng-fork$(EXEEXT) + @p='rng-fork$(EXEEXT)'; \ + b='rng-fork'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-eagain-dtls.log: mini-eagain-dtls$(EXEEXT) + @p='mini-eagain-dtls$(EXEEXT)'; \ + b='mini-eagain-dtls'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +resume-dtls.log: resume-dtls$(EXEEXT) + @p='resume-dtls$(EXEEXT)'; \ + b='resume-dtls'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +empty_retrieve_function.log: empty_retrieve_function$(EXEEXT) + @p='empty_retrieve_function$(EXEEXT)'; \ + b='empty_retrieve_function'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13-rehandshake-cert.log: tls13-rehandshake-cert$(EXEEXT) + @p='tls13-rehandshake-cert$(EXEEXT)'; \ + b='tls13-rehandshake-cert'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gnutls_ext_raw_parse.log: gnutls_ext_raw_parse$(EXEEXT) + @p='gnutls_ext_raw_parse$(EXEEXT)'; \ + b='gnutls_ext_raw_parse'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +handshake-large-cert.log: handshake-large-cert$(EXEEXT) + @p='handshake-large-cert$(EXEEXT)'; \ + b='handshake-large-cert'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509cert.log: x509cert$(EXEEXT) + @p='x509cert$(EXEEXT)'; \ + b='x509cert'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509cert-tl.log: x509cert-tl$(EXEEXT) + @p='x509cert-tl$(EXEEXT)'; \ + b='x509cert-tl'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509cert-ct.log: x509cert-ct$(EXEEXT) + @p='x509cert-ct$(EXEEXT)'; \ + b='x509cert-ct'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +infoaccess.log: infoaccess$(EXEEXT) + @p='infoaccess$(EXEEXT)'; \ + b='infoaccess'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-dtls-hello-verify.log: mini-dtls-hello-verify$(EXEEXT) + @p='mini-dtls-hello-verify$(EXEEXT)'; \ + b='mini-dtls-hello-verify'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sign-verify-ed25519-rfc8080.log: sign-verify-ed25519-rfc8080$(EXEEXT) + @p='sign-verify-ed25519-rfc8080$(EXEEXT)'; \ + b='sign-verify-ed25519-rfc8080'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +trustdb-tofu.log: trustdb-tofu$(EXEEXT) + @p='trustdb-tofu$(EXEEXT)'; \ + b='trustdb-tofu'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-rehandshake-anon.log: dtls-rehandshake-anon$(EXEEXT) + @p='dtls-rehandshake-anon$(EXEEXT)'; \ + b='dtls-rehandshake-anon'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-alpn.log: mini-alpn$(EXEEXT) + @p='mini-alpn$(EXEEXT)'; \ + b='mini-alpn'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-dtls-large.log: mini-dtls-large$(EXEEXT) + @p='mini-dtls-large$(EXEEXT)'; \ + b='mini-dtls-large'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-termination.log: mini-termination$(EXEEXT) + @p='mini-termination$(EXEEXT)'; \ + b='mini-termination'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-x509-cas.log: mini-x509-cas$(EXEEXT) + @p='mini-x509-cas$(EXEEXT)'; \ + b='mini-x509-cas'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-x509-2.log: mini-x509-2$(EXEEXT) + @p='mini-x509-2$(EXEEXT)'; \ + b='mini-x509-2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs12_simple.log: pkcs12_simple$(EXEEXT) + @p='pkcs12_simple$(EXEEXT)'; \ + b='pkcs12_simple'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-pthread.log: tls-pthread$(EXEEXT) + @p='tls-pthread$(EXEEXT)'; \ + b='tls-pthread'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-emsgsize-dtls.log: mini-emsgsize-dtls$(EXEEXT) + @p='mini-emsgsize-dtls$(EXEEXT)'; \ + b='mini-emsgsize-dtls'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +chainverify-unsorted.log: chainverify-unsorted$(EXEEXT) + @p='chainverify-unsorted$(EXEEXT)'; \ + b='chainverify-unsorted'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-overhead.log: mini-overhead$(EXEEXT) + @p='mini-overhead$(EXEEXT)'; \ + b='mini-overhead'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-ffdhe.log: tls12-ffdhe$(EXEEXT) + @p='tls12-ffdhe$(EXEEXT)'; \ + b='tls12-ffdhe'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-dtls-heartbeat.log: mini-dtls-heartbeat$(EXEEXT) + @p='mini-dtls-heartbeat$(EXEEXT)'; \ + b='mini-dtls-heartbeat'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-x509-callbacks.log: mini-x509-callbacks$(EXEEXT) + @p='mini-x509-callbacks$(EXEEXT)'; \ + b='mini-x509-callbacks'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +key-openssl.log: key-openssl$(EXEEXT) + @p='key-openssl$(EXEEXT)'; \ + b='key-openssl'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +priorities.log: priorities$(EXEEXT) + @p='priorities$(EXEEXT)'; \ + b='priorities'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +priorities-groups.log: priorities-groups$(EXEEXT) + @p='priorities-groups$(EXEEXT)'; \ + b='priorities-groups'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gnutls_x509_privkey_import.log: gnutls_x509_privkey_import$(EXEEXT) + @p='gnutls_x509_privkey_import$(EXEEXT)'; \ + b='gnutls_x509_privkey_import'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gnutls_x509_crt_list_import.log: gnutls_x509_crt_list_import$(EXEEXT) + @p='gnutls_x509_crt_list_import$(EXEEXT)'; \ + b='gnutls_x509_crt_list_import'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +time.log: time$(EXEEXT) + @p='time$(EXEEXT)'; \ + b='time'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509-server-verify.log: x509-server-verify$(EXEEXT) + @p='x509-server-verify$(EXEEXT)'; \ + b='x509-server-verify'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sign-verify-ext4.log: sign-verify-ext4$(EXEEXT) + @p='sign-verify-ext4$(EXEEXT)'; \ + b='sign-verify-ext4'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-neg-ext4-key.log: tls-neg-ext4-key$(EXEEXT) + @p='tls-neg-ext4-key$(EXEEXT)'; \ + b='tls-neg-ext4-key'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +resume-lifetime.log: resume-lifetime$(EXEEXT) + @p='resume-lifetime$(EXEEXT)'; \ + b='resume-lifetime'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-dtls-srtp.log: mini-dtls-srtp$(EXEEXT) + @p='mini-dtls-srtp$(EXEEXT)'; \ + b='mini-dtls-srtp'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rsa-encrypt-decrypt.log: rsa-encrypt-decrypt$(EXEEXT) + @p='rsa-encrypt-decrypt$(EXEEXT)'; \ + b='rsa-encrypt-decrypt'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-loss-time.log: mini-loss-time$(EXEEXT) + @p='mini-loss-time$(EXEEXT)'; \ + b='mini-loss-time'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gnutls-strcodes.log: gnutls-strcodes$(EXEEXT) + @p='gnutls-strcodes$(EXEEXT)'; \ + b='gnutls-strcodes'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-record.log: mini-record$(EXEEXT) + @p='mini-record$(EXEEXT)'; \ + b='mini-record'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-dtls-record.log: mini-dtls-record$(EXEEXT) + @p='mini-dtls-record$(EXEEXT)'; \ + b='mini-dtls-record'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +handshake-timeout.log: handshake-timeout$(EXEEXT) + @p='handshake-timeout$(EXEEXT)'; \ + b='handshake-timeout'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-record-range.log: mini-record-range$(EXEEXT) + @p='mini-record-range$(EXEEXT)'; \ + b='mini-record-range'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +cert-status.log: cert-status$(EXEEXT) + @p='cert-status$(EXEEXT)'; \ + b='cert-status'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +fips-mode-pthread.log: fips-mode-pthread$(EXEEXT) + @p='fips-mode-pthread$(EXEEXT)'; \ + b='fips-mode-pthread'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rsa-psk.log: rsa-psk$(EXEEXT) + @p='rsa-psk$(EXEEXT)'; \ + b='rsa-psk'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +global-init.log: global-init$(EXEEXT) + @p='global-init$(EXEEXT)'; \ + b='global-init'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sec-params.log: sec-params$(EXEEXT) + @p='sec-params$(EXEEXT)'; \ + b='sec-params'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sign-verify-data.log: sign-verify-data$(EXEEXT) + @p='sign-verify-data$(EXEEXT)'; \ + b='sign-verify-data'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +fips-test.log: fips-test$(EXEEXT) + @p='fips-test$(EXEEXT)'; \ + b='fips-test'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +fips-override-test.log: fips-override-test$(EXEEXT) + @p='fips-override-test$(EXEEXT)'; \ + b='fips-override-test'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-global-load.log: mini-global-load$(EXEEXT) + @p='mini-global-load$(EXEEXT)'; \ + b='mini-global-load'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +name-constraints.log: name-constraints$(EXEEXT) + @p='name-constraints$(EXEEXT)'; \ + b='name-constraints'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509-extensions.log: x509-extensions$(EXEEXT) + @p='x509-extensions$(EXEEXT)'; \ + b='x509-extensions'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +long-session-id.log: long-session-id$(EXEEXT) + @p='long-session-id$(EXEEXT)'; \ + b='long-session-id'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-x509-callbacks-intr.log: mini-x509-callbacks-intr$(EXEEXT) + @p='mini-x509-callbacks-intr$(EXEEXT)'; \ + b='mini-x509-callbacks-intr'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-dtls-lowmtu.log: mini-dtls-lowmtu$(EXEEXT) + @p='mini-dtls-lowmtu$(EXEEXT)'; \ + b='mini-dtls-lowmtu'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_key_file-late.log: set_x509_key_file-late$(EXEEXT) + @p='set_x509_key_file-late$(EXEEXT)'; \ + b='set_x509_key_file-late'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +crlverify.log: crlverify$(EXEEXT) + @p='crlverify$(EXEEXT)'; \ + b='crlverify'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-dtls-discard.log: mini-dtls-discard$(EXEEXT) + @p='mini-dtls-discard$(EXEEXT)'; \ + b='mini-dtls-discard'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-record-failure.log: mini-record-failure$(EXEEXT) + @p='mini-record-failure$(EXEEXT)'; \ + b='mini-record-failure'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +openconnect-dtls12.log: openconnect-dtls12$(EXEEXT) + @p='openconnect-dtls12$(EXEEXT)'; \ + b='openconnect-dtls12'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-rehandshake-cert-2.log: tls12-rehandshake-cert-2$(EXEEXT) + @p='tls12-rehandshake-cert-2$(EXEEXT)'; \ + b='tls12-rehandshake-cert-2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +custom-urls.log: custom-urls$(EXEEXT) + @p='custom-urls$(EXEEXT)'; \ + b='custom-urls'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_key_mem.log: set_x509_key_mem$(EXEEXT) + @p='set_x509_key_mem$(EXEEXT)'; \ + b='set_x509_key_mem'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_key_file.log: set_x509_key_file$(EXEEXT) + @p='set_x509_key_file$(EXEEXT)'; \ + b='set_x509_key_file'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-rehandshake-cert-auto.log: tls12-rehandshake-cert-auto$(EXEEXT) + @p='tls12-rehandshake-cert-auto$(EXEEXT)'; \ + b='tls12-rehandshake-cert-auto'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-rehandshake-set-prio.log: tls12-rehandshake-set-prio$(EXEEXT) + @p='tls12-rehandshake-set-prio$(EXEEXT)'; \ + b='tls12-rehandshake-set-prio'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-chain-unsorted.log: mini-chain-unsorted$(EXEEXT) + @p='mini-chain-unsorted$(EXEEXT)'; \ + b='mini-chain-unsorted'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509-verify-with-crl.log: x509-verify-with-crl$(EXEEXT) + @p='x509-verify-with-crl$(EXEEXT)'; \ + b='x509-verify-with-crl'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-dtls-mtu.log: mini-dtls-mtu$(EXEEXT) + @p='mini-dtls-mtu$(EXEEXT)'; \ + b='mini-dtls-mtu'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +privkey-verify-broken.log: privkey-verify-broken$(EXEEXT) + @p='privkey-verify-broken$(EXEEXT)'; \ + b='privkey-verify-broken'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-dtls-record-asym.log: mini-dtls-record-asym$(EXEEXT) + @p='mini-dtls-record-asym$(EXEEXT)'; \ + b='mini-dtls-record-asym'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +key-import-export.log: key-import-export$(EXEEXT) + @p='key-import-export$(EXEEXT)'; \ + b='key-import-export'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +priority-set.log: priority-set$(EXEEXT) + @p='priority-set$(EXEEXT)'; \ + b='priority-set'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +priority-set2.log: priority-set2$(EXEEXT) + @p='priority-set2$(EXEEXT)'; \ + b='priority-set2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pubkey-import-export.log: pubkey-import-export$(EXEEXT) + @p='pubkey-import-export$(EXEEXT)'; \ + b='pubkey-import-export'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sign-is-secure.log: sign-is-secure$(EXEEXT) + @p='sign-is-secure$(EXEEXT)'; \ + b='sign-is-secure'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +spki.log: spki$(EXEEXT) + @p='spki$(EXEEXT)'; \ + b='spki'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +spki-abstract.log: spki-abstract$(EXEEXT) + @p='spki-abstract$(EXEEXT)'; \ + b='spki-abstract'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rsa-rsa-pss.log: rsa-rsa-pss$(EXEEXT) + @p='rsa-rsa-pss$(EXEEXT)'; \ + b='rsa-rsa-pss'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-dtls-fork.log: mini-dtls-fork$(EXEEXT) + @p='mini-dtls-fork$(EXEEXT)'; \ + b='mini-dtls-fork'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-pthread.log: dtls-pthread$(EXEEXT) + @p='dtls-pthread$(EXEEXT)'; \ + b='dtls-pthread'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-key-material.log: mini-key-material$(EXEEXT) + @p='mini-key-material$(EXEEXT)'; \ + b='mini-key-material'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509cert-invalid.log: x509cert-invalid$(EXEEXT) + @p='x509cert-invalid$(EXEEXT)'; \ + b='x509cert-invalid'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-ext-register.log: tls-ext-register$(EXEEXT) + @p='tls-ext-register$(EXEEXT)'; \ + b='tls-ext-register'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-supplemental.log: tls-supplemental$(EXEEXT) + @p='tls-supplemental$(EXEEXT)'; \ + b='tls-supplemental'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-dtls0-9.log: mini-dtls0-9$(EXEEXT) + @p='mini-dtls0-9$(EXEEXT)'; \ + b='mini-dtls0-9'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +duplicate-extensions.log: duplicate-extensions$(EXEEXT) + @p='duplicate-extensions$(EXEEXT)'; \ + b='duplicate-extensions'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +record-retvals.log: record-retvals$(EXEEXT) + @p='record-retvals$(EXEEXT)'; \ + b='record-retvals'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-server-name.log: mini-server-name$(EXEEXT) + @p='mini-server-name$(EXEEXT)'; \ + b='mini-server-name'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-etm.log: tls-etm$(EXEEXT) + @p='tls-etm$(EXEEXT)'; \ + b='tls-etm'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-force-etm.log: tls-force-etm$(EXEEXT) + @p='tls-force-etm$(EXEEXT)'; \ + b='tls-force-etm'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509-cert-callback.log: x509-cert-callback$(EXEEXT) + @p='x509-cert-callback$(EXEEXT)'; \ + b='x509-cert-callback'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +alerts.log: alerts$(EXEEXT) + @p='alerts$(EXEEXT)'; \ + b='alerts'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +client-sign-md5-rep.log: client-sign-md5-rep$(EXEEXT) + @p='client-sign-md5-rep$(EXEEXT)'; \ + b='client-sign-md5-rep'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-invalid-key-exchanges.log: tls12-invalid-key-exchanges$(EXEEXT) + @p='tls12-invalid-key-exchanges$(EXEEXT)'; \ + b='tls12-invalid-key-exchanges'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +session-rdn-read.log: session-rdn-read$(EXEEXT) + @p='session-rdn-read$(EXEEXT)'; \ + b='session-rdn-read'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13-cert-key-exchange.log: tls13-cert-key-exchange$(EXEEXT) + @p='tls13-cert-key-exchange$(EXEEXT)'; \ + b='tls13-cert-key-exchange'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509-cert-callback-ocsp.log: x509-cert-callback-ocsp$(EXEEXT) + @p='x509-cert-callback-ocsp$(EXEEXT)'; \ + b='x509-cert-callback-ocsp'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gnutls_ocsp_resp_list_import2.log: gnutls_ocsp_resp_list_import2$(EXEEXT) + @p='gnutls_ocsp_resp_list_import2$(EXEEXT)'; \ + b='gnutls_ocsp_resp_list_import2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +server-sign-md5-rep.log: server-sign-md5-rep$(EXEEXT) + @p='server-sign-md5-rep$(EXEEXT)'; \ + b='server-sign-md5-rep'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +privkey-keygen.log: privkey-keygen$(EXEEXT) + @p='privkey-keygen$(EXEEXT)'; \ + b='privkey-keygen'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-tls-nonblock.log: mini-tls-nonblock$(EXEEXT) + @p='mini-tls-nonblock$(EXEEXT)'; \ + b='mini-tls-nonblock'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +no-signal.log: no-signal$(EXEEXT) + @p='no-signal$(EXEEXT)'; \ + b='no-signal'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs7-gen.log: pkcs7-gen$(EXEEXT) + @p='pkcs7-gen$(EXEEXT)'; \ + b='pkcs7-gen'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-etm.log: dtls-etm$(EXEEXT) + @p='dtls-etm$(EXEEXT)'; \ + b='dtls-etm'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509sign-verify-rsa.log: x509sign-verify-rsa$(EXEEXT) + @p='x509sign-verify-rsa$(EXEEXT)'; \ + b='x509sign-verify-rsa'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509sign-verify-ecdsa.log: x509sign-verify-ecdsa$(EXEEXT) + @p='x509sign-verify-ecdsa$(EXEEXT)'; \ + b='x509sign-verify-ecdsa'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509sign-verify-gost.log: x509sign-verify-gost$(EXEEXT) + @p='x509sign-verify-gost$(EXEEXT)'; \ + b='x509sign-verify-gost'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +cipher-alignment.log: cipher-alignment$(EXEEXT) + @p='cipher-alignment$(EXEEXT)'; \ + b='cipher-alignment'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +oids.log: oids$(EXEEXT) + @p='oids$(EXEEXT)'; \ + b='oids'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +atfork.log: atfork$(EXEEXT) + @p='atfork$(EXEEXT)'; \ + b='atfork'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +prf.log: prf$(EXEEXT) + @p='prf$(EXEEXT)'; \ + b='prf'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +psk-file.log: psk-file$(EXEEXT) + @p='psk-file$(EXEEXT)'; \ + b='psk-file'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +priority-init2.log: priority-init2$(EXEEXT) + @p='priority-init2$(EXEEXT)'; \ + b='priority-init2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +post-client-hello-change-prio.log: post-client-hello-change-prio$(EXEEXT) + @p='post-client-hello-change-prio$(EXEEXT)'; \ + b='post-client-hello-change-prio'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +status-request.log: status-request$(EXEEXT) + @p='status-request$(EXEEXT)'; \ + b='status-request'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +status-request-ok.log: status-request-ok$(EXEEXT) + @p='status-request-ok$(EXEEXT)'; \ + b='status-request-ok'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rfc7633-missing.log: rfc7633-missing$(EXEEXT) + @p='rfc7633-missing$(EXEEXT)'; \ + b='rfc7633-missing'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sign-verify-ext.log: sign-verify-ext$(EXEEXT) + @p='sign-verify-ext$(EXEEXT)'; \ + b='sign-verify-ext'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +fallback-scsv.log: fallback-scsv$(EXEEXT) + @p='fallback-scsv$(EXEEXT)'; \ + b='fallback-scsv'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs8-key-decode.log: pkcs8-key-decode$(EXEEXT) + @p='pkcs8-key-decode$(EXEEXT)'; \ + b='pkcs8-key-decode'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +urls.log: urls$(EXEEXT) + @p='urls$(EXEEXT)'; \ + b='urls'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-rehandshake-cert.log: dtls-rehandshake-cert$(EXEEXT) + @p='dtls-rehandshake-cert$(EXEEXT)'; \ + b='dtls-rehandshake-cert'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rfc7633-ok.log: rfc7633-ok$(EXEEXT) + @p='rfc7633-ok$(EXEEXT)'; \ + b='rfc7633-ok'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +key-usage-rsa.log: key-usage-rsa$(EXEEXT) + @p='key-usage-rsa$(EXEEXT)'; \ + b='key-usage-rsa'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +key-usage-ecdhe-rsa.log: key-usage-ecdhe-rsa$(EXEEXT) + @p='key-usage-ecdhe-rsa$(EXEEXT)'; \ + b='key-usage-ecdhe-rsa'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-session-verify-function.log: mini-session-verify-function$(EXEEXT) + @p='mini-session-verify-function$(EXEEXT)'; \ + b='mini-session-verify-function'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +auto-verify.log: auto-verify$(EXEEXT) + @p='auto-verify$(EXEEXT)'; \ + b='auto-verify'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +record-timeouts.log: record-timeouts$(EXEEXT) + @p='record-timeouts$(EXEEXT)'; \ + b='record-timeouts'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-dtls-hello-verify-48.log: mini-dtls-hello-verify-48$(EXEEXT) + @p='mini-dtls-hello-verify-48$(EXEEXT)'; \ + b='mini-dtls-hello-verify-48'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set-default-prio.log: set-default-prio$(EXEEXT) + @p='set-default-prio$(EXEEXT)'; \ + b='set-default-prio'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-anon-upgrade.log: tls12-anon-upgrade$(EXEEXT) + @p='tls12-anon-upgrade$(EXEEXT)'; \ + b='tls12-anon-upgrade'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tlsext-decoding.log: tlsext-decoding$(EXEEXT) + @p='tlsext-decoding$(EXEEXT)'; \ + b='tlsext-decoding'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rsa-psk-cb.log: rsa-psk-cb$(EXEEXT) + @p='rsa-psk-cb$(EXEEXT)'; \ + b='rsa-psk-cb'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gnutls-ids.log: gnutls-ids$(EXEEXT) + @p='gnutls-ids$(EXEEXT)'; \ + b='gnutls-ids'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rehandshake-switch-cert.log: rehandshake-switch-cert$(EXEEXT) + @p='rehandshake-switch-cert$(EXEEXT)'; \ + b='rehandshake-switch-cert'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rehandshake-switch-cert-allow.log: rehandshake-switch-cert-allow$(EXEEXT) + @p='rehandshake-switch-cert-allow$(EXEEXT)'; \ + b='rehandshake-switch-cert-allow'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rehandshake-switch-cert-client.log: rehandshake-switch-cert-client$(EXEEXT) + @p='rehandshake-switch-cert-client$(EXEEXT)'; \ + b='rehandshake-switch-cert-client'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rehandshake-switch-cert-client-allow.log: rehandshake-switch-cert-client-allow$(EXEEXT) + @p='rehandshake-switch-cert-client-allow$(EXEEXT)'; \ + b='rehandshake-switch-cert-client-allow'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +handshake-versions.log: handshake-versions$(EXEEXT) + @p='handshake-versions$(EXEEXT)'; \ + b='handshake-versions'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-handshake-versions.log: dtls-handshake-versions$(EXEEXT) + @p='dtls-handshake-versions$(EXEEXT)'; \ + b='dtls-handshake-versions'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-max-record.log: dtls-max-record$(EXEEXT) + @p='dtls-max-record$(EXEEXT)'; \ + b='dtls-max-record'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-max-record.log: tls12-max-record$(EXEEXT) + @p='tls12-max-record$(EXEEXT)'; \ + b='tls12-max-record'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +alpn-server-prec.log: alpn-server-prec$(EXEEXT) + @p='alpn-server-prec$(EXEEXT)'; \ + b='alpn-server-prec'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ocsp-filename-memleak.log: ocsp-filename-memleak$(EXEEXT) + @p='ocsp-filename-memleak$(EXEEXT)'; \ + b='ocsp-filename-memleak'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dh-params.log: dh-params$(EXEEXT) + @p='dh-params$(EXEEXT)'; \ + b='dh-params'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rehandshake-ext-secret.log: rehandshake-ext-secret$(EXEEXT) + @p='rehandshake-ext-secret$(EXEEXT)'; \ + b='rehandshake-ext-secret'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pcert-list.log: pcert-list$(EXEEXT) + @p='pcert-list$(EXEEXT)'; \ + b='pcert-list'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +session-export-funcs.log: session-export-funcs$(EXEEXT) + @p='session-export-funcs$(EXEEXT)'; \ + b='session-export-funcs'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +handshake-false-start.log: handshake-false-start$(EXEEXT) + @p='handshake-false-start$(EXEEXT)'; \ + b='handshake-false-start'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +version-checks.log: version-checks$(EXEEXT) + @p='version-checks$(EXEEXT)'; \ + b='version-checks'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +key-material-dtls.log: key-material-dtls$(EXEEXT) + @p='key-material-dtls$(EXEEXT)'; \ + b='key-material-dtls'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +key-material-set-dtls.log: key-material-set-dtls$(EXEEXT) + @p='key-material-set-dtls$(EXEEXT)'; \ + b='key-material-set-dtls'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +name-constraints-merge.log: name-constraints-merge$(EXEEXT) + @p='name-constraints-merge$(EXEEXT)'; \ + b='name-constraints-merge'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +crl-basic.log: crl-basic$(EXEEXT) + @p='crl-basic$(EXEEXT)'; \ + b='crl-basic'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +crq-basic.log: crq-basic$(EXEEXT) + @p='crq-basic$(EXEEXT)'; \ + b='crq-basic'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +send-client-cert.log: send-client-cert$(EXEEXT) + @p='send-client-cert$(EXEEXT)'; \ + b='send-client-cert'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +custom-urls-override.log: custom-urls-override$(EXEEXT) + @p='custom-urls-override$(EXEEXT)'; \ + b='custom-urls-override'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +hex.log: hex$(EXEEXT) + @p='hex$(EXEEXT)'; \ + b='hex'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rehandshake-switch-psk-id.log: rehandshake-switch-psk-id$(EXEEXT) + @p='rehandshake-switch-psk-id$(EXEEXT)'; \ + b='rehandshake-switch-psk-id'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rehandshake-switch-srp-id.log: rehandshake-switch-srp-id$(EXEEXT) + @p='rehandshake-switch-srp-id$(EXEEXT)'; \ + b='rehandshake-switch-srp-id'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +base64.log: base64$(EXEEXT) + @p='base64$(EXEEXT)'; \ + b='base64'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +srpbase64.log: srpbase64$(EXEEXT) + @p='srpbase64$(EXEEXT)'; \ + b='srpbase64'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs1-digest-info.log: pkcs1-digest-info$(EXEEXT) + @p='pkcs1-digest-info$(EXEEXT)'; \ + b='pkcs1-digest-info'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_key.log: set_x509_key$(EXEEXT) + @p='set_x509_key$(EXEEXT)'; \ + b='set_x509_key'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_key_file_der.log: set_x509_key_file_der$(EXEEXT) + @p='set_x509_key_file_der$(EXEEXT)'; \ + b='set_x509_key_file_der'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_pkcs12_key.log: set_x509_pkcs12_key$(EXEEXT) + @p='set_x509_pkcs12_key$(EXEEXT)'; \ + b='set_x509_pkcs12_key'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +crt_apis.log: crt_apis$(EXEEXT) + @p='crt_apis$(EXEEXT)'; \ + b='crt_apis'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-cert-key-exchange.log: tls12-cert-key-exchange$(EXEEXT) + @p='tls12-cert-key-exchange$(EXEEXT)'; \ + b='tls12-cert-key-exchange'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls11-cert-key-exchange.log: tls11-cert-key-exchange$(EXEEXT) + @p='tls11-cert-key-exchange$(EXEEXT)'; \ + b='tls11-cert-key-exchange'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls10-cert-key-exchange.log: tls10-cert-key-exchange$(EXEEXT) + @p='tls10-cert-key-exchange$(EXEEXT)'; \ + b='tls10-cert-key-exchange'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ssl30-cert-key-exchange.log: ssl30-cert-key-exchange$(EXEEXT) + @p='ssl30-cert-key-exchange$(EXEEXT)'; \ + b='ssl30-cert-key-exchange'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls12-cert-key-exchange.log: dtls12-cert-key-exchange$(EXEEXT) + @p='dtls12-cert-key-exchange$(EXEEXT)'; \ + b='dtls12-cert-key-exchange'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls10-cert-key-exchange.log: dtls10-cert-key-exchange$(EXEEXT) + @p='dtls10-cert-key-exchange$(EXEEXT)'; \ + b='dtls10-cert-key-exchange'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509-cert-callback-legacy.log: x509-cert-callback-legacy$(EXEEXT) + @p='x509-cert-callback-legacy$(EXEEXT)'; \ + b='x509-cert-callback-legacy'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +keylog-env.log: keylog-env$(EXEEXT) + @p='keylog-env$(EXEEXT)'; \ + b='keylog-env'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ssl2-hello.log: ssl2-hello$(EXEEXT) + @p='ssl2-hello$(EXEEXT)'; \ + b='ssl2-hello'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tlsfeature-ext.log: tlsfeature-ext$(EXEEXT) + @p='tlsfeature-ext$(EXEEXT)'; \ + b='tlsfeature-ext'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-rehandshake-cert-2.log: dtls-rehandshake-cert-2$(EXEEXT) + @p='dtls-rehandshake-cert-2$(EXEEXT)'; \ + b='dtls-rehandshake-cert-2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-session-ticket-lost.log: dtls-session-ticket-lost$(EXEEXT) + @p='dtls-session-ticket-lost$(EXEEXT)'; \ + b='dtls-session-ticket-lost'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tlsfeature-crt.log: tlsfeature-crt$(EXEEXT) + @p='tlsfeature-crt$(EXEEXT)'; \ + b='tlsfeature-crt'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-rehandshake-cert-3.log: dtls-rehandshake-cert-3$(EXEEXT) + @p='dtls-rehandshake-cert-3$(EXEEXT)'; \ + b='dtls-rehandshake-cert-3'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +resume-with-false-start.log: resume-with-false-start$(EXEEXT) + @p='resume-with-false-start$(EXEEXT)'; \ + b='resume-with-false-start'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_key_file_ocsp.log: set_x509_key_file_ocsp$(EXEEXT) + @p='set_x509_key_file_ocsp$(EXEEXT)'; \ + b='set_x509_key_file_ocsp'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +client-fastopen.log: client-fastopen$(EXEEXT) + @p='client-fastopen$(EXEEXT)'; \ + b='client-fastopen'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rng-sigint.log: rng-sigint$(EXEEXT) + @p='rng-sigint$(EXEEXT)'; \ + b='rng-sigint'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +srp.log: srp$(EXEEXT) + @p='srp$(EXEEXT)'; \ + b='srp'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rng-pthread.log: rng-pthread$(EXEEXT) + @p='rng-pthread$(EXEEXT)'; \ + b='rng-pthread'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +safe-renegotiation/srn0.log: safe-renegotiation/srn0$(EXEEXT) + @p='safe-renegotiation/srn0$(EXEEXT)'; \ + b='safe-renegotiation/srn0'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +safe-renegotiation/srn1.log: safe-renegotiation/srn1$(EXEEXT) + @p='safe-renegotiation/srn1$(EXEEXT)'; \ + b='safe-renegotiation/srn1'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +safe-renegotiation/srn2.log: safe-renegotiation/srn2$(EXEEXT) + @p='safe-renegotiation/srn2$(EXEEXT)'; \ + b='safe-renegotiation/srn2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +safe-renegotiation/srn3.log: safe-renegotiation/srn3$(EXEEXT) + @p='safe-renegotiation/srn3$(EXEEXT)'; \ + b='safe-renegotiation/srn3'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +safe-renegotiation/srn4.log: safe-renegotiation/srn4$(EXEEXT) + @p='safe-renegotiation/srn4$(EXEEXT)'; \ + b='safe-renegotiation/srn4'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +safe-renegotiation/srn5.log: safe-renegotiation/srn5$(EXEEXT) + @p='safe-renegotiation/srn5$(EXEEXT)'; \ + b='safe-renegotiation/srn5'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rsa-illegal-import.log: rsa-illegal-import$(EXEEXT) + @p='rsa-illegal-import$(EXEEXT)'; \ + b='rsa-illegal-import'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_ocsp_multi_invalid.log: set_x509_ocsp_multi_invalid$(EXEEXT) + @p='set_x509_ocsp_multi_invalid$(EXEEXT)'; \ + b='set_x509_ocsp_multi_invalid'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_key.log: set_key$(EXEEXT) + @p='set_key$(EXEEXT)'; \ + b='set_key'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_key_file_ocsp_multi2.log: set_x509_key_file_ocsp_multi2$(EXEEXT) + @p='set_x509_key_file_ocsp_multi2$(EXEEXT)'; \ + b='set_x509_key_file_ocsp_multi2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_ocsp_multi_unknown.log: set_x509_ocsp_multi_unknown$(EXEEXT) + @p='set_x509_ocsp_multi_unknown$(EXEEXT)'; \ + b='set_x509_ocsp_multi_unknown'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_ocsp_multi_pem.log: set_x509_ocsp_multi_pem$(EXEEXT) + @p='set_x509_ocsp_multi_pem$(EXEEXT)'; \ + b='set_x509_ocsp_multi_pem'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-ext-not-in-dtls.log: tls-ext-not-in-dtls$(EXEEXT) + @p='tls-ext-not-in-dtls$(EXEEXT)'; \ + b='tls-ext-not-in-dtls'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_key_utf8.log: set_key_utf8$(EXEEXT) + @p='set_key_utf8$(EXEEXT)'; \ + b='set_key_utf8'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_key_utf8.log: set_x509_key_utf8$(EXEEXT) + @p='set_x509_key_utf8$(EXEEXT)'; \ + b='set_x509_key_utf8'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +insecure_key.log: insecure_key$(EXEEXT) + @p='insecure_key$(EXEEXT)'; \ + b='insecure_key'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +handshake-large-packet.log: handshake-large-packet$(EXEEXT) + @p='handshake-large-packet$(EXEEXT)'; \ + b='handshake-large-packet'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +client_dsa_key.log: client_dsa_key$(EXEEXT) + @p='client_dsa_key$(EXEEXT)'; \ + b='client_dsa_key'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +server_ecdsa_key.log: server_ecdsa_key$(EXEEXT) + @p='server_ecdsa_key$(EXEEXT)'; \ + b='server_ecdsa_key'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-session-ext-register.log: tls-session-ext-register$(EXEEXT) + @p='tls-session-ext-register$(EXEEXT)'; \ + b='tls-session-ext-register'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-session-supplemental.log: tls-session-supplemental$(EXEEXT) + @p='tls-session-supplemental$(EXEEXT)'; \ + b='tls-session-supplemental'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +multi-alerts.log: multi-alerts$(EXEEXT) + @p='multi-alerts$(EXEEXT)'; \ + b='multi-alerts'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +naked-alerts.log: naked-alerts$(EXEEXT) + @p='naked-alerts$(EXEEXT)'; \ + b='naked-alerts'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs7-cat-parse.log: pkcs7-cat-parse$(EXEEXT) + @p='pkcs7-cat-parse$(EXEEXT)'; \ + b='pkcs7-cat-parse'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_known_dh_params_x509.log: set_known_dh_params_x509$(EXEEXT) + @p='set_known_dh_params_x509$(EXEEXT)'; \ + b='set_known_dh_params_x509'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_known_dh_params_anon.log: set_known_dh_params_anon$(EXEEXT) + @p='set_known_dh_params_anon$(EXEEXT)'; \ + b='set_known_dh_params_anon'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_known_dh_params_psk.log: set_known_dh_params_psk$(EXEEXT) + @p='set_known_dh_params_psk$(EXEEXT)'; \ + b='set_known_dh_params_psk'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +session-tickets-ok.log: session-tickets-ok$(EXEEXT) + @p='session-tickets-ok$(EXEEXT)'; \ + b='session-tickets-ok'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +session-tickets-missing.log: session-tickets-missing$(EXEEXT) + @p='session-tickets-missing$(EXEEXT)'; \ + b='session-tickets-missing'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_key_file_legacy.log: set_x509_key_file_legacy$(EXEEXT) + @p='set_x509_key_file_legacy$(EXEEXT)'; \ + b='set_x509_key_file_legacy'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +status-request-ext.log: status-request-ext$(EXEEXT) + @p='status-request-ext$(EXEEXT)'; \ + b='status-request-ext'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gnutls_x509_crt_sign.log: gnutls_x509_crt_sign$(EXEEXT) + @p='gnutls_x509_crt_sign$(EXEEXT)'; \ + b='gnutls_x509_crt_sign'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gnutls_x509_crq_sign.log: gnutls_x509_crq_sign$(EXEEXT) + @p='gnutls_x509_crq_sign$(EXEEXT)'; \ + b='gnutls_x509_crq_sign'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-repro-20170915.log: dtls-repro-20170915$(EXEEXT) + @p='dtls-repro-20170915$(EXEEXT)'; \ + b='dtls-repro-20170915'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rng-no-onload.log: rng-no-onload$(EXEEXT) + @p='rng-no-onload$(EXEEXT)'; \ + b='rng-no-onload'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls1-2-mtu-check.log: dtls1-2-mtu-check$(EXEEXT) + @p='dtls1-2-mtu-check$(EXEEXT)'; \ + b='dtls1-2-mtu-check'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +crl_apis.log: crl_apis$(EXEEXT) + @p='crl_apis$(EXEEXT)'; \ + b='crl_apis'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +cert_verify_inv_utf8.log: cert_verify_inv_utf8$(EXEEXT) + @p='cert_verify_inv_utf8$(EXEEXT)'; \ + b='cert_verify_inv_utf8'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +no-extensions.log: no-extensions$(EXEEXT) + @p='no-extensions$(EXEEXT)'; \ + b='no-extensions'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +hostname-check-utf8.log: hostname-check-utf8$(EXEEXT) + @p='hostname-check-utf8$(EXEEXT)'; \ + b='hostname-check-utf8'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs8-key-decode-encrypted.log: pkcs8-key-decode-encrypted$(EXEEXT) + @p='pkcs8-key-decode-encrypted$(EXEEXT)'; \ + b='pkcs8-key-decode-encrypted'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +priority-mix.log: priority-mix$(EXEEXT) + @p='priority-mix$(EXEEXT)'; \ + b='priority-mix'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs7.log: pkcs7$(EXEEXT) + @p='pkcs7$(EXEEXT)'; \ + b='pkcs7'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +send-data-before-handshake.log: send-data-before-handshake$(EXEEXT) + @p='send-data-before-handshake$(EXEEXT)'; \ + b='send-data-before-handshake'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +recv-data-before-handshake.log: recv-data-before-handshake$(EXEEXT) + @p='recv-data-before-handshake$(EXEEXT)'; \ + b='recv-data-before-handshake'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +crt_inv_write.log: crt_inv_write$(EXEEXT) + @p='crt_inv_write$(EXEEXT)'; \ + b='crt_inv_write'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509sign-verify-error.log: x509sign-verify-error$(EXEEXT) + @p='x509sign-verify-error$(EXEEXT)'; \ + b='x509sign-verify-error'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rng-op-nonce.log: rng-op-nonce$(EXEEXT) + @p='rng-op-nonce$(EXEEXT)'; \ + b='rng-op-nonce'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rng-op-random.log: rng-op-random$(EXEEXT) + @p='rng-op-random$(EXEEXT)'; \ + b='rng-op-random'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rng-op-key.log: rng-op-key$(EXEEXT) + @p='rng-op-key$(EXEEXT)'; \ + b='rng-op-key'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509-dn-decode-compat.log: x509-dn-decode-compat$(EXEEXT) + @p='x509-dn-decode-compat$(EXEEXT)'; \ + b='x509-dn-decode-compat'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ip-check.log: ip-check$(EXEEXT) + @p='ip-check$(EXEEXT)'; \ + b='ip-check'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +mini-x509-ipaddr.log: mini-x509-ipaddr$(EXEEXT) + @p='mini-x509-ipaddr$(EXEEXT)'; \ + b='mini-x509-ipaddr'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +trust-store.log: trust-store$(EXEEXT) + @p='trust-store$(EXEEXT)'; \ + b='trust-store'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +base64-raw.log: base64-raw$(EXEEXT) + @p='base64-raw$(EXEEXT)'; \ + b='base64-raw'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +random-art.log: random-art$(EXEEXT) + @p='random-art$(EXEEXT)'; \ + b='random-art'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dhex509self.log: dhex509self$(EXEEXT) + @p='dhex509self$(EXEEXT)'; \ + b='dhex509self'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dss-sig-val.log: dss-sig-val$(EXEEXT) + @p='dss-sig-val$(EXEEXT)'; \ + b='dss-sig-val'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sign-pk-api.log: sign-pk-api$(EXEEXT) + @p='sign-pk-api$(EXEEXT)'; \ + b='sign-pk-api'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-session-ext-override.log: tls-session-ext-override$(EXEEXT) + @p='tls-session-ext-override$(EXEEXT)'; \ + b='tls-session-ext-override'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +record-pad.log: record-pad$(EXEEXT) + @p='record-pad$(EXEEXT)'; \ + b='record-pad'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13-server-kx-neg.log: tls13-server-kx-neg$(EXEEXT) + @p='tls13-server-kx-neg$(EXEEXT)'; \ + b='tls13-server-kx-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gnutls_ext_raw_parse_dtls.log: gnutls_ext_raw_parse_dtls$(EXEEXT) + @p='gnutls_ext_raw_parse_dtls$(EXEEXT)'; \ + b='gnutls_ext_raw_parse_dtls'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +key-export-pkcs8.log: key-export-pkcs8$(EXEEXT) + @p='key-export-pkcs8$(EXEEXT)'; \ + b='key-export-pkcs8'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +null_retrieve_function.log: null_retrieve_function$(EXEEXT) + @p='null_retrieve_function$(EXEEXT)'; \ + b='null_retrieve_function'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-record-size-limit.log: tls-record-size-limit$(EXEEXT) + @p='tls-record-size-limit$(EXEEXT)'; \ + b='tls-record-size-limit'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-crt_type-neg.log: tls-crt_type-neg$(EXEEXT) + @p='tls-crt_type-neg$(EXEEXT)'; \ + b='tls-crt_type-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +resume-with-stek-expiration.log: resume-with-stek-expiration$(EXEEXT) + @p='resume-with-stek-expiration$(EXEEXT)'; \ + b='resume-with-stek-expiration'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +resume-with-previous-stek.log: resume-with-previous-stek$(EXEEXT) + @p='resume-with-previous-stek$(EXEEXT)'; \ + b='resume-with-previous-stek'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rawpk-api.log: rawpk-api$(EXEEXT) + @p='rawpk-api$(EXEEXT)'; \ + b='rawpk-api'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-record-size-limit-asym.log: tls-record-size-limit-asym$(EXEEXT) + @p='tls-record-size-limit-asym$(EXEEXT)'; \ + b='tls-record-size-limit-asym'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dh-compute.log: dh-compute$(EXEEXT) + @p='dh-compute$(EXEEXT)'; \ + b='dh-compute'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ecdh-compute.log: ecdh-compute$(EXEEXT) + @p='ecdh-compute$(EXEEXT)'; \ + b='ecdh-compute'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sign-verify-data-newapi.log: sign-verify-data-newapi$(EXEEXT) + @p='sign-verify-data-newapi$(EXEEXT)'; \ + b='sign-verify-data-newapi'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sign-verify-newapi.log: sign-verify-newapi$(EXEEXT) + @p='sign-verify-newapi$(EXEEXT)'; \ + b='sign-verify-newapi'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sign-verify-deterministic.log: sign-verify-deterministic$(EXEEXT) + @p='sign-verify-deterministic$(EXEEXT)'; \ + b='sign-verify-deterministic'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +iov.log: iov$(EXEEXT) + @p='iov$(EXEEXT)'; \ + b='iov'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +aead-cipher-vec.log: aead-cipher-vec$(EXEEXT) + @p='aead-cipher-vec$(EXEEXT)'; \ + b='aead-cipher-vec'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13-without-timeout-func.log: tls13-without-timeout-func$(EXEEXT) + @p='tls13-without-timeout-func$(EXEEXT)'; \ + b='tls13-without-timeout-func'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +buffer.log: buffer$(EXEEXT) + @p='buffer$(EXEEXT)'; \ + b='buffer'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +status-request-revoked.log: status-request-revoked$(EXEEXT) + @p='status-request-revoked$(EXEEXT)'; \ + b='status-request-revoked'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +set_x509_ocsp_multi_cli.log: set_x509_ocsp_multi_cli$(EXEEXT) + @p='set_x509_ocsp_multi_cli$(EXEEXT)'; \ + b='set_x509_ocsp_multi_cli'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +kdf-api.log: kdf-api$(EXEEXT) + @p='kdf-api$(EXEEXT)'; \ + b='kdf-api'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +keylog-func.log: keylog-func$(EXEEXT) + @p='keylog-func$(EXEEXT)'; \ + b='keylog-func'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +handshake-write.log: handshake-write$(EXEEXT) + @p='handshake-write$(EXEEXT)'; \ + b='handshake-write'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509cert-dntypes.log: x509cert-dntypes$(EXEEXT) + @p='x509cert-dntypes$(EXEEXT)'; \ + b='x509cert-dntypes'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +id-on-xmppAddr.log: id-on-xmppAddr$(EXEEXT) + @p='id-on-xmppAddr$(EXEEXT)'; \ + b='id-on-xmppAddr'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13-compat-mode.log: tls13-compat-mode$(EXEEXT) + @p='tls13-compat-mode$(EXEEXT)'; \ + b='tls13-compat-mode'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ciphersuite-name.log: ciphersuite-name$(EXEEXT) + @p='ciphersuite-name$(EXEEXT)'; \ + b='ciphersuite-name'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509-upnconstraint.log: x509-upnconstraint$(EXEEXT) + @p='x509-upnconstraint$(EXEEXT)'; \ + b='x509-upnconstraint'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +cipher-padding.log: cipher-padding$(EXEEXT) + @p='cipher-padding$(EXEEXT)'; \ + b='cipher-padding'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs7-verify-double-free.log: pkcs7-verify-double-free$(EXEEXT) + @p='pkcs7-verify-double-free$(EXEEXT)'; \ + b='pkcs7-verify-double-free'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +fips-rsa-sizes.log: fips-rsa-sizes$(EXEEXT) + @p='fips-rsa-sizes$(EXEEXT)'; \ + b='fips-rsa-sizes'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-channel-binding.log: tls-channel-binding$(EXEEXT) + @p='tls-channel-binding$(EXEEXT)'; \ + b='tls-channel-binding'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-with-seccomp.log: dtls-with-seccomp$(EXEEXT) + @p='dtls-with-seccomp$(EXEEXT)'; \ + b='dtls-with-seccomp'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-with-seccomp.log: tls-with-seccomp$(EXEEXT) + @p='tls-with-seccomp$(EXEEXT)'; \ + b='tls-with-seccomp'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-client-with-seccomp.log: dtls-client-with-seccomp$(EXEEXT) + @p='dtls-client-with-seccomp$(EXEEXT)'; \ + b='dtls-client-with-seccomp'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls-client-with-seccomp.log: tls-client-with-seccomp$(EXEEXT) + @p='tls-client-with-seccomp$(EXEEXT)'; \ + b='tls-client-with-seccomp'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +strict-der.log: strict-der$(EXEEXT) + @p='strict-der$(EXEEXT)'; \ + b='strict-der'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +system-prio-file.log: system-prio-file$(EXEEXT) + @p='system-prio-file$(EXEEXT)'; \ + b='system-prio-file'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dtls-sliding-window.log: dtls-sliding-window$(EXEEXT) + @p='dtls-sliding-window$(EXEEXT)'; \ + b='dtls-sliding-window'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ip-utils.log: ip-utils$(EXEEXT) + @p='ip-utils$(EXEEXT)'; \ + b='ip-utils'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +name-constraints-ip.log: name-constraints-ip$(EXEEXT) + @p='name-constraints-ip$(EXEEXT)'; \ + b='name-constraints-ip'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +conv-utf8.log: conv-utf8$(EXEEXT) + @p='conv-utf8$(EXEEXT)'; \ + b='conv-utf8'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +str-unicode.log: str-unicode$(EXEEXT) + @p='str-unicode$(EXEEXT)'; \ + b='str-unicode'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +str-idna.log: str-idna$(EXEEXT) + @p='str-idna$(EXEEXT)'; \ + b='str-idna'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls10-prf.log: tls10-prf$(EXEEXT) + @p='tls10-prf$(EXEEXT)'; \ + b='tls10-prf'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-prf.log: tls12-prf$(EXEEXT) + @p='tls12-prf$(EXEEXT)'; \ + b='tls12-prf'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gnutls_record_overhead.log: gnutls_record_overhead$(EXEEXT) + @p='gnutls_record_overhead$(EXEEXT)'; \ + b='gnutls_record_overhead'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +eagain.log: eagain$(EXEEXT) + @p='eagain$(EXEEXT)'; \ + b='eagain'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-rehandshake-cert.log: tls12-rehandshake-cert$(EXEEXT) + @p='tls12-rehandshake-cert$(EXEEXT)'; \ + b='tls12-rehandshake-cert'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +eagain-auto-auth.log: eagain-auto-auth$(EXEEXT) + @p='eagain-auto-auth$(EXEEXT)'; \ + b='eagain-auto-auth'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-cert-import-url-exts.log: pkcs11-cert-import-url-exts$(EXEEXT) + @p='pkcs11-cert-import-url-exts$(EXEEXT)'; \ + b='pkcs11-cert-import-url-exts'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-get-exts.log: pkcs11-get-exts$(EXEEXT) + @p='pkcs11-get-exts$(EXEEXT)'; \ + b='pkcs11-get-exts'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-get-raw-issuer-exts.log: pkcs11-get-raw-issuer-exts$(EXEEXT) + @p='pkcs11-get-raw-issuer-exts$(EXEEXT)'; \ + b='pkcs11-get-raw-issuer-exts'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-cert-import-url4-exts.log: pkcs11-cert-import-url4-exts$(EXEEXT) + @p='pkcs11-cert-import-url4-exts$(EXEEXT)'; \ + b='pkcs11-cert-import-url4-exts'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-chainverify.log: pkcs11/pkcs11-chainverify$(EXEEXT) + @p='pkcs11/pkcs11-chainverify$(EXEEXT)'; \ + b='pkcs11/pkcs11-chainverify'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-get-issuer.log: pkcs11/pkcs11-get-issuer$(EXEEXT) + @p='pkcs11/pkcs11-get-issuer$(EXEEXT)'; \ + b='pkcs11/pkcs11-get-issuer'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-is-known.log: pkcs11/pkcs11-is-known$(EXEEXT) + @p='pkcs11/pkcs11-is-known$(EXEEXT)'; \ + b='pkcs11/pkcs11-is-known'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-combo.log: pkcs11/pkcs11-combo$(EXEEXT) + @p='pkcs11/pkcs11-combo$(EXEEXT)'; \ + b='pkcs11/pkcs11-combo'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-privkey.log: pkcs11/pkcs11-privkey$(EXEEXT) + @p='pkcs11/pkcs11-privkey$(EXEEXT)'; \ + b='pkcs11/pkcs11-privkey'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-pubkey-import-rsa.log: pkcs11/pkcs11-pubkey-import-rsa$(EXEEXT) + @p='pkcs11/pkcs11-pubkey-import-rsa$(EXEEXT)'; \ + b='pkcs11/pkcs11-pubkey-import-rsa'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-pubkey-import-ecdsa.log: pkcs11/pkcs11-pubkey-import-ecdsa$(EXEEXT) + @p='pkcs11/pkcs11-pubkey-import-ecdsa$(EXEEXT)'; \ + b='pkcs11/pkcs11-pubkey-import-ecdsa'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-import-url-privkey.log: pkcs11-import-url-privkey$(EXEEXT) + @p='pkcs11-import-url-privkey$(EXEEXT)'; \ + b='pkcs11-import-url-privkey'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-privkey-fork.log: pkcs11-privkey-fork$(EXEEXT) + @p='pkcs11-privkey-fork$(EXEEXT)'; \ + b='pkcs11-privkey-fork'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-ec-privkey-test.log: pkcs11/pkcs11-ec-privkey-test$(EXEEXT) + @p='pkcs11/pkcs11-ec-privkey-test$(EXEEXT)'; \ + b='pkcs11/pkcs11-ec-privkey-test'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-privkey-always-auth.log: pkcs11-privkey-always-auth$(EXEEXT) + @p='pkcs11-privkey-always-auth$(EXEEXT)'; \ + b='pkcs11-privkey-always-auth'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-privkey-export.log: pkcs11-privkey-export$(EXEEXT) + @p='pkcs11-privkey-export$(EXEEXT)'; \ + b='pkcs11-privkey-export'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-import-with-pin.log: pkcs11/pkcs11-import-with-pin$(EXEEXT) + @p='pkcs11/pkcs11-import-with-pin$(EXEEXT)'; \ + b='pkcs11/pkcs11-import-with-pin'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-privkey-pthread.log: pkcs11/pkcs11-privkey-pthread$(EXEEXT) + @p='pkcs11/pkcs11-privkey-pthread$(EXEEXT)'; \ + b='pkcs11/pkcs11-privkey-pthread'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-pin-func.log: pkcs11/pkcs11-pin-func$(EXEEXT) + @p='pkcs11/pkcs11-pin-func$(EXEEXT)'; \ + b='pkcs11/pkcs11-pin-func'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-obj-import.log: pkcs11/pkcs11-obj-import$(EXEEXT) + @p='pkcs11/pkcs11-obj-import$(EXEEXT)'; \ + b='pkcs11/pkcs11-obj-import'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-privkey-fork-reinit.log: pkcs11-privkey-fork-reinit$(EXEEXT) + @p='pkcs11-privkey-fork-reinit$(EXEEXT)'; \ + b='pkcs11-privkey-fork-reinit'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-mechanisms.log: pkcs11-mechanisms$(EXEEXT) + @p='pkcs11-mechanisms$(EXEEXT)'; \ + b='pkcs11-mechanisms'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-privkey-safenet-always-auth.log: pkcs11-privkey-safenet-always-auth$(EXEEXT) + @p='pkcs11-privkey-safenet-always-auth$(EXEEXT)'; \ + b='pkcs11-privkey-safenet-always-auth'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-rsa-pss-privkey-test.log: pkcs11/pkcs11-rsa-pss-privkey-test$(EXEEXT) + @p='pkcs11/pkcs11-rsa-pss-privkey-test$(EXEEXT)'; \ + b='pkcs11/pkcs11-rsa-pss-privkey-test'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/tls-neg-pkcs11-key.log: pkcs11/tls-neg-pkcs11-key$(EXEEXT) + @p='pkcs11/tls-neg-pkcs11-key$(EXEEXT)'; \ + b='pkcs11/tls-neg-pkcs11-key'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-privkey-generate.log: pkcs11/pkcs11-privkey-generate$(EXEEXT) + @p='pkcs11/pkcs11-privkey-generate$(EXEEXT)'; \ + b='pkcs11/pkcs11-privkey-generate'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/gnutls_x509_crt_list_import_url.log: pkcs11/gnutls_x509_crt_list_import_url$(EXEEXT) + @p='pkcs11/gnutls_x509_crt_list_import_url$(EXEEXT)'; \ + b='pkcs11/gnutls_x509_crt_list_import_url'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/gnutls_pcert_list_import_x509_file.log: pkcs11/gnutls_pcert_list_import_x509_file$(EXEEXT) + @p='pkcs11/gnutls_pcert_list_import_x509_file$(EXEEXT)'; \ + b='pkcs11/gnutls_pcert_list_import_x509_file'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/pkcs11-eddsa-privkey-test.log: pkcs11/pkcs11-eddsa-privkey-test$(EXEEXT) + @p='pkcs11/pkcs11-eddsa-privkey-test$(EXEEXT)'; \ + b='pkcs11/pkcs11-eddsa-privkey-test'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-token-raw.log: pkcs11-token-raw$(EXEEXT) + @p='pkcs11-token-raw$(EXEEXT)'; \ + b='pkcs11-token-raw'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-obj-raw.log: pkcs11-obj-raw$(EXEEXT) + @p='pkcs11-obj-raw$(EXEEXT)'; \ + b='pkcs11-obj-raw'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11-import-url-privkey-caps.log: pkcs11-import-url-privkey-caps$(EXEEXT) + @p='pkcs11-import-url-privkey-caps$(EXEEXT)'; \ + b='pkcs11-import-url-privkey-caps'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ocsp.log: ocsp$(EXEEXT) + @p='ocsp$(EXEEXT)'; \ + b='ocsp'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dane.log: dane$(EXEEXT) + @p='dane$(EXEEXT)'; \ + b='dane'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dane-strcodes.log: dane-strcodes$(EXEEXT) + @p='dane-strcodes$(EXEEXT)'; \ + b='dane-strcodes'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +openssl.log: openssl$(EXEEXT) + @p='openssl$(EXEEXT)'; \ + b='openssl'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509self.log: x509self$(EXEEXT) + @p='x509self$(EXEEXT)'; \ + b='x509self'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509dn.log: x509dn$(EXEEXT) + @p='x509dn$(EXEEXT)'; \ + b='x509dn'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +anonself.log: anonself$(EXEEXT) + @p='anonself$(EXEEXT)'; \ + b='anonself'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pskself.log: pskself$(EXEEXT) + @p='pskself$(EXEEXT)'; \ + b='pskself'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pskself2.log: pskself2$(EXEEXT) + @p='pskself2$(EXEEXT)'; \ + b='pskself2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dhepskself.log: dhepskself$(EXEEXT) + @p='dhepskself$(EXEEXT)'; \ + b='dhepskself'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +setcredcrash.log: setcredcrash$(EXEEXT) + @p='setcredcrash$(EXEEXT)'; \ + b='setcredcrash'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-resume-x509.log: tls12-resume-x509$(EXEEXT) + @p='tls12-resume-x509$(EXEEXT)'; \ + b='tls12-resume-x509'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-resume-psk.log: tls12-resume-psk$(EXEEXT) + @p='tls12-resume-psk$(EXEEXT)'; \ + b='tls12-resume-psk'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls12-resume-anon.log: tls12-resume-anon$(EXEEXT) + @p='tls12-resume-anon$(EXEEXT)'; \ + b='tls12-resume-anon'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13-resume-x509.log: tls13-resume-x509$(EXEEXT) + @p='tls13-resume-x509$(EXEEXT)'; \ + b='tls13-resume-x509'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13-resume-psk.log: tls13-resume-psk$(EXEEXT) + @p='tls13-resume-psk$(EXEEXT)'; \ + b='tls13-resume-psk'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13-early-data.log: tls13-early-data$(EXEEXT) + @p='tls13-early-data$(EXEEXT)'; \ + b='tls13-early-data'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13-early-data-neg.log: tls13-early-data-neg$(EXEEXT) + @p='tls13-early-data-neg$(EXEEXT)'; \ + b='tls13-early-data-neg'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13-early-data-neg2.log: tls13-early-data-neg2$(EXEEXT) + @p='tls13-early-data-neg2$(EXEEXT)'; \ + b='tls13-early-data-neg2'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +resume-with-record-size-limit.log: resume-with-record-size-limit$(EXEEXT) + @p='resume-with-record-size-limit$(EXEEXT)'; \ + b='resume-with-record-size-limit'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +record-sendfile.log: record-sendfile$(EXEEXT) + @p='record-sendfile$(EXEEXT)'; \ + b='record-sendfile'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tls13/post-handshake-with-cert-pkcs11.log: tls13/post-handshake-with-cert-pkcs11$(EXEEXT) + @p='tls13/post-handshake-with-cert-pkcs11$(EXEEXT)'; \ + b='tls13/post-handshake-with-cert-pkcs11'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs11/tls-neg-pkcs11-no-key.log: pkcs11/tls-neg-pkcs11-no-key$(EXEEXT) + @p='pkcs11/tls-neg-pkcs11-no-key$(EXEEXT)'; \ + b='pkcs11/tls-neg-pkcs11-no-key'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +global-init-override.log: global-init-override$(EXEEXT) + @p='global-init-override$(EXEEXT)'; \ + b='global-init-override'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +win32-certopenstore.log: win32-certopenstore$(EXEEXT) + @p='win32-certopenstore$(EXEEXT)'; \ + b='win32-certopenstore'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +.sh.log: + @p='$<'; \ + $(am__set_b); \ + $(am__check_pre) $(SH_LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_SH_LOG_DRIVER_FLAGS) $(SH_LOG_DRIVER_FLAGS) -- $(SH_LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +@am__EXEEXT_TRUE@.sh$(EXEEXT).log: +@am__EXEEXT_TRUE@ @p='$<'; \ +@am__EXEEXT_TRUE@ $(am__set_b); \ +@am__EXEEXT_TRUE@ $(am__check_pre) $(SH_LOG_DRIVER) --test-name "$$f" \ +@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ +@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_SH_LOG_DRIVER_FLAGS) $(SH_LOG_DRIVER_FLAGS) -- $(SH_LOG_COMPILE) \ +@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \ + $(dist_check_SCRIPTS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-recursive +all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) + -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) + -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f dtls/$(DEPDIR)/$(am__dirstamp) + -rm -f dtls/$(am__dirstamp) + -rm -f pkcs11/$(DEPDIR)/$(am__dirstamp) + -rm -f pkcs11/$(am__dirstamp) + -rm -f safe-renegotiation/$(DEPDIR)/$(am__dirstamp) + -rm -f safe-renegotiation/$(am__dirstamp) + -rm -f tls13/$(DEPDIR)/$(am__dirstamp) + -rm -f tls13/$(am__dirstamp) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ + clean-noinstLTLIBRARIES clean-noinstPROGRAMS mostlyclean-am + +distclean: distclean-recursive + -rm -f ./$(DEPDIR)/aead-cipher-vec.Po + -rm -f ./$(DEPDIR)/alerts.Po + -rm -f ./$(DEPDIR)/alpn-server-prec.Po + -rm -f ./$(DEPDIR)/anonself.Po + -rm -f ./$(DEPDIR)/atfork-atfork.Po + -rm -f ./$(DEPDIR)/auto-verify.Po + -rm -f ./$(DEPDIR)/base64-raw.Po + -rm -f ./$(DEPDIR)/base64.Po + -rm -f ./$(DEPDIR)/buffer-buffer.Po + -rm -f ./$(DEPDIR)/cert-status.Po + -rm -f ./$(DEPDIR)/cert.Po + -rm -f ./$(DEPDIR)/cert_verify_inv_utf8.Po + -rm -f ./$(DEPDIR)/certificate_set_x509_crl.Po + -rm -f ./$(DEPDIR)/certuniqueid.Po + -rm -f ./$(DEPDIR)/chainverify-unsorted.Po + -rm -f ./$(DEPDIR)/chainverify.Po + -rm -f ./$(DEPDIR)/cipher-padding.Po + -rm -f ./$(DEPDIR)/cipher_alignment-cipher-alignment.Po + -rm -f ./$(DEPDIR)/ciphersuite-name.Po + -rm -f ./$(DEPDIR)/client-fastopen.Po + -rm -f ./$(DEPDIR)/client-sign-md5-rep.Po + -rm -f ./$(DEPDIR)/client_dsa_key.Po + -rm -f ./$(DEPDIR)/common-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/conv-utf8.Po + -rm -f ./$(DEPDIR)/crl-basic.Po + -rm -f ./$(DEPDIR)/crl_apis.Po + -rm -f ./$(DEPDIR)/crlverify.Po + -rm -f ./$(DEPDIR)/crq-basic.Po + -rm -f ./$(DEPDIR)/crq_apis.Po + -rm -f ./$(DEPDIR)/crq_key_id.Po + -rm -f ./$(DEPDIR)/crt_apis.Po + -rm -f ./$(DEPDIR)/crt_inv_write.Po + -rm -f ./$(DEPDIR)/custom-urls-override.Po + -rm -f ./$(DEPDIR)/custom-urls.Po + -rm -f ./$(DEPDIR)/cve-2008-4989.Po + -rm -f ./$(DEPDIR)/cve-2009-1415.Po + -rm -f ./$(DEPDIR)/cve-2009-1416.Po + -rm -f ./$(DEPDIR)/dane-strcodes.Po + -rm -f ./$(DEPDIR)/dane.Po + -rm -f ./$(DEPDIR)/datefudge-check.Po + -rm -f ./$(DEPDIR)/dh-compute.Po + -rm -f ./$(DEPDIR)/dh-params.Po + -rm -f ./$(DEPDIR)/dhepskself.Po + -rm -f ./$(DEPDIR)/dhex509self.Po + -rm -f ./$(DEPDIR)/dn.Po + -rm -f ./$(DEPDIR)/dn2.Po + -rm -f ./$(DEPDIR)/dss-sig-val.Po + -rm -f ./$(DEPDIR)/dtls-client-with-seccomp.Po + -rm -f ./$(DEPDIR)/dtls-etm.Po + -rm -f ./$(DEPDIR)/dtls-handshake-versions.Po + -rm -f ./$(DEPDIR)/dtls-max-record.Po + -rm -f ./$(DEPDIR)/dtls-pthread.Po + -rm -f ./$(DEPDIR)/dtls-rehandshake-anon.Po + -rm -f ./$(DEPDIR)/dtls-rehandshake-cert-2.Po + -rm -f ./$(DEPDIR)/dtls-rehandshake-cert-3.Po + -rm -f ./$(DEPDIR)/dtls-rehandshake-cert.Po + -rm -f ./$(DEPDIR)/dtls-repro-20170915.Po + -rm -f ./$(DEPDIR)/dtls-session-ticket-lost.Po + -rm -f ./$(DEPDIR)/dtls-sliding-window.Po + -rm -f ./$(DEPDIR)/dtls-with-seccomp.Po + -rm -f ./$(DEPDIR)/dtls1-2-mtu-check.Po + -rm -f ./$(DEPDIR)/dtls10-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/dtls12-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/duplicate-extensions.Po + -rm -f ./$(DEPDIR)/eagain-auto-auth.Po + -rm -f ./$(DEPDIR)/eagain.Po + -rm -f ./$(DEPDIR)/ecdh-compute.Po + -rm -f ./$(DEPDIR)/empty_retrieve_function.Po + -rm -f ./$(DEPDIR)/fallback-scsv.Po + -rm -f ./$(DEPDIR)/fips-mode-pthread.Po + -rm -f ./$(DEPDIR)/fips-override-test.Po + -rm -f ./$(DEPDIR)/fips-rsa-sizes.Po + -rm -f ./$(DEPDIR)/fips-test.Po + -rm -f ./$(DEPDIR)/global-init-override.Po + -rm -f ./$(DEPDIR)/global-init.Po + -rm -f ./$(DEPDIR)/gnutls-ids.Po + -rm -f ./$(DEPDIR)/gnutls-strcodes.Po + -rm -f ./$(DEPDIR)/gnutls_ext_raw_parse.Po + -rm -f ./$(DEPDIR)/gnutls_ext_raw_parse_dtls.Po + -rm -f ./$(DEPDIR)/gnutls_hmac_fast.Po + -rm -f ./$(DEPDIR)/gnutls_ktls.Po + -rm -f ./$(DEPDIR)/gnutls_ocsp_resp_list_import2.Po + -rm -f ./$(DEPDIR)/gnutls_record_overhead-gnutls_record_overhead.Po + -rm -f ./$(DEPDIR)/gnutls_session_set_id.Po + -rm -f ./$(DEPDIR)/gnutls_x509_crq_sign.Po + -rm -f ./$(DEPDIR)/gnutls_x509_crt_list_import.Po + -rm -f ./$(DEPDIR)/gnutls_x509_crt_sign.Po + -rm -f ./$(DEPDIR)/gnutls_x509_privkey_import.Po + -rm -f ./$(DEPDIR)/handshake-false-start.Po + -rm -f ./$(DEPDIR)/handshake-large-cert.Po + -rm -f ./$(DEPDIR)/handshake-large-packet.Po + -rm -f ./$(DEPDIR)/handshake-timeout.Po + -rm -f ./$(DEPDIR)/handshake-versions.Po + -rm -f ./$(DEPDIR)/handshake-write.Po + -rm -f ./$(DEPDIR)/hex.Po + -rm -f ./$(DEPDIR)/hostname-check-utf8.Po + -rm -f ./$(DEPDIR)/hostname-check.Po + -rm -f ./$(DEPDIR)/id-on-xmppAddr.Po + -rm -f ./$(DEPDIR)/infoaccess.Po + -rm -f ./$(DEPDIR)/init_roundtrip.Po + -rm -f ./$(DEPDIR)/insecure_key.Po + -rm -f ./$(DEPDIR)/iov-iov.Po + -rm -f ./$(DEPDIR)/ip-check.Po + -rm -f ./$(DEPDIR)/ip_utils-ip-utils.Po + -rm -f ./$(DEPDIR)/kdf-api.Po + -rm -f ./$(DEPDIR)/key-export-pkcs8.Po + -rm -f ./$(DEPDIR)/key-import-export.Po + -rm -f ./$(DEPDIR)/key-material-dtls.Po + -rm -f ./$(DEPDIR)/key-material-set-dtls.Po + -rm -f ./$(DEPDIR)/key-openssl.Po + -rm -f ./$(DEPDIR)/key-usage-ecdhe-rsa.Po + -rm -f ./$(DEPDIR)/key-usage-rsa.Po + -rm -f ./$(DEPDIR)/keylog-env.Po + -rm -f ./$(DEPDIR)/keylog-func.Po + -rm -f ./$(DEPDIR)/long-session-id.Po + -rm -f ./$(DEPDIR)/mini-alpn.Po + -rm -f ./$(DEPDIR)/mini-chain-unsorted.Po + -rm -f ./$(DEPDIR)/mini-dtls-discard.Po + -rm -f ./$(DEPDIR)/mini-dtls-fork.Po + -rm -f ./$(DEPDIR)/mini-dtls-heartbeat.Po + -rm -f ./$(DEPDIR)/mini-dtls-hello-verify-48.Po + -rm -f ./$(DEPDIR)/mini-dtls-hello-verify.Po + -rm -f ./$(DEPDIR)/mini-dtls-large.Po + -rm -f ./$(DEPDIR)/mini-dtls-lowmtu.Po + -rm -f ./$(DEPDIR)/mini-dtls-mtu.Po + -rm -f ./$(DEPDIR)/mini-dtls-record-asym.Po + -rm -f ./$(DEPDIR)/mini-dtls-record.Po + -rm -f ./$(DEPDIR)/mini-dtls-srtp.Po + -rm -f ./$(DEPDIR)/mini-dtls0-9.Po + -rm -f ./$(DEPDIR)/mini-eagain-dtls.Po + -rm -f ./$(DEPDIR)/mini-emsgsize-dtls.Po + -rm -f ./$(DEPDIR)/mini-global-load.Po + -rm -f ./$(DEPDIR)/mini-key-material.Po + -rm -f ./$(DEPDIR)/mini-loss-time.Po + -rm -f ./$(DEPDIR)/mini-overhead.Po + -rm -f ./$(DEPDIR)/mini-record-2.Po + -rm -f ./$(DEPDIR)/mini-record-failure.Po + -rm -f ./$(DEPDIR)/mini-record-range.Po + -rm -f ./$(DEPDIR)/mini-record.Po + -rm -f ./$(DEPDIR)/mini-server-name.Po + -rm -f ./$(DEPDIR)/mini-session-verify-function.Po + -rm -f ./$(DEPDIR)/mini-termination.Po + -rm -f ./$(DEPDIR)/mini-tls-nonblock.Po + -rm -f ./$(DEPDIR)/mini-x509-2.Po + -rm -f ./$(DEPDIR)/mini-x509-callbacks-intr.Po + -rm -f ./$(DEPDIR)/mini-x509-callbacks.Po + -rm -f ./$(DEPDIR)/mini-x509-cas.Po + -rm -f ./$(DEPDIR)/mini-x509-ipaddr.Po + -rm -f ./$(DEPDIR)/mini-x509.Po + -rm -f ./$(DEPDIR)/missingissuer.Po + -rm -f ./$(DEPDIR)/missingissuer_aia.Po + -rm -f ./$(DEPDIR)/mpi-mpi.Po + -rm -f ./$(DEPDIR)/multi-alerts.Po + -rm -f ./$(DEPDIR)/naked-alerts.Po + -rm -f ./$(DEPDIR)/name-constraints-ip.Po + -rm -f ./$(DEPDIR)/name-constraints.Po + -rm -f ./$(DEPDIR)/name_constraints_merge-name-constraints-merge.Po + -rm -f ./$(DEPDIR)/no-extensions.Po + -rm -f ./$(DEPDIR)/no-signal.Po + -rm -f ./$(DEPDIR)/nul-in-x509-names.Po + -rm -f ./$(DEPDIR)/null_retrieve_function.Po + -rm -f ./$(DEPDIR)/ocsp-filename-memleak.Po + -rm -f ./$(DEPDIR)/ocsp.Po + -rm -f ./$(DEPDIR)/oids.Po + -rm -f ./$(DEPDIR)/openconnect-dtls12.Po + -rm -f ./$(DEPDIR)/openssl.Po + -rm -f ./$(DEPDIR)/parse_ca.Po + -rm -f ./$(DEPDIR)/pcert-list.Po + -rm -f ./$(DEPDIR)/pkcs1-digest-info.Po + -rm -f ./$(DEPDIR)/pkcs12_encode.Po + -rm -f ./$(DEPDIR)/pkcs12_s2k-pkcs12_s2k.Po + -rm -f ./$(DEPDIR)/pkcs12_s2k_pem.Po + -rm -f ./$(DEPDIR)/pkcs12_simple.Po + -rm -f ./$(DEPDIR)/pkcs7-cat-parse.Po + -rm -f ./$(DEPDIR)/pkcs7-gen.Po + -rm -f ./$(DEPDIR)/pkcs7-verify-double-free.Po + -rm -f ./$(DEPDIR)/pkcs7.Po + -rm -f ./$(DEPDIR)/pkcs8-key-decode-encrypted.Po + -rm -f ./$(DEPDIR)/pkcs8-key-decode.Po + -rm -f ./$(DEPDIR)/post-client-hello-change-prio.Po + -rm -f ./$(DEPDIR)/prf.Po + -rm -f ./$(DEPDIR)/priorities-groups.Po + -rm -f ./$(DEPDIR)/priorities.Po + -rm -f ./$(DEPDIR)/priority-init2.Po + -rm -f ./$(DEPDIR)/priority-mix.Po + -rm -f ./$(DEPDIR)/priority-set.Po + -rm -f ./$(DEPDIR)/priority-set2.Po + -rm -f ./$(DEPDIR)/privkey-keygen.Po + -rm -f ./$(DEPDIR)/privkey-verify-broken.Po + -rm -f ./$(DEPDIR)/protocol-set-allowlist.Po + -rm -f ./$(DEPDIR)/psk-file.Po + -rm -f ./$(DEPDIR)/pskself.Po + -rm -f ./$(DEPDIR)/pskself2.Po + -rm -f ./$(DEPDIR)/pubkey-import-export.Po + -rm -f ./$(DEPDIR)/random-art.Po + -rm -f ./$(DEPDIR)/rawpk-api.Po + -rm -f ./$(DEPDIR)/record-pad.Po + -rm -f ./$(DEPDIR)/record-retvals.Po + -rm -f ./$(DEPDIR)/record-sendfile.Po + -rm -f ./$(DEPDIR)/record-sizes-range.Po + -rm -f ./$(DEPDIR)/record-sizes.Po + -rm -f ./$(DEPDIR)/record-timeouts.Po + -rm -f ./$(DEPDIR)/recv-data-before-handshake.Po + -rm -f ./$(DEPDIR)/rehandshake-ext-secret.Po + -rm -f ./$(DEPDIR)/rehandshake-switch-cert-allow.Po + -rm -f ./$(DEPDIR)/rehandshake-switch-cert-client-allow.Po + -rm -f ./$(DEPDIR)/rehandshake-switch-cert-client.Po + -rm -f ./$(DEPDIR)/rehandshake-switch-cert.Po + -rm -f ./$(DEPDIR)/rehandshake-switch-psk-id.Po + -rm -f ./$(DEPDIR)/rehandshake-switch-srp-id.Po + -rm -f ./$(DEPDIR)/resume-dtls.Po + -rm -f ./$(DEPDIR)/resume-lifetime.Po + -rm -f ./$(DEPDIR)/resume-with-false-start.Po + -rm -f ./$(DEPDIR)/resume-with-previous-stek.Po + -rm -f ./$(DEPDIR)/resume-with-record-size-limit.Po + -rm -f ./$(DEPDIR)/resume-with-stek-expiration.Po + -rm -f ./$(DEPDIR)/rfc7633-missing.Po + -rm -f ./$(DEPDIR)/rfc7633-ok.Po + -rm -f ./$(DEPDIR)/rng-fork.Po + -rm -f ./$(DEPDIR)/rng-no-onload.Po + -rm -f ./$(DEPDIR)/rng-op-key.Po + -rm -f ./$(DEPDIR)/rng-op-nonce.Po + -rm -f ./$(DEPDIR)/rng-op-random.Po + -rm -f ./$(DEPDIR)/rng-pthread.Po + -rm -f ./$(DEPDIR)/rng-sigint.Po + -rm -f ./$(DEPDIR)/rsa-encrypt-decrypt.Po + -rm -f ./$(DEPDIR)/rsa-psk-cb.Po + -rm -f ./$(DEPDIR)/rsa-psk.Po + -rm -f ./$(DEPDIR)/rsa-rsa-pss.Po + -rm -f ./$(DEPDIR)/rsa_illegal_import-rsa-illegal-import.Po + -rm -f ./$(DEPDIR)/sanity_cpp-sanity-cpp.Po + -rm -f ./$(DEPDIR)/sec-params.Po + -rm -f ./$(DEPDIR)/seccomp.Plo + -rm -f ./$(DEPDIR)/send-client-cert.Po + -rm -f ./$(DEPDIR)/send-data-before-handshake.Po + -rm -f ./$(DEPDIR)/server-sign-md5-rep.Po + -rm -f ./$(DEPDIR)/server_ecdsa_key.Po + -rm -f ./$(DEPDIR)/session-export-funcs.Po + -rm -f ./$(DEPDIR)/session-rdn-read.Po + -rm -f ./$(DEPDIR)/session-tickets-missing.Po + -rm -f ./$(DEPDIR)/session-tickets-ok.Po + -rm -f ./$(DEPDIR)/set-default-prio.Po + -rm -f ./$(DEPDIR)/set_key.Po + -rm -f ./$(DEPDIR)/set_key_utf8.Po + -rm -f ./$(DEPDIR)/set_known_dh_params_anon.Po + -rm -f ./$(DEPDIR)/set_known_dh_params_psk.Po + -rm -f ./$(DEPDIR)/set_known_dh_params_x509.Po + -rm -f ./$(DEPDIR)/set_pkcs12_cred.Po + -rm -f ./$(DEPDIR)/set_x509_key.Po + -rm -f ./$(DEPDIR)/set_x509_key_file-late.Po + -rm -f ./$(DEPDIR)/set_x509_key_file.Po + -rm -f ./$(DEPDIR)/set_x509_key_file_der.Po + -rm -f ./$(DEPDIR)/set_x509_key_file_legacy.Po + -rm -f ./$(DEPDIR)/set_x509_key_file_ocsp.Po + -rm -f ./$(DEPDIR)/set_x509_key_file_ocsp_multi2.Po + -rm -f ./$(DEPDIR)/set_x509_key_mem.Po + -rm -f ./$(DEPDIR)/set_x509_key_utf8.Po + -rm -f ./$(DEPDIR)/set_x509_ocsp_multi_cli.Po + -rm -f ./$(DEPDIR)/set_x509_ocsp_multi_invalid.Po + -rm -f ./$(DEPDIR)/set_x509_ocsp_multi_pem.Po + -rm -f ./$(DEPDIR)/set_x509_ocsp_multi_unknown.Po + -rm -f ./$(DEPDIR)/set_x509_pkcs12_key.Po + -rm -f ./$(DEPDIR)/setcredcrash.Po + -rm -f ./$(DEPDIR)/sign-is-secure.Po + -rm -f ./$(DEPDIR)/sign-pk-api.Po + -rm -f ./$(DEPDIR)/sign-verify-data-newapi.Po + -rm -f ./$(DEPDIR)/sign-verify-data.Po + -rm -f ./$(DEPDIR)/sign-verify-deterministic.Po + -rm -f ./$(DEPDIR)/sign-verify-ed25519-rfc8080.Po + -rm -f ./$(DEPDIR)/sign-verify-ext.Po + -rm -f ./$(DEPDIR)/sign-verify-ext4.Po + -rm -f ./$(DEPDIR)/sign-verify-newapi.Po + -rm -f ./$(DEPDIR)/sign-verify.Po + -rm -f ./$(DEPDIR)/simple.Po + -rm -f ./$(DEPDIR)/spki-abstract.Po + -rm -f ./$(DEPDIR)/spki.Po + -rm -f ./$(DEPDIR)/srp.Po + -rm -f ./$(DEPDIR)/srpbase64.Po + -rm -f ./$(DEPDIR)/ssl2-hello.Po + -rm -f ./$(DEPDIR)/ssl30-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/ssl30-cipher-neg.Po + -rm -f ./$(DEPDIR)/ssl30-server-kx-neg.Po + -rm -f ./$(DEPDIR)/status-request-ext.Po + -rm -f ./$(DEPDIR)/status-request-ok.Po + -rm -f ./$(DEPDIR)/status-request-revoked.Po + -rm -f ./$(DEPDIR)/status-request.Po + -rm -f ./$(DEPDIR)/str-idna.Po + -rm -f ./$(DEPDIR)/str-unicode.Po + -rm -f ./$(DEPDIR)/strict-der.Po + -rm -f ./$(DEPDIR)/system-override-curves-allowlist.Po + -rm -f ./$(DEPDIR)/system-override-hash.Po + -rm -f ./$(DEPDIR)/system-override-sig-tls.Po + -rm -f ./$(DEPDIR)/system-override-sig.Po + -rm -f ./$(DEPDIR)/system-prio-file.Po + -rm -f ./$(DEPDIR)/time.Po + -rm -f ./$(DEPDIR)/tls-channel-binding.Po + -rm -f ./$(DEPDIR)/tls-client-with-seccomp.Po + -rm -f ./$(DEPDIR)/tls-crt_type-neg.Po + -rm -f ./$(DEPDIR)/tls-etm.Po + -rm -f ./$(DEPDIR)/tls-ext-not-in-dtls.Po + -rm -f ./$(DEPDIR)/tls-ext-register.Po + -rm -f ./$(DEPDIR)/tls-force-etm.Po + -rm -f ./$(DEPDIR)/tls-neg-ext-key.Po + -rm -f ./$(DEPDIR)/tls-neg-ext4-key.Po + -rm -f ./$(DEPDIR)/tls-pthread.Po + -rm -f ./$(DEPDIR)/tls-record-size-limit-asym.Po + -rm -f ./$(DEPDIR)/tls-record-size-limit.Po + -rm -f ./$(DEPDIR)/tls-session-ext-override.Po + -rm -f ./$(DEPDIR)/tls-session-ext-register.Po + -rm -f ./$(DEPDIR)/tls-session-supplemental.Po + -rm -f ./$(DEPDIR)/tls-supplemental.Po + -rm -f ./$(DEPDIR)/tls-with-seccomp.Po + -rm -f ./$(DEPDIR)/tls10-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/tls10-cipher-neg.Po + -rm -f ./$(DEPDIR)/tls10-prf.Po + -rm -f ./$(DEPDIR)/tls10-server-kx-neg.Po + -rm -f ./$(DEPDIR)/tls11-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/tls11-cipher-neg.Po + -rm -f ./$(DEPDIR)/tls11-server-kx-neg.Po + -rm -f ./$(DEPDIR)/tls12-anon-upgrade.Po + -rm -f ./$(DEPDIR)/tls12-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/tls12-cipher-neg.Po + -rm -f ./$(DEPDIR)/tls12-ffdhe.Po + -rm -f ./$(DEPDIR)/tls12-invalid-key-exchanges.Po + -rm -f ./$(DEPDIR)/tls12-max-record.Po + -rm -f ./$(DEPDIR)/tls12-prf.Po + -rm -f ./$(DEPDIR)/tls12-rehandshake-cert-2.Po + -rm -f ./$(DEPDIR)/tls12-rehandshake-cert-3.Po + -rm -f ./$(DEPDIR)/tls12-rehandshake-cert-auto.Po + -rm -f ./$(DEPDIR)/tls12-rehandshake-cert.Po + -rm -f ./$(DEPDIR)/tls12-rehandshake-set-prio.Po + -rm -f ./$(DEPDIR)/tls12-server-kx-neg.Po + -rm -f ./$(DEPDIR)/tls12_resume_anon-resume.Po + -rm -f ./$(DEPDIR)/tls12_resume_psk-resume.Po + -rm -f ./$(DEPDIR)/tls12_resume_x509-resume.Po + -rm -f ./$(DEPDIR)/tls13-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/tls13-cipher-neg.Po + -rm -f ./$(DEPDIR)/tls13-compat-mode.Po + -rm -f ./$(DEPDIR)/tls13-early-data-neg.Po + -rm -f ./$(DEPDIR)/tls13-early-data-neg2.Po + -rm -f ./$(DEPDIR)/tls13-early-data.Po + -rm -f ./$(DEPDIR)/tls13-early-start.Po + -rm -f ./$(DEPDIR)/tls13-rehandshake-cert.Po + -rm -f ./$(DEPDIR)/tls13-server-kx-neg.Po + -rm -f ./$(DEPDIR)/tls13-without-timeout-func.Po + -rm -f ./$(DEPDIR)/tls13_resume_psk-resume.Po + -rm -f ./$(DEPDIR)/tls13_resume_x509-resume.Po + -rm -f ./$(DEPDIR)/tlsext-decoding.Po + -rm -f ./$(DEPDIR)/tlsfeature-crt.Po + -rm -f ./$(DEPDIR)/tlsfeature-ext.Po + -rm -f ./$(DEPDIR)/trust-store.Po + -rm -f ./$(DEPDIR)/trustdb-tofu.Po + -rm -f ./$(DEPDIR)/urls.Po + -rm -f ./$(DEPDIR)/utils-adv.Plo + -rm -f ./$(DEPDIR)/utils.Plo + -rm -f ./$(DEPDIR)/version-checks.Po + -rm -f ./$(DEPDIR)/win-certopenstore.Po + -rm -f ./$(DEPDIR)/x509-cert-callback-legacy.Po + -rm -f ./$(DEPDIR)/x509-cert-callback-ocsp.Po + -rm -f ./$(DEPDIR)/x509-cert-callback.Po + -rm -f ./$(DEPDIR)/x509-dn-decode-compat.Po + -rm -f ./$(DEPDIR)/x509-dn-decode.Po + -rm -f ./$(DEPDIR)/x509-dn.Po + -rm -f ./$(DEPDIR)/x509-extensions.Po + -rm -f ./$(DEPDIR)/x509-server-verify.Po + -rm -f ./$(DEPDIR)/x509-upnconstraint.Po + -rm -f ./$(DEPDIR)/x509-verify-with-crl.Po + -rm -f ./$(DEPDIR)/x509_altname.Po + -rm -f ./$(DEPDIR)/x509cert-ct.Po + -rm -f ./$(DEPDIR)/x509cert-dntypes.Po + -rm -f ./$(DEPDIR)/x509cert-invalid.Po + -rm -f ./$(DEPDIR)/x509cert-tl.Po + -rm -f ./$(DEPDIR)/x509cert.Po + -rm -f ./$(DEPDIR)/x509dn.Po + -rm -f ./$(DEPDIR)/x509self.Po + -rm -f ./$(DEPDIR)/x509sign-verify-ecdsa.Po + -rm -f ./$(DEPDIR)/x509sign-verify-error.Po + -rm -f ./$(DEPDIR)/x509sign-verify-gost.Po + -rm -f ./$(DEPDIR)/x509sign-verify-rsa.Po + -rm -f ./$(DEPDIR)/x509sign-verify.Po + -rm -f dtls/$(DEPDIR)/dtls-stress.Po + -rm -f pkcs11/$(DEPDIR)/gnutls_pcert_list_import_x509_file.Po + -rm -f pkcs11/$(DEPDIR)/gnutls_x509_crt_list_import_url.Po + -rm -f pkcs11/$(DEPDIR)/import_url_privkey_caps-pkcs11-import-url-privkey.Po + -rm -f pkcs11/$(DEPDIR)/list-objects.Po + -rm -f pkcs11/$(DEPDIR)/list-tokens.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-cert-import-url-exts.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-cert-import-url4-exts.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-chainverify.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-combo.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-ec-privkey-test.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-eddsa-privkey-test.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-get-exts.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-get-issuer.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-get-raw-issuer-exts.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-import-url-privkey.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-import-with-pin.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-is-known.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-mechanisms.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-mock.Plo + -rm -f pkcs11/$(DEPDIR)/pkcs11-mock2.Plo + -rm -f pkcs11/$(DEPDIR)/pkcs11-obj-import.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-obj-raw.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-pin-func.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-always-auth.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-export.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-fork-reinit.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-fork.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-generate.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-pthread.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-safenet-always-auth.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-pubkey-import-ecdsa.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-pubkey-import-rsa.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-rsa-pss-privkey-test.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-token-raw.Po + -rm -f pkcs11/$(DEPDIR)/tls-neg-pkcs11-key.Po + -rm -f pkcs11/$(DEPDIR)/tls-neg-pkcs11-no-key.Po + -rm -f safe-renegotiation/$(DEPDIR)/srn0.Po + -rm -f safe-renegotiation/$(DEPDIR)/srn1.Po + -rm -f safe-renegotiation/$(DEPDIR)/srn2.Po + -rm -f safe-renegotiation/$(DEPDIR)/srn3.Po + -rm -f safe-renegotiation/$(DEPDIR)/srn4.Po + -rm -f safe-renegotiation/$(DEPDIR)/srn5.Po + -rm -f tls13/$(DEPDIR)/anti_replay-anti_replay.Po + -rm -f tls13/$(DEPDIR)/change_cipher_spec.Po + -rm -f tls13/$(DEPDIR)/compress-cert-cli.Po + -rm -f tls13/$(DEPDIR)/compress-cert-neg.Po + -rm -f tls13/$(DEPDIR)/compress-cert-neg2.Po + -rm -f tls13/$(DEPDIR)/compress-cert.Po + -rm -f tls13/$(DEPDIR)/cookie.Po + -rm -f tls13/$(DEPDIR)/hello_retry_request.Po + -rm -f tls13/$(DEPDIR)/hello_retry_request_resume.Po + -rm -f tls13/$(DEPDIR)/key_limits.Po + -rm -f tls13/$(DEPDIR)/key_share.Po + -rm -f tls13/$(DEPDIR)/key_update.Po + -rm -f tls13/$(DEPDIR)/key_update_multiple.Po + -rm -f tls13/$(DEPDIR)/multi-ocsp.Po + -rm -f tls13/$(DEPDIR)/no-auto-send-ticket.Po + -rm -f tls13/$(DEPDIR)/no-psk-exts.Po + -rm -f tls13/$(DEPDIR)/ocsp-client.Po + -rm -f tls13/$(DEPDIR)/post-handshake-with-cert-auto.Po + -rm -f tls13/$(DEPDIR)/post-handshake-with-cert-pkcs11.Po + -rm -f tls13/$(DEPDIR)/post-handshake-with-cert-ticket.Po + -rm -f tls13/$(DEPDIR)/post-handshake-with-cert.Po + -rm -f tls13/$(DEPDIR)/post-handshake-with-psk.Po + -rm -f tls13/$(DEPDIR)/post-handshake-without-cert.Po + -rm -f tls13/$(DEPDIR)/prf-early.Po + -rm -f tls13/$(DEPDIR)/prf.Po + -rm -f tls13/$(DEPDIR)/psk-dumbfw.Po + -rm -f tls13/$(DEPDIR)/psk-ext.Po + -rm -f tls13/$(DEPDIR)/psk-ke-modes.Po + -rm -f tls13/$(DEPDIR)/supported_versions.Po + -rm -f tls13/$(DEPDIR)/tls11_check_rollback_val-rnd-check-rollback-val.Po + -rm -f tls13/$(DEPDIR)/tls11_rollback_detection-rnd-rollback-detection.Po + -rm -f tls13/$(DEPDIR)/tls12-no-tls13-exts.Po + -rm -f tls13/$(DEPDIR)/tls12_check_rollback_val-rnd-check-rollback-val.Po + -rm -f tls13/$(DEPDIR)/tls12_rollback_detection-rnd-rollback-detection.Po + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-local distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f ./$(DEPDIR)/aead-cipher-vec.Po + -rm -f ./$(DEPDIR)/alerts.Po + -rm -f ./$(DEPDIR)/alpn-server-prec.Po + -rm -f ./$(DEPDIR)/anonself.Po + -rm -f ./$(DEPDIR)/atfork-atfork.Po + -rm -f ./$(DEPDIR)/auto-verify.Po + -rm -f ./$(DEPDIR)/base64-raw.Po + -rm -f ./$(DEPDIR)/base64.Po + -rm -f ./$(DEPDIR)/buffer-buffer.Po + -rm -f ./$(DEPDIR)/cert-status.Po + -rm -f ./$(DEPDIR)/cert.Po + -rm -f ./$(DEPDIR)/cert_verify_inv_utf8.Po + -rm -f ./$(DEPDIR)/certificate_set_x509_crl.Po + -rm -f ./$(DEPDIR)/certuniqueid.Po + -rm -f ./$(DEPDIR)/chainverify-unsorted.Po + -rm -f ./$(DEPDIR)/chainverify.Po + -rm -f ./$(DEPDIR)/cipher-padding.Po + -rm -f ./$(DEPDIR)/cipher_alignment-cipher-alignment.Po + -rm -f ./$(DEPDIR)/ciphersuite-name.Po + -rm -f ./$(DEPDIR)/client-fastopen.Po + -rm -f ./$(DEPDIR)/client-sign-md5-rep.Po + -rm -f ./$(DEPDIR)/client_dsa_key.Po + -rm -f ./$(DEPDIR)/common-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/conv-utf8.Po + -rm -f ./$(DEPDIR)/crl-basic.Po + -rm -f ./$(DEPDIR)/crl_apis.Po + -rm -f ./$(DEPDIR)/crlverify.Po + -rm -f ./$(DEPDIR)/crq-basic.Po + -rm -f ./$(DEPDIR)/crq_apis.Po + -rm -f ./$(DEPDIR)/crq_key_id.Po + -rm -f ./$(DEPDIR)/crt_apis.Po + -rm -f ./$(DEPDIR)/crt_inv_write.Po + -rm -f ./$(DEPDIR)/custom-urls-override.Po + -rm -f ./$(DEPDIR)/custom-urls.Po + -rm -f ./$(DEPDIR)/cve-2008-4989.Po + -rm -f ./$(DEPDIR)/cve-2009-1415.Po + -rm -f ./$(DEPDIR)/cve-2009-1416.Po + -rm -f ./$(DEPDIR)/dane-strcodes.Po + -rm -f ./$(DEPDIR)/dane.Po + -rm -f ./$(DEPDIR)/datefudge-check.Po + -rm -f ./$(DEPDIR)/dh-compute.Po + -rm -f ./$(DEPDIR)/dh-params.Po + -rm -f ./$(DEPDIR)/dhepskself.Po + -rm -f ./$(DEPDIR)/dhex509self.Po + -rm -f ./$(DEPDIR)/dn.Po + -rm -f ./$(DEPDIR)/dn2.Po + -rm -f ./$(DEPDIR)/dss-sig-val.Po + -rm -f ./$(DEPDIR)/dtls-client-with-seccomp.Po + -rm -f ./$(DEPDIR)/dtls-etm.Po + -rm -f ./$(DEPDIR)/dtls-handshake-versions.Po + -rm -f ./$(DEPDIR)/dtls-max-record.Po + -rm -f ./$(DEPDIR)/dtls-pthread.Po + -rm -f ./$(DEPDIR)/dtls-rehandshake-anon.Po + -rm -f ./$(DEPDIR)/dtls-rehandshake-cert-2.Po + -rm -f ./$(DEPDIR)/dtls-rehandshake-cert-3.Po + -rm -f ./$(DEPDIR)/dtls-rehandshake-cert.Po + -rm -f ./$(DEPDIR)/dtls-repro-20170915.Po + -rm -f ./$(DEPDIR)/dtls-session-ticket-lost.Po + -rm -f ./$(DEPDIR)/dtls-sliding-window.Po + -rm -f ./$(DEPDIR)/dtls-with-seccomp.Po + -rm -f ./$(DEPDIR)/dtls1-2-mtu-check.Po + -rm -f ./$(DEPDIR)/dtls10-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/dtls12-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/duplicate-extensions.Po + -rm -f ./$(DEPDIR)/eagain-auto-auth.Po + -rm -f ./$(DEPDIR)/eagain.Po + -rm -f ./$(DEPDIR)/ecdh-compute.Po + -rm -f ./$(DEPDIR)/empty_retrieve_function.Po + -rm -f ./$(DEPDIR)/fallback-scsv.Po + -rm -f ./$(DEPDIR)/fips-mode-pthread.Po + -rm -f ./$(DEPDIR)/fips-override-test.Po + -rm -f ./$(DEPDIR)/fips-rsa-sizes.Po + -rm -f ./$(DEPDIR)/fips-test.Po + -rm -f ./$(DEPDIR)/global-init-override.Po + -rm -f ./$(DEPDIR)/global-init.Po + -rm -f ./$(DEPDIR)/gnutls-ids.Po + -rm -f ./$(DEPDIR)/gnutls-strcodes.Po + -rm -f ./$(DEPDIR)/gnutls_ext_raw_parse.Po + -rm -f ./$(DEPDIR)/gnutls_ext_raw_parse_dtls.Po + -rm -f ./$(DEPDIR)/gnutls_hmac_fast.Po + -rm -f ./$(DEPDIR)/gnutls_ktls.Po + -rm -f ./$(DEPDIR)/gnutls_ocsp_resp_list_import2.Po + -rm -f ./$(DEPDIR)/gnutls_record_overhead-gnutls_record_overhead.Po + -rm -f ./$(DEPDIR)/gnutls_session_set_id.Po + -rm -f ./$(DEPDIR)/gnutls_x509_crq_sign.Po + -rm -f ./$(DEPDIR)/gnutls_x509_crt_list_import.Po + -rm -f ./$(DEPDIR)/gnutls_x509_crt_sign.Po + -rm -f ./$(DEPDIR)/gnutls_x509_privkey_import.Po + -rm -f ./$(DEPDIR)/handshake-false-start.Po + -rm -f ./$(DEPDIR)/handshake-large-cert.Po + -rm -f ./$(DEPDIR)/handshake-large-packet.Po + -rm -f ./$(DEPDIR)/handshake-timeout.Po + -rm -f ./$(DEPDIR)/handshake-versions.Po + -rm -f ./$(DEPDIR)/handshake-write.Po + -rm -f ./$(DEPDIR)/hex.Po + -rm -f ./$(DEPDIR)/hostname-check-utf8.Po + -rm -f ./$(DEPDIR)/hostname-check.Po + -rm -f ./$(DEPDIR)/id-on-xmppAddr.Po + -rm -f ./$(DEPDIR)/infoaccess.Po + -rm -f ./$(DEPDIR)/init_roundtrip.Po + -rm -f ./$(DEPDIR)/insecure_key.Po + -rm -f ./$(DEPDIR)/iov-iov.Po + -rm -f ./$(DEPDIR)/ip-check.Po + -rm -f ./$(DEPDIR)/ip_utils-ip-utils.Po + -rm -f ./$(DEPDIR)/kdf-api.Po + -rm -f ./$(DEPDIR)/key-export-pkcs8.Po + -rm -f ./$(DEPDIR)/key-import-export.Po + -rm -f ./$(DEPDIR)/key-material-dtls.Po + -rm -f ./$(DEPDIR)/key-material-set-dtls.Po + -rm -f ./$(DEPDIR)/key-openssl.Po + -rm -f ./$(DEPDIR)/key-usage-ecdhe-rsa.Po + -rm -f ./$(DEPDIR)/key-usage-rsa.Po + -rm -f ./$(DEPDIR)/keylog-env.Po + -rm -f ./$(DEPDIR)/keylog-func.Po + -rm -f ./$(DEPDIR)/long-session-id.Po + -rm -f ./$(DEPDIR)/mini-alpn.Po + -rm -f ./$(DEPDIR)/mini-chain-unsorted.Po + -rm -f ./$(DEPDIR)/mini-dtls-discard.Po + -rm -f ./$(DEPDIR)/mini-dtls-fork.Po + -rm -f ./$(DEPDIR)/mini-dtls-heartbeat.Po + -rm -f ./$(DEPDIR)/mini-dtls-hello-verify-48.Po + -rm -f ./$(DEPDIR)/mini-dtls-hello-verify.Po + -rm -f ./$(DEPDIR)/mini-dtls-large.Po + -rm -f ./$(DEPDIR)/mini-dtls-lowmtu.Po + -rm -f ./$(DEPDIR)/mini-dtls-mtu.Po + -rm -f ./$(DEPDIR)/mini-dtls-record-asym.Po + -rm -f ./$(DEPDIR)/mini-dtls-record.Po + -rm -f ./$(DEPDIR)/mini-dtls-srtp.Po + -rm -f ./$(DEPDIR)/mini-dtls0-9.Po + -rm -f ./$(DEPDIR)/mini-eagain-dtls.Po + -rm -f ./$(DEPDIR)/mini-emsgsize-dtls.Po + -rm -f ./$(DEPDIR)/mini-global-load.Po + -rm -f ./$(DEPDIR)/mini-key-material.Po + -rm -f ./$(DEPDIR)/mini-loss-time.Po + -rm -f ./$(DEPDIR)/mini-overhead.Po + -rm -f ./$(DEPDIR)/mini-record-2.Po + -rm -f ./$(DEPDIR)/mini-record-failure.Po + -rm -f ./$(DEPDIR)/mini-record-range.Po + -rm -f ./$(DEPDIR)/mini-record.Po + -rm -f ./$(DEPDIR)/mini-server-name.Po + -rm -f ./$(DEPDIR)/mini-session-verify-function.Po + -rm -f ./$(DEPDIR)/mini-termination.Po + -rm -f ./$(DEPDIR)/mini-tls-nonblock.Po + -rm -f ./$(DEPDIR)/mini-x509-2.Po + -rm -f ./$(DEPDIR)/mini-x509-callbacks-intr.Po + -rm -f ./$(DEPDIR)/mini-x509-callbacks.Po + -rm -f ./$(DEPDIR)/mini-x509-cas.Po + -rm -f ./$(DEPDIR)/mini-x509-ipaddr.Po + -rm -f ./$(DEPDIR)/mini-x509.Po + -rm -f ./$(DEPDIR)/missingissuer.Po + -rm -f ./$(DEPDIR)/missingissuer_aia.Po + -rm -f ./$(DEPDIR)/mpi-mpi.Po + -rm -f ./$(DEPDIR)/multi-alerts.Po + -rm -f ./$(DEPDIR)/naked-alerts.Po + -rm -f ./$(DEPDIR)/name-constraints-ip.Po + -rm -f ./$(DEPDIR)/name-constraints.Po + -rm -f ./$(DEPDIR)/name_constraints_merge-name-constraints-merge.Po + -rm -f ./$(DEPDIR)/no-extensions.Po + -rm -f ./$(DEPDIR)/no-signal.Po + -rm -f ./$(DEPDIR)/nul-in-x509-names.Po + -rm -f ./$(DEPDIR)/null_retrieve_function.Po + -rm -f ./$(DEPDIR)/ocsp-filename-memleak.Po + -rm -f ./$(DEPDIR)/ocsp.Po + -rm -f ./$(DEPDIR)/oids.Po + -rm -f ./$(DEPDIR)/openconnect-dtls12.Po + -rm -f ./$(DEPDIR)/openssl.Po + -rm -f ./$(DEPDIR)/parse_ca.Po + -rm -f ./$(DEPDIR)/pcert-list.Po + -rm -f ./$(DEPDIR)/pkcs1-digest-info.Po + -rm -f ./$(DEPDIR)/pkcs12_encode.Po + -rm -f ./$(DEPDIR)/pkcs12_s2k-pkcs12_s2k.Po + -rm -f ./$(DEPDIR)/pkcs12_s2k_pem.Po + -rm -f ./$(DEPDIR)/pkcs12_simple.Po + -rm -f ./$(DEPDIR)/pkcs7-cat-parse.Po + -rm -f ./$(DEPDIR)/pkcs7-gen.Po + -rm -f ./$(DEPDIR)/pkcs7-verify-double-free.Po + -rm -f ./$(DEPDIR)/pkcs7.Po + -rm -f ./$(DEPDIR)/pkcs8-key-decode-encrypted.Po + -rm -f ./$(DEPDIR)/pkcs8-key-decode.Po + -rm -f ./$(DEPDIR)/post-client-hello-change-prio.Po + -rm -f ./$(DEPDIR)/prf.Po + -rm -f ./$(DEPDIR)/priorities-groups.Po + -rm -f ./$(DEPDIR)/priorities.Po + -rm -f ./$(DEPDIR)/priority-init2.Po + -rm -f ./$(DEPDIR)/priority-mix.Po + -rm -f ./$(DEPDIR)/priority-set.Po + -rm -f ./$(DEPDIR)/priority-set2.Po + -rm -f ./$(DEPDIR)/privkey-keygen.Po + -rm -f ./$(DEPDIR)/privkey-verify-broken.Po + -rm -f ./$(DEPDIR)/protocol-set-allowlist.Po + -rm -f ./$(DEPDIR)/psk-file.Po + -rm -f ./$(DEPDIR)/pskself.Po + -rm -f ./$(DEPDIR)/pskself2.Po + -rm -f ./$(DEPDIR)/pubkey-import-export.Po + -rm -f ./$(DEPDIR)/random-art.Po + -rm -f ./$(DEPDIR)/rawpk-api.Po + -rm -f ./$(DEPDIR)/record-pad.Po + -rm -f ./$(DEPDIR)/record-retvals.Po + -rm -f ./$(DEPDIR)/record-sendfile.Po + -rm -f ./$(DEPDIR)/record-sizes-range.Po + -rm -f ./$(DEPDIR)/record-sizes.Po + -rm -f ./$(DEPDIR)/record-timeouts.Po + -rm -f ./$(DEPDIR)/recv-data-before-handshake.Po + -rm -f ./$(DEPDIR)/rehandshake-ext-secret.Po + -rm -f ./$(DEPDIR)/rehandshake-switch-cert-allow.Po + -rm -f ./$(DEPDIR)/rehandshake-switch-cert-client-allow.Po + -rm -f ./$(DEPDIR)/rehandshake-switch-cert-client.Po + -rm -f ./$(DEPDIR)/rehandshake-switch-cert.Po + -rm -f ./$(DEPDIR)/rehandshake-switch-psk-id.Po + -rm -f ./$(DEPDIR)/rehandshake-switch-srp-id.Po + -rm -f ./$(DEPDIR)/resume-dtls.Po + -rm -f ./$(DEPDIR)/resume-lifetime.Po + -rm -f ./$(DEPDIR)/resume-with-false-start.Po + -rm -f ./$(DEPDIR)/resume-with-previous-stek.Po + -rm -f ./$(DEPDIR)/resume-with-record-size-limit.Po + -rm -f ./$(DEPDIR)/resume-with-stek-expiration.Po + -rm -f ./$(DEPDIR)/rfc7633-missing.Po + -rm -f ./$(DEPDIR)/rfc7633-ok.Po + -rm -f ./$(DEPDIR)/rng-fork.Po + -rm -f ./$(DEPDIR)/rng-no-onload.Po + -rm -f ./$(DEPDIR)/rng-op-key.Po + -rm -f ./$(DEPDIR)/rng-op-nonce.Po + -rm -f ./$(DEPDIR)/rng-op-random.Po + -rm -f ./$(DEPDIR)/rng-pthread.Po + -rm -f ./$(DEPDIR)/rng-sigint.Po + -rm -f ./$(DEPDIR)/rsa-encrypt-decrypt.Po + -rm -f ./$(DEPDIR)/rsa-psk-cb.Po + -rm -f ./$(DEPDIR)/rsa-psk.Po + -rm -f ./$(DEPDIR)/rsa-rsa-pss.Po + -rm -f ./$(DEPDIR)/rsa_illegal_import-rsa-illegal-import.Po + -rm -f ./$(DEPDIR)/sanity_cpp-sanity-cpp.Po + -rm -f ./$(DEPDIR)/sec-params.Po + -rm -f ./$(DEPDIR)/seccomp.Plo + -rm -f ./$(DEPDIR)/send-client-cert.Po + -rm -f ./$(DEPDIR)/send-data-before-handshake.Po + -rm -f ./$(DEPDIR)/server-sign-md5-rep.Po + -rm -f ./$(DEPDIR)/server_ecdsa_key.Po + -rm -f ./$(DEPDIR)/session-export-funcs.Po + -rm -f ./$(DEPDIR)/session-rdn-read.Po + -rm -f ./$(DEPDIR)/session-tickets-missing.Po + -rm -f ./$(DEPDIR)/session-tickets-ok.Po + -rm -f ./$(DEPDIR)/set-default-prio.Po + -rm -f ./$(DEPDIR)/set_key.Po + -rm -f ./$(DEPDIR)/set_key_utf8.Po + -rm -f ./$(DEPDIR)/set_known_dh_params_anon.Po + -rm -f ./$(DEPDIR)/set_known_dh_params_psk.Po + -rm -f ./$(DEPDIR)/set_known_dh_params_x509.Po + -rm -f ./$(DEPDIR)/set_pkcs12_cred.Po + -rm -f ./$(DEPDIR)/set_x509_key.Po + -rm -f ./$(DEPDIR)/set_x509_key_file-late.Po + -rm -f ./$(DEPDIR)/set_x509_key_file.Po + -rm -f ./$(DEPDIR)/set_x509_key_file_der.Po + -rm -f ./$(DEPDIR)/set_x509_key_file_legacy.Po + -rm -f ./$(DEPDIR)/set_x509_key_file_ocsp.Po + -rm -f ./$(DEPDIR)/set_x509_key_file_ocsp_multi2.Po + -rm -f ./$(DEPDIR)/set_x509_key_mem.Po + -rm -f ./$(DEPDIR)/set_x509_key_utf8.Po + -rm -f ./$(DEPDIR)/set_x509_ocsp_multi_cli.Po + -rm -f ./$(DEPDIR)/set_x509_ocsp_multi_invalid.Po + -rm -f ./$(DEPDIR)/set_x509_ocsp_multi_pem.Po + -rm -f ./$(DEPDIR)/set_x509_ocsp_multi_unknown.Po + -rm -f ./$(DEPDIR)/set_x509_pkcs12_key.Po + -rm -f ./$(DEPDIR)/setcredcrash.Po + -rm -f ./$(DEPDIR)/sign-is-secure.Po + -rm -f ./$(DEPDIR)/sign-pk-api.Po + -rm -f ./$(DEPDIR)/sign-verify-data-newapi.Po + -rm -f ./$(DEPDIR)/sign-verify-data.Po + -rm -f ./$(DEPDIR)/sign-verify-deterministic.Po + -rm -f ./$(DEPDIR)/sign-verify-ed25519-rfc8080.Po + -rm -f ./$(DEPDIR)/sign-verify-ext.Po + -rm -f ./$(DEPDIR)/sign-verify-ext4.Po + -rm -f ./$(DEPDIR)/sign-verify-newapi.Po + -rm -f ./$(DEPDIR)/sign-verify.Po + -rm -f ./$(DEPDIR)/simple.Po + -rm -f ./$(DEPDIR)/spki-abstract.Po + -rm -f ./$(DEPDIR)/spki.Po + -rm -f ./$(DEPDIR)/srp.Po + -rm -f ./$(DEPDIR)/srpbase64.Po + -rm -f ./$(DEPDIR)/ssl2-hello.Po + -rm -f ./$(DEPDIR)/ssl30-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/ssl30-cipher-neg.Po + -rm -f ./$(DEPDIR)/ssl30-server-kx-neg.Po + -rm -f ./$(DEPDIR)/status-request-ext.Po + -rm -f ./$(DEPDIR)/status-request-ok.Po + -rm -f ./$(DEPDIR)/status-request-revoked.Po + -rm -f ./$(DEPDIR)/status-request.Po + -rm -f ./$(DEPDIR)/str-idna.Po + -rm -f ./$(DEPDIR)/str-unicode.Po + -rm -f ./$(DEPDIR)/strict-der.Po + -rm -f ./$(DEPDIR)/system-override-curves-allowlist.Po + -rm -f ./$(DEPDIR)/system-override-hash.Po + -rm -f ./$(DEPDIR)/system-override-sig-tls.Po + -rm -f ./$(DEPDIR)/system-override-sig.Po + -rm -f ./$(DEPDIR)/system-prio-file.Po + -rm -f ./$(DEPDIR)/time.Po + -rm -f ./$(DEPDIR)/tls-channel-binding.Po + -rm -f ./$(DEPDIR)/tls-client-with-seccomp.Po + -rm -f ./$(DEPDIR)/tls-crt_type-neg.Po + -rm -f ./$(DEPDIR)/tls-etm.Po + -rm -f ./$(DEPDIR)/tls-ext-not-in-dtls.Po + -rm -f ./$(DEPDIR)/tls-ext-register.Po + -rm -f ./$(DEPDIR)/tls-force-etm.Po + -rm -f ./$(DEPDIR)/tls-neg-ext-key.Po + -rm -f ./$(DEPDIR)/tls-neg-ext4-key.Po + -rm -f ./$(DEPDIR)/tls-pthread.Po + -rm -f ./$(DEPDIR)/tls-record-size-limit-asym.Po + -rm -f ./$(DEPDIR)/tls-record-size-limit.Po + -rm -f ./$(DEPDIR)/tls-session-ext-override.Po + -rm -f ./$(DEPDIR)/tls-session-ext-register.Po + -rm -f ./$(DEPDIR)/tls-session-supplemental.Po + -rm -f ./$(DEPDIR)/tls-supplemental.Po + -rm -f ./$(DEPDIR)/tls-with-seccomp.Po + -rm -f ./$(DEPDIR)/tls10-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/tls10-cipher-neg.Po + -rm -f ./$(DEPDIR)/tls10-prf.Po + -rm -f ./$(DEPDIR)/tls10-server-kx-neg.Po + -rm -f ./$(DEPDIR)/tls11-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/tls11-cipher-neg.Po + -rm -f ./$(DEPDIR)/tls11-server-kx-neg.Po + -rm -f ./$(DEPDIR)/tls12-anon-upgrade.Po + -rm -f ./$(DEPDIR)/tls12-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/tls12-cipher-neg.Po + -rm -f ./$(DEPDIR)/tls12-ffdhe.Po + -rm -f ./$(DEPDIR)/tls12-invalid-key-exchanges.Po + -rm -f ./$(DEPDIR)/tls12-max-record.Po + -rm -f ./$(DEPDIR)/tls12-prf.Po + -rm -f ./$(DEPDIR)/tls12-rehandshake-cert-2.Po + -rm -f ./$(DEPDIR)/tls12-rehandshake-cert-3.Po + -rm -f ./$(DEPDIR)/tls12-rehandshake-cert-auto.Po + -rm -f ./$(DEPDIR)/tls12-rehandshake-cert.Po + -rm -f ./$(DEPDIR)/tls12-rehandshake-set-prio.Po + -rm -f ./$(DEPDIR)/tls12-server-kx-neg.Po + -rm -f ./$(DEPDIR)/tls12_resume_anon-resume.Po + -rm -f ./$(DEPDIR)/tls12_resume_psk-resume.Po + -rm -f ./$(DEPDIR)/tls12_resume_x509-resume.Po + -rm -f ./$(DEPDIR)/tls13-cert-key-exchange.Po + -rm -f ./$(DEPDIR)/tls13-cipher-neg.Po + -rm -f ./$(DEPDIR)/tls13-compat-mode.Po + -rm -f ./$(DEPDIR)/tls13-early-data-neg.Po + -rm -f ./$(DEPDIR)/tls13-early-data-neg2.Po + -rm -f ./$(DEPDIR)/tls13-early-data.Po + -rm -f ./$(DEPDIR)/tls13-early-start.Po + -rm -f ./$(DEPDIR)/tls13-rehandshake-cert.Po + -rm -f ./$(DEPDIR)/tls13-server-kx-neg.Po + -rm -f ./$(DEPDIR)/tls13-without-timeout-func.Po + -rm -f ./$(DEPDIR)/tls13_resume_psk-resume.Po + -rm -f ./$(DEPDIR)/tls13_resume_x509-resume.Po + -rm -f ./$(DEPDIR)/tlsext-decoding.Po + -rm -f ./$(DEPDIR)/tlsfeature-crt.Po + -rm -f ./$(DEPDIR)/tlsfeature-ext.Po + -rm -f ./$(DEPDIR)/trust-store.Po + -rm -f ./$(DEPDIR)/trustdb-tofu.Po + -rm -f ./$(DEPDIR)/urls.Po + -rm -f ./$(DEPDIR)/utils-adv.Plo + -rm -f ./$(DEPDIR)/utils.Plo + -rm -f ./$(DEPDIR)/version-checks.Po + -rm -f ./$(DEPDIR)/win-certopenstore.Po + -rm -f ./$(DEPDIR)/x509-cert-callback-legacy.Po + -rm -f ./$(DEPDIR)/x509-cert-callback-ocsp.Po + -rm -f ./$(DEPDIR)/x509-cert-callback.Po + -rm -f ./$(DEPDIR)/x509-dn-decode-compat.Po + -rm -f ./$(DEPDIR)/x509-dn-decode.Po + -rm -f ./$(DEPDIR)/x509-dn.Po + -rm -f ./$(DEPDIR)/x509-extensions.Po + -rm -f ./$(DEPDIR)/x509-server-verify.Po + -rm -f ./$(DEPDIR)/x509-upnconstraint.Po + -rm -f ./$(DEPDIR)/x509-verify-with-crl.Po + -rm -f ./$(DEPDIR)/x509_altname.Po + -rm -f ./$(DEPDIR)/x509cert-ct.Po + -rm -f ./$(DEPDIR)/x509cert-dntypes.Po + -rm -f ./$(DEPDIR)/x509cert-invalid.Po + -rm -f ./$(DEPDIR)/x509cert-tl.Po + -rm -f ./$(DEPDIR)/x509cert.Po + -rm -f ./$(DEPDIR)/x509dn.Po + -rm -f ./$(DEPDIR)/x509self.Po + -rm -f ./$(DEPDIR)/x509sign-verify-ecdsa.Po + -rm -f ./$(DEPDIR)/x509sign-verify-error.Po + -rm -f ./$(DEPDIR)/x509sign-verify-gost.Po + -rm -f ./$(DEPDIR)/x509sign-verify-rsa.Po + -rm -f ./$(DEPDIR)/x509sign-verify.Po + -rm -f dtls/$(DEPDIR)/dtls-stress.Po + -rm -f pkcs11/$(DEPDIR)/gnutls_pcert_list_import_x509_file.Po + -rm -f pkcs11/$(DEPDIR)/gnutls_x509_crt_list_import_url.Po + -rm -f pkcs11/$(DEPDIR)/import_url_privkey_caps-pkcs11-import-url-privkey.Po + -rm -f pkcs11/$(DEPDIR)/list-objects.Po + -rm -f pkcs11/$(DEPDIR)/list-tokens.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-cert-import-url-exts.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-cert-import-url4-exts.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-chainverify.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-combo.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-ec-privkey-test.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-eddsa-privkey-test.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-get-exts.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-get-issuer.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-get-raw-issuer-exts.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-import-url-privkey.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-import-with-pin.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-is-known.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-mechanisms.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-mock.Plo + -rm -f pkcs11/$(DEPDIR)/pkcs11-mock2.Plo + -rm -f pkcs11/$(DEPDIR)/pkcs11-obj-import.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-obj-raw.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-pin-func.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-always-auth.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-export.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-fork-reinit.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-fork.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-generate.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-pthread.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey-safenet-always-auth.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-privkey.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-pubkey-import-ecdsa.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-pubkey-import-rsa.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-rsa-pss-privkey-test.Po + -rm -f pkcs11/$(DEPDIR)/pkcs11-token-raw.Po + -rm -f pkcs11/$(DEPDIR)/tls-neg-pkcs11-key.Po + -rm -f pkcs11/$(DEPDIR)/tls-neg-pkcs11-no-key.Po + -rm -f safe-renegotiation/$(DEPDIR)/srn0.Po + -rm -f safe-renegotiation/$(DEPDIR)/srn1.Po + -rm -f safe-renegotiation/$(DEPDIR)/srn2.Po + -rm -f safe-renegotiation/$(DEPDIR)/srn3.Po + -rm -f safe-renegotiation/$(DEPDIR)/srn4.Po + -rm -f safe-renegotiation/$(DEPDIR)/srn5.Po + -rm -f tls13/$(DEPDIR)/anti_replay-anti_replay.Po + -rm -f tls13/$(DEPDIR)/change_cipher_spec.Po + -rm -f tls13/$(DEPDIR)/compress-cert-cli.Po + -rm -f tls13/$(DEPDIR)/compress-cert-neg.Po + -rm -f tls13/$(DEPDIR)/compress-cert-neg2.Po + -rm -f tls13/$(DEPDIR)/compress-cert.Po + -rm -f tls13/$(DEPDIR)/cookie.Po + -rm -f tls13/$(DEPDIR)/hello_retry_request.Po + -rm -f tls13/$(DEPDIR)/hello_retry_request_resume.Po + -rm -f tls13/$(DEPDIR)/key_limits.Po + -rm -f tls13/$(DEPDIR)/key_share.Po + -rm -f tls13/$(DEPDIR)/key_update.Po + -rm -f tls13/$(DEPDIR)/key_update_multiple.Po + -rm -f tls13/$(DEPDIR)/multi-ocsp.Po + -rm -f tls13/$(DEPDIR)/no-auto-send-ticket.Po + -rm -f tls13/$(DEPDIR)/no-psk-exts.Po + -rm -f tls13/$(DEPDIR)/ocsp-client.Po + -rm -f tls13/$(DEPDIR)/post-handshake-with-cert-auto.Po + -rm -f tls13/$(DEPDIR)/post-handshake-with-cert-pkcs11.Po + -rm -f tls13/$(DEPDIR)/post-handshake-with-cert-ticket.Po + -rm -f tls13/$(DEPDIR)/post-handshake-with-cert.Po + -rm -f tls13/$(DEPDIR)/post-handshake-with-psk.Po + -rm -f tls13/$(DEPDIR)/post-handshake-without-cert.Po + -rm -f tls13/$(DEPDIR)/prf-early.Po + -rm -f tls13/$(DEPDIR)/prf.Po + -rm -f tls13/$(DEPDIR)/psk-dumbfw.Po + -rm -f tls13/$(DEPDIR)/psk-ext.Po + -rm -f tls13/$(DEPDIR)/psk-ke-modes.Po + -rm -f tls13/$(DEPDIR)/supported_versions.Po + -rm -f tls13/$(DEPDIR)/tls11_check_rollback_val-rnd-check-rollback-val.Po + -rm -f tls13/$(DEPDIR)/tls11_rollback_detection-rnd-rollback-detection.Po + -rm -f tls13/$(DEPDIR)/tls12-no-tls13-exts.Po + -rm -f tls13/$(DEPDIR)/tls12_check_rollback_val-rnd-check-rollback-val.Po + -rm -f tls13/$(DEPDIR)/tls12_rollback_detection-rnd-rollback-detection.Po + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(am__recursive_targets) check-am install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ + am--depfiles check check-TESTS check-am clean \ + clean-checkPROGRAMS clean-generic clean-libtool \ + clean-noinstLTLIBRARIES clean-noinstPROGRAMS cscopelist-am \ + ctags ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-local distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs installdirs-am \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am recheck tags tags-am uninstall \ + uninstall-am + +.PRECIOUS: Makefile + + +distclean-local: + rm -rf softhsm-*.db softhsm-*.config *.tmp tmp-* x509-crt-list-import-url.config.db port.lock.d + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c new file mode 100644 index 0000000..d1df39e --- /dev/null +++ b/tests/aead-cipher-vec.c @@ -0,0 +1,131 @@ +/* + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#include +#include +#include +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +/* Test whether gnutls_aead_cipher_{en,de}crypt_vec works */ +static void start(const char *name, int algo) +{ + int ret; + gnutls_aead_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t auth[128]; + uint8_t data[64+56+36]; + gnutls_datum_t key, iv; + giovec_t iov[3]; + giovec_t auth_iov[2]; + uint8_t tag[64]; + size_t tag_size = 0; + size_t i; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(data, 0xfa, sizeof(data)); + memset(auth, 0xaa, sizeof(auth)); + + iov[0].iov_base = data; + iov[0].iov_len = 64; + iov[1].iov_base = data + 64; + iov[1].iov_len = 56; + iov[2].iov_base = data + 64 + 56; + iov[2].iov_len = 36; + + auth_iov[0].iov_base = auth; + auth_iov[0].iov_len = 64; + auth_iov[1].iov_base = auth + 64; + auth_iov[1].iov_len = 64; + + success("trying %s\n", name); + + ret = + gnutls_aead_cipher_init(&ch, algo, &key); + if (ret < 0) + fail("gnutls_cipher_init: %s\n", gnutls_strerror(ret)); + + for (i = 0; i < 2; i++) { + ret = gnutls_aead_cipher_encryptv2(ch, + iv.data, iv.size, + auth_iov, 2, + iov, i + 1, + tag, &tag_size); + if (ret < 0) + fail("could not encrypt data: %s\n", gnutls_strerror(ret)); + + ret = gnutls_aead_cipher_decryptv2(ch, + iv.data, iv.size, + auth_iov, 2, + iov, i + 1, + tag, tag_size); + if (ret < 0) + fail("could not decrypt data: %s\n", gnutls_strerror(ret)); + } + + gnutls_aead_cipher_deinit(ch); +} + +void +doit(void) +{ + int ret; + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); /*errcode 1 */ + } + + start("aes-128-gcm", GNUTLS_CIPHER_AES_128_GCM); + start("aes-192-gcm", GNUTLS_CIPHER_AES_192_GCM); + start("aes-256-gcm", GNUTLS_CIPHER_AES_256_GCM); + start("aes-128-ccm", GNUTLS_CIPHER_AES_128_CCM); + if (!gnutls_fips140_mode_enabled()) { + start("aes-128-siv", GNUTLS_CIPHER_AES_128_SIV); + start("chacha20-poly1305", GNUTLS_CIPHER_CHACHA20_POLY1305); + } + + gnutls_global_deinit(); +} diff --git a/tests/alerts.c b/tests/alerts.c new file mode 100644 index 0000000..6bc2868 --- /dev/null +++ b/tests/alerts.c @@ -0,0 +1,300 @@ +/* + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" + +#include "utils.h" + +static void terminate(void); + +/* This program tests gnutls_alert_send(). + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static void client(int fd, const char *prio, int ign) +{ + int ret; + char buffer[64]; + const char* err; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + memset(buffer, 2, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + ret = gnutls_priority_set_direct(session, prio, &err); + if (ret < 0) { + fail("error setting priority: %s\n", err); + exit(1); + } + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client (%s): Handshake has failed (%s)\n\n", prio, + gnutls_strerror(ret)); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + ret = gnutls_alert_send(session, GNUTLS_AL_WARNING, GNUTLS_A_USER_CANCELED); + if (ret < 0) { + fail("server: Error sending user cancelled alert: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_alert_send(session, GNUTLS_AL_FATAL, GNUTLS_A_DECRYPT_ERROR); + if (ret < 0) { + fail("server: Error sending decrypt error alert: %s\n", gnutls_strerror(ret)); + exit(1); + } + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio, int ign) +{ + int ret; + const char* err; + char buffer[64]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + ret = gnutls_priority_set_direct(session, prio, &err); + if (ret < 0) { + fail("error setting priority: %s\n", err); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server (%s): Handshake has failed (%s)\n\n", prio, + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + if (ret > 0) + fail("error receiving alert: ret: %d\n", ret); + } while (ret > 0); + + if (ret != GNUTLS_E_WARNING_ALERT_RECEIVED || + gnutls_alert_get(session) != GNUTLS_A_USER_CANCELED) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + } + + do { + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + if (ret > 0) + fail("error receiving alert: ret: %d\n", ret); + } while (ret > 0); + + if (ret != GNUTLS_E_FATAL_ALERT_RECEIVED || + gnutls_alert_get(session) != GNUTLS_A_DECRYPT_ERROR) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + } + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *prio, int ign) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio, ign); + } else { + close(fd[0]); + client(fd[1], prio, ign); + exit(0); + } +} + +#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + + start(AES_GCM, 0); +} + +#endif /* _WIN32 */ diff --git a/tests/alpn-server-prec.c b/tests/alpn-server-prec.c new file mode 100644 index 0000000..115522c --- /dev/null +++ b/tests/alpn-server-prec.c @@ -0,0 +1,310 @@ +/* + * Copyright (C) 2013-2016 Nikos Mavrogiannopoulos + * Copyright (C) 2016 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This program tests the GNUTLS_ALPN_SERVER_PRECEDENCE + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(ENABLE_ALPN) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +static void client(int fd, const char *protocol0, const char *protocol1, const char *protocol2) +{ + gnutls_session_t session; + int ret; + gnutls_datum_t proto; + gnutls_anon_client_credentials_t anoncred; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + if (protocol1) { + gnutls_datum_t t[3]; + t[0].data = (void *) protocol0; + t[0].size = strlen(protocol0); + t[1].data = (void *) protocol1; + t[1].size = strlen(protocol1); + t[2].data = (void *) protocol2; + t[2].size = strlen(protocol2); + + ret = gnutls_alpn_set_protocols(session, t, 3, 0); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + } + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + ret = gnutls_alpn_get_selected_protocol(session, &proto); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + + if (debug) { + fprintf(stderr, "selected protocol: %.*s\n", + (int) proto.size, proto.data); + } + + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, const char *protocol1, const char *protocol2, const char *expected) +{ + int ret; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_datum_t t[2]; + gnutls_datum_t selected; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + t[0].data = (void *) protocol1; + t[0].size = strlen(protocol1); + t[1].data = (void *) protocol2; + t[1].size = strlen(protocol2); + + ret = gnutls_alpn_set_protocols(session, t, 2, GNUTLS_ALPN_SERVER_PRECEDENCE); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + ret = gnutls_alpn_get_selected_protocol(session, &selected); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + + if (debug) { + success("Protocol: %.*s\n", (int) selected.size, selected.data); + } + + if (selected.size != strlen(expected) || memcmp(selected.data, expected, selected.size) != 0) { + fail("did not select the expected protocol (selected %.*s, expected %s)\n", selected.size, selected.data, expected); + exit(1); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *p1, const char *p2, const char *cp1, const char *cp2, const char *expected) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + server(fd[0], p1, p2, expected); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], cp1, "unknown/1.4", cp2); + exit(0); + } +} + +void doit(void) +{ + /* A, B - A, B -> A */ + start("h2", "http/1.1", "h2", "http/1.1", "h2"); + + /* A, B - B, A -> A */ + start("spdy/3", "spdy/2", "spdy/2", "spdy/3", "spdy/3"); + + /* A, B - C, B -> B */ + start("spdy/3", "spdy/2", "h2", "spdy/2", "spdy/2"); + + /* A, B - B, C -> B */ + start("h2", "http/1.1", "http/1.1", "h3", "http/1.1"); +} + +#endif /* _WIN32 */ diff --git a/tests/anonself.c b/tests/anonself.c new file mode 100644 index 0000000..9d4926f --- /dev/null +++ b/tests/anonself.c @@ -0,0 +1,303 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +/* This program tests anonymous authentication as well as the gnutls_record_recv_packet. + */ + +#if defined(_WIN32) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include +#include + +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +#define MSG "Hello TLS" +#define MAX_BUF 1024 + +static void client(int sd, const char *prio) +{ + int ret, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, + prio, + NULL) >= 0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + print_dh_params_info(session); + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + ret = gnutls_record_send(session, MSG, sizeof(MSG)-1); + if (ret != sizeof(MSG)-1) { + fail("return value of gnutls_record_send() is bogus\n"); + exit(1); + } + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (ret != sizeof(MSG)-1 || memcmp(buffer, MSG, ret) != 0) { + fail("client: received data of different size! (expected: %d, have: %d)\n", + (int)strlen(MSG), ret); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + close(sd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + +#define DH_BITS 1024 + +static void server(int sd, const char *prio) +{ + const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; + gnutls_anon_server_credentials_t anoncred; + gnutls_dh_params_t dh_params; + int ret; + gnutls_session_t session; + gnutls_packet_t packet; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + gnutls_anon_allocate_server_credentials(&anoncred); + + if (debug) + success("Launched, generating DH parameters...\n"); + + assert(gnutls_dh_params_init(&dh_params)>=0); + assert(gnutls_dh_params_import_pkcs3(dh_params, &p3, + GNUTLS_X509_FMT_PEM)>=0); + + gnutls_anon_set_server_dh_params(anoncred, dh_params); + + assert(gnutls_init(&session, GNUTLS_SERVER)>=0); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_dh_set_prime_bits(session, DH_BITS); + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (debug) + print_dh_params_info(session); + + for (;;) { + ret = gnutls_record_recv_packet(session, &packet); + + if (ret == 0) { + gnutls_packet_deinit(packet); + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + gnutls_datum_t pdata; + + gnutls_packet_get(packet, &pdata, NULL); + /* echo data back to the client + */ + gnutls_record_send(session, pdata.data, + pdata.size); + gnutls_packet_deinit(packet); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + + gnutls_dh_params_deinit(dh_params); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void start(const char *name, const char *prio) +{ + pid_t child; + int sockets[2], err; + + success("testing: %s\n", name); + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + server(sockets[0], prio); + wait(&status); + check_wait_status(status); + } else { + client(sockets[1], prio); + exit(0); + } +} + +void doit(void) +{ + start("tls1.2 anon-dh", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ANON-DH"); + start("tls1.2 anon-ecdh", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ANON-ECDH"); + start("tls1.3 anon-dh", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-KX-ALL:+ANON-DH"); + start("tls1.3 anon-ecdh", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-KX-ALL:+ANON-ECDH"); + start("default anon-dh", "NORMAL:-KX-ALL:+ANON-DH"); + start("default anon-ecdh", "NORMAL:-KX-ALL:+ANON-ECDH"); +} + +#endif /* _WIN32 */ diff --git a/tests/atfork.c b/tests/atfork.c new file mode 100644 index 0000000..654519d --- /dev/null +++ b/tests/atfork.c @@ -0,0 +1,124 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS. If not, see . + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#endif + +#include +#include + +#if defined(_WIN32) +void doit(void) +{ + exit(77); +} +#else + +#include "../lib/atfork.h" +#include "../lib/atfork.c" + +/* utils.h must be loaded after gnutls_int.h, as it redefines some + * macros from gnulib */ +#include "utils.h" + +void doit(void) +{ + pid_t pid; + int status; + unsigned forkid; + + _gnutls_register_fork_handler(); + + forkid = _gnutls_get_forkid(); + if (_gnutls_detect_fork(forkid) != 0) { + fail("Detected fork on parent!\n"); + exit(1); + } + + pid = fork(); + if (pid == -1) { + fail("error in fork\n"); + exit(1); + } + + if (pid == 0) { + pid = fork(); + if (pid == -1) { + fail("error in fork\n"); + exit(1); + } + + if (pid == 0) { + if (_gnutls_detect_fork(forkid) == 0) { + fail("child: didn't detect fork on grandchild!\n"); + exit(1); + } + exit(0); + } + + if (waitpid(pid, &status, 0) < 0) { + fail("error in waitpid\n"); + exit(2); + } + + if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0)) { + fail("Didn't detect fork on grandchild\n"); + exit(2); + } + + if (_gnutls_detect_fork(forkid) == 0) { + fail("child: didn't detect fork on child!\n"); + exit(1); + } + + exit(0); + } + + if (waitpid(pid, &status, 0) < 0) { + fail("error in waitpid\n"); + exit(1); + } + + if (!WIFEXITED(status) || (WEXITSTATUS(status) != 0)) { + fail("Didn't detect fork on child\n"); + exit(1); + } + + if (_gnutls_detect_fork(forkid) != 0) { + fail("Detected fork on parent after fork!\n"); + exit(1); + } + + success("all tests ok\n"); + return; +} + +#endif diff --git a/tests/auto-verify.c b/tests/auto-verify.c new file mode 100644 index 0000000..dd3b397 --- /dev/null +++ b/tests/auto-verify.c @@ -0,0 +1,687 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2017-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include + +/* This tests gnutls_certificate_set_x509_key() */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char ca_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwNDA5MDgwMjM0WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuLSye8pe3yWKZ\n" +"Yp7tLQ4ImwLqqh1aN7x9pc5spLDj6krVArzkyyYDcWvtQNDjErEfLUrZZrCc4aIl\n" +"oU1Ghb92kI8ofZnHFbj3z5zdcWqiPppj5Y+hRdc4LszTWb+itrD9Ht/D67EK+m7W\n" +"ev6xxUdyiBYUmb2O3CnPZpUVshMRtEe45EDGI5hUgL2n4Msj41htTq8hATYPXgoq\n" +"gQUyXFpKAX5XDCyOG+FC6jmEys7UCRYv3SCl7TPWJ4cm+lHcFI2/OTOCBvMlKN2J\n" +"mWCdfnudZldqthin+8fR9l4nbuutOfPNt1Dj9InDzWZ1W/o4LrjKa7fsvszj2Z5A\n" +"Fn+xN/4zAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQUwRHwbXyPosKNNkBiZduEwL5ZCwswDQYJKoZIhvcNAQELBQAD\n" +"ggEBAEKr0b7WoJL+L8St/LEITU/i7FwFrCP6DkbaNo0kgzPmwnvNmw88MLI6UKwE\n" +"JecnjFhurRBBZ4FA85ucNyizeBnuXqFcyJ20+XziaXGPKV/ugKyYv9KBoTYkQOCh\n" +"nbOthmDqjvy2UYQj0BU2dOywkjUKWhYHEZLBpZYck0Orynxydwil5Ncsz4t3smJw\n" +"ahzCW8SzBFTiO99qQBCH2RH1PbUYzfAnJxZS2VScpcqlu9pr+Qv7r8E3p9qHxnQM\n" +"gO5laWO6lc13rNsbZRrtlCvacsiDSuDnS8EVXm0ih4fAntpRHacPbXZbOPQqJ/+1\n" +"G7/qJ6cDC/9aW+fU80ogTkAoFg4=\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t ca_cert = { ca_cert_pem, + sizeof(ca_cert_pem) +}; + +static unsigned char server_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIDOjCCAiKgAwIBAgIMU0T+mwoDu5uVLKeeMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" +"BgNVBAMTBENBLTEwIhgPMjAxNDA0MDkwODAyMzVaGA85OTk5MTIzMTIzNTk1OVow\n" +"EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" +"AoIBAQDXfvgsMWXHNf3iUaEoZSNztZZr6+UdBkoUhbdWJDR+GwR+GHfnYaYHsuqb\n" +"bNEl/QFI+8Jeth0SmG7TNB+b/AlHFoBm8TwBt7H+Mn6AQIdo872Vs262UkHgbZN6\n" +"dEQeRCgiXmlsOVe+MVpf79Xi32MYz1FZ/ueS6tr8sIDhECThIZkq2eulVjAV86N2\n" +"zQ72Ml1k8rPw4SdK5OFhcXNdXr6CsAol8MmiORKDF0iAZxwtFVc00nBGqQC5rwrN\n" +"3A8czH5TsvyvrcW0mwV2XOVvZM5kFM1T/X0jF6RQHiGGFBYK4s6JZxSSOhJMFYYh\n" +"koPEKsuVZdmBJ2yTTdGumHZfG9LDAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAU\n" +"BgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0P\n" +"AQH/BAUDAwegADAdBgNVHQ4EFgQURXiN5VD5vgqAprhd/37ldGKv4/4wHwYDVR0j\n" +"BBgwFoAU8MUzmkotjSmVa5r1ejMkMQ6BiZYwDQYJKoZIhvcNAQELBQADggEBABSU\n" +"cmMX0nGeg43itPnLjSTIUuYEamRhfsFDwgRYQn5w+BcFG1p0scBRxLAShUEb9A2A\n" +"oEJV4rQDpCn9bcMrMHhTCR5sOlLh/2o9BROjK0+DjQLDkooQK5xa+1GYEiy6QYCx\n" +"QjdCCnMhHh24oP2/vUggRKhevvD2QQFKcCDT6n13RFYm+HX82gIh6SAtRs0oahY5\n" +"k9CM9TYRPzXy+tQqhZisJzc8BLTW/XA97kAJW6+hUhPir7AYR6BKJhNeIxcN/yMy\n" +"jsHzWDLezip/8q+kzw658V5e40hne7ZaJycGUaUdLVnJcpNtBgGE82TRS/XZSQKF\n" +"fpy8FLGcJynqlIOzdKs=\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIIDATCCAemgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwNDA5MDgwMjM0WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZq3sA+mjFadII\n" +"EMDHfj1fYh+UOUSa8c814E9NfCdYZ9Z11BmPpBeR5mXV12j1DKjkTlqTUL7s4lVR\n" +"RKfyAdCpQIfeXHDeTYYUq2uBnbi5YMG5Y+WbCiYacgRU3IypYrSzaeh1mY7GiEFe\n" +"U/NaImHLCf+TdAvTJ3Fo0QPe5QN2Lrv6l//cqOv7enZ91KRWxClDMM6EAr+C/7dk\n" +"rOTXRrCuH/e/KVBXEJ/YeSYPmBIwolGktRrGdsVagdqYArr4dhJ7VThIVRUX1Ijl\n" +"THCLstI/LuD8WkDccU3ZSdm47f2U43p/+rSO0MiNOXiaskeK56G/9DbJEeETUbzm\n" +"/B2712MVAgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQU8MUzmkotjSmVa5r1ejMkMQ6BiZYwHwYDVR0jBBgwFoAUwRHw\n" +"bXyPosKNNkBiZduEwL5ZCwswDQYJKoZIhvcNAQELBQADggEBACKxBPj9u1t52uIF\n" +"eQ2JPb8/u+MBttvSLo0qPKXwpc4q8hNclh66dpqGWiF0iSumsKyKU54r6CIF9Ikm\n" +"t1V1GR9Ll4iTnz3NdIt1w3ns8rSlU5O/dgKysK/1C/5xJWEUYtEO5mnyi4Zaf8FB\n" +"hKmQ1aWF5dTB81PVAQxyCiFEnH7YumK7pJeIpnCOPIqLZLUHfrTUeL8zONF4i5Sb\n" +"7taZ8SQ6b7IaioU+NJ50uT2wy34lsyvCWf76Azezv9bggkdNDo/7ktMgsfRrSyM8\n" +"+MVob5ePGTjKx5yMy/sy2vUkkefwW3RiEss/y2JRb8Hw7nDlA9ttilYKFwGFwRvw\n" +"KRsXqo8=\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = +"-----BEGIN RSA PRIVATE KEY-----\n" +"MIIEpAIBAAKCAQEA1374LDFlxzX94lGhKGUjc7WWa+vlHQZKFIW3ViQ0fhsEfhh3\n" +"52GmB7Lqm2zRJf0BSPvCXrYdEphu0zQfm/wJRxaAZvE8Abex/jJ+gECHaPO9lbNu\n" +"tlJB4G2TenREHkQoIl5pbDlXvjFaX+/V4t9jGM9RWf7nkura/LCA4RAk4SGZKtnr\n" +"pVYwFfOjds0O9jJdZPKz8OEnSuThYXFzXV6+grAKJfDJojkSgxdIgGccLRVXNNJw\n" +"RqkAua8KzdwPHMx+U7L8r63FtJsFdlzlb2TOZBTNU/19IxekUB4hhhQWCuLOiWcU\n" +"kjoSTBWGIZKDxCrLlWXZgSdsk03Rrph2XxvSwwIDAQABAoIBAB7trDS7ij4DM8MN\n" +"sDGaAnKS91nZ63I0+uDjKCMG4znOKuDmJh9hVnD4bs+L2KC5JTwSVh09ygJnOlC5\n" +"xGegzrwTMK6VpOUiNjujh6BkooqfoPAhZpxoReguEeKbWUN2yMPWBQ9xU3SKpMvs\n" +"IiiDozdmWeiuuxHM/00REA49QO3Gnx2logeB+fcvXXD1UiZV3x0xxSApiJt1sr2r\n" +"NmqSyGdNUgpmnTP8zbKnDaRe5Wj4tj1TCTLE/HZ0tzdRuwlkIqvcpGg1LMtKm5N8\n" +"xIWjTGMFwGjG+OF8LGqHLH+28pI3iMB6QqO2YLwOp+WZKImKP3+Dp3s8lCw8t8cm\n" +"q5/Qc9ECgYEA2xwxm+pFkrFmZNLCakP/6S5AZqpfSBRUlF/uX2pBKO7o6I6aOV9o\n" +"zq2QWYIZfdyD+9MvAFUQ36sWfTVWpGA34WGtsGtcRRygKKTigpJHvBldaPxiuYuk\n" +"xbS54nWUdix/JzyQAy22xJXlp4XJvtFJjHhA2td0XA7tfng9n8jmvEUCgYEA+8cA\n" +"uFIQFbaZ2y6pnOvlVj8OH0f1hZa9M+3q01fWy1rnDAsLrIzJy8TZnBtpDwy9lAun\n" +"Sa6wzu6qeHmF17xwk5U7BCyK2Qj/9KhRLg1mnDebQ/CiLSAaJVnrYFp9Du96fTkN\n" +"ollvbFiGF92QwPTDf2f1gHZQEPwa+f/ox37ad2cCgYEAwMgXpfUD7cOEMeV2BQV7\n" +"XnDBXRM97i9lE38sPmtAlYFPD36Yly4pCt+PCBH9181zmtf+nK47wG/Jw7RwXQQD\n" +"ZpwItBZiArTi/Z/FY9jMoOU4WKznOBVzjjgq7ONDEo6n+Z/BnepUyraQb0q5bNi7\n" +"e4o6ldHHoU/JCeNFZRbgXHkCgYA6vJU9at+XwS6phHxLQHkTIsivoYD0tlLTX4it\n" +"30sby8wk8hq6GWomYHkHwxlCSo2bkRBozxkuXV1ll6wSxUJaG7FV6vJFaaUUtYOi\n" +"w7uRbCOLuQKMlnWjCxQvOUz9g/7GYd39ZvHoi8pUnPrdGPzWpzEN1AwfukCs2/e5\n" +"Oq3KtwKBgQCkHmDU8h0kOfN28f8ZiyjJemQMNoOGiJqnGexaKvsRd+bt4H+7DsWQ\n" +"OnyKm/oR0wCCSmFM5aQc6GgzPD7orueKVYHChbY7HLTWKRHNs6Rlk+6hXJvOld0i\n" +"Cl7KqL2x2ibGMtt4LtSntdzWqa87N7vCWMSTmvd8uLgflBs33xUIiQ==\n" +"-----END RSA PRIVATE KEY-----\n"; + +static unsigned char cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" + "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" + "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" + "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" + "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" + "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" + "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" + "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" + "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" + "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t cli_cert = { cert_pem, sizeof(cert_pem) - 1}; + +static unsigned char key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; +const gnutls_datum_t cli_key = { key_pem, sizeof(key_pem) - 1}; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static void print_verification_res(unsigned int output) +{ + gnutls_datum_t pout; + int ret; + + if (output) { + success("Not verified."); + } else { + success("Verified."); + } + + ret = + gnutls_certificate_verification_status_print(output, + GNUTLS_CRT_X509, + &pout, 0); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + success(" %s", pout.data); + gnutls_free(pout.data); +} + +static const char *get_signature_algo(gnutls_x509_crt_t crt) +{ + int ret; + static char oid[128]; + + ret = gnutls_x509_crt_get_signature_algorithm(crt); + if (ret < 0 || ret == GNUTLS_SIGN_UNKNOWN) { + size_t oid_size = sizeof(oid); + ret = gnutls_x509_crt_get_signature_oid(crt, oid, &oid_size); + if (ret < 0) + return NULL; + return oid; + } + + return gnutls_sign_get_name(ret); +} + +static int cert_out_callback(gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer, + gnutls_x509_crl_t crl, + unsigned int verification_output) +{ + char tmp[255]; + size_t tmp_size; + gnutls_datum_t name = {NULL,0}, issuer_name = {NULL,0}; + gnutls_datum_t serial = {NULL,0}; + int ret; + + success("Printing full certificate path validation to trust root.\n"); + + ret = + gnutls_x509_crt_get_issuer_dn3(cert, &issuer_name, 0); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_get_issuer_dn: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_get_dn3(cert, &name, 0); + if (ret < 0) { + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + name.data = 0; + name.size = 0; + } else { + fprintf(stderr, "gnutls_x509_crt_get_dn: %s\n", + gnutls_strerror(ret)); + exit(1); + } + } + + success("\tSubject: %s\n", name.data); + success("\tIssuer: %s\n", issuer_name.data); + + if (issuer != NULL) { + gnutls_free(issuer_name.data); + ret = + gnutls_x509_crt_get_dn3(issuer, &issuer_name, 0); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_get_issuer_dn: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + success("\tChecked against: %s\n", issuer_name.data); + } + + success("\tSignature algorithm: %s\n", get_signature_algo(cert)); + + if (crl != NULL) { + gnutls_datum_t data; + gnutls_free(issuer_name.data); + + ret = + gnutls_x509_crl_get_issuer_dn3(crl, &issuer_name, 0); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crl_get_issuer_dn: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + tmp_size = sizeof(tmp); + ret = + gnutls_x509_crl_get_number(crl, tmp, &tmp_size, NULL); + if (ret < 0) { + serial.data = (void*)gnutls_strdup("unnumbered"); + } else { + data.data = (void *) tmp; + data.size = tmp_size; + + ret = gnutls_hex_encode2(&data, &serial); + if (ret < 0) { + fprintf(stderr, "gnutls_hex_encode: %s\n", + gnutls_strerror(ret)); + exit(1); + } + } + success("\tChecked against CRL[%s] of: %s\n", + serial.data, issuer_name.data); + } + + success("\tOutput: "); + print_verification_res(verification_output); + + success("\n\n"); + + gnutls_free(serial.data); + gnutls_free(name.data); + gnutls_free(issuer_name.data); + + return 0; +} + +static +void test_failure(const char *name, const char *prio) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + gnutls_x509_crt_t *crts; + unsigned int crts_size; + unsigned i; + gnutls_typed_vdata_st vdata[2]; + gnutls_x509_privkey_t pkey; + unsigned status; + + success("testing cert verification failure for %s\n", name); + + to_server_len = 0; + to_client_len = 0; + + ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &server_cert, GNUTLS_X509_FMT_PEM, + GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_privkey_import(pkey, &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key(serverx509cred, crts, crts_size, pkey); + gnutls_x509_privkey_deinit(pkey); + for (i=0;i= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + /* Init client */ + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_key_mem(clientx509cred, + &cli_cert, &cli_key, + GNUTLS_X509_FMT_PEM); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_session_set_verify_output_function(client, cert_out_callback); + assert(gnutls_priority_set_direct(client, prio, NULL) >= 0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + memset(vdata, 0, sizeof(vdata)); + + /* check with wrong hostname */ + vdata[0].type = GNUTLS_DT_DNS_HOSTNAME; + vdata[0].data = (void*)"localhost1"; + + vdata[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + vdata[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + gnutls_session_set_verify_cert2(client, vdata, 2, 0); + + HANDSHAKE_EXPECT(client, server, GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR, GNUTLS_E_AGAIN); + + status = gnutls_session_get_verify_cert_status(client); + + if (status == 0) { + fail("should not have accepted!\n"); + exit(1); + } + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); +} + +static +void test_success1(const char *name, const char *prio) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + gnutls_x509_crt_t *crts; + unsigned int crts_size; + unsigned i; + gnutls_typed_vdata_st vdata[2]; + gnutls_x509_privkey_t pkey; + unsigned status; + + success("testing cert verification success1 for %s\n", name); + + to_server_len = 0; + to_client_len = 0; + + ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &server_cert, GNUTLS_X509_FMT_PEM, + GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_privkey_import(pkey, &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key(serverx509cred, crts, crts_size, pkey); + gnutls_x509_privkey_deinit(pkey); + for (i=0;i= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + /* Init client */ + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_key_mem(clientx509cred, + &cli_cert, &cli_key, + GNUTLS_X509_FMT_PEM); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + assert(gnutls_priority_set_direct(client, prio, NULL) >= 0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + memset(vdata, 0, sizeof(vdata)); + + /* check with wrong hostname */ + vdata[0].type = GNUTLS_DT_DNS_HOSTNAME; + vdata[0].data = (void*)"localhost"; + + vdata[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + vdata[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + gnutls_session_set_verify_cert2(client, vdata, 2, 0); + + HANDSHAKE(client, server); + + status = gnutls_session_get_verify_cert_status(client); + + if (status != 0) { + fail("%s: should have accepted: %u!\n", __func__, status); + exit(1); + } + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); +} + +static +void test_success2(const char *name, const char *prio) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + gnutls_x509_crt_t *crts; + unsigned int crts_size; + unsigned i; + gnutls_x509_privkey_t pkey; + unsigned status; + + success("testing cert verification success2 for %s\n", name); + + to_server_len = 0; + to_client_len = 0; + + ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &server_cert, GNUTLS_X509_FMT_PEM, + GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_privkey_import(pkey, &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key(serverx509cred, crts, crts_size, pkey); + gnutls_x509_privkey_deinit(pkey); + for (i=0;i=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + /* Init client */ + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_key_mem(clientx509cred, + &cli_cert, &cli_key, + GNUTLS_X509_FMT_PEM); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + assert(gnutls_priority_set_direct(client, prio, NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + gnutls_session_set_verify_cert(client, "localhost", 0); + + HANDSHAKE(client, server); + + status = gnutls_session_get_verify_cert_status(client); + + if (status != 0) { + fail("%s: should have accepted: %u!\n", __func__, status); + exit(1); + } + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); +} + +void doit(void) +{ + global_init(); + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + test_failure("tls1.2", "NORMAL:-VERS-ALL:+VERS-TLS1.2"); + test_failure("tls1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3"); + test_success1("tls1.2", "NORMAL:-VERS-ALL:+VERS-TLS1.2"); + test_success1("tls1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3"); + test_success2("tls1.2", "NORMAL:-VERS-ALL:+VERS-TLS1.2"); + test_success2("tls1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3"); + + gnutls_global_deinit(); + +} diff --git a/tests/base64-raw.c b/tests/base64-raw.c new file mode 100644 index 0000000..8382e50 --- /dev/null +++ b/tests/base64-raw.c @@ -0,0 +1,266 @@ +/* + * Copyright (C) 2016, 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include +#include + +#include "utils.h" + +/* This checks base64 raw encoding without PEM headers */ + +static void encode(const char *test_name, const gnutls_datum_t *raw, const char *expected) +{ + int ret; + gnutls_datum_t out; + + ret = gnutls_pem_base64_encode2(NULL, raw, &out); + if (ret < 0) { + fail("%s: gnutls_pem_base64_encode2: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (strlen(expected)!=out.size) { + fail("%s: gnutls_pem_base64_encode2: output has incorrect size (%d, expected %d)\n", test_name, (int)out.size, (int)strlen(expected)); + exit(1); + } + + if (strncasecmp(expected, (char*)out.data, out.size) != 0) { + fail("%s: gnutls_pem_base64_encode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + ret = gnutls_base64_encode2(raw, &out); + if (ret < 0) { + fail("%s: gnutls_base64_encode2: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (strlen(expected)!=out.size) { + fail("%s: gnutls_base64_encode2: output has incorrect size (%d, expected %d)\n", test_name, (int)out.size, (int)strlen(expected)); + exit(1); + } + + if (strncasecmp(expected, (char*)out.data, out.size) != 0) { + fail("%s: gnutls_base64_encode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + return; +} + +static void encode_new(const char *test_name, const gnutls_datum_t *raw, const char *expected) +{ + int ret; + gnutls_datum_t out, in; + + ret = gnutls_base64_encode2(raw, &out); + if (ret < 0) { + fail("%s: gnutls_base64_encode2: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (strlen(expected)!=out.size) { + fail("%s: gnutls_base64_encode2: output has incorrect size (%d, expected %d)\n", test_name, (int)out.size, (int)strlen(expected)); + exit(1); + } + + if (strncasecmp(expected, (char*)out.data, out.size) != 0) { + fail("%s: gnutls_base64_encode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + ret = gnutls_base64_encode2(raw, &out); + if (ret < 0) { + fail("%s: gnutls_base64_encode2: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (strlen(expected)!=out.size) { + fail("%s: gnutls_base64_encode2: output has incorrect size (%d, expected %d)\n", test_name, (int)out.size, (int)strlen(expected)); + exit(1); + } + + if (strncasecmp(expected, (char*)out.data, out.size) != 0) { + fail("%s: gnutls_base64_encode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + in.data = (void*)expected; + in.size = strlen(expected); + ret = gnutls_base64_decode2(&in, &out); + if (ret < 0) { + fail("%s: gnutls_base64_decode2: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (raw->size!=out.size) { + fail("%s: gnutls_base64_decode2: output has incorrect size (%d, expected %d)\n", test_name, out.size, raw->size); + exit(1); + } + + if (memcmp(raw->data, out.data, out.size) != 0) { + fail("%s: gnutls_base64_decode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + return; +} + +static void decode_new(const char *test_name, const gnutls_datum_t *raw, const char *hex, int res) +{ + int ret; + gnutls_datum_t out, in; + + in.data = (void*)hex; + in.size = strlen(hex); + ret = gnutls_base64_decode2(&in, &out); + if (ret < 0) { + if (res == ret) /* expected */ + return; + fail("%s: gnutls_base64_decode2: %d/%s\n", test_name, ret, gnutls_strerror(ret)); + exit(1); + } + + if (res != 0) { + fail("%s: gnutls_base64_decode2: expected failure, but succeeded!\n", test_name); + exit(1); + } + + if (raw->size!=out.size) { + fail("%s: gnutls_base64_decode2: output has incorrect size (%d, expected %d)\n", test_name, out.size, raw->size); + exit(1); + } + + if (memcmp(raw->data, out.data, out.size) != 0) { + fail("%s: gnutls_base64_decode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + return; +} + +struct encode_tests_st { + const char *name; + gnutls_datum_t raw; + const char *pem; +}; + +struct encode_tests_st encode_tests[] = { + { + .name = "rnd1", + .pem = "9ppGioRpeiiD2lLNYC85eA==", + .raw = {(void*)"\xf6\x9a\x46\x8a\x84\x69\x7a\x28\x83\xda\x52\xcd\x60\x2f\x39\x78", 16} + }, + { + .name = "rnd2", + .pem = "LJ/7hUZ3TtPIz2dlc5+YvELe+Q==", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19} + } +}; + +struct decode_tests_st { + const char *name; + gnutls_datum_t raw; + const char *pem; + int res; +}; + +struct decode_tests_st decode_tests[] = { + { + .name = "empty", + .pem = "", + .raw = {(void*)"", 0}, + .res = 0 + }, + { + .name = "dec-rnd1", + .pem = "9ppGioRpeiiD2lLNYC85eA==", + .raw = {(void*)"\xf6\x9a\x46\x8a\x84\x69\x7a\x28\x83\xda\x52\xcd\x60\x2f\x39\x78", 16}, + .res = 0 + }, + { + .name = "dec-rnd2", + .pem = "LJ/7hUZ3TtPIz2dlc5+YvELe+Q==", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = 0 + }, + { + .name = "dec-extra-chars", + .pem = "\n\n LJ/7hUZ3TtPIz2dlc5+YvELe+Q== \n", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = 0 + }, + { + .name = "dec-spaces", + .pem = " ", + .raw = {(void*)"", 0}, + .res = GNUTLS_E_BASE64_DECODING_ERROR + }, + { + .name = "dec-invalid-data", + .pem = "XLJ/7hUZ3TtPIz2dlc5+YvELe+Q==", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = GNUTLS_E_BASE64_DECODING_ERROR + }, + { + .name = "dec-invalid-suffix", + .pem = "LJ/7hUZ3TtPIz2dlc5+YvELe+Q==XXX", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = GNUTLS_E_BASE64_DECODING_ERROR + } +}; + +void doit(void) +{ + unsigned i; + + for (i=0;i +#endif + +#include +#include + +#include +#include + +#include "utils.h" + +static void encode(const char *test_name, const gnutls_datum_t *raw, const char *expected) +{ + int ret; + gnutls_datum_t out, in; + + ret = gnutls_pem_base64_encode2(test_name, raw, &out); + if (ret < 0) { + fail("%s: gnutls_pem_base64_encode2: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (strlen(expected)!=out.size) { + fail("%s: gnutls_pem_base64_encode2: output has incorrect size (%d, expected %d)\n", test_name, (int)out.size, (int)strlen(expected)); + exit(1); + } + + if (strncasecmp(expected, (char*)out.data, out.size) != 0) { + fail("%s: gnutls_pem_base64_encode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + in.data = (void*)expected; + in.size = strlen(expected); + ret = gnutls_pem_base64_decode2(test_name, &in, &out); + if (ret < 0) { + fail("%s: gnutls_pem_base64_decode2: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (raw->size!=out.size) { + fail("%s: gnutls_pem_base64_decode2: output has incorrect size (%d, expected %d)\n", test_name, out.size, raw->size); + exit(1); + } + + if (memcmp(raw->data, out.data, out.size) != 0) { + fail("%s: gnutls_pem_base64_decode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + return; +} + +static void decode(const char *test_name, const gnutls_datum_t *raw, const char *hex, unsigned hex_size, int res) +{ + int ret; + gnutls_datum_t out, in; + + in.data = (void*)hex; + if (hex_size == 0) + in.size = strlen(hex); + else + in.size = hex_size; + + ret = gnutls_pem_base64_decode2(test_name, &in, &out); + if (ret < 0) { + if (res == ret) /* expected */ + return; + fail("%s: gnutls_pem_base64_decode2: %d/%s\n", test_name, ret, gnutls_strerror(ret)); + exit(1); + } + + if (res != 0) { + fail("%s: gnutls_pem_base64_decode2: expected failure, but succeeded!\n", test_name); + exit(1); + } + + if (raw->size!=out.size) { + fail("%s: gnutls_pem_base64_decode2: output has incorrect size (%d, expected %d)\n", test_name, out.size, raw->size); + exit(1); + } + + if (memcmp(raw->data, out.data, out.size) != 0) { + fail("%s: gnutls_pem_base64_decode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + /* decode with null argument */ + in.data = (void*)hex; + in.size = strlen(hex); + ret = gnutls_pem_base64_decode2(NULL, &in, &out); + if (ret < 0) { + if (res == ret) /* expected */ + return; + fail("%s: gnutls_pem_base64_decode2: %d/%s\n", test_name, ret, gnutls_strerror(ret)); + exit(1); + } + + if (res != 0) { + fail("%s: gnutls_pem_base64_decode2: expected failure, but succeeded!\n", test_name); + exit(1); + } + + if (raw->size!=out.size) { + fail("%s: gnutls_pem_base64_decode2: output has incorrect size (%d, expected %d)\n", test_name, out.size, raw->size); + exit(1); + } + + if (memcmp(raw->data, out.data, out.size) != 0) { + fail("%s: gnutls_pem_base64_decode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + return; +} + +struct encode_tests_st { + const char *name; + gnutls_datum_t raw; + const char *pem; +}; + +struct encode_tests_st encode_tests[] = { + { + .name = "rnd1", + .pem = "-----BEGIN rnd1-----\n" + "9ppGioRpeiiD2lLNYC85eA==\n" + "-----END rnd1-----\n", + .raw = {(void*)"\xf6\x9a\x46\x8a\x84\x69\x7a\x28\x83\xda\x52\xcd\x60\x2f\x39\x78", 16} + }, + { + .name = "rnd2", + .pem = "-----BEGIN rnd2-----\n" + "LJ/7hUZ3TtPIz2dlc5+YvELe+Q==\n" + "-----END rnd2-----\n", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19} + } +}; + +struct decode_tests_st { + const char *name; + gnutls_datum_t raw; + const char *pem; + unsigned pem_size; + int res; +}; + +struct decode_tests_st decode_tests[] = { + { + .name = "dec-rnd1", + .pem = "-----BEGIN dec-rnd1-----\n" + "9ppGioRpeiiD2lLNYC85eA==\n" + "-----END rnd1-----\n", + .raw = {(void*)"\xf6\x9a\x46\x8a\x84\x69\x7a\x28\x83\xda\x52\xcd\x60\x2f\x39\x78", 16}, + .res = 0 + }, + { + .name = "dec-rnd2", + .pem = "-----BEGIN dec-rnd2-----\n" + "LJ/7hUZ3TtPIz2dlc5+YvELe+Q==\n" + "-----END rnd2-----\n", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = 0 + }, + { + .name = "dec-extra-chars", + .pem = "-----BEGIN dec-extra-chars----- \n\n" + "\n\n LJ/7hUZ3TtPIz2dlc5+YvELe+Q== \n" + " -----END rnd2----- \n ", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = 0 + }, + { + .name = "dec-invalid-header", + .pem = "-----BEGIN dec-xxx-----\n" + "LJ/7hUZ3TtPIz2dlc5+YvELe+Q==\n" + "-----END rnd2-----\n", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR + }, + { + .name = "dec-invalid-data", + .pem = "-----BEGIN dec-invalid-data-----\n" + "XLJ/7hUZ3TtPIz2dlc5+YvELe+Q==\n" + "-----END rnd2-----\n", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = GNUTLS_E_BASE64_DECODING_ERROR + }, + { + .name = "leak1", + .pem = "-----BEGIN leak1-----E-\x00\x00-----END ", + .pem_size = 34, + .raw = {(void*)"", 0}, + .res = GNUTLS_E_BASE64_DECODING_ERROR + }, + { + .name = "dec-invalid-suffix", + .pem = "-----BEGIN dec-invalid-suffix-----\n" + "LJ/7hUZ3TtPIz2dlc5+YvELe+Q==XXX\n" + "-----END rnd2-----\n", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = GNUTLS_E_BASE64_DECODING_ERROR + } +}; + +void doit(void) +{ + unsigned i; + + for (i=0;i +#endif + +#include +#include +#include + +#include +#include "utils.h" + +void doit(void) +{ + static const struct test_data { + const char * + input; + const char * + output; + } test_data[] = { + { "%20%20", " ", }, + { "%20", " ", }, + { "%2z", "%2z", }, + { "%2", "%2", }, + { "%", "%", }, + { "", "", }, + }; + + for (unsigned it = 0; it < countof(test_data); it++) { + const struct test_data *t = &test_data[it]; + gnutls_buffer_st str; + int ret; + + _gnutls_buffer_init(&str); + + ret = _gnutls_buffer_append_data(&str, t->input, strlen(t->input)); + if (ret < 0) + fail("_gnutls_buffer_append_str: %s\n", gnutls_strerror(ret)); + + ret = _gnutls_buffer_unescape(&str); + if (ret < 0) + fail("_gnutls_buffer_unescape: %s\n", gnutls_strerror(ret)); + + ret = _gnutls_buffer_append_data(&str, "", 1); + if (ret < 0) + fail("_gnutls_buffer_append_data: %s\n", gnutls_strerror(ret)); + + /* using malloc() instead of stack memory for better buffer overflow detection */ + gnutls_datum output; + + _gnutls_buffer_pop_datum(&str, &output, strlen(t->output) + 1); + + if (strcmp(t->output, (char *) output.data)) + fail("output differs [%d]: expected '%s', seen '%s'\n", it, t->output, (char *) output.data); + + _gnutls_buffer_clear(&str); + } +} + diff --git a/tests/cert-common.h b/tests/cert-common.h new file mode 100644 index 0000000..665f565 --- /dev/null +++ b/tests/cert-common.h @@ -0,0 +1,1949 @@ +/* + * Copyright (C) 2015-2017 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef GNUTLS_TESTS_CERT_COMMON_H +#define GNUTLS_TESTS_CERT_COMMON_H + +#include + +/* This file contains a lot of common parameters used by legacy and new + * tests. The recommended to use for new tests are: + * + * CA: ca3_cert, ca3_key + * TLS client: cli_ca3_cert, cli_ca3_key + * TLS client (RSA PSS): cli_ca3_rsa_pss_cert, cli_ca3_rsa_pss_key + * TLS client (GOST R 34.10-2001): cligost01_ca3_cert, cligost01_ca3_key + * TLS client (GOST R 34.10-2012-256): cligost12_256_ca3_cert, cligost12_256_ca3_key + * TLS client (GOST R 34.10-2012-512): cligost12_512_ca3_cert, cligost12_512_ca3_key + * IPv4 server (SAN: IPAddr: 127.0.0.1): server_ca3_ipaddr_cert, server_ca3_key + * IPv4 server (RSA-PSS, SAN: localhost IPAddr: 127.0.0.1): server_ca3_rsa_pss_cert, server_ca3_rsa_pss_key + * IPv4 server (RSA-PSS key, SAN: localhost IPAddr: 127.0.0.1): server_ca3_rsa_pss2_cert, server_ca3_rsa_pss2_key + * IPv4 server (EdDSA, SAN: localhost IPAddr: 127.0.0.1): server_ca3_eddsa_cert, server_ca3_eddsa_key + * IPv4 server (GOST R 34.10-2001, SAN: localhost): server_ca3_gost01_cert, server_ca3_gost01_key + * IPv4 server (GOST R 34.10-2012-256, SAN: localhost): server_ca3_gost12-256_cert, server_ca3_gost12-256_key + * IPv4 server (GOST R 34.10-2012-512, SAN: localhost): server_ca3_gost12-512_cert, server_ca3_gost12-512_key + * IPv6 server: server_ca3_tlsfeat_cert, server_ca3_key + * IPv6 server: server_ca3_localhost6_cert, server_ca3_key + * IPv4 server: server_ca3_localhost_cert, server_ca3_key + * IPv4 server: server_ca3_localhost_ecc_cert, server_ca3_ecc_key + * IPv4 server: server_ca3_localhost_utf8_cert, server_ca3_key - UTF8 names + * IPv4 server: server_ca3_localhost_inv_utf8_cert, server_ca3_key - invalid UTF8 names + * IPv4 server: insecure key: server_ca3_localhost_insecure_key, server_ca3_localhost_insecure_cert + * IPv4 server: RSA-decrypt key: server_ca3_localhost_rsa_decrypt_cert, server_ca3_key + * IPv4 server: RSA-sign-only key: server_ca3_localhost_rsa_sign_cert, server_ca3_key + */ + + +static char ecc_key[] = + "-----BEGIN EC PRIVATE KEY-----\n" + "MHgCAQEEIQD9KwCA8zZfETJl440wMztH9c74E+VMws/96AVqyslBsaAKBggqhkjO\n" + "PQMBB6FEA0IABDwVbx1IPmRZEyxtBBo4DTBc5D9Vy9kXFUZycZLB+MYzPQQuyMEP\n" + "wFAEe5/JSLVA+m+TgllhXnJXy4MGvcyClME=\n" + "-----END EC PRIVATE KEY-----\n"; + +static char ecc_cert[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIC4DCCAoagAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G\n" + "A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y\n" + "aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0\n" + "ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMzZaGA8yMDE5MTAwNTA5MjIzNlow\n" + "gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs\n" + "ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh\n" + "dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G\n" + "A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMFkwEwYH\n" + "KoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL2RcVRnJx\n" + "ksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwaOBtjCBszAMBgNV\n" + "HRMBAf8EAjAAMD0GA1UdEQQ2MDSCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFu\n" + "b25lLm9yZ4IJbG9jYWxob3N0hwTAqAEBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G\n" + "A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKz6R2fGG0F5Elf3rAXBUOKO0A5bMB8G\n" + "A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0gAMEUC\n" + "ICgq4CTInkRQ1DaFoI8wmu2KP8445NWRXKouag2WJSFzAiEAx4KxaoZJNVfBBSc4\n" + "bA9XTz/2OnpgAZutUohNNb/tmRE=\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ecc_cert = + {(unsigned char*) ecc_cert, sizeof(ecc_cert)-1}; + + +const gnutls_datum_t server_ecc_key = + {(unsigned char*) ecc_key, sizeof(ecc_key)-1}; + +/* A cert-key pair */ +static char pem1_cert[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" + "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" + "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" + "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" + "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" + "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" + "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" + "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" + "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" + "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; + +static char pem1_key[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t cert_dat = + {(unsigned char*) pem1_cert, sizeof(pem1_cert)-1}; + + +const gnutls_datum_t key_dat = + {(unsigned char*) pem1_key, sizeof(pem1_key)-1}; + + +/* A server cert/key pair with CA */ +static unsigned char server_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIDIzCCAgugAwIBAgIMUz8PCR2sdRK56V6OMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" +"BgNVBAMTBENBLTEwIhgPMjAxNDA0MDQxOTU5MDVaGA85OTk5MTIzMTIzNTk1OVow\n" +"EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" +"AoIBAQDZ3dCzh9gOTOiOb2dtrPu91fYYgC/ey0ACYjQxaru7FZwnuXPhQK9KHsIV\n" +"YRIyo49wjKZddkHet2sbpFAAeETZh8UUWLRb/mupyaSJMycaYCNjLZCUJTztvXxJ\n" +"CCNfbtgvKC+Vu1mu94KBPatslgvnsamH7AiL5wmwRRqdH/Z93XaEvuRG6Zk0Sh9q\n" +"ZMdCboGfjtmGEJ1V+z5CR+IyH4sckzd8WJW6wBSEwgliGaXnc75xKtFWBZV2njNr\n" +"8V1TOYOdLEbiF4wduVExL5TKq2ywNkRpUfK2I1BcWS5D9Te/QT7aSdE08rL6ztmZ\n" +"IhILSrMOfoLnJ4lzXspz3XLlEuhnAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYD\n" +"VR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJXR\n" +"raRS5MVhEqaRE42A3S2BIj7UMB8GA1UdIwQYMBaAFP6S7AyMRO2RfkANgo8YsCl8\n" +"JfJkMA0GCSqGSIb3DQEBCwUAA4IBAQCQ62+skMVZYrGbpab8RI9IG6xH8kEndvFj\n" +"J7wBBZCOlcjOj+HQ7a2buF5zGKRwAOSznKcmvZ7l5DPdsd0t5/VT9LKSbQ6+CfGr\n" +"Xs5qPaDJnRhZkOILCvXJ9qyO+79WNMsg9pWnxkTK7aWR5OYE+1Qw1jG681HMkWTm\n" +"nt7et9bdiNNpvA+L55569XKbdtJLs3hn5gEQFgS7EaEj59aC4vzSTFcidowCoa43\n" +"7JmfSfC9YaAIFH2vriyU0QNf2y7cG5Hpkge+U7uMzQrsT77Q3SDB9WkyPAFNSB4Q\n" +"B/r+OtZXOnQhLlMV7h4XGlWruFEaOBVjFHSdMGUh+DtaLvd1bVXI\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIIDATCCAemgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwNDA0MTk1OTA1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvhyQfsUm3T0xK\n" +"jiBXO3H6Y27b7lmCRYZQCmXCl2sUsGDL7V9biavTt3+sorWtH542/cTGDh5n8591\n" +"7rVxAB/VASmN55O3fjZyFGrjusjhXBla0Yxe5rZ/7/Pjrq84T7gc/IXiX9Sums/c\n" +"o9AeoykfhsjV2ubhh4h+8uPsHDTcAFTxq3mQaoldwnW2nmjDFzaKLtQdnyFf41o6\n" +"nsJCK/J9PtpdCID5Zb+eQfu5Yhk1iUHe8a9TOstCHtgBq61YzufDHUQk3zsT+VZM\n" +"20lDvSBnHdWLjxoea587JbkvtH8xRR8ThwABSb98qPnhJ8+A7mpO89QO1wxZM85A\n" +"xEweQlMHAgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQU/pLsDIxE7ZF+QA2CjxiwKXwl8mQwHwYDVR0jBBgwFoAUGD0R\n" +"Yr2H7kfjQUcBMxSTCDQnhu0wDQYJKoZIhvcNAQELBQADggEBANEXLUV+Z1PGTn7M\n" +"3rPT/m/EamcrZJ3vFWrnfN91ws5llyRUKNhx6222HECh3xRSxH9YJONsbv2zY6sd\n" +"ztY7lvckL4xOgWAjoCVTx3hqbZjDxpLRsvraw1PlqBHlRQVWLKlEQ55+tId2zgMX\n" +"Z+wxM7FlU/6yWVPODIxrqYQd2KqaEp4aLIklw6Hi4HD6DnQJikjsJ6Noe0qyX1Tx\n" +"uZ8mgP/G47Fe2d2H29kJ1iJ6hp1XOqyWrVIh/jONcnTvWS8aMqS3MU0EJH2Pb1Qa\n" +"KGIvbd/3H9LykFTP/b7Imdv2fZxXIK8jC+jbF1w6rdBCVNA0p30X/jonoC3vynEK\n" +"5cK0cgs=\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem)-1 +}; + +static unsigned char server_key_pem[] = +"-----BEGIN RSA PRIVATE KEY-----\n" +"MIIEpQIBAAKCAQEA2d3Qs4fYDkzojm9nbaz7vdX2GIAv3stAAmI0MWq7uxWcJ7lz\n" +"4UCvSh7CFWESMqOPcIymXXZB3rdrG6RQAHhE2YfFFFi0W/5rqcmkiTMnGmAjYy2Q\n" +"lCU87b18SQgjX27YLygvlbtZrveCgT2rbJYL57Gph+wIi+cJsEUanR/2fd12hL7k\n" +"RumZNEofamTHQm6Bn47ZhhCdVfs+QkfiMh+LHJM3fFiVusAUhMIJYhml53O+cSrR\n" +"VgWVdp4za/FdUzmDnSxG4heMHblRMS+UyqtssDZEaVHytiNQXFkuQ/U3v0E+2knR\n" +"NPKy+s7ZmSISC0qzDn6C5yeJc17Kc91y5RLoZwIDAQABAoIBAQCRXAu5HPOsZufq\n" +"0K2DYZz9BdqSckR+M8HbVUZZiksDAeIUJwoHyi6qF2eK+B86JiK4Bz+gsBw2ys3t\n" +"vW2bQqM9N/boIl8D2fZfbCgZWkXGtUonC+mgzk+el4Rq/cEMFVqr6/YDwuKNeJpc\n" +"PJc5dcsvpTvlcjgpj9bJAvJEz2SYiIUpvtG4WNMGGapVZZPDvWn4/isY+75T5oDf\n" +"1X5jG0lN9uoUjcuGuThN7gxjwlRkcvEOPHjXc6rxfrWIDdiz/91V46PwpqVDpRrg\n" +"ig6U7+ckS0Oy2v32x0DaDhwAfDJ2RNc9az6Z+11lmY3LPkjG/p8Klcmgvt4/lwkD\n" +"OYRC5QGRAoGBAPFdud6nmVt9h1DL0o4R6snm6P3K81Ds765VWVmpzJkK3+bwe4PQ\n" +"GQQ0I0zN4hXkDMwHETS+EVWllqkK/d4dsE3volYtyTti8zthIATlgSEJ81x/ChAQ\n" +"vvXxgx+zPUnb1mUwy+X+6urTHe4bxN2ypg6ROIUmT+Hx1ITG40LRRiPTAoGBAOcT\n" +"WR8DTrj42xbxAUpz9vxJ15ZMwuIpk3ShE6+CWqvaXHF22Ju4WFwRNlW2zVLH6UMt\n" +"nNfOzyDoryoiu0+0mg0wSmgdJbtCSHoI2GeiAnjGn5i8flQlPQ8bdwwmU6g6I/EU\n" +"QRbGK/2XLmlrGN52gVy9UX0NsAA5fEOsAJiFj1CdAoGBAN9i3nbq6O2bNVSa/8mL\n" +"XaD1vGe/oQgh8gaIaYSpuXlfbjCAG+C4BZ81XgJkfj3CbfGbDNqimsqI0fKsAJ/F\n" +"HHpVMgrOn3L+Np2bW5YMj0Fzwy+1SCvsQ8C+gJwjOLMV6syGp/+6udMSB55rRv3k\n" +"rPnIf+YDumUke4tTw9wAcgkPAoGASHMkiji7QfuklbjSsslRMyDj21gN8mMevH6U\n" +"cX7pduBsA5dDqu9NpPAwnQdHsSDE3i868d8BykuqQAfLut3hPylY6vPYlLHfj4Oe\n" +"dj+xjrSX7YeMBE34qvfth32s1R4FjtzO25keyc/Q2XSew4FcZftlxVO5Txi3AXC4\n" +"bxnRKXECgYEAva+og7/rK+ZjboJVNxhFrwHp9bXhz4tzrUaWNvJD2vKJ5ZcThHcX\n" +"zCig8W7eXHLPLDhi9aWZ3kUZ1RLhrFc/6dujtVtU9z2w1tmn1I+4Zi6D6L4DzKdg\n" +"nMRLFoXufs/qoaJTqa8sQvKa+ceJAF04+gGtw617cuaZdZ3SYRLR2dk=\n" +"-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem)-1 +}; + +static unsigned char ca_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwNDA0MTk1OTA1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD46JAPKrTsNTHl\n" +"zD06eIYBF/8Z+TR0wukp9Cdh8Sw77dODLjy/QrVKiDgDZZdyUc8Agsdr86i95O0p\n" +"w19Np3a0wja0VC9uwppZrpuHsrWukwxIBXoViyBc20Y6Ce8j0scCbR10SP565qXC\n" +"i8vr86S4xmQMRZMtwohP/GWQzt45jqkHPYHjdKzwo2b2XI7joDq0dvbr3MSONkGs\n" +"z7A/1Bl3iH5keDTWjqpJRWqXE79IhGOhELy+gG4VLJDGHWCr2mq24b9Kirp+TTxl\n" +"lUwJRbchqUqerlFdt1NgDoGaJyd73Sh0qcZzmEiOI2hGvBtG86tdQ6veC9dl05et\n" +"pM+6RMABAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQUGD0RYr2H7kfjQUcBMxSTCDQnhu0wDQYJKoZIhvcNAQELBQAD\n" +"ggEBALnHMubZ6WJ/XOFyDuo0imwg2onrPas3MuKT4+y0aHY943BgAOEc3jKitRjc\n" +"qhb0IUD+NS7itRwNtCgI3v5Ym5nnQoVk+aOD/D724TjJ9XaPQJzOnuGaZX99VN2F\n" +"sgwAtDXedlDQ+I6KLzLd6VW+UyWTG4qiRjOGDnG2kM1wAEOM27TzHV/YWleGjhtA\n" +"bRHxkioOni5goNlTzazxF4v9VD2uinWrIFyZmF6vQuMm6rKFgq6higAU8uesFo7+\n" +"3qpeRjNrPC4fNJUBvv+PC0WnP0PLnD/rY/ZcTYjLb/vJp1fiMJ5fU7jJklBhX2TE\n" +"tstcP7FUV5HA/s9BxgAh0Z2wyyY=\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t ca_cert = { ca_cert_pem, + sizeof(ca_cert_pem)-1 +}; + +/* A server cert/key pair with CA */ +static unsigned char server2_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIEITCCAomgAwIBAgIMVmajOA3Gh2967f62MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" +"BgNVBAMTBENBLTAwIBcNMTUxMjA4MDkzMDMyWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" +"ETAPBgNVBAMTCHNlcnZlci0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" +"AYEApk9rgAWlVEGy9t5Nn9RsvupM3JATJe2ONeGgMjAT++rgjsENwjqNNmEFLZjx\n" +"8VfRjnHoVEIWvMJqeaAeBwP7GiKiDiLkHEK4ZwjJZ7aqy0KIRktDLWvJrZdoJryt\n" +"yMikKVhPHQ9qwh6JRA3qx1FiEcW7ahU2U4/r/fydiUC0wec2UhBd4AJyXzYvFO7o\n" +"SKPkQfzlGBNT55z/Wp9zfOO1w2x/++I+1AoKFFJ1dRI3hyrL/DfOUMoeVkJ6knyZ\n" +"N3TQo+ZjbSkLZlpnAoxGSN8uNcX9q91AuM2zQOg1xPD0ZJvLP3j9BOtYQ7rvkX0U\n" +"3efJXXO+Gq4oCKiPU4ZY6u43BquipzEaeZiSWPS6Xj2Ipn+KO0v77NBxhNP3lpfQ\n" +"YDwZbw1AjnViE+WUS8r2DyM47daTGafqUCXM08kSTCrSWSte96P0jHFnyjtPGrwC\n" +"0KQw1ug4nJxFi9FHZyU+IhczvFthocPuKOAq44//zsKKuPKsJIhA4QXfdVVvm4m+\n" +"RoTZAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0\n" +"MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFCWcdf+x5Ge4ec8WGfoWYcNlaEQF\n" +"MB8GA1UdIwQYMBaAFEt2/L3oAu29JvNzjKv/Xavvp0ufMA0GCSqGSIb3DQEBCwUA\n" +"A4IBgQC/vXr2ecuGhAHJaBxWqay3IxyBgoQUxOMkXcXLMILxXGtIKheVZOJnilvU\n" +"K9/fBy7N3ygUemvblNBfDJG+fA5jTmUQC8UEgeStp0iena3iAJxsGikCIAJKGzBk\n" +"LHiPls2z9uLQXO+ZRlK1E+XfB0/3Mu4dPAPM50TLL8jYLfYzZZchgfhCX51dmic/\n" +"EW4LL+K6LzIHoLV32YEFL9ea4y46Ub0dAX+WEwZYKu5Fu/hk+n34lBYBW1uWzPhK\n" +"JjXVbQQUE4nirzjWr6ch5rDXz1JhhNuuex29EqA3reWtQWnHySU43/uoFxN1jD0r\n" +"bMjyE5li2WU796vKyB0hYBKcOauWJPDdrKFvVs45GH6r84hjAacMq4RKm4P9esuQ\n" +"0GXVaUCLGHP1ss+glFB/k5DJO1nb6hZPOCKsdaO/VbXl5kmcxgvzAoedDTiUJiC5\n" +"URF3vuETfLwew2gE38NrTEPT54S5rYLsp/F6+5nIIhqG0BtaOwIx1VbBlrMnbsx+\n" +"pFLp6h0=\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIID8zCCAlugAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCAXDTE1MTIwODA5MzAzMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0Q82wj5Dk/me634j\n" +"DnFBbAJ5FGNNeXnBgprRo2tQv8oJYMN/osSVd/03XiWBQnXk7v2aSkfXMqgEAzfv\n" +"0fzWZYyhKSwTvDG48LfnIuF7UrnvnC3xdAOjcQ+E3zUdYYonSn3gRBwIjOK4wFbG\n" +"Q4oelFnPOjWGeasLh++yBNfCa506jgFd9Y1rU5o0r/EIYSQi2aj71E+x3EdkS0Tx\n" +"iKpIGHseuP2ARmmZPLy4YglFBvPiDRi0jdgdWd6UbNk7XJ+xnKa9gVtk3TX7vy5E\n" +"7R1686F66bIe9T1N2Wyf3huJkgwUB2UPpG9rNiOvRLGFxkONeATwiJyzJG9DmtGw\n" +"GbKsyMDU9Rq9Z694tBCnlWlPrQKsZEsnivPIn/2VaANArT1QtsS+EdaXzuIWmIM0\n" +"cdQXf1U1VhzACFpHnFZ6XsOe40qwzj+6RQprHcWnIGP992qiQ6zPF8QPkycTrbhi\n" +"TG7hX59sTTBJva5DNjZnx4H/hOiQub04CMD501JiLQ1ALXGfAgMBAAGjWDBWMA8G\n" +"A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD\n" +"AwcGADAdBgNVHQ4EFgQUS3b8vegC7b0m83OMq/9dq++nS58wDQYJKoZIhvcNAQEL\n" +"BQADggGBALJv0DUD3Ujb0a9zcgKQIjljFMoA0v5A6+ZoLeHmRTU5udNV9G2AsdSx\n" +"PEH/D7v/GyoR0jApgA0TiAqRuvlc3NsdHBx9tFvgrAFyC7bbJRrf9lP9QlTqkmb7\n" +"a85OYmdiDhtQSyKdtSZpAfP7jVGJqQz5UWbV3CjYfubU+HLIZXEb6m8YCKBFb7l9\n" +"GNrcKK+gFyrQr6KmojzMkJd5PxVBUsYleaf/0QxC7nRbTH/qomJvooI2nLBLA7U3\n" +"VGLL3Og6rpjIWu2dwkvepcnesdrnPq4hJQ+uSfDkthP/qCs/3Nj9bvL73DIAYUc2\n" +"6FUmOK40BRhBhcAIYj+9JDtHncykj0RBjH6eq+goDTSd4gTXmfbzb8p1jjLal8xZ\n" +"PcNzShMpUqkmWe3Otzd98zkOzqiHeO03tBgfA5u+4gInSdQp5eUpE3Uivp9IcNaC\n" +"TMSfIA6roY+p7j1ISlmzXUZuEz9dkJumV0TMmOv6nd+ZufwaDOIuDPad5bG2JFji\n" +"KvV1dLfOfg==\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server2_cert = { server2_cert_pem, + sizeof(server2_cert_pem)-1 +}; + +static unsigned char server2_key_pem[] = +"-----BEGIN RSA PRIVATE KEY-----\n" +"MIIG4wIBAAKCAYEApk9rgAWlVEGy9t5Nn9RsvupM3JATJe2ONeGgMjAT++rgjsEN\n" +"wjqNNmEFLZjx8VfRjnHoVEIWvMJqeaAeBwP7GiKiDiLkHEK4ZwjJZ7aqy0KIRktD\n" +"LWvJrZdoJrytyMikKVhPHQ9qwh6JRA3qx1FiEcW7ahU2U4/r/fydiUC0wec2UhBd\n" +"4AJyXzYvFO7oSKPkQfzlGBNT55z/Wp9zfOO1w2x/++I+1AoKFFJ1dRI3hyrL/DfO\n" +"UMoeVkJ6knyZN3TQo+ZjbSkLZlpnAoxGSN8uNcX9q91AuM2zQOg1xPD0ZJvLP3j9\n" +"BOtYQ7rvkX0U3efJXXO+Gq4oCKiPU4ZY6u43BquipzEaeZiSWPS6Xj2Ipn+KO0v7\n" +"7NBxhNP3lpfQYDwZbw1AjnViE+WUS8r2DyM47daTGafqUCXM08kSTCrSWSte96P0\n" +"jHFnyjtPGrwC0KQw1ug4nJxFi9FHZyU+IhczvFthocPuKOAq44//zsKKuPKsJIhA\n" +"4QXfdVVvm4m+RoTZAgMBAAECggGAS5YpC6SFQcgiaKUcrpnDWvnuOQiaS1Cuo7qK\n" +"LoU/b+2OZhNEB5TI/YAW9GRhAgmhypXmu/TVlLDf56toOlQK2hQHh1lAR7/jQ6Dw\n" +"uNyCv6LbgOdP/uLQZL89rO1wJqNaSRhDzLdnFBcA2BdjL3fDlMRDq7E8Ybo1zdf0\n" +"WZ85CC/ntmCN6fPyu2dK+r6if/FNGtiv3sNaDRiDzlJOEOMFh25WtMpdN83gSuA3\n" +"ViATcLF4yIcsk/do1leckdtjX5sNRIl6b53V0LoXd62BOs9KmrvpZt4MOx8XjPnw\n" +"8P+gvqTA6U7zYGPdIbE6Ri+YJ/NKCND2U02XPdHF2N1TSDafZ7McjHZf53Dr+U2M\n" +"nqLz6wY3SzLR9Puhn9FJHgyBcEaobEDFqWJC3cqNxn1u90bk9XxRflAO99vKb341\n" +"qZXpN+/s9t0z6uL5G6q6s8ta9W0WKuiYelZam91+c6j8BXh1nntfFo7H6UvI8gSl\n" +"axaTwxD3+tEgmpNj9f5+tP75rE1JAoHBAN1vJvnTISX7UEQfgytOszdl90viaSj4\n" +"3gqD0M80OVaYk9ocffIIL/Dv66Wi5Ur9LgEOAfOlA/T67sCKEJ3D227czT0kj17f\n" +"GCWLLlJgNeJ/zbs4eB11ysKPFgW92/NABtyOJBaRHlf2GuGwRGv64kBBdcteg5zQ\n" +"ylNGpgjgf8SGtwIhoOScE9cdpdLO0AeRU/s/bQEnEpAlF08GjuCPjdHPuTVn9/EW\n" +"zlc73WoKUyT6wJsvXMDoiiqDhFvT/C4kvwKBwQDARW4v2SAvxHPPARBCHxre90FL\n" +"B+V+B3MUCP/pySkmVvdmUzm4ftPpIJ5E16ONzH3LYUpSoOIcBgR0ouWawjp3azyf\n" +"U+1k8NT1VCWl745uCMIKT7x3sTqFznkp8UAsE7x2mvD+yze35qSIjaSwDP0IXYQT\n" +"OmsVoY0WkP1OyyqiUObzced/9rWl5ysFa7R9MyXPNS98dViBYx0ORnadBjh7KuuZ\n" +"f9lW2aemW1MGMh2+3dokjpQGo958N9QDaafNRGcCgcAYXvxuMJOMZ52M8d7w7EeD\n" +"SGCwZGnojYN6qslXlMrewgo7zjj6Y3ZLUUyhPU15NGZUzWLfmwDVfKy8WjW792t2\n" +"Ryz7lsOE0I8Kyse9X0Nu+1v8SBnIPEelpDPrS9siaaCXs7k7Fpu9WKPaxRiyvbkb\n" +"E1lQmcVog/5QrgzmGzdUvPL1dBgOMTNp0KSIkCSLQK56j5+Cqfc8ECkBlJozEvmr\n" +"5u3ed+PtD/KD3V3gJuTBxCtgqRTPUoiqZzExHiK6PWcCgcEAguWBy29tWzfKg+48\n" +"bFeSyqLYP8WDdpaJwOUTnMzHiAOC8JXOYQ1vJXKAbWvFPD8wkOqOV8yRwvRRyjow\n" +"SHjcpvpJzkqr/qF6yf5clyiM9dpeh/ia3X250uirUmOdBaT2FGUNltkw+LE76H9N\n" +"1FEzXqOTzCdkSdivHeLdoOvt/Y1IfgpYyaRjLCxB/LHDsczFe9jAmGGnPIcGe/Z6\n" +"wBJBF5Ezzk/c3iTV3wqjbj9mQs/0uBidLBwZ1sWHQD+I7tUXAoHAHXjrwCI5AJTS\n" +"OyK0/85F5x5cbbeWZvU9bgni6IN51j9r12J13qt1bBQE+jQkOKRkvyRtEeQW3Zod\n" +"+zcBcCqU9HSQa7BH7beT6ChEz+lx/OZ+b34MOxwE6BJdQCu1048fD9/xHq8xoQQf\n" +"E+1aSEFaNRfxIOdqNUvyKy+WgWKoMDU96Uw6LU4z9lzOLwKb4LTZhE+qp2lMJ2Ws\n" +"9lH//6DGC2Z42m0Do2uqdxjBclumwqvzdozgsAwKSNkDUMAqPKI5\n" +"-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server2_key = { server2_key_pem, + sizeof(server2_key_pem)-1 +}; + +static unsigned char ca2_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIID8zCCAlugAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCAXDTE1MTIwODA5MzAzMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0Q82wj5Dk/me634j\n" +"DnFBbAJ5FGNNeXnBgprRo2tQv8oJYMN/osSVd/03XiWBQnXk7v2aSkfXMqgEAzfv\n" +"0fzWZYyhKSwTvDG48LfnIuF7UrnvnC3xdAOjcQ+E3zUdYYonSn3gRBwIjOK4wFbG\n" +"Q4oelFnPOjWGeasLh++yBNfCa506jgFd9Y1rU5o0r/EIYSQi2aj71E+x3EdkS0Tx\n" +"iKpIGHseuP2ARmmZPLy4YglFBvPiDRi0jdgdWd6UbNk7XJ+xnKa9gVtk3TX7vy5E\n" +"7R1686F66bIe9T1N2Wyf3huJkgwUB2UPpG9rNiOvRLGFxkONeATwiJyzJG9DmtGw\n" +"GbKsyMDU9Rq9Z694tBCnlWlPrQKsZEsnivPIn/2VaANArT1QtsS+EdaXzuIWmIM0\n" +"cdQXf1U1VhzACFpHnFZ6XsOe40qwzj+6RQprHcWnIGP992qiQ6zPF8QPkycTrbhi\n" +"TG7hX59sTTBJva5DNjZnx4H/hOiQub04CMD501JiLQ1ALXGfAgMBAAGjWDBWMA8G\n" +"A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD\n" +"AwcGADAdBgNVHQ4EFgQUS3b8vegC7b0m83OMq/9dq++nS58wDQYJKoZIhvcNAQEL\n" +"BQADggGBALJv0DUD3Ujb0a9zcgKQIjljFMoA0v5A6+ZoLeHmRTU5udNV9G2AsdSx\n" +"PEH/D7v/GyoR0jApgA0TiAqRuvlc3NsdHBx9tFvgrAFyC7bbJRrf9lP9QlTqkmb7\n" +"a85OYmdiDhtQSyKdtSZpAfP7jVGJqQz5UWbV3CjYfubU+HLIZXEb6m8YCKBFb7l9\n" +"GNrcKK+gFyrQr6KmojzMkJd5PxVBUsYleaf/0QxC7nRbTH/qomJvooI2nLBLA7U3\n" +"VGLL3Og6rpjIWu2dwkvepcnesdrnPq4hJQ+uSfDkthP/qCs/3Nj9bvL73DIAYUc2\n" +"6FUmOK40BRhBhcAIYj+9JDtHncykj0RBjH6eq+goDTSd4gTXmfbzb8p1jjLal8xZ\n" +"PcNzShMpUqkmWe3Otzd98zkOzqiHeO03tBgfA5u+4gInSdQp5eUpE3Uivp9IcNaC\n" +"TMSfIA6roY+p7j1ISlmzXUZuEz9dkJumV0TMmOv6nd+ZufwaDOIuDPad5bG2JFji\n" +"KvV1dLfOfg==\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t ca2_cert = { ca2_cert_pem, + sizeof(ca2_cert_pem)-1 +}; + +static unsigned char cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" + "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" + "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" + "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" + "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" + "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" + "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" + "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" + "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" + "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t cli_cert = { cert_pem, sizeof(cert_pem) - 1}; + +static unsigned char key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; +const gnutls_datum_t cli_key = { key_pem, sizeof(key_pem) - 1}; + +static char dsa_key_pem[] = + "-----BEGIN DSA PRIVATE KEY-----\n" + "MIIBugIBAAKBgQC5hPVagb4aDcWKc48Mmy+btg5Lw3Qaf2StnfMoxaBHvJtXVvGX\n" + "1X43A+nyTPTji38wo10vu6GiN8LqNY8fsV+mol8B8SM2K+RPLy3dndU6pjmvelF8\n" + "0iWOl3TPHsV7S3ZDgQcfBhS4blgS4ZDiN2/SG+xoxVji5jDgal4sY3jsBwIVAJ9W\n" + "jEhkL/6NqnptltsEXRbvCKVxAoGAYgZ+5Fx2CLdGGl3Xl9QqIfsfMcnS9Po52CfR\n" + "m/wnXacKpxr8U8EvQ8I3yIV/PUyrXYEy+x1eHlQRFiDGgFrZjJtD8N1roPTD8oqc\n" + "OdIcew/v+iiTj9KhIuvc4IqLrSgOz+8Jhek2vYt6UNV79yUNbGARxO9wkM/WG+u7\n" + "jsY+OpcCgYAPiodX8tHC3KzfS4sPi7op9+ED5FX6spgH1v0SsYC89bq0UNR/oA5D\n" + "55/JeBFf5eQMLGtqpDXcvVTlYDaaMdGKWW5rHLq9LrrrfIfv2sjdoeukg+aLrfr6\n" + "jlvXN8gyPpbCPvRD2n2RAg+3vPjvj/dBAF6W3w8IltzqsukGgq/SLwIUS5/r/2ya\n" + "AoNBXjeBjgCGMei2m8E=\n" "-----END DSA PRIVATE KEY-----\n"; + +const gnutls_datum_t dsa_key = { (unsigned char*)dsa_key_pem, + sizeof(dsa_key_pem)-1 +}; + + +static char ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIID+jCCAmKgAwIBAgIIVzGgXgSsTYwwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNjA1MTAwODQ4MzBaGA85OTk5MTIzMTIzNTk1OVowDzENMAsG\n" + "A1UEAxMEQ0EtMzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALbdxniG\n" + "+2wP/ONeZfvR7AJakVo5deFKIHVTiiBWwhg+HSjd4nfDa+vyTt/wIdldP1PriD1R\n" + "igc8z68+RxPpGfAc197pKlKpO08I0L1RDKnjBWr4fGdCzE6uZ/ZsKVifoIZpdC8M\n" + "2IYpAIMajEtnH53XZ1hTEviXTsneuiCTtap73OeSkL71SrIMkgBmAX17gfX3SxFj\n" + "QUzOs6QMMOa3+8GW7RI+E/SyS1QkOO860dj9XYgOnTL20ibGcWF2XmTiQASI+KmH\n" + "vYJCNJF/8pvmyJRyBHGZO830aBY0+DcS2bLKcyMiWfOJw7WnpaO7zSEC5WFgo4jd\n" + "qroUBQdjQNCSSdrt1yYrAl1Sj2PMxYFX4H545Pr2sMpwC9AnPk9+uucT1Inj9615\n" + "qbuXgFwhkgpK5pnPjzKaHp7ESlJj4/dIPTmhlt5BV+CLh7tSLzVLrddGU+os8Jin\n" + "T42radJ5V51Hn0C1CHIaFAuBCd5XRHXtrKb7WcnwCOxlcvux9h5/847F4wIDAQAB\n" + "o1gwVjAPBgNVHRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1Ud\n" + "DwEB/wQFAwMHBgAwHQYDVR0OBBYEFPmohhljtqQUE2B2DwGaNTbv8bSvMA0GCSqG\n" + "SIb3DQEBCwUAA4IBgQBhBi8dXQMtXH2oqcuHuEj9JkxraAsaJvc1WAoxbiqVcJKc\n" + "VSC0gvoCY3q+NQvuePzw5dzd5JBfkoIsP5U6ATWAUPPqCP+/jRnFqDQlH626mhDG\n" + "VS8W7Ee8z1KWqnKWGv5nkrZ6r3y9bVaNUmY7rytzuct1bI9YkX1kM66vgnU2xeMI\n" + "jDe36/wTtBRVFPSPpE3KL9hxCg3KgPSeSmmIhmQxJ1M6xe00314/GX3lTDt55UdM\n" + "gmldl2LHV+0i1NPCgnuOEFVOiz2nHAnw2LNmvHEDDpPauz2Meeh9aaDeefIh2u/w\n" + "g39WRPhU1mYvmxvYZqA/jwSctiEhuKEBBZSOHxeTjplH1THlIziVnYyVW4sPMiGU\n" + "ajXhTi47H219hx87+bldruOtirbDIslL9RGWqWAkMeGP+hUl1R2zvDukaqIKqIN8\n" + "1/A/EeMoI6/IHb1BpgY2rGs/I/QTb3VTKqQUYv09Hi+itPCdKqamSm8dZMKKaPA0\n" + "fD9yskUMFPBhfj8BvXg=\n" + "-----END CERTIFICATE-----\n"; + + +static char ca3_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIG4gIBAAKCAYEAtt3GeIb7bA/8415l+9HsAlqRWjl14UogdVOKIFbCGD4dKN3i\n" + "d8Nr6/JO3/Ah2V0/U+uIPVGKBzzPrz5HE+kZ8BzX3ukqUqk7TwjQvVEMqeMFavh8\n" + "Z0LMTq5n9mwpWJ+ghml0LwzYhikAgxqMS2cfnddnWFMS+JdOyd66IJO1qnvc55KQ\n" + "vvVKsgySAGYBfXuB9fdLEWNBTM6zpAww5rf7wZbtEj4T9LJLVCQ47zrR2P1diA6d\n" + "MvbSJsZxYXZeZOJABIj4qYe9gkI0kX/ym+bIlHIEcZk7zfRoFjT4NxLZsspzIyJZ\n" + "84nDtaelo7vNIQLlYWCjiN2quhQFB2NA0JJJ2u3XJisCXVKPY8zFgVfgfnjk+vaw\n" + "ynAL0Cc+T3665xPUieP3rXmpu5eAXCGSCkrmmc+PMpoensRKUmPj90g9OaGW3kFX\n" + "4IuHu1IvNUut10ZT6izwmKdPjatp0nlXnUefQLUIchoUC4EJ3ldEde2spvtZyfAI\n" + "7GVy+7H2Hn/zjsXjAgMBAAECggGASjfywKJQUwieJA4BKFaICmCF0++0V07Fo7jX\n" + "O87akgpLvXVo4CDRoX7D4oHMyzLcbAwRTInWkp9sz3xgTsVyAJFEUDWkNs52wtoa\n" + "FmxZzm3UmhjmLObgkyKYEVzO3yhSd5s/S4VUMAdeLNfOjx/4phBx4lg9P+XxVV9v\n" + "fZ9VwS7qdpZ25voZafBOJZlBC5PgKFtI/XKiYzEVmgRUqJ+Nr4G5EIlfghYHGsxk\n" + "yzu9Ret3VaxQwwmIO7KY++yV3S4yC4H2A8kmInp+95IeNXND2GEgZJyp0z/7bkd0\n" + "lOtSbYZKEaMZob2IM9gcbAHvG+Oq1349zNtC5d8KyjYcJ4W2BkeHrNiSWHiHq5zA\n" + "dMbvgWs2ydjmpU5DacsP974lDsrt5TO+Cn16ETxDIqklkOqkLInuVmgssjWMbG0F\n" + "qxjM6XgnO6xUizxDJywzWg05J5CCGWydbj/m6Cfns0+jokuCTSuqcAsKBhe6YD4o\n" + "KOdws1egC7Bh+JqCTU1FtazU+THJAoHBAMz+FZrYOJVIhBOHQdttCPtYL3kglPwx\n" + "Tvtryvct7ui76LFCtwsDclQl5wcCl89NQF+9hVpW5t3kSHuM05mFHxvFlx2fTw01\n" + "6z4aXiLiccuc4QZQuTnfSW9OeX285So5rRbEHc8A9Pfa3Mi1OHYCt3jD92r6JGfD\n" + "NQd06vJRgUjjLSBtWvY4usamNWY/lOCJPjSJG8x3TqRyS4e0KtD1rHgJ8I9L2+a1\n" + "MT6E8qy8lf1+5H4hnHfYjSi9/URuYtoVNQKBwQDkXkNaJi30D/6abhdcqm9/Vitr\n" + "bzmhkxDOTTmkaZ/9YH8lfhcbANFuIYvBb+1DSOGtXWy02pidxc3DC1QbxHpjjmd4\n" + "fCe4TCVffMuLZDE+SofbltyQ84mVhEJS3iH0QB5ESS0M+MNn9v92Ah98UK58wWFS\n" + "UUmBvEqVWGDlBoSiyQ0H+B2uWI1h24F7WQYGZppdFCs8YE6ZS0pmEklQ4DrnGd/J\n" + "urXANEa6XE+BG9KF8x0sAM0YH1gHfLmyZrJXybcCgcB2v0kspcxBTfyUg2m2/naR\n" + "gwgdFq63WKj0JAEzJryavR+Sb58xFhIIhNxLx0jBoXKFA3hYWLbsGu2SBIYfDGp0\n" + "4AUl978HXBClrQiTFLHuzTXdPq3NxHb5r2/ZUq89wqNt6LWL0HYXjgUPj0rhsbku\n" + "j/anVbf5E6+IXkYrkONfoZnmivKCZ2Jq6KVOUc6gM2CBdltQGlzIDh2Kwud6nJYI\n" + "A1oC6GK+Rn/8Q2+AeM46RmN+XWISWrOKwmQQXBGPW3ECgcB3pk/Bjtlq02qBPQcu\n" + "fPnYDKzJKEhYuHYIsPtvggvaNFHJsgunEUGpYxgXLG5yX2Amdhl7lEB8AWQyOeBC\n" + "gCnjuXvK67nf3L2EDx2SFdebHG+cBKnhpEfEt7wMMOg3UdTJ0FEzR68R7J6iFLCs\n" + "cJVLNgKon4BU4fNt1hVGSaj6pT4Xm87pRuokiF6J4vW+Ksnb1LJmessTlBgR7KjP\n" + "H/yckrjmt9V8M6ePAsiBC7O8jMkPAghzCBEWMyoUJ6xvRHcCgcAWZFAbb0kCiebN\n" + "twTeVJ53V3hdFpanX1bDCOD+B7QFGqkNpEiF4WqHioSrXVhL9yLROLFUo43eqH4u\n" + "3m1cny0hwWDrkDbuMIMrjHtQRYsDX/0XbwPFr1jxNHggzC6uZXeSKih7xoVFFL/e\n" + "AbsLJbTvoXgn6abfY5JlN45G+P9L23j3/B5PYQUTLllXQxgFGIpnWL0RFCHQuNX6\n" + "xkwfZG91IiOdKlKEddraZb3OppP1j7HsiyaYmwIMtsPc9wa2EsU=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t ca3_key = { (unsigned char*)ca3_key_pem, + sizeof(ca3_key_pem)-1 +}; + +const gnutls_datum_t ca3_cert = { (unsigned char*)ca3_cert_pem, + sizeof(ca3_cert_pem)-1 +}; + + +static char subca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEDTCCAnWgAwIBAgIMV6MdMjWzT9C59ec8MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTMwIBcNMTYwNTEwMDg0ODMwWhgPOTk5OTEyMzEyMzU5NTlaMBIx\n" + "EDAOBgNVBAMTB3N1YkNBLTMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIB\n" + "gQCgOcNXzStOnRFoi05aMRLeMB45X4a2srSBul3ULxDSGjIP0EEl//X2WLiope/x\n" + "NL8bPCRpI1sSVXl8Hb1cK3qWNGazVmC7xW07NxL26I86e3/BVRnq8ioVtvPQwEpv\n" + "uI8F97x1vL/n+cfcdkN77NScr5C9jHMVioRvC+qKz9bUBx5DSySV66PR5+wGsJDv\n" + "kfsmjVOgqiTlSWQS5G3nMMq0Rixsc5dP5Wygkbdh9+45UCtObcnHABJrP+GtLiG0\n" + "AOUx6oPzPteZL13erWXg7zYusTarj9rTcdsgR/Im1mIzmD2i7GhJo4Gj0Sk3Rq93\n" + "JyeA+Ay5UPmqcm+dqX00b49MTTv4GtO53kLQSCXYFJ96jcMiXMzBFJD1ROsdk4WU\n" + "ed/tJMHffttDz9j3WcuX9M2nzTT2xlauokjbEAhRDRw5fxCFZh7TbmaH4vysDO9U\n" + "ZXVEXSLKonQ2Lmyso48s/G30VmlSjtPtJqRsv/oPpCO/c0D6BrkHV55B48xfmyIF\n" + "jgECAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0G\n" + "A1UdDgQWBBQtMwQbJ3+UBHzH4zVP6SWklOG3oTAfBgNVHSMEGDAWgBT5qIYZY7ak\n" + "FBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAMii5Gx3/d/58oDRy5a0o\n" + "PvQhkU0dKa61NfjjOz9uqxNSilLJE7jGJPaG2tKtC/XU1Ybql2tqQY68kogjKs31\n" + "QC6RFkoZAFouTJt11kzbgVWKewCk3/OrA0/ZkRrAfE0Pma/NITRwTHmTsQOdv/bz\n" + "R+xIPhjKxKrKyJFMG5xb+Q0OKSbd8kDpgYWKob5x2jsNYgEDp8nYSRT45SGw7c7F\n" + "cumkXz2nA6r5NwbnhELvNFK8fzsY+QJKHaAlJ9CclliP1PiiAcl2LQo2gaygWNiD\n" + "+ggnqzy7nqam9rieOOMHls1kKFAFrWy2g/cBhTfS+/7Shpex7NK2GAiujgUV0TZH\n" + "EyEZt6um4gLS9vwUKs/R4XS9VL/bBlfAy2hAVTeUejiRBGeTJkqBu7+c4FdrCByV\n" + "haeQASMYu/lga8eaGL1zJbJe2BQWI754KDYDT9qKNqGlgysr4AVje7z1Y1MQ72Sn\n" + "frzYSQw6BB85CurB6iou3Q+eM4o4g/+xGEuDo0Ne/8ir\n" + "-----END CERTIFICATE-----\n"; + +static char subca3_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIG5AIBAAKCAYEAoDnDV80rTp0RaItOWjES3jAeOV+GtrK0gbpd1C8Q0hoyD9BB\n" + "Jf/19li4qKXv8TS/GzwkaSNbElV5fB29XCt6ljRms1Zgu8VtOzcS9uiPOnt/wVUZ\n" + "6vIqFbbz0MBKb7iPBfe8dby/5/nH3HZDe+zUnK+QvYxzFYqEbwvqis/W1AceQ0sk\n" + "leuj0efsBrCQ75H7Jo1ToKok5UlkEuRt5zDKtEYsbHOXT+VsoJG3YffuOVArTm3J\n" + "xwASaz/hrS4htADlMeqD8z7XmS9d3q1l4O82LrE2q4/a03HbIEfyJtZiM5g9ouxo\n" + "SaOBo9EpN0avdycngPgMuVD5qnJvnal9NG+PTE07+BrTud5C0Egl2BSfeo3DIlzM\n" + "wRSQ9UTrHZOFlHnf7STB337bQ8/Y91nLl/TNp8009sZWrqJI2xAIUQ0cOX8QhWYe\n" + "025mh+L8rAzvVGV1RF0iyqJ0Ni5srKOPLPxt9FZpUo7T7SakbL/6D6Qjv3NA+ga5\n" + "B1eeQePMX5siBY4BAgMBAAECggGAW56MIBHW+L4B7VjzNcmn81tqfP4txxzK8P+D\n" + "lchQAwQtqjM4faUunW5AMVepq7Cwsr8iRuiLtCEiNaG/3QuTrn5KV7RF3jlXa6vj\n" + "cUKsXBGwjPm/t0RAYmhaZPz/04CicBQoNN74kYqYCW2qyxsyvGH8DxdX23J4phMX\n" + "S8brHhTv7iTyx7OV2nqW0YB3cDZ2eaYIsu9355Ce49qxKakR0CHsVxuF447aHbsV\n" + "NLUUCLvZ95/56IwW/DLsNh4R8Z8siEDde8imHyJOVihqrxvoQ7pL0+qB8amsMEVd\n" + "YcUr0ln56Ob5MuO5vD5lAASbOgGUcI/3OWsd2KzquNxKzZaZu+nC1Yh150E1jDEi\n" + "dZIgTtAr39sCx2EwovYwOWrVz66afzN05/0QxuXaoR5IuqbAt7mmaC5wSUGfuAyA\n" + "oy94+JEAb6bb1RPdzcLE5AC6n1zdcOwtuHAajFIppR3He4n4cODaPyqf8pqoCE7s\n" + "fqCa43LLUbPNIEh+E0jFy2lBlqRNAoHBAMY4REQIAUP9PEVtGKi+fvqlBjEn2hzx\n" + "7GuVscvro2U4xk7ZwM1ZffDM9Skuf10+QK15fT4sC4WknJ5MNDY6lkkuPAAaE+Wh\n" + "O6w9Dkz264n2xiGCOEignsAbTkOOZCiWVh9xq4N3o6C9uWUWPOW5bnBx9BzMRi59\n" + "SK5qLTOlJur8fczV/1/sFTUEwBiahERUFqGlOD3t4/z5YuWdFjoXhOh3s60hro8C\n" + "57E4mDuk5sgIh2/i0L9Aob1fnN/Hkl89hwKBwQDO7kNJcRgzbtnK4bX3QWiZVI42\n" + "91YfWtHGqJuqymi8a/4oNBzlBqJECtd0fYcCudadXGtjmf68/BbfwZjZzPOVrnpM\n" + "3XvMgvJgwuppW+Uovvk7eStUGqz1YzEZQZlVSc6p3sB0Lv9EGU5hCejnJmzF36s2\n" + "+KWuzyjkBg4o7fqYAeE2y4tZzGOwRjlOLJQQKQANTv24fOHXCaWBwrkgPloFqkrx\n" + "QPe6Dm7iWdi4xGB3zFZxSZbr0rZ1SmSTn3kbejcCgcEAvoTwYG9NQBsTpitA61gF\n" + "1kVtWSvTwcRpl9KOzNCVAUJ7oOg9H2Ln4N4uucFeW7HtGo/N6EcPYAmjG6dk+8Z+\n" + "EqKkuvhVrX22TEt3BlTCeZ2+PBDcpjnzu/PC2r3u2O/+oURxNPB2TpZsrpOcPrVn\n" + "SB7PIirZPe/fPv0Aq0YOzQeYppv9VCYnEAmb1UoW3VHxWrbiAuw3GTxeaRH+fiGC\n" + "9qmvAjaAgCarqTQbZiCOTS+dddYNC/ZEPy+6KYC52F7bAoHBAJLp5EnDCpyRif0Z\n" + "jLhz7tBVkPaDWdi/AQqa8JIsTHnh7jsa7JzJvfCzBc7FxFHyIOXuFKxNS+deztqj\n" + "t2KCuTm++0ORR/Cl03FRUV3mCWeJVqeb2mBG5B8AAn7c7QD5esltxZN3PnJZySTq\n" + "BTn/NOCzcPqBRBg9KdniVrFGbFD5nKzrjA8AJpKi+NKAocprYYcRWt9dgnXKeoAL\n" + "AKZcvkshYT2xk2+8CYuYoF5lxdun7oNV7NmW60WQwKFyamhQtwKBwE6OM6v8BOL2\n" + "8SkAd0qj0UFMyzJCOhlW5cypdcvvEpiR4H/8m2c8U4iemful3YJ/Hc+KH165KeQM\n" + "3ZBX1w2rwei6cQNtIptMYFBapUzE1Wd0Uyh8OjpHnCYvv/53cZYNSrVtqCD5GE87\n" + "c/snzezAEzWGNm5wl0X+Y3g/mZaYX2rXUgr/dxVGhNHzOodEMz3Sk/Z8ER5n8m5N\n" + "CLo/c/+F0N4e0F7P+haq+Ccj6MNM99HnuJALc1Ke9971YxrNfniGvA==\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t subca3_key = { (unsigned char*)subca3_key_pem, + sizeof(subca3_key_pem)-1 +}; + +const gnutls_datum_t subca3_cert = { (unsigned char*)subca3_cert_pem, + sizeof(subca3_cert_pem)-1 +}; + + +static char cli_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIERjCCAq6gAwIBAgIMV6MdMjZaLvmhsFpSMA0GCSqGSIb3DQEBCwUAMBIxEDAO\n" + "BgNVBAMTB3N1YkNBLTMwIBcNMTYwNTEwMDg1NjM5WhgPOTk5OTEyMzEyMzU5NTla\n" + "MBYxFDASBgNVBAMTC1Rlc3QgY2xpZW50MIIBojANBgkqhkiG9w0BAQEFAAOCAY8A\n" + "MIIBigKCAYEA4QAezvLHuNtTlTQSn1vNaYBrZ5+CzS8/tB2L5G+wWy3Yqqqh1kB+\n" + "gcWN9Ftqv21B1WgRWtjrn4rTJgxl+ogLiLgLIZ6iG/Ye1POFKxxVYYxPXI7spAYa\n" + "CW6/+QjS/18M6NCAHsvhJEMkOY6clIqEqCpLTyaWzJULBBwtpA84pkcLTiNpmfIJ\n" + "Wos9OsYH0hSK2xE/5qu+DkkaKrfS2Cyp61wdhURrX1fdlkBUBt9XH8S5A2bWuQEY\n" + "82GgXxl8HpehkB2RLgpkZQzxopzhoqG2P8IZFQmtOySzRPWtdpy0RJbvmLfZqaEw\n" + "sq3g1jZFXhqUjc5y3vbHta2Xg5/zx0X/FB69j2KZsgUmklYVFG9te7UtSVDgz3U6\n" + "9ed16AULxNqAF2LGhuIEI5+4PikXb+QxaOx/hw1BtEqMzLMbNphILSPBRI+NpTZ2\n" + "PCSedGsQzxsgns/iaLB7q1AIrKLUQlVpy+JNfauYqzvlMNXwMaoNQZDf9oOoFkdT\n" + "P5P8t/gGk2rlAgMBAAGjgZUwgZIwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggr\n" + "BgEFBQcDAjAcBgNVHREEFTATgRFoZWxsb0BleGFtcGxlLm9yZzAPBgNVHQ8BAf8E\n" + "BQMDB4AAMB0GA1UdDgQWBBRdXorh31ji3Vx07Tm7u9jZMbKBajAfBgNVHSMEGDAW\n" + "gBQtMwQbJ3+UBHzH4zVP6SWklOG3oTANBgkqhkiG9w0BAQsFAAOCAYEAPjXZC89d\n" + "2lkc33p5qBTneqXAAZeseBZlSF9Rd798NofXTw0oi235UWCdmPOS4l0z8PBh0ICA\n" + "MY7iUrv5MJeEcvGOq1NFZObsEP+gcpDi3s1otSif9n3ZSR9gDqG1kAlvwOxDW1As\n" + "KuGgwE2vRZN3T20USkcSXvtJ3QD+tIroD9z/Auh2H6LsqOMwSwBo9Alzj7DWLk8G\n" + "mdpQtQU+l/+3pa5MY4MBQM3T3PpK4TdjMVKzKc8lMUeFH/VJSbyQ2kgL7OqavMsH\n" + "jGrm0JCWi2M188EobKVqt2nhQQA7SIogYe4cqx8Q2/7v6RDXZ11QifFKupQ2vXLb\n" + "DZxa4j7YQz4F2m7+PbYbSAs1y4/oiJ32O3BjQC7Oa3OaGFpkipUtrozaa1TM4tab\n" + "kZSyKmSvKG2RxDphl71OZ28tgWjjzJbyG3dbnI3HF1L7YVwHUGFUPhUGuiS7H/b4\n" + "6Zd8Y0P6Cxn/4rUEZZPDpCVt92cjQsWXL45JXpmqwDlaRdSXXoIB2l2D\n" + "-----END CERTIFICATE-----\n"; + +static char cli_ca3_cert_chain_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIERjCCAq6gAwIBAgIMV6MdMjZaLvmhsFpSMA0GCSqGSIb3DQEBCwUAMBIxEDAO\n" + "BgNVBAMTB3N1YkNBLTMwIBcNMTYwNTEwMDg1NjM5WhgPOTk5OTEyMzEyMzU5NTla\n" + "MBYxFDASBgNVBAMTC1Rlc3QgY2xpZW50MIIBojANBgkqhkiG9w0BAQEFAAOCAY8A\n" + "MIIBigKCAYEA4QAezvLHuNtTlTQSn1vNaYBrZ5+CzS8/tB2L5G+wWy3Yqqqh1kB+\n" + "gcWN9Ftqv21B1WgRWtjrn4rTJgxl+ogLiLgLIZ6iG/Ye1POFKxxVYYxPXI7spAYa\n" + "CW6/+QjS/18M6NCAHsvhJEMkOY6clIqEqCpLTyaWzJULBBwtpA84pkcLTiNpmfIJ\n" + "Wos9OsYH0hSK2xE/5qu+DkkaKrfS2Cyp61wdhURrX1fdlkBUBt9XH8S5A2bWuQEY\n" + "82GgXxl8HpehkB2RLgpkZQzxopzhoqG2P8IZFQmtOySzRPWtdpy0RJbvmLfZqaEw\n" + "sq3g1jZFXhqUjc5y3vbHta2Xg5/zx0X/FB69j2KZsgUmklYVFG9te7UtSVDgz3U6\n" + "9ed16AULxNqAF2LGhuIEI5+4PikXb+QxaOx/hw1BtEqMzLMbNphILSPBRI+NpTZ2\n" + "PCSedGsQzxsgns/iaLB7q1AIrKLUQlVpy+JNfauYqzvlMNXwMaoNQZDf9oOoFkdT\n" + "P5P8t/gGk2rlAgMBAAGjgZUwgZIwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggr\n" + "BgEFBQcDAjAcBgNVHREEFTATgRFoZWxsb0BleGFtcGxlLm9yZzAPBgNVHQ8BAf8E\n" + "BQMDB4AAMB0GA1UdDgQWBBRdXorh31ji3Vx07Tm7u9jZMbKBajAfBgNVHSMEGDAW\n" + "gBQtMwQbJ3+UBHzH4zVP6SWklOG3oTANBgkqhkiG9w0BAQsFAAOCAYEAPjXZC89d\n" + "2lkc33p5qBTneqXAAZeseBZlSF9Rd798NofXTw0oi235UWCdmPOS4l0z8PBh0ICA\n" + "MY7iUrv5MJeEcvGOq1NFZObsEP+gcpDi3s1otSif9n3ZSR9gDqG1kAlvwOxDW1As\n" + "KuGgwE2vRZN3T20USkcSXvtJ3QD+tIroD9z/Auh2H6LsqOMwSwBo9Alzj7DWLk8G\n" + "mdpQtQU+l/+3pa5MY4MBQM3T3PpK4TdjMVKzKc8lMUeFH/VJSbyQ2kgL7OqavMsH\n" + "jGrm0JCWi2M188EobKVqt2nhQQA7SIogYe4cqx8Q2/7v6RDXZ11QifFKupQ2vXLb\n" + "DZxa4j7YQz4F2m7+PbYbSAs1y4/oiJ32O3BjQC7Oa3OaGFpkipUtrozaa1TM4tab\n" + "kZSyKmSvKG2RxDphl71OZ28tgWjjzJbyG3dbnI3HF1L7YVwHUGFUPhUGuiS7H/b4\n" + "6Zd8Y0P6Cxn/4rUEZZPDpCVt92cjQsWXL45JXpmqwDlaRdSXXoIB2l2D\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIEDTCCAnWgAwIBAgIMV6MdMjWzT9C59ec8MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTMwIBcNMTYwNTEwMDg0ODMwWhgPOTk5OTEyMzEyMzU5NTlaMBIx\n" + "EDAOBgNVBAMTB3N1YkNBLTMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIB\n" + "gQCgOcNXzStOnRFoi05aMRLeMB45X4a2srSBul3ULxDSGjIP0EEl//X2WLiope/x\n" + "NL8bPCRpI1sSVXl8Hb1cK3qWNGazVmC7xW07NxL26I86e3/BVRnq8ioVtvPQwEpv\n" + "uI8F97x1vL/n+cfcdkN77NScr5C9jHMVioRvC+qKz9bUBx5DSySV66PR5+wGsJDv\n" + "kfsmjVOgqiTlSWQS5G3nMMq0Rixsc5dP5Wygkbdh9+45UCtObcnHABJrP+GtLiG0\n" + "AOUx6oPzPteZL13erWXg7zYusTarj9rTcdsgR/Im1mIzmD2i7GhJo4Gj0Sk3Rq93\n" + "JyeA+Ay5UPmqcm+dqX00b49MTTv4GtO53kLQSCXYFJ96jcMiXMzBFJD1ROsdk4WU\n" + "ed/tJMHffttDz9j3WcuX9M2nzTT2xlauokjbEAhRDRw5fxCFZh7TbmaH4vysDO9U\n" + "ZXVEXSLKonQ2Lmyso48s/G30VmlSjtPtJqRsv/oPpCO/c0D6BrkHV55B48xfmyIF\n" + "jgECAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0G\n" + "A1UdDgQWBBQtMwQbJ3+UBHzH4zVP6SWklOG3oTAfBgNVHSMEGDAWgBT5qIYZY7ak\n" + "FBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAMii5Gx3/d/58oDRy5a0o\n" + "PvQhkU0dKa61NfjjOz9uqxNSilLJE7jGJPaG2tKtC/XU1Ybql2tqQY68kogjKs31\n" + "QC6RFkoZAFouTJt11kzbgVWKewCk3/OrA0/ZkRrAfE0Pma/NITRwTHmTsQOdv/bz\n" + "R+xIPhjKxKrKyJFMG5xb+Q0OKSbd8kDpgYWKob5x2jsNYgEDp8nYSRT45SGw7c7F\n" + "cumkXz2nA6r5NwbnhELvNFK8fzsY+QJKHaAlJ9CclliP1PiiAcl2LQo2gaygWNiD\n" + "+ggnqzy7nqam9rieOOMHls1kKFAFrWy2g/cBhTfS+/7Shpex7NK2GAiujgUV0TZH\n" + "EyEZt6um4gLS9vwUKs/R4XS9VL/bBlfAy2hAVTeUejiRBGeTJkqBu7+c4FdrCByV\n" + "haeQASMYu/lga8eaGL1zJbJe2BQWI754KDYDT9qKNqGlgysr4AVje7z1Y1MQ72Sn\n" + "frzYSQw6BB85CurB6iou3Q+eM4o4g/+xGEuDo0Ne/8ir\n" + "-----END CERTIFICATE-----\n"; + +static char cli_ca3_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIG5QIBAAKCAYEA4QAezvLHuNtTlTQSn1vNaYBrZ5+CzS8/tB2L5G+wWy3Yqqqh\n" + "1kB+gcWN9Ftqv21B1WgRWtjrn4rTJgxl+ogLiLgLIZ6iG/Ye1POFKxxVYYxPXI7s\n" + "pAYaCW6/+QjS/18M6NCAHsvhJEMkOY6clIqEqCpLTyaWzJULBBwtpA84pkcLTiNp\n" + "mfIJWos9OsYH0hSK2xE/5qu+DkkaKrfS2Cyp61wdhURrX1fdlkBUBt9XH8S5A2bW\n" + "uQEY82GgXxl8HpehkB2RLgpkZQzxopzhoqG2P8IZFQmtOySzRPWtdpy0RJbvmLfZ\n" + "qaEwsq3g1jZFXhqUjc5y3vbHta2Xg5/zx0X/FB69j2KZsgUmklYVFG9te7UtSVDg\n" + "z3U69ed16AULxNqAF2LGhuIEI5+4PikXb+QxaOx/hw1BtEqMzLMbNphILSPBRI+N\n" + "pTZ2PCSedGsQzxsgns/iaLB7q1AIrKLUQlVpy+JNfauYqzvlMNXwMaoNQZDf9oOo\n" + "FkdTP5P8t/gGk2rlAgMBAAECggGBALedC4dC5O3cPodiKVhW6HiSThQQPgQH7Oql\n" + "ugW/h6HA9jHAcbWQiCyK9V9WQvTYyoLHHHKQ1ygpeEpyj741y4PU/XCALja3UU3j\n" + "NOeLhbnHcPRNxpvMRu8vrAYkx1uTS8uqawO2yZJ4IFXAJdOqfrtlWHPNP/7QGl9O\n" + "R4i8yzQWgglQKNtyg2OagWs3NCaikPZZS1aJDN5Hlc0KmkvDlx702zpoLV9vKut0\n" + "r520ITtRpNI72Dq9xIjJQMCa4Yltnuj1OmeJ2C5tTDL8gF/UwsALy01JOaZ9ekCD\n" + "bx/q4DBHXo5OOL4aKCVum8FOFrcaHALeWD1F19VVMuQMjLTAApv2eDL6NMORkrpK\n" + "bEEPfC4mjAtGOzwCkXe+53gXrKxMl+87IPC/FV/YuQRzWGZBCj052ELWqPbzJ9E7\n" + "QybGnSOw8Unoauz76aF0IMiiMu0u7pSp0LVQ+9SVYHhyTdYJfJPburssA3X4UuOX\n" + "KNI7gdOkb0yE883jcGQT+B2fdfrygQKBwQDkajgK6lsTChMeriPy++2MPpto64zW\n" + "2CNMPya5IC23ZFyRXs8UuMbGNTtXd9TXfISXYuGexbPCMXXLA272Bum/wkbf0NBu\n" + "DUVDYr0D4mIrjNb6NdTtFwHHfWCvQlhuVdS3kL9rSDoGO3mgedRpRpVR4Py+1emi\n" + "mMYGHN+UMwPzXmlhmvmONr6ObWebH14DdKyohkBuHVO/2HkET69F0zDOhbM+Wd8V\n" + "hK4PYo2MYV/n4CIf/UbBHjVXx4+EDWGhrNECgcEA/CxWuwr5+RjFGz66o+VM1nt7\n" + "LZgf1oDZKNlf+x6SlGYYCrk1t6yAtc3VbdkGSPsBHBR0WcpU8sMPMNhn5lU/pMp/\n" + "ntBx3LphNWJh3FH4jRkJvhQEZZI/TBIbnxp3C5xOCQr1njMk07vpse4xVhYgNcZf\n" + "9e8V6Ola/1xq+WYjWXVJXBj2cHoF8YZNlPAB38E9gFyU0dUQDjtF4Hfz2EvLniJu\n" + "p92nsT/jsxvEtUAoGAkNBhzXqhRcTAxuzbHbeNHVAoHBAITqKmJvrT+PBUE9JD4o\n" + "yzpo1BZhuzrp2uBrfyUKzI+DHzqYaPgt7b05DKcBXCFom99b8t5pPQkrrtfLz63q\n" + "p+qmKofjAuaHYl6r/kFcYrPk6NQArz6nvKlRFAnoGX1bBMUsvba3+MvXoBb5zdjU\n" + "8d8LhQengqTTMags9Q1QAmSD896QR9exk4FduIRT5GkuY6pNNQDen/VrCkCv/dYr\n" + "5qLGul71/RKQepkJSEUABMbxbeofgCSwZ2oE/kZhYwapgQKBwQD2TySj65PAYBZe\n" + "h0XsQlNsCA6HuVgXv6DdSn16niEUPChtiPxUHHVXnuZCNkHyVOF/mOcQsRWKTUZw\n" + "MmBB1bCleHlxGS6uJ4o9h4wIlDRPNU6Tz59/ynpzBhjerg3rVE/Qe1jvngrxmVEp\n" + "T3v3FwN9IvemE1J2PkB4vr9qPP54KZxvDZ7gu/9EKydqO4fJE0nMMCHYVuEo1XJq\n" + "Tx/pfBc1rXIiGtnpwnrY/l2DoFfJKkYDW3a3lM2WJmqwFXJGr8UCgcArtSJU3ewE\n" + "62J00pX8HJWvOVPrjKfgJvqUmpjLT4/AXNzEEFqij/L98DZU/b1GKGgdSFt3oIii\n" + "8Poeaas8GvtlyRZXONXC1TNzC+dzheF3MQ2euvAwulimvcp/rT1/Dw6ID2PWpthE\n" + "VBpijtoHZ3F2dCYHbYLVlrXC7G4IQ31XUZOujH5xOcZQob815J2+mFsdg/9UBm7c\n" + "uiyti3689G0RW9DM/F+NeJkoEo0D15JweVkSfDcsVTdvNsbeA1Pzzds=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t cli_ca3_key = { (unsigned char*)cli_ca3_key_pem, + sizeof(cli_ca3_key_pem)-1 +}; + +const gnutls_datum_t cli_ca3_cert = { (unsigned char*)cli_ca3_cert_pem, + sizeof(cli_ca3_cert_pem)-1 +}; + +const gnutls_datum_t cli_ca3_cert_chain = { (unsigned char*)cli_ca3_cert_chain_pem, + sizeof(cli_ca3_cert_chain_pem)-1 +}; + +static char clidsa_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEMzCCApugAwIBAgIIV+OL0jeIUYkwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNjA5MjIwNzQ0MjBaGA85OTk5MTIzMTIzNTk1OVowFTETMBEG\n" + "A1UEAxMKRFNBIGNsaWVudDCCAbcwggErBgcqhkjOOAQBMIIBHgKBgQD6BQw6J3GB\n" + "Lv8xjTjq6flgCLUYf9wNQO1osjl8F3mP3P0ggZd101pwDG34Kdffby+PTB5rpe8Z\n" + "SUx83ozzCiCcxf+kM4B0B0JP7mlqLrdTyPbWTap8sCMtabKnuR7UWdhsB8WU2Ct9\n" + "/IcCEG2dYcmzzWXE6/Pdo45iCd7lv+fl/wIVAM8gQzNh7394wHpNStxbGq9Xe+7z\n" + "AoGAJuUzfmL64dwFgQDmow8BjA5jI4mPiXc9+HDlUG0xXT65tUqHyg5fTSVm8p+q\n" + "WaklZeWTvuDc7KYofGZolG3LxhBKvIXHiUrD5hJ/cE/qcx89oczD7mChHG8k4a+Y\n" + "sr9/gXMFp8/TUsiTXrPLvEedBiAL9isDGC+ibRswfFYqGKYDgYUAAoGBAOFzLEe4\n" + "9nHYysKSgx6o7LadjsWAcLLHvI4EcmRZf7cHW/S/FCHgpnMn7GvnD4xiaysDFA8A\n" + "XEh9QJutRiLcpp14bVkPd0E+1z3v3LDhwVaJ1DofWEMnAsGoRVkAuEBkND6aNoKI\n" + "AuUMvFlnpU8SD5SZrUQkP22jyMj+mxsJntK9o3YwdDAMBgNVHRMBAf8EAjAAMBMG\n" + "A1UdJQQMMAoGCCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFCnQ\n" + "ScP7Ao3G+SjKY0a5DEmNF5X+MB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv\n" + "8bSvMA0GCSqGSIb3DQEBCwUAA4IBgQArAfKJgKd6Sz7BW0m46T4DxXWsrlYVc76M\n" + "metxnSBDZdWzRbP6dGXGkKH1J2Oftv3kVrRL8amDz7DLRE6pBAUDx+5Es/dheTNA\n" + "juIVZuKzSYoRPtuiO1gHvRPvyV/2HUpnLl+w2qW/Df4ZWlHz6ujuYFzhdWueon+t\n" + "7/JtabcuBxK6gFyNs+A0fHjszpWtZxUXuik1t4y9IcEV6Ig+vWk+GNwVAs5lQenv\n" + "7IhIg1EWxBNiRF3yKINAiyFkM4FcFEPqlbijX9xDorCK2Xn4HLIN2oUQJFYDqVOV\n" + "KGg0rMmeJ8rRZI0ELK89SdPyALe4HQzKnQtzxy45oq+Vv7A8B0lorTMPIq3WKxo4\n" + "mXJdEF2aYxeUsMYBDZOOslBc8UMaUAF8ncrk6eNqJoDZCxElfgDXx4CfM8Lh0V2c\n" + "MDBXeiNUf1HWcCkvnMPGLXZXez/5abnhNIFqDsmRxuhUqlTbarq3CxjAWMjQRb9c\n" + "SWUGHPlOkmEGRv5JB6djjpRFRwtHLNc=\n" + "-----END CERTIFICATE-----\n"; + +static char clidsa_ca3_key_pem[] = + "-----BEGIN DSA PRIVATE KEY-----\n" + "MIIBuwIBAAKBgQD6BQw6J3GBLv8xjTjq6flgCLUYf9wNQO1osjl8F3mP3P0ggZd1\n" + "01pwDG34Kdffby+PTB5rpe8ZSUx83ozzCiCcxf+kM4B0B0JP7mlqLrdTyPbWTap8\n" + "sCMtabKnuR7UWdhsB8WU2Ct9/IcCEG2dYcmzzWXE6/Pdo45iCd7lv+fl/wIVAM8g\n" + "QzNh7394wHpNStxbGq9Xe+7zAoGAJuUzfmL64dwFgQDmow8BjA5jI4mPiXc9+HDl\n" + "UG0xXT65tUqHyg5fTSVm8p+qWaklZeWTvuDc7KYofGZolG3LxhBKvIXHiUrD5hJ/\n" + "cE/qcx89oczD7mChHG8k4a+Ysr9/gXMFp8/TUsiTXrPLvEedBiAL9isDGC+ibRsw\n" + "fFYqGKYCgYEA4XMsR7j2cdjKwpKDHqjstp2OxYBwsse8jgRyZFl/twdb9L8UIeCm\n" + "cyfsa+cPjGJrKwMUDwBcSH1Am61GItymnXhtWQ93QT7XPe/csOHBVonUOh9YQycC\n" + "wahFWQC4QGQ0Ppo2gogC5Qy8WWelTxIPlJmtRCQ/baPIyP6bGwme0r0CFDUW6VNf\n" + "FgAdB5hhtag7oTw45a72\n" + "-----END DSA PRIVATE KEY-----\n"; + +const gnutls_datum_t clidsa_ca3_key = { (unsigned char*)clidsa_ca3_key_pem, + sizeof(clidsa_ca3_key_pem)-1 +}; + +const gnutls_datum_t clidsa_ca3_cert = { (unsigned char*)clidsa_ca3_cert_pem, + sizeof(clidsa_ca3_cert_pem)-1 +}; + +static char cligost01_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIC4zCCAUugAwIBAgIIWcZXXAz6FbgwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNzA5MjMxMjQ1MTdaGA85OTk5MTIzMTIzNTk1OVowGzEZMBcG\n" + "A1UEAxMQR09TVC0yMDAxIGNsaWVudDBjMBwGBiqFAwICEzASBgcqhQMCAiQABgcq\n" + "hQMCAh4BA0MABEBuvOEDe9xPJY9jsnFckLyQ6B5XeDi4Wo2E4c05im/3iI+rlWGI\n" + "rTc6hMmWca0BVDL0lObZ0ZHb4Vhy0XREgvtro3YwdDAMBgNVHRMBAf8EAjAAMBMG\n" + "A1UdJQQMMAoGCCsGAQUFBwMCMA8GA1UdDwEB/wQFAwMHsAAwHQYDVR0OBBYEFCck\n" + "yCTDt+A6zS8SnMRrgbyjeQmoMB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv\n" + "8bSvMA0GCSqGSIb3DQEBCwUAA4IBgQACkq/DQhHMEZPL0NwPFpnf2+RDviEuRE+C\n" + "xaOMTbHgxIUSy6xQAaHXK5hNr9xk87OFPPXmNKPl1nVBXrDF0aj+YUVBT2QeJIpA\n" + "APfyjnPtdZpRl3MXrJbQ/VBCdShvmKhspiOkGO6K8ETDeqE57qtPsUaGApfNK7oL\n" + "WgevmnkaQqNTVJglOoB5o5IDNv0JuFEkKSEvCgS25OV+gl0rRHmWDaIdQtDJLQjV\n" + "24b99/woYj0Ql8WfvMUUUYqTX03zmV56k5DgoNusTxKG+r71WQwbeb3XiVjof6I7\n" + "ll3ANTdyf/KrysLx/tk1pNgfangArpAZzbCRejTQVYdVfCf3KDdwXvKlTHy9Jv+p\n" + "ZUSf7kMnBqcUHpbceiyHFCXNAKIdrMDkTJAeee7ktpeYMfdO9oBki+6a8RJjNHIr\n" + "wHe0DcExV7UsokG6jMl8kH7gb7EW0UphL3ncWyY8C4jbtf/q1kci6SZDcapXBpGp\n" + "adJdx9bycdOUm1cGiboUMMPiCA5bO+Q=\n" + "-----END CERTIFICATE-----\n"; + +static char cligost01_ca3_key_pem[] = + "-----BEGIN PRIVATE KEY-----\n" + "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgVPdBJeLrp/Zh\n" + "2tiV6qz9N6HraKTFTKz4alNuGhK2iLM=\n" + "-----END PRIVATE KEY-----\n"; + +const gnutls_datum_t cligost01_ca3_key = { (unsigned char*)cligost01_ca3_key_pem, + sizeof(cligost01_ca3_key_pem)-1 +}; + +const gnutls_datum_t cligost01_ca3_cert = { (unsigned char*)cligost01_ca3_cert_pem, + sizeof(cligost01_ca3_cert_pem)-1 +}; + +static char cligost12_256_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIC6jCCAVKgAwIBAgIIWcalgS6c0DMwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNzA5MjMxODE4NDJaGA85OTk5MTIzMTIzNTk1OVowHzEdMBsG\n" + "A1UEAxMUR09TVCAyMDEyLzI1NiBjbGllbnQwZjAfBggqhQMHAQEBATATBgcqhQMC\n" + "AiQABggqhQMHAQECAgNDAARArjme5Fb62BC4uPT8vQVim3xTjYY/RVvvUtAfYluY\n" + "o+8Zjz8A8VTFejK0Zok5f1dssbzrrHtRODJZsCuAjypIXqN2MHQwDAYDVR0TAQH/\n" + "BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAPBgNVHQ8BAf8EBQMDB7AAMB0GA1Ud\n" + "DgQWBBTzHDVZRnSgaq4M3B7NdLResyKgajAfBgNVHSMEGDAWgBT5qIYZY7akFBNg\n" + "dg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAtAGi0lQdBC9Mp/TdqYFuMIDr\n" + "o/xGbie6Eq33BiqXo6B5DOiPZcE1Mi+y4htefvrEBkN4OLy4PbUHlfEC/ATs3X9S\n" + "cUHucm6gkyzUxTLPYPfTmXD24MRFDAJQKMvX8Pklbi7HyFZVYIQaJfEohaQZmuYR\n" + "S7Z03MW0Cbz6j7LGQl1Pyix78BLKeyLyAzQz63+hCuO46xp7TaGDKGI79Dd6Od0p\n" + "oY/B/MxfuP3RXhHrpjgp+Ev08dYoCH3Snps+TYWSyhkN0VhGRJgE5Tnhdly8XMW3\n" + "WKZqGYmWG+rBtiTgA6FZrw0qYwAsmN3yCo5pE+Ukd0Q5L0tugc0a9HK53AftG/zV\n" + "qf0DI+E4dEnUkVhdEQbW+rujGpAR0sgjgar5Zvwuu92BaV+AFucj7hVP1fqDySmp\n" + "E52EzrFcnCYrZb19aDJKgWevG5Vh6OEcu8Vx/zVFOoTx9ZCXniVLm7PaXyKXdhLv\n" + "Vhg3mi7koFAPGlTiKldJ/LKKPW0yti3I8L/p2F5+\n" + "-----END CERTIFICATE-----\n"; + +static char cligost12_256_ca3_key_pem[] = + "-----BEGIN PRIVATE KEY-----\n" + "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQgnA1XIfe2\n" + "V3D0UVFQTRCHolA9v+r5cDt2tlr1gTZbDC8=\n" + "-----END PRIVATE KEY-----\n"; + +const gnutls_datum_t cligost12_256_ca3_key = { (unsigned char*)cligost12_256_ca3_key_pem, + sizeof(cligost12_256_ca3_key_pem)-1 +}; + +const gnutls_datum_t cligost12_256_ca3_cert = { (unsigned char*)cligost12_256_ca3_cert_pem, + sizeof(cligost12_256_ca3_cert_pem)-1 +}; + +static char cligost12_512_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDLzCCAZegAwIBAgIIWcalYA16syEwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNzA5MjMxODE4MDhaGA85OTk5MTIzMTIzNTk1OVowHzEdMBsG\n" + "A1UEAxMUR09TVCAyMDEyLzUxMiBjbGllbnQwgaowIQYIKoUDBwEBAQIwFQYJKoUD\n" + "BwECAQIBBggqhQMHAQECAwOBhAAEgYCyAdmv9viBTnemLvULAZ9RyaEf37ZAydKj\n" + "E3qLbZ5tTxgLAYhIIGApVPVb5SZxge3u2qY/ekkHjz9Asn5cPQ69wCvce87+2u1f\n" + "XcATUzYvR3UIL25C5BbNjDjGnufhjYAwT6uZ5xQ7j8/Wfr0MZU04O2CSUquKqfrB\n" + "DA81M2HvUqN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAP\n" + "BgNVHQ8BAf8EBQMDB7AAMB0GA1UdDgQWBBRYXgWHcQazcPFyxKrgRdfd2IPBozAf\n" + "BgNVHSMEGDAWgBT5qIYZY7akFBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOC\n" + "AYEAUOpvomUtaFQm5O8bEQk/d3ghZLzwfMKRngSq0XbXDi8t+TV+kFvkzJ/hrAOP\n" + "/HPCQdnEvdV2HyZzDb9b8cVegRHPPooKSV8+HCTNVXNKZPRSlE42S5kFIAnAxbs5\n" + "vzGfipp6jQe9dqlCYseikxnE31o3AX7QAlNBaXELu0JnEY5BoJeKoja8XS40b1k9\n" + "kKRwAGkdh1OcAy6pW8AH4m61RMDWFzmPGgcb0JiDNp+9HQDSkG904niU8AlvmoQD\n" + "Q2AVd9mam4NIjmA0hkVuSh+7Tn2XnoGoGxN/+u72qaSUA6ybkbtkIKpMeJ8vciI1\n" + "6GRhBYpI0OuRiAIbDA9WhfCCKwj9ZaIsSSHC7qADRz3bR/89Et1mM40v5jbYNDkV\n" + "1cvlca3+pK3DxNP7y/q3QoUz8++z9VXzsdVHc4wNUyg4E8mjMcdLlRsZbST0WjX+\n" + "IhxAkfOexMu3nJ3EVbjgvox6eIxjiTWr2DP6x666UztrnFSBhhypwKHb8jW7PYJ2\n" + "lWlI\n" + "-----END CERTIFICATE-----\n"; + +static char cligost12_512_ca3_key_pem[] = + "-----BEGIN PRIVATE KEY-----\n" + "MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBEA9uga7\n" + "LIPp1heDZYj5EozNtbrmsKYMXrFasBIVAFFVQVFd6/+YjttV6Vmx16OFWrM+/ydX\n" + "rB0aUqYPU8w5DUyk\n" + "-----END PRIVATE KEY-----\n"; + +const gnutls_datum_t cligost12_512_ca3_key = { (unsigned char*)cligost12_512_ca3_key_pem, + sizeof(cligost12_512_ca3_key_pem)-1 +}; + +const gnutls_datum_t cligost12_512_ca3_cert = { (unsigned char*)cligost12_512_ca3_cert_pem, + sizeof(cligost12_512_ca3_cert_pem)-1 +}; + +static char server_ca3_ecc_key_pem[] = + "-----BEGIN EC PRIVATE KEY-----\n" + "MHgCAQEEIQDn1XFX7QxTKXl2ekfSrEARsq+06ySEeeOB+N0igwcNLqAKBggqhkjO\n" + "PQMBB6FEA0IABG1J5VZy+PMTNJSuog4R3KmhbmIejOZZgPNtxkJcIubJIIO68kkd\n" + "GK04pl/ReivZAwibv+85lpT4sm/9RBVhLZM=\n" + "-----END EC PRIVATE KEY-----\n"; + +const gnutls_datum_t server_ca3_ecc_key = { (unsigned char*)server_ca3_ecc_key_pem, + sizeof(server_ca3_ecc_key_pem)-1 +}; + +static char server_ca3_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIG5AIBAAKCAYEA2T14maos98C7s/geGZybgqYSxF+5NeTXKWpi9/vXmuIF8n3h\n" + "Uh20mooT2rgVHAzFWy/8H5IcWIiUQl+8KhyJCSuBJ+WhM0gw2uqSPwiOZUm4l3TQ\n" + "xmxS4eW/Brr4X88svJQ4xTTct2m5H1Nu9LZ8xWOZpGMGII7jf0YD6odG/DHE/sVH\n" + "jfceD7kl15jAta97+8uCbjMRPGcxg4VtmkCuSLOkGL9FhC0uYVbwfBnT+V0MEycO\n" + "Bx+Yv2BEu0xDVdkQcs0WPIRUPUmyuWBxxqLM1SSJSLsZub/DdiINXFure7dx57mW\n" + "w2EQwhETIhIoAc/LxGWchbDC4OWeyYjSkhv3/hEfQswyVx4MQXLVfRBHNipkU9T/\n" + "SXiP8WVDpfZSpY3PrfJtFJtwLMeXblpuLXGZuxXnJ2iYk1w/7RBuuKkylrQ7qCO/\n" + "l/TIx3uZb39oCCU9wqCltuEZ+jtX3PaAgp1QItFehSzOF2hudF/TQuuukVRBZF4o\n" + "fExwNYAvZvTSTKw9AgMBAAECggGAel8TMVRYMlOCKJWqtvit7QGJ7s6RMRewUCca\n" + "iuB1ikyp1vgr1argEnGXT4yEb6GOBpjYKByRFRoSkfUFtJ8QXncAMS48CPwwcRDT\n" + "wugZ9lp5ve9Sr4NTiOZ3Hd5yjN3SMIQ6GnR1pGfMnSXNidHGJRa+9IfHas2yvv38\n" + "tL7xMJ0EgBM3BHRgnbDI7VKhs3afm63+0f64RdNHY/PkUpD+2/s9g6czDIq65qAn\n" + "pXCTJJPSenN0hnS5AYzECtGh2JkFjXpF5B7/2pvZjqsy8eyjZURoQFLA5wWhLVr5\n" + "AQDJzeK//D6OMAd6kuLKezQxVIN0F0eC6XKEhEvq96xegQk3aMXk2jCHz6IYV6pm\n" + "zdnfIvP5fIP1HsL8JPiCQqBp7/MoSKlz/DCHH/6iQgQkIhxw/nYJd1+kjhHpm969\n" + "fw6WzzCA7om0CbKhuHjRnnwk1OylqKhTrgfO1mcaEoH90NIszE3j5pwqiPMdv+J0\n" + "k25pjaMDgeOd3bO8SW/oWQEH5LbBAoHBAP7QAaYg4Fsm0zr1Jvup6MsJdsI+2aTh\n" + "4E+hrx/MKsd78mQpRNXvEVIeopp214rzqW/dv/4vMBoV9tRCuw5cJCZCHaeGZ4JF\n" + "pU/+nBliukanL3XMN5Fp74vVthuQp69u3fa6YHHvL2L6EahSrHrbSE4+C5VYOV+Z\n" + "nfKDHD9Vo1zH8Fjxl7JJWI/LgSXCChm6Y9Vq7LviL7hZc4BdCbGJfAfv56oGHavE\n" + "zxU639fBbdhavNl6b9i7AeTD4Ad1KbsFrQKBwQDaQKP0eegbnHfHOdE+mb2aMtVN\n" + "f3BI25VsBoNWD2A0VEFMQClUPMH17OyS2YidYeVbcneef3VlgrIJZvlRsr76LHxP\n" + "vVtEug6ZgX5WS/DiJiZWESVJrGZ+gaeUIONGFObGO+Evvoe5bqSwm2Bu05HONb56\n" + "Q5qx7gfo+kfxHm2vjOOKpc/ceEz2QeJ3rOGoetocmaObHcgFOFO0UC2oyAJ3MAtY\n" + "8SkyiUJ/jDdCZbkVegT9kGe9OLKMpenG058uctECgcEAozqgM8mPrxR576SnakN3\n" + "isjvOJOGXGcNiDVst5PUO6Gcrqj5HYpdsBtL0mMaxDo+ahjFKpET4UH8shBlP1er\n" + "GI717CDfIcZ3lXzmhiSGa0gh0PYXCqGwAAXQ+Gt735fHvIu7yICN/Htw4EDFmJXs\n" + "BaMdTHgNmL4RPg7bA39afM7fmjp5EI6HmuWkP4nDaqPJ3Cb4q4rDQvaaVLpEwWPu\n" + "/i6iWno8e5JBjbn/NnkEYroNi8sw5sc0+VS4qE5XgySpAoHBAMB9bF0tu4nGqVl7\n" + "49FrdO7v0HLGZ/jKOfIJmIIpk3bzrJecqxbRc1v79vbZhwUPl2LdBSU0Uw0RhQaH\n" + "3HKyzH8HByio4DswQbofnJZt6ej7LqqP+qwMsmT24x7hFrHzs0m4/DXIvBnOvM/K\n" + "afW1AY62leVthJ1TS4SuYQ8HAERpZTIeZcKUE4TJvPxB7NBUcdPxqXsgfA4mjKSm\n" + "Zm7K4GnQZOGv6N7aclzeBMq5vtBzSr18RBJ+U/N6TUH/2Q/1UQKBwEPgS+LJCJAs\n" + "qaeBPTgiuzv2a6umQpezxjCispnU5e0sOFHV/f5NVuEZDrdH7WDHAX8nAU8TdDZM\n" + "/fqM4oOZJOY9yVsyXK9dN7YcG6lxlNbC8S4FatDorDr3DxmbeYqEMUfOR+H4VvgR\n" + "OHw+G5gmNHBAh30wDR+bxepSNBAexjo18zbMgNJsdyjU8s562Q7/ejcTgqZYt4nZ\n" + "r6wql68K+fJ1W38b+ENQ46bZZMvAh8z4MZyzBvS8M/grD0WBBwrWLA==\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_ca3_key = { (unsigned char*)server_ca3_key_pem, + sizeof(server_ca3_key_pem)-1 +}; + +static char server_ca3_rsa_pss_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEowIBAAKCAQEAvxOfMAZbqIuVqkPt5s5fyNeuYD09r80oDEN54MS7/tMy+2yk\n" + "rwsX3a1zGLqn47Q59E0QAlheFP5ZXcQgFXVdQwWCn00YtYyGn5uGrzT80PlIAnaG\n" + "yVpjLGci7mU13IpHlLKqQbBaCdiDU1qV/fyy03t0KVdlyzTi3RJoKDU3XTG/eJmy\n" + "bPHuBGzBjtXn4IJkbbe9FL090YJbgu0EqgcVhaon9JOs5cVNGsHZ4zdRo1d9/5zK\n" + "tqaAVCPYECL/OYwTBS0O8kTrkoHwXo08bR0sUhb7enfI827mOOiIyokkzUu1YVyP\n" + "6GMnggmoUa8LaSeO3bsWU9rx1ngWBUQ5hBG5JQIDAQABAoIBAAkoYpfFpjz0u66W\n" + "ZN+MApE4rRXVuZAkcAfub/fy1ePHsYjVUytEh9dLCdokkAlcyO5JhzvlilTNP/E7\n" + "hiIhJuAgcns6EbYZzxX1OUZKbteBKw9bKOibmWc2Zjkwxp0UT4vz6C8PybDxHJIx\n" + "JEExDE0QfKfClZFgroLT8AQFUOr5cy8dY2edh17+rMMeBvJ5Yit3L6hlHjO+5eJA\n" + "E0WzxPrZWIFfAJl484HbZL/kBT8UXqYDTR7MB+qOq8mdKQSLcHwyjvItgvgklEPu\n" + "0Rl626K+R6841FmrXjUEBVtfkS8Osw/+CJDYw6YZwB7W8oLRRhcB7PjMWU5RHAIW\n" + "nZKFWn0CgYEA0qsP7FUemy7kG7cA8qMErt7oWV/DYIMpKaCJC+17vk37OmJbUpbo\n" + "UkfEIY9iT8hcPjP1jAnQf2d0A37zn9B7DTYPhbjbRtNrOSkdrE/u5FeWd4tr9uc7\n" + "JdYhRc6dkPKbVbFFyo7bdHwU0ZLtfhJYKpTYJ3oNvjsiLqBjIHaj2v8CgYEA6DFV\n" + "FKlQL9OnzTnQtu5oDvqHFiaHD1wdPTN9MeNWEFdcf/kd3eVvcRmpenGZaud7jn72\n" + "nhtXXyzc9GlVoKL6R+/1GVexwu477dr2Ci5MwPYGtyh2tJWjgHTad0bT0Jq4Bneu\n" + "ZuXZ0EszfxTmHkUkPlzvUrbPjoJxgb57P0Qfn9sCgYEAnYrTg5c8Jizw5VD74nfK\n" + "nsOP2pZk054CgGDPXB4i9fP3Nngrdx3navDEWZySlrttUA8nR6xnQX+qIJslsZQF\n" + "EaImBYhyYwrkGoEG8b9tFVHy8j9PY/sUHn19sGiNKMJlK7ZATPR8ZSYNo5RPCoLJ\n" + "cD6TTyJVeLdcHqZOuw4+Bx0CgYAvP5qokauXj+JdiJ5IG0thgOlsQHrLTVtF0Oxw\n" + "8mnY+W4BPJgvRzjeMvKhz+wALQqffIaCtd2ZqG9t7OFXxtJXQSUG+ylZGVFonV3j\n" + "xHgp6+aB7uH47VpQEXdDPk5r7I/2APSkS7F/CU55Va9eCYPOjOrGUhz6SuD+HdzG\n" + "iv5EcQKBgDyt221UUieb1sWhCHaKaQ3z8/aJlzs+ge6kSLqoVjcfr5uOKM1O5O72\n" + "bfy00r7B8ky77qXNTtzv2xt9Km/hRptqnCHsgly5OXW8pMcFnf7Kdh3Q+c5UzVlc\n" + "ODwZlaKK2fjp9xr2dNpYjRqyEb1gkC9FJMaxab9OAf+AoQifxncv\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_ca3_rsa_pss_key = { (unsigned char*)server_ca3_rsa_pss_key_pem, + sizeof(server_ca3_rsa_pss_key_pem)-1 +}; + +static char server_ca3_rsa_pss_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEAjCCAjqgAwIBAgIMWSa+iBMb7BVvI0GIMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMA8xDTAL\n" + "BgNVBAMTBENBLTMwHhcNMTkwNDE1MDkyMjIwWhcNNDkxMjMxMDkyMjIwWjANMQsw\n" + "CQYDVQQGEwJHUjCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAY\n" + "BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEPADCCAQoCggEBAL8TnzAG\n" + "W6iLlapD7ebOX8jXrmA9Pa/NKAxDeeDEu/7TMvtspK8LF92tcxi6p+O0OfRNEAJY\n" + "XhT+WV3EIBV1XUMFgp9NGLWMhp+bhq80/ND5SAJ2hslaYyxnIu5lNdyKR5SyqkGw\n" + "WgnYg1Nalf38stN7dClXZcs04t0SaCg1N10xv3iZsmzx7gRswY7V5+CCZG23vRS9\n" + "PdGCW4LtBKoHFYWqJ/STrOXFTRrB2eM3UaNXff+cyramgFQj2BAi/zmMEwUtDvJE\n" + "65KB8F6NPG0dLFIW+3p3yPNu5jjoiMqJJM1LtWFcj+hjJ4IJqFGvC2knjt27FlPa\n" + "8dZ4FgVEOYQRuSUCAwEAAaNQME4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUjFqe\n" + "vO9heHT9V24WV1ovs7pvUvMwHwYDVR0jBBgwFoAU+aiGGWO2pBQTYHYPAZo1Nu/x\n" + "tK8wPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgw\n" + "CwYJYIZIAWUDBAIBogMCASADggGBAAgVZdGqSwhaa8c/KuqsnELoK5QlzdSUNZ0O\n" + "J31nVQyOmIJtqR14nMndU0y1iowAoj0osZFYjxjN6e2AqUF7R22uhtxmG6rr0YEi\n" + "XS+rNpbs7+gY/3hK30vo376QL85+U4v4HuTCd+yX8bY9VPqwZBMYO5rcDyXG82xC\n" + "ZKXT/Tr7XD80iMFjyR2cvRAjoZQeXbWzNE4AEm0jNz2F5Qnl6uSgtpDkHYKgr9xq\n" + "yUhm/WNKG86pzBxfcFju4prqBLiwUZh068b6znBAS0wMflrF/lznu01QqDhK6mz3\n" + "cSn5LlzoKjuouAWdZRieqokr1mNiWggmX5n2qKM9FJtDQctsvntCf/freAfy+Xmu\n" + "Tm055R9UzX76mL89eXY92U++HR8Y5IO5lqY1f13rzWK5rJB9qjz/Mamj9xR6Egoa\n" + "hh1ysRItcTCFJI5xKb/i3hHv94U12EH1IfFHofptr1pyCtAeOhJytWPndCiB2m1q\n" + "M2k3tl6cHvlUz7DpgnxNniuQ/dQ4MA==\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ca3_rsa_pss_cert = { (unsigned char*)server_ca3_rsa_pss_cert_pem, + sizeof(server_ca3_rsa_pss_cert_pem)-1 +}; + +static char server_ca3_rsa_pss2_key_pem[] = + "-----BEGIN PRIVATE KEY-----\n" + "MIIE7AIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3\n" + "DQEBCDALBglghkgBZQMEAgGiAwIBIASCBKYwggSiAgEAAoIBAQCte+3f4Sgy89/R\n" + "LNfx/NazlTgHxL6IXJuL44tutdhxA91vCJt0+ZSShWibsuyF+H09it3G0+3LvE2W\n" + "vkU58ha7ljvCWckPf2+YpsFynNQc0Lw6BThRMQdJpJvI54OdxfhoPjhDnTui/EEj\n" + "/n9MbLo5rAX5ZDIpWa3Vgpl37Q8czjFINCgQ/f8qsD4WabBSbuSnrYDvuASGez4O\n" + "YDAFvM51+4U4GxN7ZKbrDTQcAySU0Fjy+I5eW/BIXd9TeHb6XYJudMQY7rozTijm\n" + "6qbZieahke+FUCgm8BnRXghfcVSswUZEJQkCvF+SdUl3iAYlY/UBzVFsGDSFbID2\n" + "XRtEvrnvAgMBAAECggEATj8COCL+lZSnU1oNgAiQ8eiQn/heE3TpdzvHLMT5/WdH\n" + "3YedTjIvj7J6TxdxVK+SFUrn4oC91VF2EVJ6OLt3A16sT2ldpQ7OT6SOxdn0VZbT\n" + "/rtR/lTFu7JxzTiWhXfAJYxCpkRpnIZ3/vsPgXHcwJxVCXnmof3fyNghzhRu54de\n" + "V5GUwJ6TT3MMYLYKf5ii8Yt9WqeekQF7Hy/kIwz+4CbgR3fDdRXFnRwdNmA4RG3w\n" + "TbwvqR9ApyAictYz4HpZWgYL+cXsH6Fm+/ChZiV9/zvdVVOo+dOAcxx2cWahm/NL\n" + "tksGD7hI5kqD9moi2wiAsGHPa+/rkLxIBm0xvF1veQKBgQDVFKujtQyfzJw5DUPL\n" + "kTCLp+370ZBTK01daKZrpfgw6QrylYljcIq8n1izauElYm5cZ9krMGzvL5ceg49p\n" + "obl1tdCOQJQACrJmLZSuvVfw8TSwHPyOGtRWxhF4miX+ym3yMFqRyN2nXx1iAo5I\n" + "Cz+aGmTfT1zSZkLnfQSjYWZFgwKBgQDQbX2wPavLI+1yWARStqrwVWO1mU0Nixbo\n" + "jHrRlzrKYqtV+0ea6550LtDG5A/zf9MP6439NNHPqs4rnY910odd+xmLdQj2gocB\n" + "IS4nPBE4o1k3L9m+bSw9nyDdJWRkASq4uem6QvyVsQpWUoxzmg5/fwRUlOU8X3pP\n" + "ZLSSpz06JQKBgF4b6AbAwtedFe54tlWlRWyY+Zn7n6Or/1pfCwmGXwyzEJu9gdWC\n" + "cjQGqLVtYg0R4S48y4SwuZwWR8c5UdDUlcWwTHFXgkZWcx5/ySg4BiwrTBrwYncc\n" + "0GWWy0aZxmg23cJWqtmyfnsani6YdGDLXwbf22dpdNSUR75X0AGc1f+jAoGADha4\n" + "nkcs66hcDpSghi7O0zwSZ14bdUTnoYSNcMl2MeQFjORVbMVsipH3jtovsdf8HmFf\n" + "0bPWUuFK2mvmHKLEf7fPfDvHBVLBaXQiuIg46ckw6KgVYefjS68L+6bhaFkj2CTJ\n" + "BcwtYrj65+bgk5fgTwH4+vatoC0cCW3XPuqLGvkCgYAj2NGQAEQ4HkmF55otDocZ\n" + "SkAJFfibyrkKEK+PsQ7dRR/HEc93hvkI0PHpsLx8A3FZ370FAPtiKmnmfabHxEsK\n" + "TWA2DTacq//MzXQrjsx0CpvGId1dOyVZIrwIFM17KmW5HHE37fY4PFZTZVXHAKf6\n" + "nQyUF7m3FUJjavm46KJIhw==\n" + "-----END PRIVATE KEY-----\n"; + +const gnutls_datum_t server_ca3_rsa_pss2_key = { (unsigned char*)server_ca3_rsa_pss2_key_pem, + sizeof(server_ca3_rsa_pss2_key_pem)-1 +}; + +static char server_ca3_rsa_pss2_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIID0TCCAjmgAwIBAgIIWXYEJjkAauMwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNzA3MjQxNDI4NTVaGA85OTk5MTIzMTIzNTk1OVowADCCAVIw\n" + "PQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJ\n" + "YIZIAWUDBAIBogMCASADggEPADCCAQoCggEBAK177d/hKDLz39Es1/H81rOVOAfE\n" + "vohcm4vji2612HED3W8Im3T5lJKFaJuy7IX4fT2K3cbT7cu8TZa+RTnyFruWO8JZ\n" + "yQ9/b5imwXKc1BzQvDoFOFExB0mkm8jng53F+Gg+OEOdO6L8QSP+f0xsujmsBflk\n" + "MilZrdWCmXftDxzOMUg0KBD9/yqwPhZpsFJu5KetgO+4BIZ7Pg5gMAW8znX7hTgb\n" + "E3tkpusNNBwDJJTQWPL4jl5b8Ehd31N4dvpdgm50xBjuujNOKObqptmJ5qGR74VQ\n" + "KCbwGdFeCF9xVKzBRkQlCQK8X5J1SXeIBiVj9QHNUWwYNIVsgPZdG0S+ue8CAwEA\n" + "AaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNV\n" + "HSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQCiLaK\n" + "LrqB0vaCnoNP1V8QVLlA8jAfBgNVHSMEGDAWgBT5qIYZY7akFBNgdg8BmjU27/G0\n" + "rzANBgkqhkiG9w0BAQsFAAOCAYEANgnTu4nYiv1nH6Iqpnn48CNrGK25ax6FuPvc\n" + "HxOyFFa9jomP8KjyNv3EsmmoBcQBkbRdAX8sFdtbyjILqRLoRMFO7D60BmCitGYH\n" + "MDjEIkG9QjcCo03YIT93SORwnt1qrWh6paOH7Nme+CsgRyXN7iNNur2LgGSilQ7P\n" + "Rs/vr0DdxmlUxUQHDa5GRIvU3FFs4NLC/9sQd3+JGqzDbY7UqLnP5fzn6/PSMKIw\n" + "Gc4IzbJrqjFsyfjQkblM2eBwmkUD3SnTFWqYwUsohGlSxBwKSIyVzlyuoD1FXop7\n" + "lgG8/a1D/ZFa34q8tj24Wnd9zdr/Jrv2g51OSf0VIbQdP92l2kDouobPS/7DTgPI\n" + "D7h52NLVm8cbV1RqxbeS3spZ2OAQn8tLiTwz+abNdsikFjMvfXq61iIv3QASUyUB\n" + "VydSB7stwAUd6wys2H7crmeiMMtgxSjZJtB4GDUCb24a+/a4IgpqxFzGDLE9Ur69\n" + "D8aQbKGJzzih56a2wwc0ZqA0ilGm\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ca3_rsa_pss2_cert = { (unsigned char*)server_ca3_rsa_pss2_cert_pem, + sizeof(server_ca3_rsa_pss2_cert_pem)-1 +}; + +static char cli_ca3_rsa_pss_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEAjCCAjqgAwIBAgIMWSa+VhOfC8uEpb/cMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMA8xDTAL\n" + "BgNVBAMTBENBLTMwHhcNMDQwMjI5MTUyMTQyWhcNMjQwMjI5MTUyMTQxWjANMQsw\n" + "CQYDVQQGEwJHUjCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAY\n" + "BgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEPADCCAQoCggEBAL8TnzAG\n" + "W6iLlapD7ebOX8jXrmA9Pa/NKAxDeeDEu/7TMvtspK8LF92tcxi6p+O0OfRNEAJY\n" + "XhT+WV3EIBV1XUMFgp9NGLWMhp+bhq80/ND5SAJ2hslaYyxnIu5lNdyKR5SyqkGw\n" + "WgnYg1Nalf38stN7dClXZcs04t0SaCg1N10xv3iZsmzx7gRswY7V5+CCZG23vRS9\n" + "PdGCW4LtBKoHFYWqJ/STrOXFTRrB2eM3UaNXff+cyramgFQj2BAi/zmMEwUtDvJE\n" + "65KB8F6NPG0dLFIW+3p3yPNu5jjoiMqJJM1LtWFcj+hjJ4IJqFGvC2knjt27FlPa\n" + "8dZ4FgVEOYQRuSUCAwEAAaNQME4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUjFqe\n" + "vO9heHT9V24WV1ovs7pvUvMwHwYDVR0jBBgwFoAU+aiGGWO2pBQTYHYPAZo1Nu/x\n" + "tK8wPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgw\n" + "CwYJYIZIAWUDBAIBogMCASADggGBAI435L6mZnGnCtQdtUBGgypMP2g5VuSBu2lP\n" + "5msLYuK2vPZTCtCLAg2JSsQhVaDDK+V7wtyXIgnEtQWrDE3RQBmWtCWpVrrP7kh3\n" + "ZN751l6+z1UTEg8sVQ7MODbEZCB9+2XXAb50Oh4cO65IfUI5Sqnn2+k3ZPLp280s\n" + "KdlaA4ZzmQSZcgEDWtoch8QiO+HvlXGqjejQUFh1ObBJXpXX5Q7NP5K7ChI82LPJ\n" + "T+rdqTopIgM3nAg9Je7gqsHiPdEdpArKwQq9wMxTmtQECK6KInueaDXuoDs5xg6k\n" + "XYQ1fiS0SI/pJ9xn0SCc6BNmkbfTpmKVwF9MWIyGyzWBhkSSWxsKbh5OuUCWJsyG\n" + "eLOrPK9fVKv/YQCfDHC3F1WI6xtHg7CCD7vvyJv5bFH8LN8YGoZNt1ZfU1lNw7rP\n" + "sRecz45/okiAbk9/SgnpzHInNBBzYu2Ym+yGVO/tIeErPXrnkM7uF9Di/K1n2+zF\n" + "vXOeamGsi2jyiC5LbreWecbMnzi3vQ==\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t cli_ca3_rsa_pss_cert = { (unsigned char*)cli_ca3_rsa_pss_cert_pem, + sizeof(cli_ca3_rsa_pss_cert_pem)-1 +}; + +#define cli_ca3_rsa_pss_key server_ca3_rsa_pss_key + +/* server EdDSA key */ +static char server_ca3_eddsa_key_pem[] = + "-----BEGIN PRIVATE KEY-----\n" + "MC4CAQAwBQYDK2VwBCIEIBypI9w1qP3WLaiYuWB7zhA99GTG5UsKZVZqPHNlUaIv\n" + "-----END PRIVATE KEY-----\n"; + +const gnutls_datum_t server_ca3_eddsa_key = { (unsigned char*)server_ca3_eddsa_key_pem, + sizeof(server_ca3_eddsa_key_pem)-1 +}; + +static char server_ca3_eddsa_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIBEzCBxqADAgECAgxZLBvYDjrxFhfqLoIwBQYDK2VwMA0xCzAJBgNVBAYTAkdS\n" + "MB4XDTA0MDIyOTE1MjE0MloXDTI0MDIyOTE1MjE0MVowDTELMAkGA1UEBhMCR1Iw\n" + "KjAFBgMrZXADIQCrr5izw0GNQSIhwYanuHD7RG7HfiCHe9kipF3SlwnVSKNAMD4w\n" + "DAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBSJg0wiKtJf\n" + "jqv1BmHV8w0JD5X2BjAFBgMrZXADQQB94NbYtwGCvyI6EvBZk5xgOyWNdKVy9peh\n" + "KKn/PNiAq4fPNEupyzC3AzE1xLzKLRArAFFDDUjPCwy3OR4js3MF\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ca3_eddsa_cert = { (unsigned char*)server_ca3_eddsa_cert_pem, + sizeof(server_ca3_eddsa_cert_pem)-1 +}; + +static char server_ca3_gost01_key_pem[] = + "-----BEGIN PRIVATE KEY-----\n" + "MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgR1lBLIr4WBpn\n" + "4MOCH8oxGWb52EPNL3gjNJiQuBQuf6U=\n" + "-----END PRIVATE KEY-----\n"; + +const gnutls_datum_t server_ca3_gost01_key = { (unsigned char*)server_ca3_gost01_key_pem, + sizeof(server_ca3_gost01_key_pem)-1 +}; + +static char server_ca3_gost01_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIC7TCCAVWgAwIBAgIIWcZJ7xuHksUwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xOTEwMDgxMDQ2NDBaGA85OTk5MTIzMTIzNTk1OVowDTELMAkG\n" + "A1UEAxMCR1IwYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARA0Lvp\n" + "9MaoYDxzkURVz71Q3Sw9Wrwa2F483xDd0mOID8CK7JY8C8gz/1dfZniUObT1JMa6\n" + "hkGsQyFvPLD6Vr1bN6OBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxv\n" + "Y2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0G\n" + "A1UdDgQWBBSGUfwGWchcx3r3TNANllOEOFkTWDAfBgNVHSMEGDAWgBT5qIYZY7ak\n" + "FBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEACdzEVIyFvPlx2J7Ab4Hq\n" + "Oz0IGk2QaZ4cJkWZxjrPc7u6XCeBah8TEtF12LJ6vXBS+Cf9IF50YIMK/8GjJjs1\n" + "Allwdx79RuWFS2TdnsAjsAWwyKBQITkmv/kXULtExC9ospdGVIeYbdcmufgk023Q\n" + "PJh5LAMXHZ1lrsI1DgBhihgZx86wTAGd8yRC+dratvSbawC0sFan8X1n9R/Fxkzt\n" + "YuLEulh7FZpTWPYu30fyUrpEZVCWPlCzCrSijhCVBhAnT4eEGd7qmU0Oj+khHFNn\n" + "iVJ40/3JG21Yln2t/8uY1YIM2+ISTk4n2gkmXHrRAfNi3bXupdQQyAqRRT7b/Y/y\n" + "jhYzWekGLAvz0qrS78Ls8Kp7TfhIVEcWz9pfo77SmURxT6SDTiet7W5VD+VaS+hW\n" + "jl4L+IGxCsBIY5mWlT8KYTNHG34ln+5W+TfZMGARZFf4ZfQi2lgs3p0oqn6f9c+w\n" + "AdMyo73YqtbmVT2eGB05ezMeRl2Anjfwvj9JinhHMC04\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ca3_gost01_cert = { (unsigned char*)server_ca3_gost01_cert_pem, + sizeof(server_ca3_gost01_cert_pem)-1 +}; + +static char server_ca3_gost12_256_key_pem[] = + "-----BEGIN PRIVATE KEY-----\n" + "MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQg0+JttJEV\n" + "Ud+XBzX9q13ByKK+j2b+mEmNIo1yB0wGleo=\n" + "-----END PRIVATE KEY-----\n"; + +const gnutls_datum_t server_ca3_gost12_256_key = { (unsigned char*)server_ca3_gost12_256_key_pem, + sizeof(server_ca3_gost12_256_key_pem)-1 +}; + +static char server_ca3_gost12_256_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIC8DCCAVigAwIBAgIIWcZKgxkCMvcwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xOTEwMDgxMDQ4MTZaGA85OTk5MTIzMTIzNTk1OVowDTELMAkG\n" + "A1UEAxMCR1IwZjAfBggqhQMHAQEBATATBgcqhQMCAiQABggqhQMHAQECAgNDAARA\n" + "J9sMEEx0JW9QsT5bDqyc0TNcjVg9ZSdp4GkMtShM+OOgyBGrWK3zLP5IzHYSXja8\n" + "373QrJOUvdX7T7TUk5yU5aOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC\n" + "CWxvY2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AA\n" + "MB0GA1UdDgQWBBQYSEtdwsYrtnOq6Ya3nt8DgFPCQjAfBgNVHSMEGDAWgBT5qIYZ\n" + "Y7akFBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAR0xtx7MWEP1KyIzM\n" + "4lXKdTyU4Nve5RcgqF82yR/0odqT5MPoaZDvLuRWEcQryztZD3kmRUmPmn1ujSfc\n" + "BbPfRnSutDXcf6imq0/U1/TV/BF3vpS1plltzetvibf8MYetHVFQHUBJDZJHh9h7\n" + "PGwA9SnmnGKFIxFdV6bVOLkPR54Gob9zN3E17KslL19lNtht1pxk9pshwTn35oRY\n" + "uOdxof9F4XjpI/4WbC8kp15QeG8XyZd5JWSl+niNOqYK31+ilQdVBr4RiZSDIcAg\n" + "twS5yV9Ap+R8rM8TLbeT2io4rhdUgmDllUf49zV3t6AbVvbsQfkqXmHXW8uW2WBu\n" + "A8FiXEbIIOb+QIW0ZGwk3BVQ7wdiw1M5w6kYtz5kBtNPxBmc+eu1+e6EAfYbFNr3\n" + "pkxtMk3veYWHb5s3dHZ4/t2Rn85hWqh03CWwCkKTN3qmEs4/XpybbXE/UE49e7u1\n" + "FkpM1bT/0gUNsNt5h3pyUzQZdiB0XbdGGFta3tB3+inIO45h\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ca3_gost12_256_cert = { (unsigned char*)server_ca3_gost12_256_cert_pem, + sizeof(server_ca3_gost12_256_cert_pem)-1 +}; + +static char server_ca3_gost12_512_key_pem[] = + "-----BEGIN PRIVATE KEY-----\n" + "MGACAQAwFwYIKoUDBwEBAQIwCwYJKoUDBwECAQIBBEIEQJLtsCFM/m6blvHOJoqS\n" + "FvrFIjlYFAJKVqIc8FoxuCaAmIXxG5sXuTRgx5+m3T6wDca9UYAqMvsIsEREObti\n" + "+W8=\n" + "-----END PRIVATE KEY-----\n"; + +const gnutls_datum_t server_ca3_gost12_512_key = { (unsigned char*)server_ca3_gost12_512_key_pem, + sizeof(server_ca3_gost12_512_key_pem)-1 +}; + +static char server_ca3_gost12_512_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDKzCCAZOgAwIBAgIIWcZKvSvigz0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xOTEwMDgxMTAwNDRaGA85OTk5MTIzMTIzNTk1OVowDTELMAkG\n" + "A1UEAxMCR1IwgaAwFwYIKoUDBwEBAQIwCwYJKoUDBwECAQIBA4GEAASBgDIyIpfh\n" + "R0umZWQl6GEhjjhjZ6cWlYJ41JHo6hx8cLxHopOjSrHEQRxabnfI07e9IjlK0MZu\n" + "oS8ngfbyAEI0LycgiOgDTriO8l10NEM/Yr1l+A5qHsZ9Oh46ijUlPTT6WEZzK/yU\n" + "RQmjg0TQFQUPQrwSfkW8lJzbINwaHCWWqSdxo4GNMIGKMAwGA1UdEwEB/wQCMAAw\n" + "FAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1Ud\n" + "DwEB/wQFAwMHgAAwHQYDVR0OBBYEFF7gSAq4EPp6G8FYvT+ECRRVrGTcMB8GA1Ud\n" + "IwQYMBaAFPmohhljtqQUE2B2DwGaNTbv8bSvMA0GCSqGSIb3DQEBCwUAA4IBgQAO\n" + "kFNTy9UqIkG5tDiW+O8QuV8A+Xvw2CLiIqDvkLhR1FQnXYs5OFquNBLyA2NSR5bk\n" + "OO+68sXj6iB9tGJWhHXo6efwsxR4maxHv7R8Gp6fFysEGtVV1MG+vpNOjoQNreVh\n" + "41D9/FU7eVqe6oSw5DtuUQvwrk3jooT4b9dpk2g1ihY33BrpA+vg9XnvN3+7dDNd\n" + "0xfRXKR9aGhWZsschps9xJqfzx63CZrH14+jHKxYPupSL7d/Akm3MDOf9XLa+vnY\n" + "WG6lHpkvGl0b8A6yxHHqDCctnE+aJGK6lMyZ1cd8GiStgcihussKGKvKsKygAM4J\n" + "zPxBQtTv11qjuyMksq5Gw6ctq/GO/M7eUoi/xf/O9+QOwDO/urocBJYY0BmsQWlR\n" + "VFjuOouE2GN7UPo6VyMiXpe75Wi9CNX/szNF+HnS4hCJGV5kz4ULaJnFxPE/oQwa\n" + "nlFDKO1feGQG0gOyf2jMzY1OD35SYss4Falc18iB3YQKigGkyqb+VeGyE8kq1UY=\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ca3_gost12_512_cert = { (unsigned char*)server_ca3_gost12_512_cert_pem, + sizeof(server_ca3_gost12_512_cert_pem)-1 +}; + +/* shares server_ca3 key */ +static char server_localhost6_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIENzCCAp+gAwIBAgIMV6MdMjdkWPp7Um/XMA0GCSqGSIb3DQEBCwUAMBIxEDAO\n" + "BgNVBAMTB3N1YkNBLTMwIBcNMTYwNTEwMDg1MTU1WhgPOTk5OTEyMzEyMzU5NTla\n" + "MAAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDZPXiZqiz3wLuz+B4Z\n" + "nJuCphLEX7k15NcpamL3+9ea4gXyfeFSHbSaihPauBUcDMVbL/wfkhxYiJRCX7wq\n" + "HIkJK4En5aEzSDDa6pI/CI5lSbiXdNDGbFLh5b8Guvhfzyy8lDjFNNy3abkfU270\n" + "tnzFY5mkYwYgjuN/RgPqh0b8McT+xUeN9x4PuSXXmMC1r3v7y4JuMxE8ZzGDhW2a\n" + "QK5Is6QYv0WELS5hVvB8GdP5XQwTJw4HH5i/YES7TENV2RByzRY8hFQ9SbK5YHHG\n" + "oszVJIlIuxm5v8N2Ig1cW6t7t3HnuZbDYRDCERMiEigBz8vEZZyFsMLg5Z7JiNKS\n" + "G/f+ER9CzDJXHgxBctV9EEc2KmRT1P9JeI/xZUOl9lKljc+t8m0Um3Asx5duWm4t\n" + "cZm7FecnaJiTXD/tEG64qTKWtDuoI7+X9MjHe5lvf2gIJT3CoKW24Rn6O1fc9oCC\n" + "nVAi0V6FLM4XaG50X9NC666RVEFkXih8THA1gC9m9NJMrD0CAwEAAaOBnDCBmTAM\n" + "BgNVHRMBAf8EAjAAMCMGA1UdEQQcMBqCCmxvY2FsaG9zdDaCDHd3dy5ub25lLm9y\n" + "ZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQW\n" + "BBQzneEn04vV/OsF/LXHgWlPXjvZ1jAfBgNVHSMEGDAWgBQtMwQbJ3+UBHzH4zVP\n" + "6SWklOG3oTANBgkqhkiG9w0BAQsFAAOCAYEALXeJO70urguPXDXTPPfqOVZb9NOh\n" + "+1rHRtt1LIr6WxGMLDIuUwwjhExSR/XDnhzgy1G6Zxodsm1FV5aEmDhU9cz0MpkF\n" + "G1ndhGK+Y3Qey9L/8x7yuHoqLfcqiqe5Kxpq9zVfy87M1JC8FuFpRXgnXkbjnPRm\n" + "rDA7d0KtJfU93mmoI1yPDqYcJK6I62waIfRn5AcgGiMr8tT5oreIXPhjxiU15Say\n" + "ETqT0nSx3kB1VTm0K4mByIueGclnb5epUQ/suq9S++QW7Z9DD/8bfehXZaB1lb7r\n" + "jTMFQAzmrR7x53ZwKWry5iu6MXxFnWKTpBdGcgztbj34NM4VLqrdC15c0lj+OJ/3\n" + "0sbJ1YU3XCh6GZ96t3RPevSvimxMZfVquoBrr7/79PKxOnBY+amJYILqjzqvqIvr\n" + "LoPj0OuKmN7XiWINFAgz5/oj8Bq/4vu8Bsu4fwbgMeHt5Z0eIo8XtqblxnCASFDZ\n" + "yrRp0uKt24DKjSiJWnoqc+VjuvFECgGUzdts\n" + "-----END CERTIFICATE-----\n"; + +static char server_localhost6_ca3_cert_chain_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIENzCCAp+gAwIBAgIMV6MdMjdkWPp7Um/XMA0GCSqGSIb3DQEBCwUAMBIxEDAO\n" + "BgNVBAMTB3N1YkNBLTMwIBcNMTYwNTEwMDg1MTU1WhgPOTk5OTEyMzEyMzU5NTla\n" + "MAAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDZPXiZqiz3wLuz+B4Z\n" + "nJuCphLEX7k15NcpamL3+9ea4gXyfeFSHbSaihPauBUcDMVbL/wfkhxYiJRCX7wq\n" + "HIkJK4En5aEzSDDa6pI/CI5lSbiXdNDGbFLh5b8Guvhfzyy8lDjFNNy3abkfU270\n" + "tnzFY5mkYwYgjuN/RgPqh0b8McT+xUeN9x4PuSXXmMC1r3v7y4JuMxE8ZzGDhW2a\n" + "QK5Is6QYv0WELS5hVvB8GdP5XQwTJw4HH5i/YES7TENV2RByzRY8hFQ9SbK5YHHG\n" + "oszVJIlIuxm5v8N2Ig1cW6t7t3HnuZbDYRDCERMiEigBz8vEZZyFsMLg5Z7JiNKS\n" + "G/f+ER9CzDJXHgxBctV9EEc2KmRT1P9JeI/xZUOl9lKljc+t8m0Um3Asx5duWm4t\n" + "cZm7FecnaJiTXD/tEG64qTKWtDuoI7+X9MjHe5lvf2gIJT3CoKW24Rn6O1fc9oCC\n" + "nVAi0V6FLM4XaG50X9NC666RVEFkXih8THA1gC9m9NJMrD0CAwEAAaOBnDCBmTAM\n" + "BgNVHRMBAf8EAjAAMCMGA1UdEQQcMBqCCmxvY2FsaG9zdDaCDHd3dy5ub25lLm9y\n" + "ZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQW\n" + "BBQzneEn04vV/OsF/LXHgWlPXjvZ1jAfBgNVHSMEGDAWgBQtMwQbJ3+UBHzH4zVP\n" + "6SWklOG3oTANBgkqhkiG9w0BAQsFAAOCAYEALXeJO70urguPXDXTPPfqOVZb9NOh\n" + "+1rHRtt1LIr6WxGMLDIuUwwjhExSR/XDnhzgy1G6Zxodsm1FV5aEmDhU9cz0MpkF\n" + "G1ndhGK+Y3Qey9L/8x7yuHoqLfcqiqe5Kxpq9zVfy87M1JC8FuFpRXgnXkbjnPRm\n" + "rDA7d0KtJfU93mmoI1yPDqYcJK6I62waIfRn5AcgGiMr8tT5oreIXPhjxiU15Say\n" + "ETqT0nSx3kB1VTm0K4mByIueGclnb5epUQ/suq9S++QW7Z9DD/8bfehXZaB1lb7r\n" + "jTMFQAzmrR7x53ZwKWry5iu6MXxFnWKTpBdGcgztbj34NM4VLqrdC15c0lj+OJ/3\n" + "0sbJ1YU3XCh6GZ96t3RPevSvimxMZfVquoBrr7/79PKxOnBY+amJYILqjzqvqIvr\n" + "LoPj0OuKmN7XiWINFAgz5/oj8Bq/4vu8Bsu4fwbgMeHt5Z0eIo8XtqblxnCASFDZ\n" + "yrRp0uKt24DKjSiJWnoqc+VjuvFECgGUzdts\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIEDTCCAnWgAwIBAgIMV6MdMjWzT9C59ec8MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTMwIBcNMTYwNTEwMDg0ODMwWhgPOTk5OTEyMzEyMzU5NTlaMBIx\n" + "EDAOBgNVBAMTB3N1YkNBLTMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIB\n" + "gQCgOcNXzStOnRFoi05aMRLeMB45X4a2srSBul3ULxDSGjIP0EEl//X2WLiope/x\n" + "NL8bPCRpI1sSVXl8Hb1cK3qWNGazVmC7xW07NxL26I86e3/BVRnq8ioVtvPQwEpv\n" + "uI8F97x1vL/n+cfcdkN77NScr5C9jHMVioRvC+qKz9bUBx5DSySV66PR5+wGsJDv\n" + "kfsmjVOgqiTlSWQS5G3nMMq0Rixsc5dP5Wygkbdh9+45UCtObcnHABJrP+GtLiG0\n" + "AOUx6oPzPteZL13erWXg7zYusTarj9rTcdsgR/Im1mIzmD2i7GhJo4Gj0Sk3Rq93\n" + "JyeA+Ay5UPmqcm+dqX00b49MTTv4GtO53kLQSCXYFJ96jcMiXMzBFJD1ROsdk4WU\n" + "ed/tJMHffttDz9j3WcuX9M2nzTT2xlauokjbEAhRDRw5fxCFZh7TbmaH4vysDO9U\n" + "ZXVEXSLKonQ2Lmyso48s/G30VmlSjtPtJqRsv/oPpCO/c0D6BrkHV55B48xfmyIF\n" + "jgECAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0G\n" + "A1UdDgQWBBQtMwQbJ3+UBHzH4zVP6SWklOG3oTAfBgNVHSMEGDAWgBT5qIYZY7ak\n" + "FBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAMii5Gx3/d/58oDRy5a0o\n" + "PvQhkU0dKa61NfjjOz9uqxNSilLJE7jGJPaG2tKtC/XU1Ybql2tqQY68kogjKs31\n" + "QC6RFkoZAFouTJt11kzbgVWKewCk3/OrA0/ZkRrAfE0Pma/NITRwTHmTsQOdv/bz\n" + "R+xIPhjKxKrKyJFMG5xb+Q0OKSbd8kDpgYWKob5x2jsNYgEDp8nYSRT45SGw7c7F\n" + "cumkXz2nA6r5NwbnhELvNFK8fzsY+QJKHaAlJ9CclliP1PiiAcl2LQo2gaygWNiD\n" + "+ggnqzy7nqam9rieOOMHls1kKFAFrWy2g/cBhTfS+/7Shpex7NK2GAiujgUV0TZH\n" + "EyEZt6um4gLS9vwUKs/R4XS9VL/bBlfAy2hAVTeUejiRBGeTJkqBu7+c4FdrCByV\n" + "haeQASMYu/lga8eaGL1zJbJe2BQWI754KDYDT9qKNqGlgysr4AVje7z1Y1MQ72Sn\n" + "frzYSQw6BB85CurB6iou3Q+eM4o4g/+xGEuDo0Ne/8ir\n" + "-----END CERTIFICATE-----\n"; + + +const gnutls_datum_t server_ca3_localhost6_cert = { (unsigned char*)server_localhost6_ca3_cert_pem, + sizeof(server_localhost6_ca3_cert_pem)-1 +}; + + +const gnutls_datum_t server_ca3_localhost6_cert_chain = { + (unsigned char*)server_localhost6_ca3_cert_chain_pem, + sizeof(server_localhost6_ca3_cert_chain_pem)-1 +}; + +/* shares server_ca3 key */ +static char server_ipaddr_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEAzCCAmugAwIBAgIMWNI1ISkCpEsFglgfMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTMwHhcNMDQwMjI5MTUyMTQyWhcNMjQwMjI5MTUyMTQxWjANMQsw\n" + "CQYDVQQGEwJHUjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANk9eJmq\n" + "LPfAu7P4Hhmcm4KmEsRfuTXk1ylqYvf715riBfJ94VIdtJqKE9q4FRwMxVsv/B+S\n" + "HFiIlEJfvCociQkrgSfloTNIMNrqkj8IjmVJuJd00MZsUuHlvwa6+F/PLLyUOMU0\n" + "3LdpuR9TbvS2fMVjmaRjBiCO439GA+qHRvwxxP7FR433Hg+5JdeYwLWve/vLgm4z\n" + "ETxnMYOFbZpArkizpBi/RYQtLmFW8HwZ0/ldDBMnDgcfmL9gRLtMQ1XZEHLNFjyE\n" + "VD1JsrlgccaizNUkiUi7Gbm/w3YiDVxbq3u3cee5lsNhEMIREyISKAHPy8RlnIWw\n" + "wuDlnsmI0pIb9/4RH0LMMlceDEFy1X0QRzYqZFPU/0l4j/FlQ6X2UqWNz63ybRSb\n" + "cCzHl25abi1xmbsV5ydomJNcP+0QbripMpa0O6gjv5f0yMd7mW9/aAglPcKgpbbh\n" + "Gfo7V9z2gIKdUCLRXoUszhdobnRf00LrrpFUQWReKHxMcDWAL2b00kysPQIDAQAB\n" + "o2EwXzAMBgNVHRMBAf8EAjAAMA8GA1UdEQQIMAaHBH8AAAEwHQYDVR0OBBYEFDOd\n" + "4SfTi9X86wX8tceBaU9eO9nWMB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv\n" + "8bSvMA0GCSqGSIb3DQEBCwUAA4IBgQCNwaCnuNcrSpKjNI99kwuS2/LRnt40yN0B\n" + "LvN4wnkfEh02LXg2ylXCYZZw59m3w7Cefr1BGLXJjbJTNHASjSOvmurJVEX5sqdX\n" + "zGQs9HzysDvTVHQh1VUWXyj612DUWZoAYYaUg+CiAZLA/ShT+zN/OC8kWa1RXZPt\n" + "BfTM7REBxAOxUEDuL1aa/KkFqXgy3cr795TWqdt0lZ/dk7kHxqZKR7nJ2TcOmYK9\n" + "UdJWnmebDgjlRvXS4CgG8JNzyJtukogSjmp7qsxX9QZ1umUw3Lf7StSdXZT1oIDI\n" + "evLJCTohtE3/ocRlHfQ9l+B8V+8z7YE+0liFwjwUyrYVUpJ2YuPmHHfauTI2JyVX\n" + "Kk9dJopvnkhA6rIvNjkd3N3iWE3ftSkk/PV9Iu7PQ2jtR8JXkPMJfgq0owbxhn5N\n" + "oqQW/zQU7pq4Y9+rvH2qPFSxHGmecBhxetXoAPT66hHJCUTAspF/5DgT6TVMu+Gs\n" + "hiRt+POJ1lVlGUHsF9Z7IE/d+NCESwU=\n" + "-----END CERTIFICATE-----\n"; + +static char server_ipaddr_ca3_cert_chain_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEAzCCAmugAwIBAgIMWNI1ISkCpEsFglgfMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTMwHhcNMDQwMjI5MTUyMTQyWhcNMjQwMjI5MTUyMTQxWjANMQsw\n" + "CQYDVQQGEwJHUjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANk9eJmq\n" + "LPfAu7P4Hhmcm4KmEsRfuTXk1ylqYvf715riBfJ94VIdtJqKE9q4FRwMxVsv/B+S\n" + "HFiIlEJfvCociQkrgSfloTNIMNrqkj8IjmVJuJd00MZsUuHlvwa6+F/PLLyUOMU0\n" + "3LdpuR9TbvS2fMVjmaRjBiCO439GA+qHRvwxxP7FR433Hg+5JdeYwLWve/vLgm4z\n" + "ETxnMYOFbZpArkizpBi/RYQtLmFW8HwZ0/ldDBMnDgcfmL9gRLtMQ1XZEHLNFjyE\n" + "VD1JsrlgccaizNUkiUi7Gbm/w3YiDVxbq3u3cee5lsNhEMIREyISKAHPy8RlnIWw\n" + "wuDlnsmI0pIb9/4RH0LMMlceDEFy1X0QRzYqZFPU/0l4j/FlQ6X2UqWNz63ybRSb\n" + "cCzHl25abi1xmbsV5ydomJNcP+0QbripMpa0O6gjv5f0yMd7mW9/aAglPcKgpbbh\n" + "Gfo7V9z2gIKdUCLRXoUszhdobnRf00LrrpFUQWReKHxMcDWAL2b00kysPQIDAQAB\n" + "o2EwXzAMBgNVHRMBAf8EAjAAMA8GA1UdEQQIMAaHBH8AAAEwHQYDVR0OBBYEFDOd\n" + "4SfTi9X86wX8tceBaU9eO9nWMB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv\n" + "8bSvMA0GCSqGSIb3DQEBCwUAA4IBgQCNwaCnuNcrSpKjNI99kwuS2/LRnt40yN0B\n" + "LvN4wnkfEh02LXg2ylXCYZZw59m3w7Cefr1BGLXJjbJTNHASjSOvmurJVEX5sqdX\n" + "zGQs9HzysDvTVHQh1VUWXyj612DUWZoAYYaUg+CiAZLA/ShT+zN/OC8kWa1RXZPt\n" + "BfTM7REBxAOxUEDuL1aa/KkFqXgy3cr795TWqdt0lZ/dk7kHxqZKR7nJ2TcOmYK9\n" + "UdJWnmebDgjlRvXS4CgG8JNzyJtukogSjmp7qsxX9QZ1umUw3Lf7StSdXZT1oIDI\n" + "evLJCTohtE3/ocRlHfQ9l+B8V+8z7YE+0liFwjwUyrYVUpJ2YuPmHHfauTI2JyVX\n" + "Kk9dJopvnkhA6rIvNjkd3N3iWE3ftSkk/PV9Iu7PQ2jtR8JXkPMJfgq0owbxhn5N\n" + "oqQW/zQU7pq4Y9+rvH2qPFSxHGmecBhxetXoAPT66hHJCUTAspF/5DgT6TVMu+Gs\n" + "hiRt+POJ1lVlGUHsF9Z7IE/d+NCESwU=\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIEDTCCAnWgAwIBAgIMV6MdMjWzT9C59ec8MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTMwIBcNMTYwNTEwMDg0ODMwWhgPOTk5OTEyMzEyMzU5NTlaMBIx\n" + "EDAOBgNVBAMTB3N1YkNBLTMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIB\n" + "gQCgOcNXzStOnRFoi05aMRLeMB45X4a2srSBul3ULxDSGjIP0EEl//X2WLiope/x\n" + "NL8bPCRpI1sSVXl8Hb1cK3qWNGazVmC7xW07NxL26I86e3/BVRnq8ioVtvPQwEpv\n" + "uI8F97x1vL/n+cfcdkN77NScr5C9jHMVioRvC+qKz9bUBx5DSySV66PR5+wGsJDv\n" + "kfsmjVOgqiTlSWQS5G3nMMq0Rixsc5dP5Wygkbdh9+45UCtObcnHABJrP+GtLiG0\n" + "AOUx6oPzPteZL13erWXg7zYusTarj9rTcdsgR/Im1mIzmD2i7GhJo4Gj0Sk3Rq93\n" + "JyeA+Ay5UPmqcm+dqX00b49MTTv4GtO53kLQSCXYFJ96jcMiXMzBFJD1ROsdk4WU\n" + "ed/tJMHffttDz9j3WcuX9M2nzTT2xlauokjbEAhRDRw5fxCFZh7TbmaH4vysDO9U\n" + "ZXVEXSLKonQ2Lmyso48s/G30VmlSjtPtJqRsv/oPpCO/c0D6BrkHV55B48xfmyIF\n" + "jgECAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0G\n" + "A1UdDgQWBBQtMwQbJ3+UBHzH4zVP6SWklOG3oTAfBgNVHSMEGDAWgBT5qIYZY7ak\n" + "FBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAMii5Gx3/d/58oDRy5a0o\n" + "PvQhkU0dKa61NfjjOz9uqxNSilLJE7jGJPaG2tKtC/XU1Ybql2tqQY68kogjKs31\n" + "QC6RFkoZAFouTJt11kzbgVWKewCk3/OrA0/ZkRrAfE0Pma/NITRwTHmTsQOdv/bz\n" + "R+xIPhjKxKrKyJFMG5xb+Q0OKSbd8kDpgYWKob5x2jsNYgEDp8nYSRT45SGw7c7F\n" + "cumkXz2nA6r5NwbnhELvNFK8fzsY+QJKHaAlJ9CclliP1PiiAcl2LQo2gaygWNiD\n" + "+ggnqzy7nqam9rieOOMHls1kKFAFrWy2g/cBhTfS+/7Shpex7NK2GAiujgUV0TZH\n" + "EyEZt6um4gLS9vwUKs/R4XS9VL/bBlfAy2hAVTeUejiRBGeTJkqBu7+c4FdrCByV\n" + "haeQASMYu/lga8eaGL1zJbJe2BQWI754KDYDT9qKNqGlgysr4AVje7z1Y1MQ72Sn\n" + "frzYSQw6BB85CurB6iou3Q+eM4o4g/+xGEuDo0Ne/8ir\n" + "-----END CERTIFICATE-----\n"; + + +const gnutls_datum_t server_ca3_ipaddr_cert = { (unsigned char*)server_ipaddr_ca3_cert_pem, + sizeof(server_ipaddr_ca3_cert_pem)-1 +}; + + +const gnutls_datum_t server_ca3_ipaddr_cert_chain = { + (unsigned char*)server_ipaddr_ca3_cert_chain_pem, + sizeof(server_ipaddr_ca3_cert_chain_pem)-1 +}; + + +/* shares server_ca3 key - uses IDNA2003 encoding */ +static char server_localhost_utf8_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIESDCCArCgAwIBAgIMWElUMBlK8XImg3gXMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTMwHhcNMDQwMjI5MTUyMTQyWhcNMjQwMjI5MTUyMTQxWjANMQsw\n" + "CQYDVQQGEwJHUjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANk9eJmq\n" + "LPfAu7P4Hhmcm4KmEsRfuTXk1ylqYvf715riBfJ94VIdtJqKE9q4FRwMxVsv/B+S\n" + "HFiIlEJfvCociQkrgSfloTNIMNrqkj8IjmVJuJd00MZsUuHlvwa6+F/PLLyUOMU0\n" + "3LdpuR9TbvS2fMVjmaRjBiCO439GA+qHRvwxxP7FR433Hg+5JdeYwLWve/vLgm4z\n" + "ETxnMYOFbZpArkizpBi/RYQtLmFW8HwZ0/ldDBMnDgcfmL9gRLtMQ1XZEHLNFjyE\n" + "VD1JsrlgccaizNUkiUi7Gbm/w3YiDVxbq3u3cee5lsNhEMIREyISKAHPy8RlnIWw\n" + "wuDlnsmI0pIb9/4RH0LMMlceDEFy1X0QRzYqZFPU/0l4j/FlQ6X2UqWNz63ybRSb\n" + "cCzHl25abi1xmbsV5ydomJNcP+0QbripMpa0O6gjv5f0yMd7mW9/aAglPcKgpbbh\n" + "Gfo7V9z2gIKdUCLRXoUszhdobnRf00LrrpFUQWReKHxMcDWAL2b00kysPQIDAQAB\n" + "o4GlMIGiMAwGA1UdEwEB/wQCMAAwUgYDVR0RBEswSYITd3d3LnhuLS1reGF3aGt1\n" + "LmNvbYIieG4tLWZpcXUxYXowM2MxOHQueG4tLW14YWgxYW1vLmNvbYIObG9jYWxo\n" + "b3N0LXV0ZjgwHQYDVR0OBBYEFDOd4SfTi9X86wX8tceBaU9eO9nWMB8GA1UdIwQY\n" + "MBaAFPmohhljtqQUE2B2DwGaNTbv8bSvMA0GCSqGSIb3DQEBCwUAA4IBgQBHHhTy\n" + "X3AjFcrDa27yN5lnfZfrJ1QGdjoxbcGlWuwI5+EsRInxZSvXQVyh+P9YTphdqAMj\n" + "YsGCrzqD6+2SkBhrd7/KbmGZF3zFpqe9IcqS2m2u3Z0q4oNjhai86PIRlTSl+Dm/\n" + "V0T98Fsx/Ec/T509E+HCSYhZgX1A1wCw0jrPJ4UcT9S0jwmP3q8KIXrVAC88tmX3\n" + "eeVOoVI+lccju++fDaSQJFtZ8PVo8Yd8XDb/xu9ijRQNVom+1x70YvRo6jaSsX4k\n" + "Y5gM1w3xTObKvo0YI/ot29DE0gE5xPYuiJOzooTNMBSklsB4sXS3Ehwpp+zuUAHQ\n" + "h9I3os365QeRyB1IaWbO/7WK/zKPFbc3cyQLg8iGGeecH26CJ7vRlxDkvNvhscuh\n" + "6Z3YK5DJdisRx5W3fW+JapAjsTXpYd/Aj4xMFoNXqvU3WaejB1TfQqxgBHw9Tapy\n" + "PexWtASNmu1xcO13LdgN4Oa1OL4P4U9TQVwoCpkjlDSVNLqBC0N5kPmGkOY=\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ca3_localhost_utf8_cert = { (unsigned char*)server_localhost_utf8_ca3_cert_pem, + sizeof(server_localhost_utf8_ca3_cert_pem)-1 +}; + +/* shared the server_ca3 key, uses raw UTF8 on DnsName */ +static char server_localhost_inv_utf8_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEQDCCAqigAwIBAgIMV9ZyrTt30lJ2pYe6MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTMwHhcNMDQwMjI5MTUyMTQyWhcNMjQwMjI5MTUyMTQxWjANMQsw\n" + "CQYDVQQGEwJHUjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANk9eJmq\n" + "LPfAu7P4Hhmcm4KmEsRfuTXk1ylqYvf715riBfJ94VIdtJqKE9q4FRwMxVsv/B+S\n" + "HFiIlEJfvCociQkrgSfloTNIMNrqkj8IjmVJuJd00MZsUuHlvwa6+F/PLLyUOMU0\n" + "3LdpuR9TbvS2fMVjmaRjBiCO439GA+qHRvwxxP7FR433Hg+5JdeYwLWve/vLgm4z\n" + "ETxnMYOFbZpArkizpBi/RYQtLmFW8HwZ0/ldDBMnDgcfmL9gRLtMQ1XZEHLNFjyE\n" + "VD1JsrlgccaizNUkiUi7Gbm/w3YiDVxbq3u3cee5lsNhEMIREyISKAHPy8RlnIWw\n" + "wuDlnsmI0pIb9/4RH0LMMlceDEFy1X0QRzYqZFPU/0l4j/FlQ6X2UqWNz63ybRSb\n" + "cCzHl25abi1xmbsV5ydomJNcP+0QbripMpa0O6gjv5f0yMd7mW9/aAglPcKgpbbh\n" + "Gfo7V9z2gIKdUCLRXoUszhdobnRf00LrrpFUQWReKHxMcDWAL2b00kysPQIDAQAB\n" + "o4GdMIGaMAwGA1UdEwEB/wQCMAAwSgYDVR0RBEMwQYISd3d3Ls69zq/Ous6/z4Iu\n" + "Y29tghvnroDkvZPkuK3mlocuzrXOvs+Ez4HOsS5jb22CDmxvY2FsaG9zdC11dGY4\n" + "MB0GA1UdDgQWBBQzneEn04vV/OsF/LXHgWlPXjvZ1jAfBgNVHSMEGDAWgBT5qIYZ\n" + "Y7akFBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAkUgmFO2bdws049Nz\n" + "w55UaF7XxG8ER7kKzLCWgw8tuYjcIDKQ+/gD0hUuKBxCbuISdT32gfZTf+ZNKtEg\n" + "7f9Lhr935ZoDCvyYnal1ploqAOu0ZDEXz+cU+OzreJ58J95LYX2we1lPqCYz0qo0\n" + "6FeWrP6H6+azis2ee5XN+b20l/nRl3bNGZDnkl6+b3wPR6rIFaILcEZDl15SMgiW\n" + "PlzJ0s97szWAO2ywLvNPdB66ugOvJY34ivTQOkCDi9css5faN1LcwmqDAeAq4DZt\n" + "mZ8/504D1AUD9szneb2UgD9ZnPr4r45+qzE3lCtvmFGEddJ3c9zQVjnqEKljgG6S\n" + "FdlAVVfxbwoAc24kN6UUEpLiabFoL071pZt1WoHOFA68yBxnC6CO/3vfVSF9Ftg3\n" + "oUPldkvMs8+33YhojDKYXP5USoES2OPdofmq8LnTZj7c6ex+SvlRdOgHg4pd9lX2\n" + "Efwe6rFJaNbKv9C9tWpPIPHRk/YkUIe29VUQR2m7UUpToBca\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ca3_localhost_inv_utf8_cert = { (unsigned char*)server_localhost_inv_utf8_ca3_cert_pem, + sizeof(server_localhost_inv_utf8_ca3_cert_pem)-1 +}; + +/* server_ca3_ecc_key */ +static char server_localhost_ca3_ecc_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIC8zCCAVugAwIBAgIIV+OO5zqFDkowDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNjA5MjIwNzU3MjhaGA85OTk5MTIzMTIzNTk1OVowHTEbMBkG\n" + "A1UEAxMSc2VydmVyIGNlcnRpZmljYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD\n" + "QgAEbUnlVnL48xM0lK6iDhHcqaFuYh6M5lmA823GQlwi5skgg7rySR0YrTimX9F6\n" + "K9kDCJu/7zmWlPiyb/1EFWEtk6OBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQN\n" + "MAuCCWxvY2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMD\n" + "B4AAMB0GA1UdDgQWBBTaH7JGYwVXx31AqONpQsb3l20EqDAfBgNVHSMEGDAWgBT5\n" + "qIYZY7akFBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEATWsYCToPsxxU\n" + "f1zJv3+FKcIGI+8U7akTlnJEk3l9/Gkmkp0tsudtpZb+//rXIem9XVMKDYBEzRxQ\n" + "du3YleqR0Yj13S7piDHPl52PHJGvSHtLg4ooU74ZQcPFxoRxxNahYPb2Mhn0XqKh\n" + "Yc7JHkW53UVusanRmBCQIxI6tVuDO3rB/tQM4ygD9wDeT16xnDhfwemKaskHKM44\n" + "SMJJ9pY2zK1MvX5AZePTikMQqvc3aVfoE8Lv+4SGE/GyzvzaDOSzlwzNM6KBxerw\n" + "1qwnVO/lphUG09X4oXXtOqlAHaIfUmRMqgMPZEtWMszIQo9XimPfoLW3xKVqDWjN\n" + "EhHRLE0CCA/ip3lQ1bUt5EXhC1efPiOdEEYS5mHW7WAMAVi5aS1TzNLoJ4nahBwu\n" + "EeGtmSH4rDZlHTNsiXwvxV3XqWc39TqlgY+NGToyU1tA4+tVtalJ08Q37sFxSUvJ\n" + "Li9LPzU70EyX6WF+9FM45E4/Gt9Oh8btrYyjbyH/K2VI8qPRz5cW\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ca3_localhost_ecc_cert = { (unsigned char*)server_localhost_ca3_ecc_cert_pem, + sizeof(server_localhost_ca3_ecc_cert_pem)-1}; + +/* shares server_ca3 key */ +static char server_localhost_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEKDCCApCgAwIBAgIMV6MdMjbIDKHKsL32MA0GCSqGSIb3DQEBCwUAMBIxEDAO\n" + "BgNVBAMTB3N1YkNBLTMwIBcNMTYwNTEwMDg1MTE4WhgPOTk5OTEyMzEyMzU5NTla\n" + "MAAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDZPXiZqiz3wLuz+B4Z\n" + "nJuCphLEX7k15NcpamL3+9ea4gXyfeFSHbSaihPauBUcDMVbL/wfkhxYiJRCX7wq\n" + "HIkJK4En5aEzSDDa6pI/CI5lSbiXdNDGbFLh5b8Guvhfzyy8lDjFNNy3abkfU270\n" + "tnzFY5mkYwYgjuN/RgPqh0b8McT+xUeN9x4PuSXXmMC1r3v7y4JuMxE8ZzGDhW2a\n" + "QK5Is6QYv0WELS5hVvB8GdP5XQwTJw4HH5i/YES7TENV2RByzRY8hFQ9SbK5YHHG\n" + "oszVJIlIuxm5v8N2Ig1cW6t7t3HnuZbDYRDCERMiEigBz8vEZZyFsMLg5Z7JiNKS\n" + "G/f+ER9CzDJXHgxBctV9EEc2KmRT1P9JeI/xZUOl9lKljc+t8m0Um3Asx5duWm4t\n" + "cZm7FecnaJiTXD/tEG64qTKWtDuoI7+X9MjHe5lvf2gIJT3CoKW24Rn6O1fc9oCC\n" + "nVAi0V6FLM4XaG50X9NC666RVEFkXih8THA1gC9m9NJMrD0CAwEAAaOBjTCBijAM\n" + "BgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNVHSUEDDAKBggr\n" + "BgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBQzneEn04vV/OsF/LXH\n" + "gWlPXjvZ1jAfBgNVHSMEGDAWgBQtMwQbJ3+UBHzH4zVP6SWklOG3oTANBgkqhkiG\n" + "9w0BAQsFAAOCAYEASbEdRkK44GUb0Y+80JdYGFV1YuHUAq4QYSwCdrT0hwJrFYI2\n" + "s8+9/ncyzeyY00ryg6tPlKyE5B7ss29l8zcj0WJYsUk5kjV6uCWuo9/rqqPHK6Lc\n" + "Qx1cONR4Vt+gD5TX0nRNuKaHVbBJARZ3YOl2F3nApcR/8boq+WNKGhGkzFMaKV+i\n" + "IDpB0ziBUcb+q257lQGKrBuXl5nCd+PZswB//pZCsIkTF5jFdjeXvOvGDjYAr8rG\n" + "KpoMTskNcBqgi59sJc8djWMbNt+15qH4mSvTUW1caukeJAr4mwHfrSK5k9ezSSp1\n" + "EpbQ2Rp3xpbCgklhtsKHSJZ43sghZvCOxk8G3bRZ1/lW6sXvIPmLkvoeetTLvqYq\n" + "t/+gfv4NJuyZhzuJHbxrxBJ3C9QjqTbpiUumeRQHXLa+vZJUKX7ak1KVubKiOC+x\n" + "wyfgmq6quk5jPgOgMJWLwpA2Rm30wqX4OehXov3stSXFb+qASNOHlEtQdgKzIEX/\n" + "6TXY44pCGHMFO6Kr\n" + "-----END CERTIFICATE-----\n"; + +/* shares server_ca3 key with tlsfeature=5 */ +static char server_ca3_tlsfeat_cert_pem[] = + "-----BEGIN CERTIFICATE-----" + "MIIEOjCCAqKgAwIBAgIUYBRfAcvgBUU4jCb8W89sQcPLqswwDQYJKoZIhvcNAQEL" + "BQAwDzENMAsGA1UEAxMEQ0EtMzAgFw0xOTA2MDcyMTA4NDFaGA85OTk5MTIzMTIz" + "NTk1OVowIjEgMB4GA1UEAxMXR251VExTIHRlc3QgY2VydGlmaWNhdGUwggGiMA0G" + "CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDZPXiZqiz3wLuz+B4ZnJuCphLEX7k1" + "5NcpamL3+9ea4gXyfeFSHbSaihPauBUcDMVbL/wfkhxYiJRCX7wqHIkJK4En5aEz" + "SDDa6pI/CI5lSbiXdNDGbFLh5b8Guvhfzyy8lDjFNNy3abkfU270tnzFY5mkYwYg" + "juN/RgPqh0b8McT+xUeN9x4PuSXXmMC1r3v7y4JuMxE8ZzGDhW2aQK5Is6QYv0WE" + "LS5hVvB8GdP5XQwTJw4HH5i/YES7TENV2RByzRY8hFQ9SbK5YHHGoszVJIlIuxm5" + "v8N2Ig1cW6t7t3HnuZbDYRDCERMiEigBz8vEZZyFsMLg5Z7JiNKSG/f+ER9CzDJX" + "HgxBctV9EEc2KmRT1P9JeI/xZUOl9lKljc+t8m0Um3Asx5duWm4tcZm7FecnaJiT" + "XD/tEG64qTKWtDuoI7+X9MjHe5lvf2gIJT3CoKW24Rn6O1fc9oCCnVAi0V6FLM4X" + "aG50X9NC666RVEFkXih8THA1gC9m9NJMrD0CAwEAAaN5MHcwEQYIKwYBBQUHARgE" + "BTADAgEFMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1Ud" + "DgQWBBQzneEn04vV/OsF/LXHgWlPXjvZ1jAfBgNVHSMEGDAWgBT5qIYZY7akFBNg" + "dg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEASMVR+C1x3pBRSRaaIYbFTC0X" + "VXc66iQWDfpTSokLIEN/UVZzLsQw5p1PntPqnRRudDnXS77rNQSZcc4NTFYrzSqW" + "WwdhIXtl3igLg5HMxU80dsr3LfGkzJ1iDS1RR0EGSvFjOE9ZUK0IBdsUvINqpj+l" + "6qxL36yfxamuELIxvgmecIMvLzbe7tUjRXneNvLGsLAJcq5QQmNMCWiyywtHbFa0" + "zbpxKMJmHMk0SbgZHUuFaASlAqVez19rJdzqQcJiw/YrMbbj/b2me1duLQ64dqGL" + "5gKTyDMhk5td53R5uPnr7F6+1u8zRzqA6mBvTfEk4wJ6YmvqdBfC47xT+Ksba6dX" + "Ugz+So2iu0rQxaLEBTZJ/gTXJEUafxUN4wF1ZOnUyltoqLJymhQoceoSwjYobOal" + "FUZEJgFNA7j8tR7J3MtFUaJqFosuPtxhF8/CCPukKV7bRokqh7zK+F21iaQOYvJn" + "AfuOg2g0ZMurGyS/yg8mVsGjh4bho9zPOlhPtFNM" + "-----END CERTIFICATE-----"; + +/* Marked as decrypt-only */ +static char server_localhost_ca3_rsa_decrypt_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEITCCAomgAwIBAgIIWU+IEie6JrYwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNzA2MjUwOTUzMjNaGA85OTk5MTIzMTIzNTk1OVowADCCAaIw\n" + "DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANk9eJmqLPfAu7P4Hhmcm4KmEsRf\n" + "uTXk1ylqYvf715riBfJ94VIdtJqKE9q4FRwMxVsv/B+SHFiIlEJfvCociQkrgSfl\n" + "oTNIMNrqkj8IjmVJuJd00MZsUuHlvwa6+F/PLLyUOMU03LdpuR9TbvS2fMVjmaRj\n" + "BiCO439GA+qHRvwxxP7FR433Hg+5JdeYwLWve/vLgm4zETxnMYOFbZpArkizpBi/\n" + "RYQtLmFW8HwZ0/ldDBMnDgcfmL9gRLtMQ1XZEHLNFjyEVD1JsrlgccaizNUkiUi7\n" + "Gbm/w3YiDVxbq3u3cee5lsNhEMIREyISKAHPy8RlnIWwwuDlnsmI0pIb9/4RH0LM\n" + "MlceDEFy1X0QRzYqZFPU/0l4j/FlQ6X2UqWNz63ybRSbcCzHl25abi1xmbsV5ydo\n" + "mJNcP+0QbripMpa0O6gjv5f0yMd7mW9/aAglPcKgpbbhGfo7V9z2gIKdUCLRXoUs\n" + "zhdobnRf00LrrpFUQWReKHxMcDWAL2b00kysPQIDAQABo4GNMIGKMAwGA1UdEwEB\n" + "/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMB\n" + "MA8GA1UdDwEB/wQFAwMHIAAwHQYDVR0OBBYEFDOd4SfTi9X86wX8tceBaU9eO9nW\n" + "MB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv8bSvMA0GCSqGSIb3DQEBCwUA\n" + "A4IBgQAaq4+vai/FwYQ2fAjOsHsVV0nR5Zq55tT8Fexrj2/e9gr+bMV4HVxETByy\n" + "fLtMHGYv+8BENDaI2EOHTyKp5O2DNbITJSN7/ZIO4Rsk+N5m2FyF7DV/sAoxhN7R\n" + "mDy/jDtZyeIqKLptOQZbkRv3lf+vtJL3eakpgh5T/j14kT0QjLyJEZB1D9jurUsV\n" + "+fxYxQUpv4YInDeEk5aKfvZNdkEpbv56GYNc15mNiKryXoszdm+TKmHSVFH9wUj3\n" + "KAXBsQdMmZbd0ZFAEi7QV42Pr2x9+PrSE26bE6K31r02/RcxFQdL9E/3O+85S8eN\n" + "yOZoC/PIrm0mKIPn2NBGSKtCG8V1sTHHJyCwqQERp3pkaB7A9biCKExQN1d3Gsbe\n" + "C0R9bYimdbkYM6o7qi7OiLRKpYFgdVYaYEG3DRBpB3R3+EAKk91809tc9ow5xzkx\n" + "lWryqIzutm6rcClAnqeBIZEZIIvqZH8RcPBQEUajNCWRpBsbwF1xdWvIhP2R3y69\n" + "5dOfcuY=\n" + "-----END CERTIFICATE-----\n"; + +/* Marked as sign-only */ +static char server_localhost_ca3_rsa_sign_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEITCCAomgAwIBAgIIWU+LoyEYfBYwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNzA2MjUxMDA4MzZaGA85OTk5MTIzMTIzNTk1OVowADCCAaIw\n" + "DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANk9eJmqLPfAu7P4Hhmcm4KmEsRf\n" + "uTXk1ylqYvf715riBfJ94VIdtJqKE9q4FRwMxVsv/B+SHFiIlEJfvCociQkrgSfl\n" + "oTNIMNrqkj8IjmVJuJd00MZsUuHlvwa6+F/PLLyUOMU03LdpuR9TbvS2fMVjmaRj\n" + "BiCO439GA+qHRvwxxP7FR433Hg+5JdeYwLWve/vLgm4zETxnMYOFbZpArkizpBi/\n" + "RYQtLmFW8HwZ0/ldDBMnDgcfmL9gRLtMQ1XZEHLNFjyEVD1JsrlgccaizNUkiUi7\n" + "Gbm/w3YiDVxbq3u3cee5lsNhEMIREyISKAHPy8RlnIWwwuDlnsmI0pIb9/4RH0LM\n" + "MlceDEFy1X0QRzYqZFPU/0l4j/FlQ6X2UqWNz63ybRSbcCzHl25abi1xmbsV5ydo\n" + "mJNcP+0QbripMpa0O6gjv5f0yMd7mW9/aAglPcKgpbbhGfo7V9z2gIKdUCLRXoUs\n" + "zhdobnRf00LrrpFUQWReKHxMcDWAL2b00kysPQIDAQABo4GNMIGKMAwGA1UdEwEB\n" + "/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMB\n" + "MA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFDOd4SfTi9X86wX8tceBaU9eO9nW\n" + "MB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv8bSvMA0GCSqGSIb3DQEBCwUA\n" + "A4IBgQC1cJd/z1CQSyDfUd2uuNDTvA3WXWxNhqHMLitT1GJS6nUez+wCaWT9UfVy\n" + "+56z/eMaVasZPQ8dOKYdPRuzL2l65DKUUaKFOyD+NGvOS08qKY+oVGN1Qbmaxbvt\n" + "6rvzpW9UHn75zLDOUOMrGDkW5L36mMP8I0Y5AcNBrO5yFBvH8MAHr3zO2VvTSt6T\n" + "ZHFrDlV/nL5E+swzrmF6MZXO1mupk/gtelYfRtigwSr51RY+Me3uaGNEQe30JLu6\n" + "0gp6/otBns9qJjSgX9qWIj9iTHq4A2CiHZkb4j3+/TNNGB8dkBV+EvV8I4Bqdk33\n" + "mz4hSjJBLqg2NYZ4TaztWFsgTvGOYncLGl5e4dIqB94ICEFIrWN32JzS61Mu5xlt\n" + "qBh/JOUSdMe6csZrDIw//UhUgLj7KdFO5FhSW3DXEl9PZGWVR+LJ+T3HjomHf+Bb\n" + "ATbBQk+9MkHTiDWxD4FbmPuSC/h4Vh+G1VkyrlClTLW6K/+0DmE2LPJvRV5udpux\n" + "Ar7fYYU=\n" + "-----END CERTIFICATE-----\n"; + +static char server_localhost_ca3_cert_chain_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEKDCCApCgAwIBAgIMV6MdMjbIDKHKsL32MA0GCSqGSIb3DQEBCwUAMBIxEDAO\n" + "BgNVBAMTB3N1YkNBLTMwIBcNMTYwNTEwMDg1MTE4WhgPOTk5OTEyMzEyMzU5NTla\n" + "MAAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDZPXiZqiz3wLuz+B4Z\n" + "nJuCphLEX7k15NcpamL3+9ea4gXyfeFSHbSaihPauBUcDMVbL/wfkhxYiJRCX7wq\n" + "HIkJK4En5aEzSDDa6pI/CI5lSbiXdNDGbFLh5b8Guvhfzyy8lDjFNNy3abkfU270\n" + "tnzFY5mkYwYgjuN/RgPqh0b8McT+xUeN9x4PuSXXmMC1r3v7y4JuMxE8ZzGDhW2a\n" + "QK5Is6QYv0WELS5hVvB8GdP5XQwTJw4HH5i/YES7TENV2RByzRY8hFQ9SbK5YHHG\n" + "oszVJIlIuxm5v8N2Ig1cW6t7t3HnuZbDYRDCERMiEigBz8vEZZyFsMLg5Z7JiNKS\n" + "G/f+ER9CzDJXHgxBctV9EEc2KmRT1P9JeI/xZUOl9lKljc+t8m0Um3Asx5duWm4t\n" + "cZm7FecnaJiTXD/tEG64qTKWtDuoI7+X9MjHe5lvf2gIJT3CoKW24Rn6O1fc9oCC\n" + "nVAi0V6FLM4XaG50X9NC666RVEFkXih8THA1gC9m9NJMrD0CAwEAAaOBjTCBijAM\n" + "BgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNVHSUEDDAKBggr\n" + "BgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBQzneEn04vV/OsF/LXH\n" + "gWlPXjvZ1jAfBgNVHSMEGDAWgBQtMwQbJ3+UBHzH4zVP6SWklOG3oTANBgkqhkiG\n" + "9w0BAQsFAAOCAYEASbEdRkK44GUb0Y+80JdYGFV1YuHUAq4QYSwCdrT0hwJrFYI2\n" + "s8+9/ncyzeyY00ryg6tPlKyE5B7ss29l8zcj0WJYsUk5kjV6uCWuo9/rqqPHK6Lc\n" + "Qx1cONR4Vt+gD5TX0nRNuKaHVbBJARZ3YOl2F3nApcR/8boq+WNKGhGkzFMaKV+i\n" + "IDpB0ziBUcb+q257lQGKrBuXl5nCd+PZswB//pZCsIkTF5jFdjeXvOvGDjYAr8rG\n" + "KpoMTskNcBqgi59sJc8djWMbNt+15qH4mSvTUW1caukeJAr4mwHfrSK5k9ezSSp1\n" + "EpbQ2Rp3xpbCgklhtsKHSJZ43sghZvCOxk8G3bRZ1/lW6sXvIPmLkvoeetTLvqYq\n" + "t/+gfv4NJuyZhzuJHbxrxBJ3C9QjqTbpiUumeRQHXLa+vZJUKX7ak1KVubKiOC+x\n" + "wyfgmq6quk5jPgOgMJWLwpA2Rm30wqX4OehXov3stSXFb+qASNOHlEtQdgKzIEX/\n" + "6TXY44pCGHMFO6Kr\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIEDTCCAnWgAwIBAgIMV6MdMjWzT9C59ec8MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTMwIBcNMTYwNTEwMDg0ODMwWhgPOTk5OTEyMzEyMzU5NTlaMBIx\n" + "EDAOBgNVBAMTB3N1YkNBLTMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIB\n" + "gQCgOcNXzStOnRFoi05aMRLeMB45X4a2srSBul3ULxDSGjIP0EEl//X2WLiope/x\n" + "NL8bPCRpI1sSVXl8Hb1cK3qWNGazVmC7xW07NxL26I86e3/BVRnq8ioVtvPQwEpv\n" + "uI8F97x1vL/n+cfcdkN77NScr5C9jHMVioRvC+qKz9bUBx5DSySV66PR5+wGsJDv\n" + "kfsmjVOgqiTlSWQS5G3nMMq0Rixsc5dP5Wygkbdh9+45UCtObcnHABJrP+GtLiG0\n" + "AOUx6oPzPteZL13erWXg7zYusTarj9rTcdsgR/Im1mIzmD2i7GhJo4Gj0Sk3Rq93\n" + "JyeA+Ay5UPmqcm+dqX00b49MTTv4GtO53kLQSCXYFJ96jcMiXMzBFJD1ROsdk4WU\n" + "ed/tJMHffttDz9j3WcuX9M2nzTT2xlauokjbEAhRDRw5fxCFZh7TbmaH4vysDO9U\n" + "ZXVEXSLKonQ2Lmyso48s/G30VmlSjtPtJqRsv/oPpCO/c0D6BrkHV55B48xfmyIF\n" + "jgECAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0G\n" + "A1UdDgQWBBQtMwQbJ3+UBHzH4zVP6SWklOG3oTAfBgNVHSMEGDAWgBT5qIYZY7ak\n" + "FBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAMii5Gx3/d/58oDRy5a0o\n" + "PvQhkU0dKa61NfjjOz9uqxNSilLJE7jGJPaG2tKtC/XU1Ybql2tqQY68kogjKs31\n" + "QC6RFkoZAFouTJt11kzbgVWKewCk3/OrA0/ZkRrAfE0Pma/NITRwTHmTsQOdv/bz\n" + "R+xIPhjKxKrKyJFMG5xb+Q0OKSbd8kDpgYWKob5x2jsNYgEDp8nYSRT45SGw7c7F\n" + "cumkXz2nA6r5NwbnhELvNFK8fzsY+QJKHaAlJ9CclliP1PiiAcl2LQo2gaygWNiD\n" + "+ggnqzy7nqam9rieOOMHls1kKFAFrWy2g/cBhTfS+/7Shpex7NK2GAiujgUV0TZH\n" + "EyEZt6um4gLS9vwUKs/R4XS9VL/bBlfAy2hAVTeUejiRBGeTJkqBu7+c4FdrCByV\n" + "haeQASMYu/lga8eaGL1zJbJe2BQWI754KDYDT9qKNqGlgysr4AVje7z1Y1MQ72Sn\n" + "frzYSQw6BB85CurB6iou3Q+eM4o4g/+xGEuDo0Ne/8ir\n" + "-----END CERTIFICATE-----\n"; + +#define server_ca3_cert server_ca3_localhost_cert +#define server_ca3_cert_chain server_ca3_localhost_cert_chain +const gnutls_datum_t server_ca3_localhost_cert = { (unsigned char*)server_localhost_ca3_cert_pem, + sizeof(server_localhost_ca3_cert_pem)-1}; + +const gnutls_datum_t server_ca3_localhost_rsa_decrypt_cert = { (unsigned char*)server_localhost_ca3_rsa_decrypt_cert_pem, + sizeof(server_localhost_ca3_rsa_decrypt_cert_pem)-1}; + +const gnutls_datum_t server_ca3_localhost_rsa_sign_cert = { (unsigned char*)server_localhost_ca3_rsa_sign_cert_pem, + sizeof(server_localhost_ca3_rsa_sign_cert_pem)-1}; + +const gnutls_datum_t server_ca3_tlsfeat_cert = { (unsigned char*)server_ca3_tlsfeat_cert_pem, + sizeof(server_ca3_tlsfeat_cert_pem)-1}; + +const gnutls_datum_t server_ca3_localhost_cert_chain = { + (unsigned char*)server_localhost_ca3_cert_chain_pem, + sizeof(server_localhost_ca3_cert_chain_pem)-1 +}; + +/* shares server_ca3 key */ +static char server_localhost_insecure_ca3_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDFzCCAX+gAwIBAgIIV90eOyTzpOcwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNjA5MTcxMDQzMDhaGA85OTk5MTIzMTIzNTk1OVowHjEcMBoG\n" + "A1UEAxMTSW5zZWN1cmUgKDc2OCBiaXRzKTB8MA0GCSqGSIb3DQEBAQUAA2sAMGgC\n" + "YQCuxKP0RG8KHAp7HnqaFpcWnPVl72vmkLvBgC0h3gnVUO3a41//kkLOG0HGUOi6\n" + "77cLNOzRRll9NPi1RwMNTKayA0cv+pJBsoNq/byOeWKJkKOgwTZD6Vi6X3MDtj7e\n" + "3SECAwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9z\n" + "dDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQW\n" + "BBS4eSAgXUnLYP8HfA9SmoXjOAYLoDAfBgNVHSMEGDAWgBT5qIYZY7akFBNgdg8B\n" + "mjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAFa7J4+vJ7V+4y+CaaATD/WATc9ZV\n" + "ZUITpI6irjWneRPz0u0/3BLprKoCbO0m5QjoBaji1wUbVWpJir+N7QS577ufjwh0\n" + "ViGFn1b3eU0wGPgz8n0B0vo6NifaQl1Df5PBN3Mfa+r0aUK3QYxnlHsXxanYaKzj\n" + "9lpXUq57fpJJFSFASSzGSwkg8xiwlFBre/9jJ8sf1Blhu8M50NkOCdRdwpg/rbMI\n" + "Oukh0pvJQYQfQsgxc/hySWfEtN0TThXLRFMRRcFFeRHK2LXyAo/sNzWJMIou7hBQ\n" + "p1LNlCoUc3TGRKMQToEi+GIgjJx17zADze+1hHHE3aEEVGU9n3Gkj+hxy46LN5ke\n" + "hDox4AzBf4+KaA/vdHGRvZjzhajaMdL6w8FJgmUc26L+kH/rsTuev+PrvqXuuy1W\n" + "c2QqW3gu7oUy+g99TQFeXgyJHqv/cu/M0vhUV9wwHQJdj1bFCEaFW40MmQArXz5D\n" + "F92lL9akoGYmyehqQHeRQsrVRKcCOiv8lgVF\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_ca3_localhost_insecure_cert = { (unsigned char*)server_localhost_insecure_ca3_cert_pem, + sizeof(server_localhost_insecure_ca3_cert_pem)-1 +}; + +static char server_ca3_localhost_insecure_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIBywIBAAJhAK7Eo/REbwocCnseepoWlxac9WXva+aQu8GALSHeCdVQ7drjX/+S\n" + "Qs4bQcZQ6Lrvtws07NFGWX00+LVHAw1MprIDRy/6kkGyg2r9vI55YomQo6DBNkPp\n" + "WLpfcwO2Pt7dIQIDAQABAmBd9Md0Dcpoc/TKhfNBnb1yYcWoHJQ0q0DVYXRiDb3Z\n" + "mZ2WHMFCY75YkdzFoj/MKAyrl+n6SJy5V2gwqEEW84pHH2AaAseWsF16rSRz958b\n" + "7seVpNi304tOk4PS7B6+RAUCMQDXiT23wggUir6uVrx0UfHJUcsRltK0qco6Q7o3\n" + "b+uwrIAbaNNg+aAqAXXU5XWdBpcCMQDPlBKn42C/XkAZ11zflbzjrq22ie0gaLKZ\n" + "j92rCaU0/qX4VR8KK6J9PL6ZLoTWqQcCMQCzazhoLmoBh5nBkMxh3BD08FSluLJ/\n" + "19NS+ywZl95P/NjLeFB1qnbsYLjQ1443f9MCMDE/w3FbzC97MCAxbZKKl0c5wXNG\n" + "pCEFViKC9KfI4Q6CwGP75iJmmeW2zM3RMKkxbwIxAIAViD0cQjNL9keUVjtN68pK\n" + "dD2lxHfq5Q1QxCSjl8EnBnjnbFJN9WmK9ztkK00Avg==\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_ca3_localhost_insecure_key = { (unsigned char*)server_ca3_localhost_insecure_key_pem, + sizeof(server_ca3_localhost_insecure_key_pem)-1 +}; + +static char unknown_ca_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIID4DCCAkigAwIBAgIIVyG62RARjncwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE\n" + "AxMKVW5rbm93biBDQTAgFw0xNjA0MjgwNzI1MTNaGA85OTk5MTIzMTIzNTk1OVow\n" + "FTETMBEGA1UEAxMKVW5rbm93biBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC\n" + "AYoCggGBALbdxniG+2wP/ONeZfvR7AJakVo5deFKIHVTiiBWwhg+HSjd4nfDa+vy\n" + "Tt/wIdldP1PriD1Rigc8z68+RxPpGfAc197pKlKpO08I0L1RDKnjBWr4fGdCzE6u\n" + "Z/ZsKVifoIZpdC8M2IYpAIMajEtnH53XZ1hTEviXTsneuiCTtap73OeSkL71SrIM\n" + "kgBmAX17gfX3SxFjQUzOs6QMMOa3+8GW7RI+E/SyS1QkOO860dj9XYgOnTL20ibG\n" + "cWF2XmTiQASI+KmHvYJCNJF/8pvmyJRyBHGZO830aBY0+DcS2bLKcyMiWfOJw7Wn\n" + "paO7zSEC5WFgo4jdqroUBQdjQNCSSdrt1yYrAl1Sj2PMxYFX4H545Pr2sMpwC9An\n" + "Pk9+uucT1Inj9615qbuXgFwhkgpK5pnPjzKaHp7ESlJj4/dIPTmhlt5BV+CLh7tS\n" + "LzVLrddGU+os8JinT42radJ5V51Hn0C1CHIaFAuBCd5XRHXtrKb7WcnwCOxlcvux\n" + "9h5/847F4wIDAQABozIwMDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT5qIYZ\n" + "Y7akFBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAsCXvBLMc1YvZGBbM\n" + "w2YalL7Gyw7t5TIbOhpIhsoWNrE8JNvwfU+xA0/hxA/UkbwwJOjntXFZ9eRIrjHU\n" + "ULhqDZ1fAd7QnUQWuQjImU8XxnPjwgLG/tau9N3jdzJZy482vpytX94KdIQ+hPtC\n" + "xA3fikG5F4cJCfu2RfaTskqikTO5XPzPdSNJiPk01jjh9ICc7cvS9smGxfTuZZOb\n" + "+T1N8SV8uYkvPsiQ4uvO+ksxEdZ/z1jCjLyhnLXPgKdrjIgOb5wPxZUgwrg1n5fM\n" + "Un72D43cnv5ykB2O9lXvPOLXlBz07ZwaiRsXDhh1/kmubOLERaw88bVUydYhE7SU\n" + "eI34cw1eTtlKgFD+r+pPwRAzAkO/aCXVY6CsSLL4GyeXXvpxgngBiT8ArnntLHWd\n" + "U1rpodAAdMBHDZf7Q8CXawI0EAIq0HpHCj3x2brKSf8eFMtl9FuaJ3KvM3ioXKYc\n" + "nva6xGbu1R8UP4+fXCOFdiVixHEQR5k+mqd65vGGxovALAfY\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t unknown_ca_cert = { (unsigned char*)unknown_ca_cert_pem, + sizeof(unknown_ca_cert_pem)-1 +}; + +static const char server_ca3_pkcs12_pem[] = + "-----BEGIN PKCS12-----\n" + "MIIRSgIBAzCCERAGCSqGSIb3DQEHAaCCEQEEghD9MIIQ+TCCCT8GCSqGSIb3DQEH\n" + "BqCCCTAwggksAgEAMIIJJQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI0Bv/\n" + "MLNNeX0CAggAgIII+PugAg+ZArNedgnhMh2kM1tVj1os+8i0BPh9kQMT4h7qes6e\n" + "Z6c+W4xCnL89p7Bz35riiK2KlJ6YzcTYXzONnmVR8gIEHsvYWwRSB++IE/jx9pCq\n" + "TxN5GIH1tt467EKdc+Y+f4WBXmtk5hF4gTmHG2t3o4HoniNXzcRd+ZSsFj4HGE/c\n" + "iXQY8lXN2PD1/XJsuwpYssKhJ+gI9iLREoyFdd+vG6KhzDvdgdvjWBQY/X5Q5pgF\n" + "kepe9jjokbLqLj+S8eHBQ8KF9B2FKB+RTyYep9zqn5qbN7TOt3+yMH+u+/Jj/GzH\n" + "ZjJNpee45G9CtPgjVS1t2fKjz9SaaKfOjHsH9WD5Sci9aqLRqFs84FlilRl6PyiG\n" + "5g89MiXL5Iu6WFoTM41eIezcyQf0ndakj2clVEfX2pX+e1bXWFzvnc5a933N2loK\n" + "OqJElti6h+T30M2CKEUX6FT5ihaowo5DwCXU3jTFcPMY0htvc4QuZQjBfyb/hGqf\n" + "UqjLGh+VZCmNPSmSkoqZScl8N2Db/DPvIu+cga2jSkFtvMEZVd9O5lN53drU8ONE\n" + "GMgdmJO43j/cnlICy+XpUyPrv055TXUo1gouyg5T1G/imtt0L265VTCxIqRVEsjR\n" + "EQdacLCOPvMohukJAbUTADh/vd3vf/qMINse/y/fPMoLpmtmmZsnZnr1zmIcIXLg\n" + "fLLBVhOz3Vl9RRl1qGbZQBleUUVAabYXbsK1UQHpZ7h2dSWF6ibm13DWRGkJRAVl\n" + "R1dvpwAzR1bhb7rOgTMhmxqADCWh8lcqFt/4ReZofdHmWoxZEopW4m3CghZQM+Ee\n" + "Kz4dYtLGk7W1rg8jnycAtxDwVGh9jMVsvCGypxkgEx+aQ7R+y9t0nu7l61GEnZBt\n" + "uP2EVrChWdFVyH9+YnRRCNaX7lbDtCdOnIrgGeEtNYwzbxUq/kSzllljrkYWQItK\n" + "W+vvMf9NVjTxyJr4kIXenm9ojPO3i485RWECIupdasel2YnPZYjcAKJc4p6nFGVB\n" + "YDs/U32f1BVEXp7pPZOuuzU+ocTswSluwQ0NskuYnDT9w8+LauaqpILRQpCtIIZC\n" + "TEqa7aS7S+f85Jeyt3yGsTNwUuQJZaG5D3Eh7iOB+rJaq3wEwoPlVLURVd8f6Z4H\n" + "t1i0fM2iQA9+FXVkj2B5zr19no0Q8hr/Bb20u9YTT48CfXA7I2IwXSprb8kql0M8\n" + "JmBv6FIDWzXLbGyRR39fX9kKlYMy0eq0ZxXKLLKEnZ1GUwtIeHTYKXG7ezliNaUl\n" + "7UEp3V+bYOddL6uRafEsemdskHtl10RIi3Q3ZX2OksPueMQ5YSOVh4CSPpHsHYGA\n" + "9KWt/PSja+zRGHsGEPX1jic2vHUTxOxI2sOZssnYCYWj/4MDk0xs7M0zdSXEEl5L\n" + "97i5Qx+zv5MPM3yLexG+FllSD6nbPswzG8rHelfRSaK/+AHd0gigrUHqGFOp8B/P\n" + "ml8obqs/LroKVzA109u3LfFlm+JFYeJgqsuoSuLYmJwFe6LNFkmhgGPwhyntqKEx\n" + "zSxgZl91XrgYYuJwn7+CgQx6Dkv7I+SCfJGLBNeAp0Rr+hpYqk0OU9yHBrTLe8T+\n" + "AQhHs4/ScZzRXu5F3dbjZ0PFwOYLo4t/NwUqkL8rCDtn45c1z5oyWhwk7nZMDCT3\n" + "gIpVLf5XDD9f6eXV216oNIL1vxOw0B5GXXsT1KIKTCbBrNl920+GBu3xB44AN7Ik\n" + "A+FhVKT1ZiaoEUKkUIy6I410GprvqDjRGp+Qs2Xitfk/E/3aoZ97cDBLEQOnF/lZ\n" + "mqsczn9XnI+Jp+E8rhTxOMACR2Oa3XuL0+um7Qk+rkS2jcmJy9WniedO2E1EUHoj\n" + "FRwWNjTQQR04Spv3qAc6IP1i8otUzKFkSx6SxH0a5zcm0ERNa6ZyU/jYvRrIGgZC\n" + "kUxtTZbNNIggP3xqU+meRdRUeiOpqL8W3WCJ2FcjpR1FhXZ1sU1/u8pAgMMOhTBZ\n" + "ICHmSjOGZ24kGgWNcLxYQG+qtIH7r6ihd9x/dv0s/Q9DAISv6G8z2YXcBb5EMZW4\n" + "/59z0XL8HFx0/esjB9mHUD/4/Kzp169sJQOvDdmijNaZcDanUa8niBhruuS2KnUB\n" + "iW2SrV6DBx32bjVIPbDJoDmcQWRDsuwpMqRAVtAWrmY5JeNp3zgII0Nr4rUAojWE\n" + "x937fOdIMJu8K1Nst+78DVA4h6jdnUHv5bvOcsVKejjRvSot5vQ/XQPppHlQ73v6\n" + "+Jro0bstYkMpfsbBXHt8tsB6nmZ9i5bv2x7P1nISKgMA4NzzdHFSpwFCmxrBaJen\n" + "XmkoTdQId1O6YlYHJS7fMntNbi60E01bReAVjtY5Q77kqVab/LQI6yJHz01/1KjH\n" + "2MiLixUV6a58FhKOI8Ea/yWSJti549Dqs+AMnwUu56GGT7lBLdT3x4r+SwThUWN2\n" + "aCQoy6rJ5wrsa2OGoO6I5CWHzIov1zlP+oWdKueuGRGTwJdnWm9ZQxTbDJ3QHeBn\n" + "OQXcWNcnQm2lcNfm297EGsClrrKTqmHBR8awpnnMdqzp0+vKiTzrfzGMVWQKoMM/\n" + "74bzAts3+a+sBa5Y34YY+VLPqpXcVR9gY5+xxgYTzI7Ppggn5pNI+lng8B0hjFUU\n" + "o2GNw8uKDVbjWf+ewULWKcCgAaBXXCAOo291TrURABmyR6XnybZwsg9a4yh/kcyk\n" + "aXYLsrmEhfW17ChcGE5LLMzHEeSCUgy+z3yiiP6tD0g/6RFt9Nt57bVndJFqMVcS\n" + "78VdEtQEI11Ty2oeN/+e8XhkZeicvgqgdrDb5jmfGN/F1la0FBnXnJG1fG8qnMMv\n" + "C8V/eRxYanKWr/UwpsC6r/pn+1iTOO3hByg9rWgGSALbgnUFvIfQiSccVoD/lkbh\n" + "TZlsuxhdKXnimi22RO50+0L99TnECu0psQXBDvCzzHSwi3MjPcvrQSPb/ZPSPqd2\n" + "ock7nRDXFn+E04XAOFEuF1Bb5SfEbWHLx0d7uCSieAF9YMBZWvETTOOnDgH3Pe93\n" + "+46a0tp4IdWrZEdUcU+/UpwuKyMGCCAfwKMFCA6i/In/cJAcrpRQJGWVsBERMaVQ\n" + "6Ke/ZwIwggeyBgkqhkiG9w0BBwGgggejBIIHnzCCB5swggeXBgsqhkiG9w0BDAoB\n" + "AqCCBy4wggcqMBwGCiqGSIb3DQEMAQMwDgQIT0kvLiNCahwCAggABIIHCM453Rnc\n" + "ggHPk7un7VHebwwtckSBn7qntGhILQfJ+0xoPHPMHMUoDQ7DRbkcyuqtP0+VoZKa\n" + "yLb2WDpyir/f8cyhZdDSnlb/WK16UaBguYmw8ppN09Lsok9KKNJxdWaHz65kABAh\n" + "pHAX6BpdVFv8dOiWuE/+v0TGsaPpvRvwAy1qNNlErcIgGFs2GCgdVadblKw0lR3p\n" + "t/6lhTRF4xqaPtUx4am2cQlmJyUCxy/XSetSFYaKIUdP5pEbesmYs5SuosCwokkB\n" + "q3fzstm94dIzjoPz/XJp2Ek5lpmoHUO0SOGfSDdmMuCPoICQN+xcR0oD6Kso5MrS\n" + "PepHrrG6KqX9fIR2Y2stEJsuaRYA/1h5CEnHnOWEbr2DBbuXB3HY6a5CrwV3xSCK\n" + "Ek0LcWe6c/+ceBcpIUjte8oaM6jPO0WeknNtDQLz+YNnvIqiT/3u3P8pA6DomJrw\n" + "0NoTm/SNMaKPz5IIBBNIzjMXWopgJ9+/bktwbENA/lO5gQvxLGRuaAZpvQpEbmhB\n" + "9W5ofFelsN/BF0zminlL8w8rFc8AKMKEBg85z/EqDkl02cUQa5XDKe3i0Td04xeZ\n" + "KOzsVqBm42rvCh2OgbNcbXBPqUTklRRKzzCgL/Ej645oTkzRfZxUmLaly5bkjyDm\n" + "vXdLdp2doVQlXboCZDK5hmxkirviYPsrjNzAPd5Uz+4rVB5qrxYTsY+0Rtdpb+J0\n" + "RqM2XFqJnA8ElIljsx7wugEEXt1wwey1JhS/+qybnDCP4f6OCaM5t8TTql2o6Eoh\n" + "DntWfAiq8A8mP43HP3FrGyI/3cpgOEF67Q/nLJFnaf6vwfm15xdq20iOIDZtoGJ7\n" + "VahRpOXNed2Xnv/HFwfPvGZM3lInEOEkC6vKWWDoOrE6kAu739X9lm+lLR0l1ihE\n" + "X8gtilgYU5xzM0ZmRjepLn19jdb18nGEUg2pMNkhEakiDyxLmYBBU43IDRzdYgTe\n" + "GJzakTDw/gNO6buVy+emr+IIW0f8hRSbXFHuw5/lpLZoXNCXuHRyEcGa4RhubrVe\n" + "ycuauZYFSp0JhJe+0OtKkBUHSTkoj1aaOByylq8b38ovbFTZ/JiCsYGsmwOfDiSu\n" + "21Fe1mv8+GtFf+t+H+IQBDv2/SHHWwVExW8hwYwXXZ8wodfpLrF7FWQvEa62/DvN\n" + "nQ4sy+z3IJtoPoGBfKMgLSJaNyuavRpbhy1fYuhUwhnbrH1M3YVgi+CnW8lIn44e\n" + "KoSPf11qTlgXBNVezXPYh6cw0FOObkiiuqSL7/ax34Lbz8vWs1yDs6ni9M7l8VUa\n" + "j0MhBEQDTinzz2L7U/uRGkcHYVNsCAIOaStbKxNx2bnEmFL2TShs6eH1kPAyDJ9N\n" + "SFuqmrboF92KNM1wKjIcthbJxPVJVlI1M0B8HVuU00QTIaJyJoQZuNQ6lyzTudwS\n" + "5F69zmQCaRIN2b04m/237Z4/SXuUwFDdDojoFxJ6m1yA86uUigyOzKGavtZz4tgw\n" + "BTCYcxaoCB2ebqNl3L4oE+gaAweAjtivNbAJswCkQF+LPEbAt8m2BZDo1bI4wAg+\n" + "Mjzs83PkzE3bn6q6Rk8HslnOCS55M6gTPu2zvz/FSaLY29X/5D7QtKJPAw30xUA1\n" + "Wjm3K0tkY/wqWntmJW9zVAaLzvW4iA61D9EuRoY/NChyF6HsLL8BjUEktNBItQ/h\n" + "2kUQnrJeoaaW4nIZz/apiryaFekWWpjudO8zxhxHquK8KpwdXK4c6LCMycTio42J\n" + "rw0/Tbe4noTfxPTJoaG9CaJXTq0rIMWxQprUONdjVih3cADI9V6/aO7/fSU+awFG\n" + "0inoNW6HmAT9ztYsUgRJ+JfiZCc7+h8WY/rrDb15Jj0Jjl4pe2B3S57c5zJ7TgHd\n" + "Zm8ED5uagqAcUIsBIlkNABAuia78tLewFFfCV5mYQUp3fHT6MU9EmPFI3YOuwvhk\n" + "NhscLr0qGIdxK9fS190Al3W5VZiCZ3g6bTwRLkjVChNC6e8u2gxGy6Rx0uxW3c73\n" + "/Spk4oYJ4PAT8GAgO4DJyRg52dFMBSBz4ZLAVR1eVVvPRbV7CSSaGLBLvAp/GFbz\n" + "pZ7sfEeGuiSb0GzcdU7anf+xvmSK/rxHfQPjqZ5EcGG3xhONG/SYwUlrp4GlP6Qs\n" + "ZlRSxsfy9YdIzmf3JhDvVtqK5Uj/wGXlX29NDh+X7mhvCOxCPM19AynXtGWgGFkb\n" + "zd8oaGXbIt/FldsQidEx9UINjtmozl/pB03lFL8wbEF/wBuLx+E1Ite2NCspOJTk\n" + "unw8CZJdUXmdVGo23iOrAziQFrlyPKawoX5iOYot47PQ6vcKiV2fnE5XHUqU2l6K\n" + "DHZbSGfz8vjC9LsAJzhhyZvjxi0LIDwxyt+RqV24cxcz7Qecu4DEy0E/xmYIkdyZ\n" + "SW97f3kIsAgQlku1LesNIk4dyzFWMCMGCSqGSIb3DQEJFTEWBBT9j7rrTvF9BQIR\n" + "akEUSP09N/PaYzAvBgkqhkiG9w0BCRQxIh4gAHMAZQByAHYAZQByAC0AbABvAGMA\n" + "YQBsAGgAbwBzAHQwMTAhMAkGBSsOAwIaBQAEFNeGPUIUl4cjhFet09N6VSCxmfSY\n" + "BAjXfJCHoHZI2QICCAA=\n" + "-----END PKCS12-----\n"; + +const gnutls_datum_t server_ca3_pkcs12 = { (unsigned char*)server_ca3_pkcs12_pem, + sizeof(server_ca3_pkcs12_pem)-1 +}; + +/* Raw public-key key material for testing */ +static char rawpk_public_key_pem1[] = + "-----BEGIN PUBLIC KEY-----\n" + "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAyAeBq7Ti7oVExeVT1PqH\n" + "GBXzC+johdeVnZgZRLhDTIaIGODV5F5JhE4NNb1O/DYLlAy5IIO8tfAE2KIxlarN\n" + "H/+AcfV6ZJQSG4SSmhoIGzfdcdjuBmFfdfhO+z/cgqiewh53/fFCQlaJweHhpmim\n" + "/LVL/M/1Rd6Urskv/5jXGG4FVUNfhXKQag0uzWsqcztCPX7Lrqr2BSOmkA1nWzdo\n" + "h5oBuxdooaH9/kwphqJAp03LwtaSStX/yz6Mh+ZqEbBuM4mWw/xKzbEbs7zA+d8s\n" + "ryHXkC8nsdA+h+IRd8bPa/KuWQNfjxXKNPzgmsZddHmHtYtWvAcoIMvtyO23Y2Nh\n" + "N4V0/7fwFLbZtfUBg4pqUl2ktkdwsNguTT1qzJCsYhsHXaqqvHy+5HR2D0w07y2X\n" + "1qCVmfHzBZCM5OhxoeoauE+xu+5nvYrgsgPE0y5Nty0y2MrApg3digaiKUXrI+mE\n" + "VKn9vsQeaVvw9D6PgNQM99HkbGhRMGPOzcHjS/ZeLd1zAgMBAAE=\n" + "-----END PUBLIC KEY-----"; + +const gnutls_datum_t rawpk_public_key1 = { + (unsigned char*)rawpk_public_key_pem1, + sizeof(rawpk_public_key_pem1) - 1 +}; + +static char rawpk_private_key_pem1[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIG4wIBAAKCAYEAyAeBq7Ti7oVExeVT1PqHGBXzC+johdeVnZgZRLhDTIaIGODV\n" + "5F5JhE4NNb1O/DYLlAy5IIO8tfAE2KIxlarNH/+AcfV6ZJQSG4SSmhoIGzfdcdju\n" + "BmFfdfhO+z/cgqiewh53/fFCQlaJweHhpmim/LVL/M/1Rd6Urskv/5jXGG4FVUNf\n" + "hXKQag0uzWsqcztCPX7Lrqr2BSOmkA1nWzdoh5oBuxdooaH9/kwphqJAp03LwtaS\n" + "StX/yz6Mh+ZqEbBuM4mWw/xKzbEbs7zA+d8sryHXkC8nsdA+h+IRd8bPa/KuWQNf\n" + "jxXKNPzgmsZddHmHtYtWvAcoIMvtyO23Y2NhN4V0/7fwFLbZtfUBg4pqUl2ktkdw\n" + "sNguTT1qzJCsYhsHXaqqvHy+5HR2D0w07y2X1qCVmfHzBZCM5OhxoeoauE+xu+5n\n" + "vYrgsgPE0y5Nty0y2MrApg3digaiKUXrI+mEVKn9vsQeaVvw9D6PgNQM99HkbGhR\n" + "MGPOzcHjS/ZeLd1zAgMBAAECggGBALHiAw3Yscqd11gJpbCMDqF7u4VG3alQ26un\n" + "PClhl++w380H/Q62TriK1LKKpHgj8834NpXUsXg2d4jTTDcmCn6/L9GoFOzmxOeV\n" + "0O2b4sOZvaNl397qrwLxDAPhec7z9yL4B4tcBqmJ3b3+izX6cS3gaC/uG9fDpgN9\n" + "xOKPYBFInhOB86twAz9cc9eXysto0nJvlODDBj/xwUjvso9qydl1Or7PhWvf7Ek+\n" + "H9ur5MUjqOWe/b/xaSWsfTrJzF/ovbRnGbXLIpozIx609TZS4wYSqU5FUjkL0zTB\n" + "bTdb3jgFm/5SHnnThD67zbZavCxiN9wiTs3zeGlxYf8hMeaTkOYiAOR4/1bOTe2J\n" + "ttRA1EcY+i6H0+JOtLkqwj5ka0m3lrH2KD3E/mHs1yfERQx7VVjw9IpeAKmi5lzQ\n" + "v1lhIXiv75Mb0NMsCknGYPLHCyOY5aA2dhR8Wnr67gOYu3ssexLzMKczk5OTzl5c\n" + "PRHJRXDpJqgOYWujF99uCYhnxonO4QKBwQDUQB0s4shWTyOylq7j4rCSbHf2zHDf\n" + "HBYC75wyjQECNQXNk6hp5jJz2BC0XvnO7PYSRXaVauMc/S3V7V7GMsry3uugfwLy\n" + "XNnyRVY4voe5SNt/WAArybNsPNPEIPzgkZmeWvcpoY8ESufPfVW54BvGHt3YjPjI\n" + "gYmFUkpPRUWXfji91NpTlIrsP6jtBTYXGV4kVm+TawP06a6FdCjJQaI7Nm2dwUiX\n" + "Cmf4oFSo8mGxi0wimX+BiLJep2bYnUF2gqMCgcEA8UKESDX3jBpyz59vpSjmfpw1\n" + "AnlEfR6s83W92m0HfEYLulfxq9xA2zaQjy4GbaKVRfLrO2Pj3bZWs89RGXTQVGgq\n" + "ztCLIRsL+M1SQ883e8yx4jwFaqIM+pPpvAjOOOTdpgY33h7w20tgrbzVKeOl1ghC\n" + "IZ+K8C/tIGZXI5/TYppl7csIOoYRtzuRpyDE0tmwy658RfyxzEtfLxJoaLiFXOE0\n" + "zFFrEvT/jto4jN+cwsdnHhxrY9+bVNUNyb9ZH7bxAoHARvcIyjEo+nKLZPKsltT8\n" + "ZHiPw5ynQHGLin/CocQzSiGgRxPPg1jMFZ9wNl5q95ySyZkgBOUv+klMQfKTdYEW\n" + "Cg4uigLtYUtaM36rTV2m03RgrzslE37k1pOf2juNUShdTGztpqW1w6Gnz+AAAZ3E\n" + "q4E2e2jm5WMqL8FLxyVKF1TEc/Pu63MG3+aI/HZ5l0+MAmpD8+4b7I8VItmrqV6g\n" + "d1vDWrN9KcL48E/q/nHL6CjC0+6uiwjBWpRt9o7djFoxAoHAJzK/e1wJVGIXtVQa\n" + "N6Nlj7yhgD1ju1B4mTXQGuUMCkz3KtePFHU8tGExK5I2ySlZR3wobAXWx/cQLzbH\n" + "3nL0RkKGcgPAFyjl0Q7LBulsAllHrZJC7whVQ4E0wLBNkUDeIlNwUE6Go5qjopbD\n" + "q4KpNxUwaXYahNvEkzcNgWQ+XA7p8LDELX4K8tJi39ybHgbwiqdW2ags2xyD4ooD\n" + "HMCeKnEMuwWfd/0GaJdcCMdsGNl9D49eg2OZQTc8fkLwoA6BAoHATQdk3VZwGGn/\n" + "93p9vu189alkshTmir+SOo/ufH5U+j7t8cPeT7psuYAPZWS+Z6KEzvHxj54pAvcp\n" + "mlAngD3+AfHDn/VAtYv5HVcpZ+K2K0X4v8N5HGIubgaebs2oVNz+RAWnd8K2drDG\n" + "NcJV3C+zLziTCwvpGCIy3T/lHjKe+YczjGfhg2e6PgfwhTqPAjuhUZ8wScYo7l7V\n" + "zAhlSL0665IXJ32zX+3LyQFDbkB6pbKy5TU+rX3DmDyj3MSbc3kR\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t rawpk_private_key1 = { + (unsigned char*)rawpk_private_key_pem1, + sizeof(rawpk_private_key_pem1) - 1 +}; + +const char rawpk_public_key_pem2[] = + "-----BEGIN PUBLIC KEY-----\n" + "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0tQAiQ13zWGZMV9YxFo2\n" + "H15yERrkr8KD7z6QheVeatc2+5X0m5/+/o95nmnt6Mlwa27U78QwkHBccOaNkSi7\n" + "HGMopaxatEsF/S30MDmhqOi9R2VtMwDaa2zWH/s2wPHn8efn2/zG0jeXCzNsXFs4\n" + "zNApaZmTJCHaDRUE12adwP5i6GvUb978f27Cm0gnkSWBH9OdVnMunQkm/L16NI3E\n" + "lvcDEEJbqhX2eswHenbhw//LiR1EKRtHEjWywAq5AeHeYNH+2zjff59SGD6Bn+W2\n" + "vPKBhSWCyFDPGRfcYeCX2LFM7+Xx0j+GLzBnkjBhEgdsdLJ7Bt8aDToUJScLxeeP\n" + "oOmL9e0bec20debwF0G/7QMlwRgDjV3sd3u+5RxRCeOh8Xqfbs/tij7tnU93orhc\n" + "MzGjcn5XZ6WicyimuTruNznhKhNp6vmizCpwQAroimaZGV7F/8nvHInTZfpNH/+b\n" + "++gYbddkH+MouxOXcAEUku6vN0JzDgA4qj4Tw7dffXSDAgMBAAE=\n" + "-----END PUBLIC KEY-----\n"; + +const gnutls_datum_t rawpk_public_key2 = { + (unsigned char*)rawpk_public_key_pem2, + sizeof(rawpk_public_key_pem2) - 1 +}; + +const char rawpk_private_key_pem2[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIG4wIBAAKCAYEA0tQAiQ13zWGZMV9YxFo2H15yERrkr8KD7z6QheVeatc2+5X0\n" + "m5/+/o95nmnt6Mlwa27U78QwkHBccOaNkSi7HGMopaxatEsF/S30MDmhqOi9R2Vt\n" + "MwDaa2zWH/s2wPHn8efn2/zG0jeXCzNsXFs4zNApaZmTJCHaDRUE12adwP5i6GvU\n" + "b978f27Cm0gnkSWBH9OdVnMunQkm/L16NI3ElvcDEEJbqhX2eswHenbhw//LiR1E\n" + "KRtHEjWywAq5AeHeYNH+2zjff59SGD6Bn+W2vPKBhSWCyFDPGRfcYeCX2LFM7+Xx\n" + "0j+GLzBnkjBhEgdsdLJ7Bt8aDToUJScLxeePoOmL9e0bec20debwF0G/7QMlwRgD\n" + "jV3sd3u+5RxRCeOh8Xqfbs/tij7tnU93orhcMzGjcn5XZ6WicyimuTruNznhKhNp\n" + "6vmizCpwQAroimaZGV7F/8nvHInTZfpNH/+b++gYbddkH+MouxOXcAEUku6vN0Jz\n" + "DgA4qj4Tw7dffXSDAgMBAAECggGAVD3oFNtv0n48I1FQ++x8Ed7AP3t6g4x7AX8D\n" + "aq0zJAfo7XCG9CRjVL5pv1XefZT4OcVoioHfUefD2E0XpjgbRAWPOVv8Rmxv8TGK\n" + "kDaHFSIid8PcdXPS0vgDO3Y686/1mWCr8eg4XclerlgW5XSB5r0KvyphdB+erHmI\n" + "nLVhNbuwM+TaVvVH+Xd9hWS4grP0u43oIaIWryL4FCd2DEfVlOkQrU+GpxjtizW5\n" + "i0KzhYjRgHFUSgSfSnRwf3IJaOoiIpOma2p7R4dVoQkVGS6bStqPcqSUGVxH2CLu\n" + "TC7B0xZZs2xq6pLVWYXh/J79Ziw76+7qeMwFatzsUPtB6smQvR7016BThY6Cj+ui\n" + "KgTCZGpbb30MCn9/px8P2jXagA9fnPzf31WkdbsnjrYPNe6kkP5snJtz6k3cYex2\n" + "P8WulCS23qjCdVoUcoSDzPiaFtnPR/HcZDpTYuxKuUMoQrqsmRHeF/QRvbXkKFQC\n" + "Kudpfna5CAIT5IaIWwXQp0NfpnNBAoHBAPcnqz2uZaVZO7LiZEMc3cDfiPTp2vhf\n" + "VRYNyvTZIYgAox8k49waEQq6MyD5N2oWyRjWsQ0ta/BqJgMLoG42oyDntp/HGhZC\n" + "SxLQEu4ursFsCE32I4nyt7DD5erzX+H6folRq2BelL6ISwdr1g1wJZ3cCrwGbG/P\n" + "7MUYtSo026K9iXCqv9t7Q3TYe7yECVrxqbOu++C2df8IodehUm5wQZTsysBDfCHZ\n" + "PT9m4Qfaryq/u4N5w8nCt/Ep3JkjqyJL4wKBwQDaX4WbwL6ipyt6k4NZ6dEe0aLT\n" + "yKowO0rAWckr6WbA6kFBV2JWPswdV7gCqSOaae+UVc6cpw07jc39vsFNFGDL6OfC\n" + "HvmjQ2HQ/Mf4RjNTSt1rYpiB7DTqtLCys454OHFxo0UinXUc20+timroLEJbZJ23\n" + "upgAvico9zgCyjiwHoEVCpwZerLcLJk44mSGANiBLMo6YfyWj+PfLOeXu5rs4vhC\n" + "K0JBPdIzXHKwv996qFpy8xBatfO/+CH2NR/D1uECgcB8mATdbWNUfa14umQs6Qpp\n" + "Rsb2IEYA2547Jezgje03cIrLEn/D32gj7kYEI15qHt51pRVQPUuiwQA0nNHdfbGy\n" + "ztzjoy1ldzn9W+OPKv1yCJIPKzwzOKadd8QaM2Jsuyi69O7eABAgFPkt3pDj6Vst\n" + "P1Yx/1L+8uS7X39ErazjV4VHxOw/Kt6Qsul92VoV/Km+KUJUv+awEJv15h92CSUm\n" + "fFChp+OV9LvJkIV0vit783gGCYZH2d98tcu9b5vACF0CgcAZM0rM5ZpaVOZcl+dh\n" + "me0LHHAo9pBFTqJavkHL8nxsKNxs+POdNlQB0tymWfSE3lLKkHhudYy+Yafy72+J\n" + "QJ/HCFKugTqXz6/bGUDOcvN7WjlhKhilbafRqhZ2GOiJESJuVcQlsXwRX3G7eizK\n" + "LElgGKVmzX67HzaPsK/jCokuMeb9kaLgAdvgMrlf6ihlmnVhutR/lk065tIKMDlt\n" + "tjWzvqGdqTZVJxg52yJVKV9V3VXKzCgH/9VoQu9QZWMMC6ECgcEAu2lYMEfbrTYS\n" + "u2ukovL69EnxUfQ76f8/cs3gVsOWRxPN6MFe8pR7lC03orHckGdwVF0uUSbek4F7\n" + "vmZxewPQvVWntGfyL3uhln+xyJbfd/a4YThTDzXIy++jdrKGCVPc9Z+XPWJyc5qM\n" + "fA7FxB9uBfVyHKa3LIsuvyFtSKF38pEVMrL4kTnB++Eg536AOZbYB351dMi0qXzN\n" + "Ljyi36ud0J5l00OZAanLPw7dklZOTYNguCDRhi6k7qpayV7ywLSB\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t rawpk_private_key2 = { + (unsigned char*)rawpk_private_key_pem2, + sizeof(rawpk_private_key_pem2) - 1 +}; + +#endif /* GNUTLS_TESTS_CERT_COMMON_H */ diff --git a/tests/cert-reencoding.sh b/tests/cert-reencoding.sh new file mode 100755 index 0000000..547a37c --- /dev/null +++ b/tests/cert-reencoding.sh @@ -0,0 +1,272 @@ +#!/bin/sh + +# Test case: Try to establish TLS connections with gnutls-cli and +# check the validity of the server certificate via OCSP +# +# Copyright (C) 2016 Thomas Klute +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${DIFF=diff} +SERVER_CERT_FILE="cert.$$.pem.tmp" +SERVER_KEY_FILE="key.$$.pem.tmp" +CLIENT_CERT_FILE="cli-cert.$$.pem.tmp" +CLIENT_KEY_FILE="cli-key.$$.pem.tmp" +CA_FILE="ca.$$.pem.tmp" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +export TZ="UTC" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT + +# Port to use for OCSP server, must match the OCSP URI set in the +# server_*.pem certificates +eval "${GETPORT}" + +# Check for OpenSSL +: ${OPENSSL=openssl} +if ! ("$OPENSSL" version) > /dev/null 2>&1; then + echo "You need openssl to run this test." + exit 77 +fi + +SERVER_PID="" +TLS_SERVER_PID="" +stop_servers () +{ + test -z "${SERVER_PID}" || kill "${SERVER_PID}" + rm -f "${SERVER_CERT_FILE}" + rm -f "${SERVER_KEY_FILE}" + rm -f "${CLIENT_CERT_FILE}" + rm -f "${CLIENT_KEY_FILE}" + rm -f "${CA_FILE}" +} +trap stop_servers 1 15 2 EXIT + + +cat >${CA_FILE} <<_EOF +-----BEGIN CERTIFICATE----- +MIIC6jCCAdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu +c2hpZnQtc2lnbmVyQDE1MTgxOTUxNDgwHhcNMTgwMjA5MTY1MjI3WhcNMjMwMjA4 +MTY1MjI4WjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MTgxOTUxNDgw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUJDl3RHbicnWWcxinW2k5 +Bz3IJ6NWhETGaLycsc9yWXf1HKxb5TQuiwmiTAgKo9vXHQrtKq991279QYtw7sGC +bNJKfGMBFTBBMIFnNcT/ckhPxs8eVOY/cpiVnrZZfim1D7/nqmRQk5n8Si6Kx9se +U9PEwZnOdABeiCcCxxAXqSXw/3kZNgWY9Byf6gdGNWcsClTiu4tHRtk05dnJnyuL +ruGFnQXElq+CofayEsWJ6WXH0R2uhy7tOrI8Twu+XYxcQiMXaz93vePzOuxjY/tH +leg26xNgRmtaM9xJ+mlQkbULK32AiUROq51PvJaXDJMg9se6sZndBCgxrKm7YAL/ +AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQBmI5HiWNgYwC87MLWsicGquhcBm9letaY+s1HUKgJNBbh1 +jaKoHv+asWySrWVcPp1qszD7/clzuoVL6XdEPNet9L41NiaU3B7IeMgJWAz/nR2b +JdcazzsUkaXFVhdFkyx2mIqSX2yjPgUjehKXuOZ8bbfbWYF8IeKGVc1YHawKPdSE +vFFf5U09f3TmQWAh3o/FNt+cQCi8TkIRnLndvKTZ/PxHPi3o8cm60a+FGqKoT00d +eC6+8RSihgV3y214DP+llakiCuQDVnMCccdU8EZ+AgKaKhxUXIh3CZR/dRvBtzcA +I1YtLa8NGet7Qjnpwsc+NuFb0pJNoiVtKw3EejUA +-----END CERTIFICATE----- +_EOF + +cat >${SERVER_KEY_FILE} <<_EOF +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAwZMHoY9/cUE5OqeTK/Ch1uHOAp0FRBtBcK95Kiq2tzVWcy2Q +0UP5oOMCRnMeh4bFin++fPwvF1jC7OdXMaV1S+FgwVjpi7BAI/bxG6jycEguEfrV +gon57qj6OfnHtvWjsL2SCdMioDAB5dbgR8JWGykf7CkVHgh1Lm1FcdbyTR/vw7yP +yPQ+YEj1dY4fURVEXc9yxJ+J5lY/vkESSunsGO+EUGoiFjQ1mTh3JMcohRoNvuB+ +p4/g+wr7LfajkGDqtxM9YmVarrLNa9VvABF6NaO+W4ejvFUkz5+EZrc3MtLc6X60 +OlbM2u4VywenuVH5ZYYoZ0lZS6p0MZuq3zMgTQIDAQABAoIBAHohjw4DILBPK5Fz +SyrM/v85pqYFdd4bqDU1sSfGnVOIZovy8szlq2kz8SqL1XZCtP4GTSREZF3BlfKs +n1nmf9QpVceHloqY4E8Qrdz6wkPPdqnHbdCXx0Yp/P55NuWbo/SOFsb2HIGe6IOg +CA+ecH9gehChdv5k7bImJUuHB4dahsUSVuH5c1d76d+R6NYxCAppc3oy8LVTCGgU +ig1Vfp9ismASLeqlPAXDniIb1yCbnsqE09GCSrOQtZ6yVR8trqxZAO+2xx9fTScx +1n+YLLxgzrSQhmPzNxKbOjNyq9xCZiB8uwih8U0nwSnRwdDIgJchp8367rchyBmq +gNcL9S0CgYEA6g9MWMXViUnFkaZPxV9lbHqRkbZjTgdZ6HUpVAJkTPYmLCVSH09A +c7FKLuSLH2rlabg/xnzcmqSdJsU7zDst8+w6kxRujFPw9gZUweCaM4bA4cGnvMj/ +4uhy6CkBAEW/009wXqqahQhtkEuw2yXhAkHUR+wbIeTye9uJkWiJj4cCgYEA07g1 +RmIMLmxrt/0CoOUG1Z5yvxlaI1Cp+ZGPpCtp6pBkwFFzd6SzlnMvfqrF2z9fezsv +8c+dWbRfLItmn5PvjIhXq3hhvD6MJeXaPXZAAVUC5pKiu707BnGeu+Lk0exZMAgB +pS2WJKZCZaC0NUJ27m/Wwh2W+shk5rnFI8MkvosCgYEA4pTKsMlbTRsIUlYwtP4D +fj8tOmTYv0mohLsetf/WvxYun9/FHyAmYZkIGlsOPuzJh01hF7H6EQ44P7cBi1Ti +yFYv4gAOgHQmONSqKkFWpXjWsfU5fy0JYczqp8pB+NSMvXASdOIs0Yn2HpDXdV62 +8uttJ+7t2SL8hmBhTU1olXMCgYBDGSQ5NCWsKMxSuSq2Fx99YAP5sG0yuAPGhm1B +mEivACgOE0JG7rnDuqmYuUKPY5w9D9r4BdZWcaWgFmXluRq4LRWr0DEZWbFM6XWq ++Oj8AxcyP9K3MRedyTCHVzcxmHgDkuYClVn6L37nenDiWDgdBPDJAFuzCwN/Y+yo +ktX4VQKBgAUqF/Inpj8X8l07FmZWNmnN/9ZmwxGfRUrVc4Ug/gdZJdKewrXoRlV5 +5w6uSWxkTcNfGJ71lNtu84Fckn2vb+yga5XR42SH3+fIVpF6FrxLnWbVTjZ5ADrS +m1rOyDBy8Y9mwODrhICRnn4Q/oL+2EOFK8qSACJ0Ox8pSfJxZUcI +-----END RSA PRIVATE KEY----- +_EOF + +cat >${SERVER_CERT_FILE} <<_EOF +-----BEGIN CERTIFICATE----- +MIIENzCCAx+gAwIBAgIBGzANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu +c2hpZnQtc2lnbmVyQDE1MTgxOTUxNDgwHhcNMTgwMjI3MjAzMDQwWhcNMjAwMjI3 +MjAzMDQxWjAXMRUwEwYDVQQDEwwxMC4xMy4xMjkuNDcwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDBkwehj39xQTk6p5Mr8KHW4c4CnQVEG0Fwr3kqKra3 +NVZzLZDRQ/mg4wJGcx6HhsWKf758/C8XWMLs51cxpXVL4WDBWOmLsEAj9vEbqPJw +SC4R+tWCifnuqPo5+ce29aOwvZIJ0yKgMAHl1uBHwlYbKR/sKRUeCHUubUVx1vJN +H+/DvI/I9D5gSPV1jh9RFURdz3LEn4nmVj++QRJK6ewY74RQaiIWNDWZOHckxyiF +Gg2+4H6nj+D7Cvst9qOQYOq3Ez1iZVquss1r1W8AEXo1o75bh6O8VSTPn4Rmtzcy +0tzpfrQ6Vsza7hXLB6e5UfllhihnSVlLqnQxm6rfMyBNAgMBAAGjggF9MIIBeTAO +BgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIw +ADCCAUIGA1UdEQSCATkwggE1ggprdWJlcm5ldGVzghJrdWJlcm5ldGVzLmRlZmF1 +bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCJGt1YmVybmV0ZXMuZGVmYXVsdC5z +dmMuY2x1c3Rlci5sb2NhbIIJbG9jYWxob3N0gglvcGVuc2hpZnSCEW9wZW5zaGlm +dC5kZWZhdWx0ghVvcGVuc2hpZnQuZGVmYXVsdC5zdmOCI29wZW5zaGlmdC5kZWZh +dWx0LnN2Yy5jbHVzdGVyLmxvY2FsggwxMC4xMy4xMjkuNDeCCTEyNy4wLjAuMYIK +MTcyLjE3LjAuMYIKMTcyLjMwLjAuMYINMTkyLjE2OC4xMjQuMYIMMTkyLjE2OC4y +My4xhwQKDYEvhwR/AAABhwSsEQABhwSsHgABhwTAqHwBhwTAqBcBMA0GCSqGSIb3 +DQEBCwUAA4IBAQCGE5PJQn6cSj6MQe3GPcKTitLGHp94dJttB2v4Q9Gj9aKF9fI+ +fbNb7Kgh8fPRKxVqU400aio2aQiCONIe7PlnjKjWTkJjKgntcOx/UAES1q13fRIU +mF/tH5jX6JlL0VbvQ97vYar0pXfF97A2JDjFB1cj0axULPA+RH+Z2QgQ4slzPtz9 +CvRFdicHLHCiqPVKFB5vTmtNoG/Hzjd8rMPpyW9bf8PeNeyUjV5g/JGUyqfovHiW +2OC96XKWOgCnPYLZ5LAtk33GyMnL+sxWzr4Kgp4Q3OfBFYVthG0NInIu0zYorR8G +avi3GlxRtyRyE79dmPPXA2kLNFApSq3o2jkV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC6jCCAdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu +c2hpZnQtc2lnbmVyQDE1MTgxOTUxNDgwHhcNMTgwMjA5MTY1MjI3WhcNMjMwMjA4 +MTY1MjI4WjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1MTgxOTUxNDgw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUJDl3RHbicnWWcxinW2k5 +Bz3IJ6NWhETGaLycsc9yWXf1HKxb5TQuiwmiTAgKo9vXHQrtKq991279QYtw7sGC +bNJKfGMBFTBBMIFnNcT/ckhPxs8eVOY/cpiVnrZZfim1D7/nqmRQk5n8Si6Kx9se +U9PEwZnOdABeiCcCxxAXqSXw/3kZNgWY9Byf6gdGNWcsClTiu4tHRtk05dnJnyuL +ruGFnQXElq+CofayEsWJ6WXH0R2uhy7tOrI8Twu+XYxcQiMXaz93vePzOuxjY/tH +leg26xNgRmtaM9xJ+mlQkbULK32AiUROq51PvJaXDJMg9se6sZndBCgxrKm7YAL/ +AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQBmI5HiWNgYwC87MLWsicGquhcBm9letaY+s1HUKgJNBbh1 +jaKoHv+asWySrWVcPp1qszD7/clzuoVL6XdEPNet9L41NiaU3B7IeMgJWAz/nR2b +JdcazzsUkaXFVhdFkyx2mIqSX2yjPgUjehKXuOZ8bbfbWYF8IeKGVc1YHawKPdSE +vFFf5U09f3TmQWAh3o/FNt+cQCi8TkIRnLndvKTZ/PxHPi3o8cm60a+FGqKoT00d +eC6+8RSihgV3y214DP+llakiCuQDVnMCccdU8EZ+AgKaKhxUXIh3CZR/dRvBtzcA +I1YtLa8NGet7Qjnpwsc+NuFb0pJNoiVtKw3EejUA +-----END CERTIFICATE----- +_EOF + +cat >${CLIENT_KEY_FILE} <<_EOF +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAtOVer+O8g8uO4vWtkdlZBoPPKV94gXqVrM4Xere9ZnQCPtvt +p7bOOOZ/5S5NjYvwC2fAlZvd5yvxorq3+a45yTkd2ep8HFLJ23nAH8/WG2VIAxRY +B244Qzr/GBmbgR9ugJMEQRQNq5uSifSnYxh1M8UcE90p9MhAJV9XKIPxRrJ68SoK +8F0zZzpag4UftvVe4NbzfE1yVoEHQWFoA481iap3Z2bykIPWNUun/fVmeYHML931 +qqKTlhrxzwDnxomt/LHMtmdGve1i5YuULq2u7t8ofPLRV0czDfJhwfmncY7n9y5g +a0LRhOEI2xKsrXA9Yvkui3h0TzuvFtCqM02XRQIDAQABAoIBAQCKyI7kkuxGkR2G +ssX/Z6kNfoKpUz242LuMYHFTDTSaLdarM0AZs/5zWSQ2SFfniL0ZgvgV0AdnHCe+ +mVIclLZw0wk77tJZSIrlf3sO7P1u9z1QX4NJ8B3qNpEPhFXxspOswR46b5AtYKYE +gVcKh/EjTs5DzyIpUpkkEwljZBbwDSL0ORN4yu7iRl+UTCTCc4WuLTwpqAxSzdj2 +dnWh9dsbBURvtPCE5pd6isYUsNWZWw7rxywJryzIXxFjgEI2gZVpzu3qZSsgbfzb +2vu8HROiuXiJOI1p43LYVpc2YQJn2BuiKqJdWLC11KAJA7OXMoFw5j2hXKVI+Odc +UFVJhd4BAoGBAMQX4G+iC2yoWHqbeBfTWrh2jKdjsz1THWIbR8AgXnYh1N6WCnC6 +7idFsjnZHND0YK4oYEbs/a78c2Yb7O8xkqQSQKvdDltfeYStd2wlBXvLB3StM86V +mSY+WneVVkZAkyD+crmYSRlyKtmaLs2bB48bTtwJqxxMTUXFvPGImOOVAoGBAOwo +8Eh9DAuD6p9fnu1WyuA+78dwHSEz+Kn5VruZfRgdfyqnRz50Ukpc8/leSJXLRC+h +oVLtPkwPwePpZ+5dTk6nanMe5teLdKffkbG3VW8OwhkOq9+siR9yZDpugCR/GDC9 +o8zolqtABOO1M49tIOhtgcLEJI7EasOiLQH5i/jxAoGBAL92JLA6wvbbxFAqPm7c +8aZMMfc6NIb7ASSKSFtB/5lOXR7b1uPM0L1NosAyyZ0IDuHdEGwP934EhdQ8DfJa +L7i9DaIA24TBys+N452W5CzDxsrYVk4t6PPbS8+Y4z0CzeUYLAIku7L5svb2QR6F +cTL8UdosIoMlyQkIEfyvB8ClAoGAdxzC7NzdWWWEzjOtdioDk41K5T3AA4IyFpEj +VOW6uZIPFNVgUrja1JUDnTAXzi3Cy39rXec5N6Xu9mRAPnKjT3qTb1MTvX2iLhXO +Z2N/3M8FyRukRuHAG7NXqD0Zts6/xb2ww2ZAsElO7gbz5ZB2O6UYAMNraPLaoqfG +qatTFRECgYEAlqX225YTimBQYBsQhzuc624z4gFeSvQAIQUt7TYi76ROuGAeGpOg +wDCJ9nL+GQK3lLfvq4rJ7osj+Nb6dAZ8ReUDfdiQJPnXzR14TlFFuOB2F5dY7g0R +1q68UhDRGxZPpbzniB3XORUn0l7GGyDRG1cwd45NyVhh1Z+4OijFUlU= +-----END RSA PRIVATE KEY----- +_EOF + +cat >${CLIENT_CERT_FILE} <<_EOF +-----BEGIN CERTIFICATE----- +MIIDJDCCAgygAwIBAgIBCDANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu +c2hpZnQtc2lnbmVyQDE1MTgxOTUxNDgwHhcNMTgwMjA5MTY1MjI4WhcNMjAwMjA5 +MTY1MjI5WjBOMTUwHAYDVQQKExVzeXN0ZW06Y2x1c3Rlci1hZG1pbnMwFQYDVQQK +Ew5zeXN0ZW06bWFzdGVyczEVMBMGA1UEAxMMc3lzdGVtOmFkbWluMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOVer+O8g8uO4vWtkdlZBoPPKV94gXqV +rM4Xere9ZnQCPtvtp7bOOOZ/5S5NjYvwC2fAlZvd5yvxorq3+a45yTkd2ep8HFLJ +23nAH8/WG2VIAxRYB244Qzr/GBmbgR9ugJMEQRQNq5uSifSnYxh1M8UcE90p9MhA +JV9XKIPxRrJ68SoK8F0zZzpag4UftvVe4NbzfE1yVoEHQWFoA481iap3Z2bykIPW +NUun/fVmeYHML931qqKTlhrxzwDnxomt/LHMtmdGve1i5YuULq2u7t8ofPLRV0cz +DfJhwfmncY7n9y5ga0LRhOEI2xKsrXA9Yvkui3h0TzuvFtCqM02XRQIDAQABozUw +MzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDAYDVR0TAQH/ +BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAI5ZEs4jVJ8TFkyntHOSnQieK6KRQoQlR +cERjbdd4VNwC935WO2hn2a0L09HB2RuE9RNLVyNfl2xqZJLs60htwMXtQMTWUcZl +b7t3usT24eZ6/pLiNR2TfptAXnOIKC9Eyl+2AtX4J0F1A7UdQ/Lx2v0sxkyi4m6/ +t4mLiXznv3sQDt1gTwqzk96ri4cRRWas+4xrekrgpW1Ihm9EKHpcWPA+1sEVTQts +GsdY90vo8XLmGADA5W65O7fLb5OenYKrY71nAnRRrg2btclWuF1IwBQ9gTW3DV32 +efG5F9prPIasEpbVUhgSHxVXBr/9SAol4b44FvMRhZc3YwbGjFWdHQ== +-----END CERTIFICATE----- +_EOF + +echo "=== Bringing TLS server up ===" + +TESTDATE="2018-03-01" + +# Start OpenSSL TLS server +# +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${OPENSSL}" s_server -cert ${SERVER_CERT_FILE} -key ${SERVER_KEY_FILE} \ + -CAfile ${CA_FILE} -port ${PORT} -Verify 1 -verify_return_error -www +SERVER_PID="${!}" +wait_server "${SERVER_PID}" + +datefudge -s "${TESTDATE}" \ + "${CLI}" --x509certfile ${CLIENT_CERT_FILE} \ + --x509keyfile ${CLIENT_KEY_FILE} --x509cafile=${CA_FILE} \ + --port="${PORT}" localhost +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* This program tests whether the GNUTLS_CERT_* flags + * work as expected. + */ + +static void server_log_func(int level, const char *str) +{ +// fprintf (stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio) +{ + int ret; + const char *p; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + gnutls_init(&session, GNUTLS_CLIENT); + + ret = + gnutls_priority_set_direct(session, + prio, &p); + if (ret < 0) { + fail("error in setting priority: %s\n", p); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + if (debug) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + } + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +static void server(int fd, const char *prio, unsigned status, int expected) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + gnutls_init(&session, GNUTLS_SERVER); + + assert(gnutls_priority_set_direct(session, + prio, NULL)>=0); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + gnutls_certificate_server_set_request(session, status); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret == expected) { + if (debug) + success + ("server: Handshake finished as expected (%d)\n", ret); + goto finish; + } else { + fail("expected %d, handshake returned %d\n", expected, + ret); + } + + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + finish: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *prio, unsigned status, int expected) +{ + int fd[2]; + int ret; + pid_t child; + int pstatus = 0; + + success("testing: %s (%d,%d)\n", prio, status, expected); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio, status, expected); + waitpid(-1, &pstatus, 0); + check_wait_status_for_sig(pstatus); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } +} + +static void ch_handler(int sig) +{ + return; +} + + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start("NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", GNUTLS_CERT_IGNORE, 0); + start("NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", GNUTLS_CERT_REQUEST, 0); + start("NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", GNUTLS_CERT_REQUIRE, GNUTLS_E_NO_CERTIFICATE_FOUND); + + start("NORMAL:-VERS-ALL:+VERS-TLS1.2", GNUTLS_CERT_IGNORE, 0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2", GNUTLS_CERT_REQUEST, 0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2", GNUTLS_CERT_REQUIRE, GNUTLS_E_NO_CERTIFICATE_FOUND); + + start("NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_CERT_IGNORE, 0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_CERT_REQUEST, 0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_CERT_REQUIRE, GNUTLS_E_CERTIFICATE_REQUIRED); + + start("NORMAL", GNUTLS_CERT_IGNORE, 0); + start("NORMAL", GNUTLS_CERT_REQUEST, 0); + start("NORMAL", GNUTLS_CERT_REQUIRE, GNUTLS_E_CERTIFICATE_REQUIRED); +} + +#endif /* _WIN32 */ diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am new file mode 100644 index 0000000..3df4784 --- /dev/null +++ b/tests/cert-tests/Makefile.am @@ -0,0 +1,188 @@ +## Process this file with automake to produce Makefile.in +# Copyright (C) 2007-2008, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem \ + data/template-test.key data/template-test.pem templates/template-test.tmpl \ + data/funny-spacing.pem data/ca-certs.pem data/dane-test.rr data/cert-ecc256.pem \ + data/bmpstring.pem data/template-utf8.pem templates/template-utf8.tmpl \ + templates/template-dn.tmpl data/template-dn.pem data/complex-cert.pem \ + data/template-overflow.pem templates/template-overflow.tmpl data/template-overflow2.pem \ + templates/template-overflow2.tmpl data/template-crq.pem data/cert-ecc256-full.pem \ + templates/template-date.tmpl data/template-date.pem templates/template-dn-err.tmpl \ + templates/template-nc.tmpl data/template-nc.pem data/xmpp-othername.pem \ + suppressions.valgrind data/csr-invalid.der data/invalid-sig2.pem data/invalid-sig3.pem \ + data/invalid-sig.pem email-certs/chain.exclude.test.example.com email-certs/chain.test.example.com \ + email-certs/chain.invalid.example.com email-certs/chain.test.example.com-2 \ + data/single-ca.p7b data/single-ca.p7b.out data/full.p7b data/full.p7b.out data/detached.p7b \ + data/pkcs7-detached.txt data/p7-combined.out data/template-generalized.pem \ + templates/template-generalized.tmpl data/privkey1.pem data/privkey2.pem data/privkey3.pem \ + data/name-constraints-ip.pem data/cert-invalid-utf8.der data/very-long-dn.pem \ + data/provable3072.pem data/provable2048.pem data/provable-dsa2048.pem \ + data/provable-dsa2048-fips.pem templates/template-crq.tmpl data/invalid-sig5.pem \ + templates/template-unique.tmpl data/template-unique.pem data/invalid-sig4.pem \ + templates/template-othername.tmpl data/template-othername.pem \ + templates/template-othername-xmpp.tmpl data/template-othername-xmpp.pem \ + templates/template-krb5name.tmpl data/crl-demo1.pem data/crl-demo2.pem data/crl-demo3.pem \ + data/template-krb5name.pem data/template-krb5name-full.pem data/template-test-ecc.key \ + data/template-rsa-sha3-256.pem data/template-rsa-sha3-512.pem data/template-rsa-sha3-224.pem \ + data/template-rsa-sha3-384.pem data/long-oids.pem \ + data/name-constraints-ip2.pem data/chain-md5.pem data/pubkey-ecc256.pem \ + templates/template-dates-after2038.tmpl data/template-dates-after2038.pem \ + data/gost-cert.pem data/gost-cert-nogost.pem data/gost94-cert.pem \ + templates/template-tlsfeature.tmpl data/cert-with-crl.p12 \ + data/template-tlsfeature.pem data/template-tlsfeature.csr \ + templates/template-tlsfeature-crq.tmpl templates/arb-extensions.tmpl data/arb-extensions.pem \ + data/arb-extensions.csr data/pkcs1-pad-ok.pem data/pkcs1-pad-broken.pem \ + data/pkcs1-pad-ok2.pem data/pkcs1-pad-broken2.pem data/pkcs1-pad-broken3.pem \ + data/client.p12 data/noclient.p12 data/unclient.p12 data/pkcs12_2certs.p12 \ + data/pkcs12_5certs.p12 data/test-null.p12 data/cert-ca.p12 data/sha256.p12 \ + data/key-ca.pem data/key-subca.pem data/key-subsubca.pem data/key-user.pem \ + data/key-dsa.pem data/key-ca-dsa.pem data/key-subca-dsa.pem \ + data/ca-public.gpg data/srv-public-all-signed.gpg data/srv-secret.gpg \ + data/ca-secret.gpg data/srv-public.gpg data/srv-public-127.0.0.1-signed.gpg \ + data/srv-public-localhost-signed.gpg data/selfsigs/alice-mallory-badsig18.pub \ + data/selfsigs/alice-mallory-irrelevantsig.pub data/selfsigs/alice-mallory-nosig18.pub \ + data/selfsigs/alice.pub data/key-utf8-1.p12 data/key-utf8-2.p12 \ + data/code-signing-ca.pem data/code-signing-cert.pem data/multi-value-dn.pem \ + data/pkcs7-cat-ca.pem data/pkcs7-cat.p7 data/openssl.p7b data/openssl.p7b.out \ + data/openssl-keyid.p7b data/openssl-keyid.p7b.out data/openssl.p12 \ + data/x509-v1-with-sid.pem data/x509-v1-with-iid.pem data/x509-v3-with-fractional-time.pem \ + templates/template-long-dns.tmpl templates/template-long-serial.tmpl \ + data/key-rsa-pss-raw.pem data/key-rsa-pss.pem data/cve-2019-3829.pem \ + data/long-dns.pem data/template-long-dns-crq.pem data/chain-with-critical-on-root.pem \ + data/chain-with-critical-on-intermediate.pem data/chain-with-critical-on-endcert.pem \ + templates/crit-extensions.tmpl data/crit-extensions.pem data/x509-with-zero-version.pem \ + data/key-corpus-rc2-1.p12 data/key-corpus-rc2-2.p12 data/key-corpus-rc2-3.p12 \ + data/key-corpus-rc2-1.p12.out data/no-salt.p12 data/mac-sha512.p12 data/pbes1-no-salt.p12 \ + templates/inhibit-anypolicy.tmpl data/inhibit-anypolicy.pem data/aes-128.p12 \ + data/pkcs7.smime data/invalid-date-hour.der data/invalid-date-mins.der \ + data/invalid-date-secs.der data/invalid-date-month.der data/invalid-date-day.der \ + data/mem-leak.p12 data/alt-chain-new-ca.pem data/alt-chain-old-ca.pem \ + data/alt-chain.pem data/pkcs7-chain.pem data/pkcs7-chain-root.pem data/chain-eddsa.pem \ + data/pkcs7-chain-endcert-key.pem data/cert-rsa-pss.pem data/openssl-invalid-time-format.pem \ + data/cert-eddsa.pem data/pubkey-eddsa.pem data/pkcs7-eddsa-sig.p7s \ + data/key-ca.pem data/key-user.pem data/template-sgenerate.pem \ + data/ca-gnutls-keyid.pem data/ca-no-keyid.pem data/ca-weird-keyid.pem \ + data/key-ca-1234.p8 data/key-ca-empty.p8 data/key-ca-null.p8 \ + data/openssl-key-ecc.p8 data/key-ecc.p8 data/key-ecc.pem suppressions.valgrind \ + data/encpkcs8.pem data/unencpkcs8.pem data/enc2pkcs8.pem data/dup-exts.pem \ + data/openssl-3des.p8 data/openssl-3des.p8.txt data/openssl-aes128.p8 \ + data/openssl-aes128.p8.txt data/openssl-aes256.p8 data/openssl-aes256.p8.txt \ + data/cert.dsa.1024.pem data/cert.dsa.2048.pem data/cert.dsa.3072.pem \ + data/dsa.1024.pem data/dsa.2048.pem data/dsa.3072.pem data/dsa-pubkey-1018.pem \ + data/bad-key.pem data/p8key-illegal.pem data/key-illegal.pem data/pkcs8-pbes2-sha256.pem \ + data/pkcs8-pbes1-des-md5.pem data/pkcs8-invalid8.der data/key-invalid1.der \ + data/key-invalid4.der data/key-invalid5.der data/key-invalid6.der \ + data data/pkcs8-invalid9.der data/key-invalid2.der data/pkcs8-invalid10.der \ + data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt \ + data/rfc4490.p7b data/rfc4490.p7b.out data/gost01.p12 data/gost12.p12 data/gost12-2.p12 \ + data/ca-crl-invalid.crl data/ca-crl-invalid.pem data/ca-crl-valid.pem data/ca-crl-valid.crl \ + data/rfc4134-ca-rsa.pem data/rfc4134-4.5.p7b templates/template-no-ca.tmpl \ + data/key-gost01.p8 data/key-gost01-2.p8 data/key-gost01-2-enc.p8 data/crq-cert-no-ca.pem \ + data/key-gost12-256.p8 data/key-gost12-256-2.p8 data/key-gost12-256-2-enc.p8 \ + data/key-gost12-512.p8 data/grfc.crt data/gost-cert-ca.pem data/gost-cert-new.pem \ + data/cert-with-non-digits-time-ca.pem data/cert-with-non-digits-time.pem \ + data/chain-512-leaf.pem data/chain-512-subca.pem data/chain-512-ca.pem \ + templates/template-no-ca-honor.tmpl templates/template-no-ca-explicit.tmpl \ + data/crq-cert-no-ca-explicit.pem data/crq-cert-no-ca-honor.pem data/commonName.cer \ + templates/simple-policy.tmpl data/simple-policy.pem + +dist_check_SCRIPTS = pathlen.sh aki.sh invalid-sig.sh email.sh \ + pkcs7.sh pkcs7-broken-sigs.sh privkey-import.sh name-constraints.sh certtool-long-cn.sh crl.sh provable-privkey.sh \ + provable-dh.sh sha2-test.sh sha2-dsa-test.sh provable-privkey-dsa2048.sh \ + provable-privkey-rsa2048.sh provable-privkey-gen-default.sh pkcs7-constraints.sh \ + pkcs7-constraints2.sh certtool-long-oids.sh pkcs7-cat.sh cert-sanity.sh cert-critical.sh \ + pkcs12.sh certtool-crl-decoding.sh pkcs12-encode.sh pkcs12-corner-cases.sh inhibit-anypolicy.sh \ + smime.sh cert-time.sh alt-chain.sh pkcs7-list-sign.sh pkcs7-eddsa.sh certtool-ecdsa.sh \ + key-id.sh pkcs8.sh pkcs8-decode.sh ecdsa.sh illegal-rsa.sh pkcs8-invalid.sh key-invalid.sh \ + pkcs8-eddsa.sh certtool-subca.sh certtool-verify-profiles.sh x509-duplicate-ext.sh x25519-and-x448.sh + +dist_check_SCRIPTS += key-id.sh ecdsa.sh pkcs8-invalid.sh key-invalid.sh pkcs8-decode.sh pkcs8.sh pkcs8-eddsa.sh \ + certtool-utf8.sh crq.sh + +if STRICT_DER_TIME +dist_check_SCRIPTS += cert-non-digits-time.sh reject-invalid-time.sh +else +dist_check_SCRIPTS += tolerate-invalid-time.sh +endif + +if WANT_TEST_SUITE +dist_check_SCRIPTS += provable-dh-default.sh +endif + +if !WINDOWS +dist_check_SCRIPTS += template-test.sh pem-decoding.sh othername-test.sh krb5-test.sh sha3-test.sh md5-test.sh \ + tlsfeature-test.sh template-exts-test.sh pkcs1-pad.sh pkcs12-utf8.sh rsa-pss-pad.sh dsa.sh certtool.sh \ + template-policy-test.sh +endif + +if ENABLE_DANE +dist_check_SCRIPTS += dane.sh +endif + +if ENABLE_GOST +dist_check_SCRIPTS += gost.sh +if !WINDOWS +dist_check_SCRIPTS += pkcs12-gost.sh pkcs8-gost.sh +endif +endif + +dist_check_SCRIPTS += certtool-rsa-pss.sh certtool-eddsa.sh + +TESTS = $(dist_check_SCRIPTS) + +# Set detect_leaks=0 to ASAN. It seems it is detecting many leaks in tools +# which are not trivial, and makes no point to address. +TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ + LC_ALL="C" \ + VALGRIND='$(LOG_VALGRIND)' \ + LIBTOOL="$(LIBTOOL)" \ + top_builddir="$(top_builddir)" \ + abs_top_builddir="$(abs_top_builddir)" \ + ac_cv_sizeof_time_t="$(ac_cv_sizeof_time_t)" \ + ASAN_OPTIONS="detect_leaks=0:exitcode=6" \ + GNUTLS_TEST_SUITE_RUN=1 \ + GNUTLS_SYSTEM_PRIORITY_FILE=$(abs_top_srcdir)/tests/system.prio \ + PKCS12_ITER_COUNT="$(PKCS12_ITER_COUNT)" \ + srcdir="$(srcdir)" + +if ENABLE_FIPS140 +TESTS_ENVIRONMENT += FIPS140=1 +endif + +if WINDOWS +TESTS_ENVIRONMENT += WINDOWS=1 +endif + +if ENABLE_GOST +TESTS_ENVIRONMENT += ENABLE_GOST=1 +else +TESTS_ENVIRONMENT += ENABLE_GOST=0 +endif + +if DISABLE_BASH_TESTS +TESTS_ENVIRONMENT += DISABLE_BASH_TESTS=1 +endif + +AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind +LOG_COMPILER = $(LOG_VALGRIND) + +distclean-local: + rm -rf tmp-* *.tmp diff --git a/tests/cert-tests/Makefile.in b/tests/cert-tests/Makefile.in new file mode 100644 index 0000000..9c89c21 --- /dev/null +++ b/tests/cert-tests/Makefile.in @@ -0,0 +1,3256 @@ +# Makefile.in generated by automake 1.16.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2021 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Copyright (C) 2007-2008, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@STRICT_DER_TIME_TRUE@am__append_1 = cert-non-digits-time.sh reject-invalid-time.sh +@STRICT_DER_TIME_FALSE@am__append_2 = tolerate-invalid-time.sh +@WANT_TEST_SUITE_TRUE@am__append_3 = provable-dh-default.sh +@WINDOWS_FALSE@am__append_4 = template-test.sh pem-decoding.sh othername-test.sh krb5-test.sh sha3-test.sh md5-test.sh \ +@WINDOWS_FALSE@ tlsfeature-test.sh template-exts-test.sh pkcs1-pad.sh pkcs12-utf8.sh rsa-pss-pad.sh dsa.sh certtool.sh \ +@WINDOWS_FALSE@ template-policy-test.sh + +@ENABLE_DANE_TRUE@am__append_5 = dane.sh +@ENABLE_GOST_TRUE@am__append_6 = gost.sh +@ENABLE_GOST_TRUE@@WINDOWS_FALSE@am__append_7 = pkcs12-gost.sh pkcs8-gost.sh +@ENABLE_FIPS140_TRUE@am__append_8 = FIPS140=1 +@WINDOWS_TRUE@am__append_9 = WINDOWS=1 +@ENABLE_GOST_TRUE@am__append_10 = ENABLE_GOST=1 +@ENABLE_GOST_FALSE@am__append_11 = ENABLE_GOST=0 +@DISABLE_BASH_TESTS_TRUE@am__append_12 = DISABLE_BASH_TESTS=1 +subdir = tests/cert-tests +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \ + $(top_srcdir)/lib/unistring/m4/inline.m4 \ + $(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \ + $(top_srcdir)/src/gl/m4/atoll.m4 \ + $(top_srcdir)/src/gl/m4/bison.m4 \ + $(top_srcdir)/src/gl/m4/calloc.m4 \ + $(top_srcdir)/src/gl/m4/clock_time.m4 \ + $(top_srcdir)/src/gl/m4/codeset.m4 \ + $(top_srcdir)/src/gl/m4/ctype_h.m4 \ + $(top_srcdir)/src/gl/m4/environ.m4 \ + $(top_srcdir)/src/gl/m4/error.m4 \ + $(top_srcdir)/src/gl/m4/fdopen.m4 \ + $(top_srcdir)/src/gl/m4/flexmember.m4 \ + $(top_srcdir)/src/gl/m4/fpending.m4 \ + $(top_srcdir)/src/gl/m4/fpieee.m4 \ + $(top_srcdir)/src/gl/m4/fseek.m4 \ + $(top_srcdir)/src/gl/m4/ftruncate.m4 \ + $(top_srcdir)/src/gl/m4/getaddrinfo.m4 \ + $(top_srcdir)/src/gl/m4/getcwd.m4 \ + $(top_srcdir)/src/gl/m4/getpagesize.m4 \ + $(top_srcdir)/src/gl/m4/getpass.m4 \ + $(top_srcdir)/src/gl/m4/getprogname.m4 \ + $(top_srcdir)/src/gl/m4/gettime.m4 \ + $(top_srcdir)/src/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/src/gl/m4/hostent.m4 \ + $(top_srcdir)/src/gl/m4/intl-thread-locale.m4 \ + $(top_srcdir)/src/gl/m4/inttostr.m4 \ + $(top_srcdir)/src/gl/m4/ioctl.m4 \ + $(top_srcdir)/src/gl/m4/isblank.m4 \ + $(top_srcdir)/src/gl/m4/langinfo_h.m4 \ + $(top_srcdir)/src/gl/m4/lcmessage.m4 \ + $(top_srcdir)/src/gl/m4/locale-fr.m4 \ + $(top_srcdir)/src/gl/m4/locale-ja.m4 \ + $(top_srcdir)/src/gl/m4/locale-tr.m4 \ + $(top_srcdir)/src/gl/m4/locale-zh.m4 \ + $(top_srcdir)/src/gl/m4/locale_h.m4 \ + $(top_srcdir)/src/gl/m4/localename.m4 \ + $(top_srcdir)/src/gl/m4/lstat.m4 \ + $(top_srcdir)/src/gl/m4/mktime.m4 \ + $(top_srcdir)/src/gl/m4/nanosleep.m4 \ + $(top_srcdir)/src/gl/m4/nstrftime.m4 \ + $(top_srcdir)/src/gl/m4/parse-datetime.m4 \ + $(top_srcdir)/src/gl/m4/perror.m4 \ + $(top_srcdir)/src/gl/m4/pipe.m4 \ + $(top_srcdir)/src/gl/m4/pthread-thread.m4 \ + $(top_srcdir)/src/gl/m4/pthread_h.m4 \ + $(top_srcdir)/src/gl/m4/pthread_sigmask.m4 \ + $(top_srcdir)/src/gl/m4/putenv.m4 \ + $(top_srcdir)/src/gl/m4/raise.m4 \ + $(top_srcdir)/src/gl/m4/reallocarray.m4 \ + $(top_srcdir)/src/gl/m4/sched_h.m4 \ + $(top_srcdir)/src/gl/m4/sched_yield.m4 \ + $(top_srcdir)/src/gl/m4/select.m4 \ + $(top_srcdir)/src/gl/m4/semaphore.m4 \ + $(top_srcdir)/src/gl/m4/servent.m4 \ + $(top_srcdir)/src/gl/m4/setenv.m4 \ + $(top_srcdir)/src/gl/m4/setlocale.m4 \ + $(top_srcdir)/src/gl/m4/setlocale_null.m4 \ + $(top_srcdir)/src/gl/m4/sigaction.m4 \ + $(top_srcdir)/src/gl/m4/signal_h.m4 \ + $(top_srcdir)/src/gl/m4/signalblocking.m4 \ + $(top_srcdir)/src/gl/m4/sleep.m4 \ + $(top_srcdir)/src/gl/m4/sockets.m4 \ + $(top_srcdir)/src/gl/m4/strerror.m4 \ + $(top_srcdir)/src/gl/m4/strerror_r.m4 \ + $(top_srcdir)/src/gl/m4/strtoll.m4 \ + $(top_srcdir)/src/gl/m4/symlink.m4 \ + $(top_srcdir)/src/gl/m4/sys_ioctl_h.m4 \ + $(top_srcdir)/src/gl/m4/sys_select_h.m4 \ + $(top_srcdir)/src/gl/m4/thread.m4 \ + $(top_srcdir)/src/gl/m4/time_rz.m4 \ + $(top_srcdir)/src/gl/m4/timegm.m4 \ + $(top_srcdir)/src/gl/m4/timespec.m4 \ + $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ + $(top_srcdir)/src/gl/m4/tzset.m4 \ + $(top_srcdir)/src/gl/m4/usleep.m4 \ + $(top_srcdir)/src/gl/m4/visibility.m4 \ + $(top_srcdir)/src/gl/m4/xalloc.m4 \ + $(top_srcdir)/src/gl/m4/yield.m4 $(top_srcdir)/m4/00gnulib.m4 \ + $(top_srcdir)/m4/__inline.m4 \ + $(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \ + $(top_srcdir)/m4/arpa_inet_h.m4 \ + $(top_srcdir)/m4/ax_ac_append_to_file.m4 \ + $(top_srcdir)/m4/ax_ac_print_to_file.m4 \ + $(top_srcdir)/m4/ax_add_am_macro_static.m4 \ + $(top_srcdir)/m4/ax_am_macros_static.m4 \ + $(top_srcdir)/m4/ax_check_gnu_make.m4 \ + $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/ax_file_escapes.m4 \ + $(top_srcdir)/m4/builtin-expect.m4 \ + $(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \ + $(top_srcdir)/m4/double-slash-root.m4 $(top_srcdir)/m4/dup2.m4 \ + $(top_srcdir)/m4/eealloc.m4 $(top_srcdir)/m4/errno_h.m4 \ + $(top_srcdir)/m4/explicit_bzero.m4 \ + $(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \ + $(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \ + $(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \ + $(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fopen.m4 \ + $(top_srcdir)/m4/free.m4 $(top_srcdir)/m4/fseeko.m4 \ + $(top_srcdir)/m4/fstat.m4 $(top_srcdir)/m4/ftell.m4 \ + $(top_srcdir)/m4/ftello.m4 $(top_srcdir)/m4/func.m4 \ + $(top_srcdir)/m4/getdelim.m4 $(top_srcdir)/m4/getdtablesize.m4 \ + $(top_srcdir)/m4/getline.m4 $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/gettimeofday.m4 \ + $(top_srcdir)/m4/gnulib-common.m4 \ + $(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \ + $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \ + $(top_srcdir)/m4/host-cpu-c-abi.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \ + $(top_srcdir)/m4/inet_pton.m4 $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/intmax_t.m4 $(top_srcdir)/m4/inttypes.m4 \ + $(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/largefile.m4 \ + $(top_srcdir)/m4/ld-output-def.m4 \ + $(top_srcdir)/m4/ld-version-script.m4 $(top_srcdir)/m4/ldd.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/lock.m4 \ + $(top_srcdir)/m4/lseek.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \ + $(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \ + $(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \ + $(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \ + $(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \ + $(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \ + $(top_srcdir)/m4/netdb_h.m4 $(top_srcdir)/m4/netinet_in_h.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/off_t.m4 \ + $(top_srcdir)/m4/open-cloexec.m4 \ + $(top_srcdir)/m4/open-slash.m4 $(top_srcdir)/m4/open.m4 \ + $(top_srcdir)/m4/pathmax.m4 $(top_srcdir)/m4/pkg.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/printf.m4 \ + $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \ + $(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \ + $(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/size_max.m4 \ + $(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \ + $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sockpfaf.m4 \ + $(top_srcdir)/m4/ssize_t.m4 $(top_srcdir)/m4/stat-time.m4 \ + $(top_srcdir)/m4/stat.m4 $(top_srcdir)/m4/stdalign.m4 \ + $(top_srcdir)/m4/stdbool.m4 $(top_srcdir)/m4/stddef_h.m4 \ + $(top_srcdir)/m4/stdint.m4 $(top_srcdir)/m4/stdint_h.m4 \ + $(top_srcdir)/m4/stdio_h.m4 $(top_srcdir)/m4/stdlib_h.m4 \ + $(top_srcdir)/m4/stpcpy.m4 $(top_srcdir)/m4/strcase.m4 \ + $(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/string_h.m4 \ + $(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \ + $(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \ + $(top_srcdir)/m4/strverscmp.m4 \ + $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \ + $(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \ + $(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \ + $(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \ + $(top_srcdir)/m4/unistd_h.m4 \ + $(top_srcdir)/m4/valgrind-tests.m4 \ + $(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \ + $(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/m4/wchar_h.m4 \ + $(top_srcdir)/m4/wchar_t.m4 $(top_srcdir)/m4/wint_t.m4 \ + $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/m4/zzgnulib.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__dist_check_SCRIPTS_DIST) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__dist_check_SCRIPTS_DIST = pathlen.sh aki.sh invalid-sig.sh \ + email.sh pkcs7.sh pkcs7-broken-sigs.sh privkey-import.sh \ + name-constraints.sh certtool-long-cn.sh crl.sh \ + provable-privkey.sh provable-dh.sh sha2-test.sh \ + sha2-dsa-test.sh provable-privkey-dsa2048.sh \ + provable-privkey-rsa2048.sh provable-privkey-gen-default.sh \ + pkcs7-constraints.sh pkcs7-constraints2.sh \ + certtool-long-oids.sh pkcs7-cat.sh cert-sanity.sh \ + cert-critical.sh pkcs12.sh certtool-crl-decoding.sh \ + pkcs12-encode.sh pkcs12-corner-cases.sh inhibit-anypolicy.sh \ + smime.sh cert-time.sh alt-chain.sh pkcs7-list-sign.sh \ + pkcs7-eddsa.sh certtool-ecdsa.sh key-id.sh pkcs8.sh \ + pkcs8-decode.sh ecdsa.sh illegal-rsa.sh pkcs8-invalid.sh \ + key-invalid.sh pkcs8-eddsa.sh certtool-subca.sh \ + certtool-verify-profiles.sh x509-duplicate-ext.sh \ + x25519-and-x448.sh certtool-utf8.sh crq.sh \ + cert-non-digits-time.sh reject-invalid-time.sh \ + tolerate-invalid-time.sh provable-dh-default.sh \ + template-test.sh pem-decoding.sh othername-test.sh \ + krb5-test.sh sha3-test.sh md5-test.sh tlsfeature-test.sh \ + template-exts-test.sh pkcs1-pad.sh pkcs12-utf8.sh \ + rsa-pss-pad.sh dsa.sh certtool.sh template-policy-test.sh \ + dane.sh gost.sh pkcs12-gost.sh pkcs8-gost.sh \ + certtool-rsa-pss.sh certtool-eddsa.sh +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red=''; \ + grn=''; \ + lgn=''; \ + blu=''; \ + mgn=''; \ + brg=''; \ + std=''; \ + fi; \ +} +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__recheck_rx = ^[ ]*:recheck:[ ]* +am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* +am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* +# A command that, given a newline-separated list of test names on the +# standard input, print the name of the tests that are to be re-run +# upon "make recheck". +am__list_recheck_tests = $(AWK) '{ \ + recheck = 1; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + { \ + if ((getline line2 < ($$0 ".log")) < 0) \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ + { \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ + { \ + break; \ + } \ + }; \ + if (recheck) \ + print $$0; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# A command that, given a newline-separated list of test names on the +# standard input, create the global log from their .trs and .log files. +am__create_global_log = $(AWK) ' \ +function fatal(msg) \ +{ \ + print "fatal: making $@: " msg | "cat >&2"; \ + exit 1; \ +} \ +function rst_section(header) \ +{ \ + print header; \ + len = length(header); \ + for (i = 1; i <= len; i = i + 1) \ + printf "="; \ + printf "\n\n"; \ +} \ +{ \ + copy_in_global_log = 1; \ + global_test_result = "RUN"; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".trs"); \ + if (line ~ /$(am__global_test_result_rx)/) \ + { \ + sub("$(am__global_test_result_rx)", "", line); \ + sub("[ ]*$$", "", line); \ + global_test_result = line; \ + } \ + else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ + copy_in_global_log = 0; \ + }; \ + if (copy_in_global_log) \ + { \ + rst_section(global_test_result ": " $$0); \ + while ((rc = (getline line < ($$0 ".log"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".log"); \ + print line; \ + }; \ + printf "\n"; \ + }; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# Restructured Text title. +am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } +# Solaris 10 'make', and several other traditional 'make' implementations, +# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it +# by disabling -e (using the XSI extension "set +e") if it's set. +am__sh_e_setup = case $$- in *e*) set +e;; esac +# Default flags passed to test drivers. +am__common_driver_flags = \ + --color-tests "$$am__color_tests" \ + --enable-hard-errors "$$am__enable_hard_errors" \ + --expect-failure "$$am__expect_failure" +# To be inserted before the command running the test. Creates the +# directory for the log if needed. Stores in $dir the directory +# containing $f, in $tst the test, in $log the log. Executes the +# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and +# passes TESTS_ENVIRONMENT. Set up options for the wrapper that +# will run the test scripts (or their associated LOG_COMPILER, if +# thy have one). +am__check_pre = \ +$(am__sh_e_setup); \ +$(am__vpath_adj_setup) $(am__vpath_adj) \ +$(am__tty_colors); \ +srcdir=$(srcdir); export srcdir; \ +case "$@" in \ + */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ + *) am__odir=.;; \ +esac; \ +test "x$$am__odir" = x"." || test -d "$$am__odir" \ + || $(MKDIR_P) "$$am__odir" || exit $$?; \ +if test -f "./$$f"; then dir=./; \ +elif test -f "$$f"; then dir=; \ +else dir="$(srcdir)/"; fi; \ +tst=$$dir$$f; log='$@'; \ +if test -n '$(DISABLE_HARD_ERRORS)'; then \ + am__enable_hard_errors=no; \ +else \ + am__enable_hard_errors=yes; \ +fi; \ +case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ + am__expect_failure=yes;; \ + *) \ + am__expect_failure=no;; \ +esac; \ +$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) +# A shell command to get the names of the tests scripts with any registered +# extension removed (i.e., equivalently, the names of the test logs, with +# the '.log' extension removed). The result is saved in the shell variable +# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, +# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", +# since that might cause problem with VPATH rewrites for suffix-less tests. +# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. +am__set_TESTS_bases = \ + bases='$(TEST_LOGS)'; \ + bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ + bases=`echo $$bases` +AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' +RECHECK_LOGS = $(TEST_LOGS) +AM_RECURSIVE_TARGETS = check recheck +TEST_SUITE_LOG = test-suite.log +TEST_EXTENSIONS = @EXEEXT@ .test +LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver +LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) +am__set_b = \ + case '$@' in \ + */*) \ + case '$*' in \ + */*) b='$*';; \ + *) b=`echo '$@' | sed 's/\.log$$//'`; \ + esac;; \ + *) \ + b='$*';; \ + esac +am__test_logs1 = $(TESTS:=.log) +am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) +TEST_LOGS = $(am__test_logs2:.test.log=.log) +TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver +TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ + $(TEST_LOG_FLAGS) +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/test-driver +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +AARCH64_CCASFLAGS = @AARCH64_CCASFLAGS@ +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind +APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +ASN1PARSER = @ASN1PARSER@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ +BYTESWAP_H = @BYTESWAP_H@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CFLAG_VISIBILITY = @CFLAG_VISIBILITY@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ +CONFIG_INCLUDE = @CONFIG_INCLUDE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CXX_LT_AGE = @CXX_LT_AGE@ +CXX_LT_CURRENT = @CXX_LT_CURRENT@ +CXX_LT_REVISION = @CXX_LT_REVISION@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_VALGRINDFLAGS = @DEFAULT_VALGRINDFLAGS@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DLL_SSL_VERSION = @DLL_SSL_VERSION@ +DLL_VERSION = @DLL_VERSION@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ +EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ +ENABLE_PADLOCK = @ENABLE_PADLOCK@ +ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ +ENOLINK_VALUE = @ENOLINK_VALUE@ +EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ +EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ +ERRNO_H = @ERRNO_H@ +ETAGS = @ETAGS@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FILECMD = @FILECMD@ +FIPS140_LIBS = @FIPS140_LIBS@ +FLOAT_H = @FLOAT_H@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETADDRINFO_LIB = @GETADDRINFO_LIB@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GL_GGL_GNULIB_ACCEPT = @GL_GGL_GNULIB_ACCEPT@ +GL_GGL_GNULIB_ACCEPT4 = @GL_GGL_GNULIB_ACCEPT4@ +GL_GGL_GNULIB_ACCESS = @GL_GGL_GNULIB_ACCESS@ +GL_GGL_GNULIB_ALIGNED_ALLOC = @GL_GGL_GNULIB_ALIGNED_ALLOC@ +GL_GGL_GNULIB_ATOLL = @GL_GGL_GNULIB_ATOLL@ +GL_GGL_GNULIB_BIND = @GL_GGL_GNULIB_BIND@ +GL_GGL_GNULIB_BTOWC = @GL_GGL_GNULIB_BTOWC@ +GL_GGL_GNULIB_CALLOC_POSIX = @GL_GGL_GNULIB_CALLOC_POSIX@ +GL_GGL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GGL_GNULIB_CANONICALIZE_FILE_NAME@ +GL_GGL_GNULIB_CHDIR = @GL_GGL_GNULIB_CHDIR@ +GL_GGL_GNULIB_CHOWN = @GL_GGL_GNULIB_CHOWN@ +GL_GGL_GNULIB_CLOSE = @GL_GGL_GNULIB_CLOSE@ +GL_GGL_GNULIB_CONNECT = @GL_GGL_GNULIB_CONNECT@ +GL_GGL_GNULIB_COPY_FILE_RANGE = @GL_GGL_GNULIB_COPY_FILE_RANGE@ +GL_GGL_GNULIB_CREAT = @GL_GGL_GNULIB_CREAT@ +GL_GGL_GNULIB_CTIME = @GL_GGL_GNULIB_CTIME@ +GL_GGL_GNULIB_DPRINTF = @GL_GGL_GNULIB_DPRINTF@ +GL_GGL_GNULIB_DUP = @GL_GGL_GNULIB_DUP@ +GL_GGL_GNULIB_DUP2 = @GL_GGL_GNULIB_DUP2@ +GL_GGL_GNULIB_DUP3 = @GL_GGL_GNULIB_DUP3@ +GL_GGL_GNULIB_DUPLOCALE = @GL_GGL_GNULIB_DUPLOCALE@ +GL_GGL_GNULIB_ENVIRON = @GL_GGL_GNULIB_ENVIRON@ +GL_GGL_GNULIB_EUIDACCESS = @GL_GGL_GNULIB_EUIDACCESS@ +GL_GGL_GNULIB_EXECL = @GL_GGL_GNULIB_EXECL@ +GL_GGL_GNULIB_EXECLE = @GL_GGL_GNULIB_EXECLE@ +GL_GGL_GNULIB_EXECLP = @GL_GGL_GNULIB_EXECLP@ +GL_GGL_GNULIB_EXECV = @GL_GGL_GNULIB_EXECV@ +GL_GGL_GNULIB_EXECVE = @GL_GGL_GNULIB_EXECVE@ +GL_GGL_GNULIB_EXECVP = @GL_GGL_GNULIB_EXECVP@ +GL_GGL_GNULIB_EXECVPE = @GL_GGL_GNULIB_EXECVPE@ +GL_GGL_GNULIB_EXPLICIT_BZERO = @GL_GGL_GNULIB_EXPLICIT_BZERO@ +GL_GGL_GNULIB_FACCESSAT = @GL_GGL_GNULIB_FACCESSAT@ +GL_GGL_GNULIB_FCHDIR = @GL_GGL_GNULIB_FCHDIR@ +GL_GGL_GNULIB_FCHMODAT = @GL_GGL_GNULIB_FCHMODAT@ +GL_GGL_GNULIB_FCHOWNAT = @GL_GGL_GNULIB_FCHOWNAT@ +GL_GGL_GNULIB_FCLOSE = @GL_GGL_GNULIB_FCLOSE@ +GL_GGL_GNULIB_FCNTL = @GL_GGL_GNULIB_FCNTL@ +GL_GGL_GNULIB_FDATASYNC = @GL_GGL_GNULIB_FDATASYNC@ +GL_GGL_GNULIB_FDOPEN = @GL_GGL_GNULIB_FDOPEN@ +GL_GGL_GNULIB_FFLUSH = @GL_GGL_GNULIB_FFLUSH@ +GL_GGL_GNULIB_FFS = @GL_GGL_GNULIB_FFS@ +GL_GGL_GNULIB_FFSL = @GL_GGL_GNULIB_FFSL@ +GL_GGL_GNULIB_FFSLL = @GL_GGL_GNULIB_FFSLL@ +GL_GGL_GNULIB_FGETC = @GL_GGL_GNULIB_FGETC@ +GL_GGL_GNULIB_FGETS = @GL_GGL_GNULIB_FGETS@ +GL_GGL_GNULIB_FOPEN = @GL_GGL_GNULIB_FOPEN@ +GL_GGL_GNULIB_FPRINTF = @GL_GGL_GNULIB_FPRINTF@ +GL_GGL_GNULIB_FPRINTF_POSIX = @GL_GGL_GNULIB_FPRINTF_POSIX@ +GL_GGL_GNULIB_FPURGE = @GL_GGL_GNULIB_FPURGE@ +GL_GGL_GNULIB_FPUTC = @GL_GGL_GNULIB_FPUTC@ +GL_GGL_GNULIB_FPUTS = @GL_GGL_GNULIB_FPUTS@ +GL_GGL_GNULIB_FREAD = @GL_GGL_GNULIB_FREAD@ +GL_GGL_GNULIB_FREE_POSIX = @GL_GGL_GNULIB_FREE_POSIX@ +GL_GGL_GNULIB_FREOPEN = @GL_GGL_GNULIB_FREOPEN@ +GL_GGL_GNULIB_FSCANF = @GL_GGL_GNULIB_FSCANF@ +GL_GGL_GNULIB_FSEEK = @GL_GGL_GNULIB_FSEEK@ +GL_GGL_GNULIB_FSEEKO = @GL_GGL_GNULIB_FSEEKO@ +GL_GGL_GNULIB_FSTAT = @GL_GGL_GNULIB_FSTAT@ +GL_GGL_GNULIB_FSTATAT = @GL_GGL_GNULIB_FSTATAT@ +GL_GGL_GNULIB_FSYNC = @GL_GGL_GNULIB_FSYNC@ +GL_GGL_GNULIB_FTELL = @GL_GGL_GNULIB_FTELL@ +GL_GGL_GNULIB_FTELLO = @GL_GGL_GNULIB_FTELLO@ +GL_GGL_GNULIB_FTRUNCATE = @GL_GGL_GNULIB_FTRUNCATE@ +GL_GGL_GNULIB_FUTIMENS = @GL_GGL_GNULIB_FUTIMENS@ +GL_GGL_GNULIB_FWRITE = @GL_GGL_GNULIB_FWRITE@ +GL_GGL_GNULIB_GETADDRINFO = @GL_GGL_GNULIB_GETADDRINFO@ +GL_GGL_GNULIB_GETC = @GL_GGL_GNULIB_GETC@ +GL_GGL_GNULIB_GETCHAR = @GL_GGL_GNULIB_GETCHAR@ +GL_GGL_GNULIB_GETCWD = @GL_GGL_GNULIB_GETCWD@ +GL_GGL_GNULIB_GETDELIM = @GL_GGL_GNULIB_GETDELIM@ +GL_GGL_GNULIB_GETDOMAINNAME = @GL_GGL_GNULIB_GETDOMAINNAME@ +GL_GGL_GNULIB_GETDTABLESIZE = @GL_GGL_GNULIB_GETDTABLESIZE@ +GL_GGL_GNULIB_GETENTROPY = @GL_GGL_GNULIB_GETENTROPY@ +GL_GGL_GNULIB_GETGROUPS = @GL_GGL_GNULIB_GETGROUPS@ +GL_GGL_GNULIB_GETHOSTNAME = @GL_GGL_GNULIB_GETHOSTNAME@ +GL_GGL_GNULIB_GETLINE = @GL_GGL_GNULIB_GETLINE@ +GL_GGL_GNULIB_GETLOADAVG = @GL_GGL_GNULIB_GETLOADAVG@ +GL_GGL_GNULIB_GETLOGIN = @GL_GGL_GNULIB_GETLOGIN@ +GL_GGL_GNULIB_GETLOGIN_R = @GL_GGL_GNULIB_GETLOGIN_R@ +GL_GGL_GNULIB_GETOPT_POSIX = @GL_GGL_GNULIB_GETOPT_POSIX@ +GL_GGL_GNULIB_GETPAGESIZE = @GL_GGL_GNULIB_GETPAGESIZE@ +GL_GGL_GNULIB_GETPASS = @GL_GGL_GNULIB_GETPASS@ +GL_GGL_GNULIB_GETPEERNAME = @GL_GGL_GNULIB_GETPEERNAME@ +GL_GGL_GNULIB_GETSOCKNAME = @GL_GGL_GNULIB_GETSOCKNAME@ +GL_GGL_GNULIB_GETSOCKOPT = @GL_GGL_GNULIB_GETSOCKOPT@ +GL_GGL_GNULIB_GETSUBOPT = @GL_GGL_GNULIB_GETSUBOPT@ +GL_GGL_GNULIB_GETTIMEOFDAY = @GL_GGL_GNULIB_GETTIMEOFDAY@ +GL_GGL_GNULIB_GETUMASK = @GL_GGL_GNULIB_GETUMASK@ +GL_GGL_GNULIB_GETUSERSHELL = @GL_GGL_GNULIB_GETUSERSHELL@ +GL_GGL_GNULIB_GRANTPT = @GL_GGL_GNULIB_GRANTPT@ +GL_GGL_GNULIB_GROUP_MEMBER = @GL_GGL_GNULIB_GROUP_MEMBER@ +GL_GGL_GNULIB_IMAXABS = @GL_GGL_GNULIB_IMAXABS@ +GL_GGL_GNULIB_IMAXDIV = @GL_GGL_GNULIB_IMAXDIV@ +GL_GGL_GNULIB_INET_NTOP = @GL_GGL_GNULIB_INET_NTOP@ +GL_GGL_GNULIB_INET_PTON = @GL_GGL_GNULIB_INET_PTON@ +GL_GGL_GNULIB_IOCTL = @GL_GGL_GNULIB_IOCTL@ +GL_GGL_GNULIB_ISATTY = @GL_GGL_GNULIB_ISATTY@ +GL_GGL_GNULIB_ISBLANK = @GL_GGL_GNULIB_ISBLANK@ +GL_GGL_GNULIB_LCHMOD = @GL_GGL_GNULIB_LCHMOD@ +GL_GGL_GNULIB_LCHOWN = @GL_GGL_GNULIB_LCHOWN@ +GL_GGL_GNULIB_LINK = @GL_GGL_GNULIB_LINK@ +GL_GGL_GNULIB_LINKAT = @GL_GGL_GNULIB_LINKAT@ +GL_GGL_GNULIB_LISTEN = @GL_GGL_GNULIB_LISTEN@ +GL_GGL_GNULIB_LOCALECONV = @GL_GGL_GNULIB_LOCALECONV@ +GL_GGL_GNULIB_LOCALENAME = @GL_GGL_GNULIB_LOCALENAME@ +GL_GGL_GNULIB_LOCALTIME = @GL_GGL_GNULIB_LOCALTIME@ +GL_GGL_GNULIB_LSEEK = @GL_GGL_GNULIB_LSEEK@ +GL_GGL_GNULIB_LSTAT = @GL_GGL_GNULIB_LSTAT@ +GL_GGL_GNULIB_MALLOC_POSIX = @GL_GGL_GNULIB_MALLOC_POSIX@ +GL_GGL_GNULIB_MBRLEN = @GL_GGL_GNULIB_MBRLEN@ +GL_GGL_GNULIB_MBRTOWC = @GL_GGL_GNULIB_MBRTOWC@ +GL_GGL_GNULIB_MBSCASECMP = @GL_GGL_GNULIB_MBSCASECMP@ +GL_GGL_GNULIB_MBSCASESTR = @GL_GGL_GNULIB_MBSCASESTR@ +GL_GGL_GNULIB_MBSCHR = @GL_GGL_GNULIB_MBSCHR@ +GL_GGL_GNULIB_MBSCSPN = @GL_GGL_GNULIB_MBSCSPN@ +GL_GGL_GNULIB_MBSINIT = @GL_GGL_GNULIB_MBSINIT@ +GL_GGL_GNULIB_MBSLEN = @GL_GGL_GNULIB_MBSLEN@ +GL_GGL_GNULIB_MBSNCASECMP = @GL_GGL_GNULIB_MBSNCASECMP@ +GL_GGL_GNULIB_MBSNLEN = @GL_GGL_GNULIB_MBSNLEN@ +GL_GGL_GNULIB_MBSNRTOWCS = @GL_GGL_GNULIB_MBSNRTOWCS@ +GL_GGL_GNULIB_MBSPBRK = @GL_GGL_GNULIB_MBSPBRK@ +GL_GGL_GNULIB_MBSPCASECMP = @GL_GGL_GNULIB_MBSPCASECMP@ +GL_GGL_GNULIB_MBSRCHR = @GL_GGL_GNULIB_MBSRCHR@ +GL_GGL_GNULIB_MBSRTOWCS = @GL_GGL_GNULIB_MBSRTOWCS@ +GL_GGL_GNULIB_MBSSEP = @GL_GGL_GNULIB_MBSSEP@ +GL_GGL_GNULIB_MBSSPN = @GL_GGL_GNULIB_MBSSPN@ +GL_GGL_GNULIB_MBSSTR = @GL_GGL_GNULIB_MBSSTR@ +GL_GGL_GNULIB_MBSTOK_R = @GL_GGL_GNULIB_MBSTOK_R@ +GL_GGL_GNULIB_MBTOWC = @GL_GGL_GNULIB_MBTOWC@ +GL_GGL_GNULIB_MDA_ACCESS = @GL_GGL_GNULIB_MDA_ACCESS@ +GL_GGL_GNULIB_MDA_CHDIR = @GL_GGL_GNULIB_MDA_CHDIR@ +GL_GGL_GNULIB_MDA_CHMOD = @GL_GGL_GNULIB_MDA_CHMOD@ +GL_GGL_GNULIB_MDA_CLOSE = @GL_GGL_GNULIB_MDA_CLOSE@ +GL_GGL_GNULIB_MDA_CREAT = @GL_GGL_GNULIB_MDA_CREAT@ +GL_GGL_GNULIB_MDA_DUP = @GL_GGL_GNULIB_MDA_DUP@ +GL_GGL_GNULIB_MDA_DUP2 = @GL_GGL_GNULIB_MDA_DUP2@ +GL_GGL_GNULIB_MDA_ECVT = @GL_GGL_GNULIB_MDA_ECVT@ +GL_GGL_GNULIB_MDA_EXECL = @GL_GGL_GNULIB_MDA_EXECL@ +GL_GGL_GNULIB_MDA_EXECLE = @GL_GGL_GNULIB_MDA_EXECLE@ +GL_GGL_GNULIB_MDA_EXECLP = @GL_GGL_GNULIB_MDA_EXECLP@ +GL_GGL_GNULIB_MDA_EXECV = @GL_GGL_GNULIB_MDA_EXECV@ +GL_GGL_GNULIB_MDA_EXECVE = @GL_GGL_GNULIB_MDA_EXECVE@ +GL_GGL_GNULIB_MDA_EXECVP = @GL_GGL_GNULIB_MDA_EXECVP@ +GL_GGL_GNULIB_MDA_EXECVPE = @GL_GGL_GNULIB_MDA_EXECVPE@ +GL_GGL_GNULIB_MDA_FCLOSEALL = @GL_GGL_GNULIB_MDA_FCLOSEALL@ +GL_GGL_GNULIB_MDA_FCVT = @GL_GGL_GNULIB_MDA_FCVT@ +GL_GGL_GNULIB_MDA_FDOPEN = @GL_GGL_GNULIB_MDA_FDOPEN@ +GL_GGL_GNULIB_MDA_FILENO = @GL_GGL_GNULIB_MDA_FILENO@ +GL_GGL_GNULIB_MDA_GCVT = @GL_GGL_GNULIB_MDA_GCVT@ +GL_GGL_GNULIB_MDA_GETCWD = @GL_GGL_GNULIB_MDA_GETCWD@ +GL_GGL_GNULIB_MDA_GETPID = @GL_GGL_GNULIB_MDA_GETPID@ +GL_GGL_GNULIB_MDA_GETW = @GL_GGL_GNULIB_MDA_GETW@ +GL_GGL_GNULIB_MDA_ISATTY = @GL_GGL_GNULIB_MDA_ISATTY@ +GL_GGL_GNULIB_MDA_LSEEK = @GL_GGL_GNULIB_MDA_LSEEK@ +GL_GGL_GNULIB_MDA_MEMCCPY = @GL_GGL_GNULIB_MDA_MEMCCPY@ +GL_GGL_GNULIB_MDA_MKDIR = @GL_GGL_GNULIB_MDA_MKDIR@ +GL_GGL_GNULIB_MDA_MKTEMP = @GL_GGL_GNULIB_MDA_MKTEMP@ +GL_GGL_GNULIB_MDA_OPEN = @GL_GGL_GNULIB_MDA_OPEN@ +GL_GGL_GNULIB_MDA_PUTENV = @GL_GGL_GNULIB_MDA_PUTENV@ +GL_GGL_GNULIB_MDA_PUTW = @GL_GGL_GNULIB_MDA_PUTW@ +GL_GGL_GNULIB_MDA_READ = @GL_GGL_GNULIB_MDA_READ@ +GL_GGL_GNULIB_MDA_RMDIR = @GL_GGL_GNULIB_MDA_RMDIR@ +GL_GGL_GNULIB_MDA_STRDUP = @GL_GGL_GNULIB_MDA_STRDUP@ +GL_GGL_GNULIB_MDA_SWAB = @GL_GGL_GNULIB_MDA_SWAB@ +GL_GGL_GNULIB_MDA_TEMPNAM = @GL_GGL_GNULIB_MDA_TEMPNAM@ +GL_GGL_GNULIB_MDA_TZSET = @GL_GGL_GNULIB_MDA_TZSET@ +GL_GGL_GNULIB_MDA_UMASK = @GL_GGL_GNULIB_MDA_UMASK@ +GL_GGL_GNULIB_MDA_UNLINK = @GL_GGL_GNULIB_MDA_UNLINK@ +GL_GGL_GNULIB_MDA_WCSDUP = @GL_GGL_GNULIB_MDA_WCSDUP@ +GL_GGL_GNULIB_MDA_WRITE = @GL_GGL_GNULIB_MDA_WRITE@ +GL_GGL_GNULIB_MEMCHR = @GL_GGL_GNULIB_MEMCHR@ +GL_GGL_GNULIB_MEMMEM = @GL_GGL_GNULIB_MEMMEM@ +GL_GGL_GNULIB_MEMPCPY = @GL_GGL_GNULIB_MEMPCPY@ +GL_GGL_GNULIB_MEMRCHR = @GL_GGL_GNULIB_MEMRCHR@ +GL_GGL_GNULIB_MKDIR = @GL_GGL_GNULIB_MKDIR@ +GL_GGL_GNULIB_MKDIRAT = @GL_GGL_GNULIB_MKDIRAT@ +GL_GGL_GNULIB_MKDTEMP = @GL_GGL_GNULIB_MKDTEMP@ +GL_GGL_GNULIB_MKFIFO = @GL_GGL_GNULIB_MKFIFO@ +GL_GGL_GNULIB_MKFIFOAT = @GL_GGL_GNULIB_MKFIFOAT@ +GL_GGL_GNULIB_MKNOD = @GL_GGL_GNULIB_MKNOD@ +GL_GGL_GNULIB_MKNODAT = @GL_GGL_GNULIB_MKNODAT@ +GL_GGL_GNULIB_MKOSTEMP = @GL_GGL_GNULIB_MKOSTEMP@ +GL_GGL_GNULIB_MKOSTEMPS = @GL_GGL_GNULIB_MKOSTEMPS@ +GL_GGL_GNULIB_MKSTEMP = @GL_GGL_GNULIB_MKSTEMP@ +GL_GGL_GNULIB_MKSTEMPS = @GL_GGL_GNULIB_MKSTEMPS@ +GL_GGL_GNULIB_MKTIME = @GL_GGL_GNULIB_MKTIME@ +GL_GGL_GNULIB_NANOSLEEP = @GL_GGL_GNULIB_NANOSLEEP@ +GL_GGL_GNULIB_NL_LANGINFO = @GL_GGL_GNULIB_NL_LANGINFO@ +GL_GGL_GNULIB_NONBLOCKING = @GL_GGL_GNULIB_NONBLOCKING@ +GL_GGL_GNULIB_OBSTACK_PRINTF = @GL_GGL_GNULIB_OBSTACK_PRINTF@ +GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX@ +GL_GGL_GNULIB_OPEN = @GL_GGL_GNULIB_OPEN@ +GL_GGL_GNULIB_OPENAT = @GL_GGL_GNULIB_OPENAT@ +GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT@ +GL_GGL_GNULIB_PCLOSE = @GL_GGL_GNULIB_PCLOSE@ +GL_GGL_GNULIB_PERROR = @GL_GGL_GNULIB_PERROR@ +GL_GGL_GNULIB_PIPE = @GL_GGL_GNULIB_PIPE@ +GL_GGL_GNULIB_PIPE2 = @GL_GGL_GNULIB_PIPE2@ +GL_GGL_GNULIB_POPEN = @GL_GGL_GNULIB_POPEN@ +GL_GGL_GNULIB_POSIX_MEMALIGN = @GL_GGL_GNULIB_POSIX_MEMALIGN@ +GL_GGL_GNULIB_POSIX_OPENPT = @GL_GGL_GNULIB_POSIX_OPENPT@ +GL_GGL_GNULIB_PREAD = @GL_GGL_GNULIB_PREAD@ +GL_GGL_GNULIB_PRINTF = @GL_GGL_GNULIB_PRINTF@ +GL_GGL_GNULIB_PRINTF_POSIX = @GL_GGL_GNULIB_PRINTF_POSIX@ +GL_GGL_GNULIB_PSELECT = @GL_GGL_GNULIB_PSELECT@ +GL_GGL_GNULIB_PTHREAD_COND = @GL_GGL_GNULIB_PTHREAD_COND@ +GL_GGL_GNULIB_PTHREAD_MUTEX = @GL_GGL_GNULIB_PTHREAD_MUTEX@ +GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK = @GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK@ +GL_GGL_GNULIB_PTHREAD_ONCE = @GL_GGL_GNULIB_PTHREAD_ONCE@ +GL_GGL_GNULIB_PTHREAD_RWLOCK = @GL_GGL_GNULIB_PTHREAD_RWLOCK@ +GL_GGL_GNULIB_PTHREAD_SIGMASK = @GL_GGL_GNULIB_PTHREAD_SIGMASK@ +GL_GGL_GNULIB_PTHREAD_SPIN = @GL_GGL_GNULIB_PTHREAD_SPIN@ +GL_GGL_GNULIB_PTHREAD_THREAD = @GL_GGL_GNULIB_PTHREAD_THREAD@ +GL_GGL_GNULIB_PTHREAD_TSS = @GL_GGL_GNULIB_PTHREAD_TSS@ +GL_GGL_GNULIB_PTSNAME = @GL_GGL_GNULIB_PTSNAME@ +GL_GGL_GNULIB_PTSNAME_R = @GL_GGL_GNULIB_PTSNAME_R@ +GL_GGL_GNULIB_PUTC = @GL_GGL_GNULIB_PUTC@ +GL_GGL_GNULIB_PUTCHAR = @GL_GGL_GNULIB_PUTCHAR@ +GL_GGL_GNULIB_PUTENV = @GL_GGL_GNULIB_PUTENV@ +GL_GGL_GNULIB_PUTS = @GL_GGL_GNULIB_PUTS@ +GL_GGL_GNULIB_PWRITE = @GL_GGL_GNULIB_PWRITE@ +GL_GGL_GNULIB_QSORT_R = @GL_GGL_GNULIB_QSORT_R@ +GL_GGL_GNULIB_RAISE = @GL_GGL_GNULIB_RAISE@ +GL_GGL_GNULIB_RANDOM = @GL_GGL_GNULIB_RANDOM@ +GL_GGL_GNULIB_RANDOM_R = @GL_GGL_GNULIB_RANDOM_R@ +GL_GGL_GNULIB_RAWMEMCHR = @GL_GGL_GNULIB_RAWMEMCHR@ +GL_GGL_GNULIB_READ = @GL_GGL_GNULIB_READ@ +GL_GGL_GNULIB_READLINK = @GL_GGL_GNULIB_READLINK@ +GL_GGL_GNULIB_READLINKAT = @GL_GGL_GNULIB_READLINKAT@ +GL_GGL_GNULIB_REALLOCARRAY = @GL_GGL_GNULIB_REALLOCARRAY@ +GL_GGL_GNULIB_REALLOC_POSIX = @GL_GGL_GNULIB_REALLOC_POSIX@ +GL_GGL_GNULIB_REALPATH = @GL_GGL_GNULIB_REALPATH@ +GL_GGL_GNULIB_RECV = @GL_GGL_GNULIB_RECV@ +GL_GGL_GNULIB_RECVFROM = @GL_GGL_GNULIB_RECVFROM@ +GL_GGL_GNULIB_REMOVE = @GL_GGL_GNULIB_REMOVE@ +GL_GGL_GNULIB_RENAME = @GL_GGL_GNULIB_RENAME@ +GL_GGL_GNULIB_RENAMEAT = @GL_GGL_GNULIB_RENAMEAT@ +GL_GGL_GNULIB_RMDIR = @GL_GGL_GNULIB_RMDIR@ +GL_GGL_GNULIB_RPMATCH = @GL_GGL_GNULIB_RPMATCH@ +GL_GGL_GNULIB_SCANF = @GL_GGL_GNULIB_SCANF@ +GL_GGL_GNULIB_SCHED_YIELD = @GL_GGL_GNULIB_SCHED_YIELD@ +GL_GGL_GNULIB_SECURE_GETENV = @GL_GGL_GNULIB_SECURE_GETENV@ +GL_GGL_GNULIB_SELECT = @GL_GGL_GNULIB_SELECT@ +GL_GGL_GNULIB_SEND = @GL_GGL_GNULIB_SEND@ +GL_GGL_GNULIB_SENDTO = @GL_GGL_GNULIB_SENDTO@ +GL_GGL_GNULIB_SETENV = @GL_GGL_GNULIB_SETENV@ +GL_GGL_GNULIB_SETHOSTNAME = @GL_GGL_GNULIB_SETHOSTNAME@ +GL_GGL_GNULIB_SETLOCALE = @GL_GGL_GNULIB_SETLOCALE@ +GL_GGL_GNULIB_SETLOCALE_NULL = @GL_GGL_GNULIB_SETLOCALE_NULL@ +GL_GGL_GNULIB_SETSOCKOPT = @GL_GGL_GNULIB_SETSOCKOPT@ +GL_GGL_GNULIB_SHUTDOWN = @GL_GGL_GNULIB_SHUTDOWN@ +GL_GGL_GNULIB_SIGABBREV_NP = @GL_GGL_GNULIB_SIGABBREV_NP@ +GL_GGL_GNULIB_SIGACTION = @GL_GGL_GNULIB_SIGACTION@ +GL_GGL_GNULIB_SIGDESCR_NP = @GL_GGL_GNULIB_SIGDESCR_NP@ +GL_GGL_GNULIB_SIGNAL_H_SIGPIPE = @GL_GGL_GNULIB_SIGNAL_H_SIGPIPE@ +GL_GGL_GNULIB_SIGPROCMASK = @GL_GGL_GNULIB_SIGPROCMASK@ +GL_GGL_GNULIB_SLEEP = @GL_GGL_GNULIB_SLEEP@ +GL_GGL_GNULIB_SNPRINTF = @GL_GGL_GNULIB_SNPRINTF@ +GL_GGL_GNULIB_SOCKET = @GL_GGL_GNULIB_SOCKET@ +GL_GGL_GNULIB_SPRINTF_POSIX = @GL_GGL_GNULIB_SPRINTF_POSIX@ +GL_GGL_GNULIB_STAT = @GL_GGL_GNULIB_STAT@ +GL_GGL_GNULIB_STDIO_H_NONBLOCKING = @GL_GGL_GNULIB_STDIO_H_NONBLOCKING@ +GL_GGL_GNULIB_STDIO_H_SIGPIPE = @GL_GGL_GNULIB_STDIO_H_SIGPIPE@ +GL_GGL_GNULIB_STPCPY = @GL_GGL_GNULIB_STPCPY@ +GL_GGL_GNULIB_STPNCPY = @GL_GGL_GNULIB_STPNCPY@ +GL_GGL_GNULIB_STRCASESTR = @GL_GGL_GNULIB_STRCASESTR@ +GL_GGL_GNULIB_STRCHRNUL = @GL_GGL_GNULIB_STRCHRNUL@ +GL_GGL_GNULIB_STRDUP = @GL_GGL_GNULIB_STRDUP@ +GL_GGL_GNULIB_STRERROR = @GL_GGL_GNULIB_STRERROR@ +GL_GGL_GNULIB_STRERRORNAME_NP = @GL_GGL_GNULIB_STRERRORNAME_NP@ +GL_GGL_GNULIB_STRERROR_R = @GL_GGL_GNULIB_STRERROR_R@ +GL_GGL_GNULIB_STRFTIME = @GL_GGL_GNULIB_STRFTIME@ +GL_GGL_GNULIB_STRNCAT = @GL_GGL_GNULIB_STRNCAT@ +GL_GGL_GNULIB_STRNDUP = @GL_GGL_GNULIB_STRNDUP@ +GL_GGL_GNULIB_STRNLEN = @GL_GGL_GNULIB_STRNLEN@ +GL_GGL_GNULIB_STRPBRK = @GL_GGL_GNULIB_STRPBRK@ +GL_GGL_GNULIB_STRPTIME = @GL_GGL_GNULIB_STRPTIME@ +GL_GGL_GNULIB_STRSEP = @GL_GGL_GNULIB_STRSEP@ +GL_GGL_GNULIB_STRSIGNAL = @GL_GGL_GNULIB_STRSIGNAL@ +GL_GGL_GNULIB_STRSTR = @GL_GGL_GNULIB_STRSTR@ +GL_GGL_GNULIB_STRTOD = @GL_GGL_GNULIB_STRTOD@ +GL_GGL_GNULIB_STRTOIMAX = @GL_GGL_GNULIB_STRTOIMAX@ +GL_GGL_GNULIB_STRTOK_R = @GL_GGL_GNULIB_STRTOK_R@ +GL_GGL_GNULIB_STRTOL = @GL_GGL_GNULIB_STRTOL@ +GL_GGL_GNULIB_STRTOLD = @GL_GGL_GNULIB_STRTOLD@ +GL_GGL_GNULIB_STRTOLL = @GL_GGL_GNULIB_STRTOLL@ +GL_GGL_GNULIB_STRTOUL = @GL_GGL_GNULIB_STRTOUL@ +GL_GGL_GNULIB_STRTOULL = @GL_GGL_GNULIB_STRTOULL@ +GL_GGL_GNULIB_STRTOUMAX = @GL_GGL_GNULIB_STRTOUMAX@ +GL_GGL_GNULIB_STRVERSCMP = @GL_GGL_GNULIB_STRVERSCMP@ +GL_GGL_GNULIB_SYMLINK = @GL_GGL_GNULIB_SYMLINK@ +GL_GGL_GNULIB_SYMLINKAT = @GL_GGL_GNULIB_SYMLINKAT@ +GL_GGL_GNULIB_SYSTEM_POSIX = @GL_GGL_GNULIB_SYSTEM_POSIX@ +GL_GGL_GNULIB_TIMEGM = @GL_GGL_GNULIB_TIMEGM@ +GL_GGL_GNULIB_TIMESPEC_GET = @GL_GGL_GNULIB_TIMESPEC_GET@ +GL_GGL_GNULIB_TIME_R = @GL_GGL_GNULIB_TIME_R@ +GL_GGL_GNULIB_TIME_RZ = @GL_GGL_GNULIB_TIME_RZ@ +GL_GGL_GNULIB_TMPFILE = @GL_GGL_GNULIB_TMPFILE@ +GL_GGL_GNULIB_TRUNCATE = @GL_GGL_GNULIB_TRUNCATE@ +GL_GGL_GNULIB_TTYNAME_R = @GL_GGL_GNULIB_TTYNAME_R@ +GL_GGL_GNULIB_TZSET = @GL_GGL_GNULIB_TZSET@ +GL_GGL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GGL_GNULIB_UNISTD_H_NONBLOCKING@ +GL_GGL_GNULIB_UNISTD_H_SIGPIPE = @GL_GGL_GNULIB_UNISTD_H_SIGPIPE@ +GL_GGL_GNULIB_UNLINK = @GL_GGL_GNULIB_UNLINK@ +GL_GGL_GNULIB_UNLINKAT = @GL_GGL_GNULIB_UNLINKAT@ +GL_GGL_GNULIB_UNLOCKPT = @GL_GGL_GNULIB_UNLOCKPT@ +GL_GGL_GNULIB_UNSETENV = @GL_GGL_GNULIB_UNSETENV@ +GL_GGL_GNULIB_USLEEP = @GL_GGL_GNULIB_USLEEP@ +GL_GGL_GNULIB_UTIMENSAT = @GL_GGL_GNULIB_UTIMENSAT@ +GL_GGL_GNULIB_VASPRINTF = @GL_GGL_GNULIB_VASPRINTF@ +GL_GGL_GNULIB_VDPRINTF = @GL_GGL_GNULIB_VDPRINTF@ +GL_GGL_GNULIB_VFPRINTF = @GL_GGL_GNULIB_VFPRINTF@ +GL_GGL_GNULIB_VFPRINTF_POSIX = @GL_GGL_GNULIB_VFPRINTF_POSIX@ +GL_GGL_GNULIB_VFSCANF = @GL_GGL_GNULIB_VFSCANF@ +GL_GGL_GNULIB_VPRINTF = @GL_GGL_GNULIB_VPRINTF@ +GL_GGL_GNULIB_VPRINTF_POSIX = @GL_GGL_GNULIB_VPRINTF_POSIX@ +GL_GGL_GNULIB_VSCANF = @GL_GGL_GNULIB_VSCANF@ +GL_GGL_GNULIB_VSNPRINTF = @GL_GGL_GNULIB_VSNPRINTF@ +GL_GGL_GNULIB_VSPRINTF_POSIX = @GL_GGL_GNULIB_VSPRINTF_POSIX@ +GL_GGL_GNULIB_WCPCPY = @GL_GGL_GNULIB_WCPCPY@ +GL_GGL_GNULIB_WCPNCPY = @GL_GGL_GNULIB_WCPNCPY@ +GL_GGL_GNULIB_WCRTOMB = @GL_GGL_GNULIB_WCRTOMB@ +GL_GGL_GNULIB_WCSCASECMP = @GL_GGL_GNULIB_WCSCASECMP@ +GL_GGL_GNULIB_WCSCAT = @GL_GGL_GNULIB_WCSCAT@ +GL_GGL_GNULIB_WCSCHR = @GL_GGL_GNULIB_WCSCHR@ +GL_GGL_GNULIB_WCSCMP = @GL_GGL_GNULIB_WCSCMP@ +GL_GGL_GNULIB_WCSCOLL = @GL_GGL_GNULIB_WCSCOLL@ +GL_GGL_GNULIB_WCSCPY = @GL_GGL_GNULIB_WCSCPY@ +GL_GGL_GNULIB_WCSCSPN = @GL_GGL_GNULIB_WCSCSPN@ +GL_GGL_GNULIB_WCSDUP = @GL_GGL_GNULIB_WCSDUP@ +GL_GGL_GNULIB_WCSFTIME = @GL_GGL_GNULIB_WCSFTIME@ +GL_GGL_GNULIB_WCSLEN = @GL_GGL_GNULIB_WCSLEN@ +GL_GGL_GNULIB_WCSNCASECMP = @GL_GGL_GNULIB_WCSNCASECMP@ +GL_GGL_GNULIB_WCSNCAT = @GL_GGL_GNULIB_WCSNCAT@ +GL_GGL_GNULIB_WCSNCMP = @GL_GGL_GNULIB_WCSNCMP@ +GL_GGL_GNULIB_WCSNCPY = @GL_GGL_GNULIB_WCSNCPY@ +GL_GGL_GNULIB_WCSNLEN = @GL_GGL_GNULIB_WCSNLEN@ +GL_GGL_GNULIB_WCSNRTOMBS = @GL_GGL_GNULIB_WCSNRTOMBS@ +GL_GGL_GNULIB_WCSPBRK = @GL_GGL_GNULIB_WCSPBRK@ +GL_GGL_GNULIB_WCSRCHR = @GL_GGL_GNULIB_WCSRCHR@ +GL_GGL_GNULIB_WCSRTOMBS = @GL_GGL_GNULIB_WCSRTOMBS@ +GL_GGL_GNULIB_WCSSPN = @GL_GGL_GNULIB_WCSSPN@ +GL_GGL_GNULIB_WCSSTR = @GL_GGL_GNULIB_WCSSTR@ +GL_GGL_GNULIB_WCSTOK = @GL_GGL_GNULIB_WCSTOK@ +GL_GGL_GNULIB_WCSWIDTH = @GL_GGL_GNULIB_WCSWIDTH@ +GL_GGL_GNULIB_WCSXFRM = @GL_GGL_GNULIB_WCSXFRM@ +GL_GGL_GNULIB_WCTOB = @GL_GGL_GNULIB_WCTOB@ +GL_GGL_GNULIB_WCTOMB = @GL_GGL_GNULIB_WCTOMB@ +GL_GGL_GNULIB_WCWIDTH = @GL_GGL_GNULIB_WCWIDTH@ +GL_GGL_GNULIB_WMEMCHR = @GL_GGL_GNULIB_WMEMCHR@ +GL_GGL_GNULIB_WMEMCMP = @GL_GGL_GNULIB_WMEMCMP@ +GL_GGL_GNULIB_WMEMCPY = @GL_GGL_GNULIB_WMEMCPY@ +GL_GGL_GNULIB_WMEMMOVE = @GL_GGL_GNULIB_WMEMMOVE@ +GL_GGL_GNULIB_WMEMPCPY = @GL_GGL_GNULIB_WMEMPCPY@ +GL_GGL_GNULIB_WMEMSET = @GL_GGL_GNULIB_WMEMSET@ +GL_GGL_GNULIB_WRITE = @GL_GGL_GNULIB_WRITE@ +GL_GGL_GNULIB__EXIT = @GL_GGL_GNULIB__EXIT@ +GL_GNULIB_ACCEPT = @GL_GNULIB_ACCEPT@ +GL_GNULIB_ACCEPT4 = @GL_GNULIB_ACCEPT4@ +GL_GNULIB_ACCESS = @GL_GNULIB_ACCESS@ +GL_GNULIB_ALIGNED_ALLOC = @GL_GNULIB_ALIGNED_ALLOC@ +GL_GNULIB_ATOLL = @GL_GNULIB_ATOLL@ +GL_GNULIB_BIND = @GL_GNULIB_BIND@ +GL_GNULIB_BTOWC = @GL_GNULIB_BTOWC@ +GL_GNULIB_CALLOC_POSIX = @GL_GNULIB_CALLOC_POSIX@ +GL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GNULIB_CANONICALIZE_FILE_NAME@ +GL_GNULIB_CHDIR = @GL_GNULIB_CHDIR@ +GL_GNULIB_CHOWN = @GL_GNULIB_CHOWN@ +GL_GNULIB_CLOSE = @GL_GNULIB_CLOSE@ +GL_GNULIB_CONNECT = @GL_GNULIB_CONNECT@ +GL_GNULIB_COPY_FILE_RANGE = @GL_GNULIB_COPY_FILE_RANGE@ +GL_GNULIB_CREAT = @GL_GNULIB_CREAT@ +GL_GNULIB_CTIME = @GL_GNULIB_CTIME@ +GL_GNULIB_DPRINTF = @GL_GNULIB_DPRINTF@ +GL_GNULIB_DUP = @GL_GNULIB_DUP@ +GL_GNULIB_DUP2 = @GL_GNULIB_DUP2@ +GL_GNULIB_DUP3 = @GL_GNULIB_DUP3@ +GL_GNULIB_ENVIRON = @GL_GNULIB_ENVIRON@ +GL_GNULIB_EUIDACCESS = @GL_GNULIB_EUIDACCESS@ +GL_GNULIB_EXECL = @GL_GNULIB_EXECL@ +GL_GNULIB_EXECLE = @GL_GNULIB_EXECLE@ +GL_GNULIB_EXECLP = @GL_GNULIB_EXECLP@ +GL_GNULIB_EXECV = @GL_GNULIB_EXECV@ +GL_GNULIB_EXECVE = @GL_GNULIB_EXECVE@ +GL_GNULIB_EXECVP = @GL_GNULIB_EXECVP@ +GL_GNULIB_EXECVPE = @GL_GNULIB_EXECVPE@ +GL_GNULIB_EXPLICIT_BZERO = @GL_GNULIB_EXPLICIT_BZERO@ +GL_GNULIB_FACCESSAT = @GL_GNULIB_FACCESSAT@ +GL_GNULIB_FCHDIR = @GL_GNULIB_FCHDIR@ +GL_GNULIB_FCHMODAT = @GL_GNULIB_FCHMODAT@ +GL_GNULIB_FCHOWNAT = @GL_GNULIB_FCHOWNAT@ +GL_GNULIB_FCLOSE = @GL_GNULIB_FCLOSE@ +GL_GNULIB_FCNTL = @GL_GNULIB_FCNTL@ +GL_GNULIB_FDATASYNC = @GL_GNULIB_FDATASYNC@ +GL_GNULIB_FDOPEN = @GL_GNULIB_FDOPEN@ +GL_GNULIB_FFLUSH = @GL_GNULIB_FFLUSH@ +GL_GNULIB_FFS = @GL_GNULIB_FFS@ +GL_GNULIB_FFSL = @GL_GNULIB_FFSL@ +GL_GNULIB_FFSLL = @GL_GNULIB_FFSLL@ +GL_GNULIB_FGETC = @GL_GNULIB_FGETC@ +GL_GNULIB_FGETS = @GL_GNULIB_FGETS@ +GL_GNULIB_FOPEN = @GL_GNULIB_FOPEN@ +GL_GNULIB_FPRINTF = @GL_GNULIB_FPRINTF@ +GL_GNULIB_FPRINTF_POSIX = @GL_GNULIB_FPRINTF_POSIX@ +GL_GNULIB_FPURGE = @GL_GNULIB_FPURGE@ +GL_GNULIB_FPUTC = @GL_GNULIB_FPUTC@ +GL_GNULIB_FPUTS = @GL_GNULIB_FPUTS@ +GL_GNULIB_FREAD = @GL_GNULIB_FREAD@ +GL_GNULIB_FREE_POSIX = @GL_GNULIB_FREE_POSIX@ +GL_GNULIB_FREOPEN = @GL_GNULIB_FREOPEN@ +GL_GNULIB_FSCANF = @GL_GNULIB_FSCANF@ +GL_GNULIB_FSEEK = @GL_GNULIB_FSEEK@ +GL_GNULIB_FSEEKO = @GL_GNULIB_FSEEKO@ +GL_GNULIB_FSTAT = @GL_GNULIB_FSTAT@ +GL_GNULIB_FSTATAT = @GL_GNULIB_FSTATAT@ +GL_GNULIB_FSYNC = @GL_GNULIB_FSYNC@ +GL_GNULIB_FTELL = @GL_GNULIB_FTELL@ +GL_GNULIB_FTELLO = @GL_GNULIB_FTELLO@ +GL_GNULIB_FTRUNCATE = @GL_GNULIB_FTRUNCATE@ +GL_GNULIB_FUTIMENS = @GL_GNULIB_FUTIMENS@ +GL_GNULIB_FWRITE = @GL_GNULIB_FWRITE@ +GL_GNULIB_GETADDRINFO = @GL_GNULIB_GETADDRINFO@ +GL_GNULIB_GETC = @GL_GNULIB_GETC@ +GL_GNULIB_GETCHAR = @GL_GNULIB_GETCHAR@ +GL_GNULIB_GETCWD = @GL_GNULIB_GETCWD@ +GL_GNULIB_GETDELIM = @GL_GNULIB_GETDELIM@ +GL_GNULIB_GETDOMAINNAME = @GL_GNULIB_GETDOMAINNAME@ +GL_GNULIB_GETDTABLESIZE = @GL_GNULIB_GETDTABLESIZE@ +GL_GNULIB_GETENTROPY = @GL_GNULIB_GETENTROPY@ +GL_GNULIB_GETGROUPS = @GL_GNULIB_GETGROUPS@ +GL_GNULIB_GETHOSTNAME = @GL_GNULIB_GETHOSTNAME@ +GL_GNULIB_GETLINE = @GL_GNULIB_GETLINE@ +GL_GNULIB_GETLOADAVG = @GL_GNULIB_GETLOADAVG@ +GL_GNULIB_GETLOGIN = @GL_GNULIB_GETLOGIN@ +GL_GNULIB_GETLOGIN_R = @GL_GNULIB_GETLOGIN_R@ +GL_GNULIB_GETOPT_POSIX = @GL_GNULIB_GETOPT_POSIX@ +GL_GNULIB_GETPAGESIZE = @GL_GNULIB_GETPAGESIZE@ +GL_GNULIB_GETPASS = @GL_GNULIB_GETPASS@ +GL_GNULIB_GETPEERNAME = @GL_GNULIB_GETPEERNAME@ +GL_GNULIB_GETSOCKNAME = @GL_GNULIB_GETSOCKNAME@ +GL_GNULIB_GETSOCKOPT = @GL_GNULIB_GETSOCKOPT@ +GL_GNULIB_GETSUBOPT = @GL_GNULIB_GETSUBOPT@ +GL_GNULIB_GETTIMEOFDAY = @GL_GNULIB_GETTIMEOFDAY@ +GL_GNULIB_GETUMASK = @GL_GNULIB_GETUMASK@ +GL_GNULIB_GETUSERSHELL = @GL_GNULIB_GETUSERSHELL@ +GL_GNULIB_GRANTPT = @GL_GNULIB_GRANTPT@ +GL_GNULIB_GROUP_MEMBER = @GL_GNULIB_GROUP_MEMBER@ +GL_GNULIB_IMAXABS = @GL_GNULIB_IMAXABS@ +GL_GNULIB_IMAXDIV = @GL_GNULIB_IMAXDIV@ +GL_GNULIB_INET_NTOP = @GL_GNULIB_INET_NTOP@ +GL_GNULIB_INET_PTON = @GL_GNULIB_INET_PTON@ +GL_GNULIB_ISATTY = @GL_GNULIB_ISATTY@ +GL_GNULIB_LCHMOD = @GL_GNULIB_LCHMOD@ +GL_GNULIB_LCHOWN = @GL_GNULIB_LCHOWN@ +GL_GNULIB_LINK = @GL_GNULIB_LINK@ +GL_GNULIB_LINKAT = @GL_GNULIB_LINKAT@ +GL_GNULIB_LISTEN = @GL_GNULIB_LISTEN@ +GL_GNULIB_LOCALTIME = @GL_GNULIB_LOCALTIME@ +GL_GNULIB_LSEEK = @GL_GNULIB_LSEEK@ +GL_GNULIB_LSTAT = @GL_GNULIB_LSTAT@ +GL_GNULIB_MALLOC_POSIX = @GL_GNULIB_MALLOC_POSIX@ +GL_GNULIB_MBRLEN = @GL_GNULIB_MBRLEN@ +GL_GNULIB_MBRTOWC = @GL_GNULIB_MBRTOWC@ +GL_GNULIB_MBSCASECMP = @GL_GNULIB_MBSCASECMP@ +GL_GNULIB_MBSCASESTR = @GL_GNULIB_MBSCASESTR@ +GL_GNULIB_MBSCHR = @GL_GNULIB_MBSCHR@ +GL_GNULIB_MBSCSPN = @GL_GNULIB_MBSCSPN@ +GL_GNULIB_MBSINIT = @GL_GNULIB_MBSINIT@ +GL_GNULIB_MBSLEN = @GL_GNULIB_MBSLEN@ +GL_GNULIB_MBSNCASECMP = @GL_GNULIB_MBSNCASECMP@ +GL_GNULIB_MBSNLEN = @GL_GNULIB_MBSNLEN@ +GL_GNULIB_MBSNRTOWCS = @GL_GNULIB_MBSNRTOWCS@ +GL_GNULIB_MBSPBRK = @GL_GNULIB_MBSPBRK@ +GL_GNULIB_MBSPCASECMP = @GL_GNULIB_MBSPCASECMP@ +GL_GNULIB_MBSRCHR = @GL_GNULIB_MBSRCHR@ +GL_GNULIB_MBSRTOWCS = @GL_GNULIB_MBSRTOWCS@ +GL_GNULIB_MBSSEP = @GL_GNULIB_MBSSEP@ +GL_GNULIB_MBSSPN = @GL_GNULIB_MBSSPN@ +GL_GNULIB_MBSSTR = @GL_GNULIB_MBSSTR@ +GL_GNULIB_MBSTOK_R = @GL_GNULIB_MBSTOK_R@ +GL_GNULIB_MBTOWC = @GL_GNULIB_MBTOWC@ +GL_GNULIB_MDA_ACCESS = @GL_GNULIB_MDA_ACCESS@ +GL_GNULIB_MDA_CHDIR = @GL_GNULIB_MDA_CHDIR@ +GL_GNULIB_MDA_CHMOD = @GL_GNULIB_MDA_CHMOD@ +GL_GNULIB_MDA_CLOSE = @GL_GNULIB_MDA_CLOSE@ +GL_GNULIB_MDA_CREAT = @GL_GNULIB_MDA_CREAT@ +GL_GNULIB_MDA_DUP = @GL_GNULIB_MDA_DUP@ +GL_GNULIB_MDA_DUP2 = @GL_GNULIB_MDA_DUP2@ +GL_GNULIB_MDA_ECVT = @GL_GNULIB_MDA_ECVT@ +GL_GNULIB_MDA_EXECL = @GL_GNULIB_MDA_EXECL@ +GL_GNULIB_MDA_EXECLE = @GL_GNULIB_MDA_EXECLE@ +GL_GNULIB_MDA_EXECLP = @GL_GNULIB_MDA_EXECLP@ +GL_GNULIB_MDA_EXECV = @GL_GNULIB_MDA_EXECV@ +GL_GNULIB_MDA_EXECVE = @GL_GNULIB_MDA_EXECVE@ +GL_GNULIB_MDA_EXECVP = @GL_GNULIB_MDA_EXECVP@ +GL_GNULIB_MDA_EXECVPE = @GL_GNULIB_MDA_EXECVPE@ +GL_GNULIB_MDA_FCLOSEALL = @GL_GNULIB_MDA_FCLOSEALL@ +GL_GNULIB_MDA_FCVT = @GL_GNULIB_MDA_FCVT@ +GL_GNULIB_MDA_FDOPEN = @GL_GNULIB_MDA_FDOPEN@ +GL_GNULIB_MDA_FILENO = @GL_GNULIB_MDA_FILENO@ +GL_GNULIB_MDA_GCVT = @GL_GNULIB_MDA_GCVT@ +GL_GNULIB_MDA_GETCWD = @GL_GNULIB_MDA_GETCWD@ +GL_GNULIB_MDA_GETPID = @GL_GNULIB_MDA_GETPID@ +GL_GNULIB_MDA_GETW = @GL_GNULIB_MDA_GETW@ +GL_GNULIB_MDA_ISATTY = @GL_GNULIB_MDA_ISATTY@ +GL_GNULIB_MDA_LSEEK = @GL_GNULIB_MDA_LSEEK@ +GL_GNULIB_MDA_MEMCCPY = @GL_GNULIB_MDA_MEMCCPY@ +GL_GNULIB_MDA_MKDIR = @GL_GNULIB_MDA_MKDIR@ +GL_GNULIB_MDA_MKTEMP = @GL_GNULIB_MDA_MKTEMP@ +GL_GNULIB_MDA_OPEN = @GL_GNULIB_MDA_OPEN@ +GL_GNULIB_MDA_PUTENV = @GL_GNULIB_MDA_PUTENV@ +GL_GNULIB_MDA_PUTW = @GL_GNULIB_MDA_PUTW@ +GL_GNULIB_MDA_READ = @GL_GNULIB_MDA_READ@ +GL_GNULIB_MDA_RMDIR = @GL_GNULIB_MDA_RMDIR@ +GL_GNULIB_MDA_STRDUP = @GL_GNULIB_MDA_STRDUP@ +GL_GNULIB_MDA_SWAB = @GL_GNULIB_MDA_SWAB@ +GL_GNULIB_MDA_TEMPNAM = @GL_GNULIB_MDA_TEMPNAM@ +GL_GNULIB_MDA_TZSET = @GL_GNULIB_MDA_TZSET@ +GL_GNULIB_MDA_UMASK = @GL_GNULIB_MDA_UMASK@ +GL_GNULIB_MDA_UNLINK = @GL_GNULIB_MDA_UNLINK@ +GL_GNULIB_MDA_WCSDUP = @GL_GNULIB_MDA_WCSDUP@ +GL_GNULIB_MDA_WRITE = @GL_GNULIB_MDA_WRITE@ +GL_GNULIB_MEMCHR = @GL_GNULIB_MEMCHR@ +GL_GNULIB_MEMMEM = @GL_GNULIB_MEMMEM@ +GL_GNULIB_MEMPCPY = @GL_GNULIB_MEMPCPY@ +GL_GNULIB_MEMRCHR = @GL_GNULIB_MEMRCHR@ +GL_GNULIB_MKDIR = @GL_GNULIB_MKDIR@ +GL_GNULIB_MKDIRAT = @GL_GNULIB_MKDIRAT@ +GL_GNULIB_MKDTEMP = @GL_GNULIB_MKDTEMP@ +GL_GNULIB_MKFIFO = @GL_GNULIB_MKFIFO@ +GL_GNULIB_MKFIFOAT = @GL_GNULIB_MKFIFOAT@ +GL_GNULIB_MKNOD = @GL_GNULIB_MKNOD@ +GL_GNULIB_MKNODAT = @GL_GNULIB_MKNODAT@ +GL_GNULIB_MKOSTEMP = @GL_GNULIB_MKOSTEMP@ +GL_GNULIB_MKOSTEMPS = @GL_GNULIB_MKOSTEMPS@ +GL_GNULIB_MKSTEMP = @GL_GNULIB_MKSTEMP@ +GL_GNULIB_MKSTEMPS = @GL_GNULIB_MKSTEMPS@ +GL_GNULIB_MKTIME = @GL_GNULIB_MKTIME@ +GL_GNULIB_NANOSLEEP = @GL_GNULIB_NANOSLEEP@ +GL_GNULIB_NONBLOCKING = @GL_GNULIB_NONBLOCKING@ +GL_GNULIB_OBSTACK_PRINTF = @GL_GNULIB_OBSTACK_PRINTF@ +GL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GNULIB_OBSTACK_PRINTF_POSIX@ +GL_GNULIB_OPEN = @GL_GNULIB_OPEN@ +GL_GNULIB_OPENAT = @GL_GNULIB_OPENAT@ +GL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GNULIB_OVERRIDES_STRUCT_STAT@ +GL_GNULIB_PCLOSE = @GL_GNULIB_PCLOSE@ +GL_GNULIB_PERROR = @GL_GNULIB_PERROR@ +GL_GNULIB_PIPE = @GL_GNULIB_PIPE@ +GL_GNULIB_PIPE2 = @GL_GNULIB_PIPE2@ +GL_GNULIB_POPEN = @GL_GNULIB_POPEN@ +GL_GNULIB_POSIX_MEMALIGN = @GL_GNULIB_POSIX_MEMALIGN@ +GL_GNULIB_POSIX_OPENPT = @GL_GNULIB_POSIX_OPENPT@ +GL_GNULIB_PREAD = @GL_GNULIB_PREAD@ +GL_GNULIB_PRINTF = @GL_GNULIB_PRINTF@ +GL_GNULIB_PRINTF_POSIX = @GL_GNULIB_PRINTF_POSIX@ +GL_GNULIB_PTSNAME = @GL_GNULIB_PTSNAME@ +GL_GNULIB_PTSNAME_R = @GL_GNULIB_PTSNAME_R@ +GL_GNULIB_PUTC = @GL_GNULIB_PUTC@ +GL_GNULIB_PUTCHAR = @GL_GNULIB_PUTCHAR@ +GL_GNULIB_PUTENV = @GL_GNULIB_PUTENV@ +GL_GNULIB_PUTS = @GL_GNULIB_PUTS@ +GL_GNULIB_PWRITE = @GL_GNULIB_PWRITE@ +GL_GNULIB_QSORT_R = @GL_GNULIB_QSORT_R@ +GL_GNULIB_RANDOM = @GL_GNULIB_RANDOM@ +GL_GNULIB_RANDOM_R = @GL_GNULIB_RANDOM_R@ +GL_GNULIB_RAWMEMCHR = @GL_GNULIB_RAWMEMCHR@ +GL_GNULIB_READ = @GL_GNULIB_READ@ +GL_GNULIB_READLINK = @GL_GNULIB_READLINK@ +GL_GNULIB_READLINKAT = @GL_GNULIB_READLINKAT@ +GL_GNULIB_REALLOCARRAY = @GL_GNULIB_REALLOCARRAY@ +GL_GNULIB_REALLOC_POSIX = @GL_GNULIB_REALLOC_POSIX@ +GL_GNULIB_REALPATH = @GL_GNULIB_REALPATH@ +GL_GNULIB_RECV = @GL_GNULIB_RECV@ +GL_GNULIB_RECVFROM = @GL_GNULIB_RECVFROM@ +GL_GNULIB_REMOVE = @GL_GNULIB_REMOVE@ +GL_GNULIB_RENAME = @GL_GNULIB_RENAME@ +GL_GNULIB_RENAMEAT = @GL_GNULIB_RENAMEAT@ +GL_GNULIB_RMDIR = @GL_GNULIB_RMDIR@ +GL_GNULIB_RPMATCH = @GL_GNULIB_RPMATCH@ +GL_GNULIB_SCANF = @GL_GNULIB_SCANF@ +GL_GNULIB_SECURE_GETENV = @GL_GNULIB_SECURE_GETENV@ +GL_GNULIB_SEND = @GL_GNULIB_SEND@ +GL_GNULIB_SENDTO = @GL_GNULIB_SENDTO@ +GL_GNULIB_SETENV = @GL_GNULIB_SETENV@ +GL_GNULIB_SETHOSTNAME = @GL_GNULIB_SETHOSTNAME@ +GL_GNULIB_SETSOCKOPT = @GL_GNULIB_SETSOCKOPT@ +GL_GNULIB_SHUTDOWN = @GL_GNULIB_SHUTDOWN@ +GL_GNULIB_SIGABBREV_NP = @GL_GNULIB_SIGABBREV_NP@ +GL_GNULIB_SIGDESCR_NP = @GL_GNULIB_SIGDESCR_NP@ +GL_GNULIB_SLEEP = @GL_GNULIB_SLEEP@ +GL_GNULIB_SNPRINTF = @GL_GNULIB_SNPRINTF@ +GL_GNULIB_SOCKET = @GL_GNULIB_SOCKET@ +GL_GNULIB_SPRINTF_POSIX = @GL_GNULIB_SPRINTF_POSIX@ +GL_GNULIB_STAT = @GL_GNULIB_STAT@ +GL_GNULIB_STDIO_H_NONBLOCKING = @GL_GNULIB_STDIO_H_NONBLOCKING@ +GL_GNULIB_STDIO_H_SIGPIPE = @GL_GNULIB_STDIO_H_SIGPIPE@ +GL_GNULIB_STPCPY = @GL_GNULIB_STPCPY@ +GL_GNULIB_STPNCPY = @GL_GNULIB_STPNCPY@ +GL_GNULIB_STRCASESTR = @GL_GNULIB_STRCASESTR@ +GL_GNULIB_STRCHRNUL = @GL_GNULIB_STRCHRNUL@ +GL_GNULIB_STRDUP = @GL_GNULIB_STRDUP@ +GL_GNULIB_STRERROR = @GL_GNULIB_STRERROR@ +GL_GNULIB_STRERRORNAME_NP = @GL_GNULIB_STRERRORNAME_NP@ +GL_GNULIB_STRERROR_R = @GL_GNULIB_STRERROR_R@ +GL_GNULIB_STRFTIME = @GL_GNULIB_STRFTIME@ +GL_GNULIB_STRNCAT = @GL_GNULIB_STRNCAT@ +GL_GNULIB_STRNDUP = @GL_GNULIB_STRNDUP@ +GL_GNULIB_STRNLEN = @GL_GNULIB_STRNLEN@ +GL_GNULIB_STRPBRK = @GL_GNULIB_STRPBRK@ +GL_GNULIB_STRPTIME = @GL_GNULIB_STRPTIME@ +GL_GNULIB_STRSEP = @GL_GNULIB_STRSEP@ +GL_GNULIB_STRSIGNAL = @GL_GNULIB_STRSIGNAL@ +GL_GNULIB_STRSTR = @GL_GNULIB_STRSTR@ +GL_GNULIB_STRTOD = @GL_GNULIB_STRTOD@ +GL_GNULIB_STRTOIMAX = @GL_GNULIB_STRTOIMAX@ +GL_GNULIB_STRTOK_R = @GL_GNULIB_STRTOK_R@ +GL_GNULIB_STRTOL = @GL_GNULIB_STRTOL@ +GL_GNULIB_STRTOLD = @GL_GNULIB_STRTOLD@ +GL_GNULIB_STRTOLL = @GL_GNULIB_STRTOLL@ +GL_GNULIB_STRTOUL = @GL_GNULIB_STRTOUL@ +GL_GNULIB_STRTOULL = @GL_GNULIB_STRTOULL@ +GL_GNULIB_STRTOUMAX = @GL_GNULIB_STRTOUMAX@ +GL_GNULIB_STRVERSCMP = @GL_GNULIB_STRVERSCMP@ +GL_GNULIB_SYMLINK = @GL_GNULIB_SYMLINK@ +GL_GNULIB_SYMLINKAT = @GL_GNULIB_SYMLINKAT@ +GL_GNULIB_SYSTEM_POSIX = @GL_GNULIB_SYSTEM_POSIX@ +GL_GNULIB_TIMEGM = @GL_GNULIB_TIMEGM@ +GL_GNULIB_TIMESPEC_GET = @GL_GNULIB_TIMESPEC_GET@ +GL_GNULIB_TIME_R = @GL_GNULIB_TIME_R@ +GL_GNULIB_TIME_RZ = @GL_GNULIB_TIME_RZ@ +GL_GNULIB_TMPFILE = @GL_GNULIB_TMPFILE@ +GL_GNULIB_TRUNCATE = @GL_GNULIB_TRUNCATE@ +GL_GNULIB_TTYNAME_R = @GL_GNULIB_TTYNAME_R@ +GL_GNULIB_TZSET = @GL_GNULIB_TZSET@ +GL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GNULIB_UNISTD_H_NONBLOCKING@ +GL_GNULIB_UNISTD_H_SIGPIPE = @GL_GNULIB_UNISTD_H_SIGPIPE@ +GL_GNULIB_UNLINK = @GL_GNULIB_UNLINK@ +GL_GNULIB_UNLINKAT = @GL_GNULIB_UNLINKAT@ +GL_GNULIB_UNLOCKPT = @GL_GNULIB_UNLOCKPT@ +GL_GNULIB_UNSETENV = @GL_GNULIB_UNSETENV@ +GL_GNULIB_USLEEP = @GL_GNULIB_USLEEP@ +GL_GNULIB_UTIMENSAT = @GL_GNULIB_UTIMENSAT@ +GL_GNULIB_VASPRINTF = @GL_GNULIB_VASPRINTF@ +GL_GNULIB_VDPRINTF = @GL_GNULIB_VDPRINTF@ +GL_GNULIB_VFPRINTF = @GL_GNULIB_VFPRINTF@ +GL_GNULIB_VFPRINTF_POSIX = @GL_GNULIB_VFPRINTF_POSIX@ +GL_GNULIB_VFSCANF = @GL_GNULIB_VFSCANF@ +GL_GNULIB_VPRINTF = @GL_GNULIB_VPRINTF@ +GL_GNULIB_VPRINTF_POSIX = @GL_GNULIB_VPRINTF_POSIX@ +GL_GNULIB_VSCANF = @GL_GNULIB_VSCANF@ +GL_GNULIB_VSNPRINTF = @GL_GNULIB_VSNPRINTF@ +GL_GNULIB_VSPRINTF_POSIX = @GL_GNULIB_VSPRINTF_POSIX@ +GL_GNULIB_WCPCPY = @GL_GNULIB_WCPCPY@ +GL_GNULIB_WCPNCPY = @GL_GNULIB_WCPNCPY@ +GL_GNULIB_WCRTOMB = @GL_GNULIB_WCRTOMB@ +GL_GNULIB_WCSCASECMP = @GL_GNULIB_WCSCASECMP@ +GL_GNULIB_WCSCAT = @GL_GNULIB_WCSCAT@ +GL_GNULIB_WCSCHR = @GL_GNULIB_WCSCHR@ +GL_GNULIB_WCSCMP = @GL_GNULIB_WCSCMP@ +GL_GNULIB_WCSCOLL = @GL_GNULIB_WCSCOLL@ +GL_GNULIB_WCSCPY = @GL_GNULIB_WCSCPY@ +GL_GNULIB_WCSCSPN = @GL_GNULIB_WCSCSPN@ +GL_GNULIB_WCSDUP = @GL_GNULIB_WCSDUP@ +GL_GNULIB_WCSFTIME = @GL_GNULIB_WCSFTIME@ +GL_GNULIB_WCSLEN = @GL_GNULIB_WCSLEN@ +GL_GNULIB_WCSNCASECMP = @GL_GNULIB_WCSNCASECMP@ +GL_GNULIB_WCSNCAT = @GL_GNULIB_WCSNCAT@ +GL_GNULIB_WCSNCMP = @GL_GNULIB_WCSNCMP@ +GL_GNULIB_WCSNCPY = @GL_GNULIB_WCSNCPY@ +GL_GNULIB_WCSNLEN = @GL_GNULIB_WCSNLEN@ +GL_GNULIB_WCSNRTOMBS = @GL_GNULIB_WCSNRTOMBS@ +GL_GNULIB_WCSPBRK = @GL_GNULIB_WCSPBRK@ +GL_GNULIB_WCSRCHR = @GL_GNULIB_WCSRCHR@ +GL_GNULIB_WCSRTOMBS = @GL_GNULIB_WCSRTOMBS@ +GL_GNULIB_WCSSPN = @GL_GNULIB_WCSSPN@ +GL_GNULIB_WCSSTR = @GL_GNULIB_WCSSTR@ +GL_GNULIB_WCSTOK = @GL_GNULIB_WCSTOK@ +GL_GNULIB_WCSWIDTH = @GL_GNULIB_WCSWIDTH@ +GL_GNULIB_WCSXFRM = @GL_GNULIB_WCSXFRM@ +GL_GNULIB_WCTOB = @GL_GNULIB_WCTOB@ +GL_GNULIB_WCTOMB = @GL_GNULIB_WCTOMB@ +GL_GNULIB_WCWIDTH = @GL_GNULIB_WCWIDTH@ +GL_GNULIB_WMEMCHR = @GL_GNULIB_WMEMCHR@ +GL_GNULIB_WMEMCMP = @GL_GNULIB_WMEMCMP@ +GL_GNULIB_WMEMCPY = @GL_GNULIB_WMEMCPY@ +GL_GNULIB_WMEMMOVE = @GL_GNULIB_WMEMMOVE@ +GL_GNULIB_WMEMPCPY = @GL_GNULIB_WMEMPCPY@ +GL_GNULIB_WMEMSET = @GL_GNULIB_WMEMSET@ +GL_GNULIB_WRITE = @GL_GNULIB_WRITE@ +GL_GNULIB__EXIT = @GL_GNULIB__EXIT@ +GMP_CFLAGS = @GMP_CFLAGS@ +GMP_LIBS = @GMP_LIBS@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNULIBHEADERS_OVERRIDE_WINT_T = @GNULIBHEADERS_OVERRIDE_WINT_T@ +GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@ +GNUTLS_LIBS_PRIVATE = @GNUTLS_LIBS_PRIVATE@ +GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@ +GPERF = @GPERF@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GUILD = @GUILD@ +GUILE = @GUILE@ +GUILE_CFLAGS = @GUILE_CFLAGS@ +GUILE_CONFIG = @GUILE_CONFIG@ +GUILE_EFFECTIVE_VERSION = @GUILE_EFFECTIVE_VERSION@ +GUILE_EXTENSION = @GUILE_EXTENSION@ +GUILE_LDFLAGS = @GUILE_LDFLAGS@ +GUILE_LIBS = @GUILE_LIBS@ +GUILE_LTLIBS = @GUILE_LTLIBS@ +GUILE_SITE = @GUILE_SITE@ +GUILE_SITE_CCACHE = @GUILE_SITE_CCACHE@ +GUILE_TOOLS = @GUILE_TOOLS@ +HAVE_ACCEPT4 = @HAVE_ACCEPT4@ +HAVE_ALIGNED_ALLOC = @HAVE_ALIGNED_ALLOC@ +HAVE_ALLOCA_H = @HAVE_ALLOCA_H@ +HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@ +HAVE_ATOLL = @HAVE_ATOLL@ +HAVE_BTOWC = @HAVE_BTOWC@ +HAVE_C99_STDINT_H = @HAVE_C99_STDINT_H@ +HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@ +HAVE_CHOWN = @HAVE_CHOWN@ +HAVE_COPY_FILE_RANGE = @HAVE_COPY_FILE_RANGE@ +HAVE_CRTDEFS_H = @HAVE_CRTDEFS_H@ +HAVE_DECL_ECVT = @HAVE_DECL_ECVT@ +HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@ +HAVE_DECL_EXECVPE = @HAVE_DECL_EXECVPE@ +HAVE_DECL_FCHDIR = @HAVE_DECL_FCHDIR@ +HAVE_DECL_FCLOSEALL = @HAVE_DECL_FCLOSEALL@ +HAVE_DECL_FCVT = @HAVE_DECL_FCVT@ +HAVE_DECL_FDATASYNC = @HAVE_DECL_FDATASYNC@ +HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@ +HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@ +HAVE_DECL_FSEEKO = @HAVE_DECL_FSEEKO@ +HAVE_DECL_FTELLO = @HAVE_DECL_FTELLO@ +HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@ +HAVE_DECL_GCVT = @HAVE_DECL_GCVT@ +HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@ +HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@ +HAVE_DECL_GETDOMAINNAME = @HAVE_DECL_GETDOMAINNAME@ +HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@ +HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@ +HAVE_DECL_GETLOGIN = @HAVE_DECL_GETLOGIN@ +HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@ +HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@ +HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@ +HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@ +HAVE_DECL_IMAXABS = @HAVE_DECL_IMAXABS@ +HAVE_DECL_IMAXDIV = @HAVE_DECL_IMAXDIV@ +HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@ +HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@ +HAVE_DECL_INITSTATE = @HAVE_DECL_INITSTATE@ +HAVE_DECL_LOCALTIME_R = @HAVE_DECL_LOCALTIME_R@ +HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@ +HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@ +HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@ +HAVE_DECL_SETENV = @HAVE_DECL_SETENV@ +HAVE_DECL_SETHOSTNAME = @HAVE_DECL_SETHOSTNAME@ +HAVE_DECL_SETSTATE = @HAVE_DECL_SETSTATE@ +HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@ +HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@ +HAVE_DECL_STRERROR_R = @HAVE_DECL_STRERROR_R@ +HAVE_DECL_STRNCASECMP = @HAVE_DECL_STRNCASECMP@ +HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@ +HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@ +HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@ +HAVE_DECL_STRTOIMAX = @HAVE_DECL_STRTOIMAX@ +HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@ +HAVE_DECL_STRTOUMAX = @HAVE_DECL_STRTOUMAX@ +HAVE_DECL_TRUNCATE = @HAVE_DECL_TRUNCATE@ +HAVE_DECL_TTYNAME_R = @HAVE_DECL_TTYNAME_R@ +HAVE_DECL_UNSETENV = @HAVE_DECL_UNSETENV@ +HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@ +HAVE_DECL_WCSDUP = @HAVE_DECL_WCSDUP@ +HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@ +HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@ +HAVE_DPRINTF = @HAVE_DPRINTF@ +HAVE_DUP3 = @HAVE_DUP3@ +HAVE_DUPLOCALE = @HAVE_DUPLOCALE@ +HAVE_EUIDACCESS = @HAVE_EUIDACCESS@ +HAVE_EXECVPE = @HAVE_EXECVPE@ +HAVE_EXPLICIT_BZERO = @HAVE_EXPLICIT_BZERO@ +HAVE_FACCESSAT = @HAVE_FACCESSAT@ +HAVE_FCHDIR = @HAVE_FCHDIR@ +HAVE_FCHMODAT = @HAVE_FCHMODAT@ +HAVE_FCHOWNAT = @HAVE_FCHOWNAT@ +HAVE_FCNTL = @HAVE_FCNTL@ +HAVE_FDATASYNC = @HAVE_FDATASYNC@ +HAVE_FEATURES_H = @HAVE_FEATURES_H@ +HAVE_FFS = @HAVE_FFS@ +HAVE_FFSL = @HAVE_FFSL@ +HAVE_FFSLL = @HAVE_FFSLL@ +HAVE_FREELOCALE = @HAVE_FREELOCALE@ +HAVE_FSEEKO = @HAVE_FSEEKO@ +HAVE_FSTATAT = @HAVE_FSTATAT@ +HAVE_FSYNC = @HAVE_FSYNC@ +HAVE_FTELLO = @HAVE_FTELLO@ +HAVE_FTRUNCATE = @HAVE_FTRUNCATE@ +HAVE_FUTIMENS = @HAVE_FUTIMENS@ +HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@ +HAVE_GETENTROPY = @HAVE_GETENTROPY@ +HAVE_GETGROUPS = @HAVE_GETGROUPS@ +HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@ +HAVE_GETLOGIN = @HAVE_GETLOGIN@ +HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@ +HAVE_GETPASS = @HAVE_GETPASS@ +HAVE_GETSUBOPT = @HAVE_GETSUBOPT@ +HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@ +HAVE_GETUMASK = @HAVE_GETUMASK@ +HAVE_GRANTPT = @HAVE_GRANTPT@ +HAVE_GROUP_MEMBER = @HAVE_GROUP_MEMBER@ +HAVE_IMAXDIV_T = @HAVE_IMAXDIV_T@ +HAVE_INITSTATE = @HAVE_INITSTATE@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_ISBLANK = @HAVE_ISBLANK@ +HAVE_LANGINFO_ALTMON = @HAVE_LANGINFO_ALTMON@ +HAVE_LANGINFO_CODESET = @HAVE_LANGINFO_CODESET@ +HAVE_LANGINFO_ERA = @HAVE_LANGINFO_ERA@ +HAVE_LANGINFO_H = @HAVE_LANGINFO_H@ +HAVE_LANGINFO_T_FMT_AMPM = @HAVE_LANGINFO_T_FMT_AMPM@ +HAVE_LANGINFO_YESEXPR = @HAVE_LANGINFO_YESEXPR@ +HAVE_LCHMOD = @HAVE_LCHMOD@ +HAVE_LCHOWN = @HAVE_LCHOWN@ +HAVE_LIBCRYPTO = @HAVE_LIBCRYPTO@ +HAVE_LIBDL = @HAVE_LIBDL@ +HAVE_LIBEV = @HAVE_LIBEV@ +HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ +HAVE_LIBRT = @HAVE_LIBRT@ +HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@ +HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_LINK = @HAVE_LINK@ +HAVE_LINKAT = @HAVE_LINKAT@ +HAVE_LSTAT = @HAVE_LSTAT@ +HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ +HAVE_MBRLEN = @HAVE_MBRLEN@ +HAVE_MBRTOWC = @HAVE_MBRTOWC@ +HAVE_MBSINIT = @HAVE_MBSINIT@ +HAVE_MBSLEN = @HAVE_MBSLEN@ +HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@ +HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@ +HAVE_MBTOWC = @HAVE_MBTOWC@ +HAVE_MEMPCPY = @HAVE_MEMPCPY@ +HAVE_MKDIRAT = @HAVE_MKDIRAT@ +HAVE_MKDTEMP = @HAVE_MKDTEMP@ +HAVE_MKFIFO = @HAVE_MKFIFO@ +HAVE_MKFIFOAT = @HAVE_MKFIFOAT@ +HAVE_MKNOD = @HAVE_MKNOD@ +HAVE_MKNODAT = @HAVE_MKNODAT@ +HAVE_MKOSTEMP = @HAVE_MKOSTEMP@ +HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@ +HAVE_MKSTEMP = @HAVE_MKSTEMP@ +HAVE_MKSTEMPS = @HAVE_MKSTEMPS@ +HAVE_MSVC_INVALID_PARAMETER_HANDLER = @HAVE_MSVC_INVALID_PARAMETER_HANDLER@ +HAVE_NANOSLEEP = @HAVE_NANOSLEEP@ +HAVE_NETDB_H = @HAVE_NETDB_H@ +HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@ +HAVE_NEWLOCALE = @HAVE_NEWLOCALE@ +HAVE_NL_LANGINFO = @HAVE_NL_LANGINFO@ +HAVE_OPENAT = @HAVE_OPENAT@ +HAVE_OS_H = @HAVE_OS_H@ +HAVE_PCLOSE = @HAVE_PCLOSE@ +HAVE_PIPE = @HAVE_PIPE@ +HAVE_PIPE2 = @HAVE_PIPE2@ +HAVE_POPEN = @HAVE_POPEN@ +HAVE_POSIX_MEMALIGN = @HAVE_POSIX_MEMALIGN@ +HAVE_POSIX_OPENPT = @HAVE_POSIX_OPENPT@ +HAVE_POSIX_SIGNALBLOCKING = @HAVE_POSIX_SIGNALBLOCKING@ +HAVE_PREAD = @HAVE_PREAD@ +HAVE_PSELECT = @HAVE_PSELECT@ +HAVE_PTHREAD_ATTR_DESTROY = @HAVE_PTHREAD_ATTR_DESTROY@ +HAVE_PTHREAD_ATTR_GETDETACHSTATE = @HAVE_PTHREAD_ATTR_GETDETACHSTATE@ +HAVE_PTHREAD_ATTR_INIT = @HAVE_PTHREAD_ATTR_INIT@ +HAVE_PTHREAD_ATTR_SETDETACHSTATE = @HAVE_PTHREAD_ATTR_SETDETACHSTATE@ +HAVE_PTHREAD_CONDATTR_DESTROY = @HAVE_PTHREAD_CONDATTR_DESTROY@ +HAVE_PTHREAD_CONDATTR_INIT = @HAVE_PTHREAD_CONDATTR_INIT@ +HAVE_PTHREAD_COND_BROADCAST = @HAVE_PTHREAD_COND_BROADCAST@ +HAVE_PTHREAD_COND_DESTROY = @HAVE_PTHREAD_COND_DESTROY@ +HAVE_PTHREAD_COND_INIT = @HAVE_PTHREAD_COND_INIT@ +HAVE_PTHREAD_COND_SIGNAL = @HAVE_PTHREAD_COND_SIGNAL@ +HAVE_PTHREAD_COND_TIMEDWAIT = @HAVE_PTHREAD_COND_TIMEDWAIT@ +HAVE_PTHREAD_COND_WAIT = @HAVE_PTHREAD_COND_WAIT@ +HAVE_PTHREAD_CREATE = @HAVE_PTHREAD_CREATE@ +HAVE_PTHREAD_CREATE_DETACHED = @HAVE_PTHREAD_CREATE_DETACHED@ +HAVE_PTHREAD_DETACH = @HAVE_PTHREAD_DETACH@ +HAVE_PTHREAD_EQUAL = @HAVE_PTHREAD_EQUAL@ +HAVE_PTHREAD_EXIT = @HAVE_PTHREAD_EXIT@ +HAVE_PTHREAD_GETSPECIFIC = @HAVE_PTHREAD_GETSPECIFIC@ +HAVE_PTHREAD_H = @HAVE_PTHREAD_H@ +HAVE_PTHREAD_JOIN = @HAVE_PTHREAD_JOIN@ +HAVE_PTHREAD_KEY_CREATE = @HAVE_PTHREAD_KEY_CREATE@ +HAVE_PTHREAD_KEY_DELETE = @HAVE_PTHREAD_KEY_DELETE@ +HAVE_PTHREAD_MUTEXATTR_DESTROY = @HAVE_PTHREAD_MUTEXATTR_DESTROY@ +HAVE_PTHREAD_MUTEXATTR_GETROBUST = @HAVE_PTHREAD_MUTEXATTR_GETROBUST@ +HAVE_PTHREAD_MUTEXATTR_GETTYPE = @HAVE_PTHREAD_MUTEXATTR_GETTYPE@ +HAVE_PTHREAD_MUTEXATTR_INIT = @HAVE_PTHREAD_MUTEXATTR_INIT@ +HAVE_PTHREAD_MUTEXATTR_SETROBUST = @HAVE_PTHREAD_MUTEXATTR_SETROBUST@ +HAVE_PTHREAD_MUTEXATTR_SETTYPE = @HAVE_PTHREAD_MUTEXATTR_SETTYPE@ +HAVE_PTHREAD_MUTEX_DESTROY = @HAVE_PTHREAD_MUTEX_DESTROY@ +HAVE_PTHREAD_MUTEX_INIT = @HAVE_PTHREAD_MUTEX_INIT@ +HAVE_PTHREAD_MUTEX_LOCK = @HAVE_PTHREAD_MUTEX_LOCK@ +HAVE_PTHREAD_MUTEX_RECURSIVE = @HAVE_PTHREAD_MUTEX_RECURSIVE@ +HAVE_PTHREAD_MUTEX_ROBUST = @HAVE_PTHREAD_MUTEX_ROBUST@ +HAVE_PTHREAD_MUTEX_TIMEDLOCK = @HAVE_PTHREAD_MUTEX_TIMEDLOCK@ +HAVE_PTHREAD_MUTEX_TRYLOCK = @HAVE_PTHREAD_MUTEX_TRYLOCK@ +HAVE_PTHREAD_MUTEX_UNLOCK = @HAVE_PTHREAD_MUTEX_UNLOCK@ +HAVE_PTHREAD_ONCE = @HAVE_PTHREAD_ONCE@ +HAVE_PTHREAD_PROCESS_SHARED = @HAVE_PTHREAD_PROCESS_SHARED@ +HAVE_PTHREAD_RWLOCKATTR_DESTROY = @HAVE_PTHREAD_RWLOCKATTR_DESTROY@ +HAVE_PTHREAD_RWLOCKATTR_INIT = @HAVE_PTHREAD_RWLOCKATTR_INIT@ +HAVE_PTHREAD_RWLOCK_DESTROY = @HAVE_PTHREAD_RWLOCK_DESTROY@ +HAVE_PTHREAD_RWLOCK_INIT = @HAVE_PTHREAD_RWLOCK_INIT@ +HAVE_PTHREAD_RWLOCK_RDLOCK = @HAVE_PTHREAD_RWLOCK_RDLOCK@ +HAVE_PTHREAD_RWLOCK_TIMEDRDLOCK = @HAVE_PTHREAD_RWLOCK_TIMEDRDLOCK@ +HAVE_PTHREAD_RWLOCK_TIMEDWRLOCK = @HAVE_PTHREAD_RWLOCK_TIMEDWRLOCK@ +HAVE_PTHREAD_RWLOCK_TRYRDLOCK = @HAVE_PTHREAD_RWLOCK_TRYRDLOCK@ +HAVE_PTHREAD_RWLOCK_TRYWRLOCK = @HAVE_PTHREAD_RWLOCK_TRYWRLOCK@ +HAVE_PTHREAD_RWLOCK_UNLOCK = @HAVE_PTHREAD_RWLOCK_UNLOCK@ +HAVE_PTHREAD_RWLOCK_WRLOCK = @HAVE_PTHREAD_RWLOCK_WRLOCK@ +HAVE_PTHREAD_SELF = @HAVE_PTHREAD_SELF@ +HAVE_PTHREAD_SETSPECIFIC = @HAVE_PTHREAD_SETSPECIFIC@ +HAVE_PTHREAD_SIGMASK = @HAVE_PTHREAD_SIGMASK@ +HAVE_PTHREAD_SPINLOCK_T = @HAVE_PTHREAD_SPINLOCK_T@ +HAVE_PTHREAD_SPIN_DESTROY = @HAVE_PTHREAD_SPIN_DESTROY@ +HAVE_PTHREAD_SPIN_INIT = @HAVE_PTHREAD_SPIN_INIT@ +HAVE_PTHREAD_SPIN_LOCK = @HAVE_PTHREAD_SPIN_LOCK@ +HAVE_PTHREAD_SPIN_TRYLOCK = @HAVE_PTHREAD_SPIN_TRYLOCK@ +HAVE_PTHREAD_SPIN_UNLOCK = @HAVE_PTHREAD_SPIN_UNLOCK@ +HAVE_PTHREAD_T = @HAVE_PTHREAD_T@ +HAVE_PTSNAME = @HAVE_PTSNAME@ +HAVE_PTSNAME_R = @HAVE_PTSNAME_R@ +HAVE_PWRITE = @HAVE_PWRITE@ +HAVE_QSORT_R = @HAVE_QSORT_R@ +HAVE_RAISE = @HAVE_RAISE@ +HAVE_RANDOM = @HAVE_RANDOM@ +HAVE_RANDOM_H = @HAVE_RANDOM_H@ +HAVE_RANDOM_R = @HAVE_RANDOM_R@ +HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@ +HAVE_READLINK = @HAVE_READLINK@ +HAVE_READLINKAT = @HAVE_READLINKAT@ +HAVE_REALLOCARRAY = @HAVE_REALLOCARRAY@ +HAVE_REALPATH = @HAVE_REALPATH@ +HAVE_RENAMEAT = @HAVE_RENAMEAT@ +HAVE_RPMATCH = @HAVE_RPMATCH@ +HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@ +HAVE_SCHED_H = @HAVE_SCHED_H@ +HAVE_SCHED_YIELD = @HAVE_SCHED_YIELD@ +HAVE_SECURE_GETENV = @HAVE_SECURE_GETENV@ +HAVE_SETENV = @HAVE_SETENV@ +HAVE_SETHOSTNAME = @HAVE_SETHOSTNAME@ +HAVE_SETSTATE = @HAVE_SETSTATE@ +HAVE_SIGABBREV_NP = @HAVE_SIGABBREV_NP@ +HAVE_SIGACTION = @HAVE_SIGACTION@ +HAVE_SIGDESCR_NP = @HAVE_SIGDESCR_NP@ +HAVE_SIGHANDLER_T = @HAVE_SIGHANDLER_T@ +HAVE_SIGINFO_T = @HAVE_SIGINFO_T@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_SIGSET_T = @HAVE_SIGSET_T@ +HAVE_SLEEP = @HAVE_SLEEP@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_STPCPY = @HAVE_STPCPY@ +HAVE_STPNCPY = @HAVE_STPNCPY@ +HAVE_STRCASECMP = @HAVE_STRCASECMP@ +HAVE_STRCASESTR = @HAVE_STRCASESTR@ +HAVE_STRCHRNUL = @HAVE_STRCHRNUL@ +HAVE_STRERRORNAME_NP = @HAVE_STRERRORNAME_NP@ +HAVE_STRINGS_H = @HAVE_STRINGS_H@ +HAVE_STRPBRK = @HAVE_STRPBRK@ +HAVE_STRPTIME = @HAVE_STRPTIME@ +HAVE_STRSEP = @HAVE_STRSEP@ +HAVE_STRTOD = @HAVE_STRTOD@ +HAVE_STRTOL = @HAVE_STRTOL@ +HAVE_STRTOLD = @HAVE_STRTOLD@ +HAVE_STRTOLL = @HAVE_STRTOLL@ +HAVE_STRTOUL = @HAVE_STRTOUL@ +HAVE_STRTOULL = @HAVE_STRTOULL@ +HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@ +HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@ +HAVE_STRUCT_SCHED_PARAM = @HAVE_STRUCT_SCHED_PARAM@ +HAVE_STRUCT_SIGACTION_SA_SIGACTION = @HAVE_STRUCT_SIGACTION_SA_SIGACTION@ +HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@ +HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = @HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@ +HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@ +HAVE_STRVERSCMP = @HAVE_STRVERSCMP@ +HAVE_SYMLINK = @HAVE_SYMLINK@ +HAVE_SYMLINKAT = @HAVE_SYMLINKAT@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_CDEFS_H = @HAVE_SYS_CDEFS_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@ +HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@ +HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@ +HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@ +HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@ +HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ +HAVE_TIMEGM = @HAVE_TIMEGM@ +HAVE_TIMESPEC_GET = @HAVE_TIMESPEC_GET@ +HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ +HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ +HAVE_UNISTD_H = @HAVE_UNISTD_H@ +HAVE_UNLINKAT = @HAVE_UNLINKAT@ +HAVE_UNLOCKPT = @HAVE_UNLOCKPT@ +HAVE_USLEEP = @HAVE_USLEEP@ +HAVE_UTIMENSAT = @HAVE_UTIMENSAT@ +HAVE_VASPRINTF = @HAVE_VASPRINTF@ +HAVE_VDPRINTF = @HAVE_VDPRINTF@ +HAVE_VISIBILITY = @HAVE_VISIBILITY@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ +HAVE_WCHAR_T = @HAVE_WCHAR_T@ +HAVE_WCPCPY = @HAVE_WCPCPY@ +HAVE_WCPNCPY = @HAVE_WCPNCPY@ +HAVE_WCRTOMB = @HAVE_WCRTOMB@ +HAVE_WCSCASECMP = @HAVE_WCSCASECMP@ +HAVE_WCSCAT = @HAVE_WCSCAT@ +HAVE_WCSCHR = @HAVE_WCSCHR@ +HAVE_WCSCMP = @HAVE_WCSCMP@ +HAVE_WCSCOLL = @HAVE_WCSCOLL@ +HAVE_WCSCPY = @HAVE_WCSCPY@ +HAVE_WCSCSPN = @HAVE_WCSCSPN@ +HAVE_WCSDUP = @HAVE_WCSDUP@ +HAVE_WCSFTIME = @HAVE_WCSFTIME@ +HAVE_WCSLEN = @HAVE_WCSLEN@ +HAVE_WCSNCASECMP = @HAVE_WCSNCASECMP@ +HAVE_WCSNCAT = @HAVE_WCSNCAT@ +HAVE_WCSNCMP = @HAVE_WCSNCMP@ +HAVE_WCSNCPY = @HAVE_WCSNCPY@ +HAVE_WCSNLEN = @HAVE_WCSNLEN@ +HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@ +HAVE_WCSPBRK = @HAVE_WCSPBRK@ +HAVE_WCSRCHR = @HAVE_WCSRCHR@ +HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@ +HAVE_WCSSPN = @HAVE_WCSSPN@ +HAVE_WCSSTR = @HAVE_WCSSTR@ +HAVE_WCSTOK = @HAVE_WCSTOK@ +HAVE_WCSWIDTH = @HAVE_WCSWIDTH@ +HAVE_WCSXFRM = @HAVE_WCSXFRM@ +HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@ +HAVE_WINT_T = @HAVE_WINT_T@ +HAVE_WMEMCHR = @HAVE_WMEMCHR@ +HAVE_WMEMCMP = @HAVE_WMEMCMP@ +HAVE_WMEMCPY = @HAVE_WMEMCPY@ +HAVE_WMEMMOVE = @HAVE_WMEMMOVE@ +HAVE_WMEMPCPY = @HAVE_WMEMPCPY@ +HAVE_WMEMSET = @HAVE_WMEMSET@ +HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@ +HAVE_XLOCALE_H = @HAVE_XLOCALE_H@ +HAVE__BOOL = @HAVE__BOOL@ +HAVE__EXIT = @HAVE__EXIT@ +HOGWEED_CFLAGS = @HOGWEED_CFLAGS@ +HOGWEED_LIBS = @HOGWEED_LIBS@ +HOSTENT_LIB = @HOSTENT_LIB@ +HTML_DIR = @HTML_DIR@ +INCLUDE_NEXT = @INCLUDE_NEXT@ +INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@ +INET_NTOP_LIB = @INET_NTOP_LIB@ +INET_PTON_LIB = @INET_PTON_LIB@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INT32_MAX_LT_INTMAX_MAX = @INT32_MAX_LT_INTMAX_MAX@ +INT64_MAX_EQ_LONG_MAX = @INT64_MAX_EQ_LONG_MAX@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDDPOSTPROC = @LDDPOSTPROC@ +LDDPROG = @LDDPROG@ +LDFLAGS = @LDFLAGS@ +LIBATOMIC_LIBS = @LIBATOMIC_LIBS@ +LIBBROTLIDEC_CFLAGS = @LIBBROTLIDEC_CFLAGS@ +LIBBROTLIDEC_LIBS = @LIBBROTLIDEC_LIBS@ +LIBBROTLIENC_CFLAGS = @LIBBROTLIENC_CFLAGS@ +LIBBROTLIENC_LIBS = @LIBBROTLIENC_LIBS@ +LIBCRYPTO = @LIBCRYPTO@ +LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@ +LIBDL = @LIBDL@ +LIBDL_PREFIX = @LIBDL_PREFIX@ +LIBEV = @LIBEV@ +LIBEV_LIBS = @LIBEV_LIBS@ +LIBEV_PREFIX = @LIBEV_PREFIX@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBICONV = @LIBICONV@ +LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@ +LIBIDN2_LIBS = @LIBIDN2_LIBS@ +LIBINTL = @LIBINTL@ +LIBKCAPI_CFLAGS = @LIBKCAPI_CFLAGS@ +LIBKCAPI_LIBS = @LIBKCAPI_LIBS@ +LIBMULTITHREAD = @LIBMULTITHREAD@ +LIBOBJS = @LIBOBJS@ +LIBPMULTITHREAD = @LIBPMULTITHREAD@ +LIBPTHREAD = @LIBPTHREAD@ +LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@ +LIBRT = @LIBRT@ +LIBRT_PREFIX = @LIBRT_PREFIX@ +LIBS = @LIBS@ +LIBSECCOMP = @LIBSECCOMP@ +LIBSECCOMP_PREFIX = @LIBSECCOMP_PREFIX@ +LIBSOCKET = @LIBSOCKET@ +LIBSTDTHREAD = @LIBSTDTHREAD@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@ +LIBTHREAD = @LIBTHREAD@ +LIBTOOL = @LIBTOOL@ +LIBUNISTRING = @LIBUNISTRING@ +LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@ +LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@ +LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@ +LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@ +LIBZ = @LIBZ@ +LIBZSTD_CFLAGS = @LIBZSTD_CFLAGS@ +LIBZSTD_LIBS = @LIBZSTD_LIBS@ +LIBZ_PC = @LIBZ_PC@ +LIBZ_PREFIX = @LIBZ_PREFIX@ +LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ +LIB_NANOSLEEP = @LIB_NANOSLEEP@ +LIB_PTHREAD = @LIB_PTHREAD@ +LIB_PTHREAD_SIGMASK = @LIB_PTHREAD_SIGMASK@ +LIB_SCHED_YIELD = @LIB_SCHED_YIELD@ +LIB_SELECT = @LIB_SELECT@ +LIB_SEMAPHORE = @LIB_SEMAPHORE@ +LIB_SETLOCALE = @LIB_SETLOCALE@ +LIB_SETLOCALE_NULL = @LIB_SETLOCALE_NULL@ +LIMITS_H = @LIMITS_H@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LOCALENAME_ENHANCE_LOCALE_FUNCS = @LOCALENAME_ENHANCE_LOCALE_FUNCS@ +LOCALE_FR = @LOCALE_FR@ +LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@ +LOCALE_JA = @LOCALE_JA@ +LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@ +LOCALE_ZH_CN = @LOCALE_ZH_CN@ +LOG_VALGRIND = @LOG_VALGRIND@ +LTALLOCA = @LTALLOCA@ +LTLIBCRYPTO = @LTLIBCRYPTO@ +LTLIBDL = @LTLIBDL@ +LTLIBEV = @LTLIBEV@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBMULTITHREAD = @LTLIBMULTITHREAD@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIBPTHREAD = @LTLIBPTHREAD@ +LTLIBRT = @LTLIBRT@ +LTLIBSECCOMP = @LTLIBSECCOMP@ +LTLIBTHREAD = @LTLIBTHREAD@ +LTLIBZ = @LTLIBZ@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_DANE_AGE = @LT_DANE_AGE@ +LT_DANE_CURRENT = @LT_DANE_CURRENT@ +LT_DANE_REVISION = @LT_DANE_REVISION@ +LT_REVISION = @LT_REVISION@ +LT_SSL_AGE = @LT_SSL_AGE@ +LT_SSL_CURRENT = @LT_SSL_CURRENT@ +LT_SSL_REVISION = @LT_SSL_REVISION@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LT_XSSL_AGE = @LT_XSSL_AGE@ +LT_XSSL_CURRENT = @LT_XSSL_CURRENT@ +LT_XSSL_REVISION = @LT_XSSL_REVISION@ +MAINT = @MAINT@ +MAJOR_VERSION = @MAJOR_VERSION@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MINOR_VERSION = @MINOR_VERSION@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGMERGE = @MSGMERGE@ +MSGMERGE_FOR_MSGFMT_OPTION = @MSGMERGE_FOR_MSGFMT_OPTION@ +NETINET_IN_H = @NETINET_IN_H@ +NETTLE_CFLAGS = @NETTLE_CFLAGS@ +NETTLE_LIBS = @NETTLE_LIBS@ +NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_CTYPE_H = @NEXT_AS_FIRST_DIRECTIVE_CTYPE_H@ +NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@ +NEXT_AS_FIRST_DIRECTIVE_FCNTL_H = @NEXT_AS_FIRST_DIRECTIVE_FCNTL_H@ +NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@ +NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H = @NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H = @NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H@ +NEXT_AS_FIRST_DIRECTIVE_LIMITS_H = @NEXT_AS_FIRST_DIRECTIVE_LIMITS_H@ +NEXT_AS_FIRST_DIRECTIVE_LOCALE_H = @NEXT_AS_FIRST_DIRECTIVE_LOCALE_H@ +NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@ +NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@ +NEXT_AS_FIRST_DIRECTIVE_PTHREAD_H = @NEXT_AS_FIRST_DIRECTIVE_PTHREAD_H@ +NEXT_AS_FIRST_DIRECTIVE_SCHED_H = @NEXT_AS_FIRST_DIRECTIVE_SCHED_H@ +NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H = @NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H@ +NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@ +NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@ +NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@ +NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@ +NEXT_AS_FIRST_DIRECTIVE_STRINGS_H = @NEXT_AS_FIRST_DIRECTIVE_STRINGS_H@ +NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H@ +NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@ +NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@ +NEXT_CTYPE_H = @NEXT_CTYPE_H@ +NEXT_ERRNO_H = @NEXT_ERRNO_H@ +NEXT_FCNTL_H = @NEXT_FCNTL_H@ +NEXT_FLOAT_H = @NEXT_FLOAT_H@ +NEXT_INTTYPES_H = @NEXT_INTTYPES_H@ +NEXT_LANGINFO_H = @NEXT_LANGINFO_H@ +NEXT_LIMITS_H = @NEXT_LIMITS_H@ +NEXT_LOCALE_H = @NEXT_LOCALE_H@ +NEXT_NETDB_H = @NEXT_NETDB_H@ +NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@ +NEXT_PTHREAD_H = @NEXT_PTHREAD_H@ +NEXT_SCHED_H = @NEXT_SCHED_H@ +NEXT_SIGNAL_H = @NEXT_SIGNAL_H@ +NEXT_STDDEF_H = @NEXT_STDDEF_H@ +NEXT_STDINT_H = @NEXT_STDINT_H@ +NEXT_STDIO_H = @NEXT_STDIO_H@ +NEXT_STDLIB_H = @NEXT_STDLIB_H@ +NEXT_STRINGS_H = @NEXT_STRINGS_H@ +NEXT_STRING_H = @NEXT_STRING_H@ +NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@ +NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@ +NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@ +NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@ +NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@ +NEXT_SYS_TYPES_H = @NEXT_SYS_TYPES_H@ +NEXT_SYS_UIO_H = @NEXT_SYS_UIO_H@ +NEXT_TIME_H = @NEXT_TIME_H@ +NEXT_UNISTD_H = @NEXT_UNISTD_H@ +NEXT_WCHAR_H = @NEXT_WCHAR_H@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NUMBER_VERSION = @NUMBER_VERSION@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PARSE_DATETIME_BISON = @PARSE_DATETIME_BISON@ +PATCH_VERSION = @PATCH_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKCS12_ITER_COUNT = @PKCS12_ITER_COUNT@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PMCCABE = @PMCCABE@ +POSUB = @POSUB@ +PRAGMA_COLUMNS = @PRAGMA_COLUMNS@ +PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@ +PRIPTR_PREFIX = @PRIPTR_PREFIX@ +PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +REPLACE_ACCESS = @REPLACE_ACCESS@ +REPLACE_ALIGNED_ALLOC = @REPLACE_ALIGNED_ALLOC@ +REPLACE_BTOWC = @REPLACE_BTOWC@ +REPLACE_CALLOC = @REPLACE_CALLOC@ +REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@ +REPLACE_CHOWN = @REPLACE_CHOWN@ +REPLACE_CLOSE = @REPLACE_CLOSE@ +REPLACE_CREAT = @REPLACE_CREAT@ +REPLACE_CTIME = @REPLACE_CTIME@ +REPLACE_DPRINTF = @REPLACE_DPRINTF@ +REPLACE_DUP = @REPLACE_DUP@ +REPLACE_DUP2 = @REPLACE_DUP2@ +REPLACE_DUPLOCALE = @REPLACE_DUPLOCALE@ +REPLACE_EXECL = @REPLACE_EXECL@ +REPLACE_EXECLE = @REPLACE_EXECLE@ +REPLACE_EXECLP = @REPLACE_EXECLP@ +REPLACE_EXECV = @REPLACE_EXECV@ +REPLACE_EXECVE = @REPLACE_EXECVE@ +REPLACE_EXECVP = @REPLACE_EXECVP@ +REPLACE_EXECVPE = @REPLACE_EXECVPE@ +REPLACE_FACCESSAT = @REPLACE_FACCESSAT@ +REPLACE_FCHMODAT = @REPLACE_FCHMODAT@ +REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@ +REPLACE_FCLOSE = @REPLACE_FCLOSE@ +REPLACE_FCNTL = @REPLACE_FCNTL@ +REPLACE_FDOPEN = @REPLACE_FDOPEN@ +REPLACE_FFLUSH = @REPLACE_FFLUSH@ +REPLACE_FFSLL = @REPLACE_FFSLL@ +REPLACE_FOPEN = @REPLACE_FOPEN@ +REPLACE_FPRINTF = @REPLACE_FPRINTF@ +REPLACE_FPURGE = @REPLACE_FPURGE@ +REPLACE_FREE = @REPLACE_FREE@ +REPLACE_FREELOCALE = @REPLACE_FREELOCALE@ +REPLACE_FREOPEN = @REPLACE_FREOPEN@ +REPLACE_FSEEK = @REPLACE_FSEEK@ +REPLACE_FSEEKO = @REPLACE_FSEEKO@ +REPLACE_FSTAT = @REPLACE_FSTAT@ +REPLACE_FSTATAT = @REPLACE_FSTATAT@ +REPLACE_FTELL = @REPLACE_FTELL@ +REPLACE_FTELLO = @REPLACE_FTELLO@ +REPLACE_FTRUNCATE = @REPLACE_FTRUNCATE@ +REPLACE_FUTIMENS = @REPLACE_FUTIMENS@ +REPLACE_GAI_STRERROR = @REPLACE_GAI_STRERROR@ +REPLACE_GETADDRINFO = @REPLACE_GETADDRINFO@ +REPLACE_GETCWD = @REPLACE_GETCWD@ +REPLACE_GETDELIM = @REPLACE_GETDELIM@ +REPLACE_GETDOMAINNAME = @REPLACE_GETDOMAINNAME@ +REPLACE_GETDTABLESIZE = @REPLACE_GETDTABLESIZE@ +REPLACE_GETGROUPS = @REPLACE_GETGROUPS@ +REPLACE_GETLINE = @REPLACE_GETLINE@ +REPLACE_GETLOGIN_R = @REPLACE_GETLOGIN_R@ +REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@ +REPLACE_GETPASS = @REPLACE_GETPASS@ +REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@ +REPLACE_GMTIME = @REPLACE_GMTIME@ +REPLACE_INET_NTOP = @REPLACE_INET_NTOP@ +REPLACE_INET_PTON = @REPLACE_INET_PTON@ +REPLACE_INITSTATE = @REPLACE_INITSTATE@ +REPLACE_IOCTL = @REPLACE_IOCTL@ +REPLACE_ISATTY = @REPLACE_ISATTY@ +REPLACE_ITOLD = @REPLACE_ITOLD@ +REPLACE_LCHOWN = @REPLACE_LCHOWN@ +REPLACE_LINK = @REPLACE_LINK@ +REPLACE_LINKAT = @REPLACE_LINKAT@ +REPLACE_LOCALECONV = @REPLACE_LOCALECONV@ +REPLACE_LOCALTIME = @REPLACE_LOCALTIME@ +REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@ +REPLACE_LSEEK = @REPLACE_LSEEK@ +REPLACE_LSTAT = @REPLACE_LSTAT@ +REPLACE_MALLOC = @REPLACE_MALLOC@ +REPLACE_MBRLEN = @REPLACE_MBRLEN@ +REPLACE_MBRTOWC = @REPLACE_MBRTOWC@ +REPLACE_MBSINIT = @REPLACE_MBSINIT@ +REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@ +REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@ +REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@ +REPLACE_MBTOWC = @REPLACE_MBTOWC@ +REPLACE_MEMCHR = @REPLACE_MEMCHR@ +REPLACE_MEMMEM = @REPLACE_MEMMEM@ +REPLACE_MKDIR = @REPLACE_MKDIR@ +REPLACE_MKFIFO = @REPLACE_MKFIFO@ +REPLACE_MKFIFOAT = @REPLACE_MKFIFOAT@ +REPLACE_MKNOD = @REPLACE_MKNOD@ +REPLACE_MKNODAT = @REPLACE_MKNODAT@ +REPLACE_MKSTEMP = @REPLACE_MKSTEMP@ +REPLACE_MKTIME = @REPLACE_MKTIME@ +REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@ +REPLACE_NEWLOCALE = @REPLACE_NEWLOCALE@ +REPLACE_NL_LANGINFO = @REPLACE_NL_LANGINFO@ +REPLACE_NULL = @REPLACE_NULL@ +REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@ +REPLACE_OPEN = @REPLACE_OPEN@ +REPLACE_OPENAT = @REPLACE_OPENAT@ +REPLACE_PERROR = @REPLACE_PERROR@ +REPLACE_POPEN = @REPLACE_POPEN@ +REPLACE_POSIX_MEMALIGN = @REPLACE_POSIX_MEMALIGN@ +REPLACE_PREAD = @REPLACE_PREAD@ +REPLACE_PRINTF = @REPLACE_PRINTF@ +REPLACE_PSELECT = @REPLACE_PSELECT@ +REPLACE_PTHREAD_ATTR_DESTROY = @REPLACE_PTHREAD_ATTR_DESTROY@ +REPLACE_PTHREAD_ATTR_GETDETACHSTATE = @REPLACE_PTHREAD_ATTR_GETDETACHSTATE@ +REPLACE_PTHREAD_ATTR_INIT = @REPLACE_PTHREAD_ATTR_INIT@ +REPLACE_PTHREAD_ATTR_SETDETACHSTATE = @REPLACE_PTHREAD_ATTR_SETDETACHSTATE@ +REPLACE_PTHREAD_CONDATTR_DESTROY = @REPLACE_PTHREAD_CONDATTR_DESTROY@ +REPLACE_PTHREAD_CONDATTR_INIT = @REPLACE_PTHREAD_CONDATTR_INIT@ +REPLACE_PTHREAD_COND_BROADCAST = @REPLACE_PTHREAD_COND_BROADCAST@ +REPLACE_PTHREAD_COND_DESTROY = @REPLACE_PTHREAD_COND_DESTROY@ +REPLACE_PTHREAD_COND_INIT = @REPLACE_PTHREAD_COND_INIT@ +REPLACE_PTHREAD_COND_SIGNAL = @REPLACE_PTHREAD_COND_SIGNAL@ +REPLACE_PTHREAD_COND_TIMEDWAIT = @REPLACE_PTHREAD_COND_TIMEDWAIT@ +REPLACE_PTHREAD_COND_WAIT = @REPLACE_PTHREAD_COND_WAIT@ +REPLACE_PTHREAD_CREATE = @REPLACE_PTHREAD_CREATE@ +REPLACE_PTHREAD_DETACH = @REPLACE_PTHREAD_DETACH@ +REPLACE_PTHREAD_EQUAL = @REPLACE_PTHREAD_EQUAL@ +REPLACE_PTHREAD_EXIT = @REPLACE_PTHREAD_EXIT@ +REPLACE_PTHREAD_GETSPECIFIC = @REPLACE_PTHREAD_GETSPECIFIC@ +REPLACE_PTHREAD_JOIN = @REPLACE_PTHREAD_JOIN@ +REPLACE_PTHREAD_KEY_CREATE = @REPLACE_PTHREAD_KEY_CREATE@ +REPLACE_PTHREAD_KEY_DELETE = @REPLACE_PTHREAD_KEY_DELETE@ +REPLACE_PTHREAD_MUTEXATTR_DESTROY = @REPLACE_PTHREAD_MUTEXATTR_DESTROY@ +REPLACE_PTHREAD_MUTEXATTR_GETROBUST = @REPLACE_PTHREAD_MUTEXATTR_GETROBUST@ +REPLACE_PTHREAD_MUTEXATTR_GETTYPE = @REPLACE_PTHREAD_MUTEXATTR_GETTYPE@ +REPLACE_PTHREAD_MUTEXATTR_INIT = @REPLACE_PTHREAD_MUTEXATTR_INIT@ +REPLACE_PTHREAD_MUTEXATTR_SETROBUST = @REPLACE_PTHREAD_MUTEXATTR_SETROBUST@ +REPLACE_PTHREAD_MUTEXATTR_SETTYPE = @REPLACE_PTHREAD_MUTEXATTR_SETTYPE@ +REPLACE_PTHREAD_MUTEX_DESTROY = @REPLACE_PTHREAD_MUTEX_DESTROY@ +REPLACE_PTHREAD_MUTEX_INIT = @REPLACE_PTHREAD_MUTEX_INIT@ +REPLACE_PTHREAD_MUTEX_LOCK = @REPLACE_PTHREAD_MUTEX_LOCK@ +REPLACE_PTHREAD_MUTEX_TIMEDLOCK = @REPLACE_PTHREAD_MUTEX_TIMEDLOCK@ +REPLACE_PTHREAD_MUTEX_TRYLOCK = @REPLACE_PTHREAD_MUTEX_TRYLOCK@ +REPLACE_PTHREAD_MUTEX_UNLOCK = @REPLACE_PTHREAD_MUTEX_UNLOCK@ +REPLACE_PTHREAD_ONCE = @REPLACE_PTHREAD_ONCE@ +REPLACE_PTHREAD_RWLOCKATTR_DESTROY = @REPLACE_PTHREAD_RWLOCKATTR_DESTROY@ +REPLACE_PTHREAD_RWLOCKATTR_INIT = @REPLACE_PTHREAD_RWLOCKATTR_INIT@ +REPLACE_PTHREAD_RWLOCK_DESTROY = @REPLACE_PTHREAD_RWLOCK_DESTROY@ +REPLACE_PTHREAD_RWLOCK_INIT = @REPLACE_PTHREAD_RWLOCK_INIT@ +REPLACE_PTHREAD_RWLOCK_RDLOCK = @REPLACE_PTHREAD_RWLOCK_RDLOCK@ +REPLACE_PTHREAD_RWLOCK_TIMEDRDLOCK = @REPLACE_PTHREAD_RWLOCK_TIMEDRDLOCK@ +REPLACE_PTHREAD_RWLOCK_TIMEDWRLOCK = @REPLACE_PTHREAD_RWLOCK_TIMEDWRLOCK@ +REPLACE_PTHREAD_RWLOCK_TRYRDLOCK = @REPLACE_PTHREAD_RWLOCK_TRYRDLOCK@ +REPLACE_PTHREAD_RWLOCK_TRYWRLOCK = @REPLACE_PTHREAD_RWLOCK_TRYWRLOCK@ +REPLACE_PTHREAD_RWLOCK_UNLOCK = @REPLACE_PTHREAD_RWLOCK_UNLOCK@ +REPLACE_PTHREAD_RWLOCK_WRLOCK = @REPLACE_PTHREAD_RWLOCK_WRLOCK@ +REPLACE_PTHREAD_SELF = @REPLACE_PTHREAD_SELF@ +REPLACE_PTHREAD_SETSPECIFIC = @REPLACE_PTHREAD_SETSPECIFIC@ +REPLACE_PTHREAD_SIGMASK = @REPLACE_PTHREAD_SIGMASK@ +REPLACE_PTHREAD_SPIN_DESTROY = @REPLACE_PTHREAD_SPIN_DESTROY@ +REPLACE_PTHREAD_SPIN_INIT = @REPLACE_PTHREAD_SPIN_INIT@ +REPLACE_PTHREAD_SPIN_LOCK = @REPLACE_PTHREAD_SPIN_LOCK@ +REPLACE_PTHREAD_SPIN_TRYLOCK = @REPLACE_PTHREAD_SPIN_TRYLOCK@ +REPLACE_PTHREAD_SPIN_UNLOCK = @REPLACE_PTHREAD_SPIN_UNLOCK@ +REPLACE_PTSNAME = @REPLACE_PTSNAME@ +REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ +REPLACE_PUTENV = @REPLACE_PUTENV@ +REPLACE_PWRITE = @REPLACE_PWRITE@ +REPLACE_QSORT_R = @REPLACE_QSORT_R@ +REPLACE_RAISE = @REPLACE_RAISE@ +REPLACE_RANDOM = @REPLACE_RANDOM@ +REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ +REPLACE_READ = @REPLACE_READ@ +REPLACE_READLINK = @REPLACE_READLINK@ +REPLACE_READLINKAT = @REPLACE_READLINKAT@ +REPLACE_REALLOC = @REPLACE_REALLOC@ +REPLACE_REALLOCARRAY = @REPLACE_REALLOCARRAY@ +REPLACE_REALPATH = @REPLACE_REALPATH@ +REPLACE_REMOVE = @REPLACE_REMOVE@ +REPLACE_RENAME = @REPLACE_RENAME@ +REPLACE_RENAMEAT = @REPLACE_RENAMEAT@ +REPLACE_RMDIR = @REPLACE_RMDIR@ +REPLACE_SCHED_YIELD = @REPLACE_SCHED_YIELD@ +REPLACE_SELECT = @REPLACE_SELECT@ +REPLACE_SETENV = @REPLACE_SETENV@ +REPLACE_SETLOCALE = @REPLACE_SETLOCALE@ +REPLACE_SETSTATE = @REPLACE_SETSTATE@ +REPLACE_SLEEP = @REPLACE_SLEEP@ +REPLACE_SNPRINTF = @REPLACE_SNPRINTF@ +REPLACE_SPRINTF = @REPLACE_SPRINTF@ +REPLACE_STAT = @REPLACE_STAT@ +REPLACE_STDIO_READ_FUNCS = @REPLACE_STDIO_READ_FUNCS@ +REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@ +REPLACE_STPNCPY = @REPLACE_STPNCPY@ +REPLACE_STRCASESTR = @REPLACE_STRCASESTR@ +REPLACE_STRCHRNUL = @REPLACE_STRCHRNUL@ +REPLACE_STRDUP = @REPLACE_STRDUP@ +REPLACE_STRERROR = @REPLACE_STRERROR@ +REPLACE_STRERRORNAME_NP = @REPLACE_STRERRORNAME_NP@ +REPLACE_STRERROR_R = @REPLACE_STRERROR_R@ +REPLACE_STRFTIME = @REPLACE_STRFTIME@ +REPLACE_STRNCAT = @REPLACE_STRNCAT@ +REPLACE_STRNDUP = @REPLACE_STRNDUP@ +REPLACE_STRNLEN = @REPLACE_STRNLEN@ +REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@ +REPLACE_STRSTR = @REPLACE_STRSTR@ +REPLACE_STRTOD = @REPLACE_STRTOD@ +REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@ +REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ +REPLACE_STRTOL = @REPLACE_STRTOL@ +REPLACE_STRTOLD = @REPLACE_STRTOLD@ +REPLACE_STRTOLL = @REPLACE_STRTOLL@ +REPLACE_STRTOUL = @REPLACE_STRTOUL@ +REPLACE_STRTOULL = @REPLACE_STRTOULL@ +REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ +REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@ +REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ +REPLACE_SYMLINK = @REPLACE_SYMLINK@ +REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ +REPLACE_TIMEGM = @REPLACE_TIMEGM@ +REPLACE_TMPFILE = @REPLACE_TMPFILE@ +REPLACE_TRUNCATE = @REPLACE_TRUNCATE@ +REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ +REPLACE_TZSET = @REPLACE_TZSET@ +REPLACE_UNLINK = @REPLACE_UNLINK@ +REPLACE_UNLINKAT = @REPLACE_UNLINKAT@ +REPLACE_UNSETENV = @REPLACE_UNSETENV@ +REPLACE_USLEEP = @REPLACE_USLEEP@ +REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@ +REPLACE_VASPRINTF = @REPLACE_VASPRINTF@ +REPLACE_VDPRINTF = @REPLACE_VDPRINTF@ +REPLACE_VFPRINTF = @REPLACE_VFPRINTF@ +REPLACE_VPRINTF = @REPLACE_VPRINTF@ +REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@ +REPLACE_VSPRINTF = @REPLACE_VSPRINTF@ +REPLACE_WCRTOMB = @REPLACE_WCRTOMB@ +REPLACE_WCSFTIME = @REPLACE_WCSFTIME@ +REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@ +REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@ +REPLACE_WCSTOK = @REPLACE_WCSTOK@ +REPLACE_WCSWIDTH = @REPLACE_WCSWIDTH@ +REPLACE_WCTOB = @REPLACE_WCTOB@ +REPLACE_WCTOMB = @REPLACE_WCTOMB@ +REPLACE_WCWIDTH = @REPLACE_WCWIDTH@ +REPLACE_WRITE = @REPLACE_WRITE@ +SED = @SED@ +SERVENT_LIB = @SERVENT_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDALIGN_H = @STDALIGN_H@ +STDBOOL_H = @STDBOOL_H@ +STDDEF_H = @STDDEF_H@ +STDINT_H = @STDINT_H@ +STRIP = @STRIP@ +SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@ +SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_TIME_UTC = @TIME_H_DEFINES_TIME_UTC@ +TROUSERS_LIB = @TROUSERS_LIB@ +TSS2_CFLAGS = @TSS2_CFLAGS@ +TSS2_LIBS = @TSS2_LIBS@ +TSS_CFLAGS = @TSS_CFLAGS@ +TSS_LIBS = @TSS_LIBS@ +UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ +UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ +UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ +UNBOUND_LIBS = @UNBOUND_LIBS@ +UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ +UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ +UNISTD_H_HAVE_SYS_RANDOM_H = @UNISTD_H_HAVE_SYS_RANDOM_H@ +UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ +UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +USE_NLS = @USE_NLS@ +VALGRIND = @VALGRIND@ +VALGRINDFLAGS = @VALGRINDFLAGS@ +VALGRIND_PROGRAM = @VALGRIND_PROGRAM@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ +WERROR_CFLAGS = @WERROR_CFLAGS@ +WINDOWS_64_BIT_OFF_T = @WINDOWS_64_BIT_OFF_T@ +WINDOWS_64_BIT_ST_SIZE = @WINDOWS_64_BIT_ST_SIZE@ +WINDOWS_STAT_INODES = @WINDOWS_STAT_INODES@ +WINDOWS_STAT_TIMESPEC = @WINDOWS_STAT_TIMESPEC@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ +WSTACK_CFLAGS = @WSTACK_CFLAGS@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +YIELD_LIB = @YIELD_LIB@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +ac_cv_sizeof_time_t = @ac_cv_sizeof_time_t@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +ggl_LIBOBJS = @ggl_LIBOBJS@ +ggl_LTLIBOBJS = @ggl_LTLIBOBJS@ +ggltests_LIBOBJS = @ggltests_LIBOBJS@ +ggltests_LTLIBOBJS = @ggltests_LTLIBOBJS@ +ggltests_WITNESS = @ggltests_WITNESS@ +gl_LIBOBJS = @gl_LIBOBJS@ +gl_LTLIBOBJS = @gl_LTLIBOBJS@ +gltests_LIBOBJS = @gltests_LIBOBJS@ +gltests_LTLIBOBJS = @gltests_LTLIBOBJS@ +gltests_WITNESS = @gltests_WITNESS@ +gnutls_so = @gnutls_so@ +guile_snarf = @guile_snarf@ +guileextensiondir = @guileextensiondir@ +guilesiteccachedir = @guilesiteccachedir@ +guilesitedir = @guilesitedir@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +ifGNUmake = @ifGNUmake@ +ifnGNUmake = @ifnGNUmake@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +maybe_guileextensiondir = @maybe_guileextensiondir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +unistring_LIBOBJS = @unistring_LIBOBJS@ +unistring_LTLIBOBJS = @unistring_LTLIBOBJS@ +unistringtests_LIBOBJS = @unistringtests_LIBOBJS@ +unistringtests_LTLIBOBJS = @unistringtests_LTLIBOBJS@ +unistringtests_WITNESS = @unistringtests_WITNESS@ +EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem \ + data/template-test.key data/template-test.pem templates/template-test.tmpl \ + data/funny-spacing.pem data/ca-certs.pem data/dane-test.rr data/cert-ecc256.pem \ + data/bmpstring.pem data/template-utf8.pem templates/template-utf8.tmpl \ + templates/template-dn.tmpl data/template-dn.pem data/complex-cert.pem \ + data/template-overflow.pem templates/template-overflow.tmpl data/template-overflow2.pem \ + templates/template-overflow2.tmpl data/template-crq.pem data/cert-ecc256-full.pem \ + templates/template-date.tmpl data/template-date.pem templates/template-dn-err.tmpl \ + templates/template-nc.tmpl data/template-nc.pem data/xmpp-othername.pem \ + suppressions.valgrind data/csr-invalid.der data/invalid-sig2.pem data/invalid-sig3.pem \ + data/invalid-sig.pem email-certs/chain.exclude.test.example.com email-certs/chain.test.example.com \ + email-certs/chain.invalid.example.com email-certs/chain.test.example.com-2 \ + data/single-ca.p7b data/single-ca.p7b.out data/full.p7b data/full.p7b.out data/detached.p7b \ + data/pkcs7-detached.txt data/p7-combined.out data/template-generalized.pem \ + templates/template-generalized.tmpl data/privkey1.pem data/privkey2.pem data/privkey3.pem \ + data/name-constraints-ip.pem data/cert-invalid-utf8.der data/very-long-dn.pem \ + data/provable3072.pem data/provable2048.pem data/provable-dsa2048.pem \ + data/provable-dsa2048-fips.pem templates/template-crq.tmpl data/invalid-sig5.pem \ + templates/template-unique.tmpl data/template-unique.pem data/invalid-sig4.pem \ + templates/template-othername.tmpl data/template-othername.pem \ + templates/template-othername-xmpp.tmpl data/template-othername-xmpp.pem \ + templates/template-krb5name.tmpl data/crl-demo1.pem data/crl-demo2.pem data/crl-demo3.pem \ + data/template-krb5name.pem data/template-krb5name-full.pem data/template-test-ecc.key \ + data/template-rsa-sha3-256.pem data/template-rsa-sha3-512.pem data/template-rsa-sha3-224.pem \ + data/template-rsa-sha3-384.pem data/long-oids.pem \ + data/name-constraints-ip2.pem data/chain-md5.pem data/pubkey-ecc256.pem \ + templates/template-dates-after2038.tmpl data/template-dates-after2038.pem \ + data/gost-cert.pem data/gost-cert-nogost.pem data/gost94-cert.pem \ + templates/template-tlsfeature.tmpl data/cert-with-crl.p12 \ + data/template-tlsfeature.pem data/template-tlsfeature.csr \ + templates/template-tlsfeature-crq.tmpl templates/arb-extensions.tmpl data/arb-extensions.pem \ + data/arb-extensions.csr data/pkcs1-pad-ok.pem data/pkcs1-pad-broken.pem \ + data/pkcs1-pad-ok2.pem data/pkcs1-pad-broken2.pem data/pkcs1-pad-broken3.pem \ + data/client.p12 data/noclient.p12 data/unclient.p12 data/pkcs12_2certs.p12 \ + data/pkcs12_5certs.p12 data/test-null.p12 data/cert-ca.p12 data/sha256.p12 \ + data/key-ca.pem data/key-subca.pem data/key-subsubca.pem data/key-user.pem \ + data/key-dsa.pem data/key-ca-dsa.pem data/key-subca-dsa.pem \ + data/ca-public.gpg data/srv-public-all-signed.gpg data/srv-secret.gpg \ + data/ca-secret.gpg data/srv-public.gpg data/srv-public-127.0.0.1-signed.gpg \ + data/srv-public-localhost-signed.gpg data/selfsigs/alice-mallory-badsig18.pub \ + data/selfsigs/alice-mallory-irrelevantsig.pub data/selfsigs/alice-mallory-nosig18.pub \ + data/selfsigs/alice.pub data/key-utf8-1.p12 data/key-utf8-2.p12 \ + data/code-signing-ca.pem data/code-signing-cert.pem data/multi-value-dn.pem \ + data/pkcs7-cat-ca.pem data/pkcs7-cat.p7 data/openssl.p7b data/openssl.p7b.out \ + data/openssl-keyid.p7b data/openssl-keyid.p7b.out data/openssl.p12 \ + data/x509-v1-with-sid.pem data/x509-v1-with-iid.pem data/x509-v3-with-fractional-time.pem \ + templates/template-long-dns.tmpl templates/template-long-serial.tmpl \ + data/key-rsa-pss-raw.pem data/key-rsa-pss.pem data/cve-2019-3829.pem \ + data/long-dns.pem data/template-long-dns-crq.pem data/chain-with-critical-on-root.pem \ + data/chain-with-critical-on-intermediate.pem data/chain-with-critical-on-endcert.pem \ + templates/crit-extensions.tmpl data/crit-extensions.pem data/x509-with-zero-version.pem \ + data/key-corpus-rc2-1.p12 data/key-corpus-rc2-2.p12 data/key-corpus-rc2-3.p12 \ + data/key-corpus-rc2-1.p12.out data/no-salt.p12 data/mac-sha512.p12 data/pbes1-no-salt.p12 \ + templates/inhibit-anypolicy.tmpl data/inhibit-anypolicy.pem data/aes-128.p12 \ + data/pkcs7.smime data/invalid-date-hour.der data/invalid-date-mins.der \ + data/invalid-date-secs.der data/invalid-date-month.der data/invalid-date-day.der \ + data/mem-leak.p12 data/alt-chain-new-ca.pem data/alt-chain-old-ca.pem \ + data/alt-chain.pem data/pkcs7-chain.pem data/pkcs7-chain-root.pem data/chain-eddsa.pem \ + data/pkcs7-chain-endcert-key.pem data/cert-rsa-pss.pem data/openssl-invalid-time-format.pem \ + data/cert-eddsa.pem data/pubkey-eddsa.pem data/pkcs7-eddsa-sig.p7s \ + data/key-ca.pem data/key-user.pem data/template-sgenerate.pem \ + data/ca-gnutls-keyid.pem data/ca-no-keyid.pem data/ca-weird-keyid.pem \ + data/key-ca-1234.p8 data/key-ca-empty.p8 data/key-ca-null.p8 \ + data/openssl-key-ecc.p8 data/key-ecc.p8 data/key-ecc.pem suppressions.valgrind \ + data/encpkcs8.pem data/unencpkcs8.pem data/enc2pkcs8.pem data/dup-exts.pem \ + data/openssl-3des.p8 data/openssl-3des.p8.txt data/openssl-aes128.p8 \ + data/openssl-aes128.p8.txt data/openssl-aes256.p8 data/openssl-aes256.p8.txt \ + data/cert.dsa.1024.pem data/cert.dsa.2048.pem data/cert.dsa.3072.pem \ + data/dsa.1024.pem data/dsa.2048.pem data/dsa.3072.pem data/dsa-pubkey-1018.pem \ + data/bad-key.pem data/p8key-illegal.pem data/key-illegal.pem data/pkcs8-pbes2-sha256.pem \ + data/pkcs8-pbes1-des-md5.pem data/pkcs8-invalid8.der data/key-invalid1.der \ + data/key-invalid4.der data/key-invalid5.der data/key-invalid6.der \ + data data/pkcs8-invalid9.der data/key-invalid2.der data/pkcs8-invalid10.der \ + data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt \ + data/rfc4490.p7b data/rfc4490.p7b.out data/gost01.p12 data/gost12.p12 data/gost12-2.p12 \ + data/ca-crl-invalid.crl data/ca-crl-invalid.pem data/ca-crl-valid.pem data/ca-crl-valid.crl \ + data/rfc4134-ca-rsa.pem data/rfc4134-4.5.p7b templates/template-no-ca.tmpl \ + data/key-gost01.p8 data/key-gost01-2.p8 data/key-gost01-2-enc.p8 data/crq-cert-no-ca.pem \ + data/key-gost12-256.p8 data/key-gost12-256-2.p8 data/key-gost12-256-2-enc.p8 \ + data/key-gost12-512.p8 data/grfc.crt data/gost-cert-ca.pem data/gost-cert-new.pem \ + data/cert-with-non-digits-time-ca.pem data/cert-with-non-digits-time.pem \ + data/chain-512-leaf.pem data/chain-512-subca.pem data/chain-512-ca.pem \ + templates/template-no-ca-honor.tmpl templates/template-no-ca-explicit.tmpl \ + data/crq-cert-no-ca-explicit.pem data/crq-cert-no-ca-honor.pem data/commonName.cer \ + templates/simple-policy.tmpl data/simple-policy.pem + +dist_check_SCRIPTS = pathlen.sh aki.sh invalid-sig.sh email.sh \ + pkcs7.sh pkcs7-broken-sigs.sh privkey-import.sh \ + name-constraints.sh certtool-long-cn.sh crl.sh \ + provable-privkey.sh provable-dh.sh sha2-test.sh \ + sha2-dsa-test.sh provable-privkey-dsa2048.sh \ + provable-privkey-rsa2048.sh provable-privkey-gen-default.sh \ + pkcs7-constraints.sh pkcs7-constraints2.sh \ + certtool-long-oids.sh pkcs7-cat.sh cert-sanity.sh \ + cert-critical.sh pkcs12.sh certtool-crl-decoding.sh \ + pkcs12-encode.sh pkcs12-corner-cases.sh inhibit-anypolicy.sh \ + smime.sh cert-time.sh alt-chain.sh pkcs7-list-sign.sh \ + pkcs7-eddsa.sh certtool-ecdsa.sh key-id.sh pkcs8.sh \ + pkcs8-decode.sh ecdsa.sh illegal-rsa.sh pkcs8-invalid.sh \ + key-invalid.sh pkcs8-eddsa.sh certtool-subca.sh \ + certtool-verify-profiles.sh x509-duplicate-ext.sh \ + x25519-and-x448.sh key-id.sh ecdsa.sh pkcs8-invalid.sh \ + key-invalid.sh pkcs8-decode.sh pkcs8.sh pkcs8-eddsa.sh \ + certtool-utf8.sh crq.sh $(am__append_1) $(am__append_2) \ + $(am__append_3) $(am__append_4) $(am__append_5) \ + $(am__append_6) $(am__append_7) certtool-rsa-pss.sh \ + certtool-eddsa.sh +TESTS = $(dist_check_SCRIPTS) + +# Set detect_leaks=0 to ASAN. It seems it is detecting many leaks in tools +# which are not trivial, and makes no point to address. +TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) LC_ALL="C" \ + VALGRIND='$(LOG_VALGRIND)' LIBTOOL="$(LIBTOOL)" \ + top_builddir="$(top_builddir)" \ + abs_top_builddir="$(abs_top_builddir)" \ + ac_cv_sizeof_time_t="$(ac_cv_sizeof_time_t)" \ + ASAN_OPTIONS="detect_leaks=0:exitcode=6" \ + GNUTLS_TEST_SUITE_RUN=1 \ + GNUTLS_SYSTEM_PRIORITY_FILE=$(abs_top_srcdir)/tests/system.prio \ + PKCS12_ITER_COUNT="$(PKCS12_ITER_COUNT)" srcdir="$(srcdir)" \ + $(am__append_8) $(am__append_9) $(am__append_10) \ + $(am__append_11) $(am__append_12) +LOG_COMPILER = $(LOG_VALGRIND) +all: all-am + +.SUFFIXES: +.SUFFIXES: .log .test .test$(EXEEXT) .trs +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/cert-tests/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign tests/cert-tests/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +# Recover from deleted '.trs' file; this should ensure that +# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create +# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells +# to avoid problems with "make -n". +.log.trs: + rm -f $< $@ + $(MAKE) $(AM_MAKEFLAGS) $< + +# Leading 'am--fnord' is there to ensure the list of targets does not +# expand to empty, as could happen e.g. with make check TESTS=''. +am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) +am--force-recheck: + @: + +$(TEST_SUITE_LOG): $(TEST_LOGS) + @$(am__set_TESTS_bases); \ + am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ + redo_bases=`for i in $$bases; do \ + am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ + done`; \ + if test -n "$$redo_bases"; then \ + redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ + redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ + if $(am__make_dryrun); then :; else \ + rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ + fi; \ + if test -n "$$am__remaking_logs"; then \ + echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ + "recursion detected" >&2; \ + elif test -n "$$redo_logs"; then \ + am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ + fi; \ + if $(am__make_dryrun); then :; else \ + st=0; \ + errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ + for i in $$redo_bases; do \ + test -f $$i.trs && test -r $$i.trs \ + || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ + test -f $$i.log && test -r $$i.log \ + || { echo "$$errmsg $$i.log" >&2; st=1; }; \ + done; \ + test $$st -eq 0 || exit 1; \ + fi + @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ + ws='[ ]'; \ + results=`for b in $$bases; do echo $$b.trs; done`; \ + test -n "$$results" || results=/dev/null; \ + all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ + pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ + fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ + skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ + xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ + xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ + error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ + if test `expr $$fail + $$xpass + $$error` -eq 0; then \ + success=true; \ + else \ + success=false; \ + fi; \ + br='==================='; br=$$br$$br$$br$$br; \ + result_count () \ + { \ + if test x"$$1" = x"--maybe-color"; then \ + maybe_colorize=yes; \ + elif test x"$$1" = x"--no-color"; then \ + maybe_colorize=no; \ + else \ + echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ + shift; \ + desc=$$1 count=$$2; \ + if test $$maybe_colorize = yes && test $$count -gt 0; then \ + color_start=$$3 color_end=$$std; \ + else \ + color_start= color_end=; \ + fi; \ + echo "$${color_start}# $$desc $$count$${color_end}"; \ + }; \ + create_testsuite_report () \ + { \ + result_count $$1 "TOTAL:" $$all "$$brg"; \ + result_count $$1 "PASS: " $$pass "$$grn"; \ + result_count $$1 "SKIP: " $$skip "$$blu"; \ + result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ + result_count $$1 "FAIL: " $$fail "$$red"; \ + result_count $$1 "XPASS:" $$xpass "$$red"; \ + result_count $$1 "ERROR:" $$error "$$mgn"; \ + }; \ + { \ + echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ + $(am__rst_title); \ + create_testsuite_report --no-color; \ + echo; \ + echo ".. contents:: :depth: 2"; \ + echo; \ + for b in $$bases; do echo $$b; done \ + | $(am__create_global_log); \ + } >$(TEST_SUITE_LOG).tmp || exit 1; \ + mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ + if $$success; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ + fi; \ + echo "$${col}$$br$${std}"; \ + echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ + echo "$${col}$$br$${std}"; \ + create_testsuite_report --maybe-color; \ + echo "$$col$$br$$std"; \ + if $$success; then :; else \ + echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ + if test -n "$(PACKAGE_BUGREPORT)"; then \ + echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ + fi; \ + echo "$$col$$br$$std"; \ + fi; \ + $$success || exit 1 + +check-TESTS: $(dist_check_SCRIPTS) + @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list + @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + trs_list=`for i in $$bases; do echo $$i.trs; done`; \ + log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ + exit $$?; +recheck: all $(dist_check_SCRIPTS) + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + bases=`for i in $$bases; do echo $$i; done \ + | $(am__list_recheck_tests)` || exit 1; \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + log_list=`echo $$log_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ + am__force_recheck=am--force-recheck \ + TEST_LOGS="$$log_list"; \ + exit $$? +pathlen.sh.log: pathlen.sh + @p='pathlen.sh'; \ + b='pathlen.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +aki.sh.log: aki.sh + @p='aki.sh'; \ + b='aki.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +invalid-sig.sh.log: invalid-sig.sh + @p='invalid-sig.sh'; \ + b='invalid-sig.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +email.sh.log: email.sh + @p='email.sh'; \ + b='email.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs7.sh.log: pkcs7.sh + @p='pkcs7.sh'; \ + b='pkcs7.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs7-broken-sigs.sh.log: pkcs7-broken-sigs.sh + @p='pkcs7-broken-sigs.sh'; \ + b='pkcs7-broken-sigs.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +privkey-import.sh.log: privkey-import.sh + @p='privkey-import.sh'; \ + b='privkey-import.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +name-constraints.sh.log: name-constraints.sh + @p='name-constraints.sh'; \ + b='name-constraints.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +certtool-long-cn.sh.log: certtool-long-cn.sh + @p='certtool-long-cn.sh'; \ + b='certtool-long-cn.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +crl.sh.log: crl.sh + @p='crl.sh'; \ + b='crl.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +provable-privkey.sh.log: provable-privkey.sh + @p='provable-privkey.sh'; \ + b='provable-privkey.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +provable-dh.sh.log: provable-dh.sh + @p='provable-dh.sh'; \ + b='provable-dh.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sha2-test.sh.log: sha2-test.sh + @p='sha2-test.sh'; \ + b='sha2-test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sha2-dsa-test.sh.log: sha2-dsa-test.sh + @p='sha2-dsa-test.sh'; \ + b='sha2-dsa-test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +provable-privkey-dsa2048.sh.log: provable-privkey-dsa2048.sh + @p='provable-privkey-dsa2048.sh'; \ + b='provable-privkey-dsa2048.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +provable-privkey-rsa2048.sh.log: provable-privkey-rsa2048.sh + @p='provable-privkey-rsa2048.sh'; \ + b='provable-privkey-rsa2048.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +provable-privkey-gen-default.sh.log: provable-privkey-gen-default.sh + @p='provable-privkey-gen-default.sh'; \ + b='provable-privkey-gen-default.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs7-constraints.sh.log: pkcs7-constraints.sh + @p='pkcs7-constraints.sh'; \ + b='pkcs7-constraints.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs7-constraints2.sh.log: pkcs7-constraints2.sh + @p='pkcs7-constraints2.sh'; \ + b='pkcs7-constraints2.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +certtool-long-oids.sh.log: certtool-long-oids.sh + @p='certtool-long-oids.sh'; \ + b='certtool-long-oids.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs7-cat.sh.log: pkcs7-cat.sh + @p='pkcs7-cat.sh'; \ + b='pkcs7-cat.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +cert-sanity.sh.log: cert-sanity.sh + @p='cert-sanity.sh'; \ + b='cert-sanity.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +cert-critical.sh.log: cert-critical.sh + @p='cert-critical.sh'; \ + b='cert-critical.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs12.sh.log: pkcs12.sh + @p='pkcs12.sh'; \ + b='pkcs12.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +certtool-crl-decoding.sh.log: certtool-crl-decoding.sh + @p='certtool-crl-decoding.sh'; \ + b='certtool-crl-decoding.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs12-encode.sh.log: pkcs12-encode.sh + @p='pkcs12-encode.sh'; \ + b='pkcs12-encode.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs12-corner-cases.sh.log: pkcs12-corner-cases.sh + @p='pkcs12-corner-cases.sh'; \ + b='pkcs12-corner-cases.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +inhibit-anypolicy.sh.log: inhibit-anypolicy.sh + @p='inhibit-anypolicy.sh'; \ + b='inhibit-anypolicy.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +smime.sh.log: smime.sh + @p='smime.sh'; \ + b='smime.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +cert-time.sh.log: cert-time.sh + @p='cert-time.sh'; \ + b='cert-time.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +alt-chain.sh.log: alt-chain.sh + @p='alt-chain.sh'; \ + b='alt-chain.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs7-list-sign.sh.log: pkcs7-list-sign.sh + @p='pkcs7-list-sign.sh'; \ + b='pkcs7-list-sign.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs7-eddsa.sh.log: pkcs7-eddsa.sh + @p='pkcs7-eddsa.sh'; \ + b='pkcs7-eddsa.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +certtool-ecdsa.sh.log: certtool-ecdsa.sh + @p='certtool-ecdsa.sh'; \ + b='certtool-ecdsa.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +key-id.sh.log: key-id.sh + @p='key-id.sh'; \ + b='key-id.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs8.sh.log: pkcs8.sh + @p='pkcs8.sh'; \ + b='pkcs8.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs8-decode.sh.log: pkcs8-decode.sh + @p='pkcs8-decode.sh'; \ + b='pkcs8-decode.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +ecdsa.sh.log: ecdsa.sh + @p='ecdsa.sh'; \ + b='ecdsa.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +illegal-rsa.sh.log: illegal-rsa.sh + @p='illegal-rsa.sh'; \ + b='illegal-rsa.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs8-invalid.sh.log: pkcs8-invalid.sh + @p='pkcs8-invalid.sh'; \ + b='pkcs8-invalid.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +key-invalid.sh.log: key-invalid.sh + @p='key-invalid.sh'; \ + b='key-invalid.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs8-eddsa.sh.log: pkcs8-eddsa.sh + @p='pkcs8-eddsa.sh'; \ + b='pkcs8-eddsa.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +certtool-subca.sh.log: certtool-subca.sh + @p='certtool-subca.sh'; \ + b='certtool-subca.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +certtool-verify-profiles.sh.log: certtool-verify-profiles.sh + @p='certtool-verify-profiles.sh'; \ + b='certtool-verify-profiles.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x509-duplicate-ext.sh.log: x509-duplicate-ext.sh + @p='x509-duplicate-ext.sh'; \ + b='x509-duplicate-ext.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +x25519-and-x448.sh.log: x25519-and-x448.sh + @p='x25519-and-x448.sh'; \ + b='x25519-and-x448.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +certtool-utf8.sh.log: certtool-utf8.sh + @p='certtool-utf8.sh'; \ + b='certtool-utf8.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +crq.sh.log: crq.sh + @p='crq.sh'; \ + b='crq.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +cert-non-digits-time.sh.log: cert-non-digits-time.sh + @p='cert-non-digits-time.sh'; \ + b='cert-non-digits-time.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +reject-invalid-time.sh.log: reject-invalid-time.sh + @p='reject-invalid-time.sh'; \ + b='reject-invalid-time.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tolerate-invalid-time.sh.log: tolerate-invalid-time.sh + @p='tolerate-invalid-time.sh'; \ + b='tolerate-invalid-time.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +provable-dh-default.sh.log: provable-dh-default.sh + @p='provable-dh-default.sh'; \ + b='provable-dh-default.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +template-test.sh.log: template-test.sh + @p='template-test.sh'; \ + b='template-test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pem-decoding.sh.log: pem-decoding.sh + @p='pem-decoding.sh'; \ + b='pem-decoding.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +othername-test.sh.log: othername-test.sh + @p='othername-test.sh'; \ + b='othername-test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +krb5-test.sh.log: krb5-test.sh + @p='krb5-test.sh'; \ + b='krb5-test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +sha3-test.sh.log: sha3-test.sh + @p='sha3-test.sh'; \ + b='sha3-test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +md5-test.sh.log: md5-test.sh + @p='md5-test.sh'; \ + b='md5-test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +tlsfeature-test.sh.log: tlsfeature-test.sh + @p='tlsfeature-test.sh'; \ + b='tlsfeature-test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +template-exts-test.sh.log: template-exts-test.sh + @p='template-exts-test.sh'; \ + b='template-exts-test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs1-pad.sh.log: pkcs1-pad.sh + @p='pkcs1-pad.sh'; \ + b='pkcs1-pad.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs12-utf8.sh.log: pkcs12-utf8.sh + @p='pkcs12-utf8.sh'; \ + b='pkcs12-utf8.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +rsa-pss-pad.sh.log: rsa-pss-pad.sh + @p='rsa-pss-pad.sh'; \ + b='rsa-pss-pad.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dsa.sh.log: dsa.sh + @p='dsa.sh'; \ + b='dsa.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +certtool.sh.log: certtool.sh + @p='certtool.sh'; \ + b='certtool.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +template-policy-test.sh.log: template-policy-test.sh + @p='template-policy-test.sh'; \ + b='template-policy-test.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +dane.sh.log: dane.sh + @p='dane.sh'; \ + b='dane.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +gost.sh.log: gost.sh + @p='gost.sh'; \ + b='gost.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs12-gost.sh.log: pkcs12-gost.sh + @p='pkcs12-gost.sh'; \ + b='pkcs12-gost.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +pkcs8-gost.sh.log: pkcs8-gost.sh + @p='pkcs8-gost.sh'; \ + b='pkcs8-gost.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +certtool-rsa-pss.sh.log: certtool-rsa-pss.sh + @p='certtool-rsa-pss.sh'; \ + b='certtool-rsa-pss.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +certtool-eddsa.sh.log: certtool-eddsa.sh + @p='certtool-eddsa.sh'; \ + b='certtool-eddsa.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +.test.log: + @p='$<'; \ + $(am__set_b); \ + $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +@am__EXEEXT_TRUE@.test$(EXEEXT).log: +@am__EXEEXT_TRUE@ @p='$<'; \ +@am__EXEEXT_TRUE@ $(am__set_b); \ +@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ +@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ +@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ +@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) + -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) + -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-local + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: check-am install-am install-strip + +.PHONY: all all-am check check-TESTS check-am clean clean-generic \ + clean-libtool cscopelist-am ctags-am distclean \ + distclean-generic distclean-libtool distclean-local distdir \ + dvi dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am recheck tags-am \ + uninstall uninstall-am + +.PRECIOUS: Makefile + + +distclean-local: + rm -rf tmp-* *.tmp + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tests/cert-tests/aki.sh b/tests/cert-tests/aki.sh new file mode 100755 index 0000000..b7bbe91 --- /dev/null +++ b/tests/cert-tests/aki.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +TMPFILE=aki-$$.tmp +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/aki-cert.pem" \ + |grep -v "Algorithm Security Level"|grep -v ^warning > $TMPFILE +rc=$? + +if test "${rc}" != "0"; then + echo "info failed" + exit ${rc} +fi + +${DIFF} "${srcdir}/data/aki-cert.pem" $TMPFILE +rc=$? + +# We're done. +if test "${rc}" != "0"; then + exit ${rc} +fi + +rm -f $TMPFILE + +exit 0 diff --git a/tests/cert-tests/alt-chain.sh b/tests/cert-tests/alt-chain.sh new file mode 100755 index 0000000..d72bfa4 --- /dev/null +++ b/tests/cert-tests/alt-chain.sh @@ -0,0 +1,68 @@ +#!/bin/sh + +# Copyright (C) 2017 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +OUTFILE=out-pkcs7.$$.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +OLD_CA_FILE="${srcdir}/data/alt-chain-old-ca.pem" +NEW_CA_FILE="${srcdir}/data/alt-chain-new-ca.pem" + +echo "" +datefudge -s "2017-5-10" \ +${VALGRIND} "${CERTTOOL}" --load-ca-certificate ${OLD_CA_FILE} --verify-hostname www.google.com --verify --infile "${srcdir}/data/alt-chain.pem" >${OUTFILE} +rc=$? + +if test "${rc}" != "1"; then + echo "alt chain failed verification (1)" + cat $OUTFILE + exit ${rc} +fi + +echo "" +datefudge -s "2017-5-10" \ +${VALGRIND} "${CERTTOOL}" --load-ca-certificate ${NEW_CA_FILE} --verify-hostname www.google.com --verify --infile "${srcdir}/data/alt-chain.pem" >${OUTFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "alt chain failed verification (2)" + cat $OUTFILE + exit ${rc} +fi + +rm -f "${OUTFILE}" + +exit 0 diff --git a/tests/cert-tests/cert-critical.sh b/tests/cert-tests/cert-critical.sh new file mode 100755 index 0000000..5734c3f --- /dev/null +++ b/tests/cert-tests/cert-critical.sh @@ -0,0 +1,69 @@ +#!/bin/sh + +# Copyright (C) 2014 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +datefudge "2017-2-28" \ +${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-root.pem +rc=$? + +if test "${rc}" != "1"; then + echo "There was an issue verifying the chain" + exit 1 +fi + +datefudge "2017-2-28" \ +${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-endcert.pem +rc=$? + +if test "${rc}" != "1"; then + echo "There was an issue verifying the chain" + exit 1 +fi + +datefudge "2017-2-28" \ +${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-intermediate.pem +rc=$? + +if test "${rc}" != "1"; then + echo "There was an issue verifying the chain" + exit 1 +fi + + +exit 0 diff --git a/tests/cert-tests/cert-non-digits-time.sh b/tests/cert-tests/cert-non-digits-time.sh new file mode 100755 index 0000000..1c72a9c --- /dev/null +++ b/tests/cert-tests/cert-non-digits-time.sh @@ -0,0 +1,47 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +skip_if_no_datefudge + +# Check whether certificates with non-digits time fields are accepted +datefudge -s "2019-12-19" \ +${VALGRIND}"${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/data/cert-with-non-digits-time-ca.pem" --infile "${srcdir}/data/cert-with-non-digits-time.pem" +rc=$? + +if test "${rc}" = "0";then + echo "certificate whose notbefore field is a non-digits was accepted" + exit 1 +fi + +exit 0 diff --git a/tests/cert-tests/cert-sanity.sh b/tests/cert-tests/cert-sanity.sh new file mode 100755 index 0000000..c2d63d9 --- /dev/null +++ b/tests/cert-tests/cert-sanity.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +# This checks whether invalid certificates are accepted + +# x509-v1-with-sid.pem: X509v1 certificate with subject unique ID +# x509-v1-with-iid.pem: X509v1 certificate with issuer unique ID +# x509-v3-with-fractional-time.pem: X509v3 certificate with fractional time +# x509-with-zero-version.pem: X509 certificate with version being zero + +for file in x509-v1-with-sid.pem x509-v1-with-iid.pem x509-v3-with-fractional-time.pem \ + x509-with-zero-version.pem; do + + ${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/$file" + rc=$? + + if test "${rc}" != 1; then + echo "Illegal X509 certificate was accepted" + exit 1 + fi +done + +exit 0 diff --git a/tests/cert-tests/cert-time.sh b/tests/cert-tests/cert-time.sh new file mode 100755 index 0000000..3310250 --- /dev/null +++ b/tests/cert-tests/cert-time.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +# Check whether certificates with invalid time fields are accepted +for file in invalid-date-hour.der invalid-date-mins.der invalid-date-secs.der invalid-date-month.der invalid-date-day.der;do + ${VALGRIND} "${CERTTOOL}" --inder -i --infile "${srcdir}/data/$file" + rc=$? + + if test "${rc}" = "0";then + echo "file $file was accepted" + exit 1 + fi +done + +exit 0 diff --git a/tests/cert-tests/certtool-crl-decoding.sh b/tests/cert-tests/certtool-crl-decoding.sh new file mode 100755 index 0000000..7480150 --- /dev/null +++ b/tests/cert-tests/certtool-crl-decoding.sh @@ -0,0 +1,60 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +# This checks whether OIDs > 2^32 are correctly decoded. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +OUTFILE="crl.$$.pem" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3" +fi + +. "${srcdir}/../scripts/common.sh" + +# crl-demo1.pem: version 2 CRL with a single extension +# crl-demo2.pem: version 2 CRL with two extensions (one critical) +# crl-demo3.pem: version 1 CRL with many revoked certificates + +for i in "crl-demo1.pem" "crl-demo2.pem" "crl-demo3.pem";do +${VALGRIND} "${CERTTOOL}" --crl-info --infile "${srcdir}/data/$i" >$OUTFILE +if test $? != 0; then + echo "Could not read CRL $i" + exit 1 +fi + +check_if_equal ${OUTFILE} "${srcdir}/data/$i" "warning:" +if test $? != 0; then + echo "Error in parsing cert with long OIDs" + exit 1 +fi + +done + +rm -f "$OUTFILE" + +exit 0 diff --git a/tests/cert-tests/certtool-ecdsa.sh b/tests/cert-tests/certtool-ecdsa.sh new file mode 100755 index 0000000..885efe2 --- /dev/null +++ b/tests/cert-tests/certtool-ecdsa.sh @@ -0,0 +1,89 @@ +#!/bin/sh + +# Copyright (C) 2014-2018 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +KEYFILE=ecdsa-privkey.$$.tmp +TMPFILE=ecdsa.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + exit 77 +fi + +. "${srcdir}/../scripts/common.sh" + +${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/cert-ecc256-full.pem" --outfile "${TMPFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "There was an issue parsing the certificate" + exit 1 +fi + +check_if_equal ${TMPFILE} "${srcdir}/data/cert-ecc256-full.pem" "Not After:" +if test $? != 0;then + echo "Error in parsing ECDSA cert" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --pubkey-info --infile "${srcdir}/data/pubkey-ecc256.pem" --outfile "${TMPFILE}" +rc=$? +if test "${rc}" != "0"; then + echo "Could not read an ECDSA public key" + exit 1 +fi + +check_if_equal ${TMPFILE} "${srcdir}/data/pubkey-ecc256.pem" +if test $? != 0;then + echo "Error in parsing ECDSA public key" + exit 1 +fi + + +# Create an ECDSA +${VALGRIND} "${CERTTOOL}" --generate-privkey --pkcs8 --password '' \ + --ecdsa --outfile "$KEYFILE" +rc=$? + +if test "${rc}" != "0"; then + echo "Could not generate an ECDSA key" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -k --password '' --infile "$KEYFILE" >/dev/null +rc=$? +if test "${rc}" != "0"; then + echo "Could not read generated an ECDSA key" + exit 1 +fi + +rm -f "${TMPFILE}" "${KEYFILE}" + +exit 0 diff --git a/tests/cert-tests/certtool-eddsa.sh b/tests/cert-tests/certtool-eddsa.sh new file mode 100755 index 0000000..2fc027a --- /dev/null +++ b/tests/cert-tests/certtool-eddsa.sh @@ -0,0 +1,139 @@ +#!/bin/sh + +# Copyright (C) 2014 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +KEYFILE=eddsa-privkey.$$.tmp +TMPFILE=eddsa.$$.tmp +TMPFILE2=eddsa2.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + exit 77 +fi + +. "${srcdir}/../scripts/common.sh" + +# Test certificate in draft-ietf-curdle-pkix-04 +${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/cert-eddsa.pem" --outfile "${TMPFILE}" + +if test $? != 0; then + echo "There was an issue parsing the certificate" + exit 1 +fi + +check_if_equal ${TMPFILE} "${srcdir}/data/cert-eddsa.pem" "Not After:" +if test $? != 0;then + echo "Error in parsing EdDSA cert" + exit 1 +fi + +# Test public key in draft-ietf-curdle-pkix-04 +${VALGRIND} "${CERTTOOL}" --pubkey-info --infile "${srcdir}/data/pubkey-eddsa.pem" --outfile "${TMPFILE}" +if test $? != 0; then + echo "Could not read an EdDSA public key" + exit 1 +fi + +check_if_equal ${TMPFILE} "${srcdir}/data/pubkey-eddsa.pem" +if test $? != 0;then + echo "Error in parsing EdDSA public key" + exit 1 +fi + + +# Create an RSA-PSS private key, restricted to the use with RSA-PSS +${VALGRIND} "${CERTTOOL}" --generate-privkey --pkcs8 --password '' \ + --key-type eddsa --outfile "$KEYFILE" + +if test $? != 0; then + echo "Could not generate an EdDSA key" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -k --password '' --infile "$KEYFILE" +if test $? != 0; then + echo "Could not read generated an EdDSA key" + exit 1 +fi + + +# Create an EdDSA certificate from an EdDSA private key +${VALGRIND} "${CERTTOOL}" --generate-self-signed \ + --pkcs8 --load-privkey "$KEYFILE" --password '' \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile "${TMPFILE}" + +if test $? != 0; then + echo "Could not generate an EdDSA certificate from an EdDSA key" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${TMPFILE}" --infile "${TMPFILE}" +if test $? != 0; then + echo "There was an issue verifying the generated certificate (1)" + exit 1 +fi + +# Create an EdDSA certificate from an RSA key +${VALGRIND} "${CERTTOOL}" --generate-certificate --key-type eddsa \ + --load-privkey ${KEYFILE} \ + --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ + --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile "${TMPFILE}" 2>/dev/null + +if test $? != 0; then + echo "Could not generate an EdDSA certificate $i" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${TMPFILE}" +if test $? != 0; then + echo "There was an issue verifying the generated certificate (2)" + exit 1 +fi + +rm -f "${TMPFILE}" "${TMPFILE2}" +rm -f "${KEYFILE}" + + +skip_if_no_datefudge + +# Test certificate chain using Ed25519 +datefudge "2017-7-6" \ +${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-eddsa.pem + +if test $? != 0; then + echo "There was an issue verifying the Ed25519 chain" + exit 1 +fi + + +exit 0 diff --git a/tests/cert-tests/certtool-long-cn.sh b/tests/cert-tests/certtool-long-cn.sh new file mode 100755 index 0000000..9614bdf --- /dev/null +++ b/tests/cert-tests/certtool-long-cn.sh @@ -0,0 +1,59 @@ +#!/bin/sh + +# Copyright (C) 2015 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +# This checks whether invalid UTF8 strings trigger valgrind warnings. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +outfile="out.$$.pem" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3" +fi + +${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/very-long-dn.pem" >$outfile +rc=$? + +if test "${rc}" = 3;then + echo "Invalid memory access with cert and long CN" + exit 1 +fi + +if test "${rc}" != 0;then + echo "Could not read cert long CN" + exit 1 +fi + +$DIFF $outfile "${srcdir}/data/very-long-dn.pem" +if test $? != 0;then + echo "Error in parsing cert with long CN" + exit 1 +fi + +rm -f "$outfile" + +exit 0 diff --git a/tests/cert-tests/certtool-long-oids.sh b/tests/cert-tests/certtool-long-oids.sh new file mode 100755 index 0000000..7aa0cc9 --- /dev/null +++ b/tests/cert-tests/certtool-long-oids.sh @@ -0,0 +1,56 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +# This checks whether OIDs > 2^32 are correctly decoded. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +OUTFILE="long-oids.$$.pem.tmp" +TMPFILE1="long-oids1.$$.pem.tmp" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3" +fi + +${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/long-oids.pem"|grep -v "Not After:"|grep -v ^warning >$OUTFILE +rc=$? + +if test "${rc}" != 0;then + echo "Could not read cert with long OIDs" + exit 1 +fi + +cat "${srcdir}/data/long-oids.pem" |grep -v "Not After:"|grep -v ^warning >${TMPFILE1} +$DIFF ${TMPFILE1} ${OUTFILE} +if test $? != 0;then + echo "Error in parsing cert with long OIDs" + exit 1 +fi + +rm -f "$OUTFILE" "${TMPFILE1}" "${TMPFILE2}" + +exit 0 diff --git a/tests/cert-tests/certtool-rsa-pss.sh b/tests/cert-tests/certtool-rsa-pss.sh new file mode 100755 index 0000000..598351d --- /dev/null +++ b/tests/cert-tests/certtool-rsa-pss.sh @@ -0,0 +1,226 @@ +#!/bin/sh + +# Copyright (C) 2014 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +OUTFILE=cert-pss-privkey.$$.tmp +TMPFILE=cert-pss.$$.tmp +TMPFILE2=cert2-pss.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +# Create an RSA-PSS private key, restricted to the use with RSA-PSS +${VALGRIND} "${CERTTOOL}" --generate-privkey \ + --key-type rsa-pss --outfile "$OUTFILE" +rc=$? + +if test "${rc}" != "0"; then + echo "Could not generate an RSA-PSS key" + exit 1 +fi + +# check whether description is present +grep 'modulus:' ${OUTFILE} +if test $? != 0;then + cat ${OUTFILE} + echo "PKCS#8 file does not contain modulus text" + exit 1 +fi + +for i in sha256 sha384 sha512;do +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1 && test "$i" != sha384;then + continue +fi + +# Create an RSA-PSS private key, restricted to the use with RSA-PSS +${VALGRIND} "${CERTTOOL}" --generate-privkey --pkcs8 --password '' \ + --key-type rsa-pss --hash $i --outfile "$OUTFILE" +rc=$? + +if test "${rc}" != "0"; then + echo "Could not generate an RSA-PSS key ($i)" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -k --password '' --infile "$OUTFILE" >/dev/null +rc=$? +if test "${rc}" != "0"; then + echo "Could not read generated an RSA-PSS key ($i)" + exit 1 +fi + +# Create an RSA-PSS certificate from an RSA-PSS private key +${VALGRIND} "${CERTTOOL}" --generate-self-signed \ + --pkcs8 --load-privkey "$OUTFILE" --password '' \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile "${TMPFILE}" --hash $i +rc=$? + +if test "${rc}" != "0"; then + echo "Could not generate an RSA-PSS certificate from an RSA-PSS key ($i)" + exit 1 +fi + +rm -f "${TMPFILE}" + +# Create an RSA-PSS certificate from an RSA-PSS private key, with +# mismatched parameters +for j in sha256 sha384 sha512;do +${VALGRIND} "${CERTTOOL}" --generate-self-signed \ + --pkcs8 --load-privkey "$OUTFILE" --password '' \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile "${TMPFILE}" --hash $j +rc=$? + +if test "$j" != "$j" && "${rc}" = "0"; then + echo "Unexpectedly succeeded to generate an RSA-PSS certificate ($j != $i)" + exit 1 +fi +done +rm -f "${TMPFILE}" + +# Create an RSA-PSS certificate from an RSA key +${VALGRIND} "${CERTTOOL}" --generate-certificate --key-type rsa-pss \ + --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa.pem" \ + --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ + --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile "${TMPFILE}" --hash $i +rc=$? + +if test "${rc}" != "0"; then + echo "Could not generate an RSA-PSS certificate $i" + exit 1 +fi + +${CERTTOOL} -i --infile ${TMPFILE}|grep -i "Subject Public Key Algorithm: RSA-PSS" +if test $? != 0;then + echo "Generated certificate is not RSA-PSS" + cat ${TMPFILE} + exit 1 +fi + +rm -f "${TMPFILE}" + +# Create an RSA certificate from an RSA key, with wrong key-type, should fail +${VALGRIND} "${CERTTOOL}" --generate-certificate --key-type ecdsa \ + --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa.pem" \ + --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ + --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile "${TMPFILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "Succeeded with wrong key type" + exit 1 +fi + +# Create an RSA certificate from an RSA key, and sign it with RSA-PSS +${VALGRIND} "${CERTTOOL}" --generate-certificate --rsa --sign-params rsa-pss \ + --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa.pem" \ + --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ + --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile "${TMPFILE}" --hash $i +rc=$? + +if test "${rc}" != "0"; then + echo "Could not generate an RSA-PSS certificate" + exit 1 +fi + +${CERTTOOL} -i --infile ${TMPFILE}|tr -d '\r' > ${TMPFILE2} +grep -i 'Subject Public Key Algorithm: RSA$' ${TMPFILE2} >/dev/null +if test $? != 0;then + echo "Generated certificate is not RSA" + cat ${TMPFILE} + exit 1 +fi + +grep -i "Signature Algorithm: RSA-PSS" ${TMPFILE2} +if test $? != 0;then + echo "Generated certificate is not signed with RSA-PSS" + cat ${TMPFILE} + exit 1 +fi + +grep -i "Signature Algorithm: RSA-PSS-${i}" ${TMPFILE2} +if test $? != 0;then + echo "Generated certificate is not signed with RSA-PSS-${i}" + cat ${TMPFILE} + exit 1 +fi + +rm -f "${TMPFILE}" +rm -f "${TMPFILE2}" + +done + +# Convert an RSA-PSS key to an RSA key +# + +${VALGRIND} "${CERTTOOL}" --to-rsa --infile "${srcdir}/data/key-rsa-pss.pem" --outfile ${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "Could not convert an RSA-PSS certificate" + exit 1 +fi + +${DIFF} "${srcdir}/data/key-rsa-pss-raw.pem" ${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "RSA-PSS decoding failed" + exit ${rc} +fi + +echo "RSA-PSS to RSA conversion was successful" + +rm -f "${TMPFILE}" + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +datefudge "2012-11-22" \ +${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/data/cert-rsa-pss.pem" --infile "${srcdir}/data/cert-rsa-pss.pem" +rc=$? + +if test "${rc}" != "0"; then + echo "There was an issue verifying the certificate" + exit 1 +fi + +rm -f "${TMPFILE}" + +exit 0 diff --git a/tests/cert-tests/certtool-subca.sh b/tests/cert-tests/certtool-subca.sh new file mode 100755 index 0000000..478d1f0 --- /dev/null +++ b/tests/cert-tests/certtool-subca.sh @@ -0,0 +1,108 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +# This is a reproducer for #767 + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +ROOT_CA_TMPL=root.ca.$$.tmp +SUB_CA_TMPL=sub.ca.$$.tmp +ROOT_PRIVKEY=root.key.$$.tmp +ROOT_CA_CERT=root.ca.cert.$$.tmp +CSR_FILE=csr.$$.tmp +OUTFILE=out3.$$.tmp + +. ${srcdir}/../scripts/common.sh + +cat >${ROOT_CA_TMPL} <<_EOF_ +organization = "Example" +cn = "Root CA" +expiration_days = 700 +ca +cert_signing_key +crl_signing_key +_EOF_ + +cat >${SUB_CA_TMPL} <<_EOF_ +organization = "Example" +cn = "Example CA" +expiration_days = 350 +crl_dist_points = "http://crl.example.com/Root_CA.crl" +ca +signing_key +cert_signing_key +crl_signing_key +path_len = 0 +_EOF_ + +${CERTTOOL} --generate-privkey --key-type ecdsa --outfile ${ROOT_PRIVKEY} >/dev/null +if test $? != 0;then + echo "Error generating privkey" + exit 1 +fi + +${CERTTOOL} --generate-self-signed --load-privkey ${ROOT_PRIVKEY} --template ${ROOT_CA_TMPL} > ${ROOT_CA_CERT} 2>&1 +if test $? != 0;then + echo "Error generating root CA" + exit 1 +fi + +grep "Digital signature" ${ROOT_CA_CERT} >/dev/null +if test $? = 0;then + echo "root CA: found the digital signature flag although not specified!" + exit 1 +fi + +${CERTTOOL} --generate-request --load-privkey ${ROOT_PRIVKEY} --template ${SUB_CA_TMPL} --outfile ${CSR_FILE} +if test $? != 0;then + cat ${SUB_CA_TMPL} + echo "Error generating csr" + exit 1 +fi + +${CERTTOOL} --generate-certificate --load-ca-privkey ${ROOT_PRIVKEY} --load-ca-certificate ${ROOT_CA_CERT} --load-request ${CSR_FILE} --template ${SUB_CA_TMPL} >${OUTFILE} 2>&1 +if test $? != 0;then + echo "Error generating sub CA" + exit 1 +fi + +grep "Digital signature" ${OUTFILE} >/dev/null +if test $? != 0;then + echo "Cannot find the digital signature flag!" + exit 1 +fi + +rm -f "${ROOT_PRIVKEY}" "${ROOT_CA_CERT}" "${CSR_FILE}" "${ROOT_CA_TMPL}" "${SUB_CA_TMPL}" "${OUTFILE}" + +exit 0 diff --git a/tests/cert-tests/certtool-utf8.sh b/tests/cert-tests/certtool-utf8.sh new file mode 100755 index 0000000..b37b305 --- /dev/null +++ b/tests/cert-tests/certtool-utf8.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +# Copyright (C) 2015 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +# This checks whether invalid UTF8 strings trigger valgrind warnings. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" + + # Check improper UTF8 errors + ${VALGRIND} --error-exitcode=3 "${CERTTOOL}" -i --inder --infile "${srcdir}/data/cert-invalid-utf8.der" + rc=$? + + if test "${rc}" = 3;then + echo "Invalid memory access with invalid UTF8" + exit 1 + fi +fi + +exit 0 diff --git a/tests/cert-tests/certtool-verify-profiles.sh b/tests/cert-tests/certtool-verify-profiles.sh new file mode 100755 index 0000000..f63ee92 --- /dev/null +++ b/tests/cert-tests/certtool-verify-profiles.sh @@ -0,0 +1,78 @@ +#!/bin/sh + +# Copyright (C) 2017 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +OUTFILE=out-pkcs7.$$.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +echo "Checking chain with insecure leaf" +datefudge -s "2019-12-19" \ +${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-leaf.pem" >${OUTFILE} +rc=$? + +if test "${rc}" != "1"; then + echo "insecure chain succeeded verification (1)" + cat $OUTFILE + exit ${rc} +fi + +echo "Checking chain with insecure subca" +datefudge -s "2019-12-19" \ +${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-subca.pem" >${OUTFILE} +rc=$? + +if test "${rc}" != "1"; then + echo "insecure chain succeeded verification (2)" + cat $OUTFILE + exit ${rc} +fi + + +echo "Checking chain with insecure ca" +datefudge -s "2019-12-19" \ +${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-ca.pem" >${OUTFILE} +rc=$? + +if test "${rc}" != "1"; then + echo "insecure chain succeeded verification (3)" + cat $OUTFILE + exit ${rc} +fi + + +rm -f "${OUTFILE}" + +exit 0 diff --git a/tests/cert-tests/certtool.sh b/tests/cert-tests/certtool.sh new file mode 100755 index 0000000..11b8b8f --- /dev/null +++ b/tests/cert-tests/certtool.sh @@ -0,0 +1,185 @@ +#!/bin/sh + +# Copyright (C) 2014-2018 Nikos Mavrogiannopoulos +# Copyright (C) 2018 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +TMPFILE1=certtool-file1.$$.tmp +TMPFILE2=certtool-file2.$$.tmp +PASS="1234" + +if test -n "$DISABLE_BASH_TESTS"; then + exit 77 +fi + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +: ${SETSID=setsid} +if ("$SETSID" --version) >/dev/null 2>&1; then + ${VALGRIND} "${CERTTOOL}" --generate-privkey --rsa --outfile ${TMPFILE1} --pkcs8 --password ${PASS} + if test $? != 0;then + echo "private key generation failed" + exit 1 + fi + + grep 'modulus:' ${TMPFILE1} + if test $? = 0;then + cat ${TMPFILE1} + echo "PKCS#8 file contains text modulus" + exit 1 + fi + + #check whether password is being honoured + #some CI runners need GNUTLS_PIN (GNUTLS_PIN=${PASS}) + ${SETSID} "${CERTTOOL}" --generate-self-signed --load-privkey ${TMPFILE1} --template ${srcdir}/templates/template-test.tmpl --ask-pass >${TMPFILE2} 2>&1 </dev/null 2>&1 + if test $? != 0;then + cat ${TMPFILE2} + echo "No password was asked" + exit 1 + fi +fi + +#check whether "funny" spaces can be interpreted +id=`${VALGRIND} "${CERTTOOL}" --key-id --infile "${srcdir}/data/funny-spacing.pem" --hash sha1| tr -d '\r'` +rc=$? + +if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then + echo "Key-ID1 doesn't match the expected: ${id}" + exit 1 +fi + +id=`${VALGRIND} "${CERTTOOL}" --key-id --infile "${srcdir}/data/funny-spacing.pem"| tr -d '\r'` +rc=$? + +if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then + echo "Default key-ID1 doesn't match the expected; did the defaults change? ID: ${id}" + exit 1 +fi + +id=`"${CERTTOOL}" --pubkey-info <"${srcdir}/data/funny-spacing.pem"|"${CERTTOOL}" --key-id --hash sha1| tr -d '\r'` +rc=$? + +if test "${id}" != "1e09d707d4e3651b84dcb6c68a828d2affef7ec3"; then + echo "Key-ID2 doesn't match the expected: ${id}" + exit 1 +fi + +id=`"${CERTTOOL}" --pubkey-info <"${srcdir}/data/funny-spacing.pem"|"${CERTTOOL}" --key-id --hash sha256| tr -d '\r'` +rc=$? + +if test "${id}" != "118e72e3655150c895ecbd19b3634179fb4a87c7a25abefcb11f5d66661d5a4d"; then + echo "Key-ID3 doesn't match the expected: ${id}" + exit 1 +fi + +id=`"${CERTTOOL}" --pubkey-info <"${srcdir}/data/funny-spacing.pem"|"${CERTTOOL}" --key-id --hash sha512| tr -d '\r'` +rc=$? + +if test "${id}" != "5e81ba533b1e7b88b3b0834a392c1cd63f8ccbe45f39edf4cb4b6a3e7700b333cfa386c54b1c5704a2b82a20dc417b347bb8f961c339134a91158a134ca6c478"; then + echo "Key-ID4 doesn't match the expected: ${id}" + exit 1 +fi + +#fingerprint +id=`${VALGRIND} "${CERTTOOL}" --fingerprint --infile "${srcdir}/data/funny-spacing.pem"| tr -d '\r'` +rc=$? + +if test "${id}" != "8f735c5ddefd723f59b6a3bb2ac0522470c0182f"; then + echo "Fingerprint doesn't match the expected: 3" + exit 1 +fi + +id=`${VALGRIND} "${CERTTOOL}" --fingerprint --hash sha256 --infile "${srcdir}/data/funny-spacing.pem"| tr -d '\r'` +rc=$? + +if test "${id}" != "fc5b45b20c489393a457f177572920ac40bacba9d25cea51200822271eaf7d1f"; then + echo "Fingerprint doesn't match the expected: 4" + exit 1 +fi + +id=`${VALGRIND} "${CERTTOOL}" --fingerprint --hash sha512 --infile "${srcdir}/data/funny-spacing.pem"| tr -d '\r'` +rc=$? + +if test "${id}" != "c4880390506a849cd2d8289fb8aea8c189e635aff1054faba58658a0f107472b725672c10d2f7f4ca360528b9433db278f544846e5613f9cd4cb4aa2f56a7894"; then + echo "Fingerprint doesn't match the expected: 5" + exit 1 +fi + +# Test whether certtool --outder doesn't output the informational text data + +${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/funny-spacing.pem" --outder --outfile ${TMPFILE1} +if test $? != 0;then + echo "cert output to DER failed" + exit 1 +fi + +grep 'Version:' ${TMPFILE1} +if test $? = 0;then + echo "found text info in DER certificate" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/commonName.cer" | grep -v "Not After:" > ${TMPFILE1} +if test $? != 0;then + echo "commonName cert output failed" + exit 1 +fi + +${DIFF} "${srcdir}/data/commonName.cer" ${TMPFILE1} +if test $? != 0;then + exit 1 +fi + + +rm -f ${TMPFILE1} ${TMPFILE2} + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|datefudge "2012-11-22" \ +${VALGRIND} "${CERTTOOL}" --verify-chain +rc=$? + +if test "${rc}" != "0"; then + echo "There was an issue verifying the chain" + exit 1 +fi + +exit 0 diff --git a/tests/cert-tests/crl.sh b/tests/cert-tests/crl.sh new file mode 100755 index 0000000..56ed5e5 --- /dev/null +++ b/tests/cert-tests/crl.sh @@ -0,0 +1,308 @@ +#!/bin/sh + +# Copyright (C) 2015 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +export TZ="UTC" + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +: ${ac_cv_sizeof_time_t=8} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +OUTFILE=out-crl.$$.tmp +INFOFILE=out-crl-info.$$.tmp +OUTFILE2=out2-crl.$$.tmp +TMPFILE=crl.$$.tmp +TMP2FILE=crl2.$$.tmp + +echo "crl_next_update = 43" >$TMPFILE +echo "crl_number = 7" >>$TMPFILE + +${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" --load-ca-certificate \ + "${srcdir}/data/template-test.pem" --load-certificate "${srcdir}/data/ca-certs.pem" --template \ + "${TMPFILE}" >${OUTFILE} 2>${INFOFILE} +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "CRL generation failed" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" --crl-info --infile ${OUTFILE} --no-text --outfile ${TMP2FILE} +rc=$? + +if test "${rc}" != "0"; then + echo "--no-text crl info failed 1" + exit ${rc} +fi + +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMP2FILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then + echo "--no-text crl info failed 2" + exit 1 +fi + +grep "Revoked certificates (152)" "${INFOFILE}" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "CRL generation didn't succeed as expected" + exit 1 +fi + +sed 's/\r$//' <"${INFOFILE}" | grep "CRL Number (not critical): 07$" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "CRL generation didn't succeed as expected (2)" + grep "CRL Number (not critical):" "${INFOFILE}" + exit 1 +fi + +# check appending a certificate + +${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" --load-ca-certificate \ + "${srcdir}/data/template-test.pem" --load-crl "${OUTFILE}" --load-certificate "${srcdir}/data/cert-ecc256.pem" --template \ + "${TMPFILE}" -d 9 >${OUTFILE2} 2>${INFOFILE} +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "CRL appending failed" + exit ${rc} +fi + +grep "Revoked certificates (153)" "${INFOFILE}" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "CRL appending didn't succeed as expected" + exit 1 +fi + +grep "Serial Number (hex): 07" "${INFOFILE}" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "CRL appending didn't succeed as expected (2)" + exit 1 +fi + +# check the dates + +echo "crl_this_update_date = \"2004-03-29 16:21:42\"" >$TMPFILE +echo "crl_next_update_date = \"2006-03-29 13:21:42\"" >>$TMPFILE +echo "crl_number = 8" >>$TMPFILE +echo "crl_revocation_date = \"2003-02-01 10:00:00\"" >>$TMPFILE + +${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" --load-ca-certificate \ + "${srcdir}/data/template-test.pem" --load-certificate "${srcdir}/data/cert-ecc256.pem" --template \ + "${TMPFILE}" -d 9 >${OUTFILE2} 2>${INFOFILE} +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "CRL date setting failed" + exit ${rc} +fi + +grep "Revoked at: Sat Feb 01 10:00:00 UTC 2003" "${INFOFILE}" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "CRL date setting didn't succeed as expected" + exit 1 +fi + +grep "Issued: Mon Mar 29 16:21:42 UTC 2004" "${INFOFILE}" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "CRL date setting didn't succeed as expected (2)" + exit 1 +fi + +grep "Next at: Wed Mar 29 13:21:42 UTC 2006" "${INFOFILE}" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "CRL date setting didn't succeed as expected (3)" + exit 1 +fi + +# Check hex serial number +echo "crl_next_update = 43" >$TMPFILE +echo "crl_number = 0x1234567890abcdef1234567890abcdef12345678" >>$TMPFILE + +${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" --load-ca-certificate \ + "${srcdir}/data/template-test.pem" --load-certificate "${srcdir}/data/ca-certs.pem" --template \ + "${TMPFILE}" >${OUTFILE} 2>${INFOFILE} +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "CRL hex number failed" + exit ${rc} +fi + +sed 's/\r$//' <"${INFOFILE}" | grep "CRL Number (not critical): 1234567890abcdef1234567890abcdef12345678$" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "CRL hex number didn't succeed as expected" + grep "CRL Number (not critical):" "${INFOFILE}" + exit 1 +fi + +# Check default CRL number +echo "crl_next_update = 43" >$TMPFILE + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +datefudge -s "2020-01-20 10:00:00" ${VALGRIND} \ + "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" \ + --load-ca-certificate "${srcdir}/data/template-test.pem" \ + --load-certificate "${srcdir}/data/ca-certs.pem" --template \ + "${TMPFILE}" >${OUTFILE} 2>${INFOFILE} +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "CRL default number failed" + exit ${rc} +fi + +sed 's/\r$//' <"${INFOFILE}" | grep "CRL Number (not critical): 5e257a20[0-9a-f]\{30\}$" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "CRL default number didn't succeed as expected" + grep "CRL Number (not critical):" "${INFOFILE}" + exit 1 +fi + +if test "${ac_cv_sizeof_time_t}" = 8;then + # we should test that on systems which have 64-bit time_t + datefudge -s "2138-01-20 10:00:00" ${VALGRIND} \ + "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" \ + --load-ca-certificate "${srcdir}/data/template-test.pem" \ + --load-certificate "${srcdir}/data/ca-certs.pem" --template \ + "${TMPFILE}" >${OUTFILE} 2>${INFOFILE} + rc=$? + + # We're done. + if test "${rc}" != "0"; then + echo "CRL default number 2 failed" + exit ${rc} + fi + + sed 's/\r$//' <"${INFOFILE}" | grep "CRL Number (not critical): 013c1972a0[0-9a-f]\{30\}$" >/dev/null 2>&1 + if test "$?" != "0"; then + echo "CRL default number 2 didn't succeed as expected" + grep "CRL Number (not critical):" "${INFOFILE}" + exit 1 + fi +fi + +# Check large decimal CRL number +echo "crl_next_update = 43" >$TMPFILE +echo "crl_number = 1234567890123456789012345678" >>$TMPFILE + +${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" --load-ca-certificate \ + "${srcdir}/data/template-test.pem" --load-certificate "${srcdir}/data/ca-certs.pem" --template \ + "${TMPFILE}" >${OUTFILE} 2>${INFOFILE} +rc=$? + +# We're done. +if test "${rc}" = "0"; then + echo "CRL large decimal number succeeded when shouldn't" + exit ${rc} +fi + +sed 's/\r$//' <"${INFOFILE}" | grep "error parsing number: 1234567890123456789012345678" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "CRL large number didn't fail as expected" + exit 1 +fi + +# Check invalid hex number +echo "crl_next_update = 43" >$TMPFILE +echo "crl_number = 0xsomething" >>$TMPFILE + +${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" --load-ca-certificate \ + "${srcdir}/data/template-test.pem" --load-certificate "${srcdir}/data/ca-certs.pem" --template \ + "${TMPFILE}" >${OUTFILE} 2>${INFOFILE} +rc=$? + +# We're done. +if test "${rc}" = "0"; then + echo "CRL invalid hex number succeeded when shouldn't" + exit ${rc} +fi + +sed 's/\r$//' <"${INFOFILE}" | grep "error parsing number: 0xsomething" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "CRL invalid hex number didn't fail as expected" + exit 1 +fi + +# Check invalid number +echo "crl_next_update = 43" >$TMPFILE +echo "crl_number = something" >>$TMPFILE + +${VALGRIND} "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" --load-ca-certificate \ + "${srcdir}/data/template-test.pem" --load-certificate "${srcdir}/data/ca-certs.pem" --template \ + "${TMPFILE}" >${OUTFILE} 2>${INFOFILE} +rc=$? + +# We're done. +if test "${rc}" = "0"; then + echo "CRL invalid number succeeded when shouldn't" + exit ${rc} +fi + +sed 's/\r$//' <"${INFOFILE}" | grep "error parsing number: something" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "CRL invalid number didn't fail as expected" + exit 1 +fi + +# Check CRL verification + +## CRL validation is expected to succeed +${VALGRIND} "${CERTTOOL}" --verify-crl --infile "${srcdir}/data/ca-crl-valid.crl" --load-ca-certificate \ + "${srcdir}/data/ca-crl-valid.pem" >${OUTFILE} 2>${INFOFILE} +rc=$? +if test "${rc}" != "0"; then + echo "CRL verification failed" + exit ${rc} +fi + +## CRL validation is expected to fail because the CA doesn't have the CRLSign key usage flag +${VALGRIND} "${CERTTOOL}" --verify-crl --infile "${srcdir}/data/ca-crl-invalid.crl" --load-ca-certificate \ + "${srcdir}/data/ca-crl-invalid.pem" >${OUTFILE} 2>${INFOFILE} +rc=$? +if test "${rc}" = "0"; then + echo "CRL verification succeeded when shouldn't" + exit 1 +fi + +rm -f "${OUTFILE}" +rm -f "${INFOFILE}" +rm -f "${OUTFILE2}" +rm -f "${TMPFILE}" +rm -f "${TMP2FILE}" + +exit 0 diff --git a/tests/cert-tests/crq.sh b/tests/cert-tests/crq.sh new file mode 100755 index 0000000..5350324 --- /dev/null +++ b/tests/cert-tests/crq.sh @@ -0,0 +1,243 @@ +#!/bin/sh + +# Copyright (C) 2014 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +TMPFILE=crq.$$.tmp +OUTFILE=out.$$.tmp +OUTFILE2=out2.$$.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +${VALGRIND} "${CERTTOOL}" --inder --crq-info --infile "${srcdir}/data/csr-invalid.der" >"${OUTFILE}" 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Invalid crq decoding failed" + exit ${rc} +fi + +grep "error: get_key_id" "${OUTFILE}" >/dev/null 2>&1 +if test "$?" != "0"; then + echo "crq decoding didn't fail as expected" + exit 1 +fi + +rm -f "${OUTFILE}" + +# check whether the honor_crq_extension option works +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-request \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-tlsfeature.tmpl" \ + --outfile $OUTFILE 2>/dev/null + +${CERTTOOL} --crq-info --no-text --infile ${OUTFILE} --outfile ${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "--no-text crq info failed 1" + exit ${rc} +fi + +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then + echo "--no-text crq info failed 2" + exit 1 +fi + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-certificate \ + --load-ca-privkey "${srcdir}/data/template-test.key" \ + --load-ca-certificate "${srcdir}/data/template-tlsfeature.pem" \ + --load-request="$OUTFILE" \ + --template "${srcdir}/templates/template-crq.tmpl" \ + --outfile "${OUTFILE2}" 2>/dev/null + +${DIFF} "${srcdir}/data/template-crq.pem" "${OUTFILE2}" >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Certificate request generation failed" + echo $OUTFILE2 + exit ${rc} +fi + +rm -f "${OUTFILE}" "${OUTFILE2}" + + +# Test interactive CRQ creation with very long input +cat >$TMPFILE <<__EOF__ + + + + + +super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com + + +super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com + + + + + + + + +N +Y +N +Y +N +N +N +N +N +N +__EOF__ + +setsid \ +datefudge -s "2007-04-22" \ + "${CERTTOOL}" -q \ + --load-privkey "${srcdir}/data/template-test.key" \ + --outfile "${OUTFILE}" <$TMPFILE 2>/dev/null + +${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/template-long-dns-crq.pem" "${OUTFILE}" >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Certificate request generation with long DNS failed" + echo $OUTFILE + exit ${rc} +fi + +# check whether the generation with extension works +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-request \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/arb-extensions.tmpl" \ + --outfile $OUTFILE 2>/dev/null +rc=$? + +if test "${rc}" != "0"; then + echo "add_extension crq failed" + exit ${rc} +fi + +${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/arb-extensions.csr" "${OUTFILE}" >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + echo "Certificate request generation with explicit extensions failed" + exit ${rc} +fi + +# Generate certificate from CRQ with no explicit extensions +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-certificate \ + --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ + --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ + --load-request "${srcdir}/data/arb-extensions.csr" \ + --template "${srcdir}/templates/template-no-ca.tmpl" \ + --outfile "${OUTFILE}" 2>/dev/null +rc=$? + +if test "${rc}" != "0"; then + echo "generate certificate with crq failed" + exit ${rc} +fi + +${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/crq-cert-no-ca.pem" "${OUTFILE}" >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + echo "Certificate from request generation failed" + exit ${rc} +fi + +# Generate certificate from CRQ with CRQ extensions +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-certificate \ + --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ + --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ + --load-request "${srcdir}/data/arb-extensions.csr" \ + --template "${srcdir}/templates/template-no-ca-honor.tmpl" \ + --outfile "${OUTFILE}" 2>/dev/null +rc=$? + +if test "${rc}" != "0"; then + echo "generate certificate with crq failed" + exit ${rc} +fi + +${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/crq-cert-no-ca-honor.pem" "${OUTFILE}" >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + echo "Certificate from request generation with honor flag failed" + exit ${rc} +fi + +# Generate certificate from CRQ with explicit extensions +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-certificate \ + --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ + --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ + --load-request "${srcdir}/data/arb-extensions.csr" \ + --template "${srcdir}/templates/template-no-ca-explicit.tmpl" \ + --outfile "${OUTFILE}" 2>/dev/null +rc=$? + +if test "${rc}" != "0"; then + echo "generate certificate with crq failed" + exit ${rc} +fi + +${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/crq-cert-no-ca-explicit.pem" "${OUTFILE}" >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + echo "Certificate from request generation with explicit extensions failed" + exit ${rc} +fi + + +rm -f "${OUTFILE}" "${OUTFILE2}" "${TMPFILE}" + +exit 0 diff --git a/tests/cert-tests/dane.sh b/tests/cert-tests/dane.sh new file mode 100755 index 0000000..9398c73 --- /dev/null +++ b/tests/cert-tests/dane.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +# Copyright (C) 2012 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -e + +: ${srcdir=.} +: ${DANETOOL=../../src/danetool${EXEEXT}} +: ${DIFF=diff} + +test -e "${DANETOOL}" || exit 77 + +"${DANETOOL}" --tlsa-rr --load-certificate "${srcdir}/data/cert-ecc256.pem" --host www.example.com --outfile tmp-dane.rr 2>/dev/null + +${DIFF} "${srcdir}/data/dane-test.rr" tmp-dane.rr +rc=$? + +rm -f tmp-dane.rr + +# We're done. +if test "${rc}" != "0"; then + exit ${rc} +fi + +exit 0 diff --git a/tests/cert-tests/data/aes-128.p12 b/tests/cert-tests/data/aes-128.p12 new file mode 100644 index 0000000..b20fbb2 Binary files /dev/null and b/tests/cert-tests/data/aes-128.p12 differ diff --git a/tests/cert-tests/data/aki-cert.pem b/tests/cert-tests/data/aki-cert.pem new file mode 100644 index 0000000..cb767c6 --- /dev/null +++ b/tests/cert-tests/data/aki-cert.pem @@ -0,0 +1,110 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 6e4ffab3c5e669c4d167c992abe858c4 + Issuer: OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US + Validity: + Not Before: Wed Mar 25 00:00:00 UTC 2009 + Not After: Sun Mar 24 23:59:59 UTC 2019 + Subject: CN=VeriSign Class 3 Secure Server CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US + Subject Public Key Algorithm: RSA + Modulus (bits 2048): + 00:d4:56:8f:57:3b:37:28:a6:40:63:d2:95:d5:05:74 + da:b5:19:6a:96:d6:71:57:2f:e2:c0:34:8c:a0:95:b3 + 8c:e1:37:24:f3:2e:ed:43:45:05:8e:89:d7:fa:da:4a + b5:f8:3e:8d:4e:c7:f9:49:50:45:37:40:9f:74:aa:a0 + 51:55:61:f1:60:84:89:a5:9e:80:8d:2f:b0:21:aa:45 + 82:c4:cf:b4:14:7f:47:15:20:28:82:b0:68:12:c0:ae + 5c:07:d7:f6:59:cc:cb:62:56:5c:4d:49:ff:26:88:ab + 54:51:3a:2f:4a:da:0e:98:e2:89:72:b9:fc:f7:68:3c + c4:1f:39:7a:cb:17:81:f3:0c:ad:0f:dc:61:62:1b:10 + 0b:04:1e:29:18:71:5e:62:cb:43:de:be:31:ba:71:02 + 19:4e:26:a9:51:da:8c:64:69:03:de:9c:fd:7d:fd:7b + 61:bc:fc:84:7c:88:5c:b4:c3:7b:ed:5f:2b:46:12:f1 + fd:00:01:9a:8b:5b:e9:a3:05:2e:8f:2e:5b:de:f3:1b + 78:f8:66:91:08:c0:5e:ce:d5:b0:36:ca:d4:a8:7b:a0 + 7d:f9:30:7a:bf:f8:dd:19:51:2b:20:ba:fe:a7:cf:a1 + 4e:b0:67:f5:80:aa:2b:83:2e:d2:8e:54:89:8e:1e:29 + 0b + Exponent (bits 24): + 01:00:01 + Extensions: + Authority Information Access (not critical): + Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) + Access Location URI: http://ocsp.verisign.com + Basic Constraints (critical): + Certificate Authority (CA): TRUE + Path Length Constraint: 0 + Certificate Policies (not critical): + 2.16.840.1.113733.1.7.23.3 + URI: https://www.verisign.com/cps + Note: https://www.verisign.com/rpa + CRL Distribution points (not critical): + URI: http://crl.verisign.com/pca3-g2.crl + Key Usage (critical): + Certificate signing. + CRL signing. + Unknown extension 1.3.6.1.5.5.7.1.12 (not critical): + ASCII: 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif + Hexdump: 305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966 + Subject Alternative Name (not critical): + directoryName: CN=Class3CA2048-1-52 + Subject Key Identifier (not critical): + a5ef0b11cec04103a34a659048b21ce0572d7d47 + Authority Key Identifier (not critical): + directoryName: OU=VeriSign Trust Network,OU=(c) 1998 VeriSign\, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign\, Inc.,C=US + serial: 7dd9fe07cfa81eb7107967fba78934c6 + Signature Algorithm: RSA-SHA1 + Signature: + 63:74:2f:3d:53:aa:2f:97:ec:26:11:66:1a:fe:f1:de + 41:27:19:d2:7f:d8:c1:1c:f9:e2:38:56:3a:1f:90:ae + 39:c5:20:75:ab:f8:6c:2d:67:1f:29:c2:21:d7:14:88 + 63:4b:b0:9b:27:63:91:f8:f0:a3:01:24:b6:fb:8f:e3 + 3d:02:0b:6f:54:fe:d4:cc:db:d6:85:bf:7c:95:1e:5e + 62:11:c1:d9:09:9c:42:b9:b2:d4:aa:2d:98:3a:23:60 + cc:a2:9a:f1:6e:e8:cf:8e:d1:1a:3c:5e:19:c5:d7:9b + 35:b0:02:23:24:e5:05:b8:d5:88:e3:e0:fa:b9:f4:5f +Other Information: + Fingerprint: + sha1:62f3c89771da4ce01a91fc13e02b6057b4547a1d + sha256:50505039f8cbd1d36739bcf80d334f532f6817a332add4352f1f4fee9915cd8a + Public Key ID: + sha1:df622ed0fe6a65a8df5b62840c826ac5b372235f + sha256:a1d7b37438ab0eadc6a9c9c2f3265314e64065b9a3ad937b6ca535b8cb5fe093 + Public Key PIN: + pin-sha256:odezdDirDq3GqcnC8yZTFOZAZbmjrZN7bKU1uMtf4JM= + +-----BEGIN CERTIFICATE----- +MIIGLDCCBZWgAwIBAgIQbk/6s8XmacTRZ8mSq+hYxDANBgkqhkiG9w0BAQUFADCB +wTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQL +EzNDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1 +dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv +cmswHhcNMDkwMzI1MDAwMDAwWhcNMTkwMzI0MjM1OTU5WjCBtTELMAkGA1UEBhMC +VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU +cnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93 +d3cudmVyaXNpZ24uY29tL3JwYSAoYykwOTEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xh +c3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDUVo9XOzcopkBj0pXVBXTatRlqltZxVy/iwDSMoJWzjOE3JPMu +7UNFBY6J1/raSrX4Po1Ox/lJUEU3QJ90qqBRVWHxYISJpZ6AjS+wIapFgsTPtBR/ +RxUgKIKwaBLArlwH1/ZZzMtiVlxNSf8miKtUUTovStoOmOKJcrn892g8xB85essX +gfMMrQ/cYWIbEAsEHikYcV5iy0PevjG6cQIZTiapUdqMZGkD3pz9ff17Ybz8hHyI +XLTDe+1fK0YS8f0AAZqLW+mjBS6PLlve8xt4+GaRCMBeztWwNsrUqHugffkwer/4 +3RlRKyC6/qfPoU6wZ/WAqiuDLtKOVImOHikLAgMBAAGjggKpMIICpTA0BggrBgEF +BQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTAS +BgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4RQEHFwMwVjAo +BggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAqBggrBgEF +BQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1UdHwQtMCsw +KaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzIuY3JsMA4GA1Ud +DwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYw +ITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9n +by52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEaMBgGA1UE +AxMRQ2xhc3MzQ0EyMDQ4LTEtNTIwHQYDVR0OBBYEFKXvCxHOwEEDo0plkEiyHOBX +LX1HMIHnBgNVHSMEgd8wgdyhgcekgcQwgcExCzAJBgNVBAYTAlVTMRcwFQYDVQQK +Ew5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMgUHJpbWFy +eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5 +OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYD +VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrghB92f4Hz6getxB5Z/uniTTGMA0G +CSqGSIb3DQEBBQUAA4GBAGN0Lz1Tqi+X7CYRZhr+8d5BJxnSf9jBHPniOFY6H5Cu +OcUgdav4bC1nHynCIdcUiGNLsJsnY5H48KMBJLb7j+M9AgtvVP7UzNvWhb98lR5e +YhHB2QmcQrmy1KotmDojYMyimvFu6M+O0Ro8XhnF15s1sAIjJOUFuNWI4+D6ufRf +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/alt-chain-new-ca.pem b/tests/cert-tests/data/alt-chain-new-ca.pem new file mode 100644 index 0000000..672e348 --- /dev/null +++ b/tests/cert-tests/data/alt-chain-new-ca.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== +-----END CERTIFICATE----- + + diff --git a/tests/cert-tests/data/alt-chain-old-ca.pem b/tests/cert-tests/data/alt-chain-old-ca.pem new file mode 100644 index 0000000..676db97 --- /dev/null +++ b/tests/cert-tests/data/alt-chain-old-ca.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy +dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1 +MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx +dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f +BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A +cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC +AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm +aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw +ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj +IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF +MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA +A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y +7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh +1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/alt-chain.pem b/tests/cert-tests/data/alt-chain.pem new file mode 100644 index 0000000..59cc72a --- /dev/null +++ b/tests/cert-tests/data/alt-chain.pem @@ -0,0 +1,73 @@ +-----BEGIN CERTIFICATE----- +MIIEgDCCA2igAwIBAgIIBeZR1CBLghIwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE +BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl +cm5ldCBBdXRob3JpdHkgRzIwHhcNMTcwNDI3MDkwMDE3WhcNMTcwNzIwMDgzMTAw +WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN +TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3 +Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT9vtv +qcRXtKxJ0LyilnZKUNTpW42gjICyAU3yyoBrjQTZOmEyeS0xlerW7gy27/1gU2BG +pXQcNLH4kuvAyC6mCZgbpRapn+0Ki9cQXPiMaed0WMg+QiX7cdAaXSBiw5byc8l7 +BlmtXinYD0kMiVpmhE8wbgcGn/Qm3MoqBp8vPEnRORPDruw+XpJIMuUqvMicEJMd +8FnTvxKmJVRrDeQ35igsZgHBkww31RFRWdWDZ74n39zdsu6ypMLk7nNRP8UtNB1v +YG4E5KlXijm2axgkBKVp00V9bdAPka1PzhfOfWpwnaBLfmwHoaWIiGkrwo2jQknM +dcVWY8yyOadIoN9BAgMBAAGjggFLMIIBRzAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE +XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0 +MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G +A1UdDgQWBBTwkRZeJSFXnSMdT2FcPyy/KHVzyjAMBgNVHRMBAf8EAjAAMB8GA1Ud +IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHW +eQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n +bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAP06tD9aipNsw1EJ2 +sY0dNKUUw5eoPLKkFSEQS767VuJXCKpwRoNCwiNggQ2xXM6guIZTqSFLv/RrfE+m +TDguFX7Uy0LexlJxGMbvcQolSxJVGa/uUc7D3yBiB6dPT+fHzUHgl5tfXzI9UKrU +MIGXmXIRKMElmSI6mrk400xiKDmxT4T7khyQhucsX/v57lan2ZAqfNX1TJ9ZLCuD +Hjtm+bh7lLEdxKYdjjfmYAkjROQkFJlQCVZXmDdyx/x0w0LP02DppjzhtghCDLU2 +xUic20XgxZ0XWY9nh1lj/oEW68V8NR7KsrvKU+7btxO8Fsek7IIS44rYxF+2VMdL +qTKqQw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID8DCCAtigAwIBAgIDAjqSMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMTUwNDAxMDAwMDAwWhcNMTcxMjMxMjM1OTU5WjBJMQswCQYDVQQG +EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy +bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP +VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv +h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE +ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ +EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC +DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7 +qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD +VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov +L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig +JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ +MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEACE4Ep4B/EBZDXgKt +10KA9LCO0q6z6xF9kIQYfeeQFftJf6iZBZG7esnWPDcYCZq2x5IgBzUzCeQoY3IN +tOAynIeYxBt2iWfBUFiwE6oTGhsypb7qEZVMSGNJ6ZldIDfM/ippURaVS6neSYLA +EHD0LPPsvCQk0E6spdleHm2SwaesSDWB+eXknGVpzYekQVA/LlelkVESWA6MCaGs +eqQSpSfzmhCXfVUDBvdmWF9fZOGrXW2lOUh1mEwpWjqN0yvKnFUEv/TmFNWArCbt +F4mmk2xcpMy48GaOZON9muIAs0nH5Aqq3VuDx3CQRk6+0NtZlmwu9RY23nHMAcIS +wSHGFg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT +MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 +aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw +WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE +AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m +OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu +T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c +JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR +Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz +PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm +aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM +TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g +LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO +BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv +dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB +AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL +NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W +b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S +-----END CERTIFICATE----- + diff --git a/tests/cert-tests/data/arb-extensions.csr b/tests/cert-tests/data/arb-extensions.csr new file mode 100644 index 0000000..5014e42 --- /dev/null +++ b/tests/cert-tests/data/arb-extensions.csr @@ -0,0 +1,78 @@ +PKCS #10 Certificate Request Information: + Version: 1 + Subject: UID=clauper,CN=Cindy Lauper,OU=sleeping dept.,O=Koko inc.,ST=Attiki,C=GR + Subject Public Key Algorithm: RSA + Modulus (bits 1024): + 00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03:59 + f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9:86:8b + 05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c:4a:38:f7 + 33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37:70:10:fb:42 + e9:d8:9d:18:65:7e:19:49:fc:05:96:04:68:83:1e:77 + 86:bf:ed:f5:e5:12:3b:13:fe:33:18:9c:1a:7a:1d:69 + af:47:02:60:7a:1f:b9:e8:cf:db:c8:34:30:51:96:3d + 8c:96:5c:00:bc:61:de:08:0f:b1:36:21:7f:a9:00:e3 + 05 + Exponent (bits 24): + 01:00:01 + Signature Algorithm: RSA-SHA256 + Attributes: + Extensions: + Unknown extension 1.2.3.4 (not critical): + ASCII: ........... + Hexdump: 0001020304050607aaabcd + Unknown extension 1.6.7.8 (not critical): + ASCII: ........... + Hexdump: 0001020304050607aaabcd + Unknown extension 1.2.3.4.5.6.7 (not critical): + ASCII: .4.Z.e.'.~.G.... + Hexdump: 1d34cd5ad065dc27c17e9447b0aaaca7 + Unknown extension 1.2.3.4294967295.7 (not critical): + ASCII: ...A?....J.K..l|...4..~.L..&.ap.E........}!'...s.....b=...K..6Sb.4.Z.e.'.~.G.... + Hexdump: 178f0e413f041cc9d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7 + Unknown extension 1.2.6710656.7 (not critical): + ASCII: .J.K..l|...4..~.L..&.ap.E........}!'...s.....b=...K..6Sb.4.Z.e.'.~.G.... + Hexdump: d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7 + Unknown extension 1.0.1.5 (not critical): + ASCII: ...... + Hexdump: 0404cafebeaf + Unknown extension 1.10.11.12.13.14.15.16.17.1.5 (critical): + ASCII: .. + Hexdump: cafe + Unknown extension 1.0.1.5.1 (critical): + ASCII: ........ + Hexdump: 0406beafcafefafa + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Key Purpose (critical): + Email protection. + Key Usage (critical): + Digital signature. +Other Information: + Public Key ID: + sha1:5d40adf0ce9440958b7e99941d925422ca72365f + sha256:472f7ef457b70a57a585094b285fdaef7ad72553495701ecd4f2a6dcb477b50e + Public Key PIN: + pin-sha256:Ry9+9Fe3ClelhQlLKF/a73rXJVNJVwHs1PKm3LR3tQ4= + +Self signature: verified + +-----BEGIN NEW CERTIFICATE REQUEST----- +MIIDOTCCAqICAQAwezELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG +A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE +AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEApcbOdUOEv2SeAicT8QNZ93ktku18L1CkA/Et +ebmGiwV+OrtEqq+EzxOYHhxKOPczLXqfctRrbSawMTdwEPtC6didGGV+GUn8BZYE +aIMed4a/7fXlEjsT/jMYnBp6HWmvRwJgeh+56M/byDQwUZY9jJZcALxh3ggPsTYh +f6kA4wUCAwEAAaCCAXwwggF4BgkqhkiG9w0BCQ4xggFpMIIBZTASBgMqAwQECwAB +AgMEBQYHqqvNMBIGAy4HCAQLAAECAwQFBgeqq80wGgYGKgMEBQYHBBAdNM1a0GXc +J8F+lEewqqynMFwGCCoDj////38HBFAXjw5BPwQcydZK9kvztmx86sb6NKTXftZM +losmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bbNlNiHTTNWtBl3CfB +fpRHsKqspzBSBgYqg5nLAAcESNZK9kvztmx86sb6NKTXftZMlosmx2FwlEX0DZyg +oACRr30hJ4nAC3OHsdDXq2I91AKdS4bbNlNiHTTNWtBl3CfBfpRHsKqspzANBgMo +AQUEBgQEyv6+rzATBgoyCwwNDg8QEQEFAQH/BALK/jATBgQoAQUBAQH/BAgEBr6v +yv76+jAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMEMA4GA1Ud +DwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOBgQBSqqBz/rzAt9wAda9BgZD8fSiz +kSOQSaSjb+ObIxKneA6rlC8YSq+spzRddXuxcEVqDSzfVyfSXbPvfh5z5BsUmEvk +AEHACI5icVbFpY4xIV1NaXt+i1Ff2usLknpcLTWhe4o2eZNEP7Qv93uVxW3Ffadd +ZDRK+SBx5Us1aYJkzA== +-----END NEW CERTIFICATE REQUEST----- diff --git a/tests/cert-tests/data/arb-extensions.pem b/tests/cert-tests/data/arb-extensions.pem new file mode 100644 index 0000000..3b79c65 --- /dev/null +++ b/tests/cert-tests/data/arb-extensions.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID4zCCA0ygAwIBAgIBCTANBgkqhkiG9w0BAQsFADB7MQswCQYDVQQGEwJHUjEP +MA0GA1UECBMGQXR0aWtpMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs +ZWVwaW5nIGRlcHQuMRUwEwYDVQQDEwxDaW5keSBMYXVwZXIxFzAVBgoJkiaJk/Is +ZAEBEwdjbGF1cGVyMB4XDTA3MDQyMjAwMDAwMFoXDTE0MDUyNTAwMDAwMFowezEL +MAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMu +MRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVy +MRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEApcbOdUOEv2SeAicT8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOY +HhxKOPczLXqfctRrbSawMTdwEPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMY +nBp6HWmvRwJgeh+56M/byDQwUZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaOCAXUw +ggFxMBIGAyoDBAQLAAECAwQFBgeqq80wEgYDLgcIBAsAAQIDBAUGB6qrzTAaBgYq +AwQFBgcEEB00zVrQZdwnwX6UR7CqrKcwXAYIKgOP////fwcEUBePDkE/BBzJ1kr2 +S/O2bHzqxvo0pNd+1kyWiybHYXCURfQNnKCgAJGvfSEnicALc4ex0NerYj3UAp1L +hts2U2IdNM1a0GXcJ8F+lEewqqynMFIGBiqDmcsABwRI1kr2S/O2bHzqxvo0pNd+ +1kyWiybHYXCURfQNnKCgAJGvfSEnicALc4ex0NerYj3UAp1Lhts2U2IdNM1a0GXc +J8F+lEewqqynMA0GAygBBQQGBATK/r6vMBMGCjILDA0ODxARAQUBAf8EAsr+MBMG +BCgBBQEBAf8ECAQGvq/K/vr6MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYB +BQUHAwQwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMA0GCSqGSIb3DQEB +CwUAA4GBABVmtCmhkkGelGxK7dQKHuP1x6Zm2O+Q8OSAX5XhQL21yzS7c3wJSAyx +tLSA93vbhug5xtB3mLGl0JYLP8DkwgevtpnHRPkoSCy2Nn/q6qtgl0CqQwvDBE1s +TNAMdq5dAQoIBVh29maaVTvYtFldiooQ5sX0AxD519J7luvq8vW1 +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/attribute-leak-1.pub b/tests/cert-tests/data/attribute-leak-1.pub new file mode 100644 index 0000000..6ab4334 Binary files /dev/null and b/tests/cert-tests/data/attribute-leak-1.pub differ diff --git a/tests/cert-tests/data/bad-key.pem b/tests/cert-tests/data/bad-key.pem new file mode 100644 index 0000000..6dfb622 --- /dev/null +++ b/tests/cert-tests/data/bad-key.pem @@ -0,0 +1,25 @@ +Public Key Info: + Public Key Algorithm: ECC + Key Security Level: High + +curve: SECP256R1 +private key: + 00:f4:fa:5f:3e:48:39:dd:4c:d1:24:3f:a1:f5:51: + 49:36:74:c3:2c:ae:ad:d9:96:91:93:da:ec:03:25: + 1f:aa:0b: +x: + 56:d1:7e:b2:c4:f6:bb:02:e2:4a:76:63:14:8c:1a: + c1:eb:12:56:bd:3d:08:66:2f:dc:eb:e5:b9:32:15: + 1e:e7: +y: + 00:88:27:c8:52:8f:a5:9a:3a:bb:20:e6:54:ef:a8: + 7c:50:39:db:af:cf:e4:5e:69:7a:25:20:6d:63:60: + af:29:d5: + +Public Key ID: 5A:37:9C:B2:B2:BA:33:AC:8E:87:7B:63:18:15:99:3F:DF:3A:F3:A3 + +-----BEGIN EC PRIVATE KEY----- +MHgCAQEEIQCIJ8hSj6WaOrsg5lTvqHxQOduvz+ReaXolIG1jYK8p1aAKBggqhkjO +PQMBB6FEA0IABFbRfrLE9rsC4kp2YxSMGsHrEla9PQhmL9zr5bkyFR7niCfIUo+l +mjq7IOZU76h8UDnbr8/kXml6JSBtY2CvKdU= +-----END EC PRIVATE KEY----- diff --git a/tests/cert-tests/data/bmpstring.pem b/tests/cert-tests/data/bmpstring.pem new file mode 100644 index 0000000..553488e --- /dev/null +++ b/tests/cert-tests/data/bmpstring.pem @@ -0,0 +1,157 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 57 + Issuer: EMAIL=csca@passport.gov.gr,C=GR,OU=Hellenic Police,CN=CSCA-HELLAS,O=Hellenic Republic,serialNumber=1 + Validity: + Not Before: Sun Aug 21 08:00:06 UTC 2011 + Not After: Wed Nov 23 21:59:59 UTC 2016 + Subject: EMAIL=csca@passport.gov.gr,C=GR,CN=CSCA-HELLAS,O=Hellenic Republic,serialNumber=3 + Subject Public Key Algorithm: RSA + Algorithm Security Level: High (4096 bits) + Modulus (bits 4096): + 00:e0:95:b2:04:5a:91:78:1f:7f:1c:33:7f:d0:3a:e1 + 2c:a7:4c:19:be:43:30:c2:8b:b7:1a:1d:9d:80:43:30 + fe:80:d6:87:ff:f3:f2:43:37:16:c2:1f:0f:50:f4:bf + 3b:a4:18:c6:d2:da:ab:56:d3:db:99:23:9f:df:3d:dc + 0a:12:61:1f:ec:e6:9a:64:bf:10:ed:50:60:ee:c9:fa + a4:82:22:97:89:d3:c0:d1:d0:ed:68:83:8a:4a:22:3f + c8:ee:99:5d:96:81:f1:3f:b2:6e:d3:7e:75:26:06:b4 + d9:e1:df:a7:55:84:37:45:a9:79:6a:46:37:9f:91:ba + 95:5f:d2:70:1b:18:34:6a:c0:70:59:57:7a:68:ca:42 + 89:05:4d:40:f7:60:e2:44:a5:29:6a:ac:83:6d:2f:c0 + 2b:3f:4b:34:09:03:31:18:e8:e1:e0:59:37:d4:ca:76 + 87:9b:fb:b3:1c:6d:94:bb:0d:3b:d1:c3:34:de:3b:d3 + 4d:c7:0b:19:fb:49:f8:f0:db:28:45:36:88:af:2e:ae + 66:01:f6:60:24:ea:99:11:f7:dc:9c:32:84:5e:ee:d0 + ed:a1:e0:d9:f8:9e:a2:69:ab:a7:e0:7e:a8:78:bc:27 + 73:58:49:03:22:2a:87:e3:06:a5:d2:00:10:ac:34:90 + 8f:0b:09:f2:d2:74:67:b7:da:00:19:47:e6:c6:70:23 + de:a9:76:72:6e:4c:23:5c:26:66:dd:4c:e1:3b:19:35 + 26:a4:d1:47:de:11:26:78:ad:94:be:71:6d:12:35:62 + 61:e2:99:1e:56:e6:93:f7:e2:f1:82:36:ff:9c:0d:eb + f6:2d:5a:2e:ab:63:8c:67:d4:8d:50:7f:65:c8:7f:f6 + d5:ef:bd:3e:0f:d3:7a:e6:29:c5:04:ea:0c:dc:46:f0 + 4e:3e:3f:9e:e9:6d:66:fd:48:a1:b9:49:11:41:4c:84 + d4:82:8b:dd:dc:f4:ff:67:1a:8a:d2:ae:42:39:55:73 + df:59:e8:eb:f2:d7:9e:7f:dd:79:d4:c1:b7:8c:ca:5c + fe:20:4e:a2:02:19:28:18:32:b3:ba:20:72:dd:2c:8a + 82:d0:b3:9e:aa:ed:84:af:4f:f3:7e:01:49:7e:cf:95 + 48:ed:a2:dc:2b:af:ed:a6:8e:97:fb:3b:6c:af:bd:0d + b4:7a:13:49:0e:a7:9b:26:cb:16:72:ed:72:49:f6:03 + 28:c8:b6:ae:84:ce:35:0b:a5:42:2e:d4:fd:cd:d1:49 + 0a:8d:4d:2d:c6:5f:e1:53:ec:4e:93:9d:eb:23:4e:14 + 88:b5:4a:d5:3c:51:fd:d8:ff:b8:b5:06:41:62:36:80 + 69 + Exponent (bits 24): + 01:00:01 + Extensions: + Private Key Usage Period (not critical): + Not Before: Sun Aug 21 08:00:06 UTC 2011 + Not After: Tue Aug 23 20:59:59 UTC 2011 + Key Usage (critical): + Certificate signing. + CRL signing. + Subject Key Identifier (not critical): + bd20bb15eaa7f91ee490df087a52e7aa08b0d7e6 + Authority Key Identifier (not critical): + ecbcade39b163389122e04667889e156699ccbdf + Basic Constraints (critical): + Certificate Authority (CA): TRUE + Path Length Constraint: 0 + CRL Distribution points (not critical): + URI: http://www.passport.gov.gr/csca/csca.crl + Certificate Policies (not critical): + 1.3.6.1.4.1.5484.1.10.99.1.0 + Note: This Certificate is governed by the referred Policies and the Certification Practice Statement of the Greek Country Signing Certification Authority (CSCA-GREECE), which form an integral part of the Ce + URI: http://www.passport.gov.gr/csca/policies/ + Signature Algorithm: RSA-SHA256 + Signature: + 3c:81:d2:be:59:6f:2a:c6:d7:92:79:2a:21:3c:32:72 + 58:24:43:d1:38:59:e8:ec:76:ed:07:4a:c0:82:eb:90 + 8b:2d:62:c4:60:55:ce:1c:a0:dc:c8:93:36:4c:36:72 + 9c:52:46:40:2c:5b:27:29:63:7c:9c:4c:31:e7:20:8e + 9d:72:f4:8d:de:f9:50:27:57:58:6b:3b:4f:58:3b:59 + d7:c0:3f:d3:9c:61:2b:2b:04:92:b6:68:1c:42:16:69 + 11:1f:01:41:5a:e6:7d:30:42:a7:2b:f5:a7:15:db:ae + 0e:54:d2:41:79:3d:c6:c0:23:80:80:9b:9a:11:0d:00 + 2d:66:52:4d:3a:1c:cd:cd:d6:eb:f9:50:b2:e1:9a:00 + a8:b8:9b:b7:1a:36:0e:5a:12:b0:e1:b1:fd:69:e1:0d + dc:22:0d:10:e1:af:f7:0f:82:27:a1:76:7e:37:cd:53 + 69:3c:e0:6b:ee:b1:1a:36:6a:db:cd:fa:e3:92:fb:18 + 1c:23:d5:c2:09:93:eb:5a:dd:2c:cd:95:4a:e5:96:1e + 44:43:d9:0b:97:11:b7:36:62:64:16:57:84:96:e5:15 + 35:be:10:5a:77:f1:f1:7d:ae:db:76:32:77:82:26:47 + 04:e6:34:d2:82:07:f0:6e:a4:17:12:bc:09:ef:0d:7e + 00:7a:c6:e4:e9:93:17:aa:8c:25:97:7c:d7:b2:ea:60 + 2a:29:54:f1:0d:c8:fa:e8:91:3d:b0:b3:15:fc:63:cc + 11:49:40:a7:52:5c:d0:0f:e2:df:13:d3:65:e1:d6:3d + f2:c7:6d:7c:19:f0:5d:79:0e:18:22:8b:89:5b:68:26 + 5c:25:5b:0f:e2:9d:f3:50:a1:a0:5d:98:93:ed:45:f0 + 94:e2:6b:51:bc:ca:58:16:f1:e4:37:37:32:d2:7d:c7 + b2:cb:00:a9:90:45:ad:b4:29:91:dc:6a:1b:19:e7:20 + df:9e:96:5a:17:4b:8a:e6:fb:3d:11:3b:ed:79:e4:9c + 55:62:1a:60:e2:d0:97:06:63:ea:9e:48:1e:f3:93:90 + 9b:d4:a4:3e:21:05:97:99:25:6d:27:09:99:34:7b:f2 + 80:a3:04:89:c1:e9:b9:5a:cf:df:39:40:23:e3:8c:22 + 18:d3:d1:71:4e:86:e8:b6:bf:eb:f5:11:97:cf:d7:54 + 65:62:c6:d4:fe:b7:f9:2d:ed:4a:8c:98:d2:96:aa:7f + 78:32:b6:63:ee:e2:51:64:24:74:9b:de:56:6f:21:45 + cb:b5:48:a3:1f:33:5a:98:e5:29:5e:9b:e0:1f:fd:46 + 45:eb:4f:34:15:7c:4a:be:a3:07:40:3c:33:3d:34:74 +Other Information: + Fingerprint: + sha1:8b730ffbd11677aaaf8600b893927d9e402c3f2d + sha256:0738e6d0d062fb1f32e5f3a03fde6b3f045838fae7ad3bdd2c26f6003f213295 + Public Key ID: + sha1:3c7fd9a47b17ed6f81ce80c326d147fd3b991444 + sha256:bb04f2e2a511a183ef195b3581f3e4ec968f742982687bd159f65374eb3d75d8 + Public Key PIN: + pin-sha256:uwTy4qURoYPvGVs1gfPk7JaPdCmCaHvRWfZTdOs9ddg= + +-----BEGIN CERTIFICATE----- +MIIITDCCBjSgAwIBAgIBVzANBgkqhkiG9w0BAQsFADCBijEKMAgGA1UEBRMBMTEa +MBgGA1UEChMRSGVsbGVuaWMgUmVwdWJsaWMxFDASBgNVBAMTC0NTQ0EtSEVMTEFT +MRgwFgYDVQQLEw9IZWxsZW5pYyBQb2xpY2UxCzAJBgNVBAYTAkdSMSMwIQYJKoZI +hvcNAQkBFhRjc2NhQHBhc3Nwb3J0Lmdvdi5ncjAeFw0xMTA4MjEwODAwMDZaFw0x +NjExMjMyMTU5NTlaMHAxCjAIBgNVBAUTATMxGjAYBgNVBAoTEUhlbGxlbmljIFJl +cHVibGljMRQwEgYDVQQDEwtDU0NBLUhFTExBUzELMAkGA1UEBhMCR1IxIzAhBgkq +hkiG9w0BCQEWFGNzY2FAcGFzc3BvcnQuZ292LmdyMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA4JWyBFqReB9/HDN/0DrhLKdMGb5DMMKLtxodnYBDMP6A +1of/8/JDNxbCHw9Q9L87pBjG0tqrVtPbmSOf3z3cChJhH+zmmmS/EO1QYO7J+qSC +IpeJ08DR0O1og4pKIj/I7pldloHxP7Ju0351Jga02eHfp1WEN0WpeWpGN5+RupVf +0nAbGDRqwHBZV3poykKJBU1A92DiRKUpaqyDbS/AKz9LNAkDMRjo4eBZN9TKdoeb ++7McbZS7DTvRwzTeO9NNxwsZ+0n48NsoRTaIry6uZgH2YCTqmRH33JwyhF7u0O2h +4Nn4nqJpq6fgfqh4vCdzWEkDIiqH4wal0gAQrDSQjwsJ8tJ0Z7faABlH5sZwI96p +dnJuTCNcJmbdTOE7GTUmpNFH3hEmeK2UvnFtEjViYeKZHlbmk/fi8YI2/5wN6/Yt +Wi6rY4xn1I1Qf2XIf/bV770+D9N65inFBOoM3EbwTj4/nultZv1IoblJEUFMhNSC +i93c9P9nGorSrkI5VXPfWejr8teef9151MG3jMpc/iBOogIZKBgys7ogct0sioLQ +s56q7YSvT/N+AUl+z5VI7aLcK6/tpo6X+ztsr70NtHoTSQ6nmybLFnLtckn2AyjI +tq6EzjULpUIu1P3N0UkKjU0txl/hU+xOk53rI04UiLVK1TxR/dj/uLUGQWI2gGkC +AwEAAaOCAtQwggLQMCsGA1UdEAQkMCKADzIwMTEwODIxMDgwMDA2WoEPMjAxMTA4 +MjMyMDU5NTlaMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUvSC7Feqn+R7kkN8I +elLnqgiw1+YwHwYDVR0jBBgwFoAU7Lyt45sWM4kSLgRmeInhVmmcy98wEgYDVR0T +AQH/BAgwBgEB/wIBADA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vd3d3LnBhc3Nw +b3J0Lmdvdi5nci9jc2NhL2NzY2EuY3JsMIICAAYDVR0gBIIB9zCCAfMwggHvBgwr +BgEEAapsAQpjAQAwggHdMIIBogYIKwYBBQUHAgIwggGUHoIBkABUAGgAaQBzACAA +QwBlAHIAdABpAGYAaQBjAGEAdABlACAAaQBzACAAZwBvAHYAZQByAG4AZQBkACAA +YgB5ACAAdABoAGUAIAByAGUAZgBlAHIAcgBlAGQAIABQAG8AbABpAGMAaQBlAHMA +IABhAG4AZAAgAHQAaABlACAAQwBlAHIAdABpAGYAaQBjAGEAdABpAG8AbgAgAFAA +cgBhAGMAdABpAGMAZQAgAFMAdABhAHQAZQBtAGUAbgB0ACAAbwBmACAAdABoAGUA +IABHAHIAZQBlAGsAIABDAG8AdQBuAHQAcgB5ACAAUwBpAGcAbgBpAG4AZwAgAEMA +ZQByAHQAaQBmAGkAYwBhAHQAaQBvAG4AIABBAHUAdABoAG8AcgBpAHQAeQAgACgA +QwBTAEMAQQAtAEcAUgBFAEUAQwBFACkALAAgAHcAaABpAGMAaAAgAGYAbwByAG0A +IABhAG4AIABpAG4AdABlAGcAcgBhAGwAIABwAGEAcgB0ACAAbwBmACAAdABoAGUA +IABDAGUwNQYIKwYBBQUHAgEWKWh0dHA6Ly93d3cucGFzc3BvcnQuZ292LmdyL2Nz +Y2EvcG9saWNpZXMvMA0GCSqGSIb3DQEBCwUAA4ICAQA8gdK+WW8qxteSeSohPDJy +WCRD0ThZ6Ox27QdKwILrkIstYsRgVc4coNzIkzZMNnKcUkZALFsnKWN8nEwx5yCO +nXL0jd75UCdXWGs7T1g7WdfAP9OcYSsrBJK2aBxCFmkRHwFBWuZ9MEKnK/WnFduu +DlTSQXk9xsAjgICbmhENAC1mUk06HM3N1uv5ULLhmgCouJu3GjYOWhKw4bH9aeEN +3CINEOGv9w+CJ6F2fjfNU2k84GvusRo2atvN+uOS+xgcI9XCCZPrWt0szZVK5ZYe +REPZC5cRtzZiZBZXhJblFTW+EFp38fF9rtt2MneCJkcE5jTSggfwbqQXErwJ7w1+ +AHrG5OmTF6qMJZd817LqYCopVPENyProkT2wsxX8Y8wRSUCnUlzQD+LfE9Nl4dY9 +8sdtfBnwXXkOGCKLiVtoJlwlWw/infNQoaBdmJPtRfCU4mtRvMpYFvHkNzcy0n3H +sssAqZBFrbQpkdxqGxnnIN+elloXS4rm+z0RO+155JxVYhpg4tCXBmPqnkge85OQ +m9SkPiEFl5klbScJmTR78oCjBInB6blaz985QCPjjCIY09FxTobotr/r9RGXz9dU +ZWLG1P63+S3tSoyY0paqf3gytmPu4lFkJHSb3lZvIUXLtUijHzNamOUpXpvgH/1G +RetPNBV8Sr6jB0A8Mz00dA== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/ca-certs.pem b/tests/cert-tests/data/ca-certs.pem new file mode 100644 index 0000000..76f1377 --- /dev/null +++ b/tests/cert-tests/data/ca-certs.pem @@ -0,0 +1,3832 @@ +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv +b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ +Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y +dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU +MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0 +Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a +iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1 +aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C +jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia +pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0 +FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt +XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL +oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6 +R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp +rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/ +LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA +BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow +gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV +BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG +A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH +AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr +BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB +MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y +Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj +ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5 +b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D +QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc +7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH +Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4 +D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3 +VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a +lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW +Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt +hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz +0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn +ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT +d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60 +4GGSt/M3mMS+lqO3ig== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIESzCCAzOgAwIBAgIJAJigUTEEXRQpMA0GCSqGSIb3DQEBBQUAMHYxCzAJBgNV +BAYTAkRFMQ8wDQYDVQQIEwZIZXNzZW4xDjAMBgNVBAcTBUZ1bGRhMRAwDgYDVQQK +EwdEZWJjb25mMRMwEQYDVQQDEwpEZWJjb25mIENBMR8wHQYJKoZIhvcNAQkBFhBq +b2VyZ0BkZWJpYW4ub3JnMB4XDTA1MTEwNTE3NTUxNFoXDTE1MTEwMzE3NTUxNFow +djELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEOMAwGA1UEBxMFRnVsZGEx +EDAOBgNVBAoTB0RlYmNvbmYxEzARBgNVBAMTCkRlYmNvbmYgQ0ExHzAdBgkqhkiG +9w0BCQEWEGpvZXJnQGRlYmlhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCvbOo0SrIwI5IMlsshH8WF3dHB9r9JlSKhMPaybawa1EyvZspMQ3wa +F5qxNf3Sj+NElEmjseEqvCZiIIzqwerHu0Qw62cDYCdCd2+Wb5m0bPYB5CGHiyU1 +eNP0je42O0YeXG2BvUujN8AviocVo39X2YwNQ0ryy4OaqYgm2pRlbtT2ESbF+SfV +Y2iqQj/f8ymF+lHo/pz8tbAqxWcqaSiHFAVQJrdqtFhtoodoNiE3q76zJoUkZTXB +k60Yc3MJSnatZCpnsSBr/D7zpntl0THrUjjtdRWCjQVhqfhM1yZJV+ApbLdheFh0 +ZWlSxdnp25p0q0XYw/7G92ELyFDfBUUNAgMBAAGjgdswgdgwHQYDVR0OBBYEFMuV +dFNb4mCWUFbcP5LOtxFLrEVTMIGoBgNVHSMEgaAwgZ2AFMuVdFNb4mCWUFbcP5LO +txFLrEVToXqkeDB2MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMQ4wDAYD +VQQHEwVGdWxkYTEQMA4GA1UEChMHRGViY29uZjETMBEGA1UEAxMKRGViY29uZiBD +QTEfMB0GCSqGSIb3DQEJARYQam9lcmdAZGViaWFuLm9yZ4IJAJigUTEEXRQpMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGZXxHg4mnkvilRIM1EQfGdY +S5b/WcyF2MYSTeTvK4aIB6VHwpZoZCnDGj2m2D3CkHT0upAD9o0zM1tdsfncLzV+ +mDT/jNmBtYo4QXx5vEPwvEIcgrWjwk7SyaEUhZjtolTkHB7ACl0oD0r71St4iEPR +qTUCEXk2E47bg1Fz58wNt/yo2+4iqiRjg1XCH4evkQuhpW+dTZnDyFNqwSYZapOE +TBA+9zBb6xD1KM2DdY7r4GiyYItN0BKLfuWbh9LXGbl1C+f4P11g+m2MPiavIeCe +1iazG5pcS3KoTLACsYlEX24TINtg4kcuS81XdllcnsV3Kdts0nIqPj6uhTTZD0k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UE +AwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00x +CzAJBgNVBAYTAkVTMB4XDTA4MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEW +MBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZF +RElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC +AgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHkWLn7 +09gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7 +XBZXehuDYAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5P +Grjm6gSSrj0RuVFCPYewMYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAK +t0SdE3QrwqXrIhWYENiLxQSfHY9g5QYbm8+5eaA9oiM/Qj9r+hwDezCNzmzAv+Yb +X79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbkHQl/Sog4P75n/TSW9R28 +MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTTxKJxqvQU +fecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI +2Sf23EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyH +K9caUPgn6C9D4zq92Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEae +ZAwUswdbxcJzbPEHXEUkFDWug/FqTYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAP +BgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz4SsrSbbXc6GqlPUB53NlTKxQ +MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU9QHnc2VMrFAw +RAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv +bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWIm +fQwng4/F9tqgaHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3 +gvoFNTPhNahXwOf9jU8/kzJPeGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKe +I6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1PwkzQSulgUV1qzOMPPKC8W64iLgpq0i +5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1ThCojz2GuHURwCRi +ipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oIKiMn +MCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZ +o5NjEFIqnxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6 +zqylfDJKZ0DcMDQj3dcEI2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacN +GHk0vFQYXlPKNFHtRQrmjseCNj6nOGOpMCwXEGCSn1WHElkQwg9naRHMTh5+Spqt +r0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3otkYNbn5XOmeUwssfnHdK +Z05phkOTOPu220+DkdRgfks+KzgHVZhepA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUAMHsx +CzAJBgNVBAYTAkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRlIENlcnRp +ZmljYWNpw7NuIERpZ2l0YWwgLSBDZXJ0aWPDoW1hcmEgUy5BLjEjMCEGA1UEAwwa +QUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4wHhcNMDYxMTI3MjA0NjI5WhcNMzAw +NDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UECgw+U29jaWVkYWQgQ2Ft +ZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFsIC0gQ2VydGljw6FtYXJhIFMu +QS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRpY8OhbWFyYSBTLkEuMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2uJo1PMSCMI+8PPUZYILrgIem08kBeG +qentLhM0R7LQcNzJPNCNyu5LF6vQhbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzL +fDe3fezTf3MZsGqy2IiKLUV0qPezuMDU2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQ +Y5fzp6cSsgkiBzPZkc0OnB8OIMfuuzONj8LSWKdf/WU34ojC2I+GdV75LaeHM/J4 +Ny+LvB2GNzmxlPLYvEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP2yYe68yQ +54v5aHxwD6Mq0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+b +MMCm8Ibbq0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48j +ilSH5L887uvDdUhfHjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++Ej +YfDIJss2yKHzMI+ko6Kh3VOz3vCaMh+DkXkwwakfU5tTohVTP92dsxA7SH2JD/zt +A/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK5lw1omdMEWux+IBkAC1vImHF +rEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1bczwmPS9KvqfJ +pxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMDG2gwgaAGA1UdIASBmDCB +lTCBkgYEVR0gADCBiTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5jZXJ0aWNhbWFy +YS5jb20vZHBjLzBaBggrBgEFBQcCAjBOGkxMaW1pdGFjaW9uZXMgZGUgZ2FyYW50 +7WFzIGRlIGVzdGUgY2VydGlmaWNhZG8gc2UgcHVlZGVuIGVuY29udHJhciBlbiBs +YSBEUEMuMA0GCSqGSIb3DQEBBQUAA4ICAQBclLW4RZFNjmEfAygPU3zmpFmps4p6 +xbD/CHwso3EcIRNnoZUSQDWDg4902zNc8El2CoFS3UnUmjIz75uny3XlesuXEpBc +unvFm9+7OSPI/5jOCk0iAUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/ +Jre7Ir5v/zlXdLp6yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dp +ezy4ydV/NgIlqmjCMRW3MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42 +gzmRkBDI8ck1fj+404HGIGQatlDCIaR43NAvO2STdPCWkPHv+wlaNECW8DYSwaN0 +jJN+Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wkeZBWN7PGKX6jD/EpOe9+ +XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f/RWmnkJD +W2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/pDceiz+/ +RL5hRqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9Sy9NgWyo6R35r +MDOhYil/SrnhLecUIw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ7Ud3YA47Dx7SwNxk +BYn8eNZcLCZDqQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 +b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw +MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD +VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul +CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n +tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl +dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch +PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC ++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O +BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk +ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB +IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X +7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz +43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY +eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl +pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA +WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 +b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx +MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB +ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV +BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV +6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX +GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP +dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH +1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF +62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW +BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw +AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL +MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU +cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv +b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6 +IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/ +iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao +GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh +4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm +XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 +b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1 +MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK +EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh +BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq +xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G +87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i +2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U +WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1 +0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G +A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr +pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL +ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm +aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv +hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm +hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X +dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3 +P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y +iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no +xqE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc +MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP +bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2 +MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft +ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk +hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym +1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW +OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb +2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko +O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU +AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF +Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb +LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir +oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C +MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds +sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc +MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP +bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2 +MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft +ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC +206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci +KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2 +JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9 +BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e +Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B +PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67 +Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq +Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ +o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3 ++L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj +YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj +FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn +xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2 +LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc +obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8 +CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe +IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA +DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F +AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX +Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb +AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl +Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw +RY8mkaKO/qk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEc +MBoGA1UEChMTSmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRp +b25DQTAeFw0wNzEyMTIxNTAwMDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYT +AkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zlcm5tZW50MRYwFAYDVQQLEw1BcHBs +aWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp23gdE6H +j6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4fl+K +f5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55 +IrmTwcrNwVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cw +FO5cjFW6WY2H/CPek9AEjP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDiht +QWEjdnjDuGWk81quzMKq2edY3rZ+nYVunyoKb58DKTCXKB28t89UKU5RMfkntigm +/qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRUWssmP3HMlEYNllPqa0jQ +k/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNVBAYTAkpQ +MRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOC +seODvOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADlqRHZ3ODrso2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJ +hyzjVOGjprIIC8CFqMjSnHH2HZ9g/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+ +eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYDio+nEhEMy/0/ecGc/WLuo89U +DNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmWdupwX3kSa+Sj +B1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL +rosot4LKGAfmt1t06SAZf7IbiVQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE +BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h +cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy +MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg +Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 +thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM +cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG +L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i +NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h +X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b +m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy +Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja +EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T +KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF +6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh +OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD +VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv +ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl +AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF +661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 +am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 +ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 +PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS +3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k +SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF +3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM +ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g +StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz +Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB +jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ +RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD +VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX +DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy +VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr +mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr +IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK +mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu +XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy +dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye +jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 +BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 +DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 +9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx +jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 +Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz +ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS +R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg +Q2xhc3MgMiBDQSAxMB4XDTA2MTAxMzEwMjUwOVoXDTE2MTAxMzEwMjUwOVowSzEL +MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD +VQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAIs8B0XY9t/mx8q6jUPFR42wWsE425KEHK8T1A9vNkYgxC7McXA0 +ojTTNy7Y3Tp3L8DrKehc0rWpkTSHIln+zNvnma+WwajHQN2lFYxuyHyXA8vmIPLX +l18xoS830r7uvqmtqEyeIWZDO6i88wmjONVZJMHCR3axiFyCO7srpgTXjAePzdVB +HfCuuCkslFJgNJQ72uA40Z0zPhX0kzLFANq1KWYOOngPIVJfAuWSeyXTkh4vFZ2B +5J2O6O+JzhRMVB0cgRJNcKi+EAUXfh/RuFdV7c27UsKwHnjCTTZoy1YmwVLBvXb3 +WNVyfh9EdrsAiR0WnVE1703CVu9r4Iw7DekCAwEAAaNCMEAwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUP42aWYv8e3uco684sDntkHGA1sgwDgYDVR0PAQH/BAQD +AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAVGn4TirnoB6NLJzKyQJHyIdFkhb5jatLP +gcIV1Xp+DCmsNx4cfHZSldq1fyOhKXdlyTKdqC5Wq2B2zha0jX94wNWZUYN/Xtm+ +DKhQ7SLHrQVMdvvt7h5HZPb3J31cKA9FxVxiXqaakZG3Uxcu3K1gnZZkOb1naLKu +BctN518fV4bVIJwo+28TOPX2EZL2fZleHwzoq0QkKXJAPTZSr4xYkHPB7GEseaHs +h7U/2k3ZIQAw3pDaDtMaSKk+hQsUi4y8QZ5q9w5wwDX3OaJdZtB7WZ+oRxKaJyOk +LY4ng5IgodcVf/EuGO70SH8vf/GhGLWhC5SgYiAynB321O+/TIho +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUzCCAjugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg +Q2xhc3MgMyBDQSAxMB4XDTA1MDUwOTE0MTMwM1oXDTE1MDUwOTE0MTMwM1owSzEL +MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD +VQQDDBRCdXlwYXNzIENsYXNzIDMgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKSO13TZKWTeXx+HgJHqTjnmGcZEC4DVC69TB4sSveZn8AKxifZg +isRbsELRwCGoy+Gb72RRtqfPFfV0gGgEkKBYouZ0plNTVUhjP5JW3SROjvi6K//z +NIqeKNc0n6wv1g/xpC+9UrJJhW05NfBEMJNGJPO251P7vGGvqaMU+8IXF4Rs4HyI ++MkcVyzwPX6UvCWThOiaAJpFBUJXgPROztmuOfbIUxAMZTpHe2DC1vqRycZxbL2R +hzyRhkmr8w+gbCZ2Xhysm3HljbybIR6c1jh+JIAVMYKWsUnTYjdbiAwKYjT+p0h+ +mbEwi5A3lRyoH6UsjfRVyNvdWQrCrXig9IsCAwEAAaNCMEAwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUOBTmyPCppAP0Tj4io1vy1uCtQHQwDgYDVR0PAQH/BAQD +AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQABZ6OMySU9E2NdFm/soT4JXJEVKirZgCFP +Bdy7pYmrEzMqnji3jG8CcmPHc3ceCQa6Oyh7pEfJYWsICCD8igWKH7y6xsL+z27s +EzNxZy5p+qksP2bAEllNC1QCkoS72xLvg3BweMhT+t/Gxv/ciC8HwEmdMldg0/L2 +mSlf56oBzKwzqBwKu5HEA6BvtjT5htOzdlSY9EqBs1OdTUDs5XcTRa9bqh/YL0yC +e/4qxFi7T/ye/QNlGioOw6UgFpRreaaiErS7GqQjel/wroQk5PMr+4okoyeYZdow +dXb8GZHo2+ubPzK/QJcHJrrM85SFSnonk8+QQtS4Wxam58tAA915 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzET +MBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UE +AxMIQ0EgRGlzaWcwHhcNMDYwMzIyMDEzOTM0WhcNMTYwMzIyMDEzOTM0WjBKMQsw +CQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcg +YS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6UShGhJd4NLxs/LxFWYgmGErE +Nx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIjZkMhsDxkovhqFQ4/61HhVKndBpnX +mjxUizkDPw/Fzsbrg3ICqB9x8y34dQjbYkzo+s7552oftms1grrijxaSfQUMbEYD +XcDtab86wYqg6I7ZuUUohwjstMoVvoLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhW +S8+2rT+MitcE5eN4TPWGqvWP+j1scaMtymfraHtuM6kMgiioTGohQBUgDCZbg8Kp +FhXAJIJdKxatymP2dACw30PEEGBWZ2NFAgMBAAGjgf8wgfwwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0PAQH/BAQD +AgEGMDYGA1UdEQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cu +ZGlzaWcuc2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5z +ay9jYS9jcmwvY2FfZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2sv +Y2EvY3JsL2NhX2Rpc2lnLmNybDAaBgNVHSAEEzARMA8GDSuBHpGT5goAAAABAQEw +DQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59tWDYcPQuBDRIrRhCA/ec8J9B6 +yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3mkkp7M5+cTxq +EEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l37iYC5oyOGwwoPP/ +CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54GvCKWU3BlxFAKRmukLyeB +EicTXxChds6KezfqwzlhA5WYOudsiCUI/HloDYd9Yvi0X/vF2Ey9WLw/Q1vUHgFN +PGO+I++MzVpQuGhU+QqZMxEA4Z7CRneC9VkGjCFMhwnN5ag= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg +b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa +MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB +ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw +IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B +AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb +unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d +BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq +7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 +0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX +roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG +A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j +aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p +26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA +BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud +EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN +BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz +aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB +AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd +p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi +1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc +XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 +eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu +tGWaIZDgqtCYvDi1czyL+Nw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo +YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 +MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy +NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G +A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA +A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 +Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s +QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV +eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 +B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh +z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T +AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i +ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w +TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH +MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD +VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE +VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh +bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B +AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM +bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi +ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG +VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c +ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ +AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X +DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ +BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 +QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny +gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw +zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q +130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 +JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw +ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT +AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj +AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG +9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h +bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc +fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu +HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w +t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw +PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz +cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 +MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz +IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ +ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR +VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL +kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd +EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas +H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 +HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud +DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 +QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu +Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ +AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 +yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR +FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA +ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB +kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 +l7+ijrRU +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT +AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD +QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP +MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do +0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ +UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d +RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ +OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv +JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C +AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O +BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ +LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY +MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ +44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I +Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw +i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN +9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E +jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo +ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI +ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu +Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg +AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 +HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA +uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa +TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg +xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q +CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x +O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs +6GAqm4VKQPNriiTsBhYscw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz +IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz +MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj +dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw +EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp +MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 +28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq +VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q +DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR +5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL +ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a +Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl +UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s ++12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 +Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj +ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx +hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV +HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 ++HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN +YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t +L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy +ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt +IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV +HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w +DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW +PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF +5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 +glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH +FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 +pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD +xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG +tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq +jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De +fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg +OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ +d0jQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJD +TjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2 +MDcwOTE0WhcNMjcwNDE2MDcwOTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMF +Q05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzDo+/hn7E7SIX1mlwh +IhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tizVHa6 +dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZO +V/kbZKKTVrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrC +GHn2emU1z5DrvTOTn1OrczvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gN +v7Sg2Ca+I19zN38m5pIEo3/PIKe38zrKy5nLAgMBAAGjczBxMBEGCWCGSAGG+EIB +AQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscCwQ7vptU7ETAPBgNVHRMB +Af8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991SlgrHAsEO +76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnK +OOK5Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvH +ugDnuL8BV8F3RTIMO/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7Hgvi +yJA/qIYM/PmLXoXLT1tLYhFHxUV8BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fL +buXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2G8kS1sHNzYDzAgE8yGnLRUhj +2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5mmxE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw +MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW +/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g +PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY +SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv +IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 +zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd +BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB +ZQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT +IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw +MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N +T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR +FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J +cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW +BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm +fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv +GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp +ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow +fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV +BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM +cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S +HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996 +CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk +3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz +6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV +HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud +EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv +Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw +Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww +DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0 +5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj +Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI +gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ +aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl +izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0 +aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla +MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO +BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD +VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW +fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt +TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL +fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW +1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7 +kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G +A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v +ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo +dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu +Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/ +HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32 +pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS +jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+ +xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn +dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDkzCCAnugAwIBAgIQFBOWgxRVjOp7Y+X8NId3RDANBgkqhkiG9w0BAQUFADA0 +MRMwEQYDVQQDEwpDb21TaWduIENBMRAwDgYDVQQKEwdDb21TaWduMQswCQYDVQQG +EwJJTDAeFw0wNDAzMjQxMTMyMThaFw0yOTAzMTkxNTAyMThaMDQxEzARBgNVBAMT +CkNvbVNpZ24gQ0ExEDAOBgNVBAoTB0NvbVNpZ24xCzAJBgNVBAYTAklMMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ORUaSvTx49qROR+WCf4C9DklBKK +8Rs4OC8fMZwG1Cyn3gsqrhqg455qv588x26i+YtkbDqthVVRVKU4VbirgwTyP2Q2 +98CNQ0NqZtH3FyrV7zb6MBBC11PN+fozc0yz6YQgitZBJzXkOPqUm7h65HkfM/sb +2CEJKHxNGGleZIp6GZPKfuzzcuc3B1hZKKxC+cX/zT/npfo4sdAMx9lSGlPWgcxC +ejVb7Us6eva1jsz/D3zkYDaHL63woSV9/9JLEYhwVKZBqGdTUkJe5DSe5L6j7Kpi +Xd3DTKaCQeQzC6zJMw9kglcq/QytNuEMrkvF7zuZ2SOzW120V+x0cAwqTwIDAQAB +o4GgMIGdMAwGA1UdEwQFMAMBAf8wPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2Zl +ZGlyLmNvbXNpZ24uY28uaWwvY3JsL0NvbVNpZ25DQS5jcmwwDgYDVR0PAQH/BAQD +AgGGMB8GA1UdIwQYMBaAFEsBmz5WGmU2dst7l6qSBe4y5ygxMB0GA1UdDgQWBBRL +AZs+VhplNnbLe5eqkgXuMucoMTANBgkqhkiG9w0BAQUFAAOCAQEA0Nmlfv4pYEWd +foPPbrxHbvUanlR2QnG0PFg/LUAlQvaBnPGJEMgOqnhPOAlXsDzACPw1jvFIUY0M +cXS6hMTXcpuEfDhOZAYnKuGntewImbQKDdSFc8gS4TXt8QUxHXOZDOuWyt3T5oWq +8Ir7dcHyCTxlZWTzTNity4hp8+SDtwy9F1qWF8pb/627HOkthIDYIb6FUtnUdLlp +hbpN7Sgy6/lhSuTENh4Z3G+EER+V9YMoGKgzkkMn3V0TBEVPh9VGzT2ouvDzuFYk +Res3x+F2T3I5GN9+dHLHcy056mDmrRGiVod7w2ia/viMcKjfZTL0pECMocJEAw6U +AGegcQCCSA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEFBQAw +PDEbMBkGA1UEAxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdDb21TaWdu +MQswCQYDVQQGEwJJTDAeFw0wNDAzMjQxMTM3MjBaFw0yOTAzMTYxNTA0NTZaMDwx +GzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBDQTEQMA4GA1UEChMHQ29tU2lnbjEL +MAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGtWhf +HZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjWaueP1H5XJLkGieQcPOqs49oh +gHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQPRbsHPaHA+iqYHU4Gk/v1iDurX8sW +v+bznkqH7Rnqwp9D5PGBpX8QTz7RSmKtUxvLg/8HZaWSLWapW7ha9B20IZFKF3ue +Mv5WJDmyVIRD9YTC2LxBkMyd1mja6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr +9gOUCXDeFhF6K+h2j0kQmHe5Y1yLM5d19guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt +6+UarA9z1YJZQIDTAgMBAAGjgacwgaQwDAYDVR0TBAUwAwEB/zBEBgNVHR8EPTA7 +MDmgN6A1hjNodHRwOi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29tU2lnblNl +Y3VyZWRDQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58 +ADsAj8c+DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkq +hkiG9w0BAQUFAAOCAQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7p +iL1DRYHjZiM/EoZNGeQFsOY3wo3aBijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2mPtC +dsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtpFhpFfTMDZflScZAmlaxMDPWL +kz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP51qJThRv4zdL +hfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+/21OGVZOIJFsnzQz +OjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7Tbieejw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG +A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh +bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE +ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS +b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 +7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS +J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y +HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP +t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz +FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY +XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw +hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js +MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA +A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj +Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx +XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o +omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc +A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW +WL1WMRJOEcgh4LMRkWXbtKaIOM5V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc +MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj +IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB +IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE +RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl +U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 +IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU +ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC +QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr +rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S +NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc +QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH +txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP +BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp +tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa +IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl +6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ +xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU +Cm26OWMohpLzGITY+9HPBVZkVw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV +UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL +EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ +BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x +ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg +bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ +j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV +Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG +SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx +JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI +RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw +MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5 +fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i ++DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG +SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN +QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+ +gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV +UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL +EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ +BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x +ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/ +k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso +LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o +TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG +SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx +JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI +RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3 +MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C +TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5 +WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG +SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR +xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL +B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBb +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qx +ETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0w +MzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNVBAYTAlVTMSAwHgYD +VQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UECxMIRFNUIEFDRVMx +FzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPu +ktKe1jzIDZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7 +gLFViYsx+tC3dr5BPTCapCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZH +fAjIgrrep4c9oW24MFbCswKBXy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4a +ahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEIT +ajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rk +c3QuY29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjto +dHRwOi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt +aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZI +hvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99Pe7lv7Uk +QIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6tFr8hlxCBPeP/ +h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq +nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpR +rscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf2 +9w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6mis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF5zCCA8+gAwIBAgIITK9zQhyOdAIwDQYJKoZIhvcNAQEFBQAwgYAxODA2BgNV +BAMML0VCRyBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx +c8SxMTcwNQYDVQQKDC5FQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXpt +ZXRsZXJpIEEuxZ4uMQswCQYDVQQGEwJUUjAeFw0wNjA4MTcwMDIxMDlaFw0xNjA4 +MTQwMDMxMDlaMIGAMTgwNgYDVQQDDC9FQkcgRWxla3Ryb25payBTZXJ0aWZpa2Eg +SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTE3MDUGA1UECgwuRUJHIEJpbGnFn2ltIFRl +a25vbG9qaWxlcmkgdmUgSGl6bWV0bGVyaSBBLsWeLjELMAkGA1UEBhMCVFIwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDuoIRh0DpqZhAy2DE4f6en5f2h +4fuXd7hxlugTlkaDT7byX3JWbhNgpQGR4lvFzVcfd2NR/y8927k/qqk153nQ9dAk +tiHq6yOU/im/+4mRDGSaBUorzAzu8T2bgmmkTPiab+ci2hC6X5L8GCcKqKpE+i4s +tPtGmggDg3KriORqcsnlZR9uKg+ds+g75AxuetpX/dfreYteIAbTdgtsApWjluTL +dlHRKJ2hGvxEok3MenaoDT2/F08iiFD9rrbskFBKW5+VQarKD7JK/oCZTqNGFav4 +c0JqwmZ2sQomFd2TkuzbqV9UIlKRcF0T6kjsbgNs2d1s/OsNA/+mgxKb8amTD8Um +TDGyY5lhcucqZJnSuOl14nypqZoaqsNW2xCaPINStnuWt6yHd6i58mcLlEOzrz5z ++kI2sSXFCjEmN1ZnuqMLfdb3ic1nobc6HmZP9qBVFCVMLDMNpkGMvQQxahByCp0O +Lna9XvNRiYuoP1Vzv9s6xiQFlpJIqkuNKgPlV5EQ9GooFW5Hd4RcUXSfGenmHmMW +OeMRFeNYGkS9y8RsZteEBt8w9DeiQyJ50hBs37vmExH8nYQKE3vwO9D8owrXieqW +fo1IhR5kX9tUoqzVegJ5a9KK8GfaZXINFHDk6Y54jzJ0fFfy1tb0Nokb+Clsi7n2 +l9GkLqq+CxnCRelwXQIDAJ3Zo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB +/wQEAwIBBjAdBgNVHQ4EFgQU587GT/wWZ5b6SqMHwQSny2re2kcwHwYDVR0jBBgw +FoAU587GT/wWZ5b6SqMHwQSny2re2kcwDQYJKoZIhvcNAQEFBQADggIBAJuYml2+ +8ygjdsZs93/mQJ7ANtyVDR2tFcU22NU57/IeIl6zgrRdu0waypIN30ckHrMk2pGI +6YNw3ZPX6bqz3xZaPt7gyPvT/Wwp+BVGoGgmzJNSroIBk5DKd8pNSe/iWtkqvTDO +TLKBtjDOWU/aWR1qeqRFsIImgYZ29fUQALjuswnoT4cCB64kXPBfrAowzIpAoHME +wfuJJPaaHFy3PApnNgUIMbOv2AFoKuB4j3TeuFGkjGwgPaL7s9QJ/XvCgKqTbCmY +Iai7FvOpEl90tYeY8pUm3zTvilORiF0alKM/fCL414i6poyWqD1SNGKfAB5UVUJn +xk1Gj7sURT0KlhaOEKGXmdXTMIXM3rRyt7yKPBgpaP3ccQfuJDlq+u2lrDgv+R4Q +DgZxGhBM/nV+/x5XOULK1+EVoVZVWRvRo68R2E7DpSvvkL/A7IITW43WciyTTo9q +Kd+FPNMN4KIYEsxVL0e3p5sC/kH2iExt2qkBR4NkJ2IQgtYSe14DHzSpyZH+r11t +hie3I6p1GMog57AP14kOpmciY/SDQSsGS7tY1dHXt7kQY9iJSrSq3RZj9W6+YKH4 +7ejWkE8axsWgKdOnIaj1Wjz3x0miIZpKlVIglnKaZsv30oZDfCK+lvm9AahH3eU7 +QPl1K5srRmSGjR70j/sHd9DqSaIcjVIUpgqT +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1 +MQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxp +Z2kgQS5TLjE8MDoGA1UEAxMzZS1HdXZlbiBLb2sgRWxla3Ryb25payBTZXJ0aWZp +a2EgSGl6bWV0IFNhZ2xheWljaXNpMB4XDTA3MDEwNDExMzI0OFoXDTE3MDEwNDEx +MzI0OFowdTELMAkGA1UEBhMCVFIxKDAmBgNVBAoTH0VsZWt0cm9uaWsgQmlsZ2kg +R3V2ZW5saWdpIEEuUy4xPDA6BgNVBAMTM2UtR3V2ZW4gS29rIEVsZWt0cm9uaWsg +U2VydGlmaWthIEhpem1ldCBTYWdsYXlpY2lzaTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMMSIJ6wXgBljU5Gu4Bc6SwGl9XzcslwuedLZYDBS75+PNdU +MZTe1RK6UxYC6lhj71vY8+0qGqpxSKPcEC1fX+tcS5yWCEIlKBHMilpiAVDV6wlT +L/jDj/6z/P2douNffb7tC+Bg62nsM+3YjfsSSYMAyYuXjDtzKjKzEve5TfL0TW3H +5tYmNwjy2f1rXKPlSFxYvEK+A1qBuhw1DADT9SN+cTAIJjjcJRFHLfO6IxClv7wC +90Nex/6wN1CZew+TzuZDLMN+DfIcQ2Zgy2ExR4ejT669VmxMvLz4Bcpk9Ok0oSy1 +c+HCPujIyTQlCFzz7abHlJ+tiEMl1+E5YP6sOVkCAwEAAaNCMEAwDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ/uRLOU1fqRTy7ZVZoE +VtstxNulMA0GCSqGSIb3DQEBBQUAA4IBAQB/X7lTW2M9dTLn+sR0GstG30ZpHFLP +qk/CaOv/gKlR6D1id4k9CnU58W5dF4dvaAXBlGzZXd/aslnLpRCKysw5zZ/rTt5S +/wzw9JKp8mxTq5vSR6AfdPebmvEvFZ96ZDAYBzwqD2fK/A+JYZ1lpTzlvBNbCNvj +/+27BrtqBrF6T2XGgv0enIu1De5Iu7i9qgi0+6N8y5/NkHZchpZ4Vwpm+Vganf2X +KWDeEaaQHBkc7gGWIjQ0LpH5t8Qn0Xvmv/uARFoW5evg1Ao4vOSR49XrXMGs3xtq +fJ7lddK2l4fbzIcrQzqECK+rPNv3PGYxhrCdU3nt+CPeQuMtgvEP5fqX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy +MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 +LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp +YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG +A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq +K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe +sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX +MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT +XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ +HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH +4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA +vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G +CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA +WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo +oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ +h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18 +f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN +B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy +vUxFnmG6v4SBkgPR0ml8xQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC +VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u +ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc +KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u +ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1 +MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE +ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j +b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF +bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg +U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA +A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/ +I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3 +wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC +AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb +oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5 +BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p +dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk +MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp +b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu +dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0 +MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi +E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa +MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI +hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN +95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd +2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 +Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW +KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw +NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw +NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy +ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV +BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo +Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 +4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 +KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI +rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi +94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB +sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi +gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo +kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE +vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t +O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua +AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP +9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ +eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m +0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe +MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 +ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw +IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL +SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH +SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh +ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X +DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 +TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ +fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA +sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU +WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS +nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH +dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip +NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC +AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF +MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB +uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl +PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP +JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ +gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 +j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 +5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB +o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS +/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z +Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE +W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D +hNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy +dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1 +MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx +dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f +BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A +cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC +AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm +aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw +ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj +IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF +MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA +A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y +7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh +1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEc +MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBT +ZWN1cmUgZUJ1c2luZXNzIENBLTEwHhcNOTkwNjIxMDQwMDAwWhcNMjAwNjIxMDQw +MDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5j +LjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNzIENBLTEwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fek6lfWg0XTzQaDJj0ItlZ1MRo +RvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5/VGcqiTZ9J2DKocKIdMSODRsjQBu +WqDZQu4aIZX5UkxVWsUPOE9G+m34LjXWHXzr4vCwdYDIqROsvojvOm6rXyo4YgKw +Env+j6YDAgMBAAGjZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTAD +AQH/MB8GA1UdIwQYMBaAFEp4MlIR21kWNl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRK +eDJSEdtZFjZe38EUNkBqR3xMoTANBgkqhkiG9w0BAQQFAAOBgQB1W6ibAxHm6VZM +zfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+ +WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN +/Bf+KpYrtWKmpj29f5JZzVoqgrI3eQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAomgAwIBAgIEN3DPtTANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV +UzEXMBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2Vj +dXJlIGVCdXNpbmVzcyBDQS0yMB4XDTk5MDYyMzEyMTQ0NVoXDTE5MDYyMzEyMTQ0 +NVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkVxdWlmYXggU2VjdXJlMSYwJAYD +VQQLEx1FcXVpZmF4IFNlY3VyZSBlQnVzaW5lc3MgQ0EtMjCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEA5Dk5kx5SBhsoNviyoynF7Y6yEb3+6+e0dMKP/wXn2Z0G +vxLIPw7y1tEkshHe0XMJitSxLJgJDR5QRrKDpkWNYmi7hRsgcDKqQM2mll/EcTc/ +BPO3QSQ5BxoeLmFYoBIL5aXfxavqN3HMHMg3OrmXUqesxWoklE6ce8/AatbfIb0C +AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEX +MBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2VjdXJl +IGVCdXNpbmVzcyBDQS0yMQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTkw +NjIzMTIxNDQ1WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUUJ4L6q9euSBIplBq +y/3YIHqngnYwHQYDVR0OBBYEFFCeC+qvXrkgSKZQasv92CB6p4J2MAwGA1UdEwQF +MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA +A4GBAAyGgq3oThr1jokn4jVYPSm0B482UJW/bsGe68SQsoWou7dC4A8HOd/7npCy +0cE+U58DRLB+S/Rv5Hwf5+Kx5Lia78O9zt4LMjTZ3ijtM2vE1Nc9ElirfQkty3D1 +E4qUoSek1nDFbZS1yX2doNLGCEnZZpum0/QL3MUmV+GRMOrN +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEc +MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBT +ZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIw +MDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2Vj +dXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l +c3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRVPEnC +UdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc +58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/ +o5brhTMhHD4ePmBudpxnhcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAH +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1dr +aGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUA +A4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkA +Z70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv +8qIYNMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEVzCCAz+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCRVMx +IjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNVBAMTOUF1 +dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 +MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9mZXNpb25hbC5jb20w +HhcNMDExMDI0MjIwMDAwWhcNMTMxMDI0MjIwMDAwWjCBnTELMAkGA1UEBhMCRVMx +IjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNVBAMTOUF1 +dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 +MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9mZXNpb25hbC5jb20w +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnIwNvbyOlXnjOlSztlB5u +Cp4Bx+ow0Syd3Tfom5h5VtP8c9/Qit5Vj1H5WuretXDE7aTt/6MNbg9kUDGvASdY +rv5sp0ovFy3Tc9UTHI9ZpTQsHVQERc1ouKDAA6XPhUJHlShbz++AbOCQl4oBPB3z +hxAwJkh91/zpnZFx/0GaqUC1N5wpIE8fUuOgfRNtVLcK3ulqTgesrBlf3H5idPay +BQC6haD9HThuy1q7hryUZzM1gywfI834yJFxzJeL764P3CkDG8A563DtwW4O2GcL +iam8NeTvtjS0pbbELaW+0MOUJEjb35bTALVmGotmBQ/dPz/LP6pemkr4tErvlTcb +AgMBAAGjgZ8wgZwwKgYDVR0RBCMwIYYfaHR0cDovL3d3dy5maXJtYXByb2Zlc2lv +bmFsLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEBMCsGA1UdEAQkMCKADzIwMDExMDI0 +MjIwMDAwWoEPMjAxMzEwMjQyMjAwMDBaMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E +FgQUMwugZtHq2s7eYpMEKFK1FH84aLcwDQYJKoZIhvcNAQEFBQADggEBAEdz/o0n +VPD11HecJ3lXV7cVVuzH2Fi3AQL0M+2TUIiefEaxvT8Ub/GzR0iLjJcG1+p+o1wq +u00vR+L4OQbJnC4xGgN49Lw4xiKLMzHwFgQEffl25EvXwOaD7FnMP97/T2u3Z36m +hoEyIwOdyPdfwUpgpZKpsaSgYMN4h7Mi8yrrW6ntBas3D7Hi05V2Y1Z0jFhyGzfl +ZKG+TQyTmAyX9odtsz/ny4Cm7YjHX1BiAuiZdBbQ5rQ58SfLyEDW44YQqSMSkuBp +QWOnryULwMWSyx6Yo1q6xTMPoJcB3X/ge9YGVM+h4k0460tQtcsm9MracEpqoeJ5 +quGnM/b9Sh/22WA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFs +IENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg +R2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvPE1A +PRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/NTL8 +Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hL +TytCOb1kLUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL +5mkWRxHCJ1kDs6ZgwiFAVvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7 +S4wMcoKK+xfNAGw6EzywhIdLFnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe +2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUap +EBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6td +EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv +/NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN +A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0 +abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF +I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz +4iIprn2DQKi6bA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo +R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx +MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK +Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 +AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA +ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 +7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W +kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI +mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ +KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 +6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl +4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K +oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj +UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU +AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL +MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj +KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 +MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw +NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV +BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL +So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal +tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG +CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT +qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz +rD6ogRLQy7rQkgu2npaqBA+K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ +BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 +BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz ++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm +hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn +5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W +JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL +DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC +huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB +AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB +zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN +kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH +SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G +spki4cErx5z481+oghLrGREt +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy +c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD +VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1 +c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81 +WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG +FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq +XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL +se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb +KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd +IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73 +y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt +hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc +QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4 +Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV +HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ +KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z +dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ +L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr +Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo +ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY +T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz +GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m +1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV +OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH +6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX +QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy +c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE +BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 +IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV +VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 +cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT +QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh +F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v +c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w +mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd +VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX +teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ +f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe +Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ +nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY +MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG +9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc +aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX +IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn +ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z +uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN +Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja +QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW +koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 +ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt +DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm +bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD +aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx +MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy +cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG +A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl +BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed +KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 +G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 +zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 +ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG +HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 +Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V +yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e +beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r +6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh +wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog +zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW +BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr +ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp +ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk +cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt +YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC +CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow +KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI +hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ +UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz +X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x +fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz +a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd +Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd +SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O +AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso +M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge +v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z +09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 +MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 +RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT +gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm +KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd +QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ +XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o +LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU +RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp +jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK +6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX +mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs +Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH +WD9f +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh +MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE +YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 +MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo +ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg +MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN +ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA +PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w +wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi +EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY +avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ +YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE +sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h +/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 +IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy +OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P +TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER +dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf +ReYNnyicsbkqWletNw+vHX/bvZ8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD +VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv +bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv +b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV +UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU +cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds +b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH +iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS +r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4 +04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r +GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9 +3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P +lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx +FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg +Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG +A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr +b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ +jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn +PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh +ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 +nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h +q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED +MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC +mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 +7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB +oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs +EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO +fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi +AmvZWg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYT +AkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQ +TS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG +9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMB4XDTAyMTIxMzE0MjkyM1oXDTIw +MTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAM +BgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEO +MAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2 +LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaI +s9z4iPf930Pfeo2aSVz2TqrMHLmh6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2 +xtgv2pGqaMVy/hcKshd+ebUyiHDKcMCWSo7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4 +u0dzEvfRNWk68gq5rv9GQkaiv6GFGvm/5P9JhfejcIYyHF2fYPepraX/z9E0+X1b +F8bc1g4oa8Ld8fUzaJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNdfrGoRpAx +Vs5wKpayMLh35nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGd +PDPQtQIDAQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNV +HSAEDjAMMAoGCCqBegF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAx +NjAfBgNVHSMEGDAWgBSjBS8YYFDCiQrdKyFP/45OqDAxNjANBgkqhkiG9w0BAQUF +AAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RKq89toB9RlPhJy3Q2FLwV3duJ +L92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3QMZsyK10XZZOY +YLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN8In1buAKBQGVyYsg +Crpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdOlgQITeywvl3cO45Pwf2a +NjSaTFR+FwNIlQgRHAdvhQh+XU3Endv7rs6y0bO4g2wdsrN58dhwmX7wEwLOXt1R +0982gaEbeC9xs/FZTEYYKKuF0mBWWg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 +ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD +VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j +b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq +scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO +xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H +LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX +uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD +yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ +JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q +rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN +BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L +hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB +QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ +HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu +Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg +QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB +BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA +A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb +laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 +awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo +JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw +LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT +VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk +LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb +UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ +QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ +naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls +QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgIEO45L/DANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcN +AQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZp +dHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTAxMDgzMDE0MjMw +MVoXDTE2MDgyNjE0MjMwMVowXTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMQsw +CQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEQ +MA4GA1UEAxMHSnV1ci1TSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AIFxNj4zB9bjMI0TfncyRsvPGbJgMUaXhvSYRqTCZUXP00B841oiqBB4M8yIsdOB +SvZiF3tfTQou0M+LI+5PAk676w7KvRhj6IAcjeEcjT3g/1tf6mTll+g/mX8MCgkz +ABpTpyHhOEvWgxutr2TC+Rx6jGZITWYfGAriPrsfB2WThbkasLnE+w0R9vXW+RvH +LCu3GFH+4Hv2qEivbDtPL+/40UceJlfwUR0zlv/vWT3aTdEVNMfqPxZIe5EcgEMP +PbgFPtGzlc3Yyg/CQ2fbt5PgIoIuvvVoKIO5wTtpeyDaTpxt4brNj3pssAki14sL +2xzVWiZbDcDq5WDQn/413z8CAwEAAaOCAawwggGoMA8GA1UdEwEB/wQFMAMBAf8w +ggEWBgNVHSAEggENMIIBCTCCAQUGCisGAQQBzh8BAQEwgfYwgdAGCCsGAQUFBwIC +MIHDHoHAAFMAZQBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0ACAAbwBuACAAdgDk +AGwAagBhAHMAdABhAHQAdQBkACAAQQBTAC0AaQBzACAAUwBlAHIAdABpAGYAaQB0 +AHMAZQBlAHIAaQBtAGkAcwBrAGUAcwBrAHUAcwAgAGEAbABhAG0ALQBTAEsAIABz +AGUAcgB0AGkAZgBpAGsAYQBhAHQAaQBkAGUAIABrAGkAbgBuAGkAdABhAG0AaQBz +AGUAawBzMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNrLmVlL2Nwcy8wKwYDVR0f +BCQwIjAgoB6gHIYaaHR0cDovL3d3dy5zay5lZS9qdXVyL2NybC8wHQYDVR0OBBYE +FASqekej5ImvGs8KQKcYP2/v6X2+MB8GA1UdIwQYMBaAFASqekej5ImvGs8KQKcY +P2/v6X2+MA4GA1UdDwEB/wQEAwIB5jANBgkqhkiG9w0BAQUFAAOCAQEAe8EYlFOi +CfP+JmeaUOTDBS8rNXiRTHyoERF5TElZrMj3hWVcRrs7EKACr81Ptcw2Kuxd/u+g +kcm2k298gFTsxwhwDY77guwqYHhpNjbRxZyLabVAyJRld/JXIWY7zoVAtjNjGr95 +HvxcHdMdkxuLDF2FvZkwMhgJkVLpfKG6/2SSmuz+Ne6ML678IIbsSt4beDI3poHS +na9aEhbKmVv8b20OxaAehsmR0FyYgl9jDIpaq9iVpszLita/ZEuOyoqysOkhMp6q +qIWYNIE5ITuoOlIyPfZrN4YGWhWY3PARZv40ILcD9EEQfTmEeZZyY7aWAuVrua0Z +TbvGRNs2yyqcjg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 +ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G +CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y +OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx +FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp +Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP +kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc +cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U +fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 +N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC +xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 ++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM +Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG +SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h +mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk +ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c +2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t +HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEFBQAw +cjELMAkGA1UEBhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQKEw1NaWNy +b3NlYyBMdGQuMRQwEgYDVQQLEwtlLVN6aWdubyBDQTEiMCAGA1UEAxMZTWljcm9z +ZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0MDYxMjI4NDRaFw0xNzA0MDYxMjI4 +NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEWMBQGA1UEChMN +TWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temlnbm8gQ0ExIjAgBgNVBAMTGU1p +Y3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDtyADVgXvNOABHzNuEwSFpLHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2u +uO/TEdyB5s87lozWbxXGd36hL+BfkrYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+ +LMsvfUh6PXX5qqAnu3jCBspRwn5mS6/NoqdNAoI/gqyFxuEPkEeZlApxcpMqyabA +vjxWTHOSJ/FrtfX9/DAFYJLG65Z+AZHCabEeHXtTRbjcQR/Ji3HWVBTji1R4P770 +Yjtb9aPs1ZJ04nQw7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJPqW+jqpx +62z69Rrkav17fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcB +AQRbMFkwKAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3Aw +LQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAP +BgNVHRMBAf8EBTADAQH/MIIBcwYDVR0gBIIBajCCAWYwggFiBgwrBgEEAYGoGAIB +AQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3LmUtc3ppZ25vLmh1L1NaU1ov +MIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0AdAB2AOEAbgB5 +ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBzACAAZQBsAGYAbwBn +AGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA4QBsAHQAYQB0APMAIABT +AHoAbwBsAGcA4QBsAHQAYQB0AOEAcwBpACAAUwB6AGEAYgDhAGwAeQB6AGEAdABh +ACAAcwB6AGUAcgBpAG4AdAAgAGsAZQBsAGwAIABlAGwAagDhAHIAbgBpADoAIABo +AHQAdABwADoALwAvAHcAdwB3AC4AZQAtAHMAegBpAGcAbgBvAC4AaAB1AC8AUwBa +AFMAWgAvMIHIBgNVHR8EgcAwgb0wgbqggbeggbSGIWh0dHA6Ly93d3cuZS1zemln +bm8uaHUvUm9vdENBLmNybIaBjmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NOPU1p +Y3Jvc2VjJTIwZS1Temlnbm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxP +PU1pY3Jvc2VjJTIwTHRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZv +Y2F0aW9uTGlzdDtiaW5hcnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuB +EGluZm9AZS1zemlnbm8uaHWkdzB1MSMwIQYDVQQDDBpNaWNyb3NlYyBlLVN6aWdu +w7MgUm9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhTWjEWMBQGA1UEChMNTWlj +cm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhVMIGsBgNV +HSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYDVQQGEwJI +VTERMA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2VjIEx0ZC4xFDAS +BgNVBAsTC2UtU3ppZ25vIENBMSIwIAYDVQQDExlNaWNyb3NlYyBlLVN6aWdubyBS +b290IENBghEAzLjnv04pGv2i3GalHCwPETAdBgNVHQ4EFgQUx6BJdRZhhNsxS4TS +8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMTnGZjWS7KXHAM/IO8VbH0jgds +ZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep1fvj1KcExJW4C+FEaGAHQzAxQmHl +7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopYse7tDk2016g2JnzgOsHVV4Lxdbb9iV/a +86g4nzUGCM4ilb7N1fy+W955a9x6qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfR +hUZLphK3dehKyVZs15KrnfVJONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/ +MPMMNz7UwiiAc7EBt51alhQBS6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG +EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 +MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR +dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB +pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM +b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz +IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT +lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz +AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 +VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG +ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 +BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M +U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh +bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C ++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F +uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 +XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFSzCCBLSgAwIBAgIBaTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCSFUx +ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0 +b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTIwMAYDVQQD +EylOZXRMb2NrIFV6bGV0aSAoQ2xhc3MgQikgVGFudXNpdHZhbnlraWFkbzAeFw05 +OTAyMjUxNDEwMjJaFw0xOTAyMjAxNDEwMjJaMIGZMQswCQYDVQQGEwJIVTERMA8G +A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh +Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxMjAwBgNVBAMTKU5l +dExvY2sgVXpsZXRpIChDbGFzcyBCKSBUYW51c2l0dmFueWtpYWRvMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQCx6gTsIKAjwo84YM/HRrPVG/77uZmeBNwcf4xK +gZjupNTKihe5In+DCnVMm8Bp2GQ5o+2So/1bXHQawEfKOml2mrriRBf8TKPV/riX +iK+IA4kfpPIEPsgHC+b5sy96YhQJRhTKZPWLgLViqNhr1nGTLbO/CVRY7QbrqHvc +Q7GhaQIDAQABo4ICnzCCApswEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8E +BAMCAAYwEQYJYIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1G +SUdZRUxFTSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFu +b3MgU3pvbGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBh +bGFwamFuIGtlc3p1bHQuIEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExv +Y2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGln +aXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0 +IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJh +c2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGph +biBhIGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJo +ZXRvIGF6IGVsbGVub3J6ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBP +UlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmlj +YXRlIGlzIHN1YmplY3QgdG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBo +dHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNA +bmV0bG9jay5uZXQuMA0GCSqGSIb3DQEBBAUAA4GBAATbrowXr/gOkDFOzT4JwG06 +sPgzTEdM43WIEJessDgVkcYplswhwG08pXTP2IKlOcNl40JwuyKQ433bNXbhoLXa +n3BukxowOR0w2y7jfLKRstE3Kfq51hdcR0/jHTjrn9V7lagonhVK0dHQKwCXoOKS +NitjrFgBazMpUIaD8QFI +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFTzCCBLigAwIBAgIBaDANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMCSFUx +ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0 +b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTQwMgYDVQQD +EytOZXRMb2NrIEV4cHJlc3N6IChDbGFzcyBDKSBUYW51c2l0dmFueWtpYWRvMB4X +DTk5MDIyNTE0MDgxMVoXDTE5MDIyMDE0MDgxMVowgZsxCzAJBgNVBAYTAkhVMREw +DwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9u +c2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE0MDIGA1UEAxMr +TmV0TG9jayBFeHByZXNzeiAoQ2xhc3MgQykgVGFudXNpdHZhbnlraWFkbzCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6+ywbGGKIyWvYCDj2Z/8kwvbXY2wobNA +OoLO/XXgeDIDhlqGlZHtU/qdQPzm6N3ZW3oDvV3zOwzDUXmbrVWg6dADEK8KuhRC +2VImESLH0iDMgqSaqf64gXadarfSNnU+sYYJ9m5tfk63euyucYT2BDMIJTLrdKwW +RMbkQJMdf60CAwEAAaOCAp8wggKbMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0P +AQH/BAQDAgAGMBEGCWCGSAGG+EIBAQQEAwIABzCCAmAGCWCGSAGG+EIBDQSCAlEW +ggJNRklHWUVMRU0hIEV6ZW4gdGFudXNpdHZhbnkgYSBOZXRMb2NrIEtmdC4gQWx0 +YWxhbm9zIFN6b2xnYWx0YXRhc2kgRmVsdGV0ZWxlaWJlbiBsZWlydCBlbGphcmFz +b2sgYWxhcGphbiBrZXN6dWx0LiBBIGhpdGVsZXNpdGVzIGZvbHlhbWF0YXQgYSBO +ZXRMb2NrIEtmdC4gdGVybWVrZmVsZWxvc3NlZy1iaXp0b3NpdGFzYSB2ZWRpLiBB +IGRpZ2l0YWxpcyBhbGFpcmFzIGVsZm9nYWRhc2FuYWsgZmVsdGV0ZWxlIGF6IGVs +b2lydCBlbGxlbm9yemVzaSBlbGphcmFzIG1lZ3RldGVsZS4gQXogZWxqYXJhcyBs +ZWlyYXNhIG1lZ3RhbGFsaGF0byBhIE5ldExvY2sgS2Z0LiBJbnRlcm5ldCBob25s +YXBqYW4gYSBodHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIGNpbWVuIHZhZ3kg +a2VyaGV0byBheiBlbGxlbm9yemVzQG5ldGxvY2submV0IGUtbWFpbCBjaW1lbi4g +SU1QT1JUQU5UISBUaGUgaXNzdWFuY2UgYW5kIHRoZSB1c2Ugb2YgdGhpcyBjZXJ0 +aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIHRoZSBOZXRMb2NrIENQUyBhdmFpbGFibGUg +YXQgaHR0cHM6Ly93d3cubmV0bG9jay5uZXQvZG9jcyBvciBieSBlLW1haWwgYXQg +Y3BzQG5ldGxvY2submV0LjANBgkqhkiG9w0BAQQFAAOBgQAQrX/XDDKACtiG8XmY +ta3UzbM2xJZIwVzNmtkFLp++UOv0JhQQLdRmF/iewSf98e3ke0ugbLWrmldwpu2g +pO0u9f38vf5NNwgMvOOWgyL1SRt/Syu0VMGAfJlOHdCM7tCs5ZL6dVb+ZKATj7i4 +Fp1hBWeAyNDYpQcCNJgEjTME1A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhV +MRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMe +TmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0 +dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFzcyBB +KSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oXDTE5MDIxOTIzMTQ0 +N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhC +dWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQu +MRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBL +b3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSMD7tM9DceqQWC2ObhbHDqeLVu0ThEDaiD +zl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZz+qMkjvN9wfcZnSX9EUi +3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC/tmwqcm8 +WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LY +Oph7tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2Esi +NCubMvJIH5+hCoR64sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCC +ApswDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4 +QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxFTSEgRXplbiB0 +YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pvbGdhbHRhdGFz +aSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu +IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtm +ZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMg +ZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVs +amFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJhc2EgbWVndGFsYWxoYXRv +IGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3 +Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6 +ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1 +YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3Qg +dG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRs +b2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0G +CSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5ayZrU3/b39/zcT0mwBQO +xmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjPytoUMaFP +0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQ +QeJBCWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxk +f1qbFFgBJ34TUMdrKuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK +8CtmdWOMovsEPoMOmzbwGOQmIMOM8CgHrTwXZoi1/baI +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIG0TCCBbmgAwIBAgIBezANBgkqhkiG9w0BAQUFADCByTELMAkGA1UEBhMCSFUx +ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0 +b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMUIwQAYDVQQD +EzlOZXRMb2NrIE1pbm9zaXRldHQgS296amVneXpvaSAoQ2xhc3MgUUEpIFRhbnVz +aXR2YW55a2lhZG8xHjAcBgkqhkiG9w0BCQEWD2luZm9AbmV0bG9jay5odTAeFw0w +MzAzMzAwMTQ3MTFaFw0yMjEyMTUwMTQ3MTFaMIHJMQswCQYDVQQGEwJIVTERMA8G +A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh +Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxQjBABgNVBAMTOU5l +dExvY2sgTWlub3NpdGV0dCBLb3pqZWd5em9pIChDbGFzcyBRQSkgVGFudXNpdHZh +bnlraWFkbzEeMBwGCSqGSIb3DQEJARYPaW5mb0BuZXRsb2NrLmh1MIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1Ilstg91IRVCacbvWy5FPSKAtt2/Goq +eKvld/Bu4IwjZ9ulZJm53QE+b+8tmjwi8F3JV6BVQX/yQ15YglMxZc4e8ia6AFQe +r7C8HORSjKAyr7c3sVNnaHRnUPYtLmTeriZ539+Zhqurf4XsoPuAzPS4DB6TRWO5 +3Lhbm+1bOdRfYrCnjnxmOCyqsQhjF2d9zL2z8cM/z1A57dEZgxXbhxInlrfa6uWd +vLrqOU+L73Sa58XQ0uqGURzk/mQIKAR5BevKxXEOC++r6uwSEaEYBTJp0QwsGj0l +mT+1fMptsK6ZmfoIYOcZwvK9UdPM0wKswREMgM6r3JSda6M5UzrWhQIDAMV9o4IC +wDCCArwwEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAQYwggJ1Bglg +hkgBhvhCAQ0EggJmFoICYkZJR1lFTEVNISBFemVuIHRhbnVzaXR2YW55IGEgTmV0 +TG9jayBLZnQuIE1pbm9zaXRldHQgU3pvbGdhbHRhdGFzaSBTemFiYWx5emF0YWJh +biBsZWlydCBlbGphcmFzb2sgYWxhcGphbiBrZXN6dWx0LiBBIG1pbm9zaXRldHQg +ZWxla3Ryb25pa3VzIGFsYWlyYXMgam9naGF0YXMgZXJ2ZW55ZXN1bGVzZW5laywg +dmFsYW1pbnQgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYSBNaW5vc2l0ZXR0IFN6 +b2xnYWx0YXRhc2kgU3phYmFseXphdGJhbiwgYXogQWx0YWxhbm9zIFN6ZXJ6b2Rl +c2kgRmVsdGV0ZWxla2JlbiBlbG9pcnQgZWxsZW5vcnplc2kgZWxqYXJhcyBtZWd0 +ZXRlbGUuIEEgZG9rdW1lbnR1bW9rIG1lZ3RhbGFsaGF0b2sgYSBodHRwczovL3d3 +dy5uZXRsb2NrLmh1L2RvY3MvIGNpbWVuIHZhZ3kga2VyaGV0b2sgYXogaW5mb0Bu +ZXRsb2NrLm5ldCBlLW1haWwgY2ltZW4uIFdBUk5JTkchIFRoZSBpc3N1YW5jZSBh +bmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGFyZSBzdWJqZWN0IHRvIHRo +ZSBOZXRMb2NrIFF1YWxpZmllZCBDUFMgYXZhaWxhYmxlIGF0IGh0dHBzOi8vd3d3 +Lm5ldGxvY2suaHUvZG9jcy8gb3IgYnkgZS1tYWlsIGF0IGluZm9AbmV0bG9jay5u +ZXQwHQYDVR0OBBYEFAlqYhaSsFq7VQ7LdTI6MuWyIckoMA0GCSqGSIb3DQEBBQUA +A4IBAQCRalCc23iBmz+LQuM7/KbD7kPgz/PigDVJRXYC4uMvBcXxKufAQTPGtpvQ +MznNwNuhrWw3AkxYQTvyl5LGSKjN5Yo5iWH5Upfpvfb5lHTocQ68d4bDBsxafEp+ +NFAwLvt/MpqNPfMgW/hqyobzMUwsWYACff44yTB1HLdV47yfuqhthCgFdbOLDcCR +VCHnpgu0mfVRQdzNo0ci2ccBgcTcR08m6h/t280NmPSjnLRzMkqWmf68f8glWPhY +83ZmiVSkpj7EUFy6iRiCdUgh0k8T6GB+B3bbELVR5qq5aKrN9p2QdRLqOBrKROi3 +macqaJVmlaut74nLYKkGEsaUR+ko +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV +UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO +ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz +c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP +OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl +mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF +BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 +qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw +gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu +bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp +dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 +6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ +h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH +/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN +pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB +ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly +aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w +NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G +A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX +SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR +VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 +w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF +mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg +4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 +4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw +EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx +SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 +ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 +vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa +hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi +Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ +/L7fCg0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa +GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg +Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J +WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB +rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp ++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 +ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i +Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz +PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og +/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH +oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI +yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud +EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 +A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL +MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f +BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn +g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl +fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K +WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha +B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc +hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR +TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD +mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z +ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y +4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza +8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB +4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr +H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd +8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv +vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT +mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe +btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc +T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt +WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ +c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A +4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD +VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG +CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 +aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu +dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw +czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G +A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg +Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 +7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem +d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd ++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B +4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN +t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x +DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 +k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s +zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j +Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT +mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK +4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz +MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw +IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR +dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp +li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D +rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ +WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug +F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU +xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC +Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv +dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw +ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl +IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh +c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy +ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI +KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T +KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq +y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p +dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD +VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk +fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 +7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R +cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y +mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW +xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK +SnQ2+Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 +IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz +BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y +aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG +9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy +NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y +azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs +YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw +Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl +cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD +cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs +2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY +JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE +Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ +n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A +PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6 +MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp +dHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAX +BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAy +MDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt49VcdKA3Xtp +eafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7Jylg +/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGl +wSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnh +AMFRD0xS+ARaqn1y07iHKrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2 +PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpu +AWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NR +MKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYc +HnmYv/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/ +Zb5gEydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+ +f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVO +rSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEkllgVsRch +6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kApKnXwiJPZ9d3 +7CAFYd4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx +MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg +Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ +iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa +/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ +jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI +HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 +sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w +gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw +KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG +AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L +URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO +H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm +I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY +iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr +MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG +A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 +MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp +Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD +QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz +i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 +h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV +MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 +UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni +8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC +h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm +KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ +X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr +QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 +pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN +QSdJQO7e5iNEOdyhIta6A/I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz +MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv +cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz +Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO +0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao +wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj +7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS +8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT +BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg +JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 +6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ +3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm +D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS +CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMh +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIz +MloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09N +IFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNlY3VyaXR5IENvbW11 +bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSE +RMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gO +zXppFodEtZDkBp2uoQSXWHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5 +bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDF +MxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1 +VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eC +OKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G +CSqGSIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HW +tWS3irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ +q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDb +EJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF75x3sM3Z+ +Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEWT1MKZPlO9L9O +VL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY +MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t +dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 +WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD +VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 +9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ +DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 +Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N +QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ +xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G +A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG +kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr +Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 +Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU +JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot +RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBJDANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP +MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MxIENBMB4XDTAx +MDQwNjEwNDkxM1oXDTIxMDQwNjEwNDkxM1owOTELMAkGA1UEBhMCRkkxDzANBgNV +BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMSBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALWJHytPZwp5/8Ue+H887dF+2rDNbS82rDTG +29lkFwhjMDMiikzujrsPDUJVyZ0upe/3p4zDq7mXy47vPxVnqIJyY1MPQYx9EJUk +oVqlBvqSV536pQHydekfvFYmUk54GWVYVQNYwBSujHxVX3BbdyMGNpfzJLWaRpXk +3w0LBUXl0fIdgrvGE+D+qnr9aTCU89JFhfzyMlsy3uhsXR/LpCJ0sICOXZT3BgBL +qdReLjVQCfOAl/QMF6452F/NM8EcyonCIvdFEu1eEpOdY6uCLrnrQkFEy0oaAIIN +nvmLVz5MxxftLItyM19yejhW1ebZrgUaHXVFsculJRwSVzb9IjcCAwEAAaMzMDEw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIR+IMi/ZTiFIwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4IBAQCLGrLJXWG04bkruVPRsoWdd44W7hE928Jj2VuX +ZfsSZ9gqXLar5V7DtxYvyOirHYr9qxp81V9jz9yw3Xe5qObSIjiHBxTZ/75Wtf0H +DjxVyhbMp6Z3N/vbXB9OWQaHowND9Rart4S9Tu+fMTfwRvFAttEMpWT4Y14h21VO +TzF2nBBhjrZTOqMRvq9tfB69ri3iDGnHhVNoomG6xT60eVR4ngrHAr5i0RGCS2Uv +kVrCqIexVmiUefkl98HVrhq4uz2PqYo4Ffdz0Fpg0YCw8NzVUM1O7pJIae2yIx4w +zMiUyLb1O4Z/P6Yun/Y+LLWSlj7fLJOK/4GMDw9ZIRlXvVWa +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP +MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx +MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV +BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o +Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt +5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s +3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej +vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu +8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil +zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ +3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD +FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 +Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 +ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJO +TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEy +MTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4wHAYDVQQKExVTdGFhdCBkZXIgTmVk +ZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFtvszn +ExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw71 +9tV2U02PjLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MO +hXeiD+EwR+4A5zN9RGcaC1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+U +tFE5A3+y3qcym7RHjm+0Sq7lr7HcsBthvJly3uSJt3omXdozSVtSnA71iq3DuD3o +BmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn622r+I/q85Ej0ZytqERAh +SQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRVHSAAMDww +OgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMv +cm9vdC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA +7Jbg0zTBLL9s+DANBgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k +/rvuFbQvBgwp8qiSpGEN/KtcCFtREytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzm +eafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbwMVcoEoJz6TMvplW0C5GUR5z6 +u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3ynGQI0DvDKcWy +7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR +iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX +DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 +qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp +uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU +Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE +pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp +5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M +UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN +GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy +5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv +6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK +eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 +B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ +BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov +L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG +SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS +CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen +5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 +IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK +gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL ++63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL +vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm +bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk +N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC +Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z +ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW +MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg +Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9 +MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi +U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh +cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk +pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf +OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C +Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT +Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi +HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM +Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w ++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ +Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 +Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B +26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID +AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE +FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j +ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js +LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM +BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0 +Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy +dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh +cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh +YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg +dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp +bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ +YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT +TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ +9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8 +jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW +FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz +ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 +ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L +EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu +L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq +yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC +O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V +um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh +NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEezCCA2OgAwIBAgIQNxkY5lNUfBq1uMtZWts1tzANBgkqhkiG9w0BAQUFADCB +rjELMAkGA1UEBhMCREUxIDAeBgNVBAgTF0JhZGVuLVd1ZXJ0dGVtYmVyZyAoQlcp +MRIwEAYDVQQHEwlTdHV0dGdhcnQxKTAnBgNVBAoTIERldXRzY2hlciBTcGFya2Fz +c2VuIFZlcmxhZyBHbWJIMT4wPAYDVQQDEzVTLVRSVVNUIEF1dGhlbnRpY2F0aW9u +IGFuZCBFbmNyeXB0aW9uIFJvb3QgQ0EgMjAwNTpQTjAeFw0wNTA2MjIwMDAwMDBa +Fw0zMDA2MjEyMzU5NTlaMIGuMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4t +V3VlcnR0ZW1iZXJnIChCVykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMg +RGV1dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxPjA8BgNVBAMTNVMtVFJV +U1QgQXV0aGVudGljYXRpb24gYW5kIEVuY3J5cHRpb24gUm9vdCBDQSAyMDA1OlBO +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bVKwdMz6tNGs9HiTNL1 +toPQb9UY6ZOvJ44TzbUlNlA0EmQpoVXhOmCTnijJ4/Ob4QSwI7+Vio5bG0F/WsPo +TUzVJBY+h0jUJ67m91MduwwA7z5hca2/OnpYH5Q9XIHV1W/fuJvS9eXLg3KSwlOy +ggLrra1fFi2SU3bxibYs9cEv4KdKb6AwajLrmnQDaHgTncovmwsdvs91DSaXm8f1 +XgqfeN+zvOyauu9VjxuapgdjKRdZYgkqeQd3peDRF2npW932kKvimAoA0SVtnteF +hy+S8dF2g08LOlk3KC8zpxdQ1iALCvQm+Z845y2kuJuJja2tyWp9iRe79n+Ag3rm +7QIDAQABo4GSMIGPMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEG +MCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTVFJvbmxpbmUxLTIwNDgtNTAdBgNV +HQ4EFgQUD8oeXHngovMpttKFswtKtWXsa1IwHwYDVR0jBBgwFoAUD8oeXHngovMp +ttKFswtKtWXsa1IwDQYJKoZIhvcNAQEFBQADggEBAK8B8O0ZPCjoTVy7pWMciDMD +pwCHpB8gq9Yc4wYfl35UvbfRssnV2oDsF9eK9XvCAPbpEW+EoFolMeKJ+aQAPzFo +LtU96G7m1R08P7K9n3frndOMusDXtk3sU5wPBG7qNWdX4wple5A64U8+wwCSersF +iXOMy6ZNwPv2AtawB6MDwidAnwzkhYItr5pCHdDHjfhA7p0GVxzZotiAFP7hYy0y +h9WUUpY6RsZxlj33mA6ykaqP2vROJAA5VeitF7nTNCtKqUDMFypVZUF0Qn71wK/I +k63yGFs9iQzbRzkk+OBM8h+wPQrKBU6JIRrjKpms/H+h8Q8bHz2eBIPdltkdOpQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk +MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 +YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg +Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT +AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp +Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9 +m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih +FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/ +TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F +EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco +kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu +HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF +vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo +19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC +L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW +bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX +JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw +FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j +BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc +K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf +ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik +Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB +sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e +3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR +ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip +mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH +b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf +rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms +hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y +zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6 +MBr1mmz0DlP5OlvRHA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln +biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF +MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT +d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 +76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ +bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c +6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE +emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd +MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt +MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y +MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y +FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi +aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM +gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB +qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 +lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn +8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 +45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO +UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 +O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC +bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv +GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a +77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC +hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 +92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp +Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w +ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt +Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu +IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw +WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD +ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y +IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn +IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+ +6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob +jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw +izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl ++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY +zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP +pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF +KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW +ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB +AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0 +ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW +IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA +A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0 +uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+ +FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7 +jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/ +u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D +YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1 +puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa +icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG +DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x +kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z +Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu +IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow +RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY +U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv +Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br +YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF +nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH +6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt +eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ +c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ +MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH +HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf +jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 +5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB +rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c +wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB +AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp +WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 +xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ +2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ +IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 +aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X +em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR +dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ +OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ +hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy +tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/ +MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow +PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR +IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q +gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy +yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts +F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2 +jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx +ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC +VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK +YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH +EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN +Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud +DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE +MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK +UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ +TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf +qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK +ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE +JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7 +hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1 +EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm +nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX +udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz +ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe +LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl +pYYsfPQS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIOLmoAAQACH9dSISwRXDswDQYJKoZIhvcNAQEFBQAwdjEL +MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV +BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExJTAjBgNVBAMTHFRDIFRydXN0 +Q2VudGVyIENsYXNzIDIgQ0EgSUkwHhcNMDYwMTEyMTQzODQzWhcNMjUxMjMxMjI1 +OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i +SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQTElMCMGA1UEAxMc +VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAKuAh5uO8MN8h9foJIIRszzdQ2Lu+MNF2ujhoF/RKrLqk2jf +tMjWQ+nEdVl//OEd+DFwIxuInie5e/060smp6RQvkL4DUsFJzfb95AhmC1eKokKg +uNV/aVyQMrKXDcpK3EY+AlWJU+MaWss2xgdW94zPEfRMuzBwBJWl9jmM/XOBCH2J +XjIeIqkiRUuwZi4wzJ9l/fzLganx4Duvo4bRierERXlQXa7pIXSSTYtZgo+U4+lK +8edJsBTj9WLL1XK9H7nSn6DNqPoByNkN39r8R52zyFTfSUrxIan+GE7uSNQZu+99 +5OKdy1u2bv/jzVrndIIFuoAlOMvkaZ6vQaoahPUCAwEAAaOCATQwggEwMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTjq1RMgKHbVkO3 +kUrL84J6E1wIqzCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy +dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18yX2NhX0lJLmNybIaBn2xkYXA6 +Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz +JTIwMiUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290 +Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u +TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAjNfffu4bgBCzg/XbEeprS6iS +GNn3Bzn1LL4GdXpoUxUc6krtXvwjshOg0wn/9vYua0Fxec3ibf2uWWuFHbhOIprt +ZjluS5TmVfwLG4t3wVMTZonZKNaL80VKY7f9ewthXbhtvsPcW3nS7Yblok2+XnR8 +au0WOB9/WIFaGusyiC2y8zl3gK9etmF1KdsjTYjKUCjLhdLTEKJZbtOTVAB6okaV +hgWcqRmY5TFyDADiZ9lA4CQze28suVyrZZ0srHbqNZn1l7kPJOzHdiEoZa5X6AeI +dUpWoNIFOqTmjZKILPPy4cHGYdtBxceb9w4aUUXCYWvcZCcXjFq32nQozZfkvQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAwdjEL +MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV +BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExJTAjBgNVBAMTHFRDIFRydXN0 +Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYwMTEyMTQ0MTU3WhcNMjUxMjMxMjI1 +OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i +SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTElMCMGA1UEAxMc +VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBALTgu1G7OVyLBMVMeRwjhjEQY0NVJz/GRcekPewJDRoeIMJW +Ht4bNwcwIi9v8Qbxq63WyKthoy9DxLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+Q +Vl/NHE1bWEnrDgFPZPosPIlY2C8u4rBo6SI7dYnWRBpl8huXJh0obazovVkdKyT2 +1oQDZogkAHhg8fir/gKya/si+zXmFtGt9i4S5Po1auUZuV3bOx4a+9P/FRQI2Alq +ukWdFHlgfa9Aigdzs5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk2ZyqBwi1 +Rb3R0DHBq1SfqdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NX +XAek0CSnwPIA1DCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy +dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18zX2NhX0lJLmNybIaBn2xkYXA6 +Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz +JTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290 +Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u +TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDkcPcGIEPZIxpC8vijsrlN +irTzwppVMXzEO2eatN9NDoqTSheLG43KieHPOh6sHfGcMrSOWXaiQYUlN6AT0PV8 +TtXqluJucsG7Kv5sbviRmEb8yRtXW+rIGjs/sFGYPAfaLFkB2otE6OF0/ado3VS6 +g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL2NV9IJqDnxrcOfHFcqMRA/07QlIp2+gB +95tejNaNhk4Z+rwcvsUhpYeeeC422wlxo3I0+GzjBgnyXlal092Y+tTmBvTwtiBj +S+opvaqCZh77gaqnN60TGOaSw4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc5A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIOHaIAAQAC7LdggHiNtgYwDQYJKoZIhvcNAQEFBQAweTEL +MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNV +BAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEmMCQGA1UEAxMdVEMgVHJ1 +c3RDZW50ZXIgVW5pdmVyc2FsIENBIEkwHhcNMDYwMzIyMTU1NDI4WhcNMjUxMjMx +MjI1OTU5WjB5MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIg +R21iSDEkMCIGA1UECxMbVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBMSYwJAYD +VQQDEx1UQyBUcnVzdENlbnRlciBVbml2ZXJzYWwgQ0EgSTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKR3I5ZEr5D0MacQ9CaHnPM42Q9e3s9B6DGtxnSR +JJZ4Hgmgm5qVSkr1YnwCqMqs+1oEdjneX/H5s7/zA1hV0qq34wQi0fiU2iIIAI3T +fCZdzHd55yx4Oagmcw6iXSVphU9VDprvxrlE4Vc93x9UIuVvZaozhDrzznq+VZeu +jRIPFDPiUHDDSYcTvFHe15gSWu86gzOSBnWLknwSaHtwag+1m7Z3W0hZneTvWq3z +wZ7U10VOylY0Ibw+F1tvdwxIAUMpsN0/lm7mlaoMwCC2/T42J5zjXM9OgdwZu5GQ +fezmlwQek8wiSdeXhrYTCjxDI3d+8NzmzSQfO4ObNDqDNOMCAwEAAaNjMGEwHwYD +VR0jBBgwFoAUkqR1LKSevoFE63n8isWVpesQdXMwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFJKkdSyknr6BROt5/IrFlaXrEHVzMA0G +CSqGSIb3DQEBBQUAA4IBAQAo0uCG1eb4e/CX3CJrO5UUVg8RMKWaTzqwOuAGy2X1 +7caXJ/4l8lfmXpWMPmRgFVp/Lw0BxbFg/UU1z/CyvwbZ71q+s2IhtNerNXxTPqYn +8aEt2hojnczd7Dwtnic0XQ/CNnm8yUpiLe1r2X1BQ3y2qsrtYbE3ghUJGooWMNjs +ydZHcnhLEEYUjl8Or+zHL6sQ17bxbuyGssLoDZJz3KL0Dzq/YSMQiZxIQG5wALPT +ujdEWBF6AmqI8Dc08BnprNRlc/ZpjGSUOnmFKbAWKwyCPwacx/0QK54PLLae4xW/ +2TYcuiUaUj0a7CIMHOCkoj3w6DnPgcB77V0fb8XQC9eY +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID4TCCAsmgAwIBAgIOYyUAAQACFI0zFQLkbPQwDQYJKoZIhvcNAQEFBQAwezEL +MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNV +BAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEoMCYGA1UEAxMfVEMgVHJ1 +c3RDZW50ZXIgVW5pdmVyc2FsIENBIElJSTAeFw0wOTA5MDkwODE1MjdaFw0yOTEy +MzEyMzU5NTlaMHsxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRl +ciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRlciBVbml2ZXJzYWwgQ0ExKDAm +BgNVBAMTH1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQSBJSUkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC2pxisLlxErALyBpXsq6DFJmzNEubkKLF +5+cvAqBNLaT6hdqbJYUtQCggbergvbFIgyIpRJ9Og+41URNzdNW88jBmlFPAQDYv +DIRlzg9uwliT6CwLOunBjvvya8o84pxOjuT5fdMnnxvVZ3iHLX8LR7PH6MlIfK8v +zArZQe+f/prhsq75U7Xl6UafYOPfjdN/+5Z+s7Vy+EutCHnNaYlAJ/Uqwa1D7KRT +yGG299J5KmcYdkhtWyUB0SbFt1dpIxVbYYqt8Bst2a9c8SaQaanVDED1M4BDj5yj +dipFtK+/fz6HP3bFzSreIMUWWMv5G/UPyw0RUmS40nZid4PxWJ//AgMBAAGjYzBh +MB8GA1UdIwQYMBaAFFbn4VslQ4Dg9ozhcbyO5YAvxEjiMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRW5+FbJUOA4PaM4XG8juWAL8RI +4jANBgkqhkiG9w0BAQUFAAOCAQEAg8ev6n9NCjw5sWi+e22JLumzCecYV42Fmhfz +dkJQEw/HkG8zrcVJYCtsSVgZ1OK+t7+rSbyUyKu+KGwWaODIl0YgoGhnYIg5IFHY +aAERzqf2EQf27OysGh+yZm5WZ2B6dF7AbZc2rrUNXWZzwCUyRdhKBgePxLcHsU0G +DeGl6/R1yrqc0L2z0zIkTO5+4nYES0lT2PLpVDP85XEfPRRclkvxOvIAu2y0+pZV +CIgJwcyRGSmwIC3/yzikQOEXvnlhgP8HA4ZMTnsGnxGGjYnuJ8Tb4rwZjgvDwxPH +LQNjO9Po5KIqwoIIlBZU8O8fJ5AluA0OKBtHd0e9HKgl8ZS0Zg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJE +SzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQg +Um9vdCBDQTAeFw0wMTA0MDUxNjMzMTdaFw0yMTA0MDUxNzAzMTdaMEMxCzAJBgNV +BAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRl +cm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLhA +vJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20jxsNu +Zp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a +0vnRrEvLznWv3Hv6gXPU/Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc1 +4izbSysseLlJ28TQx5yc5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGN +eGlVRGn1ypYcNIUXJXfi9i8nmHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcD +R0G2l8ktCkEiu7vmpwIDAQABo4IBJTCCASEwEQYJYIZIAYb4QgEBBAQDAgAHMGUG +A1UdHwReMFwwWqBYoFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMMVERDIElu +dGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxME +Q1JMMTArBgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3 +WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAw +HQYDVR0OBBYEFGxkAcf9hW2syNqeUAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8wHQYJ +KoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBO +Q8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540mgwV5dOy0uaOX +wTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKsLtB9KOy282A4aW8+ +2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7TmHnaCB4Mb7j4Fifvwm89 +9qNLPg7kbWzbO0ESm70NRyN/PErQr8Cv9u8btRXE64PECV90i9kR+8JWsTz4cMo0 +jUNAE4z9mQNUecYu6oah9jrUCbz0vGbMPVjQV0kK7iXiQe4T+Zs4NNEA9X7nlB38 +aQNiuJkFBT1reBK9sG9l +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFGTCCBAGgAwIBAgIEPki9xDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJE +SzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzAyMTEw +ODM5MzBaFw0zNzAyMTEwOTA5MzBaMDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNU +REMxFDASBgNVBAMTC1REQyBPQ0VTIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEArGL2YSCyz8DGhdfjeebM7fI5kqSXLmSjhFuHnEz9pPPEXyG9VhDr +2y5h7JNp46PMvZnDBfwGuMo2HP6QjklMxFaaL1a8z3sM8W9Hpg1DTeLpHTk0zY0s +2RKY+ePhwUp8hjjEqcRhiNJerxomTdXkoCJHhNlktxmW/OwZ5LKXJk5KTMuPJItU +GBxIYXvViGjaXbXqzRowwYCDdlCqT9HU3Tjw7xb04QxQBr/q+3pJoSgrHPb8FTKj +dGqPqcNiKXEx5TukYBdedObaE+3pHx8b0bJoc8YQNHVGEBDjkAB2QMuLt0MJIf+r +TpPGWOmlgtt3xDqZsXKVSQTwtyv6e1mO3QIDAQABo4ICNzCCAjMwDwYDVR0TAQH/ +BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgewGA1UdIASB5DCB4TCB3gYIKoFQgSkB +AQEwgdEwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBv +c2l0b3J5MIGdBggrBgEFBQcCAjCBkDAKFgNUREMwAwIBARqBgUNlcnRpZmlrYXRl +ciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMi4yMDguMTY5LjEu +MS4xLiBDZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIg +T0lEIDEuMi4yMDguMTY5LjEuMS4xLjARBglghkgBhvhCAQEEBAMCAAcwgYEGA1Ud +HwR6MHgwSKBGoESkQjBAMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYD +VQQDEwtUREMgT0NFUyBDQTENMAsGA1UEAxMEQ1JMMTAsoCqgKIYmaHR0cDovL2Ny +bC5vY2VzLmNlcnRpZmlrYXQuZGsvb2Nlcy5jcmwwKwYDVR0QBCQwIoAPMjAwMzAy +MTEwODM5MzBagQ8yMDM3MDIxMTA5MDkzMFowHwYDVR0jBBgwFoAUYLWF7FZkfhIZ +J2cdUBVLc647+RIwHQYDVR0OBBYEFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GCSqG +SIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEACrom +JkbTc6gJ82sLMJn9iuFXehHTuJTXCRBuo7E4A9G28kNBKWKnctj7fAXmMXAnVBhO +inxO5dHKjHiIzxvTkIvmI/gLDjNDfZziChmPyQE+dF10yYscA+UYyAFMP8uXBV2Y +caaYb7Z8vTd/vuGTJW1v8AqtFxjhA7wHKcitJuj4YfD9IQl+mo6paH1IYnK9AOoB +mbgGglGBTvH1tJFUuSN6AJqfXY3gPGS5GhKSKseCRHI53OI8xthV9RVOyAUO28bQ +YqbsFbS1AoLbrIyigfCbmTH1ICCoiGEKB5+U/NDXG8wuF/MEJ3Zn61SD/aSQfgY9 +BKNDLdr8C2LqL19iUw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD +VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv +biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy +dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t +MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB +MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG +A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp +b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl +cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv +bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE +VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ +ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR +uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI +hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM +pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB +qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV +BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw +NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j +LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG +A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs +W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta +3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk +6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 +Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J +NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP +r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU +DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz +YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX +xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 +/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ +LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 +jVaMaA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp +IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi +BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw +MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh +d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig +YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v +dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ +BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 +papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K +DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 +KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox +XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB +rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV +BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa +Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl +LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u +MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm +gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 +YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf +b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 +9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S +zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk +OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA +2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW +oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c +KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM +m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu +MdRAGmI0Nj81Aa6sY6A= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD +VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv +biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm +MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx +MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT +DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3 +dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl +cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3 +DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91 +yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX +L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj +EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG +7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e +QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ +qdq5snUb9kLy78fyGPmJvKP/iiMucEc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRS +MRgwFgYDVQQHDA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJp +bGltc2VsIHZlIFRla25vbG9qaWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSw +VEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ryb25payB2ZSBLcmlwdG9sb2ppIEFy +YcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNVBAsMGkthbXUgU2Vy +dGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUgS8O2 +ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAe +Fw0wNzA4MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIx +GDAWBgNVBAcMD0dlYnplIC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmls +aW1zZWwgdmUgVGVrbm9sb2ppayBBcmHFn3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBU +QUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZlIEtyaXB0b2xvamkgQXJh +xZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2FtdSBTZXJ0 +aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7Zr +IFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4h +gb46ezzb8R1Sf1n68yJMlaCQvEhOEav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yK +O7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1xnnRFDDtG1hba+818qEhTsXO +fJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR6Oqeyjh1jmKw +lZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL +hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQID +AQABo0IwQDAdBgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmP +NOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4N5EY3ATIZJkrGG2AA1nJrvhY0D7t +wyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLTy9LQQfMmNkqblWwM +7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYhLBOh +gLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5n +oN+J1q2MdqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUs +yZyQ2uypQjyttgI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID+zCCAuOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtzE/MD0GA1UEAww2VMOc +UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx +c8SxMQswCQYDVQQGDAJUUjEPMA0GA1UEBwwGQU5LQVJBMVYwVAYDVQQKDE0oYykg +MjAwNSBUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8 +dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjAeFw0wNTA1MTMxMDI3MTdaFw0xNTAz +MjIxMDI3MTdaMIG3MT8wPQYDVQQDDDZUw5xSS1RSVVNUIEVsZWt0cm9uaWsgU2Vy +dGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLExCzAJBgNVBAYMAlRSMQ8wDQYD +VQQHDAZBTktBUkExVjBUBgNVBAoMTShjKSAyMDA1IFTDnFJLVFJVU1QgQmlsZ2kg +xLBsZXRpxZ9pbSB2ZSBCaWxpxZ9pbSBHw7x2ZW5sacSfaSBIaXptZXRsZXJpIEEu +xZ4uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylIF1mMD2Bxf3dJ7 +XfIMYGFbazt0K3gNfUW9InTojAPBxhEqPZW8qZSwu5GXyGl8hMW0kWxsE2qkVa2k +heiVfrMArwDCBRj1cJ02i67L5BuBf5OI+2pVu32Fks66WJ/bMsW9Xe8iSi9BB35J +YbOG7E6mQW6EvAPs9TscyB/C7qju6hJKjRTP8wrgUDn5CDX4EVmt5yLqS8oUBt5C +urKZ8y1UiBAG6uEaPj1nH/vO+3yC6BFdSsG5FOpU2WabfIl9BJpiyelSPJ6c79L1 +JuTm5Rh8i27fbMx4W09ysstcP4wFjdFMjK2Sx+F4f2VsSQZQLJ4ywtdKxnWKWU51 +b0dewQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAV +9VX/N5aAWSGk/KEVTCD21F/aAyT8z5Aa9CEKmu46sWrv7/hg0Uw2ZkUd82YCdAR7 +kjCo3gp2D++Vbr3JN+YaDayJSFvMgzbC9UZcWYJWtNX+I7TYVBxEq8Sn5RTOPEFh +fEPmzcSBCYsk+1Ql1haolgxnB2+zUEfjHCQo3SqYpGH+2+oSN7wBGjSFvW5P55Fy +B0SFHljKVETd96y5y4khctuPwGkplyqjrhgjlxxBKot8KsF8kOipKMDTkcatKIdA +aLX/7KfS0zgYnNN9aV3wxqUeJBujR/xpB2jn5Jq07Q+hh4cCzofSSE7hvP/L8XKS +RGQDJereW26fyfJOrN3H +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvjE/MD0GA1UEAww2VMOc +UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx +c8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xS +S1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kg +SGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUwHhcNMDUxMTA3MTAwNzU3 +WhcNMTUwOTE2MTAwNzU3WjCBvjE/MD0GA1UEAww2VMOcUktUUlVTVCBFbGVrdHJv +bmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJU +UjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSw +bGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWe +LiAoYykgS2FzxLFtIDIwMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCpNn7DkUNMwxmYCMjHWHtPFoylzkkBH3MOrHUTpvqeLCDe2JAOCtFp0if7qnef +J1Il4std2NiDUBd9irWCPwSOtNXwSadktx4uXyCcUHVPr+G1QRT0mJKIx+XlZEdh +R3n9wFHxwZnn3M5q+6+1ATDcRhzviuyV79z/rxAc653YsKpqhRgNF8k+v/Gb0AmJ +Qv2gQrSdiVFVKc8bcLyEVK3BEx+Y9C52YItdP5qtygy/p1Zbj3e41Z55SZI/4PGX +JHpsmxcPbe9TmJEr5A++WXkHeLuXlfSfadRYhwqp48y2WBmfJiGxxFmNskF1wK1p +zpwACPI2/z7woQ8arBT9pmAPAgMBAAGjQzBBMB0GA1UdDgQWBBTZN7NOBf3Zz58S +Fq62iS/rJTqIHDAPBgNVHQ8BAf8EBQMDBwYAMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQEFBQADggEBAHJglrfJ3NgpXiOFX7KzLXb7iNcX/nttRbj2hWyfIvwq +ECLsqrkw9qtY1jkQMZkpAL2JZkH7dN6RwRgLn7Vhy506vvWolKMiVW4XSf/SKfE4 +Jl3vpao6+XF75tpYHdN0wgH6PmlYX63LaL4ULptswLbcoCb6dxriJNoaN+BnrdFz +gw2lGh1uEpJ+hGIAF728JRhX8tepb1mIvDS3LoV4nZbcFMMsilKbloxSZj2GFotH +uFEJjOp9zYhys2AzsfAKRO8P9Qk3iCQOLGsgOqL6EfJANZxEaGM7rDNvY7wsu/LS +y3Z9fYjYHcgFHW68lKlmjHdxx/qR+i9Rnuk5UrbnBEI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCB +kzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFDb3Jw +IFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBaMIGTMQswCQYDVQQG +EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD +VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cu +dXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6 +E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ +D0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK +4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykq +lXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulW +bfXv33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQAB +o4GrMIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT +MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3Js +LnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUEIzAhBggr +BgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3DQEBBQUAA4IB +AQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft +Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyj +j98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVH +KWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv +2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwPDPafepE39peC4N1xaf92P2BNPM/3 +mfnGV/TJVTl4uix5yaaIK/QI +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB +rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt +Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa +Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV +BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l +dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE +AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B +YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9 +hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l +L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm +SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM +1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws +6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw +Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50 +aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH +AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u +7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0 +xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ +rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim +eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk +USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB +lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt +SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG +A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe +MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v +d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh +cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn +0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ +M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a +MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd +oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI +DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy +oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0 +dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy +bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF +BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM +//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli +CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE +CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t +3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS +KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 +IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz +BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y +aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG +9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy +NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y +azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs +YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw +Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl +cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y +LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+ +TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y +TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0 +LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW +I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw +nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 +IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz +BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y +aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG +9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy +NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y +azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs +YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw +Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl +cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY +dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9 +WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS +v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v +UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu +IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC +W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f +zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi +TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G +CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW +NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV +Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDAjCCAmsCEEzH6qqYPnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcExCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh +c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy +MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp +emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X +DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw +FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMg +UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo +YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 +MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCq0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYK +VdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSm +Fc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQID +AQABMA0GCSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534Vnjty637rXC0J +h9ZrbWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJW2ul +uIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4iP/68 +DzFc6PLZ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4 +nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO +8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV +ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb +PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2 +6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr +n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a +qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4 +wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3 +ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs +pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4 +E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHBMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0Ns +YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +MjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y +aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAe +Fw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTlaMIHBMQswCQYDVQQGEwJVUzEX +MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0NsYXNzIDIgUHVibGlj +IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgGA1UECxMx +KGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAp4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjM +HiwSViy4AWkszJkfrbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjw +DqL7MWzJ5m+ZJwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cC +AwEAATANBgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9ji +nb3/7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX +rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6xRnIn +jBJ7xUS0rg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy +aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s +IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp +Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV +BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp +Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu +Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g +Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU +J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO +JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY +wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o +koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN +qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E +Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe +xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u +7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU +sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI +sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP +cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE +BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is +I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G +CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i +2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ +2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh +c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy +MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp +emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X +DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw +FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg +UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo +YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 +MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4 +pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0 +13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID +AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk +U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i +F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY +oJ2daZH9 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b +N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t +KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu +kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm +CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ +Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu +imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te +2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe +DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p +F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt +TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp +U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg +SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln +biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm +GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve +fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ +aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj +aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW +kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC +4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga +FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 +nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex +t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz +SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG +BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ +rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ +NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH +BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv +MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE +p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y +5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK +WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ +4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N +hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1 +GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ ++mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd +U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm +NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY +ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/ +ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1 +CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq +g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm +fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c +2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/ +bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB +vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W +ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX +MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 +IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y +IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh +bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF +9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH +H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H +LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN +/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT +rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw +WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs +exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud +DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 +sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ +seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz +4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ +BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR +lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 +7M2CYfE45k+XmCpajQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr +MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl +cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv +bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw +CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h +dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l +cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h +2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E +lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV +ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq +299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t +vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL +dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF +AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR +zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 +LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd +7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw +++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt +398znM/jra6O1I7mT1GvFpLgXPYHDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC +VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v +dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0 +MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww +KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G +A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13 +5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE +SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O +JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu +ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE +AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB +AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB +CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw +b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo +7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/ +0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7 +nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx +x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ +33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMx +IDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxs +cyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9v +dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcwNzU0WhcNMjIxMjE0 +MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdl +bGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQD +DC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+r +WxxTkqxtnt3CxC5FlAM1iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjU +Dk/41itMpBb570OYj7OeUt9tkTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcs +HqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNj +z7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFaf +SZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/Slwxl +AgMBAAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqG +KGh0dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P +AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0j +BIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkGA1UEBhMC +VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNX +ZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEB +ALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd +/ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pB +A4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSljqHyita04pO2t/caaH/+Xc/77szWn +k4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9 +iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv +2G0xffX8oRAHh84vWdw+WNs= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB +gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk +MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY +UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx +NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 +dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy +dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 +38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP +KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q +DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 +qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa +JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi +PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs +jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 +eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD +ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR +vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa +IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy +i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ +O+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFTCCA36gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBvjELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UE +ChMfU29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9z +dG1hc3RlcjEgMB4GA1UEAxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJTAjBgkq +hkiG9w0BCQEWFmhvc3RtYXN0ZXJAc3BpLWluYy5vcmcwHhcNMDMwMTE1MTYyOTE3 +WhcNMDcwMTE0MTYyOTE3WjCBvjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0luZGlh +bmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMfU29mdHdhcmUgaW4g +dGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1hc3RlcjEgMB4GA1UE +AxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJTAjBgkqhkiG9w0BCQEWFmhvc3Rt +YXN0ZXJAc3BpLWluYy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPB6 +rdoiLR3RodtM22LMcfwfqb5OrJNl7fwmvskgF7yP6sdD2bOfDIXhg9852jhY8/kL +VOFe1ELAL2OyN4RAxk0rliZQVgeTgqvgkOVIBbNwgnjN6mqtuWzFiPL+NXQExq40 +I3whM+4lEiwSHaV+MYxWanMdhc+kImT50LKfkxcdAgMBAAGjggEfMIIBGzAdBgNV +HQ4EFgQUB63oQR1/vda/G4F6P4xLiN4E0vowgesGA1UdIwSB4zCB4IAUB63oQR1/ +vda/G4F6P4xLiN4E0vqhgcSkgcEwgb4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJ +bmRpYW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMxKDAmBgNVBAoTH1NvZnR3YXJl +IGluIHRoZSBQdWJsaWMgSW50ZXJlc3QxEzARBgNVBAsTCmhvc3RtYXN0ZXIxIDAe +BgNVBAMTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MSUwIwYJKoZIhvcNAQkBFhZo +b3N0bWFzdGVyQHNwaS1pbmMub3JnggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQEEBQADgYEAm/Abn8c2y1nO3fgpAIslxvi9iNBZDhQtJ0VQZY6wgSfANyDOR4DW +iexO/AlorB49KnkFS7TjCAoLOZhcg5FaNiKnlstMI5krQmau1Qnb/vGSNsE/UGms +1ts+QYPUs0KmGEAFUri2XzLy+aQo9Kw74VBvqnxvaaMeY5yMcKNOieY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIIDjCCBfagAwIBAgIJAOiOtsn4KhQoMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD +VQQGEwJVUzEQMA4GA1UECBMHSW5kaWFuYTEVMBMGA1UEBxMMSW5kaWFuYXBvbGlz +MSgwJgYDVQQKEx9Tb2Z0d2FyZSBpbiB0aGUgUHVibGljIEludGVyZXN0MRMwEQYD +VQQLEwpob3N0bWFzdGVyMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkx +JTAjBgkqhkiG9w0BCQEWFmhvc3RtYXN0ZXJAc3BpLWluYy5vcmcwHhcNMDgwNTEz +MDgwNzU2WhcNMTgwNTExMDgwNzU2WjCBvDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMfU29mdHdh +cmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1hc3RlcjEe +MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSUwIwYJKoZIhvcNAQkBFhZo +b3N0bWFzdGVyQHNwaS1pbmMub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEA3DbmR0LCxFF1KYdAw9iOIQbSGE7r7yC9kDyFEBOMKVuUY/b0LfEGQpG5 +GcRCaQi/izZF6igFM0lIoCdDkzWKQdh4s/Dvs24t3dHLfer0dSbTPpA67tfnLAS1 +fOH1fMVO73e9XKKTM5LOfYFIz2u1IiwIg/3T1c87Lf21SZBb9q1NE8re06adU1Fx +Y0b4ShZcmO4tbZoWoXaQ4mBDmdaJ1mwuepiyCwMs43pPx93jzONKao15Uvr0wa8u +jyoIyxspgpJyQ7zOiKmqp4pRQ1WFmjcDeJPI8L20QcgHQprLNZd6ioFl3h1UCAHx +ZFy3FxpRvB7DWYd2GBaY7r/2Z4GLBjXFS21ZGcfSxki+bhQog0oQnBv1b7ypjvVp +/rLBVcznFMn5WxRTUQfqzj3kTygfPGEJ1zPSbqdu1McTCW9rXRTunYkbpWry9vjQ +co7qch8vNGopCsUK7BxAhRL3pqXTT63AhYxMfHMgzFMY8bJYTAH1v+pk1Vw5xc5s +zFNaVrpBDyXfa1C2x4qgvQLCxTtVpbJkIoRRKFauMe5e+wsWTUYFkYBE7axt8Feo ++uthSKDLG7Mfjs3FIXcDhB78rKNDCGOM7fkn77SwXWfWT+3Qiz5dW8mRvZYChD3F +TbxCP3T9PF2sXEg2XocxLxhsxGjuoYvJWdAY4wCAs1QnLpnwFVMCAwEAAaOCAg8w +ggILMB0GA1UdDgQWBBQ0cdE41xU2g0dr1zdkQjuOjVKdqzCB8QYDVR0jBIHpMIHm +gBQ0cdE41xU2g0dr1zdkQjuOjVKdq6GBwqSBvzCBvDELMAkGA1UEBhMCVVMxEDAO +BgNVBAgTB0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMf +U29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1h +c3RlcjEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSUwIwYJKoZIhvcN +AQkBFhZob3N0bWFzdGVyQHNwaS1pbmMub3JnggkA6I62yfgqFCgwDwYDVR0TAQH/ +BAUwAwEB/zARBglghkgBhvhCAQEEBAMCAAcwCQYDVR0SBAIwADAuBglghkgBhvhC +AQ0EIRYfU29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDAwBglghkgBhvhC +AQQEIxYhaHR0cHM6Ly9jYS5zcGktaW5jLm9yZy9jYS1jcmwucGVtMDIGCWCGSAGG ++EIBAwQlFiNodHRwczovL2NhLnNwaS1pbmMub3JnL2NlcnQtY3JsLnBlbTAhBgNV +HREEGjAYgRZob3N0bWFzdGVyQHNwaS1pbmMub3JnMA4GA1UdDwEB/wQEAwIBBjAN +BgkqhkiG9w0BAQUFAAOCAgEAtM294LnqsgMrfjLp3nI/yUuCXp3ir1UJogxU6M8Y +PCggHam7AwIvUjki+RfPrWeQswN/2BXja367m1YBrzXU2rnHZxeb1NUON7MgQS4M +AcRb+WU+wmHo0vBqlXDDxm/VNaSsWXLhid+hoJ0kvSl56WEq2dMeyUakCHhBknIP +qxR17QnwovBc78MKYiC3wihmrkwvLo9FYyaW8O4x5otVm6o6+YI5HYg84gd1GuEP +sTC8cTLSOv76oYnzQyzWcsR5pxVIBcDYLXIC48s9Fmq6ybgREOJJhcyWR2AFJS7v +dVkz9UcZFu/abF8HyKZQth3LZjQl/GaD68W2MEH4RkRiqMEMVObqTFoo5q7Gt/5/ +O5aoLu7HaD7dAD0prypjq1/uSSotxdz70cbT0ZdWUoa2lOvUYFG3/B6bzAKb1B+P ++UqPti4oOxfMxaYF49LTtcYDyeFIQpvLP+QX4P4NAZUJurgNceQJcHdC2E3hQqlg +g9cXiUPS1N2nGLar1CQlh7XU4vwuImm9rWgs/3K1mKoGnOcqarihk3bOsPN/nOHg +T7jYhkalMwIsJWE3KpLIrIF0aGOHM3a9BX9e1dUCbb2v/ypaqknsmHlHU5H2DjRa +yaXG67Ljxay2oHA1u8hRadDytaIybrw/oDc5fHE2pgXfDBLkFqfF1stjo5VwP+YE +o2A= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP +Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr +ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL +MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 +yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr +VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ +nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG +XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj +vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt +Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g +N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC +nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y +YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua +kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL +QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp +6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG +yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i +QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO +tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu +QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ +Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u +olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 +x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz +dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG +A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U +cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf +qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ +JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ ++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS +s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 +HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 +70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG +V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S +qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S +5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia +C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX +OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE +FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 +KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B +8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ +MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc +0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ +u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF +u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH +YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 +GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO +RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e +KeC2uAloGRwYQw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC +VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ +cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ +BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt +VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D +0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 +ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G +A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs +aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I +flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIDAWweMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MDgxNzIyMDAw +MFoXDTE1MDgxNzIyMDAwMFowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM +EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj +lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ +znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH +2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1 +k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs +2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD +VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAVdRU0VlIXLOThaq/Yy/kgM40ozRiPvbY7meIMQQDbwvUB/tOdQ/TLtPAF8fG +KOwGDREkDg6lXb+MshOWcdzUzg4NCmgybLlBMRmrsQd7TZjTXLDR8KdCoLXEjq/+ +8T/0709GAHbrAvv5ndJAlseIOrifEXnzgGWovR/TeIGgUUw3tKZdJXDRZslo+S4R +FGjxVJgIrCaSD96JntT6s3kr0qN51OyLrIdTaEJMUVF0HhsnLuP1Hyl0Te2v9+GS +mYHovjrHF1D2t8b8m7CKa9aIA5GPBnc6hQLdmNVDeD/GMBWsm2vLV7eJUYs66MmE +DNuxUCAKGkq6ahq97BvIxYSazQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjET +MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAk +BgNVBAMMHUNlcnRpbm9taXMgLSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4 +Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNl +cnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYwJAYDVQQDDB1DZXJ0 +aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jY +F1AMnmHawE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N +8y4oH3DfVS9O7cdxbwlyLu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWe +rP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K +/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92NjMD2AR5vpTESOH2VwnHu +7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9qc1pkIuVC +28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6 +lSTClrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1E +nn1So2+WLhl+HPNbxxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB +0iSVL1N6aaLwD4ZFjliCK0wi1F6g530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql09 +5gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna4NH4+ej9Uji29YnfAgMBAAGj +WzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQN +jLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ +KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9s +ov3/4gbIOZ/xWqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZM +OH8oMDX/nyNTt7buFHAAQCvaR6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q +619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40nJ+U8/aGH88bc62UeYdocMMzpXDn +2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1BCxMjidPJC+iKunqj +o3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjvJL1v +nxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG +5ERQL1TEqkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWq +pdEdnV1j6CTmNhTih60bWfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZb +dsLLO7XSAPCjDuGtbkD326C00EauFddEwk01+dIL8hf2rGbVJLJP0RyZwG71fet0 +BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/vgt2Fl43N+bYdJeimUV5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM +MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D +ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU +cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 +WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg +Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw +IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH +UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM +TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU +BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM +kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x +AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y +sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL +I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 +J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY +VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz +NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE +AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD +E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH +/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy +DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh +GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR +tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX +WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu +9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr +gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo +2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI +4uJEvlz36hz1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGizCCBXOgAwIBAgIEO0XlaDANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJF +UzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJ +R1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwHhcN +MDEwNzA2MTYyMjQ3WhcNMjEwNzAxMTUyMjQ3WjBoMQswCQYDVQQGEwJFUzEfMB0G +A1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJR1ZBMScw +JQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGKqtXETcvIorKA3Qdyu0togu8M1JAJke+ +WmmmO3I2F0zo37i7L3bhQEZ0ZQKQUgi0/6iMweDHiVYQOTPvaLRfX9ptI6GJXiKj +SgbwJ/BXufjpTjJ3Cj9BZPPrZe52/lSqfR0grvPXdMIKX/UIKFIIzFVd0g/bmoGl +u6GzwZTNVOAydTGRGmKy3nXiz0+J2ZGQD0EbtFpKd71ng+CT516nDOeB0/RSrFOy +A8dEJvt55cs0YFAQexvba9dHq198aMpunUEDEO5rmXteJajCq+TA81yc477OMUxk +Hl6AovWDfgzWyoxVjr7gvkkHD6MkQXpYHYTqWBLI4bft75PelAgxAgMBAAGjggM7 +MIIDNzAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnBr +aS5ndmEuZXMwEgYDVR0TAQH/BAgwBgEB/wIBAjCCAjQGA1UdIASCAiswggInMIIC +IwYKKwYBBAG/VQIBADCCAhMwggHoBggrBgEFBQcCAjCCAdoeggHWAEEAdQB0AG8A +cgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEAYwBpAPMAbgAgAFIA +YQDtAHoAIABkAGUAIABsAGEAIABHAGUAbgBlAHIAYQBsAGkAdABhAHQAIABWAGEA +bABlAG4AYwBpAGEAbgBhAC4ADQAKAEwAYQAgAEQAZQBjAGwAYQByAGEAYwBpAPMA +bgAgAGQAZQAgAFAAcgDhAGMAdABpAGMAYQBzACAAZABlACAAQwBlAHIAdABpAGYA +aQBjAGEAYwBpAPMAbgAgAHEAdQBlACAAcgBpAGcAZQAgAGUAbAAgAGYAdQBuAGMA +aQBvAG4AYQBtAGkAZQBuAHQAbwAgAGQAZQAgAGwAYQAgAHAAcgBlAHMAZQBuAHQA +ZQAgAEEAdQB0AG8AcgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEA +YwBpAPMAbgAgAHMAZQAgAGUAbgBjAHUAZQBuAHQAcgBhACAAZQBuACAAbABhACAA +ZABpAHIAZQBjAGMAaQDzAG4AIAB3AGUAYgAgAGgAdAB0AHAAOgAvAC8AdwB3AHcA +LgBwAGsAaQAuAGcAdgBhAC4AZQBzAC8AYwBwAHMwJQYIKwYBBQUHAgEWGWh0dHA6 +Ly93d3cucGtpLmd2YS5lcy9jcHMwHQYDVR0OBBYEFHs100DSHHgZZu90ECjcPk+y +eAT8MIGVBgNVHSMEgY0wgYqAFHs100DSHHgZZu90ECjcPk+yeAT8oWykajBoMQsw +CQYDVQQGEwJFUzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0G +A1UECxMGUEtJR1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVu +Y2lhbmGCBDtF5WgwDQYJKoZIhvcNAQEFBQADggEBACRhTvW1yEICKrNcda3Fbcrn +lD+laJWIwVTAEGmiEi8YPyVQqHxK6sYJ2fR1xkDar1CdPaUWu20xxsdzCkj+IHLt +b8zog2EWRpABlUt9jppSCS/2bxzkoXHPjCpaF3ODR00PNvsETUlR4hTJZGH71BTg +9J63NI8KJr2XXPR5OkowGcytT6CYirQxlyric21+eLj4iIlPsSKRZEv1UN4D2+XF +ducTZnV+ZfsBn5OHiJ35Rld8TWCvmHMTI6QgkYH60GFmuH3Rr9ZvHmw96RH9qfmC +IoaZM3Fa6hlXPZHNqcCjbgcTpsnt+GijnsNacgmHKNHEc8RzGF9QdRYxn7fofMM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs +ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw +MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj +aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg +nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 +HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N +Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN +dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 +HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G +CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU +sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 +4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg +8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 +mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs +ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy +ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy +dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p +OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 +8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K +Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe +hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk +6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q +AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI +bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB +ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z +qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn +0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN +sSi6 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES +MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU +V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz +WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO +LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE +AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH +K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX +RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z +rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx +3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq +hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC +MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls +XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D +lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn +aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ +YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB +8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy +dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 +YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 +dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh +IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD +LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG +EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g +KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD +ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu +bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg +ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R +85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm +4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV +HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd +QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t +lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB +o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 +opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo +dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW +ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN +AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y +/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k +SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy +Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS +Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl +nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix +RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p +YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw +NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK +EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl +cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz +dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ +fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns +bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD +75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP +FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV +HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp +5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu +b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA +A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p +6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 +dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys +Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI +l7WdmplNsDz4SgCbZN2fOUvRJ9e4 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX +DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy +dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj +YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV +OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr +zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM +VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ +hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO +ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw +awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs +OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF +coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc +okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 +t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy +1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ +SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/ca-crl-invalid.crl b/tests/cert-tests/data/ca-crl-invalid.crl new file mode 100644 index 0000000..68b7c11 --- /dev/null +++ b/tests/cert-tests/data/ca-crl-invalid.crl @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICJjCB3wIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqG +SIb3DQEBCDALBglghkgBZQMEAgGiAwIBQDAPMQ0wCwYDVQQDEwRDQS0wFw0xODA5 +MTYxMzM1NDJaGA85OTk5MTIzMTIzNTk1OVowJzAlAhQocdck3Pu5MeIpUpjb4Fis ++aYhsRcNMTgwOTE2MTMzNTQyWqBBMD8wHwYDVR0jBBgwFoAUpNhDUvJwLqnKF+mm +w5aF/wgkSEowHAYDVR0UBBUCE1ueXC860KlshpgThgNNyWGQU8QwPQYJKoZIhvcN +AQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIB +ogMCAUADggEBAElYoCVyM5W5vTfMeC7tI8WUqC3lIEXG+85AmY949KLvcx65ZAlX +fLXxx+nj0fMmL/efQEHCbpK8MfZmdesuazELePLs+e94ESZbRD4IAg2S7jCqmQ6j +Pr5vB/5A8xAIkUg+SDoPVX5VTH5UsVYhJmEfWnvkZehMst38CUqeyLJ5gp83d9nz +IuaDaHL1EOh/F+Ul/PANnyot2tHh02WBRbLI0c0Sr7nsVvHwIMfNtB0kXFKg5fmJ +puwhtNJGinWXpEgoMls7KXf+HOhiOwrMyTLxjhkawVRpjpdlMDPFp4sB0NdcIfr1 +HocKGTK84068uzN8Sk1QSuXpccL4YCr/fNo= +-----END X509 CRL----- diff --git a/tests/cert-tests/data/ca-crl-invalid.pem b/tests/cert-tests/data/ca-crl-invalid.pem new file mode 100644 index 0000000..24adf40 --- /dev/null +++ b/tests/cert-tests/data/ca-crl-invalid.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAjmgAwIBAgIUYrdL5TzzAJamxI3rTXeNdP+1SrUwPQYJKoZIhvcNAQEK +MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC +AUAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xODA5MTYxMzIzNTNaGA85OTk5MTIzMTIz +NTk1OVowDzENMAsGA1UEAxMEQ0EtMDCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg +hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCC +AQoCggEBAK4RFQTNLU6aXid/ji3MU6W4iAYfFHGyxOgd/69wJ/yFu/gfBqJ3lNVy ++FvQvWtqq1N+mPixWjNIjPrHHsfEWhfNXEi3tSbcNwBFxMJ5Wc07BrYdrpQqfNb/ +Qb3cZbmWmmWp/A+BBFD09sI2imjVvJstjCUux6xxGG4jgXAdGkcAXH7ehi+D7nXQ +yuIlfAv0QH2gWtHJ1wc3tMHghxSpBhS+KU2QxuRlQPlQrFfTSzjjQSYJ8qqFvYDN +4emSFKEc5iJSRPrleTNDtSf5BQ7JVBmvBOCkUvlkVV6QjU+zMaJbwqaQuE7mOHbo +myUCujP/k6eKv+P3l6OI+zu7+zBaebkCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB +/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBSk2ENS8nAuqcoX6abDloX/CCRI +SjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL +BglghkgBZQMEAgGiAwIBQAOCAQEAkGJ1suWS6LS7NcYk37KmfREcOMmh9lQdi4re +tycRwn2tDaaRvRaiHAGndxZAPTfF9yBJ5LOzcSvSGsCOa2GE5Y3WtIVInadSudli +o8pxSoWon0vF7dBzZGbC+/iSbKoF7bwF4WTE9dqEdMWOE/+eHT3RsJqtk0PdbBqD +nqjQyb6QdrKPveoDVyfxszLA2gdJoTA6J+DJ5s8j197Hp9zXoPoIWY5/JDKpQweD +mGAS9Efhx5UPbnluqlj/HzG0U43gLajYcSenG35uszF+muS9FrsYZb0qtl9vQ5zJ +zmSAnjFYa8/p/zmcZKmZf0GIrxUQzn1lddy0Ys42cF22gc3sSg== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/ca-crl-valid.crl b/tests/cert-tests/data/ca-crl-valid.crl new file mode 100644 index 0000000..d8d8ba8 --- /dev/null +++ b/tests/cert-tests/data/ca-crl-valid.crl @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICJjCB3wIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqG +SIb3DQEBCDALBglghkgBZQMEAgGiAwIBQDAPMQ0wCwYDVQQDEwRDQS0wFw0xODA5 +MTYxMzQ4MjBaGA85OTk5MTIzMTIzNTk1OVowJzAlAhQYv9ruS7EaM2V7tn8kz3Rh +vQxmhxcNMTgwOTE2MTM0ODIwWqBBMD8wHwYDVR0jBBgwFoAUUPN34B1PsHCSBKfl +DvkuCvTuz+QwHAYDVR0UBBUCE1ueXyYRxCO5zh+eeQTS31LHIvMwPQYJKoZIhvcN +AQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIB +ogMCAUADggEBAH+J2DiyaZ+qKWKnrRluWQK/KSJ/a+Do7ox18swNg3VMtEP360TB +vh0/ctrbeb/H12YmwvrQdMPSIAcDiyBGannqG3L2mijDXZq3F2azL0WZiKAsDsBi +a3DW28F9KDPBQYuiUVYCn/C3r0CtDJuv1eARZtyc2BLujRgXUibVJej6U26mtPjs +DcDsXIWmBqRquMXhj0TY0MvkbNvT1XhDBBmSlQo+EC5zz5FZ4e9DvWiPcJqgkx4X +S58Xh+tpQR9IyyO8OLkNpMy5Zy1J6o3rTO5ZScEzjaO45YmN7BFoMljOdD1W2ID5 +MHVXfLRltra7qiZLXKhZ0aHfkzD3Xdu74JQ= +-----END X509 CRL----- diff --git a/tests/cert-tests/data/ca-crl-valid.pem b/tests/cert-tests/data/ca-crl-valid.pem new file mode 100644 index 0000000..53dab80 --- /dev/null +++ b/tests/cert-tests/data/ca-crl-valid.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAjmgAwIBAgIUIhM6Lo4vY8WseBrZi5UmDsqK3AAwPQYJKoZIhvcNAQEK +MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC +AUAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xODA5MTYxMzQ4MDVaGA85OTk5MTIzMTIz +NTk1OVowDzENMAsGA1UEAxMEQ0EtMDCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg +hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCC +AQoCggEBANPX6SGS5KZmUtn1ZT5CtvcMv3hKLosvLEYzpvbjjprFdL3UmBlWSu9f +u/0az9kT6D0maWKmtiF0AT4dD5CL/8391l2ZhiG9wxopBXAnxBRkO2+YZcaNY+ty +4PqZauWc2InZ0rMYI8rfSbUREgWO+d8SBBbU2wACzh1AZwMbtjEc2aGP+PXiC4m0 +axxRk0lD4ZpklA8oVMIwUNS09NQcbn7YqlnxCVxd22Z40XspeCsihXkI2d1OXWmG +J3HtEi3Ors1jyeGF3B68TplPJ3I1buuVTVJv32mVj4elQr78kTRtxyWoxL+pDt3y +o95W+VOvuAfULQWNuk49w901t4mimEcCAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB +/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRQ83fgHU+wcJIEp+UO+S4K9O7P +5DA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL +BglghkgBZQMEAgGiAwIBQAOCAQEAluZhfkQIDnSj+uQJpb0hTNW4cMqQXSM0khAe +LYunzXvksXFnRz5w/qLNcvQQ94s1ej8RAXJQXG63x51eAlpwqLffcXA1rGCpUBwM +9NsiNVkh/wMyZ0LcoyztvFRI/9JR40HzUWvp4k/SxLT25BQavlwborEO45HxHk1Q +hEeWyuxNt/V9QKQ/DKtPQbbObT4gfg+mwWNntRS8VKqd1PsFr4oxmFXgGkpu04uW +QV63kq7b54RzgYIPssm2Vr9JvLoZ+1q9VhZT08wx6NDxPIe70HydqTcfsOA8p84o +MvcleJjNs4+1RPmNVhnnZDPYtBNnudn8NtMaN5AzZWa3Y41boA== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/ca-gnutls-keyid.pem b/tests/cert-tests/data/ca-gnutls-keyid.pem new file mode 100644 index 0000000..fdb7520 --- /dev/null +++ b/tests/cert-tests/data/ca-gnutls-keyid.pem @@ -0,0 +1,43 @@ +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00 +Subject: C=SE,CN=GnuTLS Test +Issuer: C=SE,CN=GnuTLS Test +Signature Algorithm: RSA-SHA +Validity: + Not Before: Wed Jan 31 10:23:47 2007 + Not After: Wed Mar 14 10:23:51 2007 +Subject Public Key Info: + Public Key Algorithm: RSA (512 bits) +modulus: + c6:94:06:28:a7:51:24:39:b1:5a:01:54:9b:50:d4: + 17:0c:4d:df:ac:42:00:07:e5:72:30:dc:88:2d:82: + 16:80:da:23:47:a8:46:7c:c8:88:4f:0f:6a:d2:b4: + 86:97:db:94:87:85:35:2f:51:e7:1c:33:7e:6b:1c: + 00:07:1b:bb: +public exponent: + 01:00:01: + +X.509 Extensions: + Basic Constraints: (critical) + CA:TRUE + Subject Key ID: + BA:E4:6F:63:51:90:6C:38:1B:DF:DA:89:B5:92:87:D3:29:E7:D7:41 + +Other information: + MD5 Fingerprint: 49:4C:5E:02:10:16:82:5E:18:86:74:DF:51:56:EF:CC + SHA1 Fingerprint: B9:29:A0:CD:D1:B2:8F:C8:89:EB:87:E6:B5:9B:13:62:1C:D4:36:BF + Public Key ID: BA:E4:6F:63:51:90:6C:38:1B:DF:DA:89:B5:92:87:D3:29:E7:D7:41 + + +-----BEGIN CERTIFICATE----- +MIIBYjCCAQ6gAwIBAgIBADALBgkqhkiG9w0BAQUwIzELMAkGA1UEBhMCU0UxFDAS +BgNVBAMTC0dudVRMUyBUZXN0MB4XDTA3MDEzMTA5MjM0N1oXDTA3MDMxNDA5MjM1 +MVowIzELMAkGA1UEBhMCU0UxFDASBgNVBAMTC0dudVRMUyBUZXN0MFkwCwYJKoZI +hvcNAQEBA0oAMEcCQMaUBiinUSQ5sVoBVJtQ1BcMTd+sQgAH5XIw3IgtghaA2iNH +qEZ8yIhPD2rStIaX25SHhTUvUeccM35rHAAHG7sCAwEAAaMyMDAwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUuuRvY1GQbDgb39qJtZKH0ynn10EwCwYJKoZIhvcN +AQEFA0EAMIM/ZIai49eKHg/Hb/LoKPtY8bLIf+oRw+0ifZghudZPokwIukVRoRw3 +rvJSTitBJGH9uyNWn8bbackkkg4otA== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/ca-no-keyid.pem b/tests/cert-tests/data/ca-no-keyid.pem new file mode 100644 index 0000000..50675e4 --- /dev/null +++ b/tests/cert-tests/data/ca-no-keyid.pem @@ -0,0 +1,40 @@ +X.509 certificate info: + +Version: 3 +Serial Number (hex): 2A +Subject: CN=GnuTLS test2 +Issuer: CN=GnuTLS test2 +Signature Algorithm: RSA-SHA +Validity: + Not Before: Wed Jan 31 10:34:15 2007 + Not After: Wed Mar 14 10:34:18 2007 +Subject Public Key Info: + Public Key Algorithm: RSA (512 bits) +modulus: + c6:94:06:28:a7:51:24:39:b1:5a:01:54:9b:50:d4: + 17:0c:4d:df:ac:42:00:07:e5:72:30:dc:88:2d:82: + 16:80:da:23:47:a8:46:7c:c8:88:4f:0f:6a:d2:b4: + 86:97:db:94:87:85:35:2f:51:e7:1c:33:7e:6b:1c: + 00:07:1b:bb: +public exponent: + 01:00:01: + +X.509 Extensions: + Basic Constraints: (critical) + CA:TRUE + +Other information: + MD5 Fingerprint: 0F:AF:52:29:F4:17:B4:28:8E:FA:7D:F1:76:F3:81:FF + SHA1 Fingerprint: 93:8D:80:22:77:17:0D:12:51:56:32:61:9F:12:BA:B7:66:D9:38:77 + Public Key ID: BA:E4:6F:63:51:90:6C:38:1B:DF:DA:89:B5:92:87:D3:29:E7:D7:41 + + +-----BEGIN CERTIFICATE----- +MIIBKjCB16ADAgECAgEqMAsGCSqGSIb3DQEBBTAXMRUwEwYDVQQDEwxHbnVUTFMg +dGVzdDIwHhcNMDcwMTMxMDkzNDE1WhcNMDcwMzE0MDkzNDE4WjAXMRUwEwYDVQQD +EwxHbnVUTFMgdGVzdDIwWTALBgkqhkiG9w0BAQEDSgAwRwJAxpQGKKdRJDmxWgFU +m1DUFwxN36xCAAflcjDciC2CFoDaI0eoRnzIiE8PatK0hpfblIeFNS9R5xwzfmsc +AAcbuwIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MAsGCSqGSIb3DQEBBQNBAI6O +9GReGvX7vMcZxjMOua6mIOViqOPeMzJRNEFqUAo4aHy/ad17nHZhy3WsWm2GkrTk +AiKsBcgbwyu2d/Fg6js= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/ca-no-pathlen.pem b/tests/cert-tests/data/ca-no-pathlen.pem new file mode 100644 index 0000000..1f4804f --- /dev/null +++ b/tests/cert-tests/data/ca-no-pathlen.pem @@ -0,0 +1,48 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 00 + Issuer: O=GnuTLS test certificate + Validity: + Not Before: Fri Jan 26 10:00:04 UTC 2007 + Not After: Sat Jan 27 10:00:06 UTC 2007 + Subject: O=GnuTLS test certificate + Subject Public Key Algorithm: RSA + Modulus (bits 512): + 00:a1:63:53:6b:54:95:ac:3c:a4:4b:4b:6a:ba:c0:9c + 11:ad:28:dd:03:a8:c0:f4:17:bf:18:cd:9f:b3:5a:d1 + de:21:41:db:a3:d2:6c:f9:66:87:69:7c:50:07:81:66 + 41:28:c9:99:e2:eb:cc:57:53:9d:0c:b1:94:6f:ef:eb + 17 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): TRUE + Subject Key Identifier (not critical): + 3f00012df1304b60a3b0306cab0e93fe0158801b + Signature Algorithm: RSA-SHA1 + Signature: + 9b:c1:b6:d9:df:2c:b1:1d:dd:da:14:19:94:b3:7c:12 + e9:33:a5:2e:b5:c0:82:1d:45:7a:bf:73:b9:30:74:9d + f3:6e:7e:4c:f3:8d:ed:2a:f8:3f:39:04:ef:a4:fd:e3 + fc:cb:ba:1f:2a:1d:ad:f3:f9:68:39:f4:6d:1f:6a:15 +Other Information: + Fingerprint: + sha1:f3ddd5478b80b142200b50c9eb2ee37061b09ed6 + sha256:2a97f5b23c554a847b505429d9660ac2549bee5cc9279cb8c98d4b13729234ba + Public Key ID: + sha1:f268df0e814c0302ed338e146f57421dba44f06c + sha256:aafdaec29861f9d05de1dfdc1c7a64332cedead32fcb790597b4757ea1104815 + Public Key PIN: + pin-sha256:qv2uwphh+dBd4d/cHHpkMyzt6tMvy3kFl7R1fqEQSBU= + +-----BEGIN CERTIFICATE----- +MIIBYDCCAQygAwIBAgIBADALBgkqhkiG9w0BAQUwIjEgMB4GA1UEChMXR251VExT +IHRlc3QgY2VydGlmaWNhdGUwHhcNMDcwMTI2MTAwMDA0WhcNMDcwMTI3MTAwMDA2 +WjAiMSAwHgYDVQQKExdHbnVUTFMgdGVzdCBjZXJ0aWZpY2F0ZTBZMAsGCSqGSIb3 +DQEBAQNKADBHAkChY1NrVJWsPKRLS2q6wJwRrSjdA6jA9Be/GM2fs1rR3iFB26PS +bPlmh2l8UAeBZkEoyZni68xXU50MsZRv7+sXAgMBAAGjMjAwMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFD8AAS3xMEtgo7AwbKsOk/4BWIAbMAsGCSqGSIb3DQEB +BQNBAJvBttnfLLEd3doUGZSzfBLpM6UutcCCHUV6v3O5MHSd825+TPON7Sr4PzkE +76T94/zLuh8qHa3z+Wg59G0fahU= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/ca-public.gpg b/tests/cert-tests/data/ca-public.gpg new file mode 100644 index 0000000..b723a56 --- /dev/null +++ b/tests/cert-tests/data/ca-public.gpg @@ -0,0 +1,14 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.6 (GNU/Linux) + +mI0ESCeL9AEEAKkKkm7GHWCDcH8czhIJ/6SlWvVfRkztA4hg3KXLGe4TD9I+yHg6 +XNKuu2tDVJOsLCtpIzqyBz+Ov2nJs893c4aTInxFFXTs99pWxiEl77YegcnC2LNz +QurUszDYjEm6cU/cI/M4vqLf9CtnnThBsiOvM0YwjuQOviEjVUth/4KVABEBAAG0 +SUNlcnRpZmljYXRlIEF1dGhvcml0eSAoRk9SIFRFU1QgVVNFIE9OTFkgLS0gRE8g +Tk9UIFVTRSEpIDxjYUBleGFtcGxlLm5ldD6ItgQTAQIAIAUCSCeL9AIbAwYLCQgH +AwIEFQIIAwQWAgMBAh4BAheAAAoJEFivn820S0CBo/ID/jizo8QzauEbbRitHLjY +vZhvwbH44m3mNqehxHsPxYJFGvtlzs0kXWcHoO9jL86zPHJRiy+iIEU58HNaH3za +BqJ4LAqo/yl57uP/RwPP0O+vPYgP0UmfyJX/n9DnTKG1kjA/m/2HmIgSxNx8jBb2 +J0tdVShq6fYGS2dRQRbq6SCi +=1W5B +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/cert-tests/data/ca-secret.gpg b/tests/cert-tests/data/ca-secret.gpg new file mode 100644 index 0000000..0534400 --- /dev/null +++ b/tests/cert-tests/data/ca-secret.gpg @@ -0,0 +1,21 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.6 (GNU/Linux) + +lQHYBEgni/QBBACpCpJuxh1gg3B/HM4SCf+kpVr1X0ZM7QOIYNylyxnuEw/SPsh4 +OlzSrrtrQ1STrCwraSM6sgc/jr9pybPPd3OGkyJ8RRV07PfaVsYhJe+2HoHJwtiz +c0Lq1LMw2IxJunFP3CPzOL6i3/QrZ504QbIjrzNGMI7kDr4hI1VLYf+ClQARAQAB +AAP7BCvyxRSTEFKi4b3JSrhf8t7lm07mKksigYjAatmgpdeaSTPYi/nTi7VMgnjN +wZVn0D9yCazWKts5pC4nFGYY6scTr9tp4k4U/79PXWCmTQjAQeAv/gFn9ZHk+2Js +c7ScZ4gr/ZtyY7UUUxOrAPA5wCmei7GchD/AgCRs0IF6akECAMz88+bjsFUomHv+ +6gfaNFT3OzZoS8NNM/aBmFKmPrBEUBaRdQ0lcIEsUlK2yGXsAJvQue57lwWNsxN4 +FohDbNUCANMblEVSUOamaFLx+DyxCf1xm2r5n0jkH/nAKEJur0vozcIF6qTgN8vf +Yj5VfuIFHrQ1LH7SsBpIrAakm3WDnsEB/1AuVFoRuYSS4DH60fWhD01CJaEe8/Qz +eTRorHpDO8MGVoV5EViNO5vF9u0wkYQS7H4UAlhrUcTJNP9/SBIaF1mhubRJQ2Vy +dGlmaWNhdGUgQXV0aG9yaXR5IChGT1IgVEVTVCBVU0UgT05MWSAtLSBETyBOT1Qg +VVNFISkgPGNhQGV4YW1wbGUubmV0Poi2BBMBAgAgBQJIJ4v0AhsDBgsJCAcDAgQV +AggDBBYCAwECHgECF4AACgkQWK+fzbRLQIGj8gP+OLOjxDNq4RttGK0cuNi9mG/B +sfjibeY2p6HEew/FgkUa+2XOzSRdZweg72MvzrM8clGLL6IgRTnwc1offNoGongs +Cqj/KXnu4/9HA8/Q7689iA/RSZ/Ilf+f0OdMobWSMD+b/YeYiBLE3HyMFvYnS11V +KGrp9gZLZ1FBFurpIKI= +=1M8/ +-----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/cert-tests/data/ca-weird-keyid.pem b/tests/cert-tests/data/ca-weird-keyid.pem new file mode 100644 index 0000000..6ecfef4 --- /dev/null +++ b/tests/cert-tests/data/ca-weird-keyid.pem @@ -0,0 +1,49 @@ +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00:D2:08:1A:82:A4:27:85:2B +Subject: C=AU,ST=Some-State,O=Internet Widgits Pty Ltd +Issuer: C=AU,ST=Some-State,O=Internet Widgits Pty Ltd +Signature Algorithm: RSA-SHA +Validity: + Not Before: Wed Jan 31 10:23:01 2007 + Not After: Sat Jan 28 10:23:01 2017 +Subject Public Key Info: + Public Key Algorithm: RSA (512 bits) +modulus: + c6:94:06:28:a7:51:24:39:b1:5a:01:54:9b:50:d4: + 17:0c:4d:df:ac:42:00:07:e5:72:30:dc:88:2d:82: + 16:80:da:23:47:a8:46:7c:c8:88:4f:0f:6a:d2:b4: + 86:97:db:94:87:85:35:2f:51:e7:1c:33:7e:6b:1c: + 00:07:1b:bb: +public exponent: + 01:00:01: + +X.509 Extensions: + Basic Constraints: + CA:TRUE + Subject Key ID: + 7A:2C:7A:60:97:46:06:03:CB:FB:28:E8:E2:19:DF:18:DE:EB:4E:0D + Authority Key ID: + 7A:2C:7A:60:97:46:06:03:CB:FB:28:E8:E2:19:DF:18:DE:EB:4E:0D + +Other information: + MD5 Fingerprint: EF:6B:8B:10:03:E4:5F:5E:76:AA:A9:88:8A:6E:03:14 + SHA1 Fingerprint: 7C:7C:88:BD:34:5A:EC:F1:3C:6A:70:92:76:73:1B:59:32:DA:5E:74 + Public Key ID: BA:E4:6F:63:51:90:6C:38:1B:DF:DA:89:B5:92:87:D3:29:E7:D7:41 + + +-----BEGIN CERTIFICATE----- +MIICKzCCAdWgAwIBAgIJANIIGoKkJ4UrMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMDcwMTMxMDkyMzAxWhcNMTcwMTI4MDkyMzAxWjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMaU +BiinUSQ5sVoBVJtQ1BcMTd+sQgAH5XIw3IgtghaA2iNHqEZ8yIhPD2rStIaX25SH +hTUvUeccM35rHAAHG7sCAwEAAaOBpzCBpDAdBgNVHQ4EFgQUeix6YJdGBgPL+yjo +4hnfGN7rTg0wdQYDVR0jBG4wbIAUeix6YJdGBgPL+yjo4hnfGN7rTg2hSaRHMEUx +CzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRl +cm5ldCBXaWRnaXRzIFB0eSBMdGSCCQDSCBqCpCeFKzAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBBQUAA0EAv5CpU4DykkfMcy1BLbsowb/7YritEudYemW3cOMg6q92 +tc8eEDBjIYcVccHJMM27fTKt7AIDUiHUysFFxclcww== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/cert-ca.p12 b/tests/cert-tests/data/cert-ca.p12 new file mode 100644 index 0000000..cddde70 Binary files /dev/null and b/tests/cert-tests/data/cert-ca.p12 differ diff --git a/tests/cert-tests/data/cert-ecc256-full.pem b/tests/cert-tests/data/cert-ecc256-full.pem new file mode 100644 index 0000000..ab16d16 --- /dev/null +++ b/tests/cert-tests/data/cert-ecc256-full.pem @@ -0,0 +1,68 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 07 + Issuer: CN=GnuTLS certificate authority,ST=Leuven,OU=GnuTLS certificate authority,O=GnuTLS,C=BE + Validity: + Not Before: Sat Sep 01 09:22:36 UTC 2012 + Not After: Sat Oct 05 09:22:36 UTC 2019 + Subject: EMAIL=none@none.org,pseudonym=jackal,title=Dr.,UID=clauper,CN=Cindy Lauper,ST=Attiki,OU=sleeping dept.,O=Koko inc.,C=GR + Subject Public Key Algorithm: EC/ECDSA + Algorithm Security Level: High (256 bits) + Curve: SECP256R1 + X: + 3c:15:6f:1d:48:3e:64:59:13:2c:6d:04:1a:38:0d:30 + 5c:e4:3f:55:cb:d9:17:15:46:72:71:92:c1:f8:c6:33 + Y: + 3d:04:2e:c8:c1:0f:c0:50:04:7b:9f:c9:48:b5:40:fa + 6f:93:82:59:61:5e:72:57:cb:83:06:bd:cc:82:94:c1 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Subject Alternative Name (not critical): + DNSname: www.none.org + DNSname: www.morethanone.org + DNSname: localhost + IPAddress: 192.168.1.1 + Key Purpose (not critical): + TLS WWW Server. + Key Usage (critical): + Digital signature. + Subject Key Identifier (not critical): + acfa4767c61b41791257f7ac05c150e28ed00e5b + Authority Key Identifier (not critical): + f0b481fe9812bfb528b9644003cbcc1f664e2803 + Signature Algorithm: ECDSA-SHA256 + Signature: + 30:45:02:20:28:2a:e0:24:c8:9e:44:50:d4:36:85:a0 + 8f:30:9a:ed:8a:3f:ce:38:e4:d5:91:5c:aa:2e:6a:0d + 96:25:21:73:02:21:00:c7:82:b1:6a:86:49:35:57:c1 + 05:27:38:6c:0f:57:4f:3f:f6:3a:7a:60:01:9b:ad:52 + 88:4d:35:bf:ed:99:11 +Other Information: + Fingerprint: + sha1:8c6802792736a5ce00e75b2095626aa13ca0c0c0 + sha256:222ddff7f65043153f439d4e2b74b87f9e366d96a1506b5ad3e8e0f1bb95da9e + Public Key ID: + sha1:acfa4767c61b41791257f7ac05c150e28ed00e5b + sha256:5978dd1d2d23e992075dc359d5dd14f7ef79748af97f2b7809c9ebfd6016c433 + Public Key PIN: + pin-sha256:WXjdHS0j6ZIHXcNZ1d0U9+95dIr5fyt4Ccnr/WAWxDM= + +-----BEGIN CERTIFICATE----- +MIIC4DCCAoagAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G +A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y +aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0 +ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMzZaGA8yMDE5MTAwNTA5MjIzNlow +gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs +ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh +dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G +A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL2RcVRnJx +ksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwaOBtjCBszAMBgNV +HRMBAf8EAjAAMD0GA1UdEQQ2MDSCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFu +b25lLm9yZ4IJbG9jYWxob3N0hwTAqAEBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G +A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKz6R2fGG0F5Elf3rAXBUOKO0A5bMB8G +A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0gAMEUC +ICgq4CTInkRQ1DaFoI8wmu2KP8445NWRXKouag2WJSFzAiEAx4KxaoZJNVfBBSc4 +bA9XTz/2OnpgAZutUohNNb/tmRE= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/cert-ecc256.pem b/tests/cert-tests/data/cert-ecc256.pem new file mode 100644 index 0000000..3f5cbc1 --- /dev/null +++ b/tests/cert-tests/data/cert-ecc256.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4DCCAoagAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G +A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y +aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0 +ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMzZaGA8yMDE5MTAwNTA5MjIzNlow +gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs +ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh +dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G +A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL2RcVRnJx +ksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwaOBtjCBszAMBgNV +HRMBAf8EAjAAMD0GA1UdEQQ2MDSCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFu +b25lLm9yZ4IJbG9jYWxob3N0hwTAqAEBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G +A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKz6R2fGG0F5Elf3rAXBUOKO0A5bMB8G +A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0gAMEUC +ICgq4CTInkRQ1DaFoI8wmu2KP8445NWRXKouag2WJSFzAiEAx4KxaoZJNVfBBSc4 +bA9XTz/2OnpgAZutUohNNb/tmRE= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/cert-eddsa.pem b/tests/cert-tests/data/cert-eddsa.pem new file mode 100644 index 0000000..dd32801 --- /dev/null +++ b/tests/cert-tests/data/cert-eddsa.pem @@ -0,0 +1,46 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 5601474a2a8dc330 + Issuer: CN=IETF Test Demo + Validity: + Not Before: Mon Aug 01 12:19:24 UTC 2016 + Not After: Mon Dec 31 23:59:59 UTC 2040 + Subject: CN=IETF Test Demo + Subject Public Key Algorithm: ECDH (X25519) + Algorithm Security Level: High (256 bits) + Curve: X25519 + X: + 85:20:f0:09:89:30:a7:54:74:8b:7d:dc:b4:3e:f7:5a + 0d:bf:3a:0d:26:38:1a:f4:eb:a4:a9:8e:aa:9b:4e:6a + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Key Usage (not critical): + Key agreement. + Subject Key Identifier (not critical): + 9b1f5eeded043385e4f7bc623c5975b90bc8bb3b + Signature Algorithm: EdDSA-Ed25519 + Signature: + af:23:01:fe:dd:c9:e6:ff:c1:cc:a7:3d:74:d6:48:a4 + 39:80:82:cd:db:69:b1:4e:4d:06:ec:f8:1a:25:ce:50 + d4:c2:c3:eb:74:6c:4e:dd:83:46:85:6e:c8:6f:3d:ce + 1a:18:65:c5:7a:c2:7b:50:a0:c3:50:07:f5:e7:d9:07 +Other Information: + Fingerprint: + sha1:8b011a41d9b72f9848b1dcbd3a038fa8c9d0a536 + sha256:180516f0a03e4893d234a28f3ad28921bc35d1b12bd35134847240dafb715a11 + Public Key ID: + sha1:fa752c35cb9a51d2069147e6e682155aaf2e5836 + sha256:291c5293e030452a599851a7c7298f3f16c3ff1bdfafcb598927f2631f9fa641 + Public Key PIN: + pin-sha256:KRxSk+AwRSpZmFGnxymPPxbD/xvfr8tZiSfyYx+fpkE= + +-----BEGIN CERTIFICATE----- +MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBU +ZXN0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYD +VQQDDA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oN +vzoNJjga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQE +AwIDCDAgBgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EA +ryMB/t3J5v/BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3O +GhhlxXrCe1Cgw1AH9efZBw== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/cert-invalid-utf8.der b/tests/cert-tests/data/cert-invalid-utf8.der new file mode 100644 index 0000000..b6b45e3 Binary files /dev/null and b/tests/cert-tests/data/cert-invalid-utf8.der differ diff --git a/tests/cert-tests/data/cert-rsa-pss.pem b/tests/cert-tests/data/cert-rsa-pss.pem new file mode 100644 index 0000000..ffaee16 --- /dev/null +++ b/tests/cert-tests/data/cert-rsa-pss.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE8jCCAyagAwIBAgIBdDBBBgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUA +oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogMCASAwVzELMAkGA1UEBhMC +Q1oxFzAVBgNVBAoMDkN6ZWNoIFJlcHVibGljMR0wGwYDVQQLDBRNaW5pc3RyeSBv +ZiBJbnRlcmlvcjEQMA4GA1UEAwwHQ1NDQV9DWjAeFw0xMTAzMjUwMDAwMDBaFw0y +NjA2MjUwMDAwMDBaMFcxCzAJBgNVBAYTAkNaMRcwFQYDVQQKDA5DemVjaCBSZXB1 +YmxpYzEdMBsGA1UECwwUTWluaXN0cnkgb2YgSW50ZXJpb3IxEDAOBgNVBAMMB0NT +Q0FfQ1owggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCdFhq+ScQXepAA +0kp0IwF/nEv+Md3Wx41Y6WRJkTVVyU6CFPlvr/F6XLGX/ILJtM8QL97CgojDVQbE +ccNxUsZ+yjtB4n52ttWYLBN5nktJksP2aBVMu1fqoyTqBhaf0JtkpQjWKNVJYbUH +k2pXkzGUJ+YHG04jOEYIKNclY82f1Ho1Wd7di4gZ1LCBRTzIU9JVPEMOZdmLx1qQ +InOWf8deZ4Gmkj5UqzXt7vGQF/TbIedhmfnbulvyHN3UEDMZgVgzkF2fIOaBwu5s +kfo8e08/J155hZIJtUjXk/moLF8U/4ETo7qER1EkoJ9KIRIvoPwPk2QAI4JP0Hd6 +GgUMEsz0dmTxKHcJZAWXcDaKcwTrG7/xhPTAffdOZnTnOpYQPcKmjUvogqY839VQ +mwYyo+s51tVrAIe2YcdHhIdBY5SLOhHsDNadpRrBYIa8vzUgtfUH50US7dZuwUu6 +WbUiQu5vmDjvGEUa7F6eehCCf9xXkbPJZoE63t/NJYvHSFa1wDcCAwEAAaNhMF8w +HQYDVR0OBBYEFOuhT488aYrathCbEjUoztRlSghZMA4GA1UdDwEB/wQEAwIBBjAa +BgNVHSAEEzARMA8GDSqBS7cYAQEBAYnKmXwwEgYDVR0TAQH/BAgwBgEB/wIBADBB +BgkqhkiG9w0BAQowNKAPMA0GCWCGSAFlAwQCAQUAoRwwGgYJKoZIhvcNAQEIMA0G +CWCGSAFlAwQCAQUAogMCASADggGBAEcppLLH0xAkWXbBMXDa1hwqOZfKVdoUVDNT +G20V3VbDT74R2yFCLWBge9rr7S2LfF/w4Xrl3kyZ2Tn0dYoOmBcqVzH6nCYrniGx +apPmSkAexI/bjW55BOMe6CVI9qdKayqm99om/2+R+VSAKaopwOKn9IQ+4itNA0VI +0ZDHbI/pdJClRZ0OPA8DREz7+hZWMNb7S4aAYGdd1fLo0uDKf/siFkUUfkpBtkgr +4Enb1e8NMU0a5abpI25NgURB+OWhfArLB9jFmnlql6TZADLZfw49bEmr4KOddxyk +toBmFgu4/uQXcukNWB487iREvEPPIL7A90W+W3ymtlol76SChKKBGexaaNA1JW+O +sRxoN5FnXTBhyRm96lZOfvF7SjCQHMCaIeYaQ4ajjPJgxB0EbyyJMeSrjh4yJPEH +pKc3AM9MUCxC0LO/qb5oBio8TQqHYnpyvp2CsvPSezPGh/40hxsKTL8GqTxB5m9G +g6qpdcDQxM6VtrnTh08nMjaKnfXVJQ== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/cert-with-crl.p12 b/tests/cert-tests/data/cert-with-crl.p12 new file mode 100644 index 0000000..d1fda0e Binary files /dev/null and b/tests/cert-tests/data/cert-with-crl.p12 differ diff --git a/tests/cert-tests/data/cert-with-non-digits-time-ca.pem b/tests/cert-tests/data/cert-with-non-digits-time-ca.pem new file mode 100644 index 0000000..722a0b6 --- /dev/null +++ b/tests/cert-tests/data/cert-with-non-digits-time-ca.pem @@ -0,0 +1,70 @@ +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIQY8Mi35RmHbQSpWR8XD7V+zANBgkqhkiG9w0BAQsFADBt +MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDVEo1MQwwCgYDVQQKDANUSlUxFDASBgNV +BAsMC2JlaXlhbmd5dWFuMQswCQYDVQQDDAJDUzEfMB0GCSqGSIb3DQEJARYQbGpm +cG93ZXJAMTYzLmNvbTAgFw0wMDAxMDEwMTAwMDFaGA82NTY2MDMyMzEyMTIzM1ow +ajELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1RKNTEMMAoGA1UECgwDVEpVMRQwEgYD +VQQLDAtiZWl5YW5neXVhbjENMAsGA1UEAwwEYjMyNjEaMBgGCSqGSIb3DQEJARYL +bGkxQDE2My5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDUWAVE +VHGqn3tPc+kJTGwXpsiD+pwu287ibcwa7nlcQ8KyrwbS/7dnhK3Mpz3jjkbk9Zqw +Ju8R5ku9hEsSX3ZW7KQYj+jqVWVnLNlp5j0a1G2fdB7vn0ORtj9GgFAbKn37cXqo +6G2EyQ0NXhpOiwUtQXSnhbMUUJal2jMSaSGSKyyex9lDrZfSzQ164VIvMKz49kPB +Z6EupA0E6QkwZ1a8wGthdhQ3tJrHt0jcmBVpJ5mo9zlvX7ErsK4prXgJvBQR/IRc +YhqYHxsKLq/mgjezNqy/WoPN313HxDG8YETy8m9BKWI5OLBHIr0kahmBFumttlGa +a4rW+w2NZz8jtrnkM8sFSEoegO7xA8JZdO6O3mSedWOiA2zEuT8hQqkSYDSdZxOd +J1u/mdyumLErXquenaMTAHb0lviNc7llZqDKMJ8yfROZwv9PDCs3OBGOttr3MMRT +JHN5f4ZStqx6unV90Rx8QIh8wstG3c/QrJ4lBS+c72A6bMmxLpiTg1+CjG9ntgvC +mspMbVlu710Y7JHcAuq9RSnR0Nv31AGjOZEpKAGpUfzoVf47GYV38VpLskgy0tiA +Tesse5g8rUE9ozwgj6B34qfNdPxCmv6UkLYxU/CLpw2cRKT8hShAO8zDfgmU9262 +ctTdrVU3PsSwMs7F8SlG/9kWq6HgqaBPadCsRwIDAQABo4GkMIGhMB0GA1UdDgQW +BBSSPopRSpZMfPAxCvUPCu4TZmh38DAfBgNVHSMEGDAWgBRyFaB24RFh9c9zf0+D +YA01twtiWjASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjA7BgNV +HREENDAyggdhYmMuY29tggkqLmFiYy5jb22CB3h5ei5jb22CDXd3dy5iYWlkdS5j +b22HBH8AAAEwDQYJKoZIhvcNAQELBQADggIBAJwtzZT7z1eImP8a7GTnfbPYu8k4 +kdbGnWSyrEr8x6UjZQLCa1DXdxKkms84yCW1QM5vdKody/Sz1lvETPeTgpXRLlcO +i/75L+Knz1asfz3D+SO/YCSc/VF27GnkKyjFlt7LUmHuFUQoprpCi12wJ0IJP5D6 +AQarnWuS2AA4op0exLrK1+BonYyqH//QDt5jhUJFEKQVgckHOtVOklHmazplr8bu +JzHz0+C7mDtZbLXoBSgZIFaVCSk4uxsf98QWOxKQURUv8gAhHLOo/QlkyqiiFCaN +1Se0Zp16pegTxs0qS8qY1pLgw4AO56ifG+LcOmYminbAZtApmiOvtxf8JAw5Twc8 +6gLRlq2cv/bY55hZde4uvUzC/Te/zENu9rlv7qQqQ9jS5tiWZjZVqhEt275KymBT +4855pB+8oGb5Xznl6/AzmxUbOmRX1q5bbv+11ZscRtUp3XD3gA5Y5UYBF5UVICcb +zTVUNDgaUjyuXIiF/ZFtbcxX57PfIqKHP3A2XseUhpN3qFSWb29BsTAa7E59s8pL +0m/aftSXF1g/8q0IsHFuZRv4l+eyYWJhwtQTY9TTHnjYJbljcwGtVjYuAfMB+eec +beH0LdKLVbOKlMPySiqy18cKDkwQ1wTPqoZnz5/mKRr5Hpt/RKSe997NjIeuJZl0 +W0ebRMo2T0FNhUhm +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIQY8Mi35RmHbQSpWR8XD7V+jANBgkqhkiG9w0BAQsFADBt +MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDVEo1MQwwCgYDVQQKDANUSlUxFDASBgNV +BAsMC2JlaXlhbmd5dWFuMQswCQYDVQQDDAJDUzEfMB0GCSqGSIb3DQEJARYQbGpm +cG93ZXJAMTYzLmNvbTAgFw0wMDAxMDEwMTAwMDBaGA85OTk5MTIyMzExMjMzNFow +bTELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1RKNTEMMAoGA1UECgwDVEpVMRQwEgYD +VQQLDAtiZWl5YW5neXVhbjELMAkGA1UEAwwCQ1MxHzAdBgkqhkiG9w0BCQEWEGxq +ZnBvd2VyQDE2My5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+ +WcvCnpCA78zG1ZkRhiIPjPEmFx3PHaX5f+KYod68qvCqsRGsB4n7rQS2ljFUZ7MY +4GNWtiMZANdWMuOrnkT0sNmtQ1aXWh+6lMUKLr/690SkKMbKU1y6OTfGBntau6em +1djv9Q8fYmapdne3tr5UNTJBvqc5qivWiF98XUQdp8qGKLYfF0NOxkreD6u4Pddo +/6PR5pn+nbgCHkDFmVGL+0DtZzC+K/NQbKpmP4/Zpolf1C5wPpxWPpjDl/yRSctC +qX1G0WGyB8/w/IR94Gx3rDmA/NkZMP+4tXBFVSoz0XJpdNqCtwxCkl6NqLpMN0gp +XrU78ToNnTiUW4zoyIfKBSlXRkPd4srgB8gTO3cHqJkSmzt/gFMnbBP1gNV10R0P +KzbNuV/uIHx5wGYJIW8w9fL8hKrCYcO5Yfq3VDGy9Lr3/5QFYI36oPLIw0cZS/i+ +NyPLYT1TN/o6E8dtnsz1AY+VQyriW44CB6J3tlfrGLigfP81rsaQpcGd+W+0ntyc +cWpzRKwwut3I9CJSGjRuwHfz0n6Fk+Hoj+i+Qv6h/y7+KwqjDMMHIrbieBhUwQbm +Hlyj25IwyvYc6OOBymAyy8pUByAC7QWw4KxogDol6165iAubaupDxkDQXKr/IMmj +pCcTBDmVwhStVBDCD6Lo4HhxDE5a6IA4DSxdWIV2iQIDAQABo4GhMIGeMB0GA1Ud +DgQWBBRyFaB24RFh9c9zf0+DYA01twtiWjAfBgNVHSMEGDAWgBRyFaB24RFh9c9z +f0+DYA01twtiWjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjA7BgNV +HREENDAyggdhYmMuY29tggkqLmFiYy5jb22CB3h5ei5jb22CDXd3dy5iYWlkdS5j +b22HBH8AAAEwDQYJKoZIhvcNAQELBQADggIBAFYRDs+WyMwr8rPCkzFHnMK0ePfD +cWc1O1L02foAePXEicrqQwv7JnsikBsx28E0T+mjqFU+7IIq7K+T0ndlEfax96Gi +j3H8zfwAG10JBFMjsFtdo8Hq6Q4CeMu1D83NPhQacZ1lOdCp/ZUdRvlcveeBx5VX +hFel6erfsR+6GX6I0b2Z9qIBKwmpxLcsPkY60RuazvkSf7xAd4eNJ18vzdo55J1c +x6mJK+c5J63a/IW6rjEd2v6URwwlbOyuRSurXoETMxYwuxs7pBnxA3MRU/OWIaCy +fAO+2ao4qn4WNo4oGo1BJBaX+mQJa+NwCw2F+sRqGZ+3ooSq2bjjXrLxiytr4b+o +fUBiCzhZLOGaRubJXlWp39dgLf6mo3ajjYPhTUtlqv0ZfX97C7xEXitNY3Dy9aqe +NnQn2+u2dkzEMTc+zW5i+xkByRhoSXY5AhYDdyd0Qtuk1T8sRs38TJmavr6/H6hv +6FGrmgqFypmsVy1LdRAn80yVBce1t3eWcgVnTND+wSS8mEj9rHS4th4sZbwwpVWJ +Z0cJSFnqSLMh7ZrDyzcKFUhgdU7GxuaACxIbBt3f5pCp1QDKffb3kVG333l/OLqN +2qYOTP6iFf3JpKttNvaSA9Q+GNk4t/8ozZW6lfyz+uDfmQecEgAv/u1s1brMgQo7 +TQ/vJrJvgyxVSgOH +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/cert-with-non-digits-time.pem b/tests/cert-tests/data/cert-with-non-digits-time.pem new file mode 100644 index 0000000..9927695 --- /dev/null +++ b/tests/cert-tests/data/cert-with-non-digits-time.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIFQDCCAyigAwIBAgIRAPABuQ6DmexEq0k9QQaewMUwDQYJKoZIhvcNAQELBQAw +ajELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1RKNTEMMAoGA1UECgwDVEpVMRQwEgYD +VQQLDAtiZWl5YW5neXVhbjENMAsGA1UEAwwEYjMyNjEaMBgGCSqGSIb3DQEJARYL +bGkxQDE2My5jb20wHhcNICMwMTAxMDEwSTAwWhcNMzUxMjIzMTEyMzM0WjB7MQsw +CQYDVQQGEwJDTjEMMAoGA1UECAwDVEo1MQswCQYDVQQHDAJUSjEMMAoGA1UECgwD +VEpVMRQwEgYDVQQLDAtiZWl5YW5neXVhbjEMMAoGA1UEAwwDTExRMR8wHQYJKoZI +hvcNAQkBFhBsamZwb3dlckAxNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEArXvIlHbQRwFvnLFz2dsnbPBgE8WIDRpIIpRTWJL+pdi/duUcE5Xn +VRNA0lnlYBOl8igItyFudUC4o45xa0Q9Htd8hisbdaHpRpdTRUUpljH9rOOWOyY0 +aqRJ0RrU2ayhJslTH9OBBg1ZaatMYxI2u8Bz1MJrtsCUcvymScT59QAYI17ZAzI5 +ouqUsn3F5BgiU53kdm4ubfKts2su/sUvM9BN03+/p2o/50FanBVrRMHAUs2p65FM +yFtNwqT77ZpO9BZdEOV3KSRJRLbZbELoanMQ0txztznWI6PULTenf8eR24dQscqX +N38Qk+SGwp/lu/6qLN916oY2WFTRGrnCcwIDAQABo4HPMIHMMAkGA1UdEwQCMAAw +HQYDVR0OBBYEFI0Gz1ruYze8+EmA4MZ06BPU0AsiMB8GA1UdIwQYMBaAFJI+ilFK +lkx88DEK9Q8K7hNmaHfwMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF +BQcDAQYIKwYBBQUHAwQwKAYDVR0RBCEwH4IFYS5jb22CCCouYWMuY29tggZ4ei5j +b22HBH8AAAEwGAYDVR0SBBEwD4INYWJjZXd3cnd0LmNvbTAMBgNVHSQEBTADgAED +MA0GCSqGSIb3DQEBCwUAA4ICAQBvx+Z8r/YjdhvkV5XbnRan25H7afvfg3aFHDGW +q2WxNEKynxvdM9TEQtbQXJrWRj9sXXRohaYxObuAic+gYdTOrsYtk48gENG6GH4s +fxdX92XeWm2wUr0KXKOu+Mvtj/egk0bEMQloZe/tkjeOLAGzrJetXyGtxgIA+/XI +E/AyyNULHYFATZWx/XD0Q1s/VOZttPn6FG4qi5UogM/XqqCQbZ8C/DSj9RltQi02 +IGmr+CCS4Y9ACHq3HT9YfSFMPV+7OwC/fegLadsd2Bk6TwAi+WNs/48M/LATAsnH +MxFV61T/qHuabPNfmlirpe/ooMWEIAoKKvxght4CztYRK5QZA01BBgqePur4wqAw +JeAp0M+bFWEDvt6xRiijmb261WRTM2C5mqnlQFJSdZ6h9MzerBph4Zvl3USXzEMb +hXPSeIIA7TwEWeH3whqP6w6NnmcS94jCgXnmvv9uInSc/CAKz5h2HElLQroP1Mmh ++KnKOAiSQrr0vyuGjZyxebu7E5RWWS//G2FJrG+2WyOAq0rml8HcjWtZu0I54xYq +rk0SKXpUBAvLbXky9rmAM5MinasHDBnUe7zTjlNuathI+5SPJ83PK/d+0HF6zzud +nvjqR+fWa4N/3jZ0DRquE1gEUWkK7jLegPalIZiLW064nfi6j2q6HP8eiyHarnA0 +Mnwt2Q== +-----END CERTIFICATE----- +23sYiex6zj9qXDX7tsiuPs3HIxTXw +dBVaJ01yeo+BlyX4SaxmBRIvtothzDDdXmQ/9MfS8qW85vQV9AcgGRb8fqxIHhwb +FgzeYzpehR0pEAss2XZK9Q3hPLKwX8sewiDy+0tLyYayYtOqeSutaNbSMp17zZZu +x/GScbHUTGEw76nmElECOVw5VQAGpbQSsns0MRp3gtr6XZKA2LUv7eiolwV4i0e5 +zBfb+mUzVBZMVzGJhXyBExl8rx46EkjmfIoblvoipIm0hAN82HE4D6VDb1v695kC +WR7seI3gUBku6KornLFW4sIwNznvlmbOl3cRtOU= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/cert.dsa.1024.pem b/tests/cert-tests/data/cert.dsa.1024.pem new file mode 100644 index 0000000..ffde3b6 --- /dev/null +++ b/tests/cert-tests/data/cert.dsa.1024.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUTCCAxGgAwIBAgIBBzAJBgcqhkjOOAQDMGIxCzAJBgNVBAYTAkdSMRIwEAYD +VQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMQ8wDQYDVQQI +EwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExhdXBlcjAeFw0xMTAzMTkwOTM2NDVa +Fw0xMzAyMTYwOTM2NDVaMGIxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGlu +Yy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTAT +BgNVBAMTDENpbmR5IExhdXBlcjCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCHc0on +PSpqqR3lE69+wLgJJ4LISkPPLwxbPnO1mSJNnjhvucXCNjmetDFkPSO2R3MkruD4 +MCLkKlvIEnIhH8pG32R7GNHLubIp/qcjRJ7NXtS5cG6pLU4I1NWlekKUBAjQP2pl +M3U81Ut3JM39qGYZTM8NPGH0uWTIFn8PpVEzUwIVAIW0sPS7m+gJzXCJ6brM/y4i +SyzxAoGAZOMeOwOLp3iOcd5AjbXkdDIBSggMQeHbkD9fztMLhhxLaMvygncP6DOI +xpmC1LU+APB+DSqyIwhm2ag0Fuo7QYpF4nzZGeX7VWemWnGgcKSzkMStlGueW1ln +FkrUcRk8H8IksuZtxiNSgDMvPsxRxLx9m1pulbNI9IzhQDkxDAADgYQAAoGAD9H2 +GeDcrWnvl5vO9ENTwupJCNwxyi8ZyRLnSqkc7jL2muQ2rlwt9C9iH2/dxgXIkyj3 +fywCuhHFZ14iIKf1NXk6s4DY8ygIyUSEQYO9GtrW2Ce9XURzlhanRsN7iK9R7vSG +UJNKs8ktFj+wA15oQrAKhzIgoMKx8vwmCKPedBOjWjBYMAwGA1UdEwEB/wQCMAAw +GAYDVR0RBBEwD4ENbm9uZUBub25lLm9yZzAPBgNVHQ8BAf8EBQMDB4AAMB0GA1Ud +DgQWBBSnoCL+rwEPOv1vhYgslR+kUMSL+DAJBgcqhkjOOAQDAy8AMCwCFB3lEUnN +aj8lo32cDbzEpW57/AQoAhRTSD7Wa9deWKRjLgfMlG8C3S9fkw== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/cert.dsa.2048.pem b/tests/cert-tests/data/cert.dsa.2048.pem new file mode 100644 index 0000000..2fa5a5f --- /dev/null +++ b/tests/cert-tests/data/cert.dsa.2048.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE/zCCBKSgAwIBAgIBBzALBglghkgBZQMEAwIwYjELMAkGA1UEBhMCR1IxEjAQ +BgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNV +BAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMB4XDTExMDMxOTA5MzY1 +NloXDTEzMDIxNjA5MzY1NlowYjELMAkGA1UEBhMCR1IxEjAQBgNVBAoTCUtva28g +aW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNVBAgTBkF0dGlraTEV +MBMGA1UEAxMMQ2luZHkgTGF1cGVyMIIDRzCCAjkGByqGSM44BAEwggIsAoIBAQCi +UUKxOjIvSH80td9feC2nJ4/LHxHRMluH+VVyoNeUV9nNEPw/bXgyb4PurCeeV58U +NZdgykYpGlQnEuCwysewpUrt+XCbQvfeBAGDCj53Hof+9eHNEpMuS0hC5dzfG8CI +0aycUPP11Z9GteTPa2Z/c6R6ZviPAhowowNoIoXFcEeX1ga2BZ2nhwDWvNwuMbVB +4tWXdvDWGc8gD4NZp0UcWu9Wf79VBVdQ/EuItW3qCbsepjSTmMIq3BdQ78GNZVBk +7TWsDZ03RvWqUU7iSa4gnjEvvckxjaWvLHyR+XmU2QHl0iiG46YgBdOHWh28H71f +bkOkk18cQhvnI0JeGe6pAiEAo3fbOghNRsds7ncGGUYdO7ZraQI4jaRO4hWUAQXv +nu8CggEAXVxEUmcY5RbFFraJEnDB8UXZCpT3MTiH+hFMs3gS0uFLRBoB3VPtOWVv +N2qryoiCJTdfcqe61NYBPsCuHid9Iq50uLW+3Jp/No66usJOAA0moEh2ZvTZD0ge +uvb+BAKkeC0EuGIdfaPMY2FemZTS5GHD/JemxVC0TeB/1uxqS0dzp0ThCv1hBSQv +8ZHA7RP7NUV2do5AZouVZCOsbObva2G3L7nDhZ4as5b0r6UFEtljTngLds47otFU +uXXyS2/9CJQTMRRmqPlJb01QkIKvI/UUS7THcOEZopvcnkGgddEImauqxWmNkEf2 +UwuLug6VCJxDhxbinQgjjqdKbSiKqQOCAQYAAoIBAQCdXxaMhARPsbV2l4tC7hTW +WFK7bPnWoQ8s8Lj+3qQMbPdoFQ1DFoqvzmHHvrkz4RUVcVvEj7sfOWCJc1Ns9uV9 +rNxLaPD4ws4k12UXc4rTWtTlhE0NNm7yE9bskcMnse2qrfAXUjOGupsSIpfGfD02 +VY61DK1W4fUSiszy1W4aDQFFXM8w2GJXr74ElOqZmfwZr7jZCl/9ngond82NgC8g +r9Nd6wb1EFogAlFJPyOE9lCbTL2TSfD77Q7odWPvuJzux9sxBeGloT3AZoOPJVbw +QoOwOztZlkxaQj5TC3DLiOSy/xLXc8KEkYcoKDnpx5O0Hu+y6zfpggEHrgkcCB9t +o1owWDAMBgNVHRMBAf8EAjAAMBgGA1UdEQQRMA+BDW5vbmVAbm9uZS5vcmcwDwYD +VR0PAQH/BAUDAweAADAdBgNVHQ4EFgQU0yaxv0sPrcQamskx4unRfhuHJl0wCwYJ +YIZIAWUDBAMCA0gAMEUCIQCZDVfyCOZ/suQ//O05ym+CF8zeeopQzTk8BeRhVsGE +MwIgHlxKUXTEtVjS9TVQXGAy7udUJM03YP1Bj7eAQXaHiP0= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/cert.dsa.3072.pem b/tests/cert-tests/data/cert.dsa.3072.pem new file mode 100644 index 0000000..d7f89e6 --- /dev/null +++ b/tests/cert-tests/data/cert.dsa.3072.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGfTCCBiOgAwIBAgIBBzALBglghkgBZQMEAwIwYjELMAkGA1UEBhMCR1IxEjAQ +BgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNV +BAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMB4XDTExMDMxOTA5Mzcx +MVoXDTEzMDIxNjA5MzcxMVowYjELMAkGA1UEBhMCR1IxEjAQBgNVBAoTCUtva28g +aW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNVBAgTBkF0dGlraTEV +MBMGA1UEAxMMQ2luZHkgTGF1cGVyMIIExjCCAzkGByqGSM44BAEwggMsAoIBgQCE +H2+8EXX8Bs8D50phIndqugwyxZJusN3luAhf7Bkc5YCH8klfBan6zB5c+XC/CCWx +QpsDE7rhbG/zOXO6Jk2Z9DKSisbheFRW0IpISPXqFrwwXLC1ZRiAfNR0nluLprnN +6SCWIMV/PyHVHrPOMYMpV03PBkNURU8iwP3mTD06ilI0AQBkcflw709Ljj7V1ayz +UAvYMTJ8wxsq7OqTKXUr14XaziP+Wbhk5kaj1jDuEbUNpHjdifYkD7IrO7Sxxd1t +lrOJLJ4U9IFTzQ+CUzBrD5IqC5A4QZlhTfVupe3rxLxtGqu24W+p54AtJrLzOayR +6invsnNYS7hHxISRZm948d+GcxqXHLhF1dEKKxQiKonW7wzVE/3pHu372czJ8P3V +/BLCoaRFZKvt061gziluFJU4d8FpO4O3u0aUYqBf99LTImvv7VNaZ/EHHccSUb/S +Ti/YLrit1848wP89ouDKdJyWWTJLAxuNfc3s4DPkv4xrbpBMMnPX57DkQiGNmhUC +IQCSfYDnitbQRwMDhEKqqWMc5k364ppkUTGaaeA+o4DMCQKCAYBlbDF8CN9LIO2D +fVAGBAZeYN4yJZuACJTXD56ZFgRMATXt6vhOIJDEWIo0+9Zl9wIlKOVDQnubzwI2 +li5xSvgmu9/qpksDU3Yd9OAw/Ni5qFelbU7aqfkczAsDPZkWleo1zNTKX2S64jmn +jkY/Cxst1VCpmei7kcu1nllxUNCz5dAjHE5vkDNdfXzYU68MpBoEqmkO1jRIRIjk +cNqMJd2te28pRcLS+uWXaUDYLayOEJNVCUmTo0FaxOvG3rRgQXUtw9BQJrRte6ig +R3vdOT4WeqlhF0KJKZ46h3Mm6aiDgmQftRl7ml0gjrpOjmbDI/ettbGV3WBJ2ib+ +WDsGmkRjozpj7bwhffwpZEdSD7Wpeqemf8f4KQsacOwnYxqojScZ+g9y1P3TeCyd +6+TFe7zE/a8a52129Dm85jmUWEkZ+L+3PwE0yccaaNCenK0Yjxv414OM4AMZZ/AN +vBJK1rX3aFcwWaPvmuyU0j6gu6uhFwlvbw1U2mj8/fTOdO/vhxQDggGFAAKCAYAU +qnAgGuLNJxfdcIBhP0flKntaaVZdC9BlMUjkU4na0knvxLlGvTFVbre6Pxzh28Er +Qn0MXkL9Nim1aLoN0Qf2OKKtdPyUqsItKbxp11oJkKdfypFB7hTY31vfzwyJvMY5 +h8bVERDCBbAeIC8K22YhC8Z8beObBO2Cq6akxoOaFMK9CSB1tfD8R1kwWIdAU6XT +Le6IYlIT+/eO2cgirdKqZAU+wfIYzGOc+ssZlPB8celicXUMWEcNJzyof1UBuJtQ +nFOHp5jzt3k+L82OgcixJheizkRgIsEFo6whgEAgZgltelkaX34N0U1QOlmaBjk7 +Ra23tSg5IrcxOGojB9AEnLLWbfs+LYOmOugwRNTFTLXHIQaCyI08gs9hOytLrto0 +emzb1u64QmSkpIVl2cESmhqI54dwkFAPnBDSISBfhPw8ya9TPMxZXj60+MNfxN8k +B4AjS6wwBk6dBkD/dAVVbWksfcvLoR2rVcp6ZLzqJw6NngQPL94++bJ1r2OxzQmj +WjBYMAwGA1UdEwEB/wQCMAAwGAYDVR0RBBEwD4ENbm9uZUBub25lLm9yZzAPBgNV +HQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQxegyJIDYgadVaqBrO81tT291/mzALBglg +hkgBZQMEAwIDRwAwRAIgepYDoITa8WjRzLdTd0TXI+Q3ZXnU4jw41twfr6qrOgsC +IGhtDkXsPybKVFTuRt1I3b84xbBeDFKj1H6n3UByZx5M +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/chain-512-ca.pem b/tests/cert-tests/data/chain-512-ca.pem new file mode 100644 index 0000000..57b9850 --- /dev/null +++ b/tests/cert-tests/data/chain-512-ca.pem @@ -0,0 +1,45 @@ +-----BEGIN CERTIFICATE----- +MIIDATCCAbmgAwIBAgIUf62L1YAmuKuNR4Bnwn4FEjFDpOcwPQYJKoZIhvcNAQEK +MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC +AUAwDzENMAsGA1UEAxMEQ0EtMTAgFw0xOTEyMTgxMjUyMjZaGA85OTk5MTIzMTIz +NTk1OVowEzERMA8GA1UEAxMIc2VydmVyLTIwgZswEAYHKoZIzj0CAQYFK4EEACMD +gYYABAGxhmDvIvu97o66LrAU40sO9Mqh78UpxNpdsDD8tD0aDhOivP2WK/9LqSBJ +uaIIzY4pQyNAHdp8WFnmwiutiMnXHgGcps4Mw7gEKMlQKDP8zS2GSkJt9r0ct6jY ++39JQ+fM0PPcxlyFMQlLTMwcFKPAH+stA3MqxroPLHpeds9u1HcrXaN3MHUwDAYD +VR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwDwYDVR0PAQH/BAUDAweA +ADAdBgNVHQ4EFgQUjYaF/lZImEi+LQtLIh9y035UucAwHwYDVR0jBBgwFoAUmoMA +sMqoL0N4sF0RT5M2mxyQrs8wPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGh +GjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEBAJ+FXZz9F6ie8EJc +OMA55zOr+SPgSqf/6E1xLNQqf/s44oyXkl3FfYXYitHc6vAp1LOD3WjXCDgSSM1R +Vp0qBKDO+7ESYVCIYdzoSC4OFwVSTID+rH1bv0m9ZMiPQB97vAzXJq0bGyijPZGb +TSUHjFNImGJdZq3B/uB0c/tQBLUi9YrVT1vYZ+lpOyMYaN21zFuDB6lc5sA6/k08 +I9J369z7iVCuibvXBo4roRL7wj+Cww5l6wjeFEo3Oj8wDoRHlxTk9ym40yvZinSY +PAESEyNkpLo6Ctyjz3HVxLmTZE/TyG/hNXionRXQ1uJZJOtdIMXouGCHStx2iFcL +2PSL3ng= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICgDCCAiqgAwIBAgIUZ91YTLTnOoGdoBoMZrk6sdNguM0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTEyMTgxMjUyMjZaGA85OTk5MTIzMTIz +NTk1OVowDzENMAsGA1UEAxMEQ0EtMTCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg +hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCC +AQoCggEBALYQaHpuXl4jEi7KpErGCCcQ0c50NuEnUzfU92tGJzXNLnOdKQVxW7ma +ptJ1Lb+f2D+utL61/eyG32DLosaPiTDi8R7P8O/ivXEhwHe8ScH/B1DAHfbnRNv8 +MC4nTq8MavMIm/9UE7j19C+uhLFFPExnRohaFZXLqKbAiadMYyEqROjibpmBcyxY +StdQNOQ0qBC/NkPRh+kSA6vN+ZIsqizl/PNfgd7am7c793fAb42U36q3ymUpCtkM +GhCoVx625sVYOKIHdtzGOwTV277TcVnflg+BwK97p0FRUh0envFENI1uzz4Et5Mn +swTDE/KoYVM8EIDeQcFAnF5tVxZfSosCAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB +/zAPBgNVHQ8BAf8EBQMDB4QAMB0GA1UdDgQWBBSagwCwyqgvQ3iwXRFPkzabHJCu +zzAfBgNVHSMEGDAWgBS4/wLP/kals1V+CMMSsHiF9p0QajANBgkqhkiG9w0BAQsF +AANBAGmYNtQ0MIrtLCUs+WHJUE6nTC4DQHjNJ9eiFDQtDiup7FOZlLPWuxBv8IG+ +zXVfCc9BxrAQSAGiwyx4gKDT95I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBZzCCARGgAwIBAgIUR3WhmgKRJu05fANwlblt/s9l6jQwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTEyMTgxMjUyMjZaGA85OTk5MTIzMTIz +NTk1OVowDzENMAsGA1UEAxMEQ0EtMDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDK +s7lICbgRDeRXEPqZagrNUi5TjJkMB4NfU9gb0OUi3Vsna8Vi/2CLqJQ+jttINcS6 +knobMwssEAnkLe+V+KTzAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0P +AQH/BAUDAwcGADAdBgNVHQ4EFgQUuP8Cz/5GpbNVfgjDErB4hfadEGowDQYJKoZI +hvcNAQELBQADQQAFKda31c8Dsue9JpR4med450ZroHT5WrGkH6T7XwczXfNc8W9w +nKPMoJLZK47HSWqUdniMRPX9XydqxaVug5Rj +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/chain-512-leaf.pem b/tests/cert-tests/data/chain-512-leaf.pem new file mode 100644 index 0000000..f8a4ce1 --- /dev/null +++ b/tests/cert-tests/data/chain-512-leaf.pem @@ -0,0 +1,52 @@ +-----BEGIN CERTIFICATE----- +MIICYTCCAUmgAwIBAgIUGaahqSHZnDisEpq7NdDyajix8GgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAxMEQ0EtMTAgFw0xOTEyMTgxMjU0MzVaGA85OTk5MTIzMTIz +NTk1OVowEzERMA8GA1UEAxMIc2VydmVyLTIwXDANBgkqhkiG9w0BAQEFAANLADBI +AkEAmmMomDw6UyEVGsCdhWB3BbgJNP+T4bFMnovfcwl5GBI9htuMataGBWB202Nf +ICItBqPCI7Mu8kO4xsz44ejRNQIDAQABo3cwdTAMBgNVHRMBAf8EAjAAMBQGA1Ud +EQQNMAuCCWxvY2FsaG9zdDAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBSuKggm +nzHbFCskfAJqxOV+hLlfLDAfBgNVHSMEGDAWgBS0Hn5aBNJdFPII6ad0f/eSfxEL +MjANBgkqhkiG9w0BAQsFAAOCAQEAQZR/tbDYzzDo3CL/lFmk/dXs6/qMo3B/9xLV +HGhj2IqjRNY4Qo4V05a+Xw9bUxvmuae+BrNGOK4ouwhsmZerTPIhE6u1PWZclcQm +Ean6r8uXWKsCdUd1zMP/oZUuWiQga/7+Ej2MT/E7dxhfHoAQin9B6NGIJB8pG0KX +FU74gSlsA+bQFBEyIYDgJXj6Oht0ggyIzzy6nPzi+7cRgzmqhfCyoZoZd8vn1fi3 +Lvqt3XbfDITTBhr9FtBr0LQNbe5/j74nXKUiIYiu8EkDC0hTMK+s2q9qNi43+naR +8h0irt/ZBUIJrJWtPSJsVDHKXkEtwYaI+HNNGE/Zjk4wS3ydBg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDEjCCAfqgAwIBAgIUTJoYUgrAGOyE94h5R67I+cbdBtYwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTEyMTgxMjU0MzRaGA85OTk5MTIzMTIz +NTk1OVowDzENMAsGA1UEAxMEQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAM+nUak8iG8Ff5u08dsTvdQsb+xVnHiL+cPOrAaDN76VpifZKE5fHMcy +LYJi3cXZHgIUMTTHqU0X9wef5GbRDdmH82073OHE4XTaf0NJckGLegqxt7xRN24b +bUQquy1Xr1mSBoVGPOZXkS75nZ0vLFXcP4hF8J4M2y8veCnJJZB/y110F+j8g2uJ +guXozXXk9/64obxycy/k6JSzCr/WjEhg0dL5t/rnpUxxMkqJqd8P5YpCabhP0mjh +gCb0R0UX5B4R3MqeQ4TwXbf9pI4EtEIGtYBmgWczEV300oe+CixiKABvxF6Q37Eg +N+c8Yjyod10M55YcOttIYrO/dAGOfOcCAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB +/zAPBgNVHQ8BAf8EBQMDB4QAMB0GA1UdDgQWBBS0Hn5aBNJdFPII6ad0f/eSfxEL +MjAfBgNVHSMEGDAWgBSCt0sRc+AtcCAfvZZvqd9gBkYnyTANBgkqhkiG9w0BAQsF +AAOCAQEAKvrBV31kz41qjkk2QQ6DR2COVfOmc9LHbeJMr/s1vFxyNJ1htsfHh2HW +lvYyqzS0m36RApCJXT1Z1dzvEp45GoCtaISVq9jenKSm7nLCqnhbPWFr3nMDWPPG +c9lV7PlPB8myeHhZpGK7df1VcTIJN2u/SI7P4RnaUck2176yJVyU4StOUcmbd+Yn +I7LWpxwVmNkcOwI5IR0zdbVWcLP9+2kL8Kju8koql1lrlqTnucRY+2sD1sjaTTIz +kQVrELO0l9EAAC5La6u9dACkOhppYFZIw++hbtEXxgkEYnoGzvptsNi3w+CrQ/g8 +7cuIfQFBCX/9C6APbz1o4FHJCKsDVw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIUMPdFIRYbJUlkWLtbOqcbIE9nbkkwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTEyMTgxMjU0MzRaGA85OTk5MTIzMTIz +NTk1OVowDzENMAsGA1UEAxMEQ0EtMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALS9CFlh0IrSuEjuiDRnznblJiTWXuojqTp61CZkJzEt3mTAbAuvJGZa +wG6gQxMIIYwxtbdjC58wP9ZucJgFxVgD4211QBcwACxDCbGyUsxTZZrQkCMun6Y/ +YMUSu8Og6twIx++vAO+N0Eaa/FrUcYa0Hj8XxUgL8/CT40OJC/i49OuA9Bs3L6zj +aMEADZ/f3/33oo6jgOdRmUmVOuovNg02h4NjBk3OlKD03vZ2ygVzmXme0YBM0o3Z +SmMqhut96fI8taqcCV5ccNNsp6HHIg0GGuWtBB7rTkEFBhQg53AMrzgOpQ64Pueg +LXLdRdOVKRkX1lLvboRMbjlM5HtOTX8CAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB +/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBSCt0sRc+AtcCAfvZZvqd9gBkYn +yTANBgkqhkiG9w0BAQsFAAOCAQEAEjS+iRmeALeQIVvU4VztUmqp7FtkdD1P92xu +yuvPTKGmhRRwDNB1GleHUt4BFKF9EPTW9PK9VJTjNiivPcm9u6zjRENb95l7NOsY +5AYMZFyR+jRT7cxbDYGuQ9yc8nRF1mH6L0osfgMIub/Z7noMgSGhzQx5E56Q2CPj +QVLUH37Hkj0hAWsccFuiicZSeAsxSWAr7+qRKHWJKgJ1sBiDkXlsfuoUYJCFd4Q7 +LQraLxDpVfB44E+rxFRJoLYzExeTXhDvCJYNPd7OUd6WIOeq0yjaj1v8dn5pV6Vh +kockuY1rAy2fNlOoIEG9qVvWJ/vj+Uq9wUomW3wfyF8es74V2A== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/chain-512-subca.pem b/tests/cert-tests/data/chain-512-subca.pem new file mode 100644 index 0000000..261137b --- /dev/null +++ b/tests/cert-tests/data/chain-512-subca.pem @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIB3zCCAYmgAwIBAgIUJCiWOylfZcYmHICa+LwzULsEY5swDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAxMEQ0EtMTAgFw0xOTEyMTgxMjUzMjdaGA85OTk5MTIzMTIz +NTk1OVowEzERMA8GA1UEAxMIc2VydmVyLTIwgZswEAYHKoZIzj0CAQYFK4EEACMD +gYYABAEkG+6EOxALvWgJfPPfTj6aM++G/Clb6qYKb7EKHKArIngKFB9jLmGCC9Nh ++2Fg75z9GjP1UNqdlwcuTYsFzIdFfgD7POQCoU/mQKGHCHrNgTd+yhbpkjIzMf94 +Pd37B3KWoMwpt42vi5oEv1wMaMT/9bgZtiTh5cFdYc53MpVqj9GAiaN3MHUwDAYD +VR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwDwYDVR0PAQH/BAUDAweA +ADAdBgNVHQ4EFgQUbktH02YQyE/FHx+/fWGUBEXQYxwwHwYDVR0jBBgwFoAUTXqT +trlGUSx93s8ATWGeoEDKrqcwDQYJKoZIhvcNAQELBQADQQAFHfmevmaYUZcMZLDY ++BrwecSLCxPWHd6T1QDhn6x7P8aVsY/8cLIn7ACURxR+ia2fG/px0o2+wV+bT+A5 +sDIv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICSjCCATKgAwIBAgIUA6RF1rEvvPbBSliyFqD77roShB0wDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTEyMTgxMjUzMjdaGA85OTk5MTIzMTIz +NTk1OVowDzENMAsGA1UEAxMEQ0EtMTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDl +cI6PmIU+IFbj7ykZkLWuGIlR8uF3CAyj2fq4iBeEk10hEA+d5Oz2Yp7YwmnTJvb6 +oO2XLPyLyE3htVmbaEj5AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0P +AQH/BAUDAweEADAdBgNVHQ4EFgQUTXqTtrlGUSx93s8ATWGeoEDKrqcwHwYDVR0j +BBgwFoAUCWYWUmG4wYva7UCkhcdTRTJXTIQwDQYJKoZIhvcNAQELBQADggEBABeg +Ev6JXb78IRCeK11I/B30HW17ejR+wFBereGpuIxu6HtDHVl2Au1+vJ+ddK7hVvL5 +Z18RozUyvwpCAQ5DqC9SzabAfIszM7PvEZ7/j5xd11L+YEicd9g72jVKwP2VSIJL +9dfHBFvIlh7NrspwVipPSp5bDCbrTTOpNPHHQuTNO51dw9178UfmQhg4hIrMnGsW +edT5KswtixFekzW36giJ673tnz/amcDJxJC78sXFnpYsIrTRFqU2/rrd7Yd9Fmwv +4D2vvBVmRKVYTEz9W5tgMEQWvzSomQj5ejzHzcomXXp/W96XDKWVjHE43EmqquTE +rlIkVCK/Yf1h99U2+Ag= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC8TCCAdmgAwIBAgIUWV9HK/UEiOT8ZpQq2w2glOshGeUwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTEyMTgxMjUzMjdaGA85OTk5MTIzMTIz +NTk1OVowDzENMAsGA1UEAxMEQ0EtMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMVYMEUmPcAGVgJkwMSser5bJWUEzD7PtXUzzeu3UAUl5D/B5I7vlZ3A +1T0ZlSdTB0N73HHg/FFE90jUrVoj/yI6Ml1otPZ1tYjH2eLGN+/NCkFVKSzxuNo3 +DURRRFoWMpk4kpmaCYkWoKMTYZtkcserm+Lv0kpBFT12+iT/GCPBmaqmcbMK8sbS +Pz45BVdRFwln8oyLKSunXyYrBd2LHlLkhag0YivojAxuE8IyEE2SkndGO1JC8WFB +DMwGrllrkAiZSZKdTEI4377r5LrgYXv7w9tr5jgkrABUohie8SpJOlJqcjzfaF/1 +QJrxZSwSUvOl4EZVziEBSnlwzrfk6G0CAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB +/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBQJZhZSYbjBi9rtQKSFx1NFMldM +hDANBgkqhkiG9w0BAQsFAAOCAQEAXTYMg/3eQ46E+s6OoZ3wb4diYXfblgvdAlL4 +LYLGeQJ+Jys5iJ6cou+Ck3xsSpXr5+6ElwyP/T8DieHdZHYy/JC/EhU8O+nxsszr +zjxJGQWVBqlzsVSsELhJcH6OC5xhUw8F1Xpy95trpRTSQB7fkxrqWnEIgacKUuns +s5ntL3BJzOhNnxZM7dydFL3citM1lrfDLr2pErrXPFpLbul0yCT4sWZeriKbj4vh +7N/1CQ2cvChOSHAbB9KMUeCBDJgWP7u4zqVLQv/mTfjB0tXRWYMLsr2koyCOhcWj +MA5NnUuEfXtLLcCUbekk26SgYLKz+AGk6gAMN7ofsYLPOtTShw== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/chain-eddsa.pem b/tests/cert-tests/data/chain-eddsa.pem new file mode 100644 index 0000000..7ec3c7d --- /dev/null +++ b/tests/cert-tests/data/chain-eddsa.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIBVTCCAQegAwIBAgIMWTey0hmzf1cwE8cgMAUGAytlcDAPMQ0wCwYDVQQDEwRD +QS0wMCAXDTE3MDYwNzA4MDEyMloYDzk5OTkxMjMxMjM1OTU5WjATMREwDwYDVQQD +EwhzZXJ2ZXItMTAqMAUGAytlcAMhAF3ZEMxi347Ou63o6HwHrpUhncqfgLzhINGJ +CnjZaQV0o3cwdTAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAP +BgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBR20C3eeH0drMbAVG6WD7GLs5frmTAf +BgNVHSMEGDAWgBQAUYZc7T7EeTn8/8kePVPQLtbgnjAFBgMrZXADQQBPnuU/zF0X +QKj9JXs6+L9Gftp8w6mVIaCGY889MlL0moWofP25xciTRyT+2jK7zLOO7e0JRd05 +ZkncSAOOnPwB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBHDCBz6ADAgECAgxZN7LSFuPNiCPnfi4wBQYDK2VwMA8xDTALBgNVBAMTBENB +LTAwIBcNMTcwNjA3MDgwMTIyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT +BENBLTAwKjAFBgMrZXADIQBSw/TcTaKk/YxoN+9IG7qtBwppX22yPDsjfYgas1x5 +oKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQW +BBQAUYZc7T7EeTn8/8kePVPQLtbgnjAFBgMrZXADQQDbWwqI9Tz/74Dl7FkpbH/c +JntRKnYF9KWVuFmLq+5VTmRnEUsKeS/tIZUcSB8xh3yISoMqC87KA2hRQHKmuSQJ +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/chain-md5.pem b/tests/cert-tests/data/chain-md5.pem new file mode 100644 index 0000000..e5cbd0e --- /dev/null +++ b/tests/cert-tests/data/chain-md5.pem @@ -0,0 +1,73 @@ +-----BEGIN CERTIFICATE----- +MIIEODCCAqCgAwIBAgIMVv1AJzMmgkNB9tIbMA0GCSqGSIb3DQEBBAUAMA8xDTAL +BgNVBAMTBENBLTEwIBcNMTYwMzMxMTUyMDA3WhgPOTk5OTEyMzEyMzU5NTlaMBMx +ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC +AYEA33Wt+KGFoXRzH/2eBj/a5tINftSyKmwEa8QlzIhF5hj3TVZHKMGjK6dvfq5Y +kunQ3/sA3rd30wyCF39wbmtNCZjJBmeLEiaqD2kaV5clVVRDY8LAzbefHKBHBDZ4 +CuDf7+svU5rQTb/nthhBkJp+Fzqo33fsRNWqwjocVJd1iKnN8HV/7SRIIPjJLT+4 +kEOQ08ijdgHFrLwyHUkyekpBtxzvFXuo44UjiS8/Ys6SWORkEON4GTwdXxStkrEz +vs3FSzqyjV7mTm05xofdsYzVwvksqgj71aUD9NqE9n1yuzpx/KfpxYyw658UFP4K +QD8aP4aWWJlTkBVYqPFc3XL4C1mvNS0v1g1qxtZ2AwbqZKnG32qv7sKVCYiEIUjX +hLNeL50kwL6HUWJ5yUIG617ahz5kf2F8AGaXtaXD6BaSjBrZolPjnQ9I5w48KMFX +9kXzail5ihqYBcrYp7BUCLb9ZmVGetCrHIGJh330L5HAssbi8fGnQnc1wd7pi0Fy +3dU3AgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhv +c3QwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4E +FgQUays9pdr8fiCAITY70bh3HOJWC9MwHwYDVR0jBBgwFoAUd0+eqb7Vqt+5eCwg +rMXuQAlE2UkwDQYJKoZIhvcNAQEEBQADggGBADkcI1xwoJczkpSBl/4YGWqvahjp +oG13E/STsUaUAxA/8XypAm3iM7hApBWjxgcCA/z+KX8NdSKhvflVdDamggxrIrMq +MY8VOsxE1G3t4Kq/yZmyItt3mNFmn+MylGY7xzKGjNCKdLWOUukDOZB33INK20q8 +ijyYt0+qOYjHZRGIg6tOgOlY21aM2vSdzEmBTLjsAx+vdXStWuji3CiBnmjueNbJ +VRBbHRq0jDkqsbAIvKXdGs/7kN3gm5gt5BVJxtr3EcB6q3t2Ls2sv7qYIzNGcgal +67DGG0Goj3CcbFhrp+fWeclih/IiJK+JVNuJlKLYMC4+c8H6IG69ISjhVuK6FqFP +HlWfYhQTB/cZsojOu7Rf0PAptmZVyCL65LtKnN/MDhnoxZTY5wpsGipm5Yec1+XY +FA+AxeHcKQGz4eLqORBO6Z1Tuu6pCaAFZabACODEwMfc6l71B/FcJGizJh5OixRp +uT323OMw5DytoNvPZcRpCxJ9aPenB7aQ0SZSsQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCAXDTE2MDMzMTE1MjAwN1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD +QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA5fGCxv81yymph2+n +0oP6BjR8AfCxL75lMGmvwXQbQpfUSff8ZprWKZBaP7I5P/s32UeQcLFy5a1YG6K0 +Fd9ZqB/IOZEjzYjfFW1k1Q0aiSTraZQoM6HLbl1iyO+lk8XPeZ6/EC32FvbBOU+g +Bc31d4buvZssttZ0poG4/qM9mLIJOyAUIROuhvud9yXSNft9ZqZ1zGf+LDtDOQqH +6le5P7T536d7Vmb5VwhxN5dfLB/Ykpu9fJAlWzG6VXxWPUqQ6AnY+QeBghH7Qz5y +A895r+jBOubV+7cZFjkWBGglYosczZK1pQmeSMcD1EGUerF2J+RszNu3kGoe5GML +GjxkKSuwCVuvWurSQajTrLu9I+yuG+fJQ4LW5DwSGMeKJzMo8KIXT+W3R82U2HDE +cHUn4irYKgZgCNWbQULqvkgOqFflMAiqyPQdBIB4y62rPhYNE3dm8yx0IryztDhv +EQUBGn+fkA/XJsEfqyJy8xR9ZexLmXiVz83zji8SuK69gqwFAgMBAAGjeTB3MA8G +A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD +AwcEADAdBgNVHQ4EFgQUd0+eqb7Vqt+5eCwgrMXuQAlE2UkwHwYDVR0jBBgwFoAU +h5L1r6yrnewz6Ew3Ct6AhkXQZA0wDQYJKoZIhvcNAQELBQADggGBACu1ACKa+T90 +SoVYPAY68WLObqm3ZXxu0oegkWhAw9cWn1WDsWfyeRAZtlGBvNF4f51ceYopXW0B +jdcVrjEGpKwZltS5IoAslLM6AbI2NxNDahxcv/r/v1yBeuANm5fQ4mZkGMSqlydq +plhW/dkIbnyT3DCEOuBoFpIHbAG1EDBiTuSLLz4Fff9PurZQQTzzktjonOn3BVo5 +z2PcjdGi9BTNTG9Gs4hVN4tsqF4u5k3vLRPpFRwBIccJLxCwogKUcAsZLAal2EKO +D78necMjNEp8NDKG+Mernt+cLsbA26xujbZd5oR4mmcBHZRkrOBd+hLGDizR9ki2 +JnipyVIySKpy+d3OOgCjJJxRmojjlryRq4VausTU+e0a0smDD+rrfMpSzrJ6IqUI +SPemzH4ucEPqzcXhsgFz3oDlGBp15tjDcnIWgJnBw9wyXfUAdHQILzngXr+XguhW +sy6mHb+OCM728vwCDZoe16hzweEMppsN49gESJ2iUAasA/6UsF4NnQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID8zCCAlugAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCAXDTE2MDMzMTE1MjAwN1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD +QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA+lAqVJMZm7QF2lzq +5QTYmcIYCrid9PDC8uqVQLjyCCwCFs56rj0693+YxF0GJSWbknlCXpyWYAbMEOCd +paZXao7RX9zRpVpjV8zaiFBWkQOtoXsiJ6B5u71K/3EDWn4549A1UeMLXZxJRbMw +YIozouhUX+5TYxKu9vYZAIOIelN9jLell+taTIKNv3gHnMHMGLEOAPFiRV6hvq6G +aSPdOvcK1jF/hvYsmqkJgqMJQjibYLUrnvuEySYqCX3y+y5jiFyiXiGu9fevcZSA +TvIRER6V1mkD6QEyLpY9Zpg7rdYOo+5SOu1phaqmJgJPMCYt5GQm65J6j3EDGkt0 +/re4XbB5z5CGk9TMx7GASHrAAg/9eS1Gd7dh5roODCtlQcm8peaKokqBna8sdEpR +O5tgYyvF5IkvHyu0DzMpb3dSJwG7QQCt3Frhveaixsd0wfIEy3lDZpmJUjBHi3PE +Rg8/2raJZkN8dn8p/7L+uWA6m/Ow9Ql0804lu5xE7MiIo32LAgMBAAGjWDBWMA8G +A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD +AwcGADAdBgNVHQ4EFgQUh5L1r6yrnewz6Ew3Ct6AhkXQZA0wDQYJKoZIhvcNAQEL +BQADggGBAAn4Qql0FHTDwDcTTV5uLIFrVP8yFfPN1IxJiBORxl36qNXtk0RdYXBY +TB7P6R2KOgPV7aEkBponfRl0gimAz5Nln+x/97nFwQXGR01UIXOs8cupj7y5LDFa +oCaHYzyWUfeppTxwJW57hS4xSwFONFApok8JI17nnniK7ZINtX+gdn368VOrhz4m +CyJWJ2znsqxesiMbWQjO3HNt6rnG7a4v4q86n7HhR8CIWc4f4WfRDdVHQ92wM0SB +kSrwWNydxcpkbSCrQTH6kFVDKl5TcnoY/HKMuKQnXNkzCZkTn7UMD287DERfmEV8 +5jxaofQEPMB1Aa6YrSFBAXiZ1OQ1ovN1jqpmR0foI24rgO6+AYx1WSwctPH+Vqdl +gY3i698HrfbSjDdHj8lRUVFwSl4ZuXeCVdrNm27srWGfxtAOcTfikfhg3d7cTeCu ++aNMnxYSCyt4at9OHu/DRlcWZ3T/DPLXbQ8hLyE7jH9AnKUiunpvMCgjbhg2jQ9w +7YCdTfS3ug== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/chain-with-critical-on-endcert.pem b/tests/cert-tests/data/chain-with-critical-on-endcert.pem new file mode 100644 index 0000000..de14b5b --- /dev/null +++ b/tests/cert-tests/data/chain-with-critical-on-endcert.pem @@ -0,0 +1,72 @@ +-----BEGIN CERTIFICATE----- +MIIENDCCApygAwIBAgIMWLRKXgVfpidUGiL3MA0GCSqGSIb3DQEBCwUAMA8xDTAL +BgNVBAMTBENBLTEwIBcNMTcwMjI3MTU0ODQ2WhgPOTk5OTEyMzEyMzU5NTlaMBMx +ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC +AYEArLFdJ0t8aIAEwXk0+BaXSCWtCrHyotXZxxOImQk48khIB4zQZjdbsbIrE7BK +RW9h8WpUNUTCMRLrIiAL072YbnCyf/aHoaumOGYpHdqo+nD05RH81x67L82v8o+q +vw5VeWOfEU+HnAJxazXe3WqvjDvxDLxlvRG7WBECfdmdzdexot9VgLNv1hD3Cam5 +/FBOGwKLkU+cK57BAUcgRqFLFcXZdq/6Joy99O/WVMkYXfDUExRog6EJuzLsQqLZ +symssmps56OdGNeSwACcRUXYQRI2Fp6kWpQ1kynroSDms4q6hz/oIre47UtmYNsu +LnUYLNRAbpRuCLs2uKHjXJoQHV5HCGAq9Whtk7vuNDoD28VO9T0CBn1GbXATDmro +UldPZSFvsW8MUFQcuRbScxrLekbR94GwD8sPdw1siDmI4M1SshS5IyXctK5rfxF3 +9qJ8DxwWI3ZSp/N/2HbAa7KA9RsGe548cjfxMbHBv15vZbW490Jrypbl5zTzHwWB +W/nRAgMBAAGjgYkwgYYwDwYDzgcIAQH/BAUaqwGs/jAMBgNVHRMBAf8EAjAAMBQG +A1UdEQQNMAuCCWxvY2FsaG9zdDAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBTc +dq+IHuXY6ZiVq2QRqYMjCWC/wzAfBgNVHSMEGDAWgBT705Z3PM2jlhgsbpzfeFfd +uTqdMDANBgkqhkiG9w0BAQsFAAOCAYEAiPZuXN7FdUo22v1IKyNmGZ0GOzv9N43X +OnJkfDAbMjtO6KxCtqACSFh2cJ4NqUV+GqSo0fNgZIBvXVaL5GOGEvStTs8xw8oH +GIJXQcY3o+6S5/u/6OU8CYnsIqQGGjIhuUzIsrdcFrRrX4nY9v8zr1o8B7MbN0pG +seh8bLU5ih41OH7wjqx3/nuQLs7aui5sRiS+Ug7lF8N9VeOlDCdCeiWo7jNSbTkV +Gt5lcAI6W1paOrNaqwDQ0WeNSM+QLyOXWXR9b4Ck7T4Kcx+5ZSYCKul3msyyA4rV +cAqvaKs/M6IqFHaQGSwgrZFIBcBrViuAWZbdlpaCUNV2bBsxf/ro4Fe5Z3hJz4/r +4RhJffrzMN1aaINi5rFYgMSSHGSy3O5L1yYMdOa6FiJSzYMmtJDFejNLU+e5vM8V +wEBzUaG8UCrOaOumcQcdb2J7sjAoQ+Ghn24/4jmW+A2mFCmAvKfBHRH89BUzEKt5 +5IHTMGbPWEe483Nyh3Sx1pXcoQDVgD3l +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID/zCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCAXDTE3MDIyNzE1NDg0NVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD +QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArw8KL4omF9ALedLd +qAgnh+mTAQr1XlAy/1DiwA8yCFIPMucSHyMCJlvmRs/gtgemuU4Bn8NsCu9CcXUI +s9mMhrmE098HLn/2McNW5wGNVfK3/8+8N0cok01MuWBjCcZ70k0aYEkFVivVdo4z +CScmZrQYqqtmiTpsJOft+EU479mDaHK0F2caEZqWdyAmpgQ81eMtI/1kFzRbjYCE +Pgati1YrcbS8QLd6NRA6Lk3WxSZpIFQ5gyhvdR3z3onWZM6Mcqj47ZsVK/nvXUSM +2I6JACx2AfDWnbO1c2agZlxRvjlcPkrOiIg9KQs13IAAQ/VeB9KI9PrTgLwNhLtw +gsc8fgn/y4GL2VWolPuNVG0cIP4b4EnPH3ppRfvGe3lkm1zRUkTDht1QRgYMMel0 +HSosbt6zXxMKRF+5tsI2ntnXz1xMVMsE8MEgK58BBOTuJevPLLTnkh9WOih6IfDN +t99yFt86x7KbRyddivRP60OftilhUaBcKz/vpKpE0xyB/QPDAgMBAAGjZDBiMA8G +A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU+9OWdzzN +o5YYLG6c33hX3bk6nTAwHwYDVR0jBBgwFoAUJolqIJH3QVRxmq4o/abMSF3P4REw +DQYJKoZIhvcNAQELBQADggGBADpJZ6ydM6+kUcoDGgZnycH2+73A7OuIM8nhVnMg +9+SsiLrjD9rL3gMhlxgvsCGG3So0AeZTJwAQWW/B0vTIoScX1LQ9YuB1vv2l8kkF +Sr/m9TZcP2KiLCcyzkUQ+NvssL5oVXP4/yZDfPasBR5tTLgKaHEhENKLx+1OW9/j +SAGtyP1vxnAd/4kPeuS+2L9ehKTQLUhztE9ezguMOEnBmOcn4QujHvOAAJVh2HgU +MWcIo4MFhpEYo5CobIDJ2+amRW3ywnIGOQfFQOWUfT4XlgoKvirEqWIOKiqmzEZu +sYKbFPhTrFwZmpEwLEw+8B3iz/hW4c7Dp1/oOdrPSr28iQYfJWMyJTm/F67/wzGZ +eWYs6Kxc644gtBckJLGjVPHcu4dwpWpKnzK1cwzN8GY16/m/7eA1XsFWThQOR+KH +tF34Cs3xbu2DBtbMecpeWAOYR1lQg4IRHrCVrB2hxve+/bXrocs7EDlw4rTfqkz6 +WqtmyLapzQDNj/NWymF1+X4c7g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID3jCCAkagAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCAXDTE3MDIyNzE1NDg0NVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD +QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2Y2wvebbAVPqOsDr +1D5yGc7B/TlTvuzwAX6RrR6zwuwr3NkeP172A/S1JMqZgl/MnV+PLaCGQxKgMg3V +7pIe9qenytKs6QqGTWt3z3C1HerGT9LQ052JclCStmC1jPMwOUXFiUNunvpMPMMB +97KegAnoYhViQ/IS0iDmHbdEWaFRFcvqVXyaxZP9eW3bkEZ+0pF2yaYZE2NqwEgi +aSWpG6VStRC86GJCTswnpIEaS3gTGZzqmAw7eHEqz0lhZB6o//Pyl2TvUexwu52X +McxWflgCTdbZmjnuyA5LZp8GnsQ3TbOzkP6J+BeZDPjSKvNtgZEz7Bt+NXQGxm4k +9/5813WkA29QEyVHZOQUvxTCyr3B3lgxxvZzXQYcmqpWdDZyZr2jxJaizp5BVKRc +OxhExiEhOUnwwwwNMj0Wyxz894QFrRqy947+lMWrH/snQ/owZX2IZ918Bm23IpJl +bUb5Dnyfr3PIa3XfAkJWRCM5xqKb+xOZJaR+1lEbYYqOuQDDAgMBAAGjQzBBMA8G +A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUJolqIJH3 +QVRxmq4o/abMSF3P4REwDQYJKoZIhvcNAQELBQADggGBAKnD4dpow4u9YpnVZ4tL +cOrkB/TuSIGbuTG1K3CWvjDNoPwe0AXvhexorVuYMWVtTGz1EY4ugopP7qvMf4Yp +lcZNamtTDi4Y6zTrcKHe6ckedETi5TD6d7pNIe5wgn2p8hptfcyPwlpPjx01XqFm +Zg7OcoBwhe6UYsM6C0UpUQTqv80aOhAzB5zHHUAoIVSGQBGgTip5QxTq6cE4OX1I +eobqAjL/J+1Wnc5tN6ctDaO0HbXxTnPt3FkJlkFmnx46o5n6R3KmyfWs7QSks0PN +/V3hQ4uV0PagQ+z76As4AsNHNGIKCiZevqOUWoU46PlFOR3W65i6dw2iRLW/qmCQ +Mn8OIzqvcPOwYS4a9vDAX5TR23gPkUixlPnxo5sTPgpTT3PRhJekIoCgL3ncBs8I +p4/TbPht4m0L2eCodGkCm1QCbvbhE1JA8ZpSjxjICODHEeD5w0RXT0FWprCMvrO3 +uExu6AxfNhtLsV8E/HXAGTguetUysJgqqXdCUDXTQbrIHw== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/chain-with-critical-on-intermediate.pem b/tests/cert-tests/data/chain-with-critical-on-intermediate.pem new file mode 100644 index 0000000..f5edb37 --- /dev/null +++ b/tests/cert-tests/data/chain-with-critical-on-intermediate.pem @@ -0,0 +1,72 @@ +-----BEGIN CERTIFICATE----- +MIIEITCCAomgAwIBAgIMWLRKghUUPjZQy+hWMA0GCSqGSIb3DQEBCwUAMA8xDTAL +BgNVBAMTBENBLTEwIBcNMTcwMjI3MTU0OTIyWhgPOTk5OTEyMzEyMzU5NTlaMBMx +ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC +AYEA2WRm/jJ2Ul4TynGmCamCsUv2qLvQmFknfg5HEjPGpx/sKnzkkavke3IdltLS +/UZVw1ZwoMKBh/5C4tG1Y7mKHdmHmuISyfzB/vHBNx212UZJpOiwuHHhV94Nmdbd +X5sD6aFluJOWRAL8PB2vPJF8q+X1PNDxilDEevar/ULNR4+rHMlqRUtbnpqHXVmd +eYgUAYRmJatzyqhlGJ3mFZPiOwCxvR4b1RKzFx5zgz1vy+B+0a+h+wRgDZ3iCwMO +mtAgYQ7z/jBNzdbkVZVMhCQm8UF4Pt2ITtLSfuZ0lDzntfC504TQABaFooAorBMF +y4+OpIyrAXGAVct90Rtkq2F0sVfGtz81xMUw8iVteURalUM/XH4Owz71BJcOKIDO +PbWyGTMXzWcdCgEhL3P4QG0HMjyhjyv+BAND7Q0e2KGjfnGmO2tRuR6h6nBUkjiZ +UicMEAyCxJAuMMBItJTIoXeNFsttlYIuAMHFV6A8ekjWhhZsg7LhlLH+k5/uz3rB +UPGXAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0 +MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFMBahZT/Z4RDB4CkB5lAxAGSCUcd +MB8GA1UdIwQYMBaAFAMeecLjN1JGgju+TsSezQDYARdtMA0GCSqGSIb3DQEBCwUA +A4IBgQBV35WByM7cfucUIIaYgAE7RWI1mVz9QGacEzMX0jtJB3pI78KQ+4i4XRHM +DqES71RbHUTsrIUUEMvzVcpGSak0cvx+9QC6wkNn8w/SDqkJnF4/72MRGXigHGcI +L9/dSj0yKUHMzjo621cVlG8AgmCG8MYInTXY5pvqQ59mvD1A0HLUfJmwoCwcLpx0 +JIM7/f9CfK2kHVBIvdhV7cHr+pDPHZ5wjVIqF2WE9TnC05caxm/yR5aauGptM8YN +nfoOnsqFGK5nmD94tAPzCbPjQQqyRQQALm9/oJPMG0blJPkch/hsJixujM1hcENX +ylV5Odw2LYGy2qFi1Ku85F/cJFvsF6b215ziQKlXBdwEa9Nno0jjxa+g8zFktUa1 +6Y/W06RqQKKVdn6bfhYmOi5PL+faiA9yrGnBy3i/32Glxs19sSUODa9babAFKTlM +099jOSh6YDQWOa/z/eQ8ueaL7nfwe9cWBOsjwUUO0BJwx3uNQ70ijf3FBbLe1PKz +yQNcZEI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEEDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCAXDTE3MDIyNzE1NDkyMloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD +QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA4osbQlC5tHJGl+kD +Of7n3E3DfyF1g1XK7XyYpbjmguAVuxz9K2qVMVYc+GUWUN7CQeCONFBV7+49pDFm +47jw26fQ/x6tj9Omq0pHqTSEmNpsZTh622PqHulThK1R7R1p2T9vnfXUd/AnqWYa +ECBp6BSW6WKScL36rqVcKc8I62s4z330rrIEOksWFVSOo52FwSaM2lEH2nj9MGPv +P387c+J5fG22g6Ho6k/A9YJZgs6bjq+XXgqBAVxYjY++YgjTwmcFq9tMQqmxEOCL +jF0yGCUnV+oz1J5+WTfhkm+yyq9hDOaf6GoCYVMiIpcpnTtZegMTL06Bd4nawODT +QCuzg2FOmHzSP6XehGPtHzRTsKDJNjl6Q9xTnoUPOcoECYI1xMHy4lbKH236BY4G +wjyFpfiplr8p4ZOdlgat/+d/eR0gxJ+A6ZbdUsrjNrMo3Jec9y8ZHKR5OLsQxe4+ +UIYlA8iGce0BVGjLlXyE9jE1i8ku0s8QQo523GB8Va8ljSQJAgMBAAGjdTBzMA8G +A84HCAEB/wQFGqsBrP4wDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA +MB0GA1UdDgQWBBQDHnnC4zdSRoI7vk7Ens0A2AEXbTAfBgNVHSMEGDAWgBQghKJA +xiymxB9WDU44awpl6BIZ8TANBgkqhkiG9w0BAQsFAAOCAYEABOkLX1UW8oDD7TnZ +9jtpkkW6CrSBI5aIVcKLNVMrXUGiZ9s0rONFXHLEugIgkjP++zUBnflc4KpwlNnK +NXp0KtCDhQkIXCWn7RYZ633v0XOrop5VuYV+qtpd2oNDsbCIrkph3llnPjRbhIC9 +FdkPW5ZvfnJuW5WOwVBZKe192XJXBHQNPLuA6GbE1ouyaHKrs71W0UAi3ij//tAk +okwYcK6Y7fIuVZqsSCK9U1/p40zdLwdoeJz1/3U2lTuZwDlh3f12DTFGBaDYamS8 +4utiRfZPQ0U9t8J8HDj9o+ShX0VMXw116zwiJqw+B86hslT0jAocrJtfGyANsP7h +p1OtDVfgisJVK4JaPUoVsIkl8+TBV3sy3jFdc1jpqRg7127Z3Q8nHSHX1mHdI/Ra +M3DUhUuTJpk7/vQgfQ+NsfwdvNHWyb4+zhqJyUuEQS0yQ7SfGznzHQhPYks1RmP3 +afa4/D152QSDszhHvTrXyPiFVRuAGk9lh0h8nw1mwygoL1OI +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID3jCCAkagAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCAXDTE3MDIyNzE1NDkyMloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD +QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA8QUnCRcC8HlaTt+z ++ui60g8eRO/NqaJFZ4Q/GL65v8dZKRqH10aWZavLXhryCGr2tH2GX0by7pkZqpoD +FEuARVoiNuXOVntn+HPlsiRyPCpgisN8tS3cCugvzNrVOlPlfvihX9M3oAYFImc7 +Lpk2K+FW4s8ThJr7YOSg1BmuQiY9vyZ3fgaOBMmMqOke8MEkXc0xoZ4M14ZgbcXA +FpnPHLQK8HZHq4K1NVzF23gKhtB8lrQBf5O8tpqzIFjyiCYiGLhZi9v3Rv4bMBUS +1bje2PiZ7QIuA5KzTEG45NDiCv6gl1u+uIuWc2VJpRDyMECgKOwhmQs+lnqt3wdq +wgtVABAakxPjBRoXv27wNo5nhuQruuESiWQHbly33mMnT9MFkEoeRxJWJpCrgzOY +wtT2eXJPzd61HQmr99JygQR/roB4B0AAHOUxeSgsjrH8ptzQSeE7Uk2HSyz8YG3a +NfBvYMCCXZLW422ZG4G1wEjan9to+pDj/a4O51ClCT5B7of7AgMBAAGjQzBBMA8G +A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUIISiQMYs +psQfVg1OOGsKZegSGfEwDQYJKoZIhvcNAQELBQADggGBAEO9TkE/bgMkFm37usHr +d03a67vZahubHweidEDsZwWf9h8PiaAIUth3r0TLR5HFGj5zh73hOWCggMmxJv+V +8UL1oq2jYAXeDkA7MbjADIP3Yl9C1fS+Bq2Dgqht3pGWq5Uej0wClu75bHEKLZWl +miKvuFscponO9L68ARPBsZ2woQ9F0+2buV7PizylIZv8BnYAxoHAEHcq2RIqj06L +si/plPx6UzbfWrfW6H9OqjB5TDJ8hSwLEzUg+RFYH34RZ1D2Thl8GKB62lIpmP9K +7f2wSE9X6gWivyObhmQyAHiL9rQPQsXrpp7paqeknxEtPITxugOunYLPfuqddkso +33BGnJ6qVjJ6sTBziQmPcwNInm2/91Iw0BSZP0/mCBot+9rSHD38i/sdHbJWh9WT +mOVu3yT5v+39mC8Yd0ykgpO1/47jdPr5FyVz7yAfwb3/MHgjx20UQV0fn2R37LAk +AsKMxlHYGz6LYjxK06ZOT3GbBny23aGoooAPqBZenFWXgA== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/chain-with-critical-on-root.pem b/tests/cert-tests/data/chain-with-critical-on-root.pem new file mode 100644 index 0000000..d153725 --- /dev/null +++ b/tests/cert-tests/data/chain-with-critical-on-root.pem @@ -0,0 +1,73 @@ +-----BEGIN CERTIFICATE----- +MIIEITCCAomgAwIBAgIMWLRKjwNqHC0gaxzuMA0GCSqGSIb3DQEBCwUAMA8xDTAL +BgNVBAMTBENBLTEwIBcNMTcwMjI3MTU0OTM1WhgPOTk5OTEyMzEyMzU5NTlaMBMx +ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC +AYEAqaopWnZqPqFMWM4p62PIxlBCidmiUgefxCphPqq3HX0C5IaHB+xC1a/p51h2 +C6hTzChKpVWCJ2obxt4/EqgJRVA5ujYA5F7Cw65oy3GecHgMzprFiTksRIA/n5SM +whYQBFy939T2UDCyK5bfQGzDTDXoy4ZKoano5cmD8uuVODLlyyj2cv/XYsDGwAZb +h4+UGJzld1YYzrKaKb/9kCczsDLR51F40ZbLtWtQ9dvKXcIfhKEaFuWI8MjmJYzJ +WyKhMVEA3Eat+GnrKTWka5nFPqFha3XbVGb1ASJjdjvUFl6v8RlJ+wqsIni1WaIp +TZY6BCQmEc83PtvahjImoquFt4cHofrbQPK4A1Kaiw5SJMWJvmaZpiAlDnb8Wl88 +TZBtkg1s/XVdD5GbY7r5FZRh52/9e4L43ZThZAGW91EYoNrVr9713OBfwiDpyGRw +bba5jmHtpzKU4xYANizc1A+ioaCnMbJM8iq68EUkcP0F/enH+TMRxQRMUQEKd4gx +mYUHAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0 +MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFAxBxXFjDnXrtfECorTP1cf/us6s +MB8GA1UdIwQYMBaAFGGzwr5dJM/noimXvK/tlXJzNCQZMA0GCSqGSIb3DQEBCwUA +A4IBgQCIij2aGijFZxVV2kdzSbEWWVV9hAFHF0azEHTQwmSQ0nO/zVWJV7pTjMMi +qC2zAyfR/zc8BtxGBF1bh4U3Ke5Jy9cr8CYuS2/mvMERopwiQkUtVTABpvKebGqE +fkbbDs2Qu87u0RxPVUZqyiPNDtVq6+MM70/QP4FRM5uwOp3nSMDiaajlX8jfnZe4 +A1Wa8yduEygiEAbiu0xn2rwjbfW8430Ep4e0lEIBZfWarL61vQaBBv4UmOcIWfaF +CVOhJGwuf7DYThUrkcs2mLO84ip7O5HLBpvrqDaymHEZAnidrfoayyRjJaQLvg7y +4s65ivmTyRpQnXLw/tAbWE6lwN1xKp3Z5ahcCN9wwMmv0kcSDi33rwAJl4l6h/Le +K5c/qyrGxnQ4AL2s98WUL7NaZyv9kuFsQ90ECjVfwhfUEmFqnWPPusKo+LvK4Un5 +6+uniip3wX/8GCDV+cLQywuDIdo755ZKMaf3UjSfsknWJmpJYl5u0K18uLAzIod0 +PVow3ek= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID/zCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCAXDTE3MDIyNzE1NDkzNFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD +QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxIF0pvly30S//JQK +HGVka0CNqz2KC9oDoy90YBpIxlwdO2qiQyBlEytGXU4omVFGZZdpAwQ0XaMaEVDK +pmdhYPJAcdCPUVkae/qPNS3FWEdSnFlu2qWhiFLgGOUNYn05zA68otm5ahFeD8oB +lVv8I/NEU7rQmEHZy4Bg2xTSl/hVVgqbzPtLdAiOzAutWWiQwq4zoVYJVCu6Ut8P +hzpSYKAO8W81/tAiyfcZeoARA/QF8NGcSuWBto1hCb43GkZGFp5cKxSJklX06D8g +HkUFWkIavOaetywFv1dnUnVKJ2QEyh+40iwnnw2+HpBO3eVo/qArayBWNb/baNm/ +kYZyIqzFZs2Mf38Uu4MGIJMB9RkcMUuw3o3u1HNMeFIqPeTpvQ8r888uxQTgZcfw +l1tGijdnNBNzdvIMTTAOZyLpdDxx/WoGA8lz1Ks3auZ+d0dzO/2q2b0fiYBAY58h +Ou1uRjmFX4YpVGcC9+2zmJGGMlkEu/iiJT8dmZc5ydPujY9BAgMBAAGjZDBiMA8G +A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUYbPCvl0k +z+eiKZe8r+2VcnM0JBkwHwYDVR0jBBgwFoAUjdMy0N5jaoCQ6Ucqd269BlwiH/Mw +DQYJKoZIhvcNAQELBQADggGBABUXMEKzD93AwIJZ0R2n2gJzlc7lnKF8BP70ZP5h +JTYz+tHymc+Nw6eW7yQ5o9tnJue3Z+ueOzN/+UP7dWH7NRnaJ/BOJuKXcwGrH6tD +prP2+HR2tPIuEGmOoe9bnFAiX7evTC3wt+AeIGgYSZgPwR7gF69Pudk8ISrMg0oh +Q4pM9YUj5cIWiBBD20vQj6wJCvzi5tyJjEhjT6fJVlcKFZBveOG5RaPB91GiuJ6s +JW6z1Q2cCMtvsRZnj7jFDH/m4ZlmK/h9oD1HxCP1rcEmHykOh4RnyyrlT+Vuzw+u +jtNaz0Fr9y20a39ENrmMI719/vuZxx2eExko/ta0EbirJw2u+Ygjdn6c6Bc+BR/C +IisDCHVO1U+nk8zLo0Rd1JInJH+3jYzn9OAClqBoKxp4bSIo5z419t2jZTAWUNcQ +Rj+7s8XN/z7pfNfecZJ/n9KTfqbowqfZaMR/UdmVQZTmN3Xk9CnQsGpotbNDqQfH +jz5Y36//zejV2aJeOMWZeAw/QA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID7zCCAlegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCAXDTE3MDIyNzE1NDkzNFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD +QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArr1s4R3Fq1St6vdT +ZLTWWZ40bG72Ue/Z94c+m0dujKk+SnXEOe8sEzZLzizaoBiA8IDc1sFpLHDruWsD +jLACBOPDahfIGIfeJ1R8L23HEgbg7RXdJ8Bx1YsfaASr8L7AihDBM6BTPfGipf6u +Ul2oI0vyo8WxW+0BdJ/qTMJwT/vFqn1XBisuvwa23SVAe0UU66kYXmSxUDZv3YWv +P3vqVBGdbussChIYn5xyfCaaLgC3VQNkhmswSfyFQBJ7VO/nHI1a35E705WSKGys +IZdg3mA08jLOReCsgAO4vnhubA3jk9/LFFIbJulNQ0j3jcqOyfCtsXEmvgbq2b6D +ksBg/x1riV/FAW/nRwW/vqaKDtDTx6XcjFnMjfvBzkON8F+M76qTl4lVbv9fUgEE +hBppfHlvu3sQ7ysVYgTDdCM0neTZ0Gm7dOd/9qnrA7ZzQBLRBQD7+en23jyuX/PT +TEL2pO3kGo9H9zgTC8TcGyNxhJ9APIu531xkHJyse5IkORYJAgMBAAGjVDBSMA8G +A84HCAEB/wQFGqsBrP4wDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYA +MB0GA1UdDgQWBBSN0zLQ3mNqgJDpRyp3br0GXCIf8zANBgkqhkiG9w0BAQsFAAOC +AYEAjPW9Y5HZpXnSpjKPryxWNtQSZVRh1b/dGgKOOqjvlXajU/FbMjXTnpm3wdSO +PCXGyUkBonuoWlbxcRLsShH8O8LUH50drYnTYiNYqYq3e23u2LrQHbB1YlQnRvdR +JP2AOl/d8mP9c3GBhu0dxzTiH5zyiCMxOWChdPbpKCTNGD2aZIUoXsUwLv2ICsue +qQIr4f+pBztpNAJdwfMFtqdB1Aeg0UW3+aCjD4XEjISYd9VfXnPg0OaBqddy/MA3 +Itef4+O7XNQi7w6FWmuZWdEJC2juygybA0jv6fvFKV5HUxxsdMaUwy/Ibt/MOhUd +e4857GRICFKq8Q8FUbDiuw868aTkKSVqXoZFoTLQsXn53GbSGvNqwpqQXK9JMPCn +c6XIbeF9zgGWbswgdNhs3u8J9tkIxd03cIqaCjzmsl9TByjg5hGEw4+hXbt9PDFa +M5avPfGI7g0CdoSKSzAishaYtBn+HCRHyZTpxATrv7/fo0fTSs32EIHmro0Xk5b9 +qFGX +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/client.p12 b/tests/cert-tests/data/client.p12 new file mode 100644 index 0000000..f57ce09 Binary files /dev/null and b/tests/cert-tests/data/client.p12 differ diff --git a/tests/cert-tests/data/code-signing-ca.pem b/tests/cert-tests/data/code-signing-ca.pem new file mode 100644 index 0000000..30d5c8f --- /dev/null +++ b/tests/cert-tests/data/code-signing-ca.pem @@ -0,0 +1,62 @@ +-----BEGIN CERTIFICATE----- +MIID4jCCAkqgAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCAXDTEwMDIyNzE1MjE0MloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD +QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0QHh//JKi30BDok3 +1lzQFhXhthwyc5aG/O6jW3LfxYD0I6Ubmyryuo+Hss0RSZruSbxrYIMTFTIYtd56 +d4/2CFT7OYsIjaf5vb7oMfITT1epnYnKxuBekfIAHjRlxXf5hddDQ9vsLmkr7wlT +zVyVX7fUYz1WuEiSVNHui+69idEZHAuwuz0P+kRoHJA8O2D8S71w01V0969yerOo +Rqq2za9HCWcGrKHSAwY8ce01YsFJj6ozVfrt3khXrLpNosd72oEupC+p4zGABdT9 +6GaMh47yX5jkCeh/ZTz8Ek3S6t5ryRi5UoyrD/bg5VHaW5SF3AUzgUKs9biV/K6R +OdqO7nk3xf37IQUHG3WZyUYpZ9LZLJZaBu4Tftzn71kYQ0JTBK06QLp43eArSSeo +IDyR6V7+rsaq23c0l2AFeGzSwCxUpcga4o5FrKLSEcEcgDJ8sxXr8KTjBKVg8k/O +M4T3xpAp0ZKR4sGJMB7sw8mmXkpICc2ZN+GrueP+xcJojNxJAgMBAAGjRzBFMA8G +A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFB8W +FXxAZlq94LBofKwIfsW3krrlMA0GCSqGSIb3DQEBCwUAA4IBgQBPG/pba5oHECfJ +1Z4q5FSO8AYG+v/KaaP0XSdsQOpxRW0/yYvWdGfGSd8NcFNYwBxDRPF6758cE72E +uSPF5EDH1rZDHsxQhUl5lwmBcP69hlLCeMzsWHsJmobqpv9hIbi+zb37CGQrOXwq ++0qc3tqQjw7979j1SfifLF/eo5DxWiJFgL7t2IjvJsIUTi5MdYVeiLn0WzVGvQ4h +yYlvBF/yg1YOvxHunbapL3hCImnzhCFQ/qFe0w+VjgkK9Fuz18lyYfxBoqziyMhR +9aBAjsHoAqZtnSLLFHYl4wh6dHjxAUr5r1GwO4cQGK7+dP1m8cVQoQfCPeQLE8GZ +aZwk/of7ywtjSEMJNMKP3NmKkGzoD48iIhtMbfZ+bXG4JWM8VD9bEw0JSf/ymCGV +Q+S+SiTqWSzb6Eq/rTkHa5IT1pFLySIZcsgjkw82VXSe4PEzlaFKTYePG1NU1Y3n +nrJ60/+PwcCFh7oVcZ0MTfuZmZxnhdID0cvxFd0VAo22Hxofbnw= +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEA0QHh//JKi30BDok31lzQFhXhthwyc5aG/O6jW3LfxYD0I6Ub +myryuo+Hss0RSZruSbxrYIMTFTIYtd56d4/2CFT7OYsIjaf5vb7oMfITT1epnYnK +xuBekfIAHjRlxXf5hddDQ9vsLmkr7wlTzVyVX7fUYz1WuEiSVNHui+69idEZHAuw +uz0P+kRoHJA8O2D8S71w01V0969yerOoRqq2za9HCWcGrKHSAwY8ce01YsFJj6oz +Vfrt3khXrLpNosd72oEupC+p4zGABdT96GaMh47yX5jkCeh/ZTz8Ek3S6t5ryRi5 +UoyrD/bg5VHaW5SF3AUzgUKs9biV/K6ROdqO7nk3xf37IQUHG3WZyUYpZ9LZLJZa +Bu4Tftzn71kYQ0JTBK06QLp43eArSSeoIDyR6V7+rsaq23c0l2AFeGzSwCxUpcga +4o5FrKLSEcEcgDJ8sxXr8KTjBKVg8k/OM4T3xpAp0ZKR4sGJMB7sw8mmXkpICc2Z +N+GrueP+xcJojNxJAgMBAAECggGBAK4EGEuGSoSKpmeY3bGPgvzwaQW7wlG0oV1T +vxTzttX1AM/wtuRhRMkJmZzH2j3jTcR8qRYo66l5FVPPET4c0WasgqKtXIi8s1VE +7oQvHd6wiRsOT5N32aU/zNNZIubfdhP2Xx3PrHwTuq2BoZFZJVEVeDLMLjiuy47t +XuSI+KwXOQW9wf6S34uqithFSrDRlh3lc1uxSfqyy+jXTiLQHfVwmv98FPWEoZs9 +BPSB4DIB5iJEPgu3KXcp2j2Iu/zsgnPPSxvzYATguVB/zZ5TbsGuxNI519pj/9N2 +q/Y+8/9xJKp9Rmn5rRpDpojhvR5YVqkMo7+2uBcY/X2OfKxf9yNXbsRfV9KxfqDk +CXHcMx4hP7dgVweAFa3cc4mNSLmExbKEd0RtwZHedyzGG9TE1l6n0rTBrTOAtHda +EqrI9Q9cGhdQRKzIx4o5c3uD07I2r+1xoPZzCI0eEglzo+oSriJIvr4Mgwla7xWI +kK74R8W6Wx0QWB/9iHC6GV6kGQDCAQKBwQDu8ecDftQ/Onk6KjbBcm9XfnVM3ER9 +BKkWgmWvl9QOdNBYU2Hd7RrHAhjmILauyUp+62nNnGKxPLujLnVIicLtiGnivqQC +Sd2wEu1/tw6e4groQUxPD+c6kSXvGKUW+QKOvnGmQ4CkfBIST16TJrEMNvSBr5/B +A2LlufI5lPT8aMiF/mZfVS5axzOnmR7weggwK3T5kf/nw0JT5b28RuL1ck31Cb75 +EQezK4YkB+n5qgjBHM3bo6tO18s+YIVDlwkCgcEA3+zy8mmRh9SPjmJaM7bxoUHn +Q5oY1Umd6DH1uGi2qMe9cB1Dfcy8BomhKVrDgU4Hyo0Gc8oPaCsKiPYWy+pbYQ5L +o5JhsxWXhXfIqumWgvodXE03dLc405tFIyiSoaaCHaKVMotlp2781CBhjxJTfiKu +IL1i11C4lEpgcoE4uGP57irU7oFAesdM9osGi7UV+op/72mOWRkEEixHOmTIIvyN +e9MCBIVrmW5GM8Tp0oIwQ5V88nmmNxliZlA8HStBAoHAVxKbxnBPVAMw7fs4HOJg +pJeWkz2pT42FOIioGYbQZbw3uBgaj865dU/UVvgQ2jzMAtgypBSa+k9RaTOi1Z4u +BHUzcMdb6OGWAXXESkgg8dEZfG1fK2h2MKd4FVr7vhVb0zyfGaF7nXUA+N8nbaQp +3HOiQigHpURgo6pRFJ6tb9WXTQzZrV/TFo2Ey0xHNAakOTl81P1ZLdG/t+b+bz+9 +sQfIVMUKbKTCE46GwVaI8sv9iLHAaouH/6EvlTmDFpBRAoHAMHCQiZH+slRwDYwH +GULM+GZKQdx23MTFDPKpxg+Y2+ABgdxCulbsoblqDIke27zmgJGLQMcIGC+fYsth +WRFEXTV7dVH4IoZcNboYxagsL/8tFMd7ZJsyBsyC4z0moyNi6EhAYCO5hMPEm5q5 +n/qF5zZXVqvBUvSaSTHhtUNw4qp16WiIkWOScDzm0Dp42wX8UCtfy4mZCnsX31qG +ugINLUxWyt91g0bdZN5u/0nsjuYszKHs2oMoSqkKGTnoFyNBAoHBALrm0k/JNOWb +5Z9toqLnpzTM5hJQwQdzQFjuEyQa9DrC15kojjU4rwstVTRxVm+SJMoqWFbxPGe3 +28ijA0q226EdRnOP4d+xvapN5+1cQCAlfYKp7zC58smnC5dsIkVMoRGtMq4upZYH +rMQUYRcsjnjBf8hi3yyOyj4ENUMjsT4LZntfBKzc6Mv9PhoVWMPjndKxZFUJCwwE +hvmwhInAUuxIP18v/KkrgsZLva9xp6UARnB6Gpe3bFMLOWNb621Qgw== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/code-signing-cert.pem b/tests/cert-tests/data/code-signing-cert.pem new file mode 100644 index 0000000..0d04f13 --- /dev/null +++ b/tests/cert-tests/data/code-signing-cert.pem @@ -0,0 +1,64 @@ +-----BEGIN CERTIFICATE----- +MIIEIjCCAoqgAwIBAgIMWAXZ+AOk7Jxgz3G8MA0GCSqGSIb3DQEBCwUAMA8xDTAL +BgNVBAMTBENBLTAwHhcNMTQwMjI3MTUyMTQyWhcNMTYwMjI3MTUyMTQyWjAXMRUw +EwYDVQQDEwxjb2RlIHNpZ25pbmcwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK +AoIBgQDSnOotbRouMDqya42qSS20QLVxRfIfER8RtF/51S75Wxfdx9hgfre0Ldg+ +tNwbo0Je2vVta/OwDO1L/RsAc+//PSeuMVH0wIZZmGR3HpbY13spcwYJEuapIOkJ +LCy4jhllyTK8h8WI17mMf5WCzcfcH70ISZAUMGqrVOaTuviBcf8S5/sG251R+5ft +dBzz/sVV8GTSkGmn0LyihwzNyJ+5AhgsoKI5HJXU+ThNvJ0oUTIW/oh1qZMcdZdO +aCInIgeOLDj9K0CAw/E1Jfe05SccEzMQwY+zFhIUwzzKHPvIfLNkW6eHJca2zNgI +/CfSNtdwCSFkYykUduQveANM5+7/+jtbbUywfoz/2CY6WYsoarcPec8xlSbNBVmo +L5sfYoPRn+9MyuozV8UFlPupqc5AKYrMZXkwbud/KT6+Y/vrtU+ktpndJjhEB7Ot +4Y+WlqKml3QnLJWmyfbzTnXmB4FINMj/2Jl/Ay1BB45CBDpY0Z7uGm08FPi4hNaS +UTVlihMCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcD +AzAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQR8od2h7W6lKTua1ZH3WTtTklw +0jAfBgNVHSMEGDAWgBQfFhV8QGZaveCwaHysCH7Ft5K65TANBgkqhkiG9w0BAQsF +AAOCAYEAvcUiycPKmDMquWBWw62FZPhA/kjUrIuyGChxxsv+pt4al6SNzcuXGfDJ +Us4Z0pwnMsvoy69HZFDyhkQ3uclgeYmR4rz0uNLrjvBoPlxK1gYPdqbN/gA8SvTi +y5yr/XnVriMzs6HpaWh0zGAuzaVbpRo79Ba+VPJsbSHETzM4iKzhxp+8WA2G0yaD +zw70KL0SzYh6QlhARtSAZ+3VDFFAAYHIpJr1qg5OS6AmPezUhE135iwvIGiBv3sh +aFIxEVGFIKkzelmpT5lq1qjQocV/KrJzrGYMshhJ847BWMROT1fXq/jL+lg38J0A +yy8pMCO1eYr9+7Dfea/OubGWcQPIGE+2XzUSPzLXJHrteq7y2dt2NLbto/QVsD41 +hFxvxKwfVSKhrUtuymaBynPfTo9ObFb4Y+BvxDnfYSp+myuNXNWocDGVsc+kFlhs +syKjkVJhZNTAP7LC8lYRIb42FOsJ6CiRmpXNj5/UIoXgjsMVF/4eIClvbqSui50Q +vKWlsnP1 +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEA0pzqLW0aLjA6smuNqkkttEC1cUXyHxEfEbRf+dUu+VsX3cfY +YH63tC3YPrTcG6NCXtr1bWvzsAztS/0bAHPv/z0nrjFR9MCGWZhkdx6W2Nd7KXMG +CRLmqSDpCSwsuI4ZZckyvIfFiNe5jH+Vgs3H3B+9CEmQFDBqq1Tmk7r4gXH/Euf7 +BtudUfuX7XQc8/7FVfBk0pBpp9C8oocMzcifuQIYLKCiORyV1Pk4TbydKFEyFv6I +damTHHWXTmgiJyIHjiw4/StAgMPxNSX3tOUnHBMzEMGPsxYSFMM8yhz7yHyzZFun +hyXGtszYCPwn0jbXcAkhZGMpFHbkL3gDTOfu//o7W21MsH6M/9gmOlmLKGq3D3nP +MZUmzQVZqC+bH2KD0Z/vTMrqM1fFBZT7qanOQCmKzGV5MG7nfyk+vmP767VPpLaZ +3SY4RAezreGPlpaippd0JyyVpsn280515geBSDTI/9iZfwMtQQeOQgQ6WNGe7hpt +PBT4uITWklE1ZYoTAgMBAAECggGAOpt5uuxaVbIME2xEfrdgZYGAPCYnqyd7itSz +xHTjXnZP3OJovulkO1pqi4COo445wOWTWECrDjl6qyOiqOyaQ1+END/7O217tWDn +zBISDgNgfXdJnarJzxSeZHQLecvpG17ypG3vtRW6x3MVatHSpNmcI7s8wbF7bXPx +ufhUgMj1HxC41P6194NYkrY1/FvQFAsSM1oGXLGEXIHSOU1zzOrdSUXl/piKxToY +xeEPppF5q9ZmqL9odYnvcd0ea99W032FM7kkbNT6ycYzRmQEx7c+tAWlx7nqn9it +5f6oMJJwjSu+ZAm8YgZh4zQogWWL7+YYIrNQNoL74RG4EVPCupvrn/Z13XUK6N0e +qtCJeam/jsPsANL1rcu1te5wkzGJgs6KHrbrtKthoibJ73ivGxy46zWRJTNjFx9l +mCM5B5Img1vJizmFeCs2dFHXAi9Lx/t8IKHdydFjAAyZ4a0paz3HfmpHBWKFsm5J +4DgWU+WXqSsu+uftmiCz9d5e7lJJAoHBAPRyn0vX9a9GpM4olgaEtmBJh/UWA3s3 +otzxwOgeXJgWnWEkccPBMkNXFRO5LPO3oriakidBi3k0Q8rFaYuJ1Vf4v3WHJPZc +pOBYiTsOeQihjiSQdtrS6syborWGQyFsJnnbpSjoKTfb5RisSTev3Di5u5bqcgU/ +TMOoPvB3rBR92Z6K5n9ZD+XrFJwAIGfFVqRaxLZLItfGRJkBkvvzDZsuGoGOScS5 +FkcpFRSxRHWu2Ifdlz0ARUuV8+5uEVZBTQKBwQDckPPPMS3m0hNbl3D5P4GYn605 +Vxn9njHEAWlCfnGbPhsSTT2nw/jdJp60jHEVlDOAyKpDf3wkz1iQMO9sx9fYASv/ +stY9u/12ERNKkqvmqhsjxTAgFWYeAyoS2N4DIGWQXWWCcOsvPREwb9ym6q29bxtr +PKs9tTVRsnwrEFRZfsUTWPyV1ngBkVVk5MVGHYjUMM7iEHQsucOnnCDitauGaAx4 +kPSdng9wSelJXw2VJSrlfSOfOIRmQtd8iSn5SN8CgcAtdsgT1hW2xL/QLBJDIhm9 +bM+hkLeTCjT7POdxBHyaONKKh7m0+9C6X47m/TDUH1pfVThLntAu+b6GDxNjRX5t +fzE0za7dNzvfEfhsCHQQW+PQ/yFr74CGD4hClLcVl0TMs0JTimJoJjjEzv5LIiUm +U70FA5OzUCOZ3Efgd5GEuidoalMWal0fmQpbPVbJlhVYOh2N/gl78j896eIJhBoK +u5docytbMEVpdMWb9KBT9vIEyvze9pbsyPX2aXhF/50CgcBWF+pi7HJbT5KoxLMf +Ry+h0GoAIMSPX2lTda2Ne+eCTjqo6SdwzajdQc7e8JbPcnqsASecky10/M438jHy +hwr0UHjJJRhFHpTvufiKujeJIMrZKoX/b/rdKiUJGEeIduPN9vbBdKwIU1DbVD6P +lLjeYXkVYagBvTKjwgR/lq8mA7qPM8PcBMvw6LapXDa4iJy5HpgSW5PNRXFegi2/ +8GOUYhbEFOi2gVTLYr5Bmm2l0s0sqKz34Eql099ix/NvT4cCgcBg1KRXwvz/U8pI +mP9FcUKCL9CkRiPPzsjGv6qs2nvzUXaR5Bb/sX5cvKHNxlkgxYpvgH0oSJTfk0js +zceyce2B8VGBNzPW4O9L1JOZXH6vwBWsbEJM04neYQipu8ytZO4zjLWdOHd/9g/v +x7hmweYs7oL+lVlEPY2QfnqPBG2hlETuccsVgEQ+4i/gDuJIVHFlqgbyHmoKJaN5 +s7oeXUTQfAMXdjKkWGrgS9dbDpTXdcfPeg2cC0K1DvYWpcS9bJ8= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/commonName.cer b/tests/cert-tests/data/commonName.cer new file mode 100644 index 0000000..91d02fd --- /dev/null +++ b/tests/cert-tests/data/commonName.cer @@ -0,0 +1,52 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 06376c00aa00648a11cfb8d4aa5c35f4 + Issuer: CN=Root Agency + Validity: + Not Before: Tue May 28 22:02:59 UTC 1996 + Subject: CN=Root Agency + Subject Public Key Algorithm: RSA + Algorithm Security Level: Export (512 bits) + Modulus (bits 512): + 00:81:55:22:b9:8a:a4:6f:ed:d6:e7:d9:66:0f:55:bc + d7:cd:d5:bc:4e:40:02:21:a2:b1:f7:87:30:85:5e:d2 + f2:44:b9:dc:9b:75:b6:fb:46:5f:42:b6:9d:23:36:0b + de:54:0f:cd:bd:1f:99:2a:10:58:11:cb:40:cb:b5:a7 + 41 + Exponent (bits 24): + 01:00:01 + Extensions: + Common Name (not critical): + For Testing Purposes Only Sample Software Publishing Credentials Agency + Unknown extension 2.5.29.1 (not critical): + ASCII: 0>.....-...O..a!..dc..0.1.0...U....Root Agency...7l...d......\5. + Hexdump: 303e801012e4092d061d1d4f008d6121dc166463a1183016311430120603550403130b526f6f74204167656e6379821006376c00aa00648a11cfb8d4aa5c35f4 + Signature Algorithm: RSA-MD5 +warning: signed using a broken signature algorithm that can be forged. + Signature: + 2d:2e:3e:7b:89:42:89:3f:a8:21:17:fa:f0:f5:c3:95 + db:62:69:5b:c9:dc:c1:b3:fa:f0:c4:6f:6f:64:9a:bd + e7:1b:25:68:72:83:67:bd:56:b0:8d:01:bd:2a:f7:cc + 4b:bd:87:a5:ba:87:20:4c:42:11:41:ad:10:17:3b:8c +Other Information: + Fingerprint: + sha1:fee449ee0e3965a5246f000e87fde2a065fd89d4 + sha256:8b13dbb25eb339a630c76c810d14b44b552e68dc10a93e82e754da23f858774a + Public Key ID: + sha1:38596dac2a46c9002309905e1f02c1fb5df724cd + sha256:73a97a992bfd29b91ef23175b367db9c561c516f634f759e3d430230a3d0695c + Public Key PIN: + pin-sha256:c6l6mSv9Kbke8jF1s2fbnFYcUW9jT3WePUMCMKPQaVw= + +-----BEGIN CERTIFICATE----- +MIIByjCCAXSgAwIBAgIQBjdsAKoAZIoRz7jUqlw19DANBgkqhkiG9w0BAQQFADAW +MRQwEgYDVQQDEwtSb290IEFnZW5jeTAeFw05NjA1MjgyMjAyNTlaFw0zOTEyMzEy +MzU5NTlaMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MFswDQYJKoZIhvcNAQEBBQAD +SgAwRwJAgVUiuYqkb+3W59lmD1W8183VvE5AAiGisfeHMIVe0vJEudybdbb7Rl9C +tp0jNgveVA/NvR+ZKhBYEctAy7WnQQIDAQABo4GeMIGbMFAGA1UEAwRJE0dGb3Ig +VGVzdGluZyBQdXJwb3NlcyBPbmx5IFNhbXBsZSBTb2Z0d2FyZSBQdWJsaXNoaW5n +IENyZWRlbnRpYWxzIEFnZW5jeTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRj +oRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwDQYJ +KoZIhvcNAQEEBQADQQAtLj57iUKJP6ghF/rw9cOV22JpW8ncwbP68MRvb2Savecb +JWhyg2e9VrCNAb0q98xLvYeluocgTEIRQa0QFzuM +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/complex-cert.pem b/tests/cert-tests/data/complex-cert.pem new file mode 100644 index 0000000..fae3e48 --- /dev/null +++ b/tests/cert-tests/data/complex-cert.pem @@ -0,0 +1,94 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 07 + Issuer: pseudonym=jackal.,title=Dr.,ST=\#8013\,,O=Koko \,EMAIL=test@me,OU=nounit\,O=org + Validity: + Not Before: Sat Apr 27 19:04:49 UTC 2013 + Not After: Tue Sep 11 19:04:49 UTC 2040 + Subject: pseudonym=jackal.,title=Dr.,ST=\#8013\,,O=Koko \,EMAIL=test@me,OU=nounit\,O=org + Subject Public Key Algorithm: RSA + Algorithm Security Level: Medium (2432 bits) + Modulus (bits 2432): + 00:ca:a5:55:c5:da:1e:ab:cb:93:df:36:7f:df:21:af + 5e:84:d0:23:76:69:8c:4f:82:fb:32:07:d9:15:7c:99 + d3:bb:33:5f:e4:7e:ff:8b:cd:ca:3a:7f:00:c7:52:cc + 4a:8b:55:ac:af:bd:25:8b:ff:9a:9f:bb:a2:50:db:24 + 28:4f:38:08:cb:6c:bc:64:a0:29:56:72:31:71:53:f1 + 5e:ff:8d:db:97:15:22:16:1e:af:2b:b0:1a:d3:bc:2c + ee:4d:4f:f8:50:df:24:a9:a0:51:86:80:d1:8f:57:43 + bb:31:fb:d0:59:dd:ea:b8:a7:e5:41:0b:61:2b:23:8b + e1:76:4c:a5:d1:f8:4d:a9:64:3c:83:84:bd:2e:36:e9 + 59:a7:dc:a4:6f:ff:70:0b:10:02:26:87:18:cf:b4:54 + de:1c:ed:cd:cc:bf:d7:5b:92:53:bd:de:48:a5:60:07 + 00:58:ba:d7:0d:be:3a:f1:98:1c:90:05:6a:4f:35:c7 + c3:8a:ee:62:41:6d:49:76:d8:09:64:da:da:26:17:52 + cf:18:84:76:cb:6d:8d:b0:3f:32:91:11:96:5a:53:d1 + df:1f:26:2f:db:c0:85:13:bb:88:4e:de:f5:45:45:59 + ff:c5:a0:d7:4a:05:5b:bd:3f:9e:b0:f5:05:10:dd:af + 24:e4:01:a4:97:d6:a0:3d:85:e0:83:21:26:6f:de:c8 + e8:bd:33:2c:32:81:2e:8e:cb:f7:10:71:b8:0c:93:02 + 8c:0b:ca:00:53:88:47:26:bf:ae:a4:a8:b1:e8:94:d8 + b3 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Key Usage (critical): + Digital signature. + Subject Key Identifier (not critical): + 1f1df37c58ffae0157ffccd8aae234092017a090 + Signature Algorithm: RSA-SHA256 + Signature: + a4:db:8f:4e:d2:47:f7:e6:74:ab:09:2b:49:a9:a0:1b + 51:28:0f:8e:a5:95:38:55:7a:b3:6a:99:55:cf:b3:51 + ac:87:84:fc:dd:8d:08:9a:9f:90:4d:bb:62:07:5b:54 + 18:b2:08:fc:a7:18:de:26:80:53:92:63:e0:26:86:b1 + 61:a1:2a:d8:52:e7:ea:ed:ce:9a:3a:f0:81:e0:45:21 + 39:d3:bd:05:4c:ad:a0:ff:83:5e:cd:07:32:ed:a6:c1 + ea:02:bf:8b:7f:51:76:24:39:51:71:a7:f4:92:1c:7f + b3:b0:06:5d:51:3a:18:05:85:1e:a2:f6:ef:9f:2b:dd + c5:23:4d:34:8e:c9:0b:cc:6e:66:19:8d:04:86:f1:fc + 08:1b:2d:f3:31:db:86:72:4c:b9:29:b7:13:46:65:57 + 58:c0:1b:c1:4a:4c:f6:72:d6:5f:29:b4:78:61:17:05 + fe:94:28:7a:33:c1:b3:df:89:8a:55:d9:6a:68:93:f6 + cc:18:c5:a9:41:7a:da:6b:90:32:d9:09:de:1c:23:29 + c8:55:a5:31:11:42:89:97:d5:9b:a5:84:a3:83:f7:ef + c3:f7:c6:ee:1c:17:29:f8:59:3b:ca:53:c1:43:6d:4d + 17:4c:9c:ee:5f:94:31:2c:92:bb:da:ac:3c:6e:7a:b3 + 2a:a9:2b:a7:2a:7b:2b:37:b5:2e:ad:cb:2a:dd:4b:a4 + f9:e2:ad:9b:18:e9:38:93:44:b6:db:e2:37:c0:9d:e8 + 53:e2:8e:e6:67:ac:3f:61:f7:4e:47:84:5c:f3:d8:44 +Other Information: + Fingerprint: + sha1:5bf859ec9395b73f5ed5adfdfaa9c1add2ec23ff + sha256:3cbe4b0ed00f0b491fd9c7f620f2efe7357e50d9d096fd92c788041bb32e3d1b + Public Key ID: + sha1:1f1df37c58ffae0157ffccd8aae234092017a090 + sha256:9a39a13fee4b8f4c589b3934f78632fc4f688f34b7fd36cb17ce841109988f53 + Public Key PIN: + pin-sha256:mjmhP+5Lj0xYmzk094Yy/E9ojzS3/TbLF86EEQmYj1M= + +-----BEGIN CERTIFICATE----- +MIID6zCCAqOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBmMRUwEwYDVQQLEwxub3Vu +aXQsTz1vcmcxHDAaBgNVBAoME0tva28gLEVNQUlMPXRlc3RAbWUxDzANBgNVBAgM +BiM4MDEzLDEMMAoGA1UEDBMDRHIuMRAwDgYDVQRBEwdqYWNrYWwuMCIYDzIwMTMw +NDI3MTkwNDQ5WhgPMjA0MDA5MTExOTA0NDlaMGYxFTATBgNVBAsTDG5vdW5pdCxP +PW9yZzEcMBoGA1UECgwTS29rbyAsRU1BSUw9dGVzdEBtZTEPMA0GA1UECAwGIzgw +MTMsMQwwCgYDVQQMEwNEci4xEDAOBgNVBEETB2phY2thbC4wggFSMA0GCSqGSIb3 +DQEBAQUAA4IBPwAwggE6AoIBMQDKpVXF2h6ry5PfNn/fIa9ehNAjdmmMT4L7MgfZ +FXyZ07szX+R+/4vNyjp/AMdSzEqLVayvvSWL/5qfu6JQ2yQoTzgIy2y8ZKApVnIx +cVPxXv+N25cVIhYeryuwGtO8LO5NT/hQ3ySpoFGGgNGPV0O7MfvQWd3quKflQQth +KyOL4XZMpdH4TalkPIOEvS426Vmn3KRv/3ALEAImhxjPtFTeHO3NzL/XW5JTvd5I +pWAHAFi61w2+OvGYHJAFak81x8OK7mJBbUl22Alk2tomF1LPGIR2y22NsD8ykRGW +WlPR3x8mL9vAhRO7iE7e9UVFWf/FoNdKBVu9P56w9QUQ3a8k5AGkl9agPYXggyEm +b97I6L0zLDKBLo7L9xBxuAyTAowLygBTiEcmv66kqLHolNizAgMBAAGjQDA+MAwG +A1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUHx3zfFj/rgFX +/8zYquI0CSAXoJAwDQYJKoZIhvcNAQELBQADggExAKTbj07SR/fmdKsJK0mpoBtR +KA+OpZU4VXqzaplVz7NRrIeE/N2NCJqfkE27YgdbVBiyCPynGN4mgFOSY+AmhrFh +oSrYUufq7c6aOvCB4EUhOdO9BUytoP+DXs0HMu2mweoCv4t/UXYkOVFxp/SSHH+z +sAZdUToYBYUeovbvnyvdxSNNNI7JC8xuZhmNBIbx/AgbLfMx24ZyTLkptxNGZVdY +wBvBSkz2ctZfKbR4YRcF/pQoejPBs9+JilXZamiT9swYxalBetprkDLZCd4cIynI +VaUxEUKJl9WbpYSjg/fvw/fG7hwXKfhZO8pTwUNtTRdMnO5flDEskrvarDxuerMq +qSunKnsrN7Uurcsq3Uuk+eKtmxjpOJNEttviN8Cd6FPijuZnrD9h905HhFzz2EQ= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/crit-extensions.pem b/tests/cert-tests/data/crit-extensions.pem new file mode 100644 index 0000000..a3d5058 --- /dev/null +++ b/tests/cert-tests/data/crit-extensions.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICxTCCAi6gAwIBAgIBCTANBgkqhkiG9w0BAQsFADB7MQswCQYDVQQGEwJHUjEP +MA0GA1UECBMGQXR0aWtpMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs +ZWVwaW5nIGRlcHQuMRUwEwYDVQQDEwxDaW5keSBMYXVwZXIxFzAVBgoJkiaJk/Is +ZAEBEwdjbGF1cGVyMB4XDTA3MDQyMjAwMDAwMFoXDTE0MDUyNTAwMDAwMFowezEL +MAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMu +MRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVy +MRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEApcbOdUOEv2SeAicT8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOY +HhxKOPczLXqfctRrbSawMTdwEPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMY +nBp6HWmvRwJgeh+56M/byDQwUZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaNZMFcw +EwYKMgsMDQ4PEBEBBQEB/wQCyv4wEwYEKgEFAQEB/wQIBAa+r8r++vowDAYDVR0T +AQH/BAIwADAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wDQYJKoZIhvcN +AQELBQADgYEAhiTH/RZPiwrDdxEV3W2teR0nw2CLIgHVf7SUawNt9t4Ve/jqZoTA +PhXsthfFK2/N2WCYShL3ahtVuwQ1l81gPLKdHxeih4cF0S+bqFU2a5pFzu7Eo6Mk +i5PWiFEyWy+WISzTVGAZzYOZUHRmrBeOpZbf/TpsF+uejgkn5AAEYgM= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/crl-demo1.pem b/tests/cert-tests/data/crl-demo1.pem new file mode 100644 index 0000000..c4fb6f6 --- /dev/null +++ b/tests/cert-tests/data/crl-demo1.pem @@ -0,0 +1,45 @@ +X.509 Certificate Revocation List Information: + Version: 2 + Issuer: CN=Trust Anchor,O=Test Certificates 2011,C=US + Update dates: + Issued: Fri Jan 01 08:30:00 UTC 2010 + Next at: Tue Dec 31 08:30:00 UTC 2030 + Extensions: + Authority Key Identifier (not critical): + e47d5fd15c9586082c05aebe75b665a7d95da866 + CRL Number (not critical): 01 + Revoked certificates (1): + Serial Number (hex): 68 + Revoked at: Fri Jan 01 08:30:00 UTC 2010 + Signature Algorithm: RSA-SHA256 + Signature: + ab:19:1d:b5:bb:21:6b:b6:e1:4c:cd:f0:b7:37:9e:95 + 38:d1:d4:81:90:80:ae:11:f0:fb:1c:d9:fc:36:34:ec + 9d:96:af:0f:79:27:37:aa:2b:47:57:a9:b8:76:a1:f3 + 72:14:25:ca:d6:29:ac:e2:b8:75:18:ad:12:1f:91:61 + 8e:14:29:43:6e:f8:e4:10:e5:51:4b:4a:fb:82:d1:6b + f7:c6:7d:b0:db:d5:6a:a5:0b:5a:bc:11:5f:27:c2:ec + b7:de:76:d2:97:9c:7b:ac:7c:e9:f0:7d:2f:a5:4f:e1 + 83:46:22:b2:dc:fb:b8:44:8c:40:c0:2c:9b:3e:b6:d3 + e8:c4:d3:57:18:c0:29:41:08:b9:c7:26:44:92:c5:d0 + 02:8e:b4:65:d1:ff:af:de:65:75:50:9a:ed:4d:8e:55 + 73:b5:30:2b:99:95:64:11:96:a9:74:06:2d:c2:cc:4d + ba:71:6d:63:71:c1:1d:53:ac:90:d0:e3:4a:36:e4:4e + 47:ee:8d:b1:76:76:42:6d:82:94:71:06:58:52:40:67 + f0:96:07:b3:63:43:d9:9a:36:4a:22:a1:96:f8:20:1d + 80:28:f2:81:71:bd:26:4f:74:d8:b2:98:13:f3:37:19 + 48:fe:43:2c:2f:22:54:ea:dc:c7:64:8b:4a:f7:77:e6 + +-----BEGIN X509 CRL----- +MIIB4zCBzAIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEfMB0GA1UE +ChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9y +Fw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaMCIwIAIBaBcNMTAwMTAxMDgz +MDAwWjAMMAoGA1UdFQQDCgEBoC8wLTAfBgNVHSMEGDAWgBTkfV/RXJWGCCwFrr51 +tmWn2V2oZjAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAQEAqxkdtbsha7bh +TM3wtzeelTjR1IGQgK4R8Psc2fw2NOydlq8PeSc3qitHV6m4dqHzchQlytYprOK4 +dRitEh+RYY4UKUNu+OQQ5VFLSvuC0Wv3xn2w29VqpQtavBFfJ8Lst9520pece6x8 +6fB9L6VP4YNGIrLc+7hEjEDALJs+ttPoxNNXGMApQQi5xyZEksXQAo60ZdH/r95l +dVCa7U2OVXO1MCuZlWQRlql0Bi3CzE26cW1jccEdU6yQ0ONKNuROR+6NsXZ2Qm2C +lHEGWFJAZ/CWB7NjQ9maNkoioZb4IB2AKPKBcb0mT3TYspgT8zcZSP5DLC8iVOrc +x2SLSvd35g== +-----END X509 CRL----- diff --git a/tests/cert-tests/data/crl-demo2.pem b/tests/cert-tests/data/crl-demo2.pem new file mode 100644 index 0000000..9e69263 --- /dev/null +++ b/tests/cert-tests/data/crl-demo2.pem @@ -0,0 +1,45 @@ +X.509 Certificate Revocation List Information: + Version: 2 + Issuer: CN=deltaCRL CA3,O=Test Certificates 2011,C=US + Update dates: + Issued: Tue Jun 01 08:30:00 UTC 2010 + Next at: Tue Dec 31 08:30:00 UTC 2030 + Extensions: + Authority Key Identifier (not critical): + ef63d3a84eb1f9df61e20dc305a39818d29399e7 + Unknown extension 2.5.29.27 (critical): + ASCII: ... + Hexdump: 020102 + CRL Number (not critical): 03 + No revoked certificates. + Signature Algorithm: RSA-SHA256 + Signature: + cb:bc:a5:6a:ce:79:92:aa:33:9e:5a:96:4b:d7:0e:e9 + 0f:c4:0b:b7:4f:89:92:85:e1:2c:e9:df:6e:8b:a8:2b + 38:91:dd:7a:55:b8:b7:9a:1c:fb:04:fd:a2:1d:28:ce + d0:09:5a:32:79:86:49:83:a5:9f:34:04:b6:e0:fa:36 + 54:01:d5:18:6e:58:7d:64:09:60:1a:40:f5:d4:e0:ae + 27:30:97:6e:1e:e1:a3:a2:99:08:c6:73:7c:04:63:df + 5c:66:de:38:97:e5:d0:50:d0:33:ce:2f:91:10:89:e0 + ec:2a:db:7d:c9:bc:42:03:08:48:5d:91:8b:0e:c1:0a + fe:75:4a:8f:36:44:75:97:3e:df:1a:db:24:aa:97:b7 + 6a:8b:64:43:70:eb:4b:fd:70:b8:14:6e:4e:65:cb:28 + 36:72:eb:72:1d:01:ef:93:4e:9f:32:ba:09:e5:f5:01 + 1d:60:45:ef:32:02:c2:84:b7:b9:ed:96:8e:15:50:84 + f3:7e:3d:ae:48:62:92:f9:c5:58:87:dc:d6:cb:76:12 + c0:6b:39:a3:b0:a8:55:2b:65:17:95:83:aa:b1:c3:10 + d2:7f:61:68:20:d6:8b:21:7e:c4:0a:41:01:06:64:21 + f5:2c:84:cf:c0:57:c1:a6:e8:23:cc:f4:f2:8b:d1:ce + +-----BEGIN X509 CRL----- +MIIBzjCBtwIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEfMB0GA1UE +ChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMZGVsdGFDUkwgQ0Ez +Fw0xMDA2MDEwODMwMDBaFw0zMDEyMzEwODMwMDBaoD4wPDAfBgNVHSMEGDAWgBTv +Y9OoTrH532HiDcMFo5gY0pOZ5zANBgNVHRsBAf8EAwIBAjAKBgNVHRQEAwIBAzAN +BgkqhkiG9w0BAQsFAAOCAQEAy7ylas55kqoznlqWS9cO6Q/EC7dPiZKF4Szp326L +qCs4kd16Vbi3mhz7BP2iHSjO0AlaMnmGSYOlnzQEtuD6NlQB1RhuWH1kCWAaQPXU +4K4nMJduHuGjopkIxnN8BGPfXGbeOJfl0FDQM84vkRCJ4Owq233JvEIDCEhdkYsO +wQr+dUqPNkR1lz7fGtskqpe3aotkQ3DrS/1wuBRuTmXLKDZy63IdAe+TTp8yugnl +9QEdYEXvMgLChLe57ZaOFVCE8349rkhikvnFWIfc1st2EsBrOaOwqFUrZReVg6qx +wxDSf2FoINaLIX7ECkEBBmQh9SyEz8BXwaboI8z08ovRzg== +-----END X509 CRL----- diff --git a/tests/cert-tests/data/crl-demo3.pem b/tests/cert-tests/data/crl-demo3.pem new file mode 100644 index 0000000..a91b1f9 --- /dev/null +++ b/tests/cert-tests/data/crl-demo3.pem @@ -0,0 +1,600 @@ +X.509 Certificate Revocation List Information: + Version: 1 + Issuer: OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet + Update dates: + Issued: Wed Mar 08 09:00:11 UTC 2017 + Next at: Fri Apr 07 09:00:11 UTC 2017 + Revoked certificates (210): + Serial Number (hex): 0122b8b2f37642cc4871b611bfd1cfda + Revoked at: Mon Apr 15 15:40:24 UTC 2002 + Serial Number (hex): 018393fb96de1d894ec3479ce1601363 + Revoked at: Thu May 09 13:57:58 UTC 2002 + Serial Number (hex): 01dcdb63d4c99f31b816f92cf5b1088e + Revoked at: Thu Apr 18 17:46:14 UTC 2002 + Serial Number (hex): 021aa6af9471f0076ef117e4d41782db + Revoked at: Fri Jul 19 21:28:31 UTC 2002 + Serial Number (hex): 024ce89dfd5f774d4bf5798bb10867ac + Revoked at: Tue Feb 12 06:16:50 UTC 2002 + Serial Number (hex): 0259ae6c4c21f1594987b095f965f320 + Revoked at: Thu Jun 19 08:04:47 UTC 2003 + Serial Number (hex): 033c410e2f425c322cb135fee76197a5 + Revoked at: Wed Apr 24 19:47:02 UTC 2002 + Serial Number (hex): 034e68fa8bb28eb972ea72e53b15ac8b + Revoked at: Thu Sep 26 21:51:51 UTC 2002 + Serial Number (hex): 03c9a8e348b05fcf08eeb993f9e9af0c + Revoked at: Thu Apr 18 13:49:22 UTC 2002 + Serial Number (hex): 049b236a375c06980a31c886dc3a95cc + Revoked at: Tue Oct 01 22:10:56 UTC 2002 + Serial Number (hex): 0608bac7acf85a7ca1f42585bb4e8c4f + Revoked at: Fri Jan 03 07:57:14 UTC 2003 + Serial Number (hex): 0766224a4a9dff6eb5110ba994fc6820 + Revoked at: Thu Aug 22 01:40:12 UTC 2002 + Serial Number (hex): 078fa14db5fc0cc64272883776294431 + Revoked at: Fri Mar 15 20:19:49 UTC 2002 + Serial Number (hex): 07b9d9421981c4fd494f72cef2f86d76 + Revoked at: Fri Feb 15 15:37:19 UTC 2002 + Serial Number (hex): 086ef96c7fbfbcc88670623fe9c42f2b + Revoked at: Thu Nov 28 00:28:14 UTC 2002 + Serial Number (hex): 0908e4aaf52d2bc0159e008b3f9793f9 + Revoked at: Wed Feb 12 22:00:23 UTC 2003 + Serial Number (hex): 09130a4f0f88e55005c35ff4ff1539dd + Revoked at: Wed Mar 06 08:11:30 UTC 2002 + Serial Number (hex): 098ddd37dae784039d9896f8883a55ca + Revoked at: Thu Feb 21 23:35:26 UTC 2002 + Serial Number (hex): 0a350cd7f453e6c14ef22ad3cef87ce7 + Revoked at: Fri Aug 02 22:24:28 UTC 2002 + Serial Number (hex): 0b9cb8f8fb3538f291fda1e9694ab124 + Revoked at: Tue Apr 08 01:02:22 UTC 2003 + Serial Number (hex): 0c2f7f3215e02f74fa052267bc8a2dd0 + Revoked at: Tue Feb 26 19:07:54 UTC 2002 + Serial Number (hex): 0c325b7832c67cd8dd2591224d840a94 + Revoked at: Mon Mar 18 12:39:03 UTC 2002 + Serial Number (hex): 0d7636b91c72b79ddfa53582c5a8f7bb + Revoked at: Tue Aug 27 21:42:11 UTC 2002 + Serial Number (hex): 0f28799856b8a55eeb795f1bed0b8676 + Revoked at: Wed Mar 13 01:10:47 UTC 2002 + Serial Number (hex): 0f803c24f4622724be6a749c188e4b3b + Revoked at: Wed Nov 20 17:11:35 UTC 2002 + Serial Number (hex): 0ff2a78c809cbe2fc8a9ebfe94865a5c + Revoked at: Thu Jun 20 19:58:45 UTC 2002 + Serial Number (hex): 1045133545f3c6028d8d18b1c40a7a18 + Revoked at: Fri Apr 26 17:32:59 UTC 2002 + Serial Number (hex): 1079b1711b269892081e3ce48b2937f9 + Revoked at: Thu Mar 28 16:32:55 UTC 2002 + Serial Number (hex): 11388077cb6be5d6a7f299a1c8e94025 + Revoked at: Fri Apr 19 12:24:17 UTC 2002 + Serial Number (hex): 117ac382fe74361121d6928609dfe6f3 + Revoked at: Tue Feb 19 15:11:36 UTC 2002 + Serial Number (hex): 11ab8e21287f6df2c1c8403ea5de98d3 + Revoked at: Thu May 02 18:44:31 UTC 2002 + Serial Number (hex): 123c38ae3f64533af7bc6c27e29c6575 + Revoked at: Wed Feb 13 23:08:59 UTC 2002 + Serial Number (hex): 1288b66c9bcfe75092d287638fb7a6e3 + Revoked at: Tue Jul 02 20:55:03 UTC 2002 + Serial Number (hex): 12954eb68f3a196a16734f6e15baa5e7 + Revoked at: Mon Jun 17 18:56:01 UTC 2002 + Serial Number (hex): 13370b418c31431c27aae1830f9921cd + Revoked at: Mon Jul 22 12:17:16 UTC 2002 + Serial Number (hex): 147a290a0938f45328336f3707231210 + Revoked at: Fri Feb 22 02:00:14 UTC 2002 + Serial Number (hex): 1504811ee26ff0d8dd12550566516e1a + Revoked at: Wed Mar 13 10:53:08 UTC 2002 + Serial Number (hex): 15300d8abd0e890e664f4993a28fbc2e + Revoked at: Thu Apr 04 06:42:23 UTC 2002 + Serial Number (hex): 16be64d64f90f4f72bc8ca675c8213e8 + Revoked at: Thu Jun 06 19:09:07 UTC 2002 + Serial Number (hex): 18519ce4486206feb82d93b7c9c91b4e + Revoked at: Wed Apr 17 05:00:44 UTC 2002 + Serial Number (hex): 1982db397400383659f6ccc1238d40e9 + Revoked at: Wed Mar 06 07:54:54 UTC 2002 + Serial Number (hex): 1b5190f73724399c9254cd424637996a + Revoked at: Tue Jan 30 00:00:00 UTC 2001 + Serial Number (hex): 1be4b2bbb6745d6b8b04b6a01b35eb29 + Revoked at: Wed Sep 25 20:14:56 UTC 2002 + Serial Number (hex): 1c1dd52af6aafdbb47c27336cf53bd81 + Revoked at: Wed Feb 13 19:03:42 UTC 2002 + Serial Number (hex): 1cb05a1ffda698f646f932109eef528e + Revoked at: Thu Jun 27 13:03:22 UTC 2002 + Serial Number (hex): 1d01fca7ddb40c64bd6545e6bf1c7e90 + Revoked at: Thu Feb 21 04:20:06 UTC 2002 + Serial Number (hex): 1e4dc9c66e57da8a079770faee9cc558 + Revoked at: Tue Feb 19 22:34:21 UTC 2002 + Serial Number (hex): 1ebb9b2861507f1230fb02b5e1b07e9d + Revoked at: Wed Mar 06 00:04:20 UTC 2002 + Serial Number (hex): 1f5a64c9a5518ce22d5083c24c7ce785 + Revoked at: Sat Aug 24 06:31:28 UTC 2002 + Serial Number (hex): 1fc24ed0ac52d339186dd00f23d74572 + Revoked at: Thu Feb 28 19:15:42 UTC 2002 + Serial Number (hex): 24607a8e0e86a48868afd90c6bbaff + Revoked at: Thu Feb 28 05:18:24 UTC 2002 + Serial Number (hex): 204173bb72886e4b1cb6700267aa3b3d + Revoked at: Tue Sep 03 17:06:21 UTC 2002 + Serial Number (hex): 206e0ddc8ca4acf708775c80f9a36892 + Revoked at: Wed Apr 10 20:57:16 UTC 2002 + Serial Number (hex): 21e46b984791e602dfb245bc3137a07c + Revoked at: Fri Mar 08 23:23:13 UTC 2002 + Serial Number (hex): 2200957079f99c3491bb84b991de2255 + Revoked at: Wed Feb 13 06:59:39 UTC 2002 + Serial Number (hex): 22f9674fcd29c6dcc8226ee90aa1485a + Revoked at: Wed Apr 03 00:43:26 UTC 2002 + Serial Number (hex): 24a3a7d0b81d1cf7e61f6ebac99859ed + Revoked at: Thu Jul 24 20:58:02 UTC 2003 + Serial Number (hex): 24ef89a1304f5163fedbdb646e4c5a81 + Revoked at: Wed Jul 03 09:21:17 UTC 2002 + Serial Number (hex): 2508e5acdd6f7444511af5dbf8ba25e0 + Revoked at: Tue Apr 09 04:16:22 UTC 2002 + Serial Number (hex): 2581e8186088bc1ae91484edd462f547 + Revoked at: Fri Aug 23 01:57:19 UTC 2002 + Serial Number (hex): 26e55cab16ec6138492cd2b14889d547 + Revoked at: Wed Mar 13 18:00:38 UTC 2002 + Serial Number (hex): 27beda7f4f1f6c7609c09aafd468e216 + Revoked at: Fri May 10 18:32:30 UTC 2002 + Serial Number (hex): 2889d0b3b5c456369b3e811a2156aa42 + Revoked at: Mon Nov 04 11:03:08 UTC 2002 + Serial Number (hex): 28ab9306b11e05e0e12575c774cb55a6 + Revoked at: Fri Jan 24 19:48:23 UTC 2003 + Serial Number (hex): 29e93b448dc34b8017dae41c43968359 + Revoked at: Fri Jun 07 21:43:39 UTC 2002 + Serial Number (hex): 2a08642b48e217896a0cf97e10668fe7 + Revoked at: Mon Aug 19 18:35:29 UTC 2002 + Serial Number (hex): 2a44ee915de3a52b09f35659e08f2522 + Revoked at: Thu Feb 21 19:31:24 UTC 2002 + Serial Number (hex): 2a8b4ea5b606c8483b0e711e6bf416c1 + Revoked at: Tue Apr 30 09:21:18 UTC 2002 + Serial Number (hex): 2b03fc2fc28e38296fa10fe9471b35d7 + Revoked at: Thu Nov 14 20:18:33 UTC 2002 + Serial Number (hex): 2c48f7d6d571c0d1bd6a00651d2da9dd + Revoked at: Wed Mar 06 17:20:43 UTC 2002 + Serial Number (hex): 2cbf841de4583279321037ded794ff85 + Revoked at: Fri Feb 22 19:02:25 UTC 2002 + Serial Number (hex): 2d03543554452c6d39f01b7468decf93 + Revoked at: Mon Sep 23 13:23:37 UTC 2002 + Serial Number (hex): 2d2494341992b1f2379d6ec53593ddf0 + Revoked at: Fri Mar 15 17:17:27 UTC 2002 + Serial Number (hex): 2d4724618791ba2ef2f79221f31b8b1e + Revoked at: Tue May 14 23:08:22 UTC 2002 + Serial Number (hex): 2d84c2b101a13a6fb03013765a69ec41 + Revoked at: Mon Jul 15 17:29:23 UTC 2002 + Serial Number (hex): 2dd526c3cd01cefd67b808ac5a70c434 + Revoked at: Wed Feb 27 04:46:14 UTC 2002 + Serial Number (hex): 2e2b0a944df1a437b7a39b4b9626a8e3 + Revoked at: Thu Jan 09 06:28:28 UTC 2003 + Serial Number (hex): 2e3130c12e1631d92b0a70ca3f317362 + Revoked at: Wed Jan 29 01:49:27 UTC 2003 + Serial Number (hex): 2ebd6ddfce206fe7a8f4f3259cc3c112 + Revoked at: Fri Sep 20 13:54:42 UTC 2002 + Serial Number (hex): 2f561622ba87d5fdffe6b0dd3c08262c + Revoked at: Wed Mar 13 17:53:11 UTC 2002 + Serial Number (hex): 303e777beccb892c15557f20f233c11e + Revoked at: Thu Feb 21 23:50:49 UTC 2002 + Serial Number (hex): 30596caa5fd3ac50862cc4fa3c4850d1 + Revoked at: Thu Feb 21 04:19:35 UTC 2002 + Serial Number (hex): 30ce9af1fa17faf54cbc528af4262b7b + Revoked at: Fri Mar 01 19:12:39 UTC 2002 + Serial Number (hex): 31164a6a2e6d344dd240f05f47e65b47 + Revoked at: Tue Feb 12 17:38:52 UTC 2002 + Serial Number (hex): 31db975b06630bd8fe06b3f5f9640a59 + Revoked at: Tue Feb 12 15:59:23 UTC 2002 + Serial Number (hex): 32bceb0cca65063fa4d54a56467c2209 + Revoked at: Fri Aug 16 07:33:55 UTC 2002 + Serial Number (hex): 3317efe189ec1125158f3b677a640b50 + Revoked at: Wed Sep 18 17:03:46 UTC 2002 + Serial Number (hex): 3424a0d20061ebd39aa72a66b4822377 + Revoked at: Fri Mar 15 22:43:39 UTC 2002 + Serial Number (hex): 34a81667a51ba331115e26c83f2138be + Revoked at: Thu Mar 21 21:16:21 UTC 2002 + Serial Number (hex): 363abe055552934f325f3063c0d450df + Revoked at: Fri Mar 08 11:46:14 UTC 2002 + Serial Number (hex): 3719cca59d850556e163424b0d3cbfd6 + Revoked at: Wed Jan 08 18:58:24 UTC 2003 + Serial Number (hex): 372ffd2bec4d943551f4072af50b97c4 + Revoked at: Wed Feb 13 19:18:01 UTC 2002 + Serial Number (hex): 3783f51e7ef45fad1f0c5586300254c1 + Revoked at: Wed Jan 08 20:03:44 UTC 2003 + Serial Number (hex): 38323e502b369301320a598cceada0eb + Revoked at: Tue Apr 30 21:24:08 UTC 2002 + Serial Number (hex): 3a62d864d385d5611d9d3f6125e93a1d + Revoked at: Mon Jun 17 15:19:16 UTC 2002 + Serial Number (hex): 3a9736b126147350a3cc3fd03b8399c9 + Revoked at: Wed Sep 11 03:29:30 UTC 2002 + Serial Number (hex): 3b873e20be97ffa76b2b5fff9a7f4c95 + Revoked at: Wed Jul 03 00:31:47 UTC 2002 + Serial Number (hex): 3bbae5f22399c6d7aee2980da4135cd4 + Revoked at: Fri May 24 19:28:45 UTC 2002 + Serial Number (hex): 3bc27cf0bdd29a6f97dd76bca96c450d + Revoked at: Fri Mar 08 10:42:03 UTC 2002 + Serial Number (hex): 3bc5da41647a378e9f7f1f9b250ab4da + Revoked at: Wed Mar 06 13:24:48 UTC 2002 + Serial Number (hex): 3c1bf19a48b0b8a045d58f0f5790c2cd + Revoked at: Mon Mar 18 06:43:23 UTC 2002 + Serial Number (hex): 3d154880b4fe517eed46ae51fd4773de + Revoked at: Tue Aug 27 09:20:08 UTC 2002 + Serial Number (hex): 3d614e87ea3902f31e3e565c0e3ba7e3 + Revoked at: Tue Oct 29 19:54:12 UTC 2002 + Serial Number (hex): 3ddd619282696b01790eef9612a37680 + Revoked at: Wed May 01 22:24:16 UTC 2002 + Serial Number (hex): 3e0e147155f348091b563b917a7decc9 + Revoked at: Mon Mar 11 21:45:51 UTC 2002 + Serial Number (hex): 3e23001f9bbde8b1f00667a670422ec3 + Revoked at: Thu Aug 08 12:21:32 UTC 2002 + Serial Number (hex): 41911a8cde2db3eb791dc79999be0c0e + Revoked at: Mon Feb 25 19:18:54 UTC 2002 + Serial Number (hex): 41a8d79c105e5aac167f93aad1833455 + Revoked at: Wed Apr 10 12:53:40 UTC 2002 + Serial Number (hex): 428896b07b28a2fa2f917358a71e537c + Revoked at: Sat Mar 01 09:43:31 UTC 2003 + Serial Number (hex): 42932fd254d394d0416a2e338b81b43c + Revoked at: Thu Aug 08 00:48:46 UTC 2002 + Serial Number (hex): 4424ddba85fd3eb2b81774fd9d5c0cbd + Revoked at: Sat Sep 21 16:09:12 UTC 2002 + Serial Number (hex): 4502187d399cb914fb103796f4c1dd2f + Revoked at: Mon Feb 11 11:11:06 UTC 2002 + Serial Number (hex): 4516bc310b4e870acce3d51416331183 + Revoked at: Tue Apr 02 02:20:17 UTC 2002 + Serial Number (hex): 461636de3fef8cfa675312cc7663d6dd + Revoked at: Thu Feb 14 16:59:43 UTC 2002 + Serial Number (hex): 465f85a3a4983c4063f61cf7c2befd0e + Revoked at: Tue Apr 09 15:30:05 UTC 2002 + Serial Number (hex): 4720c2d885855439cdf210f0a7885275 + Revoked at: Tue Sep 10 22:25:27 UTC 2002 + Serial Number (hex): 47426ea2abc5335d50440b889784594c + Revoked at: Tue Mar 05 14:05:19 UTC 2002 + Serial Number (hex): 49203fa86e81c83b2605f4a79b5a8160 + Revoked at: Thu Jul 11 17:50:48 UTC 2002 + Serial Number (hex): 498b6f05fbcbf45aaf0947b104c5e351 + Revoked at: Fri Apr 12 17:48:08 UTC 2002 + Serial Number (hex): 49b2c37abf752ab313ae53c6cb455a3e + Revoked at: Fri Nov 15 21:35:37 UTC 2002 + Serial Number (hex): 4b232c0ade7a36ebfe893ac7fd274600 + Revoked at: Thu Mar 01 18:04:00 UTC 2001 + Serial Number (hex): 4bcac3ab0ac5cd90a2be43fedd06e145 + Revoked at: Sat Jul 20 17:32:12 UTC 2002 + Serial Number (hex): 4c00cc73d57461629252ffde5bc155bd + Revoked at: Mon Aug 26 14:01:51 UTC 2002 + Serial Number (hex): 4c59c1c3564027d4220e37f65f2650c5 + Revoked at: Tue Feb 26 09:57:44 UTC 2002 + Serial Number (hex): 4cca125946f92bc67d3378402c3b7a0c + Revoked at: Thu May 30 20:24:58 UTC 2002 + Serial Number (hex): 4d5751359be5412c6966c721ecc62932 + Revoked at: Thu Sep 26 04:35:56 UTC 2002 + Serial Number (hex): 4e85ab9e1754e7420f8ca16596885354 + Revoked at: Thu Mar 28 00:18:53 UTC 2002 + Serial Number (hex): 503dedac2186665da51a13eefca70bc6 + Revoked at: Mon Feb 18 13:55:49 UTC 2002 + Serial Number (hex): 50a3819ccb22e40f80cb7aec35f87382 + Revoked at: Sat Oct 05 16:59:59 UTC 2002 + Serial Number (hex): 5128732617cf106eeb4a0374a335e560 + Revoked at: Fri Jun 13 10:09:29 UTC 2003 + Serial Number (hex): 5152ffdc696b1f1fff7cb17f0390a96b + Revoked at: Fri Jun 14 16:04:02 UTC 2002 + Serial Number (hex): 52d953699fecabdd5d2a2faa5786b91f + Revoked at: Fri Aug 30 23:46:43 UTC 2002 + Serial Number (hex): 5446a88f692e02f4b4b269dabd4002e0 + Revoked at: Tue Mar 26 01:56:58 UTC 2002 + Serial Number (hex): 54b58173b57c6dba5c990dff0a4deeef + Revoked at: Wed Jul 24 16:39:51 UTC 2002 + Serial Number (hex): 579141209f576f42534e19cce4c8524a + Revoked at: Tue May 28 23:24:00 UTC 2002 + Serial Number (hex): 57c6dca0edbf77dd7e186883570c2a4f + Revoked at: Tue May 21 14:06:11 UTC 2002 + Serial Number (hex): 57ede25be2623f98e1f54d30a40edfdf + Revoked at: Sun Jun 09 01:47:18 UTC 2002 + Serial Number (hex): 5847d9bd831a636fb7637f4a565e8e4d + Revoked at: Mon Apr 15 17:23:03 UTC 2002 + Serial Number (hex): 58c6629980e60c4f008b253893e61810 + Revoked at: Thu Jun 06 07:09:47 UTC 2002 + Serial Number (hex): 5952090e99f3a9e52feda9b2d861e7ea + Revoked at: Wed Jun 26 14:18:36 UTC 2002 + Serial Number (hex): 595caafbbefb73d1f4abc8e33d0104dd + Revoked at: Fri Sep 27 22:20:10 UTC 2002 + Serial Number (hex): 599759a73db0d97eff2acb31cc66f385 + Revoked at: Thu Aug 22 00:55:58 UTC 2002 + Serial Number (hex): 59dd453661d93ee9ffbdad2ebf9a5d98 + Revoked at: Tue Jul 02 20:40:03 UTC 2002 + Serial Number (hex): 5a4b4818a92a9cd5912f4fa4f8b31b4d + Revoked at: Thu Apr 04 23:33:12 UTC 2002 + Serial Number (hex): 5adf320d64eb9bd211e25850be930c65 + Revoked at: Fri Apr 05 17:07:21 UTC 2002 + Serial Number (hex): 5b23bfbbc4b3f402e9cb109eeea53fcd + Revoked at: Fri Mar 29 16:26:59 UTC 2002 + Serial Number (hex): 5b51bc38bfaf9f27a9c7ed25d08dec2e + Revoked at: Fri Mar 08 10:25:20 UTC 2002 + Serial Number (hex): 5c297f4661dd47908291bd79226a9838 + Revoked at: Fri Nov 08 15:54:26 UTC 2002 + Serial Number (hex): 5e38f75b00f1ef1cb6ffd55c74fb955d + Revoked at: Sat Nov 23 01:49:29 UTC 2002 + Serial Number (hex): 5e88beb6b4b2aab092f3f6c2bc7221ca + Revoked at: Thu Feb 14 07:12:10 UTC 2002 + Serial Number (hex): 5f59a0bbaf26c8c1b4043abbfc4c75a5 + Revoked at: Tue Apr 16 15:51:23 UTC 2002 + Serial Number (hex): 5f81080fa0cd447323588e499fb50835 + Revoked at: Wed Jun 19 14:17:43 UTC 2002 + Serial Number (hex): 5fba1f8fb22356ddbca672b09913b5b2 + Revoked at: Mon May 06 08:47:10 UTC 2002 + Serial Number (hex): 6009d5b76bf1164afad0a54c8edd02cb + Revoked at: Mon Jun 17 16:12:29 UTC 2002 + Serial Number (hex): 601d19d855d514d5ff030dad5c074ce7 + Revoked at: Mon Jul 15 23:01:11 UTC 2002 + Serial Number (hex): 602467c30bad538fce8905b587af7ce4 + Revoked at: Tue Oct 08 20:38:52 UTC 2002 + Serial Number (hex): 605cf33d2223393fe62109fddd77c28f + Revoked at: Tue Jul 02 17:27:58 UTC 2002 + Serial Number (hex): 60a25ebf0783a31856184863a7fdc763 + Revoked at: Thu May 09 19:52:27 UTC 2002 + Serial Number (hex): 60c2ada80ef99a665da275045e5c71c2 + Revoked at: Tue Nov 12 13:36:17 UTC 2002 + Serial Number (hex): 60db1d3734f6029d681b70f113002f80 + Revoked at: Thu Feb 28 09:55:33 UTC 2002 + Serial Number (hex): 61f038eabc170d11d289ee875057a0ed + Revoked at: Wed Jan 29 17:41:44 UTC 2003 + Serial Number (hex): 61fa9beb58f9e5a59e79a83d79ac3597 + Revoked at: Thu Oct 10 20:16:37 UTC 2002 + Serial Number (hex): 6244572441c0893f5bd2bde72f7541fa + Revoked at: Thu Aug 08 18:30:15 UTC 2002 + Serial Number (hex): 62513a2d8d823965fef68ac84e2991fd + Revoked at: Thu Sep 26 00:54:34 UTC 2002 + Serial Number (hex): 62524949f251677ae2eec90c23113db2 + Revoked at: Wed Apr 17 18:06:55 UTC 2002 + Serial Number (hex): 6352bddcb7bfbb906c82eeb5a39fd8c9 + Revoked at: Thu Feb 21 16:30:58 UTC 2002 + Serial Number (hex): 635e6be9ea3dd63bc34d09c313dbddbc + Revoked at: Mon Jun 02 14:47:36 UTC 2003 + Serial Number (hex): 63da0bd5131e988332a23a4bdf8c8986 + Revoked at: Wed Sep 25 08:08:13 UTC 2002 + Serial Number (hex): 64fef01a3aed89f8b534d31e0fce0dce + Revoked at: Mon Apr 08 21:06:24 UTC 2002 + Serial Number (hex): 65a749d837224b4ae5cfa3fed63bc067 + Revoked at: Wed Dec 04 17:14:16 UTC 2002 + Serial Number (hex): 65c99e4776980d9e57e4aec51c3ef2e7 + Revoked at: Mon Sep 23 14:08:18 UTC 2002 + Serial Number (hex): 65e07bc574e4ab014fa35ed6ebcdd569 + Revoked at: Wed Apr 03 17:24:06 UTC 2002 + Serial Number (hex): 6651b7e562b7e331c0eef2e8fe846a4e + Revoked at: Fri Sep 06 13:23:33 UTC 2002 + Serial Number (hex): 677c76ac665a6b415c078302d6d963c0 + Revoked at: Mon Feb 18 13:55:10 UTC 2002 + Serial Number (hex): 6867deb3aa20cf4b34a5e0c8c0c5c9a4 + Revoked at: Tue Mar 12 01:09:26 UTC 2002 + Serial Number (hex): 6923345d7504dc99bdce8d21b46b10fc + Revoked at: Tue Sep 03 13:19:20 UTC 2002 + Serial Number (hex): 699f2031d13ffa1e702e37d59a8c0a16 + Revoked at: Wed Feb 20 09:01:35 UTC 2002 + Serial Number (hex): 6a94d625d067e44d792bc6d5c94a7fc6 + Revoked at: Mon Feb 11 19:15:40 UTC 2002 + Serial Number (hex): 6b5ca4455be9cfe73b29b132d7a1043d + Revoked at: Fri Oct 18 15:43:48 UTC 2002 + Serial Number (hex): 6bc07d4f18feb707e8569a6c400f3653 + Revoked at: Thu Sep 26 21:01:26 UTC 2002 + Serial Number (hex): 6be1dd363bece0a9f5927e33bfed4846 + Revoked at: Wed Apr 17 14:42:31 UTC 2002 + Serial Number (hex): 6caceb372b6a42e2cac8d2dab8b9826a + Revoked at: Fri Mar 01 14:28:34 UTC 2002 + Serial Number (hex): 6d981bb476d16259a13ceed221d8df4c + Revoked at: Tue May 14 17:56:12 UTC 2002 + Serial Number (hex): 6ddd0b5a3c9cabd33bd916ec6974fb9a + Revoked at: Fri Feb 22 12:26:38 UTC 2002 + Serial Number (hex): 6edefd8936aea0418d5cec2e9031f89a + Revoked at: Mon Apr 08 22:36:12 UTC 2002 + Serial Number (hex): 6fb26b4c48cafee6699a0663c43296c1 + Revoked at: Fri Jan 17 17:27:25 UTC 2003 + Serial Number (hex): 700be1ee4489515265272c2d347ce08d + Revoked at: Wed Sep 18 00:36:00 UTC 2002 + Serial Number (hex): 702dc0a6b8a5a0da4859b3963480c825 + Revoked at: Fri Aug 30 14:01:01 UTC 2002 + Serial Number (hex): 70e1d992cd764263516ecd8c09291748 + Revoked at: Fri May 17 11:10:41 UTC 2002 + Serial Number (hex): 7238e4916a7a8af3bff0d8e0a4708da8 + Revoked at: Mon Mar 04 19:06:40 UTC 2002 + Serial Number (hex): 7297a1d89c3b00c2c4262d062b29764e + Revoked at: Tue Jun 18 15:09:47 UTC 2002 + Serial Number (hex): 72d2239bf233e97ccfb6a941d50e5c39 + Revoked at: Wed Apr 09 17:02:29 UTC 2003 + Serial Number (hex): 745c9cf9aac3fa943c253965449513f1 + Revoked at: Tue Jul 09 23:53:20 UTC 2002 + Serial Number (hex): 74987f68ad179293f265940c33e6bd49 + Revoked at: Tue Apr 23 07:44:18 UTC 2002 + Serial Number (hex): 750e40ff97f047edf556c7084eb1abfd + Revoked at: Wed Jan 31 00:00:00 UTC 2001 + Serial Number (hex): 7526515965b733325fe6cdaa306578e0 + Revoked at: Thu May 16 18:24:56 UTC 2002 + Serial Number (hex): 76136fbfc8ded9363039cc858f002f19 + Revoked at: Thu Mar 14 09:48:24 UTC 2002 + Serial Number (hex): 7652788944fac1b3d7c94cb33295af03 + Revoked at: Thu Nov 14 19:15:43 UTC 2002 + Serial Number (hex): 775d4c40d98dfac89a248d4710904a0a + Revoked at: Thu May 09 01:13:02 UTC 2002 + Serial Number (hex): 77e65a4359935d5f7a75801acdadc222 + Revoked at: Thu Aug 31 18:22:50 UTC 2000 + Serial Number (hex): 7819f1b68783afdf608d9a640dece051 + Revoked at: Mon May 20 17:28:16 UTC 2002 + Serial Number (hex): 7864658f8279dba51c47101d72236652 + Revoked at: Fri Jan 24 18:45:47 UTC 2003 + Serial Number (hex): 7864e1c0698f3ac78b23e329b1eea941 + Revoked at: Wed May 08 17:46:26 UTC 2002 + Serial Number (hex): 7879896112676414fd08ccb30555c067 + Revoked at: Tue Apr 02 13:18:53 UTC 2002 + Serial Number (hex): 788a562208ce42eed1a3791014fd3a36 + Revoked at: Wed Feb 05 16:53:29 UTC 2003 + Serial Number (hex): 7aa06cba3302ac5ff50bb67761ef7709 + Revoked at: Thu Feb 28 17:55:11 UTC 2002 + Serial Number (hex): 7b9133666cf0d4e39df688299bf7d0ea + Revoked at: Wed Nov 20 22:16:49 UTC 2002 + Serial Number (hex): 7ceff20a08ae10571ededcd66376b05d + Revoked at: Tue Feb 26 10:22:30 UTC 2002 + Serial Number (hex): 7f76ef69ebf53f532eaaa5eddec0b406 + Revoked at: Wed May 01 03:33:07 UTC 2002 + Serial Number (hex): 7fcb6b9991d076e13c0e6715c4d44d7b + Revoked at: Wed Apr 10 21:18:40 UTC 2002 + Signature Algorithm: RSA-SHA1 + Signature: + 99:30:0e:fe:e6:33:43:cd:43:56:a9:ee:a6:a4:6e:f2 + 1e:48:31:73:70:8d:08:dd:d9:44:33:76:3b:d3:06:6f + ed:34:36:35:3a:b0:ea:c2:31:f3:0b:34:b2:02:ed:be + e2:76:60:33:91:51:e7:fe:fa:70:04:69:1f:43:ca:70 + dd:65:e0:ee:03:c7:96:2b:fc:d6:7e:e2:e3:70:7a:15 + 66:e8:9a:8b:d2:19:b3:e5:45:54:e9:7f:98:04:d6:b2 + 3c:21:66:d8:aa:95:d3:ae:72:ea:d6:b6:72:f0:41:08 + 6d:5c:cb:8c:90:90:ba:54:42:39:b0:6c:f5:06:e7:d0 + +-----BEGIN X509 CRL----- +MIId4DCCHUkwDQYJKoZIhvcNAQEFBQAwYTERMA8GA1UEBxMISW50ZXJuZXQxFzAV +BgNVBAoTDlZlcmlTaWduLCBJbmMuMTMwMQYDVQQLEypWZXJpU2lnbiBDb21tZXJj +aWFsIFNvZnR3YXJlIFB1Ymxpc2hlcnMgQ0EXDTE3MDMwODA5MDAxMVoXDTE3MDQw +NzA5MDAxMVowghy1MCECEAEiuLLzdkLMSHG2Eb/Rz9oXDTAyMDQxNTE1NDAyNFow +IQIQAYOT+5beHYlOw0ec4WATYxcNMDIwNTA5MTM1NzU4WjAhAhAB3Ntj1MmfMbgW ++Sz1sQiOFw0wMjA0MTgxNzQ2MTRaMCECEAIapq+UcfAHbvEX5NQXgtsXDTAyMDcx +OTIxMjgzMVowIQIQAkzonf1fd01L9XmLsQhnrBcNMDIwMjEyMDYxNjUwWjAhAhAC +Wa5sTCHxWUmHsJX5ZfMgFw0wMzA2MTkwODA0NDdaMCECEAM8QQ4vQlwyLLE1/udh +l6UXDTAyMDQyNDE5NDcwMlowIQIQA05o+ouyjrly6nLlOxWsixcNMDIwOTI2MjE1 +MTUxWjAhAhADyajjSLBfzwjuuZP56a8MFw0wMjA0MTgxMzQ5MjJaMCECEASbI2o3 +XAaYCjHIhtw6lcwXDTAyMTAwMTIyMTA1NlowIQIQBgi6x6z4Wnyh9CWFu06MTxcN +MDMwMTAzMDc1NzE0WjAhAhAHZiJKSp3/brURC6mU/GggFw0wMjA4MjIwMTQwMTJa +MCECEAePoU21/AzGQnKIN3YpRDEXDTAyMDMxNTIwMTk0OVowIQIQB7nZQhmBxP1J +T3LO8vhtdhcNMDIwMjE1MTUzNzE5WjAhAhAIbvlsf7+8yIZwYj/pxC8rFw0wMjEx +MjgwMDI4MTRaMCECEAkI5Kr1LSvAFZ4Aiz+Xk/kXDTAzMDIxMjIyMDAyM1owIQIQ +CRMKTw+I5VAFw1/0/xU53RcNMDIwMzA2MDgxMTMwWjAhAhAJjd032ueEA52YlviI +OlXKFw0wMjAyMjEyMzM1MjZaMCECEAo1DNf0U+bBTvIq0874fOcXDTAyMDgwMjIy +MjQyOFowIQIQC5y4+Ps1OPKR/aHpaUqxJBcNMDMwNDA4MDEwMjIyWjAhAhAML38y +FeAvdPoFIme8ii3QFw0wMjAyMjYxOTA3NTRaMCECEAwyW3gyxnzY3SWRIk2ECpQX +DTAyMDMxODEyMzkwM1owIQIQDXY2uRxyt53fpTWCxaj3uxcNMDIwODI3MjE0MjEx +WjAhAhAPKHmYVrilXut5XxvtC4Z2Fw0wMjAzMTMwMTEwNDdaMCECEA+APCT0Yick +vmp0nBiOSzsXDTAyMTEyMDE3MTEzNVowIQIQD/KnjICcvi/Iqev+lIZaXBcNMDIw +NjIwMTk1ODQ1WjAhAhAQRRM1RfPGAo2NGLHECnoYFw0wMjA0MjYxNzMyNTlaMCEC +EBB5sXEbJpiSCB485IspN/kXDTAyMDMyODE2MzI1NVowIQIQETiAd8tr5dan8pmh +yOlAJRcNMDIwNDE5MTIyNDE3WjAhAhAResOC/nQ2ESHWkoYJ3+bzFw0wMjAyMTkx +NTExMzZaMCECEBGrjiEof23ywchAPqXemNMXDTAyMDUwMjE4NDQzMVowIQIQEjw4 +rj9kUzr3vGwn4pxldRcNMDIwMjEzMjMwODU5WjAhAhASiLZsm8/nUJLSh2OPt6bj +Fw0wMjA3MDIyMDU1MDNaMCECEBKVTraPOhlqFnNPbhW6pecXDTAyMDYxNzE4NTYw +MVowIQIQEzcLQYwxQxwnquGDD5khzRcNMDIwNzIyMTIxNzE2WjAhAhAUeikKCTj0 +UygzbzcHIxIQFw0wMjAyMjIwMjAwMTRaMCECEBUEgR7ib/DY3RJVBWZRbhoXDTAy +MDMxMzEwNTMwOFowIQIQFTANir0OiQ5mT0mToo+8LhcNMDIwNDA0MDY0MjIzWjAh +AhAWvmTWT5D09yvIymdcghPoFw0wMjA2MDYxOTA5MDdaMCECEBhRnORIYgb+uC2T +t8nJG04XDTAyMDQxNzA1MDA0NFowIQIQGYLbOXQAODZZ9szBI41A6RcNMDIwMzA2 +MDc1NDU0WjAhAhAbUZD3NyQ5nJJUzUJGN5lqFw0wMTAxMzAwMDAwMDBaMCECEBvk +sru2dF1riwS2oBs16ykXDTAyMDkyNTIwMTQ1NlowIQIQHB3VKvaq/btHwnM2z1O9 +gRcNMDIwMjEzMTkwMzQyWjAhAhAcsFof/aaY9kb5MhCe71KOFw0wMjA2MjcxMzAz +MjJaMCECEB0B/KfdtAxkvWVF5r8cfpAXDTAyMDIyMTA0MjAwNlowIQIQHk3Jxm5X +2ooHl3D67pzFWBcNMDIwMjE5MjIzNDIxWjAhAhAeu5soYVB/EjD7ArXhsH6dFw0w +MjAzMDYwMDA0MjBaMCECEB9aZMmlUYziLVCDwkx854UXDTAyMDgyNDA2MzEyOFow +IQIQH8JO0KxS0zkYbdAPI9dFchcNMDIwMjI4MTkxNTQyWjAgAg8kYHqODoakiGiv +2Qxruv8XDTAyMDIyODA1MTgyNFowIQIQIEFzu3KIbksctnACZ6o7PRcNMDIwOTAz +MTcwNjIxWjAhAhAgbg3cjKSs9wh3XID5o2iSFw0wMjA0MTAyMDU3MTZaMCECECHk +a5hHkeYC37JFvDE3oHwXDTAyMDMwODIzMjMxM1owIQIQIgCVcHn5nDSRu4S5kd4i +VRcNMDIwMjEzMDY1OTM5WjAhAhAi+WdPzSnG3MgibukKoUhaFw0wMjA0MDMwMDQz +MjZaMCECECSjp9C4HRz35h9uusmYWe0XDTAzMDcyNDIwNTgwMlowIQIQJO+JoTBP +UWP+29tkbkxagRcNMDIwNzAzMDkyMTE3WjAhAhAlCOWs3W90RFEa9dv4uiXgFw0w +MjA0MDkwNDE2MjJaMCECECWB6BhgiLwa6RSE7dRi9UcXDTAyMDgyMzAxNTcxOVow +IQIQJuVcqxbsYThJLNKxSInVRxcNMDIwMzEzMTgwMDM4WjAhAhAnvtp/Tx9sdgnA +mq/UaOIWFw0wMjA1MTAxODMyMzBaMCECECiJ0LO1xFY2mz6BGiFWqkIXDTAyMTEw +NDExMDMwOFowIQIQKKuTBrEeBeDhJXXHdMtVphcNMDMwMTI0MTk0ODIzWjAhAhAp +6TtEjcNLgBfa5BxDloNZFw0wMjA2MDcyMTQzMzlaMCECECoIZCtI4heJagz5fhBm +j+cXDTAyMDgxOTE4MzUyOVowIQIQKkTukV3jpSsJ81ZZ4I8lIhcNMDIwMjIxMTkz +MTI0WjAhAhAqi06ltgbISDsOcR5r9BbBFw0wMjA0MzAwOTIxMThaMCECECsD/C/C +jjgpb6EP6UcbNdcXDTAyMTExNDIwMTgzM1owIQIQLEj31tVxwNG9agBlHS2p3RcN +MDIwMzA2MTcyMDQzWjAhAhAsv4Qd5FgyeTIQN97XlP+FFw0wMjAyMjIxOTAyMjVa +MCECEC0DVDVURSxtOfAbdGjez5MXDTAyMDkyMzEzMjMzN1owIQIQLSSUNBmSsfI3 +nW7FNZPd8BcNMDIwMzE1MTcxNzI3WjAhAhAtRyRhh5G6LvL3kiHzG4seFw0wMjA1 +MTQyMzA4MjJaMCECEC2EwrEBoTpvsDATdlpp7EEXDTAyMDcxNTE3MjkyM1owIQIQ +LdUmw80Bzv1nuAisWnDENBcNMDIwMjI3MDQ0NjE0WjAhAhAuKwqUTfGkN7ejm0uW +JqjjFw0wMzAxMDkwNjI4MjhaMCECEC4xMMEuFjHZKwpwyj8xc2IXDTAzMDEyOTAx +NDkyN1owIQIQLr1t384gb+eo9PMlnMPBEhcNMDIwOTIwMTM1NDQyWjAhAhAvVhYi +uofV/f/msN08CCYsFw0wMjAzMTMxNzUzMTFaMCECEDA+d3vsy4ksFVV/IPIzwR4X +DTAyMDIyMTIzNTA0OVowIQIQMFlsql/TrFCGLMT6PEhQ0RcNMDIwMjIxMDQxOTM1 +WjAhAhAwzprx+hf69Uy8Uor0Jit7Fw0wMjAzMDExOTEyMzlaMCECEDEWSmoubTRN +0kDwX0fmW0cXDTAyMDIxMjE3Mzg1MlowIQIQMduXWwZjC9j+BrP1+WQKWRcNMDIw +MjEyMTU1OTIzWjAhAhAyvOsMymUGP6TVSlZGfCIJFw0wMjA4MTYwNzMzNTVaMCEC +EDMX7+GJ7BElFY87Z3pkC1AXDTAyMDkxODE3MDM0NlowIQIQNCSg0gBh69Oapypm +tIIjdxcNMDIwMzE1MjI0MzM5WjAhAhA0qBZnpRujMRFeJsg/ITi+Fw0wMjAzMjEy +MTE2MjFaMCECEDY6vgVVUpNPMl8wY8DUUN8XDTAyMDMwODExNDYxNFowIQIQNxnM +pZ2FBVbhY0JLDTy/1hcNMDMwMTA4MTg1ODI0WjAhAhA3L/0r7E2UNVH0Byr1C5fE +Fw0wMjAyMTMxOTE4MDFaMCECEDeD9R5+9F+tHwxVhjACVMEXDTAzMDEwODIwMDM0 +NFowIQIQODI+UCs2kwEyClmMzq2g6xcNMDIwNDMwMjEyNDA4WjAhAhA6Ythk04XV +YR2dP2El6TodFw0wMjA2MTcxNTE5MTZaMCECEDqXNrEmFHNQo8w/0DuDmckXDTAy +MDkxMTAzMjkzMFowIQIQO4c+IL6X/6drK1//mn9MlRcNMDIwNzAzMDAzMTQ3WjAh +AhA7uuXyI5nG167imA2kE1zUFw0wMjA1MjQxOTI4NDVaMCECEDvCfPC90ppvl912 +vKlsRQ0XDTAyMDMwODEwNDIwM1owIQIQO8XaQWR6N46ffx+bJQq02hcNMDIwMzA2 +MTMyNDQ4WjAhAhA8G/GaSLC4oEXVjw9XkMLNFw0wMjAzMTgwNjQzMjNaMCECED0V +SIC0/lF+7UauUf1Hc94XDTAyMDgyNzA5MjAwOFowIQIQPWFOh+o5AvMePlZcDjun +4xcNMDIxMDI5MTk1NDEyWjAhAhA93WGSgmlrAXkO75YSo3aAFw0wMjA1MDEyMjI0 +MTZaMCECED4OFHFV80gJG1Y7kXp97MkXDTAyMDMxMTIxNDU1MVowIQIQPiMAH5u9 +6LHwBmemcEIuwxcNMDIwODA4MTIyMTMyWjAhAhBBkRqM3i2z63kdx5mZvgwOFw0w +MjAyMjUxOTE4NTRaMCECEEGo15wQXlqsFn+TqtGDNFUXDTAyMDQxMDEyNTM0MFow +IQIQQoiWsHsoovovkXNYpx5TfBcNMDMwMzAxMDk0MzMxWjAhAhBCky/SVNOU0EFq +LjOLgbQ8Fw0wMjA4MDgwMDQ4NDZaMCECEEQk3bqF/T6yuBd0/Z1cDL0XDTAyMDky +MTE2MDkxMlowIQIQRQIYfTmcuRT7EDeW9MHdLxcNMDIwMjExMTExMTA2WjAhAhBF +FrwxC06HCszj1RQWMxGDFw0wMjA0MDIwMjIwMTdaMCECEEYWNt4/74z6Z1MSzHZj +1t0XDTAyMDIxNDE2NTk0M1owIQIQRl+Fo6SYPEBj9hz3wr79DhcNMDIwNDA5MTUz +MDA1WjAhAhBHIMLYhYVUOc3yEPCniFJ1Fw0wMjA5MTAyMjI1MjdaMCECEEdCbqKr +xTNdUEQLiJeEWUwXDTAyMDMwNTE0MDUxOVowIQIQSSA/qG6ByDsmBfSnm1qBYBcN +MDIwNzExMTc1MDQ4WjAhAhBJi28F+8v0Wq8JR7EExeNRFw0wMjA0MTIxNzQ4MDha +MCECEEmyw3q/dSqzE65TxstFWj4XDTAyMTExNTIxMzUzN1owIQIQSyMsCt56Nuv+ +iTrH/SdGABcNMDEwMzAxMTgwNDAwWjAhAhBLysOrCsXNkKK+Q/7dBuFFFw0wMjA3 +MjAxNzMyMTJaMCECEEwAzHPVdGFiklL/3lvBVb0XDTAyMDgyNjE0MDE1MVowIQIQ +TFnBw1ZAJ9QiDjf2XyZQxRcNMDIwMjI2MDk1NzQ0WjAhAhBMyhJZRvkrxn0zeEAs +O3oMFw0wMjA1MzAyMDI0NThaMCECEE1XUTWb5UEsaWbHIezGKTIXDTAyMDkyNjA0 +MzU1NlowIQIQToWrnhdU50IPjKFllohTVBcNMDIwMzI4MDAxODUzWjAhAhBQPe2s +IYZmXaUaE+78pwvGFw0wMjAyMTgxMzU1NDlaMCECEFCjgZzLIuQPgMt67DX4c4IX +DTAyMTAwNTE2NTk1OVowIQIQUShzJhfPEG7rSgN0ozXlYBcNMDMwNjEzMTAwOTI5 +WjAhAhBRUv/caWsfH/98sX8DkKlrFw0wMjA2MTQxNjA0MDJaMCECEFLZU2mf7Kvd +XSovqleGuR8XDTAyMDgzMDIzNDY0M1owIQIQVEaoj2kuAvS0smnavUAC4BcNMDIw +MzI2MDE1NjU4WjAhAhBUtYFztXxtulyZDf8KTe7vFw0wMjA3MjQxNjM5NTFaMCEC +EFeRQSCfV29CU04ZzOTIUkoXDTAyMDUyODIzMjQwMFowIQIQV8bcoO2/d91+GGiD +VwwqTxcNMDIwNTIxMTQwNjExWjAhAhBX7eJb4mI/mOH1TTCkDt/fFw0wMjA2MDkw +MTQ3MThaMCECEFhH2b2DGmNvt2N/SlZejk0XDTAyMDQxNTE3MjMwM1owIQIQWMZi +mYDmDE8AiyU4k+YYEBcNMDIwNjA2MDcwOTQ3WjAhAhBZUgkOmfOp5S/tqbLYYefq +Fw0wMjA2MjYxNDE4MzZaMCECEFlcqvu++3PR9KvI4z0BBN0XDTAyMDkyNzIyMjAx +MFowIQIQWZdZpz2w2X7/KssxzGbzhRcNMDIwODIyMDA1NTU4WjAhAhBZ3UU2Ydk+ +6f+9rS6/ml2YFw0wMjA3MDIyMDQwMDNaMCECEFpLSBipKpzVkS9PpPizG00XDTAy +MDQwNDIzMzMxMlowIQIQWt8yDWTrm9IR4lhQvpMMZRcNMDIwNDA1MTcwNzIxWjAh +AhBbI7+7xLP0AunLEJ7upT/NFw0wMjAzMjkxNjI2NTlaMCECEFtRvDi/r58nqcft +JdCN7C4XDTAyMDMwODEwMjUyMFowIQIQXCl/RmHdR5CCkb15ImqYOBcNMDIxMTA4 +MTU1NDI2WjAhAhBeOPdbAPHvHLb/1Vx0+5VdFw0wMjExMjMwMTQ5MjlaMCECEF6I +vra0sqqwkvP2wrxyIcoXDTAyMDIxNDA3MTIxMFowIQIQX1mgu68myMG0BDq7/Ex1 +pRcNMDIwNDE2MTU1MTIzWjAhAhBfgQgPoM1EcyNYjkmftQg1Fw0wMjA2MTkxNDE3 +NDNaMCECEF+6H4+yI1bdvKZysJkTtbIXDTAyMDUwNjA4NDcxMFowIQIQYAnVt2vx +Fkr60KVMjt0CyxcNMDIwNjE3MTYxMjI5WjAhAhBgHRnYVdUU1f8DDa1cB0znFw0w +MjA3MTUyMzAxMTFaMCECEGAkZ8MLrVOPzokFtYevfOQXDTAyMTAwODIwMzg1Mlow +IQIQYFzzPSIjOT/mIQn93XfCjxcNMDIwNzAyMTcyNzU4WjAhAhBgol6/B4OjGFYY +SGOn/cdjFw0wMjA1MDkxOTUyMjdaMCECEGDCragO+ZpmXaJ1BF5cccIXDTAyMTEx +MjEzMzYxN1owIQIQYNsdNzT2Ap1oG3DxEwAvgBcNMDIwMjI4MDk1NTMzWjAhAhBh +8DjqvBcNEdKJ7odQV6DtFw0wMzAxMjkxNzQxNDRaMCECEGH6m+tY+eWlnnmoPXms +NZcXDTAyMTAxMDIwMTYzN1owIQIQYkRXJEHAiT9b0r3nL3VB+hcNMDIwODA4MTgz +MDE1WjAhAhBiUTotjYI5Zf72ishOKZH9Fw0wMjA5MjYwMDU0MzRaMCECEGJSSUny +UWd64u7JDCMRPbIXDTAyMDQxNzE4MDY1NVowIQIQY1K93Le/u5Bsgu61o5/YyRcN +MDIwMjIxMTYzMDU4WjAhAhBjXmvp6j3WO8NNCcMT2928Fw0wMzA2MDIxNDQ3MzZa +MCECEGPaC9UTHpiDMqI6S9+MiYYXDTAyMDkyNTA4MDgxM1owIQIQZP7wGjrtifi1 +NNMeD84NzhcNMDIwNDA4MjEwNjI0WjAhAhBlp0nYNyJLSuXPo/7WO8BnFw0wMjEy +MDQxNzE0MTZaMCECEGXJnkd2mA2eV+SuxRw+8ucXDTAyMDkyMzE0MDgxOFowIQIQ +ZeB7xXTkqwFPo17W683VaRcNMDIwNDAzMTcyNDA2WjAhAhBmUbflYrfjMcDu8uj+ +hGpOFw0wMjA5MDYxMzIzMzNaMCECEGd8dqxmWmtBXAeDAtbZY8AXDTAyMDIxODEz +NTUxMFowIQIQaGfes6ogz0s0peDIwMXJpBcNMDIwMzEyMDEwOTI2WjAhAhBpIzRd +dQTcmb3OjSG0axD8Fw0wMjA5MDMxMzE5MjBaMCECEGmfIDHRP/oecC431ZqMChYX +DTAyMDIyMDA5MDEzNVowIQIQapTWJdBn5E15K8bVyUp/xhcNMDIwMjExMTkxNTQw +WjAhAhBrXKRFW+nP5zspsTLXoQQ9Fw0wMjEwMTgxNTQzNDhaMCECEGvAfU8Y/rcH +6FaabEAPNlMXDTAyMDkyNjIxMDEyNlowIQIQa+HdNjvs4Kn1kn4zv+1IRhcNMDIw +NDE3MTQ0MjMxWjAhAhBsrOs3K2pC4srI0tq4uYJqFw0wMjAzMDExNDI4MzRaMCEC +EG2YG7R20WJZoTzu0iHY30wXDTAyMDUxNDE3NTYxMlowIQIQbd0LWjycq9M72Rbs +aXT7mhcNMDIwMjIyMTIyNjM4WjAhAhBu3v2JNq6gQY1c7C6QMfiaFw0wMjA0MDgy +MjM2MTJaMCECEG+ya0xIyv7maZoGY8QylsEXDTAzMDExNzE3MjcyNVowIQIQcAvh +7kSJUVJlJywtNHzgjRcNMDIwOTE4MDAzNjAwWjAhAhBwLcCmuKWg2khZs5Y0gMgl +Fw0wMjA4MzAxNDAxMDFaMCECEHDh2ZLNdkJjUW7NjAkpF0gXDTAyMDUxNzExMTA0 +MVowIQIQcjjkkWp6ivO/8NjgpHCNqBcNMDIwMzA0MTkwNjQwWjAhAhByl6HYnDsA +wsQmLQYrKXZOFw0wMjA2MTgxNTA5NDdaMCECEHLSI5vyM+l8z7apQdUOXDkXDTAz +MDQwOTE3MDIyOVowIQIQdFyc+arD+pQ8JTllRJUT8RcNMDIwNzA5MjM1MzIwWjAh +AhB0mH9orReSk/JllAwz5r1JFw0wMjA0MjMwNzQ0MThaMCECEHUOQP+X8Eft9VbH +CE6xq/0XDTAxMDEzMTAwMDAwMFowIQIQdSZRWWW3MzJf5s2qMGV44BcNMDIwNTE2 +MTgyNDU2WjAhAhB2E2+/yN7ZNjA5zIWPAC8ZFw0wMjAzMTQwOTQ4MjRaMCECEHZS +eIlE+sGz18lMszKVrwMXDTAyMTExNDE5MTU0M1owIQIQd11MQNmN+siaJI1HEJBK +ChcNMDIwNTA5MDExMzAyWjAhAhB35lpDWZNdX3p1gBrNrcIiFw0wMDA4MzExODIy +NTBaMCECEHgZ8baHg6/fYI2aZA3s4FEXDTAyMDUyMDE3MjgxNlowIQIQeGRlj4J5 +26UcRxAdciNmUhcNMDMwMTI0MTg0NTQ3WjAhAhB4ZOHAaY86x4sj4ymx7qlBFw0w +MjA1MDgxNzQ2MjZaMCECEHh5iWESZ2QU/QjMswVVwGcXDTAyMDQwMjEzMTg1M1ow +IQIQeIpWIgjOQu7Ro3kQFP06NhcNMDMwMjA1MTY1MzI5WjAhAhB6oGy6MwKsX/UL +tndh73cJFw0wMjAyMjgxNzU1MTFaMCECEHuRM2Zs8NTjnfaIKZv30OoXDTAyMTEy +MDIyMTY0OVowIQIQfO/yCgiuEFce3tzWY3awXRcNMDIwMjI2MTAyMjMwWjAhAhB/ +du9p6/U/Uy6qpe3ewLQGFw0wMjA1MDEwMzMzMDdaMCECEH/La5mR0HbhPA5nFcTU +TXsXDTAyMDQxMDIxMTg0MFowDQYJKoZIhvcNAQEFBQADgYEAmTAO/uYzQ81DVqnu +pqRu8h5IMXNwjQjd2UQzdjvTBm/tNDY1OrDqwjHzCzSyAu2+4nZgM5FR5/76cARp +H0PKcN1l4O4Dx5Yr/NZ+4uNwehVm6JqL0hmz5UVU6X+YBNayPCFm2KqV065y6ta2 +cvBBCG1cy4yQkLpUQjmwbPUG59A= +-----END X509 CRL----- diff --git a/tests/cert-tests/data/crq-cert-no-ca-explicit.pem b/tests/cert-tests/data/crq-cert-no-ca-explicit.pem new file mode 100644 index 0000000..60b3799 --- /dev/null +++ b/tests/cert-tests/data/crq-cert-no-ca-explicit.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUzCCAwugAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAeFw0wNzA0MjIwMDAwMDBaFw0wODA0MjEwMDAwMDBaMHsxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kxEjAQBgNVBAoTCUtva28gaW5jLjEX +MBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTATBgNVBAMTDENpbmR5IExhdXBlcjEX +MBUGCgmSJomT8ixkAQETB2NsYXVwZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBAKXGznVDhL9kngInE/EDWfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4c +Sjj3My16n3LUa20msDE3cBD7QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwa +eh1pr0cCYHofuejP28g0MFGWPYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggGWMIIB +kjASBgMqAwQECwABAgMEBQYHqqvNMBIGAy4HCAQLAAECAwQFBgeqq80wGgYGKgME +BQYHBBAdNM1a0GXcJ8F+lEewqqynMFwGCCoDj////38HBFAXjw5BPwQcydZK9kvz +tmx86sb6NKTXftZMlosmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bb +NlNiHTTNWtBl3CfBfpRHsKqspzBSBgYqg5nLAAcESNZK9kvztmx86sb6NKTXftZM +losmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bbNlNiHTTNWtBl3CfB +fpRHsKqspzANBgMoAQUEBgQEyv6+rzATBgoyCwwNDg8QEQEFAQH/BALK/jATBgQo +AQUBAQH/BAgEBr6vyv76+jAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUF +BwMEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAfBgNVHSMEGDAWgBRN +VrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAKxF2fF369dSt +ZBvKns94o9bvovquGyiFKz0/L9lzdHOxp1+mJuQuGuBz8o7uTOGTaR/bn8qP4xB1 +h4uwHLnj2xpuA9zG4PTPU+2F3hQbcJAHKtfSENnKh3BwNTFbiLJ4yf/OruJ2Rv91 +ApyObpCy/2g1sPm///XqPcTsO9qx2GFFHrMImu0M70VVEzaPfufdLX6aSUPs3Dcn +vaSpy94TcyPEEXx9hFp9DCPxRSHlA7/GxrWJ7kVl+r0dJ5V1Jt4ZQ99SryAspX7Q +O8pRWW3+y9IvcCb+1cvpy+bAOl78AndAAq3t0OyYITmgD4CJGjpkdfNgFt8sZo3v +BXzLvrH6qqKyZfYa1CLcovCPe75qVu3A0lWTHQhf/1EtuZK6O80vPOc1AEAqaDlI +CQch7G4XUA== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/crq-cert-no-ca-honor.pem b/tests/cert-tests/data/crq-cert-no-ca-honor.pem new file mode 100644 index 0000000..acc10d4 --- /dev/null +++ b/tests/cert-tests/data/crq-cert-no-ca-honor.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEZjCCAx6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAeFw0wNzA0MjIwMDAwMDBaFw0wODA0MjEwMDAwMDBaMHsxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kxEjAQBgNVBAoTCUtva28gaW5jLjEX +MBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTATBgNVBAMTDENpbmR5IExhdXBlcjEX +MBUGCgmSJomT8ixkAQETB2NsYXVwZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBAKXGznVDhL9kngInE/EDWfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4c +Sjj3My16n3LUa20msDE3cBD7QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwa +eh1pr0cCYHofuejP28g0MFGWPYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggGpMIIB +pTASBgMqAwQECwABAgMEBQYHqqvNMBIGAy4HCAQLAAECAwQFBgeqq80wGgYGKgME +BQYHBBAdNM1a0GXcJ8F+lEewqqynMFwGCCoDj////38HBFAXjw5BPwQcydZK9kvz +tmx86sb6NKTXftZMlosmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bb +NlNiHTTNWtBl3CfBfpRHsKqspzBSBgYqg5nLAAcESNZK9kvztmx86sb6NKTXftZM +losmx2FwlEX0DZygoACRr30hJ4nAC3OHsdDXq2I91AKdS4bbNlNiHTTNWtBl3CfB +fpRHsKqspzANBgMoAQUEBgQEyv6+rzATBgoyCwwNDg8QEQEFAQH/BALK/jATBgQo +AQUBAQH/BAgEBr6vyv76+jAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsG +AQUFBwMEMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJU +IspyNl8wHwYDVR0jBBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcN +AQELBQADggExABo85KtYsKo4Up53YJvoyW4Tztv1S1zG0PfRlwCJxxWph4rq7A5V +lGwsekQn2y1GMElpb5YhyUZlIXOxQlA6nYPV/FR9MjDDpAYpkT29Rj2OqADIj9YW +7wpZStng1CZKQ21OFvlOxHNx68JLxBD3N0cFXyYnqSBMP26jpFLsmK4djyevbump +ijQv6JeZzp115cR7hwNL3JUXnXLEJYfKLNMY1dSj/NMZz6Gcouo8b9csV+w4gxsf +AT06av9MhX3lthWFyYrXFWGrIYFxfnljhNEAuNPUoNqOn/LLhxXBgvDSLO6PxUYH +W4XZwSXlit+jSZfw74jBC+PAZNkyNkQMi3R/5hRvjhtZi8922pppd+rwIvACp001 +tGxeyLIbD+337KcOUrY3n/jo7bOKp8ZgysQ= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/crq-cert-no-ca.pem b/tests/cert-tests/data/crq-cert-no-ca.pem new file mode 100644 index 0000000..06d7f8e --- /dev/null +++ b/tests/cert-tests/data/crq-cert-no-ca.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDCzCCAcOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAeFw0wNzA0MjIwMDAwMDBaFw0wODA0MjEwMDAwMDBaMHsxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kxEjAQBgNVBAoTCUtva28gaW5jLjEX +MBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTATBgNVBAMTDENpbmR5IExhdXBlcjEX +MBUGCgmSJomT8ixkAQETB2NsYXVwZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ +AoGBAKXGznVDhL9kngInE/EDWfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4c +Sjj3My16n3LUa20msDE3cBD7QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwa +eh1pr0cCYHofuejP28g0MFGWPYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjUDBOMAwG +A1UdEwEB/wQCMAAwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMB8GA1Ud +IwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQCZ +dIGQzIssipboFrpvepw/mTK6V46AxzRRnedktS6Opb5RRvGrCRLC0fMmbfehCO1J +W1QhlzvMrXAotOSZMJeJamRpTxX2V9o4R9SQMY8GSI1+v7d+bKgFRvilMlyNCG/X +i+Y9gg0Y53b81sx+yREeX19TWWH1AMusu3VbD5aJ79FV8mlnG3rng9LBcE56Z+2g +P51xmjGGyVF6sW1jq7Ce1mur1KqypzQvhcaAl6C7j+cfIl1ptcBDHNGVWTt0BvZL +lWEmt3643juHm2Epu16rL8noR9ZQCi3qpzE8Ixcf0rFkdlQR1FvQg6KYArPzquiH +bYPXl7jDlz7/u9Y73rL0PDh/3x1lpAVwoV0q8FyIT//pk1NBt6ej6axVgJ0jgat9 +ZX9lNmg3KA85M5Tk8Ue6 +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/csr-invalid.der b/tests/cert-tests/data/csr-invalid.der new file mode 100644 index 0000000..0c45cff Binary files /dev/null and b/tests/cert-tests/data/csr-invalid.der differ diff --git a/tests/cert-tests/data/cve-2019-3829.pem b/tests/cert-tests/data/cve-2019-3829.pem new file mode 100644 index 0000000..c771843 --- /dev/null +++ b/tests/cert-tests/data/cve-2019-3829.pem @@ -0,0 +1,66 @@ +-----BEGIN CERTIFICATE----- +MIIFbjCCBFagAwIBAgIQPBKFvactgik351RXZ5opvTANBgkqhkiG9w0BAQUFADCB +tDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug +YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEuMCwGA1UEAxMl +VmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAxMCBDQTAeFw0xMjA4MTcw +MDAwMDBaFw0xNTA5MDkyMzU5NTlaMIGxMQswCQYDVQQGEwJVUzETMBEGA1UECBMK +Q2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEbMBkGA1UEChQSUk9CTE9Y +IENvcnBvcmF0aW9uMT4wPAYDVQQLEzVEaWdpdGFsIElEIENsYXNzIDMgLSBNaWNy +b3NvZnQgU29mdHdhcmUgVmFsaWRhdGlvbiB2MjEbMBkGA1UEAxQSUk9CTE9YIENv +cnBvcmF0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Vg9Z0ee +4Tg3pwyw9CcQCINfJEWLhhvrB88pcnyMKxbB7v3qwwfi9VhL0fRM/AusgONWrQuW +2gftlw9ZtQMAWRkLvPHM3hXz5ch1XpvTmNqPQrSGfn9te7T9018ORa+WVuUCKzhL +xMSxG+VEpSRZsSdhq/chwA3fqhdUdq7fdxo6H3v/RV8bDUz1vRow+ygtAMneh8/x +kvnnyGZrW7BzJH6odOq4ASbx08czrKzqxnnoiFDmPuBTjv5wCLz0yHboHRQ/aC25 +GKXNioEVAGY/nWxVetFgJG8SwiIBR9C4KHaUqLHpPDU40WW7jGvybDaEGWXBQfTr +e1Dj/B3JY6SGhwIDAQABo4IBezCCAXcwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMC +B4AwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NzYzMtMjAxMC1jcmwudmVyaXNp +Z24uY29tL0NTQzMtMjAxMC5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAq +MCgGCCsGAQUFBwIBFhybdHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMBMGA1Ud +JQQMMAoGCCsGAQUFBwMDMHEGCCsGAQVLBwEBBGUwYzAkBggrBgEFBQcwAYYYaHR0 +cDovL29jc3AudmVyaXNpZ24uY29tMDsGCCsGAQUFBzAChi9odHRwOi8vY3NjMy0y +MDEwLWFpYS52ZXJpc2lnbnhjb20vQ1NDMy0yMDEwLmNlcjAfBgNVHSMEGDAWgFBt +48zqeyb0S8mOj9fwBSbv49KnnTARBglgIEgBhvhCAQEEBAMCBBAwFgYKKwYBBAGC +NwIBGwQIMAYBAQABAf8wDQYJKoZIhvcNAQEFBQADggEBeCwxl3jzuZqItKl531TN +TCCx3yoOfpZnGd7acfLyfeX8xDy7wakiOyC1nxv1FL7+H//Mku+F3Ne/A0HmnHx0 +sD9F1fYxweF8ubSoRqwUCXSMB4YZuwRAfUILon6YvyHU1kgPYwr0bsYu28l0liQY +YC7ALFbwO2ecxOYgg38mho+XRRXPd/PtOfmZ23yeKvrD0Hm499jC1OloFX+8G4ly +mz9Y8aoDBzkEYcXWn3Rz1p6EQJnWJzI/jSxMKIuI2/Ge+oIFZpEGK3Hec3sYqLs4 +EUOfWI4bNm1W+eU0E2bwuWmjddgTdOWHaYm7jMlCzkZw9qg2/IE2fTu7P7UuNOvw +av0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF4jCCBMqgAwIBAgIQJ1P4Bv6RNzIvW0CfHDGHXDANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtDEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg +aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEuMCwGA1UEAxMlVmVy +aVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAxMCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAPUjS16l14q7MunUV/fv5Mcmfq0ZmP6onX2U9jZr +ENd1gTB/BGh/yyt1Hs0dCIzfaZSnN6Oce4DgmeHuN01fzjsU7obU0PUnNbwlCzin +jGOdF6MIpauw+81qYoJM1SHaG9nx44Q7iipPhVuQAU/Jp3YQfycDfL6ufn3B3fkF +vBtInGnnwKQ8PEEAPt+W5cXklHHWVQHHACZKQDy1oSapDKdtgI6QJXvPvz8c6y+W ++uWHd8a1VrJ6O1QwUxvfYjT/HtH0WpMoheVMF05+W/2kk5l/383vpHXv7xX2R+f4 +GXLYLjQaprSnTH69u08MPVfxMNamNo7WgHbXGS6lzX40LYkCAwEAAaOCAdYwggHS +MBIGA1UdEwEB/wQIMAYBAf8CAQAwcAYDVR0gBGkwZzBlBgtghkgBhvhFAQcXAzBW +MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzMCoGCCsG +AQUFBwICMB4aHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwDgYDVR0PAQH/ +BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8w +BwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZl +cmlzaWduLmNvbS92c2xvZ28uZ2lmMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9j +cmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMCgGA1UdEQQhMB+kHTAbMRkwFwYD +VQQDExBWZXJpU2lnbk1QS0ktMi04MB0GA1UdDgQWBBTPmanqeyb0S8mOj9fwBSbv +49KnnTArBgNVHSUEJDAiBggrBgEFBQcDAgYIKwYBBQUHAwMGDCqGOgABg4+JDQEB +ATAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQUF +AAOCAQEAW46f07q+qa8aPmWBt8Fk9qJ460yABjqsIm6MK7xdhX/AjxAqysStliQB +aP9ltdEULCql2kmWr+nU/3GckwlKamH0S9HLtl8p/GgR5XL/Rg82KZlDnrPZrEeT +e+/E62aGp9aJVD6Umw2R8NIjasANN85G35WupGXGGL+kaXM/6IXQSH0o7/NfsAG0 +dbTRU0v0b/aki2a273g5xYgrZzIa70DAlPa30ouEoCZvikvF2NxU7uJKVqq8cuWT +5j+23m1seyVbAexvKWS38y4j9h+uES3GurnrCGCxLRsrnr6FdAodLipSkRgg18my +l4SPFiwyyhgSqsUgWcr7bTcy48WjhA== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/dane-test.rr b/tests/cert-tests/data/dane-test.rr new file mode 100644 index 0000000..b39b413 --- /dev/null +++ b/tests/cert-tests/data/dane-test.rr @@ -0,0 +1 @@ +_443._tcp.www.example.com. IN TLSA ( 03 01 01 5978dd1d2d23e992075dc359d5dd14f7ef79748af97f2b7809c9ebfd6016c433 ) diff --git a/tests/cert-tests/data/detached.p7b b/tests/cert-tests/data/detached.p7b new file mode 100644 index 0000000..d2a5602 Binary files /dev/null and b/tests/cert-tests/data/detached.p7b differ diff --git a/tests/cert-tests/data/dsa-pubkey-1018.pem b/tests/cert-tests/data/dsa-pubkey-1018.pem new file mode 100644 index 0000000..b0fafd6 --- /dev/null +++ b/tests/cert-tests/data/dsa-pubkey-1018.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC5DCCAqSgAwIBAgIBATAJBgcqhkjOOAQDMBExDzANBgNVBAMMBkRTQSBDQTAi +GA8yMDE1MDcwMTEzMDU0NloYDzIwMTYwNzAxMTMwNTQ2WjAUMRIwEAYDVQQDDAls +b2NhbGhvc3QwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAm6i5p3hTcFOg+nVQ/7Bc +HL+UT3FBNlgUZp1Wm1eVyGyMmdFwqcV9oHaUnXUJTTDycmMHneMH311tNlEjn9Z1 +ShzzIkyeL1eDDcFnPaGsJUbSg9qfP1v4en045bAqS/ZdnEctoh8lZoMXWdJ36QbB +V5zpmVouoUALk9EtGvt/tEsCFQDYWrX1itme+B04lrEBlvH3j9/a5wKBgQCAqU4g +E+6pMDgrz0p6jvkdhJ4mssWSgwgN8fQ5572f/LciJk+LTwbKfjnTaf51YauYQMD9 +noBz4FBwoKXuhfx6mTGBgHYSaR7H02VS7CloiKBsUeTNV4714fzjPSKNQpGf4bla +BWVRF7Ywb2GPnanq45sEAtCbNr2/nB+QLB1w9QOBhAACgYADWsX3E/0KCl8mqhBJ +twjE/Nf/BW97dGqfRVPNmnUaymLpj5rmT5nXG4Z7Q8ZaZhlAcHyUp7UauhBZDtYO +dHl9o+lFRHV/1gk9MaoQwtQmPtIqWL+1rQG+pQLgqcLaLCYr8RF58ZPjWNW1ryj/ +17b8ttxCkCIW+e1Pw4zJQ+uOmqOBhjCBgzAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0l +BAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYEFJK96czanXgxIBYP32KJ4ewRWKZiMD0G +A1UdIwQ2MDSAFNjkn7e/GsLzUAcBBiPuHP53FkocoRmkFzAVMRMwEQYDVQQKDApF +eGFtcGxlIENBggECMAkGByqGSM44BAMDLwAwLAIUWEXonU0yFwRZlwe+fRO5mdOr +w8UCFClvc68uKa2bUAcOyuIEgt8x2nv9 +-----END CERTIFICATE----- + diff --git a/tests/cert-tests/data/dsa.1024.pem b/tests/cert-tests/data/dsa.1024.pem new file mode 100644 index 0000000..3e0c103 --- /dev/null +++ b/tests/cert-tests/data/dsa.1024.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBugIBAAKBgQCHc0onPSpqqR3lE69+wLgJJ4LISkPPLwxbPnO1mSJNnjhvucXC +NjmetDFkPSO2R3MkruD4MCLkKlvIEnIhH8pG32R7GNHLubIp/qcjRJ7NXtS5cG6p +LU4I1NWlekKUBAjQP2plM3U81Ut3JM39qGYZTM8NPGH0uWTIFn8PpVEzUwIVAIW0 +sPS7m+gJzXCJ6brM/y4iSyzxAoGAZOMeOwOLp3iOcd5AjbXkdDIBSggMQeHbkD9f +ztMLhhxLaMvygncP6DOIxpmC1LU+APB+DSqyIwhm2ag0Fuo7QYpF4nzZGeX7VWem +WnGgcKSzkMStlGueW1lnFkrUcRk8H8IksuZtxiNSgDMvPsxRxLx9m1pulbNI9Izh +QDkxDAACgYAP0fYZ4Nytae+Xm870Q1PC6kkI3DHKLxnJEudKqRzuMvaa5DauXC30 +L2Ifb93GBciTKPd/LAK6EcVnXiIgp/U1eTqzgNjzKAjJRIRBg70a2tbYJ71dRHOW +FqdGw3uIr1Hu9IZQk0qzyS0WP7ADXmhCsAqHMiCgwrHy/CYIo950EwIUErkN0hjz +Mf7Jz8+drwf9tboRi44= +-----END DSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/dsa.2048.pem b/tests/cert-tests/data/dsa.2048.pem new file mode 100644 index 0000000..12d8e0e --- /dev/null +++ b/tests/cert-tests/data/dsa.2048.pem @@ -0,0 +1,20 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIDVgIBAAKCAQEAolFCsToyL0h/NLXfX3gtpyePyx8R0TJbh/lVcqDXlFfZzRD8 +P214Mm+D7qwnnlefFDWXYMpGKRpUJxLgsMrHsKVK7flwm0L33gQBgwo+dx6H/vXh +zRKTLktIQuXc3xvAiNGsnFDz9dWfRrXkz2tmf3Okemb4jwIaMKMDaCKFxXBHl9YG +tgWdp4cA1rzcLjG1QeLVl3bw1hnPIA+DWadFHFrvVn+/VQVXUPxLiLVt6gm7HqY0 +k5jCKtwXUO/BjWVQZO01rA2dN0b1qlFO4kmuIJ4xL73JMY2lryx8kfl5lNkB5dIo +huOmIAXTh1odvB+9X25DpJNfHEIb5yNCXhnuqQIhAKN32zoITUbHbO53BhlGHTu2 +a2kCOI2kTuIVlAEF757vAoIBAF1cRFJnGOUWxRa2iRJwwfFF2QqU9zE4h/oRTLN4 +EtLhS0QaAd1T7Tllbzdqq8qIgiU3X3KnutTWAT7Arh4nfSKudLi1vtyafzaOurrC +TgANJqBIdmb02Q9IHrr2/gQCpHgtBLhiHX2jzGNhXpmU0uRhw/yXpsVQtE3gf9bs +aktHc6dE4Qr9YQUkL/GRwO0T+zVFdnaOQGaLlWQjrGzm72thty+5w4WeGrOW9K+l +BRLZY054C3bOO6LRVLl18ktv/QiUEzEUZqj5SW9NUJCCryP1FEu0x3DhGaKb3J5B +oHXRCJmrqsVpjZBH9lMLi7oOlQicQ4cW4p0II46nSm0oiqkCggEBAJ1fFoyEBE+x +tXaXi0LuFNZYUrts+dahDyzwuP7epAxs92gVDUMWiq/OYce+uTPhFRVxW8SPux85 +YIlzU2z25X2s3Eto8PjCziTXZRdzitNa1OWETQ02bvIT1uyRwyex7aqt8BdSM4a6 +mxIil8Z8PTZVjrUMrVbh9RKKzPLVbhoNAUVczzDYYlevvgSU6pmZ/BmvuNkKX/2e +Cid3zY2ALyCv013rBvUQWiACUUk/I4T2UJtMvZNJ8PvtDuh1Y++4nO7H2zEF4aWh +PcBmg48lVvBCg7A7O1mWTFpCPlMLcMuI5LL/EtdzwoSRhygoOenHk7Qe77LrN+mC +AQeuCRwIH20CIAXRwOQ8I5w/YrXm/RqrMIKyQVBT7qNtaSs10TDDFMp6 +-----END DSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/dsa.3072.pem b/tests/cert-tests/data/dsa.3072.pem new file mode 100644 index 0000000..103e4c1 --- /dev/null +++ b/tests/cert-tests/data/dsa.3072.pem @@ -0,0 +1,28 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIE1QIBAAKCAYEAhB9vvBF1/AbPA+dKYSJ3aroMMsWSbrDd5bgIX+wZHOWAh/JJ +XwWp+sweXPlwvwglsUKbAxO64Wxv8zlzuiZNmfQykorG4XhUVtCKSEj16ha8MFyw +tWUYgHzUdJ5bi6a5zekgliDFfz8h1R6zzjGDKVdNzwZDVEVPIsD95kw9OopSNAEA +ZHH5cO9PS44+1dWss1AL2DEyfMMbKuzqkyl1K9eF2s4j/lm4ZOZGo9Yw7hG1DaR4 +3Yn2JA+yKzu0scXdbZaziSyeFPSBU80PglMwaw+SKguQOEGZYU31bqXt68S8bRqr +tuFvqeeALSay8zmskeop77JzWEu4R8SEkWZvePHfhnMalxy4RdXRCisUIiqJ1u8M +1RP96R7t+9nMyfD91fwSwqGkRWSr7dOtYM4pbhSVOHfBaTuDt7tGlGKgX/fS0yJr +7+1TWmfxBx3HElG/0k4v2C64rdfOPMD/PaLgynScllkySwMbjX3N7OAz5L+Ma26Q +TDJz1+ew5EIhjZoVAiEAkn2A54rW0EcDA4RCqqljHOZN+uKaZFExmmngPqOAzAkC +ggGAZWwxfAjfSyDtg31QBgQGXmDeMiWbgAiU1w+emRYETAE17er4TiCQxFiKNPvW +ZfcCJSjlQ0J7m88CNpYucUr4Jrvf6qZLA1N2HfTgMPzYuahXpW1O2qn5HMwLAz2Z +FpXqNczUyl9kuuI5p45GPwsbLdVQqZnou5HLtZ5ZcVDQs+XQIxxOb5AzXX182FOv +DKQaBKppDtY0SESI5HDajCXdrXtvKUXC0vrll2lA2C2sjhCTVQlJk6NBWsTrxt60 +YEF1LcPQUCa0bXuooEd73Tk+FnqpYRdCiSmeOodzJumog4JkH7UZe5pdII66To5m +wyP3rbWxld1gSdom/lg7BppEY6M6Y+28IX38KWRHUg+1qXqnpn/H+CkLGnDsJ2Ma +qI0nGfoPctT903gsnevkxXu8xP2vGudtdvQ5vOY5lFhJGfi/tz8BNMnHGmjQnpyt +GI8b+NeDjOADGWfwDbwSSta192hXMFmj75rslNI+oLuroRcJb28NVNpo/P30znTv +74cUAoIBgBSqcCAa4s0nF91wgGE/R+Uqe1ppVl0L0GUxSORTidrSSe/EuUa9MVVu +t7o/HOHbwStCfQxeQv02KbVoug3RB/Y4oq10/JSqwi0pvGnXWgmQp1/KkUHuFNjf +W9/PDIm8xjmHxtUREMIFsB4gLwrbZiELxnxt45sE7YKrpqTGg5oUwr0JIHW18PxH +WTBYh0BTpdMt7ohiUhP7947ZyCKt0qpkBT7B8hjMY5z6yxmU8Hxx6WJxdQxYRw0n +PKh/VQG4m1CcU4enmPO3eT4vzY6ByLEmF6LORGAiwQWjrCGAQCBmCW16WRpffg3R +TVA6WZoGOTtFrbe1KDkitzE4aiMH0AScstZt+z4tg6Y66DBE1MVMtcchBoLIjTyC +z2E7K0uu2jR6bNvW7rhCZKSkhWXZwRKaGojnh3CQUA+cENIhIF+E/DzJr1M8zFle +PrT4w1/E3yQHgCNLrDAGTp0GQP90BVVtaSx9y8uhHatVynpkvOonDo2eBA8v3j75 +snWvY7HNCQIgZCJrP4CDBTRT9pNL4+Gc/wfiKVEF55YcG09uT77u30M= +-----END DSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/dup-exts.pem b/tests/cert-tests/data/dup-exts.pem new file mode 100644 index 0000000..9dcf74c --- /dev/null +++ b/tests/cert-tests/data/dup-exts.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIRAPABuQ6DmexEq0k9QQaewLcwDQYJKoZIhvcNAQELBQAw +bzELMAkGA1UEBhMCQ04xDDAKBgNVBAgMA1RKNTEMMAoGA1UECgwDVEpVMRQwEgYD +VQQLDAtiZWl5YW5neXVhbjENMAsGA1UEAwwEYjMyNjEfMB0GCSqGSIb3DQEJARYQ +bGpmcG93ZXJAMTYzLmNvbTAeFw0xOTA1MjkxMTU2NDBaFw0yOTA0MDYxMTU2NDBa +MHsxCzAJBgNVBAYTAkNOMQwwCgYDVQQIDANUSjUxCzAJBgNVBAcMAlRKMQwwCgYD +VQQKDANUSlUxFDASBgNVBAsMC2JlaXlhbmd5dWFuMQwwCgYDVQQDDANMUUwxHzAd +BgkqhkiG9w0BCQEWEGxqZnBvd2VyQDE2My5jb20wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDNKbU4xRcAGOyzHWgEQw0/smt+BJaLtbIvKdPKPTDzDxSl +Rud0rf1GWzG5vKhEzn3ruNwFs23JTu4OcXlkqp4sGqC5SQ06qVhe+eWhK+pjsCll +AG9ZQ40kNdsE5Bt9gbl38tdykM/a5bU4+h8S9P5XP+Vr/xGuB1aqw07NqaUsOs3+ +McH/ZFZQgSv8NDXl9eok5XEfaDZoRf29nAH/I+Ottbw37oW7omvMaC39CVKKmYMA +rdRJR/JrICsOKKnmEf6oLNErBGs3TLXo9/CiQJz/KeV9mHT/BfPumAbSlIXo6en8 +AVyA0V+N1bwUiBu58m9B+z0GlaxeQlxSvTn2wUx5AgMBAAGjggERMIIBDTAJBgNV +HRMEAjAAMB0GA1UdDgQWBBR/7mRMJ+8WoDdxiWO1eCLw0xH+0DAdBgNVHQ4EFgQU +f+5kTCfvFqA3cYljtXgi8NMR/tAwHwYDVR0jBBgwFoAU7S2I/yNy3nSqhHIFpnM6 +2/XWHHgwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF +BQcDBDAYBgNVHREEETAPgQ1oaEBiYi5hZGRyZXNzMBgGA1UdEgQRMA+CDWFiY2V3 +d3J3dC5jb20wMAYIKwYBBQUHAQEEJDAiMCAGCCsGAQUFBzAChhRodHRwOi8vbXku +Y2EvY2EuaHRtbDAMBgNVHSQEBTADgAEDMA0GCSqGSIb3DQEBCwUAA4ICAQCopPaM +SMElD42TZYn1+SnACRnH4YWH/gfG3utPeGVPkBmvV5Je7/gNMlhAQJL5YKdDYa4o +S1zjkNrRSlamH6akX4KyOm19tKRkU7dvtcTRF5CwXGcE2Yte6hc1gWeGzsx5taZL +y2yan7jhCHMqtN5R8AMTDdK4ORPu+sSrghAwkS6KSR0VlVmgbrJQ0WAxRk5bKm7v +R402pLhH2MjsJV48XqvaRTjyT96nbAZ4tdSoyJoHXRvUv9QpFtHSddlnPbEgxJWT +3OLbr+kIpWuaaZNjntLOqe9aPkLEhpw07sGLpT23dYqdehZd12O5+3olULXVBOgg +h8uF4Q9kRtJDpLCd70hUoiyovCxgPbFYUjvmtpCtmNkSCq/txWc3YqOwR+HPe83j +aAsIDnEO6cY6M3uqM1xradU5jzDeMKHJV7XDdXsq9nyQoZ8ytKlKcgM5kNoaqAkT +zeutyjGtQCkJr5V+5Te0JJinVL+xafpwP6749VRUaEWHWk2crkTKxu7/lUK6lgnS +70gLDO1QEJ/edPDC143eRP+dF/d7bN2UF1l+G0F4AcW7kB5mKgOBIWTZSnTmByz5 ++HI1touSh9dDcDDuZ7z6k2Obl0fuPY7ROLZQT3BaYGU4M2FGT4sJa6P6VtfufzEB +MHcS14u+3EvHBxhcI8N4WTrBE36FBzPk6R0g+A== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/enc2pkcs8.pem b/tests/cert-tests/data/enc2pkcs8.pem new file mode 100644 index 0000000..4ec8ddc --- /dev/null +++ b/tests/cert-tests/data/enc2pkcs8.pem @@ -0,0 +1,40 @@ + 0 674: SEQUENCE { + 4 28: SEQUENCE { + 6 10: OBJECT IDENTIFIER + : pbeWithSHAAnd40BitRC2-CBC (1 2 840 113549 1 12 1 6) + 18 14: SEQUENCE { + 20 8: OCTET STRING 1F 40 71 AC 00 42 69 77 + 30 2: INTEGER 484 + : } + : } + 34 640: OCTET STRING + : FB 8A B3 5D 5F 16 A4 51 52 F4 E6 2E FB CF 19 1C + : A1 14 97 4E 16 1F 33 05 A1 A7 6D 2F 88 78 3E 8C + : E9 FA B4 B4 01 F9 93 83 4A F1 AE 47 6D 62 0C 07 + : 0A DE 53 DB C5 80 6B 0F 3D E1 BE 00 1C 2C 93 E6 + : 6D 34 0F AA 67 2F 90 D5 ED 70 DD 9B F3 A3 4C 6A + : 53 A6 DB 84 89 CE 32 91 BF 5F FC 81 10 B8 C3 65 + : BD 05 8F 4E 39 A8 2E 81 3C EC 95 77 D7 34 47 F6 + : 79 3C 74 3A 24 D5 D0 DB A0 86 DE 23 E9 5B 78 A4 + : [ Another 512 bytes skipped ] + : } + +0 warnings, 0 errors. + +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICojAcBgoqhkiG9w0BDAEGMA4ECB9AcawAQml3AgIB5ASCAoD7irNdXxakUVL0 +5i77zxkcoRSXThYfMwWhp20viHg+jOn6tLQB+ZODSvGuR21iDAcK3lPbxYBrDz3h +vgAcLJPmbTQPqmcvkNXtcN2b86NMalOm24SJzjKRv1/8gRC4w2W9BY9OOagugTzs +lXfXNEf2eTx0OiTV0Nught4j6Vt4pEA4ZvLBer6a3k4/BTjm9uvwq4oRGsfeixkn +VJ27dz5ZyUmwVyzfCQww1gAAMQIX/LAPQKfkAiBuYfHHP3H/tiOIGj7Xmt3Ktknu +j1uAoNUX6/IYQwrS87HQ1txTl19p6HMqnIBncalVRk1VfkckNCILw3c9P8xzxSB0 +sRep7f0sh/JAai2CF+nSLlLsfRoPNwBO0kvJZDeXRxKCOwmjK3DdwWuKHpar3ccF +4cgS7dVK0tYur6XoqR/AqfqG8PuP6bbwZWB+i+irmPI24v+177AOYVkrUngeYWOP +VKkX8Yupl9f3jTBVP1/YSlOaXZ3zXn6BV52mPjJHGY1GkTuWJ7ZCLzSruhBVsauG +mhoVAp8AaYoIHfJHGvcZHCZvMMjINVjkkpQBq4sl/OQ+K1E30Q4Amfc8s12T+yWJ +ypn8BhmxeAy4NbAYp4gc/u61rh22nSz8nswPNyR/mMpK60Wp61oFWr7QL9ABAoQJ +09jPzumO/B9WQ6CQvZ0fNNvBfVSg3/OzhY0quznHGalJqahORtP1lcV1m5mrCd1Z +8NWf7hIA/paMntlrkgRXAB36K/AqvS563TMDPWn71Jj7bErPw+8WlIeuEs6I8265 +sQpvNvpamuxunxRTnjeXyC1x4ZU+LDZT2ZG1y1G/mGYm9nRVPkvdgn0OHzQEgD9Q +R1QRZL+9 +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/encpkcs8.pem b/tests/cert-tests/data/encpkcs8.pem new file mode 100644 index 0000000..69417b8 --- /dev/null +++ b/tests/cert-tests/data/encpkcs8.pem @@ -0,0 +1,38 @@ + 0 674: SEQUENCE { + 4 28: SEQUENCE { + 6 10: OBJECT IDENTIFIER + : pbeWithSHAAnd3-KeyTripleDES-CBC (1 2 840 113549 1 12 1 3) + 18 14: SEQUENCE { + 20 8: OCTET STRING 72 B4 33 4F 90 B8 42 FD + 30 2: INTEGER 290 + : } + : } + 34 640: OCTET STRING + : D1 AB E2 91 63 ED 17 3F 4B 4E 97 00 53 CD 58 A2 + : 5D 25 E8 C8 D9 CA 01 92 AD E6 BE 4A FD F1 8D 9E + : DB F6 DA 0F F5 B3 F6 4D 09 EB 6B AA C2 43 0B 97 + : 8C 50 F3 DA 73 3D 3A 8C 5A BF 22 9B 1E A7 8F CE + : 82 34 3D 50 03 B3 5C DA D6 12 83 72 AC 79 D6 0E + : 8E EE B2 00 F7 09 6D 26 2B 2A 84 47 8F B0 1B 46 + : 5D 54 C6 ED DC DF 82 24 71 81 F3 98 F3 46 64 13 + : 7E 47 71 D6 B4 96 79 2C 7E 5F 2B 30 1E 7F 04 47 + : [ Another 512 bytes skipped ] + : } + +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICojAcBgoqhkiG9w0BDAEDMA4ECHK0M0+QuEL9AgIBIgSCAoDRq+KRY+0XP0tO +lwBTzViiXSXoyNnKAZKt5r5K/fGNntv22g/1s/ZNCetrqsJDC5eMUPPacz06jFq/ +Ipsep4/OgjQ9UAOzXNrWEoNyrHnWDo7usgD3CW0mKyqER4+wG0ZdVMbt3N+CJHGB +85jzRmQTfkdx1rSWeSx+XyswHn8ER4+hQ+omKWMVm7AFkjjmP/KmhUnLT98J8rhU +ArQoFPHz/6HVkypFccNaPPNg6IA4aS2A+TU9vJYOaXSVfFB2yf99hfYYzC+ukmuU +5Lun0cysK5s/5uSwDueUmDQKspnaNyiaMGDxvw8hilJc7vg0fGObfnbIpizhxJwq +gKBfR7Zt0Hv8OYi1He4MehfMGdbHskztF+yQ40LplBGXQrvAqpU4zShga1BoQ98T +0ekbBmqj7hg47VFsppXR7DKhx7G7rpMmdKbFhAZVCjae7rRGpUtD52cpFdPhMyAX +huhMkoczwUW8B/rM4272lkHo6Br0yk/TQfTEGkvryflNVu6lniPTV151WV5U1M3o +3G3a44eDyt7Ln+WSOpWtbPQMTrpKhur6WXgJvrpa/m02oOGdvOlDsoOCgavgQMWg +7xKKL7620pHl7p7f/8tlE8q6vLXVvyNtAOgt/JAr2rgvrHaZSzDE0DwgCjBXEm+7 +cVMVNkHod7bLQefVanVtWqPzbmr8f7gKeuGwWSG9oew/lN2hxcLEPJHAQlnLgx3P +0GdGjK9NvwA0EP2gYIeE4+UtSder7xQ7bVh25VB20R4TTIIs4aXXCVOoQPagnzaT +6JLgl8FrvdfjHwIvmSOO1YMNmILBq000Q8WDqyErBDs4hsvtO6VQ4LeqJj6gClX3 +qeJNaJFu +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/full.p7b b/tests/cert-tests/data/full.p7b new file mode 100644 index 0000000..5438ca7 Binary files /dev/null and b/tests/cert-tests/data/full.p7b differ diff --git a/tests/cert-tests/data/full.p7b.out b/tests/cert-tests/data/full.p7b.out new file mode 100644 index 0000000..c4dd043 --- /dev/null +++ b/tests/cert-tests/data/full.p7b.out @@ -0,0 +1,115 @@ +Signers: + Signer's issuer DN: CN=GnuTLS Test CA + Signer's serial: 4de0b4ca + Signature Algorithm: RSA-SHA256 + Signed Attributes: + smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 + messageDigest: 0420ca23e4b39a242dcece33fc776b6c9195595700f92201de19426d2d505576210f + signingTime: 170d3135303630313139323232325a + contentType: 06092a864886f70d010701 + +Number of certificates: 2 + +-----BEGIN CERTIFICATE----- +MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H +bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x +LTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC +AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D +hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh +ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq +58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB +VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03 +U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L +xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC +AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT +BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2 +B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T +AQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH +gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3 +LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE +/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD +5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h +h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc +w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H +bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x +LTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC +AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D +hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh +ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq +58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB +VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03 +U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L +xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC +AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT +BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2 +B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T +AQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH +gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3 +LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE +/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD +5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h +h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc +w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg== +-----END CERTIFICATE----- + +-----BEGIN PKCS7----- +MIIKLQYJKoZIhvcNAQcCoIIKHjCCChoCAQExDzANBglghkgBZQMEAgEFADApBgkq +hkiG9w0BBwGgHAQaSGVsbG8gdGhlcmUuIEhvdyBhcmUgeW91PwqgggdwMIIDtDCC +AmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVUTFMg +VGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8xLTArBgNV +BAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCCAVIwDQYJ +KoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0 +HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAn +lBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnV +x8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8 +LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhf +Irriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdu +mzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOB +jTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNVHSUE +DDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2B1hM6rUp +9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45TAQPvzzAN +BgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nHgMoMFHt0 +yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3LG5jUSCt +q/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE/wRZT/Xg +DCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD5joaGBW7 +zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1hh8NJ7YOv +n323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRcw075D8hd +QxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXjCCA7QwggJsoAMCAQIC +BE3gtMowDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAxMOR251VExTIFRlc3QgQ0Ew +HhcNMTEwNTI4MDgzOTM5WhcNMzgxMDEyMDgzOTQwWjAvMS0wKwYDVQQDEyRHbnVU +TFMgVGVzdCBTZXJ2ZXIgKFJTQSBjZXJ0aWZpY2F0ZSkwggFSMA0GCSqGSIb3DQEB +AQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7KsH702LztQ4ZnVF3atB7CkF+DPAIR +/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8WyZdVNRfzoXJLMMLgJ5QS81YA5s6C +SxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITclg6ybBw1qufHlD351cfCog1Ls256 +9whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7oc0lYpuZgVQIFxjsfC8IojsoVzKd +F0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLyrXPlGQWdN1PiEZ8YXyK64osNAIye +L6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+G+3ro22dy8U43sHHbps0FL4wPoKQ +HrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjehKZ+Aeap1AgMBAAGjgY0wgYowDAYD +VR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUdgdYTOq1KfUtgAaMg0qC +DQnsk94wHwYDVR0jBBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcN +AQELBQADggExAHTVpk7IebiH54MoTlsJu6Stvr4FDGPJx4DKDBR7dMrsbiJnFDF7 +ty0UtXWUqAiQAgaUxRovw4NlNKrzh0HBJnNzsDahwfdEdyxuY1Egrav22Fu4f+hn +fSnlgoGXM2h20PSD04yx9XS7MFT7fn1ygehIdIIEqxgExP8EWU/14AwlvLeAvtvk +5ifGRM71POygD0Pa1AUtfqdxFAEfxXzAKQKbBIoNSGfmQ+Y6GhgVu84dR9AfZhCo +nUbw+8rkScswHLw9uZ09eTS1tEEd3RHl6LC3O9tMcSZdYYfDSe2Dr599t5jo0fXq ++IuA+oiZV5ifLbzfb2pAmp5Frwc2+6ZRZ9rHzEKiAhaUXMNO+Q/IXUMX6Rn3y9rR +HikoI8jR10u8d3RYVKTdyEI1ItseH9nv2V4xggJjMIICXwIBATAhMBkxFzAVBgNV +BAMTDkdudVRMUyBUZXN0IENBAgRN4LTKMA0GCWCGSAFlAwQCAQUAoIHkMBgGCSqG +SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MDYwMTE5MjIy +MlowLwYJKoZIhvcNAQkEMSIEIMoj5LOaJC3OzjP8d2tskZVZVwD5IgHeGUJtLVBV +diEPMHkGCSqGSIb3DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAL +BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3 +DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIB +MBFc74+qXESkg7uaLnUjZFD3pBZcIM+iCbU83wJtexP6wS5QelqUlrlWvHT1edU1 +ygPs3hiidfyFy3uiQ8yIg3FSPHrBPA88HRkMYtlWRYjzGumEdBroDzfqmfLtOJLr +qDq7sAuh6GB/hNq8QbRe2mdPpUTp8ZGczmyBYadZqDX3LfLLPsIen8Nf0vfd1wDT +dqaj2jrW3czhNC0MEBmFGLUCvcxPmDDpub+QIxfU07mOUemNlCwtzqAWMbDOSC85 +S8OGwa59bgHIY/1emx4vK0O31afqhc1zhrZI9ZiTUbdklVxiea6VbQei/CwJEMbU +44xl3JEHplOxryZwsd0dT41H+9fVzq2ERetl8cd+4vnPSAh4dMqlh6eXVnVik9pS +7bCle+3/mD8ytj5fCFtxm2E= +-----END PKCS7----- diff --git a/tests/cert-tests/data/funny-spacing.pem b/tests/cert-tests/data/funny-spacing.pem new file mode 100644 index 0000000..98e4a75 --- /dev/null +++ b/tests/cert-tests/data/funny-spacing.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEhDCCA+2gAwIBAgIQLhA3A99GhZ16VQ2mWWGFODANBgkqhkiG9w0BAQQFADCB +zDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy +dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9y +eS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1Zl +cmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEg +Tm90IFZhbGlkYXRlZDAeFw0wMDA2MjYwMDAwMDBaFw0wMDA4MjUyMzU5NTlaMIIB +CDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy +dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9y +eS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBl +cnNvbmEgTm90IFZhbGlkYXRlZDEmMCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAx +IC0gTmV0c2NhcGUxGDAWBgNVBAMUD1NpbW9uIEpvc2Vmc3NvbjEiMCAGCSqGSIb3 +DQEJARYTc2ltb25Aam9zZWZzc29uLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAyQzOiv5xRpvKHeWQEqURC8YtxDPGGehgWU4/ZD3k93uwvvkQB+l8psZa +UTMkl3uj4Qi0UrYGEH1l325SvYE/Oa2zrRcTiCLnQ4w5t8LEukqLVBVJVaRNzABW +e8hjTjfe+3kPRdzpXM1w8GRCNYTb5lmky0v+D0coDDURqUD8uqUCAwEAAaOCASYw +ggEiMAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcBCDAqMCgGCCsG +AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMBEGCWCGSAGG+EIB +AQQEAwIHgDCBhgYKYIZIAYb4RQEGAwR4FnZkNDY1MmJkNjNmMjA0NzAyOTI5ODc2 +M2M5ZDJmMjc1MDY5YzczNTliZWQxYjA1OWRhNzViYzRiYzk3MDE3NDdkYTVkNWU0 +MTQxYmVhZGIyYmQyZTg4MzE3YWY3YmY1ZDUxMTQ5OTdhM2JmNDVmOGYzZWE0NTBj +MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL2NsYXNz +MS5jcmwwDQYJKoZIhvcNAQEEBQADgYEACTgvV56RpNJC2ddEwdgXFEkAaZ9r5JWT +Nf2Wdv+Lv57dBWuCsvOvD/igL41lCCdU1I9Hecm+2fnOr38qBhcm87nmdLq5NT42 +Vl1BnM5o/NvFMUIJMjfnty6kxVHl/uVFWQxEys6tdyRStHhfzE8Vp48ggVZlCFA3 +dbyiEYJySHY= +-----END CERTIFICATE----- + \ No newline at end of file diff --git a/tests/cert-tests/data/gost-cert-ca.pem b/tests/cert-tests/data/gost-cert-ca.pem new file mode 100644 index 0000000..b29e1bd --- /dev/null +++ b/tests/cert-tests/data/gost-cert-ca.pem @@ -0,0 +1,65 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 2b929d27439e7b085b2226481fe25b6a6bc7f7ee + Issuer: CN=Test CA + Validity: + Not Before: Mon Oct 07 18:51:37 UTC 2019 + Not After: Fri Oct 02 18:51:42 UTC 2037 + Subject: CN=Test CA + Subject Public Key Algorithm: GOST R 34.10-2012-512 + Algorithm Security Level: Future (512 bits) + Curve: TC26-512-A + Digest: STREEBOG-512 + ParamSet: TC26-Z + X: + b1:17:9e:1f:55:64:01:dd:03:09:12:17:8f:4a:38:e8 + 21:37:b9:50:d8:ff:0a:59:89:a0:0e:af:a3:cb:dc:67 + f9:b8:4e:7f:b6:61:f0:7b:30:7b:39:53:f2:16:dd:ca + 87:9b:c9:c1:fe:76:72:a8:6c:8f:a9:2c:02:e7:6a:5c + Y: + 46:20:fd:e0:95:ae:b1:ba:82:c0:9f:d5:a2:3d:f7:af + cc:79:84:e9:08:37:41:f0:84:d4:be:22:e1:0d:81:7b + 4b:c9:82:e6:8f:f9:4c:0f:dd:d6:a8:20:aa:d8:ad:c0 + 49:3c:11:4c:0e:a6:8d:e5:7b:5c:28:f8:d5:6d:0c:0b + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): TRUE + Key Usage (critical): + Digital signature. + Certificate signing. + CRL signing. + Subject Key Identifier (not critical): + 74cf59b3e174a809e4debf3b7ad63094343e5a4a + Signature Algorithm: GOSTR341012-512 + Signature: + dc:07:df:59:f7:0c:84:1a:4d:88:3d:95:74:9e:60:d5 + af:cf:23:7e:46:4b:1b:4f:be:f0:2c:da:8a:4b:eb:6c + f3:46:bc:62:02:55:f2:39:43:d5:9a:45:e7:f9:70:41 + 2c:1b:12:63:34:5a:19:20:65:31:29:33:b1:0c:f5:49 + 7d:12:67:a9:f8:e9:f3:fd:c5:2b:11:08:9f:b2:d7:0a + 4f:3a:5c:a6:9d:30:7c:f0:7b:e7:2b:72:a7:e2:04:d2 + 9b:a7:f4:40:31:d2:ad:73:90:2d:60:80:2b:c3:da:c3 + 89:4d:dc:00:a9:01:5d:26:71:ff:1a:ac:80:3c:57:5b +Other Information: + Fingerprint: + sha1:652264ab8efad9f4e17b41f84e52d5244c2752ab + sha256:47f73d42e8b14f5c940dbfaaa4f13a6f7e64c26d72c0aa094885c55eb53fb06e + Public Key ID: + sha1:a60d930b427a73b45a8d8bc3f1b184d651f48239 + sha256:38c9e68a183c9e53f31550ca25f18eac10e14018e978844548667c033c69d68d + Public Key PIN: + pin-sha256:OMnmihg8nlPzFVDKJfGOrBDhQBjpeIRFSGZ8Azxp1o0= + +-----BEGIN CERTIFICATE----- +MIIB6zCCAVegAwIBAgIUK5KdJ0OeewhbIiZIH+JbamvH9+4wCgYIKoUDBwEBAwMw +EjEQMA4GA1UEAxMHVGVzdCBDQTAeFw0xOTEwMDcxODUxMzdaFw0zNzEwMDIxODUx +NDJaMBIxEDAOBgNVBAMTB1Rlc3QgQ0EwgaAwFwYIKoUDBwEBAQIwCwYJKoUDBwEC +AQIBA4GEAASBgFxq5wIsqY9sqHJ2/sHJm4fK3RbyUzl7MHvwYbZ/Trj5Z9zLo68O +oIlZCv/YULk3Ieg4So8XEgkD3QFkVR+eF7ELDG3V+Chce+WNpg5METxJwK3YqiCo +1t0PTPmP5oLJS3uBDeEivtSE8EE3COmEecyv9z2i1Z/AgrqxrpXg/SBGo0MwQTAP +BgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHhgAwHQYDVR0OBBYEFHTPWbPh +dKgJ5N6/O3rWMJQ0PlpKMAoGCCqFAwcBAQMDA4GBANwH31n3DIQaTYg9lXSeYNWv +zyN+RksbT77wLNqKS+ts80a8YgJV8jlD1ZpF5/lwQSwbEmM0WhkgZTEpM7EM9Ul9 +Emep+Onz/cUrEQifstcKTzpcpp0wfPB75ytyp+IE0pun9EAx0q1zkC1ggCvD2sOJ +TdwAqQFdJnH/GqyAPFdb +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/gost-cert-new.pem b/tests/cert-tests/data/gost-cert-new.pem new file mode 100644 index 0000000..e700dcf --- /dev/null +++ b/tests/cert-tests/data/gost-cert-new.pem @@ -0,0 +1,70 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 335ae5d57d3e9438e00c7a73e4cf38331345bfee + Issuer: CN=Test CA + Validity: + Not Before: Mon Oct 07 20:37:12 UTC 2019 + Not After: Thu Oct 01 20:37:15 UTC 2037 + Subject: CN=Test Server + Subject Public Key Algorithm: GOST R 34.10-2012-512 + Algorithm Security Level: Future (512 bits) + Curve: TC26-512-A + Digest: STREEBOG-512 + ParamSet: TC26-Z + X: + 64:13:c4:c7:fc:9d:b1:20:7a:8a:f0:50:9e:c6:5f:72 + 01:35:e0:fd:98:db:48:33:c0:96:a0:57:51:ea:09:c2 + 14:f5:d1:90:d2:19:52:42:b9:b3:b1:cb:7d:94:b7:0b + 00:fa:4e:e0:bc:67:20:96:63:96:de:e8:89:66:f6:50 + Y: + 6e:7b:a4:9f:0b:17:d1:ce:f9:ee:e2:e7:b4:4f:0e:ce + 6d:06:15:31:1f:05:69:da:bd:25:89:99:45:2a:32:d3 + 55:81:e5:96:25:73:ab:6b:43:0c:84:70:9e:65:97:05 + 1a:23:1f:a4:97:2e:0c:4f:15:cb:3a:1e:d2:95:46:4f + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Subject Alternative Name (not critical): + DNSname: localhost + Key Purpose (not critical): + TLS WWW Server. + Key Usage (critical): + Digital signature. + Subject Key Identifier (not critical): + 04e41e66a4bf78e63e28bb34eed6956a20d47616 + Authority Key Identifier (not critical): + 74cf59b3e174a809e4debf3b7ad63094343e5a4a + Signature Algorithm: GOSTR341012-512 + Signature: + d2:3b:41:c0:58:3d:4b:4f:91:ca:e3:68:37:34:c7:bf + bd:4b:af:6d:40:ec:53:6f:73:a2:f2:ef:ad:bb:c2:c2 + 10:7e:39:a7:75:e3:1a:23:9c:b1:2e:ca:8e:04:34:22 + 94:0b:24:dc:d0:c8:a1:ec:3a:23:59:bb:0f:f4:87:e9 + 24:64:34:42:4e:8f:76:e8:c2:d4:b2:b7:4c:7d:b5:51 + 41:65:4d:6e:f3:29:89:8f:aa:76:b0:bc:a7:7d:56:21 + 88:46:b1:42:83:9a:7d:2c:45:c0:1c:bc:6a:0e:43:3d + 09:6a:0e:3d:11:10:ce:ee:4c:3d:cc:d6:81:42:08:b9 +Other Information: + Fingerprint: + sha1:087e529deb0bc108e536c79fbaf6d9a67655caac + sha256:3ec70a1ba9610ef92429681a82f3d8da299dce0a54b9ecbabbe618de4bd79d3e + Public Key ID: + sha1:817128c34ab7d8f90b2498e56735c9dee8b4cc44 + sha256:7e1c1612baf3fa9fbdf653456639b59124e462a6599ece01c2a64b902847755b + Public Key PIN: + pin-sha256:fhwWErrz+p+99lNFZjm1kSTkYqZZns4BwqZLkChHdVs= + +-----BEGIN CERTIFICATE----- +MIICOjCCAaagAwIBAgIUM1rl1X0+lDjgDHpz5M84MxNFv+4wCgYIKoUDBwEBAwMw +EjEQMA4GA1UEAxMHVGVzdCBDQTAeFw0xOTEwMDcyMDM3MTJaFw0zNzEwMDEyMDM3 +MTVaMBYxFDASBgNVBAMTC1Rlc3QgU2VydmVyMIGgMBcGCCqFAwcBAQECMAsGCSqF +AwcBAgECAQOBhAAEgYBQ9maJ6N6WY5YgZ7zgTvoAC7eUfcuxs7lCUhnSkNH1FMIJ +6lFXoJbAM0jbmP3gNQFyX8aeUPCKeiCxnfzHxBNkT0aV0h46yxVPDC6XpB8jGgWX +ZZ5whAxDa6tzJZblgVXTMipFmYklvdppBR8xFQZtzg5PtOfi7vnO0RcLn6R7bqOB +jTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNVHSUE +DDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQE5B5mpL94 +5j4ouzTu1pVqINR2FjAfBgNVHSMEGDAWgBR0z1mz4XSoCeTevzt61jCUND5aSjAK +BggqhQMHAQEDAwOBgQDSO0HAWD1LT5HK42g3NMe/vUuvbUDsU29zovLvrbvCwhB+ +Oad14xojnLEuyo4ENCKUCyTc0Mih7DojWbsP9IfpJGQ0Qk6PdujC1LK3TH21UUFl +TW7zKYmPqnawvKd9ViGIRrFCg5p9LEXAHLxqDkM9CWoOPREQzu5MPczWgUIIuQ== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/gost-cert-nogost.pem b/tests/cert-tests/data/gost-cert-nogost.pem new file mode 100644 index 0000000..d393374 --- /dev/null +++ b/tests/cert-tests/data/gost-cert-nogost.pem @@ -0,0 +1,47 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 011f + Issuer: CN=SuperPlat CA 01,OU=SuperPlat CA,O=SuperPlat,L=Moscow,ST=Russia,C=RU + Validity: + Not Before: Fri Aug 17 06:47:36 UTC 2012 + Not After: Sat Aug 17 06:47:36 UTC 2013 + Subject: CN=SuperTerm0000001,OU=SuperPlat Terminals,O=SuperPlat,L=Moscow,ST=Russia,C=RU +error importing public key: The curve is unsupported + Subject Public Key Algorithm: GOST R 34.10-2001 + Extensions: + Basic Constraints (not critical): + Certificate Authority (CA): FALSE + Unknown extension 2.16.840.1.113730.1.13 (not critical): + ASCII: ..OpenSSL Generated Certificate + Hexdump: 161d4f70656e53534c2047656e657261746564204365727469666963617465 + Subject Key Identifier (not critical): + 43fe227895724f4e3a74f264e4fd0b800c082e03 + Authority Key Identifier (not critical): + 9875a3b785c1641b23344d9bfbae0c2a256b44eb + Signature Algorithm: GOSTR341001 +warning: signed using a broken signature algorithm that can be forged. + Signature: + 8f:37:24:fd:be:f0:37:d9:f3:1a:5c:31:5e:33:ef:35 + 61:93:07:03:3d:4d:e8:2c:1b:39:a2:6c:d4:2f:85:35 + b2:43:1d:ed:b5:15:45:c7:10:38:41:28:68:29:62:20 + e6:92:8a:64:34:87:b8:b9:9f:ab:c8:04:6d:26:55:99 +Other Information: + Fingerprint: + sha1:621f34c4fdd7e93f9b8f18224ba0bcd1c63a4771 + sha256:ac6ecf4e7a876edf3e61f538d6061353c2015bfbdf60370492f7404d7f09e13a + +-----BEGIN CERTIFICATE----- +MIICXjCCAgugAwIBAgICAR8wCgYGKoUDAgIDBQAwdDELMAkGA1UEBhMCUlUxDzAN +BgNVBAgMBlJ1c3NpYTEPMA0GA1UEBwwGTW9zY293MRIwEAYDVQQKDAlTdXBlclBs +YXQxFTATBgNVBAsMDFN1cGVyUGxhdCBDQTEYMBYGA1UEAwwPU3VwZXJQbGF0IENB +IDAxMB4XDTEyMDgxNzA2NDczNloXDTEzMDgxNzA2NDczNlowfDELMAkGA1UEBhMC +UlUxDzANBgNVBAgMBlJ1c3NpYTEPMA0GA1UEBwwGTW9zY293MRIwEAYDVQQKDAlT +dXBlclBsYXQxHDAaBgNVBAsME1N1cGVyUGxhdCBUZXJtaW5hbHMxGTAXBgNVBAMM +EFN1cGVyVGVybTAwMDAwMDEwYzAcBgYqhQMCAhMwEgYHKoUDAgIjAQYHKoUDAgIe +AQNDAARA69rbaWL2GSV1NVaWMSrWRX8d/frrwbVjJerPQKjyNeDYZxgSjTTp3dck +6fQLx2OjQsu6n+vdyBPQex/iwbJBV6N7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC +AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEP+ +IniVck9OOnTyZOT9C4AMCC4DMB8GA1UdIwQYMBaAFJh1o7eFwWQbIzRNm/uuDCol +a0TrMAoGBiqFAwICAwUAA0EAjzck/b7wN9nzGlwxXjPvNWGTBwM9TegsGzmibNQv +hTWyQx3ttRVFxxA4QShoKWIg5pKKZDSHuLmfq8gEbSZVmQ== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/gost-cert.pem b/tests/cert-tests/data/gost-cert.pem new file mode 100644 index 0000000..cd9459f --- /dev/null +++ b/tests/cert-tests/data/gost-cert.pem @@ -0,0 +1,61 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 011f + Issuer: CN=SuperPlat CA 01,OU=SuperPlat CA,O=SuperPlat,L=Moscow,ST=Russia,C=RU + Validity: + Not Before: Fri Aug 17 06:47:36 UTC 2012 + Not After: Sat Aug 17 06:47:36 UTC 2013 + Subject: CN=SuperTerm0000001,OU=SuperPlat Terminals,O=SuperPlat,L=Moscow,ST=Russia,C=RU + Subject Public Key Algorithm: GOST R 34.10-2001 + Algorithm Security Level: High (256 bits) + Curve: CryptoPro-A + Digest: GOSTR341194 + ParamSet: CryptoPro-A + X: + e0:35:f2:a8:40:cf:ea:25:63:b5:c1:eb:fa:fd:1d:7f + 45:d6:2a:31:96:56:35:75:25:19:f6:62:69:db:da:eb + Y: + 57:41:b2:c1:e2:1f:7b:d0:13:c8:dd:eb:9f:ba:cb:42 + a3:63:c7:0b:f4:e9:24:d7:dd:e9:34:8d:12:18:67:d8 + Extensions: + Basic Constraints (not critical): + Certificate Authority (CA): FALSE + Unknown extension 2.16.840.1.113730.1.13 (not critical): + ASCII: ..OpenSSL Generated Certificate + Hexdump: 161d4f70656e53534c2047656e657261746564204365727469666963617465 + Subject Key Identifier (not critical): + 43fe227895724f4e3a74f264e4fd0b800c082e03 + Authority Key Identifier (not critical): + 9875a3b785c1641b23344d9bfbae0c2a256b44eb + Signature Algorithm: GOSTR341001 +warning: signed using a broken signature algorithm that can be forged. + Signature: + 8f:37:24:fd:be:f0:37:d9:f3:1a:5c:31:5e:33:ef:35 + 61:93:07:03:3d:4d:e8:2c:1b:39:a2:6c:d4:2f:85:35 + b2:43:1d:ed:b5:15:45:c7:10:38:41:28:68:29:62:20 + e6:92:8a:64:34:87:b8:b9:9f:ab:c8:04:6d:26:55:99 +Other Information: + Fingerprint: + sha1:621f34c4fdd7e93f9b8f18224ba0bcd1c63a4771 + sha256:ac6ecf4e7a876edf3e61f538d6061353c2015bfbdf60370492f7404d7f09e13a + Public Key ID: + sha1:43757042dae9e9f5fa92cc2d2cbf4950f28a7bd0 + sha256:cee4a59e7803bafb101af8e39e5355d7895e3b85e7616fe624d48f2c51e8bdbf + Public Key PIN: + pin-sha256:zuSlnngDuvsQGvjjnlNV14leO4XnYW/mJNSPLFHovb8= + +-----BEGIN CERTIFICATE----- +MIICXjCCAgugAwIBAgICAR8wCgYGKoUDAgIDBQAwdDELMAkGA1UEBhMCUlUxDzAN +BgNVBAgMBlJ1c3NpYTEPMA0GA1UEBwwGTW9zY293MRIwEAYDVQQKDAlTdXBlclBs +YXQxFTATBgNVBAsMDFN1cGVyUGxhdCBDQTEYMBYGA1UEAwwPU3VwZXJQbGF0IENB +IDAxMB4XDTEyMDgxNzA2NDczNloXDTEzMDgxNzA2NDczNlowfDELMAkGA1UEBhMC +UlUxDzANBgNVBAgMBlJ1c3NpYTEPMA0GA1UEBwwGTW9zY293MRIwEAYDVQQKDAlT +dXBlclBsYXQxHDAaBgNVBAsME1N1cGVyUGxhdCBUZXJtaW5hbHMxGTAXBgNVBAMM +EFN1cGVyVGVybTAwMDAwMDEwYzAcBgYqhQMCAhMwEgYHKoUDAgIjAQYHKoUDAgIe +AQNDAARA69rbaWL2GSV1NVaWMSrWRX8d/frrwbVjJerPQKjyNeDYZxgSjTTp3dck +6fQLx2OjQsu6n+vdyBPQex/iwbJBV6N7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC +AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEP+ +IniVck9OOnTyZOT9C4AMCC4DMB8GA1UdIwQYMBaAFJh1o7eFwWQbIzRNm/uuDCol +a0TrMAoGBiqFAwICAwUAA0EAjzck/b7wN9nzGlwxXjPvNWGTBwM9TegsGzmibNQv +hTWyQx3ttRVFxxA4QShoKWIg5pKKZDSHuLmfq8gEbSZVmQ== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/gost01.p12 b/tests/cert-tests/data/gost01.p12 new file mode 100644 index 0000000..1420fbc Binary files /dev/null and b/tests/cert-tests/data/gost01.p12 differ diff --git a/tests/cert-tests/data/gost12-2.p12 b/tests/cert-tests/data/gost12-2.p12 new file mode 100644 index 0000000..d7b7a62 Binary files /dev/null and b/tests/cert-tests/data/gost12-2.p12 differ diff --git a/tests/cert-tests/data/gost12.p12 b/tests/cert-tests/data/gost12.p12 new file mode 100644 index 0000000..d7b7a62 Binary files /dev/null and b/tests/cert-tests/data/gost12.p12 differ diff --git a/tests/cert-tests/data/gost94-cert.pem b/tests/cert-tests/data/gost94-cert.pem new file mode 100644 index 0000000..f4d63fb --- /dev/null +++ b/tests/cert-tests/data/gost94-cert.pem @@ -0,0 +1,33 @@ +X.509 Certificate Information: + Version: 1 + Serial Number (hex): 230ee360469524cec70be494182e7eeb + Issuer: EMAIL=GostR3410-94@example.com,C=RU,O=CryptoPro,CN=GostR3410-94 example + Validity: + Not Before: Tue Aug 16 12:32:50 UTC 2005 + Not After: Sun Aug 16 12:32:50 UTC 2015 + Subject: EMAIL=GostR3410-94@example.com,C=RU,O=CryptoPro,CN=GostR3410-94 example + Subject Public Key Algorithm: 1.2.643.2.2.20 + Signature Algorithm: 1.2.643.2.2.4 + Signature: + 11:c7:08:7e:12:dc:02:f1:02:23:29:47:76:8f:47:2a + 81:83:50:e3:07:cc:f2:e4:31:23:89:42:c8:73:e1:de + 22:f7:85:f3:55:bd:94:ec:46:91:9c:67:ac:58:d7:05 + 2a:a7:8c:b7:85:2a:01:75:85:f7:d7:38:03:fb:cd:43 +Other Information: + Fingerprint: + sha1:d43782a1f943a966f4ea1ac96bd048fe68d4d951 + sha256:19260c765a2c820be3612dc0431c045d37570f8e4de58ba218f10a8eeb0d42d7 + +-----BEGIN CERTIFICATE----- +MIICCzCCAboCECMO42BGlSTOxwvklBgufuswCAYGKoUDAgIEMGkxHTAbBgNVBAMM +FEdvc3RSMzQxMC05NCBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8xCzAJBgNV +BAYTAlJVMScwJQYJKoZIhvcNAQkBFhhHb3N0UjM0MTAtOTRAZXhhbXBsZS5jb20w +HhcNMDUwODE2MTIzMjUwWhcNMTUwODE2MTIzMjUwWjBpMR0wGwYDVQQDDBRHb3N0 +UjM0MTAtOTQgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYDVQQGEwJS +VTEnMCUGCSqGSIb3DQEJARYYR29zdFIzNDEwLTk0QGV4YW1wbGUuY29tMIGlMBwG +BiqFAwICFDASBgcqhQMCAiACBgcqhQMCAh4BA4GEAASBgLuEZuF5nls02CyAfxOo +GWZxV/6MVCUhR28wCyd3RpjG+0dVvrey85NsObVCNyaE4g0QiiQOHwxCTSs7ESuo +v2Y5MlyUi8Go/htjEvYJJYfMdRv05YmKCYJo01x3pg+2kBATjeM+fJyR1qwNCCw+ +eMG1wra3Gqgqi0WBkzIydvp7MAgGBiqFAwICBANBABHHCH4S3ALxAiMpR3aPRyqB +g1DjB8zy5DEjiULIc+HeIveF81W9lOxGkZxnrFjXBSqnjLeFKgF1hffXOAP7zUM= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/grfc.crt b/tests/cert-tests/data/grfc.crt new file mode 100644 index 0000000..fe7700e --- /dev/null +++ b/tests/cert-tests/data/grfc.crt @@ -0,0 +1,89 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 0c8c4093bbe693bd430bf51826031d05 + Issuer: CN=УЦ ФГУП \"ГРЧЦ\",O=ФГУП \"ГРЧЦ\",L=МоÑква,ST=77 г. МоÑква,C=RU,EMAIL=pki-grfc@grfc.ru,street=ДербеневÑÐºÐ°Ñ Ð½Ð°Ð±. д. 7 ÑÑ‚Ñ€. 15,INN=007706228218,OGRN=1027739334479 + Validity: + Not Before: Tue Mar 12 07:38:26 UTC 2013 + Not After: Sun Mar 12 07:46:00 UTC 2028 + Subject: CN=УЦ ФГУП \"ГРЧЦ\",O=ФГУП \"ГРЧЦ\",L=МоÑква,ST=77 г. МоÑква,C=RU,EMAIL=pki-grfc@grfc.ru,street=ДербеневÑÐºÐ°Ñ Ð½Ð°Ð±. д. 7 ÑÑ‚Ñ€. 15,INN=007706228218,OGRN=1027739334479 + Subject Public Key Algorithm: GOST R 34.10-2001 + Algorithm Security Level: High (256 bits) + Curve: CryptoPro-A + Digest: GOSTR341194 + ParamSet: CryptoPro-A + X: + 3c:be:60:cc:c2:77:02:f6:ef:c0:fc:2c:71:69:99:61 + c0:55:d0:b9:e8:27:1d:4b:7f:1f:98:90:27:b6:53:96 + Y: + f5:df:19:10:28:26:33:cf:0c:ad:a4:f7:5c:e4:22:f0 + 45:78:d6:de:78:3d:c2:bf:9c:c5:30:8a:63:34:ff:c8 + Extensions: + Subject Signing Tool(not critical): + "КриптоПро CSP" (верÑÐ¸Ñ 3.6) + Issuer Signing Tool(not critical): + SignTool: "КриптоПро CSP" (верÑÐ¸Ñ 3.6) + CATool: "УдоÑтоверÑющий центр "КриптоПро УЦ" верÑии 1.5 + SignToolCert: Сертификат ÑоответÑÑ‚Ð²Ð¸Ñ â„– СФ/121-1859 от 17.06.2012 + CAToolCert: Сертификат ÑоответÑÑ‚Ð²Ð¸Ñ â„– СФ/128-1822 от 01.06.2012 + Key Usage (not critical): + Digital signature. + Certificate signing. + CRL signing. + Basic Constraints (critical): + Certificate Authority (CA): TRUE + Subject Key Identifier (not critical): + 6b00868389d200cf56b86be4e336101e1f72aec3 + Unknown extension 1.3.6.1.4.1.311.21.1 (not critical): + ASCII: ... + Hexdump: 020100 + Certificate Policies (not critical): + 1.2.643.100.113.1 (Russian security class KC1) + 1.2.643.100.113.2 (Russian security class KC2) + 2.5.29.32.0 (anyPolicy) + Signature Algorithm: GOSTR341001 +warning: signed using a broken signature algorithm that can be forged. + Signature: + bd:95:dd:5f:3a:2b:74:a5:29:62:20:c2:24:a8:8b:a0 + 13:1a:21:f5:4a:d6:2e:b1:3f:f5:50:e9:96:a0:a2:c9 + 79:09:15:a2:41:c0:60:e1:1d:3f:25:8d:88:f4:4c:60 + f3:0f:4e:e3:29:6e:b8:6e:01:b4:03:2c:07:8f:27:37 +Other Information: + Fingerprint: + sha1:c2040cc02f1d7e50abfdd1b597213579be2d0573 + sha256:d9e6a4abdce8ac2ca7d394be7dce745e0565f0da1de382538ccc32b21a86d73c + Public Key ID: + sha1:6b00868389d200cf56b86be4e336101e1f72aec3 + sha256:1e6b34a93b04a67bfb05270b3f26b9c945f095f24ab7fc2fe8ca4cce01a45682 + Public Key PIN: + pin-sha256:Hms0qTsEpnv7BScLPya5yUXwlfJKt/wv6MpMzgGkVoI= + +-----BEGIN CERTIFICATE----- +MIIFGDCCBMegAwIBAgIQDIxAk7vmk71DC/UYJgMdBTAIBgYqhQMCAgMwggEWMRgw +FgYFKoUDZAESDTEwMjc3MzkzMzQ0NzkxGjAYBggqhQMDgQMBARIMMDA3NzA2MjI4 +MjE4MTowOAYDVQQJDDHQlNC10YDQsdC10L3QtdCy0YHQutCw0Y8g0L3QsNCxLiDQ +tC4gNyDRgdGC0YAuIDE1MR8wHQYJKoZIhvcNAQkBFhBwa2ktZ3JmY0BncmZjLnJ1 +MQswCQYDVQQGEwJSVTEcMBoGA1UECAwTNzcg0LMuINCc0L7RgdC60LLQsDEVMBMG +A1UEBwwM0JzQvtGB0LrQstCwMRwwGgYDVQQKDBPQpNCT0KPQnyAi0JPQoNCn0KYi +MSEwHwYDVQQDDBjQo9CmINCk0JPQo9CfICLQk9Cg0KfQpiIwHhcNMTMwMzEyMDcz +ODI2WhcNMjgwMzEyMDc0NjAwWjCCARYxGDAWBgUqhQNkARINMTAyNzczOTMzNDQ3 +OTEaMBgGCCqFAwOBAwEBEgwwMDc3MDYyMjgyMTgxOjA4BgNVBAkMMdCU0LXRgNCx +0LXQvdC10LLRgdC60LDRjyDQvdCw0LEuINC0LiA3INGB0YLRgC4gMTUxHzAdBgkq +hkiG9w0BCQEWEHBraS1ncmZjQGdyZmMucnUxCzAJBgNVBAYTAlJVMRwwGgYDVQQI +DBM3NyDQsy4g0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxHDAa +BgNVBAoME9Ck0JPQo9CfICLQk9Cg0KfQpiIxITAfBgNVBAMMGNCj0KYg0KTQk9Cj +0J8gItCT0KDQp9CmIjBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4BA0MA +BECWU7YnkJgff0sdJ+i50FXAYZlpcSz8wO/2AnfCzGC+PMj/NGOKMMWcv8I9eN7W +eEXwIuRc96StDM8zJigQGd/1o4IB6TCCAeUwNgYFKoUDZG8ELQwrItCa0YDQuNC/ +0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gMy42KTCCATMGBSqFA2RwBIIB +KDCCASQMKyLQmtGA0LjQv9GC0L7Qn9GA0L4gQ1NQIiAo0LLQtdGA0YHQuNGPIDMu +NikMUyLQo9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQvdGC0YAgItCa +0YDQuNC/0YLQvtCf0YDQviDQo9CmIiDQstC10YDRgdC40LggMS41DE/QodC10YDR +gtC40YTQuNC60LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQv +MTIxLTE4NTkg0L7RgiAxNy4wNi4yMDEyDE/QodC10YDRgtC40YTQuNC60LDRgiDR +gdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQvMTI4LTE4MjIg0L7RgiAw +MS4wNi4yMDEyMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRrAIaDidIAz1a4a+TjNhAeH3KuwzAQBgkrBgEEAYI3FQEEAwIBADAlBgNVHSAE +HjAcMAgGBiqFA2RxATAIBgYqhQNkcQIwBgYEVR0gADAIBgYqhQMCAgMDQQC9ld1f +Oit0pSliIMIkqIugExoh9UrWLrE/9VDplqCiyXkJFaJBwGDhHT8ljYj0TGDzD07j +KW64bgG0AywHjyc3 +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/inhibit-anypolicy.pem b/tests/cert-tests/data/inhibit-anypolicy.pem new file mode 100644 index 0000000..b2778c9 --- /dev/null +++ b/tests/cert-tests/data/inhibit-anypolicy.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIELzCCA5igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMTcwNDIyMDAwMDAwWhcNMjQw +NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG +A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE +AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE +DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMAPzTo0+1jP5iqvrVIf +z7OH5NTe9yufEyVcwT5b90WN0P+1uZVzevBl2p3cjRfQxFZkXVMc0W0pbmO8ec6Q +dvgzzlE+78v9rX+S266TbE+TfwOASfk0TBJP+QNou2nnoe5lOvJS9Ht0N9cEunlu +LL7L+JnX+yvGuzn1R8ZV5YR7AgMBAAGjggFFMIIBQTAPBgNVHRMBAf8EBTADAQH/ +MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX +d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo +ZXJlQG5vbmUub3JnMA0GA1UdNgEB/wQDAgEDMBMGA1UdJQQMMAoGCCsGAQUFBwMJ +MA4GA1UdDwEB/wQEAwIChDAdBgNVHQ4EFgQUdTq3/HNkKRRJYRH9zpDL9j0cihMw +bwYDVR0fBGgwZjBkoGKgYIYeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDEv +hh5odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6Ly93d3cuZ2V0 +Y3JsLmNybC9nZXRjcmwzLzANBgkqhkiG9w0BAQsFAAOBgQApkDINv157fSOu6frn +uEGqK9EvX5t48v8oEAhgbWxcHYJ9d7C6WFUvkji3iMW6LeZDN1zmW8k47BKVNbq0 +dwWLWzo7q78nbfLE+0Me9+O4DY8c6bPSXoXW93YE40qpIoaCqXMmDHXEwX0EYYsW +6nVPtCld0MKrQym2hGoSY/odfw== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/invalid-date-day.der b/tests/cert-tests/data/invalid-date-day.der new file mode 100644 index 0000000..76e7ec1 Binary files /dev/null and b/tests/cert-tests/data/invalid-date-day.der differ diff --git a/tests/cert-tests/data/invalid-date-hour.der b/tests/cert-tests/data/invalid-date-hour.der new file mode 100644 index 0000000..5bdf8eb Binary files /dev/null and b/tests/cert-tests/data/invalid-date-hour.der differ diff --git a/tests/cert-tests/data/invalid-date-mins.der b/tests/cert-tests/data/invalid-date-mins.der new file mode 100644 index 0000000..47054dd Binary files /dev/null and b/tests/cert-tests/data/invalid-date-mins.der differ diff --git a/tests/cert-tests/data/invalid-date-month.der b/tests/cert-tests/data/invalid-date-month.der new file mode 100644 index 0000000..e3cbf73 Binary files /dev/null and b/tests/cert-tests/data/invalid-date-month.der differ diff --git a/tests/cert-tests/data/invalid-date-secs.der b/tests/cert-tests/data/invalid-date-secs.der new file mode 100644 index 0000000..f796a30 Binary files /dev/null and b/tests/cert-tests/data/invalid-date-secs.der differ diff --git a/tests/cert-tests/data/invalid-sig.pem b/tests/cert-tests/data/invalid-sig.pem new file mode 100644 index 0000000..bfc5941 --- /dev/null +++ b/tests/cert-tests/data/invalid-sig.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAYegAwIBAgIIVOekqzUa8EgwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNTAyMjAyMTE4MzVaGA85OTk5MTIzMTIz +NTk1OVowIzEhMB8GA1UEAwwYRGlmZmVyZW50IHNpZyBpbiBQS0NTICMxMIGfMA0G +CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKivjLpeml2GINsAimC6xwTxj44mLcxS+u +69yFXFg2Z/AepUU+IvfqVOeRVgg1WHrh+DZLuoC6kwn7a2afUTzytrITKni+J14E +Na/ZcF2MrhSM8WZ1NWrmvUltjkbJQIwyVPuIweRH1ECqSFxVqBT8RwYZ27FzTL8W +F1JnlSlKuQIDAQABo2EwXzAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHoAAw +HQYDVR0OBBYEFK9VbbSoqbHWgZwkzN57nbmAyyTwMB8GA1UdIwQYMBaAFE1Wt2oA +WPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQADwDKSAp8T4qJ8VtDC +c/eSP0UX0vO5mKrjUr6Vi45Ojf/0+WoFivK7fXtuK6R9vNVUo4u8kI50S1O58tRF +3/W03bydy2ptE8vKC1pRGR1fB0AuUYa+mLa96ueQ4Q8sbOHwcG59St1N/qQLhzty +vLlmCsrKwHi/tM1kysstvMOK4f9K47vPtSv8sh26+4bzwJ3jMMOLh1mB7dSbrdbd +YVjq7ltBbM2C7XdNPMKrDZ0bKll6AhkVkM6zSF7DHp4DnVFeVmTE4CkXMFYqp4EC +HHM/OLS6EqBGfVSSfezgr5kLPijdVYx8ZG53Sdkjcim+1p3GMlUMPC5DFd1kLZc1 +yCgpH9a/Vn7eu4hydDoxVGawMRm2iM3JaB7+Hsbr07Td5ni2/nXtCFRGgurTbITm +1k19 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV +BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB +OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL +dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb +HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08 +WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3 +F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3 +a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe +oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/ +MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P +MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH +VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc +4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s +V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK +VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u +f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv +ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/invalid-sig2.pem b/tests/cert-tests/data/invalid-sig2.pem new file mode 100644 index 0000000..69163e2 --- /dev/null +++ b/tests/cert-tests/data/invalid-sig2.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIICwzCCAXugAwIBAgIIVOei+gI+zMYwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNTAyMjAyMTExMjJaGA85OTk5MTIzMTIz +NTk1OVowFzEVMBMGA1UEAxMMV3Jvbmcgc2lnYWxnMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDKivjLpeml2GINsAimC6xwTxj44mLcxS+u69yFXFg2Z/AepUU+ +IvfqVOeRVgg1WHrh+DZLuoC6kwn7a2afUTzytrITKni+J14ENa/ZcF2MrhSM8WZ1 +NWrmvUltjkbJQIwyVPuIweRH1ECqSFxVqBT8RwYZ27FzTL8WF1JnlSlKuQIDAQAB +o2EwXzAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFK9V +bbSoqbHWgZwkzN57nbmAyyTwMB8GA1UdIwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMB +A+/PMA0GCSqGSIb3DQEBBAUAA4IBMQCT2A88WEahnJgfXTjLbThqc/ICOg4dnk61 +zhaTkgK3is7T8gQrTqEbaVF4qu5gOLN6Z+xluii+ApZKKpKSyYLXS6MS3nJ6xGTi +SOqixmPv7qfQnkUvUTagZymnWQ3GxRxjAv65YpmGyti+/TdkYWDQ9R/D/sWPJO8o +YrFNw1ZXAaNMg4EhhGZ4likMlww+e5NPfJsJ32AovveTFKqSrvabb4UtrUJTwsC4 +Bd018g2MEhTkxeTQTqzIL98CoSBJjbbZD/YW13J/3xU590QpHTgni5hAni27IFLr +1V+UJAglBs8qYiUzv/GjwbRt8TDzYVjvc+5MvPaGpoTcmdQyi9/L+3s8J6dX3i93 +TneIXeExwjTmXKL7NG+KQz9/F4FJChRXR6X1zsSB45DzoCoGMmzD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV +BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB +OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL +dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb +HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08 +WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3 +F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3 +a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe +oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/ +MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P +MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH +VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc +4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s +V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK +VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u +f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv +ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/invalid-sig3.pem b/tests/cert-tests/data/invalid-sig3.pem new file mode 100644 index 0000000..40c610f --- /dev/null +++ b/tests/cert-tests/data/invalid-sig3.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIC1DCCAYygAwIBAgIIVOem0AaBE/EwDQYJKoZIhvcNAQEEBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNTAyMjAyMTI3NDRaGA85OTk5MTIzMTIz +NTk1OVowKDEmMCQGA1UEAxMdSW52YWxpZCB0YnNDZXJ0aWZpY2F0ZSBzaWdhbGcw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqK+Mul6aXYYg2wCKYLrHBPGPji +YtzFL67r3IVcWDZn8B6lRT4i9+pU55FWCDVYeuH4Nku6gLqTCftrZp9RPPK2shMq +eL4nXgQ1r9lwXYyuFIzxZnU1aua9SW2ORslAjDJU+4jB5EfUQKpIXFWoFPxHBhnb +sXNMvxYXUmeVKUq5AgMBAAGjYTBfMAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUD +AwegADAdBgNVHQ4EFgQUr1VttKipsdaBnCTM3nuduYDLJPAwHwYDVR0jBBgwFoAU +TVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQADggExAEsjzyOB8ntk +1BW4UhHdDSOZNrR4Ep0y2B3tjoOlXmcQD50WQb7NF/vYGeZN/y+WHEF9OAnneEIi +5wRHLnm1jP/bXd5Po3EsaTLmpE7rW99DYlHaNRcF5z+a+qTdj7mRsnUtv6o2ItNT +m81yQr0Lw0D31agU9IAzeXZy+Dm6dQnO1GAaHlOJQR1PZIOzOtYxqodla0qxuvga +nL+quIR29t8nb7j+n8l1+2WxCUoxEO0wv37t3MQxjXUxzGfo5NDcXqH1364UBzdM +rOBPX50B4LUyV5gNdWMIGVSMX3fTE+j3b+60w6NALXDzGoSGLQH48hpi/Mxzqctt +gl58/RqS+nTNQ7c6QMhTj+dgaCE/DUGJJf0354dYp7p43nabr+ZtaMPUaGUQ/1UC +C5/QFweC23w= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV +BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB +OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL +dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb +HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08 +WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3 +F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3 +a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe +oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/ +MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P +MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH +VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc +4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s +V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK +VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u +f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv +ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/invalid-sig4.pem b/tests/cert-tests/data/invalid-sig4.pem new file mode 100644 index 0000000..f039e3c --- /dev/null +++ b/tests/cert-tests/data/invalid-sig4.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID1jCCAr2gAwIBAgIDAjbRMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMTAwMjE5MjI0NTA1WhcNMjAwMjE4MjI0NTA1WjA8MQswCQYDVQQG +EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xFDASBgNVBAMTC1JhcGlkU1NM +IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3H4Vsce2cy1rfa0 +l6P7oeYLUF9QqjraD/w9KSRDxhApwfxVQHLuverfn7ZB9EhLyG7+T1cSi1v6kt1e +6K3z8Buxe037z/3R5fjj3Of1c3/fAUnPjFbBvTfjW761T4uL8NpPx+PdVUdp3/Jb +ewdPPeWsIcHIHXro5/YPoar1b96oZU8QiZwD84l6pV4BcjPtqelaHnnzh8jfyMX8 +N8iamte4dsywPuf95lTq319SQXhZV63xEtZ/vNWfcNMFbPqjfWdY3SZiHTGSDHl5 +HI7PynvBZq+odEj7joLCniyZXHstXZu8W1eefDp6E63yoxhbK1kPzVw662gzxigd +gtFQiwIDAQABo4HZMIHWMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa2k9ahhC +St2PAmU5/TUkhniRFjAwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4w +EgYDVR0TAQH/BAgwBgEB/wIBADA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3Js +Lmdlb3RydXN0LmNvbS9jcmxzL2d0Z2xvYmFsLmNybDA0BggrBgEFBQcBAQQoMCYw +JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdlb3RydXN0LmNvbTAOBgkqhkiG9w0B +AQUEAUEDggEBAKu8vApdGJTjwbHDqExV1r60mPHuPBzNz/MkJFyWAydY/Dauoi+P +8f7aKwLDM73I3UgiK2APpQMQ/Xf40O2WZ0/96kcgcFTcqQxVfuGWJYrZtdpXSr6N +jklDY6VsTieHJetbbf6ifzgo4DarrTmlpWLEt1xYLKpdAWCmYmejwMdiI/TnbEbu +tdOAaiIT0i0/dE/qr4xftDic267Or4QepvY0UVl50+N13LzX83PfkuzSIFlvnPuV ++JJ2GAp8Dyymyt6KYnvY885faL2PPsF0uxVyOhaDqQvmTZmc2FfsqAFRx29XNF6r +SixC9k8ciXjeJk71b5NMFWsnVk0AVGx6t7c= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/invalid-sig5.pem b/tests/cert-tests/data/invalid-sig5.pem new file mode 100644 index 0000000..f7a148c --- /dev/null +++ b/tests/cert-tests/data/invalid-sig5.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDmjCCAlKgAwIBAgIMWXnRYyHbNWzuFxmzMD0GCSqGSIb3DQEBCjAwoA0wCwYJ +YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAMA8xDTAL +BgNVBAMTBENBLTAwIBcNMTcwNzI3MTE0MTIzWhgPOTk5OTEyMzEyMzU5NTlaMA8x +DTALBgNVBAMTBENBLTEwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIB +oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBDwAwggEKAoIBAQDB +uQ2UwKWT1BfN6H2B3svKL34aPW/+MTfN8McvExZsZYuQyRxeG8SV4uJ+GAtJ/Ml/ +eaUqiKG0pNCna846FUtAax/0quuVSaZ2xOVA3lMKj2frtRLJ3W6ZaglCHkZUHhII +JEtE1s0F8aaaZ6X4/57OAi6uyFNuBSBsp3giQS6SrtFMbhq7OuSSt2T14XlVGvAI +TiO7t21+Eukq2jDGOerUax4Yxki4l8589uXu5IQzZalj42hr9YKbNb75RAICNnY8 +jxCezc0o8KNoDF0IAK7UERz6uUQElUh/bdm0k3UV+uVA6t0disZ4gdenPuLsGSVD +9fcbh/zFlv2V3A9HLJB3AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0P +AQH/BAUDAwcEADAdBgNVHQ4EFgQU6h4fxmpkIoNy/qx6u4Z13H7WN+QwHwYDVR0j +BBgwFoAUZ97LfvATPRiWxwNOO+sxC5ig8VkwPQYJKoZIhvcNAQEKMDCgDTALBglg +hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggEBAFGH +zxWW8R95wmmuDecuKf31LEKPubtaeqMRqt2Vk2mGCQOxcerl6MMGyl3w46hEkAjU +jAPwmNnB9xyEyqR5w2TYrpzsrnUcZn+6HzSiPTEJ0jhY2S8N2V+Bch1QgMwlgeaD +bZrY6qAG6PeqoQ8XhZ8+1sI/IpQKJHmmBN+qYbLFxEPjE4QnBahPbKfbpMY0MMX0 +uuI2nSBKcYmkYiWBYdydpP24VfeoUP0V6bXc5rrDdCNGp+AxUID51GT0AoMf2FGK +LeOLJtPqH7raz44pa1qezHq4gPeXC0Ende9j7IimpsdB6eDVle8UZipfeASq9XVL +F430KTcS7x42r71NZUU= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/key-ca-1234.p8 b/tests/cert-tests/data/key-ca-1234.p8 new file mode 100644 index 0000000..dc6b1da --- /dev/null +++ b/tests/cert-tests/data/key-ca-1234.p8 @@ -0,0 +1,10 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBfDAcBgoqhkiG9w0BDAEBMA4ECPvbksad11k/AgIBYASCAVqpBTCoK88VT4i2 +SP14VJrMGLz/QfnwH0MYpfPqCfYKy7GF7mF0LOV4KIG98J0l14R0sgS7666CAxvV +ByvdGafE77C2NdxoIzVwdC+wXISj8weztvOu8rkHizzouw0UYeoZgvcRg1TO1EUq +CnFRf4Ksmo47n6Pkz0OsyNFqXZEgC0E5ymu8frQtTlV30UPgzSMiPbP1aK45H7uc +7ccpXL+bZ1ycYyyVv1WLxHl8G65CUtEcDMMGSnSbSkId4EE2Obmwhy00FfvS4w8o +BugeBJhFpF8TnyyChoBDzXKerpiY934zNhUuk3B3Ayz2JHLJ6tSCwvdMEKaLDLl5 +4iLxuVNPpavBlIvsq9zHELfVjuYV4ZPEv2eHzEzgyUgtGRdmuL1TvsM3kOG4Beo3 +/9MAiJDmvY3CuzkqfFqdeJd6VzO3Z66Cqydvy3NnlmfpQarE2+6qi7CcQ5tvhW/I +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-ca-dsa.pem b/tests/cert-tests/data/key-ca-dsa.pem new file mode 100644 index 0000000..3510e95 --- /dev/null +++ b/tests/cert-tests/data/key-ca-dsa.pem @@ -0,0 +1,29 @@ +Setting log level to 2 +-----BEGIN DSA PRIVATE KEY----- +MIIE1wIBAAKCAYEAxNL8GlkBTtfIl06DRrANFXvHHwkNKPezAMORJphd0OaEU497 +W6ymgQJXo3eoXZJBoyHrwOMOFx0Y65ii1oRYbZT1eztDAkVk40FKmNQNWHCsq4Zj +LiMqXlAxhseGtval5AfeXWHEvGdHoiLzALLLZuXMYBRqh8rIgVHUb613aBdN2JhG +tAl1RHvXbZJwvnaCzRZuTy04Z90afaz52pJE3ASUsfvKGKVmkfdmluOlU7RhAEW0 +uW8SeDwfcBGpSME97WcbelRcuRHDkHaDv8QvtU0WtF9ig5LAi4amZ4KJk7B3CZoH +8v/zyDR6zCDevYf8rM9HTf2To1U5I8i+1TKJ8EAwNRLNoNPUh4YXgCjY8r5Q3NPt +MqEZJztKyDOR6o5x0AULXpjflE0LrjyHp1NtqzSfFcqUQoDyPsFuLTnkQYJzlfPE +X5TNCLHDByQw2TiDYlJdTp+YOWLDfAJ4dLL1cNHlsIWcsZLcMVnEz8sbWfJAk3sv +jsahYhZhTwqR5OizAiEA0TMc2t7JeZOgtHJeboc5CToKPmNB0uYx5A4a3K1UEk0C +ggGBAMC35py7lqAViVx3hQkro1GDSTaoCHpseOzmbHivF5Zx3ARkLkJywgd/8zjR +ghQQVGOYOw4btdJOaqNENtpvDM+FITuJD1ecNrBxEqfNXDhTsVQ8S0eC0LXxwG0u +k9qUEkljPhT1a+7CO+lbeVCpLfy6akK+9B4pnBCXdfQDkZA0FylXCxtX165Iuto8 +miJo2SI/qnK+P8E0KC3pY/ij3HH9aTJGVRDyq2XcD41H5hGNA0gFWwzha+vD0MVx +Yw/wuQXmUTBR42Y8o33HZdQkDz55ZdKRxk6v9CzSnzP0rvYQUxSzTZD9wfnPnHys +UJJvqz0jFaf3K+yEyo2SLP3w0vgEuRpNeyJ+2QcXC5ARv4JSFr52UOuTEo5UZxAb +ail8TMhB1EJEO7rm5499Vd8oTuohfHQudU0L6Br6AEy9vGJZd1lCyidcZJ0Bqj+y +zzUxGpQpgmrrfYYtuY5KXKz4HbHniwWwW4LGbNW2Ypks/C4nLjnfl56ElbBj26jG +VyDMigKCAYBEjw3ptLcuVYNAS53dtkP1uku/O+bfUh25oPVSnx1cd6YT8u0opvFA +HRK6U/fb8yvpxV7ILfJ4jC8FuWNal5ISdzmw4tddRvwmtT7AzuKvPhzum6TTpSiN +7CKjoGZ+nowuF2nKoUS6NMScP+LPnMvrgAQOcJZ0aGR3Ds8Ax5X9fkT5zalSIWlw +yzQPFwEvz0RozD/SGM0DRZ1ovyQGtFnVkPaDUCv1Zld31tdPTOusF/Ie1QOpJ4jd +SirVEF3K9e5qyGBM366a94CEl+GZywV1n+6IEfF6sGyee4JHeIO0IaQQKDRHisXi +iYTd7Cr3CS6oKK1EMDWbVuKeqzod+Tvk8+ExoarLcIaN2MIUfLA2PLlkhGdk9DIj +uJ2QG+qm8o3bGP43vtKEz93xgWH5uyPjT3Ff5OHQ7tp5k3E3XAWE3wJvTbp3nqVh +AW1+96xesu2j4LUQATtjEEXysbaOZKfmceP3L6DVwWgpMRY0PwpWVbVdlHIK+/73 +f5KeFIUPX44CIQCgUxkzi+BY/Xw8H1a0ebDANAuoH3zKJxPLt8Vm+b0JNA== +-----END DSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-ca-empty.p8 b/tests/cert-tests/data/key-ca-empty.p8 new file mode 100644 index 0000000..f86433f --- /dev/null +++ b/tests/cert-tests/data/key-ca-empty.p8 @@ -0,0 +1,10 @@ +-----BEGIN PRIVATE KEY----- +MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAxpQGKKdRJDmxWgFU +m1DUFwxN36xCAAflcjDciC2CFoDaI0eoRnzIiE8PatK0hpfblIeFNS9R5xwzfmsc +AAcbuwIDAQABAkA/9SUWqu0jccGBb7REYgAtfDUIuX54bBKmeL5Ozfl8LWoRgKyN +LADN425xXm6tedNOaxugc0iKDngyfBsvVKdhAiEAy12kK1sWKVx2J1gF6AJrcAyu +TFB82yLyTV+6FhcRhmUCIQD5+SyPI0fK26dGOfBboQhE0JZ+LKd89aiJmFtg4Kpn +nwIhAKQL+5xFs9DVlzIRnWIUYZpXgFprKuySeibUK4YaQbbJAiEAqdMq/qPNZngM +EJ3UOawRXg8H7viPYUnUEoa7rfl0S6kCIQC2sU2pHtU6b2S36aNyx6dTMldpqsWd +GiD8T2oCOC5T9Q== +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-ca-null.p8 b/tests/cert-tests/data/key-ca-null.p8 new file mode 100644 index 0000000..e58483e --- /dev/null +++ b/tests/cert-tests/data/key-ca-null.p8 @@ -0,0 +1,10 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBfDAcBgoqhkiG9w0BDAEBMA4ECOxO+XewS2/+AgIBBQSCAVqE1UFN8VmjMRbS +BNL/J+bUCtOy/4i14m5MBzCTlPqx/Fs2ecD1VoaLJof0qO/v6YBhGEJeTi2v9Xld +5mXzUBjCKC7ETdfWkUhzdX2rGc1pe9sMMpNFD3UK92QG5KUBFZ32MBdBmb/RGmNW +Z3zM6JEZwkTP9drrZRyQSsCTkjRcRODsv6sS+ftWljDteeQaWFDQhxz+kKN7BDpa +jxYLBoM330OB8wwa4NxPNa9GhtASpxgHuE0crViXh3rR30VF5HNcyQwT3jZW69CB +szFuV2n53WowjhgkUAXx+EQCxlTREoIX7FxZofl/IVtZNkfzXTZ9MT3yZxW1EDkO +B2RhEDbEEv1A4k073xmmFZMEP0lDgy+ufLFfDjJZoacq1lcWpySQBbIDCta3s1Tz +GbPRkJGGAIVa8O+T6O++rcI7o/kRZMr9B3/hvOemFcWxx0RZzMP870x83xLBmcyM +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-ca.pem b/tests/cert-tests/data/key-ca.pem new file mode 100644 index 0000000..885c32c --- /dev/null +++ b/tests/cert-tests/data/key-ca.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQDAD806NPtYz+Yqr61SH8+zh+TU3vcrnxMlXME+W/dFjdD/tbmV +c3rwZdqd3I0X0MRWZF1THNFtKW5jvHnOkHb4M85RPu/L/a1/ktuuk2xPk38DgEn5 +NEwST/kDaLtp56HuZTryUvR7dDfXBLp5biy+y/iZ1/srxrs59UfGVeWEewIDAQAB +AoGAASQ25okpE0KNDiTkJVBOFjWRDRjUJDy6SucNuPan9hBdNR/Z3gMFMIeScIy+ +g+04NYE8MsHBluH/p3UXzjv6kQVuUzSx2Tqu8KjUjbWoAlhusxr9vqJGPPMoC8A8 +8Ubbl4TJFoZXEWmlGZPe00zSJhtYmwY4fYvZkohLyu1LYA0CQQDTozWT5yZ1jRd9 +cDJQ29bdaEPA8UFnLwqkuWL1iRNfeFFICW3wPQPukX6ImIszWsn7aXvtmT2qsu3e +XQlUiZFnAkEA6FIf7WFs/K19mGbbwJz1TJH1hErVXXbtHplnFRUUm/dqQe3x3Y/d +lb6EilPFDikW/sF7XBPexN5PdlVlNG0jzQJALaBlH6LY3sTxSIDUyCvtEcS1vrYE +hKtWnxa8p/TKcW2uEFrAEegFnfxODELe18599y7RofLEobV7pNHn/gq+hwJAZdrj +rpKBUwLJRtEJ1Ze7IDf5+WdJxnGGolzFSgP1BjBiQMeOvAIAN0/REkiJ45x2PXkc +mZEIoS2Kjyn/dg3HnQJARXgQ+9fs/UemybHUzl/ywIyYgODebSaV+gOKs41QJtM4 +eP8ajeKtIn3jLsODnlEqkD9Dl2pOHtpz6T/PJM7kMA== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-corpus-rc2-1.p12 b/tests/cert-tests/data/key-corpus-rc2-1.p12 new file mode 100644 index 0000000..6934671 Binary files /dev/null and b/tests/cert-tests/data/key-corpus-rc2-1.p12 differ diff --git a/tests/cert-tests/data/key-corpus-rc2-1.p12.out b/tests/cert-tests/data/key-corpus-rc2-1.p12.out new file mode 100644 index 0000000..1781059 --- /dev/null +++ b/tests/cert-tests/data/key-corpus-rc2-1.p12.out @@ -0,0 +1,49 @@ +MAC info: + MAC: SHA1 (1.3.14.3.2.26) + Salt: 15abd4aae92cfbb3 + Salt size: 8 + Iteration count: 2048 + +BAG #0 + Type: Encrypted + Schema: unsupported (1.2.840.113549.1.5.13) + + Decrypting... + +BAG #1 + Elements: 1 + Type: PKCS #8 Encrypted key +PKCS #8 information: + Schema: unsupported (1.2.840.113549.1.5.13/1.2.840.113549.3.2) + Friendly name: localhost + Key ID: E3:76:B4:62:05:2B:2F:D4:B9:12:5B:B0:EA:E0:4F:10:C8:C0:C5:B0 +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFFjBIBgkqhkiG9w0BBQ0wOzAeBgkqhkiG9w0BBQwwEQQIdEQTzibS3T4CAggA +AgEQMBkGCCqGSIb3DQMCMA0CAToECIsUAMlY1UYWBIIEyL3UIAopSHJrUxiQECqc +LgvJS44aldUGZqdY/DalYH4O15IjMsYKPlfi7Nk0sAR7svlojH/LGq4oZ0jvmzJr +RjbNrKOheKb716qXvTg8KA5hlEALMB5+P1N040VYo+cB2lrPGuoAgfEDz9XHgZ9e +cVUrFRW+mzKogL6B/KrIBQ7cFXYPJAlvueRuGMByFgi/Mb4CK7yj8wTAwofHHKST +uMLNKxfopn8VkcWky2xPS/7s90ZfT+qZITae/g08a7fMWG94nbrD1dvnZkvR+tjK +9nggB/p7bugqe4sztsQ4+oNyA9LNH7WTLjYWFZ+pNBghAxDqtCWK4VN7kMwMYj8U +36zJ46eZiMw+zQuU//jA5Y/heT+/HV2oF7teqK2qbtafjyxMhXW8yl1NlTVTTpoO +VqbgUfm0dMH6NoYbAVZOab3mm/ZcIpGV9iUm457vASdi3H5KrkETiBoWXLFYfn73 +cp8WpeDuCG/4TzXy+oeyLjq03KHyRX5uBAYbGIhGiAjtpaB+p07XQRSxS38NO8/4 +8pYHfux3CLU5o3DfjkIsTP/YTTjrpzvF8oT+VKfCw3U2Da3R4zZpGEcDeMhaGhcF +W0N6AFJVNhFRJgmj8GH7hh5zFf83Ir15RhRowX03QkL5LPTLhw73bjjIMA59EQxS +KI2u4QwnbjnPc0XQqwuAYAlnIwKWtpMIl8oeAIj0kM0D1IqehG3ZdPqOdXCeKqrC +dX2KJHzsVCHInvtKvnFglFEFdKAIktbchjdJEZQkflTF71W0xfqTG/Ubj1ammMpA +erfKfdIFjK6Q8JWCZrhXwU+vQ+xocyWr5yuTxLelLj+cGCu4x+AorH5H5+v9PWRG +jiMrfwTyR9c5fdgpyTNvYLpRerNnz/l8oVb0snSA4d3BBvXx75H+O5M96k6E6XPa +gWtamTjxadqGZ4chw/QB2dGxz4fBgfBQ0osHKLT3PO/XHbs4EBdODCwa1m92//fw +7d0SUx+PYAksZ/6e7j226KQAdMmAifmo0uJj8y3brq3rocrMlHAkeK3FCyRSDwuH +16ozDlOaQP1Le7Sn9PX3Puv182silzuazrl6EchujVm7hKiYwxPTsCqSb+es1Q+l +oKpAmHJJcLIjSZU9SKXP2JkRVZBt7IHUFiu9QjEkE52rj/Y8okylHlOig11S8BAF +uiPpcENMsValy++IbCD8HDZOKM4jqaReAw0uiFGqk10DXWXCQpKBgs7J0B/QBCzE +cCqQGFaUlPe+SPg9xNBoP7CNPgfOpIs3Y0BJ1xOpilLVz8h8aJ6xvlzlUE92zM1x +nucPQzEb6k3doIWKUzQ9G9TESvJ5vBU58NVfB1SIy/eq7TnUsp96PGQf7u/aWoMM +8C/zZatcQ3PyYgMeuOjsWMpyLEECzi/zMsjbnknxZNm+cqUm2C+b1ZPD2AtWuz5u +m1azJNv73RdEB+eoc5yNCtm2qFnO7Givr4bfwU5bRfh+atyoNDUpY/pGQtj9UJ6+ +XPvobYe2HqIYKwkDOpP9wX7ClCiPoOlt7VKMuBJQy/1JFC6DRA7oBYmcZbZxw2uo +j/dC2cK5jsPC75a5+8HqySwQGlBGxlMOeyi/pKzSdWOdZ9NEshvTje/mnme3Hx05 +JWamOc7reYsFpA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-corpus-rc2-2.p12 b/tests/cert-tests/data/key-corpus-rc2-2.p12 new file mode 100644 index 0000000..77789fb Binary files /dev/null and b/tests/cert-tests/data/key-corpus-rc2-2.p12 differ diff --git a/tests/cert-tests/data/key-corpus-rc2-3.p12 b/tests/cert-tests/data/key-corpus-rc2-3.p12 new file mode 100644 index 0000000..5f5a7b9 Binary files /dev/null and b/tests/cert-tests/data/key-corpus-rc2-3.p12 differ diff --git a/tests/cert-tests/data/key-dsa.pem b/tests/cert-tests/data/key-dsa.pem new file mode 100644 index 0000000..dcb30ea --- /dev/null +++ b/tests/cert-tests/data/key-dsa.pem @@ -0,0 +1,20 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIDPQIBAAKCAQEAid7TwoSUalI4pnqpO0zaVF+xZY0jigJeR5ZkaytzNNzhHQVz +ssSvu9cYt59IY5n1KJ0u6EqGpxNjis9O5/EOFn+obhgbeUQlQ8KLLCTMEEy9FWIb +Ww7NuGvjt3SbpotqbLX5e2Qd3ygISP8AIdTeR0+D8XjuxJyeRRemo1g7hOVVoyOk +EA6t7xypsYosBj18iq4ZETTHZc14NIJpLLasINgzdhoHIfWcXj0aUu5cd/Hube2d +z+6EdIL3SayEhsYiUaRN7i/DNQmDrNYiWXrCYjP+YWVxZ1RAOK/35hD/b2B15/uR +naDljvdOScUB5k7ebfUpGtRBbysh9BSudPh55QIVAOSh70VzAvVEPY/Mc+gShMy1 +PiNBAoIBABI72+KLTlLnmKJJmr6aMKqC6bmjF0Tetm2vqgsQXchuqZrIsqY0b41m +l16DuoT22BhmmW1sK5oB44049iiVVoDrB6eU0aSMuuXb5Fj6f3suDAuLEqch+F75 +7IvH5AnzLFQpSo7/hWzeB8Y6tjqMp8JtWLmgfBg0ZG9WXfmTCLFYcYO2jEBdeuVC +ANCer22nvWV50fRtMppZ/JVDtkewxqwTpY5QZ/s20z4vJ++fkUUxJLLvfvzpWV1+ +W/sDpEJU24DRPgFF2cOCFOLcjysJeH5dkflapM1MDdVCrrwN/SEI7IInjA0tmWBq +CcUTxAi26ik7udH/EunQHIgTwB5uEvYCggEAeB9voN2lfVTNvGLxNeX9pOOXTPW6 +kJX62TAL1v0LlfoM3GCRjBNfm1i+iTTMzfqUZMRcL+xtxudoOJZxTgpx2ckwIoOE +pCzY2C6wW24hMNnoHADGFu+ufby+2ufcILLuoeSBb0shkThl1u/CQKGpG5ds4aIH ++8p8qM5jpIZM2mQEa6rYRLnjJJspAFHg3ERDoOeJIGU9GRskoauMyacXGHv4rvGt +yYXYuBpKKy69WWD17F8Y/mjDX0qxSj4rNnneBxvwCQ3Bz8lsDIA5Q6NyphhcT70A +lOhAf/n9Mm2xAmuFSY4W9HI23YB/n4zTBqhXfRhmNMP4q3l0ZoWm4OsLOgIUZQeD +EyFUllnkdimZ5ulEfOvi5/I= +-----END DSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-ecc.p8 b/tests/cert-tests/data/key-ecc.p8 new file mode 100644 index 0000000..189ab01 --- /dev/null +++ b/tests/cert-tests/data/key-ecc.p8 @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIH3AgEAMBAGByqGSM49AgEGBSuBBAAjBIHfMIHcAgEBBEIB0Q4ImmR/QzaLTcoL +uzq0vVA28hRlQKGLWq9g6yJgG7dCSWiCHFEiJTWjost5d/FeH32SsIUv/3b23sf6 +JObBbdmgBwYFK4EEACOhgYkDgYYABAFnPgQpDICaoXXeWB2Fh3QOiwm4BQSkZzC5 +JKwwbfTDIX+rS1TyZVjgZtt+twmmL+nOxMtpdsW+9OFmy2kVjy1a3gGIZjei/XsK +d84XH/9pdIdyUaaaevaFL3Hnjgw+nsPK40Ii0j2b91oZ6+qnIV7hkA4g+pCL33h7 +AZtfTYAktAKdyw== +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-ecc.pem b/tests/cert-tests/data/key-ecc.pem new file mode 100644 index 0000000..57e40c7 --- /dev/null +++ b/tests/cert-tests/data/key-ecc.pem @@ -0,0 +1,7 @@ +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIB0Q4ImmR/QzaLTcoLuzq0vVA28hRlQKGLWq9g6yJgG7dCSWiCHFEi +JTWjost5d/FeH32SsIUv/3b23sf6JObBbdmgBwYFK4EEACOhgYkDgYYABAFnPgQp +DICaoXXeWB2Fh3QOiwm4BQSkZzC5JKwwbfTDIX+rS1TyZVjgZtt+twmmL+nOxMtp +dsW+9OFmy2kVjy1a3gGIZjei/XsKd84XH/9pdIdyUaaaevaFL3Hnjgw+nsPK40Ii +0j2b91oZ6+qnIV7hkA4g+pCL33h7AZtfTYAktAKdyw== +-----END EC PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost01-2-enc.p8 b/tests/cert-tests/data/key-gost01-2-enc.p8 new file mode 100644 index 0000000..81d8347 --- /dev/null +++ b/tests/cert-tests/data/key-gost01-2-enc.p8 @@ -0,0 +1,6 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIG4MG0GCSqGSIb3DQEFDTBgMD8GCSqGSIb3DQEFDDAyBCC6bhoitdzE02HJYwrv +t6fS+JQ/UFHInX9LqJgR/KdF+AICB9AwCgYGKoUDAgIKBQAwHQYGKoUDAgIVMBME +CJYqb3jDyCMsBgcqhQMCAh8BBEdzhSi7v1vL7sUZpcQSmmpzTCj+Tgkff4uLp6hH +lHc23xJOF6dcPvVlXPtiRUmNpl56BquVRo7Gb0vx6pKLgR8eJNmbWdoGtA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost01-2-enc.p8.txt b/tests/cert-tests/data/key-gost01-2-enc.p8.txt new file mode 100644 index 0000000..e979dd6 --- /dev/null +++ b/tests/cert-tests/data/key-gost01-2-enc.p8.txt @@ -0,0 +1,40 @@ +PKCS #8 information: + Cipher: GOST28147-CPA-CFB + Schema: PBES2-GOST28147-89-CPA (1.2.643.2.2.31.1) + Salt: ba6e1a22b5dcc4d361c9630aefb7a7d2f8943f5051c89d7f4ba89811fca745f8 + Salt size: 32 + Iteration count: 2000 + +Public Key Info: + Public Key Algorithm: GOST R 34.10-2001 + Key Security Level: High (256 bits) + +curve: CryptoPro-A +digest: GOSTR341194 +paramset: CryptoPro-A +private key: + c9:0d:4a:60:74:4b:6e:f9:dd:b1:f1:d5:e2:34:f0:6c + ef:73:74:52:2d:03:91:89:d9:2e:82:dd:cf:41:14:16 + + +x: + da:14:e3:09:c9:90:76:36:7e:d2:1e:f2:32:54:62:a0 + a3:7a:fe:69:16:88:40:1d:28:98:25:00:23:30:52:79 + + +y: + 92:01:db:d3:34:89:e6:74:86:e1:6c:81:a4:76:aa:d9 + 1d:ac:c9:8a:5e:a2:fa:cf:ad:2e:47:8c:65:ed:c8:7b + + + +Public Key PIN: + pin-sha256:naEvzBbx6qkKlM3WetsTn09kpou+R1k6eCZvVFxEPc0= +Public Key ID: + sha256:9da12fcc16f1eaa90a94cdd67adb139f4f64a68bbe47593a78266f545c443dcd + sha1:56f0aab16eb873a50453b5209b65fe31e6493317 + +-----BEGIN PRIVATE KEY----- +MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgFhRBz92CLtmJ +kQMtUnRz72zwNOLV8bHd+W5LdGBKDck= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost01-2.p8 b/tests/cert-tests/data/key-gost01-2.p8 new file mode 100644 index 0000000..88d397e --- /dev/null +++ b/tests/cert-tests/data/key-gost01-2.p8 @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgFhRBz92CLtmJ +kQMtUnRz72zwNOLV8bHd+W5LdGBKDck= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost01-2.p8.txt b/tests/cert-tests/data/key-gost01-2.p8.txt new file mode 100644 index 0000000..54c5626 --- /dev/null +++ b/tests/cert-tests/data/key-gost01-2.p8.txt @@ -0,0 +1,33 @@ +Public Key Info: + Public Key Algorithm: GOST R 34.10-2001 + Key Security Level: High (256 bits) + +curve: CryptoPro-A +digest: GOSTR341194 +paramset: CryptoPro-A +private key: + c9:0d:4a:60:74:4b:6e:f9:dd:b1:f1:d5:e2:34:f0:6c + ef:73:74:52:2d:03:91:89:d9:2e:82:dd:cf:41:14:16 + + +x: + da:14:e3:09:c9:90:76:36:7e:d2:1e:f2:32:54:62:a0 + a3:7a:fe:69:16:88:40:1d:28:98:25:00:23:30:52:79 + + +y: + 92:01:db:d3:34:89:e6:74:86:e1:6c:81:a4:76:aa:d9 + 1d:ac:c9:8a:5e:a2:fa:cf:ad:2e:47:8c:65:ed:c8:7b + + + +Public Key PIN: + pin-sha256:naEvzBbx6qkKlM3WetsTn09kpou+R1k6eCZvVFxEPc0= +Public Key ID: + sha256:9da12fcc16f1eaa90a94cdd67adb139f4f64a68bbe47593a78266f545c443dcd + sha1:56f0aab16eb873a50453b5209b65fe31e6493317 + +-----BEGIN PRIVATE KEY----- +MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgFhRBz92CLtmJ +kQMtUnRz72zwNOLV8bHd+W5LdGBKDck= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost01.p8 b/tests/cert-tests/data/key-gost01.p8 new file mode 100644 index 0000000..0e4afab --- /dev/null +++ b/tests/cert-tests/data/key-gost01.p8 @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgIgCyk74FDQCCva +54VjGmuraPNbQnhtbdpWr68WmJEED3c= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost01.p8.txt b/tests/cert-tests/data/key-gost01.p8.txt new file mode 100644 index 0000000..d0d1323 --- /dev/null +++ b/tests/cert-tests/data/key-gost01.p8.txt @@ -0,0 +1,33 @@ +Public Key Info: + Public Key Algorithm: GOST R 34.10-2001 + Key Security Level: High (256 bits) + +curve: CryptoPro-XchA +digest: GOSTR341194 +paramset: CryptoPro-A +private key: + 0b:29:3b:e0:50:d0:08:2b:da:e7:85:63:1a:6b:ab:68 + f3:5b:42:78:6d:6d:da:56:af:af:16:98:91:04:0f:77 + + +x: + 57:7e:32:4f:e7:0f:2b:6d:f4:5c:43:7a:03:05:e5:fd + 2c:89:31:8c:13:cd:08:75:40:1a:02:60:75:68:95:84 + + +y: + 60:1a:ea:ca:bc:66:0f:df:b0:cb:c7:56:7e:bb:a6:ea + 8d:e4:0f:ae:85:7c:9a:d0:03:88:95:b9:16:cc:eb:8f + + + +Public Key PIN: + pin-sha256:zO1bMbwojs1uE302Tl1uAkcXYVw9AW8b3EauBIKNpM4= +Public Key ID: + sha256:cced5b31bc288ecd6e137d364e5d6e024717615c3d016f1bdc46ae04828da4ce + sha1:1a0442de4518bb407e6ed5690046839a13fec03d + +-----BEGIN PRIVATE KEY----- +MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgdw8EkZgWr69W +2m1teEJb82iraxpjhefaKwjQUOA7KQs= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-256-2-enc.p8 b/tests/cert-tests/data/key-gost12-256-2-enc.p8 new file mode 100644 index 0000000..204cce8 --- /dev/null +++ b/tests/cert-tests/data/key-gost12-256-2-enc.p8 @@ -0,0 +1,7 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIHdMHEGCSqGSIb3DQEFDTBkMEEGCSqGSIb3DQEFDDA0BCD5qZr0TTIsBvdgUoq/ +zFwOzdyJohj6/4Wiyccgj9AK/QICB9AwDAYIKoUDBwEBBAIFADAfBgYqhQMCAhUw +FQQI3Ip/Vp0IsyIGCSqFAwcBAgUBAQRoSfLhgx9s/zn+BjnhT0ror07vS55Ys5hg +vVpWDx4mXGWWyez/2sMcaFgSr4H4UTGGwoMynGLpF1IOVo+bGJ0ePqHB+gS5OL9o +V+PUmZ/ELrRENKlCDqfYWvpSystX29CvCFrnTnDsbBY= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-256-2-enc.p8.txt b/tests/cert-tests/data/key-gost12-256-2-enc.p8.txt new file mode 100644 index 0000000..949917a --- /dev/null +++ b/tests/cert-tests/data/key-gost12-256-2-enc.p8.txt @@ -0,0 +1,40 @@ +PKCS #8 information: + Cipher: GOST28147-TC26Z-CFB + Schema: PBES2-GOST28147-89-TC26Z (1.2.643.7.1.2.5.1.1) + Salt: f9a99af44d322c06f760528abfcc5c0ecddc89a218faff85a2c9c7208fd00afd + Salt size: 32 + Iteration count: 2000 + +Public Key Info: + Public Key Algorithm: GOST R 34.10-2012-256 + Key Security Level: High (256 bits) + +curve: CryptoPro-A +digest: STREEBOG-256 +paramset: TC26-Z +private key: + 2b:ea:34:a3:b0:5d:19:64:5b:8f:41:24:6a:99:50:08 + 23:07:00:fd:00:6b:a6:eb:53:b4:22:55:9c:ef:22:52 + + +x: + 62:22:79:60:91:29:44:b5:72:73:b1:46:e8:ff:7a:df + 0e:f7:e5:4c:16:3f:25:58:67:af:6f:4a:9a:f2:1c:d7 + + +y: + 95:c2:14:be:41:07:b0:80:de:cc:93:07:17:51:e0:d2 + 46:c8:d4:f8:91:57:30:85:44:b8:c0:02:3d:d8:e2:4c + + + +Public Key PIN: + pin-sha256:WB8JpdrRogkTwsox4PlsGW/xvh/47NjXrKg0yXXXo2Y= +Public Key ID: + sha256:581f09a5dad1a20913c2ca31e0f96c196ff1be1ff8ecd8d7aca834c975d7a366 + sha1:83fbb2e3aad179fd9e712583c91710ceb157e3e6 + +-----BEGIN PRIVATE KEY----- +MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgUiLvnFUi +tFPrpmsA/QAHIwhQmWokQY9bZBldsKM06is= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-256-2.p8 b/tests/cert-tests/data/key-gost12-256-2.p8 new file mode 100644 index 0000000..421422b --- /dev/null +++ b/tests/cert-tests/data/key-gost12-256-2.p8 @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MGYCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEQEYbRu86z+1JFKDcPDN9UbTG +G2ki9enTqos4KpUU0j9IDpl1UXiaA1YDIwUjlAp+81GkLmyt8Fw6Gt/X5JZySAY= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-256-2.p8.txt b/tests/cert-tests/data/key-gost12-256-2.p8.txt new file mode 100644 index 0000000..cb9c684 --- /dev/null +++ b/tests/cert-tests/data/key-gost12-256-2.p8.txt @@ -0,0 +1,33 @@ +Public Key Info: + Public Key Algorithm: GOST R 34.10-2012-256 + Key Security Level: High (256 bits) + +curve: CryptoPro-A +digest: STREEBOG-256 +paramset: TC26-Z +private key: + 2b:ea:34:a3:b0:5d:19:64:5b:8f:41:24:6a:99:50:08 + 23:07:00:fd:00:6b:a6:eb:53:b4:22:55:9c:ef:22:52 + + +x: + 62:22:79:60:91:29:44:b5:72:73:b1:46:e8:ff:7a:df + 0e:f7:e5:4c:16:3f:25:58:67:af:6f:4a:9a:f2:1c:d7 + + +y: + 95:c2:14:be:41:07:b0:80:de:cc:93:07:17:51:e0:d2 + 46:c8:d4:f8:91:57:30:85:44:b8:c0:02:3d:d8:e2:4c + + + +Public Key PIN: + pin-sha256:WB8JpdrRogkTwsox4PlsGW/xvh/47NjXrKg0yXXXo2Y= +Public Key ID: + sha256:581f09a5dad1a20913c2ca31e0f96c196ff1be1ff8ecd8d7aca834c975d7a366 + sha1:83fbb2e3aad179fd9e712583c91710ceb157e3e6 + +-----BEGIN PRIVATE KEY----- +MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEIgQgUiLvnFUi +tFPrpmsA/QAHIwhQmWokQY9bZBldsKM06is= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-256.p8 b/tests/cert-tests/data/key-gost12-256.p8 new file mode 100644 index 0000000..df1b555 --- /dev/null +++ b/tests/cert-tests/data/key-gost12-256.p8 @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEkCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIwIhAL/PHWI+ +XN0wMqfG6rtKkjxG5D1kD/6q8sPtOaj6OZkk +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-256.p8.txt b/tests/cert-tests/data/key-gost12-256.p8.txt new file mode 100644 index 0000000..1f45736 --- /dev/null +++ b/tests/cert-tests/data/key-gost12-256.p8.txt @@ -0,0 +1,33 @@ +Public Key Info: + Public Key Algorithm: GOST R 34.10-2012-256 + Key Security Level: High (256 bits) + +curve: CryptoPro-XchA +digest: STREEBOG-256 +paramset: TC26-Z +private key: + bf:cf:1d:62:3e:5c:dd:30:32:a7:c6:ea:bb:4a:92:3c + 46:e4:3d:64:0f:fe:aa:f2:c3:ed:39:a8:fa:39:99:24 + + +x: + 97:15:66:ce:da:43:6e:e7:67:8f:7e:07:e8:4e:bb:72 + 17:40:6c:0b:47:47:aa:8f:d2:ab:14:53:c3:d0:df:ba + + +y: + ad:58:73:69:65:94:9f:8e:59:83:0f:8d:e2:0f:c6:c0 + d1:77:f6:ab:59:98:74:f1:e2:e2:4f:f7:1f:9c:e6:43 + + + +Public Key PIN: + pin-sha256:T1yRU6smDaTNkinx7qvQTgdlWn3wf+NBoRSN0P+kZLU= +Public Key ID: + sha256:4f5c9153ab260da4cd9229f1eeabd04e07655a7df07fe341a1148dd0ffa464b5 + sha1:6af61bb89223c1fed11cd7cca8afce63112679ae + +-----BEGIN PRIVATE KEY----- +MEgCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIEIgQgJJk5+qg5 +7cPyqv4PZD3kRjySSrvqxqcyMN1cPmIdz78= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-gost12-512.p8 b/tests/cert-tests/data/key-gost12-512.p8 new file mode 100644 index 0000000..6c73a4e --- /dev/null +++ b/tests/cert-tests/data/key-gost12-512.p8 @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQICBggqhQMHAQECAwRCAkA/wBzc +1Oxfly60gndMQeZtt/OAUo3+nmeZK6Ba7kYkNXV1MOZBB3zlh7l2yO60jEj9M/0X +Xwx95qROAU5rywdL +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-illegal-rsa-pss.pem b/tests/cert-tests/data/key-illegal-rsa-pss.pem new file mode 100644 index 0000000..7fe2f1c --- /dev/null +++ b/tests/cert-tests/data/key-illegal-rsa-pss.pem @@ -0,0 +1,138 @@ +Public Key Info: + Public Key Algorithm: RSA-PSS + Hash Algorithm: SHA256 + Salt Length: 1024 + Key Security Level: Medium (2048 bits) + +modulus: + 00:bc:84:37:48:41:7e:20:3b:4c:c5:ce:2a:f4:40:cc + d0:83:04:5a:00:e6:fa:b4:dd:a2:6f:36:c4:f9:8d:ab + 03:52:f5:b1:e6:2c:7d:26:2d:8a:39:ce:28:9a:c9:80 + 0a:d1:b8:a3:c3:ac:64:e5:f8:5d:5a:dd:06:5d:59:15 + e2:d1:e8:5a:e9:46:b8:67:82:27:4e:d5:26:25:58:f3 + 38:a5:25:6a:8f:be:a2:ff:37:aa:5c:8b:e4:74:ea:70 + bc:88:e8:9a:d4:ea:be:cf:fb:78:7c:89:4b:8d:7c:cf + 6c:0b:a9:da:2a:53:21:1b:f6:81:29:36:af:5a:90:4c + 40:a0:0b:fa:b0:1e:a1:76:7a:15:96:31:64:9b:4a:df + 48:71:ff:f5:e4:e0:31:98:3a:49:68:a9:a6:22:34:25 + 43:18:c0:5f:2c:b9:16:8e:14:5c:19:4e:0e:fe:17:c5 + f5:bc:f1:ca:67:ff:76:97:0e:98:3e:e3:08:09:79:a8 + 77:84:fe:92:a4:8f:8e:ed:b2:38:e1:f6:08:40:c4:db + 8e:a6:d5:e2:4e:4f:25:10:df:e4:0e:82:56:93:3c:de + 72:e2:da:20:2d:5b:36:f2:93:97:58:88:c0:b5:8f:d3 + 4d:f7:0d:bf:b5:33:65:bb:bb:83:e9:d5:24:2c:94:f2 + 5d: + +public exponent: + 01:00:01: + +private exponent: + 4d:19:f6:52:43:17:06:af:ba:32:9c:a3:cc:ca:43:fa + 73:db:6f:c4:36:b4:0b:0d:2a:c6:39:ac:4e:34:b6:e0 + e1:29:43:dd:54:0c:cb:74:8c:b8:1f:ad:53:c1:5d:f1 + 0e:dd:69:7d:3a:20:fa:3d:9e:50:ef:5d:0f:08:c4:7e + c4:43:38:0b:78:b5:2b:00:7c:7b:2d:8a:30:74:34:e5 + d2:05:7f:93:d2:f0:6f:59:a0:ff:c0:e7:6b:3a:07:69 + d4:c4:ed:ae:6f:64:23:44:42:7f:0c:d8:2d:c2:02:43 + ba:71:79:9d:1d:ea:c8:b9:05:12:8a:1f:25:f7:26:78 + 04:11:7c:ed:26:ab:71:37:f2:ca:19:fa:d2:24:df:91 + 75:35:8f:da:00:41:79:4f:4d:ba:2f:f2:66:a9:83:51 + 43:ac:bf:b1:26:e4:16:d7:a2:56:9f:57:19:ce:26:a1 + 80:e2:b8:f5:b9:af:ee:e2:ec:3b:04:0f:8b:87:a1:41 + bb:58:d0:28:a7:ef:05:48:83:29:2d:b4:f9:e3:b7:e3 + 36:5c:e4:df:42:43:19:2d:2b:f8:87:64:2b:00:90:42 + 1b:9c:5e:7a:ac:82:b1:5b:95:de:0a:35:43:83:77:fd + 3a:4f:9d:49:55:0c:56:c1:9d:79:08:a3:86:28:e5:31 + + +prime1: + 00:d1:01:9c:e2:64:8a:cf:58:46:e9:21:2f:e1:20:20 + d5:98:24:5c:31:8e:5f:1f:cf:83:52:da:67:d5:60:1e + a0:52:b9:03:10:a3:27:95:23:bd:8e:d9:49:5e:4f:fa + 51:28:13:cd:bb:07:8a:34:fd:5a:8e:fd:cf:19:79:48 + c0:a4:52:4d:c0:b0:2c:8d:03:3b:2d:fa:51:e9:61:dc + 66:fe:b5:5f:d5:dd:f3:51:5a:ca:3f:3c:84:79:cf:c4 + ab:82:63:2c:ba:94:ff:8d:c0:04:33:64:14:4c:6b:e1 + 88:74:2f:83:78:75:2e:be:ac:86:f6:fb:b6:b7:5a:30 + 6f: + +prime2: + 00:e6:e7:35:bd:cc:cd:6b:15:15:e7:d0:04:04:52:89 + 0e:72:07:de:2a:35:05:9c:0d:a4:b8:32:11:ce:7d:aa + eb:e7:79:bf:13:80:e4:07:9c:d4:0a:c3:cc:4c:7c:43 + 73:9c:0c:14:a9:bb:ed:ad:2f:95:31:35:eb:e2:ad:28 + e1:33:79:28:6a:27:f9:3b:0e:cc:f0:86:f1:4a:f6:c9 + c1:c9:0e:a3:49:1d:d9:bb:b2:6f:e7:4f:05:62:28:7e + a5:e9:79:df:66:98:db:27:42:5f:22:8b:72:66:d7:5a + 05:84:94:47:13:f5:36:26:60:34:bd:00:32:d3:d1:17 + f3: + +coefficient: + 2b:01:49:bd:b6:77:88:06:c8:71:79:44:b5:8b:5c:4f + 7b:42:95:be:e9:2a:65:3b:f3:0b:7b:85:43:4f:df:c0 + 9d:96:41:a8:d7:34:e6:74:39:1b:af:54:2d:6a:37:a9 + 5b:e6:ab:9c:39:52:d3:4a:95:19:7b:80:b6:fa:a6:ff + 12:10:17:a1:10:8c:da:dc:b6:e1:b7:d9:03:77:97:a3 + bf:28:a6:ff:34:04:53:15:5c:da:25:5d:49:0b:84:2a + e6:18:19:50:73:0a:53:53:6e:cb:bc:21:08:06:b1:11 + be:bf:6d:c9:12:ad:fe:a6:8a:5b:87:72:f7:92:d0:94 + + +exp1: + 00:96:67:ec:b8:56:d6:35:a4:37:53:69:58:85:4f:93 + 91:62:2d:38:53:49:3b:57:2f:04:38:49:87:d3:5b:9a + 6e:91:59:26:c5:80:43:e9:e5:90:72:0e:17:e8:50:f1 + b8:19:79:36:e1:d2:e9:38:7c:e2:00:68:d1:f2:68:ff + 5b:f2:64:70:23:ac:24:43:4e:01:f6:72:5f:23:ee:12 + a7:e3:c0:2e:39:3f:c1:eb:d7:c4:17:81:bb:6b:d5:82 + 98:51:fa:80:a3:bc:b9:b3:0e:6d:77:76:1b:cd:6b:0d + 20:1f:4c:59:f6:03:8e:22:15:12:03:06:dd:54:51:08 + ed: + +exp2: + 00:e3:3d:2e:1d:81:5d:b4:01:c7:52:20:dc:a3:28:5a + eb:d5:7b:3a:c0:4c:f8:1d:51:2c:07:7e:77:19:c1:81 + 21:b2:e7:95:0d:6b:ae:7e:73:70:16:bc:04:e6:4c:f0 + d0:e9:04:d6:9d:08:6e:eb:1e:c5:f3:ed:3e:1d:12:0f + 06:3a:73:05:3c:1b:e4:e2:a3:39:3b:89:82:14:25:75 + ff:79:90:27:50:40:c9:54:38:52:7a:d0:c0:da:8e:41 + bd:a4:5d:a5:67:42:0d:83:c0:85:01:e9:3c:88:4b:6d + b3:ba:7b:76:cc:04:69:eb:30:89:16:6c:08:99:7e:d0 + d3: + + +Public Key PIN: + pin-sha256:PpGrje0ZA5tMhx/WQRCuwVH5n+yaVcAvC5Ddg7J5Gl4= +Public Key ID: + sha256:3e91ab8ded19039b4c871fd64110aec151f99fec9a55c02f0b90dd83b2791a5e + sha1:c9fdf3e23c095aed38a2a48da03657dc1374ac91 + +-----BEGIN PRIVATE KEY----- +MIIE7wIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3 +DQEBCDALBglghkgBZQMEAgGiBAICBAAEggSoMIIEpAIBAAKCAQEAvIQ3SEF+IDtM +xc4q9EDM0IMEWgDm+rTdom82xPmNqwNS9bHmLH0mLYo5ziiayYAK0bijw6xk5fhd +Wt0GXVkV4tHoWulGuGeCJ07VJiVY8zilJWqPvqL/N6pci+R06nC8iOia1Oq+z/t4 +fIlLjXzPbAup2ipTIRv2gSk2r1qQTECgC/qwHqF2ehWWMWSbSt9Icf/15OAxmDpJ +aKmmIjQlQxjAXyy5Fo4UXBlODv4XxfW88cpn/3aXDpg+4wgJeah3hP6SpI+O7bI4 +4fYIQMTbjqbV4k5PJRDf5A6CVpM83nLi2iAtWzbyk5dYiMC1j9NN9w2/tTNlu7uD +6dUkLJTyXQIDAQABAoIBAE0Z9lJDFwavujKco8zKQ/pz22/ENrQLDSrGOaxONLbg +4SlD3VQMy3SMuB+tU8Fd8Q7daX06IPo9nlDvXQ8IxH7EQzgLeLUrAHx7LYowdDTl +0gV/k9Lwb1mg/8DnazoHadTE7a5vZCNEQn8M2C3CAkO6cXmdHerIuQUSih8l9yZ4 +BBF87SarcTfyyhn60iTfkXU1j9oAQXlPTbov8mapg1FDrL+xJuQW16JWn1cZziah +gOK49bmv7uLsOwQPi4ehQbtY0Cin7wVIgykttPnjt+M2XOTfQkMZLSv4h2QrAJBC +G5xeeqyCsVuV3go1Q4N3/TpPnUlVDFbBnXkIo4Yo5TECgYEA0QGc4mSKz1hG6SEv +4SAg1ZgkXDGOXx/Pg1LaZ9VgHqBSuQMQoyeVI72O2UleT/pRKBPNuweKNP1ajv3P +GXlIwKRSTcCwLI0DOy36Uelh3Gb+tV/V3fNRWso/PIR5z8SrgmMsupT/jcAEM2QU +TGvhiHQvg3h1Lr6shvb7trdaMG8CgYEA5uc1vczNaxUV59AEBFKJDnIH3io1BZwN +pLgyEc59quvneb8TgOQHnNQKw8xMfENznAwUqbvtrS+VMTXr4q0o4TN5KGon+TsO +zPCG8Ur2ycHJDqNJHdm7sm/nTwViKH6l6XnfZpjbJ0JfIotyZtdaBYSURxP1NiZg +NL0AMtPRF/MCgYEAlmfsuFbWNaQ3U2lYhU+TkWItOFNJO1cvBDhJh9Nbmm6RWSbF +gEPp5ZByDhfoUPG4GXk24dLpOHziAGjR8mj/W/JkcCOsJENOAfZyXyPuEqfjwC45 +P8Hr18QXgbtr1YKYUfqAo7y5sw5td3YbzWsNIB9MWfYDjiIVEgMG3VRRCO0CgYEA +4z0uHYFdtAHHUiDcoyha69V7OsBM+B1RLAd+dxnBgSGy55UNa65+c3AWvATmTPDQ +6QTWnQhu6x7F8+0+HRIPBjpzBTwb5OKjOTuJghQldf95kCdQQMlUOFJ60MDajkG9 +pF2lZ0INg8CFAek8iEtts7p7dswEaeswiRZsCJl+0NMCgYArAUm9tneIBshxeUS1 +i1xPe0KVvukqZTvzC3uFQ0/fwJ2WQajXNOZ0ORuvVC1qN6lb5qucOVLTSpUZe4C2 ++qb/EhAXoRCM2ty24bfZA3eXo78opv80BFMVXNolXUkLhCrmGBlQcwpTU27LvCEI +BrERvr9tyRKt/qaKW4dy95LQlA== +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-illegal.pem b/tests/cert-tests/data/key-illegal.pem new file mode 100644 index 0000000..75c7679 --- /dev/null +++ b/tests/cert-tests/data/key-illegal.pem @@ -0,0 +1,97 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Low (1024 bits) + +modulus: + 00:a9:4e:b1:2b:17:a2:9e:1d:f6:92:05:f4:17:2e:4c + 36:02:4a:ed:78:41:5c:6b:f8:db:5a:4d:92:d1:d7:f9 + 71:1a:ec:b8:2f:91:9e:ba:47:9e:4e:29:ac:92:12:55 + 06:73:17:eb:39:aa:0c:ee:96:f4:5a:30:3d:2f:9e:50 + 83:28:f8:c3:81:12:e4:17:28:93:de:95:b9:25:92:6a + 4c:a8:88:2d:00:70:cf:aa:ea:95:03:bb:51:65:aa:7a + d7:3f:82:5f:52:1d:3a:bf:bd:7e:42:0d:b0:39:37:17 + 3d:1c:92:e4:3d:7e:57:97:7c:00:d7:63:c0:62:6a:da + ba: + +public exponent: + 01:00:01: + +private exponent: + 04:c8:d0:80:e3:3e:19:31:c7:92:00:d1:11:06:a1:e8 + b4:cf:e1:3e:10:ba:c7:e2:54:70:8c:d8:a5:4d:71:23 + 1d:1b:ab:68:cc:b8:ab:92:f2:8a:4a:eb:31:85:8b:19 + 8f:8f:11:7a:a3:af:91:de:7a:31:42:43:b8:60:c4:ed + a4:2a:86:ca:c3:9d:38:13:9e:86:07:ed:d1:52:63:a6 + 9c:52:e7:23:e4:5e:b2:7a:2a:dc:16:d8:78:95:19:28 + d3:d1:ca:67:91:5d:d6:78:2c:b4:f5:37:e4:6b:1e:91 + 43:2a:f2:f6:87:0e:b4:73:95:ec:9d:a7:e6:79:94:c1 + + +prime1: + 00:cf:fd:cc:ba:f0:9b:7b:b4:c6:53:a1:04:0b:86:c7 + 5d:ca:84:06:fb:62:62:5b:3d:cf:4f:d3:fd:77:95:9d + 90:ca:b3:39:8b:7a:00:36:76:9b:c1:e9:98:c7:2f:df + 62:d0:1e:da:e2:4b:1c:bb:26:a5:d6:de:e4:a7:a3:09 + 04: + +prime2: + 00:d0:63:0e:5e:f5:7f:f1:09:d6:29:4d:bf:6f:2a:77 + 1d:50:d0:3f:9e:d5:ab:f3:37:ec:18:4c:6f:1a:19:0c + 01:c2:68:8c:fb:bf:c9:36:0f:b5:01:41:d4:de:89:4b + 26:ea:01:49:d7:e1:3a:60:29:e6:4f:17:4f:45:5b:8d + e9: + +coefficient: + 12:67:c7:6f:f1:53:5c:46:de:2b:a8:5e:cb:99:0e:43 + c6:b2:ec:bc:73:0a:f1:0c:7e:8a:80:ba:47:05:0a:a7 + 2f:aa:2f:8e:41:0a:bb:8c:f8:da:4b:bd:ea:21:56:6d + 3d:0a:06:b5:78:fc:44:53:00:ef:8e:6d:f2:f6:b1:51 + + +exp1: + 00:ac:e7:b2:47:95:ef:f9:1e:d5:28:e1:f5:d4:4e:8b + c3:93:6b:b2:cc:8b:5f:bb:9d:e9:15:75:9c:7d:3c:39 + e8:ce:2c:40:d2:81:09:54:25:1d:f4:69:93:24:c5:50 + 25:c2:bf:b2:15:19:bd:31:b0:c3:46:c3:5d:e8:67:92 + d4: + +exp2: + 1b:45:ab:7e:d0:00:63:8a:57:05:e6:cf:f3:fb:89:c5 + 43:6b:4d:b8:3a:dc:9b:23:29:79:f0:9e:e5:ba:7b:70 + cb:81:a5:59:d9:3a:bb:21:89:1d:d6:00:c6:f3:0e:eb + d3:da:41:50:c8:80:3c:4f:9f:7d:a0:5e:56:84:69:e9 + + + +Public Key ID: 23:91:CE:75:3C:67:B5:29:2B:D9:F4:4E:3B:0A:40:4B:61:1D:2C:1A +Public key's random art: ++--[ RSA 1024]----+ +| oo.. . | +| Eo.oo . o | +| oo+.+ = o | +| o.= o B + | +| + S o o o | +| . o . o . | +| . + | +| . . . | +| . | ++-----------------+ + + +** Private key parameters validation failed ** + +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCpTrErF6KeHfaSBfQXLkw2AkrteEFca/jbWk2S0df5cRrsuC+R +nrpHnk4prJISVQZzF+s5qgzulvRaMD0vnlCDKPjDgRLkFyiT3pW5JZJqTKiILQBw +z6rqlQO7UWWqetc/gl9SHTq/vX5CDbA5Nxc9HJLkPX5Xl3wA12PAYmraugIDAQAB +AoGABMjQgOM+GTHHkgDREQah6LTP4T4QusfiVHCM2KVNcSMdG6tozLirkvKKSusx +hYsZj48ReqOvkd56MUJDuGDE7aQqhsrDnTgTnoYH7dFSY6acUucj5F6yeircFth4 +lRko09HKZ5Fd1ngstPU35GsekUMq8vaHDrRzleydp+Z5lMECQQDP/cy68Jt7tMZT +oQQLhsddyoQG+2JiWz3PT9P9d5WdkMqzOYt6ADZ2m8HpmMcv32LQHtriSxy7JqXW +3uSnowkEAkEA0GMOXvV/8QnWKU2/byp3HVDQP57Vq/M37BhMbxoZDAHCaIz7v8k2 +D7UBQdTeiUsm6gFJ1+E6YCnmTxdPRVuN6QJBALLLOQAGL5Jy/v4K7yA9dwpgOYiK +9rMYPhUFSXWdI+cz/Zt9vzFcF3V0RYhaRfgYLqg7retTqFoVSgBg0OxuUSMCQBtF +q37QAGOKVwXmz/P7icVDa024OtybIyl58J7luntwy4GlWdk6uyGJHdYAxvMO69Pa +QVDIgDxPn32gXlaEaekCQQCVhXc3zc+VX3nM4iCpXhlET2N75ULzsR+r6CdvtwSB +vXMBcuCE1aJHZDxqRx8XFZDZl+Ij/jrBMmtI15ebDuzH +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-invalid1.der b/tests/cert-tests/data/key-invalid1.der new file mode 100644 index 0000000..909ee82 Binary files /dev/null and b/tests/cert-tests/data/key-invalid1.der differ diff --git a/tests/cert-tests/data/key-invalid2.der b/tests/cert-tests/data/key-invalid2.der new file mode 100644 index 0000000..c4e90e2 Binary files /dev/null and b/tests/cert-tests/data/key-invalid2.der differ diff --git a/tests/cert-tests/data/key-invalid3.der b/tests/cert-tests/data/key-invalid3.der new file mode 100644 index 0000000..2700ef0 Binary files /dev/null and b/tests/cert-tests/data/key-invalid3.der differ diff --git a/tests/cert-tests/data/key-invalid4.der b/tests/cert-tests/data/key-invalid4.der new file mode 100644 index 0000000..e66c74d --- /dev/null +++ b/tests/cert-tests/data/key-invalid4.der @@ -0,0 +1 @@ +0D 0+ep8 ÿ ÿÿ ÿÿ \ No newline at end of file diff --git a/tests/cert-tests/data/key-invalid5.der b/tests/cert-tests/data/key-invalid5.der new file mode 100644 index 0000000..e03829c Binary files /dev/null and b/tests/cert-tests/data/key-invalid5.der differ diff --git a/tests/cert-tests/data/key-invalid6.der b/tests/cert-tests/data/key-invalid6.der new file mode 100644 index 0000000..d4efbcb Binary files /dev/null and b/tests/cert-tests/data/key-invalid6.der differ diff --git a/tests/cert-tests/data/key-rsa-pss-raw.pem b/tests/cert-tests/data/key-rsa-pss-raw.pem new file mode 100644 index 0000000..6ef9e8b --- /dev/null +++ b/tests/cert-tests/data/key-rsa-pss-raw.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAndjwZ1p/m9BbCDGxvn/yvqINoivwaCwrCQ94/ckTUhw+sE4n +2MDU23tSxf/Ac8XMFUQg9M6W6RUGsG48W5gUs616kJVBRRtdQ7zQWsOfK4BxqN02 +Aq7RSAXy284sgdcP71nl9MR77/DDCdYkUnWPu2N+mtnFfrPOT3TuAU6WZS38vCzz ++qevnYFaAvvbU7th9cAEWDlaIPo7fQNx8dC9ccVVk3nRaIitrFaLs3y0Y36eXDsL +kR0g9qm6RjgHjVVWjhPPAb96SBj4LjMNKgHRA6NtIUWB9tyyMrwcAaAp8hTZwFYj +LS2tkJV0pYlfWvQSjl2I1swHrKNkheKXR3L3eQIDAQABAoIBAAKf1QzSR52AQCPH +RbwBjMqaYaQA7af9KNwnYeFpcZmKa5sdTGUV/RZG8gOcgrBw7bBQHI4ERNtntI1f +dPbMvi1euUD7WJMRdN3A6G0xUcj5MRzcXqyxPpgD2ZcAmxELI+2lx/LedP5XFM1X +mbZaivL4c1PO1N+nld0QinEwelYlW3slHPT2ogpx2MuA9vcmgHjwooblZOwZFVrf +43GZ2JGwoqpSeKJP0VeKGrgjrHRlkaR3jBNZ9wj/Kq4pkW8a3pxL/sbwAxvqbNcd +vjaolnXv7rOy2DcxyN4CZ6SXJGWn8DC5SCbF5UnoUY5I3Kvd3CKFbGuV9z4z+g5B +XMJ90EECgYEAtsIcY/YrAHdDn9BrOp0FhdYdalBN1GXqx0o8euCjtVeh3nh9ZAj7 +q3xYJiv8seLe8kucGLeJ/cwx/pBFZ8VbJEuadKHrFJL3ibdhBXt74T6pIk9aUUTo +6psn8Fv10WDf9fBwnK1WIxPNRVJwW/CDTdmRcRnAUoj7R55LdA4sw1kCgYEA3Rsg +zwhRQGVCLU5rsq9vScPljXZfPjDvce0GTyqVMviz7LCKK1qPpi417zFmeqlMLmKO +W6sjVEdgpEO6895LCNyKeFIZ6fUt37c34tFzfYu1lFpR2UKt+jzvM62rqGvOBw7c +TKoSLefiXWrHkG5Vv8ZuApuZ1yZw8tpz3egf8SECgYEAoJr7ChmV9qXYhsRIx0yg +QtpEJV6G1wXtic9CURXCqCVnubMXNmbyi+QNLxZuzgC6viEV/16j5KaitLwiUixM +iRvrk12L0hvJb3v4xjGbTvma9uzXSR4OtcU+FuspniPNDTuMKxPk45SOSsJEvXci +XLK7LrJboeyBLpH8avPeAJkCgYEAgwJ//iw/eJiHDbFZvxaUKnEYoylwZbk5J5f6 +FQ52OS2D7srsE6QlWaIn8wKiZivKJ/HdyBMva9CfQrWfIMCmVSnYIlMDZ80O0XAO +fSb993XAsZaSyNjpnUxdr5FIFRNLkIMNpZ9gBjNPvWp3tOyrgmZg6Mqp7QGqCzvF +S8cupgECgYBLM3bufFd34WvIIduXO3bGeJJSLBBKIkVFl0je37ywpNLryC3M9t8T +O2l5zgh3fLtAMvgmT2Z8RCl0MO2jIZunpJ9rHrFGv2eemhWjZrJ764fMvCZwcRYG +jmt6rS9kYu++P/oa5a8Ha1rk4vjyfkqcZST4CHitTJLQgNwQUPMRkg== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-rsa-pss.pem b/tests/cert-tests/data/key-rsa-pss.pem new file mode 100644 index 0000000..1339318 --- /dev/null +++ b/tests/cert-tests/data/key-rsa-pss.pem @@ -0,0 +1,29 @@ +-----BEGIN PRIVATE KEY----- +MIIE/QIBADALBgkqhkiG9w0BAQoEggSoMIIEpAIBAAKCAQEAndjwZ1p/m9BbCDGx +vn/yvqINoivwaCwrCQ94/ckTUhw+sE4n2MDU23tSxf/Ac8XMFUQg9M6W6RUGsG48 +W5gUs616kJVBRRtdQ7zQWsOfK4BxqN02Aq7RSAXy284sgdcP71nl9MR77/DDCdYk +UnWPu2N+mtnFfrPOT3TuAU6WZS38vCzz+qevnYFaAvvbU7th9cAEWDlaIPo7fQNx +8dC9ccVVk3nRaIitrFaLs3y0Y36eXDsLkR0g9qm6RjgHjVVWjhPPAb96SBj4LjMN +KgHRA6NtIUWB9tyyMrwcAaAp8hTZwFYjLS2tkJV0pYlfWvQSjl2I1swHrKNkheKX +R3L3eQIDAQABAoIBAAKf1QzSR52AQCPHRbwBjMqaYaQA7af9KNwnYeFpcZmKa5sd +TGUV/RZG8gOcgrBw7bBQHI4ERNtntI1fdPbMvi1euUD7WJMRdN3A6G0xUcj5MRzc +XqyxPpgD2ZcAmxELI+2lx/LedP5XFM1XmbZaivL4c1PO1N+nld0QinEwelYlW3sl +HPT2ogpx2MuA9vcmgHjwooblZOwZFVrf43GZ2JGwoqpSeKJP0VeKGrgjrHRlkaR3 +jBNZ9wj/Kq4pkW8a3pxL/sbwAxvqbNcdvjaolnXv7rOy2DcxyN4CZ6SXJGWn8DC5 +SCbF5UnoUY5I3Kvd3CKFbGuV9z4z+g5BXMJ90EECgYEAtsIcY/YrAHdDn9BrOp0F +hdYdalBN1GXqx0o8euCjtVeh3nh9ZAj7q3xYJiv8seLe8kucGLeJ/cwx/pBFZ8Vb +JEuadKHrFJL3ibdhBXt74T6pIk9aUUTo6psn8Fv10WDf9fBwnK1WIxPNRVJwW/CD +TdmRcRnAUoj7R55LdA4sw1kCgYEA3RsgzwhRQGVCLU5rsq9vScPljXZfPjDvce0G +TyqVMviz7LCKK1qPpi417zFmeqlMLmKOW6sjVEdgpEO6895LCNyKeFIZ6fUt37c3 +4tFzfYu1lFpR2UKt+jzvM62rqGvOBw7cTKoSLefiXWrHkG5Vv8ZuApuZ1yZw8tpz +3egf8SECgYEAoJr7ChmV9qXYhsRIx0ygQtpEJV6G1wXtic9CURXCqCVnubMXNmby +i+QNLxZuzgC6viEV/16j5KaitLwiUixMiRvrk12L0hvJb3v4xjGbTvma9uzXSR4O +tcU+FuspniPNDTuMKxPk45SOSsJEvXciXLK7LrJboeyBLpH8avPeAJkCgYEAgwJ/ +/iw/eJiHDbFZvxaUKnEYoylwZbk5J5f6FQ52OS2D7srsE6QlWaIn8wKiZivKJ/Hd +yBMva9CfQrWfIMCmVSnYIlMDZ80O0XAOfSb993XAsZaSyNjpnUxdr5FIFRNLkIMN +pZ9gBjNPvWp3tOyrgmZg6Mqp7QGqCzvFS8cupgECgYBLM3bufFd34WvIIduXO3bG +eJJSLBBKIkVFl0je37ywpNLryC3M9t8TO2l5zgh3fLtAMvgmT2Z8RCl0MO2jIZun +pJ9rHrFGv2eemhWjZrJ764fMvCZwcRYGjmt6rS9kYu++P/oa5a8Ha1rk4vjyfkqc +ZST4CHitTJLQgNwQUPMRkqA/MD0GCisGAQQBkggSCAExLzAtBglghkgBZQMEAgIE +ILWm/DHKGyMQovHstoEtkzhztk8rmVuJOkhzfJf+y/a3 +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-subca-dsa.pem b/tests/cert-tests/data/key-subca-dsa.pem new file mode 100644 index 0000000..98f74e3 --- /dev/null +++ b/tests/cert-tests/data/key-subca-dsa.pem @@ -0,0 +1,21 @@ +Setting log level to 2 +-----BEGIN DSA PRIVATE KEY----- +MIIDTwIBAAKCAQEA4S+RSYF4Ofkhh9CiEug5GaopwisjrRbUd/C4TVbFyG3Q7H6B +aFRag96a3JSd2BKeBqtgl2xx2gXQO1oxxDnkqYyv4j8WSI1R0RIXBeO9izeFeAWl +LQzMeRn7me3JAaVYbgrFgVb0BY/Ob6cZtkV5LRNSKkHre+YWY7tzzQDqGz/H+d1o +7UILiqTryIyYX6+0rHjxTxmxKF3xOkGFJYvBZtzZa7aCqpNeqnMLMdku2SbHNpyu +7yBFA9GY0zNMe8jwBjEuoZIkF9MVY9sopCLR1YW3GvtMOTvsnDV3VpS28MTQkEyz +syYyqONK3Em0UUhjYehSSp/n15EgVYhKrJioVwIdAIXSpNyteqPR2NrFg7QLTD5v +HK3O/fd9xT6YlT0CggEBANhamrmZUys+YHUsM95BhbSHCcgItme7euBSCiP8DL++ +0vaPLXNmv21DqP5aYAowUVBL86jJe1NoK+Cs65pjUzGvXVbeW1pptA1pkMXlw8VR +MdczJleTwHevrk389UrSXXs4Jd7KfO52y5Aw7FLhTt1ggZH+sDaTO2NdlqOk6t/s ++6lsbtI1iMXWytDiuG5U2mRY7w8hkIneEST/BElA4quUaDHNd/99IkvhUuqJK2pb +TwNrNnBEr34IMlR9gYloc0AoZ9mi9127xEdi59dZ0hdPWhqX/DJXMOXoT39j8Z4h +av0sCloW6m5oPY2LUjl11n1hHoS/CqZWWvNkJ4jLjaMCggEBAK4fM+fc8iuowcuT +nmunkNr08VzCtcOZeo7cqP09VjyRQBk69ZSSFa0CiKRuTexrzwP9zXGgabCklfK/ +y07OX5/EVQOGeDWCz6KNY7xqME20yOLerDOIDZLE8wkDaxJuuyGa7rEtD76rk+D3 +usYc83aK9fA8tkegei/Kt/o4dGlunpl9bWWRLxVVEdBIJe4Pst775tD1MNwr8uFY +0v0HHdDvPhrD+GWtK+2Mlg8tT50mNsJZFdiqYR76+WgPaPweY1zZ7aK294Qcmn7G +m94kJ3UusICP0iVlhqXF4lVmOXp1+Ido77OOnRBGNfZes7IM1+icyM+ZoKyCLRDZ +TL1zYHECHADNHOMk9jl5zXkL4sIi+LX7Hvav8/CtwdW2aVs= +-----END DSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-subca.pem b/tests/cert-tests/data/key-subca.pem new file mode 100644 index 0000000..bf782b5 --- /dev/null +++ b/tests/cert-tests/data/key-subca.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCs10rMBAozD8bi/KN5HG1HfD5SDePcffzzQAqnw/RdCOOtTDk5 +CfuJOu0xvtxSBj1LnF4F5lQYFKdIn59+efk2V1iCmpmtONzNMUdOxStIYbMH1zfo +8G5Q+jdEqA3GpqnZHTfKYQRtqce2NfUSL5EjOdcQeW9TF4i3+hhyf7+OFwIDAQAB +AoGAAyaBAi7BHNa1VeYPaoViA6aNiupz5gX4FrBOek13SgNG6Va8cvIKoq8oK2y7 +gjkDjwEl3SQcLkraFNgE4hssmx9nnzjS0PL+SSVxaUssQEOLfqwRL7DjSVuqN3lG ++DwA88o2jZcUeYk0KMfPh4BXndRoxSl+NLIXqUM0mDKAD/kCQQDPdoC/Na3hb3dR +783T6Dv/Wip3FJOTgQW00JPo7z/VRWD26O4Gcu7QyWp7cE1jTJBmmFGk99UwhaQj +dqorPuYbAkEA1UcxH4IAVbW9p4zsFtC62VCOOVTXnwJi2ukyV98sSpoQ8BxHd1fD +TcimvlVjUP44elisS69KNvFnkLQmfDZntQJAZYhvliTlRnFRCi68ozsDMgOkyMav +Ov9oFYgG+3cr3Gqp++0foNRbAJ+yl1rs5O4xtaRSQNRx599f52NKAQQ1hQJAOtTe +ihB0QzBU1oka/tgpEpUUBmCO8f/YgQZeqrqXHyUMkw9Z72O4LhaxWEN5l/foYGdh +b6c0058XsGThUNY5GQJBAIqgWAWIayeIOdIRY4jVGjbCeF3TK+KkBE9i+wPXPg/r +togrwce4wYHadBHNeyYnKiIikqc7Lp9dMcvITWyCk2s= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-subsubca.pem b/tests/cert-tests/data/key-subsubca.pem new file mode 100644 index 0000000..fca7c9d --- /dev/null +++ b/tests/cert-tests/data/key-subsubca.pem @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBALsQ5pEpMchi/O8d7+qvAwH19OcTzvszd29dbva83gcydAMAh243 +a6d+6NsakKliKqsNpPvhg3o7/J9vnGWJq7UCAwEAAQJAGKXpL3LNWbE7URlxeYt+ +WrWJA6KPSPeW0uBthMrNeYaRXU8W17aYQ99yYe5K4fRrBA0B92XAlTn8alrxrPXk +UQIhANH6YN5FXdj2tqdayyoF1ExXuedwLxOUF8cwEfZxH44RAiEA5BD0nxuoyKtZ +y4OYfbfjyIHL4UljLeZ+wgzkxB1pr2UCIDm6nps9cvnNipYkTir1g1Kh48iPfUHi +u07WFnosy8IhAiAtdIus4pBjXnOJMnNEK1CE+AmwnzXbQiNlfbhithIIWQIgJNOP +k0WdX6yK471z5Sfl3T+9fsA5p0qgyNVF0qf18TY= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-user.pem b/tests/cert-tests/data/key-user.pem new file mode 100644 index 0000000..6b3b30d --- /dev/null +++ b/tests/cert-tests/data/key-user.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC88r7u5NXiSE352QYT9V9FjaLHtr22D9o+Yp+U7QFs453YBCS8 +zJOTnTONQGr74YWDbYvTPc/biFtTeGaV0tRdIdqYCi7v21koCE7Wx2ZLQRckFt7z +ks5e+AaKuPVfiE5Hxpg8TQdGruaIZ56+p/fboFv4M52r+iWjhvhn7zOQ5QIDAQAB +AoGAAtx1W7S6ls41fN6pouYiTTFTd7OJGxd39iqtwL/3nfVMaWSWq20406sCIgkJ +r0q/Wzm7b+inTx6F4E7m1S0q6tkK19SktgIuza4ZyMoKvGwG8I2Y/PkHBqV0kSg5 +WQZDqoIrPdWvAgZxpfJaCcLsJ1xTG+A7JsCyerDpWw+lm/kCQQDO6vRLy/4cTjvR +7E8dCwf4mzOzGyx8pTPRXEFdjtqrUODmr/C5XfQXKmAxMMYU8WQT9UBP5PmgKv7x +EOGS9CLTAkEA6cSXzblzbLLWuSd8Qb87WPOwe7f4gf0XAldFiqG79eKvJWo0BL2E +x0iyRek/NszrnEYPdPI53xQUspPZeXt6ZwJAUkp+/eYTGY7Dm6kvjY1ljimrVf/o +oWnSQeE+3caCkL+JsjUmt5H2EYB44RdUr9+QvZ88BIo7/MccvSLJk3gkoQJAdTes +3u1k4VZzsPgJqHYZbisTjZXcOGIODZBxQGiE9XCrXll4p//X+o2LRt8EYZgzdHL1 +ATEMr71D+5+DZxTxdQJAHN+23/N2giXF1Ls3w4uetxRwLmkNGnpgD0/o+9Kh56xO +hd6hDqJLqGixQFVpF13l1vEg8R/r5JjhYt8E3JMtlA== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/key-utf8-1.p12 b/tests/cert-tests/data/key-utf8-1.p12 new file mode 100644 index 0000000..d57d12c Binary files /dev/null and b/tests/cert-tests/data/key-utf8-1.p12 differ diff --git a/tests/cert-tests/data/key-utf8-2.p12 b/tests/cert-tests/data/key-utf8-2.p12 new file mode 100644 index 0000000..40f2db6 Binary files /dev/null and b/tests/cert-tests/data/key-utf8-2.p12 differ diff --git a/tests/cert-tests/data/long-dns.pem b/tests/cert-tests/data/long-dns.pem new file mode 100644 index 0000000..fde11e4 --- /dev/null +++ b/tests/cert-tests/data/long-dns.pem @@ -0,0 +1,51 @@ +-----BEGIN CERTIFICATE----- +MIIJKTCCCJKgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCCAvgxgfowgfcGA1UEAxOB +73N1cGVyLXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12 +ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5 +LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl +cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt +dmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LWxvbmcuY29t +MYH6MIH3BgNVBAoTge9zdXBlci12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy +eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12 +ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5 +LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl +cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt +dmVyeS1sb25nIG9yZzGB+zCB+AYDVQQLE4Hwc3VwZXItdmVyeS12ZXJ5LXZlcnkt +dmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy +eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12 +ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5 +LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl +cnktdmVyeS12ZXJ5LXZlcnktbG9uZyBkZXB0MB4XDTA3MDQyMjAwMDAwMFoXDTE0 +MDUyNTAwMDAwMFowggL4MYH6MIH3BgNVBAMTge9zdXBlci12ZXJ5LXZlcnktdmVy +eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12 +ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5 +LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl +cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt +dmVyeS12ZXJ5LXZlcnktdmVyeS1sb25nLmNvbTGB+jCB9wYDVQQKE4Hvc3VwZXIt +dmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy +eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12 +ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5 +LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl +cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktbG9uZyBvcmcxgfswgfgG +A1UECxOB8HN1cGVyLXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt +dmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy +eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12 +ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5 +LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LWxv +bmcgZGVwdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApcbOdUOEv2SeAicT +8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOYHhxKOPczLXqfctRrbSawMTdw +EPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMYnBp6HWmvRwJgeh+56M/byDQw +UZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaOCAb0wggG5MAwGA1UdEwEB/wQCMAAw +ggEzBgNVHREEggEqMIIBJoKB73N1cGVyLXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy +eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12 +ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5 +LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl +cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt +dmVyeS12ZXJ5LWxvbmcuY29tghN3d3cubW9yZXRoYW5vbmUub3Jnghd3d3cuZXZl +bm1vcmV0aGFub25lLm9yZ4cEwKgBATATBgNVHSUEDDAKBggrBgEFBQcDATAOBgNV +HQ8BAf8EBAMCB4AwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMC4GA1Ud +HwQnMCUwI6AhoB+GHWh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwvMA0GCSqG +SIb3DQEBCwUAA4GBAHjr0dEvjOx+BOIfe0e5lihH0qunfQ/yp5+I5c4GEoZj+uAB +hX2LSE9K2/qbuHTkqMz0j+fSsh4iitDGzOpkh8JP67v/8ldnGOv0DUJ1vGTmVdLb +EcPM28Iw1imbUny7q6KV/AnNbXUW9ox24HP0taIf5oUjaZG09B/bAIrbl+CV +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/long-oids.pem b/tests/cert-tests/data/long-oids.pem new file mode 100644 index 0000000..15e8b3e --- /dev/null +++ b/tests/cert-tests/data/long-oids.pem @@ -0,0 +1,175 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 35738caf21eabd2d + Issuer: CN=sat-r220-10.lab.eng.rdu2.redhat.com,OU=SomeOrgUnit,O=Katello,L=Raleigh,ST=North Carolina,C=US + Validity: + Not Before: Fri Jul 01 18:54:17 UTC 2016 + Subject: CN=8a88801755a7c9070155a7cfbe360004 + Subject Public Key Algorithm: RSA + Algorithm Security Level: Medium (2048 bits) + Modulus (bits 2048): + 00:dc:70:8b:9c:84:e9:3e:79:8f:03:e5:5f:21:f0:29 + 9e:d9:94:4e:0f:37:45:47:42:da:2a:e0:da:f5:8b:fa + e1:f8:62:51:14:9d:9e:e0:c7:69:d0:3d:fc:25:2f:b6 + 10:45:bd:0d:bc:92:86:54:bb:4e:7d:d4:92:75:65:ba + 48:a4:64:a1:eb:f7:e7:dc:c0:d7:0a:5e:36:13:0e:4e + 35:cc:2c:c6:f3:e7:e7:e5:32:8a:0c:f7:47:28:7a:02 + c2:68:66:19:3a:ba:ca:31:e2:dd:43:be:26:4c:80:12 + 0c:ae:44:40:eb:69:7d:9e:58:d3:ab:af:69:e6:54:ae + 7d:80:ee:2c:10:e9:bb:5e:6b:89:15:2e:2c:72:26:ba + 7f:e5:a3:66:c5:98:c6:57:bf:05:1e:55:93:a6:16:83 + a6:88:79:8f:4e:b5:7e:70:eb:f0:a9:a6:d5:f9:1f:e6 + ab:70:06:43:e0:de:82:ad:0e:04:17:2b:69:82:40:98 + 84:14:00:2a:a2:da:61:7b:35:ac:71:05:43:6f:55:3a + 28:4b:d1:a4:eb:3b:f5:03:c2:f8:3c:fd:0a:c4:99:1d + a7:7d:08:5c:d1:15:70:73:b9:dc:5c:f2:fe:2c:c6:21 + 8a:be:bd:52:37:64:04:e5:06:3e:c6:62:a1:e9:8e:cb + c1 + Exponent (bits 24): + 01:00:01 + Extensions: + Unknown extension 2.16.840.1.113730.1.1 (not critical): + ASCII: .... + Hexdump: 030205a0 + Key Usage (not critical): + Digital signature. + Key encipherment. + Data encipherment. + Authority Key Identifier (not critical): + directoryName: CN=sat-r220-10.lab.eng.rdu2.redhat.com,OU=SomeOrgUnit,O=Katello,L=Raleigh,ST=North Carolina,C=US + serial: 00a4e7caebbe435dcc + caca62860405f0f59b38d22c3c8c650fc6baa53c + Subject Key Identifier (not critical): + 0e8d7b53ba5a9e9244e56458a1db8347053e32d3 + Key Purpose (not critical): + TLS WWW Client. + Unknown extension 1.3.6.1.4.1.2312.9.1.1467399257435.1 (not critical): + ASCII: ..mordor_ueber_product + Hexdump: 0c146d6f72646f725f75656265725f70726f64756374 + Unknown extension 1.3.6.1.4.1.2312.9.1.1467399257435.3 (not critical): + ASCII: .. + Hexdump: 0c00 + Unknown extension 1.3.6.1.4.1.2312.9.1.1467399257435.2 (not critical): + ASCII: .. + Hexdump: 0c00 + Unknown extension 1.3.6.1.4.1.2312.9.1.1467399257435.5 (not critical): + ASCII: .. + Hexdump: 0c00 + Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1 (not critical): + ASCII: ..yum + Hexdump: 0c0379756d + Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.1 (not critical): + ASCII: ..ueber_content + Hexdump: 0c0d75656265725f636f6e74656e74 + Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.2 (not critical): + ASCII: ..1467399257435_ueber_content + Hexdump: 0c1b313436373339393235373433355f75656265725f636f6e74656e74 + Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.5 (not critical): + ASCII: ..Custom + Hexdump: 0c06437573746f6d + Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.6 (not critical): + ASCII: ../mordor + Hexdump: 0c072f6d6f72646f72 + Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.7 (not critical): + ASCII: .. + Hexdump: 0c00 + Unknown extension 1.3.6.1.4.1.2312.9.2.1467399257458.1.8 (not critical): + ASCII: ..1 + Hexdump: 0c0131 + Unknown extension 1.3.6.1.4.1.2312.9.4.1 (not critical): + ASCII: ..mordor_ueber_product + Hexdump: 0c146d6f72646f725f75656265725f70726f64756374 + Unknown extension 1.3.6.1.4.1.2312.9.4.2 (not critical): + ASCII: .. + Hexdump: 0c00 + Unknown extension 1.3.6.1.4.1.2312.9.4.3 (not critical): + ASCII: ..1467399257435 + Hexdump: 0c0d31343637333939323537343335 + Unknown extension 1.3.6.1.4.1.2312.9.4.5 (not critical): + ASCII: ..1 + Hexdump: 0c0131 + Unknown extension 1.3.6.1.4.1.2312.9.4.6 (not critical): + ASCII: ..2016-07-01T18:54:17Z + Hexdump: 0c14323031362d30372d30315431383a35343a31375a + Unknown extension 1.3.6.1.4.1.2312.9.4.7 (not critical): + ASCII: ..2049-12-01T13:00:00Z + Hexdump: 0c14323034392d31322d30315431333a30303a30305a + Unknown extension 1.3.6.1.4.1.2312.9.4.12 (not critical): + ASCII: ..0 + Hexdump: 0c0130 + Unknown extension 1.3.6.1.4.1.2312.9.4.14 (not critical): + ASCII: ..0 + Hexdump: 0c0130 + Unknown extension 1.3.6.1.4.1.2312.9.4.11 (not critical): + ASCII: ..1 + Hexdump: 0c0131 + Unknown extension 1.3.6.1.4.1.2312.9.5.1 (not critical): + ASCII: .$9453f8e6-84b2-482e-a3ea-01c3b3e266a5 + Hexdump: 0c2439343533663865362d383462322d343832652d613365612d303163336233653236366135 + Signature Algorithm: RSA-SHA1 + Signature: + f7:4d:f3:30:53:cd:35:bf:49:07:29:9b:f0:7a:aa:49 + 60:da:ce:14:45:b5:32:8f:da:c3:ce:6b:ec:bf:20:c0 + 05:a3:3a:89:c4:7d:66:34:fc:f3:16:b8:f3:03:da:fc + 82:4a:b8:97:f8:67:3d:c2:8c:78:b4:6d:b8:bb:18:ec + 36:ee:c4:28:79:da:fe:a1:1f:af:0b:3f:e4:75:de:83 + ff:6b:f9:11:60:09:57:ea:85:34:ed:60:e2:94:8b:d6 + f2:21:9b:da:97:99:f3:0d:a9:0f:b5:3b:3a:8f:96:8d + 0b:df:30:17:03:e6:47:c3:71:32:09:18:bc:c0:a9:83 + 7e:b7:5f:5c:bb:eb:0a:18:3f:a9:40:98:ae:57:ab:99 + 3d:47:1b:98:8a:dc:6e:85:a2:ea:5e:21:80:a9:b5:48 + c9:1d:63:c1:1b:e6:01:a1:bd:84:38:7f:1a:43:a5:d4 + 7f:41:5b:f6:88:33:b0:f1:b8:8f:e1:39:69:6f:60:13 + d3:5d:70:de:95:0d:2f:a9:89:6c:d4:3a:eb:22:59:e6 + 31:67:71:a5:ed:fb:cb:20:11:0c:31:2e:e0:98:9a:3b + 9c:7b:a2:74:6f:87:97:a1:d9:82:7f:7d:62:6b:45:6c + 0b:5e:25:43:8a:20:16:7d:e5:84:18:3f:7c:da:fc:f9 +Other Information: + Fingerprint: + sha1:562de99ca9cd44ea93399ddfe902189f54fc1a4e + sha256:2c17e1d8f33d7d4f6737978f74338b6f5007247a6c1dfdc2336095837979a130 + Public Key ID: + sha1:d2e82f7dcb5150dd512201753aa90bec77b39a7d + sha256:01c62db2e09e811cd9c52b041c67be79fc665b86a1ca62ce8028e3b19ede89d8 + Public Key PIN: + pin-sha256:AcYtsuCegRzZxSsEHGe+efxmW4ahymLOgCjjsZ7eidg= + +-----BEGIN CERTIFICATE----- +MIIG3DCCBcSgAwIBAgIINXOMryHqvS0wDQYJKoZIhvcNAQEFBQAwgY4xCzAJBgNV +BAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBxMHUmFsZWln +aDEQMA4GA1UEChMHS2F0ZWxsbzEUMBIGA1UECxMLU29tZU9yZ1VuaXQxLDAqBgNV +BAMTI3NhdC1yMjIwLTEwLmxhYi5lbmcucmR1Mi5yZWRoYXQuY29tMB4XDTE2MDcw +MTE4NTQxN1oXDTQ5MTIwMTEzMDAwMFowKzEpMCcGA1UEAxMgOGE4ODgwMTc1NWE3 +YzkwNzAxNTVhN2NmYmUzNjAwMDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDccIuchOk+eY8D5V8h8Cme2ZRODzdFR0LaKuDa9Yv64fhiURSdnuDHadA9 +/CUvthBFvQ28koZUu0591JJ1ZbpIpGSh6/fn3MDXCl42Ew5ONcwsxvPn5+Uyigz3 +Ryh6AsJoZhk6usox4t1DviZMgBIMrkRA62l9nljTq69p5lSufYDuLBDpu15riRUu +LHImun/lo2bFmMZXvwUeVZOmFoOmiHmPTrV+cOvwqabV+R/mq3AGQ+Degq0OBBcr +aYJAmIQUACqi2mF7NaxxBUNvVTooS9Gk6zv1A8L4PP0KxJkdp30IXNEVcHO53Fzy +/izGIYq+vVI3ZATlBj7GYqHpjsvBAgMBAAGjggOeMIIDmjARBglghkgBhvhCAQEE +BAMCBaAwCwYDVR0PBAQDAgSwMIHDBgNVHSMEgbswgbiAFMrKYoYEBfD1mzjSLDyM +ZQ/GuqU8oYGUpIGRMIGOMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fy +b2xpbmExEDAOBgNVBAcTB1JhbGVpZ2gxEDAOBgNVBAoTB0thdGVsbG8xFDASBgNV +BAsTC1NvbWVPcmdVbml0MSwwKgYDVQQDEyNzYXQtcjIyMC0xMC5sYWIuZW5nLnJk +dTIucmVkaGF0LmNvbYIJAKTnyuu+Q13MMB0GA1UdDgQWBBQOjXtTulqekkTlZFih +24NHBT4y0zATBgNVHSUEDDAKBggrBgEFBQcDAjAqBhArBgEEAZIICQGq2r6++lsB +BBYMFG1vcmRvcl91ZWJlcl9wcm9kdWN0MBYGECsGAQQBkggJAaravr76WwMEAgwA +MBYGECsGAQQBkggJAaravr76WwIEAgwAMBYGECsGAQQBkggJAaravr76WwUEAgwA +MBkGECsGAQQBkggJAqravr76cgEEBQwDeXVtMCQGESsGAQQBkggJAqravr76cgEB +BA8MDXVlYmVyX2NvbnRlbnQwMgYRKwYBBAGSCAkCqtq+vvpyAQIEHQwbMTQ2NzM5 +OTI1NzQzNV91ZWJlcl9jb250ZW50MB0GESsGAQQBkggJAqravr76cgEFBAgMBkN1 +c3RvbTAeBhErBgEEAZIICQKq2r6++nIBBgQJDAcvbW9yZG9yMBcGESsGAQQBkggJ +Aqravr76cgEHBAIMADAYBhErBgEEAZIICQKq2r6++nIBCAQDDAExMCQGCisGAQQB +kggJBAEEFgwUbW9yZG9yX3VlYmVyX3Byb2R1Y3QwEAYKKwYBBAGSCAkEAgQCDAAw +HQYKKwYBBAGSCAkEAwQPDA0xNDY3Mzk5MjU3NDM1MBEGCisGAQQBkggJBAUEAwwB +MTAkBgorBgEEAZIICQQGBBYMFDIwMTYtMDctMDFUMTg6NTQ6MTdaMCQGCisGAQQB +kggJBAcEFgwUMjA0OS0xMi0wMVQxMzowMDowMFowEQYKKwYBBAGSCAkEDAQDDAEw +MBEGCisGAQQBkggJBA4EAwwBMDARBgorBgEEAZIICQQLBAMMATEwNAYKKwYBBAGS +CAkFAQQmDCQ5NDUzZjhlNi04NGIyLTQ4MmUtYTNlYS0wMWMzYjNlMjY2YTUwDQYJ +KoZIhvcNAQEFBQADggEBAPdN8zBTzTW/SQcpm/B6qklg2s4URbUyj9rDzmvsvyDA +BaM6icR9ZjT88xa48wPa/IJKuJf4Zz3CjHi0bbi7GOw27sQoedr+oR+vCz/kdd6D +/2v5EWAJV+qFNO1g4pSL1vIhm9qXmfMNqQ+1OzqPlo0L3zAXA+ZHw3EyCRi8wKmD +frdfXLvrChg/qUCYrlermT1HG5iK3G6FoupeIYCptUjJHWPBG+YBob2EOH8aQ6XU +f0Fb9ogzsPG4j+E5aW9gE9NdcN6VDS+piWzUOusiWeYxZ3Gl7fvLIBEMMS7gmJo7 +nHuidG+Hl6HZgn99YmtFbAteJUOKIBZ95YQYP3za/Pk= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/long-serial.pem b/tests/cert-tests/data/long-serial.pem new file mode 100644 index 0000000..3d86aab --- /dev/null +++ b/tests/cert-tests/data/long-serial.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEMzCCA5ygAwIBAgIUEjRWeJCrze/+3LoJh2VDIavN7xIwDQYJKoZIhvcNAQEL +BQAwgbgxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kxEjAQBgNVBAoTCUtv +a28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTATBgNVBAMTDENpbmR5 +IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEP +MA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMB4X +DTA3MDQyMjAwMDAwMFoXDTE0MDUyNTAwMDAwMFowgbgxCzAJBgNVBAYTAkdSMQ8w +DQYDVQQIEwZBdHRpa2kxEjAQBgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xl +ZXBpbmcgZGVwdC4xFTATBgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixk +AQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJ +KoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5ge +HEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+Mxic +Gnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IBNjCC +ATIwDwYDVR0TAQH/BAUwAwEB/zBqBgNVHREEYzBhggx3d3cubm9uZS5vcmeCE3d3 +dy5tb3JldGhhbm9uZS5vcmeCF3d3dy5ldmVubW9yZXRoYW5vbmUub3JnhwTAqAEB +gQ1ub25lQG5vbmUub3JngQ53aGVyZUBub25lLm9yZzATBgNVHSUEDDAKBggrBgEF +BQcDCTAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLK +cjZfMG8GA1UdHwRoMGYwZKBioGCGHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRj +cmwxL4YeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDIvhh5odHRwOi8vd3d3 +LmdldGNybC5jcmwvZ2V0Y3JsMy8wDQYJKoZIhvcNAQELBQADgYEAecQIu9BfIWdu +KBlYZYKNtc+7m/9z7LRykpRc4dOZ/OzrZ+aVHqjAWyIxHMhDLqGhV0kHmLFQdrfs +pvIbHZ7e2FB+u5kQK+I0wYM7m2IJGV56Fvjxeedhc+AWOBihGOBX7kkCD1v5iX2U +mJlAAVQFAG0UpjeJEDKvuLxkmQFX2Fw= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/mac-sha512.p12 b/tests/cert-tests/data/mac-sha512.p12 new file mode 100644 index 0000000..6a5a7f0 Binary files /dev/null and b/tests/cert-tests/data/mac-sha512.p12 differ diff --git a/tests/cert-tests/data/mem-leak.p12 b/tests/cert-tests/data/mem-leak.p12 new file mode 100644 index 0000000..e4eaff3 Binary files /dev/null and b/tests/cert-tests/data/mem-leak.p12 differ diff --git a/tests/cert-tests/data/multi-value-dn.pem b/tests/cert-tests/data/multi-value-dn.pem new file mode 100644 index 0000000..fe8c530 --- /dev/null +++ b/tests/cert-tests/data/multi-value-dn.pem @@ -0,0 +1,65 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 09 + Issuer: C=CZ,O=corp+O=big corp+O=another corp,OU=arbitrary,UID=user,CN=unknown+CN=multi-test+CN=multi-test + Validity: + Not Before: Mon Oct 31 15:53:52 UTC 2016 + Not After: Tue Oct 31 15:53:52 UTC 2017 + Subject: C=CZ,O=corp+O=big corp+O=another corp,OU=arbitrary,UID=user,CN=unknown+CN=multi-test+CN=multi-test + Subject Public Key Algorithm: RSA + Algorithm Security Level: Low (1024 bits) + Modulus (bits 1024): + 00:c0:0f:cd:3a:34:fb:58:cf:e6:2a:af:ad:52:1f:cf + b3:87:e4:d4:de:f7:2b:9f:13:25:5c:c1:3e:5b:f7:45 + 8d:d0:ff:b5:b9:95:73:7a:f0:65:da:9d:dc:8d:17:d0 + c4:56:64:5d:53:1c:d1:6d:29:6e:63:bc:79:ce:90:76 + f8:33:ce:51:3e:ef:cb:fd:ad:7f:92:db:ae:93:6c:4f + 93:7f:03:80:49:f9:34:4c:12:4f:f9:03:68:bb:69:e7 + a1:ee:65:3a:f2:52:f4:7b:74:37:d7:04:ba:79:6e:2c + be:cb:f8:99:d7:fb:2b:c6:bb:39:f5:47:c6:55:e5:84 + 7b + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Subject Key Identifier (not critical): + 753ab7fc73642914496111fdce90cbf63d1c8a13 + Signature Algorithm: RSA-SHA256 + Signature: + a3:42:6f:c5:b0:1a:5d:5e:ef:91:17:c0:64:0c:84:c3 + 53:33:23:e1:6f:83:21:0e:7f:0c:25:08:fa:0c:83:55 + d5:58:bc:cf:59:2a:d3:23:fa:f0:31:f8:3b:6a:3a:55 + 32:8b:38:a3:f2:1d:ee:be:ad:bd:d6:d7:26:c0:fc:d5 + 33:cf:3a:f1:3a:57:43:d9:a2:1f:39:c5:2c:07:00:65 + 7f:e5:08:53:bf:42:8f:dd:c2:69:39:c3:e6:92:49:bb + 63:ce:99:58:38:13:5b:15:c2:bd:27:ea:fd:7b:0e:30 + e7:37:c6:47:ce:03:e7:5a:19:2a:90:a8:93:89:e9:9d +Other Information: + Fingerprint: + sha1:3cd23994f8e12b98462899fd30d6750f153dba7f + sha256:9442533a526ab64a4fb32b87898fae2d6dd7e85730926a58ff5f5cb9fd810b0e + Public Key ID: + sha1:753ab7fc73642914496111fdce90cbf63d1c8a13 + sha256:0ffb94e70ee41e39af7547fb6eeead068e23a97e2d188521c471b75d772ff51b + Public Key PIN: + pin-sha256:D/uU5w7kHjmvdUf7bu6tBo4jqX4tGIUhxHG3XXcv9Rs= + +-----BEGIN CERTIFICATE----- +MIIC7zCCAligAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBpDE2MA4GA1UEAxMHdW5r +bm93bjARBgNVBAMTCm11bHRpLXRlc3QwEQYDVQQDEwptdWx0aS10ZXN0MRQwEgYK +CZImiZPyLGQBARMEdXNlcjESMBAGA1UECxMJYXJiaXRyYXJ5MTMwCwYDVQQKEwRj +b3JwMA8GA1UEChMIYmlnIGNvcnAwEwYDVQQKEwxhbm90aGVyIGNvcnAxCzAJBgNV +BAYTAkNaMB4XDTE2MTAzMTE1NTM1MloXDTE3MTAzMTE1NTM1MlowgaQxNjAOBgNV +BAMTB3Vua25vd24wEQYDVQQDEwptdWx0aS10ZXN0MBEGA1UEAxMKbXVsdGktdGVz +dDEUMBIGCgmSJomT8ixkAQETBHVzZXIxEjAQBgNVBAsTCWFyYml0cmFyeTEzMAsG +A1UEChMEY29ycDAPBgNVBAoTCGJpZyBjb3JwMBMGA1UEChMMYW5vdGhlciBjb3Jw +MQswCQYDVQQGEwJDWjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwA/NOjT7 +WM/mKq+tUh/Ps4fk1N73K58TJVzBPlv3RY3Q/7W5lXN68GXandyNF9DEVmRdUxzR +bSluY7x5zpB2+DPOUT7vy/2tf5LbrpNsT5N/A4BJ+TRMEk/5A2i7aeeh7mU68lL0 +e3Q31wS6eW4svsv4mdf7K8a7OfVHxlXlhHsCAwEAAaMvMC0wDAYDVR0TAQH/BAIw +ADAdBgNVHQ4EFgQUdTq3/HNkKRRJYRH9zpDL9j0cihMwDQYJKoZIhvcNAQELBQAD +gYEAo0JvxbAaXV7vkRfAZAyEw1MzI+FvgyEOfwwlCPoMg1XVWLzPWSrTI/rwMfg7 +ajpVMos4o/Id7r6tvdbXJsD81TPPOvE6V0PZoh85xSwHAGV/5QhTv0KP3cJpOcPm +kkm7Y86ZWDgTWxXCvSfq/XsOMOc3xkfOA+daGSqQqJOJ6Z0= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/name-constraints-ip.pem b/tests/cert-tests/data/name-constraints-ip.pem new file mode 100644 index 0000000..0201035 --- /dev/null +++ b/tests/cert-tests/data/name-constraints-ip.pem @@ -0,0 +1,53 @@ +-----BEGIN CERTIFICATE----- +MIICxjCCAnCgAwIBAgIQOsmz/d7cf+WhNKylxDbm1zANBgkqhkiG9w0BAQUFADBj +MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRkwFwYDVQQDDBBG +b28gQmFyIFN1YiBDQSAxMSIwIAYDVQQLDBlQdWJsaWMgS2V5IEluZnJhc3RydWN0 +dXJlMB4XDTE1MDYzMDEyMzUzMVoXDTE2MDYyOTEyMzUzMVowPjELMAkGA1UEBhMC +VVMxFTATBgNVBAoMDEZvbyBCYXIgSW5jLjEYMBYGA1UEAwwPYmF6ei5mb29iYXIu +Y29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANr+wWT56hU7b5ftwyXueAA8FSEi +Fk9jkWuPciwZvpyGbJ2+TpVKrDB6ba2BKU86V1HZ/p6kuo8j0zpYKlNRZj0CAwEA +AaOCASMwggEfMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFL4ylKjM+AApHAF8Gfys +rJygnvK9MD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL2NhMS5w +a2kuZm9vYmFyLmNvbS9jYTEuY3J0MB8GA1UdIwQYMBaAFPncgjKS65+7jLsJYWtU ++W7ykYN4MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jYTEucGtpLmZvb2Jhci5j +b20vY2ExLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG +CCsGAQUFBwMBMC0GA1UdEQQmMCSCEXVwZGF0ZS5mb29iYXIuY29tgg9teC5mb29i +YXIuZW1haWwwDQYJKoZIhvcNAQEFBQADQQBdSaiErl6zvgmWqjHKhHhfEkpFgkan +k5iydgbkmq0bJmjGZNuWgWeVwmj78ZUseCJ2Y99Wa6kd16tpeaxNV72I +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPTCCAeegAwIBAgIQVoZzMQsSdNz+dz6vSFdYNTANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRgwFgYDVQQDDA9G +b28gQmFyIFJvb3QgQ0ExIjAgBgNVBAsMGVB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1 +cmUwHhcNMTUwNjMwMTIzMDU0WhcNMjUwNjI3MTIzMDU0WjBiMQswCQYDVQQGEwJV +UzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRgwFgYDVQQDDA9Gb28gQmFyIFJvb3Qg +Q0ExIjAgBgNVBAsMGVB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1cmUwXDANBgkqhkiG +9w0BAQEFAANLADBIAkEAvLHbrZg3Td1Jn3OjQJrIK55w4s94oR4jsJ+J9L+axDM1 +zHe2Uz43mzkB3x3sBqtQfEcYjHIDglDoV49N4qQZ+wIDAQABo3kwdzAPBgNVHRMB +Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzDdTJbyDAsAqhkaC +YKCAf305/uMwNQYDVR0eBC4wLKAqMCikJjAkMQswCQYDVQQGEwJVUzEVMBMGA1UE +CgwMRm9vIEJhciBJbmMuMA0GCSqGSIb3DQEBBQUAA0EAQhDKO09nYdp782z3M/4Q +2M4iXaLJlJ86h1kDzawl9n+y8cvrSEH4lx+5kBizXSzCorTtu53EAI/0HuJ0Q4I1 +9A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDcTCCAxugAwIBAgIQVoZzMQsSdNz+dz6vSFdYNjANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRgwFgYDVQQDDA9G +b28gQmFyIFJvb3QgQ0ExIjAgBgNVBAsMGVB1YmxpYyBLZXkgSW5mcmFzdHJ1Y3R1 +cmUwHhcNMTUwNjMwMTIzMTEyWhcNMjUwNjI3MTIzMTEyWjBjMQswCQYDVQQGEwJV +UzEVMBMGA1UECgwMRm9vIEJhciBJbmMuMRkwFwYDVQQDDBBGb28gQmFyIFN1YiBD +QSAxMSIwIAYDVQQLDBlQdWJsaWMgS2V5IEluZnJhc3RydWN0dXJlMFwwDQYJKoZI +hvcNAQEBBQADSwAwSAJBALrV5pk76M4Pc72m1N1xmlTXN3BD0hTV+AgO106NWx6e +t07sCG1OgJ7pfjF+/nLenOcH3rYOkPzGRAUmvPgc3ocCAwEAAaOCAaowggGmMBIG +A1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFPncgjKS65+7jLsJYWtU+W7ykYN4 +MD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAoYhaHR0cDovL3BraS5mb29iYXIu +Y29tL3Jvb3QtY2EuY3J0MB8GA1UdIwQYMBaAFMw3UyW8gwLAKoZGgmCggH99Of7j +MDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9wa2kuZm9vYmFyLmNvbS9yb290LWNh +LmNybDAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUF +BwMBMIGtBgNVHR4EgaUwgaKgSDAMggpmb29iYXIuY29tMA6CDGZvb2Jhci5lbWFp +bDAopCYwJDELMAkGA1UEBhMCVVMxFTATBgNVBAoMDEZvbyBCYXIgSW5jLqFWMBCC +Dnd3dy5mb29iYXIuY29tMBKCEHd3dy5mb29iYXIuZW1haWwwCocIAAAAAAAAAAAw +IocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQEF +BQADQQABhwF9me3nTbl8WwZnTrrjv8jK6Axqow6L2c506lASXVgOvsX/rM7aA8s5 +aynkhFxFYr3O/tRqwU1M9OMUwZ1h +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/name-constraints-ip2.pem b/tests/cert-tests/data/name-constraints-ip2.pem new file mode 100644 index 0000000..f9a4e56 --- /dev/null +++ b/tests/cert-tests/data/name-constraints-ip2.pem @@ -0,0 +1,90 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 00ab812be4100cc51f + Issuer: O=Default Company Ltd,L=Default City,C=CZ + Validity: + Not Before: Tue Mar 29 13:27:19 UTC 2016 + Not After: Fri Mar 27 13:27:19 UTC 2026 + Subject: O=Default Company Ltd,L=Default City,C=CZ + Subject Public Key Algorithm: RSA + Algorithm Security Level: Medium (2048 bits) + Modulus (bits 2048): + 00:bd:f5:71:49:57:0e:17:96:4d:2c:12:b5:bb:72:58 + 18:13:98:79:09:4d:e4:71:cb:da:a5:19:6d:75:ee:b4 + d7:2d:cb:a5:6b:4c:3b:d8:59:7c:fe:41:7d:07:bb:b7 + 83:6e:5f:05:ca:fb:b8:24:d8:f1:c0:21:d7:04:29:ca + 99:90:67:2a:5b:21:00:c3:c4:dd:4f:a7:c6:5e:6c:b5 + c3:9b:a4:b0:3c:fc:4f:0e:ae:fc:9f:70:81:a8:f6:f1 + f3:b8:d9:db:2d:88:b4:86:2d:26:d8:65:85:e9:86:ed + be:a8:12:5b:bb:8d:38:7f:05:82:71:b5:37:8c:46:e3 + 26:09:4d:db:ec:23:cb:63:e4:f3:a8:5c:50:a2:f8:6a + 4b:b8:ff:8b:11:68:28:9c:a7:2b:6e:08:0f:22:29:66 + 47:a8:ac:2d:10:60:53:da:e0:bf:e5:71:10:88:c8:b0 + bb:5d:32:bd:3c:77:50:7a:e3:83:7c:69:58:af:b5:05 + 49:61:e2:78:6f:88:fb:7a:e1:10:f3:c4:1e:da:17:12 + 85:bf:4c:53:4d:10:cd:b4:36:c3:7f:2e:ff:58:ef:6a + 19:68:1e:ad:77:80:e5:1e:d8:06:41:d3:2f:dd:6d:54 + c2:13:77:1b:dc:d9:2a:bb:37:c7:06:9d:ac:76:76:12 + 63 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (not critical): + Certificate Authority (CA): TRUE + Name Constraints (not critical): + Permitted: + IPAddress: 192.168.0.0/16 + IPAddress: 193.92.150.0/24 + IPAddress: fc7b:9a2a:3f0f:fec2::/64 + IPAddress: fca7:ac56:cffc:c34b:529:c15::/96 + IPAddress: fd2a:9d37:63de:cf00:66b3:63b9:74e6:0/112 + Signature Algorithm: RSA-SHA256 + Signature: + 6c:ba:1d:b6:8d:46:ef:e1:57:b1:db:99:05:f2:48:ea + 0c:d5:73:2f:e3:5a:c4:4c:19:3a:be:89:fe:75:b5:aa + 42:92:0c:a0:96:bd:62:6f:c7:2e:fa:31:f4:9d:b5:7f + d4:ff:8c:27:64:3a:56:a5:b7:84:0e:fc:59:f7:01:fa + 05:63:75:0d:31:e1:d6:8c:62:7e:6a:b5:0c:bb:ef:c9 + b8:ea:46:2a:9d:fd:72:ad:58:d3:8e:eb:0a:f0:7e:54 + 4a:97:0a:51:2b:36:bb:21:65:fe:22:10:17:6f:c7:ea + 7b:27:63:9b:54:32:56:a0:bf:36:ac:67:16:d1:19:ba + 31:10:61:64:ac:bf:c7:8a:ad:45:a0:79:11:28:2b:98 + 47:05:c0:3b:60:91:6b:1c:27:e1:04:fb:e0:4e:6a:95 + 67:0a:f4:58:9e:bd:db:df:28:a6:59:10:36:32:09:29 + 87:7e:29:b1:f3:9e:f7:ee:3c:4b:5a:f0:b6:06:98:e4 + 7f:9d:9d:e5:df:89:51:bd:cf:55:6c:b8:9e:30:c8:a2 + 00:3c:92:dc:ae:2c:6f:9f:1f:c5:6a:b2:90:9b:26:63 + 12:7f:10:02:39:ea:0f:e9:35:66:1c:bc:76:06:dc:6f + ea:7d:cb:38:06:3e:0e:d3:fe:9e:21:14:d5:56:23:98 +Other Information: + Fingerprint: + sha1:9d38c87dafe2a22e0a816bdad933261a1eb36843 + sha256:fa9a75cd439042b406a229276ee2c313cc758f95a9f729549a44bb4bd897f863 + Public Key ID: + sha1:6eb4659b8f1d564e7c09551636eb4c1f6db1c00b + sha256:feb180a57b0adeda7b9e29902b7cb0d9818eee8e53fdec881159cc2c73f575c7 + Public Key PIN: + pin-sha256:/rGApXsK3tp7nimQK3yw2YGO7o5T/eyIEVnMLHP1dcc= + +-----BEGIN CERTIFICATE----- +MIIDrjCCApagAwIBAgIJAKuBK+QQDMUfMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV +BAYTAkNaMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg +Q29tcGFueSBMdGQwHhcNMTYwMzI5MTMyNzE5WhcNMjYwMzI3MTMyNzE5WjBCMQsw +CQYDVQQGEwJDWjEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh +dWx0IENvbXBhbnkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +vfVxSVcOF5ZNLBK1u3JYGBOYeQlN5HHL2qUZbXXutNcty6VrTDvYWXz+QX0Hu7eD +bl8Fyvu4JNjxwCHXBCnKmZBnKlshAMPE3U+nxl5stcObpLA8/E8OrvyfcIGo9vHz +uNnbLYi0hi0m2GWF6YbtvqgSW7uNOH8FgnG1N4xG4yYJTdvsI8tj5POoXFCi+GpL +uP+LEWgonKcrbggPIilmR6isLRBgU9rgv+VxEIjIsLtdMr08d1B644N8aVivtQVJ +YeJ4b4j7euEQ88Qe2hcShb9MU00QzbQ2w38u/1jvahloHq13gOUe2AZB0y/dbVTC +E3cb3NkquzfHBp2sdnYSYwIDAQABo4GmMIGjMAwGA1UdEwQFMAMBAf8wgZIGA1Ud +HgSBijCBh6CBhDAKhwjAqAAA//8AADAKhwjBXJYA////ADAihyD8e5oqPw/+wgAA +AAAAAAAA//////////8AAAAAAAAAADAihyD8p6xWz/zDSwUpDBUAAAAA//////// +////////AAAAADAihyD9Kp03Y97PAGazY7l05gAA//////////////////8AADAN +BgkqhkiG9w0BAQsFAAOCAQEAbLodto1G7+FXsduZBfJI6gzVcy/jWsRMGTq+if51 +tapCkgyglr1ib8cu+jH0nbV/1P+MJ2Q6VqW3hA78WfcB+gVjdQ0x4daMYn5qtQy7 +78m46kYqnf1yrVjTjusK8H5USpcKUSs2uyFl/iIQF2/H6nsnY5tUMlagvzasZxbR +GboxEGFkrL/Hiq1FoHkRKCuYRwXAO2CRaxwn4QT74E5qlWcK9FievdvfKKZZEDYy +CSmHfimx85737jxLWvC2Bpjkf52d5d+JUb3PVWy4njDIogA8ktyuLG+fH8VqspCb +JmMSfxACOeoP6TVmHLx2Btxv6n3LOAY+DtP+niEU1VYjmA== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/no-ca-or-pathlen.pem b/tests/cert-tests/data/no-ca-or-pathlen.pem new file mode 100644 index 0000000..a9bf091 --- /dev/null +++ b/tests/cert-tests/data/no-ca-or-pathlen.pem @@ -0,0 +1,83 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 2e103703df46859d7a550da659618538 + Issuer: CN=VeriSign Class 1 CA Individual Subscriber-Persona Not Validated,OU=www.verisign.com/repository/RPA Incorp. By Ref.\,LIAB.LTD(c)98,OU=VeriSign Trust Network,O=VeriSign\, Inc. + Validity: + Not Before: Mon Jun 26 00:00:00 UTC 2000 + Not After: Fri Aug 25 23:59:59 UTC 2000 + Subject: EMAIL=simon@josefsson.org,CN=Simon Josefsson,OU=Digital ID Class 1 - Netscape,OU=Persona Not Validated,OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,OU=VeriSign Trust Network,O=VeriSign\, Inc. + Subject Public Key Algorithm: RSA + Modulus (bits 1024): + 00:c9:0c:ce:8a:fe:71:46:9b:ca:1d:e5:90:12:a5:11 + 0b:c6:2d:c4:33:c6:19:e8:60:59:4e:3f:64:3d:e4:f7 + 7b:b0:be:f9:10:07:e9:7c:a6:c6:5a:51:33:24:97:7b + a3:e1:08:b4:52:b6:06:10:7d:65:df:6e:52:bd:81:3f + 39:ad:b3:ad:17:13:88:22:e7:43:8c:39:b7:c2:c4:ba + 4a:8b:54:15:49:55:a4:4d:cc:00:56:7b:c8:63:4e:37 + de:fb:79:0f:45:dc:e9:5c:cd:70:f0:64:42:35:84:db + e6:59:a4:cb:4b:fe:0f:47:28:0c:35:11:a9:40:fc:ba + a5 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (not critical): + Certificate Authority (CA): FALSE + Certificate Policies (not critical): + 2.16.840.1.113733.1.7.1.8 + URI: https://www.verisign.com/rpa + Unknown extension 2.16.840.1.113730.1.1 (not critical): + ASCII: .... + Hexdump: 03020780 + Unknown extension 2.16.840.1.113733.1.6.3 (not critical): + ASCII: .vd4652bd63f2047029298763c9d2f275069c7359bed1b059da75bc4bc9701747da5d5e4141beadb2bd2e88317af7bf5d5114997a3bf45f8f3ea450c + Hexdump: 167664343635326264363366323034373032393239383736336339643266323735303639633733353962656431623035396461373562633462633937303137343764613564356534313431626561646232626432653838333137616637626635643531313439393761336266343566386633656134353063 + CRL Distribution points (not critical): + URI: http://crl.verisign.com/class1.crl + Signature Algorithm: RSA-MD5 +warning: signed using a broken signature algorithm that can be forged. + Signature: + 09:38:2f:57:9e:91:a4:d2:42:d9:d7:44:c1:d8:17:14 + 49:00:69:9f:6b:e4:95:93:35:fd:96:76:ff:8b:bf:9e + dd:05:6b:82:b2:f3:af:0f:f8:a0:2f:8d:65:08:27:54 + d4:8f:47:79:c9:be:d9:f9:ce:af:7f:2a:06:17:26:f3 + b9:e6:74:ba:b9:35:3e:36:56:5d:41:9c:ce:68:fc:db + c5:31:42:09:32:37:e7:b7:2e:a4:c5:51:e5:fe:e5:45 + 59:0c:44:ca:ce:ad:77:24:52:b4:78:5f:cc:4f:15:a7 + 8f:20:81:56:65:08:50:37:75:bc:a2:11:82:72:48:76 +Other Information: + Fingerprint: + sha1:8f735c5ddefd723f59b6a3bb2ac0522470c0182f + sha256:fc5b45b20c489393a457f177572920ac40bacba9d25cea51200822271eaf7d1f + Public Key ID: + sha1:1e09d707d4e3651b84dcb6c68a828d2affef7ec3 + sha256:118e72e3655150c895ecbd19b3634179fb4a87c7a25abefcb11f5d66661d5a4d + Public Key PIN: + pin-sha256:EY5y42VRUMiV7L0Zs2NBeftKh8eiWr78sR9dZmYdWk0= + +-----BEGIN CERTIFICATE----- +MIIEhDCCA+2gAwIBAgIQLhA3A99GhZ16VQ2mWWGFODANBgkqhkiG9w0BAQQFADCB +zDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy +dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9y +eS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1Zl +cmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEg +Tm90IFZhbGlkYXRlZDAeFw0wMDA2MjYwMDAwMDBaFw0wMDA4MjUyMzU5NTlaMIIB +CDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy +dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9y +eS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBl +cnNvbmEgTm90IFZhbGlkYXRlZDEmMCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAx +IC0gTmV0c2NhcGUxGDAWBgNVBAMUD1NpbW9uIEpvc2Vmc3NvbjEiMCAGCSqGSIb3 +DQEJARYTc2ltb25Aam9zZWZzc29uLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEAyQzOiv5xRpvKHeWQEqURC8YtxDPGGehgWU4/ZD3k93uwvvkQB+l8psZa +UTMkl3uj4Qi0UrYGEH1l325SvYE/Oa2zrRcTiCLnQ4w5t8LEukqLVBVJVaRNzABW +e8hjTjfe+3kPRdzpXM1w8GRCNYTb5lmky0v+D0coDDURqUD8uqUCAwEAAaOCASYw +ggEiMAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcBCDAqMCgGCCsG +AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMBEGCWCGSAGG+EIB +AQQEAwIHgDCBhgYKYIZIAYb4RQEGAwR4FnZkNDY1MmJkNjNmMjA0NzAyOTI5ODc2 +M2M5ZDJmMjc1MDY5YzczNTliZWQxYjA1OWRhNzViYzRiYzk3MDE3NDdkYTVkNWU0 +MTQxYmVhZGIyYmQyZTg4MzE3YWY3YmY1ZDUxMTQ5OTdhM2JmNDVmOGYzZWE0NTBj +MDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL2NsYXNz +MS5jcmwwDQYJKoZIhvcNAQEEBQADgYEACTgvV56RpNJC2ddEwdgXFEkAaZ9r5JWT +Nf2Wdv+Lv57dBWuCsvOvD/igL41lCCdU1I9Hecm+2fnOr38qBhcm87nmdLq5NT42 +Vl1BnM5o/NvFMUIJMjfnty6kxVHl/uVFWQxEys6tdyRStHhfzE8Vp48ggVZlCFA3 +dbyiEYJySHY= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/no-salt.p12 b/tests/cert-tests/data/no-salt.p12 new file mode 100644 index 0000000..37d2eb9 Binary files /dev/null and b/tests/cert-tests/data/no-salt.p12 differ diff --git a/tests/cert-tests/data/noclient.p12 b/tests/cert-tests/data/noclient.p12 new file mode 100644 index 0000000..80f3940 Binary files /dev/null and b/tests/cert-tests/data/noclient.p12 differ diff --git a/tests/cert-tests/data/openpgp-invalid10.pub b/tests/cert-tests/data/openpgp-invalid10.pub new file mode 100644 index 0000000..f1cd353 Binary files /dev/null and b/tests/cert-tests/data/openpgp-invalid10.pub differ diff --git a/tests/cert-tests/data/openpgp-invalid11.pub b/tests/cert-tests/data/openpgp-invalid11.pub new file mode 100644 index 0000000..cfdd992 Binary files /dev/null and b/tests/cert-tests/data/openpgp-invalid11.pub differ diff --git a/tests/cert-tests/data/openpgp-invalid9.pub b/tests/cert-tests/data/openpgp-invalid9.pub new file mode 100644 index 0000000..5fbab2a Binary files /dev/null and b/tests/cert-tests/data/openpgp-invalid9.pub differ diff --git a/tests/cert-tests/data/openssl-3des.p8 b/tests/cert-tests/data/openssl-3des.p8 new file mode 100644 index 0000000..4fdca7f --- /dev/null +++ b/tests/cert-tests/data/openssl-3des.p8 @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI74Maa7sl7SwCAggA +MBQGCCqGSIb3DQMHBAiR/iOu5enQugSCAoAS8YqajT0ONExxCTJHFp0jnsGwC+mK +jEJF5lJoGxKv3fXyrN3RRz57ka5R47dDF5cFy2qVY60xX6TxYzr4xsSrCpYyWtvM +EGqWrfamAk6cy/yC7J6PENfR0VZCrRPZjmX9zquuu8Xy/ucFGV+vkuttKW9kBBT+ +XBPgPAXuR60b5ZEZ7XY8FfiILxMjKsm0dklb119vebvr4RjZ3sIt1iELnyjr22Hp +/L7PLJ4yAzPJzvn3i8pIBMG8bWEisvbagWZlnMRX3y33uOJJu2UU0bCzBoQxHTSY +C9KeToPfYDCFwiG5BKqj8+vLWSqH5jWBJf5h8ZJzEYifY0QJTuZDpEMVJ7qkaBLg +7jJ3I2H3sr6S95bYz+azH9ypQYB4tQH9+RXoBvWOvcnSiW52iZBiBdA7N4X6AcNs +l0IVPSA2dif29wAMWfOAOsgHSKmaWKeOhQsqZlYd0pcSMfFL35EZoSeheBQgly6L ++usuT/3PkhXr06G5fUKxi8nuM1qTnO52TJpX+XPduJ/Shc9tGZsI/YuXzjqAbXID +iRDuh5YJ2dfIbOqAz1UglsBsOoTcahjwlkcf3clniS0iTq4VcMmrxv0hGrE+EKsb +/i8SmNZxL6TbYxwzl8Xd3O/7CvzZhjtVWJcgK8cBecEXaRwwAUKPQHAC6K6Q9lmm +5woEQ+QWvwEn5JbKXkLoQpcjrFcdC9MrIedvvwrGdm6FmW2D0UXQkWxQrE9pQDtA +24V5gSI4yBqyVSNU4HS5Vva5bAjnyoxSGM6flqFFx+cInrC1YB6Xhp6hsi7gwlKP +jhPSj6dYTgkCdS83ulNeQeuM5HE9mcEoeNtA8EK3J6s4KkGyA+4Gw0Jm +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/openssl-3des.p8.txt b/tests/cert-tests/data/openssl-3des.p8.txt new file mode 100644 index 0000000..b2f20fa --- /dev/null +++ b/tests/cert-tests/data/openssl-3des.p8.txt @@ -0,0 +1,7 @@ +PKCS #8 information: + Cipher: 3DES-CBC + Schema: PBES2-3DES-CBC (1.2.840.113549.3.7) + Salt: ef831a6bbb25ed2c + Salt size: 8 + Iteration count: 2048 + diff --git a/tests/cert-tests/data/openssl-aes128.p8 b/tests/cert-tests/data/openssl-aes128.p8 new file mode 100644 index 0000000..b138daa --- /dev/null +++ b/tests/cert-tests/data/openssl-aes128.p8 @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICzzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIL+FZy8sFCGcCAggA +MB0GCWCGSAFlAwQBAgQQNC7dlN7aA9H4Y+Prjc39dQSCAoCR4ka+Lp4AT9To4wlz +4YEVcyRvhunU/kPLIxknIjDZv3FLBLNnEZA9cLH9yxYu8rGkwdFqyrurKo5s57YT +cl7z8xnt/mZttn3muJXYyRs84qQEphbqQuKZZNVZitqawmE7A9UERsnFN1oxffQx +v0hqwJc0qu8j1grTkY/HqvKSyR0aBwA9fGBS0imDnCyLVAjBSPBrENc4q61GwDu9 +jjJTu7kz3N7nHfnHjAiOvdmBcGKHiruPGiXAQROGmG2cT1N6cZdrYjYjZ6C0s993 +YXLcCBSkQraZPA5kYnOumHviDES/Bp5qG2LMkY8i6eirHbiSvA3G2w54AmwpeUEU +0JRjtMCvbPw4cEshLCCKRhKXdjGDggCXZp1MJsVRU49aVc/j+WekQiLk6i23+dSR +kiWqc8DR97IwPNMnDBvKvT3PBAspE+kZDXb5V+nozOyoiua298UwGkG/Xq2hbHqY +8at6JG/vmf4OXN7XFUGFhHB/tToK1J31RZu9Woi9FC7n4u1pEfd4s5ciI+JheH6R +cpyAxEnPx3SXoetGSXhbT/HhG4/JXq2EApamBLqdYmnFSFURGkzgEiENqAmOT9QV +GlthuZOPGqVGPKXV02bmlBUSt3CoxM1zW0kUgjkKDiusF8Ycj8qdXiDPIEJ2N9mj +X9zsneio14Qq+Rwq6slfqUci2aV9jjA9Nrm2V1J2cof0Jit1xedGbuqtRNup9nYF +oGPvzubfl2KQ3jvSAqrvS5lj0FJErcey/3w+t7NBzn0aN/QDZUxnw9w+8QbZHxcC +RGLmjrVPSunpuinB3nPOAey/6HxQ2ugZZuHX7EkgzUbIsG/ILuinCqZBPHRtIeHh +Id06 +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/openssl-aes128.p8.txt b/tests/cert-tests/data/openssl-aes128.p8.txt new file mode 100644 index 0000000..a7fa89c --- /dev/null +++ b/tests/cert-tests/data/openssl-aes128.p8.txt @@ -0,0 +1,7 @@ +PKCS #8 information: + Cipher: AES-128-CBC + Schema: PBES2-AES128-CBC (2.16.840.1.101.3.4.1.2) + Salt: 2fe159cbcb050867 + Salt size: 8 + Iteration count: 2048 + diff --git a/tests/cert-tests/data/openssl-aes256.p8 b/tests/cert-tests/data/openssl-aes256.p8 new file mode 100644 index 0000000..7365395 --- /dev/null +++ b/tests/cert-tests/data/openssl-aes256.p8 @@ -0,0 +1,18 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICzzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIiup1leqIYL0CAggA +MB0GCWCGSAFlAwQBKgQQ7B20TiMFCbS9lAIOWDrz7gSCAoAxOlP1fSvar8ZuFlRG +wuub8W9tOkTqUf79r2f2CR72N3o63yIxt1bjxBzF+w0hjLK+4O/Ph09NR9ml2cPo +1AOXNfEzBDx0SYg04XTS9r96o+nQOZmMPbk1xBHmp3UU3FoAYdrBPSEOh73gN0IJ +X72YVhNPGCZa7Aw9ngMZ4p8fMSeOghviOOUoUefr5k18ySHRzhJT947CFziF3qro +w/O+Ze0DG6fbEQawb+5Knlk2fMxO8YldsO7cux0/fFOJ05snj4RCqI3ffPAUSE+A +lx1aVRQDHzuZtaR1uMpIxrwoj2feu0X19TLXFQwRJcR7vQ5/2sWc1KaHOdlinfrC +AIMWunqgS7O2Va4etY7NqqSzh28FeNAle4KGW2a4HEWgEhh2ASe/8eFTgl0MzWu4 +9bWL6SuL5TpaGJsxszp0ua6hazU33V3VSvYl1B4NNTQMB3G9dkASfocW3E6bu0Eh +nXvw1utWZsnA3pxmsOwhipwP3yIwfyCuVcpkq15XNDDKOy3SvGNsurZW5xaj1cUs +tqFtxjpKFcgniP16DV9st2HeeqpjOPTSUFgYAtJ+mORn+h1JgW7bh5AMr5h6Ol/7 +ewxUDHXH7uwMeESPE2TJa478Ayq0eSmcJKgVfzy2u1d2cNSaDGlj4B74HBaAc4j+ +MJ0ELepFKrbalIvicQNt+O1E0D9GoJVVMAnKzAFZd1s6tX5rZLOWeMIfHKeYjzQ/ +zIsKimsejvwgxfNe7IhsAjHQs9FaJ6Hq7FcMaV+vFaIcCt1SAdLJYA49qkYhE1Qf +z2J64iP5TY5MJqbQ3X0fd5/cgRvoy8x2B58rDAF6F/5JTue+5vREd9qGjwA4KliR ++pQQ +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/openssl-aes256.p8.txt b/tests/cert-tests/data/openssl-aes256.p8.txt new file mode 100644 index 0000000..5a1d380 --- /dev/null +++ b/tests/cert-tests/data/openssl-aes256.p8.txt @@ -0,0 +1,7 @@ +PKCS #8 information: + Cipher: AES-256-CBC + Schema: PBES2-AES256-CBC (2.16.840.1.101.3.4.1.42) + Salt: 8aea7595ea8860bd + Salt size: 8 + Iteration count: 2048 + diff --git a/tests/cert-tests/data/openssl-invalid-time-format.pem b/tests/cert-tests/data/openssl-invalid-time-format.pem new file mode 100644 index 0000000..7a55b47 --- /dev/null +++ b/tests/cert-tests/data/openssl-invalid-time-format.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDyjCCArKgAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxFjAUBgNVBAoT +DWlpb3JkYW5vdi5jb20xIjAgBgNVBAMTGW92aXJ0Lmlpb3JkYW5vdi5jb20uNzE5NzUwIhcRMTQw +NjE2MjIxMTA1KzAwMDAXDTI0MDYxNDIyMTEwNVowSTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDWlp +b3JkYW5vdi5jb20xIjAgBgNVBAMTGW92aXJ0Lmlpb3JkYW5vdi5jb20uNzE5NzUwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1gS9aSehHWenPdIAayB8eovfVe3h9vqwlTzfOZaiJK56f +P1shhwu/shML9g9xADBtJ2MyXhgY+V20mJ2oOivqotTeIcHc0vs5fJcBuwWXxFt8ISDkFXhnsX+9 +8MP1Fhc3PEIxlhMitFK7+7d6JxSd6lQsIgeruyf2A+aSLD02QUpNdnhxJ48FMncJUrFycTDZtnb2 +REJWgl1cRa8MMtiLKoMYdC+t3P9Am27vOpRmh0U6rB4qym1wYj9JbEES4mbS/u1JQgKv+AXgS1QD +5ZFpTXPDeOs2QPJtrwD2nu5Sd2aCMAv8MHqeR8nfaixkpKC4JxF6fnR+Ynn4wzKOdpOhAgMBAAGj +gbcwgbQwHQYDVR0OBBYEFEhIahZoIh8Wzfpi/nbPJ81SQwFkMHIGA1UdIwRrMGmAFEhIahZoIh8W +zfpi/nbPJ81SQwFkoU2kSzBJMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNaWlvcmRhbm92LmNvbTEi +MCAGA1UEAxMZb3ZpcnQuaWlvcmRhbm92LmNvbS43MTk3NYICEAAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAAYMFGll2Ib7wpitipon6S9C25A8fnx7 +wLXKY3fUBJmtpLxTjSZfPbhmNkCvwGbmjG78AFbl+dY1+PDmEK1w2DgNWw2I9WcY4ULJoINo3YZv +p2s53iYW3U+Syz+WLrIW0om5bM1Y0fw8KbuAuWsJzJfbd1hMGeMV6axKx7FbECuN0a02sCo2kIxk +ckg/aGgshQ4EkqP79j7O25WaZdcBZDpYsqSDvcG6Oy4qM3dde/EBZiflPu4mvIwL15ilGXfO/zPk +p49fcKm5YE8LC9PvsS+NSnD9avxRQq8bY4an2FUxoh5mSh+UY2rpd9yX7WCBtZ9TwHkkaeNehgRz +7crbZrA= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/openssl-key-ecc.p8 b/tests/cert-tests/data/openssl-key-ecc.p8 new file mode 100644 index 0000000..4fc966f --- /dev/null +++ b/tests/cert-tests/data/openssl-key-ecc.p8 @@ -0,0 +1,8 @@ +-----BEGIN PRIVATE KEY----- +MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIBVy6SYAmhmSrS0E/0 +xhNiUAEFOz9dtEv0PTzP6H5aGBBBGOFi6304ubHZC95yWW/yXPPG9P81DLZFRePd +JPNM3T+hgYkDgYYABAG3MNeg0jYQ0CNREIKTMo8v1AICBp25hpMK9UTFnUD6frEo +jSfm1WR+ItaEDmP9pGOmIqOuSlBIIKGnMFj4Ye5MDACHdTwTV0K7uJ/Ls4j+yNKX +8ATcC2dvM7+ihkHf/uZxP7N18bDVcfmJAJzZvu6/XiRI09XhXxd0fQ9RTh2IZeKz +EQ== +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/openssl-keyid.p7b b/tests/cert-tests/data/openssl-keyid.p7b new file mode 100644 index 0000000..8561475 Binary files /dev/null and b/tests/cert-tests/data/openssl-keyid.p7b differ diff --git a/tests/cert-tests/data/openssl-keyid.p7b.out b/tests/cert-tests/data/openssl-keyid.p7b.out new file mode 100644 index 0000000..de622ea --- /dev/null +++ b/tests/cert-tests/data/openssl-keyid.p7b.out @@ -0,0 +1,103 @@ +Signers: + Signer's issuer key ID: 7607584ceab529f52d80068c834a820d09ec93de + Signature Algorithm: RSA-SHA256 + Signed Attributes: + smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 + messageDigest: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4 + signingTime: 170d3136313132343135353132375a + contentType: 06092a864886f70d010701 + +Number of certificates: 2 + +-----BEGIN CERTIFICATE----- +MIICpjCCAV6gAwIBAgIIU2YrORG+GMswDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNDA1MDQxMTU3NDZaGA85OTk5MTIzMTIz +NTk1OVowFDESMBAGA1UEAxMJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0D +AQcDQgAETFRGsIIwLwgWt58j/8+6BQ2LbRhYrEa50J6rcnb3yAs7129txJf7DYgz +vRfi/kOLSJlgJFectyVucUo/A2TcsaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1Ud +EQQNMAuCCWxvY2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E +BQMDB4AAMB0GA1UdDgQWBBS+9gDGJGtg6rX4E8ml1eDJKdXXMzAfBgNVHSMEGDAW +gBRNVrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAY82vpv/M +eEflAONp+MUZR6DXCpWVXMeIHAoqlxx+wA69Pf+avBcO2bgw3oRfE6ejxKM/AU9I +u4rSWU8Xa5nX1yb3+/urj3lFHGxG00qzOXDiQBICYMrpbtsTyCRGOKtKvM7/PC2Z +3FP1wi1COqi2PU0cHX3zOInA3suQAFpauKU8dtcdYOkSMSuM06Cga2cX6K1Qh8ok +dP1O7SEQwXBZfiudiw7LA+zldcgetKofgZMbjXevloO9A+xoTeUafjJ4hQ00vGDi +3C9DQh3lZtJFqoaEQbMxqcgvpnnGort+CIRDFLy5MMqkRlH6QPQJrAPgvM4ss7RV +xyBP6KzElYFrSxwCErekGmlp8X2XVbRTQJUQOiPpQ9Nitwev4PaBR5NVHuEKZKpi +HYvq+scVoI+I4A== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H +bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x +LTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC +AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D +hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh +ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq +58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB +VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03 +U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L +xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC +AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT +BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2 +B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T +AQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH +gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3 +LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE +/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD +5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h +h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc +w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg== +-----END CERTIFICATE----- + +-----BEGIN PKCS7----- +MIIJDwYJKoZIhvcNAQcCoIIJADCCCPwCAQMxDTALBglghkgBZQMEAgEwKgYJKoZI +hvcNAQcBoB0EG0hlbGxvIHRoZXJlLiBIb3cgYXJlIHlvdT8NCqCCBmIwggKmMIIB +XqADAgECAghTZis5Eb4YyzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAiGA8yMDE0MDUwNDExNTc0NloYDzk5OTkxMjMxMjM1OTU5WjAU +MRIwEAYDVQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARM +VEawgjAvCBa3nyP/z7oFDYttGFisRrnQnqtydvfICzvXb23El/sNiDO9F+L+Q4tI +mWAkV5y3JW5xSj8DZNyxo4GNMIGKMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJ +bG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHgAAw +HQYDVR0OBBYEFL72AMYka2DqtfgTyaXV4Mkp1dczMB8GA1UdIwQYMBaAFE1Wt2oA +WPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQBjza+m/8x4R+UA42n4 +xRlHoNcKlZVcx4gcCiqXHH7ADr09/5q8Fw7ZuDDehF8Tp6PEoz8BT0i7itJZTxdr +mdfXJvf7+6uPeUUcbEbTSrM5cOJAEgJgyulu2xPIJEY4q0q8zv88LZncU/XCLUI6 +qLY9TRwdffM4icDey5AAWlq4pTx21x1g6RIxK4zToKBrZxforVCHyiR0/U7tIRDB +cFl+K52LDssD7OV1yB60qh+BkxuNd6+Wg70D7GhN5Rp+MniFDTS8YOLcL0NCHeVm +0kWqhoRBszGpyC+mecaiu34IhEMUvLkwyqRGUfpA9AmsA+C8ziyztFXHIE/orMSV +gWtLHAISt6QaaWnxfZdVtFNAlRA6I+lD02K3B6/g9oFHk1Ue4QpkqmIdi+r6xxWg +j4jgMIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQD +Ew5HbnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBa +MC8xLTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRl +KTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTY +vO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1 +F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJs +HDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVi +m5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZ +BZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7euj +bZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5 +qnUCAwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9z +dDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQW +BBR2B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVV +G45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUM +Y8nHgMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB +90R3LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSr +GATE/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1I +Z+ZD5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xx +Jl1hh8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqIC +FpRcw075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXjGCAlQw +ggJQAgEDgBR2B1hM6rUp9S2ABoyDSoINCeyT3jALBglghkgBZQMEAgGggeQwGAYJ +KoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYxMTI0MTU1 +MTI3WjAvBgkqhkiG9w0BCQQxIgQgcovlH3tj3Pc/KLqA0nfOR/jPWnWgLU5ncOGb +qlenZ6QweQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEW +MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZI +hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAE +ggEwZipmEe80zsCiguPQfFwXZCge06TvncC/R8vkk6BV2crwrdVbvvw0XKtRs0Wx +ixxQdBqz3urp1ZLt3ds9RCGrS0GVC+rMZH0gOkGAhvX1Y8tnfz3Bu9DbcHhkiz58 +El8eKmqpOUuxhy8MDHNULNKyqAfcnyvWpPPW/4HGgxvkvzfvUOYAPBxP61moey8E +ILN/+3IWc4WpAGoZsX0gwyOwWRLM47a7XejUOFZbWrwwp1mFigHGx6VoSedigqX0 +J/Fx0sIJPddTyIeIpZRvk73qz2zK/fHPC7Fl1s4ZXA/yi2DxjSM1X4YA+3HZvAq4 +Ma+HEAPAEajgZVl5b2Lq8+brb2hIIszdcYTNqxqhFAgOjTIF5ulz5hILV0o8uEx8 +VZUL/6DDsLaSE8OVo0aHALHXzg== +-----END PKCS7----- diff --git a/tests/cert-tests/data/openssl.p12 b/tests/cert-tests/data/openssl.p12 new file mode 100644 index 0000000..b791588 Binary files /dev/null and b/tests/cert-tests/data/openssl.p12 differ diff --git a/tests/cert-tests/data/openssl.p7b b/tests/cert-tests/data/openssl.p7b new file mode 100644 index 0000000..9506d8b Binary files /dev/null and b/tests/cert-tests/data/openssl.p7b differ diff --git a/tests/cert-tests/data/openssl.p7b.out b/tests/cert-tests/data/openssl.p7b.out new file mode 100644 index 0000000..6d2e69d --- /dev/null +++ b/tests/cert-tests/data/openssl.p7b.out @@ -0,0 +1,93 @@ +Signers: + Signer's issuer DN: CN=GnuTLS Test CA + Signer's serial: 5838027a15510d5a + Signature Algorithm: ECDSA-SHA256 + Signed Attributes: + smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 + messageDigest: 0420728be51f7b63dcf73f28ba80d277ce47f8cf5a75a02d4e6770e19baa57a767a4 + signingTime: 170d3136313132353039333233305a + contentType: 06092a864886f70d010701 + +Number of certificates: 2 + +-----BEGIN CERTIFICATE----- +MIICejCCATKgAwIBAgIIWDgCehVRDVowDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIBcNMTYxMTI1MDkyMDU5WhgPOTk5OTEyMzEyMzU5 +NTlaMBcxFTATBgNVBAMTDFNpZ25pbmcgY2VydDBZMBMGByqGSM49AgEGCCqGSM49 +AwEHA0IABExURrCCMC8IFrefI//PugUNi20YWKxGudCeq3J298gLO9dvbcSX+w2I +M70X4v5Di0iZYCRXnLclbnFKPwNk3LGjYTBfMAwGA1UdEwEB/wQCMAAwDwYDVR0P +AQH/BAUDAweAADAdBgNVHQ4EFgQUvvYAxiRrYOq1+BPJpdXgySnV1zMwHwYDVR0j +BBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQADggExAGRN +PybhFeWRXUFteKH3pUpCIS/qWQHIcmHiSIw4S8Nh26pEleH5Ni99wf/DvYheONy4 +044YdIlDLFyXD5Ny469aEPkQm4VmgM+o7mG2dwg4om8KRTFL8G6JmVmT48s/1lD8 +sWzvz8gAegyPDh+CaPbO9XaLrFVhDdpO/IORPeMtvkVQY/Z1tVO3JgXvkAdrdJkK +uF8LFcVwHvjZIVoNdkk5J+VrKP0nWcmlEkLsL+OHUmf2drQneJ2fPsdjGGn9Vj0d +9l/mn/9dtEEMGasPJhj4y7oVJ7CC8Qu4ksFng5dW6x5bmVZpn15ruzJc21SkEWPU +D4N6LsdWC2+w4k2o3fV3b+FlHvswlAsgU0eMq9WHnVbSdWSsEUgGk8E8nhTLdQ82 +DUgMweNWlGd7k/VI06w= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV +BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB +OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL +dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb +HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08 +WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3 +F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3 +a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe +oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/ +MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P +MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH +VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc +4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s +V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK +VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u +f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv +ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k +-----END CERTIFICATE----- + +-----BEGIN PKCS7----- +MIIHogYJKoZIhvcNAQcCoIIHkzCCB48CAQExDTALBglghkgBZQMEAgEwKgYJKoZI +hvcNAQcBoB0EG0hlbGxvIHRoZXJlLiBIb3cgYXJlIHlvdT8NCqCCBdIwggJ6MIIB +MqADAgECAghYOAJ6FVENWjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAgFw0xNjExMjUwOTIwNTlaGA85OTk5MTIzMTIzNTk1OVowFzEV +MBMGA1UEAxMMU2lnbmluZyBjZXJ0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +TFRGsIIwLwgWt58j/8+6BQ2LbRhYrEa50J6rcnb3yAs7129txJf7DYgzvRfi/kOL +SJlgJFectyVucUo/A2TcsaNhMF8wDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMD +B4AAMB0GA1UdDgQWBBS+9gDGJGtg6rX4E8ml1eDJKdXXMzAfBgNVHSMEGDAWgBRN +VrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAZE0/JuEV5ZFd +QW14ofelSkIhL+pZAchyYeJIjDhLw2HbqkSV4fk2L33B/8O9iF443LjTjhh0iUMs +XJcPk3Ljr1oQ+RCbhWaAz6juYbZ3CDiibwpFMUvwbomZWZPjyz/WUPyxbO/PyAB6 +DI8OH4Jo9s71dousVWEN2k78g5E94y2+RVBj9nW1U7cmBe+QB2t0mQq4XwsVxXAe ++NkhWg12STkn5Wso/SdZyaUSQuwv44dSZ/Z2tCd4nZ8+x2MYaf1WPR32X+af/120 +QQwZqw8mGPjLuhUnsILxC7iSwWeDl1brHluZVmmfXmu7MlzbVKQRY9QPg3oux1YL +b7DiTajd9Xdv4WUe+zCUCyBTR4yr1YedVtJ1ZKwRSAaTwTyeFMt1DzYNSAzB41aU +Z3uT9UjTrDCCA1AwggIIoAMCAQICAQAwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwHhcNMTEwNTI4MDgzNjMwWhcNMzgxMDEyMDgzNjMz +WjAZMRcwFQYDVQQDEw5HbnVUTFMgVGVzdCBDQTCCAVIwDQYJKoZIhvcNAQEBBQAD +ggE/ADCCAToCggExAJzkQrF9bp5f/38tnddOeF3biIP9wqlQWk9x3GuuUhKA8IdC +oj7UKDoGS3SmNnKGxrP6I2LTo3LNCp5T2HZrYxIelhIbiVPeb+E0HQuDizIhOeni +BqtudoWQGx6Ey/OENeA8UFhrs0CvN9Ippe328NlnCHEUPLxRrPEs318Ot/jCOhau +ojAECKj9PFsxpkUcy+cLwoj4QlZKz5sG16AAbm+gALGMFjyQfdTPf5ceYBR+ZPf4 +j34t7NioNxfDDnKaahWI8Q0p7H4s+njIdfm2FSAKN+u7xlWB4oFzBGQthXs5cCB2 +mc6RKBZWN2uyxSdNMq40PddK/FBPghDE2MxONA9KJQjKOxQPUQo3jt21CKGGiHVU +1BlhBh1knqMRnovRpJurvgEo/H/otI8XQ9ql7HsCAwEAAaNDMEEwDwYDVR0TAQH/ +BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRNVrdqAFjxZ5L0pnVV +G45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAHrDoIxhYtczmKQPzd4JFFUXARw8Z +je4NsjnKh1X4RXPnuM4TnoUddVgrdkYMzZZ2FZlecwZkAXUwLfD6PzFYSwg1tQVC +x5S7y9AxXOLAdUZXBnkHAikGuG/kPVVn+H+k37hFmUAuY+bLYl41YDqqzjK8ymdn +ilgOCbC/bFfuwDUmRPoTrdV9ZgPJqMqnveVNhHIofpxSUlkgXdVhYhM1Z17+BVVj +12x/RxEQylW2rI6H1lpkDtWJUD4rIS4JtSG8KjpDpOLA4KC7lGeBoD9Aw3jehJkQ +zswcq7/vbn+OQZfSEH+CCTTy1PZRKo8jDsnak+pAYu341eSArkGeBHlSbDhrl+z6 +jcqA8yRy733q0XzS6+nkEh0sQYUtHFcg42+YAmsCuru8U1Pm+8YpBInvZDGCAXcw +ggFzAgEBMCUwGTEXMBUGA1UEAxMOR251VExTIFRlc3QgQ0ECCFg4AnoVUQ1aMAsG +CWCGSAFlAwQCAaCB5DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3 +DQEJBTEPFw0xNjExMjUwOTMyMzBaMC8GCSqGSIb3DQEJBDEiBCByi+Ufe2Pc9z8o +uoDSd85H+M9adaAtTmdw4ZuqV6dnpDB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFl +AwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqG +SIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB +KDAKBggqhkjOPQQDAgRHMEUCIHwo+5MOxoznE73+I4XdD1Nm/3yJ9RRapS1ie5b2 +moBYAiEAt1jLVaEosn+jdpoWY49YdlqBN+ot/nvj1eq0bJyO2uk= +-----END PKCS7----- diff --git a/tests/cert-tests/data/p7-combined.out b/tests/cert-tests/data/p7-combined.out new file mode 100644 index 0000000..0b1fcad --- /dev/null +++ b/tests/cert-tests/data/p7-combined.out @@ -0,0 +1,82 @@ +-----BEGIN PKCS7----- +MIIO0gYJKoZIhvcNAQcCoIIOwzCCDr8CAQExADALBgkqhkiG9w0BBwWggg6nMIIB ++jCCAaGgAwIBAgIETd4LiTAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G +A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y +aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0 +ZSBhdXRob3JpdHkwHhcNMTEwNTI2MDgxMjU4WhcNMTIxMjI0MTkxNjI5WjAhMQsw +CQYDVQQGEwJCRTESMBAGA1UEAxMJbG9jYWxob3N0ME4wEAYHKoZIzj0CAQYFK4EE +ACEDOgAEajvYx+4zlK+ML3N97kxGydOZ09wqD7YwOvRqLEt6lYUymIwd7RpGEjz2 +W69GUXtw8vMbZmULNjyjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYB +BQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUm+S0YAc8Me/osocfUaYG +4uYxpwkwHwYDVR0jBBgwFoAU8LSB/pgSv7UouWRAA8vMH2ZOKAMwCgYIKoZIzj0E +AwIDRwAwRAIgTqvgggIh57TVhSKXRie+XDhndnCUeNTE7qx2VO5CgfACIAwAOLnO +Yanr1sWQVKxSACU1wnNZ6UsuWSMr/uDlKJfZMIIC4DCCAoagAwIBAgIBBzAKBggq +hkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0GA1UEChMGR251VExTMSUwIwYDVQQL +ExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4x +JTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3JpdHkwIhgPMjAxMjA5 +MDEwOTIyMzZaGA8yMDE5MTAwNTA5MjIzNlowgbgxCzAJBgNVBAYTAkdSMRIwEAYD +VQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMQ8wDQYDVQQI +EwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixkAQET +B2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZI +hvcNAQkBFg1ub25lQG5vbmUub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE +PBVvHUg+ZFkTLG0EGjgNMFzkP1XL2RcVRnJxksH4xjM9BC7IwQ/AUAR7n8lItUD6 +b5OCWWFeclfLgwa9zIKUwaOBtjCBszAMBgNVHRMBAf8EAjAAMD0GA1UdEQQ2MDSC +DHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IJbG9jYWxob3N0hwTA +qAEBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0O +BBYEFKz6R2fGG0F5Elf3rAXBUOKO0A5bMB8GA1UdIwQYMBaAFPC0gf6YEr+1KLlk +QAPLzB9mTigDMAoGCCqGSM49BAMCA0gAMEUCICgq4CTInkRQ1DaFoI8wmu2KP844 +5NWRXKouag2WJSFzAiEAx4KxaoZJNVfBBSc4bA9XTz/2OnpgAZutUohNNb/tmREw +ggL+MIICo6ADAgECAgEHMAoGCCqGSM49BAMCMH0xCzAJBgNVBAYTAkJFMQ8wDQYD +VQQKEwZHbnVUTFMxJTAjBgNVBAsTHEdudVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3Jp +dHkxDzANBgNVBAgTBkxldXZlbjElMCMGA1UEAxMcR251VExTIGNlcnRpZmljYXRl +IGF1dGhvcml0eTAiGA8yMDEyMDkwMTA5MjIzMVoYDzIwMTkxMDA1MDkyMjMxWjCB +uDELMAkGA1UEBhMCR1IxEjAQBgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xl +ZXBpbmcgZGVwdC4xDzANBgNVBAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1 +cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYD +VQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQF0WntVb9rDAsepo5PqrOto7XZJhI+8he7/hHSgEDK +BqaAfX/Se5b9ko1Bh+aI+2cuJyQ+lUZpEG+hMTICrznwWa5MIUTYp+3T8Sf4OmTq +Z3rJ37sSqrO1y9jYbDjM83CjgbYwgbMwDAYDVR0TAQH/BAIwADA9BgNVHREENjA0 +ggx3d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5vcmeCCWxvY2FsaG9zdIcE +wKgBATATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1Ud +DgQWBBRHosKrcZuKKXhdGSBvqB1KyTBAhDAfBgNVHSMEGDAWgBTwtIH+mBK/tSi5 +ZEADy8wfZk4oAzAKBggqhkjOPQQDAgNJADBGAiEAvgWY0KCdQSeR8kDKw4sClVNs +5hcfV2cnqPcUrExcz6MCIQC1xZZXvKq+KHPGm1R1YxyDWS5lqd/1Ue5aZQy5Rxw2 +eTCCAyQwggLJoAMCAQICAQcwCgYIKoZIzj0EAwIwfTELMAkGA1UEBhMCQkUxDzAN +BgNVBAoTBkdudVRMUzElMCMGA1UECxMcR251VExTIGNlcnRpZmljYXRlIGF1dGhv +cml0eTEPMA0GA1UECBMGTGV1dmVuMSUwIwYDVQQDExxHbnVUTFMgY2VydGlmaWNh +dGUgYXV0aG9yaXR5MCIYDzIwMTIwOTAxMDkyMjI0WhgPMjAxOTEwMDUwOTIyMjRa +MIG4MQswCQYDVQQGEwJHUjESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEPMA0GA1UECBMGQXR0aWtpMRUwEwYDVQQDEwxDaW5keSBM +YXVwZXIxFzAVBgoJkiaJk/IsZAEBEwdjbGF1cGVyMQwwCgYDVQQMEwNEci4xDzAN +BgNVBEETBmphY2thbDEcMBoGCSqGSIb3DQEJARYNbm9uZUBub25lLm9yZzCBmzAQ +BgcqhkjOPQIBBgUrgQQAIwOBhgAEAKGqQPWy0B0IiPFdpiM7PbKvNFUeBQQdEwTk +sRqgThNxUsxwHo0JCCnP9aVtL9MCr2qWDKv0a34TycT5I0z7c7VLAJFP//RNP2qB +FlQukan/lV98CIXu/kUvCV3QYfUjNPmfTAkVIjPCvajzLaTYAdpLO0+QRhR0jJTS +pri1tWoFj8uQo4G2MIGzMAwGA1UdEwEB/wQCMAAwPQYDVR0RBDYwNIIMd3d3Lm5v +bmUub3JnghN3d3cubW9yZXRoYW5vbmUub3Jngglsb2NhbGhvc3SHBMCoAQEwEwYD +VR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQU2oCj +FpGMqkyZP0UY4PvoKs+sV+swHwYDVR0jBBgwFoAU8LSB/pgSv7UouWRAA8vMH2ZO +KAMwCgYIKoZIzj0EAwIDSQAwRgIhAKI/2QffHBvxWgO1VVPkevk094nBfg3uta34 +pkeN1TJVAiEAl4xvYEadMfv/LwkS9P569Gt9kkT67ilQ6mx5zYlnIbIwggOXMIIC +T6ADAgECAgRNp1QhMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAkJFMQ8wDQYD +VQQKEwZHbnVUTFMxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0xMTA0MTQyMDA4MDJa +Fw0zODA4MjkyMDA4MDRaMDIxCzAJBgNVBAYTAkJFMQ8wDQYDVQQKEwZHbnVUTFMx +EjAQBgNVBAMTCWxvY2FsaG9zdDCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToC +ggExAN3Pl9KlHZXdhhjYxLmtpgy0nbbc+twh4TpiNAfoM7Lol+4sQdIS8V/t5Hb/ +ZSYeDMdBFWlfDfmtiRSN6tcWUppHwbsAAuSIRXN4pK7bOMPGB9JkDoftdIxrxMAC +UHxOptFY6eUTCanbWurrDwaAXAnvlMjp+zcudeGsk62bNxNLZjp2M9jE10z7YciS +IQf836mIVOSjqUfSbLjjOYkRiDgtotw+XkqppI7VH7LQ3UE82hBonkcbZQKixShz +AoMDCf31KX6X3CpOS6p5RkZwhhubuPaKvimHfV/apZdr78hDCUPiH4oWfh1QXfXa +Au7ywypI5msw6gLX76yLDLjBhdi/fIWoHoO+XCYueXtH9Uo/ZmKS/UEgtiwA8FLK +JgYtfM96UH0Py92XIMhv5OBQ9OMCAwEAAaNVMFMwDAYDVR0TAQH/BAIwADATBgNV +HSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBSSU9Zx +ufhoqrNT9o31OUVmnKflMTANBgkqhkiG9w0BAQsFAAOCATEAmL9IicHm5hUTzPy6 +7aCJ5YZFMHNosnkfiAKA+y3JuCFVjcW3VhvPw3bu0PDZIjpjksUEhnAeQjMqO8QU +CMVCknN8PjnA7jTHMxZfk67PH5owCVH+LZScKK0qfuQUgUVrDdcRIfzbJxd0tMyU +Gm6ee1ip4AaN2l9g4bhvKGi2WL7FrDZHN/aoOHQjgfMivmH/CAiH68KPKSV1XUzr +1Qkoq3uZ+WkIosYC0i7N+vEZzj9EaqFLqFbVEa5E42gFUFeNcg/HIduPo1B4XVo5 +y5A9UkMzv+qJBxqSzIUnqD00uFtS7u8gubb/6sWQ00fFUZDi5j5SuR55GL794iS+ +RzJasANrqtvD2/ZgRAi2LBlHovBDf/AHl1er7KC4aknOCObDTfKk6bhD5/CE1xpy +FF2CGjEA +-----END PKCS7----- diff --git a/tests/cert-tests/data/p8key-illegal.pem b/tests/cert-tests/data/p8key-illegal.pem new file mode 100644 index 0000000..a247c3c --- /dev/null +++ b/tests/cert-tests/data/p8key-illegal.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICojAcBgoqhkiG9w0BDAEDMA4ECDxZ1/EW+8XWAgIUYASCAoBR6R3Z341vSRvs +/LMErKcKkAQ3THTZBpmYgR2mrJUjJBivzOuRTCRpgtjuQ4ht2Q7KV943mJXsqAFI +Jly5fuVQ5YmRGLW+LE5sv+AGwmsii/PvGfGa9al56tHLDSeXV2VH4fly45bQ7ipr +PZBiEgBToF/jqDFWleH2GTCnSLpc4B2cKkMO2c5RYrCCGNRK/jr1xVUDVzeiXZwE +dbdDaV2UG/Oeo7F48UmvuWgS9YSFSUJ4fKG1KLlAQMKtAQKX+B4oL6Jbeb1jwSCX +Q1H9hHXHTXbPGaIncPugotZNArwwrhesTszFE4NFMbg3QNKL1fabJJFIcOYIktwL +7HG3pSiU2rqUZgS59OMJgL4jJm1lipo8ruNIl/YCpZTombOAV2Wbvq/I0SbRRXbX +12lco8bQO1dgSkhhe58Vrs+ChaNajtNi8SjLS+Pi1tYYAVQjcQdxCGh4q8aZUhDv +5yRp/TUOMaZqkY6YzRAlERb9jzVeh97EsOURzLu8pQgVjcNDOUAZF67KSqlSGMh7 +PdqknM/j8KaWmVMAUn4+PuWohkyjd1/1QhCnEtFZ1lbIfWrKXV76U7zyy0OTvFKw +qemHUbryOJu0dQHziWmdtJpS7abSuhoMnrByZD+jDfQoSX7BzmdmCQGinltITYY1 +3iChqWC7jY02CiKZqTcdwkImvmDtDYOBr0uQSgBa4eh7nYmmcpdY4I6V5qAdo30w +oXNEMqM53Syx36Fp70/Vmy0KmK8+2T4UgxGVJEgTDsEhiwJtTXxdzgxc5npbTePa +abhFyIXIpqoUYZ9GPU8UjNEuF//wPY6klBp6VP0ixO6RqQKzbwr85EXbzoceBrLo +eng1/Czj +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/pbes1-no-salt.p12 b/tests/cert-tests/data/pbes1-no-salt.p12 new file mode 100644 index 0000000..0124062 Binary files /dev/null and b/tests/cert-tests/data/pbes1-no-salt.p12 differ diff --git a/tests/cert-tests/data/pkcs1-pad-broken.pem b/tests/cert-tests/data/pkcs1-pad-broken.pem new file mode 100644 index 0000000..62cb076 --- /dev/null +++ b/tests/cert-tests/data/pkcs1-pad-broken.pem @@ -0,0 +1,118 @@ +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00:E4:A7:CC:4E:10:C7:61:FF +Subject: C=JP,ST=Tokyo,O=TEST 2 CLIENT,CN=www2.example.jp +Issuer: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 +Signature Algorithm: RSA-SHA +Validity: + Not Before: Thu Sep 7 18:40:37 2006 + Not After: Fri Sep 7 18:40:37 2007 +Subject Public Key Info: + Public Key Algorithm: RSA (1024 bits) +modulus: + bd:2a:59:ea:28:3d:0e:97:8a:07:ad:21:ee:28:b5: + 46:2b:4d:ba:f9:27:e0:83:4e:7c:45:e3:0a:33:d2: + 17:09:88:6c:62:6a:9f:25:af:29:38:8c:2b:38:2e: + 11:89:06:e8:26:40:6e:cc:78:e2:dd:e4:be:c5:43: + 79:47:79:59:90:51:80:ca:1e:41:dd:6d:34:90:54: + e0:15:f1:38:0f:1b:57:37:70:b2:dc:da:3d:e7:ae: + 7d:0b:59:0e:f2:9f:33:87:a3:f9:fa:3f:8f:d9:58: + 1f:db:9d:0a:e8:35:86:e6:8d:c9:b7:02:b6:28:f3: + 1a:89:e4:75:d5:f8:24:45: +public exponent: + 01:00:01: + +X.509 Extensions: + Basic Constraints: + CA:FALSE + Subject Key ID: + 2B:40:D9:B5:DF:0A:D4:FD:A2:8F:D8:15:29:43:5C:1E:5C:7B:B8:22 + Authority Key ID: + DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8 + 2.16.840.1.113730.1.13: + DER Data: 161d4f70656e53534c2047656e657261746564204365727469666963617465 + ASCII: ..OpenSSL Generated Certificate + +Other information: + MD5 Fingerprint: D6:44:CE:F7:04:D3:24:3D:D5:14:54:AE:5D:88:C3:FA + SHA1 Fingerprint: FB:86:09:B7:E3:5C:D5:EF:D3:75:8B:84:82:A4:22:28:B5:16:72:2A + Public Key ID: 05:95:E0:8F:69:A2:59:92:3D:6B:2B:32:0C:88:C7:12:A1:09:16:8F + + +-----BEGIN CERTIFICATE----- +MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV +BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx +LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK +UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV +BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG +6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf +M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV +HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp +Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU +340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK +EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN +BgkqhkiG9w0BAQUFAAOBgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAUKJ+eFJYSvXwGF2wxzDXj+x5YCItrHFmrEy4AXXAW+H0NgJVNvqRY/O +Kw== +-----END CERTIFICATE----- + + + +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00:E4:A7:CC:4E:10:C7:61:FE +Subject: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 +Issuer: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 +Signature Algorithm: RSA-SHA +Validity: + Not Before: Thu Sep 7 18:33:18 2006 + Not After: Sat Oct 7 18:33:18 2006 +Subject Public Key Info: + Public Key Algorithm: RSA (1024 bits) +modulus: + d9:7c:58:e4:3c:36:5e:a2:bc:56:aa:4e:ff:0c:a3: + 36:77:ff:4d:6a:8d:bc:74:ce:93:e6:c6:f9:2f:8d: + 61:0f:90:b5:91:75:7a:30:97:af:e4:02:c0:49:2c: + 6d:23:a3:95:3a:66:4e:e2:07:ee:6e:7b:2f:72:3d: + 0d:4d:93:b8:49:e1:75:c8:bd:6b:54:33:dd:c7:b8: + ee:40:8d:5c:6c:38:86:fc:4c:08:31:6d:bd:50:87: + 63:f6:1d:39:d8:94:e6:11:ba:53:d1:1b:8f:ff:82: + 56:98:05:ab:74:ee:54:13:8d:31:b9:ae:d2:cf:6f: + fa:f8:30:76:66:49:45:a1: +public exponent: + 03: + +X.509 Extensions: + Basic Constraints: + CA:TRUE + Subject Key ID: + DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8 + Authority Key ID: + DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8 + +Other information: + MD5 Fingerprint: CA:33:DC:62:CB:54:8E:59:DD:D2:E8:9D:F6:BA:90:5B + SHA1 Fingerprint: A4:E8:7D:0A:7D:D2:15:10:B0:AE:F7:24:58:F4:BE:AF:80:48:FE:AD + Public Key ID: E5:D1:FC:26:A8:4C:FC:15:59:AD:06:F1:46:D8:40:31:C0:49:4D:1F + + +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV +BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx +LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK +UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd +MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28 +dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r +VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S +z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh +tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV +BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx +LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH +aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK +y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8 +uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/pkcs1-pad-broken2.pem b/tests/cert-tests/data/pkcs1-pad-broken2.pem new file mode 100644 index 0000000..b13cdf5 --- /dev/null +++ b/tests/cert-tests/data/pkcs1-pad-broken2.pem @@ -0,0 +1,39 @@ +X.509 certificate info: + +Version: 1 +Serial Number (hex): 06 +Subject: C=AU,ST=Queensland,O=CryptSoft Pty Ltd,CN=Server test cert (512 bit) +Issuer: C=AU,ST=Queensland,O=CryptSoft Pty Ltd,CN=Server test cert (512 bit) +Signature Algorithm: RSA-SHA +Validity: + Not Before: Tue Sep 12 01:58:55 2006 + Not After: Thu Oct 12 01:58:55 2006 +Subject Public Key Info: + Public Key Algorithm: RSA (512 bits) +modulus: + 9f:b3:c3:84:27:95:ff:12:31:52:0f:15:ef:46:11: + c4:ad:80:e6:36:5b:0f:dd:80:d7:61:8d:e0:fc:72: + 45:09:34:fe:55:66:45:43:4c:68:97:6a:fe:a8:a0: + a5:df:5f:78:ff:ee:d7:64:b8:3f:04:cb:6f:ff:2a: + fe:fe:b9:ed: +public exponent: + 01:00:01: + +Other information: + MD5 Fingerprint: B1:E2:B9:E7:00:7A:3D:29:B9:86:F8:EB:93:2D:B6:EF + SHA1 Fingerprint: 91:8F:41:F0:D0:E9:55:3B:AA:97:4B:93:BA:0D:B6:60:86:B9:5A:84 + Public Key ID: 77:47:AD:43:02:5B:06:6E:B4:EF:29:DB:B2:AA:36:5D:01:7C:68:A1 + + +-----BEGIN CERTIFICATE----- +MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD +VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa +Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs +YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy +IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD +hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u +12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU +DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ +e20sRA== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/pkcs1-pad-broken3.pem b/tests/cert-tests/data/pkcs1-pad-broken3.pem new file mode 100644 index 0000000..9c1d39d --- /dev/null +++ b/tests/cert-tests/data/pkcs1-pad-broken3.pem @@ -0,0 +1,126 @@ +X.509 certificate info: + +Version: 3 +Serial Number (hex): 17 +Subject: CN=Hacker +Issuer: C=US,O=Starfield Technologies\, Inc.,OU=Starfield Class 2 Certification Authority +Signature Algorithm: RSA-SHA +Validity: + Not Before: Sat Aug 19 18:51:30 2006 + Not After: Wed Oct 18 18:51:30 2006 +Subject Public Key Info: + Public Key Algorithm: RSA (1024 bits) +modulus: + a4:ae:e8:28:56:b6:d0:6c:3a:96:81:ad:87:f8:3f: + 3c:82:18:d7:ba:0e:e1:3b:ae:6a:b8:08:cb:24:77: + 3f:2e:88:02:77:c1:57:7c:8c:6b:23:75:e6:38:63: + 3a:17:49:5a:7e:f6:61:05:e9:7a:8d:83:20:df:f1: + 46:f7:90:d8:0f:63:1b:c9:db:c9:60:41:5a:5d:e5: + 17:46:59:71:e8:d7:82:d6:05:30:f5:9a:d1:64:0a: + 20:21:56:50:13:b1:53:48:fe:d8:ef:da:db:fb:26: + 9f:04:b3:29:5b:0c:77:bb:86:c9:40:d2:b9:ec:46: + bd:9c:4b:d6:ef:a4:cd:37: +public exponent: + 01:00:01: + +X.509 Extensions: + Basic Constraints: (critical) + CA:TRUE + +Other information: + MD5 Fingerprint: 46:54:EC:0F:EF:70:BE:BE:22:57:90:BC:A1:FD:B8:AA + SHA1 Fingerprint: 73:FA:53:71:4A:F1:AB:C6:31:82:B5:4D:59:3C:BC:B6:36:87:0D:55 + Public Key ID: 9E:A1:D8:56:93:79:0C:B3:E3:0B:D3:F4:A5:40:C8:7C:78:A8:49:82 + + +-----BEGIN CERTIFICATE----- +MIICgzCCAWugAwIBAgIBFzANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYw +ODE5MTY1MTMwWhcNMDYxMDE4MTY1MTMwWjARMQ8wDQYDVQQDEwZIYWNrZXIwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKSu6ChWttBsOpaBrYf4PzyCGNe6DuE7 +rmq4CMskdz8uiAJ3wVd8jGsjdeY4YzoXSVp+9mEF6XqNgyDf8Ub3kNgPYxvJ28lg +QVpd5RdGWXHo14LWBTD1mtFkCiAhVlATsVNI/tjv2tv7Jp8EsylbDHe7hslA0rns +Rr2cS9bvpM03AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF +BQADggEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLL/Up63HkFWD15INcW +Xd1nZGI+gO/whm58ICyJ1Js7ON6N4NyBTwe8513CvdOlOdG/Ctmy2gxEE47HhEed +ST8AUooI0ey599t84P20gGRuOYIjr7c= +-----END CERTIFICATE----- + + + +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00 +Subject: C=US,O=Starfield Technologies\, Inc.,OU=Starfield Class 2 Certification Authority +Issuer: C=US,O=Starfield Technologies\, Inc.,OU=Starfield Class 2 Certification Authority +Signature Algorithm: RSA-SHA +Validity: + Not Before: Tue Jun 29 19:39:16 2004 + Not After: Thu Jun 29 19:39:16 2034 +Subject Public Key Info: + Public Key Algorithm: RSA (2048 bits) +modulus: + b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:ce: + 4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:c3: + a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:9e: + e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:f0: + c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:a7: + 4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:4a: + 99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:af: + b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:d4: + f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:b8: + b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:9b: + 19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:b2: + 5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:b3: + e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:b3: + bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:5e: + 4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:23: + 5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:0d: + 1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:01: + ab: +public exponent: + 03: + +X.509 Extensions: + Basic Constraints: + CA:TRUE + Subject Key ID: + BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 + Authority Key ID: + BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 + +Other information: + MD5 Fingerprint: 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24 + SHA1 Fingerprint: AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A + Public Key ID: 8D:C9:49:57:76:CC:19:71:BC:E5:EA:17:70:0A:83:61:9D:C9:27:A7 + + +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/pkcs1-pad-ok.pem b/tests/cert-tests/data/pkcs1-pad-ok.pem new file mode 100644 index 0000000..ff19cb4 --- /dev/null +++ b/tests/cert-tests/data/pkcs1-pad-ok.pem @@ -0,0 +1,118 @@ +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00:E4:A7:CC:4E:10:C7:61:FF +Subject: C=JP,ST=Tokyo,O=TEST 2 CLIENT,CN=www2.example.jp +Issuer: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 +Signature Algorithm: RSA-SHA +Validity: + Not Before: Thu Sep 7 18:40:37 2006 + Not After: Fri Sep 7 18:40:37 2007 +Subject Public Key Info: + Public Key Algorithm: RSA (1024 bits) +modulus: + bd:2a:59:ea:28:3d:0e:97:8a:07:ad:21:ee:28:b5: + 46:2b:4d:ba:f9:27:e0:83:4e:7c:45:e3:0a:33:d2: + 17:09:88:6c:62:6a:9f:25:af:29:38:8c:2b:38:2e: + 11:89:06:e8:26:40:6e:cc:78:e2:dd:e4:be:c5:43: + 79:47:79:59:90:51:80:ca:1e:41:dd:6d:34:90:54: + e0:15:f1:38:0f:1b:57:37:70:b2:dc:da:3d:e7:ae: + 7d:0b:59:0e:f2:9f:33:87:a3:f9:fa:3f:8f:d9:58: + 1f:db:9d:0a:e8:35:86:e6:8d:c9:b7:02:b6:28:f3: + 1a:89:e4:75:d5:f8:24:45: +public exponent: + 01:00:01: + +X.509 Extensions: + Basic Constraints: + CA:FALSE + Subject Key ID: + 2B:40:D9:B5:DF:0A:D4:FD:A2:8F:D8:15:29:43:5C:1E:5C:7B:B8:22 + Authority Key ID: + DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8 + 2.16.840.1.113730.1.13: + DER Data: 161d4f70656e53534c2047656e657261746564204365727469666963617465 + ASCII: ..OpenSSL Generated Certificate + +Other information: + MD5 Fingerprint: 8C:D7:69:6A:E6:75:BD:E9:77:A7:86:43:F5:D1:89:C1 + SHA1 Fingerprint: F5:EC:64:57:BD:BB:00:A1:45:26:ED:3B:FD:4D:8B:CA:FD:F1:1D:41 + Public Key ID: 05:95:E0:8F:69:A2:59:92:3D:6B:2B:32:0C:88:C7:12:A1:09:16:8F + + +-----BEGIN CERTIFICATE----- +MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV +BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx +LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK +UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV +BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG +6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf +M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV +HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp +Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU +340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK +EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN +BgkqhkiG9w0BAQUFAAOBgQCkGhwCDLRwWbDnDFReXkIZ1/9OhfiR8yL1idP9iYVU +cSoWxSHPBWkv6LORFS03APcXCSzDPJ9pxTjFjGGFSI91fNrzkKdHU/+0WCF2uTh7 +Dz2blqtcmnJqMSn1xHxxfM/9e6M3XwFUMf7SGiKRAbDfsauPafEPTn83vSeKj1lg +Dw== +-----END CERTIFICATE----- + + + +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00:E4:A7:CC:4E:10:C7:61:FE +Subject: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 +Issuer: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 +Signature Algorithm: RSA-SHA +Validity: + Not Before: Thu Sep 7 18:33:18 2006 + Not After: Sat Oct 7 18:33:18 2006 +Subject Public Key Info: + Public Key Algorithm: RSA (1024 bits) +modulus: + d9:7c:58:e4:3c:36:5e:a2:bc:56:aa:4e:ff:0c:a3: + 36:77:ff:4d:6a:8d:bc:74:ce:93:e6:c6:f9:2f:8d: + 61:0f:90:b5:91:75:7a:30:97:af:e4:02:c0:49:2c: + 6d:23:a3:95:3a:66:4e:e2:07:ee:6e:7b:2f:72:3d: + 0d:4d:93:b8:49:e1:75:c8:bd:6b:54:33:dd:c7:b8: + ee:40:8d:5c:6c:38:86:fc:4c:08:31:6d:bd:50:87: + 63:f6:1d:39:d8:94:e6:11:ba:53:d1:1b:8f:ff:82: + 56:98:05:ab:74:ee:54:13:8d:31:b9:ae:d2:cf:6f: + fa:f8:30:76:66:49:45:a1: +public exponent: + 03: + +X.509 Extensions: + Basic Constraints: + CA:TRUE + Subject Key ID: + DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8 + Authority Key ID: + DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8 + +Other information: + MD5 Fingerprint: CA:33:DC:62:CB:54:8E:59:DD:D2:E8:9D:F6:BA:90:5B + SHA1 Fingerprint: A4:E8:7D:0A:7D:D2:15:10:B0:AE:F7:24:58:F4:BE:AF:80:48:FE:AD + Public Key ID: E5:D1:FC:26:A8:4C:FC:15:59:AD:06:F1:46:D8:40:31:C0:49:4D:1F + + +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV +BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx +LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK +UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd +MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28 +dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r +VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S +z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh +tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV +BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx +LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH +aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK +y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8 +uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/pkcs1-pad-ok2.pem b/tests/cert-tests/data/pkcs1-pad-ok2.pem new file mode 100644 index 0000000..36548fa --- /dev/null +++ b/tests/cert-tests/data/pkcs1-pad-ok2.pem @@ -0,0 +1,39 @@ +X.509 certificate info: + +Version: 1 +Serial Number (hex): 06 +Subject: C=AU,ST=Queensland,O=CryptSoft Pty Ltd,CN=Server test cert (512 bit) +Issuer: C=AU,ST=Queensland,O=CryptSoft Pty Ltd,CN=Server test cert (512 bit) +Signature Algorithm: RSA-SHA +Validity: + Not Before: Tue Sep 12 01:59:02 2006 + Not After: Thu Oct 12 01:59:02 2006 +Subject Public Key Info: + Public Key Algorithm: RSA (512 bits) +modulus: + 9f:b3:c3:84:27:95:ff:12:31:52:0f:15:ef:46:11: + c4:ad:80:e6:36:5b:0f:dd:80:d7:61:8d:e0:fc:72: + 45:09:34:fe:55:66:45:43:4c:68:97:6a:fe:a8:a0: + a5:df:5f:78:ff:ee:d7:64:b8:3f:04:cb:6f:ff:2a: + fe:fe:b9:ed: +public exponent: + 01:00:01: + +Other information: + MD5 Fingerprint: A3:EB:02:BD:45:54:AD:A3:74:FC:CA:BE:31:A3:41:0A + SHA1 Fingerprint: FA:E0:71:22:53:6D:9E:F5:01:EF:89:93:1D:3B:A9:17:29:75:2C:F8 + Public Key ID: 77:47:AD:43:02:5B:06:6E:B4:EF:29:DB:B2:AA:36:5D:01:7C:68:A1 + + +-----BEGIN CERTIFICATE----- +MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD +VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU5MDJa +Fw0wNjEwMTEyMzU5MDJaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs +YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy +IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD +hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u +12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAc+fnj0rB2CYautG2 +4itiMOU4SN6JFTFDCTU/Gb5aR/Fiu7HJkuE5yGEnTdnwcId/T9sTW251yzCc1e2z +rHX/kw== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/pkcs12_2certs.p12 b/tests/cert-tests/data/pkcs12_2certs.p12 new file mode 100644 index 0000000..bcbf48b Binary files /dev/null and b/tests/cert-tests/data/pkcs12_2certs.p12 differ diff --git a/tests/cert-tests/data/pkcs12_5certs.p12 b/tests/cert-tests/data/pkcs12_5certs.p12 new file mode 100644 index 0000000..5fc9cd3 Binary files /dev/null and b/tests/cert-tests/data/pkcs12_5certs.p12 differ diff --git a/tests/cert-tests/data/pkcs7-cat-ca.pem b/tests/cert-tests/data/pkcs7-cat-ca.pem new file mode 100644 index 0000000..742d80f --- /dev/null +++ b/tests/cert-tests/data/pkcs7-cat-ca.pem @@ -0,0 +1,145 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 79ad16a14aa0a5ad4c7358f407132e65 + Issuer: DC=com,DC=microsoft,CN=Microsoft Root Certificate Authority + Validity: + Not Before: Wed May 09 23:19:22 UTC 2001 + Not After: Sun May 09 23:28:13 UTC 2021 + Subject: DC=com,DC=microsoft,CN=Microsoft Root Certificate Authority + Subject Public Key Algorithm: RSA + Algorithm Security Level: High (4096 bits) + Modulus (bits 4096): + 00:f3:5d:fa:80:67:d4:5a:a7:a9:0c:2c:90:20:d0:35 + 08:3c:75:84:cd:b7:07:89:9c:89:da:de:ce:c3:60:fa + 91:68:5a:9e:94:71:29:18:76:7c:c2:e0:c8:25:76:94 + 0e:58:fa:04:34:36:e6:df:af:f7:80:ba:e9:58:0b:2b + 93:e5:9d:05:e3:77:22:91:f7:34:64:3c:22:91:1d:5e + e1:09:90:bc:14:fe:fc:75:58:19:e1:79:b7:07:92:a3 + ae:88:59:08:d8:9f:07:ca:03:58:fc:68:29:6d:32:d7 + d2:a8:cb:4b:fc:e1:0b:48:32:4f:e6:eb:b8:ad:4f:e4 + 5c:6f:13:94:99:db:95:d5:75:db:a8:1a:b7:94:91:b4 + 77:5b:f5:48:0c:8f:6a:79:7d:14:70:04:7d:6d:af:90 + f5:da:70:d8:47:b7:bf:9b:2f:6c:e7:05:b7:e1:11:60 + ac:79:91:14:7c:c5:d6:a6:e4:e1:7e:d5:c3:7e:e5:92 + d2:3c:00:b5:36:82:de:79:e1:6d:f3:b5:6e:f8:9f:33 + c9:cb:52:7d:73:98:36:db:8b:a1:6b:a2:95:97:9b:a3 + de:c2:4d:26:ff:06:96:67:25:06:c8:e7:ac:e4:ee:12 + 33:95:31:99:c8:35:08:4e:34:ca:79:53:d5:b5:be:63 + 32:59:40:36:c0:a5:4e:04:4d:3d:db:5b:07:33:e4:58 + bf:ef:3f:53:64:d8:42:59:35:57:fd:0f:45:7c:24:04 + 4d:9e:d6:38:74:11:97:22:90:ce:68:44:74:92:6f:d5 + 4b:6f:b0:86:e3:c7:36:42:a0:d0:fc:c1:c0:5a:f9:a3 + 61:b9:30:47:71:96:0a:16:b0:91:c0:42:95:ef:10:7f + 28:6a:e3:2a:1f:b1:e4:cd:03:3f:77:71:04:c7:20:fc + 49:0f:1d:45:88:a4:d7:cb:7e:88:ad:8e:2d:ec:45:db + c4:51:04:c9:2a:fc:ec:86:9e:9a:11:97:5b:de:ce:53 + 88:e6:e2:b7:fd:ac:95:c2:28:40:db:ef:04:90:df:81 + 33:39:d9:b2:45:a5:23:87:06:a5:55:89:31:bb:06:2d + 60:0e:41:18:7d:1f:2e:b5:97:cb:11:eb:15:d5:24:a5 + 94:ef:15:14:89:fd:4b:73:fa:32:5b:fc:d1:33:00:f9 + 59:62:70:07:32:ea:2e:ab:40:2d:7b:ca:dd:21:67:1b + 30:99:8f:16:aa:23:a8:41:d1:b0:6e:11:9b:36:c4:de + 40:74:9c:e1:58:65:c1:60:1e:7a:5b:38:c8:8f:bb:04 + 26:7c:d4:16:40:e5:b6:6b:6c:aa:86:fd:00:bf:ce:c1 + 35 + Exponent (bits 24): + 01:00:01 + Extensions: + Key Usage (not critical): + Digital signature. + Non repudiation. + Certificate signing. + CRL signing. + Basic Constraints (critical): + Certificate Authority (CA): TRUE + Subject Key Identifier (not critical): + 0eac826040562797e52513fc2ae10a539559e4a4 + Unknown extension 1.3.6.1.4.1.311.21.1 (not critical): + ASCII: ... + Hexdump: 020100 + Signature Algorithm: RSA-SHA1 + Signature: + c5:11:4d:03:3a:60:dd:5d:52:11:77:8f:b2:bb:36:c8 + b2:05:bf:b4:b7:a8:d8:20:9d:5c:13:03:b6:1c:22:fa + 06:13:35:b6:c8:63:d4:9a:47:6f:26:57:d2:55:f1:04 + b1:26:5f:d6:a9:50:68:a0:bc:d2:b8:6e:cc:c3:e9:ac + df:19:cd:78:ac:59:74:ac:66:34:36:c4:1b:3e:6c:38 + 4c:33:0e:30:12:0d:a3:26:fe:51:53:00:ff:af:5a:4e + 84:0d:0f:1f:e4:6d:05:2e:4e:85:4b:8d:6c:33:6f:54 + d2:64:ab:bf:50:af:7d:7a:39:a0:37:ed:63:03:0f:fc + 13:06:ce:16:36:d4:54:3b:95:1b:51:62:3a:e5:4d:17 + d4:05:39:92:9a:27:a8:5b:aa:bd:ec:bb:be:e3:20:89 + 60:71:6c:56:b3:a5:13:d0:6d:0e:23:7e:95:03:ed:68 + 3d:f2:d8:63:b8:6b:4d:b6:e8:30:b5:e1:ca:94:4b:f7 + a2:aa:5d:99:30:b2:3d:a7:c2:51:6c:28:20:01:24:27 + 2b:4b:00:b7:9d:11:6b:70:be:b2:10:82:bc:0c:9b:68 + d0:8d:3b:24:87:aa:99:28:72:9d:33:5f:59:90:bd:f5 + de:93:9e:3a:62:5a:34:39:e2:88:55:1d:b9:06:b0:c1 + 89:6b:2d:d7:69:c3:19:12:36:84:d0:c9:a0:da:ff:2f + 69:78:b2:e5:7a:da:eb:d7:0c:c0:f7:bd:63:17:b8:39 + 13:38:a2:36:5b:7b:f2:85:56:6a:1d:64:62:c1:38:e2 + aa:bf:51:66:a2:94:f5:12:9c:66:22:10:6b:f2:b7:30 + 92:2d:f2:29:f0:3d:3b:14:43:68:a2:f1:9c:29:37:cb + ce:38:20:25:6d:7c:67:f3:7e:24:12:24:03:08:81:47 + ec:a5:9e:97:f5:18:d7:cf:bb:d5:ef:76:96:ef:fd:ce + db:56:9d:95:a0:42:f9:97:58:e1:d7:31:22:d3:5f:59 + e6:3e:6e:22:00:ea:43:84:b6:25:db:d9:f3:08:56:68 + c0:64:6b:1d:7c:ec:b6:93:a2:62:57:6e:2e:d8:e7:58 + 8f:c4:31:49:26:dd:de:29:35:87:f5:30:71:70:5b:14 + 3c:69:bd:89:12:7d:eb:2e:a3:fe:d8:7f:9e:82:5a:52 + 0a:2b:c1:43:2b:d9:30:88:9f:c8:10:fb:89:8d:e6:a1 + 85:75:33:7e:6c:9e:db:73:13:64:62:69:a5:2f:7d:ca + 96:6d:9f:f8:04:4d:30:92:3d:6e:21:14:21:c9:3d:e0 + c3:fd:8a:6b:9d:4a:fd:d1:a1:9d:99:43:77:3f:b0:da +Other Information: + SHA1 fingerprint: + cdd4eeae6000ac7f40c3802c171e30148030c072 + SHA256 fingerprint: + 885de64c340e3ea70658f01e1145f957fcda27aabeea1ab9faa9fdb0102d4077 + Public Key ID: + 0eac826040562797e52513fc2ae10a539559e4a4 + Public key's random art: + +--[ RSA 4096]----+ + | o.o oOO.. | + |o +==.+ | + |. .E o. | + |. . o . | + |... . + S | + |o+ + + | + |. + o . . | + | o | + | | + +-----------------+ + +-----BEGIN CERTIFICATE----- +MIIFmTCCA4GgAwIBAgIQea0WoUqgpa1Mc1j0BxMuZTANBgkqhkiG9w0BAQUFADBf +MRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0 +MS0wKwYDVQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw +HhcNMDEwNTA5MjMxOTIyWhcNMjEwNTA5MjMyODEzWjBfMRMwEQYKCZImiZPyLGQB +GRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MS0wKwYDVQQDEyRNaWNy +b3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDzXfqAZ9Rap6kMLJAg0DUIPHWEzbcHiZyJ2t7Ow2D6 +kWhanpRxKRh2fMLgyCV2lA5Y+gQ0Nubfr/eAuulYCyuT5Z0F43cikfc0ZDwikR1e +4QmQvBT+/HVYGeF5tweSo66IWQjYnwfKA1j8aCltMtfSqMtL/OELSDJP5uu4rU/k +XG8TlJnbldV126gat5SRtHdb9UgMj2p5fRRwBH1tr5D12nDYR7e/my9s5wW34RFg +rHmRFHzF1qbk4X7Vw37lktI8ALU2gt554W3ztW74nzPJy1J9c5g224uha6KVl5uj +3sJNJv8GlmclBsjnrOTuEjOVMZnINQhONMp5U9W1vmMyWUA2wKVOBE0921sHM+RY +v+8/U2TYQlk1V/0PRXwkBE2e1jh0EZcikM5oRHSSb9VLb7CG48c2QqDQ/MHAWvmj +YbkwR3GWChawkcBCle8Qfyhq4yofseTNAz93cQTHIPxJDx1FiKTXy36IrY4t7EXb +xFEEySr87IaemhGXW97OU4jm4rf9rJXCKEDb7wSQ34EzOdmyRaUjhwalVYkxuwYt +YA5BGH0fLrWXyxHrFdUkpZTvFRSJ/Utz+jJb/NEzAPlZYnAHMuouq0Ate8rdIWcb +MJmPFqojqEHRsG4RmzbE3kB0nOFYZcFgHnpbOMiPuwQmfNQWQOW2a2yqhv0Av87B +NQIDAQABo1EwTzALBgNVHQ8EBAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUDqyCYEBWJ5flJRP8KuEKU5VZ5KQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI +hvcNAQEFBQADggIBAMURTQM6YN1dUhF3j7K7NsiyBb+0t6jYIJ1cEwO2HCL6BhM1 +tshj1JpHbyZX0lXxBLEmX9apUGigvNK4bszD6azfGc14rFl0rGY0NsQbPmw4TDMO +MBINoyb+UVMA/69aToQNDx/kbQUuToVLjWwzb1TSZKu/UK99ejmgN+1jAw/8EwbO +FjbUVDuVG1FiOuVNF9QFOZKaJ6hbqr3su77jIIlgcWxWs6UT0G0OI36VA+1oPfLY +Y7hrTbboMLXhypRL96KqXZkwsj2nwlFsKCABJCcrSwC3nRFrcL6yEIK8DJto0I07 +JIeqmShynTNfWZC99d6TnjpiWjQ54ohVHbkGsMGJay3XacMZEjaE0Mmg2v8vaXiy +5Xra69cMwPe9Yxe4ORM4ojZbe/KFVmodZGLBOOKqv1FmopT1EpxmIhBr8rcwki3y +KfA9OxRDaKLxnCk3y844ICVtfGfzfiQSJAMIgUfspZ6X9RjXz7vV73aW7/3O21ad +laBC+ZdY4dcxItNfWeY+biIA6kOEtiXb2fMIVmjAZGsdfOy2k6JiV24u2OdYj8Qx +SSbd3ik1h/UwcXBbFDxpvYkSfesuo/7Yf56CWlIKK8FDK9kwiJ/IEPuJjeahhXUz +fmye23MTZGJppS99ypZtn/gETTCSPW4hFCHJPeDD/YprnUr90aGdmUN3P7Da +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/pkcs7-cat.p7 b/tests/cert-tests/data/pkcs7-cat.p7 new file mode 100644 index 0000000..ec91399 Binary files /dev/null and b/tests/cert-tests/data/pkcs7-cat.p7 differ diff --git a/tests/cert-tests/data/pkcs7-chain-endcert-key.pem b/tests/cert-tests/data/pkcs7-chain-endcert-key.pem new file mode 100644 index 0000000..c684645 --- /dev/null +++ b/tests/cert-tests/data/pkcs7-chain-endcert-key.pem @@ -0,0 +1,182 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: High (3072 bits) + +modulus: + 00:cf:4d:4a:09:00:a6:0d:58:ac:03:1d:60:d5:fc:5e + b7:e7:04:42:09:27:eb:01:f3:a5:52:6d:1d:d9:2b:87 + 2e:d2:7f:58:f9:d9:8e:34:51:a7:cd:82:80:d9:ae:a2 + e8:5c:61:7c:d1:e6:1e:ee:21:3d:1f:8f:5f:03:1d:d9 + 50:03:2e:d9:92:fb:fc:db:3d:38:c0:68:de:a0:4e:7a + 88:12:3f:e2:50:5a:97:ab:1b:bc:ab:37:b8:8c:dc:03 + 7f:b3:44:53:0e:59:da:81:7a:6b:3f:fb:48:6a:cb:06 + 53:7d:49:41:60:69:2d:0b:3c:fb:85:28:c6:0a:3e:f9 + 94:f6:b1:05:c9:9b:87:ce:e0:8b:d1:bd:d4:10:ff:ab + a0:22:dd:c4:c9:62:eb:09:8d:4b:30:03:3c:e8:96:d3 + bc:cf:40:6d:e2:d3:c6:15:97:57:61:b6:9c:01:d4:60 + 1c:23:a8:f7:18:82:a4:41:86:5d:3e:1c:b8:e2:6b:e4 + a5:ca:83:40:14:a3:8a:ea:7e:21:c0:85:3b:0d:b0:b0 + 6e:00:d9:fc:53:34:c5:b9:ab:3b:18:89:5c:4d:3b:6b + 91:0b:6d:57:d6:58:e2:08:6d:eb:74:9b:bf:c1:01:89 + a2:f5:f3:32:5e:86:6e:9d:26:21:3b:b5:36:b1:e5:f8 + 68:d2:df:12:4a:5b:4d:7f:71:b7:4c:04:cf:b2:17:fa + cf:b7:4b:9f:fb:59:01:60:ee:93:6f:c8:20:df:ad:d0 + 17:0c:e6:03:90:10:5c:26:dc:33:a0:15:ac:1d:49:1c + 63:03:36:fd:b5:d7:36:10:a0:57:3f:dd:64:22:22:37 + fb:bd:8c:2a:b7:12:bf:b5:9b:3c:ac:5c:9d:a9:b9:f1 + ae:ae:a1:12:e7:af:5f:c4:c7:f2:66:cf:b5:a9:f2:74 + 1c:26:f7:bb:44:85:00:d1:8e:35:73:27:98:05:cd:97 + b8:4e:fb:f7:3c:56:49:de:e2:3b:18:62:0c:34:b7:b8 + 0d: + +public exponent: + 01:00:01: + +private exponent: + 00:c2:c9:10:e3:dc:a4:2a:ae:43:12:ba:2c:1f:65:7f + 6a:b5:bb:9e:81:13:ed:12:6c:69:cf:45:90:62:5b:30 + 2e:a2:c3:de:4b:06:4d:44:83:e5:74:89:47:a1:43:22 + f7:ca:b6:1f:9e:ea:e7:ed:41:76:39:8d:71:ed:6f:c2 + 9e:18:1f:91:79:37:25:a4:ab:a6:03:c5:86:4a:82:f3 + 47:a0:3e:3e:dc:da:02:e1:58:b2:b2:ff:2c:7d:ce:cd + ca:d4:1b:43:1f:9c:f6:5f:eb:33:93:6e:fd:e0:ba:dc + 3a:de:e2:52:77:d0:db:ee:4f:62:d7:00:34:f5:b3:ae + b8:76:04:68:37:c3:d8:9c:5f:09:82:0f:28:90:c0:6b + f7:90:4b:69:79:01:65:70:18:3f:a9:e1:a0:fd:bb:9b + 41:32:4c:8b:f4:32:a1:51:f0:5e:bf:05:e3:19:25:01 + 19:ef:b7:f8:56:23:8b:4b:b6:81:2e:b7:b6:51:aa:a7 + b0:1e:c6:7c:01:b6:3f:93:37:e2:87:7f:45:57:46:7a + 4f:a9:d3:3c:8b:fc:27:34:79:bd:60:da:0d:f8:c6:2a + a8:95:5e:62:51:ea:40:95:0f:da:18:02:0c:91:0a:0d + fd:dd:13:36:36:45:d7:f6:bb:db:f6:54:fb:f6:31:b4 + 8f:1f:a5:65:70:bf:60:12:b2:bb:a4:9c:d0:a5:9d:70 + 2f:e9:22:f3:83:e3:4c:4d:5a:50:d3:37:ce:77:4b:9b + 98:4c:8d:7b:48:85:01:2c:48:eb:cd:6d:80:1b:26:b5 + bc:9f:a9:ae:df:36:a8:f6:ad:31:7f:9f:f5:cf:7a:fb + d3:99:5d:97:f7:37:ba:4b:df:89:e4:1f:57:a1:f5:dc + f0:7a:44:48:4b:2a:c9:b7:f5:96:4a:85:f2:5a:be:f8 + b1:9b:c9:da:1c:e8:65:54:7a:66:e4:68:33:f8:be:1f + 4e:17:b1:2d:b7:1c:63:ac:cf:7a:a3:4b:5c:57:3c:b7 + 51: + +prime1: + 00:f7:ab:33:e9:01:38:02:87:49:0c:56:8f:8e:f7:35 + e5:88:97:cf:7b:d0:2b:84:28:b4:4f:b3:17:fd:b2:27 + 1c:10:7b:1e:0b:bb:3a:ac:4d:de:87:fe:e1:0e:f3:33 + 3c:28:3d:f5:be:a1:ee:be:51:09:2f:d7:91:80:07:6c + c9:82:cd:91:26:73:0a:3f:3c:e8:01:8c:89:fb:60:9e + 67:c0:6d:84:3d:25:2a:88:0d:1a:b1:c0:6b:26:81:13 + 10:2e:01:85:75:70:de:01:0f:47:49:b0:d7:3c:e0:e9 + cf:1e:de:a8:bb:67:4f:26:ec:c3:5e:f2:90:28:1c:8b + 43:f5:33:0e:f3:a2:92:3c:e3:5e:ca:94:a6:4d:f7:a9 + 84:7b:11:03:cb:34:1a:d9:c1:54:37:d3:a3:06:49:bd + 43:16:52:6d:c5:44:db:e4:cf:90:48:13:7d:18:cd:f6 + db:1c:80:95:0a:b4:bf:ff:78:ef:c0:66:69:0e:c9:4e + 7f: + +prime2: + 00:d6:46:77:b9:7c:1b:06:fe:eb:ba:cf:48:a4:9b:0a + 98:8c:99:9d:b4:40:e3:1b:61:d3:9d:85:78:f6:56:c0 + 65:7b:6c:a5:e9:18:10:7d:65:c7:48:95:ff:f4:f5:94 + cf:49:38:d7:04:3f:3b:c1:ae:d1:e5:a6:20:ff:dc:12 + a9:41:84:1a:ff:56:53:3d:33:91:c8:a5:a5:a2:91:f4 + 92:07:95:92:29:4b:f7:80:de:d1:91:1c:f8:97:64:a1 + df:57:ed:0e:9d:ca:23:77:30:8b:bb:2c:eb:52:9e:4d + cd:41:63:dc:9d:8f:1d:0c:f6:4e:e6:26:38:55:69:1e + 1d:8b:b6:f0:68:a9:b9:38:b0:97:b5:be:34:c7:9b:60 + 08:b6:e0:83:d8:f8:f6:62:b4:be:be:01:fd:2f:6f:5d + 2a:a0:8d:aa:52:f5:2c:23:56:8d:3a:50:73:0d:ea:31 + 95:59:32:60:9c:e9:3f:34:5a:c7:99:57:a5:55:16:0b + 73: + +coefficient: + 00:88:98:51:9a:a6:1c:ce:44:54:5d:c7:f5:df:a7:0a + db:39:c3:d8:6b:ec:5d:ee:89:64:bf:25:2e:9a:25:a6 + ee:dc:e5:cb:01:13:9a:19:9f:7f:24:52:b6:e7:40:e1 + 21:8d:8f:9f:69:92:e4:3d:a4:25:db:2d:0a:74:bc:ea + 44:d6:81:90:d5:59:3f:6a:63:cd:2c:0e:7f:83:ce:0c + e7:7b:bb:22:c8:6d:f8:15:5d:7b:52:be:e1:c6:1f:c5 + 55:5a:76:8a:b4:ae:18:29:55:86:e0:a7:40:23:28:c0 + c7:6d:dc:a3:a8:6b:56:97:b4:64:88:a1:7b:f1:5f:b4 + f0:bf:1b:9e:b3:b7:db:59:a3:01:49:40:2d:df:2b:bb + f4:e3:84:e8:b9:0c:c5:31:f6:05:38:4c:7f:8e:b6:2e + 8b:7f:fc:69:c2:57:e5:f5:10:3e:4e:47:3a:3d:d2:57 + a7:5f:73:54:8d:9a:60:90:d6:10:b7:e3:31:57:83:40 + 87: + +exp1: + 00:f4:cd:e1:da:9f:5c:c8:8b:06:76:4e:9d:49:d8:2b + 0a:fd:cf:e8:c3:5e:49:95:31:52:c1:30:aa:37:16:c0 + 37:aa:46:b7:b5:2a:d4:dc:f9:7f:4b:77:70:e8:01:16 + 14:91:46:65:40:8f:f9:57:5e:ec:30:c0:e8:4d:df:88 + f5:49:f8:7d:4f:bf:08:52:e7:95:ff:e9:f5:7d:66:cc + 4c:8b:54:f5:10:27:4b:79:fd:51:f4:7e:d8:aa:cf:8c + 93:42:96:38:5f:94:37:ac:5e:78:bd:6b:31:e5:37:ff + 83:bd:e4:a2:6d:d2:b8:d7:25:d2:1b:68:b1:7b:24:73 + b7:b1:87:4d:71:1e:b1:63:c3:ee:af:58:ed:65:45:b6 + e6:7f:6a:9b:10:61:29:65:32:06:57:c4:36:71:01:b4 + 34:ba:bc:b1:49:fb:3d:4b:56:ab:2b:c3:2f:b4:b3:e9 + 1c:3d:79:0f:58:ec:be:96:fb:e8:27:8a:52:af:cd:e5 + 6b: + +exp2: + 50:8c:54:dd:49:25:ef:cf:4c:56:01:2d:d1:92:e6:bc + c9:bd:c5:66:c9:2d:96:51:83:f7:27:01:7d:b8:c6:c2 + 5f:4f:4c:5e:ff:48:d3:9a:ba:fb:32:47:f1:91:8f:cb + 0c:3f:6d:b4:8f:00:ab:a2:48:0d:08:12:47:9c:36:f7 + a1:45:43:d0:d0:66:a2:0f:0c:b2:5c:72:93:56:42:95 + d2:7c:0b:61:b2:c8:eb:8c:d7:42:b1:9d:51:6b:e6:dd + ca:73:b6:96:e2:31:ca:d0:58:f6:97:c0:2e:62:8b:e4 + a8:bc:1d:66:ad:31:c2:79:a4:d7:27:6e:ed:cc:82:21 + a1:2f:b7:d7:e0:55:5c:56:25:f1:8f:fa:cf:3e:3d:2f + 89:6f:84:a0:bf:95:ff:2c:ea:b7:0a:90:5e:90:82:79 + 4f:b9:71:59:96:08:6d:90:4f:ae:a8:27:58:07:bd:73 + e2:ff:e9:09:93:34:cb:3d:84:e2:c3:eb:c6:bc:6e:b9 + + + +Public Key PIN: + pin-sha256:bQF0mUATY710KqQP8ajdnqREqJUPc/Z4II4Fn33CZL8= +Public Key ID: + sha256:6d017499401363bd742aa40ff1a8dd9ea444a8950f73f678208e059f7dc264bf + sha1:9612983dbe342ee129ce2aaa5be249c695676212 + +-----BEGIN RSA PRIVATE KEY----- +MIIG5QIBAAKCAYEAz01KCQCmDVisAx1g1fxet+cEQgkn6wHzpVJtHdkrhy7Sf1j5 +2Y40UafNgoDZrqLoXGF80eYe7iE9H49fAx3ZUAMu2ZL7/Ns9OMBo3qBOeogSP+JQ +WperG7yrN7iM3AN/s0RTDlnagXprP/tIassGU31JQWBpLQs8+4Uoxgo++ZT2sQXJ +m4fO4IvRvdQQ/6ugIt3EyWLrCY1LMAM86JbTvM9AbeLTxhWXV2G2nAHUYBwjqPcY +gqRBhl0+HLjia+SlyoNAFKOK6n4hwIU7DbCwbgDZ/FM0xbmrOxiJXE07a5ELbVfW +WOIIbet0m7/BAYmi9fMyXoZunSYhO7U2seX4aNLfEkpbTX9xt0wEz7IX+s+3S5/7 +WQFg7pNvyCDfrdAXDOYDkBBcJtwzoBWsHUkcYwM2/bXXNhCgVz/dZCIiN/u9jCq3 +Er+1mzysXJ2pufGurqES569fxMfyZs+1qfJ0HCb3u0SFANGONXMnmAXNl7hO+/c8 +Vkne4jsYYgw0t7gNAgMBAAECggGBAMLJEOPcpCquQxK6LB9lf2q1u56BE+0SbGnP +RZBiWzAuosPeSwZNRIPldIlHoUMi98q2H57q5+1BdjmNce1vwp4YH5F5NyWkq6YD +xYZKgvNHoD4+3NoC4Viysv8sfc7NytQbQx+c9l/rM5Nu/eC63Dre4lJ30NvuT2LX +ADT1s664dgRoN8PYnF8Jgg8okMBr95BLaXkBZXAYP6nhoP27m0EyTIv0MqFR8F6/ +BeMZJQEZ77f4ViOLS7aBLre2UaqnsB7GfAG2P5M34od/RVdGek+p0zyL/Cc0eb1g +2g34xiqolV5iUepAlQ/aGAIMkQoN/d0TNjZF1/a72/ZU+/YxtI8fpWVwv2ASsruk +nNClnXAv6SLzg+NMTVpQ0zfOd0ubmEyNe0iFASxI681tgBsmtbyfqa7fNqj2rTF/ +n/XPevvTmV2X9ze6S9+J5B9XofXc8HpESEsqybf1lkqF8lq++LGbydoc6GVUembk +aDP4vh9OF7EttxxjrM96o0tcVzy3UQKBwQD3qzPpATgCh0kMVo+O9zXliJfPe9Ar +hCi0T7MX/bInHBB7Hgu7OqxN3of+4Q7zMzwoPfW+oe6+UQkv15GAB2zJgs2RJnMK +PzzoAYyJ+2CeZ8BthD0lKogNGrHAayaBExAuAYV1cN4BD0dJsNc84OnPHt6ou2dP +JuzDXvKQKByLQ/UzDvOikjzjXsqUpk33qYR7EQPLNBrZwVQ306MGSb1DFlJtxUTb +5M+QSBN9GM322xyAlQq0v/9478BmaQ7JTn8CgcEA1kZ3uXwbBv7rus9IpJsKmIyZ +nbRA4xth052FePZWwGV7bKXpGBB9ZcdIlf/09ZTPSTjXBD87wa7R5aYg/9wSqUGE +Gv9WUz0zkcilpaKR9JIHlZIpS/eA3tGRHPiXZKHfV+0OncojdzCLuyzrUp5NzUFj +3J2PHQz2TuYmOFVpHh2LtvBoqbk4sJe1vjTHm2AItuCD2Pj2YrS+vgH9L29dKqCN +qlL1LCNWjTpQcw3qMZVZMmCc6T80WseZV6VVFgtzAoHBAPTN4dqfXMiLBnZOnUnY +Kwr9z+jDXkmVMVLBMKo3FsA3qka3tSrU3Pl/S3dw6AEWFJFGZUCP+Vde7DDA6E3f +iPVJ+H1PvwhS55X/6fV9ZsxMi1T1ECdLef1R9H7Yqs+Mk0KWOF+UN6xeeL1rMeU3 +/4O95KJt0rjXJdIbaLF7JHO3sYdNcR6xY8Pur1jtZUW25n9qmxBhKWUyBlfENnEB +tDS6vLFJ+z1LVqsrwy+0s+kcPXkPWOy+lvvoJ4pSr83lawKBwFCMVN1JJe/PTFYB +LdGS5rzJvcVmyS2WUYP3JwF9uMbCX09MXv9I05q6+zJH8ZGPyww/bbSPAKuiSA0I +EkecNvehRUPQ0GaiDwyyXHKTVkKV0nwLYbLI64zXQrGdUWvm3cpztpbiMcrQWPaX +wC5ii+SovB1mrTHCeaTXJ27tzIIhoS+31+BVXFYl8Y/6zz49L4lvhKC/lf8s6rcK +kF6QgnlPuXFZlghtkE+uqCdYB71z4v/pCZM0yz2E4sPrxrxuuQKBwQCImFGaphzO +RFRdx/XfpwrbOcPYa+xd7olkvyUumiWm7tzlywETmhmffyRStudA4SGNj59pkuQ9 +pCXbLQp0vOpE1oGQ1Vk/amPNLA5/g84M53u7Isht+BVde1K+4cYfxVVadoq0rhgp +VYbgp0AjKMDHbdyjqGtWl7RkiKF78V+08L8bnrO321mjAUlALd8ru/TjhOi5DMUx +9gU4TH+Oti6Lf/xpwlfl9RA+Tkc6PdJXp19zVI2aYJDWELfjMVeDQIc= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/pkcs7-chain-root.pem b/tests/cert-tests/data/pkcs7-chain-root.pem new file mode 100644 index 0000000..3a4be5e --- /dev/null +++ b/tests/cert-tests/data/pkcs7-chain-root.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID6TCCAlGgAwIBAgIMWRVcZxmAWkc1Mhq3MA0GCSqGSIb3DQEBCwUAMA8xDTAL +BgNVBAMTBENBLTAwIBcNMTcwNTEyMDY1NTM1WhgPOTk5OTEyMzEyMzU5NTlaMA8x +DTALBgNVBAMTBENBLTAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDk +fS4dWnVZWp/e3SPUjXDvGmg0c/kcXCAmVq7jqgn18LA7p6Bp+hW79NXYATUz133b +z7XK8RJWm+XcDB2qVT1HC4bxlRpc2G6nBmc5qyRTOFV2VTHcO8Aqg9C4rkbmsofZ +ixJ+1HEseTM63yySmP7SiALwj55wvSDbpAcgfU92hC8jjUQNB4fAbc92byg82MPF +PT+4FBCCBZVGHV6X1t5CBL8n9yq8Z8ufkBI1K6J/dNSXLhja3m5Q3J+WZpv445do +88U1csw3G38frq6RFVHbb0Pusrdbj6+BAJsF5ZGbacPzcuobosVyb5OmNhpiwSzb +yxD7rNUsVis8ClDSDTT4EP6Qxs7rnF/5UyWtVEnUg15xEqtj3CFlgY2mkI0v7YIO +GAf3uo8iXHE0vaQHlQ2DMp8/IL3rRTujxXukjO1SH/4h9VXnNjGMrOpQRSajhMx2 +aHw/tPnNLTMqGfDV/rUFMGzJbhe1ZPH6L9kGFJzwDSd78D6ho/jWa/bH5306L4kC +AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud +DgQWBBTZfEXSOVCPbOBHkMnezrD5wKsxpTANBgkqhkiG9w0BAQsFAAOCAYEALDBQ +V/cMcuhDVChs5JICijycvZpxlxzxY34bQ3dm0NWeMjL+6dIyOQ5ThF6joG3nIScl +oACurHcrZgrCTbw3LWXll0Hbwb0FRASCKgsg3a5BuRqc33A3vyQAOiyTiN+bje8e +LpuhJNlAVFYu52+ywObwd1pf6CN4IqbXWlJ6j9rYY6Trquar3uYc1dHLy/RBsatQ +CqurVTcZ+/2R1itHFfvT2fJ+pOw/kgAg62Tkkj2Ck0PaNcplbgQY0RUALV3V1Db5 +lnNCYcr5Iyl/ag5Unf1QD16Tp0SYI0+670xqq7Q4U6xQroZbMgPTI+DaCUFINOE5 +/2XiHxuWhM8N9fgfw8u9RyMKe7bgiQzeJkb3CKbsf9ytF8yUSK6nJc+/9Lqnh0Z0 +tf2yIpNKC2gc93dM1W1yVSuLLU5jwEkcMwh7JQJLofUgkfenKLOleNQ5UsHuAmy4 +LJS7OTnwtTfqtnszZGGmKqOS6HKE7rP1jI9AZgqRfGLIYoRY0skYtFsgZwzy +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/pkcs7-chain.pem b/tests/cert-tests/data/pkcs7-chain.pem new file mode 100644 index 0000000..4800eb5 --- /dev/null +++ b/tests/cert-tests/data/pkcs7-chain.pem @@ -0,0 +1,72 @@ +-----BEGIN CERTIFICATE----- +MIIEITCCAomgAwIBAgIMWRVcaAigQxpHMLElMA0GCSqGSIb3DQEBCwUAMA8xDTAL +BgNVBAMTBENBLTEwIBcNMTcwNTEyMDY1NTM2WhgPOTk5OTEyMzEyMzU5NTlaMBMx +ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC +AYEAz01KCQCmDVisAx1g1fxet+cEQgkn6wHzpVJtHdkrhy7Sf1j52Y40UafNgoDZ +rqLoXGF80eYe7iE9H49fAx3ZUAMu2ZL7/Ns9OMBo3qBOeogSP+JQWperG7yrN7iM +3AN/s0RTDlnagXprP/tIassGU31JQWBpLQs8+4Uoxgo++ZT2sQXJm4fO4IvRvdQQ +/6ugIt3EyWLrCY1LMAM86JbTvM9AbeLTxhWXV2G2nAHUYBwjqPcYgqRBhl0+HLji +a+SlyoNAFKOK6n4hwIU7DbCwbgDZ/FM0xbmrOxiJXE07a5ELbVfWWOIIbet0m7/B +AYmi9fMyXoZunSYhO7U2seX4aNLfEkpbTX9xt0wEz7IX+s+3S5/7WQFg7pNvyCDf +rdAXDOYDkBBcJtwzoBWsHUkcYwM2/bXXNhCgVz/dZCIiN/u9jCq3Er+1mzysXJ2p +ufGurqES569fxMfyZs+1qfJ0HCb3u0SFANGONXMnmAXNl7hO+/c8Vkne4jsYYgw0 +t7gNAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0 +MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJYSmD2+NC7hKc4qqlviScaVZ2IS +MB8GA1UdIwQYMBaAFFRxDgQyZHU8liZv3WQ/ksokQCSpMA0GCSqGSIb3DQEBCwUA +A4IBgQAN1f7NR1o0JV2IgEDO+ahN5sx/ad+SYvSaRth8TogKjRMY9C/w13rwzs6M +Y8qaipz2D5Nso2FHysveW3IoEtqS9UB2wYmfh97P3cePz9FEvmGA+8SdL+rCLTpi +u6eioKk04C56cMsf7cFls1MZ1iCbbU/HlXoqjg4mJZeVW443MlmT/xyZLuqNhnke +b5C0MHJ0Y/dBtRzdE1yrphLurpC39RLqAj1K3U/iWt9ZXbIYPioPXKpWcEdXgFsE +Pboe4Aj1ZweK6siijaEZ1HdyRdEvi77MaMTuL5i42JzV8j9OoKA8IVdf4FJgIGOo +yHW9oBVzYmEIzQ7+lpp68Fk8w+esk5WafPRdP5AQNRXN4KFJmdYZe2K7BSEArc4c +iIB+gNjFOiAbXnlW+URHiOMPZCXza7Fxae33B5lMBcpi1yDSa2XOO/xPu5z9vA1L +9ugcdi3EqBmVEf1h4MQuXP0rKp85L4Bd8qqIbXz6pE85Yz5AjcXU/VD/y4ugJV6V +oVNlbsQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIECjCCAnKgAwIBAgIMWRVcZzdMb3w6rL9cMA0GCSqGSIb3DQEBCwUAMA8xDTAL +BgNVBAMTBENBLTAwIBcNMTcwNTEyMDY1NTM1WhgPOTk5OTEyMzEyMzU5NTlaMA8x +DTALBgNVBAMTBENBLTEwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDK +VudX96t79AYqJxe0I9D5d1QAS2UOQ04A/brEmdZ0gMNdXT99cesrPy9dIOq2Vtyq +dr5HEqCmEGZUnB9882OosNCwM8qMu+xkPlDdApLfM1UV8tyPMTLDyKDYcGxBcx1B +x/vYDSHQ9OZZaHOkaK8qjWN1G7ZZk+7j+fKsFee+VVaY/LNZVtNjA6PQC8/fQeEF +6NdKFFNZGA6xOjPAdfcpidJAAqhs0nCwlZocLSTrlAplLtXj3jjIpWZA9pnqZTQB +dk2dSukhbBqbjOaRcAoS96CNB9BPTfiYoBFIrO18CeDuyqNhriAKS4wLKhUOtB0C +vkuJC77NLeYFPXLI/8RbUD9M2BBeveswX5S9oEqghrsJuehHPy3Uces6oK9nipIN +9Uj/mkemgXjZqfIUcLMJisk3WBG4JZEcFCrLRKHbEMhQ1borBexi+y0qE0tKpc6k +pq6SvSkmyAoy8yURtcyw43AgULp7RaS0F6kLkyuY4WbVDkZHT/6zqD8178kig8EC +AwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1Ud +DgQWBBRUcQ4EMmR1PJYmb91kP5LKJEAkqTAfBgNVHSMEGDAWgBTZfEXSOVCPbOBH +kMnezrD5wKsxpTANBgkqhkiG9w0BAQsFAAOCAYEAD9S9gNKUzT4CpHZ1WZ+TMlJN +0uVwchW5ivsimghmD3T2e+7rSwpxsvQAKb1ifZS5H4L2We6e4Rq5KjfaZZxBy0F4 +TziK6Vy6KRPqtyH2YZwiqpgoJ/kCzdmiPwIuSagZYkXebgzRESAXJHxmANk8WuBT +fuTWlN9WhqUsubB/b5CLKwYx99k5W55VKld44bqWWG9b9qma42+7tllKV1ctOHUz +W/tZDWFDTZlMi4NoDnHlciGuNKM2rN37kwmjE2oVUQc1FVQhmdlbdGj/kO14Ur0u +dlTWO1ApZ+0bGmcB+QOHbM5wwnH2yyqBf2ipS9jjxqo2Xi2mb8GuSj4zXuB3sbSm +ms11RUNZdBUe56SO/mflywXfxYBslr56+n4uFtKo/LS/HQbGbURDLxRCbNual8tb +CqdvPriHx9No3EmZEF9fVLy4PQ1k8oau1eQYgTA14aRkkchCJEnPnzVQgUKuHZTC +79Ek2RkRK1p2o5rB/C+Bg2IyhQlWSqPjua1dmM54 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID6TCCAlGgAwIBAgIMWRVcZxmAWkc1Mhq3MA0GCSqGSIb3DQEBCwUAMA8xDTAL +BgNVBAMTBENBLTAwIBcNMTcwNTEyMDY1NTM1WhgPOTk5OTEyMzEyMzU5NTlaMA8x +DTALBgNVBAMTBENBLTAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDk +fS4dWnVZWp/e3SPUjXDvGmg0c/kcXCAmVq7jqgn18LA7p6Bp+hW79NXYATUz133b +z7XK8RJWm+XcDB2qVT1HC4bxlRpc2G6nBmc5qyRTOFV2VTHcO8Aqg9C4rkbmsofZ +ixJ+1HEseTM63yySmP7SiALwj55wvSDbpAcgfU92hC8jjUQNB4fAbc92byg82MPF +PT+4FBCCBZVGHV6X1t5CBL8n9yq8Z8ufkBI1K6J/dNSXLhja3m5Q3J+WZpv445do +88U1csw3G38frq6RFVHbb0Pusrdbj6+BAJsF5ZGbacPzcuobosVyb5OmNhpiwSzb +yxD7rNUsVis8ClDSDTT4EP6Qxs7rnF/5UyWtVEnUg15xEqtj3CFlgY2mkI0v7YIO +GAf3uo8iXHE0vaQHlQ2DMp8/IL3rRTujxXukjO1SH/4h9VXnNjGMrOpQRSajhMx2 +aHw/tPnNLTMqGfDV/rUFMGzJbhe1ZPH6L9kGFJzwDSd78D6ho/jWa/bH5306L4kC +AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud +DgQWBBTZfEXSOVCPbOBHkMnezrD5wKsxpTANBgkqhkiG9w0BAQsFAAOCAYEALDBQ +V/cMcuhDVChs5JICijycvZpxlxzxY34bQ3dm0NWeMjL+6dIyOQ5ThF6joG3nIScl +oACurHcrZgrCTbw3LWXll0Hbwb0FRASCKgsg3a5BuRqc33A3vyQAOiyTiN+bje8e +LpuhJNlAVFYu52+ywObwd1pf6CN4IqbXWlJ6j9rYY6Trquar3uYc1dHLy/RBsatQ +CqurVTcZ+/2R1itHFfvT2fJ+pOw/kgAg62Tkkj2Ck0PaNcplbgQY0RUALV3V1Db5 +lnNCYcr5Iyl/ag5Unf1QD16Tp0SYI0+670xqq7Q4U6xQroZbMgPTI+DaCUFINOE5 +/2XiHxuWhM8N9fgfw8u9RyMKe7bgiQzeJkb3CKbsf9ytF8yUSK6nJc+/9Lqnh0Z0 +tf2yIpNKC2gc93dM1W1yVSuLLU5jwEkcMwh7JQJLofUgkfenKLOleNQ5UsHuAmy4 +LJS7OTnwtTfqtnszZGGmKqOS6HKE7rP1jI9AZgqRfGLIYoRY0skYtFsgZwzy +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/pkcs7-detached.txt b/tests/cert-tests/data/pkcs7-detached.txt new file mode 100644 index 0000000..54fb2b8 --- /dev/null +++ b/tests/cert-tests/data/pkcs7-detached.txt @@ -0,0 +1 @@ +Hello there. How are you? diff --git a/tests/cert-tests/data/pkcs7-eddsa-sig.p7s b/tests/cert-tests/data/pkcs7-eddsa-sig.p7s new file mode 100644 index 0000000..911b8c1 Binary files /dev/null and b/tests/cert-tests/data/pkcs7-eddsa-sig.p7s differ diff --git a/tests/cert-tests/data/pkcs7.smime b/tests/cert-tests/data/pkcs7.smime new file mode 100644 index 0000000..9f2d657 --- /dev/null +++ b/tests/cert-tests/data/pkcs7.smime @@ -0,0 +1,42 @@ +MIME-Version: 1.0 +Content-Disposition: attachment; filename="smime.p7m" +Content-Type: application/x-pkcs7-mime; smime-type=signed-data; name="smime.p7m" +Content-Transfer-Encoding: base64 + +MIIGkgYJKoZIhvcNAQcCoIIGgzCCBn8CAQExDzANBglghkgBZQMEAgEFADBGBgkq +hkiG9w0BBwGgOQQ3Q29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQoNCkhlbGxvIHRo +ZXJlLiBIb3cgYXJlIHlvdT8NCqCCA7gwggO0MIICbKADAgECAgRN4LTKMA0GCSqG +SIb3DQEBCwUAMBkxFzAVBgNVBAMTDkdudVRMUyBUZXN0IENBMB4XDTExMDUyODA4 +MzkzOVoXDTM4MTAxMjA4Mzk0MFowLzEtMCsGA1UEAxMkR251VExTIFRlc3QgU2Vy +dmVyIChSU0EgY2VydGlmaWNhdGUpMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB +OgKCATEAtGsnmCWvwf8eyrB+9Ni87UOGZ1Rd2rQewpBfgzwCEfwTcoWyiKRlQQt2 +XyO+ip/+eUtzOy7HSzy/FsmXVTUX86FySzDC4CeUEvNWAObOgksRXaQem/r6uRsq +TRi1uqXmDMeoqKFtqoiE3JYOsmwcNarnx5Q9+dXHwqINS7NuevcIX8UJzRWTGveY +3ypMZokk7R/QFmOBZaVYO6HNJWKbmYFUCBcY7HwvCKI7KFcynRdHCob7YrFBmeb7 +3qjqIH7zG+666pohZCmS8q1z5RkFnTdT4hGfGF8iuuKLDQCMni+nhz1AvkqipZII +DC5hwFh8mpnh1qyDOSXPPhvt66NtncvFON7Bx26bNBS+MD6CkB65Spp25O8zDEai +MXL2w2EL+KpnifSl5XY3oSmfgHmqdQIDAQABo4GNMIGKMAwGA1UdEwEB/wQCMAAw +FAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1Ud +DwEB/wQFAwMHoAAwHQYDVR0OBBYEFHYHWEzqtSn1LYAGjINKgg0J7JPeMB8GA1Ud +IwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQB0 +1aZOyHm4h+eDKE5bCbukrb6+BQxjyceAygwUe3TK7G4iZxQxe7ctFLV1lKgIkAIG +lMUaL8ODZTSq84dBwSZzc7A2ocH3RHcsbmNRIK2r9thbuH/oZ30p5YKBlzNodtD0 +g9OMsfV0uzBU+359coHoSHSCBKsYBMT/BFlP9eAMJby3gL7b5OYnxkTO9TzsoA9D +2tQFLX6ncRQBH8V8wCkCmwSKDUhn5kPmOhoYFbvOHUfQH2YQqJ1G8PvK5EnLMBy8 +PbmdPXk0tbRBHd0R5eiwtzvbTHEmXWGHw0ntg6+ffbeY6NH16viLgPqImVeYny28 +329qQJqeRa8HNvumUWfax8xCogIWlFzDTvkPyF1DF+kZ98va0R4pKCPI0ddLvHd0 +WFSk3chCNSLbHh/Z79leMYICYzCCAl8CAQEwITAZMRcwFQYDVQQDEw5HbnVUTFMg +VGVzdCBDQQIETeC0yjANBglghkgBZQMEAgEFAKCB5DAYBgkqhkiG9w0BCQMxCwYJ +KoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzA0MDUxMTUwMzJaMC8GCSqGSIb3 +DQEJBDEiBCAPxNW8sd688/xuhT3eVSckDRNLIIsANJ00vaOH8y2rxTB5BgkqhkiG +9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAEC +MAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUr +DgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCATBTDhfI4eA44ENY +9bQGbPVABFbrdTh9DwfU05Hqam+XlghWefybu4A5Qu3pm2sfiWz2LQLL5/ogYVmv ++wq4vDYkArhHBk1gxVZ5ydZBaMBtne9rYNxNigzE0eziwco/OvyDG1Xg4wKZHNf8 +/PYpe98yJH0BgDWCMMSqsOZEC4q97eDFsIgRuuZm6Rgd+pXIwEWcelTdmJ5nfftP +e7uWoJZo1eBMsqUUREChw9SnPWCOysONCCTgdfvVOKPb1DZmmzGiK6CS6GfVgrJw +LvAjaBb3l3B9UssS/w+Sp44BwfCeFkntv8U0FiA/Cgg2sGT3illmguvCzBQon9t5 +c4Eg07LRVt1WP2tt/BbFRVhiHa+8zCOr5bCN1cOs+c17yhYqCYHz3RGGTMWWYAX1 +dFnWPDtb + diff --git a/tests/cert-tests/data/pkcs8-eddsa.pem b/tests/cert-tests/data/pkcs8-eddsa.pem new file mode 100644 index 0000000..e447080 --- /dev/null +++ b/tests/cert-tests/data/pkcs8-eddsa.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/pkcs8-eddsa.pem.txt b/tests/cert-tests/data/pkcs8-eddsa.pem.txt new file mode 100644 index 0000000..665124d --- /dev/null +++ b/tests/cert-tests/data/pkcs8-eddsa.pem.txt @@ -0,0 +1,25 @@ +Public Key Info: + Public Key Algorithm: EdDSA (Ed25519) + Key Security Level: High (256 bits) + +curve: Ed25519 +private key: + d4:ee:72:db:f9:13:58:4a:d5:b6:d8:f1:f7:69:f8:ad + 3a:fe:7c:28:cb:f1:d4:fb:e0:97:a8:8f:44:75:58:42 + + +x: + 19:bf:44:09:69:84:cd:fe:85:41:ba:c1:67:dc:3b:96 + c8:50:86:aa:30:b6:b6:cb:0c:5c:38:ad:70:31:66:e1 + + + +Public Key PIN: + pin-sha256:oekVYFTgT6yJmunydRMs3Ael28TqLCrTof/G4NJTaB8= +Public Key ID: + sha256:a1e9156054e04fac899ae9f275132cdc07a5dbc4ea2c2ad3a1ffc6e0d253681f + sha1:3a04967761a552db7e9e18c6dba4bd4aae119908 + +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/pkcs8-invalid1.der b/tests/cert-tests/data/pkcs8-invalid1.der new file mode 100644 index 0000000..8d05984 Binary files /dev/null and b/tests/cert-tests/data/pkcs8-invalid1.der differ diff --git a/tests/cert-tests/data/pkcs8-invalid10.der b/tests/cert-tests/data/pkcs8-invalid10.der new file mode 100644 index 0000000..eb9c173 Binary files /dev/null and b/tests/cert-tests/data/pkcs8-invalid10.der differ diff --git a/tests/cert-tests/data/pkcs8-invalid11.der b/tests/cert-tests/data/pkcs8-invalid11.der new file mode 100644 index 0000000..7f4fda8 Binary files /dev/null and b/tests/cert-tests/data/pkcs8-invalid11.der differ diff --git a/tests/cert-tests/data/pkcs8-invalid2.der b/tests/cert-tests/data/pkcs8-invalid2.der new file mode 100644 index 0000000..086a661 Binary files /dev/null and b/tests/cert-tests/data/pkcs8-invalid2.der differ diff --git a/tests/cert-tests/data/pkcs8-invalid3.der b/tests/cert-tests/data/pkcs8-invalid3.der new file mode 100644 index 0000000..39b821f Binary files /dev/null and b/tests/cert-tests/data/pkcs8-invalid3.der differ diff --git a/tests/cert-tests/data/pkcs8-invalid4.der b/tests/cert-tests/data/pkcs8-invalid4.der new file mode 100644 index 0000000..c8591a0 Binary files /dev/null and b/tests/cert-tests/data/pkcs8-invalid4.der differ diff --git a/tests/cert-tests/data/pkcs8-invalid5.der b/tests/cert-tests/data/pkcs8-invalid5.der new file mode 100644 index 0000000..3f23459 Binary files /dev/null and b/tests/cert-tests/data/pkcs8-invalid5.der differ diff --git a/tests/cert-tests/data/pkcs8-invalid6.der b/tests/cert-tests/data/pkcs8-invalid6.der new file mode 100644 index 0000000..f1519fe Binary files /dev/null and b/tests/cert-tests/data/pkcs8-invalid6.der differ diff --git a/tests/cert-tests/data/pkcs8-invalid7.der b/tests/cert-tests/data/pkcs8-invalid7.der new file mode 100644 index 0000000..85e1357 Binary files /dev/null and b/tests/cert-tests/data/pkcs8-invalid7.der differ diff --git a/tests/cert-tests/data/pkcs8-invalid8.der b/tests/cert-tests/data/pkcs8-invalid8.der new file mode 100644 index 0000000..4caa528 Binary files /dev/null and b/tests/cert-tests/data/pkcs8-invalid8.der differ diff --git a/tests/cert-tests/data/pkcs8-invalid9.der b/tests/cert-tests/data/pkcs8-invalid9.der new file mode 100644 index 0000000..ea3c772 Binary files /dev/null and b/tests/cert-tests/data/pkcs8-invalid9.der differ diff --git a/tests/cert-tests/data/pkcs8-pbes1-des-md5.pem b/tests/cert-tests/data/pkcs8-pbes1-des-md5.pem new file mode 100644 index 0000000..b37ea47 --- /dev/null +++ b/tests/cert-tests/data/pkcs8-pbes1-des-md5.pem @@ -0,0 +1,33 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFwTAbBgkqhkiG9w0BBQMwDgQIj0zLYsYVnewCAggABIIFoNbtBreeQp6iStj1 +h6NXjxaaa+zxpJ2ujFGlkUuYMHYHRHyBRBLPEIBpFK8TeoGz5PtS0TDdV6fNwGmw +qv4aDSMFLMNPvdhh85mEZXW54rW0h8YOy/dfaueHcAYBlANccpnYs11AJHOul8sz +X32Q5cDOE2KUqC0DaMu9X1I4YHa2AMrX6Z7/pLx4FN6bAbGNgENrm6j7+53xf7Nw ++rdV9WXm0qXlSJ/yZNnawEdvYgzUM4YC91iIDoFthiQ+VtRy7oTQC3dFCsjT80NL +2q0X555PfPpuUSOgTKznzZbkUwMWhmzUZZwEly4YXFBBNztaaL2nJeZu+QOZZXlT +7H7UQvcpgiYszh4WIlm0vEG6CEXm4X/Rdf2q4LMqs4BQGKfMgJbZeq9cF2cIcf5M +CrKxyW3qOXp+kFQ9LsURxcrgiWhwJlrpg7+NxWVGLstNUU4R5W4lAF9g3/xdo7P9 +w8qjxwp9kcMhOWT62AaTwtLkIMaNJarwViMCluWsnIdaKL4Etb+iC7VzyucAHA59 +5KjHb0S8RlpDe5roSS6GxdxRiztqYn+riW5gA7v8HiyyTiHnF8AjehwNuck94YeP +lMosUqXYG/BcDsu1ZtFpWmmRqNgss5eQ6bogKqKI0wN6vC1lqVljho0123ae9Jkx +NzX05s1b4mcBemxpdV9N0tNmZh3gmYn7+7vN7xzzNGsSKtwZWTcM4/ZGlK/uyGmb +a1xCvRr+5v+fZDpt2l4myfZPUp8UuPRpNVc3FaTl8Btb6jKHJtZnmdKqunVqzOab +uf6cgLHBbl2Ah+Dd4tv3YMUy6zZ3Bge0HL4vzK+B1svDBOIRMQvI0N7usUndPp2q +KK100tdMtNF6KTv5VVOApIuu7MuLwN9lqRXKwbyaL1ZEx/Xj5jbXnQJu935/Twpy +YWZm4Rd/uay1flQXQMjhKXUC32rNAvQUVcFBBoUjGw96yaW1QTaiPYq2bcauH4K3 +rAZrSzDapi0gVoYACD4oqh30aW+aQaKxkRn9ziQLWDyaTU836EYnS071BPq9evth +iFi2uGnnYmVtF1j1RDDaiC6ip2DxznDuvmM+sz6k6cUIvazqx0bp4ZXcAGAmU4lr +fHEbw0YZ4NvvejYAApRrqzlWvf9e4icR5UvMe/lUkjIxkde9n/PZKhYLUJxNReUQ +8ZtGSU8cbYcqr2eZhj71vFJ/cedSrLnLfd8tFXQmkKlb9EOFAYgo02CBdKMNcSl3 +FlVFeFywXljSGwmZv8rr2u7vEUIGlXrEKZnLST76DQpC/Xl5phTrL2Q8JqsHP/OH +olisadfSEUoB5PEGV3iqQKOvxVxQIE1P0Z85DuBAguOAM2Gfg/FeOmuvTCQY3uDe +ALZH8KW5cuaDtePXJ2fRJkl5rxrlgYMcxzr2EtQ3VZJ/eGBqUtjewZrAu9POSO74 +7oMTp60ZRxXi3jiUrJZNWtRH//6ezNSMyhWsl6dcyFN96TTzik0uJnlVBEZzF60s +Uw1NIBdLom8Lccxo0LjKIIxDvLb7e+MG9tuGrXwSyUFDR4pMzC7nR18JE96M34DG +2/k83qcq74swV+K5xEicsBkpyazbmLYpFpZY8pfI1mUb+ilp3+veMtdduS1GR/RX +KgXqeUr5toY2L2AIIRasm6j0t9ZZ7vbe+q+dluIkBKaTR1Rc+txjK8jxkdOJGDmz +f3am49sFNAIstvDzQ+wnxCAmG6mY+pAlQ0P8NnYMu57dxAEQe6PvFjnP2f3aghs7 +m2jXct/WiNQG6aopxEDb9XL8daI7fOHKNGodqRMBC3GsO2sEvii2/Gy5DL4Kiro2 +5UfWTPOCFotMbJYTSp/KKJbk4fMC1xI7lKosYYXbHhg/oV5Cr5zp8DFO+SL4lB7v +R/VQqKJ4AJpZiz4pNCbwfqNchr3bXe4AosATW1igTDkZf6u6Sw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/pkcs8-pbes2-sha256.pem b/tests/cert-tests/data/pkcs8-pbes2-sha256.pem new file mode 100644 index 0000000..ba88d8e --- /dev/null +++ b/tests/cert-tests/data/pkcs8-pbes2-sha256.pem @@ -0,0 +1,35 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIF/TBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI1NhoCmm0bicCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDk8ZQX5/5RSgw6O5zfStl7BIIF +oBFsReLKYFvjQeo3SPCU4JSlXwjtHdGCCBI6q3+mtMhxk8QJ1GQnGl93zbUNuXlC +Cthr/X5WJtGdkOGYtAt0pO1bLwL6euvTO7rkU/IwubGF6HH/84gNGNjkL/zJXdDR +v+FzYIpfmgpkLOEIvN6NvplSS6U0RAb/DOg2tAlI0D3FY7Y5rGiw3aioRG1lg8Wr +CXRyRiK58XfqcHrkMXdb5f6QGKtoyJZvzAfHjnkVeX5OFeYB0sPHWAtrHQMX+tna +ddHDQ/p7GPuw0JVR4q75IRs+QQ1GqRTT0PC2LaYzn0uxatPH/Z3nW9CxAa7E5SQK +VePbvdS5QHwEAITG0VXFowTOuhNYAvacqYaYXpd/gHEa26H3gBMKxfrOfWjXsmcS +VO72oZCAa2VS8RRQ6AhwmqZ2vmDNvenBPGK/3R+aGX4fFgmN+Uv2CxAu8ZYN1WHt +BJOdI1hTFrtLCfuU398CPdk8Xc0Y45N29Ao+XW0W8z1hqACpVAy89YYilF4wRRpH +ZnBKrwvxhfQcqVSuJOOfxmxqQrylzzCF4O6ug+lE+RlZpO5Yvtmqc/i4SzzxAu8x +XentKLEIPmQaUpWElHriL/YYeDHpj46PAPbyfh2vgxLFGvsf6CHT1PkyNmHGwR6Y +FmoEQ75i3f9PTnQ/byYODkyiYmNxPnCEOpNZp8qNnAZ8YnkifOmMqYJcaglohdlP +REIAehmXKgyzDpe1Xi6OQfwDyIB7Dw+oNqajSUyLHqOtRv6ziLxbwpEc1gMETyeP +yUlQuenAy96n6WvQKPF3boMH0KkrjaPyvBDsawIPBXKlKRPL0d9XQQn7m1mqRUtb +nVkog2XKXuDAyVDQC07dRhJZ4u/AMX+4KaJ6Y2DhQLYDuKgvHqI1JSJYd6OeSGce +WsiwkiTS2nEz5WPgHWM1sEPsFwlWnxubou2DPzWugh1IIed68TgyShgTG0yxdz4E +ICVqdBN6HHHTuMdyQgasxc62QhHo0FgdE3XWaNFJ15edK0aMZbfZaxv5Ab0iZYUI +lDtrhrenYFr+/davowWJ645S95+bKagSkmPmz1G/orjh86XE93rswhw/0EbxyRSK +CO4hkOVifdrAw6z6pTfx9OJf7hFtWBQ4wxZTRrzLtWV5qKP2GBDiaewl7R6/eoWs +TsUNEjhry3jLjqzmTOtZz3ZwvHkCZhNekdKIHSEWEH/uZkQaHIVk20tpqqdL365s +U2FBNC7/rJXzYbtwRzOhNmswYaKxBmnxOhoWfsCcJZVElB6qDHIQkBFSyQBhQ1ec +M+hSsAo/3TWM7z63PJNOCPnOr/KspMHCuh6iDy4yd1FN1rGZ0DNbL8QE/9pS8zIw +fBYi1/7oWIDeAvw5h8CW3p6o4XMCNl+WtWQBaRVkd7LDtRoLczrwRz3eR6vlvPvd +7gEeqi5O9RIgRkLA6q+j1EwnBdIdcV+OZtmCFMk8CcTQONAFyynLqpq2zGjB/xCH +yyORpPEHZiJJhcEmWf1eu3BJPnLL9RW8wCTlRwF2nKeYf3fRMjFQDQ5xTuuy1RxT +uG0l9cWl970+BHoAEohewKcTBYz8s9fHqxm65eI0DW2WVWE99ilm4bhbsnkHRTNa +uwwH6IxXeZyWH5Bh76aiulbT4qFdQ+4SxbuuGZzRTG0/UPrYe5n9/TuhNT6b6BKv +Nutu6P3j4oPAuVObNUL7OUKMB7eDzBC4eXpnD6WuHdEAh9EtT0+/7Nzoz7yiwhS3 +v/msCT9IANXsL3kyneKOCyQhyDu90oGxu65CwutOIPZ+lt+0vgYfSpmmZgnSg5a4 +vT3a1rMQvSEntPHSg39BL6xtd7FTrnovckrp74QxNdwRlkTXVLRRaYErBEPhK7+S +vKuEkoGfO+dPDqMVioxwEQtZJAuhJZRfZjsMorrIanK/XyBGPmXVlMubLwLNsDaq +1w== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/cert-tests/data/privkey1.pem b/tests/cert-tests/data/privkey1.pem new file mode 100644 index 0000000..ceaf313 --- /dev/null +++ b/tests/cert-tests/data/privkey1.pem @@ -0,0 +1,144 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Medium (2048 bits) + +modulus: + 00:99:a7:ca:d0:a7:03:91:6f:05:c7:55:d7:92:d1: + 30:34:59:cd:15:8b:7e:17:88:70:4b:cf:fc:34:92: + 74:b7:80:5e:68:f0:f0:de:9c:2a:18:05:6a:00:d0: + 3a:3d:f5:e3:ea:11:97:e5:5b:02:98:35:a4:f5:26: + 0b:af:33:6a:95:41:d0:df:38:34:dc:98:3c:b4:5a: + b5:f3:59:e8:f6:ac:17:f3:a4:bf:b4:c8:8a:ea:e4: + 50:6c:1b:ed:1d:c8:ff:59:ad:d9:72:08:a8:1f:f2: + 17:34:34:36:5b:af:c6:22:cd:c2:30:8d:7e:93:9e: + 3b:79:a9:b7:3c:91:0d:9d:fa:1d:ee:f1:d8:c0:2c: + b3:cd:3d:f9:79:4b:ad:5c:2f:7d:8c:51:32:42:31: + f8:8e:a6:04:e8:5f:45:f7:08:a8:8c:bf:ac:46:8f: + b3:d4:83:ed:48:35:34:01:cf:9a:c8:e0:1c:95:9b: + 99:75:24:91:e5:34:1a:75:9e:fc:9d:04:27:9c:7c: + 65:53:37:32:ff:ea:03:fc:e3:7b:7c:08:80:a9:b4: + 97:ec:85:ee:b9:81:df:93:33:e8:da:3e:4a:cf:7d: + e6:12:57:6e:c0:22:a9:88:29:e1:64:ad:50:4c:2b: + d9:7c:15:09:4d:5f:a9:06:00:db:ee:ab:a6:76:ca: + 41:2d: + +public exponent: + 01:00:01: + +private exponent: + 26:4d:96:98:56:d9:e3:da:2a:35:9b:a7:86:78:d1: + 2c:6b:aa:5d:11:8d:d8:2d:f1:d8:64:3b:79:9b:7c: + ae:f5:b8:13:2e:e4:cc:89:5f:50:e7:a0:9a:1d:4e: + 37:7d:e1:57:cb:14:f3:5e:b1:91:e1:e5:82:1a:fe: + d4:a8:db:8b:e3:81:3e:f3:d2:f1:9e:9d:9b:53:f5: + 81:79:4b:42:9a:79:ca:09:aa:a4:55:4d:93:ea:60: + 45:e2:dc:44:0d:83:e2:06:1d:6b:78:ce:f8:4f:b0: + 0b:1a:6c:e6:84:35:bf:1d:4d:a8:2e:cd:7b:dc:f8: + f4:86:23:20:5d:04:68:f9:ba:b4:a3:cb:f6:2f:67: + 79:7a:59:3f:de:8c:29:5d:51:37:e7:dd:83:83:b4: + c6:22:c0:d7:8c:79:93:11:f7:64:33:47:73:d6:1a: + 06:c5:d4:2c:a7:02:8c:d7:f7:8c:4b:07:8d:95:2e: + 40:3c:52:64:31:21:85:72:91:b5:13:4d:e5:7c:e3: + b3:b1:b2:24:aa:e1:f3:22:fb:96:bb:7a:d5:4f:03: + e5:91:cd:50:01:85:52:c7:83:cf:a8:23:e5:10:0e: + d5:1c:20:11:e6:d3:65:43:de:b8:dc:dd:07:f6:7b: + a5:c2:bf:c9:6a:c4:2b:ac:03:fb:b5:48:32:3f:ff: + dd: + +prime1: + 00:c6:f9:eb:a0:38:87:c7:3c:80:06:cd:74:8c:ce: + 4c:04:43:11:93:88:ac:d2:9f:af:e6:3a:94:10:16: + c6:62:4f:4b:1f:22:56:01:33:e9:6c:9d:3c:0b:a5: + 48:88:82:8d:c0:09:e2:cb:8c:2d:2f:74:6e:18:64: + 5c:99:93:40:1c:aa:4a:66:9e:1c:81:ea:1f:c4:dd: + 39:7d:5c:b1:68:9c:70:53:49:ed:51:24:76:30:32: + 04:3f:0b:a9:59:d4:ba:73:00:a2:40:03:ad:94:6d: + a4:4a:e9:9c:53:06:fd:9f:b8:a3:32:89:c0:37:f3: + e3:65:b0:fc:ef:64:6b:98:4f: + +prime2: + 00:c5:b0:de:28:b4:18:1a:82:f4:87:d8:84:bf:ef: + 49:15:93:21:8a:f5:7c:4e:49:3a:4c:d6:7b:d3:15: + 87:3b:08:8f:05:f8:7f:5e:57:35:2e:78:af:7d:73: + 99:f2:91:ff:a0:67:1a:fa:ac:2c:72:e6:ce:99:86: + 2b:e1:e4:58:84:17:fe:9c:36:70:14:71:4d:58:ee: + 8a:2f:dd:02:1b:60:8e:09:fd:30:59:7b:cd:d0:a0: + 66:bb:e3:2c:41:e5:5f:ee:67:9c:6f:d8:29:d8:a9: + c5:b9:a1:f3:33:d1:ef:89:48:de:3c:2d:6e:ef:18: + e9:b5:9d:53:e4:c1:ca:b3:c3: + +coefficient: + 3d:2b:f1:df:96:7e:c8:b8:7f:c5:bb:8b:fe:e9:c2: + d6:b0:1e:7e:82:f8:22:91:e9:21:32:16:48:da:06: + 11:49:b2:6d:4a:26:7c:87:e4:4d:9d:e1:43:9d:36: + e3:5e:0c:c6:e0:0c:53:09:71:92:0d:e3:9e:0a:2b: + 06:a8:86:d3:c3:42:a8:7f:23:c1:db:a9:55:a6:a1: + 51:3f:99:64:85:50:ac:e2:3a:fb:15:86:39:94:f5: + bd:5f:5b:0d:a6:cf:41:c1:f5:9a:13:e7:92:a8:71: + 92:c7:b5:60:ce:38:9e:7b:39:ef:8a:78:ab:34:2f: + 9d:8e:54:d8:b5:29:59:f4: + +exp1: + 00:9e:46:40:b2:d3:24:d6:4b:fe:be:ea:81:52:5b: + eb:45:dc:9f:c7:8e:89:82:85:39:a3:56:67:5e:a0: + ef:2f:56:49:b8:3b:54:d4:62:19:c4:a7:12:13:65: + 67:5c:07:15:80:73:9c:af:33:12:e2:53:a8:1b:c9: + 01:8b:bc:00:dc:8c:6c:e0:51:d6:f5:54:69:ee:eb: + d6:86:2c:cc:86:1d:22:90:6e:16:d3:5b:c0:93:b7: + c5:7e:ec:e4:ca:2b:18:20:d0:99:3f:78:6d:83:ca: + ef:4c:13:a5:a0:b9:c7:d7:5c:44:9c:b7:cc:69:f5: + 9b:a5:d1:72:71:6e:9c:d3:ab: + +exp2: + 45:f2:32:68:8c:70:0a:d1:52:db:cd:cc:0a:6d:0b: + 9a:ca:98:0f:a6:93:f8:cf:08:05:af:cd:d7:fd:c1: + ff:2d:24:0d:a4:c2:cc:0a:67:12:ae:38:c9:56:61: + 9d:e5:f2:60:3a:9a:dd:1e:96:0b:81:86:8f:e3:5d: + 1b:6b:c3:b5:d9:17:89:05:e9:da:11:cc:a0:2e:a6: + 4e:11:10:71:c7:53:fa:4c:cf:12:9a:2f:54:25:ac: + b3:c5:c9:1e:f7:9d:5d:a8:e3:3c:df:6a:ce:f2:22: + b7:6f:89:b1:48:12:4c:ac:af:94:f3:2e:51:02:ab: + 8e:4a:c0:28:2c:39:20:29: + + +Public Key ID: C6:19:73:40:BA:1A:D2:11:75:2C:85:3D:1C:80:E0:4C:DE:75:D9:FF +Public key's random art: ++--[ RSA 2048]----+ +| o..o+OB+ | +| = ..oo+*.. | +| + o ..o... | +| . . o = . | +| . o . S . | +| . o . E | +| . | +| | +| | ++-----------------+ + +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAmafK0KcDkW8Fx1XXktEwNFnNFYt+F4hwS8/8NJJ0t4BeaPDw +3pwqGAVqANA6PfXj6hGX5VsCmDWk9SYLrzNqlUHQ3zg03Jg8tFq181no9qwX86S/ +tMiK6uRQbBvtHcj/Wa3ZcgioH/IXNDQ2W6/GIs3CMI1+k547eam3PJENnfod7vHY +wCyzzT35eUutXC99jFEyQjH4jqYE6F9F9wiojL+sRo+z1IPtSDU0Ac+ayOAclZuZ +dSSR5TQadZ78nQQnnHxlUzcy/+oD/ON7fAiAqbSX7IXuuYHfkzPo2j5Kz33mEldu +wCKpiCnhZK1QTCvZfBUJTV+pBgDb7qumdspBLQIDAQABAoIBACZNlphW2ePaKjWb +p4Z40Sxrql0Rjdgt8dhkO3mbfK71uBMu5MyJX1DnoJodTjd94VfLFPNesZHh5YIa +/tSo24vjgT7z0vGenZtT9YF5S0KaecoJqqRVTZPqYEXi3EQNg+IGHWt4zvhPsAsa +bOaENb8dTaguzXvc+PSGIyBdBGj5urSjy/YvZ3l6WT/ejCldUTfn3YODtMYiwNeM +eZMR92QzR3PWGgbF1CynAozX94xLB42VLkA8UmQxIYVykbUTTeV847OxsiSq4fMi ++5a7etVPA+WRzVABhVLHg8+oI+UQDtUcIBHm02VD3rjc3Qf2e6XCv8lqxCusA/u1 +SDI//90CgYEAxvnroDiHxzyABs10jM5MBEMRk4is0p+v5jqUEBbGYk9LHyJWATPp +bJ08C6VIiIKNwAniy4wtL3RuGGRcmZNAHKpKZp4cgeofxN05fVyxaJxwU0ntUSR2 +MDIEPwupWdS6cwCiQAOtlG2kSumcUwb9n7ijMonAN/PjZbD872RrmE8CgYEAxbDe +KLQYGoL0h9iEv+9JFZMhivV8Tkk6TNZ70xWHOwiPBfh/Xlc1LnivfXOZ8pH/oGca ++qwscubOmYYr4eRYhBf+nDZwFHFNWO6KL90CG2COCf0wWXvN0KBmu+MsQeVf7mec +b9gp2KnFuaHzM9HviUjePC1u7xjptZ1T5MHKs8MCgYEAnkZAstMk1kv+vuqBUlvr +Rdyfx46JgoU5o1ZnXqDvL1ZJuDtU1GIZxKcSE2VnXAcVgHOcrzMS4lOoG8kBi7wA +3Ixs4FHW9VRp7uvWhizMhh0ikG4W01vAk7fFfuzkyisYINCZP3htg8rvTBOloLnH +11xEnLfMafWbpdFycW6c06sCgYBF8jJojHAK0VLbzcwKbQuaypgPppP4zwgFr83X +/cH/LSQNpMLMCmcSrjjJVmGd5fJgOprdHpYLgYaP410ba8O12ReJBenaEcygLqZO +ERBxx1P6TM8Smi9UJayzxcke951dqOM832rO8iK3b4mxSBJMrK+U8y5RAquOSsAo +LDkgKQKBgD0r8d+Wfsi4f8W7i/7pwtawHn6C+CKR6SEyFkjaBhFJsm1KJnyH5E2d +4UOdNuNeDMbgDFMJcZIN454KKwaohtPDQqh/I8HbqVWmoVE/mWSFUKziOvsVhjmU +9b1fWw2mz0HB9ZoT55KocZLHtWDOOJ57Oe+KeKs0L52OVNi1KVn0 +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/privkey2.pem b/tests/cert-tests/data/privkey2.pem new file mode 100644 index 0000000..f631662 --- /dev/null +++ b/tests/cert-tests/data/privkey2.pem @@ -0,0 +1,69 @@ +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA7aq1v7GN60st0DPtxSCNMxToNdOGH1SS0Qs/QqC685awthuS +Zxd5wHV+dYfCMFTFbZhqwtX6MfibOFIRbd8wHrNZdeGv8HZbr2hmoAu3VjhGhwBp +OHfTlvKqsZ1LnUcSs33Za9vgtp5qYAyxM1z6T0Igr5xE2ieIeZhQlliNhesoCTC+ +KJXiDDbch/2oWTOG6X5gyzlx/eKskmLChkCmL7YR0yrvx6E8B/XqThumQr/rKb59 +YO79TVqcTwoGWmF+QCUsLkd6iBEZTdoeFvj7xSxMeWHF4UfQl5FhAv2lf5nvdla8 +DCrFAH+2ud5CM0Qmd3vCXl5zikHPXtCBL5o+tQIDAQABAoIBAGLGENUDUM0aKIcg +HdBQb/5r0PoV1+cLeh0BBKCHNktoNDbrDJRl0EbpTc5AxrbZdFfRAYXJ8jp0bOYi +TXYRTOlldmekjT9toTssM4KOe/qMVttik1hRjJFudvxsN/G8iQwp4IOQFTswaVtT +yw1itfDctcLmOkNELNcEM3HYibC+to5hEX4z0mHLxhlDYx/tkXW+ZIb5uvdz3Uox +13kGpy9E3RCaqZNHs4911aGpJqvUy6G12tqM7GhMD/35BpWYNkJjYhIumSQnWT9Z +BOdVGvTtGXR9h2b+RI9+70nkLClUXZO6kkNo+x0RvrUVmzHZkXRD78DvOy/Hi6o1 +6Iug4CECgYEA+oLKngO0F+4U6JC0/of1wdfQdr5VbVYiJ9OEHmgS80X1EIv3Pdwt +C1/REwQrDlUcmMO0ioQFLHaJ5tAYZzjGF+qgljRGp5Hr3To1RBh5/9mMJybIyaqn +SY+P9jxW+jo4VTb5lPGrSVB4cGj0cXE+CiM794FC61quNUjoVptsR30CgYEA8t/f +ED0LNviLbehwM4JqOSv11Sv4f8VSozKd7D80kUsu7ERbSozg9OC2cJAO6VU/eN+N +vsnt86Q3VW23IGO9e1gzMh3TaiCr1WyHEFXxrVXS+M20oOzzmY8S2EaV62ep7bWm +DSJhpVfqEJMF1zEhpZV+RGwCgFjUyf6VKCYaqZkCgYEA9vipDz2xeIIlJN89QU8D +L9c300l0aTWouMDkGSIbxLEsmOKUnu0Jj5QoSGoslJW+erE+tezQOPSooeB4npMv +YPbU2SCyo5POCC3Rw8+pv15XuWWYQJG5GWGq2WTFjy6EySZIytmzN7VY9+HRVGID +evUfsrRCKEwfQbMeM/xItPUCgYAOiNs+i4iqR4GAmFJuorVcqobRtQnwC40Aezz8 +MGQi9c7fENAty/SCcxg38EcUK6fawfYnnsoAtKkjEafN5momgYa+zw4h4camxRHo +JlyKNQKlJRpULxn87JUCIGdEaTXAJgjD7HTPgk1dpI7K7APJdwLRcW1M5QQG+pdO +ick6sQKBgH2KmTLtIgnh8C9kSXOsxZNBYneHEWy8eUxJ3nXxFUS8UIQcqeb0HfVs +V03nz8vMiEPrv4Z0R6QswSKPdByQMsyXvhkAWF48B4DqSfuWcrfd/WlfSkQHJNXu +Vm+fogqzWlwGWs9LKy2L8epMJ40l5Q4oGeNvBkQYLjYw/QzKs2wK +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/privkey3.pem b/tests/cert-tests/data/privkey3.pem new file mode 100644 index 0000000..8b49731 --- /dev/null +++ b/tests/cert-tests/data/privkey3.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHgCAQEEIQDRXYZ6JSa6PL5yDcWzPjH1dxSPTfUrIUXDFqnuPR338KAKBggqhkjO +PQMBB6FEA0IABLLraqbL3LexfQFoHdW5CQsthbX66pTSklhvjhISpPauH1RPH48f +49mwiCt59WPSeuUr+PhPBG9ZKQ9z9iz4rJw= +-----END EC PRIVATE KEY----- diff --git a/tests/cert-tests/data/provable-dsa2048-fips.pem b/tests/cert-tests/data/provable-dsa2048-fips.pem new file mode 100644 index 0000000..88d86e0 --- /dev/null +++ b/tests/cert-tests/data/provable-dsa2048-fips.pem @@ -0,0 +1,96 @@ +Public Key Info: + Public Key Algorithm: DSA + Key Security Level: Medium (2048 bits) + +private key: + 67:eb:a2:a2:24:90:88:85:6f:f5:43:f2:fe:bd:ba:eb + cd:4d:93:56:ee:b6:a6:d8:09:1b:67:24: + +public key: + 5e:2c:7f:8b:9e:77:c2:e4:c9:48:e2:ec:82:18:d5:a3 + 2b:51:0c:09:c5:13:d6:71:e6:06:ad:e6:fb:a5:8b:62 + ff:fd:32:b5:cc:10:06:16:f5:c2:14:be:76:0d:85:55 + 4b:6a:76:54:de:02:7f:3c:1a:6f:a3:e7:12:f2:a4:97 + 24:12:ca:f0:92:6d:ba:90:cf:ea:3a:12:e4:f9:d9:83 + 22:6d:b0:3d:97:83:c8:62:94:98:53:64:d0:1a:42:0e + e6:3d:01:2f:88:88:5f:38:b5:f3:25:89:c8:77:af:72 + bb:08:b4:6d:83:d4:4a:ff:69:f8:f8:07:50:5e:1a:45 + e2:2e:d5:24:bf:a5:78:f7:aa:ea:05:9d:26:ea:58:0e + 8e:de:85:4d:4f:fe:c4:ef:de:c8:13:66:4b:75:29:ee + 9c:9c:70:6c:cc:78:d2:14:c1:32:65:1a:3c:a7:39:f3 + e0:b3:54:0e:a6:96:16:db:a2:6b:de:fe:8c:2b:2c:ab + 4d:25:95:02:56:72:6d:56:d4:7b:47:a8:cf:ba:ab:46 + 39:6d:2c:c7:a3:22:0b:64:0e:5a:45:39:96:50:7a:23 + 6e:f2:29:4e:45:bb:b1:af:62:65:7c:17:23:03:4e:6b + e1:b7:47:1d:89:97:04:47:8a:8c:f7:70:bf:51:1e:f0 + + +p: + 00:fa:04:df:21:b6:be:54:81:1b:4f:2f:af:32:d0:71 + 6b:ed:51:b7:29:93:fe:00:0f:7f:32:41:7f:1b:99:fa + 34:a5:99:f8:42:d3:37:d5:be:77:a7:2a:f8:64:ce:a6 + 39:f8:25:8b:2d:0b:0b:4d:7e:c4:4d:f8:4d:60:64:c7 + ef:cc:4f:1f:13:7a:b7:d5:22:e2:57:55:41:b6:4d:67 + 8f:7f:f5:5a:cb:9e:90:c7:2c:e0:43:1d:99:8d:38:7b + 35:6d:a7:f1:3c:12:e6:13:13:31:55:da:ed:2a:51:52 + 58:54:be:30:e7:dd:8f:4c:ec:fd:28:af:fa:08:c9:98 + 73:be:14:ce:21:3e:59:7a:76:4e:29:6f:95:92:2a:c1 + d1:a1:b8:bb:b6:71:d1:2d:df:d0:95:4d:45:26:ed:88 + ed:aa:ea:fd:2a:83:23:93:b0:87:53:28:8b:03:cf:4d + 0c:ae:e9:94:22:be:8a:89:86:e6:91:e4:cb:5a:fa:5e + 0b:b8:f6:0e:fa:33:21:21:91:91:7c:b8:f5:67:15:ac + aa:ef:20:82:ef:7f:3b:91:77:9a:af:0b:67:6c:eb:31 + 72:2a:63:77:0c:b7:ea:97:78:c7:ae:d5:2d:50:6d:d3 + c6:94:a4:c3:64:f8:14:9e:a8:97:a8:87:57:9c:6a:68 + 1f: + +q: + 00:a6:6a:4d:bd:0f:a8:f4:c9:d3:2b:01:d5:df:1d:bd + 1e:a2:9d:be:d2:6b:9a:92:32:86:02:ae:29: + +g: + 00:d4:69:08:73:de:0a:a4:de:34:43:c6:95:30:bc:cb + 1b:20:b8:9c:40:db:d3:c7:35:ff:3b:ff:27:2e:bd:87 + bb:86:c1:ed:24:da:e5:fb:8d:88:a2:12:ad:e0:09:29 + c3:be:f0:58:79:01:9b:b3:fb:43:4f:66:18:a8:93:cf + d8:3c:4e:8a:b2:26:a0:8c:ab:d7:df:17:32:8b:c6:be + 11:9f:64:99:a2:28:3b:4e:c8:02:e9:c7:17:e2:da:01 + 7d:78:09:9c:64:80:67:44:b0:14:5b:2f:20:39:e3:6d + 2d:a9:3a:c7:c3:f1:1c:3c:8c:8f:1e:5b:06:cf:c0:27 + a0:09:3e:36:2d:6a:d0:3b:52:3c:bc:42:4d:71:6c:18 + 56:8f:ce:0d:88:ba:50:84:60:39:67:37:a4:0e:35:0e + 28:77:fa:04:77:1d:42:b8:8a:b2:fe:26:36:21:fc:24 + b9:50:78:9e:db:3b:1b:20:ca:09:7e:7b:71:95:8a:ff + 99:dd:cb:3c:c7:77:85:38:bb:2b:55:22:14:74:b7:95 + 8b:a0:b9:33:99:41:c8:74:8d:36:25:d3:18:33:bd:9e + 7c:ca:73:d2:bd:af:1e:34:87:3c:b7:31:b0:ec:67:42 + 5f:a6:5a:a1:19:c9:02:c8:74:78:8b:4d:a8:d8:b3:a1 + 15: + +Validation parameters: + Hash: SHA384 + Seed: 30ec334f97dbc0ba9c8652a7b5d3f7b2dbbb48a4842e190d210e01dabd535981503755ee96a270a598e9d91b2254669169ebdf4599d9f72aca + +Public Key PIN: + pin-sha256:kWjJ51vBhVP3rLC/xzEjlOv0GY3HjyC2OalIyP51nBg= +Public Key ID: + sha256:9168c9e75bc18553f7acb0bfc7312394ebf4198dc78f20b639a948c8fe759c18 + sha1:5a7c13cca977f7aa4c4b45bde5dc4888ef96daf8 + +-----BEGIN PRIVATE KEY----- +MIICtwIBADCCAjYGByqGSM44BAEwggIpAoIBAQD6BN8htr5UgRtPL68y0HFr7VG3 +KZP+AA9/MkF/G5n6NKWZ+ELTN9W+d6cq+GTOpjn4JYstCwtNfsRN+E1gZMfvzE8f +E3q31SLiV1VBtk1nj3/1WsuekMcs4EMdmY04ezVtp/E8EuYTEzFV2u0qUVJYVL4w +592PTOz9KK/6CMmYc74UziE+WXp2TilvlZIqwdGhuLu2cdEt39CVTUUm7Yjtqur9 +KoMjk7CHUyiLA89NDK7plCK+iomG5pHky1r6Xgu49g76MyEhkZF8uPVnFayq7yCC +7387kXearwtnbOsxcipjdwy36pd4x67VLVBt08aUpMNk+BSeqJeoh1ecamgfAh0A +pmpNvQ+o9MnTKwHV3x29HqKdvtJrmpIyhgKuKQKCAQEA1GkIc94KpN40Q8aVMLzL +GyC4nEDb08c1/zv/Jy69h7uGwe0k2uX7jYiiEq3gCSnDvvBYeQGbs/tDT2YYqJPP +2DxOirImoIyr198XMovGvhGfZJmiKDtOyALpxxfi2gF9eAmcZIBnRLAUWy8gOeNt +Lak6x8PxHDyMjx5bBs/AJ6AJPjYtatA7Ujy8Qk1xbBhWj84NiLpQhGA5ZzekDjUO +KHf6BHcdQriKsv4mNiH8JLlQeJ7bOxsgygl+e3GViv+Z3cs8x3eFOLsrVSIUdLeV +i6C5M5lByHSNNiXTGDO9nnzKc9K9rx40hzy3MbDsZ0JfplqhGckCyHR4i02o2LOh +FQQeAhxn66KiJJCIhW/1Q/L+vbrrzU2TVu62ptgJG2ckoFgwVgYKKwYBBAGSCBII +ATFIMEYGCWCGSAFlAwQCAgQ5MOwzT5fbwLqchlKntdP3stu7SKSELhkNIQ4B2r1T +WYFQN1XulqJwpZjp2RsiVGaRaevfRZnZ9yrK +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/provable-dsa2048.pem b/tests/cert-tests/data/provable-dsa2048.pem new file mode 100644 index 0000000..8afbc73 --- /dev/null +++ b/tests/cert-tests/data/provable-dsa2048.pem @@ -0,0 +1,98 @@ +Public Key Info: + Public Key Algorithm: DSA + Key Security Level: Medium (2048 bits) + +private key: + 10:5e:56:a9:c7:6b:39:eb:74:09:e3:25:82:d1:52:4b + 02:e1:a4:66:8f:31:01:12:40:d8:a5:8c:bb:45:81:ec + + +public key: + 35:be:c5:6b:c1:d4:6b:84:d0:e5:1b:cb:96:24:66:de + 75:d5:1d:b7:9f:4c:99:5c:69:94:85:1c:f5:ad:35:26 + c0:b6:54:f5:6f:74:8a:40:6b:15:13:90:e6:20:30:62 + c7:6e:76:95:fa:4c:f6:0f:09:28:14:6f:46:17:6f:c1 + 57:45:6d:96:d6:db:6b:6f:e0:08:c7:4c:73:d2:95:41 + f1:16:7b:76:b7:ff:74:43:7a:b4:17:d2:69:ed:d0:17 + a2:7d:94:a4:80:76:90:a8:16:7c:78:2a:bf:0d:ab:94 + 40:5d:c9:5a:00:e0:7b:5d:c8:0d:85:2d:5b:db:8b:66 + 8d:d0:76:15:c7:86:ec:4b:8c:38:2b:4d:5a:6f:af:39 + 24:fe:ea:6b:05:e6:bb:03:89:59:c6:0a:c8:65:05:80 + d8:18:f7:ca:86:45:4a:96:e3:65:fd:5c:f2:33:18:75 + e6:14:93:71:e2:71:8b:7a:4f:84:96:18:79:97:48:f4 + a1:b7:28:4f:70:9d:46:23:34:c0:2c:91:f2:6f:26:e0 + 5a:a5:a8:9c:07:98:73:9d:52:fb:2b:fe:36:03:21:d1 + 49:54:5b:ca:74:77:75:76:e2:51:a9:f5:d8:07:33:ab + cb:17:e1:af:10:9f:d6:19:8b:60:86:a2:81:17:08:a4 + + +p: + 00:d5:14:73:3a:54:d9:a7:56:d8:b3:75:79:3c:ea:7b + 1a:eb:23:53:6e:1e:50:64:21:34:13:84:ca:2d:dd:4c + 38:c9:72:a4:99:2d:79:eb:06:59:a8:ab:9b:c2:f4:ba + be:51:8f:53:e0:d3:42:f7:5f:19:b8:c8:bb:4c:53:d3 + 02:95:ee:84:c5:e9:b4:0d:93:ff:26:01:d9:61:de:a6 + 28:1c:b8:3c:57:2b:9a:4b:a1:ff:5f:d4:b1:f4:e7:90 + 6c:43:b8:43:ad:3a:c8:7d:59:35:9c:8f:1b:fd:7a:17 + 50:6f:67:6c:46:63:f4:c8:e5:86:28:d6:1b:88:45:aa + 01:e5:5c:23:19:89:58:d4:f8:03:e5:eb:b0:4d:0f:71 + 81:53:69:40:d3:0a:79:02:5e:76:6e:52:c6:5b:b8:9e + f8:23:d1:2a:68:b0:ad:c5:47:50:d8:2a:e8:73:0f:63 + 0c:d0:67:8c:ba:5a:9a:98:5e:96:79:e5:2a:d6:f0:76 + 04:66:55:0f:ee:2d:2d:a7:04:5c:0b:b8:ef:05:a4:c0 + a8:c3:5d:cd:32:07:ca:ca:1b:2e:6f:8b:da:e6:c6:11 + 33:cf:8a:62:15:51:05:4e:3e:63:1f:71:b7:fb:1e:b3 + b9:62:3a:dd:15:2a:ba:26:d4:db:e1:f4:d7:90:00:60 + b7: + +q: + 00:bc:8b:63:e3:5f:ba:ee:3d:24:fa:2f:d9:a1:a7:68 + 32:b2:38:b2:4b:8e:72:09:12:ec:1e:f3:8b:ef:d7:9a + df: + +g: + 22:15:6d:4f:b4:54:cb:17:dc:96:ce:4b:34:8d:86:40 + 0c:f5:42:46:7d:5a:2d:68:6a:5d:ca:86:42:de:32:23 + 89:0a:cf:e4:3b:c2:7a:48:77:19:55:88:a1:bd:7b:cb + 94:3e:44:67:c8:4c:cb:d3:94:d0:ab:f2:b0:2a:e5:60 + c5:de:fd:b6:68:3d:9c:82:e9:31:11:64:dc:ca:4f:82 + e8:bc:d9:06:8f:ad:0d:cd:4a:79:b6:02:ea:9b:3e:ad + e5:50:7f:e2:d8:0d:ae:3a:c9:09:ca:d1:27:5e:fe:f6 + 33:bb:a1:fb:ba:af:a6:74:56:da:b3:b6:54:38:7d:49 + 82:b0:5d:c8:3a:3a:3f:0f:a8:a9:14:3f:90:da:a7:5c + 5f:d0:a7:d1:e6:5f:d3:66:19:f1:6b:be:a4:f2:eb:43 + 84:d3:1a:a6:b4:f2:d6:b6:75:a9:dd:21:c5:93:38:09 + 45:d6:4e:30:96:1d:34:d2:55:a7:56:db:3c:94:4a:1e + 40:e9:4d:b9:45:ce:84:af:e4:92:a8:24:64:56:93:e7 + 7c:37:2c:45:9d:9e:d8:01:da:51:df:dd:60:06:ce:ce + 78:32:62:c7:22:7b:a5:fb:6f:26:53:bf:d3:ea:6b:25 + 3c:7d:cc:90:2c:7e:a6:51:56:b0:4b:de:57:9c:02:54 + + +Validation parameters: + Hash: SHA384 + Seed: 843121bd89535ee86946d58d246d47a58d1576a8351b4223e1cff369a1266d2b24b0729d7ca56787fde2e3de19b9f2e721ac698a29617732e7756f5ae4580be179 + +Public Key PIN: + pin-sha256:fLWrcO5hPl/jfeKIZJ/+4PaSiFR98j6ayUISi6bmNIA= +Public Key ID: + sha256:7cb5ab70ee613e5fe37de288649ffee0f69288547df23e9ac942128ba6e63480 + sha1:fa90c4182b6ce9742fa7f5a2394415fd0198e72d + +-----BEGIN PRIVATE KEY----- +MIICxgIBADCCAjkGByqGSM44BAEwggIsAoIBAQDVFHM6VNmnVtizdXk86nsa6yNT +bh5QZCE0E4TKLd1MOMlypJkteesGWairm8L0ur5Rj1Pg00L3Xxm4yLtMU9MCle6E +xem0DZP/JgHZYd6mKBy4PFcrmkuh/1/UsfTnkGxDuEOtOsh9WTWcjxv9ehdQb2ds +RmP0yOWGKNYbiEWqAeVcIxmJWNT4A+XrsE0PcYFTaUDTCnkCXnZuUsZbuJ74I9Eq +aLCtxUdQ2Crocw9jDNBnjLpamphelnnlKtbwdgRmVQ/uLS2nBFwLuO8FpMCow13N +MgfKyhsub4va5sYRM8+KYhVRBU4+Yx9xt/ses7liOt0VKrom1Nvh9NeQAGC3AiEA +vItj41+67j0k+i/ZoadoMrI4skuOcgkS7B7zi+/Xmt8CggEAIhVtT7RUyxfcls5L +NI2GQAz1QkZ9Wi1oal3KhkLeMiOJCs/kO8J6SHcZVYihvXvLlD5EZ8hMy9OU0Kvy +sCrlYMXe/bZoPZyC6TERZNzKT4LovNkGj60NzUp5tgLqmz6t5VB/4tgNrjrJCcrR +J17+9jO7ofu6r6Z0VtqztlQ4fUmCsF3IOjo/D6ipFD+Q2qdcX9Cn0eZf02YZ8Wu+ +pPLrQ4TTGqa08ta2dandIcWTOAlF1k4wlh000lWnVts8lEoeQOlNuUXOhK/kkqgk +ZFaT53w3LEWdntgB2lHf3WAGzs54MmLHInul+28mU7/T6mslPH3MkCx+plFWsEve +V5wCVAQiAiAQXlapx2s563QJ4yWC0VJLAuGkZo8xARJA2KWMu0WB7KBgMF4GCisG +AQQBkggSCAExUDBOBglghkgBZQMEAgIEQYQxIb2JU17oaUbVjSRtR6WNFXaoNRtC +I+HP82mhJm0rJLBynXylZ4f94uPeGbny5yGsaYopYXcy53VvWuRYC+F5 +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/provable2048.pem b/tests/cert-tests/data/provable2048.pem new file mode 100644 index 0000000..6112e0e --- /dev/null +++ b/tests/cert-tests/data/provable2048.pem @@ -0,0 +1,139 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Medium (2048 bits) + +modulus: + 00:f1:4a:82:ce:1c:c0:3e:58:10:f9:85:ec:d6:6d:6c + d5:2f:d4:2d:29:ea:f4:96:55:4f:ad:e2:99:fc:e3:53 + ec:d3:56:f6:8b:d3:03:1a:e9:c0:22:75:0c:7a:29:21 + 99:34:34:71:cc:6b:4d:a3:60:6b:65:36:6e:85:7f:3b + e8:eb:43:ca:08:7e:f3:42:38:2d:1f:c4:5b:3e:36:5b + ac:2f:03:aa:49:85:6d:f7:15:73:e0:9a:f8:f3:af:14 + ea:9d:1a:fe:6c:ef:77:e9:cc:e7:98:ca:2d:c1:1c:27 + 58:0f:51:05:06:8f:17:86:fe:9b:86:ba:2a:bf:57:88 + 73:5b:70:f6:d2:30:2d:7b:26:a2:04:55:9f:9a:2f:fd + bf:18:fd:4c:1a:d3:35:78:25:16:1f:f9:cd:0a:7c:b0 + 1a:e5:97:c8:c2:9f:33:50:fa:52:2e:5a:97:05:b3:fe + 07:9d:09:01:4f:0d:6e:16:0b:5b:c5:7f:7a:b8:8a:ec + ad:dd:74:fe:05:db:14:85:8d:de:10:85:c2:c6:fe:ce + b7:17:a3:7c:6e:cd:a6:88:d5:67:9c:4c:fb:fc:d5:06 + 20:30:16:87:c3:d6:0b:89:94:0e:6d:7d:eb:a8:a5:a0 + 95:40:fa:3b:68:37:b2:c4:fa:41:d1:2f:ee:81:87:fc + 57: + +public exponent: + 01:00:01: + +private exponent: + 2a:01:4f:ae:34:01:1f:99:53:33:2d:26:62:d9:df:d5 + 69:23:25:cd:a3:52:7b:0d:54:f6:af:79:21:36:2d:f9 + 0f:7d:97:24:16:52:f7:0f:74:5c:4b:46:25:ca:1d:48 + 3f:77:55:cc:41:6d:dd:a0:3e:71:fb:3c:d8:4e:a3:0e + 54:4e:93:d0:50:d1:66:58:c3:3a:41:83:a4:db:ef:af + 94:eb:ad:6c:69:27:10:99:92:77:aa:62:e6:81:37:41 + f4:a1:ab:63:29:79:15:a1:8f:3b:e1:0e:80:0c:b7:a8 + b3:d9:e5:e7:13:68:04:1f:34:d2:0a:7c:c0:9c:ab:6b + 1b:15:f7:42:78:96:86:7e:be:0e:8e:9d:f3:c5:f3:61 + 5a:cf:3c:bd:ca:18:fe:d7:0d:eb:91:67:b3:1e:ac:3f + 81:1e:a7:0c:07:a8:73:3f:91:b2:ae:1f:56:a0:51:e1 + f9:da:99:26:62:81:50:5b:26:d9:b3:65:2e:f2:c8:d3 + 89:a2:0a:3c:56:be:40:ce:1a:1f:f9:1d:ad:a8:b4:56 + 3c:c9:3d:29:5c:3f:15:b1:89:5a:19:32:80:c0:72:80 + 23:34:85:96:54:36:da:cb:bc:41:7f:9f:f3:a5:ff:00 + a4:1b:b7:01:53:9c:09:a3:c1:c5:c4:6e:9f:22:fc:79 + + +prime1: + 00:fd:84:14:7c:60:b7:ca:50:79:3d:08:2f:51:98:85 + 0e:3d:2f:ee:72:aa:40:cd:93:9e:be:0e:3d:17:e2:d7 + cb:46:bf:1b:f0:80:01:57:68:72:9d:83:77:90:65:f5 + fa:c6:78:ec:66:9c:53:ed:cd:8a:c7:bd:c2:ce:f7:cc + b0:02:34:74:f1:53:76:b0:99:d0:0f:ec:d6:f7:a0:f6 + de:78:d0:c6:8f:b7:0b:8b:42:2e:5d:71:ee:ec:d1:ad + 71:c8:2b:c8:43:ad:9d:78:ef:94:b9:42:03:98:5b:b6 + f8:60:6e:05:58:b3:93:5f:56:ea:30:dc:04:f4:6e:7b + bd: + +prime2: + 00:f3:a7:c4:19:d0:3e:c2:77:97:64:ab:a5:68:b4:08 + 38:fc:ff:6f:a1:23:ef:31:55:11:46:11:18:84:c1:aa + 37:f0:90:48:f4:58:d9:e7:fa:47:cf:22:28:14:89:19 + b3:da:6e:89:40:68:7e:19:de:d4:73:37:63:5b:50:d8 + cf:49:52:71:bc:58:e2:ee:0d:d0:c9:e3:16:83:f1:43 + 81:cd:a9:f0:e4:bb:cf:40:3f:86:fa:fd:52:cd:64:fe + 26:cb:70:65:5e:6a:3c:db:78:fd:13:65:e6:b0:52:1c + 43:b4:50:46:8d:4a:c8:c7:73:a6:c1:3d:88:50:0d:af + a3: + +coefficient: + 1c:c0:b5:70:f2:dd:1e:0b:43:c7:d7:50:00:af:88:e3 + de:19:43:37:fc:f1:42:f4:4c:74:af:d5:01:fd:26:d1 + d4:c3:dc:a7:0f:f5:60:cb:c4:cb:66:43:f2:d1:45:3e + 4f:ff:9d:7a:51:43:14:1f:6c:84:41:81:2b:2d:90:a1 + 14:e4:10:2b:d7:1d:e6:b0:88:5e:d7:3d:33:9d:59:52 + 32:90:87:92:a1:da:97:8f:b9:50:c3:86:5e:0a:8b:91 + 1c:eb:42:76:25:9b:ff:ad:cf:e5:76:03:e4:f2:89:8d + 76:b3:a4:20:53:53:4a:cf:ff:0f:6e:5a:5d:b1:ee:2d + + +exp1: + 31:f8:74:e9:47:4f:32:eb:c5:da:07:e0:fb:de:6a:6b + b2:17:de:92:6f:88:b2:7c:e4:8f:65:d3:19:00:37:b4 + f3:ce:fb:bc:de:1e:65:92:4a:f5:4d:52:a5:fd:d3:0c + 89:4e:90:9a:71:3a:01:e7:bf:f1:3b:30:49:07:83:2b + 36:64:0c:a0:fc:e8:aa:4a:c7:3e:3c:5a:eb:18:a9:50 + 94:d3:e2:2f:b5:ce:ea:b6:32:d9:6c:79:c1:e8:5a:9d + d0:ed:00:5e:86:bc:41:78:48:02:74:46:ad:23:76:df + 62:72:8d:4f:3c:a6:51:e6:99:e6:e3:97:7e:6e:c0:a9 + + +exp2: + 68:2b:7a:b0:9a:92:aa:6b:9c:c3:42:8b:46:57:6a:08 + 8b:49:dd:fc:e3:b3:18:c1:48:d0:4e:f0:cf:99:48:df + ff:ae:80:32:4f:66:62:42:63:bf:0f:d8:58:e7:40:a0 + df:2b:50:ec:c3:7f:de:29:a1:64:dc:f2:52:91:1f:10 + 88:45:82:30:c7:43:c6:09:0c:11:b4:4f:e4:fb:1a:24 + 7d:bc:41:2c:59:8b:42:e9:a6:18:da:83:33:23:11:71 + 9e:9a:a0:0c:1c:99:86:2f:94:eb:5d:2e:a2:85:88:65 + fd:ca:30:4f:aa:00:6b:1d:6b:d6:c4:2a:ea:26:df:c7 + + +Validation parameters: + Hash: SHA384 + Seed: ab499ea55a5f4cb743434e49ca1ee3a491544309c6f59ab2cd5507de + +Public Key PIN: + pin-sha256:QD8w4AeBI6O70FX12nxzxcwPapbWFbsUEOI8NgrvR5U= +Public Key ID: + sha256:403f30e0078123a3bbd055f5da7c73c5cc0f6a96d615bb1410e23c360aef4795 + sha1:f7a841f2261e6c90c5fcfe64cc46688cb9b52b4c + +-----BEGIN PRIVATE KEY----- +MIIE+QIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDxSoLOHMA+WBD5 +hezWbWzVL9QtKer0llVPreKZ/ONT7NNW9ovTAxrpwCJ1DHopIZk0NHHMa02jYGtl +Nm6Ffzvo60PKCH7zQjgtH8RbPjZbrC8DqkmFbfcVc+Ca+POvFOqdGv5s73fpzOeY +yi3BHCdYD1EFBo8Xhv6bhroqv1eIc1tw9tIwLXsmogRVn5ov/b8Y/Uwa0zV4JRYf ++c0KfLAa5ZfIwp8zUPpSLlqXBbP+B50JAU8NbhYLW8V/eriK7K3ddP4F2xSFjd4Q +hcLG/s63F6N8bs2miNVnnEz7/NUGIDAWh8PWC4mUDm1966iloJVA+jtoN7LE+kHR +L+6Bh/xXAgMBAAECggEAKgFPrjQBH5lTMy0mYtnf1WkjJc2jUnsNVPaveSE2LfkP +fZckFlL3D3RcS0Ylyh1IP3dVzEFt3aA+cfs82E6jDlROk9BQ0WZYwzpBg6Tb76+U +661saScQmZJ3qmLmgTdB9KGrYyl5FaGPO+EOgAy3qLPZ5ecTaAQfNNIKfMCcq2sb +FfdCeJaGfr4Ojp3zxfNhWs88vcoY/tcN65Fnsx6sP4EepwwHqHM/kbKuH1agUeH5 +2pkmYoFQWybZs2Uu8sjTiaIKPFa+QM4aH/kdrai0VjzJPSlcPxWxiVoZMoDAcoAj +NIWWVDbay7xBf5/zpf8ApBu3AVOcCaPBxcRunyL8eQKBgQD9hBR8YLfKUHk9CC9R +mIUOPS/ucqpAzZOevg49F+LXy0a/G/CAAVdocp2Dd5Bl9frGeOxmnFPtzYrHvcLO +98ywAjR08VN2sJnQD+zW96D23njQxo+3C4tCLl1x7uzRrXHIK8hDrZ1475S5QgOY +W7b4YG4FWLOTX1bqMNwE9G57vQKBgQDzp8QZ0D7Cd5dkq6VotAg4/P9voSPvMVUR +RhEYhMGqN/CQSPRY2ef6R88iKBSJGbPabolAaH4Z3tRzN2NbUNjPSVJxvFji7g3Q +yeMWg/FDgc2p8OS7z0A/hvr9Us1k/ibLcGVeajzbeP0TZeawUhxDtFBGjUrIx3Om +wT2IUA2vowKBgDH4dOlHTzLrxdoH4PveamuyF96Sb4iyfOSPZdMZADe08877vN4e +ZZJK9U1Spf3TDIlOkJpxOgHnv/E7MEkHgys2ZAyg/OiqSsc+PFrrGKlQlNPiL7XO +6rYy2Wx5wehandDtAF6GvEF4SAJ0Rq0jdt9ico1PPKZR5pnm45d+bsCpAoGAaCt6 +sJqSqmucw0KLRldqCItJ3fzjsxjBSNBO8M+ZSN//roAyT2ZiQmO/D9hY50Cg3ytQ +7MN/3imhZNzyUpEfEIhFgjDHQ8YJDBG0T+T7GiR9vEEsWYtC6aYY2oMzIxFxnpqg +DByZhi+U610uooWIZf3KME+qAGsda9bEKuom38cCgYAcwLVw8t0eC0PH11AAr4jj +3hlDN/zxQvRMdK/VAf0m0dTD3KcP9WDLxMtmQ/LRRT5P/516UUMUH2yEQYErLZCh +FOQQK9cd5rCIXtc9M51ZUjKQh5Kh2pePuVDDhl4Ki5Ec60J2JZv/rc/ldgPk8omN +drOkIFNTSs//D25aXbHuLaA7MDkGCisGAQQBkggSCAExKzApBglghkgBZQMEAgIE +HKtJnqVaX0y3Q0NOScoe46SRVEMJxvWass1VB94= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/provable3072.pem b/tests/cert-tests/data/provable3072.pem new file mode 100644 index 0000000..ba5f842 --- /dev/null +++ b/tests/cert-tests/data/provable3072.pem @@ -0,0 +1,187 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: High (3072 bits) + +modulus: + 00:a2:d8:85:be:b8:5f:3e:53:ac:5c:56:ac:35:d3:cf + 0e:a0:75:84:e0:89:9d:af:41:34:d0:26:97:6d:df:14 + 1f:0d:90:8a:ec:3d:02:a3:3a:de:fe:ac:ff:af:c4:d3 + 01:fb:e9:2f:22:f6:e6:89:5e:2a:45:02:af:52:fb:f9 + 05:66:56:f5:d6:3d:aa:e5:de:b5:11:85:b9:f8:65:7d + e4:91:b0:4b:69:66:88:df:24:11:b0:6c:44:b4:73:8d + fe:91:b5:e6:98:44:36:1c:0a:f4:52:c9:0f:cc:39:9b + eb:57:26:43:7f:e7:7e:e5:6e:4c:86:68:9d:66:43:0c + 4d:d4:9c:dd:79:80:fa:ce:09:43:fa:ac:da:1c:c9:18 + 87:1f:68:2a:0a:d3:be:5a:9f:31:32:30:54:69:16:07 + 11:c5:0c:5a:2b:d5:33:66:b8:b1:23:06:79:56:34:18 + 54:02:6a:85:57:66:1c:bf:cd:ee:d3:dc:bf:5e:d8:fb + 87:b6:4b:00:04:90:c2:8f:1e:f3:fb:0f:5b:af:0e:17 + de:ad:3a:30:50:c1:c4:87:11:45:20:f3:de:27:b8:dd + 90:ee:e0:8f:1e:c6:ba:58:b5:61:37:dc:83:26:d0:0a + 1b:64:fe:1f:f9:df:e7:c4:ef:08:3e:df:03:22:94:77 + be:3a:d1:49:ef:e5:3a:b7:a9:87:33:4e:63:b1:51:bc + 8a:5f:75:63:51:8c:6b:98:06:b8:19:1e:9e:58:5f:d9 + 81:5b:39:4d:27:3f:c1:5d:43:ed:ac:29:c1:5e:34:98 + 55:aa:8c:cf:d0:e0:60:97:26:af:a8:91:c8:d9:f1:54 + bb:05:b3:22:31:57:22:53:e8:d2:15:9f:17:f9:f6:2b + 7b:ea:74:a9:5f:c6:08:79:7e:fc:d5:bf:d2:8c:dd:da + 90:2c:c8:ec:3d:c1:cd:56:52:28:3d:2d:26:6c:8c:44 + 57:7c:b8:13:b3:d3:7b:90:ee:05:8b:a3:db:ea:5b:8f + 8b: + +public exponent: + 01:00:01: + +private exponent: + 0f:98:86:02:94:7c:c6:a6:d3:d0:8a:1a:77:13:40:76 + c9:a6:47:a2:0b:7b:f7:0f:5b:23:fe:36:2d:77:1a:61 + b8:f6:59:5f:b3:9e:1f:8c:e1:53:69:b5:19:1b:d4:0b + 92:19:2c:83:00:3b:66:f7:86:3b:d2:bc:80:c9:91:f9 + 52:ea:4c:24:07:06:e9:79:f1:44:6a:d6:bb:33:d9:21 + 3d:54:b1:7c:38:2e:2e:94:b1:3f:00:b7:79:c2:c1:5c + 1a:8f:5d:b4:c2:7f:9e:22:ec:70:4b:42:40:90:59:de + e9:9b:48:06:a5:60:91:4f:85:73:af:ec:37:21:7f:b9 + aa:7d:95:76:70:04:55:1c:2d:0f:02:63:e7:32:d9:2f + 03:b2:81:a8:44:cc:2b:b8:a8:49:02:b8:ea:d1:89:be + c9:6c:db:eb:eb:c0:be:fb:3c:37:bb:04:7e:dd:81:60 + f6:54:46:4d:ef:01:1c:db:77:9e:81:bb:30:35:be:ad + 02:eb:16:a2:03:8d:35:aa:29:99:87:52:54:40:45:98 + 47:1d:0f:17:38:3e:1b:c0:1c:be:0d:9a:64:e9:f5:f5 + 5a:29:17:a4:78:f3:95:15:74:8a:ee:ba:54:3a:96:58 + df:cb:80:49:50:68:de:b4:89:c0:b6:5d:4b:46:a9:e1 + 9c:63:8b:e6:23:54:ea:6a:5b:ec:fa:a1:6f:d2:99:fe + ef:2c:ae:d8:24:48:4f:51:a7:5d:7b:69:bf:7e:7d:50 + 3a:a1:49:a2:42:f3:76:37:56:f1:95:f7:7d:9c:eb:87 + 40:c8:30:80:c8:6f:ef:2b:0b:b4:e1:c0:01:f5:15:62 + 16:22:11:65:13:6d:11:69:20:8d:34:18:b5:ea:4e:02 + 77:38:8f:67:53:1c:71:51:4b:40:cf:0c:57:44:1a:01 + 26:ef:c6:0a:1c:b8:5d:d0:64:8a:ef:fd:17:58:dc:fc + 9f:6e:c1:10:64:00:b8:68:2b:2d:68:65:88:fd:5e:7d + + +prime1: + 00:bc:48:70:5f:8f:f1:16:7b:21:1f:da:8f:49:c8:10 + 46:01:fc:fb:bc:52:ff:8e:73:23:02:78:01:6d:25:7c + ec:20:2f:e0:78:e0:a1:84:3c:1a:44:f7:ef:9d:1a:95 + 90:4a:04:70:ca:28:b5:87:67:19:d3:ed:83:00:ba:7b + 0b:0c:bb:8a:08:d5:63:66:0b:30:a8:fa:c4:76:ba:91 + 60:9c:fa:3e:c1:ab:50:00:06:65:f6:e9:b0:de:a6:81 + b5:3d:57:d3:13:ff:7b:e6:5e:6b:da:3d:de:09:3d:3f + 7d:ac:2a:31:9e:5e:57:c5:25:e4:c2:76:a8:b9:90:25 + 38:d8:de:ad:e8:d9:82:97:c5:fd:cf:15:7a:9d:70:23 + ac:ae:fa:0b:14:ad:31:4c:b1:7a:1a:dc:53:99:8c:e5 + 8a:ba:6d:d2:8b:18:46:86:83:c3:a4:ae:fe:ed:6c:b2 + bd:f1:a4:6e:d7:8f:9f:ef:d3:a6:44:13:8a:04:45:49 + 05: + +prime2: + 00:dd:6a:09:2a:59:56:63:30:ef:a4:e6:c7:50:8c:b3 + 15:63:22:5b:f2:c7:ab:fd:47:61:26:13:97:9d:4b:e7 + 44:e4:4a:07:7a:c8:76:84:34:09:33:a6:d5:9d:5f:20 + 57:0e:27:23:60:39:4c:aa:6a:71:a9:09:71:38:05:60 + cc:f2:48:e2:85:f5:78:56:08:5e:d8:dc:1e:8c:2e:f7 + 0e:62:76:a7:cd:32:8f:c0:4c:e4:1a:df:c6:77:68:eb + 31:5f:77:37:3e:5c:09:c9:40:f1:f7:92:51:06:84:13 + b9:15:b7:bf:d3:cd:85:bf:2e:41:3e:d7:09:37:51:92 + 15:7a:18:3d:be:b8:25:c4:92:2d:ee:b2:52:dd:05:c7 + 55:a2:fe:d8:4c:18:80:da:23:5d:52:f8:a8:85:21:e0 + b8:28:59:cb:d1:d5:55:31:60:f2:5b:a8:58:ea:b3:78 + 2b:6b:e6:69:48:f5:b9:cc:d4:ce:71:0a:8a:69:f4:9b + 4f: + +coefficient: + 00:94:1f:9e:43:1a:1e:a0:09:72:94:94:2d:71:21:fd + a7:19:b4:df:99:47:87:81:34:9f:37:a0:2f:f6:8d:7e + ae:cb:36:d8:44:a2:90:21:cf:01:11:f2:52:16:3e:8a + a1:9d:3d:e7:14:f9:e8:98:e7:91:cd:72:a2:69:7c:27 + 69:44:bc:da:52:f8:d1:fb:80:ff:7c:3b:9b:e8:9b:0f + b9:0e:43:10:5f:c8:78:fb:d9:45:20:d3:ee:7a:5c:cd + 2e:d9:47:e4:30:a2:58:8d:ff:45:b3:0b:7f:5f:dd:d8 + 5f:e3:f0:43:7b:e9:91:35:17:9f:62:62:c7:08:63:07 + 17:ff:cc:99:0c:d5:84:be:6d:67:03:fb:e1:12:5f:01 + ab:89:7b:d6:7d:04:5e:a0:29:b0:a1:14:5d:d5:6b:82 + 8e:f2:9e:fd:d1:4c:9e:7f:22:a7:93:a9:d9:15:60:9e + 3d:66:8f:6f:87:98:1b:e2:a2:64:5e:1c:74:1f:f5:df + 20: + +exp1: + 00:a5:1b:68:df:84:1c:48:38:85:5d:a7:8d:4b:88:13 + 2d:31:05:25:c3:89:8c:ec:df:ee:6d:75:ca:da:69:ab + 58:6d:09:4e:f0:f1:1a:f2:18:ba:78:8c:6b:24:fb:70 + f8:6c:cf:e4:10:83:0e:5c:c4:7e:93:a7:8d:df:8f:a7 + e2:92:b1:ca:63:e0:ac:1f:89:e4:8b:ea:0b:6a:8a:44 + 7d:d2:6a:67:a9:f1:8e:5f:d7:3c:86:ff:7a:c8:64:7f + 0d:ed:d3:1c:18:47:4b:e1:42:1f:95:eb:f6:cf:67:54 + 4b:e2:33:c5:fb:38:84:03:30:2d:a0:91:e9:77:7f:fe + 04:11:b9:84:0b:d2:e1:80:32:71:55:ad:62:2e:b9:6d + af:3a:69:ae:59:dd:5e:84:00:86:31:13:d0:83:b0:58 + 82:04:e5:d5:61:80:52:28:17:57:f3:0c:3a:24:fd:d2 + e8:5a:04:75:e6:b5:dd:ec:b3:4e:f4:17:a6:4a:04:6f + f9: + +exp2: + 0a:3a:02:90:5d:2d:fb:48:e0:58:ba:7c:0c:41:63:68 + 22:7b:0c:ca:2a:e4:cb:bf:07:42:ad:f6:fb:c1:ec:bd + a6:d9:b0:7c:c0:53:91:09:a2:3f:2b:7e:84:55:47:76 + 1d:e6:3a:e1:0f:e4:75:9e:92:ff:5e:bb:46:fe:20:99 + 76:bb:5d:13:18:e2:64:fe:df:fa:9e:38:1e:fb:70:57 + ce:be:72:43:ad:09:2c:b5:a0:77:89:4c:6e:69:7f:2b + 79:a0:55:01:e1:58:66:5e:44:8e:cd:c8:46:47:c5:6d + 70:0e:5b:a2:d9:c4:4a:af:45:3e:34:ca:6d:2e:ac:53 + a7:9f:05:03:11:18:55:7a:f6:fa:26:6c:63:5f:07:f4 + f1:a1:59:b6:32:0f:89:83:c6:a4:b5:6d:7b:30:b4:63 + 6d:21:b0:a3:51:7a:2c:dc:b0:75:01:52:92:0c:96:09 + 53:63:82:0b:67:a6:1c:4a:db:fa:26:a5:7b:fd:5b:4b + + +Validation parameters: + Hash: SHA384 + Seed: f3090f1bb1c9e0d068ecdadda747231f2e8162dedea3fbe67f2bc48ac9c04c5b + +Public Key PIN: + pin-sha256:Dh8nXdqKAU6V7dQ1pLFsyNUpzvAMEU5miA+YUIKMEAU= +Public Key ID: + sha256:0e1f275dda8a014e95edd435a4b16cc8d529cef00c114e66880f9850828c1005 + sha1:0555cbc10dae7aece1addedbac0e62c1bb0c343d + +-----BEGIN PRIVATE KEY----- +MIIHPwIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCi2IW+uF8+U6xc +Vqw1088OoHWE4Imdr0E00CaXbd8UHw2Qiuw9AqM63v6s/6/E0wH76S8i9uaJXipF +Aq9S+/kFZlb11j2q5d61EYW5+GV95JGwS2lmiN8kEbBsRLRzjf6RteaYRDYcCvRS +yQ/MOZvrVyZDf+d+5W5MhmidZkMMTdSc3XmA+s4JQ/qs2hzJGIcfaCoK075anzEy +MFRpFgcRxQxaK9UzZrixIwZ5VjQYVAJqhVdmHL/N7tPcv17Y+4e2SwAEkMKPHvP7 +D1uvDhferTowUMHEhxFFIPPeJ7jdkO7gjx7Guli1YTfcgybQChtk/h/53+fE7wg+ +3wMilHe+OtFJ7+U6t6mHM05jsVG8il91Y1GMa5gGuBkenlhf2YFbOU0nP8FdQ+2s +KcFeNJhVqozP0OBglyavqJHI2fFUuwWzIjFXIlPo0hWfF/n2K3vqdKlfxgh5fvzV +v9KM3dqQLMjsPcHNVlIoPS0mbIxEV3y4E7PTe5DuBYuj2+pbj4sCAwEAAQKCAYAP +mIYClHzGptPQihp3E0B2yaZHogt79w9bI/42LXcaYbj2WV+znh+M4VNptRkb1AuS +GSyDADtm94Y70ryAyZH5UupMJAcG6XnxRGrWuzPZIT1UsXw4Li6UsT8At3nCwVwa +j120wn+eIuxwS0JAkFne6ZtIBqVgkU+Fc6/sNyF/uap9lXZwBFUcLQ8CY+cy2S8D +soGoRMwruKhJArjq0Ym+yWzb6+vAvvs8N7sEft2BYPZURk3vARzbd56BuzA1vq0C +6xaiA401qimZh1JUQEWYRx0PFzg+G8Acvg2aZOn19VopF6R485UVdIruulQ6lljf +y4BJUGjetInAtl1LRqnhnGOL5iNU6mpb7Pqhb9KZ/u8srtgkSE9Rp117ab9+fVA6 +oUmiQvN2N1bxlfd9nOuHQMgwgMhv7ysLtOHAAfUVYhYiEWUTbRFpII00GLXqTgJ3 +OI9nUxxxUUtAzwxXRBoBJu/GChy4XdBkiu/9F1jc/J9uwRBkALhoKy1oZYj9Xn0C +gcEAvEhwX4/xFnshH9qPScgQRgH8+7xS/45zIwJ4AW0lfOwgL+B44KGEPBpE9++d +GpWQSgRwyii1h2cZ0+2DALp7Cwy7igjVY2YLMKj6xHa6kWCc+j7Bq1AABmX26bDe +poG1PVfTE/975l5r2j3eCT0/fawqMZ5eV8Ul5MJ2qLmQJTjY3q3o2YKXxf3PFXqd +cCOsrvoLFK0xTLF6GtxTmYzlirpt0osYRoaDw6Su/u1ssr3xpG7Xj5/v06ZEE4oE +RUkFAoHBAN1qCSpZVmMw76Tmx1CMsxVjIlvyx6v9R2EmE5edS+dE5EoHesh2hDQJ +M6bVnV8gVw4nI2A5TKpqcakJcTgFYMzySOKF9XhWCF7Y3B6MLvcOYnanzTKPwEzk +Gt/Gd2jrMV93Nz5cCclA8feSUQaEE7kVt7/TzYW/LkE+1wk3UZIVehg9vrglxJIt +7rJS3QXHVaL+2EwYgNojXVL4qIUh4LgoWcvR1VUxYPJbqFjqs3gra+ZpSPW5zNTO +cQqKafSbTwKBwQClG2jfhBxIOIVdp41LiBMtMQUlw4mM7N/ubXXK2mmrWG0JTvDx +GvIYuniMayT7cPhsz+QQgw5cxH6Tp43fj6fikrHKY+CsH4nki+oLaopEfdJqZ6nx +jl/XPIb/eshkfw3t0xwYR0vhQh+V6/bPZ1RL4jPF+ziEAzAtoJHpd3/+BBG5hAvS +4YAycVWtYi65ba86aa5Z3V6EAIYxE9CDsFiCBOXVYYBSKBdX8ww6JP3S6FoEdea1 +3eyzTvQXpkoEb/kCgcAKOgKQXS37SOBYunwMQWNoInsMyirky78HQq32+8HsvabZ +sHzAU5EJoj8rfoRVR3Yd5jrhD+R1npL/XrtG/iCZdrtdExjiZP7f+p44HvtwV86+ +ckOtCSy1oHeJTG5pfyt5oFUB4VhmXkSOzchGR8VtcA5botnESq9FPjTKbS6sU6ef +BQMRGFV69vombGNfB/TxoVm2Mg+Jg8aktW17MLRjbSGwo1F6LNywdQFSkgyWCVNj +ggtnphxK2/ompXv9W0sCgcEAlB+eQxoeoAlylJQtcSH9pxm035lHh4E0nzegL/aN +fq7LNthEopAhzwER8lIWPoqhnT3nFPnomOeRzXKiaXwnaUS82lL40fuA/3w7m+ib +D7kOQxBfyHj72UUg0+56XM0u2UfkMKJYjf9Fswt/X93YX+PwQ3vpkTUXn2Jixwhj +Bxf/zJkM1YS+bWcD++ESXwGriXvWfQReoCmwoRRd1WuCjvKe/dFMnn8ip5Op2RVg +nj1mj2+HmBviomReHHQf9d8goD8wPQYKKwYBBAGSCBIIATEvMC0GCWCGSAFlAwQC +AgQg8wkPG7HJ4NBo7Nrdp0cjHy6BYt7eo/vmfyvEisnATFs= +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/pubkey-ecc256.pem b/tests/cert-tests/data/pubkey-ecc256.pem new file mode 100644 index 0000000..6e0020d --- /dev/null +++ b/tests/cert-tests/data/pubkey-ecc256.pem @@ -0,0 +1,23 @@ +Public Key Information: + Public Key Algorithm: EC/ECDSA + Algorithm Security Level: High (256 bits) + Curve: SECP256R1 + X: + 3c:15:6f:1d:48:3e:64:59:13:2c:6d:04:1a:38:0d:30 + 5c:e4:3f:55:cb:d9:17:15:46:72:71:92:c1:f8:c6:33 + Y: + 3d:04:2e:c8:c1:0f:c0:50:04:7b:9f:c9:48:b5:40:fa + 6f:93:82:59:61:5e:72:57:cb:83:06:bd:cc:82:94:c1 + +Public Key ID: + sha1:acfa4767c61b41791257f7ac05c150e28ed00e5b + sha256:5978dd1d2d23e992075dc359d5dd14f7ef79748af97f2b7809c9ebfd6016c433 +Public Key PIN: + pin-sha256:WXjdHS0j6ZIHXcNZ1d0U9+95dIr5fyt4Ccnr/WAWxDM= + + +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL +2RcVRnJxksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwQ== +-----END PUBLIC KEY----- + diff --git a/tests/cert-tests/data/pubkey-eddsa.pem b/tests/cert-tests/data/pubkey-eddsa.pem new file mode 100644 index 0000000..dbcca22 --- /dev/null +++ b/tests/cert-tests/data/pubkey-eddsa.pem @@ -0,0 +1,18 @@ +Public Key Information: + Public Key Algorithm: EdDSA (Ed25519) + Algorithm Security Level: High (256 bits) + Curve: Ed25519 + X: + 19:bf:44:09:69:84:cd:fe:85:41:ba:c1:67:dc:3b:96 + c8:50:86:aa:30:b6:b6:cb:0c:5c:38:ad:70:31:66:e1 + +Public Key ID: + sha1:3a04967761a552db7e9e18c6dba4bd4aae119908 + sha256:a1e9156054e04fac899ae9f275132cdc07a5dbc4ea2c2ad3a1ffc6e0d253681f +Public Key PIN: + pin-sha256:oekVYFTgT6yJmunydRMs3Ael28TqLCrTof/G4NJTaB8= + + +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE= +-----END PUBLIC KEY----- diff --git a/tests/cert-tests/data/rfc4134-4.5.p7b b/tests/cert-tests/data/rfc4134-4.5.p7b new file mode 100644 index 0000000..6608d9b Binary files /dev/null and b/tests/cert-tests/data/rfc4134-4.5.p7b differ diff --git a/tests/cert-tests/data/rfc4134-ca-rsa.pem b/tests/cert-tests/data/rfc4134-ca-rsa.pem new file mode 100644 index 0000000..20580fa --- /dev/null +++ b/tests/cert-tests/data/rfc4134-ca-rsa.pem @@ -0,0 +1,74 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 46346bc7800056bc11d36e2e9ff25020 + Issuer: CN=CarlRSA + Validity: + Not Before: Wed Aug 18 07:00:00 UTC 1999 + Not After: Sat Dec 31 23:59:59 UTC 2039 + Subject: CN=CarlRSA + Subject Public Key Algorithm: RSA + Algorithm Security Level: Low (1024 bits) + Modulus (bits 1024): + 00:e4:4b:ff:18:b8:24:57:f4:77:ff:6e:73:7b:93:71 + 5c:bc:33:1a:92:92:72:23:d8:41:46:d0:cd:11:3a:04 + b3:8e:af:82:9d:bd:51:1e:17:7a:f2:76:2c:2b:86:39 + a7:bd:d7:8d:1a:53:ec:e4:00:d5:e8:ec:a2:36:b1:ed + e2:50:e2:32:09:8a:3f:9f:99:25:8f:b8:4e:ab:b9:7d + d5:96:65:da:16:a0:c5:be:0e:ae:44:5b:ef:5e:f4:a7 + 29:cb:82:dd:ac:44:e9:aa:93:94:29:0e:f8:18:d6:c8 + 57:5e:f2:76:c4:f2:11:60:38:b9:1b:3c:1d:97:c9:6a + f1 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): TRUE + Key Usage (critical): + Digital signature. + Certificate signing. + CRL signing. + Subject Key Identifier (not critical): + e9e09027ac78207a9ad34cf242374e22ae9e38bb + Signature Algorithm: RSA-SHA1 + Signature: + b7:9e:d4:04:d3:ed:29:e4:ff:89:89:15:2e:4c:db:0c + f0:48:0f:32:61:ee:c4:04:ec:12:5d:2d:ff:0f:64:59 + 7e:0a:c3:ed:18:fd:e3:56:40:37:a7:07:b5:f0:38:12 + 61:50:ed:ef:dd:3f:e3:0b:b8:61:a5:a4:9b:3c:e6:9e + 9c:54:9a:b6:95:d6:da:6c:3b:b5:2d:45:35:9d:49:01 + 76:fa:b9:b9:31:f9:f9:6b:12:53:a0:f5:14:60:9b:7d + ca:3e:f2:53:6b:b0:37:6f:ad:e6:74:d7:db:fa:5a:ea + 14:41:63:5d:cd:be:c8:0e:c1:da:6a:8d:53:34:18:02 +Other Information: + SHA1 fingerprint: + 4110908f77c64c0edfc2de6273bfa9a98a9c5ce5 + SHA256 fingerprint: + 734c2253ad2d6bfaec981099a152b1ab42216b44cf48dadd306e6221ad824205 + Public Key ID: + e9e09027ac78207a9ad34cf242374e22ae9e38bb + Public key's random art: + +--[ RSA 1024]----+ + | | + | | + | | + | . . . | + |o = o S | + |==.= = o | + |**O . . . | + |=*=. | + |EO | + +-----------------+ + +-----BEGIN CERTIFICATE----- +MIIB6zCCAVSgAwIBAgIQRjRrx4AAVrwR024un/JQIDANBgkqhkiG9w0BAQUFADAS +MRAwDgYDVQQDEwdDYXJsUlNBMB4XDTk5MDgxODA3MDAwMFoXDTM5MTIzMTIzNTk1 +OVowEjEQMA4GA1UEAxMHQ2FybFJTQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEA5Ev/GLgkV/R3/25ze5NxXLwzGpKSciPYQUbQzRE6BLOOr4KdvVEeF3rydiwr +hjmnvdeNGlPs5ADV6OyiNrHt4lDiMgmKP5+ZJY+4Tqu5fdWWZdoWoMW+Dq5EW+9e +9Kcpy4LdrETpqpOUKQ74GNbIV17ydsTyEWA4uRs8HZfJavECAwEAAaNCMEAwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFOngkCeseCB6 +mtNM8kI3TiKunji7MA0GCSqGSIb3DQEBBQUAA4GBALee1ATT7Snk/4mJFS5M2wzw +SA8yYe7EBOwSXS3/D2RZfgrD7Rj941ZAN6cHtfA4EmFQ7e/dP+MLuGGlpJs85p6c +VJq2ldbabDu1LUU1nUkBdvq5uTH5+WsSU6D1FGCbfco+8lNrsDdvreZ019v6WuoU +QWNdzb7IDsHaao1TNBgC +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/rfc4490.p7b b/tests/cert-tests/data/rfc4490.p7b new file mode 100644 index 0000000..c697980 Binary files /dev/null and b/tests/cert-tests/data/rfc4490.p7b differ diff --git a/tests/cert-tests/data/rfc4490.p7b.out b/tests/cert-tests/data/rfc4490.p7b.out new file mode 100644 index 0000000..8237d70 --- /dev/null +++ b/tests/cert-tests/data/rfc4490.p7b.out @@ -0,0 +1,14 @@ +Signers: + Signer's issuer DN: EMAIL=GostR3410-2001@example.com,C=RU,O=CryptoPro,CN=GostR3410-2001 example + Signer's serial: 2bf5c61ec211bd17c7dcd46266b42e21 + Signature Algorithm: GOSTR341001 + +-----BEGIN PKCS7----- +MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG +9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv +c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE +BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t +AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ +P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl +xlHbjbL0jHF+7XKp +-----END PKCS7----- diff --git a/tests/cert-tests/data/selfsigs/alice-mallory-badsig18.pub b/tests/cert-tests/data/selfsigs/alice-mallory-badsig18.pub new file mode 100644 index 0000000..dd4dab1 Binary files /dev/null and b/tests/cert-tests/data/selfsigs/alice-mallory-badsig18.pub differ diff --git a/tests/cert-tests/data/selfsigs/alice-mallory-irrelevantsig.pub b/tests/cert-tests/data/selfsigs/alice-mallory-irrelevantsig.pub new file mode 100644 index 0000000..03caa9d Binary files /dev/null and b/tests/cert-tests/data/selfsigs/alice-mallory-irrelevantsig.pub differ diff --git a/tests/cert-tests/data/selfsigs/alice-mallory-nosig18.pub b/tests/cert-tests/data/selfsigs/alice-mallory-nosig18.pub new file mode 100644 index 0000000..59f077a Binary files /dev/null and b/tests/cert-tests/data/selfsigs/alice-mallory-nosig18.pub differ diff --git a/tests/cert-tests/data/selfsigs/alice.pub b/tests/cert-tests/data/selfsigs/alice.pub new file mode 100644 index 0000000..399a0ba Binary files /dev/null and b/tests/cert-tests/data/selfsigs/alice.pub differ diff --git a/tests/cert-tests/data/sha256.p12 b/tests/cert-tests/data/sha256.p12 new file mode 100644 index 0000000..f6779a1 Binary files /dev/null and b/tests/cert-tests/data/sha256.p12 differ diff --git a/tests/cert-tests/data/simple-policy.pem b/tests/cert-tests/data/simple-policy.pem new file mode 100644 index 0000000..1ee4901 --- /dev/null +++ b/tests/cert-tests/data/simple-policy.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICtDCCAh2gAwIBAgIBCjANBgkqhkiG9w0BAQsFADB7MQswCQYDVQQGEwJHUjEP +MA0GA1UECBMGQXR0aWtpMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs +ZWVwaW5nIGRlcHQuMRUwEwYDVQQDEwxDaW5keSBMYXVwZXIxFzAVBgoJkiaJk/Is +ZAEBEwdjbGF1cGVyMB4XDTA3MDQyMjAwMDAwMFoXDTE0MDUyNTAwMDAwMFowezEL +MAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMu +MRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVy +MRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEApcbOdUOEv2SeAicT8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOY +HhxKOPczLXqfctRrbSawMTdwEPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMY +nBp6HWmvRwJgeh+56M/byDQwUZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaNIMEYw +DAYDVR0TAQH/BAIwADAXBgNVHSAEEDAOMAwGCmCGSAFlAwIBMAEwHQYDVR0OBBYE +FF1ArfDOlECVi36ZlB2SVCLKcjZfMA0GCSqGSIb3DQEBCwUAA4GBABt3XKgvd4I9 +b5ADxrKOatW4ERK7w7N4RpDprhFvT672+NnvFgE6UlfeusS71sxKYJVSXI8vih1W +a4O+kX5ywllmTyKgYtGfOJ/1G4V0kBfOUGDXnvUtsldvPz870Rc2pU5fpyoWKyTr +vCT9766rAEqIrNazBG/8XYaxtyz0UmDb +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/single-ca.p7b b/tests/cert-tests/data/single-ca.p7b new file mode 100644 index 0000000..d0508c0 Binary files /dev/null and b/tests/cert-tests/data/single-ca.p7b differ diff --git a/tests/cert-tests/data/single-ca.p7b.out b/tests/cert-tests/data/single-ca.p7b.out new file mode 100644 index 0000000..bb7425e --- /dev/null +++ b/tests/cert-tests/data/single-ca.p7b.out @@ -0,0 +1,67 @@ +Signers: + Signer's issuer DN: CN=GnuTLS Test CA + Signer's serial: 00 + Signature Algorithm: RSA-SHA256 + Signed Attributes: + smimeCapabilities: 306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128 + messageDigest: 0420aadc1955c030f723e9d89ed9d486b4eef5b0d1c6945be0dd6b7b340d42928ec9 + signingTime: 170d3135303533313036343633385a + contentType: 06092a864886f70d010701 + +Number of certificates: 1 + +-----BEGIN CERTIFICATE----- +MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV +BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB +OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL +dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb +HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08 +WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3 +F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3 +a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe +oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/ +MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P +MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH +VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc +4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s +V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK +VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u +f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv +ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k +-----END CERTIFICATE----- + +-----BEGIN PKCS7----- +MIIF8AYJKoZIhvcNAQcCoIIF4TCCBd0CAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggNUMIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcw +FQYDVQQDEw5HbnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIw +ODM2MzNaMBkxFzAVBgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0B +AQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65S +EoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OL +MiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63 ++MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5g +FH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2F +ezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUI +oYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNV +HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFn +kvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUV +RcBHDxmN7g2yOcqHVfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhL +CDW1BULHlLvL0DFc4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrO +MrzKZ2eKWA4JsL9sV+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVn +Xv4FVWPXbH9HERDKVbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DD +eN6EmRDOzByrv+9uf45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJs +OGuX7PqNyoDzJHLvferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k +MYICYDCCAlwCAQEwHjAZMRcwFQYDVQQDEw5HbnVUTFMgVGVzdCBDQQIBADANBglg +hkgBZQMEAgEFAKCB5DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3 +DQEJBTEPFw0xNTA1MzEwNjQ2MzhaMC8GCSqGSIb3DQEJBDEiBCCq3BlVwDD3I+nY +ntnUhrTu9bDRxpRb4N1rezQNQpKOyTB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFl +AwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqG +SIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIB +KDANBgkqhkiG9w0BAQEFAASCATBzs7o8JGEHYLfKM/7xek1kHKP5NP18IPdMX8S1 +imBuFBRmP510UbZGzeM/TIQvGeBiFO+6HsrF6LrHSm3vFg/jFSQ6CxfBr5Jt+OsJ +5emH8cGFHMGjZcyr818fritwwhVYVCRbjaKTPdf/HPeckO/XNCE0vo3lmB9KbwOZ +oOHchBjgP36AYT3HZdOBjEApK1inpuc81Ix19lMJoXNX8ZnPFAmHsh4vg6nv1eVm +LQrKnw39MZ7pjooNAD4NUQyw8W+t5K8cIK+5KLlp6FgVML+83kmzryF3CJKgaTmV +vecMzuA1EDd740y6wFBv7bYoOcfmyRLcRDnqURmsTZyEOdqswfr02FjuR40H1ZoA +KtarkLh1zxAeR7fMnuqUKGUJS+SB2QyAEGOv2dZMhnDA48i0 +-----END PKCS7----- diff --git a/tests/cert-tests/data/srv-public-127.0.0.1-signed.gpg b/tests/cert-tests/data/srv-public-127.0.0.1-signed.gpg new file mode 100644 index 0000000..eae97b3 --- /dev/null +++ b/tests/cert-tests/data/srv-public-127.0.0.1-signed.gpg @@ -0,0 +1,20 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.6 (GNU/Linux) + +mI0ESCeNFwEEAONcXan/Y5ML5KCFlUN5l0fyFUr6GiKW4gCgydjv9lSJvkEhulTY +mTAu5mTEuxxlwrACMSaSF0IZ9OKyezYJ1NP77ktfgDEvXcTrqfz2RybPDHWjo/kQ +1LyCd+l6iPgApyC+vXWChaaBf/RTpwxQX2aCngy7miWLvp3gJRAJYhULABEBAAG0 +CWxvY2FsaG9zdIi2BBMBAgAgBQJIJ5BTAhsjBgsJCAcDAgQVAggDBBYCAwECHgEC +F4AACgkQkfGmlGU5bl1QlwQAjvoZ5UVBY2hlxI5I+jdLmbKxY0MKu3E27jqFMqjv +ljIYodXQmBPLnL0+sxsk5/3PQaKa7u4pRbqXEVi5UTySCyk9+li5a6S0fOYZdG0x +c4N2M2hycM/n9vS8DbxBddgNyBCHMDp+wUGhyWMpTCOjgfEJLv36oTr/2jYaZLDs +mfS0CTEyNy4wLjAuMYi2BBMBAgAgBQJIJ40XAhsjBgsJCAcDAgQVAggDBBYCAwEC +HgECF4AACgkQkfGmlGU5bl3r5wQAgZPFhKacRyLNfSDNIuzWdsPCm2MaHkjPWPY1 +ms+bQPw8Qju2S45QeiIRgyK62LfCMcTdxXAtqvQ45+Zp7TZa8+O10XF8gaQlKjRk +duUu04XX0eBI20Fzq/OfAb+ECRUaqLYdrfC9zj/f0BZU17xXcJmxKjlsVcffSFJT +qJG161GInAQQAQIABgUCSCeQtAAKCRBYr5/NtEtAgbPyA/oCvo+Uv2/JO+U3Yvjz +vZeqE6cpNyYjOVyeh94y6WqIMfb9f7XblBalhm61vtNoQziNmN46W29FHrvvCXdj +SDbfg6lsNkr1M2j9ppvZnbn9B2MsEbwTLVS8EGB/kvgXzZZEtzgZU8Qf8e9q6xCh +evUnsgESjY6TTBziLCdos8ooSQ== +=O699 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/cert-tests/data/srv-public-all-signed.gpg b/tests/cert-tests/data/srv-public-all-signed.gpg new file mode 100644 index 0000000..f6e7fad --- /dev/null +++ b/tests/cert-tests/data/srv-public-all-signed.gpg @@ -0,0 +1,23 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.6 (GNU/Linux) + +mI0ESCeNFwEEAONcXan/Y5ML5KCFlUN5l0fyFUr6GiKW4gCgydjv9lSJvkEhulTY +mTAu5mTEuxxlwrACMSaSF0IZ9OKyezYJ1NP77ktfgDEvXcTrqfz2RybPDHWjo/kQ +1LyCd+l6iPgApyC+vXWChaaBf/RTpwxQX2aCngy7miWLvp3gJRAJYhULABEBAAG0 +CWxvY2FsaG9zdIi2BBMBAgAgBQJIJ5BTAhsjBgsJCAcDAgQVAggDBBYCAwECHgEC +F4AACgkQkfGmlGU5bl1QlwQAjvoZ5UVBY2hlxI5I+jdLmbKxY0MKu3E27jqFMqjv +ljIYodXQmBPLnL0+sxsk5/3PQaKa7u4pRbqXEVi5UTySCyk9+li5a6S0fOYZdG0x +c4N2M2hycM/n9vS8DbxBddgNyBCHMDp+wUGhyWMpTCOjgfEJLv36oTr/2jYaZLDs +mfSInAQQAQIABgUCSEuWfgAKCRBYr5/NtEtAgQSCBACYAc4TV5/4ttqECCqPdyWY +LXqcisgqr7Vwyff+1QLELdh5vvyBFc0FD/mvzpgScSiKTP07njw7KgGl2K6mVlPa +ztdYhfIKUyhLoj9G52dZZNBtUFi9dlNY/vUDCnDKuTV5BqjoznNYZ5Ti9QsD/TEL +GevqKn8ejNWkd79cOhpSCrQJMTI3LjAuMC4xiLYEEwECACAFAkgnjRcCGyMGCwkI +BwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCR8aaUZTluXevnBACBk8WEppxHIs19IM0i +7NZ2w8KbYxoeSM9Y9jWaz5tA/DxCO7ZLjlB6IhGDIrrYt8IxxN3FcC2q9Djn5mnt +Nlrz47XRcXyBpCUqNGR25S7ThdfR4EjbQXOr858Bv4QJFRqoth2t8L3OP9/QFlTX +vFdwmbEqOWxVx99IUlOokbXrUYicBBABAgAGBQJIJ5C0AAoJEFivn820S0CBs/ID ++gK+j5S/b8k75Tdi+PO9l6oTpyk3JiM5XJ6H3jLpaogx9v1/tduUFqWGbrW+02hD +OI2Y3jpbb0Ueu+8Jd2NINt+DqWw2SvUzaP2mm9mduf0HYywRvBMtVLwQYH+S+BfN +lkS3OBlTxB/x72rrEKF69SeyARKNjpNMHOIsJ2izyihJ +=HB4x +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/cert-tests/data/srv-public-localhost-signed.gpg b/tests/cert-tests/data/srv-public-localhost-signed.gpg new file mode 100644 index 0000000..40958f6 --- /dev/null +++ b/tests/cert-tests/data/srv-public-localhost-signed.gpg @@ -0,0 +1,20 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.6 (GNU/Linux) + +mI0ESCeNFwEEAONcXan/Y5ML5KCFlUN5l0fyFUr6GiKW4gCgydjv9lSJvkEhulTY +mTAu5mTEuxxlwrACMSaSF0IZ9OKyezYJ1NP77ktfgDEvXcTrqfz2RybPDHWjo/kQ +1LyCd+l6iPgApyC+vXWChaaBf/RTpwxQX2aCngy7miWLvp3gJRAJYhULABEBAAG0 +CWxvY2FsaG9zdIi2BBMBAgAgBQJIJ5BTAhsjBgsJCAcDAgQVAggDBBYCAwECHgEC +F4AACgkQkfGmlGU5bl1QlwQAjvoZ5UVBY2hlxI5I+jdLmbKxY0MKu3E27jqFMqjv +ljIYodXQmBPLnL0+sxsk5/3PQaKa7u4pRbqXEVi5UTySCyk9+li5a6S0fOYZdG0x +c4N2M2hycM/n9vS8DbxBddgNyBCHMDp+wUGhyWMpTCOjgfEJLv36oTr/2jYaZLDs +mfSInAQQAQIABgUCSCeQ7gAKCRBYr5/NtEtAgetPA/9uOggR2zLSE2/WyvKUIQO/ +H/V5e7O4dIZMsfiyRwbF0oGXQ2/fM+mehkvAeAsR17vPJ1uVphQ4w1F0inSt0m5f +L2i2Ci/ZbMtXTP139I/9RPX1yfKKk+b7eYvAvtq3gJ8RuA5QBDQTjy/9pGFDodn7 +1z+5gwJtR6xXxwHOkK8nBbQJMTI3LjAuMC4xiLYEEwECACAFAkgnjRcCGyMGCwkI +BwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCR8aaUZTluXevnBACBk8WEppxHIs19IM0i +7NZ2w8KbYxoeSM9Y9jWaz5tA/DxCO7ZLjlB6IhGDIrrYt8IxxN3FcC2q9Djn5mnt +Nlrz47XRcXyBpCUqNGR25S7ThdfR4EjbQXOr858Bv4QJFRqoth2t8L3OP9/QFlTX +vFdwmbEqOWxVx99IUlOokbXrUQ== +=ALwQ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/cert-tests/data/srv-public.gpg b/tests/cert-tests/data/srv-public.gpg new file mode 100644 index 0000000..f5693d1 --- /dev/null +++ b/tests/cert-tests/data/srv-public.gpg @@ -0,0 +1,17 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.6 (GNU/Linux) + +mI0ESCeNFwEEAONcXan/Y5ML5KCFlUN5l0fyFUr6GiKW4gCgydjv9lSJvkEhulTY +mTAu5mTEuxxlwrACMSaSF0IZ9OKyezYJ1NP77ktfgDEvXcTrqfz2RybPDHWjo/kQ +1LyCd+l6iPgApyC+vXWChaaBf/RTpwxQX2aCngy7miWLvp3gJRAJYhULABEBAAG0 +CTEyNy4wLjAuMYi2BBMBAgAgBQJIJ40XAhsjBgsJCAcDAgQVAggDBBYCAwECHgEC +F4AACgkQkfGmlGU5bl3r5wQAgZPFhKacRyLNfSDNIuzWdsPCm2MaHkjPWPY1ms+b +QPw8Qju2S45QeiIRgyK62LfCMcTdxXAtqvQ45+Zp7TZa8+O10XF8gaQlKjRkduUu +04XX0eBI20Fzq/OfAb+ECRUaqLYdrfC9zj/f0BZU17xXcJmxKjlsVcffSFJTqJG1 +61G0CWxvY2FsaG9zdIi2BBMBAgAgBQJIJ5BTAhsjBgsJCAcDAgQVAggDBBYCAwEC +HgECF4AACgkQkfGmlGU5bl1QlwQAjvoZ5UVBY2hlxI5I+jdLmbKxY0MKu3E27jqF +MqjvljIYodXQmBPLnL0+sxsk5/3PQaKa7u4pRbqXEVi5UTySCyk9+li5a6S0fOYZ +dG0xc4N2M2hycM/n9vS8DbxBddgNyBCHMDp+wUGhyWMpTCOjgfEJLv36oTr/2jYa +ZLDsmfQ= +=LSvO +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/cert-tests/data/srv-secret.gpg b/tests/cert-tests/data/srv-secret.gpg new file mode 100644 index 0000000..7de4ee3 --- /dev/null +++ b/tests/cert-tests/data/srv-secret.gpg @@ -0,0 +1,24 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.6 (GNU/Linux) + +lQHYBEgnjRcBBADjXF2p/2OTC+SghZVDeZdH8hVK+hoiluIAoMnY7/ZUib5BIbpU +2JkwLuZkxLscZcKwAjEmkhdCGfTisns2CdTT++5LX4AxL13E66n89kcmzwx1o6P5 +ENS8gnfpeoj4AKcgvr11goWmgX/0U6cMUF9mgp4Mu5oli76d4CUQCWIVCwARAQAB +AAP+Pl2iz7PfY4GaqDGcXRLoXXLZRmTOcHiE6/kvBRPltRDHoGQZEZcMhjwHNNMG +JGcBfXhMdTETsi0ekGS3CX6u4ybVoLzsUhcQUcn/+5dzWxdwQRufXhQ1kfFxDI6E +tjzfVfb5BeJO8lsPYcafjZau3ndRYNjQtctLfnwp6ohxWzkCAO6BrZARpv6BGS8C +ipbb2soWC2oYWXxYUES6MPbtbIJ9I1pgYAc+wzJMZJXW9Gw6cvPITMTg0JVBgao1 +/BlmZy8CAPQJaNeiKUA4uRcDRll0AR4iezN8iGNuyuWmZR03FQwE1sDemkEmYb/9 +QDkPGqoqQs2fiMPgsq3Q1S8xRYvCuOUCANWQsAX0cxa4oq32BX4w7jkwoTgV5xVU +qYGDy2JEmRImrcwkq5O89FbsYYf0EVz8wkIhrFJWZg5WtzpPmNPFcbOZDrQJMTI3 +LjAuMC4xiLYEEwECACAFAkgnjRcCGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK +CRCR8aaUZTluXevnBACBk8WEppxHIs19IM0i7NZ2w8KbYxoeSM9Y9jWaz5tA/DxC +O7ZLjlB6IhGDIrrYt8IxxN3FcC2q9Djn5mntNlrz47XRcXyBpCUqNGR25S7ThdfR +4EjbQXOr858Bv4QJFRqoth2t8L3OP9/QFlTXvFdwmbEqOWxVx99IUlOokbXrUbQJ +bG9jYWxob3N0iLYEEwECACAFAkgnkFMCGyMGCwkIBwMCBBUCCAMEFgIDAQIeAQIX +gAAKCRCR8aaUZTluXVCXBACO+hnlRUFjaGXEjkj6N0uZsrFjQwq7cTbuOoUyqO+W +Mhih1dCYE8ucvT6zGyTn/c9Bopru7ilFupcRWLlRPJILKT36WLlrpLR85hl0bTFz +g3YzaHJwz+f29LwNvEF12A3IEIcwOn7BQaHJYylMI6OB8Qku/fqhOv/aNhpksOyZ +9A== +=OxUt +-----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/cert-tests/data/subpkt-leak.pub b/tests/cert-tests/data/subpkt-leak.pub new file mode 100644 index 0000000..643c334 --- /dev/null +++ b/tests/cert-tests/data/subpkt-leak.pub @@ -0,0 +1 @@ +Éûÿ‰Š²»ŠŠŠ \ No newline at end of file diff --git a/tests/cert-tests/data/template-crq.pem b/tests/cert-tests/data/template-crq.pem new file mode 100644 index 0000000..4744422 --- /dev/null +++ b/tests/cert-tests/data/template-crq.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQzCCAqygAwIBAgICAjcwDQYJKoZIhvcNAQELBQAwgbgxCzAJBgNVBAYTAkdS +MQ8wDQYDVQQIEwZBdHRpa2kxEjAQBgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMO +c2xlZXBpbmcgZGVwdC4xFTATBgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT +8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRww +GgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMB4XDTA3MDQyMjAwMDAwMFoXDTA4 +MDQyMTAwMDAwMFowgZoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kxEjAQ +BgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTATBgNV +BAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNV +BAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5ge +HEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+Mxic +Gnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo3gwdjAO +BgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDAYDVR0TAQH/ +BAIwADAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wHwYDVR0jBBgwFoAU +XUCt8M6UQJWLfpmUHZJUIspyNl8wDQYJKoZIhvcNAQELBQADgYEAIi10ViehwFRO +C0poXR2v3lTj8g/UC2s/2uhOfYQ5AdczhJHtf2PUrvwO2qBSbucJgrXosWVLJX3t +7eW3ErI8gA99xU21hNGWLEkgKdnxFriRKhaOx5Wxgc7PmnTgRd3jGAvP3EYWPfNl +VMCAs2u7OVYHP63AaLbZVikfkksjx4g= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-date.pem b/tests/cert-tests/data/template-date.pem new file mode 100644 index 0000000..a1bb614 --- /dev/null +++ b/tests/cert-tests/data/template-date.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID3TCCA0agAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMjkwMTEyMTEzNjExWhcNMTUw +NTI0MTQyOTEyWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG +A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE +AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE +DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED +Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7 +QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW +PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjgfQwgfEwDwYDVR0TAQH/BAUwAwEB/zBq +BgNVHREEYzBhggx3d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5vcmeCF3d3 +dy5ldmVubW9yZXRoYW5vbmUub3JnhwTAqAEBgQ1ub25lQG5vbmUub3JngQ53aGVy +ZUBub25lLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCAoQw +HQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMC4GA1UdHwQnMCUwI6AhoB+G +HWh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwvMA0GCSqGSIb3DQEBCwUAA4GB +AAtuhpeIBu3CEKtw0m3tAa6e6FK2Ww92e/4Eu2SzdVXpM1iSIu7JhmU9Z7hkBiTR +ojzildOcaja/XtPXaO0zxmaQ9PqEhOve4Zi+Fragkdp9ExOSdJNuMZtF7lk6C9W5 +W1PhIOe4CRJ2lRl6fToABg0a+Cf0+mdcWW6qnQtoWMQy +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-dates-after2038.pem b/tests/cert-tests/data/template-dates-after2038.pem new file mode 100644 index 0000000..d08d838 --- /dev/null +++ b/tests/cert-tests/data/template-dates-after2038.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID3TCCA0agAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMzkwMTEyMTEzNjExWhcNNDMw +NTI0MTQyOTEyWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG +A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE +AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE +DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED +Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7 +QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW +PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjgfQwgfEwDwYDVR0TAQH/BAUwAwEB/zBq +BgNVHREEYzBhggx3d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5vcmeCF3d3 +dy5ldmVubW9yZXRoYW5vbmUub3JnhwTAqAEBgQ1ub25lQG5vbmUub3JngQ53aGVy +ZUBub25lLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCAoQw +HQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMC4GA1UdHwQnMCUwI6AhoB+G +HWh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwvMA0GCSqGSIb3DQEBCwUAA4GB +AH3hlSBum8CPXMLD+l594w4Z3avKByrleD90f9JdCkP029tGF1y4D17YiHquYVUQ +dWGJFZxd8TTbsUjhbtbpHO7n7nY8AXU58rKPRK9CsSEC9gAw5Xhyt21dzPNqhXcK +0Gza+jQJEw/A1E93JDmo6lc4dWdt6igMB8HAGQfvzZJb +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-dn.pem b/tests/cert-tests/data/template-dn.pem new file mode 100644 index 0000000..5b38c7f --- /dev/null +++ b/tests/cert-tests/data/template-dn.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDITCCAoqgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx +DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh +bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x +NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw +CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT +CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C +JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx +N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI +NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4H0MIHxMA8GA1UdEwEB/wQFMAMB +Af8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3d3cubW9yZXRoYW5vbmUub3Jn +ghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgBAYENbm9uZUBub25lLm9yZ4EO +d2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQD +AgKEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8EJzAlMCOg +IaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0BAQsF +AAOBgQCkSwnFjktb1sFvIXFcKIIb3hJKFQaYSxWvYsGdcWkTmCqLguKVQgKD6EPo +Idp2jN6bHX9K+5P5KSGDKsPsBfF6Wit/y8dFN9zG1/VvdXDgMZqzxCuiQe+JIYBV +Er6vj0hwvDd+wl+CsIxlQEfWeLuRSdTZ33yTPq7mJqjDyKfHXw== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-generalized.pem b/tests/cert-tests/data/template-generalized.pem new file mode 100644 index 0000000..09ea7a5 --- /dev/null +++ b/tests/cert-tests/data/template-generalized.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID4TCCA0qgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwIhgPMjA1MTAxMTIxMTM2MTFaGA8y +MDU1MDUyNDE0MjkxMlowgbgxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kx +EjAQBgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTAT +BgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAK +BgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25l +QG5vbmUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C +JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx +N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI +NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4H0MIHxMA8GA1UdEwEB/wQFMAMB +Af8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3d3cubW9yZXRoYW5vbmUub3Jn +ghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgBAYENbm9uZUBub25lLm9yZ4EO +d2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/BAQD +AgKEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8EJzAlMCOg +IaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0BAQsF +AAOBgQAB8Akf5wROUFTC0bbh8cNBemII0ytuXr/RbEfnGvvswlX4zuW2JfGTw7dh +JS0PYMeZ+SwE9nSHKyifX8ZQDvfsPdjszM8IVC5WrgSXzWOLFQOOWXAqi4FlVx+6 +wSVUvGBiowYEMcndGRy56mzrOWaCjztPWqNOQgNhybhri5btgQ== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-krb5name-full.pem b/tests/cert-tests/data/template-krb5name-full.pem new file mode 100644 index 0000000..1d4c036 --- /dev/null +++ b/tests/cert-tests/data/template-krb5name-full.pem @@ -0,0 +1,94 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 07 + Issuer: CN=Nik,ST=Attiki,C=GR,surName=Mavrogiannopoulos,street=Arkadias + Validity: + Not Before: Sun Apr 22 00:00:00 UTC 2007 + Not After: Sun May 25 00:00:00 UTC 2014 + Subject: CN=Nik,ST=Attiki,C=GR,surName=Mavrogiannopoulos,street=Arkadias + Subject Public Key Algorithm: RSA + Algorithm Security Level: Legacy (1024 bits) + Modulus (bits 1024): + 00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03:59 + f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9:86:8b + 05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c:4a:38:f7 + 33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37:70:10:fb:42 + e9:d8:9d:18:65:7e:19:49:fc:05:96:04:68:83:1e:77 + 86:bf:ed:f5:e5:12:3b:13:fe:33:18:9c:1a:7a:1d:69 + af:47:02:60:7a:1f:b9:e8:cf:db:c8:34:30:51:96:3d + 8c:96:5c:00:bc:61:de:08:0f:b1:36:21:7f:a9:00:e3 + 05 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): TRUE + Subject Alternative Name (not critical): + DNSname: www.evenmorethanone.org + IPAddress: 192.168.1.1 + KRB5Principal: user@email.domain@KERBEROS.REALM + KRB5Principal: user@REALM.COM + KRB5Principal: HTTP/user@REALM.COM + KRB5Principal: comp1/comp2/user@REALM.COM + RFC822Name: none@none.org + RFC822Name: where@none.org + Key Purpose (not critical): + OCSP signing. + Key Usage (critical): + Subject Key Identifier (not critical): + 5d40adf0ce9440958b7e99941d925422ca72365f + CRL Distribution points (not critical): + URI: http://www.getcrl.crl/getcrl/ + Signature Algorithm: RSA-SHA256 + Signature: + 60:4b:8f:6f:70:c9:1f:c0:e0:f7:44:aa:c8:57:ae:72 + 7f:fb:69:f0:ef:40:62:66:5a:0b:88:91:ac:9b:13:20 + 77:1b:41:dd:ca:0e:6e:f6:16:9b:56:6f:f7:58:57:10 + 42:04:72:98:78:03:da:48:c3:0f:9b:fe:9b:3c:54:9c + 5c:f9:1f:78:32:90:23:04:0f:fd:a0:4d:9e:ff:a2:87 + 58:5c:a0:d5:80:70:e7:d6:a2:ff:21:03:3e:77:57:68 + ea:a6:21:f7:67:8e:9a:df:63:12:f1:7e:78:7d:ac:6d + eb:53:9f:ce:fe:18:61:18:8a:2b:65:35:28:6f:d5:7b +Other Information: + SHA1 fingerprint: + 113d3560fb087fd7724055192695f0c472e1eec4 + SHA256 fingerprint: + 7b2285b7a542e9ca05eae2538196080caf503d47f8a3869454ab1990d8075be8 + Public Key ID: + 5d40adf0ce9440958b7e99941d925422ca72365f + Public key's random art: + +--[ RSA 1024]----+ + | .o+*=. | + | . .o.+oo | + | . * =EB.. | + | + o.oO.. | + | .S=.o | + | . * | + | . | + | | + | | + +-----------------+ + +-----BEGIN CERTIFICATE----- +MIID5DCCA02gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx +DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh +bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x +NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw +CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT +CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C +JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx +N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI +NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IBtjCCAbIwDwYDVR0TAQH/BAUw +AwEB/zCCASkGA1UdEQSCASAwggEcghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cE +wKgBAaA+BgYrBgEFAgKgNDAyoBAbDktFUkJFUk9TLlJFQUxNoR4wHKADAgEKoRUw +ExsRdXNlckBlbWFpbC5kb21haW6gLAYGKwYBBQICoCIwIKALGwlSRUFMTS5DT02h +ETAPoAMCAQGhCDAGGwR1c2VyoDIGBisGAQUCAqAoMCagCxsJUkVBTE0uQ09NoRcw +FaADAgEBoQ4wDBsESFRUUBsEdXNlcqA6BgYrBgEFAgKgMDAuoAsbCVJFQUxNLkNP +TaEfMB2gAwIBAaEWMBQbBWNvbXAxGwVjb21wMhsEdXNlcoENbm9uZUBub25lLm9y +Z4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/ +BAQDAgYAMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8EJzAl +MCOgIaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0B +AQsFAAOBgQBgS49vcMkfwOD3RKrIV65yf/tp8O9AYmZaC4iRrJsTIHcbQd3KDm72 +FptWb/dYVxBCBHKYeAPaSMMPm/6bPFScXPkfeDKQIwQP/aBNnv+ih1hcoNWAcOfW +ov8hAz53V2jqpiH3Z46a32MS8X54faxt61Ofzv4YYRiKK2U1KG/Vew== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-krb5name.pem b/tests/cert-tests/data/template-krb5name.pem new file mode 100644 index 0000000..7abd1c3 --- /dev/null +++ b/tests/cert-tests/data/template-krb5name.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID5DCCA02gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx +DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh +bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x +NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw +CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT +CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C +JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx +N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI +NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IBtjCCAbIwDwYDVR0TAQH/BAUw +AwEB/zCCASkGA1UdEQSCASAwggEcghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cE +wKgBAaA+BgYrBgEFAgKgNDAyoBAbDktFUkJFUk9TLlJFQUxNoR4wHKADAgEKoRUw +ExsRdXNlckBlbWFpbC5kb21haW6gLAYGKwYBBQICoCIwIKALGwlSRUFMTS5DT02h +ETAPoAMCAQGhCDAGGwR1c2VyoDIGBisGAQUCAqAoMCagCxsJUkVBTE0uQ09NoRcw +FaADAgEBoQ4wDBsESFRUUBsEdXNlcqA6BgYrBgEFAgKgMDAuoAsbCVJFQUxNLkNP +TaEfMB2gAwIBAaEWMBQbBWNvbXAxGwVjb21wMhsEdXNlcoENbm9uZUBub25lLm9y +Z4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH/ +BAQDAgKEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8EJzAl +MCOgIaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0B +AQsFAAOBgQAJNK+h7t8k/1OcmCW+Wp1Bi1aSDKKjO2lTgOscN3lBEc/1oTwIaA3l +SoN6vqxTV9Y1wk6I8+EHnVY18rsw/BLL4zU0HT6d3LHqcKQcKCygkhlt1Ep6Fd+n +S84mrNZgtqUb40J6KIolPa25fNTpMnxmwzz7reak87bO+WXnNlTF2g== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-long-dns-crq.pem b/tests/cert-tests/data/template-long-dns-crq.pem new file mode 100644 index 0000000..411a658 --- /dev/null +++ b/tests/cert-tests/data/template-long-dns-crq.pem @@ -0,0 +1,61 @@ +PKCS #10 Certificate Request Information: + Version: 1 + Subject: CN=super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com + Subject Public Key Algorithm: RSA + Algorithm Security Level: Low (1024 bits) + Modulus (bits 1024): + 00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03:59 + f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9:86:8b + 05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c:4a:38:f7 + 33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37:70:10:fb:42 + e9:d8:9d:18:65:7e:19:49:fc:05:96:04:68:83:1e:77 + 86:bf:ed:f5:e5:12:3b:13:fe:33:18:9c:1a:7a:1d:69 + af:47:02:60:7a:1f:b9:e8:cf:db:c8:34:30:51:96:3d + 8c:96:5c:00:bc:61:de:08:0f:b1:36:21:7f:a9:00:e3 + 05 + Exponent (bits 24): + 01:00:01 + Signature Algorithm: RSA-SHA256 + Attributes: + Extensions: + Subject Alternative Name (not critical): + DNSname: super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Key Purpose (critical): + Time stamping. + Ipsec IKE. + Key Usage (critical): + Digital signature. + Key encipherment. +Other Information: + Public Key ID: + sha1:5d40adf0ce9440958b7e99941d925422ca72365f + sha256:472f7ef457b70a57a585094b285fdaef7ad72553495701ecd4f2a6dcb477b50e + Public Key PIN: + pin-sha256:Ry9+9Fe3ClelhQlLKF/a73rXJVNJVwHs1PKm3LR3tQ4= + +Self signature: verified + +-----BEGIN NEW CERTIFICATE REQUEST----- +MIIDlzCCAwACAQAwgf0xgfowgfcGA1UEAxOB73N1cGVyLXZlcnktdmVyeS12ZXJ5 +LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl +cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt +dmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy +eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12 +ZXJ5LXZlcnktdmVyeS12ZXJ5LWxvbmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TP +E5geHEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+ +MxicGnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABoIIB +VzCCAVMGCSqGSIb3DQEJDjGCAUQwggFAMIH9BgNVHREEgfUwgfKCge9zdXBlci12 +ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5 +LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZl +cnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnkt +dmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVy +eS12ZXJ5LXZlcnktdmVyeS12ZXJ5LXZlcnktdmVyeS1sb25nLmNvbTAMBgNVHRMB +Af8EAjAAMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMIBggrBgEFBQcDETAOBgNVHQ8B +Af8EBAMCBaAwDQYJKoZIhvcNAQELBQADgYEAayPv5BS2Rqrj7ajEUKz0TH1VZ/cx +dTxaK4TXj8k6551jk/gyVZz4m0P61UeBL2Weqc2mWDhz6f7TAmUbtd4ZzBv4qn1h +ses5EzF/1kMgWKzKMwAqT/LirwRMYFfkfAZjAbd71dYUnL+I84e4GaXcchH3hB2d +sXtj4I9KZ9kWCf4= +-----END NEW CERTIFICATE REQUEST----- diff --git a/tests/cert-tests/data/template-nc.pem b/tests/cert-tests/data/template-nc.pem new file mode 100644 index 0000000..2f5c870 --- /dev/null +++ b/tests/cert-tests/data/template-nc.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECDCCA3GgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx +DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh +bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x +NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw +CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT +CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C +JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx +N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI +NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IB2jCCAdYwDwYDVR0TAQH/BAUw +AwEB/zBkBgNVHREEXTBbggx3d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5v +cmeCF3d3dy5ldmVubW9yZXRoYW5vbmUub3JngQ1ub25lQG5vbmUub3JngQ53aGVy +ZUBub25lLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDCTCB6AYDVR0eAQH/BIHdMIHa +oGswCocIwKgFAP///wAwCocICgoAAP//AAAwCocIrBd6AP///gAwIocg/Ez+j3/6 +GL0AAAAAAAAAAP//////////AAAAAAAAAAAwDYILZXhhbXBsZS5jb20wEoEQbm1h +dkBleGFtcGxlLmNvbaFrMAqHCAoKZAD///8AMAqHCAoKZQD///8AMCKHIPxM/o9/ ++hi9cshkuQAAAAD///////////////8AAAAAMAWCA25ldDAFggNvcmcwAoIAMA2B +C2V4YW1wbGUubmV0MAyBCmV4YW1wbGUubGkwDgYDVR0PAQH/BAQDAgKEMB0GA1Ud +DgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8EJzAlMCOgIaAfhh1odHRw +Oi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0BAQsFAAOBgQAAuMp9 +FZce8BcY2if70f9oPSoUsScb6ifG0b5TENhLXjJ+VicEPBAcsZ1uuwr2rrQsqHUv +uGJXeRuJHW9j1DWBNEQJszXvlIamxn1eICMvTBHI3BRsI65w0xxYBURm83M95fkH +h+OFUsRZl9TDNm0NAtpN2YGGmXbBNPxFZrruYw== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-othername-xmpp.pem b/tests/cert-tests/data/template-othername-xmpp.pem new file mode 100644 index 0000000..18dacc2 --- /dev/null +++ b/tests/cert-tests/data/template-othername-xmpp.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZzCCAtCgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx +DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh +bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x +NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw +CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT +CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C +JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx +N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI +NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IBOTCCATUwDAYDVR0TAQH/BAIw +ADCBsAYDVR0RBIGoMIGlggx3d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5v +cmeCF3d3dy5ldmVubW9yZXRoYW5vbmUub3JnhwTAqAEBoCMGCCsGAQUFBwgFoBcM +FWp1bGlldEBpbS5leGFtcGxlLmNvbaAdBggrBgEFBQcIBaARDA9oZWxsb0BoZWxs +by5vcmeBDW5vbmVAbm9uZS5vcmeBDndoZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoG +CCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmU +HZJUIspyNl8wLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL3d3dy5nZXRjcmwuY3Js +L2dldGNybC8wDQYJKoZIhvcNAQELBQADgYEAXJ2uw1jfcZTAcaTN7vsSHcXFi0dc +3YphVaFWxlaV6tVbBk9+JXg56IC7bC2ebp9ndUOEvJhoXLEIxWg8k05cIZPfBgGN +m32TPvHLZqMHn1EP4f2bOtCVcWp7NN3Ixc9SlejYXh5uNFOs6kXjC0O7vMGiySoT +ZJUkIzvz7Nyieg8= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-othername.pem b/tests/cert-tests/data/template-othername.pem new file mode 100644 index 0000000..598dfcd --- /dev/null +++ b/tests/cert-tests/data/template-othername.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDtzCCAyCgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx +DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh +bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x +NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw +CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT +CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C +JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx +N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI +NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4IBiTCCAYUwDwYDVR0TAQH/BAUw +AwEB/zCB/QYDVR0RBIH1MIHyggx3d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9u +ZS5vcmeCF3d3dy5ldmVubW9yZXRoYW5vbmUub3JnhwTAqAEBoDgGBisGAQUCAqAu +MCygDRsLVkFOUkVJTi5PUkehGzAZoAYCBAAAAAKhDzANGwRyaWNrGwVhZG1pbqAX +BgQqBAUGoA8EDWEgdGVzdCBzdHJpbmegHQYIKwYBBQUHCAegEQwPbm1hdkBnbnV0 +bHMub3JnoB0GCCsGAQUFBwgFoBEMD25tYXZAZ251dGxzLm9yZ4ENbm9uZUBub25l +Lm9yZ4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0P +AQH/BAQDAgKEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQiynI2XzAuBgNVHR8E +JzAlMCOgIaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG +9w0BAQsFAAOBgQBIZiGErDxIVvwcB6he3r28yA6zEtbdayuJVerNs1LArPEQMJ8o +WGbFeGKIDKLsA3WEv9Gz/JTnTSYOxdqDsnS6CkxpXf7lOGUvd/0poK5wXiStTMki +eq/GBXBWQifkFUK8NDQXbd+vu6fI0Y2iQCXz91CsEEZI+M43PoBCW6qV1Q== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-overflow.pem b/tests/cert-tests/data/template-overflow.pem new file mode 100644 index 0000000..acc6214 --- /dev/null +++ b/tests/cert-tests/data/template-overflow.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID3zCCA0igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwIBcNMDcwNDIyMDAwMDAwWhgPOTk5 +OTEyMzEyMzU5NTlaMIG4MQswCQYDVQQGEwJHUjEPMA0GA1UECBMGQXR0aWtpMRIw +EAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMRUwEwYD +VQQDEwxDaW5keSBMYXVwZXIxFzAVBgoJkiaJk/IsZAEBEwdjbGF1cGVyMQwwCgYD +VQQMEwNEci4xDzANBgNVBEETBmphY2thbDEcMBoGCSqGSIb3DQEJARYNbm9uZUBu +b25lLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApcbOdUOEv2SeAicT +8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOYHhxKOPczLXqfctRrbSawMTdw +EPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMYnBp6HWmvRwJgeh+56M/byDQw +UZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaOB9DCB8TAPBgNVHRMBAf8EBTADAQH/ +MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX +d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo +ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC +hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wLgYDVR0fBCcwJTAjoCGg +H4YdaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybC8wDQYJKoZIhvcNAQELBQAD +gYEAgDFwtZnVDxlkekWL4g332em+UahWRXz8Ta1WghrlbeHuDFQn22NDxEWi1yRB +8vxrX0ejLHMFHLTOS4WnA+sj2ALdPFCkQXh97MPvXa2VWioSqphnxQX9gDJ0KddI +rosJhO44Nihmnkh9ac4qrzyRyeAMcrZclK8Jh5RrB7F5hnQ= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-overflow2.pem b/tests/cert-tests/data/template-overflow2.pem new file mode 100644 index 0000000..5c45093 --- /dev/null +++ b/tests/cert-tests/data/template-overflow2.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID3zCCA0igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwIBcNMDcwNDIyMDAwMDAwWhgPMjI4 +MTAyMDMwMDAwMDBaMIG4MQswCQYDVQQGEwJHUjEPMA0GA1UECBMGQXR0aWtpMRIw +EAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMRUwEwYD +VQQDEwxDaW5keSBMYXVwZXIxFzAVBgoJkiaJk/IsZAEBEwdjbGF1cGVyMQwwCgYD +VQQMEwNEci4xDzANBgNVBEETBmphY2thbDEcMBoGCSqGSIb3DQEJARYNbm9uZUBu +b25lLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApcbOdUOEv2SeAicT +8QNZ93ktku18L1CkA/EtebmGiwV+OrtEqq+EzxOYHhxKOPczLXqfctRrbSawMTdw +EPtC6didGGV+GUn8BZYEaIMed4a/7fXlEjsT/jMYnBp6HWmvRwJgeh+56M/byDQw +UZY9jJZcALxh3ggPsTYhf6kA4wUCAwEAAaOB9DCB8TAPBgNVHRMBAf8EBTADAQH/ +MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX +d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo +ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC +hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wLgYDVR0fBCcwJTAjoCGg +H4YdaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybC8wDQYJKoZIhvcNAQELBQAD +gYEAGg7RvqcoW1e2KxVK4Dxe4c/6X9b6zQ+CEFwEyNr395nVt2qyhrZdGTDDNUE+ +4Wic7aQxJsg/gYOu8QsjLmngmON3cfevKV4SCad9MSn+1EqGqkxzKflwK3sNAkYU +bfjHZK3Ots/zY4vsW/MNBdZRfcvBt/Ec90TLem0RhcOQRjc= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-rsa-sha3-224.pem b/tests/cert-tests/data/template-rsa-sha3-224.pem new file mode 100644 index 0000000..218162f --- /dev/null +++ b/tests/cert-tests/data/template-rsa-sha3-224.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCA4mgAwIBAgIBBzANBglghkgBZQMEAw0FADCBuDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw +NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG +A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE +AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE +DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED +Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7 +QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW +PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE2MIIBMjAPBgNVHRMBAf8EBTADAQH/ +MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX +d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo +ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC +hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wbwYDVR0fBGgwZjBkoGKg +YIYeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDEvhh5odHRwOi8vd3d3Lmdl +dGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwz +LzANBglghkgBZQMEAw0FAAOBgQAdr2yQ0d3cQcRMrXZLw4aFOFMCjllhyD1tvY1P +QojW8OP3BHCfIApCPrtpbbcGDGUuDIs1kHqCj58w/tnMGzD6jTGofi/MldAeyTg7 +WTA8DO0pO+mIuiMOr88nWAQ+tyV9pCMPiQ3+oNiB2ijlfUX3OY2psuu84i6Fo+ia +nv3w/w== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-rsa-sha3-256.pem b/tests/cert-tests/data/template-rsa-sha3-256.pem new file mode 100644 index 0000000..7d13d4c --- /dev/null +++ b/tests/cert-tests/data/template-rsa-sha3-256.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCA4mgAwIBAgIBBzANBglghkgBZQMEAw4FADCBuDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw +NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG +A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE +AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE +DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED +Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7 +QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW +PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE2MIIBMjAPBgNVHRMBAf8EBTADAQH/ +MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX +d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo +ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC +hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wbwYDVR0fBGgwZjBkoGKg +YIYeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDEvhh5odHRwOi8vd3d3Lmdl +dGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwz +LzANBglghkgBZQMEAw4FAAOBgQCTRxvie4wXDyaeB/2UwaWtqnD7EB8Y9S/eUd2b +5HbDY746pJJNJACxtPs4oOp2mf0jV5iJFJwyiT2YbzJnRXVP4q/KASp10xaDVgXC +UzLmnVlmSJ8UPpOqmrlctTpcUUogm56+ulaDBRDYDN6yxWB4787iWcpBRfy7YKR3 +/F3k+g== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-rsa-sha3-384.pem b/tests/cert-tests/data/template-rsa-sha3-384.pem new file mode 100644 index 0000000..df8c515 --- /dev/null +++ b/tests/cert-tests/data/template-rsa-sha3-384.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCA4mgAwIBAgIBBzANBglghkgBZQMEAw8FADCBuDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw +NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG +A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE +AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE +DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED +Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7 +QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW +PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE2MIIBMjAPBgNVHRMBAf8EBTADAQH/ +MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX +d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo +ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC +hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wbwYDVR0fBGgwZjBkoGKg +YIYeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDEvhh5odHRwOi8vd3d3Lmdl +dGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwz +LzANBglghkgBZQMEAw8FAAOBgQAts2YEtM3uKzfUTpXPouot34aI1IfnrCY9exFw +TE3HZdU8sY3UZhOXS5rGhpKtSU5Yv1jtb0gFc/JGtaKPLVhTTa+PPIBIpkBFtDBL +M7iuIWGCBxfp/8tuwlurOOrzHbneUEpDRBRd6J6pQY+VECPMDUmn03E/k/8rAYIf +cY5rvA== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-rsa-sha3-512.pem b/tests/cert-tests/data/template-rsa-sha3-512.pem new file mode 100644 index 0000000..8d813bf --- /dev/null +++ b/tests/cert-tests/data/template-rsa-sha3-512.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCA4mgAwIBAgIBBzANBglghkgBZQMEAxAFADCBuDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw +NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG +A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE +AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE +DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED +Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7 +QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW +PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE2MIIBMjAPBgNVHRMBAf8EBTADAQH/ +MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX +d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo +ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC +hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wbwYDVR0fBGgwZjBkoGKg +YIYeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDEvhh5odHRwOi8vd3d3Lmdl +dGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwz +LzANBglghkgBZQMEAxAFAAOBgQA2lFC18bQymlgBYyUqN7aLAeH0z4NLxpJOukjy +2t3Pn5CHbwT31Pqk22uE5o/XMIIrO98coyfR4nz7R5aUL5E366Y7hZEK/0AbD0BA +z12DZMWmlT6rLKID9rx2vCESqfr3ZPJPcymO1KxrtmB+gxmnV0k50pmYFzw8Hy8q +pM4TBQ== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-sgenerate.pem b/tests/cert-tests/data/template-sgenerate.pem new file mode 100644 index 0000000..8fa8188 --- /dev/null +++ b/tests/cert-tests/data/template-sgenerate.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCAmugAwIBAgIBBzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAeFw0wNzA0MjIwMDAwMDBaFw0xNDA1MjUwMDAwMDBaMFsxDDAK +BgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQswCQYDVQQGEwJHUjEaMBgGA1UE +BBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkTCEFya2FkaWFzMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15 +uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRo +gx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/ +qQDjBQIDAQABo4IBFjCCARIwDwYDVR0TAQH/BAUwAwEB/zBqBgNVHREEYzBhggx3 +d3cubm9uZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5vcmeCF3d3dy5ldmVubW9yZXRo +YW5vbmUub3JnhwTAqAEBgQ1ub25lQG5vbmUub3JngQ53aGVyZUBub25lLm9yZzAT +BgNVHSUEDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCAoQwHQYDVR0OBBYEFF1A +rfDOlECVi36ZlB2SVCLKcjZfMB8GA1UdIwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMB +A+/PMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRj +cmwvMA0GCSqGSIb3DQEBCwUAA4IBMQBQhjACri4i6KNQ4y5bUl3FI9RwaeMU/666 +fRWGebU5yiaqgmIKypH80S3zEJEeRff/Ptw0d4eAuHcinpCH+tnRej1MK9qJBRiL +vjMkDgdT37fnPEK352Bmuzn06ghRSNoxVqvQtY03VYMoNrOm/WNazcyxifhc35m8 +KFdAMTW+l5qwzzxkSqKHl0zH2E6kY5pUUXoZ+OvXVDzKS/e+SQ+6E7wSAKHykiwS +EKPjNOUCjUDUEdvSAAzQkB1d944F5ocUHQlzy507cJ4kmqp/gxIMZRne43yVXrdp +jdJo6jRgWLzcKuxhiVsrR7pU3jY6XVT1PZGRVTRl9Ve4FZ89we6klzE/rgou2SiJ +ba2zZsZD/lJ7WgujgN7L3URPrv40asi5TBVGjaEqr/ddI34ABAA8 +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-test-ecc.key b/tests/cert-tests/data/template-test-ecc.key new file mode 100644 index 0000000..a3cd7c7 --- /dev/null +++ b/tests/cert-tests/data/template-test-ecc.key @@ -0,0 +1,40 @@ +Public Key Info: + Public Key Algorithm: EC + Key Security Level: High (256 bits) + +curve: SECP256R1 +private key: + 00:88:80:ce:07:cb:70:5b:e7:83:f6:fe:dd:b5:2f:16 + 2d:c1:d3:1d:64:a6:3b:f9:56:92:5d:ad:a0:0a:db:23 + 9b: + +x: + 60:f0:ee:7d:80:10:b9:00:4e:b6:3b:01:35:ea:37:f4 + 35:e0:7e:84:ce:1d:3e:02:bb:e3:4b:b7:63:cf:23:6a + + +y: + 00:ce:07:0b:b6:61:44:1e:c7:2b:d6:bb:37:67:43:b8 + 5e:cb:1b:0d:44:64:92:87:2c:b7:08:91:cf:89:e7:04 + 40: + + +Public Key ID: CC:59:3D:71:8E:44:9D:42:A7:B2:B5:86:C5:1F:2B:E3:A9:33:65:E8 +Public key's random art: ++--[SECP256R1]----+ +| o=.o. | +| +.Bo | +| o O.o | +| o o * + o | +| S o.= o | +| .oo+ | +| . oo | +| E. | +| .o | ++-----------------+ + +-----BEGIN EC PRIVATE KEY----- +MHgCAQEEIQCIgM4Hy3Bb54P2/t21LxYtwdMdZKY7+VaSXa2gCtsjm6AKBggqhkjO +PQMBB6FEA0IABGDw7n2AELkATrY7ATXqN/Q14H6Ezh0+ArvjS7djzyNqzgcLtmFE +Hscr1rs3Z0O4XssbDURkkocstwiRz4nnBEA= +-----END EC PRIVATE KEY----- diff --git a/tests/cert-tests/data/template-test.key b/tests/cert-tests/data/template-test.key new file mode 100644 index 0000000..3b5886d --- /dev/null +++ b/tests/cert-tests/data/template-test.key @@ -0,0 +1,86 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Low + +modulus: + 00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03: + 59:f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9: + 86:8b:05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c: + 4a:38:f7:33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37: + 70:10:fb:42:e9:d8:9d:18:65:7e:19:49:fc:05:96: + 04:68:83:1e:77:86:bf:ed:f5:e5:12:3b:13:fe:33: + 18:9c:1a:7a:1d:69:af:47:02:60:7a:1f:b9:e8:cf: + db:c8:34:30:51:96:3d:8c:96:5c:00:bc:61:de:08: + 0f:b1:36:21:7f:a9:00:e3:05: +public exponent: + 01:00:01: +private exponent: + 00:a0:b7:b2:57:6b:83:1a:4f:01:05:53:3f:79:0c: + e7:bf:0e:03:4a:0b:e5:b6:b5:76:9d:bf:c7:77:d8: + 8f:00:de:ed:77:21:31:3c:4d:77:f3:8e:aa:8e:9e: + 9c:b2:c7:ae:1d:2c:61:c3:60:ff:59:4e:05:c9:61: + 56:cb:8f:dd:58:eb:b0:40:f8:dd:8d:02:c5:aa:19: + 3d:fd:b5:89:6f:f8:88:5a:5d:fd:69:8a:21:76:76: + 9e:c9:fa:50:5f:95:50:3e:b1:79:0d:ce:40:52:e6: + 08:83:13:ee:a0:a5:69:8d:4c:3e:43:e5:4e:94:82: + a1:10:51:a6:92:fc:d3:f9:ad: +prime1: + 00:d3:29:62:57:21:b8:17:ad:3e:22:d1:1c:ce:8f: + 66:f7:67:8d:fd:47:64:99:96:5f:e0:0f:3c:cf:5d: + 48:3f:17:94:72:4d:5e:d4:eb:4e:41:41:dd:62:56: + 13:08:86:e8:94:1e:66:04:18:68:44:39:cc:60:6e: + 90:b0:b6:cb:07: +prime2: + 00:c8:fa:51:7c:f2:60:97:41:5c:d0:9f:b6:55:a7: + db:a7:3f:b4:6e:cc:bf:a7:b1:09:3a:bb:55:52:23: + 57:15:60:32:2a:c4:49:8b:ad:02:12:8d:df:aa:4e: + bf:b6:37:b9:41:59:d8:17:f5:08:b2:f9:aa:35:30: + b1:55:99:c2:93: +coefficient: + 56:f4:fd:a3:36:0a:fc:f8:79:7e:86:84:69:b9:6e: + 51:6f:11:bb:d7:7e:ba:0a:aa:9a:3f:22:70:5c:42: + a4:fe:96:3f:6d:61:db:0e:56:50:a9:ad:53:a5:a8: + d4:e2:8f:ca:5c:5d:0c:88:7d:b5:17:7d:58:73:37: + 7d:1e:1e:04: +exp1: + 00:90:ec:5f:3c:f3:bc:78:2b:83:70:bb:da:2c:7e: + 49:29:d5:9d:a2:ce:43:e2:11:4d:9d:e6:77:52:ce: + 6f:ce:35:6d:c1:81:0e:6b:cd:4f:39:04:6e:5f:96: + 39:9b:e9:93:68:4c:f0:b1:30:db:26:b0:10:6f:c2: + 92:75:66:0f:33: +exp2: + 23:54:a5:f8:a2:1f:4a:d7:c9:ba:3f:29:6d:9b:69: + a8:d8:31:1e:fd:4d:7f:ec:46:64:15:c4:a5:00:e3: + 71:35:8c:fc:29:af:88:27:6c:e2:d8:20:06:af:7b: + 52:4c:2f:7c:06:90:4f:7d:da:fe:a3:97:41:6c:82: + f0:3a:6c:93: + +Public Key ID: 5D:40:AD:F0:CE:94:40:95:8B:7E:99:94:1D:92:54:22:CA:72:36:5F +Public key's random art: ++--[ RSA 1032]----+ +| .o+*=. | +| . .o.+oo | +| . * =EB.. | +| + o.oO.. | +| .S=.o | +| . * | +| . | +| | +| | ++-----------------+ + +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sq +r4TPE5geHEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUS +OxP+MxicGnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQAB +AoGBAKC3sldrgxpPAQVTP3kM578OA0oL5ba1dp2/x3fYjwDe7XchMTxNd/OOqo6e +nLLHrh0sYcNg/1lOBclhVsuP3VjrsED43Y0CxaoZPf21iW/4iFpd/WmKIXZ2nsn6 +UF+VUD6xeQ3OQFLmCIMT7qClaY1MPkPlTpSCoRBRppL80/mtAkEA0yliVyG4F60+ +ItEczo9m92eN/UdkmZZf4A88z11IPxeUck1e1OtOQUHdYlYTCIbolB5mBBhoRDnM +YG6QsLbLBwJBAMj6UXzyYJdBXNCftlWn26c/tG7Mv6exCTq7VVIjVxVgMirESYut +AhKN36pOv7Y3uUFZ2Bf1CLL5qjUwsVWZwpMCQQCQ7F8887x4K4Nwu9osfkkp1Z2i +zkPiEU2d5ndSzm/ONW3BgQ5rzU85BG5fljmb6ZNoTPCxMNsmsBBvwpJ1Zg8zAkAj +VKX4oh9K18m6Pyltm2mo2DEe/U1/7EZkFcSlAONxNYz8Ka+IJ2zi2CAGr3tSTC98 +BpBPfdr+o5dBbILwOmyTAkBW9P2jNgr8+Hl+hoRpuW5RbxG71366CqqaPyJwXEKk +/pY/bWHbDlZQqa1TpajU4o/KXF0MiH21F31Yczd9Hh4E +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-tests/data/template-test.pem b/tests/cert-tests/data/template-test.pem new file mode 100644 index 0000000..98050fb --- /dev/null +++ b/tests/cert-tests/data/template-test.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIDCCA4mgAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw +NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG +A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE +AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE +DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED +Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7 +QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW +PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggE2MIIBMjAPBgNVHRMBAf8EBTADAQH/ +MGoGA1UdEQRjMGGCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFub25lLm9yZ4IX +d3d3LmV2ZW5tb3JldGhhbm9uZS5vcmeHBMCoAQGBDW5vbmVAbm9uZS5vcmeBDndo +ZXJlQG5vbmUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1UdDwEB/wQEAwIC +hDAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wbwYDVR0fBGgwZjBkoGKg +YIYeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDEvhh5odHRwOi8vd3d3Lmdl +dGNybC5jcmwvZ2V0Y3JsMi+GHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwz +LzANBgkqhkiG9w0BAQsFAAOBgQARxtGtk2+b3NCfus/17o8pZzLwMMP9ZAd9mPm6 +5wNXenFyjKSRgQVQbPHvGPEdDC/NZLQC6AM+GYdwXMvEJDjnA0rC7m1xlgEzTbOB +vcx+LTnFpjVQOWWSO1QD8ppf90gf/p97CHhURNDoF6W50fbnvkAwz/noZbwiJ/1V +V2jg6Q== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-tlsfeature.csr b/tests/cert-tests/data/template-tlsfeature.csr new file mode 100644 index 0000000..8e5d825 --- /dev/null +++ b/tests/cert-tests/data/template-tlsfeature.csr @@ -0,0 +1,62 @@ +PKCS #10 Certificate Request Information: + Version: 1 + Subject: pseudonym=jackal,title=Dr.,UID=clauper,CN=Cindy Lauper,OU=sleeping dept.,O=Koko inc.,ST=Attiki,C=GR + Subject Public Key Algorithm: RSA + Algorithm Security Level: Low (1024 bits) + Modulus (bits 1024): + 00:a5:c6:ce:75:43:84:bf:64:9e:02:27:13:f1:03:59 + f7:79:2d:92:ed:7c:2f:50:a4:03:f1:2d:79:b9:86:8b + 05:7e:3a:bb:44:aa:af:84:cf:13:98:1e:1c:4a:38:f7 + 33:2d:7a:9f:72:d4:6b:6d:26:b0:31:37:70:10:fb:42 + e9:d8:9d:18:65:7e:19:49:fc:05:96:04:68:83:1e:77 + 86:bf:ed:f5:e5:12:3b:13:fe:33:18:9c:1a:7a:1d:69 + af:47:02:60:7a:1f:b9:e8:cf:db:c8:34:30:51:96:3d + 8c:96:5c:00:bc:61:de:08:0f:b1:36:21:7f:a9:00:e3 + 05 + Exponent (bits 24): + 01:00:01 + Signature Algorithm: RSA-SHA256 + Attributes: + Extensions: + Subject Alternative Name (not critical): + DNSname: www.none.org + DNSname: www.morethanone.org + DNSname: www.evenmorethanone.org + IPAddress: 192.168.1.1 + RFC822Name: none@none.org + RFC822Name: where@none.org + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Key Purpose (critical): + OCSP signing. + Key Usage (critical): + Digital signature. + TLS Features (not critical): + OCSP Status Request(5) + 17 +Other Information: + Public Key ID: + sha1:5d40adf0ce9440958b7e99941d925422ca72365f + sha256:472f7ef457b70a57a585094b285fdaef7ad72553495701ecd4f2a6dcb477b50e + Public Key PIN: + pin-sha256:Ry9+9Fe3ClelhQlLKF/a73rXJVNJVwHs1PKm3LR3tQ4= + +Self signature: verified + +-----BEGIN NEW CERTIFICATE REQUEST----- +MIICqDCCAhECAQAwgZoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQIEwZBdHRpa2kxEjAQ +BgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xFTATBgNV +BAMTDENpbmR5IExhdXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNV +BAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQClxs51Q4S/ZJ4CJxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5ge +HEo49zMtep9y1GttJrAxN3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+Mxic +Gnodaa9HAmB6H7noz9vINDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABoIHMMIHJ +BgkqhkiG9w0BCQ4xgbswgbgwagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3d3cu +bW9yZXRoYW5vbmUub3Jnghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgBAYEN +bm9uZUBub25lLm9yZ4EOd2hlcmVAbm9uZS5vcmcwDAYDVR0TAQH/BAIwADAWBgNV +HSUBAf8EDDAKBggrBgEFBQcDCTAOBgNVHQ8BAf8EBAMCB4AwFAYIKwYBBQUHARgE +CDAGAgEFAgERMA0GCSqGSIb3DQEBCwUAA4GBAJVede27qO1+KIeEQSj4RVmu/L4i +jLEevh7yLp6mO0j90wkUL1/7ylda3qmStXsJxreCiVBPdQUoxzvyNMtoaX2WZ6O5 +fJPB8K+8+2KRVX/qJLP/9GhosIN6DkE9OpoMTEK0ZkXPaK+ckZXtyhkwUf3Xv/rV +GQAku1457L334BPQ +-----END NEW CERTIFICATE REQUEST----- diff --git a/tests/cert-tests/data/template-tlsfeature.pem b/tests/cert-tests/data/template-tlsfeature.pem new file mode 100644 index 0000000..f3d9d4a --- /dev/null +++ b/tests/cert-tests/data/template-tlsfeature.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEMzCCA5ygAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTESMBAGA1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5z +bGVlcGluZyBkZXB0LjEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPy +LGQBARMHY2xhdXBlcjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa +BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwHhcNMDcwNDIyMDAwMDAwWhcNMTQw +NTI1MDAwMDAwWjCBuDELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkF0dGlraTESMBAG +A1UEChMJS29rbyBpbmMuMRcwFQYDVQQLEw5zbGVlcGluZyBkZXB0LjEVMBMGA1UE +AxMMQ2luZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEMMAoGA1UE +DBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAaBgkqhkiG9w0BCQEWDW5vbmVAbm9u +ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED +Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7 +QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW +PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggFJMIIBRTAUBggrBgEFBQcBGAQIMAYC +AQUCAREwDAYDVR0TAQH/BAIwADBqBgNVHREEYzBhggx3d3cubm9uZS5vcmeCE3d3 +dy5tb3JldGhhbm9uZS5vcmeCF3d3dy5ldmVubW9yZXRoYW5vbmUub3JnhwTAqAEB +gQ1ub25lQG5vbmUub3JngQ53aGVyZUBub25lLm9yZzATBgNVHSUEDDAKBggrBgEF +BQcDCTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLK +cjZfMG8GA1UdHwRoMGYwZKBioGCGHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRj +cmwxL4YeaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybDIvhh5odHRwOi8vd3d3 +LmdldGNybC5jcmwvZ2V0Y3JsMy8wDQYJKoZIhvcNAQELBQADgYEACHLRiqdsflQ/ +WYs+JFLe/jSQgGejG9qa0rLsvUp+cjjTZBcdk6jTwHu4IKTVTlgMMg1QvHUvpFQ6 +5ORHyAxXC/QSPemNdoCDJ0CCc89uLEuTvPj4SzCpzU4OZhHqTtkJT3XHdpKP58nq +zoFAI4bSYmuRrDYIeEs5jf9IfxG4Lrg= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-unique.pem b/tests/cert-tests/data/template-unique.pem new file mode 100644 index 0000000..71ede4a --- /dev/null +++ b/tests/cert-tests/data/template-unique.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMzCCApygAwIBAgIBBzANBgkqhkiG9w0BAQsFADBbMQwwCgYDVQQDEwNOaWsx +DzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxGjAYBgNVBAQTEU1hdnJvZ2lh +bm5vcG91bG9zMREwDwYDVQQJEwhBcmthZGlhczAeFw0wNzA0MjIwMDAwMDBaFw0x +NDA1MjUwMDAwMDBaMFsxDDAKBgNVBAMTA05pazEPMA0GA1UECBMGQXR0aWtpMQsw +CQYDVQQGEwJHUjEaMBgGA1UEBBMRTWF2cm9naWFubm9wb3Vsb3MxETAPBgNVBAkT +CEFya2FkaWFzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C +JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx +N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI +NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABgQgAERQjJCUSJIIGAAAVIyQlo4H0 +MIHxMA8GA1UdEwEB/wQFMAMBAf8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3 +d3cubW9yZXRoYW5vbmUub3Jnghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgB +AYENbm9uZUBub25lLm9yZ4EOd2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYB +BQUHAwkwDgYDVR0PAQH/BAQDAgKEMB0GA1UdDgQWBBRdQK3wzpRAlYt+mZQdklQi +ynI2XzAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0 +Y3JsLzANBgkqhkiG9w0BAQsFAAOBgQAxXXIeP7WgxOzNt67f/vCnqwEvpbrCrRfW +U1HEvMvzldQwk1x6+AOhxAghb3xtjN5tK+sdOXucylWhVwsGvGAerZMtKhbmbxGE +Y2QuUZBpdy8Y0ptWMQFuyDPCNQMtT/mXcstfB34RX0IEB6rZrb1s3HYWXHCshED/ +KHhTIMGNGw== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/template-utf8.pem b/tests/cert-tests/data/template-utf8.pem new file mode 100644 index 0000000..9f303b2 --- /dev/null +++ b/tests/cert-tests/data/template-utf8.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDyTCCAzKgAwIBAgIBCTANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJHUjEV +MBMGA1UECAwMzpHPhM+EzrnOus6uMSQwIgYDVQQKDBvOnM61zrPOrM67zrcgzrXP +hM6xzrnPgc6vzrExDTALBgNVBAMMBPCfkKgwHhcNMDcwNDIyMDAwMDAwWhcNMDgw +NDIxMDAwMDAwWjBZMQswCQYDVQQGEwJHUjEVMBMGA1UECAwMzpHPhM+EzrnOus6u +MSQwIgYDVQQKDBvOnM61zrPOrM67zrcgzrXPhM6xzrnPgc6vzrExDTALBgNVBAMM +BPCfkKgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/ED +Wfd5LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7 +QunYnRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGW +PYyWXAC8Yd4ID7E2IX+pAOMFAgMBAAGjggGfMIIBmzAMBgNVHRMBAf8EAjAAMIIB +agYDVR0gBIIBYTCCAV0wgY8GDCsGAQQBqmwBCmMBADB/MEgGCCsGAQUFBwICMDwM +Os6czrnOsSDPgM6/zrvOuc+EzrnOus6uIM+Azr/PhSDOuM6tzrvOtc65IM60zrnO +rM6yzrHPg868zrEwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cuZXhhbXBsZS5jb20v +YS1wb2xpY3ktdG8tcmVhZDBpBgwrBgEEAapsAQpjAQEwWTAcBggrBgEFBQcCAjAQ +DA5Bbm90aGVyIHBvbGljeTA5BggrBgEFBQcCARYtaHR0cDovL3d3dy5leGFtcGxl +LmNvbS9hbm90aGVyLXBvbGljeS10by1yZWFkMF4GDCsGAQQBqmwBCmMBAjBOMBsG +CCsGAQUFBwICMA8MDU1vcmUgcG9saWNpZXMwLwYIKwYBBQUHAgEWI2h0dHA6Ly9l +eGFtcGxlLmNvbS9hLXBvbGljeS10by1yZWFkMB0GA1UdDgQWBBRdQK3wzpRAlYt+ +mZQdklQiynI2XzANBgkqhkiG9w0BAQsFAAOBgQCKO4pK+caD7hYLA6RB3yWN8+t2 +nFi5m+BSyBVn3z4xzvVZOtio7g1ic+uJyLJ2pft7Z+0qVCwTCUrVVzrEMvZyi+/K ++b25BowuzM7YVzcxLsYCcBGhuUkd/uSUdNPOQrwoh6jIBNXf0y5FGPPr03o9VBKJ +vewp5+e+L+H10b6mCg== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/test-null.p12 b/tests/cert-tests/data/test-null.p12 new file mode 100644 index 0000000..4db0afb Binary files /dev/null and b/tests/cert-tests/data/test-null.p12 differ diff --git a/tests/cert-tests/data/truncated.pub b/tests/cert-tests/data/truncated.pub new file mode 100644 index 0000000..29e181e --- /dev/null +++ b/tests/cert-tests/data/truncated.pub @@ -0,0 +1 @@ +ÿ diff --git a/tests/cert-tests/data/unclient.p12 b/tests/cert-tests/data/unclient.p12 new file mode 100644 index 0000000..68ef420 Binary files /dev/null and b/tests/cert-tests/data/unclient.p12 differ diff --git a/tests/cert-tests/data/unencpkcs8.pem b/tests/cert-tests/data/unencpkcs8.pem new file mode 100644 index 0000000..794dfd7 --- /dev/null +++ b/tests/cert-tests/data/unencpkcs8.pem @@ -0,0 +1,79 @@ + 0 629: SEQUENCE { + 4 1: INTEGER 0 + 7 11: SEQUENCE { + 9 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) + : } + 20 609: OCTET STRING, encapsulates { + 24 605: SEQUENCE { + 28 1: INTEGER 0 + 31 129: INTEGER + : 00 BB 24 7A 09 7E 0E B2 37 32 CC 39 67 AD F1 9E + : 3D 6B 82 83 D1 D0 AC A4 C0 18 BE 8D 98 00 C0 7B + : FF 07 44 C9 CA 1C BA 36 E1 27 69 FF B1 E3 8D 8B + : EE 57 A9 3A AA 16 43 39 54 19 7C AE 69 24 14 F6 + : 64 FF BC 74 C6 67 6C 4C F1 02 49 69 C7 2B E1 E1 + : A1 A3 43 14 F4 77 8F C8 D0 85 5A 35 95 AC 62 A9 + : C1 21 00 77 A0 8B 97 30 B4 5A 2C B8 90 2F 48 A0 + : 05 28 4B F2 0F 8D EC 8B 4D 03 42 75 D6 AD 81 C0 + : [ Another 1 bytes skipped ] + 163 3: INTEGER 65537 + 168 128: INTEGER + : 00 FC B9 4A 26 07 89 51 2B 53 72 91 E0 18 3E A6 + : 5E 31 EF 9C 0C 16 24 42 D0 28 33 F9 FA D0 3C 54 + : 04 06 C0 15 F5 1B 9A B3 24 31 AB 3C 6B 47 43 B0 + : D2 A9 DC 05 E1 81 59 B6 04 E9 66 61 AA D7 0B 00 + : 8F 3D E5 BF A2 F8 5E 25 6C 1E 22 0F B4 FD 41 E2 + : 03 31 5F DA 20 C5 C0 F3 55 0E E1 C9 EC D7 3E 2A + : 0C 01 CA 7B 22 CB AC F4 2B 27 F0 78 5F B5 C2 F9 + : E8 14 5A 6E 7E 86 BD 6A 9B 20 0C BA CC 97 20 11 + 299 65: INTEGER + : 00 C9 59 9F 29 8A 5B 9F E3 2A D8 7E C2 40 9F A8 + : 45 E5 3E 11 8D 3C ED 6E AB CE D0 65 46 D8 C7 07 + : 63 B5 23 34 F4 9F 7E 1C C7 C7 F9 65 D1 F4 04 42 + : 38 BE 3A 0C 9D 08 25 FC A3 71 D9 AE 0C 39 61 F4 + : 89 + 366 65: INTEGER + : 00 ED EF AB A9 D5 39 9C EE 59 1B FF CF 48 44 1B + : B6 32 E7 46 24 F3 04 7F DE 95 08 6D 75 9E 67 17 + : BA 5C A4 D4 E2 E2 4D 77 CE EB 66 29 C5 96 E0 62 + : BB E5 AC DC 44 62 54 86 ED 64 0C CE D0 60 03 9D + : 49 + 433 64: INTEGER + : 54 D9 18 72 27 E4 BE 76 BB 1A 6A 28 2F 95 58 12 + : C4 2C A8 B6 CC E2 FD 0D 17 64 C8 18 D7 C6 DF 3D + : 4C 1A 9E F9 2A B0 B9 2E 12 FD EC C3 51 C1 ED A9 + : FD B7 76 93 41 D8 C8 22 94 1A 77 F6 9C C3 C3 89 + 499 65: INTEGER + : 00 8E F9 A7 08 AD B5 2A 04 DB 8D 04 A1 B5 06 20 + : 34 D2 CF C0 89 B1 72 31 B8 39 8B CF E2 8E A5 DA + : 4F 45 1E 53 42 66 C4 30 4B 29 8E C1 69 17 29 8C + : 8A E6 0F 82 68 A1 41 B3 B6 70 99 75 A9 27 18 E4 + : E9 + 566 65: INTEGER + : 00 89 EA 6E 6D 70 DF 25 5F 18 3F 48 DA 63 10 8B + : FE A8 0C 94 0F DE 97 56 53 89 94 E2 1E 2C 74 3C + : 91 81 34 0B A6 40 F8 CB 2A 60 8C E0 02 B7 89 93 + : CF 18 9F 49 54 FD 7D 3F 9A EF D4 A4 4F C1 45 99 + : 91 + : } + : } + : } + +0 warnings, 0 errors. + +-----BEGIN PRIVATE KEY----- +MIICdQIBADALBgkqhkiG9w0BAQEEggJhMIICXQIBAAKBgQC7JHoJfg6yNzLMOWet +8Z49a4KD0dCspMAYvo2YAMB7/wdEycocujbhJ2n/seONi+5XqTqqFkM5VBl8rmkk +FPZk/7x0xmdsTPECSWnHK+HhoaNDFPR3j8jQhVo1laxiqcEhAHegi5cwtFosuJAv +SKAFKEvyD43si00DQnXWrYHAEQIDAQABAoGAAPy5SiYHiVErU3KR4Bg+pl4x75wM +FiRC0Cgz+frQPFQEBsAV9RuasyQxqzxrR0Ow0qncBeGBWbYE6WZhqtcLAI895b+i ++F4lbB4iD7T9QeIDMV/aIMXA81UO4cns1z4qDAHKeyLLrPQrJ/B4X7XC+egUWm5+ +hr1qmyAMusyXIBECQQDJWZ8piluf4yrYfsJAn6hF5T4RjTztbqvO0GVG2McHY7Uj +NPSffhzHx/ll0fQEQji+OgydCCX8o3HZrgw5YfSJAkEA7e+rqdU5nO5ZG//PSEQb +tjLnRiTzBH/elQhtdZ5nF7pcpNTi4k13zutmKcWW4GK75azcRGJUhu1kDM7QYAOd +SQJAVNkYcifkvna7GmooL5VYEsQsqLbM4v0NF2TIGNfG3z1MGp75KrC5LhL97MNR +we2p/bd2k0HYyCKUGnf2nMPDiQJBAI75pwittSoE240EobUGIDTSz8CJsXIxuDmL +z+KOpdpPRR5TQmbEMEspjsFpFymMiuYPgmihQbO2cJl1qScY5OkCQQCJ6m5tcN8l +Xxg/SNpjEIv+qAyUD96XVlOJlOIeLHQ8kYE0C6ZA+MsqYIzgAreJk88Yn0lU/X0/ +mu/UpE/BRZmR +-----END PRIVATE KEY----- diff --git a/tests/cert-tests/data/userid.pem b/tests/cert-tests/data/userid.pem new file mode 100644 index 0000000..2f34747 --- /dev/null +++ b/tests/cert-tests/data/userid.pem @@ -0,0 +1,59 @@ +# This file contains a X.509 certificate with a UID field, encoded as +# an IA5String rather than DirectoryString (i.e., TeletexString, +# PrintableString, UniversalString, UTF8String, or BMPString) which is +# the correct approach. For compatibility, it seems good to make sure +# that newer versions of GnuTLS continue to be able to read such +# certificates. + +# Thanks to Max Kellermann who reported this problem +# to gnutls-dev@gnupg.org, see Message-ID: +# <20061220125309.GA2668@roonstrasse.net>. + +# Copyright (C) 2006-2010, 2012 Free Software Foundation, Inc. +# +# Copying and distribution of this file, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. + +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00 +Subject: UID=simon +Issuer: UID=simon +Signature Algorithm: RSA-SHA +Validity: + Not Before: Wed Dec 27 10:28:27 2006 + Not After: Thu Dec 28 10:28:30 2006 +Subject Public Key Info: + Public Key Algorithm: RSA (512 bits) +modulus: + bd:a2:fc:48:9e:c0:4c:e9:57:d0:48:17:58:6e:1f: + 74:e3:15:d5:80:db:9d:31:0b:dd:29:a2:f3:05:45: + 80:70:78:02:fe:9c:a1:92:f3:86:47:ea:f7:e9:36: + 8c:28:10:fd:fa:3f:1d:74:7b:bb:f3:0e:8b:99:44: + 05:0e:11:6f: +public exponent: + 01:00:01: + +X.509 Extensions: + Basic Constraints: (critical) + CA:FALSE + Subject Key ID: + 5E:AE:28:4A:25:2D:BD:EC:74:DC:71:E1:5E:23:9A:96:05:D8:4B:D7 + +Other information: + MD5 Fingerprint: E3:26:D8:E5:5F:54:AA:34:B9:DF:4C:1C:D6:82:CF:F2 + SHA1 Fingerprint: 5F:6E:FB:6D:B5:85:81:63:A8:1A:DC:9F:50:75:0D:57:56:53:FB:83 + Public Key ID: 5E:AE:28:4A:25:2D:BD:EC:74:DC:71:E1:5E:23:9A:96:05:D8:4B:D7 + + +-----BEGIN CERTIFICATE----- +MIIBRjCB86ADAgECAgEAMAsGCSqGSIb3DQEBBTAXMRUwEwYKCZImiZPyLGQBARYF +c2ltb24wHhcNMDYxMjI3MDkyODI3WhcNMDYxMjI4MDkyODMwWjAXMRUwEwYKCZIm +iZPyLGQBARYFc2ltb24wWTALBgkqhkiG9w0BAQEDSgAwRwJAvaL8SJ7ATOlX0EgX +WG4fdOMV1YDbnTEL3Smi8wVFgHB4Av6coZLzhkfq9+k2jCgQ/fo/HXR7u/MOi5lE +BQ4RbwIDAQABoy8wLTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRerihKJS297HTc +ceFeI5qWBdhL1zALBgkqhkiG9w0BAQUDQQBUuTMcLeWAXr6ihKcEdMm+pIRc5XGb +5Y7m+47risTzyqpPnDzwXI4vJm4BxHmCQg8oarkBNHaKv7nA6hCFi48w +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/very-long-dn.pem b/tests/cert-tests/data/very-long-dn.pem new file mode 100644 index 0000000..072726c --- /dev/null +++ b/tests/cert-tests/data/very-long-dn.pem @@ -0,0 +1,340 @@ +X.509 Certificate Information: + Version: 1 + Serial Number (hex): 00c0fac954e19975f3 + Issuer: EMAIL=webmaster@dip-caceres.es,CN=www.dip-caceres.es,OU=DIPUTACION PROVINCIAL DE CACERES,O=DIPUTACION PROVINCIAL DE CACERES,L=CACERES,ST=CACERES,C=ES + Validity: + Not Before: Tue Jun 02 09:27:33 UTC 2015 + Not After: Fri May 30 09:27:33 UTC 2025 + Subject: 2.5.29.17=#1382304b444e532e313d6162616469612e65732c444e532e323d61626572747572612e65732c444e532e333d616365626f2e65732c444e532e343d61636568756368652e65732c444e532e353d6163656974756e612e65732c444e532e363d61686967616c2e65732c444e532e373d616c61676f6e64656c72696f2e65732c444e532e383d616c636f6c6c6172696e2e65732c444e532e393d6179746f616c62616c612e65732c444e532e31303d6179746f616c63616e746172612e65732c444e532e31313d616c637565736361722e65732c444e532e31323d616c64656163656e74656e6572612e65732c444e532e31333d616c64656164656c63616e6f2e65732c444e532e31343d6c61616c64656164656c6f626973706f2e65732c444e532e31353d616c6465616e7565766164656c61766572612e65732c444e532e31363d616c6465616e7565766164656c63616d696e6f2e65732c444e532e31373d616c64656875656c6164656c6a657274652e65732c444e532e31383d6179746f616c69612e65732c444e532e31393d616c69736564612e65732c444e532e32303d616c6d6172617a2e65732c444e532e32313d616c6d6f686172696e2e65732c444e532e32323d6179746f6172726f796f64656c616c757a2e65732c444e532e32333d6172726f796f6d6f6c696e6f732e65732c444e532e32343d6172726f796f6d6f6c696e6f7364656c61766572612e65732c444e532e32353d62616e6f7364656d6f6e74656d61796f722e65732c444e532e32363d6261727261646f2e65732c444e532e32373d62656c76697364656d6f6e726f792e65732c444e532e32383d62656e71756572656e6369612e65732c444e532e32393d626572726f63616c656a6f2e65732c444e532e33303d6265727a6f63616e612e65732c444e532e33313d626f686f6e616c646569626f722e65732c444e532e33323d626f74696a612e65732c444e532e33333d62726f7a61732e65732c444e532e33343d636162616e617364656c63617374696c6c6f2e65732c444e532e33353d636162657a6162656c6c6f73612e65732c444e532e33363d636162657a75656c6164656c76616c6c652e65732c444e532e33373d6361627265726f2e65732c444e532e33383d636163686f7272696c6c612e65732c444e532e33393d636164616c736f2e65732c444e532e34303d63616c7a6164696c6c612e65732c444e532e34313d63616d696e6f6d6f726973636f2e65732c444e532e34323d63616d70696c6c6f646564656c6569746f73612e65732c444e532e34333d63616d706f6c756761722e65732c444e532e34343d63616e616d65726f2e65732c444e532e34353d63616e61766572616c2e65732c444e532e34363d63617262616a6f2e65732c444e532e34373d6361726361626f736f2e65732c444e532e34383d63617272617363616c656a6f2e65732c444e532e34393d63617361726465636163657265732e65732c444e532e35303d6361736172646570616c6f6d65726f2e65732c444e532e35313d6361736172657364656c61736875726465732e65732c444e532e35323d63617361736465646f6e616e746f6e696f2e65732c444e532e35333d63617361736465646f6e676f6d657a2e65732c444e532e35343d636173617364656c63617374616e61722e65732c444e532e35353d636173617364656c6d6f6e74652e65732c444e532e35363d636173617364656d696c6c616e2e65732c444e532e35373d636173617364656d697261766574652e65732c444e532e35383d6361736174656a6164612e65732c444e532e35393d636173696c6c61736465636f7269612e65732c444e532e36303d63617374616e6172646569626f722e65732c444e532e36313d6365636c6176696e2e65732c444e532e36323d636564696c6c6f2e65732c444e532e36333d636572657a6f2e65732c444e532e36343d63696c6c65726f732e65732c444e532e36353d636f6c6c61646f2e65732c444e532e36363d636f6e71756973746164656c617369657272612e65732c444e532e36373d636f7269612e65732c444e532e36383d637561636f73646579757374652e65732c444e532e36393d6c6163756d6272652e65732c444e532e37303d64656c6569746f73612e65732c444e532e37313d64657363617267616d617269612e65732c444e532e37323d656c6a61732e65732c444e532e37333d657363757269616c2e65732c444e532e37343d667265736e65646f736f646569626f722e65732c444e532e37353d67616c697374656f2e65732c444e532e37363d6761726369617a2e65732c444e532e37373d6c6167617267616e74612e65732c444e532e37383d67617267616e74616c616f6c6c612e65732c444e532e37393d67617267616e74696c6c612e65732c444e532e38303d67617267756572612e65732c444e532e38313d676172726f76696c6c61736465616c636f6e657461722e65732c444e532e38323d67617276696e2e65732c444e532e38333d676174612e65732c444e532e38343d6179746f656c676f72646f2e65732c444e532e38353d6c616772616e6a612e65732c444e532e38363d6c616772616e6a6164656772616e6164696c6c612e65732c444e532e38373d6179756e74616d69656e746f646567756164616c7570652e65732c444e532e38383d6775696a6f6465636f7269612e65732c444e532e38393d6775696a6f646567616c697374656f2e65732c444e532e39303d6775696a6f64656772616e6164696c6c612e65732c444e532e39313d6775696a6f646573616e7461626172626172612e65732c444e532e39323d6865726775696a75656c612e65732c444e532e39333d6865726e616e706572657a2e65732c444e532e39343d686572726572616465616c63616e746172612e65732c444e532e39353d68657272657275656c612e65732c444e532e39363d6865727661732e65732c444e532e39373d686967756572612e65732c444e532e39383d68696e6f6a616c2e65732c444e532e39393d686f6c67756572612e65732c444e532e3130303d686f796f732e65732c444e532e3130313d6875656c6167612e65732c444e532e3130323d6962616865726e616e646f2e65732c444e532e3130333d6a6172616963656a6f2e65732c444e532e3130343d6a617261697a64656c61766572612e65732c444e532e3130353d6a6172616e64696c6c6164656c61766572612e65732c444e532e3130363d6a6172696c6c612e65732c444e532e3130373d6a657274652e65732c444e532e3130383d6c616472696c6c61722e65732c444e532e3130393d6c6f67726f73616e2e65732c444e532e3131303d6c6f73617264656c61766572612e65732c444e532e3131313d6d6164726967616c656a6f2e65732c444e532e3131323d6d6164726967616c64656c61766572612e65732c444e532e3131333d6d6164726f6e6572612e65732c444e532e3131343d6d616a616461732e65732c444e532e3131353d6d616c706172746964616465636163657265732e65732c444e532e3131363d6d616c706172746964616465706c6173656e6369612e65732c444e532e3131373d6d617263686167617a2e65732c444e532e3131383d6d6174616465616c63616e746172612e65732c444e532e3131393d6d656d6272696f2e65732c444e532e3132303d6d65736173646569626f722e65732c444e532e3132313d6d69616a616461732e65732c444e532e3132323d6d696c6c616e65732e65732c444e532e3132333d6d69726162656c2e65732c444e532e3132343d6d6f686564617364656772616e6164696c6c612e65732c444e532e3132353d6d6f6e726f792e65732c444e532e3132363d6d6f6e74616e6368657a2e65732c444e532e3132373d6d6f6e74656865726d6f736f2e65732c444e532e3132383d6d6f72616c656a612e65732c444e532e3132393d6d6f7263696c6c6f2e65732c444e532e3133303d6e617661636f6e63656a6f2e65732c444e532e3133313d6e6176616c76696c6c6172646569626f722e65732c444e532e3133323d6e6176616c6d6f72616c64656c616d6174612e65732c444e532e3133333d6e6176617364656c6d6164726f6e6f2e65732c444e532e3133343d6e6176617472617369657272612e65732c444e532e3133353d6e6176657a75656c61732e65732c444e532e3133363d6e756e6f6d6f72616c2e65732c444e532e3133373d6f6c6976616465706c6173656e6369612e65732c444e532e3133383d70616c6f6d65726f2e65732c444e532e3133393d70617361726f6e64656c61766572612e65732c444e532e3134303d706564726f736f64656163696d2e65732c444e532e3134313d706572616c65646164656c616d6174612e65732c444e532e3134323d706572616c656461646573616e726f6d616e2e65732c444e532e3134333d706572616c657364656c70756572746f2e65732c444e532e3134343d7065736375657a612e65732c444e532e3134353d6c6170657367612e65732c444e532e3134363d70696564726173616c6261732e65732c444e532e3134373d70696e6f6672616e71756561646f2e65732c444e532e3134383d70696f726e616c2e65732c444e532e3134393d706c6173656e7a75656c612e65732c444e532e3135303d706f7274616a652e65732c444e532e3135313d706f7274657a75656c6f2e65732c444e532e3135323d706f7a75656c6f64657a61727a6f6e2e65732c444e532e3135333d707565626c6f6e7565766f64656d6972616d6f6e7465732e65732c444e532e3135343d70756572746f646573616e74616372757a2e65732c444e532e3135353d7265626f6c6c61722e65732c444e532e3135363d72696f6c6f626f732e65732c444e532e3135373d726f626c6564696c6c6f6465676174612e65732c444e532e3135383d726f626c6564696c6c6f64656c61766572612e65732c444e532e3135393d726f626c6564696c6c6f64657472756a696c6c6f2c444e532e3136303d726f626c65646f6c6c616e6f2e65732c444e532e3136313d726f6d616e676f72646f2e65732c444e532e3136323d7275616e65732e65732c444e532e3136333d73616c6f72696e6f2e65732c444e532e3136343d73616c7661746965727261646573616e746961676f2e65732c444e532e3136353d73616e6d617274696e646574726576656a6f2e65732c444e532e3136363d6179746f73616e7461616e612e65732c444e532e3136373d73616e74616372757a64656c617369657272612e65732c444e532e3136383d73616e74616372757a646570616e69616775612e65732c444e532e3136393d73616e74616d6172746164656d6167617363612e65732c444e532e3137303d73616e746961676f64656c63616d706f2e65732c444e532e3137313d73616e746962616e657a656c616c746f2e65732c444e532e3137323d73616e746962616e657a656c62616a6f2e65732c444e532e3137333d736175636564696c6c612e65732c444e532e3137343d7365677572616465746f726f2e65732c444e532e3137353d736572726164696c6c612e65732c444e532e3137363d73657272656a6f6e2e65732c444e532e3137373d73696572726164656675656e7465732e65732c444e532e3137383d74616c6176616e2e65732c444e532e3137393d74616c6176657275656c6164656c61766572612e65732c444e532e3138303d74616c617975656c612e65732c444e532e3138313d74656a65646164657469657461722e65732c444e532e3138323d746f72696c2e65732c444e532e3138333d746f726e6176616361732e65732c444e532e3138343d6179746f656c746f726e6f2e65732c444e532e3138353d746f72726563696c6c6164656c6f73616e67656c65732e65732c444e532e3138363d746f72726563696c6c617364656c6174696573612e65732c444e532e3138373d746f7272656465646f6e6d696775656c2e65732c444e532e3138383d746f727265646573616e74616d617269612e65732c444e532e3138393d746f7272656a6f6e656c727562696f2e65732c444e532e3139303d746f7272656a6f6e63696c6c6f2e65732c444e532e3139313d746f7272656d656e67612e65732c444e532e3139323d746f7272656d6f6368612e65732c444e532e3139333d746f7272656f7267617a2e65732c444e532e3139343d746f7272657175656d6164612e65732c444e532e3139353d76616c64617374696c6c61732e65732c444e532e3139363d76616c646563616e6173646574616a6f2e65732c444e532e3139373d76616c64656675656e7465732e65732c444e532e3139383d76616c646568756e6361722e65732c444e532e3139393d76616c6465696e69676f732e65732c444e532e3230303d76616c64656c6163617361646574616a6f2e65732c444e532e3230313d76616c64656d6f72616c65732e65732c444e532e3230323d76616c64656f626973706f2e65732c444e532e3230333d76616c646573616c6f722e65732c444e532e3230343d76616c72696f2e65732c444e532e3230353d76616c656e6369616465616c63616e746172612e65732c444e532e3230363d76616c766572646564656c61766572612e65732c444e532e3230373d76616c766572646564656c667265736e6f2e65732c444e532e3230383d766567617669616e612e65732c444e532e3230393d7669616e64617264656c61766572612e65732c444e532e3231303d76696c6c6164656c63616d706f2e65732c444e532e3231313d76696c6c6164656c7265792e65732c444e532e3231323d76696c6c616d65736961732e65732c444e532e3231333d76696c6c616d69656c2e65732c444e532e3231343d76696c6c616e7565766164656c617369657272612e65732c444e532e3231353d76696c6c617264656c706564726f736f2e65732c444e532e3231363d76696c6c61726465706c6173656e6369612e65732c444e532e3231373d76696c6c61736275656e61736465676174612e65732c444e532e3231383d7a61727a6164656772616e6164696c6c612e65732c444e532e3231393d7a61727a6164656d6f6e74616e6368657a2e65732c444e532e3232303d7a61727a616c616d61796f722e65732c444e532e3232313d7a6f726974612e65732c444e532e3232323d726f73616c656a6f2e65732c444e532e3232333d766567617669616e612e65732c444e532e3232343d616c61676f6e64656c72696f2e65732c444e532e3232353d7469657461722e65732c444e532e3232363d76616c646573616c6f722e65732c444e532e3232373d6e6176617472617369657272612e65732c444e532e3232383d7269766572616465667265736e65646f73612e65732c444e532e3232393d656c6d73616e67696c2e65732c444e532e3233303d74616a6f73616c6f722e65732c444e532e3233313d76616c6c65616d62726f7a2e65732c444e532e3233323d6d616e636f6d756e6964616476616c6c6564656c616c61676f6e2e65732c444e532e3233333d6d616e636f6d756e6964616476616c6c6564656c6a657274652e65732c444e532e3233343d6d616e636f6d756e696461647665676173616c7461732e65732c444e532e3233353d6d616e636f6d756e6964616464656c61766572612e65732c444e532e3233363d6d616e636f6d756e696461647a6f6e6163656e74726f2e65732c444e532e3233373d76696c6c7565726361732d69626f7265732d6a6172612e65732c444e532e3233383d7777772e6162616469612e65732c444e532e3233393d7777772e61626572747572612e65732c444e532e3234303d7777772e616365626f2e65732c444e532e3234313d7777772e61636568756368652e65732c444e532e3234323d7777772e6163656974756e612e65732c444e532e3234333d7777772e61686967616c2e65732c444e532e3234343d7777772e616c61676f6e64656c72696f2e65732c444e532e3234353d7777772e616c636f6c6c6172696e2e65732c444e532e3234363d7777772e6179746f616c62616c612e65732c444e532e3234373d7777772e6179746f616c63616e746172612e65732c444e532e3234383d7777772e616c637565736361722e65732c444e532e3234393d7777772e616c64656163656e74656e6572612e65732c444e532e3235303d7777772e616c64656164656c63616e6f2e65732c444e532e3235313d7777772e6c61616c64656164656c6f626973706f2e65732c444e532e3235323d7777772e616c6465616e7565766164656c61766572612e65732c444e532e3235333d7777772e616c6465616e7565766164656c63616d696e6f2e65732c444e532e3235343d7777772e616c64656875656c6164656c6a657274652e65732c444e532e3235353d7777772e6179746f616c69612e65732c444e532e3235363d7777772e616c69736564612e65732c444e532e3235373d7777772e616c6d6172617a2e65732c444e532e3235383d7777772e616c6d6f686172696e2e65732c444e532e3235393d7777772e6179746f6172726f796f64656c616c757a2e65732c444e532e3236303d7777772e6172726f796f6d6f6c696e6f732e65732c444e532e3236313d7777772e6172726f796f6d6f6c696e6f7364656c61766572612e65732c444e532e3236323d7777772e62616e6f7364656d6f6e74656d61796f722e65732c444e532e3236333d7777772e6261727261646f2e65732c444e532e3236343d7777772e62656c76697364656d6f6e726f792e65732c444e532e3236353d7777772e62656e71756572656e6369612e65732c444e532e3236363d7777772e626572726f63616c656a6f2e65732c444e532e3236373d7777772e6265727a6f63616e612e65732c444e532e3236383d7777772e626f686f6e616c646569626f722e65732c444e532e3236393d7777772e626f74696a612e65732c444e532e3237303d7777772e62726f7a61732e65732c444e532e3237313d7777772e636162616e617364656c63617374696c6c6f2e65732c444e532e3237323d7777772e636162657a6162656c6c6f73612e65732c444e532e3237333d7777772e636162657a75656c6164656c76616c6c652e65732c444e532e3237343d7777772e6361627265726f2e65732c444e532e3237353d7777772e636163686f7272696c6c612e65732c444e532e3237363d7777772e636164616c736f2e65732c444e532e3237373d7777772e63616c7a6164696c6c612e65732c444e532e3237383d7777772e63616d696e6f6d6f726973636f2e65732c444e532e3237393d7777772e63616d70696c6c6f646564656c6569746f73612e65732c444e532e3238303d7777772e63616d706f6c756761722e65732c444e532e3238313d7777772e63616e616d65726f2e65732c444e532e3238323d7777772e63616e61766572616c2e65732c444e532e3238333d7777772e63617262616a6f2e65732c444e532e3238343d7777772e6361726361626f736f2e65732c444e532e3238353d7777772e63617272617363616c656a6f2e65732c444e532e3238363d7777772e63617361726465636163657265732e65732c444e532e3238373d7777772e6361736172646570616c6f6d65726f2e65732c444e532e3238383d7777772e6361736172657364656c61736875726465732e65732c444e532e3238393d7777772e63617361736465646f6e616e746f6e696f2e65732c444e532e3239303d7777772e63617361736465646f6e676f6d657a2e65732c444e532e3239313d7777772e636173617364656c63617374616e61722e65732c444e532e3239323d7777772e636173617364656c6d6f6e74652e65732c444e532e3239333d7777772e636173617364656d696c6c616e2e65732c444e532e3239343d7777772e636173617364656d697261766574652e65732c444e532e3239353d7777772e6361736174656a6164612e65732c444e532e3239363d7777772e636173696c6c61736465636f7269612e65732c444e532e3239373d7777772e63617374616e6172646569626f722e65732c444e532e3239383d7777772e6365636c6176696e2e65732c444e532e3239393d7777772e636564696c6c6f2e65732c444e532e3330303d7777772e636572657a6f2e65732c444e532e3330313d7777772e63696c6c65726f732e65732c444e532e3330323d7777772e636f6c6c61646f2e65732c444e532e3330333d7777772e636f6e71756973746164656c617369657272612e65732c444e532e3330343d7777772e636f7269612e65732c444e532e3330353d7777772e637561636f73646579757374652e65732c444e532e3330363d7777772e6c6163756d6272652e65732c444e532e3330373d7777772e64656c6569746f73612e65732c444e532e3330383d7777772e64657363617267616d617269612e65732c444e532e3330393d7777772e656c6a61732e65732c444e532e3331303d7777772e657363757269616c2e65732c444e532e3331313d7777772e667265736e65646f736f646569626f722e65732c444e532e3331323d7777772e67616c697374656f2e65732c444e532e3331333d7777772e6761726369617a2e65732c444e532e3331343d7777772e6c6167617267616e74612e65732c444e532e3331353d7777772e67617267616e74616c616f6c6c612e65732c444e532e3331363d7777772e67617267616e74696c6c612e65732c444e532e3331373d7777772e67617267756572612e65732c444e532e3331383d7777772e676172726f76696c6c61736465616c636f6e657461722e65732c444e532e3331393d7777772e67617276696e2e65732c444e532e3332303d7777772e676174612e65732c444e532e3332313d7777772e6179746f656c676f72646f2e65732c444e532e3332323d7777772e6c616772616e6a612e65732c444e532e3332333d7777772e6c616772616e6a6164656772616e6164696c6c612e65732c444e532e3332343d7777772e6179756e74616d69656e746f646567756164616c7570652e65732c444e532e3332353d7777772e6775696a6f6465636f7269612e65732c444e532e3332363d7777772e6775696a6f646567616c697374656f2e65732c444e532e3332373d7777772e6775696a6f64656772616e6164696c6c612e65732c444e532e3332383d7777772e6775696a6f646573616e7461626172626172612e65732c444e532e3332393d7777772e6865726775696a75656c612e65732c444e532e3333303d7777772e6865726e616e706572657a2e65732c444e532e3333313d7777772e686572726572616465616c63616e746172612e65732c444e532e3333323d7777772e68657272657275656c612e65732c444e532e3333333d7777772e6865727661732e65732c444e532e3333343d7777772e686967756572612e65732c444e532e3333353d7777772e68696e6f6a616c2e65732c444e532e3333363d7777772e686f6c67756572612e65732c444e532e3333373d7777772e686f796f732e65732c444e532e3333383d7777772e6875656c6167612e65732c444e532e3333393d7777772e6962616865726e616e646f2e65732c444e532e3334303d7777772e6a6172616963656a6f2e65732c444e532e3334313d7777772e6a617261697a64656c61766572612e65732c444e532e3334323d7777772e6a6172616e64696c6c6164656c61766572612e65732c444e532e3334333d7777772e6a6172696c6c612e65732c444e532e3334343d7777772e6a657274652e65732c444e532e3334353d7777772e6c616472696c6c61722e65732c444e532e3334363d7777772e6c6f67726f73616e2e65732c444e532e3334373d7777772e6c6f73617264656c61766572612e65732c444e532e3334383d7777772e6d6164726967616c656a6f2e65732c444e532e3334393d7777772e6d6164726967616c64656c61766572612e65732c444e532e3335303d7777772e6d6164726f6e6572612e65732c444e532e3335313d7777772e6d616a616461732e65732c444e532e3335323d7777772e6d616c706172746964616465636163657265732e65732c444e532e3335333d7777772e6d616c706172746964616465706c6173656e6369612e65732c444e532e3335343d7777772e6d617263686167617a2e65732c444e532e3335353d7777772e6d6174616465616c63616e746172612e65732c444e532e3335363d7777772e6d656d6272696f2e65732c444e532e3335373d7777772e6d65736173646569626f722e65732c444e532e3335383d7777772e6d69616a616461732e65732c444e532e3335393d7777772e6d696c6c616e65732e65732c444e532e3336303d7777772e6d69726162656c2e65732c444e532e3336313d7777772e6d6f686564617364656772616e6164696c6c612e65732c444e532e3336323d7777772e6d6f6e726f792e65732c444e532e3336333d7777772e6d6f6e74616e6368657a2e65732c444e532e3336343d7777772e6d6f6e74656865726d6f736f2e65732c444e532e3336353d7777772e6d6f72616c656a612e65732c444e532e3336363d7777772e6d6f7263696c6c6f2e65732c444e532e3336373d7777772e6e617661636f6e63656a6f2e65732c444e532e3336383d7777772e6e6176616c76696c6c6172646569626f722e65732c444e532e3336393d7777772e6e6176616c6d6f72616c64656c616d6174612e65732c444e532e3337303d7777772e6e6176617364656c6d6164726f6e6f2e65732c444e532e3337313d7777772e6e6176617472617369657272612e65732c444e532e3337323d7777772e6e6176657a75656c61732e65732c444e532e3337333d7777772e6e756e6f6d6f72616c2e65732c444e532e3337343d7777772e6f6c6976616465706c6173656e6369612e65732c444e532e3337353d7777772e70616c6f6d65726f2e65732c444e532e3337363d7777772e70617361726f6e64656c61766572612e65732c444e532e3337373d7777772e706564726f736f64656163696d2e65732c444e532e3337383d7777772e706572616c65646164656c616d6174612e65732c444e532e3337393d7777772e706572616c656461646573616e726f6d616e2e65732c444e532e3338303d7777772e706572616c657364656c70756572746f2e65732c444e532e3338313d7777772e7065736375657a612e65732c444e532e3338323d7777772e6c6170657367612e65732c444e532e3338333d7777772e70696564726173616c6261732e65732c444e532e3338343d7777772e70696e6f6672616e71756561646f2e65732c444e532e3338353d7777772e70696f726e616c2e65732c444e532e3338363d7777772e706c6173656e7a75656c612e65732c444e532e3338373d7777772e706f7274616a652e65732c444e532e3338383d7777772e706f7274657a75656c6f2e65732c444e532e3338393d7777772e706f7a75656c6f64657a61727a6f6e2e65732c444e532e3339303d7777772e707565626c6f6e7565766f64656d6972616d6f6e7465732e65732c444e532e3339313d7777772e70756572746f646573616e74616372757a2e65732c444e532e3339323d7777772e7265626f6c6c61722e65732c444e532e3339333d7777772e72696f6c6f626f732e65732c444e532e3339343d7777772e726f626c6564696c6c6f6465676174612e65732c444e532e3339353d7777772e726f626c6564696c6c6f64656c61766572612e65732c444e532e3339363d7777772e726f626c6564696c6c6f64657472756a696c6c6f2c444e532e3339373d7777772e726f626c65646f6c6c616e6f2e65732c444e532e3339383d7777772e726f6d616e676f72646f2e65732c444e532e3339393d7777772e7275616e65732e65732c444e532e3430303d7777772e73616c6f72696e6f2e65732c444e532e3430313d7777772e73616c7661746965727261646573616e746961676f2e65732c444e532e3430323d7777772e73616e6d617274696e646574726576656a6f2e65732c444e532e3430333d7777772e6179746f73616e7461616e612e65732c444e532e3430343d7777772e73616e74616372757a64656c617369657272612e65732c444e532e3430353d7777772e73616e74616372757a646570616e69616775612e65732c444e532e3430363d7777772e73616e74616d6172746164656d6167617363612e65732c444e532e3430373d7777772e73616e746961676f64656c63616d706f2e65732c444e532e3430383d7777772e73616e746962616e657a656c616c746f2e65732c444e532e3430393d7777772e73616e746962616e657a656c62616a6f2e65732c444e532e3431303d7777772e736175636564696c6c612e65732c444e532e3431313d7777772e7365677572616465746f726f2e65732c444e532e3431323d7777772e736572726164696c6c612e65732c444e532e3431333d7777772e73657272656a6f6e2e65732c444e532e3431343d7777772e73696572726164656675656e7465732e65732c444e532e3431353d7777772e74616c6176616e2e65732c444e532e3431363d7777772e74616c6176657275656c6164656c61766572612e65732c444e532e3431373d7777772e74616c617975656c612e65732c444e532e3431383d7777772e74656a65646164657469657461722e65732c444e532e3431393d7777772e746f72696c2e65732c444e532e3432303d7777772e746f726e6176616361732e65732c444e532e3432313d7777772e6179746f656c746f726e6f2e65732c444e532e3432323d7777772e746f72726563696c6c6164656c6f73616e67656c65732e65732c444e532e3432333d7777772e746f72726563696c6c617364656c6174696573612e65732c444e532e3432343d7777772e746f7272656465646f6e6d696775656c2e65732c444e532e3432353d7777772e746f727265646573616e74616d617269612e65732c444e532e3432363d7777772e746f7272656a6f6e656c727562696f2e65732c444e532e3432373d7777772e746f7272656a6f6e63696c6c6f2e65732c444e532e3432383d7777772e746f7272656d656e67612e65732c444e532e3432393d7777772e746f7272656d6f6368612e65732c444e532e3433303d7777772e746f7272656f7267617a2e65732c444e532e3433313d7777772e746f7272657175656d6164612e65732c444e532e3433323d7777772e76616c64617374696c6c61732e65732c444e532e3433333d7777772e76616c646563616e6173646574616a6f2e65732c444e532e3433343d7777772e76616c64656675656e7465732e65732c444e532e3433353d7777772e76616c646568756e6361722e65732c444e532e3433363d7777772e76616c6465696e69676f732e65732c444e532e3433373d7777772e76616c64656c6163617361646574616a6f2e65732c444e532e3433383d7777772e76616c64656d6f72616c65732e65732c444e532e3433393d7777772e76616c64656f626973706f2e65732c444e532e3434303d7777772e76616c646573616c6f722e65732c444e532e3434313d7777772e76616c72696f2e65732c444e532e3434323d7777772e76616c656e6369616465616c63616e746172612e65732c444e532e3434333d7777772e76616c766572646564656c61766572612e65732c444e532e3434343d7777772e76616c766572646564656c667265736e6f2e65732c444e532e3434353d7777772e766567617669616e612e65732c444e532e3434363d7777772e7669616e64617264656c61766572612e65732c444e532e3434373d7777772e76696c6c6164656c63616d706f2e65732c444e532e3434383d7777772e76696c6c6164656c7265792e65732c444e532e3434393d7777772e76696c6c616d65736961732e65732c444e532e3435303d7777772e76696c6c616d69656c2e65732c444e532e3435313d7777772e76696c6c616e7565766164656c617369657272612e65732c444e532e3435323d7777772e76696c6c617264656c706564726f736f2e65732c444e532e3435333d7777772e76696c6c61726465706c6173656e6369612e65732c444e532e3435343d7777772e76696c6c61736275656e61736465676174612e65732c444e532e3435353d7777772e7a61727a6164656772616e6164696c6c612e65732c444e532e3435363d7777772e7a61727a6164656d6f6e74616e6368657a2e65732c444e532e3435373d7777772e7a61727a616c616d61796f722e65732c444e532e3435383d7777772e7a6f726974612e65732c444e532e3435393d7777772e726f73616c656a6f2e65732c444e532e3436303d7777772e766567617669616e612e65732c444e532e3436313d7777772e616c61676f6e64656c72696f2e65732c444e532e3436323d7777772e7469657461722e65732c444e532e3436333d7777772e76616c646573616c6f722e65732c444e532e3436343d7777772e6e6176617472617369657272612e65732c444e532e3436353d7777772e7269766572616465667265736e65646f73612e65732c444e532e3436363d7777772e656c6d73616e67696c2e65732c444e532e3436373d7777772e74616a6f73616c6f722e65732c444e532e3436383d7777772e76616c6c65616d62726f7a2e65732c444e532e3436393d7777772e6d616e636f6d756e6964616476616c6c6564656c616c61676f6e2e65732c444e532e3437303d7777772e6d616e636f6d756e6964616476616c6c6564656c6a657274652e65732c444e532e3437313d7777772e6d616e636f6d756e696461647665676173616c7461732e65732c444e532e3437323d7777772e6d616e636f6d756e6964616464656c61766572612e65732c444e532e3437333d7777772e6d616e636f6d756e696461647a6f6e6163656e74726f2e65732c444e532e3437343d7777772e76696c6c7565726361732d69626f7265732d6a6172612e6573,EMAIL=webmaster@dip-caceres.es,CN=www.dip-caceres.es,OU=DIPUTACION PROVINCIAL DE CACERES,O=DIPUTACION PROVINCIAL DE CACERES,L=CACERES,ST=CACERES,C=ES + Subject Public Key Algorithm: RSA + Algorithm Security Level: Medium (2048 bits) + Modulus (bits 2048): + 00:e5:40:1f:09:a6:9e:ee:30:8f:98:40:be:27:fd:36 + ca:9b:60:c4:2e:9a:75:bf:49:86:3a:6d:d6:d3:02:56 + 95:1e:ac:ed:93:d8:ee:76:ac:37:2d:82:e6:93:1f:9e + fb:17:79:67:1a:33:fb:27:ed:05:81:e6:cc:bf:a6:76 + 70:1f:f2:43:4f:4d:a2:f6:c6:7c:a6:87:87:01:9b:e3 + 9e:94:07:e2:18:0b:9d:c5:f4:e2:a0:87:ef:73:58:7e + c8:4c:f9:52:cd:8d:91:b7:d1:94:8f:d1:6e:04:2c:28 + e2:22:ec:e5:30:c3:51:8a:a9:7c:ee:5a:60:0e:55:85 + 39:20:97:5e:08:34:12:78:8b:40:06:36:23:77:f1:14 + 33:d0:30:65:76:2e:8d:b2:da:98:12:2c:58:70:f1:ee + 7d:e0:fa:9c:34:36:f8:1f:6b:6c:e9:8b:2c:ca:2b:d9 + f2:17:71:a5:35:32:38:49:94:f8:33:5e:27:34:98:f6 + 7c:97:4d:4d:3d:de:1b:b5:3a:d7:28:5b:51:50:6a:37 + 82:5a:af:12:a9:fc:06:a2:dd:a3:30:45:4c:d1:26:be + a8:8a:53:09:61:60:13:31:33:2d:e5:f8:f8:bc:40:5a + 5e:64:b7:8c:ce:32:61:a3:13:fa:d1:8c:b2:e4:06:88 + c7 + Exponent (bits 24): + 01:00:01 + Signature Algorithm: RSA-SHA256 + Signature: + 06:72:19:1c:fa:0f:48:e6:8f:e2:c4:7f:e8:66:de:10 + 91:03:c7:a7:86:5e:09:52:56:89:62:73:5c:39:53:d1 + 95:b9:aa:39:59:4d:93:45:a8:b1:81:d5:ef:c1:96:6d + e2:d6:f4:64:f3:16:c8:ee:d4:73:94:be:f1:62:2c:d4 + af:a3:c4:5a:09:a8:95:7f:60:ef:a6:7f:72:60:ce:2a + 83:f3:4f:de:8b:ce:0c:22:2c:23:8a:23:15:7b:9f:e7 + 85:f6:5b:1d:e9:2d:4e:fb:11:30:0a:78:f1:9c:eb:82 + 5a:46:7e:a9:ae:6f:5a:fe:be:47:bf:bb:91:63:5e:6b + c5:35:a8:36:50:7a:ee:9f:58:5f:c1:ee:d9:1d:13:39 + ae:08:3c:ee:7c:49:e4:22:a1:dd:58:62:9e:f5:57:98 + e5:ed:e9:6c:f1:6e:7c:ab:6c:39:e7:a6:23:80:3a:47 + de:fe:4f:87:a8:3d:77:d9:bb:df:85:91:d0:80:07:18 + 63:5f:fd:07:d5:30:21:34:ec:62:f0:6f:e0:55:45:19 + b5:23:21:2c:74:03:2b:02:e3:7f:6f:36:48:4e:cb:21 + cc:22:9f:43:0a:5a:fe:07:38:ef:d4:26:14:3d:ac:23 + 46:66:78:27:94:c3:b2:8b:35:e2:f9:f2:63:4e:b0:00 +Other Information: + Fingerprint: + sha1:a8777344231982af097f0d7074ca7d151d819b70 + sha256:8f54c2adbf5b935c2f4e59dad04fec2d483e051a0740a7380dd70992cb0ba9e8 + Public Key ID: + sha1:914b5c4688e78013a7c1953e7780298ffb2174b9 + sha256:2ffa41e756b2e63e1f09231b695d42ffaa1e16b143646b46203e364772cd91f8 + Public Key PIN: + pin-sha256:L/pB51ay5j4fCSMbaV1C/6oeFrFDZGtGID42R3LNkfg= + +-----BEGIN CERTIFICATE----- +MII0dTCCM10CCQDA+slU4Zl18zANBgkqhkiG9w0BAQsFADCBzTELMAkGA1UEBhMC +RVMxEDAOBgNVBAgTB0NBQ0VSRVMxEDAOBgNVBAcTB0NBQ0VSRVMxKTAnBgNVBAoT +IERJUFVUQUNJT04gUFJPVklOQ0lBTCBERSBDQUNFUkVTMSkwJwYDVQQLEyBESVBV +VEFDSU9OIFBST1ZJTkNJQUwgREUgQ0FDRVJFUzEbMBkGA1UEAxMSd3d3LmRpcC1j +YWNlcmVzLmVzMScwJQYJKoZIhvcNAQkBFhh3ZWJtYXN0ZXJAZGlwLWNhY2VyZXMu +ZXMwHhcNMTUwNjAyMDkyNzMzWhcNMjUwNTMwMDkyNzMzWjCCMSkxCzAJBgNVBAYT +AkVTMRAwDgYDVQQIEwdDQUNFUkVTMRAwDgYDVQQHEwdDQUNFUkVTMSkwJwYDVQQK +EyBESVBVVEFDSU9OIFBST1ZJTkNJQUwgREUgQ0FDRVJFUzEpMCcGA1UECxMgRElQ +VVRBQ0lPTiBQUk9WSU5DSUFMIERFIENBQ0VSRVMxGzAZBgNVBAMTEnd3dy5kaXAt +Y2FjZXJlcy5lczEnMCUGCSqGSIb3DQEJARYYd2VibWFzdGVyQGRpcC1jYWNlcmVz +LmVzMYIwWDCCMFQGA1UdEROCMEtETlMuMT1hYmFkaWEuZXMsRE5TLjI9YWJlcnR1 +cmEuZXMsRE5TLjM9YWNlYm8uZXMsRE5TLjQ9YWNlaHVjaGUuZXMsRE5TLjU9YWNl +aXR1bmEuZXMsRE5TLjY9YWhpZ2FsLmVzLEROUy43PWFsYWdvbmRlbHJpby5lcyxE +TlMuOD1hbGNvbGxhcmluLmVzLEROUy45PWF5dG9hbGJhbGEuZXMsRE5TLjEwPWF5 +dG9hbGNhbnRhcmEuZXMsRE5TLjExPWFsY3Vlc2Nhci5lcyxETlMuMTI9YWxkZWFj +ZW50ZW5lcmEuZXMsRE5TLjEzPWFsZGVhZGVsY2Fuby5lcyxETlMuMTQ9bGFhbGRl +YWRlbG9iaXNwby5lcyxETlMuMTU9YWxkZWFudWV2YWRlbGF2ZXJhLmVzLEROUy4x +Nj1hbGRlYW51ZXZhZGVsY2FtaW5vLmVzLEROUy4xNz1hbGRlaHVlbGFkZWxqZXJ0 +ZS5lcyxETlMuMTg9YXl0b2FsaWEuZXMsRE5TLjE5PWFsaXNlZGEuZXMsRE5TLjIw +PWFsbWFyYXouZXMsRE5TLjIxPWFsbW9oYXJpbi5lcyxETlMuMjI9YXl0b2Fycm95 +b2RlbGFsdXouZXMsRE5TLjIzPWFycm95b21vbGlub3MuZXMsRE5TLjI0PWFycm95 +b21vbGlub3NkZWxhdmVyYS5lcyxETlMuMjU9YmFub3NkZW1vbnRlbWF5b3IuZXMs +RE5TLjI2PWJhcnJhZG8uZXMsRE5TLjI3PWJlbHZpc2RlbW9ucm95LmVzLEROUy4y +OD1iZW5xdWVyZW5jaWEuZXMsRE5TLjI5PWJlcnJvY2FsZWpvLmVzLEROUy4zMD1i +ZXJ6b2NhbmEuZXMsRE5TLjMxPWJvaG9uYWxkZWlib3IuZXMsRE5TLjMyPWJvdGlq +YS5lcyxETlMuMzM9YnJvemFzLmVzLEROUy4zND1jYWJhbmFzZGVsY2FzdGlsbG8u +ZXMsRE5TLjM1PWNhYmV6YWJlbGxvc2EuZXMsRE5TLjM2PWNhYmV6dWVsYWRlbHZh +bGxlLmVzLEROUy4zNz1jYWJyZXJvLmVzLEROUy4zOD1jYWNob3JyaWxsYS5lcyxE +TlMuMzk9Y2FkYWxzby5lcyxETlMuNDA9Y2FsemFkaWxsYS5lcyxETlMuNDE9Y2Ft +aW5vbW9yaXNjby5lcyxETlMuNDI9Y2FtcGlsbG9kZWRlbGVpdG9zYS5lcyxETlMu +NDM9Y2FtcG9sdWdhci5lcyxETlMuNDQ9Y2FuYW1lcm8uZXMsRE5TLjQ1PWNhbmF2 +ZXJhbC5lcyxETlMuNDY9Y2FyYmFqby5lcyxETlMuNDc9Y2FyY2Fib3NvLmVzLERO +Uy40OD1jYXJyYXNjYWxlam8uZXMsRE5TLjQ5PWNhc2FyZGVjYWNlcmVzLmVzLERO +Uy41MD1jYXNhcmRlcGFsb21lcm8uZXMsRE5TLjUxPWNhc2FyZXNkZWxhc2h1cmRl +cy5lcyxETlMuNTI9Y2FzYXNkZWRvbmFudG9uaW8uZXMsRE5TLjUzPWNhc2FzZGVk +b25nb21lei5lcyxETlMuNTQ9Y2FzYXNkZWxjYXN0YW5hci5lcyxETlMuNTU9Y2Fz +YXNkZWxtb250ZS5lcyxETlMuNTY9Y2FzYXNkZW1pbGxhbi5lcyxETlMuNTc9Y2Fz +YXNkZW1pcmF2ZXRlLmVzLEROUy41OD1jYXNhdGVqYWRhLmVzLEROUy41OT1jYXNp +bGxhc2RlY29yaWEuZXMsRE5TLjYwPWNhc3RhbmFyZGVpYm9yLmVzLEROUy42MT1j +ZWNsYXZpbi5lcyxETlMuNjI9Y2VkaWxsby5lcyxETlMuNjM9Y2VyZXpvLmVzLERO +Uy42ND1jaWxsZXJvcy5lcyxETlMuNjU9Y29sbGFkby5lcyxETlMuNjY9Y29ucXVp +c3RhZGVsYXNpZXJyYS5lcyxETlMuNjc9Y29yaWEuZXMsRE5TLjY4PWN1YWNvc2Rl +eXVzdGUuZXMsRE5TLjY5PWxhY3VtYnJlLmVzLEROUy43MD1kZWxlaXRvc2EuZXMs +RE5TLjcxPWRlc2NhcmdhbWFyaWEuZXMsRE5TLjcyPWVsamFzLmVzLEROUy43Mz1l +c2N1cmlhbC5lcyxETlMuNzQ9ZnJlc25lZG9zb2RlaWJvci5lcyxETlMuNzU9Z2Fs +aXN0ZW8uZXMsRE5TLjc2PWdhcmNpYXouZXMsRE5TLjc3PWxhZ2FyZ2FudGEuZXMs +RE5TLjc4PWdhcmdhbnRhbGFvbGxhLmVzLEROUy43OT1nYXJnYW50aWxsYS5lcyxE +TlMuODA9Z2FyZ3VlcmEuZXMsRE5TLjgxPWdhcnJvdmlsbGFzZGVhbGNvbmV0YXIu +ZXMsRE5TLjgyPWdhcnZpbi5lcyxETlMuODM9Z2F0YS5lcyxETlMuODQ9YXl0b2Vs +Z29yZG8uZXMsRE5TLjg1PWxhZ3JhbmphLmVzLEROUy44Nj1sYWdyYW5qYWRlZ3Jh +bmFkaWxsYS5lcyxETlMuODc9YXl1bnRhbWllbnRvZGVndWFkYWx1cGUuZXMsRE5T +Ljg4PWd1aWpvZGVjb3JpYS5lcyxETlMuODk9Z3Vpam9kZWdhbGlzdGVvLmVzLERO +Uy45MD1ndWlqb2RlZ3JhbmFkaWxsYS5lcyxETlMuOTE9Z3Vpam9kZXNhbnRhYmFy +YmFyYS5lcyxETlMuOTI9aGVyZ3VpanVlbGEuZXMsRE5TLjkzPWhlcm5hbnBlcmV6 +LmVzLEROUy45ND1oZXJyZXJhZGVhbGNhbnRhcmEuZXMsRE5TLjk1PWhlcnJlcnVl +bGEuZXMsRE5TLjk2PWhlcnZhcy5lcyxETlMuOTc9aGlndWVyYS5lcyxETlMuOTg9 +aGlub2phbC5lcyxETlMuOTk9aG9sZ3VlcmEuZXMsRE5TLjEwMD1ob3lvcy5lcyxE +TlMuMTAxPWh1ZWxhZ2EuZXMsRE5TLjEwMj1pYmFoZXJuYW5kby5lcyxETlMuMTAz +PWphcmFpY2Vqby5lcyxETlMuMTA0PWphcmFpemRlbGF2ZXJhLmVzLEROUy4xMDU9 +amFyYW5kaWxsYWRlbGF2ZXJhLmVzLEROUy4xMDY9amFyaWxsYS5lcyxETlMuMTA3 +PWplcnRlLmVzLEROUy4xMDg9bGFkcmlsbGFyLmVzLEROUy4xMDk9bG9ncm9zYW4u +ZXMsRE5TLjExMD1sb3NhcmRlbGF2ZXJhLmVzLEROUy4xMTE9bWFkcmlnYWxlam8u +ZXMsRE5TLjExMj1tYWRyaWdhbGRlbGF2ZXJhLmVzLEROUy4xMTM9bWFkcm9uZXJh +LmVzLEROUy4xMTQ9bWFqYWRhcy5lcyxETlMuMTE1PW1hbHBhcnRpZGFkZWNhY2Vy +ZXMuZXMsRE5TLjExNj1tYWxwYXJ0aWRhZGVwbGFzZW5jaWEuZXMsRE5TLjExNz1t +YXJjaGFnYXouZXMsRE5TLjExOD1tYXRhZGVhbGNhbnRhcmEuZXMsRE5TLjExOT1t +ZW1icmlvLmVzLEROUy4xMjA9bWVzYXNkZWlib3IuZXMsRE5TLjEyMT1taWFqYWRh +cy5lcyxETlMuMTIyPW1pbGxhbmVzLmVzLEROUy4xMjM9bWlyYWJlbC5lcyxETlMu +MTI0PW1vaGVkYXNkZWdyYW5hZGlsbGEuZXMsRE5TLjEyNT1tb25yb3kuZXMsRE5T +LjEyNj1tb250YW5jaGV6LmVzLEROUy4xMjc9bW9udGVoZXJtb3NvLmVzLEROUy4x +Mjg9bW9yYWxlamEuZXMsRE5TLjEyOT1tb3JjaWxsby5lcyxETlMuMTMwPW5hdmFj +b25jZWpvLmVzLEROUy4xMzE9bmF2YWx2aWxsYXJkZWlib3IuZXMsRE5TLjEzMj1u +YXZhbG1vcmFsZGVsYW1hdGEuZXMsRE5TLjEzMz1uYXZhc2RlbG1hZHJvbm8uZXMs +RE5TLjEzND1uYXZhdHJhc2llcnJhLmVzLEROUy4xMzU9bmF2ZXp1ZWxhcy5lcyxE +TlMuMTM2PW51bm9tb3JhbC5lcyxETlMuMTM3PW9saXZhZGVwbGFzZW5jaWEuZXMs +RE5TLjEzOD1wYWxvbWVyby5lcyxETlMuMTM5PXBhc2Fyb25kZWxhdmVyYS5lcyxE +TlMuMTQwPXBlZHJvc29kZWFjaW0uZXMsRE5TLjE0MT1wZXJhbGVkYWRlbGFtYXRh +LmVzLEROUy4xNDI9cGVyYWxlZGFkZXNhbnJvbWFuLmVzLEROUy4xNDM9cGVyYWxl +c2RlbHB1ZXJ0by5lcyxETlMuMTQ0PXBlc2N1ZXphLmVzLEROUy4xNDU9bGFwZXNn +YS5lcyxETlMuMTQ2PXBpZWRyYXNhbGJhcy5lcyxETlMuMTQ3PXBpbm9mcmFucXVl +YWRvLmVzLEROUy4xNDg9cGlvcm5hbC5lcyxETlMuMTQ5PXBsYXNlbnp1ZWxhLmVz +LEROUy4xNTA9cG9ydGFqZS5lcyxETlMuMTUxPXBvcnRlenVlbG8uZXMsRE5TLjE1 +Mj1wb3p1ZWxvZGV6YXJ6b24uZXMsRE5TLjE1Mz1wdWVibG9udWV2b2RlbWlyYW1v +bnRlcy5lcyxETlMuMTU0PXB1ZXJ0b2Rlc2FudGFjcnV6LmVzLEROUy4xNTU9cmVi +b2xsYXIuZXMsRE5TLjE1Nj1yaW9sb2Jvcy5lcyxETlMuMTU3PXJvYmxlZGlsbG9k +ZWdhdGEuZXMsRE5TLjE1OD1yb2JsZWRpbGxvZGVsYXZlcmEuZXMsRE5TLjE1OT1y +b2JsZWRpbGxvZGV0cnVqaWxsbyxETlMuMTYwPXJvYmxlZG9sbGFuby5lcyxETlMu +MTYxPXJvbWFuZ29yZG8uZXMsRE5TLjE2Mj1ydWFuZXMuZXMsRE5TLjE2Mz1zYWxv +cmluby5lcyxETlMuMTY0PXNhbHZhdGllcnJhZGVzYW50aWFnby5lcyxETlMuMTY1 +PXNhbm1hcnRpbmRldHJldmVqby5lcyxETlMuMTY2PWF5dG9zYW50YWFuYS5lcyxE +TlMuMTY3PXNhbnRhY3J1emRlbGFzaWVycmEuZXMsRE5TLjE2OD1zYW50YWNydXpk +ZXBhbmlhZ3VhLmVzLEROUy4xNjk9c2FudGFtYXJ0YWRlbWFnYXNjYS5lcyxETlMu +MTcwPXNhbnRpYWdvZGVsY2FtcG8uZXMsRE5TLjE3MT1zYW50aWJhbmV6ZWxhbHRv +LmVzLEROUy4xNzI9c2FudGliYW5lemVsYmFqby5lcyxETlMuMTczPXNhdWNlZGls +bGEuZXMsRE5TLjE3ND1zZWd1cmFkZXRvcm8uZXMsRE5TLjE3NT1zZXJyYWRpbGxh +LmVzLEROUy4xNzY9c2VycmVqb24uZXMsRE5TLjE3Nz1zaWVycmFkZWZ1ZW50ZXMu +ZXMsRE5TLjE3OD10YWxhdmFuLmVzLEROUy4xNzk9dGFsYXZlcnVlbGFkZWxhdmVy +YS5lcyxETlMuMTgwPXRhbGF5dWVsYS5lcyxETlMuMTgxPXRlamVkYWRldGlldGFy +LmVzLEROUy4xODI9dG9yaWwuZXMsRE5TLjE4Mz10b3JuYXZhY2FzLmVzLEROUy4x +ODQ9YXl0b2VsdG9ybm8uZXMsRE5TLjE4NT10b3JyZWNpbGxhZGVsb3NhbmdlbGVz +LmVzLEROUy4xODY9dG9ycmVjaWxsYXNkZWxhdGllc2EuZXMsRE5TLjE4Nz10b3Jy +ZWRlZG9ubWlndWVsLmVzLEROUy4xODg9dG9ycmVkZXNhbnRhbWFyaWEuZXMsRE5T +LjE4OT10b3JyZWpvbmVscnViaW8uZXMsRE5TLjE5MD10b3JyZWpvbmNpbGxvLmVz +LEROUy4xOTE9dG9ycmVtZW5nYS5lcyxETlMuMTkyPXRvcnJlbW9jaGEuZXMsRE5T +LjE5Mz10b3JyZW9yZ2F6LmVzLEROUy4xOTQ9dG9ycmVxdWVtYWRhLmVzLEROUy4x +OTU9dmFsZGFzdGlsbGFzLmVzLEROUy4xOTY9dmFsZGVjYW5hc2RldGFqby5lcyxE +TlMuMTk3PXZhbGRlZnVlbnRlcy5lcyxETlMuMTk4PXZhbGRlaHVuY2FyLmVzLERO +Uy4xOTk9dmFsZGVpbmlnb3MuZXMsRE5TLjIwMD12YWxkZWxhY2FzYWRldGFqby5l +cyxETlMuMjAxPXZhbGRlbW9yYWxlcy5lcyxETlMuMjAyPXZhbGRlb2Jpc3BvLmVz +LEROUy4yMDM9dmFsZGVzYWxvci5lcyxETlMuMjA0PXZhbHJpby5lcyxETlMuMjA1 +PXZhbGVuY2lhZGVhbGNhbnRhcmEuZXMsRE5TLjIwNj12YWx2ZXJkZWRlbGF2ZXJh +LmVzLEROUy4yMDc9dmFsdmVyZGVkZWxmcmVzbm8uZXMsRE5TLjIwOD12ZWdhdmlh +bmEuZXMsRE5TLjIwOT12aWFuZGFyZGVsYXZlcmEuZXMsRE5TLjIxMD12aWxsYWRl +bGNhbXBvLmVzLEROUy4yMTE9dmlsbGFkZWxyZXkuZXMsRE5TLjIxMj12aWxsYW1l +c2lhcy5lcyxETlMuMjEzPXZpbGxhbWllbC5lcyxETlMuMjE0PXZpbGxhbnVldmFk +ZWxhc2llcnJhLmVzLEROUy4yMTU9dmlsbGFyZGVscGVkcm9zby5lcyxETlMuMjE2 +PXZpbGxhcmRlcGxhc2VuY2lhLmVzLEROUy4yMTc9dmlsbGFzYnVlbmFzZGVnYXRh +LmVzLEROUy4yMTg9emFyemFkZWdyYW5hZGlsbGEuZXMsRE5TLjIxOT16YXJ6YWRl +bW9udGFuY2hlei5lcyxETlMuMjIwPXphcnphbGFtYXlvci5lcyxETlMuMjIxPXpv +cml0YS5lcyxETlMuMjIyPXJvc2FsZWpvLmVzLEROUy4yMjM9dmVnYXZpYW5hLmVz +LEROUy4yMjQ9YWxhZ29uZGVscmlvLmVzLEROUy4yMjU9dGlldGFyLmVzLEROUy4y +MjY9dmFsZGVzYWxvci5lcyxETlMuMjI3PW5hdmF0cmFzaWVycmEuZXMsRE5TLjIy +OD1yaXZlcmFkZWZyZXNuZWRvc2EuZXMsRE5TLjIyOT1lbG1zYW5naWwuZXMsRE5T +LjIzMD10YWpvc2Fsb3IuZXMsRE5TLjIzMT12YWxsZWFtYnJvei5lcyxETlMuMjMy +PW1hbmNvbXVuaWRhZHZhbGxlZGVsYWxhZ29uLmVzLEROUy4yMzM9bWFuY29tdW5p +ZGFkdmFsbGVkZWxqZXJ0ZS5lcyxETlMuMjM0PW1hbmNvbXVuaWRhZHZlZ2FzYWx0 +YXMuZXMsRE5TLjIzNT1tYW5jb211bmlkYWRkZWxhdmVyYS5lcyxETlMuMjM2PW1h +bmNvbXVuaWRhZHpvbmFjZW50cm8uZXMsRE5TLjIzNz12aWxsdWVyY2FzLWlib3Jl +cy1qYXJhLmVzLEROUy4yMzg9d3d3LmFiYWRpYS5lcyxETlMuMjM5PXd3dy5hYmVy +dHVyYS5lcyxETlMuMjQwPXd3dy5hY2Viby5lcyxETlMuMjQxPXd3dy5hY2VodWNo +ZS5lcyxETlMuMjQyPXd3dy5hY2VpdHVuYS5lcyxETlMuMjQzPXd3dy5haGlnYWwu +ZXMsRE5TLjI0ND13d3cuYWxhZ29uZGVscmlvLmVzLEROUy4yNDU9d3d3LmFsY29s +bGFyaW4uZXMsRE5TLjI0Nj13d3cuYXl0b2FsYmFsYS5lcyxETlMuMjQ3PXd3dy5h +eXRvYWxjYW50YXJhLmVzLEROUy4yNDg9d3d3LmFsY3Vlc2Nhci5lcyxETlMuMjQ5 +PXd3dy5hbGRlYWNlbnRlbmVyYS5lcyxETlMuMjUwPXd3dy5hbGRlYWRlbGNhbm8u +ZXMsRE5TLjI1MT13d3cubGFhbGRlYWRlbG9iaXNwby5lcyxETlMuMjUyPXd3dy5h +bGRlYW51ZXZhZGVsYXZlcmEuZXMsRE5TLjI1Mz13d3cuYWxkZWFudWV2YWRlbGNh +bWluby5lcyxETlMuMjU0PXd3dy5hbGRlaHVlbGFkZWxqZXJ0ZS5lcyxETlMuMjU1 +PXd3dy5heXRvYWxpYS5lcyxETlMuMjU2PXd3dy5hbGlzZWRhLmVzLEROUy4yNTc9 +d3d3LmFsbWFyYXouZXMsRE5TLjI1OD13d3cuYWxtb2hhcmluLmVzLEROUy4yNTk9 +d3d3LmF5dG9hcnJveW9kZWxhbHV6LmVzLEROUy4yNjA9d3d3LmFycm95b21vbGlu +b3MuZXMsRE5TLjI2MT13d3cuYXJyb3lvbW9saW5vc2RlbGF2ZXJhLmVzLEROUy4y +NjI9d3d3LmJhbm9zZGVtb250ZW1heW9yLmVzLEROUy4yNjM9d3d3LmJhcnJhZG8u +ZXMsRE5TLjI2ND13d3cuYmVsdmlzZGVtb25yb3kuZXMsRE5TLjI2NT13d3cuYmVu +cXVlcmVuY2lhLmVzLEROUy4yNjY9d3d3LmJlcnJvY2FsZWpvLmVzLEROUy4yNjc9 +d3d3LmJlcnpvY2FuYS5lcyxETlMuMjY4PXd3dy5ib2hvbmFsZGVpYm9yLmVzLERO +Uy4yNjk9d3d3LmJvdGlqYS5lcyxETlMuMjcwPXd3dy5icm96YXMuZXMsRE5TLjI3 +MT13d3cuY2FiYW5hc2RlbGNhc3RpbGxvLmVzLEROUy4yNzI9d3d3LmNhYmV6YWJl +bGxvc2EuZXMsRE5TLjI3Mz13d3cuY2FiZXp1ZWxhZGVsdmFsbGUuZXMsRE5TLjI3 +ND13d3cuY2FicmVyby5lcyxETlMuMjc1PXd3dy5jYWNob3JyaWxsYS5lcyxETlMu +Mjc2PXd3dy5jYWRhbHNvLmVzLEROUy4yNzc9d3d3LmNhbHphZGlsbGEuZXMsRE5T +LjI3OD13d3cuY2FtaW5vbW9yaXNjby5lcyxETlMuMjc5PXd3dy5jYW1waWxsb2Rl +ZGVsZWl0b3NhLmVzLEROUy4yODA9d3d3LmNhbXBvbHVnYXIuZXMsRE5TLjI4MT13 +d3cuY2FuYW1lcm8uZXMsRE5TLjI4Mj13d3cuY2FuYXZlcmFsLmVzLEROUy4yODM9 +d3d3LmNhcmJham8uZXMsRE5TLjI4ND13d3cuY2FyY2Fib3NvLmVzLEROUy4yODU9 +d3d3LmNhcnJhc2NhbGVqby5lcyxETlMuMjg2PXd3dy5jYXNhcmRlY2FjZXJlcy5l +cyxETlMuMjg3PXd3dy5jYXNhcmRlcGFsb21lcm8uZXMsRE5TLjI4OD13d3cuY2Fz +YXJlc2RlbGFzaHVyZGVzLmVzLEROUy4yODk9d3d3LmNhc2FzZGVkb25hbnRvbmlv +LmVzLEROUy4yOTA9d3d3LmNhc2FzZGVkb25nb21lei5lcyxETlMuMjkxPXd3dy5j +YXNhc2RlbGNhc3RhbmFyLmVzLEROUy4yOTI9d3d3LmNhc2FzZGVsbW9udGUuZXMs +RE5TLjI5Mz13d3cuY2FzYXNkZW1pbGxhbi5lcyxETlMuMjk0PXd3dy5jYXNhc2Rl +bWlyYXZldGUuZXMsRE5TLjI5NT13d3cuY2FzYXRlamFkYS5lcyxETlMuMjk2PXd3 +dy5jYXNpbGxhc2RlY29yaWEuZXMsRE5TLjI5Nz13d3cuY2FzdGFuYXJkZWlib3Iu +ZXMsRE5TLjI5OD13d3cuY2VjbGF2aW4uZXMsRE5TLjI5OT13d3cuY2VkaWxsby5l +cyxETlMuMzAwPXd3dy5jZXJlem8uZXMsRE5TLjMwMT13d3cuY2lsbGVyb3MuZXMs +RE5TLjMwMj13d3cuY29sbGFkby5lcyxETlMuMzAzPXd3dy5jb25xdWlzdGFkZWxh +c2llcnJhLmVzLEROUy4zMDQ9d3d3LmNvcmlhLmVzLEROUy4zMDU9d3d3LmN1YWNv +c2RleXVzdGUuZXMsRE5TLjMwNj13d3cubGFjdW1icmUuZXMsRE5TLjMwNz13d3cu +ZGVsZWl0b3NhLmVzLEROUy4zMDg9d3d3LmRlc2NhcmdhbWFyaWEuZXMsRE5TLjMw +OT13d3cuZWxqYXMuZXMsRE5TLjMxMD13d3cuZXNjdXJpYWwuZXMsRE5TLjMxMT13 +d3cuZnJlc25lZG9zb2RlaWJvci5lcyxETlMuMzEyPXd3dy5nYWxpc3Rlby5lcyxE +TlMuMzEzPXd3dy5nYXJjaWF6LmVzLEROUy4zMTQ9d3d3LmxhZ2FyZ2FudGEuZXMs +RE5TLjMxNT13d3cuZ2FyZ2FudGFsYW9sbGEuZXMsRE5TLjMxNj13d3cuZ2FyZ2Fu +dGlsbGEuZXMsRE5TLjMxNz13d3cuZ2FyZ3VlcmEuZXMsRE5TLjMxOD13d3cuZ2Fy +cm92aWxsYXNkZWFsY29uZXRhci5lcyxETlMuMzE5PXd3dy5nYXJ2aW4uZXMsRE5T +LjMyMD13d3cuZ2F0YS5lcyxETlMuMzIxPXd3dy5heXRvZWxnb3Jkby5lcyxETlMu +MzIyPXd3dy5sYWdyYW5qYS5lcyxETlMuMzIzPXd3dy5sYWdyYW5qYWRlZ3JhbmFk +aWxsYS5lcyxETlMuMzI0PXd3dy5heXVudGFtaWVudG9kZWd1YWRhbHVwZS5lcyxE +TlMuMzI1PXd3dy5ndWlqb2RlY29yaWEuZXMsRE5TLjMyNj13d3cuZ3Vpam9kZWdh +bGlzdGVvLmVzLEROUy4zMjc9d3d3Lmd1aWpvZGVncmFuYWRpbGxhLmVzLEROUy4z +Mjg9d3d3Lmd1aWpvZGVzYW50YWJhcmJhcmEuZXMsRE5TLjMyOT13d3cuaGVyZ3Vp +anVlbGEuZXMsRE5TLjMzMD13d3cuaGVybmFucGVyZXouZXMsRE5TLjMzMT13d3cu +aGVycmVyYWRlYWxjYW50YXJhLmVzLEROUy4zMzI9d3d3LmhlcnJlcnVlbGEuZXMs +RE5TLjMzMz13d3cuaGVydmFzLmVzLEROUy4zMzQ9d3d3LmhpZ3VlcmEuZXMsRE5T +LjMzNT13d3cuaGlub2phbC5lcyxETlMuMzM2PXd3dy5ob2xndWVyYS5lcyxETlMu +MzM3PXd3dy5ob3lvcy5lcyxETlMuMzM4PXd3dy5odWVsYWdhLmVzLEROUy4zMzk9 +d3d3LmliYWhlcm5hbmRvLmVzLEROUy4zNDA9d3d3LmphcmFpY2Vqby5lcyxETlMu +MzQxPXd3dy5qYXJhaXpkZWxhdmVyYS5lcyxETlMuMzQyPXd3dy5qYXJhbmRpbGxh +ZGVsYXZlcmEuZXMsRE5TLjM0Mz13d3cuamFyaWxsYS5lcyxETlMuMzQ0PXd3dy5q +ZXJ0ZS5lcyxETlMuMzQ1PXd3dy5sYWRyaWxsYXIuZXMsRE5TLjM0Nj13d3cubG9n +cm9zYW4uZXMsRE5TLjM0Nz13d3cubG9zYXJkZWxhdmVyYS5lcyxETlMuMzQ4PXd3 +dy5tYWRyaWdhbGVqby5lcyxETlMuMzQ5PXd3dy5tYWRyaWdhbGRlbGF2ZXJhLmVz +LEROUy4zNTA9d3d3Lm1hZHJvbmVyYS5lcyxETlMuMzUxPXd3dy5tYWphZGFzLmVz +LEROUy4zNTI9d3d3Lm1hbHBhcnRpZGFkZWNhY2VyZXMuZXMsRE5TLjM1Mz13d3cu +bWFscGFydGlkYWRlcGxhc2VuY2lhLmVzLEROUy4zNTQ9d3d3Lm1hcmNoYWdhei5l +cyxETlMuMzU1PXd3dy5tYXRhZGVhbGNhbnRhcmEuZXMsRE5TLjM1Nj13d3cubWVt +YnJpby5lcyxETlMuMzU3PXd3dy5tZXNhc2RlaWJvci5lcyxETlMuMzU4PXd3dy5t +aWFqYWRhcy5lcyxETlMuMzU5PXd3dy5taWxsYW5lcy5lcyxETlMuMzYwPXd3dy5t +aXJhYmVsLmVzLEROUy4zNjE9d3d3Lm1vaGVkYXNkZWdyYW5hZGlsbGEuZXMsRE5T +LjM2Mj13d3cubW9ucm95LmVzLEROUy4zNjM9d3d3Lm1vbnRhbmNoZXouZXMsRE5T +LjM2ND13d3cubW9udGVoZXJtb3NvLmVzLEROUy4zNjU9d3d3Lm1vcmFsZWphLmVz +LEROUy4zNjY9d3d3Lm1vcmNpbGxvLmVzLEROUy4zNjc9d3d3Lm5hdmFjb25jZWpv +LmVzLEROUy4zNjg9d3d3Lm5hdmFsdmlsbGFyZGVpYm9yLmVzLEROUy4zNjk9d3d3 +Lm5hdmFsbW9yYWxkZWxhbWF0YS5lcyxETlMuMzcwPXd3dy5uYXZhc2RlbG1hZHJv +bm8uZXMsRE5TLjM3MT13d3cubmF2YXRyYXNpZXJyYS5lcyxETlMuMzcyPXd3dy5u +YXZlenVlbGFzLmVzLEROUy4zNzM9d3d3Lm51bm9tb3JhbC5lcyxETlMuMzc0PXd3 +dy5vbGl2YWRlcGxhc2VuY2lhLmVzLEROUy4zNzU9d3d3LnBhbG9tZXJvLmVzLERO +Uy4zNzY9d3d3LnBhc2Fyb25kZWxhdmVyYS5lcyxETlMuMzc3PXd3dy5wZWRyb3Nv +ZGVhY2ltLmVzLEROUy4zNzg9d3d3LnBlcmFsZWRhZGVsYW1hdGEuZXMsRE5TLjM3 +OT13d3cucGVyYWxlZGFkZXNhbnJvbWFuLmVzLEROUy4zODA9d3d3LnBlcmFsZXNk +ZWxwdWVydG8uZXMsRE5TLjM4MT13d3cucGVzY3VlemEuZXMsRE5TLjM4Mj13d3cu +bGFwZXNnYS5lcyxETlMuMzgzPXd3dy5waWVkcmFzYWxiYXMuZXMsRE5TLjM4ND13 +d3cucGlub2ZyYW5xdWVhZG8uZXMsRE5TLjM4NT13d3cucGlvcm5hbC5lcyxETlMu +Mzg2PXd3dy5wbGFzZW56dWVsYS5lcyxETlMuMzg3PXd3dy5wb3J0YWplLmVzLERO +Uy4zODg9d3d3LnBvcnRlenVlbG8uZXMsRE5TLjM4OT13d3cucG96dWVsb2RlemFy +em9uLmVzLEROUy4zOTA9d3d3LnB1ZWJsb251ZXZvZGVtaXJhbW9udGVzLmVzLERO +Uy4zOTE9d3d3LnB1ZXJ0b2Rlc2FudGFjcnV6LmVzLEROUy4zOTI9d3d3LnJlYm9s +bGFyLmVzLEROUy4zOTM9d3d3LnJpb2xvYm9zLmVzLEROUy4zOTQ9d3d3LnJvYmxl +ZGlsbG9kZWdhdGEuZXMsRE5TLjM5NT13d3cucm9ibGVkaWxsb2RlbGF2ZXJhLmVz +LEROUy4zOTY9d3d3LnJvYmxlZGlsbG9kZXRydWppbGxvLEROUy4zOTc9d3d3LnJv +YmxlZG9sbGFuby5lcyxETlMuMzk4PXd3dy5yb21hbmdvcmRvLmVzLEROUy4zOTk9 +d3d3LnJ1YW5lcy5lcyxETlMuNDAwPXd3dy5zYWxvcmluby5lcyxETlMuNDAxPXd3 +dy5zYWx2YXRpZXJyYWRlc2FudGlhZ28uZXMsRE5TLjQwMj13d3cuc2FubWFydGlu +ZGV0cmV2ZWpvLmVzLEROUy40MDM9d3d3LmF5dG9zYW50YWFuYS5lcyxETlMuNDA0 +PXd3dy5zYW50YWNydXpkZWxhc2llcnJhLmVzLEROUy40MDU9d3d3LnNhbnRhY3J1 +emRlcGFuaWFndWEuZXMsRE5TLjQwNj13d3cuc2FudGFtYXJ0YWRlbWFnYXNjYS5l +cyxETlMuNDA3PXd3dy5zYW50aWFnb2RlbGNhbXBvLmVzLEROUy40MDg9d3d3LnNh +bnRpYmFuZXplbGFsdG8uZXMsRE5TLjQwOT13d3cuc2FudGliYW5lemVsYmFqby5l +cyxETlMuNDEwPXd3dy5zYXVjZWRpbGxhLmVzLEROUy40MTE9d3d3LnNlZ3VyYWRl +dG9yby5lcyxETlMuNDEyPXd3dy5zZXJyYWRpbGxhLmVzLEROUy40MTM9d3d3LnNl +cnJlam9uLmVzLEROUy40MTQ9d3d3LnNpZXJyYWRlZnVlbnRlcy5lcyxETlMuNDE1 +PXd3dy50YWxhdmFuLmVzLEROUy40MTY9d3d3LnRhbGF2ZXJ1ZWxhZGVsYXZlcmEu +ZXMsRE5TLjQxNz13d3cudGFsYXl1ZWxhLmVzLEROUy40MTg9d3d3LnRlamVkYWRl +dGlldGFyLmVzLEROUy40MTk9d3d3LnRvcmlsLmVzLEROUy40MjA9d3d3LnRvcm5h +dmFjYXMuZXMsRE5TLjQyMT13d3cuYXl0b2VsdG9ybm8uZXMsRE5TLjQyMj13d3cu +dG9ycmVjaWxsYWRlbG9zYW5nZWxlcy5lcyxETlMuNDIzPXd3dy50b3JyZWNpbGxh +c2RlbGF0aWVzYS5lcyxETlMuNDI0PXd3dy50b3JyZWRlZG9ubWlndWVsLmVzLERO +Uy40MjU9d3d3LnRvcnJlZGVzYW50YW1hcmlhLmVzLEROUy40MjY9d3d3LnRvcnJl +am9uZWxydWJpby5lcyxETlMuNDI3PXd3dy50b3JyZWpvbmNpbGxvLmVzLEROUy40 +Mjg9d3d3LnRvcnJlbWVuZ2EuZXMsRE5TLjQyOT13d3cudG9ycmVtb2NoYS5lcyxE +TlMuNDMwPXd3dy50b3JyZW9yZ2F6LmVzLEROUy40MzE9d3d3LnRvcnJlcXVlbWFk +YS5lcyxETlMuNDMyPXd3dy52YWxkYXN0aWxsYXMuZXMsRE5TLjQzMz13d3cudmFs +ZGVjYW5hc2RldGFqby5lcyxETlMuNDM0PXd3dy52YWxkZWZ1ZW50ZXMuZXMsRE5T +LjQzNT13d3cudmFsZGVodW5jYXIuZXMsRE5TLjQzNj13d3cudmFsZGVpbmlnb3Mu +ZXMsRE5TLjQzNz13d3cudmFsZGVsYWNhc2FkZXRham8uZXMsRE5TLjQzOD13d3cu +dmFsZGVtb3JhbGVzLmVzLEROUy40Mzk9d3d3LnZhbGRlb2Jpc3BvLmVzLEROUy40 +NDA9d3d3LnZhbGRlc2Fsb3IuZXMsRE5TLjQ0MT13d3cudmFscmlvLmVzLEROUy40 +NDI9d3d3LnZhbGVuY2lhZGVhbGNhbnRhcmEuZXMsRE5TLjQ0Mz13d3cudmFsdmVy +ZGVkZWxhdmVyYS5lcyxETlMuNDQ0PXd3dy52YWx2ZXJkZWRlbGZyZXNuby5lcyxE +TlMuNDQ1PXd3dy52ZWdhdmlhbmEuZXMsRE5TLjQ0Nj13d3cudmlhbmRhcmRlbGF2 +ZXJhLmVzLEROUy40NDc9d3d3LnZpbGxhZGVsY2FtcG8uZXMsRE5TLjQ0OD13d3cu +dmlsbGFkZWxyZXkuZXMsRE5TLjQ0OT13d3cudmlsbGFtZXNpYXMuZXMsRE5TLjQ1 +MD13d3cudmlsbGFtaWVsLmVzLEROUy40NTE9d3d3LnZpbGxhbnVldmFkZWxhc2ll +cnJhLmVzLEROUy40NTI9d3d3LnZpbGxhcmRlbHBlZHJvc28uZXMsRE5TLjQ1Mz13 +d3cudmlsbGFyZGVwbGFzZW5jaWEuZXMsRE5TLjQ1ND13d3cudmlsbGFzYnVlbmFz +ZGVnYXRhLmVzLEROUy40NTU9d3d3LnphcnphZGVncmFuYWRpbGxhLmVzLEROUy40 +NTY9d3d3LnphcnphZGVtb250YW5jaGV6LmVzLEROUy40NTc9d3d3LnphcnphbGFt +YXlvci5lcyxETlMuNDU4PXd3dy56b3JpdGEuZXMsRE5TLjQ1OT13d3cucm9zYWxl +am8uZXMsRE5TLjQ2MD13d3cudmVnYXZpYW5hLmVzLEROUy40NjE9d3d3LmFsYWdv +bmRlbHJpby5lcyxETlMuNDYyPXd3dy50aWV0YXIuZXMsRE5TLjQ2Mz13d3cudmFs +ZGVzYWxvci5lcyxETlMuNDY0PXd3dy5uYXZhdHJhc2llcnJhLmVzLEROUy40NjU9 +d3d3LnJpdmVyYWRlZnJlc25lZG9zYS5lcyxETlMuNDY2PXd3dy5lbG1zYW5naWwu +ZXMsRE5TLjQ2Nz13d3cudGFqb3NhbG9yLmVzLEROUy40Njg9d3d3LnZhbGxlYW1i +cm96LmVzLEROUy40Njk9d3d3Lm1hbmNvbXVuaWRhZHZhbGxlZGVsYWxhZ29uLmVz +LEROUy40NzA9d3d3Lm1hbmNvbXVuaWRhZHZhbGxlZGVsamVydGUuZXMsRE5TLjQ3 +MT13d3cubWFuY29tdW5pZGFkdmVnYXNhbHRhcy5lcyxETlMuNDcyPXd3dy5tYW5j +b211bmlkYWRkZWxhdmVyYS5lcyxETlMuNDczPXd3dy5tYW5jb211bmlkYWR6b25h +Y2VudHJvLmVzLEROUy40NzQ9d3d3LnZpbGx1ZXJjYXMtaWJvcmVzLWphcmEuZXMw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlQB8Jpp7uMI+YQL4n/TbK +m2DELpp1v0mGOm3W0wJWlR6s7ZPY7nasNy2C5pMfnvsXeWcaM/sn7QWB5sy/pnZw +H/JDT02i9sZ8poeHAZvjnpQH4hgLncX04qCH73NYfshM+VLNjZG30ZSP0W4ELCji +IuzlMMNRiql87lpgDlWFOSCXXgg0EniLQAY2I3fxFDPQMGV2Lo2y2pgSLFhw8e59 +4PqcNDb4H2ts6YssyivZ8hdxpTUyOEmU+DNeJzSY9nyXTU093hu1OtcoW1FQajeC +Wq8SqfwGot2jMEVM0Sa+qIpTCWFgEzEzLeX4+LxAWl5kt4zOMmGjE/rRjLLkBojH +AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAZyGRz6D0jmj+LEf+hm3hCRA8enhl4J +UlaJYnNcOVPRlbmqOVlNk0WosYHV78GWbeLW9GTzFsju1HOUvvFiLNSvo8RaCaiV +f2Dvpn9yYM4qg/NP3ovODCIsI4ojFXuf54X2Wx3pLU77ETAKePGc64JaRn6prm9a +/r5Hv7uRY15rxTWoNlB67p9YX8Hu2R0TOa4IPO58SeQiod1YYp71V5jl7els8W58 +q2w556YjgDpH3v5Ph6g9d9m734WR0IAHGGNf/QfVMCE07GLwb+BVRRm1IyEsdAMr +AuN/bzZITsshzCKfQwpa/gc479QmFD2sI0ZmeCeUw7KLNeL58mNOsAA= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/x509-v1-with-iid.pem b/tests/cert-tests/data/x509-v1-with-iid.pem new file mode 100644 index 0000000..98456eb --- /dev/null +++ b/tests/cert-tests/data/x509-v1-with-iid.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDpzCCAo8CEAEAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCQ04x +EDAOBgNVBAgTB1NoYW5ueGkxDjAMBgNVBAcTBVhpJ2FuMRowGAYDVQQKExFYaWRpYW4gVW5pdmVy +c2l0eTENMAsGA1UECxMESUNUVDEbMBkGA1UEAxMSaWN0dC54aWRpYW4uZWR1LmNuMB4XDTE2MDky +ODA4MTg1OFoXDTI0MTIxNTA4MTg1OFowgaQxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdTaGFubnhp +MQ4wDAYDVQQHDAVYaSdhbjEaMBgGA1UECgwRWGlkaWFuIFVuaXZlcnNpdHkxDTALBgNVBAsMBFBo +LkQxGjAYBgNVBAMMEXBoZC54aWRpYW4uZWR1LmNuMSwwKgYJKoZIhvcNAQkBFh1jaGVuY2h1QHN0 +dW1haWwueGlkaWFuLmVkdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIBBvP+5 +LH95Ve5b9F1MkH0+ZVBQocjRlWdjdwhFCwrnh+pQ1Sb4NLuGCeVOrtOiiQDEo2egR1WAaDrBKEW0 +W0diJdSUbGO0ANEaOYH7WSAutMFyQmFD1K3H1zDTJxwrlct7ZwLClmVywfyJdN6yQR3s5+r+KE9L +ucgv+xOudc+5/Oq+ntLVHjj62UfrJ6cw2MqA0oVZF9WmZeAQ1JNUnIatzo1i2EeLpJKLgf6WfhmR +XGjm/KTU+e3alHPnpOcGb6FPkJE9mWezaGcIO8jfUjeP/a6L8qksj0vdCEx32g51RcDiUmvWFHpp +DGPFJkmuZEpw5FMFoPsVmeO2wlBOTPsCAwEAAYEGAAECAwQFMA0GCSqGSIb3DQEBCwUAA4IBAQBk +Hu9xmv32lFzvqvyzwN9bHxrprROBnKOpCZHTnFTRkZcZS8Ys0pc4uJ/zhLEsECA8bSN9YjhzfeTH +237ZcTlRetBK7SXm4TCC0J3D4TOc9zyjAqSXga9flUPmK7nbcwznA6V8KtRKRsS95C0fr2VQvsWR +wiguPKWwvBWWvy30PaYeZPzKTzJLu+g4L4+1jdXWhbdkinfHPXPM732lpd0Zg6FSVQi85K5IeqHI +F/WzKZEippbCHyQ7jk6I4QSKfK15th9yTGgu3ARXvAFlqqKObuAt57uFI4Wmk4M+vvAMHuoHxMdM +6V26CKUUV+Qu6rpQQ+guWob2Zyu0CwWA5rw6 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/cert-tests/data/x509-v1-with-sid.pem b/tests/cert-tests/data/x509-v1-with-sid.pem new file mode 100644 index 0000000..f2127c8 --- /dev/null +++ b/tests/cert-tests/data/x509-v1-with-sid.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDpDCCAowCEAEAAAAAAAAAAAAAAAAAAAAwDQYJKoZIhvcNAQELBQAwdzELMAkGA1UEBhMCQ04x +EDAOBgNVBAgTB1NoYW5ueGkxDjAMBgNVBAcTBVhpJ2FuMRowGAYDVQQKExFYaWRpYW4gVW5pdmVy +c2l0eTENMAsGA1UECxMESUNUVDEbMBkGA1UEAxMSaWN0dC54aWRpYW4uZWR1LmNuMB4XDTE2MDky +ODA4MTg1OVoXDTI0MTIxNTA4MTg1OVowgaQxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdTaGFubnhp +MQ4wDAYDVQQHDAVYaSdhbjEaMBgGA1UECgwRWGlkaWFuIFVuaXZlcnNpdHkxDTALBgNVBAsMBFBo +LkQxGjAYBgNVBAMMEXBoZC54aWRpYW4uZWR1LmNuMSwwKgYJKoZIhvcNAQkBFh1jaGVuY2h1QHN0 +dW1haWwueGlkaWFuLmVkdS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK6YuRMn +V0cOz1rKSrRri1IajVBpJROr+L3N09XcKL1IOTFmV40aZG93v8o5pSIJ4Q/nqzmEqoChYLxnBSAe +I/3tLrtrYBNBmrJaum7M7fAcBGBvLlKv7hhN8l5ujHkHJwxBdU0Qma9KxUcJft1wlPaEYR/kC9Ls +jpoz2CW1e5H2CXtxyd5PRgX7FizUwl0myrSnJr1OF/ARjYsW5vFDd8CtPeoD4KFoHLn0d7lqSsl/ +t2g3hoJoe7e9Kkdm40ev7sOSEcJW4VqRplX1KZeuZm+Gmh44aw9QWLHiCtSrddDy36GvdsAeaCvi +boBIseUoNEtV/4JXTS83m3iIQ4ynyn0CAwEAAYIDAAEGMA0GCSqGSIb3DQEBCwUAA4IBAQAGOv7G +yuYn3thPJDabruSRDXJWaJHhY5t2PJYNkaoNSCNgJt+3gP4IvNFL3QmM+8Ezy5XpMU7MIrtmrxKp +MWKE86eY9mn+dP6fG4Ppvo+gSmO1DtofSiFzOA4jMmkVxOYeZyxgw2no+HY3CHZnbK+5wNYn6eP5 +zBtJKp9Uo4zd929wQxNZJR+XKLXF9rdRZOCp6Ez2p6MVTFYAvhILJ3xr0/4YWukqP1rLUDVRU6+F +xfRl0uGQbyIllsocinCJxy0PlskwqORHSgonefQdCU8Mg0neNJ/+RZ6v7xFz4+k9/QVBu+j8mWeX +LHCLvuer7Q6zHq+1JHAeuEp48clGUnG7 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/cert-tests/data/x509-v3-with-fractional-time.pem b/tests/cert-tests/data/x509-v3-with-fractional-time.pem new file mode 100644 index 0000000..42cf06f --- /dev/null +++ b/tests/cert-tests/data/x509-v3-with-fractional-time.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDpTCCAo2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMCQ04x +EDAOBgNVBAgMB1NoYW5ueGkxDjAMBgNVBAcMBVhpJ2FuMQ8wDQYDVQQKDAZYaWRp +YW4xGzAZBgNVBAsMElNjaG9vbCBvZiBDb21wdXRlcjENMAsGA1UEAwwESUNUVDEs +MCoGCSqGSIb3DQEJARYdY2hlbmNodUBzdHVtYWlsLnhpZGlhbi5lZHUuY24wJBgR +MjAwODA4MDExMDMwMjYuNloYDzIwMjgwODAxMTAzMDI2WjCBijELMAkGA1UEBhMC +Q04xEDAOBgNVBAgMB1NoYW5ueGkxDjAMBgNVBAcMBVhpJ2FuMQ8wDQYDVQQKDAZY +aWRpYW4xCzAJBgNVBAsMAkNTMQ0wCwYDVQQDDARJQ1RUMSwwKgYJKoZIhvcNAQkB +Fh1jaGVuY2h1QHN0dW1haWwueGlkaWFuLmVkdS5jbjCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANWYbvE9yJNx5lM+uUl7Tv3ZamqTDc0C4gY+VSrU/tjh +d12xaMqaJt42F3u7YQ8QzKOB7e6G/IGLCOIBbJ2smFWO31aSLMNgec6cCSGrkteQ +ehgnKEaLIw6qRjVds7JC0oPbu/Ns54s+ihWX/PqYl40fCEYnR5ONkLyRK4yXs+3T +XC8g4l0iDMLuBF2QmuXC7WlWVperL/1Mwssd3TWwY0BzoGTQxHn2dqoj8LEG99QG +5s6STl6zn6UO5GEK+O/5XqzUl7Kr0V1j9nNbiRr6OeJw4FoEZKu6NzTicJ5bdO42 +KpyP7jEQPzq1HKcYIvGqV66OQPxmyDCU4JmwpQ4EgzcCAwEAATANBgkqhkiG9w0B +AQsFAAOCAQEAVGVUuR7a8ws0x3ahCLISGdjaB6XgnbU6+sQlQbkc2xYIqYy5YKwu +Zuo7cNQD3EdDh0NKEvn9bkW+X4u5DdGt6dfQnv26rsJlO/7HRTKNCl1GL9R0vCsF +bGreIRDczMnUZZhKUtkvUtoy7v78XrmIZ1CLyhoHuDmkYYZa+QAW5ePmf6XYjn/O +P2LdEcL+rXocjs2av3mAbp+v1HEHmLTWSYcpWLNqI6/f/GamUCaNf0QyPI+kfLAD +M0utBSP8JixMxyTokmj4eD7LRuicdxLYfiWVoHrhbKVHjYkFQIV2sWOKqjG2TcoD +ITaPdJKK+bg6tr3jlIlFjdiHy/L+s0svvw== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/x509-with-zero-version.pem b/tests/cert-tests/data/x509-with-zero-version.pem new file mode 100644 index 0000000..aeccccf --- /dev/null +++ b/tests/cert-tests/data/x509-with-zero-version.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID5zCCAs+gAwIB/wIBATANBgkqhkiG9w0BAQsFADCBmjELMAkGA1UEBhMCQ04x +EDAOBgNVBAgMB1NoYW5ueGkxDjAMBgNVBAcMBVhpJ2FuMQ8wDQYDVQQKDAZYaWRp +YW4xGzAZBgNVBAsMElNjaG9vbCBvZiBDb21wdXRlcjENMAsGA1UEAwwESUNUVDEs +MCoGCSqGSIb3DQEJARYdY2hlbmNodUBzdHVtYWlsLnhpZGlhbi5lZHUuY24wIhgP +MjAwODA4MDExMjEyMTJaGA8yMDE5MDgwMTEyMTIxMlowgYoxCzAJBgNVBAYTAkNO +MRAwDgYDVQQIDAdTaGFubnhpMQ4wDAYDVQQHDAVYaSdhbjEPMA0GA1UECgwGWGlk +aWFuMQswCQYDVQQLDAJDUzENMAsGA1UEAwwESUNUVDEsMCoGCSqGSIb3DQEJARYd +Y2hlbmNodUBzdHVtYWlsLnhpZGlhbi5lZHUuY24wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDVmG7xPciTceZTPrlJe0792Wpqkw3NAuIGPlUq1P7Y4Xdd +sWjKmibeNhd7u2EPEMyjge3uhvyBiwjiAWydrJhVjt9WkizDYHnOnAkhq5LXkHoY +JyhGiyMOqkY1XbOyQtKD27vzbOeLPooVl/z6mJeNHwhGJ0eTjZC8kSuMl7Pt01wv +IOJdIgzC7gRdkJrlwu1pVlaXqy/9TMLLHd01sGNAc6Bk0MR59naqI/CxBvfUBubO +kk5es5+lDuRhCvjv+V6s1Jeyq9FdY/ZzW4ka+jnicOBaBGSrujc04nCeW3TuNiqc +j+4xED86tRynGCLxqleujkD8ZsgwlOCZsKUOBIM3AgMBAAGjQjBAMB8GA1UdIwQY +MBaAFLiJlvm8wCTgT2bfUS74cJukhnONMB0GA1UdDgQWBBRw/ZK3I2z0BHvH5vpd +btcN2FVX6DANBgkqhkiG9w0BAQsFAAOCAQEAnVzqXDwY0xOZ2XiaEEFsMjN/10ap +6XH81fwlcww1eIp8rUN1sYYkhGGPKl7i8UsmpBgvmvamgJLi56hdWEEEvGia3XO3 +5fF66DR4XjBRDFUnKi7R/RsRPtW6fhZvqdrlAhb3kh8SuhFHCorcuOY4ZRmqEzXU +Nl/Ojtgai0dU9RPEu8GDgszAt2Jqhp2kc4WwTMFvkK1ARqdNdiqV4L8B4zHTO+Gv +CMkmuZ0GfJWaHOse3L1vn/TUI1MbOzn0IgxOKMRrABGweLMXopl0GrT9mxpY+z17 +xVe7os9TYw/JTE+aoeA6c8BzSVLlsxY4d8Re+OHNouDAG5qgt2mzE3nLzg== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/xmpp-othername.pem b/tests/cert-tests/data/xmpp-othername.pem new file mode 100644 index 0000000..8fa847a --- /dev/null +++ b/tests/cert-tests/data/xmpp-othername.pem @@ -0,0 +1,175 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 012275 + Issuer: CN=CAcert Class 3 Root,OU=http://www.CAcert.org,O=CAcert Inc. + Validity: + Not Before: Wed May 08 17:18:12 UTC 2013 + Not After: Fri May 08 17:18:12 UTC 2015 + Subject: CN=corrin.geekwu.org + Subject Public Key Algorithm: RSA + Algorithm Security Level: High (4096 bits) + Modulus (bits 4096): + 00:ee:f9:81:39:85:5f:66:bb:9e:4a:27:2a:8c:f2:26 + f2:a1:7f:ad:8f:6f:3a:ea:11:e9:9a:54:c0:e1:f4:cd + b0:01:88:90:23:f8:0d:ec:27:b8:10:8e:16:04:3a:3a + 80:9e:2d:bc:c7:3b:57:24:a8:89:7b:f7:f8:36:9c:03 + b5:c7:2e:40:dc:92:cc:cd:c5:fd:ea:d4:8a:73:d7:ef + ef:af:dc:8e:0d:17:02:fd:2f:60:23:97:bd:11:68:9c + 15:54:e6:d5:48:4a:8c:4a:01:31:0f:8a:91:d7:6d:d7 + a7:d3:01:94:63:91:4d:08:c9:d2:91:1d:0a:9c:77:63 + 1d:81:e7:d4:93:1a:f1:30:58:90:56:a6:7c:43:49:e1 + 57:71:6a:1f:05:41:bc:8b:e8:4c:1a:e8:e0:a1:6e:1e + 61:9f:f8:b2:c6:f6:30:83:8c:13:41:53:c2:e6:fa:27 + 5c:04:6e:76:58:29:36:03:02:72:1f:a1:c4:24:78:3a + 73:bf:47:40:b3:d6:b2:68:e6:85:4a:ca:54:c3:e7:04 + 2d:6d:76:39:06:4a:0d:60:4b:5d:88:76:07:79:ee:f5 + de:b0:dd:0b:6f:a5:eb:3b:1f:ec:81:0b:30:2d:45:52 + 32:ad:2e:31:e9:05:60:b8:27:96:cf:2a:d2:69:2f:17 + 12:39:54:c0:ab:69:3d:34:fb:a0:2b:e6:c1:1e:ab:a1 + 56:8d:01:a9:30:cc:19:a0:77:4b:c7:25:d4:8e:b3:d8 + 0c:7d:e5:97:e1:7e:8d:b7:23:a4:29:54:0b:a0:a4:45 + 31:47:45:d5:84:4b:ee:b6:fc:50:a1:2f:86:8d:92:32 + 00:24:64:9b:9a:93:f2:b1:c5:11:bf:44:79:69:85:e5 + 9a:98:67:24:e9:c1:59:97:dd:18:12:d6:e8:5f:89:62 + be:b3:68:74:dc:5e:39:6c:5d:c7:07:39:85:14:ce:80 + 71:8b:53:c9:55:81:0e:f0:5b:cf:56:b3:cc:74:e6:1e + fe:37:33:dd:6d:b9:c2:dc:3a:24:70:e3:92:12:5c:95 + 87:1e:9f:07:cf:ef:c1:eb:f6:70:9c:25:0c:40:73:4b + ac:4e:1a:6a:90:29:f9:68:10:2e:dd:19:06:82:0d:d7 + 7d:c5:5b:76:c4:27:aa:87:2a:8b:db:96:a7:f1:2e:2e + 08:d1:08:8c:12:ef:70:a9:8b:53:65:b5:c3:2e:ef:97 + c8:92:3a:bd:23:bf:cf:e8:73:5f:a0:f4:3d:5f:a6:61 + 94:68:c8:f6:18:01:77:09:9c:c4:93:47:db:da:65:68 + 16:0b:72:c8:5b:b8:08:48:7a:6f:07:5f:43:e8:33:ca + e5 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Key Usage (critical): + Digital signature. + Key encipherment. + Key agreement. + Key Purpose (not critical): + TLS WWW Client. + TLS WWW Server. + 2.16.840.1.113730.4.1 + 1.3.6.1.4.1.311.10.3.3 + Authority Information Access (not critical): + Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) + Access Location URI: http://ocsp.cacert.org/ + CRL Distribution points (not critical): + URI: http://crl.cacert.org/class3-revoke.crl + Subject Alternative Name (not critical): + DNSname: corrin.geekwu.org + XMPP Address: corrin.geekwu.org + DNSname: corrin.geekwu.org + XMPP Address: corrin.geekwu.org + DNSname: www.geekwu.org + XMPP Address: www.geekwu.org + DNSname: kaitain.geekwu.org + XMPP Address: kaitain.geekwu.org + DNSname: kaitain.new.geekwu.org + XMPP Address: kaitain.new.geekwu.org + DNSname: apt.geekwu.org + XMPP Address: apt.geekwu.org + DNSname: horde.geekwu.org + XMPP Address: horde.geekwu.org + DNSname: horde.corrin.geekwu.org + XMPP Address: horde.corrin.geekwu.org + DNSname: horde.durel.org + XMPP Address: horde.durel.org + DNSname: mail.durel.org + XMPP Address: mail.durel.org + DNSname: jabber.geekwu.org + XMPP Address: jabber.geekwu.org + Signature Algorithm: RSA-SHA1 + Signature: + 61:e8:de:70:b4:1f:4c:60:8c:c5:18:c1:7d:d9:6c:4e + 97:e4:d0:f6:c8:79:f9:2b:fe:fb:81:d0:b4:aa:d4:7d + 79:4d:6e:95:ed:cc:11:8d:fa:8b:66:5c:c2:6b:44:07 + 18:9a:ce:de:42:c0:18:3a:55:91:e9:30:88:83:c7:6b + cd:e0:65:b8:fe:19:a4:13:c7:6c:67:22:b3:05:65:6a + 29:c7:44:45:13:c9:43:ec:2c:3d:a4:f7:9d:4d:5d:32 + 73:de:63:0e:17:9d:b8:21:aa:d7:d5:16:70:f4:1f:79 + 55:07:6d:3f:f3:0e:e4:e3:a2:06:1b:7a:2a:12:57:59 + 4c:65:8d:19:7d:54:9d:15:f8:42:b4:81:1a:ab:99:54 + fc:6b:10:45:51:04:2e:d2:dd:31:b6:9b:0b:7a:28:22 + 63:b6:9a:7e:62:b6:cf:b9:8f:3b:92:85:6f:03:33:f5 + 4b:96:0e:e6:5b:35:23:d4:e8:2f:4c:61:98:68:c7:61 + 28:78:48:df:df:e0:14:64:86:70:0a:24:b3:6a:19:50 + 77:3d:df:77:51:fe:b9:af:7e:2e:5e:43:54:24:25:5b + 84:58:a7:b5:53:82:29:0c:1c:29:f7:ae:0b:8a:57:06 + 77:9e:d6:2b:b4:fa:d0:84:f7:78:c0:bc:27:8c:ce:49 + b3:65:21:9a:f7:7a:20:91:26:74:3c:28:8f:bc:52:07 + 03:1d:d2:d2:75:a4:11:23:d7:5d:af:0c:5b:55:67:0a + 5a:2d:d3:5c:94:ff:16:cc:7a:f8:11:18:32:cc:08:88 + 2f:6e:5d:f7:17:f2:70:c0:b1:d9:a1:f5:50:a0:75:1e + b2:88:bb:3c:1e:7b:ec:ce:d5:d0:f1:d6:dd:8c:c8:f5 + f5:f1:c4:28:24:1b:fc:a9:63:ea:2c:eb:5b:0f:17:ae + 7c:73:89:8e:e5:1f:b2:f1:44:15:c2:02:cf:a3:0c:ef + 10:71:fe:c6:bc:83:03:f6:72:96:a9:e3:7a:d0:d7:15 + be:e3:e5:d7:27:bc:09:81:11:8c:20:30:b2:d5:d4:14 + 35:77:0f:bf:3a:ed:1d:ae:73:f0:9e:17:e8:7b:05:56 + fd:3f:ea:d5:33:27:50:12:cd:41:45:7d:ec:38:3c:1f + 4b:87:ea:6a:38:f7:ba:3d:03:e0:e1:12:5c:d5:80:01 + 3d:e6:c0:f4:af:aa:13:d9:c8:c4:d9:1b:07:07:12:28 + 29:79:6a:ee:93:f9:e5:51:68:47:0c:4e:71:1a:65:0b + 8e:96:55:5a:b8:aa:9e:f2:d4:2f:75:c8:c3:ed:71:29 + 0d:50:53:12:27:1d:33:9e:88:ad:e8:d7:5c:5c:e6:25 +Other Information: + Fingerprint: + sha1:76dd3120fa7875c0be1c02e20c011e44376b4a3c + sha256:814f39ca12a03cc103ad4ed1ff27e7d5f78f67fd83d5be526c5e5a5b790840b8 + Public Key ID: + sha1:8fade0593f112844029a404634863883e7e0030f + sha256:47393632a002ae367305fd8e24e3b8925f9aae5cff75ce182be17deb02043fcc + Public Key PIN: + pin-sha256:Rzk2MqACrjZzBf2OJOO4kl+arlz/dc4YK+F96wIEP8w= + +-----BEGIN CERTIFICATE----- +MIIIAzCCBeugAwIBAgIDASJ1MA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB +Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV +BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTMwNTA4MTcxODEyWhcNMTUwNTA4 +MTcxODEyWjAcMRowGAYDVQQDExFjb3JyaW4uZ2Vla3d1Lm9yZzCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAO75gTmFX2a7nkonKozyJvKhf62PbzrqEema +VMDh9M2wAYiQI/gN7Ce4EI4WBDo6gJ4tvMc7VySoiXv3+DacA7XHLkDckszNxf3q +1Ipz1+/vr9yODRcC/S9gI5e9EWicFVTm1UhKjEoBMQ+Kkddt16fTAZRjkU0IydKR +HQqcd2MdgefUkxrxMFiQVqZ8Q0nhV3FqHwVBvIvoTBro4KFuHmGf+LLG9jCDjBNB +U8Lm+idcBG52WCk2AwJyH6HEJHg6c79HQLPWsmjmhUrKVMPnBC1tdjkGSg1gS12I +dgd57vXesN0Lb6XrOx/sgQswLUVSMq0uMekFYLgnls8q0mkvFxI5VMCraT00+6Ar +5sEeq6FWjQGpMMwZoHdLxyXUjrPYDH3ll+F+jbcjpClUC6CkRTFHRdWES+62/FCh +L4aNkjIAJGSbmpPyscURv0R5aYXlmphnJOnBWZfdGBLW6F+JYr6zaHTcXjlsXccH +OYUUzoBxi1PJVYEO8FvPVrPMdOYe/jcz3W25wtw6JHDjkhJclYcenwfP78Hr9nCc +JQxAc0usThpqkCn5aBAu3RkGgg3XfcVbdsQnqocqi9uWp/EuLgjRCIwS73Cpi1Nl +tcMu75fIkjq9I7/P6HNfoPQ9X6ZhlGjI9hgBdwmcxJNH29plaBYLcshbuAhIem8H +X0PoM8rlAgMBAAGjggMUMIIDEDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwID +qDA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIEAQYKKwYB +BAGCNwoDAzAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3Nw +LmNhY2VydC5vcmcvMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2FjZXJ0 +Lm9yZy9jbGFzczMtcmV2b2tlLmNybDCCAkkGA1UdEQSCAkAwggI8ghFjb3JyaW4u +Z2Vla3d1Lm9yZ6AfBggrBgEFBQcIBaATDBFjb3JyaW4uZ2Vla3d1Lm9yZ4IRY29y +cmluLmdlZWt3dS5vcmegHwYIKwYBBQUHCAWgEwwRY29ycmluLmdlZWt3dS5vcmeC +Dnd3dy5nZWVrd3Uub3JnoBwGCCsGAQUFBwgFoBAMDnd3dy5nZWVrd3Uub3JnghJr +YWl0YWluLmdlZWt3dS5vcmegIAYIKwYBBQUHCAWgFAwSa2FpdGFpbi5nZWVrd3Uu +b3JnghZrYWl0YWluLm5ldy5nZWVrd3Uub3JnoCQGCCsGAQUFBwgFoBgMFmthaXRh +aW4ubmV3LmdlZWt3dS5vcmeCDmFwdC5nZWVrd3Uub3JnoBwGCCsGAQUFBwgFoBAM +DmFwdC5nZWVrd3Uub3JnghBob3JkZS5nZWVrd3Uub3JnoB4GCCsGAQUFBwgFoBIM +EGhvcmRlLmdlZWt3dS5vcmeCF2hvcmRlLmNvcnJpbi5nZWVrd3Uub3JnoCUGCCsG +AQUFBwgFoBkMF2hvcmRlLmNvcnJpbi5nZWVrd3Uub3Jngg9ob3JkZS5kdXJlbC5v +cmegHQYIKwYBBQUHCAWgEQwPaG9yZGUuZHVyZWwub3Jngg5tYWlsLmR1cmVsLm9y +Z6AcBggrBgEFBQcIBaAQDA5tYWlsLmR1cmVsLm9yZ4IRamFiYmVyLmdlZWt3dS5v +cmegHwYIKwYBBQUHCAWgEwwRamFiYmVyLmdlZWt3dS5vcmcwDQYJKoZIhvcNAQEF +BQADggIBAGHo3nC0H0xgjMUYwX3ZbE6X5ND2yHn5K/77gdC0qtR9eU1ule3MEY36 +i2ZcwmtEBxiazt5CwBg6VZHpMIiDx2vN4GW4/hmkE8dsZyKzBWVqKcdERRPJQ+ws +PaT3nU1dMnPeYw4XnbghqtfVFnD0H3lVB20/8w7k46IGG3oqEldZTGWNGX1UnRX4 +QrSBGquZVPxrEEVRBC7S3TG2mwt6KCJjtpp+YrbPuY87koVvAzP1S5YO5ls1I9To +L0xhmGjHYSh4SN/f4BRkhnAKJLNqGVB3Pd93Uf65r34uXkNUJCVbhFintVOCKQwc +KfeuC4pXBnee1iu0+tCE93jAvCeMzkmzZSGa93ogkSZ0PCiPvFIHAx3S0nWkESPX +Xa8MW1VnClot01yU/xbMevgRGDLMCIgvbl33F/JwwLHZofVQoHUesoi7PB577M7V +0PHW3YzI9fXxxCgkG/ypY+os61sPF658c4mO5R+y8UQVwgLPowzvEHH+xryDA/Zy +lqnjetDXFb7j5dcnvAmBEYwgMLLV1BQ1dw+/Ou0drnPwnhfoewVW/T/q1TMnUBLN +QUV97Dg8H0uH6mo497o9A+DhElzVgAE95sD0r6oT2cjE2RsHBxIoKXlq7pP55VFo +RwxOcRplC46WVVq4qp7y1C91yMPtcSkNUFMSJx0znoit6NdcXOYl +-----END CERTIFICATE----- diff --git a/tests/cert-tests/dsa.sh b/tests/cert-tests/dsa.sh new file mode 100755 index 0000000..e623a74 --- /dev/null +++ b/tests/cert-tests/dsa.sh @@ -0,0 +1,182 @@ +#!/bin/sh + +# Copyright (C) 2010-2012 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../../src/gnutls-serv${EXEEXT}} +: ${CLI=../../src/gnutls-cli${EXEEXT}} +DEBUG="" +unset RETCODE + +: ${CERTTOOL=../../src/certtool${EXEEXT}} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +SERV="${SERV} -q" + +. "${srcdir}/../scripts/common.sh" + +size=`${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/dsa-pubkey-1018.pem"|grep "Algorithm Secur"|cut -d '(' -f 2|cut -d ' ' -f 1` + +if test "${size}" != "1024"; then + echo "The prime size (${size}) doesn't match the expected: 1024" + exit 1 +fi + + +echo "Checking various DSA key sizes (port ${PORT})" + +# DSA 1024 + TLS 1.0 + +echo "Checking DSA-1024 with TLS 1.0" + +eval "${GETPORT}" +launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem" +PID=$! +wait_server "${PID}" + +PRIO="--priority NORMAL:+DHE-DSS:+SIGN-DSA-SHA512:+SIGN-DSA-SHA384:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" +"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure /dev/null || \ + fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!" + +echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.0" + +#try with client key of 1024 bits (should succeed) +"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem" /dev/null || \ + fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.0!" + +echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.0" + +#try with client key of 2048 bits (should fail) +"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem" /dev/null 2>&1 && \ + fail "${PID}" "Succeeded connection to a server with a client DSA 2048 key and TLS 1.0!" + +echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.0" + +#try with client key of 3072 bits (should fail) +"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem" /dev/null 2>&1 && \ + fail "${PID}" "Succeeded connection to a server with a client DSA 3072 key and TLS 1.0!" + +kill "${PID}" +wait + +# DSA 1024 + TLS 1.2 + +echo "Checking DSA-1024 with TLS 1.2" + +eval "${GETPORT}" +launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem" +PID=$! +wait_server "${PID}" + +"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure /dev/null || \ + fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!" + +echo "Checking server DSA-1024 with client DSA-1024 and TLS 1.2" + +#try with client key of 1024 bits (should succeed) +"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.1024.pem" --x509keyfile "${srcdir}/data/dsa.1024.pem" /dev/null || \ + fail "${PID}" "Failed connection to a server with DSA 1024 key and TLS 1.2!" + +echo "Checking server DSA-1024 with client DSA-2048 and TLS 1.2" + +#try with client key of 2048 bits (should succeed) +"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem" /dev/null || \ + fail "${PID}" "Failed connection to a server with a client DSA 2048 key and TLS 1.2!" + +echo "Checking server DSA-1024 with client DSA-3072 and TLS 1.2" + +#try with client key of 3072 bits (should succeed) +"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem" /dev/null || \ + fail "${PID}" "Failed connection to a server with a client DSA 3072 key and TLS 1.2!" + +kill "${PID}" +wait + +# DSA 2048 + TLS 1.0 + +#echo "Checking DSA-2048 with TLS 1.0" + +#eval "${GETPORT}" +#launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem" +#PID=$! +#wait_server "${PID}" + +#"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure /dev/null 2>&1 && \ +# fail "${PID}" "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should have failed!" + +#kill "${PID}" +#wait + +# DSA 2048 + TLS 1.2 +echo "Checking DSA-2048 with TLS 1.2" + +eval "${GETPORT}" +launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.2048.pem" --x509keyfile "${srcdir}/data/dsa.2048.pem" +PID=$! +wait_server "${PID}" + +"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure /dev/null || \ + fail "${PID}" "Failed connection to a server with DSA 2048 key and TLS 1.2!" + +kill "${PID}" +wait + +# DSA 3072 + TLS 1.0 + +#echo "Checking DSA-3072 with TLS 1.0" + +#launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem" +#PID=$! +#wait_server "${PID}" +# +#"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure /dev/null 2>&1 && \ +# fail "${PID}" "Succeeded connection to a server with DSA 3072 key and TLS 1.0. Should have failed!" +# +#kill "${PID}" +#wait + +# DSA 3072 + TLS 1.2 + +echo "Checking DSA-3072 with TLS 1.2" + +eval "${GETPORT}" +launch_server --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" --x509certfile "${srcdir}/data/cert.dsa.3072.pem" --x509keyfile "${srcdir}/data/dsa.3072.pem" +PID=$! +wait_server "${PID}" + +"${CLI}" ${DEBUG} ${PRIO} -p "${PORT}" 127.0.0.1 --insecure /dev/null || \ + fail "${PID}" "Failed connection to a server with DSA 3072 key and TLS 1.2!" + +kill "${PID}" +wait + +exit 0 diff --git a/tests/cert-tests/ecdsa.sh b/tests/cert-tests/ecdsa.sh new file mode 100755 index 0000000..431b88f --- /dev/null +++ b/tests/cert-tests/ecdsa.sh @@ -0,0 +1,104 @@ +#!/bin/sh + +# Copyright (C) 2011-2012 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +TMPFILE=ecdsa.$$.tmp +TMPCA=ecdsa-ca.$$.tmp +TMPCAKEY=ecdsa-ca-key.$$.tmp +TMPSUBCA=ecdsa-subca.$$.tmp +TMPSUBCAKEY=ecdsa-subca-key.$$.tmp +TMPKEY=ecdsa-key.$$.tmp +TMPTEMPL=template.$$.tmp +TMPUSER=user.$$.tmp +VERIFYOUT=verify.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +echo ca > $TMPTEMPL +echo "cn = ECDSA SHA 256 CA" >> $TMPTEMPL + +"${CERTTOOL}" --generate-privkey --ecc > $TMPCAKEY 2>/dev/null + +"${CERTTOOL}" -d 2 --generate-self-signed --template $TMPTEMPL \ + --load-privkey $TMPCAKEY \ + --outfile $TMPCA \ + --hash sha256 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo ca > $TMPTEMPL +"${CERTTOOL}" --generate-privkey --ecc > $TMPSUBCAKEY 2>/dev/null +echo "cn = ECDSA SHA 224 Mid CA" >> $TMPTEMPL + +"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPCAKEY \ + --load-ca-certificate $TMPCA \ + --load-privkey $TMPSUBCAKEY \ + --outfile $TMPSUBCA \ + --hash sha224 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo "cn = End-user" > $TMPTEMPL + +"${CERTTOOL}" --generate-privkey --ecc > $TMPKEY 2>/dev/null + +"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPSUBCAKEY \ + --load-ca-certificate $TMPSUBCA \ + --load-privkey $TMPKEY \ + --outfile $TMPUSER >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +cat $TMPUSER $TMPSUBCA $TMPCA > $TMPFILE +"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYOUT + +if [ $? != 0 ]; then + cat $VERIFYOUT + exit 1 +fi + +rm -f $VERIFYOUT $TMPUSER $TMPCA $TMPSUBCA $TMPTEMPL $TMPFILE +rm -f $TMPSUBCAKEY $TMPCAKEY $TMPKEY + +"${CERTTOOL}" -k < "${srcdir}/data/bad-key.pem" | grep "validation failed" >/dev/null 2>&1 +if [ $? != 0 ]; then + echo "certtool didn't detect a bad ECDSA key." + exit 1 +fi + +exit 0 diff --git a/tests/cert-tests/email-certs/chain.exclude.test.example.com b/tests/cert-tests/email-certs/chain.exclude.test.example.com new file mode 100644 index 0000000..7226a8a --- /dev/null +++ b/tests/cert-tests/email-certs/chain.exclude.test.example.com @@ -0,0 +1,39 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIMVRJ7oiGeLogGT+VcMA0GCSqGSIb3DQEBCwUAMA8xDTAL +BgNVBAMTBENBLTAwIhgPMjAxNTAzMjUwOTEwNThaGA85OTk5MTIzMTIzNTk1OVow +HjEcMBoGA1UEAwwTaW52YWxpZEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKVbRP7A9xBHIdw0/XWrGxX4IA5vW3XWBQV+ZOeSQjl2 +plKv6nFrkrnrutZgsj1AJAWWAQGgx450k0OSK4odXya1O9I8gZbJvcL7c/ybim0A +7y2UIX5o0XnVaBDCCICaHu9tOkP41lGhvlrZG6SIj+uPKuQ/kF/9wgjqWxHWInpK +5KlWam60F0/zYaW4IZWtn6OUx99oRNL24xQNeNTwgsd+TyB3r+aNtZNJdeyCsoLz +GyjKzMLKGEnaxYKmejqxUtZU27SNQ0lecnnAA/+g0ZiJFjxcrgE4cEVdZmN5yEp6 +8pUOJOqhnLS4/ZNEwtmHdnhtPC09RPpOfkALQbTZxskCAwEAAaN+MHwwDAYDVR0T +AQH/BAIwADAbBgNVHREEFDASgRB0ZXN0QGV4YW1wbGUuY29tMA8GA1UdDwEB/wQF +AwMHoAAwHQYDVR0OBBYEFA4X9XiZH9XRlfBLqJkj5cLTd308MB8GA1UdIwQYMBaA +FDv0mU9DC+eh9mYCvOz369Zt5r6OMA0GCSqGSIb3DQEBCwUAA4IBAQB3vaplBiV+ +LmX+/i4legZ5/dnq+nqReQY+uV0Oibm860cdv9puxTQpdUM6VLMbq0VHivBpAdtP +fOhO0zloNtD1Fy6CrKqm+9EVaDlFOZJUvSZou3wlftLD8LmgRQG9Bjn0J0G3I8ih +g5eoR4sIuwXlACJFWAwq1lSjbO4NYUfUOaxMQqkj17/jwdBzLQVd8jM29UStPUKH +qGj0poNoLxFihqo7oSuOokrHE6cdMGNOA5KilSTGihRnsRjkJP5ymdhavMHX3M+W +ZzWBFu3N3T5iNxcH2l5MrHxFZQIfrqxlBl9lYfDnKxth/iTx0GalZU5nlZAZoEHr +XsQjltZdmjyq +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAfygAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCIYDzIwMTUwMzI1MDkxMDU4WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT +BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7v8qv89J0psF6 +lTa1Fm4qMyz2ZByNYRw5yB1MYQu8JGLhrmaBJccUSD5o3chZSuje6Ae2/0UNmdd1 +xBhxfCkoDyjehGT0lwMxbTkiVA1mFpmEEqbilNrR2QszADKpGda4Yvv3k6RnVNEX +/Je0PxM5Jy9pxzvHS7wf7bAeAeCBdS8ukocbQHPcenTPvK8OWc+TrO9txyEeZTvw +pNGyjUJUJIsrt7EL1u3U7TpfCHjZaOY+7flyFPT8g55gpBFFB5hYBAlbILEewvMk +4pjlGjonfEBQk4mC37sWFN019r/dm1TBcycnKfhk+Uwszz718kps9l+RVc8luxxf +12+rkvyjAgMBAAGjdzB1MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0eAQH/BBMwEaEP +MA2BC2V4YW1wbGUuY29tMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQF +AwMHBgAwHQYDVR0OBBYEFDv0mU9DC+eh9mYCvOz369Zt5r6OMA0GCSqGSIb3DQEB +CwUAA4IBAQAuXK53yLcnupMI9+ijSbSZ24nT9pnJnoiVUsS0wpiO01PnCxwjGKSJ +WPBwSwtoQ//uE3nIXgK24nd9+/Su/GV0sIN2dutoekfa+2dCq+I1bOa21C6Jdfdp +FSFHR1XiXcNTaNBTjXpoVlxtFBAQDPHzI6fKCB+5NFaUYoLiJGq2ZiJR/DXGtEJy +ttOhhheWFq44YD3Rne4+KbIp71qOUw50YayTb/eJlUYs9rWwg6p/koBMCoPkleLa +5IQnajuyBqRz715s806esKrcLSu/OK5X07jA3r67iMt3e7D5U/XOpk858xeblfTN +pQvTr4SDv4SkWtQKZufF5VcnVnG2UpBz +-----END CERTIFICATE----- diff --git a/tests/cert-tests/email-certs/chain.invalid.example.com b/tests/cert-tests/email-certs/chain.invalid.example.com new file mode 100644 index 0000000..c2b48a4 --- /dev/null +++ b/tests/cert-tests/email-certs/chain.invalid.example.com @@ -0,0 +1,39 @@ +-----BEGIN CERTIFICATE----- +MIIDMjCCAhqgAwIBAgIMVRJ76imfHf/L2ojCMA0GCSqGSIb3DQEBCwUAMA8xDTAL +BgNVBAMTBENBLTAwIhgPMjAxNTAzMjUwOTEyMTBaGA85OTk5MTIzMTIzNTk1OVow +HjEcMBoGA1UEAwwTaW52YWxpZEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALNIeTFdw0PkvtLzd9StMFzq8OO13ZSloMWhzBKaEzDF +lps4lpohgGQBxadgXllXrVmU87d5anUys+2RPzDlZ1+dlz0OWuzn00fF3P1dqiYB +XVB3UUm7NmF8V9f/+M555LbIaZ/MoOiyGtgYSNl6tB6jvvV6OmTj+ra6shvd6yif +aEJN2nvhphTekogsJILFKZYWNJRQQaBPm1s8L9T4yHlH1fE/A3pwntRyzQjaAhon +99JmnD6w/42bUVTJwLXOcQdlTPCpGgtNFwwcQtaEIRaaN4i3wRl/IMenP9mUHZNj +5sUAwWwhsss5r8p4W8trCY5xNNANECO9wLz92GYDt5MCAwEAAaN7MHkwDAYDVR0T +AQH/BAIwADAYBgNVHREEETAPgQ10ZXN0QGNvbGEuY29tMA8GA1UdDwEB/wQFAwMH +oAAwHQYDVR0OBBYEFJ4DXbljmFo5rsbCBIjRMzcxNW+fMB8GA1UdIwQYMBaAFJd2 +QavrmVCC37adJaKR4AutLF3nMA0GCSqGSIb3DQEBCwUAA4IBAQC//D2f2dOG0lSE +qwwYtHfFtdq7rp/PmIJ4kU6HTQh9YDPjKxY5MK286dfO2bwnEFZpIL5ur3U9QWi2 +DDrHbCO6AgTcI/VzQRkKcbSvKUjD45e3awaZY9U87T+7LikpN7BmWtRW04DikiyQ +l2JScZAjUHEZLsfmBBiDlTAaSUVLEuc9lBp8wR/9TvIIUy05QbLvWax+35zFH8Xu +f+AvhgF05SCwJcFldF9CvDeZjM0v9K0G9jh8srAXMGXqQhelA8K1tM2mW/Jc2izj +E7Ct2+Q5BP20MQsIzXWzDBqUQX2akysjecgHXt5pc0C3NkBXSynM6jdLIzDThvMR +apUdAi3S +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAfygAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCIYDzIwMTUwMzI1MDkxMjEwWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT +BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUU/Q2Igkm2WWD +y0FiHOSOfLJUSUeE5YBmC5PHMf3wClKBATauBVGxShKdiUNAAc01YqXSI2/lCYPh +Vh4edsOSXnNYTv1lKHBkDANtbTqWlwvmT7vhcSGBwWqaRbUh6f1nN3tl1GLaO4W5 +iZkeKrMXTAjWaZF6t92g0/rqNJ6HvVzMfwEXYpgQPh+mUVM8nzdBB3PRg2uURyUn +Z7yEQ81j/Kr/o+jsbjmswZAspe7G+tLx5+ArutS4GOQE7Y94xVopPybvXWG9mxes +6U2tth2SzJHgwR49adjOmNtmtWDRZVNPN5zgS2jqRByC/xjuiP/H8jLzxoedoMBE +CsjR4eXzAgMBAAGjdzB1MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0eAQH/BBMwEaAP +MA2BC2V4YW1wbGUuY29tMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQF +AwMHBgAwHQYDVR0OBBYEFJd2QavrmVCC37adJaKR4AutLF3nMA0GCSqGSIb3DQEB +CwUAA4IBAQASvISiHh72eF3g10YC7yPw7zUOSSbi4LepDwY7roCZqHAVd+CxDvD5 +y/ixjWYnCRlAptTTKUb4Qxrtsm8idnVcCfTlsX62iGdmdK80192YHCo2vZl2vbcl +U12RdYczmEs1Z8D8DRTueWu/FrRGcR325w/gqKXp03qxsNEhdr1oqUpW9rgz8j64 +Aktha5Fdt8qfEgEX5IWREu9wRvudUC1Pmc8IVtN6sCEWyPIGdT7bHhADZuJvljWB +8XECX7vWGKbJ2k2dHNv2poCVWfmpbd2XShUi4t37TrNjQWV6Xu/mQiEEJ9gVtx7a +rvV1/5LfKmbzaeWyAlqwvNHK+gCXjfyU +-----END CERTIFICATE----- diff --git a/tests/cert-tests/email-certs/chain.test.example.com b/tests/cert-tests/email-certs/chain.test.example.com new file mode 100644 index 0000000..464ed8f --- /dev/null +++ b/tests/cert-tests/email-certs/chain.test.example.com @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIMVRJ7XRPAtGI7FZy5MA0GCSqGSIb3DQEBCwUAMA8xDTAL +BgNVBAMTBENBLTAwIhgPMjAxNTAzMjUwOTA5NDlaGA85OTk5MTIzMTIzNTk1OVow +HjEcMBoGA1UEAwwTaW52YWxpZEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKrAF+UWjc0obVNshwH4VbKfWCMjN1ClnKoZkLzCE/XH +xiVceDcYtPA1LxCpwcoE+2NDasvq1MbLECSsd8JdLXQbVcducOG6b5q2anvRHxDl +v8UwD+Xvz3F6pcH81z7YOQXn69aCZ77C5SZksMDuWBrxk6Wfej6DDg5iwXpm6Z/v +7gOHuX/0+qrAvhHhgC3YXwCeSggMH4jrd7ct8wcgAXnmS/cD3BIRdeE/EGyZSuPX +Ra72z6c0WBCeWKNctCKTpvqo4d5Ye6blrII6zabmiCQMOt25AMRJx+Qa7eAh9QvL +ed5VzCsm4KvOyR5kv+Ewu12ixu7YIAjPDx+7wBzfHBsCAwEAAaN+MHwwDAYDVR0T +AQH/BAIwADAbBgNVHREEFDASgRB0ZXN0QGV4YW1wbGUuY29tMA8GA1UdDwEB/wQF +AwMHoAAwHQYDVR0OBBYEFG2Do4EM8lzRfh4zghLd2+T9SerGMB8GA1UdIwQYMBaA +FIvLg6ukRiLFDPsONyGBo4dJo5TcMA0GCSqGSIb3DQEBCwUAA4IBAQCha3QFzq1o +nvr8M8BCajHHNom8FYEyepRrUW1W9eGIxdWLbvdW53jPZDqXyPrpuU4sG+8Xa5TY +1O9/o1M/y1Dx8n9MDZcO2xH7Pa3rQbxDknMSsSpcQPnyjzdXfMHMb0z/IbGcxk9t +Y/UOUKxSY3xrIrxbxK0BD53fy3FrXyNaRALvTFU2YYLYq7GiGYSdTDi8bF7gwWz9 +lXg7JoVxWYRe9dTL6KItPpMFnkFL+A35E+GDQ7AV2pt6nHKsujgOwuDhfOiWZF7t ++Nvtwmd7bw0VaTttkqqFKgybCBvHEpWauC1ccmOURETqObGd+8Wiv4S1Cb9hbI8w +AfktJ54qMLnj +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC9TCCAd2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCIYDzIwMTUwMzI1MDkwOTQ5WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT +BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6m3amKg59nR/8 +DtG8nFrZIlSAbD3XUb9y8c4AldWkz+I4iQ54R/XkLEAvmgT1QfRvfQ8Gunum3F4d +AwuB7z2khymwRgEbunGv5weXaJk8TDMxufBeaO3hsYpmXYHIL8r5rWnbrtm06ojX +YNKCkJOpmNtO0rePxqMj+Kz0rjU4/2gOzN2+w3Bbnjtq1wX/wc0CuAIQXwTooe/H +FAh4FzEI0nvq1i7SRXcd7HouaeFdME2NQyMwJvzqHrBgDSir76o3XVS5fDiTwB6s +85gYHbnGj0kbC6ZVC3j1Maw7+qciMpRHBe6GWexwSdi+wQ5tp/YCOtPqDezgArC+ +0/KePbFtAgMBAAGjWDBWMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB +BQUHAwkwDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUi8uDq6RGIsUM+w43IYGj +h0mjlNwwDQYJKoZIhvcNAQELBQADggEBAFHdB9dQXRQ99xR16OU5V8PNl2WScCBL +PwKHY4vnw//jpPINIcdOw0trj9+vr0airOoeD239f8Hyrr/TJfqFMxhDdUrbkz4B +UkjGFmI2u7t7XDWDw1U4r8meN6zL5TehIgdScFeQEqcmHQt7/ZfP5kbUOSWg4MXi +OhG9yvhOxNgV4wpxevZoRmSrUGcOlFZPjXgzG+DywOzMu9LVkJYcOA1h67zirtKg +s64UBvkl2cstimnyhSZWyUbfnRQQX99JFUj0FQU5Mf67a9CJh66k5Zfc90wF45Bz +azAECqpbyVzKGtHNHjYLy7pymqAtDQHUNj2+Fss10koCEAF682O6nUo= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/email-certs/chain.test.example.com-2 b/tests/cert-tests/email-certs/chain.test.example.com-2 new file mode 100644 index 0000000..640bb60 --- /dev/null +++ b/tests/cert-tests/email-certs/chain.test.example.com-2 @@ -0,0 +1,39 @@ +-----BEGIN CERTIFICATE----- +MIIDNTCCAh2gAwIBAgIMVRJ7zy/JcGMexTfmMA0GCSqGSIb3DQEBCwUAMA8xDTAL +BgNVBAMTBENBLTAwIhgPMjAxNTAzMjUwOTExNDNaGA85OTk5MTIzMTIzNTk1OVow +HjEcMBoGA1UEAwwTaW52YWxpZEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALHCzLU4r2pNu/ZU3xwKAVwHYs773CFOF0rFVggPb8qy +fDoOKi2hTgqxahe7rbaoWh/JL5UNoUOIN8riA24Ul3O2as50J/Zup1lcjk/TBb3H +1LL01vsIg7VQvE083tab2cBt4pR3WLgrRaijMaXQrZX8Ua5TD/pOT9ZYt9jL9c9L +CGIRuiBKyNyPZxhXps2BAuUkQgvb3mEEg4NtzCEai/HdrFYYWDwPpsiMmjAk4J34 +OL7pqPHqUh6CaboY80Val0Ri4Fhw8M52pbdx9hISnjM6di4bG8XNtaaC547B6JfY +UTrMwxCgprFXKmnbRgtM7gODUtpaS+r1WJ1pGonGIoMCAwEAAaN+MHwwDAYDVR0T +AQH/BAIwADAbBgNVHREEFDASgRB0ZXN0QGV4YW1wbGUuY29tMA8GA1UdDwEB/wQF +AwMHoAAwHQYDVR0OBBYEFCQ5delYC4N0trL3bbanR+DXdqkaMB8GA1UdIwQYMBaA +FCuSPJa0Adspta0MhNxqidruR6aaMA0GCSqGSIb3DQEBCwUAA4IBAQClKoXV1Dfo +97cEgKmXJSpSoHcgDkosHuTdF1Up0R9zzeUSMtAPMDO3N0I84RQAHpHwzwh+kTB9 +M/XxmsMBU0GBHh/rFcKoz+xlHc+uYd9C3wA3JQGQ/6f7oXf+w9R+adcsytHqDrh5 +B0bCFllkmPh1+QC+LoL6HrfQuXCon8BlX8CBTfwQVzfzR7B4kpu7KeG9dPHaDdyK +3/WWEEk7cxuaiZc0ZEzSrY9TXuELdBgd5I7jh7Z3QBfJzV/P5ekvkMODR0N7iFMl +GXKtvzIqIs4GKjG9jK4817bOHaqrum81YhESmKne96R0EkL3+BZl8LJbcJ4ZZsaq +kTAWnjrdgeIK +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDFDCCAfygAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w +MCIYDzIwMTUwMzI1MDkxMTQzWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT +BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhxyFpxx/Bqkl7 +kPnM2GYUGUvgb5psv9nERXsAtWKSIdGcw8DQfjCSnF0AmReGfnepVcJlwiFEmOA6 +v4lY5bC6JCv62bJmZ8AN/s9OeOICRIY/HUgSKqe9qiLnciVscJG/9FOvk6kP5QJ9 +zD9OiAzuPtQcoMX634kjIeTTyxvWxKR73zNf0NuZtrS2Xt2oKx4dxG/NtuuW37I8 +3x4OGpBEu/h1Bxr9+8fj/taPOZ1zPqAPJWprnkZr+LEaiTyIPtGep2fQ5T5AsXFu +AfFryIhtrlW2Kq6STvM5JrmUQwqYO3T8XJ3xSzsLgoRuu37Ojb/1zbVNoy7qqr+Y +HEYT54TlAgMBAAGjdzB1MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0eAQH/BBMwEaAP +MA2BC2V4YW1wbGUuY29tMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQF +AwMHBgAwHQYDVR0OBBYEFCuSPJa0Adspta0MhNxqidruR6aaMA0GCSqGSIb3DQEB +CwUAA4IBAQCl5EcG7lAvQKpNAkABLltCUf7YEJ8QbE8v0TiE3zkFc6amiOAUvsSa +Iqdy4KAAjESn3TzKOkgFhkj63SoIk0+sDQ4P1ISjup89ldGDV07iMBW/lYoJvMvP +xkNxfnC16YxJ0rWX04HSGqPDd+nHTvm2bV99COalsMltkEBMUxUNbw7ZQ+hhkhzd ++IOJZ4uDBXP6vI4gE4nBmphAVMKxlEH6ZwdxAmJbf21tmnFoSYu1pdLx72PQUbCf +ZPWn2aAgvFiWQhZMqbThsGe8bfWfs3T1Q8s0eRZqvDSOdMvt+V2+dyq5KzLbyDse +HVkxGHoYlU9bMwRFx2q87ku232ytuVId +-----END CERTIFICATE----- diff --git a/tests/cert-tests/email.sh b/tests/cert-tests/email.sh new file mode 100755 index 0000000..1629fec --- /dev/null +++ b/tests/cert-tests/email.sh @@ -0,0 +1,100 @@ +#!/bin/sh + +# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +DIFF=$"{DIFF:-diff}" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.exclude.test.example.com" --verify-email test@example.com +rc=$? + +if test "${rc}" != "1"; then + echo "email test 1 failed" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.exclude.test.example.com" --verify-email invalid@example.com +rc=$? + +if test "${rc}" != "1"; then + echo "email test 2 failed" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com" --verify-email test@example.com +rc=$? + +if test "${rc}" != "0"; then + echo "email test 3 failed" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com" --verify-email invalid@example.com +rc=$? + +if test "${rc}" != "1"; then + echo "email test 4 failed" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.invalid.example.com" --verify-email invalid@example.com +rc=$? + +if test "${rc}" != "1"; then + echo "email test 5 failed" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.invalid.example.com" --verify-email test@cola.com +rc=$? + +if test "${rc}" != "1"; then + echo "email test 6 failed" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com-2" --verify-email test@example.com +rc=$? + +if test "${rc}" != "0"; then + echo "email test 7 failed" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/email-certs/chain.test.example.com-2" --verify-email invalid@example.com +rc=$? + +if test "${rc}" != "1"; then + echo "email test 8 failed" + exit 1 +fi + + +exit 0 diff --git a/tests/cert-tests/gost.sh b/tests/cert-tests/gost.sh new file mode 100755 index 0000000..c16c539 --- /dev/null +++ b/tests/cert-tests/gost.sh @@ -0,0 +1,165 @@ +#!/bin/sh + +# Copyright (C) 2016-2017 Free Software Foundation, Inc. +# +# Author: Dmitry Eremin-Solenikov +# +# This file is part of GnuTLS. +# +# The GnuTLS is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public License +# as published by the Free Software Foundation; either version 2.1 of +# the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +TMPFILE=gost.$$.tmp +TMPCA=gost-ca.$$.tmp +TMPCAKEY=gost-ca-key.$$.tmp +TMPSUBCA=gost-subca.$$.tmp +TMPSUBCAKEY=gost-subca-key.$$.tmp +TMPKEY=gost-key.$$.tmp +TMPTEMPL=template.$$.tmp +TMPUSER=user.$$.tmp +VERIFYOUT=verify.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +echo ca > $TMPTEMPL +echo "cn = GOST STREEBOG 256 CA" >> $TMPTEMPL + +"${CERTTOOL}" --generate-privkey --key-type gost12-512 --curve TC26-512-A > $TMPCAKEY 2>/dev/null +#"${CERTTOOL}" --generate-privkey --key-type gost12-256 --curve CryptoPro-XchA > $TMPCAKEY 2>/dev/null + +"${CERTTOOL}" -d 2 --generate-self-signed --template $TMPTEMPL \ + --load-privkey $TMPCAKEY \ + --outfile $TMPCA \ + >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo ca > $TMPTEMPL +"${CERTTOOL}" --generate-privkey --key-type gost12-256 --curve CryptoPro-A > $TMPSUBCAKEY 2>/dev/null +echo "cn = GOST STREEBOG-256 Mid CA" >> $TMPTEMPL + +"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPCAKEY \ + --load-ca-certificate $TMPCA \ + --load-privkey $TMPSUBCAKEY \ + --outfile $TMPSUBCA \ + >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo "cn = End-user" > $TMPTEMPL + +"${CERTTOOL}" --generate-privkey --key-type gost01 --curve CryptoPro-XchA > $TMPKEY 2>/dev/null + +"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPSUBCAKEY \ + --load-ca-certificate $TMPSUBCA \ + --load-privkey $TMPKEY \ + --outfile $TMPUSER >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +cat $TMPUSER $TMPSUBCA $TMPCA > $TMPFILE +"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYOUT + +if [ $? != 0 ]; then + cat $VERIFYOUT + exit 1 +fi + +echo "cn = End-user" > $TMPTEMPL + +"${CERTTOOL}" --generate-privkey --key-type gost01 --curve TC26-256-B > $TMPKEY 2>/dev/null + +"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPSUBCAKEY \ + --load-ca-certificate $TMPSUBCA \ + --load-privkey $TMPKEY \ + --outfile $TMPUSER >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +cat $TMPUSER $TMPSUBCA $TMPCA > $TMPFILE +"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYOUT + +if [ $? != 0 ]; then + cat $VERIFYOUT + exit 1 +fi + +"${CERTTOOL}" -i < "${srcdir}"/data/grfc.crt --outfile $TMPFILE +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +if ! cmp "${srcdir}"/data/grfc.crt $TMPFILE ; then + cat $TMPFILE + exit 1 +fi + +"${CERTTOOL}" -i < "${srcdir}"/data/gost-cert-ca.pem --outfile $TMPFILE +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +if ! cmp "${srcdir}"/data/gost-cert-ca.pem $TMPFILE ; then + cat $TMPFILE + exit 1 +fi + +"${CERTTOOL}" -i < "${srcdir}"/data/gost-cert-new.pem --outfile $TMPFILE +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +if ! cmp "${srcdir}"/data/gost-cert-new.pem $TMPFILE ; then + cat $TMPFILE + exit 1 +fi + +"${CERTTOOL}" --verify --load-ca-certificate "${srcdir}"/data/gost-cert-ca.pem --infile "${srcdir}"/data/gost-cert-new.pem --outfile $TMPFILE +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +rm -f $VERIFYOUT $TMPUSER $TMPCA $TMPSUBCA $TMPTEMPL $TMPFILE +rm -f $TMPSUBCAKEY $TMPCAKEY $TMPKEY + +exit 0 diff --git a/tests/cert-tests/illegal-rsa.sh b/tests/cert-tests/illegal-rsa.sh new file mode 100755 index 0000000..d0cb611 --- /dev/null +++ b/tests/cert-tests/illegal-rsa.sh @@ -0,0 +1,81 @@ +#!/bin/sh + +# Copyright (C) 2016 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${GREP=grep} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + +TMPFILE=tmp-key.$$.p8 + +${VALGRIND} "${CERTTOOL}" -k --password 1234 --infile "${srcdir}/data/p8key-illegal.pem" +rc=$? +# We're done. +if test "${rc}" != "1"; then + echo "Error in importing illegal PKCS#8 key" + exit ${rc} +fi + +#check invalid RSA pem key. The key has even prime factor. +${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/key-illegal.pem" +rc=$? +# We're done. +if test "${rc}" != "1"; then + echo "Error in importing illegal RSA key" + exit ${rc} +fi + +#check invalid RSA pem key. The key has too large salt. +${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/key-illegal-rsa-pss.pem" +rc=$? +# We're done. +if test "${rc}" != "1"; then + echo "Error in importing illegal RSA-PSS key" + exit ${rc} +fi + +#sanity generation +${VALGRIND} "${CERTTOOL}" --generate-privkey --key-type rsa-pss --hash sha256 --salt-size 64 --bits 2048 >/dev/null +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in generating an RSA-PSS key" + exit ${rc} +fi + +# generate illegal value +${VALGRIND} "${CERTTOOL}" --generate-privkey --key-type rsa-pss --hash sha256 --salt-size 1024 --bits 2048 >/dev/null +rc=$? +# We're done. +if test "${rc}" != "1"; then + echo "Error: allowed generation of an illegal key" + exit ${rc} +fi + +rm -f $TMPFILE + +exit 0 diff --git a/tests/cert-tests/inhibit-anypolicy.sh b/tests/cert-tests/inhibit-anypolicy.sh new file mode 100755 index 0000000..e27e4a8 --- /dev/null +++ b/tests/cert-tests/inhibit-anypolicy.sh @@ -0,0 +1,87 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +export TZ="UTC" +TMPFILE=tmp-inhibit.pem.$$.tmp +TEMPLFILE=template.inhibit.$$.tmp +CAFILE=inhibit-ca.$$.tmp +SUBCAFILE=inhibit-subca.$$.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +datefudge -s "2017-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/key-ca.pem" \ + --template "${srcdir}/templates/inhibit-anypolicy.tmpl" \ + --outfile ${CAFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/inhibit-anypolicy.pem" ${CAFILE} +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "CA generation failed ${CAFILE}" + exit ${rc} +fi + +# generate leaf +echo ca > $TEMPLFILE +echo "cn = sub-CA" >> $TEMPLFILE + +datefudge -s "2017-04-23" \ +"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ + --load-ca-privkey "${srcdir}/data/key-ca.pem" \ + --load-ca-certificate $CAFILE \ + --load-privkey "${srcdir}/data/key-subca.pem" \ + --outfile $SUBCAFILE + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +cat $SUBCAFILE $CAFILE > ${TMPFILE} + +# we do not support the inhibit any policy extension for verification +datefudge -s "2017-04-25" "${CERTTOOL}" --verify-chain --infile ${TMPFILE} +rc=$? +if test "$rc" != "0"; then + echo "Verification failed unexpectedly ($rc)" + exit 1 +fi + +rm -f ${TMPFILE} +rm -f ${TEMPLFILE} +rm -f ${CAFILE} +rm -f ${SUBCAFILE} + +exit 0 diff --git a/tests/cert-tests/invalid-sig.sh b/tests/cert-tests/invalid-sig.sh new file mode 100755 index 0000000..53ef760 --- /dev/null +++ b/tests/cert-tests/invalid-sig.sh @@ -0,0 +1,103 @@ +#!/bin/sh + +# Copyright (C) 2015 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +. ${srcdir}/../scripts/common.sh + +#check whether a different PKCS #1 signature than the advertized in certificate is tolerated +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig.pem" +rc=$? + +# We're done. +if test $rc = 0; then + echo "Verification of invalid signature (1) failed" + exit 1 +fi + +#check whether a different tbsCertificate than the outer signature algorithm is tolerated +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig2.pem" +rc=$? + +# We're done. +if test $rc = 0; then + echo "Verification of invalid signature (2) failed" + exit 1 +fi + +#check whether a different tbsCertificate than the outer signature algorithm is tolerated +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig3.pem" +rc=$? + +# We're done. +if test $rc = 0; then + echo "Verification of invalid signature (3) failed" + exit 1 +fi + +#check whether different parameters in tbsCertificate than the outer signature is tolerated +${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig4.pem" +rc=$? + +# We're done. +if test $rc = 0; then + echo "Verification of invalid signature (4) failed" + exit 1 +fi + +#check whether different RSA-PSS parameters in tbsCertificate than the outer signature is tolerated +${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/invalid-sig5.pem" +rc=$? + +# We're done. +if test $rc = 0; then + echo "Verification of invalid signature (5) failed" + exit 1 +fi + +if check_for_datefudge; then + #this was causing a double free; verify that we receive the expected error code + datefudge -s 2020-01-01 \ + ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" + rc=$? + + # We're done. + if test $rc != 1; then + echo "Verification of invalid signature (6) failed" + exit 1 + fi +else + echo "Verification of invalid signature (6) skipped" +fi + +exit 0 diff --git a/tests/cert-tests/key-id.sh b/tests/cert-tests/key-id.sh new file mode 100755 index 0000000..9c88035 --- /dev/null +++ b/tests/cert-tests/key-id.sh @@ -0,0 +1,62 @@ +#!/bin/sh + +# Copyright (C) 2007-2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +TMPFILE=key-id.$$.tmp +TEMPLFILE=tmpl.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + +PARAMS="--generate-certificate --load-privkey '${srcdir}/data/key-user.pem' --load-ca-privkey '${srcdir}/data/key-ca.pem' --template $TEMPLFILE" + +echo "serial = 1" > $TEMPLFILE + +#eval "${CERTTOOL}" ${PARAMS} --load-ca-certificate $srcdir/ca-gnutls-keyid.pem \ +# --outfile user-gnutls-keyid.pem 2> /dev/null + +#eval "${CERTTOOL}" ${PARAMS} --load-ca-certificate $srcdir/ca-no-keyid.pem \ +# --outfile user-no-keyid.pem 2> /dev/null + +eval ${VALGRIND} "${CERTTOOL}" ${PARAMS} --load-ca-certificate "${srcdir}/data/ca-weird-keyid.pem" \ + --outfile $TMPFILE + +if ${VALGRIND} "${CERTTOOL}" -i < $TMPFILE \ + | grep '7a2c7a6097460603cbfb28e8e219df18deeb4e0d' > /dev/null; then +: +else + echo "Could not find CA SKI in user certificate." + exit 1; +fi + +rm -f $TEMPLFILE $TMPFILE + +# We're done. +exit 0 diff --git a/tests/cert-tests/key-invalid.sh b/tests/cert-tests/key-invalid.sh new file mode 100755 index 0000000..975687f --- /dev/null +++ b/tests/cert-tests/key-invalid.sh @@ -0,0 +1,55 @@ +#!/bin/sh + +# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc. +# Copyright (C) 2016 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +TMPFILE=key-invalid.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +ret=0 +for p8 in ${srcdir}/data/key-invalid*.der;do + set -- ${p8} + file="$1" + ${VALGRIND} "${CERTTOOL}" --inder --key-info \ + --infile "${file}" + rc=$? + if test ${rc} != 1; then + echo "FATAL ${p8} - errno ${rc}" + ret=1 + else + echo "OK ${p8} - errno ${rc}" + fi +done + +rm -f $TMPFILE + +echo "DONE (rc $ret)" +exit $ret diff --git a/tests/cert-tests/krb5-test.sh b/tests/cert-tests/krb5-test.sh new file mode 100755 index 0000000..caa7d54 --- /dev/null +++ b/tests/cert-tests/krb5-test.sh @@ -0,0 +1,108 @@ +#!/bin/sh + +# Copyright (C) 2015 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +OUTFILE=tmp-krb5name.pem +TMPLFILE=tmp-krb5name.tmpl + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +if ! test -z "${VALGRIND}"; then + ORIG_VALGRIND=${VALGRIND} + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3" +fi + +# Note that in rare cases this test may fail because the +# time set using datefudge could have changed since the generation +# (if example the system was busy) + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-krb5name.tmpl" \ + --outfile ${OUTFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/template-krb5name.pem" ${OUTFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 failed" + exit ${rc} +fi + +# disable all parameters to valgrind, to prevent memleak checking on +# the following tests (negative tests which have leaks in the tools). +if ! test -z "${ORIG_VALGRIND}"; then + VALGRIND=$(echo ${ORIG_VALGRIND}|cut -d ' ' -f 1) + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=3" +fi + +# Negative tests. Check against values which may cause problems +cp "${srcdir}/templates/template-krb5name.tmpl" ${TMPLFILE} +echo "krb5_principal = 'xxxxxxxxxxxxxx'" >>${TMPLFILE} + +datefudge -s "2007-04-22" \ +${VALGRIND} "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template ${TMPLFILE} \ + --outfile ${OUTFILE} 2>/dev/null + +rc=$? + +# We're done. +if test "${rc}" != "1"; then + echo "Negative Test 1 failed" + exit ${rc} +fi + +cp "${srcdir}/templates/template-krb5name.tmpl" ${TMPLFILE} +echo "krb5_principal = 'comp1/comp2/comp3/comp4/comp5/comp6/comp7/comp8/comp9/comp10@REALM.COM'" >>${TMPLFILE} + +datefudge -s "2007-04-22" \ +${VALGRIND} "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template ${TMPLFILE} \ + --outfile ${OUTFILE} 2>/dev/null + +rc=$? + +# We're done. +if test "${rc}" != "1"; then + echo "Negative Test 2 failed" + exit ${rc} +fi + +rm -f ${OUTFILE} +rm -f ${TMPLFILE} + +exit 0 diff --git a/tests/cert-tests/md5-test.sh b/tests/cert-tests/md5-test.sh new file mode 100755 index 0000000..7438e09 --- /dev/null +++ b/tests/cert-tests/md5-test.sh @@ -0,0 +1,59 @@ +#!/bin/sh + +# Copyright (C) 2006-2016 Free Software Foundation, Inc. +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +TMPFILE=md5.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +# Test MD5 signatures + +datefudge -s "2016-04-15" \ + "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/chain-md5.pem" >/dev/null 2>&1 +rc=$? +if test "${rc}" != "1"; then + echo "Test 1 (verification of RSA-MD5) failed" + exit ${rc} +fi + +datefudge -s "2016-04-15" \ + "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/chain-md5.pem" >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test 2 (verification of RSA-MD5 with allow-broken) failed" + exit ${rc} +fi + +rm -f "${TMPFILE}" + +exit 0 diff --git a/tests/cert-tests/name-constraints.sh b/tests/cert-tests/name-constraints.sh new file mode 100755 index 0000000..e0c1e74 --- /dev/null +++ b/tests/cert-tests/name-constraints.sh @@ -0,0 +1,68 @@ +#!/bin/sh + +# Copyright (C) 2015 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +TMPFILE=constraints.$$.pem.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +datefudge -s "2016-04-22" \ + ${VALGRIND} "${CERTTOOL}" --verify-allow-broken -e --infile "${srcdir}/data/name-constraints-ip.pem" +rc=$? + +if test "${rc}" != "0"; then + echo "name constraints test 1 failed" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/name-constraints-ip2.pem" --outfile "${TMPFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "name constraints test 2 failed" + exit 1 +fi + +${DIFF} -I ^warning "${TMPFILE}" "${srcdir}/data/name-constraints-ip2.pem" >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + echo "name constraints test 3 failed" + exit 1 +fi + +rm -f "${TMPFILE}" + +exit 0 diff --git a/tests/cert-tests/othername-test.sh b/tests/cert-tests/othername-test.sh new file mode 100755 index 0000000..40eb6c1 --- /dev/null +++ b/tests/cert-tests/othername-test.sh @@ -0,0 +1,76 @@ +#!/bin/sh + +# Copyright (C) 2015 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +OUTFILE=tmp-othername.pem + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +# Note that in rare cases this test may fail because the +# time set using datefudge could have changed since the generation +# (if example the system was busy) + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-othername.tmpl" \ + --outfile ${OUTFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/template-othername.pem" ${OUTFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 (othername) failed" + exit ${rc} +fi + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-othername-xmpp.tmpl" \ + --outfile ${OUTFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/template-othername-xmpp.pem" ${OUTFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 (xmpp) failed" + exit ${rc} +fi + + + +rm -f ${OUTFILE} + +exit 0 diff --git a/tests/cert-tests/pathlen.sh b/tests/cert-tests/pathlen.sh new file mode 100755 index 0000000..b5cd7d7 --- /dev/null +++ b/tests/cert-tests/pathlen.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +TMPFILE1=ca-no-pathlen-$$.tmp +TMPFILE2=no-ca-or-pathlen-$$.tmp +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/ca-no-pathlen.pem" \ + |grep -v "Algorithm Security Level"|grep -v ^warning > $TMPFILE1 +rc=$? + +if test "${rc}" != "0"; then + echo "info 1 failed" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/no-ca-or-pathlen.pem" \ + |grep -v "Algorithm Security Level" > $TMPFILE2 +rc=$? + +if test "${rc}" != "0"; then + echo "info 2 failed" + exit ${rc} +fi + +${DIFF} "${srcdir}/data/ca-no-pathlen.pem" $TMPFILE1 +rc1=$? +${DIFF} "${srcdir}/data/no-ca-or-pathlen.pem" $TMPFILE2 +rc2=$? + + +# We're done. +if test "${rc1}" != "0"; then + exit ${rc1} +fi + +rm -f $TMPFILE1 $TMPFILE2 + +exit ${rc2} diff --git a/tests/cert-tests/pem-decoding.sh b/tests/cert-tests/pem-decoding.sh new file mode 100755 index 0000000..dc9380c --- /dev/null +++ b/tests/cert-tests/pem-decoding.sh @@ -0,0 +1,223 @@ +#!/bin/sh + +# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +. "${srcdir}/../scripts/common.sh" + +TMPFILE=tmp-$$.pem.tmp +TMPFILE1=tmp1-$$.pem.tmp +TMPFILE2=tmp2-$$.pem.tmp + +#check whether "funny" spaces can be interpreted +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/funny-spacing.pem" >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Funny-spacing cert decoding failed 1" + exit ${rc} +fi + +#check whether a BMPString attribute can be properly decoded +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/bmpstring.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "BMPString cert decoding failed 1" + exit ${rc} +fi + +check_if_equal "${srcdir}/data/bmpstring.pem" ${TMPFILE} "Algorithm Security Level" +rc=$? + +if test "${rc}" != "0"; then + echo "BMPString cert decoding failed 2" + exit ${rc} +fi + +#check whether complex-cert is decoded as expected +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/complex-cert.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "Complex cert decoding failed 1" + exit ${rc} +fi + +check_if_equal "${srcdir}/data/complex-cert.pem" ${TMPFILE} "Not After:|Algorithm Security Level" +rc=$? + +if test "${rc}" != "0"; then + echo "Complex cert decoding failed 2" + exit ${rc} +fi + +#check whether the cert with many othernames is decoded as expected +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/xmpp-othername.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "XMPP cert decoding failed 1" + exit ${rc} +fi + +check_if_equal "${srcdir}/data/xmpp-othername.pem" ${TMPFILE} "^warning|Not After:|Algorithm Security Level" +rc=$? + +if test "${rc}" != "0"; then + echo "XMPP cert decoding failed 2" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/template-krb5name.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "XMPP cert decoding failed 1" + exit ${rc} +fi + +grep "KRB5Principal:" ${TMPFILE} >${TMPFILE1} +grep "KRB5Principal:" "${srcdir}/data/template-krb5name-full.pem" >${TMPFILE2} +check_if_equal ${TMPFILE1} ${TMPFILE2} +rc=$? + +if test "${rc}" != "0"; then + echo "KRB5 principalname cert decoding failed 1" + exit ${rc} +fi + + +#check whether the cert with GOST parameters is decoded as expected +if test "${ENABLE_GOST}" = "1"; then + GOSTCERT="${srcdir}/data/gost-cert.pem" +else + GOSTCERT="${srcdir}/data/gost-cert-nogost.pem" +fi + +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${GOSTCERT}" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "GOST cert decoding failed 1" + exit ${rc} +fi + +check_if_equal ${TMPFILE} "${GOSTCERT}" +rc=$? + +if test "${rc}" != "0"; then + echo "GOST cert decoding failed 2" + exit ${rc} +fi + +#check whether the cert with GOST 31.10/11-94 parameters is decoded as expected +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/gost94-cert.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "GOST94 cert decoding failed 1" + exit ${rc} +fi + +check_if_equal ${TMPFILE} "${srcdir}/data/gost94-cert.pem" "Algorithm Security Level" +rc=$? + +if test "${rc}" != "0"; then + echo "GOST94 cert decoding failed 2" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/multi-value-dn.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "MV-DN cert decoding failed 1" + exit ${rc} +fi + +# Needed for FIPS140 mode +check_if_equal "${srcdir}/data/multi-value-dn.pem" ${TMPFILE} "Algorithm Security Level:" +rc=$? + +if test "${rc}" != "0"; then + echo "MV-DN cert decoding failed 2" + exit ${rc} +fi + +#check if --no-text works as expected +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/cert-ecc256.pem" --no-text --outfile ${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "--no-text -k --certificate-info failed 1" + exit ${rc} +fi + +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then + echo "--no-text -k --certificate-info failed 2" + exit 1 +fi + +#check if --no-text works as expected +${VALGRIND} "${CERTTOOL}" --certificate-pubkey --infile "${srcdir}/data/cert-ecc256.pem" --no-text --outfile ${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "--no-text cert pubkey failed 1" + exit ${rc} +fi + +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then + echo "--no-text cert pubkey failed 2" + exit 1 +fi + +#check if --no-text works as expected +${VALGRIND} "${CERTTOOL}" --pubkey-info --infile "${srcdir}/data/cert-ecc256.pem" --no-text --outfile ${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "--no-text pubkey info failed 1" + exit ${rc} +fi + +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then + echo "--no-text pubkey info failed 2" + exit 1 +fi + +rm -f ${TMPFILE} ${TMPFILE1} ${TMPFILE2} + +exit 0 diff --git a/tests/cert-tests/pkcs1-pad.sh b/tests/cert-tests/pkcs1-pad.sh new file mode 100755 index 0000000..c8f34e4 --- /dev/null +++ b/tests/cert-tests/pkcs1-pad.sh @@ -0,0 +1,109 @@ +#!/bin/sh + +# Copyright (C) 2004-2006, 2008-2010, 2012 Free Software Foundation, +# Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +TMPFILE1=pkcs1-pad.$$.tmp +TMPFILE2=pkcs1-pad-2.$$.tmp + +# Test 1, PKCS#1 pad digestAlgorithm.parameters + +EXPECT1=2002 + +datefudge "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok.pem" | tee $TMPFILE1 >/dev/null 2>&1 +datefudge "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken.pem" | tee $TMPFILE2 >/dev/null 2>&1 + +out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` +out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "` +out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "` +out2fails=`grep 'Not verified.' $TMPFILE2 | wc -l | tr -d " "` + +if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT1}"; then + echo "$TMPFILE1 oks ${out1oks} fails ${out1fails} $TMPFILE2 oks ${out2oks} fails ${out2fails}" + echo "expected ${EXPECT1}" + echo "PKCS1-PAD1 FAIL" + exit 1 +fi + +rm -f $TMPFILE1 $TMPFILE2 + +echo "PKCS1-PAD1 OK" + +# Test 2, Bleichenbacher's Crypto 06 rump session + +EXPECT2=2002 + +datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok2.pem" | tee $TMPFILE1 >/dev/null 2>&1 +datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken2.pem" | tee $TMPFILE2 >/dev/null 2>&1 + +out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` +out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "` +out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "` +out2fails=`grep 'Not verified.' $TMPFILE2 | wc -l | tr -d " "` + +if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT2}"; then + echo "$TMPFILE1 oks ${out1oks} fails ${out1fails} $TMPFILE2 oks ${out2oks} fails ${out2fails}" + echo "expected ${EXPECT2}" + echo "PKCS1-PAD2 FAIL" + exit 1 +fi + +rm -f $TMPFILE1 $TMPFILE2 + +echo "PKCS1-PAD2 OK" + +# Test 3, forged Starfield certificate, +# by Andrei Pyshkin, Erik Tews and Ralf-Philipp Weinmann. + + +datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken3.pem" | tee $TMPFILE1 >/dev/null 2>&1 + +out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` +out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "` + +if test ${out1fails} -lt 2 || test ${out1oks} != 0;then + echo "$TMPFILE1 oks ${out1oks} fails ${out1fails}" + echo "expected ${EXPECT3}" + echo "PKCS1-PAD3 FAIL" + exit 1 +fi + +rm -f $TMPFILE1 + +echo "PKCS1-PAD3 OK" + +# We're done. +exit 0 diff --git a/tests/cert-tests/pkcs12-corner-cases.sh b/tests/cert-tests/pkcs12-corner-cases.sh new file mode 100755 index 0000000..2c6a2d9 --- /dev/null +++ b/tests/cert-tests/pkcs12-corner-cases.sh @@ -0,0 +1,101 @@ +#!/bin/sh + +# Copyright (C) 2004-2006, 2008, 2010, 2012 Free Software Foundation, +# Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +if ! test -z "${VALGRIND}"; then +# VALGRIND=$(echo ${VALGRIND}|cut -d ' ' -f 1) + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=6" +fi + +. "${srcdir}/../scripts/common.sh" + +TMPFILE="pkcs12-corner.$$.tmp" + +# Cases from oss-fuzz + +cpassword='1234' +for p12 in "mem-leak.p12";do + set -- ${p12} + file="$1" + ${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${cpassword}" \ + --infile "${srcdir}/data/${file}" >${TMPFILE} 2>&1 + rc=$? + if test ${rc} != 0 && test ${rc} != 1; then + cat ${TMPFILE} + echo "PKCS12 FATAL ${file}" + exit 1 + fi +done + +# Check corner cases in PKCS#12 decoding. Typically the structures tested fail +# in parsing, but we check against crashes, etc. These test cases were taken +# from Hubert Kario's corpus at: https://github.com/redhat-qe-security/keyfile-corpus + +cpassword='Red Hat Enterprise Linux 7.4' +for p12 in "key-corpus-rc2-1.p12" "key-corpus-rc2-2.p12" "key-corpus-rc2-3.p12";do + set -- ${p12} + file="$1" + ${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${cpassword}" \ + --infile "${srcdir}/data/${file}" >${TMPFILE} 2>&1 + rc=$? + if test ${rc} != 0 && test ${rc} != 1; then + cat ${TMPFILE} + echo "PKCS12 FATAL ${file}" + exit 1 + fi +done + +for p12 in "key-corpus-rc2-1.p12";do + set -- ${p12} + file="$1" + "${CERTTOOL}" --p12-info --inder --password "${cpassword}" \ + --infile "${srcdir}/data/${file}" | tr -d '\r' >${TMPFILE} 2>/dev/null + rc=$? + if test ${rc} != 0 && test ${rc} != 1; then + cat ${TMPFILE} + echo "Error in output from ${file}" + exit 1 + fi + + check_if_equal ${TMPFILE} "${srcdir}/data/${file}.out" + rc=$? + if test ${rc} != 0;then + echo "Output differs in ${file}.out ${TMPFILE}" + exit 1 + fi +done + +rm -f ${TMPFILE} + +exit 0 diff --git a/tests/cert-tests/pkcs12-encode.sh b/tests/cert-tests/pkcs12-encode.sh new file mode 100755 index 0000000..f3e7ade --- /dev/null +++ b/tests/cert-tests/pkcs12-encode.sh @@ -0,0 +1,108 @@ +#!/bin/sh + +# Copyright (C) 2004-2012 Free Software Foundation, Inc. +# Copyright (C) 2017 Red Hat, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + +: ${DIFF=diff -b -B} +DEBUG="" + +TMPFILE=pkcs12.$$.tmp +TMPFILE_PEM=pkcs12.$$.pem.tmp + +# test whether we can encode a certificate, a key and a CA +${VALGRIND} "${CERTTOOL}" --to-p12 --password 123456 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL encoding 2 (--outder)" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 123456 --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL decrypting/decoding 2 (--inder)" + exit 1 +fi + +grep "BEGIN ENCRYPTED PRIVATE KEY" ${TMPFILE_PEM} >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + exit ${rc} +fi + +count=`grep -c "BEGIN CERTIFICATE" ${TMPFILE_PEM}` + +if test "$count" != "2"; then + echo "Only one certificate was included" + exit 1 +fi + +# Check whether we can encode a PKCS#12 file with cert / key and CRL +${VALGRIND} "${CERTTOOL}" --to-p12 --password 123456 --pkcs-cipher aes-128 --p12-name "my-combo-key" --load-crl "${srcdir}/data/crl-demo1.pem" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outraw --outfile $TMPFILE >/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL encoding 3 (--outraw)" + exit 1 +fi + +# Check whether the contents are the expected ones +${VALGRIND} "${CERTTOOL}" --p12-info --inraw --password 123456 --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL decrypting/decoding 3 (--inraw)" + exit 1 +fi + +grep "BEGIN CERTIFICATE" ${TMPFILE_PEM} >/dev/null 2>&1 +if test "$?" != "0"; then + exit ${rc} +fi + +grep "BEGIN CRL" ${TMPFILE_PEM} >/dev/null 2>&1 +if test "$?" != "0"; then + exit ${rc} +fi + +grep "BEGIN ENCRYPTED PRIVATE KEY" ${TMPFILE_PEM} >/dev/null 2>&1 +if test "$?" != "0"; then + exit ${rc} +fi + +rm -f ${TMPFILE_PEM} $TMPFILE + +exit ${ret} diff --git a/tests/cert-tests/pkcs12-gost.sh b/tests/cert-tests/pkcs12-gost.sh new file mode 100755 index 0000000..ab94479 --- /dev/null +++ b/tests/cert-tests/pkcs12-gost.sh @@ -0,0 +1,105 @@ +#!/bin/sh + +# Copyright (C) 2018 Dmitry Eremin-Solenikov +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# This test cannot run under windows because it passes UTF8 data on command +# line. This seems not to work under windows. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + +: ${DIFF=diff} +DEBUG="" + +TMPFILE=pkcs12-gost.$$.tmp +TMPFILE_PEM=pkcs12-gost.$$.tmp.pem + +echo "Testing decoding of known keys" +echo "==============================" + +ret=0 +for p12 in "gost01.p12 Пароль%20длÑ%20PFX" "gost12.p12 Пароль%20длÑ%20PFX" "gost12-2.p12 Пароль%20длÑ%20PFX" ; do + set -- ${p12} + file="$1" + passwd=$(echo $2|sed 's/%20/ /g') + + if test "x$DEBUG" != "x"; then + ${VALGRIND} "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/data/${file}" + else + ${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/data/${file}" >/dev/null + fi + rc=$? + if test ${rc} != 0; then + echo "PKCS12 FATAL ${p12}" + exit 1 + fi +done + + +echo "" +echo "Testing encoding/decoding" +echo "=========================" + +${VALGRIND} "${CERTTOOL}" --pkcs-cipher=gost28147-tc26z --hash streebog-256 --to-p12 --password "Пароль Ð´Ð»Ñ PFX" --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL encoding" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "Пароль Ð´Ð»Ñ PFX" --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL decrypting/decoding" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --pkcs-cipher=gost28147-tc26z --hash streebog-512 --to-p12 --password "Пароль Ð´Ð»Ñ PFX" --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL encoding" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "Пароль Ð´Ð»Ñ PFX" --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL decrypting/decoding" + exit 1 +fi + +rm -f "$TMPFILE" "$TMPFILE_PEM" + +exit 0 diff --git a/tests/cert-tests/pkcs12-utf8.sh b/tests/cert-tests/pkcs12-utf8.sh new file mode 100755 index 0000000..168e7c5 --- /dev/null +++ b/tests/cert-tests/pkcs12-utf8.sh @@ -0,0 +1,88 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# This test cannot run under windows because it passes UTF8 data on command +# line. This seems not to work under windows. It intentionally depends on +# bash as few other shells cannot handle utf8 strings + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + +: ${DIFF=diff} +DEBUG="" + +TMPFILE=pkcs12-utf8.$$.tmp +TMPFILE_PEM=pkcs12-utf8.$$.tmp.pem + +echo "Testing decoding of known keys" +echo "==============================" + +ret=0 +for p12 in "key-utf8-1.p12 ένα-δÏο" "key-utf8-2.p12 ένα_δÏο_Ï„Ïία_τέσσεÏα"; do + set -- ${p12} + file="$1" + passwd="$2" + if test "x$DEBUG" != "x"; then + ${VALGRIND} "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/data/${file}" + else + ${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/data/${file}" >/dev/null + fi + rc=$? + if test ${rc} != 0; then + echo "PKCS12 FATAL ${p12}" + exit 1 + fi +done + + +echo "" +echo "Testing encoding/decoding" +echo "=========================" + +${VALGRIND} "${CERTTOOL}" --pkcs-cipher=aes-256 --to-p12 --password "ένα δÏο tria" --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL encoding" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "ένα δÏο tria" --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL decrypting/decoding" + exit 1 +fi + +rm -f "$TMPFILE" "$TMPFILE_PEM" + +exit 0 diff --git a/tests/cert-tests/pkcs12.sh b/tests/cert-tests/pkcs12.sh new file mode 100755 index 0000000..f89e07a --- /dev/null +++ b/tests/cert-tests/pkcs12.sh @@ -0,0 +1,168 @@ +#!/bin/sh + +# Copyright (C) 2004-2006, 2008, 2010, 2012 Free Software Foundation, +# Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + +: ${DIFF=diff} +DEBUG="" + +. "${srcdir}/../scripts/common.sh" +testdir=`create_testdir pkcs12` + +TMPFILE=$testdir/pkcs12 +TMPFILE_PEM=$testdir/pkcs12.pem + +DEBUG="1" + +for p12 in "aes-128.p12 Red%20Hat%20Enterprise%20Linux%207.4" "pbes1-no-salt.p12 Red%20Hat%20Enterprise%20Linux%207.4" "no-salt.p12 Red%20Hat%20Enterprise%20Linux%207.4" "mac-sha512.p12 Red%20Hat%20Enterprise%20Linux%207.4" "cert-with-crl.p12 password" "client.p12 foobar" "openssl.p12 CaudFocwijRupogDoicsApfiHadManUgNa" "noclient.p12" "unclient.p12" "pkcs12_2certs.p12"; do + set -- ${p12} + file="$1" + passwd=$(echo $2|sed 's/%20/ /g') + + if test "x$DEBUG" != "x"; then + ${VALGRIND} "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/data/${file}" + else + ${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/data/${file}" >/dev/null + fi + rc=$? + if test ${rc} != 0; then + echo "PKCS12 FATAL ${p12}" + exit 1 + fi +done + +file="$srcdir/data/test-null.p12" +${VALGRIND} "${CERTTOOL}" --p12-info --inder --null-password --infile "${file}" >/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL ${file}" + exit 1 +fi + +file="$srcdir/data/sha256.p12" +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 1234 --infile "${file}" >/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL ${file}" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 1234 --infile "$srcdir/data/sha256.p12" --outfile "${TMPFILE}" --no-text +rc=$? + +if test "${rc}" != "0"; then + echo "--no-text pkcs12 info failed 1" + exit ${rc} +fi + +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then + echo "--no-text pkcs12 info failed 2" + exit 1 +fi + +# test whether we can encode a certificate and a key +${VALGRIND} "${CERTTOOL}" --to-p12 --password 1234 --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --outder --outfile $TMPFILE >/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL encoding" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password 1234 --infile $TMPFILE|tr -d '\r' >${TMPFILE_PEM} 2>/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL decrypting/decoding" + exit 1 +fi + +grep "BEGIN ENCRYPTED PRIVATE KEY" ${TMPFILE_PEM} >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + exit ${rc} +fi + +grep "BEGIN CERTIFICATE" ${TMPFILE_PEM} >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + exit ${rc} +fi + +INFO_EXP=$testdir/p12-info.exp +INFO_OUT=$testdir/p12-info.out + +cat >$INFO_EXP < ${INFO_OUT} + +diff ${INFO_EXP} ${INFO_OUT} + +rc=$? + +if test "${rc}" != "0"; then + exit ${rc} +fi + +rm -rf "${testdir}" + +exit 0 diff --git a/tests/cert-tests/pkcs7-broken-sigs.sh b/tests/cert-tests/pkcs7-broken-sigs.sh new file mode 100755 index 0000000..b51d0c5 --- /dev/null +++ b/tests/cert-tests/pkcs7-broken-sigs.sh @@ -0,0 +1,69 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +OUTFILE=out-pkcs7.$$.tmp +OUTFILE2=out2-pkcs7.$$.tmp + +# Test signing with MD5 +FILE="signing" +${VALGRIND} "${CERTTOOL}" --p7-sign --hash md5 --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing with MD5 failed" + exit ${rc} +fi + +FILE="signing-verify" +${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "1"; then + echo "${FILE}: PKCS7 struct signing succeeded verification with MD5" + exit ${rc} +fi + +FILE="signing-verify" +${VALGRIND} "${CERTTOOL}" --p7-verify --verify-allow-broken --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed with MD5 and allow-broken" + exit ${rc} +fi + +rm -f "${OUTFILE}" +rm -f "${OUTFILE2}" + +exit 0 diff --git a/tests/cert-tests/pkcs7-cat.sh b/tests/cert-tests/pkcs7-cat.sh new file mode 100755 index 0000000..1cec37f --- /dev/null +++ b/tests/cert-tests/pkcs7-cat.sh @@ -0,0 +1,51 @@ +#!/bin/sh + +# Copyright (C) 2015 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +OUTFILE=out-pkcs7.$$.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge +datefudge -s "2016-10-1" \ +${VALGRIND} "${CERTTOOL}" --verify-allow-broken --p7-verify --inder --infile "${srcdir}/data/pkcs7-cat.p7" --load-ca-certificate "${srcdir}/data/pkcs7-cat-ca.pem" +rc=$? + +if test "${rc}" != "0"; then + echo "PKCS7 verification failed (1)" + exit 1 +fi + +rm -f "${OUTFILE}" + +exit 0 diff --git a/tests/cert-tests/pkcs7-constraints.sh b/tests/cert-tests/pkcs7-constraints.sh new file mode 100755 index 0000000..150c103 --- /dev/null +++ b/tests/cert-tests/pkcs7-constraints.sh @@ -0,0 +1,114 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +OUTFILE=out-pkcs7.$$.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + + +FILE="signing" +echo "test: $FILE" +${VALGRIND} "${CERTTOOL}" --p7-sign --p7-include-cert --load-privkey "${srcdir}/data/code-signing-cert.pem" --load-certificate "${srcdir}/data/code-signing-cert.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed" + exit ${rc} +fi + +FILE="signing-verify-no-purpose" +echo "" +echo "test: $FILE" +datefudge -s "2015-1-10" \ +${VALGRIND} "${CERTTOOL}" --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification (0)" + exit ${rc} +fi + +FILE="signing-verify-valid-purpose" +echo "" +echo "test: $FILE" +datefudge -s "2015-1-10" \ +${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification (1)" + exit ${rc} +fi + +FILE="signing-verify-invalid-purpose" +echo "" +echo "test: $FILE" +datefudge -s "2015-1-10" \ +${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.1 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "${FILE}: PKCS7 struct signing failed verification (2)" + exit 1 +fi + +FILE="signing-verify-invalid-date-1" +echo "" +echo "test: $FILE" +datefudge -s "2011-1-10" \ +${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "${FILE}: PKCS7 struct signing failed verification (3)" + exit 1 +fi + +FILE="signing-verify-invalid-date-2" +echo "" +echo "test: $FILE" +datefudge -s "2018-1-10" \ +${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "${FILE}: PKCS7 struct signing failed verification (4)" + exit 1 +fi + +rm -f "${OUTFILE}" + +exit 0 diff --git a/tests/cert-tests/pkcs7-constraints2.sh b/tests/cert-tests/pkcs7-constraints2.sh new file mode 100755 index 0000000..94f89a5 --- /dev/null +++ b/tests/cert-tests/pkcs7-constraints2.sh @@ -0,0 +1,114 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +OUTFILE=out-pkcs7.$$.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + + +FILE="signing" +echo "test: $FILE" +${VALGRIND} "${CERTTOOL}" --p7-sign --p7-include-cert --load-privkey "${srcdir}/data/code-signing-cert.pem" --load-certificate "${srcdir}/data/code-signing-cert.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed" + exit ${rc} +fi + +FILE="signing-verify-no-purpose" +echo "" +echo "test: $FILE" +datefudge -s "2015-1-10" \ +${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification (0)" + exit ${rc} +fi + +FILE="signing-verify-valid-purpose" +echo "" +echo "test: $FILE" +datefudge -s "2015-1-10" \ +${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification (1)" + exit ${rc} +fi + +FILE="signing-verify-invalid-purpose" +echo "" +echo "test: $FILE" +datefudge -s "2015-1-10" \ +${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.1 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "${FILE}: PKCS7 struct signing failed verification (2)" + exit 1 +fi + +FILE="signing-verify-invalid-date-1" +echo "" +echo "test: $FILE" +datefudge -s "2011-1-10" \ +${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "${FILE}: PKCS7 struct signing failed verification (3)" + exit 1 +fi + +FILE="signing-verify-invalid-date-2" +echo "" +echo "test: $FILE" +datefudge -s "2018-1-10" \ +${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "${FILE}: PKCS7 struct signing failed verification (4)" + exit 1 +fi + +rm -f "${OUTFILE}" + +exit 0 diff --git a/tests/cert-tests/pkcs7-eddsa.sh b/tests/cert-tests/pkcs7-eddsa.sh new file mode 100755 index 0000000..4017970 --- /dev/null +++ b/tests/cert-tests/pkcs7-eddsa.sh @@ -0,0 +1,124 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +OUTFILE=out-pkcs7.$$.tmp +OUTFILE2=out2-pkcs7.$$.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +KEY="${srcdir}/../certs/ed25519.pem" +CERT="${srcdir}/../certs/cert-ed25519.pem" + +# Test verification of saved file +FILE="${srcdir}/data/pkcs7-eddsa-sig.p7s" +${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-certificate "${CERT}" --infile "${FILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct verification failed" + exit ${rc} +fi + +# Test signing +FILE="signing" +${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey "${KEY}" --load-certificate "${CERT}" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed" + exit ${rc} +fi + +FILE="signing-verify" +${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${CERT}" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification" + exit ${rc} +fi + +#check extraction of embedded data in signature +FILE="signing-verify-data" +${VALGRIND} "${CERTTOOL}" --p7-verify --p7-show-data --load-certificate "${CERT}" --outfile "${OUTFILE2}" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification with data" + exit ${rc} +fi + +cmp "${OUTFILE2}" "${srcdir}/data/pkcs7-detached.txt" +rc=$? +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 data detaching failed" + exit ${rc} +fi + +FILE="signing-time" +${VALGRIND} "${CERTTOOL}" --p7-detached-sign --p7-time --load-privkey "${KEY}" --load-certificate "${CERT}" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing with time failed" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" --p7-info --infile "${OUTFILE}" >"${OUTFILE2}" +grep 'contentType: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1 +if test $? != 0;then + echo "Content-Type was not set in attributes" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --p7-info <"${OUTFILE}"|grep "Signing time:" "${OUTFILE}" >/dev/null 2>&1 +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing with time failed. No time was found." + exit ${rc} +fi + +FILE="signing-time-verify" +${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${CERT}" --load-data "${srcdir}/data/pkcs7-detached.txt" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing with time failed verification" + exit ${rc} +fi + +rm -f "${OUTFILE}" +rm -f "${OUTFILE2}" + +exit 0 diff --git a/tests/cert-tests/pkcs7-list-sign.sh b/tests/cert-tests/pkcs7-list-sign.sh new file mode 100755 index 0000000..2cf168b --- /dev/null +++ b/tests/cert-tests/pkcs7-list-sign.sh @@ -0,0 +1,81 @@ +#!/bin/sh + +# Copyright (C) 2017 Karl Tarbe +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +OUTFILE=out-pkcs7.$$.tmp +OUTFILE2=out2-pkcs7.$$.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge +# Test signing +FILE="signing-with-cert-list" +${VALGRIND} "${CERTTOOL}" --p7-sign --load-certificate "${srcdir}/data/pkcs7-chain.pem" --load-privkey "${srcdir}/data/pkcs7-chain-endcert-key.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed" + exit ${rc} +fi + +#test chain verification +FILE="signing-verify" +${VALGRIND} "${CERTTOOL}" --p7-verify --load-ca-certificate "${srcdir}/data/pkcs7-chain-root.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification" + exit ${rc} +fi + +#check extraction of embedded data in signature +FILE="signing-cert-list-verify-data" +${VALGRIND} "${CERTTOOL}" --p7-verify --p7-show-data --load-ca-certificate "${srcdir}/data/pkcs7-chain-root.pem" --outfile "${OUTFILE2}" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification with data" + exit ${rc} +fi + +cmp "${OUTFILE2}" "${srcdir}/data/pkcs7-detached.txt" +rc=$? +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 data detaching failed" + exit ${rc} +fi + +rm -f "${OUTFILE}" +rm -f "${OUTFILE2}" + +exit 0 diff --git a/tests/cert-tests/pkcs7.sh b/tests/cert-tests/pkcs7.sh new file mode 100755 index 0000000..709ee5c --- /dev/null +++ b/tests/cert-tests/pkcs7.sh @@ -0,0 +1,352 @@ +#!/bin/sh + +# Copyright (C) 2015 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +OUTFILE=out-pkcs7.$$.tmp +OUTFILE2=out2-pkcs7.$$.tmp +TMPFILE=tmp-pkcs7.$$.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != "1" +then + GOST_P7B="rfc4490.p7b" +else + GOST_P7B="" +fi + +for FILE in single-ca.p7b full.p7b openssl.p7b openssl-keyid.p7b $GOST_P7B; do +${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/data/${FILE}"|grep -v "Signing time" >"${OUTFILE}" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 decoding failed" + exit ${rc} +fi + +${DIFF} "${OUTFILE}" "${srcdir}/data/${FILE}.out" >/dev/null +if test "$?" != "0"; then + echo "${FILE}: PKCS7 decoding didn't produce the correct file" + exit 1 +fi +done + +${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/data/full.p7b" --outfile "${TMPFILE}" --no-text +rc=$? + +if test "${rc}" != "0"; then + echo "--no-text pkcs7 info failed 1" + exit ${rc} +fi + +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then + echo "--no-text pkcs7 info failed 2" + exit 1 +fi + +# check signatures + +for FILE in full.p7b openssl.p7b openssl-keyid.p7b; do +# check validation with date prior to CA issuance +datefudge -s "2011-1-10" \ +${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "${FILE}: PKCS7 verification succeeded with invalid date (1)" + exit 1 +fi + +# check validation with date prior to intermediate cert issuance +datefudge -s "2011-5-28 08:38:00 UTC" \ +${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "${FILE}: PKCS7 verification succeeded with invalid date (2)" + exit 1 +fi + +# check validation with date after intermediate cert issuance +datefudge -s "2038-10-13" \ +${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "${FILE}: PKCS7 verification succeeded with invalid date (3)" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 verification failed" + exit ${rc} +fi +done + + +#check key purpose verification +for FILE in full.p7b; do + +${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.1 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 verification failed with key purpose" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" --verify-purpose=1.3.6.1.5.5.7.3.3 --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "${FILE}: PKCS7 verification succeeded with wrong key purpose" + exit 2 +fi + +done + +# check signature with detached data + +FILE="detached.p7b" +${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "${FILE}: PKCS7 verification succeeded without providing detached data" + exit 2 +fi + +${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-data "${srcdir}/data/pkcs7-detached.txt" --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 verification failed" + exit ${rc} +fi + +# Test cert combination + +FILE="p7-combined" + +rm -f "${OUTFILE2}" +for i in cert-ecc256.pem cert-ecc521.pem cert-ecc384.pem cert-ecc.pem cert-rsa-2432.pem;do + cat "${srcdir}/../certs"/$i >>"${OUTFILE2}" +done +${VALGRIND} "${CERTTOOL}" --p7-generate --load-certificate "${OUTFILE2}" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct generation failed" + exit ${rc} +fi + +${DIFF} "${OUTFILE}" "${srcdir}/data/p7-combined.out" >/dev/null +if test "$?" != "0"; then + echo "${FILE}: PKCS7 generation didn't produce the correct file" + exit 1 +fi + +# Test signing +FILE="signing" +${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed" + exit ${rc} +fi + +FILE="signing-verify" +${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification" + exit ${rc} +fi + +#check extraction of embedded data in signature +FILE="signing-verify-data" +${VALGRIND} "${CERTTOOL}" --p7-verify --p7-show-data --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --outfile "${OUTFILE2}" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification with data" + exit ${rc} +fi + +cmp "${OUTFILE2}" "${srcdir}/data/pkcs7-detached.txt" +rc=$? +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 data detaching failed" + exit ${rc} +fi + +FILE="signing-detached" +${VALGRIND} "${CERTTOOL}" --p7-detached-sign --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing-detached failed" + exit ${rc} +fi + +FILE="signing-detached-verify" +${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --load-data "${srcdir}/data/pkcs7-detached.txt" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing-detached failed verification" + exit ${rc} +fi + +# Test signing with broken algorithms +FILE="signing-broken" +${VALGRIND} "${CERTTOOL}" --hash md5 --p7-sign --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing-broken failed" + exit ${rc} +fi + +FILE="signing-verify-broken" +${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" = "0"; then + echo "${FILE}: PKCS7 struct verification succeeded with broken algo" + exit 1 +fi + +FILE="signing-time" +${VALGRIND} "${CERTTOOL}" --p7-detached-sign --p7-time --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing with time failed" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" --p7-info --infile "${OUTFILE}" >"${OUTFILE2}" +grep 'contentType: 06092a864886f70d010701' ${OUTFILE2} >/dev/null 2>&1 +if test $? != 0;then + echo "Content-Type was not set in attributes" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --p7-info <"${OUTFILE}"|grep "Signing time:" "${OUTFILE}" >/dev/null 2>&1 +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing with time failed. No time was found." + exit ${rc} +fi + +FILE="signing-time-verify" +${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" --load-data "${srcdir}/data/pkcs7-detached.txt" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing with time failed verification" + exit ${rc} +fi + +FILE="rsa-pss-signing" +${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey "${srcdir}/../../doc/credentials/x509/key-rsa-pss.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa-pss.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed" + exit ${rc} +fi + +FILE="rsa-pss-signing-verify" +${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa-pss.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification" + exit ${rc} +fi + +# Test BER encoding, see RFC 4134 Section 4.5 +# SHA1 signature, so --verify-allow-broken +FILE="rfc4134-4.5" +${VALGRIND} "${CERTTOOL}" --p7-verify --verify-allow-broken --load-ca-certificate "${srcdir}/data/rfc4134-ca-rsa.pem" --infile "${srcdir}/data/rfc4134-4.5.p7b" --inder +rc=$? + +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 BER parsing/decoding failed" + exit ${rc} +fi + +if test "x$ENABLE_GOST" = "x1" && test "x${GNUTLS_FORCE_FIPS_MODE}" != "x1" +then + FILE="gost01-signing" + ${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey "${srcdir}/../../doc/credentials/x509/key-gost01.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" + rc=$? + + if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed" + exit ${rc} + fi + + FILE="gost01-signing-verify" + ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" <"${OUTFILE}" + rc=$? + + if test "${rc}" != "1"; then + echo "${FILE}: PKCS7 struct signing succeeded verification with broken algo" + exit ${rc} + fi + + FILE="gost01-signing-verify" + ${VALGRIND} "${CERTTOOL}" --p7-verify --verify-allow-broken --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" <"${OUTFILE}" + rc=$? + + if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification" + exit ${rc} + fi +fi + +rm -f "${OUTFILE}" +rm -f "${OUTFILE2}" +rm -f "${TMPFILE}" + +exit 0 diff --git a/tests/cert-tests/pkcs8-decode.sh b/tests/cert-tests/pkcs8-decode.sh new file mode 100755 index 0000000..27c84bf --- /dev/null +++ b/tests/cert-tests/pkcs8-decode.sh @@ -0,0 +1,80 @@ +#!/bin/sh + +# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +TMPFILE=pkcs8-decode.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +ret=0 +for p8 in "pkcs8-pbes1-des-md5.pem password" "encpkcs8.pem foobar" "unencpkcs8.pem" "enc2pkcs8.pem baz" "pkcs8-pbes2-sha256.pem password"; do + set -- ${p8} + file="$1" + passwd="$2" + ${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "${passwd}" \ + --infile "${srcdir}/data/${file}" + rc=$? + if test ${rc} != 0; then + echo "PKCS8 FATAL ${p8}" + ret=1 + else + echo "PKCS8 OK ${p8}" + fi +done + +for p8 in "openssl-aes128.p8" "openssl-aes256.p8" "openssl-3des.p8"; do + set -- ${p8} + file="$1" + passwd="$2" + ${VALGRIND} "${CERTTOOL}" --p8-info --password "1234" \ + --infile "${srcdir}/data/${file}" --outfile $TMPFILE + rc=$? + if test ${rc} != 0; then + echo "PKCS8 FATAL ${p8}" + ret=1 + fi + + ${DIFF} "${srcdir}/data/${p8}.txt" $TMPFILE + rc=$? + if test ${rc} != 0; then + cat $TMPFILE + echo "PKCS8 FATAL TXT ${p8}" + ret=1 + fi +done +rm -f $TMPFILE + +echo "PKCS8 DONE (rc $ret)" +exit $ret diff --git a/tests/cert-tests/pkcs8-eddsa.sh b/tests/cert-tests/pkcs8-eddsa.sh new file mode 100755 index 0000000..2d33ebf --- /dev/null +++ b/tests/cert-tests/pkcs8-eddsa.sh @@ -0,0 +1,64 @@ +#!/bin/sh + +# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +TMPFILE=pkcs8-eddsa.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +for p8 in "pkcs8-eddsa.pem"; do + set -- ${p8} + file="$1" + ${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "" \ + --infile "${srcdir}/data/${file}" --outfile $TMPFILE + rc=$? + if test ${rc} != 0; then + echo "PKCS8 FATAL ${p8}" + exit 1 + fi + + echo "" + ${DIFF} -u "${srcdir}/data/${p8}.txt" $TMPFILE + rc=$? + if test ${rc} != 0; then + cat $TMPFILE + echo "PKCS8 FATAL TXT ${p8}" + exit 1 + fi +done +rm -f $TMPFILE + +echo "PKCS8 DONE" +exit 0 diff --git a/tests/cert-tests/pkcs8-gost.sh b/tests/cert-tests/pkcs8-gost.sh new file mode 100755 index 0000000..6527d9d --- /dev/null +++ b/tests/cert-tests/pkcs8-gost.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +# Copyright (C) 2018 Dmitry Eremin-Solenikov +# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +TMPFILE=pkcs8-gost-decode.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +ret=0 +# key-gost12-512.p8 is not supported for now: it uses curve TC26-512-B +for p8 in "key-gost01.p8" "key-gost12-256.p8" "key-gost01-2.p8" "key-gost12-256-2.p8" "key-gost01-2-enc.p8 Пароль%20длÑ%20PFX" "key-gost12-256-2-enc.p8 Пароль%20длÑ%20PFX"; do + set -- ${p8} + file="$1" + passwd=$(echo $2|sed 's/%20/ /g') + ${VALGRIND} "${CERTTOOL}" --key-info --pkcs8 --password "${passwd}" \ + --infile "${srcdir}/data/${file}" --outfile $TMPFILE \ + --pkcs-cipher none + rc=$? + if test ${rc} != 0; then + echo "PKCS8 FATAL ${p8}" + ret=1 + continue + fi + + ${DIFF} "${srcdir}/data/${1}.txt" $TMPFILE + rc=$? + if test ${rc} != 0; then + cat $TMPFILE + echo "PKCS8 FATAL TXT ${p8}" + ret=1 + else + echo "PKCS8 OK ${p8}" + fi +done + +rm -f $TMPFILE + +echo "PKCS8 DONE (rc $ret)" +exit $ret diff --git a/tests/cert-tests/pkcs8-invalid.sh b/tests/cert-tests/pkcs8-invalid.sh new file mode 100755 index 0000000..edf19bb --- /dev/null +++ b/tests/cert-tests/pkcs8-invalid.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +# Copyright (C) 2004-2006, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +TMPFILE=pkcs8-invalid.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +ret=0 +for p8 in "pkcs8-invalid1.der 1234" "pkcs8-invalid2.der 1234" "pkcs8-invalid3.der 1234" "pkcs8-invalid4.der 1234" \ + "pkcs8-invalid5.der 1234" "pkcs8-invalid6.der 1234" "pkcs8-invalid7.der 1234" "pkcs8-invalid8.der password" \ + "pkcs8-invalid9.der password" "pkcs8-invalid10.der password";do + set -- ${p8} + file="$1" + passwd="$2" + ${VALGRIND} "${CERTTOOL}" --inder --key-info --pkcs8 --password "${passwd}" \ + --infile "${srcdir}/data/${file}" + rc=$? + if test ${rc} != 1; then + echo "PKCS8 FATAL ${p8} - errno ${rc}" + exit 1 + else + echo "PKCS8 OK ${p8} - errno ${rc}" + fi +done + +rm -f $TMPFILE + +echo "PKCS8 DONE (rc $ret)" +exit $ret diff --git a/tests/cert-tests/pkcs8.sh b/tests/cert-tests/pkcs8.sh new file mode 100755 index 0000000..8bad701 --- /dev/null +++ b/tests/cert-tests/pkcs8.sh @@ -0,0 +1,152 @@ +#!/bin/sh + +# Copyright (C) 2014 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${GREP=grep} + +TMPFILE=tmp-key-ca.$$.p8 + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + +# check keys with password +${VALGRIND} "${CERTTOOL}" --to-p8 --load-privkey "${srcdir}/data/key-ca.pem" --password "1234" \ + --outfile $TMPFILE 2>/dev/null + +${GREP} "BEGIN ENCRYPTED PRIVATE KEY" $TMPFILE >/dev/null 2>&1 +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in converting key to PKCS #8 with password" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ca.pem" --password "1234" >/dev/null 2>&1 +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in reading PKCS #8 key with password" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ca-1234.p8" --password "1234" >/dev/null 2>&1 +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in reading saved PKCS #8 key with password" + exit ${rc} +fi + +#keys encrypted with empty password +${VALGRIND} "${CERTTOOL}" --to-p8 --load-privkey "${srcdir}/data/key-ca.pem" --password "" \ + --outfile $TMPFILE 2>/dev/null + +${GREP} "BEGIN PRIVATE KEY" $TMPFILE >/dev/null 2>&1 +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in converting key to PKCS #8 with empty password" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ca.pem" --password "" >/dev/null 2>&1 +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in reading PKCS #8 key with empty password" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ca-empty.p8" --password "" >/dev/null 2>&1 +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in reading saved PKCS #8 key with empty password" + exit ${rc} +fi + +#keys encrypted with null password +${VALGRIND} "${CERTTOOL}" --to-p8 --load-privkey "${srcdir}/data/key-ca.pem" --null-password \ + --outfile $TMPFILE 2>/dev/null + +${GREP} "BEGIN ENCRYPTED PRIVATE KEY" $TMPFILE >/dev/null 2>&1 +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in converting key to PKCS #8 with null password" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ca.pem" --null-password >/dev/null 2>&1 +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in reading PKCS #8 key with null password" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ca-null.p8" --null-password >/dev/null 2>&1 +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in reading saved PKCS #8 key with null password" + exit ${rc} +fi + +# Tests for PKCS #8 ECC keys + +${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/key-ecc.pem" >/dev/null 2>&1 +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in reading saved ECC key" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/key-ecc.p8" >/dev/null 2>&1 +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in reading saved PKCS #8 ECC key" + exit ${rc} +fi + +${VALGRIND} "${CERTTOOL}" -k --pkcs8 --infile "${srcdir}/data/openssl-key-ecc.p8" >/dev/null 2>&1 +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in reading saved openssl PKCS #8 ECC key" + exit ${rc} +fi + +rm -f $TMPFILE + +exit 0 diff --git a/tests/cert-tests/privkey-import.sh b/tests/cert-tests/privkey-import.sh new file mode 100755 index 0000000..575ca58 --- /dev/null +++ b/tests/cert-tests/privkey-import.sh @@ -0,0 +1,62 @@ +#!/bin/sh + +# Copyright (C) 2015 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +TMPFILE=tmp-$$.privkey.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +for i in privkey1.pem privkey2.pem privkey3.pem;do +#check whether "funny" spaces can be interpreted +${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/${i}" +rc=$? + +if test "${rc}" != "0";then + echo "Error importing private key ${i}" + exit 1 +fi +done + +${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/privkey1.pem" --no-text --outfile ${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "--no-text privkey info failed 1" + exit ${rc} +fi + +if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=]\+$' | grep -v '^-----END [A-Z0-9 ]\+-----$' ; then + echo "--no-text privkey info failed 2" + exit 1 +fi + +rm -f ${TMPFILE} + +exit 0 diff --git a/tests/cert-tests/provable-dh-default.sh b/tests/cert-tests/provable-dh-default.sh new file mode 100755 index 0000000..f6fa889 --- /dev/null +++ b/tests/cert-tests/provable-dh-default.sh @@ -0,0 +1,55 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +OUTFILE=provable-dh$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +#DH parameters - no seed +${VALGRIND} "${CERTTOOL}" --generate-dh-params --provable --outfile "$OUTFILE" +rc=$? + +if test "${rc}" != "0"; then + echo "test2: Could not generate DH parameters" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" +rc=$? + +if test "${rc}" != "0"; then + echo "test2: Could not verify the generated parameters" + exit 1 +fi + +rm -f "$OUTFILE" + +exit 0 diff --git a/tests/cert-tests/provable-dh.sh b/tests/cert-tests/provable-dh.sh new file mode 100755 index 0000000..50d51ce --- /dev/null +++ b/tests/cert-tests/provable-dh.sh @@ -0,0 +1,72 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +OUTFILE=provable-dh$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +if test "${FIPS140}" = 1;then +SEED="30EC334F97DBC0BA9C8652A7B5D3F7B2DBBB48A4842E190D210E01DABD535981503755EE96A270A598E9D91B2254669169EBDF4599D9F72ACA" +DSAFILE=provable-dsa2048-fips.pem +else +SEED="5A0EA041779B0AB765BE2509C4DE90E5A0E7DAADAE6E49D35938F91333A8E1FE509DD2DFE1967CD0045428103497D00388C8CE36290FE9379F8003CBF8FDA4DA27" +DSAFILE=provable-dsa2048.pem +fi + +#DH parameters +${VALGRIND} "${CERTTOOL}" --generate-dh-params --provable --bits 2048 --seed "$SEED" --outfile "$OUTFILE" +rc=$? + +if test "${rc}" != "0"; then + echo "test1: Could not generate a 2048-bit DSA key" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" & +PID1=$! + +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" --seed "$SEED" & +PID2=$! + +wait $PID1 +rc1=$? + +wait $PID2 +rc2=$? + +if test "${rc1}" != "0" || test "${rc2}" != "0"; then + echo "test1: Could not verify the generated parameters" + exit 1 +fi + +rm -f "$OUTFILE" + +exit 0 diff --git a/tests/cert-tests/provable-privkey-dsa2048.sh b/tests/cert-tests/provable-privkey-dsa2048.sh new file mode 100755 index 0000000..f7eee5d --- /dev/null +++ b/tests/cert-tests/provable-privkey-dsa2048.sh @@ -0,0 +1,63 @@ +#!/bin/sh + +# Copyright (C) 2014 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +OUTFILE=provable-privkey.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +${VALGRIND} "${CERTTOOL}" --generate-privkey --provable --bits 2048 --dsa --seed "$SEED" --outfile "$OUTFILE" +rc=$? + +if test "${rc}" != "0"; then + echo "Could not generate a 2048-bit DSA key" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" & +PID1=$! + +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" --seed "$SEED" & +PID2=$! + +wait $PID1 +rc1=$? + +wait $PID2 +rc2=$? + +if test "${rc1}" != "0" || test "${rc2}" != "0"; then + echo "Could not verify the generated parameters" + exit 1 +fi + +rm -f "$OUTFILE" + +exit 0 diff --git a/tests/cert-tests/provable-privkey-gen-default.sh b/tests/cert-tests/provable-privkey-gen-default.sh new file mode 100755 index 0000000..6517a24 --- /dev/null +++ b/tests/cert-tests/provable-privkey-gen-default.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# Copyright (C) 2014 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +OUTFILE=provable-privkey$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +${VALGRIND} "${CERTTOOL}" --generate-privkey --provable --seed "A3:54:5C:B3:1D:70:56:1C:A0:BD:2C:C8:78:C1:9C:56:CD:69:75:50:0C:3A:FD:BF:E8:96:83:FA:52:BC:98:C5" --outfile $OUTFILE +rc=$? + +if test "${rc}" != "0"; then + echo "Could not generate a default key" + exit 1 +fi + +rm -f "$OUTFILE" + +exit 0 diff --git a/tests/cert-tests/provable-privkey-rsa2048.sh b/tests/cert-tests/provable-privkey-rsa2048.sh new file mode 100755 index 0000000..7f6b409 --- /dev/null +++ b/tests/cert-tests/provable-privkey-rsa2048.sh @@ -0,0 +1,63 @@ +#!/bin/sh + +# Copyright (C) 2014 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +OUTFILE=provable-privkey$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +${VALGRIND} "${CERTTOOL}" --generate-privkey --provable --bits 2048 --seed "AF:BF:D6:96:BA:5D:05:E3:78:A9:4B:BF:E2:95:BA:F9:94:AC:B8:7F:BC:C8:ED:FF:7A:48:EE:4F" --outfile $OUTFILE +rc=$? + +if test "${rc}" != "0"; then + echo "Could not generate a 2048-bit key" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" & +PID1=$! + +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "$OUTFILE" --seed "AF:BF:D6:96:BA:5D:05:E3:78:A9:4B:BF:E2:95:BA:F9:94:AC:B8:7F:BC:C8:ED:FF:7A:48:EE:4F" & +PID2=$! + +wait $PID1 +rc1=$? + +wait $PID2 +rc2=$? + +if test "${rc1}" != "0" || test "${rc2}" != "0"; then + echo "test1: Could not verify the generated parameters" + exit 1 +fi + +rm -f "$OUTFILE" + +exit 0 diff --git a/tests/cert-tests/provable-privkey.sh b/tests/cert-tests/provable-privkey.sh new file mode 100755 index 0000000..0049c6d --- /dev/null +++ b/tests/cert-tests/provable-privkey.sh @@ -0,0 +1,133 @@ +#!/bin/sh + +# Copyright (C) 2014 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +OUTFILE=provable-privkey$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +#RSA keys +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "${srcdir}/data/provable2048.pem" & +PID1=$! + + +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "${srcdir}/data/provable3072.pem" & +PID2=$! + + +if test "${FIPS140}" = 1;then +SEED="30:EC:33:4F:97:DB:C0:BA:9C:86:52:A7:B5:D3:F7:B2:DB:BB:48:A4:84:2E:19:0D:21:0E:01:DA:BD:53:59:81:50:37:55:EE:96:A2:70:A5:98:E9:D9:1B:22:54:66:91:69:EB:DF:45:99:D9:F7:2A:CA" +DSAFILE=provable-dsa2048-fips.pem +else +SEED="84:31:21:BD:89:53:5E:E8:69:46:D5:8D:24:6D:47:A5:8D:15:76:A8:35:1B:42:23:E1:CF:F3:69:A1:26:6D:2B:24:B0:72:9D:7C:A5:67:87:FD:E2:E3:DE:19:B9:F2:E7:21:AC:69:8A:29:61:77:32:E7:75:6F:5A:E4:58:0B:E1:79" +DSAFILE=provable-dsa2048.pem +fi + +#DSA keys +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --load-privkey "${srcdir}/data/${DSAFILE}" & +PID3=$! + +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --seed "${SEED}" --load-privkey "${srcdir}/data/${DSAFILE}" & +PID4=$! + +wait $PID1 +rc1=$? + +wait $PID2 +rc2=$? + +wait $PID3 +rc3=$? + +wait $PID4 +rc4=$? + +if test "${rc1}" != "0"; then + echo "Could not verify the 2048-bit key" + exit 1 +fi + +if test "${rc2}" != "0"; then + echo "Could not verify the 3072-bit key" + exit 1 +fi + +if test "${rc3}" != "0"; then + echo "Could not verify the 2048-bit DSA key" + exit 1 +fi + +if test "${rc4}" != "0"; then + echo "Could not verify the 2048-bit DSA key with explicit seed" + exit 1 +fi + +# +# Negative tests, verify using an incorrect seed +# + +ARB_SEED="31:EC:34:4F:97:DB:C0:BA:9C:86:52:A7:B5:D3:F7:B2:DB:BB:48:A4:84:2E:19:0D:21:0E:01:DA:BD:53:59:81:50:37:55:EE:96:A2:70:A5:98:E9:D9:1B:22:54:66:91:69:EB:DF:45:99:D9:F7:2A:CA" + +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --seed "${ARB_SEED}" --load-privkey "${srcdir}/data/provable2048.pem" & +PID1=$! + +${VALGRIND} "${CERTTOOL}" --verify-provable-privkey --seed "${ARB_SEED}" --load-privkey "${srcdir}/data/${DSAFILE}" & +PID2=$! + +wait $PID1 +rc1=$? + +wait $PID2 +rc2=$? + +if test "${rc1}" = "0"; then + echo "Incorrectly verified an RSA key with wrong seed" + exit 1 +fi + +if test "${rc2}" = "0"; then + echo "Incorrectly verified a DSA key with wrong seed" + exit 1 +fi + +# +# Try whether re-importing a key loses the parameters +# + +"${CERTTOOL}" -k --infile "${srcdir}/data/provable2048.pem"|"${CERTTOOL}" -k|"${CERTTOOL}" -k >${OUTFILE} +grep "Hash: SHA384" ${OUTFILE} && grep "Seed: ab499ea55a5f4cb743434e49ca1ee3a491544309c6f59ab2cd5507de" ${OUTFILE} +if test $? != 0;then + echo "Could not find validation parameters after re-importing" + exit 1 +fi + +rm -f "$OUTFILE" + +exit 0 diff --git a/tests/cert-tests/reject-invalid-time.sh b/tests/cert-tests/reject-invalid-time.sh new file mode 100755 index 0000000..27b3f3c --- /dev/null +++ b/tests/cert-tests/reject-invalid-time.sh @@ -0,0 +1,50 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${PKG_CONFIG=pkg-config} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +${PKG_CONFIG} --version >/dev/null || exit 77 + +${PKG_CONFIG} --atleast-version=4.12 libtasn1 || exit 77 + +# Check whether certificates with invalid time fields are accepted +for file in openssl-invalid-time-format.pem;do + ${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/$file" + rc=$? + + if test "${rc}" = "0";then + echo "file $file was accepted" + exit 1 + fi +done + +exit 0 diff --git a/tests/cert-tests/rsa-pss-pad.sh b/tests/cert-tests/rsa-pss-pad.sh new file mode 100755 index 0000000..76b5a50 --- /dev/null +++ b/tests/cert-tests/rsa-pss-pad.sh @@ -0,0 +1,74 @@ +#!/bin/sh + +# Copyright (C) 2006-2012 Free Software Foundation, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +TMPFILE=pss.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +# Note that in rare cases this test may fail because the +# time set using datefudge could have changed since the generation +# (if example the system was busy) + +# Test PSS signatures on certificate + +for i in sha256 sha384 sha512;do +datefudge -s "2007-04-22" \ +"${CERTTOOL}" --generate-self-signed --key-type rsa-pss \ + --load-privkey "${srcdir}/data/privkey1.pem" \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile "${TMPFILE}" --hash $i +rc=$? + +if test -f "${srcdir}/data/template-rsa-$i.pem";then +${DIFF} "${srcdir}/data/template-rsa-$i.pem" "${TMPFILE}" >/dev/null 2>&1 +rc=$? +fi + +# We're done. +if test "${rc}" != "0"; then + echo "Test (RSA-PSS-$i) failed" + exit ${rc} +fi + +datefudge -s "2007-04-25" \ + "${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test (verification of RSA-PSS-$i) failed" + exit ${rc} +fi +done + +rm -f "${TMPFILE}" + +exit 0 diff --git a/tests/cert-tests/sha2-dsa-test.sh b/tests/cert-tests/sha2-dsa-test.sh new file mode 100755 index 0000000..f24195c --- /dev/null +++ b/tests/cert-tests/sha2-dsa-test.sh @@ -0,0 +1,89 @@ +#!/bin/sh + +# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +TEMPLFILE=template-dsa.$$.tmp +CAFILE=ca-dsa.$$.tmp +SUBCAFILE=subca-dsa.$$.tmp +TMPFILE=sha2-dsa.$$.tmp +USERFILE=user-dsa.$$.tmp +VERIFYFILE=verify-dsa.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +echo ca > $TEMPLFILE +echo "cn = SHA 256 CA" >> $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-self-signed --template $TEMPLFILE \ + --load-privkey "${srcdir}/data/key-ca-dsa.pem" \ + --outfile $CAFILE \ + --hash sha256 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo ca > $TEMPLFILE +echo "cn = SHA 224 Mid CA" >> $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ + --load-ca-privkey "${srcdir}/data/key-ca-dsa.pem" \ + --load-ca-certificate $CAFILE \ + --load-privkey "${srcdir}/data/key-subca-dsa.pem" \ + --outfile $SUBCAFILE \ + --hash sha224 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo "cn = End-user" > $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ + --load-ca-privkey "${srcdir}/data/key-subca-dsa.pem" \ + --load-ca-certificate $SUBCAFILE \ + --load-privkey "${srcdir}/data/key-dsa.pem" \ + --outfile $USERFILE >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +cat $USERFILE $SUBCAFILE $CAFILE > $TMPFILE +"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYFILE + +if [ $? != 0 ]; then + cat $VERIFYFILE + exit 1 +fi + +rm -f $VERIFYFILE $USERFILE $CAFILE $SUBCAFILE $TEMPLFILE $TMPFILE + +exit 0 diff --git a/tests/cert-tests/sha2-test.sh b/tests/cert-tests/sha2-test.sh new file mode 100755 index 0000000..0c5ebd4 --- /dev/null +++ b/tests/cert-tests/sha2-test.sh @@ -0,0 +1,105 @@ +#!/bin/sh + +# Copyright (C) 2006-2008, 2010, 2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +TEMPLFILE=template.$$.tmp +CAFILE=ca.$$.tmp +SUBCAFILE=subca.$$.tmp +SUBSUBCAFILE=subsubca.$$.tmp +TMPFILE=sha2.$$.tmp +USERFILE=user.$$.tmp +VERIFYFILE=verify.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +echo ca > $TEMPLFILE +echo "cn = SHA 512 CA" >> $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-self-signed --template $TEMPLFILE \ + --load-privkey "${srcdir}/data/key-ca.pem" \ + --outfile $CAFILE \ + --hash sha512 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo ca > $TEMPLFILE +echo "cn = SHA 384 sub-CA" >> $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ + --load-ca-privkey "${srcdir}/data/key-ca.pem" \ + --load-ca-certificate $CAFILE \ + --load-privkey "${srcdir}/data/key-subca.pem" \ + --outfile $SUBCAFILE \ + --hash sha384 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo ca > $TEMPLFILE +echo "cn = SHA 256 sub-sub-CA" >> $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ + --load-ca-privkey "${srcdir}/data/key-subca.pem" \ + --load-ca-certificate $SUBCAFILE \ + --load-privkey "${srcdir}/data/key-subsubca.pem" \ + --outfile $SUBSUBCAFILE \ + --hash sha256 >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo "cn = End-user" > $TEMPLFILE + +"${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ + --load-ca-privkey "${srcdir}/data/key-subsubca.pem" \ + --load-ca-certificate $SUBSUBCAFILE \ + --load-privkey "${srcdir}/data/key-user.pem" \ + --outfile $USERFILE >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +num=`cat $USERFILE $SUBSUBCAFILE $SUBCAFILE $CAFILE | "${CERTTOOL}" --verify-chain | tee $VERIFYFILE | grep -c Verified` +#cat verify + +if test "${num}" != "4"; then + echo Verification failure + exit 1 +fi + +rm -f $VERIFYFILE $USERFILE $SUBSUBCAFILE $SUBCAFILE $CAFILE $TEMPLFILE $TMPFILE + +exit 0 diff --git a/tests/cert-tests/sha3-test.sh b/tests/cert-tests/sha3-test.sh new file mode 100755 index 0000000..386b20b --- /dev/null +++ b/tests/cert-tests/sha3-test.sh @@ -0,0 +1,98 @@ +#!/bin/sh + +# Copyright (C) 2006-2012 Free Software Foundation, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +TMPFILE=sha3.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +# Note that in rare cases this test may fail because the +# time set using datefudge could have changed since the generation +# (if example the system was busy) + +# Test SHA3 signatures + +for i in sha3-224 sha3-256 sha3-384 sha3-512;do +datefudge -s "2007-04-22" \ +"${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile "${TMPFILE}" --hash $i 2>/dev/null +rc=$? + +if test -f "${srcdir}/data/template-rsa-$i.pem";then + ${DIFF} "${srcdir}/data/template-rsa-$i.pem" "${TMPFILE}" >/dev/null 2>&1 + rc=$? +fi + +# We're done. +if test "${rc}" != "0"; then + echo "Test (RSA-$i) failed" + exit ${rc} +fi + +datefudge -s "2007-04-25" \ + "${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test (verification of RSA-$i) failed" + exit ${rc} +fi +done + +# Test SHA3 signatures with ECDSA + +for i in sha3-224 sha3-256 sha3-384 sha3-512;do +datefudge -s "2007-04-22" \ +"${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test-ecc.key" \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile "${TMPFILE}" --hash $i 2>/dev/null +rc=$? + +if test "${rc}" != "0"; then + echo "Test (ECDSA-$i) failed" + exit ${rc} +fi + +datefudge -s "2007-04-25" \ + "${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test (verification of ECDSA-$i) failed" + exit ${rc} +fi +done + +rm -f "${TMPFILE}" + +exit 0 diff --git a/tests/cert-tests/smime.sh b/tests/cert-tests/smime.sh new file mode 100755 index 0000000..5f6f803 --- /dev/null +++ b/tests/cert-tests/smime.sh @@ -0,0 +1,61 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +OUTFILE=out-pkcs7.$$.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +# test the --smime-to-p7 functionality +${VAGRLIND} "${CERTTOOL}" --smime-to-p7 --infile "${srcdir}/data/pkcs7.smime" --outfile ${OUTFILE} +rc=$? +if test "${rc}" != "0"; then + echo "SMIME to pkcs7 transformation failed" + exit ${rc} +fi + + +datefudge -s "2017-4-6" \ +${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "PKCS7 verification failed" + exit ${rc} +fi + +rm -f "${OUTFILE}" + +exit 0 diff --git a/tests/cert-tests/suppressions.valgrind b/tests/cert-tests/suppressions.valgrind new file mode 100644 index 0000000..12b43e6 --- /dev/null +++ b/tests/cert-tests/suppressions.valgrind @@ -0,0 +1,24 @@ +# suppressions -- Valgrind suppresion file for libgcrypt + +# Copyright (C) 2015 Red Hat, Inc. + +# Copying and distribution of this file, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. + +{ + + Memcheck:Addr4 + fun:idna_to_ascii_4z + fun:idna_to_ascii_8z + fun:gnutls_x509_crt_check_email + ... +} +{ + ld-uncond-jump + Memcheck:Cond + fun:index + fun:expand_dynamic_string_token + fun:fillin_rpath + ... +} diff --git a/tests/cert-tests/template-exts-test.sh b/tests/cert-tests/template-exts-test.sh new file mode 100755 index 0000000..379a929 --- /dev/null +++ b/tests/cert-tests/template-exts-test.sh @@ -0,0 +1,90 @@ +#!/bin/sh + +# Copyright (C) 2006-2012 Free Software Foundation, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +OUTFILE="exts.$$.tmp" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/arb-extensions.tmpl" \ + --outfile $OUTFILE #2>/dev/null + +${DIFF} "${srcdir}/data/arb-extensions.pem" $OUTFILE #>/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test with crt failed" + exit ${rc} +fi + +rm -f "$OUTFILE" + +# Test adding critical extensions only +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/crit-extensions.tmpl" \ + --outfile $OUTFILE #2>/dev/null + +${DIFF} "${srcdir}/data/crit-extensions.pem" $OUTFILE #>/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test with critical only failed" + exit ${rc} +fi + +rm -f "$OUTFILE" + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-request \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/arb-extensions.tmpl" \ + 2>/dev/null | grep -v "Algorithm Security Level" >$OUTFILE + +${DIFF} "${srcdir}/data/arb-extensions.csr" $OUTFILE #>/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test with crq failed" + exit ${rc} +fi + +rm -f "$OUTFILE" + +exit 0 diff --git a/tests/cert-tests/template-policy-test.sh b/tests/cert-tests/template-policy-test.sh new file mode 100755 index 0000000..9954341 --- /dev/null +++ b/tests/cert-tests/template-policy-test.sh @@ -0,0 +1,55 @@ +#!/bin/sh + +# Copyright (C) 2021 Free Software Foundation, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +OUTCERT="policy-cert.$$.tmp" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/simple-policy.tmpl" \ + --outfile $OUTCERT #2>/dev/null + +${DIFF} "${srcdir}/data/simple-policy.pem" $OUTCERT #>/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test with simple policy failed" + exit ${rc} +fi + +rm -f "$OUTCERT" + +exit 0 diff --git a/tests/cert-tests/template-test.sh b/tests/cert-tests/template-test.sh new file mode 100755 index 0000000..b17942f --- /dev/null +++ b/tests/cert-tests/template-test.sh @@ -0,0 +1,323 @@ +#!/bin/sh + +# Copyright (C) 2006-2012 Free Software Foundation, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${ac_cv_sizeof_time_t=8} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +export TZ="UTC" +TMPFILE=tmp-tt.pem.$$.tmp + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +echo "Running test for ${ac_cv_sizeof_time_t}-byte time_t" + +# Note that in rare cases this test may fail because the +# time set using datefudge could have changed since the generation +# (if example the system was busy) + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-test.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/template-test.pem" ${TMPFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 failed" + exit ${rc} +fi + +rm -f ${TMPFILE} + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-utf8.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/template-utf8.pem" ${TMPFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 2 (UTF8) failed" + exit ${rc} +fi + +rm -f ${TMPFILE} + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-dn.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/template-dn.pem" ${TMPFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 3 (DN) failed" + exit ${rc} +fi + +rm -f ${TMPFILE} + +echo "Running test for certificate generation with --generate-self-signed" + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-certificate \ + --load-privkey "${srcdir}/data/template-test.key" \ + --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ + --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ + --template "${srcdir}/templates/template-dn.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/template-sgenerate.pem" ${TMPFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 3-a non-self-signed generation failed" + exit ${rc} +fi + +rm -f ${TMPFILE} + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-dn-err.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null +rc=$? + +if test "${rc}" = "0"; then + echo "Test 3 (DN-err) failed" + exit ${rc} +fi + +rm -f ${TMPFILE} + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-overflow.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/template-overflow.pem" ${TMPFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 4 (overflow1) failed" + exit ${rc} +fi + +rm -f ${TMPFILE} + +# The following test works in 64-bit systems + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-overflow2.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null + +rc=$? +if test "${ac_cv_sizeof_time_t}" -lt 8;then + if test "$rc" = "0"; then + echo "Test 5-1 (overflow2) succeeded unexpectedly with 32-bit time_t" + exit ${rc} + fi +else + if test "$rc" != "0"; then + echo "Test 5-1 (overflow2) failed" + exit ${rc} + fi + + ${DIFF} "${srcdir}/data/template-overflow2.pem" ${TMPFILE} #>/dev/null 2>&1 + rc=$? + + # We're done. + if test "${rc}" != "0"; then + echo "Test 5-2 (overflow2) failed" + exit ${rc} + fi + +fi +rm -f ${TMPFILE} + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-date.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/template-date.pem" ${TMPFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 6 (explicit dates) failed" + exit ${rc} +fi + +rm -f ${TMPFILE} + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-dates-after2038.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null +rc=$? +if test "${ac_cv_sizeof_time_t}" -lt 8;then + if test "$rc" = "0"; then + echo "Test 6-2 (explicit dates) succeeded unexpectedly with 32-bit long" + exit ${rc} + fi +else + if test "$rc" != "0"; then + echo "Test 6-2 (explicit dates) failed" + exit ${rc} + fi + + ${DIFF} "${srcdir}/data/template-dates-after2038.pem" ${TMPFILE} >/dev/null 2>&1 + rc=$? + + if test "${rc}" != "0"; then + echo "Test 6-3 (explicit dates) failed" + exit ${rc} + fi +fi + +rm -f ${TMPFILE} + +# Test name constraints generation + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-nc.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/template-nc.pem" ${TMPFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 7 (name constraints) failed" + exit ${rc} +fi + +rm -f ${TMPFILE} + + +# Test the GeneralizedTime support +if test "${ac_cv_sizeof_time_t}" = 8;then + # we should test that on systems which have 64-bit time_t. + datefudge -s "2051-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-generalized.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null + + ${DIFF} "${srcdir}/data/template-generalized.pem" ${TMPFILE} >/dev/null 2>&1 + rc=$? + + # We're done. + if test "${rc}" != "0"; then + echo "Test 8 (generalizedTime) failed" + exit ${rc} + fi +fi + +rm -f ${TMPFILE} + +# Test unique ID field generation + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-unique.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/template-unique.pem" ${TMPFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 9 (unique ID) failed" + exit ${rc} +fi + +rm -f ${TMPFILE} + +# Test generation with very long dns names + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-long-dns.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/long-dns.pem" ${TMPFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 10 (long dns) failed" + exit ${rc} +fi + +rm -f ${TMPFILE} + +# Test generation with larger serial number + +datefudge -s "2007-04-22" \ + "${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-long-serial.tmpl" \ + --outfile ${TMPFILE} 2>/dev/null + +${DIFF} "${srcdir}/data/long-serial.pem" ${TMPFILE} >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 11 (long serial) failed" + exit ${rc} +fi + +rm -f ${TMPFILE} + +exit 0 diff --git a/tests/cert-tests/templates/arb-extensions.tmpl b/tests/cert-tests/templates/arb-extensions.tmpl new file mode 100644 index 0000000..5171e20 --- /dev/null +++ b/tests/cert-tests/templates/arb-extensions.tmpl @@ -0,0 +1,38 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +serial = 9 +expiration_days = 2590 + +email_protection_key + +add_extension = "1.2.3.4 0001020304050607AAABCD" +add_extension = "1.6.7.8 0x0001020304050607AAABCD" +add_extension = "1.2.3.4.5.6.7 1d34cd5ad065dc27c17e9447b0aaaca7" +add_extension = "1.2.3.4294967295.7 178f0e413f041cc9d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7" +add_critical_extension = "1.10.11.12.13.14.15.16.17.1.5 CAFE" +add_extension = "1.2.6710656.7 d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7" +add_extension = "1.0.1.5 octet_string(CAFEBEAF)" +add_critical_extension = "1.0.1.5.1 octet_string(BEAFCAFEFAFA)" diff --git a/tests/cert-tests/templates/crit-extensions.tmpl b/tests/cert-tests/templates/crit-extensions.tmpl new file mode 100644 index 0000000..414298d --- /dev/null +++ b/tests/cert-tests/templates/crit-extensions.tmpl @@ -0,0 +1,30 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +serial = 9 +expiration_days = 2590 + +add_critical_extension = "1.10.11.12.13.14.15.16.17.1.5 CAFE" +add_critical_extension = "1.2.1.5.1 octet_string(BEAFCAFEFAFA)" diff --git a/tests/cert-tests/templates/inhibit-anypolicy.tmpl b/tests/cert-tests/templates/inhibit-anypolicy.tmpl new file mode 100644 index 0000000..f763317 --- /dev/null +++ b/tests/cert-tests/templates/inhibit-anypolicy.tmpl @@ -0,0 +1,101 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +inhibit_anypolicy_skip_certs = 3 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl1/" +crl_dist_points = "http://www.getcrl.crl/getcrl2/" +crl_dist_points = "http://www.getcrl.crl/getcrl3/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/simple-policy.tmpl b/tests/cert-tests/templates/simple-policy.tmpl new file mode 100644 index 0000000..2077186 --- /dev/null +++ b/tests/cert-tests/templates/simple-policy.tmpl @@ -0,0 +1,30 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +serial = 10 +expiration_days = 2590 + +policy1 = 2.16.840.1.101.3.2.1.48.1 +# no policy1_txt or policy1_url to verify #1238 diff --git a/tests/cert-tests/templates/template-crq.tmpl b/tests/cert-tests/templates/template-crq.tmpl new file mode 100644 index 0000000..24a5b75 --- /dev/null +++ b/tests/cert-tests/templates/template-crq.tmpl @@ -0,0 +1,4 @@ +serial = 567 + +honor_crq_ext 2.5.29.15 +honor_crq_ext 2.5.29.37 diff --git a/tests/cert-tests/templates/template-date.tmpl b/tests/cert-tests/templates/template-date.tmpl new file mode 100644 index 0000000..a535d10 --- /dev/null +++ b/tests/cert-tests/templates/template-date.tmpl @@ -0,0 +1,97 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +expiration_date = 2015-05-24 14:29:12 +activation_date = 2029-01-12 11:36:11 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-dates-after2038.tmpl b/tests/cert-tests/templates/template-dates-after2038.tmpl new file mode 100644 index 0000000..cb17387 --- /dev/null +++ b/tests/cert-tests/templates/template-dates-after2038.tmpl @@ -0,0 +1,97 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +expiration_date = 2043-05-24 14:29:12 +activation_date = 2039-01-12 11:36:11 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-dn-err.tmpl b/tests/cert-tests/templates/template-dn-err.tmpl new file mode 100644 index 0000000..df864bb --- /dev/null +++ b/tests/cert-tests/templates/template-dn-err.tmpl @@ -0,0 +1,67 @@ +# X.509 Certificate options +# +# DN options + +dn = "acn=Nik,st=Attiki,C=GR,surNameO=Mavrogiannopoulos,2.5.4.9=Arkadias" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-dn.tmpl b/tests/cert-tests/templates/template-dn.tmpl new file mode 100644 index 0000000..b35956b --- /dev/null +++ b/tests/cert-tests/templates/template-dn.tmpl @@ -0,0 +1,67 @@ +# X.509 Certificate options +# +# DN options + +dn = "2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-generalized.tmpl b/tests/cert-tests/templates/template-generalized.tmpl new file mode 100644 index 0000000..2143c82 --- /dev/null +++ b/tests/cert-tests/templates/template-generalized.tmpl @@ -0,0 +1,97 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +expiration_date = 2055-05-24 14:29:12 +activation_date = 2051-01-12 11:36:11 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-krb5name.tmpl b/tests/cert-tests/templates/template-krb5name.tmpl new file mode 100644 index 0000000..4fb63fd --- /dev/null +++ b/tests/cert-tests/templates/template-krb5name.tmpl @@ -0,0 +1,68 @@ +# X.509 Certificate options +# +# DN options + +dn = "2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +krb5_principal = user@email.domain@KERBEROS.REALM +krb5_principal = user@REALM.COM +krb5_principal = HTTP/user@REALM.COM +krb5_principal = comp1/comp2/user@REALM.COM + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-long-dns.tmpl b/tests/cert-tests/templates/template-long-dns.tmpl new file mode 100644 index 0000000..6bb5ef9 --- /dev/null +++ b/tests/cert-tests/templates/template-long-dns.tmpl @@ -0,0 +1,70 @@ +# X.509 Certificate options +# +# DN options + +dn = "cn=super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +o = "super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long org" +ou = "super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long dept" + +# A dnsname in case of a WWW server. +dns_name = "super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +#ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +#cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +#ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-long-serial.tmpl b/tests/cert-tests/templates/template-long-serial.tmpl new file mode 100644 index 0000000..0352586 --- /dev/null +++ b/tests/cert-tests/templates/template-long-serial.tmpl @@ -0,0 +1,99 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 0x1234567890abcdeffedcba0987654321abcdef12 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl1/" +crl_dist_points = "http://www.getcrl.crl/getcrl2/" +crl_dist_points = "http://www.getcrl.crl/getcrl3/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-nc.tmpl b/tests/cert-tests/templates/template-nc.tmpl new file mode 100644 index 0000000..bcc5f41 --- /dev/null +++ b/tests/cert-tests/templates/template-nc.tmpl @@ -0,0 +1,87 @@ +# X.509 Certificate options +# +# DN options + +dn = "2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +#ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +nc_permit_dns = example.com +nc_exclude_dns = net +nc_exclude_dns = org + +#empty DNS means that subordinates cannot sign certs with DNS names +nc_exclude_dns = '' + +nc_permit_email = nmav@example.com +nc_exclude_email = example.net +nc_exclude_email = example.li + +nc_permit_ip = 192.168.5.0/24 +nc_permit_ip = 10.10.10.0/16 +nc_permit_ip = 172.23.122.0/23 +nc_exclude_ip = 10.10.100.0/24 +nc_exclude_ip = 10.10.101.5/24 + +nc_permit_ip = fc4c:fe8f:7ffa:18bd::/64 +nc_exclude_ip = fc4c:fe8f:7ffa:18bd:72c8:64b9::/96 + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-no-ca-explicit.tmpl b/tests/cert-tests/templates/template-no-ca-explicit.tmpl new file mode 100644 index 0000000..2b0f7e3 --- /dev/null +++ b/tests/cert-tests/templates/template-no-ca-explicit.tmpl @@ -0,0 +1,13 @@ +cn = "No CA" +serial = 02 + +email_protection_key + +add_extension = "1.2.3.4 0001020304050607AAABCD" +add_extension = "1.6.7.8 0x0001020304050607AAABCD" +add_extension = "1.2.3.4.5.6.7 1d34cd5ad065dc27c17e9447b0aaaca7" +add_extension = "1.2.3.4294967295.7 178f0e413f041cc9d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7" +add_critical_extension = "1.10.11.12.13.14.15.16.17.1.5 CAFE" +add_extension = "1.2.6710656.7 d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7" +add_extension = "1.0.1.5 octet_string(CAFEBEAF)" +add_critical_extension = "1.0.1.5.1 octet_string(BEAFCAFEFAFA)" diff --git a/tests/cert-tests/templates/template-no-ca-honor.tmpl b/tests/cert-tests/templates/template-no-ca-honor.tmpl new file mode 100644 index 0000000..05f21b8 --- /dev/null +++ b/tests/cert-tests/templates/template-no-ca-honor.tmpl @@ -0,0 +1,3 @@ +cn = "No CA" +serial = 02 +honor_crq_extensions diff --git a/tests/cert-tests/templates/template-no-ca.tmpl b/tests/cert-tests/templates/template-no-ca.tmpl new file mode 100644 index 0000000..6528a50 --- /dev/null +++ b/tests/cert-tests/templates/template-no-ca.tmpl @@ -0,0 +1,2 @@ +cn = "No CA" +serial = 02 diff --git a/tests/cert-tests/templates/template-othername-xmpp.tmpl b/tests/cert-tests/templates/template-othername-xmpp.tmpl new file mode 100644 index 0000000..017dfba --- /dev/null +++ b/tests/cert-tests/templates/template-othername-xmpp.tmpl @@ -0,0 +1,67 @@ +# X.509 Certificate options +# +# DN options + +dn = "2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +xmpp_name = juliet@im.example.com +xmpp_name = hello@hello.org + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-othername.tmpl b/tests/cert-tests/templates/template-othername.tmpl new file mode 100644 index 0000000..e9d1ed3 --- /dev/null +++ b/tests/cert-tests/templates/template-othername.tmpl @@ -0,0 +1,71 @@ +# X.509 Certificate options +# +# DN options + +dn = "2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" +other_name = "1.3.6.1.5.2.2 302ca00d1b0b56414e5245494e2e4f5247a11b3019a006020400000002a10f300d1b047269636b1b0561646d696e" +other_name_utf8 = "1.3.6.1.5.5.7.8.7 nmav@gnutls.org" +other_name_utf8 = "1.3.6.1.5.5.7.8.5 nmav@gnutls.org" +other_name_octet = "1.2.4.5.6 a test string" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-overflow.tmpl b/tests/cert-tests/templates/template-overflow.tmpl new file mode 100644 index 0000000..ec88388 --- /dev/null +++ b/tests/cert-tests/templates/template-overflow.tmpl @@ -0,0 +1,97 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = -1 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-overflow2.tmpl b/tests/cert-tests/templates/template-overflow2.tmpl new file mode 100644 index 0000000..af245f4 --- /dev/null +++ b/tests/cert-tests/templates/template-overflow2.tmpl @@ -0,0 +1,97 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 99999 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-test.tmpl b/tests/cert-tests/templates/template-test.tmpl new file mode 100644 index 0000000..007adcf --- /dev/null +++ b/tests/cert-tests/templates/template-test.tmpl @@ -0,0 +1,99 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl1/" +crl_dist_points = "http://www.getcrl.crl/getcrl2/" +crl_dist_points = "http://www.getcrl.crl/getcrl3/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-tlsfeature-crq.tmpl b/tests/cert-tests/templates/template-tlsfeature-crq.tmpl new file mode 100644 index 0000000..1a41d2d --- /dev/null +++ b/tests/cert-tests/templates/template-tlsfeature-crq.tmpl @@ -0,0 +1,23 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +honor_crq_extensions diff --git a/tests/cert-tests/templates/template-tlsfeature.tmpl b/tests/cert-tests/templates/template-tlsfeature.tmpl new file mode 100644 index 0000000..f4d3f69 --- /dev/null +++ b/tests/cert-tests/templates/template-tlsfeature.tmpl @@ -0,0 +1,99 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +tls_feature = 5 +tls_feature = 17 + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +dn_oid = 2.5.4.12 Dr. +dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl1/" +crl_dist_points = "http://www.getcrl.crl/getcrl2/" +crl_dist_points = "http://www.getcrl.crl/getcrl3/" + +email = "where@none.org" + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-unique.tmpl b/tests/cert-tests/templates/template-unique.tmpl new file mode 100644 index 0000000..4576ebb --- /dev/null +++ b/tests/cert-tests/templates/template-unique.tmpl @@ -0,0 +1,70 @@ +# X.509 Certificate options +# +# DN options + +dn = "2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +subject_unique_id = 0015232425 +issuer_unique_id = 11142324251224 + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/cert-tests/templates/template-utf8.tmpl b/tests/cert-tests/templates/template-utf8.tmpl new file mode 100644 index 0000000..3a37da4 --- /dev/null +++ b/tests/cert-tests/templates/template-utf8.tmpl @@ -0,0 +1,35 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Μεγάλη εταιÏία" + +# The name (Koala) +cn = "ðŸ¨" + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Αττική" + +# The country of the subject. Two letter code. +country = GR + +# The serial number of the certificate +serial = 009 + +# Certificate policies +policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0 +policy1_txt = "Μια πολιτική που θέλει διάβασμα" +policy1_url = http://www.example.com/a-policy-to-read + +policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1 +policy2_txt = "Another policy" +policy2_url = http://www.example.com/another-policy-to-read + +policy3 = 1.3.6.1.4.1.5484.1.10.99.1.2 +policy3_txt = "More policies" +policy3_url = http://example.com/a-policy-to-read + diff --git a/tests/cert-tests/tlsfeature-test.sh b/tests/cert-tests/tlsfeature-test.sh new file mode 100755 index 0000000..4148a7b --- /dev/null +++ b/tests/cert-tests/tlsfeature-test.sh @@ -0,0 +1,198 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${DIFF=diff} +TMPFILE=tlsfeature.$$.tmp +TMPFILE2=tlsfeature-2.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +# +# Test certificate generation +# +datefudge -s "2007-04-22" \ +"${CERTTOOL}" --generate-self-signed \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-tlsfeature.tmpl" \ + --outfile "${TMPFILE}" 2>/dev/null +rc=$? + +${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/template-tlsfeature.pem" "${TMPFILE}" >/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Cert generation test failed" + exit ${rc} +fi + +# +# Test certificate printing +# +rm -f "${TMPFILE}" +rm -f "${TMPFILE2}" +"${CERTTOOL}" -i \ + --infile "${srcdir}/data/template-tlsfeature.pem" --outfile "${TMPFILE}" +rc=$? + +if test "${rc}" != "0"; then + echo "Cert printing (0) failed" + exit ${rc} +fi + +grep -A 2 "TLS Features" "${TMPFILE}" >"${TMPFILE2}" 2>/dev/null +rc=$? + +if test "${rc}" != "0"; then + echo "Cert printing (1) failed" + exit ${rc} +fi + +grep "17" "${TMPFILE2}" >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + echo "Cert printing (1) failed" + exit ${rc} +fi + +grep "Status Request(5)" "${TMPFILE2}" >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + echo "Cert printing (2) failed" + exit ${rc} +fi + + +# +# Test certificate request generation +# + +datefudge -s "2007-04-22" \ +"${CERTTOOL}" --generate-request \ + --load-privkey "${srcdir}/data/template-test.key" \ + --template "${srcdir}/templates/template-tlsfeature.tmpl" \ + --outfile "${TMPFILE}" -d 4 #2>/dev/null +rc=$? +if test "${rc}" != "0"; then + echo "CSR generation test (0) failed" + exit ${rc} +fi + +${DIFF} --ignore-matching-lines "Algorithm Security Level" "${srcdir}/data/template-tlsfeature.csr" "${TMPFILE}" #>/dev/null 2>&1 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "CSR generation test (1) failed" + exit ${rc} +fi + +# +# Test certificate request printing +# +rm -f "${TMPFILE}" +rm -f "${TMPFILE2}" +"${CERTTOOL}" --crq-info \ + --infile "${srcdir}/data/template-tlsfeature.csr" --outfile "${TMPFILE}" >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + echo "CSR printing (0) failed" + exit ${rc} +fi + +grep -A 2 "TLS Features" "${TMPFILE}" >"${TMPFILE2}" 2>/dev/null +rc=$? + +if test "${rc}" != "0"; then + echo "CSR printing (1) failed" + exit ${rc} +fi + +grep "17" "${TMPFILE2}" >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + echo "CSR printing (2) failed" + exit ${rc} +fi + +grep "Status Request(5)" "${TMPFILE2}" >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + echo "CSR printing (3) failed" + exit ${rc} +fi + +# +# Test certificate generation after a request +# +datefudge -s "2007-04-22" \ +"${CERTTOOL}" --generate-certificate \ + --load-privkey "${srcdir}/data/template-test.key" \ + --load-ca-privkey "${srcdir}/data/template-test.key" \ + --load-ca-certificate "${srcdir}/data/template-tlsfeature.pem" \ + --template "${srcdir}/templates/template-tlsfeature-crq.tmpl" \ + --load-request "${TMPFILE}" >"${TMPFILE2}" 2>&1 + +grep -A 2 "TLS Features" "${TMPFILE2}" >"${TMPFILE}" 2>/dev/null +rc=$? + +if test "${rc}" != "0"; then + echo "Cert generation (csr) (0) failed" + exit ${rc} +fi + +grep "17" "${TMPFILE}" >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + echo "Cert generation (csr) (1) failed" + exit ${rc} +fi + +grep "Status Request(5)" "${TMPFILE}" >/dev/null 2>&1 +rc=$? + +if test "${rc}" != "0"; then + echo "Cert generation (csr) (2) failed" + exit ${rc} +fi + + +rm -f "${TMPFILE}" +rm -f "${TMPFILE2}" + +exit 0 diff --git a/tests/cert-tests/tolerate-invalid-time.sh b/tests/cert-tests/tolerate-invalid-time.sh new file mode 100755 index 0000000..d5f8916 --- /dev/null +++ b/tests/cert-tests/tolerate-invalid-time.sh @@ -0,0 +1,50 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${PKG_CONFIG=pkg-config} +: ${DIFF=diff -b -B} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +${PKG_CONFIG} --version >/dev/null || exit 77 + +${PKG_CONFIG} --atleast-version=4.12 libtasn1 || exit 77 + +# Check whether certificates with invalid time fields are accepted +for file in openssl-invalid-time-format.pem;do + ${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/$file" + rc=$? + + if test "${rc}" != "0";then + echo "file $file was not rejected" + exit 1 + fi +done + +exit 0 diff --git a/tests/cert-tests/x25519-and-x448.sh b/tests/cert-tests/x25519-and-x448.sh new file mode 100755 index 0000000..23fbd5f --- /dev/null +++ b/tests/cert-tests/x25519-and-x448.sh @@ -0,0 +1,101 @@ +#!/bin/sh + +# Copyright (C) 2021 Free Software Foundation, Inc. +# +# Author: Daniel Kahn Gillmor +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +TMPFILE=crfg-kx.$$.tmp +TMPCA=eddsa-ca.$$.tmp +TMPCAKEY=eddsa-ca-key.$$.tmp +TMPSUBCA=eddsa-subca.$$.tmp +TMPSUBCAKEY=eddsa-subca-key.$$.tmp +TMPKEY=kx-key.$$.tmp +TMPTEMPL=template.$$.tmp +TMPUSER=user.$$.tmp +VERIFYOUT=verify.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +for curve in 25519 448; do + echo ca > $TMPTEMPL + echo "cn = Ed$curve CA" >> $TMPTEMPL + + "${CERTTOOL}" --generate-privkey --key-type=ed$curve > $TMPCAKEY 2>/dev/null + + "${CERTTOOL}" -d 2 --generate-self-signed --template $TMPTEMPL \ + --load-privkey $TMPCAKEY \ + --outfile $TMPCA >$TMPFILE 2>&1 + + if [ $? != 0 ]; then + cat $TMPFILE + exit 1 + fi + + echo ca > $TMPTEMPL + echo "cn = Ed$curve Mid CA" >> $TMPTEMPL + + "${CERTTOOL}" --generate-privkey --key-type=ed$curve > $TMPSUBCAKEY 2>/dev/null + + "${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPCAKEY \ + --load-ca-certificate $TMPCA \ + --load-privkey $TMPSUBCAKEY \ + --outfile $TMPSUBCA >$TMPFILE 2>&1 + + if [ $? != 0 ]; then + cat $TMPFILE + exit 1 + fi + + echo "cn = End-user" > $TMPTEMPL + echo email_protection_key >> $TMPTEMPL + echo encryption_key >> $TMPTEMPL + + "${CERTTOOL}" --generate-privkey --key-type=x$curve > $TMPKEY 2>/dev/null + + "${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPSUBCAKEY \ + --load-ca-certificate $TMPSUBCA \ + --load-privkey $TMPKEY \ + --outfile $TMPUSER >$TMPFILE 2>&1 + + if [ $? != 0 ]; then + cat $TMPFILE + exit 1 + fi + + cat $TMPUSER $TMPSUBCA $TMPCA > $TMPFILE + "${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYOUT + + if [ $? != 0 ]; then + cat $VERIFYOUT + exit 1 + fi + + rm -f $VERIFYOUT $TMPUSER $TMPCA $TMPSUBCA $TMPTEMPL $TMPFILE + rm -f $TMPSUBCAKEY $TMPCAKEY $TMPKEY +done + +exit 0 diff --git a/tests/cert-tests/x509-duplicate-ext.sh b/tests/cert-tests/x509-duplicate-ext.sh new file mode 100755 index 0000000..0cfa7e1 --- /dev/null +++ b/tests/cert-tests/x509-duplicate-ext.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +OUTFILE=out.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +"${CERTTOOL}" --certificate-info --infile "${srcdir}/data/dup-exts.pem" >${OUTFILE} 2>&1 +RET=$? +if test ${RET} = 0; then + echo "Successfully loaded a certificate with duplicate extensions" + cat ${OUTFILE} + exit 1 +fi + +grep "Duplicate extension in" ${OUTFILE} 2>/dev/null +if test $? != 0; then + echo "Could not find the expected error value" + cat ${OUTFILE} + exit 1 +fi + + +rm -f ${OUTFILE} + +exit 0 diff --git a/tests/cert.c b/tests/cert.c new file mode 100644 index 0000000..ec566a4 --- /dev/null +++ b/tests/cert.c @@ -0,0 +1,142 @@ +/* + * Copyright (C) 2006-2012 Free Software Foundation, Inc. + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include +#include +#include +#include + +#include "utils.h" + +/* This program will load certificates from CERT_DIR and try to print + * them. If CERT_DIR/certname.err is available, it should contain the + * error code that gnutls_x509_crt_import() should return. + */ + +#define CERT_DIR "certs-interesting" + +static int getnextcert(DIR **dirp, gnutls_datum_t *der, int *exp_ret) +{ + struct dirent *d; + char path[256]; + char cert_dir[256]; + const char *src; + int ret; + gnutls_datum_t local; + + src = getenv("srcdir"); + if (src == NULL) + src = "."; + + snprintf(cert_dir, sizeof(cert_dir), "%s/%s", src, CERT_DIR); + + if (*dirp == NULL) { + *dirp = opendir(cert_dir); + if (*dirp == NULL) + return -1; + } + + do { + d = readdir(*dirp); + if (d != NULL +#ifdef _DIRENT_HAVE_D_TYPE + && d->d_type == DT_REG +#endif + ) { + if (strstr(d->d_name, ".der") == 0) + continue; + if (strstr(d->d_name, ".err") != 0) + continue; + snprintf(path, sizeof(path), "%s/%s", cert_dir, d->d_name); + + success("Loading %s\n", path); + ret = gnutls_load_file(path, der); + if (ret < 0) { + return -1; + } + + snprintf(path, sizeof(path), "%s/%s.err", cert_dir, d->d_name); + success("Loading errfile %s\n", path); + ret = gnutls_load_file(path, &local); + if (ret < 0) { /* not found assume success */ + *exp_ret = 0; + } else { + *exp_ret = atoi((char*)local.data); + success("expecting error code %d\n", *exp_ret); + gnutls_free(local.data); + } + + return 0; + } + } while(d != NULL); + + closedir(*dirp); + return -1; /* finished */ +} + +void doit(void) +{ + int ret, exp_ret; + gnutls_x509_crt_t cert; + gnutls_datum_t der; + DIR *dirp = NULL; + + ret = global_init(); + if (ret < 0) + fail("init %d\n", ret); + + while (getnextcert(&dirp, &der, &exp_ret)==0) { + ret = gnutls_x509_crt_init(&cert); + if (ret < 0) + fail("crt_init %d\n", ret); + + gnutls_x509_crt_set_flags(cert, GNUTLS_X509_CRT_FLAG_IGNORE_SANITY); + + ret = gnutls_x509_crt_import(cert, &der, GNUTLS_X509_FMT_DER); + if (ret != exp_ret) { + fail("crt_import %s\n", gnutls_strerror(ret)); + } + + if (ret == 0) { + /* attempt to fully decode */ + gnutls_datum_t out; + ret = gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, &out); + if (ret < 0) { + fail("print: %s\n", gnutls_strerror(ret)); + } + gnutls_free(out.data); + } + + gnutls_x509_crt_deinit(cert); + gnutls_free(der.data); + der.size = 0; + exp_ret = -1; + } + + gnutls_global_deinit(); +} diff --git a/tests/cert_verify_inv_utf8.c b/tests/cert_verify_inv_utf8.c new file mode 100644 index 0000000..095a55f --- /dev/null +++ b/tests/cert_verify_inv_utf8.c @@ -0,0 +1,157 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* Test for handshake with invalid UTF8 certificate + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1473674242; + if (t) + *t = then; + + return then; +} + +static void auto_parse(void) +{ + gnutls_certificate_credentials_t x509_cred, clicred; + gnutls_pcert_st pcert_list[16]; + gnutls_privkey_t key; + gnutls_pcert_st second_pcert[2]; + gnutls_privkey_t second_key; + unsigned pcert_list_size; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_privkey_init(&key)>=0); + + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + pcert_list_size = sizeof(pcert_list)/sizeof(pcert_list[0]); + ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, + &server_ca3_localhost_cert_chain, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_privkey_import_x509_raw(key, &server_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(x509_cred, NULL, 0, pcert_list, + pcert_list_size, key); + if (ret < 0) { + fail("error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* set the key with UTF8 names */ + assert(gnutls_privkey_init(&second_key)>=0); + + pcert_list_size = 2; + ret = gnutls_pcert_list_import_x509_raw(second_pcert, &pcert_list_size, + &server_ca3_localhost_inv_utf8_cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_privkey_import_x509_raw(second_key, &server_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(x509_cred, NULL, 0, second_pcert, + 1, second_key); + if (ret < 0) { + fail("error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret)); + exit(1); + } + + test_cli_serv_expect(x509_cred, clicred, "NORMAL", "NORMAL", "localhost", 0, 0); + test_cli_serv_vf(x509_cred, clicred, "NORMAL", "www.νίκοσ.com"); + test_cli_serv_vf(x509_cred, clicred, "NORMAL", "www.νίκος.com"); + test_cli_serv_expect(x509_cred, clicred, "NORMAL", "NORMAL", "raw:www.νίκος.com", GNUTLS_E_RECEIVED_DISALLOWED_NAME, GNUTLS_E_AGAIN); + + gnutls_certificate_free_credentials(x509_cred); + gnutls_certificate_free_credentials(clicred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} + +void doit(void) +{ +#if !defined(HAVE_LIBIDN2) + exit(77); +#endif + auto_parse(); +} diff --git a/tests/certificate_set_x509_crl.c b/tests/certificate_set_x509_crl.c new file mode 100644 index 0000000..ff4d5c8 --- /dev/null +++ b/tests/certificate_set_x509_crl.c @@ -0,0 +1,109 @@ +/* + * Copyright (C) 2006-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +static char g_crl[] = + "-----BEGIN X509 CRL-----\n" + "MIIB9DCCAV8CAQEwCwYJKoZIhvcNAQEFMIIBCDEXMBUGA1UEChMOVmVyaVNpZ24s\n" + "IEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsT\n" + "PXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBieSBSZWYu\n" + "LExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDEm\n" + "MCQGA1UECxMdRGlnaXRhbCBJRCBDbGFzcyAxIC0gTmV0c2NhcGUxGDAWBgNVBAMU\n" + "D1NpbW9uIEpvc2Vmc3NvbjEiMCAGCSqGSIb3DQEJARYTc2ltb25Aam9zZWZzc29u\n" + "Lm9yZxcNMDYxMjI3MDgwMjM0WhcNMDcwMjA3MDgwMjM1WjAjMCECEC4QNwPfRoWd\n" + "elUNpllhhTgXDTA2MTIyNzA4MDIzNFowCwYJKoZIhvcNAQEFA4GBAD0zX+J2hkcc\n" + "Nbrq1Dn5IKL8nXLgPGcHv1I/le1MNo9t1ohGQxB5HnFUkRPAY82fR6Epor4aHgVy\n" + "b+5y+neKN9Kn2mPF4iiun+a4o26CjJ0pArojCL1p8T0yyi9Xxvyc/ezaZ98HiIyP\n" + "c3DGMNR+oUmSjKZ0jIhAYmeLxaPHfQwR\n" "-----END X509 CRL-----\n"; + +/* Test regression of bug reported by Max Kellermann + in Message-ID: <20061211075202.GA1517@roonstrasse.net> to the + gnutls-dev@gnupg.org list. */ + +int main(void) +{ + int rc; + gnutls_certificate_credentials_t crt; + gnutls_datum_t crldatum = { (uint8_t *) g_crl, strlen(g_crl) }; + gnutls_x509_crl_t crl; + + rc = global_init(); + if (rc) { + printf("global_init rc %d: %s\n", rc, gnutls_strerror(rc)); + return 1; + } + + rc = gnutls_certificate_allocate_credentials(&crt); + if (rc) { + printf + ("gnutls_certificate_allocate_credentials rc %d: %s\n", + rc, gnutls_strerror(rc)); + return 1; + } + + rc = gnutls_certificate_set_x509_crl_mem(crt, &crldatum, + GNUTLS_X509_FMT_PEM); + if (rc != 1) { + printf("gnutls_certificate_set_x509_crl_mem num %d\n", rc); + return 1; + } + + rc = gnutls_x509_crl_init(&crl); + if (rc) { + printf("gnutls_x509_crl_init rc %d: %s\n", rc, + gnutls_strerror(rc)); + return 1; + } + + rc = gnutls_x509_crl_import(crl, &crldatum, GNUTLS_X509_FMT_PEM); + if (rc) { + printf("gnutls_x509_crl_import rc %d: %s\n", rc, + gnutls_strerror(rc)); + return 1; + } + + rc = gnutls_certificate_set_x509_crl(crt, &crl, 1); + if (rc < 0) { + printf("gnutls_certificate_set_x509_crl rc %d: %s\n", + rc, gnutls_strerror(rc)); + return 1; + } + + gnutls_x509_crl_deinit(crl); + + gnutls_certificate_free_credentials(crt); + + gnutls_global_deinit(); + + return 0; +} diff --git a/tests/certs-interesting/README.md b/tests/certs-interesting/README.md new file mode 100644 index 0000000..b2f35d4 --- /dev/null +++ b/tests/certs-interesting/README.md @@ -0,0 +1,6 @@ +This directory contains files used by tests/cert.c. + +These are interesting certificates, that used to cause a crash +or other artifacts during loading. If a filename.err is present +it should contain the expected error code from gnutls_x509_crt_import(); +otherwise success (0) is assumed. diff --git a/tests/certs-interesting/cert1.der b/tests/certs-interesting/cert1.der new file mode 100644 index 0000000..70bccb4 Binary files /dev/null and b/tests/certs-interesting/cert1.der differ diff --git a/tests/certs-interesting/cert1.der.err b/tests/certs-interesting/cert1.der.err new file mode 100644 index 0000000..ea69cfe --- /dev/null +++ b/tests/certs-interesting/cert1.der.err @@ -0,0 +1 @@ +-69 diff --git a/tests/certs-interesting/cert10.der b/tests/certs-interesting/cert10.der new file mode 100644 index 0000000..07ab16d Binary files /dev/null and b/tests/certs-interesting/cert10.der differ diff --git a/tests/certs-interesting/cert2.der b/tests/certs-interesting/cert2.der new file mode 100644 index 0000000..012cc16 Binary files /dev/null and b/tests/certs-interesting/cert2.der differ diff --git a/tests/certs-interesting/cert2.der.err b/tests/certs-interesting/cert2.der.err new file mode 100644 index 0000000..ea69cfe --- /dev/null +++ b/tests/certs-interesting/cert2.der.err @@ -0,0 +1 @@ +-69 diff --git a/tests/certs-interesting/cert3.der b/tests/certs-interesting/cert3.der new file mode 100644 index 0000000..9221be0 Binary files /dev/null and b/tests/certs-interesting/cert3.der differ diff --git a/tests/certs-interesting/cert3.der.err b/tests/certs-interesting/cert3.der.err new file mode 100644 index 0000000..ea69cfe --- /dev/null +++ b/tests/certs-interesting/cert3.der.err @@ -0,0 +1 @@ +-69 diff --git a/tests/certs-interesting/cert4.der b/tests/certs-interesting/cert4.der new file mode 100644 index 0000000..c798fbd Binary files /dev/null and b/tests/certs-interesting/cert4.der differ diff --git a/tests/certs-interesting/cert5.der b/tests/certs-interesting/cert5.der new file mode 100644 index 0000000..f950ff3 Binary files /dev/null and b/tests/certs-interesting/cert5.der differ diff --git a/tests/certs-interesting/cert5.der.err b/tests/certs-interesting/cert5.der.err new file mode 100644 index 0000000..a6605e8 --- /dev/null +++ b/tests/certs-interesting/cert5.der.err @@ -0,0 +1 @@ +-62 diff --git a/tests/certs-interesting/cert6.der b/tests/certs-interesting/cert6.der new file mode 100644 index 0000000..58f4589 Binary files /dev/null and b/tests/certs-interesting/cert6.der differ diff --git a/tests/certs-interesting/cert6.der.err b/tests/certs-interesting/cert6.der.err new file mode 100644 index 0000000..b8dae94 --- /dev/null +++ b/tests/certs-interesting/cert6.der.err @@ -0,0 +1 @@ +-43 diff --git a/tests/certs-interesting/cert7.der b/tests/certs-interesting/cert7.der new file mode 100644 index 0000000..5bd4011 Binary files /dev/null and b/tests/certs-interesting/cert7.der differ diff --git a/tests/certs-interesting/cert8.der b/tests/certs-interesting/cert8.der new file mode 100644 index 0000000..9180256 Binary files /dev/null and b/tests/certs-interesting/cert8.der differ diff --git a/tests/certs-interesting/cert9.der b/tests/certs-interesting/cert9.der new file mode 100644 index 0000000..e6329f6 Binary files /dev/null and b/tests/certs-interesting/cert9.der differ diff --git a/tests/certs/ca-cert-ecc.pem b/tests/certs/ca-cert-ecc.pem new file mode 100644 index 0000000..2e95c95 --- /dev/null +++ b/tests/certs/ca-cert-ecc.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICLTCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G +A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y +aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0 +ZSBhdXRob3JpdHkwHhcNMTEwNTIzMTgzODIxWhcNMzEwNTI0MTIyOTEyWjB9MQsw +CQYDVQQGEwJCRTEPMA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2Vy +dGlmaWNhdGUgYXV0aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdu +dVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMB +BwNCAARS2I0jiuNn14Y2sSALCX3IybqiIJUvxUpj+oNfzngvj/Niyv2394BWnW4X +uQ4RTEiywK87WRcWMGgJB5kX/t2no0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud +DwEB/wQFAwMHBgAwHQYDVR0OBBYEFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqG +SM49BAMCA0kAMEYCIQCoTZHO4jSkIKq5UVMnPFzv2MtJHd62KxMPq4Ad5c9RwwIh +AMyj06hO1DGrV3bOPBRJrfWTEzkgA4p1wntYRoPfCTdF +-----END CERTIFICATE----- diff --git a/tests/certs/ca-ecc.pem b/tests/certs/ca-ecc.pem new file mode 100644 index 0000000..3f15e01 --- /dev/null +++ b/tests/certs/ca-ecc.pem @@ -0,0 +1,28 @@ +Testing SECP224R1 (1) +Testing SECP256R1 (2) +Testing SECP384R1 (3) +Public Key Info: + Public Key Algorithm: ECC + Key Security Level: High + +curve: SECP256R1 +private key: + 19:f4:6b:fc:8e:67:e7:51:98:ef:58:67:5f:4c:ee: + 22:b9:2e:a4:22:ad:99:28:0d:29:c1:1e:3b:f7:2c: + 61:48: +x: + 52:d8:8d:23:8a:e3:67:d7:86:36:b1:20:0b:09:7d: + c8:c9:ba:a2:20:95:2f:c5:4a:63:fa:83:5f:ce:78: + 2f:8f: +y: + 00:f3:62:ca:fd:b7:f7:80:56:9d:6e:17:b9:0e:11: + 4c:48:b2:c0:af:3b:59:17:16:30:68:09:07:99:17: + fe:dd:a7: + +Public Key ID: D8:37:48:4E:0C:07:DE:56:4E:C8:1E:7F:13:1D:7B:54:FA:9D:2D:BE + +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIBn0a/yOZ+dRmO9YZ19M7iK5LqQirZkoDSnBHjv3LGFIoAoGCCqGSM49 +AwEHoUQDQgAEUtiNI4rjZ9eGNrEgCwl9yMm6oiCVL8VKY/qDX854L4/zYsr9t/eA +Vp1uF7kOEUxIssCvO1kXFjBoCQeZF/7dpw== +-----END EC PRIVATE KEY----- diff --git a/tests/certs/cert-ecc.pem b/tests/certs/cert-ecc.pem new file mode 100644 index 0000000..d0baccb --- /dev/null +++ b/tests/certs/cert-ecc.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB+jCCAaGgAwIBAgIETd4LiTAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEP +MA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0 +aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZp +Y2F0ZSBhdXRob3JpdHkwHhcNMTEwNTI2MDgxMjU4WhcNMTIxMjI0MTkxNjI5WjAh +MQswCQYDVQQGEwJCRTESMBAGA1UEAxMJbG9jYWxob3N0ME4wEAYHKoZIzj0CAQYF +K4EEACEDOgAEajvYx+4zlK+ML3N97kxGydOZ09wqD7YwOvRqLEt6lYUymIwd7RpG +Ejz2W69GUXtw8vMbZmULNjyjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYI +KwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUm+S0YAc8Me/osocf +UaYG4uYxpwkwHwYDVR0jBBgwFoAU8LSB/pgSv7UouWRAA8vMH2ZOKAMwCgYIKoZI +zj0EAwIDRwAwRAIgTqvgggIh57TVhSKXRie+XDhndnCUeNTE7qx2VO5CgfACIAwA +OLnOYanr1sWQVKxSACU1wnNZ6UsuWSMr/uDlKJfZ +-----END CERTIFICATE----- diff --git a/tests/certs/cert-ecc256.pem b/tests/certs/cert-ecc256.pem new file mode 100644 index 0000000..3f5cbc1 --- /dev/null +++ b/tests/certs/cert-ecc256.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC4DCCAoagAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G +A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y +aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0 +ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMzZaGA8yMDE5MTAwNTA5MjIzNlow +gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs +ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh +dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G +A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL2RcVRnJx +ksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwaOBtjCBszAMBgNV +HRMBAf8EAjAAMD0GA1UdEQQ2MDSCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFu +b25lLm9yZ4IJbG9jYWxob3N0hwTAqAEBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G +A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKz6R2fGG0F5Elf3rAXBUOKO0A5bMB8G +A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0gAMEUC +ICgq4CTInkRQ1DaFoI8wmu2KP8445NWRXKouag2WJSFzAiEAx4KxaoZJNVfBBSc4 +bA9XTz/2OnpgAZutUohNNb/tmRE= +-----END CERTIFICATE----- diff --git a/tests/certs/cert-ecc384.pem b/tests/certs/cert-ecc384.pem new file mode 100644 index 0000000..29b057b --- /dev/null +++ b/tests/certs/cert-ecc384.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/jCCAqOgAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G +A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y +aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0 +ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMzFaGA8yMDE5MTAwNTA5MjIzMVow +gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs +ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh +dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G +A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMHYwEAYH +KoZIzj0CAQYFK4EEACIDYgAEBdFp7VW/awwLHqaOT6qzraO12SYSPvIXu/4R0oBA +ygamgH1/0nuW/ZKNQYfmiPtnLickPpVGaRBvoTEyAq858FmuTCFE2Kft0/En+Dpk +6md6yd+7EqqztcvY2Gw4zPNwo4G2MIGzMAwGA1UdEwEB/wQCMAAwPQYDVR0RBDYw +NIIMd3d3Lm5vbmUub3JnghN3d3cubW9yZXRoYW5vbmUub3Jngglsb2NhbGhvc3SH +BMCoAQEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNV +HQ4EFgQUR6LCq3Gbiil4XRkgb6gdSskwQIQwHwYDVR0jBBgwFoAU8LSB/pgSv7Uo +uWRAA8vMH2ZOKAMwCgYIKoZIzj0EAwIDSQAwRgIhAL4FmNCgnUEnkfJAysOLApVT +bOYXH1dnJ6j3FKxMXM+jAiEAtcWWV7yqvihzxptUdWMcg1kuZanf9VHuWmUMuUcc +Nnk= +-----END CERTIFICATE----- diff --git a/tests/certs/cert-ecc521.pem b/tests/certs/cert-ecc521.pem new file mode 100644 index 0000000..3fc1778 --- /dev/null +++ b/tests/certs/cert-ecc521.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJDCCAsmgAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G +A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y +aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0 +ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMjRaGA8yMDE5MTAwNTA5MjIyNFow +gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs +ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh +dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G +A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMIGbMBAG +ByqGSM49AgEGBSuBBAAjA4GGAAQAoapA9bLQHQiI8V2mIzs9sq80VR4FBB0TBOSx +GqBOE3FSzHAejQkIKc/1pW0v0wKvapYMq/RrfhPJxPkjTPtztUsAkU//9E0/aoEW +VC6Rqf+VX3wIhe7+RS8JXdBh9SM0+Z9MCRUiM8K9qPMtpNgB2ks7T5BGFHSMlNKm +uLW1agWPy5CjgbYwgbMwDAYDVR0TAQH/BAIwADA9BgNVHREENjA0ggx3d3cubm9u +ZS5vcmeCE3d3dy5tb3JldGhhbm9uZS5vcmeCCWxvY2FsaG9zdIcEwKgBATATBgNV +HSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBTagKMW +kYyqTJk/RRjg++gqz6xX6zAfBgNVHSMEGDAWgBTwtIH+mBK/tSi5ZEADy8wfZk4o +AzAKBggqhkjOPQQDAgNJADBGAiEAoj/ZB98cG/FaA7VVU+R6+TT3icF+De61rfim +R43VMlUCIQCXjG9gRp0x+/8vCRL0/nr0a32SRPruKVDqbHnNiWchsg== +-----END CERTIFICATE----- diff --git a/tests/certs/cert-ed25519.pem b/tests/certs/cert-ed25519.pem new file mode 100644 index 0000000..8d6283d --- /dev/null +++ b/tests/certs/cert-ed25519.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBwTCCAWagAwIBAgIIWTZasQWGNVEwCgYIKoZIzj0EAwIwfTELMAkGA1UEBhMC +QkUxDzANBgNVBAoTBkdudVRMUzElMCMGA1UECxMcR251VExTIGNlcnRpZmljYXRl +IGF1dGhvcml0eTEPMA0GA1UECBMGTGV1dmVuMSUwIwYDVQQDExxHbnVUTFMgY2Vy +dGlmaWNhdGUgYXV0aG9yaXR5MCAXDTE3MDYwNjA3MzMwNVoYDzk5OTkxMjMxMjM1 +OTU5WjAZMRcwFQYDVQQDEw5FZDI1NTE5IHNpZ25lcjAqMAUGAytlcAMhAPMF++lz +LIzfyCX0v0B7LIabZWZ/dePW9HexIbW3tYmHo2EwXzAMBgNVHRMBAf8EAjAAMA8G +A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFONSSnOdGLzpv3xNcci8ZiKKqzyqMB8G +A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0kAMEYC +IQDHGfSgM44DVZfrP5CF8LSNlFN55ti3Z69YJ0SK8Fy9eQIhAN2UKeX3l8A9Ckcm +7barRoh+qx7ZVYpe+5w3JYuxy16w +-----END CERTIFICATE----- diff --git a/tests/certs/cert-rsa-2432.pem b/tests/certs/cert-rsa-2432.pem new file mode 100644 index 0000000..bbc2b63 --- /dev/null +++ b/tests/certs/cert-rsa-2432.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDlzCCAk+gAwIBAgIETadUITANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJC +RTEPMA0GA1UEChMGR251VExTMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTEwNDE0 +MjAwODAyWhcNMzgwODI5MjAwODA0WjAyMQswCQYDVQQGEwJCRTEPMA0GA1UEChMG +R251VExTMRIwEAYDVQQDEwlsb2NhbGhvc3QwggFSMA0GCSqGSIb3DQEBAQUAA4IB +PwAwggE6AoIBMQDdz5fSpR2V3YYY2MS5raYMtJ223PrcIeE6YjQH6DOy6JfuLEHS +EvFf7eR2/2UmHgzHQRVpXw35rYkUjerXFlKaR8G7AALkiEVzeKSu2zjDxgfSZA6H +7XSMa8TAAlB8TqbRWOnlEwmp21rq6w8GgFwJ75TI6fs3LnXhrJOtmzcTS2Y6djPY +xNdM+2HIkiEH/N+piFTko6lH0my44zmJEYg4LaLcPl5KqaSO1R+y0N1BPNoQaJ5H +G2UCosUocwKDAwn99Sl+l9wqTkuqeUZGcIYbm7j2ir4ph31f2qWXa+/IQwlD4h+K +Fn4dUF312gLu8sMqSOZrMOoC1++siwy4wYXYv3yFqB6DvlwmLnl7R/VKP2Zikv1B +ILYsAPBSyiYGLXzPelB9D8vdlyDIb+TgUPTjAgMBAAGjVTBTMAwGA1UdEwEB/wQC +MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4E +FgQUklPWcbn4aKqzU/aN9TlFZpyn5TEwDQYJKoZIhvcNAQELBQADggExAJi/SInB +5uYVE8z8uu2gieWGRTBzaLJ5H4gCgPstybghVY3Ft1Ybz8N27tDw2SI6Y5LFBIZw +HkIzKjvEFAjFQpJzfD45wO40xzMWX5Ouzx+aMAlR/i2UnCitKn7kFIFFaw3XESH8 +2ycXdLTMlBpunntYqeAGjdpfYOG4byhotli+xaw2Rzf2qDh0I4HzIr5h/wgIh+vC +jykldV1M69UJKKt7mflpCKLGAtIuzfrxGc4/RGqhS6hW1RGuRONoBVBXjXIPxyHb +j6NQeF1aOcuQPVJDM7/qiQcaksyFJ6g9NLhbUu7vILm2/+rFkNNHxVGQ4uY+Urke +eRi+/eIkvkcyWrADa6rbw9v2YEQItiwZR6LwQ3/wB5dXq+yguGpJzgjmw03ypOm4 +Q+fwhNcachRdgho= +-----END CERTIFICATE----- diff --git a/tests/certs/ecc.pem b/tests/certs/ecc.pem new file mode 100644 index 0000000..0204664 --- /dev/null +++ b/tests/certs/ecc.pem @@ -0,0 +1,25 @@ +Testing SECP224R1 (1) +Testing SECP256R1 (2) +Testing SECP384R1 (3) +Public Key Info: + Public Key Algorithm: ECC + Key Security Level: Normal + +curve: SECP224R1 +private key: + 00:ff:d4:4c:0f:f1:ec:f1:8d:1c:a3:b4:57:1a:92: + 65:5f:91:69:6e:ae:d4:e1:c7:02:be:84:e8:6c: +x: + 6a:3b:d8:c7:ee:33:94:af:8c:2f:73:7d:ee:4c:46: + c9:d3:99:d3:dc:2a:0f:b6:30:3a:f4:6a:2c: +y: + 4b:7a:95:85:32:98:8c:1d:ed:1a:46:12:3c:f6:5b: + af:46:51:7b:70:f2:f3:1b:66:65:0b:36:3c: + +Public Key ID: 0E:DF:58:4C:FA:6C:38:DE:12:4D:D3:28:77:51:37:02:5C:CA:24:DF + +-----BEGIN EC PRIVATE KEY----- +MGkCAQEEHQD/1EwP8ezxjRyjtFcakmVfkWlurtThxwK+hOhsoAcGBSuBBAAhoTwD +OgAEajvYx+4zlK+ML3N97kxGydOZ09wqD7YwOvRqLEt6lYUymIwd7RpGEjz2W69G +UXtw8vMbZmULNjw= +-----END EC PRIVATE KEY----- diff --git a/tests/certs/ecc256.pem b/tests/certs/ecc256.pem new file mode 100644 index 0000000..75a2cfa --- /dev/null +++ b/tests/certs/ecc256.pem @@ -0,0 +1,37 @@ +Public Key Info: + Public Key Algorithm: EC + Key Security Level: High + +curve: SECP256R1 +private key: + 00:fd:2b:00:80:f3:36:5f:11:32:65:e3:8d:30:33: + 3b:47:f5:ce:f8:13:e5:4c:c2:cf:fd:e8:05:6a:ca: + c9:41:b1: +x: + 3c:15:6f:1d:48:3e:64:59:13:2c:6d:04:1a:38:0d: + 30:5c:e4:3f:55:cb:d9:17:15:46:72:71:92:c1:f8: + c6:33: +y: + 3d:04:2e:c8:c1:0f:c0:50:04:7b:9f:c9:48:b5:40: + fa:6f:93:82:59:61:5e:72:57:cb:83:06:bd:cc:82: + 94:c1: + +Public Key ID: AC:FA:47:67:C6:1B:41:79:12:57:F7:AC:05:C1:50:E2:8E:D0:0E:5B +Public key's random art: ++--[ EC 256]----+ +| .o+==..| +| .+o...+.| +| o.Eo. +| +| . *.o o | +| S.o.. . | +| .. * | +| .. + o | +| . . . | +| .... | ++-----------------+ + +-----BEGIN EC PRIVATE KEY----- +MHgCAQEEIQD9KwCA8zZfETJl440wMztH9c74E+VMws/96AVqyslBsaAKBggqhkjO +PQMBB6FEA0IABDwVbx1IPmRZEyxtBBo4DTBc5D9Vy9kXFUZycZLB+MYzPQQuyMEP +wFAEe5/JSLVA+m+TgllhXnJXy4MGvcyClME= +-----END EC PRIVATE KEY----- diff --git a/tests/certs/ecc384.pem b/tests/certs/ecc384.pem new file mode 100644 index 0000000..bfa5d9f --- /dev/null +++ b/tests/certs/ecc384.pem @@ -0,0 +1,41 @@ +Public Key Info: + Public Key Algorithm: EC + Key Security Level: High + +curve: SECP384R1 +private key: + 00:ff:42:b3:6d:ca:d3:06:13:d7:a7:e4:41:27:18: + ff:82:15:6a:c9:35:20:dc:4e:ad:e8:e6:07:37:87: + d8:d2:59:e9:39:17:94:22:c0:5e:07:46:0f:aa:4a: + 7d:7a:ea:30: +x: + 05:d1:69:ed:55:bf:6b:0c:0b:1e:a6:8e:4f:aa:b3: + ad:a3:b5:d9:26:12:3e:f2:17:bb:fe:11:d2:80:40: + ca:06:a6:80:7d:7f:d2:7b:96:fd:92:8d:41:87:e6: + 88:fb:67: +y: + 2e:27:24:3e:95:46:69:10:6f:a1:31:32:02:af:39: + f0:59:ae:4c:21:44:d8:a7:ed:d3:f1:27:f8:3a:64: + ea:67:7a:c9:df:bb:12:aa:b3:b5:cb:d8:d8:6c:38: + cc:f3:70: + +Public Key ID: 47:A2:C2:AB:71:9B:8A:29:78:5D:19:20:6F:A8:1D:4A:C9:30:40:84 +Public key's random art: ++--[ EC 384]----+ +|*o | +|E . . | +|o..+ . . . | +| +o.o .. o | +|.+ oo .oS . | +|o . oo . | +|. ..o. | +|oo.+.o | +|+.o.o | ++-----------------+ + +-----BEGIN EC PRIVATE KEY----- +MIGlAgEBBDEA/0KzbcrTBhPXp+RBJxj/ghVqyTUg3E6t6OYHN4fY0lnpOReUIsBe +B0YPqkp9euowoAcGBSuBBAAioWQDYgAEBdFp7VW/awwLHqaOT6qzraO12SYSPvIX +u/4R0oBAygamgH1/0nuW/ZKNQYfmiPtnLickPpVGaRBvoTEyAq858FmuTCFE2Kft +0/En+Dpk6md6yd+7EqqztcvY2Gw4zPNw +-----END EC PRIVATE KEY----- diff --git a/tests/certs/ecc521.pem b/tests/certs/ecc521.pem new file mode 100644 index 0000000..136d1e2 --- /dev/null +++ b/tests/certs/ecc521.pem @@ -0,0 +1,45 @@ +Public Key Info: + Public Key Algorithm: EC + Key Security Level: Ultra + +curve: SECP521R1 +private key: + 01:02:2a:fc:98:41:e5:9c:78:8a:68:74:9d:bc:48: + 53:80:de:28:5b:21:ee:f8:88:3a:6e:8e:1f:4e:e8: + 4d:f7:2d:a8:8c:0d:6a:00:11:c9:7a:58:28:57:df: + 57:50:27:89:67:93:44:d4:14:fd:5d:39:2c:bf:f6: + 07:58:f9:7e:96:63: +x: + 00:a1:aa:40:f5:b2:d0:1d:08:88:f1:5d:a6:23:3b: + 3d:b2:af:34:55:1e:05:04:1d:13:04:e4:b1:1a:a0: + 4e:13:71:52:cc:70:1e:8d:09:08:29:cf:f5:a5:6d: + 2f:d3:02:af:6a:96:0c:ab:f4:6b:7e:13:c9:c4:f9: + 23:4c:fb:73:b5:4b: +y: + 00:91:4f:ff:f4:4d:3f:6a:81:16:54:2e:91:a9:ff: + 95:5f:7c:08:85:ee:fe:45:2f:09:5d:d0:61:f5:23: + 34:f9:9f:4c:09:15:22:33:c2:bd:a8:f3:2d:a4:d8: + 01:da:4b:3b:4f:90:46:14:74:8c:94:d2:a6:b8:b5: + b5:6a:05:8f:cb:90: + +Public Key ID: DA:80:A3:16:91:8C:AA:4C:99:3F:45:18:E0:FB:E8:2A:CF:AC:57:EB +Public key's random art: ++--[ EC 528]----+ +| ... | +|.o .o | +|..+. . | +|. +... | +|.=. o.. S | +|+ +oo. + | +|.oo= .. . | +|o+. o | +|==+.E | ++-----------------+ + +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIBAir8mEHlnHiKaHSdvEhTgN4oWyHu+Ig6bo4fTuhN9y2ojA1qABHJ +elgoV99XUCeJZ5NE1BT9XTksv/YHWPl+lmOgBwYFK4EEACOhgYkDgYYABAChqkD1 +stAdCIjxXaYjOz2yrzRVHgUEHRME5LEaoE4TcVLMcB6NCQgpz/WlbS/TAq9qlgyr +9Gt+E8nE+SNM+3O1SwCRT//0TT9qgRZULpGp/5VffAiF7v5FLwld0GH1IzT5n0wJ +FSIzwr2o8y2k2AHaSztPkEYUdIyU0qa4tbVqBY/LkA== +-----END EC PRIVATE KEY----- diff --git a/tests/certs/ed25519.pem b/tests/certs/ed25519.pem new file mode 100644 index 0000000..7fedbd7 --- /dev/null +++ b/tests/certs/ed25519.pem @@ -0,0 +1,25 @@ +Public Key Info: + Public Key Algorithm: EdDSA (Ed25519) + Key Security Level: High (256 bits) + +curve: Ed25519 +private key: + e5:c3:25:73:94:e8:9e:97:75:7c:78:59:f7:32:3c:82 + cf:60:90:c7:e5:b4:5f:9b:d7:a6:f8:36:0c:92:59:70 + + +x: + f3:05:fb:e9:73:2c:8c:df:c8:25:f4:bf:40:7b:2c:86 + 9b:65:66:7f:75:e3:d6:f4:77:b1:21:b5:b7:b5:89:87 + + + +Public Key PIN: + pin-sha256:7DW50qkZrEKqSrB29HkLvRoiuQAtHaaLAZKLE9s/VZ4= +Public Key ID: + sha256:ec35b9d2a919ac42aa4ab076f4790bbd1a22b9002d1da68b01928b13db3f559e + sha1:e3524a739d18bce9bf7c4d71c8bc66228aab3caa + +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIOXDJXOU6J6XdXx4WfcyPILPYJDH5bRfm9em+DYMkllw +-----END PRIVATE KEY----- diff --git a/tests/certs/id-on-xmppAddr.pem b/tests/certs/id-on-xmppAddr.pem new file mode 100644 index 0000000..bf1dbed --- /dev/null +++ b/tests/certs/id-on-xmppAddr.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICOTCCAe6gAwIBAgIIXv1QAAnHXswwCgYIKoZIzj0EAwQwSzFJMEcGA1UEAwxA +dmVyeS5sb25nLnVzZXJuYW1lQHNvLnRoZS5hc24xLmxlbmd0aC5pcy5hLnZhbGlk +LmFzY2lpLmNoYXJhY3RlcjAeFw0yMTAzMDExOTExMDBaFw0yNDAyMTQxOTExMDBa +MEsxSTBHBgNVBAMMQHZlcnkubG9uZy51c2VybmFtZUBzby50aGUuYXNuMS5sZW5n +dGguaXMuYS52YWxpZC5hc2NpaS5jaGFyYWN0ZXIwSTATBgcqhkjOPQIBBggqhkjO +PQMBAQMyAASP7UkeXGfYhwlcNCcJii71d028T4N5A3aLgdEdlihHRFsFzCB5BPOU +UXiEoPvfyQ2jgcswgcgwCQYDVR0TBAIwADAdBgNVHQ4EFgQU+MsbIfGqU5WdclD1 +gGue6t47wuIwHwYDVR0jBBgwFoAU+MsbIfGqU5WdclD1gGue6t47wuIwCwYDVR0P +BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMFkGA1UdEQRSMFCgTgYIKwYBBQUH +CAWgQgxAdmVyeS5sb25nLnVzZXJuYW1lQHNvLnRoZS5hc24xLmxlbmd0aC5pcy5h +LnZhbGlkLmFzY2lpLmNoYXJhY3RlcjAKBggqhkjOPQQDBAM5ADA2AhkArZgwSory +b3v9LM8074GrUAYrPBTk0gOTAhkA8XPYUtGLdq3cwY18U1OBXTIfieGQqqLj +-----END CERTIFICATE----- diff --git a/tests/certs/rawpk_priv.pem b/tests/certs/rawpk_priv.pem new file mode 100644 index 0000000..4329cb0 --- /dev/null +++ b/tests/certs/rawpk_priv.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAyAeBq7Ti7oVExeVT1PqHGBXzC+johdeVnZgZRLhDTIaIGODV +5F5JhE4NNb1O/DYLlAy5IIO8tfAE2KIxlarNH/+AcfV6ZJQSG4SSmhoIGzfdcdju +BmFfdfhO+z/cgqiewh53/fFCQlaJweHhpmim/LVL/M/1Rd6Urskv/5jXGG4FVUNf +hXKQag0uzWsqcztCPX7Lrqr2BSOmkA1nWzdoh5oBuxdooaH9/kwphqJAp03LwtaS +StX/yz6Mh+ZqEbBuM4mWw/xKzbEbs7zA+d8sryHXkC8nsdA+h+IRd8bPa/KuWQNf +jxXKNPzgmsZddHmHtYtWvAcoIMvtyO23Y2NhN4V0/7fwFLbZtfUBg4pqUl2ktkdw +sNguTT1qzJCsYhsHXaqqvHy+5HR2D0w07y2X1qCVmfHzBZCM5OhxoeoauE+xu+5n +vYrgsgPE0y5Nty0y2MrApg3digaiKUXrI+mEVKn9vsQeaVvw9D6PgNQM99HkbGhR +MGPOzcHjS/ZeLd1zAgMBAAECggGBALHiAw3Yscqd11gJpbCMDqF7u4VG3alQ26un +PClhl++w380H/Q62TriK1LKKpHgj8834NpXUsXg2d4jTTDcmCn6/L9GoFOzmxOeV +0O2b4sOZvaNl397qrwLxDAPhec7z9yL4B4tcBqmJ3b3+izX6cS3gaC/uG9fDpgN9 +xOKPYBFInhOB86twAz9cc9eXysto0nJvlODDBj/xwUjvso9qydl1Or7PhWvf7Ek+ +H9ur5MUjqOWe/b/xaSWsfTrJzF/ovbRnGbXLIpozIx609TZS4wYSqU5FUjkL0zTB +bTdb3jgFm/5SHnnThD67zbZavCxiN9wiTs3zeGlxYf8hMeaTkOYiAOR4/1bOTe2J +ttRA1EcY+i6H0+JOtLkqwj5ka0m3lrH2KD3E/mHs1yfERQx7VVjw9IpeAKmi5lzQ +v1lhIXiv75Mb0NMsCknGYPLHCyOY5aA2dhR8Wnr67gOYu3ssexLzMKczk5OTzl5c +PRHJRXDpJqgOYWujF99uCYhnxonO4QKBwQDUQB0s4shWTyOylq7j4rCSbHf2zHDf +HBYC75wyjQECNQXNk6hp5jJz2BC0XvnO7PYSRXaVauMc/S3V7V7GMsry3uugfwLy +XNnyRVY4voe5SNt/WAArybNsPNPEIPzgkZmeWvcpoY8ESufPfVW54BvGHt3YjPjI +gYmFUkpPRUWXfji91NpTlIrsP6jtBTYXGV4kVm+TawP06a6FdCjJQaI7Nm2dwUiX +Cmf4oFSo8mGxi0wimX+BiLJep2bYnUF2gqMCgcEA8UKESDX3jBpyz59vpSjmfpw1 +AnlEfR6s83W92m0HfEYLulfxq9xA2zaQjy4GbaKVRfLrO2Pj3bZWs89RGXTQVGgq +ztCLIRsL+M1SQ883e8yx4jwFaqIM+pPpvAjOOOTdpgY33h7w20tgrbzVKeOl1ghC +IZ+K8C/tIGZXI5/TYppl7csIOoYRtzuRpyDE0tmwy658RfyxzEtfLxJoaLiFXOE0 +zFFrEvT/jto4jN+cwsdnHhxrY9+bVNUNyb9ZH7bxAoHARvcIyjEo+nKLZPKsltT8 +ZHiPw5ynQHGLin/CocQzSiGgRxPPg1jMFZ9wNl5q95ySyZkgBOUv+klMQfKTdYEW +Cg4uigLtYUtaM36rTV2m03RgrzslE37k1pOf2juNUShdTGztpqW1w6Gnz+AAAZ3E +q4E2e2jm5WMqL8FLxyVKF1TEc/Pu63MG3+aI/HZ5l0+MAmpD8+4b7I8VItmrqV6g +d1vDWrN9KcL48E/q/nHL6CjC0+6uiwjBWpRt9o7djFoxAoHAJzK/e1wJVGIXtVQa +N6Nlj7yhgD1ju1B4mTXQGuUMCkz3KtePFHU8tGExK5I2ySlZR3wobAXWx/cQLzbH +3nL0RkKGcgPAFyjl0Q7LBulsAllHrZJC7whVQ4E0wLBNkUDeIlNwUE6Go5qjopbD +q4KpNxUwaXYahNvEkzcNgWQ+XA7p8LDELX4K8tJi39ybHgbwiqdW2ags2xyD4ooD +HMCeKnEMuwWfd/0GaJdcCMdsGNl9D49eg2OZQTc8fkLwoA6BAoHATQdk3VZwGGn/ +93p9vu189alkshTmir+SOo/ufH5U+j7t8cPeT7psuYAPZWS+Z6KEzvHxj54pAvcp +mlAngD3+AfHDn/VAtYv5HVcpZ+K2K0X4v8N5HGIubgaebs2oVNz+RAWnd8K2drDG +NcJV3C+zLziTCwvpGCIy3T/lHjKe+YczjGfhg2e6PgfwhTqPAjuhUZ8wScYo7l7V +zAhlSL0665IXJ32zX+3LyQFDbkB6pbKy5TU+rX3DmDyj3MSbc3kR +-----END RSA PRIVATE KEY----- diff --git a/tests/certs/rawpk_pub.pem b/tests/certs/rawpk_pub.pem new file mode 100644 index 0000000..fad8af8 --- /dev/null +++ b/tests/certs/rawpk_pub.pem @@ -0,0 +1,11 @@ +-----BEGIN PUBLIC KEY----- +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAyAeBq7Ti7oVExeVT1PqH +GBXzC+johdeVnZgZRLhDTIaIGODV5F5JhE4NNb1O/DYLlAy5IIO8tfAE2KIxlarN +H/+AcfV6ZJQSG4SSmhoIGzfdcdjuBmFfdfhO+z/cgqiewh53/fFCQlaJweHhpmim +/LVL/M/1Rd6Urskv/5jXGG4FVUNfhXKQag0uzWsqcztCPX7Lrqr2BSOmkA1nWzdo +h5oBuxdooaH9/kwphqJAp03LwtaSStX/yz6Mh+ZqEbBuM4mWw/xKzbEbs7zA+d8s +ryHXkC8nsdA+h+IRd8bPa/KuWQNfjxXKNPzgmsZddHmHtYtWvAcoIMvtyO23Y2Nh +N4V0/7fwFLbZtfUBg4pqUl2ktkdwsNguTT1qzJCsYhsHXaqqvHy+5HR2D0w07y2X +1qCVmfHzBZCM5OhxoeoauE+xu+5nvYrgsgPE0y5Nty0y2MrApg3digaiKUXrI+mE +VKn9vsQeaVvw9D6PgNQM99HkbGhRMGPOzcHjS/ZeLd1zAgMBAAE= +-----END PUBLIC KEY----- diff --git a/tests/certs/rsa-2432.pem b/tests/certs/rsa-2432.pem new file mode 100644 index 0000000..c3e3c44 --- /dev/null +++ b/tests/certs/rsa-2432.pem @@ -0,0 +1,32 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIFfAIBAAKCATEA3c+X0qUdld2GGNjEua2mDLSdttz63CHhOmI0B+gzsuiX7ixB +0hLxX+3kdv9lJh4Mx0EVaV8N+a2JFI3q1xZSmkfBuwAC5IhFc3ikrts4w8YH0mQO +h+10jGvEwAJQfE6m0Vjp5RMJqdta6usPBoBcCe+UyOn7Ny514ayTrZs3E0tmOnYz +2MTXTPthyJIhB/zfqYhU5KOpR9JsuOM5iRGIOC2i3D5eSqmkjtUfstDdQTzaEGie +RxtlAqLFKHMCgwMJ/fUpfpfcKk5LqnlGRnCGG5u49oq+KYd9X9qll2vvyEMJQ+If +ihZ+HVBd9doC7vLDKkjmazDqAtfvrIsMuMGF2L98hageg75cJi55e0f1Sj9mYpL9 +QSC2LADwUsomBi18z3pQfQ/L3ZcgyG/k4FD04wIDAQABAoIBMQDKrMQSUpMs/ARq +sa9X5iai12qAy3xhJofxXAgk7XRH1qX0l/XwqSRqvimS3hyjbrPIYVzaMmPHr1xh +LqfVruz9UfHgF8uM3ENxllwL9f3xTQKaqJhqdXuYT2Sw+axnWUquYWseyH18+hUi +MHRDQYhX/9VYnAvSyR4nfhRWfkwd0jhv1M/dE0eTbONVbMjHzrTj6NGBNVYZa6U6 +NopQnn78Sku061751RCC7lwmwEwAgpu2+n5SQzoXN79cPy4NdHbEfW8JEPyOXTNB ++yUVwI4glPbT+9GG2LwIL/eGT71DQOW6O7De6+URU7thc4VQSpt0CBG3XDvtp1bo +AQ+MHncOAGtz5ueJwC10HjflosRLc1U2DBWQmAGCiG9smu8eYsFKfFwhxoW1VBdD +jP1GU4xZAoGZAN68jwJoaZ+GbRcAgkyHDA6u2nCjPZ5qTZAp4PWWkCcXlSG0rhjS +8ZW+p55dw6W5hm0k5Ozg+kYKgSRH5THTPzHy3ijmKXoyvEjz+A8arf4StedPAg2Z +OLw3cx0ZDGM86WDvhBrPxw0WtgpaJiogZ6vtSeOB64kLkdi9agDjuTucB/1kBgfx +6i17wkjfCkWIvvdebDpkMQqfAoGZAP7vpWHvz34u/c2HrviigWhNrA2oWnLmwhem +TSd8vLGPM4VmI189NIeP2x3SpLF+uPoLIhUWJSHxzl9yIZkZb2ci+jj5paiGad6P +wEruhJL7pngMgxrU69G2qG4BRc1F0UNKqqqql9428GjcpSczw2nklSxeifkpLAfc +kTDOxUSBx5k3oLEVEkov/FDmF0+afUOd/Rz1pHM9AoGYSPHpx/kX9lWY7nqNMbDc +owZipZbgfDwGMNt2QBfSF+tiPMqmZZzX35mz3WqJw4GR47a8flNjw4J3LsGY7wtm +293VIgHWvZ1WCnJT3+Z16wqHpjw6yOdQLFvgiDwG0Y1GRSfL1NgNMV0puxQxAYTh +Tu4ET8zhrV0ro5bM24O4yyvbdgHG890nO0QXqbPZ8lHJcMvsl+buJLMCgZhcxIfB +46n1mNPyfnVFNJ0yf1EkhyaiuSXXxUQ+Ij3nvtxYppoohfUff1GUwJn9nMdi9bop +Qi2w9HTMdpOTSpYnSasUIIQPlxnfSyAGJFVJxxkEhkkO8nv9jCIuJXhpAgbsHbeM +8xbgXc2N2vyeD1AEsJE33A8JA9pp4fFTeWp/S1p+fqeSyMAnDt8Z8SB6bxU2Db+V +Ui3NYQKBmQDcQLZxlmIVCSoi7bgYao0MzTZQRGxh2Sb8IP0JG/8JeXSvWBos2fA9 +gGnjYxuadFpkLlNE+mj8Y9YcHsnPsHblVc/ebKH9rB3jHWg8+SDvEDsaB3KLJp4g +ElDlARbld3I1ACNmpY7RTIAqSintWG2fg8w3lvCbm96xyisGLG9KL1z9pJdAO/LG +EYRdbwn1bSCWDbwiqYkWFg== +-----END RSA PRIVATE KEY----- diff --git a/tests/certs/rsa-512.pem b/tests/certs/rsa-512.pem new file mode 100644 index 0000000..46fbe62 --- /dev/null +++ b/tests/certs/rsa-512.pem @@ -0,0 +1,20 @@ +-----BEGIN PRIVATE KEY----- +MIIBVwIBADANBgkqhkiG9w0BAQEFAASCAUEwggE9AgEAAkEAwZFO/Vz94lR3/TKz +76qRCV2skqthX7PB6YxeLHH3ifWSYR2qCYTBikaASm6PGDvAliviIjGjKTkdDdqZ +X2S94QIDAQABAkEAsV+L+FN8OieZBCWwCNBNsz1pY8Uzp1S7Pl3n9eZBJOKNc/tI +Tr0/zwAR+5C7IE7xjfuYHZDWN+yXg0LhH+GYgQIhAP0rzSdsjuPJ9XA9wpnYLN4O +fqXnA7mzW5QKzYuzy3RJAiEAw7sCwUSi7030NszYd7A63o2WrzqWRoX1V1vt6FMd +zNkCIQDmsytXaY0r9bU6eo0CNANutjaiZ0j1x4MD/HQhgc08QQIhALdYYLZF4xKj +RRZoQIWtURfULciq6sXZCf7xICQ2Z33RAiEA/M/OnKZijdWg13dchmdaXLgNGxJO +N90VucFVWK8nXzo= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIBTjCB+aADAgECAhQcc65I8jSxWRjcS1czw4MRLIc8qDANBgkqhkiG9w0BAQsF +ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTkxMjE1MDI1NTU4WhcNMjkxMjEy +MDI1NTU4WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL +ADBIAkEAwZFO/Vz94lR3/TKz76qRCV2skqthX7PB6YxeLHH3ifWSYR2qCYTBikaA +Sm6PGDvAliviIjGjKTkdDdqZX2S94QIDAQABoyMwITAJBgNVHRMEAjAAMBQGA1Ud +EQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAANBAHslvfVxod5p+Gt7l4LV +M2HBxOt4YM8mRCtyNSmJEGAe+aIzXaiSiRnVkVvjQvdxacu2D4yP52BUo1vzNnCq +2UI= +-----END CERTIFICATE----- diff --git a/tests/certtool-pkcs11.sh b/tests/certtool-pkcs11.sh new file mode 100755 index 0000000..0964da5 --- /dev/null +++ b/tests/certtool-pkcs11.sh @@ -0,0 +1,193 @@ +#!/bin/sh + +# Copyright (C) 2016 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${P11TOOL=../src/p11tool${EXEEXT}} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +RETCODE=0 + +if ! test -x "${P11TOOL}"; then + exit 77 +fi + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute valgrind --leak-check=full" +fi + +TMPFILE="verify-pkcs11.debug" +CERTTOOL_PARAM="--stdout-info" + +if test "${WINDIR}" != ""; then + exit 77 +fi + +P11TOOL="${VALGRIND} ${P11TOOL} --batch" +SERV="${SERV} -q" + +. ${srcdir}/scripts/common.sh + +rm -f "${TMPFILE}" + +exit_error () { + echo "check ${TMPFILE} for additional debugging information" + echo "" + echo "" + tail "${TMPFILE}" + exit 1 +} + +skip_if_no_datefudge + +# $1: token +# $2: PIN +# $3: filename +# $4: label +write_ca_cert () { + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + label="$4" + + echo -n "* Writing the CA certificate... " + ${P11TOOL} ${ADDITIONAL_PARAM} --mark-ca --mark-trusted --no-mark-private --so-login --write --label "$label" --load-certificate "${filename}" "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + +} + +# $1: token +# $2: PIN +# $3: filename +write_ca_privkey () { + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing the CA private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label CA-key --load-privkey "${filename}" "${token}" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi +} + +# $1: URL +# $2: cert file to verify +verify_certificate_test() { + url=$1 + file=$2 + + echo -n "* Verifying a certificate... " + datefudge -s "2015-10-10" \ + $CERTTOOL ${ADDITIONAL_PARAM} --verify --load-ca-certificate "$url" --infile "$file" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo "failed $file with $url" + exit_error + fi +} + +generate_cert() { + url=$1 + + echo -n "* Generating a certificate... " + $CERTTOOL ${ADDITIONAL_PARAM} --generate-certificate --load-ca-certificate "$url" --load-ca-privkey "${srcdir}/testpkcs11-certs/ca.key" --load-privkey "${srcdir}/testpkcs11-certs/server.key" --template "${srcdir}/testpkcs11-certs/server-tmpl" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo "failed generation with $url" + exit_error + fi +} + +generate_cert_with_key() { + ca_url=$1 + ca_key_url=$2 + + echo -n "* Generating a certificate (privkey in pkcs11)... " + $CERTTOOL ${ADDITIONAL_PARAM} --generate-certificate --load-ca-certificate "${ca_url}" --load-ca-privkey "${ca_key_url}" --load-privkey "${srcdir}/testpkcs11-certs/server.key" --template "${srcdir}/testpkcs11-certs/server-tmpl" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo "failed generation with $url" + exit_error + fi +} + +echo "Testing PKCS11 verification" + +# erase SC + +type="softhsm" + +. "${srcdir}/testpkcs11.${type}" + +export GNUTLS_PIN=12345678 +export GNUTLS_SO_PIN=00000000 + +init_card "${GNUTLS_PIN}" "${GNUTLS_SO_PIN}" + +# find token name +TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` + +echo "* Token: ${TOKEN}" +if test "x${TOKEN}" = x; then + echo "Could not find generated token" + exit_error +fi + +write_ca_cert "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/testpkcs11-certs/ca.crt" "CA" + +verify_certificate_test "${TOKEN};object=CA;object-type=cert" "${srcdir}/testpkcs11-certs/server.crt" +verify_certificate_test "${TOKEN};object=CA;object-type=cert" "${srcdir}/testpkcs11-certs/client.crt" +generate_cert "${TOKEN};object=CA;object-type=cert" + +write_ca_privkey "${TOKEN}" "${GNUTLS_PIN}" "${srcdir}/testpkcs11-certs/ca.key" + +generate_cert_with_key "${TOKEN};object=CA;object-type=cert" "${TOKEN};object=CA-key;object-type=private" + +if test ${RETCODE} = 0; then + echo "* All tests succeeded" +fi +rm -f "${TMPFILE}" + +exit 0 diff --git a/tests/certuniqueid.c b/tests/certuniqueid.c new file mode 100644 index 0000000..68f0636 --- /dev/null +++ b/tests/certuniqueid.c @@ -0,0 +1,245 @@ +/* + * Copyright (C) 2010-2012 Free Software Foundation, Inc. + * + * Author: Brad Hards + * + * Based on certder.c, written by Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "gnutls/gnutls.h" +#include "gnutls/x509.h" +#include "utils.h" + +void doit(void) +{ + int ret; + unsigned char der[] = { + 0x30, 0x82, 0x03, 0x00, 0x30, 0x82, 0x01, 0xec, 0xa0, 0x03, + 0x02, 0x01, + 0x02, 0x02, 0x10, 0xbd, + 0x76, 0xdf, 0x42, 0x47, 0x0a, 0x00, 0x8d, 0x47, 0x3e, 0x74, + 0x3f, 0xa1, + 0xdc, 0x8b, 0xbd, 0x30, + 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1d, 0x05, 0x00, + 0x30, 0x2d, + 0x31, 0x2b, 0x30, 0x29, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x77, 0x00, 0x32, + 0x00, 0x6b, + 0x00, 0x38, 0x00, 0x72, + 0x00, 0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x74, + 0x00, 0x77, + 0x00, 0x73, 0x00, 0x2e, + 0x00, 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x30, + 0x1e, 0x17, + 0x0d, 0x31, 0x30, 0x30, + 0x34, 0x32, 0x38, 0x31, 0x31, 0x34, 0x31, 0x35, 0x34, 0x5a, + 0x17, 0x0d, + 0x31, 0x31, 0x30, 0x34, + 0x32, 0x38, 0x31, 0x31, 0x34, 0x31, 0x35, 0x34, 0x5a, 0x30, + 0x2d, 0x31, + 0x2b, 0x30, 0x29, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x77, 0x00, 0x32, 0x00, + 0x6b, 0x00, + 0x38, 0x00, 0x72, 0x00, + 0x32, 0x00, 0x2e, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x74, 0x00, + 0x77, 0x00, + 0x73, 0x00, 0x2e, 0x00, + 0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x00, 0x00, 0x30, 0x82, + 0x01, 0x22, + 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, + 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xaa, + 0xd7, 0x32, + 0x26, 0xd7, 0xfc, 0x69, + 0x57, 0x4a, 0x55, 0x08, 0x2b, 0x97, 0xc1, 0x5b, 0x90, 0xfd, + 0xe8, 0xf5, + 0xf7, 0x9e, 0x7d, 0x34, + 0xce, 0xe9, 0xbb, 0x38, 0xa0, 0x9f, 0xec, 0x84, 0x86, 0x3e, + 0x47, 0x2e, + 0x71, 0xd7, 0xc3, 0xbf, + 0x89, 0xf3, 0x80, 0xb5, 0x77, 0x80, 0xd3, 0xb0, 0x56, 0x6b, + 0x9c, 0xf4, + 0xd3, 0x42, 0x2b, 0x26, + 0x01, 0x5c, 0x42, 0xef, 0xf6, 0x51, 0x5a, 0xaa, 0x55, 0x6b, + 0x30, 0xd3, + 0x2c, 0xdc, 0xde, 0x36, + 0x4d, 0xdd, 0xf3, 0x5f, 0x59, 0xba, 0x57, 0xd8, 0x39, 0x0f, + 0x5b, 0xd3, + 0xe1, 0x34, 0x39, 0x22, + 0xaa, 0x71, 0x10, 0x59, 0x7a, 0xec, 0x9f, 0x1a, 0xf5, 0xa9, + 0x40, 0xd6, + 0x7b, 0x32, 0x5f, 0x19, + 0x85, 0xc0, 0xfd, 0xa6, 0x6c, 0x32, 0x58, 0xdc, 0x7c, 0x07, + 0x42, 0x36, + 0xd0, 0x57, 0x78, 0x63, + 0x60, 0x92, 0x1d, 0x1f, 0x9d, 0xbd, 0xcc, 0xd7, 0xe3, 0x1a, + 0x57, 0xdb, + 0x70, 0x80, 0x89, 0x36, + 0x39, 0x01, 0x71, 0x5a, 0x2a, 0x05, 0x25, 0x13, 0x80, 0xf8, + 0x49, 0x48, + 0x5f, 0x06, 0xd0, 0xcb, + 0x2c, 0x58, 0x9a, 0xe7, 0x8b, 0x6d, 0x17, 0x2c, 0xb2, 0x97, + 0x2c, 0x15, + 0xc9, 0x73, 0x6d, 0x8f, + 0x4f, 0xf3, 0xf1, 0xb9, 0x70, 0x3f, 0xcb, 0x5f, 0x80, 0x85, + 0x8b, 0xdf, + 0xd2, 0x05, 0x95, 0x1c, + 0xe4, 0x37, 0xee, 0xd2, 0x62, 0x49, 0x08, 0xdf, 0xf6, 0x02, + 0xec, 0xe6, + 0x9a, 0x37, 0xfc, 0x21, + 0x7a, 0x98, 0x12, 0x1d, 0x79, 0xbf, 0xc7, 0x0f, 0x0a, 0x20, + 0xf8, 0xef, + 0xa5, 0xc6, 0x0e, 0x94, + 0x5e, 0x17, 0x94, 0x12, 0x42, 0xfe, 0xd7, 0x22, 0xbd, 0x31, + 0x27, 0xc7, + 0xdb, 0x4a, 0x4e, 0x95, + 0xe2, 0xc1, 0xdd, 0xe8, 0x0f, 0x7d, 0x1d, 0xe4, 0xfd, 0xb1, + 0x27, 0x7b, + 0xc1, 0x71, 0xfe, 0x27, + 0x47, 0x89, 0xf4, 0xfc, 0x84, 0xa5, 0x57, 0x5d, 0x21, 0x02, + 0x03, 0x01, + 0x00, 0x01, 0x81, 0x11, + 0x00, 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d, + 0x00, 0x0a, + 0x47, 0x42, 0xdf, 0x76, + 0xbd, 0x82, 0x11, 0x00, 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, + 0x3e, 0x47, + 0x8d, 0x00, 0x0a, 0x47, + 0x42, 0xdf, 0x76, 0xbd, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, + 0x03, 0x02, + 0x1d, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0xa7, 0xb0, 0x66, 0x75, 0x14, 0x7e, + 0x7d, 0xb5, + 0x31, 0xec, 0xb2, 0xeb, + 0x90, 0x80, 0x95, 0x25, 0x59, 0x0f, 0xe4, 0x15, 0x86, 0x2d, + 0x9d, 0xd7, + 0x35, 0xe9, 0x22, 0x74, + 0xe7, 0x85, 0x36, 0x19, 0x4f, 0x27, 0x5c, 0x17, 0x63, 0x7b, + 0x2a, 0xfe, + 0x59, 0xe9, 0x76, 0x77, + 0xd0, 0xc9, 0x40, 0x78, 0x7c, 0x31, 0x62, 0x1e, 0x87, 0x1b, + 0xc1, 0x19, + 0xef, 0x6f, 0x15, 0xe6, + 0xce, 0x74, 0x84, 0x6d, 0xd6, 0x3b, 0x57, 0xd9, 0xa9, 0x13, + 0xf6, 0x7d, + 0x84, 0xe7, 0x8f, 0xc6, + 0x01, 0x5f, 0xcf, 0xc4, 0x95, 0xc9, 0xde, 0x97, 0x17, 0x43, + 0x12, 0x70, + 0x27, 0xf9, 0xc4, 0xd7, + 0xe1, 0x05, 0xbb, 0x63, 0x87, 0x5f, 0xdc, 0x20, 0xbd, 0xd1, + 0xde, 0xd6, + 0x2d, 0x9f, 0x3f, 0x5d, + 0x0a, 0x27, 0x40, 0x11, 0x5f, 0x5d, 0x54, 0xa7, 0x28, 0xf9, + 0x03, 0x2e, + 0x84, 0x8d, 0x48, 0x60, + 0xa1, 0x71, 0xa3, 0x46, 0x69, 0xdb, 0x88, 0x7b, 0xc1, 0xb6, + 0x08, 0x2d, + 0xdf, 0x25, 0x9d, 0x32, + 0x76, 0x49, 0x0b, 0xba, 0xab, 0xdd, 0xc3, 0x00, 0x76, 0x8a, + 0x94, 0xd2, + 0x25, 0x43, 0xf0, 0xa9, + 0x98, 0x65, 0x94, 0xc7, 0xdd, 0x7c, 0xd4, 0xe2, 0xe8, 0x33, + 0xe2, 0x9a, + 0xe9, 0x75, 0xf0, 0x0f, + 0x61, 0x86, 0xee, 0x0e, 0xf7, 0x39, 0x6b, 0x30, 0x63, 0xe5, + 0x46, 0xd4, + 0x1c, 0x83, 0xa1, 0x28, + 0x79, 0x76, 0x81, 0x48, 0x38, 0x72, 0xbc, 0x3f, 0x25, 0x53, + 0x31, 0xaa, + 0x02, 0xd1, 0x9b, 0x03, + 0xa2, 0x5c, 0x94, 0x21, 0xb3, 0x8e, 0xdf, 0x2a, 0xa5, 0x4c, + 0x65, 0xa2, + 0xf9, 0xac, 0x38, 0x7a, + 0xf9, 0x45, 0xb3, 0xd5, 0xda, 0xe5, 0xb9, 0x56, 0x9e, 0x47, + 0xd5, 0x06, + 0xe6, 0xca, 0xd7, 0x6e, + 0x06, 0xdb, 0x6e, 0xa7, 0x7b, 0x4b, 0x13, 0x40, 0x3c, 0x12, + 0x76, 0x99, + 0x65, 0xb4, 0x54, 0xa1, + 0xd8, 0x21, 0x5c, 0x27 + }; + + gnutls_datum_t derCert = { der, sizeof(der) }; + + gnutls_x509_crt_t cert; + + int result; + unsigned char expectedId[] = + { 0xbd, 0x8b, 0xdc, 0xa1, 0x3f, 0x74, 0x3e, 0x47, 0x8d, 0x00, +0x0a, 0x47, + 0x42, 0xdf, 0x76, 0xbd + }; + + char buf[17]; + size_t buf_size; + + ret = global_init(); + if (ret < 0) + fail("init %d\n", ret); + + ret = gnutls_x509_crt_init(&cert); + if (ret < 0) + fail("crt_init %d\n", ret); + + ret = gnutls_x509_crt_import(cert, &derCert, GNUTLS_X509_FMT_DER); + if (ret < 0) + fail("crt_import %d\n", ret); + + buf_size = 15; + result = + gnutls_x509_crt_get_issuer_unique_id(cert, buf, &buf_size); + if (result != GNUTLS_E_SHORT_MEMORY_BUFFER) + fail("get_issuer_unique_id short error %d\n", result); + if (buf_size != 16) + fail("get_issuer_unique_id buf size %d\n", (int)buf_size); + + buf_size = 16; + result = + gnutls_x509_crt_get_issuer_unique_id(cert, buf, &buf_size); + if (result < 0) + fail("get_issuer_unique_id %d\n", result); + if (memcmp(buf, expectedId, buf_size) != 0) + fail("expected id mismatch for issuer\n"); + + buf_size = 15; + result = + gnutls_x509_crt_get_subject_unique_id(cert, buf, &buf_size); + if (result != GNUTLS_E_SHORT_MEMORY_BUFFER) + fail("get_subject_unique_id short error %d\n", result); + if (buf_size != 16) + fail("get_subject_unique_id buf size %d\n", (int)buf_size); + + buf_size = 16; + result = + gnutls_x509_crt_get_subject_unique_id(cert, buf, &buf_size); + if (result < 0) + fail("get_subject_unique_id %d\n", result); + if (memcmp(buf, expectedId, buf_size) != 0) + fail("expected id mismatch for subject\n"); + + gnutls_x509_crt_deinit(cert); + + gnutls_global_deinit(); +} diff --git a/tests/cfg-test.sh b/tests/cfg-test.sh new file mode 100644 index 0000000..75b7e68 --- /dev/null +++ b/tests/cfg-test.sh @@ -0,0 +1,73 @@ +#!/bin/sh + +# Copyright (C) 2021 Daiki Ueno +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${top_builddir=..} +: ${srcdir=.} + +: ${DUMPCFG=$top_builddir/src/dumpcfg${EXEEXT}} + +if ! test -x "${DUMPCFG}"; then + exit 77 +fi + +if test -n "$VALGRIND"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + +: ${DIFF=diff} + +. "$srcdir/scripts/common.sh" +testdir=`create_testdir cfg` + + +TEMPLATES=" +arb-extensions.tmpl +crit-extensions.tmpl +inhibit-anypolicy.tmpl +template-crq.tmpl +template-date.tmpl +template-dates-after2038.tmpl +template-dn-err.tmpl +template-dn.tmpl +template-generalized.tmpl +template-krb5name.tmpl +template-long-dns.tmpl +template-long-serial.tmpl +template-nc.tmpl +template-no-ca-explicit.tmpl +template-no-ca-honor.tmpl +template-no-ca.tmpl +template-othername-xmpp.tmpl +template-othername.tmpl +template-overflow.tmpl +template-overflow2.tmpl +template-test.tmpl +template-tlsfeature-crq.tmpl +template-tlsfeature.tmpl +template-unique.tmpl +template-utf8.tmpl +simple-policy.tmpl +" + +for template in $TEMPLATES; do + "$DUMPCFG" "$srcdir/cert-tests/templates/$template" > "$testdir/$template.out" + "$DIFF" "$srcdir/fixtures/templates/$template.exp" "$testdir/$template.out" || exit 1 +done + +rm -rf "$testdir" diff --git a/tests/chainverify-unsorted.c b/tests/chainverify-unsorted.c new file mode 100644 index 0000000..f51aff6 --- /dev/null +++ b/tests/chainverify-unsorted.c @@ -0,0 +1,767 @@ +/* + * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* gnutls_trust_list_*(). + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + + +const char ca_str[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n" + "-----END CERTIFICATE-----\n"; +const gnutls_datum_t ca = { (void *) ca_str, sizeof(ca_str) }; + + +/* Chain1 is sorted */ +static const char chain1[] = { + /* chain[0] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n" + "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n" + "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n" + "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n" + "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n" + "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n" + "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n" + "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n" + "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n" + "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n" + "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n" + "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" + "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n" + "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n" + "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n" + "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n" + "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n" + "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n" + "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n" + "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n" + "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n" + "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n" + "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n" + "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n" + "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n" + "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n" + "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n" + "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n" + "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n" + "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n" + "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n" + "nKMfhbyFQYPQ6J9g\n" "-----END CERTIFICATE-----\n" + /* chain[1] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n" + "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" + "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" + "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" + "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n" + "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n" + "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n" + "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n" + "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n" + "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n" + "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n" + "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n" + "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n" + "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n" + "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n" + "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n" + "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n" + "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n" + "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n" + "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n" + "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n" + "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n" + "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n" + "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n" + "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n" + "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n" + "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n" + "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n" + "Gh/aWKfkT8Fhrryi/ks=\n" "-----END CERTIFICATE-----\n" + /* chain[2] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n" + "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n" + "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" + "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n" + "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n" + "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n" + "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n" + "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n" + "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n" + "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n" + "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n" + "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n" + "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n" + "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n" + "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n" + "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n" + "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n" + "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n" + "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n" + "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n" + "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n" + "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n" + "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n" + "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n" + "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n" + "-----END CERTIFICATE-----\n" + /* chain[3] (CA) */ + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n" + "-----END CERTIFICATE-----\n" +}; + +/* Chain2 is unsorted - reverse order */ +static const char chain2[] = { + /* chain[0] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n" + "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n" + "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n" + "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n" + "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n" + "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n" + "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n" + "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n" + "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n" + "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n" + "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n" + "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" + "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n" + "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n" + "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n" + "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n" + "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n" + "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n" + "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n" + "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n" + "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n" + "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n" + "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n" + "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n" + "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n" + "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n" + "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n" + "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n" + "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n" + "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n" + "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n" + "nKMfhbyFQYPQ6J9g\n" "-----END CERTIFICATE-----\n" + /* chain[3] (CA) */ + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n" + "-----END CERTIFICATE-----\n" + /* chain[2] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n" + "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n" + "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" + "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n" + "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n" + "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n" + "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n" + "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n" + "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n" + "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n" + "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n" + "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n" + "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n" + "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n" + "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n" + "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n" + "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n" + "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n" + "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n" + "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n" + "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n" + "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n" + "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n" + "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n" + "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n" + "-----END CERTIFICATE-----\n" + /* chain[1] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n" + "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" + "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" + "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" + "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n" + "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n" + "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n" + "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n" + "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n" + "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n" + "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n" + "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n" + "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n" + "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n" + "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n" + "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n" + "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n" + "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n" + "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n" + "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n" + "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n" + "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n" + "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n" + "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n" + "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n" + "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n" + "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n" + "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n" + "Gh/aWKfkT8Fhrryi/ks=\n" "-----END CERTIFICATE-----\n" +}; + +/* Chain3 is unsorted - random order */ +static const char chain3[] = { + /* chain[0] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n" + "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n" + "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n" + "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n" + "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n" + "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n" + "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n" + "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n" + "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n" + "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n" + "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n" + "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" + "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n" + "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n" + "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n" + "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n" + "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n" + "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n" + "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n" + "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n" + "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n" + "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n" + "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n" + "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n" + "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n" + "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n" + "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n" + "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n" + "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n" + "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n" + "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n" + "nKMfhbyFQYPQ6J9g\n" "-----END CERTIFICATE-----\n" + /* chain[2] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n" + "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n" + "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" + "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n" + "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n" + "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n" + "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n" + "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n" + "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n" + "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n" + "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n" + "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n" + "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n" + "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n" + "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n" + "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n" + "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n" + "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n" + "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n" + "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n" + "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n" + "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n" + "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n" + "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n" + "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n" + "-----END CERTIFICATE-----\n" + /* chain[3] (CA) */ + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n" + "-----END CERTIFICATE-----\n" + /* chain[1] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n" + "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" + "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" + "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" + "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n" + "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n" + "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n" + "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n" + "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n" + "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n" + "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n" + "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n" + "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n" + "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n" + "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n" + "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n" + "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n" + "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n" + "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n" + "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n" + "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n" + "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n" + "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n" + "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n" + "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n" + "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n" + "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n" + "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n" + "Gh/aWKfkT8Fhrryi/ks=\n" "-----END CERTIFICATE-----\n" +}; + +/* Chain4 is unsorted - random order and includes random certs */ +static const char chain4[] = { + /* chain[0] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n" + "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n" + "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n" + "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n" + "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n" + "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n" + "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n" + "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n" + "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n" + "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n" + "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n" + "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" + "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n" + "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n" + "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n" + "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n" + "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n" + "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n" + "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n" + "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n" + "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n" + "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n" + "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n" + "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n" + "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n" + "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n" + "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n" + "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n" + "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n" + "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n" + "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n" + "nKMfhbyFQYPQ6J9g\n" "-----END CERTIFICATE-----\n" + /* chain[2] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n" + "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n" + "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" + "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n" + "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n" + "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n" + "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n" + "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n" + "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n" + "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n" + "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n" + "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n" + "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n" + "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n" + "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n" + "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n" + "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n" + "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n" + "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n" + "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n" + "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n" + "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n" + "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n" + "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n" + "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIEczCCA9ygAwIBAgIQeODCPg2RbK2r7/1KoWjWZzANBgkqhkiG9w0BAQUFADCB\n" + "ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy\n" + "aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy\n" + "dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg\n" + "SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w\n" + "ODA2MTAwMDAwMDBaFw0wOTA3MzAyMzU5NTlaMIG2MQswCQYDVQQGEwJERTEPMA0G\n" + "A1UECBMGSGVzc2VuMRowGAYDVQQHFBFGcmFua2Z1cnQgYW0gTWFpbjEsMCoGA1UE\n" + "ChQjU3Bhcmthc3NlbiBJbmZvcm1hdGlrIEdtYkggJiBDby4gS0cxKTAnBgNVBAsU\n" + "IFRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tMSEwHwYDVQQDFBhoYmNp\n" + "LXBpbnRhbi1ycC5zLWhiY2kuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\n" + "AK1CdQ9lqmChZWaRAInimuK7I36VImTuAVU0N6BIS4a2BbblkiekbVf15GVHGb6e\n" + "QV06ANN6Nd8XIdfoxi3LoAs8sa+Ku7eoEsRFi/XIU96GgtFlxf3EsVA9RbGdtfer\n" + "9iJGIBae2mJTlk+5LVg2EQr50PJlBuTgiYFc41xs9O2RAgMBAAGjggF6MIIBdjAJ\n" + "BgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8v\n" + "Y3JsLnZlcmlzaWduLmNvbS9DbGFzczNJbnRlcm5hdGlvbmFsU2VydmVyLmNybDBE\n" + "BgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\n" + "d3d3LnZlcmlzaWduLmNvbS9ycGEwKAYDVR0lBCEwHwYJYIZIAYb4QgQBBggrBgEF\n" + "BQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw\n" + "Oi8vb2NzcC52ZXJpc2lnbi5jb20wbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJ\n" + "aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYk\n" + "aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEB\n" + "BQUAA4GBAJ03R0YAjYzlWm54gMSn6MqJi0mHdLCO2lk3CARwjbg7TEYAZvDsKqTd\n" + "cRuhNk079BqrQ3QapffeN55SAVrc3mzHO54Nla4n5y6x3XIQXVvRjbJGwmWXsdvr\n" + "W899F/pBEN30Tgdbmn7JR/iZlGhIJpY9Us1i7rwQhKYir9ZQBdj3\n" + "-----END CERTIFICATE-----\n" + /* chain[1] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n" + "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" + "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" + "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" + "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n" + "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n" + "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n" + "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n" + "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n" + "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n" + "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n" + "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n" + "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n" + "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n" + "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n" + "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n" + "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n" + "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n" + "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n" + "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n" + "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n" + "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n" + "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n" + "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n" + "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n" + "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n" + "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n" + "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n" + "Gh/aWKfkT8Fhrryi/ks=\n" "-----END CERTIFICATE-----\n" + /* chain[3] (CA) */ + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDgzCCAuygAwIBAgIQJUuKhThCzONY+MXdriJupDANBgkqhkiG9w0BAQUFADBf\n" + "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n" + "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" + "HhcNOTcwNDE3MDAwMDAwWhcNMTExMDI0MjM1OTU5WjCBujEfMB0GA1UEChMWVmVy\n" + "aVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAx\n" + "BgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3Mg\n" + "MzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4g\n" + "TElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOB\n" + "jQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx\n" + "veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01O\n" + "OfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOB\n" + "4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw\n" + "KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNV\n" + "HSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEI\n" + "ATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAk\n" + "oCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEB\n" + "BQUAA4GBAAgB7ORolANC8XPxI6I63unx2sZUxCM+hurPajozq+qcBBQHNgYL+Yhv\n" + "1RPuKSvD5HKNRO3RrCAJLeH24RkFOLA9D59/+J4C3IYChmFOJl9en5IeDCSk9dBw\n" + "E88mw0M9SR2egi5SX7w+xmYpAY5Okiy8RnUDgqxz6dl+C2fvVFIa\n" + "-----END CERTIFICATE-----\n" +}; + +static time_t mytime(time_t * t) +{ + time_t then = 1207000800; + + if (t) + *t = then; + + return then; +} + +void doit(void) +{ + int ret; + gnutls_datum_t data; + gnutls_x509_crt_t *crts; + unsigned int crts_size, i; + gnutls_x509_trust_list_t tl; + unsigned int status, flags = GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN|GNUTLS_VERIFY_ALLOW_BROKEN; + unsigned int not_flags = GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* test for gnutls_certificate_get_issuer() */ + gnutls_x509_trust_list_init(&tl, 0); + + ret = + gnutls_x509_trust_list_add_trust_mem(tl, &ca, NULL, + GNUTLS_X509_FMT_PEM, 0, + 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_add_trust_mem\n"); + exit(1); + } + + /* Chain 1 */ + data.data = (void *) chain1; + data.size = sizeof(chain1); + ret = + gnutls_x509_crt_list_import2(&crts, &crts_size, &data, + GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("gnutls_x509_crt_list_import2: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags, + &status, NULL); + if (ret < 0 || status != 0) { + fail("gnutls_x509_trust_list_verify_crt - 1\n"); + exit(1); + } + + for (i = 0; i < crts_size; i++) + gnutls_x509_crt_deinit(crts[i]); + gnutls_free(crts); + + /* Chain 2 */ + data.data = (void *) chain2; + data.size = sizeof(chain2); + + /* verify whether the GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag is + * considered by gnutls_x509_crt_list_import2() */ + ret = + gnutls_x509_crt_list_import2(&crts, &crts_size, &data, + GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); + if (ret != GNUTLS_E_CERTIFICATE_LIST_UNSORTED) { + fail("gnutls_x509_crt_list_import2 with flag GNUTLS_E_CERTIFICATE_LIST_UNSORTED on unsorted chain didn't fail: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_crt_list_import2(&crts, &crts_size, &data, + GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("gnutls_x509_crt_list_import2: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags, + &status, NULL); + if (ret < 0 || status != 0) { + fail("gnutls_x509_trust_list_verify_crt - 2\n"); + exit(1); + } + + for (i = 0; i < crts_size; i++) + gnutls_x509_crt_deinit(crts[i]); + gnutls_free(crts); + + /* Chain 3 */ + data.data = (void *) chain3; + data.size = sizeof(chain3); + ret = + gnutls_x509_crt_list_import2(&crts, &crts_size, &data, + GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("gnutls_x509_crt_list_import2: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags, + &status, NULL); + if (ret < 0 || status != 0) { + fail("gnutls_x509_trust_list_verify_crt - 3\n"); + exit(1); + } + + for (i = 0; i < crts_size; i++) + gnutls_x509_crt_deinit(crts[i]); + gnutls_free(crts); + + /* Chain 4 */ + data.data = (void *) chain4; + data.size = sizeof(chain4); + ret = + gnutls_x509_crt_list_import2(&crts, &crts_size, &data, + GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("gnutls_x509_crt_list_import2: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, flags, + &status, NULL); + if (ret < 0 || status != 0) { + fail("gnutls_x509_trust_list_verify_crt - 4\n"); + exit(1); + } + + for (i = 0; i < crts_size; i++) + gnutls_x509_crt_deinit(crts[i]); + gnutls_free(crts); + + /* Check if an unsorted list would fail if the unsorted flag is not given */ + data.data = (void *) chain2; + data.size = sizeof(chain2); + ret = + gnutls_x509_crt_list_import2(&crts, &crts_size, &data, + GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("gnutls_x509_crt_list_import2: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_trust_list_verify_crt(tl, crts, crts_size, + not_flags, &status, NULL); + if (ret < 0 || status == 0) { + fail("gnutls_x509_trust_list_verify_crt - 5\n"); + exit(1); + } + + for (i = 0; i < crts_size; i++) + gnutls_x509_crt_deinit(crts[i]); + gnutls_free(crts); + + gnutls_x509_trust_list_deinit(tl, 1); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/chainverify.c b/tests/chainverify.c new file mode 100644 index 0000000..6a10d78 --- /dev/null +++ b/tests/chainverify.c @@ -0,0 +1,286 @@ +/* + * Copyright (C) 2008-2014 Free Software Foundation, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include +#include + +#include "utils.h" +#include "test-chains.h" + +#define DEFAULT_THEN 1256803113 +static time_t then = DEFAULT_THEN; + +/* GnuTLS internally calls time() to find out the current time when + verifying certificates. To avoid a time bomb, we hard code the + current time. This should work fine on systems where the library + call to time is resolved at run-time. */ +static time_t mytime(time_t * t) +{ + if (t) + *t = then; + + return then; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int exit_val = 0; + size_t i; + int ret; + gnutls_x509_trust_list_t tl; + unsigned int verify_status, verify_status1; + gnutls_x509_crt_t certs[MAX_CHAIN]; + gnutls_x509_crt_t ca; + gnutls_datum_t tmp; + size_t j; + gnutls_typed_vdata_st vdata[2]; + + /* The overloading of time() seems to work in linux (ELF?) + * systems only. Disable it on windows. + */ +#ifdef _WIN32 + exit(77); +#endif + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + for (i = 0; chains[i].chain; i++) { + + printf("[%d]: Chain '%s'...\n", (int)i, chains[i].name); + + if (chains[i].notfips && gnutls_fips140_mode_enabled()) { + if (debug) + printf("Skipping in FIPS mode...\n"); + continue; + } + + for (j = 0; chains[i].chain[j]; j++) { + if (debug > 2) + printf("\tAdding certificate %d...", (int)j); + + ret = gnutls_x509_crt_init(&certs[j]); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init[%d,%d]: %s\n", + (int)i, (int)j, gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *)chains[i].chain[j]; + tmp.size = strlen(chains[i].chain[j]); + + ret = + gnutls_x509_crt_import(certs[j], &tmp, + GNUTLS_X509_FMT_PEM); + if (debug > 2) + printf("done\n"); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import[%s,%d]: %s\n", + chains[i].name, (int)j, + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_print(certs[j], + GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf("\tCertificate %d: %.*s\n", (int)j, + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + if (debug > 2) + printf("\tAdding CA certificate..."); + + ret = gnutls_x509_crt_init(&ca); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *)*chains[i].ca; + tmp.size = strlen(*chains[i].ca); + + ret = gnutls_x509_crt_import(ca, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (debug > 2) + printf("done\n"); + + gnutls_x509_crt_print(ca, GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf("\tCA Certificate: %.*s\n", tmp.size, tmp.data); + gnutls_free(tmp.data); + + if (debug) + printf("\tVerifying..."); + + if (chains[i].expected_time != 0) + then = chains[i].expected_time; + else + then = DEFAULT_THEN; + + if (chains[i].purpose == NULL) { + ret = gnutls_x509_crt_list_verify(certs, j, + &ca, 1, NULL, 0, + chains + [i].verify_flags, + &verify_status); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_list_verify[%d,%d]: %s\n", + (int)i, (int)j, gnutls_strerror(ret)); + exit(1); + } + + if (verify_status != chains[i].expected_verify_result) { + gnutls_datum_t out1, out2; + gnutls_certificate_verification_status_print + (verify_status, GNUTLS_CRT_X509, &out1, 0); + gnutls_certificate_verification_status_print + (chains[i].expected_verify_result, + GNUTLS_CRT_X509, &out2, 0); + fail("chain[%s]:\nverify_status: %d: %s\nexpected: %d: %s\n", chains[i].name, verify_status, out1.data, chains[i].expected_verify_result, out2.data); + gnutls_free(out1.data); + gnutls_free(out2.data); + +#if 0 + j = 0; + do { + fprintf(stderr, "%s\n", + chains[i].chain[j]); + } + while (chains[i].chain[++j] != NULL); +#endif + + if (!debug) + exit(1); + } else if (debug) + printf("done\n"); + + } + + gnutls_x509_trust_list_init(&tl, 0); + + ret = gnutls_x509_trust_list_add_cas(tl, &ca, 1, 0); + if (ret != 1) { + fail("gnutls_x509_trust_list_add_trust_mem\n"); + exit(1); + } + + /* make sure that the two functions don't diverge */ + if (chains[i].purpose != NULL) { + vdata[0].type = GNUTLS_DT_KEY_PURPOSE_OID; + vdata[0].data = (void *)chains[i].purpose; + + ret = + gnutls_x509_trust_list_verify_crt2(tl, certs, j, + vdata, 1, + chains + [i].verify_flags, + &verify_status1, + NULL); + } else { + ret = + gnutls_x509_trust_list_verify_crt(tl, certs, j, + chains + [i].verify_flags, + &verify_status1, + NULL); + } + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_list_verify[%d,%d]: %s\n", + (int)i, (int)j, gnutls_strerror(ret)); + exit(1); + } + + if (chains[i].purpose == NULL) { + if (verify_status != verify_status1) { + gnutls_datum_t out1, out2; + gnutls_certificate_verification_status_print + (verify_status, GNUTLS_CRT_X509, &out1, 0); + gnutls_certificate_verification_status_print + (verify_status1, GNUTLS_CRT_X509, &out2, 0); + fail("chain[%s]:\nverify_status: %d: %s\ntrust list vstatus: %d: %s\n", chains[i].name, verify_status, out1.data, verify_status1, out2.data); + gnutls_free(out1.data); + gnutls_free(out2.data); + } + } else { + if (verify_status1 != chains[i].expected_verify_result) { + gnutls_datum_t out1, out2; + gnutls_certificate_verification_status_print + (verify_status1, GNUTLS_CRT_X509, &out1, 0); + gnutls_certificate_verification_status_print + (chains[i].expected_verify_result, GNUTLS_CRT_X509, &out2, 0); + fail("chain[%s]:\nverify_status: %d: %s\nexpected: %d: %s\n", chains[i].name, verify_status1, out1.data, chains[i].expected_verify_result, out2.data); + gnutls_free(out1.data); + gnutls_free(out2.data); + } + } + + if (debug) + printf("\tCleanup..."); + + gnutls_x509_trust_list_deinit(tl, 0); + gnutls_x509_crt_deinit(ca); + for (j = 0; chains[i].chain[j]; j++) + gnutls_x509_crt_deinit(certs[j]); + + if (debug) + printf("done\n\n\n"); + } + + gnutls_global_deinit(); + + if (debug) + printf("Exit status...%d\n", exit_val); + + exit(exit_val); +} diff --git a/tests/cipher-alignment.c b/tests/cipher-alignment.c new file mode 100644 index 0000000..65b763a --- /dev/null +++ b/tests/cipher-alignment.c @@ -0,0 +1,532 @@ +/* + * Copyright (C) 2004-2015 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Tests whether memory input to ciphers are properly aligned */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +#include "ex-session-info.c" +#include "ex-x509-info.c" + +static pid_t child; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, + str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +static unsigned char ca_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n" + "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n" + "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n" + "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n" + "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n" + "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n" + "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n" + "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n" + "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n" + "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t ca = { ca_pem, sizeof(ca_pem) }; + +static unsigned char cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" + "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" + "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" + "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" + "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" + "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" + "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" + "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" + "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" + "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) }; + +static unsigned char key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; +const gnutls_datum_t key = { key_pem, sizeof(key_pem) }; + +struct myaes_ctx { + struct aes128_ctx aes; + unsigned char iv[16]; + int enc; +}; + +static unsigned aes_init = 0; + +extern int +_gnutls_crypto_register_cipher(gnutls_cipher_algorithm_t algorithm, + int priority, + gnutls_cipher_init_func init, + gnutls_cipher_setkey_func setkey, + gnutls_cipher_setiv_func setiv, + gnutls_cipher_encrypt_func encrypt, + gnutls_cipher_decrypt_func decrypt, + gnutls_cipher_deinit_func deinit); + +static int +myaes_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc) +{ + if (algorithm != GNUTLS_CIPHER_AES_128_CBC) + return GNUTLS_E_INVALID_REQUEST; + + *_ctx = calloc(1, sizeof(struct myaes_ctx)); + if (*_ctx == NULL) { + return GNUTLS_E_MEMORY_ERROR; + } + + ((struct myaes_ctx *) (*_ctx))->enc = enc; + aes_init = 1; + + return 0; +} + +static int +myaes_setkey(void *_ctx, const void *userkey, size_t keysize) +{ + struct myaes_ctx *ctx = _ctx; + + assert(keysize == 16); + + if (ctx->enc) + aes128_set_encrypt_key(&ctx->aes, userkey); + else + aes128_set_decrypt_key(&ctx->aes, userkey); + + return 0; +} + +static int myaes_setiv(void *_ctx, const void *iv, size_t iv_size) +{ + struct myaes_ctx *ctx = _ctx; + + memcpy(ctx->iv, iv, 16); + return 0; +} + +static int +myaes_encrypt(void *_ctx, const void *src, size_t src_size, + void *dst, size_t dst_size) +{ + struct myaes_ctx *ctx = _ctx; + +#if 0 /* this is under the control of the caller */ + if (((unsigned long)src)%16 != 0) { + fail("encrypt: source is not 16-byte aligned: %lu\n", ((unsigned long)src)%16); + } +#endif + + if (((unsigned long)dst)%16 != 0) { + fail("encrypt: dest is not 16-byte aligned: %lu\n", ((unsigned long)dst)%16); + } + + cbc_encrypt(&ctx->aes, (nettle_cipher_func*)aes128_encrypt, 16, ctx->iv, src_size, dst, src); + return 0; +} + +static int +myaes_decrypt(void *_ctx, const void *src, size_t src_size, + void *dst, size_t dst_size) +{ + struct myaes_ctx *ctx = _ctx; + + if (((unsigned long)src)%16 != 0) { + fail("decrypt: source is not 16-byte aligned: %lu\n", ((unsigned long)src)%16); + } + +#if 0 /* this is under the control of the caller */ + if (((unsigned long)dst)%16 != 0) { + fail("decrypt: dest is not 16-byte aligned: %lu\n", ((unsigned long)dst)%16); + } +#endif + + cbc_decrypt(&ctx->aes, (nettle_cipher_func*)aes128_decrypt, 16, ctx->iv, src_size, dst, src); + + return 0; +} + +static void myaes_deinit(void *_ctx) +{ + free(_ctx); +} + +static void client(int sd, const char *prio) +{ + int ret, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&xcred); + + /* sets the trusted cas file + */ + gnutls_certificate_set_x509_trust_mem(xcred, &ca, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_x509_key_mem(xcred, &cert, &key, + GNUTLS_X509_FMT_PEM); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + /* put the x509 credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else if (debug) { + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + if (debug) + print_info(session); + + ret = gnutls_record_send(session, MSG, strlen(MSG)); + + if (ret == strlen(MSG)) { + if (debug) + success("client: sent record.\n"); + } else { + fail("client: failed to send record.\n"); + gnutls_perror(ret); + goto end; + } + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (debug) + success("client: recv returned %d.\n", ret); + + if (ret == GNUTLS_E_REHANDSHAKE) { + if (debug) + success("client: doing handshake!\n"); + ret = gnutls_handshake(session); + if (ret == 0) { + if (debug) + success + ("client: handshake complete, reading again.\n"); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } else { + fail("client: handshake failed.\n"); + } + } + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); +} + +/* This is a sample TLS 1.0 echo server, using X.509 authentication. + */ + +#define MAX_BUF 1024 + +/* These are global */ + + + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static void server(int sd, const char *prio) +{ + gnutls_certificate_credentials_t x509_cred; + int ret; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + + /* this must be called once in the program + */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_mem(x509_cred, &ca, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + if (debug) + success("Launched, generating DH parameters...\n"); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) { + success("server: Handshake was completed\n"); + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + } + + /* see the Getting peer's information example */ + if (debug) + print_info(session); + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + if (debug) + success("server: finished\n"); +} + +static +void start(const char *prio) +{ + int sockets[2]; + int err; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + + server(sockets[0], prio); + wait(&status); + check_wait_status(status); + } else { + client(sockets[1], prio); + exit(0); + } +} + +void doit(void) +{ + int ret; + + global_init(); + + ret = _gnutls_crypto_register_cipher(GNUTLS_CIPHER_AES_128_CBC, 1, + myaes_init, + myaes_setkey, + myaes_setiv, + myaes_encrypt, + myaes_decrypt, + myaes_deinit); + if (ret < 0) { + fail("%d: cannot register cipher\n", __LINE__); + } + + + start("NORMAL:-CIPHER-ALL:+AES-128-CBC:-VERS-ALL:+VERS-TLS1.1"); + start("NORMAL:-CIPHER-ALL:+AES-128-CBC:-VERS-ALL:+VERS-TLS1.2"); + + assert(aes_init != 0); + + gnutls_global_deinit(); +} + +#endif /* _WIN32 */ diff --git a/tests/cipher-listings.sh b/tests/cipher-listings.sh new file mode 100755 index 0000000..768f5cf --- /dev/null +++ b/tests/cipher-listings.sh @@ -0,0 +1,98 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${DIFF=diff -b -B} +: ${SED=sed} +unset RETCODE + +TMPFILE=cipher-listings.$$.tmp +TMPFILE2=cipher-listings2.$$.tmp + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + + +. "${srcdir}/scripts/common.sh" + +echo "Checking ciphersuite listings" + +tab=$(printf '\t') +check() +{ + prio=$2 + name=$1 + echo checking $prio + "${CLI}" --list --priority $prio|grep -v ^Certificate|grep -v ^Ciphers|grep -v ^MACs|grep -v ^Key|grep -v Compression|grep -v ^Groups|grep -v ^Elliptic|${SED} -e 's/'"${tab}"'SSL3.0$//g' -e 's/'"${tab}"'TLS1.0$//g'|grep -v ^PK>$TMPFILE + cat ${srcdir}/data/listings-$name|${SED} 's/'"${tab}"'SSL3.0$//g' >$TMPFILE2 + ${DIFF} ${TMPFILE} ${TMPFILE2} + if test $? != 0;then + echo Error checking $prio with $name + echo output in ${TMPFILE} + exit 1 + fi +} + +${CLI} --fips140-mode +if test $? = 0;then + echo "Cannot run this test in FIPS140-2 mode" + exit 77 +fi + +# We check whether the ciphersuites listed by gnutls-cli +# for specific (legacy) protocols remain constant. We +# don't check newer protocols as these change more often. + +# This is a unit test for gnutls_priority_get_cipher_suite_index + +if test "${ENABLE_SSL3}" = "1";then +echo "Running with SSL3.0 enabled" +check SSL3.0 "NORMAL:-VERS-ALL:+VERS-SSL3.0:+ARCFOUR-128" +check old-SSL3.0-TLS1.1 "NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+VERS-TLS1.1" +else +echo "Running without support for SSL3.0" +check SSL3.0-TLS1.1 "NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+VERS-TLS1.1" +fi +check TLS1.0 "NORMAL:-VERS-ALL:+VERS-TLS1.0" +check TLS1.1 "NORMAL:-VERS-ALL:+VERS-TLS1.1" +check DTLS1.0 "NORMAL:-VERS-ALL:+VERS-DTLS1.0" +# Priority strings prior to 3.6.x did not require the +GROUP option; here we +# test whether these work as expected. +check legacy1 "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-GCM:+SIGN-ALL:+COMP-NULL" +check legacy2 "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL" +check legacy3 "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+CTYPE-OPENPGP" +check legacy4 "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:-CTYPE-OPENPGP" + + +rm -f ${TMPFILE} +rm -f ${TMPFILE2} +exit 0 diff --git a/tests/cipher-neg-common.c b/tests/cipher-neg-common.c new file mode 100644 index 0000000..63c5c44 --- /dev/null +++ b/tests/cipher-neg-common.c @@ -0,0 +1,125 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ +#include + +typedef struct test_case_st { + const char *name; + int cipher; + int group; + const char *client_prio; + const char *server_prio; + const char *desc; + unsigned not_on_fips; +} test_case_st; + +static void try(test_case_st *test) +{ + int sret, cret; + gnutls_certificate_credentials_t s_cert_cred; + gnutls_certificate_credentials_t c_cert_cred; + gnutls_session_t server, client; + + if (test->not_on_fips && gnutls_fips140_mode_enabled()) { + success("Skipping %s...\n", test->name); + return; + } + + success("Running %s...\n", test->name); + + assert(gnutls_certificate_allocate_credentials(&s_cert_cred) >= 0); + assert(gnutls_certificate_allocate_credentials(&c_cert_cred) >= 0); + + assert(gnutls_init(&server, GNUTLS_SERVER)>=0); + assert(gnutls_init(&client, GNUTLS_CLIENT)>=0); + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_cert_cred); + gnutls_certificate_set_known_dh_params(s_cert_cred, GNUTLS_SEC_PARAM_MEDIUM); + + assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key, GNUTLS_X509_FMT_PEM) >= 0); + assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_localhost_rsa_sign_cert, &server_ca3_key, GNUTLS_X509_FMT_PEM) >= 0); + assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_cert_cred); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + assert(gnutls_priority_set_direct(server, test->server_prio, 0) >= 0); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + assert(gnutls_priority_set_direct(client, test->client_prio, 0) >= 0); + + HANDSHAKE(client, server); + + sret = gnutls_cipher_get(client); + cret = gnutls_cipher_get(server); + + if (test->desc) { + char *desc1 = gnutls_session_get_desc(server); + char *desc2 = gnutls_session_get_desc(client); + + if (strcmp(desc1, desc2) != 0) + fail("server and client session description don't match (%s, %s)\n", desc1, desc2); + + if (strcmp(desc1, test->desc) != 0) + fail("session and expected session description don't match (%s, %s)\n", desc1, test->desc); + gnutls_free(desc1); + gnutls_free(desc2); + } + + if (sret != cret) { + fail("%s: client negotiated different cipher than server (%s, %s)!\n", + test->name, gnutls_cipher_get_name(cret), + gnutls_cipher_get_name(sret)); + } + + if (cret != test->cipher) { + fail("%s: negotiated cipher differs with the expected (%s, %s)!\n", + test->name, gnutls_cipher_get_name(cret), + gnutls_cipher_get_name(test->cipher)); + } + + if (test->group) { + sret = gnutls_group_get(client); + cret = gnutls_group_get(server); + + if (sret != cret) { + fail("%s: client negotiated different group than server (%s, %s)!\n", + test->name, gnutls_group_get_name(cret), + gnutls_group_get_name(sret)); + } + + if (cret != test->group) { + fail("%s: negotiated group differs with the expected (%s, %s)!\n", + test->name, gnutls_group_get_name(cret), + gnutls_group_get_name(test->group)); + } + } + + gnutls_deinit(server); + gnutls_deinit(client); + gnutls_certificate_free_credentials(s_cert_cred); + gnutls_certificate_free_credentials(c_cert_cred); + + reset_buffers(); +} diff --git a/tests/cipher-padding.c b/tests/cipher-padding.c new file mode 100644 index 0000000..e8e66fb --- /dev/null +++ b/tests/cipher-padding.c @@ -0,0 +1,160 @@ +/* + * Copyright (C) 2022 Red Hat, Inc. + * + * Author: Daiki Ueno + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#include + +#include +#include +#include +#include +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +#define CLAMP(x, b) (((x) + (b)) / (b)) * (b) + +static void +start(gnutls_cipher_algorithm_t algo, size_t plaintext_size, unsigned int flags) +{ + int ret; + gnutls_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t plaintext[128]; + uint8_t ciphertext[128]; + size_t block_size; + size_t size; + gnutls_datum_t key, iv; + + success("%s %zu %u\n", + gnutls_cipher_get_name(algo), plaintext_size, flags); + + block_size = gnutls_cipher_get_block_size(algo); + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(plaintext, 0xfa, sizeof(plaintext)); + + ret = gnutls_cipher_init(&ch, algo, &key, &iv); + if (ret < 0) { + fail("gnutls_cipher_init failed\n"); + } + + /* Check overflow if PKCS#7 is requested */ + if (flags & GNUTLS_CIPHER_PADDING_PKCS7) { + ret = gnutls_cipher_encrypt3(ch, + plaintext, SIZE_MAX, + NULL, &size, + flags); + if (ret != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_cipher_encrypt3 succeeded\n"); + } + } + + /* Get the ciphertext size */ + ret = gnutls_cipher_encrypt3(ch, + plaintext, plaintext_size, + NULL, &size, + flags); + if (ret < 0) { + fail("gnutls_cipher_encrypt3 failed\n"); + } + + if (flags & GNUTLS_CIPHER_PADDING_PKCS7) { + if (size <= plaintext_size) { + fail("no padding appended\n"); + } + if (size != CLAMP(plaintext_size, block_size)) { + fail("size does not match: %zu (expected %zu)\n", + size, CLAMP(plaintext_size, block_size)); + } + } else { + if (size != plaintext_size) { + fail("size does not match: %zu (expected %zu)\n", + size, plaintext_size); + } + } + + /* Encrypt with padding */ + ret = gnutls_cipher_encrypt3(ch, + plaintext, plaintext_size, + ciphertext, &size, + flags); + if (ret < 0) { + fail("gnutls_cipher_encrypt3 failed\n"); + } + + /* Decrypt with padding */ + ret = gnutls_cipher_decrypt3(ch, + ciphertext, size, + ciphertext, &size, + flags); + if (ret < 0) { + fail("gnutls_cipher_encrypt3 failed\n"); + } + + if (size != plaintext_size) { + fail("size does not match: %zu (expected %zu)\n", + size, plaintext_size); + } + + if (memcmp(ciphertext, plaintext, size) != 0) { + fail("plaintext does not match\n"); + } + + gnutls_cipher_deinit(ch); +} + +void doit(void) { + int ret; + + gnutls_global_set_log_function(tls_log_func); + if (debug) { + gnutls_global_set_log_level(4711); + } + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); + } + + start(GNUTLS_CIPHER_AES_128_CBC, 0, GNUTLS_CIPHER_PADDING_PKCS7); + start(GNUTLS_CIPHER_AES_128_CBC, 11, GNUTLS_CIPHER_PADDING_PKCS7); + start(GNUTLS_CIPHER_AES_128_CBC, 77, GNUTLS_CIPHER_PADDING_PKCS7); + start(GNUTLS_CIPHER_AES_128_CBC, 80, GNUTLS_CIPHER_PADDING_PKCS7); + + start(GNUTLS_CIPHER_AES_128_CBC, 0, 0); + start(GNUTLS_CIPHER_AES_128_CBC, 80, 0); + + gnutls_global_deinit(); +} diff --git a/tests/ciphersuite-name.c b/tests/ciphersuite-name.c new file mode 100644 index 0000000..b7fd4de --- /dev/null +++ b/tests/ciphersuite-name.c @@ -0,0 +1,121 @@ +/* + * Copyright (C) 2022 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This tests gnutls_cipher_suite_get() and + * gnutls_cipher_suite_get_canonical_name() + */ + +#include "config.h" + +#include + +#include +#include "cert-common.h" +#include "eagain-common.h" +#include "utils.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static void +start(const char *test_name, const char *prio, const char *expected_name) +{ + int sret, cret; + gnutls_certificate_credentials_t scred, ccred; + gnutls_session_t server, client; + const char *name; + + success("%s\n", test_name); + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(9); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&scred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(scred, + &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&server, GNUTLS_SERVER); + + gnutls_priority_set_direct(server, prio, NULL); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&ccred); + assert(gnutls_certificate_set_x509_trust_mem + (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&client, GNUTLS_CLIENT); + + gnutls_priority_set_direct(client, prio, NULL); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + if (debug) + success("Handshake established\n"); + + name = gnutls_ciphersuite_get(server); + if (!name || strcmp(name, expected_name) != 0) { + fail("server: gnutls_ciphersuite_get returned %s while %s is expected\n", + name, expected_name); + } + + name = gnutls_ciphersuite_get(client); + if (!name || strcmp(name, expected_name) != 0) { + fail("client: gnutls_ciphersuite_get returned %s while %s is expected\n", + name, expected_name); + } + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(scred); + gnutls_certificate_free_credentials(ccred); + + gnutls_global_deinit(); + reset_buffers(); +} + +void doit(void) +{ + start("TLS 1.3 name", + "NONE:+VERS-TLS1.3:+AES-256-GCM:+AEAD:+SIGN-ALL:+GROUP-ALL", + "TLS_AES_256_GCM_SHA384"); + + start("TLS 1.2 name", + "NONE:+VERS-TLS1.2:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+RSA", + "TLS_RSA_WITH_AES_128_GCM_SHA256"); +} diff --git a/tests/client-fastopen.c b/tests/client-fastopen.c new file mode 100644 index 0000000..cf527ff --- /dev/null +++ b/tests/client-fastopen.c @@ -0,0 +1,324 @@ +/* + * Copyright (C) 2016-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +/* This tests gnutls_transport_set_fastopen() operation. + */ + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "utils.h" + +static void terminate(void); + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static void client(int fd, struct sockaddr *connect_addr, socklen_t connect_addrlen, + const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_fastopen(session, fd, connect_addr, connect_addrlen, 0); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) { + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + } + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t xcred; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + ret = gnutls_certificate_set_x509_key_mem(xcred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + gnutls_init(&session, GNUTLS_SERVER); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + memset(buffer, 1, sizeof(buffer)); + do { + ret = gnutls_record_send(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: data sending has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) { + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + } + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static +void run(const char *name, const char *prio) +{ + int ret; + struct sockaddr_in saddr; + socklen_t addrlen; + int listener; + int fd; + + success("running fast open test for %s\n", name); + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + listener = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (listener == -1) + fail("error in socket(): %s\n", strerror(errno)); + + memset(&saddr, 0, sizeof(saddr)); + saddr.sin_family = AF_INET; + saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + saddr.sin_port = 0; + + ret = bind(listener, (struct sockaddr*)&saddr, sizeof(saddr)); + if (ret == -1) + fail("error in bind(): %s\n", strerror(errno)); + + addrlen = sizeof(saddr); + ret = getsockname(listener, (struct sockaddr*)&saddr, &addrlen); + if (ret == -1) + fail("error in getsockname(): %s\n", strerror(errno)); + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + ret = listen(listener, 1); + if (ret == -1) + fail("error in listen(): %s\n", strerror(errno)); + + fd = accept(listener, NULL, NULL); + if (fd == -1) + fail("error in accept: %s\n", strerror(errno)); + + server(fd, prio); + + wait(&status); + check_wait_status(status); + } else { + fd = socket(AF_INET, SOCK_STREAM, 0); + + usleep(1000000); + client(fd, (struct sockaddr*)&saddr, addrlen, prio); + exit(0); + } +} + +void doit(void) +{ + run("tls1.2", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA"); + run("tls1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3"); +} + +#endif /* _WIN32 */ diff --git a/tests/client-secrets.h b/tests/client-secrets.h new file mode 100644 index 0000000..38915f5 --- /dev/null +++ b/tests/client-secrets.h @@ -0,0 +1,279 @@ +/* + * Copyright (C) 2021 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This file is autogenerated with tls13-early-data.c. + * To reproduce, see the comments in that file. + */ + +#ifndef GNUTLS_TESTS_CLIENT_SECRETS_H +#define GNUTLS_TESTS_CLIENT_SECRETS_H + +static const struct secret client_normal_0[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xdc\x47\xf1\x8b\x33\xd6\x08\x26\xa1\xad\xd9\xb0\x81\xee\x32\x01\xb6\xfc\xce\x9a\xa0\x35\xd1\x30\x61\x85\x2d\xff\x3d\xb1\xe5\x49", + (const uint8_t *)"\x24\x24\xaf\xad\xa8\x0e\x40\xc6\xa1\xc3\x05\xff\x5a\xe5\x04\xb9\xc4\xc2\xff\xd6\x2b\x9a\xb8\x43\x85\x78\x92\x1e\x69\x44\x3d\xe2", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x03\x38\xcf\x43\x68\x90\x01\x7a\xdb\x06\x7d\x92\x08\xcf\x67\x22\x41\xa7\xd3\xe7\x7e\x3a\xaf\x50\xd6\x5c\xaa\xfe\x90\xa4\x87\xa2", + (const uint8_t *)"\x5c\x6f\xe8\x8b\xac\x0a\x7b\x04\x76\x9f\xe8\x2a\x7c\x06\x19\x4c\xa7\x51\x5c\xfe\xb9\x31\x25\x0d\x3b\x07\x78\xa9\xdd\x2d\x27\x72", + }, +}; + +static const struct secret client_normal_1[] = { + { + GNUTLS_ENCRYPTION_LEVEL_EARLY, + 32, + NULL, + (const uint8_t *)"\x6f\x16\x97\x8e\x90\x94\x77\x40\x0f\x00\xff\x79\x1c\x15\x20\x19\xeb\xc6\x10\x59\x8f\x92\xac\xab\xe6\xc8\x3c\x12\x30\x94\x91\x12", + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xf0\x91\x46\x67\xe1\x36\xb5\xd2\x30\x71\xc9\x1d\xcc\x56\xc3\x9d\xee\xfa\x26\xdb\xe4\xe2\x17\xb7\x3d\xb9\x27\x6a\x7c\xa5\xe7\xa9", + NULL, + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + NULL, + (const uint8_t *)"\xe7\xf5\x57\x48\x54\x71\xae\xc0\xba\x8d\x12\x90\xc5\x25\xef\xe3\xc7\xea\x39\x09\x24\xe8\x20\x6d\x03\x8d\x80\x1e\xdd\x24\xbb\x5a", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\xf8\xa9\xd5\xe6\x18\xbb\xb7\x07\x1d\xb3\x8f\x78\x61\x30\x63\x01\xa5\x49\xc6\x05\x92\x7f\x67\x98\x72\x76\x75\xb1\x31\x1f\x14\xf9", + (const uint8_t *)"\xab\xa3\xf5\x4f\xcc\x3f\xd7\xb7\x23\x73\x51\x6e\x64\xc1\xaa\x6b\xa9\x77\x30\x58\xe6\xd4\xf5\xe9\xa5\xd2\x0d\x35\x42\x65\xda\xf1", + }, +}; + +static const struct secret client_normal_2[] = { + { + GNUTLS_ENCRYPTION_LEVEL_EARLY, + 32, + NULL, + (const uint8_t *)"\x6f\x16\x97\x8e\x90\x94\x77\x40\x0f\x00\xff\x79\x1c\x15\x20\x19\xeb\xc6\x10\x59\x8f\x92\xac\xab\xe6\xc8\x3c\x12\x30\x94\x91\x12", + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xf0\x91\x46\x67\xe1\x36\xb5\xd2\x30\x71\xc9\x1d\xcc\x56\xc3\x9d\xee\xfa\x26\xdb\xe4\xe2\x17\xb7\x3d\xb9\x27\x6a\x7c\xa5\xe7\xa9", + NULL, + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + NULL, + (const uint8_t *)"\xe7\xf5\x57\x48\x54\x71\xae\xc0\xba\x8d\x12\x90\xc5\x25\xef\xe3\xc7\xea\x39\x09\x24\xe8\x20\x6d\x03\x8d\x80\x1e\xdd\x24\xbb\x5a", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\xd8\xdf\x24\xd6\xe1\xdc\x86\x3b\x88\x3d\x2b\xad\x56\xec\x22\xd4\x5c\xaf\xa9\x24\xa3\x90\x20\xa1\xae\x77\x5c\x7d\xef\x3d\xcc\x5b", + (const uint8_t *)"\x8d\x02\xe0\xe8\x5f\x9a\xcc\xc7\x8c\x81\x3b\x58\x5f\xa9\xdb\xfd\x98\xb1\x1f\xcc\x3e\x7b\xca\xe7\xef\x05\x4c\x84\x6c\xe1\x11\x25", + }, +}; + +static const struct secret client_small_0[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xdc\x47\xf1\x8b\x33\xd6\x08\x26\xa1\xad\xd9\xb0\x81\xee\x32\x01\xb6\xfc\xce\x9a\xa0\x35\xd1\x30\x61\x85\x2d\xff\x3d\xb1\xe5\x49", + (const uint8_t *)"\x24\x24\xaf\xad\xa8\x0e\x40\xc6\xa1\xc3\x05\xff\x5a\xe5\x04\xb9\xc4\xc2\xff\xd6\x2b\x9a\xb8\x43\x85\x78\x92\x1e\x69\x44\x3d\xe2", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x03\x38\xcf\x43\x68\x90\x01\x7a\xdb\x06\x7d\x92\x08\xcf\x67\x22\x41\xa7\xd3\xe7\x7e\x3a\xaf\x50\xd6\x5c\xaa\xfe\x90\xa4\x87\xa2", + (const uint8_t *)"\x5c\x6f\xe8\x8b\xac\x0a\x7b\x04\x76\x9f\xe8\x2a\x7c\x06\x19\x4c\xa7\x51\x5c\xfe\xb9\x31\x25\x0d\x3b\x07\x78\xa9\xdd\x2d\x27\x72", + }, +}; + +static const struct secret client_small_1[] = { + { + GNUTLS_ENCRYPTION_LEVEL_EARLY, + 32, + NULL, + (const uint8_t *)"\x6f\x16\x97\x8e\x90\x94\x77\x40\x0f\x00\xff\x79\x1c\x15\x20\x19\xeb\xc6\x10\x59\x8f\x92\xac\xab\xe6\xc8\x3c\x12\x30\x94\x91\x12", + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xf0\x91\x46\x67\xe1\x36\xb5\xd2\x30\x71\xc9\x1d\xcc\x56\xc3\x9d\xee\xfa\x26\xdb\xe4\xe2\x17\xb7\x3d\xb9\x27\x6a\x7c\xa5\xe7\xa9", + NULL, + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + NULL, + (const uint8_t *)"\xe7\xf5\x57\x48\x54\x71\xae\xc0\xba\x8d\x12\x90\xc5\x25\xef\xe3\xc7\xea\x39\x09\x24\xe8\x20\x6d\x03\x8d\x80\x1e\xdd\x24\xbb\x5a", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\xf8\xa9\xd5\xe6\x18\xbb\xb7\x07\x1d\xb3\x8f\x78\x61\x30\x63\x01\xa5\x49\xc6\x05\x92\x7f\x67\x98\x72\x76\x75\xb1\x31\x1f\x14\xf9", + (const uint8_t *)"\xab\xa3\xf5\x4f\xcc\x3f\xd7\xb7\x23\x73\x51\x6e\x64\xc1\xaa\x6b\xa9\x77\x30\x58\xe6\xd4\xf5\xe9\xa5\xd2\x0d\x35\x42\x65\xda\xf1", + }, +}; + +static const struct secret client_small_2[] = { + { + GNUTLS_ENCRYPTION_LEVEL_EARLY, + 32, + NULL, + (const uint8_t *)"\x6f\x16\x97\x8e\x90\x94\x77\x40\x0f\x00\xff\x79\x1c\x15\x20\x19\xeb\xc6\x10\x59\x8f\x92\xac\xab\xe6\xc8\x3c\x12\x30\x94\x91\x12", + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xf0\x91\x46\x67\xe1\x36\xb5\xd2\x30\x71\xc9\x1d\xcc\x56\xc3\x9d\xee\xfa\x26\xdb\xe4\xe2\x17\xb7\x3d\xb9\x27\x6a\x7c\xa5\xe7\xa9", + NULL, + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + NULL, + (const uint8_t *)"\xe7\xf5\x57\x48\x54\x71\xae\xc0\xba\x8d\x12\x90\xc5\x25\xef\xe3\xc7\xea\x39\x09\x24\xe8\x20\x6d\x03\x8d\x80\x1e\xdd\x24\xbb\x5a", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\xd8\xdf\x24\xd6\xe1\xdc\x86\x3b\x88\x3d\x2b\xad\x56\xec\x22\xd4\x5c\xaf\xa9\x24\xa3\x90\x20\xa1\xae\x77\x5c\x7d\xef\x3d\xcc\x5b", + (const uint8_t *)"\x8d\x02\xe0\xe8\x5f\x9a\xcc\xc7\x8c\x81\x3b\x58\x5f\xa9\xdb\xfd\x98\xb1\x1f\xcc\x3e\x7b\xca\xe7\xef\x05\x4c\x84\x6c\xe1\x11\x25", + }, +}; + +static const struct secret client_empty_0[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xdc\x47\xf1\x8b\x33\xd6\x08\x26\xa1\xad\xd9\xb0\x81\xee\x32\x01\xb6\xfc\xce\x9a\xa0\x35\xd1\x30\x61\x85\x2d\xff\x3d\xb1\xe5\x49", + (const uint8_t *)"\x24\x24\xaf\xad\xa8\x0e\x40\xc6\xa1\xc3\x05\xff\x5a\xe5\x04\xb9\xc4\xc2\xff\xd6\x2b\x9a\xb8\x43\x85\x78\x92\x1e\x69\x44\x3d\xe2", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x03\x38\xcf\x43\x68\x90\x01\x7a\xdb\x06\x7d\x92\x08\xcf\x67\x22\x41\xa7\xd3\xe7\x7e\x3a\xaf\x50\xd6\x5c\xaa\xfe\x90\xa4\x87\xa2", + (const uint8_t *)"\x5c\x6f\xe8\x8b\xac\x0a\x7b\x04\x76\x9f\xe8\x2a\x7c\x06\x19\x4c\xa7\x51\x5c\xfe\xb9\x31\x25\x0d\x3b\x07\x78\xa9\xdd\x2d\x27\x72", + }, +}; + +static const struct secret client_empty_1[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xac\xc2\x07\x48\xba\x3d\x59\x2f\x5f\xce\x79\xda\xa6\x04\x4b\x55\x06\x2c\x9f\x0e\xdf\xda\x42\x51\x9d\x0b\xd9\x39\x4b\x8c\xb2\x7e", + (const uint8_t *)"\x87\x07\x01\xdc\x13\xdc\xb7\x93\x26\x53\xff\xa4\x2d\x28\xed\xca\xef\x5b\xa7\x94\x17\x26\xdf\x1f\x8c\x7b\x79\x32\x55\x5e\xcb\x79", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x73\x16\xe6\x0a\x66\xe1\x81\xd8\x74\xfa\x25\xe3\xf3\x1a\xf2\x4d\x84\xd6\xc6\x7a\x1b\x27\x79\x0a\x09\x9e\xd2\xd4\x1d\xdf\x0f\x53", + (const uint8_t *)"\x5f\x8e\xfe\x3e\xa0\x41\x27\x9e\xbb\xba\xf2\xa9\x22\xc6\x06\x58\xb5\xbf\x6e\x29\x3d\x84\x10\x4e\x3f\xe3\xc0\x1f\x7a\x2c\xf5\x21", + }, +}; + +static const struct secret client_empty_2[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xac\xc2\x07\x48\xba\x3d\x59\x2f\x5f\xce\x79\xda\xa6\x04\x4b\x55\x06\x2c\x9f\x0e\xdf\xda\x42\x51\x9d\x0b\xd9\x39\x4b\x8c\xb2\x7e", + (const uint8_t *)"\x87\x07\x01\xdc\x13\xdc\xb7\x93\x26\x53\xff\xa4\x2d\x28\xed\xca\xef\x5b\xa7\x94\x17\x26\xdf\x1f\x8c\x7b\x79\x32\x55\x5e\xcb\x79", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x73\x16\xe6\x0a\x66\xe1\x81\xd8\x74\xfa\x25\xe3\xf3\x1a\xf2\x4d\x84\xd6\xc6\x7a\x1b\x27\x79\x0a\x09\x9e\xd2\xd4\x1d\xdf\x0f\x53", + (const uint8_t *)"\x5f\x8e\xfe\x3e\xa0\x41\x27\x9e\xbb\xba\xf2\xa9\x22\xc6\x06\x58\xb5\xbf\x6e\x29\x3d\x84\x10\x4e\x3f\xe3\xc0\x1f\x7a\x2c\xf5\x21", + }, +}; + +static const struct secret client_explicit_0[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xdc\x47\xf1\x8b\x33\xd6\x08\x26\xa1\xad\xd9\xb0\x81\xee\x32\x01\xb6\xfc\xce\x9a\xa0\x35\xd1\x30\x61\x85\x2d\xff\x3d\xb1\xe5\x49", + (const uint8_t *)"\x24\x24\xaf\xad\xa8\x0e\x40\xc6\xa1\xc3\x05\xff\x5a\xe5\x04\xb9\xc4\xc2\xff\xd6\x2b\x9a\xb8\x43\x85\x78\x92\x1e\x69\x44\x3d\xe2", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x03\x38\xcf\x43\x68\x90\x01\x7a\xdb\x06\x7d\x92\x08\xcf\x67\x22\x41\xa7\xd3\xe7\x7e\x3a\xaf\x50\xd6\x5c\xaa\xfe\x90\xa4\x87\xa2", + (const uint8_t *)"\x5c\x6f\xe8\x8b\xac\x0a\x7b\x04\x76\x9f\xe8\x2a\x7c\x06\x19\x4c\xa7\x51\x5c\xfe\xb9\x31\x25\x0d\x3b\x07\x78\xa9\xdd\x2d\x27\x72", + }, +}; + +static const struct secret client_explicit_1[] = { + { + GNUTLS_ENCRYPTION_LEVEL_EARLY, + 32, + NULL, + (const uint8_t *)"\x6f\x16\x97\x8e\x90\x94\x77\x40\x0f\x00\xff\x79\x1c\x15\x20\x19\xeb\xc6\x10\x59\x8f\x92\xac\xab\xe6\xc8\x3c\x12\x30\x94\x91\x12", + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xf0\x91\x46\x67\xe1\x36\xb5\xd2\x30\x71\xc9\x1d\xcc\x56\xc3\x9d\xee\xfa\x26\xdb\xe4\xe2\x17\xb7\x3d\xb9\x27\x6a\x7c\xa5\xe7\xa9", + NULL, + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + NULL, + (const uint8_t *)"\xe7\xf5\x57\x48\x54\x71\xae\xc0\xba\x8d\x12\x90\xc5\x25\xef\xe3\xc7\xea\x39\x09\x24\xe8\x20\x6d\x03\x8d\x80\x1e\xdd\x24\xbb\x5a", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\xf8\xa9\xd5\xe6\x18\xbb\xb7\x07\x1d\xb3\x8f\x78\x61\x30\x63\x01\xa5\x49\xc6\x05\x92\x7f\x67\x98\x72\x76\x75\xb1\x31\x1f\x14\xf9", + (const uint8_t *)"\xab\xa3\xf5\x4f\xcc\x3f\xd7\xb7\x23\x73\x51\x6e\x64\xc1\xaa\x6b\xa9\x77\x30\x58\xe6\xd4\xf5\xe9\xa5\xd2\x0d\x35\x42\x65\xda\xf1", + }, +}; + +static const struct secret client_explicit_2[] = { + { + GNUTLS_ENCRYPTION_LEVEL_EARLY, + 32, + NULL, + (const uint8_t *)"\x6f\x16\x97\x8e\x90\x94\x77\x40\x0f\x00\xff\x79\x1c\x15\x20\x19\xeb\xc6\x10\x59\x8f\x92\xac\xab\xe6\xc8\x3c\x12\x30\x94\x91\x12", + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xf0\x91\x46\x67\xe1\x36\xb5\xd2\x30\x71\xc9\x1d\xcc\x56\xc3\x9d\xee\xfa\x26\xdb\xe4\xe2\x17\xb7\x3d\xb9\x27\x6a\x7c\xa5\xe7\xa9", + NULL, + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + NULL, + (const uint8_t *)"\xe7\xf5\x57\x48\x54\x71\xae\xc0\xba\x8d\x12\x90\xc5\x25\xef\xe3\xc7\xea\x39\x09\x24\xe8\x20\x6d\x03\x8d\x80\x1e\xdd\x24\xbb\x5a", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\xd8\xdf\x24\xd6\xe1\xdc\x86\x3b\x88\x3d\x2b\xad\x56\xec\x22\xd4\x5c\xaf\xa9\x24\xa3\x90\x20\xa1\xae\x77\x5c\x7d\xef\x3d\xcc\x5b", + (const uint8_t *)"\x8d\x02\xe0\xe8\x5f\x9a\xcc\xc7\x8c\x81\x3b\x58\x5f\xa9\xdb\xfd\x98\xb1\x1f\xcc\x3e\x7b\xca\xe7\xef\x05\x4c\x84\x6c\xe1\x11\x25", + }, +}; + +#endif /* GNUTLS_TESTS_CLIENT_SECRETS_H */ diff --git a/tests/client-sign-md5-rep.c b/tests/client-sign-md5-rep.c new file mode 100644 index 0000000..10ae99b --- /dev/null +++ b/tests/client-sign-md5-rep.c @@ -0,0 +1,510 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +/* This tests whether a client will reject a server advertising + * an MD5 signature algorithm */ + +#if defined(_WIN32) || !defined(ENABLE_SSL2) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +pid_t child; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", "client", level, + str); +} + + +static unsigned char tls1_hello[] = { /* server hello etc. */ +0x16, 0x03, 0x03, 0x00, 0x39, 0x02, 0x00, 0x00, 0x35, 0x03, 0x03, 0x95, 0x66, 0x0A, 0x55, 0xBC, +0x04, 0x84, 0xBD, 0x7E, 0xA6, 0xCE, 0x2B, 0x1C, 0x7B, 0x72, 0x28, 0x0D, 0x8E, 0x2C, 0x34, 0xC8, +0xFF, 0x73, 0xBA, 0x6C, 0x9F, 0x20, 0xB9, 0x18, 0xCD, 0x22, 0xCB, 0x00, 0x00, 0x9E, 0x00, 0x00, +0x0D, 0x00, 0x00, 0x00, 0x00, 0xFF, 0x01, 0x00, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x16, 0x03, +0x03, 0x10, 0xE3, 0x0B, 0x00, 0x10, 0xDF, 0x00, 0x10, 0xDC, 0x00, 0x05, 0x4F, 0x30, 0x82, 0x05, +0x4B, 0x30, 0x82, 0x04, 0x33, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x4C, 0x8E, 0x18, 0x71, +0x4B, 0x34, 0xE7, 0x5E, 0x8D, 0xAE, 0xFB, 0xE8, 0xF6, 0x4C, 0x3A, 0x82, 0x30, 0x0D, 0x06, 0x09, +0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x90, 0x31, 0x0B, +0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1B, 0x30, 0x19, 0x06, +0x03, 0x55, 0x04, 0x08, 0x13, 0x12, 0x47, 0x72, 0x65, 0x61, 0x74, 0x65, 0x72, 0x20, 0x4D, 0x61, +0x6E, 0x63, 0x68, 0x65, 0x73, 0x74, 0x65, 0x72, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, +0x07, 0x13, 0x07, 0x53, 0x61, 0x6C, 0x66, 0x6F, 0x72, 0x64, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, +0x55, 0x04, 0x0A, 0x13, 0x11, 0x43, 0x4F, 0x4D, 0x4F, 0x44, 0x4F, 0x20, 0x43, 0x41, 0x20, 0x4C, +0x69, 0x6D, 0x69, 0x74, 0x65, 0x64, 0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, +0x2D, 0x43, 0x4F, 0x4D, 0x4F, 0x44, 0x4F, 0x20, 0x52, 0x53, 0x41, 0x20, 0x44, 0x6F, 0x6D, 0x61, +0x69, 0x6E, 0x20, 0x56, 0x61, 0x6C, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x53, 0x65, +0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x30, 0x1E, +0x17, 0x0D, 0x31, 0x36, 0x30, 0x37, 0x30, 0x37, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x17, +0x0D, 0x31, 0x37, 0x30, 0x39, 0x30, 0x35, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5A, 0x30, 0x59, +0x31, 0x21, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x18, 0x44, 0x6F, 0x6D, 0x61, 0x69, +0x6E, 0x20, 0x43, 0x6F, 0x6E, 0x74, 0x72, 0x6F, 0x6C, 0x20, 0x56, 0x61, 0x6C, 0x69, 0x64, 0x61, +0x74, 0x65, 0x64, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x14, 0x50, 0x6F, +0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x53, 0x53, 0x4C, 0x20, 0x57, 0x69, 0x6C, 0x64, 0x63, 0x61, +0x72, 0x64, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0C, 0x2A, 0x2E, 0x62, +0x61, 0x64, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, +0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, +0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC2, 0x04, 0xEC, 0xF8, 0x8C, 0xEE, +0x04, 0xC2, 0xB3, 0xD8, 0x50, 0xD5, 0x70, 0x58, 0xCC, 0x93, 0x18, 0xEB, 0x5C, 0xA8, 0x68, 0x49, +0xB0, 0x22, 0xB5, 0xF9, 0x95, 0x9E, 0xB1, 0x2B, 0x2C, 0x76, 0x3E, 0x6C, 0xC0, 0x4B, 0x60, 0x4C, +0x4C, 0xEA, 0xB2, 0xB4, 0xC0, 0x0F, 0x80, 0xB6, 0xB0, 0xF9, 0x72, 0xC9, 0x86, 0x02, 0xF9, 0x5C, +0x41, 0x5D, 0x13, 0x2B, 0x7F, 0x71, 0xC4, 0x4B, 0xBC, 0xE9, 0x94, 0x2E, 0x50, 0x37, 0xA6, 0x67, +0x1C, 0x61, 0x8C, 0xF6, 0x41, 0x42, 0xC5, 0x46, 0xD3, 0x16, 0x87, 0x27, 0x9F, 0x74, 0xEB, 0x0A, +0x9D, 0x11, 0x52, 0x26, 0x21, 0x73, 0x6C, 0x84, 0x4C, 0x79, 0x55, 0xE4, 0xD1, 0x6B, 0xE8, 0x06, +0x3D, 0x48, 0x15, 0x52, 0xAD, 0xB3, 0x28, 0xDB, 0xAA, 0xFF, 0x6E, 0xFF, 0x60, 0x95, 0x4A, 0x77, +0x6B, 0x39, 0xF1, 0x24, 0xD1, 0x31, 0xB6, 0xDD, 0x4D, 0xC0, 0xC4, 0xFC, 0x53, 0xB9, 0x6D, 0x42, +0xAD, 0xB5, 0x7C, 0xFE, 0xAE, 0xF5, 0x15, 0xD2, 0x33, 0x48, 0xE7, 0x22, 0x71, 0xC7, 0xC2, 0x14, +0x7A, 0x6C, 0x28, 0xEA, 0x37, 0x4A, 0xDF, 0xEA, 0x6C, 0xB5, 0x72, 0xB4, 0x7E, 0x5A, 0xA2, 0x16, +0xDC, 0x69, 0xB1, 0x57, 0x44, 0xDB, 0x0A, 0x12, 0xAB, 0xDE, 0xC3, 0x0F, 0x47, 0x74, 0x5C, 0x41, +0x22, 0xE1, 0x9A, 0xF9, 0x1B, 0x93, 0xE6, 0xAD, 0x22, 0x06, 0x29, 0x2E, 0xB1, 0xBA, 0x49, 0x1C, +0x0C, 0x27, 0x9E, 0xA3, 0xFB, 0x8B, 0xF7, 0x40, 0x72, 0x00, 0xAC, 0x92, 0x08, 0xD9, 0x8C, 0x57, +0x84, 0x53, 0x81, 0x05, 0xCB, 0xE6, 0xFE, 0x6B, 0x54, 0x98, 0x40, 0x27, 0x85, 0xC7, 0x10, 0xBB, +0x73, 0x70, 0xEF, 0x69, 0x18, 0x41, 0x07, 0x45, 0x55, 0x7C, 0xF9, 0x64, 0x3F, 0x3D, 0x2C, 0xC3, +0xA9, 0x7C, 0xEB, 0x93, 0x1A, 0x4C, 0x86, 0xD1, 0xCA, 0x85, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, +0x82, 0x01, 0xD5, 0x30, 0x82, 0x01, 0xD1, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, +0x30, 0x16, 0x80, 0x14, 0x90, 0xAF, 0x6A, 0x3A, 0x94, 0x5A, 0x0B, 0xD8, 0x90, 0xEA, 0x12, 0x56, +0x73, 0xDF, 0x43, 0xB4, 0x3A, 0x28, 0xDA, 0xE7, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, +0x16, 0x04, 0x14, 0x9D, 0xEE, 0xC1, 0x7B, 0x81, 0x0B, 0x3A, 0x47, 0x69, 0x71, 0x18, 0x7D, 0x11, +0x37, 0x93, 0xBC, 0xA5, 0x1B, 0x3F, 0xFB, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, +0xFF, 0x04, 0x04, 0x03, 0x02, 0x05, 0xA0, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, +0xFF, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, +0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, +0x05, 0x07, 0x03, 0x02, 0x30, 0x4F, 0x06, 0x03, 0x55, 0x1D, 0x20, 0x04, 0x48, 0x30, 0x46, 0x30, +0x3A, 0x06, 0x0B, 0x2B, 0x06, 0x01, 0x04, 0x01, 0xB2, 0x31, 0x01, 0x02, 0x02, 0x07, 0x30, 0x2B, +0x30, 0x29, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1D, 0x68, 0x74, +0x74, 0x70, 0x73, 0x3A, 0x2F, 0x2F, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x2E, 0x63, 0x6F, 0x6D, +0x6F, 0x64, 0x6F, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x43, 0x50, 0x53, 0x30, 0x08, 0x06, 0x06, 0x67, +0x81, 0x0C, 0x01, 0x02, 0x01, 0x30, 0x54, 0x06, 0x03, 0x55, 0x1D, 0x1F, 0x04, 0x4D, 0x30, 0x4B, +0x30, 0x49, 0xA0, 0x47, 0xA0, 0x45, 0x86, 0x43, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x63, +0x72, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x6F, 0x64, 0x6F, 0x63, 0x61, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, +0x43, 0x4F, 0x4D, 0x4F, 0x44, 0x4F, 0x52, 0x53, 0x41, 0x44, 0x6F, 0x6D, 0x61, 0x69, 0x6E, 0x56, +0x61, 0x6C, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x53, +0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x41, 0x2E, 0x63, 0x72, 0x6C, 0x30, 0x81, 0x85, 0x06, 0x08, +0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x79, 0x30, 0x77, 0x30, 0x4F, 0x06, 0x08, +0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x43, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, +0x2F, 0x63, 0x72, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x6F, 0x64, 0x6F, 0x63, 0x61, 0x2E, 0x63, 0x6F, +0x6D, 0x2F, 0x43, 0x4F, 0x4D, 0x4F, 0x44, 0x4F, 0x52, 0x53, 0x41, 0x44, 0x6F, 0x6D, 0x61, 0x69, +0x6E, 0x56, 0x61, 0x6C, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x53, 0x65, 0x63, 0x75, 0x72, +0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x41, 0x2E, 0x63, 0x72, 0x74, 0x30, 0x24, 0x06, +0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, 0x74, 0x74, 0x70, 0x3A, +0x2F, 0x2F, 0x6F, 0x63, 0x73, 0x70, 0x2E, 0x63, 0x6F, 0x6D, 0x6F, 0x64, 0x6F, 0x63, 0x61, 0x2E, +0x63, 0x6F, 0x6D, 0x30, 0x23, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x1C, 0x30, 0x1A, 0x82, 0x0C, +0x2A, 0x2E, 0x62, 0x61, 0x64, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x0A, 0x62, 0x61, +0x64, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, +0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x75, 0x48, 0x83, 0x88, +0x9C, 0x55, 0x24, 0x37, 0x30, 0x07, 0xEB, 0x26, 0x68, 0xC8, 0x79, 0x1C, 0x5C, 0xAE, 0x9A, 0x02, +0x9A, 0xB5, 0x52, 0x75, 0x44, 0xAC, 0xA9, 0xED, 0x59, 0x65, 0xD0, 0xC6, 0x47, 0x26, 0x04, 0x8D, +0x57, 0x89, 0x16, 0x2E, 0x71, 0x18, 0x48, 0x98, 0x68, 0x1C, 0xF6, 0x31, 0xF5, 0x26, 0x4B, 0xE8, +0x81, 0x44, 0xB1, 0xFF, 0x5C, 0x65, 0x3D, 0x78, 0x54, 0x94, 0xC3, 0x86, 0x9D, 0x48, 0x96, 0xE8, +0x32, 0xAF, 0xE1, 0x8F, 0x94, 0x47, 0xBE, 0x37, 0x8C, 0xC3, 0xED, 0x4D, 0x97, 0xBB, 0xC6, 0x2A, +0x37, 0x72, 0x01, 0x3A, 0x8F, 0x82, 0xA4, 0x34, 0x44, 0xC4, 0xC4, 0xF8, 0x50, 0x24, 0x48, 0x9E, +0x19, 0xF0, 0xEC, 0xE1, 0xC6, 0x13, 0x44, 0x26, 0xB6, 0x65, 0xE1, 0x62, 0x49, 0x87, 0xA4, 0xF4, +0xD8, 0xC4, 0x39, 0x3C, 0x7D, 0x42, 0xC8, 0xA4, 0x2A, 0x54, 0x05, 0xA0, 0xDC, 0x0A, 0xF8, 0x2B, +0x22, 0x94, 0x93, 0x78, 0x4E, 0x6A, 0x36, 0x1B, 0xD2, 0xE7, 0xE9, 0xAE, 0x84, 0xED, 0x13, 0x1D, +0xA1, 0xF7, 0xA2, 0x83, 0x81, 0x03, 0x4C, 0x9E, 0x21, 0xFB, 0xBF, 0xA8, 0x30, 0xFE, 0xEB, 0x00, +0x68, 0xB1, 0x7F, 0xBA, 0x5D, 0xE2, 0x5D, 0xFF, 0x41, 0x1F, 0xD6, 0xF5, 0xA6, 0x5C, 0x8A, 0xEF, +0x81, 0x80, 0xC8, 0xF1, 0x52, 0x00, 0x17, 0x9D, 0xD1, 0x96, 0x1A, 0x7D, 0x5E, 0xD2, 0x83, 0xB3, +0x82, 0xC2, 0x3D, 0x46, 0x83, 0xA5, 0x1E, 0xB4, 0x36, 0x35, 0x38, 0xC4, 0x7A, 0x2E, 0xDF, 0x0B, +0xA1, 0x98, 0x63, 0x58, 0x0B, 0x1E, 0xD0, 0x6D, 0x83, 0x1F, 0xF1, 0x72, 0x4D, 0x09, 0xAC, 0x96, +0x1A, 0x0B, 0xE5, 0xF6, 0x34, 0x4C, 0xAB, 0xBC, 0xBC, 0x99, 0x5B, 0x82, 0x59, 0xE6, 0x6C, 0xD3, +0xDB, 0x98, 0xE0, 0xCE, 0x95, 0x3B, 0xCF, 0x4E, 0x17, 0xC3, 0xEE, 0x3A, 0x00, 0x06, 0x0C, 0x30, +0x82, 0x06, 0x08, 0x30, 0x82, 0x03, 0xF0, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x2B, 0x2E, +0x6E, 0xEA, 0xD9, 0x75, 0x36, 0x6C, 0x14, 0x8A, 0x6E, 0xDB, 0xA3, 0x7C, 0x8C, 0x07, 0x30, 0x0D, +0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, 0x05, 0x00, 0x30, 0x81, 0x85, +0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1B, 0x30, +0x19, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x12, 0x47, 0x72, 0x65, 0x61, 0x74, 0x65, 0x72, 0x20, +0x4D, 0x61, 0x6E, 0x63, 0x68, 0x65, 0x73, 0x74, 0x65, 0x72, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, +0x55, 0x04, 0x07, 0x13, 0x07, 0x53, 0x61, 0x6C, 0x66, 0x6F, 0x72, 0x64, 0x31, 0x1A, 0x30, 0x18, +0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x11, 0x43, 0x4F, 0x4D, 0x4F, 0x44, 0x4F, 0x20, 0x43, 0x41, +0x20, 0x4C, 0x69, 0x6D, 0x69, 0x74, 0x65, 0x64, 0x31, 0x2B, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, +0x03, 0x13, 0x22, 0x43, 0x4F, 0x4D, 0x4F, 0x44, 0x4F, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x65, +0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, +0x6F, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x34, 0x30, 0x32, 0x31, 0x32, 0x30, +0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x39, 0x30, 0x32, 0x31, 0x31, 0x32, 0x33, +0x35, 0x39, 0x35, 0x39, 0x5A, 0x30, 0x81, 0x90, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, +0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1B, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x12, +0x47, 0x72, 0x65, 0x61, 0x74, 0x65, 0x72, 0x20, 0x4D, 0x61, 0x6E, 0x63, 0x68, 0x65, 0x73, 0x74, +0x65, 0x72, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x53, 0x61, 0x6C, +0x66, 0x6F, 0x72, 0x64, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x11, 0x43, +0x4F, 0x4D, 0x4F, 0x44, 0x4F, 0x20, 0x43, 0x41, 0x20, 0x4C, 0x69, 0x6D, 0x69, 0x74, 0x65, 0x64, +0x31, 0x36, 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2D, 0x43, 0x4F, 0x4D, 0x4F, 0x44, +0x4F, 0x20, 0x52, 0x53, 0x41, 0x20, 0x44, 0x6F, 0x6D, 0x61, 0x69, 0x6E, 0x20, 0x56, 0x61, 0x6C, +0x69, 0x64, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, +0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, +0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, +0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0x8E, 0xC2, 0x02, 0x19, 0xE1, 0xA0, 0x59, +0xA4, 0xEB, 0x38, 0x35, 0x8D, 0x2C, 0xFD, 0x01, 0xD0, 0xD3, 0x49, 0xC0, 0x64, 0xC7, 0x0B, 0x62, +0x05, 0x45, 0x16, 0x3A, 0xA8, 0xA0, 0xC0, 0x0C, 0x02, 0x7F, 0x1D, 0xCC, 0xDB, 0xC4, 0xA1, 0x6D, +0x77, 0x03, 0xA3, 0x0F, 0x86, 0xF9, 0xE3, 0x06, 0x9C, 0x3E, 0x0B, 0x81, 0x8A, 0x9B, 0x49, 0x1B, +0xAD, 0x03, 0xBE, 0xFA, 0x4B, 0xDB, 0x8C, 0x20, 0xED, 0xD5, 0xCE, 0x5E, 0x65, 0x8E, 0x3E, 0x0D, +0xAF, 0x4C, 0xC2, 0xB0, 0xB7, 0x45, 0x5E, 0x52, 0x2F, 0x34, 0xDE, 0x48, 0x24, 0x64, 0xB4, 0x41, +0xAE, 0x00, 0x97, 0xF7, 0xBE, 0x67, 0xDE, 0x9E, 0xD0, 0x7A, 0xA7, 0x53, 0x80, 0x3B, 0x7C, 0xAD, +0xF5, 0x96, 0x55, 0x6F, 0x97, 0x47, 0x0A, 0x7C, 0x85, 0x8B, 0x22, 0x97, 0x8D, 0xB3, 0x84, 0xE0, +0x96, 0x57, 0xD0, 0x70, 0x18, 0x60, 0x96, 0x8F, 0xEE, 0x2D, 0x07, 0x93, 0x9D, 0xA1, 0xBA, 0xCA, +0xD1, 0xCD, 0x7B, 0xE9, 0xC4, 0x2A, 0x9A, 0x28, 0x21, 0x91, 0x4D, 0x6F, 0x92, 0x4F, 0x25, 0xA5, +0xF2, 0x7A, 0x35, 0xDD, 0x26, 0xDC, 0x46, 0xA5, 0xD0, 0xAC, 0x59, 0x35, 0x8C, 0xFF, 0x4E, 0x91, +0x43, 0x50, 0x3F, 0x59, 0x93, 0x1E, 0x6C, 0x51, 0x21, 0xEE, 0x58, 0x14, 0xAB, 0xFE, 0x75, 0x50, +0x78, 0x3E, 0x4C, 0xB0, 0x1C, 0x86, 0x13, 0xFA, 0x6B, 0x98, 0xBC, 0xE0, 0x3B, 0x94, 0x1E, 0x85, +0x52, 0xDC, 0x03, 0x93, 0x24, 0x18, 0x6E, 0xCB, 0x27, 0x51, 0x45, 0xE6, 0x70, 0xDE, 0x25, 0x43, +0xA4, 0x0D, 0xE1, 0x4A, 0xA5, 0xED, 0xB6, 0x7E, 0xC8, 0xCD, 0x6D, 0xEE, 0x2E, 0x1D, 0x27, 0x73, +0x5D, 0xDC, 0x45, 0x30, 0x80, 0xAA, 0xE3, 0xB2, 0x41, 0x0B, 0xAF, 0xBD, 0x44, 0x87, 0xDA, 0xB9, +0xE5, 0x1B, 0x9D, 0x7F, 0xAE, 0xE5, 0x85, 0x82, 0xA5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, +0x01, 0x65, 0x30, 0x82, 0x01, 0x61, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, +0x16, 0x80, 0x14, 0xBB, 0xAF, 0x7E, 0x02, 0x3D, 0xFA, 0xA6, 0xF1, 0x3C, 0x84, 0x8E, 0xAD, 0xEE, +0x38, 0x98, 0xEC, 0xD9, 0x32, 0x32, 0xD4, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, +0x04, 0x14, 0x90, 0xAF, 0x6A, 0x3A, 0x94, 0x5A, 0x0B, 0xD8, 0x90, 0xEA, 0x12, 0x56, 0x73, 0xDF, +0x43, 0xB4, 0x3A, 0x28, 0xDA, 0xE7, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, +0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, +0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01, 0x00, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, +0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, +0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x1D, 0x20, +0x04, 0x14, 0x30, 0x12, 0x30, 0x06, 0x06, 0x04, 0x55, 0x1D, 0x20, 0x00, 0x30, 0x08, 0x06, 0x06, +0x67, 0x81, 0x0C, 0x01, 0x02, 0x01, 0x30, 0x4C, 0x06, 0x03, 0x55, 0x1D, 0x1F, 0x04, 0x45, 0x30, +0x43, 0x30, 0x41, 0xA0, 0x3F, 0xA0, 0x3D, 0x86, 0x3B, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, +0x63, 0x72, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x6F, 0x64, 0x6F, 0x63, 0x61, 0x2E, 0x63, 0x6F, 0x6D, +0x2F, 0x43, 0x4F, 0x4D, 0x4F, 0x44, 0x4F, 0x52, 0x53, 0x41, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, +0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, +0x2E, 0x63, 0x72, 0x6C, 0x30, 0x71, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, +0x04, 0x65, 0x30, 0x63, 0x30, 0x3B, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, +0x86, 0x2F, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x63, 0x72, 0x74, 0x2E, 0x63, 0x6F, 0x6D, +0x6F, 0x64, 0x6F, 0x63, 0x61, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x43, 0x4F, 0x4D, 0x4F, 0x44, 0x4F, +0x52, 0x53, 0x41, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x43, 0x41, 0x2E, 0x63, 0x72, +0x74, 0x30, 0x24, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, +0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x6F, 0x63, 0x73, 0x70, 0x2E, 0x63, 0x6F, 0x6D, 0x6F, 0x64, +0x6F, 0x63, 0x61, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, +0x0D, 0x01, 0x01, 0x0C, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x4E, 0x2B, 0x76, 0x4F, 0x92, +0x1C, 0x62, 0x36, 0x89, 0xBA, 0x77, 0xC1, 0x27, 0x05, 0xF4, 0x1C, 0xD6, 0x44, 0x9D, 0xA9, 0x9A, +0x3E, 0xAA, 0xD5, 0x66, 0x66, 0x01, 0x3E, 0xEA, 0x49, 0xE6, 0xA2, 0x35, 0xBC, 0xFA, 0xF6, 0xDD, +0x95, 0x8E, 0x99, 0x35, 0x98, 0x0E, 0x36, 0x18, 0x75, 0xB1, 0xDD, 0xDD, 0x50, 0x72, 0x7C, 0xAE, +0xDC, 0x77, 0x88, 0xCE, 0x0F, 0xF7, 0x90, 0x20, 0xCA, 0xA3, 0x67, 0x2E, 0x1F, 0x56, 0x7F, 0x7B, +0xE1, 0x44, 0xEA, 0x42, 0x95, 0xC4, 0x5D, 0x0D, 0x01, 0x50, 0x46, 0x15, 0xF2, 0x81, 0x89, 0x59, +0x6C, 0x8A, 0xDD, 0x8C, 0xF1, 0x12, 0xA1, 0x8D, 0x3A, 0x42, 0x8A, 0x98, 0xF8, 0x4B, 0x34, 0x7B, +0x27, 0x3B, 0x08, 0xB4, 0x6F, 0x24, 0x3B, 0x72, 0x9D, 0x63, 0x74, 0x58, 0x3C, 0x1A, 0x6C, 0x3F, +0x4F, 0xC7, 0x11, 0x9A, 0xC8, 0xA8, 0xF5, 0xB5, 0x37, 0xEF, 0x10, 0x45, 0xC6, 0x6C, 0xD9, 0xE0, +0x5E, 0x95, 0x26, 0xB3, 0xEB, 0xAD, 0xA3, 0xB9, 0xEE, 0x7F, 0x0C, 0x9A, 0x66, 0x35, 0x73, 0x32, +0x60, 0x4E, 0xE5, 0xDD, 0x8A, 0x61, 0x2C, 0x6E, 0x52, 0x11, 0x77, 0x68, 0x96, 0xD3, 0x18, 0x75, +0x51, 0x15, 0x00, 0x1B, 0x74, 0x88, 0xDD, 0xE1, 0xC7, 0x38, 0x04, 0x43, 0x28, 0xE9, 0x16, 0xFD, +0xD9, 0x05, 0xD4, 0x5D, 0x47, 0x27, 0x60, 0xD6, 0xFB, 0x38, 0x3B, 0x6C, 0x72, 0xA2, 0x94, 0xF8, +0x42, 0x1A, 0xDF, 0xED, 0x6F, 0x06, 0x8C, 0x45, 0xC2, 0x06, 0x00, 0xAA, 0xE4, 0xE8, 0xDC, 0xD9, +0xB5, 0xE1, 0x73, 0x78, 0xEC, 0xF6, 0x23, 0xDC, 0xD1, 0xDD, 0x6C, 0x8E, 0x1A, 0x8F, 0xA5, 0xEA, +0x54, 0x7C, 0x96, 0xB7, 0xC3, 0xFE, 0x55, 0x8E, 0x8D, 0x49, 0x5E, 0xFC, 0x64, 0xBB, 0xCF, 0x3E, +0xBD, 0x96, 0xEB, 0x69, 0xCD, 0xBF, 0xE0, 0x48, 0xF1, 0x62, 0x82, 0x10, 0xE5, 0x0C, 0x46, 0x57, +0xF2, 0x33, 0xDA, 0xD0, 0xC8, 0x63, 0xED, 0xC6, 0x1F, 0x94, 0x05, 0x96, 0x4A, 0x1A, 0x91, 0xD1, +0xF7, 0xEB, 0xCF, 0x8F, 0x52, 0xAE, 0x0D, 0x08, 0xD9, 0x3E, 0xA8, 0xA0, 0x51, 0xE9, 0xC1, 0x87, +0x74, 0xD5, 0xC9, 0xF7, 0x74, 0xAB, 0x2E, 0x53, 0xFB, 0xBB, 0x7A, 0xFB, 0x97, 0xE2, 0xF8, 0x1F, +0x26, 0x8F, 0xB3, 0xD2, 0xA0, 0xE0, 0x37, 0x5B, 0x28, 0x3B, 0x31, 0xE5, 0x0E, 0x57, 0x2D, 0x5A, +0xB8, 0xAD, 0x79, 0xAC, 0x5E, 0x20, 0x66, 0x1A, 0xA5, 0xB9, 0xA6, 0xB5, 0x39, 0xC1, 0xF5, 0x98, +0x43, 0xFF, 0xEE, 0xF9, 0xA7, 0xA7, 0xFD, 0xEE, 0xCA, 0x24, 0x3D, 0x80, 0x16, 0xC4, 0x17, 0x8F, +0x8A, 0xC1, 0x60, 0xA1, 0x0C, 0xAE, 0x5B, 0x43, 0x47, 0x91, 0x4B, 0xD5, 0x9A, 0x17, 0x5F, 0xF9, +0xD4, 0x87, 0xC1, 0xC2, 0x8C, 0xB7, 0xE7, 0xE2, 0x0F, 0x30, 0x19, 0x37, 0x86, 0xAC, 0xE0, 0xDC, +0x42, 0x03, 0xE6, 0x94, 0xA8, 0x9D, 0xAE, 0xFD, 0x0F, 0x24, 0x51, 0x94, 0xCE, 0x92, 0x08, 0xD1, +0xFC, 0x50, 0xF0, 0x03, 0x40, 0x7B, 0x88, 0x59, 0xED, 0x0E, 0xDD, 0xAC, 0xD2, 0x77, 0x82, 0x34, +0xDC, 0x06, 0x95, 0x02, 0xD8, 0x90, 0xF9, 0x2D, 0xEA, 0x37, 0xD5, 0x1A, 0x60, 0xD0, 0x67, 0x20, +0xD7, 0xD8, 0x42, 0x0B, 0x45, 0xAF, 0x82, 0x68, 0xDE, 0xDD, 0x66, 0x24, 0x37, 0x90, 0x29, 0x94, +0x19, 0x46, 0x19, 0x25, 0xB8, 0x80, 0xD7, 0xCB, 0xD4, 0x86, 0x28, 0x6A, 0x44, 0x70, 0x26, 0x23, +0x62, 0xA9, 0x9F, 0x86, 0x6F, 0xBF, 0xBA, 0x90, 0x70, 0xD2, 0x56, 0x77, 0x85, 0x78, 0xEF, 0xEA, +0x25, 0xA9, 0x17, 0xCE, 0x50, 0x72, 0x8C, 0x00, 0x3A, 0xAA, 0xE3, 0xDB, 0x63, 0x34, 0x9F, 0xF8, +0x06, 0x71, 0x01, 0xE2, 0x82, 0x20, 0xD4, 0xFE, 0x6F, 0xBD, 0xB1, 0x00, 0x05, 0x78, 0x30, 0x82, +0x05, 0x74, 0x30, 0x82, 0x04, 0x5C, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x27, 0x66, 0xEE, +0x56, 0xEB, 0x49, 0xF3, 0x8E, 0xAB, 0xD7, 0x70, 0xA2, 0xFC, 0x84, 0xDE, 0x22, 0x30, 0x0D, 0x06, +0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, 0x05, 0x00, 0x30, 0x6F, 0x31, 0x0B, +0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x53, 0x45, 0x31, 0x14, 0x30, 0x12, 0x06, +0x03, 0x55, 0x04, 0x0A, 0x13, 0x0B, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x41, +0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x1D, 0x41, 0x64, 0x64, 0x54, +0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6E, 0x61, 0x6C, 0x20, 0x54, 0x54, +0x50, 0x20, 0x4E, 0x65, 0x74, 0x77, 0x6F, 0x72, 0x6B, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, +0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, +0x65, 0x72, 0x6E, 0x61, 0x6C, 0x20, 0x43, 0x41, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x30, 0x1E, 0x17, +0x0D, 0x30, 0x30, 0x30, 0x35, 0x33, 0x30, 0x31, 0x30, 0x34, 0x38, 0x33, 0x38, 0x5A, 0x17, 0x0D, +0x32, 0x30, 0x30, 0x35, 0x33, 0x30, 0x31, 0x30, 0x34, 0x38, 0x33, 0x38, 0x5A, 0x30, 0x81, 0x85, +0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x1B, 0x30, +0x19, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x12, 0x47, 0x72, 0x65, 0x61, 0x74, 0x65, 0x72, 0x20, +0x4D, 0x61, 0x6E, 0x63, 0x68, 0x65, 0x73, 0x74, 0x65, 0x72, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, +0x55, 0x04, 0x07, 0x13, 0x07, 0x53, 0x61, 0x6C, 0x66, 0x6F, 0x72, 0x64, 0x31, 0x1A, 0x30, 0x18, +0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x11, 0x43, 0x4F, 0x4D, 0x4F, 0x44, 0x4F, 0x20, 0x43, 0x41, +0x20, 0x4C, 0x69, 0x6D, 0x69, 0x74, 0x65, 0x64, 0x31, 0x2B, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, +0x03, 0x13, 0x22, 0x43, 0x4F, 0x4D, 0x4F, 0x44, 0x4F, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x65, +0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, +0x6F, 0x72, 0x69, 0x74, 0x79, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, +0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, 0x00, 0x30, 0x82, 0x02, +0x0A, 0x02, 0x82, 0x02, 0x01, 0x00, 0x91, 0xE8, 0x54, 0x92, 0xD2, 0x0A, 0x56, 0xB1, 0xAC, 0x0D, +0x24, 0xDD, 0xC5, 0xCF, 0x44, 0x67, 0x74, 0x99, 0x2B, 0x37, 0xA3, 0x7D, 0x23, 0x70, 0x00, 0x71, +0xBC, 0x53, 0xDF, 0xC4, 0xFA, 0x2A, 0x12, 0x8F, 0x4B, 0x7F, 0x10, 0x56, 0xBD, 0x9F, 0x70, 0x72, +0xB7, 0x61, 0x7F, 0xC9, 0x4B, 0x0F, 0x17, 0xA7, 0x3D, 0xE3, 0xB0, 0x04, 0x61, 0xEE, 0xFF, 0x11, +0x97, 0xC7, 0xF4, 0x86, 0x3E, 0x0A, 0xFA, 0x3E, 0x5C, 0xF9, 0x93, 0xE6, 0x34, 0x7A, 0xD9, 0x14, +0x6B, 0xE7, 0x9C, 0xB3, 0x85, 0xA0, 0x82, 0x7A, 0x76, 0xAF, 0x71, 0x90, 0xD7, 0xEC, 0xFD, 0x0D, +0xFA, 0x9C, 0x6C, 0xFA, 0xDF, 0xB0, 0x82, 0xF4, 0x14, 0x7E, 0xF9, 0xBE, 0xC4, 0xA6, 0x2F, 0x4F, +0x7F, 0x99, 0x7F, 0xB5, 0xFC, 0x67, 0x43, 0x72, 0xBD, 0x0C, 0x00, 0xD6, 0x89, 0xEB, 0x6B, 0x2C, +0xD3, 0xED, 0x8F, 0x98, 0x1C, 0x14, 0xAB, 0x7E, 0xE5, 0xE3, 0x6E, 0xFC, 0xD8, 0xA8, 0xE4, 0x92, +0x24, 0xDA, 0x43, 0x6B, 0x62, 0xB8, 0x55, 0xFD, 0xEA, 0xC1, 0xBC, 0x6C, 0xB6, 0x8B, 0xF3, 0x0E, +0x8D, 0x9A, 0xE4, 0x9B, 0x6C, 0x69, 0x99, 0xF8, 0x78, 0x48, 0x30, 0x45, 0xD5, 0xAD, 0xE1, 0x0D, +0x3C, 0x45, 0x60, 0xFC, 0x32, 0x96, 0x51, 0x27, 0xBC, 0x67, 0xC3, 0xCA, 0x2E, 0xB6, 0x6B, 0xEA, +0x46, 0xC7, 0xC7, 0x20, 0xA0, 0xB1, 0x1F, 0x65, 0xDE, 0x48, 0x08, 0xBA, 0xA4, 0x4E, 0xA9, 0xF2, +0x83, 0x46, 0x37, 0x84, 0xEB, 0xE8, 0xCC, 0x81, 0x48, 0x43, 0x67, 0x4E, 0x72, 0x2A, 0x9B, 0x5C, +0xBD, 0x4C, 0x1B, 0x28, 0x8A, 0x5C, 0x22, 0x7B, 0xB4, 0xAB, 0x98, 0xD9, 0xEE, 0xE0, 0x51, 0x83, +0xC3, 0x09, 0x46, 0x4E, 0x6D, 0x3E, 0x99, 0xFA, 0x95, 0x17, 0xDA, 0x7C, 0x33, 0x57, 0x41, 0x3C, +0x8D, 0x51, 0xED, 0x0B, 0xB6, 0x5C, 0xAF, 0x2C, 0x63, 0x1A, 0xDF, 0x57, 0xC8, 0x3F, 0xBC, 0xE9, +0x5D, 0xC4, 0x9B, 0xAF, 0x45, 0x99, 0xE2, 0xA3, 0x5A, 0x24, 0xB4, 0xBA, 0xA9, 0x56, 0x3D, 0xCF, +0x6F, 0xAA, 0xFF, 0x49, 0x58, 0xBE, 0xF0, 0xA8, 0xFF, 0xF4, 0xB8, 0xAD, 0xE9, 0x37, 0xFB, 0xBA, +0xB8, 0xF4, 0x0B, 0x3A, 0xF9, 0xE8, 0x43, 0x42, 0x1E, 0x89, 0xD8, 0x84, 0xCB, 0x13, 0xF1, 0xD9, +0xBB, 0xE1, 0x89, 0x60, 0xB8, 0x8C, 0x28, 0x56, 0xAC, 0x14, 0x1D, 0x9C, 0x0A, 0xE7, 0x71, 0xEB, +0xCF, 0x0E, 0xDD, 0x3D, 0xA9, 0x96, 0xA1, 0x48, 0xBD, 0x3C, 0xF7, 0xAF, 0xB5, 0x0D, 0x22, 0x4C, +0xC0, 0x11, 0x81, 0xEC, 0x56, 0x3B, 0xF6, 0xD3, 0xA2, 0xE2, 0x5B, 0xB7, 0xB2, 0x04, 0x22, 0x52, +0x95, 0x80, 0x93, 0x69, 0xE8, 0x8E, 0x4C, 0x65, 0xF1, 0x91, 0x03, 0x2D, 0x70, 0x74, 0x02, 0xEA, +0x8B, 0x67, 0x15, 0x29, 0x69, 0x52, 0x02, 0xBB, 0xD7, 0xDF, 0x50, 0x6A, 0x55, 0x46, 0xBF, 0xA0, +0xA3, 0x28, 0x61, 0x7F, 0x70, 0xD0, 0xC3, 0xA2, 0xAA, 0x2C, 0x21, 0xAA, 0x47, 0xCE, 0x28, 0x9C, +0x06, 0x45, 0x76, 0xBF, 0x82, 0x18, 0x27, 0xB4, 0xD5, 0xAE, 0xB4, 0xCB, 0x50, 0xE6, 0x6B, 0xF4, +0x4C, 0x86, 0x71, 0x30, 0xE9, 0xA6, 0xDF, 0x16, 0x86, 0xE0, 0xD8, 0xFF, 0x40, 0xDD, 0xFB, 0xD0, +0x42, 0x88, 0x7F, 0xA3, 0x33, 0x3A, 0x2E, 0x5C, 0x1E, 0x41, 0x11, 0x81, 0x63, 0xCE, 0x18, 0x71, +0x6B, 0x2B, 0xEC, 0xA6, 0x8A, 0xB7, 0x31, 0x5C, 0x3A, 0x6A, 0x47, 0xE0, 0xC3, 0x79, 0x59, 0xD6, +0x20, 0x1A, 0xAF, 0xF2, 0x6A, 0x98, 0xAA, 0x72, 0xBC, 0x57, 0x4A, 0xD2, 0x4B, 0x9D, 0xBB, 0x10, +0xFC, 0xB0, 0x4C, 0x41, 0xE5, 0xED, 0x1D, 0x3D, 0x5E, 0x28, 0x9D, 0x9C, 0xCC, 0xBF, 0xB3, 0x51, +0xDA, 0xA7, 0x47, 0xE5, 0x84, 0x53, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x81, 0xF4, 0x30, 0x81, +0xF1, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xAD, 0xBD, +0x98, 0x7A, 0x34, 0xB4, 0x26, 0xF7, 0xFA, 0xC4, 0x26, 0x54, 0xEF, 0x03, 0xBD, 0xE0, 0x24, 0xCB, +0x54, 0x1A, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xBB, 0xAF, 0x7E, +0x02, 0x3D, 0xFA, 0xA6, 0xF1, 0x3C, 0x84, 0x8E, 0xAD, 0xEE, 0x38, 0x98, 0xEC, 0xD9, 0x32, 0x32, +0xD4, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, +0x86, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, +0x01, 0xFF, 0x30, 0x11, 0x06, 0x03, 0x55, 0x1D, 0x20, 0x04, 0x0A, 0x30, 0x08, 0x30, 0x06, 0x06, +0x04, 0x55, 0x1D, 0x20, 0x00, 0x30, 0x44, 0x06, 0x03, 0x55, 0x1D, 0x1F, 0x04, 0x3D, 0x30, 0x3B, +0x30, 0x39, 0xA0, 0x37, 0xA0, 0x35, 0x86, 0x33, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x63, +0x72, 0x6C, 0x2E, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2E, 0x63, 0x6F, 0x6D, +0x2F, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6E, 0x61, +0x6C, 0x43, 0x41, 0x52, 0x6F, 0x6F, 0x74, 0x2E, 0x63, 0x72, 0x6C, 0x30, 0x35, 0x06, 0x08, 0x2B, +0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0x06, 0x08, 0x2B, +0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, +0x6F, 0x63, 0x73, 0x70, 0x2E, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2E, 0x63, +0x6F, 0x6D, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, 0x05, +0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x64, 0xBF, 0x83, 0xF1, 0x5F, 0x9A, 0x85, 0xD0, 0xCD, 0xB8, +0xA1, 0x29, 0x57, 0x0D, 0xE8, 0x5A, 0xF7, 0xD1, 0xE9, 0x3E, 0xF2, 0x76, 0x04, 0x6E, 0xF1, 0x52, +0x70, 0xBB, 0x1E, 0x3C, 0xFF, 0x4D, 0x0D, 0x74, 0x6A, 0xCC, 0x81, 0x82, 0x25, 0xD3, 0xC3, 0xA0, +0x2A, 0x5D, 0x4C, 0xF5, 0xBA, 0x8B, 0xA1, 0x6D, 0xC4, 0x54, 0x09, 0x75, 0xC7, 0xE3, 0x27, 0x0E, +0x5D, 0x84, 0x79, 0x37, 0x40, 0x13, 0x77, 0xF5, 0xB4, 0xAC, 0x1C, 0xD0, 0x3B, 0xAB, 0x17, 0x12, +0xD6, 0xEF, 0x34, 0x18, 0x7E, 0x2B, 0xE9, 0x79, 0xD3, 0xAB, 0x57, 0x45, 0x0C, 0xAF, 0x28, 0xFA, +0xD0, 0xDB, 0xE5, 0x50, 0x95, 0x88, 0xBB, 0xDF, 0x85, 0x57, 0x69, 0x7D, 0x92, 0xD8, 0x52, 0xCA, +0x73, 0x81, 0xBF, 0x1C, 0xF3, 0xE6, 0xB8, 0x6E, 0x66, 0x11, 0x05, 0xB3, 0x1E, 0x94, 0x2D, 0x7F, +0x91, 0x95, 0x92, 0x59, 0xF1, 0x4C, 0xCE, 0xA3, 0x91, 0x71, 0x4C, 0x7C, 0x47, 0x0C, 0x3B, 0x0B, +0x19, 0xF6, 0xA1, 0xB1, 0x6C, 0x86, 0x3E, 0x5C, 0xAA, 0xC4, 0x2E, 0x82, 0xCB, 0xF9, 0x07, 0x96, +0xBA, 0x48, 0x4D, 0x90, 0xF2, 0x94, 0xC8, 0xA9, 0x73, 0xA2, 0xEB, 0x06, 0x7B, 0x23, 0x9D, 0xDE, +0xA2, 0xF3, 0x4D, 0x55, 0x9F, 0x7A, 0x61, 0x45, 0x98, 0x18, 0x68, 0xC7, 0x5E, 0x40, 0x6B, 0x23, +0xF5, 0x79, 0x7A, 0xEF, 0x8C, 0xB5, 0x6B, 0x8B, 0xB7, 0x6F, 0x46, 0xF4, 0x7B, 0xF1, 0x3D, 0x4B, +0x04, 0xD8, 0x93, 0x80, 0x59, 0x5A, 0xE0, 0x41, 0x24, 0x1D, 0xB2, 0x8F, 0x15, 0x60, 0x58, 0x47, +0xDB, 0xEF, 0x6E, 0x46, 0xFD, 0x15, 0xF5, 0xD9, 0x5F, 0x9A, 0xB3, 0xDB, 0xD8, 0xB8, 0xE4, 0x40, +0xB3, 0xCD, 0x97, 0x39, 0xAE, 0x85, 0xBB, 0x1D, 0x8E, 0xBC, 0xDC, 0x87, 0x9B, 0xD1, 0xA6, 0xEF, +0xF1, 0x3B, 0x6F, 0x10, 0x38, 0x6F, 0x16, 0x03, 0x03, 0x02, 0x0F, 0x0C, 0x00, 0x02, 0x0B, 0x00, +0x80, 0xBB, 0xBC, 0x2D, 0xCA, 0xD8, 0x46, 0x74, 0x90, 0x7C, 0x43, 0xFC, 0xF5, 0x80, 0xE9, 0xCF, +0xDB, 0xD9, 0x58, 0xA3, 0xF5, 0x68, 0xB4, 0x2D, 0x4B, 0x08, 0xEE, 0xD4, 0xEB, 0x0F, 0xB3, 0x50, +0x4C, 0x6C, 0x03, 0x02, 0x76, 0xE7, 0x10, 0x80, 0x0C, 0x5C, 0xCB, 0xBA, 0xA8, 0x92, 0x26, 0x14, +0xC5, 0xBE, 0xEC, 0xA5, 0x65, 0xA5, 0xFD, 0xF1, 0xD2, 0x87, 0xA2, 0xBC, 0x04, 0x9B, 0xE6, 0x77, +0x80, 0x60, 0xE9, 0x1A, 0x92, 0xA7, 0x57, 0xE3, 0x04, 0x8F, 0x68, 0xB0, 0x76, 0xF7, 0xD3, 0x6C, +0xC8, 0xF2, 0x9B, 0xA5, 0xDF, 0x81, 0xDC, 0x2C, 0xA7, 0x25, 0xEC, 0xE6, 0x62, 0x70, 0xCC, 0x9A, +0x50, 0x35, 0xD8, 0xCE, 0xCE, 0xEF, 0x9E, 0xA0, 0x27, 0x4A, 0x63, 0xAB, 0x1E, 0x58, 0xFA, 0xFD, +0x49, 0x88, 0xD0, 0xF6, 0x5D, 0x14, 0x67, 0x57, 0xDA, 0x07, 0x1D, 0xF0, 0x45, 0xCF, 0xE1, 0x6B, +0x9B, 0x00, 0x01, 0x02, 0x00, 0x80, 0x55, 0xFB, 0xB6, 0x92, 0x5A, 0x0C, 0x93, 0x56, 0xE8, 0x1C, +0xCD, 0x23, 0xFC, 0xB9, 0xBE, 0x98, 0x2D, 0x01, 0x4F, 0x35, 0xCE, 0x37, 0xD0, 0xF8, 0xA0, 0x0C, +0x42, 0x3B, 0x27, 0x25, 0x10, 0x04, 0x46, 0x02, 0x19, 0x1F, 0xDC, 0xDA, 0x08, 0x33, 0x42, 0x63, +0x5F, 0x3C, 0x82, 0x1F, 0xFA, 0x46, 0x9E, 0x34, 0xCB, 0x30, 0xED, 0x55, 0x11, 0xD7, 0x00, 0x0C, +0x76, 0x0A, 0x48, 0x0C, 0x1D, 0x7A, 0x13, 0x3D, 0xC6, 0x41, 0xD5, 0x7B, 0xD5, 0x2A, 0xE0, 0xA3, +0xB5, 0xAB, 0x0E, 0xBC, 0xD3, 0x17, 0x14, 0xFD, 0x21, 0x8C, 0x78, 0xB1, 0x4D, 0xF2, 0x5A, 0x44, +0x89, 0x4E, 0x82, 0x3D, 0x8B, 0xAC, 0x5D, 0x49, 0xB2, 0x19, 0x21, 0x67, 0xCA, 0x70, 0xC7, 0x8D, +0x35, 0x89, 0xD1, 0x9D, 0x34, 0xD4, 0x7A, 0xAF, 0x1D, 0x9D, 0x86, 0x0F, 0xEF, 0x5A, 0x4F, 0x9E, +0xDA, 0xF5, 0x02, 0x7E, 0x22, 0x67, 0x01, 0x01, 0x01, 0x00, 0x7B, 0x59, 0x4A, 0x29, 0xF9, 0x9F, +0x53, 0x41, 0x8B, 0xE6, 0x79, 0xE9, 0xF5, 0x73, 0x7C, 0xC8, 0xE9, 0x40, 0x1F, 0x39, 0x08, 0x06, +0x84, 0x3D, 0x80, 0x6B, 0xF0, 0x0C, 0x54, 0xC2, 0x18, 0xD6, 0xAD, 0x53, 0xFD, 0x7C, 0xB3, 0x8B, +0xCE, 0x70, 0x4F, 0xCF, 0xFC, 0xEF, 0xC8, 0x2D, 0xE4, 0xD0, 0xC2, 0x7B, 0x80, 0x57, 0xA2, 0x5F, +0x7F, 0x36, 0xB0, 0xBC, 0x16, 0xB7, 0xC1, 0xC2, 0x12, 0x96, 0x94, 0x88, 0x9D, 0x68, 0xD3, 0xDF, +0xB1, 0x3C, 0xA0, 0x93, 0x3A, 0x4D, 0x90, 0x66, 0x3F, 0xB0, 0x89, 0xE7, 0x21, 0x58, 0xF0, 0x39, +0x8B, 0x83, 0x32, 0x93, 0xCB, 0xA9, 0x57, 0x2B, 0x0A, 0x02, 0x5E, 0xF9, 0xE6, 0x10, 0x9A, 0x7F, +0x2A, 0x23, 0x3D, 0x5C, 0x3F, 0x38, 0x3A, 0x40, 0x0C, 0x1B, 0x7C, 0x0D, 0x5D, 0x7C, 0xF1, 0xB2, +0x88, 0x71, 0xA2, 0x57, 0x02, 0x94, 0x12, 0x45, 0x60, 0xEC, 0xC2, 0xB2, 0xCB, 0x31, 0xF2, 0xF8, +0x1B, 0xDD, 0xEA, 0xF6, 0x40, 0xF6, 0x07, 0xEA, 0xC2, 0x71, 0xA6, 0x07, 0xC8, 0x45, 0xE4, 0xE2, +0x1D, 0x49, 0x53, 0x40, 0x5B, 0x57, 0x68, 0xA4, 0x81, 0x1C, 0xCB, 0x33, 0x95, 0x12, 0x0F, 0x4D, +0xAD, 0x9B, 0x70, 0x53, 0xDC, 0x8B, 0xE6, 0x24, 0x0D, 0x39, 0x83, 0x0E, 0x17, 0xFB, 0x13, 0xF2, +0x45, 0x2C, 0x52, 0x44, 0xA3, 0x22, 0x0D, 0x32, 0xDD, 0x21, 0x05, 0x2B, 0xA1, 0xAC, 0xC4, 0x84, +0xD7, 0x18, 0x2F, 0xA2, 0xB4, 0xF5, 0x4E, 0xED, 0x72, 0x56, 0xB7, 0x87, 0x81, 0xF8, 0x51, 0x30, +0x01, 0xBE, 0x17, 0x31, 0xEE, 0x21, 0xBA, 0x16, 0xAF, 0xEB, 0x0A, 0x54, 0x69, 0x84, 0xB3, 0xDC, +0xCA, 0x04, 0xBB, 0x49, 0x84, 0x4C, 0x0F, 0xCE, 0x20, 0xE2, 0x71, 0xF3, 0x43, 0x26, 0x1D, 0xA4, +0xAF, 0xAE, 0x3F, 0x9E, 0xA3, 0x44, 0xDC, 0xAE, 0xB7, 0x5B, 0x16, 0x03, 0x03, 0x00, 0x04, 0x0E, +0x00, 0x00, 0x00}; + +static void server(int sd) +{ + char buf[1024]; + int ret; + struct pollfd pfd; + unsigned int timeout; + + /* send a TLS 1.x message trace accepting RSA-MD5 */ + + ret = send(sd, tls1_hello, sizeof(tls1_hello), 0); + if (ret < 0) + fail("error sending hello\n"); + + pfd.fd = sd; + pfd.events = POLLIN; + pfd.revents = 0; + + timeout = get_timeout(); + if (timeout > INT_MAX) + fail("invalid timeout value\n"); + + do { + ret = poll(&pfd, 1, (int)timeout); + } while (ret == -1 && errno == EINTR); + + if (ret == -1 || ret == 0) { + fail("timeout waiting for reply\n"); + } + + success("sent hello\n"); + ret = recv(sd, buf, sizeof(buf), 0); + if (ret < 0) + fail("error receiving alert\n"); + + success("all ok\n"); + + close(sd); +} + +static void client(int sd) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_CLIENT); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+AES-128-GCM", NULL); + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_server_name_set(session, GNUTLS_NAME_DNS, "localhost", strlen("localhost")); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, sd); + do { + ret = gnutls_handshake(session); + } while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); + + if (ret != GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) { + fail("server: Handshake returned unexpectedly: %s\n", gnutls_strerror(ret)); + } + + gnutls_alert_send_appropriate(session, ret); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + + +void doit(void) +{ + int sockets[2]; + int err; + + /* tls1_hello contains ServerKeyExchange with custom DH + * parameters */ + if (gnutls_fips140_mode_enabled()) + exit(77); + + signal(SIGPIPE, SIG_IGN); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + + client(sockets[1]); + wait(&status); + check_wait_status(status); + } else { + server(sockets[0]); + _exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/client_dsa_key.c b/tests/client_dsa_key.c new file mode 100644 index 0000000..9e5dec3 --- /dev/null +++ b/tests/client_dsa_key.c @@ -0,0 +1,110 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* Test for correct operation when a client uses a DSA key and + * explicitly enables DSA signatures under TLS 1.2. + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +void doit(void) +{ + gnutls_certificate_credentials_t serv_cred; + gnutls_certificate_credentials_t cli_cred; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&cli_cred) >= 0); + + ret = gnutls_certificate_set_x509_trust_mem(cli_cred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + + ret = gnutls_certificate_set_x509_key_mem(cli_cred, &clidsa_ca3_cert, + &clidsa_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in error code: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* test gnutls_certificate_flags() */ + gnutls_certificate_allocate_credentials(&serv_cred); + gnutls_certificate_set_flags(serv_cred, GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH); + gnutls_certificate_set_verify_flags(serv_cred, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1); + + ret = gnutls_certificate_set_x509_trust_mem(serv_cred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_x509_key_mem(serv_cred, &server_ca3_localhost_cert_chain, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in error code\n"); + exit(1); + } + + test_cli_serv_cert(serv_cred, cli_cred, "NORMAL:+DHE-DSS:+SIGN-DSA-SHA1", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:-DHE-DSS:+SIGN-DSA-SHA1", "localhost"); + + gnutls_certificate_free_credentials(serv_cred); + gnutls_certificate_free_credentials(cli_cred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/cmocka-common.h b/tests/cmocka-common.h new file mode 100644 index 0000000..d89c54d --- /dev/null +++ b/tests/cmocka-common.h @@ -0,0 +1,13 @@ +#ifndef GNUTLS_TESTS_CMOCKA_COMMON_H +#define GNUTLS_TESTS_CMOCKA_COMMON_H + +#include +#include +#include +#include +#include + +#define USE_CMOCKA +#include "eagain-common.h" + +#endif /* GNUTLS_TESTS_CMOCKA_COMMON_H */ diff --git a/tests/common-cert-key-exchange.c b/tests/common-cert-key-exchange.c new file mode 100644 index 0000000..de4b57a --- /dev/null +++ b/tests/common-cert-key-exchange.c @@ -0,0 +1,619 @@ +/* + * Copyright (C) 2015-2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the various certificate key exchange methods supported + * in gnutls */ + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include + +#include "eagain-common.h" +#include "common-cert-key-exchange.h" + +const char *side; +const char *server_priority = NULL; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define MSG "hello there ppl" + +void try_with_key_fail(const char *name, const char *client_prio, + int server_err, int client_err, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + const gnutls_datum_t *cli_cert, + const gnutls_datum_t *cli_key) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + const char *err; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + reset_buffers(); + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + + ret = gnutls_certificate_set_x509_key_mem(serverx509cred, + serv_cert, serv_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + + assert(gnutls_init(&server, GNUTLS_SERVER)>=0); + if (server_priority) + assert(gnutls_priority_set_direct(server, server_priority, NULL) >= 0); + else + assert(gnutls_priority_set_direct(server, client_prio, NULL) >= 0); + + assert(gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred)>=0); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + if (cli_cert) { + gnutls_certificate_set_x509_key_mem(clientx509cred, + cli_cert, cli_key, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE); + } + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Error in %s\n", err); + exit(1); + } + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + success("negotiating %s\n", name); + HANDSHAKE_EXPECT(client, server, client_err, server_err); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); +} + +void try_with_rawpk_key_fail(const char *name, const char *client_prio, + int server_err, int client_err, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + unsigned server_ku, + const gnutls_datum_t *cli_cert, + const gnutls_datum_t *cli_key, + unsigned client_ku) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t server_cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t client_cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + const char *err; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + reset_buffers(); + /* Init server */ + gnutls_certificate_allocate_credentials(&server_cred); + + ret = gnutls_certificate_set_rawpk_key_mem(server_cred, + serv_cert, serv_key, GNUTLS_X509_FMT_PEM, NULL, server_ku, + NULL, 0, 0); + if (ret < 0) + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + + assert(gnutls_init(&server, GNUTLS_SERVER | GNUTLS_ENABLE_RAWPK) >= 0); + if (server_priority) + assert(gnutls_priority_set_direct(server, server_priority, NULL) >= 0); + else + assert(gnutls_priority_set_direct(server, client_prio, NULL) >= 0); + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + server_cred); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&client_cred); + if (ret < 0) + exit(1); + + if (cli_cert) { + ret = gnutls_certificate_set_rawpk_key_mem(client_cred, + cli_cert, cli_key, GNUTLS_X509_FMT_PEM, NULL, client_ku, + NULL, 0, 0); + if (ret < 0) + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE); + } + + ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_ENABLE_RAWPK); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Error in %s\n", err); + exit(1); + } + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + client_cred); + if (ret < 0) + exit(1); + + success("negotiating %s\n", name); + HANDSHAKE_EXPECT(client, server, client_err, server_err); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(server_cred); + gnutls_certificate_free_credentials(client_cred); +} + +void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx, + gnutls_sign_algorithm_t server_sign_algo, + gnutls_sign_algorithm_t client_sign_algo, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + const gnutls_datum_t *client_cert, + const gnutls_datum_t *client_key, + unsigned cert_flags, + unsigned exp_group, + gnutls_certificate_type_t server_ctype, + gnutls_certificate_type_t client_ctype) +{ + int ret; + char buffer[256]; + /* Server stuff. */ + gnutls_certificate_credentials_t server_cred; + gnutls_anon_server_credentials_t s_anoncred; + gnutls_dh_params_t dh_params; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t client_cred; + gnutls_anon_client_credentials_t c_anoncred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN, version; + const char *err; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + reset_buffers(); + /* Init server */ + assert(gnutls_anon_allocate_server_credentials(&s_anoncred)>=0); + assert(gnutls_certificate_allocate_credentials(&server_cred)>=0); + + // Set server crt creds based on ctype + switch (server_ctype) { + case GNUTLS_CRT_X509: + ret = gnutls_certificate_set_x509_key_mem(server_cred, + serv_cert, serv_key, + GNUTLS_X509_FMT_PEM); + break; + case GNUTLS_CRT_RAWPK: + ret = gnutls_certificate_set_rawpk_key_mem(server_cred, + serv_cert, serv_key, GNUTLS_X509_FMT_PEM, NULL, 0, + NULL, 0, 0); + break; + default: + ret = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; + } + + if (ret < 0) { + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + } + + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params(server_cred, dh_params); + gnutls_anon_set_server_dh_params(s_anoncred, dh_params); + + assert(gnutls_init(&server, GNUTLS_SERVER | GNUTLS_ENABLE_RAWPK)>=0); + assert(gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + server_cred)>=0); + assert(gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred)>=0); + + if (server_priority) + assert(gnutls_priority_set_direct(server, server_priority, NULL) >= 0); + else + assert(gnutls_priority_set_direct(server, + "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519:+CTYPE-ALL", + NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&client_cred); + if (ret < 0) + exit(1); + + if (cert_flags == USE_CERT) { + // Set client crt creds based on ctype + switch (client_ctype) { + case GNUTLS_CRT_X509: + gnutls_certificate_set_x509_key_mem(client_cred, + client_cert, client_key, + GNUTLS_X509_FMT_PEM); + break; + case GNUTLS_CRT_RAWPK: + gnutls_certificate_set_rawpk_key_mem(client_cred, + client_cert, client_key, GNUTLS_X509_FMT_PEM, NULL, 0, + NULL, 0, 0); + break; + default: + fail("Illegal client certificate type given\n"); + } + + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE); + } else if (cert_flags == ASK_CERT) { + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + } + +#if 0 + ret = gnutls_certificate_set_x509_trust_mem(client_cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); +#endif + ret = gnutls_init(&client, GNUTLS_CLIENT | GNUTLS_ENABLE_RAWPK); + if (ret < 0) + exit(1); + + + assert(gnutls_anon_allocate_client_credentials(&c_anoncred)>=0); + assert(gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred)>=0); + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + client_cred); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Error in %s\n", err); + exit(1); + } + success("negotiating %s\n", name); + HANDSHAKE(client, server); + + if (gnutls_kx_get(client) != client_kx) { + fail("%s: got unexpected key exchange algorithm: %s (expected %s)\n", name, gnutls_kx_get_name(gnutls_kx_get(client)), + gnutls_kx_get_name(client_kx)); + exit(1); + } + + /* test signature algorithm match */ + version = gnutls_protocol_get_version(client); + if (version >= GNUTLS_TLS1_2) { + ret = gnutls_sign_algorithm_get(server); + if (ret != (int)server_sign_algo) { + fail("%s: got unexpected server signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get_client(server); + if (ret != (int)client_sign_algo) { + fail("%s: got unexpected client signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get(client); + if (ret != (int)server_sign_algo) { + fail("%s: cl: got unexpected server signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get_client(client); + if (ret != (int)client_sign_algo) { + fail("%s: cl: got unexpected client signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + } + + if (exp_group != 0) { + ret = gnutls_group_get(server); + if (ret != (int)exp_group) { + fail("%s: got unexpected server group: %d/%s\n", name, ret, gnutls_group_get_name(ret)); + } + + ret = gnutls_group_get(client); + if (ret != (int)exp_group) { + fail("%s: got unexpected client group: %d/%s\n", name, ret, gnutls_group_get_name(ret)); + } + } + + gnutls_record_send(server, MSG, strlen(MSG)); + + ret = gnutls_record_recv(client, buffer, sizeof(buffer)); + if (ret == 0) { + fail("client: Peer has closed the TLS connection\n"); + exit(1); + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) { + fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret); + exit(1); + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(server_cred); + gnutls_certificate_free_credentials(client_cred); + gnutls_anon_free_server_credentials(s_anoncred); + gnutls_anon_free_client_credentials(c_anoncred); + gnutls_dh_params_deinit(dh_params); +} + +void dtls_try_with_key_mtu(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx, + gnutls_sign_algorithm_t server_sign_algo, + gnutls_sign_algorithm_t client_sign_algo, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + const gnutls_datum_t *client_cert, + const gnutls_datum_t *client_key, + unsigned cert_flags, + unsigned smtu) +{ + int ret; + char buffer[256]; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_anon_server_credentials_t s_anoncred; + gnutls_dh_params_t dh_params; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_anon_client_credentials_t c_anoncred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN, version; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + reset_buffers(); + /* Init server */ + gnutls_anon_allocate_server_credentials(&s_anoncred); + gnutls_certificate_allocate_credentials(&serverx509cred); + + ret = gnutls_certificate_set_x509_key_mem(serverx509cred, + serv_cert, serv_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + } + + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params(serverx509cred, dh_params); + gnutls_anon_set_server_dh_params(s_anoncred, dh_params); + + assert(gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK)>=0); + assert(gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred)>=0); + assert(gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred)>=0); + + assert(gnutls_priority_set_direct(server, + "NORMAL:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519", + NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + if (smtu) + gnutls_dtls_set_mtu (server, smtu); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + if (cert_flags == USE_CERT) { + ret = gnutls_certificate_set_x509_key_mem(clientx509cred, + client_cert, client_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + } + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE); + } else if (cert_flags == ASK_CERT) { + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + } + +#if 0 + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); +#endif + + ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK); + if (ret < 0) + exit(1); + + assert(gnutls_anon_allocate_client_credentials(&c_anoncred)>=0); + assert(gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred)>=0); + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, client_pull_timeout_func); + + gnutls_transport_set_ptr(client, client); + if (smtu) + gnutls_dtls_set_mtu (client, smtu); + + ret = gnutls_priority_set_direct(client, client_prio, NULL); + if (ret < 0) { + exit(1); + } + success("negotiating %s\n", name); + HANDSHAKE_DTLS(client, server); + + if (gnutls_kx_get(client) != client_kx) { + fail("%s: got unexpected key exchange algorithm: %s (expected %s)\n", name, gnutls_kx_get_name(gnutls_kx_get(client)), + gnutls_kx_get_name(client_kx)); + exit(1); + } + + + /* test signature algorithm match */ + version = gnutls_protocol_get_version(client); + if (version >= GNUTLS_DTLS1_2) { + ret = gnutls_sign_algorithm_get(server); + if (ret != (int)server_sign_algo) { + fail("%s: got unexpected server signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get_client(server); + if (ret != (int)client_sign_algo) { + fail("%s: got unexpected client signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get(client); + if (ret != (int)server_sign_algo) { + fail("%s: cl: got unexpected server signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get_client(client); + if (ret != (int)client_sign_algo) { + fail("%s: cl: got unexpected client signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + } + + gnutls_record_send(server, MSG, strlen(MSG)); + + ret = gnutls_record_recv(client, buffer, sizeof(buffer)); + if (ret == 0) { + fail("client: Peer has closed the TLS connection\n"); + exit(1); + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) { + fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret); + exit(1); + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + gnutls_anon_free_server_credentials(s_anoncred); + gnutls_anon_free_client_credentials(c_anoncred); + gnutls_dh_params_deinit(dh_params); +} + diff --git a/tests/common-cert-key-exchange.h b/tests/common-cert-key-exchange.h new file mode 100644 index 0000000..57b2b54 --- /dev/null +++ b/tests/common-cert-key-exchange.h @@ -0,0 +1,121 @@ +/* + * Copyright (C) 2016 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef GNUTLS_TESTS_COMMON_CERT_KEY_EXCHANGE_H +#define GNUTLS_TESTS_COMMON_CERT_KEY_EXCHANGE_H + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#define USE_CERT 1 +#define ASK_CERT 2 + +extern const char *server_priority; + +#define try_x509(name, client_prio, client_kx, server_sign_algo, client_sign_algo) \ + try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, \ + &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN) + +#define try_rawpk(name, client_prio, client_kx, server_sign_algo, client_sign_algo) \ + try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, \ + &rawpk_public_key1, &rawpk_private_key1, NULL, NULL, 0, GNUTLS_CRT_RAWPK, GNUTLS_CRT_UNKNOWN) + +#define try_x509_ks(name, client_prio, client_kx, group) \ + try_with_key_ks(name, client_prio, client_kx, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN, \ + &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL, 0, group, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN) + +#define try_x509_cli(name, client_prio, client_kx, server_sign_algo, client_sign_algo, client_cert) \ + try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, \ + &server_ca3_localhost_cert, &server_ca3_key, &cli_ca3_cert, &cli_ca3_key, client_cert, GNUTLS_CRT_X509, GNUTLS_CRT_X509) + +#define try_rawpk_cli(name, client_prio, client_kx, server_sign_algo, client_sign_algo, client_cert) \ + try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, \ + &rawpk_public_key1, &rawpk_private_key1, &rawpk_public_key2, &rawpk_private_key2, client_cert, GNUTLS_CRT_RAWPK, GNUTLS_CRT_RAWPK) + +void try_with_rawpk_key_fail(const char *name, const char *client_prio, + int server_err, int client_err, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + unsigned server_ku, + const gnutls_datum_t *cli_cert, + const gnutls_datum_t *cli_key, + unsigned client_ku); + +void try_with_key_ks(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx, + gnutls_sign_algorithm_t server_sign_algo, + gnutls_sign_algorithm_t client_sign_algo, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + const gnutls_datum_t *cli_cert, + const gnutls_datum_t *cli_key, + unsigned client_cert, + unsigned exp_group, + gnutls_certificate_type_t server_ctype, + gnutls_certificate_type_t client_ctype); + +inline static +void try_with_key(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx, + gnutls_sign_algorithm_t server_sign_algo, + gnutls_sign_algorithm_t client_sign_algo, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + const gnutls_datum_t *cli_cert, + const gnutls_datum_t *cli_key, + unsigned client_cert, + gnutls_certificate_type_t server_ctype, + gnutls_certificate_type_t client_ctype) +{ + return try_with_key_ks(name, client_prio, client_kx, server_sign_algo, client_sign_algo, + serv_cert, serv_key, cli_cert, cli_key, client_cert, 0, server_ctype, client_ctype); +} + +void try_with_key_fail(const char *name, const char *client_prio, + int server_err, int client_err, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + const gnutls_datum_t *cli_cert, + const gnutls_datum_t *cli_key); + +#define dtls_try(name, client_prio, client_kx, server_sign_algo, client_sign_algo) \ + dtls_try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, \ + &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL, 0) + +#define dtls_try_cli(name, client_prio, client_kx, server_sign_algo, client_sign_algo, client_cert) \ + dtls_try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, \ + &server_ca3_localhost_cert, &server_ca3_key, &cli_ca3_cert, &cli_ca3_key, client_cert) + +#define dtls_try_with_key(name, client_prio, client_kx, server_sign_algo, client_sign_algo, serv_cert, serv_key, cli_cert, cli_key, client_cert) \ + dtls_try_with_key_mtu(name, client_prio, client_kx, server_sign_algo, client_sign_algo, serv_cert, serv_key, cli_cert, cli_key, client_cert, 0) + +void dtls_try_with_key_mtu(const char *name, const char *client_prio, gnutls_kx_algorithm_t client_kx, + gnutls_sign_algorithm_t server_sign_algo, + gnutls_sign_algorithm_t client_sign_algo, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + const gnutls_datum_t *cli_cert, + const gnutls_datum_t *cli_key, + unsigned client_cert, unsigned mtu); + +#endif /* GNUTLS_TESTS_COMMON_CERT_KEY_EXCHANGE_H */ diff --git a/tests/common-key-tests.h b/tests/common-key-tests.h new file mode 100644 index 0000000..f349040 --- /dev/null +++ b/tests/common-key-tests.h @@ -0,0 +1,95 @@ +/* + * Copyright (C) 2017 Red Hat Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef GNUTLS_TESTS_COMMON_KEY_TESTS_H +#define GNUTLS_TESTS_COMMON_KEY_TESTS_H + +#include "cert-common.h" + +#include + +struct _key_tests_st { + const char *name; + gnutls_datum_t key; + gnutls_datum_t cert; + gnutls_pk_algorithm_t pk; + unsigned data_only; + unsigned digest; + unsigned sigalgo; + unsigned sign_flags; +}; + +static const +struct _key_tests_st common_key_tests[] = { + { + .name = "rsa key", + .cert = {(void *) cli_ca3_cert_pem, sizeof(cli_ca3_cert_pem)-1}, + .key = {(void *) cli_ca3_key_pem, sizeof(cli_ca3_key_pem)-1}, + .pk = GNUTLS_PK_RSA, + .digest = GNUTLS_DIG_SHA256, + .sigalgo = GNUTLS_SIGN_RSA_SHA256 + }, + { + .name = "dsa key", + .key = {(void *) clidsa_ca3_key_pem, sizeof(clidsa_ca3_key_pem)-1}, + .cert = {(void *) clidsa_ca3_cert_pem, sizeof(clidsa_ca3_cert_pem)-1}, + .pk = GNUTLS_PK_DSA, + .digest = GNUTLS_DIG_SHA1, + .sigalgo = GNUTLS_SIGN_DSA_SHA1 + }, + { + .name = "ecdsa key", + .key = {(void *) server_ca3_ecc_key_pem, sizeof(server_ca3_ecc_key_pem)-1}, + .cert = {(void *) server_localhost_ca3_ecc_cert_pem, sizeof(server_localhost_ca3_ecc_cert_pem)-1}, + .pk = GNUTLS_PK_ECDSA, + .digest = GNUTLS_DIG_SHA256, + .sigalgo = GNUTLS_SIGN_ECDSA_SHA256 + }, + { + .name = "ecdsa key", + .key = {(void *) server_ca3_ecc_key_pem, sizeof(server_ca3_ecc_key_pem)-1}, + .cert = {(void *) server_localhost_ca3_ecc_cert_pem, sizeof(server_localhost_ca3_ecc_cert_pem)-1}, + .pk = GNUTLS_PK_ECDSA, + .digest = GNUTLS_DIG_SHA256, + .sigalgo = GNUTLS_SIGN_ECDSA_SECP256R1_SHA256 + }, + { + .name = "rsa pss key", + .key = {(void *) server_ca3_rsa_pss_key_pem, sizeof(server_ca3_rsa_pss_key_pem)-1}, + .cert = {(void *) server_ca3_rsa_pss_cert_pem, sizeof(server_ca3_rsa_pss_cert_pem)-1}, + .pk = GNUTLS_PK_RSA_PSS, + .digest = GNUTLS_DIG_SHA256, + .sign_flags = GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, + .sigalgo = GNUTLS_SIGN_RSA_PSS_SHA256 + }, + { + .name = "eddsa key", + .key = {(void *) server_ca3_eddsa_key_pem, sizeof(server_ca3_eddsa_key_pem)-1}, + .cert = {(void *) server_ca3_eddsa_cert_pem, sizeof(server_ca3_eddsa_cert_pem)-1}, + .pk = GNUTLS_PK_EDDSA_ED25519, + .digest = GNUTLS_DIG_SHA512, + .sigalgo = GNUTLS_SIGN_EDDSA_ED25519, + .data_only = 1 + } +}; + +#endif /* GNUTLS_TESTS_COMMON_KEY_TESTS_H */ diff --git a/tests/conv-utf8.c b/tests/conv-utf8.c new file mode 100644 index 0000000..9d630e7 --- /dev/null +++ b/tests/conv-utf8.c @@ -0,0 +1,131 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Authors: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +int _gnutls_utf8_to_ucs2(const void *data, size_t size, + gnutls_datum_t * output, unsigned be); + +int _gnutls_ucs2_to_utf8(const void *data, size_t size, + gnutls_datum_t * output, unsigned be); + +#define DEBUG + +#ifdef DEBUG +static void PRINT(const char *str, unsigned char *val, unsigned int size) +{ + unsigned i; + printf("%s", str); + for (i=0;i +#endif + +#include +#include +#include + +#include +#include + +#include "utils.h" + +static const char simple1[] = +/* CRL */ +"-----BEGIN X509 CRL-----\n" +"MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0wGA8yMDE0\n" +"MDkxMzA5MDUyM1oYDzIwMTUwOTEzMDkwNTIzWjAAoDowODAfBgNVHSMEGDAWgBTx\n" +"Fcb1FYLbhH9yuqg4wlVJUZnYKTAVBgNVHRQEDgIMVBQI0zeJoFHkLaWNMA0GCSqG\n" +"SIb3DQEBCwUAA4IBAQB6SGYePy1MBmtELyWdnlJHlQ4bBgb4vjuLDSfH0X6b4dAS\n" +"MEZws8iA5SaJFIioIP41s3lfQ1Am7GjSoNccHdrLmEcUSTQLwLYaDL8SgxekP5Au\n" +"w8HTu1cz/mnjBBDURq1RvyGNFm6MXf1Rg/bHSea/EpDkn8KY152BT1/46iQ+Uho6\n" +"hz6UUWsTB4Lj25X8F2hlKwQcb3E63Or2XEPBw4rhaCDFAtSZeBaGUUSJ8CLUKXZf\n" +"5b45MjiZ/osgd81tfn3wdQVjDnaQwNtjeRbK+qU0Z4pIKBvHzRS/fZKwTnrK1DLI\n" +"yY/nqBJT/+Q5zdUx5FXp0bwyZuarJ1GHqcES3Rz1\n" +"-----END X509 CRL-----\n"; + +static const char simple1_constraints[] = +/* CRL */ +"-----BEGIN X509 CRL-----\n" +"MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0wGA8yMDE0\n" +"MDkxMzA4NTkxNloYDzIwMTUwOTEzMDg1OTE2WjAAoDowODAfBgNVHSMEGDAWgBTn\n" +"sISO6h9leKTKtOh/HG0jV03AMzAVBgNVHRQEDgIMVBQHZC2mj6EAgMPSMA0GCSqG\n" +"SIb3DQEBCwUAA4IBAQBHUgtxpOn8EHwlajVYoOh6DFCwIoxBIeUA4518W1cHoV7J\n" +"KMif6lmJRodrcbienDX781QcOaQcNnuu/oBEcoBdbZa0VICzXekIteSwEgGsbRve\n" +"QQFPnZn83I4btse1ly5fdxMsliSM+qRwIyNR18VHXZz9GWYrr4tYWnI2b9XrDnaC\n" +"1b3Ywt7I9pNi0/O0C0rE/37/VvPx6HghnC+un7LtT0Y0n+FQP7dhlMvzHaR8wVxs\n" +"WAzaNvSiJ1rVPzL21iCmQJsRQeDTSJBlzm0lWiU8Nys3ugM2KlERezfp8DkFGA3y\n" +"9Yzpq6gAi39ZK+LjopgGDkrQjxzBIaoe2bcDqB7X\n" +"-----END X509 CRL-----\n"; + +static const char crl_dsa[] = +"-----BEGIN X509 CRL-----\n" +"MIGmMGUwCwYHKoZIzjgEAwUAMDgxCzAJBgNVBAYTAnVzMQwwCgYDVQQKEwNzdW4x\n" +"DDAKBgNVBAsTA2plczENMAsGA1UEAxMEZ3JlZxcNMDUwNTE3MTk1OTQwWhcNMDYw\n" +"NTE3MTk1OTQwWjALBgcqhkjOOAQDBQADMAAwLQIUBBFLGYjUCVrRTGf3GTR6SGs/\n" +"accCFQCUhnSmr+CXCWKq8DtydVwH9FLsRA==\n" +"-----END X509 CRL-----\n"; + +static const char crl_rsa_sha1[] = +"-----BEGIN X509 CRL-----\n" +"MIIB2zCBxAIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJOTjExMC8GA1UE\n" +"CgwoRWRlbCBDdXJsIEFyY3RpYyBJbGx1ZGl1bSBSZXNlYXJjaCBDbG91ZDElMCMG\n" +"A1UEAwwcTm90aGVybiBOb3doZXJlIFRydXN0IEFuY2hvchcNMTAwNTI3MjEzNzEx\n" +"WhcNMTAwNjI2MjEzNzExWjAZMBcCBguYlPl8ahcNMTAwNTI3MjEzNzExWqAOMAww\n" +"CgYDVR0UBAMCAQEwDQYJKoZIhvcNAQEFBQADggEBAFuPZJ/cNNCeAzkSxVvPPPRX\n" +"Wsv9T6Dt61C5Fmq9eSNN2kRf7/dq5A5nqTIlHbXXiLdj3UqNhUHXe2oA1UpbdHz9\n" +"0JlfwWm1Y/gMr1fh1n0oFebEtCuOgDRpd07Uiz8AqOUBykDNDUlMvVwR9raHL8hj\n" +"NRwzugsfIxl0CvLLqrBpUWMxW3qemk4cWW39yrDdZgKo6eOZAOR3FQYlLIrw6Jcr\n" +"Kmm0PjdcJIfRgJvNysgyx1dIIKe7QXvFTR/QzdHWIWTkiYIW7wUKSzSICvDCr094\n" +"eo3nr3n9BtOqT61Z1m6FGCP6Mm0wFl6xLTCNd6ygfFo7pcAdWlUsdBgKzics0Kc=\n" +"-----END X509 CRL-----\n"; + +static struct +{ + const char *name; + const char *crl; + unsigned sign_algo; + const char *sign_oid; + int crt_count; + time_t next_update; + time_t this_update; + + time_t crt_revoke_time; + size_t crt_serial_size; + const char *crt_serial; +} crl_list[] = +{ + { .name = "crl-sha256-1", + .crl = simple1, + .sign_algo = GNUTLS_SIGN_RSA_SHA256, + .sign_oid = "1.2.840.113549.1.1.11", + .crt_count = 0, + .this_update = 1410599123, + .next_update = 1442135123 + }, + { .name = "crl-sha256-2", + .crl = simple1_constraints, + .sign_algo = GNUTLS_SIGN_RSA_SHA256, + .sign_oid = "1.2.840.113549.1.1.11", + .crt_count = 0, + .this_update = 1410598756, + .next_update = 1442134756 + }, + { .name = "crl-dsa", + .crl = crl_dsa, + .sign_algo = GNUTLS_SIGN_DSA_SHA1, + .sign_oid = "1.2.840.10040.4.3", + .crt_count = 0, + .this_update = 1116359980, + .next_update = 1147895980 + }, + { .name = "crl-rsa-sha1", + .crl = crl_rsa_sha1, + .sign_algo = GNUTLS_SIGN_RSA_SHA1, + .sign_oid = "1.2.840.113549.1.1.5", + .crt_count = 1, + .this_update = 1274996231, + .next_update = 1277588231, + .crt_revoke_time = 1274996231, + .crt_serial = "\x0b\x98\x94\xf9\x7c\x6a", + .crt_serial_size = 6 + }, + { NULL, NULL, 0, 0} +}; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int exit_val = 0; + size_t i; + int ret; + gnutls_x509_crl_t crl; + gnutls_datum_t tmp; + char oid[256]; + size_t oid_size; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + for (i = 0; crl_list[i].name; i++) { + + if (debug) + printf("Chain '%s' (%d)...\n", crl_list[i].name, + (int) i); + + if (debug > 2) + printf("\tAdding CRL..."); + + ret = gnutls_x509_crl_init(&crl); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crl_init[%d]: %s\n", + (int) i, + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char*)crl_list[i].crl; + tmp.size = strlen(crl_list[i].crl); + + ret = + gnutls_x509_crl_import(crl, &tmp, + GNUTLS_X509_FMT_PEM); + if (debug > 2) + printf("done\n"); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crl_import[%s]: %s\n", + crl_list[i].name, + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crl_print(crl, + GNUTLS_CRT_PRINT_ONELINE, + &tmp); + if (debug) + printf("\tCRL: %.*s\n", + tmp.size, tmp.data); + gnutls_free(tmp.data); + + ret = gnutls_x509_crl_get_signature_algorithm(crl); + if (ret != (int)crl_list[i].sign_algo) { + fail("%s: error extracting signature algorithm: %d/%s\n", crl_list[i].name, ret, gnutls_strerror(ret)); + exit(1); + } + + oid_size = sizeof(oid); + ret = gnutls_x509_crl_get_signature_oid(crl, oid, &oid_size); + if (ret < 0) { + fail("%s: error extracting signature algorithm OID: %s\n", crl_list[i].name, gnutls_strerror(ret)); + exit(1); + } + + if (strcmp(oid, crl_list[i].sign_oid) != 0) { + fail("%s: error on the extracted signature algorithm: %s\n", crl_list[i].name, oid); + exit(1); + } + + ret = gnutls_x509_crl_get_crt_count(crl); + if (ret != crl_list[i].crt_count) { + fail("%s: error on the extracted CRT count: %d\n", crl_list[i].name, ret); + exit(1); + } + + if (crl_list[i].crt_count > 0) { + unsigned char serial[128]; + size_t ssize = sizeof(serial); + time_t t = 0; + + ret = gnutls_x509_crl_get_crt_serial(crl, 0, serial, &ssize, &t); + if (ret < 0) { + fail("%s: error on the extracted serial: %d\n", crl_list[i].name, ret); + } + + if (t != crl_list[i].crt_revoke_time) + fail("%s: error on the extracted revocation time: %u\n", crl_list[i].name, (unsigned)t); + + if (ssize != crl_list[i].crt_serial_size || memcmp(serial, crl_list[i].crt_serial, ssize) != 0) { + for (i=0;i + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +static time_t then = 1207000800; + +static time_t mytime(time_t * t) +{ + if (t) + *t = then; + + return then; +} + +static unsigned char saved_crl_pem[] = + "-----BEGIN X509 CRL-----\n" + "MIICXzCByAIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0zFw0wODAz\n" + "MzEyMjAwMDBaFw0wODAzMzEyMjAyMDBaMFQwFAIDAQIDFw0wODAzMzEyMjAwMDBa\n" + "MB0CDFejHTI2Wi75obBaUhcNMDgwMzMxMjIwMDAwWjAdAgxXox0yNbNP0Ln15zwX\n" + "DTA4MDMzMTIyMDAwMFqgLzAtMB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv\n" + "8bSvMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBgQAFpyifa5AJclRpJfjh\n" + "QOcSoiCJz5QsrGaK5I/UYHcY958hhFjnE2c9g3wYEEt13M2gkgOTXapImPbLXHv+\n" + "cHWGoTqX6+crs7xcC6mFc6JfY7q9O2eP1x386dzCxhsXMti5ml0iOeBpNrMO46Pr\n" + "PuvNaY7OE1UgN0Ha3YjmhP8HtWJSQCMmqIo6vP1/HBSzaXP/cjS7f0WBZemj0eE7\n" + "wwA1GUoUx9wHipvNkCSKy/eQz4fpOJExrvHeb1/N3po9hfZaZJAqR+rsC0j9J+wd\n" + "ZGAdVFKCJUZs0IgsWQqagg0tXGJ8ejdt4yE8zvhhcpf4pcGoYUqtoUPT+Fjnsw7C\n" + "P1GCVZQ2ciGxixljTJFdifhqPshgC1Ytd75MkDYH2RRir/JwypQK9CcqIAOjBzTl\n" + "uk4SkKL2xAIduw6Dz5kAC7G2EM94uODoI/RO5b6eN6Kb/592JrKAfB96jh2wwqW+\n" + "swaA4JPFqNQaiMWW1IXM3VJwXBt8DRSRo46JV5OktvvFRwI=\n" + "-----END X509 CRL-----\n"; + +static unsigned char saved_min_crl_pem[] = + "-----BEGIN X509 CRL-----\n" + "MIICUDCBuQIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0zFw0wODAz\n" + "MzEyMjAwMTBaMFQwFAIDAQIDFw0wODAzMzEyMjAwMTBaMB0CDFejHTI2Wi75obBa\n" + "UhcNMDgwMzMxMjIwMDEwWjAdAgxXox0yNbNP0Ln15zwXDTA4MDMzMTIyMDAxMFqg\n" + "LzAtMB8GA1UdIwQYMBaAFPmohhljtqQUE2B2DwGaNTbv8bSvMAoGA1UdFAQDAgEB\n" + "MA0GCSqGSIb3DQEBCwUAA4IBgQB/Y7MxKf7HpYBoi7N5lNCe7nSd0epQiNPOford\n" + "hGb1ZirZk9m67zg146Cwc0W4ipPzW/OjwgUoVQTm21I7oZj/GPItAABlILd6eRQe\n" + "jYJap0fxiXV7aMRfu2o3qCRGAITQf306H5zJmpdeNxbxzlr3t6IAHBDbLI1WYXiC\n" + "pTHo3wlpwFJEPw5NQ0j6rCAzSH81FHTrEiIOar17uRqeMjbGN6Eo4zjezEx2+ewg\n" + "unsdzx4OWx3KgzsQnyV9EoU6l9jREe519mICx7La6DZkhO4dSPJv6R5jEFitWDNB\n" + "lxZMA5ePrYXuE/3b+Li89R53O+xZxShLQYwBRSHDue44xUv6hh6YNIKDgt4ycIs8\n" + "9JAWsOYJDYUEbAUo+S4sWCU6LzloEvmg7EdJtvJWsScUKK4qbwkDfkBTKjbeBdFj\n" + "w6naZIjzbjMPEe8/T+hmu/txFj3fGj/GzOM1GaJNZ4vMWA4Y6LhB+H1Zf3xK+hV0\n" + "sc0eYw7RpIzEyc9PPz/uM+XabsI=\n" + "-----END X509 CRL-----\n"; + +const gnutls_datum_t saved_crl = { saved_crl_pem, sizeof(saved_crl_pem) - 1 }; +const gnutls_datum_t saved_min_crl = + { saved_min_crl_pem, sizeof(saved_min_crl_pem) - 1 }; + +static void append_crt(gnutls_x509_crl_t crl, const gnutls_datum_t * pem) +{ + gnutls_x509_crt_t crt; + int ret; + + assert(gnutls_x509_crt_init(&crt) >= 0); + assert(gnutls_x509_crt_import(crt, pem, GNUTLS_X509_FMT_PEM) >= 0); + ret = gnutls_x509_crl_set_crt(crl, crt, mytime(0)); + if (ret != 0) + fail("gnutls_x509_crl_set_crt: %s\n", gnutls_strerror(ret)); + + gnutls_x509_crt_deinit(crt); +} + +static void append_aki(gnutls_x509_crl_t crl, const gnutls_datum_t * pem) +{ + gnutls_x509_crt_t crt; + int ret; + unsigned char aki[128]; + size_t aki_size; + + assert(gnutls_x509_crt_init(&crt) >= 0); + assert(gnutls_x509_crt_import(crt, pem, GNUTLS_X509_FMT_PEM) >= 0); + + aki_size = sizeof(aki); + assert(gnutls_x509_crt_get_subject_key_id(crt, aki, &aki_size, NULL) >= + 0); + + ret = gnutls_x509_crl_set_authority_key_id(crl, aki, aki_size); + if (ret != 0) + fail("gnutls_x509_crl_set_authority_key_id: %s\n", + gnutls_strerror(ret)); + + gnutls_x509_crt_deinit(crt); +} + +static void verify_crl(gnutls_x509_crl_t _crl, gnutls_x509_crt_t crt) +{ + int ret; + gnutls_x509_crl_t crl; + unsigned status; + gnutls_datum_t out; + + assert(gnutls_x509_crl_export2(_crl, GNUTLS_X509_FMT_DER, &out) >= 0); + + assert(gnutls_x509_crl_init(&crl) >= 0); + assert(gnutls_x509_crl_import(crl, &out, GNUTLS_X509_FMT_DER) >= 0); + + gnutls_free(out.data); + + ret = gnutls_x509_crl_verify(crl, &crt, 1, 0, &status); + if (ret < 0) + fail("gnutls_x509_crl_verify: %s\n", gnutls_strerror(ret)); + + if (status != 0) + fail("gnutls_x509_crl_verify status: %x\n", status); + gnutls_x509_crl_deinit(crl); +} + +static void sign_crl(gnutls_x509_crl_t crl, const gnutls_datum_t * cert, + const gnutls_datum_t * key) +{ + gnutls_x509_crt_t crt; + gnutls_x509_privkey_t pkey; + int ret; + + assert(gnutls_x509_crt_init(&crt) >= 0); + assert(gnutls_x509_privkey_init(&pkey) >= 0); + + assert(gnutls_x509_crt_import(crt, cert, GNUTLS_X509_FMT_PEM) >= 0); + assert(gnutls_x509_privkey_import(pkey, key, GNUTLS_X509_FMT_PEM) >= 0); + + ret = gnutls_x509_crl_sign(crl, crt, pkey); + if (ret != 0) + fail("gnutls_x509_crl_sign: %s\n", gnutls_strerror(ret)); + + then+=10; + + verify_crl(crl, crt); + + gnutls_x509_crt_deinit(crt); + gnutls_x509_privkey_deinit(pkey); +} + +static gnutls_x509_crl_t generate_crl(unsigned skip_optional) +{ + gnutls_x509_crl_t crl; + int ret; + + success("Generating CRL (%d)\n", skip_optional); + + ret = gnutls_x509_crl_init(&crl); + if (ret != 0) + fail("gnutls_x509_crl_init\n"); + + ret = gnutls_x509_crl_set_version(crl, 1); + if (ret != 0) + fail("gnutls_x509_crl_set_version\n"); + + ret = gnutls_x509_crl_set_this_update(crl, mytime(0)); + if (ret != 0) + fail("gnutls_x509_crl_set_this_update\n"); + + if (!skip_optional) { + ret = gnutls_x509_crl_set_next_update(crl, mytime(0) + 120); + if (ret != 0) + fail("gnutls_x509_crl_set_next_update\n"); + } + + ret = gnutls_x509_crl_set_crt_serial(crl, "\x01\x02\x03", 3, mytime(0)); + if (ret != 0) + fail("gnutls_x509_crl_set_serial %d\n", ret); + + append_crt(crl, &cli_ca3_cert); + append_crt(crl, &subca3_cert); + + append_aki(crl, &ca3_cert); + + ret = gnutls_x509_crl_set_number(crl, "\x01", 1); + if (ret != 0) + fail("gnutls_x509_crl_set_number %d: %s\n", + ret, gnutls_strerror(ret)); + + sign_crl(crl, &ca3_cert, &ca3_key); + + return crl; +} + +void doit(void) +{ + gnutls_datum_t out; + gnutls_x509_crl_t crl; + + gnutls_global_set_time_function(mytime); + + crl = generate_crl(0); + + assert(gnutls_x509_crl_export2(crl, GNUTLS_X509_FMT_PEM, &out) >= 0); + + fprintf(stdout, "%s", out.data); + + assert(out.size == saved_crl.size); + assert(memcmp(out.data, saved_crl.data, out.size) == 0); + + gnutls_free(out.data); + gnutls_x509_crl_deinit(crl); + + /* skip optional parts */ + crl = generate_crl(1); + + assert(gnutls_x509_crl_export2(crl, GNUTLS_X509_FMT_PEM, &out) >= 0); + + fprintf(stdout, "%s", out.data); + + assert(out.size == saved_min_crl.size); + assert(memcmp(out.data, saved_min_crl.data, out.size) == 0); + + gnutls_free(out.data); + gnutls_x509_crl_deinit(crl); + +} diff --git a/tests/crlverify.c b/tests/crlverify.c new file mode 100644 index 0000000..c586011 --- /dev/null +++ b/tests/crlverify.c @@ -0,0 +1,385 @@ +/* + * Copyright (C) 2008-2014 Free Software Foundation, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include +#include + +#include "utils.h" + +static const char *simple1[] = { +/* CRL */ +"-----BEGIN X509 CRL-----\n" +"MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0wGA8yMDE0\n" +"MDkxMzA5MDUyM1oYDzIwMTUwOTEzMDkwNTIzWjAAoDowODAfBgNVHSMEGDAWgBTx\n" +"Fcb1FYLbhH9yuqg4wlVJUZnYKTAVBgNVHRQEDgIMVBQI0zeJoFHkLaWNMA0GCSqG\n" +"SIb3DQEBCwUAA4IBAQB6SGYePy1MBmtELyWdnlJHlQ4bBgb4vjuLDSfH0X6b4dAS\n" +"MEZws8iA5SaJFIioIP41s3lfQ1Am7GjSoNccHdrLmEcUSTQLwLYaDL8SgxekP5Au\n" +"w8HTu1cz/mnjBBDURq1RvyGNFm6MXf1Rg/bHSea/EpDkn8KY152BT1/46iQ+Uho6\n" +"hz6UUWsTB4Lj25X8F2hlKwQcb3E63Or2XEPBw4rhaCDFAtSZeBaGUUSJ8CLUKXZf\n" +"5b45MjiZ/osgd81tfn3wdQVjDnaQwNtjeRbK+qU0Z4pIKBvHzRS/fZKwTnrK1DLI\n" +"yY/nqBJT/+Q5zdUx5FXp0bwyZuarJ1GHqcES3Rz1\n" +"-----END X509 CRL-----\n", +/* CA - cert_signing_key only */ +"-----BEGIN CERTIFICATE-----\n" +"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwOTEzMDkwNTIzWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCybbzvQTOmfwlA\n" +"+q8F/4ms42nhl5lo1lK6JCvE7jZdhqZNXE8e1eNACrU6rCxRQynDhOyAOCLQAAul\n" +"ivNMCW+SFN0IkSYXSRM8aWIDOZT8FyWB3yJSyvi3+SMgm7OYHFW8htH8qaIv0xJf\n" +"1h/ADBE62j9uaQIg7qSn6pVHMDHaITAbPg3y6II1iP3W28Vj/rtvK9yoZu4AThSD\n" +"Vdjl8WT4b4VOBbmioSNCDjx2C73+HLM2eUsdumCVcjWD9gkvCKkqTbOVplGRvCzO\n" +"sKNVGJamH9eGOjF2Az9XuYR+m7jWdIyTitLtbliyFiWwFguQ7BAPVnUS3TSKoLKL\n" +"X9WRGDIVAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcG\n" +"ADAdBgNVHQ4EFgQU8RXG9RWC24R/crqoOMJVSVGZ2CkwDQYJKoZIhvcNAQELBQAD\n" +"ggEBAASDvSD6Gt9E/IANgJ2lq7cvqKHhK/S0crpBHmzouLU1YANAbva8vZ2iVsgP\n" +"ojj5+QKosXgZM67g1u4Vr/Kt7APwYDVV9NlfE7BLSaksaQbh6J464rJ8pXONW6xP\n" +"z6tl/Pm1RqXuxzgnUv700OFuxBnnbglz9aQk5eS7kag8bfUx8MfN5gbW34nB79fn\n" +"5943Z8DmcDfUQZRY66v4S/NAYs7s96ABMB18u9Ct6KqGP/LKfDt2bgeTE/1b68T+\n" +"xmYF8N+JsJ3qP4lqBHgHLUL945nEoG8yDPIiZw3pmw1SyS0ktoVASynAh3W5j//r\n" +"d9Uk2Ojqo2tp/lJ0LCuQ3nWeM2Y=\n" +"-----END CERTIFICATE-----\n" +}; + +static const char *simple1_broken[] = { +/* CRL with some bits flipped */ +"-----BEGIN X509 CRL-----\n" +"MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0wGA8yMDE0\n" +"MDkxMzA5MDUyM1oYDzIwMTUwOTEzMDkwNTIzWjAAoDowODAfBgNVHSMEGDAWgBTx\n" +"Fcb1FYLbhH9yuqg4wlVJUZnYKTAVBgNVHRQEDgIMVBQI0zeJoFHkLaWNMA0GCSqG\n" +"SIb3DQEBCwUAA4IBAQB6SGYePy1MBmtELyWdnlJHlQ4bBgb4vjuLDSfH0X6b4dAS\n" +"MEZws8iA5SaJFIioIP41s3lfQ1Am7GjSoNccHdrLmEcUSTQLwLYaDL8SgxekP5Au\n" +"w8HTu1cz/mnjBBDURq1RvyGNFm6MXf1Rg/bHSea/EpDkn8KY152BT1/46iQ+Uho6\n" +"hz6UUWsTB4Lj25X8F3hlKwQcb3E63Or2XEPBw4rhaCDFAtSZeBaGUUSJ8CLUKXZf\n" +"5b45MjiZ/osgd81tfn3wdQVjDnaQwNtjeRbK+qU0Z4pIKBvHzRS/fZKwTnrK1DLI\n" +"yY/nqBJT/+Q5zdUx5FXp0bwyZuarJ1GHqcES3Rz1\n" +"-----END X509 CRL-----\n", +/* CA - cert_signing_key only */ +"-----BEGIN CERTIFICATE-----\n" +"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwOTEzMDkwNTIzWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCybbzvQTOmfwlA\n" +"+q8F/4ms42nhl5lo1lK6JCvE7jZdhqZNXE8e1eNACrU6rCxRQynDhOyAOCLQAAul\n" +"ivNMCW+SFN0IkSYXSRM8aWIDOZT8FyWB3yJSyvi3+SMgm7OYHFW8htH8qaIv0xJf\n" +"1h/ADBE62j9uaQIg7qSn6pVHMDHaITAbPg3y6II1iP3W28Vj/rtvK9yoZu4AThSD\n" +"Vdjl8WT4b4VOBbmioSNCDjx2C73+HLM2eUsdumCVcjWD9gkvCKkqTbOVplGRvCzO\n" +"sKNVGJamH9eGOjF2Az9XuYR+m7jWdIyTitLtbliyFiWwFguQ7BAPVnUS3TSKoLKL\n" +"X9WRGDIVAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcG\n" +"ADAdBgNVHQ4EFgQU8RXG9RWC24R/crqoOMJVSVGZ2CkwDQYJKoZIhvcNAQELBQAD\n" +"ggEBAASDvSD6Gt9E/IANgJ2lq7cvqKHhK/S0crpBHmzouLU1YANAbva8vZ2iVsgP\n" +"ojj5+QKosXgZM67g1u4Vr/Kt7APwYDVV9NlfE7BLSaksaQbh6J464rJ8pXONW6xP\n" +"z6tl/Pm1RqXuxzgnUv700OFuxBnnbglz9aQk5eS7kag8bfUx8MfN5gbW34nB79fn\n" +"5943Z8DmcDfUQZRY66v4S/NAYs7s96ABMB18u9Ct6KqGP/LKfDt2bgeTE/1b68T+\n" +"xmYF8N+JsJ3qP4lqBHgHLUL945nEoG8yDPIiZw3pmw1SyS0ktoVASynAh3W5j//r\n" +"d9Uk2Ojqo2tp/lJ0LCuQ3nWeM2Y=\n" +"-----END CERTIFICATE-----\n" +}; + +static const char *simple1_constraints[] = { +/* CRL */ +"-----BEGIN X509 CRL-----\n" +"MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0wGA8yMDE0\n" +"MDkxMzA4NTkxNloYDzIwMTUwOTEzMDg1OTE2WjAAoDowODAfBgNVHSMEGDAWgBTn\n" +"sISO6h9leKTKtOh/HG0jV03AMzAVBgNVHRQEDgIMVBQHZC2mj6EAgMPSMA0GCSqG\n" +"SIb3DQEBCwUAA4IBAQBHUgtxpOn8EHwlajVYoOh6DFCwIoxBIeUA4518W1cHoV7J\n" +"KMif6lmJRodrcbienDX781QcOaQcNnuu/oBEcoBdbZa0VICzXekIteSwEgGsbRve\n" +"QQFPnZn83I4btse1ly5fdxMsliSM+qRwIyNR18VHXZz9GWYrr4tYWnI2b9XrDnaC\n" +"1b3Ywt7I9pNi0/O0C0rE/37/VvPx6HghnC+un7LtT0Y0n+FQP7dhlMvzHaR8wVxs\n" +"WAzaNvSiJ1rVPzL21iCmQJsRQeDTSJBlzm0lWiU8Nys3ugM2KlERezfp8DkFGA3y\n" +"9Yzpq6gAi39ZK+LjopgGDkrQjxzBIaoe2bcDqB7X\n" +"-----END X509 CRL-----\n", +/* CA - cert_signing_key only */ +"-----BEGIN CERTIFICATE-----\n" +"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwOTEzMDg1OTE2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7AVMcGmvenCAt\n" +"14Yi2zi6In2vjNakbzDfUa5xaG8oD73h4P8zP2TQqDmUBAAi5EdXoF5/crpgnGY3\n" +"oyUEFYnT7GTI/FO+RxZz9jCLvY3hpeuJcofsFny8n0ARL9WiFKuAEvrZkg+6V3Fh\n" +"TC9bCOFsGVTaLiUoi/nkD9IUgCkybFTqZM+8tLT4/gCMFNs9e0ANa5F+wtvS0bjy\n" +"LLozq6+XpzEXlL3UNKJq9cf02zHjb9ftlMDykRRkGPzppBSfOCJAMOX/BBNpWznJ\n" +"I1bg0m/6X3+SDO3j0PKLVc7BWWTnXXHb4rznwcRZm8zJiKKFE0GDOijzpT6Dl/gX\n" +"JI0lroeJAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQU57CEjuofZXikyrTofxxtI1dNwDMwDQYJKoZIhvcNAQELBQAD\n" +"ggEBALPFKXFauyO0R7Y+zhpiqYe1ms4qU9aprr/x4GMG4ByZ0i0FK8Kh+L5BsNQA\n" +"FsEMeEEmKTHKzkMHfvTJ6y/K6P9rTVY7W2MqlX8IXM02L3fg0zn7Xd9CtCG1nnzh\n" +"fQMf/K/9Xqiotjlrgo8noEZksGPIvDPXXY98dd0clGnBvw2HwiG4h+csr4i9y7CH\n" +"tpnTRJnfzdqDYIh8vnM0tIJbXbe5DBLHnmnx15FQB1apFNa87gdBHAnkHCXrV1vC\n" +"oZXEeUL/zW2ax+ALOglM82dwex2qV9jgcsWfq1Y2JBlVT1QPpbAooCnjvBhmPCjX\n" +"qYkVfApeRr4QAwwkLnyfSKNLHco=\n" +"-----END CERTIFICATE-----\n" +}; + +static const char *simple1_fail[] = { +/* CRL */ +"-----BEGIN X509 CRL-----\n" +"MIIBmjCBgwIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0wGA8yMDE0\n" +"MDkxMzA4NTkxNloYDzIwMTUwOTEzMDg1OTE2WjAAoDowODAfBgNVHSMEGDAWgBTn\n" +"sISO6h9leKTKtOh/HG0jV03AMzAVBgNVHRQEDgIMVBQHZC2mj6EAgMPSMA0GCSqG\n" +"SIb3DQEBCwUAA4IBAQBHUgtxpOn8EHwlajVYoOh6DFCwIoxBIeUA4518W1cHoV7J\n" +"KMif6lmJRodrcbienDX781QcOaQcNnuu/oBEcoBdbZa0VICzXekIteSwEgGsbRve\n" +"QQFPnZn83I4btse1ly5fdxMsliSM+qRwIyNR18VHXZz9GWYrr4tYWnI2b9XrDnaC\n" +"1b3Ywt7I9pNi0/O0C0rE/37/VvPx6HghnC+un7LtT0Y0n+FQP7dhlMvzHaR8wVxs\n" +"WAzaNvSiJ1rVPzL21iCmQJsRQeDTSJBlzm0lWiU8Nys3ugM2KlERezfp8DkFGA3y\n" +"9Yzpq6gAi39ZK+LjopgGDkrQjxzBIaoe2bcDqB7X\n" +"-----END X509 CRL-----\n", +/* CA (unrelated to CRL) */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwODI2MTEwODUyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+iPUnEs+qmj2U\n" +"Rz8plNAE/CpeUxUfNNVonluu4DzulsxAJMN78g+Oqx+ggdkECZxHLISkzErMgiuv\n" +"bG+nr9yxjyHH2YoOAgzgknar5JkOBkKp1bIvyA950ZSygMFEHX1qoaM+F/1/DKjG\n" +"NmMCNUpR0c4m+K22s72LnrpMLMmCZU0fnqngb1+F+iZE6emhcX5Z5D0QTJTAeiYK\n" +"ArnO0rpVEvU0o3nwe3dDrT0YyoCYrzCsCOKUa2wFtkOzLZKJbMBRMflL+fBmtj/Q\n" +"7xUe7ox62ZEqSD7W+Po48/mIuSOhx7u+yToBZ60wKGz9OkQ/JwykkK5ZgI+nPWGT\n" +"1au1K4V7AgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0eAQH/BAgwBqEE\n" +"MAKCADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBSgAJcc9Q5KDpAhkrMORPJS\n" +"boq3vzAfBgNVHSMEGDAWgBQ/lKQpHoyEFz7J+Wn6eT5qxgYQpjANBgkqhkiG9w0B\n" +"AQsFAAOCAQEAoMeZ0cnHes8bWRHLvrGc6wpwVnxYx2CBF9Xd3k4YMNunwBF9oM+T\n" +"ZYSMo4k7C1XZ154avBIyiCne3eU7/oHG1nkqY9ndN5LMyL8KFOniETBY3BdKtlGA\n" +"N+pDiQsrWG6mtqQ+kHFJICnGEDDByGB2eH+oAS+8gNtSfamLuTWYMI6ANjA9OWan\n" +"rkIA7ta97UiH2flvKRctqvZ0n6Vp3n3aUc53FkAbTnxOCBNCBx/veCgD/r74WbcY\n" +"jiwh2RE//3D3Oo7zhUlwQEWQSa/7poG5e6bl7oj4JYjpwSmESCYokT83Iqeb9lwO\n" +"D+dr9zs1tCudW9xz3sUg6IBXhZ4UvegTNg==\n" +"-----END CERTIFICATE-----\n" +}; + +static struct +{ + const char *name; + const char **crl; + const char **ca; + unsigned int verify_flags; + unsigned int expected_verify_result; +} crl_list[] = +{ + { "simple-success", &simple1[0], &simple1[1], + 0, 0 }, + { "simple-constraints", &simple1_constraints[0], &simple1_constraints[1], + 0, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE|GNUTLS_CERT_INVALID }, + { "simple-broken", &simple1_broken[0], &simple1_broken[1], + 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNATURE_FAILURE }, + { "simple-fail", &simple1_fail[0], &simple1_fail[1], + 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND}, + { NULL, NULL, NULL, 0, 0} +}; + +/* GnuTLS internally calls time() to find out the current time when + verifying certificates. To avoid a time bomb, we hard code the + current time. This should work fine on systems where the library + call to time is resolved at run-time. */ +static time_t mytime(time_t * t) +{ + time_t then = 1410599367; + + if (t) + *t = then; + + return then; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int exit_val = 0; + size_t i; + int ret; + gnutls_x509_trust_list_t tl; + unsigned int verify_status; + gnutls_x509_crl_t crl; + gnutls_x509_crt_t ca; + gnutls_datum_t tmp; + + /* The overloading of time() seems to work in linux (ELF?) + * systems only. Disable it on windows. + */ +#ifdef _WIN32 + exit(77); +#endif + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + for (i = 0; crl_list[i].name; i++) { + + if (debug) + printf("Chain '%s' (%d)...\n", crl_list[i].name, + (int) i); + + if (debug > 2) + printf("\tAdding CRL..."); + + ret = gnutls_x509_crl_init(&crl); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crl_init[%d]: %s\n", + (int) i, + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) *crl_list[i].crl; + tmp.size = strlen(*crl_list[i].crl); + + ret = + gnutls_x509_crl_import(crl, &tmp, + GNUTLS_X509_FMT_PEM); + if (debug > 2) + printf("done\n"); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crl_import[%s]: %s\n", + crl_list[i].name, + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crl_print(crl, + GNUTLS_CRT_PRINT_ONELINE, + &tmp); + if (debug) + printf("\tCRL: %.*s\n", + tmp.size, tmp.data); + gnutls_free(tmp.data); + + if (debug > 2) + printf("\tAdding CA certificate..."); + + ret = gnutls_x509_crt_init(&ca); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) *crl_list[i].ca; + tmp.size = strlen(*crl_list[i].ca); + + ret = + gnutls_x509_crt_import(ca, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (debug > 2) + printf("done\n"); + + gnutls_x509_crt_print(ca, GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf("\tCA Certificate: %.*s\n", tmp.size, + tmp.data); + gnutls_free(tmp.data); + + if (debug) + printf("\tVerifying..."); + + ret = gnutls_x509_crl_verify(crl, &ca, 1, crl_list[i].verify_flags, + &verify_status); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_list_verify[%d]: %s\n", + (int) i, gnutls_strerror(ret)); + exit(1); + } + + if (verify_status != crl_list[i].expected_verify_result) { + gnutls_datum_t out1, out2; + gnutls_certificate_verification_status_print + (verify_status, GNUTLS_CRT_X509, &out1, 0); + gnutls_certificate_verification_status_print(crl_list + [i]. + expected_verify_result, + GNUTLS_CRT_X509, + &out2, + 0); + fail("chain[%s]:\nverify_status: %d: %s\nexpected: %d: %s\n", crl_list[i].name, verify_status, out1.data, crl_list[i].expected_verify_result, out2.data); + gnutls_free(out1.data); + gnutls_free(out2.data); + + if (!debug) + exit(1); + } else if (debug) + printf("done\n"); + + gnutls_x509_trust_list_init(&tl, 0); + + ret = + gnutls_x509_trust_list_add_cas(tl, &ca, 1, 0); + if (ret != 1) { + fail("gnutls_x509_trust_list_add_trust_mem\n"); + exit(1); + } + + /* make sure that the two functions don't diverge */ + ret = gnutls_x509_trust_list_add_crls(tl, &crl, 1, GNUTLS_TL_VERIFY_CRL, crl_list[i].verify_flags); + if (crl_list[i].expected_verify_result == 0 && ret < 0) { + fprintf(stderr, + "gnutls_x509_trust_list_add_crls[%d]: %s\n", + (int) i, gnutls_strerror(ret)); + exit(1); + } + if (crl_list[i].expected_verify_result != 0 && ret > 0) { + fprintf(stderr, + "gnutls_x509_trust_list_add_crls[%d]: succeeded when it shouldn't\n", + (int) i); + exit(1); + } + + if (debug) + printf("\tCleanup..."); + + gnutls_x509_trust_list_deinit(tl, 0); + gnutls_x509_crt_deinit(ca); + gnutls_x509_crl_deinit(crl); + + if (debug) + printf("done\n\n\n"); + } + + gnutls_global_deinit(); + + if (debug) + printf("Exit status...%d\n", exit_val); + + exit(exit_val); +} diff --git a/tests/crq-basic.c b/tests/crq-basic.c new file mode 100644 index 0000000..71a2b22 --- /dev/null +++ b/tests/crq-basic.c @@ -0,0 +1,226 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include +#include + +#include "utils.h" + +static const char csr1[] = +"-----BEGIN CERTIFICATE REQUEST-----\n" +"MIICrDCCAZQCAQAwZzELMAkGA1UEBhMCTk4xMTAvBgNVBAoMKEVkZWwgQ3VybCBB\n" +"cmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQxJTAjBgNVBAMMHE5vdGhlcm4g\n" +"Tm93aGVyZSBUcnVzdCBBbmNob3IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" +"AoIBAQDBqQrvdgZ9/ng68Q5AbcJbro+Nf/DViZ5CKvAXlNkuZ8ctARyVo7GmhtQS\n" +"PEc6cOZ7HxEG03Ou38okGQPkYgrrZ9Tc750t4IJ3/iowWvtX5bhPNlJML1etEmqU\n" +"PuRIp62lwDrQTgCZiI+9SnC+O1tr/15vKW0Mp1VK4kPnSQ+ZVFlogTTYqfvIDRRa\n" +"QMtwHvU7wEI5BvljrdkpFFOvQhAdGJW2FYrYQdg3MQqXWhsQkKwd/25xM2t+iBgg\n" +"7b41/+dpSAXAeC4ERvTCjU1wbkL6k+vOEjvR9c4/KVyMvVmD5KHBPI4+OFXzmRiw\n" +"3/Z0yY4o9DgNRSDW28BzouaMbpifAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEA\n" +"eFMy55kFke/e9mrGloRUh1o8dxmzSiVwVCw5DTZQzTFNAMSOZXIId8k2IeHSUd84\n" +"ZyJ1UNyJn2EFcwgaYaMtvZ8xMWR2W0C7lBvOOcjvWmiGze9F2Z5XMQzL8cjkK4jW\n" +"RKIq9b0W6TC8lLO5F2eJpW6BoTQ8cBCDiVIDlCm7xZxPRjHowuyM0Tpewq2PltC1\n" +"p8DbQipZWl5LPaHBSZSmIuUgOBU9porH/Vn0oWXxYfts59103VJY5YKkdz0PiqqA\n" +"5kWYCMFDZyL+nZ2aIol4r8nXkN9MuPOU12aHqPGcDlaGS2i5zfm2Ywsg110k+NCk\n" +"AmqhjnrQjvJhif3rGO4+qw==\n" +"-----END CERTIFICATE REQUEST-----\n"; + +static const char csr2[] = +"-----BEGIN NEW CERTIFICATE REQUEST-----\n" +"MIICrjCCAZYCAQAwJDEiMCAGA1UEAxMZZGhjcC0yLTEyNy5icnEucmVkaGF0LmNv\n" +"bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANiEAXIHON8p4YpVRH+X\n" +"OM546stpyzL5xKdxbRUlfK0pWoqm3iqenRUf43eb9W8RDTx6UhuY21RFETzlYT4r\n" +"+yVXOlvm8K5FLepNcjbqDJb9hngFm2q8u+OM3GKBiyeH43lUMC6/YksqPeEzsmKD\n" +"UlD7rkm9CK8GRyXEsCruFaQ0VA8XB6XK9Av/jfOrGT/gTdmNGKu/fZmoJsjBJh+g\n" +"Yobsi60YyWeuXw2s5zVga73cK1v0JG2ltjZy0M7qSO+CCJa24huO8uvJ4GPOfi/Q\n" +"MPZbsHaZAqrHLQQMfxXJ73gXq7FLIMnCcstWfiagE5QlFZUGj9AnicgiCpMTZMIq\n" +"miECAwEAAaBFMBMGCSqGSIb3DQEJBzEGEwQxMjM0MC4GCSqGSIb3DQEJDjEhMB8w\n" +"DAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB6AAMA0GCSqGSIb3DQEBCwUAA4IB\n" +"AQAqYOqsS3xnfEzLIis3krcjzHGykXxfvnyREDijBIqyXF10lSrmb2byvoIfOuoc\n" +"pSmdT8MaIUTmKnZI4+htEPYcsAMwF2cXL1D2kvJhE0EKHbmv1E0QbJWmbnVz99bs\n" +"GIcFN1die0SYHLgf64bOxKOyq5V8hAaE/lS2yLT7Tf/6+nweYOuE9ONH7KD7zpQo\n" +"LyhsjhH0px75Ftej+yQWEElfokZrNu7iHuwcue3efySlMfpT9G/p4MhQQjFQySkK\n" +"ev17H0d3KBdtcqWjxaS3jDAzmuz6SZwdUxSDkWuqchyAozeBpI+SbIPOgfKHsYc+\n" +"yRKga0201rRJi4NKvt8iqj5r\n" +"-----END NEW CERTIFICATE REQUEST-----\n"; + +static struct +{ + const char *name; + const char *crq; + unsigned version; + unsigned sign_algo; + const char *sign_oid; + unsigned pk_algo; + const char *pk_oid; +} crq_list[] = +{ + { .name = "crl-1", + .crq = csr1, + .sign_algo = GNUTLS_SIGN_RSA_SHA256, + .sign_oid = "1.2.840.113549.1.1.11", + .pk_algo = GNUTLS_PK_RSA, + .pk_oid = "1.2.840.113549.1.1.1", + .version = 1, + }, + { .name = "crl-2", + .crq = csr2, + .sign_algo = GNUTLS_SIGN_RSA_SHA256, + .sign_oid = "1.2.840.113549.1.1.11", + .pk_algo = GNUTLS_PK_RSA, + .pk_oid = "1.2.840.113549.1.1.1", + .version = 1, + }, + { NULL, NULL, 0, 0} +}; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int exit_val = 0; + size_t i; + int ret; + gnutls_x509_crq_t crq; + gnutls_datum_t tmp; + char oid[256]; + size_t oid_size; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + for (i = 0; crq_list[i].name; i++) { + + if (debug) + printf("Chain '%s' (%d)...\n", crq_list[i].name, + (int) i); + + if (debug > 2) + printf("\tAdding CRL..."); + + ret = gnutls_x509_crq_init(&crq); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crq_init[%d]: %s\n", + (int) i, + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char*)crq_list[i].crq; + tmp.size = strlen(crq_list[i].crq); + + ret = + gnutls_x509_crq_import(crq, &tmp, + GNUTLS_X509_FMT_PEM); + if (debug > 2) + printf("done\n"); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crq_import[%s]: %s\n", + crq_list[i].name, + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crq_print(crq, + GNUTLS_CRT_PRINT_ONELINE, + &tmp); + if (debug) + printf("\tCRL: %.*s\n", + tmp.size, tmp.data); + gnutls_free(tmp.data); + + ret = gnutls_x509_crq_get_signature_algorithm(crq); + if (ret != (int)crq_list[i].sign_algo) { + fail("%s: error extracting signature algorithm: %d/%s\n", crq_list[i].name, ret, gnutls_strerror(ret)); + exit(1); + } + + oid_size = sizeof(oid); + ret = gnutls_x509_crq_get_signature_oid(crq, oid, &oid_size); + if (ret < 0) { + fail("%s: error extracting signature algorithm OID: %s\n", crq_list[i].name, gnutls_strerror(ret)); + exit(1); + } + + if (strcmp(oid, crq_list[i].sign_oid) != 0) { + fail("%s: error on the extracted signature algorithm: %s\n", crq_list[i].name, oid); + exit(1); + } + + /* PK */ + ret = gnutls_x509_crq_get_pk_algorithm(crq, NULL); + if (ret != (int)crq_list[i].pk_algo) { + fail("%s: error extracting PK algorithm: %d/%s\n", crq_list[i].name, ret, gnutls_strerror(ret)); + exit(1); + } + + oid_size = sizeof(oid); + ret = gnutls_x509_crq_get_pk_oid(crq, oid, &oid_size); + if (ret < 0) { + fail("%s: error extracting PK algorithm OID: %s\n", crq_list[i].name, gnutls_strerror(ret)); + exit(1); + } + + if (strcmp(oid, crq_list[i].pk_oid) != 0) { + fail("%s: error on the extracted PK algorithm: %s\n", crq_list[i].name, oid); + exit(1); + } + + ret = gnutls_x509_crq_get_version(crq); + if (ret != (int)crq_list[i].version) { + fail("%s: error on the extracted CRQ version: %d\n", crq_list[i].name, ret); + exit(1); + } + + gnutls_x509_crq_deinit(crq); + + if (debug) + printf("done\n\n\n"); + } + + gnutls_global_deinit(); + + if (debug) + printf("Exit status...%d\n", exit_val); + + exit(exit_val); +} diff --git a/tests/crq_apis.c b/tests/crq_apis.c new file mode 100644 index 0000000..d7e31bc --- /dev/null +++ b/tests/crq_apis.c @@ -0,0 +1,549 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", "crq_key_id", level, str); +} + +static unsigned char saved_crq_pem[] = + "-----BEGIN NEW CERTIFICATE REQUEST-----\n" + "MIICSDCCAbECAQAwKzEOMAwGA1UEAxMFbmlrb3MxGTAXBgNVBAoTEG5vbmUgdG8s\n" + "IG1lbnRpb24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALtmQ/Xyxde2jMzF\n" + "3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeLZIkiW8DdU3w77XwEu4C5\n" + "KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKNzj2AC41179gAgY8oBAOg\n" + "Io1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGggdwwEgYJKoZIhvcNAQkHMQUTA2Zv\n" + "bzCBxQYJKoZIhvcNAQkOMYG3MIG0MA8GA1UdEwEB/wQFMAMCAQAwDQYDVR0PAQH/\n" + "BAMDAQAwIwYDVR0RBBwwGoIDYXBhggNmb2+CDnhuLS1reGF3aGsuY29tMB0GA1Ud\n" + "JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgQqAwQFBAPK/v8wFAYILQOCiPS5\n" + "FwUBAf8EBcr+//r+MCsGA1UdEAQkMCKADzIwMTkwNzA5MDQyODI2WoEPMjAxOTA3\n" + "MDkwNzE1MDZaMA0GCSqGSIb3DQEBCwUAA4GBAD5WboLhAYvbStlK1UwvB4b2vmJP\n" + "mfl7S/VmaeBFX8w0lpZTCTCRuB0WJek6YPfXyRsUUJsjWElZeEE0N8V+eQ3oz4um\n" + "N2QCk4Zrc5FRyCkKUe+qaqQhB1ho01ZQDMgkj2B10tubhdrKf17QCzgKEp+5VR46\n" + "Bme4HDJqbHlH+O0y\n" + "-----END NEW CERTIFICATE REQUEST-----\n"; + +const gnutls_datum_t saved_crq = { saved_crq_pem, sizeof(saved_crq_pem)-1 }; + +static unsigned char key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; +const gnutls_datum_t key = { key_pem, sizeof(key_pem)-1 }; + +static time_t mytime(time_t * t) +{ + time_t then = 1207000800; + + if (t) + *t = then; + + return then; +} + +#define TIME1 1562646506 +#define TIME2 1562656506 +#define CPASS "foo" +#define CPASS_OID "1.2.840.113549.1.9.7" + +static gnutls_x509_crq_t generate_crq(void) +{ + gnutls_x509_crq_t crq; + gnutls_x509_privkey_t pkey; + const char *err; + int ret; + size_t s = 0; + char smallbuf[10]; + gnutls_datum_t out; + unsigned crit; + + ret = gnutls_x509_privkey_init(&pkey); + if (ret != 0) + fail("gnutls_x509_privkey_init\n"); + + ret = gnutls_x509_privkey_import(pkey, &key, GNUTLS_X509_FMT_PEM); + if (ret != 0) + fail("gnutls_x509_privkey_import\n"); + + ret = gnutls_x509_crq_init(&crq); + if (ret != 0) + fail("gnutls_x509_crq_init\n"); + + ret = gnutls_x509_crq_set_version(crq, 0); + if (ret != 0) + fail("gnutls_x509_crq_set_version\n"); + + ret = gnutls_x509_crq_set_key(crq, pkey); + if (ret != 0) + fail("gnutls_x509_crq_set_key\n"); + + s = 0; + ret = gnutls_x509_crq_get_extension_info(crq, 0, NULL, &s, NULL); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + fail("gnutls_x509_crq_get_extension_info\n"); + + ret = gnutls_x509_crq_set_basic_constraints(crq, 0, 0); + if (ret != 0) + fail("gnutls_x509_crq_set_basic_constraints %d\n", ret); + + ret = gnutls_x509_crq_set_key_usage(crq, 0); + if (ret != 0) + fail("gnutls_x509_crq_set_key_usage %d\n", ret); + + ret = gnutls_x509_crq_get_challenge_password(crq, NULL, &s); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + fail("%d: gnutls_x509_crq_get_challenge_password %d: %s\n", + __LINE__, ret, gnutls_strerror(ret)); + + ret = gnutls_x509_crq_set_dn(crq, "o = none to\\, mention,cn = nikos", &err); + if (ret < 0) { + fail("gnutls_x509_crq_set_dn: %s, %s\n", gnutls_strerror(ret), err); + } + + ret = gnutls_x509_crq_set_challenge_password(crq, CPASS); + if (ret != 0) + fail("gnutls_x509_crq_set_challenge_password %d\n", ret); + + s = 0; + ret = gnutls_x509_crq_get_challenge_password(crq, NULL, &s); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER || s != 4) + fail("%d: gnutls_x509_crq_get_challenge_password %d: %s (passlen: %d)\n", __LINE__, ret, gnutls_strerror(ret), (int) s); + + s = 10; + ret = gnutls_x509_crq_get_challenge_password(crq, smallbuf, &s); + if (ret != 0 || s != 3 || strcmp(smallbuf, "foo") != 0) + fail("%d: gnutls_x509_crq_get_challenge_password3 %d/%d/%s\n", __LINE__, ret, (int) s, smallbuf); + + s = 0; + ret = gnutls_x509_crq_get_extension_info(crq, 0, NULL, &s, NULL); + if (ret != 0) + fail("gnutls_x509_crq_get_extension_info2\n"); + + s = 0; + ret = gnutls_x509_crq_get_extension_data(crq, 0, NULL, &s); + if (ret != 0) + fail("gnutls_x509_crq_get_extension_data\n"); + + ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME, + "foo", 3, GNUTLS_FSAN_APPEND); + if (ret != 0) + fail("gnutls_x509_crq_set_subject_alt_name\n"); + + ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME, + "bar", 3, GNUTLS_FSAN_APPEND); + if (ret != 0) + fail("gnutls_x509_crq_set_subject_alt_name\n"); + + ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME, + "apa", 3, GNUTLS_FSAN_SET); + if (ret != 0) + fail("gnutls_x509_crq_set_subject_alt_name\n"); + + ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME, + "foo", 3, GNUTLS_FSAN_APPEND); + if (ret != 0) + fail("gnutls_x509_crq_set_subject_alt_name\n"); + + ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME, + "νίκο.com", strlen("νίκο.com"), GNUTLS_FSAN_APPEND); +#if defined(HAVE_LIBIDN2) + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name: %s\n", gnutls_strerror(ret)); +#else + if (ret != GNUTLS_E_UNIMPLEMENTED_FEATURE) + fail("gnutls_x509_crt_set_subject_alt_name: %s\n", gnutls_strerror(ret)); +#endif + + s = 0; + ret = gnutls_x509_crq_get_key_purpose_oid(crq, 0, NULL, &s, NULL); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + fail("gnutls_x509_crq_get_key_purpose_oid %d\n", ret); + + s = 0; + ret = + gnutls_x509_crq_set_key_purpose_oid(crq, + GNUTLS_KP_TLS_WWW_SERVER, + 0); + if (ret != 0) + fail("gnutls_x509_crq_set_key_purpose_oid %d\n", ret); + + s = 0; + ret = gnutls_x509_crq_get_key_purpose_oid(crq, 0, NULL, &s, NULL); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + fail("gnutls_x509_crq_get_key_purpose_oid %d\n", ret); + + s = 0; + ret = + gnutls_x509_crq_set_key_purpose_oid(crq, + GNUTLS_KP_TLS_WWW_CLIENT, + 1); + if (ret != 0) + fail("gnutls_x509_crq_set_key_purpose_oid2 %d\n", ret); + +#define EXT_ID1 "1.2.3.4.5" +#define EXT_ID2 "1.5.3.555555991.5" +#define EXT_DATA1 "\xCA\xFE\xFF" +#define EXT_DATA2 "\xCA\xFE\xFF\xFA\xFE" + /* test writing arbitrary extensions */ + ret = gnutls_x509_crq_set_extension_by_oid(crq, EXT_ID1, EXT_DATA1, sizeof(EXT_DATA1)-1, 0); + if (ret != 0) + fail("gnutls_x509_crq_set_extension_by_oid %s\n", gnutls_strerror(ret)); + + ret = gnutls_x509_crq_set_extension_by_oid(crq, EXT_ID2, EXT_DATA2, sizeof(EXT_DATA2)-1, 1); + if (ret != 0) + fail("gnutls_x509_crq_set_extension_by_oid %s\n", gnutls_strerror(ret)); + + ret = gnutls_x509_crq_set_private_key_usage_period(crq, TIME1, TIME2); + if (ret != 0) + fail("gnutls_x509_crq_set_private_key_usage_period\n"); + + ret = gnutls_x509_crq_print(crq, GNUTLS_CRT_PRINT_FULL, &out); + if (ret != 0) + fail("gnutls_x509_crq_print\n"); + if (debug) + printf("crq: %.*s\n", out.size, out.data); + gnutls_free(out.data); + + ret = gnutls_x509_crq_sign2(crq, pkey, GNUTLS_DIG_SHA256, 0); + if (ret < 0) + fail("gnutls_x509_crq_sign2: %s\n", gnutls_strerror(ret)); + + gnutls_x509_privkey_deinit(pkey); + + /* test reading the arb. extensions */ + crit = -1; + ret = gnutls_x509_crq_get_extension_by_oid2(crq, EXT_ID1, 0, &out, &crit); + if (ret < 0) + fail("gnutls_x509_crq_get_extension_by_oid2: %s\n", gnutls_strerror(ret)); + + if (out.size != sizeof(EXT_DATA1)-1 || memcmp(out.data, EXT_DATA1, out.size) != 0) { + fail("ext1 doesn't match\n"); + } + if (crit != 0) { + fail("ext1 crit flag doesn't match\n"); + } + gnutls_free(out.data); + + crit = -1; + ret = gnutls_x509_crq_get_extension_by_oid2(crq, EXT_ID2, 0, &out, &crit); + if (ret < 0) + fail("gnutls_x509_crq_get_extension_by_oid2: %s\n", gnutls_strerror(ret)); + + if (out.size != sizeof(EXT_DATA2)-1 || memcmp(out.data, EXT_DATA2, out.size) != 0) { + fail("ext2 doesn't match\n"); + } + if (crit != 1) { + fail("ext2 crit flag doesn't match\n"); + } + + gnutls_free(out.data); + + return crq; +} + +/* Tests parameters from the generated CRQ */ +static void test_crq(gnutls_x509_crq_t crq) +{ + int ret, pathlen; + size_t s = 0; + char buf[64]; + gnutls_datum_t out; + time_t t1, t2; + unsigned crit, ca, type; + + ret = gnutls_x509_crq_get_dn2(crq, &out); + assert(ret == 0); + assert(out.size == 28); + assert(memcmp(out.data, "CN=nikos,O=none to\\, mention", out.size)==0); + + gnutls_free(out.data); + + ret = gnutls_x509_crq_get_dn3(crq, &out, GNUTLS_X509_DN_FLAG_COMPAT); + assert(ret == 0); + assert(out.size == 28); + assert(memcmp(out.data, "CN=nikos,O=none to\\, mention", out.size)==0); + + gnutls_free(out.data); + + ret = gnutls_x509_crq_get_dn3(crq, &out, 0); + assert(ret == 0); + assert(out.size == 28); + assert(memcmp(out.data, "O=none to\\, mention,CN=nikos", out.size)==0); + + gnutls_free(out.data); + + ret = gnutls_x509_crq_get_basic_constraints(crq, &crit, &ca, &pathlen); + assert(ret == 0); + assert(ca == 0); + assert(pathlen == 0); + + s = sizeof(buf); + ret = gnutls_x509_crq_get_subject_alt_name(crq, 0, buf, &s, &type, &crit); + assert(ret >= 0); + assert(s == 3); + assert(memcmp(buf, "apa", s) == 0); + assert(type == GNUTLS_SAN_DNSNAME); + assert(crit == 0); + + s = sizeof(buf); + ret = gnutls_x509_crq_get_subject_alt_name(crq, 1, buf, &s, &type, &crit); + assert(ret >= 0); + assert(s == 3); + assert(memcmp(buf, "foo", s) == 0); + assert(type == GNUTLS_SAN_DNSNAME); + assert(crit == 0); + + ret = gnutls_x509_crq_get_private_key_usage_period(crq, &t1, &t2, &crit); + if (ret < 0) + fail("gnutls_x509_crq_get_private_key_usage_period: %s\n", gnutls_strerror(ret)); + assert(t1 == TIME1); + assert(t2 == TIME2); + assert(crit == 0); + + /* check the challenge password using the attribute APIs */ + s = sizeof(buf); + ret = gnutls_x509_crq_get_attribute_info(crq, 1, buf, &s); + assert(ret >= 0); + assert(s == sizeof(CPASS_OID)); + assert(memcmp(buf, CPASS_OID, s) == 0); + + /* check the contents */ + s = sizeof(buf); + ret = gnutls_x509_crq_get_attribute_data(crq, 1, buf, &s); + assert(ret >= 0); + assert(s == sizeof(CPASS)-1+2); + assert(memcmp(buf, "\x13\x03"CPASS, s) == 0); +} + +static void run_set_extensions(gnutls_x509_crq_t crq) +{ + gnutls_x509_crt_t crt; + const char *err = NULL; + gnutls_datum_t out; + int ret; + + ret = global_init(); + if (ret < 0) + fail("global_init\n"); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + + ret = gnutls_x509_crt_init(&crt); + if (ret != 0) + fail("gnutls_x509_crt_init\n"); + + ret = gnutls_x509_crt_set_crq(crt, crq); + if (ret != 0) + fail("gnutls_x509_crt_set_crq: %s\n", gnutls_strerror(ret)); + + ret = gnutls_x509_crt_set_issuer_dn(crt, "o = big\\, and one, cn = my CA", &err); + if (ret < 0) { + fail("gnutls_x509_crt_set_issuer_dn: %s, %s\n", gnutls_strerror(ret), err); + } + + ret = gnutls_x509_crt_set_version(crt, 3); + if (ret != 0) + fail("gnutls_x509_crt_set_version\n"); + + ret = gnutls_x509_crt_set_crq_extensions(crt, crq); + if (ret != 0) + fail("gnutls_x509_crt_set_crq_extensions\n"); + + ret = gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_FULL, &out); + if (ret != 0) + fail("gnutls_x509_crt_print\n"); + if (debug) + printf("crt: %.*s\n", out.size, out.data); + gnutls_free(out.data); + + ret = gnutls_x509_crt_get_raw_issuer_dn(crt, &out); + if (ret < 0 || out.size == 0) + fail("gnutls_x509_crt_get_raw_issuer_dn: %s\n", gnutls_strerror(ret)); + + if (out.size != 41 || + memcmp(out.data, "\x30\x27\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x6d\x79\x20\x43\x41\x31\x15\x30\x13\x06\x03\x55\x04\x0a\x13\x0c\x62\x69\x67\x2c\x20\x61\x6e\x64\x20\x6f\x6e\x65", 41) != 0) { + hexprint(out.data, out.size); + fail("issuer DN comparison failed\n"); + } + gnutls_free(out.data); + + ret = gnutls_x509_crt_get_raw_dn(crt, &out); + if (ret < 0 || out.size == 0) + fail("gnutls_x509_crt_get_raw_dn: %s\n", gnutls_strerror(ret)); + + if (out.size != 45 || + memcmp(out.data, "\x30\x2b\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x6e\x69\x6b\x6f\x73\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x6e\x6f\x6e\x65\x20\x74\x6f\x2c\x20\x6d\x65\x6e\x74\x69\x6f\x6e", 45) != 0) { + fail("DN comparison failed\n"); + } + gnutls_free(out.data); + + gnutls_x509_crt_deinit(crt); + + gnutls_global_deinit(); +} + +static void run_set_extension_by_oid(gnutls_x509_crq_t crq) +{ + gnutls_x509_crt_t crt; + const char *err = NULL; + size_t oid_size; + gnutls_datum_t out, out2; + unsigned i; + int ret; + char oid[128]; + + ret = global_init(); + if (ret < 0) + fail("global_init\n"); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + + ret = gnutls_x509_crt_init(&crt); + if (ret != 0) + fail("gnutls_x509_crt_init\n"); + + ret = gnutls_x509_crt_set_crq(crt, crq); + if (ret != 0) + fail("gnutls_x509_crt_set_crq: %s\n", gnutls_strerror(ret)); + + ret = gnutls_x509_crt_set_issuer_dn(crt, "o = big\\, and one,cn = my CA", &err); + if (ret < 0) { + fail("gnutls_x509_crt_set_issuer_dn: %s, %s\n", gnutls_strerror(ret), err); + } + + ret = gnutls_x509_crt_set_version(crt, 3); + if (ret != 0) + fail("gnutls_x509_crt_set_version\n"); + + ret = gnutls_x509_crt_set_crq_extension_by_oid(crt, crq, GNUTLS_X509EXT_OID_EXTENDED_KEY_USAGE, 0); + if (ret != 0) + fail("gnutls_x509_crt_set_crq_extension_by_oid\n"); + + oid_size = sizeof(oid); + ret = gnutls_x509_crt_get_extension_info(crt, 0, oid, &oid_size, NULL); + if (ret != 0) + fail("gnutls_x509_crt_get_extension_info\n"); + + if (strcmp(oid, GNUTLS_X509EXT_OID_EXTENDED_KEY_USAGE) != 0) + fail("strcmp\n"); + + ret = gnutls_x509_crt_get_extension_data2(crt, 0, &out); + if (ret != 0) + fail("gnutls_x509_crt_get_extension_data2\n"); + + for (i=0;;i++) { + oid_size = sizeof(oid); + ret = gnutls_x509_crq_get_extension_info(crq, i, oid, &oid_size, NULL); + if (ret < 0) + fail("loop: ext not found: %s\n", gnutls_strerror(ret)); + if (strcmp(oid, GNUTLS_X509EXT_OID_EXTENDED_KEY_USAGE) == 0) { + ret = gnutls_x509_crq_get_extension_data2(crq, 3, &out2); + if (ret != 0) + fail("gnutls_x509_crt_get_extension_data2\n"); + break; + } + + } + + if (out.size != out2.size || memcmp(out.data, out2.data, out.size) != 0) { + fail("memcmp %d, %d\n", out.size, out2.size); + } + + gnutls_free(out.data); + gnutls_free(out2.data); + + oid_size = sizeof(oid); + ret = gnutls_x509_crt_get_extension_info(crt, 1, oid, &oid_size, NULL); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + fail("gnutls_x509_crt_get_extension_info\n"); + + + ret = gnutls_x509_crt_get_raw_dn(crt, &out); + if (ret < 0 || out.size == 0) + fail("gnutls_x509_crt_get_raw_dn: %s\n", gnutls_strerror(ret)); + + if (out.size != 45 || + memcmp(out.data, "\x30\x2b\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x6e\x69\x6b\x6f\x73\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x6e\x6f\x6e\x65\x20\x74\x6f\x2c\x20\x6d\x65\x6e\x74\x69\x6f\x6e", 45) != 0) { + fail("DN comparison failed\n"); + } + gnutls_free(out.data); + + gnutls_x509_crt_deinit(crt); + + gnutls_global_deinit(); +} + +void doit(void) +{ + gnutls_datum_t out; + gnutls_x509_crq_t crq; + + gnutls_global_set_time_function(mytime); + + crq = generate_crq(); + + test_crq(crq); + + run_set_extensions(crq); + run_set_extension_by_oid(crq); + + assert(gnutls_x509_crq_export2(crq, GNUTLS_X509_FMT_PEM, &out) >= 0); + +#if defined(HAVE_LIBIDN2) + assert(out.size == saved_crq.size); + assert(memcmp(out.data, saved_crq.data, out.size)==0); +#endif + + gnutls_free(out.data); + gnutls_x509_crq_deinit(crq); +} diff --git a/tests/crq_key_id.c b/tests/crq_key_id.c new file mode 100644 index 0000000..1b73075 --- /dev/null +++ b/tests/crq_key_id.c @@ -0,0 +1,194 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: David Marín Carreño + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", "crq_key_id", level, str); +} + +void doit(void) +{ + gnutls_x509_privkey_t pkey; + gnutls_privkey_t abs_pkey; + gnutls_x509_crq_t crq; + + size_t pkey_key_id_len; + unsigned char *pkey_key_id = NULL; + + size_t crq_key_id_len; + unsigned char *crq_key_id = NULL; + + gnutls_pk_algorithm_t algorithm; + + int ret; + + ret = global_init(); + if (ret < 0) + fail("global_init: %d\n", ret); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_DSA; + algorithm++) { + ret = gnutls_x509_crq_init(&crq); + if (ret < 0) + fail("gnutls_x509_crq_init: %d: %s\n", ret, gnutls_strerror(ret)); + + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) { + fail("gnutls_x509_privkey_init: %d: %s\n", ret, gnutls_strerror(ret)); + } + + ret = gnutls_privkey_init(&abs_pkey); + if (ret < 0) { + fail("gnutls_privkey_init: %d: %s\n", ret, gnutls_strerror(ret)); + } + + ret = + gnutls_x509_privkey_generate(pkey, algorithm, 2048, 0); + if (ret < 0) { + fail("gnutls_x509_privkey_generate (%s): %d: %s\n", + gnutls_pk_algorithm_get_name(algorithm), + ret, gnutls_strerror(ret)); + } else if (debug) { + success("Key[%s] generation ok: %d\n", + gnutls_pk_algorithm_get_name(algorithm), + ret); + } + + pkey_key_id_len = 0; + ret = gnutls_x509_privkey_get_key_id(pkey, 0, pkey_key_id, + &pkey_key_id_len); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { + fail("gnutls_x509_privkey_get_key_id incorrectly returns %d: %s\n", ret, gnutls_strerror(ret)); + } + + pkey_key_id = + malloc(sizeof(unsigned char) * pkey_key_id_len); + ret = + gnutls_x509_privkey_get_key_id(pkey, 0, pkey_key_id, + &pkey_key_id_len); + if (ret != GNUTLS_E_SUCCESS) { + fail("gnutls_x509_privkey_get_key_id incorrectly returns %d: %s\n", ret, gnutls_strerror(ret)); + } + + ret = gnutls_x509_crq_set_version(crq, 1); + if (ret < 0) { + fail("gnutls_x509_crq_set_version: %d: %s\n", ret, gnutls_strerror(ret)); + } + + ret = gnutls_x509_crq_set_key(crq, pkey); + if (ret < 0) { + fail("gnutls_x509_crq_set_key: %d: %s\n", ret, gnutls_strerror(ret)); + } + + ret = + gnutls_x509_crq_set_dn_by_oid(crq, + GNUTLS_OID_X520_COMMON_NAME, + 0, "CN-Test", 7); + if (ret < 0) { + fail("gnutls_x509_crq_set_dn_by_oid: %d: %s\n", ret, gnutls_strerror(ret)); + } + + ret = gnutls_privkey_import_x509(abs_pkey, pkey, 0); + if (ret < 0) { + fail("gnutls_privkey_import_x509: %d: %s\n", ret, gnutls_strerror(ret)); + } + + ret = + gnutls_x509_crq_privkey_sign(crq, abs_pkey, + GNUTLS_DIG_SHA256, 0); + if (ret < 0) { + fail("gnutls_x509_crq_sign: %d: %s\n", ret, gnutls_strerror(ret)); + } + + ret = gnutls_x509_crq_verify(crq, 0); + if (ret < 0) { + fail("gnutls_x509_crq_verify: %d: %s\n", ret, gnutls_strerror(ret)); + } + + crq_key_id_len = 0; + ret = + gnutls_x509_crq_get_key_id(crq, 0, crq_key_id, + &crq_key_id_len); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { + fail("gnutls_x509_crq_get_key_id incorrectly returns %d: %s\n", ret, gnutls_strerror(ret)); + } + + crq_key_id = + malloc(sizeof(unsigned char) * crq_key_id_len); + ret = + gnutls_x509_crq_get_key_id(crq, 0, crq_key_id, + &crq_key_id_len); + if (ret != GNUTLS_E_SUCCESS) { + fail("gnutls_x509_crq_get_key_id incorrectly returns %d: %s\n", ret, gnutls_strerror(ret)); + } + + if (crq_key_id_len == pkey_key_id_len) { + ret = + memcmp(crq_key_id, pkey_key_id, + crq_key_id_len); + if (ret == 0) { + if (debug) + success + ("Key ids are identical. OK.\n"); + } else { + fail("Key ids differ incorrectly: %d\n", + ret); + } + } else { + fail("Key_id lengths differ incorrectly: %d - %d\n", (int) crq_key_id_len, (int) pkey_key_id_len); + } + + + if (pkey_key_id) { + free(pkey_key_id); + pkey_key_id = NULL; + } + + if (crq_key_id) { + free(crq_key_id); + crq_key_id = NULL; + } + + gnutls_x509_crq_deinit(crq); + gnutls_x509_privkey_deinit(pkey); + gnutls_privkey_deinit(abs_pkey); + } + + gnutls_global_deinit(); +} diff --git a/tests/crt_apis.c b/tests/crt_apis.c new file mode 100644 index 0000000..d32742e --- /dev/null +++ b/tests/crt_apis.c @@ -0,0 +1,394 @@ +/* + * Copyright (C) 2008-2016 Free Software Foundation, Inc. + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +#include "cert-common.h" + +static unsigned char saved_crt_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICWTCCAcKgAwIBAgIDChEAMA0GCSqGSIb3DQEBCwUAMCsxDjAMBgNVBAMTBW5p\n" + "a29zMRkwFwYDVQQKExBub25lIHRvLCBtZW50aW9uMCAXDTA4MDMzMTIyMDAwMFoY\n" + "Dzk5OTkxMjMxMjM1OTU5WjArMQ4wDAYDVQQDEwVuaWtvczEZMBcGA1UEChMQbm9u\n" + "ZSB0bywgbWVudGlvbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu2ZD9fLF\n" + "17aMzMXf9Yg7sclLag6hrSBQQAiAoU9co9D4bM/mPPfsBHYTF4tkiSJbwN1TfDvt\n" + "fAS7gLkovo6bxo6gpRLL9Vceoue7tzNJn+O7Sq5qTWj/yRHiMo3OPYALjXXv2ACB\n" + "jygEA6AijWEEB/q2N30hB0nSCWFpmJCjWKkCAwEAAYEFAAABAgOCBQAEAwIBo3sw\n" + "eTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDA3BgNVHREEMDAuiAQqAwQF\n" + "ghF4bi0tbXhhYTRhczZkLmNvbYETdGVzdEB4bi0ta3hhd2hrLm9yZzAgBgNVHSUB\n" + "Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAXE4Y\n" + "kO1M8RrC5qT7rs9zYoMVELPtirENuuGW8d4RFppvMDg8kpqWOo0ASkAa1ZeYSukE\n" + "m5KCEEyQ1UT00Vbr0Addn17y52RKMUzFhMmmu706MAvyutk51GmRgLusdbuEjgkn\n" + "jv3WmT8StaS7bFMw99hWCKDBPV9EE9M7zRHP0Js=\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t saved_crt = { saved_crt_pem, sizeof(saved_crt_pem)-1 }; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1207000800; + + if (t) + *t = then; + + return then; +} + +#define REGISTERED_OID "1.2.3.4.5" + +void doit(void) +{ + gnutls_x509_privkey_t pkey; + gnutls_x509_crt_t crt; + gnutls_x509_crt_t crt2; + const char *err = NULL; + unsigned char buf[64]; + unsigned char large_buf[5*1024]; + unsigned int status, san_type; + gnutls_datum_t out; + size_t s = 0, i; + int ret; + + ret = global_init(); + if (ret < 0) + fail("global_init\n"); + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = gnutls_x509_crt_init(&crt); + if (ret != 0) + fail("gnutls_x509_crt_init\n"); + + ret = gnutls_x509_crt_init(&crt2); + if (ret != 0) + fail("gnutls_x509_crt_init\n"); + + ret = gnutls_x509_crt_import(crt2, &server_ecc_cert, GNUTLS_X509_FMT_PEM); + if (ret != 0) + fail("gnutls_x509_crt_import\n"); + + ret = gnutls_x509_privkey_init(&pkey); + if (ret != 0) + fail("gnutls_x509_privkey_init\n"); + + ret = gnutls_x509_privkey_import(pkey, &key_dat, GNUTLS_X509_FMT_PEM); + if (ret != 0) + fail("gnutls_x509_privkey_import\n"); + + /* Setup CRT */ + + ret = gnutls_x509_crt_set_version(crt, 3); + if (ret != 0) + fail("gnutls_x509_crt_set_version\n"); + + ret = gnutls_x509_crt_set_serial(crt, "\x0a\x11\x00", 3); + if (ret != 0) + fail("gnutls_x509_crt_set_serial\n"); + + ret = gnutls_x509_crt_set_expiration_time(crt, -1); + if (ret != 0) + fail("error\n"); + + ret = gnutls_x509_crt_set_activation_time(crt, mytime(0)); + if (ret != 0) + fail("error\n"); + + ret = gnutls_x509_crt_set_key(crt, pkey); + if (ret != 0) + fail("gnutls_x509_crt_set_key\n"); + + ret = gnutls_x509_crt_set_basic_constraints(crt, 0, -1); + if (ret < 0) { + fail("error\n"); + } + + ret = gnutls_x509_crt_set_key_usage(crt, GNUTLS_KEY_DIGITAL_SIGNATURE); + if (ret != 0) + fail("gnutls_x509_crt_set_key_usage %d\n", ret); + + ret = gnutls_x509_crt_set_dn(crt, "o = none to\\, mention,cn = nikos", &err); + if (ret < 0) { + fail("gnutls_x509_crt_set_dn: %s, %s\n", gnutls_strerror(ret), err); + } + + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME, + "foo", 3, 1); + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name\n"); + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_RFC822NAME, + "foo@bar.org", strlen("foo@bar.org"), 1); + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name\n"); + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_RFC822NAME, + "ινβάλιντ@bar.org", strlen("ινβάλιντ@bar.org"), 1); + if (ret != GNUTLS_E_INVALID_UTF8_EMAIL) + fail("gnutls_x509_crt_set_subject_alt_name\n"); + + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_IPADDRESS, + "\xc1\x5c\x96\x3", 4, 1); + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name\n"); + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_IPADDRESS, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16, 1); + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name\n"); + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME, + "apa", 3, 0); + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name\n"); + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_REGISTERED_ID, + REGISTERED_OID, strlen(REGISTERED_OID), 0); + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name\n"); + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME, + "απαλό.com", strlen("απαλό.com"), 1); +#if defined(HAVE_LIBIDN2) || defined(HAVE_LIBIDN) + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name: %s\n", gnutls_strerror(ret)); + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_RFC822NAME, + "test@νίκο.org", strlen("test@νίκο.org"), 1); + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name\n"); +#else + if (ret != GNUTLS_E_UNIMPLEMENTED_FEATURE) + fail("gnutls_x509_crt_set_subject_alt_name: %s\n", gnutls_strerror(ret)); +#endif + + s = 0; + ret = gnutls_x509_crt_get_key_purpose_oid(crt, 0, NULL, &s, NULL); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + fail("gnutls_x509_crt_get_key_purpose_oid %d\n", ret); + + s = 0; + ret = + gnutls_x509_crt_set_key_purpose_oid(crt, + GNUTLS_KP_TLS_WWW_SERVER, + 0); + if (ret != 0) + fail("gnutls_x509_crt_set_key_purpose_oid %d\n", ret); + + s = 0; + ret = gnutls_x509_crt_get_key_purpose_oid(crt, 0, NULL, &s, NULL); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + fail("gnutls_x509_crt_get_key_purpose_oid %d\n", ret); + + s = 0; + ret = + gnutls_x509_crt_set_key_purpose_oid(crt, + GNUTLS_KP_TLS_WWW_CLIENT, + 1); + if (ret != 0) + fail("gnutls_x509_crt_set_key_purpose_oid2 %d\n", ret); + + /* in the end this will be ignored as the issuer will be set + * by gnutls_x509_crt_sign2() */ + ret = gnutls_x509_crt_set_issuer_dn(crt, "cn = my CA, o = big\\, and one", &err); + if (ret < 0) { + fail("gnutls_x509_crt_set_issuer_dn: %s, %s\n", gnutls_strerror(ret), err); + } + +#define ISSUER_UNIQUE_ID "\x00\x01\x02\x03" +#define SUBJECT_UNIQUE_ID "\x04\x03\x02\x01" + ret = gnutls_x509_crt_set_issuer_unique_id(crt, ISSUER_UNIQUE_ID, sizeof(ISSUER_UNIQUE_ID)-1); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + ret = gnutls_x509_crt_set_subject_unique_id(crt, SUBJECT_UNIQUE_ID, sizeof(SUBJECT_UNIQUE_ID)-1); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + /* Sign and finalize the certificate */ + ret = gnutls_x509_crt_sign2(crt, crt, pkey, GNUTLS_DIG_SHA256, 0); + if (ret < 0) + fail("gnutls_x509_crt_sign2: %s\n", gnutls_strerror(ret)); + + + ret = gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_FULL, &out); + if (ret != 0) + fail("gnutls_x509_crt_print\n"); + if (debug) + printf("crt: %.*s\n", out.size, out.data); + gnutls_free(out.data); + + /* Verify whether selected input is present */ + s = 0; + ret = gnutls_x509_crt_get_extension_info(crt, 0, NULL, &s, NULL); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + fail("gnutls_x509_crt_get_extension_info2: %s\n", strerror(ret)); + + s = 0; + ret = gnutls_x509_crt_get_extension_data(crt, 0, NULL, &s); + if (ret != 0) + fail("gnutls_x509_crt_get_extension_data: %s\n", strerror(ret)); + + ret = gnutls_x509_crt_get_raw_issuer_dn(crt, &out); + if (ret < 0 || out.size == 0) + fail("gnutls_x509_crt_get_raw_issuer_dn: %s\n", gnutls_strerror(ret)); + + if (out.size != 45 || + memcmp(out.data, "\x30\x2b\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x6e\x69\x6b\x6f\x73\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x6e\x6f\x6e\x65\x20\x74\x6f\x2c\x20\x6d\x65\x6e\x74\x69\x6f\x6e", 45) != 0) { + hexprint(out.data, out.size); + fail("issuer DN comparison failed\n"); + } + gnutls_free(out.data); + + s = sizeof(buf); + ret = gnutls_x509_crt_get_issuer_unique_id(crt, (void*)buf, &s); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + if (s != sizeof(ISSUER_UNIQUE_ID)-1 || + memcmp(buf, ISSUER_UNIQUE_ID, s) != 0) { + fail("issuer unique id comparison failed\n"); + } + + s = sizeof(buf); + ret = gnutls_x509_crt_get_subject_unique_id(crt, (void*)buf, &s); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + if (s != sizeof(SUBJECT_UNIQUE_ID)-1 || + memcmp(buf, SUBJECT_UNIQUE_ID, s) != 0) { + fail("subject unique id comparison failed\n"); + } + + ret = gnutls_x509_crt_get_raw_dn(crt, &out); + if (ret < 0 || out.size == 0) + fail("gnutls_x509_crt_get_raw_dn: %s\n", gnutls_strerror(ret)); + + if (out.size != 45 || + memcmp(out.data, "\x30\x2b\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x6e\x69\x6b\x6f\x73\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x6e\x6f\x6e\x65\x20\x74\x6f\x2c\x20\x6d\x65\x6e\x74\x69\x6f\x6e", 45) != 0) { + fail("DN comparison failed\n"); + } + gnutls_free(out.data); + + ret = gnutls_x509_crt_equals(crt, crt); + if (ret == 0) { + fail("equality test failed\n"); + } + + ret = gnutls_x509_crt_equals(crt, crt2); + if (ret != 0) { + fail("equality test failed\n"); + } + + ret = gnutls_x509_crt_verify(crt, &crt, 1, 0, &status); + if (ret < 0) { + fail("verification failed\n"); + } + + if (status != 0) { + fail("verification status failed\n"); + } + + assert(gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_PEM, &out) >= 0); + + if (debug) + fprintf(stderr, "%s\n", out.data); +#if defined(HAVE_LIBIDN2) + assert(out.size == saved_crt.size); + assert(memcmp(out.data, saved_crt.data, out.size)==0); +#endif + + /* test behavior of gnutls_x509_crt_export on varios corner cases */ + s = 0; + assert(gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, NULL, &s) == GNUTLS_E_SHORT_MEMORY_BUFFER); + assert(s == out.size+1); + s = sizeof(buf); + assert(gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, buf, &s) == GNUTLS_E_SHORT_MEMORY_BUFFER); + assert(s == out.size+1); + + /* check whether the PEM output matches gnutls_x509_crt_export2 */ + s = sizeof(large_buf); + assert(gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, large_buf, &s) == 0); + assert(s == out.size); + assert(memcmp(large_buf, out.data, out.size) == 0); + gnutls_free(out.data); + + /* check whether the der out length differs */ + s = sizeof(large_buf); + assert(gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_DER, large_buf, &s) == 0); + assert(gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &out) >= 0); + + assert(s == out.size); + assert(memcmp(large_buf, out.data, out.size) == 0); + + /* verify some values written in the original cert */ + gnutls_x509_crt_deinit(crt2); + ret = gnutls_x509_crt_init(&crt2); + if (ret != 0) + fail("gnutls_x509_crt_init\n"); + + ret = gnutls_x509_crt_import(crt2, &out, GNUTLS_X509_FMT_DER); + if (ret != 0) + fail("gnutls_x509_crt_import\n"); + + i = 0; + do { + s = sizeof(buf); + ret = gnutls_x509_crt_get_subject_alt_name2(crt2, i++, buf, &s, &san_type, NULL); + if (ret < 0) + fail("gnutls_x509_crt_get_subject_alt_name2: %s\n", gnutls_strerror(ret)); + } while (san_type != GNUTLS_SAN_REGISTERED_ID); + + assert(san_type == GNUTLS_SAN_REGISTERED_ID); + assert(s == strlen(REGISTERED_OID)); + assert(memcmp(buf, REGISTERED_OID, s) == 0); + + gnutls_free(out.data); + + gnutls_x509_crt_deinit(crt); + gnutls_x509_crt_deinit(crt2); + gnutls_x509_privkey_deinit(pkey); + + gnutls_global_deinit(); +} diff --git a/tests/crt_inv_write.c b/tests/crt_inv_write.c new file mode 100644 index 0000000..c1a0785 --- /dev/null +++ b/tests/crt_inv_write.c @@ -0,0 +1,216 @@ +/* + * Copyright (C) 2008-2016 Free Software Foundation, Inc. + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +#include "cert-common.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1207000800; + + if (t) + *t = then; + + return then; +} + +/* write V1 cert with extensions */ +static void do_crt_with_exts(unsigned version) +{ + gnutls_x509_privkey_t pkey; + gnutls_x509_crt_t crt; + const char *err = NULL; + int ret; + + ret = global_init(); + if (ret < 0) + fail("global_init\n"); + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = gnutls_x509_crt_init(&crt); + if (ret != 0) + fail("gnutls_x509_crt_init\n"); + + ret = gnutls_x509_privkey_init(&pkey); + if (ret != 0) + fail("gnutls_x509_privkey_init\n"); + + ret = gnutls_x509_privkey_import(pkey, &key_dat, GNUTLS_X509_FMT_PEM); + if (ret != 0) + fail("gnutls_x509_privkey_import\n"); + + /* Setup CRT */ + + ret = gnutls_x509_crt_set_version(crt, version); + if (ret != 0) + fail("gnutls_x509_crt_set_version\n"); + + ret = gnutls_x509_crt_set_serial(crt, "\x0a\x11\x00", 3); + if (ret != 0) + fail("gnutls_x509_crt_set_serial\n"); + + ret = gnutls_x509_crt_set_expiration_time(crt, -1); + if (ret != 0) + fail("error\n"); + + ret = gnutls_x509_crt_set_activation_time(crt, mytime(0)); + if (ret != 0) + fail("error\n"); + + ret = gnutls_x509_crt_set_key(crt, pkey); + if (ret != 0) + fail("gnutls_x509_crt_set_key\n"); + + ret = gnutls_x509_crt_set_basic_constraints(crt, 0, -1); /* invalid for V1 */ + if (ret < 0) { + fail("error\n"); + } + + ret = gnutls_x509_crt_set_key_usage(crt, GNUTLS_KEY_DIGITAL_SIGNATURE); /* inv for V1 */ + if (ret != 0) + fail("gnutls_x509_crt_set_key_usage %d\n", ret); + + ret = gnutls_x509_crt_set_dn(crt, "o = none to\\, mention,cn = nikos", &err); + if (ret < 0) { + fail("gnutls_x509_crt_set_dn: %s, %s\n", gnutls_strerror(ret), err); + } + + ret = gnutls_x509_crt_sign2(crt, crt, pkey, GNUTLS_DIG_SHA256, 0); + if (ret != GNUTLS_E_X509_CERTIFICATE_ERROR) { + gnutls_datum_t out; + assert(gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_PEM, &out) >= 0); + printf("%s\n\n", out.data); + + fail("gnutls_x509_crt_sign2: %s\n", gnutls_strerror(ret)); + } + + gnutls_x509_crt_deinit(crt); + gnutls_x509_privkey_deinit(pkey); + + gnutls_global_deinit(); +} + +/* write V1 cert with unique id */ +static void do_v1_invalid_crt(void) +{ + gnutls_x509_privkey_t pkey; + gnutls_x509_crt_t crt; + const char *err = NULL; + int ret; + + ret = global_init(); + if (ret < 0) + fail("global_init\n"); + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = gnutls_x509_crt_init(&crt); + if (ret != 0) + fail("gnutls_x509_crt_init\n"); + + ret = gnutls_x509_privkey_init(&pkey); + if (ret != 0) + fail("gnutls_x509_privkey_init\n"); + + ret = gnutls_x509_privkey_import(pkey, &key_dat, GNUTLS_X509_FMT_PEM); + if (ret != 0) + fail("gnutls_x509_privkey_import\n"); + + /* Setup CRT */ + + ret = gnutls_x509_crt_set_version(crt, 1); + if (ret != 0) + fail("gnutls_x509_crt_set_version\n"); + + ret = gnutls_x509_crt_set_serial(crt, "\x0a\x11\x00", 3); + if (ret != 0) + fail("gnutls_x509_crt_set_serial\n"); + + ret = gnutls_x509_crt_set_expiration_time(crt, -1); + if (ret != 0) + fail("error\n"); + + ret = gnutls_x509_crt_set_activation_time(crt, mytime(0)); + if (ret != 0) + fail("error\n"); + + ret = gnutls_x509_crt_set_key(crt, pkey); + if (ret != 0) + fail("gnutls_x509_crt_set_key\n"); + + ret = gnutls_x509_crt_set_issuer_unique_id(crt, "\x00\x01\x03", 3); + if (ret < 0) { + fail("error\n"); + } + + ret = gnutls_x509_crt_set_dn(crt, "o = none to\\, mention,cn = nikos", &err); + if (ret < 0) { + fail("gnutls_x509_crt_set_dn: %s, %s\n", gnutls_strerror(ret), err); + } + + ret = gnutls_x509_crt_sign2(crt, crt, pkey, GNUTLS_DIG_SHA256, 0); + if (ret != GNUTLS_E_X509_CERTIFICATE_ERROR) { + gnutls_datum_t out; + assert(gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_PEM, &out) >= 0); + printf("%s\n\n", out.data); + + fail("gnutls_x509_crt_sign2: %s\n", gnutls_strerror(ret)); + } + + gnutls_x509_crt_deinit(crt); + gnutls_x509_privkey_deinit(pkey); + + gnutls_global_deinit(); +} + +void doit(void) +{ + do_crt_with_exts(1); + do_crt_with_exts(2); + do_v1_invalid_crt(); +} diff --git a/tests/crt_type-neg-common.c b/tests/crt_type-neg-common.c new file mode 100644 index 0000000..68e2a36 --- /dev/null +++ b/tests/crt_type-neg-common.c @@ -0,0 +1,236 @@ +/* + * Copyright (C) 2017 - 2018 ARPA2 project + * + * Author: Tom Vrancken (dev@tomvrancken.nl) + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see + */ +#include +#include +#include +#include + +// Credential type flags +#define CRED_EMPTY 1<<0 +#define CRED_X509 1<<1 +#define CRED_RAWPK 1<<2 + +// Test case definition +typedef struct test_case_st { + const char *name; + const char *client_prio; + const char *server_prio; + const char set_cli_creds; + const char set_srv_creds; + gnutls_certificate_type_t expected_cli_ctype; + gnutls_certificate_type_t expected_srv_ctype; + int client_err; + int server_err; + unsigned int init_flags_cli; + unsigned int init_flags_srv; + bool request_cli_crt; + bool cli_srv_may_diverge; + // only needed when may_diverge is true + gnutls_certificate_type_t expected_cli_cli_ctype; // negotiated cli ctype on the client + gnutls_certificate_type_t expected_srv_cli_ctype; // negotiated cli ctype on the server + gnutls_certificate_type_t expected_cli_srv_ctype; // negotiated srv ctype on the client + gnutls_certificate_type_t expected_srv_srv_ctype; // negotiated srv ctype on the server +} test_case_st; + + +static void try(test_case_st * test) +{ + int sret, cret; // Needed for HANDSHAKE macro + /* To hold negotiated certificate types */ + gnutls_certificate_type_t srv_srv_ctype, srv_cli_ctype; + gnutls_certificate_type_t cli_srv_ctype, cli_cli_ctype; + /* To hold certificate credentials */ + gnutls_certificate_credentials_t client_creds = NULL; + gnutls_certificate_credentials_t server_creds = NULL; + + gnutls_session_t server, client; + + // Initialize creds + assert(gnutls_certificate_allocate_credentials(&client_creds) >= 0); + assert(gnutls_certificate_allocate_credentials(&server_creds) >= 0); + + // Print test + success("Running %s...\n", test->name); + + // Init client/server + if(test->init_flags_cli) { + assert(gnutls_init(&client, GNUTLS_CLIENT | test->init_flags_cli) >= 0); + } else { + assert(gnutls_init(&client, GNUTLS_CLIENT) >= 0); + } + + if (test->init_flags_srv) { + assert(gnutls_init(&server, GNUTLS_SERVER | test->init_flags_srv) >= 0); + } else { + assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); + } + + /* Set up our credentials for this handshake */ + // Test for using empty cli credentials + if (test->set_cli_creds == CRED_EMPTY) { + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, client_creds); + } else { + // Test for using X509 cli credentials + if (test->set_cli_creds & CRED_X509) { + assert(gnutls_certificate_set_x509_key_mem + (client_creds, &cli_ca3_cert, &cli_ca3_key, GNUTLS_X509_FMT_PEM) >= 0); + } + + // Test for using RawPubKey cli credentials + if (test->set_cli_creds & CRED_RAWPK) { + assert(gnutls_certificate_set_rawpk_key_mem(client_creds, + &rawpk_public_key1, &rawpk_private_key1, GNUTLS_X509_FMT_PEM, + NULL, 0, NULL, 0, 0) >= 0); + } + + // -- Add extra ctype creds here in the future -- + + // Finally set the credentials + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, client_creds); + } + + // Test for using empty srv credentials + if (test->set_srv_creds == CRED_EMPTY) { + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, server_creds); + } else { + // Test for using X509 srv credentials + if (test->set_srv_creds & CRED_X509) { + assert(gnutls_certificate_set_x509_key_mem + (server_creds, &server_ca3_localhost_rsa_decrypt_cert, + &server_ca3_key, GNUTLS_X509_FMT_PEM) >= 0); + assert(gnutls_certificate_set_x509_key_mem + (server_creds, &server_ca3_localhost_ecc_cert, + &server_ca3_ecc_key, GNUTLS_X509_FMT_PEM) >= 0); + assert(gnutls_certificate_set_x509_key_mem + (server_creds, &server_ca3_localhost_rsa_sign_cert, + &server_ca3_key, GNUTLS_X509_FMT_PEM) >= 0); + gnutls_certificate_set_known_dh_params(server_creds, + GNUTLS_SEC_PARAM_MEDIUM); + } + + // Test for using RawPubKey srv credentials + if (test->set_srv_creds & CRED_RAWPK) { + assert(gnutls_certificate_set_rawpk_key_mem(server_creds, + &rawpk_public_key2, &rawpk_private_key2, GNUTLS_X509_FMT_PEM, + NULL, 0, NULL, 0, 0) >= 0); + } + + // -- Add extra ctype creds here in the future -- + + // Finally set the credentials + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, server_creds); + } + + // Server settings + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + assert(gnutls_priority_set_direct(server, test->server_prio, 0) >= 0); + + if (test->request_cli_crt) + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + // Client settings + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + assert(gnutls_priority_set_direct(client, test->client_prio, 0) >= 0); + + // Try handshake + if (test->client_err && test->server_err) { + /* We expect errors during the handshake and don't check + * any negotiated certificate types */ + HANDSHAKE_EXPECT(client, server, test->client_err, test->server_err); + } else { + /* We expect a handshake without errors and check the negotiated + * certificate types */ + HANDSHAKE(client, server); + + /* Get the negotiated certificate types */ + srv_srv_ctype = + gnutls_certificate_type_get2(server, GNUTLS_CTYPE_SERVER); + srv_cli_ctype = + gnutls_certificate_type_get2(server, GNUTLS_CTYPE_CLIENT); + cli_srv_ctype = + gnutls_certificate_type_get2(client, GNUTLS_CTYPE_SERVER); + cli_cli_ctype = + gnutls_certificate_type_get2(client, GNUTLS_CTYPE_CLIENT); + + // For debugging + if (debug) { + success("Srv srv ctype: %s\n", gnutls_certificate_type_get_name(srv_srv_ctype)); + success("Srv cli ctype: %s\n", gnutls_certificate_type_get_name(srv_cli_ctype)); + success("Cli srv ctype: %s\n", gnutls_certificate_type_get_name(cli_srv_ctype)); + success("Cli srv ctype: %s\n", gnutls_certificate_type_get_name(cli_cli_ctype)); + } + + /* Check whether the negotiated certificate types match the expected results */ + if (test->cli_srv_may_diverge) { + // Matching expected client ctype at client + if (cli_cli_ctype != test->expected_cli_cli_ctype) { + fail("%s: negotiated client ctype at client diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(cli_cli_ctype), gnutls_certificate_type_get_name(test->expected_cli_cli_ctype)); + } + // Matching expected server ctype at client + if (cli_srv_ctype != test->expected_cli_srv_ctype) { + fail("%s: negotiated server ctype at client diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(cli_srv_ctype), gnutls_certificate_type_get_name(test->expected_cli_srv_ctype)); + } + // Matching expected client ctype at server + if (srv_cli_ctype != test->expected_srv_cli_ctype) { + fail("%s: negotiated client ctype at server diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(srv_cli_ctype), gnutls_certificate_type_get_name(test->expected_srv_cli_ctype)); + } + // Matching expected server ctype at server + if (srv_srv_ctype != test->expected_srv_srv_ctype) { + fail("%s: negotiated client ctype at client diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(srv_srv_ctype), gnutls_certificate_type_get_name(test->expected_srv_srv_ctype)); + } + } else { + // Matching server ctype + if (srv_srv_ctype != cli_srv_ctype) { + fail("%s: client negotiated different server ctype than server (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(cli_srv_ctype), gnutls_certificate_type_get_name(srv_srv_ctype)); + } + // Matching client ctype + if (srv_cli_ctype != cli_cli_ctype) { + fail("%s: client negotiated different client ctype than server (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(cli_cli_ctype), gnutls_certificate_type_get_name(srv_cli_ctype)); + } + // Matching expected server ctype + if (srv_srv_ctype != test->expected_srv_ctype) { + fail("%s: negotiated server ctype diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(srv_srv_ctype), gnutls_certificate_type_get_name(test->expected_srv_ctype)); + } + // Matching expected client ctype + if (srv_cli_ctype != test->expected_cli_ctype) { + fail("%s: negotiated client ctype diffs the expected (%s, %s)!\n", test->name, gnutls_certificate_type_get_name(srv_cli_ctype), gnutls_certificate_type_get_name(test->expected_cli_ctype)); + } + + /* Check whether the API functions return the correct cert types for OURS and PEERS */ + assert(srv_srv_ctype == gnutls_certificate_type_get2(server, GNUTLS_CTYPE_OURS)); + assert(srv_srv_ctype == gnutls_certificate_type_get2(client, GNUTLS_CTYPE_PEERS)); + assert(cli_cli_ctype == gnutls_certificate_type_get2(server, GNUTLS_CTYPE_PEERS)); + assert(cli_cli_ctype == gnutls_certificate_type_get2(client, GNUTLS_CTYPE_OURS)); + } + } + + // Cleanup + gnutls_deinit(server); + gnutls_deinit(client); + gnutls_certificate_free_credentials(client_creds); + gnutls_certificate_free_credentials(server_creds); + + reset_buffers(); +} diff --git a/tests/custom-urls-override.c b/tests/custom-urls-override.c new file mode 100644 index 0000000..1ed55b2 --- /dev/null +++ b/tests/custom-urls-override.c @@ -0,0 +1,282 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" + +#include "utils.h" + +static void terminate(void); +static unsigned url_used = 0; + +/* This program tests the registration of custom URL strings. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static int url_import_key(gnutls_privkey_t pkey, const char *url, unsigned flags) +{ + if (strcmp(url, "system:key") != 0) { + fail("unexpected key url: %s\n", url); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + url_used++; + return gnutls_privkey_import_x509_raw(pkey, &server_key, GNUTLS_X509_FMT_PEM, NULL, 0); +} + +static int url_import_crt(gnutls_x509_crt_t crt, const char *url, unsigned flags) +{ + if (strcmp(url, "system:cert") != 0) { + abort(); + fail("unexpected cert url: %s\n", url); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + url_used++; + return gnutls_x509_crt_import(crt, &server_cert, GNUTLS_X509_FMT_PEM); +} + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + gnutls_certificate_allocate_credentials(&x509_cred); + + ret = gnutls_certificate_set_x509_key_file(x509_cred, "system:cert", "system:key", + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("server: gnutls_certificate_set_x509_key_file (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (url_used != 2) { + fail("The callbacks were not used\n"); + terminate(); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +const gnutls_custom_url_st custom_url_st = { + .name = "system:", + .name_size = sizeof("system:")-1, + .import_key = url_import_key, + .import_crt = url_import_crt +}; + +static void start(void) +{ + int fd[2]; + int ret; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(3); + } + + ret = gnutls_register_custom_url(&custom_url_st); + if (ret < 0) { + fail("error registering: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[0]); + client(fd[1]); + kill(child, SIGTERM); + } else { + close(fd[1]); + server(fd[0]); + exit(0); + } +} + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start(); +} + +#endif /* _WIN32 */ diff --git a/tests/custom-urls.c b/tests/custom-urls.c new file mode 100644 index 0000000..81bf835 --- /dev/null +++ b/tests/custom-urls.c @@ -0,0 +1,281 @@ +/* + * Copyright (C) 2014 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static void terminate(void); + +/* This program tests the registration of custom URL strings. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static int url_import_key(gnutls_privkey_t pkey, const char *url, unsigned flags) +{ + if (strcmp(url, "myurl:key") != 0) { + fail("unexpected key url: %s\n", url); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + return gnutls_privkey_import_x509_raw(pkey, &server_key, GNUTLS_X509_FMT_PEM, NULL, 0); +} + +static int url_import_crt(gnutls_x509_crt_t crt, const char *url, unsigned flags) +{ + if (strcmp(url, "myurl:cert") != 0) { + abort(); + fail("unexpected cert url: %s\n", url); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + return gnutls_x509_crt_import(crt, &server_cert, GNUTLS_X509_FMT_PEM); +} + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + gnutls_certificate_allocate_credentials(&x509_cred); + ret = gnutls_certificate_set_x509_key_file(x509_cred, "nomyurl:cert", "nomyurl:key", + GNUTLS_X509_FMT_PEM); + if (ret != GNUTLS_E_FILE_ERROR) { + fail("server: gnutls_certificate_set_x509_key_file unexpected error (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + ret = gnutls_certificate_set_x509_key_file(x509_cred, "myurl:cert", "myurl:key", + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("server: gnutls_certificate_set_x509_key_file (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +const gnutls_custom_url_st custom_url_st = { + .name = "myurl:", + .name_size = sizeof("myurl:")-1, + .import_key = url_import_key, + .import_crt = url_import_crt +}; + +static void start(void) +{ + int fd[2]; + int ret; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(3); + } + + ret = gnutls_register_custom_url(&custom_url_st); + if (ret < 0) { + fail("error registering: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[0]); + client(fd[1]); + kill(child, SIGTERM); + } else { + close(fd[1]); + server(fd[0]); + exit(0); + } +} + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start(); +} + +#endif /* _WIN32 */ diff --git a/tests/cve-2008-4989.c b/tests/cve-2008-4989.c new file mode 100644 index 0000000..c745b99 --- /dev/null +++ b/tests/cve-2008-4989.c @@ -0,0 +1,263 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include +#include + +/* Don't add more chains to this file, this is for cve-2008-4989 + related chains only. See chainverify.c instead for a generic chain + verification tester. */ + +static const char *pem_certs[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIB6zCCAVQCCQCgwnB/k0WZrDANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJE\n" + "RTEXMBUGA1UEChMOR05VIFRMUyBBdHRhY2sxFTATBgNVBAMTDGludGVybWVkaWF0\n" + "ZTAeFw0wODExMDMxMjA1MDRaFw0wODEyMDMxMjA1MDRaMDcxCzAJBgNVBAYTAkRF\n" + "MRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazEPMA0GA1UEAxMGc2VydmVyMIGfMA0G\n" + "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKdL9g5ErMLOLRCjiomZlNLhy0moWGaKIW\n" + "aX6vyUIfh8d6FcArHoKoqhmX7ckvod50sOYPojQesDpl7gVaQNA6Ntr1VCcuNPef\n" + "UKWtEwL0Qu9JbPnUoIYd7mAaqVQgFp6W6yzV/dp63LH4XSdzBMhpZ/EU6vZoE8Sv\n" + "VLdqj5r6jwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAH4QRR7sZEbjW00tXYk/3O/Z\n" + "96AxJNg0F78W5B68gaJrLJ7DTE2RTglscuEq1+2Jyb4AIziwXpYqxgwcP91QpH97\n" + "XfwdXIcyjYvVLHiKmkQj2zJTY7MeyiEQQ2it8VstZG2fYmi2EiMZIEnyJ2JJ7bA7\n" + "bF7pG7Cg3oEHUM0H5KUU\n" "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIICADCCAWmgAwIBAgIJAIZ4nkHQAqTFMA0GCSqGSIb3DQEBBQUAMDUxCzAJBgNV\n" + "BAYTAkRFMRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazENMAsGA1UEAxMEcm9vdDAe\n" + "Fw0wODExMDMxMjA0NDVaFw0wODEyMDMxMjA0NDVaMD0xCzAJBgNVBAYTAkRFMRcw\n" + "FQYDVQQKEw5HTlUgVExTIEF0dGFjazEVMBMGA1UEAxMMaW50ZXJtZWRpYXRlMIGf\n" + "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvBpW8sAhIuUmNvcBE6wv/q7MtM1Z9\n" + "2I1SDL8eJ8I2nPg6BlCX+OIqNruynj8J7uPEQ04ZLwLxNXoyZa8057YFyrKLOvoj\n" + "5IfBtidsLWYv6PO3qqHJXVvwGdS7PKMuUlsjucCRyXVgQ07ODF7piqoVFi9KD99w\n" + "AU5+9plGrZNP/wIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA\n" + "A4GBAGPg+M+8MsB6zHN2o+jAtyqovrTTwmzVWEgfEH/aHC9+imGZRQ5lFNc2vdny\n" + "AgaJ9/izO5S6Ibb5zUowN2WhoUJOVipuQa2m9AviOgheoU7tmANC9ylm/pRkKy/0\n" + "n5UVzlKxDhRp/xBb7MWOw3KEQjiAf2Z3wCLcCPUqcJUdJC4v\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n" + "ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n" + "A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n" + "CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n" + "IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n" + "MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n" + "BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n" + "ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n" + "bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n" + "ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n" + "LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n" + "dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n" + "7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n" + "HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n" + "2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n" + "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n" + "W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n" + "tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n" + "uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n" + "aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n" + "E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n" + "MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n" + "fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *pem_ca = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n" + "ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n" + "A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n" + "CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n" + "IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n" + "MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n" + "BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n" + "ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n" + "bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n" + "ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n" + "LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n" + "dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n" + "7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n" + "HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n" + "2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n" + "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n" + "W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n" + "tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n" + "uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n" + "aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n" + "E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n" + "MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n" + "fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n" + "-----END CERTIFICATE-----\n" +}; + +#define CHAIN_LENGTH (sizeof (pem_certs) / sizeof (pem_certs[0])) + +static const char *pem_self_cert = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDgjCCAmygAwIBAgIBADALBgkqhkiG9w0BAQUwSzELMAkGA1UEBhMCQlIxFDAS\n" + "BgNVBAoTC01pbmFzIExpdnJlMSYwJAYDVQQDEx1UaGFkZXUgTGltYSBkZSBTb3V6\n" + "YSBDYXNjYXJkbzAeFw0wODA1MzAxOTUzNDNaFw0wODExMjYxOTUzNDNaMEsxCzAJ\n" + "BgNVBAYTAkJSMRQwEgYDVQQKEwtNaW5hcyBMaXZyZTEmMCQGA1UEAxMdVGhhZGV1\n" + "IExpbWEgZGUgU291emEgQ2FzY2FyZG8wggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIB\n" + "CQKCAQC4D934O6wrXJbMyu1w8gu6nN0aNUDGqrX9UgaB/4xVuYhPlhjH0z9Dqic9\n" + "0pEZmyNCjQmzDSg/hnlY3fBG0i9Iel2oYn1UB4SdcJ2qGkLS87y2ZbMTS1oyMR7/\n" + "y9l3WGEWqwgjIvOjGstcZo0rCIF8Qr21QGX22KWg2HXlMaZyA9bGtJ+L+x6f2hoo\n" + "yIPCA30VMvIgHjOSPQJF3iJFE4Uxq1PQ65W91NyI6/bRKFOmFdCUJW8tqqvntYP8\n" + "hEE08wGlKimFNv7CqZuRI8QuOnhZ7pBXkyvQpW8yHrORlOHxSjkNQKjddt92TCJb\n" + "1q6eKv2CtCuDLgCuIy0Onr4U9n+hAgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8w\n" + "HgYDVR0RBBcwFYITbWFpbC5taW5hc2xpdnJlLm9yZzATBgNVHSUEDDAKBggrBgEF\n" + "BQcDATAPBgNVHQ8BAf8EBQMDB6QAMB0GA1UdDgQWBBQ/5v42y0jBHUKEfqpPmr5a\n" + "WsjCGjALBgkqhkiG9w0BAQUDggEBAC/WfO2yK3vM9bG0qFEj8sd0cWiapMhf5PtH\n" + "jigcPb/OKqSFQVXpAdNiUclPRP79Ih3CuWiXfZ/CW0+k2Z8tyy6AnEQItWvoVh/b\n" + "8lS7Ph/f9JUYHp2DtgsQWcNQbrUZOPFBu8J4MD6cDWG5Uxwl3YASg30ZdmMDNT8B\n" + "HshYz0HUOAhYwVSI3J/f7LFhD5OpjSroHgE7wA9UJrerAp9f7e3e9D7kNQ8DlvLP\n" + "kz6Jh+5M/xD3JO1yl+evaCp3LA+z4M2xiNvtzkAEgj3t6RaJ81Sh5XGiooDYZ14R\n" + "DgEBYLTUfBYBPzoaahPEdG/f0kUjUBJ34fkBUSjJKURPTHJfDfA=\n" + "-----END CERTIFICATE-----\n" +}; + +int main(int argc, char *argv[]) +{ + int ret; + gnutls_x509_crt_t certs[3]; + gnutls_x509_crt_t ca; + gnutls_x509_crt_t self_cert; + gnutls_datum_t tmp; + size_t i; + unsigned int verify_status; + + ret = global_init(); + if (ret != 0) { + printf("%d: %s\n", ret, gnutls_strerror(ret)); + return EXIT_FAILURE; + } + + for (i = 0; i < CHAIN_LENGTH; i++) { + ret = gnutls_x509_crt_init(&certs[i]); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init[%d]: %s", + (int) i, gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) pem_certs[i]; + tmp.size = strlen(pem_certs[i]); + + ret = + gnutls_x509_crt_import(certs[i], &tmp, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import[%d]: %s", + (int) i, gnutls_strerror(ret)); + exit(1); + } + } + + ret = gnutls_x509_crt_init(&ca); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s", + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) pem_ca; + tmp.size = strlen(pem_ca); + + ret = gnutls_x509_crt_import(ca, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_list_verify(certs, CHAIN_LENGTH, + &ca, 1, + NULL, 0, + GNUTLS_VERIFY_DISABLE_TIME_CHECKS|GNUTLS_VERIFY_ALLOW_BROKEN, + &verify_status); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_list_verify[%d]: %s", + (int) i, gnutls_strerror(ret)); + exit(1); + } + + if (verify_status != + (GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID)) { + fprintf(stderr, "verify_status: %d", verify_status); + exit(1); + } + + gnutls_x509_crt_deinit(ca); + for (i = 0; i < CHAIN_LENGTH; i++) + gnutls_x509_crt_deinit(certs[i]); + + /* Also test chain length of 1, since the initial patch to solve the + problem caused a crash in this situation. */ + + ret = gnutls_x509_crt_init(&self_cert); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s", + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) pem_self_cert; + tmp.size = strlen(pem_self_cert); + + ret = gnutls_x509_crt_import(self_cert, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s", + gnutls_strerror(ret)); + exit(1); + } + ret = gnutls_x509_crt_list_verify(&self_cert, 1, + &self_cert, 1, + NULL, 0, + GNUTLS_VERIFY_DISABLE_TIME_CHECKS, + &verify_status); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_list_verify[%d]: %s", + (int) i, gnutls_strerror(ret)); + exit(1); + } + + if (verify_status != 0) { + fprintf(stderr, "verify_status: %d", verify_status); + exit(1); + } + + gnutls_x509_crt_deinit(self_cert); + + gnutls_global_deinit(); + + return 0; +} diff --git a/tests/cve-2009-1415.c b/tests/cve-2009-1415.c new file mode 100644 index 0000000..aac922e --- /dev/null +++ b/tests/cve-2009-1415.c @@ -0,0 +1,117 @@ +/* + * Copyright (C) 2009-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* + * Small code to reproduce the CVE-2009-1415 double-free problem. + * + * Build it using: + * + * gcc -o cve-2009-1415 cve-2009-1415.c -lgnutls + * + * If your gnutls library is OK then running it will just print 'success!'. + * + * If your gnutls library is buggy, then running it will crash like this: + * + * ** glibc detected *** ./cve-2009-1415: munmap_chunk(): invalid pointer: 0xb7f80a9c *** + * ======= Backtrace: ========= + * ... + */ + +#include +#include +#include +#include + +#include +#include +#include + +static char dsa_cert[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDbzCCAtqgAwIBAgIERiYdRTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTQxWhcNMDgwNDE3MTMyOTQxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCCAbQwggEpBgcqhkjOOAQBMIIBHAKBgLmE9VqBvhoNxYpzjwybL5u2DkvD\n" + "dBp/ZK2d8yjFoEe8m1dW8ZfVfjcD6fJM9OOLfzCjXS+7oaI3wuo1jx+xX6aiXwHx\n" + "IzYr5E8vLd2d1TqmOa96UXzSJY6XdM8exXtLdkOBBx8GFLhuWBLhkOI3b9Ib7GjF\n" + "WOLmMOBqXixjeOwHAhSfVoxIZC/+jap6bZbbBF0W7wilcQKBgGIGfuRcdgi3Rhpd\n" + "15fUKiH7HzHJ0vT6Odgn0Zv8J12nCqca/FPBL0PCN8iFfz1Mq12BMvsdXh5UERYg\n" + "xoBa2YybQ/Dda6D0w/KKnDnSHHsP7/ook4/SoSLr3OCKi60oDs/vCYXpNr2LelDV\n" + "e/clDWxgEcTvcJDP1hvru47GPjqXA4GEAAKBgA+Kh1fy0cLcrN9Liw+Luin34QPk\n" + "VfqymAfW/RKxgLz1urRQ1H+gDkPnn8l4EV/l5Awsa2qkNdy9VOVgNpox0YpZbmsc\n" + "ur0uuut8h+/ayN2h66SD5out+vqOW9c3yDI+lsI+9EPafZECD7e8+O+P90EAXpbf\n" + "DwiW3Oqy6QaCr9Ivo4GTMIGQMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPdGVz\n" + "dC5nbnV0bHMub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH\n" + "gAAwHQYDVR0OBBYEFL/su87Y6HtwVuzz0SuS1tSZClvzMB8GA1UdIwQYMBaAFOk8\n" + "HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQBCsrnfD1xzh8/Eih1f\n" + "x+M0lPoX1Re5L2ElHI6DJpHYOBPwf9glwxnet2+avzgUQDUFwUSxOhodpyeaACXD\n" + "o0gGVpcH8sOBTQ+aTdM37hGkPxoXjtIkR/LgG5nP2H2JRd5TkW8l13JdM4MJFB4W\n" + "QcDzQ8REwidsfh9uKAluk1c/KQ==\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t dsa_cert_dat = { + (void *) dsa_cert, sizeof(dsa_cert) +}; + +int main(void) +{ + gnutls_x509_crt_t crt; + gnutls_pubkey_t pubkey; + gnutls_datum_t data = { (void *) "foo", 3 }; + gnutls_datum_t sig = { (void *) "bar", 3 }; + int ret; + + global_init(); + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) + return 1; + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + return 1; + + ret = + gnutls_x509_crt_import(crt, &dsa_cert_dat, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + return 1; + + ret = gnutls_pubkey_import_x509(pubkey, crt, 0); + if (ret < 0) + return 1; + + ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_DSA_SHA1, 0, &data, &sig); + if (ret < 0 && ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) + return 1; + + //printf ("success!\n"); + + gnutls_x509_crt_deinit(crt); + gnutls_pubkey_deinit(pubkey); + gnutls_global_deinit(); + + return 0; +} diff --git a/tests/cve-2009-1416.c b/tests/cve-2009-1416.c new file mode 100644 index 0000000..56904f6 --- /dev/null +++ b/tests/cve-2009-1416.c @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2009-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* + * Small code to reproduce the CVE-2009-1416 bad DSA key problem. + * + * Build it using: + * + * gcc -o cve-2009-1416 cve-2009-1416.c -lgnutls + * + * If your gnutls library is OK then running it will print 'success!'. + * + * If your gnutls library is buggy then running it will print 'buggy'. + * + */ + +#include +#include +#include +#include +#include + +#include +#include + +int main(void) +{ + gnutls_x509_privkey_t key; + gnutls_datum_t p, q, g, y, x; + int ret; + + if (gnutls_fips140_mode_enabled()) { + /* Cannot generate a 512-bit DSA key */ + return 77; + } + + global_init(); + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + return 1; + + ret = gnutls_x509_privkey_generate(key, GNUTLS_PK_DSA, 512, 0); + if (ret < 0) + return 1; + + ret = gnutls_x509_privkey_export_dsa_raw(key, &p, &q, &g, &y, &x); + if (ret < 0) + return 1; + + if (q.size == 3 && memcmp(q.data, "\x01\x00\x01", 3) == 0) { + printf("buggy\n"); + return 1; + } + + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + gnutls_free(x.data); + + gnutls_x509_privkey_deinit(key); + gnutls_global_deinit(); + + return 0; +} diff --git a/tests/dane-strcodes.c b/tests/dane-strcodes.c new file mode 100644 index 0000000..030c7f2 --- /dev/null +++ b/tests/dane-strcodes.c @@ -0,0 +1,81 @@ +/* + * Copyright (C) 2017 Red Hat + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "utils.h" + +/* Check whether the DANE string functions will return a non-repeated and + * non null value. + */ + +static +void _check_unique_non_null(int line, int i, const char *val) +{ + static char previous_val[128]; + + if (val == NULL) + fail("issue in line %d, item %d\n", line, i); + + if (strcmp(val, previous_val)==0) { + fail("issue in line %d, item %d: %s\n", line, i, val); + } + + snprintf(previous_val, sizeof(previous_val), "%s", val); +} + +#define check_unique_non_null(x) _check_unique_non_null(__LINE__, i, x) + +void doit(void) +{ + int ret; + int i; + + ret = global_init(); + if (ret < 0) { + fail("global_init\n"); + exit(1); + } + + for (i=0;i<4;i++) + check_unique_non_null(dane_cert_usage_name(i)); + + for (i=0;i<1;i++) + check_unique_non_null(dane_cert_type_name(i)); + + for (i=0;i<3;i++) + check_unique_non_null(dane_match_type_name(i)); + + for (i=-14;i<=0;i++) { + check_unique_non_null(dane_strerror(i)); + } + + gnutls_global_deinit(); +} diff --git a/tests/dane.c b/tests/dane.c new file mode 100644 index 0000000..e9ed401 --- /dev/null +++ b/tests/dane.c @@ -0,0 +1,629 @@ +/* + * Copyright (C) 2014 Red Hat + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "utils.h" + +#define MAX_QUERIES 8 + +struct data_entry_st { + const char *name; + char *const queries[MAX_QUERIES]; + int q_size[MAX_QUERIES]; + int expected_ret; + unsigned no_queries; + int secure; + int bogus; + const char *cert; + const char *ca; + unsigned expected_status; /* if cert is non-null */ + int expected_verify_ret; /* if cert is non-null */ +}; + +const struct data_entry_st data_entries[] = { + { + .name = "Entry parsing", + .queries = { + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + (char *) + "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3", + (char *) + "\x03\x01\x01\x46\x25\x73\x19\x5c\x86\xe8\x61\xab\xab\x8e\xcc\xfb\xc7\xf0\x48\x69\x58\xef\xdf\xf9\x44\x9a\xc1\x07\x29\xb3\xa0\xf9\x06\xf3\x88", + NULL}, + .q_size = {35, 35, 35, 0}, + .expected_ret = 0, + .no_queries = 3, + .secure = 1, + .bogus = 0}, + { /* as the previous but with first byte invalid */ + .name = "Cert verification (single entry)", + .queries = { + (char *) + "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe", + NULL}, + .q_size = {35, 35, 35, 0}, + .expected_ret = 0, + .no_queries = 1, + .secure = 1, + .bogus = 0, + .expected_verify_ret = 0, + .expected_status = 0, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n" + "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n" + "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n" + "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n" + "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n" + "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n" + "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n" + "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n" + "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n" + "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n" + "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n" + "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n" + "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n" + "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n" + "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n" + "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n" + "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n" + "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n" + "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n" + "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n" + "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n" + "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n" + "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n" + "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n" + "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n" + "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n" + "-----END CERTIFICATE-----\n"}, + { + .name = "Cert verification (multi entries)", + .queries = { + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + (char *) + "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe", + (char *) + "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3", + NULL}, + .q_size = { 35, 35, 35, 0}, + .expected_ret = 0, + .no_queries = 3, + .secure = 1, + .bogus = 0, + .expected_verify_ret = 0, + .expected_status = 0, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n" + "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n" + "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n" + "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n" + "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n" + "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n" + "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n" + "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n" + "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n" + "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n" + "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n" + "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n" + "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n" + "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n" + "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n" + "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n" + "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n" + "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n" + "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n" + "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n" + "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n" + "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n" + "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n" + "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n" + "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n" + "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n" + "-----END CERTIFICATE-----\n"}, + { + .name = "Cert verification (invalid hash)", + .queries = { + (char *) + "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x49\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe", + NULL}, + .q_size = { 35, 0}, + .expected_ret = 0, + .no_queries = 1, + .secure = 1, + .bogus = 0, + .expected_verify_ret = 0, + .expected_status = DANE_VERIFY_CERT_DIFFERS, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n" + "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n" + "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n" + "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n" + "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n" + "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n" + "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n" + "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n" + "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n" + "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n" + "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n" + "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n" + "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n" + "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n" + "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n" + "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n" + "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n" + "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n" + "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n" + "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n" + "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n" + "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n" + "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n" + "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n" + "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n" + "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n" + "-----END CERTIFICATE-----\n"}, + { + .name = "Cert verification (bogus data)", + .queries = { + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + NULL}, + .q_size = { 35, 0}, + .expected_ret = 0, + .no_queries = 1, + .secure = 1, + .bogus = 0, + .expected_verify_ret = DANE_E_REQUESTED_DATA_NOT_AVAILABLE, + .expected_status = -1, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIE+DCCA+CgAwIBAgISESHVV5p9ybDcuT+A7ITU5IQYMA0GCSqGSIb3DQEBCwUA\n" + "MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD\n" + "VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\n" + "RzIwHhcNMTUxMDIxMDkxOTAwWhcNMTYxMjE4MTY1NDU2WjA8MSEwHwYDVQQLExhE\n" + "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFzAVBgNVBAMMDioubmxuZXRsYWJzLm5s\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHpmwd7SC6vLKde0IcYD\n" + "rrVcSSZFNrmP6Wtw5rR7KTBGfj70lCzo1Tu4KzOeFL23cB/Y8kWPojw73eYM+lnr\n" + "woZmdG28q+nYeZYRNjFpeLmwK87bpWxw760FrdQSdPrgM9uZS02AWD8PWIWZQ+0X\n" + "5XbkgSSjgSRAeT6Ki+8r9TcA+rgUv208kHVgFrBqeNQ//oRojN/7tBbbXrVTy37W\n" + "yWLCijExfBzQSsamZqskwhmzYyCJOXCqHUGh/Nyt9WvcX4YE7ogba33M7EQX2C37\n" + "ZH+XcmHGdhhLahuMoAm39mchN8TwY7R6DtmvM/WhDdc4dkEWjvrUnGYQhajsKVIZ\n" + "oQIDAQABo4IBzjCCAcowDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EM\n" + "AQIBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3Jl\n" + "cG9zaXRvcnkvMCcGA1UdEQQgMB6CDioubmxuZXRsYWJzLm5sggxubG5ldGxhYnMu\n" + "bmwwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYD\n" + "VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2Rv\n" + "bWFpbnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAC\n" + "hjtodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZh\n" + "bHNoYTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNp\n" + "Z24uY29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBR8k4wtqr2L7in153sI\n" + "aE9Eo+ZB5zAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG\n" + "9w0BAQsFAAOCAQEAHgjG+iHJ8INGp/J0VskjmMItSdcTJhsQbAf1Pz1eu87cXhFa\n" + "Vro1xRN9KcsKhnd6TbflDpZkM0g9kX1nGZUWLxMmDbx6N/Y+0X9XHBkgTcVgo1gn\n" + "DkzBfMq/Qmy6Szl+RqNinvM2VjkjreWP2AFmIvbZxjMQDAtSs+5l1Qd+xR3Qxrim\n" + "5XFIaS7lR8ediLKO0trf7TcbXYZ72u3pxVxm7y2Vzi4mC+lcEcc6409b1yeSRbx/\n" + "9N6pYa8Uk3ZaeR6hZHx/g448vVwAqmKrsyJZOayDwHxrFeFWPfJSrFlT8kLmkr5A\n" + "VKOWjR5fslCGWqONiFHhyujZocIw03v5+kD9lw==\n" + "-----END CERTIFICATE-----\n"}, + { + .name = "CA verification (valid)", + .queries = { + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + NULL}, + .q_size = { 35, 0}, + .expected_ret = 0, + .no_queries = 1, + .secure = 1, + .bogus = 0, + .expected_verify_ret = 0, + .expected_status = 0, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n" + "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n" + "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n" + "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n" + "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n" + "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n" + "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n" + "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n" + "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n" + "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n" + "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n" + "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n" + "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n" + "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n" + "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n" + "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n" + "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n" + "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n" + "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n" + "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n" + "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n" + "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n" + "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n" + "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n" + "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n" + "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n" + "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n" + "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n" + "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n" + "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n" + "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n" + "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n" + "hrA=\n" "-----END CERTIFICATE-----\n", + .ca = "-----BEGIN CERTIFICATE-----\n" + "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n" + "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n" + "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n" + "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n" + "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n" + "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n" + "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n" + "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n" + "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n" + "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n" + "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n" + "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" + "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n" + "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n" + "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n" + "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n" + "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n" + "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n" + "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n" + "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n" + "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n" + "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n" + "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n" + "cPUeybQ=\n" "-----END CERTIFICATE-----\n"}, + { + .name = "CA verification (invalid)", + .queries = { + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x92\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + NULL}, + .q_size = { 35, 0}, + .expected_ret = 0, + .no_queries = 1, + .secure = 1, + .bogus = 0, + .expected_verify_ret = 0, + .expected_status = DANE_VERIFY_CA_CONSTRAINTS_VIOLATED, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n" + "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n" + "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n" + "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n" + "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n" + "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n" + "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n" + "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n" + "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n" + "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n" + "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n" + "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n" + "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n" + "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n" + "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n" + "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n" + "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n" + "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n" + "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n" + "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n" + "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n" + "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n" + "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n" + "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n" + "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n" + "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n" + "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n" + "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n" + "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n" + "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n" + "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n" + "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n" + "hrA=\n" "-----END CERTIFICATE-----\n", + .ca = "-----BEGIN CERTIFICATE-----\n" + "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n" + "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n" + "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n" + "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n" + "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n" + "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n" + "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n" + "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n" + "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n" + "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n" + "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n" + "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" + "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n" + "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n" + "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n" + "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n" + "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n" + "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n" + "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n" + "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n" + "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n" + "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n" + "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n" + "cPUeybQ=\n" "-----END CERTIFICATE-----\n"}, + { /* as the previous but with first byte invalid */ + .name = "CA verification (multiple entries)", + .queries = { + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + (char *) + "\x03\x01\x01\x54\x4f\x28\x4d\x66\xaf\x2d\xe0\x8c\x17\xe7\x48\x6a\xed\xfa\x2e\x00\xaa\x1a\xc6\xbb\xf3\xaf\x5c\xa6\x2b\x55\xab\x7a\xc2\x69\xbe", + (char *) + "\x00\x00\x01\x19\x40\x0b\xe5\xb7\xa3\x1f\xb7\x33\x91\x77\x00\x78\x9d\x2f\x0a\x24\x71\xc0\xc9\xd5\x06\xc0\xe5\x04\xc0\x6c\x16\xd7\xcb\x17\xc0", + (char *) + "\x03\x00\x01\x03\x32\xaa\x2d\x58\xb3\xe0\x54\x4b\x65\x65\x64\x38\x93\x70\x68\xba\x44\xce\x2f\x14\x46\x9c\x4f\x50\xc9\xcc\x69\x33\xc8\x08\xd3", + NULL}, + .q_size = { 35, 35, 35, 35, 0}, + .expected_ret = 0, + .no_queries = 4, + .secure = 1, + .bogus = 0, + .expected_verify_ret = 0, + .expected_status = 0, + .cert = "-----BEGIN CERTIFICATE-----\n" + "MIIGXjCCBUagAwIBAgIQBNO3A71kyzonos0JsLRHrjANBgkqhkiG9w0BAQsFADBw\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\n" + "dXJhbmNlIFNlcnZlciBDQTAeFw0xNDA0MjIwMDAwMDBaFw0xNzA0MjYxMjAwMDBa\n" + "MG0xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UE\n" + "BxMHUmFsZWlnaDEVMBMGA1UEChMMUmVkIEhhdCBJbmMuMRwwGgYDVQQDDBMqLmZl\n" + "ZG9yYXByb2plY3Qub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\n" + "vpd22JvToGSgnx2CBtfdoqvraQWNpQ1aXd/PSM0PVIqEjutrKJF7Xhr7DgHRLOhy\n" + "ko1CzfSp5n6nB7raqDq2kddWgqL3tuyb+lSwdQRGuJZsWW3CCwzR3VNRQUnPldpd\n" + "vqHVSkjHkIZYVcZ2FnMYWEa43ESnmgiQGBg4G+T7/9Pv+10SQ+fOE175GWZKHkJm\n" + "vJZAjIO2uxvJ/rCq3YQI6hdAsclIiSZ4X8UXWt0IMjp/RdCCnv+SS4XCirZ/IDqM\n" + "H+WdMllD0/cbgIOr4SXEuUPEJcI5NziuILe05RefFeZXoC6dxNWr8BvAjxxrZtpS\n" + "/7OMwE+WYkVIH8fkgCTVfsa2ZOvMM5CWzxqWKhbFsbw6EGSVIIUtI3C28i3rjLjr\n" + "XZ/94k3pf3i/u6DzUmlWm8psn6XZXru0+FKPTrmeDluyuxJsgzudk8mF8Cjw/Oc0\n" + "IHVg6Qw/Dm/OM9cAVqmb6ld3GF+QlkzTwurEGKeGj8s8Td0WoPOf6apB/PIaDIu1\n" + "rJphTVyGNqfKqMFFOwqH/M9CVtaEfwYqT9aB8OSE8MtFe3L1WypEq4tK8VUtoi98\n" + "0S9mz4fxathakM+js1eyup/uz0W4cKIFbONLgod0g1arMmSB1Ox7GD6qaUC6zKr8\n" + "hWcKMROSg8VFYMhqwGR2k64knXDsVH1mAOgRbJabr3ECAwEAAaOCAfUwggHxMB8G\n" + "A1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBRaTFeTslW8\n" + "sjOiEWQkQoHtHefJIjAxBgNVHREEKjAoghMqLmZlZG9yYXByb2plY3Qub3JnghFm\n" + "ZWRvcmFwcm9qZWN0Lm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB\n" + "BQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRp\n" + "Z2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9j\n" + "cmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nMi5jcmwwQgYDVR0gBDsw\n" + "OTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl\n" + "cnQuY29tL0NQUzCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8v\n" + "b2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRp\n" + "Z2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0\n" + "MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBADSBIYR5GwUfYTHlXeej\n" + "tgOMbGIiBD1YPBNlP7vLiGc9+Z4rUxWy/TkL7WUFJf1L88ph1CUQ8TbRjLz2RqL8\n" + "snkFWjMsH9ddnwTO4zkCtTjC9fu+broPkmvzmHq2hlXuiDz9G7XvjtbtPujrrKOz\n" + "o1pPAEl5c4B0ANaYL0OMUDhvskJguVMC5S/ZNuvNg6k3jkKZWGZPfcxgcZoPvBM8\n" + "oIjImGyUMpy7bqRPp4K2xoN530GjoXg8OWIvyAwA06ENLZrU1fcSJsvH2gZVzk8s\n" + "EvqFNFnOJN3aQ21imUjAesJ9dXSeCpscDDHqwzmRPuj2/QgtpMCmSZf34mdEzDIJ\n" + "hrA=\n" "-----END CERTIFICATE-----\n", + .ca = "-----BEGIN CERTIFICATE-----\n" + "MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n" + "ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL\n" + "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n" + "LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy\n" + "YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2\n" + "4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC\n" + "Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1\n" + "itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn\n" + "4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X\n" + "sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft\n" + "bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA\n" + "MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" + "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\n" + "dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n" + "L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG\n" + "BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ\n" + "UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D\n" + "aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd\n" + "aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH\n" + "E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\n" + "/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu\n" + "xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF\n" + "0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae\n" + "cPUeybQ=\n" "-----END CERTIFICATE-----\n"} +}; + +static time_t mytime(time_t * t) +{ + time_t then = 1461671166; + + if (t) + *t = then; + + return then; +} + +static void crt_to_der(gnutls_datum_t * chain, const char *pem, unsigned size) +{ + int ret; + gnutls_x509_crt_t crt; + gnutls_datum_t input = { (void *)pem, size }; + + gnutls_x509_crt_init(&crt); + + ret = gnutls_x509_crt_import(crt, &input, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("%d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, chain); + if (ret < 0) { + fail("%d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_deinit(crt); +} + +static void dane_raw_check(void) +{ + dane_state_t s; + dane_query_t r; + int ret; + unsigned int entries, i, j; + char **r_data; + int *r_data_len; + int secure; + int bogus; + + gnutls_global_set_time_function(mytime); + + ret = dane_state_init(&s, DANE_F_IGNORE_LOCAL_RESOLVER); + if (ret < 0) { + fail("dane_state_init: %s\n", dane_strerror(ret)); + } + + for (j = 0; j < sizeof(data_entries) / sizeof(data_entries[0]); j++) { + if (debug) + success("running test[%d]: %s\n", j, + data_entries[j].name); + + ret = + dane_raw_tlsa(s, &r, data_entries[j].queries, + data_entries[j].q_size, + data_entries[j].secure, + data_entries[j].bogus); + if (ret != data_entries[j].expected_ret) { + fail("test[%d]: %d: %s\n", j, __LINE__, + dane_strerror(ret)); + } + + ret = + dane_query_to_raw_tlsa(r, &entries, &r_data, &r_data_len, + &secure, &bogus); + if (ret < 0) { + fail("test[%d]: %d: %s\n", j, __LINE__, + dane_strerror(ret)); + } + + if (entries != data_entries[j].no_queries) + fail("test[%d]: %d\n", j, __LINE__); + + if (secure != data_entries[j].secure) + fail("test[%d]: %d\n", j, __LINE__); + + if (bogus != data_entries[j].bogus) + fail("test[%d]: %d\n", j, __LINE__); + + for (i = 0; i < entries; i++) { + if (r_data_len[i] != data_entries[j].q_size[i]) + fail("test[%d]: %d: %s\n", j, __LINE__, + dane_strerror(ret)); + + if (memcmp + (r_data[i], data_entries[j].queries[i], + r_data_len[i]) != 0) + fail("test[%d]: %d: %s\n", j, __LINE__, + dane_strerror(ret)); + } + + if (data_entries[j].cert) { /* verify cert */ + gnutls_datum_t chain[2]; + unsigned status = 0; + unsigned chain_size = 1; + + crt_to_der(&chain[0], data_entries[j].cert, + strlen(data_entries[j].cert)); + + if (data_entries[j].ca) { + crt_to_der(&chain[1], data_entries[j].ca, + strlen(data_entries[j].ca)); + chain_size++; + } + + ret = + dane_verify_crt_raw(NULL, chain, chain_size, + GNUTLS_CRT_X509, r, 0, 0, + &status); + + if (ret != data_entries[j].expected_verify_ret) + fail("test[%d]: %d: %s\n", j, __LINE__, + dane_strerror(ret)); + + if (ret >= 0 + && status != data_entries[j].expected_status) { + fail("tests[%d]: expected verif. status %x, got %x\n", j, data_entries[j].expected_status, status); + } + free(chain[0].data); + if (chain_size == 2) + free(chain[1].data); + } + + if (debug) + success("completed test[%d]: %s\n", j, + data_entries[j].name); + + gnutls_free(r_data); + gnutls_free(r_data_len); + + dane_query_deinit(r); + } + dane_state_deinit(s); +} + +void doit(void) +{ + int ret; + + ret = global_init(); + if (ret < 0) { + fail("global_init\n"); + exit(1); + } + + dane_raw_check(); + + /* we're done */ + + gnutls_global_deinit(); +} diff --git a/tests/danetool.sh b/tests/danetool.sh new file mode 100755 index 0000000..77ab030 --- /dev/null +++ b/tests/danetool.sh @@ -0,0 +1,81 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${DANETOOL=../src/danetool${EXEEXT}} + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -x "${DANETOOL}"; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +# Check local generation +OUT=$(${DANETOOL} --tlsa-rr --host www.example.com --load-certificate ${srcdir}/certs/cert-ecc256.pem) +if test $? != 0;then + echo "error in test 1" + exit 1 +fi + +if test "$OUT" != '_443._tcp.www.example.com. IN TLSA ( 03 01 01 5978dd1d2d23e992075dc359d5dd14f7ef79748af97f2b7809c9ebfd6016c433 )';then + echo "error in test 2" + exit 1 +fi + +OUT=$(${DANETOOL} --tlsa-rr --host www.example.com --load-certificate ${srcdir}/certs/cert-rsa-2432.pem) +if test $? != 0;then + echo "error in test 3" + exit 1 +fi + +if test "$OUT" != '_443._tcp.www.example.com. IN TLSA ( 03 01 01 671b40d05b28c85e9b2a52912abcdce38c0384cc5a7c693ed3148ca1e97632c9 )';then + echo "error in test 4" + exit 1 +fi + +# Check CA signed certificate generation +OUT=$(${DANETOOL} --tlsa-rr --no-domain --host www.example.com --load-certificate ${srcdir}/certs/cert-rsa-2432.pem) +if test $? != 0;then + echo "error in test 5" + exit 1 +fi + +if test "$OUT" != '_443._tcp.www.example.com. IN TLSA ( 01 01 01 671b40d05b28c85e9b2a52912abcdce38c0384cc5a7c693ed3148ca1e97632c9 )';then + echo "error in test 6" + exit 1 +fi + +# Check CA signer's certificate generation +OUT=$(${DANETOOL} --tlsa-rr --ca --no-domain --host www.example.com --load-certificate ${srcdir}/certs/cert-rsa-2432.pem) +if test $? != 0;then + echo "error in test 7" + exit 1 +fi + +if test "$OUT" != '_443._tcp.www.example.com. IN TLSA ( 00 01 01 671b40d05b28c85e9b2a52912abcdce38c0384cc5a7c693ed3148ca1e97632c9 )';then + echo "error in test 8" + exit 1 +fi + +exit 0 diff --git a/tests/data/large-cert.pem b/tests/data/large-cert.pem new file mode 100644 index 0000000..e1ec5e9 --- /dev/null +++ b/tests/data/large-cert.pem @@ -0,0 +1,2472 @@ +-----BEGIN CERTIFICATE----- +MIMBzwYwgwHNvaADAgECAhRI/jiyE4Aa9/foA9t0UnUBukMHTDA9BgkqhkiG9w0B +AQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGi +AwIBQDAPMQ0wCwYDVQQDEwRDQS0wMCAXDTE4MDcyNjA5MDIwNFoYDzk5OTkxMjMx +MjM1OTU5WjATMREwDwYDVQQDEwhzZXJ2ZXItMTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMCaO+utkTXswNueFkbF5W7s5D1eXjV+6V+T4+uk/P0Sn8+6 +yxqSrOHzcYYSDElA48timxEFz1B/TFkToFPFf/wn3J2oC2Ah7Z4qkRPnl79Hwi8F +lEqwPJ9KggY/ePzTAOJEph3+nROWHYw0qbpMs2uSLIQLsWd9jA3rxNyajI752eb2 +O3ayUn2pdFeYKH9/+yeNWVcZfliaYedHtqWNRNu/4WPKuckNw15xOZE0I1+uuKM0 +PFD7ahn5K+GI2HuHuj1FgI1Nu5kJ4NDtCvv8PIIOsQcTfwB91O3YOf3GOSCg7Dfi +KuFK3AoF1o4aLL/SJSF6syuyATDKYT5kTAizB9kCAwEAAaODAcvwMIMBy+swgwHL +cQYIKgMEBQYHCQoEgwHLYv8KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4K +qwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs +/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqr +Aaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+ +CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsBrP4KqwGs/gqrAaz+CqsB +rP4KqwGs/gqrAaz+CqsBrP7/MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9j +YWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFBC88VbYc+loQtyrA3NU +HWJgfq1oMB8GA1UdIwQYMBaAFBEYYyBI1QIjN3NryoKlW74cywyTMD0GCSqGSIb3 +DQEBCjAwoA0wCwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQC +AaIDAgFAA4IBAQCat574RIsTDuoiIiwhWKP4MtXM4niBy36teszehgXuODDW0tuy +3Cj0DI/+FHDm3g7f619vDMVBH/hj88k3cqhuPNe2gRTZgZSljhM+qc1J33OSTu5d +TN3TMuS25Ls6QcAlNtxSxPjFEhO/7Lj+dpNcaG8JP2E5NCEKPT2jGjiiasgaU1Pm +u0qNg+uaifAiIOLG0S0RqklDD6KfpkcIBSqQBYZDnUIinoWF0wv2+uqTCqy6zDMK +PRgNeyvnWvJ8rFqDPFV0yzFL93GqrWfKGJoNS6fHCW7rqn0Er7vaDgTTt7NUfyBf +SMvsv2A061AoftwbDAyzCX+EVOMYnYJj7K9j +-----END CERTIFICATE----- diff --git a/tests/data/listings-DTLS1.0 b/tests/data/listings-DTLS1.0 new file mode 100644 index 0000000..e261b18 --- /dev/null +++ b/tests/data/listings-DTLS1.0 @@ -0,0 +1,11 @@ +Cipher suites for NORMAL:-VERS-ALL:+VERS-DTLS1.0 +TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 0xc0, 0x0a SSL3.0 +TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 0xc0, 0x09 SSL3.0 +TLS_ECDHE_RSA_AES_256_CBC_SHA1 0xc0, 0x14 SSL3.0 +TLS_ECDHE_RSA_AES_128_CBC_SHA1 0xc0, 0x13 SSL3.0 +TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0 +TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0 +TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0 +TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0 + +Protocols: VERS-DTLS1.0 diff --git a/tests/data/listings-SSL3.0 b/tests/data/listings-SSL3.0 new file mode 100644 index 0000000..8422532 --- /dev/null +++ b/tests/data/listings-SSL3.0 @@ -0,0 +1,14 @@ +Cipher suites for NORMAL:-VERS-ALL:+VERS-SSL3.0:+ARCFOUR-128 +TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 0xc0, 0x0a SSL3.0 +TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 0xc0, 0x09 SSL3.0 +TLS_ECDHE_ECDSA_ARCFOUR_128_SHA1 0xc0, 0x07 SSL3.0 +TLS_ECDHE_RSA_AES_256_CBC_SHA1 0xc0, 0x14 SSL3.0 +TLS_ECDHE_RSA_AES_128_CBC_SHA1 0xc0, 0x13 SSL3.0 +TLS_ECDHE_RSA_ARCFOUR_128_SHA1 0xc0, 0x11 SSL3.0 +TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0 +TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0 +TLS_RSA_ARCFOUR_128_SHA1 0x00, 0x05 SSL3.0 +TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0 +TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0 + +Protocols: VERS-SSL3.0 diff --git a/tests/data/listings-SSL3.0-TLS1.1 b/tests/data/listings-SSL3.0-TLS1.1 new file mode 100644 index 0000000..9c9621d --- /dev/null +++ b/tests/data/listings-SSL3.0-TLS1.1 @@ -0,0 +1,11 @@ +Cipher suites for NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+VERS-TLS1.1 +TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 0xc0, 0x0a SSL3.0 +TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 0xc0, 0x09 SSL3.0 +TLS_ECDHE_RSA_AES_256_CBC_SHA1 0xc0, 0x14 SSL3.0 +TLS_ECDHE_RSA_AES_128_CBC_SHA1 0xc0, 0x13 SSL3.0 +TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0 +TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0 +TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0 +TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0 + +Protocols: VERS-TLS1.0, VERS-TLS1.1 diff --git a/tests/data/listings-TLS1.0 b/tests/data/listings-TLS1.0 new file mode 100644 index 0000000..a6f5f25 --- /dev/null +++ b/tests/data/listings-TLS1.0 @@ -0,0 +1,11 @@ +Cipher suites for NORMAL:-VERS-ALL:+VERS-TLS1.0 +TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 0xc0, 0x0a SSL3.0 +TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 0xc0, 0x09 SSL3.0 +TLS_ECDHE_RSA_AES_256_CBC_SHA1 0xc0, 0x14 SSL3.0 +TLS_ECDHE_RSA_AES_128_CBC_SHA1 0xc0, 0x13 SSL3.0 +TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0 +TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0 +TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0 +TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0 + +Protocols: VERS-TLS1.0 diff --git a/tests/data/listings-TLS1.1 b/tests/data/listings-TLS1.1 new file mode 100644 index 0000000..1ab7700 --- /dev/null +++ b/tests/data/listings-TLS1.1 @@ -0,0 +1,11 @@ +Cipher suites for NORMAL:-VERS-ALL:+VERS-TLS1.1 +TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 0xc0, 0x0a SSL3.0 +TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 0xc0, 0x09 SSL3.0 +TLS_ECDHE_RSA_AES_256_CBC_SHA1 0xc0, 0x14 SSL3.0 +TLS_ECDHE_RSA_AES_128_CBC_SHA1 0xc0, 0x13 SSL3.0 +TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0 +TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0 +TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0 +TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0 + +Protocols: VERS-TLS1.1 diff --git a/tests/data/listings-legacy1 b/tests/data/listings-legacy1 new file mode 100644 index 0000000..549ca73 --- /dev/null +++ b/tests/data/listings-legacy1 @@ -0,0 +1,4 @@ +Cipher suites for NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-GCM:+SIGN-ALL:+COMP-NULL +TLS_RSA_AES_128_GCM_SHA256 0x00, 0x9c TLS1.2 + +Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0 diff --git a/tests/data/listings-legacy2 b/tests/data/listings-legacy2 new file mode 100644 index 0000000..35ce346 --- /dev/null +++ b/tests/data/listings-legacy2 @@ -0,0 +1,4 @@ +Cipher suites for NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL +TLS_RSA_CAMELLIA_256_GCM_SHA384 0xc0, 0x7b TLS1.2 + +Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0 diff --git a/tests/data/listings-legacy3 b/tests/data/listings-legacy3 new file mode 100644 index 0000000..cc93250 --- /dev/null +++ b/tests/data/listings-legacy3 @@ -0,0 +1,4 @@ +Cipher suites for NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:+CTYPE-OPENPGP +TLS_RSA_CAMELLIA_256_GCM_SHA384 0xc0, 0x7b TLS1.2 + +Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0 diff --git a/tests/data/listings-legacy4 b/tests/data/listings-legacy4 new file mode 100644 index 0000000..736692e --- /dev/null +++ b/tests/data/listings-legacy4 @@ -0,0 +1,4 @@ +Cipher suites for NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+CAMELLIA-256-GCM:+SIGN-ALL:+COMP-NULL:-CTYPE-OPENPGP +TLS_RSA_CAMELLIA_256_GCM_SHA384 0xc0, 0x7b TLS1.2 + +Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0 diff --git a/tests/data/listings-old-SSL3.0-TLS1.1 b/tests/data/listings-old-SSL3.0-TLS1.1 new file mode 100644 index 0000000..b83b9e6 --- /dev/null +++ b/tests/data/listings-old-SSL3.0-TLS1.1 @@ -0,0 +1,11 @@ +Cipher suites for NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:+VERS-TLS1.1 +TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 0xc0, 0x0a SSL3.0 +TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 0xc0, 0x09 SSL3.0 +TLS_ECDHE_RSA_AES_256_CBC_SHA1 0xc0, 0x14 SSL3.0 +TLS_ECDHE_RSA_AES_128_CBC_SHA1 0xc0, 0x13 SSL3.0 +TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0 +TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0 +TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0 +TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0 + +Protocols: VERS-TLS1.0, VERS-SSL3.0, VERS-TLS1.1 diff --git a/tests/data/long.crl b/tests/data/long.crl new file mode 100644 index 0000000..5dea927 Binary files /dev/null and b/tests/data/long.crl differ diff --git a/tests/data/long.pem b/tests/data/long.pem new file mode 100644 index 0000000..ec5c762 --- /dev/null +++ b/tests/data/long.pem @@ -0,0 +1,29149 @@ +X.509 Certificate Revocation List Information: + Version: 2 + Issuer: CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB + Update dates: + Issued: Tue Jun 03 20:36:25 UTC 2014 + Next at: Sat Jun 07 20:36:25 UTC 2014 + Extensions: + Authority Key Identifier (not critical): + 3fd5b5d0d64479504a17a39b8c4adcb8b022646b + CRL Number (not critical): 0604 + Revoked certificates (10625): + Serial Number (hex): 00dcddcff9af593127bcc65300462ab143 + Revoked at: Sat May 29 08:38:37 UTC 2010 + Serial Number (hex): 00f40f4031d53ca0447e6910c0abe13118 + Revoked at: Tue Jun 01 18:22:21 UTC 2010 + Serial Number (hex): 00bc33e25e95fe55a4c32ca58024f40685 + Revoked at: Mon Jun 07 14:00:22 UTC 2010 + Serial Number (hex): 4f6c034798bffdfe45a35099b2bc9199 + Revoked at: Tue Jun 15 16:51:42 UTC 2010 + Serial Number (hex): 00ea64cadd36adbd0bd895601136841a96 + Revoked at: Thu Jun 24 17:03:07 UTC 2010 + Serial Number (hex): 00c20df177bf0dcede262f4cc329cfce84 + Revoked at: Tue Jun 29 12:50:24 UTC 2010 + Serial Number (hex): 00b8e104514f38554f614fa80c93262bf8 + Revoked at: Wed Jun 30 14:46:57 UTC 2010 + Serial Number (hex): 16e5808ec2bdb4c8616d87b108c89302 + Revoked at: Thu Jul 01 11:32:30 UTC 2010 + Serial Number (hex): 286a55362a7189e9639ad4c6dd76d271 + Revoked at: Fri Jul 02 14:32:25 UTC 2010 + Serial Number (hex): 7c1996eff11f36899e3fb15946def245 + Revoked at: Fri Jul 02 19:26:16 UTC 2010 + Serial Number (hex): 00d6d6473d3bfad91440fa8cb686a93e12 + Revoked at: Tue Jul 06 14:11:31 UTC 2010 + Serial Number (hex): 1f61054956198c3965e38f15c44595cb + Revoked at: Tue Jul 06 14:12:12 UTC 2010 + Serial Number (hex): 008e3a44d82fd97c7dd8d18bb6cff6efcf + Revoked at: Thu Jul 08 20:42:17 UTC 2010 + Serial Number (hex): 318d68886c410fdaa16254e4b3cbafe1 + Revoked at: Fri Jul 09 15:20:25 UTC 2010 + Serial Number (hex): 00b1149b2f7cd6ae896159c4da5c10a091 + Revoked at: Fri Jul 09 17:48:31 UTC 2010 + Serial Number (hex): 00d2dc67892b996c857fa9af17d8e2304f + Revoked at: Fri Jul 09 20:50:01 UTC 2010 + Serial Number (hex): 3ac45937d0dba4648f7eadeac90b119d + Revoked at: Thu Jul 15 14:48:56 UTC 2010 + Serial Number (hex): 199b65c1bbe06e6ce99e40bd88dd0cd0 + Revoked at: Wed Jul 21 19:27:17 UTC 2010 + Serial Number (hex): 00d1edf2f147ccec7a026f624fa55c62c0 + Revoked at: Fri Jul 23 19:30:12 UTC 2010 + Serial Number (hex): 00f97ece0cfbfd06a56ee4ba6fd3bb6845 + Revoked at: Mon Aug 02 17:47:41 UTC 2010 + Serial Number (hex): 00e5a2b3e33eaa09f88f01abeca2d1b414 + Revoked at: Mon Aug 09 23:40:10 UTC 2010 + Serial Number (hex): 0277d201399293619d5a069895110bd5 + Revoked at: Tue Aug 10 14:26:22 UTC 2010 + Serial Number (hex): 5e39d78bbc662f2c6fa6b329f46f6075 + Revoked at: Mon Aug 16 18:23:30 UTC 2010 + Serial Number (hex): 073f3f8f8670c5260168d4d9b68cae72 + Revoked at: Mon Aug 16 18:24:05 UTC 2010 + Serial Number (hex): 27b9c048a136629a19fd039e8edebe7c + Revoked at: Fri Aug 27 23:03:07 UTC 2010 + Serial Number (hex): 743389f8ac962d2deaeda12502918b8a + Revoked at: Wed Sep 01 20:23:54 UTC 2010 + Serial Number (hex): 3322f3a0e2b7e81279ad41f8c68ff311 + Revoked at: Thu Sep 02 13:15:56 UTC 2010 + Serial Number (hex): 00bed15a991995013d99134f74d17b17a7 + Revoked at: Thu Sep 02 16:36:17 UTC 2010 + Serial Number (hex): 1c385e556f0b6ba78acbf78f85b844cf + Revoked at: Fri Sep 03 18:36:16 UTC 2010 + Serial Number (hex): 7a9fe931e9f9d2a97bfc1537dbfcc09a + Revoked at: Fri Sep 03 19:44:22 UTC 2010 + Serial Number (hex): 5f75563937bf84eb665765a3dd1201c8 + Revoked at: Sat Sep 04 16:17:25 UTC 2010 + Serial Number (hex): 7dba4082379b1a0460692802eaba99df + Revoked at: Mon Sep 06 16:16:02 UTC 2010 + Serial Number (hex): 18abde150c25aa9fc8127fa027004193 + Revoked at: Wed Sep 15 17:16:05 UTC 2010 + Serial Number (hex): 3405dcac0596dfe5d9d27062fb7d516d + Revoked at: Wed Sep 15 20:16:02 UTC 2010 + Serial Number (hex): 47ea2c3bf796bc78242de0f67be60d66 + Revoked at: Wed Sep 15 20:16:26 UTC 2010 + Serial Number (hex): 00b6a882596e59eb779a8c38c90053d0d1 + Revoked at: Thu Sep 16 16:34:37 UTC 2010 + Serial Number (hex): 6e6c0044de17242b50d284e8bdd7bb43 + Revoked at: Thu Sep 16 20:21:39 UTC 2010 + Serial Number (hex): 38e5fbdc5ac47789b7410f3dd31624af + Revoked at: Fri Sep 17 15:45:48 UTC 2010 + Serial Number (hex): 00c5160af0a880154452a1fda388f05480 + Revoked at: Fri Sep 17 18:58:13 UTC 2010 + Serial Number (hex): 133bcdba3c8cc69767a4803550cdf091 + Revoked at: Fri Sep 17 20:14:41 UTC 2010 + Serial Number (hex): 00a4d11ed2579ffc46623b2972cac764ef + Revoked at: Fri Sep 17 20:24:45 UTC 2010 + Serial Number (hex): 00df72a4c3f66275b467d10a84789378af + Revoked at: Fri Sep 17 21:01:43 UTC 2010 + Serial Number (hex): 00bc6d72c970e33f09b9598a66cfd79b9c + Revoked at: Tue Sep 21 16:12:07 UTC 2010 + Serial Number (hex): 00dca809437a0ec5d01b035e4f5777f657 + Revoked at: Tue Sep 21 18:52:42 UTC 2010 + Serial Number (hex): 31e3c3bb04f3e0ba5609df3a3ee63c50 + Revoked at: Wed Sep 22 09:20:53 UTC 2010 + Serial Number (hex): 0080698711d0f19b920b54efafc9fca201 + Revoked at: Wed Sep 22 14:36:19 UTC 2010 + Serial Number (hex): 3c3bf2b260ce416f6ee786e4bd303309 + Revoked at: Thu Sep 23 22:34:04 UTC 2010 + Serial Number (hex): 2544854d127fb8c6b33eefb30f545ff3 + Revoked at: Mon Sep 27 20:57:47 UTC 2010 + Serial Number (hex): 00dfb2ffcd1fac7761dfd4dd7ede6b5d04 + Revoked at: Wed Sep 29 14:13:12 UTC 2010 + Serial Number (hex): 07347541901c82e36626b9b9e63e4b43 + Revoked at: Wed Sep 29 18:26:11 UTC 2010 + Serial Number (hex): 00bee22dbad0a7b33c318a10b4a5c24136 + Revoked at: Thu Sep 30 02:53:57 UTC 2010 + Serial Number (hex): 7f12a475ffd970bf6cc711c2fffabb1f + Revoked at: Thu Sep 30 19:05:14 UTC 2010 + Serial Number (hex): 7790f8b31a58ffa6622f69505c365c03 + Revoked at: Mon Oct 04 17:34:54 UTC 2010 + Serial Number (hex): 510de9dd9a49822d5026c24a73a57aad + Revoked at: Mon Oct 04 17:39:21 UTC 2010 + Serial Number (hex): 3f3607957fae070982b0cd8c13c5ccd3 + Revoked at: Thu Oct 07 19:57:09 UTC 2010 + Serial Number (hex): 00e392116aef4a0d39f9e979d6d7d59e08 + Revoked at: Fri Oct 08 13:53:18 UTC 2010 + Serial Number (hex): 00c87fce976bf7f2242a94ca339e0048e3 + Revoked at: Fri Oct 08 14:01:53 UTC 2010 + Serial Number (hex): 00c8b52885d9dbe06ce3618291ca19a074 + Revoked at: Fri Oct 08 15:01:56 UTC 2010 + Serial Number (hex): 71c0c7aa1ebc756b4e5d2f593f564c24 + Revoked at: Fri Oct 08 15:48:41 UTC 2010 + Serial Number (hex): 009bc9d8a9163b5518c7ae6b6cb2d6a241 + Revoked at: Tue Oct 12 16:05:16 UTC 2010 + Serial Number (hex): 584e1d1c40d6d94b93c71be4bc72b073 + Revoked at: Tue Oct 12 16:06:35 UTC 2010 + Serial Number (hex): 00da7433d44ae3d4a00679f931d8c74477 + Revoked at: Thu Oct 14 20:23:28 UTC 2010 + Serial Number (hex): 0097ab5c443b983a584d5a1c32b4cceb44 + Revoked at: Fri Oct 15 22:17:38 UTC 2010 + Serial Number (hex): 008e64d23bf262d10738fcf03bccc4e3b5 + Revoked at: Tue Oct 19 18:39:48 UTC 2010 + Serial Number (hex): 00970b1a5974e7ba79d3721880827b9a1d + Revoked at: Wed Oct 20 14:15:17 UTC 2010 + Serial Number (hex): 0cb5b0077899ebf761a2c63ba50809b5 + Revoked at: Wed Oct 20 20:36:01 UTC 2010 + Serial Number (hex): 25f7c527277ca396e4d6756d9aa174af + Revoked at: Fri Oct 22 08:55:51 UTC 2010 + Serial Number (hex): 30c394ffbe9a0509c2d03535055a2f64 + Revoked at: Fri Oct 22 19:12:58 UTC 2010 + Serial Number (hex): 00ce434e84cc5f19b7db2ebcde72b3ad23 + Revoked at: Fri Oct 22 20:07:52 UTC 2010 + Serial Number (hex): 014906c4ada41fa903eefe5b93c71705 + Revoked at: Wed Oct 27 16:20:27 UTC 2010 + Serial Number (hex): 00896e8cea6b937a96143a514061e53ba9 + Revoked at: Wed Oct 27 23:23:36 UTC 2010 + Serial Number (hex): 1ca70716fa81543e689703c92e656770 + Revoked at: Thu Oct 28 14:04:49 UTC 2010 + Serial Number (hex): 2a831dce81aeb49b214f5ff44e186afb + Revoked at: Mon Nov 01 14:21:09 UTC 2010 + Serial Number (hex): 557feb2bbb4aafc14a6356701d456550 + Revoked at: Tue Nov 02 01:42:56 UTC 2010 + Serial Number (hex): 00d3eac1e210520e7f49913266d7eeae9e + Revoked at: Tue Nov 02 13:38:16 UTC 2010 + Serial Number (hex): 30fa634a0186a0cde35155f648101bf5 + Revoked at: Tue Nov 02 15:46:55 UTC 2010 + Serial Number (hex): 00c95707beba8209c50a2d2a3422ec7c05 + Revoked at: Tue Nov 02 17:15:45 UTC 2010 + Serial Number (hex): 38957944775a17fd7080ecafd3edc22a + Revoked at: Tue Nov 02 17:20:20 UTC 2010 + Serial Number (hex): 00ffca68d9bf509a62699cee524338cc2a + Revoked at: Wed Nov 03 13:53:46 UTC 2010 + Serial Number (hex): 09472a42f6089be861ba60b437ceff7b + Revoked at: Thu Nov 04 15:29:27 UTC 2010 + Serial Number (hex): 00ab79d2a63eaca4a4192c8d6d6aaca993 + Revoked at: Thu Nov 04 17:29:46 UTC 2010 + Serial Number (hex): 5e2701b5298dc9802860751cd504ead2 + Revoked at: Thu Nov 04 17:30:13 UTC 2010 + Serial Number (hex): 00b740db4ce97da2d59be6399e4ac9ca6b + Revoked at: Thu Nov 04 17:30:46 UTC 2010 + Serial Number (hex): 00c136383a3cc176ab17656a802c46a9a7 + Revoked at: Thu Nov 04 19:12:33 UTC 2010 + Serial Number (hex): 68559206313a9e660cd07a1de5c97fc0 + Revoked at: Fri Nov 05 12:58:57 UTC 2010 + Serial Number (hex): 1766004ebc9720eb87f8d030cc706ff2 + Revoked at: Fri Nov 05 18:03:49 UTC 2010 + Serial Number (hex): 6d566f98d0ab7b5dfe0b3bb469734ca3 + Revoked at: Fri Nov 05 21:00:11 UTC 2010 + Serial Number (hex): 00c519b8cf0bbabc96791561ec0b700356 + Revoked at: Fri Nov 05 21:13:44 UTC 2010 + Serial Number (hex): 4cacb9329dddfc1985228035da939aa9 + Revoked at: Tue Nov 09 15:14:18 UTC 2010 + Serial Number (hex): 7baa02e1a39a9bc76f9b2f147f98b60a + Revoked at: Tue Nov 09 21:33:07 UTC 2010 + Serial Number (hex): 00d0fbd0b03b5de127cfae5468fe3443ff + Revoked at: Wed Nov 17 15:50:35 UTC 2010 + Serial Number (hex): 7806853d84ead17362192bdee19aa812 + Revoked at: Wed Nov 17 21:26:13 UTC 2010 + Serial Number (hex): 191a264feaf5434884d67880140bc4a5 + Revoked at: Fri Nov 19 19:50:53 UTC 2010 + Serial Number (hex): 00f2c0c7e3c6f652dc34b99e796f758cbd + Revoked at: Fri Nov 19 20:47:38 UTC 2010 + Serial Number (hex): 0092de2e2836714fa62723acad0d359d59 + Revoked at: Tue Nov 23 21:15:46 UTC 2010 + Serial Number (hex): 610d24aef9b4fa7a9918ea8a8f311c53 + Revoked at: Thu Nov 25 18:19:40 UTC 2010 + Serial Number (hex): 00ecb6534fe44c6b18eb4beddd3fc42eb9 + Revoked at: Mon Nov 29 14:26:55 UTC 2010 + Serial Number (hex): 00d48a1f24b6495e1e6b9712f17c3581ee + Revoked at: Mon Dec 06 08:09:49 UTC 2010 + Serial Number (hex): 2d96d2d09670dd21f694142cb8e21970 + Revoked at: Mon Dec 06 16:45:01 UTC 2010 + Serial Number (hex): 0080cc877f9d3ecbad786fa66595d2881d + Revoked at: Tue Dec 07 22:17:49 UTC 2010 + Serial Number (hex): 0b1283e645aa01c922f5b5fb1682d2f6 + Revoked at: Wed Dec 08 19:16:56 UTC 2010 + Serial Number (hex): 1fce873cfef149dccf18daabf3ab4b76 + Revoked at: Wed Dec 08 19:33:53 UTC 2010 + Serial Number (hex): 00a6a8f18ce94dff191572301f20cd63c6 + Revoked at: Wed Dec 08 23:19:13 UTC 2010 + Serial Number (hex): 00ad6bc390261c3583567575779d13b62c + Revoked at: Thu Dec 09 21:54:54 UTC 2010 + Serial Number (hex): 57109562a3ba1daf405c647988d5ce23 + Revoked at: Fri Dec 10 15:59:43 UTC 2010 + Serial Number (hex): 00ba1bd2167639c7789e68af4db8329223 + Revoked at: Mon Dec 13 21:27:24 UTC 2010 + Serial Number (hex): 00e21584d22ae363a9e0eb5df47f66f5ba + Revoked at: Fri Dec 17 20:37:19 UTC 2010 + Serial Number (hex): 7fd86919635497db0504f752fd7a70a6 + Revoked at: Mon Dec 20 14:32:03 UTC 2010 + Serial Number (hex): 0fa2a1701607c967d55bcac30a63bb0c + Revoked at: Wed Dec 22 10:01:52 UTC 2010 + Serial Number (hex): 00ba2ae6ea00aea2d1e90628661da779ca + Revoked at: Wed Dec 22 10:02:22 UTC 2010 + Serial Number (hex): 00a50f501f6e4cc2f6ad05381db35a6f36 + Revoked at: Wed Dec 22 10:02:55 UTC 2010 + Serial Number (hex): 664b26256715365dc4aaa61488e70a73 + Revoked at: Wed Dec 22 10:03:25 UTC 2010 + Serial Number (hex): 7b8efc82c489dc5ee8edad13f9dc606c + Revoked at: Fri Dec 31 05:04:45 UTC 2010 + Serial Number (hex): 4f747fa8237a73ba51d2bd98a71a767d + Revoked at: Thu Jan 06 15:50:20 UTC 2011 + Serial Number (hex): 00ca2fda158668c8cc53702e18e7d96a73 + Revoked at: Thu Jan 06 16:28:13 UTC 2011 + Serial Number (hex): 615ed5ff4043e8231e762365f58d1c74 + Revoked at: Thu Jan 06 23:49:05 UTC 2011 + Serial Number (hex): 00d6d3b04296d7129902951a4d80036a68 + Revoked at: Fri Jan 07 11:14:05 UTC 2011 + Serial Number (hex): 1b36882afee29a82451db05d5cc2f1f8 + Revoked at: Fri Jan 07 11:14:12 UTC 2011 + Serial Number (hex): 573bd9dc00a3d45780d51c0d5b49d3a3 + Revoked at: Wed Jan 12 23:05:36 UTC 2011 + Serial Number (hex): 0086b1a102fe843f58bbe05a7e0ca47df1 + Revoked at: Fri Jan 14 17:42:53 UTC 2011 + Serial Number (hex): 6b2e104801165d135b32b6770220bab4 + Revoked at: Tue Jan 18 19:19:34 UTC 2011 + Serial Number (hex): 00cf3469d0a13d767b07fee27fcceadd46 + Revoked at: Tue Jan 18 19:53:47 UTC 2011 + Serial Number (hex): 00f4f3b0d86d854f54e632aa888207f7df + Revoked at: Wed Jan 19 14:39:36 UTC 2011 + Serial Number (hex): 00d0e3645f9ff4d941404ae8453fa905d4 + Revoked at: Thu Jan 20 16:44:14 UTC 2011 + Serial Number (hex): 1dca3666e016add2675904a60f203d55 + Revoked at: Sat Jan 22 00:20:46 UTC 2011 + Serial Number (hex): 00b65eabcf812eacb0092e7e6b34cbc96d + Revoked at: Wed Jan 26 11:05:11 UTC 2011 + Serial Number (hex): 00d164e45ce7c49eb92566c34cff92e048 + Revoked at: Wed Jan 26 21:55:04 UTC 2011 + Serial Number (hex): 00a80f0732247b420d8259c2b7f363d5f5 + Revoked at: Thu Jan 27 12:54:10 UTC 2011 + Serial Number (hex): 00e0fbed35afb00a81498c74664c1ff60d + Revoked at: Fri Jan 28 20:22:01 UTC 2011 + Serial Number (hex): 04f83c7d53a1a80d1d4c1dfdae34a8b7 + Revoked at: Tue Feb 01 15:48:52 UTC 2011 + Serial Number (hex): 00eaf5f057e91179f0ac733e0279054223 + Revoked at: Tue Feb 01 15:49:04 UTC 2011 + Serial Number (hex): 00e742f5cd026fdb73316bbc9b6a5183f5 + Revoked at: Tue Feb 01 21:56:06 UTC 2011 + Serial Number (hex): 009914a604ebce486cd240e6278e909f25 + Revoked at: Fri Feb 04 19:38:33 UTC 2011 + Serial Number (hex): 00e73889fa0acbaefb0bd4b6c22809877c + Revoked at: Fri Feb 04 22:08:44 UTC 2011 + Serial Number (hex): 0f68f6077d15033912ef47c1ce10c413 + Revoked at: Tue Feb 08 16:03:18 UTC 2011 + Serial Number (hex): 7a69544de9858b43f85fdbeb234bf9 + Revoked at: Tue Feb 08 16:04:06 UTC 2011 + Serial Number (hex): 00be9437b5be5ab033f1d3c9c84964ab75 + Revoked at: Tue Feb 08 16:10:15 UTC 2011 + Serial Number (hex): 1c759925eaa8878d0d386d751fd0e8a5 + Revoked at: Wed Feb 09 02:56:10 UTC 2011 + Serial Number (hex): 00ffa8c105abd45a4b35c917d92ee55f2d + Revoked at: Wed Feb 09 21:01:39 UTC 2011 + Serial Number (hex): 00e6ee28bd75dc17084d33a21b89a36739 + Revoked at: Thu Feb 10 09:40:43 UTC 2011 + Serial Number (hex): 51154f7041aa74b7b442dd084fd6223c + Revoked at: Thu Feb 10 21:26:45 UTC 2011 + Serial Number (hex): 75404b2c6b12209ac58f4c7a4e5fe67e + Revoked at: Fri Feb 11 13:53:43 UTC 2011 + Serial Number (hex): 0085501d3e4de70e065577d585f1718c98 + Revoked at: Mon Feb 14 11:00:51 UTC 2011 + Serial Number (hex): 1a47ab809573c1ca1d1b228473be5377 + Revoked at: Tue Feb 15 17:02:08 UTC 2011 + Serial Number (hex): 00919fd5284f2782522acbbc517be16712 + Revoked at: Tue Feb 15 17:44:22 UTC 2011 + Serial Number (hex): 00a2dd8c6b6ea7c31d6664b42fb2a2953e + Revoked at: Tue Feb 15 18:48:58 UTC 2011 + Serial Number (hex): 75c8e696bb1e1f5f13c77c513eb4d1f6 + Revoked at: Wed Feb 16 13:21:14 UTC 2011 + Serial Number (hex): 008cf53fb0bb09a71cbb427cd858bf6472 + Revoked at: Wed Feb 16 22:46:45 UTC 2011 + Serial Number (hex): 00b9cd2a7ed92586dde861a6bbd51c21e8 + Revoked at: Mon Feb 21 19:39:23 UTC 2011 + Serial Number (hex): 4106a6b95644dedc9eb1e845cdc2e2b5 + Revoked at: Wed Feb 23 16:34:40 UTC 2011 + Serial Number (hex): 009b0ed8d1aa79a3b3701628afb49a24c5 + Revoked at: Wed Feb 23 17:03:32 UTC 2011 + Serial Number (hex): 071b8b256809be14f29e70d167a11155 + Revoked at: Tue Mar 01 17:59:42 UTC 2011 + Serial Number (hex): 0089034bbdf9199b91f3542637a7945568 + Revoked at: Tue Mar 01 20:01:28 UTC 2011 + Serial Number (hex): 00fb0556266b72550db674f23d43046872 + Revoked at: Mon Mar 07 20:01:38 UTC 2011 + Serial Number (hex): 00d3700cfb6ae3d490ebe14303767ad19e + Revoked at: Tue Mar 08 16:27:07 UTC 2011 + Serial Number (hex): 01b1b015e8f413776bc7e1b835fb2afe + Revoked at: Tue Mar 08 16:53:09 UTC 2011 + Serial Number (hex): 00f32180aa6cc5d820f9707dc93d65114d + Revoked at: Tue Mar 15 20:36:46 UTC 2011 + Serial Number (hex): 0a07ea90c1d2f26f8998c4647a41b67f + Revoked at: Wed Mar 16 14:10:39 UTC 2011 + Serial Number (hex): 1ad0d9e5caeb91edd37d2113e69c12cc + Revoked at: Wed Mar 16 14:41:10 UTC 2011 + Serial Number (hex): 00a2d655303df9bbecc5be5ac9bb33484e + Revoked at: Wed Mar 16 14:42:09 UTC 2011 + Serial Number (hex): 00e384b5db6242fa95afd635697c5f991a + Revoked at: Thu Mar 17 18:23:34 UTC 2011 + Serial Number (hex): 4a3872ef0abf323d031b2084751610e6 + Revoked at: Wed Mar 23 05:50:36 UTC 2011 + Serial Number (hex): 00aec8102e520ed711e3453ba2d04d8c9d + Revoked at: Thu Mar 24 13:09:24 UTC 2011 + Serial Number (hex): 7127baa0de1c7b654792d7b8f30d57c6 + Revoked at: Thu Mar 24 14:18:05 UTC 2011 + Serial Number (hex): 762937dac9a313e2fd457140dd864982 + Revoked at: Fri Mar 25 19:06:52 UTC 2011 + Serial Number (hex): 009e313e1fb2a9430688a577befa7a8d5e + Revoked at: Wed Mar 30 17:49:14 UTC 2011 + Serial Number (hex): 7c94237934483760a92bb7676090b425 + Revoked at: Sat Apr 02 17:49:34 UTC 2011 + Serial Number (hex): 0092b228500d5d1321a97abe8ac56d941d + Revoked at: Sat Apr 02 17:49:43 UTC 2011 + Serial Number (hex): 00f492ac4cb40bb3e83b8467d10562d974 + Revoked at: Wed Apr 06 20:17:38 UTC 2011 + Serial Number (hex): 00a7a4a8a5736292784b9927de2f2ff8d6 + Revoked at: Thu Apr 07 20:19:53 UTC 2011 + Serial Number (hex): 00bcd41dc82ac4ece836a8633ed26d298f + Revoked at: Fri Apr 08 19:08:05 UTC 2011 + Serial Number (hex): 5588d2fbeea9470c68699fe7b4498ca5 + Revoked at: Fri Apr 08 20:58:46 UTC 2011 + Serial Number (hex): 00b89d471f538d48fa06f2d100306349e5 + Revoked at: Fri Apr 08 20:58:54 UTC 2011 + Serial Number (hex): 3b16d03c90a676c8350c471df9a37c04 + Revoked at: Mon Apr 11 18:12:20 UTC 2011 + Serial Number (hex): 00819462f307a3017c501e74dbc2c34d96 + Revoked at: Mon Apr 11 18:18:47 UTC 2011 + Serial Number (hex): 3f6936dd5b4fcc59e53009a5f13673ea + Revoked at: Tue Apr 12 14:38:16 UTC 2011 + Serial Number (hex): 00ad44049bd9c8de5865612952142baaf2 + Revoked at: Wed Apr 13 17:50:28 UTC 2011 + Serial Number (hex): 77d7d5ae38f348d0d70ef38b96e57d9a + Revoked at: Thu Apr 14 17:12:11 UTC 2011 + Serial Number (hex): 7e237dfbb123016cec05f7b6989c5f15 + Revoked at: Fri Apr 15 07:09:37 UTC 2011 + Serial Number (hex): 00af34711652896896c7b0c35b485fc061 + Revoked at: Fri Apr 15 07:22:46 UTC 2011 + Serial Number (hex): 340fec2bc7e74144d8002eec7221a9f9 + Revoked at: Fri Apr 15 19:31:59 UTC 2011 + Serial Number (hex): 00bef0e2dd384d766078632ec5f428cde0 + Revoked at: Mon Apr 18 16:25:37 UTC 2011 + Serial Number (hex): 1e42b570af884f775bb4251d9b1f175d + Revoked at: Tue Apr 19 20:40:22 UTC 2011 + Serial Number (hex): 6fc1e91255f00a92a93026a42337baf8 + Revoked at: Wed Apr 20 19:57:11 UTC 2011 + Serial Number (hex): 538d1732f8ca4f6038507c3dd71d2d62 + Revoked at: Wed Apr 20 21:25:20 UTC 2011 + Serial Number (hex): 00fb1516bf5703c37d8fd7211599d5db7c + Revoked at: Tue Apr 26 13:57:50 UTC 2011 + Serial Number (hex): 11f5caa0fb2b7da7ef9272a53c71b0ba + Revoked at: Tue Apr 26 16:06:10 UTC 2011 + Serial Number (hex): 37e2ab84002f9f718eac72e0b441d16b + Revoked at: Thu Apr 28 14:30:08 UTC 2011 + Serial Number (hex): 30a068ce74c6e3b68310e886bd3a1c01 + Revoked at: Mon May 02 15:33:08 UTC 2011 + Serial Number (hex): 3c9634686623bdb052e7936239c78883 + Revoked at: Thu May 05 18:35:33 UTC 2011 + Serial Number (hex): 3d83c705c3da85e09c71b3b6aa2e2444 + Revoked at: Mon May 09 14:37:15 UTC 2011 + Serial Number (hex): 10db34dc0cc2d5afb70930723c12c286 + Revoked at: Mon May 09 16:41:57 UTC 2011 + Serial Number (hex): 0097bc0c561b3606210f1ee56f4129e555 + Revoked at: Mon May 09 18:14:26 UTC 2011 + Serial Number (hex): 00d295eed106196f65fccc12c22c49b917 + Revoked at: Tue May 10 13:32:22 UTC 2011 + Serial Number (hex): 33526c57d853bdfa5c189f4438fd7a86 + Revoked at: Wed May 11 17:14:49 UTC 2011 + Serial Number (hex): 5bf0253cbe28d46b1a7198cee019ef97 + Revoked at: Wed May 11 21:05:02 UTC 2011 + Serial Number (hex): 00d792194a02e808d347a5c7d759d2f9ef + Revoked at: Mon May 16 20:57:38 UTC 2011 + Serial Number (hex): 00f76668aee943947d3dafad83d8b872bd + Revoked at: Wed May 18 14:11:41 UTC 2011 + Serial Number (hex): 0dab316221514c70ba4132cdb35181af + Revoked at: Wed May 18 14:16:13 UTC 2011 + Serial Number (hex): 00afc3d324521972dff20f71aebf2dd80e + Revoked at: Thu May 19 05:03:37 UTC 2011 + Serial Number (hex): 00e338550d6b511270ca1fd1c06437c58d + Revoked at: Thu May 19 14:08:47 UTC 2011 + Serial Number (hex): 00cd50e38d2fc413a995bfe7ea0999538f + Revoked at: Thu May 19 19:04:18 UTC 2011 + Serial Number (hex): 00d7c4a8a6de2753abb7041842f9e87f2d + Revoked at: Thu May 19 19:05:00 UTC 2011 + Serial Number (hex): 008e152306816a1547c9d38c04fab68c78 + Revoked at: Thu May 19 19:05:11 UTC 2011 + Serial Number (hex): 1386ff7eeca45081febb14135bd5b7bd + Revoked at: Thu May 19 20:21:54 UTC 2011 + Serial Number (hex): 21832904238d28880b18080467cc8044 + Revoked at: Thu May 19 21:29:14 UTC 2011 + Serial Number (hex): 00a96ac8f1ed9c3f5867db8b51b16779fc + Revoked at: Tue May 24 04:23:38 UTC 2011 + Serial Number (hex): 61fa2c03260c152343750b880040ba42 + Revoked at: Tue May 24 20:59:07 UTC 2011 + Serial Number (hex): 031d3a7325b8d4709746414f465334a6 + Revoked at: Tue May 24 21:42:11 UTC 2011 + Serial Number (hex): 3700866888a79ee231f9ef21d95dd9fc + Revoked at: Wed May 25 21:43:51 UTC 2011 + Serial Number (hex): 662eba92d8a12e06ca20b9c66016999e + Revoked at: Thu May 26 16:35:01 UTC 2011 + Serial Number (hex): 008861696af5448a357fbff550ebe6c90f + Revoked at: Fri May 27 18:03:44 UTC 2011 + Serial Number (hex): 00dd5647809fc12d5a3c7d740846dff076 + Revoked at: Sat May 28 08:42:21 UTC 2011 + Serial Number (hex): 0093af1e9e599e85f47c60533af83dd6fd + Revoked at: Mon May 30 10:43:23 UTC 2011 + Serial Number (hex): 00a110caa113a227edb34fb041a0a4d875 + Revoked at: Tue May 31 13:25:32 UTC 2011 + Serial Number (hex): 00ff56826c434101070791a7ae08730af5 + Revoked at: Tue May 31 13:26:53 UTC 2011 + Serial Number (hex): 00c7e0595ccfeadc092e9c597a2ad18d04 + Revoked at: Tue May 31 13:38:33 UTC 2011 + Serial Number (hex): 4396ab2202f2a1d7adaa09936c55cc2b + Revoked at: Tue May 31 20:55:29 UTC 2011 + Serial Number (hex): 309ddc851fee3cfaace2076111c10f77 + Revoked at: Wed Jun 01 07:42:44 UTC 2011 + Serial Number (hex): 00b6e2502bb063ff89164ad035a5025010 + Revoked at: Wed Jun 01 12:30:31 UTC 2011 + Serial Number (hex): 2f4090db4ce7a04b72faa2a2bd12090b + Revoked at: Wed Jun 01 12:52:33 UTC 2011 + Serial Number (hex): 367fc4e84d38d285a28e442cf8e2c48a + Revoked at: Wed Jun 01 16:53:20 UTC 2011 + Serial Number (hex): 00c0509a82f976f027b9fe8258e5ac4dcf + Revoked at: Wed Jun 01 20:43:01 UTC 2011 + Serial Number (hex): 38928b2611cf7bd89e1ac15e8577238c + Revoked at: Thu Jun 02 15:49:38 UTC 2011 + Serial Number (hex): 00b7349a15787518670620f4b7061ea1af + Revoked at: Thu Jun 02 20:05:45 UTC 2011 + Serial Number (hex): 008b63970540adf985e97cf6c79b685247 + Revoked at: Fri Jun 03 14:41:30 UTC 2011 + Serial Number (hex): 00b5361062dd3fd40cd265d80dcfe78a8c + Revoked at: Mon Jun 06 19:10:05 UTC 2011 + Serial Number (hex): 4e1a1874ad72a318309900fe273423c0 + Revoked at: Tue Jun 07 12:48:09 UTC 2011 + Serial Number (hex): 6f410dbb2986687cc2ada900f30caae5 + Revoked at: Tue Jun 07 17:59:32 UTC 2011 + Serial Number (hex): 1a203edc2b9178276d701c0c15454e93 + Revoked at: Tue Jun 07 19:49:38 UTC 2011 + Serial Number (hex): 1284a7f39a0eb61e464880058c2c2aaa + Revoked at: Wed Jun 08 13:27:00 UTC 2011 + Serial Number (hex): 4c9ce2bdb23aee6e5a0a9686e917d619 + Revoked at: Wed Jun 08 13:36:29 UTC 2011 + Serial Number (hex): 07ae15ce731b7c1ca1511bbd73d8dc47 + Revoked at: Wed Jun 08 15:13:59 UTC 2011 + Serial Number (hex): 008fb44901fd28a10a12169fe5b34516cc + Revoked at: Wed Jun 08 19:31:48 UTC 2011 + Serial Number (hex): 4876b7f8f0cac0648bad56b6572ca0b1 + Revoked at: Wed Jun 08 19:57:21 UTC 2011 + Serial Number (hex): 00c1e547ac611277ccb6f9cf24389636a2 + Revoked at: Thu Jun 09 05:38:16 UTC 2011 + Serial Number (hex): 3d5db73a80be5727e6712cc39d55f7bd + Revoked at: Thu Jun 09 19:12:49 UTC 2011 + Serial Number (hex): 31bd6f99ad04065561057649cd0e00ee + Revoked at: Thu Jun 09 20:14:29 UTC 2011 + Serial Number (hex): 0bc1776ec4e989499beb45f6ab9f1aea + Revoked at: Fri Jun 10 19:25:03 UTC 2011 + Serial Number (hex): 00de0c511f4afee77161e8a63e6d5444b9 + Revoked at: Tue Jun 14 21:30:16 UTC 2011 + Serial Number (hex): 00e83e5057f27ba72046751e88cc0c62ab + Revoked at: Tue Jun 14 21:33:45 UTC 2011 + Serial Number (hex): 773b26a401b4f353052269d6f9ad80ab + Revoked at: Wed Jun 15 07:47:39 UTC 2011 + Serial Number (hex): 0080ae1ab95135ce9b2d954dda3497b238 + Revoked at: Wed Jun 15 07:47:48 UTC 2011 + Serial Number (hex): 0f04d41f64fbe61779ed320ca6c442ff + Revoked at: Wed Jun 15 07:47:57 UTC 2011 + Serial Number (hex): 00814bb4be7c07b9e4320aa238d4eb3e3d + Revoked at: Wed Jun 15 13:48:22 UTC 2011 + Serial Number (hex): 2ca00ac6a32ec84591a4126c17c60953 + Revoked at: Wed Jun 15 19:34:36 UTC 2011 + Serial Number (hex): 00e2c0610146ace298460419736d8d880d + Revoked at: Thu Jun 16 08:35:27 UTC 2011 + Serial Number (hex): 00f19cd00fd7cf16c2750264bb017df6ce + Revoked at: Thu Jun 16 14:55:35 UTC 2011 + Serial Number (hex): 22875fdcd956c900046ef62ee8308d43 + Revoked at: Thu Jun 16 18:46:40 UTC 2011 + Serial Number (hex): 00e982b961d4642b09ae0525dd8ae770f1 + Revoked at: Fri Jun 17 11:07:10 UTC 2011 + Serial Number (hex): 1d43895f4b33f35a7cabb57ac5d5b8e8 + Revoked at: Tue Jun 21 13:05:19 UTC 2011 + Serial Number (hex): 0087d79fda2c439541dd07fcffb53fffd5 + Revoked at: Tue Jun 21 14:32:05 UTC 2011 + Serial Number (hex): 00890606f4a7c7dede5926753c113bc467 + Revoked at: Tue Jun 21 15:26:34 UTC 2011 + Serial Number (hex): 28b03545e52d4d6bf9932e701d44e9c7 + Revoked at: Tue Jun 21 15:38:16 UTC 2011 + Serial Number (hex): 5b3b0b2fd40b4fd83469c445da5bc5e1 + Revoked at: Tue Jun 21 19:07:16 UTC 2011 + Serial Number (hex): 4fdcbf70178baf61fa1b6c2252e95177 + Revoked at: Tue Jun 21 19:07:32 UTC 2011 + Serial Number (hex): 0083a5e9abde3acf2ea097c15926b1f1df + Revoked at: Tue Jun 21 21:16:08 UTC 2011 + Serial Number (hex): 00e92fc314d8501132f4ac75b763eda83e + Revoked at: Wed Jun 22 06:21:15 UTC 2011 + Serial Number (hex): 00d2c311229d2437795215624b54c2f0ce + Revoked at: Wed Jun 22 06:21:24 UTC 2011 + Serial Number (hex): 0080bf0167de73b5641d39cbfcd6df2e3d + Revoked at: Wed Jun 22 15:24:05 UTC 2011 + Serial Number (hex): 65b2d06754013f5ad5fff9a9e4807799 + Revoked at: Wed Jun 22 15:59:07 UTC 2011 + Serial Number (hex): 009c6aa25c8c9c574fa9be23f184a9e239 + Revoked at: Wed Jun 22 16:01:49 UTC 2011 + Serial Number (hex): 69dee2b55363119137888dc1e8e6cb87 + Revoked at: Wed Jun 22 16:03:10 UTC 2011 + Serial Number (hex): 31872c0179d5603da3c7beb8c3d600f4 + Revoked at: Wed Jun 22 19:00:09 UTC 2011 + Serial Number (hex): 42a52882bf636fe89a9c53e1f278a1ea + Revoked at: Thu Jun 23 19:15:52 UTC 2011 + Serial Number (hex): 00a80c6a2a2a61f47b24996c3ce2854f23 + Revoked at: Thu Jun 23 19:16:58 UTC 2011 + Serial Number (hex): 00bbe146cba0e4612bac825b1b06db2a + Revoked at: Thu Jun 23 19:17:58 UTC 2011 + Serial Number (hex): 39d49a44e175253b506c984eacd60d59 + Revoked at: Thu Jun 23 19:47:24 UTC 2011 + Serial Number (hex): 353408427a722ab9c8db9272c3b75462 + Revoked at: Fri Jun 24 12:22:16 UTC 2011 + Serial Number (hex): 1eb3b308037ca0444431788f06af43e0 + Revoked at: Fri Jun 24 14:35:27 UTC 2011 + Serial Number (hex): 0097b21fb5bb7dbb146f897e6a3dbf332d + Revoked at: Fri Jun 24 15:20:29 UTC 2011 + Serial Number (hex): 00cad189b00d0cc5327873453bb6e7311a + Revoked at: Fri Jun 24 17:40:23 UTC 2011 + Serial Number (hex): 16f14c01a2d54d8f32bf0dad555655f4 + Revoked at: Fri Jun 24 18:36:13 UTC 2011 + Serial Number (hex): 4cfe6b2a6b3c74d57514ac34eb69689b + Revoked at: Fri Jun 24 19:13:02 UTC 2011 + Serial Number (hex): 00d25c0760aef98935ea6acb8ee3fc78ab + Revoked at: Fri Jun 24 19:26:51 UTC 2011 + Serial Number (hex): 00ba98d15d8d17b4157c7e7fd762d1c445 + Revoked at: Tue Jun 28 13:35:14 UTC 2011 + Serial Number (hex): 00bf27d36415d8325b22624bbf3fd7e9dd + Revoked at: Tue Jun 28 18:26:21 UTC 2011 + Serial Number (hex): 37f493edf1f8f9496a7b86d1c1afc5da + Revoked at: Tue Jun 28 21:21:13 UTC 2011 + Serial Number (hex): 00ec8f9989cafef94635516342fc0e4b6b + Revoked at: Tue Jun 28 21:22:53 UTC 2011 + Serial Number (hex): 00a14b680b1bd107c92015e62d7144c5aa + Revoked at: Wed Jun 29 11:08:58 UTC 2011 + Serial Number (hex): 00e5abe43d8642820352b50fcd140791af + Revoked at: Wed Jun 29 19:39:50 UTC 2011 + Serial Number (hex): 0087b971a1296457d30e534ec8de46f76b + Revoked at: Thu Jun 30 09:17:26 UTC 2011 + Serial Number (hex): 00e0fbb6eb9a0137de278e6c7fb0ee9ad1 + Revoked at: Fri Jul 01 10:14:43 UTC 2011 + Serial Number (hex): 3bc9dba70f7e65ea84d3cd944a19009e + Revoked at: Fri Jul 01 12:03:33 UTC 2011 + Serial Number (hex): 08ebdcf7f23fa66f2199384e20424e5a + Revoked at: Fri Jul 01 18:06:31 UTC 2011 + Serial Number (hex): 008000a706e892316b41fafe50c2a9e3ce + Revoked at: Fri Jul 01 18:06:49 UTC 2011 + Serial Number (hex): 5d35648b493be005ff1bcbb5a6b50623 + Revoked at: Fri Jul 01 18:06:59 UTC 2011 + Serial Number (hex): 715309050f48232f68a89bc5a4834ee3 + Revoked at: Mon Jul 04 07:54:59 UTC 2011 + Serial Number (hex): 663e720dde185ca668cce9739e0bbbb6 + Revoked at: Mon Jul 04 11:35:50 UTC 2011 + Serial Number (hex): 00e3fac44d5b039e5a3f87942f3ead28c2 + Revoked at: Tue Jul 05 08:10:51 UTC 2011 + Serial Number (hex): 008b9ec97bc759e017d990410c1d637e02 + Revoked at: Tue Jul 05 12:39:02 UTC 2011 + Serial Number (hex): 194a45fcfb5d2590a3428971b344f5cd + Revoked at: Tue Jul 05 14:30:54 UTC 2011 + Serial Number (hex): 00f9c4f10d9a3c3709387e8b30ae90741d + Revoked at: Tue Jul 05 14:32:03 UTC 2011 + Serial Number (hex): 1feea7d3080b406470594aa9f3042490 + Revoked at: Tue Jul 05 14:47:14 UTC 2011 + Serial Number (hex): 00f040eb9362f19781629facb2e9c72aaf + Revoked at: Tue Jul 05 19:00:01 UTC 2011 + Serial Number (hex): 00b858e477546ea444225217267615977a + Revoked at: Tue Jul 05 19:19:26 UTC 2011 + Serial Number (hex): 00eb27535dc9245da550154f0e0a18b4da + Revoked at: Wed Jul 06 04:30:47 UTC 2011 + Serial Number (hex): 3d1fabd87f55c954008dd306876608d8 + Revoked at: Wed Jul 06 04:55:51 UTC 2011 + Serial Number (hex): 6828ace2620c67e57e8a0a6abf4ecf83 + Revoked at: Wed Jul 06 12:26:18 UTC 2011 + Serial Number (hex): 04b3e2e905845f533781ebc89f5c0a2b + Revoked at: Wed Jul 06 19:32:50 UTC 2011 + Serial Number (hex): 74c13dfd65c26958505aab09b9722c7e + Revoked at: Wed Jul 06 21:23:34 UTC 2011 + Serial Number (hex): 42d4b64f1c2db97a3134c5deedbc102f + Revoked at: Thu Jul 07 15:49:43 UTC 2011 + Serial Number (hex): 00a015fe0b3ad295226521e86bf673f69b + Revoked at: Thu Jul 07 16:28:45 UTC 2011 + Serial Number (hex): 426beea22a29d71fc8cce65bf499f83e + Revoked at: Thu Jul 07 20:27:44 UTC 2011 + Serial Number (hex): 1cf13e9cf53a6694685c24d6e76d20fa + Revoked at: Thu Jul 07 22:23:02 UTC 2011 + Serial Number (hex): 008a75f94f6c6e503ba781da03f8209091 + Revoked at: Fri Jul 08 12:29:54 UTC 2011 + Serial Number (hex): 0097815bef87af59284463810bf338fc1c + Revoked at: Fri Jul 08 15:48:01 UTC 2011 + Serial Number (hex): 00f427889f6e45e2656d9a645e2fa8e521 + Revoked at: Fri Jul 08 17:56:21 UTC 2011 + Serial Number (hex): 7a06e299e82276a3f2874f582cf6a2dc + Revoked at: Fri Jul 08 22:33:51 UTC 2011 + Serial Number (hex): 3dfea8e0e5a1919e9413deea923cd630 + Revoked at: Mon Jul 11 14:15:43 UTC 2011 + Serial Number (hex): 0085f8a4ba79af0eb270a29560e1355553 + Revoked at: Mon Jul 11 14:20:53 UTC 2011 + Serial Number (hex): 171f5c5efd3a47a6957b740e67f82ca1 + Revoked at: Mon Jul 11 14:28:37 UTC 2011 + Serial Number (hex): 2578cc5c39ece860771de554ae513fda + Revoked at: Mon Jul 11 15:42:32 UTC 2011 + Serial Number (hex): 00bd1f91f37b78c4ac0b6d240df8f869c3 + Revoked at: Mon Jul 11 18:13:42 UTC 2011 + Serial Number (hex): 009146ba7998987e43f12f8b81e9504547 + Revoked at: Tue Jul 12 18:14:50 UTC 2011 + Serial Number (hex): 46913e129b406b144a67923bb46d18a2 + Revoked at: Tue Jul 12 18:39:15 UTC 2011 + Serial Number (hex): 1f9e5daa240484dfc23efdfc88dab064 + Revoked at: Tue Jul 12 18:42:59 UTC 2011 + Serial Number (hex): 6107560c456b44b3304986a161e971d4 + Revoked at: Tue Jul 12 21:31:41 UTC 2011 + Serial Number (hex): 4858a4a2cf4a9f3867d4f807bce267f0 + Revoked at: Wed Jul 13 19:39:46 UTC 2011 + Serial Number (hex): 00f8c6b9bd511f2bbffe588f0bdd4e3628 + Revoked at: Thu Jul 14 07:47:51 UTC 2011 + Serial Number (hex): 50a3eb411b689c46bd29758b2373bd12 + Revoked at: Thu Jul 14 12:04:04 UTC 2011 + Serial Number (hex): 389ca594aeb8a5a68765dcef9fc8a73b + Revoked at: Thu Jul 14 16:52:26 UTC 2011 + Serial Number (hex): 59b590f2278d3f92817306628f9bf87f + Revoked at: Thu Jul 14 20:41:55 UTC 2011 + Serial Number (hex): 00b2c26670654d998f1d074f58d5ba1d8b + Revoked at: Thu Jul 14 20:44:41 UTC 2011 + Serial Number (hex): 3f991e54d7a61e5edec7293d512885e8 + Revoked at: Fri Jul 15 11:56:14 UTC 2011 + Serial Number (hex): 41e547916e39e1654bcde581fe4f56c4 + Revoked at: Fri Jul 15 20:42:33 UTC 2011 + Serial Number (hex): 00ca4dccc13ebf3a3551685e094f78ab6a + Revoked at: Sat Jul 16 07:07:38 UTC 2011 + Serial Number (hex): 2f6cf24eefc8dc768ed7f088accc1986 + Revoked at: Mon Jul 18 13:19:46 UTC 2011 + Serial Number (hex): 00b53a157f9cbcdda29b0caa1879dff3b9 + Revoked at: Mon Jul 18 15:27:17 UTC 2011 + Serial Number (hex): 00f2cd846e727c0b1476a4d98c85b518e5 + Revoked at: Tue Jul 19 20:21:12 UTC 2011 + Serial Number (hex): 476bf8c189049dbb1dc2cb26355b18d6 + Revoked at: Tue Jul 19 21:02:52 UTC 2011 + Serial Number (hex): 0f9608aa6f13c4466f5699d2c1ece16c + Revoked at: Wed Jul 20 18:15:57 UTC 2011 + Serial Number (hex): 00810d0ed87fd09560f7d4d2f518da17cc + Revoked at: Wed Jul 20 19:04:27 UTC 2011 + Serial Number (hex): 1e0636646ce4f7af455f345cda99e8f9 + Revoked at: Thu Jul 21 13:11:13 UTC 2011 + Serial Number (hex): 3d127e1ff3e8198992b0223bfd7e9597 + Revoked at: Thu Jul 21 20:01:12 UTC 2011 + Serial Number (hex): 4d9bceaf61d35f9be2effee8a4e0b179 + Revoked at: Thu Jul 21 20:22:59 UTC 2011 + Serial Number (hex): 6ff94aef761f58b79112b4c53370b41d + Revoked at: Fri Jul 22 13:52:42 UTC 2011 + Serial Number (hex): 008d87f4900775858ac786645b228c4bc8 + Revoked at: Fri Jul 22 13:52:45 UTC 2011 + Serial Number (hex): 1b2c77ae6d069714d5659f2dcba3a3fe + Revoked at: Sat Jul 23 01:48:34 UTC 2011 + Serial Number (hex): 008811932c51688534f9cbe71fb112f086 + Revoked at: Mon Jul 25 16:00:16 UTC 2011 + Serial Number (hex): 221b1020d8ad29829dfa0500d55ed18b + Revoked at: Mon Jul 25 19:44:56 UTC 2011 + Serial Number (hex): 0083f224d216ddc7685e073d344b4af878 + Revoked at: Tue Jul 26 14:47:31 UTC 2011 + Serial Number (hex): 73a0596c34b9e05035d3f4c46e30df74 + Revoked at: Tue Jul 26 19:10:37 UTC 2011 + Serial Number (hex): 00de18ee9d13ea3fdf0cb0e1a528d70237 + Revoked at: Tue Jul 26 20:29:49 UTC 2011 + Serial Number (hex): 4e9522135ddd4e2a5c7c3249e34b5b65 + Revoked at: Tue Jul 26 21:35:33 UTC 2011 + Serial Number (hex): 009990a506a7c3b6c029afce6fae08f966 + Revoked at: Wed Jul 27 12:57:05 UTC 2011 + Serial Number (hex): 00c8dc46d5e8a165654793ed9e519e70d3 + Revoked at: Wed Jul 27 21:00:51 UTC 2011 + Serial Number (hex): 00e7f63f6304c193a6563c26c05e7f0be5 + Revoked at: Wed Jul 27 21:02:05 UTC 2011 + Serial Number (hex): 1d3a76d61765fb29d9ff772261c4a9c6 + Revoked at: Wed Jul 27 21:02:56 UTC 2011 + Serial Number (hex): 5ae02344493cc068dffa448eba026e1f + Revoked at: Thu Jul 28 19:19:05 UTC 2011 + Serial Number (hex): 0098ca01972ff0c672bb3d3d93c60698ce + Revoked at: Fri Jul 29 08:42:53 UTC 2011 + Serial Number (hex): 00a8297b96ce784ca4fba524487f52d5af + Revoked at: Fri Jul 29 08:47:02 UTC 2011 + Serial Number (hex): 00ef3fa2651b8682be7ef01fbe52f8c74c + Revoked at: Fri Jul 29 17:33:33 UTC 2011 + Serial Number (hex): 2eda82e92ff93710c5d189ab44b5a22b + Revoked at: Fri Jul 29 18:18:36 UTC 2011 + Serial Number (hex): 0088b661261c9c29376511c3de02737f06 + Revoked at: Fri Jul 29 20:29:51 UTC 2011 + Serial Number (hex): 0096e31aae7ca3bd06e7311c48d5471d76 + Revoked at: Mon Aug 01 10:51:56 UTC 2011 + Serial Number (hex): 00a37fa571b21ef4810a8c1f443918ae01 + Revoked at: Mon Aug 01 20:49:13 UTC 2011 + Serial Number (hex): 1bda03ee891df035165db54cf4abab48 + Revoked at: Mon Aug 01 20:50:46 UTC 2011 + Serial Number (hex): 60be0415c9d40e25a6fce4f1e3913255 + Revoked at: Mon Aug 01 21:09:15 UTC 2011 + Serial Number (hex): 00ea4474ceb0c9d06c9fb46175475967ac + Revoked at: Tue Aug 02 16:22:24 UTC 2011 + Serial Number (hex): 3b5e47a7dbc8aaab4530c0ab14de77ee + Revoked at: Tue Aug 02 16:22:32 UTC 2011 + Serial Number (hex): 008f82e2b9188e3547db2db89606f6fba0 + Revoked at: Tue Aug 02 20:46:47 UTC 2011 + Serial Number (hex): 00d1bfa6fc8906b8e81d783f33e49b8e92 + Revoked at: Tue Aug 02 20:55:11 UTC 2011 + Serial Number (hex): 00d6d30c1e893bcf770d853f9c7d58ff0a + Revoked at: Wed Aug 03 09:23:10 UTC 2011 + Serial Number (hex): 00a27dfaf7d80e017487aee1677d078fb9 + Revoked at: Wed Aug 03 20:33:51 UTC 2011 + Serial Number (hex): 03078201e40c34529faafb28968d4fc4 + Revoked at: Wed Aug 03 20:34:33 UTC 2011 + Serial Number (hex): 58edeb27a96b321b249d59789acdeb76 + Revoked at: Wed Aug 03 20:35:08 UTC 2011 + Serial Number (hex): 5c7ff5bb528cf35b32c5b01c00b3c923 + Revoked at: Thu Aug 04 19:40:04 UTC 2011 + Serial Number (hex): 2b1c03eabf7721fc31c9cc80bf85328e + Revoked at: Fri Aug 05 13:27:56 UTC 2011 + Serial Number (hex): 3dc68a82c38daabc95ae4053a4c57400 + Revoked at: Fri Aug 05 13:29:45 UTC 2011 + Serial Number (hex): 2832a2b545d0df30dc71293da5405660 + Revoked at: Fri Aug 05 14:40:04 UTC 2011 + Serial Number (hex): 0861c325ab324003bd1c65cc1991fbf5 + Revoked at: Fri Aug 05 18:39:07 UTC 2011 + Serial Number (hex): 009e2d6b52cc45c739cb136a1767a25e9b + Revoked at: Fri Aug 05 18:51:25 UTC 2011 + Serial Number (hex): 56e6fdb30b23f2760c1f164a49169bc7 + Revoked at: Fri Aug 05 19:08:52 UTC 2011 + Serial Number (hex): 00f61a6ab47aa360fca74a3a23caca0dc9 + Revoked at: Mon Aug 08 13:34:15 UTC 2011 + Serial Number (hex): 008821ac96463a87c9a5e8dc64d6602288 + Revoked at: Mon Aug 08 19:04:40 UTC 2011 + Serial Number (hex): 6158a7ca928927732f22c4e0481a9a60 + Revoked at: Tue Aug 09 00:23:32 UTC 2011 + Serial Number (hex): 00b9ff7effa01282444c3bbf47f8c6ea7a + Revoked at: Tue Aug 09 04:39:52 UTC 2011 + Serial Number (hex): 00a1494fccc63eb7a3645e9b2e46459ab1 + Revoked at: Tue Aug 09 09:57:53 UTC 2011 + Serial Number (hex): 265e2a1e97e6e1386986bd28e90c32d4 + Revoked at: Tue Aug 09 14:15:50 UTC 2011 + Serial Number (hex): 20a0bedce2dc564687aea3f940184e13 + Revoked at: Tue Aug 09 14:16:21 UTC 2011 + Serial Number (hex): 00dfe14e1c374f943e0ce1b3b7cafffdd6 + Revoked at: Tue Aug 09 14:16:59 UTC 2011 + Serial Number (hex): 5885692deeea816b8d6e901cf6fa5b7c + Revoked at: Tue Aug 09 14:17:07 UTC 2011 + Serial Number (hex): 02f712fb2de68807464531f9bd75f94f + Revoked at: Tue Aug 09 20:14:26 UTC 2011 + Serial Number (hex): 00c4b4827b9f6a614acd4211189272fba3 + Revoked at: Tue Aug 09 20:15:11 UTC 2011 + Serial Number (hex): 00e7f8ed8cbb7d506ad025526b5b9a2330 + Revoked at: Wed Aug 10 14:53:03 UTC 2011 + Serial Number (hex): 00c1eda2371df82d70f89104e1b27111f7 + Revoked at: Wed Aug 10 21:16:25 UTC 2011 + Serial Number (hex): 008743478de80a14357de941aae452a441 + Revoked at: Wed Aug 10 21:28:41 UTC 2011 + Serial Number (hex): 00a1eb1682fe07d157453b3cb55725c2e1 + Revoked at: Wed Aug 10 22:00:04 UTC 2011 + Serial Number (hex): 00bf0e8e1bfdd99d9e12a5f71505cee57d + Revoked at: Thu Aug 11 08:11:04 UTC 2011 + Serial Number (hex): 00ee2850652320b26f1ad72cb4df572396 + Revoked at: Thu Aug 11 13:54:41 UTC 2011 + Serial Number (hex): 00e40c448ecef9716ad3d484fe0dedc2c5 + Revoked at: Thu Aug 11 18:41:00 UTC 2011 + Serial Number (hex): 00e9e0f37c61df9cea01e6a4eab734842d + Revoked at: Thu Aug 11 18:41:43 UTC 2011 + Serial Number (hex): 49f40d6e8da6f148a093a9db4ee9675d + Revoked at: Thu Aug 11 18:42:19 UTC 2011 + Serial Number (hex): 77aa9d5fe5a1501909568364fc30ae1e + Revoked at: Thu Aug 11 19:37:43 UTC 2011 + Serial Number (hex): 00e817b1a38b130901212bca86efc7dedb + Revoked at: Fri Aug 12 08:51:32 UTC 2011 + Serial Number (hex): 00c35b8ca68f0423a224daba3025c2812c + Revoked at: Fri Aug 12 16:18:49 UTC 2011 + Serial Number (hex): 2298e15f7080a00dc6f20e5dd5d71c6e + Revoked at: Fri Aug 12 16:21:22 UTC 2011 + Serial Number (hex): 42f5ba404d7eae0959b35ae2658cdade + Revoked at: Fri Aug 12 16:31:20 UTC 2011 + Serial Number (hex): 77d08ee34621d6db2ebecbb03aaece48 + Revoked at: Fri Aug 12 16:38:18 UTC 2011 + Serial Number (hex): 565d63e1bfe9c0501f4157471eac5c15 + Revoked at: Fri Aug 12 17:06:05 UTC 2011 + Serial Number (hex): 00df457fb645bfb87323e5400f69c2796c + Revoked at: Fri Aug 12 17:09:39 UTC 2011 + Serial Number (hex): 0098b6ea6324f4e145ca0ce886ddd39b64 + Revoked at: Fri Aug 12 20:03:20 UTC 2011 + Serial Number (hex): 009f147aa14d5fc7e5a0392c0d8f387a90 + Revoked at: Sun Aug 14 22:08:18 UTC 2011 + Serial Number (hex): 00a44347b37df1a36cbc296f15994e8f2e + Revoked at: Mon Aug 15 01:13:44 UTC 2011 + Serial Number (hex): 00ac64bff4398979cbab11de421ba316c1 + Revoked at: Mon Aug 15 13:47:57 UTC 2011 + Serial Number (hex): 2dc7fe3226d1f678eb415d65cb91d497 + Revoked at: Mon Aug 15 13:54:56 UTC 2011 + Serial Number (hex): 53f0843352f43be239c7cd07d843aac2 + Revoked at: Mon Aug 15 19:03:19 UTC 2011 + Serial Number (hex): 00aaa713d92787289a8e432037449d95aa + Revoked at: Mon Aug 15 19:44:03 UTC 2011 + Serial Number (hex): 45b2ae259d306f10997ea4947e59bdb0 + Revoked at: Tue Aug 16 02:39:28 UTC 2011 + Serial Number (hex): 308c61a780494cf910bfeca687fa868a + Revoked at: Tue Aug 16 15:50:31 UTC 2011 + Serial Number (hex): 46398ffda8b10ddadbc874e6126788c6 + Revoked at: Tue Aug 16 15:50:39 UTC 2011 + Serial Number (hex): 00836ea2df073986cbea8e8b5c0c6462d8 + Revoked at: Tue Aug 16 17:56:15 UTC 2011 + Serial Number (hex): 41097711424da8d3d23f76d54a29dd1f + Revoked at: Wed Aug 17 01:06:51 UTC 2011 + Serial Number (hex): 15cfb45ad99e934aff5e512891d2ca23 + Revoked at: Wed Aug 17 08:09:53 UTC 2011 + Serial Number (hex): 009543eb1f88117b2325ee26a42ede60ed + Revoked at: Wed Aug 17 21:22:40 UTC 2011 + Serial Number (hex): 597546ccb1dd7a6e95fe47b297e1bb9c + Revoked at: Wed Aug 17 23:27:14 UTC 2011 + Serial Number (hex): 7c456400b92eb7af884792ad2502fb14 + Revoked at: Thu Aug 18 12:22:08 UTC 2011 + Serial Number (hex): 00fc10467fe50b2834b1092e385aecc013 + Revoked at: Thu Aug 18 17:34:17 UTC 2011 + Serial Number (hex): 21432d8c0dbfb4ed56b378953588a784 + Revoked at: Thu Aug 18 19:57:57 UTC 2011 + Serial Number (hex): 00916d456b9259bfa8e9735c95f37c53fe + Revoked at: Thu Aug 18 20:28:32 UTC 2011 + Serial Number (hex): 552d83389dc86c2a01b9203a238f533f + Revoked at: Thu Aug 18 21:05:51 UTC 2011 + Serial Number (hex): 4cde623febdc33a2694558503247ed27 + Revoked at: Thu Aug 18 21:06:32 UTC 2011 + Serial Number (hex): 00992be60ba8ed319a37a1ab9780822127 + Revoked at: Fri Aug 19 19:50:02 UTC 2011 + Serial Number (hex): 00913c5ae49e6653e521ef6ce8db1d6677 + Revoked at: Fri Aug 19 20:16:16 UTC 2011 + Serial Number (hex): 00d499b57f0411649ba1265e3dfc1b3af8 + Revoked at: Mon Aug 22 10:58:27 UTC 2011 + Serial Number (hex): 00de16b05e050243a9739c00d01023ae98 + Revoked at: Mon Aug 22 15:20:43 UTC 2011 + Serial Number (hex): 0081a0b2cc01110aa7562133048a838dad + Revoked at: Tue Aug 23 14:00:19 UTC 2011 + Serial Number (hex): 00d6e43cd4e6aaede2d56f38ef90808e9d + Revoked at: Tue Aug 23 14:00:26 UTC 2011 + Serial Number (hex): 3cb3faa4b54b34a245a9e1c31f8120dc + Revoked at: Tue Aug 23 14:00:32 UTC 2011 + Serial Number (hex): 171b038b32f5ebad7ea3de82d875f3d2 + Revoked at: Tue Aug 23 15:14:18 UTC 2011 + Serial Number (hex): 01b726814746f23db7622184ebc3a465 + Revoked at: Tue Aug 23 21:21:29 UTC 2011 + Serial Number (hex): 22a768995315fdc7544f32c1a1cd95cd + Revoked at: Wed Aug 24 12:05:11 UTC 2011 + Serial Number (hex): 0094600c205e09a80b6409a3a3e5d9eedb + Revoked at: Wed Aug 24 18:26:51 UTC 2011 + Serial Number (hex): 79cb2c1bc6a9e95ce7e1b2eaf51d12c8 + Revoked at: Wed Aug 24 20:33:41 UTC 2011 + Serial Number (hex): 00a0e936a81f3c07fa984ebf9b1b45f30a + Revoked at: Wed Aug 24 20:38:58 UTC 2011 + Serial Number (hex): 00f705e381027692043822bb5aaf67272e + Revoked at: Wed Aug 24 20:53:39 UTC 2011 + Serial Number (hex): 00f80c863f6c0b1a7d237576be98e18045 + Revoked at: Wed Aug 24 21:01:46 UTC 2011 + Serial Number (hex): 13d74b252d7c2f8d6882a41bfdf736f4 + Revoked at: Thu Aug 25 08:13:42 UTC 2011 + Serial Number (hex): 729ccc17456861d808fb9a119a7b668f + Revoked at: Thu Aug 25 13:02:46 UTC 2011 + Serial Number (hex): 0083cac65c15e0ca927a4264c238ac4be5 + Revoked at: Thu Aug 25 13:02:59 UTC 2011 + Serial Number (hex): 00b18e087cb36184648b953e18f8fa0446 + Revoked at: Thu Aug 25 13:07:04 UTC 2011 + Serial Number (hex): 16eee8e00837cf94c2bebee9b97711d3 + Revoked at: Thu Aug 25 14:40:52 UTC 2011 + Serial Number (hex): 00d400040039ed10405b4d8c13720e7922 + Revoked at: Thu Aug 25 15:20:40 UTC 2011 + Serial Number (hex): 1d2437aeff83f985998366a785a13afb + Revoked at: Fri Aug 26 14:13:40 UTC 2011 + Serial Number (hex): 00b9286cef80d148c604957adf1dd6b5b0 + Revoked at: Fri Aug 26 14:14:21 UTC 2011 + Serial Number (hex): 0c0354243f40f2ae7581135ac0b4742c + Revoked at: Fri Aug 26 15:10:46 UTC 2011 + Serial Number (hex): 2431cb623cee7991a970aadc2aebf569 + Revoked at: Fri Aug 26 16:21:02 UTC 2011 + Serial Number (hex): 00b9bbd7ebab3582e002ef3fbaddc6a6a0 + Revoked at: Fri Aug 26 18:15:13 UTC 2011 + Serial Number (hex): 4bbc8d4cb92226ac0fd224443356070a + Revoked at: Sat Aug 27 01:23:59 UTC 2011 + Serial Number (hex): 7ea44d33b3f37b43b8d512790e8de089 + Revoked at: Mon Aug 29 13:24:50 UTC 2011 + Serial Number (hex): 5fca8ce2c7219a8d616b1d3317398ba1 + Revoked at: Mon Aug 29 20:37:32 UTC 2011 + Serial Number (hex): 00a607b5ed5320c4ed92a2893b3297513d + Revoked at: Tue Aug 30 07:36:01 UTC 2011 + Serial Number (hex): 49b65c6d001aa842dcad7e8929ab39e4 + Revoked at: Tue Aug 30 12:25:38 UTC 2011 + Serial Number (hex): 00b79021787083d6e85a7767ededd6b080 + Revoked at: Tue Aug 30 12:25:53 UTC 2011 + Serial Number (hex): 00b48d850c888fd33835de1b6590997cb6 + Revoked at: Tue Aug 30 20:01:46 UTC 2011 + Serial Number (hex): 6053cf01cb3974ceb0563cb3d8f1ccac + Revoked at: Tue Aug 30 20:14:39 UTC 2011 + Serial Number (hex): 00918b2b2121dc05dcdf1b60e0e49d3cd5 + Revoked at: Tue Aug 30 21:19:39 UTC 2011 + Serial Number (hex): 009cf0b5e442ba7c8539a36d6a1c93e63e + Revoked at: Wed Aug 31 08:15:46 UTC 2011 + Serial Number (hex): 00c28076d8974e18dd40c635c4dfda5f52 + Revoked at: Wed Aug 31 10:06:53 UTC 2011 + Serial Number (hex): 53a96749a6e8d028cacaf9f001a08d8b + Revoked at: Wed Aug 31 12:40:21 UTC 2011 + Serial Number (hex): 23070539f47c62b1ff28289ee6c2643d + Revoked at: Wed Aug 31 16:14:14 UTC 2011 + Serial Number (hex): 00c681eea4798bff2077e34d37d7b26be0 + Revoked at: Wed Aug 31 19:34:55 UTC 2011 + Serial Number (hex): 00d99e5cff32b240e5ce7df88c804f3d50 + Revoked at: Wed Aug 31 20:30:00 UTC 2011 + Serial Number (hex): 77354469ae93bc0e68f47e360f461558 + Revoked at: Thu Sep 01 12:21:34 UTC 2011 + Serial Number (hex): 00a78615731ecbe9168d8a7f18f08280fb + Revoked at: Thu Sep 01 19:35:49 UTC 2011 + Serial Number (hex): 00c4bc39fd191c15692e50f94cefce5319 + Revoked at: Thu Sep 01 19:36:05 UTC 2011 + Serial Number (hex): 00d7feb0853ca2fc79417c44a63b94e4fe + Revoked at: Thu Sep 01 20:27:33 UTC 2011 + Serial Number (hex): 00f9d5b026f962a8a8159fad979996a204 + Revoked at: Fri Sep 02 09:11:59 UTC 2011 + Serial Number (hex): 6d279c2e4b9564983b9cdf47cc70751d + Revoked at: Fri Sep 02 13:03:55 UTC 2011 + Serial Number (hex): 12d13da1d62bbca574b2b4be1c052ddf + Revoked at: Fri Sep 02 13:04:06 UTC 2011 + Serial Number (hex): 1b14ee5304038e6f1e0630a8d7217698 + Revoked at: Fri Sep 02 15:12:11 UTC 2011 + Serial Number (hex): 47d866b95a053c81bd57c1a64bf90a33 + Revoked at: Fri Sep 02 16:05:36 UTC 2011 + Serial Number (hex): 4d3ed26e01a41380fee92d4223fce258 + Revoked at: Fri Sep 02 16:05:50 UTC 2011 + Serial Number (hex): 009beba984d7b4adc74a46cc661d669d45 + Revoked at: Fri Sep 02 18:45:34 UTC 2011 + Serial Number (hex): 00a543a259adf576e48d4cd4983d86ecae + Revoked at: Mon Sep 05 09:00:08 UTC 2011 + Serial Number (hex): 008f3eea0783b386063b638b1bfd1c461c + Revoked at: Mon Sep 05 13:28:00 UTC 2011 + Serial Number (hex): 269f2ca1238d3fa435cadd05a8acf96b + Revoked at: Mon Sep 05 14:06:56 UTC 2011 + Serial Number (hex): 009c8915d2cc16f0f9e5d49c1713a9d105 + Revoked at: Wed Sep 07 00:05:08 UTC 2011 + Serial Number (hex): 57b7597780886cc982d95a80267fe090 + Revoked at: Wed Sep 07 09:53:40 UTC 2011 + Serial Number (hex): 20fb1fa2c0132e639726beef68de378b + Revoked at: Wed Sep 07 10:04:58 UTC 2011 + Serial Number (hex): 2e8c519b6fccbf1269fa4b4012dba643 + Revoked at: Wed Sep 07 13:18:00 UTC 2011 + Serial Number (hex): 00f294fd87fec8b741e1213fae59df7078 + Revoked at: Wed Sep 07 15:46:24 UTC 2011 + Serial Number (hex): 106e7af46b3f2441aa49da55e94584b1 + Revoked at: Wed Sep 07 19:10:08 UTC 2011 + Serial Number (hex): 00a02616f6045a144b7c005ddc7eec8654 + Revoked at: Thu Sep 08 06:43:55 UTC 2011 + Serial Number (hex): 00833366f0d46b3f4e362b184089334f20 + Revoked at: Thu Sep 08 11:12:29 UTC 2011 + Serial Number (hex): 0f17674c5432e3322272e212d8c29a44 + Revoked at: Fri Sep 09 09:10:22 UTC 2011 + Serial Number (hex): 7ef5cdfbaf0277088569fe0c8a9d37f1 + Revoked at: Fri Sep 09 09:24:30 UTC 2011 + Serial Number (hex): 07e18018cd1efa6570ec95601f717f66 + Revoked at: Fri Sep 09 09:50:55 UTC 2011 + Serial Number (hex): 58801b5fadc3ebc1e0b18cce2c6280df + Revoked at: Sat Sep 10 19:45:23 UTC 2011 + Serial Number (hex): 5fdef55e6a092a251677821a583d2ed1 + Revoked at: Mon Sep 12 08:56:03 UTC 2011 + Serial Number (hex): 00bc6d407cc276acc8b3febb64544460c0 + Revoked at: Mon Sep 12 20:31:41 UTC 2011 + Serial Number (hex): 00999f49bf2f2bd37ca2c9395f1dd8368b + Revoked at: Mon Sep 12 20:31:45 UTC 2011 + Serial Number (hex): 1bf53d0e52df34f34b2875de8deae166 + Revoked at: Mon Sep 12 20:31:49 UTC 2011 + Serial Number (hex): 6aebf0eb7da8df38a66d65d35f900e15 + Revoked at: Mon Sep 12 21:12:59 UTC 2011 + Serial Number (hex): 00b380b034e4b2f58fdfa184b0b25e4a47 + Revoked at: Tue Sep 13 15:34:26 UTC 2011 + Serial Number (hex): 783ec9a4bb7d483fe6693ff83a53c108 + Revoked at: Tue Sep 13 16:11:31 UTC 2011 + Serial Number (hex): 4d8b7d1d3e610b63af521811e7e787a4 + Revoked at: Wed Sep 14 09:08:39 UTC 2011 + Serial Number (hex): 2ef34d2c0e9443f1e5105da4232f2dfa + Revoked at: Wed Sep 14 10:04:03 UTC 2011 + Serial Number (hex): 28f7ddd12413bd8c16d1a059d340d474 + Revoked at: Thu Sep 15 15:53:19 UTC 2011 + Serial Number (hex): 16e5e9bb29d20fc13417ccd51a22dc82 + Revoked at: Fri Sep 16 14:45:50 UTC 2011 + Serial Number (hex): 369bc6b9be33b02c2b6f8382ec083c26 + Revoked at: Fri Sep 16 17:16:04 UTC 2011 + Serial Number (hex): 00d9032ee2fd4045ecd9d38eb0baa6fed8 + Revoked at: Fri Sep 16 19:06:27 UTC 2011 + Serial Number (hex): 00e40408a49fdaf0c0a1fd06ade8ac9f15 + Revoked at: Fri Sep 16 19:39:08 UTC 2011 + Serial Number (hex): 00dd37542404954e3d39fd8c22df6fc6ef + Revoked at: Fri Sep 16 19:41:34 UTC 2011 + Serial Number (hex): 00d80bdfc2ce263a87457292c032cb21b0 + Revoked at: Mon Sep 19 11:49:08 UTC 2011 + Serial Number (hex): 00acbc0c4a6774d49f4bdbbe015474d14d + Revoked at: Mon Sep 19 13:24:20 UTC 2011 + Serial Number (hex): 692dc3ea3b4dcf930fd7f57e0734df07 + Revoked at: Mon Sep 19 18:02:48 UTC 2011 + Serial Number (hex): 6a4bb11ceaa25c28c9f591fecd4886dc + Revoked at: Mon Sep 19 19:55:17 UTC 2011 + Serial Number (hex): 00ac7ec1585b5c87d28dd900cd5dc6a20a + Revoked at: Tue Sep 20 12:58:09 UTC 2011 + Serial Number (hex): 5004eae9891be5f031374054ecfe6577 + Revoked at: Tue Sep 20 19:05:33 UTC 2011 + Serial Number (hex): 00e578eb345f68e054585174058ce664b6 + Revoked at: Tue Sep 20 21:23:48 UTC 2011 + Serial Number (hex): 008b3104b65893638f4b8d2ee6ce53139f + Revoked at: Wed Sep 21 08:47:47 UTC 2011 + Serial Number (hex): 30be387a06bdc9ad6acd732960e73d04 + Revoked at: Wed Sep 21 09:00:27 UTC 2011 + Serial Number (hex): 68febbbc5016152db7c0fe546026754b + Revoked at: Thu Sep 22 09:58:13 UTC 2011 + Serial Number (hex): 00a9d7e1f07621e89fa1c7499b11038f12 + Revoked at: Fri Sep 23 13:33:51 UTC 2011 + Serial Number (hex): 49e6160a829fd42889f4fa866e3339c7 + Revoked at: Fri Sep 23 15:02:06 UTC 2011 + Serial Number (hex): 017a129c00443521f9e4ef85adec92a4 + Revoked at: Fri Sep 23 15:02:11 UTC 2011 + Serial Number (hex): 11ece18debf397095296a3ec29271d17 + Revoked at: Fri Sep 23 17:59:47 UTC 2011 + Serial Number (hex): 2ee6ab16c9a612aa9a31528e61bbe2a1 + Revoked at: Mon Sep 26 09:15:05 UTC 2011 + Serial Number (hex): 65abe774d01c250b975d6d27d787e404 + Revoked at: Mon Sep 26 10:42:25 UTC 2011 + Serial Number (hex): 3865c319aaa9621f3966d0a40767f87f + Revoked at: Mon Sep 26 14:31:21 UTC 2011 + Serial Number (hex): 13f3de5e3c0cc10b7d2573730c510f23 + Revoked at: Tue Sep 27 11:26:48 UTC 2011 + Serial Number (hex): 6a12f51354bf90d76b7d994373fc4aff + Revoked at: Tue Sep 27 14:14:18 UTC 2011 + Serial Number (hex): 00b8307b2c486690ddde7ebf5cfe21bb39 + Revoked at: Wed Sep 28 11:21:01 UTC 2011 + Serial Number (hex): 00f10ba9d7cd5c6f5b80bcdbd7b88503dc + Revoked at: Wed Sep 28 15:21:19 UTC 2011 + Serial Number (hex): 68b6d25cfa2490be9ed8bdc11e3ce6ca + Revoked at: Thu Sep 29 08:57:12 UTC 2011 + Serial Number (hex): 596a73062db37708187a694d53622681 + Revoked at: Thu Sep 29 15:06:45 UTC 2011 + Serial Number (hex): 00b380290ed460e52b86c97946ae5b895a + Revoked at: Thu Sep 29 19:25:32 UTC 2011 + Serial Number (hex): 7c92c05421a925f897baf2949138c26e + Revoked at: Fri Sep 30 10:58:47 UTC 2011 + Serial Number (hex): 133b48c701b37e38ac81954e0df52ba0 + Revoked at: Fri Sep 30 18:21:14 UTC 2011 + Serial Number (hex): 00cf6d36122d5df78c9a6f862bd05dbef2 + Revoked at: Fri Sep 30 18:24:20 UTC 2011 + Serial Number (hex): 00e417d46e8241de85c4752f4c7e29d1fe + Revoked at: Mon Oct 03 15:41:56 UTC 2011 + Serial Number (hex): 3b9bc45baed1ffca56168a63a65b14b2 + Revoked at: Mon Oct 03 17:15:48 UTC 2011 + Serial Number (hex): 1c8f4cea3978fee9c932f66a5c0f9b77 + Revoked at: Tue Oct 04 18:32:32 UTC 2011 + Serial Number (hex): 4a286254b9021f82c8e0888a3fd73e25 + Revoked at: Tue Oct 04 18:47:15 UTC 2011 + Serial Number (hex): 0a93d521a8675a67b16bfa1238d12e2a + Revoked at: Wed Oct 05 16:59:22 UTC 2011 + Serial Number (hex): 669bef9f09d23ffbb34e39fe38ab2b47 + Revoked at: Wed Oct 05 17:44:06 UTC 2011 + Serial Number (hex): 00bd289f0e14c06d48f6009f69d88bd0ab + Revoked at: Wed Oct 05 17:44:25 UTC 2011 + Serial Number (hex): 6392fd17a415e71e2c09d1530d96b0 + Revoked at: Wed Oct 05 17:44:40 UTC 2011 + Serial Number (hex): 3e4a20a8c1aafb2f66df86e163488bdf + Revoked at: Wed Oct 05 17:44:52 UTC 2011 + Serial Number (hex): 00cf2368961d782b3bf1d1f4be29358f28 + Revoked at: Thu Oct 06 18:51:09 UTC 2011 + Serial Number (hex): 626e98e70f6ea7d213e95eeed065cb0e + Revoked at: Thu Oct 06 19:01:14 UTC 2011 + Serial Number (hex): 767df7585992443e26972ba6799b4e17 + Revoked at: Thu Oct 06 19:05:53 UTC 2011 + Serial Number (hex): 126fd0e07003ca924303d5b2916ebb90 + Revoked at: Fri Oct 07 13:52:36 UTC 2011 + Serial Number (hex): 602267c4ad49b8bd445ead8a1e1897a8 + Revoked at: Fri Oct 07 15:02:48 UTC 2011 + Serial Number (hex): 00ce6ae3b248ae5b0d6c39433aeee4cd19 + Revoked at: Fri Oct 07 15:03:13 UTC 2011 + Serial Number (hex): 00bfa663754981dac17c59fb28952a48d6 + Revoked at: Fri Oct 07 17:14:09 UTC 2011 + Serial Number (hex): 00ae539ff4f92e5eeb2b3c8622609c1d18 + Revoked at: Fri Oct 07 17:32:22 UTC 2011 + Serial Number (hex): 0095064cedaecd446799bf4e3c63c4d2e1 + Revoked at: Fri Oct 07 17:45:12 UTC 2011 + Serial Number (hex): 543ec25cbfc5bf57fcf63090f3613338 + Revoked at: Fri Oct 07 17:52:12 UTC 2011 + Serial Number (hex): 00f5da708928a14f678ed3f15b174d58a4 + Revoked at: Fri Oct 07 18:19:43 UTC 2011 + Serial Number (hex): 3600e5b8987c170f7f24a7af58264958 + Revoked at: Mon Oct 10 14:58:13 UTC 2011 + Serial Number (hex): 62b614c81103d471166f60cfbc54ed + Revoked at: Mon Oct 10 22:35:24 UTC 2011 + Serial Number (hex): 00853995d1d13a72dd569e98ce0fa392dc + Revoked at: Tue Oct 11 13:10:18 UTC 2011 + Serial Number (hex): 759ca533d517ea227faf3689bb60c77d + Revoked at: Tue Oct 11 13:10:26 UTC 2011 + Serial Number (hex): 5b359de57134b45562d68f6bd0fe63e9 + Revoked at: Tue Oct 11 13:10:36 UTC 2011 + Serial Number (hex): 009701ef5b3794a00f99362c24b04828db + Revoked at: Tue Oct 11 13:10:43 UTC 2011 + Serial Number (hex): 459e75554bfbceef7b45edf21b3ac5b6 + Revoked at: Tue Oct 11 13:10:50 UTC 2011 + Serial Number (hex): 0091d24065b0c826f30006f2586b221845 + Revoked at: Tue Oct 11 14:53:25 UTC 2011 + Serial Number (hex): 00e8f0baf2c99fc5f75691a638dab3a5ea + Revoked at: Wed Oct 12 09:26:04 UTC 2011 + Serial Number (hex): 00c1e56f0ff255bd67ae90d4d369b4e182 + Revoked at: Wed Oct 12 09:56:47 UTC 2011 + Serial Number (hex): 00c1ac0923b6b3ef0b047407577a3f1d49 + Revoked at: Thu Oct 13 18:08:02 UTC 2011 + Serial Number (hex): 00bb794e3a06084dc2b2197c1e0e17105a + Revoked at: Thu Oct 13 18:37:06 UTC 2011 + Serial Number (hex): 76a5b13f0096bd2733481713292321c3 + Revoked at: Thu Oct 13 19:16:11 UTC 2011 + Serial Number (hex): 00feb4adce0ae0705399c7fe2ba8097edb + Revoked at: Thu Oct 13 21:14:17 UTC 2011 + Serial Number (hex): 009f63efc6a8fb08e4b15ba7f63ad4a03a + Revoked at: Fri Oct 14 18:36:53 UTC 2011 + Serial Number (hex): 07446409202a7bedf36ef189e584418c + Revoked at: Fri Oct 14 18:37:16 UTC 2011 + Serial Number (hex): 00c82d1cca54c478ac8fe3c41a2fcbe6e8 + Revoked at: Fri Oct 14 18:37:37 UTC 2011 + Serial Number (hex): 39600dcc18a90f2cc953c1d6cd1cc94c + Revoked at: Fri Oct 14 18:48:20 UTC 2011 + Serial Number (hex): 008e3b33b693e831413d6a0ba2ef79775d + Revoked at: Fri Oct 14 18:48:42 UTC 2011 + Serial Number (hex): 3bd939188aa77e3cdc3ba73499da3d10 + Revoked at: Fri Oct 14 18:58:35 UTC 2011 + Serial Number (hex): 00bd0e0a4b34b545a85ec7ec25ee9cbbb4 + Revoked at: Fri Oct 14 18:58:57 UTC 2011 + Serial Number (hex): 77a9e5322b60da0c00ed18a426104b37 + Revoked at: Fri Oct 14 19:59:19 UTC 2011 + Serial Number (hex): 00a5ed48f4092cbfb22e62516f9492bf6f + Revoked at: Mon Oct 17 11:54:01 UTC 2011 + Serial Number (hex): 5f5d587095b5c2a9fefe3f62b688e8d5 + Revoked at: Mon Oct 17 18:08:36 UTC 2011 + Serial Number (hex): 00e764e5f78489c6d9f68efa44d4a4db39 + Revoked at: Mon Oct 17 18:53:23 UTC 2011 + Serial Number (hex): 00a59d99287ab3a344793cce72acb41b1f + Revoked at: Mon Oct 17 22:52:02 UTC 2011 + Serial Number (hex): 303ab1cc2a94e75203600b4881a177cd + Revoked at: Tue Oct 18 10:16:26 UTC 2011 + Serial Number (hex): 64506c4901469167e3d528df9907861e + Revoked at: Tue Oct 18 16:36:24 UTC 2011 + Serial Number (hex): 00ddb0be8b2612f05c677facbc72b5386f + Revoked at: Tue Oct 18 20:09:22 UTC 2011 + Serial Number (hex): 00b890155c4e526cda01382d61b7bacd4c + Revoked at: Wed Oct 19 15:21:12 UTC 2011 + Serial Number (hex): 7da07380e068ffeba5916b9495c8b5ff + Revoked at: Wed Oct 19 15:24:55 UTC 2011 + Serial Number (hex): 0c37a170544ce7cd5f94b70b893205 + Revoked at: Wed Oct 19 19:29:49 UTC 2011 + Serial Number (hex): 0c6cc01fc877ff094aabc7a979dd0b6a + Revoked at: Wed Oct 19 19:29:55 UTC 2011 + Serial Number (hex): 00c4992c382271d8d0a3fb21bac63d02e8 + Revoked at: Wed Oct 19 19:30:01 UTC 2011 + Serial Number (hex): 00c99f35815af0f10633df5ea7da4611f8 + Revoked at: Wed Oct 19 20:04:17 UTC 2011 + Serial Number (hex): 00ab73c6749e0ed11dbe07182b5fe2347a + Revoked at: Thu Oct 20 17:32:35 UTC 2011 + Serial Number (hex): 00983f2bb092ef1fbcd43d7ad332a864aa + Revoked at: Thu Oct 20 17:37:28 UTC 2011 + Serial Number (hex): 7e96dd026154204195a0446e63fbd7a1 + Revoked at: Thu Oct 20 19:29:11 UTC 2011 + Serial Number (hex): 43b744073db1e87d13173d4b8320fde4 + Revoked at: Thu Oct 20 19:35:57 UTC 2011 + Serial Number (hex): 1bb7e85b616ca9c02ad116e866778e94 + Revoked at: Fri Oct 21 14:58:05 UTC 2011 + Serial Number (hex): 0542ca89a5e2aa5e812af8798a4fd4b8 + Revoked at: Fri Oct 21 20:47:50 UTC 2011 + Serial Number (hex): 4db5d3bce817a415b1c0373bcba2e7d2 + Revoked at: Fri Oct 21 21:22:35 UTC 2011 + Serial Number (hex): 009289529be0b6eebed571aa1236b0aec1 + Revoked at: Mon Oct 24 15:02:50 UTC 2011 + Serial Number (hex): 00b3388cad0d7e81937a5e44e07f1a34a4 + Revoked at: Mon Oct 24 19:20:49 UTC 2011 + Serial Number (hex): 00bd37071874dba140bcdf50ecbcb6903c + Revoked at: Tue Oct 25 00:19:47 UTC 2011 + Serial Number (hex): 00e9bbb0ef0c3675943ca7b69553efa417 + Revoked at: Tue Oct 25 18:57:45 UTC 2011 + Serial Number (hex): 1894920bf7957f117f54bded5f0bb410 + Revoked at: Wed Oct 26 14:06:16 UTC 2011 + Serial Number (hex): 00c9d926d30fb2f9f7b7e65d564d9cb138 + Revoked at: Wed Oct 26 19:43:55 UTC 2011 + Serial Number (hex): 793f375938140137f493ad10bf5585f0 + Revoked at: Wed Oct 26 20:23:30 UTC 2011 + Serial Number (hex): 009f76465ae55287e4f9b430dbccc4911e + Revoked at: Wed Oct 26 20:23:50 UTC 2011 + Serial Number (hex): 00d134643ff7dad270a924d436262f8e80 + Revoked at: Thu Oct 27 10:14:31 UTC 2011 + Serial Number (hex): 23d962a1ab9fe1933ebff7987c235687 + Revoked at: Thu Oct 27 10:14:50 UTC 2011 + Serial Number (hex): 75c8a737d40f514f02a2d7b27c1614d2 + Revoked at: Thu Oct 27 10:15:15 UTC 2011 + Serial Number (hex): 0cb69a8aeaa5cf4330356f68a3603434 + Revoked at: Thu Oct 27 10:15:32 UTC 2011 + Serial Number (hex): 008686e838a9bd67fe1a7cffd38579cb34 + Revoked at: Thu Oct 27 10:16:58 UTC 2011 + Serial Number (hex): 00c108763db85d255bbe378159c12dc9df + Revoked at: Thu Oct 27 10:17:14 UTC 2011 + Serial Number (hex): 00ca90c26e7c483fafce04da0d4ef63373 + Revoked at: Thu Oct 27 10:17:30 UTC 2011 + Serial Number (hex): 4b8a464a172e807b682484e1dd2e0cf1 + Revoked at: Thu Oct 27 10:18:05 UTC 2011 + Serial Number (hex): 00ab17b93cb276d97238d9c006d9d84ca6 + Revoked at: Thu Oct 27 10:46:42 UTC 2011 + Serial Number (hex): 00abae510c46497a7a60cd309c468d09d6 + Revoked at: Thu Oct 27 12:47:15 UTC 2011 + Serial Number (hex): 00e5d8a9ace809e8e32a5bfce00328392b + Revoked at: Thu Oct 27 17:33:44 UTC 2011 + Serial Number (hex): 00d3a1d638db1f34b2257ad475b17c6301 + Revoked at: Thu Oct 27 17:33:52 UTC 2011 + Serial Number (hex): 259c9d2d9b3501590d3c83d96a3504fe + Revoked at: Thu Oct 27 17:34:01 UTC 2011 + Serial Number (hex): 0087054df7f95b354dbcf22d9325d12be0 + Revoked at: Thu Oct 27 18:33:36 UTC 2011 + Serial Number (hex): 00c797c622288e6cb8d1f3639d8b7d498a + Revoked at: Thu Oct 27 19:30:49 UTC 2011 + Serial Number (hex): 4caf8db149b390ccef641422bd7bc3df + Revoked at: Thu Oct 27 19:52:31 UTC 2011 + Serial Number (hex): 009dad2434960f48bb95727d50f5e98a07 + Revoked at: Thu Oct 27 20:34:41 UTC 2011 + Serial Number (hex): 18081639fde8728bde5bd434355f06f8 + Revoked at: Thu Oct 27 20:50:12 UTC 2011 + Serial Number (hex): 008a6ddfd9d1c3042337211f56efebe4aa + Revoked at: Fri Oct 28 07:27:25 UTC 2011 + Serial Number (hex): 579d80301a9b00f000cbfcdcc9bebbb3 + Revoked at: Fri Oct 28 12:52:40 UTC 2011 + Serial Number (hex): 0082f5c41d45d523e042e03f9f21c245fe + Revoked at: Fri Oct 28 12:52:49 UTC 2011 + Serial Number (hex): 00d78fdea4d650c3b4e590abb68103c6e8 + Revoked at: Fri Oct 28 12:52:56 UTC 2011 + Serial Number (hex): 27fd44727a5d774d3139e68419bf229d + Revoked at: Fri Oct 28 12:53:03 UTC 2011 + Serial Number (hex): 3e992d1d617658c8e28da1538ea55d9c + Revoked at: Fri Oct 28 12:53:10 UTC 2011 + Serial Number (hex): 3235743e84300b0db3909e89c3e5bb53 + Revoked at: Fri Oct 28 17:23:36 UTC 2011 + Serial Number (hex): 00d0fb983c79aafa9c3f8bdec8007a48e2 + Revoked at: Fri Oct 28 19:48:23 UTC 2011 + Serial Number (hex): 00ba65d67d282bc778358865fa372583fd + Revoked at: Fri Oct 28 20:59:21 UTC 2011 + Serial Number (hex): 74684cc886b445272cb6f38baaf96530 + Revoked at: Fri Oct 28 22:20:35 UTC 2011 + Serial Number (hex): 7f71103deac58ed9e738dfbfb72297cb + Revoked at: Mon Oct 31 11:58:22 UTC 2011 + Serial Number (hex): 00c14448976727773745717895bfc9eb52 + Revoked at: Mon Oct 31 13:16:45 UTC 2011 + Serial Number (hex): 008a7fa3aab237b2799c7e12ee419ad935 + Revoked at: Mon Oct 31 15:03:29 UTC 2011 + Serial Number (hex): 1538f86dce49fbed07849b63295db4ba + Revoked at: Mon Oct 31 15:06:11 UTC 2011 + Serial Number (hex): 57785d1f8fa56fb0bbf9c85d9d02be7f + Revoked at: Mon Oct 31 15:06:27 UTC 2011 + Serial Number (hex): 38aa81a5c4f37673f25d34abdf505d0e + Revoked at: Mon Oct 31 15:06:43 UTC 2011 + Serial Number (hex): 00ac4d02c9295b9ddfec3e83c3e004545b + Revoked at: Tue Nov 01 18:09:11 UTC 2011 + Serial Number (hex): 00d7b33fc607e0fcf0e363d3c708d58a46 + Revoked at: Tue Nov 01 18:09:33 UTC 2011 + Serial Number (hex): 21a8bb40dcefe75bc9482f3502388967 + Revoked at: Tue Nov 01 18:26:08 UTC 2011 + Serial Number (hex): 009f94021d92838b22c0be04a3f506cbc0 + Revoked at: Wed Nov 02 17:16:16 UTC 2011 + Serial Number (hex): 00afda8e423980491d91c25f8f56c7f5a9 + Revoked at: Wed Nov 02 20:01:15 UTC 2011 + Serial Number (hex): 00b7ee4f92e9945fcaba6485f4d4c82e62 + Revoked at: Thu Nov 03 16:49:49 UTC 2011 + Serial Number (hex): 5d331f176606fd9ad7f1e7a27d94f906 + Revoked at: Thu Nov 03 19:33:31 UTC 2011 + Serial Number (hex): 00dd29e600fa524f4cb0010a6e012c264c + Revoked at: Thu Nov 03 21:52:18 UTC 2011 + Serial Number (hex): 0091f9455459335be32ce58c05acaa573d + Revoked at: Fri Nov 04 09:09:09 UTC 2011 + Serial Number (hex): 2cc9c197abe93d2948a2d2ad950e4662 + Revoked at: Fri Nov 04 14:26:34 UTC 2011 + Serial Number (hex): 6994d74ea7fa06964778b078da752d73 + Revoked at: Fri Nov 04 20:06:25 UTC 2011 + Serial Number (hex): 00f6e20db0c347d6a41e27ca08528bbbfb + Revoked at: Fri Nov 04 20:07:06 UTC 2011 + Serial Number (hex): 6d1a3dd7d72834e69110c1d0d410962f + Revoked at: Fri Nov 04 20:57:32 UTC 2011 + Serial Number (hex): 0085b4ff5431a2e8dd2f7a5f75bcab55aa + Revoked at: Fri Nov 04 21:11:28 UTC 2011 + Serial Number (hex): 00c45b4c6ef688b7b37b98fddc981384bf + Revoked at: Fri Nov 04 21:52:50 UTC 2011 + Serial Number (hex): 799dc56405c23a959803173fad57dcb9 + Revoked at: Sat Nov 05 00:08:08 UTC 2011 + Serial Number (hex): 00891b2d4775b4eb15153b8158a67b4787 + Revoked at: Mon Nov 07 09:55:32 UTC 2011 + Serial Number (hex): 7c9f67e7c81b47b82fc2129f03cec7ed + Revoked at: Tue Nov 08 18:06:01 UTC 2011 + Serial Number (hex): 0478e22b7f46a6ef9c61cca0f82e2ef4 + Revoked at: Tue Nov 08 19:44:06 UTC 2011 + Serial Number (hex): 0099f5ec19a10efc1ba1d66bdb906de101 + Revoked at: Tue Nov 08 22:42:10 UTC 2011 + Serial Number (hex): 00ccd030a546bc1abea21b9427efae9a05 + Revoked at: Wed Nov 09 06:13:31 UTC 2011 + Serial Number (hex): 458782df674ed426573cbd1cf428975c + Revoked at: Wed Nov 09 14:48:47 UTC 2011 + Serial Number (hex): 2f36096c6c7491886eecadb63ddab7ad + Revoked at: Wed Nov 09 17:17:47 UTC 2011 + Serial Number (hex): 58e438672d16641de601f23eac4360ec + Revoked at: Wed Nov 09 17:21:14 UTC 2011 + Serial Number (hex): 2a2bc7ee904d3e7e93bb94e7bed38c53 + Revoked at: Wed Nov 09 19:54:32 UTC 2011 + Serial Number (hex): 00c8181aa55f5206a63a57729d7c867530 + Revoked at: Wed Nov 09 20:14:23 UTC 2011 + Serial Number (hex): 128f766d7fc60604f9934d6df785b84a + Revoked at: Wed Nov 09 20:15:50 UTC 2011 + Serial Number (hex): 0e3df355b6999a01bcd8e2a147a1a81d + Revoked at: Wed Nov 09 20:19:41 UTC 2011 + Serial Number (hex): 570dddef1426ef41831629e498129e45 + Revoked at: Wed Nov 09 20:25:24 UTC 2011 + Serial Number (hex): 00c24b1c090cf723efdc426188a0f1a914 + Revoked at: Wed Nov 09 20:54:29 UTC 2011 + Serial Number (hex): 36bb86c8f992677d8ba57cd205eec156 + Revoked at: Wed Nov 09 21:00:55 UTC 2011 + Serial Number (hex): 00d4046b10865523bb79e3c34c8560333d + Revoked at: Wed Nov 09 21:56:30 UTC 2011 + Serial Number (hex): 008ad20da52a27c1aa23457272afaba7a9 + Revoked at: Wed Nov 09 21:57:15 UTC 2011 + Serial Number (hex): 0088e04b1f06fd328b5de749b466a38ae8 + Revoked at: Thu Nov 10 15:30:37 UTC 2011 + Serial Number (hex): 008a4ef01154c43b2d3461ad7548e336e9 + Revoked at: Thu Nov 10 16:48:44 UTC 2011 + Serial Number (hex): 00ec9d7af722f5b1d6d2337b7714808116 + Revoked at: Thu Nov 10 19:43:30 UTC 2011 + Serial Number (hex): 00fdd221463e66ed3d2ee11f48a73b522b + Revoked at: Thu Nov 10 19:45:42 UTC 2011 + Serial Number (hex): 00dd4ae95307d44520688b3971f9f31aad + Revoked at: Thu Nov 10 19:53:43 UTC 2011 + Serial Number (hex): 0625712b00eb0800a1dfa823b1eac87a + Revoked at: Thu Nov 10 20:31:54 UTC 2011 + Serial Number (hex): 00cc65f39102a4137332dc0577fc18e85b + Revoked at: Thu Nov 10 21:05:01 UTC 2011 + Serial Number (hex): 00acd9baed1835463977f0cd011ae924a1 + Revoked at: Mon Nov 14 13:53:48 UTC 2011 + Serial Number (hex): 7d2034231f997f59e3ec1a572a4a7c64 + Revoked at: Mon Nov 14 14:22:42 UTC 2011 + Serial Number (hex): 5940620a9ef1b5934e002e6365495a95 + Revoked at: Mon Nov 14 16:28:01 UTC 2011 + Serial Number (hex): 00d71ec26ffd7501fbc03054711772bf1f + Revoked at: Mon Nov 14 19:09:18 UTC 2011 + Serial Number (hex): 00b6a1974ecc530340b27011026a1e5327 + Revoked at: Mon Nov 14 21:14:16 UTC 2011 + Serial Number (hex): 1f9006a2750d1ed12b3e6b8c06205592 + Revoked at: Tue Nov 15 17:12:17 UTC 2011 + Serial Number (hex): 496324a86a5cbaec8458f8d96beefee3 + Revoked at: Wed Nov 16 15:26:23 UTC 2011 + Serial Number (hex): 00a808c8f790c4000ef3553bc54197c30d + Revoked at: Wed Nov 16 21:53:31 UTC 2011 + Serial Number (hex): 00b0052a10718e8803cb61a40df29bde55 + Revoked at: Thu Nov 17 01:30:50 UTC 2011 + Serial Number (hex): 44f7ef2a0dd063cd975ecbb155b8b228 + Revoked at: Thu Nov 17 05:58:45 UTC 2011 + Serial Number (hex): 00d714aaa45d4d9a129d8b681159afb954 + Revoked at: Thu Nov 17 16:31:13 UTC 2011 + Serial Number (hex): 00d081b83ad0beaa776c8f7056a5efb9d5 + Revoked at: Fri Nov 18 02:48:16 UTC 2011 + Serial Number (hex): 00fd80695a92cdc1e5636566992950868e + Revoked at: Fri Nov 18 17:06:48 UTC 2011 + Serial Number (hex): 00a071bf5bceda16dac398bbb3bce12fff + Revoked at: Fri Nov 18 17:06:54 UTC 2011 + Serial Number (hex): 0093e57ac780c35c90c09f675920661954 + Revoked at: Fri Nov 18 21:58:43 UTC 2011 + Serial Number (hex): 009b4c16d6e11bac9d7d6fc60eec10bf97 + Revoked at: Fri Nov 18 21:58:55 UTC 2011 + Serial Number (hex): 0d17bd0a07d356d4167b46f74b8a61bd + Revoked at: Fri Nov 18 22:02:02 UTC 2011 + Serial Number (hex): 008e7c55815ce9a7028e431a136cf2249d + Revoked at: Mon Nov 21 14:33:37 UTC 2011 + Serial Number (hex): 00e388fadb115c1f3eeb6026ae9b437ef6 + Revoked at: Mon Nov 21 18:31:45 UTC 2011 + Serial Number (hex): 6f5e85e85a3fc1eaf76e7e257a71e882 + Revoked at: Mon Nov 21 18:31:49 UTC 2011 + Serial Number (hex): 00e178a44e1321afe9d746b8e17ed95a3b + Revoked at: Tue Nov 22 07:52:56 UTC 2011 + Serial Number (hex): 6e29be4709c119691c438fbcd3d8ce9d + Revoked at: Tue Nov 22 15:54:36 UTC 2011 + Serial Number (hex): 27e7fdea1dea6abe5986f3a76bec435f + Revoked at: Tue Nov 22 17:26:30 UTC 2011 + Serial Number (hex): 1c5df7d4f2c427d0d786d9f6ced2bc7f + Revoked at: Tue Nov 22 17:26:37 UTC 2011 + Serial Number (hex): 00a6e9b18a1bbfdab50b83418dc8ecccdf + Revoked at: Tue Nov 22 17:26:42 UTC 2011 + Serial Number (hex): 00b5d1d7f6b1b9d08ea33583b0522ea81b + Revoked at: Tue Nov 22 17:26:47 UTC 2011 + Serial Number (hex): 25a072c080638d7144af4186ce7bb101 + Revoked at: Tue Nov 22 17:26:54 UTC 2011 + Serial Number (hex): 7305601d21acd14a6088e2c10243b926 + Revoked at: Tue Nov 22 17:27:00 UTC 2011 + Serial Number (hex): 00844f8a317e1fbd737bce4a248de98f1d + Revoked at: Wed Nov 23 01:51:22 UTC 2011 + Serial Number (hex): 00d3faff47c88ef8a363686909cfe0b628 + Revoked at: Wed Nov 23 02:07:55 UTC 2011 + Serial Number (hex): 3aa195e3ce70d9640bec17446d656305 + Revoked at: Wed Nov 23 02:13:14 UTC 2011 + Serial Number (hex): 00e2d2e5cc1a703c9591b53b9b50f57f3a + Revoked at: Wed Nov 23 02:14:29 UTC 2011 + Serial Number (hex): 00e01b993bd07070415b91578be9e3e2ba + Revoked at: Wed Nov 23 02:15:53 UTC 2011 + Serial Number (hex): 00f72a792183bf7dd5c04be7f886783bde + Revoked at: Wed Nov 23 03:15:28 UTC 2011 + Serial Number (hex): 00fc6f69fa85e0add04bc296c68fbec932 + Revoked at: Wed Nov 23 03:24:38 UTC 2011 + Serial Number (hex): 009d41f0f4cbc59c0618116713276d5c8e + Revoked at: Wed Nov 23 03:41:52 UTC 2011 + Serial Number (hex): 0089796f1d848769bbd23a1fe96dde3f96 + Revoked at: Wed Nov 23 15:04:48 UTC 2011 + Serial Number (hex): 00faf8700310823fd22792462f5aa7965f + Revoked at: Thu Nov 24 16:11:55 UTC 2011 + Serial Number (hex): 02351c1f823e902d38f400c9c5d5da1d + Revoked at: Thu Nov 24 16:12:52 UTC 2011 + Serial Number (hex): 150ac7230d213a52deca8fcc004f5752 + Revoked at: Thu Nov 24 16:13:55 UTC 2011 + Serial Number (hex): 791f38b815728d25b4fc3bfdf3aef463 + Revoked at: Thu Nov 24 16:14:44 UTC 2011 + Serial Number (hex): 00ffe24d8e9c1f26d5d8e6628bcf191a65 + Revoked at: Thu Nov 24 16:15:58 UTC 2011 + Serial Number (hex): 758316ed2556de8f3155939227ec1a85 + Revoked at: Thu Nov 24 16:50:24 UTC 2011 + Serial Number (hex): 00f8e90047020c424a224f61e020da2a8b + Revoked at: Sun Nov 27 22:18:27 UTC 2011 + Serial Number (hex): 7b08a7e6a6fe405f645787b9c7edece3 + Revoked at: Mon Nov 28 09:12:12 UTC 2011 + Serial Number (hex): 00a6780b1fcc4abbae1d5a174aac7d0bf7 + Revoked at: Mon Nov 28 12:44:50 UTC 2011 + Serial Number (hex): 4ae8444639088f96303896f05c5a1574 + Revoked at: Mon Nov 28 12:45:06 UTC 2011 + Serial Number (hex): 3ba196fe922bf952dc2c98176b326424 + Revoked at: Mon Nov 28 13:58:16 UTC 2011 + Serial Number (hex): 00df503b1c92dd8a6aee05b2b347a73a45 + Revoked at: Mon Nov 28 15:07:54 UTC 2011 + Serial Number (hex): 008b5c1199a5397e9930041365dcd62b9c + Revoked at: Mon Nov 28 15:53:13 UTC 2011 + Serial Number (hex): 00a6c15d1c599f0169dac369a160987df7 + Revoked at: Mon Nov 28 21:19:53 UTC 2011 + Serial Number (hex): 00d01d9db609503ba287377090797f6111 + Revoked at: Mon Nov 28 22:18:18 UTC 2011 + Serial Number (hex): 54efbd631dfef29c589b0088e6c18150 + Revoked at: Tue Nov 29 01:32:23 UTC 2011 + Serial Number (hex): 7888612e1b9f35a0a44de308d5611ddd + Revoked at: Tue Nov 29 17:47:15 UTC 2011 + Serial Number (hex): 6a216ddf45fb09a57b8747fc8ec39f94 + Revoked at: Wed Nov 30 00:18:31 UTC 2011 + Serial Number (hex): 1679945cda8bee46c55a9c105f2b794e + Revoked at: Wed Nov 30 03:18:50 UTC 2011 + Serial Number (hex): 14360483f136d5e2802a710b88ba071b + Revoked at: Wed Nov 30 11:34:40 UTC 2011 + Serial Number (hex): 0094f25176cd11b1aa30eb89019e9faa15 + Revoked at: Thu Dec 01 11:52:38 UTC 2011 + Serial Number (hex): 00d5b64bcf96f063b2f0f772b3899a6da3 + Revoked at: Thu Dec 01 14:04:18 UTC 2011 + Serial Number (hex): 00cdc6c6e623ca4ac16a6710f678e1f269 + Revoked at: Thu Dec 01 15:15:44 UTC 2011 + Serial Number (hex): 00c0931bea25f3f4186c5f055a1f1980d7 + Revoked at: Thu Dec 01 15:15:56 UTC 2011 + Serial Number (hex): 009b907def6d3c9931f5844699807da781 + Revoked at: Thu Dec 01 15:16:04 UTC 2011 + Serial Number (hex): 45ac7dab58acada8ddb340688a68f31e + Revoked at: Thu Dec 01 20:01:50 UTC 2011 + Serial Number (hex): 00d95dafeeee8a2ac70edd6b18d7e805b7 + Revoked at: Thu Dec 01 21:49:35 UTC 2011 + Serial Number (hex): 77418761c231a70cb32eaa58ff2e0b14 + Revoked at: Fri Dec 02 19:57:20 UTC 2011 + Serial Number (hex): 00ebd92bd74b5d60dd978d7b3e7d889250 + Revoked at: Mon Dec 05 15:17:33 UTC 2011 + Serial Number (hex): 3c6820ece32da98d2f93f1633010bc69 + Revoked at: Mon Dec 05 17:23:34 UTC 2011 + Serial Number (hex): 00d6f24dfcbcd12ee1119e070839e1b39b + Revoked at: Mon Dec 05 20:24:43 UTC 2011 + Serial Number (hex): 00949c8d1e3b3c405cd1ee26700889256a + Revoked at: Tue Dec 06 15:52:52 UTC 2011 + Serial Number (hex): 487ce15629b45db20b899caab1c65577 + Revoked at: Tue Dec 06 20:26:54 UTC 2011 + Serial Number (hex): 00c197bdd59890ece5de475dd0d35ab8cb + Revoked at: Tue Dec 06 23:44:18 UTC 2011 + Serial Number (hex): 00eb8fb848e2d42fef48ce8e6c91e43ca7 + Revoked at: Wed Dec 07 15:13:18 UTC 2011 + Serial Number (hex): 4850997a33b47b49311d940e69469435 + Revoked at: Wed Dec 07 15:13:26 UTC 2011 + Serial Number (hex): 0092ccecc0118880ea568dc2cf5a4f9928 + Revoked at: Wed Dec 07 15:13:34 UTC 2011 + Serial Number (hex): 00b73c1c04dc26486835c24d60f9a99a02 + Revoked at: Wed Dec 07 15:33:28 UTC 2011 + Serial Number (hex): 00f93e08f8fd7a62d8917ec099eea5fd00 + Revoked at: Wed Dec 07 18:32:14 UTC 2011 + Serial Number (hex): 57e79ce5c5bd4c9f8753793c51750af1 + Revoked at: Wed Dec 07 18:51:20 UTC 2011 + Serial Number (hex): 366810750ba452b78adcd0f9b042caab + Revoked at: Wed Dec 07 19:34:13 UTC 2011 + Serial Number (hex): 00b00af0891856646b19b86682c2ac2273 + Revoked at: Wed Dec 07 19:51:34 UTC 2011 + Serial Number (hex): 00c0eddf321314112453f9f5446e84c425 + Revoked at: Wed Dec 07 20:09:45 UTC 2011 + Serial Number (hex): 00ee3f307efe3d692471febbec97950deb + Revoked at: Thu Dec 08 16:32:53 UTC 2011 + Serial Number (hex): 3bebd15b88489783c3a0dc1a1238da41 + Revoked at: Thu Dec 08 16:34:05 UTC 2011 + Serial Number (hex): 1833c38e75d576df0be6f2324823a5ab + Revoked at: Thu Dec 08 20:41:26 UTC 2011 + Serial Number (hex): 3f1fa544d6fa78ecadc562575f585e84 + Revoked at: Thu Dec 08 20:50:35 UTC 2011 + Serial Number (hex): 5b88d6601edeceb7c0bfdb163ebaf800 + Revoked at: Fri Dec 09 13:01:41 UTC 2011 + Serial Number (hex): 2cfbfb360ee2c60ccb8dfe12edcc47cb + Revoked at: Sat Dec 10 15:30:23 UTC 2011 + Serial Number (hex): 00c79f699b14bf97d8b4f9cb4fea7dffff + Revoked at: Sun Dec 11 20:13:19 UTC 2011 + Serial Number (hex): 00b30d7ee202581b175ab32004c3ff13a1 + Revoked at: Sun Dec 11 20:14:43 UTC 2011 + Serial Number (hex): 008abd928d4f51c43956b6e1a3fcef6205 + Revoked at: Sun Dec 11 20:33:16 UTC 2011 + Serial Number (hex): 7800f288a2c87737dd76f98e5fc3c0c2 + Revoked at: Sun Dec 11 20:47:42 UTC 2011 + Serial Number (hex): 00dde2afab4d91a444a753ddf1dc7de5f1 + Revoked at: Sun Dec 11 20:58:13 UTC 2011 + Serial Number (hex): 00c654725286df61cd7e8dafa4963d400e + Revoked at: Sun Dec 11 21:18:31 UTC 2011 + Serial Number (hex): 008afa0bfae99d9d3e03add621f3c0fe31 + Revoked at: Sun Dec 11 21:34:08 UTC 2011 + Serial Number (hex): 2dca2ec7ad7d1056f906a70e888d6e03 + Revoked at: Mon Dec 12 09:20:46 UTC 2011 + Serial Number (hex): 6507b2ae0a14d275e79b0124120da853 + Revoked at: Mon Dec 12 17:45:23 UTC 2011 + Serial Number (hex): 4b80dc30ea392ed88e73e24609641279 + Revoked at: Tue Dec 13 12:10:57 UTC 2011 + Serial Number (hex): 5f00adca1cf7704075db711c38cfc61e + Revoked at: Tue Dec 13 13:00:33 UTC 2011 + Serial Number (hex): 0097fd8a37dd577d3f8c96a87f423aedfe + Revoked at: Tue Dec 13 13:25:41 UTC 2011 + Serial Number (hex): 00f52cea34e2076c3a2c1269556920d9b2 + Revoked at: Tue Dec 13 19:14:42 UTC 2011 + Serial Number (hex): 00c238fcb73decb3dcda869c98c996560d + Revoked at: Tue Dec 13 21:52:47 UTC 2011 + Serial Number (hex): 72d21fb89a513066bb5b2718bc744844 + Revoked at: Tue Dec 13 22:34:13 UTC 2011 + Serial Number (hex): 6efab505f75cc61e05fffdb560e3cc75 + Revoked at: Wed Dec 14 03:08:04 UTC 2011 + Serial Number (hex): 00fa2980fd13e575f5dc615ec6cb3ee054 + Revoked at: Wed Dec 14 12:02:14 UTC 2011 + Serial Number (hex): 10e82b6a848ccd5be8c73b86dab6506f + Revoked at: Wed Dec 14 17:33:57 UTC 2011 + Serial Number (hex): 58680baa42ee024c7718c471ba1c8170 + Revoked at: Wed Dec 14 18:15:48 UTC 2011 + Serial Number (hex): 09dd7a0be5b87e4e0a6722461c2aabc0 + Revoked at: Wed Dec 14 18:31:51 UTC 2011 + Serial Number (hex): 2d86c59733f6bde8b2321d95d6d7e7ac + Revoked at: Wed Dec 14 18:32:45 UTC 2011 + Serial Number (hex): 176fa983fc099216a04d3280666676a1 + Revoked at: Wed Dec 14 18:33:11 UTC 2011 + Serial Number (hex): 65d39ce2508f57020117f522623d3e88 + Revoked at: Wed Dec 14 18:33:25 UTC 2011 + Serial Number (hex): 00fbd0c8e4fdf62c875186205377a1efda + Revoked at: Wed Dec 14 18:33:32 UTC 2011 + Serial Number (hex): 2ac67becb1e18c86cf89bb1003b00d71 + Revoked at: Wed Dec 14 21:19:28 UTC 2011 + Serial Number (hex): 00d95af96ec65e60e18c7c59efb082d842 + Revoked at: Thu Dec 15 15:17:56 UTC 2011 + Serial Number (hex): 00be4ebf3c0ef7d9fc61a1d1b0bc191af3 + Revoked at: Thu Dec 15 15:18:13 UTC 2011 + Serial Number (hex): 00d4b3957291cb3ce5614e30f68344e043 + Revoked at: Thu Dec 15 18:04:24 UTC 2011 + Serial Number (hex): 00e450b2a09da42b784d809f030a8cd9bc + Revoked at: Thu Dec 15 20:29:02 UTC 2011 + Serial Number (hex): 00ab300fd62288cc139538c9f7fc520db1 + Revoked at: Fri Dec 16 14:32:29 UTC 2011 + Serial Number (hex): 7ec0af33e9e683b9dc11e0d6776d1276 + Revoked at: Fri Dec 16 15:36:30 UTC 2011 + Serial Number (hex): 64fa5969276250ea5a9574cce53ba7de + Revoked at: Fri Dec 16 15:36:45 UTC 2011 + Serial Number (hex): 3de0649ffa38074c9da83b02f80c60ea + Revoked at: Fri Dec 16 15:36:59 UTC 2011 + Serial Number (hex): 00fd6fe0eb915c17660fb74bd560b40227 + Revoked at: Fri Dec 16 15:37:19 UTC 2011 + Serial Number (hex): 2aa861622836f4c0198e11531fc4cb2f + Revoked at: Fri Dec 16 15:54:35 UTC 2011 + Serial Number (hex): 396d1b45987f94a07bbfaf190bce562c + Revoked at: Fri Dec 16 17:08:38 UTC 2011 + Serial Number (hex): 224b270f4c3f73710196079ca39dc73c + Revoked at: Fri Dec 16 19:14:18 UTC 2011 + Serial Number (hex): 4470b613806ab77d358324e986edf216 + Revoked at: Fri Dec 16 19:52:52 UTC 2011 + Serial Number (hex): 00c1f9cac2c3c2d1c36a0c34e3e6c3ae6b + Revoked at: Mon Dec 19 12:49:02 UTC 2011 + Serial Number (hex): 1df638bd9075c5c8c4bd6bfc924ca6c8 + Revoked at: Mon Dec 19 17:48:55 UTC 2011 + Serial Number (hex): 32c770db96dc8a6019a8414b3f03aa + Revoked at: Mon Dec 19 20:27:51 UTC 2011 + Serial Number (hex): 3780a3a6de27c4074cf580555edc1fa4 + Revoked at: Tue Dec 20 18:08:47 UTC 2011 + Serial Number (hex): 00f6829575c966da66ed6441dabbef708e + Revoked at: Tue Dec 20 21:04:46 UTC 2011 + Serial Number (hex): 00e1c4b5eb45d5ea3715dea38817284714 + Revoked at: Tue Dec 20 21:04:58 UTC 2011 + Serial Number (hex): 1b90640d8b2a633f8c362827f6031ec7 + Revoked at: Tue Dec 20 21:51:14 UTC 2011 + Serial Number (hex): 7d31d07f2385d2ef5db30932f1f87e52 + Revoked at: Tue Dec 20 23:48:34 UTC 2011 + Serial Number (hex): 66360ed9379266e7a91b50614b290df8 + Revoked at: Wed Dec 21 04:54:29 UTC 2011 + Serial Number (hex): 00fcdc0e496c647d600404bdb6802b24e7 + Revoked at: Wed Dec 21 06:31:59 UTC 2011 + Serial Number (hex): 00a385aa261cc09fd41fba9fb332c31197 + Revoked at: Wed Dec 21 09:13:27 UTC 2011 + Serial Number (hex): 00ad0704e224a80df6e863625a77eb0831 + Revoked at: Wed Dec 21 12:23:05 UTC 2011 + Serial Number (hex): 4558f8e7e55054e5d9723d52c472d97b + Revoked at: Wed Dec 21 19:34:49 UTC 2011 + Serial Number (hex): 00b3960edb319efa93856d735538aa1c9f + Revoked at: Wed Dec 21 19:50:17 UTC 2011 + Serial Number (hex): 76a1e995bd40b732d602280220f2de47 + Revoked at: Wed Dec 21 19:50:37 UTC 2011 + Serial Number (hex): 633c81c2b12cbb09555ff24bd12dc572 + Revoked at: Wed Dec 21 19:50:55 UTC 2011 + Serial Number (hex): 14dcf2ce076b3ada25a1cf408c6f11e2 + Revoked at: Wed Dec 21 21:27:33 UTC 2011 + Serial Number (hex): 5ffd3d2a3a5e4970d252c9a833af7e96 + Revoked at: Thu Dec 22 15:58:06 UTC 2011 + Serial Number (hex): 009cbc4084ef0c23c364a6f4a04d034aa6 + Revoked at: Thu Dec 22 16:34:23 UTC 2011 + Serial Number (hex): 00fa0713b77caefd2a926bcc65de9e16e4 + Revoked at: Thu Dec 22 17:50:14 UTC 2011 + Serial Number (hex): 07f60c205d3f0dbc0c235faa7e66a030 + Revoked at: Thu Dec 22 19:47:28 UTC 2011 + Serial Number (hex): 1a7941cb4bdfa00e6cd18eb767bde491 + Revoked at: Thu Dec 22 21:28:29 UTC 2011 + Serial Number (hex): 00bef9152e472d4f24a6523f408049aa49 + Revoked at: Thu Dec 22 21:35:55 UTC 2011 + Serial Number (hex): 0090f14c59dae4b227dc75db0704284201 + Revoked at: Thu Dec 22 22:15:23 UTC 2011 + Serial Number (hex): 00dfda5e150193158220cc39f3e146501c + Revoked at: Fri Dec 23 13:43:12 UTC 2011 + Serial Number (hex): 21ed4a9aa29dc1ef1529a3f7edf3e7f2 + Revoked at: Fri Dec 23 17:20:27 UTC 2011 + Serial Number (hex): 45bdc5392d45fd65336a6dc5a96a5d75 + Revoked at: Sat Dec 24 23:35:04 UTC 2011 + Serial Number (hex): 00f9bc8bbaaf20d05c2801ac5780b6c52c + Revoked at: Sun Dec 25 16:33:40 UTC 2011 + Serial Number (hex): 00ab49965503407dbf7a0bbb8afd0deb8c + Revoked at: Tue Dec 27 14:49:48 UTC 2011 + Serial Number (hex): 008e1b2106fb5f5469e9f2c9ad563822e5 + Revoked at: Tue Dec 27 15:19:08 UTC 2011 + Serial Number (hex): 00ed7988ef67feabfe0746a7c7589e9338 + Revoked at: Tue Dec 27 15:41:41 UTC 2011 + Serial Number (hex): 00b90ab505dcefca932009a5fb12232e98 + Revoked at: Wed Dec 28 11:38:37 UTC 2011 + Serial Number (hex): 00b3fde52e390b6f7eb8c6005ae44e540f + Revoked at: Wed Dec 28 19:04:53 UTC 2011 + Serial Number (hex): 008bb0fad2128b051906508388797aae09 + Revoked at: Tue Jan 03 02:01:45 UTC 2012 + Serial Number (hex): 7e8736e409dd904dab532c2563427db5 + Revoked at: Tue Jan 03 13:26:44 UTC 2012 + Serial Number (hex): 2bf72eb14e558505a6ed4e7aa8e4eef6 + Revoked at: Wed Jan 04 00:23:13 UTC 2012 + Serial Number (hex): 21cedf19f5ab929a14d0967aa976c2e2 + Revoked at: Wed Jan 04 00:23:49 UTC 2012 + Serial Number (hex): 00a4eb74bb5c33ae53a4ecf62b85adad55 + Revoked at: Wed Jan 04 10:16:41 UTC 2012 + Serial Number (hex): 4af41d9a2f013c5befe9a5fee6ac61a8 + Revoked at: Wed Jan 04 13:08:28 UTC 2012 + Serial Number (hex): 112724209d025701b4efd19a7db29bb0 + Revoked at: Wed Jan 04 18:21:02 UTC 2012 + Serial Number (hex): 0759c7c0bd9443b9b7bfdefc106c54fa + Revoked at: Wed Jan 04 18:21:14 UTC 2012 + Serial Number (hex): 4b8ffd18cdb57ac17543cfa554c0b9c4 + Revoked at: Wed Jan 04 18:25:35 UTC 2012 + Serial Number (hex): 62fc8a18db7c854ecde9eed8e30b8a47 + Revoked at: Wed Jan 04 18:25:41 UTC 2012 + Serial Number (hex): 7d38bc8250b9bc887a12aa95ae12fa53 + Revoked at: Wed Jan 04 19:50:51 UTC 2012 + Serial Number (hex): 00b0d592e8ee4ebb3ff2e7c87c3f809da4 + Revoked at: Thu Jan 05 04:02:44 UTC 2012 + Serial Number (hex): 00970d2998b1ffce395a8f97d14f55d085 + Revoked at: Mon Jan 09 11:13:07 UTC 2012 + Serial Number (hex): 00e2b3153507f3aced58b8b7d365ffeb70 + Revoked at: Mon Jan 09 14:55:40 UTC 2012 + Serial Number (hex): 00f74abfc8e856fe13498ae12f96e98704 + Revoked at: Mon Jan 09 15:37:14 UTC 2012 + Serial Number (hex): 00828e607974c6b8a6933e9d9f9d65a7b7 + Revoked at: Tue Jan 10 04:57:18 UTC 2012 + Serial Number (hex): 00daf855117562f8dcfa02a3c176d7a49a + Revoked at: Tue Jan 10 23:24:00 UTC 2012 + Serial Number (hex): 455d120d1405d77ed2fcdbf1c83c87fb + Revoked at: Wed Jan 11 01:57:55 UTC 2012 + Serial Number (hex): 4d005d69d6bebc996aca8365ed90b888 + Revoked at: Wed Jan 11 15:45:34 UTC 2012 + Serial Number (hex): 00c8b65dee8a70587bcfd64def0bbfcf71 + Revoked at: Wed Jan 11 20:31:29 UTC 2012 + Serial Number (hex): 00a7134dba8ae44a9591158669540c975b + Revoked at: Wed Jan 11 21:00:48 UTC 2012 + Serial Number (hex): 7781c1121ef6b31140e9bf1a23657087 + Revoked at: Thu Jan 12 09:17:37 UTC 2012 + Serial Number (hex): 008cad1cff7968eff1d68e95a919a6ee9c + Revoked at: Thu Jan 12 13:51:09 UTC 2012 + Serial Number (hex): 00d1d08e1b3d294651672791df8ba9e85b + Revoked at: Thu Jan 12 19:17:09 UTC 2012 + Serial Number (hex): 42bf67e05840552c6c4ba8e3c87547d4 + Revoked at: Thu Jan 12 19:52:42 UTC 2012 + Serial Number (hex): 00d88040ad64541bd083c057576b64545a + Revoked at: Thu Jan 12 20:31:39 UTC 2012 + Serial Number (hex): 009f6a6fa5b1a291707a601e29fc0f5833 + Revoked at: Fri Jan 13 21:31:57 UTC 2012 + Serial Number (hex): 00a59abc0ef91c751ec1526053f3b1451a + Revoked at: Sun Jan 15 23:15:35 UTC 2012 + Serial Number (hex): 00abc601d2d117e66298dd835c1fde62eb + Revoked at: Mon Jan 16 16:22:42 UTC 2012 + Serial Number (hex): 7918a126aa39f11370020647873c7d7c + Revoked at: Mon Jan 16 16:22:51 UTC 2012 + Serial Number (hex): 789e61f35e6e3f576d192702c7e90b9c + Revoked at: Tue Jan 17 10:02:14 UTC 2012 + Serial Number (hex): 79af5ee86c8c8c8c73d303984342f812 + Revoked at: Tue Jan 17 10:02:25 UTC 2012 + Serial Number (hex): 48d345514345e3cdb8902601052ccf70 + Revoked at: Tue Jan 17 16:54:04 UTC 2012 + Serial Number (hex): 663d16ca2d4e9a739bafe1c5d8363668 + Revoked at: Tue Jan 17 20:00:50 UTC 2012 + Serial Number (hex): 2d7c4f41ece3500b16d7ff935846b7b7 + Revoked at: Wed Jan 18 07:11:04 UTC 2012 + Serial Number (hex): 009f9bd36f2c2e9c684b8a9ab18b116de3 + Revoked at: Wed Jan 18 20:51:56 UTC 2012 + Serial Number (hex): 00a88e18f79ed56390761aae03fe33eb76 + Revoked at: Wed Jan 18 21:02:33 UTC 2012 + Serial Number (hex): 320ceea26549f5a069ac4e90f4f06676 + Revoked at: Thu Jan 19 08:33:59 UTC 2012 + Serial Number (hex): 00e65bf9a99bf699efe2207c161403c3e6 + Revoked at: Thu Jan 19 20:04:03 UTC 2012 + Serial Number (hex): 23e637691bd2cead681e56e4ca485aeb + Revoked at: Fri Jan 20 00:59:34 UTC 2012 + Serial Number (hex): 794cc2c59696012cf3f2ad862bf35ccd + Revoked at: Fri Jan 20 00:59:48 UTC 2012 + Serial Number (hex): 00eb52374050634f193e1690c8b84a7895 + Revoked at: Fri Jan 20 01:02:18 UTC 2012 + Serial Number (hex): 008362f160337d50c653c659a4b3c74e2c + Revoked at: Fri Jan 20 05:20:30 UTC 2012 + Serial Number (hex): 00e64ef2b5b6528dac4447f3877a3c0687 + Revoked at: Fri Jan 20 05:21:41 UTC 2012 + Serial Number (hex): 00e99300fba992e3aa4a9d4a97335674d3 + Revoked at: Fri Jan 20 07:43:16 UTC 2012 + Serial Number (hex): 495ea7884bea9e7287024986943e7067 + Revoked at: Fri Jan 20 10:38:07 UTC 2012 + Serial Number (hex): 00bbcf883b8bd4eed07aabe36833d79804 + Revoked at: Fri Jan 20 13:44:33 UTC 2012 + Serial Number (hex): 747156bb7a557dc36afa58deceb72378 + Revoked at: Fri Jan 20 20:03:34 UTC 2012 + Serial Number (hex): 00cc0e15abcf6a19172fea4cf5eecc37e4 + Revoked at: Sun Jan 22 17:38:57 UTC 2012 + Serial Number (hex): 00f26a1a6039a9a14f9c57cc0f0f6d6634 + Revoked at: Sun Jan 22 17:47:41 UTC 2012 + Serial Number (hex): 00b137f91b3be5b12671d1777967d51c4c + Revoked at: Sun Jan 22 17:57:04 UTC 2012 + Serial Number (hex): 03b15ee651b754532855b8ffed3d28ee + Revoked at: Sun Jan 22 18:33:46 UTC 2012 + Serial Number (hex): 50863d1f5d6df78acfdd1dc76befbcab + Revoked at: Mon Jan 23 21:04:27 UTC 2012 + Serial Number (hex): 00ce402a4017c76beb6dc1737174d090cc + Revoked at: Mon Jan 23 21:24:07 UTC 2012 + Serial Number (hex): 00ba6f396d7f790134def1d995a06f3974 + Revoked at: Mon Jan 23 22:22:36 UTC 2012 + Serial Number (hex): 6fbe8dc5bf11bd53091cd06bd2a3cb48 + Revoked at: Mon Jan 23 22:22:44 UTC 2012 + Serial Number (hex): 0e65167bcc0ecd738628343419d1465f + Revoked at: Tue Jan 24 00:49:52 UTC 2012 + Serial Number (hex): 0092e4cdf0d1c9f16aab71eb6f137481e9 + Revoked at: Tue Jan 24 12:33:44 UTC 2012 + Serial Number (hex): 00fa5c64962be890d8f62d13a6ca33d506 + Revoked at: Tue Jan 24 15:20:31 UTC 2012 + Serial Number (hex): 0610c4059c7e8d6f11444672cc1b53f1 + Revoked at: Wed Jan 25 18:31:40 UTC 2012 + Serial Number (hex): 5ccd78dcbf7a0a558dc6b3c8be3a85f1 + Revoked at: Wed Jan 25 22:00:03 UTC 2012 + Serial Number (hex): 1a5b10a286297bb56180f78f935085f1 + Revoked at: Wed Jan 25 22:34:38 UTC 2012 + Serial Number (hex): 009724030d243a306d85e1f10c8685cb7f + Revoked at: Wed Jan 25 22:35:09 UTC 2012 + Serial Number (hex): 00dc05aebf0e8aa3a14832f08c3c67d8e7 + Revoked at: Wed Jan 25 22:35:31 UTC 2012 + Serial Number (hex): 6e5b5999206d310b3cd331113447a3c8 + Revoked at: Wed Jan 25 22:36:02 UTC 2012 + Serial Number (hex): 43e03a1f45953d16b3508725cde663c2 + Revoked at: Thu Jan 26 21:48:08 UTC 2012 + Serial Number (hex): 1ad89b91084bea53cc8aaac4fc1b15c2 + Revoked at: Thu Jan 26 21:48:28 UTC 2012 + Serial Number (hex): 367ed9dc71c56cfa513fabe919ae85ff + Revoked at: Fri Jan 27 00:38:23 UTC 2012 + Serial Number (hex): 00adf4d24e58f15db4e5b0cfcf67aaafa2 + Revoked at: Fri Jan 27 15:04:30 UTC 2012 + Serial Number (hex): 5ce86655ea69c0f53c22b722ccaff8a2 + Revoked at: Fri Jan 27 18:20:18 UTC 2012 + Serial Number (hex): 00a6d3f380398d273ea0b6ec48f91af277 + Revoked at: Fri Jan 27 21:13:04 UTC 2012 + Serial Number (hex): 00fa859a57188d90813abd1f6bd496602b + Revoked at: Fri Jan 27 21:13:10 UTC 2012 + Serial Number (hex): 3c2de0fcff1e0de211b201f550cdc919 + Revoked at: Fri Jan 27 21:26:52 UTC 2012 + Serial Number (hex): 58c4cd2567181e786d5c5f7baa8f10a2 + Revoked at: Fri Jan 27 22:09:55 UTC 2012 + Serial Number (hex): 00d080c4608fbf3c4ca44061f680cb7777 + Revoked at: Fri Jan 27 22:10:09 UTC 2012 + Serial Number (hex): 00afeaf8c9acc9b5381e399a934a050bd0 + Revoked at: Fri Jan 27 22:10:17 UTC 2012 + Serial Number (hex): 0089cc444d5e860a717037a3529f27b05e + Revoked at: Fri Jan 27 22:13:28 UTC 2012 + Serial Number (hex): 61febe6f6798e634560593d257799da0 + Revoked at: Mon Jan 30 19:22:16 UTC 2012 + Serial Number (hex): 492a5125090d53f9ca20676de6a7d6d0 + Revoked at: Tue Jan 31 14:41:32 UTC 2012 + Serial Number (hex): 00987fd80cabc18e81af58f5a12b8ac0fd + Revoked at: Tue Jan 31 19:30:58 UTC 2012 + Serial Number (hex): 00bfd2cabf9738d151bf6324d1c1576e7d + Revoked at: Tue Jan 31 19:31:14 UTC 2012 + Serial Number (hex): 69daba65b05e7c8c1d8bda0b25cbe7aa + Revoked at: Tue Jan 31 19:31:36 UTC 2012 + Serial Number (hex): 00ef2a3a9d865e76c635592684f23fbbaf + Revoked at: Tue Jan 31 19:31:49 UTC 2012 + Serial Number (hex): 08cf5f44918bf57701b2e23843c8fbbe + Revoked at: Tue Jan 31 19:32:06 UTC 2012 + Serial Number (hex): 00f5ba74f35cb096e2c6c7363e1221ca0e + Revoked at: Tue Jan 31 19:32:21 UTC 2012 + Serial Number (hex): 00feee04fd4fe7afb2ced18c7b68874d36 + Revoked at: Tue Jan 31 19:33:53 UTC 2012 + Serial Number (hex): 00a65e17308ccb0db1b9acaf871c51a477 + Revoked at: Tue Jan 31 19:34:11 UTC 2012 + Serial Number (hex): 351d2386e73472170c62a3b7e38720c2 + Revoked at: Wed Feb 01 16:46:51 UTC 2012 + Serial Number (hex): 0088a4e8a6b82f68e0bae78858c936c994 + Revoked at: Wed Feb 01 19:30:05 UTC 2012 + Serial Number (hex): 1da169f52a0c393654d3be31672e710b + Revoked at: Wed Feb 01 19:40:12 UTC 2012 + Serial Number (hex): 54cd426420f0605ac64d71031a33e8c4 + Revoked at: Wed Feb 01 19:46:55 UTC 2012 + Serial Number (hex): 00eca7c1e0d1a4cfe8d8133c93984cea1d + Revoked at: Wed Feb 01 19:47:03 UTC 2012 + Serial Number (hex): 46bd62497ca26effd630c3e460901e15 + Revoked at: Wed Feb 01 19:47:10 UTC 2012 + Serial Number (hex): 00cb991aa3eb4bb719652ffc6ced0701bc + Revoked at: Wed Feb 01 19:47:17 UTC 2012 + Serial Number (hex): 00e5e6fd4bbb02efaae15a7f760219f061 + Revoked at: Thu Feb 02 14:29:53 UTC 2012 + Serial Number (hex): 00a8e5cc463a51d63b56e55831af30ad94 + Revoked at: Thu Feb 02 18:07:11 UTC 2012 + Serial Number (hex): 73d089ecf43b2ca6e46fb61e0038a6a0 + Revoked at: Thu Feb 02 19:39:15 UTC 2012 + Serial Number (hex): 40bae2c72608eb072adcae8b86a04c0b + Revoked at: Thu Feb 02 23:17:47 UTC 2012 + Serial Number (hex): 64cff5ffc5a0e989efa9b8b4a6aaee0f + Revoked at: Thu Feb 02 23:33:02 UTC 2012 + Serial Number (hex): 00d949a1b3313383a07f7487b8b36ac834 + Revoked at: Thu Feb 02 23:34:25 UTC 2012 + Serial Number (hex): 00d3f29a2861d038f42ff2fbc369069c48 + Revoked at: Fri Feb 03 12:23:38 UTC 2012 + Serial Number (hex): 00beda3c2f99319b8d5f42d0fc55b191e2 + Revoked at: Sat Feb 04 00:56:33 UTC 2012 + Serial Number (hex): 00b7005813d95a39a27ff250eaaefba351 + Revoked at: Sat Feb 04 00:56:41 UTC 2012 + Serial Number (hex): 54fb0e580811e9496050e7312a3b0afc + Revoked at: Sat Feb 04 00:56:49 UTC 2012 + Serial Number (hex): 406bfd8501fb5cd58b5f8bfb7f5fa920 + Revoked at: Sat Feb 04 00:56:56 UTC 2012 + Serial Number (hex): 77ce93ac72982ba8ca7c1aa91b5ef3c7 + Revoked at: Sat Feb 04 00:57:06 UTC 2012 + Serial Number (hex): 65aaa65bca634cc5edc039e74f360fec + Revoked at: Sat Feb 04 00:57:13 UTC 2012 + Serial Number (hex): 5dd190c5acc3c5beba9cd876771e1de1 + Revoked at: Sat Feb 04 00:57:20 UTC 2012 + Serial Number (hex): 2fab398bacc63212ccb4420b3e975606 + Revoked at: Sat Feb 04 00:57:28 UTC 2012 + Serial Number (hex): 009a97597bffb836e244fa7b198379211a + Revoked at: Sat Feb 04 00:57:35 UTC 2012 + Serial Number (hex): 40495b86b04fb98c6f94ad5c2f00822c + Revoked at: Sat Feb 04 00:58:08 UTC 2012 + Serial Number (hex): 00a2248f3ef1360ca0f625969543534a13 + Revoked at: Sat Feb 04 08:51:04 UTC 2012 + Serial Number (hex): 00e03a4cfccdeb53ed5577c060be6f2f04 + Revoked at: Sun Feb 05 02:27:31 UTC 2012 + Serial Number (hex): 00c8d7af7f46b14bb7cdae1e80e1e83cbc + Revoked at: Sun Feb 05 17:32:52 UTC 2012 + Serial Number (hex): 00f1f47d4884340d235596df8b6f657ee8 + Revoked at: Mon Feb 06 17:04:55 UTC 2012 + Serial Number (hex): 4b6dd0d86a6dfa87fad8cefe657f8c83 + Revoked at: Mon Feb 06 17:08:32 UTC 2012 + Serial Number (hex): 00f581375660e33726f4cf6407f73d3def + Revoked at: Mon Feb 06 18:35:17 UTC 2012 + Serial Number (hex): 009d2ac1d5083aae0f8e1e79d542194f70 + Revoked at: Tue Feb 07 11:24:53 UTC 2012 + Serial Number (hex): 75e3bae0313abc34322c4c26b76caf04 + Revoked at: Tue Feb 07 17:27:38 UTC 2012 + Serial Number (hex): 7d5872813bddd1ab293b2413139a785b + Revoked at: Tue Feb 07 19:15:07 UTC 2012 + Serial Number (hex): 2b6a999cca7afa4f0facd19a6e1cc9e6 + Revoked at: Tue Feb 07 20:50:30 UTC 2012 + Serial Number (hex): 6443be2f089bd611204f6238f3e0e7a7 + Revoked at: Wed Feb 08 01:22:27 UTC 2012 + Serial Number (hex): 1ba8fab2859d0325b135300accd616d5 + Revoked at: Wed Feb 08 15:41:44 UTC 2012 + Serial Number (hex): 00b4cb18d56a5f19ba22fe5f06585932fb + Revoked at: Wed Feb 08 19:12:53 UTC 2012 + Serial Number (hex): 00c047de5329e3ec7ca467a7114fa4dfc6 + Revoked at: Wed Feb 08 19:13:49 UTC 2012 + Serial Number (hex): 1f1b72335fd7e1ccc396ff46d1fa1697 + Revoked at: Wed Feb 08 19:14:16 UTC 2012 + Serial Number (hex): 00c20a4f6e0bb12b7cd8ba2906eb84e774 + Revoked at: Wed Feb 08 20:41:35 UTC 2012 + Serial Number (hex): 48809dd0bacb65ca1293b6773a7e119e + Revoked at: Wed Feb 08 21:12:19 UTC 2012 + Serial Number (hex): 56aae04f2973262081c9fe1f181db65a + Revoked at: Wed Feb 08 21:12:28 UTC 2012 + Serial Number (hex): 47315aad9bb2d456b7b6b23d449dc0f8 + Revoked at: Wed Feb 08 21:13:00 UTC 2012 + Serial Number (hex): 00dcb91c8bd0023bf47b42673f3f5eb31d + Revoked at: Wed Feb 08 21:13:18 UTC 2012 + Serial Number (hex): 1f7bd47508751464198b2a530c2ed2ee + Revoked at: Wed Feb 08 21:13:33 UTC 2012 + Serial Number (hex): 00af72cd083fba73aa23d178bf49271268 + Revoked at: Wed Feb 08 21:35:14 UTC 2012 + Serial Number (hex): 5007192fda70320277b80c2064006e16 + Revoked at: Wed Feb 08 21:35:38 UTC 2012 + Serial Number (hex): 009cc17696c0d85117f044df3b1d241d10 + Revoked at: Wed Feb 08 21:36:01 UTC 2012 + Serial Number (hex): 00be4e0c108eb06783ceff0e1e0045c223 + Revoked at: Wed Feb 08 21:36:28 UTC 2012 + Serial Number (hex): 6f39af83b73ff861925a57d320cef514 + Revoked at: Wed Feb 08 21:49:36 UTC 2012 + Serial Number (hex): 008080f2d5e1846c709c3bc0d176475a9a + Revoked at: Thu Feb 09 20:32:33 UTC 2012 + Serial Number (hex): 59e8f2d7bc6cef5bd3c019e3011b367e + Revoked at: Thu Feb 09 21:57:56 UTC 2012 + Serial Number (hex): 00bcc0cf8abcad6be3f42de8ac9cee49 + Revoked at: Thu Feb 09 23:04:30 UTC 2012 + Serial Number (hex): 00e5b7e6899205d439f96fbb361baaadb7 + Revoked at: Fri Feb 10 12:57:45 UTC 2012 + Serial Number (hex): 6aaff5376a060a3a299f7aad04e7d650 + Revoked at: Fri Feb 10 12:58:10 UTC 2012 + Serial Number (hex): 00fb357ba6929b2e744b14b1b2b42bcb83 + Revoked at: Fri Feb 10 15:56:32 UTC 2012 + Serial Number (hex): 00b204ab09a557dc2c8af18834c06b2f67 + Revoked at: Fri Feb 10 17:23:36 UTC 2012 + Serial Number (hex): 306eee7595804de611669bacf701b788 + Revoked at: Fri Feb 10 18:44:58 UTC 2012 + Serial Number (hex): 00a342c115da3057b2c5b3b9753633f32a + Revoked at: Fri Feb 10 18:49:46 UTC 2012 + Serial Number (hex): 2b9e3fdbee348e7c4ab5fe1476ba173a + Revoked at: Fri Feb 10 23:20:39 UTC 2012 + Serial Number (hex): 00c40bf88c9c9a0edfea1e13bdbf311fbf + Revoked at: Mon Feb 13 13:25:33 UTC 2012 + Serial Number (hex): 009f137b79a4c26b20a9874924dc3caa07 + Revoked at: Mon Feb 13 13:45:06 UTC 2012 + Serial Number (hex): 250725ad24864b78953b24b2cd3bef0b + Revoked at: Mon Feb 13 15:29:33 UTC 2012 + Serial Number (hex): 419aeb484016f29b53809ef363f93495 + Revoked at: Mon Feb 13 16:09:12 UTC 2012 + Serial Number (hex): 793b39a8d4d0a2db7e63517c1803bd89 + Revoked at: Mon Feb 13 18:53:51 UTC 2012 + Serial Number (hex): 3ee0d4abfc70598bad82400d57cf58f7 + Revoked at: Tue Feb 14 15:09:14 UTC 2012 + Serial Number (hex): 41d3987549ecf4441c7f120f67a11c56 + Revoked at: Tue Feb 14 15:15:21 UTC 2012 + Serial Number (hex): 755ef285072c99126f74559984836e18 + Revoked at: Wed Feb 15 02:56:09 UTC 2012 + Serial Number (hex): 00d8f2dccdeb80703a7070cce710db5a15 + Revoked at: Wed Feb 15 02:56:43 UTC 2012 + Serial Number (hex): 00eba1244aff8162f4be8aa58379bc7ae4 + Revoked at: Wed Feb 15 15:53:03 UTC 2012 + Serial Number (hex): 00f1f7921a5ccb8b31c761222aaf97abc0 + Revoked at: Thu Feb 16 12:49:30 UTC 2012 + Serial Number (hex): 008fbc00d697a7cf50a72001d408f2853c + Revoked at: Thu Feb 16 15:55:14 UTC 2012 + Serial Number (hex): 589954267bf96a73c6914c59021c45ac + Revoked at: Thu Feb 16 17:45:16 UTC 2012 + Serial Number (hex): 375258162173c4aebdfb98369898d49d + Revoked at: Thu Feb 16 18:45:17 UTC 2012 + Serial Number (hex): 7fef7d360b42ec10d1c8efba369af188 + Revoked at: Thu Feb 16 18:45:33 UTC 2012 + Serial Number (hex): 0b628594a5c559e6cf6bb7c0bf0cfbaa + Revoked at: Thu Feb 16 19:43:35 UTC 2012 + Serial Number (hex): 00be4a97d615d2e49e1bf2589c17473221 + Revoked at: Fri Feb 17 05:58:53 UTC 2012 + Serial Number (hex): 00b51063383fec442fddc62b6d9b6f5c71 + Revoked at: Fri Feb 17 21:13:39 UTC 2012 + Serial Number (hex): 00b3e50a1d9f2740458de92995e6ef0c7a + Revoked at: Fri Feb 17 22:29:09 UTC 2012 + Serial Number (hex): 00efccc625d1f13c4309d208a11ecebbd3 + Revoked at: Sun Feb 19 18:32:27 UTC 2012 + Serial Number (hex): 00ff58855b4ccab6e9c2c8a4453e10beaf + Revoked at: Mon Feb 20 22:35:31 UTC 2012 + Serial Number (hex): 008d12e0daaca0ad148e08b33a4194772d + Revoked at: Tue Feb 21 14:25:24 UTC 2012 + Serial Number (hex): 0082d738927615b3cc4cc4c6371aff5f9b + Revoked at: Tue Feb 21 15:45:01 UTC 2012 + Serial Number (hex): 0086c5a5595e97fb0d31e1c7eb4bc92260 + Revoked at: Tue Feb 21 16:21:04 UTC 2012 + Serial Number (hex): 00a657947339addfe2cafa972f391d8452 + Revoked at: Tue Feb 21 20:04:51 UTC 2012 + Serial Number (hex): 563e6d133f1e44ac8746ac605bf4da7c + Revoked at: Wed Feb 22 11:52:30 UTC 2012 + Serial Number (hex): 71b492f4b9d9b43acb8731f39e3ad433 + Revoked at: Wed Feb 22 16:19:01 UTC 2012 + Serial Number (hex): 00cdbfcad2be80c6aa86c1f10a7bcd3908 + Revoked at: Wed Feb 22 20:13:18 UTC 2012 + Serial Number (hex): 00c347a78820f0906612a90ef4bf3829e0 + Revoked at: Wed Feb 22 20:54:40 UTC 2012 + Serial Number (hex): 0085f17095e46e8fdf082c8510cebf3d49 + Revoked at: Wed Feb 22 22:10:02 UTC 2012 + Serial Number (hex): 29336c4bcce2bcf1bfc8b1224d42502c + Revoked at: Wed Feb 22 22:10:26 UTC 2012 + Serial Number (hex): 171fcc729c38d3fd15d43072af86225d + Revoked at: Wed Feb 22 23:11:22 UTC 2012 + Serial Number (hex): 04a22b3520f34b3f5324cd29c263ef7f + Revoked at: Thu Feb 23 09:21:29 UTC 2012 + Serial Number (hex): 34e1b15a91c7443a1f1412d5ff9955da + Revoked at: Thu Feb 23 12:39:20 UTC 2012 + Serial Number (hex): 00bf3d051abd1eb239b9ba7babc6562c5e + Revoked at: Thu Feb 23 15:24:29 UTC 2012 + Serial Number (hex): 1ecffb7eb32daccb40cc0f32ac1fc13d + Revoked at: Fri Feb 24 14:21:31 UTC 2012 + Serial Number (hex): 00c060a6e62b3ae8cb3112b08988c2fe75 + Revoked at: Fri Feb 24 21:20:29 UTC 2012 + Serial Number (hex): 00dd93449dc3c6964bf584fd64581b418f + Revoked at: Tue Feb 28 05:57:10 UTC 2012 + Serial Number (hex): 2a950ce723f50043f65861ade2a5889f + Revoked at: Tue Feb 28 10:02:51 UTC 2012 + Serial Number (hex): 00c9fb2aedde94e0c4429538d92acb87e8 + Revoked at: Tue Feb 28 13:28:48 UTC 2012 + Serial Number (hex): 00c7336197a2b1a8f3f7997a5766771e42 + Revoked at: Tue Feb 28 16:15:02 UTC 2012 + Serial Number (hex): 29fbbe44ba6fa63b0318235e1dc0bc86 + Revoked at: Wed Feb 29 13:33:47 UTC 2012 + Serial Number (hex): 2b863d97269391e36d45ae0306d6863f + Revoked at: Wed Feb 29 15:06:47 UTC 2012 + Serial Number (hex): 7e9c891251f60961afaf91f2c3941dc6 + Revoked at: Wed Feb 29 18:36:16 UTC 2012 + Serial Number (hex): 00a1c9dfcab9eeaa089c502c6f71217f17 + Revoked at: Wed Feb 29 18:36:34 UTC 2012 + Serial Number (hex): 00cb0f19d05d29cd905ffd30e3ef2f5240 + Revoked at: Wed Feb 29 18:36:53 UTC 2012 + Serial Number (hex): 22fc0a9e633a65ec187f8478fd45e3ea + Revoked at: Wed Feb 29 18:37:11 UTC 2012 + Serial Number (hex): 58509e44c943beb613f8592d73c48d8e + Revoked at: Wed Feb 29 19:14:41 UTC 2012 + Serial Number (hex): 18700ab5aed4a63df76c1a21dbbc4522 + Revoked at: Wed Feb 29 19:14:58 UTC 2012 + Serial Number (hex): 00ab41b9f03913ac5d2e436beaf30a8e77 + Revoked at: Wed Feb 29 19:15:16 UTC 2012 + Serial Number (hex): 00bb782beab6290003013f6d01fc251c08 + Revoked at: Wed Feb 29 22:42:36 UTC 2012 + Serial Number (hex): 505131c4e6f5e39ff72ec2a0f4e4921e + Revoked at: Wed Feb 29 22:43:21 UTC 2012 + Serial Number (hex): 00d93ca9b4bbc5fafb6b8c428c24d592a9 + Revoked at: Thu Mar 01 11:40:16 UTC 2012 + Serial Number (hex): 00fed4940ff63cf701541071575d18d056 + Revoked at: Thu Mar 01 13:53:48 UTC 2012 + Serial Number (hex): 3b2e35faa618ddd533f707a7f621779e + Revoked at: Thu Mar 01 20:14:47 UTC 2012 + Serial Number (hex): 06594f3fb774c7df1ff9bc311430b62d + Revoked at: Thu Mar 01 20:15:10 UTC 2012 + Serial Number (hex): 00df851d5dda7e4153fe9a64f73d44fcea + Revoked at: Thu Mar 01 20:48:38 UTC 2012 + Serial Number (hex): 4d13afaac80a7eccee89e0ebcc2b4611 + Revoked at: Thu Mar 01 21:40:15 UTC 2012 + Serial Number (hex): 25d71184074bddd38368d38d89d4d81c + Revoked at: Thu Mar 01 21:40:19 UTC 2012 + Serial Number (hex): 647b2eb96b3095096d68cc4139292177 + Revoked at: Thu Mar 01 21:54:12 UTC 2012 + Serial Number (hex): 00d70f0d782548bc110efd5af9b5e15065 + Revoked at: Fri Mar 02 11:35:41 UTC 2012 + Serial Number (hex): 00d43515ba258979ffebd657f82bc060ac + Revoked at: Fri Mar 02 14:31:30 UTC 2012 + Serial Number (hex): 00ac0b0458ae801bfd1062df995b13249b + Revoked at: Fri Mar 02 17:50:41 UTC 2012 + Serial Number (hex): 79be506b8deb938444cffde0d4d44592 + Revoked at: Fri Mar 02 18:20:09 UTC 2012 + Serial Number (hex): 00d214200de92380a1de56fc2e489bb27f + Revoked at: Fri Mar 02 18:27:32 UTC 2012 + Serial Number (hex): 70a6a1992010a09a856e9c431ebde017 + Revoked at: Fri Mar 02 20:05:23 UTC 2012 + Serial Number (hex): 2a72626e6aae523fd4260617d6ffcaf6 + Revoked at: Sun Mar 04 15:05:34 UTC 2012 + Serial Number (hex): 009eb7d3b53a988fd6f55a1f218d76400d + Revoked at: Sun Mar 04 15:11:44 UTC 2012 + Serial Number (hex): 4447f84ad4d034fcc40ca72295a2038f + Revoked at: Sun Mar 04 15:12:05 UTC 2012 + Serial Number (hex): 4960b6103f64b1112a8c76b977af0327 + Revoked at: Mon Mar 05 08:58:54 UTC 2012 + Serial Number (hex): 6c72e2a191b7abde9acb74fd08f454e8 + Revoked at: Mon Mar 05 15:14:25 UTC 2012 + Serial Number (hex): 00b75aee994970bf64b247ca023878a452 + Revoked at: Mon Mar 05 19:21:55 UTC 2012 + Serial Number (hex): 066f97e0e8766af5342f8d6a496f7407 + Revoked at: Mon Mar 05 19:31:43 UTC 2012 + Serial Number (hex): 0084f81a063a87e1387fe18f4ecadeaf88 + Revoked at: Tue Mar 06 00:02:05 UTC 2012 + Serial Number (hex): 00bc0d1d678485b3d4c8e72d53592e01fd + Revoked at: Tue Mar 06 20:57:12 UTC 2012 + Serial Number (hex): 117dcfc7b478403bd3469b0019b65ac8 + Revoked at: Wed Mar 07 11:38:07 UTC 2012 + Serial Number (hex): 7ed21816e2f26c069a2303d28e2c6b51 + Revoked at: Wed Mar 07 15:12:00 UTC 2012 + Serial Number (hex): 00c568ecb4adf1e2c734738c83505170be + Revoked at: Wed Mar 07 16:42:33 UTC 2012 + Serial Number (hex): 4df6457104e725dd87e7743acb6a79c0 + Revoked at: Wed Mar 07 16:49:05 UTC 2012 + Serial Number (hex): 00c9446bee78c9be399c9e9908f895bd8e + Revoked at: Thu Mar 08 14:45:58 UTC 2012 + Serial Number (hex): 008f8d8d798ebfee3dafe3810c73ccd473 + Revoked at: Thu Mar 08 21:11:04 UTC 2012 + Serial Number (hex): 008f2fdb6cc89bd50104627d1614c799ca + Revoked at: Thu Mar 08 22:12:29 UTC 2012 + Serial Number (hex): 3d2bdf0425b7ef299dcc7f3675e3814b + Revoked at: Thu Mar 08 22:12:40 UTC 2012 + Serial Number (hex): 00e8df201e4b94795e214439e3287a7c8b + Revoked at: Thu Mar 08 22:12:51 UTC 2012 + Serial Number (hex): 00ab3bd5a4bedc922ca3fde6e8ea5d375d + Revoked at: Thu Mar 08 22:13:09 UTC 2012 + Serial Number (hex): 00b5c1c723a846946fde62ef3482d172ef + Revoked at: Thu Mar 08 22:13:56 UTC 2012 + Serial Number (hex): 009d10392dde89a8f7c2b0684e9f2845cc + Revoked at: Fri Mar 09 13:51:23 UTC 2012 + Serial Number (hex): 1b8eb15e74915a2fd2277998105ccab8 + Revoked at: Fri Mar 09 16:55:00 UTC 2012 + Serial Number (hex): 00997d904c9f52a87f263729ab96215592 + Revoked at: Fri Mar 09 16:55:54 UTC 2012 + Serial Number (hex): 00f660920d1eb83b4895fc4d9a44befcf8 + Revoked at: Fri Mar 09 21:16:13 UTC 2012 + Serial Number (hex): 00b8c9220958d7e0dbfa820242affbd0a7 + Revoked at: Fri Mar 09 22:27:14 UTC 2012 + Serial Number (hex): 00cb9ef9e0a3d43341cc0adbe68f19bf30 + Revoked at: Fri Mar 09 22:27:19 UTC 2012 + Serial Number (hex): 657df8e91c37bfc977039c81e008e788 + Revoked at: Mon Mar 12 16:32:31 UTC 2012 + Serial Number (hex): 4f6c5c4d9406095bfe2f8d17f844d056 + Revoked at: Tue Mar 13 11:09:34 UTC 2012 + Serial Number (hex): 00b03c4f50259e335408b8e08ee00b3650 + Revoked at: Tue Mar 13 12:08:03 UTC 2012 + Serial Number (hex): 755e14c62e6ddaffcaae7f71bd192661 + Revoked at: Wed Mar 14 18:21:02 UTC 2012 + Serial Number (hex): 00c2e604368a5df609199e74df0428cce6 + Revoked at: Wed Mar 14 20:15:40 UTC 2012 + Serial Number (hex): 3ebacb122d675889511474ce1ad70c02 + Revoked at: Wed Mar 14 20:20:10 UTC 2012 + Serial Number (hex): 23c7e1b19104d836bbec2bf3d115181c + Revoked at: Thu Mar 15 14:12:39 UTC 2012 + Serial Number (hex): 03faa999332abd1b2f444f4202e871e4 + Revoked at: Thu Mar 15 14:25:03 UTC 2012 + Serial Number (hex): 766b140b85d7d1509f79e12f65fdf158 + Revoked at: Thu Mar 15 14:25:33 UTC 2012 + Serial Number (hex): 5840aa4ab4f638b4f1f7bcd1e14592dd + Revoked at: Thu Mar 15 15:33:27 UTC 2012 + Serial Number (hex): 2f4ab2ceb3204273ea4e4b6cd744276f + Revoked at: Thu Mar 15 19:57:06 UTC 2012 + Serial Number (hex): 008dd6c742a0effb0536d9fe764004c2e1 + Revoked at: Thu Mar 15 22:23:34 UTC 2012 + Serial Number (hex): 00ceb53772b6a82de6fd9e5246951af4b6 + Revoked at: Thu Mar 15 22:23:45 UTC 2012 + Serial Number (hex): 008dda4126eb5b6687df84e0c892993370 + Revoked at: Fri Mar 16 08:17:31 UTC 2012 + Serial Number (hex): 4019357f3c9320ba13e549d13038704c + Revoked at: Fri Mar 16 08:59:03 UTC 2012 + Serial Number (hex): 7d9d308a972d80d0784d9cab788f8203 + Revoked at: Fri Mar 16 15:04:09 UTC 2012 + Serial Number (hex): 00efcb775bccdcc3c86e63ffea38b2382c + Revoked at: Sat Mar 17 10:04:40 UTC 2012 + Serial Number (hex): 00f176fd562f55700f7dde1b9d3f8658b3 + Revoked at: Mon Mar 19 04:20:44 UTC 2012 + Serial Number (hex): 41c743eb30e9cb8cd723fbf250c227ee + Revoked at: Mon Mar 19 11:32:20 UTC 2012 + Serial Number (hex): 48d7f48b20c812217a5346ae5e8ff27b + Revoked at: Mon Mar 19 13:38:53 UTC 2012 + Serial Number (hex): 00faec1f285e4c58b9b6a3c31607d0e0c4 + Revoked at: Mon Mar 19 17:15:01 UTC 2012 + Serial Number (hex): 00e80f1caae086d1f5630537b602b64241 + Revoked at: Mon Mar 19 18:03:19 UTC 2012 + Serial Number (hex): 0098e1ab48c551fe5949e1c0117835636f + Revoked at: Mon Mar 19 21:29:50 UTC 2012 + Serial Number (hex): 00bcc5187c30293d3f6c7a2e891ffe8603 + Revoked at: Mon Mar 19 21:30:04 UTC 2012 + Serial Number (hex): 00d223434d86bbc7b7a27ebd301dbf596d + Revoked at: Mon Mar 19 21:47:02 UTC 2012 + Serial Number (hex): 5f57ea471f31386f7fc73f8dde6e7f82 + Revoked at: Tue Mar 20 14:02:30 UTC 2012 + Serial Number (hex): 00f4c2c389d6742e9fef09f0f6eb5caa84 + Revoked at: Tue Mar 20 18:12:16 UTC 2012 + Serial Number (hex): 00ffbdc855de678e5aed0e9fa93f968168 + Revoked at: Tue Mar 20 18:53:44 UTC 2012 + Serial Number (hex): 00d39d385ba2f7c2c0cc9636f8940ee9f7 + Revoked at: Tue Mar 20 19:52:27 UTC 2012 + Serial Number (hex): 389c83bf722c6fcc19ab302e5a792c84 + Revoked at: Tue Mar 20 19:53:32 UTC 2012 + Serial Number (hex): 00bada70503e1eba4977aab97d3ba8b057 + Revoked at: Tue Mar 20 21:00:10 UTC 2012 + Serial Number (hex): 00a41a0e69a5ccbcee754c5da74c8b19a6 + Revoked at: Tue Mar 20 21:19:24 UTC 2012 + Serial Number (hex): 00f130fb033eb135ac2fda618453b1380b + Revoked at: Tue Mar 20 21:20:25 UTC 2012 + Serial Number (hex): 2de6900fa965c7f2e28002f59662dfb0 + Revoked at: Tue Mar 20 22:51:57 UTC 2012 + Serial Number (hex): 5f7281914944bdd80afda9d41d21b817 + Revoked at: Wed Mar 21 16:49:06 UTC 2012 + Serial Number (hex): 00e2ce5da26d3e5e8e2a4bdefc2c010a93 + Revoked at: Wed Mar 21 21:33:21 UTC 2012 + Serial Number (hex): 212614c43f42d42ec7f61a8496df9833 + Revoked at: Wed Mar 21 21:55:43 UTC 2012 + Serial Number (hex): 00f02d67b6ae419954364a829fad6dd3b8 + Revoked at: Wed Mar 21 23:38:27 UTC 2012 + Serial Number (hex): 00a9974db7a6e7b8de3f74be090d528b80 + Revoked at: Thu Mar 22 08:47:07 UTC 2012 + Serial Number (hex): 628a5250b13fc31dbd39538d8bca4a07 + Revoked at: Thu Mar 22 11:34:58 UTC 2012 + Serial Number (hex): 1516ae158455078e4137e342dc2759ec + Revoked at: Thu Mar 22 15:11:47 UTC 2012 + Serial Number (hex): 00d7df6086420fb3825abc19312050a78e + Revoked at: Thu Mar 22 20:04:42 UTC 2012 + Serial Number (hex): 525e6938347b5b8df4aa7ae9bdaee3b4 + Revoked at: Fri Mar 23 12:47:51 UTC 2012 + Serial Number (hex): 04a318f0b698c8bfd93ec4aa1714570d + Revoked at: Mon Mar 26 04:31:39 UTC 2012 + Serial Number (hex): 7a50c416f7bbcc5c48102ca25463c825 + Revoked at: Mon Mar 26 13:04:02 UTC 2012 + Serial Number (hex): 00c240c713cd8f14d553831b3f5282f12a + Revoked at: Mon Mar 26 13:08:59 UTC 2012 + Serial Number (hex): 0081784bf7a9123d762c334ebb7f079397 + Revoked at: Mon Mar 26 14:36:47 UTC 2012 + Serial Number (hex): 00c191485f7087e85489de368a70c384ff + Revoked at: Mon Mar 26 17:03:48 UTC 2012 + Serial Number (hex): 1d95d85667d613b15101ed501ed69976 + Revoked at: Tue Mar 27 11:16:46 UTC 2012 + Serial Number (hex): 0b4e66354ee210ee530a087c13b844c8 + Revoked at: Tue Mar 27 18:04:53 UTC 2012 + Serial Number (hex): 625db4e17e2dc933f9b6e0012002b906 + Revoked at: Tue Mar 27 21:27:46 UTC 2012 + Serial Number (hex): 4756629d2f74189a07bbfbcc0a8ee20d + Revoked at: Tue Mar 27 21:46:53 UTC 2012 + Serial Number (hex): 28222f8ca81a420d09f79204e45c51ec + Revoked at: Wed Mar 28 07:27:26 UTC 2012 + Serial Number (hex): 6779d76a45b999d1ec3f130313e98fd9 + Revoked at: Wed Mar 28 10:57:05 UTC 2012 + Serial Number (hex): 00bd8b7f3cb5fc193c30d163806a98ee6f + Revoked at: Wed Mar 28 10:57:26 UTC 2012 + Serial Number (hex): 0ada6134b704eebb00469417931c7e31 + Revoked at: Wed Mar 28 10:57:44 UTC 2012 + Serial Number (hex): 66c9405552542bf02d7ad1625c38177c + Revoked at: Wed Mar 28 10:57:59 UTC 2012 + Serial Number (hex): 1623c7f737963e11c2fc5281e2a65dd9 + Revoked at: Wed Mar 28 13:40:59 UTC 2012 + Serial Number (hex): 0d5756a37047eb00a1e46000d048e704 + Revoked at: Thu Mar 29 14:32:15 UTC 2012 + Serial Number (hex): 00dd9e8951e99539b1f3aedb83900105b1 + Revoked at: Thu Mar 29 15:36:30 UTC 2012 + Serial Number (hex): 4c6d56dcd33dc266b88a06891f6b7b0e + Revoked at: Thu Mar 29 18:26:15 UTC 2012 + Serial Number (hex): 6b54aae994ddd23f2a6a6b7338c3a81b + Revoked at: Thu Mar 29 18:28:00 UTC 2012 + Serial Number (hex): 00ccb6184445156f719d27333dbdc55d0a + Revoked at: Fri Mar 30 15:01:21 UTC 2012 + Serial Number (hex): 3a5998beac0fa54c9bcec4cde3b3ad69 + Revoked at: Fri Mar 30 18:17:28 UTC 2012 + Serial Number (hex): 00e836adab298e53ac91ed95782bdd2cfb + Revoked at: Fri Mar 30 18:20:09 UTC 2012 + Serial Number (hex): 2b81af86562798c9365189409893559d + Revoked at: Wed Apr 04 01:03:16 UTC 2012 + Serial Number (hex): 2ec02a57d954e6581d1451e247a40665 + Revoked at: Wed Apr 04 14:46:14 UTC 2012 + Serial Number (hex): 0086e292cde6b26e7e7ab5d76d4a07fb68 + Revoked at: Wed Apr 04 15:01:29 UTC 2012 + Serial Number (hex): 486900a184300d84376819a0be21025d + Revoked at: Wed Apr 04 15:51:07 UTC 2012 + Serial Number (hex): 008450edb8ce1fdec82da7d8e4e4300883 + Revoked at: Wed Apr 04 16:45:09 UTC 2012 + Serial Number (hex): 00cabf035bddaa0085de771d1a18b98c3a + Revoked at: Wed Apr 04 18:35:17 UTC 2012 + Serial Number (hex): 3535fdac0003f8e4970018f6a1920e8d + Revoked at: Wed Apr 04 18:35:31 UTC 2012 + Serial Number (hex): 730687e909d7f7b4ac6489eca8db8f34 + Revoked at: Wed Apr 04 18:35:41 UTC 2012 + Serial Number (hex): 42456a69bfea7ee622e480747ba2cf61 + Revoked at: Wed Apr 04 18:35:52 UTC 2012 + Serial Number (hex): 43c8e9ad3122ed96820d106b27e2f587 + Revoked at: Wed Apr 04 18:36:02 UTC 2012 + Serial Number (hex): 36b17daf45ad2fcab53263634d38cc75 + Revoked at: Wed Apr 04 18:36:16 UTC 2012 + Serial Number (hex): 49db5f33537be7feffb0602931f60b0b + Revoked at: Wed Apr 04 21:52:39 UTC 2012 + Serial Number (hex): 433c977cfe39bea40537ee09647c3237 + Revoked at: Thu Apr 05 12:48:19 UTC 2012 + Serial Number (hex): 00f21ff536a1b6d6c6457ecf4988c891aa + Revoked at: Thu Apr 05 15:32:08 UTC 2012 + Serial Number (hex): 00fd06b27520c17e8027f724c130b4ac99 + Revoked at: Thu Apr 05 18:03:36 UTC 2012 + Serial Number (hex): 47de94eb98fe2e160c1770b5c74fe994 + Revoked at: Thu Apr 05 18:52:08 UTC 2012 + Serial Number (hex): 00b0925a19ed86aa975dc032cb5104b63f + Revoked at: Thu Apr 05 18:52:29 UTC 2012 + Serial Number (hex): 00d8586efa460931f4115c557966f9d399 + Revoked at: Thu Apr 05 18:52:44 UTC 2012 + Serial Number (hex): 5984606aa2aae74718f93f7e193ef0a7 + Revoked at: Thu Apr 05 18:57:38 UTC 2012 + Serial Number (hex): 3dbd4276b886eec872e2ea2ed3218a66 + Revoked at: Fri Apr 06 03:48:34 UTC 2012 + Serial Number (hex): 009aa6e2cd4e3cc6371d25ddf964eef7d2 + Revoked at: Fri Apr 06 14:06:54 UTC 2012 + Serial Number (hex): 00978770ae3b7ebaff1b151e07e9f42b39 + Revoked at: Fri Apr 06 16:13:43 UTC 2012 + Serial Number (hex): 009b8a9efdfc6c18c29ce3a3697c73b99b + Revoked at: Mon Apr 09 04:38:10 UTC 2012 + Serial Number (hex): 351284c63cbd15bb755482c6cd945743 + Revoked at: Mon Apr 09 04:38:39 UTC 2012 + Serial Number (hex): 517cb2561ae31ed39bd6de5c34046b91 + Revoked at: Mon Apr 09 04:38:52 UTC 2012 + Serial Number (hex): 44963f8654cede9a0fa58dc690567d1c + Revoked at: Mon Apr 09 14:08:51 UTC 2012 + Serial Number (hex): 00bf9ebe8fe9941d1b5c2d46dce95f4c89 + Revoked at: Mon Apr 09 15:05:39 UTC 2012 + Serial Number (hex): 140a862798ff0d714765cd4a3e220587 + Revoked at: Mon Apr 09 23:30:00 UTC 2012 + Serial Number (hex): 00c8a2ee53b2ee18d8544d766d0aa79a42 + Revoked at: Tue Apr 10 15:59:18 UTC 2012 + Serial Number (hex): 72f0b54077bf88719ce4fa3cced657f4 + Revoked at: Tue Apr 10 16:55:20 UTC 2012 + Serial Number (hex): 508de7276753bbe10e04fb5f72523939 + Revoked at: Wed Apr 11 02:00:58 UTC 2012 + Serial Number (hex): 00a271bc17e0c2ccc01b77988677d8c975 + Revoked at: Wed Apr 11 15:46:23 UTC 2012 + Serial Number (hex): 5dd57484044a888306ce0cd893303c1b + Revoked at: Wed Apr 11 16:46:59 UTC 2012 + Serial Number (hex): 00d08a1cdb31892573c21537803989d585 + Revoked at: Wed Apr 11 19:26:06 UTC 2012 + Serial Number (hex): 00bab49e400c38d7a7d0f913eafd2aa2b0 + Revoked at: Wed Apr 11 19:26:18 UTC 2012 + Serial Number (hex): 1c1bd2a749d663f8d91e5b592539fb74 + Revoked at: Thu Apr 12 15:32:53 UTC 2012 + Serial Number (hex): 13e0960fd1912700eee4977daaff2be6 + Revoked at: Thu Apr 12 15:33:02 UTC 2012 + Serial Number (hex): 59fe636e6cceb74e9bf6d7edc9006bbf + Revoked at: Thu Apr 12 20:45:32 UTC 2012 + Serial Number (hex): 32445df6648d70ee423eb35b540b80e8 + Revoked at: Thu Apr 12 21:00:21 UTC 2012 + Serial Number (hex): 6e0844ed871f58b47ebf4858beec1ab8 + Revoked at: Thu Apr 12 21:07:38 UTC 2012 + Serial Number (hex): 00f3bb1c1e5bef373bd997e80fc2b16ea6 + Revoked at: Fri Apr 13 01:51:29 UTC 2012 + Serial Number (hex): 0087b15983096ba913c9f4334888b56618 + Revoked at: Fri Apr 13 03:27:40 UTC 2012 + Serial Number (hex): 05618dc3b83539c97a3786982ebbd4fc + Revoked at: Fri Apr 13 09:07:58 UTC 2012 + Serial Number (hex): 009d733a2ef8617a1bf9bf3d6e1b1f5463 + Revoked at: Fri Apr 13 09:32:01 UTC 2012 + Serial Number (hex): 00eee655afc813db91bcc496bbfb8ac58d + Revoked at: Fri Apr 13 20:17:23 UTC 2012 + Serial Number (hex): 00a49b758c479f13f1c1051d23b3d401bb + Revoked at: Fri Apr 13 20:18:00 UTC 2012 + Serial Number (hex): 0f0e6b9e195d04cbdf062e6e796b2b66 + Revoked at: Fri Apr 13 23:25:43 UTC 2012 + Serial Number (hex): 2bcdfb200975c7d0cf23640c64fda927 + Revoked at: Mon Apr 16 12:42:31 UTC 2012 + Serial Number (hex): 00ded503d52475e971b1c134ce909035af + Revoked at: Mon Apr 16 20:23:19 UTC 2012 + Serial Number (hex): 4e9c0c0e75e78685dc964bc774fb969b + Revoked at: Tue Apr 17 06:11:41 UTC 2012 + Serial Number (hex): 00baa938f45d930904b9bd00a2e88b13cf + Revoked at: Tue Apr 17 12:17:25 UTC 2012 + Serial Number (hex): 75b809aa45dbbb6c1d9418d0dfa088bb + Revoked at: Tue Apr 17 21:09:44 UTC 2012 + Serial Number (hex): 009efd52afce9ebe8a8cbabcb5a56ae198 + Revoked at: Tue Apr 17 22:12:01 UTC 2012 + Serial Number (hex): 009923363b6c62012f032e8b4568ef713b + Revoked at: Tue Apr 17 23:03:54 UTC 2012 + Serial Number (hex): 00d63255b0a5896f4fede64f61d9bb7e85 + Revoked at: Wed Apr 18 02:50:08 UTC 2012 + Serial Number (hex): 4a894eda84914152d9c44f1b7bad2d4c + Revoked at: Wed Apr 18 15:12:44 UTC 2012 + Serial Number (hex): 00ef7b00e739814d9ff1df9c62bbcfae63 + Revoked at: Wed Apr 18 18:51:55 UTC 2012 + Serial Number (hex): 0aeb0cc2233b9bd31954d0d6c3d860bb + Revoked at: Wed Apr 18 19:04:21 UTC 2012 + Serial Number (hex): 69586c601cca9b45ad7ff42c285d414a + Revoked at: Wed Apr 18 19:08:21 UTC 2012 + Serial Number (hex): 4809324be975feccb8be11cfa872b383 + Revoked at: Wed Apr 18 19:34:21 UTC 2012 + Serial Number (hex): 1afdf7b972d0a8b46169a024888cfa5b + Revoked at: Wed Apr 18 19:52:12 UTC 2012 + Serial Number (hex): 00f1acecbfeb3d78a1d37ba6322ec2ce26 + Revoked at: Wed Apr 18 21:56:41 UTC 2012 + Serial Number (hex): 00821ac5f17532657e7218d772907740ba + Revoked at: Thu Apr 19 03:15:11 UTC 2012 + Serial Number (hex): 0ee53817736502cdb6a371fbf35d1693 + Revoked at: Thu Apr 19 19:01:10 UTC 2012 + Serial Number (hex): 4dd8ea8df3876a77202bcb089436c3ee + Revoked at: Thu Apr 19 22:08:18 UTC 2012 + Serial Number (hex): 00a9279633f5ab921a69fb394a8d098f86 + Revoked at: Fri Apr 20 14:28:20 UTC 2012 + Serial Number (hex): 48a087df49a6f9a3085df363d037cd45 + Revoked at: Fri Apr 20 15:39:33 UTC 2012 + Serial Number (hex): 6748cd26a56ace6fc5f1288e8fd4f2e0 + Revoked at: Fri Apr 20 16:07:25 UTC 2012 + Serial Number (hex): 0b6470cd42d8d40978b2eefe18b2796e + Revoked at: Fri Apr 20 20:36:09 UTC 2012 + Serial Number (hex): 1b41573e89914eb6b69d12c830d5735f + Revoked at: Fri Apr 20 20:48:47 UTC 2012 + Serial Number (hex): 00825955c59edad685580d45d5e5bc1cf5 + Revoked at: Sat Apr 21 22:41:47 UTC 2012 + Serial Number (hex): 00b2689a041cb753aa43642dc7560bbb3f + Revoked at: Mon Apr 23 14:47:28 UTC 2012 + Serial Number (hex): 00adb3cc12956e815af316cdcc2b48022e + Revoked at: Mon Apr 23 14:56:16 UTC 2012 + Serial Number (hex): 00e90bdb0421e8365db4746ad9c679a4ed + Revoked at: Mon Apr 23 15:01:38 UTC 2012 + Serial Number (hex): 00f82556c1b53a051cd0c59f054805a926 + Revoked at: Mon Apr 23 15:53:59 UTC 2012 + Serial Number (hex): 00f81d09fdbc5dea6722e454c7c7246564 + Revoked at: Mon Apr 23 16:58:34 UTC 2012 + Serial Number (hex): 7a6464064b5aa00e784271c0cf277973 + Revoked at: Mon Apr 23 17:02:48 UTC 2012 + Serial Number (hex): 153019c5172e55514f525f3579bc65e4 + Revoked at: Mon Apr 23 18:18:59 UTC 2012 + Serial Number (hex): 1fad45a37edd2bec00aa6a7553875e0b + Revoked at: Mon Apr 23 21:24:09 UTC 2012 + Serial Number (hex): 27b1115d5993b007445bca70b6059c16 + Revoked at: Mon Apr 23 21:34:02 UTC 2012 + Serial Number (hex): 045fceed3f3f179e25f591689805db1e + Revoked at: Tue Apr 24 15:25:01 UTC 2012 + Serial Number (hex): 0085fd26392023c5512b468df7acbdb412 + Revoked at: Tue Apr 24 17:14:16 UTC 2012 + Serial Number (hex): 07de8fe18843a34faf3a0d075e43a27f + Revoked at: Tue Apr 24 17:49:19 UTC 2012 + Serial Number (hex): 03176da78c51e49edf91837f196851a8 + Revoked at: Tue Apr 24 17:59:35 UTC 2012 + Serial Number (hex): 052217faadb05447e9c684ec969410f2 + Revoked at: Tue Apr 24 18:00:29 UTC 2012 + Serial Number (hex): 008eb9f14c85ff54332538552722b6577b + Revoked at: Tue Apr 24 18:02:20 UTC 2012 + Serial Number (hex): 00fa50b9f7c7c74a10278503139624a836 + Revoked at: Tue Apr 24 18:03:18 UTC 2012 + Serial Number (hex): 3a341975875e36361994b3fd50600ccd + Revoked at: Wed Apr 25 14:07:41 UTC 2012 + Serial Number (hex): 00b89d9386c3d815c3c6c794a888609715 + Revoked at: Wed Apr 25 14:54:18 UTC 2012 + Serial Number (hex): 00edbae7ca3863be1b156e173270e79f79 + Revoked at: Wed Apr 25 14:54:28 UTC 2012 + Serial Number (hex): 49d0817901884fd72ce270b1ff7dcea2 + Revoked at: Fri Apr 27 08:17:15 UTC 2012 + Serial Number (hex): 0087ce9320ddd551245ccdbd178a41cdca + Revoked at: Fri Apr 27 10:25:06 UTC 2012 + Serial Number (hex): 00aac27de825f4522287e09b055dcc7c05 + Revoked at: Fri Apr 27 12:14:47 UTC 2012 + Serial Number (hex): 0c447e4934aa51494de6f5351b26d8d2 + Revoked at: Fri Apr 27 12:15:03 UTC 2012 + Serial Number (hex): 009d18185375ceca7f6a9425ac7b093d29 + Revoked at: Fri Apr 27 12:15:17 UTC 2012 + Serial Number (hex): 385cf953f0e1f1f260bc15975db3d83a + Revoked at: Fri Apr 27 12:16:12 UTC 2012 + Serial Number (hex): 0088faef73f29b74515c8a9d4253812d48 + Revoked at: Fri Apr 27 12:17:44 UTC 2012 + Serial Number (hex): 7bbbf38d15cf66224b4e8f12ceddb884 + Revoked at: Fri Apr 27 12:17:49 UTC 2012 + Serial Number (hex): 008fdb75f1d4900f7c86dbd8a66904aa88 + Revoked at: Fri Apr 27 12:19:02 UTC 2012 + Serial Number (hex): 00e086e986e3d3bfb91f0102a3666e695e + Revoked at: Fri Apr 27 12:19:08 UTC 2012 + Serial Number (hex): 00e2c30c7597ff96d508d92100c63beea8 + Revoked at: Fri Apr 27 12:22:05 UTC 2012 + Serial Number (hex): 00937c69a7e1a20cf3a14345ddd608c558 + Revoked at: Fri Apr 27 12:22:16 UTC 2012 + Serial Number (hex): 00aa37f701cece784dcb5c4c9076fe6af4 + Revoked at: Fri Apr 27 15:26:26 UTC 2012 + Serial Number (hex): 3edb29bcb35bd06e193b3bf5a384cd14 + Revoked at: Fri Apr 27 15:42:34 UTC 2012 + Serial Number (hex): 00ea071de425b348698748e58eff425aee + Revoked at: Sun Apr 29 19:59:42 UTC 2012 + Serial Number (hex): 00d9098714c1ed48bea3835d1c5fbfbd2e + Revoked at: Mon Apr 30 15:08:08 UTC 2012 + Serial Number (hex): 2a776845125815de9b0dd69e626a3eb4 + Revoked at: Mon Apr 30 17:59:03 UTC 2012 + Serial Number (hex): 00e23d7ec25a796e0a5911156f38a07380 + Revoked at: Tue May 01 15:20:35 UTC 2012 + Serial Number (hex): 00ac92949eb9ad4bee7fc4fe7b964d71bf + Revoked at: Tue May 01 15:24:09 UTC 2012 + Serial Number (hex): 1117885d0a445f32d3ef6cea380ffed2 + Revoked at: Tue May 01 15:33:04 UTC 2012 + Serial Number (hex): 720996d3b49333121c4351e454673e4b + Revoked at: Wed May 02 07:17:54 UTC 2012 + Serial Number (hex): 79428b8b49b014136784572e31f15132 + Revoked at: Wed May 02 08:54:09 UTC 2012 + Serial Number (hex): 47814226a9a633c54409608c605b7015 + Revoked at: Wed May 02 19:19:26 UTC 2012 + Serial Number (hex): 00e5f798718cd227d742f4c6b8cdf0a389 + Revoked at: Wed May 02 20:37:29 UTC 2012 + Serial Number (hex): 00949fdb9cfde5d15f5bd6f18c3ba5ab66 + Revoked at: Wed May 02 20:57:28 UTC 2012 + Serial Number (hex): 00e359d9c9c0216036b8967ce080719b38 + Revoked at: Wed May 02 22:47:54 UTC 2012 + Serial Number (hex): 576a18b594f3aca47fd3481f1e27e49e + Revoked at: Thu May 03 00:38:21 UTC 2012 + Serial Number (hex): 6d2a407fa48693a1d66b44b922bdc9d8 + Revoked at: Thu May 03 14:58:27 UTC 2012 + Serial Number (hex): 326ef92b1acb1f079b0e0df0a48218f1 + Revoked at: Thu May 03 15:00:38 UTC 2012 + Serial Number (hex): 03292fd1fa6d6d590ba166cd53c6e1a0 + Revoked at: Thu May 03 16:19:23 UTC 2012 + Serial Number (hex): 00ae4a95b25ec62a189a7354343bfbaab4 + Revoked at: Thu May 03 16:45:24 UTC 2012 + Serial Number (hex): 3bb25125cc69d38bda6af080da54bec3 + Revoked at: Thu May 03 18:49:13 UTC 2012 + Serial Number (hex): 00a183675292dbd499269d128a7617bb65 + Revoked at: Thu May 03 18:52:15 UTC 2012 + Serial Number (hex): 44e1ee463ece477e6a8ed250622dda3f + Revoked at: Thu May 03 19:03:55 UTC 2012 + Serial Number (hex): 00e21c54393785bf43719f8f3c6b1b06a5 + Revoked at: Fri May 04 06:09:54 UTC 2012 + Serial Number (hex): 00cdf7674c036ac85009eaa50007034a15 + Revoked at: Fri May 04 16:07:14 UTC 2012 + Serial Number (hex): 364b3e67ead81b1942854231d5238711 + Revoked at: Fri May 04 19:18:43 UTC 2012 + Serial Number (hex): 4d71378bd34ee187f0bb7d0955ac8e20 + Revoked at: Fri May 04 20:08:03 UTC 2012 + Serial Number (hex): 60078b301853f79dacb9153af11d77fb + Revoked at: Sat May 05 12:33:27 UTC 2012 + Serial Number (hex): 7e2b5c4c5473c6bd8dad2b6cac912c88 + Revoked at: Sun May 06 10:33:51 UTC 2012 + Serial Number (hex): 00f71d91a47abcbec59c9ba3503486ec0a + Revoked at: Mon May 07 13:14:23 UTC 2012 + Serial Number (hex): 00d930156ab1822792ed7236ab77f9e664 + Revoked at: Mon May 07 15:07:44 UTC 2012 + Serial Number (hex): 00c7a5842c044559f08e0453aaded6986c + Revoked at: Mon May 07 20:31:10 UTC 2012 + Serial Number (hex): 28d5beb6cf25f99d70d7e5e99e65b463 + Revoked at: Mon May 07 21:22:25 UTC 2012 + Serial Number (hex): 482fe220bdb691d2cda0124004f51cf6 + Revoked at: Mon May 07 23:51:47 UTC 2012 + Serial Number (hex): 419036f3887db30559daff61bdd2acd4 + Revoked at: Tue May 08 12:30:35 UTC 2012 + Serial Number (hex): 21cdd2448f893cb60d39ed891e2a5173 + Revoked at: Tue May 08 14:32:20 UTC 2012 + Serial Number (hex): 427df481070edb6035e31ec37f6fae53 + Revoked at: Tue May 08 16:29:29 UTC 2012 + Serial Number (hex): 00e69f3462a3160f61042ce7f9de1ea304 + Revoked at: Tue May 08 19:34:34 UTC 2012 + Serial Number (hex): 00e8b220667da02dfd6e8975153cd24199 + Revoked at: Wed May 09 15:37:54 UTC 2012 + Serial Number (hex): 00df0ce9134ead7526e28e690097d90ed9 + Revoked at: Wed May 09 15:50:16 UTC 2012 + Serial Number (hex): 00e544c7441a702677e65c6524fd42e620 + Revoked at: Wed May 09 19:28:38 UTC 2012 + Serial Number (hex): 5cf1da1d726ea1bf95591155033c15a7 + Revoked at: Thu May 10 13:26:05 UTC 2012 + Serial Number (hex): 6c2bf1863632d624a456d9357127b3b5 + Revoked at: Thu May 10 14:02:29 UTC 2012 + Serial Number (hex): 4936e6b4e28aaea9007149ce9ab4bfa9 + Revoked at: Thu May 10 15:25:59 UTC 2012 + Serial Number (hex): 00d3ad8974cc25e83705e1fcc432cabf84 + Revoked at: Thu May 10 17:35:20 UTC 2012 + Serial Number (hex): 00db581d04f2eb9d925560a8eb6cd99948 + Revoked at: Thu May 10 22:14:48 UTC 2012 + Serial Number (hex): 1c1afdc7dfc9d52627150da77a5753e7 + Revoked at: Thu May 10 22:36:51 UTC 2012 + Serial Number (hex): 0948e41c0db982a2b07429f84e311e05 + Revoked at: Fri May 11 07:24:46 UTC 2012 + Serial Number (hex): 00a60744248accd9e375dd4b6793ca7e19 + Revoked at: Fri May 11 12:21:07 UTC 2012 + Serial Number (hex): 21aade5e70ef5b99ed203c3d44a3486b + Revoked at: Fri May 11 13:46:32 UTC 2012 + Serial Number (hex): 321e4be158baa1d4f7a4d1dca9b6dc9d + Revoked at: Mon May 14 08:54:31 UTC 2012 + Serial Number (hex): 4fc4d537e41354a09d25a79a15ef7310 + Revoked at: Mon May 14 09:10:41 UTC 2012 + Serial Number (hex): 009bd9152b21daf2367aff306f68025135 + Revoked at: Mon May 14 13:56:20 UTC 2012 + Serial Number (hex): 27ab53fadfb027900db83f5b00a52985 + Revoked at: Mon May 14 14:22:31 UTC 2012 + Serial Number (hex): 7a51f277b578c4d36fc807cd1b030bfe + Revoked at: Mon May 14 19:35:55 UTC 2012 + Serial Number (hex): 44888ed85c9ebcf60dfefc1fdb9b35b7 + Revoked at: Mon May 14 21:36:22 UTC 2012 + Serial Number (hex): 3d06a83d7fc2bf0f990c331bb4940cd8 + Revoked at: Tue May 15 13:16:37 UTC 2012 + Serial Number (hex): 00fc57309adfcf627c50bb1b85529ce356 + Revoked at: Tue May 15 16:05:29 UTC 2012 + Serial Number (hex): 0d9efa1a048508dbf186db152cd7c740 + Revoked at: Tue May 15 17:36:01 UTC 2012 + Serial Number (hex): 009332a88001fa4c2b7ec3cc874ef1ddb2 + Revoked at: Tue May 15 21:01:00 UTC 2012 + Serial Number (hex): 1b558699583a32ff95def78690d32b32 + Revoked at: Wed May 16 03:18:01 UTC 2012 + Serial Number (hex): 00eb9671b3df12fe1fba9e0146b610a971 + Revoked at: Wed May 16 05:30:54 UTC 2012 + Serial Number (hex): 11babb5d8e7ac98c3b39523e9db604b8 + Revoked at: Wed May 16 05:31:53 UTC 2012 + Serial Number (hex): 7c27a9ae298abbd3f186dbbe48619293 + Revoked at: Wed May 16 08:17:48 UTC 2012 + Serial Number (hex): 00c03a86d0aa50f5e3b90bee0011766436 + Revoked at: Wed May 16 09:23:14 UTC 2012 + Serial Number (hex): 1e4d4bd6846eeeed289463f20e5bda9f + Revoked at: Wed May 16 13:38:40 UTC 2012 + Serial Number (hex): 00c9453d5ccb1acaafe79563c08126b791 + Revoked at: Wed May 16 13:39:01 UTC 2012 + Serial Number (hex): 66af572a4df29b3e1ebc71dd897e50 + Revoked at: Wed May 16 18:17:56 UTC 2012 + Serial Number (hex): 009440065d59f702992b96000a2f11cf23 + Revoked at: Thu May 17 15:01:05 UTC 2012 + Serial Number (hex): 0092bdfdc1ad7b7a172b394c958beb5d4e + Revoked at: Thu May 17 16:08:51 UTC 2012 + Serial Number (hex): 5cee0547bdc1c12523fe76348710a6b3 + Revoked at: Thu May 17 17:29:52 UTC 2012 + Serial Number (hex): 3bbbd1f51b5151feaeedc20cc480f7ea + Revoked at: Fri May 18 10:17:17 UTC 2012 + Serial Number (hex): 58239f803c0ae7250667f19a444528ce + Revoked at: Fri May 18 13:27:13 UTC 2012 + Serial Number (hex): 1c8307a809c37dc4b497beb70d66b6ca + Revoked at: Fri May 18 23:35:07 UTC 2012 + Serial Number (hex): 63649d5cc2f3140cc97d05a4128be0d6 + Revoked at: Mon May 21 14:17:58 UTC 2012 + Serial Number (hex): 75af4cb58ea832174c39c9a9b858ac44 + Revoked at: Mon May 21 14:37:37 UTC 2012 + Serial Number (hex): 0083960f368f72c860dc0f8a16ac58f2a4 + Revoked at: Mon May 21 16:19:10 UTC 2012 + Serial Number (hex): 00b2f442de45c1dba2fabc700d8a7c474c + Revoked at: Mon May 21 20:19:19 UTC 2012 + Serial Number (hex): 0083114e8f36415637558e3b78771309b2 + Revoked at: Mon May 21 20:19:38 UTC 2012 + Serial Number (hex): 0b80629f47bce841b9346236da4df1c2 + Revoked at: Mon May 21 20:21:38 UTC 2012 + Serial Number (hex): 00a27f436471c0fac9d4aca68db0727f97 + Revoked at: Mon May 21 21:11:07 UTC 2012 + Serial Number (hex): 2f43f9d1c6a25c837271f87c93304df5 + Revoked at: Tue May 22 20:10:32 UTC 2012 + Serial Number (hex): 16f0b99df575ef293fab46408930c752 + Revoked at: Wed May 23 10:07:08 UTC 2012 + Serial Number (hex): 26ad67e35beacca9d0e620d326382c21 + Revoked at: Wed May 23 12:25:08 UTC 2012 + Serial Number (hex): 00ecf2a0966dc5c118ab47f9e704258c47 + Revoked at: Wed May 23 12:52:59 UTC 2012 + Serial Number (hex): 00bcfeab13974aa733aea5c1a2226f4580 + Revoked at: Thu May 24 00:19:48 UTC 2012 + Serial Number (hex): 211161a870f63a872e2dac5c3f0285bd + Revoked at: Thu May 24 10:15:35 UTC 2012 + Serial Number (hex): 0eed3eda37d93673d42d2dee04f84226 + Revoked at: Thu May 24 13:49:40 UTC 2012 + Serial Number (hex): 3bb81a190543caba75f54387a25c50f5 + Revoked at: Thu May 24 14:31:05 UTC 2012 + Serial Number (hex): 1b430c343f3a56666efbaab79740556a + Revoked at: Thu May 24 19:34:18 UTC 2012 + Serial Number (hex): 2bd3f9ad7cd6b6d97dc378eeb60cafd6 + Revoked at: Fri May 25 12:52:40 UTC 2012 + Serial Number (hex): 25f65af18b56494e4ec17a30323bfb + Revoked at: Fri May 25 13:52:31 UTC 2012 + Serial Number (hex): 732a05cd3cafd3d0d8d244229aeea918 + Revoked at: Fri May 25 14:17:53 UTC 2012 + Serial Number (hex): 00b4989baffd9cda8279b1de065fbc95b6 + Revoked at: Fri May 25 18:17:37 UTC 2012 + Serial Number (hex): 0fc30ec45ac075bb3312368cdf079063 + Revoked at: Fri May 25 18:18:19 UTC 2012 + Serial Number (hex): 6c5f35b443af5c591e834fd3e7b4869d + Revoked at: Fri May 25 18:22:39 UTC 2012 + Serial Number (hex): 044ddb1e01ce262ec6bd91983aa8ec82 + Revoked at: Fri May 25 18:29:23 UTC 2012 + Serial Number (hex): 00f516f57edf9486422e9000d9fca0cb89 + Revoked at: Fri May 25 18:33:09 UTC 2012 + Serial Number (hex): 00b13eb1947b948bf271dc8ff841d7487e + Revoked at: Tue May 29 10:18:06 UTC 2012 + Serial Number (hex): 44bac0434679f594146700c43418b16f + Revoked at: Tue May 29 11:04:12 UTC 2012 + Serial Number (hex): 00ed5c80621b6746396528b28c1aeb94d5 + Revoked at: Tue May 29 13:00:24 UTC 2012 + Serial Number (hex): 05253654e30bd4b75b0d6aeb298fad05 + Revoked at: Tue May 29 14:17:59 UTC 2012 + Serial Number (hex): 1285e73d87ef85f11548aaf3e2109d1b + Revoked at: Tue May 29 16:04:55 UTC 2012 + Serial Number (hex): 665afe51e8b104f81b7959584bbc2ac8 + Revoked at: Tue May 29 21:20:58 UTC 2012 + Serial Number (hex): 581957cd4d79a8d81016ff01c745427e + Revoked at: Wed May 30 10:51:14 UTC 2012 + Serial Number (hex): 28c37275d946c06caa927342060e4b6a + Revoked at: Wed May 30 12:48:58 UTC 2012 + Serial Number (hex): 1a7926242b922610feeb387e27e46156 + Revoked at: Wed May 30 17:01:13 UTC 2012 + Serial Number (hex): 139c54a949727932b5bba42938c3fa01 + Revoked at: Wed May 30 17:45:24 UTC 2012 + Serial Number (hex): 33d34b171c0eb7a84f900cf9ffd6fdfa + Revoked at: Wed May 30 19:14:05 UTC 2012 + Serial Number (hex): 38a018eef1571b250c52c6590b5bde8a + Revoked at: Thu May 31 15:51:20 UTC 2012 + Serial Number (hex): 3c12a91ba91c26c939c9d83397d93f60 + Revoked at: Thu May 31 19:04:02 UTC 2012 + Serial Number (hex): 3d5d499e8d6fe7bd63126879d1b322e7 + Revoked at: Fri Jun 01 09:42:27 UTC 2012 + Serial Number (hex): 79e426450adc6c04dc0edeacdf99ad14 + Revoked at: Fri Jun 01 12:20:10 UTC 2012 + Serial Number (hex): 00f56d7587479ec1f559c1c4ae2c504be9 + Revoked at: Fri Jun 01 12:21:04 UTC 2012 + Serial Number (hex): 00f09400d1928bcdb58f90baa78c069d33 + Revoked at: Fri Jun 01 14:53:51 UTC 2012 + Serial Number (hex): 00b5ad773b929a356f6c8ccaeafb906d7e + Revoked at: Fri Jun 01 15:45:25 UTC 2012 + Serial Number (hex): 1c9658dc7672c6c347127ad5c87649b3 + Revoked at: Fri Jun 01 18:30:43 UTC 2012 + Serial Number (hex): 149a639ec53d64c15b24be861bc44a91 + Revoked at: Fri Jun 01 19:57:38 UTC 2012 + Serial Number (hex): 008817b0a7a20ff77cab4184ff74c13e89 + Revoked at: Fri Jun 01 20:21:13 UTC 2012 + Serial Number (hex): 008ca5e7144ae4f931ca8f7dc5c4108d9c + Revoked at: Sun Jun 03 22:37:17 UTC 2012 + Serial Number (hex): 1094e2ccaa3c959a0b007bac15af0c33 + Revoked at: Mon Jun 04 04:04:14 UTC 2012 + Serial Number (hex): 008cb27e3a11eaedb879c3302e03fdcab2 + Revoked at: Mon Jun 04 11:32:28 UTC 2012 + Serial Number (hex): 008b2206c2afcd76d773f55fbc92238cdc + Revoked at: Mon Jun 04 12:43:47 UTC 2012 + Serial Number (hex): 6088046561243c623f58657b336d3536 + Revoked at: Mon Jun 04 16:45:44 UTC 2012 + Serial Number (hex): 40b6e91e133045907d200ef510d96dc9 + Revoked at: Mon Jun 04 20:17:56 UTC 2012 + Serial Number (hex): 00a367a06caa5c10796e62e3329a1cc671 + Revoked at: Tue Jun 05 15:06:58 UTC 2012 + Serial Number (hex): 7faa2b39e387f0e638eb9e6437db4732 + Revoked at: Tue Jun 05 16:08:27 UTC 2012 + Serial Number (hex): 00cfce095bd2a561705d2517233ffbc836 + Revoked at: Tue Jun 05 16:56:30 UTC 2012 + Serial Number (hex): 1a48f8cf090f1087e7f14d8e57e0ecd9 + Revoked at: Tue Jun 05 19:18:36 UTC 2012 + Serial Number (hex): 68eda914a189a2fba23cc86c913a3819 + Revoked at: Tue Jun 05 19:34:51 UTC 2012 + Serial Number (hex): 21ca821e8686ed632a6ef039f8cd6782 + Revoked at: Tue Jun 05 20:31:10 UTC 2012 + Serial Number (hex): 5ba479f6054ac4ea036cadc6cefd9f2d + Revoked at: Wed Jun 06 15:42:17 UTC 2012 + Serial Number (hex): 00f6869b0c239a640f248921972a476cd1 + Revoked at: Wed Jun 06 15:43:43 UTC 2012 + Serial Number (hex): 274cf34fdbee08f7d1bf8a04c62347af + Revoked at: Wed Jun 06 16:00:44 UTC 2012 + Serial Number (hex): 00ad83cd999d20f7408d2e9b2b67f62a69 + Revoked at: Wed Jun 06 16:14:46 UTC 2012 + Serial Number (hex): 00bba3ccf52d703c3012e01ceed8892611 + Revoked at: Wed Jun 06 17:05:55 UTC 2012 + Serial Number (hex): 00b29db3ea8c88589c91a44a5b48b2629b + Revoked at: Wed Jun 06 18:08:30 UTC 2012 + Serial Number (hex): 0403ac7f5a6d1c4d053389339ad0e84f + Revoked at: Wed Jun 06 19:47:33 UTC 2012 + Serial Number (hex): 19a1ef2915b4bb8c05da48da61cd92b3 + Revoked at: Thu Jun 07 00:38:51 UTC 2012 + Serial Number (hex): 4a67445e863e670ce82e0557ad7a044c + Revoked at: Thu Jun 07 00:48:51 UTC 2012 + Serial Number (hex): 4342b4b7e1f394fd91932d1c68cbd08a + Revoked at: Thu Jun 07 03:28:46 UTC 2012 + Serial Number (hex): 7ade733efe62a079124880c09ab73d14 + Revoked at: Thu Jun 07 13:17:04 UTC 2012 + Serial Number (hex): 2a0bf72f3138972641e9eb0e92ce4c0e + Revoked at: Thu Jun 07 15:05:24 UTC 2012 + Serial Number (hex): 00dc5a4851d438f5b348e49605454a74fa + Revoked at: Thu Jun 07 15:57:03 UTC 2012 + Serial Number (hex): 6fb4eb91881a20f443664e0a7cb7e0a9 + Revoked at: Fri Jun 08 13:35:34 UTC 2012 + Serial Number (hex): 438e52a75b84d9362003f47a226f6d72 + Revoked at: Fri Jun 08 14:54:20 UTC 2012 + Serial Number (hex): 153b332da41e56b96e5792e9a4cee4b4 + Revoked at: Fri Jun 08 19:17:05 UTC 2012 + Serial Number (hex): 009a96005414fa7adafc975e701764fc27 + Revoked at: Fri Jun 08 19:30:00 UTC 2012 + Serial Number (hex): 00fbdbe31ca80682bab1337f1ef923fc1d + Revoked at: Fri Jun 08 19:31:18 UTC 2012 + Serial Number (hex): 00a13b26a6ef67f7b2baa19d95f7a9960d + Revoked at: Sun Jun 10 08:06:29 UTC 2012 + Serial Number (hex): 00a95c5584997bbdad504cf6ff1b197d89 + Revoked at: Mon Jun 11 12:10:16 UTC 2012 + Serial Number (hex): 463a1c120967bd5cbbebbcf62597b8ff + Revoked at: Mon Jun 11 14:04:07 UTC 2012 + Serial Number (hex): 00d051f30808f5ff6b1e7d418960890201 + Revoked at: Mon Jun 11 14:31:29 UTC 2012 + Serial Number (hex): 00a52af272be0ebef60f8bfb7a354f1542 + Revoked at: Mon Jun 11 15:52:27 UTC 2012 + Serial Number (hex): 00d85f91ffc78698dd3506f1b187bde109 + Revoked at: Mon Jun 11 16:15:10 UTC 2012 + Serial Number (hex): 00b7c029c808c90b2dcd262eca012acd83 + Revoked at: Mon Jun 11 19:30:58 UTC 2012 + Serial Number (hex): 00f0dfda42c40925c6081ba7b9e89f59b0 + Revoked at: Mon Jun 11 22:16:10 UTC 2012 + Serial Number (hex): 674e05540707039b834fcaae8e4fd117 + Revoked at: Tue Jun 12 13:11:30 UTC 2012 + Serial Number (hex): 39abebf5f73623201e4d94e384291b8a + Revoked at: Tue Jun 12 14:26:04 UTC 2012 + Serial Number (hex): 00caf481e846338baf42d0a427cb323c78 + Revoked at: Tue Jun 12 14:47:17 UTC 2012 + Serial Number (hex): 00cbf02a07dec8a968020513e2a46d1367 + Revoked at: Tue Jun 12 16:35:39 UTC 2012 + Serial Number (hex): 4a45717b688595051be04901f2f1c92e + Revoked at: Tue Jun 12 22:31:32 UTC 2012 + Serial Number (hex): 00d32a6950db77ef8c6cca32a740d7a2a6 + Revoked at: Tue Jun 12 23:05:31 UTC 2012 + Serial Number (hex): 00c084c3ff171fef0023c524485a222c4b + Revoked at: Wed Jun 13 04:00:34 UTC 2012 + Serial Number (hex): 3e21a52bdef98ca0aa1270f77493809b + Revoked at: Wed Jun 13 09:18:36 UTC 2012 + Serial Number (hex): 431264dd5d8b9d135999ec7d7f8332dd + Revoked at: Wed Jun 13 13:33:12 UTC 2012 + Serial Number (hex): 0c03b6aabbccacc83ca0da4152667bbe + Revoked at: Wed Jun 13 14:56:11 UTC 2012 + Serial Number (hex): 00cf868dcf2a5acae2da0ed6a03a69eea8 + Revoked at: Wed Jun 13 16:58:26 UTC 2012 + Serial Number (hex): 00db58c6f98816740384899b0c88f62bdb + Revoked at: Wed Jun 13 18:04:54 UTC 2012 + Serial Number (hex): 3c23231bc7a923708341e5200d1972f5 + Revoked at: Wed Jun 13 19:54:14 UTC 2012 + Serial Number (hex): 24ab948fa917e2d7dc839904f56df3f9 + Revoked at: Wed Jun 13 20:45:19 UTC 2012 + Serial Number (hex): 2e0dc070f326f81f6331282b1e968a97 + Revoked at: Thu Jun 14 08:32:09 UTC 2012 + Serial Number (hex): 00be94219a49033a311853a62254daae74 + Revoked at: Thu Jun 14 11:33:49 UTC 2012 + Serial Number (hex): 2ac49db61915285b9a66c988010001ec + Revoked at: Thu Jun 14 14:57:36 UTC 2012 + Serial Number (hex): 70b4884b41e46f2dd1becd05da733a31 + Revoked at: Thu Jun 14 14:58:49 UTC 2012 + Serial Number (hex): 00dd92cd8673ae77a0e910c3a5f9eeb5bd + Revoked at: Thu Jun 14 19:23:12 UTC 2012 + Serial Number (hex): 4ac17a82c22a57e95101992f22407f8f + Revoked at: Thu Jun 14 19:25:57 UTC 2012 + Serial Number (hex): 00e7de5afa88055d2309050a552c6961d2 + Revoked at: Thu Jun 14 19:35:46 UTC 2012 + Serial Number (hex): 00a274bb79abc1d54b8fe0af3915c93210 + Revoked at: Thu Jun 14 19:44:35 UTC 2012 + Serial Number (hex): 00e7b63abcf260eff597d88b2dee4e934b + Revoked at: Thu Jun 14 20:47:13 UTC 2012 + Serial Number (hex): 0081252ee8e5b526a4a25e116484c0b8c0 + Revoked at: Thu Jun 14 20:58:29 UTC 2012 + Serial Number (hex): 3f70c3b7568eb84927b311df00ec03ae + Revoked at: Fri Jun 15 13:52:56 UTC 2012 + Serial Number (hex): 00f26c8a56c4d8f5eeb54f9fd48035bc63 + Revoked at: Fri Jun 15 15:38:06 UTC 2012 + Serial Number (hex): 4d064967c463251707585a327b9372f3 + Revoked at: Fri Jun 15 18:03:19 UTC 2012 + Serial Number (hex): 488561a635033622f2cd390ed20ac88d + Revoked at: Fri Jun 15 20:10:15 UTC 2012 + Serial Number (hex): 00cfe8dd4a6c1957b1090d6f49155a10e9 + Revoked at: Fri Jun 15 20:11:27 UTC 2012 + Serial Number (hex): 00fd99e4c64d52d8bb912f52618beddd2a + Revoked at: Fri Jun 15 22:41:25 UTC 2012 + Serial Number (hex): 00f871486b09a8ea670663ddbffd1ea3d8 + Revoked at: Sun Jun 17 23:37:23 UTC 2012 + Serial Number (hex): 00c23c4706ebf3f1aac1f3724c878c08d1 + Revoked at: Mon Jun 18 18:39:06 UTC 2012 + Serial Number (hex): 00d8bf525a7355bfa2b0189e6170cd4a5a + Revoked at: Mon Jun 18 20:10:49 UTC 2012 + Serial Number (hex): 00986ff4ce582510be874cd6eaac41c2f6 + Revoked at: Tue Jun 19 06:17:26 UTC 2012 + Serial Number (hex): 47869c00d57a2679e74c1d34961f3be4 + Revoked at: Tue Jun 19 12:00:00 UTC 2012 + Serial Number (hex): 00c21edd7ae80097b0cc9f82c488f94267 + Revoked at: Tue Jun 19 20:29:19 UTC 2012 + Serial Number (hex): 3d2ca06f003820935bbf8c3291ec8f2c + Revoked at: Tue Jun 19 20:57:51 UTC 2012 + Serial Number (hex): 48810b04a37be9acd78bee1b8f2d0380 + Revoked at: Wed Jun 20 10:58:42 UTC 2012 + Serial Number (hex): 6b1f34cc57ad2b6efbc39a8ad7a7e94e + Revoked at: Wed Jun 20 11:02:48 UTC 2012 + Serial Number (hex): 11f2e9b1eb744f89d5bb12c92ebc733d + Revoked at: Wed Jun 20 15:16:52 UTC 2012 + Serial Number (hex): 00f4a110f8337a8eb9b7ed1174298c6ceb + Revoked at: Wed Jun 20 15:32:42 UTC 2012 + Serial Number (hex): 09b2b84232fdbe9b80974ee753fb14d6 + Revoked at: Wed Jun 20 16:00:04 UTC 2012 + Serial Number (hex): 0ba3518945de25f692eeccf929db74ef + Revoked at: Wed Jun 20 16:53:18 UTC 2012 + Serial Number (hex): 1d1757600f914a179d719a58c8ec57ce + Revoked at: Wed Jun 20 20:46:14 UTC 2012 + Serial Number (hex): 00fd8d72641cfabb6b3507ce64ab7142e1 + Revoked at: Wed Jun 20 22:06:55 UTC 2012 + Serial Number (hex): 081a218a53e2c4aecf6405bc6f3b05 + Revoked at: Thu Jun 21 06:44:52 UTC 2012 + Serial Number (hex): 00d54c20dc63ee49a718790d2fd91b9ff5 + Revoked at: Thu Jun 21 08:42:39 UTC 2012 + Serial Number (hex): 00c66dfee704aa08078a6fb3d54dd3fcfa + Revoked at: Thu Jun 21 18:15:15 UTC 2012 + Serial Number (hex): 7594f2e3c1bfada017261309b534f036 + Revoked at: Thu Jun 21 18:15:27 UTC 2012 + Serial Number (hex): 4930f0b2fe96e3e89524df87fba97171 + Revoked at: Thu Jun 21 18:48:12 UTC 2012 + Serial Number (hex): 4140158d96f074fc4f776ad675fa6261 + Revoked at: Thu Jun 21 23:33:56 UTC 2012 + Serial Number (hex): 7f9cf1c441276bc2e1af1f1cc694e021 + Revoked at: Fri Jun 22 15:23:07 UTC 2012 + Serial Number (hex): 4c956b9bbbdf7aeed7e100fdb8494ad4 + Revoked at: Fri Jun 22 15:28:04 UTC 2012 + Serial Number (hex): 00f547e0eb30425d3aff8cb5a0778ef356 + Revoked at: Fri Jun 22 15:59:56 UTC 2012 + Serial Number (hex): 708a98ad39e909a70e0d635a5a62e491 + Revoked at: Fri Jun 22 16:06:54 UTC 2012 + Serial Number (hex): 6e822a25a53dababc262594834bb0fa4 + Revoked at: Fri Jun 22 18:40:16 UTC 2012 + Serial Number (hex): 00f4599a1579ba979dc3e0d3f1c85e98c5 + Revoked at: Fri Jun 22 19:25:38 UTC 2012 + Serial Number (hex): 53f1259e549883cedb88a08efe6a14ea + Revoked at: Fri Jun 22 20:07:53 UTC 2012 + Serial Number (hex): 0087515c69f68ee94d9ac5c766ae0c98d6 + Revoked at: Fri Jun 22 20:38:07 UTC 2012 + Serial Number (hex): 3a3480c4d9060d7f1e10f63aa1e019c5 + Revoked at: Mon Jun 25 04:49:35 UTC 2012 + Serial Number (hex): 565a5dc00ba54a7ac1472637b1523cd0 + Revoked at: Mon Jun 25 15:18:57 UTC 2012 + Serial Number (hex): 00895d3e785cc648dc0b96971856d7e3be + Revoked at: Mon Jun 25 16:16:08 UTC 2012 + Serial Number (hex): 165ad69c9003406a49242c029da29e40 + Revoked at: Mon Jun 25 18:43:25 UTC 2012 + Serial Number (hex): 1ae61333a7b8be903b4a36d4f2a73e5b + Revoked at: Tue Jun 26 14:38:52 UTC 2012 + Serial Number (hex): 00bf0176721fd690806e353eeacb54d690 + Revoked at: Tue Jun 26 15:33:27 UTC 2012 + Serial Number (hex): 00f853099772553fa65b321151b48fbd7c + Revoked at: Tue Jun 26 16:22:26 UTC 2012 + Serial Number (hex): 00ab50caa9247af6dd2b4ccaa3810af275 + Revoked at: Tue Jun 26 17:26:56 UTC 2012 + Serial Number (hex): 461fefb4c19b4a5695732c058ec2aba2 + Revoked at: Tue Jun 26 19:21:15 UTC 2012 + Serial Number (hex): 00f9928dc0536fd66a94d5c3d55f2fa9ee + Revoked at: Tue Jun 26 19:21:34 UTC 2012 + Serial Number (hex): 00bd63826c97768888427a51ee92c47d61 + Revoked at: Tue Jun 26 19:21:46 UTC 2012 + Serial Number (hex): 0081c5d038c7e0c45358c71bde3ba4a810 + Revoked at: Tue Jun 26 19:22:02 UTC 2012 + Serial Number (hex): 7a3f319b1613bdadfe79c341bfa07f77 + Revoked at: Tue Jun 26 21:21:45 UTC 2012 + Serial Number (hex): 00bd269fba21e076419a2ae0c777ebfedd + Revoked at: Wed Jun 27 12:36:42 UTC 2012 + Serial Number (hex): 00b399f83dbd946ce666a0ac7845a4d718 + Revoked at: Wed Jun 27 13:15:07 UTC 2012 + Serial Number (hex): 00af27a7441d2604cddbc98ab4ff51154b + Revoked at: Wed Jun 27 18:45:33 UTC 2012 + Serial Number (hex): 485139bb406122e26e61d30b31328588 + Revoked at: Wed Jun 27 22:45:48 UTC 2012 + Serial Number (hex): 129f1ed3e6d89e89c66f4d186cbcf565 + Revoked at: Wed Jun 27 22:46:18 UTC 2012 + Serial Number (hex): 00945670495c3c643f75cb658da5d34b87 + Revoked at: Thu Jun 28 00:04:20 UTC 2012 + Serial Number (hex): 63371f1b3050b4993cfb514abd6ae2f5 + Revoked at: Thu Jun 28 00:04:32 UTC 2012 + Serial Number (hex): 40dd80daf154779cbfdabd5ddc622b03 + Revoked at: Thu Jun 28 01:20:29 UTC 2012 + Serial Number (hex): 00befb62c44395755aabffb726f1a0485d + Revoked at: Thu Jun 28 08:50:57 UTC 2012 + Serial Number (hex): 00f6244f1a37dc263f544833000915ff75 + Revoked at: Thu Jun 28 16:17:28 UTC 2012 + Serial Number (hex): 4f330dfcb1028db8c2a3d9a5f5b5f6fb + Revoked at: Thu Jun 28 17:03:19 UTC 2012 + Serial Number (hex): 23fa3b917b5cb2d30ca2a1bc9130f98b + Revoked at: Thu Jun 28 17:08:51 UTC 2012 + Serial Number (hex): 211a184a7c315b8f33fda1d453dcade9 + Revoked at: Thu Jun 28 20:08:59 UTC 2012 + Serial Number (hex): 0f58ae0566e9450bbd5f91855a857352 + Revoked at: Fri Jun 29 09:27:45 UTC 2012 + Serial Number (hex): 00efa0bd1a6504c8867f07d675de7ce86d + Revoked at: Fri Jun 29 09:45:21 UTC 2012 + Serial Number (hex): 69fa0410443fc90114d382fcad77b621 + Revoked at: Fri Jun 29 14:11:03 UTC 2012 + Serial Number (hex): 41fcef635ed91716526f6b5d0acadad8 + Revoked at: Fri Jun 29 14:12:29 UTC 2012 + Serial Number (hex): 3c292f2fbb9fea37f5e5a226ebe96862 + Revoked at: Fri Jun 29 14:21:31 UTC 2012 + Serial Number (hex): 0090f828342e7de3a7ae8959c1bda20ce5 + Revoked at: Fri Jun 29 14:24:35 UTC 2012 + Serial Number (hex): 4832aa23cfe0335076c7c74b92be16e9 + Revoked at: Fri Jun 29 18:01:08 UTC 2012 + Serial Number (hex): 0651f7da243143273082c82668b8bfab + Revoked at: Fri Jun 29 18:29:01 UTC 2012 + Serial Number (hex): 32e45562f8121a42fbe99a02de9b4153 + Revoked at: Fri Jun 29 18:29:19 UTC 2012 + Serial Number (hex): 00fd2d9c76bf23c01e25eec90ac9bc550b + Revoked at: Fri Jun 29 18:29:37 UTC 2012 + Serial Number (hex): 008360f319c5d752f19ef4b7111a8b80db + Revoked at: Fri Jun 29 18:29:56 UTC 2012 + Serial Number (hex): 00bc99ee3c12c3d7af36600aaac4ba0552 + Revoked at: Fri Jun 29 19:24:09 UTC 2012 + Serial Number (hex): 0b2409c72b5283933f0711674406a9c4 + Revoked at: Fri Jun 29 19:49:36 UTC 2012 + Serial Number (hex): 0d967dd1dfedf9f7a269fe863d84cd0f + Revoked at: Mon Jul 02 08:55:43 UTC 2012 + Serial Number (hex): 00c2713635add48fba1c125e05f72f73dd + Revoked at: Mon Jul 02 14:13:00 UTC 2012 + Serial Number (hex): 4fb67daf06417c091d2d6d0a2b68e358 + Revoked at: Mon Jul 02 14:58:35 UTC 2012 + Serial Number (hex): 1dd19bd930e3580b5e5f54038a0475cd + Revoked at: Mon Jul 02 15:25:20 UTC 2012 + Serial Number (hex): 3031babbaf3d53075ac3a2f83ff2cf3c + Revoked at: Mon Jul 02 15:25:54 UTC 2012 + Serial Number (hex): 00bb94c7eb3d66fb25a35b2d230d21c13f + Revoked at: Mon Jul 02 15:26:19 UTC 2012 + Serial Number (hex): 00d3289ae9812722356a30d864614c5789 + Revoked at: Mon Jul 02 15:26:45 UTC 2012 + Serial Number (hex): 7dace6722f02b9879b6d91efdf6178a8 + Revoked at: Mon Jul 02 15:27:09 UTC 2012 + Serial Number (hex): 00bf0195a08a665bc9e0f4d8d71a157820 + Revoked at: Mon Jul 02 16:11:14 UTC 2012 + Serial Number (hex): 0926b3164f56323770013997aa8e6e4a + Revoked at: Mon Jul 02 21:15:15 UTC 2012 + Serial Number (hex): 2569a2a02c1a654f1203db5409e11dcc + Revoked at: Tue Jul 03 15:11:44 UTC 2012 + Serial Number (hex): 00c5967de7ee52511fad82e00764446923 + Revoked at: Tue Jul 03 20:22:56 UTC 2012 + Serial Number (hex): 00c622299f4b88e6b85cf6a237ab5ed571 + Revoked at: Tue Jul 03 20:40:45 UTC 2012 + Serial Number (hex): 2e14737a52d9cf4c4466e1bae7c58b19 + Revoked at: Tue Jul 03 21:02:17 UTC 2012 + Serial Number (hex): 3b9904be648b4ac856d48914c3602aea + Revoked at: Tue Jul 03 21:02:31 UTC 2012 + Serial Number (hex): 00b3e34f21af09dafa7fc0f86aeacdb421 + Revoked at: Tue Jul 03 21:44:32 UTC 2012 + Serial Number (hex): 39b685c39ce84d1abdb8a7ef0433f142 + Revoked at: Wed Jul 04 12:07:58 UTC 2012 + Serial Number (hex): 00934af5d6a746ee07dfe69a12e22547ae + Revoked at: Thu Jul 05 12:22:13 UTC 2012 + Serial Number (hex): 00ca53d0234a23e200df72b560ee8d1829 + Revoked at: Thu Jul 05 13:18:50 UTC 2012 + Serial Number (hex): 00e380fbef222c401f7d2282d0685d7206 + Revoked at: Thu Jul 05 15:32:03 UTC 2012 + Serial Number (hex): 00c20d448fc939620f51b4239efc51e3c6 + Revoked at: Thu Jul 05 16:00:42 UTC 2012 + Serial Number (hex): 00adf454e7d30f8e1112021091f3970e9d + Revoked at: Thu Jul 05 16:57:50 UTC 2012 + Serial Number (hex): 00dba52d9ad8bf7245c04b72f65109bd2e + Revoked at: Thu Jul 05 19:00:29 UTC 2012 + Serial Number (hex): 3cd95ad7c3b2cd565425eab33ea47929 + Revoked at: Thu Jul 05 21:36:48 UTC 2012 + Serial Number (hex): 288bec926b96bfe6e02daac76379c3d1 + Revoked at: Thu Jul 05 21:56:30 UTC 2012 + Serial Number (hex): 00ed2d9e62c4c1d942135b38788a91e73e + Revoked at: Fri Jul 06 15:27:51 UTC 2012 + Serial Number (hex): 0085fcbb629c15e6fb8e497f324bff9395 + Revoked at: Fri Jul 06 19:42:58 UTC 2012 + Serial Number (hex): 00a4e1c5a49d7a8be49396d7d8e9c94a43 + Revoked at: Fri Jul 06 21:02:14 UTC 2012 + Serial Number (hex): 49797d15a14fe055d8c47d285b737647 + Revoked at: Fri Jul 06 22:21:25 UTC 2012 + Serial Number (hex): 512db2613b58231fe06053ce459bcd38 + Revoked at: Fri Jul 06 22:21:46 UTC 2012 + Serial Number (hex): 0090ac336dbd9473e737617472fd9020cd + Revoked at: Fri Jul 06 22:22:11 UTC 2012 + Serial Number (hex): 0080c8513d7adf09031ac12796353d33ad + Revoked at: Fri Jul 06 22:48:00 UTC 2012 + Serial Number (hex): 00913be648b466be2d76d84b1c4782b0b9 + Revoked at: Mon Jul 09 13:47:42 UTC 2012 + Serial Number (hex): 00c8a6b7e5794ee81fda1ce3431df13f87 + Revoked at: Mon Jul 09 17:56:33 UTC 2012 + Serial Number (hex): 07a0a05d69aff4149b069b53eddcce12 + Revoked at: Mon Jul 09 18:20:24 UTC 2012 + Serial Number (hex): 69a72af2c7503c12b18cbfff8c0088ff + Revoked at: Mon Jul 09 20:50:46 UTC 2012 + Serial Number (hex): 00c08d0bd229e0e99fb988f30dd3a1de79 + Revoked at: Tue Jul 10 03:22:54 UTC 2012 + Serial Number (hex): 00c209cb0e210e0fff8803ebade5fbc82a + Revoked at: Tue Jul 10 03:59:47 UTC 2012 + Serial Number (hex): 008791d2ec6f37054610e319d3d764e525 + Revoked at: Tue Jul 10 09:43:17 UTC 2012 + Serial Number (hex): 00f6dba5b3696eaf0a4331608f049b7fe3 + Revoked at: Tue Jul 10 15:15:00 UTC 2012 + Serial Number (hex): 00afe629c111b891632a939e66eed9a49b + Revoked at: Tue Jul 10 15:41:25 UTC 2012 + Serial Number (hex): 12fd4ae253b4db41c29d6a0cc8fb797b + Revoked at: Tue Jul 10 16:07:52 UTC 2012 + Serial Number (hex): 15afcb96a1365ab0371eaa346f24fb6e + Revoked at: Tue Jul 10 20:17:02 UTC 2012 + Serial Number (hex): 00f0fa070a63edef132d89611a871dae42 + Revoked at: Tue Jul 10 21:27:28 UTC 2012 + Serial Number (hex): 1043c33bb97973676b6a33d678059e2c + Revoked at: Tue Jul 10 21:34:02 UTC 2012 + Serial Number (hex): 349efb3622c832fd857b293863aee24d + Revoked at: Wed Jul 11 11:18:33 UTC 2012 + Serial Number (hex): 008ef59f3a0745a1f7793d6127ca8ab1ce + Revoked at: Wed Jul 11 11:47:58 UTC 2012 + Serial Number (hex): 79812a2b0e0c8599684942cabe64bc7d + Revoked at: Wed Jul 11 15:50:21 UTC 2012 + Serial Number (hex): 00ed14ec1d01e8288c0236b587beff024f + Revoked at: Wed Jul 11 17:07:21 UTC 2012 + Serial Number (hex): 105328365a6b8fe28a3a5cfd1a830b30 + Revoked at: Wed Jul 11 20:05:42 UTC 2012 + Serial Number (hex): 26901da71a674f21487bfe58cfba728e + Revoked at: Wed Jul 11 20:06:10 UTC 2012 + Serial Number (hex): 0878ed5f5714b24b3c4bb607e3001ba8 + Revoked at: Thu Jul 12 07:20:44 UTC 2012 + Serial Number (hex): 16d5c65ca0738411e7659b18bf97c2e7 + Revoked at: Thu Jul 12 14:22:44 UTC 2012 + Serial Number (hex): 00d186d786179b8884b261d3851ccab266 + Revoked at: Thu Jul 12 14:26:50 UTC 2012 + Serial Number (hex): 3da1bda34afcdc198d9283c5296f1df1 + Revoked at: Thu Jul 12 14:30:39 UTC 2012 + Serial Number (hex): 4b6b9668c82ca51c0a193f36e9947401 + Revoked at: Thu Jul 12 14:31:35 UTC 2012 + Serial Number (hex): 00bc54d34c8c1f049982eb6151994c3419 + Revoked at: Thu Jul 12 14:51:50 UTC 2012 + Serial Number (hex): 6e4aa5c7bd2dcb2ee1655e24a9f37c2e + Revoked at: Thu Jul 12 15:01:57 UTC 2012 + Serial Number (hex): 00e10a7b35559c3df32719445305d5f69a + Revoked at: Thu Jul 12 15:28:38 UTC 2012 + Serial Number (hex): 00eca44ad893b545e97d11ab57b146868a + Revoked at: Thu Jul 12 15:33:51 UTC 2012 + Serial Number (hex): 00bcb2dd8037defd2afc674195077c42c2 + Revoked at: Thu Jul 12 15:34:14 UTC 2012 + Serial Number (hex): 00e1daafa33c8d48a041849558235377b9 + Revoked at: Thu Jul 12 15:34:29 UTC 2012 + Serial Number (hex): 3d006b0b77ff182ecfa8626343dde0eb + Revoked at: Thu Jul 12 15:38:34 UTC 2012 + Serial Number (hex): 69ca4156fdeb39defcf747e2ebfb7a67 + Revoked at: Thu Jul 12 15:43:07 UTC 2012 + Serial Number (hex): 40747fe3712a8b9908ec106115ac7ee9 + Revoked at: Thu Jul 12 15:52:25 UTC 2012 + Serial Number (hex): 0642ac4e7b81aca9dd99b5299267ec4a + Revoked at: Thu Jul 12 16:06:10 UTC 2012 + Serial Number (hex): 00a7548038cad3593c0a55147e87657657 + Revoked at: Thu Jul 12 17:15:08 UTC 2012 + Serial Number (hex): 62bdded2661560ad80227547cf20e4e6 + Revoked at: Thu Jul 12 18:05:18 UTC 2012 + Serial Number (hex): 00be9def4f47cc3b0b6129ccf00e4b017d + Revoked at: Thu Jul 12 18:36:53 UTC 2012 + Serial Number (hex): 5e62331e0ef1b3e1481171d4565f1158 + Revoked at: Thu Jul 12 22:19:58 UTC 2012 + Serial Number (hex): 00d0d13834eca66c95822c198b411ca5bd + Revoked at: Thu Jul 12 22:44:59 UTC 2012 + Serial Number (hex): 42d2afd6bc69840719eff4baeea2597e + Revoked at: Thu Jul 12 22:58:34 UTC 2012 + Serial Number (hex): 367dfeb717eaee21d0f0c56e4a7cba5d + Revoked at: Fri Jul 13 14:35:57 UTC 2012 + Serial Number (hex): 7e160df7e8e5a14d32f15dff9cf5b708 + Revoked at: Fri Jul 13 15:10:55 UTC 2012 + Serial Number (hex): 00d41ad6ddd13d924be72516835be8d591 + Revoked at: Fri Jul 13 17:25:29 UTC 2012 + Serial Number (hex): 659d67a840fb401a861bd0d076dafad7 + Revoked at: Fri Jul 13 19:17:42 UTC 2012 + Serial Number (hex): 00b7e1489519890fa0b47377053a168423 + Revoked at: Fri Jul 13 19:17:51 UTC 2012 + Serial Number (hex): 31fd66e98e3b0c0486b439cbfb5e0c23 + Revoked at: Fri Jul 13 20:22:49 UTC 2012 + Serial Number (hex): 00dbb50372e26837b303973d4ab6b2b8e3 + Revoked at: Fri Jul 13 21:01:28 UTC 2012 + Serial Number (hex): 5107935f3c5e73d2f6b38b6a95cf7f6f + Revoked at: Fri Jul 13 22:26:04 UTC 2012 + Serial Number (hex): 1ce3afb8ad789e312fcc5527756fe9f4 + Revoked at: Sat Jul 14 15:26:39 UTC 2012 + Serial Number (hex): 76028c3435006e86ec248c3ef1dfbcdb + Revoked at: Sat Jul 14 16:03:52 UTC 2012 + Serial Number (hex): 00d7a3e014a47765b08be89b977d9c7001 + Revoked at: Mon Jul 16 05:47:26 UTC 2012 + Serial Number (hex): 696da2ecfa34a1cffa1077695d9fcafd + Revoked at: Mon Jul 16 05:48:19 UTC 2012 + Serial Number (hex): 7e7b679117f1b749b13983b00f2151b4 + Revoked at: Mon Jul 16 09:38:33 UTC 2012 + Serial Number (hex): 7c3dd484a90884a8782f097324e29e2d + Revoked at: Mon Jul 16 16:20:49 UTC 2012 + Serial Number (hex): 00d4eda38daabc2f37e0940967bf3de369 + Revoked at: Mon Jul 16 17:00:10 UTC 2012 + Serial Number (hex): 18482e1ed0e4260561aacb0f56ed90e1 + Revoked at: Mon Jul 16 18:46:26 UTC 2012 + Serial Number (hex): 197a8ee96711359398fec7c0839bbab8 + Revoked at: Mon Jul 16 18:54:28 UTC 2012 + Serial Number (hex): 00cebea9f74c0b55e99eed1d0a230895f4 + Revoked at: Mon Jul 16 20:47:16 UTC 2012 + Serial Number (hex): 0085a98c4b45a372459c31a9c56b1fab71 + Revoked at: Tue Jul 17 11:38:22 UTC 2012 + Serial Number (hex): 586792f69493d1cef9f9b1cff1650b27 + Revoked at: Tue Jul 17 12:02:05 UTC 2012 + Serial Number (hex): 51413b4863b10d2a848ee60048eebf28 + Revoked at: Tue Jul 17 12:05:57 UTC 2012 + Serial Number (hex): 359b5bbe4665fad279a11556a9f144 + Revoked at: Tue Jul 17 13:45:35 UTC 2012 + Serial Number (hex): 00bb08ebb2fe84d16a213cbbc14f79f6ac + Revoked at: Tue Jul 17 13:46:50 UTC 2012 + Serial Number (hex): 72cec9543a3ce3e16aa445e457afee3e + Revoked at: Tue Jul 17 14:19:37 UTC 2012 + Serial Number (hex): 3f5d33fd6aed35981ad03e8b222ffce6 + Revoked at: Tue Jul 17 20:59:20 UTC 2012 + Serial Number (hex): 00c75771df549bb336c945fd727b8374db + Revoked at: Tue Jul 17 22:44:17 UTC 2012 + Serial Number (hex): 28ab8120ebccf7a446aae133ea8dcc36 + Revoked at: Wed Jul 18 07:17:51 UTC 2012 + Serial Number (hex): 58d7a32d2d054d5c6b95b9e72ccdd394 + Revoked at: Wed Jul 18 13:01:18 UTC 2012 + Serial Number (hex): 00bf8cff17720e37e0fe185610666da738 + Revoked at: Wed Jul 18 13:24:31 UTC 2012 + Serial Number (hex): 00c7024c305c1ff701227b27aa7e75cf55 + Revoked at: Wed Jul 18 13:41:59 UTC 2012 + Serial Number (hex): 0b113676b80a10f87e0ab54d9e7d3c24 + Revoked at: Wed Jul 18 14:01:29 UTC 2012 + Serial Number (hex): 71ecab8d98e32052c6ce5e1776becf5c + Revoked at: Wed Jul 18 14:01:51 UTC 2012 + Serial Number (hex): 00a4889955091050e4ba52f4ca131be6ff + Revoked at: Wed Jul 18 15:10:09 UTC 2012 + Serial Number (hex): 2c032fdc90b1c4990728af3f38ecc63e + Revoked at: Wed Jul 18 16:45:29 UTC 2012 + Serial Number (hex): 00e75bae8532d3cc214ec3a179e2ed30ce + Revoked at: Wed Jul 18 17:34:46 UTC 2012 + Serial Number (hex): 7245dd6cc165aecf84f9a59ac0f76ec8 + Revoked at: Wed Jul 18 17:35:01 UTC 2012 + Serial Number (hex): 2deb339e31fa4b002037f37b89d53d0c + Revoked at: Wed Jul 18 21:11:29 UTC 2012 + Serial Number (hex): 5823c1ceaef702615e1d5d38f2741c0b + Revoked at: Wed Jul 18 21:28:05 UTC 2012 + Serial Number (hex): 00d0d0d54a60a28ab0f750830be99d9206 + Revoked at: Wed Jul 18 21:29:48 UTC 2012 + Serial Number (hex): 00a6bbdf999c6937a071d5a0140e57b173 + Revoked at: Thu Jul 19 11:28:40 UTC 2012 + Serial Number (hex): 1b75b1bd7229c7ee7bc1ce056800f314 + Revoked at: Thu Jul 19 18:55:42 UTC 2012 + Serial Number (hex): 2f8931c0a53ca5cf651a406770059be9 + Revoked at: Thu Jul 19 18:56:30 UTC 2012 + Serial Number (hex): 4a2cbd9b3660ac32f02968fdeb0e8101 + Revoked at: Thu Jul 19 19:16:34 UTC 2012 + Serial Number (hex): 083d41d3190442916264da29e12ebede + Revoked at: Thu Jul 19 20:31:34 UTC 2012 + Serial Number (hex): 00b9ee6795dda93bc3b4093cfc03a87689 + Revoked at: Thu Jul 19 21:59:06 UTC 2012 + Serial Number (hex): 707950bba6d1bbd06cf43c02ce4ffa99 + Revoked at: Thu Jul 19 22:19:54 UTC 2012 + Serial Number (hex): 3fcfc50cbf1bc52d745725a32fdf0a4d + Revoked at: Fri Jul 20 12:50:56 UTC 2012 + Serial Number (hex): 00c5e03d349d6949e62d8633cb82a7191d + Revoked at: Fri Jul 20 14:45:07 UTC 2012 + Serial Number (hex): 009e6ca806646027762d33748a0b79be0e + Revoked at: Fri Jul 20 15:36:19 UTC 2012 + Serial Number (hex): 008bdb53cb49d10d885139b265865b4586 + Revoked at: Fri Jul 20 15:56:54 UTC 2012 + Serial Number (hex): 519295ce01525613957882e84307c4f4 + Revoked at: Fri Jul 20 18:20:34 UTC 2012 + Serial Number (hex): 00d456edab6e21a170f9f71499a691a77c + Revoked at: Fri Jul 20 19:45:39 UTC 2012 + Serial Number (hex): 60e4b3dc5f949ef8f48f249225c1c384 + Revoked at: Fri Jul 20 19:49:28 UTC 2012 + Serial Number (hex): 292de916a87991dacb805080765fc929 + Revoked at: Sat Jul 21 00:26:55 UTC 2012 + Serial Number (hex): 62233793fe8c3357f6ed5b657f28d90d + Revoked at: Sat Jul 21 00:27:12 UTC 2012 + Serial Number (hex): 00dd47a1f18053142e7af8ab4d85f1464c + Revoked at: Sat Jul 21 10:30:08 UTC 2012 + Serial Number (hex): 3183d53334d728a6d270002f96dde54b + Revoked at: Sun Jul 22 22:29:03 UTC 2012 + Serial Number (hex): 00adf2f95115d32df39b388172b6698c12 + Revoked at: Mon Jul 23 05:18:56 UTC 2012 + Serial Number (hex): 00f25b2f8fb6d8da66bf79799fd7104db4 + Revoked at: Mon Jul 23 12:41:33 UTC 2012 + Serial Number (hex): 415475c24956aa60b213c17c906c5eaa + Revoked at: Mon Jul 23 13:19:34 UTC 2012 + Serial Number (hex): 00c7667ed8884b741e142d6bcd03d83cc5 + Revoked at: Mon Jul 23 14:02:32 UTC 2012 + Serial Number (hex): 00e4b92f7677f28667681d6e8f790acc9d + Revoked at: Mon Jul 23 16:30:17 UTC 2012 + Serial Number (hex): 00b9fc566218546760a7ae855ebc21d9c6 + Revoked at: Mon Jul 23 16:31:10 UTC 2012 + Serial Number (hex): 00b9abc3ca6bcfccadb681e055df63cc4f + Revoked at: Mon Jul 23 16:31:24 UTC 2012 + Serial Number (hex): 064c42762d1f4f8f2bd0b90a0044540e + Revoked at: Mon Jul 23 23:11:18 UTC 2012 + Serial Number (hex): 00baa70eb45d3dac96da19268fd9df94c6 + Revoked at: Tue Jul 24 16:30:32 UTC 2012 + Serial Number (hex): 67adb6d6d57bd37ef4a55e52ea0b9b99 + Revoked at: Tue Jul 24 16:36:11 UTC 2012 + Serial Number (hex): 40976c64e299affae57c631df431170b + Revoked at: Tue Jul 24 16:56:16 UTC 2012 + Serial Number (hex): 5e5adf28f4214933057baad4f180a2a5 + Revoked at: Tue Jul 24 19:05:51 UTC 2012 + Serial Number (hex): 4a9027e3dce47bf89f6f9a1620bfdff9 + Revoked at: Tue Jul 24 20:31:56 UTC 2012 + Serial Number (hex): 00a929d4fc3d50a597e9075559e1b5ef76 + Revoked at: Tue Jul 24 20:42:04 UTC 2012 + Serial Number (hex): 00ec928cf8e76da18be34837a1941b508d + Revoked at: Tue Jul 24 20:42:21 UTC 2012 + Serial Number (hex): 008bd5a57ad86b6168546f80dc747cee7d + Revoked at: Tue Jul 24 21:48:38 UTC 2012 + Serial Number (hex): 445fa4092ef094802bbb62583edf1fad + Revoked at: Wed Jul 25 03:32:46 UTC 2012 + Serial Number (hex): 4f04b54a616d69b47a34be2b55e2be1c + Revoked at: Wed Jul 25 08:48:15 UTC 2012 + Serial Number (hex): 00f6142b92e6b736662241a99d2ef05b4a + Revoked at: Wed Jul 25 08:55:43 UTC 2012 + Serial Number (hex): 02f8bfe07c39d887330190e55d3eefce + Revoked at: Wed Jul 25 11:33:46 UTC 2012 + Serial Number (hex): 060a53b6193066eb3ece4ef12af2d700 + Revoked at: Wed Jul 25 11:51:35 UTC 2012 + Serial Number (hex): 009d84bbbb5b1f749c8a8295ac54c077e9 + Revoked at: Wed Jul 25 15:30:42 UTC 2012 + Serial Number (hex): 4acccc830dc349e19d556162c0e7733c + Revoked at: Wed Jul 25 21:33:26 UTC 2012 + Serial Number (hex): 00d8c0d35e171d914602487ad18e8e62eb + Revoked at: Thu Jul 26 13:32:26 UTC 2012 + Serial Number (hex): 75fc9ff75e56edfa90a1560864682351 + Revoked at: Thu Jul 26 14:53:32 UTC 2012 + Serial Number (hex): 3bea6da031a3bfddc026ca8aabfee6b7 + Revoked at: Thu Jul 26 15:45:42 UTC 2012 + Serial Number (hex): 28e7a334939da577455163022560efaa + Revoked at: Thu Jul 26 16:04:14 UTC 2012 + Serial Number (hex): 008b724f5454ff067f10814b8884ef795e + Revoked at: Thu Jul 26 16:04:41 UTC 2012 + Serial Number (hex): 00e0793e969fccbb8f0c04487f6fd33d37 + Revoked at: Thu Jul 26 16:04:45 UTC 2012 + Serial Number (hex): 00860b6e9011fe947b4184f19d086700ba + Revoked at: Thu Jul 26 16:04:49 UTC 2012 + Serial Number (hex): 0081b438e593c6a481fcfcbf854f46935e + Revoked at: Thu Jul 26 20:49:50 UTC 2012 + Serial Number (hex): 008916fe5c72a49e7d21244414ecffccb5 + Revoked at: Thu Jul 26 20:51:44 UTC 2012 + Serial Number (hex): 00d67fa1de99ceeef389b8eb14e86c0ad8 + Revoked at: Thu Jul 26 20:54:44 UTC 2012 + Serial Number (hex): 0084f9c3ac017a1ce03668145990a27d39 + Revoked at: Thu Jul 26 20:58:06 UTC 2012 + Serial Number (hex): 668efb69216cb5d34473f0cfe79b2a4e + Revoked at: Thu Jul 26 20:58:31 UTC 2012 + Serial Number (hex): 14ed5cea73a9ab85145e975b2cf8277f + Revoked at: Fri Jul 27 10:31:00 UTC 2012 + Serial Number (hex): 00cf084738d8f82a2fdb7b35be52a70ede + Revoked at: Fri Jul 27 13:27:23 UTC 2012 + Serial Number (hex): 5d74c6b61f2f467f3b797af75906c7eb + Revoked at: Fri Jul 27 14:11:44 UTC 2012 + Serial Number (hex): 3921214399e9d5e46f7e7dfe645fae8b + Revoked at: Fri Jul 27 14:29:27 UTC 2012 + Serial Number (hex): 674a317dfe44f5d5c617665a59bdd554 + Revoked at: Fri Jul 27 15:09:28 UTC 2012 + Serial Number (hex): 6b6733e5bf76ca8ad044d5b8eb37c067 + Revoked at: Fri Jul 27 16:38:47 UTC 2012 + Serial Number (hex): 00a8fecd1abe5cb72feefbba1fa241c5c2 + Revoked at: Fri Jul 27 18:53:58 UTC 2012 + Serial Number (hex): 0aefe8cfd927565a15e84335aa1e0936 + Revoked at: Fri Jul 27 20:34:09 UTC 2012 + Serial Number (hex): 00ba5ace56ace57328419ef4ff25951b54 + Revoked at: Fri Jul 27 20:44:40 UTC 2012 + Serial Number (hex): 34a5ef7d946238e6a0277d99faf22214 + Revoked at: Fri Jul 27 20:51:49 UTC 2012 + Serial Number (hex): 68bb1f6fa185e53c899d6bdeb7da9771 + Revoked at: Mon Jul 30 02:48:14 UTC 2012 + Serial Number (hex): 00ed5baf04a37f41a2f52dc433d1b7ead7 + Revoked at: Mon Jul 30 07:21:08 UTC 2012 + Serial Number (hex): 0098fb76de5caa8c892ed7f7c2d3e39cce + Revoked at: Mon Jul 30 14:33:20 UTC 2012 + Serial Number (hex): 2417393667a8dd5832e8dab1747fd4c7 + Revoked at: Mon Jul 30 18:03:45 UTC 2012 + Serial Number (hex): 15f551a4bcc35d2bccbe5afb8fbe9b51 + Revoked at: Mon Jul 30 18:03:58 UTC 2012 + Serial Number (hex): 00eeeea9b421b7b67c5af2367bc73d84fd + Revoked at: Mon Jul 30 19:26:55 UTC 2012 + Serial Number (hex): 00d47b37f0b9fc318d25970060682a7091 + Revoked at: Mon Jul 30 19:26:55 UTC 2012 + Serial Number (hex): 251298025ba334f7e64a44c4863dafa9 + Revoked at: Mon Jul 30 19:34:57 UTC 2012 + Serial Number (hex): 00f1d25ff7e30d30a3a0c6bd69791608d9 + Revoked at: Mon Jul 30 19:35:13 UTC 2012 + Serial Number (hex): 3f290f5240b77fdc48b38bdd4e3bcede + Revoked at: Mon Jul 30 19:36:28 UTC 2012 + Serial Number (hex): 45f26e014f13e01718fb59b7876e027d + Revoked at: Mon Jul 30 19:36:45 UTC 2012 + Serial Number (hex): 2101d860ff2c0f8f82477214688b3477 + Revoked at: Mon Jul 30 19:37:02 UTC 2012 + Serial Number (hex): 00b6dbee029948aa3cce8ad4d7eefb866c + Revoked at: Mon Jul 30 19:38:15 UTC 2012 + Serial Number (hex): 00acb9a195407fe484c34a1b5f6c8cd1a7 + Revoked at: Mon Jul 30 19:38:24 UTC 2012 + Serial Number (hex): 00d5353d4bd129bba3c93e42e3379f4c5b + Revoked at: Mon Jul 30 19:38:31 UTC 2012 + Serial Number (hex): 03328ae3d32631ddd1c8fba0ed6afb68 + Revoked at: Mon Jul 30 20:03:38 UTC 2012 + Serial Number (hex): 00859f5b88ffc25ee801a3c552a444a196 + Revoked at: Mon Jul 30 20:03:45 UTC 2012 + Serial Number (hex): 3530260ce8212a19853ad4c40bb9720c + Revoked at: Mon Jul 30 20:32:47 UTC 2012 + Serial Number (hex): 00b5beb15d9687672396a005255813c88b + Revoked at: Tue Jul 31 13:52:17 UTC 2012 + Serial Number (hex): 00c09056abf094a21dbe55b4d6429d1d40 + Revoked at: Tue Jul 31 15:25:48 UTC 2012 + Serial Number (hex): 5a98e4d1502c9bebda0298b5c165fe89 + Revoked at: Tue Jul 31 20:05:31 UTC 2012 + Serial Number (hex): 2054b8f6553a9a3b87b6a16678741798 + Revoked at: Tue Jul 31 20:21:48 UTC 2012 + Serial Number (hex): 00cf8356d5352f536a63411448e0e0d5be + Revoked at: Tue Jul 31 21:03:20 UTC 2012 + Serial Number (hex): 191e5f8af18f3f144532959e3255976e + Revoked at: Tue Jul 31 21:41:19 UTC 2012 + Serial Number (hex): 00f7c6dd56874587e27b0152d436839b4c + Revoked at: Wed Aug 01 01:29:50 UTC 2012 + Serial Number (hex): 1b490c28e8d1c5f818b24738e86deb37 + Revoked at: Wed Aug 01 22:32:33 UTC 2012 + Serial Number (hex): 009f67045b2ae7cebd636c3315e66b3486 + Revoked at: Thu Aug 02 15:08:13 UTC 2012 + Serial Number (hex): 00fafd0db443b03864166229529d07d2cb + Revoked at: Thu Aug 02 20:18:40 UTC 2012 + Serial Number (hex): 0084f3a155e3535c22c46640cf055c5c92 + Revoked at: Thu Aug 02 21:03:14 UTC 2012 + Serial Number (hex): 00c9aabf1a4528c9b6d163a4a12cf64f3e + Revoked at: Thu Aug 02 21:07:35 UTC 2012 + Serial Number (hex): 00f1e9604aed07f2a40fa03afe9d6ecd77 + Revoked at: Thu Aug 02 21:58:14 UTC 2012 + Serial Number (hex): 0099f801e10adf842a1c0d512a44edb248 + Revoked at: Fri Aug 03 07:33:30 UTC 2012 + Serial Number (hex): 00d6d1ee817582037ae81f73513d5a5833 + Revoked at: Fri Aug 03 12:31:49 UTC 2012 + Serial Number (hex): 00fa522f737ff683e89384d816ee46bc77 + Revoked at: Fri Aug 03 14:35:21 UTC 2012 + Serial Number (hex): 0f51014f65a623e7f27db4ef0c825a2f + Revoked at: Fri Aug 03 15:39:54 UTC 2012 + Serial Number (hex): 00ea9acc1435b135f00096027b54783d99 + Revoked at: Fri Aug 03 17:26:19 UTC 2012 + Serial Number (hex): 1dc8baccb3638ed0c66d194c18104274 + Revoked at: Fri Aug 03 20:17:36 UTC 2012 + Serial Number (hex): 3b882d0f41db13b1b59abe1f263612d3 + Revoked at: Fri Aug 03 20:38:12 UTC 2012 + Serial Number (hex): 00b4731cdc13ab212ee5a3e0f079d681dd + Revoked at: Fri Aug 03 20:38:41 UTC 2012 + Serial Number (hex): 00b7d0e6ef3c3cf1a4857065897f86e725 + Revoked at: Fri Aug 03 20:39:08 UTC 2012 + Serial Number (hex): 00e98356ad05546f9656985e58073e0cd8 + Revoked at: Fri Aug 03 20:46:15 UTC 2012 + Serial Number (hex): 00c8dfd2aaf951da7ef8f017296d325dc5 + Revoked at: Fri Aug 03 21:24:58 UTC 2012 + Serial Number (hex): 4e4c147c65e11f1da74f28738dc43f42 + Revoked at: Fri Aug 03 21:25:35 UTC 2012 + Serial Number (hex): 00c743a9cf448c6e7e16df3ce5621c1b00 + Revoked at: Mon Aug 06 17:49:08 UTC 2012 + Serial Number (hex): 50037c606d4a8601b09378050628214e + Revoked at: Mon Aug 06 20:23:04 UTC 2012 + Serial Number (hex): 00dd38cd83438e42883daa3f0c0185f0da + Revoked at: Mon Aug 06 23:54:39 UTC 2012 + Serial Number (hex): 00e742e5d74218642be62e8b90977719fd + Revoked at: Tue Aug 07 09:18:38 UTC 2012 + Serial Number (hex): 00b7d2aa36ae78114d77cb8587a941ef61 + Revoked at: Tue Aug 07 15:49:44 UTC 2012 + Serial Number (hex): 2f89ef2a6d6310c9d2d400c658829c86 + Revoked at: Tue Aug 07 16:33:07 UTC 2012 + Serial Number (hex): 0097b008e6b871e8bb7773d5c66e0652e4 + Revoked at: Tue Aug 07 17:06:04 UTC 2012 + Serial Number (hex): 00b8bdf20917c83e5a9491615e2e3a315a + Revoked at: Tue Aug 07 19:40:20 UTC 2012 + Serial Number (hex): 693496010116e40153a4400ee52d8d + Revoked at: Tue Aug 07 19:43:06 UTC 2012 + Serial Number (hex): 566b16fdee1190d3ec0519167015f89f + Revoked at: Tue Aug 07 20:41:20 UTC 2012 + Serial Number (hex): 6ae9f3bcb19fc5d42383f25fa6b5b176 + Revoked at: Tue Aug 07 20:41:29 UTC 2012 + Serial Number (hex): 25969ac7493dbf82fa420c1d871384d6 + Revoked at: Tue Aug 07 20:41:37 UTC 2012 + Serial Number (hex): 3674e9010276be50e30d4b37b4f4d3a4 + Revoked at: Tue Aug 07 20:41:47 UTC 2012 + Serial Number (hex): 18c4f781e56ae52ad15ff97ffbd1bafe + Revoked at: Tue Aug 07 20:41:52 UTC 2012 + Serial Number (hex): 2232826d803b6dc90b1dcd1870fdb6c4 + Revoked at: Wed Aug 08 09:01:12 UTC 2012 + Serial Number (hex): 0ef1e757c9ee1316f6ba07c707f4fbf2 + Revoked at: Wed Aug 08 14:37:51 UTC 2012 + Serial Number (hex): 5dc01a4d7cb6bafd73d4c7acc8e515d3 + Revoked at: Wed Aug 08 18:12:34 UTC 2012 + Serial Number (hex): 008a828ec09716deb690d45df3e3501851 + Revoked at: Wed Aug 08 18:12:42 UTC 2012 + Serial Number (hex): 00b8bbe7937f8b24fd1bd07cbe69d37ff3 + Revoked at: Wed Aug 08 20:52:44 UTC 2012 + Serial Number (hex): 0b408b0693f1ff5729135c12f74432a9 + Revoked at: Thu Aug 09 07:36:24 UTC 2012 + Serial Number (hex): 00abca25dad3b71dc64e22033fceee15f8 + Revoked at: Thu Aug 09 13:18:37 UTC 2012 + Serial Number (hex): 00da2e95e96287a653b0346189a00f204b + Revoked at: Thu Aug 09 14:27:41 UTC 2012 + Serial Number (hex): 257b6b69472ae39a55fc1821d4f7dd59 + Revoked at: Thu Aug 09 15:18:55 UTC 2012 + Serial Number (hex): 00c38a4c48f6091e80d57f12dc600dbb80 + Revoked at: Thu Aug 09 15:35:17 UTC 2012 + Serial Number (hex): 00e653361ab3b6978e91cd4789b0ed19c0 + Revoked at: Thu Aug 09 15:46:12 UTC 2012 + Serial Number (hex): 00d47fdc3a3446c1f7efe1a2e15ed4551f + Revoked at: Thu Aug 09 15:48:23 UTC 2012 + Serial Number (hex): 00e14a76d81379654101958e100e7c6a9c + Revoked at: Thu Aug 09 17:53:45 UTC 2012 + Serial Number (hex): 56454f89080ca6d28136e7eb63c43d52 + Revoked at: Thu Aug 09 20:40:37 UTC 2012 + Serial Number (hex): 4849fa71fad2e1a9cfa9cbcf0ce310b3 + Revoked at: Thu Aug 09 21:14:46 UTC 2012 + Serial Number (hex): 00b194a75c77ffc21251bd990c263e8993 + Revoked at: Fri Aug 10 02:36:27 UTC 2012 + Serial Number (hex): 6e56e8c5a77b83e241a9f20991a28e20 + Revoked at: Fri Aug 10 14:56:29 UTC 2012 + Serial Number (hex): 00f8d3ce2826fc6e1d7b6acf2d51f8a16b + Revoked at: Fri Aug 10 18:46:48 UTC 2012 + Serial Number (hex): 00e9873a987c81e8b3b210b8993d3ae706 + Revoked at: Fri Aug 10 20:02:21 UTC 2012 + Serial Number (hex): 524d3bc83cd07b56b07ac517085fbd2f + Revoked at: Fri Aug 10 20:02:31 UTC 2012 + Serial Number (hex): 38d5456ed9ab2c34c5898b16699b53f8 + Revoked at: Mon Aug 13 09:14:12 UTC 2012 + Serial Number (hex): 00a0fcc4ee6afbd0934eb0e07ce98aa7dc + Revoked at: Mon Aug 13 15:44:32 UTC 2012 + Serial Number (hex): 52598fa8efc3d28132e675d2a5518524 + Revoked at: Mon Aug 13 15:45:51 UTC 2012 + Serial Number (hex): 42eabe3a8eccb54bf474afb2e1ad05c5 + Revoked at: Mon Aug 13 16:07:06 UTC 2012 + Serial Number (hex): 142c32aae2846ae99a0c37e7503b9e25 + Revoked at: Mon Aug 13 16:09:45 UTC 2012 + Serial Number (hex): 00b0f48c7fe7167bfe1357e76491561c6c + Revoked at: Mon Aug 13 16:15:47 UTC 2012 + Serial Number (hex): 2891910f2422ec8d08a0ea693dfa9fd0 + Revoked at: Tue Aug 14 13:30:29 UTC 2012 + Serial Number (hex): 00eda15cd24a6f57650c5e46e588619a6c + Revoked at: Tue Aug 14 13:38:03 UTC 2012 + Serial Number (hex): 00a4e816e0e81822b430b3c0a245c5bc4a + Revoked at: Tue Aug 14 15:11:29 UTC 2012 + Serial Number (hex): 00f0c1523b3418564415d634bc432459e7 + Revoked at: Tue Aug 14 18:35:06 UTC 2012 + Serial Number (hex): 12ebfec7a15909b1b7cb016908744d8d + Revoked at: Tue Aug 14 20:57:29 UTC 2012 + Serial Number (hex): 00f61f427140e098f46081c8d9f4f56654 + Revoked at: Tue Aug 14 21:06:29 UTC 2012 + Serial Number (hex): 0095da3b2976527cd4bf0f1f3b9cdda6ee + Revoked at: Wed Aug 15 13:54:51 UTC 2012 + Serial Number (hex): 7150035d6096000e03ba0ce94506624f + Revoked at: Wed Aug 15 13:54:57 UTC 2012 + Serial Number (hex): 1d0c26117b80957a8d52da986583589d + Revoked at: Wed Aug 15 14:26:21 UTC 2012 + Serial Number (hex): 0084bcce5121e26f6af3eedcbf9662813c + Revoked at: Wed Aug 15 14:27:23 UTC 2012 + Serial Number (hex): 1a1df313a8a28adf712f721d73fa55b5 + Revoked at: Wed Aug 15 16:18:17 UTC 2012 + Serial Number (hex): 78dac89e4d83be1c1ca36f238870eeb5 + Revoked at: Wed Aug 15 19:14:23 UTC 2012 + Serial Number (hex): 3f3a766268b9de38a8d2f28162a15a5a + Revoked at: Wed Aug 15 19:23:43 UTC 2012 + Serial Number (hex): 00c108e4884e02a1e4037ba6b13385bbc8 + Revoked at: Wed Aug 15 19:40:41 UTC 2012 + Serial Number (hex): 00d361ecf9eeac0fd5dda7fd32cf1a93ef + Revoked at: Wed Aug 15 20:28:47 UTC 2012 + Serial Number (hex): 66e1c42a6e14ac8a635528407c7e3030 + Revoked at: Wed Aug 15 20:31:06 UTC 2012 + Serial Number (hex): 008fa70f426e2f3bc93b5e0064d0448ac0 + Revoked at: Wed Aug 15 20:42:53 UTC 2012 + Serial Number (hex): 008448e4b34f49110b2a5f63e5d5b5397c + Revoked at: Wed Aug 15 20:51:45 UTC 2012 + Serial Number (hex): 213fac06ba2f2ea468738e3f165ed1ce + Revoked at: Wed Aug 15 20:52:00 UTC 2012 + Serial Number (hex): 0f0efbe4e32184f7045ab2bb31237946 + Revoked at: Thu Aug 16 12:55:52 UTC 2012 + Serial Number (hex): 682408d6361055da2f8caa1896c19533 + Revoked at: Thu Aug 16 15:23:37 UTC 2012 + Serial Number (hex): 13e7dba79fdf9b999d5f44a06f5144b9 + Revoked at: Thu Aug 16 19:07:43 UTC 2012 + Serial Number (hex): 00bbe2016af71d28fefac23396a85904f4 + Revoked at: Fri Aug 17 12:07:33 UTC 2012 + Serial Number (hex): 00f310cf4f49fe4b9daa3cf9796ca7402a + Revoked at: Fri Aug 17 13:24:19 UTC 2012 + Serial Number (hex): 00ed25072e998d554780e5d769618e9df7 + Revoked at: Fri Aug 17 14:28:17 UTC 2012 + Serial Number (hex): 5b5848ad20e8b88bab8cb6bdfc5a34c7 + Revoked at: Fri Aug 17 17:05:55 UTC 2012 + Serial Number (hex): 00bc59ee4890ee6c72a4b3212b3e89d9bb + Revoked at: Fri Aug 17 17:09:25 UTC 2012 + Serial Number (hex): 00b187cb5b0d6cf94a06e87d0df6ea0656 + Revoked at: Fri Aug 17 17:23:46 UTC 2012 + Serial Number (hex): 0ec0d132c55f73f61dc2e2c7fd80056d + Revoked at: Fri Aug 17 17:36:15 UTC 2012 + Serial Number (hex): 18e875273ec95cf34ebf28d93d2133d9 + Revoked at: Fri Aug 17 18:06:52 UTC 2012 + Serial Number (hex): 00962207d734c2f210b2c31a03b0cb01f2 + Revoked at: Fri Aug 17 19:35:12 UTC 2012 + Serial Number (hex): 00ef82d9334dbb7b0bb0c4441f0beaa64f + Revoked at: Fri Aug 17 20:23:05 UTC 2012 + Serial Number (hex): 009b8c47ba717c78d87bd17aa786191e59 + Revoked at: Fri Aug 17 20:24:09 UTC 2012 + Serial Number (hex): 4c931981d908814e86e82527edc906f1 + Revoked at: Fri Aug 17 23:15:07 UTC 2012 + Serial Number (hex): 008d756a8f4d4d37da1caed3444f7ebce6 + Revoked at: Sat Aug 18 10:36:28 UTC 2012 + Serial Number (hex): 00d398a58182eb122ce78069623a084742 + Revoked at: Mon Aug 20 13:18:10 UTC 2012 + Serial Number (hex): 00ded8f283f742561f1e2793cf2ee6edd9 + Revoked at: Mon Aug 20 13:49:24 UTC 2012 + Serial Number (hex): 17651bb5ec7bc689eb74b75531db0aa1 + Revoked at: Mon Aug 20 15:28:00 UTC 2012 + Serial Number (hex): 009ff182b9313515e0e81fb984fac3f805 + Revoked at: Mon Aug 20 17:07:01 UTC 2012 + Serial Number (hex): 1200c4d7c4487fd68e7ef4313ff41391 + Revoked at: Mon Aug 20 17:37:02 UTC 2012 + Serial Number (hex): 282440fb3cd90aea1bf1c11b5c27aa10 + Revoked at: Tue Aug 21 03:41:45 UTC 2012 + Serial Number (hex): 008a3aca18e8512450648188c239305a9a + Revoked at: Tue Aug 21 11:49:47 UTC 2012 + Serial Number (hex): 74e54fc1555297b1204b54a1493d1131 + Revoked at: Tue Aug 21 15:25:15 UTC 2012 + Serial Number (hex): 00a7d719a6cf82fc377f75bbacc6b6547d + Revoked at: Tue Aug 21 15:32:46 UTC 2012 + Serial Number (hex): 008acca5aac0c752f05d630c5f6e50f533 + Revoked at: Tue Aug 21 17:34:03 UTC 2012 + Serial Number (hex): 20fdb910c5353da50accc44c112767b3 + Revoked at: Tue Aug 21 21:23:20 UTC 2012 + Serial Number (hex): 589dce66f399a1d5f9f1cfa1f9816676 + Revoked at: Wed Aug 22 02:15:53 UTC 2012 + Serial Number (hex): 00a83daea613990341611ff8e8860826ac + Revoked at: Wed Aug 22 19:20:20 UTC 2012 + Serial Number (hex): 00c6825f8147233c73f0eda1f8a592037f + Revoked at: Thu Aug 23 06:53:35 UTC 2012 + Serial Number (hex): 0084b7cd2e182cfba34af7af555d892454 + Revoked at: Thu Aug 23 08:56:14 UTC 2012 + Serial Number (hex): 00bae52035bd0bfab3d77834a4d04dd9b5 + Revoked at: Thu Aug 23 13:49:12 UTC 2012 + Serial Number (hex): 00c7f6c6463dc2de7244e8009773175e24 + Revoked at: Thu Aug 23 16:05:05 UTC 2012 + Serial Number (hex): 0094fcaf613238be27b6627d3e70a49f3a + Revoked at: Thu Aug 23 16:58:50 UTC 2012 + Serial Number (hex): 48fca8d3e8b2e3bc9210518847e81ddd + Revoked at: Thu Aug 23 18:10:46 UTC 2012 + Serial Number (hex): 009274fb1bbf7a635b45fba50af2e3622e + Revoked at: Thu Aug 23 18:31:29 UTC 2012 + Serial Number (hex): 68fe92ce671698bf1177f7e5bfebe317 + Revoked at: Thu Aug 23 18:40:05 UTC 2012 + Serial Number (hex): 360c041de309c779f3350c41ff7afc1d + Revoked at: Thu Aug 23 18:48:52 UTC 2012 + Serial Number (hex): 7d86ce0f20d10990bf425532573204c3 + Revoked at: Thu Aug 23 19:42:32 UTC 2012 + Serial Number (hex): 02c2b5f287b2d4d09f048d1b51395695 + Revoked at: Fri Aug 24 15:48:42 UTC 2012 + Serial Number (hex): 6a5ef2e315fd6a930c77d5ae30b0b5a9 + Revoked at: Fri Aug 24 17:47:33 UTC 2012 + Serial Number (hex): 7eea1fc86cf4f0fec5056699c3115f00 + Revoked at: Fri Aug 24 20:36:56 UTC 2012 + Serial Number (hex): 7e82b5cfb421db3bd811c00f87a4f395 + Revoked at: Mon Aug 27 04:56:35 UTC 2012 + Serial Number (hex): 00d07520c9c95e13a42c7ba3f597d42d83 + Revoked at: Mon Aug 27 15:20:08 UTC 2012 + Serial Number (hex): 009a9dbd81a264a4fd7a7014fd5cfe3e04 + Revoked at: Mon Aug 27 17:51:52 UTC 2012 + Serial Number (hex): 393473c7410e7d1ea0227cbf0b914e9e + Revoked at: Mon Aug 27 23:41:26 UTC 2012 + Serial Number (hex): 00c140ad25186cdbf1498d17232e9ed15f + Revoked at: Mon Aug 27 23:43:24 UTC 2012 + Serial Number (hex): 00de31ab783111ba9c12fbf7a5be07f08e + Revoked at: Tue Aug 28 03:38:18 UTC 2012 + Serial Number (hex): 3585d52d641e62099206a44bdd8b305a + Revoked at: Tue Aug 28 14:48:45 UTC 2012 + Serial Number (hex): 77df4c0d53bffe51af174f392bf452f4 + Revoked at: Tue Aug 28 15:41:15 UTC 2012 + Serial Number (hex): 00a3b36de20971c06617a8d7637ec14d60 + Revoked at: Wed Aug 29 09:05:49 UTC 2012 + Serial Number (hex): 679ccad7f09554d813c5061d5db969f8 + Revoked at: Wed Aug 29 13:57:52 UTC 2012 + Serial Number (hex): 00821b661fce555a15ae98f494931c402f + Revoked at: Wed Aug 29 14:55:00 UTC 2012 + Serial Number (hex): 779595c9467dc13c47de6bc0b645cafe + Revoked at: Wed Aug 29 15:22:59 UTC 2012 + Serial Number (hex): 4a065fd7d2969600388c4ddbe184c51a + Revoked at: Wed Aug 29 16:49:29 UTC 2012 + Serial Number (hex): 29a7a16c171bd60e30bb197e92db4293 + Revoked at: Wed Aug 29 16:55:49 UTC 2012 + Serial Number (hex): 3a70a6d55258a9f3057f1903e5f37c6e + Revoked at: Wed Aug 29 17:00:51 UTC 2012 + Serial Number (hex): 0085c09fe7303cc98f7af9924ad598f1f1 + Revoked at: Wed Aug 29 17:49:52 UTC 2012 + Serial Number (hex): 670c512f718da45ad1157e9d910b9432 + Revoked at: Wed Aug 29 17:50:33 UTC 2012 + Serial Number (hex): 6ff78a671af4b5f181ef2c76a61e2096 + Revoked at: Wed Aug 29 18:01:30 UTC 2012 + Serial Number (hex): 40bca289baa472d1ca2390c830ebc69d + Revoked at: Wed Aug 29 19:20:04 UTC 2012 + Serial Number (hex): 00eb68d2fee17dc2a51cae9cd60d1bf9fd + Revoked at: Wed Aug 29 20:14:28 UTC 2012 + Serial Number (hex): 00bc814d1a9e7d678cedc8ae81effc876c + Revoked at: Wed Aug 29 20:23:41 UTC 2012 + Serial Number (hex): 744d4642a5fa1dee5b277ce9d50e95f6 + Revoked at: Wed Aug 29 20:23:58 UTC 2012 + Serial Number (hex): 00c9e33c4e130c3ab04bf93407f4994192 + Revoked at: Wed Aug 29 20:38:55 UTC 2012 + Serial Number (hex): 008a75a45a0129d5377d65b630db676735 + Revoked at: Wed Aug 29 20:40:33 UTC 2012 + Serial Number (hex): 25ca8d2f440a839a53098ad9d6c0eaf0 + Revoked at: Thu Aug 30 14:43:14 UTC 2012 + Serial Number (hex): 1086ce42193f2a3c64237bc429306d7d + Revoked at: Thu Aug 30 18:48:55 UTC 2012 + Serial Number (hex): 008c24ad02a6b688319117e6a1942eaaaf + Revoked at: Thu Aug 30 20:38:43 UTC 2012 + Serial Number (hex): 0095879cb39a4d5155372c2f409f975d0c + Revoked at: Fri Aug 31 15:57:42 UTC 2012 + Serial Number (hex): 00ebc9ab3bbcba75fd8d94dea8782e43cf + Revoked at: Fri Aug 31 15:58:10 UTC 2012 + Serial Number (hex): 5dd0b2e6e228a9a71f629a6f52162a10 + Revoked at: Fri Aug 31 16:03:51 UTC 2012 + Serial Number (hex): 5fcfe8536f1f97c9c8d108187420d6b0 + Revoked at: Fri Aug 31 16:04:06 UTC 2012 + Serial Number (hex): 66f41a2058080fe3dc1f56884bd60158 + Revoked at: Fri Aug 31 16:21:49 UTC 2012 + Serial Number (hex): 0080e485d1a7e38eba284480d7fea8b586 + Revoked at: Mon Sep 03 02:01:16 UTC 2012 + Serial Number (hex): 00b49684733624dd52a593293c15c765f3 + Revoked at: Tue Sep 04 12:02:16 UTC 2012 + Serial Number (hex): 266ee66ac1335a8c90c2411ba6325f7d + Revoked at: Tue Sep 04 16:45:05 UTC 2012 + Serial Number (hex): 7c812e3e8bab9b277f427559d1b04ff6 + Revoked at: Tue Sep 04 18:02:56 UTC 2012 + Serial Number (hex): 59a3ec51ced1af56a4d679b40aab4cc5 + Revoked at: Tue Sep 04 18:15:26 UTC 2012 + Serial Number (hex): 00cdf352af3ab54f3bb776e80f05a03825 + Revoked at: Tue Sep 04 19:58:20 UTC 2012 + Serial Number (hex): 3ebdaecb6376ea5cbadb3e0d3d56e555 + Revoked at: Tue Sep 04 21:33:06 UTC 2012 + Serial Number (hex): 0087ee1d01e4e72bae2fb4f2cab24218bb + Revoked at: Tue Sep 04 21:35:45 UTC 2012 + Serial Number (hex): 4b918f8a36e9e465dae6c24f599e352e + Revoked at: Wed Sep 05 08:28:17 UTC 2012 + Serial Number (hex): 5c17880ba0a59bb204ff04b98457fe3a + Revoked at: Wed Sep 05 15:25:10 UTC 2012 + Serial Number (hex): 6420d1447762c64c0e3234da0ed1a1bf + Revoked at: Wed Sep 05 16:00:44 UTC 2012 + Serial Number (hex): 5a60e7cde5354a87f101063fc4b2b108 + Revoked at: Wed Sep 05 16:46:59 UTC 2012 + Serial Number (hex): 00b5e19d66f0072541827e1da34d2e2f78 + Revoked at: Wed Sep 05 20:41:48 UTC 2012 + Serial Number (hex): 00bd450be450648b3bc65e80609731740f + Revoked at: Wed Sep 05 21:11:12 UTC 2012 + Serial Number (hex): 0e710e3979c7ca7fead93a9bf3f402b3 + Revoked at: Wed Sep 05 21:11:39 UTC 2012 + Serial Number (hex): 70a7ed04792f5464944749358a860ec5 + Revoked at: Thu Sep 06 00:09:29 UTC 2012 + Serial Number (hex): 00995ca9102d06f9581fd70b91807bae6f + Revoked at: Thu Sep 06 02:00:20 UTC 2012 + Serial Number (hex): 2c680e2dc8de0472de1d70f798bd906e + Revoked at: Thu Sep 06 13:13:23 UTC 2012 + Serial Number (hex): 00920d45fd4923864f60c9fd43a789d50e + Revoked at: Thu Sep 06 13:34:00 UTC 2012 + Serial Number (hex): 008b32d70dcedd639e6f2b5c6c5d6308a1 + Revoked at: Thu Sep 06 14:31:59 UTC 2012 + Serial Number (hex): 430e26b02f5190b837ab94be61308c3d + Revoked at: Thu Sep 06 14:48:48 UTC 2012 + Serial Number (hex): 00faa7d3e927e2aa82b7567898d3882eab + Revoked at: Thu Sep 06 14:49:02 UTC 2012 + Serial Number (hex): 00e4df137c697a6203ac371b2820eea60a + Revoked at: Thu Sep 06 14:49:09 UTC 2012 + Serial Number (hex): 33fa10c357b49c74826ae21feaed0bd0 + Revoked at: Thu Sep 06 16:02:26 UTC 2012 + Serial Number (hex): 009bdf3d71022989916331b33dae5358c4 + Revoked at: Thu Sep 06 16:06:34 UTC 2012 + Serial Number (hex): 38bbf8091d16d9478ab19cab8436ef0a + Revoked at: Thu Sep 06 22:00:42 UTC 2012 + Serial Number (hex): 00a7d469c5ab5ea9d18c772cd73482e20d + Revoked at: Fri Sep 07 06:48:37 UTC 2012 + Serial Number (hex): 791aef5a5a311c930277b8e6032ca34b + Revoked at: Fri Sep 07 15:14:23 UTC 2012 + Serial Number (hex): 16a59d85e10a18e7ceb257cddca01072 + Revoked at: Fri Sep 07 16:06:34 UTC 2012 + Serial Number (hex): 44fb1e1b5b51e59fdacacb45c2a684da + Revoked at: Fri Sep 07 16:18:41 UTC 2012 + Serial Number (hex): 009833941fe530a1783ac6c57fb1f666f9 + Revoked at: Fri Sep 07 16:41:37 UTC 2012 + Serial Number (hex): 00e9faef7a03bdc082c2be27e89c97e145 + Revoked at: Fri Sep 07 17:02:14 UTC 2012 + Serial Number (hex): 12ef08dbfb3e49bec4c320a19a81dd92 + Revoked at: Fri Sep 07 18:04:15 UTC 2012 + Serial Number (hex): 008f443b16a9892ff0f5fc02fe20d803d4 + Revoked at: Fri Sep 07 20:32:51 UTC 2012 + Serial Number (hex): 0099f19a589f921101803fe1fdc1375ef8 + Revoked at: Fri Sep 07 22:01:18 UTC 2012 + Serial Number (hex): 00f01fa55eeabf3f1393f83b96587b3cd6 + Revoked at: Sun Sep 09 09:21:24 UTC 2012 + Serial Number (hex): 00fe4ecfe502454444d25dfa5978a0cb94 + Revoked at: Mon Sep 10 12:17:53 UTC 2012 + Serial Number (hex): 11e79ebeff0a5ab75ef233ab990da1cc + Revoked at: Mon Sep 10 16:31:38 UTC 2012 + Serial Number (hex): 00e3ffb4a6a11bd1a0ab68b457649a9d2f + Revoked at: Tue Sep 11 04:51:45 UTC 2012 + Serial Number (hex): 00e509666241b41d26719d4ec06475e841 + Revoked at: Tue Sep 11 04:53:21 UTC 2012 + Serial Number (hex): 7e5a8bd256e68e33ae36cd0ffbaa9e48 + Revoked at: Tue Sep 11 07:10:25 UTC 2012 + Serial Number (hex): 00a974fd20ab670d0d6805b862784b8aff + Revoked at: Tue Sep 11 12:35:36 UTC 2012 + Serial Number (hex): 639a54a1875a51ce4d725db0c983e93d + Revoked at: Tue Sep 11 13:57:12 UTC 2012 + Serial Number (hex): 164402d97b1926b11d33df33a7224082 + Revoked at: Tue Sep 11 16:36:45 UTC 2012 + Serial Number (hex): 639d9f44c5213c469d5dd7aa57f1e2d3 + Revoked at: Tue Sep 11 16:41:42 UTC 2012 + Serial Number (hex): 00930a119df7825e1156fd4b3d002cd9a8 + Revoked at: Tue Sep 11 16:43:09 UTC 2012 + Serial Number (hex): 00e173dd5af70544fcdc90982f3ab44cfa + Revoked at: Tue Sep 11 16:45:10 UTC 2012 + Serial Number (hex): 1c013c9888d6b583348d08dac6e15d13 + Revoked at: Tue Sep 11 16:47:41 UTC 2012 + Serial Number (hex): 009bdda0a9be684b8f7e3f78e91edb165b + Revoked at: Tue Sep 11 16:49:28 UTC 2012 + Serial Number (hex): 00a92f28aa15b28b6a3964f3bc8bc2cfcf + Revoked at: Tue Sep 11 17:50:34 UTC 2012 + Serial Number (hex): 00a1468942117efb4d95f9f3c4d0ff8fb2 + Revoked at: Tue Sep 11 20:42:16 UTC 2012 + Serial Number (hex): 00ca50cabbf3456f34c35ea6c455df6b40 + Revoked at: Tue Sep 11 21:47:16 UTC 2012 + Serial Number (hex): 00ed4967ae315ff42163e9bcc633eea399 + Revoked at: Wed Sep 12 05:58:44 UTC 2012 + Serial Number (hex): 009147491dd9ad7417fa38d528da174c56 + Revoked at: Wed Sep 12 06:46:50 UTC 2012 + Serial Number (hex): 648fa101d7ec4fa519cdfdf5115fdf1f + Revoked at: Wed Sep 12 09:51:23 UTC 2012 + Serial Number (hex): 00bb650394486d62a360d03a8050125f05 + Revoked at: Wed Sep 12 13:38:06 UTC 2012 + Serial Number (hex): 00f7378fdc877f2cff0c280dd976d3f8ec + Revoked at: Wed Sep 12 13:49:13 UTC 2012 + Serial Number (hex): 0090413127cfa88a77597cda9c5724a28f + Revoked at: Wed Sep 12 14:04:52 UTC 2012 + Serial Number (hex): 2e41f111acca0562e34bb2b3622e1131 + Revoked at: Wed Sep 12 16:18:18 UTC 2012 + Serial Number (hex): 00fed078548a354adb3163d4c1e9ed4c1b + Revoked at: Wed Sep 12 17:01:53 UTC 2012 + Serial Number (hex): 607c9b2ddf47667510162004ddbab708 + Revoked at: Wed Sep 12 18:46:15 UTC 2012 + Serial Number (hex): 3c8c3bd0786e974aad8b8d0a92af6905 + Revoked at: Wed Sep 12 20:06:38 UTC 2012 + Serial Number (hex): 411613fd882a4ea12612726b15f99c2c + Revoked at: Wed Sep 12 21:17:47 UTC 2012 + Serial Number (hex): 75e390617607d11b3e04a9711bf7892c + Revoked at: Wed Sep 12 23:00:42 UTC 2012 + Serial Number (hex): 1ec46d74430f6aa940f2befb38e9d3d2 + Revoked at: Thu Sep 13 11:04:17 UTC 2012 + Serial Number (hex): 00bcdb7f4656dc1bbd91eeacc6bc535d3e + Revoked at: Thu Sep 13 13:34:16 UTC 2012 + Serial Number (hex): 00c98e37626410974cbcfe8b0e939b6b4c + Revoked at: Thu Sep 13 14:16:34 UTC 2012 + Serial Number (hex): 00f0a26323eac66050fafeec50eef9b0b0 + Revoked at: Thu Sep 13 19:44:44 UTC 2012 + Serial Number (hex): 00ced8f09830050031ddbcdefdeca1f765 + Revoked at: Thu Sep 13 19:45:19 UTC 2012 + Serial Number (hex): 5dbd0b0e451dd6d848c72582e0eef6 + Revoked at: Thu Sep 13 19:57:27 UTC 2012 + Serial Number (hex): 009f805b7ef9c4dbc1fcc1857a8a224281 + Revoked at: Thu Sep 13 20:35:04 UTC 2012 + Serial Number (hex): 414154ad46356299f90f6a32b73d6692 + Revoked at: Thu Sep 13 21:05:35 UTC 2012 + Serial Number (hex): 55b7ff574a4a45206da2bf0c397f0447 + Revoked at: Thu Sep 13 21:09:25 UTC 2012 + Serial Number (hex): 00fe25017f510b8add30ecff50da184d19 + Revoked at: Fri Sep 14 11:07:46 UTC 2012 + Serial Number (hex): 0087bd307816a05e21a52136fa2d5bcfcc + Revoked at: Fri Sep 14 12:17:32 UTC 2012 + Serial Number (hex): 00b9c471d82fad5f70bf04766897f17bac + Revoked at: Fri Sep 14 19:19:03 UTC 2012 + Serial Number (hex): 167cb2b33bbdf62f3ac871493ae34ab8 + Revoked at: Fri Sep 14 19:31:00 UTC 2012 + Serial Number (hex): 1dfff41632c2c03e6ab3fea92426166f + Revoked at: Fri Sep 14 20:06:54 UTC 2012 + Serial Number (hex): 641de973019a4150ce674932bc52cf06 + Revoked at: Fri Sep 14 20:09:15 UTC 2012 + Serial Number (hex): 00f47cbda26fc4535cebac85a80b89c44a + Revoked at: Sat Sep 15 00:11:56 UTC 2012 + Serial Number (hex): 00b9237de8579472af6592b9627e885563 + Revoked at: Mon Sep 17 11:01:35 UTC 2012 + Serial Number (hex): 6c56275145937565943fd316942fcc6b + Revoked at: Mon Sep 17 12:07:59 UTC 2012 + Serial Number (hex): 00842e7b2f42adeed806b2e6a9fcccb953 + Revoked at: Mon Sep 17 13:15:07 UTC 2012 + Serial Number (hex): 34cb340daf8f80db54369df905b87339 + Revoked at: Mon Sep 17 21:06:29 UTC 2012 + Serial Number (hex): 0083bd739cc5b6823f3e6e1f20d1fdd7d7 + Revoked at: Tue Sep 18 04:11:33 UTC 2012 + Serial Number (hex): 00ac199240381d9779c7a83f89017c00 + Revoked at: Tue Sep 18 12:13:49 UTC 2012 + Serial Number (hex): 00fdb525484547dd2dd17ec7eefd244527 + Revoked at: Tue Sep 18 14:15:19 UTC 2012 + Serial Number (hex): 00ebbd3b3eb815bcb360eb72e635eb234d + Revoked at: Tue Sep 18 19:55:17 UTC 2012 + Serial Number (hex): 5b5259e71bc6aaf366a975637cb086a9 + Revoked at: Tue Sep 18 20:04:23 UTC 2012 + Serial Number (hex): 04265843e12a7930708f2431554f882b + Revoked at: Tue Sep 18 20:09:13 UTC 2012 + Serial Number (hex): 2643cd79b33829011292ef390d4d4363 + Revoked at: Tue Sep 18 20:21:19 UTC 2012 + Serial Number (hex): 00fdbeb0a22430ce7aa38b8a526dd6f487 + Revoked at: Tue Sep 18 21:11:35 UTC 2012 + Serial Number (hex): 00fad42192c9fecf1d9948321223c2b263 + Revoked at: Tue Sep 18 21:11:58 UTC 2012 + Serial Number (hex): 00ed779f2afe806f43b1b8b45edc5d6739 + Revoked at: Tue Sep 18 21:16:17 UTC 2012 + Serial Number (hex): 2a1360adefd85640fb19480376371ae9 + Revoked at: Tue Sep 18 21:16:44 UTC 2012 + Serial Number (hex): 24e2bb0d4a940e579941d20bd10720ca + Revoked at: Tue Sep 18 21:18:04 UTC 2012 + Serial Number (hex): 036b32b1dcba48e5a07cf6e3f7d3e29f + Revoked at: Wed Sep 19 06:58:13 UTC 2012 + Serial Number (hex): 008e534f309ecd2ab4fd078fe152c079ee + Revoked at: Wed Sep 19 13:33:28 UTC 2012 + Serial Number (hex): 00dc13ca41ab812dd34d24a0d9cf149984 + Revoked at: Wed Sep 19 14:29:43 UTC 2012 + Serial Number (hex): 746b8fe2af26093d222d46b111b9e11e + Revoked at: Wed Sep 19 21:25:31 UTC 2012 + Serial Number (hex): 00e53b7ce637aeef9364e21005185eb134 + Revoked at: Thu Sep 20 04:02:23 UTC 2012 + Serial Number (hex): 00fb6c41fe467be0b1ab4102e4f4cd0aed + Revoked at: Thu Sep 20 09:45:01 UTC 2012 + Serial Number (hex): 66c4f16397c805537a23e506701d7391 + Revoked at: Thu Sep 20 13:03:36 UTC 2012 + Serial Number (hex): 00e6df9da88a84a775f0e411002b9d3d26 + Revoked at: Thu Sep 20 14:47:19 UTC 2012 + Serial Number (hex): 41e8b00b65da870c66a00579ea86d95e + Revoked at: Thu Sep 20 15:32:13 UTC 2012 + Serial Number (hex): 00ff9f1e889159c4a770c865519c2ea4c6 + Revoked at: Thu Sep 20 16:44:55 UTC 2012 + Serial Number (hex): 11a077f8af833e94b73fde60a1fc11db + Revoked at: Thu Sep 20 17:17:39 UTC 2012 + Serial Number (hex): 58bd61d9f7292dc1bc9438bf54474e6c + Revoked at: Thu Sep 20 17:29:09 UTC 2012 + Serial Number (hex): 60b38b1b065db2a0bfb147915b47b2a4 + Revoked at: Thu Sep 20 17:51:03 UTC 2012 + Serial Number (hex): 14a3fc9450569c85d6137027bc5dfa5f + Revoked at: Thu Sep 20 22:19:44 UTC 2012 + Serial Number (hex): 444f96c465382b570dc7f7ddb616aaf4 + Revoked at: Thu Sep 20 22:20:48 UTC 2012 + Serial Number (hex): 1d0c6d6fb98a53dd79764610e8f5f47b + Revoked at: Thu Sep 20 22:21:05 UTC 2012 + Serial Number (hex): 140a97671fd0b8c6691bf7080fc759d9 + Revoked at: Thu Sep 20 22:21:24 UTC 2012 + Serial Number (hex): 00d60b618d8fb98c0e36f37bad7c5d52f2 + Revoked at: Fri Sep 21 02:34:41 UTC 2012 + Serial Number (hex): 00d0920306f880b36b313efc3a9d993f07 + Revoked at: Fri Sep 21 07:07:03 UTC 2012 + Serial Number (hex): 24e9391ffb8050d891cb1dfcc4721c7b + Revoked at: Fri Sep 21 07:57:16 UTC 2012 + Serial Number (hex): 1f6a14e01fc647114e423847195d1f55 + Revoked at: Fri Sep 21 14:57:54 UTC 2012 + Serial Number (hex): 00df653537c0339c25129a85a0c84d783f + Revoked at: Fri Sep 21 17:12:39 UTC 2012 + Serial Number (hex): 3418dbce34acc44431edd9dee9bc8153 + Revoked at: Fri Sep 21 18:21:31 UTC 2012 + Serial Number (hex): 00f49eeb297c2530783a3e0fefb8aa1209 + Revoked at: Fri Sep 21 20:10:49 UTC 2012 + Serial Number (hex): 009d92d643b62f4b91dd5d9408b81774bd + Revoked at: Fri Sep 21 20:16:12 UTC 2012 + Serial Number (hex): 593adbd986dd184a6af7e201a02d75eb + Revoked at: Fri Sep 21 21:00:02 UTC 2012 + Serial Number (hex): 00bea9a061857d992e88c1c5b448377064 + Revoked at: Sat Sep 22 01:46:08 UTC 2012 + Serial Number (hex): 3feed851955557f0450271138879ce35 + Revoked at: Mon Sep 24 14:17:06 UTC 2012 + Serial Number (hex): 09eafb6abd7274723a1cf3a2a92ca862 + Revoked at: Mon Sep 24 18:52:38 UTC 2012 + Serial Number (hex): 288cba680500534f0afa69869b560379 + Revoked at: Mon Sep 24 20:19:12 UTC 2012 + Serial Number (hex): 00c23d5615e25e86c1e0b414a6d5b405fa + Revoked at: Mon Sep 24 20:43:37 UTC 2012 + Serial Number (hex): 00d18cf2e7fbdb0acf65ef7277eb831061 + Revoked at: Mon Sep 24 20:52:36 UTC 2012 + Serial Number (hex): 00b4eb49659a59d9b4c8ecca9bf70a98fd + Revoked at: Tue Sep 25 09:48:37 UTC 2012 + Serial Number (hex): 727c711183cb0811b4823d684cf806d9 + Revoked at: Tue Sep 25 14:58:25 UTC 2012 + Serial Number (hex): 30dcc5ebd9e0df0f5c3f71903727ebd9 + Revoked at: Tue Sep 25 15:27:13 UTC 2012 + Serial Number (hex): 00cb01cb5ba574f0aa2d5b46903d8dd9d7 + Revoked at: Tue Sep 25 15:27:22 UTC 2012 + Serial Number (hex): 023433abe1e1283df321100cbff07908 + Revoked at: Tue Sep 25 15:28:39 UTC 2012 + Serial Number (hex): 109315c0c7ad8c6adac9d53632e8cd1c + Revoked at: Tue Sep 25 16:51:58 UTC 2012 + Serial Number (hex): 14c4e44b7f0429572ac31c31e42672ce + Revoked at: Tue Sep 25 17:55:49 UTC 2012 + Serial Number (hex): 0087b9385a989469a967ab45342ad8d531 + Revoked at: Tue Sep 25 19:59:42 UTC 2012 + Serial Number (hex): 44c200693cc786473967e6c65a3a11b3 + Revoked at: Tue Sep 25 21:08:39 UTC 2012 + Serial Number (hex): 00d43ffac0791ad50dd2270f311a518885 + Revoked at: Wed Sep 26 14:23:00 UTC 2012 + Serial Number (hex): 6f77a071cdf1bab92270494da546a682 + Revoked at: Wed Sep 26 14:41:02 UTC 2012 + Serial Number (hex): 5148c22df645ef2c4212808c4c2d46ee + Revoked at: Wed Sep 26 20:06:58 UTC 2012 + Serial Number (hex): 008772d21c61c6aa895a5e341fd902a7a3 + Revoked at: Wed Sep 26 20:20:23 UTC 2012 + Serial Number (hex): 008aed786cc2068011fb23e36537ae21b8 + Revoked at: Thu Sep 27 03:22:15 UTC 2012 + Serial Number (hex): 090d1822fc512d0c0c0da4a2ddce952b + Revoked at: Thu Sep 27 03:22:27 UTC 2012 + Serial Number (hex): 13346a3e50a0d055477b8ff39b418bfa + Revoked at: Thu Sep 27 09:18:39 UTC 2012 + Serial Number (hex): 00deb2b0911965dbce9a2b459cfd37237d + Revoked at: Thu Sep 27 13:54:14 UTC 2012 + Serial Number (hex): 4c022ca600a24d6b76a6487fcbde971c + Revoked at: Thu Sep 27 14:21:27 UTC 2012 + Serial Number (hex): 00a8f947a4749a9a8ef509bfdfc179b398 + Revoked at: Thu Sep 27 17:52:34 UTC 2012 + Serial Number (hex): 06be85629d52ed32e63ca9db1d86f0f1 + Revoked at: Thu Sep 27 17:57:37 UTC 2012 + Serial Number (hex): 00a9385bd049218d81f0571405fc3a93f9 + Revoked at: Thu Sep 27 18:09:22 UTC 2012 + Serial Number (hex): 00f07ad21fcc1de72d2d27387b8eaa8595 + Revoked at: Fri Sep 28 11:00:00 UTC 2012 + Serial Number (hex): 70d49c0574d803550c24ebb08f584bd9 + Revoked at: Fri Sep 28 13:27:23 UTC 2012 + Serial Number (hex): 00d5d350b6ad8ea607aa5363641dcce81b + Revoked at: Fri Sep 28 15:49:26 UTC 2012 + Serial Number (hex): 00f19da32385d735cdda1cf572c9939ca3 + Revoked at: Fri Sep 28 15:49:45 UTC 2012 + Serial Number (hex): 00e1cbbf4c4ff780e0e26313ee42937510 + Revoked at: Fri Sep 28 19:42:37 UTC 2012 + Serial Number (hex): 00c866c7c2fe7cf830ca0537cfc89092cb + Revoked at: Fri Sep 28 20:34:01 UTC 2012 + Serial Number (hex): 1b0c8866da05753e13508be1be2a1d19 + Revoked at: Fri Sep 28 20:44:04 UTC 2012 + Serial Number (hex): 00bfc3c7c92ae23a475258dbdc26efa29c + Revoked at: Fri Sep 28 21:06:34 UTC 2012 + Serial Number (hex): 73ed65f4d77f3a47c83a789cc1008569 + Revoked at: Fri Sep 28 21:06:42 UTC 2012 + Serial Number (hex): 00edbf39895a4b688979026fc8c7fc345c + Revoked at: Fri Sep 28 21:30:26 UTC 2012 + Serial Number (hex): 00be8e73cc9dcdec2517b131d4a1d3ec41 + Revoked at: Sat Sep 29 00:04:52 UTC 2012 + Serial Number (hex): 00e53ca79a4924f856927df475cbb59887 + Revoked at: Mon Oct 01 02:49:37 UTC 2012 + Serial Number (hex): 08c8c05814219219c3e033c17ef015a3 + Revoked at: Mon Oct 01 06:36:51 UTC 2012 + Serial Number (hex): 202065f99cb71f4d9781fd1997c74e71 + Revoked at: Mon Oct 01 08:59:33 UTC 2012 + Serial Number (hex): 00cecc032cb67e4a9a0df0cf7fa51b3330 + Revoked at: Mon Oct 01 14:04:14 UTC 2012 + Serial Number (hex): 00c9c3e1d3e5801a98c6eb4eb2b3e41d80 + Revoked at: Mon Oct 01 14:35:39 UTC 2012 + Serial Number (hex): 22d0487669004e0df0c866df8eb06db5 + Revoked at: Mon Oct 01 16:42:51 UTC 2012 + Serial Number (hex): 00df73e9b5fc790bd61422ed1520716b15 + Revoked at: Mon Oct 01 18:01:35 UTC 2012 + Serial Number (hex): 5cdb535df699eca85d1e9773c404d538 + Revoked at: Mon Oct 01 21:46:25 UTC 2012 + Serial Number (hex): 009e90d56afbce1c404e1008155e62c58f + Revoked at: Tue Oct 02 09:35:54 UTC 2012 + Serial Number (hex): 009dc9bcc43ed7212b896f54810b8d7d61 + Revoked at: Tue Oct 02 14:04:48 UTC 2012 + Serial Number (hex): 5c9c7fd4eb79371f5c42a1beb958eeab + Revoked at: Tue Oct 02 14:32:05 UTC 2012 + Serial Number (hex): 009bacb81df138a3fc690cd19bc6898591 + Revoked at: Tue Oct 02 15:12:56 UTC 2012 + Serial Number (hex): 00a261a98136b8bdcfd16490aea85ff794 + Revoked at: Tue Oct 02 15:26:13 UTC 2012 + Serial Number (hex): 00f4aa912ba16590181eb5749c965d2c97 + Revoked at: Tue Oct 02 15:32:51 UTC 2012 + Serial Number (hex): 00bc941ad84a2a1dbfd413ff2686506218 + Revoked at: Tue Oct 02 15:43:56 UTC 2012 + Serial Number (hex): 0c6c001bbf5deb947cfe3b032470c756 + Revoked at: Tue Oct 02 16:27:17 UTC 2012 + Serial Number (hex): 00963938ac90f5bb498c5e7499c9e787a9 + Revoked at: Tue Oct 02 16:43:15 UTC 2012 + Serial Number (hex): 4ccc136ea0567a6b7515f24ac412b92e + Revoked at: Tue Oct 02 17:31:50 UTC 2012 + Serial Number (hex): 00f21b6d16ba75d4604fa36429f2aed782 + Revoked at: Tue Oct 02 19:18:58 UTC 2012 + Serial Number (hex): 7c622567b33a7f6039a33ade8b1b57ad + Revoked at: Tue Oct 02 21:01:33 UTC 2012 + Serial Number (hex): 0de22ad1ce7912f961ac4ec58eadf1c3 + Revoked at: Tue Oct 02 22:00:11 UTC 2012 + Serial Number (hex): 233c28361c1c146388bbf096d9c2eee5 + Revoked at: Wed Oct 03 06:09:05 UTC 2012 + Serial Number (hex): 72e2e0fc21c29a2fc3058cae18b902ed + Revoked at: Wed Oct 03 06:14:48 UTC 2012 + Serial Number (hex): 14adb85c43802184a99d10b1403d032b + Revoked at: Wed Oct 03 14:52:29 UTC 2012 + Serial Number (hex): 1b713e7c05f69c219f923af4237b19c2 + Revoked at: Wed Oct 03 18:18:46 UTC 2012 + Serial Number (hex): 0fb70b61db6c15fd01c8f0d9012b6624 + Revoked at: Wed Oct 03 19:28:02 UTC 2012 + Serial Number (hex): 6c995464c4cede52f5d0acd9ca05ca3c + Revoked at: Wed Oct 03 20:45:08 UTC 2012 + Serial Number (hex): 008c9df7537fca47d1e3c6dac495fc3b06 + Revoked at: Wed Oct 03 20:45:16 UTC 2012 + Serial Number (hex): 7e32ca8dafc1b74942743beabe057713 + Revoked at: Thu Oct 04 02:26:52 UTC 2012 + Serial Number (hex): 6065c08d0fa33e5242b1dab197ea5f81 + Revoked at: Thu Oct 04 02:27:04 UTC 2012 + Serial Number (hex): 009703807ac8950494a4186005b6d80d44 + Revoked at: Thu Oct 04 02:32:26 UTC 2012 + Serial Number (hex): 00de26eef7cd1bac52243ec2ebbbf40b72 + Revoked at: Thu Oct 04 05:05:37 UTC 2012 + Serial Number (hex): 00f94af3ade3cd6f0b9cc7d19ee249935f + Revoked at: Thu Oct 04 05:06:18 UTC 2012 + Serial Number (hex): 64c0f45fb7336bc33f3619af15f19b3d + Revoked at: Thu Oct 04 09:29:04 UTC 2012 + Serial Number (hex): 00e08a0fe98b4b23c12ad722dbd5a55d1e + Revoked at: Thu Oct 04 10:11:03 UTC 2012 + Serial Number (hex): 1361c424c9f3bdd81b117c20152dac97 + Revoked at: Thu Oct 04 12:51:33 UTC 2012 + Serial Number (hex): 4ca982cb03479e58cf880599fdff4cba + Revoked at: Thu Oct 04 13:40:14 UTC 2012 + Serial Number (hex): 038feae8cbc81c44f7c6437af08943a4 + Revoked at: Thu Oct 04 14:58:53 UTC 2012 + Serial Number (hex): 00a726dd0433f32e5bb5790624e11a64d3 + Revoked at: Thu Oct 04 16:05:28 UTC 2012 + Serial Number (hex): 00c8e22f46849260959f35f9b53554ef12 + Revoked at: Thu Oct 04 16:19:10 UTC 2012 + Serial Number (hex): 6a749a759578003bbde97c528a871846 + Revoked at: Thu Oct 04 16:49:51 UTC 2012 + Serial Number (hex): 00c406791e1164cf5f5df69a1bbc65f577 + Revoked at: Thu Oct 04 17:33:12 UTC 2012 + Serial Number (hex): 01178b49b7a0a59b4b06f63b29ec9e8b + Revoked at: Thu Oct 04 20:22:41 UTC 2012 + Serial Number (hex): 009f5c2f02dcca474ec6e415716c976c68 + Revoked at: Thu Oct 04 20:26:25 UTC 2012 + Serial Number (hex): 55388f0aa5ebb2cd4713e1291dca814f + Revoked at: Fri Oct 05 07:15:16 UTC 2012 + Serial Number (hex): 471a0ef8cde1d20a31a54afa4f3b5bf1 + Revoked at: Fri Oct 05 08:01:01 UTC 2012 + Serial Number (hex): 45f859d7278a2948d0c0e47fc5171ce7 + Revoked at: Fri Oct 05 13:28:32 UTC 2012 + Serial Number (hex): 00bb44007308f563c5aca201b499f640d4 + Revoked at: Fri Oct 05 14:12:21 UTC 2012 + Serial Number (hex): 7855071f53dc0a3e4ea82b814d3871a0 + Revoked at: Fri Oct 05 14:52:58 UTC 2012 + Serial Number (hex): 00eadc7fab00412dfd51fdfa9d92774062 + Revoked at: Fri Oct 05 16:03:19 UTC 2012 + Serial Number (hex): 008fbf4f175e1febd0e257a70d04dfaf18 + Revoked at: Fri Oct 05 16:18:22 UTC 2012 + Serial Number (hex): 0dd8eb9104563839f0013c6c57f3551f + Revoked at: Fri Oct 05 17:16:43 UTC 2012 + Serial Number (hex): 00ea3e3c10d2c6f6392e5eac4670656d25 + Revoked at: Fri Oct 05 18:32:26 UTC 2012 + Serial Number (hex): 00dacde56970d39170db1c971d5f9580cf + Revoked at: Fri Oct 05 20:48:09 UTC 2012 + Serial Number (hex): 3de0ea1314d8902f0a75854401e1754d + Revoked at: Sat Oct 06 02:13:10 UTC 2012 + Serial Number (hex): 00a32f5fee7a525436aec13cbe64e20742 + Revoked at: Sat Oct 06 04:05:12 UTC 2012 + Serial Number (hex): 354e84e634c6db58b6e2504c84547d81 + Revoked at: Sat Oct 06 18:44:18 UTC 2012 + Serial Number (hex): 016f1329612c8401ed1ad81ff5bcb9e5 + Revoked at: Mon Oct 08 02:13:03 UTC 2012 + Serial Number (hex): 00b11664ba85b742f026d46094548c456b + Revoked at: Mon Oct 08 12:11:49 UTC 2012 + Serial Number (hex): 00db3074781da3dbfcdc14ef08c2bb7d07 + Revoked at: Mon Oct 08 18:50:22 UTC 2012 + Serial Number (hex): 7d97f37ea690507742ef595676a973d9 + Revoked at: Mon Oct 08 19:51:37 UTC 2012 + Serial Number (hex): 6dd7aa686f0369e55cdb9fae4ed3f3a9 + Revoked at: Tue Oct 09 01:01:02 UTC 2012 + Serial Number (hex): 3885e5015527b12c779b52706ac13b18 + Revoked at: Tue Oct 09 12:39:12 UTC 2012 + Serial Number (hex): 00e51f0b2d01629b33259d9239a64e27ef + Revoked at: Tue Oct 09 14:10:43 UTC 2012 + Serial Number (hex): 00e8872b42d53361b722672c103515d156 + Revoked at: Tue Oct 09 14:12:40 UTC 2012 + Serial Number (hex): 00f6034ad9a8179f0154ff3c6f59022161 + Revoked at: Tue Oct 09 14:31:07 UTC 2012 + Serial Number (hex): 47f9b2bc219431704fca6d4b657ce3d4 + Revoked at: Tue Oct 09 15:08:30 UTC 2012 + Serial Number (hex): 00b3fe31ffd2a3caa535ff1ef78685c3fe + Revoked at: Tue Oct 09 15:09:02 UTC 2012 + Serial Number (hex): 29a35f5545e2f662b6d8bb82b6d2b6ec + Revoked at: Tue Oct 09 15:12:39 UTC 2012 + Serial Number (hex): 03d19da3933cbd3ed234639dda88e519 + Revoked at: Tue Oct 09 16:27:46 UTC 2012 + Serial Number (hex): 00d3d8b60795949c5d29d111c91cf16683 + Revoked at: Tue Oct 09 17:44:56 UTC 2012 + Serial Number (hex): 7199c460ff66b273f507d502ad6f3c31 + Revoked at: Tue Oct 09 18:13:43 UTC 2012 + Serial Number (hex): 00c35c8b378acf5fd91d560b4094e3fe2f + Revoked at: Tue Oct 09 18:13:43 UTC 2012 + Serial Number (hex): 00c1cba692ea079bf8205bf1cb53118770 + Revoked at: Tue Oct 09 18:50:55 UTC 2012 + Serial Number (hex): 0185d16dc2f22e677780062fd566da5b + Revoked at: Wed Oct 10 13:31:07 UTC 2012 + Serial Number (hex): 00c20f87d4840fdf1b0e62cf94217c18a3 + Revoked at: Wed Oct 10 17:01:59 UTC 2012 + Serial Number (hex): 2961a30653383426a787a16290f22caf + Revoked at: Wed Oct 10 17:02:35 UTC 2012 + Serial Number (hex): 00ddcebc7d9a4fcce25b3cde7c72cc72f7 + Revoked at: Wed Oct 10 18:42:37 UTC 2012 + Serial Number (hex): 5fd5f1e3077352d6fc755121bb3a38a0 + Revoked at: Wed Oct 10 18:45:59 UTC 2012 + Serial Number (hex): 00cb91926b6ca33d4ade4cec8d826bfcd3 + Revoked at: Wed Oct 10 18:46:55 UTC 2012 + Serial Number (hex): 00fef78905bacd18b2497f1bcab2cc215a + Revoked at: Wed Oct 10 19:35:16 UTC 2012 + Serial Number (hex): 00e71fe0270c7c3e5339b2c513a412b8f8 + Revoked at: Wed Oct 10 20:43:05 UTC 2012 + Serial Number (hex): 5186978eebd1b076cde2902745775014 + Revoked at: Wed Oct 10 23:40:47 UTC 2012 + Serial Number (hex): 00c4441dded36a411e9788acfe200c6649 + Revoked at: Thu Oct 11 14:14:32 UTC 2012 + Serial Number (hex): 00b38b40220f693ac2b47ea33ea998e9b0 + Revoked at: Thu Oct 11 17:16:06 UTC 2012 + Serial Number (hex): 008a6973e675f07c1fdea130c66a5c3caf + Revoked at: Thu Oct 11 18:55:53 UTC 2012 + Serial Number (hex): 3104b6d7a79cea0cde84a1a1964edc97 + Revoked at: Thu Oct 11 20:04:27 UTC 2012 + Serial Number (hex): 00a883b1836c5965ba675e56a9c021c27c + Revoked at: Thu Oct 11 20:05:37 UTC 2012 + Serial Number (hex): 1866405d10149fe9ad8f8dae816be721 + Revoked at: Thu Oct 11 20:51:13 UTC 2012 + Serial Number (hex): 00bb4e965e8089837613f1426991bbd8c1 + Revoked at: Fri Oct 12 10:49:37 UTC 2012 + Serial Number (hex): 023cad8a202d7dd974409db33be4992c + Revoked at: Fri Oct 12 17:55:39 UTC 2012 + Serial Number (hex): 00db2cddf9532766f767c0f4217696a73b + Revoked at: Fri Oct 12 21:43:52 UTC 2012 + Serial Number (hex): 0084d7fb009db1258c261b295f8b4c9f87 + Revoked at: Fri Oct 12 21:47:36 UTC 2012 + Serial Number (hex): 00e40448fb96d29980afbbc967bcb8476e + Revoked at: Sun Oct 14 15:11:19 UTC 2012 + Serial Number (hex): 60494e2f802e5392748f1dbdbe7464c5 + Revoked at: Sun Oct 14 23:26:58 UTC 2012 + Serial Number (hex): 00ee15580b873eab344cbfb45fc2e2d208 + Revoked at: Mon Oct 15 02:30:59 UTC 2012 + Serial Number (hex): 08154c637b3bfdcf0cd2acf1e9006866 + Revoked at: Mon Oct 15 07:49:02 UTC 2012 + Serial Number (hex): 00c3976ed74255cb2184fd9eec17c77323 + Revoked at: Mon Oct 15 16:00:13 UTC 2012 + Serial Number (hex): 00b928724030ffc099326cc5122bb4e3d3 + Revoked at: Mon Oct 15 17:28:29 UTC 2012 + Serial Number (hex): 6c19a82cde7a9b66e6163e3e05a86b2b + Revoked at: Mon Oct 15 20:17:19 UTC 2012 + Serial Number (hex): 00e83ff0d136510f9e3aae0af87a1daef0 + Revoked at: Mon Oct 15 20:17:39 UTC 2012 + Serial Number (hex): 0099d7a2b6320cc84fa215f54203db4242 + Revoked at: Tue Oct 16 07:55:14 UTC 2012 + Serial Number (hex): 37da557d970c44b19a25e75388560b2d + Revoked at: Tue Oct 16 10:24:52 UTC 2012 + Serial Number (hex): 43124d49c93183c1e3b4076809bb4520 + Revoked at: Tue Oct 16 12:14:48 UTC 2012 + Serial Number (hex): 469d7cf7fb596c7bf8db522c0de5cc09 + Revoked at: Tue Oct 16 13:31:27 UTC 2012 + Serial Number (hex): 0080773ed3a71349d559268484376f564f + Revoked at: Tue Oct 16 13:31:33 UTC 2012 + Serial Number (hex): 00fcb5722cd2b0b1b12ff2dc5c036f88e9 + Revoked at: Tue Oct 16 13:37:03 UTC 2012 + Serial Number (hex): 00b8686e70894620f5cfe0502189e5cb03 + Revoked at: Tue Oct 16 13:45:01 UTC 2012 + Serial Number (hex): 766aeabb549dd0d5b709ed46ef2938fa + Revoked at: Tue Oct 16 13:45:42 UTC 2012 + Serial Number (hex): 00c9c946d1de5298e0b90067bb9357ec52 + Revoked at: Tue Oct 16 17:58:24 UTC 2012 + Serial Number (hex): 5ef8eb5d0a6791258e1e0a80b9f74b6e + Revoked at: Tue Oct 16 18:19:32 UTC 2012 + Serial Number (hex): 00e195af84f953106651aae358575a0595 + Revoked at: Tue Oct 16 18:29:19 UTC 2012 + Serial Number (hex): 4269839ddeea75a59f97c90313f5dc33 + Revoked at: Tue Oct 16 19:13:14 UTC 2012 + Serial Number (hex): 08e9218735cc0069c40b57cae9d7d644 + Revoked at: Tue Oct 16 19:34:50 UTC 2012 + Serial Number (hex): 00871b824b7b0e7eed5118ae5d449edb69 + Revoked at: Tue Oct 16 19:58:39 UTC 2012 + Serial Number (hex): 6cac0f6f491e2c6f3ee77954ce90461b + Revoked at: Wed Oct 17 08:45:22 UTC 2012 + Serial Number (hex): 00e5d147825a513ec4eeebe991d352c97d + Revoked at: Wed Oct 17 15:22:21 UTC 2012 + Serial Number (hex): 47a614adc634b4e2c849a882b0ff0f73 + Revoked at: Wed Oct 17 18:13:42 UTC 2012 + Serial Number (hex): 00edfcb1c107c248c7b761fabf96fa7010 + Revoked at: Wed Oct 17 18:43:29 UTC 2012 + Serial Number (hex): 00e8878f66d94fb6d68361e36d86a0f419 + Revoked at: Wed Oct 17 20:01:55 UTC 2012 + Serial Number (hex): 673f5dd90fffbc5fb8159a55f9b88593 + Revoked at: Wed Oct 17 20:02:09 UTC 2012 + Serial Number (hex): 5c81d6e126cad167b126d3decb0c9402 + Revoked at: Wed Oct 17 20:34:28 UTC 2012 + Serial Number (hex): 00f8476a3c084b203446de9545e3114abe + Revoked at: Wed Oct 17 20:35:51 UTC 2012 + Serial Number (hex): 00fa916a596e40509222d56ed68931f00d + Revoked at: Thu Oct 18 08:10:37 UTC 2012 + Serial Number (hex): 33abbce1cd15ad57708e3d7576263cd6 + Revoked at: Thu Oct 18 10:24:48 UTC 2012 + Serial Number (hex): 35c84a78107bbe2d475949c44b341922 + Revoked at: Thu Oct 18 13:06:06 UTC 2012 + Serial Number (hex): 0086627e4b54e8fe9c4c64021f5f0dc123 + Revoked at: Thu Oct 18 17:40:56 UTC 2012 + Serial Number (hex): 208093d7e51651a37cb279bb16122d3d + Revoked at: Thu Oct 18 17:44:36 UTC 2012 + Serial Number (hex): 00ac60bbbea9e84a5dd62443afe3921ff0 + Revoked at: Thu Oct 18 18:10:39 UTC 2012 + Serial Number (hex): 77f6aaa6829e23d438698ecc76820155 + Revoked at: Thu Oct 18 19:29:18 UTC 2012 + Serial Number (hex): 00e49964bae804e90aa96d1ea8d54f2fe2 + Revoked at: Thu Oct 18 19:29:35 UTC 2012 + Serial Number (hex): 008b19a0c6f8dae143dfc12a04153acec3 + Revoked at: Thu Oct 18 22:39:33 UTC 2012 + Serial Number (hex): 53153f6131d0605f876570b77812c914 + Revoked at: Fri Oct 19 02:44:21 UTC 2012 + Serial Number (hex): 008c46f143b59f2d79170a1cda6e1b4180 + Revoked at: Fri Oct 19 02:45:25 UTC 2012 + Serial Number (hex): 035d888533326a7324b0a3b585b75734 + Revoked at: Fri Oct 19 08:09:54 UTC 2012 + Serial Number (hex): 00e94e7353f852ceb52e548809da57a163 + Revoked at: Fri Oct 19 12:58:34 UTC 2012 + Serial Number (hex): 00822d916aa42221649c857878ccd3384e + Revoked at: Fri Oct 19 15:32:12 UTC 2012 + Serial Number (hex): 00c875d7b18a1fa334195d6290937ad182 + Revoked at: Fri Oct 19 15:40:33 UTC 2012 + Serial Number (hex): 00c24b9f17a1a9e2f4c2624b369e701720 + Revoked at: Fri Oct 19 15:40:47 UTC 2012 + Serial Number (hex): 008ecf49c8591129de22545abb916c7eaf + Revoked at: Fri Oct 19 16:07:41 UTC 2012 + Serial Number (hex): 00abf050544a7189fda49e5f8b1823b067 + Revoked at: Fri Oct 19 18:24:13 UTC 2012 + Serial Number (hex): 00c585e27827183594de22e245b975c9fa + Revoked at: Fri Oct 19 20:33:19 UTC 2012 + Serial Number (hex): 2030e1515af3de66989061a11fb4674c + Revoked at: Fri Oct 19 20:33:32 UTC 2012 + Serial Number (hex): 08a4323ca030c863d4f5c92723704171 + Revoked at: Fri Oct 19 20:33:43 UTC 2012 + Serial Number (hex): 00ded225e6a0979171837aeea814463498 + Revoked at: Fri Oct 19 20:33:53 UTC 2012 + Serial Number (hex): 00ada533527f6df8a3c51411fdbefc1c58 + Revoked at: Fri Oct 19 20:34:07 UTC 2012 + Serial Number (hex): 00b72fc77f42e12bc71d4f1853b212f45a + Revoked at: Fri Oct 19 20:34:17 UTC 2012 + Serial Number (hex): 00c2856eab7e7268ee27fa4dcb40605bcf + Revoked at: Fri Oct 19 20:34:30 UTC 2012 + Serial Number (hex): 00e9eb57475ef51c7d1a45c4cb7fb72613 + Revoked at: Fri Oct 19 20:34:42 UTC 2012 + Serial Number (hex): 00922425a60b6969dec3bbade46e2f0dfe + Revoked at: Fri Oct 19 21:18:19 UTC 2012 + Serial Number (hex): 020118ff5858c5671e652771dd9ec59c + Revoked at: Fri Oct 19 21:23:42 UTC 2012 + Serial Number (hex): 3936b3be72235aeb7c2bea4e57c433fc + Revoked at: Fri Oct 19 23:34:45 UTC 2012 + Serial Number (hex): 6dcfd57b5f3404e2f420c21546e6b2d1 + Revoked at: Sat Oct 20 13:50:31 UTC 2012 + Serial Number (hex): 55244e20eb008557fa3f4000bce83252 + Revoked at: Sun Oct 21 15:48:07 UTC 2012 + Serial Number (hex): 613fe6c490d47e733546d7ba3690f125 + Revoked at: Sun Oct 21 23:46:20 UTC 2012 + Serial Number (hex): 06b0bd524b0c4be5837529d262e29ba2 + Revoked at: Mon Oct 22 08:59:58 UTC 2012 + Serial Number (hex): 00ed08efdcad1fa348635cd635d5ef9694 + Revoked at: Mon Oct 22 13:04:42 UTC 2012 + Serial Number (hex): 18bdfce94b6d09704224b9b0d4e099d9 + Revoked at: Mon Oct 22 13:34:28 UTC 2012 + Serial Number (hex): 00cb82f65954b45437a7fc657bfca7b979 + Revoked at: Mon Oct 22 16:46:03 UTC 2012 + Serial Number (hex): 78f95f38aed17cd29ba01a02b11d9c1b + Revoked at: Mon Oct 22 18:04:01 UTC 2012 + Serial Number (hex): 7c3cfbeb6054870fc0cbd39efa1b75fd + Revoked at: Mon Oct 22 18:33:35 UTC 2012 + Serial Number (hex): 2fbbba2504d1ea24ad619400810ef783 + Revoked at: Mon Oct 22 21:07:24 UTC 2012 + Serial Number (hex): 00ff30f2bbb19805f6c9b2c483262e43c7 + Revoked at: Tue Oct 23 10:41:09 UTC 2012 + Serial Number (hex): 1f4850a68709e5d292817bc6e286e358 + Revoked at: Tue Oct 23 14:16:16 UTC 2012 + Serial Number (hex): 00fe5bb2fe8db580aac763d63173d219a2 + Revoked at: Tue Oct 23 14:17:44 UTC 2012 + Serial Number (hex): 1f84667103aa4b665729e5cc0239c933 + Revoked at: Tue Oct 23 14:32:47 UTC 2012 + Serial Number (hex): 487affd0f261c24c49dd743f0558495d + Revoked at: Tue Oct 23 15:15:26 UTC 2012 + Serial Number (hex): 00e75d96cbe6f26032bff608ce43974a87 + Revoked at: Tue Oct 23 15:18:33 UTC 2012 + Serial Number (hex): 008e578d28bdb515a76a14fcfead0ff377 + Revoked at: Tue Oct 23 16:35:44 UTC 2012 + Serial Number (hex): 2305cb8fff4cf1d7f49376036dd6953f + Revoked at: Tue Oct 23 19:30:39 UTC 2012 + Serial Number (hex): 3ee5a53facdb32c68ed68cbb55a4d675 + Revoked at: Tue Oct 23 19:31:04 UTC 2012 + Serial Number (hex): 00e85cead67229d69ac3fa1c5d15bd099d + Revoked at: Tue Oct 23 19:48:16 UTC 2012 + Serial Number (hex): 00dff2947f0e94d9edaf037927e0874e97 + Revoked at: Tue Oct 23 20:14:18 UTC 2012 + Serial Number (hex): 00881312bee19e07d4590047e868842962 + Revoked at: Wed Oct 24 12:13:35 UTC 2012 + Serial Number (hex): 00d41b5304d622d5291edf0a3601de9d23 + Revoked at: Wed Oct 24 12:51:07 UTC 2012 + Serial Number (hex): 00b3a9c1359ea7d11e0e8775766cbc4bba + Revoked at: Wed Oct 24 15:26:47 UTC 2012 + Serial Number (hex): 0289e60c3d1d7ad6c2c3aea3c8cc51a7 + Revoked at: Wed Oct 24 16:40:55 UTC 2012 + Serial Number (hex): 00db72849ef1e60f2e775c74c8ab85aef1 + Revoked at: Wed Oct 24 20:33:12 UTC 2012 + Serial Number (hex): 00be76fb8189c3e38a72e6e68f496a1f85 + Revoked at: Wed Oct 24 20:36:07 UTC 2012 + Serial Number (hex): 00f6ad047bbc750c2075f3ddbcbdb55c7c + Revoked at: Wed Oct 24 20:59:33 UTC 2012 + Serial Number (hex): 26b18e3192d9a35c3e0838584b07417f + Revoked at: Wed Oct 24 21:00:02 UTC 2012 + Serial Number (hex): 00b43c0c7bce2c6fe74979ca6a265ed174 + Revoked at: Thu Oct 25 14:43:42 UTC 2012 + Serial Number (hex): 00c9be0ca78c0d934f00b5a08eaf280647 + Revoked at: Thu Oct 25 14:52:19 UTC 2012 + Serial Number (hex): 65a27f83a8c5b51e3d45145823c8daa3 + Revoked at: Thu Oct 25 15:46:50 UTC 2012 + Serial Number (hex): 7fd73950a2262f73013b6c469bf1d6bd + Revoked at: Thu Oct 25 18:38:19 UTC 2012 + Serial Number (hex): 00efc4acf5a0835e6c3f76abaeaadf02e5 + Revoked at: Thu Oct 25 19:18:25 UTC 2012 + Serial Number (hex): 009d65c14a1c1ab640435c868c5de7e9df + Revoked at: Fri Oct 26 11:45:44 UTC 2012 + Serial Number (hex): 31a23b34d95775d62f6c7d817923870e + Revoked at: Fri Oct 26 13:21:05 UTC 2012 + Serial Number (hex): 008be404b0e75bea19efc33429944d6bd3 + Revoked at: Fri Oct 26 15:10:26 UTC 2012 + Serial Number (hex): 00d5aa31a7b5b0c7dfbf4e40aa333482fb + Revoked at: Fri Oct 26 18:48:02 UTC 2012 + Serial Number (hex): 0eff679d433fd45e1930b9fd04190ebb + Revoked at: Fri Oct 26 19:38:02 UTC 2012 + Serial Number (hex): 0f15c522e13c6521195a0fa2a4c271c7 + Revoked at: Fri Oct 26 19:56:42 UTC 2012 + Serial Number (hex): 00bd9cfe97644c6e81974af4702d457a44 + Revoked at: Fri Oct 26 20:31:07 UTC 2012 + Serial Number (hex): 6cd4c5f288ce313e8b20e546d091b98a + Revoked at: Fri Oct 26 20:43:13 UTC 2012 + Serial Number (hex): 737561a864e6550cdf5452d4d63de4f0 + Revoked at: Sat Oct 27 02:13:05 UTC 2012 + Serial Number (hex): 008ec91549b2f75a46ae27c7de0b54b138 + Revoked at: Sat Oct 27 09:19:50 UTC 2012 + Serial Number (hex): 00c413a17d52e3e6715ace673319e311c3 + Revoked at: Sun Oct 28 02:13:12 UTC 2012 + Serial Number (hex): 01e984f3052c975bab3fad0e63b843f4 + Revoked at: Mon Oct 29 09:37:32 UTC 2012 + Serial Number (hex): 4f31dd5386885b69f1e4e439276287a5 + Revoked at: Mon Oct 29 14:26:45 UTC 2012 + Serial Number (hex): 00f1953901790af03494cc161ca49e2ec6 + Revoked at: Mon Oct 29 15:57:31 UTC 2012 + Serial Number (hex): 71a8babd589c4672c93604233965d833 + Revoked at: Mon Oct 29 17:43:17 UTC 2012 + Serial Number (hex): 2decd444090275c9eca1dc3c2d6ca298 + Revoked at: Mon Oct 29 19:22:24 UTC 2012 + Serial Number (hex): 00e2383608b5671c14a3e11ba82f2a9d38 + Revoked at: Mon Oct 29 19:28:28 UTC 2012 + Serial Number (hex): 50fb31c9a986f16daa7a01a0c69ce691 + Revoked at: Mon Oct 29 21:30:08 UTC 2012 + Serial Number (hex): 00bd284cfa33612a4e8fdf0d4e9be004fd + Revoked at: Tue Oct 30 13:37:01 UTC 2012 + Serial Number (hex): 008f5c531c29f27eb6d01b73d1fd5cc6bc + Revoked at: Tue Oct 30 13:49:19 UTC 2012 + Serial Number (hex): 030e0e5679b17ee7386d35b495a1f393 + Revoked at: Tue Oct 30 14:08:27 UTC 2012 + Serial Number (hex): 0413cdf8d91b7cb11b6a524ad652dd3c + Revoked at: Tue Oct 30 14:58:57 UTC 2012 + Serial Number (hex): 00881682cde500099cf1e12a68119f5b3d + Revoked at: Tue Oct 30 15:07:59 UTC 2012 + Serial Number (hex): 05928f741247619a233268905970730c + Revoked at: Tue Oct 30 16:03:12 UTC 2012 + Serial Number (hex): 5a0ee35f080060d4951f8a95138a1cd5 + Revoked at: Tue Oct 30 16:40:39 UTC 2012 + Serial Number (hex): 0244337457208f25bd3e4eae9dba3a4a + Revoked at: Tue Oct 30 16:40:50 UTC 2012 + Serial Number (hex): 00955f6bfb182eaa2f0b0fa06af9eceb61 + Revoked at: Tue Oct 30 17:18:59 UTC 2012 + Serial Number (hex): 34d0a393afd9e6fa6e32fd5792574a9d + Revoked at: Tue Oct 30 17:22:55 UTC 2012 + Serial Number (hex): 00de98d44e0541f5c874e6cd2d94a643bc + Revoked at: Tue Oct 30 17:23:37 UTC 2012 + Serial Number (hex): 00fff94e7d92066a973ef30aba3e94b37a + Revoked at: Tue Oct 30 18:23:04 UTC 2012 + Serial Number (hex): 008e1130b6d87eb4b2c08707bfc292e4fc + Revoked at: Tue Oct 30 18:48:34 UTC 2012 + Serial Number (hex): 50899d596a8037f94ea5386390ed8cb2 + Revoked at: Tue Oct 30 19:11:10 UTC 2012 + Serial Number (hex): 00e86fc049c0a86eead73afdfafb579d55 + Revoked at: Tue Oct 30 19:23:28 UTC 2012 + Serial Number (hex): 7fd931aad35f3c8e8a3c1c5aa90ef6e5 + Revoked at: Tue Oct 30 19:24:13 UTC 2012 + Serial Number (hex): 0089cc42ab1295b827ae7d97d1c963a04b + Revoked at: Wed Oct 31 10:24:17 UTC 2012 + Serial Number (hex): 00b1fcd36d6d671e4dabb4b9e679465b1d + Revoked at: Wed Oct 31 15:38:35 UTC 2012 + Serial Number (hex): 5d89507abe045e34aae13a9febcded15 + Revoked at: Wed Oct 31 19:04:54 UTC 2012 + Serial Number (hex): 00b4a5af9bcd05a1fa7834b96867572469 + Revoked at: Wed Oct 31 19:37:14 UTC 2012 + Serial Number (hex): 00c36a7d51bcd41a47b8024214e27812e3 + Revoked at: Wed Oct 31 20:36:20 UTC 2012 + Serial Number (hex): 008b30cd3eba5420788a2f5506be425b8c + Revoked at: Thu Nov 01 12:35:04 UTC 2012 + Serial Number (hex): 61033463fac1fb37e6bc07c96210ba35 + Revoked at: Thu Nov 01 14:09:03 UTC 2012 + Serial Number (hex): 00befb2ca3e8492592f913f41104f6c8ec + Revoked at: Thu Nov 01 14:11:04 UTC 2012 + Serial Number (hex): 64c177811c8125103b975b25e2123af8 + Revoked at: Thu Nov 01 14:12:33 UTC 2012 + Serial Number (hex): 3d4fcc30ddbb3f17f19914d36150b82d + Revoked at: Thu Nov 01 14:21:49 UTC 2012 + Serial Number (hex): 49a5c2104ca188e004b7b57856b6c969 + Revoked at: Thu Nov 01 14:24:25 UTC 2012 + Serial Number (hex): 5a88121dd407f9b5ece0a3eaaf392783 + Revoked at: Thu Nov 01 14:56:04 UTC 2012 + Serial Number (hex): 6f51bac885239b8014b5ef6b3ed8034d + Revoked at: Thu Nov 01 15:51:11 UTC 2012 + Serial Number (hex): 73de9c2d47f36be32ab991a8e7e1a41a + Revoked at: Thu Nov 01 15:51:31 UTC 2012 + Serial Number (hex): 00dd079b61848e8d71879437e194a8b3c5 + Revoked at: Thu Nov 01 18:54:47 UTC 2012 + Serial Number (hex): 23983d3202c55febbc960186d611f666 + Revoked at: Thu Nov 01 18:56:09 UTC 2012 + Serial Number (hex): 7e9e5057a57e79abda36890edc746b39 + Revoked at: Thu Nov 01 18:57:26 UTC 2012 + Serial Number (hex): 50996ca082e5bf9cd9e892785d1701a4 + Revoked at: Thu Nov 01 18:58:57 UTC 2012 + Serial Number (hex): 00cba10949641d89f06b8dad45052842b5 + Revoked at: Thu Nov 01 18:59:53 UTC 2012 + Serial Number (hex): 00bc5359805638385f682fba059b2c03f1 + Revoked at: Thu Nov 01 19:00:57 UTC 2012 + Serial Number (hex): 0097adae82c32e059c5688ad0ad2d15de2 + Revoked at: Thu Nov 01 19:02:14 UTC 2012 + Serial Number (hex): 28344f9c706a418fb02680d1147b5c0b + Revoked at: Thu Nov 01 19:03:15 UTC 2012 + Serial Number (hex): 00da5ec21f86f3734582ac625ae5b53a3e + Revoked at: Thu Nov 01 19:04:04 UTC 2012 + Serial Number (hex): 30f785f84ca291476a7206c1634e6052 + Revoked at: Thu Nov 01 19:10:17 UTC 2012 + Serial Number (hex): 00b9a6fb70f8fbc07b1592262c29b65f72 + Revoked at: Thu Nov 01 21:32:53 UTC 2012 + Serial Number (hex): 00aebbb18dc995181876999296e4a89909 + Revoked at: Fri Nov 02 12:27:29 UTC 2012 + Serial Number (hex): 204c736e7971a171b78458ade0a46672 + Revoked at: Fri Nov 02 15:10:53 UTC 2012 + Serial Number (hex): 33b1f1e57eaaee268aefcc4d180bf782 + Revoked at: Fri Nov 02 16:33:50 UTC 2012 + Serial Number (hex): 22468cbb4171f2df6f68d880ad626fae + Revoked at: Fri Nov 02 18:12:27 UTC 2012 + Serial Number (hex): 00fa752dc1066ee3a479060198ecb20c31 + Revoked at: Fri Nov 02 18:12:41 UTC 2012 + Serial Number (hex): 00b2c1d6092e97f80643d92d114cf6edba + Revoked at: Fri Nov 02 18:15:04 UTC 2012 + Serial Number (hex): 679c8224f5030181d8320d559909a428 + Revoked at: Fri Nov 02 18:15:26 UTC 2012 + Serial Number (hex): 022826ed35020466f1b520d22a179552 + Revoked at: Fri Nov 02 19:13:46 UTC 2012 + Serial Number (hex): 5f42311ba3cc2a66572c5b2fc94ac014 + Revoked at: Fri Nov 02 19:14:40 UTC 2012 + Serial Number (hex): 31bf6f0b3dbf435131b3df35e92e6068 + Revoked at: Fri Nov 02 20:31:38 UTC 2012 + Serial Number (hex): 00cf94fbf478064c730f718a553f5ba380 + Revoked at: Fri Nov 02 20:42:04 UTC 2012 + Serial Number (hex): 19cbeb007fe4ee7474e165246a4ceeda + Revoked at: Sat Nov 03 02:13:05 UTC 2012 + Serial Number (hex): 3173ba1bc12f6c4f5e7d7b168053911e + Revoked at: Mon Nov 05 16:20:46 UTC 2012 + Serial Number (hex): 0099c026ba0844b1ce9a4f8abb2f24f2df + Revoked at: Mon Nov 05 16:47:06 UTC 2012 + Serial Number (hex): 00f9dc0b16ce382a193e77d0233ee81d57 + Revoked at: Mon Nov 05 16:47:18 UTC 2012 + Serial Number (hex): 1bc890c838a12ec91ba33bc7cfac763f + Revoked at: Mon Nov 05 21:39:45 UTC 2012 + Serial Number (hex): 5c94d86bd8c9acbfc1b6a82a6c99d8c1 + Revoked at: Mon Nov 05 23:15:08 UTC 2012 + Serial Number (hex): 00fd9d6ed7127a77eca3984c4dad3e9090 + Revoked at: Tue Nov 06 08:57:53 UTC 2012 + Serial Number (hex): 00ee2313d2f2cb3be3b36837e44c5764e4 + Revoked at: Tue Nov 06 18:07:09 UTC 2012 + Serial Number (hex): 009797a4f0d45c44170e1ee08492044f5d + Revoked at: Tue Nov 06 21:18:29 UTC 2012 + Serial Number (hex): 43db937ae7e1184a9e8278398f02a633 + Revoked at: Wed Nov 07 09:48:04 UTC 2012 + Serial Number (hex): 00cbdf8d76379e5bbe9cc0d7dee50e7c24 + Revoked at: Wed Nov 07 13:59:24 UTC 2012 + Serial Number (hex): 00890ba792cdeacc7432bc5bb5bd69d758 + Revoked at: Wed Nov 07 18:29:08 UTC 2012 + Serial Number (hex): 233cdaecbc75bd9b6a2acaa928717c2d + Revoked at: Thu Nov 08 12:49:03 UTC 2012 + Serial Number (hex): 6f5828fc0796dedda03b3ae9c42def22 + Revoked at: Thu Nov 08 14:45:56 UTC 2012 + Serial Number (hex): 00cd70fd4e4d5179a6a47c73b0da178332 + Revoked at: Thu Nov 08 15:03:53 UTC 2012 + Serial Number (hex): 00a7b6db5085c379b8846c271c196434b6 + Revoked at: Thu Nov 08 16:08:54 UTC 2012 + Serial Number (hex): 2b1e6199747f4a219426596209fbb83f + Revoked at: Thu Nov 08 19:07:39 UTC 2012 + Serial Number (hex): 1d5a18d052a02db27dceab93c5023a28 + Revoked at: Thu Nov 08 20:02:03 UTC 2012 + Serial Number (hex): 009aaa7419ae539827cf8f1aae16d8ee85 + Revoked at: Thu Nov 08 20:38:04 UTC 2012 + Serial Number (hex): 00cca773dde51f39f4d820d5f69c8874bd + Revoked at: Thu Nov 08 20:54:51 UTC 2012 + Serial Number (hex): 3501a6fcc4ab55e2ff0cfa051fdc9128 + Revoked at: Thu Nov 08 21:25:54 UTC 2012 + Serial Number (hex): 008479e53269e6485fcda274034b5dc2f6 + Revoked at: Thu Nov 08 21:44:28 UTC 2012 + Serial Number (hex): 00aa899e2f692a8f5979e6563280208227 + Revoked at: Thu Nov 08 21:47:36 UTC 2012 + Serial Number (hex): 754e7e2409383c995f9408106aba6464 + Revoked at: Fri Nov 09 09:16:38 UTC 2012 + Serial Number (hex): 558678bf545bad24d6714a01f40a290b + Revoked at: Fri Nov 09 10:30:21 UTC 2012 + Serial Number (hex): 3eeedadd33f20f56dddcc548488342bc + Revoked at: Fri Nov 09 14:14:09 UTC 2012 + Serial Number (hex): 61f8bf269c1ddf2223d23b3311711df2 + Revoked at: Fri Nov 09 14:19:49 UTC 2012 + Serial Number (hex): 7c8696242d7c8fdf44f1af72972451ca + Revoked at: Fri Nov 09 15:09:54 UTC 2012 + Serial Number (hex): 00e65253775e14f14b930aa66001fec938 + Revoked at: Fri Nov 09 18:27:50 UTC 2012 + Serial Number (hex): 06936ca78c6f4436188889acade01fea + Revoked at: Fri Nov 09 19:01:06 UTC 2012 + Serial Number (hex): 00f78ca575977f35d894df382a1f19048b + Revoked at: Fri Nov 09 19:01:13 UTC 2012 + Serial Number (hex): 00ea1d4667808f18cc8f71a76c81d518f8 + Revoked at: Fri Nov 09 19:01:19 UTC 2012 + Serial Number (hex): 21e4747f308e85c3ac58e471a1491dbf + Revoked at: Fri Nov 09 19:01:24 UTC 2012 + Serial Number (hex): 25137ed9036ee5353446b06e745cf847 + Revoked at: Fri Nov 09 19:01:29 UTC 2012 + Serial Number (hex): 7af78f6edb6ad0b056d0b5ace3ce910b + Revoked at: Fri Nov 09 19:01:39 UTC 2012 + Serial Number (hex): 008b78924714a01d7b6ccdbb574dd52152 + Revoked at: Fri Nov 09 19:09:06 UTC 2012 + Serial Number (hex): 00cd6cd2638865a562070883f86286768a + Revoked at: Fri Nov 09 21:21:52 UTC 2012 + Serial Number (hex): 009ff9bc3cb52c00a89435f7395095bcbe + Revoked at: Sat Nov 10 02:13:06 UTC 2012 + Serial Number (hex): 60fb132b5a94ae34991e480971f55c42 + Revoked at: Mon Nov 12 17:30:39 UTC 2012 + Serial Number (hex): 00945503054fbe1d21eeca8ee292d62fa2 + Revoked at: Mon Nov 12 17:59:38 UTC 2012 + Serial Number (hex): 785a588ed6bb3bf4f4d92e0cddfcc0ff + Revoked at: Tue Nov 13 09:28:35 UTC 2012 + Serial Number (hex): 00a2713a55282987005f91b370be89103f + Revoked at: Tue Nov 13 09:47:37 UTC 2012 + Serial Number (hex): 2a86d23ca206129211319e1d1e327197 + Revoked at: Tue Nov 13 11:41:42 UTC 2012 + Serial Number (hex): 69b9ecbb90df402a97ea9de7ff849bdd + Revoked at: Tue Nov 13 13:16:02 UTC 2012 + Serial Number (hex): 00a32b71a5dde025efe614521e64d0674f + Revoked at: Tue Nov 13 13:58:00 UTC 2012 + Serial Number (hex): 00ff6026b902d1aac74e061514fe68d751 + Revoked at: Tue Nov 13 16:02:39 UTC 2012 + Serial Number (hex): 0099f5c6b293d4edea5ca1ee2d5c7e27f7 + Revoked at: Tue Nov 13 17:18:04 UTC 2012 + Serial Number (hex): 09d35d6d30850a536feee7964e6dbe8a + Revoked at: Tue Nov 13 18:47:38 UTC 2012 + Serial Number (hex): 00833f69bc8da63afb0cd7ba1e94a8573c + Revoked at: Tue Nov 13 19:03:06 UTC 2012 + Serial Number (hex): 00cf41a3fed43be2bd2d931462c1284dbf + Revoked at: Tue Nov 13 20:14:35 UTC 2012 + Serial Number (hex): 00b5cb7f1f07ac603437e22b2a7d8c63c3 + Revoked at: Tue Nov 13 20:14:35 UTC 2012 + Serial Number (hex): 40aeb9b1905e377d109860bcfab925d1 + Revoked at: Tue Nov 13 20:14:35 UTC 2012 + Serial Number (hex): 00d85454248f05d602514fb85f0bccd840 + Revoked at: Tue Nov 13 21:55:30 UTC 2012 + Serial Number (hex): 00c112b165196c15eaf6d64daa4ccd217f + Revoked at: Wed Nov 14 00:24:35 UTC 2012 + Serial Number (hex): 00e81e38b246bd759d6043975ab5be3c94 + Revoked at: Wed Nov 14 00:24:35 UTC 2012 + Serial Number (hex): 3202065f747cf5d984ca3ed8c52d5d91 + Revoked at: Wed Nov 14 14:13:50 UTC 2012 + Serial Number (hex): 00edce2f2a3891afcc9095aa893289dce7 + Revoked at: Wed Nov 14 22:49:52 UTC 2012 + Serial Number (hex): 00b5c5f4d51a100a61c43be37df5f96acc + Revoked at: Thu Nov 15 04:21:27 UTC 2012 + Serial Number (hex): 00cf57f8a01afb103b0fb1bd5cff4686c4 + Revoked at: Thu Nov 15 11:16:12 UTC 2012 + Serial Number (hex): 008237ce9a4957cf688a32a8c495789908 + Revoked at: Thu Nov 15 12:20:34 UTC 2012 + Serial Number (hex): 26c552922a1ed3e4f40f950d7de61514 + Revoked at: Thu Nov 15 15:07:16 UTC 2012 + Serial Number (hex): 0b0969285f6cacefa384fae4242df343 + Revoked at: Thu Nov 15 19:55:11 UTC 2012 + Serial Number (hex): 17856207913f93adf2e3464e7e136cb1 + Revoked at: Thu Nov 15 21:06:55 UTC 2012 + Serial Number (hex): 6bbef7233891437a593616b735811cfd + Revoked at: Thu Nov 15 21:22:42 UTC 2012 + Serial Number (hex): 00da208f63e4b70834b67b21af4181c5a1 + Revoked at: Thu Nov 15 21:36:38 UTC 2012 + Serial Number (hex): 009f4389fc8dcb83e4645297068ed12d62 + Revoked at: Thu Nov 15 21:37:13 UTC 2012 + Serial Number (hex): 008ed3174196904ce1d8da607007ffd7ec + Revoked at: Thu Nov 15 21:44:16 UTC 2012 + Serial Number (hex): 00fe89a613c9c238c50721576e38273965 + Revoked at: Fri Nov 16 14:18:57 UTC 2012 + Serial Number (hex): 5ea7c128bd7d584694b6b3ee7325fd15 + Revoked at: Fri Nov 16 14:30:28 UTC 2012 + Serial Number (hex): 008fbc621757dd9482ef7a97bf3980f0ba + Revoked at: Fri Nov 16 15:49:37 UTC 2012 + Serial Number (hex): 00ff5961c0314430cc93c8c7d6029eee47 + Revoked at: Fri Nov 16 15:56:48 UTC 2012 + Serial Number (hex): 008b97c76f7e3d18a5f7ce24a00c9a5fa6 + Revoked at: Fri Nov 16 15:58:47 UTC 2012 + Serial Number (hex): 499598366b4c573e37f605719df4d36d + Revoked at: Fri Nov 16 16:08:17 UTC 2012 + Serial Number (hex): 00fa0927a168edd52f859184e9204f9a7b + Revoked at: Fri Nov 16 18:22:24 UTC 2012 + Serial Number (hex): 00cc5726efae94f16171e659de1c1dee24 + Revoked at: Fri Nov 16 18:22:51 UTC 2012 + Serial Number (hex): 009ff5df0061a3a9a4dabfeab3786afe3a + Revoked at: Fri Nov 16 18:23:09 UTC 2012 + Serial Number (hex): 65a8786ab5f8afd2a0383e6b7d5dadd9 + Revoked at: Fri Nov 16 21:44:40 UTC 2012 + Serial Number (hex): 00b7accff23a4a229252ff00dfcb5941fa + Revoked at: Fri Nov 16 22:34:56 UTC 2012 + Serial Number (hex): 0bd1f5ea4ebf604ef06784407eef9cfc + Revoked at: Fri Nov 16 22:46:05 UTC 2012 + Serial Number (hex): 748a90b25667b988ed6b55e7228e5c17 + Revoked at: Sat Nov 17 02:13:03 UTC 2012 + Serial Number (hex): 008e5810d88282a0e58bff55e06746ae88 + Revoked at: Mon Nov 19 07:54:31 UTC 2012 + Serial Number (hex): 041f3bc4b74b3946fe98a10483b79a74 + Revoked at: Mon Nov 19 07:55:30 UTC 2012 + Serial Number (hex): 42ef4fecd428d9c7ddeb769f979b60d8 + Revoked at: Mon Nov 19 09:46:47 UTC 2012 + Serial Number (hex): 00ac6a115d9022179ddc5d929ac8ba4aa7 + Revoked at: Mon Nov 19 09:47:13 UTC 2012 + Serial Number (hex): 7d1b54ed26b7f8e7d285ff71ac7b26c5 + Revoked at: Mon Nov 19 15:28:48 UTC 2012 + Serial Number (hex): 090e029561f72a234df6ba729b2b682a + Revoked at: Mon Nov 19 16:07:55 UTC 2012 + Serial Number (hex): 358b26ab1daaf7f0be6ff111ae753043 + Revoked at: Mon Nov 19 16:22:02 UTC 2012 + Serial Number (hex): 00e82a71d7160d035778a0702542e47f02 + Revoked at: Mon Nov 19 16:45:02 UTC 2012 + Serial Number (hex): 42ab9b6cff30715e444826bc848e6d08 + Revoked at: Mon Nov 19 16:45:11 UTC 2012 + Serial Number (hex): 28e3cbb444916c1283b66fb2499518a7 + Revoked at: Mon Nov 19 19:40:11 UTC 2012 + Serial Number (hex): 4672bfa77741bfe742d8376791ce3750 + Revoked at: Mon Nov 19 19:55:56 UTC 2012 + Serial Number (hex): 0714c9e7c1e4fd0482e3430b10237238 + Revoked at: Mon Nov 19 22:07:51 UTC 2012 + Serial Number (hex): 5676e4cbd18acfffd30f99b460cd756e + Revoked at: Tue Nov 20 08:34:15 UTC 2012 + Serial Number (hex): 00c692c0c55d50e6c0f7b1a04b7abb68eb + Revoked at: Tue Nov 20 09:22:21 UTC 2012 + Serial Number (hex): 2e06027ea838467b8ba959d854470365 + Revoked at: Tue Nov 20 12:22:12 UTC 2012 + Serial Number (hex): 68d2114c1e8c4baf163357bc9758e8b9 + Revoked at: Tue Nov 20 13:24:26 UTC 2012 + Serial Number (hex): 59ef7299bbc1e1cff2a6d9ceffdc969c + Revoked at: Tue Nov 20 19:02:01 UTC 2012 + Serial Number (hex): 250d36bc939d80f571fc7c3bd6230443 + Revoked at: Tue Nov 20 19:19:05 UTC 2012 + Serial Number (hex): 009047079347e0bda0badfe5f94040eb91 + Revoked at: Tue Nov 20 19:27:26 UTC 2012 + Serial Number (hex): 00a0fb88b549fca004a3f589bfe2feccb7 + Revoked at: Tue Nov 20 21:29:33 UTC 2012 + Serial Number (hex): 6e19ee556796a454299d5306821a5a0a + Revoked at: Tue Nov 20 21:50:09 UTC 2012 + Serial Number (hex): 3b67c7a09ddf4f7a42642d6646b7c295 + Revoked at: Tue Nov 20 22:49:06 UTC 2012 + Serial Number (hex): 5fc6d63ccebe3adc637cf81ef5e54498 + Revoked at: Wed Nov 21 10:05:55 UTC 2012 + Serial Number (hex): 735fa73b301f20c6ee759116eeebb208 + Revoked at: Wed Nov 21 13:47:22 UTC 2012 + Serial Number (hex): 009aa71557351f7bdce87c3190eb079697 + Revoked at: Wed Nov 21 13:49:50 UTC 2012 + Serial Number (hex): 08c07ead332144b1d401ef74efcc95e6 + Revoked at: Wed Nov 21 17:38:26 UTC 2012 + Serial Number (hex): 5a85603a942f4daa9ededd4b465eb382 + Revoked at: Wed Nov 21 19:39:38 UTC 2012 + Serial Number (hex): 00d665772ab60fc6002e84332c0515ed72 + Revoked at: Wed Nov 21 20:25:17 UTC 2012 + Serial Number (hex): 458a0586c9539a30041e4af186bdfa1f + Revoked at: Thu Nov 22 00:33:26 UTC 2012 + Serial Number (hex): 00d9f8aed01afe6dcef6b3e0bd43d7a156 + Revoked at: Thu Nov 22 06:51:50 UTC 2012 + Serial Number (hex): 00b289a80075f3949c46e2836453115eca + Revoked at: Thu Nov 22 09:23:39 UTC 2012 + Serial Number (hex): 3e2b54a7c8ce3526be53c7bc029a56d6 + Revoked at: Thu Nov 22 10:08:16 UTC 2012 + Serial Number (hex): 12e95e7179344a5b3f91d4de00f6807c + Revoked at: Thu Nov 22 14:58:49 UTC 2012 + Serial Number (hex): 00924c8748a990164db7aff46cade9c170 + Revoked at: Thu Nov 22 15:23:22 UTC 2012 + Serial Number (hex): 00968c7138ae83f9af269a8d627f9c826e + Revoked at: Thu Nov 22 16:08:47 UTC 2012 + Serial Number (hex): 4fc0620b2f0ed31cdca8695dd30c3b2f + Revoked at: Fri Nov 23 12:09:13 UTC 2012 + Serial Number (hex): 00d28a83b90344460a45ddcc2bfa58ecda + Revoked at: Mon Nov 26 08:19:39 UTC 2012 + Serial Number (hex): 5e18735b8f55f01c8ac6219df6618686 + Revoked at: Mon Nov 26 11:35:30 UTC 2012 + Serial Number (hex): 00b6ea885040ab822708de74887a7aa480 + Revoked at: Mon Nov 26 14:46:07 UTC 2012 + Serial Number (hex): 4f43fcaabf8f59d195629b5086f585dd + Revoked at: Mon Nov 26 16:58:03 UTC 2012 + Serial Number (hex): 2a459b48cdd39b190ffdf76601a5505d + Revoked at: Mon Nov 26 21:17:46 UTC 2012 + Serial Number (hex): 008f3fa77cba32f4fa063f5de9755f9ef0 + Revoked at: Mon Nov 26 21:51:55 UTC 2012 + Serial Number (hex): 0fe3e3f9419bdce204b89b1bdcd2e965 + Revoked at: Mon Nov 26 22:05:09 UTC 2012 + Serial Number (hex): 009e081c997ac3559d3d5fe79cbdd08c88 + Revoked at: Tue Nov 27 01:10:36 UTC 2012 + Serial Number (hex): 00f8bb9d9ddbaec10e064aac7f7d72f80a + Revoked at: Tue Nov 27 01:40:55 UTC 2012 + Serial Number (hex): 6961a438258c2aecbded75037b37fffa + Revoked at: Tue Nov 27 02:13:09 UTC 2012 + Serial Number (hex): 00b74584d812f96af744bd40d7318d46ff + Revoked at: Tue Nov 27 02:13:11 UTC 2012 + Serial Number (hex): 0087c2a77676c37d7f1a9b6e5ceb9de1e8 + Revoked at: Tue Nov 27 14:10:52 UTC 2012 + Serial Number (hex): 3c7492f6a5198678b6bdcdf5b8a939ba + Revoked at: Tue Nov 27 15:30:58 UTC 2012 + Serial Number (hex): 0a640eb96f2c7dc4d7c717a9de7748c9 + Revoked at: Tue Nov 27 15:58:08 UTC 2012 + Serial Number (hex): 00981a02c8eb18470d6bfaafb052bacb2e + Revoked at: Tue Nov 27 16:11:28 UTC 2012 + Serial Number (hex): 5db276798e431a6a9ef158e22270d8f6 + Revoked at: Tue Nov 27 16:20:35 UTC 2012 + Serial Number (hex): 00fd8b483d1084dd0d5f7506993f4e0592 + Revoked at: Tue Nov 27 16:39:23 UTC 2012 + Serial Number (hex): 00a137130d3e4528d50e341549c6643021 + Revoked at: Tue Nov 27 18:34:22 UTC 2012 + Serial Number (hex): 00c8690bccfe1fecb43c7c34b392f26106 + Revoked at: Tue Nov 27 19:24:30 UTC 2012 + Serial Number (hex): 00de2e7a4f101e1e4eb95b261515d104f6 + Revoked at: Tue Nov 27 19:57:29 UTC 2012 + Serial Number (hex): 2036404116ee22f8e128ba2ac091f892 + Revoked at: Wed Nov 28 14:08:11 UTC 2012 + Serial Number (hex): 00cdca8b1932121d69b7f431e5222aa802 + Revoked at: Wed Nov 28 17:17:10 UTC 2012 + Serial Number (hex): 724b41c67d38f77ff4c933bfda925328 + Revoked at: Wed Nov 28 17:18:02 UTC 2012 + Serial Number (hex): 009da5372aed67fe299767bded75b7a214 + Revoked at: Wed Nov 28 20:38:17 UTC 2012 + Serial Number (hex): 4bb955bd68e7158ae4486bf65f245c23 + Revoked at: Thu Nov 29 08:51:49 UTC 2012 + Serial Number (hex): 00a4f507a0db3988af4591bae47621de72 + Revoked at: Thu Nov 29 13:23:16 UTC 2012 + Serial Number (hex): 00828e99690ab4cfda4bd41ef40e89d544 + Revoked at: Thu Nov 29 13:23:25 UTC 2012 + Serial Number (hex): 00b65a8416afe2c97e8955c21932a9dcdf + Revoked at: Thu Nov 29 13:23:29 UTC 2012 + Serial Number (hex): 7134fd1435455107961a6c64245535fd + Revoked at: Thu Nov 29 13:23:34 UTC 2012 + Serial Number (hex): 00ae99783b85d5d49a96d6f999506c18e5 + Revoked at: Thu Nov 29 15:41:32 UTC 2012 + Serial Number (hex): 705dbae35aa3ccc5b51cc2c04a0a3160 + Revoked at: Thu Nov 29 16:23:18 UTC 2012 + Serial Number (hex): 00eeec9089769f31e1d44d554b1a718354 + Revoked at: Thu Nov 29 16:39:16 UTC 2012 + Serial Number (hex): 0087a688d028ecbcb28561d5b4a8db8833 + Revoked at: Thu Nov 29 16:42:59 UTC 2012 + Serial Number (hex): 0088ede414ee890be1f1c8a307cd7e69ed + Revoked at: Thu Nov 29 17:39:30 UTC 2012 + Serial Number (hex): 00930a507073c6abe0eb7f1a903913b1cb + Revoked at: Thu Nov 29 20:38:04 UTC 2012 + Serial Number (hex): 666b7e4eb11487ce595af3350ce41aa2 + Revoked at: Thu Nov 29 20:38:19 UTC 2012 + Serial Number (hex): 4164f9dda20874a2f3b704162e7cd37d + Revoked at: Fri Nov 30 10:54:27 UTC 2012 + Serial Number (hex): 00e1db9f47869a325f7e9d60a888d6ed4d + Revoked at: Fri Nov 30 11:14:02 UTC 2012 + Serial Number (hex): 18d69ef04095c77402f673002c3e6ee1 + Revoked at: Fri Nov 30 13:04:02 UTC 2012 + Serial Number (hex): 00da5c4ad185643b7bca6ee186479a1eb8 + Revoked at: Fri Nov 30 15:17:11 UTC 2012 + Serial Number (hex): 2cd2c4a24f423920db2f12b4ac2d544e + Revoked at: Fri Nov 30 15:35:57 UTC 2012 + Serial Number (hex): 2d2d2b51634f1f60a0727a40c0d3e00f + Revoked at: Fri Nov 30 15:51:39 UTC 2012 + Serial Number (hex): 00a546e7707e56f1a9b3852c0c2a44f687 + Revoked at: Fri Nov 30 22:39:57 UTC 2012 + Serial Number (hex): 721308d97f05077634a4cd5d19eb456a + Revoked at: Sat Dec 01 03:00:55 UTC 2012 + Serial Number (hex): 00af43f0b13f9d5b94c1d1043b65265756 + Revoked at: Sun Dec 02 18:46:47 UTC 2012 + Serial Number (hex): 7706f56cc5b8bebd8cff5184d4b3fd89 + Revoked at: Mon Dec 03 14:56:54 UTC 2012 + Serial Number (hex): 274d8bc6fff5dbde8e1c50d1b6595802 + Revoked at: Mon Dec 03 17:47:22 UTC 2012 + Serial Number (hex): 37265e8f13fb3173f886efd126f26d5e + Revoked at: Mon Dec 03 17:47:26 UTC 2012 + Serial Number (hex): 0d062998374e60aef068aa7b9b39eb32 + Revoked at: Mon Dec 03 19:38:11 UTC 2012 + Serial Number (hex): 00f30bb3c1fd2ef7984f6705a3a3cdece4 + Revoked at: Mon Dec 03 20:56:25 UTC 2012 + Serial Number (hex): 49d8486b9fb954fdad5337d838916ed8 + Revoked at: Tue Dec 04 11:39:58 UTC 2012 + Serial Number (hex): 4acb707f28be8e87bb899592820ae00b + Revoked at: Tue Dec 04 12:13:04 UTC 2012 + Serial Number (hex): 00dd9b791fec105d6b92838ac6e04ab5a1 + Revoked at: Tue Dec 04 14:12:54 UTC 2012 + Serial Number (hex): 00a0a28caf32386f4c6e26ac8b88210417 + Revoked at: Tue Dec 04 16:44:22 UTC 2012 + Serial Number (hex): 4c5776827a3cb425c8cccf8a7a470d32 + Revoked at: Tue Dec 04 16:44:56 UTC 2012 + Serial Number (hex): 00c553005dfef5e852bb2900d75863559c + Revoked at: Tue Dec 04 16:48:29 UTC 2012 + Serial Number (hex): 00a64979f489cbf00cc68430275a7fcd40 + Revoked at: Tue Dec 04 16:50:01 UTC 2012 + Serial Number (hex): 00aa44b8400e1ecc6bda001b52690dc651 + Revoked at: Tue Dec 04 16:50:05 UTC 2012 + Serial Number (hex): 13f44ad20981e69fa735a930a0393492 + Revoked at: Tue Dec 04 18:05:14 UTC 2012 + Serial Number (hex): 0fbfda6f27cc21802d841841e25d4d59 + Revoked at: Tue Dec 04 19:00:14 UTC 2012 + Serial Number (hex): 3e2d0b3874b8e93bca523327bf8d33d5 + Revoked at: Tue Dec 04 19:11:27 UTC 2012 + Serial Number (hex): 3282fdec9c0c0f4a67d88372eba53d00 + Revoked at: Tue Dec 04 19:46:47 UTC 2012 + Serial Number (hex): 00a311cc65966524bf2cdabcb4b1ed514f + Revoked at: Tue Dec 04 19:47:28 UTC 2012 + Serial Number (hex): 00d988d61c2d8fbb38721d6d611ced4cfd + Revoked at: Tue Dec 04 19:52:46 UTC 2012 + Serial Number (hex): 0acf1abf0b6504036d4bbebca040b9f5 + Revoked at: Tue Dec 04 22:47:49 UTC 2012 + Serial Number (hex): 010757eb26ed609716f28d99f93ad2ed + Revoked at: Wed Dec 05 09:24:28 UTC 2012 + Serial Number (hex): 6f0e63351ebce229ed5378df2ed6e5ca + Revoked at: Wed Dec 05 09:24:42 UTC 2012 + Serial Number (hex): 008037f7acd962cc82fc0b20e82ab457a1 + Revoked at: Wed Dec 05 14:06:46 UTC 2012 + Serial Number (hex): 47ccc98d0c61e218f2e98de7cebc1b18 + Revoked at: Wed Dec 05 14:11:42 UTC 2012 + Serial Number (hex): 278280516418cafc430a4abc26084164 + Revoked at: Wed Dec 05 16:06:01 UTC 2012 + Serial Number (hex): 00b2c2b902d2a8ed6694e6f8085ecfb7a3 + Revoked at: Wed Dec 05 17:43:57 UTC 2012 + Serial Number (hex): 00813c10ed4652cb3df261970adf60b20f + Revoked at: Wed Dec 05 18:15:24 UTC 2012 + Serial Number (hex): 00ddb7d1f49b960a331fec7bced82a0947 + Revoked at: Wed Dec 05 19:22:48 UTC 2012 + Serial Number (hex): 00f795b17680ec421afe33a721040b3cd9 + Revoked at: Wed Dec 05 21:31:41 UTC 2012 + Serial Number (hex): 00d8738fe4430ca6b2a8d0bf39c3cc80a1 + Revoked at: Thu Dec 06 11:42:09 UTC 2012 + Serial Number (hex): 7fbd517128fa66112617b925080971c0 + Revoked at: Thu Dec 06 15:44:04 UTC 2012 + Serial Number (hex): 00e08b534f22ada8d6860b388f65983afd + Revoked at: Thu Dec 06 15:44:15 UTC 2012 + Serial Number (hex): 2eaec11eea0a98ef04eab30d00de1a97 + Revoked at: Thu Dec 06 15:44:25 UTC 2012 + Serial Number (hex): 4b462b8a65a3b4ec1c2a2321e6cb513c + Revoked at: Thu Dec 06 15:44:39 UTC 2012 + Serial Number (hex): 00b2b4c5a11d53646c722f8ceeedd7d671 + Revoked at: Thu Dec 06 15:50:11 UTC 2012 + Serial Number (hex): 008a12a0adcad95bff06dd1613fcfd4266 + Revoked at: Thu Dec 06 19:33:49 UTC 2012 + Serial Number (hex): 00e0293aaac87e498c751927280c7085c2 + Revoked at: Thu Dec 06 19:56:32 UTC 2012 + Serial Number (hex): 00d60e21994cef34dd86729b312ecdece3 + Revoked at: Thu Dec 06 23:14:32 UTC 2012 + Serial Number (hex): 00f6e9e0ac62d2aa961b8a61b2138bec9d + Revoked at: Fri Dec 07 11:03:04 UTC 2012 + Serial Number (hex): 5f4737833c34372586320d299842bf17 + Revoked at: Fri Dec 07 14:51:47 UTC 2012 + Serial Number (hex): 00835c69ff3bfb18e38cdf42a6e02501f9 + Revoked at: Fri Dec 07 15:21:38 UTC 2012 + Serial Number (hex): 13b283748e5ce55e738a0a382b7fa1ae + Revoked at: Fri Dec 07 15:26:30 UTC 2012 + Serial Number (hex): 148488b26120d2d946fe0a1dbb34c602 + Revoked at: Fri Dec 07 16:43:11 UTC 2012 + Serial Number (hex): 3c60303846f894e83039f3fbfc18ddec + Revoked at: Mon Dec 10 10:49:54 UTC 2012 + Serial Number (hex): 695b79a47a5481b026db69541f5f17a2 + Revoked at: Mon Dec 10 14:36:30 UTC 2012 + Serial Number (hex): 0d4e1e5558c7a7754e35a5673b8c6664 + Revoked at: Mon Dec 10 17:00:09 UTC 2012 + Serial Number (hex): 4c2af5884fffef32a5f94c5f1330d214 + Revoked at: Mon Dec 10 17:00:43 UTC 2012 + Serial Number (hex): 00e345756e31a5a2a1d05f8b1fc91ff868 + Revoked at: Mon Dec 10 17:27:33 UTC 2012 + Serial Number (hex): 00b9dfdc117b49a9ce8777055f4269297e + Revoked at: Mon Dec 10 17:53:47 UTC 2012 + Serial Number (hex): 7a9a99990206ad3d17c47febbf3b9c7b + Revoked at: Mon Dec 10 20:08:20 UTC 2012 + Serial Number (hex): 3235bb7a5f7759c84331b4d7dc2c80a5 + Revoked at: Mon Dec 10 20:15:42 UTC 2012 + Serial Number (hex): 00a68bf4df4f5966c11a38715899aa14f5 + Revoked at: Mon Dec 10 20:30:00 UTC 2012 + Serial Number (hex): 0096c5ac191a7000a5f4738c88e4ca0f4c + Revoked at: Mon Dec 10 21:05:15 UTC 2012 + Serial Number (hex): 009e1f0d898d3d09602bc6f7fb9524dae1 + Revoked at: Tue Dec 11 02:13:04 UTC 2012 + Serial Number (hex): 00bdde0c66effccf92b049f3d3430a5a6f + Revoked at: Tue Dec 11 15:45:36 UTC 2012 + Serial Number (hex): 735dd60539724bbd3e3f6acde6ee7e97 + Revoked at: Tue Dec 11 15:56:30 UTC 2012 + Serial Number (hex): 113476e35bb5950ce0079fb7a95921b8 + Revoked at: Tue Dec 11 16:56:55 UTC 2012 + Serial Number (hex): 00fdb3b3198e0e2974fd8bcccb3790dfcb + Revoked at: Tue Dec 11 17:15:26 UTC 2012 + Serial Number (hex): 00d995480a3012a6ea35bf78d167966a59 + Revoked at: Tue Dec 11 18:06:08 UTC 2012 + Serial Number (hex): 00bd5a50952d9401353a703a23aeac5fe0 + Revoked at: Wed Dec 12 12:58:36 UTC 2012 + Serial Number (hex): 00c2fd7b3064e0dd6c3cbd1f50d602e473 + Revoked at: Wed Dec 12 15:52:27 UTC 2012 + Serial Number (hex): 6895c43bf7072be76a530caca0f61341 + Revoked at: Wed Dec 12 18:15:51 UTC 2012 + Serial Number (hex): 3ec2b4d91b6a1f58c20d65f2d9dec601 + Revoked at: Wed Dec 12 18:56:11 UTC 2012 + Serial Number (hex): 376ba36b1dddd0bf65f24e9c31041369 + Revoked at: Wed Dec 12 20:23:21 UTC 2012 + Serial Number (hex): 396b2e0d2ec9efdf02fb5bc8e7d18f79 + Revoked at: Thu Dec 13 12:11:05 UTC 2012 + Serial Number (hex): 00b0310cfde16825773b75706eda92017d + Revoked at: Thu Dec 13 14:45:24 UTC 2012 + Serial Number (hex): 40defa73c8ec882e5b6859da7752f0a6 + Revoked at: Thu Dec 13 14:52:32 UTC 2012 + Serial Number (hex): 0b7c71068796d399940541ea01507e28 + Revoked at: Thu Dec 13 15:30:00 UTC 2012 + Serial Number (hex): 1c9260d9eceecb50e97633a6d3032caf + Revoked at: Thu Dec 13 15:38:53 UTC 2012 + Serial Number (hex): 00e87305ee66fe109b8f90bb1d5723dba9 + Revoked at: Thu Dec 13 15:48:19 UTC 2012 + Serial Number (hex): 00ff5abeb5422493975b39d5412d519709 + Revoked at: Thu Dec 13 15:48:29 UTC 2012 + Serial Number (hex): 00e3ea131ff8d5132a6747feac5a270953 + Revoked at: Thu Dec 13 16:08:04 UTC 2012 + Serial Number (hex): 3fbae910eb9ee186f92f7ec7764c4509 + Revoked at: Thu Dec 13 16:24:59 UTC 2012 + Serial Number (hex): 00dcfcd24c95a9467ea7d6e0e1a0ff7d59 + Revoked at: Thu Dec 13 16:53:11 UTC 2012 + Serial Number (hex): 00c73ade6642ec29e5b50bba7f84018f89 + Revoked at: Thu Dec 13 17:16:47 UTC 2012 + Serial Number (hex): 47c913d1c0d98beaf5c8316e655eda67 + Revoked at: Thu Dec 13 17:58:48 UTC 2012 + Serial Number (hex): 00e4b90269cbc9b61d0e9363bd7edb0e5e + Revoked at: Thu Dec 13 19:37:12 UTC 2012 + Serial Number (hex): 23957439cd88362918a32425df693c28 + Revoked at: Thu Dec 13 19:52:55 UTC 2012 + Serial Number (hex): 48a9a74c4db0ea76ba3ea81865a246fc + Revoked at: Thu Dec 13 21:36:24 UTC 2012 + Serial Number (hex): 0dcba61c0ab02db9ad4288f17ec7f2dd + Revoked at: Fri Dec 14 09:12:55 UTC 2012 + Serial Number (hex): 438885273e94ef6a4b649074335cb003 + Revoked at: Fri Dec 14 09:14:25 UTC 2012 + Serial Number (hex): 00f1e8e6f765dc961644b2207cc18066ae + Revoked at: Fri Dec 14 09:16:31 UTC 2012 + Serial Number (hex): 1da1337153eb6890f14cf432c636b5df + Revoked at: Fri Dec 14 15:35:24 UTC 2012 + Serial Number (hex): 2d154b2914254ba50bc74c77fe3b0a4a + Revoked at: Fri Dec 14 15:39:33 UTC 2012 + Serial Number (hex): 252d99f833074107cef277b53d2d6329 + Revoked at: Fri Dec 14 15:43:07 UTC 2012 + Serial Number (hex): 38217831a33aa4831ae4d03684bb4f44 + Revoked at: Fri Dec 14 15:44:44 UTC 2012 + Serial Number (hex): 5e2f52797b16f41d4db8fdd0a863f819 + Revoked at: Fri Dec 14 15:50:35 UTC 2012 + Serial Number (hex): 00927e7ef4f26ba9df52de8253dbf4f12c + Revoked at: Fri Dec 14 15:51:09 UTC 2012 + Serial Number (hex): 00d62579a48e99d8a09dfdea423f7408d8 + Revoked at: Fri Dec 14 15:51:46 UTC 2012 + Serial Number (hex): 008cd534c9ec316e78f96b1298dc7e76b0 + Revoked at: Fri Dec 14 15:52:16 UTC 2012 + Serial Number (hex): 00fc9fb2ff426999975f8efc0a53222c34 + Revoked at: Fri Dec 14 15:52:45 UTC 2012 + Serial Number (hex): 6d8e96e24e27670292550f37a97145cc + Revoked at: Fri Dec 14 15:53:37 UTC 2012 + Serial Number (hex): 00b08cc77c701767ad8b04841d8adbf9a5 + Revoked at: Fri Dec 14 16:51:34 UTC 2012 + Serial Number (hex): 00cb3a9d730f1387077901f9125bc001f1 + Revoked at: Fri Dec 14 17:25:35 UTC 2012 + Serial Number (hex): 00af3e0ff1299ed541ffcbeb0e745e77ba + Revoked at: Fri Dec 14 18:14:19 UTC 2012 + Serial Number (hex): 00fb8da044af8454efa60e56e47e139805 + Revoked at: Fri Dec 14 18:45:23 UTC 2012 + Serial Number (hex): 00805b8ae9c99b39076a5a7dbd08f59902 + Revoked at: Sat Dec 15 02:13:03 UTC 2012 + Serial Number (hex): 008c4d16b4b9664f5084d3360e6267a023 + Revoked at: Mon Dec 17 07:57:25 UTC 2012 + Serial Number (hex): 00e1cebbb8508e9ef24a83121f4aa10d18 + Revoked at: Mon Dec 17 11:32:28 UTC 2012 + Serial Number (hex): 6eb5da1bfb53c257f2d774ba37a52af2 + Revoked at: Mon Dec 17 15:34:05 UTC 2012 + Serial Number (hex): 0085fff201e68714abdd57340e3226af43 + Revoked at: Mon Dec 17 18:16:22 UTC 2012 + Serial Number (hex): 286629c138d6ddc2178ad333422e5c4e + Revoked at: Mon Dec 17 18:23:59 UTC 2012 + Serial Number (hex): 1631aeda2d37570e979f5feb01ad3aaf + Revoked at: Mon Dec 17 20:28:48 UTC 2012 + Serial Number (hex): 36378bda8f1b2c2040b1f08024aa47e7 + Revoked at: Mon Dec 17 23:18:09 UTC 2012 + Serial Number (hex): 4de616a8934952f6fe4fa394bb049f86 + Revoked at: Mon Dec 17 23:19:10 UTC 2012 + Serial Number (hex): 7dbb59a60c8c37261deaaa7d61f75fab + Revoked at: Mon Dec 17 23:19:32 UTC 2012 + Serial Number (hex): 01ebb711eda121b7e1444c2137ffaab2 + Revoked at: Tue Dec 18 09:29:30 UTC 2012 + Serial Number (hex): 00a69a6eb275ace44ce923885186d16668 + Revoked at: Tue Dec 18 14:15:03 UTC 2012 + Serial Number (hex): 052f630a3dd24a74cf9e1f09778a29e5 + Revoked at: Tue Dec 18 15:30:49 UTC 2012 + Serial Number (hex): 00bc7fee616b8903db107b121223d0d547 + Revoked at: Tue Dec 18 16:12:42 UTC 2012 + Serial Number (hex): 4ab7c26613f9b554609c8d1e99ed4beb + Revoked at: Tue Dec 18 16:37:34 UTC 2012 + Serial Number (hex): 524e8a63b13d8711e624898ef5174cb2 + Revoked at: Tue Dec 18 17:12:25 UTC 2012 + Serial Number (hex): 51e52399fd75c86e097d2508d5d74812 + Revoked at: Tue Dec 18 17:25:50 UTC 2012 + Serial Number (hex): 023f48ffe65202652b5156a966ea2f6f + Revoked at: Tue Dec 18 18:02:34 UTC 2012 + Serial Number (hex): 00cce71b4624976bb06fc07290b0f20744 + Revoked at: Tue Dec 18 18:30:32 UTC 2012 + Serial Number (hex): 1f929c0e40d054dac28fd53036f2bd4d + Revoked at: Tue Dec 18 22:10:43 UTC 2012 + Serial Number (hex): 00b5257a0d62f26a469efa9c276d16c6f2 + Revoked at: Tue Dec 18 23:07:37 UTC 2012 + Serial Number (hex): 40c4f27cf47fd2f76a6a2f8b5778fdfe + Revoked at: Wed Dec 19 12:52:24 UTC 2012 + Serial Number (hex): 00bdf74b251a6da09d9d377ac41dc84884 + Revoked at: Wed Dec 19 15:29:48 UTC 2012 + Serial Number (hex): 00ea86b072a31a07e9b3cd7bf711b74dc6 + Revoked at: Wed Dec 19 17:43:45 UTC 2012 + Serial Number (hex): 2f63e01f33829df5d366dbeec2fc2e39 + Revoked at: Wed Dec 19 18:20:13 UTC 2012 + Serial Number (hex): 3125f884cf41293869ac24ce6ec9b063 + Revoked at: Wed Dec 19 19:14:20 UTC 2012 + Serial Number (hex): 71a1a516c5b39d8de7130f88a54ac1ae + Revoked at: Wed Dec 19 19:17:10 UTC 2012 + Serial Number (hex): 009101810c3b70caa794c731c935ed99b6 + Revoked at: Wed Dec 19 20:04:08 UTC 2012 + Serial Number (hex): 00b75c5588c20c7a7de38e0df3252b45e9 + Revoked at: Wed Dec 19 20:32:59 UTC 2012 + Serial Number (hex): 114ae66d27923288daa95aa1f28edfe5 + Revoked at: Thu Dec 20 11:57:36 UTC 2012 + Serial Number (hex): 00d35f55c4001201c7e59805e14a7cd001 + Revoked at: Thu Dec 20 16:36:49 UTC 2012 + Serial Number (hex): 00c1f4915597aad717ea10e688c9465063 + Revoked at: Thu Dec 20 17:54:06 UTC 2012 + Serial Number (hex): 58b3add4a058092e7a3d3f2b20844cf0 + Revoked at: Thu Dec 20 19:32:05 UTC 2012 + Serial Number (hex): 00a13a494e46a73e20b3402d55d7173fe8 + Revoked at: Thu Dec 20 21:14:03 UTC 2012 + Serial Number (hex): 00b328f7177f82e58bb24cb5d127d8f2db + Revoked at: Fri Dec 21 13:07:41 UTC 2012 + Serial Number (hex): 37e8953549cf121708c1f2da0151e0dc + Revoked at: Fri Dec 21 13:07:58 UTC 2012 + Serial Number (hex): 00d8a690f45ce2e9e3cae969e44575e0b6 + Revoked at: Fri Dec 21 14:02:36 UTC 2012 + Serial Number (hex): 00a20b3c0bcdce709ead2058560dd79042 + Revoked at: Fri Dec 21 14:43:30 UTC 2012 + Serial Number (hex): 3fe1c09e8637551e9444dd409080003c + Revoked at: Fri Dec 21 15:22:51 UTC 2012 + Serial Number (hex): 00bebb64304d2df078509fd237b777ddec + Revoked at: Fri Dec 21 15:59:46 UTC 2012 + Serial Number (hex): 00ae9691a3d1e9dddce014cd4ee9a1c3ee + Revoked at: Fri Dec 21 17:39:51 UTC 2012 + Serial Number (hex): 57f3aba166db67448f87d10d390bacea + Revoked at: Fri Dec 21 17:40:27 UTC 2012 + Serial Number (hex): 00be25b3fdd7e674122491591c2f658383 + Revoked at: Fri Dec 21 21:42:54 UTC 2012 + Serial Number (hex): 00d78b9368e47d505853ab8f770028402e + Revoked at: Sat Dec 22 15:20:09 UTC 2012 + Serial Number (hex): 00ace11dda042a3bf22c494b2156f75765 + Revoked at: Sun Dec 23 02:13:28 UTC 2012 + Serial Number (hex): 7598e53b983ffb2d1e613547972728be + Revoked at: Mon Dec 24 02:13:12 UTC 2012 + Serial Number (hex): 3d19e293b0403b5e8b68f728fbecded5 + Revoked at: Mon Dec 24 10:03:32 UTC 2012 + Serial Number (hex): 00a003ed801e64c7bac52835ca92fc2314 + Revoked at: Mon Dec 24 15:24:06 UTC 2012 + Serial Number (hex): 0090c9097d886bc502ce8dd63386f70b02 + Revoked at: Mon Dec 24 16:20:13 UTC 2012 + Serial Number (hex): 009c00bbc86ac9bb2c7f2980cdb4433545 + Revoked at: Mon Dec 24 16:59:48 UTC 2012 + Serial Number (hex): 3e8b3f69eb3dff28742033f762ed35fe + Revoked at: Wed Dec 26 16:44:36 UTC 2012 + Serial Number (hex): 00ac7729e64bd6684334e912704530116f + Revoked at: Wed Dec 26 18:35:18 UTC 2012 + Serial Number (hex): 00a84746d68e2764d52ff38c58c0c28371 + Revoked at: Wed Dec 26 18:36:18 UTC 2012 + Serial Number (hex): 59c66f327b32f44702a3bfb6b67cd609 + Revoked at: Wed Dec 26 18:40:28 UTC 2012 + Serial Number (hex): 0ca2930477976bbe8f9ba38bbccf6892 + Revoked at: Wed Dec 26 20:50:24 UTC 2012 + Serial Number (hex): 009b5430616f14dedd7e19f58635bc0ee2 + Revoked at: Thu Dec 27 16:03:03 UTC 2012 + Serial Number (hex): 00ac85d6b20905cf32a2e06c6e7bfe20c1 + Revoked at: Thu Dec 27 16:15:11 UTC 2012 + Serial Number (hex): 2f5e7128d0127cf16149e921b7b2de9e + Revoked at: Fri Dec 28 16:08:39 UTC 2012 + Serial Number (hex): 00f6ff03278a2e42caa6b2e76947e47b47 + Revoked at: Fri Dec 28 16:26:54 UTC 2012 + Serial Number (hex): 1988aca608c96e65174cf953b47db182 + Revoked at: Wed Jan 02 05:19:28 UTC 2013 + Serial Number (hex): 00a69dcd9c5d0dd5f7016b220d29bc55cc + Revoked at: Wed Jan 02 15:58:34 UTC 2013 + Serial Number (hex): 00ab53b1fc65264535c7a10daa0653fd47 + Revoked at: Wed Jan 02 17:13:04 UTC 2013 + Serial Number (hex): 00b76ad980e2b221c43ccbbfba9a23f04f + Revoked at: Wed Jan 02 17:34:00 UTC 2013 + Serial Number (hex): 1a4e0c8f05dc8f6692276e3728c2dd2e + Revoked at: Wed Jan 02 21:06:36 UTC 2013 + Serial Number (hex): 31daf4545c61df718a649aa8eab5b7c9 + Revoked at: Wed Jan 02 21:12:23 UTC 2013 + Serial Number (hex): 754cdbaa099b3444048f768e205dae0d + Revoked at: Thu Jan 03 09:39:31 UTC 2013 + Serial Number (hex): 7b74a1b97042732909af21ff6b2978dc + Revoked at: Thu Jan 03 10:38:39 UTC 2013 + Serial Number (hex): 00b9f50aaa92ca52cf99a644b36d69501e + Revoked at: Thu Jan 03 11:22:32 UTC 2013 + Serial Number (hex): 224c2c3be05188664c6c36cf52dc6673 + Revoked at: Thu Jan 03 13:55:00 UTC 2013 + Serial Number (hex): 02579684c1d6b1f73403b1f6ec2d1198 + Revoked at: Thu Jan 03 15:49:42 UTC 2013 + Serial Number (hex): 00bd3db5c0294af0174597e4a107b95841 + Revoked at: Thu Jan 03 16:04:30 UTC 2013 + Serial Number (hex): 6b44a1e7d47a5b3e992a303e908e7554 + Revoked at: Thu Jan 03 16:04:42 UTC 2013 + Serial Number (hex): 11bf2751dc235c2a63e23cb47aa2c362 + Revoked at: Thu Jan 03 16:04:49 UTC 2013 + Serial Number (hex): 00c15b5d4017e266573b31ef531519b829 + Revoked at: Thu Jan 03 18:21:45 UTC 2013 + Serial Number (hex): 487bd79f3d5c821855e3812737a2a458 + Revoked at: Thu Jan 03 21:27:03 UTC 2013 + Serial Number (hex): 00e601316a09b8dcfdf21e36c69bf6fa4f + Revoked at: Thu Jan 03 22:25:39 UTC 2013 + Serial Number (hex): 00c46dbbc8acb15b1465793779eed3ad11 + Revoked at: Thu Jan 03 22:26:03 UTC 2013 + Serial Number (hex): 00e7df2a316f201126b93004f8b7150618 + Revoked at: Thu Jan 03 23:13:40 UTC 2013 + Serial Number (hex): 00a901bb9c8e2745274889262ea611db98 + Revoked at: Fri Jan 04 10:52:00 UTC 2013 + Serial Number (hex): 00d510f01283a11470b6e6bdc51b2e7ed6 + Revoked at: Fri Jan 04 14:33:40 UTC 2013 + Serial Number (hex): 2f363612654c65c5c009152767f45591 + Revoked at: Fri Jan 04 14:44:04 UTC 2013 + Serial Number (hex): 0615669ced635d81ca3f3696d368579f + Revoked at: Fri Jan 04 16:29:27 UTC 2013 + Serial Number (hex): 00c70640ffd436c1c906bd7a2e1d938cf8 + Revoked at: Fri Jan 04 18:08:52 UTC 2013 + Serial Number (hex): 00c5b78041996e68ecb7cdfd444838511e + Revoked at: Fri Jan 04 18:57:58 UTC 2013 + Serial Number (hex): 6ce40fca6a747a1fefab2e28d8a7b224 + Revoked at: Fri Jan 04 20:22:00 UTC 2013 + Serial Number (hex): 00f14882c2bf31b98fec9d16c9f0b5790b + Revoked at: Fri Jan 04 21:29:50 UTC 2013 + Serial Number (hex): 0b0c80a99f86d82cbe26240d0c734721 + Revoked at: Fri Jan 04 21:55:19 UTC 2013 + Serial Number (hex): 00fde687011860ed1ab9e5fb17b45d7f7a + Revoked at: Fri Jan 04 23:02:37 UTC 2013 + Serial Number (hex): 31d98ff78bfa546bed0b15f88466ddb8 + Revoked at: Mon Jan 07 02:13:01 UTC 2013 + Serial Number (hex): 3f2b945f87f15c0f9d6eb61db87cc81d + Revoked at: Mon Jan 07 14:40:40 UTC 2013 + Serial Number (hex): 3ea79ebd91ee63fb54247f488a43d19d + Revoked at: Mon Jan 07 19:20:39 UTC 2013 + Serial Number (hex): 00be4ef16a20edd69927b688bdf5328b9e + Revoked at: Mon Jan 07 20:24:01 UTC 2013 + Serial Number (hex): 00be697fc9ddc04b6cc30ff5bb21e36289 + Revoked at: Mon Jan 07 20:32:32 UTC 2013 + Serial Number (hex): 72e23ce963edce9c1dbeae7873da0bf7 + Revoked at: Mon Jan 07 20:32:48 UTC 2013 + Serial Number (hex): 5f9237c5d520166caa2d6d5ee1916a02 + Revoked at: Tue Jan 08 07:41:02 UTC 2013 + Serial Number (hex): 67bcb28d219b24508b1c445dabd1b11e + Revoked at: Tue Jan 08 14:12:43 UTC 2013 + Serial Number (hex): 6e8477e61667ed98dc22beb9678c67ba + Revoked at: Tue Jan 08 15:16:39 UTC 2013 + Serial Number (hex): 00c1f6c3f72a9e9d70701128a3b8290833 + Revoked at: Tue Jan 08 15:38:53 UTC 2013 + Serial Number (hex): 5a75afe65ec4076ce1f621d190e5e080 + Revoked at: Tue Jan 08 19:04:54 UTC 2013 + Serial Number (hex): 00a2f5806f8a5306cab2ebbdf64b5ef9b4 + Revoked at: Tue Jan 08 20:58:50 UTC 2013 + Serial Number (hex): 00bd38eab46cd19e3ef32667e76142e8 + Revoked at: Tue Jan 08 21:05:07 UTC 2013 + Serial Number (hex): 00b0a454ccddbbb1a943cfab1f5f0cdfa7 + Revoked at: Tue Jan 08 21:19:24 UTC 2013 + Serial Number (hex): 34cdf01f41f55889e2eae08a72225215 + Revoked at: Tue Jan 08 22:22:45 UTC 2013 + Serial Number (hex): 009eda8defc3a66c36a75767296b77e941 + Revoked at: Wed Jan 09 00:18:31 UTC 2013 + Serial Number (hex): 00d9164c855fb12d0a4b59304e351a48f5 + Revoked at: Wed Jan 09 00:20:19 UTC 2013 + Serial Number (hex): 00c5c0e7f5155bf0a6fac7fca20b499901 + Revoked at: Wed Jan 09 00:20:56 UTC 2013 + Serial Number (hex): 7b3a1d3e2658b489c8224bbfab5e1dc2 + Revoked at: Wed Jan 09 00:21:26 UTC 2013 + Serial Number (hex): 0088598d8b11545e37b707f424440ef1b9 + Revoked at: Wed Jan 09 00:21:53 UTC 2013 + Serial Number (hex): 00a2ab728c76cc35b651df451138e3cb0a + Revoked at: Wed Jan 09 00:22:16 UTC 2013 + Serial Number (hex): 3adc31dabfa94bb4199814a1d2810019 + Revoked at: Wed Jan 09 00:22:45 UTC 2013 + Serial Number (hex): 1aa0b081bbebeb24cfa03ffa9cd622c2 + Revoked at: Wed Jan 09 00:23:10 UTC 2013 + Serial Number (hex): 00dbd4c1c63a6ca9feb289e3e37d2ebecb + Revoked at: Wed Jan 09 00:23:44 UTC 2013 + Serial Number (hex): 2ca3507e631b2a85c92ab75d270b4ef6 + Revoked at: Wed Jan 09 15:08:27 UTC 2013 + Serial Number (hex): 00b0a2d9ec0b5eebdb2c4a2913c68ff50d + Revoked at: Wed Jan 09 15:56:37 UTC 2013 + Serial Number (hex): 0083d47ee08caa829bdca4c823aa1ac784 + Revoked at: Wed Jan 09 16:18:10 UTC 2013 + Serial Number (hex): 00e3c8de349e7d922b5155c67b998a8b + Revoked at: Wed Jan 09 16:47:24 UTC 2013 + Serial Number (hex): 00b63bc6fc38e9a5cbf418e26d74995edf + Revoked at: Wed Jan 09 17:07:46 UTC 2013 + Serial Number (hex): 0081f57095c7a2f590823be90ccf7f37d1 + Revoked at: Wed Jan 09 18:48:51 UTC 2013 + Serial Number (hex): 00f5538391a80d9c4875ff4ef61a659f34 + Revoked at: Wed Jan 09 19:23:53 UTC 2013 + Serial Number (hex): 00dd294ea7c8472a983fb9530d2f080a25 + Revoked at: Thu Jan 10 08:26:26 UTC 2013 + Serial Number (hex): 00b67e7c83a06e2ddef467ae1397568eb1 + Revoked at: Thu Jan 10 15:40:33 UTC 2013 + Serial Number (hex): 709017443cc7c15bb4256f2db93a3e21 + Revoked at: Thu Jan 10 15:54:27 UTC 2013 + Serial Number (hex): 4e1e372809c512654da0f881550692cf + Revoked at: Thu Jan 10 18:46:59 UTC 2013 + Serial Number (hex): 009a4c2436219469956e1740437fb593e8 + Revoked at: Thu Jan 10 19:18:40 UTC 2013 + Serial Number (hex): 008c53caddcd8895151ec110107df6a486 + Revoked at: Thu Jan 10 19:36:24 UTC 2013 + Serial Number (hex): 083cd9d418df7556125dd135e174962c + Revoked at: Thu Jan 10 20:01:41 UTC 2013 + Serial Number (hex): 0081c695d187a7c81ce07f95356f81e0f8 + Revoked at: Thu Jan 10 20:33:26 UTC 2013 + Serial Number (hex): 1abe5b22541b3d42dd819189bef8c39d + Revoked at: Thu Jan 10 20:54:59 UTC 2013 + Serial Number (hex): 00b64ec7f56cae33735121b24032354061 + Revoked at: Thu Jan 10 20:57:10 UTC 2013 + Serial Number (hex): 0321e59c0b5f10408dec1e7bc7fde2b9 + Revoked at: Thu Jan 10 21:15:49 UTC 2013 + Serial Number (hex): 00cef20d5466db96b64946e68c8ff9b566 + Revoked at: Thu Jan 10 21:42:16 UTC 2013 + Serial Number (hex): 4ac31c2b45cb62b7ae798a78b62c9677 + Revoked at: Fri Jan 11 12:21:04 UTC 2013 + Serial Number (hex): 00d9f122076b3d522362cbdc74f7b4af07 + Revoked at: Fri Jan 11 16:01:12 UTC 2013 + Serial Number (hex): 1f2d594c07317636fe2e1435a1f8f518 + Revoked at: Fri Jan 11 18:55:54 UTC 2013 + Serial Number (hex): 00fb82e13f5a6da0bc04ba243780b2c039 + Revoked at: Fri Jan 11 19:09:56 UTC 2013 + Serial Number (hex): 1170bcae76af5dfcd105d6aca6eba461 + Revoked at: Fri Jan 11 22:31:22 UTC 2013 + Serial Number (hex): 01afed68f6d5087bfb8c7a83592fab6b + Revoked at: Fri Jan 11 22:35:30 UTC 2013 + Serial Number (hex): 057721fda7ab3381b033e9585fd793e2 + Revoked at: Sat Jan 12 01:04:21 UTC 2013 + Serial Number (hex): 49b1314a575a4750fc5bbf22c62308b6 + Revoked at: Sun Jan 13 20:53:22 UTC 2013 + Serial Number (hex): 7679594d0519b5805f7a41b21140be2a + Revoked at: Mon Jan 14 02:13:05 UTC 2013 + Serial Number (hex): 0092bb83828db07b1ecf099f80a11e6209 + Revoked at: Mon Jan 14 14:23:12 UTC 2013 + Serial Number (hex): 00e57c278b680bd71293c14e815be98a18 + Revoked at: Mon Jan 14 15:14:31 UTC 2013 + Serial Number (hex): 0e2b3cb512a41329dea49ebd482b446c + Revoked at: Mon Jan 14 16:06:30 UTC 2013 + Serial Number (hex): 008a92ab8bf160c0e441f21ac06f2c6af0 + Revoked at: Mon Jan 14 16:29:04 UTC 2013 + Serial Number (hex): 009dc11007d57e0e5acc5dba294b465a30 + Revoked at: Mon Jan 14 19:29:03 UTC 2013 + Serial Number (hex): 265c10378f34760403a6ae67db1eb46c + Revoked at: Mon Jan 14 19:48:35 UTC 2013 + Serial Number (hex): 4cea74f54a7f3e08039f74ee67cf5311 + Revoked at: Mon Jan 14 19:48:47 UTC 2013 + Serial Number (hex): 00a16daaa2d167f4ef3642253b61749c8d + Revoked at: Mon Jan 14 21:19:25 UTC 2013 + Serial Number (hex): 0083f1dc04d333e9b091afb21d50996c79 + Revoked at: Mon Jan 14 22:20:42 UTC 2013 + Serial Number (hex): 7ec032ee958aeb9d6557a2723cbc15d3 + Revoked at: Tue Jan 15 00:57:52 UTC 2013 + Serial Number (hex): 56d305de433ee99874517acbb32c7c70 + Revoked at: Tue Jan 15 17:57:26 UTC 2013 + Serial Number (hex): 535001d70d85ec5e206e2fd6fc06d8ab + Revoked at: Tue Jan 15 17:57:31 UTC 2013 + Serial Number (hex): 00bb7c9a0bc6cec40c8bd940fcbe3ab6c1 + Revoked at: Tue Jan 15 17:57:34 UTC 2013 + Serial Number (hex): 009bb57c63b2f41bed842a1b8b6b292da4 + Revoked at: Tue Jan 15 18:24:44 UTC 2013 + Serial Number (hex): 0082f91293176eede29cf3ae0f4321494c + Revoked at: Tue Jan 15 19:06:44 UTC 2013 + Serial Number (hex): 2d3b0c3cb0424bef0fcf0631ee7eed76 + Revoked at: Tue Jan 15 19:34:04 UTC 2013 + Serial Number (hex): 4be3bc1eb471f5bd51bec996a202e12e + Revoked at: Tue Jan 15 21:04:04 UTC 2013 + Serial Number (hex): 16da90d07c5221cab8c1aa45175b893f + Revoked at: Tue Jan 15 21:11:08 UTC 2013 + Serial Number (hex): 493db6cc0646ef50afce651c895c2657 + Revoked at: Wed Jan 16 12:16:52 UTC 2013 + Serial Number (hex): 407b8470ecc9c6be1215691aaf248da1 + Revoked at: Wed Jan 16 20:39:42 UTC 2013 + Serial Number (hex): 0b3f1129811924eb61cab2e5b1d0a54a + Revoked at: Wed Jan 16 20:45:36 UTC 2013 + Serial Number (hex): 008470e21ac9c9f5d43ceef2b34f2a611d + Revoked at: Wed Jan 16 21:46:47 UTC 2013 + Serial Number (hex): 3caa9049a05cbc307eb3b454ec17a14c + Revoked at: Thu Jan 17 02:46:24 UTC 2013 + Serial Number (hex): 00ebfb7ad2fd03c08af732b5f13a839c1e + Revoked at: Thu Jan 17 11:56:39 UTC 2013 + Serial Number (hex): 6436ef1be5f465b5bf59b808419cb088 + Revoked at: Thu Jan 17 15:57:28 UTC 2013 + Serial Number (hex): 133a127e9bd30d5170e4b195cfef482d + Revoked at: Thu Jan 17 16:13:54 UTC 2013 + Serial Number (hex): 009216969a771cc1b175c0f090c4a8c557 + Revoked at: Thu Jan 17 17:36:50 UTC 2013 + Serial Number (hex): 00fb349a38fcacde27cd3ac9ee8c12dbd9 + Revoked at: Thu Jan 17 17:38:14 UTC 2013 + Serial Number (hex): 00e58b39c0a7b35c860301c85a24be8318 + Revoked at: Thu Jan 17 17:39:18 UTC 2013 + Serial Number (hex): 7cada91acf6017f4c1ee37b626200aa0 + Revoked at: Thu Jan 17 17:40:49 UTC 2013 + Serial Number (hex): 009c593d1daed99c6e65f7e7038e415c2c + Revoked at: Thu Jan 17 17:42:18 UTC 2013 + Serial Number (hex): 7828ee8a69d6670f40dde97f3e0c9da7 + Revoked at: Thu Jan 17 17:44:36 UTC 2013 + Serial Number (hex): 18ad3e3433df6d9ee0825a97731cf9c4 + Revoked at: Thu Jan 17 17:47:16 UTC 2013 + Serial Number (hex): 355ef444e5e77dd9b67931d24d6f1b4a + Revoked at: Thu Jan 17 18:56:55 UTC 2013 + Serial Number (hex): 00e569c03530918a949b4ea4770892240e + Revoked at: Thu Jan 17 19:07:52 UTC 2013 + Serial Number (hex): 00adf5b47b794099abd5107199e94a94ae + Revoked at: Thu Jan 17 21:44:41 UTC 2013 + Serial Number (hex): 41fe1136501b898be8f9d2e068bb1345 + Revoked at: Thu Jan 17 22:27:52 UTC 2013 + Serial Number (hex): 00dce95f05c1a16be58d4e4ed0351b4873 + Revoked at: Fri Jan 18 02:11:42 UTC 2013 + Serial Number (hex): 24168a796efc396ce4af0ca1106e663d + Revoked at: Fri Jan 18 02:12:10 UTC 2013 + Serial Number (hex): 55d5375d50536b67727e379bb5691901 + Revoked at: Fri Jan 18 02:12:25 UTC 2013 + Serial Number (hex): 008f61897b9872b1c6923da866b4fcec57 + Revoked at: Fri Jan 18 02:12:38 UTC 2013 + Serial Number (hex): 00b53b9ffd411102e0faa93e182b2b93d9 + Revoked at: Fri Jan 18 02:13:04 UTC 2013 + Serial Number (hex): 00da269ea9aa04e39e96afefab9b23f2ab + Revoked at: Fri Jan 18 16:46:35 UTC 2013 + Serial Number (hex): 31b1d40d6c31adfea044f7d549811542 + Revoked at: Fri Jan 18 18:25:13 UTC 2013 + Serial Number (hex): 00e900d7513dffd2f1d8e717f7fd74fee2 + Revoked at: Fri Jan 18 19:23:21 UTC 2013 + Serial Number (hex): 176f69339c2bce58370ef60d132fb0b9 + Revoked at: Fri Jan 18 21:12:02 UTC 2013 + Serial Number (hex): 664908a2cab94a61e5cbc17009295a29 + Revoked at: Fri Jan 18 22:38:37 UTC 2013 + Serial Number (hex): 5606d2abb8216dd06ca0d5a1c93b1cae + Revoked at: Sat Jan 19 02:13:04 UTC 2013 + Serial Number (hex): 71af801cf55988096081a34b9222a4dc + Revoked at: Sat Jan 19 18:50:53 UTC 2013 + Serial Number (hex): 00ba9fe686cfa15c608ba7f0bbd4464d39 + Revoked at: Sun Jan 20 02:13:07 UTC 2013 + Serial Number (hex): 0ac36c8f10cdd789074b7d16e022f475 + Revoked at: Sun Jan 20 19:46:17 UTC 2013 + Serial Number (hex): 00b8addfdf006fa3c6603c84608f327063 + Revoked at: Mon Jan 21 14:43:47 UTC 2013 + Serial Number (hex): 7184cef374695e007f6ebd9c16c1d967 + Revoked at: Mon Jan 21 15:01:20 UTC 2013 + Serial Number (hex): 1e8aedb7a6d49eb3d615368a59d70d82 + Revoked at: Mon Jan 21 15:33:41 UTC 2013 + Serial Number (hex): 008889ee10b1842c3f9a19f93897d63b90 + Revoked at: Mon Jan 21 18:24:02 UTC 2013 + Serial Number (hex): 009139edfd7cce68bb7c8266972769a11a + Revoked at: Mon Jan 21 20:32:51 UTC 2013 + Serial Number (hex): 00f42a0f71693d44df387cae1b708d0219 + Revoked at: Tue Jan 22 04:57:55 UTC 2013 + Serial Number (hex): 00f876c0765c08c8d7ecafae1e3573f59f + Revoked at: Tue Jan 22 13:34:05 UTC 2013 + Serial Number (hex): 1ad8493228d93b39151c469c64aaebde + Revoked at: Tue Jan 22 15:32:20 UTC 2013 + Serial Number (hex): 195edbe1eb7a2a8ef3ff4c6fc1bd0c67 + Revoked at: Tue Jan 22 16:05:52 UTC 2013 + Serial Number (hex): 43a23ef6ad0c2519f893b34b83630cf6 + Revoked at: Tue Jan 22 19:54:37 UTC 2013 + Serial Number (hex): 00992ef9956421aaa73c9770946a025288 + Revoked at: Tue Jan 22 19:57:37 UTC 2013 + Serial Number (hex): 4c96a652a62a7413d3f6b8ab48d9a1e5 + Revoked at: Tue Jan 22 21:00:17 UTC 2013 + Serial Number (hex): 00f023b87c924f8b7ea65b997f0742afd9 + Revoked at: Tue Jan 22 21:00:38 UTC 2013 + Serial Number (hex): 00a077e483c6a017d1167efc698bb0a199 + Revoked at: Tue Jan 22 21:04:56 UTC 2013 + Serial Number (hex): 166017082b13929e41c3bf0382ab9966 + Revoked at: Tue Jan 22 21:15:22 UTC 2013 + Serial Number (hex): 00be5cdca0c864b99745a7e9e7c47f9e48 + Revoked at: Wed Jan 23 10:26:38 UTC 2013 + Serial Number (hex): 00ee35ba3831baa27f50f243e6eb1a1c40 + Revoked at: Wed Jan 23 10:40:46 UTC 2013 + Serial Number (hex): 00d04da1c7e8101c4c5c4cf74165c237f0 + Revoked at: Wed Jan 23 12:16:17 UTC 2013 + Serial Number (hex): 60cf6996adc2ab6da81120c29c49408b + Revoked at: Wed Jan 23 13:15:27 UTC 2013 + Serial Number (hex): 1c00b717e32e8e9e06fbf58ca03674cf + Revoked at: Wed Jan 23 13:36:05 UTC 2013 + Serial Number (hex): 008f992d7d0adffe234c3fffe9f80f9449 + Revoked at: Wed Jan 23 13:38:14 UTC 2013 + Serial Number (hex): 00ab8767003db63caf1a0e302d1ad3c788 + Revoked at: Wed Jan 23 14:40:53 UTC 2013 + Serial Number (hex): 762bd3abc066e110987b5901f1f4dc24 + Revoked at: Wed Jan 23 17:24:23 UTC 2013 + Serial Number (hex): 2232acb0bb3c1d3c4221e84037e4f89b + Revoked at: Wed Jan 23 17:49:01 UTC 2013 + Serial Number (hex): 008de5dfbad7233d0c948fc9493c12c2b8 + Revoked at: Wed Jan 23 17:50:05 UTC 2013 + Serial Number (hex): 0388c5bb1155ad1875b17f2857160372 + Revoked at: Wed Jan 23 17:50:26 UTC 2013 + Serial Number (hex): 0eeec932ce6d7ce65954641dd2e917a5 + Revoked at: Wed Jan 23 17:50:45 UTC 2013 + Serial Number (hex): 00ab932948e867c96e61750653ecabb53c + Revoked at: Wed Jan 23 18:21:27 UTC 2013 + Serial Number (hex): 02bbe0c3e81f14fde5943b0f450a36ed + Revoked at: Thu Jan 24 14:20:38 UTC 2013 + Serial Number (hex): 59af8ea35bd4041062cc97ad2406cd76 + Revoked at: Thu Jan 24 16:13:28 UTC 2013 + Serial Number (hex): 00b072216602ab8bde03882e64a0b86142 + Revoked at: Thu Jan 24 16:21:47 UTC 2013 + Serial Number (hex): 3360b8c7b178eb26342f24e263113527 + Revoked at: Thu Jan 24 16:36:15 UTC 2013 + Serial Number (hex): 00c8ad77e85cd63bc08561318c545d8184 + Revoked at: Thu Jan 24 16:47:23 UTC 2013 + Serial Number (hex): 06348d02cccac12214c047cd826ac79c + Revoked at: Thu Jan 24 16:50:07 UTC 2013 + Serial Number (hex): 00c795ed8bf4fc1aede71a8ffbf671e5f0 + Revoked at: Thu Jan 24 16:58:56 UTC 2013 + Serial Number (hex): 2a3fe77df20f5b6aea7d511cebdfc802 + Revoked at: Thu Jan 24 17:00:26 UTC 2013 + Serial Number (hex): 7c9d083ab93dc5883ab25a969d503728 + Revoked at: Thu Jan 24 17:15:58 UTC 2013 + Serial Number (hex): 24c4fc126f2131429e5431beee495066 + Revoked at: Thu Jan 24 18:19:20 UTC 2013 + Serial Number (hex): 00fc7ab62111532d9fa405e00d2df6f9bc + Revoked at: Thu Jan 24 19:20:24 UTC 2013 + Serial Number (hex): 00f8e0af611bd810f950638f7497b6aba5 + Revoked at: Thu Jan 24 19:32:01 UTC 2013 + Serial Number (hex): 4172ba721502581c06d87127f45eedad + Revoked at: Thu Jan 24 19:35:26 UTC 2013 + Serial Number (hex): 4b2fd6bd387d0e5ade2512aa5f6bcf96 + Revoked at: Thu Jan 24 19:46:49 UTC 2013 + Serial Number (hex): 62d7ae9d902d95b61dbfa0df24c9c651 + Revoked at: Thu Jan 24 19:54:14 UTC 2013 + Serial Number (hex): 00e10373b961b94b90586a89cce17a6cf4 + Revoked at: Thu Jan 24 21:39:06 UTC 2013 + Serial Number (hex): 576f4d1e0e3aef4ad3a073b1a11b1f19 + Revoked at: Fri Jan 25 13:49:47 UTC 2013 + Serial Number (hex): 5a24a0aeedf511fb8118878d868fb5a7 + Revoked at: Fri Jan 25 14:48:19 UTC 2013 + Serial Number (hex): 659063e2c8e5a69c75f457fd6dc8866c + Revoked at: Fri Jan 25 15:05:28 UTC 2013 + Serial Number (hex): 00a858615f0e1337225a3c7babf1a5a391 + Revoked at: Fri Jan 25 16:41:38 UTC 2013 + Serial Number (hex): 0093f8f0eee942fbb52ec06a4a78ee483a + Revoked at: Fri Jan 25 16:41:46 UTC 2013 + Serial Number (hex): 74b7d915cfbcb62e04728c99d8f09458 + Revoked at: Fri Jan 25 17:10:18 UTC 2013 + Serial Number (hex): 04f091e9e24c9e6c46a310c2724173b4 + Revoked at: Fri Jan 25 17:59:37 UTC 2013 + Serial Number (hex): 00dfa9d76f87ece57397b5bba8c5c7977b + Revoked at: Fri Jan 25 18:27:09 UTC 2013 + Serial Number (hex): 0846a40d5d0b04fdff45734854ec2ae3 + Revoked at: Fri Jan 25 20:20:02 UTC 2013 + Serial Number (hex): 39bb0d35a1af0bd68869bd5390ee0ae4 + Revoked at: Fri Jan 25 20:56:20 UTC 2013 + Serial Number (hex): 0096327f7b7cf94ebf388c400443165873 + Revoked at: Sat Jan 26 02:04:04 UTC 2013 + Serial Number (hex): 0096b583f82b6d80597c7624c0d88024ad + Revoked at: Mon Jan 28 08:39:50 UTC 2013 + Serial Number (hex): 00a673284790472a0b06cf906b127ed2b6 + Revoked at: Mon Jan 28 09:15:52 UTC 2013 + Serial Number (hex): 07d74a6e631318c838851768b6b32134 + Revoked at: Mon Jan 28 14:41:52 UTC 2013 + Serial Number (hex): 009a147ee86d3eee0e1777030332a6a5ee + Revoked at: Mon Jan 28 16:00:36 UTC 2013 + Serial Number (hex): 415862709746183fdff44d3100be0f61 + Revoked at: Mon Jan 28 16:14:12 UTC 2013 + Serial Number (hex): 72a864b2ac8846b090321739d72febd8 + Revoked at: Mon Jan 28 16:14:18 UTC 2013 + Serial Number (hex): 00bf2608952518cafeefd2634679a3e58c + Revoked at: Mon Jan 28 19:28:06 UTC 2013 + Serial Number (hex): 008c151a519195584e29cef0c2b691a4d1 + Revoked at: Mon Jan 28 19:28:41 UTC 2013 + Serial Number (hex): 450f3afa3ede44dc6e33608ffe71008d + Revoked at: Mon Jan 28 19:55:37 UTC 2013 + Serial Number (hex): 703c25a92a318ef0e8c0b162e519c10e + Revoked at: Mon Jan 28 19:55:37 UTC 2013 + Serial Number (hex): 4794bb0fa19df4d92a56fc10735ec0b1 + Revoked at: Mon Jan 28 20:14:06 UTC 2013 + Serial Number (hex): 240bc91ff9583209e494bcace4ee0b98 + Revoked at: Mon Jan 28 21:57:21 UTC 2013 + Serial Number (hex): 1a894576c3a4db302e06a2f3ff14b632 + Revoked at: Tue Jan 29 09:47:10 UTC 2013 + Serial Number (hex): 7289de76c6c753f19b14559e1cce1db4 + Revoked at: Tue Jan 29 14:08:18 UTC 2013 + Serial Number (hex): 43928cca5ffa108b5738cb798e9e3e8c + Revoked at: Tue Jan 29 14:08:26 UTC 2013 + Serial Number (hex): 4b5403231f182911e28cff737f82d251 + Revoked at: Tue Jan 29 14:09:56 UTC 2013 + Serial Number (hex): 00b7a6ebeb45768cea6aa3ed29b87e7dc1 + Revoked at: Tue Jan 29 15:39:02 UTC 2013 + Serial Number (hex): 00a9b01c958a542ea9caac869dc42630f7 + Revoked at: Tue Jan 29 18:03:20 UTC 2013 + Serial Number (hex): 44de212c4a49ff61529050aa9c0c7154 + Revoked at: Tue Jan 29 18:48:20 UTC 2013 + Serial Number (hex): 00d178b6749f701d0619345b80cd21968e + Revoked at: Tue Jan 29 20:26:16 UTC 2013 + Serial Number (hex): 13b48266a7281e71980e3ddd6ab89e0b + Revoked at: Tue Jan 29 20:58:29 UTC 2013 + Serial Number (hex): 565204f5b509307fb1e1ffb80eec89d0 + Revoked at: Tue Jan 29 21:42:43 UTC 2013 + Serial Number (hex): 7c683304cfbeb5010d947aeb7ba446cd + Revoked at: Wed Jan 30 14:03:44 UTC 2013 + Serial Number (hex): 7f2b5c7c485f24b59750b0298896a7b6 + Revoked at: Wed Jan 30 14:11:01 UTC 2013 + Serial Number (hex): 00e5214e9e07aeb866d0c98ae1ed66e200 + Revoked at: Wed Jan 30 14:58:10 UTC 2013 + Serial Number (hex): 00800ac8fef9363d3eaff10920770a0833 + Revoked at: Wed Jan 30 15:00:29 UTC 2013 + Serial Number (hex): 48897dcedbe38b069141e5531aa5b57b + Revoked at: Wed Jan 30 15:22:18 UTC 2013 + Serial Number (hex): 008f12d5fffb8e852fcc9a1e7d433a27ee + Revoked at: Wed Jan 30 16:00:14 UTC 2013 + Serial Number (hex): 1209f57d3e27be6affd1f4ebe07c99d9 + Revoked at: Wed Jan 30 17:38:07 UTC 2013 + Serial Number (hex): 28ffdbe9824a6bec461456164f6c1da0 + Revoked at: Wed Jan 30 17:55:56 UTC 2013 + Serial Number (hex): 00fd69a750f7ff040199ba38bd1f4462bf + Revoked at: Wed Jan 30 17:56:04 UTC 2013 + Serial Number (hex): 008d2b79a8fdd2182e95b3adfdf074b6b1 + Revoked at: Wed Jan 30 17:56:10 UTC 2013 + Serial Number (hex): 7f5b445df3f1c0636914d8f0a6e7c7fb + Revoked at: Wed Jan 30 17:56:17 UTC 2013 + Serial Number (hex): 00dd3fb2284536010103df8fb3e15f2407 + Revoked at: Wed Jan 30 17:56:23 UTC 2013 + Serial Number (hex): 00dadb12f66ee5834efa363cd70f50cbe0 + Revoked at: Wed Jan 30 18:04:01 UTC 2013 + Serial Number (hex): 00d1450b11466f5c6ccdb53d26f03bd1c6 + Revoked at: Wed Jan 30 18:13:05 UTC 2013 + Serial Number (hex): 1392e41794c98b64f7727215d7d5f988 + Revoked at: Wed Jan 30 18:44:44 UTC 2013 + Serial Number (hex): 5fe146cf62cb9a9e76691a89bae2158d + Revoked at: Wed Jan 30 21:41:42 UTC 2013 + Serial Number (hex): 00b2b10be8f18b247785a2b7b9e6be8452 + Revoked at: Wed Jan 30 21:43:04 UTC 2013 + Serial Number (hex): 67eed2584e04e5f35848c31150a0d579 + Revoked at: Thu Jan 31 14:54:40 UTC 2013 + Serial Number (hex): 7022f563f14ef9170b052bbaacd94f33 + Revoked at: Thu Jan 31 20:23:53 UTC 2013 + Serial Number (hex): 1f1c3521410b3632bfb3376839774fc1 + Revoked at: Thu Jan 31 22:41:00 UTC 2013 + Serial Number (hex): 00d5dc658a73647e5a6fc799cddb1b0010 + Revoked at: Fri Feb 01 00:02:59 UTC 2013 + Serial Number (hex): 1268bad6c874b987b7aae751b933e81a + Revoked at: Fri Feb 01 00:03:19 UTC 2013 + Serial Number (hex): 00d3d03cebfd5f414c3a52cf2352117507 + Revoked at: Fri Feb 01 01:05:15 UTC 2013 + Serial Number (hex): 00869f14d65df6b5f625146be92eddaa3e + Revoked at: Fri Feb 01 03:59:49 UTC 2013 + Serial Number (hex): 008fc3790bb7263d0de50d13604db13c6b + Revoked at: Fri Feb 01 04:26:36 UTC 2013 + Serial Number (hex): 64aceb173eaf0d76cf78f5fe052ae275 + Revoked at: Fri Feb 01 13:31:17 UTC 2013 + Serial Number (hex): 1f3d7503d7aee6af84198b4e8fb16194 + Revoked at: Fri Feb 01 16:11:14 UTC 2013 + Serial Number (hex): 00b8cdfeae7b28bed43bae08f6ea51533b + Revoked at: Fri Feb 01 18:23:40 UTC 2013 + Serial Number (hex): 3593663ea679188a69adab47e7b2c9df + Revoked at: Fri Feb 01 18:32:41 UTC 2013 + Serial Number (hex): 2b40d61455894d56ecce7290e9041430 + Revoked at: Fri Feb 01 18:33:03 UTC 2013 + Serial Number (hex): 101a9a83e5f7b1b3f2175187c327d674 + Revoked at: Fri Feb 01 18:51:05 UTC 2013 + Serial Number (hex): 1af220a8f693f78153d74a8f755ddcf1 + Revoked at: Fri Feb 01 18:51:05 UTC 2013 + Serial Number (hex): 3c89e84cee1a1e3acb35c4c6936ac6aa + Revoked at: Fri Feb 01 18:51:06 UTC 2013 + Serial Number (hex): 00b18bcf7830975bc73a83fac8dda9227c + Revoked at: Fri Feb 01 18:56:04 UTC 2013 + Serial Number (hex): 1f1ecb5af21164ef561b988264b16cd3 + Revoked at: Fri Feb 01 19:26:07 UTC 2013 + Serial Number (hex): 6e11d6c7387308575acbc28af7a93917 + Revoked at: Fri Feb 01 21:16:37 UTC 2013 + Serial Number (hex): 00f8f66ff6f255f2ae3f53d82ab682fc12 + Revoked at: Fri Feb 01 22:44:25 UTC 2013 + Serial Number (hex): 00f37db1da53bc20ae6bbaa99c68023e88 + Revoked at: Mon Feb 04 07:40:17 UTC 2013 + Serial Number (hex): 56717ce42b68bf8681648a999a571e89 + Revoked at: Mon Feb 04 07:51:03 UTC 2013 + Serial Number (hex): 00ae93b6658a5c5203cc30fc85b80d0093 + Revoked at: Mon Feb 04 14:34:14 UTC 2013 + Serial Number (hex): 00f3104ed0d36bcf68ce4c431e9392981a + Revoked at: Mon Feb 04 14:35:51 UTC 2013 + Serial Number (hex): 0086981d5a3ab05bdabca27151200d02f8 + Revoked at: Mon Feb 04 14:58:50 UTC 2013 + Serial Number (hex): 0081db948f8997ce58602868321fcc3009 + Revoked at: Mon Feb 04 15:08:05 UTC 2013 + Serial Number (hex): 00954049c30dc28878ca5007895bcfa1b9 + Revoked at: Mon Feb 04 15:28:56 UTC 2013 + Serial Number (hex): 6b3260c47afd18177ef6f0f61159c026 + Revoked at: Mon Feb 04 15:30:21 UTC 2013 + Serial Number (hex): 24ce02185021bd23082fd32f91e1794d + Revoked at: Mon Feb 04 16:04:52 UTC 2013 + Serial Number (hex): 00d9e91d985ea99df184006a61a58d4ae1 + Revoked at: Mon Feb 04 16:40:05 UTC 2013 + Serial Number (hex): 7390e14c956523ec2fa8539c2cac3668 + Revoked at: Mon Feb 04 17:20:50 UTC 2013 + Serial Number (hex): 0089c802c0e51cb67249d28d558b2552b1 + Revoked at: Mon Feb 04 17:27:57 UTC 2013 + Serial Number (hex): 00fbfb814686600d894248673afeb3cfe4 + Revoked at: Mon Feb 04 20:31:46 UTC 2013 + Serial Number (hex): 5c8eaa00aa77f730503e8a1466d1026f + Revoked at: Tue Feb 05 07:04:00 UTC 2013 + Serial Number (hex): 3901206c74af7d4ee34d347e85aa71d3 + Revoked at: Tue Feb 05 10:35:01 UTC 2013 + Serial Number (hex): 762aec2a06c5b871411f375710124016 + Revoked at: Tue Feb 05 14:14:55 UTC 2013 + Serial Number (hex): 00f6774d55d84e46a12c94fb21a4a49170 + Revoked at: Tue Feb 05 14:15:18 UTC 2013 + Serial Number (hex): 00c8a6558c06e26eedd73ba22a1a2c03f0 + Revoked at: Tue Feb 05 14:28:52 UTC 2013 + Serial Number (hex): 12fa09e7fdbd7a2354d23db920e2ce69 + Revoked at: Tue Feb 05 15:12:24 UTC 2013 + Serial Number (hex): 25f7d6243d98a19d7434d4570e09c19a + Revoked at: Tue Feb 05 15:12:52 UTC 2013 + Serial Number (hex): 30fa8ee1931719e4bfb759515be12de5 + Revoked at: Tue Feb 05 16:16:25 UTC 2013 + Serial Number (hex): 00dbd822f44e4f95e8c2f24f260c98b7e9 + Revoked at: Tue Feb 05 17:47:17 UTC 2013 + Serial Number (hex): 5f08f31bb9b1704706a62f00cb729f59 + Revoked at: Tue Feb 05 18:11:51 UTC 2013 + Serial Number (hex): 617b3b5b965e3940d195c5038d71fa03 + Revoked at: Tue Feb 05 18:20:39 UTC 2013 + Serial Number (hex): 00df899bb43662baa135b0e56ade18bd6c + Revoked at: Tue Feb 05 19:37:36 UTC 2013 + Serial Number (hex): 008cc424e64905097e42d8d398815c1600 + Revoked at: Tue Feb 05 22:23:22 UTC 2013 + Serial Number (hex): 00b721b8f1a6f73fb903e87b6d21b55c1d + Revoked at: Wed Feb 06 07:09:01 UTC 2013 + Serial Number (hex): 59f82009ce1de585c1c35bd144df23db + Revoked at: Wed Feb 06 07:09:46 UTC 2013 + Serial Number (hex): 00b613c16dc7e259e271941db4c0028a8f + Revoked at: Wed Feb 06 07:12:39 UTC 2013 + Serial Number (hex): 11063be038be51bb8a84ea0ead9dafe5 + Revoked at: Wed Feb 06 13:48:24 UTC 2013 + Serial Number (hex): 1eb074d8bf76cae1dbf30ecbd32f0d37 + Revoked at: Wed Feb 06 17:27:24 UTC 2013 + Serial Number (hex): 00dc1702775e53a1acb86585a319d6940c + Revoked at: Wed Feb 06 19:28:56 UTC 2013 + Serial Number (hex): 00d2ffa5d7b37954353765f0bed78c2b7f + Revoked at: Wed Feb 06 21:42:10 UTC 2013 + Serial Number (hex): 6423e5c7cae4914905ecd86cb3843e0e + Revoked at: Wed Feb 06 23:32:47 UTC 2013 + Serial Number (hex): 009a890c34ec57c8f56ffbc0f9c5002551 + Revoked at: Thu Feb 07 15:16:49 UTC 2013 + Serial Number (hex): 21db19f9a9757e2f9ca90f54d7ddbfb9 + Revoked at: Thu Feb 07 15:30:52 UTC 2013 + Serial Number (hex): 00d7cc7a12a533ab17435b17a0c9eb118e + Revoked at: Thu Feb 07 15:48:55 UTC 2013 + Serial Number (hex): 00e908c703a4522b8d1dc275a462e209e8 + Revoked at: Thu Feb 07 15:52:17 UTC 2013 + Serial Number (hex): 567b197dc19fef604c8f31f924558726 + Revoked at: Thu Feb 07 16:16:37 UTC 2013 + Serial Number (hex): 44a38a8b22597916f907ea38fa99e02b + Revoked at: Thu Feb 07 17:07:30 UTC 2013 + Serial Number (hex): 00b3090b70a5aee977dbdb6d458b163576 + Revoked at: Thu Feb 07 18:11:41 UTC 2013 + Serial Number (hex): 19214cf92d0f786f0d5a0364c93e7387 + Revoked at: Thu Feb 07 18:14:46 UTC 2013 + Serial Number (hex): 7a514cf2e909452e7782dc7fba8da9d8 + Revoked at: Thu Feb 07 18:16:48 UTC 2013 + Serial Number (hex): 00959e821c898bf7e6849431b030c8e36b + Revoked at: Thu Feb 07 19:22:42 UTC 2013 + Serial Number (hex): 10e91e7403ce1d1809a72afdafb8055e + Revoked at: Thu Feb 07 20:45:51 UTC 2013 + Serial Number (hex): 7ec1273d9a652461f2d5ce09d88c4ed5 + Revoked at: Thu Feb 07 21:11:54 UTC 2013 + Serial Number (hex): 00ed2094bb772b3f487b2366228044db0a + Revoked at: Thu Feb 07 23:03:01 UTC 2013 + Serial Number (hex): 71363f04377522f3af622171f22dafeb + Revoked at: Thu Feb 07 23:11:18 UTC 2013 + Serial Number (hex): 00ee1f0db27a162bdf90a1f8d2cedcf944 + Revoked at: Thu Feb 07 23:33:58 UTC 2013 + Serial Number (hex): 00fa8f653818cae6c50eed76411cabc020 + Revoked at: Fri Feb 08 14:04:24 UTC 2013 + Serial Number (hex): 6a88d109ac3328f922a5940014326541 + Revoked at: Fri Feb 08 15:11:40 UTC 2013 + Serial Number (hex): 712b25190183b5e59e3659f5081435a3 + Revoked at: Fri Feb 08 15:23:24 UTC 2013 + Serial Number (hex): 00e7087e85b8c3dc7dd690cd81b2c2b723 + Revoked at: Fri Feb 08 16:18:54 UTC 2013 + Serial Number (hex): 4e9753c2d5f36a9b50e2eb7024732a31 + Revoked at: Fri Feb 08 16:33:14 UTC 2013 + Serial Number (hex): 00ec519fb584e8af72101f5cff81384bad + Revoked at: Fri Feb 08 17:23:26 UTC 2013 + Serial Number (hex): 009b2ac87261a2ba60216e956b2def19e5 + Revoked at: Fri Feb 08 18:09:06 UTC 2013 + Serial Number (hex): 5bcde25d41fd0259b40249653da02a62 + Revoked at: Fri Feb 08 18:20:32 UTC 2013 + Serial Number (hex): 00e65b196015ce295ac61fcce5d2ca550a + Revoked at: Fri Feb 08 18:39:49 UTC 2013 + Serial Number (hex): 7cd43906a7df26f83e41d9c4da3113a2 + Revoked at: Fri Feb 08 18:46:30 UTC 2013 + Serial Number (hex): 00c1ee32f8afcc5633492fed37ef456feb + Revoked at: Fri Feb 08 20:32:13 UTC 2013 + Serial Number (hex): 1e67e45ed02f18d53d1766498e896302 + Revoked at: Fri Feb 08 20:56:28 UTC 2013 + Serial Number (hex): 1a4bab04a58507df2b38eef3b10086c3 + Revoked at: Fri Feb 08 21:40:23 UTC 2013 + Serial Number (hex): 71f663c5728ca459dd7185066076a8fd + Revoked at: Fri Feb 08 22:50:08 UTC 2013 + Serial Number (hex): 00feecc52bbc78f2d14a23e56f1661c2de + Revoked at: Sun Feb 10 07:35:39 UTC 2013 + Serial Number (hex): 6f3dc89a753eef67c5dabedb64c23b2a + Revoked at: Mon Feb 11 00:38:07 UTC 2013 + Serial Number (hex): 0aec4632a54640c5ef57cddb4d7dc4e5 + Revoked at: Mon Feb 11 02:13:03 UTC 2013 + Serial Number (hex): 00cbed7bf1be6d151ac2f6197f038954c0 + Revoked at: Mon Feb 11 10:09:35 UTC 2013 + Serial Number (hex): 00aa034b0ef74fa4a11c11555b2ef4bde9 + Revoked at: Mon Feb 11 12:01:18 UTC 2013 + Serial Number (hex): 009e63c49a17895db884c14d6166dddeec + Revoked at: Mon Feb 11 13:31:36 UTC 2013 + Serial Number (hex): 00e16846168f5f0000d82138f3fd2afa54 + Revoked at: Mon Feb 11 16:14:33 UTC 2013 + Serial Number (hex): 5b23faa2c5497033f3ceafbb9b6c05d1 + Revoked at: Mon Feb 11 17:15:41 UTC 2013 + Serial Number (hex): 00dda19c656e86b3da95b3919b53abde22 + Revoked at: Mon Feb 11 18:03:20 UTC 2013 + Serial Number (hex): 593201dd04fcf941b9ce726342f649cf + Revoked at: Mon Feb 11 18:21:02 UTC 2013 + Serial Number (hex): 00c6832e55390e24357040cd1cb3912cee + Revoked at: Mon Feb 11 20:15:37 UTC 2013 + Serial Number (hex): 1e64572b76743ff4edddc13ea8ee31df + Revoked at: Mon Feb 11 21:33:12 UTC 2013 + Serial Number (hex): 5f8ab06f59d0a7644b8c5cf7133873c7 + Revoked at: Mon Feb 11 21:45:38 UTC 2013 + Serial Number (hex): 4a57af72c0e5188b70201e6fc8d66234 + Revoked at: Mon Feb 11 21:48:58 UTC 2013 + Serial Number (hex): 6dbf02538a9f87f3159d4964373d9db1 + Revoked at: Mon Feb 11 22:29:45 UTC 2013 + Serial Number (hex): 00b284663f821db3247f64157f44374048 + Revoked at: Mon Feb 11 23:00:47 UTC 2013 + Serial Number (hex): 3249595a18d4024de9e8795cebeff2da + Revoked at: Tue Feb 12 02:13:04 UTC 2013 + Serial Number (hex): 00cc92b520a6106ad60c0cde6188923031 + Revoked at: Tue Feb 12 10:14:23 UTC 2013 + Serial Number (hex): 16a3fa9dc6e3bd02d300187581ef54cd + Revoked at: Tue Feb 12 15:05:47 UTC 2013 + Serial Number (hex): 6bb65c397096ec19e41374cfd5eaf70c + Revoked at: Tue Feb 12 17:22:31 UTC 2013 + Serial Number (hex): 50d96f97efc2347f6ee8706a0c511fc9 + Revoked at: Tue Feb 12 17:54:55 UTC 2013 + Serial Number (hex): 008e3fafb4bdef6d9c45472e0dab131707 + Revoked at: Tue Feb 12 19:47:36 UTC 2013 + Serial Number (hex): 3adfc3f27d4b313c4ba91b827c524d4f + Revoked at: Tue Feb 12 20:48:39 UTC 2013 + Serial Number (hex): 6d654349e414918d37c49ecb69d2bab8 + Revoked at: Wed Feb 13 16:08:45 UTC 2013 + Serial Number (hex): 00da7bbccc339fff3548a12c166a262012 + Revoked at: Wed Feb 13 16:09:04 UTC 2013 + Serial Number (hex): 00f08b3730a3d3eff167ac7d30b64c3519 + Revoked at: Wed Feb 13 16:09:14 UTC 2013 + Serial Number (hex): 0ac77fa09e696a047ce5192fe2235113 + Revoked at: Wed Feb 13 16:09:43 UTC 2013 + Serial Number (hex): 00d6cc3d6cc8202beef6b77db795f1cd2e + Revoked at: Wed Feb 13 16:59:02 UTC 2013 + Serial Number (hex): 00a48f6c819f82d77a50906e6fa6322f74 + Revoked at: Wed Feb 13 16:59:31 UTC 2013 + Serial Number (hex): 00ef9f2881bfa93d4a0aa976a48195ee87 + Revoked at: Wed Feb 13 17:20:57 UTC 2013 + Serial Number (hex): 00d6f58719536c7dbdbcb2cfb8e7652ff4 + Revoked at: Wed Feb 13 17:54:47 UTC 2013 + Serial Number (hex): 00fc449099caaa2221a9807bb9c5128ba6 + Revoked at: Wed Feb 13 19:21:35 UTC 2013 + Serial Number (hex): 746a8984b7e820908a70a4de3ea6d702 + Revoked at: Wed Feb 13 20:12:25 UTC 2013 + Serial Number (hex): 55346e51e9df4b95bce996180be3443b + Revoked at: Wed Feb 13 20:28:12 UTC 2013 + Serial Number (hex): 28333680a5022893e52c52cba254e6c0 + Revoked at: Wed Feb 13 20:31:36 UTC 2013 + Serial Number (hex): 49574f6c1bb2a1d18fd45f9edbd0efa3 + Revoked at: Wed Feb 13 20:40:14 UTC 2013 + Serial Number (hex): 0cc254d035787c754388630921763e49 + Revoked at: Wed Feb 13 20:40:22 UTC 2013 + Serial Number (hex): 2a9b5d05573e4e4b3367447e2de682e7 + Revoked at: Wed Feb 13 20:53:47 UTC 2013 + Serial Number (hex): 00c8663c27c784e375f6588cbce487e0a1 + Revoked at: Wed Feb 13 21:25:09 UTC 2013 + Serial Number (hex): 3d71b30e009c061e22b3723032b5c56a + Revoked at: Wed Feb 13 23:07:09 UTC 2013 + Serial Number (hex): 00c0fb7b35a4ac7151a0479c0076304c9b + Revoked at: Thu Feb 14 12:48:54 UTC 2013 + Serial Number (hex): 6d5b1bffa9ced7369bbf6b07bf60a16f + Revoked at: Thu Feb 14 17:12:30 UTC 2013 + Serial Number (hex): 00e82abbe8f6c03f92e0b38415a01f8b05 + Revoked at: Thu Feb 14 18:42:26 UTC 2013 + Serial Number (hex): 00960005392a11cdb2c536d4fbe11c26e0 + Revoked at: Thu Feb 14 18:56:25 UTC 2013 + Serial Number (hex): 3ab4f7298932203a6cc40d2017ce3fb0 + Revoked at: Thu Feb 14 18:59:39 UTC 2013 + Serial Number (hex): 39b71879ba1bd8178a76d8c3e870cc8a + Revoked at: Thu Feb 14 19:51:13 UTC 2013 + Serial Number (hex): 2f113ddd333754906412cbd29e4eb9ae + Revoked at: Thu Feb 14 19:51:33 UTC 2013 + Serial Number (hex): 00a2fe69f032d46feeb8882981669558f2 + Revoked at: Thu Feb 14 19:52:27 UTC 2013 + Serial Number (hex): 0f07166932d18ba9abda2d533ddd93e1 + Revoked at: Thu Feb 14 20:13:50 UTC 2013 + Serial Number (hex): 00979ee3d6c2973bb324f04ad85278deb4 + Revoked at: Thu Feb 14 20:41:21 UTC 2013 + Serial Number (hex): 00dcc943b7d8f3a2877f32db1937eed6cd + Revoked at: Thu Feb 14 21:50:23 UTC 2013 + Serial Number (hex): 34bb637e0c53944b3d3ad8d95c91fac7 + Revoked at: Thu Feb 14 22:13:43 UTC 2013 + Serial Number (hex): 3ff758abf3a862fdf0f2662508c01545 + Revoked at: Thu Feb 14 22:14:25 UTC 2013 + Serial Number (hex): 00eb6ce0c7f5a9ff8c46b83367f59a766b + Revoked at: Thu Feb 14 22:16:14 UTC 2013 + Serial Number (hex): 053e621a2b6ef19fedabb978e4fb1b65 + Revoked at: Thu Feb 14 23:20:05 UTC 2013 + Serial Number (hex): 00843486edfe0fc167355a7a0268f33e94 + Revoked at: Fri Feb 15 12:18:31 UTC 2013 + Serial Number (hex): 008af0419cfdbefcdb3505bed07a1ddf09 + Revoked at: Fri Feb 15 14:10:11 UTC 2013 + Serial Number (hex): 6e1a3d858f65d40c828f3890276bc81f + Revoked at: Fri Feb 15 14:11:39 UTC 2013 + Serial Number (hex): 00cf37dca237b0f97f12a57936e6c12327 + Revoked at: Fri Feb 15 15:20:30 UTC 2013 + Serial Number (hex): 0d9b27dd25ab15da77c38c18c440553a + Revoked at: Fri Feb 15 15:38:17 UTC 2013 + Serial Number (hex): 236ec98ae2b189b1b90ce6d6f616125a + Revoked at: Fri Feb 15 18:33:42 UTC 2013 + Serial Number (hex): 1b28956f0d101716b088ce63989060cc + Revoked at: Fri Feb 15 19:11:12 UTC 2013 + Serial Number (hex): 46fc998129a47a8e2dc621e13aa4d028 + Revoked at: Fri Feb 15 19:11:27 UTC 2013 + Serial Number (hex): 6df83d67643198a79d492611d3ff34ec + Revoked at: Fri Feb 15 19:37:57 UTC 2013 + Serial Number (hex): 5596eeaa0d7be59b08fa8fa7a5addfe8 + Revoked at: Fri Feb 15 20:19:10 UTC 2013 + Serial Number (hex): 3e5e63008a9704e688784db7834f06d4 + Revoked at: Fri Feb 15 20:37:16 UTC 2013 + Serial Number (hex): 009d81a0fd9dffde39c2a7f143183a5753 + Revoked at: Fri Feb 15 21:33:50 UTC 2013 + Serial Number (hex): 0089f3356fe12e16b292a9531cf7ba0588 + Revoked at: Sat Feb 16 00:41:13 UTC 2013 + Serial Number (hex): 009c223c1825e23f327f27cbc051023fd5 + Revoked at: Sat Feb 16 03:56:22 UTC 2013 + Serial Number (hex): 3ecf1398c29ec3328df82a36a11862b5 + Revoked at: Sat Feb 16 04:25:17 UTC 2013 + Serial Number (hex): 00f4ef610b2b292eb3d252d32b443e5651 + Revoked at: Sat Feb 16 04:25:18 UTC 2013 + Serial Number (hex): 00e32ba47a48d958516bf671290a836c84 + Revoked at: Sat Feb 16 14:47:31 UTC 2013 + Serial Number (hex): 00dc7e89f8d3933959bafae995c48b165b + Revoked at: Mon Feb 18 05:17:52 UTC 2013 + Serial Number (hex): 00fe71f964f9faaa15cfdc3aa040a4fd3a + Revoked at: Mon Feb 18 07:20:51 UTC 2013 + Serial Number (hex): 00b0b414751bd38554b34e1fcf0d9bd3f2 + Revoked at: Mon Feb 18 17:45:20 UTC 2013 + Serial Number (hex): 009ac871616b0b24a7f55db57870849c5e + Revoked at: Mon Feb 18 19:52:30 UTC 2013 + Serial Number (hex): 7dd7950af0418e94b7de0deb509b2e63 + Revoked at: Mon Feb 18 22:50:16 UTC 2013 + Serial Number (hex): 17018c804c05aeb1c173faedf45e4377 + Revoked at: Tue Feb 19 01:49:11 UTC 2013 + Serial Number (hex): 783b5ed21a3d7f4099e8f13871f430b3 + Revoked at: Tue Feb 19 01:49:23 UTC 2013 + Serial Number (hex): 00d2e4e1652f382afe3e1687e3cc69d1c6 + Revoked at: Tue Feb 19 08:30:01 UTC 2013 + Serial Number (hex): 00f6203ecb776bedacfc2367d23885d8d4 + Revoked at: Tue Feb 19 15:41:55 UTC 2013 + Serial Number (hex): 1c640b08f534e24127bd08cf8f7b9ce3 + Revoked at: Tue Feb 19 15:47:33 UTC 2013 + Serial Number (hex): 214084e8eabc19799bbc65550e849c3b + Revoked at: Tue Feb 19 15:56:38 UTC 2013 + Serial Number (hex): 00af6850eeecc216b95bbd34ba9abf8644 + Revoked at: Tue Feb 19 15:58:43 UTC 2013 + Serial Number (hex): 00e8c75353ffc41b807113d67a2d052816 + Revoked at: Tue Feb 19 16:48:33 UTC 2013 + Serial Number (hex): 00ddbd1afed0f3dfb700908f9320fc5444 + Revoked at: Tue Feb 19 16:48:59 UTC 2013 + Serial Number (hex): 140d1f784ca8ee6e38a1117c4782eff5 + Revoked at: Tue Feb 19 16:49:17 UTC 2013 + Serial Number (hex): 00d01cb2544ad36e7d11c0716c5f2c746d + Revoked at: Tue Feb 19 16:56:42 UTC 2013 + Serial Number (hex): 18278f95c2758f427ecb78f169d50e89 + Revoked at: Tue Feb 19 17:53:54 UTC 2013 + Serial Number (hex): 00c55099ee3ef4405bc761906937a193d7 + Revoked at: Tue Feb 19 18:01:16 UTC 2013 + Serial Number (hex): 53ed37af79d6dd6def791f955e6e8d9f + Revoked at: Tue Feb 19 18:02:48 UTC 2013 + Serial Number (hex): 4f25af764e9bf7a3345be905ef1f1b56 + Revoked at: Tue Feb 19 18:08:41 UTC 2013 + Serial Number (hex): 00dbf4275aaeb3a46472ac10bcc9f8759a + Revoked at: Tue Feb 19 21:50:23 UTC 2013 + Serial Number (hex): 6e1c3aac99330ca8164ab8e4d3081da8 + Revoked at: Tue Feb 19 21:50:34 UTC 2013 + Serial Number (hex): 4bf759771de43f1c7276cd75ae55140c + Revoked at: Tue Feb 19 23:27:33 UTC 2013 + Serial Number (hex): 00fe9644b9762ff962b01071354af3d59e + Revoked at: Wed Feb 20 09:41:59 UTC 2013 + Serial Number (hex): 00fdc934d463df5e69c4f8421bec2a54bf + Revoked at: Wed Feb 20 17:15:29 UTC 2013 + Serial Number (hex): 7e436a64b3e6ba773cff6f5abe371458 + Revoked at: Wed Feb 20 19:49:37 UTC 2013 + Serial Number (hex): 00b3d725b1105374f52267670b65745a4f + Revoked at: Wed Feb 20 20:08:29 UTC 2013 + Serial Number (hex): 757148d9f142969c011f464ff581626b + Revoked at: Wed Feb 20 21:14:22 UTC 2013 + Serial Number (hex): 36b7f4aeff8314b714c2e71a7b2ae79a + Revoked at: Wed Feb 20 21:32:27 UTC 2013 + Serial Number (hex): 7e97f06132420bc05e6d53ba71bbc5c7 + Revoked at: Wed Feb 20 21:42:49 UTC 2013 + Serial Number (hex): 00d13600d7920f46e2d7779542c9e5910e + Revoked at: Thu Feb 21 02:06:31 UTC 2013 + Serial Number (hex): 008ecc3589d362368cdaacc764577f8042 + Revoked at: Thu Feb 21 08:22:51 UTC 2013 + Serial Number (hex): 5a982fb9f77747932475cb31f2edda71 + Revoked at: Thu Feb 21 08:23:42 UTC 2013 + Serial Number (hex): 39375027dd62db04902e1c4c1c62b0a5 + Revoked at: Thu Feb 21 13:24:14 UTC 2013 + Serial Number (hex): 00d7a6542651c7de4462682839bef302e6 + Revoked at: Thu Feb 21 15:50:34 UTC 2013 + Serial Number (hex): 00d0aef604da38692c7cc2b4bcbc7c5366 + Revoked at: Thu Feb 21 17:04:10 UTC 2013 + Serial Number (hex): 00d60a6afde66ac6c481746c8cc4f6cc68 + Revoked at: Thu Feb 21 17:39:40 UTC 2013 + Serial Number (hex): 12e4c5b0ca956d8de034df10ef5abefc + Revoked at: Thu Feb 21 19:19:00 UTC 2013 + Serial Number (hex): 00da579c4efaf6fbab5aa92f4d1f50bc8d + Revoked at: Thu Feb 21 20:01:57 UTC 2013 + Serial Number (hex): 0094f999ef13c848590db6a234f8abaaae + Revoked at: Thu Feb 21 20:47:30 UTC 2013 + Serial Number (hex): 00b049eb63cdd1aaa4b8e6f45495d60d86 + Revoked at: Thu Feb 21 20:54:58 UTC 2013 + Serial Number (hex): 3f21bd0c64149b4306b35f67b739e771 + Revoked at: Thu Feb 21 20:55:21 UTC 2013 + Serial Number (hex): 1f93e339b0e8b244192f46fc4b6ada50 + Revoked at: Thu Feb 21 20:55:50 UTC 2013 + Serial Number (hex): 1cfdc475a6713ca7f52e22ce970dcd9b + Revoked at: Fri Feb 22 08:22:50 UTC 2013 + Serial Number (hex): 0094742c60e86433fc82cdd7cd24c36b3c + Revoked at: Fri Feb 22 11:20:27 UTC 2013 + Serial Number (hex): 00daa5b119292b99e3a442b91ac822e842 + Revoked at: Fri Feb 22 14:20:02 UTC 2013 + Serial Number (hex): 00bf8a74fc234296059afdd793c87af3f4 + Revoked at: Fri Feb 22 14:23:40 UTC 2013 + Serial Number (hex): 3364dc00467e2fa7ecd79f5e965ff83d + Revoked at: Fri Feb 22 15:29:41 UTC 2013 + Serial Number (hex): 2e10c422985c76daf14206a2a4fcb78c + Revoked at: Fri Feb 22 16:28:43 UTC 2013 + Serial Number (hex): 26160179615c21c0ffaf1794688c7be3 + Revoked at: Fri Feb 22 16:53:59 UTC 2013 + Serial Number (hex): 11b8b845058e91c09f0208637ad7cb3d + Revoked at: Fri Feb 22 17:25:31 UTC 2013 + Serial Number (hex): 00972bbbd23f49a486b8a483c95076bb78 + Revoked at: Fri Feb 22 18:33:37 UTC 2013 + Serial Number (hex): 0a4be90f400162e2f40561f857e5b111 + Revoked at: Fri Feb 22 19:42:42 UTC 2013 + Serial Number (hex): 2213a73f75847daa88b46bdc21aeb136 + Revoked at: Fri Feb 22 19:48:26 UTC 2013 + Serial Number (hex): 2c5683748d11fdb02388fd75fd14cdad + Revoked at: Fri Feb 22 21:20:35 UTC 2013 + Serial Number (hex): 00cf2d99898ba3a7bf136e018e40a69897 + Revoked at: Sat Feb 23 23:34:14 UTC 2013 + Serial Number (hex): 00996ca932eb944f95f1baaba14f50c44d + Revoked at: Sun Feb 24 20:29:42 UTC 2013 + Serial Number (hex): 6f7410f8c63f4b636bedc565ab7b0285 + Revoked at: Mon Feb 25 02:13:02 UTC 2013 + Serial Number (hex): 54f467b61bb86f87c512673aaae1956e + Revoked at: Mon Feb 25 14:57:34 UTC 2013 + Serial Number (hex): 00df8e8c7fb60af26e5380a21ccaa8e2ab + Revoked at: Mon Feb 25 15:57:08 UTC 2013 + Serial Number (hex): 6c9b6ce4d52924cf9bcd31e11ecf5dad + Revoked at: Mon Feb 25 17:17:50 UTC 2013 + Serial Number (hex): 00861b9469cd4c112f9930defa7d60d37e + Revoked at: Mon Feb 25 17:19:52 UTC 2013 + Serial Number (hex): 00f42473913f0200293f692f001500d8bc + Revoked at: Mon Feb 25 17:54:51 UTC 2013 + Serial Number (hex): 00ef3f977a266b39a8b13dd9303ed04a9a + Revoked at: Mon Feb 25 21:59:51 UTC 2013 + Serial Number (hex): 139ec046c78dc8c4f3ae6f88f886738a + Revoked at: Mon Feb 25 22:00:14 UTC 2013 + Serial Number (hex): 4eacd4aa67ffe0cdf91b42b199ee5ee8 + Revoked at: Tue Feb 26 14:27:57 UTC 2013 + Serial Number (hex): 070db84091baae61ddffe240fc2e6cf0 + Revoked at: Tue Feb 26 15:12:59 UTC 2013 + Serial Number (hex): 00b9684e10255014335055c9a9bc7ee1ac + Revoked at: Tue Feb 26 15:37:26 UTC 2013 + Serial Number (hex): 318fd2376d810141343899452b04da54 + Revoked at: Tue Feb 26 16:13:34 UTC 2013 + Serial Number (hex): 4a21bf146242279d52072e82ab26e0a4 + Revoked at: Tue Feb 26 16:23:02 UTC 2013 + Serial Number (hex): 02ad2f4dd36860c7fb4cf40bff0fdb39 + Revoked at: Tue Feb 26 16:33:00 UTC 2013 + Serial Number (hex): 00f166d579e746c5acb7ad43a8f07556bf + Revoked at: Tue Feb 26 16:55:43 UTC 2013 + Serial Number (hex): 00fdba6cd720f40410d68fb794a477cf7d + Revoked at: Tue Feb 26 17:38:11 UTC 2013 + Serial Number (hex): 00de08aa7408f0a023ccf96dcc6862ba18 + Revoked at: Tue Feb 26 21:09:14 UTC 2013 + Serial Number (hex): 63139f66f038ad3dbdd072cfe406f085 + Revoked at: Tue Feb 26 21:23:52 UTC 2013 + Serial Number (hex): 00b80797ba28f622f1ddec574d8f151936 + Revoked at: Tue Feb 26 21:50:38 UTC 2013 + Serial Number (hex): 008f21677fdeff2372069764033894f62d + Revoked at: Tue Feb 26 21:51:38 UTC 2013 + Serial Number (hex): 0ea7289590a785d479f37428d73866a4 + Revoked at: Tue Feb 26 21:51:38 UTC 2013 + Serial Number (hex): 008167dd156536a39047ab613b021017e4 + Revoked at: Tue Feb 26 21:51:39 UTC 2013 + Serial Number (hex): 00df4a92eb40e888200c1c92a4933dd3aa + Revoked at: Wed Feb 27 12:04:44 UTC 2013 + Serial Number (hex): 00b2f9b3f1e7dc27c4baf286d45edfc5f9 + Revoked at: Wed Feb 27 14:32:40 UTC 2013 + Serial Number (hex): 00cbc9025bab1d1addaf4055b65c03a684 + Revoked at: Wed Feb 27 15:20:26 UTC 2013 + Serial Number (hex): 569e280fab8fef184a017eb9675190ea + Revoked at: Wed Feb 27 15:43:22 UTC 2013 + Serial Number (hex): 00f90eadbbf50c35065f2e63954b85c015 + Revoked at: Wed Feb 27 15:51:58 UTC 2013 + Serial Number (hex): 58531d05b025c3874a36391840604402 + Revoked at: Wed Feb 27 16:18:08 UTC 2013 + Serial Number (hex): 00b184040dd63c971333d5e975228f63b6 + Revoked at: Wed Feb 27 17:04:46 UTC 2013 + Serial Number (hex): 6c77c7b8845f9440aacf0e8cf7b5097f + Revoked at: Wed Feb 27 17:22:22 UTC 2013 + Serial Number (hex): 0096db6cc995f337d0ed16a30ea51293cb + Revoked at: Wed Feb 27 17:26:02 UTC 2013 + Serial Number (hex): 00a8ea60ff500e0dbf2d3e991743b6d660 + Revoked at: Wed Feb 27 19:29:40 UTC 2013 + Serial Number (hex): 662c54604019297876293f29b0fd04f9 + Revoked at: Thu Feb 28 10:17:02 UTC 2013 + Serial Number (hex): 00aca65865a2d5119ad24f4e2fa90309e4 + Revoked at: Thu Feb 28 11:46:44 UTC 2013 + Serial Number (hex): 008c5df8a70240427c5ba292bc46a8fbb3 + Revoked at: Thu Feb 28 13:51:20 UTC 2013 + Serial Number (hex): 00dc548f696d81f3787c2880f0f0b997dd + Revoked at: Thu Feb 28 15:03:12 UTC 2013 + Serial Number (hex): 00cd0bd225c71ee167c6134e8569b34ff5 + Revoked at: Thu Feb 28 15:13:10 UTC 2013 + Serial Number (hex): 00c1086387cf3ed1cba72df7b317b9ae80 + Revoked at: Thu Feb 28 15:58:39 UTC 2013 + Serial Number (hex): 4410ee539211bdc098af8eea6b3e1682 + Revoked at: Thu Feb 28 16:06:27 UTC 2013 + Serial Number (hex): 7a3520d2dca83a02272fa04abfd8e9c5 + Revoked at: Thu Feb 28 16:36:49 UTC 2013 + Serial Number (hex): 00cb72b16f35a8699d4aba2c16fc7d831f + Revoked at: Thu Feb 28 16:52:58 UTC 2013 + Serial Number (hex): 00800c620d53e8a2b2d21d2b6dd6741c8c + Revoked at: Thu Feb 28 18:36:32 UTC 2013 + Serial Number (hex): 00e480a1bb68ff53966c8cd8fb878c3333 + Revoked at: Thu Feb 28 19:14:27 UTC 2013 + Serial Number (hex): 4beb69ea04c610c0b82813b9541debec + Revoked at: Thu Feb 28 19:41:04 UTC 2013 + Serial Number (hex): 40db48f22f57797f9945e30a78e6c48a + Revoked at: Thu Feb 28 21:15:17 UTC 2013 + Serial Number (hex): 45f489916e1b6317a5905883662295d8 + Revoked at: Thu Feb 28 21:20:10 UTC 2013 + Serial Number (hex): 00db6a845e2dd131394ce6b41974a9bb7c + Revoked at: Fri Mar 01 15:43:19 UTC 2013 + Serial Number (hex): 4fa3d6e0567dfcd4211014cddf11fb16 + Revoked at: Fri Mar 01 15:46:45 UTC 2013 + Serial Number (hex): 0092bb43637e3ed0ad654140b4be5115eb + Revoked at: Fri Mar 01 16:06:51 UTC 2013 + Serial Number (hex): 0089d37e1c2112167c31f34819b1d40169 + Revoked at: Fri Mar 01 16:11:55 UTC 2013 + Serial Number (hex): 00d787c27d335a90b4acb1902c029b505d + Revoked at: Fri Mar 01 16:16:32 UTC 2013 + Serial Number (hex): 1814a302d539d57e931b403ee71d9d71 + Revoked at: Fri Mar 01 16:41:32 UTC 2013 + Serial Number (hex): 00efd1867522a1207ce2e5fb79eed4e825 + Revoked at: Fri Mar 01 18:13:43 UTC 2013 + Serial Number (hex): 00c1b3a13cb7d1d70cac6cb1bc1a95feaf + Revoked at: Fri Mar 01 19:20:12 UTC 2013 + Serial Number (hex): 00f7a4228c0fd7d1eee2981e112b5ecea2 + Revoked at: Fri Mar 01 21:52:22 UTC 2013 + Serial Number (hex): 00dfe34678c4d4ee94ed23ba26f73ef693 + Revoked at: Sat Mar 02 02:13:05 UTC 2013 + Serial Number (hex): 00caf899733a2323a5fb61cecd5fa16b53 + Revoked at: Sat Mar 02 02:13:06 UTC 2013 + Serial Number (hex): 00d019c644f3900cfe1dd3ebc266fd4c83 + Revoked at: Sat Mar 02 21:53:56 UTC 2013 + Serial Number (hex): 00af9ca75414c41acece18035642d58bf4 + Revoked at: Sat Mar 02 22:14:03 UTC 2013 + Serial Number (hex): 00977429d25f2c2a445bf3ce6857f83e49 + Revoked at: Sat Mar 02 23:03:20 UTC 2013 + Serial Number (hex): 00ac1bc4e00db47a2d96057463feb3573f + Revoked at: Sun Mar 03 17:34:54 UTC 2013 + Serial Number (hex): 6cde877329a2b58f72cc1b2a073a2b64 + Revoked at: Sun Mar 03 18:38:37 UTC 2013 + Serial Number (hex): 70be7c147f28b8d2ef334ac0699225a5 + Revoked at: Mon Mar 04 14:37:18 UTC 2013 + Serial Number (hex): 00c0cc6f0f857e2fcd91a1beee209a7130 + Revoked at: Mon Mar 04 17:43:48 UTC 2013 + Serial Number (hex): 00fbbd2d0196c0574e558b31e375936be0 + Revoked at: Mon Mar 04 17:50:00 UTC 2013 + Serial Number (hex): 76a011bdb1d6b2be1f929b737e59143b + Revoked at: Mon Mar 04 17:52:39 UTC 2013 + Serial Number (hex): 00914731a41deb4d81d7be5c5857342a12 + Revoked at: Mon Mar 04 18:33:37 UTC 2013 + Serial Number (hex): 00ed94dce2f5e187f1e7fd9cf3504e0e5f + Revoked at: Mon Mar 04 20:55:39 UTC 2013 + Serial Number (hex): 00ffd8e240d6c9d3b7172c4b0bbd3f8bda + Revoked at: Mon Mar 04 20:55:39 UTC 2013 + Serial Number (hex): 6ff8fad488fc4d19f5183cc110657311 + Revoked at: Mon Mar 04 21:42:20 UTC 2013 + Serial Number (hex): 00d9bb20f7a714e67896e2813265704a59 + Revoked at: Tue Mar 05 16:33:22 UTC 2013 + Serial Number (hex): 0fcadd2cad5bb78672bf9d1785b647f3 + Revoked at: Tue Mar 05 16:48:00 UTC 2013 + Serial Number (hex): 4ab8a488cbe156c0f6a40981b72a8b72 + Revoked at: Tue Mar 05 16:56:09 UTC 2013 + Serial Number (hex): 00a091a547c037a12c0d8172669ac6c11d + Revoked at: Tue Mar 05 16:58:31 UTC 2013 + Serial Number (hex): 00c0929ffcbb755f5673b82b4840a72cff + Revoked at: Tue Mar 05 17:00:50 UTC 2013 + Serial Number (hex): 45dffc301dc96397cd9ec0855bc75392 + Revoked at: Tue Mar 05 18:21:27 UTC 2013 + Serial Number (hex): 00c4e3426c6c18bbad33afb8591e068d2b + Revoked at: Tue Mar 05 18:24:46 UTC 2013 + Serial Number (hex): 00c59eccbaf47bf405958204fd96ea1e68 + Revoked at: Tue Mar 05 20:18:34 UTC 2013 + Serial Number (hex): 508e5ed53b9d0a07618b64a0c3998ec8 + Revoked at: Tue Mar 05 20:23:18 UTC 2013 + Serial Number (hex): 00f401a6ad7e1052f8061d9ccb59dfa0c1 + Revoked at: Tue Mar 05 21:21:35 UTC 2013 + Serial Number (hex): 6635b5056a74d73a755fe8ec1fe4ce69 + Revoked at: Tue Mar 05 23:37:10 UTC 2013 + Serial Number (hex): 00ff32d8eedfced6c4a5dc6b0a7e0b4650 + Revoked at: Wed Mar 06 00:55:46 UTC 2013 + Serial Number (hex): 00e11ca6b91b4a2942be75eb36ade86754 + Revoked at: Wed Mar 06 10:27:49 UTC 2013 + Serial Number (hex): 00917c43956a80510eafd9f78b987cf70b + Revoked at: Wed Mar 06 10:40:29 UTC 2013 + Serial Number (hex): 0088659943062d4d7de04befb528937d24 + Revoked at: Wed Mar 06 10:40:41 UTC 2013 + Serial Number (hex): 00ca83ed42c959baed274ab1c0868e5643 + Revoked at: Wed Mar 06 10:40:50 UTC 2013 + Serial Number (hex): 00b63079eecb9f46827824822b67e7b85d + Revoked at: Wed Mar 06 14:58:55 UTC 2013 + Serial Number (hex): 1cf61fde379c1751fdb1efcc18747652 + Revoked at: Wed Mar 06 15:20:13 UTC 2013 + Serial Number (hex): 448a9aa74bbd848c4e91f96153fefcdb + Revoked at: Wed Mar 06 16:19:54 UTC 2013 + Serial Number (hex): 2863191e32f86987ff8757030dec850a + Revoked at: Wed Mar 06 18:25:27 UTC 2013 + Serial Number (hex): 3331aeab432b0f141036e658071dcb95 + Revoked at: Wed Mar 06 18:33:56 UTC 2013 + Serial Number (hex): 00d159018c735d8530894949a9e44d007f + Revoked at: Wed Mar 06 18:52:16 UTC 2013 + Serial Number (hex): 00a8f06c633e47a240f4b8d00bc0a38f4f + Revoked at: Wed Mar 06 19:10:19 UTC 2013 + Serial Number (hex): 7ca9fab61e29630e7b7f23a1ae2a9ad7 + Revoked at: Wed Mar 06 19:31:49 UTC 2013 + Serial Number (hex): 00962a09bceee288e16ea784a86cc58d75 + Revoked at: Wed Mar 06 20:03:38 UTC 2013 + Serial Number (hex): 008406397a43246aa55bc3d4f7075c2658 + Revoked at: Thu Mar 07 13:36:07 UTC 2013 + Serial Number (hex): 00e7a46be2d602e367345503346cb657e2 + Revoked at: Thu Mar 07 14:02:15 UTC 2013 + Serial Number (hex): 00fbf96010d851fca69724caee82e2fa74 + Revoked at: Thu Mar 07 14:07:14 UTC 2013 + Serial Number (hex): 00adba8d9f6932b0d6a43bc6375ae56ee9 + Revoked at: Thu Mar 07 15:03:13 UTC 2013 + Serial Number (hex): 00a8531db54dd7e1e89fc263215fb39d2f + Revoked at: Thu Mar 07 15:13:14 UTC 2013 + Serial Number (hex): 3407326cd92eafc4badfea9e6abde675 + Revoked at: Thu Mar 07 16:07:24 UTC 2013 + Serial Number (hex): 1e1b1196a1f16f0cedefc85a633e6322 + Revoked at: Thu Mar 07 16:07:55 UTC 2013 + Serial Number (hex): 00c4a043adb1a7a3f98653b63c5acc9a9b + Revoked at: Thu Mar 07 16:12:27 UTC 2013 + Serial Number (hex): 68e2031940bb2b0e5308a4a65149228a + Revoked at: Thu Mar 07 16:12:30 UTC 2013 + Serial Number (hex): 7f999e429ce01db00256ff1c4235e090 + Revoked at: Thu Mar 07 16:13:18 UTC 2013 + Serial Number (hex): 00f24e857f9d4a50900f41428f59d4d4ad + Revoked at: Thu Mar 07 17:29:51 UTC 2013 + Serial Number (hex): 67bc569f2ba73bd049a665730d47cc3c + Revoked at: Thu Mar 07 17:30:26 UTC 2013 + Serial Number (hex): 00bad4e7c2b941dfd0a4da00c3a1ca04fa + Revoked at: Thu Mar 07 17:34:13 UTC 2013 + Serial Number (hex): 00c7d5da6003bb3abee5d2cfe1116b6231 + Revoked at: Thu Mar 07 17:36:38 UTC 2013 + Serial Number (hex): 00b46827df81562be0cc2b3959cf6ab62a + Revoked at: Thu Mar 07 17:38:23 UTC 2013 + Serial Number (hex): 00d3f9dfd9944d600b5a49e819fc44593b + Revoked at: Thu Mar 07 17:40:59 UTC 2013 + Serial Number (hex): 120cf6aa815982d78b6d0d33e92724c6 + Revoked at: Thu Mar 07 17:45:59 UTC 2013 + Serial Number (hex): 41e70486ba27fe492e007d2d76924d8d + Revoked at: Thu Mar 07 17:50:12 UTC 2013 + Serial Number (hex): 00ce255c56435679e9926c0a7b59163624 + Revoked at: Thu Mar 07 18:03:13 UTC 2013 + Serial Number (hex): 7b50004744feb42d3a71e866d9a611fa + Revoked at: Thu Mar 07 18:03:35 UTC 2013 + Serial Number (hex): 0c7df7c02d78878f34bcf342d335a37b + Revoked at: Thu Mar 07 18:04:20 UTC 2013 + Serial Number (hex): 00cee62f37357a8ba5f22adb6a44fc45ba + Revoked at: Thu Mar 07 18:04:42 UTC 2013 + Serial Number (hex): 00a35af287aeb1d02896e815af5b9ceed7 + Revoked at: Thu Mar 07 18:08:38 UTC 2013 + Serial Number (hex): 62db45fddabd77eba9b3e82f50104ca4 + Revoked at: Thu Mar 07 18:55:09 UTC 2013 + Serial Number (hex): 074424f054b7640ff788928812876935 + Revoked at: Thu Mar 07 19:48:38 UTC 2013 + Serial Number (hex): 78c605516317d98272905f2203e9e133 + Revoked at: Thu Mar 07 19:55:55 UTC 2013 + Serial Number (hex): 0095d9695292b8bdfe26cb9ffe547772bc + Revoked at: Thu Mar 07 20:04:34 UTC 2013 + Serial Number (hex): 1c85756c3c1427df65bd0f55b6901cdb + Revoked at: Thu Mar 07 20:20:34 UTC 2013 + Serial Number (hex): 00fb5a95387ceb2fafcf0cc013aea3bfa9 + Revoked at: Thu Mar 07 20:27:52 UTC 2013 + Serial Number (hex): 1c0f720009683cdba817fe9d20136f87 + Revoked at: Thu Mar 07 20:29:42 UTC 2013 + Serial Number (hex): 0090be0ae7eb01737f30182559db74ccfc + Revoked at: Thu Mar 07 20:29:58 UTC 2013 + Serial Number (hex): 3ff3ab64e53dbd47994b7aeb38861376 + Revoked at: Thu Mar 07 20:30:39 UTC 2013 + Serial Number (hex): 34109224e2290daf386a07eeeb50afc6 + Revoked at: Thu Mar 07 20:36:58 UTC 2013 + Serial Number (hex): 00878e2761cb527043628bf1a55f263694 + Revoked at: Fri Mar 08 00:07:01 UTC 2013 + Serial Number (hex): 00800deed96bc32a379c82bd23bdf8e84d + Revoked at: Fri Mar 08 14:56:34 UTC 2013 + Serial Number (hex): 00f658492581d5af7f1d0534380ed63667 + Revoked at: Fri Mar 08 14:57:33 UTC 2013 + Serial Number (hex): 0087aaa6ad86a029e2b989941af5fd78e3 + Revoked at: Fri Mar 08 15:06:05 UTC 2013 + Serial Number (hex): 00e50f9eed0df97108e5a5ab28d39852bd + Revoked at: Fri Mar 08 15:32:04 UTC 2013 + Serial Number (hex): 071e4f08228cc4fd55c3d78498048587 + Revoked at: Fri Mar 08 15:32:25 UTC 2013 + Serial Number (hex): 5ecb9ee4e612867e996ea0b91d1165d1 + Revoked at: Fri Mar 08 18:50:44 UTC 2013 + Serial Number (hex): 3618fb56a7e1ba790893a7ee5f70c1e3 + Revoked at: Fri Mar 08 21:03:37 UTC 2013 + Serial Number (hex): 00d22e19df0c9f002ffae54d95739ca5e9 + Revoked at: Fri Mar 08 21:17:05 UTC 2013 + Serial Number (hex): 66223a79054ff0a0eb25aff9b6d3d6fa + Revoked at: Fri Mar 08 21:45:34 UTC 2013 + Serial Number (hex): 652edc1a65e1708e51797f87943a93eb + Revoked at: Fri Mar 08 21:48:05 UTC 2013 + Serial Number (hex): 00b6dc4e818e34ad94b77eb244e85c1e33 + Revoked at: Fri Mar 08 22:12:34 UTC 2013 + Serial Number (hex): 00ec257708d39bbdd9a65f478d7a5d60c1 + Revoked at: Fri Mar 08 22:12:53 UTC 2013 + Serial Number (hex): 00c5c34483fa7fb740919e2801da800545 + Revoked at: Fri Mar 08 22:32:33 UTC 2013 + Serial Number (hex): 750d4ac2dbe8f8fd2a6429b6493b7107 + Revoked at: Mon Mar 11 07:03:16 UTC 2013 + Serial Number (hex): 00b4df96c0ecb88863ce5d0bd915ce84cd + Revoked at: Mon Mar 11 13:17:36 UTC 2013 + Serial Number (hex): 655d2b43a62a62d82909151c5d26e257 + Revoked at: Mon Mar 11 15:46:29 UTC 2013 + Serial Number (hex): 2437198251d82afc71cffa5fc4686752 + Revoked at: Mon Mar 11 16:14:16 UTC 2013 + Serial Number (hex): 00cde5d6e896597295c29792318bd7b42c + Revoked at: Mon Mar 11 16:17:48 UTC 2013 + Serial Number (hex): 297dfe8e909c419dec1710439e90858d + Revoked at: Mon Mar 11 16:26:42 UTC 2013 + Serial Number (hex): 00dd3ac87d50ec4725bfaa838a9937f8ba + Revoked at: Mon Mar 11 16:38:14 UTC 2013 + Serial Number (hex): 7afba5a420c6eb80e2326e8512487a9f + Revoked at: Mon Mar 11 18:09:31 UTC 2013 + Serial Number (hex): 0096517b7509f2085ff014160b5e880719 + Revoked at: Mon Mar 11 19:06:01 UTC 2013 + Serial Number (hex): 3854e22a11b72b557a2e021f9e88c829 + Revoked at: Mon Mar 11 19:31:13 UTC 2013 + Serial Number (hex): 00a7dd50763483a12dd9e38f310caa5ca2 + Revoked at: Tue Mar 12 14:04:53 UTC 2013 + Serial Number (hex): 008a8c67e2807bf3957c51160004a5b300 + Revoked at: Tue Mar 12 15:53:03 UTC 2013 + Serial Number (hex): 78251fd6c2497fde07fbda01fdeeb108 + Revoked at: Tue Mar 12 17:34:20 UTC 2013 + Serial Number (hex): 00c64708e80d12388bb25a2ebbb4c49e57 + Revoked at: Tue Mar 12 18:35:34 UTC 2013 + Serial Number (hex): 00ab3cc9d9015788771bc1ebe32d0b77c3 + Revoked at: Tue Mar 12 18:36:13 UTC 2013 + Serial Number (hex): 00cfed91cb061c1a7363aaad7094786b8d + Revoked at: Tue Mar 12 19:24:16 UTC 2013 + Serial Number (hex): 7f3261d4f4658c7085974f86ee4e73df + Revoked at: Tue Mar 12 19:28:31 UTC 2013 + Serial Number (hex): 29a5903cf0e8ca55c9d1e4620e062b0b + Revoked at: Tue Mar 12 20:26:40 UTC 2013 + Serial Number (hex): 00c8ccccdc651392f9c27e0e56db81b5db + Revoked at: Wed Mar 13 09:06:06 UTC 2013 + Serial Number (hex): 4a37bc514bcacdad6e60c3993edb1351 + Revoked at: Wed Mar 13 13:33:32 UTC 2013 + Serial Number (hex): 00c39cbc406383977cd7d3903361adc524 + Revoked at: Wed Mar 13 14:14:33 UTC 2013 + Serial Number (hex): 00bf6c176343f8b838250644d25a9e6590 + Revoked at: Wed Mar 13 14:23:57 UTC 2013 + Serial Number (hex): 00d8012878fc7cff6ded3ad526c235c559 + Revoked at: Wed Mar 13 14:35:59 UTC 2013 + Serial Number (hex): 4f7c9c9582f76fa74b9df66ac2c6ba5a + Revoked at: Wed Mar 13 15:22:42 UTC 2013 + Serial Number (hex): 009a628a568823a47d56005e903542cad8 + Revoked at: Wed Mar 13 16:26:36 UTC 2013 + Serial Number (hex): 2ca014811d5ea98789f14f1b0838130a + Revoked at: Wed Mar 13 17:05:34 UTC 2013 + Serial Number (hex): 76b878d5a7235e6ab637e018d97ee9e7 + Revoked at: Wed Mar 13 17:11:35 UTC 2013 + Serial Number (hex): 2e4105ee90c544fc00318be90ab03d87 + Revoked at: Wed Mar 13 18:14:10 UTC 2013 + Serial Number (hex): 451b47cf5a11836ea18371c2e6a72f62 + Revoked at: Wed Mar 13 18:14:17 UTC 2013 + Serial Number (hex): 0082d8d0372f6aa659f73aa6cdcc6aaa49 + Revoked at: Wed Mar 13 20:36:14 UTC 2013 + Serial Number (hex): 736314bbdcdb442762b9ffe585945823 + Revoked at: Wed Mar 13 20:43:06 UTC 2013 + Serial Number (hex): 0083894fe8618768c716b6148c3ce5c4dc + Revoked at: Wed Mar 13 20:51:14 UTC 2013 + Serial Number (hex): 7a295742e0fa594b1ad578e2ee741a1a + Revoked at: Wed Mar 13 21:10:11 UTC 2013 + Serial Number (hex): 7dac46afb23b551398ed91342da0ef03 + Revoked at: Wed Mar 13 23:37:55 UTC 2013 + Serial Number (hex): 00c4a3a872a25056eca8232f58cf037f5a + Revoked at: Thu Mar 14 11:23:16 UTC 2013 + Serial Number (hex): 21ef0241b412aa9c62de4f57d7ea21bb + Revoked at: Thu Mar 14 13:10:26 UTC 2013 + Serial Number (hex): 00f1fc615956ff07032445d2d3be221929 + Revoked at: Thu Mar 14 13:58:33 UTC 2013 + Serial Number (hex): 6ef9cc40986a99af7a034422788374ef + Revoked at: Thu Mar 14 14:46:05 UTC 2013 + Serial Number (hex): 3afca21e7d1cace32b6e1a684a28d67b + Revoked at: Thu Mar 14 15:28:28 UTC 2013 + Serial Number (hex): 5e5efbe05e0ecee3955abdcd6bcffe0e + Revoked at: Thu Mar 14 15:36:13 UTC 2013 + Serial Number (hex): 6e3085639116462a43af6d3a95f82027 + Revoked at: Thu Mar 14 17:10:51 UTC 2013 + Serial Number (hex): 00d2788e95157d6de16e998ca140f40447 + Revoked at: Thu Mar 14 17:16:47 UTC 2013 + Serial Number (hex): 6a450f86c6370bd72f83dd5559e98dcc + Revoked at: Thu Mar 14 19:49:46 UTC 2013 + Serial Number (hex): 36b458298a729ba356d72edc7ee15435 + Revoked at: Thu Mar 14 20:28:48 UTC 2013 + Serial Number (hex): 02328ff8a3000923e2f5df29e8af1b28 + Revoked at: Thu Mar 14 23:31:30 UTC 2013 + Serial Number (hex): 6f2c51f168998777b404114d7fae58a6 + Revoked at: Fri Mar 15 02:13:03 UTC 2013 + Serial Number (hex): 00c9171102be7f5d4ba11618d365287de4 + Revoked at: Fri Mar 15 08:42:41 UTC 2013 + Serial Number (hex): 00a27aed5b57896588ee3eac1d26874279 + Revoked at: Fri Mar 15 08:43:14 UTC 2013 + Serial Number (hex): 6ed5ff090bd739db414598fe2349d06b + Revoked at: Fri Mar 15 08:43:36 UTC 2013 + Serial Number (hex): 00882568d5f304d1bd01e497d50fa36dfb + Revoked at: Fri Mar 15 13:14:36 UTC 2013 + Serial Number (hex): 00bee917224111cd6e7b1743400f19c109 + Revoked at: Fri Mar 15 13:34:20 UTC 2013 + Serial Number (hex): 341152c7f4fb46d74ad9842daa32df98 + Revoked at: Fri Mar 15 13:34:41 UTC 2013 + Serial Number (hex): 581b2a5f42ec309c32520e43a60f37bd + Revoked at: Fri Mar 15 15:28:09 UTC 2013 + Serial Number (hex): 00a8f93d122a853b482127baaf1e731948 + Revoked at: Fri Mar 15 16:45:44 UTC 2013 + Serial Number (hex): 25f309c1a01066f70b10f3176f03cecb + Revoked at: Fri Mar 15 16:54:37 UTC 2013 + Serial Number (hex): 009281e4713f84c30c18b11c23e5190f28 + Revoked at: Fri Mar 15 18:32:31 UTC 2013 + Serial Number (hex): 00f22a349ff7c2ea2636fa50fd6b6bc62b + Revoked at: Fri Mar 15 18:40:01 UTC 2013 + Serial Number (hex): 00ccdd3a88764874bf83e94f7026d6c89d + Revoked at: Fri Mar 15 19:42:29 UTC 2013 + Serial Number (hex): 3934a178196f710ff0ac730b16a7fccc + Revoked at: Fri Mar 15 20:46:18 UTC 2013 + Serial Number (hex): 7b2d51150029aee836ef7922e8ab78c2 + Revoked at: Fri Mar 15 20:50:34 UTC 2013 + Serial Number (hex): 540022bafc49edbf1a76b04a66ad9da2 + Revoked at: Fri Mar 15 20:51:10 UTC 2013 + Serial Number (hex): 00af4b857ec304eee0511284b064e91f0c + Revoked at: Fri Mar 15 20:51:49 UTC 2013 + Serial Number (hex): 121b2275687b8a89640150d543ddfda3 + Revoked at: Sat Mar 16 13:28:47 UTC 2013 + Serial Number (hex): 41d5ebfdf32d19462893e3977500c3cf + Revoked at: Sat Mar 16 13:46:06 UTC 2013 + Serial Number (hex): 00920655f1c514d3a6165f8f2155f20950 + Revoked at: Sun Mar 17 02:13:14 UTC 2013 + Serial Number (hex): 00e7e7199030e89692dc82a46e7cf06e60 + Revoked at: Sun Mar 17 23:13:19 UTC 2013 + Serial Number (hex): 00934db5c0348f2d3dc29267eb38d5627a + Revoked at: Mon Mar 18 00:04:07 UTC 2013 + Serial Number (hex): 00e03469a2b3c71e137cbb19a31bfc9210 + Revoked at: Mon Mar 18 00:05:47 UTC 2013 + Serial Number (hex): 3d6817b4808dfffe0d9672bc807c1448 + Revoked at: Mon Mar 18 02:13:03 UTC 2013 + Serial Number (hex): 19f7d8fd8d2f08c262274147f2c2f4e9 + Revoked at: Mon Mar 18 02:13:04 UTC 2013 + Serial Number (hex): 61871e61cc7f58f3c12529a7d9ffe780 + Revoked at: Mon Mar 18 11:56:04 UTC 2013 + Serial Number (hex): 009b079d6eaa2a052eeca135ec56e26c9a + Revoked at: Mon Mar 18 12:41:54 UTC 2013 + Serial Number (hex): 3b413051dceaf6bf68b0bdbddb820382 + Revoked at: Mon Mar 18 15:02:00 UTC 2013 + Serial Number (hex): 00a143c8a418ace975cb6db24fb0e255db + Revoked at: Mon Mar 18 15:39:15 UTC 2013 + Serial Number (hex): 00ef2bd0cca5f95b7663c715d8b0279c57 + Revoked at: Mon Mar 18 15:39:26 UTC 2013 + Serial Number (hex): 038fa81bf006bcff78a27af858b56e3a + Revoked at: Mon Mar 18 16:56:55 UTC 2013 + Serial Number (hex): 00f1427ad2db81b0bc1440531bc82c21f0 + Revoked at: Mon Mar 18 17:59:08 UTC 2013 + Serial Number (hex): 335a7d678e50e66faeffaa27050a8425 + Revoked at: Mon Mar 18 19:12:17 UTC 2013 + Serial Number (hex): 382c532c056b49f7d4ac3ba781de8551 + Revoked at: Mon Mar 18 19:17:03 UTC 2013 + Serial Number (hex): 00c0f8780f62dd074f2a8118622f98e1ce + Revoked at: Mon Mar 18 19:26:58 UTC 2013 + Serial Number (hex): 5a506e186fe41fddcffb456dfcff2f44 + Revoked at: Mon Mar 18 19:31:24 UTC 2013 + Serial Number (hex): 00e6226e0788999cc09a633923c582b3e9 + Revoked at: Mon Mar 18 19:33:34 UTC 2013 + Serial Number (hex): 459e8b897d722b340ccb63c5e16a1d8b + Revoked at: Mon Mar 18 21:38:13 UTC 2013 + Serial Number (hex): 63d1262864aabe6757125ae8268f6414 + Revoked at: Tue Mar 19 09:41:11 UTC 2013 + Serial Number (hex): 7dcfb405215dd4e328f16aebf2164cde + Revoked at: Tue Mar 19 13:14:02 UTC 2013 + Serial Number (hex): 618db75a054c7382c9ab7435260ca0e8 + Revoked at: Tue Mar 19 13:53:57 UTC 2013 + Serial Number (hex): 772137d024504d380a9c9f772576fa97 + Revoked at: Tue Mar 19 15:14:52 UTC 2013 + Serial Number (hex): 00f3d84fe50df506fb2b94584bdd44e8d2 + Revoked at: Tue Mar 19 15:16:02 UTC 2013 + Serial Number (hex): 00b53a2e380eed26a701baa7d8c856d2fd + Revoked at: Tue Mar 19 16:55:20 UTC 2013 + Serial Number (hex): 1607a0af37b8a4ff3cb4f49c7974f109 + Revoked at: Tue Mar 19 19:10:27 UTC 2013 + Serial Number (hex): 4df024711e25905ebb79cc346ff58c16 + Revoked at: Tue Mar 19 19:52:50 UTC 2013 + Serial Number (hex): 656e0aa6e63fd42cde93700689c1fcc6 + Revoked at: Tue Mar 19 19:55:24 UTC 2013 + Serial Number (hex): 00e28d34f853b9043696c87f9b48d68986 + Revoked at: Tue Mar 19 19:55:53 UTC 2013 + Serial Number (hex): 00b35124107bf01fb3adda17962ae417b2 + Revoked at: Tue Mar 19 19:57:18 UTC 2013 + Serial Number (hex): 00e237e9fdca115da7c3ed1eda10e050b7 + Revoked at: Tue Mar 19 20:21:11 UTC 2013 + Serial Number (hex): 3708610b47d69ea52d70ad8c9a98928b + Revoked at: Tue Mar 19 20:55:42 UTC 2013 + Serial Number (hex): 00b40e79bdcb43f9c864b394e6580ca389 + Revoked at: Tue Mar 19 21:49:59 UTC 2013 + Serial Number (hex): 59144e55d5d7cf7189be29c8a6a6eecc + Revoked at: Wed Mar 20 09:35:40 UTC 2013 + Serial Number (hex): 00a441204dfb3fa6f8416255d1fd6caaad + Revoked at: Wed Mar 20 11:59:53 UTC 2013 + Serial Number (hex): 7ae7ce67b5a26663d811dfe4366a6fe5 + Revoked at: Wed Mar 20 13:32:06 UTC 2013 + Serial Number (hex): 1ac7a4dbcf1e61643fc222903c50e11a + Revoked at: Wed Mar 20 17:30:38 UTC 2013 + Serial Number (hex): 009a9d32be169b4a87e90097aef61e16fb + Revoked at: Wed Mar 20 17:32:00 UTC 2013 + Serial Number (hex): 29794fa0a0eb58e19cb05b16d27d4dfc + Revoked at: Wed Mar 20 19:29:32 UTC 2013 + Serial Number (hex): 6b095429db69297c79cb7a788cd30e25 + Revoked at: Wed Mar 20 19:30:17 UTC 2013 + Serial Number (hex): 00c4cf63298b81e2e928deb07fce56e5ea + Revoked at: Wed Mar 20 19:37:04 UTC 2013 + Serial Number (hex): 009cc8f7cea8f2c1a9749acf5e50b69d67 + Revoked at: Wed Mar 20 20:00:07 UTC 2013 + Serial Number (hex): 00faa787a310285ca16e21db2cb400d42f + Revoked at: Wed Mar 20 21:07:00 UTC 2013 + Serial Number (hex): 1d7337abd7522a1a03f173d65b36c8e6 + Revoked at: Wed Mar 20 22:28:21 UTC 2013 + Serial Number (hex): 00a8aa00fc813a05c77121e47d66359071 + Revoked at: Thu Mar 21 17:08:14 UTC 2013 + Serial Number (hex): 00b6bde5d903e11323cc80e63ff9788ae4 + Revoked at: Thu Mar 21 17:10:37 UTC 2013 + Serial Number (hex): 24fd35ecbd9f360cc29fe3dfaeee7f25 + Revoked at: Thu Mar 21 17:40:13 UTC 2013 + Serial Number (hex): 00d505612d94616ccc595280a01357206c + Revoked at: Thu Mar 21 18:54:02 UTC 2013 + Serial Number (hex): 04e637871da1486b74a8ac65f3ec3c84 + Revoked at: Thu Mar 21 20:26:06 UTC 2013 + Serial Number (hex): 59126d901751cf607c485afcc60a33c1 + Revoked at: Thu Mar 21 20:31:49 UTC 2013 + Serial Number (hex): 009b4e6d882306cc2d072122b5b4ac99c7 + Revoked at: Thu Mar 21 20:42:08 UTC 2013 + Serial Number (hex): 00b466512ded7324ef0c6c1227d6368f61 + Revoked at: Thu Mar 21 20:52:30 UTC 2013 + Serial Number (hex): 2f94acb0ec76217a4e3828cce4020f3c + Revoked at: Thu Mar 21 23:18:37 UTC 2013 + Serial Number (hex): 30fb5b712a4001cf35aad568dda7d0b5 + Revoked at: Fri Mar 22 04:24:26 UTC 2013 + Serial Number (hex): 00c4f66b6ddbf91adba5dfc91e6e2103ef + Revoked at: Fri Mar 22 12:15:48 UTC 2013 + Serial Number (hex): 00a7334ebbe472cc63f6ad7a959f819dfc + Revoked at: Fri Mar 22 14:11:34 UTC 2013 + Serial Number (hex): 781b7a8772edd4cb5b026f40f0e14a7e + Revoked at: Fri Mar 22 14:13:56 UTC 2013 + Serial Number (hex): 32f6f84de7c02d2d4fc6ccecb886ffc6 + Revoked at: Fri Mar 22 14:16:40 UTC 2013 + Serial Number (hex): 00bffd5c79fcd18d8a125d881178794d89 + Revoked at: Fri Mar 22 14:23:19 UTC 2013 + Serial Number (hex): 00d2f8bcfdd626d940025d8aca75a411c1 + Revoked at: Fri Mar 22 14:29:57 UTC 2013 + Serial Number (hex): 0d0547091ac621691e1fc78cc98c6bca + Revoked at: Fri Mar 22 14:32:43 UTC 2013 + Serial Number (hex): 6e3018f711b92ed3bdb17e047581ffd1 + Revoked at: Fri Mar 22 14:45:31 UTC 2013 + Serial Number (hex): 00ff1d6eee3d6ae1eb5892cdff1b62a0f7 + Revoked at: Fri Mar 22 14:50:34 UTC 2013 + Serial Number (hex): 2f56e21272c959dd53f1cf6a0b9c4f5e + Revoked at: Fri Mar 22 15:04:30 UTC 2013 + Serial Number (hex): 0cd258b6da7813936448fa71f6848527 + Revoked at: Fri Mar 22 15:26:23 UTC 2013 + Serial Number (hex): 00df02002bd48c71c1a844e0ecd2bc74f3 + Revoked at: Fri Mar 22 15:30:03 UTC 2013 + Serial Number (hex): 2d2fd634a6b81f693d98ef2d0f3a6e42 + Revoked at: Fri Mar 22 17:57:03 UTC 2013 + Serial Number (hex): 3f0fd40cf5e02518e92849b5f73c6440 + Revoked at: Fri Mar 22 19:16:33 UTC 2013 + Serial Number (hex): 00bd24484e5e26902589d1127dd5d9a402 + Revoked at: Fri Mar 22 19:16:48 UTC 2013 + Serial Number (hex): 00f4b63b1d631e4aaef47ee54c42df03de + Revoked at: Fri Mar 22 20:22:50 UTC 2013 + Serial Number (hex): 00d48f7486c9f1d75a05e9c852a5630193 + Revoked at: Fri Mar 22 20:32:14 UTC 2013 + Serial Number (hex): 418643b032b80985ebf88a15dde9c6e1 + Revoked at: Fri Mar 22 21:56:18 UTC 2013 + Serial Number (hex): 39a5d0556369b5a27d9ab23a39eaed55 + Revoked at: Sat Mar 23 00:10:49 UTC 2013 + Serial Number (hex): 00c1a0e2c9e4a4fde1d4f803ea728354f4 + Revoked at: Sat Mar 23 02:02:28 UTC 2013 + Serial Number (hex): 475363a39d4cff4bc36eb4cf1d6f332d + Revoked at: Sat Mar 23 02:03:03 UTC 2013 + Serial Number (hex): 00c05505ea046974fdf06ba394ab346565 + Revoked at: Sat Mar 23 02:13:06 UTC 2013 + Serial Number (hex): 7095051e315e0649c5c255705b2e703c + Revoked at: Sat Mar 23 02:29:09 UTC 2013 + Serial Number (hex): 3f1b6b6f1f7b699557bf980de3bc16a6 + Revoked at: Sat Mar 23 02:29:30 UTC 2013 + Serial Number (hex): 709918613a9a8c807b4753d003f4f1ec + Revoked at: Sat Mar 23 02:31:05 UTC 2013 + Serial Number (hex): 689763010a311a29cced25a992c57414 + Revoked at: Sat Mar 23 02:32:36 UTC 2013 + Serial Number (hex): 73f37d4b47a63aa834f81806e59bae40 + Revoked at: Sat Mar 23 02:32:49 UTC 2013 + Serial Number (hex): 5fa9b9fce714c1521d8e11988fd597c3 + Revoked at: Sat Mar 23 02:44:26 UTC 2013 + Serial Number (hex): 00f913957e5d033c97825fecf2c3903b2e + Revoked at: Sat Mar 23 02:44:44 UTC 2013 + Serial Number (hex): 0af9ec1a63e9a91f49da9a2a4fffc88d + Revoked at: Sun Mar 24 02:13:11 UTC 2013 + Serial Number (hex): 71909d2188a223a62a776a2c523e56b1 + Revoked at: Sun Mar 24 02:13:13 UTC 2013 + Serial Number (hex): 7a835be3f5f0ac68bf1e20f33126ef21 + Revoked at: Mon Mar 25 09:00:31 UTC 2013 + Serial Number (hex): 00f1a4783b7fe67600f852f3ea6281322f + Revoked at: Mon Mar 25 12:50:51 UTC 2013 + Serial Number (hex): 009eb3acbe8af757ef152a2993cb996489 + Revoked at: Mon Mar 25 13:29:22 UTC 2013 + Serial Number (hex): 045fa8bc3f9be0203e806a9163561a0a + Revoked at: Mon Mar 25 14:49:12 UTC 2013 + Serial Number (hex): 108e6ceee2e2302b83018e32f2f9473d + Revoked at: Mon Mar 25 14:49:57 UTC 2013 + Serial Number (hex): 3e6b64d08cb904731f3bce3fd5173252 + Revoked at: Mon Mar 25 14:50:46 UTC 2013 + Serial Number (hex): 3ebe673ac7f0bc18f0c9e40be1451e56 + Revoked at: Mon Mar 25 14:54:31 UTC 2013 + Serial Number (hex): 194ccd641d4171b7a437fe95c4207a7f + Revoked at: Mon Mar 25 14:54:34 UTC 2013 + Serial Number (hex): 00fea42b3f73e4a2cb8f5fe430b6efadca + Revoked at: Mon Mar 25 14:54:36 UTC 2013 + Serial Number (hex): 00f861677b061801aa9c7c0fefba8482e4 + Revoked at: Mon Mar 25 15:55:09 UTC 2013 + Serial Number (hex): 09fb34b80a445c5d29b771337d4cd38a + Revoked at: Mon Mar 25 17:58:08 UTC 2013 + Serial Number (hex): 4d7212bc51779dd28c01ca52f2e230e8 + Revoked at: Mon Mar 25 18:13:08 UTC 2013 + Serial Number (hex): 01255d4e0531d7e3e6e30c1eb1379a53 + Revoked at: Mon Mar 25 18:36:23 UTC 2013 + Serial Number (hex): 00bc07fdace1fb765196af1941505c813a + Revoked at: Mon Mar 25 18:44:13 UTC 2013 + Serial Number (hex): 00c8d375826810c4309fedef4a25c91c8d + Revoked at: Mon Mar 25 18:59:27 UTC 2013 + Serial Number (hex): 008a49c0ab0ef41c435585aecd9464132b + Revoked at: Mon Mar 25 19:20:26 UTC 2013 + Serial Number (hex): 4f9786cbad809419b1c5b991faa9f7c6 + Revoked at: Mon Mar 25 19:32:56 UTC 2013 + Serial Number (hex): 00b8f53580ca5585d105712a6d516a5296 + Revoked at: Mon Mar 25 20:21:48 UTC 2013 + Serial Number (hex): 314444e0c525418f390687ca5935647b + Revoked at: Mon Mar 25 20:50:32 UTC 2013 + Serial Number (hex): 6593b2cf8af3895487186dcc5f6091dc + Revoked at: Mon Mar 25 20:51:02 UTC 2013 + Serial Number (hex): 00a050560cdd18cc2c88ebe5401942776d + Revoked at: Mon Mar 25 20:51:51 UTC 2013 + Serial Number (hex): 00d32c4a6d4b4fbbc24914a34eba53c600 + Revoked at: Tue Mar 26 11:10:05 UTC 2013 + Serial Number (hex): 00978a423feacce07a9c0fd72e7544fc12 + Revoked at: Tue Mar 26 13:33:39 UTC 2013 + Serial Number (hex): 1aa44d17cac5f0406f52e08e5dad21c3 + Revoked at: Tue Mar 26 14:55:35 UTC 2013 + Serial Number (hex): 00a4826524e0a34b33120a09399b6a3da4 + Revoked at: Tue Mar 26 14:55:57 UTC 2013 + Serial Number (hex): 3d1ec040fcf0cd05ed29642d698121a7 + Revoked at: Tue Mar 26 14:56:20 UTC 2013 + Serial Number (hex): 00e08f9463a6b23d8b43c222edea8298c3 + Revoked at: Tue Mar 26 15:05:41 UTC 2013 + Serial Number (hex): 3fc3579bd597c466b3f852267f6de7e4 + Revoked at: Tue Mar 26 16:05:04 UTC 2013 + Serial Number (hex): 00cf42d0b0f5609c60b78dbd7dfd43b3dc + Revoked at: Tue Mar 26 16:40:12 UTC 2013 + Serial Number (hex): 00ba08e86953aec1a8d9f7c9f9bbd02341 + Revoked at: Tue Mar 26 17:33:03 UTC 2013 + Serial Number (hex): 27ebf760347e9276733ca1444c9121aa + Revoked at: Tue Mar 26 17:59:12 UTC 2013 + Serial Number (hex): 00ed84d905a696ce74f9404c30b2298136 + Revoked at: Tue Mar 26 18:14:12 UTC 2013 + Serial Number (hex): 02f06f1f75b6b8303b0ee95ce2eb598d + Revoked at: Tue Mar 26 18:32:45 UTC 2013 + Serial Number (hex): 09eb95957e87e4aada21f55b8f261f9b + Revoked at: Tue Mar 26 18:33:16 UTC 2013 + Serial Number (hex): 00a16bf3952755cdd1e0b334cdadec3ff6 + Revoked at: Tue Mar 26 18:33:42 UTC 2013 + Serial Number (hex): 5b1bbe5833afcc0fca5bf4e732ec8d41 + Revoked at: Tue Mar 26 19:30:24 UTC 2013 + Serial Number (hex): 4fd3a8dce4456ce75625dfe372a71387 + Revoked at: Tue Mar 26 20:28:55 UTC 2013 + Serial Number (hex): 00a13f5d50207105ab1f82b0b517ec7c53 + Revoked at: Tue Mar 26 20:29:05 UTC 2013 + Serial Number (hex): 00af21c274cc1c416bcc999ff547a91fb0 + Revoked at: Tue Mar 26 20:48:56 UTC 2013 + Serial Number (hex): 009ab75bca214e1a678fbda8a185286e07 + Revoked at: Tue Mar 26 20:50:45 UTC 2013 + Serial Number (hex): 4b57d5509dddb2c0075a4b589eda7740 + Revoked at: Tue Mar 26 20:51:24 UTC 2013 + Serial Number (hex): 00dc5959f525ca1e89ce7802deb8536a52 + Revoked at: Tue Mar 26 21:42:11 UTC 2013 + Serial Number (hex): 307a9c7ac0083e1510c0e00990a003df + Revoked at: Tue Mar 26 21:52:27 UTC 2013 + Serial Number (hex): 77693cec454e53b1d41a3203d7f37197 + Revoked at: Wed Mar 27 13:31:30 UTC 2013 + Serial Number (hex): 00e31c0ab869198eedaafa1ddecad898a9 + Revoked at: Wed Mar 27 13:49:39 UTC 2013 + Serial Number (hex): 00ff35f109b7e342c8c2df18ca61c969bf + Revoked at: Wed Mar 27 14:32:49 UTC 2013 + Serial Number (hex): 00c08b424a83d4aa0a5896bac7a9f3fcdf + Revoked at: Wed Mar 27 15:01:21 UTC 2013 + Serial Number (hex): 3002821cef0165fdc464ea5352d03771 + Revoked at: Wed Mar 27 15:51:03 UTC 2013 + Serial Number (hex): 5ab2ba671f53c025eb8e535be3db9749 + Revoked at: Wed Mar 27 18:02:23 UTC 2013 + Serial Number (hex): 1028f5fe1c5d9736e2d0d29390627203 + Revoked at: Wed Mar 27 18:09:18 UTC 2013 + Serial Number (hex): 146fb10a8a6a7ce12e1ff03f30ba6da9 + Revoked at: Wed Mar 27 18:28:50 UTC 2013 + Serial Number (hex): 4cbd6e5e4b5525d157bacae0994e54f7 + Revoked at: Wed Mar 27 18:55:34 UTC 2013 + Serial Number (hex): 4c615c07b6beee9e45681eafe0a96a18 + Revoked at: Wed Mar 27 18:57:52 UTC 2013 + Serial Number (hex): 28a0be64ae090add6deda758185acf99 + Revoked at: Wed Mar 27 19:15:59 UTC 2013 + Serial Number (hex): 00b352d377d49152c2b8b96c4b5eae8df6 + Revoked at: Wed Mar 27 19:29:26 UTC 2013 + Serial Number (hex): 41efe436aeb8baab7f60a827154b57b0 + Revoked at: Wed Mar 27 20:33:10 UTC 2013 + Serial Number (hex): 48f5d840f1868db34501fbc47a27ecec + Revoked at: Wed Mar 27 20:37:34 UTC 2013 + Serial Number (hex): 59c3b641e16b2ec58a296dfa956cb7f0 + Revoked at: Wed Mar 27 20:53:27 UTC 2013 + Serial Number (hex): 5ffa9607d76adefd4a130b5ad3b046d4 + Revoked at: Wed Mar 27 21:55:37 UTC 2013 + Serial Number (hex): 70527ec408fbf663ff0dc2eec5577bd8 + Revoked at: Wed Mar 27 23:20:55 UTC 2013 + Serial Number (hex): 00e3311a52e11c839314a828def75f77f4 + Revoked at: Thu Mar 28 11:50:49 UTC 2013 + Serial Number (hex): 00ad2adb44e210708dd1c5d17d8a406d60 + Revoked at: Thu Mar 28 14:54:50 UTC 2013 + Serial Number (hex): 21d422df6587978216c6dc8ec746535b + Revoked at: Thu Mar 28 14:55:51 UTC 2013 + Serial Number (hex): 3c750bf4c619bc6cc95c1c1b7c11b847 + Revoked at: Thu Mar 28 15:08:14 UTC 2013 + Serial Number (hex): 00b9a14d794cea9ac0513963af3b7e53bf + Revoked at: Thu Mar 28 15:09:02 UTC 2013 + Serial Number (hex): 00b4230902ea340f6e5d00601b2eac064b + Revoked at: Thu Mar 28 15:13:01 UTC 2013 + Serial Number (hex): 00affefbaf473d3ad3e64369c24629603f + Revoked at: Thu Mar 28 15:41:16 UTC 2013 + Serial Number (hex): 00f697b68e6be495c1a1c033b1e20f1fef + Revoked at: Thu Mar 28 15:47:17 UTC 2013 + Serial Number (hex): 516ae10f5b0dafc6a202d3886beb7cac + Revoked at: Thu Mar 28 16:46:18 UTC 2013 + Serial Number (hex): 5d90e6b941f2b1d6191fb00fe94e471a + Revoked at: Thu Mar 28 17:02:42 UTC 2013 + Serial Number (hex): 00af78345615c8a6c0838e49c26b68a7cb + Revoked at: Thu Mar 28 17:09:51 UTC 2013 + Serial Number (hex): 7056c87d488960a60b07c4b8f6fd2108 + Revoked at: Thu Mar 28 18:41:56 UTC 2013 + Serial Number (hex): 00f0316350974949bb79ba4e8faf1cdce7 + Revoked at: Thu Mar 28 18:49:42 UTC 2013 + Serial Number (hex): 2b482a22be796c32f616f2ecfc733dff + Revoked at: Thu Mar 28 18:49:56 UTC 2013 + Serial Number (hex): 00d51e114b8ab66332cd22b10079c9ddae + Revoked at: Thu Mar 28 18:50:14 UTC 2013 + Serial Number (hex): 00aef6d6ee3d05c1c1be59fc459a9fde87 + Revoked at: Thu Mar 28 23:50:09 UTC 2013 + Serial Number (hex): 4fe2427de13ec07ad2ca5ccd16e4cb5a + Revoked at: Fri Mar 29 12:41:50 UTC 2013 + Serial Number (hex): 00ac16e0ebbd8e9d4a8f7dcb133d1b85fc + Revoked at: Fri Mar 29 13:40:40 UTC 2013 + Serial Number (hex): 00af419b08b880949e03587c5b99b207be + Revoked at: Fri Mar 29 13:42:16 UTC 2013 + Serial Number (hex): 00f84eb9caf05e155eae9b27f331bf916d + Revoked at: Fri Mar 29 15:15:25 UTC 2013 + Serial Number (hex): 00d1ee1228ad41fe981ce4c9a7165ccd79 + Revoked at: Fri Mar 29 15:45:44 UTC 2013 + Serial Number (hex): 00b70628c706d85a7f491fa3b3548c8e1d + Revoked at: Fri Mar 29 16:13:19 UTC 2013 + Serial Number (hex): 5ade2aa4d1204f12f2776cb61819deb2 + Revoked at: Fri Mar 29 17:54:32 UTC 2013 + Serial Number (hex): 00914045074275300fabb3665f3a10ce15 + Revoked at: Fri Mar 29 17:58:55 UTC 2013 + Serial Number (hex): 00d7b067d910d6b5c90b29d14695684242 + Revoked at: Fri Mar 29 19:08:49 UTC 2013 + Serial Number (hex): 68d51ddeb258ab70406b726a6408ffab + Revoked at: Fri Mar 29 19:52:46 UTC 2013 + Serial Number (hex): 74bf86b8ae6a95b973a34e0cb50a24f1 + Revoked at: Fri Mar 29 20:05:29 UTC 2013 + Serial Number (hex): 73e976ea74a6fb86125d8944f36495b7 + Revoked at: Fri Mar 29 20:14:18 UTC 2013 + Serial Number (hex): 00d1efc3b26194c0ed2f3e930f4d18d5c2 + Revoked at: Sun Mar 31 02:13:31 UTC 2013 + Serial Number (hex): 00c760d2347144ef651f82690d40fb2878 + Revoked at: Sun Mar 31 20:57:32 UTC 2013 + Serial Number (hex): 00ba07445f21190ec2f735b72a0f235377 + Revoked at: Mon Apr 01 09:09:20 UTC 2013 + Serial Number (hex): 00d65d10fcdec5f4cc4cb9a4f39cc4245d + Revoked at: Mon Apr 01 14:04:37 UTC 2013 + Serial Number (hex): 4d8c3f894d494ab6209a86c3f524f61a + Revoked at: Mon Apr 01 14:49:36 UTC 2013 + Serial Number (hex): 00a2d0dc0f733a948d1d0e0ed513e7272d + Revoked at: Mon Apr 01 16:46:21 UTC 2013 + Serial Number (hex): 00b807402fd85ca91ea3045e6a9669b991 + Revoked at: Mon Apr 01 17:15:52 UTC 2013 + Serial Number (hex): 00f313eabf45a4a28b7a447e3f7b0b8435 + Revoked at: Mon Apr 01 17:18:53 UTC 2013 + Serial Number (hex): 009b7c849cc038dc181fd2db77666bc2fe + Revoked at: Mon Apr 01 17:19:14 UTC 2013 + Serial Number (hex): 2c372f37fbc7add9e0032eeac60c8d19 + Revoked at: Mon Apr 01 17:35:44 UTC 2013 + Serial Number (hex): 17509baa3d8833c435b02f2cad263b60 + Revoked at: Mon Apr 01 18:07:21 UTC 2013 + Serial Number (hex): 00c3d10453cf3e72bedfe74e4f9a6716bd + Revoked at: Mon Apr 01 18:11:27 UTC 2013 + Serial Number (hex): 00c2a69d15058d50fa31d39706cf20718d + Revoked at: Mon Apr 01 18:11:39 UTC 2013 + Serial Number (hex): 008da46d346e0bbd9408d127aafd01357c + Revoked at: Mon Apr 01 19:19:35 UTC 2013 + Serial Number (hex): 3af57a88cb522114df16c931b9dbdafc + Revoked at: Mon Apr 01 20:36:35 UTC 2013 + Serial Number (hex): 20c114f1c4371d703f229b9d31e8275f + Revoked at: Mon Apr 01 20:36:46 UTC 2013 + Serial Number (hex): 3225548179e77b271f14f0e1cd8d669d + Revoked at: Mon Apr 01 20:36:55 UTC 2013 + Serial Number (hex): 0099c9c20530937fd904972ccd6fdd447d + Revoked at: Mon Apr 01 21:47:33 UTC 2013 + Serial Number (hex): 1f8fea94cdd60c2b72239b1462097946 + Revoked at: Tue Apr 02 02:13:04 UTC 2013 + Serial Number (hex): 00bc68370875d10fda89d8adfba8b6b770 + Revoked at: Tue Apr 02 16:14:19 UTC 2013 + Serial Number (hex): 2724f2013ce13b8d1cefd0e4d234689a + Revoked at: Tue Apr 02 19:11:45 UTC 2013 + Serial Number (hex): 494d2bf3118273ca6f9e3ffd365c8c1a + Revoked at: Tue Apr 02 19:12:52 UTC 2013 + Serial Number (hex): 00f78a008efaeef424ddeb5ab1d6e001d0 + Revoked at: Tue Apr 02 19:29:25 UTC 2013 + Serial Number (hex): 139d358dbdf099e92b1ae7762e500e8a + Revoked at: Tue Apr 02 19:53:48 UTC 2013 + Serial Number (hex): 1b2b91ea831b27b5bffe03006b9f5a14 + Revoked at: Tue Apr 02 19:55:06 UTC 2013 + Serial Number (hex): 5cb4bac1713b1dc12d04eba7819b0561 + Revoked at: Tue Apr 02 21:19:32 UTC 2013 + Serial Number (hex): 25bc1c69661c72b3cfa729f88730daf3 + Revoked at: Wed Apr 03 11:35:15 UTC 2013 + Serial Number (hex): 23368ecb6550cf63b47647b4a41ee77b + Revoked at: Wed Apr 03 11:35:31 UTC 2013 + Serial Number (hex): 07b87981ea814a020b84b53fc9d29e77 + Revoked at: Wed Apr 03 13:00:54 UTC 2013 + Serial Number (hex): 00a17e08bec1e635882e0c5318656e884b + Revoked at: Wed Apr 03 15:19:13 UTC 2013 + Serial Number (hex): 1c6bf6413eb37bcd94886ef69815668d + Revoked at: Wed Apr 03 17:54:06 UTC 2013 + Serial Number (hex): 00df822c22162a756bfb13347c0fae7022 + Revoked at: Wed Apr 03 20:40:55 UTC 2013 + Serial Number (hex): 2ce09cfe5c5e2c12ac031d8d665b7f73 + Revoked at: Thu Apr 04 10:02:35 UTC 2013 + Serial Number (hex): 00f6f2a19c60db17524f7ae88b6c1cdca5 + Revoked at: Thu Apr 04 15:10:23 UTC 2013 + Serial Number (hex): 00d16d1cd4b501ee9600829efd7b0bc504 + Revoked at: Thu Apr 04 15:35:16 UTC 2013 + Serial Number (hex): 76e7adee374c2812757b3b4fb334379a + Revoked at: Thu Apr 04 17:48:51 UTC 2013 + Serial Number (hex): 00e0800052c5f3d4ade9e9ffc8d4297a0b + Revoked at: Thu Apr 04 18:10:35 UTC 2013 + Serial Number (hex): 00de2922061054aa0e302fef0e4c49c9e2 + Revoked at: Thu Apr 04 20:32:52 UTC 2013 + Serial Number (hex): 77a5994251fa8b621593bde7407ca4e2 + Revoked at: Thu Apr 04 20:33:04 UTC 2013 + Serial Number (hex): 62b35ec63853ba68988203c0e8773a84 + Revoked at: Fri Apr 05 08:01:49 UTC 2013 + Serial Number (hex): 00ef1fd93e8a83d8052051e0ddc928f02c + Revoked at: Fri Apr 05 11:47:20 UTC 2013 + Serial Number (hex): 5487c342b992784ba31bf0c06a57f015 + Revoked at: Fri Apr 05 12:01:55 UTC 2013 + Serial Number (hex): 00ad428261d382a713a51c9862cd782e7a + Revoked at: Fri Apr 05 13:35:19 UTC 2013 + Serial Number (hex): 008ac95601853adf78a28a63977155d775 + Revoked at: Fri Apr 05 13:47:04 UTC 2013 + Serial Number (hex): 75afbc6076943da73f27db3a691dd519 + Revoked at: Fri Apr 05 14:13:12 UTC 2013 + Serial Number (hex): 0092f6e4e5b91fa431f4934ca83f5762c2 + Revoked at: Fri Apr 05 20:10:05 UTC 2013 + Serial Number (hex): 5614f0084967ebf0199031742b46e18e + Revoked at: Fri Apr 05 20:29:44 UTC 2013 + Serial Number (hex): 008c1c853c1c54da27a6637123fbe877c8 + Revoked at: Fri Apr 05 22:06:22 UTC 2013 + Serial Number (hex): 00d8ec23d8586d045f567bedf04cb0faad + Revoked at: Sat Apr 06 02:13:06 UTC 2013 + Serial Number (hex): 2ab76a5974248722ef06e2c67cb65aec + Revoked at: Mon Apr 08 02:13:04 UTC 2013 + Serial Number (hex): 4b7ea3dafa117413699722fa10ad922c + Revoked at: Mon Apr 08 02:13:04 UTC 2013 + Serial Number (hex): 00ff33516a42e5108c31757df93e880d5e + Revoked at: Mon Apr 08 06:13:01 UTC 2013 + Serial Number (hex): 0f61b2fdd3ca46b20cad4c3fcbf0f8fb + Revoked at: Mon Apr 08 09:30:08 UTC 2013 + Serial Number (hex): 00af4af3c01893425b48776a5185f1eaeb + Revoked at: Mon Apr 08 09:42:23 UTC 2013 + Serial Number (hex): 158a1bce24032fd54eaccba02743ff9e + Revoked at: Mon Apr 08 09:55:18 UTC 2013 + Serial Number (hex): 1d1958887232ff39a32417222f730017 + Revoked at: Mon Apr 08 10:06:45 UTC 2013 + Serial Number (hex): 0083854ba816dcea64a9a5e7babf264c0c + Revoked at: Mon Apr 08 10:52:07 UTC 2013 + Serial Number (hex): 00e5d1c81e69608bb02c3d1bedb98b8f4c + Revoked at: Mon Apr 08 15:20:54 UTC 2013 + Serial Number (hex): 00dd5343ab323d6de87435d39626ac6491 + Revoked at: Mon Apr 08 15:24:27 UTC 2013 + Serial Number (hex): 00b34f037101b20d2b1594f53168c01c34 + Revoked at: Mon Apr 08 15:25:31 UTC 2013 + Serial Number (hex): 00a687d361856ff675a6b1efd5a75b79bd + Revoked at: Mon Apr 08 15:40:15 UTC 2013 + Serial Number (hex): 0097f01cfbcbf838a7d55d571d4c8d7f6d + Revoked at: Mon Apr 08 16:36:41 UTC 2013 + Serial Number (hex): 00b768797bcdfb234d6d6cfab1693b0d01 + Revoked at: Mon Apr 08 17:02:28 UTC 2013 + Serial Number (hex): 1dc1dca0b3afbf911b589bac35087743 + Revoked at: Mon Apr 08 17:10:32 UTC 2013 + Serial Number (hex): 62af7aaf4e02e7a020133066adadd821 + Revoked at: Mon Apr 08 17:10:41 UTC 2013 + Serial Number (hex): 0acc52aad9a10a1ebc8a4679808ac93d + Revoked at: Mon Apr 08 17:13:12 UTC 2013 + Serial Number (hex): 00b3e75832f7ef784288c406e87f2504ad + Revoked at: Mon Apr 08 17:28:19 UTC 2013 + Serial Number (hex): 4349d9748a8d73e71e4c08433b4b3816 + Revoked at: Mon Apr 08 17:50:57 UTC 2013 + Serial Number (hex): 00e10d52376f36938a1a8a26a0a84be15b + Revoked at: Mon Apr 08 17:53:21 UTC 2013 + Serial Number (hex): 55e2b44d4bcef31b4e78802ee05e6589 + Revoked at: Mon Apr 08 18:07:22 UTC 2013 + Serial Number (hex): 48635496b0b8bfd620177310e8c458df + Revoked at: Mon Apr 08 19:00:11 UTC 2013 + Serial Number (hex): 6ae2886723ece080b6762a2520b94f24 + Revoked at: Mon Apr 08 19:57:01 UTC 2013 + Serial Number (hex): 00e869c02b1b8178feaaf6470f0db262d3 + Revoked at: Mon Apr 08 20:14:43 UTC 2013 + Serial Number (hex): 3518d84516e93df3a41086bfe512b61c + Revoked at: Mon Apr 08 23:55:46 UTC 2013 + Serial Number (hex): 00f1bed1cae94c148a1f9923a710418d62 + Revoked at: Tue Apr 09 00:08:08 UTC 2013 + Serial Number (hex): 604e4060fc2ca14bcca2a9612bdc43c7 + Revoked at: Tue Apr 09 09:19:12 UTC 2013 + Serial Number (hex): 00be38a92cffc3432347d4075126c13389 + Revoked at: Tue Apr 09 13:31:11 UTC 2013 + Serial Number (hex): 00947ec17c53382d31bfbc6ea4359c80ee + Revoked at: Tue Apr 09 14:47:14 UTC 2013 + Serial Number (hex): 00f8b6c5a8cabe25a5225377e32e6770a8 + Revoked at: Tue Apr 09 14:59:19 UTC 2013 + Serial Number (hex): 18d8ebccbe42da7135417545f5005929 + Revoked at: Tue Apr 09 15:16:34 UTC 2013 + Serial Number (hex): 0082243902eda696358c32fb70305fdf0a + Revoked at: Tue Apr 09 15:26:16 UTC 2013 + Serial Number (hex): 00857eb95e6e220884eebb7b09f5f5cdc8 + Revoked at: Tue Apr 09 16:38:26 UTC 2013 + Serial Number (hex): 227987240ff9a458d446140513fb0cb8 + Revoked at: Tue Apr 09 17:35:51 UTC 2013 + Serial Number (hex): 00cfc598a87dd43c4dbffc1ee5b72e7737 + Revoked at: Tue Apr 09 17:36:12 UTC 2013 + Serial Number (hex): 31b4601e012537751cec758661a5d2c2 + Revoked at: Tue Apr 09 18:00:23 UTC 2013 + Serial Number (hex): 67c2bfc644aed6fd59f3b5021a26ce7b + Revoked at: Tue Apr 09 18:33:09 UTC 2013 + Serial Number (hex): 00dc8b229a56b268fe04da1e61f3545128 + Revoked at: Tue Apr 09 19:17:17 UTC 2013 + Serial Number (hex): 00b11a60285b1d3c33676b4b682a7a76bf + Revoked at: Tue Apr 09 19:21:45 UTC 2013 + Serial Number (hex): 21afc89de51b44767915d4da388bec8f + Revoked at: Tue Apr 09 20:38:19 UTC 2013 + Serial Number (hex): 00f82b23d182733634e9dcbfd601e83dfe + Revoked at: Tue Apr 09 21:17:26 UTC 2013 + Serial Number (hex): 25dcb38fb8b878493fd6c054e94227c2 + Revoked at: Wed Apr 10 14:37:30 UTC 2013 + Serial Number (hex): 00deb5bb53adf3be8f4af3eea27ffc58bb + Revoked at: Wed Apr 10 14:38:29 UTC 2013 + Serial Number (hex): 00eabe036d0e476cb7af993e6550137a18 + Revoked at: Wed Apr 10 14:51:16 UTC 2013 + Serial Number (hex): 29fc584e39cb0fbd5670f9eb50e3ad54 + Revoked at: Wed Apr 10 15:26:33 UTC 2013 + Serial Number (hex): 102cc7aa257e303368b416e3e4a66021 + Revoked at: Wed Apr 10 15:26:46 UTC 2013 + Serial Number (hex): 6cd2c1a72f7ce6ec44419e4a24722961 + Revoked at: Wed Apr 10 18:08:03 UTC 2013 + Serial Number (hex): 008837ba1fd4b48be48e24859a32b7ba0d + Revoked at: Wed Apr 10 18:32:50 UTC 2013 + Serial Number (hex): 723fe56ed89696bcff1b36b6322fe2eb + Revoked at: Wed Apr 10 19:05:45 UTC 2013 + Serial Number (hex): 00d8d13f279810221f9dbe994b70c8f598 + Revoked at: Wed Apr 10 20:36:55 UTC 2013 + Serial Number (hex): 35501b3a149b949c7bbb6481c0f2e43b + Revoked at: Wed Apr 10 22:52:56 UTC 2013 + Serial Number (hex): 17e06526faf3481facad297196a80eaf + Revoked at: Wed Apr 10 23:07:18 UTC 2013 + Serial Number (hex): 00e14e6f6417d14e1ba2be3696f707765a + Revoked at: Thu Apr 11 09:41:47 UTC 2013 + Serial Number (hex): 00acbf12d74f5296fff91bcd849d410a09 + Revoked at: Thu Apr 11 15:28:48 UTC 2013 + Serial Number (hex): 00d486105609b76daccfa3c4904b1913da + Revoked at: Thu Apr 11 15:39:29 UTC 2013 + Serial Number (hex): 00d14b13a446de7b06919583f482903e79 + Revoked at: Thu Apr 11 16:28:43 UTC 2013 + Serial Number (hex): 5e85bee19108af8a6128b5951a387623 + Revoked at: Thu Apr 11 16:29:07 UTC 2013 + Serial Number (hex): 00843df10548ee86710fde2d4e0987b6d5 + Revoked at: Thu Apr 11 19:25:37 UTC 2013 + Serial Number (hex): 0084cf7cf2241571c17308bccf5621f798 + Revoked at: Thu Apr 11 19:28:20 UTC 2013 + Serial Number (hex): 00f23a5267ecd980fc2715f368bda6e1f7 + Revoked at: Thu Apr 11 19:30:56 UTC 2013 + Serial Number (hex): 18e8bc7b8275e344dc3c6790b7200b38 + Revoked at: Thu Apr 11 19:33:17 UTC 2013 + Serial Number (hex): 2b8e9b158c7d39363d5c614d31d4b6a8 + Revoked at: Thu Apr 11 20:05:42 UTC 2013 + Serial Number (hex): 0083e9b8de4f74666a4058aa384bd70b78 + Revoked at: Thu Apr 11 22:13:26 UTC 2013 + Serial Number (hex): 00f2f6cb2689a40c386aaeffc983013ec2 + Revoked at: Thu Apr 11 23:14:05 UTC 2013 + Serial Number (hex): 5545b10e9197578efbec06fd67ae9d58 + Revoked at: Fri Apr 12 12:29:53 UTC 2013 + Serial Number (hex): 4d055a5602add94c137310f57d9b8ad1 + Revoked at: Fri Apr 12 14:15:52 UTC 2013 + Serial Number (hex): 009e09e68ee35e29639625b295e2cdd1fc + Revoked at: Fri Apr 12 15:00:57 UTC 2013 + Serial Number (hex): 00cc660a97741eccbf3b98e6dffadc0d4a + Revoked at: Fri Apr 12 15:26:54 UTC 2013 + Serial Number (hex): 00aa7b12ee95183ddb1cf56a5a764f00ea + Revoked at: Fri Apr 12 18:12:47 UTC 2013 + Serial Number (hex): 009f1b66ab388e0ce98e3165c3967f3af5 + Revoked at: Fri Apr 12 18:37:21 UTC 2013 + Serial Number (hex): 272af8b0fc3b4df21af4ce0ca5242418 + Revoked at: Fri Apr 12 20:38:04 UTC 2013 + Serial Number (hex): 00beea2d1c2c88f1636576e6f298c2b939 + Revoked at: Fri Apr 12 20:38:17 UTC 2013 + Serial Number (hex): 00f6e54e691b9b02290017b2a24d220f4a + Revoked at: Fri Apr 12 21:58:53 UTC 2013 + Serial Number (hex): 00c4b0f906c3ff66952d96df4bfd94936d + Revoked at: Fri Apr 12 21:59:13 UTC 2013 + Serial Number (hex): 00db33e109fd5d86d1f7d913844d6da62c + Revoked at: Fri Apr 12 22:30:52 UTC 2013 + Serial Number (hex): 00ba6b914e812bddbcfffbf0924db40eb0 + Revoked at: Fri Apr 12 22:31:15 UTC 2013 + Serial Number (hex): 7be7232c25b2ad852b14c75951f6e7d8 + Revoked at: Fri Apr 12 22:31:26 UTC 2013 + Serial Number (hex): 00de9c08fdd1b1322ce652809a332ca8d9 + Revoked at: Mon Apr 15 02:13:05 UTC 2013 + Serial Number (hex): 58f9f64388b013f588ea69d0229cf619 + Revoked at: Mon Apr 15 13:19:02 UTC 2013 + Serial Number (hex): 00d27c0bfb9c22284bd4d2646d28280fcc + Revoked at: Mon Apr 15 14:46:14 UTC 2013 + Serial Number (hex): 00ab59f14efa7c0769a7d235c34ced3988 + Revoked at: Mon Apr 15 15:56:46 UTC 2013 + Serial Number (hex): 16ad3692a94dd642a45601adb04946d2 + Revoked at: Mon Apr 15 16:42:14 UTC 2013 + Serial Number (hex): 7e28f199d987a7fbe20f87a47c1a125d + Revoked at: Mon Apr 15 17:21:23 UTC 2013 + Serial Number (hex): 00f82f8e6c374688b2a942bf1a8a96f300 + Revoked at: Mon Apr 15 17:45:53 UTC 2013 + Serial Number (hex): 7720611393e2038a49f4ee6391dcf007 + Revoked at: Mon Apr 15 19:04:25 UTC 2013 + Serial Number (hex): 42641e32e7eda8ceb62aa78af7c502bc + Revoked at: Mon Apr 15 20:40:33 UTC 2013 + Serial Number (hex): 00d61c661663b8c99425edef5d10c689cc + Revoked at: Mon Apr 15 20:41:26 UTC 2013 + Serial Number (hex): 00a929a3df7f35aa38528f864c90f3ca8f + Revoked at: Mon Apr 15 20:43:08 UTC 2013 + Serial Number (hex): 5205566555a28ae553c548cfa3e4599c + Revoked at: Mon Apr 15 20:49:49 UTC 2013 + Serial Number (hex): 00ba5dc0a63199c6a33bb21d8a19ee00f7 + Revoked at: Mon Apr 15 20:53:27 UTC 2013 + Serial Number (hex): 008b4dadf61dfff4f28c813b81c227c751 + Revoked at: Tue Apr 16 02:13:03 UTC 2013 + Serial Number (hex): 704007c42bf5000d6f041305d99cfc25 + Revoked at: Tue Apr 16 04:11:06 UTC 2013 + Serial Number (hex): 00baa32fc8c4d7a84957cb4ea5ecfa8669 + Revoked at: Tue Apr 16 07:40:10 UTC 2013 + Serial Number (hex): 468004e34893c31671ef35a2da0ee0c8 + Revoked at: Tue Apr 16 12:52:27 UTC 2013 + Serial Number (hex): 00b493e8ebee5adbecaa264a413c9deb30 + Revoked at: Tue Apr 16 12:57:16 UTC 2013 + Serial Number (hex): 00877d521cc20c3ae1f63fb1f836377d68 + Revoked at: Tue Apr 16 14:03:33 UTC 2013 + Serial Number (hex): 1b2db6c47701de2b534ee420ceed28d2 + Revoked at: Tue Apr 16 15:04:24 UTC 2013 + Serial Number (hex): 5918d6cfd849b1eeed6b9a4fb75e8cd3 + Revoked at: Tue Apr 16 15:19:23 UTC 2013 + Serial Number (hex): 0f7c2a07ea7b946268c00cc7a4d63909 + Revoked at: Tue Apr 16 16:02:35 UTC 2013 + Serial Number (hex): 781c5694da638e0a81b80b1a30c9197d + Revoked at: Tue Apr 16 17:12:44 UTC 2013 + Serial Number (hex): 0088f0257de04187998ad98a4a08d4ce83 + Revoked at: Tue Apr 16 17:13:41 UTC 2013 + Serial Number (hex): 00952e9dbea86908953cb0cb0d88d52a81 + Revoked at: Tue Apr 16 17:14:22 UTC 2013 + Serial Number (hex): 37aa0fa164cb0e3fd0cacdfed4f62214 + Revoked at: Tue Apr 16 19:13:26 UTC 2013 + Serial Number (hex): 0087f48ceffc5a668ade378849b51b3dda + Revoked at: Tue Apr 16 19:24:38 UTC 2013 + Serial Number (hex): 00dfb4b4738e4b47fb19fea7a30cfa5cb3 + Revoked at: Tue Apr 16 20:00:19 UTC 2013 + Serial Number (hex): 00e7846cffd5bb69b9a9db7d0666f7ccc9 + Revoked at: Tue Apr 16 20:02:57 UTC 2013 + Serial Number (hex): 00d1b01b8004b82da0af803ac2df2b6e35 + Revoked at: Tue Apr 16 20:03:52 UTC 2013 + Serial Number (hex): 3631275a9e612500802af7b9c052909b + Revoked at: Tue Apr 16 20:04:05 UTC 2013 + Serial Number (hex): 00d6f224e8d8358441d55c0deb24cd4963 + Revoked at: Tue Apr 16 20:04:18 UTC 2013 + Serial Number (hex): 009c845c2456547ba8aa87e66ecd88de99 + Revoked at: Tue Apr 16 20:13:43 UTC 2013 + Serial Number (hex): 4051c7fad92209a852d9f001d005f351 + Revoked at: Tue Apr 16 20:14:33 UTC 2013 + Serial Number (hex): 5d1a19f11e3a108e2734b58e69c8ac40 + Revoked at: Tue Apr 16 20:22:31 UTC 2013 + Serial Number (hex): 00dae06b1cefdb949549a3a3d4f42dab23 + Revoked at: Wed Apr 17 04:09:17 UTC 2013 + Serial Number (hex): 2fbf31f0a4b73795ef1f6e306a92bf11 + Revoked at: Wed Apr 17 13:18:28 UTC 2013 + Serial Number (hex): 00b08691b6449cc4367d77c6b888914a39 + Revoked at: Wed Apr 17 13:22:32 UTC 2013 + Serial Number (hex): 00ff3ce23f816e0b77f217bde6ecad368e + Revoked at: Wed Apr 17 13:25:01 UTC 2013 + Serial Number (hex): 062149a7fd5d42a90823c39ce766cb9d + Revoked at: Wed Apr 17 14:41:16 UTC 2013 + Serial Number (hex): 6ebdffe2de1d173c4f95def1613b70dd + Revoked at: Wed Apr 17 15:57:48 UTC 2013 + Serial Number (hex): 00dbaf1f1bd9b05fd5908ebce0f977927b + Revoked at: Wed Apr 17 15:58:43 UTC 2013 + Serial Number (hex): 008497bb84fa3b32e0088ec923683124c2 + Revoked at: Wed Apr 17 15:59:54 UTC 2013 + Serial Number (hex): 008c344362d260015bdd1b4020913420cb + Revoked at: Wed Apr 17 16:00:41 UTC 2013 + Serial Number (hex): 00a0047890e735e2c702ba8d542cc54223 + Revoked at: Wed Apr 17 16:46:09 UTC 2013 + Serial Number (hex): 79580dfe735dcc8d5391ffcf8f3b0820 + Revoked at: Wed Apr 17 19:53:58 UTC 2013 + Serial Number (hex): 731bdc2714520e0ab7d9ecbe39226fef + Revoked at: Wed Apr 17 20:11:08 UTC 2013 + Serial Number (hex): 008a38c02c9710de66d0ac4ba450d23963 + Revoked at: Wed Apr 17 20:36:15 UTC 2013 + Serial Number (hex): 11fbd9802927b6638d2931e2641b21ac + Revoked at: Wed Apr 17 20:46:53 UTC 2013 + Serial Number (hex): 00b778903c4ea6466c4f668b7c23525434 + Revoked at: Thu Apr 18 06:58:42 UTC 2013 + Serial Number (hex): 3b06413b278149120ea80a3c1183fc16 + Revoked at: Thu Apr 18 06:58:59 UTC 2013 + Serial Number (hex): 1ac1b5492d33553212a6f8516ba8fad0 + Revoked at: Thu Apr 18 06:59:19 UTC 2013 + Serial Number (hex): 4b9326fcf4e0eeb1fe8becfaa28006a2 + Revoked at: Thu Apr 18 06:59:42 UTC 2013 + Serial Number (hex): 54283ad229052f8a01e78bff113b8c64 + Revoked at: Thu Apr 18 09:12:43 UTC 2013 + Serial Number (hex): 00db4da461eab4e9382c4dc247af3e3bbc + Revoked at: Thu Apr 18 13:54:06 UTC 2013 + Serial Number (hex): 00b807a8e0dbae88f9cacca60676550ec8 + Revoked at: Thu Apr 18 14:19:31 UTC 2013 + Serial Number (hex): 0a7f08e03a02a32839aec8ddf588958c + Revoked at: Thu Apr 18 14:22:46 UTC 2013 + Serial Number (hex): 00d2528e73f436a56699ebb21b2373cca9 + Revoked at: Thu Apr 18 14:43:32 UTC 2013 + Serial Number (hex): 0098dd7447aff3bb17cb1e9ad8baefb25a + Revoked at: Thu Apr 18 14:56:20 UTC 2013 + Serial Number (hex): 45749d4f5223a98228c415bc6b3449aa + Revoked at: Thu Apr 18 16:11:11 UTC 2013 + Serial Number (hex): 00b0b070538936279d8933d3fae4a27de3 + Revoked at: Thu Apr 18 16:46:53 UTC 2013 + Serial Number (hex): 008f90457ac93ef311eb26ad0690df4940 + Revoked at: Thu Apr 18 19:31:13 UTC 2013 + Serial Number (hex): 220dd587980960fbbcc24096edd7cd1d + Revoked at: Thu Apr 18 20:30:10 UTC 2013 + Serial Number (hex): 00dd356bd535ff4b9232983cd107aff550 + Revoked at: Thu Apr 18 20:47:07 UTC 2013 + Serial Number (hex): 127a34d7947d73ca2e1e658ce8b3320d + Revoked at: Fri Apr 19 08:32:23 UTC 2013 + Serial Number (hex): 00fcb3c07f0bf2cd552a64e828675fb60a + Revoked at: Fri Apr 19 08:32:39 UTC 2013 + Serial Number (hex): 00af0068e8e51cd95f038fde5a933cb0d6 + Revoked at: Fri Apr 19 14:47:38 UTC 2013 + Serial Number (hex): 2637afdde5527fc2d9fbf25eb17d6d69 + Revoked at: Fri Apr 19 18:25:09 UTC 2013 + Serial Number (hex): 51ba81eee94557c130a0b7df736be16b + Revoked at: Fri Apr 19 20:22:05 UTC 2013 + Serial Number (hex): 0be904c3867acc2105a91199071d81 + Revoked at: Sat Apr 20 06:36:10 UTC 2013 + Serial Number (hex): 1be95e844f96119f8a4f9b60a82c54e2 + Revoked at: Sun Apr 21 15:54:56 UTC 2013 + Serial Number (hex): 221210834a99c9fcaaba6a4f8866f20f + Revoked at: Mon Apr 22 02:13:05 UTC 2013 + Serial Number (hex): 00ab3887b122c04ef517f2be8d41fc555e + Revoked at: Mon Apr 22 10:24:05 UTC 2013 + Serial Number (hex): 00d410bc99ca13d30a574c2ed23466a119 + Revoked at: Mon Apr 22 15:18:05 UTC 2013 + Serial Number (hex): 2a79947b10953803f0d95dd49f410aec + Revoked at: Mon Apr 22 15:18:29 UTC 2013 + Serial Number (hex): 5fc0cce009a86511142f5e8a435e6144 + Revoked at: Mon Apr 22 15:24:42 UTC 2013 + Serial Number (hex): 00bd16036796054509e3bbee5c64d507a7 + Revoked at: Mon Apr 22 15:52:17 UTC 2013 + Serial Number (hex): 76b92ad43d197968e16c3cfaebd8ca5b + Revoked at: Mon Apr 22 15:54:44 UTC 2013 + Serial Number (hex): 51554893ba002ec059837e55710f2f41 + Revoked at: Mon Apr 22 16:13:15 UTC 2013 + Serial Number (hex): 00cc194b746d945ae0a63e7e911bdf28d3 + Revoked at: Mon Apr 22 16:27:08 UTC 2013 + Serial Number (hex): 00ca01d4ffca590d775dca09068b58dd41 + Revoked at: Mon Apr 22 17:01:29 UTC 2013 + Serial Number (hex): 0088534295fdb7d282531cd742c953e080 + Revoked at: Mon Apr 22 17:20:40 UTC 2013 + Serial Number (hex): 00a2c7af7657b8269a73ff8be39e1a745c + Revoked at: Mon Apr 22 18:21:15 UTC 2013 + Serial Number (hex): 689dffe722b71bdff39da4f74d889385 + Revoked at: Mon Apr 22 19:55:22 UTC 2013 + Serial Number (hex): 00d2bb1ac9dbc6469be8c0fe5990f12b77 + Revoked at: Mon Apr 22 20:46:02 UTC 2013 + Serial Number (hex): 227a39e5883337e19f34f3d83ef64011 + Revoked at: Tue Apr 23 13:49:12 UTC 2013 + Serial Number (hex): 00ad3964d05d1a713d3d057c2f1f19e821 + Revoked at: Tue Apr 23 14:51:50 UTC 2013 + Serial Number (hex): 714361d0a7f9688e0c8f1288971158e6 + Revoked at: Tue Apr 23 14:53:31 UTC 2013 + Serial Number (hex): 39debefddb515a905f8d405f780167cf + Revoked at: Tue Apr 23 14:53:57 UTC 2013 + Serial Number (hex): 6b6a89d050780a7511586757403dcf72 + Revoked at: Tue Apr 23 18:55:23 UTC 2013 + Serial Number (hex): 00de62b46e5034af81d2e2d2e0bc63a838 + Revoked at: Tue Apr 23 18:55:27 UTC 2013 + Serial Number (hex): 00bc730cea689fa9dc9073341fe05dfa71 + Revoked at: Tue Apr 23 19:18:49 UTC 2013 + Serial Number (hex): 00b35c14cfdb9168c78cc8a6ca0d76f1d3 + Revoked at: Tue Apr 23 19:39:23 UTC 2013 + Serial Number (hex): 2a16b4986dfd01959193f5beb234a059 + Revoked at: Tue Apr 23 19:45:54 UTC 2013 + Serial Number (hex): 1315abce50f88cf3a2912872f5927cbd + Revoked at: Tue Apr 23 20:30:33 UTC 2013 + Serial Number (hex): 2cb884dcccafb9fc721fac2dea45c9de + Revoked at: Tue Apr 23 20:48:49 UTC 2013 + Serial Number (hex): 00a15c8dc5524a50ab7f3b903071cbfc15 + Revoked at: Tue Apr 23 21:47:46 UTC 2013 + Serial Number (hex): 0085b21383aea1e7418510669451ed9fa5 + Revoked at: Wed Apr 24 01:44:48 UTC 2013 + Serial Number (hex): 0ffee3c5d8e8191ce90ed8f4d62aca + Revoked at: Wed Apr 24 03:41:22 UTC 2013 + Serial Number (hex): 00e24941ae7dc77f04eb0e66bbde53e8f0 + Revoked at: Wed Apr 24 08:48:26 UTC 2013 + Serial Number (hex): 00bfb9d8889e68bb68373a7a46e59304f4 + Revoked at: Wed Apr 24 09:35:39 UTC 2013 + Serial Number (hex): 54e277620dd7070655a5c0bc43fe0f9d + Revoked at: Wed Apr 24 13:50:05 UTC 2013 + Serial Number (hex): 2a78407c6da3d817a99922bfd19844fd + Revoked at: Wed Apr 24 13:50:17 UTC 2013 + Serial Number (hex): 74cead14a718538cecff550844dddedf + Revoked at: Wed Apr 24 13:59:52 UTC 2013 + Serial Number (hex): 608f056f399ccd9850111acc61ab3a45 + Revoked at: Wed Apr 24 14:13:57 UTC 2013 + Serial Number (hex): 00e9edd50e964f1d511dad68a910af875c + Revoked at: Wed Apr 24 14:22:13 UTC 2013 + Serial Number (hex): 0085565488a47917bc4e2018843f21f7eb + Revoked at: Wed Apr 24 14:22:19 UTC 2013 + Serial Number (hex): 5b2e76ef0d243e40cf2b6de78bf4d5dc + Revoked at: Wed Apr 24 14:36:00 UTC 2013 + Serial Number (hex): 00c40eb46c862706c3f1cd6b135a8ce6e8 + Revoked at: Wed Apr 24 14:46:01 UTC 2013 + Serial Number (hex): 00831132f7f01d678dae07fad44c64ddb0 + Revoked at: Wed Apr 24 17:07:26 UTC 2013 + Serial Number (hex): 423a115c77279fe10f6a82a047ca13d6 + Revoked at: Wed Apr 24 19:23:17 UTC 2013 + Serial Number (hex): 6d37940a740975c7eb80e2b25603b21b + Revoked at: Wed Apr 24 19:27:18 UTC 2013 + Serial Number (hex): 00b03cc23c5511288b9254743fa4c92909 + Revoked at: Wed Apr 24 19:34:34 UTC 2013 + Serial Number (hex): 00e0652946703cda99bd4685009ca04f6d + Revoked at: Wed Apr 24 19:37:43 UTC 2013 + Serial Number (hex): 00ae77b1884df0de5e064b5441b8fbbced + Revoked at: Wed Apr 24 20:33:48 UTC 2013 + Serial Number (hex): 6e8619ed6356c1309f48ee28c9b72372 + Revoked at: Thu Apr 25 01:04:30 UTC 2013 + Serial Number (hex): 0085953331d8facc2171078ec9d9dfb0e2 + Revoked at: Thu Apr 25 08:32:25 UTC 2013 + Serial Number (hex): 289b61eba4b40c7cd101deb0000ccba7 + Revoked at: Thu Apr 25 08:49:36 UTC 2013 + Serial Number (hex): 00a51f3efb9fd862c2f96c271c09d9225d + Revoked at: Thu Apr 25 13:06:56 UTC 2013 + Serial Number (hex): 45e2b83e228eb0e6f9a238c7a6bb0959 + Revoked at: Thu Apr 25 13:25:57 UTC 2013 + Serial Number (hex): 00e590a3fced2761fcd897b6683201f17c + Revoked at: Thu Apr 25 16:07:17 UTC 2013 + Serial Number (hex): 11044badef03b2b295e18f01e0e5efdc + Revoked at: Thu Apr 25 16:42:46 UTC 2013 + Serial Number (hex): 00dddc089bedfdbd8a8331430d2c47c7fa + Revoked at: Thu Apr 25 17:51:29 UTC 2013 + Serial Number (hex): 0085d9cc1340135963dfb2b0b4dc0de25e + Revoked at: Thu Apr 25 20:07:39 UTC 2013 + Serial Number (hex): 00fb9baccdc2b622f78c882caa39069a2b + Revoked at: Thu Apr 25 20:10:58 UTC 2013 + Serial Number (hex): 00ab00ebdea8ca7ab73be8c803890b48a0 + Revoked at: Thu Apr 25 20:38:27 UTC 2013 + Serial Number (hex): 12af81582ec27d42f7020ac8fe712e4b + Revoked at: Thu Apr 25 20:39:32 UTC 2013 + Serial Number (hex): 277091f7e68ae45a827faff50a885bb7 + Revoked at: Thu Apr 25 20:40:30 UTC 2013 + Serial Number (hex): 00a4d3de0bf4f69484f18d9fa2b8bb40c2 + Revoked at: Thu Apr 25 21:29:29 UTC 2013 + Serial Number (hex): 00ce95f2fb6de49b1d6dbbd5bed0e8a760 + Revoked at: Thu Apr 25 22:18:47 UTC 2013 + Serial Number (hex): 00fa84e414a9d0e68df36f4fef32545cdf + Revoked at: Thu Apr 25 22:31:03 UTC 2013 + Serial Number (hex): 6f32640fd160c374fe4b090d2d5b32f4 + Revoked at: Thu Apr 25 22:31:29 UTC 2013 + Serial Number (hex): 00b7540b6aeabd60c76dbb9b8bc7c018d0 + Revoked at: Thu Apr 25 22:31:29 UTC 2013 + Serial Number (hex): 7eeee1f0e74c7769836bc1f486d51d7a + Revoked at: Fri Apr 26 02:13:05 UTC 2013 + Serial Number (hex): 55666e86dda468171a4a1dc6511eaf11 + Revoked at: Fri Apr 26 13:38:37 UTC 2013 + Serial Number (hex): 009cb57ddd7d44dc0273d720fe5dd0a9d0 + Revoked at: Fri Apr 26 15:14:39 UTC 2013 + Serial Number (hex): 2e46a83696bc7662665ecbbde4adde17 + Revoked at: Fri Apr 26 18:22:51 UTC 2013 + Serial Number (hex): 00e9cdb89125de1289215a73568f973a87 + Revoked at: Fri Apr 26 20:21:56 UTC 2013 + Serial Number (hex): 3190409d7973cea208680838a402a61a + Revoked at: Sun Apr 28 15:50:37 UTC 2013 + Serial Number (hex): 00fd6352f9c6a59df039f5753f65653934 + Revoked at: Mon Apr 29 02:13:07 UTC 2013 + Serial Number (hex): 00f251d936c87c049a0f9e31788c2796bb + Revoked at: Mon Apr 29 11:17:56 UTC 2013 + Serial Number (hex): 082afc462f6db96aa5489d2c16e5e007 + Revoked at: Mon Apr 29 11:57:33 UTC 2013 + Serial Number (hex): 00b9c78fb15ee6abf5f2f9f99e573cad2e + Revoked at: Mon Apr 29 14:26:56 UTC 2013 + Serial Number (hex): 39c1b35d55101abe4cc9e1eb06261d62 + Revoked at: Mon Apr 29 14:37:41 UTC 2013 + Serial Number (hex): 00e201824508e39b2be8cb05e9d956bd89 + Revoked at: Mon Apr 29 17:48:39 UTC 2013 + Serial Number (hex): 00b33c616af2f812c2c294b6728132d92e + Revoked at: Mon Apr 29 18:23:18 UTC 2013 + Serial Number (hex): 768d61cd29b8e405f678a3e349778ed0 + Revoked at: Mon Apr 29 20:50:50 UTC 2013 + Serial Number (hex): 00b8a2ac15d5e994b265eaefc3fd3dac82 + Revoked at: Mon Apr 29 21:08:22 UTC 2013 + Serial Number (hex): 00fddb0dee6a0d9ec3d44bae972496f281 + Revoked at: Mon Apr 29 21:48:50 UTC 2013 + Serial Number (hex): 7a7b076671a339f0784ccb112831f63f + Revoked at: Mon Apr 29 21:49:26 UTC 2013 + Serial Number (hex): 008206ff2e66d84a339eeab96051868ba4 + Revoked at: Tue Apr 30 02:13:05 UTC 2013 + Serial Number (hex): 00a8a85f9cd22a12241b094630e9b00357 + Revoked at: Tue Apr 30 11:01:47 UTC 2013 + Serial Number (hex): 495d851067ab34fd90e06ed618488675 + Revoked at: Tue Apr 30 14:42:53 UTC 2013 + Serial Number (hex): 00ee76e8d9564a6e5e4aad3fd2058e5045 + Revoked at: Tue Apr 30 15:09:47 UTC 2013 + Serial Number (hex): 0080a90fac7c5d3775e2ab6f9841ee643e + Revoked at: Tue Apr 30 16:15:18 UTC 2013 + Serial Number (hex): 0095ff036a4394f903aef5677b426b1be5 + Revoked at: Tue Apr 30 19:20:59 UTC 2013 + Serial Number (hex): 28dcde317fd1cc1a22c879f860a6e071 + Revoked at: Tue Apr 30 20:30:04 UTC 2013 + Serial Number (hex): 009ddff7cfe37b69875ba5324439bfef43 + Revoked at: Tue Apr 30 20:30:21 UTC 2013 + Serial Number (hex): 51249699709def9ccf789a8bfa0f02e2 + Revoked at: Tue Apr 30 20:30:38 UTC 2013 + Serial Number (hex): 00c4acfa21706fa08de0a32113f4d3003f + Revoked at: Tue Apr 30 20:31:13 UTC 2013 + Serial Number (hex): 0be6b7550415c531199c0a764c1e60a2 + Revoked at: Tue Apr 30 23:25:17 UTC 2013 + Serial Number (hex): 00eafc803fa744eb2e5681b744a15ba566 + Revoked at: Wed May 01 13:35:53 UTC 2013 + Serial Number (hex): 00f4bc0e3ba6396a558a08f7376885dbc6 + Revoked at: Wed May 01 13:36:15 UTC 2013 + Serial Number (hex): 7982040e42ab333a6827c8810a8f8dcb + Revoked at: Wed May 01 14:37:22 UTC 2013 + Serial Number (hex): 00d9e2ae44a35d96db7a6b4d835cc632da + Revoked at: Wed May 01 14:58:32 UTC 2013 + Serial Number (hex): 00c3c170c59198b6d9e204cb53cf7921e4 + Revoked at: Wed May 01 15:17:14 UTC 2013 + Serial Number (hex): 00c1a2a165875f02086afaf18427568c3c + Revoked at: Wed May 01 18:47:26 UTC 2013 + Serial Number (hex): 00f4dea7b9403ddbbcaf0de65b66b40f3c + Revoked at: Wed May 01 18:47:54 UTC 2013 + Serial Number (hex): 7eefe8d6c06acb2d1ffa3d3ac8c64347 + Revoked at: Wed May 01 18:48:10 UTC 2013 + Serial Number (hex): 008341839f86183208c558dd1a5878771f + Revoked at: Wed May 01 19:01:43 UTC 2013 + Serial Number (hex): 34ffee6da81b47caeb09bc23d0bba6bb + Revoked at: Wed May 01 19:23:43 UTC 2013 + Serial Number (hex): 00b6ba3aef72dd486f48b821766c0ff9e4 + Revoked at: Wed May 01 20:58:00 UTC 2013 + Serial Number (hex): 1f043eb679b2850b8147a8b961a52721 + Revoked at: Wed May 01 20:58:10 UTC 2013 + Serial Number (hex): 5f4bedc23a48b0ed17767cea3a662b27 + Revoked at: Wed May 01 20:58:24 UTC 2013 + Serial Number (hex): 00dd109606b911ae2071a19ebf1466c451 + Revoked at: Wed May 01 20:58:24 UTC 2013 + Serial Number (hex): 00aba5aa3995f6c5f897b1c0a11e3c1060 + Revoked at: Thu May 02 07:19:50 UTC 2013 + Serial Number (hex): 37ea1f9a639caf8bb176d2a341e53f27 + Revoked at: Thu May 02 10:36:49 UTC 2013 + Serial Number (hex): 56c1770101d3842b4dbffde26da48ede + Revoked at: Thu May 02 11:52:31 UTC 2013 + Serial Number (hex): 2af01657bb1033ad66b11401493a4271 + Revoked at: Thu May 02 14:38:40 UTC 2013 + Serial Number (hex): 00da2d5df9911f47a3d59362cf753c12aa + Revoked at: Thu May 02 14:50:54 UTC 2013 + Serial Number (hex): 00f106b018ddf9705f3d48b1954c081345 + Revoked at: Thu May 02 17:38:42 UTC 2013 + Serial Number (hex): 00e02204e4b24e84740feea911ab1379cc + Revoked at: Thu May 02 20:04:32 UTC 2013 + Serial Number (hex): 00e12997d95bef28a8f25e9ef429dc0389 + Revoked at: Thu May 02 20:22:26 UTC 2013 + Serial Number (hex): 394f8c6186d1e7effb0a52549eab250c + Revoked at: Thu May 02 20:33:13 UTC 2013 + Serial Number (hex): 00e3935c192613fce4870d5e1a28b5194d + Revoked at: Thu May 02 20:33:37 UTC 2013 + Serial Number (hex): 00b19475d5b491476de2a5189ef7cc4da6 + Revoked at: Thu May 02 20:46:45 UTC 2013 + Serial Number (hex): 36d6a0587b4be67e10749b92602a1173 + Revoked at: Thu May 02 20:56:10 UTC 2013 + Serial Number (hex): 6910295ecddb865692b5ba82b07119f1 + Revoked at: Fri May 03 08:13:20 UTC 2013 + Serial Number (hex): 00b31f46f133eed981f3c6009ebd979fec + Revoked at: Fri May 03 10:54:54 UTC 2013 + Serial Number (hex): 22055b3cdf099a7826a91d75ec8d6f99 + Revoked at: Fri May 03 14:55:35 UTC 2013 + Serial Number (hex): 6ea3828314dfbe9aef7b6a6b28fe66f4 + Revoked at: Fri May 03 15:06:12 UTC 2013 + Serial Number (hex): 7613391b1a1a729d3a5571334c0a0ae9 + Revoked at: Fri May 03 15:06:32 UTC 2013 + Serial Number (hex): 494add7a7d4c2815a191c8c608f5c8a8 + Revoked at: Fri May 03 21:25:06 UTC 2013 + Serial Number (hex): 00cd78241ab5c921a5b189a3102395e92a + Revoked at: Sat May 04 02:13:04 UTC 2013 + Serial Number (hex): 00f8035ce0fcfcd9378d59373477ee3cc9 + Revoked at: Sun May 05 23:49:50 UTC 2013 + Serial Number (hex): 2ccf2ddd3e70b8b7af0621a0758a9e46 + Revoked at: Mon May 06 06:51:38 UTC 2013 + Serial Number (hex): 009d0a3d0591ae6c7333d9e0683ac684fe + Revoked at: Mon May 06 11:54:28 UTC 2013 + Serial Number (hex): 69cc141dd170c1e61479afe1a7012a52 + Revoked at: Mon May 06 11:55:07 UTC 2013 + Serial Number (hex): 00b65cdd9228a32af9aa8c121be66bd175 + Revoked at: Mon May 06 15:25:26 UTC 2013 + Serial Number (hex): 00e7df207d64a4c89480b9d3e11f8ece37 + Revoked at: Mon May 06 15:26:46 UTC 2013 + Serial Number (hex): 530c47ebd9834a6e032ae500ad417f95 + Revoked at: Mon May 06 15:28:08 UTC 2013 + Serial Number (hex): 00f08a593488e13b105f0300462379b929 + Revoked at: Mon May 06 15:57:00 UTC 2013 + Serial Number (hex): 4387ba5bb51133f1018ee990e551a3e3 + Revoked at: Mon May 06 18:09:26 UTC 2013 + Serial Number (hex): 00a8ed939c10d5a79590d605569eddc610 + Revoked at: Mon May 06 18:17:26 UTC 2013 + Serial Number (hex): 00ad0d314895cbf2e1dd4995e2e109a5c3 + Revoked at: Mon May 06 18:18:30 UTC 2013 + Serial Number (hex): 37233c82f02130a4da66ec22d9aa67a2 + Revoked at: Mon May 06 18:30:14 UTC 2013 + Serial Number (hex): 5c258492b882dfdf00d3112ecbe7ea79 + Revoked at: Mon May 06 19:31:15 UTC 2013 + Serial Number (hex): 00a346d7b9adf15c482b5e6cea232283dc + Revoked at: Tue May 07 10:16:03 UTC 2013 + Serial Number (hex): 00ace7165805531fa5d0c36868c4e4f01d + Revoked at: Tue May 07 10:44:18 UTC 2013 + Serial Number (hex): 008eabed64b1fa113780e0bba4171e659b + Revoked at: Tue May 07 11:50:17 UTC 2013 + Serial Number (hex): 51681a2ca0924907b1b649ab775b9c4a + Revoked at: Tue May 07 15:19:07 UTC 2013 + Serial Number (hex): 5e6b721596e072a1396b20066d0fc19d + Revoked at: Tue May 07 15:19:36 UTC 2013 + Serial Number (hex): 0084497ccdd0b206ce49c60df39e3d0d71 + Revoked at: Tue May 07 16:30:41 UTC 2013 + Serial Number (hex): 00d9222467be7d48f9832250336f3bae32 + Revoked at: Tue May 07 16:49:55 UTC 2013 + Serial Number (hex): 00c59d109f10a476cbfc6cd01d965e4f2c + Revoked at: Tue May 07 18:19:07 UTC 2013 + Serial Number (hex): 38e4d81c6bf9a7ee8dce1b740eddda94 + Revoked at: Tue May 07 18:43:37 UTC 2013 + Serial Number (hex): 008c99a20f932b2ebd6858335a0946f309 + Revoked at: Tue May 07 20:24:17 UTC 2013 + Serial Number (hex): 00ad934fa1045e84ecade420c5fd238a9e + Revoked at: Tue May 07 21:11:07 UTC 2013 + Serial Number (hex): 186f8ec02a3b3b3fba98c42fcd46f4c9 + Revoked at: Tue May 07 21:11:11 UTC 2013 + Serial Number (hex): 01c6332ae626b8fb985b0afbc64a6684 + Revoked at: Tue May 07 21:11:15 UTC 2013 + Serial Number (hex): 00c0afca16b66d16388916bb78355e9de8 + Revoked at: Tue May 07 21:11:49 UTC 2013 + Serial Number (hex): 147e061ba7e39c007de43935fd8e12fb + Revoked at: Tue May 07 21:12:31 UTC 2013 + Serial Number (hex): 00d67bcb26dc46b5306d9ce5bcb6e9ace6 + Revoked at: Tue May 07 21:13:07 UTC 2013 + Serial Number (hex): 1f0708189110cb0665c76585a05c5e24 + Revoked at: Tue May 07 21:13:07 UTC 2013 + Serial Number (hex): 45dcfbc6054e400fe907ce4f22f1313f + Revoked at: Tue May 07 21:14:55 UTC 2013 + Serial Number (hex): 00fb67faf5593aca84550b8e9adbac2fd3 + Revoked at: Tue May 07 21:16:26 UTC 2013 + Serial Number (hex): 00bb9732b798019d11b78f3a833fefe615 + Revoked at: Tue May 07 21:30:16 UTC 2013 + Serial Number (hex): 009b72c5131864c6e6c3eb0b9b836dd8f2 + Revoked at: Wed May 08 06:24:38 UTC 2013 + Serial Number (hex): 6ec10032c127415f9fd7ec2698de4396 + Revoked at: Wed May 08 07:49:44 UTC 2013 + Serial Number (hex): 00c54847c6e42529ea1616f4287e6a0dd0 + Revoked at: Wed May 08 07:49:58 UTC 2013 + Serial Number (hex): 00aec1b8ca0f0f394e9b7d4e5590b8ecd9 + Revoked at: Wed May 08 14:10:37 UTC 2013 + Serial Number (hex): 1071987f55424607c087e3ebc533c50b + Revoked at: Wed May 08 14:12:28 UTC 2013 + Serial Number (hex): 0faf9c64e72b3998f225e49a7f778e8e + Revoked at: Wed May 08 14:19:43 UTC 2013 + Serial Number (hex): 091ad4403347a69304bf0df2fd7d01e6 + Revoked at: Wed May 08 15:48:31 UTC 2013 + Serial Number (hex): 00aefb55d57b6ebeaf19fd9cd82f2e6fba + Revoked at: Wed May 08 16:46:39 UTC 2013 + Serial Number (hex): 3f943895751f7e8a7464ba57138ce814 + Revoked at: Wed May 08 18:10:53 UTC 2013 + Serial Number (hex): 009a2e087d2f22595a4aa7424195f8c4dd + Revoked at: Thu May 09 13:08:45 UTC 2013 + Serial Number (hex): 6533c7f9100ff02d733eb7cd5a181208 + Revoked at: Thu May 09 14:03:44 UTC 2013 + Serial Number (hex): 00b4e2053122ee8bb362657eb4c47fb577 + Revoked at: Thu May 09 14:53:19 UTC 2013 + Serial Number (hex): 00d95f1f78e68c7b798c65d9937d91d728 + Revoked at: Thu May 09 15:25:53 UTC 2013 + Serial Number (hex): 1dcfc55149328e77df34633795653876 + Revoked at: Thu May 09 18:10:31 UTC 2013 + Serial Number (hex): 00ddd8b8bc3870ac05457f8cff3376c822 + Revoked at: Thu May 09 20:27:13 UTC 2013 + Serial Number (hex): 317aa2d3c6818e8150e443ae6c6b51bd + Revoked at: Fri May 10 06:38:25 UTC 2013 + Serial Number (hex): 00a659f0f01dff6db37648ac6f1c623d36 + Revoked at: Fri May 10 12:12:40 UTC 2013 + Serial Number (hex): 00b47cda25c6d27924f6e04b8098d15412 + Revoked at: Fri May 10 14:03:27 UTC 2013 + Serial Number (hex): 00de9da36781de95bf87986f20442e40bf + Revoked at: Fri May 10 14:30:10 UTC 2013 + Serial Number (hex): 045f10a9ed0511ebc14094c783c7ca00 + Revoked at: Fri May 10 14:36:19 UTC 2013 + Serial Number (hex): 7cca449addd13c4e32cc7cff846a914b + Revoked at: Fri May 10 14:36:23 UTC 2013 + Serial Number (hex): 008f4f78ecf9ce27438db5228c80b71895 + Revoked at: Fri May 10 15:03:34 UTC 2013 + Serial Number (hex): 1f71cc7ff1d3a72ac005cc22fd2acb43 + Revoked at: Fri May 10 18:02:34 UTC 2013 + Serial Number (hex): 78a66b02ac567b69179827101f702544 + Revoked at: Fri May 10 18:03:07 UTC 2013 + Serial Number (hex): 00b10924f820a1d4476a87a10e7b9a00be + Revoked at: Fri May 10 18:03:48 UTC 2013 + Serial Number (hex): 00de31f0269aacb8bdcdd78482b3ff2180 + Revoked at: Sun May 12 19:30:45 UTC 2013 + Serial Number (hex): 00c0cb1210beb86ee04637154eaa446fb0 + Revoked at: Mon May 13 13:35:42 UTC 2013 + Serial Number (hex): 00af43043b68d47bbf4ff974e20cd973eb + Revoked at: Mon May 13 13:38:11 UTC 2013 + Serial Number (hex): 00da1349f02474e0544b62453abfc26c81 + Revoked at: Mon May 13 13:39:38 UTC 2013 + Serial Number (hex): 3d6be2dc797af06778720c0046f91d30 + Revoked at: Mon May 13 14:00:46 UTC 2013 + Serial Number (hex): 5dbce148e87484cf471b9943940ddcf0 + Revoked at: Mon May 13 14:03:09 UTC 2013 + Serial Number (hex): 00b61162e2033c631733945e238d224ef6 + Revoked at: Mon May 13 14:12:34 UTC 2013 + Serial Number (hex): 00b05d29ef69483d05e64c0ad548495a61 + Revoked at: Mon May 13 14:52:52 UTC 2013 + Serial Number (hex): 0083e6575576e620fa022d0caa818aa558 + Revoked at: Mon May 13 14:59:59 UTC 2013 + Serial Number (hex): 351c3b41487b0cf6ec3210eeeaeb24f5 + Revoked at: Mon May 13 15:04:23 UTC 2013 + Serial Number (hex): 00fad367654711e8f3fb43d424703c1fbd + Revoked at: Mon May 13 15:15:23 UTC 2013 + Serial Number (hex): 1e14397c75469e20a445b8276d4398ec + Revoked at: Mon May 13 17:27:08 UTC 2013 + Serial Number (hex): 00bf050cd6399cdffc5d2ea1f0b1f1f262 + Revoked at: Mon May 13 18:28:38 UTC 2013 + Serial Number (hex): 00bcf5d1f6d07eea2f229918ee0641bf3a + Revoked at: Mon May 13 19:21:48 UTC 2013 + Serial Number (hex): 00febc37c163dbdcc53a9e7ca542ce2610 + Revoked at: Mon May 13 20:48:02 UTC 2013 + Serial Number (hex): 00c37e8609ca9b1ba3a305f0df74a2768e + Revoked at: Mon May 13 20:48:10 UTC 2013 + Serial Number (hex): 00f35e38ac520ea4953803fa2198ad737d + Revoked at: Mon May 13 21:08:33 UTC 2013 + Serial Number (hex): 00e5737e1adb1031ce53cdacc2ccb8d869 + Revoked at: Tue May 14 00:26:38 UTC 2013 + Serial Number (hex): 5eb5cb8420a4dade13c5198ac25fff75 + Revoked at: Tue May 14 02:13:03 UTC 2013 + Serial Number (hex): 00bbfdcba5f8945d1cdb973bb96cc1ead1 + Revoked at: Tue May 14 09:04:25 UTC 2013 + Serial Number (hex): 00fb63e3db3bf9ae690d866e2f4d1d5ba2 + Revoked at: Tue May 14 13:47:06 UTC 2013 + Serial Number (hex): 6ead34da573aa968a0a25ff8ec94c825 + Revoked at: Tue May 14 13:58:56 UTC 2013 + Serial Number (hex): 00d17987ff84f266f5403cb408df17a3ec + Revoked at: Tue May 14 14:13:15 UTC 2013 + Serial Number (hex): 1d02f6d24cc137891cd2facea3c02ef3 + Revoked at: Tue May 14 14:27:14 UTC 2013 + Serial Number (hex): 0b78e29760ea438a389b4dab10d7a743 + Revoked at: Tue May 14 18:15:33 UTC 2013 + Serial Number (hex): 00bbb5307c113bf0222b4e74b13071bf25 + Revoked at: Tue May 14 20:01:56 UTC 2013 + Serial Number (hex): 0a77441639a663f50425f35926a76901 + Revoked at: Tue May 14 20:02:08 UTC 2013 + Serial Number (hex): 7ef7e717adb52d47dc20efc7c0a6f0e2 + Revoked at: Tue May 14 21:04:03 UTC 2013 + Serial Number (hex): 00b2b50382728bb15a06651db861d86470 + Revoked at: Tue May 14 21:08:13 UTC 2013 + Serial Number (hex): 008cdf0042182c66d3a176f1f29ba1e934 + Revoked at: Wed May 15 02:58:23 UTC 2013 + Serial Number (hex): 5905d0e6a4b53a437018a8b1058008b0 + Revoked at: Wed May 15 13:03:35 UTC 2013 + Serial Number (hex): 1a21b631493a477d241caacc430c4e91 + Revoked at: Wed May 15 13:04:44 UTC 2013 + Serial Number (hex): 56c8a6a075d782136d32ef8bec7e8f43 + Revoked at: Wed May 15 13:43:20 UTC 2013 + Serial Number (hex): 4acf69269472b0abf173079d9b9c8310 + Revoked at: Wed May 15 14:16:23 UTC 2013 + Serial Number (hex): 0094db70604a4e601c8a07f916536da83f + Revoked at: Wed May 15 15:12:22 UTC 2013 + Serial Number (hex): 73d55897f27e2611438d8127f6332366 + Revoked at: Wed May 15 16:28:13 UTC 2013 + Serial Number (hex): 00861d8da2c41e1494187bf366b02f3b39 + Revoked at: Wed May 15 16:28:25 UTC 2013 + Serial Number (hex): 384d73931eb627a0bf8b43566e44b94c + Revoked at: Wed May 15 16:28:45 UTC 2013 + Serial Number (hex): 77762bba6c141e39d49aeeb7e62d8fee + Revoked at: Wed May 15 18:16:19 UTC 2013 + Serial Number (hex): 11ad59b441f82f52580468b24fcb050e + Revoked at: Wed May 15 19:30:05 UTC 2013 + Serial Number (hex): 00fee93e72a523bd6ee575cede3cf351de + Revoked at: Wed May 15 19:30:51 UTC 2013 + Serial Number (hex): 00e378a877a7601414e73dc79338d62c85 + Revoked at: Wed May 15 19:31:11 UTC 2013 + Serial Number (hex): 1f4283db4c9537946201e4fbef1813e7 + Revoked at: Thu May 16 10:47:55 UTC 2013 + Serial Number (hex): 00ab8acb93c2311de1610562aea5901ea7 + Revoked at: Thu May 16 11:37:43 UTC 2013 + Serial Number (hex): 6570eef2b12bde3ee754d0a6dd92b3a1 + Revoked at: Thu May 16 13:11:13 UTC 2013 + Serial Number (hex): 6dcd3f5a43cd7e884c352a11bf2a315f + Revoked at: Thu May 16 13:43:23 UTC 2013 + Serial Number (hex): 3ff75af924a0922dc819a4ee914ce35e + Revoked at: Thu May 16 14:08:55 UTC 2013 + Serial Number (hex): 649c21d543ea2f4823c0ab6e06d5b4c2 + Revoked at: Thu May 16 14:55:56 UTC 2013 + Serial Number (hex): 00a2a39db1a1f1d250f2d973e9472127c7 + Revoked at: Thu May 16 15:05:50 UTC 2013 + Serial Number (hex): 009b53eef617d897184b38d6457d6df155 + Revoked at: Thu May 16 15:06:01 UTC 2013 + Serial Number (hex): 00960fbb54a2f5a1beeb8a901545810c1c + Revoked at: Thu May 16 15:06:38 UTC 2013 + Serial Number (hex): 00e97d138d784de664b519aeb6a2ada0f2 + Revoked at: Thu May 16 15:06:47 UTC 2013 + Serial Number (hex): 00ecb2dc9f6b53a2b9701c3b0bb3e5ae77 + Revoked at: Thu May 16 15:35:10 UTC 2013 + Serial Number (hex): 4a923eeff9906256b00817f2d8551e28 + Revoked at: Thu May 16 18:41:50 UTC 2013 + Serial Number (hex): 081dc6e527c3c7c08ac6bec9402ce8ad + Revoked at: Thu May 16 20:32:43 UTC 2013 + Serial Number (hex): 00e138f910a245670cbabb8a12ea7c6736 + Revoked at: Thu May 16 20:36:45 UTC 2013 + Serial Number (hex): 00ce3af2648a863f2c787d6354eb3db6db + Revoked at: Thu May 16 21:29:14 UTC 2013 + Serial Number (hex): 00b385c0e3bc9b12bccd2d35788534eecc + Revoked at: Thu May 16 21:42:17 UTC 2013 + Serial Number (hex): 009acb0d4afc2ab1dd5db67c88fe7e8a07 + Revoked at: Thu May 16 21:42:46 UTC 2013 + Serial Number (hex): 0d5bc95bdeabe6188de7206b88da9490 + Revoked at: Thu May 16 21:43:16 UTC 2013 + Serial Number (hex): 00c1408d7c1026d27c843e676baaa789e9 + Revoked at: Fri May 17 10:39:10 UTC 2013 + Serial Number (hex): 3591774dcc9e7a129c1fd28ed3a4ce0f + Revoked at: Fri May 17 17:49:23 UTC 2013 + Serial Number (hex): 61012ad4a990e7c16c75f129c0e9f7fb + Revoked at: Fri May 17 20:50:59 UTC 2013 + Serial Number (hex): 695fd7847500c96212f552f473ee5d30 + Revoked at: Mon May 20 12:34:32 UTC 2013 + Serial Number (hex): 056c64b4062e56cea3751ea70f9f0391 + Revoked at: Mon May 20 14:03:42 UTC 2013 + Serial Number (hex): 00d7f44299ae4fbbac39a7369a857dd35a + Revoked at: Mon May 20 17:09:15 UTC 2013 + Serial Number (hex): 00e3eccbb1c32b52959d66ddba9ac389de + Revoked at: Mon May 20 18:09:52 UTC 2013 + Serial Number (hex): 58e4bfee230889e15e7a276acaaef05c + Revoked at: Mon May 20 18:13:15 UTC 2013 + Serial Number (hex): 51ea11cabdd7ffed1b995e866da61e + Revoked at: Mon May 20 19:11:29 UTC 2013 + Serial Number (hex): 00dd3c25213541bc7f917a32c676ee3919 + Revoked at: Mon May 20 22:22:35 UTC 2013 + Serial Number (hex): 3fff638755d76b8c549972feb08c6418 + Revoked at: Mon May 20 22:22:52 UTC 2013 + Serial Number (hex): 00921063056264f039235cdd68f113b307 + Revoked at: Mon May 20 22:23:10 UTC 2013 + Serial Number (hex): 7a7d251b6db18cbf762f75ea16eee329 + Revoked at: Mon May 20 22:46:26 UTC 2013 + Serial Number (hex): 4d381f759ed46eec767b2a294c896440 + Revoked at: Tue May 21 04:47:29 UTC 2013 + Serial Number (hex): 0080c3c88802bf433d7b7562f781502e8a + Revoked at: Tue May 21 07:32:13 UTC 2013 + Serial Number (hex): 0098abfdf176b755a6060c137b3be2b09e + Revoked at: Tue May 21 09:00:08 UTC 2013 + Serial Number (hex): 3c39747296e0540df1c4b19d44bb784f + Revoked at: Tue May 21 09:53:01 UTC 2013 + Serial Number (hex): 44c5ea69f610b108d81844fb21001d + Revoked at: Tue May 21 09:53:08 UTC 2013 + Serial Number (hex): 78aec35b2a69499527e13b37c83474c3 + Revoked at: Tue May 21 12:43:18 UTC 2013 + Serial Number (hex): 0084430b6353f57c371a9d1e4a4a463d3d + Revoked at: Tue May 21 12:43:24 UTC 2013 + Serial Number (hex): 00a69f7704b2d9d8de8f0599ded0184d + Revoked at: Tue May 21 14:37:05 UTC 2013 + Serial Number (hex): 62657a536dab0a25709bc8340ae03018 + Revoked at: Tue May 21 14:45:25 UTC 2013 + Serial Number (hex): 1dea8d868372e52f5a166b8063fe9b49 + Revoked at: Tue May 21 15:06:54 UTC 2013 + Serial Number (hex): 00b0fe44b7acfcefb122dc141e1e7d7870 + Revoked at: Tue May 21 16:56:06 UTC 2013 + Serial Number (hex): 00fb51c7fc4efb5471b840674f7fb81d08 + Revoked at: Wed May 22 09:12:54 UTC 2013 + Serial Number (hex): 00a964c6acf36d5bdf15730ed5195537e7 + Revoked at: Wed May 22 10:09:40 UTC 2013 + Serial Number (hex): 7101dc9e77faec4132319ea3da22f7e0 + Revoked at: Wed May 22 13:49:18 UTC 2013 + Serial Number (hex): 782656bedd2e436765194f0cb401c5c3 + Revoked at: Wed May 22 15:45:46 UTC 2013 + Serial Number (hex): 398965690d048cb9486e3615834c6f72 + Revoked at: Wed May 22 19:43:54 UTC 2013 + Serial Number (hex): 570f76b4f377378def1675b14e5b345d + Revoked at: Wed May 22 19:44:20 UTC 2013 + Serial Number (hex): 60cdcfe6a9dfa06f32bb3b9a0d2eee2f + Revoked at: Wed May 22 19:44:50 UTC 2013 + Serial Number (hex): 00e4c38407243bbada1cfaffb3c736b3ac + Revoked at: Wed May 22 20:11:35 UTC 2013 + Serial Number (hex): 00d20070a66d3d7a34e4872635f0090e7d + Revoked at: Thu May 23 14:40:01 UTC 2013 + Serial Number (hex): 008715220365e3a1b521d84a2c587d6d27 + Revoked at: Thu May 23 14:40:18 UTC 2013 + Serial Number (hex): 00f97e0ce1fa1cd3d396a0412457b7f237 + Revoked at: Thu May 23 18:31:02 UTC 2013 + Serial Number (hex): 6957f446a7e95590e1a31d117c8bec11 + Revoked at: Thu May 23 18:42:01 UTC 2013 + Serial Number (hex): 72448e330684a5d155dea8e97ae073e3 + Revoked at: Thu May 23 19:09:05 UTC 2013 + Serial Number (hex): 009aac4a15f6930b99b1ce94bfcc5e793b + Revoked at: Fri May 24 11:56:28 UTC 2013 + Serial Number (hex): 00a9f79bb4d2429e9cde91420176ac4b60 + Revoked at: Fri May 24 13:45:55 UTC 2013 + Serial Number (hex): 5892f4de107e022c554215a030a93cd9 + Revoked at: Fri May 24 13:51:43 UTC 2013 + Serial Number (hex): 0085b3b6384f3d255dff525356606de9bd + Revoked at: Fri May 24 15:42:33 UTC 2013 + Serial Number (hex): 44b5b0486c17b8d97a8ae60e82b6dad4 + Revoked at: Fri May 24 17:49:36 UTC 2013 + Serial Number (hex): 008b8c23db0d04a077e270c7e64e0e7b69 + Revoked at: Fri May 24 23:34:51 UTC 2013 + Serial Number (hex): 00cd00c4c4ac37f31fef99b58afa323219 + Revoked at: Sat May 25 21:28:10 UTC 2013 + Serial Number (hex): 09f8749a63e0c11bb8e37504446e231b + Revoked at: Sat May 25 21:47:53 UTC 2013 + Serial Number (hex): 0097c9f73b502bbdc0f326d7b03962e6e9 + Revoked at: Sun May 26 02:13:08 UTC 2013 + Serial Number (hex): 00ac01f6dd82dc635d7031eb5f4b97d3dc + Revoked at: Mon May 27 08:27:33 UTC 2013 + Serial Number (hex): 04c8325c00f7ab0042ca59b3c8cf21a1 + Revoked at: Mon May 27 08:28:32 UTC 2013 + Serial Number (hex): 00b9956d973e691f7f15f7eec966ceedc4 + Revoked at: Mon May 27 09:02:32 UTC 2013 + Serial Number (hex): 00f3aeebabdaeb3af13db69f6e1cd5507c + Revoked at: Mon May 27 12:00:44 UTC 2013 + Serial Number (hex): 45be1af3c1af2bfdc604acc258334708 + Revoked at: Mon May 27 13:30:54 UTC 2013 + Serial Number (hex): 10a7f0d71b4031bde8f63a28b776b6a9 + Revoked at: Mon May 27 15:17:55 UTC 2013 + Serial Number (hex): 00ed65bb1e5d68d7dc1f483a784db93f34 + Revoked at: Mon May 27 15:18:38 UTC 2013 + Serial Number (hex): 6adcabf8bfe7221afed9c9611779fb08 + Revoked at: Tue May 28 08:02:54 UTC 2013 + Serial Number (hex): 30a35f897f867ac5ab6169640586218f + Revoked at: Tue May 28 13:46:50 UTC 2013 + Serial Number (hex): 00a08a80fe70ae3e6787c5cb8413d23552 + Revoked at: Tue May 28 14:17:47 UTC 2013 + Serial Number (hex): 00ac5c995c85a3ee6e41d1103ca949feaf + Revoked at: Tue May 28 15:14:02 UTC 2013 + Serial Number (hex): 3e2e8fde4407b8289e1f2963ef0d3fc0 + Revoked at: Tue May 28 16:05:41 UTC 2013 + Serial Number (hex): 00b2730524c10010da92ff5e3ada56b112 + Revoked at: Tue May 28 19:04:44 UTC 2013 + Serial Number (hex): 008d24833e7f4245b6aa8bc2fe17094e93 + Revoked at: Tue May 28 19:04:47 UTC 2013 + Serial Number (hex): 34c8cedbe2c264484109459a9079fc1c + Revoked at: Tue May 28 21:32:28 UTC 2013 + Serial Number (hex): 59e0ec919fe556718ed70c8106ad91b5 + Revoked at: Tue May 28 21:41:11 UTC 2013 + Serial Number (hex): 00b3d0008a209485ba33d28c9a92d59c16 + Revoked at: Tue May 28 22:02:23 UTC 2013 + Serial Number (hex): 4eb87718b37a8c058a962c2d9a6b73b7 + Revoked at: Tue May 28 22:45:00 UTC 2013 + Serial Number (hex): 4f47d26e321e35971714573c62fbd797 + Revoked at: Wed May 29 06:43:52 UTC 2013 + Serial Number (hex): 00c906d218c00b0227fc44717a1309b6e7 + Revoked at: Wed May 29 11:29:14 UTC 2013 + Serial Number (hex): 09a3cd3cc75608ebf88acf9be6658283 + Revoked at: Wed May 29 13:09:37 UTC 2013 + Serial Number (hex): 00c4415b10f7890e7a653418eec3cbb6b6 + Revoked at: Wed May 29 15:29:08 UTC 2013 + Serial Number (hex): 0feb7fbf56a84de3eff53fee91847366 + Revoked at: Wed May 29 18:37:41 UTC 2013 + Serial Number (hex): 1f162adc53b8e8cd9ef8eb1f9264c804 + Revoked at: Wed May 29 18:43:43 UTC 2013 + Serial Number (hex): 0094499e20c4cf9e7a1e1028102986afe6 + Revoked at: Wed May 29 21:17:16 UTC 2013 + Serial Number (hex): 556d0700a5e631946ebc611b9a05e197 + Revoked at: Wed May 29 21:20:45 UTC 2013 + Serial Number (hex): 442cb026d216ea451fbfa0184cd7ae1f + Revoked at: Wed May 29 23:57:18 UTC 2013 + Serial Number (hex): 00af190e3a54a4eb2dfcd8b35ebc989f58 + Revoked at: Thu May 30 07:40:10 UTC 2013 + Serial Number (hex): 26d7ca2eee2c7a91ffe49263925c269b + Revoked at: Thu May 30 07:41:23 UTC 2013 + Serial Number (hex): 00a8a60bab5cf103947ad8c3bd61a5731a + Revoked at: Thu May 30 11:43:10 UTC 2013 + Serial Number (hex): 4c47b116dc46e3424c7705577bed7de8 + Revoked at: Thu May 30 13:40:06 UTC 2013 + Serial Number (hex): 00819ed3bab359da7adfbf426846d4f013 + Revoked at: Thu May 30 13:40:15 UTC 2013 + Serial Number (hex): 00f1ca3454d4295ba357d3364da53bbad1 + Revoked at: Thu May 30 13:40:23 UTC 2013 + Serial Number (hex): 69ef458596dbf4276792c8192f3f0b38 + Revoked at: Thu May 30 15:21:24 UTC 2013 + Serial Number (hex): 3239506b03608352877d88ec879c7ec2 + Revoked at: Thu May 30 17:25:33 UTC 2013 + Serial Number (hex): 3ccd27e8f34f3b27b8687cef0cd927e0 + Revoked at: Thu May 30 18:29:57 UTC 2013 + Serial Number (hex): 00bc985e5fac3bfe9fd6ea000aed51bc70 + Revoked at: Thu May 30 19:09:13 UTC 2013 + Serial Number (hex): 00ed2d2164e2e77c820ed27fbca3b65831 + Revoked at: Thu May 30 19:09:15 UTC 2013 + Serial Number (hex): 00d94e04f5ec11f766830cd3acb6a5c3b1 + Revoked at: Thu May 30 20:33:12 UTC 2013 + Serial Number (hex): 00b92935d3dcddaa154a63101f02402cfe + Revoked at: Thu May 30 21:18:38 UTC 2013 + Serial Number (hex): 00e88fbf3d99b170d4a67966af0e4b5655 + Revoked at: Thu May 30 22:42:26 UTC 2013 + Serial Number (hex): 00d01daa456fca6709f5a82989e98885ec + Revoked at: Thu May 30 22:43:08 UTC 2013 + Serial Number (hex): 3c77745255506c8e11ec03d25e399035 + Revoked at: Fri May 31 02:13:04 UTC 2013 + Serial Number (hex): 3f080fee91b99a0adb2148b7c79871 + Revoked at: Fri May 31 02:13:05 UTC 2013 + Serial Number (hex): 0efed32398640208c24979a35b0e8d17 + Revoked at: Fri May 31 08:39:50 UTC 2013 + Serial Number (hex): 0e0d8323aa0dcf14811ec65cb31e0cc4 + Revoked at: Fri May 31 09:06:07 UTC 2013 + Serial Number (hex): 0098185d576bde91d5f78b56a16ec5df3d + Revoked at: Fri May 31 09:06:46 UTC 2013 + Serial Number (hex): 00caf3db8e4e179850e3fcae4249055513 + Revoked at: Fri May 31 09:15:56 UTC 2013 + Serial Number (hex): 79cba2fcde707393a95874f1d3b59929 + Revoked at: Fri May 31 09:23:11 UTC 2013 + Serial Number (hex): 00f2fd77fcc65751945d35aa7459f51a38 + Revoked at: Fri May 31 09:23:39 UTC 2013 + Serial Number (hex): 20a1b1ec45678781f0b13106c18c6abb + Revoked at: Fri May 31 13:08:12 UTC 2013 + Serial Number (hex): 00879806d564dbcb33c3b503a34b0556c7 + Revoked at: Fri May 31 13:14:37 UTC 2013 + Serial Number (hex): 00f687e9e64d10708115bed31add76ec18 + Revoked at: Fri May 31 15:25:09 UTC 2013 + Serial Number (hex): 00fd1099e91b1971c8df22b7b266f906e1 + Revoked at: Fri May 31 15:28:23 UTC 2013 + Serial Number (hex): 45e18770c0d65f444fcc9bf0644da8a4 + Revoked at: Fri May 31 15:30:44 UTC 2013 + Serial Number (hex): 72037d661e8a49e7cfc1499ddd7e61fe + Revoked at: Fri May 31 16:05:34 UTC 2013 + Serial Number (hex): 0091a0ce786e757276afce73d721f9f747 + Revoked at: Fri May 31 16:22:25 UTC 2013 + Serial Number (hex): 00c7ed7c383aa26d54090d0b0af0015535 + Revoked at: Fri May 31 18:05:51 UTC 2013 + Serial Number (hex): 0098d8674e3deecf208dd3f85b31926f98 + Revoked at: Fri May 31 18:43:35 UTC 2013 + Serial Number (hex): 00965e67e8853423366ba3ac457e943d24 + Revoked at: Fri May 31 21:02:33 UTC 2013 + Serial Number (hex): 4a881be38435a55288d1d3b1bc090a85 + Revoked at: Sat Jun 01 02:13:05 UTC 2013 + Serial Number (hex): 00cf5c7197418ed40abad9a1a509ae1735 + Revoked at: Sat Jun 01 14:36:08 UTC 2013 + Serial Number (hex): 4c5e52767dc896cdae54a73f989f9689 + Revoked at: Mon Jun 03 02:13:07 UTC 2013 + Serial Number (hex): 7af9a13e9b256cef5961fdb45aa63e29 + Revoked at: Mon Jun 03 02:13:07 UTC 2013 + Serial Number (hex): 00ea28e12258aa475b37d6cfe30641d999 + Revoked at: Mon Jun 03 09:15:13 UTC 2013 + Serial Number (hex): 00876a086522e895b25d5fffd7f040f493 + Revoked at: Mon Jun 03 10:53:14 UTC 2013 + Serial Number (hex): 1530781cc11521e2ffe5f66ce4e6c78b + Revoked at: Mon Jun 03 11:34:35 UTC 2013 + Serial Number (hex): 00b2f14e06f1c596b27e744f29ab7492d7 + Revoked at: Mon Jun 03 15:21:02 UTC 2013 + Serial Number (hex): 5e7de698158bf79c67f2f49368b4e399 + Revoked at: Mon Jun 03 15:46:37 UTC 2013 + Serial Number (hex): 00d344de7bced9c3a634317922a3509fb7 + Revoked at: Mon Jun 03 16:20:17 UTC 2013 + Serial Number (hex): 00deda0c9f1f2194917ae22918c6c3d7ae + Revoked at: Mon Jun 03 16:23:30 UTC 2013 + Serial Number (hex): 5dc884e2ade06c69d8163b55c9c00b06 + Revoked at: Mon Jun 03 17:52:22 UTC 2013 + Serial Number (hex): 6beafc114de37cea336bd4401443370c + Revoked at: Mon Jun 03 19:18:11 UTC 2013 + Serial Number (hex): 651dcc415247ce83de036cfedb700ee8 + Revoked at: Mon Jun 03 20:05:35 UTC 2013 + Serial Number (hex): 00bca27471de99155771728cd9d07cf242 + Revoked at: Mon Jun 03 20:33:02 UTC 2013 + Serial Number (hex): 7fc613684b07bb44c68900d6998f3812 + Revoked at: Mon Jun 03 20:43:06 UTC 2013 + Serial Number (hex): 72233a9026150e1c812a235c57727138 + Revoked at: Mon Jun 03 20:44:15 UTC 2013 + Serial Number (hex): 5fb9d6c877d1914b822076d492dded7c + Revoked at: Mon Jun 03 20:46:05 UTC 2013 + Serial Number (hex): 086cf30394f682c931e8299f8c7e5797 + Revoked at: Mon Jun 03 20:49:53 UTC 2013 + Serial Number (hex): 2e384bb125920b46bb850e425328c524 + Revoked at: Mon Jun 03 20:56:06 UTC 2013 + Serial Number (hex): 5c2b273b395aba1d5c85e0e7425d8967 + Revoked at: Mon Jun 03 21:08:41 UTC 2013 + Serial Number (hex): 13cf5bc2ce08e4e144e7d3c669eba8 + Revoked at: Mon Jun 03 21:08:44 UTC 2013 + Serial Number (hex): 12466736c3dd9032e74ab9f93bf2f803 + Revoked at: Mon Jun 03 22:33:13 UTC 2013 + Serial Number (hex): 00c7359d394c711a7f9f8110bd4a74092f + Revoked at: Mon Jun 03 22:35:28 UTC 2013 + Serial Number (hex): 6f0b58bf6e47f95a3eaf65dd213dde3d + Revoked at: Mon Jun 03 22:53:17 UTC 2013 + Serial Number (hex): 01a2c9f2ed6f3086c3dd1499c6b375de + Revoked at: Mon Jun 03 22:55:16 UTC 2013 + Serial Number (hex): 5d481d5601d5c8630984cc6e30b973b4 + Revoked at: Tue Jun 04 11:21:09 UTC 2013 + Serial Number (hex): 00be068c207d67a0ab8eabf28e94a16b32 + Revoked at: Tue Jun 04 12:01:23 UTC 2013 + Serial Number (hex): 00c5c8d0908d34538b58fa01300c42028a + Revoked at: Tue Jun 04 12:50:02 UTC 2013 + Serial Number (hex): 00917a7aaba8c4807499dd4541aa64b48a + Revoked at: Tue Jun 04 13:04:58 UTC 2013 + Serial Number (hex): 00fe1fb61129573c0465975f0ffbeca2f3 + Revoked at: Tue Jun 04 13:05:27 UTC 2013 + Serial Number (hex): 00932e6addb34d5c66df671c89a8c4db38 + Revoked at: Tue Jun 04 13:35:14 UTC 2013 + Serial Number (hex): 009a5dea36e848df4c6a1ee0b75a63510e + Revoked at: Tue Jun 04 13:44:33 UTC 2013 + Serial Number (hex): 00b0854294c55350c323ae21a5ae859e6c + Revoked at: Tue Jun 04 13:47:56 UTC 2013 + Serial Number (hex): 331b9c9dbf49a131db1dc7346107f318 + Revoked at: Tue Jun 04 14:02:58 UTC 2013 + Serial Number (hex): 00f3f6c8e51c9a728fbb2e9735331951a4 + Revoked at: Tue Jun 04 14:09:00 UTC 2013 + Serial Number (hex): 00a0ccef2883fd50d374a5c639ebca5c7d + Revoked at: Tue Jun 04 14:10:03 UTC 2013 + Serial Number (hex): 00a7935bc62526d682a705c86227fc9d43 + Revoked at: Tue Jun 04 14:43:30 UTC 2013 + Serial Number (hex): 00d163f2d6c0803dac7a3abaaba6b6e99d + Revoked at: Tue Jun 04 15:22:32 UTC 2013 + Serial Number (hex): 1bc2e9dab3caaaa273b44ad0dacf43ee + Revoked at: Tue Jun 04 16:07:36 UTC 2013 + Serial Number (hex): 71ba3719663dc4f681f8531bfa3b34bb + Revoked at: Tue Jun 04 18:34:24 UTC 2013 + Serial Number (hex): 008962dc8d9a3deefa878d3b68c41858a9 + Revoked at: Wed Jun 05 10:58:54 UTC 2013 + Serial Number (hex): 7a748578ead047ddfdb70a0383f9d43b + Revoked at: Wed Jun 05 11:38:16 UTC 2013 + Serial Number (hex): 00d93ac36c3283b88e210f5b7c6d099f7d + Revoked at: Wed Jun 05 12:43:36 UTC 2013 + Serial Number (hex): 0087fa1931f106f4af6e0fe8cd309222 + Revoked at: Wed Jun 05 13:38:00 UTC 2013 + Serial Number (hex): 5d629b366824469178f804d313a709dd + Revoked at: Wed Jun 05 14:39:06 UTC 2013 + Serial Number (hex): 009c3e8b6b7755de513cc85cabe43d6c59 + Revoked at: Wed Jun 05 14:53:34 UTC 2013 + Serial Number (hex): 00adb754d13f1fde935ea28f0679903f7e + Revoked at: Wed Jun 05 15:01:01 UTC 2013 + Serial Number (hex): 4afacde368b514d81c3a090c4a45f999 + Revoked at: Wed Jun 05 15:01:20 UTC 2013 + Serial Number (hex): 00e3b54f5e86f7815f7e70384f450e827c + Revoked at: Wed Jun 05 16:06:49 UTC 2013 + Serial Number (hex): 6fe618398a98e5216c8153a86e538474 + Revoked at: Wed Jun 05 16:07:45 UTC 2013 + Serial Number (hex): 0093e5a2f9b1e07149cae69db975d2b78a + Revoked at: Wed Jun 05 16:23:36 UTC 2013 + Serial Number (hex): 447ffa208f128e016dfc46039b397eb7 + Revoked at: Wed Jun 05 17:31:15 UTC 2013 + Serial Number (hex): 00c0c60c5c0933c571d2c4c3e43466ec09 + Revoked at: Wed Jun 05 20:31:28 UTC 2013 + Serial Number (hex): 008375cf4b9185fee174259c18f3e31c57 + Revoked at: Wed Jun 05 21:18:48 UTC 2013 + Serial Number (hex): 00ef69bc5470b9fa4f5bc29ac04bebf6f6 + Revoked at: Thu Jun 06 10:57:40 UTC 2013 + Serial Number (hex): 00c085dca7c6c284be92d7b6e0bb1fe899 + Revoked at: Thu Jun 06 11:15:52 UTC 2013 + Serial Number (hex): 00e8a64ea587bbe9f777545881cfb7ddf4 + Revoked at: Thu Jun 06 12:02:34 UTC 2013 + Serial Number (hex): 4cedd7b9dc3a9a718831bb10403f032f + Revoked at: Thu Jun 06 12:33:50 UTC 2013 + Serial Number (hex): 00e3051104f1c595f0dd693afa16f43aad + Revoked at: Thu Jun 06 13:02:23 UTC 2013 + Serial Number (hex): 5f981f4cdfc97ecf85681323f957267e + Revoked at: Thu Jun 06 13:24:29 UTC 2013 + Serial Number (hex): 00ce349398c3808ba41dbfa53f2fe3569b + Revoked at: Thu Jun 06 15:24:49 UTC 2013 + Serial Number (hex): 243c74fa4239bf7930c1ae534021523f + Revoked at: Thu Jun 06 15:32:43 UTC 2013 + Serial Number (hex): 60cb2375894e4ac39c2712da46eaa3d7 + Revoked at: Thu Jun 06 17:02:09 UTC 2013 + Serial Number (hex): 6842cb235dcbe389dfece7a0c8e3cbe2 + Revoked at: Thu Jun 06 17:38:53 UTC 2013 + Serial Number (hex): 5adf9ad944ebdef83af6d579fd2f7a9a + Revoked at: Thu Jun 06 19:52:31 UTC 2013 + Serial Number (hex): 00d39be02b26e32737579d26688007d543 + Revoked at: Thu Jun 06 20:36:03 UTC 2013 + Serial Number (hex): 00e8867ef366e7f30b79336634297fb6f1 + Revoked at: Thu Jun 06 20:40:16 UTC 2013 + Serial Number (hex): 56e82dbfd100fb695aeb06e4198882fd + Revoked at: Thu Jun 06 20:46:38 UTC 2013 + Serial Number (hex): 00c336ca849de65e9854bdc241b81903e5 + Revoked at: Fri Jun 07 11:35:55 UTC 2013 + Serial Number (hex): 008190fb4c8495ff117d5f7d929e115877 + Revoked at: Fri Jun 07 12:02:58 UTC 2013 + Serial Number (hex): 2f5edf641e851a7f7b16634bab5ca668 + Revoked at: Fri Jun 07 12:09:42 UTC 2013 + Serial Number (hex): 3cb590552c67fb88ce47cbd6761bfe70 + Revoked at: Fri Jun 07 16:41:39 UTC 2013 + Serial Number (hex): 00cccf849a0f89f0dc9b858c2256d6dffd + Revoked at: Fri Jun 07 18:21:06 UTC 2013 + Serial Number (hex): 4991622211798d6de207b2ab87770198 + Revoked at: Fri Jun 07 18:52:32 UTC 2013 + Serial Number (hex): 31435c5932d00d6e5a31fe5b30630ef4 + Revoked at: Fri Jun 07 19:58:51 UTC 2013 + Serial Number (hex): 546b52a991e3dbf97b9c8adbf6daa8a4 + Revoked at: Fri Jun 07 21:31:28 UTC 2013 + Serial Number (hex): 750ef5f35d2e6104451594518c163040 + Revoked at: Fri Jun 07 22:06:51 UTC 2013 + Serial Number (hex): 00d6a1a1832b22f532a79acace554c9cde + Revoked at: Sat Jun 08 02:13:06 UTC 2013 + Serial Number (hex): 1d0484a76aab6119c0f03121572f121b + Revoked at: Sun Jun 09 02:13:10 UTC 2013 + Serial Number (hex): 0080c2f46eab373989f11b25d11f7a8977 + Revoked at: Mon Jun 10 10:38:44 UTC 2013 + Serial Number (hex): 01b872432a2284d4257a15658d778072 + Revoked at: Mon Jun 10 14:33:56 UTC 2013 + Serial Number (hex): 00b389bb54e333463d183c4fb6fdd9d936 + Revoked at: Mon Jun 10 15:02:53 UTC 2013 + Serial Number (hex): 009c6115e94e9532c69e139e5d20a76789 + Revoked at: Mon Jun 10 15:29:46 UTC 2013 + Serial Number (hex): 00e277f1575673e930d54a8e715784bea4 + Revoked at: Mon Jun 10 15:29:57 UTC 2013 + Serial Number (hex): 7d2ba39e6f61385368b35b15b5d50979 + Revoked at: Mon Jun 10 15:35:20 UTC 2013 + Serial Number (hex): 008b5dab3ab8562943caab3bbe9126e3ca + Revoked at: Mon Jun 10 15:35:44 UTC 2013 + Serial Number (hex): 46e38b3e0887727095ffe0b36b7ca801 + Revoked at: Mon Jun 10 15:35:51 UTC 2013 + Serial Number (hex): 40e4dc81379f5fe7321e5e07b5a2ba12 + Revoked at: Mon Jun 10 15:36:02 UTC 2013 + Serial Number (hex): 00fc0263715b7bc3d9a9ed708f8804c4d8 + Revoked at: Mon Jun 10 15:39:37 UTC 2013 + Serial Number (hex): 00ba35cdc339f5cb3a79e7de09a80f1e05 + Revoked at: Mon Jun 10 15:54:11 UTC 2013 + Serial Number (hex): 00e14574c9b4ccb06710b855db59673fd5 + Revoked at: Mon Jun 10 16:04:56 UTC 2013 + Serial Number (hex): 00b47bc7ab414e697516bc286c2870c2a5 + Revoked at: Mon Jun 10 16:07:45 UTC 2013 + Serial Number (hex): 4e90ec17c1fcead9c906624b77c78fba + Revoked at: Mon Jun 10 16:10:26 UTC 2013 + Serial Number (hex): 0f2b0fbad777759d8278bc3c918a59f8 + Revoked at: Mon Jun 10 16:37:36 UTC 2013 + Serial Number (hex): 10a6c8c5ce1ab354daaad96972729a92 + Revoked at: Mon Jun 10 16:55:57 UTC 2013 + Serial Number (hex): 16d132830f9a0c1fcd900877c312dd34 + Revoked at: Mon Jun 10 16:56:25 UTC 2013 + Serial Number (hex): 57cbd1b9cb701141e84f3d90c88f3c93 + Revoked at: Mon Jun 10 16:58:15 UTC 2013 + Serial Number (hex): 7fa820f7f7f5407b5748ce967efa67b9 + Revoked at: Mon Jun 10 17:37:08 UTC 2013 + Serial Number (hex): 6d606932bac5ad555fda06ef6b75600e + Revoked at: Mon Jun 10 17:54:31 UTC 2013 + Serial Number (hex): 7e81e4ba51cea7b39c314357e73dc984 + Revoked at: Mon Jun 10 17:54:49 UTC 2013 + Serial Number (hex): 00800dec9378b3423678a02959fdb135bb + Revoked at: Mon Jun 10 17:55:03 UTC 2013 + Serial Number (hex): 00940854c7d98153bf5cd58776d1a8cde7 + Revoked at: Mon Jun 10 17:55:20 UTC 2013 + Serial Number (hex): 009a319d68df344e271dd977fb4e263c2e + Revoked at: Mon Jun 10 17:55:38 UTC 2013 + Serial Number (hex): 00d27324a595939c28b4d0c6b4403b3c38 + Revoked at: Mon Jun 10 17:55:55 UTC 2013 + Serial Number (hex): 1db032eb490d46fe7b14ee9219b0d7d3 + Revoked at: Mon Jun 10 17:56:09 UTC 2013 + Serial Number (hex): 00fc1be578c82dcbf2fcc3f06fcb7ff5cc + Revoked at: Mon Jun 10 19:45:21 UTC 2013 + Serial Number (hex): 611a8a86660b1bab703bd033300f90d2 + Revoked at: Mon Jun 10 19:45:38 UTC 2013 + Serial Number (hex): 00f09dcfe4c040c3c9c599f76e74d10126 + Revoked at: Mon Jun 10 20:20:01 UTC 2013 + Serial Number (hex): 3b35f733c41f5b3fa1ade185670ef0e4 + Revoked at: Mon Jun 10 21:10:24 UTC 2013 + Serial Number (hex): 497f9510fdeba5bf11a10c75b9bce860 + Revoked at: Mon Jun 10 23:58:25 UTC 2013 + Serial Number (hex): 635b80e489f6979b2e1ed154882b9ce0 + Revoked at: Tue Jun 11 01:15:31 UTC 2013 + Serial Number (hex): 2145c23566320b79d19c2722494f1aa9 + Revoked at: Tue Jun 11 07:50:07 UTC 2013 + Serial Number (hex): 05a6a15ed366d3f760e48fc91c34d2a0 + Revoked at: Tue Jun 11 10:23:05 UTC 2013 + Serial Number (hex): 00fc1173cbaea5c931dfa5652c8ef485aa + Revoked at: Tue Jun 11 11:55:08 UTC 2013 + Serial Number (hex): 00b94d273f3f762b1ca4205e5f91a41ee9 + Revoked at: Tue Jun 11 12:51:02 UTC 2013 + Serial Number (hex): 00f5611dd26376e342ecdc055c25de7a84 + Revoked at: Tue Jun 11 14:00:57 UTC 2013 + Serial Number (hex): 00c9d5830199b68f3007d77d654435ece5 + Revoked at: Tue Jun 11 14:01:52 UTC 2013 + Serial Number (hex): 6f9a72f22c6e833b1a660c7973702dd8 + Revoked at: Tue Jun 11 14:45:27 UTC 2013 + Serial Number (hex): 00938a80254c83cc7c0842748af1e40234 + Revoked at: Tue Jun 11 14:49:15 UTC 2013 + Serial Number (hex): 0be13a404f9887dc3578dc6cbe922718 + Revoked at: Tue Jun 11 15:58:02 UTC 2013 + Serial Number (hex): 00b41b564a3a6242228e16ce69f35fb753 + Revoked at: Tue Jun 11 17:44:39 UTC 2013 + Serial Number (hex): 00ddaecb686fc4625633ba38ad3128ab26 + Revoked at: Tue Jun 11 17:45:06 UTC 2013 + Serial Number (hex): 00cac130ed238e5bb8939d99bdba084ef7 + Revoked at: Tue Jun 11 17:45:30 UTC 2013 + Serial Number (hex): 2ab57f2be65614d56ccde781349c1153 + Revoked at: Tue Jun 11 17:46:02 UTC 2013 + Serial Number (hex): 683e5c4cde67454f7a782a00aed0977b + Revoked at: Tue Jun 11 17:46:56 UTC 2013 + Serial Number (hex): 00a49781e98d9f3312bf578803cdff3e06 + Revoked at: Tue Jun 11 17:47:27 UTC 2013 + Serial Number (hex): 00ab4b1d3ad37a7fd4a4ed286fdfd6d415 + Revoked at: Tue Jun 11 18:36:35 UTC 2013 + Serial Number (hex): 00e9c8246fe49edb8136fcac8a871a72d5 + Revoked at: Tue Jun 11 20:45:39 UTC 2013 + Serial Number (hex): 00fefa7c75c385ad5cde6f5ed698aa5bfd + Revoked at: Tue Jun 11 21:27:27 UTC 2013 + Serial Number (hex): 3ecf292bfb07f99df8499d7f283124d8 + Revoked at: Tue Jun 11 22:51:54 UTC 2013 + Serial Number (hex): 00b1101d6bb62df7d2c7e9c6bb6dbf6d33 + Revoked at: Wed Jun 12 02:59:17 UTC 2013 + Serial Number (hex): 505f44831daa8b57ca0b07211d1a450f + Revoked at: Wed Jun 12 02:59:33 UTC 2013 + Serial Number (hex): 0097e26ab057dfcb3a2f255ac2ba52c67e + Revoked at: Wed Jun 12 12:04:11 UTC 2013 + Serial Number (hex): 3d9493afe32e94ff16203771f2e55e18 + Revoked at: Wed Jun 12 12:04:31 UTC 2013 + Serial Number (hex): 00c9fc871079739c34e8d31acf20d0d680 + Revoked at: Wed Jun 12 12:16:15 UTC 2013 + Serial Number (hex): 0094603f167a8c9075f07d7affc44dd574 + Revoked at: Wed Jun 12 12:16:25 UTC 2013 + Serial Number (hex): 281f92fb9d7a8b3c0c318208a264461c + Revoked at: Wed Jun 12 12:16:32 UTC 2013 + Serial Number (hex): 00b465fa7b42afb2698188f57cacb04015 + Revoked at: Wed Jun 12 12:16:38 UTC 2013 + Serial Number (hex): 7ef7b130b64a099e37ec9ffdf1935dcb + Revoked at: Wed Jun 12 12:16:44 UTC 2013 + Serial Number (hex): 00b46bab303236f728711f722fa7f28584 + Revoked at: Wed Jun 12 13:02:23 UTC 2013 + Serial Number (hex): 00f3ccd9d1a49699cb11274989884de167 + Revoked at: Wed Jun 12 13:20:43 UTC 2013 + Serial Number (hex): 00f5377c2e7c9add2aa116559e93ad6543 + Revoked at: Wed Jun 12 14:15:40 UTC 2013 + Serial Number (hex): 3545ac5c161f3d299c1b91c81bb501a7 + Revoked at: Wed Jun 12 14:16:00 UTC 2013 + Serial Number (hex): 4875da1b97874bcbd34f75ffd80a222a + Revoked at: Wed Jun 12 15:09:10 UTC 2013 + Serial Number (hex): 008ef0aca479f48eb68d850147c8760037 + Revoked at: Wed Jun 12 15:09:26 UTC 2013 + Serial Number (hex): 79d3247776ce5fedb93013bd624a86e5 + Revoked at: Wed Jun 12 15:10:22 UTC 2013 + Serial Number (hex): 00da9ddc5f9bc1f2ca8738dc36ad19e9d0 + Revoked at: Wed Jun 12 15:12:17 UTC 2013 + Serial Number (hex): 00ff070510a5a6af2040e6f5fd0b9fb02c + Revoked at: Wed Jun 12 15:16:19 UTC 2013 + Serial Number (hex): 00ba579837eab24e50181f91c989408663 + Revoked at: Wed Jun 12 15:17:38 UTC 2013 + Serial Number (hex): 19f5ead2b648ea9f99fc16de00bfc909 + Revoked at: Wed Jun 12 15:27:36 UTC 2013 + Serial Number (hex): 27c97160f63691449b88600dda9e94e8 + Revoked at: Wed Jun 12 15:34:17 UTC 2013 + Serial Number (hex): 0098f12500034f220b0fe1da597504b8c0 + Revoked at: Wed Jun 12 17:31:35 UTC 2013 + Serial Number (hex): 009c9ade1c6982e155862cbe4475f2f028 + Revoked at: Wed Jun 12 17:33:00 UTC 2013 + Serial Number (hex): 00a59379f2b3c72b8a38e8e84935f9c0e0 + Revoked at: Wed Jun 12 17:44:24 UTC 2013 + Serial Number (hex): 4694e5cb18bb138cb66a1514b55460de + Revoked at: Wed Jun 12 18:20:19 UTC 2013 + Serial Number (hex): 5e25837c052b2f457368f2ce347d9e30 + Revoked at: Wed Jun 12 19:44:34 UTC 2013 + Serial Number (hex): 212345c826d6bf394f26545eb9c2b686 + Revoked at: Wed Jun 12 20:02:16 UTC 2013 + Serial Number (hex): 1ff42e08a813d1c1a7c60110cdd18662 + Revoked at: Wed Jun 12 20:02:58 UTC 2013 + Serial Number (hex): 596e3ae55c401c0c483479a2e2b9bb11 + Revoked at: Wed Jun 12 20:40:50 UTC 2013 + Serial Number (hex): 00d60022dc4a05613063ff34a43130d0d4 + Revoked at: Wed Jun 12 20:42:40 UTC 2013 + Serial Number (hex): 00d753443e3183b2163271544d3d7cfc51 + Revoked at: Wed Jun 12 20:42:46 UTC 2013 + Serial Number (hex): 6e55e3be551bff0b7735ba079dcca2d2 + Revoked at: Wed Jun 12 20:42:57 UTC 2013 + Serial Number (hex): 429b037434a1b1843bfb4515e681fa60 + Revoked at: Wed Jun 12 20:44:07 UTC 2013 + Serial Number (hex): 00a8406408f841ca52dc8e793190d34196 + Revoked at: Wed Jun 12 20:47:17 UTC 2013 + Serial Number (hex): 00e0d0ddd7d019fea8da3236f1a118679e + Revoked at: Wed Jun 12 23:11:58 UTC 2013 + Serial Number (hex): 008741449054c19699876d8005b8b5a5a8 + Revoked at: Thu Jun 13 04:58:45 UTC 2013 + Serial Number (hex): 71be863f952a4419dcdfa5589870cb21 + Revoked at: Thu Jun 13 13:51:16 UTC 2013 + Serial Number (hex): 00b30a868c01f1e44d5742a60b0b97df86 + Revoked at: Thu Jun 13 13:51:36 UTC 2013 + Serial Number (hex): 00a2d216d2b5587532e4560afc4c76bdd1 + Revoked at: Thu Jun 13 16:14:22 UTC 2013 + Serial Number (hex): 009cf097c26a47b23f8e5b2dee81391ccd + Revoked at: Thu Jun 13 16:46:41 UTC 2013 + Serial Number (hex): 1f65387c0ffe2b3811f73a31f9588cbc + Revoked at: Thu Jun 13 18:06:31 UTC 2013 + Serial Number (hex): 00b1d9049db15b1ca511e3c7bc23d6f309 + Revoked at: Thu Jun 13 18:06:37 UTC 2013 + Serial Number (hex): 00fcf993757ac0c7bb7300a5f624c8c94b + Revoked at: Thu Jun 13 18:12:39 UTC 2013 + Serial Number (hex): 00e2ab4a5bedb991dc386f858b9fe52b61 + Revoked at: Thu Jun 13 18:12:41 UTC 2013 + Serial Number (hex): 0092dadddd1dc20404b3307514ff446f83 + Revoked at: Thu Jun 13 18:20:28 UTC 2013 + Serial Number (hex): 009e9e592ede871322331640fadf0a93cc + Revoked at: Thu Jun 13 18:23:06 UTC 2013 + Serial Number (hex): 07b2b75ce537319b113ef83d9ef77224 + Revoked at: Thu Jun 13 18:37:30 UTC 2013 + Serial Number (hex): 1032bc2ad0cd5d149cdaf6f957bfd274 + Revoked at: Thu Jun 13 18:48:27 UTC 2013 + Serial Number (hex): 00a285178a5f0c57757a5ae9b7f775f54b + Revoked at: Thu Jun 13 19:11:27 UTC 2013 + Serial Number (hex): 00df60b2a92c855b7f645e69a9deff1db3 + Revoked at: Thu Jun 13 19:11:46 UTC 2013 + Serial Number (hex): 008274bea8dd2c432287a01c971338af9c + Revoked at: Thu Jun 13 19:58:15 UTC 2013 + Serial Number (hex): 00a204e01224b1078cb047ccce74be2708 + Revoked at: Thu Jun 13 20:44:46 UTC 2013 + Serial Number (hex): 5fcd78a7a5ca15753d868f15a9c87fe7 + Revoked at: Fri Jun 14 00:30:21 UTC 2013 + Serial Number (hex): 5df99a071cad98a5dd1d04c39791751f + Revoked at: Fri Jun 14 06:46:02 UTC 2013 + Serial Number (hex): 245fe3238f3b094c01bdf85b8802583a + Revoked at: Fri Jun 14 07:56:41 UTC 2013 + Serial Number (hex): 00fcf256be83738da3e3e243da800eab5c + Revoked at: Fri Jun 14 08:52:36 UTC 2013 + Serial Number (hex): 368fda87ec5673b636fcec55a82c381f + Revoked at: Fri Jun 14 13:08:32 UTC 2013 + Serial Number (hex): 623574958a6fff78d0860fcdbc1206ae + Revoked at: Fri Jun 14 13:16:10 UTC 2013 + Serial Number (hex): 00e143d7540cb999baf669827eabe08b3d + Revoked at: Fri Jun 14 18:51:02 UTC 2013 + Serial Number (hex): 1235bdc255eaba72771ec60cbaa5e82c + Revoked at: Fri Jun 14 18:54:20 UTC 2013 + Serial Number (hex): 04f4e692da77eb70079b6381da41bbca + Revoked at: Fri Jun 14 18:54:25 UTC 2013 + Serial Number (hex): 00d6d20465e3fdbb1089d18542bb7d3cd4 + Revoked at: Fri Jun 14 20:55:15 UTC 2013 + Serial Number (hex): 00ca64fe2a6f3c137e9ce6a506b196efe9 + Revoked at: Fri Jun 14 21:15:45 UTC 2013 + Serial Number (hex): 07907a6c53cf9d9cfc80060f8723beb8 + Revoked at: Fri Jun 14 21:16:00 UTC 2013 + Serial Number (hex): 5fe33c87f162abc140a2c87ee5df62d6 + Revoked at: Fri Jun 14 21:18:19 UTC 2013 + Serial Number (hex): 00e0a25c90687168ed3b30cf79953d5d5e + Revoked at: Fri Jun 14 21:26:30 UTC 2013 + Serial Number (hex): 00fe78838805124bc26df1ace1186f2ea2 + Revoked at: Sat Jun 15 02:13:05 UTC 2013 + Serial Number (hex): 0096a38f0158776e542f63a420b6ed6796 + Revoked at: Sat Jun 15 18:42:40 UTC 2013 + Serial Number (hex): 009f04ff2419465eaa67104e6a9f18dd87 + Revoked at: Mon Jun 17 14:35:40 UTC 2013 + Serial Number (hex): 00a21f27f33b7255b9806b1f824922403b + Revoked at: Mon Jun 17 16:28:56 UTC 2013 + Serial Number (hex): 44c94312c0f823ed1d391d9fa7e34f91 + Revoked at: Mon Jun 17 18:07:59 UTC 2013 + Serial Number (hex): 69a6a5367e2ee6b9397db6f90e785e39 + Revoked at: Mon Jun 17 20:25:46 UTC 2013 + Serial Number (hex): 5e6d48423eb1a22b7a5a250d697bc33f + Revoked at: Mon Jun 17 21:18:55 UTC 2013 + Serial Number (hex): 00f7d2242822295a1d3147395209e0176a + Revoked at: Tue Jun 18 07:03:51 UTC 2013 + Serial Number (hex): 66434103003ee169b78e89ed3b807422 + Revoked at: Tue Jun 18 08:52:10 UTC 2013 + Serial Number (hex): 00a3ba799373dc67ec2af7e4bfd5147ea0 + Revoked at: Tue Jun 18 09:01:13 UTC 2013 + Serial Number (hex): 767d76b857b46d6eba0586ea5c55bef9 + Revoked at: Tue Jun 18 09:30:09 UTC 2013 + Serial Number (hex): 00b45d610875a8998516d1bc97e230b51a + Revoked at: Tue Jun 18 11:03:52 UTC 2013 + Serial Number (hex): 00acc041ba54365a499a970465e9f39a94 + Revoked at: Tue Jun 18 12:00:42 UTC 2013 + Serial Number (hex): 7ac6f4506ab5978edbc2fb0d01c68116 + Revoked at: Tue Jun 18 12:59:04 UTC 2013 + Serial Number (hex): 00cc7a09e9bff3334fb2907095359b60d5 + Revoked at: Tue Jun 18 13:49:17 UTC 2013 + Serial Number (hex): 3c71390f253c0849942ecf2676bf5c69 + Revoked at: Tue Jun 18 13:52:59 UTC 2013 + Serial Number (hex): 00e0dc2f9cd14c39da3ede4d598a69502f + Revoked at: Tue Jun 18 13:54:24 UTC 2013 + Serial Number (hex): 009bc6d91d0bd94d0ac2fb41dbfcb8754b + Revoked at: Tue Jun 18 15:42:06 UTC 2013 + Serial Number (hex): 00c26bb21626c00814665427fac8194652 + Revoked at: Tue Jun 18 15:56:12 UTC 2013 + Serial Number (hex): 00ebd17bd7641adc9914019f4923ad6d84 + Revoked at: Tue Jun 18 16:26:19 UTC 2013 + Serial Number (hex): 00de4eb1524edd7f819fe830634fef9dd3 + Revoked at: Tue Jun 18 16:36:04 UTC 2013 + Serial Number (hex): 6a6db3303e239b0ff131581414d01db9 + Revoked at: Tue Jun 18 19:03:43 UTC 2013 + Serial Number (hex): 008363101af27a889e429492bfa56071cb + Revoked at: Tue Jun 18 19:13:25 UTC 2013 + Serial Number (hex): 1d39fc1f0590fe5cb22cfa76d813bed2 + Revoked at: Tue Jun 18 19:15:30 UTC 2013 + Serial Number (hex): 00bb1cd5d66ad78489bb636181399afa70 + Revoked at: Tue Jun 18 19:17:14 UTC 2013 + Serial Number (hex): 00f96c8b36d734d028a7845dc8c65f525f + Revoked at: Tue Jun 18 19:23:57 UTC 2013 + Serial Number (hex): 2678cf02cee9d1952b913f2e43567275 + Revoked at: Tue Jun 18 19:33:41 UTC 2013 + Serial Number (hex): 009ddf47b1eb75bec1de71ec7b87519a13 + Revoked at: Tue Jun 18 19:46:00 UTC 2013 + Serial Number (hex): 008000afbf7dad7ee3173db2865087a6a9 + Revoked at: Tue Jun 18 19:54:09 UTC 2013 + Serial Number (hex): 00a3f024c9d328232b7a0518eba716af43 + Revoked at: Tue Jun 18 20:05:05 UTC 2013 + Serial Number (hex): 00be0a440bbff6c01ff7d9eb43dfc90ece + Revoked at: Tue Jun 18 20:14:39 UTC 2013 + Serial Number (hex): 21a2f7282752ff32deb8de7eb005b841 + Revoked at: Tue Jun 18 20:21:21 UTC 2013 + Serial Number (hex): 5662b5bd7bebd46759cc9d9c94655bac + Revoked at: Tue Jun 18 20:27:25 UTC 2013 + Serial Number (hex): 5408581252eb5af040fdd1bf35011fd2 + Revoked at: Tue Jun 18 20:29:20 UTC 2013 + Serial Number (hex): 0085e8dc371915310e7a84d8a1fd8ea9fa + Revoked at: Tue Jun 18 20:31:08 UTC 2013 + Serial Number (hex): 008c07092dcacbb488c4f10e9408387586 + Revoked at: Tue Jun 18 20:32:13 UTC 2013 + Serial Number (hex): 426c472a12c08ffefc32333d031faa01 + Revoked at: Tue Jun 18 20:44:35 UTC 2013 + Serial Number (hex): 66507680a1e3d575fccf6e3318c81af2 + Revoked at: Wed Jun 19 06:43:16 UTC 2013 + Serial Number (hex): 463a2358c85a3720fe01e776b8583311 + Revoked at: Wed Jun 19 09:48:26 UTC 2013 + Serial Number (hex): 4c8db35c226fb2d4eb52e4899beaae86 + Revoked at: Wed Jun 19 09:48:49 UTC 2013 + Serial Number (hex): 32957c592bd2cf1e3ec6af0c63947b + Revoked at: Wed Jun 19 10:17:27 UTC 2013 + Serial Number (hex): 7de30e695daa69284e570fe233a229af + Revoked at: Wed Jun 19 10:17:33 UTC 2013 + Serial Number (hex): 1aa9021be3370d726716b772bda58398 + Revoked at: Wed Jun 19 10:17:41 UTC 2013 + Serial Number (hex): 2dff36718be0570df5907e5762271dfe + Revoked at: Wed Jun 19 10:17:48 UTC 2013 + Serial Number (hex): 00de10ead1059fc5a76353dd1956fb4864 + Revoked at: Wed Jun 19 14:19:33 UTC 2013 + Serial Number (hex): 00b13e329ea281779958d3e04f5300f950 + Revoked at: Wed Jun 19 16:08:35 UTC 2013 + Serial Number (hex): 64c706582a25e20e98640c540a79ae32 + Revoked at: Wed Jun 19 16:30:29 UTC 2013 + Serial Number (hex): 00d98a6e3acdbdc503bcead2fc2caf0af3 + Revoked at: Wed Jun 19 17:36:15 UTC 2013 + Serial Number (hex): 64faff3f318c2d56feb545909caed075 + Revoked at: Wed Jun 19 17:37:13 UTC 2013 + Serial Number (hex): 00978f970efdac086ad584a3c263acf164 + Revoked at: Wed Jun 19 17:38:57 UTC 2013 + Serial Number (hex): 690b8e332f045b1743af4d230cee298d + Revoked at: Wed Jun 19 17:39:17 UTC 2013 + Serial Number (hex): 00d5813c0d57c7e6775f20cd89ecbe3b64 + Revoked at: Wed Jun 19 17:58:21 UTC 2013 + Serial Number (hex): 1c2fcfaf11ee82b48bbff340e9141633 + Revoked at: Wed Jun 19 18:01:15 UTC 2013 + Serial Number (hex): 1016d2471d75e1d16625938333facf33 + Revoked at: Wed Jun 19 18:01:19 UTC 2013 + Serial Number (hex): 00a923d8003fa3044e731c62f0b1cf9b87 + Revoked at: Wed Jun 19 18:37:25 UTC 2013 + Serial Number (hex): 0a6c76c24c0dc45f245d1ae59f516cfe + Revoked at: Wed Jun 19 20:07:10 UTC 2013 + Serial Number (hex): 69db6725dddab66384d167f4c46b02dd + Revoked at: Wed Jun 19 21:33:23 UTC 2013 + Serial Number (hex): 4370867960b10052dcd5d951e2f10d50 + Revoked at: Wed Jun 19 23:06:14 UTC 2013 + Serial Number (hex): 00a076169042b131720405590da325315f + Revoked at: Thu Jun 20 04:59:16 UTC 2013 + Serial Number (hex): 00bd1c1c6fa59dc6758ec875ee3310c491 + Revoked at: Thu Jun 20 07:50:38 UTC 2013 + Serial Number (hex): 00ccdd1c846e436d0a50c2264833e5d67a + Revoked at: Thu Jun 20 11:42:06 UTC 2013 + Serial Number (hex): 00e58ad051977b8b5f3b41186e07103559 + Revoked at: Thu Jun 20 12:13:34 UTC 2013 + Serial Number (hex): 462ffc5ec988b4f8f3c00730d72350ab + Revoked at: Thu Jun 20 13:04:09 UTC 2013 + Serial Number (hex): 318ccfdb77b86c34c8da07b8d64fe923 + Revoked at: Thu Jun 20 13:04:14 UTC 2013 + Serial Number (hex): 00dbad2c0b62e74a0d030839eaebdd1ee4 + Revoked at: Thu Jun 20 13:04:20 UTC 2013 + Serial Number (hex): 00a55ded26dfae53d59ffa837d0c27d835 + Revoked at: Thu Jun 20 13:05:04 UTC 2013 + Serial Number (hex): 2c4506949bff256d5cd1702aebfff4e8 + Revoked at: Thu Jun 20 14:39:29 UTC 2013 + Serial Number (hex): 47a2bffbc08af1e1b467263450a4b997 + Revoked at: Thu Jun 20 14:47:13 UTC 2013 + Serial Number (hex): 14673a5a9af84395285ed3dde73cad37 + Revoked at: Thu Jun 20 15:46:32 UTC 2013 + Serial Number (hex): 2650f6e254a11badb27ff077bc0b84cd + Revoked at: Thu Jun 20 15:46:36 UTC 2013 + Serial Number (hex): 2396d5d7e8f486add967b0bdba0f1c6a + Revoked at: Thu Jun 20 18:52:20 UTC 2013 + Serial Number (hex): 7a7b15971706fc200eafb7cb6122a27c + Revoked at: Thu Jun 20 19:55:31 UTC 2013 + Serial Number (hex): 7f885a83cfc42a5a06ebbbd565870f77 + Revoked at: Thu Jun 20 22:10:32 UTC 2013 + Serial Number (hex): 00a72bc00f330453ce8fdea70dcb75c351 + Revoked at: Fri Jun 21 02:13:05 UTC 2013 + Serial Number (hex): 629683f0c7bd93db2617c89da116d7fb + Revoked at: Fri Jun 21 10:09:34 UTC 2013 + Serial Number (hex): 00ed894ff1535534e03a6fe0d8bd48e670 + Revoked at: Fri Jun 21 12:47:00 UTC 2013 + Serial Number (hex): 752c3cd6f7ef04ff20722a48d7a49914 + Revoked at: Fri Jun 21 15:08:57 UTC 2013 + Serial Number (hex): 5e1c73c01062dc7a8d18829bc2df7235 + Revoked at: Fri Jun 21 16:05:33 UTC 2013 + Serial Number (hex): 2640dcaf4ea94384ef25d090cbbc2ac1 + Revoked at: Fri Jun 21 16:40:49 UTC 2013 + Serial Number (hex): 7daf40199346f70d42c54db213d4a50f + Revoked at: Fri Jun 21 17:33:19 UTC 2013 + Serial Number (hex): 6f70f8745da8ec37bc958a796e557d30 + Revoked at: Fri Jun 21 20:54:55 UTC 2013 + Serial Number (hex): 00820bb97049a2af7aae91918f53de0072 + Revoked at: Fri Jun 21 20:56:17 UTC 2013 + Serial Number (hex): 50cc6c572fe271af5bf1cbfd6258a4d9 + Revoked at: Fri Jun 21 20:57:40 UTC 2013 + Serial Number (hex): 1456199b92ae9f492e15e77925f66086 + Revoked at: Fri Jun 21 21:29:00 UTC 2013 + Serial Number (hex): 00df66f6d5107d9aa9d4ae9d101227895a + Revoked at: Fri Jun 21 23:09:43 UTC 2013 + Serial Number (hex): 00ed6b139b15e12488a62f0e3b80f709ec + Revoked at: Sat Jun 22 02:13:06 UTC 2013 + Serial Number (hex): 102aeffc6cc71c9d6d6b015cf14af35d + Revoked at: Sat Jun 22 06:18:09 UTC 2013 + Serial Number (hex): 18f50ff689f58b6bb8266a1c518a5260 + Revoked at: Mon Jun 24 02:13:05 UTC 2013 + Serial Number (hex): 00a40b92a566d232a21a6435602d6265bb + Revoked at: Mon Jun 24 09:38:53 UTC 2013 + Serial Number (hex): 00e9dde3a9cd3417b75640cc3b354e7fe9 + Revoked at: Mon Jun 24 13:03:18 UTC 2013 + Serial Number (hex): 00f4d8a1d3f3aaf0c9f04ade942850c545 + Revoked at: Mon Jun 24 13:03:32 UTC 2013 + Serial Number (hex): 00dabc11a4c0f02f2677fbcc92fac52003 + Revoked at: Mon Jun 24 16:36:48 UTC 2013 + Serial Number (hex): 016e0488b3681e15677967aa014c7e57 + Revoked at: Mon Jun 24 18:29:08 UTC 2013 + Serial Number (hex): 00a760b210b38357334f0aeb3674e396af + Revoked at: Mon Jun 24 19:04:33 UTC 2013 + Serial Number (hex): 00aad7b730059e9cd124b3da17d9381da9 + Revoked at: Mon Jun 24 19:05:32 UTC 2013 + Serial Number (hex): 00fbbe0e86a9a6c84dedac22e4204d5e84 + Revoked at: Mon Jun 24 19:06:08 UTC 2013 + Serial Number (hex): 5cde15a60f225b6639ac8afa3aa58cf7 + Revoked at: Mon Jun 24 19:19:57 UTC 2013 + Serial Number (hex): 00e0877ff88ad5e7e50958a17c07e815f0 + Revoked at: Mon Jun 24 20:09:43 UTC 2013 + Serial Number (hex): 4400e45f8e658a43f16f049cfaa00587 + Revoked at: Mon Jun 24 21:15:49 UTC 2013 + Serial Number (hex): 0090cb4834db739aae9c7ad2aa8a7b7d1c + Revoked at: Mon Jun 24 21:16:39 UTC 2013 + Serial Number (hex): 009934ded8399d620285ecab6c2dd815a7 + Revoked at: Mon Jun 24 21:18:40 UTC 2013 + Serial Number (hex): 0aa3235becb7428891ab48fa9a897f38 + Revoked at: Mon Jun 24 21:19:13 UTC 2013 + Serial Number (hex): 3d4980d638083d27a1a8cc4621925146 + Revoked at: Mon Jun 24 21:20:27 UTC 2013 + Serial Number (hex): 209d45496e0f162c253df177fb3a6229 + Revoked at: Mon Jun 24 21:21:08 UTC 2013 + Serial Number (hex): 00d23a13d34da85ef9a230387cf66969a0 + Revoked at: Mon Jun 24 21:21:47 UTC 2013 + Serial Number (hex): 7bd57d668096330c396a823d41e1ba67 + Revoked at: Mon Jun 24 21:22:48 UTC 2013 + Serial Number (hex): 550550206ac4f96ed6c0ffe714234133 + Revoked at: Mon Jun 24 21:23:36 UTC 2013 + Serial Number (hex): 590c818184b6006f00fd08b82fbe3cd0 + Revoked at: Mon Jun 24 21:24:52 UTC 2013 + Serial Number (hex): 38ca4f59e53825940d97c625c06974ae + Revoked at: Mon Jun 24 21:25:34 UTC 2013 + Serial Number (hex): 00b09b98f09025cca79981ae3822787911 + Revoked at: Mon Jun 24 21:26:14 UTC 2013 + Serial Number (hex): 008b8d4946021a3efcfc4783093a6519aa + Revoked at: Mon Jun 24 21:26:49 UTC 2013 + Serial Number (hex): 73691ad3118669101c34c27aba91016f + Revoked at: Mon Jun 24 21:27:46 UTC 2013 + Serial Number (hex): 6f1d0f58dc90cf3a6376fe7b2662b6 + Revoked at: Mon Jun 24 21:28:11 UTC 2013 + Serial Number (hex): 3339d67790f10ade970037c1fb0ea4f5 + Revoked at: Mon Jun 24 21:28:41 UTC 2013 + Serial Number (hex): 0cb0ce9f6e6294baf9e4133dfa5f56ef + Revoked at: Mon Jun 24 21:31:04 UTC 2013 + Serial Number (hex): 57fc13221448ab07156dc963a9e29686 + Revoked at: Mon Jun 24 21:33:25 UTC 2013 + Serial Number (hex): 1aab0c7160527c5c32fd5279f9b050be + Revoked at: Tue Jun 25 02:13:05 UTC 2013 + Serial Number (hex): 798ecdeffe30bba228a7501ebb3b8400 + Revoked at: Tue Jun 25 02:13:06 UTC 2013 + Serial Number (hex): 00e456c7a94c2346d1a2ee483894f9e229 + Revoked at: Tue Jun 25 02:13:06 UTC 2013 + Serial Number (hex): 7cb4abfa47fed475155950c26622e9cd + Revoked at: Tue Jun 25 07:25:14 UTC 2013 + Serial Number (hex): 00f281d191dd4d779479218e8ec880eacf + Revoked at: Tue Jun 25 10:23:08 UTC 2013 + Serial Number (hex): 0b6f90b90f601d2afd62cb513af82959 + Revoked at: Tue Jun 25 12:29:56 UTC 2013 + Serial Number (hex): 00c41d8ca5b384df00b4430acff324e464 + Revoked at: Tue Jun 25 12:53:15 UTC 2013 + Serial Number (hex): 00b10911a09d9f39b22cae6c11ddaec13b + Revoked at: Tue Jun 25 13:20:12 UTC 2013 + Serial Number (hex): 00c20d7b7edf831acc327aadd9158afe16 + Revoked at: Tue Jun 25 13:32:53 UTC 2013 + Serial Number (hex): 008ec2e29c68ed56936d1d56cf5f309e8c + Revoked at: Tue Jun 25 13:52:32 UTC 2013 + Serial Number (hex): 00b24d9b5c6f56b4e3f5537746a5f0703c + Revoked at: Tue Jun 25 13:53:57 UTC 2013 + Serial Number (hex): 4b1773f7aac39d64b863888af9dd18ed + Revoked at: Tue Jun 25 14:32:43 UTC 2013 + Serial Number (hex): 7d57ba7fd9e8844b86903a67c53fc2c8 + Revoked at: Tue Jun 25 15:00:50 UTC 2013 + Serial Number (hex): 4dd09ce6965546269093f95064ef8b0b + Revoked at: Tue Jun 25 15:18:48 UTC 2013 + Serial Number (hex): 00eb927f4be1f9a0eb0ea0c3244e65d79e + Revoked at: Tue Jun 25 17:58:18 UTC 2013 + Serial Number (hex): 7a60abac06510b009be9b4468c1cbb63 + Revoked at: Tue Jun 25 18:15:12 UTC 2013 + Serial Number (hex): 22557e1626c241147b3757422b81edd6 + Revoked at: Tue Jun 25 18:26:13 UTC 2013 + Serial Number (hex): 00e2b1f25ea75d79e643c6ec3d22005ae9 + Revoked at: Tue Jun 25 19:52:18 UTC 2013 + Serial Number (hex): 00c357cfff3f4c738897b752a61d672f4f + Revoked at: Tue Jun 25 20:17:54 UTC 2013 + Serial Number (hex): 00c2d8740dd34482eb991072812ebf67b1 + Revoked at: Tue Jun 25 21:45:26 UTC 2013 + Serial Number (hex): 00a07098028af1362a07099e04ae0d5459 + Revoked at: Tue Jun 25 21:47:45 UTC 2013 + Serial Number (hex): 1729152e8f4a92432bcca89bcee30a7b + Revoked at: Tue Jun 25 21:48:07 UTC 2013 + Serial Number (hex): 5dadbda3a013b67ba5befb484e93c0a1 + Revoked at: Tue Jun 25 21:48:36 UTC 2013 + Serial Number (hex): 00bb30b51db2f5f4fff3c646f7b2326ba6 + Revoked at: Tue Jun 25 21:58:59 UTC 2013 + Serial Number (hex): 320725addfe3598f2cca09eb40f23e83 + Revoked at: Wed Jun 26 05:13:48 UTC 2013 + Serial Number (hex): 67884777ca3eb487fc80b5cc7e6734e8 + Revoked at: Wed Jun 26 13:59:27 UTC 2013 + Serial Number (hex): 00d7db8b90797c50c0450404254ebaf46c + Revoked at: Wed Jun 26 13:59:35 UTC 2013 + Serial Number (hex): 00f62f269208be03730f8e1976dbf833d8 + Revoked at: Wed Jun 26 13:59:58 UTC 2013 + Serial Number (hex): 00c3f286671b0ad2f7d193778968616d8e + Revoked at: Wed Jun 26 14:02:06 UTC 2013 + Serial Number (hex): 40831dd3774305a7c423cbd28bf60248 + Revoked at: Wed Jun 26 14:14:29 UTC 2013 + Serial Number (hex): 00b3f6c3f41fc91051195f06d25028474c + Revoked at: Wed Jun 26 14:26:52 UTC 2013 + Serial Number (hex): 26799351d439267e2fe1cb1cbd65399f + Revoked at: Wed Jun 26 15:08:31 UTC 2013 + Serial Number (hex): 00c537d7d0aa4bdb71e05860b664e97570 + Revoked at: Wed Jun 26 15:09:26 UTC 2013 + Serial Number (hex): 48436f82dbefb090ad38aca4ccd6d891 + Revoked at: Wed Jun 26 15:12:26 UTC 2013 + Serial Number (hex): 331bc0f76f5082af3fbc12071e8ad75e + Revoked at: Wed Jun 26 16:13:21 UTC 2013 + Serial Number (hex): 00d3e0d312457020adc8573026cbf3907e + Revoked at: Wed Jun 26 16:13:27 UTC 2013 + Serial Number (hex): 00a6828ad6480afb4c7daedc073f408dc7 + Revoked at: Wed Jun 26 16:14:00 UTC 2013 + Serial Number (hex): 5beb2ea8a200becb409e484306fbae42 + Revoked at: Wed Jun 26 16:38:26 UTC 2013 + Serial Number (hex): 1e34b86f0ed31a35db5a7846211b1d19 + Revoked at: Wed Jun 26 17:48:42 UTC 2013 + Serial Number (hex): 6f1c99f0b2795396fd709ca0424650f8 + Revoked at: Wed Jun 26 18:21:51 UTC 2013 + Serial Number (hex): 00919bb426033bd424040417fe98c7ef48 + Revoked at: Wed Jun 26 18:28:18 UTC 2013 + Serial Number (hex): 00e4b4265816831ab7fe7eb83a45f7f5c2 + Revoked at: Wed Jun 26 18:32:17 UTC 2013 + Serial Number (hex): 4f1690e728df567ab5a94b936053fe46 + Revoked at: Wed Jun 26 18:44:33 UTC 2013 + Serial Number (hex): 00d11b74202909085b848dc8a1ffba50e6 + Revoked at: Wed Jun 26 18:53:44 UTC 2013 + Serial Number (hex): 54df42c40fb6930fa2756c47e739695a + Revoked at: Wed Jun 26 18:57:34 UTC 2013 + Serial Number (hex): 5694e160415c61eb2d54dce0eb0c0ef0 + Revoked at: Wed Jun 26 18:57:56 UTC 2013 + Serial Number (hex): 678e3ac423f779975c701a0fc0e0b2d0 + Revoked at: Wed Jun 26 19:57:28 UTC 2013 + Serial Number (hex): 3e37ea690a74d4603359703a05b76b18 + Revoked at: Wed Jun 26 20:03:00 UTC 2013 + Serial Number (hex): 00edab467f6f7ce62402ddd3e1d6c071dc + Revoked at: Wed Jun 26 20:05:45 UTC 2013 + Serial Number (hex): 1b5a5d4324c86e85173ab994a27d9a33 + Revoked at: Wed Jun 26 21:46:13 UTC 2013 + Serial Number (hex): 00dbf6cfb7a9915b93d131637336383c22 + Revoked at: Wed Jun 26 21:57:51 UTC 2013 + Serial Number (hex): 1ebda3d1684343dae462d6e38413640f + Revoked at: Thu Jun 27 10:19:48 UTC 2013 + Serial Number (hex): 00ef84fcae634bcf4c25d6f4b4142b2660 + Revoked at: Thu Jun 27 10:28:36 UTC 2013 + Serial Number (hex): 57555cbf7cf7f720c706ca0f48eb682c + Revoked at: Thu Jun 27 10:28:42 UTC 2013 + Serial Number (hex): 4752ce95213f7287c2894c83c87ad035 + Revoked at: Thu Jun 27 12:37:48 UTC 2013 + Serial Number (hex): 7d604ee6120e35c00e3a6ae3caed42d1 + Revoked at: Thu Jun 27 13:17:59 UTC 2013 + Serial Number (hex): 0092b6ea660c3f295389c55bcee8a2ca7b + Revoked at: Thu Jun 27 13:18:05 UTC 2013 + Serial Number (hex): 734144f8401420800c48b73a563c1b7c + Revoked at: Thu Jun 27 14:34:04 UTC 2013 + Serial Number (hex): 008f5839af23654d06bedcaf7bf24c3efb + Revoked at: Thu Jun 27 14:57:03 UTC 2013 + Serial Number (hex): 00d92a82185bf70f690a8c739c52e17bbc + Revoked at: Thu Jun 27 14:59:05 UTC 2013 + Serial Number (hex): 00834baafc77ace19bb690e6e991c21f78 + Revoked at: Thu Jun 27 15:12:37 UTC 2013 + Serial Number (hex): 43ed39b61bcae24a20dc5fec87bae659 + Revoked at: Thu Jun 27 15:26:55 UTC 2013 + Serial Number (hex): 290f5e3ce65c1fa60889332ac8490f7e + Revoked at: Thu Jun 27 15:35:11 UTC 2013 + Serial Number (hex): 00e35960725c0277d901eebd50f96802f7 + Revoked at: Thu Jun 27 17:00:32 UTC 2013 + Serial Number (hex): 39d871d6230abf9f2c558749b83f68d9 + Revoked at: Thu Jun 27 17:36:54 UTC 2013 + Serial Number (hex): 0083138689767a37270650071a85cbeccb + Revoked at: Thu Jun 27 18:41:02 UTC 2013 + Serial Number (hex): 0eec7033c2279a74c10892ecd50390a2 + Revoked at: Thu Jun 27 23:25:46 UTC 2013 + Serial Number (hex): 2be4fc6be0d027ae44481942d6bc4b26 + Revoked at: Fri Jun 28 08:07:56 UTC 2013 + Serial Number (hex): 31b946d0e6aa0fed415048bd4830c688 + Revoked at: Fri Jun 28 08:26:45 UTC 2013 + Serial Number (hex): 54b3b50aba961f5fdb5873f9897c5e84 + Revoked at: Fri Jun 28 12:57:11 UTC 2013 + Serial Number (hex): 00b546a3179bbad06dd5b77090d1b5ed3a + Revoked at: Fri Jun 28 13:24:30 UTC 2013 + Serial Number (hex): 00a5fd1ab8f2226d9b863c1e0bcfe3b288 + Revoked at: Fri Jun 28 18:15:49 UTC 2013 + Serial Number (hex): 345fc47a3fffff00c39e3d83fcd387a2 + Revoked at: Fri Jun 28 19:18:43 UTC 2013 + Serial Number (hex): 008b07fd137aad297dd17f22a10706631b + Revoked at: Fri Jun 28 20:11:06 UTC 2013 + Serial Number (hex): 00df754d185570d2cb95c026bbe006ebf9 + Revoked at: Fri Jun 28 20:20:39 UTC 2013 + Serial Number (hex): 00cdd77466249bae3f50fde767bdc13f52 + Revoked at: Fri Jun 28 20:46:06 UTC 2013 + Serial Number (hex): 008073f3fe1635b40db6a0f0961258268d + Revoked at: Sun Jun 30 02:13:07 UTC 2013 + Serial Number (hex): 47c97f320670fdedefcb05ebd6e28f0a + Revoked at: Mon Jul 01 02:13:04 UTC 2013 + Serial Number (hex): 008858f93d7cdd494be355cdd89ec3cb38 + Revoked at: Mon Jul 01 10:18:32 UTC 2013 + Serial Number (hex): 00ef0d01dd0768ad3fe0d12a0ca7047271 + Revoked at: Mon Jul 01 10:55:18 UTC 2013 + Serial Number (hex): 09a39cdcc6c555b17e3b3f2212681eaa + Revoked at: Mon Jul 01 10:55:26 UTC 2013 + Serial Number (hex): 008863541746343014a7d7f19cddc1f653 + Revoked at: Mon Jul 01 13:47:44 UTC 2013 + Serial Number (hex): 45768c533ea633c5b1470a5b04e81fe9 + Revoked at: Mon Jul 01 16:29:41 UTC 2013 + Serial Number (hex): 6673869cc585f252d87bbb2fce85973f + Revoked at: Mon Jul 01 16:33:45 UTC 2013 + Serial Number (hex): 628434f7c3888d128bc66cf741559256 + Revoked at: Mon Jul 01 16:36:18 UTC 2013 + Serial Number (hex): 1f2ffa8229db89cbbfe9181bc9f0be99 + Revoked at: Mon Jul 01 16:37:24 UTC 2013 + Serial Number (hex): 00c1cd2026ceff454a0cc17a6a97311b49 + Revoked at: Mon Jul 01 17:00:42 UTC 2013 + Serial Number (hex): 00df586ee58df0a748ea577dbeb4ddca15 + Revoked at: Mon Jul 01 17:03:05 UTC 2013 + Serial Number (hex): 00e07d1c44062a5142802de8a46ed79930 + Revoked at: Mon Jul 01 17:11:06 UTC 2013 + Serial Number (hex): 00f7088e62b8f5d80cbb4c7f48f4b94012 + Revoked at: Mon Jul 01 17:13:16 UTC 2013 + Serial Number (hex): 00e9e13334c1a01ba3807617bc7544c6b7 + Revoked at: Mon Jul 01 17:26:38 UTC 2013 + Serial Number (hex): 499fabab5990bae63cfc79e03f3a0c7a + Revoked at: Mon Jul 01 17:27:16 UTC 2013 + Serial Number (hex): 7d0abdaab22ed761ea816ca8dea61dab + Revoked at: Mon Jul 01 19:26:50 UTC 2013 + Serial Number (hex): 00a349e73f90e179e417797373b572ba29 + Revoked at: Mon Jul 01 19:26:58 UTC 2013 + Serial Number (hex): 00a4b60870afa1e9f66c406c89ea2b30a5 + Revoked at: Mon Jul 01 19:31:27 UTC 2013 + Serial Number (hex): 00d1464e25ad7b47dc46b7490ef62adadf + Revoked at: Mon Jul 01 20:52:06 UTC 2013 + Serial Number (hex): 5607bf1818ed0bf6ad65c02ec272830e + Revoked at: Mon Jul 01 21:29:49 UTC 2013 + Serial Number (hex): 0096830120963b3a8b2352d4b28d43b1f1 + Revoked at: Mon Jul 01 22:53:14 UTC 2013 + Serial Number (hex): 4f0d7812b5659060db7373275d0163de + Revoked at: Mon Jul 01 23:53:32 UTC 2013 + Serial Number (hex): 00e8d75285c861e46e33785df9cffe1f5b + Revoked at: Tue Jul 02 08:35:23 UTC 2013 + Serial Number (hex): 0c6f2c2c4a37ef35d1c6d596edccabcc + Revoked at: Tue Jul 02 08:35:28 UTC 2013 + Serial Number (hex): 020f6cf767b0b7dc6f63654438622ab1 + Revoked at: Tue Jul 02 08:35:32 UTC 2013 + Serial Number (hex): 34ace80c302e3bdb9296eaf146e285c5 + Revoked at: Tue Jul 02 08:35:36 UTC 2013 + Serial Number (hex): 2f01c34dab72ae4b6c720e73d4632155 + Revoked at: Tue Jul 02 08:35:40 UTC 2013 + Serial Number (hex): 2a8570e59b3e0912e857882e34a2b379 + Revoked at: Tue Jul 02 08:35:44 UTC 2013 + Serial Number (hex): 0083633d41e4f09440ceed2939803ca6db + Revoked at: Tue Jul 02 08:35:48 UTC 2013 + Serial Number (hex): 00db2c6c82270a9d36559a3a031d7789cd + Revoked at: Tue Jul 02 09:57:34 UTC 2013 + Serial Number (hex): 71b341c51a6affb9726c622b918dd5ed + Revoked at: Tue Jul 02 10:23:16 UTC 2013 + Serial Number (hex): 1a52d298c83ee442937d6cf8c1452c89 + Revoked at: Tue Jul 02 12:52:36 UTC 2013 + Serial Number (hex): 48ff64a30f0878064698e43f2bb965cd + Revoked at: Tue Jul 02 12:58:10 UTC 2013 + Serial Number (hex): 74fb46409cf42162cb84f6ad81fb1321 + Revoked at: Tue Jul 02 13:02:15 UTC 2013 + Serial Number (hex): 00d6bff5204bc79e87b892b6e99113f1e9 + Revoked at: Tue Jul 02 13:30:34 UTC 2013 + Serial Number (hex): 00c4233a1340b69d913b5adab25c51247c + Revoked at: Tue Jul 02 13:48:27 UTC 2013 + Serial Number (hex): 00c19841deb4c91c4418b82ccdd489514e + Revoked at: Tue Jul 02 14:01:56 UTC 2013 + Serial Number (hex): 00cda473640696ddbe2230aaf85d044928 + Revoked at: Tue Jul 02 14:54:35 UTC 2013 + Serial Number (hex): 78263afe92a5e8526f1d883d76c2b8bc + Revoked at: Tue Jul 02 14:56:46 UTC 2013 + Serial Number (hex): 637be934000db79940c82edf979c47de + Revoked at: Tue Jul 02 14:57:03 UTC 2013 + Serial Number (hex): 4166e88b52d0fc3d28abecf7b1cbcb0a + Revoked at: Tue Jul 02 14:57:10 UTC 2013 + Serial Number (hex): 290241242560b8fdd05b1d73e3458e82 + Revoked at: Tue Jul 02 15:17:12 UTC 2013 + Serial Number (hex): 00875635d0b82c569d3959483542c3f9bd + Revoked at: Tue Jul 02 15:58:41 UTC 2013 + Serial Number (hex): 4f77b9e447dae5d7aa42898b0b02bb66 + Revoked at: Tue Jul 02 16:16:16 UTC 2013 + Serial Number (hex): 290f8496f6f10502a463853e5fe915d5 + Revoked at: Tue Jul 02 16:20:06 UTC 2013 + Serial Number (hex): 009c304d9548aef21ccf2b52daa1304f43 + Revoked at: Tue Jul 02 16:30:50 UTC 2013 + Serial Number (hex): 7f1f0d9bf093eed51a2ed750f0e836 + Revoked at: Tue Jul 02 16:36:29 UTC 2013 + Serial Number (hex): 7c5be529bd04535d6104e5e40e5c40d0 + Revoked at: Tue Jul 02 16:37:15 UTC 2013 + Serial Number (hex): 73b21a937d23b6d615cbdbea880dca8c + Revoked at: Tue Jul 02 17:13:21 UTC 2013 + Serial Number (hex): 574783d63df2d014aae5cd6e23fea2fa + Revoked at: Tue Jul 02 17:22:44 UTC 2013 + Serial Number (hex): 5bb79dadbaf4914a3266d755f43bcb47 + Revoked at: Tue Jul 02 20:00:35 UTC 2013 + Serial Number (hex): 00adf77c469dca834d829b93bd3065357e + Revoked at: Tue Jul 02 20:45:33 UTC 2013 + Serial Number (hex): 4dd2e953f446995b5976a9bed4230395 + Revoked at: Tue Jul 02 21:04:55 UTC 2013 + Serial Number (hex): 56d51ee275a3984c3906dee75a0e9b93 + Revoked at: Tue Jul 02 21:34:34 UTC 2013 + Serial Number (hex): 7f46aba95f9670716b08e703a3c8ae8b + Revoked at: Tue Jul 02 21:34:36 UTC 2013 + Serial Number (hex): 00c2c74924022e82d7052e05e616596dac + Revoked at: Tue Jul 02 21:34:43 UTC 2013 + Serial Number (hex): 27ad3cb053cf3cfd7a049e90d6d24892 + Revoked at: Tue Jul 02 21:34:47 UTC 2013 + Serial Number (hex): 00930b30f864e47c19d31d0b617e130da5 + Revoked at: Tue Jul 02 21:34:49 UTC 2013 + Serial Number (hex): 00fb2998e2619622d95230da65b09173b1 + Revoked at: Tue Jul 02 21:34:53 UTC 2013 + Serial Number (hex): 0092620735301ef430bb38d54549b50c33 + Revoked at: Wed Jul 03 08:37:32 UTC 2013 + Serial Number (hex): 00f47eca7cbf94003515e996a0cc835de4 + Revoked at: Wed Jul 03 08:46:52 UTC 2013 + Serial Number (hex): 00fdb4f1089c74bc21b23044a1a64a21ea + Revoked at: Wed Jul 03 11:31:55 UTC 2013 + Serial Number (hex): 0b4eda42137bcdb53c79d361cf976fbc + Revoked at: Wed Jul 03 14:21:10 UTC 2013 + Serial Number (hex): 0e832c5f562cf17d6d52ee4b638d4b23 + Revoked at: Wed Jul 03 14:22:11 UTC 2013 + Serial Number (hex): 00899b8f02558f70af754ea478986b5a8a + Revoked at: Wed Jul 03 14:32:35 UTC 2013 + Serial Number (hex): 00e79b768453b2491ef2db0e723ef1926f + Revoked at: Wed Jul 03 14:32:43 UTC 2013 + Serial Number (hex): 0087ec4b35dc4b0a581e496feedb830b0c + Revoked at: Wed Jul 03 14:34:15 UTC 2013 + Serial Number (hex): 00a8c5bae5f516009bda2cce42fc54df65 + Revoked at: Wed Jul 03 14:37:20 UTC 2013 + Serial Number (hex): 2433ae58cd46e95ec98600861c7e6cf9 + Revoked at: Wed Jul 03 14:42:59 UTC 2013 + Serial Number (hex): 4ec116b289ce8df3a4716e7c879354bf + Revoked at: Wed Jul 03 14:44:10 UTC 2013 + Serial Number (hex): 3fbbad0e2588be85684dee75b98b9ac0 + Revoked at: Wed Jul 03 15:12:46 UTC 2013 + Serial Number (hex): 6edd26c8c21c579c3ac28c23ba7622c7 + Revoked at: Wed Jul 03 15:31:15 UTC 2013 + Serial Number (hex): 4c776ad69915bba3cb38db565e785cab + Revoked at: Wed Jul 03 15:45:37 UTC 2013 + Serial Number (hex): 00ea043d7c31972af1e423ec68c8e802f8 + Revoked at: Wed Jul 03 17:42:11 UTC 2013 + Serial Number (hex): 646d95a97fc34627d9824a7bb61d2af9 + Revoked at: Wed Jul 03 17:43:06 UTC 2013 + Serial Number (hex): 00c4210f3370a2ea2db788b620678b9faa + Revoked at: Wed Jul 03 17:52:49 UTC 2013 + Serial Number (hex): 00cc943ea275127805fb1b9de820d26fa5 + Revoked at: Wed Jul 03 18:12:14 UTC 2013 + Serial Number (hex): 2dc17f03649477377c0d6d8dfce6ebe2 + Revoked at: Wed Jul 03 18:14:59 UTC 2013 + Serial Number (hex): 00d75737586acbd59007a5d2dc0e0aa036 + Revoked at: Wed Jul 03 19:04:53 UTC 2013 + Serial Number (hex): 625c1846ae0e521ecaafc418cc47b87e + Revoked at: Thu Jul 04 11:06:19 UTC 2013 + Serial Number (hex): 3a4286e59559a7510f86dc77df070336 + Revoked at: Thu Jul 04 13:17:57 UTC 2013 + Serial Number (hex): 00a28cf9c83a5715066680e337cd0d195f + Revoked at: Thu Jul 04 14:27:30 UTC 2013 + Serial Number (hex): 780a597550c0ff9247036132ad7b9ef4 + Revoked at: Thu Jul 04 17:19:20 UTC 2013 + Serial Number (hex): 00f88f4dd04d59869dc24abb3904a6a8fe + Revoked at: Thu Jul 04 20:19:58 UTC 2013 + Serial Number (hex): 00fc8e9020a410797dbfb43ea9dabe253e + Revoked at: Fri Jul 05 07:52:24 UTC 2013 + Serial Number (hex): 00ddc904d53701389b68f6bd6a359116a4 + Revoked at: Fri Jul 05 10:07:29 UTC 2013 + Serial Number (hex): 0081a320cd62a7fe9a1ea2abc673362954 + Revoked at: Fri Jul 05 10:59:03 UTC 2013 + Serial Number (hex): 0b793b1ea9f43105dfa768a78323c032 + Revoked at: Fri Jul 05 11:19:44 UTC 2013 + Serial Number (hex): 2142173904c65b309aafd5541147033b + Revoked at: Fri Jul 05 14:15:40 UTC 2013 + Serial Number (hex): 00c165b2942253d0a1bf4664c334c3eec5 + Revoked at: Fri Jul 05 14:16:39 UTC 2013 + Serial Number (hex): 32a7b12a427c38e1ba4db94237b9cb18 + Revoked at: Fri Jul 05 14:19:16 UTC 2013 + Serial Number (hex): 17cb602ad03d1aaf798a5071b11a4f3a + Revoked at: Fri Jul 05 14:43:23 UTC 2013 + Serial Number (hex): 497697b65ed58db7011eed7dc200f120 + Revoked at: Fri Jul 05 15:00:48 UTC 2013 + Serial Number (hex): 00c364361a8f05f20a9f60b1a456a02d14 + Revoked at: Fri Jul 05 15:24:40 UTC 2013 + Serial Number (hex): 3863d9fa20d857ec3bd30da16f0fee95 + Revoked at: Fri Jul 05 15:56:00 UTC 2013 + Serial Number (hex): 00c303be469e3cd4ffbb959e47937bb302 + Revoked at: Fri Jul 05 16:48:24 UTC 2013 + Serial Number (hex): 00c159947a338bf817bbf64e35f9135a46 + Revoked at: Fri Jul 05 19:25:49 UTC 2013 + Serial Number (hex): 378a1bc00ed4452188fbf07174eadfde + Revoked at: Fri Jul 05 20:38:23 UTC 2013 + Serial Number (hex): 00bffab192d952c1146d1a00a7e7599d8e + Revoked at: Sat Jul 06 02:13:04 UTC 2013 + Serial Number (hex): 2253a4e2425b71fb87153d0d2fb6b7c4 + Revoked at: Sat Jul 06 05:35:23 UTC 2013 + Serial Number (hex): 58cf05e2a4cfc805d15d87837f8aa6d4 + Revoked at: Mon Jul 08 07:16:44 UTC 2013 + Serial Number (hex): 213ebd7655ca31a7c1d9d9505fd15bc4 + Revoked at: Mon Jul 08 10:43:02 UTC 2013 + Serial Number (hex): 00f3c4039531ea2e714b6e1dc2e3fa130e + Revoked at: Mon Jul 08 10:43:38 UTC 2013 + Serial Number (hex): 47603b849871d1eee0bc7e3d9d760c05 + Revoked at: Mon Jul 08 10:44:13 UTC 2013 + Serial Number (hex): 228f4916cacb8c5ed9e00bcd8d63c0ff + Revoked at: Mon Jul 08 10:44:47 UTC 2013 + Serial Number (hex): 3afd18fc4092e9a1fe6467d78721bfc7 + Revoked at: Mon Jul 08 10:45:54 UTC 2013 + Serial Number (hex): 009ceda89681b584a19635a39c67a266bb + Revoked at: Mon Jul 08 13:30:51 UTC 2013 + Serial Number (hex): 5f48ebae1aabd79940cffbfda482aee3 + Revoked at: Mon Jul 08 13:37:06 UTC 2013 + Serial Number (hex): 00f57dece1aae7b0dc76f3fff29d0d90f1 + Revoked at: Mon Jul 08 14:10:57 UTC 2013 + Serial Number (hex): 0097f2333831c0231cb19d805e87477a93 + Revoked at: Mon Jul 08 16:28:35 UTC 2013 + Serial Number (hex): 00f446b06bcfe26d49a1e4fc2b81fa8baa + Revoked at: Mon Jul 08 19:13:03 UTC 2013 + Serial Number (hex): 00c99de53500e2a8919ed8f6ac581edce6 + Revoked at: Mon Jul 08 20:53:53 UTC 2013 + Serial Number (hex): 688a9d60d703040ad792792a56a4bf17 + Revoked at: Mon Jul 08 22:34:00 UTC 2013 + Serial Number (hex): 00f5857ac1723dd6b45f956121b04c52e9 + Revoked at: Mon Jul 08 22:34:27 UTC 2013 + Serial Number (hex): 0091c5019676d62583fab3ac03026c1891 + Revoked at: Tue Jul 09 01:53:07 UTC 2013 + Serial Number (hex): 78afb020fd5dc9a564ab60d3f1d7fd1e + Revoked at: Tue Jul 09 01:53:20 UTC 2013 + Serial Number (hex): 00ebb80a8acc6f9d47f49256e696f82719 + Revoked at: Tue Jul 09 07:23:10 UTC 2013 + Serial Number (hex): 40d25576b7bbbddb35697867a8d417b4 + Revoked at: Tue Jul 09 12:42:04 UTC 2013 + Serial Number (hex): 00b5ddc66eb92d18146cd93ee28e075eed + Revoked at: Tue Jul 09 12:42:15 UTC 2013 + Serial Number (hex): 6c682402a9d820543708b38207e27ae4 + Revoked at: Tue Jul 09 13:33:06 UTC 2013 + Serial Number (hex): 00a5351db6d265a25cd72668999a7a703e + Revoked at: Tue Jul 09 14:16:48 UTC 2013 + Serial Number (hex): 7845cdf73a1028f8348824af361ccf57 + Revoked at: Tue Jul 09 14:30:41 UTC 2013 + Serial Number (hex): 00d25b6627ab38cefcf0cdcb65754c1f25 + Revoked at: Tue Jul 09 14:32:53 UTC 2013 + Serial Number (hex): 00f8eb127f08e0b6fdac1a9fe0f9df9a24 + Revoked at: Tue Jul 09 14:44:41 UTC 2013 + Serial Number (hex): 6d3d191d09de78b6208c00cc89b42409 + Revoked at: Tue Jul 09 14:45:07 UTC 2013 + Serial Number (hex): 00b4e147f631ce499bdc2d05c6ee7dd7ff + Revoked at: Tue Jul 09 15:43:27 UTC 2013 + Serial Number (hex): 00e2be9ade7eca63358263a365640525f0 + Revoked at: Tue Jul 09 17:12:47 UTC 2013 + Serial Number (hex): 5f5824600c8aef087abd2ff7a7759c2b + Revoked at: Tue Jul 09 17:18:27 UTC 2013 + Serial Number (hex): 2dc25bd8d9541857e29b74007edefd07 + Revoked at: Tue Jul 09 17:51:13 UTC 2013 + Serial Number (hex): 0867f5250e7297e1a99a560e60599af0 + Revoked at: Tue Jul 09 17:54:47 UTC 2013 + Serial Number (hex): 00a69760a99c19bacef812a31cf29bfa83 + Revoked at: Tue Jul 09 18:24:04 UTC 2013 + Serial Number (hex): 00ffc8b99252025db7b31b849a0a5eebf8 + Revoked at: Tue Jul 09 18:51:24 UTC 2013 + Serial Number (hex): 54f759622d6ec22a3ea7328c0f3ddd58 + Revoked at: Tue Jul 09 19:07:59 UTC 2013 + Serial Number (hex): 00d68d582eefbf8ef70b49f3c013868e11 + Revoked at: Tue Jul 09 19:08:10 UTC 2013 + Serial Number (hex): 4166e135d79f19bb92aebe2cc64fcc38 + Revoked at: Tue Jul 09 19:08:20 UTC 2013 + Serial Number (hex): 00ec394edd6a4362ff7863f42c8b063fe3 + Revoked at: Tue Jul 09 19:33:23 UTC 2013 + Serial Number (hex): 00cbfedbc70832e3cc79d903c0fb845bf5 + Revoked at: Tue Jul 09 19:33:28 UTC 2013 + Serial Number (hex): 222ac5ab8386b6817d36a24507616752 + Revoked at: Tue Jul 09 19:40:32 UTC 2013 + Serial Number (hex): 3102e3c173a261607a5bfb9b4a060a73 + Revoked at: Tue Jul 09 19:41:45 UTC 2013 + Serial Number (hex): 681875f0907c71bb1cbeabcfea494b76 + Revoked at: Tue Jul 09 20:57:56 UTC 2013 + Serial Number (hex): 00ca541c917e7e55ae9c08b6b1a1acc2da + Revoked at: Tue Jul 09 22:02:11 UTC 2013 + Serial Number (hex): 2e03c71dd1f027e7d3489930309e42d5 + Revoked at: Tue Jul 09 22:23:37 UTC 2013 + Serial Number (hex): 66b839d0d11db4173f98c0fa8be4782b + Revoked at: Tue Jul 09 22:46:28 UTC 2013 + Serial Number (hex): 00a29f79b7ce07a45eee155dfdfa568dd8 + Revoked at: Wed Jul 10 13:20:08 UTC 2013 + Serial Number (hex): 48499dd4e06de3011877de21abe6cc83 + Revoked at: Wed Jul 10 13:29:37 UTC 2013 + Serial Number (hex): 00c9333427e3f39a35a6a1f3940dffcaa4 + Revoked at: Wed Jul 10 13:36:05 UTC 2013 + Serial Number (hex): 00a5b12735ee17f158b4ca79d70dad4856 + Revoked at: Wed Jul 10 13:43:21 UTC 2013 + Serial Number (hex): 0099bd091759c5ef2e89c4f11724952b3e + Revoked at: Wed Jul 10 17:54:42 UTC 2013 + Serial Number (hex): 149e54af07ec863c0bdff33e8d8cdb14 + Revoked at: Wed Jul 10 18:33:44 UTC 2013 + Serial Number (hex): 61ea094c8ceee1440a41abaa0272b6b7 + Revoked at: Wed Jul 10 18:40:35 UTC 2013 + Serial Number (hex): 19adc570a1a33dcd40c60cd2be4eec13 + Revoked at: Wed Jul 10 18:51:23 UTC 2013 + Serial Number (hex): 00860afff8141ab396450c913670f56d23 + Revoked at: Wed Jul 10 19:20:41 UTC 2013 + Serial Number (hex): 72d555aff746f91911f37d8b4b5a05ce + Revoked at: Wed Jul 10 19:26:19 UTC 2013 + Serial Number (hex): 13f331e1db01a94b2d81eef3cabc23c3 + Revoked at: Wed Jul 10 19:28:18 UTC 2013 + Serial Number (hex): 009d1129f756a6e68e6a9a0b75346c5d33 + Revoked at: Wed Jul 10 19:29:13 UTC 2013 + Serial Number (hex): 06d8356436a1c0429fc3e07e7232eb58 + Revoked at: Wed Jul 10 20:22:43 UTC 2013 + Serial Number (hex): 25f7b8b713f1aa1746e9beac46de518d + Revoked at: Wed Jul 10 20:22:55 UTC 2013 + Serial Number (hex): 17f7847a16c748370d54b15376994058 + Revoked at: Wed Jul 10 20:22:56 UTC 2013 + Serial Number (hex): 2de0c202d3032160e5bd811997358694 + Revoked at: Wed Jul 10 20:22:59 UTC 2013 + Serial Number (hex): 00fefe296b315b4f06c89405e431a15f1f + Revoked at: Wed Jul 10 20:23:11 UTC 2013 + Serial Number (hex): 381ed52aad850cdab8f068e85697b5f5 + Revoked at: Wed Jul 10 20:23:18 UTC 2013 + Serial Number (hex): 6f5d1fa8ed5021fa2bd74c6648291478 + Revoked at: Wed Jul 10 20:23:25 UTC 2013 + Serial Number (hex): 6a7e74d826c5cc5a08567dc831eaeeba + Revoked at: Wed Jul 10 20:23:37 UTC 2013 + Serial Number (hex): 553d9aefdf6400e539b2216615d75513 + Revoked at: Wed Jul 10 20:23:43 UTC 2013 + Serial Number (hex): 00f584b7fddc8ede6bae32975009b86bff + Revoked at: Wed Jul 10 20:56:12 UTC 2013 + Serial Number (hex): 00fe34b21bb3f3201335042de8602b884c + Revoked at: Wed Jul 10 23:39:50 UTC 2013 + Serial Number (hex): 0081f7a1a2c8293bba7b9b1f474cd59e7f + Revoked at: Thu Jul 11 01:37:01 UTC 2013 + Serial Number (hex): 009930839e22c7a8cc510e2921e30d79d9 + Revoked at: Thu Jul 11 01:37:31 UTC 2013 + Serial Number (hex): 00ade386e5b086e920a3235a14c89de8df + Revoked at: Thu Jul 11 07:35:28 UTC 2013 + Serial Number (hex): 0648ce4cae3e25bc4a1181eabc228c89 + Revoked at: Thu Jul 11 08:25:18 UTC 2013 + Serial Number (hex): 79f0577e83af10079dd1a3cca6df794c + Revoked at: Thu Jul 11 11:46:21 UTC 2013 + Serial Number (hex): 00a18dfbc00458d635575051232ca410a2 + Revoked at: Thu Jul 11 13:54:10 UTC 2013 + Serial Number (hex): 0089cafc708bdff11c346d7303c896d139 + Revoked at: Thu Jul 11 14:46:10 UTC 2013 + Serial Number (hex): 1e2931fc8b6db415f50af57804ca7fff + Revoked at: Thu Jul 11 17:05:28 UTC 2013 + Serial Number (hex): 00840704688be98ed12717904a8a8fa31c + Revoked at: Thu Jul 11 17:16:47 UTC 2013 + Serial Number (hex): 00cc33e00ccff2bf67470a5cd33636aca2 + Revoked at: Thu Jul 11 17:16:54 UTC 2013 + Serial Number (hex): 5055ad79cb11eef9546c7dcf992f09e2 + Revoked at: Thu Jul 11 17:19:36 UTC 2013 + Serial Number (hex): 00e33c4092526a385f01e89552f566fe74 + Revoked at: Thu Jul 11 17:37:01 UTC 2013 + Serial Number (hex): 00ab649cbf5bc860a2c68fe282cd6caeef + Revoked at: Thu Jul 11 18:06:00 UTC 2013 + Serial Number (hex): 00a9a5426bdf8ddd5ab79e6a0d6aca8fd4 + Revoked at: Thu Jul 11 18:06:28 UTC 2013 + Serial Number (hex): 6fd1a7186cba0bef4fa14dc79dd3730a + Revoked at: Thu Jul 11 18:08:43 UTC 2013 + Serial Number (hex): 00ff282735b4db77b3db897985c78db0ba + Revoked at: Thu Jul 11 18:34:18 UTC 2013 + Serial Number (hex): 00a3738e3de66f597f91e4dcc24b92a1b5 + Revoked at: Thu Jul 11 18:56:35 UTC 2013 + Serial Number (hex): 00d1b9de37df8a88eb17ccff9a9c5be863 + Revoked at: Thu Jul 11 20:06:09 UTC 2013 + Serial Number (hex): 00991dbf29cf5d5acb28c3254ba554aa2f + Revoked at: Thu Jul 11 20:08:59 UTC 2013 + Serial Number (hex): 00ce75302c8776f5b6f5e9b836f26b2190 + Revoked at: Thu Jul 11 20:09:55 UTC 2013 + Serial Number (hex): 00fa981a8c32b2f0f9487fa95c359895f2 + Revoked at: Thu Jul 11 20:13:49 UTC 2013 + Serial Number (hex): 6b1c57280775c51a4db1374da0cab60d + Revoked at: Thu Jul 11 20:48:23 UTC 2013 + Serial Number (hex): 00fb646ffbbcc4ae25dacb40aaff9fa14f + Revoked at: Thu Jul 11 20:53:26 UTC 2013 + Serial Number (hex): 0097a8c48d65c940e7ec765ebda895a090 + Revoked at: Thu Jul 11 21:06:08 UTC 2013 + Serial Number (hex): 00ee7116bb5a603ce2018b2a517cb57a31 + Revoked at: Thu Jul 11 21:09:09 UTC 2013 + Serial Number (hex): 00a55bead53dcf6fdaadda3f600df17923 + Revoked at: Thu Jul 11 21:14:35 UTC 2013 + Serial Number (hex): 1e8fd58b14240766bca0a8f0830e3bb7 + Revoked at: Thu Jul 11 23:32:05 UTC 2013 + Serial Number (hex): 1f9cbe8261cd510796d67a89af57f91d + Revoked at: Thu Jul 11 23:32:19 UTC 2013 + Serial Number (hex): 0c72e2618256b29fa714d00d91038110 + Revoked at: Fri Jul 12 06:43:14 UTC 2013 + Serial Number (hex): 7a7c5e13017b4ca6fb9ab25ff2bb9777 + Revoked at: Fri Jul 12 07:31:42 UTC 2013 + Serial Number (hex): 009d272ddab4d951cb60665c3f2b250a81 + Revoked at: Fri Jul 12 08:20:37 UTC 2013 + Serial Number (hex): 1814691f6a181f7458ccdf21fcbe359d + Revoked at: Fri Jul 12 10:41:54 UTC 2013 + Serial Number (hex): 4828d14676c0e9ed4ddccfc22f417f00 + Revoked at: Fri Jul 12 13:09:10 UTC 2013 + Serial Number (hex): 034a3758e657fa3459e53dcefa895bff + Revoked at: Fri Jul 12 13:15:32 UTC 2013 + Serial Number (hex): 70647e8b1c93c5ad04d38b74ac87f6da + Revoked at: Fri Jul 12 14:08:58 UTC 2013 + Serial Number (hex): 00c6d38cb02e4d49745f607492ea3defa1 + Revoked at: Fri Jul 12 15:34:46 UTC 2013 + Serial Number (hex): 00b54c89b598494452d27522a5269d7e9e + Revoked at: Fri Jul 12 16:04:15 UTC 2013 + Serial Number (hex): 0087a88e0b3ecdaedf5ddc8e91b6c67020 + Revoked at: Fri Jul 12 16:04:43 UTC 2013 + Serial Number (hex): 00d64d693f8dea6a781c33c64d62884a75 + Revoked at: Fri Jul 12 16:24:30 UTC 2013 + Serial Number (hex): 00a32c32baeb0e22ba0a70c76ea2929e46 + Revoked at: Fri Jul 12 16:33:34 UTC 2013 + Serial Number (hex): 0084a6a3730d3193953cb0a4706e6734e5 + Revoked at: Fri Jul 12 18:06:47 UTC 2013 + Serial Number (hex): 00c9dac217be350f70c1c2849badad5f2d + Revoked at: Fri Jul 12 18:19:28 UTC 2013 + Serial Number (hex): 00c0224a803e2dbd6d1d06508b3f5a0b83 + Revoked at: Fri Jul 12 18:40:20 UTC 2013 + Serial Number (hex): 643640329b053e6cd6a75be95da26f5d + Revoked at: Fri Jul 12 20:03:17 UTC 2013 + Serial Number (hex): 73c62d52e9cda710a9cf306e482f6c6a + Revoked at: Sat Jul 13 01:33:56 UTC 2013 + Serial Number (hex): 15c311192d7b9f34a0f9223406ccebaf + Revoked at: Sat Jul 13 01:34:54 UTC 2013 + Serial Number (hex): 00c7b7ca4853567b52a9d3cba87f7150fd + Revoked at: Sat Jul 13 02:13:06 UTC 2013 + Serial Number (hex): 7d877e00646d619c0d4b07522912d432 + Revoked at: Sat Jul 13 02:56:06 UTC 2013 + Serial Number (hex): 00e99260c885add6f6944daf549a661dea + Revoked at: Mon Jul 15 05:49:03 UTC 2013 + Serial Number (hex): 008c16c102e9c72a527630417554a61c8e + Revoked at: Mon Jul 15 12:32:17 UTC 2013 + Serial Number (hex): 54d3869ffcf97e177d77a4a7a7a1e6e7 + Revoked at: Mon Jul 15 14:31:32 UTC 2013 + Serial Number (hex): 00f263cba832a129b1e143e5a391e0632d + Revoked at: Mon Jul 15 16:03:06 UTC 2013 + Serial Number (hex): 19a4aef88fae084548b9df6a184d71e8 + Revoked at: Mon Jul 15 16:44:00 UTC 2013 + Serial Number (hex): 00a49ce86cf9576d3aa39cecc5bff9cd75 + Revoked at: Mon Jul 15 16:47:05 UTC 2013 + Serial Number (hex): 1be02afe6cf4606df9b92da71b0fd804 + Revoked at: Mon Jul 15 17:49:32 UTC 2013 + Serial Number (hex): 00faab8f5e6e04ef4448e2016db4b94be8 + Revoked at: Mon Jul 15 18:34:12 UTC 2013 + Serial Number (hex): 65bf7291d84bd824d26a9f81fc95f53c + Revoked at: Mon Jul 15 19:07:49 UTC 2013 + Serial Number (hex): 19900ce052fad8013c8dd036b53df7df + Revoked at: Mon Jul 15 19:55:36 UTC 2013 + Serial Number (hex): 00951baa6744822be7e2669f43c1b49f5b + Revoked at: Mon Jul 15 19:59:43 UTC 2013 + Serial Number (hex): 5514183835680b7c66645c87772d83cc + Revoked at: Mon Jul 15 20:56:16 UTC 2013 + Serial Number (hex): 0092a1294ad247896fef9cea0f58b9211f + Revoked at: Mon Jul 15 20:56:59 UTC 2013 + Serial Number (hex): 00da027d6106a19fc6d66feafe158a5808 + Revoked at: Tue Jul 16 02:54:08 UTC 2013 + Serial Number (hex): 35c7fb05d0bc3080d5d714b9b96d80af + Revoked at: Tue Jul 16 06:11:03 UTC 2013 + Serial Number (hex): 6791e8aa28d8f8a4873556a3ed04521f + Revoked at: Tue Jul 16 09:57:06 UTC 2013 + Serial Number (hex): 0beb648e3cbfa83e8ccfebe4e96ff32d + Revoked at: Tue Jul 16 13:50:32 UTC 2013 + Serial Number (hex): 5c45bb48e66a2b39de5f95e171ab2838 + Revoked at: Tue Jul 16 13:51:56 UTC 2013 + Serial Number (hex): 008b650b72ddfa100bbc7f6db4059cffab + Revoked at: Tue Jul 16 14:43:52 UTC 2013 + Serial Number (hex): 762994c1b9e3eaaba3224e79d0671168 + Revoked at: Tue Jul 16 14:48:16 UTC 2013 + Serial Number (hex): 2fb57778b60201f360eeb1b2a71c935b + Revoked at: Tue Jul 16 15:14:41 UTC 2013 + Serial Number (hex): 00de1ac34026284b3ec2106014aca65ed1 + Revoked at: Tue Jul 16 15:20:25 UTC 2013 + Serial Number (hex): 0ee01fca18eec2cb48c512fa1b3b5ae0 + Revoked at: Tue Jul 16 15:35:03 UTC 2013 + Serial Number (hex): 1881877978020fdc4796515acf04d310 + Revoked at: Tue Jul 16 15:40:06 UTC 2013 + Serial Number (hex): 00cd356a802759b9cfff7124997bc42e98 + Revoked at: Tue Jul 16 17:03:27 UTC 2013 + Serial Number (hex): 00ebff2c108a84a4ef9da92e6dddc49f04 + Revoked at: Tue Jul 16 17:21:10 UTC 2013 + Serial Number (hex): 4e27a4f8805ae28f5d70f1188f0a3ebb + Revoked at: Tue Jul 16 18:19:32 UTC 2013 + Serial Number (hex): 07f28738ad058fac4e8636768317a6b6 + Revoked at: Tue Jul 16 18:52:06 UTC 2013 + Serial Number (hex): 6ea29611425c0b8cf0544e81e1108912 + Revoked at: Tue Jul 16 18:55:09 UTC 2013 + Serial Number (hex): 296dcc25cceceec816e89d4d457a5eda + Revoked at: Tue Jul 16 19:05:59 UTC 2013 + Serial Number (hex): 00dea7182df43c61da339ddf0a56522132 + Revoked at: Tue Jul 16 20:05:49 UTC 2013 + Serial Number (hex): 008dae4460ce00bb67b1c40654ae59ba08 + Revoked at: Tue Jul 16 20:24:15 UTC 2013 + Serial Number (hex): 23fc47ef80c631340fb85b24df464b49 + Revoked at: Wed Jul 17 11:53:35 UTC 2013 + Serial Number (hex): 3d938616f975de25c7295c72e4894db3 + Revoked at: Wed Jul 17 12:27:29 UTC 2013 + Serial Number (hex): 35dc101373144ab7b0bac96d14ff7f92 + Revoked at: Wed Jul 17 12:31:44 UTC 2013 + Serial Number (hex): 518424fd8b88ed89f78ca12d0af618d7 + Revoked at: Wed Jul 17 12:41:49 UTC 2013 + Serial Number (hex): 2ceacf713f0e0dc42db141af6ca5f0ff + Revoked at: Wed Jul 17 12:42:16 UTC 2013 + Serial Number (hex): 3d5691f1800cafebd84cb0e0455d5e07 + Revoked at: Wed Jul 17 14:00:25 UTC 2013 + Serial Number (hex): 00fbe2c732d8479446cd0f486913d82dc8 + Revoked at: Wed Jul 17 14:04:04 UTC 2013 + Serial Number (hex): 2e85427b6607d3f3de00019dbf82fa6a + Revoked at: Wed Jul 17 14:09:57 UTC 2013 + Serial Number (hex): 6dbe34a6c8aaca1b208eaaa4f600de49 + Revoked at: Wed Jul 17 14:10:07 UTC 2013 + Serial Number (hex): 46b66dac8887a3f7f29ff81f68e4fe2b + Revoked at: Wed Jul 17 14:10:36 UTC 2013 + Serial Number (hex): 4ef82908b936dfa2495fa5b56aa6340a + Revoked at: Wed Jul 17 14:10:45 UTC 2013 + Serial Number (hex): 09165084d6bea408db8fc6ffda9792e6 + Revoked at: Wed Jul 17 14:30:48 UTC 2013 + Serial Number (hex): 00af0702b3b9023174f143371c8006c350 + Revoked at: Wed Jul 17 14:51:57 UTC 2013 + Serial Number (hex): 5f9b7264fbf5da2511d38478b0b19e3b + Revoked at: Wed Jul 17 14:59:22 UTC 2013 + Serial Number (hex): 3f02ac896817c9d4879343e2d1aec418 + Revoked at: Wed Jul 17 15:44:14 UTC 2013 + Serial Number (hex): 00a141aa0d8aba01a33c4ebbf80b727734 + Revoked at: Wed Jul 17 15:55:38 UTC 2013 + Serial Number (hex): 56b2397125c97f7a1a54612107c2630f + Revoked at: Wed Jul 17 16:49:46 UTC 2013 + Serial Number (hex): 040cfededdc4bff8a0a0f972d5cfe147 + Revoked at: Wed Jul 17 17:42:00 UTC 2013 + Serial Number (hex): 771c86909b679e12cb5eee6657863bd1 + Revoked at: Wed Jul 17 18:22:44 UTC 2013 + Serial Number (hex): 61592e5381da596d4691844d15da2b95 + Revoked at: Wed Jul 17 18:25:30 UTC 2013 + Serial Number (hex): 00b511e36827c5a9310b717cf4f295526b + Revoked at: Wed Jul 17 18:26:11 UTC 2013 + Serial Number (hex): 00ea83c912a90931c7957f136fb2b11e9f + Revoked at: Thu Jul 18 08:03:42 UTC 2013 + Serial Number (hex): 00de480e012a578b47219f4d28d21ba04b + Revoked at: Thu Jul 18 15:02:47 UTC 2013 + Serial Number (hex): 0086130f6d5f49e4c4eda276230f41bc7a + Revoked at: Thu Jul 18 15:15:04 UTC 2013 + Serial Number (hex): 00e4429922b1110764d2ad32e80ed00723 + Revoked at: Thu Jul 18 15:15:16 UTC 2013 + Serial Number (hex): 00b7daba9238809374d38cea7c52b6768c + Revoked at: Thu Jul 18 15:36:01 UTC 2013 + Serial Number (hex): 72cee895aa419429b2379519ea4c84e4 + Revoked at: Thu Jul 18 16:53:28 UTC 2013 + Serial Number (hex): 0091053e7f44f7911d6bbd235b158350c8 + Revoked at: Thu Jul 18 19:05:27 UTC 2013 + Serial Number (hex): 00adbd1b8e74625e4ec25b63e85a5e625e + Revoked at: Thu Jul 18 19:13:07 UTC 2013 + Serial Number (hex): 03e1747813f0460fb87117a9aeab65c5 + Revoked at: Thu Jul 18 20:31:39 UTC 2013 + Serial Number (hex): 00cc4c75226d585474e5a88f80f26f3102 + Revoked at: Thu Jul 18 20:31:42 UTC 2013 + Serial Number (hex): 00c255430c7e24869d02c4fba4370ba6b4 + Revoked at: Thu Jul 18 21:28:04 UTC 2013 + Serial Number (hex): 20590eaeb5a9c67dd83153c9d4269c76 + Revoked at: Fri Jul 19 02:13:04 UTC 2013 + Serial Number (hex): 5d2860c3cd06c1c8d94a3c152eb76415 + Revoked at: Fri Jul 19 09:06:40 UTC 2013 + Serial Number (hex): 009dce47d3a44d5e324aeecdbfab70baa5 + Revoked at: Fri Jul 19 11:50:19 UTC 2013 + Serial Number (hex): 2c251aaa4cc8e3c4147cc8f62bb0e18e + Revoked at: Fri Jul 19 11:50:26 UTC 2013 + Serial Number (hex): 00f56c391e180f6757f79a96b75e82e452 + Revoked at: Fri Jul 19 11:50:35 UTC 2013 + Serial Number (hex): 6c34de05d35b9214c177321e1898b6b1 + Revoked at: Fri Jul 19 12:53:54 UTC 2013 + Serial Number (hex): 00ec5534868ab84e8f897b2000069e1d1d + Revoked at: Fri Jul 19 14:17:37 UTC 2013 + Serial Number (hex): 00f7e6a6e1ab20edaa4cc0518cae4a8bd2 + Revoked at: Fri Jul 19 14:21:04 UTC 2013 + Serial Number (hex): 65281badde22312783df4091f678ec5d + Revoked at: Fri Jul 19 14:25:20 UTC 2013 + Serial Number (hex): 511460ebc4bb0cadc85a534fe1482498 + Revoked at: Fri Jul 19 14:42:22 UTC 2013 + Serial Number (hex): 380a688c88d09b77ea06684a3654133a + Revoked at: Fri Jul 19 14:46:21 UTC 2013 + Serial Number (hex): 3d798671d6e44f28e9754207fa00b252 + Revoked at: Fri Jul 19 16:04:24 UTC 2013 + Serial Number (hex): 1551ee69fa54fd584dd9040a57d2157a + Revoked at: Fri Jul 19 16:43:53 UTC 2013 + Serial Number (hex): 6583b487b9213af478d761ff9f29b7c5 + Revoked at: Fri Jul 19 17:01:10 UTC 2013 + Serial Number (hex): 1b61ed4b614ee0a78a762cac0dbbc680 + Revoked at: Fri Jul 19 17:20:12 UTC 2013 + Serial Number (hex): 009335a3f77d6126881f8f3eaf58827029 + Revoked at: Fri Jul 19 17:45:03 UTC 2013 + Serial Number (hex): 0fdd66af46892da2a6aadb92a9c42a46 + Revoked at: Fri Jul 19 18:29:00 UTC 2013 + Serial Number (hex): 00a339d66fa081f1f6668c82c8f8c0ac61 + Revoked at: Fri Jul 19 18:29:35 UTC 2013 + Serial Number (hex): 32b22e289af9f99f8abe73d9d0405ee2 + Revoked at: Fri Jul 19 19:43:35 UTC 2013 + Serial Number (hex): 113a5782c494b45a443097e012f4e1ae + Revoked at: Fri Jul 19 19:43:51 UTC 2013 + Serial Number (hex): 0bd864ca7f8426906a76f722d8d19fe8 + Revoked at: Sat Jul 20 02:13:06 UTC 2013 + Serial Number (hex): 3cd8cad26375a9dc794c738fc3674949 + Revoked at: Mon Jul 22 02:13:05 UTC 2013 + Serial Number (hex): 00e0a7485814c353576454566af248f63f + Revoked at: Mon Jul 22 07:33:30 UTC 2013 + Serial Number (hex): 00e82cb4c548efcfd4e51425403ccd87af + Revoked at: Mon Jul 22 11:17:01 UTC 2013 + Serial Number (hex): 008275f103f8f10166417ed980e6d52afc + Revoked at: Mon Jul 22 13:43:26 UTC 2013 + Serial Number (hex): 1fb881962ed27d431dfcc588d3702508 + Revoked at: Mon Jul 22 15:13:04 UTC 2013 + Serial Number (hex): 00ccd8082b2106587460c5a82af7f0f3e4 + Revoked at: Mon Jul 22 15:46:54 UTC 2013 + Serial Number (hex): 127f6bc6c95cbbb14f6361d577ce965f + Revoked at: Mon Jul 22 16:12:42 UTC 2013 + Serial Number (hex): 42ab71d4336474753aeb4f75203577e5 + Revoked at: Mon Jul 22 18:11:11 UTC 2013 + Serial Number (hex): 67af5b5be53fbd8ea67f4e3dd1f643aa + Revoked at: Mon Jul 22 18:21:52 UTC 2013 + Serial Number (hex): 00c5943f3c66bab3e2424e84feb3a22260 + Revoked at: Mon Jul 22 18:26:12 UTC 2013 + Serial Number (hex): 0085377d0e94b0864d07c2c7b5abf4a1fd + Revoked at: Mon Jul 22 18:33:52 UTC 2013 + Serial Number (hex): 3c95a2ed4a97b2cba550fc9584062702 + Revoked at: Mon Jul 22 18:40:13 UTC 2013 + Serial Number (hex): 049d2028f926803fc14f761febeb97b9 + Revoked at: Mon Jul 22 18:50:37 UTC 2013 + Serial Number (hex): 0087a790d52ae28ac6ab73ccd0d6970cad + Revoked at: Mon Jul 22 18:50:40 UTC 2013 + Serial Number (hex): 00eabd182ad883156cbb4d339f16d82a60 + Revoked at: Mon Jul 22 19:02:22 UTC 2013 + Serial Number (hex): 00e51c27ed07671c8a1e98587f6c86db79 + Revoked at: Mon Jul 22 19:26:19 UTC 2013 + Serial Number (hex): 770be311586bc9cde0ed3e015e814c27 + Revoked at: Mon Jul 22 19:45:06 UTC 2013 + Serial Number (hex): 1f32fafa3d33340599216c47dc7e0fb4 + Revoked at: Mon Jul 22 20:27:36 UTC 2013 + Serial Number (hex): 00f7a428705e824a174d6c4d654e9e14d7 + Revoked at: Mon Jul 22 21:04:14 UTC 2013 + Serial Number (hex): 079b15f52ba61001a84616cd9cbf3f97 + Revoked at: Mon Jul 22 22:26:25 UTC 2013 + Serial Number (hex): 7fa0bd02aff86f944a16d365fed52887 + Revoked at: Tue Jul 23 13:31:59 UTC 2013 + Serial Number (hex): 00a44978a5ce5e11f746086bb645d0953f + Revoked at: Tue Jul 23 13:33:19 UTC 2013 + Serial Number (hex): 00d2c75a2dd7d1de1bbc4f6bef1dbdaa77 + Revoked at: Tue Jul 23 13:39:46 UTC 2013 + Serial Number (hex): 4d48e2806d49f3678cd0ff2cf4116d42 + Revoked at: Tue Jul 23 15:34:01 UTC 2013 + Serial Number (hex): 00fd1599657cc14ce2c750972c677f516a + Revoked at: Tue Jul 23 15:42:44 UTC 2013 + Serial Number (hex): 00d528fe88cd0ea3e26b6506c8ae63a147 + Revoked at: Tue Jul 23 16:11:39 UTC 2013 + Serial Number (hex): 7c3e997055490ac5a5896e17b38f1ce0 + Revoked at: Tue Jul 23 16:16:29 UTC 2013 + Serial Number (hex): 428c635d9a4cd171d08af6366dbe060b + Revoked at: Tue Jul 23 16:32:25 UTC 2013 + Serial Number (hex): 00bbf97ec91720a35b8cc77cd1b65c59a3 + Revoked at: Tue Jul 23 16:33:43 UTC 2013 + Serial Number (hex): 00d25412b69d340823988ac84fddc5af40 + Revoked at: Tue Jul 23 18:24:42 UTC 2013 + Serial Number (hex): 0092438c7177d944ed8af237bf1aa178da + Revoked at: Tue Jul 23 19:14:35 UTC 2013 + Serial Number (hex): 00b5088ce5f95cf69e7007a643e7d27708 + Revoked at: Tue Jul 23 19:44:17 UTC 2013 + Serial Number (hex): 4d6c7c8d042ed909f3e8145ef1384a25 + Revoked at: Tue Jul 23 19:57:52 UTC 2013 + Serial Number (hex): 2e284698889aca1fe1b0b9a751c6327d + Revoked at: Tue Jul 23 20:37:42 UTC 2013 + Serial Number (hex): 00ff2cc586425cac2e23015f1ba26f8c77 + Revoked at: Tue Jul 23 20:43:14 UTC 2013 + Serial Number (hex): 009b37cd49ad50ccb07d66b766b648cf7d + Revoked at: Tue Jul 23 21:51:41 UTC 2013 + Serial Number (hex): 00fdf0a21f317b2f32b8e0e4490c38c42b + Revoked at: Tue Jul 23 21:59:16 UTC 2013 + Serial Number (hex): 76d3a40f54654bc82481a6e34fea8d78 + Revoked at: Tue Jul 23 23:32:49 UTC 2013 + Serial Number (hex): 2cf9d8f3fb484d25274328450dc73af8 + Revoked at: Wed Jul 24 07:57:05 UTC 2013 + Serial Number (hex): 00efea2f4dca1b5597d5faf674868659b5 + Revoked at: Wed Jul 24 08:03:23 UTC 2013 + Serial Number (hex): 00cf5f69d1955d99ba5bc8f9a24b8788b7 + Revoked at: Wed Jul 24 09:11:18 UTC 2013 + Serial Number (hex): 1c46957d6c7bbc1687e7d3284ab645bf + Revoked at: Wed Jul 24 14:19:59 UTC 2013 + Serial Number (hex): 0081576c603113daadb515687070a6bae8 + Revoked at: Wed Jul 24 14:53:43 UTC 2013 + Serial Number (hex): 038a85b49f9e1bcfa0f7fa9bf4c758df + Revoked at: Wed Jul 24 15:56:19 UTC 2013 + Serial Number (hex): 3d3a06030a370ddedf37822a86db9be1 + Revoked at: Wed Jul 24 15:58:56 UTC 2013 + Serial Number (hex): 6534fc7d5729178e91eadc1d0aaa4c81 + Revoked at: Wed Jul 24 16:10:11 UTC 2013 + Serial Number (hex): 009a31cecd86d8da76816983096c4f3b78 + Revoked at: Wed Jul 24 16:43:45 UTC 2013 + Serial Number (hex): 00fd8a6750c3c68363c6be545d5badc520 + Revoked at: Wed Jul 24 16:44:27 UTC 2013 + Serial Number (hex): 4410aa517691d09eab2a697a40fb790d + Revoked at: Wed Jul 24 16:57:14 UTC 2013 + Serial Number (hex): 00cf6d6f37f442bf05ff05d811887cb0e2 + Revoked at: Wed Jul 24 16:57:17 UTC 2013 + Serial Number (hex): 00d49e597db784be370db212be825fd1ba + Revoked at: Wed Jul 24 18:10:11 UTC 2013 + Serial Number (hex): 00efc48bd332139bb5dc492467e27632c3 + Revoked at: Wed Jul 24 18:39:25 UTC 2013 + Serial Number (hex): 00a46b1c21c5b0173b0e9088ceef2cdefa + Revoked at: Wed Jul 24 19:11:40 UTC 2013 + Serial Number (hex): 27611fbea64fe66ce151c66def8892b5 + Revoked at: Wed Jul 24 19:13:36 UTC 2013 + Serial Number (hex): 1f99e9241642f4136a59969847248a37 + Revoked at: Wed Jul 24 20:39:34 UTC 2013 + Serial Number (hex): 00b751334af8353f097ad3ada65fbff43e + Revoked at: Thu Jul 25 06:50:24 UTC 2013 + Serial Number (hex): 00c3362d56d8ea77c1684e39972a3e4dda + Revoked at: Thu Jul 25 07:56:34 UTC 2013 + Serial Number (hex): 79cee8c92a5e9a44ed283176aca33267 + Revoked at: Thu Jul 25 07:58:38 UTC 2013 + Serial Number (hex): 22309f997f1bd7bb11b7b741b9695e09 + Revoked at: Thu Jul 25 15:58:38 UTC 2013 + Serial Number (hex): 00e5c403853562cc2313e03f377409b498 + Revoked at: Thu Jul 25 16:25:21 UTC 2013 + Serial Number (hex): 008159be65af7d236fa397f0682ebfed7a + Revoked at: Thu Jul 25 16:51:09 UTC 2013 + Serial Number (hex): 2245ee41a46fd68fb6c4dc92ab5365e6 + Revoked at: Thu Jul 25 17:21:38 UTC 2013 + Serial Number (hex): 00c472809083b019821af68e3bffe26856 + Revoked at: Thu Jul 25 20:09:19 UTC 2013 + Serial Number (hex): 00a4dd14aa0e61b214f358e0ee95e164b2 + Revoked at: Thu Jul 25 20:33:25 UTC 2013 + Serial Number (hex): 73b903d9d7ab2a7aff4bb794a07fd3b1 + Revoked at: Fri Jul 26 01:38:19 UTC 2013 + Serial Number (hex): 16f1e283f4146cf926f428a88c89c89a + Revoked at: Fri Jul 26 02:13:07 UTC 2013 + Serial Number (hex): 00b9f68827af5da01f6423a5481f75e4b7 + Revoked at: Fri Jul 26 04:36:42 UTC 2013 + Serial Number (hex): 00ece1dadbdce8f159cada392005107a81 + Revoked at: Fri Jul 26 13:11:08 UTC 2013 + Serial Number (hex): 00b1b43de8d1ff3a6fe22bce16a1ba556d + Revoked at: Fri Jul 26 13:24:39 UTC 2013 + Serial Number (hex): 61be91da3f7b1ff60c30239abab3767a + Revoked at: Fri Jul 26 13:29:39 UTC 2013 + Serial Number (hex): 04469438860a8c3e8c5186d1ae7b71cb + Revoked at: Fri Jul 26 14:03:10 UTC 2013 + Serial Number (hex): 0082f6f9703c55c01dd8210d8d5ac8bbb6 + Revoked at: Fri Jul 26 14:21:15 UTC 2013 + Serial Number (hex): 53c70c9b19fd59c3cbc3b8591d85533d + Revoked at: Fri Jul 26 14:35:07 UTC 2013 + Serial Number (hex): 008df3e8054237d1770d8f3dcbf8592f31 + Revoked at: Fri Jul 26 15:02:27 UTC 2013 + Serial Number (hex): 6ce6041d4940671d4bb9e173068c74ec + Revoked at: Fri Jul 26 16:32:43 UTC 2013 + Serial Number (hex): 00ca0d32177223202758e4cbab9d3d6fa7 + Revoked at: Fri Jul 26 16:49:40 UTC 2013 + Serial Number (hex): 0099ff9b017afaf498ecff94fb9629652d + Revoked at: Fri Jul 26 19:50:36 UTC 2013 + Serial Number (hex): 009985a5492ff17000725640aa3a60a6d2 + Revoked at: Fri Jul 26 19:55:43 UTC 2013 + Serial Number (hex): 009d692f0e1467ab8a907bdd472e9e2f8c + Revoked at: Fri Jul 26 20:56:15 UTC 2013 + Serial Number (hex): 73bd4f9947f30b7a286515d2b26e82 + Revoked at: Fri Jul 26 20:57:31 UTC 2013 + Serial Number (hex): 70782e4c1ce5d34936fdf0e497a6adad + Revoked at: Fri Jul 26 21:08:10 UTC 2013 + Serial Number (hex): 2b3bc6df4e05a27ad934fc7e8970840e + Revoked at: Fri Jul 26 21:13:24 UTC 2013 + Serial Number (hex): 00da877669ba0c4eb0eb3c1bf4c2a39b83 + Revoked at: Sat Jul 27 00:59:26 UTC 2013 + Serial Number (hex): 032a60f8ca70827e2acc1bfbd1bbcd5e + Revoked at: Sun Jul 28 02:13:07 UTC 2013 + Serial Number (hex): 00e18493871c95ae7f3e772851e39a76e1 + Revoked at: Sun Jul 28 02:13:07 UTC 2013 + Serial Number (hex): 008b023d1628e9cb266eba00c88efabbef + Revoked at: Sun Jul 28 14:29:42 UTC 2013 + Serial Number (hex): 00ec40f5e1a92aed1602dc9951551e5e25 + Revoked at: Mon Jul 29 08:13:23 UTC 2013 + Serial Number (hex): 4501b23591f0a442ff213803ad7ae1cc + Revoked at: Mon Jul 29 08:43:17 UTC 2013 + Serial Number (hex): 00a1419bb401ca08a17d42569b94020f1e + Revoked at: Mon Jul 29 09:24:32 UTC 2013 + Serial Number (hex): 6011423a1a26d3ac8aa24bd38b25f5ef + Revoked at: Mon Jul 29 11:57:07 UTC 2013 + Serial Number (hex): 00b67d0a28289c370e9a931b3e20daf218 + Revoked at: Mon Jul 29 12:57:24 UTC 2013 + Serial Number (hex): 00925795ab8b8c0b21bfcbcb674a1c02ae + Revoked at: Mon Jul 29 13:21:57 UTC 2013 + Serial Number (hex): 00fdc32b2f470fbe4154205981f31e3e26 + Revoked at: Mon Jul 29 16:14:28 UTC 2013 + Serial Number (hex): 7a2ec2b2459d308305bd976814f12658 + Revoked at: Mon Jul 29 16:15:43 UTC 2013 + Serial Number (hex): 7a257f92b2734ae21255d970db09b7c0 + Revoked at: Mon Jul 29 16:19:27 UTC 2013 + Serial Number (hex): 1801dc4adfafe3e0859764c6af29d5ee + Revoked at: Mon Jul 29 16:20:09 UTC 2013 + Serial Number (hex): 6be68a11940a51ac76ce32811530cfd0 + Revoked at: Mon Jul 29 16:46:19 UTC 2013 + Serial Number (hex): 00d8ebae02e46c0a60cc7c53518acd4b6d + Revoked at: Mon Jul 29 17:02:05 UTC 2013 + Serial Number (hex): 46bae689ef9ff45624d84ceb4948a0 + Revoked at: Mon Jul 29 17:37:25 UTC 2013 + Serial Number (hex): 00cefd08feacb095b5a04dba8b563099d6 + Revoked at: Mon Jul 29 18:04:12 UTC 2013 + Serial Number (hex): 6df2d17d89bae3f4e65369089e6e6221 + Revoked at: Mon Jul 29 18:15:38 UTC 2013 + Serial Number (hex): 00b75ca7cae1132219e1e888f4456a3db8 + Revoked at: Mon Jul 29 19:00:46 UTC 2013 + Serial Number (hex): 4fd9d9adbffd7cfe972224c7d2adfadd + Revoked at: Mon Jul 29 19:46:48 UTC 2013 + Serial Number (hex): 00bb1956845d581090444575145296918e + Revoked at: Tue Jul 30 02:13:06 UTC 2013 + Serial Number (hex): 3c35f5b33985704314733581b91bb6c9 + Revoked at: Tue Jul 30 06:11:37 UTC 2013 + Serial Number (hex): 290c761e393dfa70886bb2c9406617f5 + Revoked at: Tue Jul 30 10:18:43 UTC 2013 + Serial Number (hex): 00d78e8a70b8fdcf7c4bcbf217f57d8e58 + Revoked at: Tue Jul 30 11:38:47 UTC 2013 + Serial Number (hex): 77adeab5f9ac9a38ed66dfbe4a780867 + Revoked at: Tue Jul 30 11:51:44 UTC 2013 + Serial Number (hex): 0e523cdbda33e5521ca6925e55a504fb + Revoked at: Tue Jul 30 15:14:35 UTC 2013 + Serial Number (hex): 7ca387591181e8540eb70f578e4310f5 + Revoked at: Tue Jul 30 16:52:25 UTC 2013 + Serial Number (hex): 00d7860f1eebd02b5e52d5dd1a8a1c46f5 + Revoked at: Tue Jul 30 17:00:17 UTC 2013 + Serial Number (hex): 009d83a03b3ef480dbea525febd0c09e22 + Revoked at: Tue Jul 30 17:16:15 UTC 2013 + Serial Number (hex): 42cdacaf00d4c30685025d3b556827a6 + Revoked at: Tue Jul 30 19:11:38 UTC 2013 + Serial Number (hex): 15fe963f226ddbfbdf09d716e7683f30 + Revoked at: Tue Jul 30 19:12:07 UTC 2013 + Serial Number (hex): 413ea0f18cd4ab5e3c982331712f898b + Revoked at: Tue Jul 30 20:36:49 UTC 2013 + Serial Number (hex): 008722da275ccddc96c15f35da65ffb89b + Revoked at: Tue Jul 30 20:36:51 UTC 2013 + Serial Number (hex): 00a4aeb808edc135979140c4d611c4a9a6 + Revoked at: Tue Jul 30 20:36:53 UTC 2013 + Serial Number (hex): 00e3216e60d7dd5e72db08c06d8b344c17 + Revoked at: Tue Jul 30 20:36:55 UTC 2013 + Serial Number (hex): 677996d971f8a54ffa7281958069fec2 + Revoked at: Tue Jul 30 21:03:47 UTC 2013 + Serial Number (hex): 1d832bb6333b71ccde02b591e44381ea + Revoked at: Tue Jul 30 22:34:22 UTC 2013 + Serial Number (hex): 00f36b7cfdcc9fca8349c82def6a486116 + Revoked at: Tue Jul 30 23:20:46 UTC 2013 + Serial Number (hex): 3499b236512fb53d5f154f1d50750faf + Revoked at: Wed Jul 31 08:10:23 UTC 2013 + Serial Number (hex): 3392416fe426c9d3e3b97f54b4c993f4 + Revoked at: Wed Jul 31 09:36:44 UTC 2013 + Serial Number (hex): 3fd8dbf07385cf6077d03f3d1c050f07 + Revoked at: Wed Jul 31 11:26:05 UTC 2013 + Serial Number (hex): 377e2e1edcd2e8093c8f7e8261ece146 + Revoked at: Wed Jul 31 11:56:12 UTC 2013 + Serial Number (hex): 00cd53010122091586913fa42bbd217fbd + Revoked at: Wed Jul 31 13:01:56 UTC 2013 + Serial Number (hex): 704c19fb56d3257cf8f6c3b2ab388d2e + Revoked at: Wed Jul 31 14:14:24 UTC 2013 + Serial Number (hex): 00acd6924371103e06ba3d396fc97678db + Revoked at: Wed Jul 31 14:35:07 UTC 2013 + Serial Number (hex): 00832bb4c09cc72a816388c73736e5749b + Revoked at: Wed Jul 31 14:38:39 UTC 2013 + Serial Number (hex): 1645ffe5b117573025ebf0d0db0af3f1 + Revoked at: Wed Jul 31 15:52:06 UTC 2013 + Serial Number (hex): 00cb0ef8d97b6729ff58fc9ff47439aa16 + Revoked at: Wed Jul 31 18:13:44 UTC 2013 + Serial Number (hex): 00e042fa0154b4d27494c0831e5bede375 + Revoked at: Wed Jul 31 19:02:03 UTC 2013 + Serial Number (hex): 4f304743cc11ec7c6b0192e894f4b838 + Revoked at: Wed Jul 31 19:13:38 UTC 2013 + Serial Number (hex): 232d943c6eb5f39191b40288a8e35186 + Revoked at: Wed Jul 31 20:41:09 UTC 2013 + Serial Number (hex): 078810c751146f45b7724a8d3d6ba037 + Revoked at: Wed Jul 31 20:47:34 UTC 2013 + Serial Number (hex): 00d11d80c93714699926a17f1a639a3d02 + Revoked at: Wed Jul 31 20:49:20 UTC 2013 + Serial Number (hex): 0096f65abc6217eb4d6a8b67929b491a53 + Revoked at: Wed Jul 31 20:53:53 UTC 2013 + Serial Number (hex): 008eb8bb2806ce3d069c5dd8258c07286f + Revoked at: Wed Jul 31 23:52:07 UTC 2013 + Serial Number (hex): 0c719d0cac3eb12dc4ed524dee6ac608 + Revoked at: Wed Jul 31 23:52:19 UTC 2013 + Serial Number (hex): 00bc97043034477edf1c06f312bcf04c7f + Revoked at: Wed Jul 31 23:52:25 UTC 2013 + Serial Number (hex): 4b40ad9b600ba91799dff4cf99466292 + Revoked at: Wed Jul 31 23:52:34 UTC 2013 + Serial Number (hex): 00995b4f2d6adc4c0abeef4cf1a1947580 + Revoked at: Wed Jul 31 23:52:43 UTC 2013 + Serial Number (hex): 3a0ba59d5cd0a0f7ebf50e5222e8308a + Revoked at: Wed Jul 31 23:52:50 UTC 2013 + Serial Number (hex): 20aa2ab09c6ba650f7aeca61e52f9983 + Revoked at: Thu Aug 01 00:34:22 UTC 2013 + Serial Number (hex): 36b723481fcbbb16627b84a46c484564 + Revoked at: Thu Aug 01 00:34:30 UTC 2013 + Serial Number (hex): 1e2dcf5526c4de4546396d5c1bd6b45b + Revoked at: Thu Aug 01 00:34:38 UTC 2013 + Serial Number (hex): 00caf5412e3882c5e89d5b9366ec2d445e + Revoked at: Thu Aug 01 00:34:49 UTC 2013 + Serial Number (hex): 008c397878fa42923eaf0be3fb71af9d75 + Revoked at: Thu Aug 01 07:44:26 UTC 2013 + Serial Number (hex): 00f2d444ef90ff0f4215b964f9b4ef2c13 + Revoked at: Thu Aug 01 11:34:08 UTC 2013 + Serial Number (hex): 00d1a6efcf8c572572724a2e1f6d662d7d + Revoked at: Thu Aug 01 11:59:32 UTC 2013 + Serial Number (hex): 009b4aa44654e5f814563cdd867c2fe4b2 + Revoked at: Thu Aug 01 13:15:55 UTC 2013 + Serial Number (hex): 009b64b56e2243cc7c18b81b06f590f4d1 + Revoked at: Thu Aug 01 14:38:45 UTC 2013 + Serial Number (hex): 78fe205b139ab68bf88dffa7057d1a0a + Revoked at: Thu Aug 01 14:47:16 UTC 2013 + Serial Number (hex): 04e97649811118a5a83df47ebfd2e731 + Revoked at: Thu Aug 01 15:03:44 UTC 2013 + Serial Number (hex): 00acb2e08f12b48c4915cef780e946a447 + Revoked at: Thu Aug 01 16:27:31 UTC 2013 + Serial Number (hex): 024b7068bbaefd8609d69c610bba6393 + Revoked at: Thu Aug 01 17:26:01 UTC 2013 + Serial Number (hex): 54fb93eda29dcff7d0f6785a90916a39 + Revoked at: Fri Aug 02 10:55:19 UTC 2013 + Serial Number (hex): 00804399811d67194cb24267c8c14f43f8 + Revoked at: Fri Aug 02 11:32:37 UTC 2013 + Serial Number (hex): 405c854d9f7fdcbcc69cb26e96f770db + Revoked at: Fri Aug 02 12:25:49 UTC 2013 + Serial Number (hex): 00b1c7a308427395b9754bb9f0589b4329 + Revoked at: Fri Aug 02 13:11:33 UTC 2013 + Serial Number (hex): 00f7a6d688acc76eee1af63c75d38f45dc + Revoked at: Fri Aug 02 13:38:34 UTC 2013 + Serial Number (hex): 00b168dac2deaa2e515e8c1a46ae6d9f41 + Revoked at: Fri Aug 02 13:48:28 UTC 2013 + Serial Number (hex): 5f4b21cf46e1b8e2cd5337f308753117 + Revoked at: Fri Aug 02 14:34:51 UTC 2013 + Serial Number (hex): 0d38907bc590b0f4c379834bd6aace07 + Revoked at: Fri Aug 02 14:36:42 UTC 2013 + Serial Number (hex): 208a4cb534747bd4d066abb422edb989 + Revoked at: Fri Aug 02 14:47:13 UTC 2013 + Serial Number (hex): 7b4c7c74f92f487d5028478baa03e145 + Revoked at: Fri Aug 02 15:46:09 UTC 2013 + Serial Number (hex): 00a9d56d701df9fb17bf471188658826b9 + Revoked at: Fri Aug 02 18:05:22 UTC 2013 + Serial Number (hex): 098dc88e4a1c1bcc2fe13b29d0755f27 + Revoked at: Fri Aug 02 18:24:29 UTC 2013 + Serial Number (hex): 00e92ec527c23e57aab1e1ebcd8b72a610 + Revoked at: Fri Aug 02 20:18:38 UTC 2013 + Serial Number (hex): 0098392044e2cde5f39349aeafd3989d54 + Revoked at: Fri Aug 02 20:18:53 UTC 2013 + Serial Number (hex): 4eec1cf38c684c3f0c6037dc5102d598 + Revoked at: Fri Aug 02 20:19:01 UTC 2013 + Serial Number (hex): 1216795d85461b9f2e8ed75e5dacbc2c + Revoked at: Fri Aug 02 20:37:29 UTC 2013 + Serial Number (hex): 7478f9a9f1a02ec75000040ca3bbd370 + Revoked at: Fri Aug 02 22:13:44 UTC 2013 + Serial Number (hex): 00f8001299936e1cb28bbb7672d6cf08e0 + Revoked at: Fri Aug 02 22:14:39 UTC 2013 + Serial Number (hex): 773a74cf8022be087da76852133252bc + Revoked at: Fri Aug 02 23:03:28 UTC 2013 + Serial Number (hex): 00fbc0192ce164a9d9726512fc6841fc43 + Revoked at: Sat Aug 03 21:04:57 UTC 2013 + Serial Number (hex): 3f8bfc8f8dbf0253baf87cac2fb1d106 + Revoked at: Mon Aug 05 03:11:20 UTC 2013 + Serial Number (hex): 00bdda3ad0817c7479f40f98b80f83e1fe + Revoked at: Mon Aug 05 09:50:21 UTC 2013 + Serial Number (hex): 11fb0f4ceb97e192fd6faedb571a37ac + Revoked at: Mon Aug 05 11:00:58 UTC 2013 + Serial Number (hex): 784a87d2cb76db89ba3bd89d1ea33f7c + Revoked at: Mon Aug 05 13:23:50 UTC 2013 + Serial Number (hex): 0341444ace750215c6154eb72c14c136 + Revoked at: Mon Aug 05 13:29:00 UTC 2013 + Serial Number (hex): 4c58b3d7e7af5f876e12a5c8de1a16e3 + Revoked at: Mon Aug 05 13:29:53 UTC 2013 + Serial Number (hex): 5ee9732eb129917552d7a6ad8aef585e + Revoked at: Mon Aug 05 14:20:42 UTC 2013 + Serial Number (hex): 578410dd10854c618447a8fcf8571b19 + Revoked at: Mon Aug 05 16:07:43 UTC 2013 + Serial Number (hex): 54d8f62839ebcd7134a355f27cc9226b + Revoked at: Mon Aug 05 17:08:41 UTC 2013 + Serial Number (hex): 24de71f1b5b7dff781fb3db2d2d4e1f8 + Revoked at: Mon Aug 05 18:06:49 UTC 2013 + Serial Number (hex): 00a2df8824c86f129ec710a7fb9ce2ab0c + Revoked at: Mon Aug 05 19:16:12 UTC 2013 + Serial Number (hex): 00d6e17a438b1e5f1f40c9ef256671cd3c + Revoked at: Tue Aug 06 02:28:58 UTC 2013 + Serial Number (hex): 3ee450f36fa44daa877f319936d7c0fa + Revoked at: Tue Aug 06 07:51:13 UTC 2013 + Serial Number (hex): 135159e1e472604da431b245fe0b3e0e + Revoked at: Tue Aug 06 12:25:17 UTC 2013 + Serial Number (hex): 00b42f7a1fd8416700e50f7d66abcb141e + Revoked at: Tue Aug 06 15:10:16 UTC 2013 + Serial Number (hex): 00eee198bee7a2c95aa85de9fd44d3b9c6 + Revoked at: Tue Aug 06 15:13:45 UTC 2013 + Serial Number (hex): 00d5bc71d3ffdad5cbf1fb4e748dd39f1a + Revoked at: Tue Aug 06 16:03:41 UTC 2013 + Serial Number (hex): 00cf4314d8aa8a621e03f873d5eeb51129 + Revoked at: Tue Aug 06 16:25:05 UTC 2013 + Serial Number (hex): 00bba57f94c09451be9daf6fe98b2e9a89 + Revoked at: Tue Aug 06 18:03:02 UTC 2013 + Serial Number (hex): 1e3fc6b61f56eb11d76f59d4ed5c3545 + Revoked at: Wed Aug 07 09:13:50 UTC 2013 + Serial Number (hex): 00805a2d5c5c41de03117c63c34e033170 + Revoked at: Wed Aug 07 15:03:44 UTC 2013 + Serial Number (hex): 00f1fb58696c7372f0c024826b3703157f + Revoked at: Wed Aug 07 15:16:57 UTC 2013 + Serial Number (hex): 7651d3e33b0429bec5b8b3db598c74b9 + Revoked at: Wed Aug 07 16:58:44 UTC 2013 + Serial Number (hex): 0d28a4ed7fa60a0ccacb25538f59039c + Revoked at: Wed Aug 07 18:24:53 UTC 2013 + Serial Number (hex): 0089c8f9e6fbead50187bf40fbbcdcf1e1 + Revoked at: Wed Aug 07 18:55:47 UTC 2013 + Serial Number (hex): 4cfd05c01a2aeb306a05f0bc6a5dc1fa + Revoked at: Wed Aug 07 19:00:43 UTC 2013 + Serial Number (hex): 00be27d0c629d53f54483a6ad439b85134 + Revoked at: Wed Aug 07 19:03:11 UTC 2013 + Serial Number (hex): 1a1bc50a38688d0d9e48d66c29d06ccd + Revoked at: Wed Aug 07 19:06:09 UTC 2013 + Serial Number (hex): 27d289d19c5d803b8d3a8f8f632c0e73 + Revoked at: Wed Aug 07 19:40:31 UTC 2013 + Serial Number (hex): 26971561e3e8a7a1cacf5c7142fe995e + Revoked at: Wed Aug 07 19:51:20 UTC 2013 + Serial Number (hex): 009a6f4bcb1da6333fd257053f08cb43b7 + Revoked at: Thu Aug 08 05:43:04 UTC 2013 + Serial Number (hex): 659a665695455619826df904eb503035 + Revoked at: Thu Aug 08 10:57:04 UTC 2013 + Serial Number (hex): 00fad2307062ed6a951173a6b6ef8a497f + Revoked at: Thu Aug 08 16:07:41 UTC 2013 + Serial Number (hex): 7954484a5cea6618e8f242f1eecb1956 + Revoked at: Thu Aug 08 17:22:55 UTC 2013 + Serial Number (hex): 201e2d032ed74416ea60299afc56e47a + Revoked at: Thu Aug 08 18:14:02 UTC 2013 + Serial Number (hex): 00c948b1afaef889958a040473579addd7 + Revoked at: Thu Aug 08 18:16:44 UTC 2013 + Serial Number (hex): 00f6d3285c19c269b394d30ab6f5f93619 + Revoked at: Thu Aug 08 18:53:05 UTC 2013 + Serial Number (hex): 034b18355a4606e92c1bd9573b348edb + Revoked at: Thu Aug 08 19:40:06 UTC 2013 + Serial Number (hex): 00c99d8c9e96068792781a18f789ecca21 + Revoked at: Thu Aug 08 19:44:24 UTC 2013 + Serial Number (hex): 0096b9c80a1747fc0db480aea6bef740c1 + Revoked at: Thu Aug 08 20:34:21 UTC 2013 + Serial Number (hex): 00dae70c518973a5eae4eec0aee0765f0d + Revoked at: Thu Aug 08 21:43:04 UTC 2013 + Serial Number (hex): 00d4eeb3b6374729bd18a0e08ebc5c9089 + Revoked at: Fri Aug 09 09:58:34 UTC 2013 + Serial Number (hex): 49c9f156b89af7eec07411f89f06a20b + Revoked at: Fri Aug 09 13:11:21 UTC 2013 + Serial Number (hex): 00b4989cbfba2c3048669374e665808b23 + Revoked at: Fri Aug 09 13:26:45 UTC 2013 + Serial Number (hex): 279661ebffc63776aad462db269ba40c + Revoked at: Fri Aug 09 15:02:40 UTC 2013 + Serial Number (hex): 0126236c5fba10854cc94bce5b6bac5f + Revoked at: Fri Aug 09 15:42:05 UTC 2013 + Serial Number (hex): 00c29dbffbcf6570b8e2566005d3d06cd8 + Revoked at: Fri Aug 09 16:39:09 UTC 2013 + Serial Number (hex): 00be295d3964d493f0916138057f764327 + Revoked at: Fri Aug 09 17:55:57 UTC 2013 + Serial Number (hex): 56d2f0c2114c610f0b99a6229a4c72df + Revoked at: Fri Aug 09 18:02:49 UTC 2013 + Serial Number (hex): 0091cf16ad47a3cdbb7b2f1fb918ca1c39 + Revoked at: Fri Aug 09 18:05:46 UTC 2013 + Serial Number (hex): 074c15eff3a8c35420bee053242f478d + Revoked at: Fri Aug 09 18:34:14 UTC 2013 + Serial Number (hex): 67860e589238bfc7c571211a1035df11 + Revoked at: Fri Aug 09 18:46:19 UTC 2013 + Serial Number (hex): 3873e4719279f65c5653b5f2af23c9d1 + Revoked at: Fri Aug 09 18:55:54 UTC 2013 + Serial Number (hex): 5167f2fabfb2a4d125256576df31785a + Revoked at: Fri Aug 09 19:48:28 UTC 2013 + Serial Number (hex): 00afbb6e4e85496711d6e0f94d913add5c + Revoked at: Fri Aug 09 20:00:44 UTC 2013 + Serial Number (hex): 00b49068eb7af1f50bbf05dae2873035b1 + Revoked at: Fri Aug 09 21:11:10 UTC 2013 + Serial Number (hex): 1f846c262b8920f4864e3891a74602f0 + Revoked at: Sat Aug 10 19:38:51 UTC 2013 + Serial Number (hex): 00ae0764400244e82795fe851bbad372 + Revoked at: Sun Aug 11 02:13:11 UTC 2013 + Serial Number (hex): 0364e5a3efa2ba055208471ff1ec4bb4 + Revoked at: Sun Aug 11 02:13:12 UTC 2013 + Serial Number (hex): 7a91266481d562efed0a08dad3e90343 + Revoked at: Sun Aug 11 02:13:12 UTC 2013 + Serial Number (hex): 00f7bf95c83467e4dfc1e9a7876d2161fe + Revoked at: Sun Aug 11 19:50:22 UTC 2013 + Serial Number (hex): 5c1aea667fc4d3a6cfa468a7ce7b1c79 + Revoked at: Sun Aug 11 22:38:55 UTC 2013 + Serial Number (hex): 00a57493366c8fddf9de3f465baa1ec241 + Revoked at: Mon Aug 12 04:45:16 UTC 2013 + Serial Number (hex): 2770a6e2408d392b67901464fff579bc + Revoked at: Mon Aug 12 06:43:51 UTC 2013 + Serial Number (hex): 00bc7254dcd36152235bfa77fe4bfbe542 + Revoked at: Mon Aug 12 12:52:58 UTC 2013 + Serial Number (hex): 00ec1e081a175f34004f83c45b1981c13e + Revoked at: Mon Aug 12 13:28:35 UTC 2013 + Serial Number (hex): 00dceeb3ac87bdc3b3f2b4ecef96365ccf + Revoked at: Mon Aug 12 14:02:18 UTC 2013 + Serial Number (hex): 00b2d6471a4bd249cef48f82895d5245a4 + Revoked at: Mon Aug 12 14:14:04 UTC 2013 + Serial Number (hex): 00a4045f544442dc0849b173b8bdecd15e + Revoked at: Mon Aug 12 17:05:33 UTC 2013 + Serial Number (hex): 00af4c7719debb62adf85c8cb70541f8fd + Revoked at: Mon Aug 12 17:36:00 UTC 2013 + Serial Number (hex): 7245938b428af156f61a1624d914bb93 + Revoked at: Mon Aug 12 17:40:52 UTC 2013 + Serial Number (hex): 00a735f413728b3d9eaefa68f0f94748f4 + Revoked at: Mon Aug 12 19:17:20 UTC 2013 + Serial Number (hex): 00f5d75cc709e92befee7a070defe7f56d + Revoked at: Mon Aug 12 19:26:11 UTC 2013 + Serial Number (hex): 550d7535f358be6499667b289dd6853f + Revoked at: Mon Aug 12 19:27:54 UTC 2013 + Serial Number (hex): 00d1780cb76aa4966b9868a46bc5328ffe + Revoked at: Mon Aug 12 19:28:25 UTC 2013 + Serial Number (hex): 6759e87ee6acfea13306c96cc0ffcacf + Revoked at: Mon Aug 12 19:28:52 UTC 2013 + Serial Number (hex): 00afaffc8bac430ca61290a4c5e30eb23d + Revoked at: Tue Aug 13 02:13:09 UTC 2013 + Serial Number (hex): 57489036a936ce89cc799d660ab008ec + Revoked at: Tue Aug 13 15:14:18 UTC 2013 + Serial Number (hex): 0763c340bb2c076e9c46bc8e7626d16d + Revoked at: Tue Aug 13 15:24:41 UTC 2013 + Serial Number (hex): 0089e1bf485cd4e4388d7285b4caad8353 + Revoked at: Tue Aug 13 15:30:51 UTC 2013 + Serial Number (hex): 00af8757faa59a5fb75ff5d86647def2f1 + Revoked at: Tue Aug 13 15:47:01 UTC 2013 + Serial Number (hex): 3792e03acd44db8ecf3e7990e7f6c4e7 + Revoked at: Tue Aug 13 18:24:24 UTC 2013 + Serial Number (hex): 024605a7ce821fbeded3ba472aad67ab + Revoked at: Tue Aug 13 18:25:45 UTC 2013 + Serial Number (hex): 1f5d574982b19133c8cfc4d4feb947a8 + Revoked at: Tue Aug 13 19:25:39 UTC 2013 + Serial Number (hex): 3284caaa7ae68f93e213fd80cc6feacc + Revoked at: Tue Aug 13 19:33:54 UTC 2013 + Serial Number (hex): 509a72bb464d1b8637768bbd499c964d + Revoked at: Tue Aug 13 23:48:07 UTC 2013 + Serial Number (hex): 2c1e2528a80f7065fe2285d09b96e947 + Revoked at: Wed Aug 14 04:27:15 UTC 2013 + Serial Number (hex): 0097ff752d929cf65bcf787b678726a317 + Revoked at: Wed Aug 14 07:55:05 UTC 2013 + Serial Number (hex): 05f1c0455a145f677dc5d6f482d84d75 + Revoked at: Wed Aug 14 07:55:14 UTC 2013 + Serial Number (hex): 24a0d4ce2a4157e55db14a1a56dffa88 + Revoked at: Wed Aug 14 07:55:24 UTC 2013 + Serial Number (hex): 00abf3abe30c6ecd7eaf61bd74717a4333 + Revoked at: Wed Aug 14 09:09:10 UTC 2013 + Serial Number (hex): 00905ce7375cd0735fc0f2373b9a96f128 + Revoked at: Wed Aug 14 12:31:58 UTC 2013 + Serial Number (hex): 4ab59a7ef434a6455fbe641e3c6427a1 + Revoked at: Wed Aug 14 13:02:47 UTC 2013 + Serial Number (hex): 00fd90b0ab978f14c01f74da5e22dbbf47 + Revoked at: Wed Aug 14 16:53:42 UTC 2013 + Serial Number (hex): 43f6966dfd07bfe226cb60c80ecaef3d + Revoked at: Wed Aug 14 17:25:48 UTC 2013 + Serial Number (hex): 00e3666d1413a86d8fec92028106d15cd4 + Revoked at: Wed Aug 14 19:38:29 UTC 2013 + Serial Number (hex): 7ce394608894fc23b0cd0495319ab0b6 + Revoked at: Wed Aug 14 20:03:54 UTC 2013 + Serial Number (hex): 18999956c9defeeda2acce5b9faa19dd + Revoked at: Thu Aug 15 06:24:44 UTC 2013 + Serial Number (hex): 2c142d2a3d859701ca99fb258c09fd5d + Revoked at: Thu Aug 15 08:21:55 UTC 2013 + Serial Number (hex): 00c3a6ea1eb85d8f890b37d22372c89162 + Revoked at: Thu Aug 15 10:41:23 UTC 2013 + Serial Number (hex): 6bd178db8bf6776bfdedaa5a2350d13f + Revoked at: Thu Aug 15 13:52:53 UTC 2013 + Serial Number (hex): 00bf0d20313fb55e56072d54148c02f022 + Revoked at: Thu Aug 15 14:48:36 UTC 2013 + Serial Number (hex): 00a12b72bf820546d7150e16d1373bb15e + Revoked at: Thu Aug 15 17:40:29 UTC 2013 + Serial Number (hex): 00b8b1d46ce053a98b673c1be5ad4edade + Revoked at: Thu Aug 15 18:24:00 UTC 2013 + Serial Number (hex): 529fe5c9be71804f0c9db64598e756c6 + Revoked at: Thu Aug 15 19:10:10 UTC 2013 + Serial Number (hex): 7192bd0bca88b1775e9c168333a3fe6a + Revoked at: Thu Aug 15 19:10:20 UTC 2013 + Serial Number (hex): 1dc66f7fd3c9b43bf91f9d05c5b22d20 + Revoked at: Thu Aug 15 19:19:57 UTC 2013 + Serial Number (hex): 5c22c031318509eeac4a27292ccc4762 + Revoked at: Thu Aug 15 20:30:48 UTC 2013 + Serial Number (hex): 66a6acecca44669782a3ac661c990305 + Revoked at: Fri Aug 16 08:40:05 UTC 2013 + Serial Number (hex): 00bb323ce2cbbd844a178ca3bb12360297 + Revoked at: Fri Aug 16 08:50:13 UTC 2013 + Serial Number (hex): 7b4f090a89a3d0a71c6d3f187b405446 + Revoked at: Fri Aug 16 13:05:00 UTC 2013 + Serial Number (hex): 00f254f50da3940a669b220cf4fe0e52b4 + Revoked at: Fri Aug 16 15:18:35 UTC 2013 + Serial Number (hex): 00c3f1ed7007992d01a5df243fd22cfa47 + Revoked at: Fri Aug 16 17:12:07 UTC 2013 + Serial Number (hex): 009ee48b2c04c2eb9f5909b4bd1238ef7e + Revoked at: Fri Aug 16 22:47:21 UTC 2013 + Serial Number (hex): 00a28c99c4a2f25a8d3ec56f3d0496d849 + Revoked at: Sat Aug 17 02:13:06 UTC 2013 + Serial Number (hex): 00f648a8cd318282320c38f093737fc183 + Revoked at: Sun Aug 18 16:21:19 UTC 2013 + Serial Number (hex): 009e44a069528e415d7e62563e042135c5 + Revoked at: Mon Aug 19 02:52:28 UTC 2013 + Serial Number (hex): 24ab960764e910a24d3ec8e7a53f090b + Revoked at: Mon Aug 19 02:56:20 UTC 2013 + Serial Number (hex): 00d2b818f32c2b34156a8c34ee3ac4f7ff + Revoked at: Mon Aug 19 03:09:09 UTC 2013 + Serial Number (hex): 00d2ffc961bf3460a3b842fb94f20a1213 + Revoked at: Mon Aug 19 03:19:14 UTC 2013 + Serial Number (hex): 38fabdfa4396077be8decb9a1dea2375 + Revoked at: Mon Aug 19 05:36:25 UTC 2013 + Serial Number (hex): 610587dd0f71871bae58f9148e6d5627 + Revoked at: Mon Aug 19 07:40:38 UTC 2013 + Serial Number (hex): 00b105cdddc7a9a5983fc1acdc700425c3 + Revoked at: Mon Aug 19 11:39:59 UTC 2013 + Serial Number (hex): 00cc88fd1e13b63f408a890e839bf5f36f + Revoked at: Mon Aug 19 13:07:26 UTC 2013 + Serial Number (hex): 00e10e3b64c1cf15c5f6cbd665111feae5 + Revoked at: Mon Aug 19 14:17:43 UTC 2013 + Serial Number (hex): 008e26b822aa29956533020ff280f9301d + Revoked at: Mon Aug 19 14:18:26 UTC 2013 + Serial Number (hex): 39cc7fcd3eb01c2e9c034a26f3f8f779 + Revoked at: Mon Aug 19 15:45:56 UTC 2013 + Serial Number (hex): 0fa900c9fb3e77eb1bbf9a25dd091b47 + Revoked at: Mon Aug 19 18:58:09 UTC 2013 + Serial Number (hex): 715508ef1cfecff2d33da1cc3716b4cb + Revoked at: Mon Aug 19 19:22:02 UTC 2013 + Serial Number (hex): 34594d84bdd2dda4c14b7b05452eab7a + Revoked at: Mon Aug 19 20:51:06 UTC 2013 + Serial Number (hex): 584436c02f35fc9adfc57a7ce8a82918 + Revoked at: Tue Aug 20 08:26:46 UTC 2013 + Serial Number (hex): 00a683250fab21006f61f898e21241e41b + Revoked at: Tue Aug 20 13:09:23 UTC 2013 + Serial Number (hex): 00ce59126795b0199f103989921b9cea89 + Revoked at: Tue Aug 20 13:45:25 UTC 2013 + Serial Number (hex): 5f857d215589b9db267d8a3746b45b23 + Revoked at: Tue Aug 20 14:25:17 UTC 2013 + Serial Number (hex): 00af3150c9acfbf8bad439f58713d2474a + Revoked at: Tue Aug 20 16:46:13 UTC 2013 + Serial Number (hex): 00e1065156e1e9858b0f41e2b2dc6a5a75 + Revoked at: Tue Aug 20 18:34:23 UTC 2013 + Serial Number (hex): 294e857e92d938a0f1ffc83358bf8ccb + Revoked at: Tue Aug 20 19:10:23 UTC 2013 + Serial Number (hex): 00e2b1eed2c1d3130012a5228e846923b1 + Revoked at: Tue Aug 20 20:53:08 UTC 2013 + Serial Number (hex): 00c8e7a642b0425aadc595cb5829b3d817 + Revoked at: Tue Aug 20 22:05:31 UTC 2013 + Serial Number (hex): 03efee3a3f421d5ba0e22f79b08b491b + Revoked at: Wed Aug 21 09:22:21 UTC 2013 + Serial Number (hex): 4fffd7efa9e5c87fc5b00dbff59f4195 + Revoked at: Wed Aug 21 10:54:28 UTC 2013 + Serial Number (hex): 5d90f4567f1e473c4258389b8df257d2 + Revoked at: Wed Aug 21 12:28:10 UTC 2013 + Serial Number (hex): 31ce0beec41a6791d137dc29a7e7d8c6 + Revoked at: Wed Aug 21 12:28:22 UTC 2013 + Serial Number (hex): 009b1b6fd9f12115993dc36184c250be47 + Revoked at: Wed Aug 21 12:28:38 UTC 2013 + Serial Number (hex): 20a2339d4f37067d1f41de562cb7a9a9 + Revoked at: Wed Aug 21 12:28:50 UTC 2013 + Serial Number (hex): 00a099715caad066b83744f3978673ca6b + Revoked at: Wed Aug 21 12:29:00 UTC 2013 + Serial Number (hex): 00c53f2cb746e7579c59df150328300ade + Revoked at: Wed Aug 21 12:29:13 UTC 2013 + Serial Number (hex): 02f25155285316f9eaa00894625dcd02 + Revoked at: Wed Aug 21 12:29:42 UTC 2013 + Serial Number (hex): 00f3a7a34ef7c3e949d81a5fb30a9bd0d3 + Revoked at: Wed Aug 21 12:29:53 UTC 2013 + Serial Number (hex): 00f9fcfe4b066b474151d10cd2df0c7eb6 + Revoked at: Wed Aug 21 12:30:06 UTC 2013 + Serial Number (hex): 66193603ef013280968e8e80ca802c84 + Revoked at: Wed Aug 21 12:30:16 UTC 2013 + Serial Number (hex): 00e23b7f52c5af294e2095c4829b712c0a + Revoked at: Wed Aug 21 12:30:26 UTC 2013 + Serial Number (hex): 00e8cd798a29266edea2ba3ab609f5d891 + Revoked at: Wed Aug 21 12:30:35 UTC 2013 + Serial Number (hex): 6a4badafb710505d325f9263c65a24ab + Revoked at: Wed Aug 21 15:52:16 UTC 2013 + Serial Number (hex): 0c13e3cee7702af48e27ddadc32c8e74 + Revoked at: Wed Aug 21 19:09:20 UTC 2013 + Serial Number (hex): 00ee1b058a70f4b9670f8365acb8a30c57 + Revoked at: Thu Aug 22 02:17:57 UTC 2013 + Serial Number (hex): 783b9d1c2b93c9a9c1bb3fe5ee9d0f16 + Revoked at: Thu Aug 22 14:07:10 UTC 2013 + Serial Number (hex): 00d42357f0a616279940b8865a3747a9cc + Revoked at: Thu Aug 22 14:10:31 UTC 2013 + Serial Number (hex): 00b23a376b1463b282b17da807718858e4 + Revoked at: Thu Aug 22 15:20:26 UTC 2013 + Serial Number (hex): 00d12f23dfd90340f706d25c59797ccab9 + Revoked at: Thu Aug 22 16:17:13 UTC 2013 + Serial Number (hex): 111a444c7175ae43b79da37d7c25d66d + Revoked at: Thu Aug 22 18:40:31 UTC 2013 + Serial Number (hex): 358a0b79ae420e9af83864be7e509fee + Revoked at: Thu Aug 22 18:42:38 UTC 2013 + Serial Number (hex): 00b2c1df305bccdd22438b4324fdc0b4 + Revoked at: Thu Aug 22 18:47:42 UTC 2013 + Serial Number (hex): 3fa390dc3c7f1001ea57249a55867cd7 + Revoked at: Thu Aug 22 19:57:04 UTC 2013 + Serial Number (hex): 62d9b04db682fd9a44406850179e8009 + Revoked at: Thu Aug 22 21:13:21 UTC 2013 + Serial Number (hex): 00a6cb994c1c0e0ef723081659ac2c7161 + Revoked at: Fri Aug 23 08:27:40 UTC 2013 + Serial Number (hex): 00ae31779742b6af0e78024a83ad2cbc98 + Revoked at: Fri Aug 23 08:27:53 UTC 2013 + Serial Number (hex): 48cc4ab3956d5633428822b6e2379126 + Revoked at: Fri Aug 23 12:25:08 UTC 2013 + Serial Number (hex): 009cbd6d870440b1d643d467f95d1c9d1f + Revoked at: Fri Aug 23 13:46:33 UTC 2013 + Serial Number (hex): 00aca54d58e8da2d725caef0d30bb2111d + Revoked at: Fri Aug 23 13:55:13 UTC 2013 + Serial Number (hex): 22508b285b6f51d17e9da843d052acd7 + Revoked at: Fri Aug 23 14:16:23 UTC 2013 + Serial Number (hex): 703f4cab84765cee76766ecedccffa0e + Revoked at: Fri Aug 23 14:27:19 UTC 2013 + Serial Number (hex): 13b21b85b3b6cb26be67e9b66967e432 + Revoked at: Fri Aug 23 14:49:22 UTC 2013 + Serial Number (hex): 703b0e47c151a2f9043f111f788d9390 + Revoked at: Fri Aug 23 15:07:24 UTC 2013 + Serial Number (hex): 00dc491358aee9a6e1246a9ab201f502d5 + Revoked at: Fri Aug 23 15:14:50 UTC 2013 + Serial Number (hex): 63cd62b8a22daf1adb9d46389cd68405 + Revoked at: Fri Aug 23 15:19:47 UTC 2013 + Serial Number (hex): 17ce0e83569af6dec26a2abf16a77f96 + Revoked at: Fri Aug 23 15:19:50 UTC 2013 + Serial Number (hex): 4048c53b3ebf205f14172e7340d83fb0 + Revoked at: Fri Aug 23 16:43:31 UTC 2013 + Serial Number (hex): 00da1b5829ba842faf0171861bd4f4637c + Revoked at: Fri Aug 23 18:25:25 UTC 2013 + Serial Number (hex): 00df5c408079452c4faf0b24aa9efd05aa + Revoked at: Fri Aug 23 19:34:39 UTC 2013 + Serial Number (hex): 5c50690694272838175c476749c164e3 + Revoked at: Sat Aug 24 02:55:33 UTC 2013 + Serial Number (hex): 00e77385cdc287810c541be80be71b3e78 + Revoked at: Mon Aug 26 02:13:05 UTC 2013 + Serial Number (hex): 00b05f67454924ae01d4439141b7da2e87 + Revoked at: Mon Aug 26 02:13:06 UTC 2013 + Serial Number (hex): 7b4d9e0a801cab776b277d9df70a6176 + Revoked at: Mon Aug 26 13:19:49 UTC 2013 + Serial Number (hex): 00ea556ea3c03d309f914e3630788bd157 + Revoked at: Mon Aug 26 14:20:24 UTC 2013 + Serial Number (hex): 00af8249ede68dae5c1064703edc3907de + Revoked at: Mon Aug 26 15:08:49 UTC 2013 + Serial Number (hex): 1bcd4264f4c8c6514eeb985a3155fa35 + Revoked at: Mon Aug 26 18:52:17 UTC 2013 + Serial Number (hex): 009a202c9a1d6f646e2a22088ffd46e488 + Revoked at: Mon Aug 26 18:53:18 UTC 2013 + Serial Number (hex): 5620d2b8fe52b0baa50ce2056f1e6487 + Revoked at: Mon Aug 26 23:15:26 UTC 2013 + Serial Number (hex): 00aabdf20a2032147354653d50daca9391 + Revoked at: Tue Aug 27 01:19:05 UTC 2013 + Serial Number (hex): 3ac43c27d775de06274bb302ea94d7f4 + Revoked at: Tue Aug 27 12:20:26 UTC 2013 + Serial Number (hex): 4e8e841fa3b0c044c732d43e6e70c6d4 + Revoked at: Tue Aug 27 12:20:44 UTC 2013 + Serial Number (hex): 00889dc276a217134506f2067e2900a460 + Revoked at: Tue Aug 27 13:10:04 UTC 2013 + Serial Number (hex): 383dd7ab4a5483bd42e59011cfd794c7 + Revoked at: Tue Aug 27 14:41:21 UTC 2013 + Serial Number (hex): 510070fe94b11d8fee0831e515d4648e + Revoked at: Tue Aug 27 17:22:43 UTC 2013 + Serial Number (hex): 00cde0d66515cd78494d538e45239086fc + Revoked at: Tue Aug 27 17:30:34 UTC 2013 + Serial Number (hex): 64d6796a32e4bc70339f8c7ac8f16038 + Revoked at: Tue Aug 27 18:08:13 UTC 2013 + Serial Number (hex): 009b76badaf88a762da51a64edd4a504ab + Revoked at: Tue Aug 27 18:20:27 UTC 2013 + Serial Number (hex): 008e8d415131d0d70f4c4f95bc0481e507 + Revoked at: Tue Aug 27 18:26:18 UTC 2013 + Serial Number (hex): 536c6002011a28874eb8b6ea7dfac811 + Revoked at: Tue Aug 27 18:26:31 UTC 2013 + Serial Number (hex): 697bea16e0c99a37c139143d39f93c98 + Revoked at: Tue Aug 27 18:48:44 UTC 2013 + Serial Number (hex): 428a7c7a65ef01bac54e938260feb4f9 + Revoked at: Tue Aug 27 19:18:02 UTC 2013 + Serial Number (hex): 1b5a9152bec047b158c53599103dc092 + Revoked at: Tue Aug 27 19:24:15 UTC 2013 + Serial Number (hex): 01541b220e4f75c6392c348e49090c0c + Revoked at: Tue Aug 27 19:24:53 UTC 2013 + Serial Number (hex): 00b9c432e3752aa696ff60818ce689ad37 + Revoked at: Tue Aug 27 19:28:53 UTC 2013 + Serial Number (hex): 710406e85565eb4c1bcfeef1587faeb2 + Revoked at: Tue Aug 27 19:49:54 UTC 2013 + Serial Number (hex): 00cc483612bf6e22973d424e68afa5ed6d + Revoked at: Tue Aug 27 22:51:40 UTC 2013 + Serial Number (hex): 00cb0b4c84ff88427c5d3af92bbf7de532 + Revoked at: Wed Aug 28 08:47:42 UTC 2013 + Serial Number (hex): 00b6cfc1c75d07717e382b9dd3a20d2679 + Revoked at: Wed Aug 28 14:11:00 UTC 2013 + Serial Number (hex): 00d73d428723f03777fbae939ffcfaa177 + Revoked at: Wed Aug 28 14:11:15 UTC 2013 + Serial Number (hex): 61e27f9f1ff099235809adc8db50bc3b + Revoked at: Wed Aug 28 14:35:29 UTC 2013 + Serial Number (hex): 0b45a6521395b50540404523ed517149 + Revoked at: Wed Aug 28 15:40:45 UTC 2013 + Serial Number (hex): 00b1e851082a1e0e1e43a12c3e3ba4e27e + Revoked at: Wed Aug 28 16:10:59 UTC 2013 + Serial Number (hex): 00b9552b56cd0d107b3a32a1042e2f18c9 + Revoked at: Wed Aug 28 16:11:36 UTC 2013 + Serial Number (hex): 00db78bec72808b064b1424e7702bbf6a2 + Revoked at: Wed Aug 28 17:32:25 UTC 2013 + Serial Number (hex): 00ab25692c5e51eabab4a3106b0b08545f + Revoked at: Wed Aug 28 17:45:00 UTC 2013 + Serial Number (hex): 00a5c2c449bb3629d27deb37880081ec04 + Revoked at: Wed Aug 28 17:49:30 UTC 2013 + Serial Number (hex): 00bc11210507aa21e983e2340705e3aa5b + Revoked at: Wed Aug 28 17:49:31 UTC 2013 + Serial Number (hex): 008455e5d3cf1ec7ced53ebbdd167239d3 + Revoked at: Wed Aug 28 17:50:27 UTC 2013 + Serial Number (hex): 7f0fb080105aa510eddddb91923b0a22 + Revoked at: Wed Aug 28 17:50:28 UTC 2013 + Serial Number (hex): 00b589d91d44ca2bc4e66ec63adf924592 + Revoked at: Wed Aug 28 18:22:08 UTC 2013 + Serial Number (hex): 11023285757f14bf7be111966cda4db5 + Revoked at: Wed Aug 28 19:29:52 UTC 2013 + Serial Number (hex): 00e07af686b3817def1e855bc72987d472 + Revoked at: Wed Aug 28 20:36:03 UTC 2013 + Serial Number (hex): 00a3abdbfd93720c731ff395e47d1c266a + Revoked at: Wed Aug 28 22:15:04 UTC 2013 + Serial Number (hex): 666a031264acb52bc4010d07bab325d9 + Revoked at: Thu Aug 29 07:11:33 UTC 2013 + Serial Number (hex): 00869d33bd007fb562b9d80914fb285070 + Revoked at: Thu Aug 29 07:26:56 UTC 2013 + Serial Number (hex): 769ad44fc8c3874afbf4fdda4cc11154 + Revoked at: Thu Aug 29 09:06:46 UTC 2013 + Serial Number (hex): 11412525cbd0a8652963b7fa59639495 + Revoked at: Thu Aug 29 13:17:40 UTC 2013 + Serial Number (hex): 4356e14a9645a0d86bcf097362534f59 + Revoked at: Thu Aug 29 17:00:24 UTC 2013 + Serial Number (hex): 00c6d94c3862ab35a31e3686d5a3b0766e + Revoked at: Thu Aug 29 17:31:08 UTC 2013 + Serial Number (hex): 00fe02f2a087469c470a39b2822fc3f8b6 + Revoked at: Thu Aug 29 17:36:03 UTC 2013 + Serial Number (hex): 6ac90d125a24d0344cd48800fbabdedf + Revoked at: Thu Aug 29 17:42:58 UTC 2013 + Serial Number (hex): 00dabf741605d5604f81a668da85a2fa96 + Revoked at: Thu Aug 29 18:30:38 UTC 2013 + Serial Number (hex): 00c7236bef8d7612f626892d8330c0d5be + Revoked at: Thu Aug 29 21:34:49 UTC 2013 + Serial Number (hex): 00d36d5f5a461cee30e4e3e76a20d88881 + Revoked at: Thu Aug 29 21:35:13 UTC 2013 + Serial Number (hex): 00f1f56b5a184a76c4113e003c17ea4408 + Revoked at: Fri Aug 30 10:55:00 UTC 2013 + Serial Number (hex): 4caa4e87c416e1c0d1386357d9c5a8f4 + Revoked at: Fri Aug 30 11:59:28 UTC 2013 + Serial Number (hex): 7f1caa74c1c1a80ba7e8aa4875852cbf + Revoked at: Fri Aug 30 13:27:29 UTC 2013 + Serial Number (hex): 0acb4dcea0952d647f00e6fa4a42aab0 + Revoked at: Fri Aug 30 13:47:14 UTC 2013 + Serial Number (hex): 13aa07af6a13f589f7fb228def2309de + Revoked at: Fri Aug 30 14:11:29 UTC 2013 + Serial Number (hex): 00e0e0e964ddc78b705e743f438464ab60 + Revoked at: Fri Aug 30 15:11:15 UTC 2013 + Serial Number (hex): 0195ec8f939f1ac072b0a32c5e2a18b1 + Revoked at: Fri Aug 30 15:16:11 UTC 2013 + Serial Number (hex): 0081b78f4078d5206ab42ded66d17aaa16 + Revoked at: Fri Aug 30 16:59:13 UTC 2013 + Serial Number (hex): 535657f2530390513bce712de4e471c2 + Revoked at: Sat Aug 31 02:13:04 UTC 2013 + Serial Number (hex): 122d6d7d53484708adb7a93e2540227e + Revoked at: Sun Sep 01 02:13:19 UTC 2013 + Serial Number (hex): 4a40e529c3fa7a8479ffe2fadb307011 + Revoked at: Mon Sep 02 09:11:33 UTC 2013 + Serial Number (hex): 7f5a0ff3521ea85eb15bddf83241ede5 + Revoked at: Mon Sep 02 09:13:34 UTC 2013 + Serial Number (hex): 2c5447399563fefefc9d7e19b689f713 + Revoked at: Mon Sep 02 09:13:53 UTC 2013 + Serial Number (hex): 009eb42ece6a53526841d0c4699ea82b0a + Revoked at: Mon Sep 02 09:14:01 UTC 2013 + Serial Number (hex): 00d5bae148c604431f5b2c47f9a826e0f2 + Revoked at: Mon Sep 02 15:23:05 UTC 2013 + Serial Number (hex): 66311c314f21f45e509b58263928ed41 + Revoked at: Mon Sep 02 18:21:42 UTC 2013 + Serial Number (hex): 73ddc726257c3471ec1827b03a51a6f6 + Revoked at: Tue Sep 03 01:38:33 UTC 2013 + Serial Number (hex): 00ebaa491488d9bd36a295117d3973e8c2 + Revoked at: Tue Sep 03 04:10:17 UTC 2013 + Serial Number (hex): 619adbe9213c339a60a375b8aee6a4e7 + Revoked at: Tue Sep 03 04:10:20 UTC 2013 + Serial Number (hex): 31c4c77623822b94ce552761790e78e2 + Revoked at: Tue Sep 03 08:07:54 UTC 2013 + Serial Number (hex): 620a0253196506e79d3b2b00ca1d6eef + Revoked at: Tue Sep 03 12:44:14 UTC 2013 + Serial Number (hex): 6138e2079cdaa472f34239e9d11e14e1 + Revoked at: Tue Sep 03 13:29:28 UTC 2013 + Serial Number (hex): 43171ce73f3ed9c9066bd41b18c413e3 + Revoked at: Tue Sep 03 15:19:46 UTC 2013 + Serial Number (hex): 78652660edbd7995e0752818b31fb687 + Revoked at: Tue Sep 03 15:59:13 UTC 2013 + Serial Number (hex): 00d8bf207441bdd67d367a296d149b7cb5 + Revoked at: Tue Sep 03 18:22:36 UTC 2013 + Serial Number (hex): 00af217a59f7410c76d204f0ab1af57f39 + Revoked at: Tue Sep 03 19:17:46 UTC 2013 + Serial Number (hex): 1a8b9f12702d558bf6653bb0dd300b8a + Revoked at: Tue Sep 03 19:33:24 UTC 2013 + Serial Number (hex): 2d839706388bca66c559aa8728b98c1d + Revoked at: Tue Sep 03 19:34:33 UTC 2013 + Serial Number (hex): 4ef02dd9f195376df50ad5b4a34f019d + Revoked at: Tue Sep 03 19:40:55 UTC 2013 + Serial Number (hex): 00ad6b5ab0c6bf8fc01ce88a328183e3ff + Revoked at: Tue Sep 03 19:51:35 UTC 2013 + Serial Number (hex): 6ebe13021cf67621063d75a1419f1a27 + Revoked at: Tue Sep 03 21:28:03 UTC 2013 + Serial Number (hex): 6bde6cae4ec401ab17d23ea125d7267b + Revoked at: Tue Sep 03 21:28:09 UTC 2013 + Serial Number (hex): 698302e8f2d212688c9d7db19d07b019 + Revoked at: Wed Sep 04 04:12:43 UTC 2013 + Serial Number (hex): 5e6f496de0ad403217c00636c32e123c + Revoked at: Wed Sep 04 04:12:50 UTC 2013 + Serial Number (hex): 00cfd1aa5b83cf25862b242f31587db864 + Revoked at: Wed Sep 04 04:13:05 UTC 2013 + Serial Number (hex): 00c2b87f08237d6c8ccc7cd7920a3d4135 + Revoked at: Wed Sep 04 04:13:13 UTC 2013 + Serial Number (hex): 54be7156cd409db71bc107ce67a2fef9 + Revoked at: Wed Sep 04 11:44:47 UTC 2013 + Serial Number (hex): 00e2f437413ad842a30787376f6e026ed0 + Revoked at: Wed Sep 04 13:57:01 UTC 2013 + Serial Number (hex): 363103043cd026612be52995c93e68f2 + Revoked at: Wed Sep 04 14:03:15 UTC 2013 + Serial Number (hex): 342f643747ee9fdfc75f373dcd73424f + Revoked at: Wed Sep 04 14:47:11 UTC 2013 + Serial Number (hex): 3f79f889ebf87dca5f1e72acbdca9e40 + Revoked at: Wed Sep 04 15:27:45 UTC 2013 + Serial Number (hex): 2213685770547b1beb29560784ae23bf + Revoked at: Wed Sep 04 15:46:19 UTC 2013 + Serial Number (hex): 560c5259dbff5932d3776c20a50137a5 + Revoked at: Wed Sep 04 16:10:57 UTC 2013 + Serial Number (hex): 26d75327d74d9e144bebe693dca0309a + Revoked at: Wed Sep 04 16:51:57 UTC 2013 + Serial Number (hex): 00baf3d7eecdc0c895a31e29521ec20a86 + Revoked at: Wed Sep 04 17:08:23 UTC 2013 + Serial Number (hex): 00f59204df7571aa80c918037318ce16c8 + Revoked at: Wed Sep 04 17:40:33 UTC 2013 + Serial Number (hex): 0091c0f27a3b4baa17227dc7d6f77f015e + Revoked at: Wed Sep 04 18:58:03 UTC 2013 + Serial Number (hex): 1bd2021f215cef2a56cbb6da0298b10e + Revoked at: Wed Sep 04 19:10:31 UTC 2013 + Serial Number (hex): 244ed223a1d54574be10db6d10369f10 + Revoked at: Wed Sep 04 19:13:07 UTC 2013 + Serial Number (hex): 4cfb6657ed90ddad97e608ce789317e4 + Revoked at: Wed Sep 04 20:22:27 UTC 2013 + Serial Number (hex): 576cf278293eea4b5fc7bd4e48a0d497 + Revoked at: Wed Sep 04 21:48:00 UTC 2013 + Serial Number (hex): 009e1066ddf37cfc07f2a6dc7a94badd8e + Revoked at: Thu Sep 05 11:05:00 UTC 2013 + Serial Number (hex): 1e6004c6b6ee4c7a4011d2cd00b04d1b + Revoked at: Thu Sep 05 11:33:12 UTC 2013 + Serial Number (hex): 0d7a8d3436812e0bb184309442a59e49 + Revoked at: Thu Sep 05 11:36:06 UTC 2013 + Serial Number (hex): 00999522d25abe0433e723c78a3e60e1af + Revoked at: Thu Sep 05 13:30:09 UTC 2013 + Serial Number (hex): 00c9c7a523f970cdbddfde47b9e4bb5813 + Revoked at: Thu Sep 05 14:02:06 UTC 2013 + Serial Number (hex): 00aee7baa33810212fe969828127afee3f + Revoked at: Thu Sep 05 15:23:14 UTC 2013 + Serial Number (hex): 00cf1079b4ed5e6711f81fab4dcd60c184 + Revoked at: Thu Sep 05 15:24:13 UTC 2013 + Serial Number (hex): 00a6203a115fd06e79ee4509d8ab78803c + Revoked at: Thu Sep 05 15:45:27 UTC 2013 + Serial Number (hex): 00a42c36c908190940c0d8beae20875694 + Revoked at: Thu Sep 05 16:16:48 UTC 2013 + Serial Number (hex): 19ce4ba017cec4a3ba890d98a1e4ed8c + Revoked at: Thu Sep 05 18:32:16 UTC 2013 + Serial Number (hex): 0bfbdb6882e036e790db5b7961bc55fb + Revoked at: Thu Sep 05 18:51:02 UTC 2013 + Serial Number (hex): 7b719303141c51a82c009bd0f2ab1bc3 + Revoked at: Thu Sep 05 19:48:51 UTC 2013 + Serial Number (hex): 4d448c9d00ffc7cce29ad3176dcbe857 + Revoked at: Thu Sep 05 20:18:13 UTC 2013 + Serial Number (hex): 00ffd5c59965c9e3df0b90401fdf597823 + Revoked at: Fri Sep 06 02:13:06 UTC 2013 + Serial Number (hex): 40cd15d7f9589735facae26e3bd88986 + Revoked at: Fri Sep 06 02:13:06 UTC 2013 + Serial Number (hex): 00815dee3d954ca1b073a9177c2dcac7b7 + Revoked at: Fri Sep 06 07:30:06 UTC 2013 + Serial Number (hex): 0095ddc3a71c4f9030bff079e2cee24676 + Revoked at: Fri Sep 06 14:56:59 UTC 2013 + Serial Number (hex): 1efdd09fac1fbf11ae1dd205db130ecb + Revoked at: Fri Sep 06 15:28:37 UTC 2013 + Serial Number (hex): 00c6e8a973c156ee051597445112beb023 + Revoked at: Fri Sep 06 15:50:52 UTC 2013 + Serial Number (hex): 6d6ac4c1d37b2a1fe2e91de8e49132d7 + Revoked at: Fri Sep 06 16:23:27 UTC 2013 + Serial Number (hex): 7f7cbf87dcbb50479b4bd80fca7a5b81 + Revoked at: Fri Sep 06 16:30:35 UTC 2013 + Serial Number (hex): 00e816a1fe2f579ea95a9ccb6d895d13f2 + Revoked at: Fri Sep 06 18:50:57 UTC 2013 + Serial Number (hex): 2b65de0c898eed9d03088e2361e479c1 + Revoked at: Fri Sep 06 18:51:30 UTC 2013 + Serial Number (hex): 7c196f6ee16d7592b9ab9187da38d7c6 + Revoked at: Fri Sep 06 18:51:30 UTC 2013 + Serial Number (hex): 73f0bdae34e00a86e2a45e2046dbad85 + Revoked at: Fri Sep 06 19:35:24 UTC 2013 + Serial Number (hex): 00f6baa505831a69be0252aaa6ca295e23 + Revoked at: Fri Sep 06 19:59:11 UTC 2013 + Serial Number (hex): 00fb699b9bf8dd1f058101ec405a47b393 + Revoked at: Fri Sep 06 19:59:17 UTC 2013 + Serial Number (hex): 3498f5738c9646ed7376219f64c0eea9 + Revoked at: Fri Sep 06 20:07:43 UTC 2013 + Serial Number (hex): 367678d4e1ec9e469b4436e3259f8a58 + Revoked at: Fri Sep 06 20:23:01 UTC 2013 + Serial Number (hex): 00df2cdb978303f65abc6348682ab7e8a2 + Revoked at: Fri Sep 06 20:26:43 UTC 2013 + Serial Number (hex): 40c2e851af30f4509247293a95714d3f + Revoked at: Fri Sep 06 20:40:33 UTC 2013 + Serial Number (hex): 6c15adead884fcb53300916c3dabbce9 + Revoked at: Fri Sep 06 21:22:18 UTC 2013 + Serial Number (hex): 00d8358f41b727b5b4df0536be3413bc2e + Revoked at: Fri Sep 06 22:31:41 UTC 2013 + Serial Number (hex): 00a5ef64c8b9dc9ee0c2713c1069d2c58f + Revoked at: Sat Sep 07 02:13:05 UTC 2013 + Serial Number (hex): 0956c12727df2653674df5810bc7c5de + Revoked at: Sat Sep 07 02:13:05 UTC 2013 + Serial Number (hex): 29bb09cd8bf1ebd5403976afc180352c + Revoked at: Sat Sep 07 21:41:31 UTC 2013 + Serial Number (hex): 00e984077c6d9421a366862d5cb8ba14f0 + Revoked at: Sat Sep 07 21:41:39 UTC 2013 + Serial Number (hex): 605296057c4f29a725eff10edb1a56fa + Revoked at: Sat Sep 07 22:20:36 UTC 2013 + Serial Number (hex): 00e5b2b0420b6d523cacc79c0e3566a23e + Revoked at: Sun Sep 08 02:13:11 UTC 2013 + Serial Number (hex): 00b8edf84f8ce152516648354a6ca96181 + Revoked at: Sun Sep 08 02:13:11 UTC 2013 + Serial Number (hex): 55d4735c87a061c9126e92bce91f4fe0 + Revoked at: Mon Sep 09 02:13:04 UTC 2013 + Serial Number (hex): 0081f9403664cfd4ce71f09675032d6a2b + Revoked at: Mon Sep 09 09:17:56 UTC 2013 + Serial Number (hex): 2672d72158b94c548cccb8191729fc0a + Revoked at: Mon Sep 09 09:18:30 UTC 2013 + Serial Number (hex): 00cf65b6aa7cede1e4fd94f7209a95cb33 + Revoked at: Mon Sep 09 10:55:02 UTC 2013 + Serial Number (hex): 009e03131bbee3f587f1203b47555d79c5 + Revoked at: Mon Sep 09 11:30:49 UTC 2013 + Serial Number (hex): 1a1bb0dc52cf1a90728976f668b120b1 + Revoked at: Mon Sep 09 11:44:13 UTC 2013 + Serial Number (hex): 00c71795ed24e1eb0d78338891deb8dfa4 + Revoked at: Mon Sep 09 12:28:48 UTC 2013 + Serial Number (hex): 00ba39a90491de0aad22cd611cb4d4ca65 + Revoked at: Mon Sep 09 12:28:56 UTC 2013 + Serial Number (hex): 00e64a427ed04ff89b41073e3f1b4757d8 + Revoked at: Mon Sep 09 13:36:24 UTC 2013 + Serial Number (hex): 4e4a9a7f9d6b1feac266b5fe2d4e5770 + Revoked at: Mon Sep 09 13:36:51 UTC 2013 + Serial Number (hex): 1994601ba4629a01ab1cd91116033b1b + Revoked at: Mon Sep 09 13:37:25 UTC 2013 + Serial Number (hex): 07e7f569d49ec0ce27012105656a84d0 + Revoked at: Mon Sep 09 13:37:40 UTC 2013 + Serial Number (hex): 309aad57d07b9fe34eb2a29296b731d3 + Revoked at: Mon Sep 09 13:37:56 UTC 2013 + Serial Number (hex): 01e5f273607cbd0a44788260c9085378 + Revoked at: Mon Sep 09 13:49:18 UTC 2013 + Serial Number (hex): 5a2b4149f1fea2f24de38b36ad0578df + Revoked at: Mon Sep 09 14:30:31 UTC 2013 + Serial Number (hex): 6f52c8f72a43338f4785fde336a5d98f + Revoked at: Mon Sep 09 16:00:21 UTC 2013 + Serial Number (hex): 00ba4dfb5f21f044067fc4209ff6890e0e + Revoked at: Mon Sep 09 16:00:31 UTC 2013 + Serial Number (hex): 00c3d0e1c30636273dbd21d199928a9731 + Revoked at: Mon Sep 09 16:02:45 UTC 2013 + Serial Number (hex): 3c6cfc9b06a53e829cb55524afb5ea3f + Revoked at: Mon Sep 09 16:13:07 UTC 2013 + Serial Number (hex): 00e3bb07acfbeb213cdde6775bbc1e03b6 + Revoked at: Mon Sep 09 16:13:23 UTC 2013 + Serial Number (hex): 00d99c1fb60878f34e841434e146db087f + Revoked at: Mon Sep 09 17:18:19 UTC 2013 + Serial Number (hex): 0d301dc2e9411b44960b8c568e19b6a9 + Revoked at: Mon Sep 09 17:44:50 UTC 2013 + Serial Number (hex): 41f45347eca072c030a9b116d2e311a2 + Revoked at: Mon Sep 09 17:49:03 UTC 2013 + Serial Number (hex): 1988259e091ced926e7e6842c8ade5dc + Revoked at: Mon Sep 09 18:05:54 UTC 2013 + Serial Number (hex): 00a573de6fbe3a109eaf09402ac978605a + Revoked at: Mon Sep 09 18:14:44 UTC 2013 + Serial Number (hex): 01cc43d8a4053ac3d728dbcfcb909e76 + Revoked at: Mon Sep 09 18:19:33 UTC 2013 + Serial Number (hex): 439fcca2adf69d3cb8b83f9d1b307068 + Revoked at: Mon Sep 09 18:20:18 UTC 2013 + Serial Number (hex): 00e2c994a8e551f271846dc375785cfbfc + Revoked at: Mon Sep 09 18:22:28 UTC 2013 + Serial Number (hex): 3b6ce58d3e1f2df4f0ceb4b167fd76bf + Revoked at: Mon Sep 09 18:33:04 UTC 2013 + Serial Number (hex): 00d60b6896038a4933c0787658f955373e + Revoked at: Mon Sep 09 18:49:14 UTC 2013 + Serial Number (hex): 143e6ae1a829b310a52097cccf52f95b + Revoked at: Mon Sep 09 19:57:41 UTC 2013 + Serial Number (hex): 129a2a3d57684342aeba279d30e34917 + Revoked at: Mon Sep 09 20:00:51 UTC 2013 + Serial Number (hex): 00d474f958788b202d2945fd4a8139d7b4 + Revoked at: Mon Sep 09 23:05:04 UTC 2013 + Serial Number (hex): 739806f74f726af2799908591b0eaf24 + Revoked at: Tue Sep 10 01:36:20 UTC 2013 + Serial Number (hex): 00bbd1ffab5e61e3c70369f454e5a9a701 + Revoked at: Tue Sep 10 02:13:06 UTC 2013 + Serial Number (hex): 041e168e9821ecaa766b44dd0bf98075 + Revoked at: Tue Sep 10 07:42:27 UTC 2013 + Serial Number (hex): 00a42b7af4c2b3d6eaf28741bd1b076343 + Revoked at: Tue Sep 10 12:52:14 UTC 2013 + Serial Number (hex): 6cffcb362e8334bba89d2ecdb139b32b + Revoked at: Tue Sep 10 13:21:45 UTC 2013 + Serial Number (hex): 00933873802a078da6cd6069dbc9ebab74 + Revoked at: Tue Sep 10 13:30:24 UTC 2013 + Serial Number (hex): 0a54bbf0d63713aa6e14b5c4d4382798 + Revoked at: Tue Sep 10 14:06:22 UTC 2013 + Serial Number (hex): 00ae8bb1c60710389a4d236c0e1f10f808 + Revoked at: Tue Sep 10 14:55:10 UTC 2013 + Serial Number (hex): 1305f67c39c7b0d7e86bd9d57de229ea + Revoked at: Tue Sep 10 15:49:35 UTC 2013 + Serial Number (hex): 75e277e812322d63d6ee94b1a08e9fdf + Revoked at: Tue Sep 10 20:00:49 UTC 2013 + Serial Number (hex): 4b341fae0dc323c20cc3220e890bdaf6 + Revoked at: Tue Sep 10 20:53:26 UTC 2013 + Serial Number (hex): 1cd847ac1606e908acb0d94ad6d04e03 + Revoked at: Wed Sep 11 08:08:55 UTC 2013 + Serial Number (hex): 00afe298fdcde8c9d492ae258917398f1c + Revoked at: Wed Sep 11 08:41:47 UTC 2013 + Serial Number (hex): 1586bada3df8d77d7067063124a4b4d8 + Revoked at: Wed Sep 11 08:49:27 UTC 2013 + Serial Number (hex): 48999f5152de6615fd6ca398fb3d4707 + Revoked at: Wed Sep 11 12:01:48 UTC 2013 + Serial Number (hex): 00b70fb1ca7b3f7bdc79ef9b7f0277af7a + Revoked at: Wed Sep 11 12:27:59 UTC 2013 + Serial Number (hex): 164b433a397d8f1fb64e882704c24e9b + Revoked at: Wed Sep 11 13:34:49 UTC 2013 + Serial Number (hex): 0098ee4f3788fad83c2fb172b3060213bb + Revoked at: Wed Sep 11 14:40:34 UTC 2013 + Serial Number (hex): 5bd32c467b89617845af9b5ff990fb78 + Revoked at: Wed Sep 11 14:51:07 UTC 2013 + Serial Number (hex): 00f65959d587df8fcb7716f0c6018d9d28 + Revoked at: Wed Sep 11 14:53:46 UTC 2013 + Serial Number (hex): 4bd34380081871166f39aa9ac8e205d6 + Revoked at: Wed Sep 11 14:57:12 UTC 2013 + Serial Number (hex): 00a80b5e966331a8ce1d590ac2da3368e0 + Revoked at: Wed Sep 11 15:20:39 UTC 2013 + Serial Number (hex): 6c0e814c56326f6bb95444ee45548e66 + Revoked at: Wed Sep 11 15:50:09 UTC 2013 + Serial Number (hex): 7ce55dc08fb4aa713ebc51073c831e89 + Revoked at: Wed Sep 11 16:05:50 UTC 2013 + Serial Number (hex): 0083977b5ba49526dbeb22a71c4cf590fe + Revoked at: Wed Sep 11 16:39:09 UTC 2013 + Serial Number (hex): 5c7b0905e5bc9e6eef6e24d1290dd15b + Revoked at: Wed Sep 11 18:25:12 UTC 2013 + Serial Number (hex): 00b0e83e3d13a2e2a1741bc2177cb6ff4c + Revoked at: Wed Sep 11 18:49:09 UTC 2013 + Serial Number (hex): 26feafe94c82110a0dbda73cd4e91e83 + Revoked at: Wed Sep 11 20:37:19 UTC 2013 + Serial Number (hex): 009b8bcd6e28f546aee216cf02ddd25d41 + Revoked at: Wed Sep 11 21:12:12 UTC 2013 + Serial Number (hex): 5be1877f98ffdac9d73e161986064283 + Revoked at: Wed Sep 11 21:36:10 UTC 2013 + Serial Number (hex): 2ce2f61cc1760a7abaa106ec58894fca + Revoked at: Wed Sep 11 22:31:55 UTC 2013 + Serial Number (hex): 3ebe2304a9fcfc16fe1778899240312f + Revoked at: Thu Sep 12 06:22:50 UTC 2013 + Serial Number (hex): 008818f0650419072110b85e8d8bc7d3af + Revoked at: Thu Sep 12 14:04:54 UTC 2013 + Serial Number (hex): 009a43abab3b41bc6d3c8611aa33adb936 + Revoked at: Thu Sep 12 14:26:20 UTC 2013 + Serial Number (hex): 00917d53c47da570183c20b7ee527967e4 + Revoked at: Thu Sep 12 15:03:38 UTC 2013 + Serial Number (hex): 00e820eddfeef7db2c6336ff5e6a8ac8e2 + Revoked at: Thu Sep 12 17:53:54 UTC 2013 + Serial Number (hex): 7927466f77a3d4617ebff4ded464bb38 + Revoked at: Thu Sep 12 17:54:14 UTC 2013 + Serial Number (hex): 008e91a69eb7ca1aa07df9fb8c49826560 + Revoked at: Thu Sep 12 17:55:59 UTC 2013 + Serial Number (hex): 00fac4f4ef13696c71588dedf9c5b16ee0 + Revoked at: Thu Sep 12 18:11:07 UTC 2013 + Serial Number (hex): 00b4a5d49dfde210a2e3bde206aca3a1d2 + Revoked at: Thu Sep 12 18:43:06 UTC 2013 + Serial Number (hex): 00f941c50511ec465bc10360d7565e16b4 + Revoked at: Thu Sep 12 19:00:51 UTC 2013 + Serial Number (hex): 00ae6fba97e4ea1945b754167feda8a415 + Revoked at: Thu Sep 12 19:02:04 UTC 2013 + Serial Number (hex): 1d533c8edc61080ece2968c1922309e4 + Revoked at: Thu Sep 12 19:03:55 UTC 2013 + Serial Number (hex): 2532317aa6e0475339551bde1f1ee913 + Revoked at: Thu Sep 12 19:03:58 UTC 2013 + Serial Number (hex): 008b7d59f646f224753ae8375ac4892912 + Revoked at: Thu Sep 12 19:14:15 UTC 2013 + Serial Number (hex): 00c51404cde6014b5a1f21342d1cc9ba + Revoked at: Thu Sep 12 19:16:12 UTC 2013 + Serial Number (hex): 7910451a464a7e41fed22a26d490faa0 + Revoked at: Thu Sep 12 19:53:23 UTC 2013 + Serial Number (hex): 629c0012cc899bf6518167fc24f7b62c + Revoked at: Thu Sep 12 19:58:57 UTC 2013 + Serial Number (hex): 35a3e497a4fafc1e23f5adce02464320 + Revoked at: Thu Sep 12 19:59:20 UTC 2013 + Serial Number (hex): 00d72742c74c928a62fbc790fa989ba35b + Revoked at: Thu Sep 12 20:18:43 UTC 2013 + Serial Number (hex): 1347469730f3808f53dddb552891d784 + Revoked at: Thu Sep 12 21:47:15 UTC 2013 + Serial Number (hex): 3fa87b488176faba9f2c9307988a55be + Revoked at: Fri Sep 13 02:13:06 UTC 2013 + Serial Number (hex): 00a84c1d3c80236c3fe43fc3cc3141477b + Revoked at: Fri Sep 13 06:12:56 UTC 2013 + Serial Number (hex): 009f69d658afe0ef77a7f5cd8a51ff0897 + Revoked at: Fri Sep 13 08:48:48 UTC 2013 + Serial Number (hex): 00895ba817c3d982ef90b87e5594221577 + Revoked at: Fri Sep 13 13:26:00 UTC 2013 + Serial Number (hex): 008aa3fabf7595a8e55efb8317d7e33b4d + Revoked at: Fri Sep 13 14:11:39 UTC 2013 + Serial Number (hex): 008108eaca3a1adbe8737c14de1dfbe4c5 + Revoked at: Fri Sep 13 17:10:30 UTC 2013 + Serial Number (hex): 0a17f8ba1584c5535b6dd0730c654484 + Revoked at: Fri Sep 13 17:12:37 UTC 2013 + Serial Number (hex): 00b4a951969ce8821771e7d856192d5377 + Revoked at: Fri Sep 13 18:33:59 UTC 2013 + Serial Number (hex): 009530e370aac6b6927be4c7bf6bd04019 + Revoked at: Fri Sep 13 18:34:05 UTC 2013 + Serial Number (hex): 5a9f16117ef46cfca4e528c02c0f4d3d + Revoked at: Fri Sep 13 18:36:50 UTC 2013 + Serial Number (hex): 00f24776c103745c477ab361305d66f134 + Revoked at: Fri Sep 13 19:45:32 UTC 2013 + Serial Number (hex): 00a95e65264f5e47566ff5f3eb8bfd99e0 + Revoked at: Fri Sep 13 19:55:17 UTC 2013 + Serial Number (hex): 00c5be43a86241614a6eb0bb75d2d16aea + Revoked at: Fri Sep 13 21:18:19 UTC 2013 + Serial Number (hex): 008fe1cbefccdd9c30613d20fe3019dc4c + Revoked at: Sat Sep 14 02:13:06 UTC 2013 + Serial Number (hex): 00ffd43d313363b4a900fb28c4d0087845 + Revoked at: Sat Sep 14 11:51:43 UTC 2013 + Serial Number (hex): 0d6be7343135b7415f43e32c1e9b0146 + Revoked at: Sun Sep 15 19:13:03 UTC 2013 + Serial Number (hex): 00cb85226250ee107e5c682c9a294cbff5 + Revoked at: Mon Sep 16 04:59:33 UTC 2013 + Serial Number (hex): 25ecd43b4339a47d6c8dff53fa86df14 + Revoked at: Mon Sep 16 05:33:51 UTC 2013 + Serial Number (hex): 06026b4fcc05dbfe774c53ca31bc82ca + Revoked at: Mon Sep 16 07:51:23 UTC 2013 + Serial Number (hex): 00bcbdaf98f8953568b1998822d13346c1 + Revoked at: Mon Sep 16 07:52:28 UTC 2013 + Serial Number (hex): 0098eb53e8bae24d58abb46930468936b8 + Revoked at: Mon Sep 16 08:14:33 UTC 2013 + Serial Number (hex): 53de8b81de14e111e9d181a27ac2dda9 + Revoked at: Mon Sep 16 08:26:37 UTC 2013 + Serial Number (hex): 00fc0725c0a3c4f42d220bc80ebca4e09a + Revoked at: Mon Sep 16 11:14:29 UTC 2013 + Serial Number (hex): 00b9f6c24ed88664ec6fa9e72197583bf7 + Revoked at: Mon Sep 16 13:37:09 UTC 2013 + Serial Number (hex): 3a7cf5dbb3af900eeb28347710dbb4c9 + Revoked at: Mon Sep 16 14:47:21 UTC 2013 + Serial Number (hex): 33345665a591b7e7455f80bb56005bc3 + Revoked at: Mon Sep 16 18:54:01 UTC 2013 + Serial Number (hex): 008cdde8623595c9f36af4c68daa125794 + Revoked at: Mon Sep 16 19:14:27 UTC 2013 + Serial Number (hex): 00e30f98e8bdfedffb8fdb55dac75b0248 + Revoked at: Mon Sep 16 19:15:36 UTC 2013 + Serial Number (hex): 1c0e1d8373eec56bfc99845986d5470f + Revoked at: Mon Sep 16 19:17:05 UTC 2013 + Serial Number (hex): 00800ad1da4c90786bc794759ff26f0989 + Revoked at: Mon Sep 16 19:18:06 UTC 2013 + Serial Number (hex): 00a474f2c611e05d29fdcd9b03756531cf + Revoked at: Mon Sep 16 20:41:32 UTC 2013 + Serial Number (hex): 39621a313b6edb35d50f15348e155527 + Revoked at: Mon Sep 16 23:04:35 UTC 2013 + Serial Number (hex): 00ec1bfbf8d7135d6e9de7acc5836716ea + Revoked at: Tue Sep 17 02:13:05 UTC 2013 + Serial Number (hex): 71227a151977c218d427a43729454f9b + Revoked at: Tue Sep 17 08:25:26 UTC 2013 + Serial Number (hex): 0621498eb03ddbe6b6b6a6973e6c4fd7 + Revoked at: Tue Sep 17 09:23:40 UTC 2013 + Serial Number (hex): 678cc10ca34ba528fddcc915f9124455 + Revoked at: Tue Sep 17 09:25:20 UTC 2013 + Serial Number (hex): 316c6c341da45fce9314c2c9078641d7 + Revoked at: Tue Sep 17 09:28:18 UTC 2013 + Serial Number (hex): 3fee447285078729f4a695e76c71a462 + Revoked at: Tue Sep 17 09:31:22 UTC 2013 + Serial Number (hex): 00f77df80deb1c76bc592bdaac65af35b2 + Revoked at: Tue Sep 17 09:37:06 UTC 2013 + Serial Number (hex): 00efc6bc827c3bb8d8865e301aacd08cd6 + Revoked at: Tue Sep 17 09:37:13 UTC 2013 + Serial Number (hex): 166c1a871e93d65ee2b8cf605f19c4ae + Revoked at: Tue Sep 17 10:50:49 UTC 2013 + Serial Number (hex): 63175b70403a5b8016cc198bfc62708c + Revoked at: Tue Sep 17 12:52:53 UTC 2013 + Serial Number (hex): 27d7c3636a3bfe124d48102a02a1d1c0 + Revoked at: Tue Sep 17 12:54:16 UTC 2013 + Serial Number (hex): 1816f0b28c67ec0e1ddcd198c7ddbf0f + Revoked at: Tue Sep 17 13:38:32 UTC 2013 + Serial Number (hex): 00c265f355d2328f2925a2d1b74cf7722f + Revoked at: Tue Sep 17 13:52:56 UTC 2013 + Serial Number (hex): 4a21e2e15b4fd6448f923aae9981ddb5 + Revoked at: Tue Sep 17 14:43:40 UTC 2013 + Serial Number (hex): 734d3151bff39a10f29187b8151d870c + Revoked at: Tue Sep 17 14:47:09 UTC 2013 + Serial Number (hex): 00b5621d81d0bb89116bed8c5dfd2a23a3 + Revoked at: Tue Sep 17 16:20:01 UTC 2013 + Serial Number (hex): 4f983c7e9a2320ecb0da75e07268b7c7 + Revoked at: Tue Sep 17 18:54:13 UTC 2013 + Serial Number (hex): 00b28867f9bc9c4167609dede298ad7461 + Revoked at: Tue Sep 17 20:50:30 UTC 2013 + Serial Number (hex): 00bf775c35d57c6a2f5cf0a35a4a4e6a9a + Revoked at: Tue Sep 17 22:21:43 UTC 2013 + Serial Number (hex): 00b7ef8ef925e25d59c86644a4386ac550 + Revoked at: Wed Sep 18 01:14:56 UTC 2013 + Serial Number (hex): 00f9860e8fcd2bf481eba83ceb688ad706 + Revoked at: Wed Sep 18 06:34:09 UTC 2013 + Serial Number (hex): 00daea8419b0bb19e2a9583247ddccaba6 + Revoked at: Wed Sep 18 07:47:05 UTC 2013 + Serial Number (hex): 00e63ae9416309dc957114f515914714a8 + Revoked at: Wed Sep 18 08:13:26 UTC 2013 + Serial Number (hex): 0095845da96befa668068f56aa92fbafe4 + Revoked at: Wed Sep 18 11:37:32 UTC 2013 + Serial Number (hex): 008a2072971957042c662d3e095b3b8344 + Revoked at: Wed Sep 18 13:52:24 UTC 2013 + Serial Number (hex): 31ada01450ce0d6abd661539658e7c06 + Revoked at: Wed Sep 18 14:21:58 UTC 2013 + Serial Number (hex): 00e49e6f103e08d17eeb177eca1a141d6c + Revoked at: Wed Sep 18 15:19:38 UTC 2013 + Serial Number (hex): 008e23899f80f79239288e7f1ad7dc89df + Revoked at: Wed Sep 18 15:20:03 UTC 2013 + Serial Number (hex): 2ab9c2ddf1f485bfc270aa834e8b6b80 + Revoked at: Wed Sep 18 16:16:47 UTC 2013 + Serial Number (hex): 00c06d28f555b02c4c64fb13a19f861c03 + Revoked at: Wed Sep 18 16:32:50 UTC 2013 + Serial Number (hex): 00a8452737ead96246e10d08e76210ff3a + Revoked at: Wed Sep 18 17:29:18 UTC 2013 + Serial Number (hex): 611f4380ef5aa6fb0d119a9129ee5a91 + Revoked at: Wed Sep 18 17:31:53 UTC 2013 + Serial Number (hex): 00f60a1b4e149b2ba3dcec25f555549f62 + Revoked at: Wed Sep 18 19:22:03 UTC 2013 + Serial Number (hex): 2ea7515e01fb94848702fc70804dce0b + Revoked at: Wed Sep 18 19:45:41 UTC 2013 + Serial Number (hex): 00947a8daa813c3a0025d471349810517e + Revoked at: Wed Sep 18 19:45:46 UTC 2013 + Serial Number (hex): 009cd1a2c821643d02a4eb7b9bb09b498e + Revoked at: Wed Sep 18 19:52:09 UTC 2013 + Serial Number (hex): 04190c5dbace7bbfe2f24778c3815706 + Revoked at: Wed Sep 18 19:53:27 UTC 2013 + Serial Number (hex): 00f57a97bed07c1b29b1eb5a4e7f8839e9 + Revoked at: Wed Sep 18 19:54:57 UTC 2013 + Serial Number (hex): 0b491fa6ee1904db4a8bbe296c91ab98 + Revoked at: Wed Sep 18 19:55:32 UTC 2013 + Serial Number (hex): 00a1522eb1324d743c65b3b173f55e24d2 + Revoked at: Wed Sep 18 19:56:31 UTC 2013 + Serial Number (hex): 42f00b5558b652aa95185eeefd77283a + Revoked at: Wed Sep 18 19:56:55 UTC 2013 + Serial Number (hex): 00e0d008da95db73481086d7c756c15cc7 + Revoked at: Wed Sep 18 19:58:01 UTC 2013 + Serial Number (hex): 0095432c32935d83d0778895dd6c12f574 + Revoked at: Wed Sep 18 19:59:25 UTC 2013 + Serial Number (hex): 270ec1a0dcc37d5ad0baae2fbd35f494 + Revoked at: Wed Sep 18 20:00:22 UTC 2013 + Serial Number (hex): 00ab381ce46550a04759d3750b1da31657 + Revoked at: Wed Sep 18 20:00:57 UTC 2013 + Serial Number (hex): 3f01e88a01f607e75ed45d41f4ca305e + Revoked at: Wed Sep 18 20:03:08 UTC 2013 + Serial Number (hex): 00b6cbe6684f01cee83b6b70dc2007e523 + Revoked at: Wed Sep 18 20:03:34 UTC 2013 + Serial Number (hex): 00f6c56f41cdd7cf52a49b35c96477e91d + Revoked at: Wed Sep 18 20:04:02 UTC 2013 + Serial Number (hex): 00cf9d2aadbb4f37822df0526740dd143a + Revoked at: Wed Sep 18 20:04:37 UTC 2013 + Serial Number (hex): 008573d0c5ffbccf2eddce7ce2fd3b0fc4 + Revoked at: Wed Sep 18 20:09:01 UTC 2013 + Serial Number (hex): 008f9dd3c4eea11b14b3da32a03f20f289 + Revoked at: Wed Sep 18 20:09:32 UTC 2013 + Serial Number (hex): 3ed7cc01297bcf18987b8b1c12bc0b7c + Revoked at: Wed Sep 18 20:10:13 UTC 2013 + Serial Number (hex): 4d50720b5cce4424b57e652b997ebfc0 + Revoked at: Wed Sep 18 20:10:50 UTC 2013 + Serial Number (hex): 7ca936bf180a73a5cfc57d9c960ca16b + Revoked at: Wed Sep 18 20:13:30 UTC 2013 + Serial Number (hex): 00e0eeb289f7ccabbd4ca301d58b004c4f + Revoked at: Wed Sep 18 20:19:14 UTC 2013 + Serial Number (hex): 00f0eeebf61f9e78b28b486302021eaa41 + Revoked at: Wed Sep 18 20:20:13 UTC 2013 + Serial Number (hex): 4a2eb40733797b4921fc0131b188e79d + Revoked at: Wed Sep 18 20:22:47 UTC 2013 + Serial Number (hex): 73c1da37ebe7b31b007f3cfc559efa3f + Revoked at: Wed Sep 18 20:49:27 UTC 2013 + Serial Number (hex): 0081c2da32e110cc070d334965e4a12a43 + Revoked at: Wed Sep 18 20:56:26 UTC 2013 + Serial Number (hex): 4b9179310240ad4f67288ac093e22bcf + Revoked at: Wed Sep 18 20:56:37 UTC 2013 + Serial Number (hex): 00d2901db9d2542a36cab8ffecd3517fe2 + Revoked at: Wed Sep 18 20:58:54 UTC 2013 + Serial Number (hex): 640f91ce9de627b4a626427f47065f33 + Revoked at: Wed Sep 18 20:59:05 UTC 2013 + Serial Number (hex): 00afe6672b763b9b82ba6321be6e3aec92 + Revoked at: Wed Sep 18 20:59:15 UTC 2013 + Serial Number (hex): 0db17a1b1aeddf07b3f4344d4f99e87b + Revoked at: Wed Sep 18 22:27:45 UTC 2013 + Serial Number (hex): 00beae2ba9267bfddcb279286a5e32dd5a + Revoked at: Wed Sep 18 22:28:45 UTC 2013 + Serial Number (hex): 00f0c14da662f5bd57147417472ff0085b + Revoked at: Wed Sep 18 22:28:45 UTC 2013 + Serial Number (hex): 1de81d5bdd15af499bdbc39000810f02 + Revoked at: Wed Sep 18 22:28:45 UTC 2013 + Serial Number (hex): 00a164120df79988684bd2efac920bd56b + Revoked at: Wed Sep 18 22:28:45 UTC 2013 + Serial Number (hex): 1614a6eabf8da78d9a6fe6704307d64e + Revoked at: Wed Sep 18 22:28:45 UTC 2013 + Serial Number (hex): 5808e468785e7b7c164c09e5e4c829a9 + Revoked at: Wed Sep 18 22:28:46 UTC 2013 + Serial Number (hex): 382c773edf4130fa2568e0fcf0aeea77 + Revoked at: Wed Sep 18 22:29:45 UTC 2013 + Serial Number (hex): 0082ec5e58cfad1f3ce9efbb6e01f25cc4 + Revoked at: Wed Sep 18 22:29:45 UTC 2013 + Serial Number (hex): 00cca9cd60bd8b9a7dc9bbe890226e0759 + Revoked at: Thu Sep 19 11:57:19 UTC 2013 + Serial Number (hex): 22944a4715c012f71d0f68504bfa8a13 + Revoked at: Thu Sep 19 15:16:12 UTC 2013 + Serial Number (hex): 7571b1de3909623ef64a6be1e4a273b1 + Revoked at: Thu Sep 19 15:16:49 UTC 2013 + Serial Number (hex): 0083b7517181a889604f790449b7386b30 + Revoked at: Thu Sep 19 15:19:09 UTC 2013 + Serial Number (hex): 5d58035477e76fdfd0b9a54a405ef1ac + Revoked at: Thu Sep 19 15:30:03 UTC 2013 + Serial Number (hex): 2d4440fe6473317acce93fb68e66568f + Revoked at: Thu Sep 19 15:31:26 UTC 2013 + Serial Number (hex): 6e0d875fb5ed58fc263359a39c83d9b2 + Revoked at: Thu Sep 19 17:36:07 UTC 2013 + Serial Number (hex): 00d3d58fd2b91e4aa62f78bbc84f6ad476 + Revoked at: Thu Sep 19 17:39:25 UTC 2013 + Serial Number (hex): 42d525049b454b0bd29a23497833861b + Revoked at: Thu Sep 19 18:33:24 UTC 2013 + Serial Number (hex): 73020ffd19812901f59ac6638cd135e7 + Revoked at: Thu Sep 19 18:58:48 UTC 2013 + Serial Number (hex): 009253fa8316ba7fa7ea75c81bc75c8e37 + Revoked at: Thu Sep 19 19:03:13 UTC 2013 + Serial Number (hex): 063fd1d9dfa4cc27aa2951c95497dc52 + Revoked at: Thu Sep 19 20:37:39 UTC 2013 + Serial Number (hex): 39c0a5f98b7f7a393ca6fa3417e0b3e9 + Revoked at: Fri Sep 20 02:13:04 UTC 2013 + Serial Number (hex): 00bcf8b915cd445da009edcb7a551c6169 + Revoked at: Fri Sep 20 12:38:41 UTC 2013 + Serial Number (hex): 480eb4073359c1541447f314bbb26b81 + Revoked at: Fri Sep 20 13:43:59 UTC 2013 + Serial Number (hex): 781506eefebad5e787556c47fea12234 + Revoked at: Fri Sep 20 15:29:45 UTC 2013 + Serial Number (hex): 6d879123b6a790df34d6b37c1d71ed0d + Revoked at: Fri Sep 20 15:48:53 UTC 2013 + Serial Number (hex): 7a1d55711d32772a22d93fa0a682fc05 + Revoked at: Fri Sep 20 17:38:09 UTC 2013 + Serial Number (hex): 0d190750a9e65a1d9ca59887e20a6b3d + Revoked at: Fri Sep 20 19:15:37 UTC 2013 + Serial Number (hex): 0084e9c735fdb571f46d0359bb6fb004be + Revoked at: Fri Sep 20 19:17:11 UTC 2013 + Serial Number (hex): 5e37f05f2631580f3aed793498b2b7a2 + Revoked at: Fri Sep 20 20:25:53 UTC 2013 + Serial Number (hex): 378b942fb02d24890554a2c8843eb104 + Revoked at: Fri Sep 20 20:33:59 UTC 2013 + Serial Number (hex): 16ceed90ecd8dc13ebe8e030d897d3a6 + Revoked at: Fri Sep 20 20:36:43 UTC 2013 + Serial Number (hex): 00db0916105e59bd0fab70799d1c3696e9 + Revoked at: Fri Sep 20 20:37:56 UTC 2013 + Serial Number (hex): 00801a6fdacfbe5dbc1aea27107dd340e8 + Revoked at: Fri Sep 20 20:38:47 UTC 2013 + Serial Number (hex): 3ef4b4cee18440fa2d274eb8b804657d + Revoked at: Fri Sep 20 21:18:34 UTC 2013 + Serial Number (hex): 00c50d7c6e0b4b34285aeab5df8fbb3e5f + Revoked at: Sat Sep 21 02:13:06 UTC 2013 + Serial Number (hex): 548b8eda7a46fbdff7a93f3616ab3748 + Revoked at: Sat Sep 21 06:07:24 UTC 2013 + Serial Number (hex): 4a9eb979ab38b29d61802635a1bce343 + Revoked at: Sat Sep 21 14:52:06 UTC 2013 + Serial Number (hex): 3a55ec5a411b26d106c62b879c55f55a + Revoked at: Sun Sep 22 06:48:28 UTC 2013 + Serial Number (hex): 04f2162e7d8f7e0d3d1036289d38dcb8 + Revoked at: Mon Sep 23 12:44:05 UTC 2013 + Serial Number (hex): 00f1e052e8ba98ee4384ee33682d027c65 + Revoked at: Mon Sep 23 13:30:36 UTC 2013 + Serial Number (hex): 00938dc52c589139285f3e75188a8cdb10 + Revoked at: Mon Sep 23 15:19:08 UTC 2013 + Serial Number (hex): 00f2312431ff9e773106f3dd3af6cab02e + Revoked at: Mon Sep 23 16:12:18 UTC 2013 + Serial Number (hex): 00b4a39f581a275fcbf1221a1fa7b3263d + Revoked at: Mon Sep 23 16:27:28 UTC 2013 + Serial Number (hex): 00c31d819a81043bf8efd96c44eb096125 + Revoked at: Mon Sep 23 17:10:46 UTC 2013 + Serial Number (hex): 009b7fd615fee11c69deb62d5d76e4bdab + Revoked at: Mon Sep 23 17:16:58 UTC 2013 + Serial Number (hex): 0cbe34ee36965761314c4e733158c187 + Revoked at: Mon Sep 23 18:28:04 UTC 2013 + Serial Number (hex): 00f0f915a731fab9d7eee6a89ca2768d3e + Revoked at: Mon Sep 23 20:32:18 UTC 2013 + Serial Number (hex): 00a1d5af2622320291a990fcd8d3c6ada2 + Revoked at: Mon Sep 23 20:32:31 UTC 2013 + Serial Number (hex): 121a62de3e6843d4305ae5d08e7cbddd + Revoked at: Mon Sep 23 20:32:38 UTC 2013 + Serial Number (hex): 300e4a993e738762e64edd8604c1546a + Revoked at: Mon Sep 23 20:32:47 UTC 2013 + Serial Number (hex): 00e11eb4f694214df6dbd751b14a51b2a4 + Revoked at: Mon Sep 23 21:56:58 UTC 2013 + Serial Number (hex): 0088207596396387ee71710fe1065a3da7 + Revoked at: Tue Sep 24 07:53:11 UTC 2013 + Serial Number (hex): 7504db841ce45a4c594d10224be313f2 + Revoked at: Tue Sep 24 09:17:45 UTC 2013 + Serial Number (hex): 14bac1bd9962ffac92f228e5571cba21 + Revoked at: Tue Sep 24 09:17:53 UTC 2013 + Serial Number (hex): 00eb92cbd6264b9f094a9d4e136a972d14 + Revoked at: Tue Sep 24 13:26:13 UTC 2013 + Serial Number (hex): 7cec934405940e60d8b0c9f6ea95ab9e + Revoked at: Tue Sep 24 13:53:57 UTC 2013 + Serial Number (hex): 711a2e71a127a6ed711fc705336594fd + Revoked at: Tue Sep 24 14:22:09 UTC 2013 + Serial Number (hex): 522de0667ecf29841e6dc491fd26f9dc + Revoked at: Tue Sep 24 14:29:02 UTC 2013 + Serial Number (hex): 00a4bfc86caae42f7b4e5c5319393742f9 + Revoked at: Tue Sep 24 14:50:24 UTC 2013 + Serial Number (hex): 00a3aa5c7f76fcd673fd9b62934066ea2e + Revoked at: Tue Sep 24 14:58:42 UTC 2013 + Serial Number (hex): 00fc4f6c794114162b1f3e60384a99aa76 + Revoked at: Tue Sep 24 15:05:11 UTC 2013 + Serial Number (hex): 009d1a6cf72394e52a21e09e395ea5044a + Revoked at: Tue Sep 24 15:05:41 UTC 2013 + Serial Number (hex): 284c26f089c68a07a50e5bc597fdea4a + Revoked at: Tue Sep 24 15:06:08 UTC 2013 + Serial Number (hex): 00e018f754c9fd22148726999ed580833a + Revoked at: Tue Sep 24 15:06:53 UTC 2013 + Serial Number (hex): 00d0557379f718172af3f11c05b2e78d19 + Revoked at: Tue Sep 24 15:47:42 UTC 2013 + Serial Number (hex): 54ddd15accf7ccd68d90f826be907ae7 + Revoked at: Tue Sep 24 16:04:16 UTC 2013 + Serial Number (hex): 21e79a8713561fee9495fde6bc3e2062 + Revoked at: Tue Sep 24 17:32:08 UTC 2013 + Serial Number (hex): 2a6ca59efdb76325fa28ee0358211db2 + Revoked at: Tue Sep 24 17:32:52 UTC 2013 + Serial Number (hex): 00a34c1bee1d4fa008fcc438546c1f3006 + Revoked at: Tue Sep 24 18:28:33 UTC 2013 + Serial Number (hex): 0097b52f3ca2b408466d67281e597efe63 + Revoked at: Tue Sep 24 18:28:48 UTC 2013 + Serial Number (hex): 656afda8508103d8d7b269c28068e558 + Revoked at: Tue Sep 24 18:38:50 UTC 2013 + Serial Number (hex): 126cb215b7a6f70984e2a66152090687 + Revoked at: Tue Sep 24 20:50:10 UTC 2013 + Serial Number (hex): 008b85d1b1f159872d87cd8855faab9526 + Revoked at: Tue Sep 24 21:48:06 UTC 2013 + Serial Number (hex): 32eeb62da3530e69f8fbb379b6a395f5 + Revoked at: Wed Sep 25 03:27:50 UTC 2013 + Serial Number (hex): 008bb856f0f4fe9ca21e3ab3e95987506e + Revoked at: Wed Sep 25 08:56:19 UTC 2013 + Serial Number (hex): 00804548e18c73fb796f40482d627b3dcc + Revoked at: Wed Sep 25 12:48:04 UTC 2013 + Serial Number (hex): 00a3ec3846958f8a29a9bb57d46ac80cff + Revoked at: Wed Sep 25 13:02:33 UTC 2013 + Serial Number (hex): 00c25dcecdd4638e32b31e625d221eceef + Revoked at: Wed Sep 25 13:47:59 UTC 2013 + Serial Number (hex): 7f158ea3a97c81bd9ce44335dca41da8 + Revoked at: Wed Sep 25 14:01:52 UTC 2013 + Serial Number (hex): 00edb33da675eaea0e7acb12bff7cf98ff + Revoked at: Wed Sep 25 14:42:37 UTC 2013 + Serial Number (hex): 24677433f952de491befe02a26aab9b2 + Revoked at: Wed Sep 25 15:21:20 UTC 2013 + Serial Number (hex): 0090abd8820263483e6f8e8ce971b4be11 + Revoked at: Wed Sep 25 15:59:59 UTC 2013 + Serial Number (hex): 3207423b165aae5797fa8493096d68e1 + Revoked at: Wed Sep 25 16:23:10 UTC 2013 + Serial Number (hex): 00f2591c994a756f809a4976d9db970de7 + Revoked at: Wed Sep 25 17:14:09 UTC 2013 + Serial Number (hex): 00b1351f16e0cc5b9687706f12973a95f2 + Revoked at: Wed Sep 25 17:14:27 UTC 2013 + Serial Number (hex): 385913ebb93c0e5de83931d363ef34f6 + Revoked at: Wed Sep 25 17:14:45 UTC 2013 + Serial Number (hex): 00ff3f4aa1ebd4b8a9b221654724d50ab2 + Revoked at: Wed Sep 25 17:25:27 UTC 2013 + Serial Number (hex): 008854e936afe9619e991211008ab578d1 + Revoked at: Wed Sep 25 19:04:32 UTC 2013 + Serial Number (hex): 00bb5ef0b06d2ab81fa5c6e00848ebdd14 + Revoked at: Wed Sep 25 19:55:00 UTC 2013 + Serial Number (hex): 3dfebc77c319ee1a4d203636bda0f29d + Revoked at: Thu Sep 26 10:52:49 UTC 2013 + Serial Number (hex): 00c88274f093de5ba878608bf477e0b3d5 + Revoked at: Thu Sep 26 11:05:23 UTC 2013 + Serial Number (hex): 0cd0bff7339408f10d56d0bb1bef16d2 + Revoked at: Thu Sep 26 12:52:05 UTC 2013 + Serial Number (hex): 00843c167380abd0a28bb5663fad07bb97 + Revoked at: Thu Sep 26 14:31:05 UTC 2013 + Serial Number (hex): 672e73ee00bebfeb65d6109120433a06 + Revoked at: Thu Sep 26 14:31:41 UTC 2013 + Serial Number (hex): 592292c458159a19571c47002765e34a + Revoked at: Thu Sep 26 14:40:32 UTC 2013 + Serial Number (hex): 0085abb251acdb4b07492f2c31e79d5beb + Revoked at: Thu Sep 26 14:52:33 UTC 2013 + Serial Number (hex): 69bbccdc82c9da061371fdc2892cdc9d + Revoked at: Thu Sep 26 14:52:37 UTC 2013 + Serial Number (hex): 00b9dad8b85cef5410c5f56ea008140312 + Revoked at: Thu Sep 26 15:02:28 UTC 2013 + Serial Number (hex): 00fca849171938c577a0710f69ac05701b + Revoked at: Thu Sep 26 15:32:20 UTC 2013 + Serial Number (hex): 6767937cc87fb635023b49be7aa87a81 + Revoked at: Thu Sep 26 15:41:03 UTC 2013 + Serial Number (hex): 008baed8a9f5fdaaf69aed8a418f90fefe + Revoked at: Thu Sep 26 16:32:24 UTC 2013 + Serial Number (hex): 00facff20e8d39509b83142f489d852ac5 + Revoked at: Thu Sep 26 18:17:25 UTC 2013 + Serial Number (hex): 103507e80daecf6ef219d85e7a4a4cb2 + Revoked at: Thu Sep 26 19:12:26 UTC 2013 + Serial Number (hex): 00f9736bd04093cefed7030e1ca3448be3 + Revoked at: Thu Sep 26 19:39:29 UTC 2013 + Serial Number (hex): 330bdcfcd4a1fe799077415229ab9909 + Revoked at: Thu Sep 26 19:40:57 UTC 2013 + Serial Number (hex): 00aead49a1309508bc889b166041915e57 + Revoked at: Thu Sep 26 19:43:31 UTC 2013 + Serial Number (hex): 00dfae197c3653b24be425998fc72ea7b4 + Revoked at: Thu Sep 26 19:44:51 UTC 2013 + Serial Number (hex): 00bf27198e0a49c359f2a2c22864400278 + Revoked at: Thu Sep 26 19:46:00 UTC 2013 + Serial Number (hex): 008a1b5ab6169ff88ff5d09da4844970b9 + Revoked at: Thu Sep 26 21:10:00 UTC 2013 + Serial Number (hex): 640e0b4b9994cf70662b6925d6620d7e + Revoked at: Fri Sep 27 07:52:01 UTC 2013 + Serial Number (hex): 008c4ecf328d267d7ee3f2d2d5afcd94bb + Revoked at: Fri Sep 27 07:52:20 UTC 2013 + Serial Number (hex): 00f008f1c47fc68c317dabc055d6df454e + Revoked at: Fri Sep 27 08:31:23 UTC 2013 + Serial Number (hex): 00dc1065e864fd1e98bfdf489dda1b0996 + Revoked at: Fri Sep 27 08:42:56 UTC 2013 + Serial Number (hex): 510ef4ed693ffccd47eca23826184c47 + Revoked at: Fri Sep 27 09:43:45 UTC 2013 + Serial Number (hex): 1a05f6050929c631490493eccac64978 + Revoked at: Fri Sep 27 10:52:50 UTC 2013 + Serial Number (hex): 0089b9cfeac3e5ee6059fa6c2b05b2f24d + Revoked at: Fri Sep 27 11:28:34 UTC 2013 + Serial Number (hex): 00b76dfd74cbbe90d8a8221b689d426146 + Revoked at: Fri Sep 27 15:57:43 UTC 2013 + Serial Number (hex): 00f9a2d5f08ddf7673f6648610aab63529 + Revoked at: Fri Sep 27 15:57:50 UTC 2013 + Serial Number (hex): 1df225599a072df62c5b7a2cd1500f8b + Revoked at: Fri Sep 27 16:38:25 UTC 2013 + Serial Number (hex): 4f0e4cee1c776e0226dd3414aee0e3e1 + Revoked at: Fri Sep 27 16:46:52 UTC 2013 + Serial Number (hex): 00f441f8600154435ee1e034f0109b611b + Revoked at: Fri Sep 27 17:55:03 UTC 2013 + Serial Number (hex): 00d434cd081d032c275676feda91ce290f + Revoked at: Fri Sep 27 18:39:32 UTC 2013 + Serial Number (hex): 4f5790393b3583faaeb8bc9cddb2f944 + Revoked at: Fri Sep 27 19:45:54 UTC 2013 + Serial Number (hex): 00863a43c54fbbfe1fcc5ec6343e9a6e72 + Revoked at: Fri Sep 27 20:46:14 UTC 2013 + Serial Number (hex): 20fb250e5d5dc0dc79b13176409d9623 + Revoked at: Fri Sep 27 21:54:00 UTC 2013 + Serial Number (hex): 009bc5f702bbe11d33fbea302097ff74f5 + Revoked at: Fri Sep 27 21:54:52 UTC 2013 + Serial Number (hex): 64e82c50bd9f46c5577813aa20b9c76d + Revoked at: Fri Sep 27 21:55:23 UTC 2013 + Serial Number (hex): 43383dbf41319d1e0e698b899d5b2794 + Revoked at: Fri Sep 27 21:55:56 UTC 2013 + Serial Number (hex): 008f1bd9e3365eeaab942464cb8556512f + Revoked at: Fri Sep 27 21:57:05 UTC 2013 + Serial Number (hex): 00f1698d06cfea78d3a9866e8eef66a445 + Revoked at: Sat Sep 28 00:01:29 UTC 2013 + Serial Number (hex): 2da41aaf47fedd7490c33cacad82c4ca + Revoked at: Sat Sep 28 02:13:03 UTC 2013 + Serial Number (hex): 11eef233d6ac077fc0e8ed0d363aca35 + Revoked at: Sat Sep 28 15:55:33 UTC 2013 + Serial Number (hex): 00a9f93b5b355f1480f6e51fe41d136b43 + Revoked at: Sat Sep 28 21:26:06 UTC 2013 + Serial Number (hex): 31758dd353a4a53e70514f17dcf6d084 + Revoked at: Sun Sep 29 02:13:06 UTC 2013 + Serial Number (hex): 6cf928986c761288d77183a756d0d2e4 + Revoked at: Sun Sep 29 16:29:02 UTC 2013 + Serial Number (hex): 00d7d7ef64718b0e38cfd8b41098c96c7a + Revoked at: Sun Sep 29 16:39:22 UTC 2013 + Serial Number (hex): 30ae15ad36d34b7c566a00c3431cf0a8 + Revoked at: Mon Sep 30 01:43:10 UTC 2013 + Serial Number (hex): 00f100b31926c6bcb00c786bd737d732c8 + Revoked at: Mon Sep 30 02:13:04 UTC 2013 + Serial Number (hex): 60ed6d40cda200cd51dcf43ea55e71d5 + Revoked at: Mon Sep 30 06:55:03 UTC 2013 + Serial Number (hex): 00ed53c87c2ffe2f4af4a34f07a82f1677 + Revoked at: Mon Sep 30 08:15:05 UTC 2013 + Serial Number (hex): 00a09a01a10cfea2d2305b06b0816bf0ed + Revoked at: Mon Sep 30 09:25:07 UTC 2013 + Serial Number (hex): 00d059a13f94259667464f47123284bd6f + Revoked at: Mon Sep 30 11:07:22 UTC 2013 + Serial Number (hex): 7e431091d142cf70cf4a18fcc94f9a9b + Revoked at: Mon Sep 30 14:37:26 UTC 2013 + Serial Number (hex): 1073fa769196bdc7ff2c324df7119033 + Revoked at: Mon Sep 30 15:56:47 UTC 2013 + Serial Number (hex): 00a34b3a8f8d5e7bf99b005f8e9f7d7a52 + Revoked at: Mon Sep 30 15:56:53 UTC 2013 + Serial Number (hex): 00e5fa85848435842a70e2d7ee7fdff545 + Revoked at: Mon Sep 30 18:17:44 UTC 2013 + Serial Number (hex): 0086e03dbb3ee84074e7e901224899e64f + Revoked at: Mon Sep 30 18:19:16 UTC 2013 + Serial Number (hex): 00a1ffcf5a2158a049a71881a3ad9badf1 + Revoked at: Mon Sep 30 18:22:26 UTC 2013 + Serial Number (hex): 00e09a784b66f459c2749aacae3065b9ae + Revoked at: Mon Sep 30 18:22:28 UTC 2013 + Serial Number (hex): 33b48d20a26e9726dbad62ff0b44f620 + Revoked at: Mon Sep 30 18:22:40 UTC 2013 + Serial Number (hex): 625420c93f099a5a2a328b48f173a5fb + Revoked at: Mon Sep 30 18:29:17 UTC 2013 + Serial Number (hex): 2f3d6ef08fa1991327c5320241592156 + Revoked at: Mon Sep 30 18:30:10 UTC 2013 + Serial Number (hex): 1a279758189af812f66bd53fa5b2fac8 + Revoked at: Mon Sep 30 20:03:38 UTC 2013 + Serial Number (hex): 548f5e4e9bf7b385222e4f5cf4ae86cf + Revoked at: Mon Sep 30 20:07:24 UTC 2013 + Serial Number (hex): 33a936c54d4eb522a52591ad461f46fa + Revoked at: Tue Oct 01 14:49:43 UTC 2013 + Serial Number (hex): 7e54756042331e12ef07bb194038fc47 + Revoked at: Tue Oct 01 14:56:24 UTC 2013 + Serial Number (hex): 0d76fad955947eed0fd821a1a00ab091 + Revoked at: Tue Oct 01 15:21:37 UTC 2013 + Serial Number (hex): 00e87456a44d5edf589bc4be79326174d6 + Revoked at: Tue Oct 01 15:22:58 UTC 2013 + Serial Number (hex): 3229bc66d64de221b2f10aa45fb2cb98 + Revoked at: Tue Oct 01 15:24:23 UTC 2013 + Serial Number (hex): 72c551c370d666d7796ab9c73c2f3722 + Revoked at: Tue Oct 01 17:17:14 UTC 2013 + Serial Number (hex): 1b40f3db258fb7a0214e9607974cf600 + Revoked at: Tue Oct 01 18:03:24 UTC 2013 + Serial Number (hex): 071e05e8d67d81160a88a7d5a39b5508 + Revoked at: Tue Oct 01 18:21:45 UTC 2013 + Serial Number (hex): 477bc727daca62b3a087eac92c98bc54 + Revoked at: Tue Oct 01 19:05:23 UTC 2013 + Serial Number (hex): 00a9ac09b5c59e15fe3b5f8be1c9afbd99 + Revoked at: Tue Oct 01 19:06:53 UTC 2013 + Serial Number (hex): 008d0391e76537cce3812662153a8d8d96 + Revoked at: Tue Oct 01 19:15:42 UTC 2013 + Serial Number (hex): 5fabcd2b2688967c4ebf52dc55671003 + Revoked at: Tue Oct 01 19:17:14 UTC 2013 + Serial Number (hex): 008d425b6beda3fe0e61f08ba3cabff32d + Revoked at: Tue Oct 01 19:19:19 UTC 2013 + Serial Number (hex): 1d80e109c8d0670f70dabf4c0969be61 + Revoked at: Tue Oct 01 19:24:08 UTC 2013 + Serial Number (hex): 26bf6b6a25c09aab7d90ac08a1b85455 + Revoked at: Tue Oct 01 19:25:42 UTC 2013 + Serial Number (hex): 36e45dcc80f254645698f12466aa4b7d + Revoked at: Tue Oct 01 19:36:12 UTC 2013 + Serial Number (hex): 00cf1dd6af3ec6a77aa5f033684701e22c + Revoked at: Tue Oct 01 19:44:57 UTC 2013 + Serial Number (hex): 008d319cde89ce2cf49d056fc465c7061a + Revoked at: Tue Oct 01 19:47:59 UTC 2013 + Serial Number (hex): 00d6ef52ce989cef5a2474eaa50611c180 + Revoked at: Tue Oct 01 19:48:43 UTC 2013 + Serial Number (hex): 47de226675e44cb82e8d7ecb5e72e83e + Revoked at: Tue Oct 01 19:48:57 UTC 2013 + Serial Number (hex): 00de3f3ccb64fbdad547422b7cdda306f6 + Revoked at: Tue Oct 01 19:49:29 UTC 2013 + Serial Number (hex): 54b8c2e5645a1fa709fc31a657a18a80 + Revoked at: Tue Oct 01 19:50:00 UTC 2013 + Serial Number (hex): 54e9e5c2dbbbbf3025fb03aef72a1f + Revoked at: Tue Oct 01 21:36:00 UTC 2013 + Serial Number (hex): 492253fa099dd86cb5e95940bc325ff3 + Revoked at: Wed Oct 02 06:12:59 UTC 2013 + Serial Number (hex): 5c809d9fd6251d920f0bcad84b951294 + Revoked at: Wed Oct 02 14:26:46 UTC 2013 + Serial Number (hex): 166fb8c5eb68fbebd2831732eb94b36c + Revoked at: Wed Oct 02 14:26:50 UTC 2013 + Serial Number (hex): 609921e04edea2ca9f014f936813578c + Revoked at: Wed Oct 02 17:25:01 UTC 2013 + Serial Number (hex): 3fa758f987f34e28f852758b29b0b726 + Revoked at: Wed Oct 02 18:08:47 UTC 2013 + Serial Number (hex): 008a65b4973cedd1091a481eb67fc2b948 + Revoked at: Wed Oct 02 18:37:25 UTC 2013 + Serial Number (hex): 05ea606bd76ccc6689c570b370990c37 + Revoked at: Wed Oct 02 19:23:07 UTC 2013 + Serial Number (hex): 00d5c5088f743ac47b67196cdbe270cfbc + Revoked at: Wed Oct 02 19:36:26 UTC 2013 + Serial Number (hex): 008fc6d69b614cd04e56f787420abe342e + Revoked at: Wed Oct 02 22:58:20 UTC 2013 + Serial Number (hex): 0ae5f04721092bf25aa8013fee4178e9 + Revoked at: Thu Oct 03 00:04:35 UTC 2013 + Serial Number (hex): 00d00c443a08a5f2a5241225a27b13df68 + Revoked at: Thu Oct 03 00:04:44 UTC 2013 + Serial Number (hex): 009bd2f32e22e6b6db7a185727f0bf8b51 + Revoked at: Thu Oct 03 00:04:54 UTC 2013 + Serial Number (hex): 00c793e3f95b8f688baf041f2f6079e266 + Revoked at: Thu Oct 03 00:12:38 UTC 2013 + Serial Number (hex): 00cfcfff7b892aa5ddbb86a89420519396 + Revoked at: Thu Oct 03 06:35:53 UTC 2013 + Serial Number (hex): 52a85ebc363e217b78102bbed82e4f8e + Revoked at: Thu Oct 03 12:46:39 UTC 2013 + Serial Number (hex): 55d24806b4ab4f911db1007bad1d6685 + Revoked at: Thu Oct 03 13:18:26 UTC 2013 + Serial Number (hex): 00c8c7a869d166b5350fafb16834fade2a + Revoked at: Thu Oct 03 13:26:40 UTC 2013 + Serial Number (hex): 00dca425237fa08979ef4668ff667891d5 + Revoked at: Thu Oct 03 13:28:25 UTC 2013 + Serial Number (hex): 00f54479c105a2ca87a7a054cdf408e669 + Revoked at: Thu Oct 03 13:35:15 UTC 2013 + Serial Number (hex): 4e9bb801faf3b8179b0d73c0894b151e + Revoked at: Thu Oct 03 13:46:10 UTC 2013 + Serial Number (hex): 3f20d719c08f53774d18de26056b95f9 + Revoked at: Thu Oct 03 14:25:24 UTC 2013 + Serial Number (hex): 2d5f595fbf6a21f8f8641ca1224b4297 + Revoked at: Thu Oct 03 14:32:16 UTC 2013 + Serial Number (hex): 1fcd3076638cc1ad7fc99f0a0d9f1c08 + Revoked at: Thu Oct 03 15:12:14 UTC 2013 + Serial Number (hex): 0228fe4350284f61d069ab95b7eab2af + Revoked at: Thu Oct 03 15:16:29 UTC 2013 + Serial Number (hex): 00f14ebcd8f8f29a0a6cb43a6500a6b64d + Revoked at: Thu Oct 03 15:35:02 UTC 2013 + Serial Number (hex): 6fc2215f905434db81aa6091ef82a624 + Revoked at: Thu Oct 03 15:45:15 UTC 2013 + Serial Number (hex): 00b27f72014a44fca70e84f5a6d31dcde5 + Revoked at: Thu Oct 03 15:55:43 UTC 2013 + Serial Number (hex): 35617602e0548006a6d0959e32eeee62 + Revoked at: Thu Oct 03 20:36:03 UTC 2013 + Serial Number (hex): 00b1f196bbaf5eeff68b885665118a36f7 + Revoked at: Thu Oct 03 21:44:25 UTC 2013 + Serial Number (hex): 00a8e4d523a5649603a9eb4889a7864d6a + Revoked at: Fri Oct 04 04:38:38 UTC 2013 + Serial Number (hex): 33eeb64f1987e3f00d4b85648677313f + Revoked at: Fri Oct 04 04:39:01 UTC 2013 + Serial Number (hex): 00edc515155fea779e6621bd95beee3193 + Revoked at: Fri Oct 04 12:00:58 UTC 2013 + Serial Number (hex): 00ae33cd21a6d2ddf94fb82d2ed1055fd5 + Revoked at: Fri Oct 04 15:04:20 UTC 2013 + Serial Number (hex): 008d7cc8dc1cf895e8e8f3a774b1dba404 + Revoked at: Fri Oct 04 16:24:35 UTC 2013 + Serial Number (hex): 064bf7f51dccfd90c9e995a18873978e + Revoked at: Fri Oct 04 17:34:32 UTC 2013 + Serial Number (hex): 6a57ca6027b7e5fcb68f74c39ca939bb + Revoked at: Fri Oct 04 17:49:03 UTC 2013 + Serial Number (hex): 5a5ef2d8f9a75df4eab3a22ce0b6defc + Revoked at: Fri Oct 04 17:59:34 UTC 2013 + Serial Number (hex): 00806aae7dc53a21ba9c5934c350d8ece9 + Revoked at: Fri Oct 04 19:12:32 UTC 2013 + Serial Number (hex): 635b7c3ed7834eb6010f7221a51b1dba + Revoked at: Fri Oct 04 19:37:36 UTC 2013 + Serial Number (hex): 334375208f10970620369e4737a60194 + Revoked at: Fri Oct 04 20:13:04 UTC 2013 + Serial Number (hex): 00b041f6b01d2eb650096e56be35b107cd + Revoked at: Fri Oct 04 20:34:15 UTC 2013 + Serial Number (hex): 4c817f4015f3fbf3e186439136dd1d27 + Revoked at: Fri Oct 04 20:35:32 UTC 2013 + Serial Number (hex): 522c2e915379d7f87748f613fbcf42b0 + Revoked at: Fri Oct 04 20:40:04 UTC 2013 + Serial Number (hex): 61a61094705a51adc25efeb498accfa2 + Revoked at: Fri Oct 04 20:46:58 UTC 2013 + Serial Number (hex): 0099dcc60ceb81f77b6241196d0b4e4e7d + Revoked at: Fri Oct 04 20:48:59 UTC 2013 + Serial Number (hex): 7f1959b0255f8f9624aea469a7b6249e + Revoked at: Fri Oct 04 20:56:20 UTC 2013 + Serial Number (hex): 00bacb3a13ad08f4011e668c2e34727926 + Revoked at: Fri Oct 04 21:09:05 UTC 2013 + Serial Number (hex): 7829e0bc6f73d17bd8c8c96638d7b874 + Revoked at: Fri Oct 04 21:09:23 UTC 2013 + Serial Number (hex): 0081f511879eb8ca9881fdc00eea1f84c0 + Revoked at: Fri Oct 04 21:09:36 UTC 2013 + Serial Number (hex): 6b506ffd8ec7baec55d6090195c6d86c + Revoked at: Fri Oct 04 21:43:21 UTC 2013 + Serial Number (hex): 00eddd4b2aa5d5c0d8cf869a3babf692ef + Revoked at: Fri Oct 04 21:47:46 UTC 2013 + Serial Number (hex): 47530688a71424799484469593258f12 + Revoked at: Sat Oct 05 02:13:04 UTC 2013 + Serial Number (hex): 00f84b33f8fbaa3b7d2c4c483aed45841a + Revoked at: Sun Oct 06 23:12:57 UTC 2013 + Serial Number (hex): 23363bfe292840d4fecd714e004e2966 + Revoked at: Mon Oct 07 02:13:05 UTC 2013 + Serial Number (hex): 72f4d0be3f8a1d83db763b830418e0f2 + Revoked at: Mon Oct 07 07:30:17 UTC 2013 + Serial Number (hex): 00e6f81ea7919fcaabdbc7f49c7282f622 + Revoked at: Mon Oct 07 14:15:22 UTC 2013 + Serial Number (hex): 00a6b004d5d1211c25dde812eb53728d41 + Revoked at: Mon Oct 07 14:27:16 UTC 2013 + Serial Number (hex): 00a08a4473e8c6ddcead30447895adc71d + Revoked at: Mon Oct 07 16:00:04 UTC 2013 + Serial Number (hex): 00d901afb0b15fab6e66ae6fc7e7e6f893 + Revoked at: Mon Oct 07 16:56:11 UTC 2013 + Serial Number (hex): 28ae176984b3b357de1fc8a1fc36a886 + Revoked at: Mon Oct 07 17:45:32 UTC 2013 + Serial Number (hex): 00ae2d60504e4d9dfc828671ef2911d078 + Revoked at: Mon Oct 07 18:55:23 UTC 2013 + Serial Number (hex): 00eea2b5a7559f4393ef1b1b1b50193f1c + Revoked at: Mon Oct 07 20:38:38 UTC 2013 + Serial Number (hex): 00916a5d858d2ec3c11e8fcec4c5eed3a5 + Revoked at: Tue Oct 08 02:13:04 UTC 2013 + Serial Number (hex): 00d598a00da109a20b73c6ec9891e6c7d3 + Revoked at: Tue Oct 08 02:13:05 UTC 2013 + Serial Number (hex): 6f7136babe43b498bfda413bb22b5a49 + Revoked at: Tue Oct 08 13:13:21 UTC 2013 + Serial Number (hex): 06a90a9d1a61aa1d02f7f1e9d6dff6be + Revoked at: Tue Oct 08 13:50:14 UTC 2013 + Serial Number (hex): 00b093d12670d9b29a32a66c6e16866ac5 + Revoked at: Tue Oct 08 14:11:31 UTC 2013 + Serial Number (hex): 77729d9ef77d7ed82d36225938b4080a + Revoked at: Tue Oct 08 15:17:48 UTC 2013 + Serial Number (hex): 009c293dab000dfb77d4150fc841defe2c + Revoked at: Tue Oct 08 15:51:54 UTC 2013 + Serial Number (hex): 0248909bdeda28e11f60481643204f6b + Revoked at: Tue Oct 08 16:47:07 UTC 2013 + Serial Number (hex): 009ef87a7fdaefa18c9dbc3004a240f0cc + Revoked at: Tue Oct 08 16:55:27 UTC 2013 + Serial Number (hex): 6776fffe139dae8f48b91f7687c9c6df + Revoked at: Tue Oct 08 18:18:58 UTC 2013 + Serial Number (hex): 4d9f8effb18670a296f49257f50a49fd + Revoked at: Tue Oct 08 18:24:59 UTC 2013 + Serial Number (hex): 00c80c9c00b5984ddedc35a190b8985525 + Revoked at: Tue Oct 08 18:55:57 UTC 2013 + Serial Number (hex): 00bbf9bb8eda888176c5fa8cac345e4e63 + Revoked at: Tue Oct 08 19:02:35 UTC 2013 + Serial Number (hex): 62419736bf9ce6897361e0090ca718db + Revoked at: Tue Oct 08 20:45:03 UTC 2013 + Serial Number (hex): 776b2e1c03a4d166d071b2e38fd7eba8 + Revoked at: Wed Oct 09 09:20:24 UTC 2013 + Serial Number (hex): 00afe10f184eacc4cb30647b073a0ea31c + Revoked at: Wed Oct 09 09:20:24 UTC 2013 + Serial Number (hex): 00e02a259328131d4ae13019bea6105399 + Revoked at: Wed Oct 09 09:20:33 UTC 2013 + Serial Number (hex): 2f6fe30469107e737c72586d1d36e91d + Revoked at: Wed Oct 09 09:20:40 UTC 2013 + Serial Number (hex): 009933cdb4a03c9b7e43ad03c7c352ca35 + Revoked at: Wed Oct 09 09:20:48 UTC 2013 + Serial Number (hex): 00f3438d1eb9ec02cd9b132425aa7dbc1e + Revoked at: Wed Oct 09 09:20:56 UTC 2013 + Serial Number (hex): 6eec78b095661c9854aa97ec275481b1 + Revoked at: Wed Oct 09 13:24:31 UTC 2013 + Serial Number (hex): 419c9a2c527e2e44eb879110d023539d + Revoked at: Wed Oct 09 14:15:07 UTC 2013 + Serial Number (hex): 5db84acb95976703d50f2768301a1d46 + Revoked at: Wed Oct 09 14:26:25 UTC 2013 + Serial Number (hex): 33b9a1b53ba827db0a8806c0bcfaf7f4 + Revoked at: Wed Oct 09 14:28:01 UTC 2013 + Serial Number (hex): 52c4b64b42a9b1f54c8b9c72c81b6059 + Revoked at: Wed Oct 09 15:35:28 UTC 2013 + Serial Number (hex): 27388db06d77b2afdce35a3b4a64bf4f + Revoked at: Wed Oct 09 18:30:35 UTC 2013 + Serial Number (hex): 7e07a43a17fa8c8045d1d6ba2c2a937c + Revoked at: Wed Oct 09 18:42:32 UTC 2013 + Serial Number (hex): 00b0c5966f230072732904d0a6af8db59a + Revoked at: Wed Oct 09 19:11:05 UTC 2013 + Serial Number (hex): 00c7df17f6662697f298399af0bb88ff70 + Revoked at: Wed Oct 09 19:11:24 UTC 2013 + Serial Number (hex): 22f38d90ae3f535b78c9430b34614502 + Revoked at: Wed Oct 09 19:51:39 UTC 2013 + Serial Number (hex): 0d8543c86213b99c6147dd1fbdf9ab4e + Revoked at: Thu Oct 10 12:10:00 UTC 2013 + Serial Number (hex): 125ad8660c6530d282e7820fc1631ca0 + Revoked at: Thu Oct 10 13:11:06 UTC 2013 + Serial Number (hex): 00a1ad289c1bd7c8885404a5775708b6 + Revoked at: Thu Oct 10 13:24:08 UTC 2013 + Serial Number (hex): 15b273068ebde35cde5997b763ce53c3 + Revoked at: Thu Oct 10 13:24:26 UTC 2013 + Serial Number (hex): 139c19e41df22874e8b07d17ea4d97fb + Revoked at: Thu Oct 10 14:36:12 UTC 2013 + Serial Number (hex): 0095f84a136c3e0175d080c577f3e0c58c + Revoked at: Thu Oct 10 16:15:11 UTC 2013 + Serial Number (hex): 59c0f7af3108a4d48c804b8a03f43c92 + Revoked at: Thu Oct 10 16:21:39 UTC 2013 + Serial Number (hex): 7433665069d8918595c0aa583b14e075 + Revoked at: Thu Oct 10 17:02:25 UTC 2013 + Serial Number (hex): 2ee64098c70db972908ad0d7c4c733f8 + Revoked at: Thu Oct 10 17:24:55 UTC 2013 + Serial Number (hex): 00fe730da64010452aaa1e25ce5d2632d0 + Revoked at: Thu Oct 10 17:31:02 UTC 2013 + Serial Number (hex): 00f1065e7d4e7c04346821a5626aaf8a2d + Revoked at: Thu Oct 10 17:31:18 UTC 2013 + Serial Number (hex): 13e9dd49202b37992691cf3c47d740eb + Revoked at: Thu Oct 10 17:31:31 UTC 2013 + Serial Number (hex): 00a1087d3b65c0e769cf36f05cd90d0084 + Revoked at: Thu Oct 10 17:40:56 UTC 2013 + Serial Number (hex): 00d037828ca4c4608b5c42aef1926e1585 + Revoked at: Thu Oct 10 17:55:11 UTC 2013 + Serial Number (hex): 4fbdb60e2bfa37882987f92501b1d17e + Revoked at: Thu Oct 10 18:11:44 UTC 2013 + Serial Number (hex): 0cc1b6f06ae7fd3a6802ed6209487efb + Revoked at: Thu Oct 10 18:39:44 UTC 2013 + Serial Number (hex): 00b8fe38701afb7c9cc04dc77d005a641e + Revoked at: Thu Oct 10 19:05:38 UTC 2013 + Serial Number (hex): 59dcd85bbaa82e7a66334a336c0d071d + Revoked at: Thu Oct 10 19:05:42 UTC 2013 + Serial Number (hex): 539ae2b086c95bbd666668f08065aa12 + Revoked at: Thu Oct 10 19:17:27 UTC 2013 + Serial Number (hex): 7a494ac86931a0def998dc7a4511121e + Revoked at: Thu Oct 10 19:22:53 UTC 2013 + Serial Number (hex): 77667df798ca7dbede8843cf70770f0d + Revoked at: Thu Oct 10 20:17:40 UTC 2013 + Serial Number (hex): 719935078757b3db8b26f971bbcc99c6 + Revoked at: Fri Oct 11 03:10:57 UTC 2013 + Serial Number (hex): 3fbeefad3b5319476b2c5797e08bdf32 + Revoked at: Fri Oct 11 08:01:56 UTC 2013 + Serial Number (hex): 77f24e6aa14940a62095e2735ec1665c + Revoked at: Fri Oct 11 10:32:03 UTC 2013 + Serial Number (hex): 00e5c8b51cecfe3b8421e986bd5c99c0ad + Revoked at: Fri Oct 11 12:21:32 UTC 2013 + Serial Number (hex): 00cd5bfcfd672fdce269bb2a835c69f681 + Revoked at: Fri Oct 11 17:23:32 UTC 2013 + Serial Number (hex): 00c79ea061a759852ee184f04dbe16c0f6 + Revoked at: Fri Oct 11 18:25:01 UTC 2013 + Serial Number (hex): 21f9a3cb2c7c85e5df80b00ab838f824 + Revoked at: Fri Oct 11 18:25:10 UTC 2013 + Serial Number (hex): 5505bd66d3d7b6e9642eb5e24e7901a3 + Revoked at: Fri Oct 11 19:20:11 UTC 2013 + Serial Number (hex): 4008c1861f9229802c06df61c8560512 + Revoked at: Fri Oct 11 19:43:00 UTC 2013 + Serial Number (hex): 00b5f5d17e71e8a4d8d955133721e74f3d + Revoked at: Fri Oct 11 19:55:04 UTC 2013 + Serial Number (hex): 00a4e71a1b70155f67d861803181225ec5 + Revoked at: Fri Oct 11 22:18:18 UTC 2013 + Serial Number (hex): 6f74b5bf28687a26b3d259a6fb2dfd45 + Revoked at: Sat Oct 12 02:13:05 UTC 2013 + Serial Number (hex): 009abab5680ae3fed444872dd9b655de63 + Revoked at: Sat Oct 12 02:13:05 UTC 2013 + Serial Number (hex): 00ace3cb2f0bc6f1bda197a80362184931 + Revoked at: Sun Oct 13 02:13:07 UTC 2013 + Serial Number (hex): 00c094e35085e7874640656ea91b714704 + Revoked at: Mon Oct 14 11:20:47 UTC 2013 + Serial Number (hex): 1eb0a0f57bb75d25e0c9e2ee55f37f0f + Revoked at: Mon Oct 14 14:01:48 UTC 2013 + Serial Number (hex): 00ba3b7cc153d48ec8e75c3b2acf15c5e5 + Revoked at: Mon Oct 14 14:02:05 UTC 2013 + Serial Number (hex): 16601fe0ddab9c945010bdc3cf380dae + Revoked at: Mon Oct 14 14:06:44 UTC 2013 + Serial Number (hex): 00f38be4156197a103d8838d13ff2a5c8d + Revoked at: Mon Oct 14 14:24:00 UTC 2013 + Serial Number (hex): 00c3a17e61c56a9679febf4692bcceba12 + Revoked at: Mon Oct 14 14:53:13 UTC 2013 + Serial Number (hex): 07afe94d04fee60db15c8c75d06d2b58 + Revoked at: Mon Oct 14 15:13:25 UTC 2013 + Serial Number (hex): 0094330ec0a31d6cf5bf6a8c7cacd9fe5d + Revoked at: Mon Oct 14 15:43:39 UTC 2013 + Serial Number (hex): 00e15882949c6b438f39f12d390ab352e0 + Revoked at: Mon Oct 14 16:20:01 UTC 2013 + Serial Number (hex): 0098ed3eed6335207bdf0e30fe33cc67b1 + Revoked at: Mon Oct 14 16:27:33 UTC 2013 + Serial Number (hex): 3537a9c75b2bc226e0e22fb17b74952e + Revoked at: Mon Oct 14 17:47:52 UTC 2013 + Serial Number (hex): 00831d6ae9b61eaff08706d888a893606d + Revoked at: Mon Oct 14 17:50:18 UTC 2013 + Serial Number (hex): 00abfab188384d2eb18921e9a134d62d08 + Revoked at: Mon Oct 14 18:15:46 UTC 2013 + Serial Number (hex): 6fdebf5857ea1a70f63117422d385cf2 + Revoked at: Mon Oct 14 19:41:24 UTC 2013 + Serial Number (hex): 65d84de108afb67014291f6eb7805031 + Revoked at: Mon Oct 14 21:32:20 UTC 2013 + Serial Number (hex): 008e5ba8c0d0dbe2c193f9c9256314d9b4 + Revoked at: Tue Oct 15 02:13:06 UTC 2013 + Serial Number (hex): 580efe51f8d38627092181a4063ebe4e + Revoked at: Tue Oct 15 07:49:20 UTC 2013 + Serial Number (hex): 4933c57d1e0402e2effae89f8f0f06ca + Revoked at: Tue Oct 15 07:49:38 UTC 2013 + Serial Number (hex): 4bdcb8a60dc3570b830d2babd21afe21 + Revoked at: Tue Oct 15 08:12:03 UTC 2013 + Serial Number (hex): 635202f3da89e98a4b799e463dc1c0dc + Revoked at: Tue Oct 15 12:55:42 UTC 2013 + Serial Number (hex): 46c0f75afd732fb50dd8740a3c27c4da + Revoked at: Tue Oct 15 13:25:52 UTC 2013 + Serial Number (hex): 40253e0bcddfb4768d9ce2c25160f7e0 + Revoked at: Tue Oct 15 14:15:57 UTC 2013 + Serial Number (hex): 00e701c8743b2f0a46ae827f53a2ed1727 + Revoked at: Tue Oct 15 14:16:02 UTC 2013 + Serial Number (hex): 00cceef7305fb8491914a2868f3893f53b + Revoked at: Tue Oct 15 15:20:27 UTC 2013 + Serial Number (hex): 0084c98adffde847b0b4ab527c3d6fc2c2 + Revoked at: Tue Oct 15 16:08:17 UTC 2013 + Serial Number (hex): 00c5e65fd07788168efaf42f8b24f0d930 + Revoked at: Tue Oct 15 17:08:15 UTC 2013 + Serial Number (hex): 00bfc373e3a043c75c0ce25fde8b631300 + Revoked at: Tue Oct 15 17:08:20 UTC 2013 + Serial Number (hex): 10e9fbfa3d035a7ca261be70b9a30705 + Revoked at: Tue Oct 15 17:40:08 UTC 2013 + Serial Number (hex): 5e43b67f14569c6abe0b4668c6074870 + Revoked at: Tue Oct 15 17:40:20 UTC 2013 + Serial Number (hex): 154fd0a8dc103d38ab29f539f76c82fc + Revoked at: Tue Oct 15 17:40:37 UTC 2013 + Serial Number (hex): 00bb2a30871a7d1f6e22360feefb327525 + Revoked at: Tue Oct 15 18:50:53 UTC 2013 + Serial Number (hex): 09cc5b5e5a1d61b430f7ca74ffb78b7d + Revoked at: Tue Oct 15 18:51:20 UTC 2013 + Serial Number (hex): 6ada82e4deb73f734beec685f4a93756 + Revoked at: Tue Oct 15 18:51:53 UTC 2013 + Serial Number (hex): 0db363879815083ad134ee2a620ec208 + Revoked at: Tue Oct 15 18:52:21 UTC 2013 + Serial Number (hex): 2cea38cf34418f11b2b5db002b1372b9 + Revoked at: Tue Oct 15 18:52:47 UTC 2013 + Serial Number (hex): 621d35d1ec436fd926fde308e5e6b70d + Revoked at: Tue Oct 15 19:57:02 UTC 2013 + Serial Number (hex): 417462117c12ff58a5b04105b6e5b240 + Revoked at: Tue Oct 15 19:58:48 UTC 2013 + Serial Number (hex): 00cd1b5c092a84188c63f1a50a1987a6b8 + Revoked at: Tue Oct 15 20:51:57 UTC 2013 + Serial Number (hex): 0887aa8243e23bc1e41fdc6aee88550e + Revoked at: Tue Oct 15 21:48:14 UTC 2013 + Serial Number (hex): 00e5a80eb610ea561cd4f7f1b0b8bf3973 + Revoked at: Tue Oct 15 22:01:26 UTC 2013 + Serial Number (hex): 00f5590d29d727d35b7ab4e08adc8129e9 + Revoked at: Wed Oct 16 00:59:54 UTC 2013 + Serial Number (hex): 160f626961ebd2b54e3ba44ba12fed82 + Revoked at: Wed Oct 16 08:33:14 UTC 2013 + Serial Number (hex): 00afb163259781f067ebe10164d9475290 + Revoked at: Wed Oct 16 09:54:14 UTC 2013 + Serial Number (hex): 119bdcaa39e9bf4ca65e5ce9d8172be2 + Revoked at: Wed Oct 16 10:41:14 UTC 2013 + Serial Number (hex): 00ad8c683255950f5b24cb00b38abf364c + Revoked at: Wed Oct 16 12:09:48 UTC 2013 + Serial Number (hex): 00f3914b01670a1a1d846a1a7e4248b9b8 + Revoked at: Wed Oct 16 14:22:28 UTC 2013 + Serial Number (hex): 72ac9cf765f20b76a9e0cf0a8c225c72 + Revoked at: Wed Oct 16 15:29:00 UTC 2013 + Serial Number (hex): 0719511629f1403d5c62df9d0a7bcc51 + Revoked at: Wed Oct 16 16:01:54 UTC 2013 + Serial Number (hex): 00b59b28ab1cfeb9187b2b16caae661253 + Revoked at: Wed Oct 16 16:02:26 UTC 2013 + Serial Number (hex): 0f581c0944f95abb95b6a4ba5842cc24 + Revoked at: Wed Oct 16 17:16:41 UTC 2013 + Serial Number (hex): 00a147baaa90652381bd645eabb093f1a5 + Revoked at: Wed Oct 16 21:50:52 UTC 2013 + Serial Number (hex): 2a42baf4dd2e768fa17c7da298523322 + Revoked at: Thu Oct 17 09:11:05 UTC 2013 + Serial Number (hex): 00ee0edbc508afc2e73c250b23676c0e17 + Revoked at: Thu Oct 17 12:36:38 UTC 2013 + Serial Number (hex): 00e86ab89022b59ba81d983ca584e0ed35 + Revoked at: Thu Oct 17 12:38:02 UTC 2013 + Serial Number (hex): 00bd69a416141a1f687d820e3c195294a4 + Revoked at: Thu Oct 17 13:20:20 UTC 2013 + Serial Number (hex): 1e7fee4684a47211b15aae9059f4e7f4 + Revoked at: Thu Oct 17 13:37:24 UTC 2013 + Serial Number (hex): 0091da6f034b2596564a46884f2f87b826 + Revoked at: Thu Oct 17 13:37:36 UTC 2013 + Serial Number (hex): 7b5e071cbb9c1205ec2cf818f2d67eca + Revoked at: Thu Oct 17 13:37:43 UTC 2013 + Serial Number (hex): 00ce968022ce610e97ceffe4f113298c79 + Revoked at: Thu Oct 17 14:55:44 UTC 2013 + Serial Number (hex): 536d002cc224810fcd0c9cf9c8562881 + Revoked at: Thu Oct 17 15:44:00 UTC 2013 + Serial Number (hex): 4a6911bcfe7db9f41ac4358e4ea424ea + Revoked at: Thu Oct 17 15:51:05 UTC 2013 + Serial Number (hex): 00b607495eab6f4f7397d3dc67773ceb1f + Revoked at: Thu Oct 17 16:26:00 UTC 2013 + Serial Number (hex): 142d13f31d021a8f881d7685cd9350d5 + Revoked at: Thu Oct 17 16:26:04 UTC 2013 + Serial Number (hex): 064aeebaabd1b12c94d4d89c6464d8e6 + Revoked at: Thu Oct 17 16:27:19 UTC 2013 + Serial Number (hex): 00ac29b5a30ab875376464b5ee80941e96 + Revoked at: Thu Oct 17 16:27:56 UTC 2013 + Serial Number (hex): 00cc58182266d1f5b733839dc9ef5aab77 + Revoked at: Thu Oct 17 16:28:00 UTC 2013 + Serial Number (hex): 00c7c7e0a9a1b6693c0091ac2b2944b179 + Revoked at: Thu Oct 17 16:34:27 UTC 2013 + Serial Number (hex): 00bd815da079318663f578bb74004a36b3 + Revoked at: Thu Oct 17 16:35:55 UTC 2013 + Serial Number (hex): 15de4dbe4a2f6f9982e2d03009673909 + Revoked at: Thu Oct 17 17:06:23 UTC 2013 + Serial Number (hex): 00e5e41fe3e6a9f81b89c4963c38583865 + Revoked at: Thu Oct 17 18:08:27 UTC 2013 + Serial Number (hex): 00ff9740f26364b053131e1b13edd0e452 + Revoked at: Thu Oct 17 18:11:31 UTC 2013 + Serial Number (hex): 512a5e572a7e8891d9e77bc8d48c3b01 + Revoked at: Thu Oct 17 18:12:33 UTC 2013 + Serial Number (hex): 31e6cbc5872f8bdc697cca49a2223d5e + Revoked at: Thu Oct 17 18:16:36 UTC 2013 + Serial Number (hex): 00e748d270f22c5efd356861bf80d643e0 + Revoked at: Thu Oct 17 18:17:12 UTC 2013 + Serial Number (hex): 0e0a0417e89fe2bb7ca735d83c1596e5 + Revoked at: Thu Oct 17 18:21:14 UTC 2013 + Serial Number (hex): 5b0f90208b466d0d3010d44706bfcf73 + Revoked at: Thu Oct 17 18:21:28 UTC 2013 + Serial Number (hex): 1566ac5b74b9ef365c172fe9caab6a55 + Revoked at: Thu Oct 17 18:23:48 UTC 2013 + Serial Number (hex): 1959b7867f64b75d4b140e504078d5dd + Revoked at: Thu Oct 17 20:45:54 UTC 2013 + Serial Number (hex): 45c55173da546120a9b2fcf642aec247 + Revoked at: Thu Oct 17 20:48:39 UTC 2013 + Serial Number (hex): 5a2fba83008e970a77c83a5e2621eb11 + Revoked at: Fri Oct 18 02:13:06 UTC 2013 + Serial Number (hex): 3d2337f90dbb20e15a6d5a944875c727 + Revoked at: Fri Oct 18 02:13:06 UTC 2013 + Serial Number (hex): 0086a4ea3c272d6d52a6597e10cecac278 + Revoked at: Fri Oct 18 13:31:51 UTC 2013 + Serial Number (hex): 00b3d5d580b264f6672af3f9f374a2eb54 + Revoked at: Fri Oct 18 14:25:43 UTC 2013 + Serial Number (hex): 3d338e1664606fb2a81b988694416218 + Revoked at: Fri Oct 18 14:26:04 UTC 2013 + Serial Number (hex): 45940296e5e7fe2dce4aabe02e20d725 + Revoked at: Fri Oct 18 15:34:07 UTC 2013 + Serial Number (hex): 3432579811dddff8209073f8c8ad7cb3 + Revoked at: Fri Oct 18 15:47:34 UTC 2013 + Serial Number (hex): 0080d06aab5f7f183f200cf6414ae2028c + Revoked at: Fri Oct 18 15:54:22 UTC 2013 + Serial Number (hex): 009efb6dbd67365f214a43eb94229c344c + Revoked at: Fri Oct 18 15:54:34 UTC 2013 + Serial Number (hex): 00ac5aa04a1fa88cf5e42c562014ee5bea + Revoked at: Fri Oct 18 16:28:31 UTC 2013 + Serial Number (hex): 00cc70a10cd32efdfd8aec584cde00fd29 + Revoked at: Fri Oct 18 16:39:56 UTC 2013 + Serial Number (hex): 00c2b3a0933a3a4ecb0fb9941f624ea38c + Revoked at: Fri Oct 18 16:40:03 UTC 2013 + Serial Number (hex): 02a3b33b2d47e28d3a93ba51452866d3 + Revoked at: Fri Oct 18 17:47:22 UTC 2013 + Serial Number (hex): 00ef77477c01756936d989212edb61bc99 + Revoked at: Fri Oct 18 18:19:02 UTC 2013 + Serial Number (hex): 00d12a0d738ba48f6216af64bda658d370 + Revoked at: Fri Oct 18 18:59:19 UTC 2013 + Serial Number (hex): 00f5995f65bdd6d51f920e32390843ae95 + Revoked at: Fri Oct 18 18:59:21 UTC 2013 + Serial Number (hex): 00d2d01d89ae172e16cf62c14ae0974ec8 + Revoked at: Fri Oct 18 18:59:27 UTC 2013 + Serial Number (hex): 37edab5f9266b780a731a18d32a445e7 + Revoked at: Fri Oct 18 20:14:59 UTC 2013 + Serial Number (hex): 5b490fdbc0624bbfca59c3d3b2ee9197 + Revoked at: Fri Oct 18 20:51:01 UTC 2013 + Serial Number (hex): 008efc8aaab9a793f2701f90bf73716d08 + Revoked at: Fri Oct 18 20:51:34 UTC 2013 + Serial Number (hex): 00f308d3dd950d384e2cfe69d6a43439eb + Revoked at: Fri Oct 18 21:17:07 UTC 2013 + Serial Number (hex): 00b31ac5848c65b80913529f32e146bb2c + Revoked at: Sun Oct 20 01:11:05 UTC 2013 + Serial Number (hex): 00c4a844dea700aa132ee4ae8e0e651b85 + Revoked at: Sun Oct 20 02:13:11 UTC 2013 + Serial Number (hex): 5b0f8e074e2be48475b395c679833df4 + Revoked at: Mon Oct 21 02:13:05 UTC 2013 + Serial Number (hex): 4b27bbd7a49c74690d23190a4618e34d + Revoked at: Mon Oct 21 09:52:06 UTC 2013 + Serial Number (hex): 76d0014d0e3b07a1a6f117ed2cce2071 + Revoked at: Mon Oct 21 09:52:36 UTC 2013 + Serial Number (hex): 00e397f31a59171ad5cc76111adb39cbb0 + Revoked at: Mon Oct 21 09:53:38 UTC 2013 + Serial Number (hex): 009ad562d6a40ae9db5c48d6ba4a999982 + Revoked at: Mon Oct 21 12:06:31 UTC 2013 + Serial Number (hex): 26eccaa0a9bfb7cc25ad8ead418dfcc6 + Revoked at: Mon Oct 21 14:03:22 UTC 2013 + Serial Number (hex): 70c25efdd79f85543395bfa1d7fc0d17 + Revoked at: Mon Oct 21 14:14:58 UTC 2013 + Serial Number (hex): 176c1688a817127419bb0a87a2dbda80 + Revoked at: Mon Oct 21 14:15:58 UTC 2013 + Serial Number (hex): 439d6611ef8aa15ac03ed2e41cb250ae + Revoked at: Mon Oct 21 16:06:57 UTC 2013 + Serial Number (hex): 2e76b3303e0b93a8b15be5234048ea73 + Revoked at: Mon Oct 21 16:48:17 UTC 2013 + Serial Number (hex): 6fa8135a570b03c4d9001b770a350db0 + Revoked at: Mon Oct 21 16:59:55 UTC 2013 + Serial Number (hex): 24878948780d5fb6cc8e8774cb3325be + Revoked at: Mon Oct 21 20:00:43 UTC 2013 + Serial Number (hex): 7d3a2db36b2d796b3cf915e5e2f329c9 + Revoked at: Mon Oct 21 20:00:57 UTC 2013 + Serial Number (hex): 3fc59330bcd7689aa4dca11f10f07d07 + Revoked at: Mon Oct 21 20:05:07 UTC 2013 + Serial Number (hex): 6e29a6a9f6d7ef0bba1eab1b20f7bd58 + Revoked at: Mon Oct 21 20:29:33 UTC 2013 + Serial Number (hex): 12bf7a9e7ee582cc98646bf1eb615c29 + Revoked at: Mon Oct 21 20:31:23 UTC 2013 + Serial Number (hex): 00e482ead00f6640f47e7a594ec49ab03b + Revoked at: Tue Oct 22 06:02:22 UTC 2013 + Serial Number (hex): 62f79e13d8b72dd424dfa158bea5180c + Revoked at: Tue Oct 22 09:31:03 UTC 2013 + Serial Number (hex): 00c839a497132acad865d31734989a11dc + Revoked at: Tue Oct 22 09:45:17 UTC 2013 + Serial Number (hex): 00c25069a97c6883b36bb85f5a2ad76761 + Revoked at: Tue Oct 22 09:56:28 UTC 2013 + Serial Number (hex): 0085b4e2f0c90f9da2e3db7e22588fc2b0 + Revoked at: Tue Oct 22 10:21:33 UTC 2013 + Serial Number (hex): 7448513b24ed7ca7613b388f343c3c64 + Revoked at: Tue Oct 22 10:34:35 UTC 2013 + Serial Number (hex): 09d8d8705268a3a71c5ab948956aae6b + Revoked at: Tue Oct 22 13:53:25 UTC 2013 + Serial Number (hex): 4d39a55a455fa3b22007c9f3c1401a27 + Revoked at: Tue Oct 22 15:48:07 UTC 2013 + Serial Number (hex): 00a87e8467512671658e99107d889e0adc + Revoked at: Tue Oct 22 16:04:07 UTC 2013 + Serial Number (hex): 00de576a777b6a1c2f08e5542aedb32162 + Revoked at: Tue Oct 22 16:04:59 UTC 2013 + Serial Number (hex): 16424101be5f896a0c7cdbaed67a8b8f + Revoked at: Tue Oct 22 16:05:32 UTC 2013 + Serial Number (hex): 3244f8474429936185e72e1db82c44c7 + Revoked at: Tue Oct 22 16:38:40 UTC 2013 + Serial Number (hex): 00ba1a6c03557e91a488970dc785dace7a + Revoked at: Tue Oct 22 16:55:48 UTC 2013 + Serial Number (hex): 18093f8f996ab9e745b017278afa9625 + Revoked at: Tue Oct 22 17:00:18 UTC 2013 + Serial Number (hex): 00eca475d7f9a788a0117bc662a5383526 + Revoked at: Tue Oct 22 17:01:33 UTC 2013 + Serial Number (hex): 00ce554fca5026a41b8b3ce2e0b05487be + Revoked at: Tue Oct 22 17:06:49 UTC 2013 + Serial Number (hex): 00c297863e60fe54e06ea032be52516571 + Revoked at: Tue Oct 22 17:07:14 UTC 2013 + Serial Number (hex): 00b1860842ff70b663bc4355d295459a0e + Revoked at: Tue Oct 22 17:48:48 UTC 2013 + Serial Number (hex): 00c8b0899fd98e2b92a2896f27c979fda0 + Revoked at: Tue Oct 22 19:33:29 UTC 2013 + Serial Number (hex): 5d09fe1cbeeecaa0970fd00eb36251c3 + Revoked at: Tue Oct 22 19:42:42 UTC 2013 + Serial Number (hex): 00af67d066fc3bf0079bfdc52f0c8caa42 + Revoked at: Tue Oct 22 19:47:57 UTC 2013 + Serial Number (hex): 4db21e810b4353401312bdc373d2109a + Revoked at: Tue Oct 22 23:11:24 UTC 2013 + Serial Number (hex): 00e0bc873527127169078f510a36aaa5a8 + Revoked at: Tue Oct 22 23:11:31 UTC 2013 + Serial Number (hex): 00e4a2581d5da0d936c3305e8b3d22ec90 + Revoked at: Tue Oct 22 23:11:38 UTC 2013 + Serial Number (hex): 0097f68ae3e480de125e7b6c30fdc490c9 + Revoked at: Wed Oct 23 07:15:46 UTC 2013 + Serial Number (hex): 009020f3e73ac508d9bc2611693da31261 + Revoked at: Wed Oct 23 08:01:41 UTC 2013 + Serial Number (hex): 00d4aac11afe2fe4a573dce9704a9f067c + Revoked at: Wed Oct 23 08:02:02 UTC 2013 + Serial Number (hex): 622f3fede37233d70e0783641be9d676 + Revoked at: Wed Oct 23 08:06:09 UTC 2013 + Serial Number (hex): 479daa3fa195a64c7094d221cb1b84f6 + Revoked at: Wed Oct 23 15:04:31 UTC 2013 + Serial Number (hex): 00e07ce9ecf870e90791256d120639d858 + Revoked at: Wed Oct 23 15:14:29 UTC 2013 + Serial Number (hex): 12dc0edc6cea18e258cd191d8e680aef + Revoked at: Wed Oct 23 15:35:24 UTC 2013 + Serial Number (hex): 076fb34ad15d03f22250a7dcbabacd21 + Revoked at: Wed Oct 23 17:07:21 UTC 2013 + Serial Number (hex): 00bdcca56969c0a4b88997e542163d7fd9 + Revoked at: Wed Oct 23 17:48:51 UTC 2013 + Serial Number (hex): 66bce520b6f88ba9b1e450abbc8080e3 + Revoked at: Wed Oct 23 18:48:20 UTC 2013 + Serial Number (hex): 0094c53d4467a9218ef9df608e67b4bb46 + Revoked at: Wed Oct 23 18:53:12 UTC 2013 + Serial Number (hex): 5e1f0212c715cb0d48537826cd864877 + Revoked at: Wed Oct 23 20:19:38 UTC 2013 + Serial Number (hex): 0bc08c82c4c7f791e8d107b9a66b5bba + Revoked at: Wed Oct 23 20:49:09 UTC 2013 + Serial Number (hex): 5292221b7f283963481fb854a1d901a1 + Revoked at: Wed Oct 23 21:16:23 UTC 2013 + Serial Number (hex): 2bc95040aa3805d2d2e6a5c514b17000 + Revoked at: Thu Oct 24 09:24:20 UTC 2013 + Serial Number (hex): 080d0ba21b8aa6492e5f6a3063bf42ec + Revoked at: Thu Oct 24 11:31:04 UTC 2013 + Serial Number (hex): 12752229f1c5c1b1d3c2187bf11cef7e + Revoked at: Thu Oct 24 12:15:58 UTC 2013 + Serial Number (hex): 00cdabbc17da95b2ba7b1d4ce3d5c7f6a7 + Revoked at: Thu Oct 24 12:17:13 UTC 2013 + Serial Number (hex): 1634de213142960b9773170b3ec88d0e + Revoked at: Thu Oct 24 12:17:30 UTC 2013 + Serial Number (hex): 7439a2c7b8c8c14f6dd10577ca3f8517 + Revoked at: Thu Oct 24 12:17:59 UTC 2013 + Serial Number (hex): 009b15cdc5faf46adc623cef067e7a0d0f + Revoked at: Thu Oct 24 14:42:57 UTC 2013 + Serial Number (hex): 6a1d622d413e0d859dd6364cffef1687 + Revoked at: Thu Oct 24 14:43:09 UTC 2013 + Serial Number (hex): 4f3d464230d783a9d823ffeb5ed9b769 + Revoked at: Thu Oct 24 14:56:51 UTC 2013 + Serial Number (hex): 00c67ce7524dfa22c0be2894a2624bc424 + Revoked at: Thu Oct 24 15:58:42 UTC 2013 + Serial Number (hex): 00bcbcd530a5138dc6246ab1089279507d + Revoked at: Thu Oct 24 15:59:13 UTC 2013 + Serial Number (hex): 0089416ba0a3191cd2c866fa30acfbffe8 + Revoked at: Thu Oct 24 16:23:03 UTC 2013 + Serial Number (hex): 2667316cefa6d43c81b93908222b5a61 + Revoked at: Thu Oct 24 16:34:16 UTC 2013 + Serial Number (hex): 1cc724660cbeddf58a10a85f8e217c9f + Revoked at: Thu Oct 24 16:58:59 UTC 2013 + Serial Number (hex): 00a12f48f2082e29307c350e78c581cccc + Revoked at: Thu Oct 24 18:08:00 UTC 2013 + Serial Number (hex): 0090fd602640f828d1dcc261b321f8c2fc + Revoked at: Thu Oct 24 18:11:21 UTC 2013 + Serial Number (hex): 22eeeb55db74e855390e46e0241fb772 + Revoked at: Thu Oct 24 19:26:46 UTC 2013 + Serial Number (hex): 00c0fd6bc03c1758e6631193a46343048e + Revoked at: Thu Oct 24 19:51:16 UTC 2013 + Serial Number (hex): 2219b85c77b4b95bb2ac98c7d6048929 + Revoked at: Fri Oct 25 01:32:04 UTC 2013 + Serial Number (hex): 3a690b798de7260b0467a1506486e965 + Revoked at: Fri Oct 25 08:40:55 UTC 2013 + Serial Number (hex): 00bee3afd04c4bcb1deb16f6922cf9b493 + Revoked at: Fri Oct 25 11:21:52 UTC 2013 + Serial Number (hex): 00b3fd7ac3273c6b524c23feb6cf235e2b + Revoked at: Fri Oct 25 11:29:32 UTC 2013 + Serial Number (hex): 00a06c2ae2a64feabf6cb74122d2c3dede + Revoked at: Fri Oct 25 13:07:30 UTC 2013 + Serial Number (hex): 009afdf43ba4d4ff50986b021f43a4777a + Revoked at: Fri Oct 25 13:44:47 UTC 2013 + Serial Number (hex): 5a257d98f55aabf832e26417155110cc + Revoked at: Fri Oct 25 14:27:24 UTC 2013 + Serial Number (hex): 20c6e9f5e02e80e2258164d7ab0bca34 + Revoked at: Fri Oct 25 15:51:12 UTC 2013 + Serial Number (hex): 29be77e4abb2e894668c902ce610dc60 + Revoked at: Fri Oct 25 15:56:52 UTC 2013 + Serial Number (hex): 143d24575acc23ec4a769678194f3889 + Revoked at: Fri Oct 25 18:35:24 UTC 2013 + Serial Number (hex): 711702d11bee85822de5efd0d380a413 + Revoked at: Fri Oct 25 18:37:36 UTC 2013 + Serial Number (hex): 5661e8acf524a4c02e5f73d837617a78 + Revoked at: Fri Oct 25 18:41:59 UTC 2013 + Serial Number (hex): 00f895bcaf4a36cc6a4cbc34eb768b0585 + Revoked at: Fri Oct 25 19:23:33 UTC 2013 + Serial Number (hex): 00cf9a40c8a11526f484883a72e281f44b + Revoked at: Fri Oct 25 19:30:06 UTC 2013 + Serial Number (hex): 1beb4a751eed58aefc3a4bd7d0237097 + Revoked at: Fri Oct 25 19:32:03 UTC 2013 + Serial Number (hex): 5ece100ae350d2bd2d8c3e5c6962778a + Revoked at: Fri Oct 25 20:06:49 UTC 2013 + Serial Number (hex): 6f9b662f8f796c29f8326e41e6f6d8b7 + Revoked at: Fri Oct 25 21:22:34 UTC 2013 + Serial Number (hex): 3e7127074d2a918788a6cd5ea7a9bd32 + Revoked at: Fri Oct 25 21:45:15 UTC 2013 + Serial Number (hex): 5664fd997049d956b6154c4f8e69c3f1 + Revoked at: Sat Oct 26 02:13:05 UTC 2013 + Serial Number (hex): 0991cbf3b3bbb4bb4dc43a5ba2d9d8ca + Revoked at: Sun Oct 27 02:13:09 UTC 2013 + Serial Number (hex): 3d49523382b2cf88d8b16301ac608ebc + Revoked at: Mon Oct 28 04:09:21 UTC 2013 + Serial Number (hex): 0be9dab5b3de40059de26aab96b3a358 + Revoked at: Mon Oct 28 04:10:20 UTC 2013 + Serial Number (hex): 2df3b5257330bb961d19c343380c60f4 + Revoked at: Mon Oct 28 10:17:43 UTC 2013 + Serial Number (hex): 48c7412e31cba33cf95a973b50293c42 + Revoked at: Mon Oct 28 12:24:53 UTC 2013 + Serial Number (hex): 762fa493407663754b647ac69585588c + Revoked at: Mon Oct 28 13:20:42 UTC 2013 + Serial Number (hex): 0080df0c6c79b58751eb148fdd5b0abbbb + Revoked at: Mon Oct 28 13:35:24 UTC 2013 + Serial Number (hex): 3612dd709255babab9d45bf3af7ec881 + Revoked at: Mon Oct 28 14:10:13 UTC 2013 + Serial Number (hex): 00b82aa06a979f02bebab5288af645c271 + Revoked at: Mon Oct 28 14:16:39 UTC 2013 + Serial Number (hex): 0092b20e4a4e0db7a39c6efb01ab52b9a9 + Revoked at: Mon Oct 28 14:52:53 UTC 2013 + Serial Number (hex): 08cdb7fa39901c8bd636857a52dde221 + Revoked at: Mon Oct 28 14:59:32 UTC 2013 + Serial Number (hex): 0080e3cdc28810e2dd2fb263da4a8390b2 + Revoked at: Mon Oct 28 15:04:29 UTC 2013 + Serial Number (hex): 008de0b6299702b8440fc780b20867887e + Revoked at: Mon Oct 28 15:04:52 UTC 2013 + Serial Number (hex): 00b7d4e234b442604e0c3a18511cdc4d8a + Revoked at: Mon Oct 28 17:02:14 UTC 2013 + Serial Number (hex): 068d4bb25f2735933afbe0fad4443ae0 + Revoked at: Mon Oct 28 18:09:03 UTC 2013 + Serial Number (hex): 00e9b2af82d36b7d29b18de08d8b989d04 + Revoked at: Mon Oct 28 19:05:02 UTC 2013 + Serial Number (hex): 6c8bc144a8a7a6e7088427f61273416c + Revoked at: Mon Oct 28 19:07:07 UTC 2013 + Serial Number (hex): 5e6d0ab696e750fb710dec4e2ae8b15b + Revoked at: Tue Oct 29 00:23:29 UTC 2013 + Serial Number (hex): 0081c9235804162d754d2862794fbc8b18 + Revoked at: Tue Oct 29 01:45:34 UTC 2013 + Serial Number (hex): 00ddf3e5ec279cc24751d50256b4f85fc5 + Revoked at: Tue Oct 29 12:55:55 UTC 2013 + Serial Number (hex): 3a774e5529d53bba15aabeced1d8b809 + Revoked at: Tue Oct 29 13:15:21 UTC 2013 + Serial Number (hex): 0084b9f865c7092559e04edecb3be4c19b + Revoked at: Tue Oct 29 13:25:11 UTC 2013 + Serial Number (hex): 6f11a12e44e5dcd3720e5001e9c00316 + Revoked at: Tue Oct 29 14:10:26 UTC 2013 + Serial Number (hex): 7e4a8bff36f41caa83fe1943c1b78893 + Revoked at: Tue Oct 29 14:22:43 UTC 2013 + Serial Number (hex): 526bbb58300acad295ce04389cd04834 + Revoked at: Tue Oct 29 15:02:14 UTC 2013 + Serial Number (hex): 00c142cf388c8c68720daf7357f56b2672 + Revoked at: Tue Oct 29 15:57:56 UTC 2013 + Serial Number (hex): 00c8f5a2cb297ad3e90696396176806c20 + Revoked at: Tue Oct 29 16:10:11 UTC 2013 + Serial Number (hex): 009bf238b61e509e1d42aa842def1f0c5a + Revoked at: Tue Oct 29 16:13:02 UTC 2013 + Serial Number (hex): 00880abf73863e7f97c08c5f554c903a3e + Revoked at: Tue Oct 29 16:36:09 UTC 2013 + Serial Number (hex): 5b990e9b2a999e127ebaf4835bd241ec + Revoked at: Tue Oct 29 16:36:37 UTC 2013 + Serial Number (hex): 59f40c985031d05cb7b386f08959e638 + Revoked at: Tue Oct 29 16:37:03 UTC 2013 + Serial Number (hex): 1b234b500bd03ecff280ec0a9ca205c7 + Revoked at: Tue Oct 29 16:54:32 UTC 2013 + Serial Number (hex): 41140177dd629253b204c322bbef8876 + Revoked at: Tue Oct 29 18:38:58 UTC 2013 + Serial Number (hex): 0d62b1cc2a67c5a7223e8896353d9949 + Revoked at: Tue Oct 29 19:47:33 UTC 2013 + Serial Number (hex): 00801c6603fb87dce12445c031bb6464 + Revoked at: Tue Oct 29 19:55:16 UTC 2013 + Serial Number (hex): 0088758779bdefdd0ab6954502fb17ed2e + Revoked at: Tue Oct 29 19:56:57 UTC 2013 + Serial Number (hex): 1a78c7abd0db71d7453dc5b5a21b582f + Revoked at: Tue Oct 29 20:38:43 UTC 2013 + Serial Number (hex): 03fddc99548a6dddfc62cccb3b75d97f + Revoked at: Tue Oct 29 20:44:46 UTC 2013 + Serial Number (hex): 2610b67ebae9270070448a97871ec44c + Revoked at: Tue Oct 29 20:45:34 UTC 2013 + Serial Number (hex): 00bfb0ba45169127168b32973063d509b2 + Revoked at: Tue Oct 29 20:57:57 UTC 2013 + Serial Number (hex): 581129c93c0d8db83154ee798977dd80 + Revoked at: Tue Oct 29 21:50:34 UTC 2013 + Serial Number (hex): 00e4b2e976a932a14eb054cc3d429f363b + Revoked at: Wed Oct 30 01:31:03 UTC 2013 + Serial Number (hex): 008c913580079d9a79f1dcc9bccb94d1fe + Revoked at: Wed Oct 30 12:28:36 UTC 2013 + Serial Number (hex): 008b9cf5f48e362e6a11a7cfa6ecaed277 + Revoked at: Wed Oct 30 12:53:02 UTC 2013 + Serial Number (hex): 5320c04c7a1aa76b2fb503e64e0320b3 + Revoked at: Wed Oct 30 13:12:29 UTC 2013 + Serial Number (hex): 00dd89a4cc8d958e6a891bb6a8904330e0 + Revoked at: Wed Oct 30 13:12:54 UTC 2013 + Serial Number (hex): 008bfd3da8efa3f66126adc94537956b99 + Revoked at: Wed Oct 30 13:50:30 UTC 2013 + Serial Number (hex): 20eca501870d296d8650d3482db25c + Revoked at: Wed Oct 30 14:00:27 UTC 2013 + Serial Number (hex): 3715f7262fba95d78024033ee76a943a + Revoked at: Wed Oct 30 14:10:18 UTC 2013 + Serial Number (hex): 00e364101c67c670b8292a5aea76e1c307 + Revoked at: Wed Oct 30 14:30:12 UTC 2013 + Serial Number (hex): 7cbcbf95bd3d94ee542ea0161b79d25d + Revoked at: Wed Oct 30 14:30:26 UTC 2013 + Serial Number (hex): 00e152edaa1d55ea25c66e54d8dbd31a00 + Revoked at: Wed Oct 30 14:30:39 UTC 2013 + Serial Number (hex): 00942c6d1e5edd79822e7cfd32f085135b + Revoked at: Wed Oct 30 14:30:51 UTC 2013 + Serial Number (hex): 00a1382bfda8c2ac3e2985a24c0e7e27c4 + Revoked at: Wed Oct 30 14:31:07 UTC 2013 + Serial Number (hex): 7ffed66919171032beff191e432be167 + Revoked at: Wed Oct 30 14:34:19 UTC 2013 + Serial Number (hex): 5d9041805872e4be7bbb82d843e60156 + Revoked at: Wed Oct 30 16:19:09 UTC 2013 + Serial Number (hex): 0084c626f66451b8fb0b1330265ca6deaa + Revoked at: Wed Oct 30 16:21:59 UTC 2013 + Serial Number (hex): 3b760511f62fd56251b4a19990024a34 + Revoked at: Wed Oct 30 16:22:54 UTC 2013 + Serial Number (hex): 00fde544231d40bda5b5cc17ecfb33420c + Revoked at: Wed Oct 30 16:23:37 UTC 2013 + Serial Number (hex): 3fed5f484a7780d7e501a7b98640049a + Revoked at: Wed Oct 30 16:37:05 UTC 2013 + Serial Number (hex): 00c2c8449826524ac0d558b533219d6393 + Revoked at: Wed Oct 30 16:42:49 UTC 2013 + Serial Number (hex): 4eaf8881e7aede301866de0edbb7be17 + Revoked at: Wed Oct 30 18:02:09 UTC 2013 + Serial Number (hex): 009c3d0dd14232f7807b720c151006de2b + Revoked at: Wed Oct 30 18:23:00 UTC 2013 + Serial Number (hex): 4223a43c049e333ad5f7dae99f6595e9 + Revoked at: Wed Oct 30 18:44:42 UTC 2013 + Serial Number (hex): 00e704514d89e8e049b3bd26bdd7c97136 + Revoked at: Wed Oct 30 19:19:17 UTC 2013 + Serial Number (hex): 00824e7a252b25615ba30a699f9d0a21b5 + Revoked at: Wed Oct 30 19:48:38 UTC 2013 + Serial Number (hex): 5d4d8d4fbe3f1586eceec3bac4e8549e + Revoked at: Wed Oct 30 20:14:46 UTC 2013 + Serial Number (hex): 009501920e2557819c2539ff752e4863f7 + Revoked at: Wed Oct 30 20:19:43 UTC 2013 + Serial Number (hex): 00c1ca63092dbd93f1c473ee8c08bf0305 + Revoked at: Wed Oct 30 20:27:12 UTC 2013 + Serial Number (hex): 00fd9e4279ee32fea3874b267412be4346 + Revoked at: Thu Oct 31 11:36:17 UTC 2013 + Serial Number (hex): 028b92a0ab77344f93ece52730cde881 + Revoked at: Thu Oct 31 12:57:08 UTC 2013 + Serial Number (hex): 00c011f7793b0297d67138217fa83f7009 + Revoked at: Thu Oct 31 14:28:20 UTC 2013 + Serial Number (hex): 785d991818851194f6affba7b1124531 + Revoked at: Thu Oct 31 15:07:35 UTC 2013 + Serial Number (hex): 415cb185f4ae85089d035b1ef9070e04 + Revoked at: Thu Oct 31 16:28:36 UTC 2013 + Serial Number (hex): 00e070f37674275819d3d0d8e868ff429a + Revoked at: Thu Oct 31 17:18:15 UTC 2013 + Serial Number (hex): 00d8b70d291fcefa670c4dbf4804bad28c + Revoked at: Thu Oct 31 17:35:57 UTC 2013 + Serial Number (hex): 00c28f3aa9eec9e4888f98925b6e8b2692 + Revoked at: Thu Oct 31 20:20:14 UTC 2013 + Serial Number (hex): 00e859f8db1b7311ef063a7ab72d10cba8 + Revoked at: Thu Oct 31 21:37:17 UTC 2013 + Serial Number (hex): 0f61ae0716d388df529d7d3628f540f0 + Revoked at: Fri Nov 01 02:13:03 UTC 2013 + Serial Number (hex): 00dcb0e4ee87288de7af7a9989a71c2850 + Revoked at: Fri Nov 01 12:45:49 UTC 2013 + Serial Number (hex): 19113d4d2499a7cf6d141cdfcb7a5edb + Revoked at: Fri Nov 01 12:57:00 UTC 2013 + Serial Number (hex): 00a31afd13c7866d03fbf9b595ae6eb3b0 + Revoked at: Fri Nov 01 13:19:45 UTC 2013 + Serial Number (hex): 0f2a5f0f05fc8f9ba451c28fdb5a4366 + Revoked at: Fri Nov 01 15:05:45 UTC 2013 + Serial Number (hex): 3749746569511cc04c5cba9710f01566 + Revoked at: Fri Nov 01 16:13:00 UTC 2013 + Serial Number (hex): 008b565c5827500966c18c992d117b9304 + Revoked at: Fri Nov 01 16:17:23 UTC 2013 + Serial Number (hex): 1bbe0aaa3693339668e4fcbd3230b676 + Revoked at: Fri Nov 01 17:44:01 UTC 2013 + Serial Number (hex): 5592477ec3ea114df85d197c4898b722 + Revoked at: Fri Nov 01 18:23:54 UTC 2013 + Serial Number (hex): 08018fab3553e17142c21326aba1add7 + Revoked at: Fri Nov 01 19:10:07 UTC 2013 + Serial Number (hex): 38f11bf0bc2806a7aac7de206f3a0c55 + Revoked at: Fri Nov 01 19:10:11 UTC 2013 + Serial Number (hex): 5830dfd78ec76d8c0e18aa218f715fcb + Revoked at: Fri Nov 01 19:13:24 UTC 2013 + Serial Number (hex): 1b521cf278b4c93cc871072dc92365e5 + Revoked at: Fri Nov 01 19:14:41 UTC 2013 + Serial Number (hex): 0089f4f955effb239689863a3e4a6e175c + Revoked at: Fri Nov 01 19:21:42 UTC 2013 + Serial Number (hex): 6acb031c9465a76149bfd7f91d8858dc + Revoked at: Fri Nov 01 19:28:13 UTC 2013 + Serial Number (hex): 1f30c874ef0343910ffaec790694ba98 + Revoked at: Fri Nov 01 19:28:23 UTC 2013 + Serial Number (hex): 00db89e3b87eb41fe180011d4b71d44cca + Revoked at: Fri Nov 01 19:28:31 UTC 2013 + Serial Number (hex): 3a81daa38da3c5687fe506fbc9ef73b1 + Revoked at: Fri Nov 01 19:42:12 UTC 2013 + Serial Number (hex): 156579406f64b6da0ca231171d4a26f0 + Revoked at: Fri Nov 01 19:43:01 UTC 2013 + Serial Number (hex): 0686bd3c0464a8c4f3735f865e8599eb + Revoked at: Fri Nov 01 19:46:27 UTC 2013 + Serial Number (hex): 008e9604e52634fe8807880efbd934d09b + Revoked at: Fri Nov 01 19:47:38 UTC 2013 + Serial Number (hex): 3124eb9a9a556cc08fe45da9ad96d64a + Revoked at: Fri Nov 01 19:55:21 UTC 2013 + Serial Number (hex): 47597fb71c9756244767635ac1fd11ab + Revoked at: Sat Nov 02 02:13:05 UTC 2013 + Serial Number (hex): 0090eb581e213ebe8580522586f7b2635f + Revoked at: Sat Nov 02 12:18:03 UTC 2013 + Serial Number (hex): 50261629e4cb8316683c0fb745c90016 + Revoked at: Sat Nov 02 12:18:16 UTC 2013 + Serial Number (hex): 00d0c246da335c720294228238c9d299ed + Revoked at: Sat Nov 02 12:18:40 UTC 2013 + Serial Number (hex): 0099cccb7fccb3f54aadaa9b8c166ee07a + Revoked at: Sat Nov 02 12:18:53 UTC 2013 + Serial Number (hex): 00990aee312d9aa597cfb1971560d3929a + Revoked at: Sat Nov 02 12:19:02 UTC 2013 + Serial Number (hex): 379ec7690001cdef9101bc7ccde73acd + Revoked at: Sat Nov 02 12:19:24 UTC 2013 + Serial Number (hex): 494ebc05858892aea90066847a497963 + Revoked at: Sat Nov 02 12:19:52 UTC 2013 + Serial Number (hex): 0093b2360e3e2a728d02b1133013404aa6 + Revoked at: Sun Nov 03 04:04:38 UTC 2013 + Serial Number (hex): 01a38a48ba05b84b65cdc5b9206f5d5c + Revoked at: Sun Nov 03 14:20:10 UTC 2013 + Serial Number (hex): 25a78942d65ef95ceff5c485a95d72a0 + Revoked at: Mon Nov 04 14:42:30 UTC 2013 + Serial Number (hex): 00a2222ea3d5477e0220b76ef4ab4493f8 + Revoked at: Mon Nov 04 15:46:11 UTC 2013 + Serial Number (hex): 00a5750fee408224f283723e52275a8c89 + Revoked at: Mon Nov 04 15:47:57 UTC 2013 + Serial Number (hex): 00fb95fd9161313ab4417dca158c77097c + Revoked at: Mon Nov 04 16:21:20 UTC 2013 + Serial Number (hex): 00eb8311011c6cf32d12359a621d014261 + Revoked at: Mon Nov 04 16:49:01 UTC 2013 + Serial Number (hex): 4a42f270f8c35fac1dbcc581ced3eb70 + Revoked at: Mon Nov 04 17:32:55 UTC 2013 + Serial Number (hex): 12f89de031d7f350e167304d1c8f27ab + Revoked at: Mon Nov 04 17:42:52 UTC 2013 + Serial Number (hex): 0dac133cba3ca6a9fc1b0bbe17200b2d + Revoked at: Mon Nov 04 17:56:30 UTC 2013 + Serial Number (hex): 00afcecd3327d8bc0e74232d0dd224fded + Revoked at: Mon Nov 04 17:57:27 UTC 2013 + Serial Number (hex): 00c7645a092812efb8582701d3e0ff75ea + Revoked at: Mon Nov 04 18:21:41 UTC 2013 + Serial Number (hex): 248fa7cf50ecd09aa4583a63f9c32616 + Revoked at: Mon Nov 04 19:09:29 UTC 2013 + Serial Number (hex): 00dc625f62d0ded3e2c29a1a157268dcb2 + Revoked at: Mon Nov 04 19:33:57 UTC 2013 + Serial Number (hex): 48aa2e43faf1790ab8cc17b28d3caf02 + Revoked at: Mon Nov 04 20:42:17 UTC 2013 + Serial Number (hex): 34a1105fbb74c1b6434e401cda6d5801 + Revoked at: Mon Nov 04 21:34:23 UTC 2013 + Serial Number (hex): 14479e057b8f03528bf8f44bee003dc9 + Revoked at: Mon Nov 04 21:42:07 UTC 2013 + Serial Number (hex): 00f1ce867c5f9e4f1ad39d80d36789dc6f + Revoked at: Tue Nov 05 06:42:28 UTC 2013 + Serial Number (hex): 00979eea1315fad7dd7f46ae33a03498c1 + Revoked at: Tue Nov 05 06:42:48 UTC 2013 + Serial Number (hex): 5d2a61ca87829de57484209704530809 + Revoked at: Tue Nov 05 08:15:26 UTC 2013 + Serial Number (hex): 5e25e7e1a3f3a49fa2a758c88ac53558 + Revoked at: Tue Nov 05 14:00:45 UTC 2013 + Serial Number (hex): 0083f198407b1cbdb527cf3402a90da358 + Revoked at: Tue Nov 05 14:36:19 UTC 2013 + Serial Number (hex): 26c94542a1c0b68d1ddfe02f49599639 + Revoked at: Tue Nov 05 15:33:31 UTC 2013 + Serial Number (hex): 009720f54cdaed0db2856416b9d8d95ad7 + Revoked at: Tue Nov 05 15:59:04 UTC 2013 + Serial Number (hex): 00fccd621886892b778172c20010b2653c + Revoked at: Tue Nov 05 15:59:16 UTC 2013 + Serial Number (hex): 00f57d89579ce712b1fe9ddabe9c29010c + Revoked at: Tue Nov 05 18:23:09 UTC 2013 + Serial Number (hex): 009f8c51db967a37d9a47047ce2613d1e2 + Revoked at: Tue Nov 05 18:37:20 UTC 2013 + Serial Number (hex): 009be7b781afa021fca9bd221e799be614 + Revoked at: Tue Nov 05 20:05:36 UTC 2013 + Serial Number (hex): 0085d3393a2596170e2c34c7ce706f9e72 + Revoked at: Tue Nov 05 20:05:59 UTC 2013 + Serial Number (hex): 02fb2f35586a3a5cc729ebb8738f8e40 + Revoked at: Tue Nov 05 20:13:06 UTC 2013 + Serial Number (hex): 4f75cbe91ba2b3ecf2827c1c8326abb0 + Revoked at: Tue Nov 05 20:48:47 UTC 2013 + Serial Number (hex): 00eb9e7714f076bea70c4eec07311ca508 + Revoked at: Tue Nov 05 20:49:00 UTC 2013 + Serial Number (hex): 27b4ed301a11eda2e50b5467144ff442 + Revoked at: Tue Nov 05 20:58:48 UTC 2013 + Serial Number (hex): 67ef7fbbedb2017d06c15228604ab0d2 + Revoked at: Tue Nov 05 21:10:32 UTC 2013 + Serial Number (hex): 00a498ac5b3a5bc2cb1dc9da70539c5290 + Revoked at: Tue Nov 05 21:10:46 UTC 2013 + Serial Number (hex): 009866ade33da2087f9cee7e6e3c787b92 + Revoked at: Tue Nov 05 21:17:43 UTC 2013 + Serial Number (hex): 008dd31ebef2a47d29acdffdda136b4ec9 + Revoked at: Wed Nov 06 02:13:03 UTC 2013 + Serial Number (hex): 00bd21a9a99e4b9600189da4df82647477 + Revoked at: Wed Nov 06 09:38:42 UTC 2013 + Serial Number (hex): 00e0e35b4028d0bfe32afcf94810e04edb + Revoked at: Wed Nov 06 11:34:05 UTC 2013 + Serial Number (hex): 00c200d7c71bdf50f4a7a6b4870d712be1 + Revoked at: Wed Nov 06 12:03:52 UTC 2013 + Serial Number (hex): 00bf705c4e852cbd23b3361694bdc6d931 + Revoked at: Wed Nov 06 13:15:16 UTC 2013 + Serial Number (hex): 76adb2d0374acc995a7f6079b2f65456 + Revoked at: Wed Nov 06 13:19:00 UTC 2013 + Serial Number (hex): 3cdcd3934ef3df96ac84f26ad21267dd + Revoked at: Wed Nov 06 15:04:45 UTC 2013 + Serial Number (hex): 606b7ba8018d419f92840d52497954c1 + Revoked at: Wed Nov 06 15:21:31 UTC 2013 + Serial Number (hex): 00aa309bc00b8e98bc72c61da183ef198f + Revoked at: Wed Nov 06 15:21:45 UTC 2013 + Serial Number (hex): 36d0bb2a426c74a76f345d68ad439174 + Revoked at: Wed Nov 06 15:22:32 UTC 2013 + Serial Number (hex): 00a7a37945f6726b6f0ee9a1b547ac65cc + Revoked at: Wed Nov 06 15:22:45 UTC 2013 + Serial Number (hex): 00b601270454f2756362efb13d5e37b0d5 + Revoked at: Wed Nov 06 15:22:57 UTC 2013 + Serial Number (hex): 331240790042f063b9cf8bc4845e9cb3 + Revoked at: Wed Nov 06 15:23:14 UTC 2013 + Serial Number (hex): 28dbbc7f9ac836e4575f83721b6b2e96 + Revoked at: Wed Nov 06 15:23:27 UTC 2013 + Serial Number (hex): 3114f4053df9c2141cef0d603662e136 + Revoked at: Wed Nov 06 15:23:46 UTC 2013 + Serial Number (hex): 00ee5b4ef8b3eac78faa36ebd1c4fd9dab + Revoked at: Wed Nov 06 16:03:26 UTC 2013 + Serial Number (hex): 00af409464dcd0e32ba60a3bdf10ec1ada + Revoked at: Wed Nov 06 16:47:46 UTC 2013 + Serial Number (hex): 6c82d0fefdd44da9d3a8f10d0c7762eb + Revoked at: Wed Nov 06 17:52:50 UTC 2013 + Serial Number (hex): 7cb1a52fc39d84f2c397dc6ce69acb83 + Revoked at: Wed Nov 06 18:06:12 UTC 2013 + Serial Number (hex): 00de06b588123a43cf1725b4f8213a2733 + Revoked at: Wed Nov 06 18:08:49 UTC 2013 + Serial Number (hex): 4adf8f58080f0188f15a44928224a58e + Revoked at: Wed Nov 06 18:18:18 UTC 2013 + Serial Number (hex): 468eefb10d45bd334e9809f61290ca06 + Revoked at: Wed Nov 06 18:20:40 UTC 2013 + Serial Number (hex): 3a6002010ff5ca33dddf72cae138c67e + Revoked at: Wed Nov 06 18:46:51 UTC 2013 + Serial Number (hex): 00d713f01bcf75c0c32e688326cb24e90a + Revoked at: Wed Nov 06 19:36:46 UTC 2013 + Serial Number (hex): 00c164e48aae1a627711ccbc4fa0e488ab + Revoked at: Wed Nov 06 19:42:40 UTC 2013 + Serial Number (hex): 00f85ca123c964d198f177f3b8beb2efbf + Revoked at: Wed Nov 06 23:08:29 UTC 2013 + Serial Number (hex): 43b9847069a5eaba798c5b981ba0da0f + Revoked at: Thu Nov 07 12:39:29 UTC 2013 + Serial Number (hex): 00e449de96d5f7f15149d35a6561a80b12 + Revoked at: Thu Nov 07 13:48:58 UTC 2013 + Serial Number (hex): 3cc84968eb9ebc838682618a72cc93db + Revoked at: Thu Nov 07 13:54:49 UTC 2013 + Serial Number (hex): 00fbf19948f31fce3f277c097c3efb4363 + Revoked at: Thu Nov 07 14:24:47 UTC 2013 + Serial Number (hex): 691034db7b8f1dcd2c64bd7030b1c1d6 + Revoked at: Thu Nov 07 16:24:07 UTC 2013 + Serial Number (hex): 00e78ac301dce1436a8910ebcc0850310b + Revoked at: Thu Nov 07 17:06:09 UTC 2013 + Serial Number (hex): 1c184119673d12d22879bd00face8849 + Revoked at: Thu Nov 07 17:27:40 UTC 2013 + Serial Number (hex): 7c95b927abcc1be5e7c7228926598e63 + Revoked at: Thu Nov 07 18:12:29 UTC 2013 + Serial Number (hex): 0088c1ad288d3365d9ca6b22f3fde0cc9f + Revoked at: Thu Nov 07 19:33:03 UTC 2013 + Serial Number (hex): 00cc668f0126f81678377bb0b591ddea5d + Revoked at: Thu Nov 07 20:07:09 UTC 2013 + Serial Number (hex): 00ecbed2571ab768449bd7cee2de730b40 + Revoked at: Thu Nov 07 20:18:04 UTC 2013 + Serial Number (hex): 00efe562d00d3218b67308a488299e57ba + Revoked at: Thu Nov 07 20:18:41 UTC 2013 + Serial Number (hex): 3071b6e30bcd634a76e5eced5a0a3fc3 + Revoked at: Thu Nov 07 20:27:05 UTC 2013 + Serial Number (hex): 739c0226f76111f94c5f5c3f8b6731ce + Revoked at: Thu Nov 07 20:46:17 UTC 2013 + Serial Number (hex): 5ce2f45c598a90f44d54ded84cbb2fa3 + Revoked at: Thu Nov 07 22:29:19 UTC 2013 + Serial Number (hex): 19e0bce841e5c90b1e71fdc1ca0eb9b4 + Revoked at: Fri Nov 08 02:13:02 UTC 2013 + Serial Number (hex): 00f584f0c2bc0416d96c87016d8fe77e0a + Revoked at: Fri Nov 08 05:48:28 UTC 2013 + Serial Number (hex): 00ab0ce6f0174e4a4b3091e88ac11d1b71 + Revoked at: Fri Nov 08 06:43:59 UTC 2013 + Serial Number (hex): 00af1c49efe4afbed02c5e8c8ded1c8436 + Revoked at: Fri Nov 08 09:57:25 UTC 2013 + Serial Number (hex): 01d989f41d726ce5c7eb8bd3a86c34f8 + Revoked at: Fri Nov 08 10:30:15 UTC 2013 + Serial Number (hex): 00f2989a1daffd03454bf501758ef32270 + Revoked at: Fri Nov 08 12:55:03 UTC 2013 + Serial Number (hex): 66e0de8c06c8dc8a479b274064060e17 + Revoked at: Fri Nov 08 13:32:11 UTC 2013 + Serial Number (hex): 7264dee27e64f3660229ecb680ad2629 + Revoked at: Fri Nov 08 14:26:00 UTC 2013 + Serial Number (hex): 6c7612085f1d70363cdf4e9a6490d003 + Revoked at: Fri Nov 08 14:26:16 UTC 2013 + Serial Number (hex): 00c1ad81b35d261ce564bbb7cf9dce648b + Revoked at: Fri Nov 08 14:26:31 UTC 2013 + Serial Number (hex): 192d56ef32dd43f801e68fb57555227e + Revoked at: Fri Nov 08 14:30:08 UTC 2013 + Serial Number (hex): 0e39e26cb0fde6b660e246ffedbab2c4 + Revoked at: Fri Nov 08 14:36:24 UTC 2013 + Serial Number (hex): 008c08129d54680ba16b249c2fced9d241 + Revoked at: Fri Nov 08 15:35:31 UTC 2013 + Serial Number (hex): 3b1b30c8e68ddc5d28942852554ca6c9 + Revoked at: Fri Nov 08 15:39:16 UTC 2013 + Serial Number (hex): 696910402dcbc7c97bf3fd21de2046f6 + Revoked at: Fri Nov 08 16:59:48 UTC 2013 + Serial Number (hex): 6061603fb1877675eb4bce6082050f63 + Revoked at: Fri Nov 08 17:41:25 UTC 2013 + Serial Number (hex): 3c55f887f304e4322b4431258ccc0761 + Revoked at: Fri Nov 08 19:38:32 UTC 2013 + Serial Number (hex): 00f2abb101680dc9856c08bcf57e83a468 + Revoked at: Fri Nov 08 20:34:10 UTC 2013 + Serial Number (hex): 00c06742cffc1906691cbb485e5a41ebaa + Revoked at: Fri Nov 08 21:18:12 UTC 2013 + Serial Number (hex): 00b2fad4b3085e71c4a0ace97136d6263a + Revoked at: Fri Nov 08 21:22:40 UTC 2013 + Serial Number (hex): 00d8efc63bdc0480401b7f2afab751980f + Revoked at: Sun Nov 10 00:20:27 UTC 2013 + Serial Number (hex): 7979305ff5cd0b93b7e9ad0f5e445015 + Revoked at: Sun Nov 10 02:13:06 UTC 2013 + Serial Number (hex): 00c63a894bb18c4681b1e770758ea923b5 + Revoked at: Sun Nov 10 02:13:06 UTC 2013 + Serial Number (hex): 00cffd6e95a1e7373a47ddf3d8e819bf91 + Revoked at: Sun Nov 10 09:01:19 UTC 2013 + Serial Number (hex): 531fa0125905e53d47fe64c4ceffa5fb + Revoked at: Mon Nov 11 09:56:57 UTC 2013 + Serial Number (hex): 026bed9390c7ec888a801ce6fc5ace18 + Revoked at: Mon Nov 11 16:30:54 UTC 2013 + Serial Number (hex): 1a65477ced9dd4279ae5552e392b5077 + Revoked at: Mon Nov 11 16:54:02 UTC 2013 + Serial Number (hex): 48bfc9eed739d8c126765c8ce8f21001 + Revoked at: Mon Nov 11 17:15:10 UTC 2013 + Serial Number (hex): 127c68c2de7d069c488437e37e63088a + Revoked at: Mon Nov 11 17:24:27 UTC 2013 + Serial Number (hex): 00d304e63a8d1b0cb5754cdc090b45f105 + Revoked at: Mon Nov 11 17:28:58 UTC 2013 + Serial Number (hex): 0095847d10b1adef2c7eec21e3a1843cb4 + Revoked at: Mon Nov 11 19:06:13 UTC 2013 + Serial Number (hex): 00cf59c89904ac05afd28a88586ab8d129 + Revoked at: Mon Nov 11 19:27:35 UTC 2013 + Serial Number (hex): 22d6a68870ee63a8ff32a57ade214340 + Revoked at: Mon Nov 11 19:47:39 UTC 2013 + Serial Number (hex): 00a1ca09b426408676eb1718939a5ab78d + Revoked at: Mon Nov 11 20:10:02 UTC 2013 + Serial Number (hex): 0ac020b45ad4e5aef2b9ab69907113a9 + Revoked at: Mon Nov 11 20:34:52 UTC 2013 + Serial Number (hex): 0081dcfbc3cb8787af7d3f240747ec9011 + Revoked at: Mon Nov 11 21:06:21 UTC 2013 + Serial Number (hex): 4fc9491ff633a6b1615a3dbda4225435 + Revoked at: Mon Nov 11 21:32:45 UTC 2013 + Serial Number (hex): 008546b57a5c6b76ecb0a10b8e44adf298 + Revoked at: Tue Nov 12 02:13:04 UTC 2013 + Serial Number (hex): 00a4ef2a2855e48b342543bc9577b1251a + Revoked at: Tue Nov 12 09:19:02 UTC 2013 + Serial Number (hex): 00a022e04a3e9b0e42749d6da9bc3ee7fa + Revoked at: Tue Nov 12 09:41:21 UTC 2013 + Serial Number (hex): 008e2038848900d18fbf1a14d983724e1b + Revoked at: Tue Nov 12 10:25:33 UTC 2013 + Serial Number (hex): 0099908d2bff8fa8f475ee4be28064992e + Revoked at: Tue Nov 12 11:37:06 UTC 2013 + Serial Number (hex): 00adcf5e6a4d4b65ff5168abb68b3280a0 + Revoked at: Tue Nov 12 13:18:55 UTC 2013 + Serial Number (hex): 00fe600d1b1e7562f9fcfc56f7a48f91aa + Revoked at: Tue Nov 12 13:29:20 UTC 2013 + Serial Number (hex): 55a10bab2facf192b38bbe83f5cd4df9 + Revoked at: Tue Nov 12 14:08:53 UTC 2013 + Serial Number (hex): 68b6b10883df3a5e0c5dddecfa333dde + Revoked at: Tue Nov 12 14:24:08 UTC 2013 + Serial Number (hex): 00b7ead3ef53064db47753d010e8f6b507 + Revoked at: Tue Nov 12 14:25:49 UTC 2013 + Serial Number (hex): 00ae74a92104b9f9f62f72c7b2624cc200 + Revoked at: Tue Nov 12 15:12:36 UTC 2013 + Serial Number (hex): 31998ee400c193cb5942b403f2ccf10b + Revoked at: Tue Nov 12 15:12:39 UTC 2013 + Serial Number (hex): 492ef3d9e24e96c02153d79e83e3e75a + Revoked at: Tue Nov 12 18:29:12 UTC 2013 + Serial Number (hex): 6ef73e720f744eb9aa973002557b049f + Revoked at: Tue Nov 12 19:40:35 UTC 2013 + Serial Number (hex): 00bb7743c4921fd9f5cdf75f5fbd087a59 + Revoked at: Tue Nov 12 20:22:44 UTC 2013 + Serial Number (hex): 37d2e979fd9f7710a4254df7dfa3d357 + Revoked at: Tue Nov 12 20:22:59 UTC 2013 + Serial Number (hex): 00b140856f5a9122e4198ac296162a69d9 + Revoked at: Tue Nov 12 20:56:45 UTC 2013 + Serial Number (hex): 0087d395ab34d74bea8c467f689c24418e + Revoked at: Tue Nov 12 21:05:57 UTC 2013 + Serial Number (hex): 12d49373f9b0473803c14a554aaf8756 + Revoked at: Tue Nov 12 21:28:13 UTC 2013 + Serial Number (hex): 00ab6b0826f9f8e40f4bbe08e586bef683 + Revoked at: Tue Nov 12 21:36:48 UTC 2013 + Serial Number (hex): 4a2daffaa42a0d5d2610e12e26e339f0 + Revoked at: Wed Nov 13 07:30:35 UTC 2013 + Serial Number (hex): 00bdbe61180d8798d8d7792955dc10418d + Revoked at: Wed Nov 13 08:56:35 UTC 2013 + Serial Number (hex): 3584a819f33d8d7dbdb88d505a061878 + Revoked at: Wed Nov 13 11:52:28 UTC 2013 + Serial Number (hex): 00bfa6352e274030d3465bbf74fb90c125 + Revoked at: Wed Nov 13 13:46:28 UTC 2013 + Serial Number (hex): 00aac9fe52e127fb9aae5d123bafd8414c + Revoked at: Wed Nov 13 15:44:59 UTC 2013 + Serial Number (hex): 66a64ba19c8967950b4a69793ee89c1f + Revoked at: Wed Nov 13 16:52:40 UTC 2013 + Serial Number (hex): 337d48b8d6fe62331c56359a953fd285 + Revoked at: Wed Nov 13 17:05:15 UTC 2013 + Serial Number (hex): 3d22444333a7692cda377a1ee88c0019 + Revoked at: Wed Nov 13 17:14:25 UTC 2013 + Serial Number (hex): 77b3c67580ba541fd3aeb1ff81e05ded + Revoked at: Wed Nov 13 17:52:16 UTC 2013 + Serial Number (hex): 00d02464aa61f317ec8a62585a39b82a1d + Revoked at: Wed Nov 13 18:25:19 UTC 2013 + Serial Number (hex): 572a1e32bdf7cf475f0981ad4d7ab235 + Revoked at: Wed Nov 13 18:36:20 UTC 2013 + Serial Number (hex): 0ea9afd1a3fdda8bb896c38ec7ab6f69 + Revoked at: Wed Nov 13 18:45:09 UTC 2013 + Serial Number (hex): 00dffbc97b278aa8906f6a68d7d2f0b23e + Revoked at: Wed Nov 13 19:07:32 UTC 2013 + Serial Number (hex): 0080d5625604bccaf6d05cdcc54028f514 + Revoked at: Wed Nov 13 19:30:06 UTC 2013 + Serial Number (hex): 00a25f6f933799f77312506bc42759213a + Revoked at: Wed Nov 13 19:30:48 UTC 2013 + Serial Number (hex): 009f9a9e2ef551654b2f6bc70148eaa45b + Revoked at: Wed Nov 13 19:30:50 UTC 2013 + Serial Number (hex): 4e3c9db54f50a59985dd4f15714965bb + Revoked at: Wed Nov 13 19:32:08 UTC 2013 + Serial Number (hex): 00870bf34aef0a94070ca32127ce90b5af + Revoked at: Wed Nov 13 19:39:00 UTC 2013 + Serial Number (hex): 00a4ff49c7058a2db883cb55516839f6c2 + Revoked at: Wed Nov 13 19:39:13 UTC 2013 + Serial Number (hex): 00c4f55a9df99e8620dd1be8685c9c0f01 + Revoked at: Wed Nov 13 19:39:48 UTC 2013 + Serial Number (hex): 00f1681b41a43a48c02516936f60122158 + Revoked at: Wed Nov 13 19:39:51 UTC 2013 + Serial Number (hex): 29613ee1a00ddb801c6473ec5cf6a020 + Revoked at: Wed Nov 13 19:40:14 UTC 2013 + Serial Number (hex): 1d04862f99cee6fb53c86c67f0c926c9 + Revoked at: Wed Nov 13 19:40:25 UTC 2013 + Serial Number (hex): 7418d70500243cc7d5ebded4443a10bb + Revoked at: Wed Nov 13 19:40:49 UTC 2013 + Serial Number (hex): 3ed26ff20086a8e95c09200381cc112e + Revoked at: Wed Nov 13 19:40:51 UTC 2013 + Serial Number (hex): 00bfe6df6bc478aeaef0cc262b801c5736 + Revoked at: Wed Nov 13 19:41:10 UTC 2013 + Serial Number (hex): 42456d5ae25f2f2560ebb4c4a71c87ad + Revoked at: Wed Nov 13 19:41:25 UTC 2013 + Serial Number (hex): 5393ede1b25befb64c1c7bb10318cd25 + Revoked at: Wed Nov 13 19:41:49 UTC 2013 + Serial Number (hex): 26c8586eeb797990fc05497fa71526ee + Revoked at: Wed Nov 13 19:43:20 UTC 2013 + Serial Number (hex): 00e4e7369305ff37a2a0950e5692f4c118 + Revoked at: Wed Nov 13 19:45:28 UTC 2013 + Serial Number (hex): 72377da1d5cd4b58cf6a992dfcf578f6 + Revoked at: Wed Nov 13 19:46:12 UTC 2013 + Serial Number (hex): 5c723ae66c6350032d1b9dd920701208 + Revoked at: Wed Nov 13 19:58:10 UTC 2013 + Serial Number (hex): 00d15c605d546a5f046a6a530777c3fbfe + Revoked at: Wed Nov 13 19:59:00 UTC 2013 + Serial Number (hex): 00f3ecfca32d2eff6e4bbed22fd0c3fd94 + Revoked at: Wed Nov 13 20:01:42 UTC 2013 + Serial Number (hex): 13e581fada808a4214cbc03fe55c8e5c + Revoked at: Wed Nov 13 20:02:11 UTC 2013 + Serial Number (hex): 6aa2c4110c3e6984522068242b7af920 + Revoked at: Wed Nov 13 20:04:12 UTC 2013 + Serial Number (hex): 0ec759c8d2110da81080921b095c949e + Revoked at: Wed Nov 13 20:23:00 UTC 2013 + Serial Number (hex): 00812e548ab620c1785d609384fbe4f1ba + Revoked at: Wed Nov 13 20:34:16 UTC 2013 + Serial Number (hex): 4244b1fbcb4ff550563c5483629456fc + Revoked at: Wed Nov 13 20:46:02 UTC 2013 + Serial Number (hex): 00da1f79f6e8b844fd41b39e77cbba1614 + Revoked at: Wed Nov 13 20:50:04 UTC 2013 + Serial Number (hex): 235ef5659f2593ae659e909dd506ca3b + Revoked at: Wed Nov 13 20:51:49 UTC 2013 + Serial Number (hex): 2401c12ad9cc3ed35971bd6851bbaccc + Revoked at: Wed Nov 13 20:51:56 UTC 2013 + Serial Number (hex): 64800448b3bba0631f490f26f2c295c4 + Revoked at: Wed Nov 13 22:23:00 UTC 2013 + Serial Number (hex): 00e2f92e6b7319d9b3dfeeb137447f17cb + Revoked at: Wed Nov 13 23:55:56 UTC 2013 + Serial Number (hex): 00df9dfd22ba52c9e104c817b00f41c589 + Revoked at: Thu Nov 14 05:40:41 UTC 2013 + Serial Number (hex): 4b2ff7b928407bd3c64ce2c49609d550 + Revoked at: Thu Nov 14 09:05:54 UTC 2013 + Serial Number (hex): 00955b83de59a22c9f6c1b8cd6e0641a3b + Revoked at: Thu Nov 14 11:32:06 UTC 2013 + Serial Number (hex): 00a61c357e1c32acfdbfaa1b06c53bbe60 + Revoked at: Thu Nov 14 14:12:36 UTC 2013 + Serial Number (hex): 00bcca37b7fb36acf310a42da70f852d23 + Revoked at: Thu Nov 14 14:39:49 UTC 2013 + Serial Number (hex): 0095d1c1fa5f3035f83b011e747d71abf5 + Revoked at: Thu Nov 14 14:39:56 UTC 2013 + Serial Number (hex): 053dedb9e47cf6d7afb65b33ea094f4f + Revoked at: Thu Nov 14 15:09:40 UTC 2013 + Serial Number (hex): 00e6a84857891b4554ab7a99f869920d6d + Revoked at: Thu Nov 14 15:31:46 UTC 2013 + Serial Number (hex): 008318b9188ace835d56bff63ea93c4982 + Revoked at: Thu Nov 14 16:46:04 UTC 2013 + Serial Number (hex): 00eff829f2d45aa9207dd16d0c0f190e03 + Revoked at: Thu Nov 14 16:46:46 UTC 2013 + Serial Number (hex): 2b36f28261818557d3735a1dbfdb060e + Revoked at: Thu Nov 14 17:06:03 UTC 2013 + Serial Number (hex): 008b42ae900c526f0f8621ace873121c84 + Revoked at: Thu Nov 14 18:37:34 UTC 2013 + Serial Number (hex): 7c090d2fe2e228c043fd15461e636eef + Revoked at: Thu Nov 14 19:32:53 UTC 2013 + Serial Number (hex): 5f071a0babdca0998c0b0443bf10639a + Revoked at: Thu Nov 14 19:35:32 UTC 2013 + Serial Number (hex): 00d3ddac941a0fbe7d6f318764e0d9d2a9 + Revoked at: Thu Nov 14 19:50:15 UTC 2013 + Serial Number (hex): 00805404f5a70d144cdfcfa607d9edbc59 + Revoked at: Thu Nov 14 20:28:07 UTC 2013 + Serial Number (hex): 1b720d0295d7d9716f6dc544c9aac09f + Revoked at: Thu Nov 14 21:30:27 UTC 2013 + Serial Number (hex): 3c24eb1d61de0087759262ae7113b836 + Revoked at: Thu Nov 14 22:42:07 UTC 2013 + Serial Number (hex): 00e806fdabdb5c6991902f7abc8bb237fb + Revoked at: Thu Nov 14 23:12:35 UTC 2013 + Serial Number (hex): 5a40e76fba18f80e29671e3e9308b2 + Revoked at: Fri Nov 15 10:58:28 UTC 2013 + Serial Number (hex): 00d86c78526e2c98da482be2efdc6856b7 + Revoked at: Fri Nov 15 10:59:27 UTC 2013 + Serial Number (hex): 00ead13fc69ee742b65d9d3eb9dd86fd22 + Revoked at: Fri Nov 15 13:36:26 UTC 2013 + Serial Number (hex): 4d03395f51aaa7b041d1f9016986861d + Revoked at: Fri Nov 15 14:34:59 UTC 2013 + Serial Number (hex): 33f3210e9b86e8ac9ed737d2bfaa9a80 + Revoked at: Fri Nov 15 19:18:23 UTC 2013 + Serial Number (hex): 7e0487035a9bccc701336d2c48872079 + Revoked at: Fri Nov 15 19:36:05 UTC 2013 + Serial Number (hex): 58024dd684947cee8ea66f514ec124ab + Revoked at: Fri Nov 15 19:48:57 UTC 2013 + Serial Number (hex): 00cc92c70bd03b9417be67ee3136882f2b + Revoked at: Fri Nov 15 20:58:41 UTC 2013 + Serial Number (hex): 0e1f0b2e8b6b5c4ca8f811a195970329 + Revoked at: Fri Nov 15 20:58:46 UTC 2013 + Serial Number (hex): 6d57306f27233f575d089d7e3c95de24 + Revoked at: Fri Nov 15 20:58:51 UTC 2013 + Serial Number (hex): 4ca21e58e0f6cf824e6838119f847ae3 + Revoked at: Fri Nov 15 20:58:57 UTC 2013 + Serial Number (hex): 73726f94de7ffeb4cbc6a1825b2eaf90 + Revoked at: Fri Nov 15 20:59:02 UTC 2013 + Serial Number (hex): 009f8453ab1f5f022708574c43b965c7b7 + Revoked at: Fri Nov 15 20:59:07 UTC 2013 + Serial Number (hex): 00aa4c8e1f982a7c1d11f685f9314bd785 + Revoked at: Fri Nov 15 22:35:11 UTC 2013 + Serial Number (hex): 56c2f2697bbd9392519ac358996e0e4d + Revoked at: Sun Nov 17 06:00:20 UTC 2013 + Serial Number (hex): 00d7624bd23339df84a5ff70cb6dd5dae4 + Revoked at: Sun Nov 17 19:46:43 UTC 2013 + Serial Number (hex): 00d5532eafac0bff0e79e51b44e21f6aa4 + Revoked at: Mon Nov 18 12:42:59 UTC 2013 + Serial Number (hex): 00bda21769ef77e1669782ce0a79a71615 + Revoked at: Mon Nov 18 13:20:31 UTC 2013 + Serial Number (hex): 76cf15283a12c53b195bf504fbd7006d + Revoked at: Mon Nov 18 13:52:39 UTC 2013 + Serial Number (hex): 0086ad532e7f8f3f12b635b355e2632d4f + Revoked at: Mon Nov 18 14:29:52 UTC 2013 + Serial Number (hex): 00c0fd389ceaf25bfe6f603230d04b079d + Revoked at: Mon Nov 18 15:30:08 UTC 2013 + Serial Number (hex): 008b976f0da47d86919a861333460d7234 + Revoked at: Mon Nov 18 15:45:27 UTC 2013 + Serial Number (hex): 7404eed4ca3fb564d9fe61e9cef4f13a + Revoked at: Mon Nov 18 17:26:35 UTC 2013 + Serial Number (hex): 00ffaddda32401328c745dce136b0066de + Revoked at: Mon Nov 18 17:27:14 UTC 2013 + Serial Number (hex): 009683d70b4179a69417ba880ed5d4b2d7 + Revoked at: Mon Nov 18 17:54:22 UTC 2013 + Serial Number (hex): 00fd23b7defee528652662b32a0acd8f52 + Revoked at: Mon Nov 18 17:54:47 UTC 2013 + Serial Number (hex): 00d382e2bb0d318b3911987ed7d9eec2ca + Revoked at: Mon Nov 18 17:54:57 UTC 2013 + Serial Number (hex): 00ef6587c536614ace56403ae8fc4ecb10 + Revoked at: Mon Nov 18 18:04:45 UTC 2013 + Serial Number (hex): 00b280c4074c8f4619bf5119eba2584c25 + Revoked at: Mon Nov 18 21:12:18 UTC 2013 + Serial Number (hex): 008ac4e82207e6960de30472ee92cf5223 + Revoked at: Mon Nov 18 21:39:01 UTC 2013 + Serial Number (hex): 5c634e133b2407ea25adbdd77b3bd4c4 + Revoked at: Mon Nov 18 22:32:09 UTC 2013 + Serial Number (hex): 008ef3d1fc98238023194cbf9a4bd233ba + Revoked at: Tue Nov 19 14:39:13 UTC 2013 + Serial Number (hex): 00bdea9fc83e2763f6f68c04116b7aa876 + Revoked at: Tue Nov 19 14:39:35 UTC 2013 + Serial Number (hex): 00f3b08b92cce347fff82405c1f64a9b0f + Revoked at: Tue Nov 19 15:11:15 UTC 2013 + Serial Number (hex): 00941613b7353a5a94ec83c800bc4153c2 + Revoked at: Tue Nov 19 15:38:26 UTC 2013 + Serial Number (hex): 00bb9b1a19179b5c55f53f92b378da207c + Revoked at: Tue Nov 19 15:47:16 UTC 2013 + Serial Number (hex): 008318e6cc1bac5736458187798e589d0d + Revoked at: Tue Nov 19 15:49:22 UTC 2013 + Serial Number (hex): 0091445d0996c8e3f37b17539e499390e0 + Revoked at: Tue Nov 19 15:50:33 UTC 2013 + Serial Number (hex): 79232817a798de66ad606c389dced711 + Revoked at: Tue Nov 19 16:00:18 UTC 2013 + Serial Number (hex): 00d83d0eb5cafd21dd8726e6c9b5824e17 + Revoked at: Tue Nov 19 16:03:14 UTC 2013 + Serial Number (hex): 28e3bd7f57db93de05f4758792e03748 + Revoked at: Tue Nov 19 16:11:40 UTC 2013 + Serial Number (hex): 11f715e330aff9f75aa49d9d7a1b4ad9 + Revoked at: Tue Nov 19 16:11:48 UTC 2013 + Serial Number (hex): 00ff8616b3af918e30ca0b9288ee930558 + Revoked at: Tue Nov 19 16:11:58 UTC 2013 + Serial Number (hex): 3bbefd3624923e10e05754a7f9750942 + Revoked at: Tue Nov 19 16:20:42 UTC 2013 + Serial Number (hex): 18fa50c60c252ee317fded2fe98f5d6e + Revoked at: Tue Nov 19 16:50:25 UTC 2013 + Serial Number (hex): 13d570d707be661c158178f44fd7fbfc + Revoked at: Tue Nov 19 17:17:17 UTC 2013 + Serial Number (hex): 00d12ff1b8169ee62e3e560ab9e5f0ccc8 + Revoked at: Tue Nov 19 19:43:16 UTC 2013 + Serial Number (hex): 6e59f69607f0856190f866ec3081518d + Revoked at: Tue Nov 19 22:21:14 UTC 2013 + Serial Number (hex): 6ab428a40880a6c4cb8402d84d64b031 + Revoked at: Tue Nov 19 22:21:20 UTC 2013 + Serial Number (hex): 2bd533dd1fcf32e1eae61872d3eacd6f + Revoked at: Wed Nov 20 02:13:04 UTC 2013 + Serial Number (hex): 00effb82a3f934c010be4c1bd7bf7d6b88 + Revoked at: Wed Nov 20 02:59:30 UTC 2013 + Serial Number (hex): 3cdd36d0d12ca000b838b0ac7aeccf60 + Revoked at: Wed Nov 20 09:52:55 UTC 2013 + Serial Number (hex): 00cbfb59df312dec9d9acff84e7d9cb636 + Revoked at: Wed Nov 20 10:01:32 UTC 2013 + Serial Number (hex): 00a466826b5e57c32fb915efb12f3f4a04 + Revoked at: Wed Nov 20 13:13:13 UTC 2013 + Serial Number (hex): 00ac2ed446ddf0e7ed99967b09e0b646b1 + Revoked at: Wed Nov 20 14:44:48 UTC 2013 + Serial Number (hex): 10beeea503c9b982bd329319149504c4 + Revoked at: Wed Nov 20 15:17:47 UTC 2013 + Serial Number (hex): 0094c2069af8fb0d853bdc66c79e64643c + Revoked at: Wed Nov 20 15:33:28 UTC 2013 + Serial Number (hex): 7dc4e1547f0ef0a73ea618c94aec7045 + Revoked at: Wed Nov 20 15:53:52 UTC 2013 + Serial Number (hex): 00ebfcdd40b1493831a0566832d4911f + Revoked at: Wed Nov 20 16:02:26 UTC 2013 + Serial Number (hex): 00ce06a30713c952badcde2b5d552f089f + Revoked at: Wed Nov 20 16:02:29 UTC 2013 + Serial Number (hex): 476204e9c0b699adb185507ccb78d7 + Revoked at: Wed Nov 20 16:02:39 UTC 2013 + Serial Number (hex): 009d517c9faed2d510c84e8ce73ed048ff + Revoked at: Wed Nov 20 16:36:28 UTC 2013 + Serial Number (hex): 50ed18dd83a293b99215f4c8a44df3dc + Revoked at: Wed Nov 20 16:37:26 UTC 2013 + Serial Number (hex): 00a0d7e250ab99bcf704366558c85b62f9 + Revoked at: Wed Nov 20 16:37:49 UTC 2013 + Serial Number (hex): 2aa13bfc7adb6eca67dbae21eefa9479 + Revoked at: Wed Nov 20 16:40:19 UTC 2013 + Serial Number (hex): 00ab9278a6dfd1e5515c0bb96f61df34ea + Revoked at: Wed Nov 20 16:41:36 UTC 2013 + Serial Number (hex): 0091ac65d796b2f75113a7167ee5f2dad9 + Revoked at: Wed Nov 20 17:42:23 UTC 2013 + Serial Number (hex): 00a9d227cddddedde7bf7867733f0c51b0 + Revoked at: Wed Nov 20 17:42:30 UTC 2013 + Serial Number (hex): 00965b3c3c72ca74651c74e22296c9b95e + Revoked at: Wed Nov 20 17:42:37 UTC 2013 + Serial Number (hex): 00ccbfc3b8f5f7db598472cfe557b1d9ed + Revoked at: Wed Nov 20 18:08:35 UTC 2013 + Serial Number (hex): 008457bee5faef62368fd5a068df735044 + Revoked at: Wed Nov 20 18:34:15 UTC 2013 + Serial Number (hex): 504ab38d060f50733d043abc592c2c34 + Revoked at: Wed Nov 20 19:45:22 UTC 2013 + Serial Number (hex): 579a7097954f16366ccce248900d45ff + Revoked at: Wed Nov 20 19:45:30 UTC 2013 + Serial Number (hex): 00b66e40b96684cfd4d733b12211827f60 + Revoked at: Wed Nov 20 19:45:41 UTC 2013 + Serial Number (hex): 322c82aa65b5aadd9ef06bdafee19053 + Revoked at: Wed Nov 20 20:36:49 UTC 2013 + Serial Number (hex): 009158fb39b78658fd7335479b803a2c42 + Revoked at: Wed Nov 20 20:58:36 UTC 2013 + Serial Number (hex): 7fdd40540d46ee894e37d3c77a0f566c + Revoked at: Wed Nov 20 21:59:52 UTC 2013 + Serial Number (hex): 00935aa8e0dc4becf072ccef4fa5a9afc1 + Revoked at: Wed Nov 20 22:27:53 UTC 2013 + Serial Number (hex): 01c7ced32ecc581dbb00acf5d637dad3 + Revoked at: Thu Nov 21 05:38:16 UTC 2013 + Serial Number (hex): 00cc9d4fd15584f8a132405d6931993407 + Revoked at: Thu Nov 21 06:25:07 UTC 2013 + Serial Number (hex): 00b4b6932e8171abb3a5a9d0a299b775bf + Revoked at: Thu Nov 21 09:50:50 UTC 2013 + Serial Number (hex): 00ee63341025a02f69d9d0fb9fa5a75f81 + Revoked at: Thu Nov 21 10:50:24 UTC 2013 + Serial Number (hex): 00c94fc8dc005ede6a283a3b28af22fd2f + Revoked at: Thu Nov 21 11:03:14 UTC 2013 + Serial Number (hex): 4f2f52f872b9c4bd2ab31329381a771c + Revoked at: Thu Nov 21 11:42:48 UTC 2013 + Serial Number (hex): 00f848ebb83a7819d26a1454c75a5354f3 + Revoked at: Thu Nov 21 11:53:40 UTC 2013 + Serial Number (hex): 008bf4cb47a3d2dc7fb37efbaa1c68aa54 + Revoked at: Thu Nov 21 13:51:57 UTC 2013 + Serial Number (hex): 00b0f4ef93b8c21bd34562f44d54a75f82 + Revoked at: Thu Nov 21 14:27:51 UTC 2013 + Serial Number (hex): 00e29b2e74a7126d7a39a85c931cb4ea7b + Revoked at: Thu Nov 21 14:41:20 UTC 2013 + Serial Number (hex): 0be1c81362953d057119055ff9b31ae2 + Revoked at: Thu Nov 21 14:53:46 UTC 2013 + Serial Number (hex): 009f4e95bbbd908f5006ce19fb5feeb28c + Revoked at: Thu Nov 21 15:24:22 UTC 2013 + Serial Number (hex): 00a34b2685925cc5b3d9c8f506e34fa6bd + Revoked at: Thu Nov 21 15:40:07 UTC 2013 + Serial Number (hex): 6f3743fcb58c25fa143615958ec15c91 + Revoked at: Thu Nov 21 16:28:38 UTC 2013 + Serial Number (hex): 41b1e3933fffcf5045c8be93415207f3 + Revoked at: Thu Nov 21 17:12:43 UTC 2013 + Serial Number (hex): 00d4b91d625d9fc13f711c20ddedddce44 + Revoked at: Thu Nov 21 20:08:04 UTC 2013 + Serial Number (hex): 00dfb0ea3b5ab3fdbc6cebaeafe0e7f606 + Revoked at: Thu Nov 21 20:50:34 UTC 2013 + Serial Number (hex): 3e86f45132790c4ca741f6d2d4ed9836 + Revoked at: Thu Nov 21 20:52:15 UTC 2013 + Serial Number (hex): 008155843aa4fea5619ea13dc8912dfc3a + Revoked at: Thu Nov 21 20:53:20 UTC 2013 + Serial Number (hex): 6758ee734078b39874baa8c68ca4d42c + Revoked at: Thu Nov 21 20:53:23 UTC 2013 + Serial Number (hex): 53fbef2a99b4acd07347c89be13a3e7d + Revoked at: Thu Nov 21 20:53:25 UTC 2013 + Serial Number (hex): 00a8bc58dda1a611e1e933887164b8f4d1 + Revoked at: Fri Nov 22 05:35:57 UTC 2013 + Serial Number (hex): 00a47cf5a1040eb0b78da64c267882a917 + Revoked at: Fri Nov 22 05:36:07 UTC 2013 + Serial Number (hex): 572e9dabb6856fb395e431ab57ab8ed4 + Revoked at: Fri Nov 22 07:07:44 UTC 2013 + Serial Number (hex): 00cdf9fdc50c15927b916e7f8506575187 + Revoked at: Fri Nov 22 08:29:34 UTC 2013 + Serial Number (hex): 716b1b1a033031b83b2c7507271e8cff + Revoked at: Fri Nov 22 09:25:55 UTC 2013 + Serial Number (hex): 305ac1359c779bbe15d5aed45dfa88c5 + Revoked at: Fri Nov 22 10:13:34 UTC 2013 + Serial Number (hex): 00b289ea9304c1434c0e0e5ae99a0430b4 + Revoked at: Fri Nov 22 11:58:24 UTC 2013 + Serial Number (hex): 734acef15a160a20d7465b1f7390a29a + Revoked at: Fri Nov 22 14:05:02 UTC 2013 + Serial Number (hex): 3026bf74f0278df1c7f41fd88aba6630 + Revoked at: Fri Nov 22 15:41:09 UTC 2013 + Serial Number (hex): 008d8c3be87040aeb8349c94d94ff02b94 + Revoked at: Fri Nov 22 17:15:55 UTC 2013 + Serial Number (hex): 40c69f099a587d2735d019abdee31e2f + Revoked at: Fri Nov 22 17:31:29 UTC 2013 + Serial Number (hex): 350fe5ddfa5a8704fa30bb972dea2802 + Revoked at: Fri Nov 22 20:29:22 UTC 2013 + Serial Number (hex): 00f3393b96117905c158a971797d449d5d + Revoked at: Fri Nov 22 20:30:17 UTC 2013 + Serial Number (hex): 00df515059fc75b5ceb6d6e7eaa0d1c276 + Revoked at: Fri Nov 22 20:30:30 UTC 2013 + Serial Number (hex): 008302bcd9d80437304731244a10c508ff + Revoked at: Fri Nov 22 20:30:46 UTC 2013 + Serial Number (hex): 5f3d532cb63899b73031f223ef5cc5f1 + Revoked at: Fri Nov 22 20:32:32 UTC 2013 + Serial Number (hex): 6aaae755ba78c066277e808158c51bc0 + Revoked at: Fri Nov 22 20:44:01 UTC 2013 + Serial Number (hex): 00aca7fa7d189e5fd361d76adfa708e041 + Revoked at: Fri Nov 22 20:44:19 UTC 2013 + Serial Number (hex): 340c833563377cdf0574d85990d78c01 + Revoked at: Fri Nov 22 20:44:45 UTC 2013 + Serial Number (hex): 0084d3651b5189152a666ba0de38a5e6db + Revoked at: Fri Nov 22 20:45:05 UTC 2013 + Serial Number (hex): 0084f1e54f66de1b1d4efe5523b09771a5 + Revoked at: Fri Nov 22 20:51:50 UTC 2013 + Serial Number (hex): 5719744522f3254a8ebaf082591d4ed5 + Revoked at: Fri Nov 22 21:24:53 UTC 2013 + Serial Number (hex): 0c22cd3f9cb76264e243221ba8502d24 + Revoked at: Fri Nov 22 21:35:31 UTC 2013 + Serial Number (hex): 58726eabb72a5c6276f99346ae741987 + Revoked at: Fri Nov 22 21:35:40 UTC 2013 + Serial Number (hex): 00e0cd6497013e53c081568e5bdc0772ff + Revoked at: Fri Nov 22 21:35:48 UTC 2013 + Serial Number (hex): 00be55b7d9eab365ff495053fd9aed485c + Revoked at: Fri Nov 22 21:36:14 UTC 2013 + Serial Number (hex): 091d9605e81861a5c27c9a154ab68481 + Revoked at: Fri Nov 22 21:38:11 UTC 2013 + Serial Number (hex): 0097a977cfbd54a9762c283a651932e716 + Revoked at: Fri Nov 22 21:40:53 UTC 2013 + Serial Number (hex): 00c96a7f19e3904ed2f1b3866aa1042a7d + Revoked at: Fri Nov 22 21:42:56 UTC 2013 + Serial Number (hex): 7df63f19cb4498b1ed019670449df575 + Revoked at: Fri Nov 22 22:33:27 UTC 2013 + Serial Number (hex): 00be4c0e6b96111dafdc3884b58d6fb2af + Revoked at: Fri Nov 22 23:09:05 UTC 2013 + Serial Number (hex): 00f4681f4e644726a3491b46381bf4f433 + Revoked at: Sat Nov 23 02:13:04 UTC 2013 + Serial Number (hex): 2c4277b31f184a15423a7bfd7706e585 + Revoked at: Sat Nov 23 11:52:00 UTC 2013 + Serial Number (hex): 00b605fa380bb1ccc9bc541e1a5ac010e4 + Revoked at: Sun Nov 24 02:13:09 UTC 2013 + Serial Number (hex): 396c98931a541211e86bceddf1487343 + Revoked at: Mon Nov 25 02:13:05 UTC 2013 + Serial Number (hex): 2fb791c39bba35a0e33b41e6152859e4 + Revoked at: Mon Nov 25 12:19:52 UTC 2013 + Serial Number (hex): 7086ca9b7642e6cb852c80bdd8e84d0f + Revoked at: Mon Nov 25 16:10:52 UTC 2013 + Serial Number (hex): 00987c1393deeed11f94711bfa07c9f945 + Revoked at: Mon Nov 25 16:19:37 UTC 2013 + Serial Number (hex): 00b072a60e05d1e6cd668413bbb6f22bb7 + Revoked at: Mon Nov 25 16:28:27 UTC 2013 + Serial Number (hex): 0182eb22d37ea77334204033f9d48af6 + Revoked at: Mon Nov 25 16:43:46 UTC 2013 + Serial Number (hex): 00d1cf626f008408b51ecf81fd64d27acf + Revoked at: Mon Nov 25 17:33:45 UTC 2013 + Serial Number (hex): 00a620fa2e02f7ca2ed88912e9e8b05f3d + Revoked at: Mon Nov 25 17:48:36 UTC 2013 + Serial Number (hex): 00c152522a0f3eb05933238f696257cee7 + Revoked at: Mon Nov 25 19:26:04 UTC 2013 + Serial Number (hex): 00ca65cf1c6790a364a7ff2a917019b0ed + Revoked at: Mon Nov 25 19:39:56 UTC 2013 + Serial Number (hex): 00b6a2def0ab39c43141a7f5b92ee083ba + Revoked at: Mon Nov 25 21:43:42 UTC 2013 + Serial Number (hex): 00b1f345fe74ff86df55c2d92b7322b6ab + Revoked at: Mon Nov 25 22:45:03 UTC 2013 + Serial Number (hex): 00e0735979a3b8ddbae8e35a88e01c7dc9 + Revoked at: Tue Nov 26 00:17:27 UTC 2013 + Serial Number (hex): 0c2f856cdb501cb5bb5cbf0e6495a641 + Revoked at: Tue Nov 26 02:13:04 UTC 2013 + Serial Number (hex): 00e441c89ea60cc80f1174c50541228ffa + Revoked at: Tue Nov 26 13:02:27 UTC 2013 + Serial Number (hex): 00f980c57ad1433d91aeaec8af2ecfc4db + Revoked at: Tue Nov 26 13:03:16 UTC 2013 + Serial Number (hex): 699a7afc58e982c1c92c0a40c0457e64 + Revoked at: Tue Nov 26 13:05:14 UTC 2013 + Serial Number (hex): 00d2de4d65d3ce5f52a354f7d5888204ac + Revoked at: Tue Nov 26 15:04:55 UTC 2013 + Serial Number (hex): 7f0f3cd160992612929cf0c425ce4c96 + Revoked at: Tue Nov 26 15:42:28 UTC 2013 + Serial Number (hex): 33e7f62059e0878501aae81e753f8ddc + Revoked at: Tue Nov 26 16:20:35 UTC 2013 + Serial Number (hex): 35cb7c29330efaaf0a5977a80681f4ba + Revoked at: Tue Nov 26 16:27:37 UTC 2013 + Serial Number (hex): 00acfe3a7f74033e46f72f0ff8f5d24a08 + Revoked at: Tue Nov 26 16:30:59 UTC 2013 + Serial Number (hex): 00ad9613f2cc60c4bb6c33865cd68cf160 + Revoked at: Tue Nov 26 16:56:28 UTC 2013 + Serial Number (hex): 00fe7cd9d56392c927b3f78dbee62b6134 + Revoked at: Tue Nov 26 17:11:21 UTC 2013 + Serial Number (hex): 4573be11a84410fa6054a8c2ccdb6382 + Revoked at: Tue Nov 26 17:12:34 UTC 2013 + Serial Number (hex): 009bb7b66a9df0aa89ade473c7606c174e + Revoked at: Tue Nov 26 17:13:52 UTC 2013 + Serial Number (hex): 00834111c6c4479eae3342979d46f6fa07 + Revoked at: Tue Nov 26 17:14:06 UTC 2013 + Serial Number (hex): 7edd7c24a9142662ba14d43b84342edb + Revoked at: Tue Nov 26 17:40:59 UTC 2013 + Serial Number (hex): 500975ec07846e8623d96dd2076cae95 + Revoked at: Tue Nov 26 17:43:39 UTC 2013 + Serial Number (hex): 00ebc111451853f3aa59964aa04aa4656d + Revoked at: Tue Nov 26 19:28:37 UTC 2013 + Serial Number (hex): 00ae7c43a9aedd8f70e23cfbe73b4f71d3 + Revoked at: Tue Nov 26 20:18:29 UTC 2013 + Serial Number (hex): 5fb4b9b7c00e2be8bf85228c6c86ff5f + Revoked at: Tue Nov 26 20:18:35 UTC 2013 + Serial Number (hex): 1a785e23344038ae5c8ad03961b862cd + Revoked at: Tue Nov 26 20:19:15 UTC 2013 + Serial Number (hex): 53d5b332c496985dec57a781c7642227 + Revoked at: Tue Nov 26 20:19:29 UTC 2013 + Serial Number (hex): 79e5442117f80beac7f72e5c165acb07 + Revoked at: Tue Nov 26 20:33:11 UTC 2013 + Serial Number (hex): 00b0032a84a054c77bd8a3ce3aff003f0b + Revoked at: Tue Nov 26 20:42:47 UTC 2013 + Serial Number (hex): 009d1471e8d5a3001ee454dbf62e2e5992 + Revoked at: Tue Nov 26 21:19:04 UTC 2013 + Serial Number (hex): 6af8a8b983b2617ded5b67a8355ffe53 + Revoked at: Tue Nov 26 22:38:23 UTC 2013 + Serial Number (hex): 00bcfae61f4e82702609f35b4152e37834 + Revoked at: Tue Nov 26 23:03:23 UTC 2013 + Serial Number (hex): 009f8e76eca14593e06f80a497abb38276 + Revoked at: Wed Nov 27 09:04:40 UTC 2013 + Serial Number (hex): 00dd609f6c19e2bc644145bda9183b1d19 + Revoked at: Wed Nov 27 11:24:40 UTC 2013 + Serial Number (hex): 008f43acf931509c017d82d488edf2abb7 + Revoked at: Wed Nov 27 14:25:22 UTC 2013 + Serial Number (hex): 00bcb2e4441579710ca9815a6e52c7ef41 + Revoked at: Wed Nov 27 14:31:00 UTC 2013 + Serial Number (hex): 1aff5176e5fd02c05a94397fd08f9f2a + Revoked at: Wed Nov 27 14:31:10 UTC 2013 + Serial Number (hex): 00fb1de4f7c08583c62b024f6677e544d1 + Revoked at: Wed Nov 27 15:33:54 UTC 2013 + Serial Number (hex): 00c2a9b2d3b34d5d2c8f416ca816d5ac96 + Revoked at: Wed Nov 27 17:02:10 UTC 2013 + Serial Number (hex): 6ab8611441d933e5a4ffa3a15eae8059 + Revoked at: Wed Nov 27 17:02:15 UTC 2013 + Serial Number (hex): 00f2f6b36493e174311760a55cdfb70218 + Revoked at: Wed Nov 27 17:20:22 UTC 2013 + Serial Number (hex): 008234d9e073ddb21add0a291802fc14e7 + Revoked at: Wed Nov 27 17:21:03 UTC 2013 + Serial Number (hex): 68897e0ad76cabae739a601dfbbed019 + Revoked at: Wed Nov 27 17:45:41 UTC 2013 + Serial Number (hex): 00ac55b209e9eb7eaa9032ac08707087f4 + Revoked at: Wed Nov 27 17:47:23 UTC 2013 + Serial Number (hex): 1aadd250dc176059bd768269e2566091 + Revoked at: Wed Nov 27 18:21:01 UTC 2013 + Serial Number (hex): 00e9356aa154ae2e6d1bc6f17d482148ab + Revoked at: Wed Nov 27 18:21:13 UTC 2013 + Serial Number (hex): 67ac668634299c40664391b214902d4f + Revoked at: Wed Nov 27 18:21:48 UTC 2013 + Serial Number (hex): 258f96ac5a04d415db4f60c62cac5473 + Revoked at: Wed Nov 27 18:45:52 UTC 2013 + Serial Number (hex): 00b9a48a325180bca8f7bd3c8feb8780d7 + Revoked at: Wed Nov 27 19:31:37 UTC 2013 + Serial Number (hex): 0f92319dcfec159510be780420bb4798 + Revoked at: Thu Nov 28 07:46:58 UTC 2013 + Serial Number (hex): 00b6a40985f8563be099def33ca2618ee2 + Revoked at: Thu Nov 28 08:05:49 UTC 2013 + Serial Number (hex): 00bb42ab6d9dd4a524425aef12dabde843 + Revoked at: Thu Nov 28 09:30:44 UTC 2013 + Serial Number (hex): 19d243d7e92f1773235979ae3fd88e45 + Revoked at: Thu Nov 28 10:38:15 UTC 2013 + Serial Number (hex): 00b2f185a75b353de29b5e0b17a0593068 + Revoked at: Thu Nov 28 14:54:36 UTC 2013 + Serial Number (hex): 2686c5aaf137cb96c6397429cd114772 + Revoked at: Fri Nov 29 02:13:04 UTC 2013 + Serial Number (hex): 00be358185dcd3f357951fc8df21119b5e + Revoked at: Fri Nov 29 10:13:32 UTC 2013 + Serial Number (hex): 00ac1cf63721a9c496d4a8ea6287659cd5 + Revoked at: Fri Nov 29 14:25:27 UTC 2013 + Serial Number (hex): 00ce3d5ee7b45a15d80969979365b53a75 + Revoked at: Fri Nov 29 16:19:13 UTC 2013 + Serial Number (hex): 1ac0e32a573cbc4990041f0c22beda5b + Revoked at: Fri Nov 29 16:19:24 UTC 2013 + Serial Number (hex): 206af0a05c86006f8043524c899573b8 + Revoked at: Sat Nov 30 02:13:05 UTC 2013 + Serial Number (hex): 00dca404299acb3c2888f3d5c46567d5f4 + Revoked at: Sun Dec 01 02:13:04 UTC 2013 + Serial Number (hex): 00cc69236db8a8ea7344caf64e83a4eb28 + Revoked at: Sun Dec 01 02:13:04 UTC 2013 + Serial Number (hex): 73ed44433b7e30378e80e62689bcdd55 + Revoked at: Mon Dec 02 02:13:04 UTC 2013 + Serial Number (hex): 00fdc0c6ecc0e4f9e638c7f7fc237d42c9 + Revoked at: Mon Dec 02 08:10:19 UTC 2013 + Serial Number (hex): 0098121276089f5317615b13f8a9fa709a + Revoked at: Mon Dec 02 09:36:02 UTC 2013 + Serial Number (hex): 24e9dc0d64c077074123515f876e0bda + Revoked at: Mon Dec 02 09:41:41 UTC 2013 + Serial Number (hex): 30754bd4f259173407b58d798f1a59bd + Revoked at: Mon Dec 02 10:49:25 UTC 2013 + Serial Number (hex): 48979f4e25cd184011bf344b38eb0066 + Revoked at: Mon Dec 02 11:23:05 UTC 2013 + Serial Number (hex): 02af81a933320765f0a55d063edb57 + Revoked at: Mon Dec 02 11:30:24 UTC 2013 + Serial Number (hex): 2ab0751f43954c180d915421be094d81 + Revoked at: Mon Dec 02 11:57:55 UTC 2013 + Serial Number (hex): 6eb9ba3a220369d8668413d09be1bb99 + Revoked at: Mon Dec 02 12:02:37 UTC 2013 + Serial Number (hex): 00c7e72f64a4b8e4b9f556f16d437a545c + Revoked at: Mon Dec 02 12:11:24 UTC 2013 + Serial Number (hex): 7baf1185adc0d7f57ce2fcc0fa52b83e + Revoked at: Mon Dec 02 14:07:47 UTC 2013 + Serial Number (hex): 304494207c6350962034efba567c01f8 + Revoked at: Mon Dec 02 15:12:50 UTC 2013 + Serial Number (hex): 00fd0b47c52ed62d379ed39f6ff9e262e9 + Revoked at: Mon Dec 02 16:22:19 UTC 2013 + Serial Number (hex): 42840d070144ec89bbdb3948a1dea521 + Revoked at: Mon Dec 02 16:24:00 UTC 2013 + Serial Number (hex): 7750f861de78af949674f7284168e2bb + Revoked at: Mon Dec 02 17:19:25 UTC 2013 + Serial Number (hex): 009bf6ea9b496cd78741f52fc9248efe76 + Revoked at: Mon Dec 02 17:48:30 UTC 2013 + Serial Number (hex): 7f38293e7072df172e11fd321ef0290e + Revoked at: Mon Dec 02 21:03:23 UTC 2013 + Serial Number (hex): 1ab530e2313430d208bc4cdeda9f52a5 + Revoked at: Mon Dec 02 21:21:20 UTC 2013 + Serial Number (hex): 3467e0fbe516004669c28f0f472a2570 + Revoked at: Mon Dec 02 21:22:05 UTC 2013 + Serial Number (hex): 0088e67e7d367f9a103ac97d714bf98503 + Revoked at: Mon Dec 02 21:32:53 UTC 2013 + Serial Number (hex): 00a17ddb084b7877a543a9c1475684f9dc + Revoked at: Mon Dec 02 21:33:51 UTC 2013 + Serial Number (hex): 1b4840a8da79cf20d40a8a6283810a3d + Revoked at: Mon Dec 02 22:09:47 UTC 2013 + Serial Number (hex): 00877e18797b30210755dc213522845731 + Revoked at: Mon Dec 02 22:50:04 UTC 2013 + Serial Number (hex): 3809f688949f5db3feefaca5b51d8781 + Revoked at: Tue Dec 03 00:59:11 UTC 2013 + Serial Number (hex): 00ac3793fe3a7f8b1a58cc6fecd8a8f01c + Revoked at: Tue Dec 03 08:05:06 UTC 2013 + Serial Number (hex): 3d9b12b842d61ed87b242eb96a8d727a + Revoked at: Tue Dec 03 08:37:44 UTC 2013 + Serial Number (hex): 00f710ca6dd257094b18efabbe22dd5df9 + Revoked at: Tue Dec 03 08:38:40 UTC 2013 + Serial Number (hex): 00e4d9c6447ff8415b8a7373257d8678b8 + Revoked at: Tue Dec 03 08:57:28 UTC 2013 + Serial Number (hex): 0a20a34e261ad367f2fb7bd022ec3196 + Revoked at: Tue Dec 03 10:23:10 UTC 2013 + Serial Number (hex): 00a5d95470acc7d7603889332a0adebd87 + Revoked at: Tue Dec 03 10:34:27 UTC 2013 + Serial Number (hex): 00cb97c58ce45a75503a1e1bf185ffa899 + Revoked at: Tue Dec 03 14:23:16 UTC 2013 + Serial Number (hex): 00ffbea1a0442358fd73cfa538373bdaef + Revoked at: Tue Dec 03 14:44:58 UTC 2013 + Serial Number (hex): 3ad4ee634f9ae88366b0e6f3a3d6c8c0 + Revoked at: Tue Dec 03 14:45:28 UTC 2013 + Serial Number (hex): 00a6e0a71faced0eed0e45f9ece70ce189 + Revoked at: Tue Dec 03 14:45:35 UTC 2013 + Serial Number (hex): 750c601cf9dbb5d74a2efa9c72d9ae70 + Revoked at: Tue Dec 03 15:10:51 UTC 2013 + Serial Number (hex): 2d393e36b10d5d8adc6ea1ee8300fab1 + Revoked at: Tue Dec 03 15:19:11 UTC 2013 + Serial Number (hex): 4f86e08c6e7e9dd22d8680f698123fce + Revoked at: Tue Dec 03 15:35:22 UTC 2013 + Serial Number (hex): 3ffa64a4339964d746ccd5c7575ced00 + Revoked at: Tue Dec 03 15:35:41 UTC 2013 + Serial Number (hex): 00b601df146e1c4d8126a37d539c501545 + Revoked at: Tue Dec 03 16:47:22 UTC 2013 + Serial Number (hex): 00a4997ed55aa0fac6319cbaf669c2e5b3 + Revoked at: Tue Dec 03 16:58:46 UTC 2013 + Serial Number (hex): 522025b3d6571d33408985b39bf7c4d1 + Revoked at: Tue Dec 03 17:17:03 UTC 2013 + Serial Number (hex): 4b848988fdb39d636a2daa97d3d636e0 + Revoked at: Tue Dec 03 17:25:58 UTC 2013 + Serial Number (hex): 7f3b46abd5e65825a5ef0eedc723d0a4 + Revoked at: Tue Dec 03 17:26:03 UTC 2013 + Serial Number (hex): 00c33d8b10e425f5a4451fd14921b074da + Revoked at: Tue Dec 03 17:33:51 UTC 2013 + Serial Number (hex): 00c4d3e58c538ffaafcea89bd499abe064 + Revoked at: Tue Dec 03 17:56:37 UTC 2013 + Serial Number (hex): 61030d27562bf5b8f14bba149c93b1e0 + Revoked at: Tue Dec 03 17:57:02 UTC 2013 + Serial Number (hex): 00ea13a6b96af1a74ee86f55e35e0998e5 + Revoked at: Tue Dec 03 18:01:34 UTC 2013 + Serial Number (hex): 008a784f4b94a2719c2f921948a8c73abe + Revoked at: Tue Dec 03 18:24:16 UTC 2013 + Serial Number (hex): 00df966c7fbdbb4b9481e6cd0bbe81ffd4 + Revoked at: Tue Dec 03 18:37:01 UTC 2013 + Serial Number (hex): 0096c53f12e28e68199eb21414377c9609 + Revoked at: Tue Dec 03 18:46:29 UTC 2013 + Serial Number (hex): 7cfe872cbc57321d8b6ade8858d25ac8 + Revoked at: Tue Dec 03 18:57:30 UTC 2013 + Serial Number (hex): 1474dcab7b4600987bcee03629b01367 + Revoked at: Tue Dec 03 19:06:53 UTC 2013 + Serial Number (hex): 00dbe48016c13846d08dc6f9d2a042091e + Revoked at: Tue Dec 03 19:34:16 UTC 2013 + Serial Number (hex): 68685ff69dca5c13616a8ad70ff25f5b + Revoked at: Tue Dec 03 20:20:30 UTC 2013 + Serial Number (hex): 3f3e7dd295230aa9c859c51589e0ed6a + Revoked at: Tue Dec 03 22:27:38 UTC 2013 + Serial Number (hex): 7eef4e7862ac68d17d0dce84146ba3b3 + Revoked at: Tue Dec 03 22:27:55 UTC 2013 + Serial Number (hex): 4bd1de3636b148d7c7b93486f26c7994 + Revoked at: Tue Dec 03 22:29:45 UTC 2013 + Serial Number (hex): 57652fc7fe0d131d808dcf6c7a4a4de0 + Revoked at: Tue Dec 03 22:29:54 UTC 2013 + Serial Number (hex): 00b000da2eae878694aeb407b3fb878171 + Revoked at: Wed Dec 04 02:06:24 UTC 2013 + Serial Number (hex): 00c9d364f0817039ea5ab6318f918b82fb + Revoked at: Wed Dec 04 03:54:10 UTC 2013 + Serial Number (hex): 00e948ff40516cc55888d3ca9fce2f8e5e + Revoked at: Wed Dec 04 09:18:22 UTC 2013 + Serial Number (hex): 00c6bcf7415a9c682edd20390a1e837c5a + Revoked at: Wed Dec 04 11:18:49 UTC 2013 + Serial Number (hex): 00a76603215671a566068288b6dfb77a6f + Revoked at: Wed Dec 04 11:59:52 UTC 2013 + Serial Number (hex): 00f2caca90d90c33312d1318d7d58b17d7 + Revoked at: Wed Dec 04 14:33:38 UTC 2013 + Serial Number (hex): 112b301841f21bfa629d74aa8b78c12c + Revoked at: Wed Dec 04 14:39:38 UTC 2013 + Serial Number (hex): 00a22b562e4d30c5a5cc5ca6292c0c2c33 + Revoked at: Wed Dec 04 15:21:25 UTC 2013 + Serial Number (hex): 6fd9c9d73652a5a968b8b60e9e60b141 + Revoked at: Wed Dec 04 15:21:30 UTC 2013 + Serial Number (hex): 0082c9fa09ea1aa2ee03ac4783585df1da + Revoked at: Wed Dec 04 15:37:19 UTC 2013 + Serial Number (hex): 008b0cfd938e640236a8313bbbf35ec6e6 + Revoked at: Wed Dec 04 15:38:41 UTC 2013 + Serial Number (hex): 49f41ee632f4e01168f4c8997a89d921 + Revoked at: Wed Dec 04 15:48:00 UTC 2013 + Serial Number (hex): 7ecd01381a04a95012ccd7fca08cbe1c + Revoked at: Wed Dec 04 15:59:02 UTC 2013 + Serial Number (hex): 00b2ccd491f21a7807cdb44a7289383baf + Revoked at: Wed Dec 04 15:59:02 UTC 2013 + Serial Number (hex): 00c930b4a6e473d0c7d5551999cd6f79f0 + Revoked at: Wed Dec 04 16:04:17 UTC 2013 + Serial Number (hex): 00b9e6b0deb923db6877631c0260114d15 + Revoked at: Wed Dec 04 17:18:20 UTC 2013 + Serial Number (hex): 124f9d3222598d546d6f478470ea45fe + Revoked at: Wed Dec 04 19:46:09 UTC 2013 + Serial Number (hex): 75360f52cddfdeb58a5451c8bafeed6a + Revoked at: Wed Dec 04 19:51:14 UTC 2013 + Serial Number (hex): 269c121742db469548fd3e2ebc2a5f4c + Revoked at: Wed Dec 04 20:35:47 UTC 2013 + Serial Number (hex): 00aee798b0571094778d7d0966a9c4c6fa + Revoked at: Wed Dec 04 21:11:54 UTC 2013 + Serial Number (hex): 1b15288b4453c06c003f3c631658dba9 + Revoked at: Wed Dec 04 21:37:27 UTC 2013 + Serial Number (hex): 00a2e9c4d7c8302340818d75147947b6bf + Revoked at: Wed Dec 04 21:56:30 UTC 2013 + Serial Number (hex): 00d2579b9cdc5524f96049690e7a327f09 + Revoked at: Wed Dec 04 22:10:07 UTC 2013 + Serial Number (hex): 5fc2893aa085e7abfc4a0b5176e76dc6 + Revoked at: Thu Dec 05 09:16:48 UTC 2013 + Serial Number (hex): 770c0e1c1c45e9f83f79e1200a504192 + Revoked at: Thu Dec 05 12:35:59 UTC 2013 + Serial Number (hex): 2f3f2460739f00eccb8086a6c00e5eec + Revoked at: Thu Dec 05 13:45:53 UTC 2013 + Serial Number (hex): 075aed575964b83805e678bec8c61007 + Revoked at: Thu Dec 05 16:49:49 UTC 2013 + Serial Number (hex): 6ebedf9db7bebeffa8f84e8d88d73318 + Revoked at: Thu Dec 05 17:11:22 UTC 2013 + Serial Number (hex): 7b707ceb1422bf1a73594ebf469676f3 + Revoked at: Thu Dec 05 18:38:45 UTC 2013 + Serial Number (hex): 1653f75cbb5349fb50cc9777f895c5d2 + Revoked at: Thu Dec 05 18:39:58 UTC 2013 + Serial Number (hex): 50d5e000fd6ed1f363a0670b48f54e82 + Revoked at: Thu Dec 05 19:21:13 UTC 2013 + Serial Number (hex): 00fbba44db5d9ba746e5d1ccde6d83a21a + Revoked at: Thu Dec 05 19:41:43 UTC 2013 + Serial Number (hex): 0534c5a20636699f8d0d6b3867ddef21 + Revoked at: Thu Dec 05 20:25:03 UTC 2013 + Serial Number (hex): 3a73cc80df16471cb3bc121920ea1263 + Revoked at: Thu Dec 05 20:29:09 UTC 2013 + Serial Number (hex): 48dbc07b1d795f3e0207a8128092e066 + Revoked at: Thu Dec 05 20:57:05 UTC 2013 + Serial Number (hex): 54b635bcfe3ced7060da57185150025d + Revoked at: Thu Dec 05 21:24:44 UTC 2013 + Serial Number (hex): 00ae77d5b5b88ed99eca48d155fb981426 + Revoked at: Thu Dec 05 23:20:19 UTC 2013 + Serial Number (hex): 1ab22fcc7d6c7af6e4113f3d0c5e95ff + Revoked at: Fri Dec 06 02:13:06 UTC 2013 + Serial Number (hex): 00faf3cf4a51796404dbd869183a000ec2 + Revoked at: Fri Dec 06 08:18:20 UTC 2013 + Serial Number (hex): 00cd9b14e13d5ba4b4ffe0871b0846d308 + Revoked at: Fri Dec 06 12:54:33 UTC 2013 + Serial Number (hex): 00f1246f6d8969538bab200c636dd07eb6 + Revoked at: Fri Dec 06 13:47:22 UTC 2013 + Serial Number (hex): 00e2827bf35a7d70f6cd52ab5812dde70c + Revoked at: Fri Dec 06 14:37:48 UTC 2013 + Serial Number (hex): 00a3720bfc165295204b501c41583184f8 + Revoked at: Fri Dec 06 14:37:55 UTC 2013 + Serial Number (hex): 0549e47e1aff9a6520f1b1d61a0bb7d4 + Revoked at: Fri Dec 06 14:57:55 UTC 2013 + Serial Number (hex): 00b6f58844eb03d1724e9ec7a051651a6d + Revoked at: Fri Dec 06 15:06:28 UTC 2013 + Serial Number (hex): 4cfac71449a26c149fc0d4fa068b1212 + Revoked at: Fri Dec 06 15:26:02 UTC 2013 + Serial Number (hex): 15a2888be24b3ebe01cdfa3d5abba0d5 + Revoked at: Fri Dec 06 15:49:01 UTC 2013 + Serial Number (hex): 0081cca7f1b11d0669ea09794642453a5e + Revoked at: Fri Dec 06 16:31:38 UTC 2013 + Serial Number (hex): 00c9227b22a5a4f04524be3784e7e11f12 + Revoked at: Fri Dec 06 16:57:17 UTC 2013 + Serial Number (hex): 1c64385b21a4b6220c11ff527c1e6db0 + Revoked at: Fri Dec 06 18:11:16 UTC 2013 + Serial Number (hex): 0f3956544d189a58cb723df114638f6d + Revoked at: Fri Dec 06 19:07:53 UTC 2013 + Serial Number (hex): 27053797f132de5e98352f3d58c637b4 + Revoked at: Fri Dec 06 19:13:34 UTC 2013 + Serial Number (hex): 00f9cb2ea16d7c2c971092c0015e19a4c6 + Revoked at: Fri Dec 06 20:01:41 UTC 2013 + Serial Number (hex): 00f6b354f1772fee0277eff9a002dfbb88 + Revoked at: Fri Dec 06 20:11:03 UTC 2013 + Serial Number (hex): 240b527cdad190924de84256c3a835b4 + Revoked at: Fri Dec 06 21:01:16 UTC 2013 + Serial Number (hex): 4de272a23b1e8bfde6df10049ce57857 + Revoked at: Fri Dec 06 21:25:45 UTC 2013 + Serial Number (hex): 0081a84543c0996aeb60ee0dbb14418cb7 + Revoked at: Fri Dec 06 21:40:44 UTC 2013 + Serial Number (hex): 00bed144ea1c75d0871d51da81f6e1fc47 + Revoked at: Fri Dec 06 21:44:53 UTC 2013 + Serial Number (hex): 00ba14735ce234ec12e7c10f66aaac5e37 + Revoked at: Sat Dec 07 02:13:01 UTC 2013 + Serial Number (hex): 00f7746abbf8b1445e54021de84777e51b + Revoked at: Sat Dec 07 10:27:26 UTC 2013 + Serial Number (hex): 00f39c9a7c523d7fe6235311f6be136efd + Revoked at: Sat Dec 07 14:25:57 UTC 2013 + Serial Number (hex): 00d81bbf4c563c2d72bfeac2f0a74670e4 + Revoked at: Sun Dec 08 02:13:04 UTC 2013 + Serial Number (hex): 551e6dc529c5ff32a13b9114b53c05f0 + Revoked at: Sun Dec 08 02:13:04 UTC 2013 + Serial Number (hex): 00d5faf4cc1de00de6ddedab27acaa385b + Revoked at: Sun Dec 08 02:13:04 UTC 2013 + Serial Number (hex): 00df7cb900a173944988d33fe943120767 + Revoked at: Mon Dec 09 11:57:01 UTC 2013 + Serial Number (hex): 56b47de364c37fd08ff3bc8bc26c3420 + Revoked at: Mon Dec 09 12:29:47 UTC 2013 + Serial Number (hex): 0ad4142637417a3a51769205c31d8f96 + Revoked at: Mon Dec 09 14:55:01 UTC 2013 + Serial Number (hex): 5796b07a9173f37187d31331bd397a84 + Revoked at: Mon Dec 09 15:20:12 UTC 2013 + Serial Number (hex): 008330182f5a48b5abb332f413575e4bb9 + Revoked at: Mon Dec 09 15:49:50 UTC 2013 + Serial Number (hex): 45d80debaf7eaf1444d44892bda017f6 + Revoked at: Mon Dec 09 16:00:27 UTC 2013 + Serial Number (hex): 04fd377d75218fae81af11a8f17cd25b + Revoked at: Mon Dec 09 17:12:49 UTC 2013 + Serial Number (hex): 0099b8687033adb97a291f5a8d9ca8faeb + Revoked at: Mon Dec 09 17:35:22 UTC 2013 + Serial Number (hex): 0099f5f2e5aa8c4eaa7aad0fa1c0c3b321 + Revoked at: Mon Dec 09 17:54:49 UTC 2013 + Serial Number (hex): 32585f31e97904fc13219893b9e50826 + Revoked at: Mon Dec 09 17:55:08 UTC 2013 + Serial Number (hex): 08dbe1ab36422d61f7e6eaf2aed55481 + Revoked at: Mon Dec 09 18:23:35 UTC 2013 + Serial Number (hex): 0084eae743e96362ee27113c7ef0154415 + Revoked at: Mon Dec 09 18:54:20 UTC 2013 + Serial Number (hex): 4b9e583931ccec8023b856a0bed6a40b + Revoked at: Mon Dec 09 19:28:49 UTC 2013 + Serial Number (hex): 39e76a734b091dea2fd49adb00b3028e + Revoked at: Mon Dec 09 20:24:06 UTC 2013 + Serial Number (hex): 3aab8ccc412f8e8578da591f6d245745 + Revoked at: Mon Dec 09 23:07:08 UTC 2013 + Serial Number (hex): 00bd3380b4abe56ddbd2d9404df056d1ca + Revoked at: Tue Dec 10 12:28:30 UTC 2013 + Serial Number (hex): 00cb42fd9f07af0d4f2a007dd441201da9 + Revoked at: Tue Dec 10 12:28:47 UTC 2013 + Serial Number (hex): 44a0e984b61a3d8010c4beafae63186b + Revoked at: Tue Dec 10 13:20:36 UTC 2013 + Serial Number (hex): 00c301bb9e7ec9dd9d9e1d2b3f2d6e826c + Revoked at: Tue Dec 10 13:21:13 UTC 2013 + Serial Number (hex): 6a649d9fe0728646ad8d611dd9714c2b + Revoked at: Tue Dec 10 14:57:11 UTC 2013 + Serial Number (hex): 2d594cfd05b49a5093aa5817cbf36fd8 + Revoked at: Tue Dec 10 14:57:13 UTC 2013 + Serial Number (hex): 192f9bec41641b17887bbb95e5ac8cab + Revoked at: Tue Dec 10 14:57:16 UTC 2013 + Serial Number (hex): 00f59c4507ebc16a01c530a451d9e5b3a4 + Revoked at: Tue Dec 10 15:24:39 UTC 2013 + Serial Number (hex): 22c5df895c37971d78f67dc87226a109 + Revoked at: Tue Dec 10 16:01:02 UTC 2013 + Serial Number (hex): 00ab18d589882fed9f4739a18580f1b811 + Revoked at: Tue Dec 10 17:53:38 UTC 2013 + Serial Number (hex): 00b32581ad884a781a7ff01baeae5fa3e0 + Revoked at: Tue Dec 10 17:58:29 UTC 2013 + Serial Number (hex): 00e8a0e3b9c0b2610fd9db19f3615f8543 + Revoked at: Tue Dec 10 22:00:18 UTC 2013 + Serial Number (hex): 3724c631f5e89ff79047b9e074414713 + Revoked at: Tue Dec 10 22:40:27 UTC 2013 + Serial Number (hex): 009fa6942466bb4e17382ef103102f75b7 + Revoked at: Tue Dec 10 22:58:47 UTC 2013 + Serial Number (hex): 49872dab236ad96961acff1671a121f8 + Revoked at: Tue Dec 10 22:59:18 UTC 2013 + Serial Number (hex): 00d66171ab3ef3b7fbc2bfab15d6ea4a33 + Revoked at: Wed Dec 11 01:33:26 UTC 2013 + Serial Number (hex): 2531018f95c461be9d0feece0d9ca6d3 + Revoked at: Wed Dec 11 01:34:11 UTC 2013 + Serial Number (hex): 009fa270c8ec7cd9fd329329e4c027d8df + Revoked at: Wed Dec 11 01:34:34 UTC 2013 + Serial Number (hex): 00f3e76693a70749df6a746652144d6bb4 + Revoked at: Wed Dec 11 09:12:19 UTC 2013 + Serial Number (hex): 00ceeb689dc612abccd6aec0de53e719e6 + Revoked at: Wed Dec 11 09:29:00 UTC 2013 + Serial Number (hex): 00cf639ae317f517cc991217610cbb07ca + Revoked at: Wed Dec 11 12:54:31 UTC 2013 + Serial Number (hex): 2578ad47722bfea0c36bea5bdff89525 + Revoked at: Wed Dec 11 14:51:16 UTC 2013 + Serial Number (hex): 5b779ee1de62d3385d9dab90ac96a5a9 + Revoked at: Wed Dec 11 15:09:21 UTC 2013 + Serial Number (hex): 1bc9c1733d4d79a4111f700691220375 + Revoked at: Wed Dec 11 15:34:15 UTC 2013 + Serial Number (hex): 00953b8fd932db7b9b62b4bfc3b22d3ae7 + Revoked at: Wed Dec 11 17:59:44 UTC 2013 + Serial Number (hex): 00c953198590b060944fcda9b843bae9c4 + Revoked at: Wed Dec 11 18:41:45 UTC 2013 + Serial Number (hex): 08b111982d2a77c9453d7ac93ff058db + Revoked at: Wed Dec 11 18:43:10 UTC 2013 + Serial Number (hex): 46575745fef35954314ae6c071810005 + Revoked at: Wed Dec 11 18:59:21 UTC 2013 + Serial Number (hex): 00c5c51b0aed4e1efed06a6b38583db6fb + Revoked at: Wed Dec 11 19:07:15 UTC 2013 + Serial Number (hex): 561f6bc25d443a412251071bf35fbd13 + Revoked at: Wed Dec 11 19:18:42 UTC 2013 + Serial Number (hex): 77735f44c636e9da2fea744054e6b0aa + Revoked at: Wed Dec 11 19:19:15 UTC 2013 + Serial Number (hex): 3c2dadb813f0927850f5bd260083e296 + Revoked at: Wed Dec 11 19:22:03 UTC 2013 + Serial Number (hex): 008605b5554fda80c5cebffde14e0a9d62 + Revoked at: Wed Dec 11 20:06:44 UTC 2013 + Serial Number (hex): 0084c99824d57cb5676e7faffa0fe21f46 + Revoked at: Wed Dec 11 21:14:28 UTC 2013 + Serial Number (hex): 00dc1e401f587e826e7c45fce4019d0d24 + Revoked at: Wed Dec 11 21:33:02 UTC 2013 + Serial Number (hex): 11a85b5bff7e1889837b982f5466d40c + Revoked at: Wed Dec 11 21:36:19 UTC 2013 + Serial Number (hex): 08c01c4d7bb83ef939af7608cc97fe61 + Revoked at: Wed Dec 11 22:51:16 UTC 2013 + Serial Number (hex): 00eb3670bbad53c2507a8030e07962ee87 + Revoked at: Thu Dec 12 10:20:39 UTC 2013 + Serial Number (hex): 1cf88f1bc6300f458cba8e9da258d81d + Revoked at: Thu Dec 12 13:48:54 UTC 2013 + Serial Number (hex): 6926ac5571dcd1cd5e9d9823adf73d4b + Revoked at: Thu Dec 12 14:09:27 UTC 2013 + Serial Number (hex): 00a2e8122f87dd96453261a0b264cb8714 + Revoked at: Thu Dec 12 15:28:40 UTC 2013 + Serial Number (hex): 4a65bf48eaca42a9af7e44cfeed6cb3e + Revoked at: Thu Dec 12 15:56:04 UTC 2013 + Serial Number (hex): 00c93c62e5cc291cb81377eaa0dcaea403 + Revoked at: Thu Dec 12 15:56:31 UTC 2013 + Serial Number (hex): 2ad40136477f5850e5954d4948886ec3 + Revoked at: Thu Dec 12 15:56:44 UTC 2013 + Serial Number (hex): 00a376799e0ba3ce164cafe2cb34451eed + Revoked at: Thu Dec 12 15:58:06 UTC 2013 + Serial Number (hex): 00b865297bb0553111ff8f0d3b158fe8cb + Revoked at: Thu Dec 12 16:03:32 UTC 2013 + Serial Number (hex): 00920991058cb09de6182b3f8b4312e767 + Revoked at: Thu Dec 12 16:04:25 UTC 2013 + Serial Number (hex): 49e2cfc781932d7a91708a5f54898d0a + Revoked at: Thu Dec 12 16:04:52 UTC 2013 + Serial Number (hex): 00fe56b92bd68071393e77dd5ef00694b5 + Revoked at: Thu Dec 12 16:05:12 UTC 2013 + Serial Number (hex): 58e8abefc8487adfcd884ff16d459cb2 + Revoked at: Thu Dec 12 16:05:45 UTC 2013 + Serial Number (hex): 0b18417ca7685cb1d43fc715d84c6465 + Revoked at: Thu Dec 12 16:06:04 UTC 2013 + Serial Number (hex): 266934078f6d604f67fa903b15ec9de6 + Revoked at: Thu Dec 12 17:13:27 UTC 2013 + Serial Number (hex): 00e089f2aba66f0d3a3369d6120c4be05f + Revoked at: Thu Dec 12 17:13:29 UTC 2013 + Serial Number (hex): 409f9971c95a9d4c079cd9ae6fd0b1c0 + Revoked at: Thu Dec 12 17:13:31 UTC 2013 + Serial Number (hex): 2313aa872cec5adaf846c86b321ced49 + Revoked at: Thu Dec 12 17:27:45 UTC 2013 + Serial Number (hex): 009c42acd81f600ba77ae1fd25ac492225 + Revoked at: Thu Dec 12 17:53:50 UTC 2013 + Serial Number (hex): 7f6452ffa3e3405497935591cd26b0ac + Revoked at: Thu Dec 12 18:49:56 UTC 2013 + Serial Number (hex): 6d132f6167d4581f4845ab572d2036b8 + Revoked at: Thu Dec 12 19:29:32 UTC 2013 + Serial Number (hex): 00e0b624ecbbaa9f53ba4bda49303a40d4 + Revoked at: Thu Dec 12 19:34:57 UTC 2013 + Serial Number (hex): 72ab5c38ca87d6e1c2a1cf6431679525 + Revoked at: Thu Dec 12 20:50:08 UTC 2013 + Serial Number (hex): 759ca36c7aca7ae4b64f5175a6adc224 + Revoked at: Thu Dec 12 21:18:08 UTC 2013 + Serial Number (hex): 3075d61815f2295bfcd3795bb5e95736 + Revoked at: Thu Dec 12 21:18:51 UTC 2013 + Serial Number (hex): 00fbf7eea83497e35b9e4a0aea649f8742 + Revoked at: Thu Dec 12 21:19:36 UTC 2013 + Serial Number (hex): 009b26d05c4f82e5d59a7d017a48357d72 + Revoked at: Thu Dec 12 21:22:34 UTC 2013 + Serial Number (hex): 00f0f308b8abc081484ee74330dde9d854 + Revoked at: Fri Dec 13 09:07:47 UTC 2013 + Serial Number (hex): 6f6b640107a16d8665b4cd3cfb391efe + Revoked at: Fri Dec 13 11:22:00 UTC 2013 + Serial Number (hex): 0af1e44484862fe456ad7de637c53e13 + Revoked at: Fri Dec 13 11:22:36 UTC 2013 + Serial Number (hex): 00b9030e36fa8b83a1a99ab04c0d78165f + Revoked at: Fri Dec 13 11:40:57 UTC 2013 + Serial Number (hex): 0085b63d70fbd4746140e22d350c57aa04 + Revoked at: Fri Dec 13 11:41:04 UTC 2013 + Serial Number (hex): 3065ae2b097691648571832d90e06698 + Revoked at: Fri Dec 13 11:41:32 UTC 2013 + Serial Number (hex): 24db1eb058747e420358d3fe73002c44 + Revoked at: Fri Dec 13 11:41:39 UTC 2013 + Serial Number (hex): 7a4eae3fe8595a928881a630ccf88d79 + Revoked at: Fri Dec 13 11:44:20 UTC 2013 + Serial Number (hex): 63116df3d1e8cdc937613b436dbc5e83 + Revoked at: Fri Dec 13 14:52:27 UTC 2013 + Serial Number (hex): 00d935c3f99cf726dc8d0a442d1f1d277d + Revoked at: Fri Dec 13 14:52:52 UTC 2013 + Serial Number (hex): 36a2f7492c5490c525bfc5b3fffdf787 + Revoked at: Fri Dec 13 15:03:05 UTC 2013 + Serial Number (hex): 00e333e864f5452e84daddcc3bf3582cab + Revoked at: Fri Dec 13 15:03:28 UTC 2013 + Serial Number (hex): 19d91b1a7a0c4aef872d8fadc480a2bd + Revoked at: Fri Dec 13 15:03:49 UTC 2013 + Serial Number (hex): 00b1b6a2b651acf90a02cdd1006f9e372d + Revoked at: Fri Dec 13 15:05:54 UTC 2013 + Serial Number (hex): 3c91c3fb001906930a34c1a6faef7e67 + Revoked at: Fri Dec 13 15:06:42 UTC 2013 + Serial Number (hex): 00ce7836b63b66539832f3c11e30295f9f + Revoked at: Fri Dec 13 15:07:07 UTC 2013 + Serial Number (hex): 00a8ed1d67cf68cffd7ce696007f282459 + Revoked at: Fri Dec 13 15:07:13 UTC 2013 + Serial Number (hex): 26e6ecd22b7c6ac5d596fe109fb3918f + Revoked at: Fri Dec 13 15:07:33 UTC 2013 + Serial Number (hex): 00eb34ce43da11e5cd19d9f06003291481 + Revoked at: Fri Dec 13 15:08:14 UTC 2013 + Serial Number (hex): 0d7a05c9c6f656b493973a9d988adf05 + Revoked at: Fri Dec 13 15:44:42 UTC 2013 + Serial Number (hex): 00c33698f10ef56223f3997539facd1016 + Revoked at: Fri Dec 13 15:46:37 UTC 2013 + Serial Number (hex): 641af91eee4c481766e02926b53d2a93 + Revoked at: Fri Dec 13 16:27:10 UTC 2013 + Serial Number (hex): 1cb86c05fb8171326a4aa283254c483d + Revoked at: Fri Dec 13 16:35:56 UTC 2013 + Serial Number (hex): 354d233c20bb00e976bd34f1660c21f1 + Revoked at: Fri Dec 13 17:24:56 UTC 2013 + Serial Number (hex): 00b3264b4c4f010213ddabfdd814669f49 + Revoked at: Fri Dec 13 17:29:06 UTC 2013 + Serial Number (hex): 00bac229270eacbe0c693687756d51fc79 + Revoked at: Fri Dec 13 17:34:22 UTC 2013 + Serial Number (hex): 0088f609713f5c1e36fb430b4f0d8fc5ec + Revoked at: Fri Dec 13 18:20:25 UTC 2013 + Serial Number (hex): 552272d29fda5fd5b3db6b9cfa2c4781 + Revoked at: Fri Dec 13 18:20:50 UTC 2013 + Serial Number (hex): 009583be86eec2d86a7090de85df50076c + Revoked at: Fri Dec 13 18:55:05 UTC 2013 + Serial Number (hex): 3cd4abc380d10c56cffdb2192d06fda8 + Revoked at: Fri Dec 13 19:23:39 UTC 2013 + Serial Number (hex): 00c3a08a470aab986b6499231ebd74750a + Revoked at: Fri Dec 13 19:54:39 UTC 2013 + Serial Number (hex): 41b4414459b1d6e6c36a422871b7799d + Revoked at: Fri Dec 13 20:08:26 UTC 2013 + Serial Number (hex): 6ba87bfa3ac39b89a2dedcc3f5696d1b + Revoked at: Fri Dec 13 20:15:55 UTC 2013 + Serial Number (hex): 0af4f17cac68b430c2ae4d9cffa09ffd + Revoked at: Fri Dec 13 20:46:20 UTC 2013 + Serial Number (hex): 00e1de6c3d319c0d0256f076ac0e2121db + Revoked at: Fri Dec 13 20:46:30 UTC 2013 + Serial Number (hex): 51f3022c513cc91be2a80dbc9f6144fc + Revoked at: Sat Dec 14 02:13:04 UTC 2013 + Serial Number (hex): 00bb51609e3f373a31633423796c278a36 + Revoked at: Sat Dec 14 17:48:09 UTC 2013 + Serial Number (hex): 58a3d8088ccfd703d31d6c2de74f6b82 + Revoked at: Sun Dec 15 02:13:04 UTC 2013 + Serial Number (hex): 20180fe1aa9a1e1763dd1b3fd304a415 + Revoked at: Mon Dec 16 04:49:12 UTC 2013 + Serial Number (hex): 008b0b890d2742d42f5111465d54796bfa + Revoked at: Mon Dec 16 08:00:27 UTC 2013 + Serial Number (hex): 7d32bf85065736aac515bde9bbfc713d + Revoked at: Mon Dec 16 08:09:51 UTC 2013 + Serial Number (hex): 57cb47e20de9276d4f259f699144bbc7 + Revoked at: Mon Dec 16 08:09:57 UTC 2013 + Serial Number (hex): 24befb48c004e320a9fbf1d189452178 + Revoked at: Mon Dec 16 09:26:17 UTC 2013 + Serial Number (hex): 78244ebf615c32bc4b7160bd1e7c2f9f + Revoked at: Mon Dec 16 12:16:51 UTC 2013 + Serial Number (hex): 00abb9ed2d030e1142b2d60f34daee6d33 + Revoked at: Mon Dec 16 14:40:26 UTC 2013 + Serial Number (hex): 4412594004c157a6557ad0e35c6a519d + Revoked at: Mon Dec 16 14:48:16 UTC 2013 + Serial Number (hex): 00ba20b5f29cb6be9f016718e1e55f0e0d + Revoked at: Mon Dec 16 15:23:09 UTC 2013 + Serial Number (hex): 00d78821b328c4bc067644fe1ea86fc9ef + Revoked at: Mon Dec 16 16:09:07 UTC 2013 + Serial Number (hex): 6c94f89bcaf9ffc2566a67c6a836ddfb + Revoked at: Mon Dec 16 16:09:10 UTC 2013 + Serial Number (hex): 00a96ec76ba70bc91d7518f57366bb06e6 + Revoked at: Mon Dec 16 17:58:49 UTC 2013 + Serial Number (hex): 009d5ce2d1033e78e7e64d4e722dcc9466 + Revoked at: Mon Dec 16 18:32:04 UTC 2013 + Serial Number (hex): 34566b25ba447e02247e4cfbccfde02f + Revoked at: Mon Dec 16 18:41:45 UTC 2013 + Serial Number (hex): 1743e635f264be4ee252c9ee0bc47d16 + Revoked at: Mon Dec 16 19:13:41 UTC 2013 + Serial Number (hex): 00b5ddff9da547960e9b2d9c39d1236d54 + Revoked at: Mon Dec 16 20:18:12 UTC 2013 + Serial Number (hex): 3c8a48290732a3ff85b3e857f5175ba8 + Revoked at: Mon Dec 16 21:05:15 UTC 2013 + Serial Number (hex): 07e665dec010921db4259c43932384a7 + Revoked at: Mon Dec 16 21:15:23 UTC 2013 + Serial Number (hex): 396d6c2fcd84832e92f1ada8d762ab48 + Revoked at: Mon Dec 16 21:40:29 UTC 2013 + Serial Number (hex): 00ff6c40c50ed08a0f64956d955564898b + Revoked at: Mon Dec 16 22:29:36 UTC 2013 + Serial Number (hex): 00c7e7472e833a959c7f4e8d092e7221b3 + Revoked at: Tue Dec 17 02:13:07 UTC 2013 + Serial Number (hex): 193f6dc61a1d15ce956bb1c2e09bac84 + Revoked at: Tue Dec 17 06:50:09 UTC 2013 + Serial Number (hex): 3bda87b5616352b9ac81130856d82655 + Revoked at: Tue Dec 17 07:35:42 UTC 2013 + Serial Number (hex): 00c9b6f8122891beb3e9df4fd775e3a2c9 + Revoked at: Tue Dec 17 08:54:49 UTC 2013 + Serial Number (hex): 04c93904c092ae9feaefd652cdf26af2 + Revoked at: Tue Dec 17 14:46:27 UTC 2013 + Serial Number (hex): 00e78105bf75a347c68adca41c9bf32586 + Revoked at: Tue Dec 17 14:47:29 UTC 2013 + Serial Number (hex): 009bade3e6ad13bd62dba7d3c8a4523de3 + Revoked at: Tue Dec 17 14:47:37 UTC 2013 + Serial Number (hex): 008c61b11e30f650ec8c3fde9820ceba43 + Revoked at: Tue Dec 17 15:29:53 UTC 2013 + Serial Number (hex): 4d190be4d790b861e0595a7badbfd078 + Revoked at: Tue Dec 17 15:34:16 UTC 2013 + Serial Number (hex): 406c3ed19d20eae481055cde2ddf8e + Revoked at: Tue Dec 17 15:39:17 UTC 2013 + Serial Number (hex): 774c6359dab671f4305786a3acd41810 + Revoked at: Tue Dec 17 15:40:12 UTC 2013 + Serial Number (hex): 19c3004db2de7e436ce1db2a1cccae43 + Revoked at: Tue Dec 17 15:40:15 UTC 2013 + Serial Number (hex): 00cdefa624ab07685be0c15157e8a6d267 + Revoked at: Tue Dec 17 15:40:36 UTC 2013 + Serial Number (hex): 483514858d74b18af74ef6ceb6cb13c6 + Revoked at: Tue Dec 17 16:28:44 UTC 2013 + Serial Number (hex): 00a54ce1910b763a2ce68885feaedf1475 + Revoked at: Tue Dec 17 17:08:53 UTC 2013 + Serial Number (hex): 00d6e1aed82e09ac2840439d5330bfb46d + Revoked at: Tue Dec 17 17:09:17 UTC 2013 + Serial Number (hex): 58b87966f0bc33ab5fffedef982b33f4 + Revoked at: Tue Dec 17 17:43:58 UTC 2013 + Serial Number (hex): 008d67fc51bfdf0d8f3c4eec5ce8237d98 + Revoked at: Tue Dec 17 20:15:54 UTC 2013 + Serial Number (hex): 00a8a9682a06600f7b3221aad583adc122 + Revoked at: Tue Dec 17 20:16:54 UTC 2013 + Serial Number (hex): 71b81cb2325fe0668ec180e096dd4b96 + Revoked at: Tue Dec 17 20:30:33 UTC 2013 + Serial Number (hex): 14459b951b09279c2e93ac517ab849c4 + Revoked at: Tue Dec 17 20:57:45 UTC 2013 + Serial Number (hex): 009d1867f1bbb921dda29c9a59bb84013d + Revoked at: Tue Dec 17 21:44:01 UTC 2013 + Serial Number (hex): 00f4e8bf2c256b1f506f5ebcf196ea35cd + Revoked at: Tue Dec 17 21:52:41 UTC 2013 + Serial Number (hex): 15ab63e9680be0bf5a08cc239e7b0b3d + Revoked at: Tue Dec 17 21:53:00 UTC 2013 + Serial Number (hex): 00fdb36165caf2e431288ddc907554e949 + Revoked at: Tue Dec 17 22:09:10 UTC 2013 + Serial Number (hex): 00ab7e215f014a131611815e158285ba6b + Revoked at: Tue Dec 17 22:34:47 UTC 2013 + Serial Number (hex): 55e6261df062d8615b12816d47b7b5e4 + Revoked at: Tue Dec 17 23:14:43 UTC 2013 + Serial Number (hex): 245c777c5738ff510c63ebb78bb2334a + Revoked at: Tue Dec 17 23:17:17 UTC 2013 + Serial Number (hex): 00d093ac432d20e47942b932dc4623980f + Revoked at: Wed Dec 18 00:15:31 UTC 2013 + Serial Number (hex): 2ef0720b4b3b6d1e30d2fcf6fd8c5dee + Revoked at: Wed Dec 18 10:21:39 UTC 2013 + Serial Number (hex): 5977dae80c80cb3215d228e415d5d241 + Revoked at: Wed Dec 18 11:48:33 UTC 2013 + Serial Number (hex): 00b0adf24ccbba0f90effa88bf251217f3 + Revoked at: Wed Dec 18 15:10:52 UTC 2013 + Serial Number (hex): 70086a0aceb9a08f7a7323b6797bdeb2 + Revoked at: Wed Dec 18 15:20:39 UTC 2013 + Serial Number (hex): 263883dfc0fa80f353fbf8fa7c1121c5 + Revoked at: Wed Dec 18 17:04:54 UTC 2013 + Serial Number (hex): 00a14682249078541bb4102219166ae99b + Revoked at: Wed Dec 18 17:06:49 UTC 2013 + Serial Number (hex): 7da76b1fcd4c8b75007c898b77f9f5c8 + Revoked at: Wed Dec 18 17:07:43 UTC 2013 + Serial Number (hex): 5ebc45c82e20acd10d5cbe7dfa77902d + Revoked at: Wed Dec 18 19:55:06 UTC 2013 + Serial Number (hex): 009cc485529ce494372e09c13fc26be8c9 + Revoked at: Wed Dec 18 19:55:16 UTC 2013 + Serial Number (hex): 09689891c85b2fabf6e9ebcfdfa493cc + Revoked at: Wed Dec 18 19:55:31 UTC 2013 + Serial Number (hex): 00b4e639f8acbff9344604a5142010b484 + Revoked at: Wed Dec 18 20:13:55 UTC 2013 + Serial Number (hex): 00ea0e65d35c77a8e46e8120c058fe26d7 + Revoked at: Wed Dec 18 20:14:00 UTC 2013 + Serial Number (hex): 0091df2e8c5bd7f8675b927d6ada7e0575 + Revoked at: Wed Dec 18 20:50:27 UTC 2013 + Serial Number (hex): 26e270f1615d9ec9bd240e1f99193de0 + Revoked at: Wed Dec 18 20:52:21 UTC 2013 + Serial Number (hex): 49c287474340667c751e9db6982a93fe + Revoked at: Wed Dec 18 21:05:31 UTC 2013 + Serial Number (hex): 0098342fe9476df441a2b7f46996d42082 + Revoked at: Wed Dec 18 21:12:06 UTC 2013 + Serial Number (hex): 0ec8cd30683500cd8779a213ad3acc0a + Revoked at: Wed Dec 18 21:14:38 UTC 2013 + Serial Number (hex): 00ac8ffdd84693b936109fb402fa6cdb15 + Revoked at: Wed Dec 18 21:14:48 UTC 2013 + Serial Number (hex): 00cbab1c893d133a47d3db84b522d890e3 + Revoked at: Wed Dec 18 21:15:32 UTC 2013 + Serial Number (hex): 645e015aaa5afa2f60b7e85dbf50a48b + Revoked at: Wed Dec 18 21:19:46 UTC 2013 + Serial Number (hex): 00bd33d4bcd2d067a6b8d4ba77041dadce + Revoked at: Wed Dec 18 21:44:45 UTC 2013 + Serial Number (hex): 0086bb927951414e8fb3a000319f0a1efc + Revoked at: Wed Dec 18 21:47:18 UTC 2013 + Serial Number (hex): 00b1b6ee98bb636df90fc51650f664d2f9 + Revoked at: Wed Dec 18 21:47:21 UTC 2013 + Serial Number (hex): 4c000767df257c4c760e80c3f8929fce + Revoked at: Thu Dec 19 06:47:12 UTC 2013 + Serial Number (hex): 008ccb9a19620668341964f9282f5a5732 + Revoked at: Thu Dec 19 06:47:23 UTC 2013 + Serial Number (hex): 00cc7bc0c57bbbb0db7de51267c7661cde + Revoked at: Thu Dec 19 10:56:57 UTC 2013 + Serial Number (hex): 00d9f873f8c3ced70e93da2c67b1322f2e + Revoked at: Thu Dec 19 15:07:03 UTC 2013 + Serial Number (hex): 00cee53cf94570957303de7aa4e10dd31d + Revoked at: Thu Dec 19 17:19:14 UTC 2013 + Serial Number (hex): 009f187632fc578112b138a6df897888b7 + Revoked at: Thu Dec 19 18:01:12 UTC 2013 + Serial Number (hex): 00b199fdfd17e6a43d76aede7f810480ae + Revoked at: Thu Dec 19 18:11:02 UTC 2013 + Serial Number (hex): 00bf83bcf22110ecdf9a835aa1361acbf8 + Revoked at: Thu Dec 19 19:32:23 UTC 2013 + Serial Number (hex): 00831062133979c2398546c4f62af44699 + Revoked at: Thu Dec 19 19:56:32 UTC 2013 + Serial Number (hex): 281e0ca8c8b2811c3b880c97bb9ad116 + Revoked at: Thu Dec 19 20:27:00 UTC 2013 + Serial Number (hex): 57e61ce5b1cd3c87729b75c9454dfcec + Revoked at: Thu Dec 19 20:33:59 UTC 2013 + Serial Number (hex): 13f64f250795544684e86c5c62c03970 + Revoked at: Thu Dec 19 21:08:50 UTC 2013 + Serial Number (hex): 247a84f15f717294fbf26ce4843f3088 + Revoked at: Thu Dec 19 21:22:42 UTC 2013 + Serial Number (hex): 1a8fd28e17556b6f0d5bee23a8a8eaff + Revoked at: Fri Dec 20 01:25:59 UTC 2013 + Serial Number (hex): 46a46fba126a56e4dc30dcea89743059 + Revoked at: Fri Dec 20 13:50:33 UTC 2013 + Serial Number (hex): 00fc9a5411e943f364ebbce6d3bbb2820b + Revoked at: Fri Dec 20 14:26:45 UTC 2013 + Serial Number (hex): 009012c61d4d7ba7fba6fc8e1dad1bd50a + Revoked at: Fri Dec 20 14:27:03 UTC 2013 + Serial Number (hex): 44f4b4fd372519106165fe2c2c8842e3 + Revoked at: Fri Dec 20 17:01:13 UTC 2013 + Serial Number (hex): 4ec7e117deeb7685f3e57c97cb862aa4 + Revoked at: Fri Dec 20 20:17:51 UTC 2013 + Serial Number (hex): 28760e639e035bc741cc281dd285addb + Revoked at: Fri Dec 20 21:29:22 UTC 2013 + Serial Number (hex): 2ed5ca58ffcfa055f6e92d3748b5dde2 + Revoked at: Fri Dec 20 21:50:08 UTC 2013 + Serial Number (hex): 00eabb38e96e6ab37f5d48cf0121c8ac2e + Revoked at: Fri Dec 20 21:51:14 UTC 2013 + Serial Number (hex): 00c53a665c60985083384e17621d04fd10 + Revoked at: Fri Dec 20 21:52:20 UTC 2013 + Serial Number (hex): 00f7dc188a04469d1b20b564be42bb8c34 + Revoked at: Fri Dec 20 21:54:01 UTC 2013 + Serial Number (hex): 612f96ed62ce3a17a6990198f9cb4b4e + Revoked at: Fri Dec 20 21:54:13 UTC 2013 + Serial Number (hex): 00a1f8f3f6d299cb157c9e578ec374ac9a + Revoked at: Fri Dec 20 21:58:12 UTC 2013 + Serial Number (hex): 5f327e647ae70e75648e9f3ff39229e9 + Revoked at: Fri Dec 20 21:58:30 UTC 2013 + Serial Number (hex): 73a638038eb9712954fcc3e42886a7c7 + Revoked at: Fri Dec 20 21:59:17 UTC 2013 + Serial Number (hex): 00a9b213fb93d8e6e22d8bd2c1a4b4abcf + Revoked at: Fri Dec 20 21:59:31 UTC 2013 + Serial Number (hex): 41294074191d46056859053b0adb3f5c + Revoked at: Sat Dec 21 09:49:33 UTC 2013 + Serial Number (hex): 00a9221d2b89d3be503ccbdca13ac70882 + Revoked at: Sun Dec 22 15:55:03 UTC 2013 + Serial Number (hex): 00a8e3d887ac55e6dcd8087b26b3693aa8 + Revoked at: Mon Dec 23 08:51:07 UTC 2013 + Serial Number (hex): 04cac30b6e9e9282c2818ec41ad0be01 + Revoked at: Mon Dec 23 13:45:04 UTC 2013 + Serial Number (hex): 66fe33e9343c0c3b493e1ccc381770ac + Revoked at: Mon Dec 23 14:30:50 UTC 2013 + Serial Number (hex): 00edc4caf895a29c6e552db2a76f11f654 + Revoked at: Mon Dec 23 14:34:26 UTC 2013 + Serial Number (hex): 6a8d19bb6f6a80142051bd274d6fa526 + Revoked at: Mon Dec 23 14:41:52 UTC 2013 + Serial Number (hex): 37aeaebe985daeea0930ba70167d7eaf + Revoked at: Mon Dec 23 14:42:50 UTC 2013 + Serial Number (hex): 00acbba2bce04b172039d5fafe1e9aa104 + Revoked at: Mon Dec 23 14:53:20 UTC 2013 + Serial Number (hex): 00b89e8dae701b64f7614eeaac671741ca + Revoked at: Mon Dec 23 14:54:58 UTC 2013 + Serial Number (hex): 00d655b1180d947d47a55f949391964f27 + Revoked at: Mon Dec 23 14:55:31 UTC 2013 + Serial Number (hex): 14c89a17b0c9c58b105b61782e092f2e + Revoked at: Mon Dec 23 14:57:27 UTC 2013 + Serial Number (hex): 0099db3be96d6c4472566aa3c4018aef8c + Revoked at: Mon Dec 23 15:01:32 UTC 2013 + Serial Number (hex): 00a4b5be08f24ad292a5c6734151dcacaf + Revoked at: Mon Dec 23 15:04:12 UTC 2013 + Serial Number (hex): 00c51c237956f919183192043732483a5e + Revoked at: Mon Dec 23 15:05:22 UTC 2013 + Serial Number (hex): 02e20e426615b77adbab319c3e357c53 + Revoked at: Mon Dec 23 15:05:41 UTC 2013 + Serial Number (hex): 00df428fddd9db784439c2deaea367e8cd + Revoked at: Mon Dec 23 15:05:54 UTC 2013 + Serial Number (hex): 00f25685d340a2243bdcde5aa5267bf6a4 + Revoked at: Mon Dec 23 15:06:01 UTC 2013 + Serial Number (hex): 580cf27594a5abfcf94263bba19dd886 + Revoked at: Mon Dec 23 15:07:42 UTC 2013 + Serial Number (hex): 00e2cd50c45d25eed317c24cf7df3a3f08 + Revoked at: Mon Dec 23 15:08:35 UTC 2013 + Serial Number (hex): 381e24a5edfd998caed5e9d0c611cf0c + Revoked at: Mon Dec 23 15:08:39 UTC 2013 + Serial Number (hex): 4473828d2476276f98bd7fa07abd3bef + Revoked at: Mon Dec 23 15:08:42 UTC 2013 + Serial Number (hex): 024525062ce65db0f49a1e8f7890236d + Revoked at: Mon Dec 23 15:14:23 UTC 2013 + Serial Number (hex): 00da93257c26a0286e77dc06289108419f + Revoked at: Mon Dec 23 15:14:41 UTC 2013 + Serial Number (hex): 00eb25f73338f9d3c2bc7d68ee39debcbb + Revoked at: Mon Dec 23 15:27:04 UTC 2013 + Serial Number (hex): 00dea39f9405803da19a84fac911e23680 + Revoked at: Mon Dec 23 15:27:07 UTC 2013 + Serial Number (hex): 009cd115846851d1d91f9ad0468950dd6b + Revoked at: Mon Dec 23 15:27:24 UTC 2013 + Serial Number (hex): 00d1ef8f35c327c6269d445e2868c59b9d + Revoked at: Mon Dec 23 15:27:29 UTC 2013 + Serial Number (hex): 00e9e5996267e2f63bce766038f13b65f1 + Revoked at: Mon Dec 23 15:27:45 UTC 2013 + Serial Number (hex): 008bc362a50b87f6f4c6b129c1c96962 + Revoked at: Mon Dec 23 15:27:49 UTC 2013 + Serial Number (hex): 00a206c2e7a219289b5480c551ec1f4d56 + Revoked at: Mon Dec 23 15:57:44 UTC 2013 + Serial Number (hex): 0082e7e530ee73dbb8b5aa4345580e3fe0 + Revoked at: Mon Dec 23 16:08:19 UTC 2013 + Serial Number (hex): 34c759985fc69bb461fc650e6a70373d + Revoked at: Mon Dec 23 18:52:52 UTC 2013 + Serial Number (hex): 00c27abe606e3514cc9340923bf43ffb71 + Revoked at: Tue Dec 24 15:48:47 UTC 2013 + Serial Number (hex): 00bb5ed6dbd14d323f8ed75ad75cf14ee8 + Revoked at: Tue Dec 24 19:16:51 UTC 2013 + Serial Number (hex): 3a5847ef07ac054b7e10b68c00af5061 + Revoked at: Tue Dec 24 19:31:20 UTC 2013 + Serial Number (hex): 00a7de6ba82252d6d52353d2453b9ee1d0 + Revoked at: Wed Dec 25 00:47:31 UTC 2013 + Serial Number (hex): 00c16651004ae04b285259d77cc11ccd5b + Revoked at: Thu Dec 26 14:44:04 UTC 2013 + Serial Number (hex): 00a50b8e668360d655c83c7411b9046b72 + Revoked at: Thu Dec 26 23:48:56 UTC 2013 + Serial Number (hex): 3f8f97da0ac65639b12403d21ac1828f + Revoked at: Fri Dec 27 13:55:48 UTC 2013 + Serial Number (hex): 00a05648af71dc3b78e05f70a02a1e92b1 + Revoked at: Fri Dec 27 14:26:41 UTC 2013 + Serial Number (hex): 00c5209e35cdeb5f36f3cba8f7a971309b + Revoked at: Fri Dec 27 14:31:01 UTC 2013 + Serial Number (hex): 5bdc2a84492342683bc0c8b91e741aa8 + Revoked at: Fri Dec 27 20:57:30 UTC 2013 + Serial Number (hex): 5feac3d0561630934a8cbd5a1a8746bd + Revoked at: Fri Dec 27 21:02:30 UTC 2013 + Serial Number (hex): 00d107e786278aa7fe719064cefc41e965 + Revoked at: Fri Dec 27 21:28:33 UTC 2013 + Serial Number (hex): 00cd47bb340bd23e055575569ee297331d + Revoked at: Mon Dec 30 08:20:04 UTC 2013 + Serial Number (hex): 6b27989b7024cf9fd6e4de9dbe927dbf + Revoked at: Mon Dec 30 14:51:07 UTC 2013 + Serial Number (hex): 00b9cba7bbba9babda73ea51a201d7486a + Revoked at: Mon Dec 30 15:20:40 UTC 2013 + Serial Number (hex): 231c92d95b4ec1a4eb849cc6fa2db53a + Revoked at: Mon Dec 30 15:57:41 UTC 2013 + Serial Number (hex): 6ed0c59b40163d2d7d5378486de16772 + Revoked at: Mon Dec 30 16:04:56 UTC 2013 + Serial Number (hex): 00a4f0fcd6bc4f7ae8aa763512cb205f32 + Revoked at: Mon Dec 30 16:10:28 UTC 2013 + Serial Number (hex): 00da56341fc80e87124e47bc3fd83711e5 + Revoked at: Mon Dec 30 16:17:08 UTC 2013 + Serial Number (hex): 00fdeccd9949a7bdab488da1f98b314eb5 + Revoked at: Mon Dec 30 21:28:27 UTC 2013 + Serial Number (hex): 11de0784ec0e6876187e26ec8027375e + Revoked at: Mon Dec 30 21:29:01 UTC 2013 + Serial Number (hex): 00d64e152cae2928f57da0338ac9616f6c + Revoked at: Mon Dec 30 21:29:27 UTC 2013 + Serial Number (hex): 486ac9e0cfa1daa4b3b606e2748563de + Revoked at: Mon Dec 30 21:30:02 UTC 2013 + Serial Number (hex): 422d9366f78fd10c22ba706fad26880f + Revoked at: Mon Dec 30 21:44:42 UTC 2013 + Serial Number (hex): 7a68a49a00dc8cc58fbd1a10c8b5ea2c + Revoked at: Mon Dec 30 21:44:48 UTC 2013 + Serial Number (hex): 009f341dd59b1b4c276acd2be70a32953c + Revoked at: Tue Dec 31 08:46:31 UTC 2013 + Serial Number (hex): 293bfcccf264816fbcd17cbc2966cc49 + Revoked at: Tue Dec 31 11:20:54 UTC 2013 + Serial Number (hex): 00e000d50726130fb0cd562ffa20f541f9 + Revoked at: Tue Dec 31 15:22:03 UTC 2013 + Serial Number (hex): 00910f4c26d43f373b4ad8c8836e30f101 + Revoked at: Tue Dec 31 17:18:43 UTC 2013 + Serial Number (hex): 1744c3018a2bcec128d060dd44f173aa + Revoked at: Tue Dec 31 22:54:11 UTC 2013 + Serial Number (hex): 0ece15be4b81baff932fa17f68746e0a + Revoked at: Thu Jan 02 09:19:57 UTC 2014 + Serial Number (hex): 555b7936a43d8f7660e8a26b0c11524f + Revoked at: Thu Jan 02 13:46:01 UTC 2014 + Serial Number (hex): 00c946074b61d13c8d1689a69e12c4def0 + Revoked at: Thu Jan 02 14:16:02 UTC 2014 + Serial Number (hex): 55e41c094f3db84a96ca726fa3186312 + Revoked at: Thu Jan 02 14:23:48 UTC 2014 + Serial Number (hex): 00c7cbc4ac417db9f06c54cb734a2c2a5d + Revoked at: Thu Jan 02 15:27:51 UTC 2014 + Serial Number (hex): 00809a3cb2efef5bb37f5ea4ec6b4c796f + Revoked at: Thu Jan 02 16:21:40 UTC 2014 + Serial Number (hex): 78423d9892d1976bb3771a14363f2151 + Revoked at: Thu Jan 02 16:21:43 UTC 2014 + Serial Number (hex): 00cea996051e00d71e34c814feba6ea938 + Revoked at: Thu Jan 02 16:22:08 UTC 2014 + Serial Number (hex): 47130337e1a79bc8b4b4358aa427c155 + Revoked at: Thu Jan 02 16:37:32 UTC 2014 + Serial Number (hex): 53b85b5ad9feeff835072318de674721 + Revoked at: Thu Jan 02 16:58:44 UTC 2014 + Serial Number (hex): 00b577c009aac6fb1057cc659d46e82f72 + Revoked at: Thu Jan 02 17:19:34 UTC 2014 + Serial Number (hex): 62d18f754f1a99eccbc04c8d5526ec43 + Revoked at: Thu Jan 02 18:07:26 UTC 2014 + Serial Number (hex): 21c2ed4d51b0077bcd7d8d116779af01 + Revoked at: Thu Jan 02 18:08:01 UTC 2014 + Serial Number (hex): 00902d55756d3e645ea6dea8bdcb3c2cf6 + Revoked at: Thu Jan 02 18:08:49 UTC 2014 + Serial Number (hex): 180914ec797b6bab351e2f89b4a38031 + Revoked at: Thu Jan 02 18:47:11 UTC 2014 + Serial Number (hex): 00b1576b335bfa349e4983ed510b61b8a1 + Revoked at: Thu Jan 02 19:30:34 UTC 2014 + Serial Number (hex): 00fcf9d0cced76f80b2484e6c8d6452b11 + Revoked at: Thu Jan 02 20:39:11 UTC 2014 + Serial Number (hex): 70569c6723139b203be7954aa379185b + Revoked at: Thu Jan 02 20:42:47 UTC 2014 + Serial Number (hex): 68d7cea6fdc1ec3e4d8e6b3269d78f06 + Revoked at: Thu Jan 02 20:50:02 UTC 2014 + Serial Number (hex): 26d21bb2f78faa4c24729f4afaa6b264 + Revoked at: Thu Jan 02 21:31:06 UTC 2014 + Serial Number (hex): 3c6665b0f135c4c2892d8874c995c96a + Revoked at: Fri Jan 03 02:55:33 UTC 2014 + Serial Number (hex): 526c79a2303d017489e40cdda2d2bbea + Revoked at: Fri Jan 03 02:55:39 UTC 2014 + Serial Number (hex): 00c971e1aa071612df59399aa22958aeb3 + Revoked at: Fri Jan 03 09:56:45 UTC 2014 + Serial Number (hex): 008dcedbae34c6438086fad6a708f1b57b + Revoked at: Fri Jan 03 15:58:36 UTC 2014 + Serial Number (hex): 693184d1feefe430c946e31e7f7d1fa4 + Revoked at: Fri Jan 03 16:11:55 UTC 2014 + Serial Number (hex): 00e01f4390770df5f7dd3d46339526c260 + Revoked at: Fri Jan 03 16:12:15 UTC 2014 + Serial Number (hex): 72ca8dd7ef93351c047aa5a0ea110b54 + Revoked at: Fri Jan 03 17:09:02 UTC 2014 + Serial Number (hex): 4fdea45922b3501dec635f5476d6991b + Revoked at: Fri Jan 03 18:40:10 UTC 2014 + Serial Number (hex): 546e3de691fdc6ba6fc375a4a11228a0 + Revoked at: Fri Jan 03 19:04:39 UTC 2014 + Serial Number (hex): 3179d1c526f39cfaaa0be1b5ebb14daf + Revoked at: Fri Jan 03 19:04:44 UTC 2014 + Serial Number (hex): 70a7e50648eda22a1a1d827263396957 + Revoked at: Fri Jan 03 20:08:31 UTC 2014 + Serial Number (hex): 00ca1306beb537123944d3c9f3a68a5973 + Revoked at: Fri Jan 03 21:33:11 UTC 2014 + Serial Number (hex): 00eafb5fba8cd0df509ffe3fae2c747616 + Revoked at: Fri Jan 03 21:56:13 UTC 2014 + Serial Number (hex): 00892a637080052a316c78d11a83fe485a + Revoked at: Fri Jan 03 22:08:30 UTC 2014 + Serial Number (hex): 00d73796c5ef689407525b26657740068d + Revoked at: Sun Jan 05 17:59:11 UTC 2014 + Serial Number (hex): 00f45809ffafec863e735e408b007015f7 + Revoked at: Mon Jan 06 04:52:11 UTC 2014 + Serial Number (hex): 00f64d3517ee5b935ed83375028df2b1df + Revoked at: Mon Jan 06 09:56:55 UTC 2014 + Serial Number (hex): 5b5a6c54adef90edf23958847e8d4540 + Revoked at: Mon Jan 06 10:29:37 UTC 2014 + Serial Number (hex): 52236bef6e9df049f11f658b6f3f8f9c + Revoked at: Mon Jan 06 12:49:58 UTC 2014 + Serial Number (hex): 0dfc0012e90552d2862b481c7eee63b3 + Revoked at: Mon Jan 06 13:07:18 UTC 2014 + Serial Number (hex): 15a8eb46ef8779a747540f4e2fdfe12d + Revoked at: Mon Jan 06 13:09:39 UTC 2014 + Serial Number (hex): 00a2de28a3590db10d2234ce7ae8d141cd + Revoked at: Mon Jan 06 13:20:52 UTC 2014 + Serial Number (hex): 781c7202b290c2646844481d6276c66c + Revoked at: Mon Jan 06 13:26:48 UTC 2014 + Serial Number (hex): 7b07f25489823ae2d026035f7d72e7dd + Revoked at: Mon Jan 06 14:48:09 UTC 2014 + Serial Number (hex): 50c4b197655ba74aa9e28b9b79e9b0d4 + Revoked at: Mon Jan 06 15:15:57 UTC 2014 + Serial Number (hex): 00bd081c2586fad8607c58907f9d95edd7 + Revoked at: Mon Jan 06 15:35:47 UTC 2014 + Serial Number (hex): 2a30d77cdb66fba397c9d555508dea7a + Revoked at: Mon Jan 06 15:36:01 UTC 2014 + Serial Number (hex): 00cacae6272bad8744d53c173872ecfab2 + Revoked at: Mon Jan 06 15:40:41 UTC 2014 + Serial Number (hex): 00d811c37bfc82f517930008d31a81c83e + Revoked at: Mon Jan 06 15:40:55 UTC 2014 + Serial Number (hex): 00fa080cc0648bc52b8926a971ee37cce7 + Revoked at: Mon Jan 06 15:53:55 UTC 2014 + Serial Number (hex): 00e83a80a19557f418dc91fd1f8466331f + Revoked at: Mon Jan 06 16:45:39 UTC 2014 + Serial Number (hex): 00d00c77b88108b134e0d800c215d4980d + Revoked at: Mon Jan 06 19:20:28 UTC 2014 + Serial Number (hex): 5e8e99aa551db1266656aff5011a9799 + Revoked at: Mon Jan 06 20:11:45 UTC 2014 + Serial Number (hex): 3d783076291bf3e8b01f46fb6e238ab4 + Revoked at: Mon Jan 06 20:15:46 UTC 2014 + Serial Number (hex): 00d78d4bbd1124c7f30fddb5a914570137 + Revoked at: Mon Jan 06 20:20:37 UTC 2014 + Serial Number (hex): 19fafc758afb41c9a470002c9ae55317 + Revoked at: Mon Jan 06 20:27:05 UTC 2014 + Serial Number (hex): 00d4598c0caaffbecedefff14a78d053cc + Revoked at: Mon Jan 06 23:16:40 UTC 2014 + Serial Number (hex): 00ebb4c70a6a478040d1bf8f9431581b92 + Revoked at: Mon Jan 06 23:16:52 UTC 2014 + Serial Number (hex): 0081317be87d968aae0f275bafe1f143b8 + Revoked at: Mon Jan 06 23:17:04 UTC 2014 + Serial Number (hex): 5b15940cd82ec996e57b6f9bc827e994 + Revoked at: Mon Jan 06 23:17:17 UTC 2014 + Serial Number (hex): 17472ebf88a17713e57ee6dd05e1e2e3 + Revoked at: Mon Jan 06 23:17:37 UTC 2014 + Serial Number (hex): 257212fa560f75f78ad9b0f4c79011bc + Revoked at: Mon Jan 06 23:18:14 UTC 2014 + Serial Number (hex): 247478366e4e0d2c727068c432c05c6f + Revoked at: Mon Jan 06 23:18:27 UTC 2014 + Serial Number (hex): 009302d3a7ef2535bfbde861a4c03220de + Revoked at: Tue Jan 07 08:38:24 UTC 2014 + Serial Number (hex): 00aba45d52b5ce88a9623404d26bb66980 + Revoked at: Tue Jan 07 13:32:30 UTC 2014 + Serial Number (hex): 1b0bb68983e03280b5ee85b6a0e6ef7e + Revoked at: Tue Jan 07 14:10:33 UTC 2014 + Serial Number (hex): 0a55dd168d28aececc57cb011995c0c8 + Revoked at: Tue Jan 07 16:37:47 UTC 2014 + Serial Number (hex): 29325b7544750d2b28dfa7bb8d65b845 + Revoked at: Tue Jan 07 17:38:11 UTC 2014 + Serial Number (hex): 00ec0293b41e0a366637a041cf43539a88 + Revoked at: Tue Jan 07 17:45:00 UTC 2014 + Serial Number (hex): 02816971cab9c5ee30e448783f210280 + Revoked at: Tue Jan 07 17:45:00 UTC 2014 + Serial Number (hex): 5a41ca054eef17cf85a4acb7e0149c4b + Revoked at: Tue Jan 07 17:45:00 UTC 2014 + Serial Number (hex): 00b39c2de65fe7d3431fc266254a65ffce + Revoked at: Tue Jan 07 19:00:58 UTC 2014 + Serial Number (hex): 0a8c22bb1fdb85102899ade9c1bdca6f + Revoked at: Tue Jan 07 19:01:00 UTC 2014 + Serial Number (hex): 106b6861bb32740cf0fa8439aea2a012 + Revoked at: Tue Jan 07 19:48:47 UTC 2014 + Serial Number (hex): 5eb2da23a0b7db85f606567c7aacc7b8 + Revoked at: Tue Jan 07 19:50:48 UTC 2014 + Serial Number (hex): 00ef61de6176591dd30d245b14759191de + Revoked at: Tue Jan 07 20:24:50 UTC 2014 + Serial Number (hex): 009b7a945734f6e1167e44bd366eba3aaa + Revoked at: Tue Jan 07 20:37:50 UTC 2014 + Serial Number (hex): 07f5267e8fe42f3487109094ef38984c + Revoked at: Tue Jan 07 22:36:32 UTC 2014 + Serial Number (hex): 00dce0dfe65a7a6f313b4f7d7e0a1295ae + Revoked at: Tue Jan 07 22:36:50 UTC 2014 + Serial Number (hex): 00fd883ef658eb9d8339a8c5be79902899 + Revoked at: Tue Jan 07 22:44:43 UTC 2014 + Serial Number (hex): 00ea07d5b3133cdf628a763d8a33a5a015 + Revoked at: Wed Jan 08 02:11:06 UTC 2014 + Serial Number (hex): 6a48302200c34544c2ed98ce68c988ef + Revoked at: Wed Jan 08 11:27:53 UTC 2014 + Serial Number (hex): 4e7520bd0efa20565670f219848b435d + Revoked at: Wed Jan 08 15:38:01 UTC 2014 + Serial Number (hex): 1d3d0388e9fea501610cc944e638015b + Revoked at: Wed Jan 08 15:44:27 UTC 2014 + Serial Number (hex): 13ed7827e97c42b33ed32db90ee092f9 + Revoked at: Wed Jan 08 15:44:37 UTC 2014 + Serial Number (hex): 18b7e1773b35d97f9340234bedf687b6 + Revoked at: Wed Jan 08 15:45:14 UTC 2014 + Serial Number (hex): 0f7294b5871fac8a957422a9a18b0310 + Revoked at: Wed Jan 08 15:45:29 UTC 2014 + Serial Number (hex): 00bd91826ce5736d53d2b6d5f312b1b28f + Revoked at: Wed Jan 08 15:59:44 UTC 2014 + Serial Number (hex): 63b4acf13e49d5c1b6193b21daf4487a + Revoked at: Wed Jan 08 16:05:41 UTC 2014 + Serial Number (hex): 00e5bf41a7bfcb4442efedcdc7e48bc089 + Revoked at: Wed Jan 08 16:05:49 UTC 2014 + Serial Number (hex): 00af822852a1c1b3c23cbad7fa2fe38b9e + Revoked at: Wed Jan 08 16:27:32 UTC 2014 + Serial Number (hex): 00f3fede6e68bbf408cf65ddc8621bebff + Revoked at: Wed Jan 08 16:28:00 UTC 2014 + Serial Number (hex): 00c2f03a530cf94f5e7ff22b6199f5d416 + Revoked at: Wed Jan 08 17:26:57 UTC 2014 + Serial Number (hex): 3935957154aee95c857708f98c6e3696 + Revoked at: Wed Jan 08 17:47:35 UTC 2014 + Serial Number (hex): 2c1e0192d733c00cb9aa1f00bf5ff5dd + Revoked at: Wed Jan 08 20:33:16 UTC 2014 + Serial Number (hex): 506ee65c9005eb866b8943744e19d78e + Revoked at: Wed Jan 08 21:27:22 UTC 2014 + Serial Number (hex): 7a2db8729996b9db2400c2f91720f1cc + Revoked at: Wed Jan 08 21:40:09 UTC 2014 + Serial Number (hex): 0093320d0d98a9e52e0620c169ae38b5d2 + Revoked at: Wed Jan 08 23:31:53 UTC 2014 + Serial Number (hex): 1ee7018137acdd5e193c56b9a4cc6471 + Revoked at: Wed Jan 08 23:55:26 UTC 2014 + Serial Number (hex): 00a8c66a0195b0cac96e4bfad19beea689 + Revoked at: Thu Jan 09 10:51:36 UTC 2014 + Serial Number (hex): 00f1261c7f0b097cb8a62603def4c222c6 + Revoked at: Thu Jan 09 11:38:42 UTC 2014 + Serial Number (hex): 7f3dac270f26131727f4ee4f4aff7fe7 + Revoked at: Thu Jan 09 12:07:54 UTC 2014 + Serial Number (hex): 283e3984bf121c21016a95c7b942c000 + Revoked at: Thu Jan 09 13:21:27 UTC 2014 + Serial Number (hex): 00cf434315a407e2b259f85dfb380d93b2 + Revoked at: Thu Jan 09 13:51:18 UTC 2014 + Serial Number (hex): 009e40b86f00c753d2acf9179a7fada599 + Revoked at: Thu Jan 09 14:09:04 UTC 2014 + Serial Number (hex): 00c1834fb658e5bfc07c0ce8b3eeddb0aa + Revoked at: Thu Jan 09 15:04:39 UTC 2014 + Serial Number (hex): 3d7b354c95150f0a5fdd12a41b261e3e + Revoked at: Thu Jan 09 15:09:10 UTC 2014 + Serial Number (hex): 05b3fed1c4c1c906fc3a072f34ca9e36 + Revoked at: Thu Jan 09 15:48:53 UTC 2014 + Serial Number (hex): 232fb4b8f7c005dd09089a57b24d89a1 + Revoked at: Thu Jan 09 16:26:16 UTC 2014 + Serial Number (hex): 00c6bd314d7f523f8edbae7f4c53d476f3 + Revoked at: Thu Jan 09 16:43:24 UTC 2014 + Serial Number (hex): 76f5f3df1bfb7dc8a2e9742e586168cc + Revoked at: Thu Jan 09 16:52:29 UTC 2014 + Serial Number (hex): 00f09430ee4d4de5068733f60bd740d5df + Revoked at: Thu Jan 09 17:26:06 UTC 2014 + Serial Number (hex): 00c2d6069c6819076651a4b6dff9593e79 + Revoked at: Thu Jan 09 17:45:28 UTC 2014 + Serial Number (hex): 0090204dcb49580d7cd2d5ff1292c1c76f + Revoked at: Thu Jan 09 19:35:09 UTC 2014 + Serial Number (hex): 00b62d15858e456def913c555ef1e029c2 + Revoked at: Thu Jan 09 20:06:35 UTC 2014 + Serial Number (hex): 230381a42786d901e3637703a863311b + Revoked at: Thu Jan 09 20:25:29 UTC 2014 + Serial Number (hex): 5fa77c5a9cb0915c2a748f177e4734ea + Revoked at: Thu Jan 09 20:26:53 UTC 2014 + Serial Number (hex): 3c86bbc18daa16294f0e37e616563f31 + Revoked at: Thu Jan 09 21:39:13 UTC 2014 + Serial Number (hex): 0fd50ffa1d94390866d066d61dde264e + Revoked at: Thu Jan 09 22:22:33 UTC 2014 + Serial Number (hex): 64dd3102a9c5d66464827edf9babb0d8 + Revoked at: Thu Jan 09 23:45:29 UTC 2014 + Serial Number (hex): 00dfb11d3a37efbb770239eda33fd40653 + Revoked at: Fri Jan 10 00:00:42 UTC 2014 + Serial Number (hex): 2425189dc00a767229ff70261162cc94 + Revoked at: Fri Jan 10 07:37:10 UTC 2014 + Serial Number (hex): 00889f63779d955b7baf0d4a64a4a0a248 + Revoked at: Fri Jan 10 14:07:42 UTC 2014 + Serial Number (hex): 0081aae45fd03a31ddb5bbff0404e02f72 + Revoked at: Fri Jan 10 14:30:24 UTC 2014 + Serial Number (hex): 00a341ae9e8f6fa3bd4cd6f2fed752902e + Revoked at: Fri Jan 10 14:51:33 UTC 2014 + Serial Number (hex): 00eb77ff155049d9266425f863da42436d + Revoked at: Fri Jan 10 15:33:08 UTC 2014 + Serial Number (hex): 49793b23e024a6f640560700f09d4530 + Revoked at: Fri Jan 10 15:33:20 UTC 2014 + Serial Number (hex): 00ee62c8853db5595cf3e88c8322899f2f + Revoked at: Fri Jan 10 16:03:40 UTC 2014 + Serial Number (hex): 3ff505f5a77b4d7899fbeac46f02968f + Revoked at: Fri Jan 10 16:26:13 UTC 2014 + Serial Number (hex): 00e54a9b49c12957ae1ea0274d7737c3cf + Revoked at: Fri Jan 10 18:08:49 UTC 2014 + Serial Number (hex): 00d4a68e00fd01330ea13c486af59bb8d2 + Revoked at: Fri Jan 10 20:18:32 UTC 2014 + Serial Number (hex): 23278f13617d1e632e58c940f4512bfd + Revoked at: Fri Jan 10 20:18:39 UTC 2014 + Serial Number (hex): 0099c33814c55090df0e3bff0ecf00a563 + Revoked at: Fri Jan 10 20:33:28 UTC 2014 + Serial Number (hex): 6dbc62cc68e4c239b2816ac2ef7fca26 + Revoked at: Fri Jan 10 21:01:16 UTC 2014 + Serial Number (hex): 00c5ac81720550a86f48105aedc463b9e9 + Revoked at: Fri Jan 10 21:04:45 UTC 2014 + Serial Number (hex): 62ded26e76903dc9e2339d2276749156 + Revoked at: Fri Jan 10 21:04:50 UTC 2014 + Serial Number (hex): 00fcc1b2c3cd8905c711345db1d6af6eb9 + Revoked at: Fri Jan 10 22:07:37 UTC 2014 + Serial Number (hex): 605bb515578437ad6464bdc438879da7 + Revoked at: Fri Jan 10 22:08:26 UTC 2014 + Serial Number (hex): 53ab7c7c7aee6a08a3149f9423455168 + Revoked at: Fri Jan 10 22:08:29 UTC 2014 + Serial Number (hex): 00f9e2d89e0dd069fcac5f35917e9e302c + Revoked at: Mon Jan 13 08:08:21 UTC 2014 + Serial Number (hex): 1555aaefa156a1a4f5a6f18aeabfadd3 + Revoked at: Mon Jan 13 10:51:28 UTC 2014 + Serial Number (hex): 380ce90c411ff66a477019c05484f41d + Revoked at: Mon Jan 13 12:07:52 UTC 2014 + Serial Number (hex): 00eebeb9c8f8e7cc24607799cae46d0d49 + Revoked at: Mon Jan 13 16:30:35 UTC 2014 + Serial Number (hex): 008ba0824eb62a2c4d70f2b2cba1837c2b + Revoked at: Mon Jan 13 17:22:53 UTC 2014 + Serial Number (hex): 00cfd9016666a6928665882e6bd93ead84 + Revoked at: Mon Jan 13 17:50:01 UTC 2014 + Serial Number (hex): 008fbf3ca478c281999c7f12ec1ec6293f + Revoked at: Mon Jan 13 17:54:20 UTC 2014 + Serial Number (hex): 009ce8691f8d797f694990fa0518c954ee + Revoked at: Mon Jan 13 18:18:36 UTC 2014 + Serial Number (hex): 1e5a43c568731ec19ed8b7a30e58571b + Revoked at: Mon Jan 13 20:16:17 UTC 2014 + Serial Number (hex): 61006866919b560f53f5e5fb165de51b + Revoked at: Mon Jan 13 20:33:51 UTC 2014 + Serial Number (hex): 00d8acb095ce202aa84c1228f8f73c1044 + Revoked at: Mon Jan 13 23:36:14 UTC 2014 + Serial Number (hex): 043203628ff3dc1c6df5c7a81be3e53a + Revoked at: Tue Jan 14 00:13:16 UTC 2014 + Serial Number (hex): 0613ab119966ad799a89d0c3bee8e8de + Revoked at: Tue Jan 14 02:23:47 UTC 2014 + Serial Number (hex): 00ab492d5edfe6583215acde9ccb560d76 + Revoked at: Tue Jan 14 08:11:25 UTC 2014 + Serial Number (hex): 00ebd1a2ca6d682b3fb847daf9e60e1135 + Revoked at: Tue Jan 14 15:03:24 UTC 2014 + Serial Number (hex): 0c366fd3f2e31bf11cca019da76babc7 + Revoked at: Tue Jan 14 15:12:09 UTC 2014 + Serial Number (hex): 54d27d1c6a1113c4e7d397dfd4e58ecb + Revoked at: Tue Jan 14 16:32:17 UTC 2014 + Serial Number (hex): 00d1d4dae83c948e3d4ffdd028f98ee640 + Revoked at: Tue Jan 14 16:32:33 UTC 2014 + Serial Number (hex): 009f824e6ed0928e56ec4c10c2c0537fd7 + Revoked at: Tue Jan 14 17:25:59 UTC 2014 + Serial Number (hex): 008ed22a5eae77db58592cee11406e5eef + Revoked at: Tue Jan 14 17:45:22 UTC 2014 + Serial Number (hex): 00ddfdd38c786d1ed38e20d08a3ed57899 + Revoked at: Tue Jan 14 17:48:55 UTC 2014 + Serial Number (hex): 6e952a85f9be6b4ea8a0f892e50a988d + Revoked at: Tue Jan 14 17:50:25 UTC 2014 + Serial Number (hex): 6dc24e2c18f93b9b90604bccce07f0f7 + Revoked at: Tue Jan 14 18:05:54 UTC 2014 + Serial Number (hex): 7febaf003f50ed921707dec831b8f720 + Revoked at: Tue Jan 14 18:51:28 UTC 2014 + Serial Number (hex): 37c8e39540a22450984d0d9dd157cf5f + Revoked at: Tue Jan 14 18:56:28 UTC 2014 + Serial Number (hex): 40353b97b809b3a398c9caa51eac5d14 + Revoked at: Tue Jan 14 19:53:26 UTC 2014 + Serial Number (hex): 0096a8f0994dfd8e8eacc6fafb9adc37cd + Revoked at: Tue Jan 14 23:14:21 UTC 2014 + Serial Number (hex): 7070ad3d839c57654f3abad438c48379 + Revoked at: Wed Jan 15 01:52:32 UTC 2014 + Serial Number (hex): 07a31e884dd8164783537b69b56548ff + Revoked at: Wed Jan 15 06:46:58 UTC 2014 + Serial Number (hex): 00eda2fd3fbd6c5d2cc3b588a87e4e8d9e + Revoked at: Wed Jan 15 08:13:05 UTC 2014 + Serial Number (hex): 00f290ca29f425cf94a09e7c4bf85427ba + Revoked at: Wed Jan 15 10:03:32 UTC 2014 + Serial Number (hex): 24ac5ab9355253be641c1a18153dc1ff + Revoked at: Wed Jan 15 11:16:34 UTC 2014 + Serial Number (hex): 74afb043652fb496d817353ec0f3b7d2 + Revoked at: Wed Jan 15 11:47:43 UTC 2014 + Serial Number (hex): 2d4948d2fa19e1b0227a928791ae75c9 + Revoked at: Wed Jan 15 12:58:55 UTC 2014 + Serial Number (hex): 009437703f182af5925c4ed6dc24bac2a6 + Revoked at: Wed Jan 15 13:48:39 UTC 2014 + Serial Number (hex): 00b2bec2ad5e21054ab41bb530228d5a72 + Revoked at: Wed Jan 15 13:52:24 UTC 2014 + Serial Number (hex): 00e06aa2382ac15a6b9d7f89ba7bdd6248 + Revoked at: Wed Jan 15 15:27:33 UTC 2014 + Serial Number (hex): 284dbc6bb1577790b0f5126ae8aabd07 + Revoked at: Wed Jan 15 16:37:27 UTC 2014 + Serial Number (hex): 008435324f0c111bc10bb5b624440eff08 + Revoked at: Wed Jan 15 18:37:04 UTC 2014 + Serial Number (hex): 568a8839ca46be23fde9a27168cf2dd9 + Revoked at: Wed Jan 15 18:48:29 UTC 2014 + Serial Number (hex): 4aad23a51bfc5b8c8a8aed43a59d92bb + Revoked at: Wed Jan 15 18:48:31 UTC 2014 + Serial Number (hex): 7a12a4ab1991760fe4be771ea4071537 + Revoked at: Wed Jan 15 18:48:51 UTC 2014 + Serial Number (hex): 00ef8ee48e6a68e85a4d7ab2aaae5a3749 + Revoked at: Wed Jan 15 19:03:30 UTC 2014 + Serial Number (hex): 3aee77461bc50ee57c7582ab452aab01 + Revoked at: Wed Jan 15 19:03:59 UTC 2014 + Serial Number (hex): 45b1384c9a4048539f0fd4eb7fc40de0 + Revoked at: Wed Jan 15 19:13:58 UTC 2014 + Serial Number (hex): 3114f17c013936dc790da711a996eae3 + Revoked at: Wed Jan 15 20:29:01 UTC 2014 + Serial Number (hex): 008508643cf53b8ce041a74e3418fb4546 + Revoked at: Wed Jan 15 20:45:57 UTC 2014 + Serial Number (hex): 0ea1207ec2354ee7375a82d7eed2ea00 + Revoked at: Wed Jan 15 22:11:54 UTC 2014 + Serial Number (hex): 00d4cb59c5019992c0aa0edbbbaa79b049 + Revoked at: Wed Jan 15 22:26:49 UTC 2014 + Serial Number (hex): 00bbaa4d6e6ebd37a789837ba54d0f67b7 + Revoked at: Thu Jan 16 13:03:07 UTC 2014 + Serial Number (hex): 0093306c36964ac0a1bea5787b6e07f78b + Revoked at: Thu Jan 16 13:22:22 UTC 2014 + Serial Number (hex): 00b43a9ed6df73191bde79a1046ff9ccb4 + Revoked at: Thu Jan 16 13:22:53 UTC 2014 + Serial Number (hex): 00e22828d36262d7a5d5c0c0fc9ff3eb46 + Revoked at: Thu Jan 16 13:36:18 UTC 2014 + Serial Number (hex): 3eec6311182695cb0a4dbceb22358c51 + Revoked at: Thu Jan 16 13:36:39 UTC 2014 + Serial Number (hex): 00eb2afe8dca7d16cc85cabe0c24ae86b0 + Revoked at: Thu Jan 16 13:47:36 UTC 2014 + Serial Number (hex): 1c74f8a1cd524ececc2283ef3932f9bd + Revoked at: Thu Jan 16 14:08:52 UTC 2014 + Serial Number (hex): 68048148a513f23c7be8e66010c570a2 + Revoked at: Thu Jan 16 16:36:13 UTC 2014 + Serial Number (hex): 00e9b600464a852c1ffd9392a560b8f5d1 + Revoked at: Thu Jan 16 16:37:08 UTC 2014 + Serial Number (hex): 4476f0afec34b828a2c59aef9e1f6d1f + Revoked at: Thu Jan 16 17:08:31 UTC 2014 + Serial Number (hex): 728cd738f023042225b2ceb1ee3a60cd + Revoked at: Thu Jan 16 17:37:13 UTC 2014 + Serial Number (hex): 4341754c890887b28befd7195720799d + Revoked at: Thu Jan 16 17:37:32 UTC 2014 + Serial Number (hex): 00aa535938ead181be0a30604646b911c2 + Revoked at: Thu Jan 16 17:37:37 UTC 2014 + Serial Number (hex): 64f268a15b85538d2587378153b7d96d + Revoked at: Thu Jan 16 17:37:48 UTC 2014 + Serial Number (hex): 640976f632e8211ae232091ebf6e6e56 + Revoked at: Thu Jan 16 17:38:55 UTC 2014 + Serial Number (hex): 265143af1d5ed9cdbbd85d256fcc803a + Revoked at: Thu Jan 16 17:50:10 UTC 2014 + Serial Number (hex): 00d1fa1d92ae6c41b96c3e3075ba44a1e0 + Revoked at: Thu Jan 16 18:51:36 UTC 2014 + Serial Number (hex): 00a6cf423d76c4bfa04490ce87e3900b40 + Revoked at: Thu Jan 16 20:21:11 UTC 2014 + Serial Number (hex): 6cff656c7ffbc0351bacba553f7fcb8a + Revoked at: Thu Jan 16 21:06:20 UTC 2014 + Serial Number (hex): 00864799263e8c9933d8f53388bf64aa5d + Revoked at: Thu Jan 16 21:28:13 UTC 2014 + Serial Number (hex): 00c283fb44a9386baa77d872e98fcc5b4e + Revoked at: Thu Jan 16 21:37:21 UTC 2014 + Serial Number (hex): 41bfbbd9cabc13a7f788380adcbf3cfd + Revoked at: Thu Jan 16 23:22:37 UTC 2014 + Serial Number (hex): 00b5b308a360d60b16220c0ae5413c3ebc + Revoked at: Fri Jan 17 03:48:12 UTC 2014 + Serial Number (hex): 00a87fbe8dd4593f2d9c4ac5a5b5a79882 + Revoked at: Fri Jan 17 09:56:57 UTC 2014 + Serial Number (hex): 008b51a422cc3832c06e51225d45ed209e + Revoked at: Fri Jan 17 10:10:15 UTC 2014 + Serial Number (hex): 5bcacb72f4af2add3de89e502e510b11 + Revoked at: Fri Jan 17 10:52:55 UTC 2014 + Serial Number (hex): 358105d22cf7d1615e38e125b47f4df1 + Revoked at: Fri Jan 17 15:35:57 UTC 2014 + Serial Number (hex): 1c751786eb50795f34c44f9003dbdb18 + Revoked at: Fri Jan 17 15:45:20 UTC 2014 + Serial Number (hex): 450ce2692bde9973d36b0d9372d30f7b + Revoked at: Fri Jan 17 16:42:53 UTC 2014 + Serial Number (hex): 4b1d03f1800090f52344dad7a1be6a9b + Revoked at: Fri Jan 17 17:02:09 UTC 2014 + Serial Number (hex): 16d9cd744673577a914636e2e7d4a002 + Revoked at: Fri Jan 17 17:17:35 UTC 2014 + Serial Number (hex): 0080eef7793083dc0d2c23e1abbcdb42ce + Revoked at: Fri Jan 17 18:56:14 UTC 2014 + Serial Number (hex): 16b46ba86f437efa64a5d3eb059176ec + Revoked at: Fri Jan 17 19:27:02 UTC 2014 + Serial Number (hex): 00939cd7bf9408a0936fb85532b510dbb2 + Revoked at: Fri Jan 17 19:53:45 UTC 2014 + Serial Number (hex): 0ba2bc3510fe2929a595f06257fc982f + Revoked at: Fri Jan 17 20:25:58 UTC 2014 + Serial Number (hex): 1aa53aa52312a8eff942ebddbb5de484 + Revoked at: Fri Jan 17 20:32:21 UTC 2014 + Serial Number (hex): 00ee458d0ea339337fc374ec1d8aed2c1a + Revoked at: Fri Jan 17 20:45:11 UTC 2014 + Serial Number (hex): 00e0b6d6d3496dd53bb073aedf080b9997 + Revoked at: Fri Jan 17 21:01:34 UTC 2014 + Serial Number (hex): 16f35243430369390b7eea97dcdabb3b + Revoked at: Fri Jan 17 22:53:15 UTC 2014 + Serial Number (hex): 00e3e35b63861675e4f5f6b80841e1f81c + Revoked at: Fri Jan 17 22:55:57 UTC 2014 + Serial Number (hex): 0aec0c3407b35d79d85f9197ac852599 + Revoked at: Fri Jan 17 23:00:46 UTC 2014 + Serial Number (hex): 7b9a06e8fe152d8095a75cdb16219915 + Revoked at: Sat Jan 18 02:38:33 UTC 2014 + Serial Number (hex): 00c129d443f4950c05e7dc15d7879a42cf + Revoked at: Sat Jan 18 08:21:16 UTC 2014 + Serial Number (hex): 00d8d9cc381c9344bb14beb5bba5d9d349 + Revoked at: Mon Jan 20 11:48:19 UTC 2014 + Serial Number (hex): 16ba50fa5ad0b3c03570a05c593f2502 + Revoked at: Mon Jan 20 12:01:20 UTC 2014 + Serial Number (hex): 1f40c91994d74a5ff9fe9a99e3218b96 + Revoked at: Mon Jan 20 13:18:44 UTC 2014 + Serial Number (hex): 009b7cd1aa73bdf5d74c5f02cfdd5f2266 + Revoked at: Mon Jan 20 13:48:25 UTC 2014 + Serial Number (hex): 4e4ddbd36f26b1671b32c48300f2a56d + Revoked at: Mon Jan 20 14:36:03 UTC 2014 + Serial Number (hex): 33cda477edf43421f4e3abe8ec4bac66 + Revoked at: Mon Jan 20 16:02:05 UTC 2014 + Serial Number (hex): 00bc4e00651577b47d8f30bcbdcfdb3f07 + Revoked at: Mon Jan 20 16:09:08 UTC 2014 + Serial Number (hex): 00ab10ce1ed6120b1d7598df52e11e2fc8 + Revoked at: Mon Jan 20 16:09:08 UTC 2014 + Serial Number (hex): 00a6658ba8297b4c3acf38b250d395936e + Revoked at: Mon Jan 20 16:45:21 UTC 2014 + Serial Number (hex): 5f545988b663e8c7c09451fc3c2b685f + Revoked at: Mon Jan 20 20:15:50 UTC 2014 + Serial Number (hex): 00871a5bfef1beb490b680694a826a0242 + Revoked at: Mon Jan 20 20:35:08 UTC 2014 + Serial Number (hex): 396cf778b5fc09cc643d6f10b88547ef + Revoked at: Mon Jan 20 22:20:30 UTC 2014 + Serial Number (hex): 6469fd4a472b3c291446ba3cdfa9c25d + Revoked at: Tue Jan 21 03:29:38 UTC 2014 + Serial Number (hex): 0ffd3a45df2e75dd13da26b8f457f892 + Revoked at: Tue Jan 21 13:46:45 UTC 2014 + Serial Number (hex): 16ebfff0130cac1f1042a42393e30f22 + Revoked at: Tue Jan 21 13:51:26 UTC 2014 + Serial Number (hex): 2739e2ba3a3c93d4d6173eaf358e854f + Revoked at: Tue Jan 21 14:23:58 UTC 2014 + Serial Number (hex): 0080aacbe2f629e23a6e52d8b59b9e6288 + Revoked at: Tue Jan 21 14:43:40 UTC 2014 + Serial Number (hex): 24f91ddeb1bd09493c8fdfbc51b19707 + Revoked at: Tue Jan 21 14:50:40 UTC 2014 + Serial Number (hex): 00e0d46913ab4efcf5f2abd9784a0c70e5 + Revoked at: Tue Jan 21 15:34:32 UTC 2014 + Serial Number (hex): 3a9f6ea8b30918eda8baae003a0bb08f + Revoked at: Tue Jan 21 16:15:08 UTC 2014 + Serial Number (hex): 2c1758fb91e99a7c456a4f9b4713c4a6 + Revoked at: Tue Jan 21 16:34:06 UTC 2014 + Serial Number (hex): 363adfadc1f2885ea30e69d17aee254b + Revoked at: Tue Jan 21 17:02:01 UTC 2014 + Serial Number (hex): 00d9a7bf15edb59ccef6863d226435e66f + Revoked at: Tue Jan 21 17:03:36 UTC 2014 + Serial Number (hex): 00f2158dd4013a2981471d2c7a3338e998 + Revoked at: Tue Jan 21 17:46:31 UTC 2014 + Serial Number (hex): 0f6c1dd60bf2db2729b075d2cdfffdc3 + Revoked at: Tue Jan 21 18:44:02 UTC 2014 + Serial Number (hex): 008b09a264d292b2bf886ecfcc0758f4c8 + Revoked at: Tue Jan 21 18:53:45 UTC 2014 + Serial Number (hex): 250f2ede7bdfccb0e08adf446240dc6d + Revoked at: Tue Jan 21 19:02:21 UTC 2014 + Serial Number (hex): 5247b5bdc19228c618b0cf989cac156e + Revoked at: Tue Jan 21 20:43:13 UTC 2014 + Serial Number (hex): 008f514e6bd3278c8c90946282020970da + Revoked at: Tue Jan 21 20:47:32 UTC 2014 + Serial Number (hex): 00ee326203a402aafc51df970a0138e2b8 + Revoked at: Tue Jan 21 20:48:39 UTC 2014 + Serial Number (hex): 3a5f8f4111526d0265a190336d5e6911 + Revoked at: Tue Jan 21 21:19:57 UTC 2014 + Serial Number (hex): 51017c69cfaf280920ed405cdccf36d7 + Revoked at: Wed Jan 22 00:20:09 UTC 2014 + Serial Number (hex): 00dc1c7a62fc060ce768bb0feacc00e7f8 + Revoked at: Wed Jan 22 02:38:58 UTC 2014 + Serial Number (hex): 10dbb348e961d864e89568945f69fa57 + Revoked at: Wed Jan 22 03:22:19 UTC 2014 + Serial Number (hex): 00fe0d481a560a7ea34960d2f8bdb4886e + Revoked at: Wed Jan 22 07:09:52 UTC 2014 + Serial Number (hex): 00fbf292b503950179fc931529d77d7de5 + Revoked at: Wed Jan 22 14:27:32 UTC 2014 + Serial Number (hex): 09ddf03839064d7bdae20ce6fe9a49d6 + Revoked at: Wed Jan 22 14:42:06 UTC 2014 + Serial Number (hex): 0084bf47bd910c111457c8d4c87031aca7 + Revoked at: Wed Jan 22 15:04:02 UTC 2014 + Serial Number (hex): 00f01a513e9eeadf9025f5768e6c8ffa04 + Revoked at: Wed Jan 22 15:12:34 UTC 2014 + Serial Number (hex): 00e6e2f937db80b42edcf3e7a7a1d5a6ec + Revoked at: Wed Jan 22 15:15:20 UTC 2014 + Serial Number (hex): 00ece3eae2ce3f69997357606356f712cd + Revoked at: Wed Jan 22 15:19:21 UTC 2014 + Serial Number (hex): 009a069b5761dab63c16a53008c5da8fe3 + Revoked at: Wed Jan 22 17:16:24 UTC 2014 + Serial Number (hex): 009fd450b2fde32c2bc4185c1d871f7ed8 + Revoked at: Wed Jan 22 17:44:44 UTC 2014 + Serial Number (hex): 00b206c89ecaffccd338161f6ef0b700fa + Revoked at: Wed Jan 22 18:41:43 UTC 2014 + Serial Number (hex): 5fd69eee2c87f64c6fe89b3d5c62fe4b + Revoked at: Wed Jan 22 18:41:53 UTC 2014 + Serial Number (hex): 00ec70070a781e03ab0654dd4b3a0abfd5 + Revoked at: Wed Jan 22 19:15:33 UTC 2014 + Serial Number (hex): 00cfa1206508227fec0be00233477f4298 + Revoked at: Wed Jan 22 19:54:48 UTC 2014 + Serial Number (hex): 00ae75e6073c216661d8b0d713b891875d + Revoked at: Wed Jan 22 20:58:38 UTC 2014 + Serial Number (hex): 00da93b3b8bcba8dacdcb98e4138d55ac1 + Revoked at: Thu Jan 23 04:27:52 UTC 2014 + Serial Number (hex): 00f065e62530abcf2e52891f8396b4d739 + Revoked at: Thu Jan 23 13:23:16 UTC 2014 + Serial Number (hex): 624c4d8c873cd33632d03e46360bd58a + Revoked at: Thu Jan 23 14:24:36 UTC 2014 + Serial Number (hex): 3361270e1894113ba38b98d06711119b + Revoked at: Thu Jan 23 14:56:32 UTC 2014 + Serial Number (hex): 00817bcacf6bb064c5e883dddb9753ffb5 + Revoked at: Thu Jan 23 15:00:18 UTC 2014 + Serial Number (hex): 08e9190cfeb9a9499bcd738e73250eef + Revoked at: Thu Jan 23 15:05:04 UTC 2014 + Serial Number (hex): 675f93a5bb22a52bc58c048cae0062d2 + Revoked at: Thu Jan 23 16:07:06 UTC 2014 + Serial Number (hex): 0ddee1d78d547087bf65381af8292304 + Revoked at: Thu Jan 23 16:33:12 UTC 2014 + Serial Number (hex): 74a48e19421bacdfb2892afae0eedb30 + Revoked at: Thu Jan 23 16:49:50 UTC 2014 + Serial Number (hex): 00f5ba78e09eb94ae594212499ec0451a5 + Revoked at: Thu Jan 23 17:14:56 UTC 2014 + Serial Number (hex): 0081e027aa3293961b5c7b08b06df0bb80 + Revoked at: Thu Jan 23 17:47:15 UTC 2014 + Serial Number (hex): 6521571f5814db9b2ff0e8f58442c5f0 + Revoked at: Thu Jan 23 21:42:01 UTC 2014 + Serial Number (hex): 01cdc6eeb8f4cab8f0770e2e8a01c67e + Revoked at: Thu Jan 23 21:52:25 UTC 2014 + Serial Number (hex): 2a74c7c60c19d54d86952bc5eb2e4649 + Revoked at: Thu Jan 23 22:13:24 UTC 2014 + Serial Number (hex): 4eddc2ade3e8dc33a70fb703126bd3dd + Revoked at: Fri Jan 24 09:13:51 UTC 2014 + Serial Number (hex): 14e616d1285d2b3325474c1aecd6e323 + Revoked at: Fri Jan 24 10:03:38 UTC 2014 + Serial Number (hex): 5abaea21c46aab40b275d8418401cfcf + Revoked at: Fri Jan 24 15:00:46 UTC 2014 + Serial Number (hex): 00e8c9092cebe6760d018cad514fa7c9bd + Revoked at: Fri Jan 24 15:29:56 UTC 2014 + Serial Number (hex): 0e16b2c3f3c25c8281c7798c755cdf4b + Revoked at: Fri Jan 24 15:32:51 UTC 2014 + Serial Number (hex): 271a78c75417c51947316bb2320e19ca + Revoked at: Fri Jan 24 15:33:08 UTC 2014 + Serial Number (hex): 0087cae385676c9cf75a3f87d57ea2be35 + Revoked at: Fri Jan 24 15:33:26 UTC 2014 + Serial Number (hex): 7c7ffad22c96d0ee8083a9a4da41f7c3 + Revoked at: Fri Jan 24 15:33:43 UTC 2014 + Serial Number (hex): 00ce723e1d5d48060029846c695ab33afb + Revoked at: Fri Jan 24 15:34:16 UTC 2014 + Serial Number (hex): 00d5b9a1464686130e4bc9e23790a5b88e + Revoked at: Fri Jan 24 16:46:36 UTC 2014 + Serial Number (hex): 3da4441bdd6e607b0f89ebdd1f7f126f + Revoked at: Fri Jan 24 17:27:34 UTC 2014 + Serial Number (hex): 4f065a3d2149c01aae016b69b897504a + Revoked at: Fri Jan 24 18:40:11 UTC 2014 + Serial Number (hex): 6b15a2d2387b5dfc62c43b0c60102ebd + Revoked at: Fri Jan 24 19:00:14 UTC 2014 + Serial Number (hex): 00c628e86c94016624d70ad87bef9024f3 + Revoked at: Fri Jan 24 19:00:26 UTC 2014 + Serial Number (hex): 67667c05fa1bca027105f82c074abbf4 + Revoked at: Fri Jan 24 19:34:11 UTC 2014 + Serial Number (hex): 32b57a16b0ad27167a9e84479476b193 + Revoked at: Fri Jan 24 20:58:10 UTC 2014 + Serial Number (hex): 00b66ed7a082409739e775521b40b1600b + Revoked at: Fri Jan 24 21:25:35 UTC 2014 + Serial Number (hex): 00bf693c60f49709d9c1d609cff5e09bd7 + Revoked at: Fri Jan 24 22:02:27 UTC 2014 + Serial Number (hex): 00f845894f1c3380936571369a50bb20c1 + Revoked at: Fri Jan 24 22:32:38 UTC 2014 + Serial Number (hex): 6181b7b94a37c5b26366b003c47e96ce + Revoked at: Sun Jan 26 13:09:50 UTC 2014 + Serial Number (hex): 00e92730663f6bd8d2eb8173e7d42bcba8 + Revoked at: Mon Jan 27 07:06:32 UTC 2014 + Serial Number (hex): 24684305d828b3942e60e2a5f85746a7 + Revoked at: Mon Jan 27 08:15:24 UTC 2014 + Serial Number (hex): 00b04da1ae5a710f64daecb84d98456345 + Revoked at: Mon Jan 27 11:11:40 UTC 2014 + Serial Number (hex): 00ea1f5c7ef6be3c74156c23b38badb37e + Revoked at: Mon Jan 27 14:52:49 UTC 2014 + Serial Number (hex): 00941bfc032fc414644cda7e2769ddfe33 + Revoked at: Mon Jan 27 14:53:16 UTC 2014 + Serial Number (hex): 00965ce19d1a2cb6b3ba144c4ea4c71a7f + Revoked at: Mon Jan 27 14:59:45 UTC 2014 + Serial Number (hex): 7681fb15b8a88d812e104b804deb1952 + Revoked at: Mon Jan 27 16:04:31 UTC 2014 + Serial Number (hex): 009754f8e504b7200f34bb9b629602270c + Revoked at: Mon Jan 27 16:54:19 UTC 2014 + Serial Number (hex): 00e23f59d66a9ae9c25662b3f5182814a6 + Revoked at: Mon Jan 27 17:03:36 UTC 2014 + Serial Number (hex): 3adec6f6e1752d6e23e81a249d2f2614 + Revoked at: Mon Jan 27 18:09:44 UTC 2014 + Serial Number (hex): 008289aed1b9fecbd5f637408ace5775be + Revoked at: Mon Jan 27 18:39:19 UTC 2014 + Serial Number (hex): 00f75c4877652be620f35f13d9c7677ad3 + Revoked at: Mon Jan 27 18:46:57 UTC 2014 + Serial Number (hex): 00c81008f176095c47d0687ec5e543cea4 + Revoked at: Mon Jan 27 19:47:15 UTC 2014 + Serial Number (hex): 4a75c6c0181447f0b8c186d6c5d708e5 + Revoked at: Mon Jan 27 19:51:48 UTC 2014 + Serial Number (hex): 5d21e153b271c5304a069d3edfab1ddf + Revoked at: Mon Jan 27 20:12:09 UTC 2014 + Serial Number (hex): 00d1d339e57eeb2aab0764c1ed64f3816b + Revoked at: Mon Jan 27 20:28:48 UTC 2014 + Serial Number (hex): 00b54b357c7822c013b71e5787e6110eaf + Revoked at: Mon Jan 27 20:43:59 UTC 2014 + Serial Number (hex): 009d613bc11a15e377df3eac5443bdae21 + Revoked at: Tue Jan 28 09:00:40 UTC 2014 + Serial Number (hex): 6ac577fc5755c0bb42ac89a3596d98ad + Revoked at: Tue Jan 28 10:26:55 UTC 2014 + Serial Number (hex): 4a2e6bdedd6e014bab4c9fc96e0a8d81 + Revoked at: Tue Jan 28 10:27:03 UTC 2014 + Serial Number (hex): 3d820dd0326cd894d55aa8080773337f + Revoked at: Tue Jan 28 10:27:10 UTC 2014 + Serial Number (hex): 009617178a356c265eed124822c5a29b30 + Revoked at: Tue Jan 28 10:27:18 UTC 2014 + Serial Number (hex): 00c8f640ea1b07a2b4dd6732ec651efa20 + Revoked at: Tue Jan 28 10:27:25 UTC 2014 + Serial Number (hex): 369929e4cc577267970eef5242bf717c + Revoked at: Tue Jan 28 11:51:16 UTC 2014 + Serial Number (hex): 123f43c6625668fe2b868e2bdb89c138 + Revoked at: Tue Jan 28 12:55:34 UTC 2014 + Serial Number (hex): 0086292b55c09181f5a6ef2e93cc26e5fe + Revoked at: Tue Jan 28 12:55:35 UTC 2014 + Serial Number (hex): 54b9ba6d7d62f76820266ec80647bed4 + Revoked at: Tue Jan 28 12:55:36 UTC 2014 + Serial Number (hex): 410e40a8607530bc9eadd88299f3d208 + Revoked at: Tue Jan 28 12:55:38 UTC 2014 + Serial Number (hex): 5982ae8927e4065f1a7b3726fc8b2638 + Revoked at: Tue Jan 28 12:55:38 UTC 2014 + Serial Number (hex): 3aa3e1a17aa51abca216eaa202965f6b + Revoked at: Tue Jan 28 12:55:39 UTC 2014 + Serial Number (hex): 29d5dbacc5745202840d26193484a180 + Revoked at: Tue Jan 28 13:34:19 UTC 2014 + Serial Number (hex): 086fd8c4ffac0c6d40ceb388120efc40 + Revoked at: Tue Jan 28 15:02:52 UTC 2014 + Serial Number (hex): 3245a2a47260f2638037e3a2a3693771 + Revoked at: Tue Jan 28 16:43:35 UTC 2014 + Serial Number (hex): 341fe889804f4cc5917a411bf6c83a67 + Revoked at: Tue Jan 28 16:47:47 UTC 2014 + Serial Number (hex): 327638038d967883287f3d5550f7386f + Revoked at: Tue Jan 28 16:48:52 UTC 2014 + Serial Number (hex): 1a02086bce6e22a530fc56a68a052399 + Revoked at: Tue Jan 28 17:31:45 UTC 2014 + Serial Number (hex): 052b8602e41e6143d35c6b75b0d7704e + Revoked at: Tue Jan 28 17:37:28 UTC 2014 + Serial Number (hex): 54f6909852438d98a0b1618fca068a81 + Revoked at: Tue Jan 28 17:49:00 UTC 2014 + Serial Number (hex): 0ac51a50bc8b8b4a77993f4f099862f3 + Revoked at: Tue Jan 28 18:02:15 UTC 2014 + Serial Number (hex): 131b2d4d585622127adb69205285444c + Revoked at: Tue Jan 28 19:33:20 UTC 2014 + Serial Number (hex): 73062644e878a9777e58615f333a63f0 + Revoked at: Tue Jan 28 20:17:58 UTC 2014 + Serial Number (hex): 00b85bd1c85108ba506d456e6add05fb33 + Revoked at: Tue Jan 28 20:33:42 UTC 2014 + Serial Number (hex): 00cb948725d6fa3599198536a3d2d569c7 + Revoked at: Tue Jan 28 21:06:53 UTC 2014 + Serial Number (hex): 5050cdb5f5c4a613dd2c9971c2f66a41 + Revoked at: Tue Jan 28 21:52:47 UTC 2014 + Serial Number (hex): 00b7ace1605074b94faad2fe3e0928a846 + Revoked at: Tue Jan 28 23:54:13 UTC 2014 + Serial Number (hex): 1e70e64204572a3bf3879ce9d6b064bf + Revoked at: Wed Jan 29 10:01:07 UTC 2014 + Serial Number (hex): 00ac7859e8c6b0d9ac3b3ec2fa178f0a88 + Revoked at: Wed Jan 29 13:55:48 UTC 2014 + Serial Number (hex): 5bddded6be7814b066d63419e3b074ce + Revoked at: Wed Jan 29 15:18:28 UTC 2014 + Serial Number (hex): 008225082f0bd8419b6a33265f4f94ac0c + Revoked at: Wed Jan 29 15:27:49 UTC 2014 + Serial Number (hex): 5861e94c7140c4dfee8bdc57761ed46f + Revoked at: Wed Jan 29 15:43:30 UTC 2014 + Serial Number (hex): 676f1d8851ec257c0626dc44b353b12f + Revoked at: Wed Jan 29 16:11:14 UTC 2014 + Serial Number (hex): 475f2e011a697df53ac622bc8771efef + Revoked at: Wed Jan 29 16:32:20 UTC 2014 + Serial Number (hex): 0088ae50db5afba55387eab09e288fe4dc + Revoked at: Wed Jan 29 17:04:09 UTC 2014 + Serial Number (hex): 18bf9b4e576d59a05fbcaf8fb32de6ca + Revoked at: Wed Jan 29 17:21:00 UTC 2014 + Serial Number (hex): 637b6553dbc13586399afd71c4a36513 + Revoked at: Wed Jan 29 17:25:45 UTC 2014 + Serial Number (hex): 564db66a1308a1fc74564bd18bc6b0cf + Revoked at: Wed Jan 29 17:25:47 UTC 2014 + Serial Number (hex): 0089f559bd1600d1f51121adc2538f4fa3 + Revoked at: Wed Jan 29 17:28:07 UTC 2014 + Serial Number (hex): 34d8d2f4cd1e114b5b9ae57c09af72b1 + Revoked at: Wed Jan 29 18:48:42 UTC 2014 + Serial Number (hex): 00933f7a17b863e24372f18c0074438b06 + Revoked at: Wed Jan 29 19:07:48 UTC 2014 + Serial Number (hex): 00e32019cc4b9868ccd033201dbd53adfe + Revoked at: Wed Jan 29 22:02:20 UTC 2014 + Serial Number (hex): 00c8bed82a6d857be8990b2ae18d87da87 + Revoked at: Wed Jan 29 22:02:39 UTC 2014 + Serial Number (hex): 00a7bebfe3d28fc384faf7d22a7e4245ec + Revoked at: Wed Jan 29 22:03:27 UTC 2014 + Serial Number (hex): 4b0aac1fecdb156cc8df1429dbc3c3cc + Revoked at: Wed Jan 29 22:03:35 UTC 2014 + Serial Number (hex): 00f40f51d8c32ff2f4d975b137ec7711fc + Revoked at: Wed Jan 29 22:13:46 UTC 2014 + Serial Number (hex): 008d3d325c811d7f3fa2a551f0bd216923 + Revoked at: Wed Jan 29 22:19:48 UTC 2014 + Serial Number (hex): 36dae5153ffb783fa9f902e9e255eb1e + Revoked at: Wed Jan 29 22:19:57 UTC 2014 + Serial Number (hex): 1f9e4ab6acaaf8713a944c16c284b15a + Revoked at: Wed Jan 29 22:20:06 UTC 2014 + Serial Number (hex): 00a63c074a166f7575f87d357d2cf553e6 + Revoked at: Wed Jan 29 22:20:17 UTC 2014 + Serial Number (hex): 0087ec36365c2cfe1ad6ad05b757a83038 + Revoked at: Thu Jan 30 04:37:54 UTC 2014 + Serial Number (hex): 00fd68778503fae8906af0463ad2230123 + Revoked at: Thu Jan 30 11:27:53 UTC 2014 + Serial Number (hex): 3e4ebe023f297c1ce3c22f4be6695b04 + Revoked at: Thu Jan 30 14:26:53 UTC 2014 + Serial Number (hex): 405e0c99753a348d3674f724da975084 + Revoked at: Thu Jan 30 17:32:23 UTC 2014 + Serial Number (hex): 0096ef8338e18a1e9ae562421dd0a3ddff + Revoked at: Thu Jan 30 18:06:07 UTC 2014 + Serial Number (hex): 099b9309a8a18468750249e6194ceeb2 + Revoked at: Thu Jan 30 20:24:51 UTC 2014 + Serial Number (hex): 00fc29ef2e9ef26aa7d84ee368b8cac332 + Revoked at: Thu Jan 30 20:33:37 UTC 2014 + Serial Number (hex): 521cdff2df3e9d4e2b74b43e05a50834 + Revoked at: Thu Jan 30 20:53:30 UTC 2014 + Serial Number (hex): 455b620e502502cf954dd4622e58cbb9 + Revoked at: Thu Jan 30 21:38:41 UTC 2014 + Serial Number (hex): 091a0957f08d8ea2729a69881e015bbc + Revoked at: Thu Jan 30 22:29:20 UTC 2014 + Serial Number (hex): 7bbf454ad8fb31d68042f45ebe3bbce6 + Revoked at: Thu Jan 30 23:12:55 UTC 2014 + Serial Number (hex): 5859659392c1ecbce148afbbbfbe3c32 + Revoked at: Thu Jan 30 23:13:15 UTC 2014 + Serial Number (hex): 37cb29d80f493e57225cc2c5a6e94532 + Revoked at: Fri Jan 31 09:12:14 UTC 2014 + Serial Number (hex): 00dc5deefd4b113af7d429f420b8b7ed6a + Revoked at: Fri Jan 31 13:55:04 UTC 2014 + Serial Number (hex): 1b4106d384a8c9362871fc8acd54e155 + Revoked at: Fri Jan 31 14:11:25 UTC 2014 + Serial Number (hex): 69a64dafe23efcea458e60d0e9cfda26 + Revoked at: Fri Jan 31 14:31:34 UTC 2014 + Serial Number (hex): 527a95ba5e3781f81237cdfa245a35a0 + Revoked at: Fri Jan 31 14:35:03 UTC 2014 + Serial Number (hex): 00ca7981ee4bef268705a6291b79bccf63 + Revoked at: Fri Jan 31 14:59:45 UTC 2014 + Serial Number (hex): 25a573d55037e1f829a64cb57b1555b5 + Revoked at: Fri Jan 31 15:00:03 UTC 2014 + Serial Number (hex): 0085fead77f4e9e401b45b910238b3e79c + Revoked at: Fri Jan 31 15:22:39 UTC 2014 + Serial Number (hex): 1c98ab436deaa8bfbd9823646976bb50 + Revoked at: Fri Jan 31 15:27:47 UTC 2014 + Serial Number (hex): 00d4252e293c50ac217a821cdce435c45f + Revoked at: Fri Jan 31 15:43:00 UTC 2014 + Serial Number (hex): 00de55649594e0e4df2574087d164bd32c + Revoked at: Fri Jan 31 15:45:37 UTC 2014 + Serial Number (hex): 00e68a40579c09c74ed88ebaf4fa59f33c + Revoked at: Fri Jan 31 16:05:54 UTC 2014 + Serial Number (hex): 00a707bc96046497ebabb13a1fa110d106 + Revoked at: Fri Jan 31 17:13:29 UTC 2014 + Serial Number (hex): 343b16e0b5b244241cc0bc538845deac + Revoked at: Fri Jan 31 17:17:14 UTC 2014 + Serial Number (hex): 00ae710e0160c39de927808c526ccac26d + Revoked at: Fri Jan 31 17:24:42 UTC 2014 + Serial Number (hex): 00eefd22b3162b3503ec63f9f8c83d73b9 + Revoked at: Fri Jan 31 17:24:59 UTC 2014 + Serial Number (hex): 00e31d8ae788f94a2a4840ec5a6105ee28 + Revoked at: Fri Jan 31 17:25:18 UTC 2014 + Serial Number (hex): 00ab9b66a3f9f77949620d21c8e5961f84 + Revoked at: Fri Jan 31 18:49:37 UTC 2014 + Serial Number (hex): 4f906decd02392a75c7e97fde5749ba3 + Revoked at: Fri Jan 31 19:19:58 UTC 2014 + Serial Number (hex): 009a9b559c054203479da7316ca6f517f4 + Revoked at: Fri Jan 31 19:25:37 UTC 2014 + Serial Number (hex): 4aecb73224b6ad5d960f734d5be1aa03 + Revoked at: Fri Jan 31 19:26:42 UTC 2014 + Serial Number (hex): 5346ea092db71027b45d945713286e55 + Revoked at: Fri Jan 31 19:41:45 UTC 2014 + Serial Number (hex): 00bfda7d85aad48633a90992f34add2e8d + Revoked at: Fri Jan 31 21:03:33 UTC 2014 + Serial Number (hex): 697da39ce548fb630367f5334bf27112 + Revoked at: Sun Feb 02 18:15:33 UTC 2014 + Serial Number (hex): 71e35b501e80b4b6451fc7647333184c + Revoked at: Mon Feb 03 08:06:14 UTC 2014 + Serial Number (hex): 256e3343fd3070117fc69b6eed02252a + Revoked at: Mon Feb 03 13:38:14 UTC 2014 + Serial Number (hex): 00afa8a549c1ee21ade26709b997c2f895 + Revoked at: Mon Feb 03 13:53:21 UTC 2014 + Serial Number (hex): 00f09377de6614ed70af8c2c9bcc24fc81 + Revoked at: Mon Feb 03 14:44:35 UTC 2014 + Serial Number (hex): 16d0d0636d967e6dfb54adb574eadad1 + Revoked at: Mon Feb 03 14:44:48 UTC 2014 + Serial Number (hex): 00a8c662aa8b02ddc68112abebbd529ea2 + Revoked at: Mon Feb 03 15:31:11 UTC 2014 + Serial Number (hex): 00aabb47f63b6b3c53fd113dd2712ff134 + Revoked at: Mon Feb 03 16:38:04 UTC 2014 + Serial Number (hex): 07fdc58ccbd503be0e973f3c9a7ed613 + Revoked at: Mon Feb 03 18:19:04 UTC 2014 + Serial Number (hex): 2546ee782414a5a201f7e7cc1789e429 + Revoked at: Mon Feb 03 18:22:48 UTC 2014 + Serial Number (hex): 00c1a03ffa0337bd3a1d5bc59908c7bd69 + Revoked at: Mon Feb 03 18:24:46 UTC 2014 + Serial Number (hex): 0090a45f49958054aa4b90d924ce977246 + Revoked at: Mon Feb 03 18:52:28 UTC 2014 + Serial Number (hex): 00f9ebd05a112fbf1666232d788ea678d7 + Revoked at: Mon Feb 03 19:05:10 UTC 2014 + Serial Number (hex): 775c352c5a2660a44a1af515cf47f450 + Revoked at: Mon Feb 03 19:09:02 UTC 2014 + Serial Number (hex): 00a04abe639128955135e40d099f494fee + Revoked at: Mon Feb 03 19:36:28 UTC 2014 + Serial Number (hex): 72f05f2c43d977dd35231ccb2a7a52e5 + Revoked at: Mon Feb 03 20:38:05 UTC 2014 + Serial Number (hex): 00e68efed12695401efdeee0355c88510a + Revoked at: Mon Feb 03 20:44:49 UTC 2014 + Serial Number (hex): 00f8a238429ce219dda4c5f80fb81cc238 + Revoked at: Mon Feb 03 20:47:53 UTC 2014 + Serial Number (hex): 0089e4b35c4abe45a91663dc037358753f + Revoked at: Mon Feb 03 20:53:47 UTC 2014 + Serial Number (hex): 58638d6cc57305f7db977ad131bebd95 + Revoked at: Mon Feb 03 21:12:08 UTC 2014 + Serial Number (hex): 4b4b000c5781ab18045b6892054706d1 + Revoked at: Mon Feb 03 22:10:53 UTC 2014 + Serial Number (hex): 31d980622b3c79092be53f70de1783d1 + Revoked at: Mon Feb 03 22:10:59 UTC 2014 + Serial Number (hex): 0cd1812cbbbe54f6e46999bf34dbc727 + Revoked at: Tue Feb 04 07:08:21 UTC 2014 + Serial Number (hex): 009eda025ef9be6998e2707552140f1d + Revoked at: Tue Feb 04 07:57:44 UTC 2014 + Serial Number (hex): 7fd083f1c6f672b587828cd0d21b36c5 + Revoked at: Tue Feb 04 10:55:29 UTC 2014 + Serial Number (hex): 00ec9b1be6897cd2207ade0534811f366e + Revoked at: Tue Feb 04 10:55:30 UTC 2014 + Serial Number (hex): 0090c7aa1cf6abf2a950ed9a48fef8be75 + Revoked at: Tue Feb 04 10:55:30 UTC 2014 + Serial Number (hex): 00c6a71f037ea7dc73ec910c431da6e142 + Revoked at: Tue Feb 04 11:15:05 UTC 2014 + Serial Number (hex): 50125f7a2e20c9b1c5fdfa2db6975f8c + Revoked at: Tue Feb 04 11:45:39 UTC 2014 + Serial Number (hex): 00e7629cbee3c3cbfb6a36079d3fd08d0d + Revoked at: Tue Feb 04 11:50:16 UTC 2014 + Serial Number (hex): 2d67b946a9fedcb559f42c66489845ec + Revoked at: Tue Feb 04 12:01:18 UTC 2014 + Serial Number (hex): 00d32160bbe077dc29eb9ed3312a009bd1 + Revoked at: Tue Feb 04 13:53:50 UTC 2014 + Serial Number (hex): 71e0552a3df109a3729f63d1ca4fc044 + Revoked at: Tue Feb 04 14:42:41 UTC 2014 + Serial Number (hex): 00f7cf3561b31fa985f4188db2f54634c8 + Revoked at: Tue Feb 04 14:50:46 UTC 2014 + Serial Number (hex): 288d1b80d5cbb2b7aa71a8248576043e + Revoked at: Tue Feb 04 14:56:46 UTC 2014 + Serial Number (hex): 00c06191471ed55b9ce69f71cee6c378fd + Revoked at: Tue Feb 04 15:00:08 UTC 2014 + Serial Number (hex): 009992f8f5d8fc4dd202be70825dda41c6 + Revoked at: Tue Feb 04 15:06:13 UTC 2014 + Serial Number (hex): 3c39ff2ff5ddf1334bb5fea5384204a3 + Revoked at: Tue Feb 04 15:07:00 UTC 2014 + Serial Number (hex): 008aac327cbe4473413776a2fbc7795265 + Revoked at: Tue Feb 04 15:46:46 UTC 2014 + Serial Number (hex): 5f0da569249ce9b4ae2d6bc56345776f + Revoked at: Tue Feb 04 16:23:33 UTC 2014 + Serial Number (hex): 00bed18bd353f7101764dc14ec1e480e22 + Revoked at: Tue Feb 04 16:23:47 UTC 2014 + Serial Number (hex): 009569d34643e811f714dc276d5dd29b00 + Revoked at: Tue Feb 04 16:24:10 UTC 2014 + Serial Number (hex): 5649355b929cfc5ccc3756a87800f542 + Revoked at: Tue Feb 04 16:24:20 UTC 2014 + Serial Number (hex): 58a23982a6d17eb0a61e138e67f76414 + Revoked at: Tue Feb 04 16:50:33 UTC 2014 + Serial Number (hex): 00c49b2ddd49d618bbad3e4aa2dae7eb20 + Revoked at: Tue Feb 04 18:10:15 UTC 2014 + Serial Number (hex): 00a493e7cdb41030a571877ca9cac7aedd + Revoked at: Tue Feb 04 18:10:25 UTC 2014 + Serial Number (hex): 00e0ccc051d3da26991850b5ab33d1cf5b + Revoked at: Tue Feb 04 18:10:37 UTC 2014 + Serial Number (hex): 3905229b8ff1e211caaa82ff9cca8d9d + Revoked at: Tue Feb 04 18:38:37 UTC 2014 + Serial Number (hex): 00860afe03c3266bcd19e19f33e4565d20 + Revoked at: Tue Feb 04 18:45:54 UTC 2014 + Serial Number (hex): 266bd24b822e7b45fed47320fc33c439 + Revoked at: Tue Feb 04 19:07:05 UTC 2014 + Serial Number (hex): 15bdea6691b1cf3b8ca5bdff25e8fce0 + Revoked at: Tue Feb 04 19:10:11 UTC 2014 + Serial Number (hex): 49ef91e64dc47a1928c9721480a4b252 + Revoked at: Tue Feb 04 20:29:24 UTC 2014 + Serial Number (hex): 125f2f955c45cba1def726e0ccb4f58a + Revoked at: Tue Feb 04 20:44:42 UTC 2014 + Serial Number (hex): 57e38516b0db51545574fb17ed686fa4 + Revoked at: Tue Feb 04 21:01:17 UTC 2014 + Serial Number (hex): 3de0e023083a881ddb991ae7e2a6db53 + Revoked at: Tue Feb 04 21:06:04 UTC 2014 + Serial Number (hex): 343a737416a875501a9c5503e0fea85e + Revoked at: Wed Feb 05 12:45:38 UTC 2014 + Serial Number (hex): 008aabbd82e92e78ef4eb7c8601c54ff28 + Revoked at: Wed Feb 05 15:32:30 UTC 2014 + Serial Number (hex): 00b56bef6ecce9638182aaa83be9aa40a0 + Revoked at: Wed Feb 05 15:36:30 UTC 2014 + Serial Number (hex): 7f76ec17798dde1b1fc9747571c2daee + Revoked at: Wed Feb 05 15:40:32 UTC 2014 + Serial Number (hex): 3871371d9b7f1c34fa37411aed197009 + Revoked at: Wed Feb 05 15:50:31 UTC 2014 + Serial Number (hex): 688af71e82b9c92907431a2b3b78e10f + Revoked at: Wed Feb 05 15:58:42 UTC 2014 + Serial Number (hex): 230107ec5c42993cb6e322cedaabac9e + Revoked at: Wed Feb 05 16:00:27 UTC 2014 + Serial Number (hex): 00a0681bb7bf59b19b758af1376357c4f2 + Revoked at: Wed Feb 05 16:19:16 UTC 2014 + Serial Number (hex): 00a4e8fff377f83b09a2e7f42f262550f5 + Revoked at: Wed Feb 05 16:27:40 UTC 2014 + Serial Number (hex): 00e2b81d048c63d9bb9163a5ee9c4298bb + Revoked at: Wed Feb 05 16:38:17 UTC 2014 + Serial Number (hex): 00e53bc0c0194946d2234ce7a888269224 + Revoked at: Wed Feb 05 17:01:22 UTC 2014 + Serial Number (hex): 3e5b92b6fbf7d9f1006568d2061d7926 + Revoked at: Wed Feb 05 17:50:24 UTC 2014 + Serial Number (hex): 680eb4bb8ea6e14b0d8776016c1c8e25 + Revoked at: Wed Feb 05 17:50:29 UTC 2014 + Serial Number (hex): 5b9d513c311230f61bab1003d7020a33 + Revoked at: Wed Feb 05 17:51:16 UTC 2014 + Serial Number (hex): 00f460c5e13f97120b702b1c34b2f99930 + Revoked at: Wed Feb 05 17:54:33 UTC 2014 + Serial Number (hex): 009701747aade0e7f942d6dd722123e8e9 + Revoked at: Wed Feb 05 18:02:10 UTC 2014 + Serial Number (hex): 00a4bb9311e5003a643456220bfbcfb84f + Revoked at: Wed Feb 05 18:12:57 UTC 2014 + Serial Number (hex): 00d23458265530ead902875969801e7c07 + Revoked at: Wed Feb 05 18:59:34 UTC 2014 + Serial Number (hex): 26312ff8c12f5e295631440754e1dc37 + Revoked at: Wed Feb 05 19:17:41 UTC 2014 + Serial Number (hex): 008a656f570f7684204fdaea9937a9afc4 + Revoked at: Wed Feb 05 19:56:23 UTC 2014 + Serial Number (hex): 00c9c66b1eb1a670fe1ac8fd1350a8e061 + Revoked at: Wed Feb 05 20:08:29 UTC 2014 + Serial Number (hex): 6e7ff3b0c5d6a6d279402900036c1e00 + Revoked at: Wed Feb 05 20:32:54 UTC 2014 + Serial Number (hex): 69243c86567e513b5a108eab12367326 + Revoked at: Thu Feb 06 11:35:06 UTC 2014 + Serial Number (hex): 63346a9120c565d6ad8980bfe09db7dc + Revoked at: Thu Feb 06 11:57:28 UTC 2014 + Serial Number (hex): 0080d7d23520c49ff59dc68899dda0bd2a + Revoked at: Thu Feb 06 14:00:53 UTC 2014 + Serial Number (hex): 00bf27655269a677dc7730431592c49b92 + Revoked at: Thu Feb 06 14:29:30 UTC 2014 + Serial Number (hex): 2652f236dd8e7b5f27be13c4cb917d29 + Revoked at: Thu Feb 06 16:52:53 UTC 2014 + Serial Number (hex): 285a34095daa583110ffb29ac1c08094 + Revoked at: Thu Feb 06 17:04:29 UTC 2014 + Serial Number (hex): 0080f65253f59f4e8b2970548938e5a25e + Revoked at: Thu Feb 06 17:06:06 UTC 2014 + Serial Number (hex): 3200289e4c2f71f1486691cfbf4e314d + Revoked at: Thu Feb 06 17:12:41 UTC 2014 + Serial Number (hex): 505f82067c58a192d6300d98bea0d8de + Revoked at: Thu Feb 06 17:27:09 UTC 2014 + Serial Number (hex): 00ed6aad1fdf942f4bee7edf41ce5d8594 + Revoked at: Thu Feb 06 17:30:23 UTC 2014 + Serial Number (hex): 76e060941e034ed205f1b11069367bbd + Revoked at: Thu Feb 06 17:43:24 UTC 2014 + Serial Number (hex): 00d453ec874f317bd32f02c6d097e273e0 + Revoked at: Thu Feb 06 17:44:45 UTC 2014 + Serial Number (hex): 3a38fd52bec1f83aba9a399edb9d8cf0 + Revoked at: Thu Feb 06 18:58:03 UTC 2014 + Serial Number (hex): 00a290c6c506166faf242fc32803e7144b + Revoked at: Thu Feb 06 18:59:10 UTC 2014 + Serial Number (hex): 773a85963725d999b08b4ef30b670d47 + Revoked at: Thu Feb 06 19:29:14 UTC 2014 + Serial Number (hex): 58cbfdc4977690884965c84680768c0f + Revoked at: Thu Feb 06 19:30:04 UTC 2014 + Serial Number (hex): 65a57b365dc00ae0b4ccf5dc82c0c5f1 + Revoked at: Thu Feb 06 20:15:13 UTC 2014 + Serial Number (hex): 00dc9bf21ba7ff35a39d7a0c152616edd0 + Revoked at: Thu Feb 06 20:40:00 UTC 2014 + Serial Number (hex): 00d0d39fb30f9d6d8b89ec2e524d0f99f2 + Revoked at: Thu Feb 06 20:47:35 UTC 2014 + Serial Number (hex): 6d5f44ac8d4434f43ec8c7cdc8eef805 + Revoked at: Thu Feb 06 21:02:07 UTC 2014 + Serial Number (hex): 09049ff1b8076abc2314b5f2e5152dd2 + Revoked at: Thu Feb 06 21:05:05 UTC 2014 + Serial Number (hex): 6aa4c18be7eee49bfd943b19176dad50 + Revoked at: Thu Feb 06 21:50:38 UTC 2014 + Serial Number (hex): 00ab78432edea505baaf280f82da25a204 + Revoked at: Thu Feb 06 22:01:02 UTC 2014 + Serial Number (hex): 00a93bc454302e6c4edc313dd6f9b6a782 + Revoked at: Thu Feb 06 22:25:29 UTC 2014 + Serial Number (hex): 00c8f626ca329d342faca05fec3af94b33 + Revoked at: Thu Feb 06 23:25:18 UTC 2014 + Serial Number (hex): 009a2f1d2687e46128e6be53828afec4f2 + Revoked at: Fri Feb 07 01:58:06 UTC 2014 + Serial Number (hex): 716318fd97891c78108095ecae65990d + Revoked at: Fri Feb 07 08:31:53 UTC 2014 + Serial Number (hex): 00f5df98a047037936e61cabd0ac62c6c5 + Revoked at: Fri Feb 07 09:01:14 UTC 2014 + Serial Number (hex): 1efcf60d89cf0e007bfebe804150cf0e + Revoked at: Fri Feb 07 09:12:17 UTC 2014 + Serial Number (hex): 00d5c5f5b146df7b512443058b398958e8 + Revoked at: Fri Feb 07 09:23:35 UTC 2014 + Serial Number (hex): 00e274639cec32e4c8bf04f701d6786d4b + Revoked at: Fri Feb 07 10:42:13 UTC 2014 + Serial Number (hex): 00bc9e2d3f0a4277aac2d65a0e1e5a790b + Revoked at: Fri Feb 07 14:57:08 UTC 2014 + Serial Number (hex): 00d8412876d5093ad04355c0f60ef36ba3 + Revoked at: Fri Feb 07 15:42:46 UTC 2014 + Serial Number (hex): 6cdce127534aaaa595ceb6e70d46992b + Revoked at: Fri Feb 07 16:44:08 UTC 2014 + Serial Number (hex): 5e5f86ce634076ad7571c52c9fec5142 + Revoked at: Fri Feb 07 16:47:01 UTC 2014 + Serial Number (hex): 00dab5efa40a6b92c3d0a88621aec47f75 + Revoked at: Fri Feb 07 17:35:28 UTC 2014 + Serial Number (hex): 008afc6d5806bac80dd875203d459f08e9 + Revoked at: Fri Feb 07 17:48:08 UTC 2014 + Serial Number (hex): 57a5aa140a1458b6dbeadf362ee5b02a + Revoked at: Fri Feb 07 17:48:36 UTC 2014 + Serial Number (hex): 28ca6d21401fdc7bf707590836749abc + Revoked at: Fri Feb 07 17:49:28 UTC 2014 + Serial Number (hex): 08b883e7f34e2ca4dc3d246f71d89af9 + Revoked at: Fri Feb 07 18:00:37 UTC 2014 + Serial Number (hex): 009c4f6f9ff9961f4cf850ec94c736c9ff + Revoked at: Fri Feb 07 18:11:54 UTC 2014 + Serial Number (hex): 38bbbf5827c2f69ddb74be78feb505de + Revoked at: Fri Feb 07 18:36:46 UTC 2014 + Serial Number (hex): 21ba51ec800bf28c2e7eecc7f7b61030 + Revoked at: Fri Feb 07 19:37:03 UTC 2014 + Serial Number (hex): 008b2b90534c0a0f9a5373bb2458ef35f5 + Revoked at: Fri Feb 07 20:20:16 UTC 2014 + Serial Number (hex): 5872715c7b9c594df58388aa0785eda9 + Revoked at: Fri Feb 07 21:15:36 UTC 2014 + Serial Number (hex): 294db05bc4388d4ac9c45b78b2a59fb7 + Revoked at: Fri Feb 07 21:38:04 UTC 2014 + Serial Number (hex): 00a81decfef7f59058dcfde244c2fd1eb7 + Revoked at: Fri Feb 07 21:39:15 UTC 2014 + Serial Number (hex): 62687f2093456ea5908e741ddb71b178 + Revoked at: Fri Feb 07 21:39:47 UTC 2014 + Serial Number (hex): 0089e656977895b043f9ce087933365a8c + Revoked at: Fri Feb 07 21:42:11 UTC 2014 + Serial Number (hex): 0090ac58691ffad35436f92a35f48f84a5 + Revoked at: Fri Feb 07 22:04:30 UTC 2014 + Serial Number (hex): 0aa7816716f40bb7650b06856dab639d + Revoked at: Fri Feb 07 23:18:01 UTC 2014 + Serial Number (hex): 00bf3061b8402cca1c7a2a3045ca30d428 + Revoked at: Fri Feb 07 23:18:36 UTC 2014 + Serial Number (hex): 00cfa7d53a25cb37e18ac73bbee7a47894 + Revoked at: Fri Feb 07 23:45:57 UTC 2014 + Serial Number (hex): 23e9e6ba01a9545b82b6192c7f79eace + Revoked at: Mon Feb 10 11:20:45 UTC 2014 + Serial Number (hex): 31817e93c479fc4cd297384a8844a036 + Revoked at: Mon Feb 10 13:57:51 UTC 2014 + Serial Number (hex): 00822539381377422a2e3b277dcb26cc24 + Revoked at: Mon Feb 10 14:42:37 UTC 2014 + Serial Number (hex): 06b12e341b206fbbb5e8159e4cef3ff1 + Revoked at: Mon Feb 10 15:38:08 UTC 2014 + Serial Number (hex): 008bf7525985261b294e4bdbf60c91077d + Revoked at: Mon Feb 10 16:55:15 UTC 2014 + Serial Number (hex): 009897e28e5e6db6a81b205f20321e6fb0 + Revoked at: Mon Feb 10 18:38:48 UTC 2014 + Serial Number (hex): 00e8db656e286e638400791c106cf573fb + Revoked at: Mon Feb 10 18:52:11 UTC 2014 + Serial Number (hex): 00886e28f9346fa74770c4dec219b52f70 + Revoked at: Mon Feb 10 20:13:09 UTC 2014 + Serial Number (hex): 3520074828322605b5cf74ed4b2a265d + Revoked at: Mon Feb 10 20:13:35 UTC 2014 + Serial Number (hex): 52b0651f031ebf03d023dbdbb34486ba + Revoked at: Mon Feb 10 20:13:51 UTC 2014 + Serial Number (hex): 230a82f5c38a1c674af728b79ed851f6 + Revoked at: Mon Feb 10 20:17:27 UTC 2014 + Serial Number (hex): 00c2014830b85d01b67673d20eb377f14f + Revoked at: Mon Feb 10 20:35:02 UTC 2014 + Serial Number (hex): 00d64091cad2900e3489092b3d7d4037ec + Revoked at: Mon Feb 10 20:39:05 UTC 2014 + Serial Number (hex): 5051df12eb4c272004b7c22235b31c6e + Revoked at: Mon Feb 10 20:57:55 UTC 2014 + Serial Number (hex): 6e68adb6a0bf3b6c863a52dabae5ee94 + Revoked at: Mon Feb 10 21:24:24 UTC 2014 + Serial Number (hex): 00881218feca20920900544e1248202562 + Revoked at: Mon Feb 10 21:36:40 UTC 2014 + Serial Number (hex): 435a3bd3d6265d1cf0ae9b093a554164 + Revoked at: Mon Feb 10 22:24:42 UTC 2014 + Serial Number (hex): 0a5717b80b64dd10b08acc1f5a7300ff + Revoked at: Tue Feb 11 01:51:37 UTC 2014 + Serial Number (hex): 5f0e05d9d6133ee5df7013636cd131d3 + Revoked at: Tue Feb 11 08:22:19 UTC 2014 + Serial Number (hex): 009283a8ad44d7060c276b83b83c86b3c2 + Revoked at: Tue Feb 11 09:48:24 UTC 2014 + Serial Number (hex): 00935b30a2663f66ea344bbc61cb589161 + Revoked at: Tue Feb 11 13:30:52 UTC 2014 + Serial Number (hex): 00fb282525f78c21a617fc0fa0e7e8df95 + Revoked at: Tue Feb 11 14:25:59 UTC 2014 + Serial Number (hex): 00d60b54876f988a4a64eff6c3bbe4f406 + Revoked at: Tue Feb 11 18:51:22 UTC 2014 + Serial Number (hex): 00acead39ad6870767e5a597e4691ea6a7 + Revoked at: Tue Feb 11 22:24:13 UTC 2014 + Serial Number (hex): 5290fc4fac0e5152a3564816486dd359 + Revoked at: Wed Feb 12 05:04:26 UTC 2014 + Serial Number (hex): 15288d5a6dd1c3a5bc69862655a2ce38 + Revoked at: Wed Feb 12 09:46:51 UTC 2014 + Serial Number (hex): 00b58b5985b196b9950e4c7d9a7acb61ec + Revoked at: Wed Feb 12 12:35:56 UTC 2014 + Serial Number (hex): 290f3eaf846dd0c81e805ad9b0b6b775 + Revoked at: Wed Feb 12 13:18:07 UTC 2014 + Serial Number (hex): 00a7553cbbf4463b81899143c47267bc49 + Revoked at: Wed Feb 12 13:30:09 UTC 2014 + Serial Number (hex): 009f9004377d9deb5bfd3e5e9ccedeb1c4 + Revoked at: Wed Feb 12 13:59:29 UTC 2014 + Serial Number (hex): 00b7eea99c13093fa9e7a297b97430af00 + Revoked at: Wed Feb 12 13:59:55 UTC 2014 + Serial Number (hex): 00a273731620a90e1168250aa2f571750b + Revoked at: Wed Feb 12 14:00:21 UTC 2014 + Serial Number (hex): 00b45f9bea97c89e7c52248392d082f4ab + Revoked at: Wed Feb 12 14:00:40 UTC 2014 + Serial Number (hex): 00ad959056c7619df8616e3375849bf0cb + Revoked at: Wed Feb 12 15:49:44 UTC 2014 + Serial Number (hex): 00fe57ef9e266a725dd9ea632100909f2a + Revoked at: Wed Feb 12 15:55:49 UTC 2014 + Serial Number (hex): 4f487851c3f960fcaff5f8804ba2b855 + Revoked at: Wed Feb 12 17:06:58 UTC 2014 + Serial Number (hex): 00a9c63e4c2b418177633ded1a566e0608 + Revoked at: Wed Feb 12 17:32:37 UTC 2014 + Serial Number (hex): 00ab97647541491340122f7d448f355fae + Revoked at: Wed Feb 12 17:56:47 UTC 2014 + Serial Number (hex): 00fc3c3feea12d383cb67e9fcea08a68bc + Revoked at: Wed Feb 12 20:32:56 UTC 2014 + Serial Number (hex): 1e6977e52562636ba5bf88027571dd00 + Revoked at: Wed Feb 12 21:12:02 UTC 2014 + Serial Number (hex): 00f357fc94536183a51e54cc60208defc2 + Revoked at: Thu Feb 13 08:06:41 UTC 2014 + Serial Number (hex): 2d7b4cd14f44a9a46bc67010d8a9ae2e + Revoked at: Thu Feb 13 08:17:35 UTC 2014 + Serial Number (hex): 1fa1e8edbc008fe3e70c2499cb36042c + Revoked at: Thu Feb 13 14:34:25 UTC 2014 + Serial Number (hex): 2bf0681a76e592ffde682c4d764714d8 + Revoked at: Thu Feb 13 14:38:33 UTC 2014 + Serial Number (hex): 008c005998e355eff4f07d3c3257976366 + Revoked at: Thu Feb 13 14:54:47 UTC 2014 + Serial Number (hex): 3e371a5a109d46ff732f564fc87a6920 + Revoked at: Thu Feb 13 15:16:04 UTC 2014 + Serial Number (hex): 1b1d5db266ae1a8d6b2d46dfec0b0cda + Revoked at: Thu Feb 13 15:16:27 UTC 2014 + Serial Number (hex): 6ffc915f2f47a7e1d0d04eb48816a626 + Revoked at: Thu Feb 13 15:32:05 UTC 2014 + Serial Number (hex): 00c0659e4c0d10a8bd816d351ae6ffc9fb + Revoked at: Thu Feb 13 15:32:28 UTC 2014 + Serial Number (hex): 109ad3a506a348e8d1748f775ebfbd62 + Revoked at: Thu Feb 13 15:35:06 UTC 2014 + Serial Number (hex): 00b90ff0735f743f7e77dac27ac8604157 + Revoked at: Thu Feb 13 15:39:32 UTC 2014 + Serial Number (hex): 1dd32869fb27db281ee08c6a38f1ace0 + Revoked at: Thu Feb 13 15:47:11 UTC 2014 + Serial Number (hex): 00cec085871a8c2538358b316918a8b4af + Revoked at: Thu Feb 13 15:48:56 UTC 2014 + Serial Number (hex): 00f7340317afac5c0627fb69cf6e59dec6 + Revoked at: Thu Feb 13 15:49:54 UTC 2014 + Serial Number (hex): 00e050d212d517cf9199e9c44c3317530e + Revoked at: Thu Feb 13 16:40:27 UTC 2014 + Serial Number (hex): 71415f2263f68648b577b0c6cd821a5a + Revoked at: Thu Feb 13 16:41:08 UTC 2014 + Serial Number (hex): 00ce1ddf6f5c12078928785ade26f5e5d3 + Revoked at: Thu Feb 13 17:15:15 UTC 2014 + Serial Number (hex): 009e1fec0cc20a9c75a5d5abf48ecc112b + Revoked at: Thu Feb 13 17:24:18 UTC 2014 + Serial Number (hex): 4f57337888507d7467205b57d66c2fff + Revoked at: Thu Feb 13 18:31:46 UTC 2014 + Serial Number (hex): 380922410b2ff02250ae310b01e7c069 + Revoked at: Thu Feb 13 20:24:38 UTC 2014 + Serial Number (hex): 61e6d5dd6f2a9af1bdb38e26d22c937e + Revoked at: Thu Feb 13 21:10:57 UTC 2014 + Serial Number (hex): 24f5b05001d13c3bdf9b99ee5c8274a8 + Revoked at: Fri Feb 14 05:21:15 UTC 2014 + Serial Number (hex): 00986cbdd135155269342de91ff02db99d + Revoked at: Fri Feb 14 12:12:42 UTC 2014 + Serial Number (hex): 00d47209755aec9213c3f63f019227cd06 + Revoked at: Fri Feb 14 13:33:25 UTC 2014 + Serial Number (hex): 3245cb532d334e9f2bd054c51a42ce99 + Revoked at: Fri Feb 14 15:24:52 UTC 2014 + Serial Number (hex): 00d716cc94233c3f854a3e9c04e1e7add5 + Revoked at: Fri Feb 14 15:57:26 UTC 2014 + Serial Number (hex): 707a6476ec015f752418459c41195063 + Revoked at: Fri Feb 14 15:59:21 UTC 2014 + Serial Number (hex): 00e1495f174e88fafbcfe14628f73609a9 + Revoked at: Fri Feb 14 16:29:58 UTC 2014 + Serial Number (hex): 00e5cdc32ddafd6a1b5a4397891c1b2acd + Revoked at: Fri Feb 14 16:56:48 UTC 2014 + Serial Number (hex): 5e700dc6796515fc2bc4858e33e52bb5 + Revoked at: Fri Feb 14 16:57:05 UTC 2014 + Serial Number (hex): 1b4d4886bacc2747ee370b637eab89ad + Revoked at: Fri Feb 14 17:00:45 UTC 2014 + Serial Number (hex): 00d1ccad0978668dd25cd1fb045a5bc083 + Revoked at: Fri Feb 14 17:01:03 UTC 2014 + Serial Number (hex): 2f4d36c9d1e4a22e76dd8e7a14cfb336 + Revoked at: Fri Feb 14 19:31:42 UTC 2014 + Serial Number (hex): 00fd4a34bc3b89d13c32b1454593f30e1d + Revoked at: Fri Feb 14 20:47:33 UTC 2014 + Serial Number (hex): 008c9e55c02438f1b8288f6c5c559e5ab2 + Revoked at: Fri Feb 14 20:47:42 UTC 2014 + Serial Number (hex): 7b7513a609afbccc6984516b002c1fdb + Revoked at: Fri Feb 14 20:47:58 UTC 2014 + Serial Number (hex): 00aa2635c2d55bfd271f676fc4b6c655ea + Revoked at: Fri Feb 14 20:51:50 UTC 2014 + Serial Number (hex): 5e6eb7ce8e1662ea7fa6364d8c935b56 + Revoked at: Fri Feb 14 21:01:05 UTC 2014 + Serial Number (hex): 1f709a0d743ea0f43400a338c796a21f + Revoked at: Fri Feb 14 21:15:43 UTC 2014 + Serial Number (hex): 00ae8e08dfc221be92f4cae63220f20b40 + Revoked at: Fri Feb 14 21:46:18 UTC 2014 + Serial Number (hex): 00f477c4330abccf3c0c5e463522c65f8d + Revoked at: Sat Feb 15 10:31:32 UTC 2014 + Serial Number (hex): 00eead89acd55c1ead81749ff99d6d676e + Revoked at: Sun Feb 16 21:34:13 UTC 2014 + Serial Number (hex): 00ef49331aba8c8aa82ae4854454cc45b8 + Revoked at: Mon Feb 17 08:02:00 UTC 2014 + Serial Number (hex): 451e133345bab0b3822dda286e6e017f + Revoked at: Mon Feb 17 08:55:55 UTC 2014 + Serial Number (hex): 00f8fa32a5556837e7deb91678a8685d52 + Revoked at: Mon Feb 17 09:10:35 UTC 2014 + Serial Number (hex): 00dd6297fbf6f07ef7b64e2633e0b0884a + Revoked at: Mon Feb 17 09:20:14 UTC 2014 + Serial Number (hex): 00a3ae0d56337effd16eb8a07f212372a1 + Revoked at: Mon Feb 17 09:48:35 UTC 2014 + Serial Number (hex): 15164458021def3be4823d0d3f24a22c + Revoked at: Mon Feb 17 14:03:47 UTC 2014 + Serial Number (hex): 0613d6ac03794072d087c6ebf8e92c82 + Revoked at: Mon Feb 17 14:46:18 UTC 2014 + Serial Number (hex): 008afd3c20826a102c0bd4b539fac8ccdd + Revoked at: Mon Feb 17 14:46:27 UTC 2014 + Serial Number (hex): 1b7fa9a953b6e27afd509cefaa3f37e1 + Revoked at: Mon Feb 17 18:48:21 UTC 2014 + Serial Number (hex): 739e5742a08246ed985ac8bd360ab841 + Revoked at: Mon Feb 17 19:44:00 UTC 2014 + Serial Number (hex): 4f831757b85b254545869880f46e0936 + Revoked at: Mon Feb 17 21:50:55 UTC 2014 + Serial Number (hex): 00b5188cc828432658d529b07894243df1 + Revoked at: Mon Feb 17 21:51:01 UTC 2014 + Serial Number (hex): 73ecde4910eab072624eceababdb96ec + Revoked at: Mon Feb 17 21:51:07 UTC 2014 + Serial Number (hex): 015f1715da19d5e0094f98c39219d6c3 + Revoked at: Tue Feb 18 10:33:58 UTC 2014 + Serial Number (hex): 00c8f55e3aa2405605e0155aa6ac1dda28 + Revoked at: Tue Feb 18 10:34:17 UTC 2014 + Serial Number (hex): 23469783cca0e5895ac9d5e300a66d5a + Revoked at: Tue Feb 18 13:03:31 UTC 2014 + Serial Number (hex): 4206e5673e7cd26e92ccda3ee3b7c0c0 + Revoked at: Tue Feb 18 14:39:52 UTC 2014 + Serial Number (hex): 53cb96c34eace82bb202ac5172270f44 + Revoked at: Tue Feb 18 16:09:48 UTC 2014 + Serial Number (hex): 00e671f4eabfbee7319b9830eb7d9953bc + Revoked at: Tue Feb 18 16:20:54 UTC 2014 + Serial Number (hex): 7adf328d6a9770761a41f37b2aa8dc29 + Revoked at: Tue Feb 18 16:39:41 UTC 2014 + Serial Number (hex): 18af9589a98fc222a33c0c33f1e802d9 + Revoked at: Tue Feb 18 17:18:09 UTC 2014 + Serial Number (hex): 008341ffe851abd571fd003faa0263a40a + Revoked at: Tue Feb 18 17:32:16 UTC 2014 + Serial Number (hex): 33cf4778dcb92630c2331b3287b3f7f5 + Revoked at: Tue Feb 18 18:38:49 UTC 2014 + Serial Number (hex): 727b400567cb0977b01a228e36182011 + Revoked at: Tue Feb 18 18:45:16 UTC 2014 + Serial Number (hex): 09d57d8553971db851948ef254c55949 + Revoked at: Tue Feb 18 20:31:58 UTC 2014 + Serial Number (hex): 33422d081725e8b5936ccfb248443192 + Revoked at: Tue Feb 18 21:07:57 UTC 2014 + Serial Number (hex): 0083ac9bc1d0d08df15313d5b59086f93a + Revoked at: Tue Feb 18 21:56:10 UTC 2014 + Serial Number (hex): 3cf800dffc9466677cfda388bf7beb84 + Revoked at: Tue Feb 18 21:59:43 UTC 2014 + Serial Number (hex): 75a9e48924c98a65eb6bff7c772aaca7 + Revoked at: Tue Feb 18 22:01:50 UTC 2014 + Serial Number (hex): 5a10d8a29bfda1c2d1c027124ae95d2e + Revoked at: Wed Feb 19 12:09:05 UTC 2014 + Serial Number (hex): 00cdf06ace1393c825e50030ffc973495d + Revoked at: Wed Feb 19 12:54:21 UTC 2014 + Serial Number (hex): 009be5a4ce1d2c898b49931ded4594562c + Revoked at: Wed Feb 19 12:54:31 UTC 2014 + Serial Number (hex): 50ffec9d1bb72ee564e55e4e1943190d + Revoked at: Wed Feb 19 12:54:44 UTC 2014 + Serial Number (hex): 00cc88f40bead8859805afc1c0b7546316 + Revoked at: Wed Feb 19 13:06:33 UTC 2014 + Serial Number (hex): 00daadac0e878357c9835e7a59e3cf6a58 + Revoked at: Wed Feb 19 15:21:12 UTC 2014 + Serial Number (hex): 00db5477a3f1abeed47d9d23a692a79e7a + Revoked at: Wed Feb 19 16:37:04 UTC 2014 + Serial Number (hex): 72aa2b42d6415933cfce7f2fdff4fe50 + Revoked at: Wed Feb 19 16:58:31 UTC 2014 + Serial Number (hex): 009608becd4af2aca47d1558071c4af42d + Revoked at: Wed Feb 19 17:42:43 UTC 2014 + Serial Number (hex): 50ebbc87f1ccefad4db4bc26b9487dd7 + Revoked at: Wed Feb 19 19:32:06 UTC 2014 + Serial Number (hex): 0b4e197fbcda35fa781c5af9c67fe089 + Revoked at: Wed Feb 19 19:40:04 UTC 2014 + Serial Number (hex): 4e3be7e7a4ee6eabaaca3eb3c86fcd26 + Revoked at: Wed Feb 19 20:03:28 UTC 2014 + Serial Number (hex): 00f128a4de57d68846a9f0923756afe81b + Revoked at: Wed Feb 19 20:04:46 UTC 2014 + Serial Number (hex): 00c6671fa78053802f7df8a4a7e7a044f3 + Revoked at: Wed Feb 19 21:27:38 UTC 2014 + Serial Number (hex): 0a6fe0b9f176ef810ace72a3082e449c + Revoked at: Wed Feb 19 21:35:26 UTC 2014 + Serial Number (hex): 01bf55db921d566e1ae7854995c17596 + Revoked at: Thu Feb 20 09:34:42 UTC 2014 + Serial Number (hex): 00e925589913fd7285033eb816014ba92c + Revoked at: Thu Feb 20 10:30:46 UTC 2014 + Serial Number (hex): 0caad228ffef2f198301ac89e737385a + Revoked at: Thu Feb 20 11:51:56 UTC 2014 + Serial Number (hex): 009d4eabb1538bf01e65867991bf42b067 + Revoked at: Thu Feb 20 14:32:51 UTC 2014 + Serial Number (hex): 00b40ef2787cc3dd28961ff7108d67ec90 + Revoked at: Thu Feb 20 14:44:29 UTC 2014 + Serial Number (hex): 07e0d3959fe2d6287235b72805b0e55a + Revoked at: Thu Feb 20 14:47:59 UTC 2014 + Serial Number (hex): 1e627cadd9c6048cf5c933c627157e42 + Revoked at: Thu Feb 20 15:54:20 UTC 2014 + Serial Number (hex): 60a8d6ce371c8fee5f8626556512f580 + Revoked at: Thu Feb 20 15:54:39 UTC 2014 + Serial Number (hex): 70a79add32f4eba4e4ae8cb6ad1a469e + Revoked at: Thu Feb 20 15:55:14 UTC 2014 + Serial Number (hex): 2076188f04177cf00431d254f30efe4c + Revoked at: Thu Feb 20 17:51:50 UTC 2014 + Serial Number (hex): 00b5ee615043a4a3466a02996ca6eeadad + Revoked at: Thu Feb 20 18:34:08 UTC 2014 + Serial Number (hex): 009401f64644ed1c90b095f67801ea96df + Revoked at: Thu Feb 20 18:59:57 UTC 2014 + Serial Number (hex): 316b14ee0aebca686d07ddb5e6ccac45 + Revoked at: Thu Feb 20 19:22:43 UTC 2014 + Serial Number (hex): 00f7492908746a755dd3a54b6235810146 + Revoked at: Thu Feb 20 19:24:45 UTC 2014 + Serial Number (hex): 00a8b6871076c9cba30af51cf2dd548bca + Revoked at: Thu Feb 20 19:37:36 UTC 2014 + Serial Number (hex): 21a1b2f13e24475fe80caedfc2d39f1d + Revoked at: Thu Feb 20 20:26:05 UTC 2014 + Serial Number (hex): 00cc19d465f32b5e630ee576f632821527 + Revoked at: Thu Feb 20 21:04:12 UTC 2014 + Serial Number (hex): 44ae2b8293d8f52b7248537577f500bd + Revoked at: Thu Feb 20 21:37:44 UTC 2014 + Serial Number (hex): 00ab2b6e6a952f09d4b9fee1dd32497f60 + Revoked at: Thu Feb 20 22:10:33 UTC 2014 + Serial Number (hex): 744e60d2cb04363ff4f3473ec52c0814 + Revoked at: Thu Feb 20 23:37:57 UTC 2014 + Serial Number (hex): 0089ba497b7babe6f072339901ff783957 + Revoked at: Fri Feb 21 09:13:17 UTC 2014 + Serial Number (hex): 00b8ed79e61687bfd3b5e1ba91af4a64c8 + Revoked at: Fri Feb 21 09:38:54 UTC 2014 + Serial Number (hex): 00b2e1874ce6b96fa03599610aa3f5c6d9 + Revoked at: Fri Feb 21 09:44:58 UTC 2014 + Serial Number (hex): 284dcff66e3a518b19c58ecd91d34ede + Revoked at: Fri Feb 21 11:26:07 UTC 2014 + Serial Number (hex): 00a8f89d6237ede5aaecb0baa9bb52b2cc + Revoked at: Fri Feb 21 12:03:14 UTC 2014 + Serial Number (hex): 0086c77dc6e9351b36f842d11d97deaa6a + Revoked at: Fri Feb 21 12:58:27 UTC 2014 + Serial Number (hex): 00efd7de7bf25252afa0c12be85adfeaef + Revoked at: Fri Feb 21 13:30:53 UTC 2014 + Serial Number (hex): 00b26bc8e748197c63f439b177c88be502 + Revoked at: Fri Feb 21 14:05:16 UTC 2014 + Serial Number (hex): 00d183f25f6c7338ad29e13de79f5d6a9b + Revoked at: Fri Feb 21 14:28:14 UTC 2014 + Serial Number (hex): 1fa10597a7a58ab885dac5b96f980822 + Revoked at: Fri Feb 21 15:59:45 UTC 2014 + Serial Number (hex): 00e0f7a11761fff070744887501ce16832 + Revoked at: Fri Feb 21 20:16:42 UTC 2014 + Serial Number (hex): 4cb5c5a4c66bb279c5e13b3742e1d757 + Revoked at: Fri Feb 21 21:05:08 UTC 2014 + Serial Number (hex): 00f0cb8830e0d265d236a136fb5a5948ee + Revoked at: Fri Feb 21 21:34:20 UTC 2014 + Serial Number (hex): 64ffca545af3ea56cd26ea96d52a8de6 + Revoked at: Fri Feb 21 21:36:01 UTC 2014 + Serial Number (hex): 5ec01cebecde90bfe110f0a1ac9fa0c5 + Revoked at: Sat Feb 22 05:07:00 UTC 2014 + Serial Number (hex): 00e2af02c1f81697c28f238fe29de393d4 + Revoked at: Sat Feb 22 17:13:02 UTC 2014 + Serial Number (hex): 35d50de35a8711207cfada9a36cd21b0 + Revoked at: Mon Feb 24 15:49:36 UTC 2014 + Serial Number (hex): 00cc8146fd8060a3c1714309620942ea0a + Revoked at: Mon Feb 24 17:33:46 UTC 2014 + Serial Number (hex): 0085d1055fd454b2e9f7b833142f3d39ed + Revoked at: Mon Feb 24 18:12:54 UTC 2014 + Serial Number (hex): 00acfa02024ac51ba23423113a1c25e134 + Revoked at: Mon Feb 24 18:13:12 UTC 2014 + Serial Number (hex): 00de08876c279a54a8dff1ca3eb043bccb + Revoked at: Mon Feb 24 20:05:38 UTC 2014 + Serial Number (hex): 00e72471094e417abb1bb9e3e6e84db7e8 + Revoked at: Mon Feb 24 20:35:37 UTC 2014 + Serial Number (hex): 00c270a0239d2460b40e9ff406f8ecc937 + Revoked at: Mon Feb 24 21:47:28 UTC 2014 + Serial Number (hex): 00f2fd39a6c59baa6eb1cb2470e7c529f0 + Revoked at: Mon Feb 24 21:47:31 UTC 2014 + Serial Number (hex): 008824d7d4e029f2c72b59f66d452efb28 + Revoked at: Mon Feb 24 21:50:22 UTC 2014 + Serial Number (hex): 00d1a353bd960b72282bf5857344bdac59 + Revoked at: Mon Feb 24 22:04:13 UTC 2014 + Serial Number (hex): 6e956f72028b5e91a6a0e1120f15528a + Revoked at: Tue Feb 25 02:07:22 UTC 2014 + Serial Number (hex): 4288353e7ac0381121a1dc1fc9220466 + Revoked at: Tue Feb 25 03:24:17 UTC 2014 + Serial Number (hex): 5cf7ae555db59dc2f7c567e19b54fea7 + Revoked at: Tue Feb 25 08:57:45 UTC 2014 + Serial Number (hex): 2a1fd02edfe8ca8a042d0296bdcedfa7 + Revoked at: Tue Feb 25 12:28:26 UTC 2014 + Serial Number (hex): 00e7dab88e4afe353f39af6c59bf41393a + Revoked at: Tue Feb 25 13:01:52 UTC 2014 + Serial Number (hex): 00961bb5a896f774feb20f2cd02afa232b + Revoked at: Tue Feb 25 15:00:41 UTC 2014 + Serial Number (hex): 0080fbc69a8299382f86ef6a32fcf4f62c + Revoked at: Tue Feb 25 15:32:10 UTC 2014 + Serial Number (hex): 009267c81a9329c3ff929aae4259dc1040 + Revoked at: Tue Feb 25 15:32:34 UTC 2014 + Serial Number (hex): 00b20566f7d990f7a9cfd8feb4f40391b1 + Revoked at: Tue Feb 25 15:33:12 UTC 2014 + Serial Number (hex): 00efa432719484d19c6df076fbdb8174b0 + Revoked at: Tue Feb 25 16:56:04 UTC 2014 + Serial Number (hex): 7d2cebfd8193c8fac9eb6706a95812fe + Revoked at: Tue Feb 25 17:13:42 UTC 2014 + Serial Number (hex): 2c7ec0d974f6321bbbd5ef325c77c03e + Revoked at: Tue Feb 25 17:32:02 UTC 2014 + Serial Number (hex): 00c5f8901e85c41c7cbbfad9c0d5bef459 + Revoked at: Tue Feb 25 17:43:01 UTC 2014 + Serial Number (hex): 07c75885119a3485b9445ad7ef3373f1 + Revoked at: Tue Feb 25 17:45:36 UTC 2014 + Serial Number (hex): 00f0d191180c4b49ced9c8e5b3f5d0a597 + Revoked at: Tue Feb 25 17:49:14 UTC 2014 + Serial Number (hex): 00b647ce0a2f439408021ba6374c0c5409 + Revoked at: Tue Feb 25 18:02:51 UTC 2014 + Serial Number (hex): 15ac07acb3cf3d3c3d78d5f525b9a784 + Revoked at: Tue Feb 25 19:44:24 UTC 2014 + Serial Number (hex): 14ff3ee34fb669f9bf1b8951a141e7b2 + Revoked at: Tue Feb 25 19:58:52 UTC 2014 + Serial Number (hex): 2f29002782fc75c3615e637398329192 + Revoked at: Tue Feb 25 20:08:57 UTC 2014 + Serial Number (hex): 3855f5cc785832502f48f69db7876539 + Revoked at: Tue Feb 25 22:31:31 UTC 2014 + Serial Number (hex): 00f7a4b7382b7ce9898e400d4d906b4629 + Revoked at: Tue Feb 25 22:31:45 UTC 2014 + Serial Number (hex): 740c707c0412095631ca4a218961bb80 + Revoked at: Tue Feb 25 22:31:57 UTC 2014 + Serial Number (hex): 00de702f41c4bedec325f72052fcca74c0 + Revoked at: Tue Feb 25 22:32:12 UTC 2014 + Serial Number (hex): 00b0fde51bf34d37102ae0a09dac1f6fcb + Revoked at: Tue Feb 25 22:32:30 UTC 2014 + Serial Number (hex): 00828ba1f598f21518c7ce6e7954294ad6 + Revoked at: Tue Feb 25 22:32:38 UTC 2014 + Serial Number (hex): 00d60d7f8687d0ac1d24ce2c76c11c14 + Revoked at: Wed Feb 26 09:15:38 UTC 2014 + Serial Number (hex): 00f83ffb590d0d51b3a0bb3f4e5c3f302f + Revoked at: Wed Feb 26 10:22:10 UTC 2014 + Serial Number (hex): 00e4e9942df08c6eff2869d38bb5b479a7 + Revoked at: Wed Feb 26 12:24:43 UTC 2014 + Serial Number (hex): 7f27e16ee7a8f2db34e9e49903c95495 + Revoked at: Wed Feb 26 15:19:23 UTC 2014 + Serial Number (hex): 00851a8ee0686d9ce1fa32d06c84310cf8 + Revoked at: Wed Feb 26 15:35:45 UTC 2014 + Serial Number (hex): 009fa0d6b0bc9a78ef145aa1a2b24a96f2 + Revoked at: Wed Feb 26 15:39:55 UTC 2014 + Serial Number (hex): 6059ad2154993cc088149d78421a189f + Revoked at: Wed Feb 26 15:47:32 UTC 2014 + Serial Number (hex): 30cefa5ea71e14533b83aae4541b02cc + Revoked at: Wed Feb 26 15:49:53 UTC 2014 + Serial Number (hex): 00fe1d393741f0dedbafadfb192794e741 + Revoked at: Wed Feb 26 15:54:32 UTC 2014 + Serial Number (hex): 6d54431c69d7180626838a47e8fad005 + Revoked at: Wed Feb 26 16:57:21 UTC 2014 + Serial Number (hex): 11e75eb7a6f257fcca205c3e22af6905 + Revoked at: Wed Feb 26 17:04:13 UTC 2014 + Serial Number (hex): 0af1beccbe4ab3fa1385dd947cbf5335 + Revoked at: Wed Feb 26 17:46:59 UTC 2014 + Serial Number (hex): 62be4bdc52003e33690b40e58313e546 + Revoked at: Wed Feb 26 19:03:54 UTC 2014 + Serial Number (hex): 00e7b39f9eb9e2bb0d8d4018a1fc8a0d55 + Revoked at: Wed Feb 26 19:21:03 UTC 2014 + Serial Number (hex): 11129f7553c045e53ac2f7cdd6e900cf + Revoked at: Wed Feb 26 19:21:23 UTC 2014 + Serial Number (hex): 00aee1c6b71df845c8bb00378385ce180e + Revoked at: Wed Feb 26 19:35:33 UTC 2014 + Serial Number (hex): 04968353896e61a691ddfa9592b0fbe5 + Revoked at: Wed Feb 26 20:04:19 UTC 2014 + Serial Number (hex): 7a2fdb34ccfceb6a08cf0a39f7d00e7e + Revoked at: Wed Feb 26 20:50:11 UTC 2014 + Serial Number (hex): 44d712302567e2c94d6d3d8a53de40a1 + Revoked at: Wed Feb 26 20:57:43 UTC 2014 + Serial Number (hex): 00810d8744c9d115aba999215aa8a4ed45 + Revoked at: Wed Feb 26 20:58:06 UTC 2014 + Serial Number (hex): 00d3a730cf823ee5cb775e60fde602a4c7 + Revoked at: Wed Feb 26 20:58:45 UTC 2014 + Serial Number (hex): 53970e1b5be6e656fb0d98abd35660d6 + Revoked at: Wed Feb 26 21:00:00 UTC 2014 + Serial Number (hex): 00e20b92b392296f426533913e6fae5111 + Revoked at: Wed Feb 26 21:01:47 UTC 2014 + Serial Number (hex): 0b48044b62db240761a7d64ccfa25ddf + Revoked at: Wed Feb 26 21:02:59 UTC 2014 + Serial Number (hex): 00bf8cb3f85b42b46947c2610a47c7e01f + Revoked at: Wed Feb 26 21:03:10 UTC 2014 + Serial Number (hex): 008e37cd992291adf12c09ac249642026e + Revoked at: Wed Feb 26 21:39:51 UTC 2014 + Serial Number (hex): 356b70bc3062c79ff30ca5a6d29b41e5 + Revoked at: Wed Feb 26 21:54:14 UTC 2014 + Serial Number (hex): 0a8ef4f607da385acf9414ec00e7a3af + Revoked at: Wed Feb 26 22:55:24 UTC 2014 + Serial Number (hex): 40fc23da49e4b9e902a321547536a58f + Revoked at: Thu Feb 27 03:22:04 UTC 2014 + Serial Number (hex): 1ffb3a303eeeb4c51796369c75d8d36b + Revoked at: Thu Feb 27 08:57:15 UTC 2014 + Serial Number (hex): 00dc9fa69552c87731367adba0db35bcf4 + Revoked at: Thu Feb 27 08:58:05 UTC 2014 + Serial Number (hex): 49381de69f0ca3f12713020c07358d71 + Revoked at: Thu Feb 27 09:00:55 UTC 2014 + Serial Number (hex): 4b79ab4cc05f8ec1b6e2e0f4f01d2189 + Revoked at: Thu Feb 27 09:01:05 UTC 2014 + Serial Number (hex): 0094b2910cadb68e472742231885d2d95f + Revoked at: Thu Feb 27 10:23:19 UTC 2014 + Serial Number (hex): 074d665bc5ac5ea94603d00b69c76482 + Revoked at: Thu Feb 27 14:40:40 UTC 2014 + Serial Number (hex): 00ba91cbdaebc6fffb92222533c5e10f78 + Revoked at: Thu Feb 27 18:20:24 UTC 2014 + Serial Number (hex): 49213286da25c2299f0bb8fa12a2561f + Revoked at: Thu Feb 27 19:01:32 UTC 2014 + Serial Number (hex): 00c02e9d9e0050944f03f11dd2b16383ca + Revoked at: Thu Feb 27 19:44:38 UTC 2014 + Serial Number (hex): 00b1c86fad4530ca2a8ce48e3aed7a5d2b + Revoked at: Thu Feb 27 20:13:09 UTC 2014 + Serial Number (hex): 00e47195cc2f1e42c0cb2a39ffe308d478 + Revoked at: Thu Feb 27 20:13:20 UTC 2014 + Serial Number (hex): 79ab924f5fb123a2fc4a3a5abe91195d + Revoked at: Thu Feb 27 20:13:44 UTC 2014 + Serial Number (hex): 009a3bc2b240e36ea18e2b6f25b9575d25 + Revoked at: Thu Feb 27 20:46:01 UTC 2014 + Serial Number (hex): 00b3bda1191d7b17abf3c63831bd670a4e + Revoked at: Thu Feb 27 20:54:28 UTC 2014 + Serial Number (hex): 50f6286c584940d7dddb7c604333ce84 + Revoked at: Thu Feb 27 21:04:47 UTC 2014 + Serial Number (hex): 0d548a466c377ee2b5993ffcf7c761f3 + Revoked at: Thu Feb 27 21:36:29 UTC 2014 + Serial Number (hex): 009e209243b0a910c65fa661f33474366e + Revoked at: Thu Feb 27 21:54:38 UTC 2014 + Serial Number (hex): 00e1154f5a4785b4375c9d8f8dff39bad6 + Revoked at: Thu Feb 27 22:12:04 UTC 2014 + Serial Number (hex): 00dce091f2b5a96c162e81a3d5bc266149 + Revoked at: Thu Feb 27 22:58:17 UTC 2014 + Serial Number (hex): 00fa3b28fa4a1b43e4e982ed5c7cebe40e + Revoked at: Thu Feb 27 22:58:24 UTC 2014 + Serial Number (hex): 1a840d1c278007f7b76d743ed9a954d5 + Revoked at: Thu Feb 27 23:41:57 UTC 2014 + Serial Number (hex): 00e42ab9855faf1b7f0d245ce04837fe64 + Revoked at: Fri Feb 28 05:33:44 UTC 2014 + Serial Number (hex): 00a3581c0c886a61f213e003264a92be06 + Revoked at: Fri Feb 28 05:33:51 UTC 2014 + Serial Number (hex): 621675d61b8008e5a99a9376e21b2e1b + Revoked at: Fri Feb 28 06:13:03 UTC 2014 + Serial Number (hex): 5cd7af889d2ef17b3fd518fa8572c917 + Revoked at: Fri Feb 28 11:26:34 UTC 2014 + Serial Number (hex): 0096b2243bbd9f3430e7f32d123c29e75f + Revoked at: Fri Feb 28 11:27:24 UTC 2014 + Serial Number (hex): 00da9a644581cdb2fa96041f28655f176d + Revoked at: Fri Feb 28 11:28:19 UTC 2014 + Serial Number (hex): 06f64a55a0fc4d5793a2e6cfe15ca625 + Revoked at: Fri Feb 28 11:29:02 UTC 2014 + Serial Number (hex): 00b3171fff82f5b0506854c945d2c8fa3b + Revoked at: Fri Feb 28 11:30:39 UTC 2014 + Serial Number (hex): 00bf47e33954c7ee3e282d9573f614ae31 + Revoked at: Fri Feb 28 11:31:53 UTC 2014 + Serial Number (hex): 665e1b104824ef367a9fe98eaf8a3fb5 + Revoked at: Fri Feb 28 11:32:38 UTC 2014 + Serial Number (hex): 00a7b9929a21225003a76372301890a64d + Revoked at: Fri Feb 28 11:33:34 UTC 2014 + Serial Number (hex): 0087394276392164f241c7ae495ad7a934 + Revoked at: Fri Feb 28 11:34:25 UTC 2014 + Serial Number (hex): 00e253d2b94eb213526a837c639392467e + Revoked at: Fri Feb 28 11:35:27 UTC 2014 + Serial Number (hex): 0081239b761ab5480618d16687bf4a75c1 + Revoked at: Fri Feb 28 11:36:18 UTC 2014 + Serial Number (hex): 00a811c8181288bf10f84f842e1dac2681 + Revoked at: Fri Feb 28 11:37:01 UTC 2014 + Serial Number (hex): 29d778a39229489a5868479a1586137f + Revoked at: Fri Feb 28 13:59:07 UTC 2014 + Serial Number (hex): 5596bfe643adfaf15ed75e6d4c6303a6 + Revoked at: Fri Feb 28 14:01:22 UTC 2014 + Serial Number (hex): 19885343d8b027b8c38b4bfaa2e2d13f + Revoked at: Fri Feb 28 14:21:11 UTC 2014 + Serial Number (hex): 05082085117f6eb9940aae410a95aa67 + Revoked at: Fri Feb 28 14:48:11 UTC 2014 + Serial Number (hex): 3a986471258626c14860f009f6791d26 + Revoked at: Fri Feb 28 14:53:42 UTC 2014 + Serial Number (hex): 0bf1d8c0d4eff2bf348f00d70a9a4cfc + Revoked at: Fri Feb 28 17:02:23 UTC 2014 + Serial Number (hex): 42a5680a6198202f97b1b3975e9c8ec3 + Revoked at: Fri Feb 28 18:29:23 UTC 2014 + Serial Number (hex): 00c550b430683790954fd2714647506bed + Revoked at: Fri Feb 28 19:17:11 UTC 2014 + Serial Number (hex): 37e340900f3d45e364752ed2640378c6 + Revoked at: Fri Feb 28 19:18:00 UTC 2014 + Serial Number (hex): 00f7b78f22ca9ec6c6dd7dcfd2055edcf2 + Revoked at: Fri Feb 28 19:29:06 UTC 2014 + Serial Number (hex): 3058804fcff0b92f1dcfcbb395c60905 + Revoked at: Fri Feb 28 21:00:08 UTC 2014 + Serial Number (hex): 00ee508ae5a5f9bbcbe61d98d322484828 + Revoked at: Fri Feb 28 21:05:34 UTC 2014 + Serial Number (hex): 008d61d3322ec7b4dac4ef52ab088ceb27 + Revoked at: Fri Feb 28 21:20:51 UTC 2014 + Serial Number (hex): 00f6976e85c22214f75dc23fe68d470540 + Revoked at: Fri Feb 28 21:23:15 UTC 2014 + Serial Number (hex): 385135505da2205a2ee7ec653dd885a4 + Revoked at: Fri Feb 28 21:25:18 UTC 2014 + Serial Number (hex): 37436db6e0062f6f502974838f58e3ef + Revoked at: Fri Feb 28 21:26:02 UTC 2014 + Serial Number (hex): 00ca0d0ac3969d080ce6de3792e852ddd2 + Revoked at: Fri Feb 28 21:26:24 UTC 2014 + Serial Number (hex): 089b232461db4db90e833634ab502ba7 + Revoked at: Fri Feb 28 21:26:43 UTC 2014 + Serial Number (hex): 61255a66918ca8e173674a54f8e53603 + Revoked at: Fri Feb 28 21:28:27 UTC 2014 + Serial Number (hex): 3169264e26c6f97b3cc230cb26c677a3 + Revoked at: Fri Feb 28 21:30:15 UTC 2014 + Serial Number (hex): 00d08f312ed99f0de7bffad70870d8a082 + Revoked at: Fri Feb 28 21:35:54 UTC 2014 + Serial Number (hex): 465cc56f0921bfa61cff528874b4a313 + Revoked at: Fri Feb 28 21:36:51 UTC 2014 + Serial Number (hex): 00ae6a11c613636131ff8f3635f6f3eb96 + Revoked at: Fri Feb 28 21:36:53 UTC 2014 + Serial Number (hex): 61b37b6a6e836f10b9bd0dd07fc6b339 + Revoked at: Fri Feb 28 21:38:23 UTC 2014 + Serial Number (hex): 06cbbb1a06503a67be8b75d099567097 + Revoked at: Fri Feb 28 21:38:37 UTC 2014 + Serial Number (hex): 00ce3f4cf7e72d07053e3790a8c06bb128 + Revoked at: Fri Feb 28 21:40:24 UTC 2014 + Serial Number (hex): 00fd825e9a448436b7f5d229ad5ce1fb76 + Revoked at: Fri Feb 28 21:44:54 UTC 2014 + Serial Number (hex): 458b3e7de4fe0e76de6cd5cd0a208228 + Revoked at: Fri Feb 28 21:47:14 UTC 2014 + Serial Number (hex): 00c678999c2ac7b0c8b8200cb21f24759e + Revoked at: Fri Feb 28 21:50:28 UTC 2014 + Serial Number (hex): 00a68a9e66f694e3a6da0340d85275d57e + Revoked at: Fri Feb 28 21:51:05 UTC 2014 + Serial Number (hex): 0092e22324c7508e7d49c0ab850d266fb3 + Revoked at: Fri Feb 28 21:55:05 UTC 2014 + Serial Number (hex): 00fca41c27cb23c4aac45413a188e6d8f2 + Revoked at: Fri Feb 28 21:55:21 UTC 2014 + Serial Number (hex): 00942dc994ee8894416efabba1cd7a1ffa + Revoked at: Fri Feb 28 21:57:05 UTC 2014 + Serial Number (hex): 120753e59173a8c30b7f7abc4ac0ea72 + Revoked at: Fri Feb 28 21:57:23 UTC 2014 + Serial Number (hex): 1ba3f221cd079bc702a793e3a2ecb985 + Revoked at: Fri Feb 28 22:51:58 UTC 2014 + Serial Number (hex): 00a63954e6905e7fa7081ca1d8fbc16093 + Revoked at: Sat Mar 01 16:04:33 UTC 2014 + Serial Number (hex): 00c5dc23bd2934140108dc176917da5c74 + Revoked at: Sun Mar 02 03:43:31 UTC 2014 + Serial Number (hex): 6f3c8e4ebf0ffa2ec36b0d8c9321b026 + Revoked at: Mon Mar 03 10:14:03 UTC 2014 + Serial Number (hex): 0c4f6bd88ebddc4b49e8e9d6cdde4211 + Revoked at: Mon Mar 03 10:18:14 UTC 2014 + Serial Number (hex): 00937152d477e1d9543ca249626d674071 + Revoked at: Mon Mar 03 11:23:04 UTC 2014 + Serial Number (hex): 244e2ee08ab034d19fadfd7f30f47207 + Revoked at: Mon Mar 03 15:13:47 UTC 2014 + Serial Number (hex): 00c653f579df8a91aafc4f9a08e69ee5b0 + Revoked at: Mon Mar 03 16:24:07 UTC 2014 + Serial Number (hex): 008acee83f95ba077a0d83b120215ef341 + Revoked at: Mon Mar 03 16:24:38 UTC 2014 + Serial Number (hex): 008bbff50c0dbf464375c9ec8781c48466 + Revoked at: Mon Mar 03 17:06:12 UTC 2014 + Serial Number (hex): 00ac7e5856609ab2aca57c3ce92b495389 + Revoked at: Mon Mar 03 17:40:28 UTC 2014 + Serial Number (hex): 2eded4238543df233253a6e89071b6d5 + Revoked at: Mon Mar 03 17:51:10 UTC 2014 + Serial Number (hex): 5ec40d6566132bdff2a8dd8cb1481425 + Revoked at: Mon Mar 03 19:05:55 UTC 2014 + Serial Number (hex): 0086aa3bb277bf01136658cfbf3d436095 + Revoked at: Mon Mar 03 19:42:13 UTC 2014 + Serial Number (hex): 00f3c429c8a5e3b9d49f068bb4575dbb1b + Revoked at: Mon Mar 03 19:56:15 UTC 2014 + Serial Number (hex): 1818d5e38c6c4cf73175de4b866ddc34 + Revoked at: Mon Mar 03 20:21:09 UTC 2014 + Serial Number (hex): 466f880aad210d13b656fd1d160e40d2 + Revoked at: Mon Mar 03 20:54:42 UTC 2014 + Serial Number (hex): 009753350f4999c29fdaef77feb5847723 + Revoked at: Mon Mar 03 21:05:13 UTC 2014 + Serial Number (hex): 00d23367277035a4a6fbe69262b63c6ea4 + Revoked at: Mon Mar 03 21:06:25 UTC 2014 + Serial Number (hex): 53fa25d8213094a9e007c3c83c0ecaa9 + Revoked at: Mon Mar 03 21:07:03 UTC 2014 + Serial Number (hex): 0dab7a9d464558303bc357c9e6b0bec5 + Revoked at: Mon Mar 03 21:21:13 UTC 2014 + Serial Number (hex): 463fe8d23fb49f65d2c9414b6e54086f + Revoked at: Mon Mar 03 21:26:03 UTC 2014 + Serial Number (hex): 243f0927fb2dd046c95359531169684f + Revoked at: Mon Mar 03 21:26:45 UTC 2014 + Serial Number (hex): 7ed6c07a8b2edd5c35d39cc97ddf8a10 + Revoked at: Mon Mar 03 21:30:28 UTC 2014 + Serial Number (hex): 28015d2d704b831ffd53f607434a3be9 + Revoked at: Mon Mar 03 21:38:59 UTC 2014 + Serial Number (hex): 00c88033cf81c55dc83edbff412953f3e4 + Revoked at: Mon Mar 03 21:45:16 UTC 2014 + Serial Number (hex): 40db327a473e55389a9f94e0a7312ca5 + Revoked at: Mon Mar 03 22:03:38 UTC 2014 + Serial Number (hex): 00ecb83fdea1c8fb24a5c545dfda1c3932 + Revoked at: Tue Mar 04 00:20:28 UTC 2014 + Serial Number (hex): 2fafe41413e1baac3b962fbe6148a71e + Revoked at: Tue Mar 04 02:36:13 UTC 2014 + Serial Number (hex): 79e48010bcc89a905b8543c285f52b16 + Revoked at: Tue Mar 04 11:34:12 UTC 2014 + Serial Number (hex): 00abd98ba706c3c5612f565234079c2dda + Revoked at: Tue Mar 04 14:26:09 UTC 2014 + Serial Number (hex): 4b573ed2b9cd1015a7e7d4e30842eb19 + Revoked at: Tue Mar 04 14:27:20 UTC 2014 + Serial Number (hex): 7b18ad0b290f156eb8f9e82d21a9b699 + Revoked at: Tue Mar 04 14:43:14 UTC 2014 + Serial Number (hex): 00a2485b5e57a9b96248b8fae5966a56bc + Revoked at: Tue Mar 04 14:55:03 UTC 2014 + Serial Number (hex): 085b40e4dea7a81aca4e17f2cdb682d7 + Revoked at: Tue Mar 04 15:09:21 UTC 2014 + Serial Number (hex): 7d3f36a983f282c1fcafb16c7bba27bb + Revoked at: Tue Mar 04 15:09:31 UTC 2014 + Serial Number (hex): 30ea7c6e1af471d1cf0dce96ad2ac6df + Revoked at: Tue Mar 04 15:21:25 UTC 2014 + Serial Number (hex): 18c126405ffb4b06abc13ab203020348 + Revoked at: Tue Mar 04 15:44:35 UTC 2014 + Serial Number (hex): 3d0ab73c2084148f842f419fbcff0a58 + Revoked at: Tue Mar 04 16:11:57 UTC 2014 + Serial Number (hex): 1cae64f21ec3866893269600315b0c6d + Revoked at: Tue Mar 04 16:55:08 UTC 2014 + Serial Number (hex): 00e277947d828b6772c5a8decaf6e28f0a + Revoked at: Tue Mar 04 17:31:08 UTC 2014 + Serial Number (hex): 00b415909fb8f7f1ad25cd3ac9424280e4 + Revoked at: Tue Mar 04 17:55:38 UTC 2014 + Serial Number (hex): 2c785dd9bd9c8b502dd1f7bfcdd79445 + Revoked at: Tue Mar 04 18:55:10 UTC 2014 + Serial Number (hex): 1c4573198f7e92db4dc615e6f2107499 + Revoked at: Tue Mar 04 20:03:41 UTC 2014 + Serial Number (hex): 66256dbd599989b06572fdc6b2cfdfcc + Revoked at: Tue Mar 04 20:14:33 UTC 2014 + Serial Number (hex): 26b3a4d8bb468bda9e0e01b4e6b2cf5e + Revoked at: Tue Mar 04 21:01:18 UTC 2014 + Serial Number (hex): 008f2079ae10450be7e4b20e7ef4439017 + Revoked at: Tue Mar 04 21:03:19 UTC 2014 + Serial Number (hex): 107a041c4091a658602fe8ab2ada8f28 + Revoked at: Tue Mar 04 21:04:46 UTC 2014 + Serial Number (hex): 27c857fd4b81d23178cf591be5abc80a + Revoked at: Tue Mar 04 21:22:06 UTC 2014 + Serial Number (hex): 19bc562473e4605b9b85effed6c66626 + Revoked at: Tue Mar 04 21:23:10 UTC 2014 + Serial Number (hex): 00837dc147b14c30dd4fe01bafe6a5ab03 + Revoked at: Tue Mar 04 21:23:51 UTC 2014 + Serial Number (hex): 00a50b6a8a881fefa268ea161f7aee9a3c + Revoked at: Tue Mar 04 21:24:32 UTC 2014 + Serial Number (hex): 00f27b5b9c03d1aa36605a10f53cb21f81 + Revoked at: Tue Mar 04 21:28:04 UTC 2014 + Serial Number (hex): 00f86409691f87ee221c8ed15d8caa9d76 + Revoked at: Wed Mar 05 09:46:27 UTC 2014 + Serial Number (hex): 745a6853ee63ca02d651bcbd0cfb60ae + Revoked at: Wed Mar 05 10:26:54 UTC 2014 + Serial Number (hex): 19d468e5b96dc843ac5f564295e8d5c0 + Revoked at: Wed Mar 05 13:23:07 UTC 2014 + Serial Number (hex): 00be3708015b0e06e08b46f6d4bc0e6fde + Revoked at: Wed Mar 05 14:11:57 UTC 2014 + Serial Number (hex): 499f3088292f2b0a6b6b7249c520380f + Revoked at: Wed Mar 05 14:18:40 UTC 2014 + Serial Number (hex): 5153fbc82ea10480f782f2fdb646f921 + Revoked at: Wed Mar 05 15:34:33 UTC 2014 + Serial Number (hex): 73510f2ae7ec2c92919d5526498777a0 + Revoked at: Wed Mar 05 15:42:52 UTC 2014 + Serial Number (hex): 009213d1c7821694d2e0a9f6dcdbea0ff7 + Revoked at: Wed Mar 05 16:40:59 UTC 2014 + Serial Number (hex): 364496427b9634b6fe59f4e8d61b2b81 + Revoked at: Wed Mar 05 19:57:08 UTC 2014 + Serial Number (hex): 25320be96e3c5f9c81f277879b053d21 + Revoked at: Wed Mar 05 20:06:42 UTC 2014 + Serial Number (hex): 00a3aec2b06399ae38f97ccad5fc5a4524 + Revoked at: Wed Mar 05 21:45:36 UTC 2014 + Serial Number (hex): 008b0a93a270f2b836fb5a6aac3a1352dd + Revoked at: Wed Mar 05 22:29:33 UTC 2014 + Serial Number (hex): 00fdc6c5e037a44cd4b3c2337e14789e39 + Revoked at: Wed Mar 05 22:29:46 UTC 2014 + Serial Number (hex): 241cc9a62bc4cbfefbb803a018b4b18b + Revoked at: Wed Mar 05 22:40:59 UTC 2014 + Serial Number (hex): 6fade19d20598ff6655ead936f5ecbe8 + Revoked at: Thu Mar 06 07:55:32 UTC 2014 + Serial Number (hex): 727d2e66504a6c9728b4a43bfc20d6f9 + Revoked at: Thu Mar 06 07:56:30 UTC 2014 + Serial Number (hex): 008720758b2986775f7492250ce9bb5ee3 + Revoked at: Thu Mar 06 07:57:00 UTC 2014 + Serial Number (hex): 00bb5e1d31875cece8d91b8f0d3426b743 + Revoked at: Thu Mar 06 12:29:43 UTC 2014 + Serial Number (hex): 411e0b7e144aec794c56c9137cce94cb + Revoked at: Thu Mar 06 14:08:58 UTC 2014 + Serial Number (hex): 00e38a54205bb2d679c3f87e5eaecfcc72 + Revoked at: Thu Mar 06 14:09:15 UTC 2014 + Serial Number (hex): 00fcf95670b0f7a55389337ef780fa67d0 + Revoked at: Thu Mar 06 14:58:29 UTC 2014 + Serial Number (hex): 0ce71d45b98656932f0cbe548c894b00 + Revoked at: Thu Mar 06 15:05:47 UTC 2014 + Serial Number (hex): 67aeadfa014f35953933e3c7644e1766 + Revoked at: Thu Mar 06 15:13:51 UTC 2014 + Serial Number (hex): 00d36a9b64eed0de9dc276fc680d4e0e78 + Revoked at: Thu Mar 06 15:26:11 UTC 2014 + Serial Number (hex): 392abe5d0c8ee4fd3bc96e9c43abb77d + Revoked at: Thu Mar 06 15:49:58 UTC 2014 + Serial Number (hex): 1c157d4d58f5bedd33d9646d67bc7a48 + Revoked at: Thu Mar 06 15:56:19 UTC 2014 + Serial Number (hex): 2290958c9b642ff1f58ac516683574df + Revoked at: Thu Mar 06 16:22:34 UTC 2014 + Serial Number (hex): 00cc655140e9f0c875ee8fb0ad312e3455 + Revoked at: Thu Mar 06 17:03:31 UTC 2014 + Serial Number (hex): 1b2683bb359865c4df4eb4c186f558a7 + Revoked at: Thu Mar 06 17:22:12 UTC 2014 + Serial Number (hex): 5d46439dfbfe46d8e3998a13b7833e47 + Revoked at: Thu Mar 06 17:30:24 UTC 2014 + Serial Number (hex): 00a6c7ea0c03895baaa7263759bc53a852 + Revoked at: Thu Mar 06 18:39:25 UTC 2014 + Serial Number (hex): 00bfec74fdf0ab18a860b8fc954a6a0810 + Revoked at: Thu Mar 06 18:50:25 UTC 2014 + Serial Number (hex): 0080676b0fb28140e94c72b64ead0cca5e + Revoked at: Thu Mar 06 19:23:35 UTC 2014 + Serial Number (hex): 00e22e522d23f1dde72d6a938615fa501a + Revoked at: Thu Mar 06 19:50:21 UTC 2014 + Serial Number (hex): 00954dc5a3a1d768ad2af2ba6626a0e594 + Revoked at: Thu Mar 06 20:07:53 UTC 2014 + Serial Number (hex): 00e83d153a1431bec7994e185d57f860f1 + Revoked at: Fri Mar 07 07:30:11 UTC 2014 + Serial Number (hex): 585967426df094f94f92003f85fc69 + Revoked at: Fri Mar 07 13:32:10 UTC 2014 + Serial Number (hex): 00b7308379e72b3c31b953f7591ffeca84 + Revoked at: Fri Mar 07 14:06:49 UTC 2014 + Serial Number (hex): 44b9119c0460875c66f8eb3cf6a90c6c + Revoked at: Fri Mar 07 15:09:39 UTC 2014 + Serial Number (hex): 00bac5fe503623c3187ce5432383268a57 + Revoked at: Fri Mar 07 15:33:07 UTC 2014 + Serial Number (hex): 05e84916edcc9f2869ec463d4a6e27eb + Revoked at: Fri Mar 07 16:16:30 UTC 2014 + Serial Number (hex): 00be4fb863613faac99e52a81f075f021f + Revoked at: Fri Mar 07 17:16:50 UTC 2014 + Serial Number (hex): 00f7c5099409269aead89bf5ec94475600 + Revoked at: Fri Mar 07 18:10:27 UTC 2014 + Serial Number (hex): 7fb48e458e60fd2c8aac887ebb980c4a + Revoked at: Fri Mar 07 19:04:20 UTC 2014 + Serial Number (hex): 7772d1689259855091b8bcaceecc1861 + Revoked at: Fri Mar 07 19:04:27 UTC 2014 + Serial Number (hex): 18f8570b79731a7fe19d50d6f9f36654 + Revoked at: Fri Mar 07 19:34:48 UTC 2014 + Serial Number (hex): 00e4dd1c39e03d3cd9ec29c6d4b3632d8f + Revoked at: Fri Mar 07 20:12:09 UTC 2014 + Serial Number (hex): 008b36a149199cc78e7e37e4b73eecd940 + Revoked at: Fri Mar 07 20:14:34 UTC 2014 + Serial Number (hex): 00fa47c08855aeb2742935e456e1b351df + Revoked at: Fri Mar 07 20:16:43 UTC 2014 + Serial Number (hex): 0160d12ab6836bb25b0a5710af473f7b + Revoked at: Fri Mar 07 20:20:03 UTC 2014 + Serial Number (hex): 00cbc6a734ce55d54980d275f6e3bfaf01 + Revoked at: Fri Mar 07 21:12:57 UTC 2014 + Serial Number (hex): 00a75b9088a094520b5d57dd8ff5593cd0 + Revoked at: Fri Mar 07 21:20:13 UTC 2014 + Serial Number (hex): 24abfe86d84fe422be367aefa6a02c2e + Revoked at: Fri Mar 07 21:20:48 UTC 2014 + Serial Number (hex): 008d10a873f90f00f3c0ebf54a166d3374 + Revoked at: Fri Mar 07 21:39:54 UTC 2014 + Serial Number (hex): 621f267910b2a25b8cb161424a7a6bfb + Revoked at: Fri Mar 07 21:41:24 UTC 2014 + Serial Number (hex): 00c10fb45d0f4c459d07984a3a4b8b5211 + Revoked at: Sat Mar 08 20:27:44 UTC 2014 + Serial Number (hex): 1b846fa59ff2b5a6cbfd62f109932950 + Revoked at: Mon Mar 10 11:14:18 UTC 2014 + Serial Number (hex): 00ab066b3848dd89379aec4e9b14f90102 + Revoked at: Mon Mar 10 11:26:18 UTC 2014 + Serial Number (hex): 0092ca6a7e83cf7085b20c48b79313bd96 + Revoked at: Mon Mar 10 12:53:09 UTC 2014 + Serial Number (hex): 00fc104fb16e5db509e1faa490d86a8dab + Revoked at: Mon Mar 10 13:16:40 UTC 2014 + Serial Number (hex): 00eee4b78bf52207284acc9db6bfbff681 + Revoked at: Mon Mar 10 14:02:24 UTC 2014 + Serial Number (hex): 6aa62925b5599a6747a5cbaa08629649 + Revoked at: Mon Mar 10 14:23:48 UTC 2014 + Serial Number (hex): 6f3c0a9bcbe4812abf1d05543f1b3fbd + Revoked at: Mon Mar 10 15:06:56 UTC 2014 + Serial Number (hex): 608ea78cc48299e18bfb34227b139bc5 + Revoked at: Mon Mar 10 15:16:46 UTC 2014 + Serial Number (hex): 1e31b9a50b68ea69662b9b1f420fb27c + Revoked at: Mon Mar 10 16:38:14 UTC 2014 + Serial Number (hex): 1b217f3d42f7cabbe25a985a7e2881ee + Revoked at: Mon Mar 10 17:11:48 UTC 2014 + Serial Number (hex): 00815a670b91a47e0e7168365e7bdf9b01 + Revoked at: Mon Mar 10 17:35:59 UTC 2014 + Serial Number (hex): 5b7891cc29238da4e54b7291de2dfa56 + Revoked at: Mon Mar 10 18:20:34 UTC 2014 + Serial Number (hex): 00da2e287a93350558d8e3b3ac99dfaa35 + Revoked at: Mon Mar 10 18:22:42 UTC 2014 + Serial Number (hex): 00c190ec9ce724a623ce1d705554c4a9a9 + Revoked at: Mon Mar 10 18:29:48 UTC 2014 + Serial Number (hex): 312fcee2b23e82892f87d33a58ca6e31 + Revoked at: Mon Mar 10 19:13:38 UTC 2014 + Serial Number (hex): 00d4bce88a7e36606987a291eb922ec85a + Revoked at: Mon Mar 10 20:03:51 UTC 2014 + Serial Number (hex): 508b5c188f40367fa0dc50b5fdd15a1b + Revoked at: Mon Mar 10 21:42:14 UTC 2014 + Serial Number (hex): 0dd7b6756ce62a493a190132d4c83e94 + Revoked at: Mon Mar 10 21:44:19 UTC 2014 + Serial Number (hex): 00a9114eeeff59f283203a3ef3f84f8d97 + Revoked at: Mon Mar 10 21:45:25 UTC 2014 + Serial Number (hex): 0096ae89aa4342901eba2f45dc440ee228 + Revoked at: Mon Mar 10 21:46:53 UTC 2014 + Serial Number (hex): 009b0ea99d579cbb161bd96239947766e8 + Revoked at: Mon Mar 10 21:47:42 UTC 2014 + Serial Number (hex): 6eae01dab691a7a454e3d5c6721bd783 + Revoked at: Mon Mar 10 21:48:59 UTC 2014 + Serial Number (hex): 13487cb11efdb8ab33b28255ad6eafb5 + Revoked at: Tue Mar 11 00:06:47 UTC 2014 + Serial Number (hex): 00a35d50f27cc1f2798bbc34bcf29c992b + Revoked at: Tue Mar 11 08:02:56 UTC 2014 + Serial Number (hex): 00a9e547c7085b54a3240102d27d19bf8b + Revoked at: Tue Mar 11 09:37:54 UTC 2014 + Serial Number (hex): 00ed2ad65f9e2d866e83f08919a643ccac + Revoked at: Tue Mar 11 09:41:23 UTC 2014 + Serial Number (hex): 00de531649bcfa931d8e1b4411746a4b39 + Revoked at: Tue Mar 11 09:41:49 UTC 2014 + Serial Number (hex): 00d3a357143cbee5caf07d629bd881d8fc + Revoked at: Tue Mar 11 09:45:31 UTC 2014 + Serial Number (hex): 00882212e4f1fcbe36f84c00c5a3003b1f + Revoked at: Tue Mar 11 12:32:09 UTC 2014 + Serial Number (hex): 00a29b8df4d81412e0c3ec1f13a4fc3332 + Revoked at: Tue Mar 11 14:49:26 UTC 2014 + Serial Number (hex): 008b430031d6f7c751f173b9521ad24f6f + Revoked at: Tue Mar 11 15:10:05 UTC 2014 + Serial Number (hex): 43038f63de1e2f4584e744e1513632e9 + Revoked at: Tue Mar 11 15:38:55 UTC 2014 + Serial Number (hex): 00bc3b661806fbe87427d617f0f0b243c6 + Revoked at: Tue Mar 11 16:25:38 UTC 2014 + Serial Number (hex): 5d3385a54d5d2776c43fca291b4b7fd9 + Revoked at: Tue Mar 11 16:59:20 UTC 2014 + Serial Number (hex): 008fcdab8e3218f19ab9b59817aa18a202 + Revoked at: Tue Mar 11 17:07:31 UTC 2014 + Serial Number (hex): 00f5eecdfbc1d155b7e26cff1f0ce2b863 + Revoked at: Tue Mar 11 18:26:06 UTC 2014 + Serial Number (hex): 00af006aa1094034a6e8fa2d28a9e24386 + Revoked at: Tue Mar 11 18:27:53 UTC 2014 + Serial Number (hex): 00b798fed608c2f901f3a46bd9c05f5161 + Revoked at: Tue Mar 11 19:05:46 UTC 2014 + Serial Number (hex): 16c5f1837fec9ae6fc24b74804dcb707 + Revoked at: Tue Mar 11 19:45:35 UTC 2014 + Serial Number (hex): 00d2e260cfe9bc60f7bae7779673a9ef0f + Revoked at: Tue Mar 11 21:17:05 UTC 2014 + Serial Number (hex): 723bb60bbbd144848c462536f820d7dc + Revoked at: Wed Mar 12 03:00:23 UTC 2014 + Serial Number (hex): 51ffb3452881db2e76d3c48f46aadae1 + Revoked at: Wed Mar 12 03:00:43 UTC 2014 + Serial Number (hex): 00a70a6bbc27bb8973314a72b22330d2ba + Revoked at: Wed Mar 12 03:00:56 UTC 2014 + Serial Number (hex): 008eca9d06f74ae458311907597f164e52 + Revoked at: Wed Mar 12 03:01:10 UTC 2014 + Serial Number (hex): 00c3ce9ac0ee27342b4ac308d52debb1a4 + Revoked at: Wed Mar 12 06:44:46 UTC 2014 + Serial Number (hex): 34443db9b7c2aea0c4fb87f952058830 + Revoked at: Wed Mar 12 11:27:28 UTC 2014 + Serial Number (hex): 00fe71b492dc4d2c4fd53ee83a5d465029 + Revoked at: Wed Mar 12 13:09:38 UTC 2014 + Serial Number (hex): 72108e9ba05c00d36e76fc4d9944362d + Revoked at: Wed Mar 12 13:33:29 UTC 2014 + Serial Number (hex): 00afd5d73c55f29d0762b171f25bc09c5d + Revoked at: Wed Mar 12 13:39:07 UTC 2014 + Serial Number (hex): 00850f523a6e814919bc3051ac60087f10 + Revoked at: Wed Mar 12 13:48:42 UTC 2014 + Serial Number (hex): 79cd820ada9e8995f4a1294e235d3a15 + Revoked at: Wed Mar 12 13:52:00 UTC 2014 + Serial Number (hex): 220b2b55bb3a29f7b34456ca113280fe + Revoked at: Wed Mar 12 14:09:34 UTC 2014 + Serial Number (hex): 00f3f6b35f11b6a6f5430eea67ba463353 + Revoked at: Wed Mar 12 14:25:43 UTC 2014 + Serial Number (hex): 7e6f208705ac3aaa01db449cad8d37b3 + Revoked at: Wed Mar 12 14:26:43 UTC 2014 + Serial Number (hex): 00eb19104fa68bb306d9ab7d6752512974 + Revoked at: Wed Mar 12 14:27:00 UTC 2014 + Serial Number (hex): 2930d95c181e78e8dcbefad744e51ee7 + Revoked at: Wed Mar 12 14:27:11 UTC 2014 + Serial Number (hex): 008d8ee51a3bff2051cbc80422ff453566 + Revoked at: Wed Mar 12 14:27:22 UTC 2014 + Serial Number (hex): 57b2d3428cb343c155439b838d436783 + Revoked at: Wed Mar 12 14:28:01 UTC 2014 + Serial Number (hex): 00ed24c2e95a1fd88d9cd8493e509353c0 + Revoked at: Wed Mar 12 14:28:11 UTC 2014 + Serial Number (hex): 00c14e57ecdf71fcb10b99e9ed0db2f849 + Revoked at: Wed Mar 12 14:28:22 UTC 2014 + Serial Number (hex): 37634f5ee429e0abd27a23f1c119a744 + Revoked at: Wed Mar 12 14:28:29 UTC 2014 + Serial Number (hex): 00c859e00564050e9350c7043e6d36e808 + Revoked at: Wed Mar 12 14:45:30 UTC 2014 + Serial Number (hex): 00eea0b9e53f9057c51ac90c32ca5dc732 + Revoked at: Wed Mar 12 14:45:34 UTC 2014 + Serial Number (hex): 3418131f08daf1f19aa3e31c097a238c + Revoked at: Wed Mar 12 14:45:41 UTC 2014 + Serial Number (hex): 00b90b3497485602d3cdad7973dc73d753 + Revoked at: Wed Mar 12 15:27:39 UTC 2014 + Serial Number (hex): 0f521d349d3c9fde70842b13b84389b5 + Revoked at: Wed Mar 12 15:33:35 UTC 2014 + Serial Number (hex): 47138f53ca7c06a30bf20ea030dfd7bc + Revoked at: Wed Mar 12 16:14:18 UTC 2014 + Serial Number (hex): 5de34217f6089ac9e1caa9a6d74ecec2 + Revoked at: Wed Mar 12 16:39:53 UTC 2014 + Serial Number (hex): 6f950dc7ec2dafcb0e56bfaaa5e43de2 + Revoked at: Wed Mar 12 17:00:25 UTC 2014 + Serial Number (hex): 5dc1a32ecacb2783bb278f747b7b505d + Revoked at: Wed Mar 12 17:09:59 UTC 2014 + Serial Number (hex): 00f0d6f734b5bc82a12ef5e6544603df3c + Revoked at: Wed Mar 12 17:34:34 UTC 2014 + Serial Number (hex): 0098070d78121a5824d179fe6fe71e4989 + Revoked at: Wed Mar 12 17:45:23 UTC 2014 + Serial Number (hex): 13edc44f7d88b6e310ca0376be8fd3f5 + Revoked at: Wed Mar 12 20:45:10 UTC 2014 + Serial Number (hex): 7a105aae002a6879a8fc851d23b9d6e1 + Revoked at: Thu Mar 13 06:27:34 UTC 2014 + Serial Number (hex): 07ac2713ceea515d12082f35f5c5a4c0 + Revoked at: Thu Mar 13 12:43:55 UTC 2014 + Serial Number (hex): 5193562494a4f783515da7d33a6db425 + Revoked at: Thu Mar 13 12:44:33 UTC 2014 + Serial Number (hex): 00cbe517d0d89570ec2612cb9db5c70fe7 + Revoked at: Thu Mar 13 12:52:57 UTC 2014 + Serial Number (hex): 00ae308a1b6540052b14b560f194a324bb + Revoked at: Thu Mar 13 13:10:30 UTC 2014 + Serial Number (hex): 1ffd06c1a6e514d2d8323658669472b5 + Revoked at: Thu Mar 13 15:00:57 UTC 2014 + Serial Number (hex): 00d9df02e48afe2ca7a77b17ec44634eac + Revoked at: Thu Mar 13 15:27:36 UTC 2014 + Serial Number (hex): 00ee1f78f2833997f5db7288e322e12105 + Revoked at: Thu Mar 13 16:20:19 UTC 2014 + Serial Number (hex): 00f161789770aa9e32edcf3b78c292b5fe + Revoked at: Thu Mar 13 17:13:06 UTC 2014 + Serial Number (hex): 2755431f4b2dab5766784467bf77ea94 + Revoked at: Thu Mar 13 19:16:04 UTC 2014 + Serial Number (hex): 00954e13ef4c055e859a213237dc7fd82e + Revoked at: Thu Mar 13 19:16:13 UTC 2014 + Serial Number (hex): 008b7c4fa2a0d3d535203822c58bd903c9 + Revoked at: Thu Mar 13 19:16:19 UTC 2014 + Serial Number (hex): 00a3fa627ef657bdd8e3cb0c33a5a84cf1 + Revoked at: Thu Mar 13 19:38:35 UTC 2014 + Serial Number (hex): 33866e611e77b54c154337fba3d703d8 + Revoked at: Thu Mar 13 20:33:27 UTC 2014 + Serial Number (hex): 0c2f8012b578c58d14cc6a1761374713 + Revoked at: Thu Mar 13 20:57:39 UTC 2014 + Serial Number (hex): 7eb094d17d644930065acb6f00f9f274 + Revoked at: Thu Mar 13 21:09:57 UTC 2014 + Serial Number (hex): 00b0770ec52f80c70774e21005041b9798 + Revoked at: Thu Mar 13 21:29:44 UTC 2014 + Serial Number (hex): 5b5cdccb3fcb0fbf20aad9e128e7f202 + Revoked at: Thu Mar 13 23:41:54 UTC 2014 + Serial Number (hex): 0091b18df241345e5b598829c4208fe313 + Revoked at: Fri Mar 14 09:28:41 UTC 2014 + Serial Number (hex): 1ad7fbb9b56a2782c8dad48c240eee85 + Revoked at: Fri Mar 14 11:49:21 UTC 2014 + Serial Number (hex): 008aa524625541d9ca3bf09c5caf3ddb7e + Revoked at: Fri Mar 14 13:50:03 UTC 2014 + Serial Number (hex): 7e277c267c3e71ee2942d7ffad779dfd + Revoked at: Fri Mar 14 14:22:51 UTC 2014 + Serial Number (hex): 358195d9c25199ff69e2f0473b0b6385 + Revoked at: Fri Mar 14 14:38:26 UTC 2014 + Serial Number (hex): 00eb893f8552249223ab126b885e94a766 + Revoked at: Fri Mar 14 15:19:30 UTC 2014 + Serial Number (hex): 009ffdecc685503ad37b9a705f9c107de7 + Revoked at: Fri Mar 14 16:28:13 UTC 2014 + Serial Number (hex): 07ce80c02acb8da0a18223de48225664 + Revoked at: Fri Mar 14 17:43:28 UTC 2014 + Serial Number (hex): 00eb858be9167399bdd3e0af510fde19a1 + Revoked at: Fri Mar 14 19:11:50 UTC 2014 + Serial Number (hex): 00bec9cd1a9fe84913ef6ee817664ca1a2 + Revoked at: Fri Mar 14 19:34:47 UTC 2014 + Serial Number (hex): 52174bbba54f1dbb913cee11d5bb6d37 + Revoked at: Fri Mar 14 19:47:03 UTC 2014 + Serial Number (hex): 5c35203c2d3e71ebf50cf2e11e38db21 + Revoked at: Fri Mar 14 19:47:09 UTC 2014 + Serial Number (hex): 6533b10a737ac90e7bd785e72fd67e83 + Revoked at: Fri Mar 14 20:17:59 UTC 2014 + Serial Number (hex): 050d266d47d02e51e6bfa7a1bfb4ced2 + Revoked at: Fri Mar 14 20:38:31 UTC 2014 + Serial Number (hex): 00a4c37b0433572456f97a495f80abcbe5 + Revoked at: Fri Mar 14 20:53:58 UTC 2014 + Serial Number (hex): 29b80520377e5dd1fe012ae72fa25543 + Revoked at: Fri Mar 14 20:55:35 UTC 2014 + Serial Number (hex): 00a01e549aae60aae5fe2fdcf41eb5b4a7 + Revoked at: Fri Mar 14 22:09:02 UTC 2014 + Serial Number (hex): 6b9e009399aaefe8fa5d588c2f2dd6c8 + Revoked at: Fri Mar 14 22:56:15 UTC 2014 + Serial Number (hex): 009d1d905bffccb04c88f69030477fdb2c + Revoked at: Sun Mar 16 01:06:57 UTC 2014 + Serial Number (hex): 00b7bec24dfbda9e42f013064710287652 + Revoked at: Sun Mar 16 23:51:02 UTC 2014 + Serial Number (hex): 00f099e72c224e25c8d33234329916c63e + Revoked at: Mon Mar 17 07:37:15 UTC 2014 + Serial Number (hex): 4c9b99eb404e426bc415195de75f0072 + Revoked at: Mon Mar 17 13:37:03 UTC 2014 + Serial Number (hex): 00d320e2561cbceb8c37b61120877afcd9 + Revoked at: Mon Mar 17 14:05:37 UTC 2014 + Serial Number (hex): 5df70e887f423fb07f8c09912353f287 + Revoked at: Mon Mar 17 15:08:33 UTC 2014 + Serial Number (hex): 008945e866e0e27728267cecfa74fa4ab2 + Revoked at: Mon Mar 17 15:08:38 UTC 2014 + Serial Number (hex): 00e44800ee30c6486cdafdbfe8ab43aeff + Revoked at: Mon Mar 17 15:33:16 UTC 2014 + Serial Number (hex): 00e49c2b79ef98e85c42d2c3ba31a57a8a + Revoked at: Mon Mar 17 17:13:01 UTC 2014 + Serial Number (hex): 0084ceb0302b8da28cde23595c51009b + Revoked at: Mon Mar 17 17:25:13 UTC 2014 + Serial Number (hex): 008aed37a63f76470f33535a5abef35876 + Revoked at: Mon Mar 17 17:25:34 UTC 2014 + Serial Number (hex): 00f48d5294790dcece3d2ac63410f2d819 + Revoked at: Mon Mar 17 17:36:06 UTC 2014 + Serial Number (hex): 62c69eb71bf23f1cfa9240d0be3fdc64 + Revoked at: Mon Mar 17 17:46:30 UTC 2014 + Serial Number (hex): 25c82ee193ffce12f68631c64eacd960 + Revoked at: Mon Mar 17 17:48:39 UTC 2014 + Serial Number (hex): 664f8ad22f520526cb5e1caaf6bf6a58 + Revoked at: Mon Mar 17 18:18:53 UTC 2014 + Serial Number (hex): 00bb4ff13273c6c5f1fcc8a3b5cdabb8af + Revoked at: Mon Mar 17 18:19:01 UTC 2014 + Serial Number (hex): 39da9272fa96ab22870372ce0839fdbe + Revoked at: Mon Mar 17 18:23:49 UTC 2014 + Serial Number (hex): 00e070562613370c7e9fd3efdeb8bbff67 + Revoked at: Mon Mar 17 18:26:49 UTC 2014 + Serial Number (hex): 460e278270938da7e4eff494a8a42e4d + Revoked at: Mon Mar 17 18:27:57 UTC 2014 + Serial Number (hex): 70eca2d439dee544cba6341cbc95c6f3 + Revoked at: Mon Mar 17 20:02:04 UTC 2014 + Serial Number (hex): 1cafb3ffb7b7856c2f26cc908ec23088 + Revoked at: Mon Mar 17 20:04:48 UTC 2014 + Serial Number (hex): 06e404a5887519b76a958b2a87656bbf + Revoked at: Mon Mar 17 20:27:22 UTC 2014 + Serial Number (hex): 00a19ebeb1f61a17d5d321d83283494665 + Revoked at: Tue Mar 18 07:56:03 UTC 2014 + Serial Number (hex): 2ca69d112b5a44aaa138d660716f2a09 + Revoked at: Tue Mar 18 12:48:59 UTC 2014 + Serial Number (hex): 1210839acda992e445439c10eef20526 + Revoked at: Tue Mar 18 14:20:46 UTC 2014 + Serial Number (hex): 20a76f22dec9bec3ed8f60f24c01a4cd + Revoked at: Tue Mar 18 14:38:39 UTC 2014 + Serial Number (hex): 36cde337432fedf157086b88f2bd78d8 + Revoked at: Tue Mar 18 15:57:37 UTC 2014 + Serial Number (hex): 77e2756630a2907e57de63bb5368151c + Revoked at: Tue Mar 18 17:56:57 UTC 2014 + Serial Number (hex): 00ce77a58e070c7716cedba1f553d081ea + Revoked at: Tue Mar 18 18:30:16 UTC 2014 + Serial Number (hex): 00bdeb841ba149f290670aa8ec731b1a7d + Revoked at: Tue Mar 18 18:41:09 UTC 2014 + Serial Number (hex): 1b684ea563f8b5151fdc6e6688883fa7 + Revoked at: Tue Mar 18 19:06:50 UTC 2014 + Serial Number (hex): 00869754960bc617ae6525733e769afd3c + Revoked at: Tue Mar 18 19:08:13 UTC 2014 + Serial Number (hex): 66feb2d5d5aa20cc7b85216363214f4a + Revoked at: Tue Mar 18 19:17:00 UTC 2014 + Serial Number (hex): 00da6f31ca95c6dcdd21162f1dbfda9024 + Revoked at: Tue Mar 18 19:17:42 UTC 2014 + Serial Number (hex): 00b3168cbe666bd7c6d95c330d844d2945 + Revoked at: Tue Mar 18 20:06:49 UTC 2014 + Serial Number (hex): 3fbb2de9e8a9ab785f4cbd58f72b46e5 + Revoked at: Tue Mar 18 20:29:03 UTC 2014 + Serial Number (hex): 378c2ce9f2624fbc5fa538ed83e887a8 + Revoked at: Tue Mar 18 21:04:27 UTC 2014 + Serial Number (hex): 513fa789e9aa281cb934f6ad00fbb758 + Revoked at: Tue Mar 18 21:04:47 UTC 2014 + Serial Number (hex): 0e34791ceecf8b3e29877a85ef8dfc51 + Revoked at: Wed Mar 19 10:01:37 UTC 2014 + Serial Number (hex): 0096260251e6d633b61a490407e2ba0df0 + Revoked at: Wed Mar 19 10:27:22 UTC 2014 + Serial Number (hex): 0084f2109f59db731a16674abac5fb2046 + Revoked at: Wed Mar 19 12:54:06 UTC 2014 + Serial Number (hex): 00fbae1b835e86780ce2b1963b003ae8f6 + Revoked at: Wed Mar 19 12:54:20 UTC 2014 + Serial Number (hex): 00e514d730e7a568e1d8b3f1b1e0f16dfd + Revoked at: Wed Mar 19 12:54:38 UTC 2014 + Serial Number (hex): 2c97e248827b66b3cebd10527e401aeb + Revoked at: Wed Mar 19 14:13:12 UTC 2014 + Serial Number (hex): 00b135857af190ad1645c4a344fe680c12 + Revoked at: Wed Mar 19 14:31:50 UTC 2014 + Serial Number (hex): 00a150987cd373856b965386621a635b91 + Revoked at: Wed Mar 19 15:26:33 UTC 2014 + Serial Number (hex): 009947435b805da93387730d892bc1558e + Revoked at: Wed Mar 19 15:29:33 UTC 2014 + Serial Number (hex): 00c7c8c2db9e6d2fef9d2fbee499c185ba + Revoked at: Wed Mar 19 15:52:24 UTC 2014 + Serial Number (hex): 2f9f33bad50a4489d98ef12f7417f040 + Revoked at: Wed Mar 19 16:11:24 UTC 2014 + Serial Number (hex): 009d2fb403e725f180e9ff7e72881aee7e + Revoked at: Wed Mar 19 16:17:26 UTC 2014 + Serial Number (hex): 06e04d808ee366850672fca8ac90b5ee + Revoked at: Wed Mar 19 16:37:12 UTC 2014 + Serial Number (hex): 5d61a1c8048f5061b796509337a130 + Revoked at: Wed Mar 19 16:48:29 UTC 2014 + Serial Number (hex): 00d193f3808ab459c79dd856e6307b0409 + Revoked at: Wed Mar 19 17:13:03 UTC 2014 + Serial Number (hex): 00e74796a767f0b12061b2362d48931450 + Revoked at: Wed Mar 19 17:35:59 UTC 2014 + Serial Number (hex): 00c7e90cc3f896e0a342078a70935a04e4 + Revoked at: Wed Mar 19 17:37:40 UTC 2014 + Serial Number (hex): 0388ac83bd38fc98d4f43aae5a7403d1 + Revoked at: Wed Mar 19 18:03:29 UTC 2014 + Serial Number (hex): 008b374ef309e681e92403375efc4341cc + Revoked at: Wed Mar 19 18:50:01 UTC 2014 + Serial Number (hex): 15b7db417762e93b1a9158855014f588 + Revoked at: Wed Mar 19 19:11:28 UTC 2014 + Serial Number (hex): 38eead97056093177976de5c09e414b1 + Revoked at: Wed Mar 19 19:12:12 UTC 2014 + Serial Number (hex): 037dc899e6ff7c77d452f28a9046e852 + Revoked at: Wed Mar 19 19:17:28 UTC 2014 + Serial Number (hex): 2c2cfe77be47129e763300b4679e4ba4 + Revoked at: Wed Mar 19 19:20:28 UTC 2014 + Serial Number (hex): 58c305cc5a7a89de378dcf1aa67eb53c + Revoked at: Wed Mar 19 19:21:09 UTC 2014 + Serial Number (hex): 00de94c562ae5478046d67f9c67bcc6c8f + Revoked at: Thu Mar 20 13:01:58 UTC 2014 + Serial Number (hex): 00aa5b451b8c82a16f3ec6685d9d3e1b7b + Revoked at: Thu Mar 20 13:32:13 UTC 2014 + Serial Number (hex): 00c50897128c799de0b7a120d80be0e240 + Revoked at: Thu Mar 20 13:36:18 UTC 2014 + Serial Number (hex): 00cab2385a34f5b250f487166ad788ec11 + Revoked at: Thu Mar 20 14:14:05 UTC 2014 + Serial Number (hex): 3ee9c47338cf9a7a717c1ceba01187c1 + Revoked at: Thu Mar 20 14:17:43 UTC 2014 + Serial Number (hex): 00e8a113ba7c97f2cdc3f4a4180adbd7fb + Revoked at: Thu Mar 20 14:18:26 UTC 2014 + Serial Number (hex): 00ca7b8442c87857c5f9607a5eb8e5e1d2 + Revoked at: Thu Mar 20 14:26:44 UTC 2014 + Serial Number (hex): 00f1b5f4c5f8e248cc075ea4d7e11d2c50 + Revoked at: Thu Mar 20 14:27:07 UTC 2014 + Serial Number (hex): 00eb3c8a55b4786e9c849ccc48976b0c8a + Revoked at: Thu Mar 20 14:31:28 UTC 2014 + Serial Number (hex): 00e30584cd042eea51038235936b353693 + Revoked at: Thu Mar 20 14:51:04 UTC 2014 + Serial Number (hex): 00892a493d9fa91c312851932d816a144b + Revoked at: Thu Mar 20 15:01:15 UTC 2014 + Serial Number (hex): 1c0216a70c3e2fa7624c5b1795e98cba + Revoked at: Thu Mar 20 15:03:07 UTC 2014 + Serial Number (hex): 12e9658f647ae388cd2a098b5d0bef4d + Revoked at: Thu Mar 20 15:14:04 UTC 2014 + Serial Number (hex): 5de7a68adf5832406caf9e3493777407 + Revoked at: Thu Mar 20 15:14:07 UTC 2014 + Serial Number (hex): 0bcaf43516baca500c024879517ac965 + Revoked at: Thu Mar 20 15:14:13 UTC 2014 + Serial Number (hex): 5d9f3dab8d346c1e76f584724c5f9ef8 + Revoked at: Thu Mar 20 15:18:33 UTC 2014 + Serial Number (hex): 00cfbd6822f6df9acb2617175121b7c3d9 + Revoked at: Thu Mar 20 15:19:29 UTC 2014 + Serial Number (hex): 00ecd9a211b832a6bb57aba10b09a98511 + Revoked at: Thu Mar 20 15:23:40 UTC 2014 + Serial Number (hex): 66f42d3a780a9afdde01643cd37aab47 + Revoked at: Thu Mar 20 15:26:40 UTC 2014 + Serial Number (hex): 6ab14ff21fe5096411f952df725d159a + Revoked at: Thu Mar 20 15:28:59 UTC 2014 + Serial Number (hex): 539d9d8f905f82eb9f2a6a7264f1a00f + Revoked at: Thu Mar 20 15:29:13 UTC 2014 + Serial Number (hex): 0097a26debc2d4126a58dcbf6f504ab853 + Revoked at: Thu Mar 20 15:29:27 UTC 2014 + Serial Number (hex): 03ed1d899972b0f73f9363743f95097f + Revoked at: Thu Mar 20 15:41:49 UTC 2014 + Serial Number (hex): 009f064bb019f67304e08e203c799ffe65 + Revoked at: Thu Mar 20 16:38:39 UTC 2014 + Serial Number (hex): 11bee4c7ea350c7b059eb5eb43348da8 + Revoked at: Thu Mar 20 16:39:38 UTC 2014 + Serial Number (hex): 00bbb49fd9c425d4584fa67d04b5f38c03 + Revoked at: Thu Mar 20 16:56:33 UTC 2014 + Serial Number (hex): 2c0aee94c38314c9a4a49cdaf4d9af99 + Revoked at: Thu Mar 20 17:07:42 UTC 2014 + Serial Number (hex): 3c276daf193dbf7d9702f14209c1adc1 + Revoked at: Thu Mar 20 17:08:27 UTC 2014 + Serial Number (hex): 00bbe4499fed6c8740368e2a07512ee99e + Revoked at: Thu Mar 20 17:09:46 UTC 2014 + Serial Number (hex): 5fe2b97cf68873768bdf1246f5a17fcf + Revoked at: Thu Mar 20 18:03:24 UTC 2014 + Serial Number (hex): 587b96b70ea03170d77eccf5ec0054ee + Revoked at: Thu Mar 20 18:06:04 UTC 2014 + Serial Number (hex): 008921e7d0ee8874a9a7e9432d5614c638 + Revoked at: Thu Mar 20 18:07:20 UTC 2014 + Serial Number (hex): 0dd6d515e38d2a7be650f40a37b194 + Revoked at: Thu Mar 20 18:07:36 UTC 2014 + Serial Number (hex): 00a66f6726881423ea33a6230e9ce3726c + Revoked at: Thu Mar 20 18:08:29 UTC 2014 + Serial Number (hex): 47fb26f5767c52be15a6d327061243fc + Revoked at: Thu Mar 20 18:12:49 UTC 2014 + Serial Number (hex): 0099d4393aa2f2fc570c43d0f4b6383ad0 + Revoked at: Thu Mar 20 18:14:44 UTC 2014 + Serial Number (hex): 00c9f4c406a219a910782c4641c0c59acd + Revoked at: Thu Mar 20 19:08:47 UTC 2014 + Serial Number (hex): 27cde189367170636d6243f47ed5063d + Revoked at: Thu Mar 20 19:18:44 UTC 2014 + Serial Number (hex): 72cff998d71e6c9bc679af9e64807631 + Revoked at: Thu Mar 20 19:20:32 UTC 2014 + Serial Number (hex): 00893058d0888c7e14b6c5c182387559ef + Revoked at: Thu Mar 20 19:25:56 UTC 2014 + Serial Number (hex): 009e6b5b279d3415d2271a9233e095a3 + Revoked at: Thu Mar 20 19:27:27 UTC 2014 + Serial Number (hex): 00fda07cbe93dc26803442595a532a820e + Revoked at: Thu Mar 20 19:32:55 UTC 2014 + Serial Number (hex): 383ef34e9afccb6d89bc2e95c6431dae + Revoked at: Thu Mar 20 19:35:33 UTC 2014 + Serial Number (hex): 0356b25cb0b15c5fe7e00049e83232b9 + Revoked at: Thu Mar 20 19:36:27 UTC 2014 + Serial Number (hex): 009d9583e2c55324d3f622f42e07feaea5 + Revoked at: Thu Mar 20 19:38:21 UTC 2014 + Serial Number (hex): 00c3928cfbb43f136502c6f411eb2e9b75 + Revoked at: Thu Mar 20 19:38:25 UTC 2014 + Serial Number (hex): 66aca09533039b35ab53828fadd3667f + Revoked at: Thu Mar 20 19:49:06 UTC 2014 + Serial Number (hex): 00a2377ed6f5dc134eaf610507fc699fc8 + Revoked at: Thu Mar 20 20:12:16 UTC 2014 + Serial Number (hex): 2e61325b49301786533914fed1b1f8db + Revoked at: Fri Mar 21 09:51:05 UTC 2014 + Serial Number (hex): 7fcfd5a3a5d1bc3ac157b65f3898b5d2 + Revoked at: Fri Mar 21 10:15:41 UTC 2014 + Serial Number (hex): 35748d0474f66f9118a784de313d1372 + Revoked at: Fri Mar 21 10:16:04 UTC 2014 + Serial Number (hex): 00d7ea9eec78fc393ea65b97114d084333 + Revoked at: Fri Mar 21 12:57:45 UTC 2014 + Serial Number (hex): 3e9a36a9c05530f7bb515abe741f2590 + Revoked at: Fri Mar 21 13:30:17 UTC 2014 + Serial Number (hex): 00e482e2b4e4c06673ec5424312306c47b + Revoked at: Fri Mar 21 13:48:47 UTC 2014 + Serial Number (hex): 724dcc3947f241dbef714f5513413ed0 + Revoked at: Fri Mar 21 13:48:55 UTC 2014 + Serial Number (hex): 00ba4f95f5725a15b16dceb9602782a018 + Revoked at: Fri Mar 21 13:49:14 UTC 2014 + Serial Number (hex): 2535cf070bbdcfe20c78c19e14b54ef8 + Revoked at: Fri Mar 21 13:49:25 UTC 2014 + Serial Number (hex): 00f05741ba733406c2dbdb2bb8a550f7b3 + Revoked at: Fri Mar 21 14:17:24 UTC 2014 + Serial Number (hex): 678b3edbb05498176adb1953bc52c272 + Revoked at: Fri Mar 21 16:18:32 UTC 2014 + Serial Number (hex): 0093127b7b0c996e3db5fb2837c59fe96b + Revoked at: Fri Mar 21 17:03:38 UTC 2014 + Serial Number (hex): 2e7154d47a1d486201d9883fc5f82c52 + Revoked at: Fri Mar 21 17:03:56 UTC 2014 + Serial Number (hex): 53ef6fe3ab9258c04a84308d85ab3ad2 + Revoked at: Fri Mar 21 17:04:15 UTC 2014 + Serial Number (hex): 400070a19effd96de3e6df92c5cd06fb + Revoked at: Fri Mar 21 17:29:36 UTC 2014 + Serial Number (hex): 13c7a918d22ed9fc5f6fb834b0e2a051 + Revoked at: Fri Mar 21 17:46:14 UTC 2014 + Serial Number (hex): 00c4895263e21e5656d286a9701538b6cd + Revoked at: Fri Mar 21 17:46:54 UTC 2014 + Serial Number (hex): 00f0aeb2a2104718e76ac4ecadb2dbdc59 + Revoked at: Fri Mar 21 18:56:30 UTC 2014 + Serial Number (hex): 00e066c7e3186b2ff7751a70f6661b605d + Revoked at: Fri Mar 21 19:12:43 UTC 2014 + Serial Number (hex): 00d32ec052a0c73c40dba8763215ea6c8c + Revoked at: Fri Mar 21 19:26:00 UTC 2014 + Serial Number (hex): 00b6b74dc6a72063326321f8c2680b64c9 + Revoked at: Fri Mar 21 19:56:43 UTC 2014 + Serial Number (hex): 00aa0c95fa60061b8a4678efc310a9a9de + Revoked at: Fri Mar 21 19:57:41 UTC 2014 + Serial Number (hex): 608a29fb75983870903e2a4a4abc9d88 + Revoked at: Fri Mar 21 19:58:19 UTC 2014 + Serial Number (hex): 65fe4f4f48ccca7a3f27d8e8527608cc + Revoked at: Fri Mar 21 20:47:19 UTC 2014 + Serial Number (hex): 223326f5943653ccfe6714265b851892 + Revoked at: Fri Mar 21 20:47:31 UTC 2014 + Serial Number (hex): 00f5926b0a0881654d67a50b4861604065 + Revoked at: Sun Mar 23 18:05:24 UTC 2014 + Serial Number (hex): 6d297752a708d9328ef352c3dfa3b1a1 + Revoked at: Mon Mar 24 00:59:45 UTC 2014 + Serial Number (hex): 22c271305953a29f716f506e9e3f246b + Revoked at: Mon Mar 24 13:06:09 UTC 2014 + Serial Number (hex): 02449641b792316a56ea06ac7935317b + Revoked at: Mon Mar 24 13:31:51 UTC 2014 + Serial Number (hex): 00f43dd50fa49b3c8616499bd104531ea5 + Revoked at: Mon Mar 24 14:05:35 UTC 2014 + Serial Number (hex): 00a6c5d0c2d25d2318f2580eb4a7da8c14 + Revoked at: Mon Mar 24 14:30:30 UTC 2014 + Serial Number (hex): 00a4535ef40967eb6b93079f473141d4be + Revoked at: Mon Mar 24 14:34:52 UTC 2014 + Serial Number (hex): 00d53a9806a0ee70a6232c87ba0d0c9bd4 + Revoked at: Mon Mar 24 15:13:01 UTC 2014 + Serial Number (hex): 00add8bec1c81adae64b44e41b310e7c1f + Revoked at: Mon Mar 24 15:36:17 UTC 2014 + Serial Number (hex): 00917ea0c03c7036918db1318124ae6bad + Revoked at: Mon Mar 24 15:44:38 UTC 2014 + Serial Number (hex): 00d743a5cda5e67d29eea4e3581eded17f + Revoked at: Mon Mar 24 15:44:49 UTC 2014 + Serial Number (hex): 4526da91430e0903c09ef1be1b3d36d6 + Revoked at: Mon Mar 24 15:51:33 UTC 2014 + Serial Number (hex): 45e43de6024028178bafbefa6f9fead7 + Revoked at: Mon Mar 24 16:53:36 UTC 2014 + Serial Number (hex): 7edc0e00dbb4ba3076ed98eba8c7f88b + Revoked at: Mon Mar 24 16:58:05 UTC 2014 + Serial Number (hex): 00832d5b9520b179ddef13cb9a7febc32e + Revoked at: Mon Mar 24 17:21:49 UTC 2014 + Serial Number (hex): 00e409d4dab8cf8699eb53d47826c2a357 + Revoked at: Mon Mar 24 17:53:44 UTC 2014 + Serial Number (hex): 00a6ff952d6a7832a03f2c2ed35c619d55 + Revoked at: Mon Mar 24 18:08:53 UTC 2014 + Serial Number (hex): 00aa2e536c0b7dfe9669c54ff3110129df + Revoked at: Mon Mar 24 18:41:40 UTC 2014 + Serial Number (hex): 5104028965cb52d5026cda8836883331 + Revoked at: Mon Mar 24 19:05:30 UTC 2014 + Serial Number (hex): 267554ec86b6e7b8e7cb7857227f10ca + Revoked at: Mon Mar 24 20:10:10 UTC 2014 + Serial Number (hex): 3cda2ad4ffb13548a7841e09c96cad1a + Revoked at: Tue Mar 25 09:27:22 UTC 2014 + Serial Number (hex): 6eb8cabeca3804dac8e047e1423c46b8 + Revoked at: Tue Mar 25 12:48:53 UTC 2014 + Serial Number (hex): 48e925447b80e41c29b30167603948fe + Revoked at: Tue Mar 25 16:13:17 UTC 2014 + Serial Number (hex): 186f983c4af41263f8f241c3104a8687 + Revoked at: Tue Mar 25 16:32:17 UTC 2014 + Serial Number (hex): 2fcb98c27ccd5651d40a95908ee81f66 + Revoked at: Tue Mar 25 16:34:03 UTC 2014 + Serial Number (hex): 0087f0c96551acb077498f2edb99efb396 + Revoked at: Tue Mar 25 16:49:20 UTC 2014 + Serial Number (hex): 00e156cce5a437735e7118224abd3cf45a + Revoked at: Tue Mar 25 17:27:01 UTC 2014 + Serial Number (hex): 00d458ddc9bbd79512c8e83f01fd2bba57 + Revoked at: Tue Mar 25 17:56:12 UTC 2014 + Serial Number (hex): 71c8060d8f519a18706f62788bfc6a8e + Revoked at: Tue Mar 25 18:34:03 UTC 2014 + Serial Number (hex): 00fd17bcc64783d05e3ca5b4756247e545 + Revoked at: Tue Mar 25 18:34:09 UTC 2014 + Serial Number (hex): 47cbac882b69e1b36726306ae3fdb83f + Revoked at: Tue Mar 25 18:38:39 UTC 2014 + Serial Number (hex): 2b5d0cb6c59289cf74b0642f5859d933 + Revoked at: Tue Mar 25 18:39:47 UTC 2014 + Serial Number (hex): 19e524ab8236eef84a7c409e160c2efe + Revoked at: Tue Mar 25 18:46:12 UTC 2014 + Serial Number (hex): 009beb01d1768f6597efeff782a87376a7 + Revoked at: Tue Mar 25 18:48:18 UTC 2014 + Serial Number (hex): 16ea801b8f6ccd8bd2164da063951b08 + Revoked at: Tue Mar 25 18:48:55 UTC 2014 + Serial Number (hex): 009fc2d4ba70489652c2b4369f40fe42be + Revoked at: Tue Mar 25 18:49:43 UTC 2014 + Serial Number (hex): 00b6479418acab4d5a02949a65e2a96027 + Revoked at: Tue Mar 25 18:50:19 UTC 2014 + Serial Number (hex): 009957d6c9d61a6c900783a68bbe31972d + Revoked at: Tue Mar 25 18:51:01 UTC 2014 + Serial Number (hex): 3e09cc196ef0232caa7b87403f00d204 + Revoked at: Tue Mar 25 19:23:17 UTC 2014 + Serial Number (hex): 71f64e1f9183bfa0544018501d967171 + Revoked at: Tue Mar 25 19:44:41 UTC 2014 + Serial Number (hex): 1eb680f6fd69d12d4873b5fc7ee7cb3b + Revoked at: Tue Mar 25 20:09:51 UTC 2014 + Serial Number (hex): 00ebb2817969d5f48ba09e1629b3757ff6 + Revoked at: Tue Mar 25 20:09:53 UTC 2014 + Serial Number (hex): 2dc443c993e6613db806a007cab4830d + Revoked at: Tue Mar 25 20:09:58 UTC 2014 + Serial Number (hex): 3c0509db5baaffbe9f107a758d4884b6 + Revoked at: Tue Mar 25 20:56:19 UTC 2014 + Serial Number (hex): 008757b02d662523623faec7120659ebd7 + Revoked at: Tue Mar 25 22:06:30 UTC 2014 + Serial Number (hex): 00d1fe00a00ee63958d718850c5ae55d71 + Revoked at: Tue Mar 25 23:17:59 UTC 2014 + Serial Number (hex): 00efe881ecbdf782eab0a23e9f9a427a21 + Revoked at: Tue Mar 25 23:18:08 UTC 2014 + Serial Number (hex): 00c3a88841e183e3f102ea114681817af3 + Revoked at: Wed Mar 26 02:26:00 UTC 2014 + Serial Number (hex): 25b6f23e1dbf89c946da774ff4afc2f8 + Revoked at: Wed Mar 26 04:46:40 UTC 2014 + Serial Number (hex): 30c1fb170b4658d7941465dc732fd2de + Revoked at: Wed Mar 26 09:34:49 UTC 2014 + Serial Number (hex): 00f0faa8b8a4fcf00dfa4388a8200eff35 + Revoked at: Wed Mar 26 09:35:06 UTC 2014 + Serial Number (hex): 02b7240dccc6dedd39ba5a5f6693732b + Revoked at: Wed Mar 26 13:38:40 UTC 2014 + Serial Number (hex): 01240d62bfe48d44b628b11d818125e0 + Revoked at: Wed Mar 26 14:02:21 UTC 2014 + Serial Number (hex): 00d3349be44788924d9be8e0deb90a7ed7 + Revoked at: Wed Mar 26 16:08:06 UTC 2014 + Serial Number (hex): 603db3c3cca818ee7c0c35ce2bf735d4 + Revoked at: Wed Mar 26 17:22:44 UTC 2014 + Serial Number (hex): 664705d43692744cf412e45d56d0b6c2 + Revoked at: Wed Mar 26 17:23:02 UTC 2014 + Serial Number (hex): 00d1bba724f377ed4eb917e709fee17be9 + Revoked at: Wed Mar 26 17:23:17 UTC 2014 + Serial Number (hex): 00b633e9fda3194766b8e590b2d986a0f6 + Revoked at: Wed Mar 26 17:23:30 UTC 2014 + Serial Number (hex): 00b890750a8b068101fbb5960983962ae6 + Revoked at: Wed Mar 26 17:23:45 UTC 2014 + Serial Number (hex): 05be51992770ff0935a8e18589b869bc + Revoked at: Wed Mar 26 17:24:00 UTC 2014 + Serial Number (hex): 191e36452f5e1aa1ed069bc923a60103 + Revoked at: Wed Mar 26 17:24:12 UTC 2014 + Serial Number (hex): 008b08546385d8ae4d53ebf71aa4d957ab + Revoked at: Wed Mar 26 17:24:27 UTC 2014 + Serial Number (hex): 1ffdcb88819e41ae2dc87a54c9d8cad3 + Revoked at: Wed Mar 26 17:24:38 UTC 2014 + Serial Number (hex): 23a88408674c4afe766e0e2302f8be5a + Revoked at: Wed Mar 26 17:24:56 UTC 2014 + Serial Number (hex): 1e73d1f7a718d76b7ba9c358b42751c6 + Revoked at: Wed Mar 26 17:25:07 UTC 2014 + Serial Number (hex): 008fd2527618b964c8cec43ce8ae2d4365 + Revoked at: Wed Mar 26 17:25:18 UTC 2014 + Serial Number (hex): 661227517ef980e4dda54277b93ec948 + Revoked at: Wed Mar 26 17:25:32 UTC 2014 + Serial Number (hex): 0097a888bc750bfda8bc5ec607255e6612 + Revoked at: Wed Mar 26 17:25:44 UTC 2014 + Serial Number (hex): 6d9547cc54f1f379b73fa39eff335019 + Revoked at: Wed Mar 26 17:25:54 UTC 2014 + Serial Number (hex): 00e6c3f9e29f2e0430fca259ab061bbcda + Revoked at: Wed Mar 26 17:26:04 UTC 2014 + Serial Number (hex): 0084addcc0f52465009897cf7e72a6a751 + Revoked at: Wed Mar 26 17:26:17 UTC 2014 + Serial Number (hex): 00a6d93d8e4fbd15941eb07dc932d667d7 + Revoked at: Wed Mar 26 18:09:15 UTC 2014 + Serial Number (hex): 009de8a7bab2b95592163a577568f27e6c + Revoked at: Wed Mar 26 18:38:35 UTC 2014 + Serial Number (hex): 753f86f68df5edef54fc08ce2e0af25e + Revoked at: Wed Mar 26 18:46:00 UTC 2014 + Serial Number (hex): 00dd5a9168bd8c9657040ba27551ddf08f + Revoked at: Wed Mar 26 18:57:39 UTC 2014 + Serial Number (hex): 0693b515388877087b9c865d8232f833 + Revoked at: Wed Mar 26 19:07:06 UTC 2014 + Serial Number (hex): 00e57a21fe513bd13a52182700b9686a9c + Revoked at: Wed Mar 26 19:07:24 UTC 2014 + Serial Number (hex): 00d97727dba53cb2ee266d050976c61a9e + Revoked at: Wed Mar 26 19:08:47 UTC 2014 + Serial Number (hex): 71d80a5d6bceac3b164ebc03b7e54d8d + Revoked at: Wed Mar 26 19:11:15 UTC 2014 + Serial Number (hex): 00d9c197d4f3eba47001e17634a7f6be66 + Revoked at: Wed Mar 26 19:12:32 UTC 2014 + Serial Number (hex): 51df934f3a3abb6b3772cde93e59b5de + Revoked at: Wed Mar 26 19:12:35 UTC 2014 + Serial Number (hex): 00a90cb6272d298aee8003b642d785334b + Revoked at: Wed Mar 26 19:12:38 UTC 2014 + Serial Number (hex): 1ee11451233b5a4bb800bfd48c5ac16d + Revoked at: Wed Mar 26 19:23:49 UTC 2014 + Serial Number (hex): 00ce5353ad12c9b101a9b3b5471f3bec80 + Revoked at: Wed Mar 26 20:04:41 UTC 2014 + Serial Number (hex): 5d7194469824111fd62aabd3c0589d4e + Revoked at: Wed Mar 26 20:26:47 UTC 2014 + Serial Number (hex): 008483be3eae05e2ef537b00e1191d4ae9 + Revoked at: Wed Mar 26 20:26:58 UTC 2014 + Serial Number (hex): 25d7778222ebdeb6dbeb95b0f739adcc + Revoked at: Wed Mar 26 20:46:10 UTC 2014 + Serial Number (hex): 6214c490f31c5b541cce89709b7379ab + Revoked at: Wed Mar 26 21:54:45 UTC 2014 + Serial Number (hex): 00da0a51cddde9d7b00f124b59fe7fbd5c + Revoked at: Wed Mar 26 21:54:55 UTC 2014 + Serial Number (hex): 14e08d7aabf7b9a0f388b02c6513e9ea + Revoked at: Thu Mar 27 08:04:43 UTC 2014 + Serial Number (hex): 443be0d1086975f29c1fac799e1ddba8 + Revoked at: Thu Mar 27 10:23:59 UTC 2014 + Serial Number (hex): 5eaf6cbe7657437532539477c45a1cdc + Revoked at: Thu Mar 27 11:14:22 UTC 2014 + Serial Number (hex): 00d07a25478b976522701cfc58658d3fab + Revoked at: Thu Mar 27 12:40:42 UTC 2014 + Serial Number (hex): 3eb4321366a941f2c16285ac45b156ce + Revoked at: Thu Mar 27 13:36:55 UTC 2014 + Serial Number (hex): 2246a69aa318f4ae5df438cc94a0e59e + Revoked at: Thu Mar 27 14:18:27 UTC 2014 + Serial Number (hex): 00c8f314e27eb00d951ef7715ab0013c11 + Revoked at: Thu Mar 27 14:18:31 UTC 2014 + Serial Number (hex): 24ac59bf764bbf1d476648e521caed0c + Revoked at: Thu Mar 27 14:18:34 UTC 2014 + Serial Number (hex): 0665129cb607a7c2d07da8c9db199467 + Revoked at: Thu Mar 27 14:18:37 UTC 2014 + Serial Number (hex): 26cd4a767ca013307109005a2be58eee + Revoked at: Thu Mar 27 14:45:15 UTC 2014 + Serial Number (hex): 38c7296e36b7fa47e4e8c529f7b16046 + Revoked at: Thu Mar 27 16:02:13 UTC 2014 + Serial Number (hex): 00b3145fd40c08a825a20a16f402a36e9a + Revoked at: Thu Mar 27 16:33:09 UTC 2014 + Serial Number (hex): 0090e870625d54518546cbc494f0a82fa4 + Revoked at: Thu Mar 27 18:05:17 UTC 2014 + Serial Number (hex): 00b5330c6ee66cd96dc22cdd3642783742 + Revoked at: Thu Mar 27 18:17:21 UTC 2014 + Serial Number (hex): 0ff51a844efe3f8c014e673a4d71c55d + Revoked at: Thu Mar 27 19:34:24 UTC 2014 + Serial Number (hex): 7e6b4278a944daf6afe30d5fe640a5 + Revoked at: Thu Mar 27 19:35:32 UTC 2014 + Serial Number (hex): 57c3129fb01623b09223938981cfb4fc + Revoked at: Thu Mar 27 20:03:02 UTC 2014 + Serial Number (hex): 18408c6175ae5186c89300baba4fb119 + Revoked at: Thu Mar 27 20:06:39 UTC 2014 + Serial Number (hex): 477e26a9101dfbfc48e67fdc1f4b691b + Revoked at: Thu Mar 27 20:14:12 UTC 2014 + Serial Number (hex): 73c3d94a05eaccf9424ccdbf0d8532a4 + Revoked at: Thu Mar 27 20:47:47 UTC 2014 + Serial Number (hex): 00a827020aeebf274b2f9f2e212fb5177f + Revoked at: Thu Mar 27 21:07:05 UTC 2014 + Serial Number (hex): 6da55fdc0c73ee441b2e84ef7e62f71c + Revoked at: Thu Mar 27 21:09:50 UTC 2014 + Serial Number (hex): 00d9d3a9b85c36618b204905a93439d368 + Revoked at: Fri Mar 28 00:41:15 UTC 2014 + Serial Number (hex): 00c86fa71694537a8e76ebbb63f08d0675 + Revoked at: Fri Mar 28 00:41:31 UTC 2014 + Serial Number (hex): 49cf61f7d7d57772cc912209d4707fb2 + Revoked at: Fri Mar 28 00:43:12 UTC 2014 + Serial Number (hex): 0d63b57cf7b2eb5d52337d1b2da0a502 + Revoked at: Fri Mar 28 01:01:19 UTC 2014 + Serial Number (hex): 721a413b53993577174522f8f3b925a3 + Revoked at: Fri Mar 28 08:36:41 UTC 2014 + Serial Number (hex): 00d27c00c64f3b575ceeda46ab1acd6374 + Revoked at: Fri Mar 28 13:08:13 UTC 2014 + Serial Number (hex): 059266275b49c5962db0011db726973c + Revoked at: Fri Mar 28 13:41:52 UTC 2014 + Serial Number (hex): 4d210bf7f4f561a64d87d60f8a48de8d + Revoked at: Fri Mar 28 14:29:03 UTC 2014 + Serial Number (hex): 00d08cc565b6f017348cd64d26082ba858 + Revoked at: Fri Mar 28 14:46:47 UTC 2014 + Serial Number (hex): 694d8138de7176414d1d9829e7c42759 + Revoked at: Fri Mar 28 14:55:06 UTC 2014 + Serial Number (hex): 009fadb6ec5be57ccad90a6fd22a520ce2 + Revoked at: Fri Mar 28 15:52:27 UTC 2014 + Serial Number (hex): 1b59013e8e32989d0aff7cabf6df8de9 + Revoked at: Fri Mar 28 18:22:58 UTC 2014 + Serial Number (hex): 6d4dbefdb5c0c04c02ff747350503535 + Revoked at: Fri Mar 28 18:39:15 UTC 2014 + Serial Number (hex): 00e2b45aaf4ebcaeb9186c20b911609575 + Revoked at: Fri Mar 28 18:45:29 UTC 2014 + Serial Number (hex): 0086a7a0a4f6113138d0e7792b8b0458e2 + Revoked at: Fri Mar 28 19:35:48 UTC 2014 + Serial Number (hex): 00a2927a255bfe0d571eafc1254b2da268 + Revoked at: Fri Mar 28 20:06:11 UTC 2014 + Serial Number (hex): 7ed608f155fce8d7dce867890fc0517e + Revoked at: Fri Mar 28 22:27:42 UTC 2014 + Serial Number (hex): 408b07f757af3cf4dea873a2a99cb546 + Revoked at: Fri Mar 28 22:58:34 UTC 2014 + Serial Number (hex): 0095cf53c77160ea4b17ad7ea3a5d0a20a + Revoked at: Fri Mar 28 23:39:20 UTC 2014 + Serial Number (hex): 648e4254afcf060cd628ab898804f069 + Revoked at: Sat Mar 29 17:13:04 UTC 2014 + Serial Number (hex): 00dcdb8893ff7d0f1a0e6419743c4f091a + Revoked at: Sat Mar 29 17:13:04 UTC 2014 + Serial Number (hex): 0d9c02de99eee7d6560d562115603adc + Revoked at: Mon Mar 31 07:21:44 UTC 2014 + Serial Number (hex): 106af9ff4ed29b8f15545e3000de12a3 + Revoked at: Mon Mar 31 08:23:51 UTC 2014 + Serial Number (hex): 00b9a4f67c641c6728944ea6e83e214edb + Revoked at: Mon Mar 31 12:33:47 UTC 2014 + Serial Number (hex): 25da27f79d1c6adc97915c049d3427ee + Revoked at: Mon Mar 31 13:02:58 UTC 2014 + Serial Number (hex): 00c5f50a2e2caa9fb272ec835c0fbddc37 + Revoked at: Mon Mar 31 13:52:07 UTC 2014 + Serial Number (hex): 00f4613464fc7bd880b77f13497a95cacc + Revoked at: Mon Mar 31 14:27:56 UTC 2014 + Serial Number (hex): 08d801a24c081d893fc443594f7c606d + Revoked at: Mon Mar 31 14:28:15 UTC 2014 + Serial Number (hex): 0dec2dbd6b568185e8064a7d7dbb169c + Revoked at: Mon Mar 31 14:28:27 UTC 2014 + Serial Number (hex): 79264eb7b6cbdaa1eb634a765475bf7e + Revoked at: Mon Mar 31 14:31:47 UTC 2014 + Serial Number (hex): 00865bbf9e2a80c7c816a8b23aec010553 + Revoked at: Mon Mar 31 14:44:39 UTC 2014 + Serial Number (hex): 008e84ee1de67fbf66034f898003a54ce5 + Revoked at: Mon Mar 31 15:09:38 UTC 2014 + Serial Number (hex): 632f1625d71bc03173ddee02c05025ba + Revoked at: Mon Mar 31 15:09:42 UTC 2014 + Serial Number (hex): 76ea06ebb7e0b30776a25c2b7a6a5020 + Revoked at: Mon Mar 31 15:16:14 UTC 2014 + Serial Number (hex): 009323d558dfe0e2bbc8b10dee070c3d40 + Revoked at: Mon Mar 31 15:25:35 UTC 2014 + Serial Number (hex): 381f9e709d500a72a7c564750804503e + Revoked at: Mon Mar 31 15:26:06 UTC 2014 + Serial Number (hex): 008741ee73b21c618060fb4ddc9656c792 + Revoked at: Mon Mar 31 16:18:32 UTC 2014 + Serial Number (hex): 40f34988cf00df8afbc44a3cde1232ac + Revoked at: Mon Mar 31 17:34:00 UTC 2014 + Serial Number (hex): 6ca4a36b7281a72712227fa7891c050b + Revoked at: Mon Mar 31 17:57:58 UTC 2014 + Serial Number (hex): 00c4e18d9a179672002fa147f58109ab9d + Revoked at: Mon Mar 31 17:58:26 UTC 2014 + Serial Number (hex): 00eede7e9065dc66e125fb63e5974484eb + Revoked at: Mon Mar 31 17:59:14 UTC 2014 + Serial Number (hex): 00863cc76975625f75b905a7d434c97eed + Revoked at: Mon Mar 31 18:30:07 UTC 2014 + Serial Number (hex): 00a79caae8efaae022068e6e9b42cb891a + Revoked at: Mon Mar 31 18:30:45 UTC 2014 + Serial Number (hex): 00cd0a00d8f6bea30d1e397eb271c2cbc9 + Revoked at: Mon Mar 31 18:42:25 UTC 2014 + Serial Number (hex): 008d3fad486b21c6c3ca2b56b9e0868f67 + Revoked at: Mon Mar 31 18:49:21 UTC 2014 + Serial Number (hex): 00c90eafcd1acf3ee745ad8a7567091470 + Revoked at: Mon Mar 31 18:52:08 UTC 2014 + Serial Number (hex): 008981020d9e9d0a61f9c58043a816b6dd + Revoked at: Mon Mar 31 18:52:44 UTC 2014 + Serial Number (hex): 00f020e748dd10eb2ece81a2052a976399 + Revoked at: Mon Mar 31 18:54:11 UTC 2014 + Serial Number (hex): 3400064eebc83ebd26a0fcbbb5b33e3c + Revoked at: Mon Mar 31 18:57:49 UTC 2014 + Serial Number (hex): 6b0a5d353947d4e7d9effd674665e953 + Revoked at: Mon Mar 31 18:57:55 UTC 2014 + Serial Number (hex): 00ee631d93fde7bd3fa1a45fbe3ef86090 + Revoked at: Mon Mar 31 19:05:52 UTC 2014 + Serial Number (hex): 294ef2131a655baae75c2a68bbb76abf + Revoked at: Mon Mar 31 19:08:14 UTC 2014 + Serial Number (hex): 00db1a2a9f8c76d3f83c49a9793803325c + Revoked at: Mon Mar 31 19:13:28 UTC 2014 + Serial Number (hex): 00936143d48d7687bb9ecedeebce5beedf + Revoked at: Mon Mar 31 19:50:10 UTC 2014 + Serial Number (hex): 00fad2671761b2c0e41be064068dfef75f + Revoked at: Mon Mar 31 20:55:22 UTC 2014 + Serial Number (hex): 751314433286ba529f1ef3b7976daa13 + Revoked at: Mon Mar 31 20:58:53 UTC 2014 + Serial Number (hex): 19712aea31e695628ee908ad922b95e6 + Revoked at: Mon Mar 31 21:47:29 UTC 2014 + Serial Number (hex): 144f98ed6241cbbdae47cf784123c3a2 + Revoked at: Mon Mar 31 21:50:12 UTC 2014 + Serial Number (hex): 00cdc3e85968d573df867f25d221b2cd9d + Revoked at: Tue Apr 01 00:12:27 UTC 2014 + Serial Number (hex): 00b78b390c03710e6f2b66161dd44abf2b + Revoked at: Tue Apr 01 00:12:49 UTC 2014 + Serial Number (hex): 00ff60a785454ae5dac26b4706b433c032 + Revoked at: Tue Apr 01 00:13:47 UTC 2014 + Serial Number (hex): 008d06f28a3a0a02a2be52fc7a60cc34f7 + Revoked at: Tue Apr 01 00:39:44 UTC 2014 + Serial Number (hex): 00a162469f60b6cebd07ae99781754d9b5 + Revoked at: Tue Apr 01 07:52:44 UTC 2014 + Serial Number (hex): 00a0f0f5cd045e85795b21844f15831cf0 + Revoked at: Tue Apr 01 10:11:37 UTC 2014 + Serial Number (hex): 00bc854fc4c0193aa649322e66a77fc753 + Revoked at: Tue Apr 01 13:37:25 UTC 2014 + Serial Number (hex): 0099ecf2f892a3d40947cf703be09b0526 + Revoked at: Tue Apr 01 15:54:36 UTC 2014 + Serial Number (hex): 6ffa46ea9fca27e5f7592ffead18bd5b + Revoked at: Tue Apr 01 16:15:22 UTC 2014 + Serial Number (hex): 684ce1ac7e2fd991ea50b93adaec534b + Revoked at: Tue Apr 01 16:15:37 UTC 2014 + Serial Number (hex): 3cb560f15e50f61f860676dd13e47bf9 + Revoked at: Tue Apr 01 16:15:49 UTC 2014 + Serial Number (hex): 00a2d3920ad692b8f1c941fb5dbeee673c + Revoked at: Tue Apr 01 16:16:02 UTC 2014 + Serial Number (hex): 00e9767b9aca4c8dc4d646460bc69e84df + Revoked at: Tue Apr 01 16:16:14 UTC 2014 + Serial Number (hex): 3b9dc23080097931dce93428bed08d19 + Revoked at: Tue Apr 01 16:16:33 UTC 2014 + Serial Number (hex): 00a31e17575e50734549dbd6cbc8914638 + Revoked at: Tue Apr 01 16:16:46 UTC 2014 + Serial Number (hex): 1dc524bd993971959ec792c876a40b1b + Revoked at: Tue Apr 01 16:17:04 UTC 2014 + Serial Number (hex): 2c904d4e9d7fed753cebed94163db3a5 + Revoked at: Tue Apr 01 16:17:15 UTC 2014 + Serial Number (hex): 0084dbbb8ac82414d185690e4fa4098004 + Revoked at: Tue Apr 01 16:17:26 UTC 2014 + Serial Number (hex): 0081867f0ab63b8f2f627e67e915b1d5f1 + Revoked at: Tue Apr 01 16:17:36 UTC 2014 + Serial Number (hex): 0085ad862a7a9c0658fcf43ded66822ffe + Revoked at: Tue Apr 01 16:17:51 UTC 2014 + Serial Number (hex): 00dd9b6956c3ce6e0798c581fc1789a667 + Revoked at: Tue Apr 01 16:18:03 UTC 2014 + Serial Number (hex): 00db6d939081d09f33c6921fb32ad1c758 + Revoked at: Tue Apr 01 16:18:42 UTC 2014 + Serial Number (hex): 4ebff08726b2a490ad197019e4518e35 + Revoked at: Tue Apr 01 16:18:51 UTC 2014 + Serial Number (hex): 00db0d50c66d2ace24ce861c9c064d46e7 + Revoked at: Tue Apr 01 17:07:46 UTC 2014 + Serial Number (hex): 00f771dd1e7300660e02dec9f0050ddf16 + Revoked at: Tue Apr 01 18:43:51 UTC 2014 + Serial Number (hex): 55efdce1050d1842c8a22a77a05f7bd0 + Revoked at: Tue Apr 01 19:59:29 UTC 2014 + Serial Number (hex): 3f45005a18de389236240551b9af5fe2 + Revoked at: Tue Apr 01 21:42:51 UTC 2014 + Serial Number (hex): 00ff942c051ea6c213e561e338b6e57cbc + Revoked at: Tue Apr 01 21:46:29 UTC 2014 + Serial Number (hex): 5781818fdf779eee8ea0012150452d4d + Revoked at: Tue Apr 01 21:46:41 UTC 2014 + Serial Number (hex): 5191bbe149d766d4568b84d156c7c2b7 + Revoked at: Tue Apr 01 21:57:44 UTC 2014 + Serial Number (hex): 00c5f0e75bd4658cc389d41714730a89a7 + Revoked at: Wed Apr 02 03:10:26 UTC 2014 + Serial Number (hex): 688299d4e122abd6046cf2ec44ef58ea + Revoked at: Wed Apr 02 08:26:44 UTC 2014 + Serial Number (hex): 00c98fca307ec13d51b809ec5f3c312f93 + Revoked at: Wed Apr 02 13:18:24 UTC 2014 + Serial Number (hex): 00a8fc7a35efbb9d218fbd290a28888fe2 + Revoked at: Wed Apr 02 13:39:41 UTC 2014 + Serial Number (hex): 73b2901df4ace2f1a57fcd2131c025ee + Revoked at: Wed Apr 02 13:39:52 UTC 2014 + Serial Number (hex): 00976080ea30221cbc0cc00b63c6653365 + Revoked at: Wed Apr 02 13:52:20 UTC 2014 + Serial Number (hex): 0bbb82dc46b83492a63cd81292313f38 + Revoked at: Wed Apr 02 15:14:06 UTC 2014 + Serial Number (hex): 0091f91c950e8b68ac52266431492b63ea + Revoked at: Wed Apr 02 15:19:39 UTC 2014 + Serial Number (hex): 00e63d33ae523e8f134b84762674b780ec + Revoked at: Wed Apr 02 18:17:38 UTC 2014 + Serial Number (hex): 69ab4f3c0cacac0f51c77ecf3f98c1e2 + Revoked at: Wed Apr 02 18:54:03 UTC 2014 + Serial Number (hex): 009921e70299e65cee51b0e46d11676af3 + Revoked at: Wed Apr 02 19:15:02 UTC 2014 + Serial Number (hex): 57a3dce3d343a28735bbb855ce8d48e5 + Revoked at: Wed Apr 02 19:52:35 UTC 2014 + Serial Number (hex): 46a0cbc8800fc6d870033740997d4976 + Revoked at: Wed Apr 02 20:55:04 UTC 2014 + Serial Number (hex): 4c7a311ab2e9768b64d31701c58c09d2 + Revoked at: Wed Apr 02 21:05:42 UTC 2014 + Serial Number (hex): 00872ec64238652f186032420e2215cdbb + Revoked at: Wed Apr 02 21:06:34 UTC 2014 + Serial Number (hex): 32d69fc04a46e1b3c2faa89a8291775c + Revoked at: Wed Apr 02 21:06:48 UTC 2014 + Serial Number (hex): 00817399ebe6bdd80a838437936da232bf + Revoked at: Wed Apr 02 22:18:04 UTC 2014 + Serial Number (hex): 57b8fe9fa71d2896996dc762f3143046 + Revoked at: Thu Apr 03 00:28:04 UTC 2014 + Serial Number (hex): 21c5557fe0bc79e86a1078468fb9616c + Revoked at: Thu Apr 03 04:28:58 UTC 2014 + Serial Number (hex): 00f3641984a098eec7c195522af6e1d1a0 + Revoked at: Thu Apr 03 04:58:25 UTC 2014 + Serial Number (hex): 18a2c2391f2580e254f4b08d6ebc7738 + Revoked at: Thu Apr 03 11:18:33 UTC 2014 + Serial Number (hex): 00c0d9e9e36e4cacd9af851a54b20e68ee + Revoked at: Thu Apr 03 11:19:58 UTC 2014 + Serial Number (hex): 00bb0cfbc0f234849ea66b37c702d6da87 + Revoked at: Thu Apr 03 13:03:30 UTC 2014 + Serial Number (hex): 009f11554527d240b36d9791b93315bde7 + Revoked at: Thu Apr 03 13:11:09 UTC 2014 + Serial Number (hex): 00a4f9012f1bac3ecbd31ca08f30cd470f + Revoked at: Thu Apr 03 14:39:52 UTC 2014 + Serial Number (hex): 550a3356be1fba4a6be25aff32e6c271 + Revoked at: Thu Apr 03 15:03:06 UTC 2014 + Serial Number (hex): 00932662ed50164508bb4390877011b5fb + Revoked at: Thu Apr 03 15:27:40 UTC 2014 + Serial Number (hex): 00f9939a2069471440b74b8df6a7c46292 + Revoked at: Thu Apr 03 15:50:10 UTC 2014 + Serial Number (hex): 5bec7d6dbd40926f4cf17ba16635deef + Revoked at: Thu Apr 03 16:26:53 UTC 2014 + Serial Number (hex): 6dcb69e2ba0be21b1c6acaff4349adfd + Revoked at: Thu Apr 03 17:13:04 UTC 2014 + Serial Number (hex): 711340806955c33daa38f2cd4bbd593a + Revoked at: Thu Apr 03 17:13:05 UTC 2014 + Serial Number (hex): 00c37dcb28b08a11529df1dd871d43e920 + Revoked at: Thu Apr 03 17:34:43 UTC 2014 + Serial Number (hex): 07d219de5b7cad542df1de51f190809f + Revoked at: Thu Apr 03 17:35:01 UTC 2014 + Serial Number (hex): 00b5374753ccdd986b8e95c44690be0097 + Revoked at: Thu Apr 03 17:36:34 UTC 2014 + Serial Number (hex): 00df7dc0aa36c147f2c7350a7393c6374e + Revoked at: Thu Apr 03 17:37:06 UTC 2014 + Serial Number (hex): 009281e868743d24226f633f4175f660e7 + Revoked at: Thu Apr 03 17:37:55 UTC 2014 + Serial Number (hex): 00981f19aac50a15d6d66d027624cd3fa6 + Revoked at: Thu Apr 03 17:59:38 UTC 2014 + Serial Number (hex): 00c9fe0d1ccf64495ba9593d51beb65d9f + Revoked at: Thu Apr 03 19:05:50 UTC 2014 + Serial Number (hex): 6632e766a3a70841deabf977a02da772 + Revoked at: Thu Apr 03 19:17:53 UTC 2014 + Serial Number (hex): 5f9b5680dd7193494244e5600e05b9c9 + Revoked at: Thu Apr 03 19:48:28 UTC 2014 + Serial Number (hex): 7e161d1b4b921aaca8d7f693a62b1bd1 + Revoked at: Thu Apr 03 20:22:56 UTC 2014 + Serial Number (hex): 00dfd071ead922398ed330a78f9dbcdfaa + Revoked at: Thu Apr 03 20:29:00 UTC 2014 + Serial Number (hex): 0396b8ca541d9634a7436e0a1ed484fe + Revoked at: Thu Apr 03 20:50:20 UTC 2014 + Serial Number (hex): 42ba75b1e622211212feb00a2beaf6dc + Revoked at: Thu Apr 03 21:15:13 UTC 2014 + Serial Number (hex): 00f76454f21951a3cf9955591555646e2b + Revoked at: Thu Apr 03 21:46:11 UTC 2014 + Serial Number (hex): 67052e82d1ab6b16f7b20a3a67bc25bc + Revoked at: Fri Apr 04 02:03:29 UTC 2014 + Serial Number (hex): 07affdd995ccf6dac0283896350a1950 + Revoked at: Fri Apr 04 02:04:02 UTC 2014 + Serial Number (hex): 11f419847d9c5d9ec1f87a125f2cbd6a + Revoked at: Fri Apr 04 06:13:03 UTC 2014 + Serial Number (hex): 6232582d6c4b02ed15088ce12837fb75 + Revoked at: Fri Apr 04 07:36:56 UTC 2014 + Serial Number (hex): 4fa6c5f7327d8155d6bf94fa9b1f351c + Revoked at: Fri Apr 04 08:09:59 UTC 2014 + Serial Number (hex): 4966229d18c77d33f3c72465610320bb + Revoked at: Fri Apr 04 09:03:17 UTC 2014 + Serial Number (hex): 00913694dcb3941baf2a7621720de51236 + Revoked at: Fri Apr 04 11:44:15 UTC 2014 + Serial Number (hex): 3cfebc92ecbadc7fe1cadf9311e4feac + Revoked at: Fri Apr 04 11:45:52 UTC 2014 + Serial Number (hex): 00d50a79ff5a14c8074fdd68e072096292 + Revoked at: Fri Apr 04 11:46:21 UTC 2014 + Serial Number (hex): 00ab197351d2c47dd97797022a9b69fc6f + Revoked at: Fri Apr 04 15:45:37 UTC 2014 + Serial Number (hex): 00b8720ce14aad52dae8f223ad9c54c3c0 + Revoked at: Fri Apr 04 15:54:39 UTC 2014 + Serial Number (hex): 4431d4c5d9a27af108a78d448a35d08b + Revoked at: Fri Apr 04 17:53:05 UTC 2014 + Serial Number (hex): 3945a3039d206c2a77733c2ee1aa9f2d + Revoked at: Fri Apr 04 17:53:18 UTC 2014 + Serial Number (hex): 3f3a4654912525f0c1f40377c7cdf244 + Revoked at: Fri Apr 04 18:36:53 UTC 2014 + Serial Number (hex): 0081e32b165383f5fa07a4ac926e757c37 + Revoked at: Fri Apr 04 19:12:29 UTC 2014 + Serial Number (hex): 18ad5791b9aa58aac5f688d39dddf9e3 + Revoked at: Fri Apr 04 19:20:42 UTC 2014 + Serial Number (hex): 27c36d0c5b9182b70b1bdcff5c33e3ef + Revoked at: Fri Apr 04 19:32:57 UTC 2014 + Serial Number (hex): 00a0d838aace5133ae77ce4aed6eb618ac + Revoked at: Fri Apr 04 19:36:18 UTC 2014 + Serial Number (hex): 5f08d3082e976f6415fc25baabecfd0b + Revoked at: Fri Apr 04 20:19:18 UTC 2014 + Serial Number (hex): 00d1e324ddfc8949afcf29681d26c0415f + Revoked at: Fri Apr 04 20:19:20 UTC 2014 + Serial Number (hex): 514290fb3038f3008a7ba465eb1efa3d + Revoked at: Fri Apr 04 20:19:22 UTC 2014 + Serial Number (hex): 2ca6948d1998254af5846063b9148044 + Revoked at: Fri Apr 04 20:19:24 UTC 2014 + Serial Number (hex): 53a9d6738c7f09a0ba548ef1a7014985 + Revoked at: Fri Apr 04 21:15:00 UTC 2014 + Serial Number (hex): 0091387e554fb5b85cc471a23512bc6005 + Revoked at: Fri Apr 04 21:23:29 UTC 2014 + Serial Number (hex): 00951fcef16a2eb8140c2012a603cdb089 + Revoked at: Fri Apr 04 21:28:14 UTC 2014 + Serial Number (hex): 00abe43b9433c417634c6032018d876790 + Revoked at: Fri Apr 04 21:29:35 UTC 2014 + Serial Number (hex): 00b9949c5237e027a787c1b59c5ee8fdf7 + Revoked at: Fri Apr 04 21:30:41 UTC 2014 + Serial Number (hex): 00ccdd8abcf2506b931510048f85202241 + Revoked at: Sat Apr 05 17:13:01 UTC 2014 + Serial Number (hex): 7506ae8c28160b077e6945ad8284a206 + Revoked at: Sun Apr 06 17:13:03 UTC 2014 + Serial Number (hex): 06cccaab781e48db640a25518d468f5a + Revoked at: Sun Apr 06 17:13:03 UTC 2014 + Serial Number (hex): 00fe360e1b5145bd25688919d96113e232 + Revoked at: Mon Apr 07 01:17:39 UTC 2014 + Serial Number (hex): 0081f9567c8deaa53166e6a6c85c107555 + Revoked at: Mon Apr 07 08:25:37 UTC 2014 + Serial Number (hex): 00a3548533fd18ae8a52cb73d6d51beb2c + Revoked at: Mon Apr 07 10:47:27 UTC 2014 + Serial Number (hex): 1d2fb173d72bf2a38b7589f1cb222007 + Revoked at: Mon Apr 07 11:27:23 UTC 2014 + Serial Number (hex): 00ee05998c9024a4ae752eddc0928cdbaa + Revoked at: Mon Apr 07 12:21:37 UTC 2014 + Serial Number (hex): 00fd2d1c8bc18c2fef628b5a0f090b7b13 + Revoked at: Mon Apr 07 13:03:10 UTC 2014 + Serial Number (hex): 00c8f0a0d4007cf6ad6200a1e926eafa24 + Revoked at: Mon Apr 07 13:55:34 UTC 2014 + Serial Number (hex): 29ae9c317ed4915bdd91e54e09e3fc6b + Revoked at: Mon Apr 07 14:35:38 UTC 2014 + Serial Number (hex): 0093a8d0509ce5ff05387135bed9d29000 + Revoked at: Mon Apr 07 14:52:59 UTC 2014 + Serial Number (hex): 00b8c5b4beab4dab5344ca7d45760f41ce + Revoked at: Mon Apr 07 15:46:46 UTC 2014 + Serial Number (hex): 3aa274fa7dd30d0eed4bc3bff639b80c + Revoked at: Mon Apr 07 16:11:31 UTC 2014 + Serial Number (hex): 61afff0599219e0778209ec79b694725 + Revoked at: Mon Apr 07 16:22:28 UTC 2014 + Serial Number (hex): 00a827afe47366b2d8ea56b32027de3e4a + Revoked at: Mon Apr 07 16:22:30 UTC 2014 + Serial Number (hex): 00eac13548f4aa6bd9db90e11898e8c9cc + Revoked at: Mon Apr 07 19:41:14 UTC 2014 + Serial Number (hex): 7d0c7e8f14c076616dc5d5b6122c73be + Revoked at: Mon Apr 07 19:44:15 UTC 2014 + Serial Number (hex): 4dafddcaf47c6a2c6db63d3b21c468e4 + Revoked at: Mon Apr 07 19:44:24 UTC 2014 + Serial Number (hex): 00b442491c23a06b4765fbf0338e58cf59 + Revoked at: Mon Apr 07 19:49:55 UTC 2014 + Serial Number (hex): 00996b80dde8ced0fa06c289ad186a69c2 + Revoked at: Mon Apr 07 19:50:16 UTC 2014 + Serial Number (hex): 166466866df094007f99445329dee937 + Revoked at: Mon Apr 07 19:52:51 UTC 2014 + Serial Number (hex): 0082ffd01ee2924f77db2111683589bbab + Revoked at: Mon Apr 07 20:11:17 UTC 2014 + Serial Number (hex): 12fdf9728b905185ec273b45bd782550 + Revoked at: Mon Apr 07 20:19:49 UTC 2014 + Serial Number (hex): 6fac19d1ee2c32d76218433d49b2146b + Revoked at: Mon Apr 07 20:35:13 UTC 2014 + Serial Number (hex): 2a77766a39e888caf09559b32d8441c9 + Revoked at: Mon Apr 07 20:53:40 UTC 2014 + Serial Number (hex): 008cc4b22df8ab56831a62f7b9e5f5402d + Revoked at: Mon Apr 07 23:14:20 UTC 2014 + Serial Number (hex): 6078de3ad34dd431a656a0b598f775bd + Revoked at: Tue Apr 08 01:37:25 UTC 2014 + Serial Number (hex): 2b987f0db7aa0c933d09a009aee1480e + Revoked at: Tue Apr 08 09:13:34 UTC 2014 + Serial Number (hex): 008472dff0b965701a942845f82a2a8a70 + Revoked at: Tue Apr 08 09:52:07 UTC 2014 + Serial Number (hex): 00ccae02285d2f0f2b3ca8b58caf2e22c5 + Revoked at: Tue Apr 08 10:17:12 UTC 2014 + Serial Number (hex): 2ffb275c41464b40c9f95f8c68f3e165 + Revoked at: Tue Apr 08 12:00:57 UTC 2014 + Serial Number (hex): 00870a0301d8651a84427b0e640de112f3 + Revoked at: Tue Apr 08 12:30:53 UTC 2014 + Serial Number (hex): 241d1fc49dbd9aada3742e10727fb6a8 + Revoked at: Tue Apr 08 12:30:58 UTC 2014 + Serial Number (hex): 0431705f94543cbff1964c62d88df56b + Revoked at: Tue Apr 08 13:00:33 UTC 2014 + Serial Number (hex): 4a7bc67555098117a8ef4b7fe0cfbec6 + Revoked at: Tue Apr 08 13:20:08 UTC 2014 + Serial Number (hex): 79c58456c0c3b2665e9941b5690da707 + Revoked at: Tue Apr 08 13:31:25 UTC 2014 + Serial Number (hex): 00cc32a801e21f0e403b21c5e1e3493de3 + Revoked at: Tue Apr 08 13:32:44 UTC 2014 + Serial Number (hex): 3e26cfad9fce2cface28d27117d4d76a + Revoked at: Tue Apr 08 13:33:17 UTC 2014 + Serial Number (hex): 180318867835531aa85d3f3cc3e9a350 + Revoked at: Tue Apr 08 13:56:53 UTC 2014 + Serial Number (hex): 65c54b21f64deac703627489e5f44fef + Revoked at: Tue Apr 08 14:51:56 UTC 2014 + Serial Number (hex): 1d0acdb08905583934a66b7e2668acc7 + Revoked at: Tue Apr 08 14:52:37 UTC 2014 + Serial Number (hex): 00cddc50dcc2bc23dce7e4875aaec67812 + Revoked at: Tue Apr 08 14:53:03 UTC 2014 + Serial Number (hex): 00f37cc3c53be4a1f7719baf421f82868d + Revoked at: Tue Apr 08 14:59:18 UTC 2014 + Serial Number (hex): 6e367696958a3ef21f6ff9648672bff2 + Revoked at: Tue Apr 08 15:18:56 UTC 2014 + Serial Number (hex): 5544a23ab0b6f03e4b6c32ad700216ac + Revoked at: Tue Apr 08 15:19:10 UTC 2014 + Serial Number (hex): 73896c5986dce341511a4c4203d44e0f + Revoked at: Tue Apr 08 15:19:32 UTC 2014 + Serial Number (hex): 75c8372c8a437e223808b5e6663e28b5 + Revoked at: Tue Apr 08 15:19:52 UTC 2014 + Serial Number (hex): 23be3f24fa23d208a073a78b6038e455 + Revoked at: Tue Apr 08 15:23:32 UTC 2014 + Serial Number (hex): 00f3e868503bc33015d75ffafbc9d12f25 + Revoked at: Tue Apr 08 15:26:55 UTC 2014 + Serial Number (hex): 00df89b7407140d8705bc3f345f59c41fe + Revoked at: Tue Apr 08 15:31:04 UTC 2014 + Serial Number (hex): 00d456c8782883e96d8952c81196cadd31 + Revoked at: Tue Apr 08 15:42:39 UTC 2014 + Serial Number (hex): 27218c56691940f492bc8c0f914df558 + Revoked at: Tue Apr 08 16:16:50 UTC 2014 + Serial Number (hex): 00a57ee0a4f291e635c81512f9b883ef13 + Revoked at: Tue Apr 08 16:26:02 UTC 2014 + Serial Number (hex): 67d2270643168987e0836a2957a63ec9 + Revoked at: Tue Apr 08 16:26:17 UTC 2014 + Serial Number (hex): 00b78625b7ac1130e3ff7deb07f6b0cada + Revoked at: Tue Apr 08 16:26:31 UTC 2014 + Serial Number (hex): 00c0bc1cacea1178189cfd33344a9cf248 + Revoked at: Tue Apr 08 16:26:43 UTC 2014 + Serial Number (hex): 7a85e2464d98a51082279a90cadf0c1e + Revoked at: Tue Apr 08 16:26:58 UTC 2014 + Serial Number (hex): 00e58a8ee6a1eaeb9a0a23e6324ab9b39c + Revoked at: Tue Apr 08 16:27:04 UTC 2014 + Serial Number (hex): 00c214faa9c90dfc616fbf40c1ec10eb4b + Revoked at: Tue Apr 08 16:29:18 UTC 2014 + Serial Number (hex): 00907262bb5f37349af3230d2c572c6008 + Revoked at: Tue Apr 08 16:37:49 UTC 2014 + Serial Number (hex): 3d04fc8ee43eb0399c8cdbea006cfd5b + Revoked at: Tue Apr 08 16:40:18 UTC 2014 + Serial Number (hex): 0091b22238c74a801d992a91eaf7af5f96 + Revoked at: Tue Apr 08 16:41:39 UTC 2014 + Serial Number (hex): 00a904cafff15b397ae61f9ee84895e1b6 + Revoked at: Tue Apr 08 17:53:22 UTC 2014 + Serial Number (hex): 00d25672a1975c1910075113267f45d3f4 + Revoked at: Tue Apr 08 17:55:08 UTC 2014 + Serial Number (hex): 6242eff6c3a441034b19cacbbd434037 + Revoked at: Tue Apr 08 18:21:58 UTC 2014 + Serial Number (hex): 00d99d615b55043fddb160b8c426902c72 + Revoked at: Tue Apr 08 18:36:42 UTC 2014 + Serial Number (hex): 009f300a59eedc2fd36a80f2ba7f5bf942 + Revoked at: Tue Apr 08 18:44:13 UTC 2014 + Serial Number (hex): 6259dde6c701576cf428ea166be0ab82 + Revoked at: Tue Apr 08 18:56:53 UTC 2014 + Serial Number (hex): 05c2dabb073e13d12da9c45f707839c3 + Revoked at: Tue Apr 08 19:19:49 UTC 2014 + Serial Number (hex): 6b6fd4eefe5d46297cbe72ca520424e7 + Revoked at: Tue Apr 08 19:28:14 UTC 2014 + Serial Number (hex): 00ba69812d019d51ec16426764e0120510 + Revoked at: Tue Apr 08 19:28:23 UTC 2014 + Serial Number (hex): 00bd5a17102e0005d6d10004e59c94a75c + Revoked at: Tue Apr 08 19:31:56 UTC 2014 + Serial Number (hex): 00c669b7b24cb7dc24d83fe2f1b58c0289 + Revoked at: Tue Apr 08 19:38:06 UTC 2014 + Serial Number (hex): 4b9b500dbe008b26e4f6b57ab971854d + Revoked at: Tue Apr 08 19:42:58 UTC 2014 + Serial Number (hex): 607ca1401fe797a074dd21bc160d600b + Revoked at: Tue Apr 08 19:49:02 UTC 2014 + Serial Number (hex): 1b4efc571b76669c0ba1e33d2316abaa + Revoked at: Tue Apr 08 20:29:40 UTC 2014 + Serial Number (hex): 6ef92a635651aa4c03da34350ba65ed7 + Revoked at: Tue Apr 08 20:51:42 UTC 2014 + Serial Number (hex): 00fa094f8ddeea4a61cce138f0dcedfb05 + Revoked at: Tue Apr 08 21:21:22 UTC 2014 + Serial Number (hex): 1266db6babce5f558a5f740b177e57b7 + Revoked at: Tue Apr 08 21:32:48 UTC 2014 + Serial Number (hex): 4b2af584e21ad77732becc777ac228d5 + Revoked at: Tue Apr 08 21:33:05 UTC 2014 + Serial Number (hex): 23fd2ba06a5d6a7315f87e136b22e07b + Revoked at: Tue Apr 08 22:02:14 UTC 2014 + Serial Number (hex): 00b79658798028703af72ff3f6ff4e2a22 + Revoked at: Tue Apr 08 22:02:33 UTC 2014 + Serial Number (hex): 2eed332e8833b2ff30f650a3f445549a + Revoked at: Tue Apr 08 22:02:53 UTC 2014 + Serial Number (hex): 00ccdea49559116a92a0096e21bb9ee14e + Revoked at: Tue Apr 08 22:41:15 UTC 2014 + Serial Number (hex): 00e8ca0eec34a44ca4f8c247fda97c0c2f + Revoked at: Tue Apr 08 23:32:29 UTC 2014 + Serial Number (hex): 72687bcd373873d469aee7027a8714fa + Revoked at: Tue Apr 08 23:38:54 UTC 2014 + Serial Number (hex): 00d9970abacbb812447b8b958e9733dea0 + Revoked at: Tue Apr 08 23:39:47 UTC 2014 + Serial Number (hex): 00b21e39694a8dd79314c8c7468d30347a + Revoked at: Wed Apr 09 01:03:46 UTC 2014 + Serial Number (hex): 00ef715609e9da4a7a3f79fddc80543db2 + Revoked at: Wed Apr 09 02:10:12 UTC 2014 + Serial Number (hex): 11ac171cdfb4587655a4bd3b42c3d7fb + Revoked at: Wed Apr 09 02:50:52 UTC 2014 + Serial Number (hex): 07560a22a7bc6807439e52185cf7ef9f + Revoked at: Wed Apr 09 02:51:33 UTC 2014 + Serial Number (hex): 623d5c1e7b480c25ebbbc1d83c6d10c0 + Revoked at: Wed Apr 09 03:28:54 UTC 2014 + Serial Number (hex): 0085c01e267517651097827e636029882e + Revoked at: Wed Apr 09 07:25:36 UTC 2014 + Serial Number (hex): 00987686583d2a3d0e722967bdc0ff3fdc + Revoked at: Wed Apr 09 09:14:11 UTC 2014 + Serial Number (hex): 00c4cdb126740ca113cfa4f5d40c06d1d4 + Revoked at: Wed Apr 09 10:12:38 UTC 2014 + Serial Number (hex): 2eec37395bbaefbdbdec526339427365 + Revoked at: Wed Apr 09 10:26:20 UTC 2014 + Serial Number (hex): 00ac3416b420f6e568faab0c5027b9d55e + Revoked at: Wed Apr 09 10:46:30 UTC 2014 + Serial Number (hex): 1e8af76d39345f86af4fb806d229de57 + Revoked at: Wed Apr 09 11:02:35 UTC 2014 + Serial Number (hex): 2e0a53300e59af0675172c66b3812ebc + Revoked at: Wed Apr 09 12:17:40 UTC 2014 + Serial Number (hex): 009a84fad79935e4c173609386eaf8e812 + Revoked at: Wed Apr 09 12:18:15 UTC 2014 + Serial Number (hex): 0096615985722b0c00e1de5f7399f38892 + Revoked at: Wed Apr 09 12:18:57 UTC 2014 + Serial Number (hex): 103883bb3cc116e7867cffa99061caef + Revoked at: Wed Apr 09 12:19:54 UTC 2014 + Serial Number (hex): 00ef5dcf331327f45fec1d82f3d9f0fffb + Revoked at: Wed Apr 09 12:20:25 UTC 2014 + Serial Number (hex): 00a891505aacf6b393ae1c56b2c218fbcb + Revoked at: Wed Apr 09 12:20:59 UTC 2014 + Serial Number (hex): 03a76cad291c8ed0bb567f45e79e7aca + Revoked at: Wed Apr 09 12:21:32 UTC 2014 + Serial Number (hex): 1ba0ae78738053d3d64bdfb1402c1504 + Revoked at: Wed Apr 09 12:21:57 UTC 2014 + Serial Number (hex): 2571fad730dff453cc8a80994872af73 + Revoked at: Wed Apr 09 12:22:30 UTC 2014 + Serial Number (hex): 23bce93366ddb592d353f4a6ac9bf759 + Revoked at: Wed Apr 09 12:23:13 UTC 2014 + Serial Number (hex): 74c6e6b5f2bc46d776fb3a3325cfac70 + Revoked at: Wed Apr 09 12:23:41 UTC 2014 + Serial Number (hex): 315c01455c0e4ea16c829ee799c3807d + Revoked at: Wed Apr 09 12:24:05 UTC 2014 + Serial Number (hex): 00d63b656cdb34e89fa58749532a3802bb + Revoked at: Wed Apr 09 12:24:34 UTC 2014 + Serial Number (hex): 745d7612dead135626da8359aa6aa4bb + Revoked at: Wed Apr 09 12:24:56 UTC 2014 + Serial Number (hex): 0094373bf2202064ea10a916198081e74e + Revoked at: Wed Apr 09 12:25:38 UTC 2014 + Serial Number (hex): 0090c7f481e584d319124ecd36b40e518b + Revoked at: Wed Apr 09 12:26:29 UTC 2014 + Serial Number (hex): 5d90720eb1596ea01a351f67cf410e49 + Revoked at: Wed Apr 09 12:27:04 UTC 2014 + Serial Number (hex): 7d980617d75b2f1501eeea4c4463cb55 + Revoked at: Wed Apr 09 12:27:46 UTC 2014 + Serial Number (hex): 11634c91aa06d2476e7673772c8a8245 + Revoked at: Wed Apr 09 12:27:58 UTC 2014 + Serial Number (hex): 79eb84eadee8f4835efba8d074be1529 + Revoked at: Wed Apr 09 12:28:04 UTC 2014 + Serial Number (hex): 156ac6c43513c346d233f2322a85cb8e + Revoked at: Wed Apr 09 12:29:20 UTC 2014 + Serial Number (hex): 00b126fe7a9ede585db8459a0e4995b7fc + Revoked at: Wed Apr 09 12:37:15 UTC 2014 + Serial Number (hex): 00c3e875fbb6032dfcce750c17c1a83b11 + Revoked at: Wed Apr 09 12:38:57 UTC 2014 + Serial Number (hex): 00fa2e1fb2c6da220ca60ec599ad13ab43 + Revoked at: Wed Apr 09 13:09:41 UTC 2014 + Serial Number (hex): 66ea7489a572a923e8a77344463c3303 + Revoked at: Wed Apr 09 13:28:24 UTC 2014 + Serial Number (hex): 07a50f8dacdd4b228e71c40106c9f2b6 + Revoked at: Wed Apr 09 13:30:24 UTC 2014 + Serial Number (hex): 00bd1505031d929acc9a55aed5dd646c86 + Revoked at: Wed Apr 09 13:30:27 UTC 2014 + Serial Number (hex): 00bcb8e6776fbcb78c04dc1a28c6ee8bab + Revoked at: Wed Apr 09 13:30:30 UTC 2014 + Serial Number (hex): 00a0376a840b4415601715775096e677c4 + Revoked at: Wed Apr 09 13:30:32 UTC 2014 + Serial Number (hex): 3fdfbafba351d8c9b728b6521a29c288 + Revoked at: Wed Apr 09 13:40:31 UTC 2014 + Serial Number (hex): 6d9dfa458e3bcc452a77e4753e9a8ee5 + Revoked at: Wed Apr 09 13:57:29 UTC 2014 + Serial Number (hex): 44244f6bff2889a2413e7378c485058e + Revoked at: Wed Apr 09 13:57:54 UTC 2014 + Serial Number (hex): 00a2c04adb49ba1956ef49c39eb1fdc21c + Revoked at: Wed Apr 09 13:58:20 UTC 2014 + Serial Number (hex): 73bb4a54a81da4705962675ca2bb4e6e + Revoked at: Wed Apr 09 14:00:30 UTC 2014 + Serial Number (hex): 00bc609651f3397932349fa5e6d89f468c + Revoked at: Wed Apr 09 14:02:05 UTC 2014 + Serial Number (hex): 00803de046879c534981b30d22d15080d8 + Revoked at: Wed Apr 09 14:02:30 UTC 2014 + Serial Number (hex): 652bd77ab5fd38f86b633d8f45372ac0 + Revoked at: Wed Apr 09 14:02:36 UTC 2014 + Serial Number (hex): 00c4aa15d663f48dda5e5c7384d86d4c57 + Revoked at: Wed Apr 09 14:03:25 UTC 2014 + Serial Number (hex): 00a986a61cb019b3593820b4d0a550b507 + Revoked at: Wed Apr 09 14:03:40 UTC 2014 + Serial Number (hex): 653d7d6a6bcacb8c0e5d0830262c5be1 + Revoked at: Wed Apr 09 14:11:27 UTC 2014 + Serial Number (hex): 1816ec5686cb0608d6023fc3980e1235 + Revoked at: Wed Apr 09 14:20:42 UTC 2014 + Serial Number (hex): 00982e6f9ec5b379311cc33cf868b58ce3 + Revoked at: Wed Apr 09 14:23:52 UTC 2014 + Serial Number (hex): 749b7a448ce945ba6adbef46c7c8ec3c + Revoked at: Wed Apr 09 14:26:53 UTC 2014 + Serial Number (hex): 00b16a0649b70f6e097d84faa13888a620 + Revoked at: Wed Apr 09 14:27:14 UTC 2014 + Serial Number (hex): 138a5e3dcfef57db902ceeb65cf0a085 + Revoked at: Wed Apr 09 14:27:27 UTC 2014 + Serial Number (hex): 738fc6adf0da6776fe784aef1952b96d + Revoked at: Wed Apr 09 14:27:49 UTC 2014 + Serial Number (hex): 19a541959307e98dc6285bc2e601a2fc + Revoked at: Wed Apr 09 14:31:23 UTC 2014 + Serial Number (hex): 00d936c902db85fe925261badd58155b50 + Revoked at: Wed Apr 09 14:39:34 UTC 2014 + Serial Number (hex): 6e883c8281169e1155a9b1c4f2644491 + Revoked at: Wed Apr 09 14:45:10 UTC 2014 + Serial Number (hex): 3c44e78f5ab8cb672af3a24f4d545865 + Revoked at: Wed Apr 09 14:49:41 UTC 2014 + Serial Number (hex): 199b2edbeb471db95fbbd34949b1e79a + Revoked at: Wed Apr 09 15:00:39 UTC 2014 + Serial Number (hex): 1212180f8682b0f990ae881aa9be9e48 + Revoked at: Wed Apr 09 15:05:12 UTC 2014 + Serial Number (hex): 4176c952adf300aa8f2d41f346257a07 + Revoked at: Wed Apr 09 15:11:32 UTC 2014 + Serial Number (hex): 7f6874046d188436633daa27400dbb5f + Revoked at: Wed Apr 09 15:24:57 UTC 2014 + Serial Number (hex): 00862d7c4291967b4a42645ef676e603a2 + Revoked at: Wed Apr 09 15:27:05 UTC 2014 + Serial Number (hex): 00ed6118f3c189fc5a3316097429ea0acf + Revoked at: Wed Apr 09 15:37:05 UTC 2014 + Serial Number (hex): 00ae40badea0beb2a797066c435720bc1e + Revoked at: Wed Apr 09 15:43:49 UTC 2014 + Serial Number (hex): 008da4252812fdc81c4c191334c69226e0 + Revoked at: Wed Apr 09 17:09:35 UTC 2014 + Serial Number (hex): 00ada8bed1a38831406f6e74327403d48f + Revoked at: Wed Apr 09 17:13:01 UTC 2014 + Serial Number (hex): 7a09129f5f17039fdbfaa092f7992232 + Revoked at: Wed Apr 09 17:16:50 UTC 2014 + Serial Number (hex): 084fd91d18231584aa7b0284a44041cb + Revoked at: Wed Apr 09 17:17:05 UTC 2014 + Serial Number (hex): 00e35e1850f9acdacaba12089f3c4b4f8e + Revoked at: Wed Apr 09 17:31:12 UTC 2014 + Serial Number (hex): 00f17d861e3d1f5ccbe2de82d54484f1f1 + Revoked at: Wed Apr 09 17:44:03 UTC 2014 + Serial Number (hex): 0dbaf03c6c9d9accaaf3e7f78e554fb8 + Revoked at: Wed Apr 09 17:44:17 UTC 2014 + Serial Number (hex): 22d95f36ff09323a186745c5d3fd2af6 + Revoked at: Wed Apr 09 18:43:40 UTC 2014 + Serial Number (hex): 2ca26732b4b1cbd75d18d58aa3cda4df + Revoked at: Wed Apr 09 18:44:45 UTC 2014 + Serial Number (hex): 00c8adec9d62f1f4356470760db8b7bc24 + Revoked at: Wed Apr 09 18:45:29 UTC 2014 + Serial Number (hex): 0082e6c6a4d3815c15bea7964cf93ab5e1 + Revoked at: Wed Apr 09 19:05:26 UTC 2014 + Serial Number (hex): 46f242a5f150ecbe6bf7e723b32d7ac2 + Revoked at: Wed Apr 09 19:12:22 UTC 2014 + Serial Number (hex): 36a11849f0a1a2f64dbbe0a59ec2c895 + Revoked at: Wed Apr 09 19:15:19 UTC 2014 + Serial Number (hex): 00bb8b60a5529e0bbc9527885c1b139a7c + Revoked at: Wed Apr 09 19:26:16 UTC 2014 + Serial Number (hex): 3448d35a1546b804f6e98c0135df3bce + Revoked at: Wed Apr 09 19:30:21 UTC 2014 + Serial Number (hex): 7c5b9352c1b0de37078e3cbdb4b085e1 + Revoked at: Wed Apr 09 20:19:57 UTC 2014 + Serial Number (hex): 6d5f49749afb0f96cd080af7f595e760 + Revoked at: Wed Apr 09 20:28:28 UTC 2014 + Serial Number (hex): 00c2ee4e02c48ecc30cca5dbf5e471a7c1 + Revoked at: Wed Apr 09 20:28:45 UTC 2014 + Serial Number (hex): 613f3d721fb86198461520ccf0bdd1e6 + Revoked at: Wed Apr 09 20:37:30 UTC 2014 + Serial Number (hex): 22a13ef930a9f6b62b137b3f6c9676da + Revoked at: Wed Apr 09 20:37:59 UTC 2014 + Serial Number (hex): 00e270261d8d20ae089862396b72bffea3 + Revoked at: Wed Apr 09 20:54:35 UTC 2014 + Serial Number (hex): 00957bd0cd25bb553be9ac106835b49f28 + Revoked at: Wed Apr 09 21:01:19 UTC 2014 + Serial Number (hex): 00f57415754c3ec13647386b44c5cacb5e + Revoked at: Wed Apr 09 21:01:28 UTC 2014 + Serial Number (hex): 008be132f67f6b06b6f2aad59d62e15402 + Revoked at: Wed Apr 09 21:10:47 UTC 2014 + Serial Number (hex): 0084a15dd7a39f747b17d8e191823f5428 + Revoked at: Wed Apr 09 21:13:14 UTC 2014 + Serial Number (hex): 6fad129ce1e1a9c45c7c7fe21684e99f + Revoked at: Wed Apr 09 22:25:06 UTC 2014 + Serial Number (hex): 00b1091ab800e21fc6fccef5af51a1a5e6 + Revoked at: Wed Apr 09 22:34:13 UTC 2014 + Serial Number (hex): 00e76d18c51ae02171a01fd3393bfb2f28 + Revoked at: Thu Apr 10 00:06:23 UTC 2014 + Serial Number (hex): 4a88db7014d90fb262713946531a538a + Revoked at: Thu Apr 10 00:37:17 UTC 2014 + Serial Number (hex): 13bb1bbbf24f162cff37575656b9690a + Revoked at: Thu Apr 10 05:37:06 UTC 2014 + Serial Number (hex): 00ad93a88ac74aacf0e1c3b29707305e16 + Revoked at: Thu Apr 10 05:37:25 UTC 2014 + Serial Number (hex): 175ce0283746ae3a96ddfb6394cf6a42 + Revoked at: Thu Apr 10 07:04:53 UTC 2014 + Serial Number (hex): 216f097392b67c6529bf3fa10dd68aab + Revoked at: Thu Apr 10 07:49:17 UTC 2014 + Serial Number (hex): 54a010344a7bf194ebb86e0d82394847 + Revoked at: Thu Apr 10 08:40:25 UTC 2014 + Serial Number (hex): 008ac0ac0e6bf433480282369fecb550bb + Revoked at: Thu Apr 10 08:52:22 UTC 2014 + Serial Number (hex): 4ebb9ead2e79962d3356a82453d34a5d + Revoked at: Thu Apr 10 09:44:04 UTC 2014 + Serial Number (hex): 231f4758a6cf48ff2794f80556447e88 + Revoked at: Thu Apr 10 10:14:10 UTC 2014 + Serial Number (hex): 00ef084afabbe84cb115ce21fdcebaf137 + Revoked at: Thu Apr 10 10:35:01 UTC 2014 + Serial Number (hex): 73474dcd5cf759f8d177d8d67bd0ffb4 + Revoked at: Thu Apr 10 11:00:57 UTC 2014 + Serial Number (hex): 00b97e5185c16dec4bb389fcff2567442d + Revoked at: Thu Apr 10 11:12:54 UTC 2014 + Serial Number (hex): 00e7bee0762ab72cd2f4e90c65867cdafa + Revoked at: Thu Apr 10 11:29:31 UTC 2014 + Serial Number (hex): 6426fe1f29eec2ccb9c540f42ebcddb0 + Revoked at: Thu Apr 10 11:38:10 UTC 2014 + Serial Number (hex): 733661e7361120951a33b72e1635513b + Revoked at: Thu Apr 10 11:54:15 UTC 2014 + Serial Number (hex): 00fca6b6c8c08af1a61483e1bc8e957317 + Revoked at: Thu Apr 10 12:06:24 UTC 2014 + Serial Number (hex): 00bb29512d013e7096a7a01f26f3bededf + Revoked at: Thu Apr 10 12:14:38 UTC 2014 + Serial Number (hex): 5ec6de624fd549f2147a9cc12f9aa2a2 + Revoked at: Thu Apr 10 12:48:51 UTC 2014 + Serial Number (hex): 00f94132d11b6645e6f78c93a552d5a180 + Revoked at: Thu Apr 10 12:54:57 UTC 2014 + Serial Number (hex): 725f487419697a6ca78d2e89efe98ece + Revoked at: Thu Apr 10 13:00:22 UTC 2014 + Serial Number (hex): 1d031c55101cb16eada46f9bd68eacec + Revoked at: Thu Apr 10 13:10:13 UTC 2014 + Serial Number (hex): 21e9c006d9967cc8e408645599ffd707 + Revoked at: Thu Apr 10 13:35:02 UTC 2014 + Serial Number (hex): 1987ecbea5710ae871e1b7415ecc5113 + Revoked at: Thu Apr 10 13:44:29 UTC 2014 + Serial Number (hex): 00f3580dd2b926b7a9eac14f99cd65bcc3 + Revoked at: Thu Apr 10 13:45:17 UTC 2014 + Serial Number (hex): 00bef20a6a63551c7226facff5113fa989 + Revoked at: Thu Apr 10 13:47:49 UTC 2014 + Serial Number (hex): 058ff5d4e1a9d3379b773c868d1b424d + Revoked at: Thu Apr 10 13:54:37 UTC 2014 + Serial Number (hex): 009f96ac80cdb213c093adbff1fd17de11 + Revoked at: Thu Apr 10 13:55:05 UTC 2014 + Serial Number (hex): 00e2a7c201f8e24ab4ef57382b8b22ad20 + Revoked at: Thu Apr 10 13:55:31 UTC 2014 + Serial Number (hex): 00a81e9b64449950257a155bb64fe24383 + Revoked at: Thu Apr 10 13:55:55 UTC 2014 + Serial Number (hex): 00f77fab3c660a37409d8cfc7efaae10ff + Revoked at: Thu Apr 10 13:56:17 UTC 2014 + Serial Number (hex): 00c6bb9cce71b579f66ec3ec24bf260fe2 + Revoked at: Thu Apr 10 13:56:44 UTC 2014 + Serial Number (hex): 0e488f2dad5d774af24a908a1d0deb5e + Revoked at: Thu Apr 10 13:57:11 UTC 2014 + Serial Number (hex): 120fb537ee86c98126d9efc4c5a3b1cb + Revoked at: Thu Apr 10 14:16:20 UTC 2014 + Serial Number (hex): 4fb701bceab62d5a70b057b5d732e9f3 + Revoked at: Thu Apr 10 14:17:17 UTC 2014 + Serial Number (hex): 00cbefd9b415c4cdc71fd3600280df1d7f + Revoked at: Thu Apr 10 14:20:46 UTC 2014 + Serial Number (hex): 48cd2cf5c85be73dc05700802b6811cf + Revoked at: Thu Apr 10 14:22:58 UTC 2014 + Serial Number (hex): 6b8bcced5ec1d92be6042f124142c96e + Revoked at: Thu Apr 10 14:26:10 UTC 2014 + Serial Number (hex): 11eeac9a6c5654c68f088f05a080d3e1 + Revoked at: Thu Apr 10 14:27:33 UTC 2014 + Serial Number (hex): 00cdb6ed487b01efbc9507a9d08c58bc93 + Revoked at: Thu Apr 10 14:31:00 UTC 2014 + Serial Number (hex): 00fabfab722bf8dd6e003596a5bb2db11c + Revoked at: Thu Apr 10 14:31:19 UTC 2014 + Serial Number (hex): 00b58087ed5fa6a1db917ccc43020467b9 + Revoked at: Thu Apr 10 14:31:40 UTC 2014 + Serial Number (hex): 00f86be18aac4e8d09c1da87aa52120f29 + Revoked at: Thu Apr 10 14:43:44 UTC 2014 + Serial Number (hex): 0c322c70753ce45581d11c408ad854fb + Revoked at: Thu Apr 10 15:03:41 UTC 2014 + Serial Number (hex): 009c7b80e045d95d1ee4878371a6845695 + Revoked at: Thu Apr 10 15:23:48 UTC 2014 + Serial Number (hex): 7f34ee28fc9a2543e248a4ef1bf29d07 + Revoked at: Thu Apr 10 15:23:56 UTC 2014 + Serial Number (hex): 6e9afa724ded7b1a3557aca08b4c421a + Revoked at: Thu Apr 10 15:28:54 UTC 2014 + Serial Number (hex): 77ad7d4aebfd2487c65eaaed348eb801 + Revoked at: Thu Apr 10 15:34:46 UTC 2014 + Serial Number (hex): 008472488f36cdd3f470df0a4c98bfb02f + Revoked at: Thu Apr 10 15:34:49 UTC 2014 + Serial Number (hex): 00f489342116be626cf4dfa3d658805055 + Revoked at: Thu Apr 10 15:37:40 UTC 2014 + Serial Number (hex): 00847f5ca1b499689b5fa6e81ad75f40b3 + Revoked at: Thu Apr 10 15:38:36 UTC 2014 + Serial Number (hex): 00904107f5e27fd518d4b30d05e61969ab + Revoked at: Thu Apr 10 15:38:37 UTC 2014 + Serial Number (hex): 00979de5b1b35a0564a4e4bc279f7244bd + Revoked at: Thu Apr 10 16:07:40 UTC 2014 + Serial Number (hex): 68995a6e80f1a98f46c01a818cf75841 + Revoked at: Thu Apr 10 16:21:35 UTC 2014 + Serial Number (hex): 740888185a9318ad5c9c9e68e2cfd382 + Revoked at: Thu Apr 10 16:28:16 UTC 2014 + Serial Number (hex): 711fdc800cf1e38e149b6b8e147b2694 + Revoked at: Thu Apr 10 16:29:44 UTC 2014 + Serial Number (hex): 00f5f0379e0c4d09441200b8c779e0958d + Revoked at: Thu Apr 10 16:30:11 UTC 2014 + Serial Number (hex): 5cfe1712ac8643abb566de64a442a344 + Revoked at: Thu Apr 10 16:36:14 UTC 2014 + Serial Number (hex): 7c4ffafe1f46f197a6b848c4462958ac + Revoked at: Thu Apr 10 16:36:33 UTC 2014 + Serial Number (hex): 008336a89e6737056e7f9559165c3eb544 + Revoked at: Thu Apr 10 16:37:00 UTC 2014 + Serial Number (hex): 00de685e8ff8a4bf2fbc0d2bafc5fb4659 + Revoked at: Thu Apr 10 16:40:23 UTC 2014 + Serial Number (hex): 1765f62f46a89c25d1a407e602e1bfc9 + Revoked at: Thu Apr 10 16:47:14 UTC 2014 + Serial Number (hex): 5cb46e6631d066d32f7b41ca0de07861 + Revoked at: Thu Apr 10 17:02:45 UTC 2014 + Serial Number (hex): 12c0f04b7ac2146490f9cd1b8f7977fd + Revoked at: Thu Apr 10 17:13:02 UTC 2014 + Serial Number (hex): 19e6485cd25aec37bffad800c0f3abcc + Revoked at: Thu Apr 10 17:13:02 UTC 2014 + Serial Number (hex): 67a82de60f43f1eeae3cf2a32818745d + Revoked at: Thu Apr 10 17:13:03 UTC 2014 + Serial Number (hex): 32a0f0d2f58c2cf7d2938877e2af99a7 + Revoked at: Thu Apr 10 17:26:16 UTC 2014 + Serial Number (hex): 0095f7ea41acfb057c87a148905642378e + Revoked at: Thu Apr 10 17:37:20 UTC 2014 + Serial Number (hex): 00ae84289efe33ce0e7ff6c559f9864b4c + Revoked at: Thu Apr 10 17:48:59 UTC 2014 + Serial Number (hex): 049539684bde287531e56b841e266029 + Revoked at: Thu Apr 10 17:51:34 UTC 2014 + Serial Number (hex): 6bc225b19dd9231e1c5ebf0fdd882d1e + Revoked at: Thu Apr 10 17:52:00 UTC 2014 + Serial Number (hex): 00c5ae22cc6f159ee09fa70c53994f6f09 + Revoked at: Thu Apr 10 17:55:47 UTC 2014 + Serial Number (hex): 7660ae1c37958a9c8080e833f056babf + Revoked at: Thu Apr 10 17:57:34 UTC 2014 + Serial Number (hex): 00fb5a97a84ef937a3ba0441d63b523ba5 + Revoked at: Thu Apr 10 17:58:15 UTC 2014 + Serial Number (hex): 180c4e344a8181e813d9a8923563decd + Revoked at: Thu Apr 10 17:58:42 UTC 2014 + Serial Number (hex): 00fc8a826bfdebb3e25c5e135578ef3eec + Revoked at: Thu Apr 10 18:04:23 UTC 2014 + Serial Number (hex): 07f478c9f8046270c58d8ff60d1c3af9 + Revoked at: Thu Apr 10 18:07:27 UTC 2014 + Serial Number (hex): 00b44d0ec556675f76ec3dc5f93dc588fe + Revoked at: Thu Apr 10 18:22:52 UTC 2014 + Serial Number (hex): 00c0c71314a981468d36af9ed1e362e10f + Revoked at: Thu Apr 10 18:27:42 UTC 2014 + Serial Number (hex): 00ed037b149f972272552c66fd7d3de5c0 + Revoked at: Thu Apr 10 18:29:29 UTC 2014 + Serial Number (hex): 00d5db2680c29990fbb6f9d2cc2b1cf5e6 + Revoked at: Thu Apr 10 18:33:26 UTC 2014 + Serial Number (hex): 4de4a80b62e6df31bbd590bcbf3851ba + Revoked at: Thu Apr 10 18:44:05 UTC 2014 + Serial Number (hex): 00f53f221515c10449e4e632b6a56e403a + Revoked at: Thu Apr 10 18:44:39 UTC 2014 + Serial Number (hex): 00e3746396b24726999d781171b263e2bb + Revoked at: Thu Apr 10 18:44:53 UTC 2014 + Serial Number (hex): 3e5d98b686ce8df1366d660a930125c4 + Revoked at: Thu Apr 10 18:45:52 UTC 2014 + Serial Number (hex): 521b1351be11fc10131a308ba6dc8f66 + Revoked at: Thu Apr 10 18:47:07 UTC 2014 + Serial Number (hex): 3a10b0f6cb56f34e42b5c50232b3a33a + Revoked at: Thu Apr 10 18:49:14 UTC 2014 + Serial Number (hex): 27f32cf7619e9a2f0f1f4a161f92202f + Revoked at: Thu Apr 10 18:50:54 UTC 2014 + Serial Number (hex): 008ace1a12bf4f7ccacc15d9342b4b1069 + Revoked at: Thu Apr 10 19:10:48 UTC 2014 + Serial Number (hex): 623092700fa107e43555ccd9a63841d3 + Revoked at: Thu Apr 10 19:34:46 UTC 2014 + Serial Number (hex): 49192f3dbe350f6038f43faaf62d904f + Revoked at: Thu Apr 10 19:42:18 UTC 2014 + Serial Number (hex): 3a4b15bc95f348dc5d19255a3eec1487 + Revoked at: Thu Apr 10 19:53:21 UTC 2014 + Serial Number (hex): 7b377f46421df6e6258febe5ad8af187 + Revoked at: Thu Apr 10 20:18:13 UTC 2014 + Serial Number (hex): 5949d871f40d21e1656818764cd58a18 + Revoked at: Thu Apr 10 20:18:40 UTC 2014 + Serial Number (hex): 57c90500e2e4e55f73b046520decc763 + Revoked at: Thu Apr 10 20:31:56 UTC 2014 + Serial Number (hex): 5bc15cd4c87a835743ffe619e7109974 + Revoked at: Thu Apr 10 20:48:59 UTC 2014 + Serial Number (hex): 7b05cf8a4fbcdf54b5f99f19f3bb498f + Revoked at: Thu Apr 10 20:53:38 UTC 2014 + Serial Number (hex): 2f5a2790597c809225090c4b61068ed2 + Revoked at: Thu Apr 10 21:04:50 UTC 2014 + Serial Number (hex): 0d678e190b076f19829c4c28531ca05f + Revoked at: Thu Apr 10 21:05:23 UTC 2014 + Serial Number (hex): 00f2c3008a239bc86b1e5bb0c9afa420f2 + Revoked at: Thu Apr 10 21:05:59 UTC 2014 + Serial Number (hex): 00a3880c23921550192d8e239a41fb2b6b + Revoked at: Thu Apr 10 21:06:31 UTC 2014 + Serial Number (hex): 00ebb70acd6719ef4ba0c7f2552754a5c6 + Revoked at: Thu Apr 10 21:17:03 UTC 2014 + Serial Number (hex): 48ace76563a02daf935431952783dcda + Revoked at: Thu Apr 10 22:21:18 UTC 2014 + Serial Number (hex): 00f31a2976085eaeaea9d560249e1b5d30 + Revoked at: Thu Apr 10 22:46:33 UTC 2014 + Serial Number (hex): 00f66aba5633703e7d741806f293618285 + Revoked at: Thu Apr 10 23:31:07 UTC 2014 + Serial Number (hex): 00b612c3702736c65f51899222df6428b8 + Revoked at: Thu Apr 10 23:31:52 UTC 2014 + Serial Number (hex): 3607cf08873d63ea41410a7828bd3836 + Revoked at: Thu Apr 10 23:32:27 UTC 2014 + Serial Number (hex): 38ab77f1e4501b7c8dc15de8904e17f2 + Revoked at: Thu Apr 10 23:33:10 UTC 2014 + Serial Number (hex): 6777583eddaff7700326f08150dc848c + Revoked at: Thu Apr 10 23:34:47 UTC 2014 + Serial Number (hex): 0b9e6f107fb6906f0308587e82cd0692 + Revoked at: Thu Apr 10 23:35:15 UTC 2014 + Serial Number (hex): 35c4bb10e14f316cc46df92d9298220a + Revoked at: Thu Apr 10 23:35:34 UTC 2014 + Serial Number (hex): 5c66decc808a5fb85dff6bd5e620bb22 + Revoked at: Thu Apr 10 23:36:22 UTC 2014 + Serial Number (hex): 0904dcdda3a7e351c5b2658c25958e45 + Revoked at: Thu Apr 10 23:36:49 UTC 2014 + Serial Number (hex): 00d8144004050e174a77ad8831c79b4e12 + Revoked at: Thu Apr 10 23:37:13 UTC 2014 + Serial Number (hex): 00e9b7d68f2f10bff7ef82ced913ea69b5 + Revoked at: Thu Apr 10 23:37:41 UTC 2014 + Serial Number (hex): 0086f57bf6c8fa97a2d1681af5fde52a62 + Revoked at: Thu Apr 10 23:38:01 UTC 2014 + Serial Number (hex): 4be9c77c124a18bb15eb641bb73cc897 + Revoked at: Thu Apr 10 23:39:18 UTC 2014 + Serial Number (hex): 00d76a542acbf07e3473a73f3d609d0aac + Revoked at: Thu Apr 10 23:42:04 UTC 2014 + Serial Number (hex): 0087518f3ec2b063bc9fd3ccf933a54e57 + Revoked at: Thu Apr 10 23:42:17 UTC 2014 + Serial Number (hex): 00dca3da6b281ca90ad3050eb2aa405cb3 + Revoked at: Thu Apr 10 23:42:59 UTC 2014 + Serial Number (hex): 27d40807437507dec36d7ba583b63c18 + Revoked at: Thu Apr 10 23:43:49 UTC 2014 + Serial Number (hex): 01b597e0ae2907ae1681521674057d8d + Revoked at: Thu Apr 10 23:46:43 UTC 2014 + Serial Number (hex): 10997d4acb8f421ec1a950d897d43035 + Revoked at: Thu Apr 10 23:47:43 UTC 2014 + Serial Number (hex): 00e52e2f646fa5ffc01f8362450b200644 + Revoked at: Thu Apr 10 23:47:48 UTC 2014 + Serial Number (hex): 00d98cb84eec356bd7a9125b17f27834d0 + Revoked at: Thu Apr 10 23:49:11 UTC 2014 + Serial Number (hex): 2512d510b42f8881825af8e25d3c0488 + Revoked at: Thu Apr 10 23:50:21 UTC 2014 + Serial Number (hex): 00fa1c19100316c999499d3fa877f25afd + Revoked at: Thu Apr 10 23:51:06 UTC 2014 + Serial Number (hex): 158303e924046bf6122f364b9c00c283 + Revoked at: Thu Apr 10 23:51:50 UTC 2014 + Serial Number (hex): 4990c6f85c67d1584e091611d1672b87 + Revoked at: Thu Apr 10 23:52:06 UTC 2014 + Serial Number (hex): 00d85f1e4491f0150a32c8e7bc59f636f3 + Revoked at: Thu Apr 10 23:52:33 UTC 2014 + Serial Number (hex): 73991ca7f5900376a91b8b0964a91705 + Revoked at: Thu Apr 10 23:52:49 UTC 2014 + Serial Number (hex): 689f5cae73edbc4497e400b5f585d8f5 + Revoked at: Thu Apr 10 23:52:56 UTC 2014 + Serial Number (hex): 00d154444b33fe3278def3fbe2493ba405 + Revoked at: Thu Apr 10 23:53:37 UTC 2014 + Serial Number (hex): 55b33e9b2b811ccdb50b631793d601f3 + Revoked at: Thu Apr 10 23:54:48 UTC 2014 + Serial Number (hex): 00f17d0e992f8b94fa96f8db0bf5034a98 + Revoked at: Thu Apr 10 23:55:11 UTC 2014 + Serial Number (hex): 07ae534f2c16428efcd86075f5c0e024 + Revoked at: Thu Apr 10 23:55:37 UTC 2014 + Serial Number (hex): 00d9850a956bcc768b350590ed568a7cf6 + Revoked at: Thu Apr 10 23:58:48 UTC 2014 + Serial Number (hex): 00f242d34e933c3bbb550c2e980ccf2fe8 + Revoked at: Thu Apr 10 23:59:27 UTC 2014 + Serial Number (hex): 0088dee0b0ffbebf84499848eb3b3848e8 + Revoked at: Thu Apr 10 23:59:58 UTC 2014 + Serial Number (hex): 06612e3ec9744488bd8a4e3c05338c5b + Revoked at: Fri Apr 11 00:15:58 UTC 2014 + Serial Number (hex): 632db3b3e01386c57394a461095c7bf9 + Revoked at: Fri Apr 11 00:27:16 UTC 2014 + Serial Number (hex): 03a4920a7af6cfb676684160d6e10b52 + Revoked at: Fri Apr 11 00:32:12 UTC 2014 + Serial Number (hex): 00da016eb00958cc8d725b0dae290b9054 + Revoked at: Fri Apr 11 01:01:19 UTC 2014 + Serial Number (hex): 00a443f9b746684771af7dac6a38de1b + Revoked at: Fri Apr 11 01:59:49 UTC 2014 + Serial Number (hex): 34fea3576317d596d5d3ca096660544b + Revoked at: Fri Apr 11 02:03:34 UTC 2014 + Serial Number (hex): 00aea3a4d852bfcc073237544bb5b373e4 + Revoked at: Fri Apr 11 02:41:39 UTC 2014 + Serial Number (hex): 6d83bab0dde67cd9eef3c04972aac060 + Revoked at: Fri Apr 11 02:52:06 UTC 2014 + Serial Number (hex): 2c0f175da740326c1ebbafdf2ca3ef94 + Revoked at: Fri Apr 11 03:29:30 UTC 2014 + Serial Number (hex): 2f3d6fb5a20794e0398eef12206b9746 + Revoked at: Fri Apr 11 04:01:54 UTC 2014 + Serial Number (hex): 438b064a322e36e56e623818b7bd5f56 + Revoked at: Fri Apr 11 04:01:59 UTC 2014 + Serial Number (hex): 78a4163a0cd22053f808f11e543725cd + Revoked at: Fri Apr 11 04:02:05 UTC 2014 + Serial Number (hex): 2e83d46c88e147d168e98ef7d6b6ffea + Revoked at: Fri Apr 11 05:26:10 UTC 2014 + Serial Number (hex): 2d4f79e68de008c383084a5b7938a92f + Revoked at: Fri Apr 11 06:41:36 UTC 2014 + Serial Number (hex): 4fa306ad535ba7252bcee332141e5603 + Revoked at: Fri Apr 11 07:13:59 UTC 2014 + Serial Number (hex): 1612dd9e27c4e5b2810638bdd1cd29c6 + Revoked at: Fri Apr 11 08:11:45 UTC 2014 + Serial Number (hex): 00d1cbdca7f01a8c9ac09895464b001c97 + Revoked at: Fri Apr 11 08:19:46 UTC 2014 + Serial Number (hex): 00c37bdb3d54bfb7c654e606667c407a5b + Revoked at: Fri Apr 11 08:25:25 UTC 2014 + Serial Number (hex): 5b9e457a453c6c41b0a005a46d8fe647 + Revoked at: Fri Apr 11 08:59:28 UTC 2014 + Serial Number (hex): 00fca2fdffd9750b0fde5f46b4d5a1fa7c + Revoked at: Fri Apr 11 09:28:40 UTC 2014 + Serial Number (hex): 00ba4673c644a232ea234c96bf027a0b06 + Revoked at: Fri Apr 11 09:34:15 UTC 2014 + Serial Number (hex): 008b4dd48a305815749a1e3773a78c271b + Revoked at: Fri Apr 11 09:39:52 UTC 2014 + Serial Number (hex): 3914b8088a2ed3fca6510521d0ffdec1 + Revoked at: Fri Apr 11 10:31:27 UTC 2014 + Serial Number (hex): 008c4efeb8d838579293b0e891fe1ea5cf + Revoked at: Fri Apr 11 10:36:59 UTC 2014 + Serial Number (hex): 1c9a43429a80914faed4c20725d48a01 + Revoked at: Fri Apr 11 11:01:25 UTC 2014 + Serial Number (hex): 390391dfd7538fa5d4fea21a9e5bbf5f + Revoked at: Fri Apr 11 11:01:54 UTC 2014 + Serial Number (hex): 70bd5819cf5f76d0d456599de2c96a1c + Revoked at: Fri Apr 11 11:02:40 UTC 2014 + Serial Number (hex): 00f0d28d4234faaafe493c7943e38dd1e1 + Revoked at: Fri Apr 11 11:03:12 UTC 2014 + Serial Number (hex): 50ea1ed626dbda8bdb92bfabf686d756 + Revoked at: Fri Apr 11 11:11:17 UTC 2014 + Serial Number (hex): 0f3ea8b290b429f3816b323f46024661 + Revoked at: Fri Apr 11 11:11:45 UTC 2014 + Serial Number (hex): 00a8c7c835489d13744e6ede1bcaeb5cd9 + Revoked at: Fri Apr 11 11:12:03 UTC 2014 + Serial Number (hex): 00e15ee9296b2684a8d02bbd0b83d7e38d + Revoked at: Fri Apr 11 11:12:28 UTC 2014 + Serial Number (hex): 009f8f722e4bbe86068d8fe9e858a2400a + Revoked at: Fri Apr 11 11:12:47 UTC 2014 + Serial Number (hex): 27aac8c9e850a7db08341efddc29d547 + Revoked at: Fri Apr 11 11:13:10 UTC 2014 + Serial Number (hex): 38f2795fc6dc5e55f54bd3cc1de0c7c3 + Revoked at: Fri Apr 11 11:13:32 UTC 2014 + Serial Number (hex): 00e7243c28062d996f55029f890b002fa1 + Revoked at: Fri Apr 11 11:14:02 UTC 2014 + Serial Number (hex): 6fbc96fe5b81d1361a465701571e259b + Revoked at: Fri Apr 11 11:14:26 UTC 2014 + Serial Number (hex): 00b0d23159fc8508237d928922de70994c + Revoked at: Fri Apr 11 11:14:47 UTC 2014 + Serial Number (hex): 00e8bcd58dbe5cc395ee7fda82efbd21e6 + Revoked at: Fri Apr 11 11:16:16 UTC 2014 + Serial Number (hex): 31e82d2cacaba7d478d5f6397ade4166 + Revoked at: Fri Apr 11 11:46:18 UTC 2014 + Serial Number (hex): 34aef262752f456ea34c15b60fef0478 + Revoked at: Fri Apr 11 12:12:33 UTC 2014 + Serial Number (hex): 00e9cc44bd7f2bd463204369967885f629 + Revoked at: Fri Apr 11 12:23:10 UTC 2014 + Serial Number (hex): 72d60bee8b8db86bddbdad4fadd04dec + Revoked at: Fri Apr 11 12:26:03 UTC 2014 + Serial Number (hex): 00892cab31c6af21ff2d2d6f945a2ad9eb + Revoked at: Fri Apr 11 12:27:50 UTC 2014 + Serial Number (hex): 46d21b7f593ffca5dd99bb6b3d55f932 + Revoked at: Fri Apr 11 12:40:02 UTC 2014 + Serial Number (hex): 00e6303b1c4ae67eb09e09fc47643ec39c + Revoked at: Fri Apr 11 13:07:50 UTC 2014 + Serial Number (hex): 3da8fada35e958e80f877ea81918b428 + Revoked at: Fri Apr 11 13:11:28 UTC 2014 + Serial Number (hex): 00d0bf6c035924390f9552ac8f5f804708 + Revoked at: Fri Apr 11 13:12:12 UTC 2014 + Serial Number (hex): 3d4087358aa34f1f5e33e32361b8a92f + Revoked at: Fri Apr 11 13:14:06 UTC 2014 + Serial Number (hex): 1c327f4e50ef1f559016fa61ac750098 + Revoked at: Fri Apr 11 13:18:53 UTC 2014 + Serial Number (hex): 686fce9043212696ffaa3d8796a45c68 + Revoked at: Fri Apr 11 13:20:50 UTC 2014 + Serial Number (hex): 7d2b10064d3b04686acf15b8b2b51e97 + Revoked at: Fri Apr 11 13:23:00 UTC 2014 + Serial Number (hex): 0092c49f73a6e7ea45b7e37ea46615cc23 + Revoked at: Fri Apr 11 13:23:01 UTC 2014 + Serial Number (hex): 529bba1bec91e49ec22fc0f7e0a33fab + Revoked at: Fri Apr 11 13:23:07 UTC 2014 + Serial Number (hex): 0dea236b3e54704021fe490ce1be1bf2 + Revoked at: Fri Apr 11 13:29:02 UTC 2014 + Serial Number (hex): 4b636a4c1894b4987deefaa973854789 + Revoked at: Fri Apr 11 13:29:35 UTC 2014 + Serial Number (hex): 00f4f6d89be68e22de78255822e9215f91 + Revoked at: Fri Apr 11 13:30:17 UTC 2014 + Serial Number (hex): 5b2647bc02f14f2d6ecba36e5c1e919b + Revoked at: Fri Apr 11 13:36:23 UTC 2014 + Serial Number (hex): 23dd705419a745dbe05b29b4727d8077 + Revoked at: Fri Apr 11 13:36:55 UTC 2014 + Serial Number (hex): 00c1cfe2ad7a943bb0d8c48e60a6cfb745 + Revoked at: Fri Apr 11 13:37:06 UTC 2014 + Serial Number (hex): 00b8ac2dd87b7e7512a7d9e3fe9b6f1b4e + Revoked at: Fri Apr 11 13:41:27 UTC 2014 + Serial Number (hex): 00bdbff5604ba1ca8f64382a839af3f3e5 + Revoked at: Fri Apr 11 13:42:34 UTC 2014 + Serial Number (hex): 0098d26f32ee3f921926f15cde775c147c + Revoked at: Fri Apr 11 13:51:42 UTC 2014 + Serial Number (hex): 00f2389030d40a7a5750db2557dbf53186 + Revoked at: Fri Apr 11 13:59:06 UTC 2014 + Serial Number (hex): 00d7b744181197ffec07f1ecdd8b78923e + Revoked at: Fri Apr 11 14:03:33 UTC 2014 + Serial Number (hex): 00e60459002c73eabdfcf26953cf00edc5 + Revoked at: Fri Apr 11 14:05:37 UTC 2014 + Serial Number (hex): 0081528cc8d7a240c68987d2070c8fb15b + Revoked at: Fri Apr 11 14:06:43 UTC 2014 + Serial Number (hex): 2a95ba3d3e6447961076f4b67f8deee7 + Revoked at: Fri Apr 11 14:09:58 UTC 2014 + Serial Number (hex): 62c93747d4cda5bcc3e4b6be04bf074b + Revoked at: Fri Apr 11 14:11:55 UTC 2014 + Serial Number (hex): 00f04bc382b8a9a3e4cec50792cbd3b69d + Revoked at: Fri Apr 11 14:14:08 UTC 2014 + Serial Number (hex): 6e116954005604f57fa4540c3ba80971 + Revoked at: Fri Apr 11 14:23:52 UTC 2014 + Serial Number (hex): 7c032217cb4318ad500cad91549467de + Revoked at: Fri Apr 11 14:24:52 UTC 2014 + Serial Number (hex): 13e300825565566a658b7b1e9c98bf03 + Revoked at: Fri Apr 11 14:26:02 UTC 2014 + Serial Number (hex): 411bcf4c6eb69304531b7b65aee3d684 + Revoked at: Fri Apr 11 14:27:01 UTC 2014 + Serial Number (hex): 00a46e6526ac53050f66af1b6d1c2ac4fa + Revoked at: Fri Apr 11 14:29:18 UTC 2014 + Serial Number (hex): 00a38348ca3b10603f10bd535dbabbb918 + Revoked at: Fri Apr 11 14:29:43 UTC 2014 + Serial Number (hex): 12b9e32bf111cfe945030572ee22a329 + Revoked at: Fri Apr 11 14:33:51 UTC 2014 + Serial Number (hex): 00f98bfe6461a2123e77198f32fc6e2430 + Revoked at: Fri Apr 11 14:36:40 UTC 2014 + Serial Number (hex): 00c656473a8c69cf0389f958df0cbe8629 + Revoked at: Fri Apr 11 14:40:31 UTC 2014 + Serial Number (hex): 0093b3737c0a4c55883a0e0926abf36d13 + Revoked at: Fri Apr 11 14:40:41 UTC 2014 + Serial Number (hex): 008a2ddaca3fe3ae87245626628c30f01b + Revoked at: Fri Apr 11 14:40:56 UTC 2014 + Serial Number (hex): 78bbdbd63c34795b35dd26e3db384c22 + Revoked at: Fri Apr 11 14:55:02 UTC 2014 + Serial Number (hex): 00b23216cc65f2316e3583f752f5469c73 + Revoked at: Fri Apr 11 15:05:19 UTC 2014 + Serial Number (hex): 00bbb30bd878f1f8624bd1c5814e50bd5f + Revoked at: Fri Apr 11 15:06:04 UTC 2014 + Serial Number (hex): 0104d3c1783ccbfc268652ffe4d88d9b + Revoked at: Fri Apr 11 15:06:59 UTC 2014 + Serial Number (hex): 00c81ed644a49be11b1ac3031f757f5991 + Revoked at: Fri Apr 11 15:09:13 UTC 2014 + Serial Number (hex): 00c42cb1e25a77d8f9a2c9db4984ebcc76 + Revoked at: Fri Apr 11 15:10:12 UTC 2014 + Serial Number (hex): 008a0fad210cd3cd8aab51e31528f25906 + Revoked at: Fri Apr 11 15:10:30 UTC 2014 + Serial Number (hex): 31f04cde92e605edfb0f58ac18f78bec + Revoked at: Fri Apr 11 15:20:40 UTC 2014 + Serial Number (hex): 5ea736408d86b49e0c7931a2de3acd26 + Revoked at: Fri Apr 11 15:21:01 UTC 2014 + Serial Number (hex): 00889a0f3e69ffe40c021d964f9e258e50 + Revoked at: Fri Apr 11 15:22:37 UTC 2014 + Serial Number (hex): 00f0810faa7af806786c55c0c6ec370d2b + Revoked at: Fri Apr 11 15:27:58 UTC 2014 + Serial Number (hex): 13b7d59ba2294c3d4fa77d845b169706 + Revoked at: Fri Apr 11 16:08:19 UTC 2014 + Serial Number (hex): 21850a70bb2a6d3d9bad330b7a609685 + Revoked at: Fri Apr 11 16:43:51 UTC 2014 + Serial Number (hex): 2ac4ce5c9d511686fc0f741ec8f2ded4 + Revoked at: Fri Apr 11 16:52:41 UTC 2014 + Serial Number (hex): 00c69c0ba5f31c9f1ace9655c13c7c3e34 + Revoked at: Fri Apr 11 17:09:07 UTC 2014 + Serial Number (hex): 77c8a082d2a564f1171451c07c66ff06 + Revoked at: Fri Apr 11 17:29:22 UTC 2014 + Serial Number (hex): 00c27dbc96fe04db5b4a3c2c9407332538 + Revoked at: Fri Apr 11 17:33:08 UTC 2014 + Serial Number (hex): 00f14e84e2abd48605440adf70fa4c6a3c + Revoked at: Fri Apr 11 17:42:53 UTC 2014 + Serial Number (hex): 43a4c773d8ffacfc34e4830375d6b1f4 + Revoked at: Fri Apr 11 17:48:26 UTC 2014 + Serial Number (hex): 3ebf55c93af2fde5d88b887133dc4437 + Revoked at: Fri Apr 11 17:48:53 UTC 2014 + Serial Number (hex): 0095bbeea011f197aeb4ee5dee63bbaf56 + Revoked at: Fri Apr 11 17:49:47 UTC 2014 + Serial Number (hex): 00b76dcd4f30944cba35fd8989da297b2d + Revoked at: Fri Apr 11 17:55:10 UTC 2014 + Serial Number (hex): 00d43f6c41e825f81a324fe672559357dd + Revoked at: Fri Apr 11 18:12:41 UTC 2014 + Serial Number (hex): 44f0bedd92936addbd8baa09518eb92a + Revoked at: Fri Apr 11 18:13:31 UTC 2014 + Serial Number (hex): 07bf8d8b7483d75dedc7827a50d69846 + Revoked at: Fri Apr 11 18:13:36 UTC 2014 + Serial Number (hex): 00a25986790182cf27f2ae7a43f5732431 + Revoked at: Fri Apr 11 18:16:28 UTC 2014 + Serial Number (hex): 1121436237615dd845a3ffde5201f96a + Revoked at: Fri Apr 11 18:26:18 UTC 2014 + Serial Number (hex): 52f07f07b8868650d8012867e4306ac2 + Revoked at: Fri Apr 11 18:26:37 UTC 2014 + Serial Number (hex): 271a9e5710aff0008a7068f055b993d0 + Revoked at: Fri Apr 11 18:26:50 UTC 2014 + Serial Number (hex): 00900f4dc213ad7eb95b1666ed387307c4 + Revoked at: Fri Apr 11 18:28:11 UTC 2014 + Serial Number (hex): 57ef127aecfabd985e17873b59418673 + Revoked at: Fri Apr 11 18:42:27 UTC 2014 + Serial Number (hex): 00a9bd133af9f75503bd0ada99b5b380d4 + Revoked at: Fri Apr 11 18:42:56 UTC 2014 + Serial Number (hex): 008f6ddb37b27ec312beef340cf90e1019 + Revoked at: Fri Apr 11 18:43:40 UTC 2014 + Serial Number (hex): 00bd4e45b8150c3725450bac3887dee6cd + Revoked at: Fri Apr 11 18:44:08 UTC 2014 + Serial Number (hex): 0915da06b8ee15936a70d28f2b518153 + Revoked at: Fri Apr 11 18:44:44 UTC 2014 + Serial Number (hex): 648b6fbcea08a87b418f5d8f86e9b6cd + Revoked at: Fri Apr 11 18:46:11 UTC 2014 + Serial Number (hex): 00f7539f83536c8118aa1f28c7df2d63b7 + Revoked at: Fri Apr 11 18:47:51 UTC 2014 + Serial Number (hex): 27e9c74d1a47fc25ff7542467dbd0598 + Revoked at: Fri Apr 11 19:33:49 UTC 2014 + Serial Number (hex): 25e82dafd354cdc1b95c0af5184ebc73 + Revoked at: Fri Apr 11 19:33:58 UTC 2014 + Serial Number (hex): 2eea81df1dc8c8cf80c91884ff26b4 + Revoked at: Fri Apr 11 19:34:55 UTC 2014 + Serial Number (hex): 1fcf462783ab544edf6fd1a0ef1294a4 + Revoked at: Fri Apr 11 20:29:47 UTC 2014 + Serial Number (hex): 00e6e91d68b212fa554f878dcf1abbbbff + Revoked at: Fri Apr 11 20:29:58 UTC 2014 + Serial Number (hex): 5ff1cc2e5a22f596737e160770211c33 + Revoked at: Fri Apr 11 20:30:13 UTC 2014 + Serial Number (hex): 0089566c8e5c5dd8f171142aa083592f2a + Revoked at: Fri Apr 11 20:30:28 UTC 2014 + Serial Number (hex): 00b686d75e80bf6f61db8bd292790c9937 + Revoked at: Fri Apr 11 20:30:42 UTC 2014 + Serial Number (hex): 4c72e2e9ce193b2550bed1353804afc6 + Revoked at: Fri Apr 11 20:38:28 UTC 2014 + Serial Number (hex): 008ad95cf548c6034dcd218a027a713978 + Revoked at: Fri Apr 11 20:38:33 UTC 2014 + Serial Number (hex): 009e1514cd39e8b9aba879c8ec412d7930 + Revoked at: Fri Apr 11 20:45:30 UTC 2014 + Serial Number (hex): 340a2fbaf654e723807b752d537d72ea + Revoked at: Fri Apr 11 20:59:45 UTC 2014 + Serial Number (hex): 6d4a980634158799a17f22ee6b1b0d1f + Revoked at: Fri Apr 11 21:18:03 UTC 2014 + Serial Number (hex): 04c16d951cf6b42f83e54e036a5f0a23 + Revoked at: Fri Apr 11 21:18:36 UTC 2014 + Serial Number (hex): 00ebb699d39a29bc6d003d9928cd69188c + Revoked at: Fri Apr 11 21:18:40 UTC 2014 + Serial Number (hex): 00a6ae1f488d8dbed11d7a993b591b2a7d + Revoked at: Fri Apr 11 21:23:32 UTC 2014 + Serial Number (hex): 68397a9c6ef6dda9db198d06e44b34ee + Revoked at: Fri Apr 11 21:28:36 UTC 2014 + Serial Number (hex): 6d7afd84f6725169e0f739c810dadb6b + Revoked at: Fri Apr 11 21:32:45 UTC 2014 + Serial Number (hex): 00b613d09ef72c0fe18dec004be08910ff + Revoked at: Fri Apr 11 21:38:12 UTC 2014 + Serial Number (hex): 00aad47b8e834c581b485bbc3920884003 + Revoked at: Fri Apr 11 21:42:01 UTC 2014 + Serial Number (hex): 7f6dc0a2e92835e2ec31a77f4aee66d4 + Revoked at: Fri Apr 11 21:45:07 UTC 2014 + Serial Number (hex): 5954581b9e42d0656ea1f46cc8b765d7 + Revoked at: Fri Apr 11 21:45:45 UTC 2014 + Serial Number (hex): 4da7d77ef8d2b9e098d8edf2317c7b15 + Revoked at: Fri Apr 11 21:56:57 UTC 2014 + Serial Number (hex): 00b44a0b061acbfa25750975ed4f025278 + Revoked at: Fri Apr 11 22:18:27 UTC 2014 + Serial Number (hex): 032779af86111ebfc1aebea61e9a2175 + Revoked at: Sat Apr 12 00:26:42 UTC 2014 + Serial Number (hex): 7951e2b77d2ca8e087a9143cc77a6fc0 + Revoked at: Sat Apr 12 00:39:46 UTC 2014 + Serial Number (hex): 405be4ebdfd9466feb995c2b82c61996 + Revoked at: Sat Apr 12 02:11:01 UTC 2014 + Serial Number (hex): 0085719a6c8b70ff749bdaab1d92553c68 + Revoked at: Sat Apr 12 08:11:29 UTC 2014 + Serial Number (hex): 1fb295e7bb43f0867485252ff756ed3e + Revoked at: Sat Apr 12 08:43:25 UTC 2014 + Serial Number (hex): 00fa633d3669175414df7d25cf9cf499df + Revoked at: Sat Apr 12 09:05:15 UTC 2014 + Serial Number (hex): 306d7ba96d0a0e2a1f03b12d44a340ed + Revoked at: Sat Apr 12 10:08:57 UTC 2014 + Serial Number (hex): 53e6451a84f431c6a0cdcd16721bd6ac + Revoked at: Sat Apr 12 15:49:59 UTC 2014 + Serial Number (hex): 0093770c8ae1ec4e3dbdf9dac24da358d1 + Revoked at: Sat Apr 12 17:13:04 UTC 2014 + Serial Number (hex): 3b74261133c93b4cac01399dbd61f701 + Revoked at: Sat Apr 12 17:13:05 UTC 2014 + Serial Number (hex): 00c67aa6407275ec73353f3e6a8a205206 + Revoked at: Sat Apr 12 17:13:07 UTC 2014 + Serial Number (hex): 781f6b70994c33c1bc8c3a4865d46eaa + Revoked at: Sat Apr 12 17:13:07 UTC 2014 + Serial Number (hex): 00ab0e8cd45904ae58e0679a216f0a1046 + Revoked at: Sat Apr 12 17:13:07 UTC 2014 + Serial Number (hex): 44fbf2ef659af4d7c01cbe40770b37ba + Revoked at: Sat Apr 12 17:18:12 UTC 2014 + Serial Number (hex): 00e5f690fd3220962d8c9aa31a8f874814 + Revoked at: Sat Apr 12 17:30:32 UTC 2014 + Serial Number (hex): 37e4a4b41679a0214e31bfe8546b19ec + Revoked at: Sat Apr 12 18:01:20 UTC 2014 + Serial Number (hex): 00b12d626bd7383f4340833791cee4c55b + Revoked at: Sat Apr 12 23:18:47 UTC 2014 + Serial Number (hex): 32599f1676cd050d7cbdaa17b81bf9c0 + Revoked at: Sun Apr 13 03:39:44 UTC 2014 + Serial Number (hex): 00cc2c11d2af6e117896bf1462f9713572 + Revoked at: Sun Apr 13 03:39:51 UTC 2014 + Serial Number (hex): 347fc31776f404b5fa600030d8be1421 + Revoked at: Sun Apr 13 06:13:06 UTC 2014 + Serial Number (hex): 009fac1a7ee386fd037bc4dd2436371cea + Revoked at: Sun Apr 13 14:40:26 UTC 2014 + Serial Number (hex): 7344177ae3583862f9010d3be0169ca6 + Revoked at: Sun Apr 13 16:15:53 UTC 2014 + Serial Number (hex): 008b2c9b8691996336617c83c135e1c28b + Revoked at: Sun Apr 13 17:04:33 UTC 2014 + Serial Number (hex): 00b6a8fcebcd314c64f5813129ec784a5c + Revoked at: Sun Apr 13 17:13:04 UTC 2014 + Serial Number (hex): 00d33248beef398fb9cede7db7182770fc + Revoked at: Sun Apr 13 17:13:04 UTC 2014 + Serial Number (hex): 3fd722f5d42d3224bfbf5608225e31d1 + Revoked at: Sun Apr 13 17:13:05 UTC 2014 + Serial Number (hex): 009edd28d69c3a9998bd825915e98658ef + Revoked at: Sun Apr 13 17:39:03 UTC 2014 + Serial Number (hex): 700566c4c2b38454ff1dd30d59393958 + Revoked at: Sun Apr 13 18:05:43 UTC 2014 + Serial Number (hex): 0086fd41f7004e34d2eb8f868e98103545 + Revoked at: Sun Apr 13 18:06:25 UTC 2014 + Serial Number (hex): 09a8290cec961f56e9d66d26438d5c72 + Revoked at: Sun Apr 13 19:46:54 UTC 2014 + Serial Number (hex): 00b34ba2cb50e4d5c23672eaea1de2052c + Revoked at: Sun Apr 13 20:53:39 UTC 2014 + Serial Number (hex): 008158ccdb38e0a48a85195bab7b134703 + Revoked at: Sun Apr 13 23:31:15 UTC 2014 + Serial Number (hex): 00ee53488fb2bfea34de4f0e304b63f794 + Revoked at: Mon Apr 14 01:00:18 UTC 2014 + Serial Number (hex): 00986224344ed7201a181c797b04324ca2 + Revoked at: Mon Apr 14 01:18:28 UTC 2014 + Serial Number (hex): 009ded61e75013f2200c735896e386ee76 + Revoked at: Mon Apr 14 03:42:08 UTC 2014 + Serial Number (hex): 009da921db143fc29090ccfa5b9a63fc7a + Revoked at: Mon Apr 14 03:42:39 UTC 2014 + Serial Number (hex): 00fd1b55ec658cdf62b0ea02347d8e9431 + Revoked at: Mon Apr 14 04:20:28 UTC 2014 + Serial Number (hex): 00a30d032ee46b2c2dabae6b4fe55006d2 + Revoked at: Mon Apr 14 07:12:37 UTC 2014 + Serial Number (hex): 71e4dee7e4c6661d48d4c17a8044e951 + Revoked at: Mon Apr 14 07:45:06 UTC 2014 + Serial Number (hex): 00cf547c852e7423001d213ba4ca170515 + Revoked at: Mon Apr 14 08:49:22 UTC 2014 + Serial Number (hex): 00f5c7de0c7f97b6618cef1afa6e8cf5b5 + Revoked at: Mon Apr 14 08:49:56 UTC 2014 + Serial Number (hex): 0a65fa22ab226bab4bf0edc699eb509d + Revoked at: Mon Apr 14 08:52:01 UTC 2014 + Serial Number (hex): 00ad32f165a8e256b2c8b0e35d53c3a313 + Revoked at: Mon Apr 14 08:52:48 UTC 2014 + Serial Number (hex): 4a0f7d790ff18b2f757a90e01dedde78 + Revoked at: Mon Apr 14 09:08:17 UTC 2014 + Serial Number (hex): 2aafca2b84ef0ed79648adc08b105e87 + Revoked at: Mon Apr 14 09:12:21 UTC 2014 + Serial Number (hex): 00835f4ee19da6745c6da038ba302c5bf7 + Revoked at: Mon Apr 14 09:51:09 UTC 2014 + Serial Number (hex): 3387b2a2617c12d3b1d0669d94f1ae76 + Revoked at: Mon Apr 14 09:52:27 UTC 2014 + Serial Number (hex): 00bdc593abff4d3b6eedd19b9ae8497f1d + Revoked at: Mon Apr 14 10:00:11 UTC 2014 + Serial Number (hex): 238ec294e8086d4c8804e16c3fe82979 + Revoked at: Mon Apr 14 10:16:51 UTC 2014 + Serial Number (hex): 1493ba43aa68a87d57a47bd1b809d38f + Revoked at: Mon Apr 14 11:15:46 UTC 2014 + Serial Number (hex): 00ac79d22cb657de673bc5c50b8b8d3572 + Revoked at: Mon Apr 14 11:19:39 UTC 2014 + Serial Number (hex): 6a585fbca5e03c4546cb166ba12d4718 + Revoked at: Mon Apr 14 11:33:48 UTC 2014 + Serial Number (hex): 008eca689edf9ac12ec9f3703c5df8a54b + Revoked at: Mon Apr 14 11:34:08 UTC 2014 + Serial Number (hex): 701fc2d305412903ac67c47d392ac8f3 + Revoked at: Mon Apr 14 11:45:52 UTC 2014 + Serial Number (hex): 6ffcba815236435486fdd3c79ae771da + Revoked at: Mon Apr 14 11:45:59 UTC 2014 + Serial Number (hex): 00d7a536161ebcf9264f5d6ee02230b21e + Revoked at: Mon Apr 14 11:46:05 UTC 2014 + Serial Number (hex): 00a2f02bb08e3fce7fbaa2858ff398b3f4 + Revoked at: Mon Apr 14 11:46:11 UTC 2014 + Serial Number (hex): 21146421b8623da9af1fbdb558be41e9 + Revoked at: Mon Apr 14 11:51:09 UTC 2014 + Serial Number (hex): 0098c3459caade41aaac258598ca3dd018 + Revoked at: Mon Apr 14 11:51:19 UTC 2014 + Serial Number (hex): 2a87d88582a82bd92b4ad826b8e8ddf0 + Revoked at: Mon Apr 14 11:51:26 UTC 2014 + Serial Number (hex): 009fd6d7ee0537e2e523d8e5adbb790cfb + Revoked at: Mon Apr 14 11:53:31 UTC 2014 + Serial Number (hex): 08a81dba0992a4fbfb850b9f053ea23a + Revoked at: Mon Apr 14 11:54:06 UTC 2014 + Serial Number (hex): 4f24b0ec84c227f8b94e8790d939bbf6 + Revoked at: Mon Apr 14 12:22:20 UTC 2014 + Serial Number (hex): 00e644b0d664b9cc7bfd2de975eeae9ee3 + Revoked at: Mon Apr 14 12:29:45 UTC 2014 + Serial Number (hex): 00cab63fb1c559b8f558ef798e3184d84a + Revoked at: Mon Apr 14 12:29:52 UTC 2014 + Serial Number (hex): 0c46e63a52ba3a6b555a698c2e662f1d + Revoked at: Mon Apr 14 13:08:56 UTC 2014 + Serial Number (hex): 00abd3d2c55ddc765829d6a253ceaa1e2b + Revoked at: Mon Apr 14 13:15:20 UTC 2014 + Serial Number (hex): 00d6165b7913481ac3313f3e1464f79c9c + Revoked at: Mon Apr 14 13:19:19 UTC 2014 + Serial Number (hex): 008aa44459378c1f3a3ce483cd44c6a36c + Revoked at: Mon Apr 14 13:19:22 UTC 2014 + Serial Number (hex): 008009ef15b02c16ead23434112304795a + Revoked at: Mon Apr 14 13:19:57 UTC 2014 + Serial Number (hex): 00b075533b302d400877ef9161d7a352ee + Revoked at: Mon Apr 14 13:20:33 UTC 2014 + Serial Number (hex): 00935b7c16af09e4a391c8b56820ede00b + Revoked at: Mon Apr 14 13:20:45 UTC 2014 + Serial Number (hex): 18be5133aa67f9c847c248c9a09ad9ab + Revoked at: Mon Apr 14 13:20:56 UTC 2014 + Serial Number (hex): 008c01a3f79c7f7da0f2bcb6bdc615fc3c + Revoked at: Mon Apr 14 13:21:10 UTC 2014 + Serial Number (hex): 1d4a80ccef17ee2672f2e06c11a46c9d + Revoked at: Mon Apr 14 13:21:14 UTC 2014 + Serial Number (hex): 15308e8ac50f2157229901bcfa2786fc + Revoked at: Mon Apr 14 13:22:24 UTC 2014 + Serial Number (hex): 569e087e0616dd9b742f0cb2bf0d6e0d + Revoked at: Mon Apr 14 13:22:35 UTC 2014 + Serial Number (hex): 00de340e23eb6be46f70dc8534c3b9a7b7 + Revoked at: Mon Apr 14 13:25:02 UTC 2014 + Serial Number (hex): 2c4ed49508937c577ad9dde2290708e7 + Revoked at: Mon Apr 14 13:26:45 UTC 2014 + Serial Number (hex): 00e8d0c1d52ea6dc433b9fbc21cdda6878 + Revoked at: Mon Apr 14 13:26:59 UTC 2014 + Serial Number (hex): 0b4ff812660d61ae2ef6bc02a399c40a + Revoked at: Mon Apr 14 13:27:10 UTC 2014 + Serial Number (hex): 00910f7442ca4c014644ff2d8924e85eb7 + Revoked at: Mon Apr 14 13:27:16 UTC 2014 + Serial Number (hex): 00b400b75c57be87fa3b36f66355eaff98 + Revoked at: Mon Apr 14 13:30:27 UTC 2014 + Serial Number (hex): 00854d447e2229a2029777803f04184882 + Revoked at: Mon Apr 14 13:30:37 UTC 2014 + Serial Number (hex): 0089a24aeede24283ea71d53d24a968d17 + Revoked at: Mon Apr 14 13:30:54 UTC 2014 + Serial Number (hex): 008bb7dfea9f9bafa66dd4cb2223977679 + Revoked at: Mon Apr 14 13:31:04 UTC 2014 + Serial Number (hex): 00801efa41435b8dbbf846375893a51b9d + Revoked at: Mon Apr 14 13:43:03 UTC 2014 + Serial Number (hex): 55dc3360dd1f1e8f422796224be986b0 + Revoked at: Mon Apr 14 13:43:10 UTC 2014 + Serial Number (hex): 00cb3501fe1b75e5e7135e167e8123637c + Revoked at: Mon Apr 14 13:47:48 UTC 2014 + Serial Number (hex): 008b6c4cb9e6c0cd17b1d2da2e4355a999 + Revoked at: Mon Apr 14 13:48:10 UTC 2014 + Serial Number (hex): 00c441fc4d639ba2598e5ccb9fde4df75b + Revoked at: Mon Apr 14 14:04:30 UTC 2014 + Serial Number (hex): 783bc738ad9d73857f3961f49b0daf0c + Revoked at: Mon Apr 14 14:09:41 UTC 2014 + Serial Number (hex): 00b234856ccd93b776e5fe2d4dfb73ec28 + Revoked at: Mon Apr 14 14:09:45 UTC 2014 + Serial Number (hex): 34798f8bd757c72701f1d5ddd4f8a6c2 + Revoked at: Mon Apr 14 14:09:47 UTC 2014 + Serial Number (hex): 00d25a38d57ec5cbec50f4188b6c84f827 + Revoked at: Mon Apr 14 14:09:50 UTC 2014 + Serial Number (hex): 24b597660da9a6bdca52b5070a270065 + Revoked at: Mon Apr 14 14:09:53 UTC 2014 + Serial Number (hex): 00d6695d620271728dbffc9e3db594741a + Revoked at: Mon Apr 14 14:09:56 UTC 2014 + Serial Number (hex): 73c0e23e51207b557e5458317f30629e + Revoked at: Mon Apr 14 14:09:59 UTC 2014 + Serial Number (hex): 5f1c306db02675b21674c538da6dda33 + Revoked at: Mon Apr 14 14:13:10 UTC 2014 + Serial Number (hex): 00e0c66f0721b1a2682b0fcd5a68e27fdb + Revoked at: Mon Apr 14 14:13:27 UTC 2014 + Serial Number (hex): 5353997239ad60062fe561e76388dc1d + Revoked at: Mon Apr 14 14:21:51 UTC 2014 + Serial Number (hex): 15f0dc3dae5463dc0d8b3b4583d9242d + Revoked at: Mon Apr 14 14:34:29 UTC 2014 + Serial Number (hex): 01183ea383d8b8ffcf3c16594f4043d0 + Revoked at: Mon Apr 14 14:35:21 UTC 2014 + Serial Number (hex): 07a514212251402655f8c39970d30e16 + Revoked at: Mon Apr 14 15:09:23 UTC 2014 + Serial Number (hex): 008e340706fcfe37978ce7852ad65bed7d + Revoked at: Mon Apr 14 15:22:42 UTC 2014 + Serial Number (hex): 7852a7143c15d5aac7008a0385b96c30 + Revoked at: Mon Apr 14 15:34:28 UTC 2014 + Serial Number (hex): 00f127a72fa9bcee2a6e7e3d0621bf6cbd + Revoked at: Mon Apr 14 15:35:29 UTC 2014 + Serial Number (hex): 731766241cbab79db235e42a8822a795 + Revoked at: Mon Apr 14 15:35:34 UTC 2014 + Serial Number (hex): 00acdb617f251568d10885a3b5afe35eed + Revoked at: Mon Apr 14 15:35:46 UTC 2014 + Serial Number (hex): 00eed587606651df93636c4a383e7751ee + Revoked at: Mon Apr 14 15:36:09 UTC 2014 + Serial Number (hex): 0084fa16b131a23bea39cf9833677e52a0 + Revoked at: Mon Apr 14 16:11:48 UTC 2014 + Serial Number (hex): 00bfc37890a6b72dbd2904e18206d15506 + Revoked at: Mon Apr 14 16:12:12 UTC 2014 + Serial Number (hex): 009f9291fcd54e32557beedd4fcecbe9a0 + Revoked at: Mon Apr 14 16:20:30 UTC 2014 + Serial Number (hex): 008a40dcb06f4c1024e4f7939b7ef7d206 + Revoked at: Mon Apr 14 16:21:06 UTC 2014 + Serial Number (hex): 7e109cb1224c7f72b6169551c9290e51 + Revoked at: Mon Apr 14 16:22:08 UTC 2014 + Serial Number (hex): 2a241541a218b814f49947d9b75a52fb + Revoked at: Mon Apr 14 16:23:04 UTC 2014 + Serial Number (hex): 1c7eeb8136fda2a4d70e237305b4a89f + Revoked at: Mon Apr 14 16:23:09 UTC 2014 + Serial Number (hex): 6604ae768dea864520c995001e949102 + Revoked at: Mon Apr 14 16:25:19 UTC 2014 + Serial Number (hex): 00adba47df99e230a8ecfc404ae5b125ae + Revoked at: Mon Apr 14 16:25:42 UTC 2014 + Serial Number (hex): 2893bf877a0abf994a86d804de665091 + Revoked at: Mon Apr 14 16:31:38 UTC 2014 + Serial Number (hex): 00b3a41b1a4dfebd24f7f73c65278bbd78 + Revoked at: Mon Apr 14 16:36:21 UTC 2014 + Serial Number (hex): 4c9a549412d518c645a8ec1c1eda5ca9 + Revoked at: Mon Apr 14 17:02:57 UTC 2014 + Serial Number (hex): 00f931c985d193ac7c0b871a07efc5e240 + Revoked at: Mon Apr 14 17:06:59 UTC 2014 + Serial Number (hex): 6354d18c582624ccd20ed0cda72934e1 + Revoked at: Mon Apr 14 17:30:55 UTC 2014 + Serial Number (hex): 00e2dc98cbff3296a8c358c81b562e59d1 + Revoked at: Mon Apr 14 18:20:39 UTC 2014 + Serial Number (hex): 008fb7d8aab1626aacd5813e204be74fb8 + Revoked at: Mon Apr 14 18:21:56 UTC 2014 + Serial Number (hex): 66a21f2e177fef5e82515a7883fa9f0e + Revoked at: Mon Apr 14 18:22:59 UTC 2014 + Serial Number (hex): 00db91d3abdf39ffd2b0c70da64158948c + Revoked at: Mon Apr 14 18:51:30 UTC 2014 + Serial Number (hex): 0390781fb6576ffaab85f11ec1ef0bfc + Revoked at: Mon Apr 14 18:52:04 UTC 2014 + Serial Number (hex): 15503680324c4f51be037f44b602b2fc + Revoked at: Mon Apr 14 18:54:46 UTC 2014 + Serial Number (hex): 646680c342d5a1b5a7e59fded8b18b6c + Revoked at: Mon Apr 14 19:14:03 UTC 2014 + Serial Number (hex): 59ac7e732071c4d4f24baa0576ea9664 + Revoked at: Mon Apr 14 19:20:52 UTC 2014 + Serial Number (hex): 4e60f69a62f593ba6b6769d7df8bf936 + Revoked at: Mon Apr 14 19:51:52 UTC 2014 + Serial Number (hex): 00dedb61eba8fe93f7d0a1351e7a615ec4 + Revoked at: Mon Apr 14 19:51:58 UTC 2014 + Serial Number (hex): 49a45105ed2c20bffb8b509ca64a0db7 + Revoked at: Mon Apr 14 19:58:23 UTC 2014 + Serial Number (hex): 17e5059fbdbd35e08fa2f6a52dbe1bc2 + Revoked at: Mon Apr 14 20:51:45 UTC 2014 + Serial Number (hex): 51faaf355db0c7d9321420b085d244a1 + Revoked at: Mon Apr 14 20:53:08 UTC 2014 + Serial Number (hex): 00fefae6aad426cb8db2f4ee72abfeaf8c + Revoked at: Mon Apr 14 20:55:26 UTC 2014 + Serial Number (hex): 00ae3676dc6e1012de9deed4f6f3f8fd52 + Revoked at: Mon Apr 14 20:56:07 UTC 2014 + Serial Number (hex): 00bd03cdb9160fe5e47a721731ba3d220f + Revoked at: Mon Apr 14 20:59:35 UTC 2014 + Serial Number (hex): 00802155450243c4d573661c7863ee2860 + Revoked at: Mon Apr 14 21:03:39 UTC 2014 + Serial Number (hex): 00e6fc063ab348ab85e801203eb9a72a01 + Revoked at: Mon Apr 14 21:09:10 UTC 2014 + Serial Number (hex): 46067e2708a8bbdc394ab29548441980 + Revoked at: Mon Apr 14 21:15:32 UTC 2014 + Serial Number (hex): 637548e3aebb64b09d265e31cfbfc313 + Revoked at: Mon Apr 14 21:27:48 UTC 2014 + Serial Number (hex): 6fdb9b94ddea7589203311f3314522bf + Revoked at: Mon Apr 14 22:00:40 UTC 2014 + Serial Number (hex): 2fa6cff2c7f089be220a00a55e7cf3f7 + Revoked at: Mon Apr 14 22:30:53 UTC 2014 + Serial Number (hex): 00eee36b23b8ead9aeca0618cd380123e1 + Revoked at: Mon Apr 14 22:37:33 UTC 2014 + Serial Number (hex): 00e576c4ef17b8d9dca51a782eb353a4dc + Revoked at: Mon Apr 14 23:31:48 UTC 2014 + Serial Number (hex): 228d728a535e8b3ca0f9677c7fd51cbe + Revoked at: Tue Apr 15 04:35:17 UTC 2014 + Serial Number (hex): 02f1f92750e3e291a738f0d71721f689 + Revoked at: Tue Apr 15 06:22:42 UTC 2014 + Serial Number (hex): 009705116487c37e1e8f355276460d6445 + Revoked at: Tue Apr 15 06:59:40 UTC 2014 + Serial Number (hex): 008756b97f9840ae4560a07cb31a5c5d28 + Revoked at: Tue Apr 15 07:22:51 UTC 2014 + Serial Number (hex): 00938109271e5cdce49424efd64937f666 + Revoked at: Tue Apr 15 07:23:16 UTC 2014 + Serial Number (hex): 465684727faa4c8ccf8f5f2cc6d25ee0 + Revoked at: Tue Apr 15 07:23:37 UTC 2014 + Serial Number (hex): 00b6c33185c98caaa1fc9a28269696c4a0 + Revoked at: Tue Apr 15 07:45:57 UTC 2014 + Serial Number (hex): 00f5e80e31b3901770ffbad8ecb6c0e250 + Revoked at: Tue Apr 15 08:36:15 UTC 2014 + Serial Number (hex): 0088317274d384d5214a5c82658c20bf00 + Revoked at: Tue Apr 15 09:01:01 UTC 2014 + Serial Number (hex): 00e244b76fcb0ad8fde177b7c08c497dbb + Revoked at: Tue Apr 15 09:15:10 UTC 2014 + Serial Number (hex): 00af744033fba66fdc757dd608440b186f + Revoked at: Tue Apr 15 12:01:43 UTC 2014 + Serial Number (hex): 63d3de299f7a3edc17fe1e4c3ee45d02 + Revoked at: Tue Apr 15 12:12:36 UTC 2014 + Serial Number (hex): 009301832ff42bf1e58404949c550a561e + Revoked at: Tue Apr 15 12:27:49 UTC 2014 + Serial Number (hex): 3494404e5a9650ab56a7f9d7d5f5286a + Revoked at: Tue Apr 15 12:29:55 UTC 2014 + Serial Number (hex): 00a69fa6dafc40fca3bfc7062e77de8b52 + Revoked at: Tue Apr 15 12:36:49 UTC 2014 + Serial Number (hex): 3b6b2baf3ac0cd2981519217e2fb68b4 + Revoked at: Tue Apr 15 12:47:12 UTC 2014 + Serial Number (hex): 00e8467007a0379e995973dc68db99410d + Revoked at: Tue Apr 15 12:54:39 UTC 2014 + Serial Number (hex): 4974d9aa8b09617f81e52863a9632af1 + Revoked at: Tue Apr 15 13:23:29 UTC 2014 + Serial Number (hex): 3df5c35ee5f67b870d609836f20e2cb8 + Revoked at: Tue Apr 15 13:53:58 UTC 2014 + Serial Number (hex): 66c0241e62825c274ec50f0ab0b052ad + Revoked at: Tue Apr 15 14:11:27 UTC 2014 + Serial Number (hex): 00e6ee545a6bca670da9a0d3e8012b1851 + Revoked at: Tue Apr 15 14:16:55 UTC 2014 + Serial Number (hex): 3dc95c94e169a84b1a23d9193f0bff03 + Revoked at: Tue Apr 15 14:17:04 UTC 2014 + Serial Number (hex): 00bbc3ad00a53b3cb32c1fc928be23414b + Revoked at: Tue Apr 15 14:47:19 UTC 2014 + Serial Number (hex): 009ac20b55863ed371fafc252ca42504f2 + Revoked at: Tue Apr 15 14:52:14 UTC 2014 + Serial Number (hex): 00b6f3618a6ca18a1d16182d74f3b60766 + Revoked at: Tue Apr 15 15:03:43 UTC 2014 + Serial Number (hex): 00ecd1fd77b74812e51fd7e7a706f207dc + Revoked at: Tue Apr 15 15:05:50 UTC 2014 + Serial Number (hex): 32ad4a3ffce55fe9f6a7078bd4d3e2ae + Revoked at: Tue Apr 15 15:07:56 UTC 2014 + Serial Number (hex): 66f10316b639b28efa1209979c475495 + Revoked at: Tue Apr 15 15:08:42 UTC 2014 + Serial Number (hex): 009ac9ea6ef2cda76a007de4ca679ed993 + Revoked at: Tue Apr 15 15:10:13 UTC 2014 + Serial Number (hex): 00c8f9240a579fab2f410d5e602e9a49e9 + Revoked at: Tue Apr 15 15:12:13 UTC 2014 + Serial Number (hex): 00cb7be62733cf0bb772d9c376581f8da7 + Revoked at: Tue Apr 15 15:23:24 UTC 2014 + Serial Number (hex): 1a881b11dc5c51b102d6a6a8fe899bea + Revoked at: Tue Apr 15 15:23:37 UTC 2014 + Serial Number (hex): 00f6c7a429fbf292d5d0f1e55df92af3fb + Revoked at: Tue Apr 15 15:36:14 UTC 2014 + Serial Number (hex): 00a4d612cae08b5501a1c241ceaf0a7a1d + Revoked at: Tue Apr 15 15:45:04 UTC 2014 + Serial Number (hex): 4cb22eb07bc9106cc840b95d3065733d + Revoked at: Tue Apr 15 15:49:08 UTC 2014 + Serial Number (hex): 00ad00c111bd52f03e5b586a6dc54eae62 + Revoked at: Tue Apr 15 15:50:51 UTC 2014 + Serial Number (hex): 1a92727b089e4a8c12e2d0ee8f3e538a + Revoked at: Tue Apr 15 15:51:02 UTC 2014 + Serial Number (hex): 00f24591b0b6e06d609d8ce0654cc10971 + Revoked at: Tue Apr 15 15:52:07 UTC 2014 + Serial Number (hex): 0094477e31eca88244702a051457e70925 + Revoked at: Tue Apr 15 15:52:40 UTC 2014 + Serial Number (hex): 00a56e01b283c83d2ae12da513764d4add + Revoked at: Tue Apr 15 15:52:57 UTC 2014 + Serial Number (hex): 36d98bdae320f1509066590f361617a1 + Revoked at: Tue Apr 15 16:11:26 UTC 2014 + Serial Number (hex): 0a56eb2537d1275a14c44d6f7b1cf1da + Revoked at: Tue Apr 15 16:21:44 UTC 2014 + Serial Number (hex): 00f1c1006980e3f822bff44a3624612fad + Revoked at: Tue Apr 15 17:00:18 UTC 2014 + Serial Number (hex): 00ae37242ce4591cfc10eb01db8558e869 + Revoked at: Tue Apr 15 17:13:02 UTC 2014 + Serial Number (hex): 4a88b698aa5cfdef1f889c208a0f618e + Revoked at: Tue Apr 15 17:14:37 UTC 2014 + Serial Number (hex): 4340347b57ef00dd156528002ec8f9c6 + Revoked at: Tue Apr 15 17:29:58 UTC 2014 + Serial Number (hex): 7839e00c54dfc6252fd03a3cb23c1861 + Revoked at: Tue Apr 15 17:30:06 UTC 2014 + Serial Number (hex): 35489139cc21a6869d135df09e4064ad + Revoked at: Tue Apr 15 17:47:22 UTC 2014 + Serial Number (hex): 00ad2ee126802e538e8bafe1bbcafcc172 + Revoked at: Tue Apr 15 17:47:52 UTC 2014 + Serial Number (hex): 0c9b4b2c574f0a3b3e373eb5dc7defc4 + Revoked at: Tue Apr 15 17:48:00 UTC 2014 + Serial Number (hex): 73c3002aea31be6076c28ca81af7e314 + Revoked at: Tue Apr 15 17:48:28 UTC 2014 + Serial Number (hex): 306f7d0d0385cb6bbe6a2f6134a6e20c + Revoked at: Tue Apr 15 17:48:52 UTC 2014 + Serial Number (hex): 0089531ca2dc21c3a3b57f007ab5000062 + Revoked at: Tue Apr 15 18:08:40 UTC 2014 + Serial Number (hex): 44db243a8103c60b520a1574beafcd24 + Revoked at: Tue Apr 15 18:12:17 UTC 2014 + Serial Number (hex): 00f9d742545bb29fa8d0ce41d04495ca1a + Revoked at: Tue Apr 15 18:26:08 UTC 2014 + Serial Number (hex): 68e100efaa7588d111159f727027234b + Revoked at: Tue Apr 15 18:29:02 UTC 2014 + Serial Number (hex): 00d51fff86c5242c94d1aaf0ea318e24f6 + Revoked at: Tue Apr 15 18:31:42 UTC 2014 + Serial Number (hex): 00ee20f546ea9ca487a25920a94d343b69 + Revoked at: Tue Apr 15 18:39:24 UTC 2014 + Serial Number (hex): 4f48e834e4314e98cb38618efd815381 + Revoked at: Tue Apr 15 19:17:32 UTC 2014 + Serial Number (hex): 74281fa70dd2bdb08a9225e8a7137607 + Revoked at: Tue Apr 15 19:19:41 UTC 2014 + Serial Number (hex): 00872493a1f3d9a5669113375f698b28c0 + Revoked at: Tue Apr 15 19:26:20 UTC 2014 + Serial Number (hex): 00eddf7dc93c714bd900f773b603005e91 + Revoked at: Tue Apr 15 19:31:14 UTC 2014 + Serial Number (hex): 0081a3de4eddc68b43d887c90b5e3264ea + Revoked at: Tue Apr 15 19:47:06 UTC 2014 + Serial Number (hex): 00d2f957ebdce4c53f7d324a0d9f3915dc + Revoked at: Tue Apr 15 19:57:55 UTC 2014 + Serial Number (hex): 00a565cfe5a5a42225bb99079e809b6f71 + Revoked at: Tue Apr 15 20:18:56 UTC 2014 + Serial Number (hex): 0096e2b3b63e7ff9efc06037d1f351f628 + Revoked at: Tue Apr 15 20:21:38 UTC 2014 + Serial Number (hex): 57103dd9a48f05ab0366aaa63d4bbb23 + Revoked at: Tue Apr 15 20:31:57 UTC 2014 + Serial Number (hex): 254746576c23c22fdd3c188de5ab39e4 + Revoked at: Tue Apr 15 20:45:21 UTC 2014 + Serial Number (hex): 00cccb9c34d9990633c4657144c0441228 + Revoked at: Tue Apr 15 20:46:24 UTC 2014 + Serial Number (hex): 0ffced929f5c6e56a80c42424cbbc8e9 + Revoked at: Tue Apr 15 21:36:00 UTC 2014 + Serial Number (hex): 46b034818f95a0c2b41f9d16e1f13ba4 + Revoked at: Tue Apr 15 22:01:46 UTC 2014 + Serial Number (hex): 00bd5ffc52118bc286a0331920ab59ca1c + Revoked at: Tue Apr 15 23:01:58 UTC 2014 + Serial Number (hex): 04a2ab600579a0a4f25248282d87f355 + Revoked at: Tue Apr 15 23:15:31 UTC 2014 + Serial Number (hex): 00e2634852b8ab09b9fd33df4ce32c1483 + Revoked at: Wed Apr 16 06:35:18 UTC 2014 + Serial Number (hex): 008867718003893a97b94ae0fc906f485a + Revoked at: Wed Apr 16 07:33:03 UTC 2014 + Serial Number (hex): 3e593ba309bdaa012b14d701194f17e5 + Revoked at: Wed Apr 16 07:33:08 UTC 2014 + Serial Number (hex): 076c23a6de05039591d70554f87ae6df + Revoked at: Wed Apr 16 07:34:17 UTC 2014 + Serial Number (hex): 5e2035fc9596436e671d2cfd6effdbde + Revoked at: Wed Apr 16 07:34:54 UTC 2014 + Serial Number (hex): 15596d1eb4cd80a6d48a8610f4ee2561 + Revoked at: Wed Apr 16 07:43:11 UTC 2014 + Serial Number (hex): 00ec46acb0b8833a173d1d7bbbe4955961 + Revoked at: Wed Apr 16 07:49:02 UTC 2014 + Serial Number (hex): 57f27f63b1aeae0290a7b4fdd5903205 + Revoked at: Wed Apr 16 08:43:56 UTC 2014 + Serial Number (hex): 00f2a315e9697b3369f2eacbae5ffe08b8 + Revoked at: Wed Apr 16 10:14:42 UTC 2014 + Serial Number (hex): 00c0fccaa94761f663452309a72a90ab41 + Revoked at: Wed Apr 16 10:15:02 UTC 2014 + Serial Number (hex): 426db1a18e3b8af36aa3f55bad8a47ac + Revoked at: Wed Apr 16 10:20:15 UTC 2014 + Serial Number (hex): 00e46e370961b6fce408d8eb388137b2ba + Revoked at: Wed Apr 16 10:55:50 UTC 2014 + Serial Number (hex): 00f795c7254306d70a0e3f5a0218dcb322 + Revoked at: Wed Apr 16 11:04:56 UTC 2014 + Serial Number (hex): 7ebdfe226948d013b2769e49ad8713ce + Revoked at: Wed Apr 16 11:05:29 UTC 2014 + Serial Number (hex): 4eb41a1b0875bcf69d39cf4b4dfcfd69 + Revoked at: Wed Apr 16 11:05:45 UTC 2014 + Serial Number (hex): 0084c972dd6d6c7625282eca5a7b263752 + Revoked at: Wed Apr 16 11:23:08 UTC 2014 + Serial Number (hex): 7f34c741efafd97beb1e8e4c5da041e5 + Revoked at: Wed Apr 16 11:23:51 UTC 2014 + Serial Number (hex): 00becbd74e1eefce88906a61a5f95f5320 + Revoked at: Wed Apr 16 11:24:20 UTC 2014 + Serial Number (hex): 4a8bb7ae7cd1fe209c3eccfc857fa1bb + Revoked at: Wed Apr 16 11:24:57 UTC 2014 + Serial Number (hex): 11c20d400e50cad16ac4cfcf53b10097 + Revoked at: Wed Apr 16 11:25:32 UTC 2014 + Serial Number (hex): 63307f9301845ff447f802e7a30244b5 + Revoked at: Wed Apr 16 11:26:14 UTC 2014 + Serial Number (hex): 00924c342e753336b497613bc076296470 + Revoked at: Wed Apr 16 11:27:01 UTC 2014 + Serial Number (hex): 00fef5f7fb454c89a7fc65d34a6db54785 + Revoked at: Wed Apr 16 11:27:46 UTC 2014 + Serial Number (hex): 0088a5fcb2e9b93e8fa59af46e54a4fd73 + Revoked at: Wed Apr 16 11:28:16 UTC 2014 + Serial Number (hex): 00db46aa3e0530ec77a528cbf56fbf485b + Revoked at: Wed Apr 16 11:28:47 UTC 2014 + Serial Number (hex): 5f48fcde44060259ea6bda74a27a6f9b + Revoked at: Wed Apr 16 11:29:19 UTC 2014 + Serial Number (hex): 00e9ada1fa548f1d06b10b71f6dcf4911c + Revoked at: Wed Apr 16 11:30:25 UTC 2014 + Serial Number (hex): 00cd79225799f2c5febfce39a8c88e9b16 + Revoked at: Wed Apr 16 11:30:53 UTC 2014 + Serial Number (hex): 57ad2611d232bea99e527eb83e9a3c6d + Revoked at: Wed Apr 16 11:31:23 UTC 2014 + Serial Number (hex): 008131e3283624d24b120a3ca31244f833 + Revoked at: Wed Apr 16 11:35:34 UTC 2014 + Serial Number (hex): 00d3109f1cb09f7c9acd62cae74d89a9ee + Revoked at: Wed Apr 16 12:51:56 UTC 2014 + Serial Number (hex): 6471410455439d751c25e628299de2a5 + Revoked at: Wed Apr 16 12:52:37 UTC 2014 + Serial Number (hex): 299fac7f80a72dc9676efb52528bef23 + Revoked at: Wed Apr 16 12:56:20 UTC 2014 + Serial Number (hex): 00c75925fef316426c677667ef1e718ed1 + Revoked at: Wed Apr 16 13:03:16 UTC 2014 + Serial Number (hex): 1eda2d28564fca9d48ecffc93cea7b55 + Revoked at: Wed Apr 16 13:04:06 UTC 2014 + Serial Number (hex): 1115724ce5f0972700ff4336a754d36f + Revoked at: Wed Apr 16 13:07:10 UTC 2014 + Serial Number (hex): 56274814e712a7528ecf2511f262ea2f + Revoked at: Wed Apr 16 13:07:27 UTC 2014 + Serial Number (hex): 13f760ad744608ae3fd6cdd612ea7136 + Revoked at: Wed Apr 16 13:07:57 UTC 2014 + Serial Number (hex): 00992bc1a7d30a98d5887da4cbca56fa33 + Revoked at: Wed Apr 16 13:40:34 UTC 2014 + Serial Number (hex): 6227a414695c86d623cd092591b30e82 + Revoked at: Wed Apr 16 13:50:07 UTC 2014 + Serial Number (hex): 00cced76c1cf1b0e1f41218a086f4d8ea7 + Revoked at: Wed Apr 16 13:54:47 UTC 2014 + Serial Number (hex): 5898fcba91b66772bfc7e56c6e85708a + Revoked at: Wed Apr 16 13:55:30 UTC 2014 + Serial Number (hex): 00a19e132ce418d7121da038b5765adbad + Revoked at: Wed Apr 16 14:29:20 UTC 2014 + Serial Number (hex): 2344c8994a01a25bc48625ec8839d9 + Revoked at: Wed Apr 16 14:46:47 UTC 2014 + Serial Number (hex): 5187b800df0a8b241c0b588af91c25bc + Revoked at: Wed Apr 16 14:47:12 UTC 2014 + Serial Number (hex): 4a2579d6afaa3eca2e894b5fe147aa2c + Revoked at: Wed Apr 16 15:17:12 UTC 2014 + Serial Number (hex): 704c0f955509dee58861c918c62db76b + Revoked at: Wed Apr 16 16:02:00 UTC 2014 + Serial Number (hex): 13ab97d7b43ff3c476ca4de9a59f95bc + Revoked at: Wed Apr 16 16:11:06 UTC 2014 + Serial Number (hex): 00ddb94e78e583968be5248393a4b05a4b + Revoked at: Wed Apr 16 16:11:36 UTC 2014 + Serial Number (hex): 5d0a19c171f903a718f9c01635c24ac8 + Revoked at: Wed Apr 16 16:11:39 UTC 2014 + Serial Number (hex): 00cfbd9decfc6e8d50342d3315894770f3 + Revoked at: Wed Apr 16 16:24:35 UTC 2014 + Serial Number (hex): 6244332c8a07242610610f9c7f1f9545 + Revoked at: Wed Apr 16 16:41:57 UTC 2014 + Serial Number (hex): 4eb1c058577fb623c0f2f276c75e9843 + Revoked at: Wed Apr 16 16:54:46 UTC 2014 + Serial Number (hex): 00b05bac8c8f30cd9696848d11b6518a45 + Revoked at: Wed Apr 16 16:56:17 UTC 2014 + Serial Number (hex): 7adf2a1cfe93f9ed2685e571f548f5f8 + Revoked at: Wed Apr 16 17:03:37 UTC 2014 + Serial Number (hex): 4b9c12e8e7c56d11db60ddf477e9027a + Revoked at: Wed Apr 16 17:05:13 UTC 2014 + Serial Number (hex): 39eb7cd7429e6c310440e3a0c42ff3c9 + Revoked at: Wed Apr 16 17:10:43 UTC 2014 + Serial Number (hex): 73a54c4999a135ad3bdc76cf52cdd0f0 + Revoked at: Wed Apr 16 17:13:03 UTC 2014 + Serial Number (hex): 5cb7f01b8125b9675ff27627b51c164e + Revoked at: Wed Apr 16 17:13:03 UTC 2014 + Serial Number (hex): 7c1bbff367c154cd27cd4c51a9b63133 + Revoked at: Wed Apr 16 17:30:48 UTC 2014 + Serial Number (hex): 00b5a6a074e26b34742588355077a3587e + Revoked at: Wed Apr 16 17:46:08 UTC 2014 + Serial Number (hex): 148b2daee81ad4abc3d3da5a02da706c + Revoked at: Wed Apr 16 17:46:11 UTC 2014 + Serial Number (hex): 54a96b34112094896f0191f047a1746e + Revoked at: Wed Apr 16 18:12:35 UTC 2014 + Serial Number (hex): 008e481def4d3c91c751efcd8a5b9e1815 + Revoked at: Wed Apr 16 18:16:28 UTC 2014 + Serial Number (hex): 6ef05774df1da74058a9891599f3bad6 + Revoked at: Wed Apr 16 18:25:34 UTC 2014 + Serial Number (hex): 00b181e7dfc08968318364d9e6d9d63104 + Revoked at: Wed Apr 16 18:28:23 UTC 2014 + Serial Number (hex): 00e1b3b5822978d64c0dde4bf9f3fba50d + Revoked at: Wed Apr 16 18:28:40 UTC 2014 + Serial Number (hex): 71e7270b435d5cc1c642c5900858d346 + Revoked at: Wed Apr 16 18:28:58 UTC 2014 + Serial Number (hex): 00eb2ddd9443fc127ec464df809bae1ac7 + Revoked at: Wed Apr 16 18:29:17 UTC 2014 + Serial Number (hex): 00cfedefe4561a7bd6a206b04a6af32246 + Revoked at: Wed Apr 16 18:29:36 UTC 2014 + Serial Number (hex): 6f8504e653f29603f51446d3f906347b + Revoked at: Wed Apr 16 18:29:56 UTC 2014 + Serial Number (hex): 21b35d22e0122a99790d41320f54561d + Revoked at: Wed Apr 16 18:31:18 UTC 2014 + Serial Number (hex): 2d4d117b5e79f1d5bb5dff4a357e78d0 + Revoked at: Wed Apr 16 18:31:37 UTC 2014 + Serial Number (hex): 00e0be5f14e8952138c59b00c83ef3d57d + Revoked at: Wed Apr 16 18:38:15 UTC 2014 + Serial Number (hex): 6974be9ebc4a162d424a81f215268943 + Revoked at: Wed Apr 16 18:38:38 UTC 2014 + Serial Number (hex): 00b13521020b9960791139818596031e1d + Revoked at: Wed Apr 16 18:38:56 UTC 2014 + Serial Number (hex): 391ddf158c60fb071dc4014c400ba35f + Revoked at: Wed Apr 16 18:42:27 UTC 2014 + Serial Number (hex): 3902e5775b33e6f940ca34a50499186e + Revoked at: Wed Apr 16 18:42:35 UTC 2014 + Serial Number (hex): 411ec6826e9580a315affd8e4b75ed2a + Revoked at: Wed Apr 16 18:42:45 UTC 2014 + Serial Number (hex): 092dff189518b945478c1589e904509c + Revoked at: Wed Apr 16 18:45:21 UTC 2014 + Serial Number (hex): 13cdf2179de09ed59ffb26e595cb84e7 + Revoked at: Wed Apr 16 18:48:23 UTC 2014 + Serial Number (hex): 00a1b09905d2cf6304ae8b1721a0a946b9 + Revoked at: Wed Apr 16 18:52:23 UTC 2014 + Serial Number (hex): 00cea946f3a4f3436be2efa83829563e4c + Revoked at: Wed Apr 16 18:53:43 UTC 2014 + Serial Number (hex): 0089ec1db1834bb9acff6973093dd1bd42 + Revoked at: Wed Apr 16 18:53:55 UTC 2014 + Serial Number (hex): 77b524028dfd1b60beb813375a8c41ee + Revoked at: Wed Apr 16 18:54:04 UTC 2014 + Serial Number (hex): 7f97c46ec19910a3b7db12a41ed18261 + Revoked at: Wed Apr 16 19:06:02 UTC 2014 + Serial Number (hex): 008804101aeacff5ce8e8506cda226950f + Revoked at: Wed Apr 16 19:23:40 UTC 2014 + Serial Number (hex): 0abaace2ca23678e95e6b82b82a2c1c7 + Revoked at: Wed Apr 16 19:23:47 UTC 2014 + Serial Number (hex): 00e348c0352814d4ce1869b77252f8697d + Revoked at: Wed Apr 16 19:25:20 UTC 2014 + Serial Number (hex): 655c44e8b1eb13557ba53bee04c567ba + Revoked at: Wed Apr 16 19:25:35 UTC 2014 + Serial Number (hex): 0d36111745dd2f628669322a6b619c73 + Revoked at: Wed Apr 16 19:46:43 UTC 2014 + Serial Number (hex): 59cf2fb1140349290b5c6b3374eae2aa + Revoked at: Wed Apr 16 19:47:05 UTC 2014 + Serial Number (hex): 7d91785bcf58068c535511fb1bb06f8a + Revoked at: Wed Apr 16 19:47:17 UTC 2014 + Serial Number (hex): 00b3321a79e77f4e6d9eb4e746bcdbc1b2 + Revoked at: Wed Apr 16 19:57:57 UTC 2014 + Serial Number (hex): 050511a209b9f04c6488a9e12c383173 + Revoked at: Wed Apr 16 20:00:25 UTC 2014 + Serial Number (hex): 3091a36293de6ab20d99a1fc60ea09b7 + Revoked at: Wed Apr 16 20:18:11 UTC 2014 + Serial Number (hex): 00d6b7de402bb52a770294417cb0592bf4 + Revoked at: Wed Apr 16 20:33:08 UTC 2014 + Serial Number (hex): 022e662f8f0fe50c71869ee394bfa2fe + Revoked at: Wed Apr 16 20:33:55 UTC 2014 + Serial Number (hex): 65917ae677ef0af30517695a702b1143 + Revoked at: Wed Apr 16 20:34:06 UTC 2014 + Serial Number (hex): 2679a5fe47fe078647f786a53f8222c2 + Revoked at: Wed Apr 16 20:34:07 UTC 2014 + Serial Number (hex): 008ad5ab3e43f38c184466a6d010ac7bc7 + Revoked at: Wed Apr 16 20:36:41 UTC 2014 + Serial Number (hex): 00b1eeef54f635d53194ee861c050f26d9 + Revoked at: Wed Apr 16 20:42:51 UTC 2014 + Serial Number (hex): 008c613a47ec575be86605e4049c312daa + Revoked at: Wed Apr 16 20:43:32 UTC 2014 + Serial Number (hex): 008f8d1dcc5efdb7af24d7971cba18ec24 + Revoked at: Wed Apr 16 20:43:43 UTC 2014 + Serial Number (hex): 00c83975029b4002acbf7a4c09121222ee + Revoked at: Wed Apr 16 20:43:58 UTC 2014 + Serial Number (hex): 600f3828257ca7f6f422521b6f1872e3 + Revoked at: Wed Apr 16 20:51:35 UTC 2014 + Serial Number (hex): 00c55e31064d87c37f625353599b19c91d + Revoked at: Wed Apr 16 20:51:57 UTC 2014 + Serial Number (hex): 7374bde5881d8d313b0175184d7e3984 + Revoked at: Wed Apr 16 20:52:18 UTC 2014 + Serial Number (hex): 00912909756b9fcba0b8da51ec601b3be1 + Revoked at: Wed Apr 16 21:04:14 UTC 2014 + Serial Number (hex): 6e6663bd767a3ee385a5c466a7cb722f + Revoked at: Wed Apr 16 21:04:53 UTC 2014 + Serial Number (hex): 00e2010685af72a1b2eb878db54a51aa9d + Revoked at: Wed Apr 16 21:14:24 UTC 2014 + Serial Number (hex): 647c2bd009f437497760543ee4a09717 + Revoked at: Wed Apr 16 21:18:34 UTC 2014 + Serial Number (hex): 11442da80930d53e532a955e2a0a26db + Revoked at: Wed Apr 16 21:18:52 UTC 2014 + Serial Number (hex): 00c40cbd5c945734f9cc918c10bd5f5467 + Revoked at: Wed Apr 16 21:35:42 UTC 2014 + Serial Number (hex): 008e135331f081a5f3157bc857e3f6caaf + Revoked at: Thu Apr 17 00:48:24 UTC 2014 + Serial Number (hex): 00fc7cacbf6e6b8a8358230aa7df780a7f + Revoked at: Thu Apr 17 01:12:05 UTC 2014 + Serial Number (hex): 00d3762bb398869d4cae315cd50d09c2a5 + Revoked at: Thu Apr 17 05:30:31 UTC 2014 + Serial Number (hex): 771e8cb0d34192a845b8acf4f53b87c1 + Revoked at: Thu Apr 17 05:58:30 UTC 2014 + Serial Number (hex): 72624dd43950f26dd9d4ada33dd0f867 + Revoked at: Thu Apr 17 05:59:06 UTC 2014 + Serial Number (hex): 00b025636630da6a452973b83b3f082ca7 + Revoked at: Thu Apr 17 06:50:42 UTC 2014 + Serial Number (hex): 0088cb8d122f39a6c5893d106cf0854d7d + Revoked at: Thu Apr 17 07:18:35 UTC 2014 + Serial Number (hex): 53ddfee057122cded986c05b6168d192 + Revoked at: Thu Apr 17 07:20:10 UTC 2014 + Serial Number (hex): 0092f9bbac67e87112a86ed48ef5196aa2 + Revoked at: Thu Apr 17 07:52:52 UTC 2014 + Serial Number (hex): 00c2de46a3481a278a0f5983fe0793b3b6 + Revoked at: Thu Apr 17 07:53:15 UTC 2014 + Serial Number (hex): 06d8348774781cab843a4b212bb24ee8 + Revoked at: Thu Apr 17 08:24:30 UTC 2014 + Serial Number (hex): 2c42d000f4a7d4184656dc94fe2e75b9 + Revoked at: Thu Apr 17 08:56:24 UTC 2014 + Serial Number (hex): 3bf2cc464341d319cf63c26ee5f39602 + Revoked at: Thu Apr 17 09:16:02 UTC 2014 + Serial Number (hex): 00d4c4cf28eac7e6cf9ad3be6c41d059b7 + Revoked at: Thu Apr 17 09:38:24 UTC 2014 + Serial Number (hex): 00d83c071dfa9b92ae720b485d736de195 + Revoked at: Thu Apr 17 11:46:57 UTC 2014 + Serial Number (hex): 7baf83533ed5e1137d32659a4bd07a15 + Revoked at: Thu Apr 17 11:50:52 UTC 2014 + Serial Number (hex): 259bbfb8682b7fc9a275faf7fdde8ed9 + Revoked at: Thu Apr 17 12:17:05 UTC 2014 + Serial Number (hex): 0dcf80d2b3c29329ce378c1cb3f0a60b + Revoked at: Thu Apr 17 12:17:19 UTC 2014 + Serial Number (hex): 5d8e9de18eb93ccc39b436b490fb7b67 + Revoked at: Thu Apr 17 12:17:55 UTC 2014 + Serial Number (hex): 00fc5e0a2f4f6d76b9a436d2212c995e33 + Revoked at: Thu Apr 17 12:18:04 UTC 2014 + Serial Number (hex): 00fa66218f280377f159a137160c865377 + Revoked at: Thu Apr 17 12:19:35 UTC 2014 + Serial Number (hex): 76d3e0c892fe5d40e7f4b6d058f61701 + Revoked at: Thu Apr 17 12:19:40 UTC 2014 + Serial Number (hex): 00e52a54e36113f73130f10c1c9a869747 + Revoked at: Thu Apr 17 12:22:04 UTC 2014 + Serial Number (hex): 00d4d547a64ad75a79a82b5048711303b1 + Revoked at: Thu Apr 17 12:25:35 UTC 2014 + Serial Number (hex): 00a5d54086e288946e7afb2d095b719c9b + Revoked at: Thu Apr 17 12:59:54 UTC 2014 + Serial Number (hex): 00b5baa4484aa58a1ba10b7c25c1bc1b8b + Revoked at: Thu Apr 17 13:21:57 UTC 2014 + Serial Number (hex): 3b3d811ece206a56978f9f9b39220da9 + Revoked at: Thu Apr 17 13:34:13 UTC 2014 + Serial Number (hex): 00dc01df311bf76bb5ff4d72d2233a92cf + Revoked at: Thu Apr 17 13:55:58 UTC 2014 + Serial Number (hex): 00f86a017f3730378283bc1a33f4ddb250 + Revoked at: Thu Apr 17 13:56:23 UTC 2014 + Serial Number (hex): 6d17d72c6e5a921c2bd9a4a3c1e987b6 + Revoked at: Thu Apr 17 13:58:14 UTC 2014 + Serial Number (hex): 536dc36b0218d95f29ea6eb6a31ef12f + Revoked at: Thu Apr 17 14:22:17 UTC 2014 + Serial Number (hex): 00f80834a2900f4a0434b7b4e77972c9f8 + Revoked at: Thu Apr 17 14:26:39 UTC 2014 + Serial Number (hex): 6f929b66d5528a5337924891f8ab60b9 + Revoked at: Thu Apr 17 14:35:31 UTC 2014 + Serial Number (hex): 3be0ba25a72c550fda557ddf55851aae + Revoked at: Thu Apr 17 14:36:01 UTC 2014 + Serial Number (hex): 00f4b13454e798620b8db8f1dcded8b301 + Revoked at: Thu Apr 17 14:36:32 UTC 2014 + Serial Number (hex): 7b602a80b2ca26098da864f4435271a6 + Revoked at: Thu Apr 17 14:36:57 UTC 2014 + Serial Number (hex): 1108bc2362e32dec3551ce531d6cfdc9 + Revoked at: Thu Apr 17 14:43:33 UTC 2014 + Serial Number (hex): 0f3a7317990fc31e9a5e49cb0a4446cb + Revoked at: Thu Apr 17 14:44:06 UTC 2014 + Serial Number (hex): 00fdb07f5479609821a0c0350888d4359a + Revoked at: Thu Apr 17 15:12:39 UTC 2014 + Serial Number (hex): 008d3c9c64705026d72d7a0633f4efb7e5 + Revoked at: Thu Apr 17 15:22:37 UTC 2014 + Serial Number (hex): 7adbc6e375f611995c554c35848b0f6c + Revoked at: Thu Apr 17 15:22:41 UTC 2014 + Serial Number (hex): 00e5c70e8ae67069e3b475755b19815c81 + Revoked at: Thu Apr 17 15:23:45 UTC 2014 + Serial Number (hex): 4998069279343620ccd03fcc919b0549 + Revoked at: Thu Apr 17 15:23:48 UTC 2014 + Serial Number (hex): 0fb7c074d59afba876c5448585750dd0 + Revoked at: Thu Apr 17 15:23:54 UTC 2014 + Serial Number (hex): 5319402c7422241b84ba4b81dbfa29ba + Revoked at: Thu Apr 17 15:36:58 UTC 2014 + Serial Number (hex): 00fa8695e145e7d5a8de18e19bb7e92e9c + Revoked at: Thu Apr 17 15:37:05 UTC 2014 + Serial Number (hex): 31d4e452694062a272fb3c59bbf01be6 + Revoked at: Thu Apr 17 15:39:10 UTC 2014 + Serial Number (hex): 00d5e2a14275d633cbbdc58a55c43c9867 + Revoked at: Thu Apr 17 15:43:39 UTC 2014 + Serial Number (hex): 009680c02fa6e1c545e3f40dd2f5d308a1 + Revoked at: Thu Apr 17 15:44:30 UTC 2014 + Serial Number (hex): 40129e0b1b2d5312291894d759944c1b + Revoked at: Thu Apr 17 15:44:42 UTC 2014 + Serial Number (hex): 00952455d93af40c6aaad34e464f73202a + Revoked at: Thu Apr 17 15:56:00 UTC 2014 + Serial Number (hex): 00e588cb01ce71c53a94802a685b0f0191 + Revoked at: Thu Apr 17 16:08:53 UTC 2014 + Serial Number (hex): 00cd5ebc9984a4c064260d7782bef3c6b2 + Revoked at: Thu Apr 17 16:43:41 UTC 2014 + Serial Number (hex): 506d91423d2de2f303f8e30b05d1a0f4 + Revoked at: Thu Apr 17 16:45:00 UTC 2014 + Serial Number (hex): 00fafb649d7846404592b476394f8b5970 + Revoked at: Thu Apr 17 16:46:35 UTC 2014 + Serial Number (hex): 00b7e67335fd4c5bd56dc0f5d8f65749cb + Revoked at: Thu Apr 17 16:47:58 UTC 2014 + Serial Number (hex): 3d4ae16495d9b70fec2f7d44d866e094 + Revoked at: Thu Apr 17 16:52:47 UTC 2014 + Serial Number (hex): 4b19a1efb6a8d9fd69b90fd19fb9195c + Revoked at: Thu Apr 17 16:52:50 UTC 2014 + Serial Number (hex): 352805c9c31d817e9c6095bd00272080 + Revoked at: Thu Apr 17 17:13:03 UTC 2014 + Serial Number (hex): 5bda227d6305922c104435635d16994b + Revoked at: Thu Apr 17 17:13:05 UTC 2014 + Serial Number (hex): 00d8d5065db4af48c61decd23cdc91d860 + Revoked at: Thu Apr 17 17:13:05 UTC 2014 + Serial Number (hex): 54911adce62b4101fb982428f9c36d39 + Revoked at: Thu Apr 17 17:13:06 UTC 2014 + Serial Number (hex): 00b3ea8d7191676bb2404d550525c3dc99 + Revoked at: Thu Apr 17 17:45:02 UTC 2014 + Serial Number (hex): 009ddbb04a259f6c5480ddb20901947e02 + Revoked at: Thu Apr 17 17:51:01 UTC 2014 + Serial Number (hex): 00f1e30a5ff71219645182ed9bb8ae0aa6 + Revoked at: Thu Apr 17 17:51:18 UTC 2014 + Serial Number (hex): 0e42c32eb360c525c584b28795296275 + Revoked at: Thu Apr 17 17:52:08 UTC 2014 + Serial Number (hex): 72d9601c930ad351113c7424da470662 + Revoked at: Thu Apr 17 17:52:30 UTC 2014 + Serial Number (hex): 00d2078466928d87c8a7890a6c2905ca21 + Revoked at: Thu Apr 17 17:52:49 UTC 2014 + Serial Number (hex): 00a94401e666ea5dd62f8e946548e9d03e + Revoked at: Thu Apr 17 17:53:24 UTC 2014 + Serial Number (hex): 009bc0a488a1d58a92352303e4082c28ef + Revoked at: Thu Apr 17 17:54:00 UTC 2014 + Serial Number (hex): 00987fd5ab12cf73c5ebc896e53d0d8123 + Revoked at: Thu Apr 17 17:55:12 UTC 2014 + Serial Number (hex): 5844776eda5d7e66cc2d47483eff27f3 + Revoked at: Thu Apr 17 17:56:03 UTC 2014 + Serial Number (hex): 2259fae986a16ec815c3ab16fbad79d8 + Revoked at: Thu Apr 17 17:56:28 UTC 2014 + Serial Number (hex): 0267b5b9cb28b1ffbcf19dc089f6a2c7 + Revoked at: Thu Apr 17 18:01:24 UTC 2014 + Serial Number (hex): 00e19d4512d93dd29384bc1e09cd4a2e71 + Revoked at: Thu Apr 17 18:01:45 UTC 2014 + Serial Number (hex): 00c1ebc6c4c3ee147d82e38cb7eb95c719 + Revoked at: Thu Apr 17 18:01:54 UTC 2014 + Serial Number (hex): 00a6ca0e146a0756b5c2757d3be832a82c + Revoked at: Thu Apr 17 18:02:21 UTC 2014 + Serial Number (hex): 5cccf7163950c7b683fbfe1649083c3a + Revoked at: Thu Apr 17 18:02:27 UTC 2014 + Serial Number (hex): 576ed6112bb652d31eb21ed7a606d4d6 + Revoked at: Thu Apr 17 18:02:37 UTC 2014 + Serial Number (hex): 00cd8b37c4d9f5e63a4314d6e4fac5a8e6 + Revoked at: Thu Apr 17 18:04:47 UTC 2014 + Serial Number (hex): 00f54536311811ac269efd6d0a28399b61 + Revoked at: Thu Apr 17 18:05:10 UTC 2014 + Serial Number (hex): 00f0d23a717e36d8414980e45b320da9da + Revoked at: Thu Apr 17 18:05:32 UTC 2014 + Serial Number (hex): 00df222bc8fc5bd32989540a499dca0b9b + Revoked at: Thu Apr 17 18:05:42 UTC 2014 + Serial Number (hex): 00b4c9a8bdfc48b0c4ff9b1d5d2bc09b1d + Revoked at: Thu Apr 17 18:10:24 UTC 2014 + Serial Number (hex): 585d3aaf331ba26671469d6ee730113e + Revoked at: Thu Apr 17 18:17:55 UTC 2014 + Serial Number (hex): 00f1d0379fe147f8c4e36283d603797e0a + Revoked at: Thu Apr 17 18:19:16 UTC 2014 + Serial Number (hex): 79eec59d396ff20d724120eb6a88904d + Revoked at: Thu Apr 17 19:28:08 UTC 2014 + Serial Number (hex): 0090d6ac8cf30e01de7e1c97eb3fcf09d4 + Revoked at: Thu Apr 17 19:28:34 UTC 2014 + Serial Number (hex): 00d769c7be8049e1f1eec8565d252fdbd2 + Revoked at: Thu Apr 17 19:29:32 UTC 2014 + Serial Number (hex): 00b4c2e90da9d1a24d263104c5a912c4b7 + Revoked at: Thu Apr 17 19:30:34 UTC 2014 + Serial Number (hex): 00fb85ac2ba1e42179afed25e8ea4b3e38 + Revoked at: Thu Apr 17 19:30:49 UTC 2014 + Serial Number (hex): 00f56b1a299d37a1e128168da9573e82b2 + Revoked at: Thu Apr 17 19:31:39 UTC 2014 + Serial Number (hex): 00d77177e7a503cf31250950ac08092299 + Revoked at: Thu Apr 17 19:31:56 UTC 2014 + Serial Number (hex): 00f2b201cf2ae9200161c1c2d9d405526c + Revoked at: Thu Apr 17 19:32:13 UTC 2014 + Serial Number (hex): 00e8fe9ca6a6675d0ea9c139a29ff999d3 + Revoked at: Thu Apr 17 19:32:26 UTC 2014 + Serial Number (hex): 14f658a2389d0d5aeb091df695fdc7e7 + Revoked at: Thu Apr 17 19:33:33 UTC 2014 + Serial Number (hex): 00bbddc2ac6aa0a162dee5effcc850a410 + Revoked at: Thu Apr 17 19:33:48 UTC 2014 + Serial Number (hex): 65294affbeefa4e142ce5795301457d1 + Revoked at: Thu Apr 17 19:35:49 UTC 2014 + Serial Number (hex): 008528a7fc329f1de389bdde49973ac904 + Revoked at: Thu Apr 17 19:35:55 UTC 2014 + Serial Number (hex): 00d0f20b07a60964a7dfb7fddccb5ea0f8 + Revoked at: Thu Apr 17 19:36:13 UTC 2014 + Serial Number (hex): 008a8a0f0fbff15311d7a63a0c263fcc5e + Revoked at: Thu Apr 17 19:38:14 UTC 2014 + Serial Number (hex): 00a20da8d6625f53b9bf146788efe6ca0f + Revoked at: Thu Apr 17 19:40:44 UTC 2014 + Serial Number (hex): 00e331cf8edf9c39d60c6daaf0b32c5eaf + Revoked at: Thu Apr 17 19:41:00 UTC 2014 + Serial Number (hex): 425aeb53ac6070d997617041100d32d2 + Revoked at: Thu Apr 17 19:41:16 UTC 2014 + Serial Number (hex): 6a9f57439235fc07d7cdce1bd31d38b2 + Revoked at: Thu Apr 17 19:41:23 UTC 2014 + Serial Number (hex): 00b024669c40e180588382713bebc0174f + Revoked at: Thu Apr 17 19:41:56 UTC 2014 + Serial Number (hex): 00b6cc6e1803beca62d77942ec8da3b31d + Revoked at: Thu Apr 17 19:42:15 UTC 2014 + Serial Number (hex): 008deee1962e5104060b82f03b335ee22e + Revoked at: Thu Apr 17 19:42:30 UTC 2014 + Serial Number (hex): 6e1d2f54035f53dcddd5381a735bd592 + Revoked at: Thu Apr 17 19:43:25 UTC 2014 + Serial Number (hex): 0085e9ed75f55077cb9b647de5ec28c1b4 + Revoked at: Thu Apr 17 19:43:26 UTC 2014 + Serial Number (hex): 00826a76b00844f3c116f5a4ca99ce6bf8 + Revoked at: Thu Apr 17 19:43:39 UTC 2014 + Serial Number (hex): 00eb2c0890fd27838da1e5fcad0d9fc157 + Revoked at: Thu Apr 17 19:43:49 UTC 2014 + Serial Number (hex): 57d11fac9897f03b105706cfc3e39a8e + Revoked at: Thu Apr 17 19:44:15 UTC 2014 + Serial Number (hex): 00bdf5a059b6ff4d8a483249ad7f91c873 + Revoked at: Thu Apr 17 19:44:19 UTC 2014 + Serial Number (hex): 00f5fd4ea7bb10683bc3021f8f0973477f + Revoked at: Thu Apr 17 19:44:30 UTC 2014 + Serial Number (hex): 1018e8f381d8a40794807998aec055e5 + Revoked at: Thu Apr 17 19:44:41 UTC 2014 + Serial Number (hex): 630adf63a16157fe020ba904e8908627 + Revoked at: Thu Apr 17 19:44:51 UTC 2014 + Serial Number (hex): 7872e950b3efa0661eb11f48707a0fec + Revoked at: Thu Apr 17 19:44:53 UTC 2014 + Serial Number (hex): 1788a1e75939349d08f90bd7708d8997 + Revoked at: Thu Apr 17 19:45:09 UTC 2014 + Serial Number (hex): 00c537201e50cd1cf695e3b279f57b8206 + Revoked at: Thu Apr 17 19:45:23 UTC 2014 + Serial Number (hex): 41d9b8b6c13dbdbb82a2a1da751162ea + Revoked at: Thu Apr 17 19:45:23 UTC 2014 + Serial Number (hex): 00d6f2043f7f4b5152fba11e32c58f0038 + Revoked at: Thu Apr 17 19:45:42 UTC 2014 + Serial Number (hex): 4065e1c8e081e83bc8f43c1c8fbd5a7c + Revoked at: Thu Apr 17 19:45:49 UTC 2014 + Serial Number (hex): 3769a1ea0e123cb651fd30af5de7576b + Revoked at: Thu Apr 17 19:45:57 UTC 2014 + Serial Number (hex): 26853a7becfed5d505f095acffff0412 + Revoked at: Thu Apr 17 19:46:12 UTC 2014 + Serial Number (hex): 009bd29a7f5063d2d7580be50752c266f8 + Revoked at: Thu Apr 17 19:46:23 UTC 2014 + Serial Number (hex): 47d2542556ae829495b55c96d9160078 + Revoked at: Thu Apr 17 19:46:37 UTC 2014 + Serial Number (hex): 00b205c15852c9b9abfa86008042223d9b + Revoked at: Thu Apr 17 19:47:01 UTC 2014 + Serial Number (hex): 008ae99c75c59961a557d6dde5e96f9aec + Revoked at: Thu Apr 17 19:47:10 UTC 2014 + Serial Number (hex): 00edf26d3e67e92a54de38cbe194bd520a + Revoked at: Thu Apr 17 19:47:14 UTC 2014 + Serial Number (hex): 6094449d44fcdaaa4510637cbf3ab1b8 + Revoked at: Thu Apr 17 19:47:34 UTC 2014 + Serial Number (hex): 00d408a110fd17a4e80acec67db5abe957 + Revoked at: Thu Apr 17 19:47:50 UTC 2014 + Serial Number (hex): 0afa44a580a0f344fdf488bd47a15fd0 + Revoked at: Thu Apr 17 19:48:12 UTC 2014 + Serial Number (hex): 00c635abe0aee428d8f6a95e4e3eae0e62 + Revoked at: Thu Apr 17 19:48:27 UTC 2014 + Serial Number (hex): 5902fda221aea33d1be046718acb396f + Revoked at: Thu Apr 17 19:48:39 UTC 2014 + Serial Number (hex): 211649019febc0b32b3083fed2deabcc + Revoked at: Thu Apr 17 19:48:57 UTC 2014 + Serial Number (hex): 17ec102024d74b6927b4fbfeacde1ad4 + Revoked at: Thu Apr 17 19:49:17 UTC 2014 + Serial Number (hex): 2f6eeb09f70067ba2857243ec9f18c98 + Revoked at: Thu Apr 17 19:49:37 UTC 2014 + Serial Number (hex): 00dcc4120fbee8bae9ec51f2af3ed9dd5c + Revoked at: Thu Apr 17 19:49:51 UTC 2014 + Serial Number (hex): 00fa30b2318be59d61efd308d5ae952f7b + Revoked at: Thu Apr 17 19:50:05 UTC 2014 + Serial Number (hex): 70f30fb42ee4cb5e70473ecfb986c29b + Revoked at: Thu Apr 17 19:50:24 UTC 2014 + Serial Number (hex): 55f3de6e2ba5996a9a35d39279ce27b1 + Revoked at: Thu Apr 17 19:50:37 UTC 2014 + Serial Number (hex): 45b1f69543f532bc6ceb1afdbd094520 + Revoked at: Thu Apr 17 19:51:05 UTC 2014 + Serial Number (hex): 009a1aab2b833786fd95595df1cdb996cd + Revoked at: Thu Apr 17 19:51:23 UTC 2014 + Serial Number (hex): 74f54693caaf2fbc0bc3abd4b8fa601d + Revoked at: Thu Apr 17 19:51:43 UTC 2014 + Serial Number (hex): 75fe57d88678681b9746acd74047b26f + Revoked at: Thu Apr 17 19:51:58 UTC 2014 + Serial Number (hex): 2c3a09cc16572dec96da41444e08fde0 + Revoked at: Thu Apr 17 19:52:04 UTC 2014 + Serial Number (hex): 7bd6de2383367cc7f579101c8dba470e + Revoked at: Thu Apr 17 19:52:17 UTC 2014 + Serial Number (hex): 00a6b767f5d183dd55730914950d01df94 + Revoked at: Thu Apr 17 19:52:36 UTC 2014 + Serial Number (hex): 00fe55f37ed4c9f41effe3f69e4ddfb792 + Revoked at: Thu Apr 17 19:52:43 UTC 2014 + Serial Number (hex): 137bf4f9d3daf4bdd0888f980724ba57 + Revoked at: Thu Apr 17 19:53:12 UTC 2014 + Serial Number (hex): 00caae0b923d5915d9a34c590cf70c6bd7 + Revoked at: Thu Apr 17 20:03:49 UTC 2014 + Serial Number (hex): 7b7cae4dbd498171ca6815c7be984968 + Revoked at: Thu Apr 17 20:04:03 UTC 2014 + Serial Number (hex): 00cc6f573ba7c52156385813e85fff2f30 + Revoked at: Thu Apr 17 20:04:28 UTC 2014 + Serial Number (hex): 1eca93fac94b0305ab4a4798f5875cee + Revoked at: Thu Apr 17 20:19:02 UTC 2014 + Serial Number (hex): 00ee3a3293938fdc476722fbfb4c1347b5 + Revoked at: Thu Apr 17 20:22:37 UTC 2014 + Serial Number (hex): 75b5e8ff25ca2d8d1d97ca1c20e5bc5f + Revoked at: Thu Apr 17 20:23:49 UTC 2014 + Serial Number (hex): 32c134855ed6069dff78890aca9f2b5a + Revoked at: Thu Apr 17 20:38:23 UTC 2014 + Serial Number (hex): 00b82f4b8f92aee8b8f9ab062e31641e75 + Revoked at: Thu Apr 17 20:41:13 UTC 2014 + Serial Number (hex): 00e31056c8f2b06fc9349c8d64ef5159bc + Revoked at: Thu Apr 17 20:43:53 UTC 2014 + Serial Number (hex): 00a3ee18f8b08f4aab891e55649f974643 + Revoked at: Thu Apr 17 20:45:25 UTC 2014 + Serial Number (hex): 00c268ce91cfcc5e6d4b4808f8765846bc + Revoked at: Thu Apr 17 20:45:50 UTC 2014 + Serial Number (hex): 009594a493d90d07bc143436cd955269a4 + Revoked at: Thu Apr 17 20:45:55 UTC 2014 + Serial Number (hex): 00b9fbeece9b1347d8a567ed6eda55eaea + Revoked at: Thu Apr 17 20:46:01 UTC 2014 + Serial Number (hex): 4b31a17d5d7dcda1b62d76f549bf6cfb + Revoked at: Thu Apr 17 20:46:39 UTC 2014 + Serial Number (hex): 008fb9da01bfdd9dc81239b2e1c0768ae9 + Revoked at: Thu Apr 17 20:46:46 UTC 2014 + Serial Number (hex): 00a3d34adb65d4e8a1f2f7ee4d2353d443 + Revoked at: Thu Apr 17 22:00:00 UTC 2014 + Serial Number (hex): 0e4d4d04216f898840c1aa207071ad62 + Revoked at: Thu Apr 17 22:08:51 UTC 2014 + Serial Number (hex): 00fe89ffff255cbecdf69ea50b2afffa1a + Revoked at: Thu Apr 17 22:59:14 UTC 2014 + Serial Number (hex): 0abc1fba28de4068629239443b2d051f + Revoked at: Fri Apr 18 00:36:58 UTC 2014 + Serial Number (hex): 009e86d301a2bb1236a60ad416b62b0c21 + Revoked at: Fri Apr 18 03:50:52 UTC 2014 + Serial Number (hex): 0e116bb6e3b20a37b75bb8126c61a831 + Revoked at: Fri Apr 18 03:51:12 UTC 2014 + Serial Number (hex): 7cf6369d6da0964958be09de462e43dc + Revoked at: Fri Apr 18 08:00:38 UTC 2014 + Serial Number (hex): 5f9c3a384b4592294bfb20635b878291 + Revoked at: Fri Apr 18 10:26:02 UTC 2014 + Serial Number (hex): 0083c7a5215b1801eb05cc77a48c26d5d9 + Revoked at: Fri Apr 18 10:29:27 UTC 2014 + Serial Number (hex): 008452efede8a5128c7daaf26512d9a337 + Revoked at: Fri Apr 18 10:38:54 UTC 2014 + Serial Number (hex): 00cc854977dbc1c23c4e74e1ad507c1245 + Revoked at: Fri Apr 18 10:54:02 UTC 2014 + Serial Number (hex): 00c97f586bdc014bf7723ad3a5922dbc74 + Revoked at: Fri Apr 18 10:54:33 UTC 2014 + Serial Number (hex): 00cdd87ab12d43993912869d22afa806ad + Revoked at: Fri Apr 18 12:08:30 UTC 2014 + Serial Number (hex): 009dfe42a168fbf67ced2292fc8a87fea8 + Revoked at: Fri Apr 18 12:08:39 UTC 2014 + Serial Number (hex): 00a6ecc9b51ceb90372cfa3b813bdf086f + Revoked at: Fri Apr 18 12:10:42 UTC 2014 + Serial Number (hex): 041abc3c658c9714d4279e5a52a85d09 + Revoked at: Fri Apr 18 12:44:16 UTC 2014 + Serial Number (hex): 0099a02994c7780f64dc617f11eabf5430 + Revoked at: Fri Apr 18 13:01:55 UTC 2014 + Serial Number (hex): 008e533ff8c720def3d94d763c4b09f760 + Revoked at: Fri Apr 18 13:18:25 UTC 2014 + Serial Number (hex): 594d1f3e6f98c1aea413e94ca8c53c2e + Revoked at: Fri Apr 18 13:35:19 UTC 2014 + Serial Number (hex): 00e64cbcad82c9bceb64c7ae8fd5e1efa1 + Revoked at: Fri Apr 18 13:43:31 UTC 2014 + Serial Number (hex): 309035efcad7159c7857738f50fdfb2e + Revoked at: Fri Apr 18 13:44:47 UTC 2014 + Serial Number (hex): 786bb2cebc4834d29f99f9b3bd5f824d + Revoked at: Fri Apr 18 13:58:10 UTC 2014 + Serial Number (hex): 009716b0e6fbbc0c0c62c9c774030c7141 + Revoked at: Fri Apr 18 14:00:28 UTC 2014 + Serial Number (hex): 009bf7a4b5f76ffb571d1c204a8b4c20fe + Revoked at: Fri Apr 18 14:02:02 UTC 2014 + Serial Number (hex): 421ea8b0f1413da0d374a9d8c6cf0e93 + Revoked at: Fri Apr 18 14:02:42 UTC 2014 + Serial Number (hex): 00feae3ef1bba1df781cbafb841d10ba19 + Revoked at: Fri Apr 18 14:23:05 UTC 2014 + Serial Number (hex): 2003ac231771c2818713dbf130193359 + Revoked at: Fri Apr 18 15:05:41 UTC 2014 + Serial Number (hex): 1ce9d235da865b574f18b7a971729cfc + Revoked at: Fri Apr 18 16:37:26 UTC 2014 + Serial Number (hex): 00ca564946d3d28a99231b66b451e6a0b0 + Revoked at: Fri Apr 18 16:42:33 UTC 2014 + Serial Number (hex): 00daf655a859ce538f5178a95bd1e8ffb6 + Revoked at: Fri Apr 18 16:43:22 UTC 2014 + Serial Number (hex): 7f3616555db0996111a07c62558b9ca0 + Revoked at: Fri Apr 18 16:43:32 UTC 2014 + Serial Number (hex): 4a684e9b6b6b987de7cea4306f2936b3 + Revoked at: Fri Apr 18 16:44:34 UTC 2014 + Serial Number (hex): 6e7a1ab9e1e2f744859b3c6e6d6b2683 + Revoked at: Fri Apr 18 16:44:44 UTC 2014 + Serial Number (hex): 5365734f5d336a7a79c0f7cef678564d + Revoked at: Fri Apr 18 17:05:11 UTC 2014 + Serial Number (hex): 63f847686d936c5ce35879d1cc164abb + Revoked at: Fri Apr 18 17:05:34 UTC 2014 + Serial Number (hex): 00a8f2b0dd215599350a2cab818ec591f4 + Revoked at: Fri Apr 18 17:06:06 UTC 2014 + Serial Number (hex): 008588720fa8788e4f04e16a3a36461f0b + Revoked at: Fri Apr 18 17:06:14 UTC 2014 + Serial Number (hex): 6a704bdfa146595236c8ac484bb48866 + Revoked at: Fri Apr 18 17:06:19 UTC 2014 + Serial Number (hex): 08f6d60f013ca10ba23b679e03cd6579 + Revoked at: Fri Apr 18 17:06:26 UTC 2014 + Serial Number (hex): 00d25e5e56959f97ffebd9b89abfa21cfc + Revoked at: Fri Apr 18 17:06:36 UTC 2014 + Serial Number (hex): 4e499ce0f6a8bebbc1cbdb9ed2fe5603 + Revoked at: Fri Apr 18 17:06:41 UTC 2014 + Serial Number (hex): 00c467c855b64e906a9612612e019eec0e + Revoked at: Fri Apr 18 17:06:48 UTC 2014 + Serial Number (hex): 0247f4e31c975dee6171d07d4b58feee + Revoked at: Fri Apr 18 17:06:56 UTC 2014 + Serial Number (hex): 6b5c39f26ddc7b7b259e3968dd62936d + Revoked at: Fri Apr 18 17:07:03 UTC 2014 + Serial Number (hex): 00b61fa879afdf50017f04b9f27c3f5e05 + Revoked at: Fri Apr 18 17:07:07 UTC 2014 + Serial Number (hex): 42cf0771f3099569067c89904d4e048b + Revoked at: Fri Apr 18 17:07:13 UTC 2014 + Serial Number (hex): 5402f8aafe58437db849865693f02f97 + Revoked at: Fri Apr 18 17:07:19 UTC 2014 + Serial Number (hex): 00b303c6866255042817a43307e6cbc017 + Revoked at: Fri Apr 18 17:07:26 UTC 2014 + Serial Number (hex): 00b3cf4a619d05763423c4596bd06573bf + Revoked at: Fri Apr 18 17:07:31 UTC 2014 + Serial Number (hex): 528031c457df182f51eca11b7e263528 + Revoked at: Fri Apr 18 17:07:35 UTC 2014 + Serial Number (hex): 0cc4e615b7c741b8ad197a9feea43e9c + Revoked at: Fri Apr 18 17:07:43 UTC 2014 + Serial Number (hex): 0f0e17bedc28bd8e5ba7b14e3bfeebb2 + Revoked at: Fri Apr 18 17:07:49 UTC 2014 + Serial Number (hex): 00b70b5dae2c8a2cdf2e7a55a2e0dcfa19 + Revoked at: Fri Apr 18 17:07:55 UTC 2014 + Serial Number (hex): 676b8dca92990eef738d934507b3e929 + Revoked at: Fri Apr 18 17:08:02 UTC 2014 + Serial Number (hex): 1419a4611e9b207a047ad30e287b6e31 + Revoked at: Fri Apr 18 17:08:08 UTC 2014 + Serial Number (hex): 0092e4f9f5532cdb55dd45d05c92cfc557 + Revoked at: Fri Apr 18 17:13:05 UTC 2014 + Serial Number (hex): 73e758cacab9e0b5ac2124a4615745a8 + Revoked at: Fri Apr 18 17:29:13 UTC 2014 + Serial Number (hex): 00ea3c91111b72e8e16043b9c0e3c6cde4 + Revoked at: Fri Apr 18 17:29:21 UTC 2014 + Serial Number (hex): 00a6365436c192f89550e0bd43117aaa44 + Revoked at: Fri Apr 18 17:29:29 UTC 2014 + Serial Number (hex): 00ccedfc9462522641fcb6080377adad5c + Revoked at: Fri Apr 18 17:29:33 UTC 2014 + Serial Number (hex): 7e5a3c76f6d4b727d3d49ff20acf139a + Revoked at: Fri Apr 18 17:29:38 UTC 2014 + Serial Number (hex): 00bbc7c2c3156ca2d1e5dff61c176747f6 + Revoked at: Fri Apr 18 17:29:43 UTC 2014 + Serial Number (hex): 6ca31342db5ce28ec9f4ba97a689b044 + Revoked at: Fri Apr 18 17:29:48 UTC 2014 + Serial Number (hex): 23a88aa4c14b8adc106c84e6d2730b46 + Revoked at: Fri Apr 18 17:29:53 UTC 2014 + Serial Number (hex): 24a47e9ca1bc857876e638feb1d4db4f + Revoked at: Fri Apr 18 17:29:57 UTC 2014 + Serial Number (hex): 2bca51069c6be2f4ff2728abd386ee83 + Revoked at: Fri Apr 18 17:30:02 UTC 2014 + Serial Number (hex): 381f5e96b57f5aa59ff97a09c9db60b8 + Revoked at: Fri Apr 18 17:30:06 UTC 2014 + Serial Number (hex): 4042ab70429c407a5c08af04e39d604c + Revoked at: Fri Apr 18 17:30:26 UTC 2014 + Serial Number (hex): 00d93a8b8d44a10cd74e0c98e4fd0da080 + Revoked at: Fri Apr 18 17:30:30 UTC 2014 + Serial Number (hex): 00e66297c3e0581b80bebec30d3f24a62d + Revoked at: Fri Apr 18 17:30:34 UTC 2014 + Serial Number (hex): 54b6ec383a93354dd7643ea5ab3441b5 + Revoked at: Fri Apr 18 17:30:38 UTC 2014 + Serial Number (hex): 00e952704d44be8a75c3237ff02ca4a71e + Revoked at: Fri Apr 18 17:30:42 UTC 2014 + Serial Number (hex): 515d0c92bf868a856969cac81f50c619 + Revoked at: Fri Apr 18 17:30:46 UTC 2014 + Serial Number (hex): 599f394ba325c5dfcb63b5d22d976f0d + Revoked at: Fri Apr 18 17:30:50 UTC 2014 + Serial Number (hex): 0393a7cddb84a543b9758e2601dd7db5 + Revoked at: Fri Apr 18 17:30:54 UTC 2014 + Serial Number (hex): 00a906952e75e5c0ba22baf739ae47769a + Revoked at: Fri Apr 18 17:30:58 UTC 2014 + Serial Number (hex): 00ec9494b64eee6011eab0cf5a8902a4ec + Revoked at: Fri Apr 18 17:31:02 UTC 2014 + Serial Number (hex): 00c07892069483f6b234f7985087326459 + Revoked at: Fri Apr 18 17:31:07 UTC 2014 + Serial Number (hex): 5b29a8ac5aadb6064585f3c51d028d35 + Revoked at: Fri Apr 18 17:31:11 UTC 2014 + Serial Number (hex): 00e51a7334429fe619d662dbdc3991ae0b + Revoked at: Fri Apr 18 17:31:15 UTC 2014 + Serial Number (hex): 00ba551e3c7d23c511dc75c83b26af5b49 + Revoked at: Fri Apr 18 17:31:28 UTC 2014 + Serial Number (hex): 00868b23b4624c798713cf211eb03a1f6c + Revoked at: Fri Apr 18 17:31:33 UTC 2014 + Serial Number (hex): 0e0975c3daae09bb7a40432cbf7734e4 + Revoked at: Fri Apr 18 17:31:38 UTC 2014 + Serial Number (hex): 38bee9f9fd2ca82f3b256cf145c32c00 + Revoked at: Fri Apr 18 17:31:42 UTC 2014 + Serial Number (hex): 16c1367d20543984a430481b37f21ded + Revoked at: Fri Apr 18 17:31:47 UTC 2014 + Serial Number (hex): 7dc80b0c255b96bcb60333d224dd5ab0 + Revoked at: Fri Apr 18 17:31:54 UTC 2014 + Serial Number (hex): 3be4ceea08661abda172747b516d6195 + Revoked at: Fri Apr 18 17:32:03 UTC 2014 + Serial Number (hex): 00db972fa87f72742411de5e909a1dadeb + Revoked at: Fri Apr 18 20:40:59 UTC 2014 + Serial Number (hex): 0090d42ad2986832b6c60271a3e980069a + Revoked at: Sat Apr 19 09:52:05 UTC 2014 + Serial Number (hex): 74cc307e96cec1f31e36053415315d3f + Revoked at: Sat Apr 19 17:13:08 UTC 2014 + Serial Number (hex): 00dc71ceb26b540ffabff96213bd3d0bf9 + Revoked at: Sun Apr 20 01:20:30 UTC 2014 + Serial Number (hex): 323b88131e413d579a55c02ae2723580 + Revoked at: Sun Apr 20 01:20:35 UTC 2014 + Serial Number (hex): 009f52355ffaea633fce91193a01c093ea + Revoked at: Sun Apr 20 04:17:22 UTC 2014 + Serial Number (hex): 4046118339e2f005eed2f4541e86c70b + Revoked at: Sun Apr 20 04:17:40 UTC 2014 + Serial Number (hex): 009498a6ddfa873506ef2b2c7426ea456d + Revoked at: Sun Apr 20 06:23:57 UTC 2014 + Serial Number (hex): 5593c0fdd186d52f19bd602056a31794 + Revoked at: Sun Apr 20 13:30:11 UTC 2014 + Serial Number (hex): 131045a76b08272ced6141e4479c24d0 + Revoked at: Sun Apr 20 14:01:14 UTC 2014 + Serial Number (hex): 00c623a382717664eee317fdf1bda4d7c3 + Revoked at: Sun Apr 20 14:47:09 UTC 2014 + Serial Number (hex): 00f6def29c0d9d339bd26d2078bb7b8819 + Revoked at: Sun Apr 20 21:24:38 UTC 2014 + Serial Number (hex): 4e237b63d5bb570296d77a6cfd97b4fd + Revoked at: Mon Apr 21 00:05:34 UTC 2014 + Serial Number (hex): 0087be7be52a2836bdfb9bf61d14923228 + Revoked at: Mon Apr 21 11:41:45 UTC 2014 + Serial Number (hex): 6570829d9947148016369841b0918b6a + Revoked at: Mon Apr 21 12:16:56 UTC 2014 + Serial Number (hex): 0095fe22b23f602ac95b471d85bd100da1 + Revoked at: Mon Apr 21 12:17:02 UTC 2014 + Serial Number (hex): 008c3edfadd5769c555d0cf60b3f0ea753 + Revoked at: Mon Apr 21 13:25:51 UTC 2014 + Serial Number (hex): 008dee6ea0fdfaab4fa680d992dddd6dfc + Revoked at: Mon Apr 21 14:22:53 UTC 2014 + Serial Number (hex): 00b2931a93bb961ae31998c78488c64b03 + Revoked at: Mon Apr 21 14:45:28 UTC 2014 + Serial Number (hex): 00c1fc4378033d62a0c0f8af3e6614da26 + Revoked at: Mon Apr 21 14:54:16 UTC 2014 + Serial Number (hex): 76c502d423da4459c8f6941ecae6fa2d + Revoked at: Mon Apr 21 15:38:50 UTC 2014 + Serial Number (hex): 008456ce69afd902a1e1f186c0b51af4b1 + Revoked at: Mon Apr 21 17:59:35 UTC 2014 + Serial Number (hex): 7277fdcd4608561aeed8f37078fa5ec3 + Revoked at: Mon Apr 21 18:44:54 UTC 2014 + Serial Number (hex): 00dd4b30101b826c783c0004fdc2fe41fa + Revoked at: Mon Apr 21 18:46:06 UTC 2014 + Serial Number (hex): 79e4b6f32dc505c26c14124fecf061ea + Revoked at: Mon Apr 21 18:46:43 UTC 2014 + Serial Number (hex): 00c118f2f85e4cb02c8f572fa1cf14247e + Revoked at: Mon Apr 21 18:47:23 UTC 2014 + Serial Number (hex): 1396d18c7b37c8c653d7ec4882fa2a31 + Revoked at: Mon Apr 21 18:48:28 UTC 2014 + Serial Number (hex): 00e548c5c036936d1172e71a9fa350b259 + Revoked at: Mon Apr 21 18:49:33 UTC 2014 + Serial Number (hex): 0d67bb2b2195f993e48b208da451319b + Revoked at: Mon Apr 21 19:18:46 UTC 2014 + Serial Number (hex): 00a82663b5b07435a8c97536978691725d + Revoked at: Mon Apr 21 19:26:16 UTC 2014 + Serial Number (hex): 5470e253b8381baafa2ee1a537681ea8 + Revoked at: Mon Apr 21 19:28:59 UTC 2014 + Serial Number (hex): 277b1e5b32f10371bc3e8fd943be0f70 + Revoked at: Mon Apr 21 19:34:55 UTC 2014 + Serial Number (hex): 00b22fd51844448703668c6f9deb60f3b6 + Revoked at: Mon Apr 21 20:20:47 UTC 2014 + Serial Number (hex): 1a0300dda85f8c31ffb37f92de140b51 + Revoked at: Mon Apr 21 20:21:46 UTC 2014 + Serial Number (hex): 00a886de49cd5892fa41bf7dec80e86709 + Revoked at: Tue Apr 22 03:49:30 UTC 2014 + Serial Number (hex): 03ec264aed09d6efd371113019b1cd92 + Revoked at: Tue Apr 22 03:49:35 UTC 2014 + Serial Number (hex): 00dbb3bfef82648897c7b6908fa68a3aab + Revoked at: Tue Apr 22 03:51:49 UTC 2014 + Serial Number (hex): 00f0c91eb4d10ebe3db7df03ac6fc3d9ef + Revoked at: Tue Apr 22 03:51:59 UTC 2014 + Serial Number (hex): 70493608a2ef88d84ef411d632de93ed + Revoked at: Tue Apr 22 03:52:15 UTC 2014 + Serial Number (hex): 008ec687ddc170c6e33243ffbd56a8b06a + Revoked at: Tue Apr 22 04:16:06 UTC 2014 + Serial Number (hex): 7ee95b717dc5e5afc15c8199fb2e934a + Revoked at: Tue Apr 22 04:20:37 UTC 2014 + Serial Number (hex): 00f934add3c639db0a34f6902e26d77795 + Revoked at: Tue Apr 22 04:21:02 UTC 2014 + Serial Number (hex): 00897cf60a9b14b20bdb009d0bc29a1466 + Revoked at: Tue Apr 22 08:17:14 UTC 2014 + Serial Number (hex): 4d5b9a602adcc45980523b0b97a3ccf8 + Revoked at: Tue Apr 22 08:17:20 UTC 2014 + Serial Number (hex): 00de561bb21f5c42a5fabaab4663d40c33 + Revoked at: Tue Apr 22 08:18:46 UTC 2014 + Serial Number (hex): 00f907125f57ab4b0f7a5f8c9cacaaec2a + Revoked at: Tue Apr 22 08:19:21 UTC 2014 + Serial Number (hex): 00d66426a3cdbc5aaf2bd1aac8bf796f86 + Revoked at: Tue Apr 22 10:22:48 UTC 2014 + Serial Number (hex): 00c3a2ebad6d7e3789b1a2eae5e9b348c1 + Revoked at: Tue Apr 22 10:28:11 UTC 2014 + Serial Number (hex): 35c9c03d2454db08c80e5f7a31bcbb09 + Revoked at: Tue Apr 22 10:58:56 UTC 2014 + Serial Number (hex): 5ab4e7b1ca692a72ab94f3fe21a82107 + Revoked at: Tue Apr 22 11:35:33 UTC 2014 + Serial Number (hex): 7c8fc25239d3c8a1694aef43f83db635 + Revoked at: Tue Apr 22 11:36:33 UTC 2014 + Serial Number (hex): 1e1c7801239e1432a6cdd6ad70159344 + Revoked at: Tue Apr 22 11:36:47 UTC 2014 + Serial Number (hex): 7b2f4c34404f0a21eac60bfa59b6e4cd + Revoked at: Tue Apr 22 12:48:55 UTC 2014 + Serial Number (hex): 4922c9a7f024559e54e4f1785f0fd697 + Revoked at: Tue Apr 22 12:49:04 UTC 2014 + Serial Number (hex): 68d5e6f66d71dccf019e85b34547a63c + Revoked at: Tue Apr 22 12:49:07 UTC 2014 + Serial Number (hex): 322eab4629e28069755e80066e7e3d6e + Revoked at: Tue Apr 22 12:59:30 UTC 2014 + Serial Number (hex): 00b8e7c9b390d74175e2c415de14600450 + Revoked at: Tue Apr 22 13:11:48 UTC 2014 + Serial Number (hex): 0e5b0ad96a0f11fdc995d862d53c32a4 + Revoked at: Tue Apr 22 13:43:06 UTC 2014 + Serial Number (hex): 0f023d52ff9b226c1e8b4a22448de3fc + Revoked at: Tue Apr 22 13:44:29 UTC 2014 + Serial Number (hex): 00d70b726a217a8441ea4d8ed7fcdd0a07 + Revoked at: Tue Apr 22 13:45:46 UTC 2014 + Serial Number (hex): 00914acaa7cd863471e4041c166fc292fa + Revoked at: Tue Apr 22 13:52:53 UTC 2014 + Serial Number (hex): 02661a8eab40cf89864c9935acb382e4 + Revoked at: Tue Apr 22 13:54:14 UTC 2014 + Serial Number (hex): 0c89297c68e6c4b7f88cad12174bf604 + Revoked at: Tue Apr 22 13:55:37 UTC 2014 + Serial Number (hex): 19930eca9f8eda66105afb87f9e9d78c + Revoked at: Tue Apr 22 13:57:08 UTC 2014 + Serial Number (hex): 00f1e2df21986b033bcb63cd742e9c20f2 + Revoked at: Tue Apr 22 13:58:26 UTC 2014 + Serial Number (hex): 00e540fe85165c98a9d81fdf51c4146d3e + Revoked at: Tue Apr 22 13:59:49 UTC 2014 + Serial Number (hex): 5a4a5a2f3781e33f541ffeea34c66de3 + Revoked at: Tue Apr 22 14:45:18 UTC 2014 + Serial Number (hex): 00e71d8f6bfdea770886b6806ac905581e + Revoked at: Tue Apr 22 14:58:46 UTC 2014 + Serial Number (hex): 6d50e5f7c3b549211895ba8751482e1c + Revoked at: Tue Apr 22 14:58:49 UTC 2014 + Serial Number (hex): 00bc9896c476d1850a3006e7152faca493 + Revoked at: Tue Apr 22 15:08:12 UTC 2014 + Serial Number (hex): 00d5acb19dc0148b91b9ddd085abdbe8a5 + Revoked at: Tue Apr 22 15:09:13 UTC 2014 + Serial Number (hex): 52685a890a99d9ebe3a6db551443cb9f + Revoked at: Tue Apr 22 15:10:40 UTC 2014 + Serial Number (hex): 3932d4001bae1ecd4e3545107dc607c6 + Revoked at: Tue Apr 22 15:11:01 UTC 2014 + Serial Number (hex): 00bb53d42e1b81789f2381d09adf657ac1 + Revoked at: Tue Apr 22 15:14:07 UTC 2014 + Serial Number (hex): 00d0616b2ee82441a2940d9dc49c787296 + Revoked at: Tue Apr 22 15:14:39 UTC 2014 + Serial Number (hex): 36fa9ab1c0ab12dc7899477cddfa77e0 + Revoked at: Tue Apr 22 15:15:41 UTC 2014 + Serial Number (hex): 00afdfb071645c8fb2133e3ea76e8b7d36 + Revoked at: Tue Apr 22 15:17:47 UTC 2014 + Serial Number (hex): 328fd94afe921506950745cc1dd17aeb + Revoked at: Tue Apr 22 15:19:26 UTC 2014 + Serial Number (hex): 008897fb3533e09a0e4b7517cb688a77f0 + Revoked at: Tue Apr 22 15:22:41 UTC 2014 + Serial Number (hex): 255874998f7e3a6d04047eb441bab639 + Revoked at: Tue Apr 22 15:23:43 UTC 2014 + Serial Number (hex): 4b403414ecaf620002d47fd2c872ee05 + Revoked at: Tue Apr 22 15:24:07 UTC 2014 + Serial Number (hex): 12a6bdf8242a761b7bdbf6e3fbe10134 + Revoked at: Tue Apr 22 15:24:25 UTC 2014 + Serial Number (hex): 5af3eefd29617fecc9ea8beb6dd0166a + Revoked at: Tue Apr 22 15:25:15 UTC 2014 + Serial Number (hex): 5035070e7bc4c2e7c5b7f3b402ff7c76 + Revoked at: Tue Apr 22 15:26:43 UTC 2014 + Serial Number (hex): 2245a8dbb1c770f0d381e4f8acd9a50b + Revoked at: Tue Apr 22 15:29:39 UTC 2014 + Serial Number (hex): 779c0eeffa804866c87fc9cede47f9d2 + Revoked at: Tue Apr 22 15:30:00 UTC 2014 + Serial Number (hex): 642407d7f29bd29814970e93551c826f + Revoked at: Tue Apr 22 15:31:05 UTC 2014 + Serial Number (hex): 00d0d0ec1151a8ad935d58e2d05f40935f + Revoked at: Tue Apr 22 15:32:51 UTC 2014 + Serial Number (hex): 008663317fdea9bff46988dd3c015022a6 + Revoked at: Tue Apr 22 15:34:01 UTC 2014 + Serial Number (hex): 5e4fbb123479ff90cce6f997524000db + Revoked at: Tue Apr 22 15:34:34 UTC 2014 + Serial Number (hex): 0272f019d0ceae5191e490b69ead19b1 + Revoked at: Tue Apr 22 15:34:40 UTC 2014 + Serial Number (hex): 26077443715e63a3c4fcee36283cd8ef + Revoked at: Tue Apr 22 15:45:48 UTC 2014 + Serial Number (hex): 4591d6d434dc865b2be776c0f5d13327 + Revoked at: Tue Apr 22 15:47:43 UTC 2014 + Serial Number (hex): 0088706e2dbfc16b5abcbd9f6c8fe5d9a2 + Revoked at: Tue Apr 22 15:48:13 UTC 2014 + Serial Number (hex): 11f32a7dfcf1388d05ed96ed8f10bbae + Revoked at: Tue Apr 22 15:48:36 UTC 2014 + Serial Number (hex): 06285bb309bfc6f67a49ce8a90aa3a01 + Revoked at: Tue Apr 22 15:49:24 UTC 2014 + Serial Number (hex): 77060260381e5c6c4ee5bbc65d842a25 + Revoked at: Tue Apr 22 15:50:11 UTC 2014 + Serial Number (hex): 123880d78f02a3e46d61a64ff28d7573 + Revoked at: Tue Apr 22 16:27:09 UTC 2014 + Serial Number (hex): 47de1afd01b8638ca9734234c4e74769 + Revoked at: Tue Apr 22 16:31:40 UTC 2014 + Serial Number (hex): 4b7e296b351da38dea3cf7766f7f4df9 + Revoked at: Tue Apr 22 16:32:46 UTC 2014 + Serial Number (hex): 00f693d6c0bd7b372c2f4d8d0edeccf3bc + Revoked at: Tue Apr 22 16:47:20 UTC 2014 + Serial Number (hex): 556d8198323a9eb196ebe4f64a7508b4 + Revoked at: Tue Apr 22 16:58:40 UTC 2014 + Serial Number (hex): 00c461e4e094df3ac8d00c7f1eb348cf65 + Revoked at: Tue Apr 22 19:27:11 UTC 2014 + Serial Number (hex): 00df03c742729189844a37836a6ac3a6e6 + Revoked at: Tue Apr 22 19:49:55 UTC 2014 + Serial Number (hex): 226ee06a02c33fc6da41cee67b2468dd + Revoked at: Tue Apr 22 19:50:09 UTC 2014 + Serial Number (hex): 6bb5557c05e7d45a8295d9a94f721fab + Revoked at: Tue Apr 22 20:12:17 UTC 2014 + Serial Number (hex): 1d53bcca17354adf37cbc62c4a1d1c27 + Revoked at: Tue Apr 22 20:33:18 UTC 2014 + Serial Number (hex): 00cf77fbeb0920f661a84ae12c84e64b3f + Revoked at: Tue Apr 22 20:34:15 UTC 2014 + Serial Number (hex): 00fd5fc2c2445f93b15fcb3f380833678e + Revoked at: Tue Apr 22 20:35:53 UTC 2014 + Serial Number (hex): 36aa63fa66332c57c584a958d8b5269a + Revoked at: Tue Apr 22 20:37:01 UTC 2014 + Serial Number (hex): 19e4258492dbd0ac518ff704c6f8b661 + Revoked at: Tue Apr 22 20:37:54 UTC 2014 + Serial Number (hex): 00b8f3464a233fede06bcad444b342d6c7 + Revoked at: Tue Apr 22 20:38:46 UTC 2014 + Serial Number (hex): 00ce4f327a64d8db20121cdb32b71d81eb + Revoked at: Tue Apr 22 20:39:38 UTC 2014 + Serial Number (hex): 00c7a633280bde9f1081b718a6c58aa203 + Revoked at: Tue Apr 22 20:45:19 UTC 2014 + Serial Number (hex): 0084706906b45cc487e342cc4544b583ab + Revoked at: Tue Apr 22 21:00:29 UTC 2014 + Serial Number (hex): 54c597d0ff1d1be847818617c04a9537 + Revoked at: Tue Apr 22 22:22:32 UTC 2014 + Serial Number (hex): 00883bab553f61d3cff0c03a8a45329716 + Revoked at: Tue Apr 22 22:22:41 UTC 2014 + Serial Number (hex): 00f684f47ab8edb5399f9f3354c84042a6 + Revoked at: Tue Apr 22 23:24:43 UTC 2014 + Serial Number (hex): 00fccf1353220a16c3a93d5f95ef146c98 + Revoked at: Wed Apr 23 07:55:56 UTC 2014 + Serial Number (hex): 00e2da4c7f80fa6f7d98302b055d2906b3 + Revoked at: Wed Apr 23 07:56:32 UTC 2014 + Serial Number (hex): 0089b058359af450510a0826ffee1533fc + Revoked at: Wed Apr 23 08:42:58 UTC 2014 + Serial Number (hex): 00a5d8f9e61892f02364979d52cf470a0b + Revoked at: Wed Apr 23 09:05:11 UTC 2014 + Serial Number (hex): 00b698d7b6f96dc26aacc444c2a59cc25f + Revoked at: Wed Apr 23 09:06:43 UTC 2014 + Serial Number (hex): 00d7ac3a647b50c0ab12bf794477c18c2d + Revoked at: Wed Apr 23 09:10:38 UTC 2014 + Serial Number (hex): 03ceae1bf60f008555edfd8a5d296711 + Revoked at: Wed Apr 23 10:56:22 UTC 2014 + Serial Number (hex): 3966d3022d7f89fbfb90fb749523bbb1 + Revoked at: Wed Apr 23 10:58:34 UTC 2014 + Serial Number (hex): 15aca315845e6c387979818eb6e94f76 + Revoked at: Wed Apr 23 10:59:39 UTC 2014 + Serial Number (hex): 00e53546be12614c1a3dd1135eac234194 + Revoked at: Wed Apr 23 11:00:43 UTC 2014 + Serial Number (hex): 00b4492ef9d4e1f9a8871f72a7dcd110df + Revoked at: Wed Apr 23 11:01:41 UTC 2014 + Serial Number (hex): 5deef878fe447244b6f45f174432cdfe + Revoked at: Wed Apr 23 11:02:39 UTC 2014 + Serial Number (hex): 00986ee3415d49ada34322f6cf9592e9ca + Revoked at: Wed Apr 23 11:03:44 UTC 2014 + Serial Number (hex): 2641814b5379a15c9fe8166970e368f7 + Revoked at: Wed Apr 23 11:04:33 UTC 2014 + Serial Number (hex): 00ab2f4e600a89ea81f8790acd8d9e75ed + Revoked at: Wed Apr 23 11:05:54 UTC 2014 + Serial Number (hex): 00ab17a01c865d0e9432886178cb0b4523 + Revoked at: Wed Apr 23 11:06:45 UTC 2014 + Serial Number (hex): 009439292f3f1656ad7635706357ae8f0d + Revoked at: Wed Apr 23 11:07:39 UTC 2014 + Serial Number (hex): 5fc0606a22cda54a68ad342c9130bca6 + Revoked at: Wed Apr 23 11:08:37 UTC 2014 + Serial Number (hex): 0082fc496a575fe76a5d5164851665c710 + Revoked at: Wed Apr 23 11:10:03 UTC 2014 + Serial Number (hex): 067a40f548e50baefcba89f13abf2923 + Revoked at: Wed Apr 23 11:10:53 UTC 2014 + Serial Number (hex): 00b42bf4f9501e14218a715bc0a390113d + Revoked at: Wed Apr 23 11:11:47 UTC 2014 + Serial Number (hex): 2930bb2dd7ce3b9892eb37cf91c8d3ba + Revoked at: Wed Apr 23 11:13:10 UTC 2014 + Serial Number (hex): 00aab824b54a444beeeaf47afbf8d30c8b + Revoked at: Wed Apr 23 11:14:06 UTC 2014 + Serial Number (hex): 24b60f933c2732d32055fc74ad62d8e8 + Revoked at: Wed Apr 23 11:14:53 UTC 2014 + Serial Number (hex): 75de2a03f79c98831aaac9213d44cac1 + Revoked at: Wed Apr 23 11:25:34 UTC 2014 + Serial Number (hex): 0734c6adb2415d187e600ee62d18a913 + Revoked at: Wed Apr 23 11:26:42 UTC 2014 + Serial Number (hex): 00cf868bce1849302128466866c5dacfc7 + Revoked at: Wed Apr 23 11:48:05 UTC 2014 + Serial Number (hex): 2d9e8a69aaea060c227044f231654510 + Revoked at: Wed Apr 23 12:05:07 UTC 2014 + Serial Number (hex): 47ac98ad2dbf014f23a2a55e992a0469 + Revoked at: Wed Apr 23 12:29:42 UTC 2014 + Serial Number (hex): 3ca6da31255e02bdaf9655b3b9fe7869 + Revoked at: Wed Apr 23 12:29:49 UTC 2014 + Serial Number (hex): 00b8fbfbacfb3ad9836ee71ceac77e47f3 + Revoked at: Wed Apr 23 12:54:44 UTC 2014 + Serial Number (hex): 55e0abd161fc33c1b74673149faf84bf + Revoked at: Wed Apr 23 13:19:13 UTC 2014 + Serial Number (hex): 00e52a8fa9d2a54b4e45fb76ed1ae9df84 + Revoked at: Wed Apr 23 13:23:03 UTC 2014 + Serial Number (hex): 0abdcbf4649f71a064addab4e7c50494 + Revoked at: Wed Apr 23 13:35:11 UTC 2014 + Serial Number (hex): 00f4a4b69cbaef420cc5c5a8f5e34c5f44 + Revoked at: Wed Apr 23 13:54:25 UTC 2014 + Serial Number (hex): 1b8fed56ce41c994a31e68c69cda28fb + Revoked at: Wed Apr 23 13:55:32 UTC 2014 + Serial Number (hex): 008d6ca0fd4b89ff229cdede9d0bb01e06 + Revoked at: Wed Apr 23 14:47:14 UTC 2014 + Serial Number (hex): 0090bb39ed313fa724f2d8a6e5744767c9 + Revoked at: Wed Apr 23 14:52:54 UTC 2014 + Serial Number (hex): 648509fef1003110a7dfa9f846cb89d5 + Revoked at: Wed Apr 23 14:59:04 UTC 2014 + Serial Number (hex): 00b5e7e909194f1964fb48ee5afa3abefc + Revoked at: Wed Apr 23 15:03:42 UTC 2014 + Serial Number (hex): 2d8d4e77eed190a684761f1e99017e55 + Revoked at: Wed Apr 23 15:07:58 UTC 2014 + Serial Number (hex): 037c2158aa0077a9edba6b9d461480fe + Revoked at: Wed Apr 23 15:08:37 UTC 2014 + Serial Number (hex): 00e78c49c1e5ce5d7dc5a96a701e99de74 + Revoked at: Wed Apr 23 15:10:23 UTC 2014 + Serial Number (hex): 00b10f7913643de40a94ac90845774df80 + Revoked at: Wed Apr 23 15:13:04 UTC 2014 + Serial Number (hex): 009c4bb5ce1a22966cc9bcd430c77e6d35 + Revoked at: Wed Apr 23 15:15:50 UTC 2014 + Serial Number (hex): 008f4d124d159ac2df26a6745a8e848914 + Revoked at: Wed Apr 23 15:31:48 UTC 2014 + Serial Number (hex): 3c999b2d85e193d82a9a97d7b8ee8b85 + Revoked at: Wed Apr 23 16:54:17 UTC 2014 + Serial Number (hex): 00fb3ef0a695f25bbd9f964c4288757f9d + Revoked at: Wed Apr 23 16:55:19 UTC 2014 + Serial Number (hex): 0083a44c01e1042980a33b77e126450470 + Revoked at: Wed Apr 23 16:56:23 UTC 2014 + Serial Number (hex): 0098ba15b7674d329ce020fc20dba6600c + Revoked at: Wed Apr 23 16:57:23 UTC 2014 + Serial Number (hex): 5768c076119facc08cc20218b2b96515 + Revoked at: Wed Apr 23 16:58:17 UTC 2014 + Serial Number (hex): 0773987381439af044f2f521b6a46878 + Revoked at: Wed Apr 23 16:59:16 UTC 2014 + Serial Number (hex): 00e9093591d1272a45fd62f1b398b93679 + Revoked at: Wed Apr 23 17:00:14 UTC 2014 + Serial Number (hex): 00c5f64dd11ce8ac0e7394b0c170b2fa8d + Revoked at: Wed Apr 23 17:01:00 UTC 2014 + Serial Number (hex): 5964150e93e9adce18f140872d06c557 + Revoked at: Wed Apr 23 17:02:12 UTC 2014 + Serial Number (hex): 009356eb7397afc7c5b8b22bffa3e48c73 + Revoked at: Wed Apr 23 17:03:23 UTC 2014 + Serial Number (hex): 2124abfcf3f11f000ec18e944bf37659 + Revoked at: Wed Apr 23 17:04:21 UTC 2014 + Serial Number (hex): 0469ff8fe638ac4a85f46f1826996109 + Revoked at: Wed Apr 23 17:05:17 UTC 2014 + Serial Number (hex): 7179dac9ae9cdc2715940b7e17438beb + Revoked at: Wed Apr 23 17:06:07 UTC 2014 + Serial Number (hex): 722303449d02a07e2b6a3f706f510fd5 + Revoked at: Wed Apr 23 17:06:59 UTC 2014 + Serial Number (hex): 797cdf1f1f88bed711beb06efd77e868 + Revoked at: Wed Apr 23 17:07:53 UTC 2014 + Serial Number (hex): 7fc7975f7f3bc6b1bcec034b7f968981 + Revoked at: Wed Apr 23 17:09:01 UTC 2014 + Serial Number (hex): 00a59a2cd6479a7a8fac4f339796d3d7f3 + Revoked at: Wed Apr 23 19:10:23 UTC 2014 + Serial Number (hex): 0d05324d6b5a5d95033e96aca9270849 + Revoked at: Wed Apr 23 19:12:45 UTC 2014 + Serial Number (hex): 425895f283253c15a6fd6e56e0af86e6 + Revoked at: Wed Apr 23 19:14:06 UTC 2014 + Serial Number (hex): 447dfdb6bbbb6f8c671f61eef134a072 + Revoked at: Wed Apr 23 19:14:11 UTC 2014 + Serial Number (hex): 7d159a7b9a32391a79b0393812b05498 + Revoked at: Wed Apr 23 19:48:20 UTC 2014 + Serial Number (hex): 00e4927554ed74a25ff1f3f3f502fa7588 + Revoked at: Wed Apr 23 19:48:39 UTC 2014 + Serial Number (hex): 00b4ed119d3604b040a697e04b78f1337f + Revoked at: Wed Apr 23 20:09:48 UTC 2014 + Serial Number (hex): 00a6df29f5d3d6cc0f3016dd659286694a + Revoked at: Wed Apr 23 20:09:56 UTC 2014 + Serial Number (hex): 00ec2477de6e3da1eee8126b8ef59120e8 + Revoked at: Wed Apr 23 20:10:03 UTC 2014 + Serial Number (hex): 2dc325c1be7b9fb9d94447859f2fedb1 + Revoked at: Wed Apr 23 20:10:11 UTC 2014 + Serial Number (hex): 6e430ff42b2b96dfcbbca172a2dbedd9 + Revoked at: Wed Apr 23 20:30:44 UTC 2014 + Serial Number (hex): 008776093f189c1037b5022c586e7e2268 + Revoked at: Wed Apr 23 20:42:03 UTC 2014 + Serial Number (hex): 3f1fd413ccc1a2671c547e6eaac58c9b + Revoked at: Thu Apr 24 05:23:59 UTC 2014 + Serial Number (hex): 169e28e9ea71c5b8577760df1b2cf061 + Revoked at: Thu Apr 24 05:25:28 UTC 2014 + Serial Number (hex): 00f80af2d15fe8eba804e7ea96696395be + Revoked at: Thu Apr 24 06:19:10 UTC 2014 + Serial Number (hex): 193bf9278772a3da782db51fb246ee9b + Revoked at: Thu Apr 24 06:19:41 UTC 2014 + Serial Number (hex): 0090b25bb5650d8102ee61cd7aac864ebf + Revoked at: Thu Apr 24 06:20:06 UTC 2014 + Serial Number (hex): 00c12616c42cfac09fcb064d8d1a7af416 + Revoked at: Thu Apr 24 08:36:02 UTC 2014 + Serial Number (hex): 58b09368a54bb2285785e482d637552d + Revoked at: Thu Apr 24 08:37:02 UTC 2014 + Serial Number (hex): 011315edc057c3458cafead8cccb4daf + Revoked at: Thu Apr 24 08:37:22 UTC 2014 + Serial Number (hex): 00e6172e8e0b5292586da87cf312f97034 + Revoked at: Thu Apr 24 08:59:17 UTC 2014 + Serial Number (hex): 00c45898ebae3a14693f65648ae51cc1bc + Revoked at: Thu Apr 24 09:10:36 UTC 2014 + Serial Number (hex): 008b3485dd0f94aae2cdc6625c2e8f8d63 + Revoked at: Thu Apr 24 09:37:54 UTC 2014 + Serial Number (hex): 00bd78783bca4c37449b10e5df5c751835 + Revoked at: Thu Apr 24 11:25:06 UTC 2014 + Serial Number (hex): 00cf65c1c20bc77a60b08652163aa5a672 + Revoked at: Thu Apr 24 11:26:40 UTC 2014 + Serial Number (hex): 3ec62ff8e3ec19f904bf63a63b0072b0 + Revoked at: Thu Apr 24 11:52:53 UTC 2014 + Serial Number (hex): 27b93eefc84da647e66b7cb201f7f1f1 + Revoked at: Thu Apr 24 11:53:41 UTC 2014 + Serial Number (hex): 51bf30350ea3a6d8e873ed05136c2035 + Revoked at: Thu Apr 24 12:12:14 UTC 2014 + Serial Number (hex): 0095f84ece9c57e0be3e27df785ed743bc + Revoked at: Thu Apr 24 12:13:59 UTC 2014 + Serial Number (hex): 0d68d590502a4f8a6bfd58be70724c42 + Revoked at: Thu Apr 24 12:21:07 UTC 2014 + Serial Number (hex): 7bce2b51b5c241312c6c5f65afbb3e24 + Revoked at: Thu Apr 24 12:44:55 UTC 2014 + Serial Number (hex): 0d4a418925c14d46ef5ddb011c66d911 + Revoked at: Thu Apr 24 13:01:21 UTC 2014 + Serial Number (hex): 4e616ac93e9cbb506c5edff1cb9676b6 + Revoked at: Thu Apr 24 13:08:17 UTC 2014 + Serial Number (hex): 00d272fe7ce85cee4c903b38838a1b2fb6 + Revoked at: Thu Apr 24 13:15:20 UTC 2014 + Serial Number (hex): 7b3e1f15579834e7dd3545f9a9ace7eb + Revoked at: Thu Apr 24 13:15:35 UTC 2014 + Serial Number (hex): 00f31335709aa327991990b420e47b73e4 + Revoked at: Thu Apr 24 13:41:28 UTC 2014 + Serial Number (hex): 00bac7b34d9321e511a35fc4ff4717b554 + Revoked at: Thu Apr 24 14:11:14 UTC 2014 + Serial Number (hex): 00b36cb36cc1a52e678e09540c32948b27 + Revoked at: Thu Apr 24 14:38:13 UTC 2014 + Serial Number (hex): 2bd28ab4839d1220ecdb910a705faa95 + Revoked at: Thu Apr 24 15:08:36 UTC 2014 + Serial Number (hex): 4e708dba43f68a6151be8d118f65d70b + Revoked at: Thu Apr 24 16:19:39 UTC 2014 + Serial Number (hex): 0090edba4fb84577dc83eefe3d59d4fa89 + Revoked at: Thu Apr 24 16:19:41 UTC 2014 + Serial Number (hex): 7bbce160f1204083cb936310fa19ab4b + Revoked at: Thu Apr 24 16:35:46 UTC 2014 + Serial Number (hex): 0a120bc67abdd93e579ed6945504355f + Revoked at: Thu Apr 24 16:41:59 UTC 2014 + Serial Number (hex): 3b9c7053b9aea3f8da28dc5f65c4b3bd + Revoked at: Thu Apr 24 16:56:40 UTC 2014 + Serial Number (hex): 7802fd7ca7350069110855e163ef2385 + Revoked at: Thu Apr 24 16:57:07 UTC 2014 + Serial Number (hex): 00b3c2d8ce08907709c6fdf5df82220ffc + Revoked at: Thu Apr 24 16:57:24 UTC 2014 + Serial Number (hex): 00910a74b6a8331f2cec5fa2f4c8f24ae4 + Revoked at: Thu Apr 24 16:57:54 UTC 2014 + Serial Number (hex): 0816e9548ac8beb39a8584788594c08d + Revoked at: Thu Apr 24 16:58:27 UTC 2014 + Serial Number (hex): 00ecd8d404a4cd83bbea1d82d422754dee + Revoked at: Thu Apr 24 18:34:33 UTC 2014 + Serial Number (hex): 29a57cceda7882f7262c60e08b41e051 + Revoked at: Thu Apr 24 18:43:27 UTC 2014 + Serial Number (hex): 00c5f36d65daa494b82a166d3566211032 + Revoked at: Thu Apr 24 18:45:02 UTC 2014 + Serial Number (hex): 00ce3a36cf5965f2d485952998940257b3 + Revoked at: Thu Apr 24 18:45:34 UTC 2014 + Serial Number (hex): 00bb20784321b3ff504310cd72446c2c78 + Revoked at: Thu Apr 24 18:46:19 UTC 2014 + Serial Number (hex): 6704cfdc6fcb646ab1f59e6b0baebd1a + Revoked at: Thu Apr 24 18:50:38 UTC 2014 + Serial Number (hex): 008f713bc004e25aebe11e203286d0f953 + Revoked at: Thu Apr 24 19:08:31 UTC 2014 + Serial Number (hex): 64e2c6caa27139d19860526cfda92240 + Revoked at: Thu Apr 24 19:08:38 UTC 2014 + Serial Number (hex): 0146989ac9c2a0c81dfd96c1bd25730f + Revoked at: Thu Apr 24 19:49:53 UTC 2014 + Serial Number (hex): 30623d47e270d6e8bb61eceb9b74b1c0 + Revoked at: Thu Apr 24 19:55:33 UTC 2014 + Serial Number (hex): 00e06e43d3c4180126beefeb41e1106cd6 + Revoked at: Thu Apr 24 21:09:01 UTC 2014 + Serial Number (hex): 00daece24512e42885d4a6a0f3a95df385 + Revoked at: Thu Apr 24 21:33:25 UTC 2014 + Serial Number (hex): 00d5aa04e8f7367c4cb7de0b886b6f9737 + Revoked at: Thu Apr 24 22:32:37 UTC 2014 + Serial Number (hex): 00ea8b646879980b55ca278068b68141ed + Revoked at: Thu Apr 24 22:33:15 UTC 2014 + Serial Number (hex): 08f9d3794dbf665c8528c2df1ba2469e + Revoked at: Fri Apr 25 03:51:40 UTC 2014 + Serial Number (hex): 67e0569c3a39a8b7f4ea497069bd5f7a + Revoked at: Fri Apr 25 03:59:19 UTC 2014 + Serial Number (hex): 00c3c4b0a56932499cbc53e4cfb8aa34df + Revoked at: Fri Apr 25 03:59:24 UTC 2014 + Serial Number (hex): 00ba670a32543f5cb68d862e864f654bde + Revoked at: Fri Apr 25 10:12:36 UTC 2014 + Serial Number (hex): 269714ac96c297e0c76f0fdf8d585174 + Revoked at: Fri Apr 25 10:16:57 UTC 2014 + Serial Number (hex): 42e1112552c6bd5a567069351303c842 + Revoked at: Fri Apr 25 11:17:22 UTC 2014 + Serial Number (hex): 1140da41b96c51a064467a8b2cabfc75 + Revoked at: Fri Apr 25 12:35:20 UTC 2014 + Serial Number (hex): 00d61f77909cf1a360b969e5b9b1eab8b7 + Revoked at: Fri Apr 25 12:49:15 UTC 2014 + Serial Number (hex): 58c26ec93af23044a1b341f6d9e542a0 + Revoked at: Fri Apr 25 12:53:09 UTC 2014 + Serial Number (hex): 2b3a00c71d5efbf4d2cf41b9670027f1 + Revoked at: Fri Apr 25 12:53:14 UTC 2014 + Serial Number (hex): 7b55a40b0aa67a65a67ce0619d653f32 + Revoked at: Fri Apr 25 12:53:53 UTC 2014 + Serial Number (hex): 5a6db3e1adc0c7d9225648dcc18eaf35 + Revoked at: Fri Apr 25 12:54:15 UTC 2014 + Serial Number (hex): 008357e335d782b837a47bc39223f273d6 + Revoked at: Fri Apr 25 12:54:20 UTC 2014 + Serial Number (hex): 3d91a73b4c9a231ae742ec790f1d3b36 + Revoked at: Fri Apr 25 12:55:03 UTC 2014 + Serial Number (hex): 1b403c1630ad1c2f163e01270a4853c1 + Revoked at: Fri Apr 25 12:55:31 UTC 2014 + Serial Number (hex): 00c417ca8541b9c638cf49823fd3e5bbc9 + Revoked at: Fri Apr 25 12:55:36 UTC 2014 + Serial Number (hex): 62e6f45dc7719b12adabe5bcfc768840 + Revoked at: Fri Apr 25 12:56:37 UTC 2014 + Serial Number (hex): 13a7413d4b29b3ce625f0e328d349e16 + Revoked at: Fri Apr 25 12:57:15 UTC 2014 + Serial Number (hex): 00b41cc310e827b803caf94a0c61136692 + Revoked at: Fri Apr 25 12:57:41 UTC 2014 + Serial Number (hex): 008f444b8f0d26644aa01b94f8da946a0b + Revoked at: Fri Apr 25 12:57:49 UTC 2014 + Serial Number (hex): 009a997a472070cfa6a5937566a1f54148 + Revoked at: Fri Apr 25 12:57:51 UTC 2014 + Serial Number (hex): 3b6782d092410c493ee6a5c53c93dab1 + Revoked at: Fri Apr 25 13:00:28 UTC 2014 + Serial Number (hex): 2542b7bb55a30434fc7fe8f30f477d6a + Revoked at: Fri Apr 25 13:00:37 UTC 2014 + Serial Number (hex): 00853af84f6ba9f2799cf3ed32fc9fc05d + Revoked at: Fri Apr 25 13:00:51 UTC 2014 + Serial Number (hex): 00e74843d9b067c91561ed8da437908ce8 + Revoked at: Fri Apr 25 13:00:55 UTC 2014 + Serial Number (hex): 00fd9cb099e7049e34ccd4cce82c1f330c + Revoked at: Fri Apr 25 13:01:20 UTC 2014 + Serial Number (hex): 00b7f55479348f23c621d12ea30ea76ed0 + Revoked at: Fri Apr 25 13:01:25 UTC 2014 + Serial Number (hex): 00d17ec9d0a68e9fc251259f0ac0d6a74f + Revoked at: Fri Apr 25 13:01:52 UTC 2014 + Serial Number (hex): 599b5639e5aee3dbdd7576c302f23198 + Revoked at: Fri Apr 25 13:02:22 UTC 2014 + Serial Number (hex): 00873b53b380fb70e674ef8d238e322a50 + Revoked at: Fri Apr 25 13:02:58 UTC 2014 + Serial Number (hex): 00f83cc32c495194f9ee761d8e3b96bef7 + Revoked at: Fri Apr 25 13:03:27 UTC 2014 + Serial Number (hex): 008ac4e116c1969f88a0cc39f7a6505279 + Revoked at: Fri Apr 25 13:03:54 UTC 2014 + Serial Number (hex): 0702ce771aaa940eedab4e746415b911 + Revoked at: Fri Apr 25 13:07:59 UTC 2014 + Serial Number (hex): 400d82b7961dd75c350d19bec4fb0532 + Revoked at: Fri Apr 25 13:09:06 UTC 2014 + Serial Number (hex): 76fdb782ae054635119ef9a35d6d0f8f + Revoked at: Fri Apr 25 13:09:47 UTC 2014 + Serial Number (hex): 0094bf597ead58cb1d42d053c8c74b6894 + Revoked at: Fri Apr 25 13:11:10 UTC 2014 + Serial Number (hex): 00e5d7240237a0fa5fea4b72d9501af98d + Revoked at: Fri Apr 25 13:11:59 UTC 2014 + Serial Number (hex): 0c215be23c19e524227823549a1e0f5b + Revoked at: Fri Apr 25 13:13:02 UTC 2014 + Serial Number (hex): 1df2ff20b085c295f892660ff9857f92 + Revoked at: Fri Apr 25 13:13:58 UTC 2014 + Serial Number (hex): 2fc36e5afc4d4c26927437423328bbde + Revoked at: Fri Apr 25 13:15:06 UTC 2014 + Serial Number (hex): 00e2e461d317415ad392350788a6dc14a2 + Revoked at: Fri Apr 25 13:15:39 UTC 2014 + Serial Number (hex): 00e0b9888fa22c9bd8f4b409068fb9f15a + Revoked at: Fri Apr 25 13:18:03 UTC 2014 + Serial Number (hex): 4ec5e6e1d353a010028809f45fffe7c6 + Revoked at: Fri Apr 25 13:18:30 UTC 2014 + Serial Number (hex): 00bd69d7a062f98561d505392dc942b55a + Revoked at: Fri Apr 25 13:19:05 UTC 2014 + Serial Number (hex): 574629fe931c01632bb4c21e85c83907 + Revoked at: Fri Apr 25 13:19:52 UTC 2014 + Serial Number (hex): 27e518b8ba645edd91cf5bc9407be8e5 + Revoked at: Fri Apr 25 13:20:11 UTC 2014 + Serial Number (hex): 6d7031b3e6eb5bc7048c560fd2516ac6 + Revoked at: Fri Apr 25 13:20:29 UTC 2014 + Serial Number (hex): 062a0ae7c47a83f7c03232f10fafbee6 + Revoked at: Fri Apr 25 13:20:57 UTC 2014 + Serial Number (hex): 00a9eb9d84670c864ffd1fcad1cbffe641 + Revoked at: Fri Apr 25 13:21:18 UTC 2014 + Serial Number (hex): 00f0561e69fe9c8fb259078af8df7dbc2a + Revoked at: Fri Apr 25 13:21:23 UTC 2014 + Serial Number (hex): 46ef864ce3e73ae46bb067a85f6b2e18 + Revoked at: Fri Apr 25 13:22:05 UTC 2014 + Serial Number (hex): 643822a7615d4f5e17d4160676e43296 + Revoked at: Fri Apr 25 13:22:49 UTC 2014 + Serial Number (hex): 55d78c2da9248e051d9d07d26ceffa53 + Revoked at: Fri Apr 25 13:23:08 UTC 2014 + Serial Number (hex): 0b7f58af0f339b2269b9f06f2e6f87af + Revoked at: Fri Apr 25 13:23:36 UTC 2014 + Serial Number (hex): 00f38892ea12af843fee2ca9b2756b0e40 + Revoked at: Fri Apr 25 13:23:37 UTC 2014 + Serial Number (hex): 620bae2117c352742359d14924c1ebe4 + Revoked at: Fri Apr 25 13:24:10 UTC 2014 + Serial Number (hex): 00e991799813d3aee27db7d39030c1ae5f + Revoked at: Fri Apr 25 13:24:30 UTC 2014 + Serial Number (hex): 2f73c9e63f7cdc8886297c485a6fdb45 + Revoked at: Fri Apr 25 13:25:39 UTC 2014 + Serial Number (hex): 00faaca775682f1085763697587362edb5 + Revoked at: Fri Apr 25 13:25:42 UTC 2014 + Serial Number (hex): 5428eda2e78855756bcff35c2f8c8234 + Revoked at: Fri Apr 25 13:25:47 UTC 2014 + Serial Number (hex): 75cb06b8ed56a46f5cff00b4c29a1c7c + Revoked at: Fri Apr 25 13:26:20 UTC 2014 + Serial Number (hex): 00d2843c5ea32f835df4298d006e982e42 + Revoked at: Fri Apr 25 13:27:02 UTC 2014 + Serial Number (hex): 00cf948a444b176cb91c53c7e314bb15a3 + Revoked at: Fri Apr 25 13:27:43 UTC 2014 + Serial Number (hex): 695c2ea1491df0c406933e6107881b63 + Revoked at: Fri Apr 25 13:28:30 UTC 2014 + Serial Number (hex): 6ad6335ddd2d78475a338ea56440251a + Revoked at: Fri Apr 25 13:29:31 UTC 2014 + Serial Number (hex): 2368dc955255789e1e0ae70522294ce4 + Revoked at: Fri Apr 25 13:30:17 UTC 2014 + Serial Number (hex): 417c8b5db6d2e74b44a0fbdc2721057b + Revoked at: Fri Apr 25 13:30:45 UTC 2014 + Serial Number (hex): 1543ed34510d4d00ea936fd15f5d5ae0 + Revoked at: Fri Apr 25 13:30:47 UTC 2014 + Serial Number (hex): 00a09b5af96502c7798e78a7872113be97 + Revoked at: Fri Apr 25 13:31:23 UTC 2014 + Serial Number (hex): 00c9094f17abf15b8be08a4e2a58966c62 + Revoked at: Fri Apr 25 13:32:00 UTC 2014 + Serial Number (hex): 6ca18bae1d5cc8d786568ee1395675c0 + Revoked at: Fri Apr 25 13:33:41 UTC 2014 + Serial Number (hex): 7717f55953be29365a03a59c9a1d4a7e + Revoked at: Fri Apr 25 13:34:48 UTC 2014 + Serial Number (hex): 009f63fd7ae330674bbfc3ef89cb085c91 + Revoked at: Fri Apr 25 13:36:25 UTC 2014 + Serial Number (hex): 14c4a21f33709a07090e00666e4f8276 + Revoked at: Fri Apr 25 13:37:12 UTC 2014 + Serial Number (hex): 2a1c9bb43e5cc5fc6782300a1ad9350e + Revoked at: Fri Apr 25 13:38:23 UTC 2014 + Serial Number (hex): 30c3ef10359cb9dab2ae698f7a81f868 + Revoked at: Fri Apr 25 13:38:33 UTC 2014 + Serial Number (hex): 00f547414dfd9a5add23ababc611a2d6e8 + Revoked at: Fri Apr 25 13:39:18 UTC 2014 + Serial Number (hex): 101f31452165391ecbd4d96f996489f0 + Revoked at: Fri Apr 25 13:45:05 UTC 2014 + Serial Number (hex): 2d097f2aba8499e7b6b7e20ff37786a3 + Revoked at: Fri Apr 25 13:50:51 UTC 2014 + Serial Number (hex): 0091b0e9e12a41632568131e59fdf70454 + Revoked at: Fri Apr 25 13:53:52 UTC 2014 + Serial Number (hex): 0098d6c6328f8dc872d05956c7340b55ea + Revoked at: Fri Apr 25 15:20:46 UTC 2014 + Serial Number (hex): 0d10fa49118f58e89358cbfbc27ac019 + Revoked at: Fri Apr 25 15:25:27 UTC 2014 + Serial Number (hex): 1cda62be98deb0b855d913b923be0fa9 + Revoked at: Fri Apr 25 15:31:49 UTC 2014 + Serial Number (hex): 2179205291c9e6ac9749493dffd32254 + Revoked at: Fri Apr 25 16:11:11 UTC 2014 + Serial Number (hex): 00f7c19f18e4522647c562e6c8c0afc901 + Revoked at: Fri Apr 25 16:13:02 UTC 2014 + Serial Number (hex): 073b6f5c2c5faff78cdf4d5b7186db11 + Revoked at: Fri Apr 25 16:13:02 UTC 2014 + Serial Number (hex): 00b28c3eb499917c8e090669c498ca385f + Revoked at: Fri Apr 25 16:14:50 UTC 2014 + Serial Number (hex): 49f8bbd2227acfe5c445cc4d7d54d7b9 + Revoked at: Fri Apr 25 16:49:22 UTC 2014 + Serial Number (hex): 69f51b4a4fbc091e3d05bd80493230a5 + Revoked at: Fri Apr 25 16:54:05 UTC 2014 + Serial Number (hex): 2ed580adec2e220e7b4aa20a02462193 + Revoked at: Fri Apr 25 16:59:56 UTC 2014 + Serial Number (hex): 00e34c4a155e85b14b0fb9334a9efe434f + Revoked at: Fri Apr 25 17:26:58 UTC 2014 + Serial Number (hex): 00ef55626f668200fbe9cf3af241aac820 + Revoked at: Fri Apr 25 17:30:20 UTC 2014 + Serial Number (hex): 5932e604cdb11a20934636d220a7d9bd + Revoked at: Fri Apr 25 17:32:21 UTC 2014 + Serial Number (hex): 0083e29ed72d81dc0b22d7955c8a8068b9 + Revoked at: Fri Apr 25 17:35:08 UTC 2014 + Serial Number (hex): 1399316c8425c8ccf47c5e367249e349 + Revoked at: Fri Apr 25 17:39:43 UTC 2014 + Serial Number (hex): 33d079f16e71486c74a5717aae4f66c8 + Revoked at: Fri Apr 25 17:41:24 UTC 2014 + Serial Number (hex): 00b6a92cf17482c43055cc30a80ddae478 + Revoked at: Fri Apr 25 17:42:41 UTC 2014 + Serial Number (hex): 4c544646bf0c6b84886c754052503754 + Revoked at: Fri Apr 25 17:44:25 UTC 2014 + Serial Number (hex): 0095ddc13e9d6eb41787cef9b5992d32d5 + Revoked at: Fri Apr 25 17:55:17 UTC 2014 + Serial Number (hex): 00bfbf143f30360e028d17006ecad3b71e + Revoked at: Fri Apr 25 17:58:45 UTC 2014 + Serial Number (hex): 35ce1a9b60294c31cefc7ba407d55618 + Revoked at: Fri Apr 25 18:01:11 UTC 2014 + Serial Number (hex): 0099829f763340d77804b2a304833cbf0d + Revoked at: Fri Apr 25 18:02:54 UTC 2014 + Serial Number (hex): 00d54a16f9e974671359fa89600e96703e + Revoked at: Fri Apr 25 18:13:00 UTC 2014 + Serial Number (hex): 00e8b81bb6b1c4e1bc972a82deffc0aff8 + Revoked at: Fri Apr 25 18:15:37 UTC 2014 + Serial Number (hex): 63550eec09e61189dd9d1ab42b8f1a97 + Revoked at: Fri Apr 25 18:21:09 UTC 2014 + Serial Number (hex): 00a6e62ffdb2a475fc6f985b637795146e + Revoked at: Fri Apr 25 18:22:02 UTC 2014 + Serial Number (hex): 00e865c0c466bae4444befc4da2919a426 + Revoked at: Fri Apr 25 18:35:38 UTC 2014 + Serial Number (hex): 7f438c92fa39d8dd08dfcf3e42cd08fe + Revoked at: Fri Apr 25 18:35:59 UTC 2014 + Serial Number (hex): 00c40da7315649052bd87637f34125845a + Revoked at: Fri Apr 25 18:36:34 UTC 2014 + Serial Number (hex): 00e683558fcb5be48d79907b9b1c1c6a72 + Revoked at: Fri Apr 25 18:41:54 UTC 2014 + Serial Number (hex): 4f55ae5df17dc9588159cbe97c0f711f + Revoked at: Fri Apr 25 19:21:59 UTC 2014 + Serial Number (hex): 00f616d99e5909926e9e2ca005e52e32b0 + Revoked at: Fri Apr 25 19:29:52 UTC 2014 + Serial Number (hex): 0094c84313e1c5d78bc86f7270459ddfbc + Revoked at: Fri Apr 25 19:34:51 UTC 2014 + Serial Number (hex): 00e0f0cab96579e1cbea84d0d8d4a04196 + Revoked at: Fri Apr 25 19:38:42 UTC 2014 + Serial Number (hex): 00c796ea4f2a241d4a4d1d14c578f1b5c9 + Revoked at: Fri Apr 25 19:43:59 UTC 2014 + Serial Number (hex): 4fde92fb75c40bf3840bcad6f1048f18 + Revoked at: Fri Apr 25 19:47:42 UTC 2014 + Serial Number (hex): 4b8be07a3a6aa0565b09b47a79a57f29 + Revoked at: Fri Apr 25 19:49:14 UTC 2014 + Serial Number (hex): 00996400e7e59089eb4b52be319a88ed56 + Revoked at: Fri Apr 25 19:49:30 UTC 2014 + Serial Number (hex): 4e019342ad1492edc913a22054f41775 + Revoked at: Fri Apr 25 19:55:33 UTC 2014 + Serial Number (hex): 00f5227a0c2f0deee83298a83ac48eaba1 + Revoked at: Fri Apr 25 20:01:15 UTC 2014 + Serial Number (hex): 0ec331e8a9d47397bb0d3df6787e818a + Revoked at: Fri Apr 25 20:03:34 UTC 2014 + Serial Number (hex): 00ea5c56693d12bf5946144c0cce49c2f8 + Revoked at: Fri Apr 25 20:04:20 UTC 2014 + Serial Number (hex): 00a307d0fb59fcaccf290c54bb7304081f + Revoked at: Fri Apr 25 20:07:02 UTC 2014 + Serial Number (hex): 009d136dece05875350d24a55394bf68e5 + Revoked at: Fri Apr 25 20:13:53 UTC 2014 + Serial Number (hex): 562df81bd89efda71e7bf5e5036db726 + Revoked at: Fri Apr 25 20:14:33 UTC 2014 + Serial Number (hex): 78a43a138e707cdb0731d1bd655983d9 + Revoked at: Fri Apr 25 20:15:06 UTC 2014 + Serial Number (hex): 00d6625a85b5e82b3f232ceef45a7603b6 + Revoked at: Fri Apr 25 20:15:41 UTC 2014 + Serial Number (hex): 00f0f4c114e32fd42c414ae88a17d1f7ee + Revoked at: Fri Apr 25 20:23:20 UTC 2014 + Serial Number (hex): 00d40cba713962359fd1123e01cdb63f2e + Revoked at: Fri Apr 25 20:33:28 UTC 2014 + Serial Number (hex): 00fbab1a93afac88eb2c3ee93e8ae30732 + Revoked at: Fri Apr 25 21:01:18 UTC 2014 + Serial Number (hex): 00c070d5ae06ec4d0172970ec2721f5531 + Revoked at: Sun Apr 27 10:16:37 UTC 2014 + Serial Number (hex): 384bca0c82d8ed1ecca4a0d527252377 + Revoked at: Sun Apr 27 19:48:35 UTC 2014 + Serial Number (hex): 00c1899d339b3f3b9adc05e561706319 + Revoked at: Sun Apr 27 23:24:27 UTC 2014 + Serial Number (hex): 153ab913cfaf409a8bfe2026babc7956 + Revoked at: Sun Apr 27 23:25:15 UTC 2014 + Serial Number (hex): 008aa5e50938dc854291377fb3762acd00 + Revoked at: Mon Apr 28 03:13:42 UTC 2014 + Serial Number (hex): 009d8ec767fd2eccd28c8e2d4d6ed59f0f + Revoked at: Mon Apr 28 05:04:11 UTC 2014 + Serial Number (hex): 00ef8c0397c24baf56bfbca5f9db426d96 + Revoked at: Mon Apr 28 07:31:25 UTC 2014 + Serial Number (hex): 00a7f423ae0ad6270c3d14c7526c8732da + Revoked at: Mon Apr 28 10:04:41 UTC 2014 + Serial Number (hex): 150ec8110aac4bb1e3b36e972ae990dc + Revoked at: Mon Apr 28 12:03:38 UTC 2014 + Serial Number (hex): 4f1bd1677b48e454b924ae7d5dee53cb + Revoked at: Mon Apr 28 12:56:34 UTC 2014 + Serial Number (hex): 6aaec7fc233fc0b31ba509cd72930e5a + Revoked at: Mon Apr 28 13:09:08 UTC 2014 + Serial Number (hex): 59f35612a4f215c7ecacd2585b455c78 + Revoked at: Mon Apr 28 13:22:39 UTC 2014 + Serial Number (hex): 0db9f97980b960be2e5e1f1feb4d0576 + Revoked at: Mon Apr 28 13:35:28 UTC 2014 + Serial Number (hex): 563173e9a5fd1f8212e93dbc70f7f5be + Revoked at: Mon Apr 28 13:42:29 UTC 2014 + Serial Number (hex): 00a8be511023545ca7add6f53738cb9b99 + Revoked at: Mon Apr 28 13:42:38 UTC 2014 + Serial Number (hex): 00bfaaf94526883009bd60904dce2e6d21 + Revoked at: Mon Apr 28 13:42:52 UTC 2014 + Serial Number (hex): 00b1d4857146db84ee7d0dd2c41eca0eaf + Revoked at: Mon Apr 28 13:43:06 UTC 2014 + Serial Number (hex): 00d8401452448279fa1ce2dcbd364e3179 + Revoked at: Mon Apr 28 13:43:31 UTC 2014 + Serial Number (hex): 00ffa67bb3a40decdd43c8d70f9b6eea9e + Revoked at: Mon Apr 28 13:50:23 UTC 2014 + Serial Number (hex): 40658b8360ad6d94e91eb896eb413f26 + Revoked at: Mon Apr 28 13:53:10 UTC 2014 + Serial Number (hex): 2df354b0250b156957ba4b54c4b6fe1d + Revoked at: Mon Apr 28 14:48:10 UTC 2014 + Serial Number (hex): 31e1f30a94ed1cf94e3b7d6af0f5f7af + Revoked at: Mon Apr 28 15:00:23 UTC 2014 + Serial Number (hex): 4a6ac66141655970db9c7550d79dc124 + Revoked at: Mon Apr 28 15:00:29 UTC 2014 + Serial Number (hex): 0080c75902d2996a66479a8a9ee37c633a + Revoked at: Mon Apr 28 15:00:33 UTC 2014 + Serial Number (hex): 00a6b9109c6bca41d90f5eda50e4aa8245 + Revoked at: Mon Apr 28 15:01:13 UTC 2014 + Serial Number (hex): 0213a23d76a00454686e9a1c18a3650f + Revoked at: Mon Apr 28 15:01:19 UTC 2014 + Serial Number (hex): 00e22103653ef5e28a2ea3a6cbe9552026 + Revoked at: Mon Apr 28 15:02:08 UTC 2014 + Serial Number (hex): 00cc1f18cb1a27cd66a1822afca63da261 + Revoked at: Mon Apr 28 15:02:31 UTC 2014 + Serial Number (hex): 00b181eb1f450b1d4b31032ecda916f0d5 + Revoked at: Mon Apr 28 15:02:36 UTC 2014 + Serial Number (hex): 00f4b206c6d057cf8cc261a2e262ad4160 + Revoked at: Mon Apr 28 15:16:19 UTC 2014 + Serial Number (hex): 00d760dbd61582f2b448d2fd4873f442d3 + Revoked at: Mon Apr 28 15:20:37 UTC 2014 + Serial Number (hex): 5d5b44737ca8283d4c11ef7e794b8de7 + Revoked at: Mon Apr 28 15:22:13 UTC 2014 + Serial Number (hex): 49cb923d938dfd5dbe9deca0744e20c7 + Revoked at: Mon Apr 28 15:30:12 UTC 2014 + Serial Number (hex): 00ab3651c179747906e18e62fac0921fc4 + Revoked at: Mon Apr 28 15:31:57 UTC 2014 + Serial Number (hex): 00a6de34bf7cbb22098657b98c1336b7b8 + Revoked at: Mon Apr 28 15:32:10 UTC 2014 + Serial Number (hex): 00ab868ca4928fb08b6fada2924076ebde + Revoked at: Mon Apr 28 16:10:41 UTC 2014 + Serial Number (hex): 720baddca7b6b9e6b81d76c71e8fdb57 + Revoked at: Mon Apr 28 16:33:42 UTC 2014 + Serial Number (hex): 00e8911a0c859d954683e5207f11eddbd7 + Revoked at: Mon Apr 28 16:36:47 UTC 2014 + Serial Number (hex): 72934593cdf7a78190b5504145e2413b + Revoked at: Mon Apr 28 18:45:03 UTC 2014 + Serial Number (hex): 00eddba9a77d2b686bc71f8fabc6582faf + Revoked at: Mon Apr 28 18:45:16 UTC 2014 + Serial Number (hex): 00f6b5d63f48572f27d5c99dd1acb1abe3 + Revoked at: Mon Apr 28 18:45:32 UTC 2014 + Serial Number (hex): 79013a3b046324ff1904c5433bd56880 + Revoked at: Mon Apr 28 18:45:46 UTC 2014 + Serial Number (hex): 00f4ca2503f40f15034f4564728daf5936 + Revoked at: Mon Apr 28 18:48:58 UTC 2014 + Serial Number (hex): 410d41e7c6b17a9d07f2aea80fbb84af + Revoked at: Mon Apr 28 20:17:01 UTC 2014 + Serial Number (hex): 009a3be263b11600373871baf08ea23b14 + Revoked at: Mon Apr 28 21:12:18 UTC 2014 + Serial Number (hex): 018ee178474f7f7dbe90fc5be3b5d53c + Revoked at: Mon Apr 28 21:13:30 UTC 2014 + Serial Number (hex): 509ffd00ab164bc4d57d39ae5c31f7b0 + Revoked at: Mon Apr 28 22:15:51 UTC 2014 + Serial Number (hex): 00ace58b77532a6d1ded6f19c6fdf063ee + Revoked at: Mon Apr 28 22:16:51 UTC 2014 + Serial Number (hex): 4d0f3db09ced425a060f6a9728e63f96 + Revoked at: Mon Apr 28 22:17:37 UTC 2014 + Serial Number (hex): 4bf07124082f85411e14c3a7697451ab + Revoked at: Tue Apr 29 09:40:14 UTC 2014 + Serial Number (hex): 0094554d6118d32570a7a21aeb1ae9b0db + Revoked at: Tue Apr 29 10:18:48 UTC 2014 + Serial Number (hex): 24c6787fa5bb8b3a4f67766230fb2764 + Revoked at: Tue Apr 29 10:20:54 UTC 2014 + Serial Number (hex): 0098c08a486d1eb786024515fa215a2f3b + Revoked at: Tue Apr 29 10:21:27 UTC 2014 + Serial Number (hex): 00cc8ea4f50a49dda5e467e579266fd485 + Revoked at: Tue Apr 29 10:21:32 UTC 2014 + Serial Number (hex): 0086c75ad929103daa7290ff7c13b318c8 + Revoked at: Tue Apr 29 10:35:51 UTC 2014 + Serial Number (hex): 00c81f3b286d46567f76b2af80efb43614 + Revoked at: Tue Apr 29 11:21:46 UTC 2014 + Serial Number (hex): 489792fe292c64a70b8b05392b298ca3 + Revoked at: Tue Apr 29 12:15:44 UTC 2014 + Serial Number (hex): 650eee255242bde61c5aaaf051534757 + Revoked at: Tue Apr 29 12:24:07 UTC 2014 + Serial Number (hex): 3b2666222fbeda77046188e6a171d2b1 + Revoked at: Tue Apr 29 12:24:29 UTC 2014 + Serial Number (hex): 00962d241e0bd3986467a5ef0cfc4e1ecf + Revoked at: Tue Apr 29 12:24:48 UTC 2014 + Serial Number (hex): 29a3b082dc55b2982f00cffa5bb4b472 + Revoked at: Tue Apr 29 12:25:08 UTC 2014 + Serial Number (hex): 1dbdc050406a7d5651b135ee6339ff9b + Revoked at: Tue Apr 29 12:52:22 UTC 2014 + Serial Number (hex): 00cf492e6b61f04275d141b775fc6e2a92 + Revoked at: Tue Apr 29 12:52:34 UTC 2014 + Serial Number (hex): 322632efb7dcfc3a0558eafbd546cac4 + Revoked at: Tue Apr 29 12:52:41 UTC 2014 + Serial Number (hex): 0a816fe80447dc4858c882c3241ba3f5 + Revoked at: Tue Apr 29 12:52:49 UTC 2014 + Serial Number (hex): 34721cce263036470ae56392130e515a + Revoked at: Tue Apr 29 12:54:05 UTC 2014 + Serial Number (hex): 00f70400af109533142b94105f0d08d20e + Revoked at: Tue Apr 29 12:54:12 UTC 2014 + Serial Number (hex): 283d92505ea754a3e450702af62af713 + Revoked at: Tue Apr 29 12:54:17 UTC 2014 + Serial Number (hex): 17f19d780adca33e9e15e3d15baaff5b + Revoked at: Tue Apr 29 12:54:22 UTC 2014 + Serial Number (hex): 41eaef52962f799bd4b2942fb6cdc1c8 + Revoked at: Tue Apr 29 13:14:04 UTC 2014 + Serial Number (hex): 0c16f2d1e06a159eddc2b886edd096b5 + Revoked at: Tue Apr 29 13:19:48 UTC 2014 + Serial Number (hex): 00a95c1c378c28268b3276df868d21de26 + Revoked at: Tue Apr 29 13:19:59 UTC 2014 + Serial Number (hex): 44f65017eeafd851c1437cda7a53eabd + Revoked at: Tue Apr 29 13:33:01 UTC 2014 + Serial Number (hex): 00a5ce4118b6a2cebfdd4520b2d9110d69 + Revoked at: Tue Apr 29 14:08:00 UTC 2014 + Serial Number (hex): 00dd2ee7e80dfe127296da31287fb3f6c8 + Revoked at: Tue Apr 29 14:11:24 UTC 2014 + Serial Number (hex): 008dc1b1812a3eea6ca4386f5f8cf552c9 + Revoked at: Tue Apr 29 14:12:07 UTC 2014 + Serial Number (hex): 29fd3ed150229476632f8209f6f9a908 + Revoked at: Tue Apr 29 14:35:14 UTC 2014 + Serial Number (hex): 014a386619b821f054220038de7c303c + Revoked at: Tue Apr 29 15:56:59 UTC 2014 + Serial Number (hex): 00f2b30018c882dcb046afb89624381ec9 + Revoked at: Tue Apr 29 15:57:31 UTC 2014 + Serial Number (hex): 6c963dec58df9659b6a181fd810895d6 + Revoked at: Tue Apr 29 15:58:09 UTC 2014 + Serial Number (hex): 0083dec2d2b43ac841fd8226b9e58887ba + Revoked at: Tue Apr 29 15:58:14 UTC 2014 + Serial Number (hex): 00d8711ba6b2baadfa7744c6ffa7b5ca82 + Revoked at: Tue Apr 29 15:59:09 UTC 2014 + Serial Number (hex): 7f1cfe69089e03b290407d967c8a0fb5 + Revoked at: Tue Apr 29 15:59:45 UTC 2014 + Serial Number (hex): 7c3490cd9120cdd65d67969103cdfb16 + Revoked at: Tue Apr 29 15:59:50 UTC 2014 + Serial Number (hex): 00adaf5de56192a27b8f497b7132e3c62f + Revoked at: Tue Apr 29 16:00:40 UTC 2014 + Serial Number (hex): 100715af3c1c5c6700b3199a449ab61b + Revoked at: Tue Apr 29 16:00:44 UTC 2014 + Serial Number (hex): 00afe2d28af5bfb065f0acae30d1443e0d + Revoked at: Tue Apr 29 16:02:43 UTC 2014 + Serial Number (hex): 00bd6f25aa17204fd294717ce47a3ce58f + Revoked at: Tue Apr 29 16:03:06 UTC 2014 + Serial Number (hex): 30365170366f5ecc1fa3f07326b489be + Revoked at: Tue Apr 29 16:03:46 UTC 2014 + Serial Number (hex): 5d344ffaefa9c8f9d9ce18db1c91d431 + Revoked at: Tue Apr 29 16:03:51 UTC 2014 + Serial Number (hex): 00fd21324ca75830d06f6a0f2dfbc3840f + Revoked at: Tue Apr 29 16:03:57 UTC 2014 + Serial Number (hex): 5ae73e54d314b08f8edf407db26bc3c7 + Revoked at: Tue Apr 29 16:05:05 UTC 2014 + Serial Number (hex): 00c1c92eae7b3c8da1f447111511df3719 + Revoked at: Tue Apr 29 16:05:14 UTC 2014 + Serial Number (hex): 50074dee675094fb3e1fd98f300a2e6f + Revoked at: Tue Apr 29 16:05:38 UTC 2014 + Serial Number (hex): 00e976863d89dcb0c7f96c8526599dfd8c + Revoked at: Tue Apr 29 16:06:52 UTC 2014 + Serial Number (hex): 11401ba93ce862b54044f7011eab7ecf + Revoked at: Tue Apr 29 16:07:15 UTC 2014 + Serial Number (hex): 00beb8eb532918dc584b1ac75873bb0a61 + Revoked at: Tue Apr 29 16:07:21 UTC 2014 + Serial Number (hex): 00ab52b941488f634581973711916c8c69 + Revoked at: Tue Apr 29 16:07:55 UTC 2014 + Serial Number (hex): 00dca7d4cf33a5400e57938f3371e332da + Revoked at: Tue Apr 29 16:08:00 UTC 2014 + Serial Number (hex): 00d9fea897e87fed4b468f1201050aa57a + Revoked at: Tue Apr 29 16:13:03 UTC 2014 + Serial Number (hex): 00fe6861ef3c4bf363f51ea7c6389cd356 + Revoked at: Tue Apr 29 16:17:05 UTC 2014 + Serial Number (hex): 00ca5c20636ff1cad71d621f111002fddb + Revoked at: Tue Apr 29 16:43:20 UTC 2014 + Serial Number (hex): 00d9ba961136d756a3d19bad340775a667 + Revoked at: Tue Apr 29 17:04:40 UTC 2014 + Serial Number (hex): 10bbb6f94214254f81b3fd3d292e7c05 + Revoked at: Tue Apr 29 17:05:22 UTC 2014 + Serial Number (hex): 00d5751d5d50ac047219be9922b430199a + Revoked at: Tue Apr 29 17:05:49 UTC 2014 + Serial Number (hex): 6f8fe66ad6fadbf6a301a4b2fcc241b1 + Revoked at: Tue Apr 29 17:12:41 UTC 2014 + Serial Number (hex): 00b8dc18a1b2ea0adf67dad1164247532e + Revoked at: Tue Apr 29 17:14:36 UTC 2014 + Serial Number (hex): 00aeab8a1947acf88f0578e056affab022 + Revoked at: Tue Apr 29 17:16:36 UTC 2014 + Serial Number (hex): 008c50c688ef839a2e26a7fe60896713b2 + Revoked at: Tue Apr 29 17:17:13 UTC 2014 + Serial Number (hex): 0084e10d42e048f25e9663b0f0c8063b19 + Revoked at: Tue Apr 29 17:18:33 UTC 2014 + Serial Number (hex): 00b97d970ac604cee966fd303ccdaf7638 + Revoked at: Tue Apr 29 17:19:14 UTC 2014 + Serial Number (hex): 2a23655d02ed0d3f39ca717d10999c11 + Revoked at: Tue Apr 29 17:20:11 UTC 2014 + Serial Number (hex): 00a5a839ae500a3e394968c24a8f2a8b58 + Revoked at: Tue Apr 29 17:21:15 UTC 2014 + Serial Number (hex): 0080aa4809af3ae85e9ba859d001dc9f89 + Revoked at: Tue Apr 29 17:21:35 UTC 2014 + Serial Number (hex): 00b5e78d9b00701244da3adae50ee17f7b + Revoked at: Tue Apr 29 17:22:40 UTC 2014 + Serial Number (hex): 0094e304239047ea398603da491217439b + Revoked at: Tue Apr 29 17:23:56 UTC 2014 + Serial Number (hex): 00860ac396dfc669d9ffda27b5f0cb8f9d + Revoked at: Tue Apr 29 17:24:37 UTC 2014 + Serial Number (hex): 00e6c17e83dff36956a600b65315b03517 + Revoked at: Tue Apr 29 17:26:36 UTC 2014 + Serial Number (hex): 6d2ed839e2eac33e79323542b0d12a5e + Revoked at: Tue Apr 29 17:27:15 UTC 2014 + Serial Number (hex): 7a902b9c219edb24e65f69bfebac600e + Revoked at: Tue Apr 29 17:28:33 UTC 2014 + Serial Number (hex): 00f760bc54268470dda2ada1ef6f37e928 + Revoked at: Tue Apr 29 17:29:09 UTC 2014 + Serial Number (hex): 00c458573f3eb6f38e41347726f3c6dbf1 + Revoked at: Tue Apr 29 17:29:46 UTC 2014 + Serial Number (hex): 00a5feabea0c005abdd9ff1821a78497f7 + Revoked at: Tue Apr 29 17:30:28 UTC 2014 + Serial Number (hex): 17241ed8e7f3cf8681682a97efa246b9 + Revoked at: Tue Apr 29 17:30:57 UTC 2014 + Serial Number (hex): 0089322a1ca4f4fcdc5ab41485c8774e10 + Revoked at: Tue Apr 29 17:32:00 UTC 2014 + Serial Number (hex): 0fd1fc9e4734e4bcb187ffe373deef0f + Revoked at: Tue Apr 29 17:37:06 UTC 2014 + Serial Number (hex): 00fc1c4a1a5a35bb707d54cd9554088d49 + Revoked at: Tue Apr 29 19:54:58 UTC 2014 + Serial Number (hex): 0090371d4f0104f793aba6e3e5dc572653 + Revoked at: Tue Apr 29 19:57:49 UTC 2014 + Serial Number (hex): 00c1b30c7184f6bc812dc14251c809f3dc + Revoked at: Tue Apr 29 19:59:52 UTC 2014 + Serial Number (hex): 72da5eee4a04bd498be3b12e3793ab21 + Revoked at: Tue Apr 29 20:12:59 UTC 2014 + Serial Number (hex): 7ced425234fc204e2c1eec34c5506027 + Revoked at: Tue Apr 29 20:13:19 UTC 2014 + Serial Number (hex): 00878bbdbafb1a991021da801bd47a1c8d + Revoked at: Tue Apr 29 20:13:44 UTC 2014 + Serial Number (hex): 6798773699715c39dd299a3ad87dc018 + Revoked at: Tue Apr 29 20:14:01 UTC 2014 + Serial Number (hex): 00f4e592be9689d4dfa98f9bdcb59f4c42 + Revoked at: Tue Apr 29 20:14:49 UTC 2014 + Serial Number (hex): 354bbd35a7603db22e2b10c2eac107b3 + Revoked at: Tue Apr 29 20:15:20 UTC 2014 + Serial Number (hex): 00ffd80874b38a59d8b63a8193a2392553 + Revoked at: Tue Apr 29 20:18:27 UTC 2014 + Serial Number (hex): 00f57923b2c07a7b1f6eea9b0e8f258fb3 + Revoked at: Tue Apr 29 20:18:52 UTC 2014 + Serial Number (hex): 388e6d513f22036b940f67c4e1d0a272 + Revoked at: Tue Apr 29 20:35:42 UTC 2014 + Serial Number (hex): 00856d076f84c5b8d2580433627965e876 + Revoked at: Tue Apr 29 20:53:24 UTC 2014 + Serial Number (hex): 2fb2751c174411cf944f775dde16a200 + Revoked at: Tue Apr 29 22:04:40 UTC 2014 + Serial Number (hex): 00a6db17487a6a4fd03db36e4b1cbcc5f4 + Revoked at: Tue Apr 29 23:11:11 UTC 2014 + Serial Number (hex): 78dd0dccee942d4270af3ba61ee6e01a + Revoked at: Wed Apr 30 02:48:32 UTC 2014 + Serial Number (hex): 00d9603f9bc94ecc842c1e1a115377c6e3 + Revoked at: Wed Apr 30 02:48:38 UTC 2014 + Serial Number (hex): 2ef9d34c96fce8f66ade8d27ac210e85 + Revoked at: Wed Apr 30 03:30:05 UTC 2014 + Serial Number (hex): 00d3c070840ce40a457aaef05f90724d29 + Revoked at: Wed Apr 30 03:30:23 UTC 2014 + Serial Number (hex): 493b5857e63f3af36010b013fbc23436 + Revoked at: Wed Apr 30 06:36:39 UTC 2014 + Serial Number (hex): 00b4126eee678961a7b3d10b46991d3048 + Revoked at: Wed Apr 30 07:11:58 UTC 2014 + Serial Number (hex): 00c338b5403096f2ddf2375814b0a1e3fa + Revoked at: Wed Apr 30 07:12:24 UTC 2014 + Serial Number (hex): 5b005535409bbad22c1d59f0aa37c69f + Revoked at: Wed Apr 30 07:12:46 UTC 2014 + Serial Number (hex): 038c8be3e2a6c041b0ec10b2aae9e394 + Revoked at: Wed Apr 30 10:23:24 UTC 2014 + Serial Number (hex): 0097501a6257de7203a52cd9dbd71762c2 + Revoked at: Wed Apr 30 12:30:42 UTC 2014 + Serial Number (hex): 00bd4fa5f60b82376ad9620db09b7f5f78 + Revoked at: Wed Apr 30 12:31:03 UTC 2014 + Serial Number (hex): 00ec4dcac001634c20b8a5c9b1acc50dac + Revoked at: Wed Apr 30 12:51:07 UTC 2014 + Serial Number (hex): 00f71ced1af3542c476184ad1cdad36f57 + Revoked at: Wed Apr 30 13:43:25 UTC 2014 + Serial Number (hex): 6e7d56e8755982cc665277f546b0cf5a + Revoked at: Wed Apr 30 13:44:38 UTC 2014 + Serial Number (hex): 00f4eb44dec3bac3d192dd824ea65d7426 + Revoked at: Wed Apr 30 14:06:06 UTC 2014 + Serial Number (hex): 19f3fdff5436f8478f95ec4c59429691 + Revoked at: Wed Apr 30 15:02:52 UTC 2014 + Serial Number (hex): 00e42d045b96f60ac806c2bb41c5a3559e + Revoked at: Wed Apr 30 15:17:44 UTC 2014 + Serial Number (hex): 00fa8ae20134eced69bb4ce6e991be595c + Revoked at: Wed Apr 30 15:27:57 UTC 2014 + Serial Number (hex): 08b53eef7e5d5c9c4b57d64968073843 + Revoked at: Wed Apr 30 15:29:00 UTC 2014 + Serial Number (hex): 2efd41eac79e0a9c05293ec646d628bc + Revoked at: Wed Apr 30 16:02:30 UTC 2014 + Serial Number (hex): 1715a8ffa66be5878262970f5483cb9f + Revoked at: Wed Apr 30 16:14:28 UTC 2014 + Serial Number (hex): 6e3e3ca1b88fdeb80d956e714485e622 + Revoked at: Wed Apr 30 16:41:13 UTC 2014 + Serial Number (hex): 00c1fb530b4c9883d8a693a92e535776bd + Revoked at: Wed Apr 30 17:20:03 UTC 2014 + Serial Number (hex): 4a2dc27c2952d5050c622adb539b883f + Revoked at: Wed Apr 30 19:05:17 UTC 2014 + Serial Number (hex): 7cee8a78ad23692f57627ba09d335c6e + Revoked at: Wed Apr 30 19:05:26 UTC 2014 + Serial Number (hex): 00953e0d8c3702b462f1626387c6380431 + Revoked at: Wed Apr 30 19:05:47 UTC 2014 + Serial Number (hex): 009c43350789fdce11d55273dab4e365d1 + Revoked at: Wed Apr 30 19:05:56 UTC 2014 + Serial Number (hex): 00f7609d3d221d71628db354b5cf2d4ee4 + Revoked at: Wed Apr 30 19:06:09 UTC 2014 + Serial Number (hex): 00b4c493fda79f7a99665352d5d47e35da + Revoked at: Wed Apr 30 19:54:35 UTC 2014 + Serial Number (hex): 4447c9284de4fd064163f727c358cc52 + Revoked at: Wed Apr 30 20:10:09 UTC 2014 + Serial Number (hex): 0080f495e1dac7feb2dd59d72c0b662365 + Revoked at: Wed Apr 30 20:11:52 UTC 2014 + Serial Number (hex): 5e226043f2f03e9df1d72f73659ba666 + Revoked at: Wed Apr 30 21:03:24 UTC 2014 + Serial Number (hex): 00bef0d03a9d7a1c50e8499171e1c94c4a + Revoked at: Thu May 01 00:48:40 UTC 2014 + Serial Number (hex): 00d50a1f25f7616b654f23486a3d08250d + Revoked at: Thu May 01 08:31:28 UTC 2014 + Serial Number (hex): 00ebf9bca489c56ec78f608355def382f4 + Revoked at: Thu May 01 09:15:13 UTC 2014 + Serial Number (hex): 00ff9fed86de6907f07a7133fb05f24561 + Revoked at: Thu May 01 11:34:05 UTC 2014 + Serial Number (hex): 009bff624ac33f3caa544c105abc8b20dd + Revoked at: Thu May 01 14:13:34 UTC 2014 + Serial Number (hex): 00bd8dd4bfa9bf9d0f312faaecc9c84256 + Revoked at: Thu May 01 14:15:30 UTC 2014 + Serial Number (hex): 349affdb8d3b65af98cc06ce21a18dcd + Revoked at: Thu May 01 15:04:46 UTC 2014 + Serial Number (hex): 1c6052f09b2eacc63af0832c180d47dc + Revoked at: Thu May 01 15:07:58 UTC 2014 + Serial Number (hex): 00a96ceb8df2b3461c3069080c6addb657 + Revoked at: Thu May 01 16:11:56 UTC 2014 + Serial Number (hex): 00f6fe4b81f7fa42c131d67ce311045fcf + Revoked at: Thu May 01 16:13:02 UTC 2014 + Serial Number (hex): 1382d719e809da5fb818599eda82da16 + Revoked at: Thu May 01 16:13:02 UTC 2014 + Serial Number (hex): 34bf43251c5b96feab8ef7e046f1578c + Revoked at: Thu May 01 16:16:19 UTC 2014 + Serial Number (hex): 157048d28746dd6cfd9005f8e8c5621a + Revoked at: Thu May 01 16:43:11 UTC 2014 + Serial Number (hex): 0412d06ff23986b6e420fc68ac8ca30d + Revoked at: Thu May 01 18:00:20 UTC 2014 + Serial Number (hex): 00f7092069cbe47ef6cbec52c11a93bc0e + Revoked at: Thu May 01 18:36:30 UTC 2014 + Serial Number (hex): 47357381fa62c0fa9b48620fcb30cfa8 + Revoked at: Thu May 01 18:37:54 UTC 2014 + Serial Number (hex): 2098d8c294cce71e09c139d2742097ea + Revoked at: Thu May 01 18:39:06 UTC 2014 + Serial Number (hex): 00844563afa8fe60f0e6375a0fb74fb1ba + Revoked at: Thu May 01 18:40:15 UTC 2014 + Serial Number (hex): 1b735116d59fd2b86185acaed968526f + Revoked at: Thu May 01 18:42:51 UTC 2014 + Serial Number (hex): 00eb143a8ad95d537611772857f3a78fcf + Revoked at: Thu May 01 18:43:40 UTC 2014 + Serial Number (hex): 6c67e4ce6fd2f21116cd1ce7212fcb33 + Revoked at: Thu May 01 18:44:31 UTC 2014 + Serial Number (hex): 00ddc970844612392343f52c1b1fe34475 + Revoked at: Thu May 01 18:45:10 UTC 2014 + Serial Number (hex): 3f7d23ce94bdc308e60819c789979f20 + Revoked at: Thu May 01 18:46:32 UTC 2014 + Serial Number (hex): 7519f2911d408f7e49e1a631f35a40c0 + Revoked at: Thu May 01 18:47:10 UTC 2014 + Serial Number (hex): 221ced12fc772689fe5230b844201f0c + Revoked at: Thu May 01 18:55:18 UTC 2014 + Serial Number (hex): 088c0c50349c3c8a9989d8a26234b086 + Revoked at: Thu May 01 18:59:18 UTC 2014 + Serial Number (hex): 00a7c0c406dddb113d6f77b07f96e09baf + Revoked at: Thu May 01 18:59:23 UTC 2014 + Serial Number (hex): 462473a3de987232e08805916609f191 + Revoked at: Thu May 01 18:59:27 UTC 2014 + Serial Number (hex): 464457ca3ef0ed8a8956a7ac132c751a + Revoked at: Thu May 01 19:52:22 UTC 2014 + Serial Number (hex): 00b6db7ff43f2b9a1996a0ec7bd4c5e691 + Revoked at: Thu May 01 20:02:53 UTC 2014 + Serial Number (hex): 00a25eb30d00cf604efc243a6f904b2ccd + Revoked at: Thu May 01 20:36:16 UTC 2014 + Serial Number (hex): 27c318ba43676c994cf17474ce011e8a + Revoked at: Thu May 01 20:37:02 UTC 2014 + Serial Number (hex): 7136d17dc4b1c56dbcc69a76ea1ae1e8 + Revoked at: Thu May 01 20:37:26 UTC 2014 + Serial Number (hex): 253c429a34ada95031a4378fdf7b8af2 + Revoked at: Thu May 01 20:38:15 UTC 2014 + Serial Number (hex): 00b5b299b2e4538c83347628ea248162e2 + Revoked at: Thu May 01 20:38:56 UTC 2014 + Serial Number (hex): 21316c64013e2d971b551afd978728d8 + Revoked at: Thu May 01 20:44:33 UTC 2014 + Serial Number (hex): 62f25b533eee8dbd0430a5a852455484 + Revoked at: Thu May 01 20:46:12 UTC 2014 + Serial Number (hex): 00c2f7ee92563fce90db60e98ae07f66cb + Revoked at: Thu May 01 20:47:42 UTC 2014 + Serial Number (hex): 00e00f5196d7d80088fb56ddb8ab1b9955 + Revoked at: Thu May 01 21:39:26 UTC 2014 + Serial Number (hex): 00fe848481a813d15294eb60b29a4b62bd + Revoked at: Thu May 01 22:01:49 UTC 2014 + Serial Number (hex): 00cd746f0a88aca96dd6b6bc89b54eb89f + Revoked at: Fri May 02 06:43:45 UTC 2014 + Serial Number (hex): 00f79ac25bd0a22ab50a9868005bb5e518 + Revoked at: Fri May 02 07:41:19 UTC 2014 + Serial Number (hex): 15dde81bf2bbdc8d0b94e4959e29789e + Revoked at: Fri May 02 09:20:51 UTC 2014 + Serial Number (hex): 513d95ae9fa942625b236c3d3d1a9a23 + Revoked at: Fri May 02 10:00:23 UTC 2014 + Serial Number (hex): 6c45872d9a0528bf72eb37b101f764ab + Revoked at: Fri May 02 10:17:01 UTC 2014 + Serial Number (hex): 20a995ae310322821d2ee3bcc25899f4 + Revoked at: Fri May 02 10:32:40 UTC 2014 + Serial Number (hex): 0bb5c1939e26ee9c5204ab004379be06 + Revoked at: Fri May 02 10:59:29 UTC 2014 + Serial Number (hex): 00d7258b09ba763d90d7787a97670527e9 + Revoked at: Fri May 02 10:59:35 UTC 2014 + Serial Number (hex): 5ce5ea429c8934407a2fc357d5805fb1 + Revoked at: Fri May 02 11:16:26 UTC 2014 + Serial Number (hex): 19ee5c706b7cd26dad8b23b97d69419a + Revoked at: Fri May 02 12:56:27 UTC 2014 + Serial Number (hex): 63a3833420d3894816fa9844b45fe14d + Revoked at: Fri May 02 12:56:34 UTC 2014 + Serial Number (hex): 00f4e063e82d67b4eb148e5d43e9a2f720 + Revoked at: Fri May 02 12:56:40 UTC 2014 + Serial Number (hex): 00c8a7330c7da671c16a15e840bc2e32e3 + Revoked at: Fri May 02 13:04:05 UTC 2014 + Serial Number (hex): 16d6a5bf20075f1c97857c23cd0a482f + Revoked at: Fri May 02 13:25:27 UTC 2014 + Serial Number (hex): 00c60dd0d110cb63e6aff53bbdc880f2fa + Revoked at: Fri May 02 13:36:28 UTC 2014 + Serial Number (hex): 0085ff00c3bcd0f3fe054327dee729c197 + Revoked at: Fri May 02 15:46:12 UTC 2014 + Serial Number (hex): 00e5dbdc064dd13a3a68833f5bd79a1c18 + Revoked at: Fri May 02 15:52:06 UTC 2014 + Serial Number (hex): 625e607c3b089d78fb5de77bb288bdb5 + Revoked at: Fri May 02 16:13:04 UTC 2014 + Serial Number (hex): 5b45cc54c3e7625a4168f3b077a5304d + Revoked at: Fri May 02 16:45:16 UTC 2014 + Serial Number (hex): 04311565201fd815ab5b80a081a81157 + Revoked at: Fri May 02 18:23:19 UTC 2014 + Serial Number (hex): 00b2478e97fbeeda6eb62d6d931e1f1bef + Revoked at: Fri May 02 18:25:18 UTC 2014 + Serial Number (hex): 009a80673f419de6aedae7c556629f44f6 + Revoked at: Fri May 02 18:42:34 UTC 2014 + Serial Number (hex): 0cea236eebe3d5bf3b604603616ffbab + Revoked at: Fri May 02 18:53:46 UTC 2014 + Serial Number (hex): 6542adfb6ace6ad36aa66be4683f9765 + Revoked at: Fri May 02 20:28:24 UTC 2014 + Serial Number (hex): 00b926619b9ae00fac11b141b412f58439 + Revoked at: Fri May 02 20:28:26 UTC 2014 + Serial Number (hex): 4fbce011ba782522f6412c1f334218a9 + Revoked at: Fri May 02 20:28:29 UTC 2014 + Serial Number (hex): 009c8d5265b9f382348d4414b7e9db8fc3 + Revoked at: Fri May 02 20:28:32 UTC 2014 + Serial Number (hex): 008a81e987e81f521bbb52198e4dff2d28 + Revoked at: Fri May 02 21:20:49 UTC 2014 + Serial Number (hex): 4f0887b55dbbaaec767bba2bcd57ab20 + Revoked at: Sat May 03 16:13:04 UTC 2014 + Serial Number (hex): 00a5240829aeb97d5ec42ec871faec748f + Revoked at: Sat May 03 17:06:18 UTC 2014 + Serial Number (hex): 00e520460423f422c0f62064d7da91ae19 + Revoked at: Sun May 04 06:13:03 UTC 2014 + Serial Number (hex): 00f10027c0af1e3e7568a46dfa56492531 + Revoked at: Mon May 05 06:57:36 UTC 2014 + Serial Number (hex): 00f030eb2a3f85c2d666fcce658e1dc07d + Revoked at: Mon May 05 07:23:51 UTC 2014 + Serial Number (hex): 2153a46f8505636887c517514e12f2dd + Revoked at: Mon May 05 07:24:23 UTC 2014 + Serial Number (hex): 65c62f6d9af63f365a486fdd657ebf95 + Revoked at: Mon May 05 07:24:46 UTC 2014 + Serial Number (hex): 00cf9c940374a0d3d215ef688d186e6b10 + Revoked at: Mon May 05 08:11:49 UTC 2014 + Serial Number (hex): 10e76ce73174c110678f2a44d77487bb + Revoked at: Mon May 05 08:39:55 UTC 2014 + Serial Number (hex): 00a8e9af19fa4e656a1c23f53a9b388c3b + Revoked at: Mon May 05 09:18:47 UTC 2014 + Serial Number (hex): 47b8df701bf8eadfb42b503cf6457eb3 + Revoked at: Mon May 05 10:30:54 UTC 2014 + Serial Number (hex): 00f699a7b405c8508314c37bd7c1e759d5 + Revoked at: Mon May 05 10:34:30 UTC 2014 + Serial Number (hex): 5ac84b570facef669097667eb4d18f6c + Revoked at: Mon May 05 10:42:13 UTC 2014 + Serial Number (hex): 63548d0e26604ee9d4579efcf792745a + Revoked at: Mon May 05 11:22:34 UTC 2014 + Serial Number (hex): 6a738397dbe02b980d2aca5d64a57107 + Revoked at: Mon May 05 11:23:50 UTC 2014 + Serial Number (hex): 0097f385767861f062f8b42173fe4a31ed + Revoked at: Mon May 05 11:24:27 UTC 2014 + Serial Number (hex): 00889bd99be8011a37a753eeaa204d8afb + Revoked at: Mon May 05 11:25:12 UTC 2014 + Serial Number (hex): 742a13a4106b0172a190195764e1027b + Revoked at: Mon May 05 11:31:45 UTC 2014 + Serial Number (hex): 00dd644ec89c7f4b8ef44b45b24860e155 + Revoked at: Mon May 05 14:32:26 UTC 2014 + Serial Number (hex): 25321f11ef29cfcb4a4ebc26adcaed84 + Revoked at: Mon May 05 15:10:56 UTC 2014 + Serial Number (hex): 00e50386d1108f132623ab84188e5c36a8 + Revoked at: Mon May 05 15:12:23 UTC 2014 + Serial Number (hex): 00ace98f72a5744fc5d8e0d746eb164644 + Revoked at: Mon May 05 15:13:22 UTC 2014 + Serial Number (hex): 5b8764013672c4f08a1beb4a6eb32cc4 + Revoked at: Mon May 05 15:16:21 UTC 2014 + Serial Number (hex): 6afbc3ad3d6c2709aa2f47057dddc679 + Revoked at: Mon May 05 15:20:44 UTC 2014 + Serial Number (hex): 0e741398e70c435cd3c5067bb7da2e34 + Revoked at: Mon May 05 15:21:16 UTC 2014 + Serial Number (hex): 009f8a0552f6dd9724a7b59fdac9bf7093 + Revoked at: Mon May 05 16:02:51 UTC 2014 + Serial Number (hex): 00931b50961981cb6b9af0a14c7bbaec82 + Revoked at: Mon May 05 17:11:53 UTC 2014 + Serial Number (hex): 0095dd15c3d55ca2c3467201bebfb439aa + Revoked at: Mon May 05 17:15:32 UTC 2014 + Serial Number (hex): 65ec1b68b31811c82048bc9555debb14 + Revoked at: Mon May 05 17:32:47 UTC 2014 + Serial Number (hex): 00a924e12214e7179ada577a75fe098881 + Revoked at: Mon May 05 18:13:50 UTC 2014 + Serial Number (hex): 008415e712c579243553f0a11d3a36c7cd + Revoked at: Mon May 05 18:54:32 UTC 2014 + Serial Number (hex): 009357d436a276980b4a29fecf4c744072 + Revoked at: Mon May 05 19:01:23 UTC 2014 + Serial Number (hex): 52ecd87b15f5d22cf2c5050df8c06eba + Revoked at: Mon May 05 19:06:52 UTC 2014 + Serial Number (hex): 00ac57d4a20b2051ee917deb98133444ce + Revoked at: Mon May 05 19:48:45 UTC 2014 + Serial Number (hex): 00b4e19bc98f7354e179b8b083a9f99636 + Revoked at: Mon May 05 20:18:45 UTC 2014 + Serial Number (hex): 2c3828d8f3f49d24ad57807ce840e1cb + Revoked at: Mon May 05 20:27:05 UTC 2014 + Serial Number (hex): 7a8036ceeb74eaf26e29173da8cc45f6 + Revoked at: Mon May 05 20:27:52 UTC 2014 + Serial Number (hex): 29bf59e3c5bb98faf7f920d03e843c22 + Revoked at: Mon May 05 20:36:31 UTC 2014 + Serial Number (hex): 4d000e411246be9bbc2b5939c6012d59 + Revoked at: Mon May 05 20:45:39 UTC 2014 + Serial Number (hex): 781e0dddfdbba17e96454616af45f38c + Revoked at: Mon May 05 21:57:29 UTC 2014 + Serial Number (hex): 00fae9c2158e3d80438597bc3a171edd6e + Revoked at: Mon May 05 23:01:50 UTC 2014 + Serial Number (hex): 0d5ce4046b76510f972dc11b5f9b9dda + Revoked at: Tue May 06 05:03:09 UTC 2014 + Serial Number (hex): 58aebd87ec84289a683cf014a1f18423 + Revoked at: Tue May 06 05:17:51 UTC 2014 + Serial Number (hex): 00d3b252525f52bc7aa5b4e674e99f5b4d + Revoked at: Tue May 06 05:18:16 UTC 2014 + Serial Number (hex): 50d3c72a7d24d5633cec52ce43e5524c + Revoked at: Tue May 06 05:18:26 UTC 2014 + Serial Number (hex): 009492436db23c79a8861c62fa79770554 + Revoked at: Tue May 06 05:21:09 UTC 2014 + Serial Number (hex): 009fbc2fc3b5c205a48c570432abbf63e1 + Revoked at: Tue May 06 05:24:19 UTC 2014 + Serial Number (hex): 02615e626022ecf53dce6f73d3ff75ca + Revoked at: Tue May 06 11:52:44 UTC 2014 + Serial Number (hex): 00965addf2709bfcc7ae92a436b9213e46 + Revoked at: Tue May 06 12:00:34 UTC 2014 + Serial Number (hex): 5147252b4c1aa9055c216c4ef1f19da7 + Revoked at: Tue May 06 12:54:14 UTC 2014 + Serial Number (hex): 00a0bd40b0cf3da04228ca27c6d88e98cb + Revoked at: Tue May 06 13:01:23 UTC 2014 + Serial Number (hex): 7c4e2a01efc7d85b5f013af2dbb23d31 + Revoked at: Tue May 06 13:01:27 UTC 2014 + Serial Number (hex): 6dc1990306eb5c7a48ba2d4cc88274aa + Revoked at: Tue May 06 13:51:21 UTC 2014 + Serial Number (hex): 00864f5db320c1d87965cc39ffc7f7cd45 + Revoked at: Tue May 06 13:51:25 UTC 2014 + Serial Number (hex): 3ed48a3a99789d8c640e579bb7cc3a61 + Revoked at: Tue May 06 14:12:10 UTC 2014 + Serial Number (hex): 2707d165d7856aa6ee9f7402f5e689c0 + Revoked at: Tue May 06 14:13:04 UTC 2014 + Serial Number (hex): 00e7e49ee358eaedfbc150476bd4e72daf + Revoked at: Tue May 06 14:13:58 UTC 2014 + Serial Number (hex): 00c3d2fd340f16152966d07da66b4d9b15 + Revoked at: Tue May 06 14:15:17 UTC 2014 + Serial Number (hex): 705751740ec0bce36ced6bf70285c12f + Revoked at: Tue May 06 14:16:11 UTC 2014 + Serial Number (hex): 59d91730ba0e3323660fa4215f29739d + Revoked at: Tue May 06 14:21:52 UTC 2014 + Serial Number (hex): 70cdccfc2ad0897b01d0274d42d1362e + Revoked at: Tue May 06 14:23:11 UTC 2014 + Serial Number (hex): 0fc5f416f126177093be299ad0dc7107 + Revoked at: Tue May 06 14:26:06 UTC 2014 + Serial Number (hex): 00ab0aa8c28c133739de8256cc306b20c8 + Revoked at: Tue May 06 14:26:33 UTC 2014 + Serial Number (hex): 274b130787241a00be6793d75c1108f7 + Revoked at: Tue May 06 14:27:00 UTC 2014 + Serial Number (hex): 0090f3b38cfa1b21548839b904967fa11e + Revoked at: Tue May 06 14:27:49 UTC 2014 + Serial Number (hex): 0084bd87ffde73547b489e94fc6cdff7e3 + Revoked at: Tue May 06 14:28:31 UTC 2014 + Serial Number (hex): 6f97f16211515eaa68e354159b75cf02 + Revoked at: Tue May 06 14:29:46 UTC 2014 + Serial Number (hex): 00abc057f33c8de37a2b7a3d7d0599a0cf + Revoked at: Tue May 06 14:30:15 UTC 2014 + Serial Number (hex): 283000b4b99755fe3f61a21d700d639a + Revoked at: Tue May 06 14:31:12 UTC 2014 + Serial Number (hex): 5949643d66c957fbc58607322a5c4ccf + Revoked at: Tue May 06 14:35:54 UTC 2014 + Serial Number (hex): 00c35f4fac810eda727fae72c9e4971bdf + Revoked at: Tue May 06 14:36:13 UTC 2014 + Serial Number (hex): 00ea88253747c19641abc0656b72682269 + Revoked at: Tue May 06 14:37:03 UTC 2014 + Serial Number (hex): 5e332907a3b1181e635e70c67e7dbc3e + Revoked at: Tue May 06 14:37:36 UTC 2014 + Serial Number (hex): 458978bbced7484261270933a986edb8 + Revoked at: Tue May 06 14:38:31 UTC 2014 + Serial Number (hex): 00f31c811572f4e9744af1bf75354b4609 + Revoked at: Tue May 06 14:38:58 UTC 2014 + Serial Number (hex): 04c84de57cb6eb6228b001446cf17407 + Revoked at: Tue May 06 14:39:31 UTC 2014 + Serial Number (hex): 00a2e9a3199066488f366e373a1dcb296d + Revoked at: Tue May 06 14:41:27 UTC 2014 + Serial Number (hex): 2d1d6160e03a5d9f4468aaabced34483 + Revoked at: Tue May 06 14:43:49 UTC 2014 + Serial Number (hex): 1f7d4a1ca30ea70672770b53b17c7a54 + Revoked at: Tue May 06 14:44:23 UTC 2014 + Serial Number (hex): 4e39a4dabbe3e460a2541c5d402b1bfa + Revoked at: Tue May 06 14:45:00 UTC 2014 + Serial Number (hex): 2171a99101392c303de915f8c424a002 + Revoked at: Tue May 06 14:45:34 UTC 2014 + Serial Number (hex): 0090f8c804323dc3419d36391e5dd67c84 + Revoked at: Tue May 06 14:46:16 UTC 2014 + Serial Number (hex): 67517f63f485be064f8a6c9ae1d28af1 + Revoked at: Tue May 06 16:39:56 UTC 2014 + Serial Number (hex): 48700488468cc7677aff2f0697c1bdbb + Revoked at: Tue May 06 16:43:25 UTC 2014 + Serial Number (hex): 00e2a6c30f35b5397e0675c51e4184938b + Revoked at: Tue May 06 16:53:35 UTC 2014 + Serial Number (hex): 00c65bc00c020bd365bd0718b828061f60 + Revoked at: Tue May 06 16:54:30 UTC 2014 + Serial Number (hex): 00f79cd0685c9952c601cac1fe83264d16 + Revoked at: Tue May 06 16:55:28 UTC 2014 + Serial Number (hex): 4390b7c5abdeb4e478fd92487e6e6e11 + Revoked at: Tue May 06 16:56:52 UTC 2014 + Serial Number (hex): 1173260e7f6d8dc39499acbe53954de7 + Revoked at: Tue May 06 18:02:00 UTC 2014 + Serial Number (hex): 00c258acec38ff74073a875046a55f6ddc + Revoked at: Tue May 06 18:56:35 UTC 2014 + Serial Number (hex): 7576ca6f04d600b2b9e0a4d2fde7c71f + Revoked at: Tue May 06 19:18:38 UTC 2014 + Serial Number (hex): 3de5ac1fdf47568c424547356ba01974 + Revoked at: Tue May 06 19:18:47 UTC 2014 + Serial Number (hex): 00c67dc99c3fdbe40fcc585adc6655aa73 + Revoked at: Tue May 06 19:19:53 UTC 2014 + Serial Number (hex): 00ae472ca9cd2de18479e2cd0cdb2c50b1 + Revoked at: Tue May 06 20:01:13 UTC 2014 + Serial Number (hex): 2d239e7b4c982879c007b9d424e3c94f + Revoked at: Tue May 06 20:02:32 UTC 2014 + Serial Number (hex): 00f5c3c9a0cd607ab7ec289cbda309cdee + Revoked at: Tue May 06 20:08:33 UTC 2014 + Serial Number (hex): 4c73f91f1112a413f88447b26829aeeb + Revoked at: Tue May 06 23:08:13 UTC 2014 + Serial Number (hex): 00c9e49a1fd6fdd9b113f3765225d6fafd + Revoked at: Wed May 07 08:35:06 UTC 2014 + Serial Number (hex): 247065210ccd8d9da1f3782222b78e1b + Revoked at: Wed May 07 09:26:32 UTC 2014 + Serial Number (hex): 2cc553c5f2ec21af926dd1e74347f681 + Revoked at: Wed May 07 10:32:27 UTC 2014 + Serial Number (hex): 46fd3399498939587b59401998c82d38 + Revoked at: Wed May 07 13:35:32 UTC 2014 + Serial Number (hex): 01863711a35bbafa7805e5e91efd66e7 + Revoked at: Wed May 07 15:28:56 UTC 2014 + Serial Number (hex): 00e682ae5ee4fb4b2c52939289bf27bb68 + Revoked at: Wed May 07 15:46:32 UTC 2014 + Serial Number (hex): 00d260bb87b3c251d53e1a759553a90458 + Revoked at: Wed May 07 15:47:59 UTC 2014 + Serial Number (hex): 00a5fd5f9f33780952d256de81a3f282d9 + Revoked at: Wed May 07 15:48:35 UTC 2014 + Serial Number (hex): 2d4cba6846d6203a653f522be4ea13e6 + Revoked at: Wed May 07 15:51:39 UTC 2014 + Serial Number (hex): 00b1cbff05c7cd9fcd125f62dc6c069955 + Revoked at: Wed May 07 15:52:47 UTC 2014 + Serial Number (hex): 2aca08495cad5d060192ca00d3380077 + Revoked at: Wed May 07 15:53:34 UTC 2014 + Serial Number (hex): 00beec45c4cd3eabc7719177c91193718f + Revoked at: Wed May 07 15:54:39 UTC 2014 + Serial Number (hex): 009ed364dcb3879fd83050cff2848b65d3 + Revoked at: Wed May 07 15:56:18 UTC 2014 + Serial Number (hex): 73cae3e7b730c69b1c2a3afb733da577 + Revoked at: Wed May 07 15:56:51 UTC 2014 + Serial Number (hex): 4591fa32ad24b2c835a1aae6337b77ba + Revoked at: Wed May 07 15:59:01 UTC 2014 + Serial Number (hex): 0caf71c4a546eb70af30b738cdd18278 + Revoked at: Wed May 07 15:59:40 UTC 2014 + Serial Number (hex): 00a7d80603815d5cd5a540ff031c986cf2 + Revoked at: Wed May 07 16:00:44 UTC 2014 + Serial Number (hex): 343a8dd9b9bd9fca2c6e16d01434ea28 + Revoked at: Wed May 07 16:01:17 UTC 2014 + Serial Number (hex): 192631f2dbec45ac686a4dc0c489101e + Revoked at: Wed May 07 16:02:03 UTC 2014 + Serial Number (hex): 7ec9435464d97fd835e03de703b5bc4c + Revoked at: Wed May 07 16:03:54 UTC 2014 + Serial Number (hex): 00a04bd5f0d18a4d05ccd23310690ca764 + Revoked at: Wed May 07 16:04:30 UTC 2014 + Serial Number (hex): 6883b6b463807d651900df78f7b51e06 + Revoked at: Wed May 07 16:05:15 UTC 2014 + Serial Number (hex): 00dbabb5d219133316bafe00bd54526a14 + Revoked at: Wed May 07 16:05:51 UTC 2014 + Serial Number (hex): 0669bbbb0539752d41e82dae1cabb1ee + Revoked at: Wed May 07 16:06:27 UTC 2014 + Serial Number (hex): 00e5083ee269db604c91682096b1e5fb8c + Revoked at: Wed May 07 16:07:08 UTC 2014 + Serial Number (hex): 00f24cd15a5bc173d7b76def6a5decf72f + Revoked at: Wed May 07 16:07:51 UTC 2014 + Serial Number (hex): 5f02c548e13304ba2a3375570d73de + Revoked at: Wed May 07 16:09:12 UTC 2014 + Serial Number (hex): 379a218ae613c26a6103c25ebaaed20c + Revoked at: Wed May 07 16:10:30 UTC 2014 + Serial Number (hex): 009a75e72386a625ab5ed368a58ae084ae + Revoked at: Wed May 07 16:11:01 UTC 2014 + Serial Number (hex): 0099b5bdfbb5ad7caae9f0ba5af2ba7ec4 + Revoked at: Wed May 07 16:11:33 UTC 2014 + Serial Number (hex): 50583abc04a4ffc132b376f6cd758263 + Revoked at: Wed May 07 16:12:09 UTC 2014 + Serial Number (hex): 00a51fa785fcd05f6ab7563614a07857c9 + Revoked at: Wed May 07 16:12:38 UTC 2014 + Serial Number (hex): 7c69b941700635098e631e0f070dce7a + Revoked at: Wed May 07 16:13:17 UTC 2014 + Serial Number (hex): 009677f193097d1cb3e98cb1d908bfeafb + Revoked at: Wed May 07 16:13:45 UTC 2014 + Serial Number (hex): 433663a9a2a861ea348e04e0a14ae9e7 + Revoked at: Wed May 07 16:14:21 UTC 2014 + Serial Number (hex): 32d80a9bdec21d332e43b38fdc88aa12 + Revoked at: Wed May 07 18:42:07 UTC 2014 + Serial Number (hex): 7fc8a80ab8f2a6e164035149488295bf + Revoked at: Wed May 07 18:42:58 UTC 2014 + Serial Number (hex): 71f984a0999032b8270d2c870adbb6bd + Revoked at: Wed May 07 19:36:05 UTC 2014 + Serial Number (hex): 058deef125c84a60964ea8842e88aad7 + Revoked at: Wed May 07 20:06:48 UTC 2014 + Serial Number (hex): 7dc891df7bfea953dd341322d002bf38 + Revoked at: Wed May 07 20:07:23 UTC 2014 + Serial Number (hex): 00f23f1f2ac229fe9ac86feadca58d86a6 + Revoked at: Wed May 07 20:26:39 UTC 2014 + Serial Number (hex): 00a958473db6c9311471cebcf36557069a + Revoked at: Wed May 07 20:31:22 UTC 2014 + Serial Number (hex): 00aa3b15c3d322981fb946568c536e197d + Revoked at: Wed May 07 20:36:37 UTC 2014 + Serial Number (hex): 7a2388c2e814dbe28fa71839c36f2624 + Revoked at: Wed May 07 21:21:47 UTC 2014 + Serial Number (hex): 0a563db15fd5b279a8daa5e9081ff3d2 + Revoked at: Wed May 07 21:38:57 UTC 2014 + Serial Number (hex): 543a346068a2a6ae5e06a63f5fe023b4 + Revoked at: Thu May 08 08:55:23 UTC 2014 + Serial Number (hex): 00e75f2acc395bb0c98e8954984708125e + Revoked at: Thu May 08 08:55:39 UTC 2014 + Serial Number (hex): 0d35c95b75644dd621bbd0d0c9818744 + Revoked at: Thu May 08 09:36:01 UTC 2014 + Serial Number (hex): 0087d43dee26ce3b25729a262c15d24ca7 + Revoked at: Thu May 08 10:10:04 UTC 2014 + Serial Number (hex): 17ef7c9b95fa955e5a978dd2f41becde + Revoked at: Thu May 08 10:12:34 UTC 2014 + Serial Number (hex): 00fae482547c32233fd21e6eee1ae63a58 + Revoked at: Thu May 08 12:03:52 UTC 2014 + Serial Number (hex): 00f311a4843a3e9af6b26382060a3c0271 + Revoked at: Thu May 08 12:30:49 UTC 2014 + Serial Number (hex): 00d53f49dc36d5a343dcc306f3670dff09 + Revoked at: Thu May 08 13:57:52 UTC 2014 + Serial Number (hex): 00bb97ca918de6b860ee27333853a61a41 + Revoked at: Thu May 08 14:15:06 UTC 2014 + Serial Number (hex): 00a5f2054218eb17efab31f63f30b70d29 + Revoked at: Thu May 08 14:18:56 UTC 2014 + Serial Number (hex): 00922e73dd0f4001b24769254b8aee40fa + Revoked at: Thu May 08 14:19:35 UTC 2014 + Serial Number (hex): 5b0899f65423b96786fcb8c8e2f9f39f + Revoked at: Thu May 08 15:38:30 UTC 2014 + Serial Number (hex): 768917d2f18f8f39b783ea9117c4ab00 + Revoked at: Thu May 08 16:13:05 UTC 2014 + Serial Number (hex): 65d275b81a7010d2f0716f02437cc6e3 + Revoked at: Thu May 08 17:27:51 UTC 2014 + Serial Number (hex): 2cb10fb96698dcbe867d108d171b2138 + Revoked at: Thu May 08 17:37:37 UTC 2014 + Serial Number (hex): 00e7004d258934dca54fb82842293d9958 + Revoked at: Thu May 08 17:37:53 UTC 2014 + Serial Number (hex): 00d3be5daa17d1464a633436b68107cd5d + Revoked at: Thu May 08 17:39:00 UTC 2014 + Serial Number (hex): 00b45c51cd0a54667b58be1f3da8e6c382 + Revoked at: Thu May 08 17:39:24 UTC 2014 + Serial Number (hex): 00c524f89f4a15882f0729d362fd0d175d + Revoked at: Thu May 08 17:39:49 UTC 2014 + Serial Number (hex): 00fd9af7bf89928260b2fe98b21b9d9649 + Revoked at: Thu May 08 17:40:15 UTC 2014 + Serial Number (hex): 64dfc4108ed4a7c6532dc1b5f5fd43b3 + Revoked at: Thu May 08 17:42:20 UTC 2014 + Serial Number (hex): 1bb4ca1b78a64f94bc508b890b687742 + Revoked at: Thu May 08 17:42:36 UTC 2014 + Serial Number (hex): 391263d6847fe883ebdea02cff450c80 + Revoked at: Thu May 08 17:43:10 UTC 2014 + Serial Number (hex): 5df66259137c9e005fb8dbf3ffffdc9a + Revoked at: Thu May 08 17:43:19 UTC 2014 + Serial Number (hex): 00cbc26ca328b4bc6dc679f487128e908d + Revoked at: Thu May 08 19:09:21 UTC 2014 + Serial Number (hex): 00da5df65c3bc9449ee3ea3e5c03af227d + Revoked at: Thu May 08 19:47:23 UTC 2014 + Serial Number (hex): 009a782904607bb3f7aea4db37d2a518df + Revoked at: Thu May 08 19:48:25 UTC 2014 + Serial Number (hex): 00ad6dd51663569dec0ea929f0c965c89c + Revoked at: Thu May 08 19:52:32 UTC 2014 + Serial Number (hex): 5cd5bf700c9fef0dbeea9a7607cba1f4 + Revoked at: Thu May 08 19:55:07 UTC 2014 + Serial Number (hex): 00f9511cbda7126de4e09d0dca1a5996fd + Revoked at: Thu May 08 20:09:13 UTC 2014 + Serial Number (hex): 00d4bff2207b9f185a74b4012d84420a + Revoked at: Thu May 08 20:27:07 UTC 2014 + Serial Number (hex): 3ee523ffbbddc3ed3714770a48af8d20 + Revoked at: Thu May 08 21:06:31 UTC 2014 + Serial Number (hex): 2783aaa5da6f175a68a29f08df30b996 + Revoked at: Thu May 08 22:04:15 UTC 2014 + Serial Number (hex): 00fa57be327e12b127e2d5814273176654 + Revoked at: Thu May 08 22:07:28 UTC 2014 + Serial Number (hex): 31cbda7ca1c405a92d8c7006a7a5da7d + Revoked at: Thu May 08 23:55:09 UTC 2014 + Serial Number (hex): 4c1ad7f82e3ee2d4ce041d8ead0c4459 + Revoked at: Fri May 09 04:52:25 UTC 2014 + Serial Number (hex): 00ae9a2f4a2a708b1149fa847c841da850 + Revoked at: Fri May 09 05:00:19 UTC 2014 + Serial Number (hex): 00f1ec6ea92a6d780fd8df800ba413f93b + Revoked at: Fri May 09 05:00:28 UTC 2014 + Serial Number (hex): 19a6a606e8581e2784a19c2d31ba68b7 + Revoked at: Fri May 09 05:00:38 UTC 2014 + Serial Number (hex): 16ec8786cbaee68778942d06b2b5efda + Revoked at: Fri May 09 05:01:52 UTC 2014 + Serial Number (hex): 00d821f87217c1102c5912e2b43bd88faa + Revoked at: Fri May 09 05:07:52 UTC 2014 + Serial Number (hex): 00ad200efe599739957f49153e373e9e63 + Revoked at: Fri May 09 06:41:50 UTC 2014 + Serial Number (hex): 41f4593e56719e6b9464e3ae6d8f6693 + Revoked at: Fri May 09 10:02:02 UTC 2014 + Serial Number (hex): 0089d69c74680980ea762de4d7875b2f9f + Revoked at: Fri May 09 11:01:03 UTC 2014 + Serial Number (hex): 051deee290196ceca5c4accc1210cfef + Revoked at: Fri May 09 11:08:16 UTC 2014 + Serial Number (hex): 744665fce9f900bfac9c8dfcb3cd8861 + Revoked at: Fri May 09 14:13:43 UTC 2014 + Serial Number (hex): 6d0690c7656164592b914cb9a8841b9a + Revoked at: Fri May 09 14:51:10 UTC 2014 + Serial Number (hex): 00ee56d1a3c1d32d6b6186d6837052c239 + Revoked at: Fri May 09 15:06:11 UTC 2014 + Serial Number (hex): 00dafab440afb7c969c7eb642d8e824710 + Revoked at: Fri May 09 15:09:41 UTC 2014 + Serial Number (hex): 04eee2b20a09f7a56e4cf62399bb7899 + Revoked at: Fri May 09 15:12:55 UTC 2014 + Serial Number (hex): 008b78a466d531ae9a86e7a2430c95ed3a + Revoked at: Fri May 09 15:13:15 UTC 2014 + Serial Number (hex): 00dc34446c26a5e8db209cf14f80b7f13e + Revoked at: Fri May 09 15:13:54 UTC 2014 + Serial Number (hex): 28e92cd850a495e9cc9d1125c7f0aba1 + Revoked at: Fri May 09 16:31:48 UTC 2014 + Serial Number (hex): 7f7fbf98368044116f44033e1bf9e66d + Revoked at: Fri May 09 16:37:23 UTC 2014 + Serial Number (hex): 00910446c1942ab5f095199e87a043b69d + Revoked at: Fri May 09 16:53:10 UTC 2014 + Serial Number (hex): 41aa6d6c92b8714b31cbab1478b397f3 + Revoked at: Fri May 09 16:53:19 UTC 2014 + Serial Number (hex): 4c6fd181ca187f886eb73baea4a87725 + Revoked at: Fri May 09 16:53:30 UTC 2014 + Serial Number (hex): 660dc05c5223299dc447639c6047893e + Revoked at: Fri May 09 17:56:13 UTC 2014 + Serial Number (hex): 00edf44981f3aab4ec05e133ddda39e5f3 + Revoked at: Fri May 09 17:56:23 UTC 2014 + Serial Number (hex): 0090fa11466b3cd26eb971b026e19a9fec + Revoked at: Fri May 09 18:39:08 UTC 2014 + Serial Number (hex): 6476dd3241ed9091063065ce95da72f0 + Revoked at: Fri May 09 19:16:28 UTC 2014 + Serial Number (hex): 00bd7de3f9a13ff7c77ba15bb91fa16969 + Revoked at: Fri May 09 19:20:16 UTC 2014 + Serial Number (hex): 726dfc60b6685a5e45cc61a17f5299ba + Revoked at: Fri May 09 19:26:13 UTC 2014 + Serial Number (hex): 2f76f6fdaa92de1ad399874fa7f0a933 + Revoked at: Fri May 09 19:36:56 UTC 2014 + Serial Number (hex): 00fd696e7e78a0991ac7675e822c22a6fc + Revoked at: Fri May 09 19:43:52 UTC 2014 + Serial Number (hex): 008edf1a06f58155762823846283571310 + Revoked at: Fri May 09 21:58:00 UTC 2014 + Serial Number (hex): 673460dbcaa5d68e3410e4fdef5a4095 + Revoked at: Fri May 09 22:59:37 UTC 2014 + Serial Number (hex): 387915bd7bf7a6b2ba7379256b3b69e8 + Revoked at: Sat May 10 01:08:04 UTC 2014 + Serial Number (hex): 3a699b22043f9d38617eb8f7540b7a8d + Revoked at: Sat May 10 01:09:20 UTC 2014 + Serial Number (hex): 4ae3cad6d068518d3c91292303ab950a + Revoked at: Sat May 10 02:03:25 UTC 2014 + Serial Number (hex): 0092c9e01e0c5a4026769ab7195eeefc5f + Revoked at: Sat May 10 07:45:50 UTC 2014 + Serial Number (hex): 24751c8e3085d89dcabd247ac7f58970 + Revoked at: Sat May 10 16:13:03 UTC 2014 + Serial Number (hex): 42f166670030c1efaad8c5dff2d43527 + Revoked at: Sat May 10 16:13:04 UTC 2014 + Serial Number (hex): 00eb74b23613706f487d5f01c9b6a15382 + Revoked at: Sun May 11 08:54:23 UTC 2014 + Serial Number (hex): 378c22d6b7e0cfeb318f0b1c3b6e63b6 + Revoked at: Mon May 12 04:43:58 UTC 2014 + Serial Number (hex): 00f9a797777bdf67f9d3a80818efe9b327 + Revoked at: Mon May 12 07:18:01 UTC 2014 + Serial Number (hex): 00e950850fac2bc7374a9e4708fea495c2 + Revoked at: Mon May 12 07:29:21 UTC 2014 + Serial Number (hex): 00c0aae260c8e67b5b6f459b1715298614 + Revoked at: Mon May 12 07:30:38 UTC 2014 + Serial Number (hex): 3671a0779869d4dc91565e5f4251255b + Revoked at: Mon May 12 07:32:15 UTC 2014 + Serial Number (hex): 00f281912a9640157c53496c91a38db322 + Revoked at: Mon May 12 07:34:22 UTC 2014 + Serial Number (hex): 3460479654b46762c9f576dfb97fcce5 + Revoked at: Mon May 12 07:34:29 UTC 2014 + Serial Number (hex): 00bf4d86a7a0292517b8d946e8355a2636 + Revoked at: Mon May 12 07:34:37 UTC 2014 + Serial Number (hex): 3db92a24057e5643deb9e42b11922a17 + Revoked at: Mon May 12 07:34:44 UTC 2014 + Serial Number (hex): 30281fc5e60bbc5f03ed7294a11f17a4 + Revoked at: Mon May 12 07:38:56 UTC 2014 + Serial Number (hex): 4a35abab4e7fed04b950f58b3a117385 + Revoked at: Mon May 12 07:39:02 UTC 2014 + Serial Number (hex): 2d81af30fb7a7032687bce1213fc91f7 + Revoked at: Mon May 12 07:39:11 UTC 2014 + Serial Number (hex): 02368ae6b588ba9dc18b7bcb6539f5ae + Revoked at: Mon May 12 08:24:39 UTC 2014 + Serial Number (hex): 0091b7e1fdc5e5de4ac03e5fcc093cb798 + Revoked at: Mon May 12 11:20:28 UTC 2014 + Serial Number (hex): 00ed6998a99120d297745ab7ceb8c9c3ef + Revoked at: Mon May 12 11:20:38 UTC 2014 + Serial Number (hex): 5e4472ee7ae7b9404023da32b3d02beb + Revoked at: Mon May 12 14:15:19 UTC 2014 + Serial Number (hex): 00980e8263cbbda01bc575808d7d181e77 + Revoked at: Mon May 12 15:38:13 UTC 2014 + Serial Number (hex): 77fd134d2ce055cacb6b4885771eb1e9 + Revoked at: Mon May 12 15:51:56 UTC 2014 + Serial Number (hex): 00f52b3aa5e02be91b37e4127e340b65f6 + Revoked at: Mon May 12 16:02:38 UTC 2014 + Serial Number (hex): 00cdc2a0645acfebd1a7af0bd90df3689b + Revoked at: Mon May 12 16:02:38 UTC 2014 + Serial Number (hex): 299365b4fe2b651d45c281137b729268 + Revoked at: Mon May 12 16:02:38 UTC 2014 + Serial Number (hex): 00b33cf48cece13c96288d9c29522b03de + Revoked at: Mon May 12 16:02:39 UTC 2014 + Serial Number (hex): 4cc5ca1f9b4143807a16e6a8d146696f + Revoked at: Mon May 12 16:02:39 UTC 2014 + Serial Number (hex): 00bb717832b26367bbe83d4587788aaf8c + Revoked at: Mon May 12 16:02:40 UTC 2014 + Serial Number (hex): 008c070d1e0884a64856b5e1da789542c7 + Revoked at: Mon May 12 16:02:40 UTC 2014 + Serial Number (hex): 2137b349fc54e399d5df05b6428ea13c + Revoked at: Mon May 12 16:02:41 UTC 2014 + Serial Number (hex): 341aaa3a5e7e0382247cbf5b366aa865 + Revoked at: Mon May 12 16:02:41 UTC 2014 + Serial Number (hex): 5b106dde57ffe47ccf34d5b08deadecb + Revoked at: Mon May 12 16:02:42 UTC 2014 + Serial Number (hex): 00df25c88dbe3ff71c60b7464349ea4af2 + Revoked at: Mon May 12 16:02:43 UTC 2014 + Serial Number (hex): 00922cfde3bba115cb23d50ff83c962ff0 + Revoked at: Mon May 12 16:02:43 UTC 2014 + Serial Number (hex): 0dd9fae79297bd7c823d0d254dafb474 + Revoked at: Mon May 12 16:02:44 UTC 2014 + Serial Number (hex): 1c7fdc18e0f7b66d7dcd00da539402cb + Revoked at: Mon May 12 16:02:44 UTC 2014 + Serial Number (hex): 008c825a86d18d95661586f9e11e684475 + Revoked at: Mon May 12 16:02:44 UTC 2014 + Serial Number (hex): 00adfab1b79e1bce3048ad463339573919 + Revoked at: Mon May 12 16:02:46 UTC 2014 + Serial Number (hex): 27d882853d473e6f40883ecb2fcf7438 + Revoked at: Mon May 12 16:02:46 UTC 2014 + Serial Number (hex): 7c8f497c5b9b1c233a1fd652a7bb39 + Revoked at: Mon May 12 16:02:48 UTC 2014 + Serial Number (hex): 00bec3d8743eed3917bee9086a23a51939 + Revoked at: Mon May 12 16:02:48 UTC 2014 + Serial Number (hex): 11d8872caf499c649cb029e277e1e05e + Revoked at: Mon May 12 16:02:48 UTC 2014 + Serial Number (hex): 1e2385f2e13fb65276c3b438c1ea3e65 + Revoked at: Mon May 12 16:02:49 UTC 2014 + Serial Number (hex): 00d914528e1b62016f51fc42732df36ae1 + Revoked at: Mon May 12 16:02:50 UTC 2014 + Serial Number (hex): 00f5c2a0223965978a905e4fc5646660d3 + Revoked at: Mon May 12 16:02:50 UTC 2014 + Serial Number (hex): 2e2b324bec1da348a3638e042990e5f6 + Revoked at: Mon May 12 16:02:52 UTC 2014 + Serial Number (hex): 00d327ac0eec83130796574e91155713ea + Revoked at: Mon May 12 16:02:52 UTC 2014 + Serial Number (hex): 00bcbaeea7b3586215ced1c6df7bd0ad21 + Revoked at: Mon May 12 16:02:52 UTC 2014 + Serial Number (hex): 796f6e22bb41e1bc95a051d35075b133 + Revoked at: Mon May 12 16:02:53 UTC 2014 + Serial Number (hex): 4741f7c230fc97c8a66a2819e379957c + Revoked at: Mon May 12 16:02:53 UTC 2014 + Serial Number (hex): 7c722677bea004bc4dc6aed9d61bc9f0 + Revoked at: Mon May 12 16:02:55 UTC 2014 + Serial Number (hex): 1fd8e6f690e3e93119bfa59d15aa7f75 + Revoked at: Mon May 12 16:02:55 UTC 2014 + Serial Number (hex): 00e35e8feddd137d221a2ec49e86c58deb + Revoked at: Mon May 12 16:02:57 UTC 2014 + Serial Number (hex): 00d40a15e663804f7a1123e462295ef005 + Revoked at: Mon May 12 16:02:57 UTC 2014 + Serial Number (hex): 00dc3910b7a40b77a6b46d3692bf18a3f2 + Revoked at: Mon May 12 16:02:57 UTC 2014 + Serial Number (hex): 47c943d6e5885618f2f5aef111da5177 + Revoked at: Mon May 12 16:02:59 UTC 2014 + Serial Number (hex): 00c68f412eddd0297b5eff01ee52c3ef84 + Revoked at: Mon May 12 16:02:59 UTC 2014 + Serial Number (hex): 081a58bef015bf552d57c6016a958f1a + Revoked at: Mon May 12 16:03:00 UTC 2014 + Serial Number (hex): 00c7ca73e4a7be1c8aa9a25c587fd0695b + Revoked at: Mon May 12 16:03:01 UTC 2014 + Serial Number (hex): 2ca312c718d4dec0409fb42a9652b1ba + Revoked at: Mon May 12 16:03:02 UTC 2014 + Serial Number (hex): 009e9b1ddcfed48c0bbaf0723a85d9cd36 + Revoked at: Mon May 12 16:13:05 UTC 2014 + Serial Number (hex): 1e49ed48f8a32e6bd917815a116e930d + Revoked at: Mon May 12 17:49:25 UTC 2014 + Serial Number (hex): 35a43939450dddeff5ca4618004126eb + Revoked at: Mon May 12 18:50:39 UTC 2014 + Serial Number (hex): 74d60bf585c2f1634653b9059fa9f180 + Revoked at: Mon May 12 19:17:24 UTC 2014 + Serial Number (hex): 6db31affa157a90d613ccded762ef6fb + Revoked at: Mon May 12 20:05:59 UTC 2014 + Serial Number (hex): 26f6dc91f6bdd66e46bdaba031b7cacd + Revoked at: Mon May 12 20:37:18 UTC 2014 + Serial Number (hex): 00a3d188b1a3a414b9d7242ac208ee454a + Revoked at: Mon May 12 20:37:40 UTC 2014 + Serial Number (hex): 00c276af1d0df1c18ac928dbeacbb70860 + Revoked at: Mon May 12 21:03:21 UTC 2014 + Serial Number (hex): 395c403bbeb494b1bd13519bcfebc371 + Revoked at: Tue May 13 03:35:54 UTC 2014 + Serial Number (hex): 00cf5bc685af9053d37c146d48e83d4b77 + Revoked at: Tue May 13 07:20:35 UTC 2014 + Serial Number (hex): 00970862632b09c7ff03f62886c76d87c1 + Revoked at: Tue May 13 07:22:13 UTC 2014 + Serial Number (hex): 00be6725a5f421717db5e04ee9b8f33d9c + Revoked at: Tue May 13 07:22:36 UTC 2014 + Serial Number (hex): 00a92fd568d7c070f729059a4d0dc36fc5 + Revoked at: Tue May 13 07:23:07 UTC 2014 + Serial Number (hex): 00d91941a4827b55ddab6eb1361358f6a8 + Revoked at: Tue May 13 07:23:33 UTC 2014 + Serial Number (hex): 00fcc1fc9549b3f18c8b146e302c7a2221 + Revoked at: Tue May 13 07:57:00 UTC 2014 + Serial Number (hex): 6d07616252e345b070d49083b3750ce4 + Revoked at: Tue May 13 13:05:17 UTC 2014 + Serial Number (hex): 008747ffb407bd49e4723201d0b289dfc1 + Revoked at: Tue May 13 13:32:49 UTC 2014 + Serial Number (hex): 7e615fcd95ec4256da439dea6ad21895 + Revoked at: Tue May 13 13:35:12 UTC 2014 + Serial Number (hex): 00d491d80c712262c47abaa0ad47e30ee2 + Revoked at: Tue May 13 13:38:00 UTC 2014 + Serial Number (hex): 00ac82bb139dc94420ecd78a69242e4c75 + Revoked at: Tue May 13 13:38:39 UTC 2014 + Serial Number (hex): 0085fac46bf77a79003d632a51615d2e31 + Revoked at: Tue May 13 13:38:52 UTC 2014 + Serial Number (hex): 009ca11fb02598d8331501e2a994488a3a + Revoked at: Tue May 13 13:39:20 UTC 2014 + Serial Number (hex): 2530e7b51bf1b717710fce05d501c998 + Revoked at: Tue May 13 13:39:34 UTC 2014 + Serial Number (hex): 2c30404407b24099eef284756031e5e0 + Revoked at: Tue May 13 14:12:29 UTC 2014 + Serial Number (hex): 1212fa935a2c01e798d434f6bdfd3d8a + Revoked at: Tue May 13 14:46:43 UTC 2014 + Serial Number (hex): 00d34b6c480e771f5f16231c7ce870655d + Revoked at: Tue May 13 14:49:48 UTC 2014 + Serial Number (hex): 00eb45ebc3d5a0fd5b680ddcb18bfcd539 + Revoked at: Tue May 13 14:56:15 UTC 2014 + Serial Number (hex): 00e1ca4b2ecefcffdd50a65ffb30598271 + Revoked at: Tue May 13 14:56:19 UTC 2014 + Serial Number (hex): 00ff55f425c1c05252aea24b7156331766 + Revoked at: Tue May 13 14:56:39 UTC 2014 + Serial Number (hex): 15f57f40da4b44625a6768ed77710ef1 + Revoked at: Tue May 13 14:56:41 UTC 2014 + Serial Number (hex): 5ba36cdda7034dbd517a2bb7e09b286f + Revoked at: Tue May 13 15:13:22 UTC 2014 + Serial Number (hex): 00ddb2f9828020433b11673fe3d2832a6c + Revoked at: Tue May 13 16:00:03 UTC 2014 + Serial Number (hex): 00b86d3fb0ccade754d0684b0e82c1aa29 + Revoked at: Tue May 13 17:01:07 UTC 2014 + Serial Number (hex): 1ce98db7cc8ba4b075d364fde5c7b99a + Revoked at: Tue May 13 17:09:34 UTC 2014 + Serial Number (hex): 00d58d30d43d7cf92548d323556770cc3a + Revoked at: Tue May 13 18:04:06 UTC 2014 + Serial Number (hex): 00b393791f95e1d3990c34095d2d7d7b13 + Revoked at: Tue May 13 18:17:21 UTC 2014 + Serial Number (hex): 27604af78db781ee21b3de215ce0e838 + Revoked at: Tue May 13 18:19:17 UTC 2014 + Serial Number (hex): 00efb5c81ed130baead6f7aa1562521238 + Revoked at: Tue May 13 18:39:43 UTC 2014 + Serial Number (hex): 426447380b515fa5406941fd6c38e11b + Revoked at: Tue May 13 18:49:57 UTC 2014 + Serial Number (hex): 0084627e3b063bfbdd85e90d0929690186 + Revoked at: Tue May 13 19:29:56 UTC 2014 + Serial Number (hex): 6cf98e396d493d4aff8f1b8a833f6543 + Revoked at: Tue May 13 19:30:11 UTC 2014 + Serial Number (hex): 00a566b7906e25d0c27a46b73e65d1dc3e + Revoked at: Tue May 13 19:30:32 UTC 2014 + Serial Number (hex): 1d1596abafbe2363b4835289de9a98fb + Revoked at: Tue May 13 19:30:43 UTC 2014 + Serial Number (hex): 0bafad21beef963fe2880016a42c26a6 + Revoked at: Tue May 13 19:30:59 UTC 2014 + Serial Number (hex): 3b6ecc03b85c42fa683d801014045d7e + Revoked at: Tue May 13 19:31:15 UTC 2014 + Serial Number (hex): 3a44d1127d824a7804b29023b6e213e2 + Revoked at: Tue May 13 19:52:08 UTC 2014 + Serial Number (hex): 00e7b269a79a7d10f0a9da6736dee52d8e + Revoked at: Tue May 13 20:02:17 UTC 2014 + Serial Number (hex): 16ee56d7134c307937bfac8ab1eefbda + Revoked at: Tue May 13 20:02:42 UTC 2014 + Serial Number (hex): 0084de0933874f7766a61270c29e9729f7 + Revoked at: Tue May 13 20:03:02 UTC 2014 + Serial Number (hex): 00ea58faff01df33cf485905ea9c2e62b1 + Revoked at: Tue May 13 20:03:13 UTC 2014 + Serial Number (hex): 00d4fd562571647ccc267599e2155e2567 + Revoked at: Tue May 13 20:03:27 UTC 2014 + Serial Number (hex): 019ab6be52b05b88013340f351638b89 + Revoked at: Tue May 13 21:37:12 UTC 2014 + Serial Number (hex): 00a23e0b9e0bd7a849c794ee0c2e389dff + Revoked at: Tue May 13 21:57:37 UTC 2014 + Serial Number (hex): 008accfd0516d13c7f5328ece1b6186d73 + Revoked at: Tue May 13 21:57:57 UTC 2014 + Serial Number (hex): 1679aa7e1a0e640571179990c559f352 + Revoked at: Tue May 13 23:31:24 UTC 2014 + Serial Number (hex): 00862bf6339c2cfff7e746c0e0fb413510 + Revoked at: Tue May 13 23:31:55 UTC 2014 + Serial Number (hex): 7fd1e2469213c527bf9bea02b09a1e5e + Revoked at: Tue May 13 23:32:25 UTC 2014 + Serial Number (hex): 00a60d8005b0d2ad75280ed3f9508243c1 + Revoked at: Tue May 13 23:32:50 UTC 2014 + Serial Number (hex): 2d4e9647068a3a0da4cba9d0bfc30497 + Revoked at: Tue May 13 23:33:14 UTC 2014 + Serial Number (hex): 294ade5b8fe26d68a10d456462ffecf6 + Revoked at: Tue May 13 23:33:37 UTC 2014 + Serial Number (hex): 00d8e70b56f93e82720cffed807c289ba7 + Revoked at: Tue May 13 23:34:00 UTC 2014 + Serial Number (hex): 4d743f789c346a49e587af947325c736 + Revoked at: Tue May 13 23:34:17 UTC 2014 + Serial Number (hex): 00f83868f821000b5811e0c0e27aa2d5c9 + Revoked at: Tue May 13 23:34:34 UTC 2014 + Serial Number (hex): 466e70c7c256fb1eb2a0e04f9878dbf3 + Revoked at: Tue May 13 23:34:52 UTC 2014 + Serial Number (hex): 00d896c3ff0c7c94af104ee832afe27afa + Revoked at: Tue May 13 23:35:10 UTC 2014 + Serial Number (hex): 6500f68f1681525006a3c10d52a39449 + Revoked at: Tue May 13 23:35:28 UTC 2014 + Serial Number (hex): 112b0a33f7cdf4876a24e3dbef8bf69e + Revoked at: Wed May 14 06:13:03 UTC 2014 + Serial Number (hex): 008062d37c55a8dc705c3faaad9406f23b + Revoked at: Wed May 14 07:59:57 UTC 2014 + Serial Number (hex): 200815b51cf557a52e6c3406ee1bd163 + Revoked at: Wed May 14 08:00:53 UTC 2014 + Serial Number (hex): 630aa7dd5a2e9cb694436800a517ed84 + Revoked at: Wed May 14 08:01:44 UTC 2014 + Serial Number (hex): 3ed602ea59644c2cc0e07237daf7f469 + Revoked at: Wed May 14 08:03:56 UTC 2014 + Serial Number (hex): 13923329d0a76e9752fbd1860d8d7230 + Revoked at: Wed May 14 09:48:42 UTC 2014 + Serial Number (hex): 3c5905236e0d37c4ada7319c972f9c9d + Revoked at: Wed May 14 10:28:29 UTC 2014 + Serial Number (hex): 1055363e640e5aa312bb81ae34b5eb38 + Revoked at: Wed May 14 10:29:42 UTC 2014 + Serial Number (hex): 00f60e4fc4889402dbcd6de093176e27d6 + Revoked at: Wed May 14 11:04:55 UTC 2014 + Serial Number (hex): 44685686fba85075910d6b2501b4edc8 + Revoked at: Wed May 14 11:16:44 UTC 2014 + Serial Number (hex): 00f0f18516f122133391fbdfbdd425c3fd + Revoked at: Wed May 14 11:24:09 UTC 2014 + Serial Number (hex): 42aa6d3131a988a3ea0889688c1b0de4 + Revoked at: Wed May 14 11:54:22 UTC 2014 + Serial Number (hex): 00d48fbe04055841ba45c7056f6010e300 + Revoked at: Wed May 14 13:12:29 UTC 2014 + Serial Number (hex): 5770cb6e910d4d0f4e108006a573088c + Revoked at: Wed May 14 13:13:45 UTC 2014 + Serial Number (hex): 4a6d05a29ec4c45f9c31114becda155f + Revoked at: Wed May 14 13:13:55 UTC 2014 + Serial Number (hex): 58910075905fe3b81a7f6dd511b76764 + Revoked at: Wed May 14 13:30:57 UTC 2014 + Serial Number (hex): 009d7015b9d11541d2295ec7d88a65292f + Revoked at: Wed May 14 13:50:46 UTC 2014 + Serial Number (hex): 00ccf2ebc76c30f2c2a14c3ea224ebff72 + Revoked at: Wed May 14 13:55:01 UTC 2014 + Serial Number (hex): 598082a2ce129d20565fab9b293fff0f + Revoked at: Wed May 14 14:09:44 UTC 2014 + Serial Number (hex): 6027c1958f4e4890c6262819a894c607 + Revoked at: Wed May 14 14:22:05 UTC 2014 + Serial Number (hex): 38c456137b904cf52c72876798a5372b + Revoked at: Wed May 14 14:34:06 UTC 2014 + Serial Number (hex): 00d09e481c48d9cbae0aea4423281e28cf + Revoked at: Wed May 14 14:49:15 UTC 2014 + Serial Number (hex): 4b245b43e204c15f29b50895b9fbfb8b + Revoked at: Wed May 14 14:49:43 UTC 2014 + Serial Number (hex): 00dc2cab437e2a485269bcca9c06ba5ce9 + Revoked at: Wed May 14 14:58:10 UTC 2014 + Serial Number (hex): 652576d23b5e02d5f381628e5b8ceb33 + Revoked at: Wed May 14 15:18:43 UTC 2014 + Serial Number (hex): 347d82bc07f088b6c31a373ace866d11 + Revoked at: Wed May 14 16:09:06 UTC 2014 + Serial Number (hex): 79346d23803377e74c764e725f1b8295 + Revoked at: Wed May 14 16:13:02 UTC 2014 + Serial Number (hex): 00e012fc0017545ce5012ef717801d82a4 + Revoked at: Wed May 14 16:13:02 UTC 2014 + Serial Number (hex): 00950f6083653f90c7f894432599b75b30 + Revoked at: Wed May 14 16:13:03 UTC 2014 + Serial Number (hex): 00a02d6f58eb693d113ab57607430e8b8f + Revoked at: Wed May 14 17:13:35 UTC 2014 + Serial Number (hex): 3128798601632d36dfc86436c0140058 + Revoked at: Wed May 14 17:14:10 UTC 2014 + Serial Number (hex): 00c1b4762cac410676dd796b8b61333a2f + Revoked at: Wed May 14 17:15:08 UTC 2014 + Serial Number (hex): 7481452a99675275fa969a2f17fec5e6 + Revoked at: Wed May 14 17:56:07 UTC 2014 + Serial Number (hex): 00f3c72ae8ee86d9392c86638fb24c2bc0 + Revoked at: Wed May 14 18:05:14 UTC 2014 + Serial Number (hex): 00fe8a3d92c777e31d1f1935fa0363b907 + Revoked at: Wed May 14 18:14:53 UTC 2014 + Serial Number (hex): 009b5902533250dd7646d2fcbc5a89aca2 + Revoked at: Wed May 14 18:21:28 UTC 2014 + Serial Number (hex): 31679c7ac738562fd97ad3543ec25df2 + Revoked at: Wed May 14 19:14:02 UTC 2014 + Serial Number (hex): 39dc7b335e6eb3dc571acb0498ba0629 + Revoked at: Wed May 14 20:13:55 UTC 2014 + Serial Number (hex): 00beff7b12948762389a682996574a5138 + Revoked at: Wed May 14 21:38:33 UTC 2014 + Serial Number (hex): 00f2b430a38fbb0f59b66529b86935a8d8 + Revoked at: Thu May 15 00:13:04 UTC 2014 + Serial Number (hex): 00d09efbb2670ffc55e0e71aa23b3601b6 + Revoked at: Thu May 15 02:45:24 UTC 2014 + Serial Number (hex): 31cfa2c805d6547d943417c20c9819c7 + Revoked at: Thu May 15 02:53:46 UTC 2014 + Serial Number (hex): 0096803f49c068fec9a5109ff1357a6042 + Revoked at: Thu May 15 06:11:02 UTC 2014 + Serial Number (hex): 00ee956d8dba596df83894ec09ef82c451 + Revoked at: Thu May 15 06:11:11 UTC 2014 + Serial Number (hex): 00de7a8dea8e7584e41db7f8e48b1c07ff + Revoked at: Thu May 15 06:14:39 UTC 2014 + Serial Number (hex): 103e20394e96e9cf7421f35d7a3285c6 + Revoked at: Thu May 15 06:15:35 UTC 2014 + Serial Number (hex): 3f99f67601d8815daeb43f2352760624 + Revoked at: Thu May 15 06:16:41 UTC 2014 + Serial Number (hex): 00cc71df2a180798ca36e1c09ddef3f00d + Revoked at: Thu May 15 06:16:57 UTC 2014 + Serial Number (hex): 008d565ff255fc6b3648372a7417941bea + Revoked at: Thu May 15 06:22:11 UTC 2014 + Serial Number (hex): 1e04861a9d5a777669dff17922df60ce + Revoked at: Thu May 15 06:22:25 UTC 2014 + Serial Number (hex): 00f88b33b78da0c09b9f14bdeab4cfd99f + Revoked at: Thu May 15 06:22:39 UTC 2014 + Serial Number (hex): 54fc4f014d73e142b68e7411e1cf4ffc + Revoked at: Thu May 15 07:41:45 UTC 2014 + Serial Number (hex): 00b649ad5f5948cf6b907c06df7b3ae0f4 + Revoked at: Thu May 15 14:26:22 UTC 2014 + Serial Number (hex): 00a8642e294dee89163edf787319f187f2 + Revoked at: Thu May 15 14:26:40 UTC 2014 + Serial Number (hex): 00c1f6f2c9ddc5ef84dfe5018b46f402a5 + Revoked at: Thu May 15 14:26:52 UTC 2014 + Serial Number (hex): 4fb6f3cde8cde30ecc4b373e4ed442e1 + Revoked at: Thu May 15 14:27:07 UTC 2014 + Serial Number (hex): 1c106364ca9f82bbf382e534bc5de636 + Revoked at: Thu May 15 14:30:53 UTC 2014 + Serial Number (hex): 44a0e90b2c92ce67cde860399a50c25c + Revoked at: Thu May 15 14:39:20 UTC 2014 + Serial Number (hex): 60e706ddb5344a3c0dc3f3d06ca8992c + Revoked at: Thu May 15 14:44:56 UTC 2014 + Serial Number (hex): 00c6d2f234ce23f69242315fcae7b357e1 + Revoked at: Thu May 15 16:13:04 UTC 2014 + Serial Number (hex): 25b18a02a84e21b8ee347cc0b17b53e1 + Revoked at: Thu May 15 16:13:08 UTC 2014 + Serial Number (hex): 00ddfa7ab3cdee878b03c4a326da951da0 + Revoked at: Thu May 15 16:40:47 UTC 2014 + Serial Number (hex): 7b42fe8d452724a37c673d20c780bf6a + Revoked at: Thu May 15 18:53:09 UTC 2014 + Serial Number (hex): 5f8bf7e09eb913b847f728ae3334d970 + Revoked at: Thu May 15 18:57:49 UTC 2014 + Serial Number (hex): 10de71d180148dbf9c09f3cce281cdb3 + Revoked at: Thu May 15 20:22:01 UTC 2014 + Serial Number (hex): 00eaa7f040d0d5f7539469d2d4d487885e + Revoked at: Thu May 15 20:42:11 UTC 2014 + Serial Number (hex): 00bdd753b191df005c5bd064c10a5d5ea0 + Revoked at: Thu May 15 20:43:04 UTC 2014 + Serial Number (hex): 0082537a2618c01e54ac2cbf1aa709ce61 + Revoked at: Thu May 15 20:47:55 UTC 2014 + Serial Number (hex): 675d47c54f4b5e6bb39a245e7ce8e09b + Revoked at: Thu May 15 23:32:13 UTC 2014 + Serial Number (hex): 00a96b65a56fcb64dbd587f589fbe9d3ab + Revoked at: Fri May 16 02:30:03 UTC 2014 + Serial Number (hex): 008650c67114357b88eebcad470d9a9559 + Revoked at: Fri May 16 02:30:50 UTC 2014 + Serial Number (hex): 475abe4c1766acb0ebfd4134a4abd84c + Revoked at: Fri May 16 02:34:43 UTC 2014 + Serial Number (hex): 5e8d7c9439efaaec52f4835759310cc1 + Revoked at: Fri May 16 05:04:42 UTC 2014 + Serial Number (hex): 0096b3ffc89a308b3a589f66bfdce1dcfd + Revoked at: Fri May 16 05:24:05 UTC 2014 + Serial Number (hex): 00e0faecf3b0992129ce6a8344ecc60923 + Revoked at: Fri May 16 06:13:06 UTC 2014 + Serial Number (hex): 00ac46405831c77264f29077c27f8d67dd + Revoked at: Fri May 16 06:21:37 UTC 2014 + Serial Number (hex): 346754f8ee57b45a8e108f1503c73708 + Revoked at: Fri May 16 09:22:12 UTC 2014 + Serial Number (hex): 64247f95bdcb91dd5c26b417a9ef3800 + Revoked at: Fri May 16 11:45:57 UTC 2014 + Serial Number (hex): 5aa8f96f9ecb4050ca79e5d2c68a9e2e + Revoked at: Fri May 16 11:48:27 UTC 2014 + Serial Number (hex): 009e635fa9b9e0a3b13b9a6cc95f1aed63 + Revoked at: Fri May 16 12:19:50 UTC 2014 + Serial Number (hex): 0f826040a612b4ff00d14e74e09ab1d0 + Revoked at: Fri May 16 12:20:03 UTC 2014 + Serial Number (hex): 57d6afce2324f7206ad1d7ee5defc8d3 + Revoked at: Fri May 16 12:20:16 UTC 2014 + Serial Number (hex): 333675a09b7f90e980b61e4d6e36af44 + Revoked at: Fri May 16 12:20:28 UTC 2014 + Serial Number (hex): 0091433fd5423356888279dbe1f598ef05 + Revoked at: Fri May 16 12:33:21 UTC 2014 + Serial Number (hex): 44f1e2af0c4f7a1468dbf1a4be1f3c9f + Revoked at: Fri May 16 13:20:06 UTC 2014 + Serial Number (hex): 009784ab7963ab2cc19e91dc85d1383997 + Revoked at: Fri May 16 13:32:22 UTC 2014 + Serial Number (hex): 4f6339e80540695fdcbc794ea8dd212a + Revoked at: Fri May 16 13:56:50 UTC 2014 + Serial Number (hex): 00ce77f5c7b154d9f44395efa98e790c67 + Revoked at: Fri May 16 14:33:24 UTC 2014 + Serial Number (hex): 48c66b0a55bb6041a064ddfde6b1b635 + Revoked at: Fri May 16 15:36:27 UTC 2014 + Serial Number (hex): 00ecd72a14f30ae3b540e1893bcfcbca9f + Revoked at: Fri May 16 16:13:04 UTC 2014 + Serial Number (hex): 657b158716bc9b1f33763727715122b3 + Revoked at: Fri May 16 16:13:09 UTC 2014 + Serial Number (hex): 00d7c9e1b688bb71cec9dd836de4e8033f + Revoked at: Fri May 16 16:13:10 UTC 2014 + Serial Number (hex): 062c148669584d78a1ffa106f1ab35e3 + Revoked at: Fri May 16 16:45:00 UTC 2014 + Serial Number (hex): 00a3feb4f39cb0a04ea31129dbca22c313 + Revoked at: Fri May 16 17:18:06 UTC 2014 + Serial Number (hex): 212f0fa3bcddbf40e1d25e0efd5a5841 + Revoked at: Fri May 16 17:55:29 UTC 2014 + Serial Number (hex): 00f8362856b202a7835d35afd08b7c33f5 + Revoked at: Fri May 16 18:16:35 UTC 2014 + Serial Number (hex): 116c9b7d8521ebb3f16a3c385cc5accd + Revoked at: Fri May 16 18:26:55 UTC 2014 + Serial Number (hex): 00a9e36c6a01f3c83b95f3dc117d90f8c4 + Revoked at: Fri May 16 19:17:21 UTC 2014 + Serial Number (hex): 0096b801c3452b4a7890d3c1c6f4e98343 + Revoked at: Fri May 16 19:44:35 UTC 2014 + Serial Number (hex): 009f01f142f8ac47ab31ce2f9c9f78b8af + Revoked at: Fri May 16 19:44:59 UTC 2014 + Serial Number (hex): 00a1636810e898ff519ab1dfb5e90bec1e + Revoked at: Sat May 17 14:50:29 UTC 2014 + Serial Number (hex): 232ca3183e540363d5950aee69794ca7 + Revoked at: Sun May 18 16:13:08 UTC 2014 + Serial Number (hex): 00e4a53f6cfa961a76b7a41417dd89d005 + Revoked at: Mon May 19 09:38:14 UTC 2014 + Serial Number (hex): 0091e649181c8f854c833472bc0e62b70e + Revoked at: Mon May 19 09:38:21 UTC 2014 + Serial Number (hex): 6f91f97333bdc96a11b0c216e6120613 + Revoked at: Mon May 19 10:06:36 UTC 2014 + Serial Number (hex): 00c930a9c3cd7f442599812cd3390512e2 + Revoked at: Mon May 19 11:05:52 UTC 2014 + Serial Number (hex): 7798158c2c9d1495e05b1d03734db05d + Revoked at: Mon May 19 11:06:05 UTC 2014 + Serial Number (hex): 7aaeee9ec33d7c67c1b32366c22f40ce + Revoked at: Mon May 19 11:29:29 UTC 2014 + Serial Number (hex): 00bfdf6175de9a5bd71dee573658355618 + Revoked at: Mon May 19 13:39:57 UTC 2014 + Serial Number (hex): 4257860072a64e9b6ac60e30f6353d + Revoked at: Mon May 19 13:52:53 UTC 2014 + Serial Number (hex): 00af12f1d72f18c96ec1df5e5bb136b2d3 + Revoked at: Mon May 19 14:11:25 UTC 2014 + Serial Number (hex): 0d4be9b6a79ee495e7a3d72dce88b820 + Revoked at: Mon May 19 15:04:34 UTC 2014 + Serial Number (hex): 1841bcc88df84f76833a95e14522f30a + Revoked at: Mon May 19 15:08:42 UTC 2014 + Serial Number (hex): 745515aef9d175d1fe535a1f0a28c59c + Revoked at: Mon May 19 15:45:57 UTC 2014 + Serial Number (hex): 00c366c08c0683f4d4b08021cd10d03ff9 + Revoked at: Mon May 19 15:48:00 UTC 2014 + Serial Number (hex): 6fc6c783d04160414854d1b6a688c52a + Revoked at: Mon May 19 16:13:03 UTC 2014 + Serial Number (hex): 1bc6963d937b24c5857ed1071cdcd0be + Revoked at: Mon May 19 16:13:03 UTC 2014 + Serial Number (hex): 0b3af1123d5140ae332f3b5d3c21ce4d + Revoked at: Mon May 19 16:13:03 UTC 2014 + Serial Number (hex): 34b65be70bc92429405e746bce6c6e40 + Revoked at: Mon May 19 16:47:20 UTC 2014 + Serial Number (hex): 00f556e54c7fd31be322d1b2ce9cc61349 + Revoked at: Mon May 19 16:50:31 UTC 2014 + Serial Number (hex): 0094d5bfbea87a0e0279fa5fd4b7b9cf99 + Revoked at: Mon May 19 19:24:00 UTC 2014 + Serial Number (hex): 00bc5a491bd9d68e8512ddefea11ed6f53 + Revoked at: Mon May 19 19:42:18 UTC 2014 + Serial Number (hex): 1a423c87f1d0e9fb6c695648491c250e + Revoked at: Mon May 19 21:24:07 UTC 2014 + Serial Number (hex): 00f29b88e97e33b6650d341ade71b99844 + Revoked at: Mon May 19 22:00:29 UTC 2014 + Serial Number (hex): 00e610dc24429260b68b05f159865b9e1d + Revoked at: Mon May 19 23:27:29 UTC 2014 + Serial Number (hex): 3fa2c420a0c2e97423b55e904b9e16c4 + Revoked at: Tue May 20 07:11:45 UTC 2014 + Serial Number (hex): 00eafbe00f4930378fa0f736b0f8b95de2 + Revoked at: Tue May 20 07:12:17 UTC 2014 + Serial Number (hex): 12f311a10fa98215f8d7155a0efd7c8c + Revoked at: Tue May 20 07:12:36 UTC 2014 + Serial Number (hex): 6b10486b87d7ce6a96aaf221865ca7af + Revoked at: Tue May 20 07:13:12 UTC 2014 + Serial Number (hex): 2ed82940fc3524851a2044fbe9caba11 + Revoked at: Tue May 20 07:13:30 UTC 2014 + Serial Number (hex): 6ea09e4cc6d3ffb6cdc9b58222b2493d + Revoked at: Tue May 20 07:13:48 UTC 2014 + Serial Number (hex): 3439505e4a6205a96ae8e0b1b7b10aa5 + Revoked at: Tue May 20 07:14:08 UTC 2014 + Serial Number (hex): 00b53773cf47c032e1766a5f57ab3d7c30 + Revoked at: Tue May 20 07:14:27 UTC 2014 + Serial Number (hex): 00d252aabd17cbf5f7f3862ae49237f5da + Revoked at: Tue May 20 07:14:45 UTC 2014 + Serial Number (hex): 2c9b8561fb4d70f81533cd2aaf7d8f97 + Revoked at: Tue May 20 07:15:05 UTC 2014 + Serial Number (hex): 00fce81f71f14f197c0a455e96125fe33f + Revoked at: Tue May 20 07:15:25 UTC 2014 + Serial Number (hex): 00e7594b12272d7ea3604cfe81d70190c7 + Revoked at: Tue May 20 07:15:47 UTC 2014 + Serial Number (hex): 3fbedd30a7786cacd9bf741c7226d149 + Revoked at: Tue May 20 07:16:08 UTC 2014 + Serial Number (hex): 68b83ff16bd9dcf304b6057cc54f4226 + Revoked at: Tue May 20 07:16:25 UTC 2014 + Serial Number (hex): 4ede10bd4b3a47ff6802364372cfd70a + Revoked at: Tue May 20 07:16:44 UTC 2014 + Serial Number (hex): 77900600c818294831e419dda7fb31f7 + Revoked at: Tue May 20 10:24:47 UTC 2014 + Serial Number (hex): 00829896da6a51f9eb1f0f5bb82381ea93 + Revoked at: Tue May 20 14:05:54 UTC 2014 + Serial Number (hex): 0bc687d4fc57ddc56e68420731e5f26b + Revoked at: Tue May 20 14:52:41 UTC 2014 + Serial Number (hex): 4de73cc789346856d45b5e9d8094c16f + Revoked at: Tue May 20 15:13:17 UTC 2014 + Serial Number (hex): 00a9609df90d5402eed77570237b11cb34 + Revoked at: Tue May 20 15:43:20 UTC 2014 + Serial Number (hex): 4fb77c7dcd0df9f71a83b67f9502c23b + Revoked at: Tue May 20 15:43:44 UTC 2014 + Serial Number (hex): 4c473ccf32f92db9e47c170f645c067b + Revoked at: Tue May 20 15:44:05 UTC 2014 + Serial Number (hex): 0092cce2c142fadaad1b4949682c73c417 + Revoked at: Tue May 20 15:51:32 UTC 2014 + Serial Number (hex): 00e6f8192c8feadeca433ff1c8db9aa4a0 + Revoked at: Tue May 20 16:13:07 UTC 2014 + Serial Number (hex): 00cfbe77bfbc54083bece6268a3fd08933 + Revoked at: Tue May 20 16:59:06 UTC 2014 + Serial Number (hex): 00e22a9895270e0cdfd3e9ea89a0d07eb2 + Revoked at: Tue May 20 17:47:43 UTC 2014 + Serial Number (hex): 0d0fae1271afd26499a3de949525206c + Revoked at: Tue May 20 18:49:52 UTC 2014 + Serial Number (hex): 00bf98df3ad7de2897bc41d712851f6565 + Revoked at: Wed May 21 13:16:50 UTC 2014 + Serial Number (hex): 00e73e421203271491301f4e9bcafde4a4 + Revoked at: Wed May 21 13:23:48 UTC 2014 + Serial Number (hex): 00c4a3891eb273f94e5f642d282dc6d128 + Revoked at: Wed May 21 13:26:05 UTC 2014 + Serial Number (hex): 06b2029fd96b2e8acd9c069e8d6b1cf0 + Revoked at: Wed May 21 13:26:08 UTC 2014 + Serial Number (hex): 00c7c65b4e83ea681f3041f4ed0d5d1dda + Revoked at: Wed May 21 13:26:16 UTC 2014 + Serial Number (hex): 00a88e0252d01c327a5f070a2967325e09 + Revoked at: Wed May 21 15:05:57 UTC 2014 + Serial Number (hex): 0081165196634ddb44fea93e21836cf1cb + Revoked at: Wed May 21 15:08:22 UTC 2014 + Serial Number (hex): 6579f18e613d573ecd884018500a6958 + Revoked at: Wed May 21 15:20:20 UTC 2014 + Serial Number (hex): 00ae4f23b2697b56d12d1415c3354c4cd0 + Revoked at: Wed May 21 15:32:38 UTC 2014 + Serial Number (hex): 2b2fda632ae32bb37f877e3d28bf14bd + Revoked at: Wed May 21 15:33:53 UTC 2014 + Serial Number (hex): 00e0edc6c5ad92285ed00dcf244ba0c9fe + Revoked at: Wed May 21 15:38:06 UTC 2014 + Serial Number (hex): 580b68879aab67e503ff912681f398bf + Revoked at: Wed May 21 15:39:14 UTC 2014 + Serial Number (hex): 46e5707fbfffab0e7a234c7e4f982122 + Revoked at: Wed May 21 15:40:12 UTC 2014 + Serial Number (hex): 106b573e75d6ea23f5c869df39e69d82 + Revoked at: Wed May 21 15:40:45 UTC 2014 + Serial Number (hex): 240139512174b6f9d02cfb65970f1e77 + Revoked at: Wed May 21 15:41:12 UTC 2014 + Serial Number (hex): 4d7993561d55078a56564f60a070f692 + Revoked at: Wed May 21 15:41:40 UTC 2014 + Serial Number (hex): 1d9e98f39f298181766b8c76afa39e82 + Revoked at: Wed May 21 15:45:20 UTC 2014 + Serial Number (hex): 2b6825259f8e4457939d5bc2238ee1d9 + Revoked at: Wed May 21 15:48:13 UTC 2014 + Serial Number (hex): 10ac535d0c3a8d92f94725dc9221d520 + Revoked at: Wed May 21 15:48:32 UTC 2014 + Serial Number (hex): 522ac6a46886bcbd7f27593768263a7f + Revoked at: Wed May 21 15:48:50 UTC 2014 + Serial Number (hex): 00e425e122ccf9545a9d71492469068985 + Revoked at: Wed May 21 16:09:37 UTC 2014 + Serial Number (hex): 4d72179189f3a32b44d0242a70a5bfd9 + Revoked at: Wed May 21 16:10:55 UTC 2014 + Serial Number (hex): 0081e604edc9df8852b02b1cc2b24569bb + Revoked at: Wed May 21 16:58:29 UTC 2014 + Serial Number (hex): 6c6fceb55e890c652eb375e3bd1c349d + Revoked at: Wed May 21 17:07:41 UTC 2014 + Serial Number (hex): 00f4f71172f59dbaa9de7431720324cce8 + Revoked at: Wed May 21 17:10:47 UTC 2014 + Serial Number (hex): 22054f4cea405dc9c0c9f7a32b24242d + Revoked at: Wed May 21 17:11:51 UTC 2014 + Serial Number (hex): 00e0631cec2679473c0c9fce56f97247c8 + Revoked at: Wed May 21 17:43:31 UTC 2014 + Serial Number (hex): 00d2a5434411b7d381bdc1481396b33411 + Revoked at: Wed May 21 17:44:37 UTC 2014 + Serial Number (hex): 70bd79b6f01889ea220916e6be927e46 + Revoked at: Wed May 21 17:46:50 UTC 2014 + Serial Number (hex): 00bfbee233f114aed7424b38e1b001880f + Revoked at: Wed May 21 17:49:23 UTC 2014 + Serial Number (hex): 7b62376e01e26999514b583c1fdff960 + Revoked at: Wed May 21 17:50:14 UTC 2014 + Serial Number (hex): 47eab77bc5672bdcfe66f4dd7566e425 + Revoked at: Wed May 21 17:50:58 UTC 2014 + Serial Number (hex): 00e05d23dbb403a6bf4e3cb63be8ee57e9 + Revoked at: Wed May 21 17:51:45 UTC 2014 + Serial Number (hex): 00f130e1508082467ed792760602ab9fb8 + Revoked at: Wed May 21 17:52:36 UTC 2014 + Serial Number (hex): 60221fa2795f09e05064158354a5a560 + Revoked at: Wed May 21 17:52:57 UTC 2014 + Serial Number (hex): 0081ef9cfc258fa21a771761e962c3593c + Revoked at: Wed May 21 18:08:13 UTC 2014 + Serial Number (hex): 00937b635140d411356b839a202b714b0c + Revoked at: Wed May 21 18:21:40 UTC 2014 + Serial Number (hex): 49dae626e5a3d84fddf3b27bcebd3370 + Revoked at: Wed May 21 18:30:52 UTC 2014 + Serial Number (hex): 00c106b44460132c86a01b127f0d13dd78 + Revoked at: Wed May 21 18:54:10 UTC 2014 + Serial Number (hex): 3ffd43c07560abbc99c6cc9c81e03d67 + Revoked at: Wed May 21 18:54:49 UTC 2014 + Serial Number (hex): 5db386ce318d940835b5b91aeab35b0b + Revoked at: Wed May 21 18:55:15 UTC 2014 + Serial Number (hex): 00efb1b6a491b8024518de7705047290c0 + Revoked at: Wed May 21 19:01:18 UTC 2014 + Serial Number (hex): 008fdc9275208ae52acf8416d2f7cbcce2 + Revoked at: Wed May 21 19:07:26 UTC 2014 + Serial Number (hex): 008c3ae8ac51e5fc64eab1392abdb69a1a + Revoked at: Wed May 21 19:41:39 UTC 2014 + Serial Number (hex): 32bbb58b4200dee67f22b8b71eaa80be + Revoked at: Wed May 21 20:04:09 UTC 2014 + Serial Number (hex): 69cf3a31954596fe450dc5dd9520b7a8 + Revoked at: Wed May 21 20:13:22 UTC 2014 + Serial Number (hex): 42b1cf2a4f65a755d655cd79dba71c01 + Revoked at: Wed May 21 20:32:22 UTC 2014 + Serial Number (hex): 0093e9de7d07cd3d567c249619aee20bd3 + Revoked at: Wed May 21 21:12:53 UTC 2014 + Serial Number (hex): 00eef1d07524c9940819715efc0dd4ec70 + Revoked at: Wed May 21 21:25:31 UTC 2014 + Serial Number (hex): 5649a9e7d017c7e8e1b3988bb5f1a2bc + Revoked at: Thu May 22 05:04:28 UTC 2014 + Serial Number (hex): 00f47a6c1e2453ab1410135fcea796c514 + Revoked at: Thu May 22 07:51:44 UTC 2014 + Serial Number (hex): 19643a71554ef82c56c7f6e6ec943d2a + Revoked at: Thu May 22 10:13:52 UTC 2014 + Serial Number (hex): 00902c622323dc7f2cb270f1239626ecf5 + Revoked at: Thu May 22 11:56:39 UTC 2014 + Serial Number (hex): 00f88bd00fbe3dbbe9e7f6af3a8d33d1c5 + Revoked at: Thu May 22 12:10:23 UTC 2014 + Serial Number (hex): 2abe6bacd56db98de8e6e632a2b84d1e + Revoked at: Thu May 22 12:56:20 UTC 2014 + Serial Number (hex): 2434579a0ed6fed9c4e9f5f0591e2cd9 + Revoked at: Thu May 22 13:53:55 UTC 2014 + Serial Number (hex): 00d68b6242a9aa4863b8257c59330678ac + Revoked at: Thu May 22 14:24:41 UTC 2014 + Serial Number (hex): 31602070c4e404aabc1c5ace67461e01 + Revoked at: Thu May 22 14:42:51 UTC 2014 + Serial Number (hex): 0f3db9d47733c364a2874459ceb16747 + Revoked at: Thu May 22 14:43:06 UTC 2014 + Serial Number (hex): 00c5f242d410ebbe656feb31c08141a67b + Revoked at: Thu May 22 14:43:16 UTC 2014 + Serial Number (hex): 04d23c7c8e0a3513092aa3348c45d8f4 + Revoked at: Thu May 22 14:43:23 UTC 2014 + Serial Number (hex): 0098c201db35d3ffd7c40a85bad378f82c + Revoked at: Thu May 22 14:43:29 UTC 2014 + Serial Number (hex): 00b39a8f116e149f811b261f7c9b17875f + Revoked at: Thu May 22 14:43:37 UTC 2014 + Serial Number (hex): 00d89c73a444a2cee9b5efc4a9cfca9421 + Revoked at: Thu May 22 15:50:50 UTC 2014 + Serial Number (hex): 6d0e48106512b659d256564f7b66624b + Revoked at: Thu May 22 16:13:52 UTC 2014 + Serial Number (hex): 2844c82031b0bc00875a84e9a5942f8d + Revoked at: Thu May 22 16:26:05 UTC 2014 + Serial Number (hex): 09836916ddea539f2367809191747c23 + Revoked at: Thu May 22 16:32:25 UTC 2014 + Serial Number (hex): 7b7ab85d72de1f98aefcaf7946ef1fe9 + Revoked at: Thu May 22 16:32:44 UTC 2014 + Serial Number (hex): 2b9d005e53800a859928da8a1aff2deb + Revoked at: Thu May 22 18:15:21 UTC 2014 + Serial Number (hex): 50f3b4c7f129f8409a15fe95c0bfe6cd + Revoked at: Thu May 22 18:16:04 UTC 2014 + Serial Number (hex): 2267c42d47e4e43bfad72b467565a4cb + Revoked at: Thu May 22 18:36:20 UTC 2014 + Serial Number (hex): 0096212e544ab53f6d3ceb708eaa921150 + Revoked at: Thu May 22 18:42:48 UTC 2014 + Serial Number (hex): 00cfa2c3c0f60b5f8a70388fe21e86cd23 + Revoked at: Thu May 22 19:00:27 UTC 2014 + Serial Number (hex): 2f7c1e0f42b76136b4a7a091079c5169 + Revoked at: Thu May 22 19:28:16 UTC 2014 + Serial Number (hex): 79b6fc52c1a9fa92e9e00ce003114e1b + Revoked at: Thu May 22 19:38:22 UTC 2014 + Serial Number (hex): 00afcaf7b4b6bff2e81ed00b6467c31137 + Revoked at: Thu May 22 20:59:53 UTC 2014 + Serial Number (hex): 00e1955b10bd3a3ed37d0156a37b526f64 + Revoked at: Thu May 22 21:00:02 UTC 2014 + Serial Number (hex): 008d13d7af382505e35f4b0033b0aa09a3 + Revoked at: Thu May 22 21:04:07 UTC 2014 + Serial Number (hex): 540e56c3d934100f046723641f229bd4 + Revoked at: Thu May 22 22:04:31 UTC 2014 + Serial Number (hex): 2beac75a6ee2b186378dd5aa6eb949c0 + Revoked at: Thu May 22 23:16:34 UTC 2014 + Serial Number (hex): 5e4b4e2ae123d62ea8c6e27f8428cc11 + Revoked at: Fri May 23 03:40:07 UTC 2014 + Serial Number (hex): 00dd1fd961f9f16a0706141e93d0ee1b1f + Revoked at: Fri May 23 03:40:32 UTC 2014 + Serial Number (hex): 18ceed5e66d010f5b0f7d313cbf67399 + Revoked at: Fri May 23 05:03:38 UTC 2014 + Serial Number (hex): 1e771303b3db43e9d5ab02cc17d9da65 + Revoked at: Fri May 23 09:43:28 UTC 2014 + Serial Number (hex): 3a37c02e1b5b19fd9ee6c17ea9c34d48 + Revoked at: Fri May 23 11:15:43 UTC 2014 + Serial Number (hex): 35e9736229803f073ec58218a599e2b8 + Revoked at: Fri May 23 11:25:29 UTC 2014 + Serial Number (hex): 0090f7288bee1191eb6d9982562a584a8c + Revoked at: Fri May 23 13:50:27 UTC 2014 + Serial Number (hex): 00ed1b4dce42511a742c408e8e947b97c7 + Revoked at: Fri May 23 13:50:29 UTC 2014 + Serial Number (hex): 4945c0ec29ab8067fac3360d205c4fb8 + Revoked at: Fri May 23 13:50:31 UTC 2014 + Serial Number (hex): 187b847b2b3923d1d7619fe64b29d6d9 + Revoked at: Fri May 23 13:50:40 UTC 2014 + Serial Number (hex): 48282abb8e5b3c865f0ebf86a25af77b + Revoked at: Fri May 23 13:51:09 UTC 2014 + Serial Number (hex): 00ba62e2ff1c8aefb6fca913989518a47f + Revoked at: Fri May 23 14:16:26 UTC 2014 + Serial Number (hex): 0084b023a8e2cde9d01bf4daeb4b7f692c + Revoked at: Fri May 23 14:36:26 UTC 2014 + Serial Number (hex): 77e8ad7db4f457d4260689ce584ea9a6 + Revoked at: Fri May 23 15:10:16 UTC 2014 + Serial Number (hex): 00d9ac39f472e6f7c2a3e52399f38526cc + Revoked at: Fri May 23 15:17:21 UTC 2014 + Serial Number (hex): 0aea970317825f16fa293425f3fcafea + Revoked at: Fri May 23 15:20:09 UTC 2014 + Serial Number (hex): 00d4a04281deb53382732b4151c19c08ff + Revoked at: Fri May 23 15:27:00 UTC 2014 + Serial Number (hex): 681bccab45025848d6387cfad9226409 + Revoked at: Fri May 23 15:27:18 UTC 2014 + Serial Number (hex): 0f9746863f7c08af16a8a31c3ce375f4 + Revoked at: Fri May 23 15:38:20 UTC 2014 + Serial Number (hex): 47dc2689c2afaa9f9f06e6ef7d1f4926 + Revoked at: Fri May 23 15:41:56 UTC 2014 + Serial Number (hex): 00e4085f030fcbb0915d4098a4ab77a64f + Revoked at: Fri May 23 16:13:02 UTC 2014 + Serial Number (hex): 00b005b6972fe56ba56556efde1dfaf19c + Revoked at: Fri May 23 16:19:17 UTC 2014 + Serial Number (hex): 00d74a9db7a569ac4b092090aed25b399b + Revoked at: Fri May 23 18:15:13 UTC 2014 + Serial Number (hex): 00811a52822ae47303031f3f5e84f4ddf8 + Revoked at: Fri May 23 18:16:08 UTC 2014 + Serial Number (hex): 00c596a1ce0a243101bdd62d4fceab5773 + Revoked at: Fri May 23 18:17:22 UTC 2014 + Serial Number (hex): 00c8d0ffc5389310babbed7eabf3611d5c + Revoked at: Fri May 23 19:23:54 UTC 2014 + Serial Number (hex): 0085f184eb75935364479d7ffb63395160 + Revoked at: Fri May 23 20:48:47 UTC 2014 + Serial Number (hex): 0e320c1403b9fb2a2b1005ae65995796 + Revoked at: Fri May 23 20:49:30 UTC 2014 + Serial Number (hex): 00dea3c796dba2d5db244b6ccab9a3c2b5 + Revoked at: Fri May 23 21:00:23 UTC 2014 + Serial Number (hex): 0249bcc300ed690fdf6c98c1ede86212 + Revoked at: Fri May 23 21:14:09 UTC 2014 + Serial Number (hex): 00b7fd11d84cadaa91f725c2e5c1a265b4 + Revoked at: Fri May 23 21:14:55 UTC 2014 + Serial Number (hex): 6dd17fe4e79ee42e67cd8d769558c5c3 + Revoked at: Fri May 23 21:38:51 UTC 2014 + Serial Number (hex): 0094d334e4b70fd739968a4de70c9f0c70 + Revoked at: Fri May 23 21:39:04 UTC 2014 + Serial Number (hex): 0f4cea1304d0869d379f17b27df9a91d + Revoked at: Fri May 23 21:39:17 UTC 2014 + Serial Number (hex): 00cad07f7577cdf3459ddd1eee61ac9029 + Revoked at: Fri May 23 21:53:19 UTC 2014 + Serial Number (hex): 009adc66d6066952d41e8fa03885057f87 + Revoked at: Sat May 24 20:06:26 UTC 2014 + Serial Number (hex): 41f3f8de0be59504fe05a7e8ccd34a1c + Revoked at: Mon May 26 09:07:15 UTC 2014 + Serial Number (hex): 54918ed568659879d0cb51ba957e3c1d + Revoked at: Mon May 26 11:51:15 UTC 2014 + Serial Number (hex): 5f548ecc836bc9c82b0f4ae53aa77af7 + Revoked at: Mon May 26 12:09:33 UTC 2014 + Serial Number (hex): 00f04fc264de606061ef6da95a67cf0b8b + Revoked at: Mon May 26 14:30:48 UTC 2014 + Serial Number (hex): 13f6df578680c11ffe387dd1e3ab296b + Revoked at: Mon May 26 15:45:07 UTC 2014 + Serial Number (hex): 33a8d999acf2c19fd61bef5e8ba0f0f1 + Revoked at: Mon May 26 15:45:21 UTC 2014 + Serial Number (hex): 6c7f8711610bf75d4b81e3622e053160 + Revoked at: Tue May 27 05:27:50 UTC 2014 + Serial Number (hex): 0091e671e91064b96f950d8f46bede5332 + Revoked at: Tue May 27 05:27:54 UTC 2014 + Serial Number (hex): 5e3e12ddafaee121dc6265f2cd228f71 + Revoked at: Tue May 27 13:27:50 UTC 2014 + Serial Number (hex): 70ff64ab9d86edd248c3410c6333502f + Revoked at: Tue May 27 14:44:32 UTC 2014 + Serial Number (hex): 00cf6631e1a686ae1b80fb16c41c35c6ba + Revoked at: Tue May 27 14:44:54 UTC 2014 + Serial Number (hex): 0619039b6bb64da76847f48c355dab8f + Revoked at: Tue May 27 14:45:09 UTC 2014 + Serial Number (hex): 1dc4ef89b071f1e27cdf334c9a709e5a + Revoked at: Tue May 27 15:42:12 UTC 2014 + Serial Number (hex): 00a070c9898438a02d2d3bb4811886ca6e + Revoked at: Tue May 27 16:13:05 UTC 2014 + Serial Number (hex): 13ef998ff5e89b32934701a15cf80224 + Revoked at: Tue May 27 16:37:19 UTC 2014 + Serial Number (hex): 75fa15214f5c396a7afe274030659b8c + Revoked at: Tue May 27 17:07:49 UTC 2014 + Serial Number (hex): 170f3db40a6b8df994fd4889a30283b2 + Revoked at: Tue May 27 19:27:37 UTC 2014 + Serial Number (hex): 00f5e9dbb44a2fca6f38775cdf62d442da + Revoked at: Tue May 27 19:28:12 UTC 2014 + Serial Number (hex): 429292baef5bf942df6e3c8d3c0dfb5f + Revoked at: Tue May 27 19:28:40 UTC 2014 + Serial Number (hex): 7f55f0b0ecb2e13e8d1ad7a000a68f6b + Revoked at: Tue May 27 19:29:27 UTC 2014 + Serial Number (hex): 0094563fe1e24ed256ac18412defc6b835 + Revoked at: Tue May 27 19:32:09 UTC 2014 + Serial Number (hex): 00fdfcd0b7fa533cffacc630cd12f8efce + Revoked at: Tue May 27 19:35:59 UTC 2014 + Serial Number (hex): 2803f8f0961b9ac8d51c07dd2d4c9a83 + Revoked at: Tue May 27 19:36:42 UTC 2014 + Serial Number (hex): 1d7c76b0ad0e66a4f1ccbd2e15080207 + Revoked at: Tue May 27 19:37:02 UTC 2014 + Serial Number (hex): 00ecb7701e4ee18733fe61dd0a2217b705 + Revoked at: Tue May 27 20:29:43 UTC 2014 + Serial Number (hex): 5b26b323252111d31cac33f490c243ca + Revoked at: Tue May 27 21:03:20 UTC 2014 + Serial Number (hex): 5f375b6d73a254ccdf79c7ac1f5cb8e4 + Revoked at: Tue May 27 22:35:40 UTC 2014 + Serial Number (hex): 310eb56651a17241fea526cf6bde8217 + Revoked at: Tue May 27 23:11:52 UTC 2014 + Serial Number (hex): 00b3e7c39b11924d6b9aa19093eabfc64c + Revoked at: Wed May 28 05:23:15 UTC 2014 + Serial Number (hex): 44dde9b6c06d11c168c0edf3603f2de2 + Revoked at: Wed May 28 08:53:49 UTC 2014 + Serial Number (hex): 1a269e17964340581d3a2b64316c8d4e + Revoked at: Wed May 28 11:19:57 UTC 2014 + Serial Number (hex): 2ad96084ce2d79be1720c1ea8174c745 + Revoked at: Wed May 28 11:35:42 UTC 2014 + Serial Number (hex): 00c6bee1dec4cd6861de2148d106c30d38 + Revoked at: Wed May 28 13:12:52 UTC 2014 + Serial Number (hex): 71eea7646cd4d258ba4122d33a7a665f + Revoked at: Wed May 28 13:49:57 UTC 2014 + Serial Number (hex): 5afce5a36333e081f322f2978177718e + Revoked at: Wed May 28 15:01:04 UTC 2014 + Serial Number (hex): 00e57bd347c8f9d49787ace5791b35b98b + Revoked at: Wed May 28 15:09:46 UTC 2014 + Serial Number (hex): 009f1eff9682f06654b533a496bfcf29f1 + Revoked at: Wed May 28 15:26:01 UTC 2014 + Serial Number (hex): 379a783de29344c61688a2278a86eb37 + Revoked at: Wed May 28 15:35:51 UTC 2014 + Serial Number (hex): 00fda79b934567ccf97935b6fc7067b078 + Revoked at: Wed May 28 15:45:46 UTC 2014 + Serial Number (hex): 1407cf9d84e2666336f64c8d8f4e981b + Revoked at: Wed May 28 16:00:18 UTC 2014 + Serial Number (hex): 00d29f014140c4e3b717f9933af1b3af0e + Revoked at: Wed May 28 16:13:07 UTC 2014 + Serial Number (hex): 0ec3a512c67fa1bb4db5987dc39bb924 + Revoked at: Wed May 28 16:26:02 UTC 2014 + Serial Number (hex): 09a3f9d6af81025be3484d15de55e4fe + Revoked at: Wed May 28 16:26:34 UTC 2014 + Serial Number (hex): 32faf998485eb32caa4e546d35894153 + Revoked at: Wed May 28 16:44:41 UTC 2014 + Serial Number (hex): 00fe477cfe66f236a25982d4c9516af6dc + Revoked at: Wed May 28 16:51:50 UTC 2014 + Serial Number (hex): 00b8d1fab47daa3ac19761e5d895362b9b + Revoked at: Wed May 28 17:00:19 UTC 2014 + Serial Number (hex): 24a579e27f7611ee74c51f1500052c41 + Revoked at: Wed May 28 17:32:57 UTC 2014 + Serial Number (hex): 6dff9e4f0badbddea61463ebfefbf9e9 + Revoked at: Wed May 28 17:36:29 UTC 2014 + Serial Number (hex): 00b6d9e7608710225fcf31319fe809b0b7 + Revoked at: Wed May 28 17:41:05 UTC 2014 + Serial Number (hex): 27abc7641a8d66b0f5651c54d47675a0 + Revoked at: Wed May 28 17:43:17 UTC 2014 + Serial Number (hex): 00a66bfb6227f2d845864354633e08fb1f + Revoked at: Wed May 28 17:52:23 UTC 2014 + Serial Number (hex): 3d7ded26539f6891f44795433bb624b5 + Revoked at: Wed May 28 18:56:55 UTC 2014 + Serial Number (hex): 00da756db45cb2767af08c6e654a70faa9 + Revoked at: Wed May 28 23:36:25 UTC 2014 + Serial Number (hex): 00cb9c7291224e04a95e624f5655bfca17 + Revoked at: Thu May 29 00:12:03 UTC 2014 + Serial Number (hex): 1d8ccc5b4d67a92e200678b0ca0ec01b + Revoked at: Thu May 29 00:12:13 UTC 2014 + Serial Number (hex): 5c8b09a7f58d4b422bb5123e9a87b5f7 + Revoked at: Thu May 29 06:01:10 UTC 2014 + Serial Number (hex): 38a73bfad74424422250c4a05747ce76 + Revoked at: Thu May 29 06:01:34 UTC 2014 + Serial Number (hex): 1b33fb746466ce5e31d5e0ad5eba1099 + Revoked at: Thu May 29 12:49:13 UTC 2014 + Serial Number (hex): 00f7a04ab6f595f78a392d0c32f8e9655a + Revoked at: Thu May 29 12:56:56 UTC 2014 + Serial Number (hex): 29492ea8bbfa86cd981bedd94c76db72 + Revoked at: Thu May 29 13:13:38 UTC 2014 + Serial Number (hex): 00f67f429d2f30e32253540c411ab78e60 + Revoked at: Thu May 29 13:18:20 UTC 2014 + Serial Number (hex): 45b760239f3ae19cad72cf575f166014 + Revoked at: Thu May 29 13:28:24 UTC 2014 + Serial Number (hex): 00b385362d616fc83fb4123d961c9cb2e1 + Revoked at: Thu May 29 14:15:05 UTC 2014 + Serial Number (hex): 00b0cada0fc4db844f7fd8e82d55382c62 + Revoked at: Thu May 29 14:17:15 UTC 2014 + Serial Number (hex): 00ac5cac1d46662e65e2ad24b4508bc5ad + Revoked at: Thu May 29 14:23:25 UTC 2014 + Serial Number (hex): 46afcf5a4dadc4cfe14d841ce7134cbb + Revoked at: Thu May 29 14:26:19 UTC 2014 + Serial Number (hex): 45e1057db4f1e9a5507ca801a70d1f19 + Revoked at: Thu May 29 14:44:42 UTC 2014 + Serial Number (hex): 00a04817d7b1c71b1be085e11d23af9c4a + Revoked at: Thu May 29 14:46:11 UTC 2014 + Serial Number (hex): 38e036bb3ac9cc98bef57d785b02c21e + Revoked at: Thu May 29 14:47:58 UTC 2014 + Serial Number (hex): 6af3f3c847bb1e6e0d94945e934db085 + Revoked at: Thu May 29 15:20:29 UTC 2014 + Serial Number (hex): 00bd7129744defcde4cefe8d46f14e3c2b + Revoked at: Thu May 29 15:52:47 UTC 2014 + Serial Number (hex): 312356738ae87e903d8aefc267240f59 + Revoked at: Thu May 29 16:13:07 UTC 2014 + Serial Number (hex): 00ce4162e32280277094b28407883da1e3 + Revoked at: Thu May 29 16:13:35 UTC 2014 + Serial Number (hex): 00b6f36d1dbabde86386b6ca65da99b957 + Revoked at: Thu May 29 17:20:09 UTC 2014 + Serial Number (hex): 1da4a179cb097f6d991322363d466570 + Revoked at: Thu May 29 17:25:49 UTC 2014 + Serial Number (hex): 00e70e7b113eb495cdb24ca8dfa764c498 + Revoked at: Thu May 29 17:29:07 UTC 2014 + Serial Number (hex): 45c3a8996ef091fd785a2232e2d684bc + Revoked at: Thu May 29 17:46:00 UTC 2014 + Serial Number (hex): 4d3dec6793dc0057cc9707f96a5317f1 + Revoked at: Thu May 29 18:08:27 UTC 2014 + Serial Number (hex): 00cd2b076803c03a8622ea639211cd3ba3 + Revoked at: Thu May 29 20:58:12 UTC 2014 + Serial Number (hex): 00b11166cc21764e39ece076b8da97a261 + Revoked at: Fri May 30 10:36:28 UTC 2014 + Serial Number (hex): 36e0a6fb806a21933be9b97ed4f69942 + Revoked at: Fri May 30 12:13:37 UTC 2014 + Serial Number (hex): 00f3ef48af6a386d3e1c3571c14f118740 + Revoked at: Fri May 30 12:42:23 UTC 2014 + Serial Number (hex): 00aeff9b7b2c0a60ed9a685f58e9ab4f83 + Revoked at: Fri May 30 13:15:18 UTC 2014 + Serial Number (hex): 6c657102fd5dc9fc860b2d40f34196f7 + Revoked at: Fri May 30 13:15:25 UTC 2014 + Serial Number (hex): 00a2ee1f99adbb79e1a01b0cd1e17a1eb7 + Revoked at: Fri May 30 13:26:51 UTC 2014 + Serial Number (hex): 00b4ec810793a2cb990db19011d6859102 + Revoked at: Fri May 30 13:28:36 UTC 2014 + Serial Number (hex): 0084f57e09cf8e2ed23f94beac12969ad2 + Revoked at: Fri May 30 13:33:09 UTC 2014 + Serial Number (hex): 36f14d7cc6e5ffe0ee6a90cbbcc106cf + Revoked at: Fri May 30 13:58:05 UTC 2014 + Serial Number (hex): 0099b946fdce35e6295c48af67f839858e + Revoked at: Fri May 30 13:59:20 UTC 2014 + Serial Number (hex): 00af76fdebdf5cd8d3e98b076988d06faf + Revoked at: Fri May 30 14:02:21 UTC 2014 + Serial Number (hex): 43e2407cdb61ff39413c0f99a2a9de6b + Revoked at: Fri May 30 14:11:50 UTC 2014 + Serial Number (hex): 00f936e940d0630f808cd6059c4a091260 + Revoked at: Fri May 30 14:12:11 UTC 2014 + Serial Number (hex): 00ec7663ed4d68b560bd8bd68c908611f1 + Revoked at: Fri May 30 14:14:02 UTC 2014 + Serial Number (hex): 3bcf09652bf3820c8ab0629752e1c403 + Revoked at: Fri May 30 14:14:29 UTC 2014 + Serial Number (hex): 00e08a3f14228307882e2695a657014e8e + Revoked at: Fri May 30 14:17:06 UTC 2014 + Serial Number (hex): 15417a62617aed3e8d5141ff6d826f6c + Revoked at: Fri May 30 14:20:08 UTC 2014 + Serial Number (hex): 4a56e1f9bd9b310b2ab005ed46a08642 + Revoked at: Fri May 30 14:20:55 UTC 2014 + Serial Number (hex): 00a4ea9f762285dbe57c37d2d2de745301 + Revoked at: Fri May 30 14:24:58 UTC 2014 + Serial Number (hex): 00bb9eba0063c2f82b69dcd37364389b0a + Revoked at: Fri May 30 14:49:47 UTC 2014 + Serial Number (hex): 0144c7da2783829375c09ae7d5937e3d + Revoked at: Fri May 30 14:53:55 UTC 2014 + Serial Number (hex): 00bb136d0317b695c7b1521d37570f4ad6 + Revoked at: Fri May 30 15:13:04 UTC 2014 + Serial Number (hex): 00d9c3debb9bc939ce8e4bc8c6133db5a6 + Revoked at: Fri May 30 15:14:38 UTC 2014 + Serial Number (hex): 00a9b26bcb00c075317d5c9045d1b30fde + Revoked at: Fri May 30 15:27:31 UTC 2014 + Serial Number (hex): 00c386d33e9ed7cf41a0105716a66fad9f + Revoked at: Fri May 30 15:44:20 UTC 2014 + Serial Number (hex): 00fe629ecbd10dd47eaed3671437f7414a + Revoked at: Fri May 30 16:13:44 UTC 2014 + Serial Number (hex): 009ab2283712400a2b7c33f18e0b56e8f3 + Revoked at: Fri May 30 16:37:54 UTC 2014 + Serial Number (hex): 3b24ca226601af79dcd75b450c1ec02f + Revoked at: Fri May 30 18:11:27 UTC 2014 + Serial Number (hex): 1409b79546d13cca3fdabfe9f1b751cd + Revoked at: Fri May 30 18:41:42 UTC 2014 + Serial Number (hex): 7307a34d8268763ee7132e6691081d21 + Revoked at: Fri May 30 18:50:50 UTC 2014 + Serial Number (hex): 7e07880629906a69813e1343360465c6 + Revoked at: Fri May 30 22:40:43 UTC 2014 + Serial Number (hex): 759538dd244340e0a1ea0b8fa07d5413 + Revoked at: Fri May 30 22:42:06 UTC 2014 + Serial Number (hex): 00c0433a92aecf648ba44aa0972f4fbc4b + Revoked at: Fri May 30 23:10:43 UTC 2014 + Serial Number (hex): 00b45b0e8da8d49796a55d301f3bfd56eb + Revoked at: Sat May 31 18:26:24 UTC 2014 + Serial Number (hex): 00d7c70bb454c15c97e6c445ad9c3036d4 + Revoked at: Sun Jun 01 23:26:38 UTC 2014 + Serial Number (hex): 55112d6504faa2613d36b0502d0c242a + Revoked at: Sun Jun 01 23:49:58 UTC 2014 + Serial Number (hex): 5a2184f4a27a243c7182b8378d6ef688 + Revoked at: Sun Jun 01 23:52:19 UTC 2014 + Serial Number (hex): 00b4578198c4c6717db0342641516fbc2c + Revoked at: Mon Jun 02 01:39:16 UTC 2014 + Serial Number (hex): 5749a46c52c5d4fe3bf8e81d528615fe + Revoked at: Mon Jun 02 13:12:35 UTC 2014 + Serial Number (hex): 00d089d6287c50dfc181fbf2953c368f14 + Revoked at: Mon Jun 02 13:14:06 UTC 2014 + Serial Number (hex): 241b00a20c5886de24a7f9a4c240fba1 + Revoked at: Mon Jun 02 13:30:54 UTC 2014 + Serial Number (hex): 00b8d218baa2cf256add484f3e8db09aa4 + Revoked at: Mon Jun 02 14:37:46 UTC 2014 + Serial Number (hex): 09b2e001f2dc884c8f8b3163520cc7f1 + Revoked at: Mon Jun 02 14:39:32 UTC 2014 + Serial Number (hex): 446faa6d61e4a65ed9fee8e3df997927 + Revoked at: Mon Jun 02 14:40:29 UTC 2014 + Serial Number (hex): 6bcea20b36005e5597495825f4341433 + Revoked at: Mon Jun 02 14:46:17 UTC 2014 + Serial Number (hex): 009866a4f9b752aacbaf7a041a57021917 + Revoked at: Mon Jun 02 14:49:05 UTC 2014 + Serial Number (hex): 51d90dc2a28a555c330e0bb37418203e + Revoked at: Mon Jun 02 15:05:44 UTC 2014 + Serial Number (hex): 00d7f5321a294c67f61ce6a36d7ac535c1 + Revoked at: Mon Jun 02 15:30:17 UTC 2014 + Serial Number (hex): 721a39b19492a1da433ff8d75e7182ba + Revoked at: Mon Jun 02 15:31:50 UTC 2014 + Serial Number (hex): 00bde74e39eb2f7a4b0c1654b14fce7495 + Revoked at: Mon Jun 02 15:48:23 UTC 2014 + Serial Number (hex): 0080d7219565ea5d4649b8a7030f0a826c + Revoked at: Mon Jun 02 16:39:02 UTC 2014 + Serial Number (hex): 009b89a0cbdacbaba4188a439022d9242e + Revoked at: Mon Jun 02 16:39:49 UTC 2014 + Serial Number (hex): 7b77d0f97f11addb893f6f930c46ca62 + Revoked at: Mon Jun 02 17:23:08 UTC 2014 + Serial Number (hex): 408c4e57eda99b9461fd40e16cbdd9b5 + Revoked at: Mon Jun 02 17:31:32 UTC 2014 + Serial Number (hex): 00a6c67089343fdc39e1d5cffb03dbf937 + Revoked at: Mon Jun 02 17:39:56 UTC 2014 + Serial Number (hex): 00aee23cbc53447a116cfbfdc2078e1356 + Revoked at: Mon Jun 02 17:43:36 UTC 2014 + Serial Number (hex): 34c0427a270c6052ead2cd5880f4abc6 + Revoked at: Mon Jun 02 19:10:54 UTC 2014 + Serial Number (hex): 468835cf967f9109572ca0653b10cda5 + Revoked at: Mon Jun 02 19:26:15 UTC 2014 + Serial Number (hex): 009e172ad47928dee64350cda8969103c3 + Revoked at: Mon Jun 02 19:36:37 UTC 2014 + Serial Number (hex): 46aa17593a2a49608ab2137d8e73e024 + Revoked at: Mon Jun 02 19:59:51 UTC 2014 + Serial Number (hex): 7be9d47f00b39e1ece3c4d6dd4435cfd + Revoked at: Mon Jun 02 20:12:34 UTC 2014 + Serial Number (hex): 00d5f7f5c33f586450f06d868380f936ef + Revoked at: Mon Jun 02 20:15:42 UTC 2014 + Serial Number (hex): 3caf5b5c8196be713c82b447cc9d5748 + Revoked at: Mon Jun 02 20:37:04 UTC 2014 + Serial Number (hex): 00c91d83519f13216caecba6052121c480 + Revoked at: Mon Jun 02 20:57:57 UTC 2014 + Serial Number (hex): 462035999be5d99a6a51ca5c4899b35a + Revoked at: Mon Jun 02 20:59:22 UTC 2014 + Serial Number (hex): 3180378b38219a36d4bfe352d3638606 + Revoked at: Mon Jun 02 21:00:44 UTC 2014 + Serial Number (hex): 00a0ead8ec629586826e836d1614905642 + Revoked at: Mon Jun 02 22:03:32 UTC 2014 + Serial Number (hex): 00971302c34d39762966e5c60e2a9b393a + Revoked at: Mon Jun 02 23:44:29 UTC 2014 + Serial Number (hex): 4583b657fb3b854451b93df552713c14 + Revoked at: Tue Jun 03 10:12:37 UTC 2014 + Serial Number (hex): 009f93eff68bb723671c875dc7984c136f + Revoked at: Tue Jun 03 13:21:13 UTC 2014 + Serial Number (hex): 00eea53b4743f6003a4e8e347673718bb5 + Revoked at: Tue Jun 03 13:22:01 UTC 2014 + Serial Number (hex): 00b6f974e668885b9c6dee833c8222b728 + Revoked at: Tue Jun 03 13:36:41 UTC 2014 + Serial Number (hex): 5ea287d0ab97dca93338e27c4ffc69c5 + Revoked at: Tue Jun 03 13:54:14 UTC 2014 + Serial Number (hex): 00a42453f753f03e5c822bb324d1ff9e80 + Revoked at: Tue Jun 03 14:06:04 UTC 2014 + Serial Number (hex): 009956c45c0eb041fe1523477e34d620f8 + Revoked at: Tue Jun 03 14:09:34 UTC 2014 + Serial Number (hex): 00966dd801d726c68cfa17a7c4c9032f77 + Revoked at: Tue Jun 03 14:10:46 UTC 2014 + Serial Number (hex): 0ecb55af6400371ea8d4c636afa79c97 + Revoked at: Tue Jun 03 14:32:16 UTC 2014 + Serial Number (hex): 542f6aa0c0069c16f85c8f766c0f7d6f + Revoked at: Tue Jun 03 14:53:32 UTC 2014 + Serial Number (hex): 5b37a45da1221f9ffd51c084a5b5ee19 + Revoked at: Tue Jun 03 15:07:33 UTC 2014 + Serial Number (hex): 00eb558fde1d28c287c25c776dfa15e098 + Revoked at: Tue Jun 03 15:53:08 UTC 2014 + Serial Number (hex): 6433c0e5f495c2c522edf2cfbd9db6d3 + Revoked at: Tue Jun 03 16:13:52 UTC 2014 + Serial Number (hex): 00a6632d2ce5774efb57c79e737ea360d4 + Revoked at: Tue Jun 03 16:15:08 UTC 2014 + Serial Number (hex): 00f5a557bc602fa9dba8ff35672e4ce9d9 + Revoked at: Tue Jun 03 16:15:40 UTC 2014 + Serial Number (hex): 00df1fc79c2eee0bc7f0e9ebbc00f303ba + Revoked at: Tue Jun 03 16:26:16 UTC 2014 + Serial Number (hex): 63041dbc565fbd4dbe4bd2e3835738d0 + Revoked at: Tue Jun 03 16:55:04 UTC 2014 + Serial Number (hex): 00b5d5e09837483bb1533f0d6ca8bbbfd3 + Revoked at: Tue Jun 03 17:29:35 UTC 2014 + Serial Number (hex): 5ae9a7d2392597519f26cad14187c7aa + Revoked at: Tue Jun 03 17:31:03 UTC 2014 + Serial Number (hex): 00facff7c09c7ef03f3e0d9630accea7f6 + Revoked at: Tue Jun 03 19:45:12 UTC 2014 + Serial Number (hex): 00e6451a9e94a6d92593354cd1ef61192b + Revoked at: Tue Jun 03 19:49:13 UTC 2014 + Serial Number (hex): 00c43a3d6b7a327cd64f6cbdb16d6ec768 + Revoked at: Tue Jun 03 19:55:47 UTC 2014 + Serial Number (hex): 00cdeea94576587f7cd7ddf5fc9427655f + Revoked at: Tue Jun 03 19:59:21 UTC 2014 + Serial Number (hex): 01a1b5f31af08920cc8b76063b3a4c67 + Revoked at: Tue Jun 03 20:16:42 UTC 2014 + Serial Number (hex): 00fd10acd53c5a368ec5c648e1269f5ef6 + Revoked at: Tue Jun 03 20:17:46 UTC 2014 + Serial Number (hex): 6d5d2b2d5d876c5bbbc19dc7fd188ee8 + Revoked at: Tue Jun 03 20:18:55 UTC 2014 + Serial Number (hex): 00aeb7a9b35c82fd25d564701ea6c4252a + Revoked at: Tue Jun 03 20:19:35 UTC 2014 + Signature Algorithm: RSA-SHA1 + Signature: + 37:bc:3d:d2:5f:fa:d0:c9:77:e3:98:e8:e4:8f:be:94 + bf:f8:45:20:4a:ac:cb:7b:ea:99:d7:08:fa:61:06:3c + 8c:a8:34:c4:3c:7b:1c:04:6b:ff:e2:93:2f:4c:01:2b + 24:53:38:01:ae:9e:6b:3f:00:16:34:21:c0:88:72:e9 + f4:2f:b7:ae:52:58:c0:a8:92:0d:8a:50:b3:51:bb:49 + 3c:c3:41:36:18:d3:ea:53:91:6f:14:fe:35:ec:f3:c5 + 97:8b:4d:ef:94:5d:f9:cf:48:88:89:69:2d:3a:de:fd + 7f:67:7c:ef:bd:41:22:61:66:ce:ab:37:32:7d:af:48 + f7:9b:6e:96:62:61:dd:d2:7e:ae:21:d5:9b:50:af:d4 + ed:f8:97:a0:d5:6e:93:65:4f:ef:58:bd:66:f2:8d:59 + 91:bb:44:db:c5:c0:de:c4:44:b1:2c:41:92:3d:8e:7d + a6:f1:59:33:1e:4c:01:1a:3d:dc:16:57:d0:7f:e8:1b + 69:11:03:b3:c0:92:16:67:6a:f5:1a:24:12:23:f9:9e + 87:1a:c5:1e:e0:dc:f5:2b:e2:36:0d:fa:f9:fa:10:13 + 08:d1:42:4c:05:a3:c9:bf:9a:7d:1a:f9:bf:7e:18:a4 + 5e:f1:8b:20:1e:4c:ea:d1:c5:48:bf:a0:91:7a:f3:32 + +-----BEGIN X509 CRL----- +MIMFwwgwgwXB7wIBATANBgkqhkiG9w0BAQUFADCBiTELMAkGA1UEBhMCR0IxGzAZ +BgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxLzAtBgNVBAMTJkNPTU9ETyBIaWdoLUFz +c3VyYW5jZSBTZWN1cmUgU2VydmVyIENBFw0xNDA2MDMyMDM2MjVaFw0xNDA2MDcy +MDM2MjVaMIMFwPwwIgIRANzdz/mvWTEnvMZTAEYqsUMXDTEwMDUyOTA4MzgzN1ow +IgIRAPQPQDHVPKBEfmkQwKvhMRgXDTEwMDYwMTE4MjIyMVowIgIRALwz4l6V/lWk +wyylgCT0BoUXDTEwMDYwNzE0MDAyMlowIQIQT2wDR5i//f5Fo1CZsryRmRcNMTAw +NjE1MTY1MTQyWjAiAhEA6mTK3TatvQvYlWARNoQalhcNMTAwNjI0MTcwMzA3WjAi +AhEAwg3xd78Nzt4mL0zDKc/OhBcNMTAwNjI5MTI1MDI0WjAiAhEAuOEEUU84VU9h +T6gMkyYr+BcNMTAwNjMwMTQ0NjU3WjAhAhAW5YCOwr20yGFth7EIyJMCFw0xMDA3 +MDExMTMyMzBaMCECEChqVTYqcYnpY5rUxt120nEXDTEwMDcwMjE0MzIyNVowIQIQ +fBmW7/EfNomeP7FZRt7yRRcNMTAwNzAyMTkyNjE2WjAiAhEA1tZHPTv62RRA+oy2 +hqk+EhcNMTAwNzA2MTQxMTMxWjAhAhAfYQVJVhmMOWXjjxXERZXLFw0xMDA3MDYx +NDEyMTJaMCICEQCOOkTYL9l8fdjRi7bP9u/PFw0xMDA3MDgyMDQyMTdaMCECEDGN +aIhsQQ/aoWJU5LPLr+EXDTEwMDcwOTE1MjAyNVowIgIRALEUmy981q6JYVnE2lwQ +oJEXDTEwMDcwOTE3NDgzMVowIgIRANLcZ4krmWyFf6mvF9jiME8XDTEwMDcwOTIw +NTAwMVowIQIQOsRZN9DbpGSPfq3qyQsRnRcNMTAwNzE1MTQ0ODU2WjAhAhAZm2XB +u+BubOmeQL2I3QzQFw0xMDA3MjExOTI3MTdaMCICEQDR7fLxR8zsegJvYk+lXGLA +Fw0xMDA3MjMxOTMwMTJaMCICEQD5fs4M+/0GpW7kum/Tu2hFFw0xMDA4MDIxNzQ3 +NDFaMCICEQDlorPjPqoJ+I8Bq+yi0bQUFw0xMDA4MDkyMzQwMTBaMCECEAJ30gE5 +kpNhnVoGmJURC9UXDTEwMDgxMDE0MjYyMlowIQIQXjnXi7xmLyxvprMp9G9gdRcN +MTAwODE2MTgyMzMwWjAhAhAHPz+PhnDFJgFo1Nm2jK5yFw0xMDA4MTYxODI0MDVa +MCECECe5wEihNmKaGf0Dno7evnwXDTEwMDgyNzIzMDMwN1owIQIQdDOJ+KyWLS3q +7aElApGLihcNMTAwOTAxMjAyMzU0WjAhAhAzIvOg4rfoEnmtQfjGj/MRFw0xMDA5 +MDIxMzE1NTZaMCICEQC+0VqZGZUBPZkTT3TRexenFw0xMDA5MDIxNjM2MTdaMCEC +EBw4XlVvC2unisv3j4W4RM8XDTEwMDkwMzE4MzYxNlowIQIQep/pMen50ql7/BU3 +2/zAmhcNMTAwOTAzMTk0NDIyWjAhAhBfdVY5N7+E62ZXZaPdEgHIFw0xMDA5MDQx +NjE3MjVaMCECEH26QII3mxoEYGkoAuq6md8XDTEwMDkwNjE2MTYwMlowIQIQGKve +FQwlqp/IEn+gJwBBkxcNMTAwOTE1MTcxNjA1WjAhAhA0BdysBZbf5dnScGL7fVFt +Fw0xMDA5MTUyMDE2MDJaMCECEEfqLDv3lrx4JC3g9nvmDWYXDTEwMDkxNTIwMTYy +NlowIgIRALaoglluWet3mow4yQBT0NEXDTEwMDkxNjE2MzQzN1owIQIQbmwARN4X +JCtQ0oTovde7QxcNMTAwOTE2MjAyMTM5WjAhAhA45fvcWsR3ibdBDz3TFiSvFw0x +MDA5MTcxNTQ1NDhaMCICEQDFFgrwqIAVRFKh/aOI8FSAFw0xMDA5MTcxODU4MTNa +MCECEBM7zbo8jMaXZ6SANVDN8JEXDTEwMDkxNzIwMTQ0MVowIgIRAKTRHtJXn/xG +YjspcsrHZO8XDTEwMDkxNzIwMjQ0NVowIgIRAN9ypMP2YnW0Z9EKhHiTeK8XDTEw +MDkxNzIxMDE0M1owIgIRALxtcslw4z8JuVmKZs/Xm5wXDTEwMDkyMTE2MTIwN1ow +IgIRANyoCUN6DsXQGwNeT1d39lcXDTEwMDkyMTE4NTI0MlowIQIQMePDuwTz4LpW +Cd86PuY8UBcNMTAwOTIyMDkyMDUzWjAiAhEAgGmHEdDxm5ILVO+vyfyiARcNMTAw +OTIyMTQzNjE5WjAhAhA8O/KyYM5Bb27nhuS9MDMJFw0xMDA5MjMyMjM0MDRaMCEC +ECVEhU0Sf7jGsz7vsw9UX/MXDTEwMDkyNzIwNTc0N1owIgIRAN+y/80frHdh39Td +ft5rXQQXDTEwMDkyOTE0MTMxMlowIQIQBzR1QZAcguNmJrm55j5LQxcNMTAwOTI5 +MTgyNjExWjAiAhEAvuItutCnszwxihC0pcJBNhcNMTAwOTMwMDI1MzU3WjAhAhB/ +EqR1/9lwv2zHEcL/+rsfFw0xMDA5MzAxOTA1MTRaMCECEHeQ+LMaWP+mYi9pUFw2 +XAMXDTEwMTAwNDE3MzQ1NFowIQIQUQ3p3ZpJgi1QJsJKc6V6rRcNMTAxMDA0MTcz +OTIxWjAhAhA/NgeVf64HCYKwzYwTxczTFw0xMDEwMDcxOTU3MDlaMCICEQDjkhFq +70oNOfnpedbX1Z4IFw0xMDEwMDgxMzUzMThaMCICEQDIf86Xa/fyJCqUyjOeAEjj +Fw0xMDEwMDgxNDAxNTNaMCICEQDItSiF2dvgbONhgpHKGaB0Fw0xMDEwMDgxNTAx +NTZaMCECEHHAx6oevHVrTl0vWT9WTCQXDTEwMTAwODE1NDg0MVowIgIRAJvJ2KkW +O1UYx65rbLLWokEXDTEwMTAxMjE2MDUxNlowIQIQWE4dHEDW2UuTxxvkvHKwcxcN +MTAxMDEyMTYwNjM1WjAiAhEA2nQz1Erj1KAGefkx2MdEdxcNMTAxMDE0MjAyMzI4 +WjAiAhEAl6tcRDuYOlhNWhwytMzrRBcNMTAxMDE1MjIxNzM4WjAiAhEAjmTSO/Ji +0Qc4/PA7zMTjtRcNMTAxMDE5MTgzOTQ4WjAiAhEAlwsaWXTnunnTchiAgnuaHRcN +MTAxMDIwMTQxNTE3WjAhAhAMtbAHeJnr92GixjulCAm1Fw0xMDEwMjAyMDM2MDFa +MCECECX3xScnfKOW5NZ1bZqhdK8XDTEwMTAyMjA4NTU1MVowIQIQMMOU/76aBQnC +0DU1BVovZBcNMTAxMDIyMTkxMjU4WjAiAhEAzkNOhMxfGbfbLrzecrOtIxcNMTAx +MDIyMjAwNzUyWjAhAhABSQbEraQfqQPu/luTxxcFFw0xMDEwMjcxNjIwMjdaMCIC +EQCJbozqa5N6lhQ6UUBh5TupFw0xMDEwMjcyMzIzMzZaMCECEBynBxb6gVQ+aJcD +yS5lZ3AXDTEwMTAyODE0MDQ0OVowIQIQKoMdzoGutJshT1/0Thhq+xcNMTAxMTAx +MTQyMTA5WjAhAhBVf+sru0qvwUpjVnAdRWVQFw0xMDExMDIwMTQyNTZaMCICEQDT +6sHiEFIOf0mRMmbX7q6eFw0xMDExMDIxMzM4MTZaMCECEDD6Y0oBhqDN41FV9kgQ +G/UXDTEwMTEwMjE1NDY1NVowIgIRAMlXB766ggnFCi0qNCLsfAUXDTEwMTEwMjE3 +MTU0NVowIQIQOJV5RHdaF/1wgOyv0+3CKhcNMTAxMTAyMTcyMDIwWjAiAhEA/8po +2b9QmmJpnO5SQzjMKhcNMTAxMTAzMTM1MzQ2WjAhAhAJRypC9gib6GG6YLQ3zv97 +Fw0xMDExMDQxNTI5MjdaMCICEQCredKmPqykpBksjW1qrKmTFw0xMDExMDQxNzI5 +NDZaMCECEF4nAbUpjcmAKGB1HNUE6tIXDTEwMTEwNDE3MzAxM1owIgIRALdA20zp +faLVm+Y5nkrJymsXDTEwMTEwNDE3MzA0NlowIgIRAME2ODo8wXarF2VqgCxGqacX +DTEwMTEwNDE5MTIzM1owIQIQaFWSBjE6nmYM0Hod5cl/wBcNMTAxMTA1MTI1ODU3 +WjAhAhAXZgBOvJcg64f40DDMcG/yFw0xMDExMDUxODAzNDlaMCECEG1Wb5jQq3td +/gs7tGlzTKMXDTEwMTEwNTIxMDAxMVowIgIRAMUZuM8LuryWeRVh7AtwA1YXDTEw +MTEwNTIxMTM0NFowIQIQTKy5Mp3d/BmFIoA12pOaqRcNMTAxMTA5MTUxNDE4WjAh +AhB7qgLho5qbx2+bLxR/mLYKFw0xMDExMDkyMTMzMDdaMCICEQDQ+9CwO13hJ8+u +VGj+NEP/Fw0xMDExMTcxNTUwMzVaMCECEHgGhT2E6tFzYhkr3uGaqBIXDTEwMTEx +NzIxMjYxM1owIQIQGRomT+r1Q0iE1niAFAvEpRcNMTAxMTE5MTk1MDUzWjAiAhEA +8sDH48b2Utw0uZ55b3WMvRcNMTAxMTE5MjA0NzM4WjAiAhEAkt4uKDZxT6YnI6yt +DTWdWRcNMTAxMTIzMjExNTQ2WjAhAhBhDSSu+bT6epkY6oqPMRxTFw0xMDExMjUx +ODE5NDBaMCICEQDstlNP5ExrGOtL7d0/xC65Fw0xMDExMjkxNDI2NTVaMCICEQDU +ih8ktkleHmuXEvF8NYHuFw0xMDEyMDYwODA5NDlaMCECEC2W0tCWcN0h9pQULLji +GXAXDTEwMTIwNjE2NDUwMVowIgIRAIDMh3+dPsuteG+mZZXSiB0XDTEwMTIwNzIy +MTc0OVowIQIQCxKD5kWqAcki9bX7FoLS9hcNMTAxMjA4MTkxNjU2WjAhAhAfzoc8 +/vFJ3M8Y2qvzq0t2Fw0xMDEyMDgxOTMzNTNaMCICEQCmqPGM6U3/GRVyMB8gzWPG +Fw0xMDEyMDgyMzE5MTNaMCICEQCta8OQJhw1g1Z1dXedE7YsFw0xMDEyMDkyMTU0 +NTRaMCECEFcQlWKjuh2vQFxkeYjVziMXDTEwMTIxMDE1NTk0M1owIgIRALob0hZ2 +Ocd4nmivTbgykiMXDTEwMTIxMzIxMjcyNFowIgIRAOIVhNIq42Op4Otd9H9m9boX +DTEwMTIxNzIwMzcxOVowIQIQf9hpGWNUl9sFBPdS/XpwphcNMTAxMjIwMTQzMjAz +WjAhAhAPoqFwFgfJZ9VbysMKY7sMFw0xMDEyMjIxMDAxNTJaMCICEQC6KubqAK6i +0ekGKGYdp3nKFw0xMDEyMjIxMDAyMjJaMCICEQClD1AfbkzC9q0FOB2zWm82Fw0x +MDEyMjIxMDAyNTVaMCECEGZLJiVnFTZdxKqmFIjnCnMXDTEwMTIyMjEwMDMyNVow +IQIQe478gsSJ3F7o7a0T+dxgbBcNMTAxMjMxMDUwNDQ1WjAhAhBPdH+oI3pzulHS +vZinGnZ9Fw0xMTAxMDYxNTUwMjBaMCICEQDKL9oVhmjIzFNwLhjn2WpzFw0xMTAx +MDYxNjI4MTNaMCECEGFe1f9AQ+gjHnYjZfWNHHQXDTExMDEwNjIzNDkwNVowIgIR +ANbTsEKW1xKZApUaTYADamgXDTExMDEwNzExMTQwNVowIQIQGzaIKv7imoJFHbBd +XMLx+BcNMTEwMTA3MTExNDEyWjAhAhBXO9ncAKPUV4DVHA1bSdOjFw0xMTAxMTIy +MzA1MzZaMCICEQCGsaEC/oQ/WLvgWn4MpH3xFw0xMTAxMTQxNzQyNTNaMCECEGsu +EEgBFl0TWzK2dwIgurQXDTExMDExODE5MTkzNFowIgIRAM80adChPXZ7B/7if8zq +3UYXDTExMDExODE5NTM0N1owIgIRAPTzsNhthU9U5jKqiIIH998XDTExMDExOTE0 +MzkzNlowIgIRANDjZF+f9NlBQEroRT+pBdQXDTExMDEyMDE2NDQxNFowIQIQHco2 +ZuAWrdJnWQSmDyA9VRcNMTEwMTIyMDAyMDQ2WjAiAhEAtl6rz4EurLAJLn5rNMvJ +bRcNMTEwMTI2MTEwNTExWjAiAhEA0WTkXOfEnrklZsNM/5LgSBcNMTEwMTI2MjE1 +NTA0WjAiAhEAqA8HMiR7Qg2CWcK382PV9RcNMTEwMTI3MTI1NDEwWjAiAhEA4Pvt +Na+wCoFJjHRmTB/2DRcNMTEwMTI4MjAyMjAxWjAhAhAE+Dx9U6GoDR1MHf2uNKi3 +Fw0xMTAyMDExNTQ4NTJaMCICEQDq9fBX6RF58KxzPgJ5BUIjFw0xMTAyMDExNTQ5 +MDRaMCICEQDnQvXNAm/bczFrvJtqUYP1Fw0xMTAyMDEyMTU2MDZaMCICEQCZFKYE +685IbNJA5ieOkJ8lFw0xMTAyMDQxOTM4MzNaMCICEQDnOIn6Csuu+wvUtsIoCYd8 +Fw0xMTAyMDQyMjA4NDRaMCECEA9o9gd9FQM5Eu9Hwc4QxBMXDTExMDIwODE2MDMx +OFowIAIPemlUTemFi0P4X9vrI0v5Fw0xMTAyMDgxNjA0MDZaMCICEQC+lDe1vlqw +M/HTychJZKt1Fw0xMTAyMDgxNjEwMTVaMCECEBx1mSXqqIeNDThtdR/Q6KUXDTEx +MDIwOTAyNTYxMFowIgIRAP+owQWr1FpLNckX2S7lXy0XDTExMDIwOTIxMDEzOVow +IgIRAObuKL113BcITTOiG4mjZzkXDTExMDIxMDA5NDA0M1owIQIQURVPcEGqdLe0 +Qt0IT9YiPBcNMTEwMjEwMjEyNjQ1WjAhAhB1QEssaxIgmsWPTHpOX+Z+Fw0xMTAy +MTExMzUzNDNaMCICEQCFUB0+TecOBlV31YXxcYyYFw0xMTAyMTQxMTAwNTFaMCEC +EBpHq4CVc8HKHRsihHO+U3cXDTExMDIxNTE3MDIwOFowIgIRAJGf1ShPJ4JSKsu8 +UXvhZxIXDTExMDIxNTE3NDQyMlowIgIRAKLdjGtup8MdZmS0L7KilT4XDTExMDIx +NTE4NDg1OFowIQIQdcjmlrseH18Tx3xRPrTR9hcNMTEwMjE2MTMyMTE0WjAiAhEA +jPU/sLsJpxy7QnzYWL9kchcNMTEwMjE2MjI0NjQ1WjAiAhEAuc0qftklht3oYaa7 +1Rwh6BcNMTEwMjIxMTkzOTIzWjAhAhBBBqa5VkTe3J6x6EXNwuK1Fw0xMTAyMjMx +NjM0NDBaMCICEQCbDtjRqnmjs3AWKK+0miTFFw0xMTAyMjMxNzAzMzJaMCECEAcb +iyVoCb4U8p5w0WehEVUXDTExMDMwMTE3NTk0MlowIgIRAIkDS735GZuR81QmN6eU +VWgXDTExMDMwMTIwMDEyOFowIgIRAPsFViZrclUNtnTyPUMEaHIXDTExMDMwNzIw +MDEzOFowIgIRANNwDPtq49SQ6+FDA3Z60Z4XDTExMDMwODE2MjcwN1owIQIQAbGw +Fej0E3drx+G4Nfsq/hcNMTEwMzA4MTY1MzA5WjAiAhEA8yGAqmzF2CD5cH3JPWUR +TRcNMTEwMzE1MjAzNjQ2WjAhAhAKB+qQwdLyb4mYxGR6QbZ/Fw0xMTAzMTYxNDEw +MzlaMCECEBrQ2eXK65Ht030hE+acEswXDTExMDMxNjE0NDExMFowIgIRAKLWVTA9 ++bvsxb5aybszSE4XDTExMDMxNjE0NDIwOVowIgIRAOOEtdtiQvqVr9Y1aXxfmRoX +DTExMDMxNzE4MjMzNFowIQIQSjhy7wq/Mj0DGyCEdRYQ5hcNMTEwMzIzMDU1MDM2 +WjAiAhEArsgQLlIO1xHjRTui0E2MnRcNMTEwMzI0MTMwOTI0WjAhAhBxJ7qg3hx7 +ZUeS17jzDVfGFw0xMTAzMjQxNDE4MDVaMCECEHYpN9rJoxPi/UVxQN2GSYIXDTEx +MDMyNTE5MDY1MlowIgIRAJ4xPh+yqUMGiKV3vvp6jV4XDTExMDMzMDE3NDkxNFow +IQIQfJQjeTRIN2CpK7dnYJC0JRcNMTEwNDAyMTc0OTM0WjAiAhEAkrIoUA1dEyGp +er6KxW2UHRcNMTEwNDAyMTc0OTQzWjAiAhEA9JKsTLQLs+g7hGfRBWLZdBcNMTEw +NDA2MjAxNzM4WjAiAhEAp6SopXNiknhLmSfeLy/41hcNMTEwNDA3MjAxOTUzWjAi +AhEAvNQdyCrE7Og2qGM+0m0pjxcNMTEwNDA4MTkwODA1WjAhAhBViNL77qlHDGhp +n+e0SYylFw0xMTA0MDgyMDU4NDZaMCICEQC4nUcfU41I+gby0QAwY0nlFw0xMTA0 +MDgyMDU4NTRaMCECEDsW0DyQpnbINQxHHfmjfAQXDTExMDQxMTE4MTIyMFowIgIR +AIGUYvMHowF8UB5028LDTZYXDTExMDQxMTE4MTg0N1owIQIQP2k23VtPzFnlMAml +8TZz6hcNMTEwNDEyMTQzODE2WjAiAhEArUQEm9nI3lhlYSlSFCuq8hcNMTEwNDEz +MTc1MDI4WjAhAhB319WuOPNI0NcO84uW5X2aFw0xMTA0MTQxNzEyMTFaMCECEH4j +ffuxIwFs7AX3tpicXxUXDTExMDQxNTA3MDkzN1owIgIRAK80cRZSiWiWx7DDW0hf +wGEXDTExMDQxNTA3MjI0NlowIQIQNA/sK8fnQUTYAC7sciGp+RcNMTEwNDE1MTkz +MTU5WjAiAhEAvvDi3ThNdmB4Yy7F9CjN4BcNMTEwNDE4MTYyNTM3WjAhAhAeQrVw +r4hPd1u0JR2bHxddFw0xMTA0MTkyMDQwMjJaMCECEG/B6RJV8AqSqTAmpCM3uvgX +DTExMDQyMDE5NTcxMVowIQIQU40XMvjKT2A4UHw91x0tYhcNMTEwNDIwMjEyNTIw +WjAiAhEA+xUWv1cDw32P1yEVmdXbfBcNMTEwNDI2MTM1NzUwWjAhAhAR9cqg+yt9 +p++ScqU8cbC6Fw0xMTA0MjYxNjA2MTBaMCECEDfiq4QAL59xjqxy4LRB0WsXDTEx +MDQyODE0MzAwOFowIQIQMKBoznTG47aDEOiGvTocARcNMTEwNTAyMTUzMzA4WjAh +AhA8ljRoZiO9sFLnk2I5x4iDFw0xMTA1MDUxODM1MzNaMCECED2DxwXD2oXgnHGz +tqouJEQXDTExMDUwOTE0MzcxNVowIQIQENs03AzC1a+3CTByPBLChhcNMTEwNTA5 +MTY0MTU3WjAiAhEAl7wMVhs2BiEPHuVvQSnlVRcNMTEwNTA5MTgxNDI2WjAiAhEA +0pXu0QYZb2X8zBLCLEm5FxcNMTEwNTEwMTMzMjIyWjAhAhAzUmxX2FO9+lwYn0Q4 +/XqGFw0xMTA1MTExNzE0NDlaMCECEFvwJTy+KNRrGnGYzuAZ75cXDTExMDUxMTIx +MDUwMlowIgIRANeSGUoC6AjTR6XH11nS+e8XDTExMDUxNjIwNTczOFowIgIRAPdm +aK7pQ5R9Pa+tg9i4cr0XDTExMDUxODE0MTE0MVowIQIQDasxYiFRTHC6QTLNs1GB +rxcNMTEwNTE4MTQxNjEzWjAiAhEAr8PTJFIZct/yD3Guvy3YDhcNMTEwNTE5MDUw +MzM3WjAiAhEA4zhVDWtREnDKH9HAZDfFjRcNMTEwNTE5MTQwODQ3WjAiAhEAzVDj +jS/EE6mVv+fqCZlTjxcNMTEwNTE5MTkwNDE4WjAiAhEA18Sopt4nU6u3BBhC+eh/ +LRcNMTEwNTE5MTkwNTAwWjAiAhEAjhUjBoFqFUfJ04wE+raMeBcNMTEwNTE5MTkw +NTExWjAhAhAThv9+7KRQgf67FBNb1be9Fw0xMTA1MTkyMDIxNTRaMCECECGDKQQj +jSiICxgIBGfMgEQXDTExMDUxOTIxMjkxNFowIgIRAKlqyPHtnD9YZ9uLUbFnefwX +DTExMDUyNDA0MjMzOFowIQIQYfosAyYMFSNDdQuIAEC6QhcNMTEwNTI0MjA1OTA3 +WjAhAhADHTpzJbjUcJdGQU9GUzSmFw0xMTA1MjQyMTQyMTFaMCECEDcAhmiIp57i +MfnvIdld2fwXDTExMDUyNTIxNDM1MVowIQIQZi66ktihLgbKILnGYBaZnhcNMTEw +NTI2MTYzNTAxWjAiAhEAiGFpavVEijV/v/VQ6+bJDxcNMTEwNTI3MTgwMzQ0WjAi +AhEA3VZHgJ/BLVo8fXQIRt/wdhcNMTEwNTI4MDg0MjIxWjAiAhEAk68enlmehfR8 +YFM6+D3W/RcNMTEwNTMwMTA0MzIzWjAiAhEAoRDKoROiJ+2zT7BBoKTYdRcNMTEw +NTMxMTMyNTMyWjAiAhEA/1aCbENBAQcHkaeuCHMK9RcNMTEwNTMxMTMyNjUzWjAi +AhEAx+BZXM/q3AkunFl6KtGNBBcNMTEwNTMxMTMzODMzWjAhAhBDlqsiAvKh162q +CZNsVcwrFw0xMTA1MzEyMDU1MjlaMCECEDCd3IUf7jz6rOIHYRHBD3cXDTExMDYw +MTA3NDI0NFowIgIRALbiUCuwY/+JFkrQNaUCUBAXDTExMDYwMTEyMzAzMVowIQIQ +L0CQ20znoEty+qKivRIJCxcNMTEwNjAxMTI1MjMzWjAhAhA2f8ToTTjShaKORCz4 +4sSKFw0xMTA2MDExNjUzMjBaMCICEQDAUJqC+XbwJ7n+gljlrE3PFw0xMTA2MDEy +MDQzMDFaMCECEDiSiyYRz3vYnhrBXoV3I4wXDTExMDYwMjE1NDkzOFowIgIRALc0 +mhV4dRhnBiD0twYeoa8XDTExMDYwMjIwMDU0NVowIgIRAItjlwVArfmF6Xz2x5to +UkcXDTExMDYwMzE0NDEzMFowIgIRALU2EGLdP9QM0mXYDc/niowXDTExMDYwNjE5 +MTAwNVowIQIQThoYdK1yoxgwmQD+JzQjwBcNMTEwNjA3MTI0ODA5WjAhAhBvQQ27 +KYZofMKtqQDzDKrlFw0xMTA2MDcxNzU5MzJaMCECEBogPtwrkXgnbXAcDBVFTpMX +DTExMDYwNzE5NDkzOFowIQIQEoSn85oOth5GSIAFjCwqqhcNMTEwNjA4MTMyNzAw +WjAhAhBMnOK9sjrubloKlobpF9YZFw0xMTA2MDgxMzM2MjlaMCECEAeuFc5zG3wc +oVEbvXPY3EcXDTExMDYwODE1MTM1OVowIgIRAI+0SQH9KKEKEhaf5bNFFswXDTEx +MDYwODE5MzE0OFowIQIQSHa3+PDKwGSLrVa2VyygsRcNMTEwNjA4MTk1NzIxWjAi +AhEAweVHrGESd8y2+c8kOJY2ohcNMTEwNjA5MDUzODE2WjAhAhA9Xbc6gL5XJ+Zx +LMOdVfe9Fw0xMTA2MDkxOTEyNDlaMCECEDG9b5mtBAZVYQV2Sc0OAO4XDTExMDYw +OTIwMTQyOVowIQIQC8F3bsTpiUmb60X2q58a6hcNMTEwNjEwMTkyNTAzWjAiAhEA +3gxRH0r+53Fh6KY+bVREuRcNMTEwNjE0MjEzMDE2WjAiAhEA6D5QV/J7pyBGdR6I +zAxiqxcNMTEwNjE0MjEzMzQ1WjAhAhB3OyakAbTzUwUiadb5rYCrFw0xMTA2MTUw +NzQ3MzlaMCICEQCArhq5UTXOmy2VTdo0l7I4Fw0xMTA2MTUwNzQ3NDhaMCECEA8E +1B9k++YXee0yDKbEQv8XDTExMDYxNTA3NDc1N1owIgIRAIFLtL58B7nkMgqiONTr +Pj0XDTExMDYxNTEzNDgyMlowIQIQLKAKxqMuyEWRpBJsF8YJUxcNMTEwNjE1MTkz +NDM2WjAiAhEA4sBhAUas4phGBBlzbY2IDRcNMTEwNjE2MDgzNTI3WjAiAhEA8ZzQ +D9fPFsJ1AmS7AX32zhcNMTEwNjE2MTQ1NTM1WjAhAhAih1/c2VbJAARu9i7oMI1D +Fw0xMTA2MTYxODQ2NDBaMCICEQDpgrlh1GQrCa4FJd2K53DxFw0xMTA2MTcxMTA3 +MTBaMCECEB1DiV9LM/NafKu1esXVuOgXDTExMDYyMTEzMDUxOVowIgIRAIfXn9os +Q5VB3Qf8/7U//9UXDTExMDYyMTE0MzIwNVowIgIRAIkGBvSnx97eWSZ1PBE7xGcX +DTExMDYyMTE1MjYzNFowIQIQKLA1ReUtTWv5ky5wHUTpxxcNMTEwNjIxMTUzODE2 +WjAhAhBbOwsv1AtP2DRpxEXaW8XhFw0xMTA2MjExOTA3MTZaMCECEE/cv3AXi69h ++htsIlLpUXcXDTExMDYyMTE5MDczMlowIgIRAIOl6aveOs8uoJfBWSax8d8XDTEx +MDYyMTIxMTYwOFowIgIRAOkvwxTYUBEy9Kx1t2PtqD4XDTExMDYyMjA2MjExNVow +IgIRANLDESKdJDd5UhViS1TC8M4XDTExMDYyMjA2MjEyNFowIgIRAIC/AWfec7Vk +HTnL/NbfLj0XDTExMDYyMjE1MjQwNVowIQIQZbLQZ1QBP1rV//mp5IB3mRcNMTEw +NjIyMTU1OTA3WjAiAhEAnGqiXIycV0+pviPxhKniORcNMTEwNjIyMTYwMTQ5WjAh +AhBp3uK1U2MRkTeIjcHo5suHFw0xMTA2MjIxNjAzMTBaMCECEDGHLAF51WA9o8e+ +uMPWAPQXDTExMDYyMjE5MDAwOVowIQIQQqUogr9jb+ianFPh8nih6hcNMTEwNjIz +MTkxNTUyWjAiAhEAqAxqKiph9HskmWw84oVPIxcNMTEwNjIzMTkxNjU4WjAhAhAA +u+FGy6DkYSusglsbBtsqFw0xMTA2MjMxOTE3NThaMCECEDnUmkThdSU7UGyYTqzW +DVkXDTExMDYyMzE5NDcyNFowIQIQNTQIQnpyKrnI25Jyw7dUYhcNMTEwNjI0MTIy +MjE2WjAhAhAes7MIA3ygREQxeI8Gr0PgFw0xMTA2MjQxNDM1MjdaMCICEQCXsh+1 +u327FG+Jfmo9vzMtFw0xMTA2MjQxNTIwMjlaMCICEQDK0YmwDQzFMnhzRTu25zEa +Fw0xMTA2MjQxNzQwMjNaMCECEBbxTAGi1U2PMr8NrVVWVfQXDTExMDYyNDE4MzYx +M1owIQIQTP5rKms8dNV1FKw062lomxcNMTEwNjI0MTkxMzAyWjAiAhEA0lwHYK75 +iTXqasuO4/x4qxcNMTEwNjI0MTkyNjUxWjAiAhEAupjRXY0XtBV8fn/XYtHERRcN +MTEwNjI4MTMzNTE0WjAiAhEAvyfTZBXYMlsiYku/P9fp3RcNMTEwNjI4MTgyNjIx +WjAhAhA39JPt8fj5SWp7htHBr8XaFw0xMTA2MjgyMTIxMTNaMCICEQDsj5mJyv75 +RjVRY0L8DktrFw0xMTA2MjgyMTIyNTNaMCICEQChS2gLG9EHySAV5i1xRMWqFw0x +MTA2MjkxMTA4NThaMCICEQDlq+Q9hkKCA1K1D80UB5GvFw0xMTA2MjkxOTM5NTBa +MCICEQCHuXGhKWRX0w5TTsjeRvdrFw0xMTA2MzAwOTE3MjZaMCICEQDg+7brmgE3 +3ieObH+w7prRFw0xMTA3MDExMDE0NDNaMCECEDvJ26cPfmXqhNPNlEoZAJ4XDTEx +MDcwMTEyMDMzM1owIQIQCOvc9/I/pm8hmThOIEJOWhcNMTEwNzAxMTgwNjMxWjAi +AhEAgACnBuiSMWtB+v5QwqnjzhcNMTEwNzAxMTgwNjQ5WjAhAhBdNWSLSTvgBf8b +y7WmtQYjFw0xMTA3MDExODA2NTlaMCECEHFTCQUPSCMvaKibxaSDTuMXDTExMDcw +NDA3NTQ1OVowIQIQZj5yDd4YXKZozOlzngu7thcNMTEwNzA0MTEzNTUwWjAiAhEA +4/rETVsDnlo/h5QvPq0owhcNMTEwNzA1MDgxMDUxWjAiAhEAi57Je8dZ4BfZkEEM +HWN+AhcNMTEwNzA1MTIzOTAyWjAhAhAZSkX8+10lkKNCiXGzRPXNFw0xMTA3MDUx +NDMwNTRaMCICEQD5xPENmjw3CTh+izCukHQdFw0xMTA3MDUxNDMyMDNaMCECEB/u +p9MIC0BkcFlKqfMEJJAXDTExMDcwNTE0NDcxNFowIgIRAPBA65Ni8ZeBYp+ssunH +Kq8XDTExMDcwNTE5MDAwMVowIgIRALhY5HdUbqREIlIXJnYVl3oXDTExMDcwNTE5 +MTkyNlowIgIRAOsnU13JJF2lUBVPDgoYtNoXDTExMDcwNjA0MzA0N1owIQIQPR+r +2H9VyVQAjdMGh2YI2BcNMTEwNzA2MDQ1NTUxWjAhAhBoKKziYgxn5X6KCmq/Ts+D +Fw0xMTA3MDYxMjI2MThaMCECEASz4ukFhF9TN4HryJ9cCisXDTExMDcwNjE5MzI1 +MFowIQIQdME9/WXCaVhQWqsJuXIsfhcNMTEwNzA2MjEyMzM0WjAhAhBC1LZPHC25 +ejE0xd7tvBAvFw0xMTA3MDcxNTQ5NDNaMCICEQCgFf4LOtKVImUh6Gv2c/abFw0x +MTA3MDcxNjI4NDVaMCECEEJr7qIqKdcfyMzmW/SZ+D4XDTExMDcwNzIwMjc0NFow +IQIQHPE+nPU6ZpRoXCTW520g+hcNMTEwNzA3MjIyMzAyWjAiAhEAinX5T2xuUDun +gdoD+CCQkRcNMTEwNzA4MTIyOTU0WjAiAhEAl4Fb74evWShEY4EL8zj8HBcNMTEw +NzA4MTU0ODAxWjAiAhEA9CeIn25F4mVtmmReL6jlIRcNMTEwNzA4MTc1NjIxWjAh +AhB6BuKZ6CJ2o/KHT1gs9qLcFw0xMTA3MDgyMjMzNTFaMCECED3+qODloZGelBPe +6pI81jAXDTExMDcxMTE0MTU0M1owIgIRAIX4pLp5rw6ycKKVYOE1VVMXDTExMDcx +MTE0MjA1M1owIQIQFx9cXv06R6aVe3QOZ/gsoRcNMTEwNzExMTQyODM3WjAhAhAl +eMxcOezoYHcd5VSuUT/aFw0xMTA3MTExNTQyMzJaMCICEQC9H5Hze3jErAttJA34 ++GnDFw0xMTA3MTExODEzNDJaMCICEQCRRrp5mJh+Q/Evi4HpUEVHFw0xMTA3MTIx +ODE0NTBaMCECEEaRPhKbQGsUSmeSO7RtGKIXDTExMDcxMjE4MzkxNVowIQIQH55d +qiQEhN/CPv38iNqwZBcNMTEwNzEyMTg0MjU5WjAhAhBhB1YMRWtEszBJhqFh6XHU +Fw0xMTA3MTIyMTMxNDFaMCECEEhYpKLPSp84Z9T4B7ziZ/AXDTExMDcxMzE5Mzk0 +NlowIgIRAPjGub1RHyu//liPC91ONigXDTExMDcxNDA3NDc1MVowIQIQUKPrQRto +nEa9KXWLI3O9EhcNMTEwNzE0MTIwNDA0WjAhAhA4nKWUrrilpodl3O+fyKc7Fw0x +MTA3MTQxNjUyMjZaMCECEFm1kPInjT+SgXMGYo+b+H8XDTExMDcxNDIwNDE1NVow +IgIRALLCZnBlTZmPHQdPWNW6HYsXDTExMDcxNDIwNDQ0MVowIQIQP5keVNemHl7e +xyk9USiF6BcNMTEwNzE1MTE1NjE0WjAhAhBB5UeRbjnhZUvN5YH+T1bEFw0xMTA3 +MTUyMDQyMzNaMCICEQDKTczBPr86NVFoXglPeKtqFw0xMTA3MTYwNzA3MzhaMCEC +EC9s8k7vyNx2jtfwiKzMGYYXDTExMDcxODEzMTk0NlowIgIRALU6FX+cvN2imwyq +GHnf87kXDTExMDcxODE1MjcxN1owIgIRAPLNhG5yfAsUdqTZjIW1GOUXDTExMDcx +OTIwMjExMlowIQIQR2v4wYkEnbsdwssmNVsY1hcNMTEwNzE5MjEwMjUyWjAhAhAP +lgiqbxPERm9WmdLB7OFsFw0xMTA3MjAxODE1NTdaMCICEQCBDQ7Yf9CVYPfU0vUY +2hfMFw0xMTA3MjAxOTA0MjdaMCECEB4GNmRs5PevRV80XNqZ6PkXDTExMDcyMTEz +MTExM1owIQIQPRJ+H/PoGYmSsCI7/X6VlxcNMTEwNzIxMjAwMTEyWjAhAhBNm86v +YdNfm+Lv/uik4LF5Fw0xMTA3MjEyMDIyNTlaMCECEG/5Su92H1i3kRK0xTNwtB0X +DTExMDcyMjEzNTI0MlowIgIRAI2H9JAHdYWKx4ZkWyKMS8gXDTExMDcyMjEzNTI0 +NVowIQIQGyx3rm0GlxTVZZ8ty6Oj/hcNMTEwNzIzMDE0ODM0WjAiAhEAiBGTLFFo +hTT5y+cfsRLwhhcNMTEwNzI1MTYwMDE2WjAhAhAiGxAg2K0pgp36BQDVXtGLFw0x +MTA3MjUxOTQ0NTZaMCICEQCD8iTSFt3HaF4HPTRLSvh4Fw0xMTA3MjYxNDQ3MzFa +MCECEHOgWWw0ueBQNdP0xG4w33QXDTExMDcyNjE5MTAzN1owIgIRAN4Y7p0T6j/f +DLDhpSjXAjcXDTExMDcyNjIwMjk0OVowIQIQTpUiE13dTipcfDJJ40tbZRcNMTEw +NzI2MjEzNTMzWjAiAhEAmZClBqfDtsApr85vrgj5ZhcNMTEwNzI3MTI1NzA1WjAi +AhEAyNxG1eihZWVHk+2eUZ5w0xcNMTEwNzI3MjEwMDUxWjAiAhEA5/Y/YwTBk6ZW +PCbAXn8L5RcNMTEwNzI3MjEwMjA1WjAhAhAdOnbWF2X7Kdn/dyJhxKnGFw0xMTA3 +MjcyMTAyNTZaMCECEFrgI0RJPMBo3/pEjroCbh8XDTExMDcyODE5MTkwNVowIgIR +AJjKAZcv8MZyuz09k8YGmM4XDTExMDcyOTA4NDI1M1owIgIRAKgpe5bOeEyk+6Uk +SH9S1a8XDTExMDcyOTA4NDcwMlowIgIRAO8/omUbhoK+fvAfvlL4x0wXDTExMDcy +OTE3MzMzM1owIQIQLtqC6S/5NxDF0YmrRLWiKxcNMTEwNzI5MTgxODM2WjAiAhEA +iLZhJhycKTdlEcPeAnN/BhcNMTEwNzI5MjAyOTUxWjAiAhEAluMarnyjvQbnMRxI +1UcddhcNMTEwODAxMTA1MTU2WjAiAhEAo3+lcbIe9IEKjB9EORiuARcNMTEwODAx +MjA0OTEzWjAhAhAb2gPuiR3wNRZdtUz0q6tIFw0xMTA4MDEyMDUwNDZaMCECEGC+ +BBXJ1A4lpvzk8eORMlUXDTExMDgwMTIxMDkxNVowIgIRAOpEdM6wydBsn7RhdUdZ +Z6wXDTExMDgwMjE2MjIyNFowIQIQO15Hp9vIqqtFMMCrFN537hcNMTEwODAyMTYy +MjMyWjAiAhEAj4LiuRiONUfbLbiWBvb7oBcNMTEwODAyMjA0NjQ3WjAiAhEA0b+m +/IkGuOgdeD8z5JuOkhcNMTEwODAyMjA1NTExWjAiAhEA1tMMHok7z3cNhT+cfVj/ +ChcNMTEwODAzMDkyMzEwWjAiAhEAon3699gOAXSHruFnfQePuRcNMTEwODAzMjAz +MzUxWjAhAhADB4IB5Aw0Up+q+yiWjU/EFw0xMTA4MDMyMDM0MzNaMCECEFjt6yep +azIbJJ1ZeJrN63YXDTExMDgwMzIwMzUwOFowIQIQXH/1u1KM81syxbAcALPJIxcN +MTEwODA0MTk0MDA0WjAhAhArHAPqv3ch/DHJzIC/hTKOFw0xMTA4MDUxMzI3NTZa +MCECED3GioLDjaq8la5AU6TFdAAXDTExMDgwNTEzMjk0NVowIQIQKDKitUXQ3zDc +cSk9pUBWYBcNMTEwODA1MTQ0MDA0WjAhAhAIYcMlqzJAA70cZcwZkfv1Fw0xMTA4 +MDUxODM5MDdaMCICEQCeLWtSzEXHOcsTahdnol6bFw0xMTA4MDUxODUxMjVaMCEC +EFbm/bMLI/J2DB8WSkkWm8cXDTExMDgwNTE5MDg1MlowIgIRAPYaarR6o2D8p0o6 +I8rKDckXDTExMDgwODEzMzQxNVowIgIRAIghrJZGOofJpejcZNZgIogXDTExMDgw +ODE5MDQ0MFowIQIQYVinypKJJ3MvIsTgSBqaYBcNMTEwODA5MDAyMzMyWjAiAhEA +uf9+/6ASgkRMO79H+MbqehcNMTEwODA5MDQzOTUyWjAiAhEAoUlPzMY+t6NkXpsu +RkWasRcNMTEwODA5MDk1NzUzWjAhAhAmXioel+bhOGmGvSjpDDLUFw0xMTA4MDkx +NDE1NTBaMCECECCgvtzi3FZGh66j+UAYThMXDTExMDgwOTE0MTYyMVowIgIRAN/h +Thw3T5Q+DOGzt8r//dYXDTExMDgwOTE0MTY1OVowIQIQWIVpLe7qgWuNbpAc9vpb +fBcNMTEwODA5MTQxNzA3WjAhAhAC9xL7LeaIB0ZFMfm9dflPFw0xMTA4MDkyMDE0 +MjZaMCICEQDEtIJ7n2phSs1CERiScvujFw0xMTA4MDkyMDE1MTFaMCICEQDn+O2M +u31QatAlUmtbmiMwFw0xMTA4MTAxNDUzMDNaMCICEQDB7aI3HfgtcPiRBOGycRH3 +Fw0xMTA4MTAyMTE2MjVaMCICEQCHQ0eN6AoUNX3pQarkUqRBFw0xMTA4MTAyMTI4 +NDFaMCICEQCh6xaC/gfRV0U7PLVXJcLhFw0xMTA4MTAyMjAwMDRaMCICEQC/Do4b +/dmdnhKl9xUFzuV9Fw0xMTA4MTEwODExMDRaMCICEQDuKFBlIyCybxrXLLTfVyOW +Fw0xMTA4MTExMzU0NDFaMCICEQDkDESOzvlxatPUhP4N7cLFFw0xMTA4MTExODQx +MDBaMCICEQDp4PN8Yd+c6gHmpOq3NIQtFw0xMTA4MTExODQxNDNaMCECEEn0DW6N +pvFIoJOp207pZ10XDTExMDgxMTE4NDIxOVowIQIQd6qdX+WhUBkJVoNk/DCuHhcN +MTEwODExMTkzNzQzWjAiAhEA6Bexo4sTCQEhK8qG78fe2xcNMTEwODEyMDg1MTMy +WjAiAhEAw1uMpo8EI6Ik2rowJcKBLBcNMTEwODEyMTYxODQ5WjAhAhAimOFfcICg +DcbyDl3V1xxuFw0xMTA4MTIxNjIxMjJaMCECEEL1ukBNfq4JWbNa4mWM2t4XDTEx +MDgxMjE2MzEyMFowIQIQd9CO40Yh1tsuvsuwOq7OSBcNMTEwODEyMTYzODE4WjAh +AhBWXWPhv+nAUB9BV0cerFwVFw0xMTA4MTIxNzA2MDVaMCICEQDfRX+2Rb+4cyPl +QA9pwnlsFw0xMTA4MTIxNzA5MzlaMCICEQCYtupjJPThRcoM6Ibd05tkFw0xMTA4 +MTIyMDAzMjBaMCICEQCfFHqhTV/H5aA5LA2POHqQFw0xMTA4MTQyMjA4MThaMCIC +EQCkQ0ezffGjbLwpbxWZTo8uFw0xMTA4MTUwMTEzNDRaMCICEQCsZL/0OYl5y6sR +3kIboxbBFw0xMTA4MTUxMzQ3NTdaMCECEC3H/jIm0fZ460FdZcuR1JcXDTExMDgx +NTEzNTQ1NlowIQIQU/CEM1L0O+I5x80H2EOqwhcNMTEwODE1MTkwMzE5WjAiAhEA +qqcT2SeHKJqOQyA3RJ2VqhcNMTEwODE1MTk0NDAzWjAhAhBFsq4lnTBvEJl+pJR+ +Wb2wFw0xMTA4MTYwMjM5MjhaMCECEDCMYaeASUz5EL/spof6hooXDTExMDgxNjE1 +NTAzMVowIQIQRjmP/aixDdrbyHTmEmeIxhcNMTEwODE2MTU1MDM5WjAiAhEAg26i +3wc5hsvqjotcDGRi2BcNMTEwODE2MTc1NjE1WjAhAhBBCXcRQk2o09I/dtVKKd0f +Fw0xMTA4MTcwMTA2NTFaMCECEBXPtFrZnpNK/15RKJHSyiMXDTExMDgxNzA4MDk1 +M1owIgIRAJVD6x+IEXsjJe4mpC7eYO0XDTExMDgxNzIxMjI0MFowIQIQWXVGzLHd +em6V/keyl+G7nBcNMTEwODE3MjMyNzE0WjAhAhB8RWQAuS63r4hHkq0lAvsUFw0x +MTA4MTgxMjIyMDhaMCICEQD8EEZ/5QsoNLEJLjha7MATFw0xMTA4MTgxNzM0MTda +MCECECFDLYwNv7TtVrN4lTWIp4QXDTExMDgxODE5NTc1N1owIgIRAJFtRWuSWb+o +6XNclfN8U/4XDTExMDgxODIwMjgzMlowIQIQVS2DOJ3IbCoBuSA6I49TPxcNMTEw +ODE4MjEwNTUxWjAhAhBM3mI/69wzomlFWFAyR+0nFw0xMTA4MTgyMTA2MzJaMCIC +EQCZK+YLqO0xmjehq5eAgiEnFw0xMTA4MTkxOTUwMDJaMCICEQCRPFrknmZT5SHv +bOjbHWZ3Fw0xMTA4MTkyMDE2MTZaMCICEQDUmbV/BBFkm6EmXj38Gzr4Fw0xMTA4 +MjIxMDU4MjdaMCICEQDeFrBeBQJDqXOcANAQI66YFw0xMTA4MjIxNTIwNDNaMCIC +EQCBoLLMAREKp1YhMwSKg42tFw0xMTA4MjMxNDAwMTlaMCICEQDW5DzU5qrt4tVv +OO+QgI6dFw0xMTA4MjMxNDAwMjZaMCECEDyz+qS1SzSiRanhwx+BINwXDTExMDgy +MzE0MDAzMlowIQIQFxsDizL1661+o96C2HXz0hcNMTEwODIzMTUxNDE4WjAhAhAB +tyaBR0byPbdiIYTrw6RlFw0xMTA4MjMyMTIxMjlaMCECECKnaJlTFf3HVE8ywaHN +lc0XDTExMDgyNDEyMDUxMVowIgIRAJRgDCBeCagLZAmjo+XZ7tsXDTExMDgyNDE4 +MjY1MVowIQIQecssG8ap6Vzn4bLq9R0SyBcNMTEwODI0MjAzMzQxWjAiAhEAoOk2 +qB88B/qYTr+bG0XzChcNMTEwODI0MjAzODU4WjAiAhEA9wXjgQJ2kgQ4Irtar2cn +LhcNMTEwODI0MjA1MzM5WjAiAhEA+AyGP2wLGn0jdXa+mOGARRcNMTEwODI0MjEw +MTQ2WjAhAhAT10slLXwvjWiCpBv99zb0Fw0xMTA4MjUwODEzNDJaMCECEHKczBdF +aGHYCPuaEZp7Zo8XDTExMDgyNTEzMDI0NlowIgIRAIPKxlwV4MqSekJkwjisS+UX +DTExMDgyNTEzMDI1OVowIgIRALGOCHyzYYRki5U+GPj6BEYXDTExMDgyNTEzMDcw +NFowIQIQFu7o4Ag3z5TCvr7puXcR0xcNMTEwODI1MTQ0MDUyWjAiAhEA1AAEADnt +EEBbTYwTcg55IhcNMTEwODI1MTUyMDQwWjAhAhAdJDeu/4P5hZmDZqeFoTr7Fw0x +MTA4MjYxNDEzNDBaMCICEQC5KGzvgNFIxgSVet8d1rWwFw0xMTA4MjYxNDE0MjFa +MCECEAwDVCQ/QPKudYETWsC0dCwXDTExMDgyNjE1MTA0NlowIQIQJDHLYjzueZGp +cKrcKuv1aRcNMTEwODI2MTYyMTAyWjAiAhEAubvX66s1guAC7z+63camoBcNMTEw +ODI2MTgxNTEzWjAhAhBLvI1MuSImrA/SJEQzVgcKFw0xMTA4MjcwMTIzNTlaMCEC +EH6kTTOz83tDuNUSeQ6N4IkXDTExMDgyOTEzMjQ1MFowIQIQX8qM4schmo1hax0z +FzmLoRcNMTEwODI5MjAzNzMyWjAiAhEApge17VMgxO2Sook7MpdRPRcNMTEwODMw +MDczNjAxWjAhAhBJtlxtABqoQtytfokpqznkFw0xMTA4MzAxMjI1MzhaMCICEQC3 +kCF4cIPW6Fp3Z+3t1rCAFw0xMTA4MzAxMjI1NTNaMCICEQC0jYUMiI/TODXeG2WQ +mXy2Fw0xMTA4MzAyMDAxNDZaMCECEGBTzwHLOXTOsFY8s9jxzKwXDTExMDgzMDIw +MTQzOVowIgIRAJGLKyEh3AXc3xtg4OSdPNUXDTExMDgzMDIxMTkzOVowIgIRAJzw +teRCunyFOaNtahyT5j4XDTExMDgzMTA4MTU0NlowIgIRAMKAdtiXThjdQMY1xN/a +X1IXDTExMDgzMTEwMDY1M1owIQIQU6lnSabo0CjKyvnwAaCNixcNMTEwODMxMTI0 +MDIxWjAhAhAjBwU59Hxisf8oKJ7mwmQ9Fw0xMTA4MzExNjE0MTRaMCICEQDGge6k +eYv/IHfjTTfXsmvgFw0xMTA4MzExOTM0NTVaMCICEQDZnlz/MrJA5c59+IyATz1Q +Fw0xMTA4MzEyMDMwMDBaMCECEHc1RGmuk7wOaPR+Ng9GFVgXDTExMDkwMTEyMjEz +NFowIgIRAKeGFXMey+kWjYp/GPCCgPsXDTExMDkwMTE5MzU0OVowIgIRAMS8Of0Z +HBVpLlD5TO/OUxkXDTExMDkwMTE5MzYwNVowIgIRANf+sIU8ovx5QXxEpjuU5P4X +DTExMDkwMTIwMjczM1owIgIRAPnVsCb5YqioFZ+tl5mWogQXDTExMDkwMjA5MTE1 +OVowIQIQbSecLkuVZJg7nN9HzHB1HRcNMTEwOTAyMTMwMzU1WjAhAhAS0T2h1iu8 +pXSytL4cBS3fFw0xMTA5MDIxMzA0MDZaMCECEBsU7lMEA45vHgYwqNchdpgXDTEx +MDkwMjE1MTIxMVowIQIQR9hmuVoFPIG9V8GmS/kKMxcNMTEwOTAyMTYwNTM2WjAh +AhBNPtJuAaQTgP7pLUIj/OJYFw0xMTA5MDIxNjA1NTBaMCICEQCb66mE17Stx0pG +zGYdZp1FFw0xMTA5MDIxODQ1MzRaMCICEQClQ6JZrfV25I1M1Jg9huyuFw0xMTA5 +MDUwOTAwMDhaMCICEQCPPuoHg7OGBjtjixv9HEYcFw0xMTA5MDUxMzI4MDBaMCEC +ECafLKEjjT+kNcrdBais+WsXDTExMDkwNTE0MDY1NlowIgIRAJyJFdLMFvD55dSc +FxOp0QUXDTExMDkwNzAwMDUwOFowIQIQV7dZd4CIbMmC2VqAJn/gkBcNMTEwOTA3 +MDk1MzQwWjAhAhAg+x+iwBMuY5cmvu9o3jeLFw0xMTA5MDcxMDA0NThaMCECEC6M +UZtvzL8SafpLQBLbpkMXDTExMDkwNzEzMTgwMFowIgIRAPKU/Yf+yLdB4SE/rlnf +cHgXDTExMDkwNzE1NDYyNFowIQIQEG569Gs/JEGqSdpV6UWEsRcNMTEwOTA3MTkx +MDA4WjAiAhEAoCYW9gRaFEt8AF3cfuyGVBcNMTEwOTA4MDY0MzU1WjAiAhEAgzNm +8NRrP042KxhAiTNPIBcNMTEwOTA4MTExMjI5WjAhAhAPF2dMVDLjMiJy4hLYwppE +Fw0xMTA5MDkwOTEwMjJaMCECEH71zfuvAncIhWn+DIqdN/EXDTExMDkwOTA5MjQz +MFowIQIQB+GAGM0e+mVw7JVgH3F/ZhcNMTEwOTA5MDk1MDU1WjAhAhBYgBtfrcPr +weCxjM4sYoDfFw0xMTA5MTAxOTQ1MjNaMCECEF/e9V5qCSolFneCGlg9LtEXDTEx +MDkxMjA4NTYwM1owIgIRALxtQHzCdqzIs/67ZFREYMAXDTExMDkxMjIwMzE0MVow +IgIRAJmfSb8vK9N8osk5Xx3YNosXDTExMDkxMjIwMzE0NVowIQIQG/U9DlLfNPNL +KHXejerhZhcNMTEwOTEyMjAzMTQ5WjAhAhBq6/DrfajfOKZtZdNfkA4VFw0xMTA5 +MTIyMTEyNTlaMCICEQCzgLA05LL1j9+hhLCyXkpHFw0xMTA5MTMxNTM0MjZaMCEC +EHg+yaS7fUg/5mk/+DpTwQgXDTExMDkxMzE2MTEzMVowIQIQTYt9HT5hC2OvUhgR +5+eHpBcNMTEwOTE0MDkwODM5WjAhAhAu800sDpRD8eUQXaQjLy36Fw0xMTA5MTQx +MDA0MDNaMCECECj33dEkE72MFtGgWdNA1HQXDTExMDkxNTE1NTMxOVowIQIQFuXp +uynSD8E0F8zVGiLcghcNMTEwOTE2MTQ0NTUwWjAhAhA2m8a5vjOwLCtvg4LsCDwm +Fw0xMTA5MTYxNzE2MDRaMCICEQDZAy7i/UBF7NnTjrC6pv7YFw0xMTA5MTYxOTA2 +MjdaMCICEQDkBAikn9rwwKH9Bq3orJ8VFw0xMTA5MTYxOTM5MDhaMCICEQDdN1Qk +BJVOPTn9jCLfb8bvFw0xMTA5MTYxOTQxMzRaMCICEQDYC9/CziY6h0VyksAyyyGw +Fw0xMTA5MTkxMTQ5MDhaMCICEQCsvAxKZ3TUn0vbvgFUdNFNFw0xMTA5MTkxMzI0 +MjBaMCECEGktw+o7Tc+TD9f1fgc03wcXDTExMDkxOTE4MDI0OFowIQIQakuxHOqi +XCjJ9ZH+zUiG3BcNMTEwOTE5MTk1NTE3WjAiAhEArH7BWFtch9KN2QDNXcaiChcN +MTEwOTIwMTI1ODA5WjAhAhBQBOrpiRvl8DE3QFTs/mV3Fw0xMTA5MjAxOTA1MzNa +MCICEQDleOs0X2jgVFhRdAWM5mS2Fw0xMTA5MjAyMTIzNDhaMCICEQCLMQS2WJNj +j0uNLubOUxOfFw0xMTA5MjEwODQ3NDdaMCECEDC+OHoGvcmtas1zKWDnPQQXDTEx +MDkyMTA5MDAyN1owIQIQaP67vFAWFS23wP5UYCZ1SxcNMTEwOTIyMDk1ODEzWjAi +AhEAqdfh8HYh6J+hx0mbEQOPEhcNMTEwOTIzMTMzMzUxWjAhAhBJ5hYKgp/UKIn0 ++oZuMznHFw0xMTA5MjMxNTAyMDZaMCECEAF6EpwARDUh+eTvha3skqQXDTExMDky +MzE1MDIxMVowIQIQEezhjevzlwlSlqPsKScdFxcNMTEwOTIzMTc1OTQ3WjAhAhAu +5qsWyaYSqpoxUo5hu+KhFw0xMTA5MjYwOTE1MDVaMCECEGWr53TQHCULl11tJ9eH +5AQXDTExMDkyNjEwNDIyNVowIQIQOGXDGaqpYh85ZtCkB2f4fxcNMTEwOTI2MTQz +MTIxWjAhAhAT895ePAzBC30lc3MMUQ8jFw0xMTA5MjcxMTI2NDhaMCECEGoS9RNU +v5DXa32ZQ3P8Sv8XDTExMDkyNzE0MTQxOFowIgIRALgweyxIZpDd3n6/XP4huzkX +DTExMDkyODExMjEwMVowIgIRAPELqdfNXG9bgLzb17iFA9wXDTExMDkyODE1MjEx +OVowIQIQaLbSXPokkL6e2L3BHjzmyhcNMTEwOTI5MDg1NzEyWjAhAhBZanMGLbN3 +CBh6aU1TYiaBFw0xMTA5MjkxNTA2NDVaMCICEQCzgCkO1GDlK4bJeUauW4laFw0x +MTA5MjkxOTI1MzJaMCECEHySwFQhqSX4l7rylJE4wm4XDTExMDkzMDEwNTg0N1ow +IQIQEztIxwGzfjisgZVODfUroBcNMTEwOTMwMTgyMTE0WjAiAhEAz202Ei1d94ya +b4Yr0F2+8hcNMTEwOTMwMTgyNDIwWjAiAhEA5BfUboJB3oXEdS9MfinR/hcNMTEx +MDAzMTU0MTU2WjAhAhA7m8RbrtH/ylYWimOmWxSyFw0xMTEwMDMxNzE1NDhaMCEC +EByPTOo5eP7pyTL2alwPm3cXDTExMTAwNDE4MzIzMlowIQIQSihiVLkCH4LI4IiK +P9c+JRcNMTExMDA0MTg0NzE1WjAhAhAKk9UhqGdaZ7Fr+hI40S4qFw0xMTEwMDUx +NjU5MjJaMCECEGab758J0j/7s045/jirK0cXDTExMTAwNTE3NDQwNlowIgIRAL0o +nw4UwG1I9gCfadiL0KsXDTExMTAwNTE3NDQyNVowIAIPY5L9F6QV5x4sCdFTDZaw +Fw0xMTEwMDUxNzQ0NDBaMCECED5KIKjBqvsvZt+G4WNIi98XDTExMTAwNTE3NDQ1 +MlowIgIRAM8jaJYdeCs78dH0vik1jygXDTExMTAwNjE4NTEwOVowIQIQYm6Y5w9u +p9IT6V7u0GXLDhcNMTExMDA2MTkwMTE0WjAhAhB2ffdYWZJEPiaXK6Z5m04XFw0x +MTEwMDYxOTA1NTNaMCECEBJv0OBwA8qSQwPVspFuu5AXDTExMTAwNzEzNTIzNlow +IQIQYCJnxK1JuL1EXq2KHhiXqBcNMTExMDA3MTUwMjQ4WjAiAhEAzmrjskiuWw1s +OUM67uTNGRcNMTExMDA3MTUwMzEzWjAiAhEAv6ZjdUmB2sF8WfsolSpI1hcNMTEx +MDA3MTcxNDA5WjAiAhEArlOf9PkuXusrPIYiYJwdGBcNMTExMDA3MTczMjIyWjAi +AhEAlQZM7a7NRGeZv048Y8TS4RcNMTExMDA3MTc0NTEyWjAhAhBUPsJcv8W/V/z2 +MJDzYTM4Fw0xMTEwMDcxNzUyMTJaMCICEQD12nCJKKFPZ47T8VsXTVikFw0xMTEw +MDcxODE5NDNaMCECEDYA5biYfBcPfySnr1gmSVgXDTExMTAxMDE0NTgxM1owIAIP +YrYUyBED1HEWb2DPvFTtFw0xMTEwMTAyMjM1MjRaMCICEQCFOZXR0Tpy3VaemM4P +o5LcFw0xMTEwMTExMzEwMThaMCECEHWcpTPVF+oif682ibtgx30XDTExMTAxMTEz +MTAyNlowIQIQWzWd5XE0tFVi1o9r0P5j6RcNMTExMDExMTMxMDM2WjAiAhEAlwHv +WzeUoA+ZNiwksEgo2xcNMTExMDExMTMxMDQzWjAhAhBFnnVVS/vO73tF7fIbOsW2 +Fw0xMTEwMTExMzEwNTBaMCICEQCR0kBlsMgm8wAG8lhrIhhFFw0xMTEwMTExNDUz +MjVaMCICEQDo8LryyZ/F91aRpjjas6XqFw0xMTEwMTIwOTI2MDRaMCICEQDB5W8P +8lW9Z66Q1NNptOGCFw0xMTEwMTIwOTU2NDdaMCICEQDBrAkjtrPvCwR0B1d6Px1J +Fw0xMTEwMTMxODA4MDJaMCICEQC7eU46BghNwrIZfB4OFxBaFw0xMTEwMTMxODM3 +MDZaMCECEHalsT8Alr0nM0gXEykjIcMXDTExMTAxMzE5MTYxMVowIgIRAP60rc4K +4HBTmcf+K6gJftsXDTExMTAxMzIxMTQxN1owIgIRAJ9j78ao+wjksVun9jrUoDoX +DTExMTAxNDE4MzY1M1owIQIQB0RkCSAqe+3zbvGJ5YRBjBcNMTExMDE0MTgzNzE2 +WjAiAhEAyC0cylTEeKyP48QaL8vm6BcNMTExMDE0MTgzNzM3WjAhAhA5YA3MGKkP +LMlTwdbNHMlMFw0xMTEwMTQxODQ4MjBaMCICEQCOOzO2k+gxQT1qC6LveXddFw0x +MTEwMTQxODQ4NDJaMCECEDvZORiKp3483DunNJnaPRAXDTExMTAxNDE4NTgzNVow +IgIRAL0OCks0tUWoXsfsJe6cu7QXDTExMTAxNDE4NTg1N1owIQIQd6nlMitg2gwA +7RikJhBLNxcNMTExMDE0MTk1OTE5WjAiAhEApe1I9Aksv7IuYlFvlJK/bxcNMTEx +MDE3MTE1NDAxWjAhAhBfXVhwlbXCqf7+P2K2iOjVFw0xMTEwMTcxODA4MzZaMCIC +EQDnZOX3hInG2faO+kTUpNs5Fw0xMTEwMTcxODUzMjNaMCICEQClnZkoerOjRHk8 +znKstBsfFw0xMTEwMTcyMjUyMDJaMCECEDA6scwqlOdSA2ALSIGhd80XDTExMTAx +ODEwMTYyNlowIQIQZFBsSQFGkWfj1SjfmQeGHhcNMTExMDE4MTYzNjI0WjAiAhEA +3bC+iyYS8Fxnf6y8crU4bxcNMTExMDE4MjAwOTIyWjAiAhEAuJAVXE5SbNoBOC1h +t7rNTBcNMTExMDE5MTUyMTEyWjAhAhB9oHOA4Gj/66WRa5SVyLX/Fw0xMTEwMTkx +NTI0NTVaMCACDww3oXBUTOfNX5S3C4kyBRcNMTExMDE5MTkyOTQ5WjAhAhAMbMAf +yHf/CUqrx6l53QtqFw0xMTEwMTkxOTI5NTVaMCICEQDEmSw4InHY0KP7IbrGPQLo +Fw0xMTEwMTkxOTMwMDFaMCICEQDJnzWBWvDxBjPfXqfaRhH4Fw0xMTEwMTkyMDA0 +MTdaMCICEQCrc8Z0ng7RHb4HGCtf4jR6Fw0xMTEwMjAxNzMyMzVaMCICEQCYPyuw +ku8fvNQ9etMyqGSqFw0xMTEwMjAxNzM3MjhaMCECEH6W3QJhVCBBlaBEbmP716EX +DTExMTAyMDE5MjkxMVowIQIQQ7dEBz2x6H0TFz1LgyD95BcNMTExMDIwMTkzNTU3 +WjAhAhAbt+hbYWypwCrRFuhmd46UFw0xMTEwMjExNDU4MDVaMCECEAVCyoml4qpe +gSr4eYpP1LgXDTExMTAyMTIwNDc1MFowIQIQTbXTvOgXpBWxwDc7y6Ln0hcNMTEx +MDIxMjEyMjM1WjAiAhEAkolSm+C27r7VcaoSNrCuwRcNMTExMDI0MTUwMjUwWjAi +AhEAsziMrQ1+gZN6XkTgfxo0pBcNMTExMDI0MTkyMDQ5WjAiAhEAvTcHGHTboUC8 +31DsvLaQPBcNMTExMDI1MDAxOTQ3WjAiAhEA6buw7ww2dZQ8p7aVU++kFxcNMTEx +MDI1MTg1NzQ1WjAhAhAYlJIL95V/EX9Uve1fC7QQFw0xMTEwMjYxNDA2MTZaMCIC +EQDJ2SbTD7L597fmXVZNnLE4Fw0xMTEwMjYxOTQzNTVaMCECEHk/N1k4FAE39JOt +EL9VhfAXDTExMTAyNjIwMjMzMFowIgIRAJ92RlrlUofk+bQw28zEkR4XDTExMTAy +NjIwMjM1MFowIgIRANE0ZD/32tJwqSTUNiYvjoAXDTExMTAyNzEwMTQzMVowIQIQ +I9lioauf4ZM+v/eYfCNWhxcNMTExMDI3MTAxNDUwWjAhAhB1yKc31A9RTwKi17J8 +FhTSFw0xMTEwMjcxMDE1MTVaMCECEAy2morqpc9DMDVvaKNgNDQXDTExMTAyNzEw +MTUzMlowIgIRAIaG6DipvWf+Gnz/04V5yzQXDTExMTAyNzEwMTY1OFowIgIRAMEI +dj24XSVbvjeBWcEtyd8XDTExMTAyNzEwMTcxNFowIgIRAMqQwm58SD+vzgTaDU72 +M3MXDTExMTAyNzEwMTczMFowIQIQS4pGShcugHtoJITh3S4M8RcNMTExMDI3MTAx +ODA1WjAiAhEAqxe5PLJ22XI42cAG2dhMphcNMTExMDI3MTA0NjQyWjAiAhEAq65R +DEZJenpgzTCcRo0J1hcNMTExMDI3MTI0NzE1WjAiAhEA5diprOgJ6OMqW/zgAyg5 +KxcNMTExMDI3MTczMzQ0WjAiAhEA06HWONsfNLIletR1sXxjARcNMTExMDI3MTcz +MzUyWjAhAhAlnJ0tmzUBWQ08g9lqNQT+Fw0xMTEwMjcxNzM0MDFaMCICEQCHBU33 ++Vs1TbzyLZMl0SvgFw0xMTEwMjcxODMzMzZaMCICEQDHl8YiKI5suNHzY52LfUmK +Fw0xMTEwMjcxOTMwNDlaMCECEEyvjbFJs5DM72QUIr17w98XDTExMTAyNzE5NTIz +MVowIgIRAJ2tJDSWD0i7lXJ9UPXpigcXDTExMTAyNzIwMzQ0MVowIQIQGAgWOf3o +coveW9Q0NV8G+BcNMTExMDI3MjA1MDEyWjAiAhEAim3f2dHDBCM3IR9W7+vkqhcN +MTExMDI4MDcyNzI1WjAhAhBXnYAwGpsA8ADL/NzJvruzFw0xMTEwMjgxMjUyNDBa +MCICEQCC9cQdRdUj4ELgP58hwkX+Fw0xMTEwMjgxMjUyNDlaMCICEQDXj96k1lDD +tOWQq7aBA8boFw0xMTEwMjgxMjUyNTZaMCECECf9RHJ6XXdNMTnmhBm/Ip0XDTEx +MTAyODEyNTMwM1owIQIQPpktHWF2WMjijaFTjqVdnBcNMTExMDI4MTI1MzEwWjAh +AhAyNXQ+hDALDbOQnonD5btTFw0xMTEwMjgxNzIzMzZaMCICEQDQ+5g8ear6nD+L +3sgAekjiFw0xMTEwMjgxOTQ4MjNaMCICEQC6ZdZ9KCvHeDWIZfo3JYP9Fw0xMTEw +MjgyMDU5MjFaMCECEHRoTMiGtEUnLLbzi6r5ZTAXDTExMTAyODIyMjAzNVowIQIQ +f3EQPerFjtnnON+/tyKXyxcNMTExMDMxMTE1ODIyWjAiAhEAwURIl2cndzdFcXiV +v8nrUhcNMTExMDMxMTMxNjQ1WjAiAhEAin+jqrI3snmcfhLuQZrZNRcNMTExMDMx +MTUwMzI5WjAhAhAVOPhtzkn77QeEm2MpXbS6Fw0xMTEwMzExNTA2MTFaMCECEFd4 +XR+PpW+wu/nIXZ0Cvn8XDTExMTAzMTE1MDYyN1owIQIQOKqBpcTzdnPyXTSr31Bd +DhcNMTExMDMxMTUwNjQzWjAiAhEArE0CySlbnd/sPoPD4ARUWxcNMTExMTAxMTgw +OTExWjAiAhEA17M/xgfg/PDjY9PHCNWKRhcNMTExMTAxMTgwOTMzWjAhAhAhqLtA +3O/nW8lILzUCOIlnFw0xMTExMDExODI2MDhaMCICEQCflAIdkoOLIsC+BKP1BsvA +Fw0xMTExMDIxNzE2MTZaMCICEQCv2o5COYBJHZHCX49Wx/WpFw0xMTExMDIyMDAx +MTVaMCICEQC37k+S6ZRfyrpkhfTUyC5iFw0xMTExMDMxNjQ5NDlaMCECEF0zHxdm +Bv2a1/Hnon2U+QYXDTExMTEwMzE5MzMzMVowIgIRAN0p5gD6Uk9MsAEKbgEsJkwX +DTExMTEwMzIxNTIxOFowIgIRAJH5RVRZM1vjLOWMBayqVz0XDTExMTEwNDA5MDkw +OVowIQIQLMnBl6vpPSlIotKtlQ5GYhcNMTExMTA0MTQyNjM0WjAhAhBplNdOp/oG +lkd4sHjadS1zFw0xMTExMDQyMDA2MjVaMCICEQD24g2ww0fWpB4nyghSi7v7Fw0x +MTExMDQyMDA3MDZaMCECEG0aPdfXKDTmkRDB0NQQli8XDTExMTEwNDIwNTczMlow +IgIRAIW0/1QxoujdL3pfdbyrVaoXDTExMTEwNDIxMTEyOFowIgIRAMRbTG72iLez +e5j93JgThL8XDTExMTEwNDIxNTI1MFowIQIQeZ3FZAXCOpWYAxc/rVfcuRcNMTEx +MTA1MDAwODA4WjAiAhEAiRstR3W06xUVO4FYpntHhxcNMTExMTA3MDk1NTMyWjAh +AhB8n2fnyBtHuC/CEp8DzsftFw0xMTExMDgxODA2MDFaMCECEAR44it/RqbvnGHM +oPguLvQXDTExMTEwODE5NDQwNlowIgIRAJn17BmhDvwbodZr25Bt4QEXDTExMTEw +ODIyNDIxMFowIgIRAMzQMKVGvBq+ohuUJ++umgUXDTExMTEwOTA2MTMzMVowIQIQ +RYeC32dO1CZXPL0c9CiXXBcNMTExMTA5MTQ0ODQ3WjAhAhAvNglsbHSRiG7srbY9 +2retFw0xMTExMDkxNzE3NDdaMCECEFjkOGctFmQd5gHyPqxDYOwXDTExMTEwOTE3 +MjExNFowIQIQKivH7pBNPn6Tu5TnvtOMUxcNMTExMTA5MTk1NDMyWjAiAhEAyBga +pV9SBqY6V3KdfIZ1MBcNMTExMTA5MjAxNDIzWjAhAhASj3Ztf8YGBPmTTW33hbhK +Fw0xMTExMDkyMDE1NTBaMCECEA4981W2mZoBvNjioUehqB0XDTExMTEwOTIwMTk0 +MVowIQIQVw3d7xQm70GDFinkmBKeRRcNMTExMTA5MjAyNTI0WjAiAhEAwkscCQz3 +I+/cQmGIoPGpFBcNMTExMTA5MjA1NDI5WjAhAhA2u4bI+ZJnfYulfNIF7sFWFw0x +MTExMDkyMTAwNTVaMCICEQDUBGsQhlUju3njw0yFYDM9Fw0xMTExMDkyMTU2MzBa +MCICEQCK0g2lKifBqiNFcnKvq6epFw0xMTExMDkyMTU3MTVaMCICEQCI4EsfBv0y +i13nSbRmo4roFw0xMTExMTAxNTMwMzdaMCICEQCKTvARVMQ7LTRhrXVI4zbpFw0x +MTExMTAxNjQ4NDRaMCICEQDsnXr3IvWx1tIze3cUgIEWFw0xMTExMTAxOTQzMzBa +MCICEQD90iFGPmbtPS7hH0inO1IrFw0xMTExMTAxOTQ1NDJaMCICEQDdSulTB9RF +IGiLOXH58xqtFw0xMTExMTAxOTUzNDNaMCECEAYlcSsA6wgAod+oI7HqyHoXDTEx +MTExMDIwMzE1NFowIgIRAMxl85ECpBNzMtwFd/wY6FsXDTExMTExMDIxMDUwMVow +IgIRAKzZuu0YNUY5d/DNARrpJKEXDTExMTExNDEzNTM0OFowIQIQfSA0Ix+Zf1nj +7BpXKkp8ZBcNMTExMTE0MTQyMjQyWjAhAhBZQGIKnvG1k04ALmNlSVqVFw0xMTEx +MTQxNjI4MDFaMCICEQDXHsJv/XUB+8AwVHEXcr8fFw0xMTExMTQxOTA5MThaMCIC +EQC2oZdOzFMDQLJwEQJqHlMnFw0xMTExMTQyMTE0MTZaMCECEB+QBqJ1DR7RKz5r +jAYgVZIXDTExMTExNTE3MTIxN1owIQIQSWMkqGpcuuyEWPjZa+7+4xcNMTExMTE2 +MTUyNjIzWjAiAhEAqAjI95DEAA7zVTvFQZfDDRcNMTExMTE2MjE1MzMxWjAiAhEA +sAUqEHGOiAPLYaQN8pveVRcNMTExMTE3MDEzMDUwWjAhAhBE9+8qDdBjzZdey7FV +uLIoFw0xMTExMTcwNTU4NDVaMCICEQDXFKqkXU2aEp2LaBFZr7lUFw0xMTExMTcx +NjMxMTNaMCICEQDQgbg60L6qd2yPcFal77nVFw0xMTExMTgwMjQ4MTZaMCICEQD9 +gGlaks3B5WNlZpkpUIaOFw0xMTExMTgxNzA2NDhaMCICEQCgcb9bztoW2sOYu7O8 +4S//Fw0xMTExMTgxNzA2NTRaMCICEQCT5XrHgMNckMCfZ1kgZhlUFw0xMTExMTgy +MTU4NDNaMCICEQCbTBbW4RusnX1vxg7sEL+XFw0xMTExMTgyMTU4NTVaMCECEA0X +vQoH01bUFntG90uKYb0XDTExMTExODIyMDIwMlowIgIRAI58VYFc6acCjkMaE2zy +JJ0XDTExMTEyMTE0MzMzN1owIgIRAOOI+tsRXB8+62AmrptDfvYXDTExMTEyMTE4 +MzE0NVowIQIQb16F6Fo/wer3bn4lenHoghcNMTExMTIxMTgzMTQ5WjAiAhEA4Xik +ThMhr+nXRrjhftlaOxcNMTExMTIyMDc1MjU2WjAhAhBuKb5HCcEZaRxDj7zT2M6d +Fw0xMTExMjIxNTU0MzZaMCECECfn/eod6mq+WYbzp2vsQ18XDTExMTEyMjE3MjYz +MFowIQIQHF331PLEJ9DXhtn2ztK8fxcNMTExMTIyMTcyNjM3WjAiAhEApumxihu/ +2rULg0GNyOzM3xcNMTExMTIyMTcyNjQyWjAiAhEAtdHX9rG50I6jNYOwUi6oGxcN +MTExMTIyMTcyNjQ3WjAhAhAloHLAgGONcUSvQYbOe7EBFw0xMTExMjIxNzI2NTRa +MCECEHMFYB0hrNFKYIjiwQJDuSYXDTExMTEyMjE3MjcwMFowIgIRAIRPijF+H71z +e85KJI3pjx0XDTExMTEyMzAxNTEyMlowIgIRANP6/0fIjvijY2hpCc/gtigXDTEx +MTEyMzAyMDc1NVowIQIQOqGV485w2WQL7BdEbWVjBRcNMTExMTIzMDIxMzE0WjAi +AhEA4tLlzBpwPJWRtTubUPV/OhcNMTExMTIzMDIxNDI5WjAiAhEA4BuZO9BwcEFb +kVeL6ePiuhcNMTExMTIzMDIxNTUzWjAiAhEA9yp5IYO/fdXAS+f4hng73hcNMTEx +MTIzMDMxNTI4WjAiAhEA/G9p+oXgrdBLwpbGj77JMhcNMTExMTIzMDMyNDM4WjAi +AhEAnUHw9MvFnAYYEWcTJ21cjhcNMTExMTIzMDM0MTUyWjAiAhEAiXlvHYSHabvS +Oh/pbd4/lhcNMTExMTIzMTUwNDQ4WjAiAhEA+vhwAxCCP9InkkYvWqeWXxcNMTEx +MTI0MTYxMTU1WjAhAhACNRwfgj6QLTj0AMnF1dodFw0xMTExMjQxNjEyNTJaMCEC +EBUKxyMNITpS3sqPzABPV1IXDTExMTEyNDE2MTM1NVowIQIQeR84uBVyjSW0/Dv9 +8670YxcNMTExMTI0MTYxNDQ0WjAiAhEA/+JNjpwfJtXY5mKLzxkaZRcNMTExMTI0 +MTYxNTU4WjAhAhB1gxbtJVbejzFVk5In7BqFFw0xMTExMjQxNjUwMjRaMCICEQD4 +6QBHAgxCSiJPYeAg2iqLFw0xMTExMjcyMjE4MjdaMCECEHsIp+am/kBfZFeHucft +7OMXDTExMTEyODA5MTIxMlowIgIRAKZ4Cx/MSruuHVoXSqx9C/cXDTExMTEyODEy +NDQ1MFowIQIQSuhERjkIj5YwOJbwXFoVdBcNMTExMTI4MTI0NTA2WjAhAhA7oZb+ +kiv5UtwsmBdrMmQkFw0xMTExMjgxMzU4MTZaMCICEQDfUDsckt2Kau4FsrNHpzpF +Fw0xMTExMjgxNTA3NTRaMCICEQCLXBGZpTl+mTAEE2Xc1iucFw0xMTExMjgxNTUz +MTNaMCICEQCmwV0cWZ8BadrDaaFgmH33Fw0xMTExMjgyMTE5NTNaMCICEQDQHZ22 +CVA7ooc3cJB5f2ERFw0xMTExMjgyMjE4MThaMCECEFTvvWMd/vKcWJsAiObBgVAX +DTExMTEyOTAxMzIyM1owIQIQeIhhLhufNaCkTeMI1WEd3RcNMTExMTI5MTc0NzE1 +WjAhAhBqIW3fRfsJpXuHR/yOw5+UFw0xMTExMzAwMDE4MzFaMCECEBZ5lFzai+5G +xVqcEF8reU4XDTExMTEzMDAzMTg1MFowIQIQFDYEg/E21eKAKnELiLoHGxcNMTEx +MTMwMTEzNDQwWjAiAhEAlPJRds0Rsaow64kBnp+qFRcNMTExMjAxMTE1MjM4WjAi +AhEA1bZLz5bwY7Lw93KziZptoxcNMTExMjAxMTQwNDE4WjAiAhEAzcbG5iPKSsFq +ZxD2eOHyaRcNMTExMjAxMTUxNTQ0WjAiAhEAwJMb6iXz9BhsXwVaHxmA1xcNMTEx +MjAxMTUxNTU2WjAiAhEAm5B97208mTH1hEaZgH2ngRcNMTExMjAxMTUxNjA0WjAh +AhBFrH2rWKytqN2zQGiKaPMeFw0xMTEyMDEyMDAxNTBaMCICEQDZXa/u7ooqxw7d +axjX6AW3Fw0xMTEyMDEyMTQ5MzVaMCECEHdBh2HCMacMsy6qWP8uCxQXDTExMTIw +MjE5NTcyMFowIgIRAOvZK9dLXWDdl417Pn2IklAXDTExMTIwNTE1MTczM1owIQIQ +PGgg7OMtqY0vk/FjMBC8aRcNMTExMjA1MTcyMzM0WjAiAhEA1vJN/LzRLuERngcI +OeGzmxcNMTExMjA1MjAyNDQzWjAiAhEAlJyNHjs8QFzR7iZwCIklahcNMTExMjA2 +MTU1MjUyWjAhAhBIfOFWKbRdsguJnKqxxlV3Fw0xMTEyMDYyMDI2NTRaMCICEQDB +l73VmJDs5d5HXdDTWrjLFw0xMTEyMDYyMzQ0MThaMCICEQDrj7hI4tQv70jOjmyR +5DynFw0xMTEyMDcxNTEzMThaMCECEEhQmXoztHtJMR2UDmlGlDUXDTExMTIwNzE1 +MTMyNlowIgIRAJLM7MARiIDqVo3Cz1pPmSgXDTExMTIwNzE1MTMzNFowIgIRALc8 +HATcJkhoNcJNYPmpmgIXDTExMTIwNzE1MzMyOFowIgIRAPk+CPj9emLYkX7Ame6l +/QAXDTExMTIwNzE4MzIxNFowIQIQV+ec5cW9TJ+HU3k8UXUK8RcNMTExMjA3MTg1 +MTIwWjAhAhA2aBB1C6RSt4rc0PmwQsqrFw0xMTEyMDcxOTM0MTNaMCICEQCwCvCJ +GFZkaxm4ZoLCrCJzFw0xMTEyMDcxOTUxMzRaMCICEQDA7d8yExQRJFP59URuhMQl +Fw0xMTEyMDcyMDA5NDVaMCICEQDuPzB+/j1pJHH+u+yXlQ3rFw0xMTEyMDgxNjMy +NTNaMCECEDvr0VuISJeDw6DcGhI42kEXDTExMTIwODE2MzQwNVowIQIQGDPDjnXV +dt8L5vIySCOlqxcNMTExMjA4MjA0MTI2WjAhAhA/H6VE1vp47K3FYldfWF6EFw0x +MTEyMDgyMDUwMzVaMCECEFuI1mAe3s63wL/bFj66+AAXDTExMTIwOTEzMDE0MVow +IQIQLPv7Ng7ixgzLjf4S7cxHyxcNMTExMjEwMTUzMDIzWjAiAhEAx59pmxS/l9i0 ++ctP6n3//xcNMTExMjExMjAxMzE5WjAiAhEAsw1+4gJYGxdasyAEw/8ToRcNMTEx +MjExMjAxNDQzWjAiAhEAir2SjU9RxDlWtuGj/O9iBRcNMTExMjExMjAzMzE2WjAh +AhB4APKIosh3N912+Y5fw8DCFw0xMTEyMTEyMDQ3NDJaMCICEQDd4q+rTZGkRKdT +3fHcfeXxFw0xMTEyMTEyMDU4MTNaMCICEQDGVHJSht9hzX6Nr6SWPUAOFw0xMTEy +MTEyMTE4MzFaMCICEQCK+gv66Z2dPgOt1iHzwP4xFw0xMTEyMTEyMTM0MDhaMCEC +EC3KLsetfRBW+QanDoiNbgMXDTExMTIxMjA5MjA0NlowIQIQZQeyrgoU0nXnmwEk +Eg2oUxcNMTExMjEyMTc0NTIzWjAhAhBLgNww6jku2I5z4kYJZBJ5Fw0xMTEyMTMx +MjEwNTdaMCECEF8Arcoc93BAddtxHDjPxh4XDTExMTIxMzEzMDAzM1owIgIRAJf9 +ijfdV30/jJaof0I67f4XDTExMTIxMzEzMjU0MVowIgIRAPUs6jTiB2w6LBJpVWkg +2bIXDTExMTIxMzE5MTQ0MlowIgIRAMI4/Lc97LPc2oacmMmWVg0XDTExMTIxMzIx +NTI0N1owIQIQctIfuJpRMGa7WycYvHRIRBcNMTExMjEzMjIzNDEzWjAhAhBu+rUF +91zGHgX//bVg48x1Fw0xMTEyMTQwMzA4MDRaMCICEQD6KYD9E+V19dxhXsbLPuBU +Fw0xMTEyMTQxMjAyMTRaMCECEBDoK2qEjM1b6Mc7htq2UG8XDTExMTIxNDE3MzM1 +N1owIQIQWGgLqkLuAkx3GMRxuhyBcBcNMTExMjE0MTgxNTQ4WjAhAhAJ3XoL5bh+ +TgpnIkYcKqvAFw0xMTEyMTQxODMxNTFaMCECEC2GxZcz9r3osjIdldbX56wXDTEx +MTIxNDE4MzI0NVowIQIQF2+pg/wJkhagTTKAZmZ2oRcNMTExMjE0MTgzMzExWjAh +AhBl05ziUI9XAgEX9SJiPT6IFw0xMTEyMTQxODMzMjVaMCICEQD70Mjk/fYsh1GG +IFN3oe/aFw0xMTEyMTQxODMzMzJaMCECECrGe+yx4YyGz4m7EAOwDXEXDTExMTIx +NDIxMTkyOFowIgIRANla+W7GXmDhjHxZ77CC2EIXDTExMTIxNTE1MTc1NlowIgIR +AL5OvzwO99n8YaHRsLwZGvMXDTExMTIxNTE1MTgxM1owIgIRANSzlXKRyzzlYU4w +9oNE4EMXDTExMTIxNTE4MDQyNFowIgIRAORQsqCdpCt4TYCfAwqM2bwXDTExMTIx +NTIwMjkwMlowIgIRAKswD9YiiMwTlTjJ9/xSDbEXDTExMTIxNjE0MzIyOVowIQIQ +fsCvM+nmg7ncEeDWd20SdhcNMTExMjE2MTUzNjMwWjAhAhBk+llpJ2JQ6lqVdMzl +O6feFw0xMTEyMTYxNTM2NDVaMCECED3gZJ/6OAdMnag7AvgMYOoXDTExMTIxNjE1 +MzY1OVowIgIRAP1v4OuRXBdmD7dL1WC0AicXDTExMTIxNjE1MzcxOVowIQIQKqhh +Yig29MAZjhFTH8TLLxcNMTExMjE2MTU1NDM1WjAhAhA5bRtFmH+UoHu/rxkLzlYs +Fw0xMTEyMTYxNzA4MzhaMCECECJLJw9MP3NxAZYHnKOdxzwXDTExMTIxNjE5MTQx +OFowIQIQRHC2E4Bqt301gyTphu3yFhcNMTExMjE2MTk1MjUyWjAiAhEAwfnKwsPC +0cNqDDTj5sOuaxcNMTExMjE5MTI0OTAyWjAhAhAd9ji9kHXFyMS9a/ySTKbIFw0x +MTEyMTkxNzQ4NTVaMCACDzLHcNuW3IpgGahBSz8DqhcNMTExMjE5MjAyNzUxWjAh +AhA3gKOm3ifEB0z1gFVe3B+kFw0xMTEyMjAxODA4NDdaMCICEQD2gpV1yWbaZu1k +Qdq773COFw0xMTEyMjAyMTA0NDZaMCICEQDhxLXrRdXqNxXeo4gXKEcUFw0xMTEy +MjAyMTA0NThaMCECEBuQZA2LKmM/jDYoJ/YDHscXDTExMTIyMDIxNTExNFowIQIQ +fTHQfyOF0u9dswky8fh+UhcNMTExMjIwMjM0ODM0WjAhAhBmNg7ZN5Jm56kbUGFL +KQ34Fw0xMTEyMjEwNDU0MjlaMCICEQD83A5JbGR9YAQEvbaAKyTnFw0xMTEyMjEw +NjMxNTlaMCICEQCjhaomHMCf1B+6n7MywxGXFw0xMTEyMjEwOTEzMjdaMCICEQCt +BwTiJKgN9uhjYlp36wgxFw0xMTEyMjExMjIzMDVaMCECEEVY+OflUFTl2XI9UsRy +2XsXDTExMTIyMTE5MzQ0OVowIgIRALOWDtsxnvqThW1zVTiqHJ8XDTExMTIyMTE5 +NTAxN1owIQIQdqHplb1AtzLWAigCIPLeRxcNMTExMjIxMTk1MDM3WjAhAhBjPIHC +sSy7CVVf8kvRLcVyFw0xMTEyMjExOTUwNTVaMCECEBTc8s4HazraJaHPQIxvEeIX +DTExMTIyMTIxMjczM1owIQIQX/09KjpeSXDSUsmoM69+lhcNMTExMjIyMTU1ODA2 +WjAiAhEAnLxAhO8MI8NkpvSgTQNKphcNMTExMjIyMTYzNDIzWjAiAhEA+gcTt3yu +/SqSa8xl3p4W5BcNMTExMjIyMTc1MDE0WjAhAhAH9gwgXT8NvAwjX6p+ZqAwFw0x +MTEyMjIxOTQ3MjhaMCECEBp5QctL36AObNGOt2e95JEXDTExMTIyMjIxMjgyOVow +IgIRAL75FS5HLU8kplI/QIBJqkkXDTExMTIyMjIxMzU1NVowIgIRAJDxTFna5LIn +3HXbBwQoQgEXDTExMTIyMjIyMTUyM1owIgIRAN/aXhUBkxWCIMw58+FGUBwXDTEx +MTIyMzEzNDMxMlowIQIQIe1KmqKdwe8VKaP37fPn8hcNMTExMjIzMTcyMDI3WjAh +AhBFvcU5LUX9ZTNqbcWpal11Fw0xMTEyMjQyMzM1MDRaMCICEQD5vIu6ryDQXCgB +rFeAtsUsFw0xMTEyMjUxNjMzNDBaMCICEQCrSZZVA0B9v3oLu4r9DeuMFw0xMTEy +MjcxNDQ5NDhaMCICEQCOGyEG+19Uaenyya1WOCLlFw0xMTEyMjcxNTE5MDhaMCIC +EQDteYjvZ/6r/gdGp8dYnpM4Fw0xMTEyMjcxNTQxNDFaMCICEQC5CrUF3O/KkyAJ +pfsSIy6YFw0xMTEyMjgxMTM4MzdaMCICEQCz/eUuOQtvfrjGAFrkTlQPFw0xMTEy +MjgxOTA0NTNaMCICEQCLsPrSEosFGQZQg4h5eq4JFw0xMjAxMDMwMjAxNDVaMCEC +EH6HNuQJ3ZBNq1MsJWNCfbUXDTEyMDEwMzEzMjY0NFowIQIQK/cusU5VhQWm7U56 +qOTu9hcNMTIwMTA0MDAyMzEzWjAhAhAhzt8Z9auSmhTQlnqpdsLiFw0xMjAxMDQw +MDIzNDlaMCICEQCk63S7XDOuU6Ts9iuFra1VFw0xMjAxMDQxMDE2NDFaMCECEEr0 +HZovATxb7+ml/uasYagXDTEyMDEwNDEzMDgyOFowIQIQESckIJ0CVwG079GafbKb +sBcNMTIwMTA0MTgyMTAyWjAhAhAHWcfAvZRDube/3vwQbFT6Fw0xMjAxMDQxODIx +MTRaMCECEEuP/RjNtXrBdUPPpVTAucQXDTEyMDEwNDE4MjUzNVowIQIQYvyKGNt8 +hU7N6e7Y4wuKRxcNMTIwMTA0MTgyNTQxWjAhAhB9OLyCULm8iHoSqpWuEvpTFw0x +MjAxMDQxOTUwNTFaMCICEQCw1ZLo7k67P/LnyHw/gJ2kFw0xMjAxMDUwNDAyNDRa +MCICEQCXDSmYsf/OOVqPl9FPVdCFFw0xMjAxMDkxMTEzMDdaMCICEQDisxU1B/Os +7Vi4t9Nl/+twFw0xMjAxMDkxNDU1NDBaMCICEQD3Sr/I6Fb+E0mK4S+W6YcEFw0x +MjAxMDkxNTM3MTRaMCICEQCCjmB5dMa4ppM+nZ+dZae3Fw0xMjAxMTAwNDU3MTha +MCICEQDa+FURdWL43PoCo8F216SaFw0xMjAxMTAyMzI0MDBaMCECEEVdEg0UBdd+ +0vzb8cg8h/sXDTEyMDExMTAxNTc1NVowIQIQTQBdada+vJlqyoNl7ZC4iBcNMTIw +MTExMTU0NTM0WjAiAhEAyLZd7opwWHvP1k3vC7/PcRcNMTIwMTExMjAzMTI5WjAi +AhEApxNNuorkSpWRFYZpVAyXWxcNMTIwMTExMjEwMDQ4WjAhAhB3gcESHvazEUDp +vxojZXCHFw0xMjAxMTIwOTE3MzdaMCICEQCMrRz/eWjv8daOlakZpu6cFw0xMjAx +MTIxMzUxMDlaMCICEQDR0I4bPSlGUWcnkd+LqehbFw0xMjAxMTIxOTE3MDlaMCEC +EEK/Z+BYQFUsbEuo48h1R9QXDTEyMDExMjE5NTI0MlowIgIRANiAQK1kVBvQg8BX +V2tkVFoXDTEyMDExMjIwMzEzOVowIgIRAJ9qb6WxopFwemAeKfwPWDMXDTEyMDEx +MzIxMzE1N1owIgIRAKWavA75HHUewVJgU/OxRRoXDTEyMDExNTIzMTUzNVowIgIR +AKvGAdLRF+ZimN2DXB/eYusXDTEyMDExNjE2MjI0MlowIQIQeRihJqo58RNwAgZH +hzx9fBcNMTIwMTE2MTYyMjUxWjAhAhB4nmHzXm4/V20ZJwLH6QucFw0xMjAxMTcx +MDAyMTRaMCECEHmvXuhsjIyMc9MDmENC+BIXDTEyMDExNzEwMDIyNVowIQIQSNNF +UUNF4824kCYBBSzPcBcNMTIwMTE3MTY1NDA0WjAhAhBmPRbKLU6ac5uv4cXYNjZo +Fw0xMjAxMTcyMDAwNTBaMCECEC18T0Hs41ALFtf/k1hGt7cXDTEyMDExODA3MTEw +NFowIgIRAJ+b028sLpxoS4qasYsRbeMXDTEyMDExODIwNTE1NlowIgIRAKiOGPee +1WOQdhquA/4z63YXDTEyMDExODIxMDIzM1owIQIQMgzuomVJ9aBprE6Q9PBmdhcN +MTIwMTE5MDgzMzU5WjAiAhEA5lv5qZv2me/iIHwWFAPD5hcNMTIwMTE5MjAwNDAz +WjAhAhAj5jdpG9LOrWgeVuTKSFrrFw0xMjAxMjAwMDU5MzRaMCECEHlMwsWWlgEs +8/KthivzXM0XDTEyMDEyMDAwNTk0OFowIgIRAOtSN0BQY08ZPhaQyLhKeJUXDTEy +MDEyMDAxMDIxOFowIgIRAINi8WAzfVDGU8ZZpLPHTiwXDTEyMDEyMDA1MjAzMFow +IgIRAOZO8rW2Uo2sREfzh3o8BocXDTEyMDEyMDA1MjE0MVowIgIRAOmTAPupkuOq +Sp1KlzNWdNMXDTEyMDEyMDA3NDMxNlowIQIQSV6niEvqnnKHAkmGlD5wZxcNMTIw +MTIwMTAzODA3WjAiAhEAu8+IO4vU7tB6q+NoM9eYBBcNMTIwMTIwMTM0NDMzWjAh +AhB0cVa7elV9w2r6WN7OtyN4Fw0xMjAxMjAyMDAzMzRaMCICEQDMDhWrz2oZFy/q +TPXuzDfkFw0xMjAxMjIxNzM4NTdaMCICEQDyahpgOamhT5xXzA8PbWY0Fw0xMjAx +MjIxNzQ3NDFaMCICEQCxN/kbO+WxJnHRd3ln1RxMFw0xMjAxMjIxNzU3MDRaMCEC +EAOxXuZRt1RTKFW4/+09KO4XDTEyMDEyMjE4MzM0NlowIQIQUIY9H11t94rP3R3H +a++8qxcNMTIwMTIzMjEwNDI3WjAiAhEAzkAqQBfHa+ttwXNxdNCQzBcNMTIwMTIz +MjEyNDA3WjAiAhEAum85bX95ATTe8dmVoG85dBcNMTIwMTIzMjIyMjM2WjAhAhBv +vo3FvxG9Uwkc0GvSo8tIFw0xMjAxMjMyMjIyNDRaMCECEA5lFnvMDs1zhig0NBnR +Rl8XDTEyMDEyNDAwNDk1MlowIgIRAJLkzfDRyfFqq3HrbxN0gekXDTEyMDEyNDEy +MzM0NFowIgIRAPpcZJYr6JDY9i0Tpsoz1QYXDTEyMDEyNDE1MjAzMVowIQIQBhDE +BZx+jW8RREZyzBtT8RcNMTIwMTI1MTgzMTQwWjAhAhBczXjcv3oKVY3Gs8i+OoXx +Fw0xMjAxMjUyMjAwMDNaMCECEBpbEKKGKXu1YYD3j5NQhfEXDTEyMDEyNTIyMzQz +OFowIgIRAJckAw0kOjBtheHxDIaFy38XDTEyMDEyNTIyMzUwOVowIgIRANwFrr8O +iqOhSDLwjDxn2OcXDTEyMDEyNTIyMzUzMVowIQIQbltZmSBtMQs80zERNEejyBcN +MTIwMTI1MjIzNjAyWjAhAhBD4DofRZU9FrNQhyXN5mPCFw0xMjAxMjYyMTQ4MDha +MCECEBrYm5EIS+pTzIqqxPwbFcIXDTEyMDEyNjIxNDgyOFowIQIQNn7Z3HHFbPpR +P6vpGa6F/xcNMTIwMTI3MDAzODIzWjAiAhEArfTSTljxXbTlsM/PZ6qvohcNMTIw +MTI3MTUwNDMwWjAhAhBc6GZV6mnA9TwityLMr/iiFw0xMjAxMjcxODIwMThaMCIC +EQCm0/OAOY0nPqC27Ej5GvJ3Fw0xMjAxMjcyMTEzMDRaMCICEQD6hZpXGI2QgTq9 +H2vUlmArFw0xMjAxMjcyMTEzMTBaMCECEDwt4Pz/Hg3iEbIB9VDNyRkXDTEyMDEy +NzIxMjY1MlowIQIQWMTNJWcYHnhtXF97qo8QohcNMTIwMTI3MjIwOTU1WjAiAhEA +0IDEYI+/PEykQGH2gMt3dxcNMTIwMTI3MjIxMDA5WjAiAhEAr+r4yazJtTgeOZqT +SgUL0BcNMTIwMTI3MjIxMDE3WjAiAhEAicxETV6GCnFwN6NSnyewXhcNMTIwMTI3 +MjIxMzI4WjAhAhBh/r5vZ5jmNFYFk9JXeZ2gFw0xMjAxMzAxOTIyMTZaMCECEEkq +USUJDVP5yiBnbean1tAXDTEyMDEzMTE0NDEzMlowIgIRAJh/2AyrwY6Br1j1oSuK +wP0XDTEyMDEzMTE5MzA1OFowIgIRAL/Syr+XONFRv2Mk0cFXbn0XDTEyMDEzMTE5 +MzExNFowIQIQadq6ZbBefIwdi9oLJcvnqhcNMTIwMTMxMTkzMTM2WjAiAhEA7yo6 +nYZedsY1WSaE8j+7rxcNMTIwMTMxMTkzMTQ5WjAhAhAIz19EkYv1dwGy4jhDyPu+ +Fw0xMjAxMzExOTMyMDZaMCICEQD1unTzXLCW4sbHNj4SIcoOFw0xMjAxMzExOTMy +MjFaMCICEQD+7gT9T+evss7RjHtoh002Fw0xMjAxMzExOTMzNTNaMCICEQCmXhcw +jMsNsbmsr4ccUaR3Fw0xMjAxMzExOTM0MTFaMCECEDUdI4bnNHIXDGKjt+OHIMIX +DTEyMDIwMTE2NDY1MVowIgIRAIik6Ka4L2jguueIWMk2yZQXDTEyMDIwMTE5MzAw +NVowIQIQHaFp9SoMOTZU074xZy5xCxcNMTIwMjAxMTk0MDEyWjAhAhBUzUJkIPBg +WsZNcQMaM+jEFw0xMjAyMDExOTQ2NTVaMCICEQDsp8Hg0aTP6NgTPJOYTOodFw0x +MjAyMDExOTQ3MDNaMCECEEa9Ykl8om7/1jDD5GCQHhUXDTEyMDIwMTE5NDcxMFow +IgIRAMuZGqPrS7cZZS/8bO0HAbwXDTEyMDIwMTE5NDcxN1owIgIRAOXm/Uu7Au+q +4Vp/dgIZ8GEXDTEyMDIwMjE0Mjk1M1owIgIRAKjlzEY6UdY7VuVYMa8wrZQXDTEy +MDIwMjE4MDcxMVowIQIQc9CJ7PQ7LKbkb7YeADimoBcNMTIwMjAyMTkzOTE1WjAh +AhBAuuLHJgjrByrcrouGoEwLFw0xMjAyMDIyMzE3NDdaMCECEGTP9f/FoOmJ76m4 +tKaq7g8XDTEyMDIwMjIzMzMwMlowIgIRANlJobMxM4Ogf3SHuLNqyDQXDTEyMDIw +MjIzMzQyNVowIgIRANPymihh0Dj0L/L7w2kGnEgXDTEyMDIwMzEyMjMzOFowIgIR +AL7aPC+ZMZuNX0LQ/FWxkeIXDTEyMDIwNDAwNTYzM1owIgIRALcAWBPZWjmif/JQ +6q77o1EXDTEyMDIwNDAwNTY0MVowIQIQVPsOWAgR6UlgUOcxKjsK/BcNMTIwMjA0 +MDA1NjQ5WjAhAhBAa/2FAftc1Ytfi/t/X6kgFw0xMjAyMDQwMDU2NTZaMCECEHfO +k6xymCuoynwaqRte88cXDTEyMDIwNDAwNTcwNlowIQIQZaqmW8pjTMXtwDnnTzYP +7BcNMTIwMjA0MDA1NzEzWjAhAhBd0ZDFrMPFvrqc2HZ3Hh3hFw0xMjAyMDQwMDU3 +MjBaMCECEC+rOYusxjISzLRCCz6XVgYXDTEyMDIwNDAwNTcyOFowIgIRAJqXWXv/ +uDbiRPp7GYN5IRoXDTEyMDIwNDAwNTczNVowIQIQQElbhrBPuYxvlK1cLwCCLBcN +MTIwMjA0MDA1ODA4WjAiAhEAoiSPPvE2DKD2JZaVQ1NKExcNMTIwMjA0MDg1MTA0 +WjAiAhEA4DpM/M3rU+1Vd8Bgvm8vBBcNMTIwMjA1MDIyNzMxWjAiAhEAyNevf0ax +S7fNrh6A4eg8vBcNMTIwMjA1MTczMjUyWjAiAhEA8fR9SIQ0DSNVlt+Lb2V+6BcN +MTIwMjA2MTcwNDU1WjAhAhBLbdDYam36h/rYzv5lf4yDFw0xMjAyMDYxNzA4MzJa +MCICEQD1gTdWYOM3JvTPZAf3PT3vFw0xMjAyMDYxODM1MTdaMCICEQCdKsHVCDqu +D44eedVCGU9wFw0xMjAyMDcxMTI0NTNaMCECEHXjuuAxOrw0MixMJrdsrwQXDTEy +MDIwNzE3MjczOFowIQIQfVhygTvd0aspOyQTE5p4WxcNMTIwMjA3MTkxNTA3WjAh +AhArapmcynr6Tw+s0ZpuHMnmFw0xMjAyMDcyMDUwMzBaMCECEGRDvi8Im9YRIE9i +OPPg56cXDTEyMDIwODAxMjIyN1owIQIQG6j6soWdAyWxNTAKzNYW1RcNMTIwMjA4 +MTU0MTQ0WjAiAhEAtMsY1WpfGboi/l8GWFky+xcNMTIwMjA4MTkxMjUzWjAiAhEA +wEfeUynj7HykZ6cRT6TfxhcNMTIwMjA4MTkxMzQ5WjAhAhAfG3IzX9fhzMOW/0bR ++haXFw0xMjAyMDgxOTE0MTZaMCICEQDCCk9uC7ErfNi6KQbrhOd0Fw0xMjAyMDgy +MDQxMzVaMCECEEiAndC6y2XKEpO2dzp+EZ4XDTEyMDIwODIxMTIxOVowIQIQVqrg +TylzJiCByf4fGB22WhcNMTIwMjA4MjExMjI4WjAhAhBHMVqtm7LUVre2sj1EncD4 +Fw0xMjAyMDgyMTEzMDBaMCICEQDcuRyL0AI79HtCZz8/XrMdFw0xMjAyMDgyMTEz +MThaMCECEB971HUIdRRkGYsqUwwu0u4XDTEyMDIwODIxMTMzM1owIgIRAK9yzQg/ +unOqI9F4v0knEmgXDTEyMDIwODIxMzUxNFowIQIQUAcZL9pwMgJ3uAwgZABuFhcN +MTIwMjA4MjEzNTM4WjAiAhEAnMF2lsDYURfwRN87HSQdEBcNMTIwMjA4MjEzNjAx +WjAiAhEAvk4MEI6wZ4PO/w4eAEXCIxcNMTIwMjA4MjEzNjI4WjAhAhBvOa+Dtz/4 +YZJaV9MgzvUUFw0xMjAyMDgyMTQ5MzZaMCICEQCAgPLV4YRscJw7wNF2R1qaFw0x +MjAyMDkyMDMyMzNaMCECEFno8te8bO9b08AZ4wEbNn4XDTEyMDIwOTIxNTc1Nlow +IQIQALzAz4q8rWvj9C3orJzuSRcNMTIwMjA5MjMwNDMwWjAiAhEA5bfmiZIF1Dn5 +b7s2G6qttxcNMTIwMjEwMTI1NzQ1WjAhAhBqr/U3agYKOimfeq0E59ZQFw0xMjAy +MTAxMjU4MTBaMCICEQD7NXumkpsudEsUsbK0K8uDFw0xMjAyMTAxNTU2MzJaMCIC +EQCyBKsJpVfcLIrxiDTAay9nFw0xMjAyMTAxNzIzMzZaMCECEDBu7nWVgE3mEWab +rPcBt4gXDTEyMDIxMDE4NDQ1OFowIgIRAKNCwRXaMFeyxbO5dTYz8yoXDTEyMDIx +MDE4NDk0NlowIQIQK54/2+40jnxKtf4UdroXOhcNMTIwMjEwMjMyMDM5WjAiAhEA +xAv4jJyaDt/qHhO9vzEfvxcNMTIwMjEzMTMyNTMzWjAiAhEAnxN7eaTCayCph0kk +3DyqBxcNMTIwMjEzMTM0NTA2WjAhAhAlByWtJIZLeJU7JLLNO+8LFw0xMjAyMTMx +NTI5MzNaMCECEEGa60hAFvKbU4Ce82P5NJUXDTEyMDIxMzE2MDkxMlowIQIQeTs5 +qNTQott+Y1F8GAO9iRcNMTIwMjEzMTg1MzUxWjAhAhA+4NSr/HBZi62CQA1Xz1j3 +Fw0xMjAyMTQxNTA5MTRaMCECEEHTmHVJ7PREHH8SD2ehHFYXDTEyMDIxNDE1MTUy +MVowIQIQdV7yhQcsmRJvdFWZhINuGBcNMTIwMjE1MDI1NjA5WjAiAhEA2PLczeuA +cDpwcMznENtaFRcNMTIwMjE1MDI1NjQzWjAiAhEA66EkSv+BYvS+iqWDebx65BcN +MTIwMjE1MTU1MzAzWjAiAhEA8feSGlzLizHHYSIqr5erwBcNMTIwMjE2MTI0OTMw +WjAiAhEAj7wA1penz1CnIAHUCPKFPBcNMTIwMjE2MTU1NTE0WjAhAhBYmVQme/lq +c8aRTFkCHEWsFw0xMjAyMTYxNzQ1MTZaMCECEDdSWBYhc8SuvfuYNpiY1J0XDTEy +MDIxNjE4NDUxN1owIQIQf+99NgtC7BDRyO+6NprxiBcNMTIwMjE2MTg0NTMzWjAh +AhALYoWUpcVZ5s9rt8C/DPuqFw0xMjAyMTYxOTQzMzVaMCICEQC+SpfWFdLknhvy +WJwXRzIhFw0xMjAyMTcwNTU4NTNaMCICEQC1EGM4P+xEL93GK22bb1xxFw0xMjAy +MTcyMTEzMzlaMCICEQCz5QodnydARY3pKZXm7wx6Fw0xMjAyMTcyMjI5MDlaMCIC +EQDvzMYl0fE8QwnSCKEezrvTFw0xMjAyMTkxODMyMjdaMCICEQD/WIVbTMq26cLI +pEU+EL6vFw0xMjAyMjAyMjM1MzFaMCICEQCNEuDarKCtFI4IszpBlHctFw0xMjAy +MjExNDI1MjRaMCICEQCC1ziSdhWzzEzExjca/1+bFw0xMjAyMjExNTQ1MDFaMCIC +EQCGxaVZXpf7DTHhx+tLySJgFw0xMjAyMjExNjIxMDRaMCICEQCmV5RzOa3f4sr6 +ly85HYRSFw0xMjAyMjEyMDA0NTFaMCECEFY+bRM/HkSsh0asYFv02nwXDTEyMDIy +MjExNTIzMFowIQIQcbSS9LnZtDrLhzHznjrUMxcNMTIwMjIyMTYxOTAxWjAiAhEA +zb/K0r6AxqqGwfEKe805CBcNMTIwMjIyMjAxMzE4WjAiAhEAw0eniCDwkGYSqQ70 +vzgp4BcNMTIwMjIyMjA1NDQwWjAiAhEAhfFwleRuj98ILIUQzr89SRcNMTIwMjIy +MjIxMDAyWjAhAhApM2xLzOK88b/IsSJNQlAsFw0xMjAyMjIyMjEwMjZaMCECEBcf +zHKcONP9FdQwcq+GIl0XDTEyMDIyMjIzMTEyMlowIQIQBKIrNSDzSz9TJM0pwmPv +fxcNMTIwMjIzMDkyMTI5WjAhAhA04bFakcdEOh8UEtX/mVXaFw0xMjAyMjMxMjM5 +MjBaMCICEQC/PQUavR6yObm6e6vGVixeFw0xMjAyMjMxNTI0MjlaMCECEB7P+36z +LazLQMwPMqwfwT0XDTEyMDIyNDE0MjEzMVowIgIRAMBgpuYrOujLMRKwiYjC/nUX +DTEyMDIyNDIxMjAyOVowIgIRAN2TRJ3DxpZL9YT9ZFgbQY8XDTEyMDIyODA1NTcx +MFowIQIQKpUM5yP1AEP2WGGt4qWInxcNMTIwMjI4MTAwMjUxWjAiAhEAyfsq7d6U +4MRClTjZKsuH6BcNMTIwMjI4MTMyODQ4WjAiAhEAxzNhl6KxqPP3mXpXZnceQhcN +MTIwMjI4MTYxNTAyWjAhAhAp+75Eum+mOwMYI14dwLyGFw0xMjAyMjkxMzMzNDda +MCECECuGPZcmk5HjbUWuAwbWhj8XDTEyMDIyOTE1MDY0N1owIQIQfpyJElH2CWGv +r5Hyw5QdxhcNMTIwMjI5MTgzNjE2WjAiAhEAocnfyrnuqgicUCxvcSF/FxcNMTIw +MjI5MTgzNjM0WjAiAhEAyw8Z0F0pzZBf/TDj7y9SQBcNMTIwMjI5MTgzNjUzWjAh +AhAi/AqeYzpl7Bh/hHj9RePqFw0xMjAyMjkxODM3MTFaMCECEFhQnkTJQ762E/hZ +LXPEjY4XDTEyMDIyOTE5MTQ0MVowIQIQGHAKta7Upj33bBoh27xFIhcNMTIwMjI5 +MTkxNDU4WjAiAhEAq0G58DkTrF0uQ2vq8wqOdxcNMTIwMjI5MTkxNTE2WjAiAhEA +u3gr6rYpAAMBP20B/CUcCBcNMTIwMjI5MjI0MjM2WjAhAhBQUTHE5vXjn/cuwqD0 +5JIeFw0xMjAyMjkyMjQzMjFaMCICEQDZPKm0u8X6+2uMQowk1ZKpFw0xMjAzMDEx +MTQwMTZaMCICEQD+1JQP9jz3AVQQcVddGNBWFw0xMjAzMDExMzUzNDhaMCECEDsu +NfqmGN3VM/cHp/Yhd54XDTEyMDMwMTIwMTQ0N1owIQIQBllPP7d0x98f+bwxFDC2 +LRcNMTIwMzAxMjAxNTEwWjAiAhEA34UdXdp+QVP+mmT3PUT86hcNMTIwMzAxMjA0 +ODM4WjAhAhBNE6+qyAp+zO6J4OvMK0YRFw0xMjAzMDEyMTQwMTVaMCECECXXEYQH +S93Tg2jTjYnU2BwXDTEyMDMwMTIxNDAxOVowIQIQZHsuuWswlQltaMxBOSkhdxcN +MTIwMzAxMjE1NDEyWjAiAhEA1w8NeCVIvBEO/Vr5teFQZRcNMTIwMzAyMTEzNTQx +WjAiAhEA1DUVuiWJef/r1lf4K8BgrBcNMTIwMzAyMTQzMTMwWjAiAhEArAsEWK6A +G/0QYt+ZWxMkmxcNMTIwMzAyMTc1MDQxWjAhAhB5vlBrjeuThETP/eDU1EWSFw0x +MjAzMDIxODIwMDlaMCICEQDSFCAN6SOAod5W/C5Im7J/Fw0xMjAzMDIxODI3MzJa +MCECEHCmoZkgEKCahW6cQx694BcXDTEyMDMwMjIwMDUyM1owIQIQKnJibmquUj/U +JgYX1v/K9hcNMTIwMzA0MTUwNTM0WjAiAhEAnrfTtTqYj9b1Wh8hjXZADRcNMTIw +MzA0MTUxMTQ0WjAhAhBER/hK1NA0/MQMpyKVogOPFw0xMjAzMDQxNTEyMDVaMCEC +EElgthA/ZLERKox2uXevAycXDTEyMDMwNTA4NTg1NFowIQIQbHLioZG3q96ay3T9 +CPRU6BcNMTIwMzA1MTUxNDI1WjAiAhEAt1rumUlwv2SyR8oCOHikUhcNMTIwMzA1 +MTkyMTU1WjAhAhAGb5fg6HZq9TQvjWpJb3QHFw0xMjAzMDUxOTMxNDNaMCICEQCE ++BoGOofhOH/hj07K3q+IFw0xMjAzMDYwMDAyMDVaMCICEQC8DR1nhIWz1MjnLVNZ +LgH9Fw0xMjAzMDYyMDU3MTJaMCECEBF9z8e0eEA700abABm2WsgXDTEyMDMwNzEx +MzgwN1owIQIQftIYFuLybAaaIwPSjixrURcNMTIwMzA3MTUxMjAwWjAiAhEAxWjs +tK3x4sc0c4yDUFFwvhcNMTIwMzA3MTY0MjMzWjAhAhBN9kVxBOcl3YfndDrLannA +Fw0xMjAzMDcxNjQ5MDVaMCICEQDJRGvueMm+OZyemQj4lb2OFw0xMjAzMDgxNDQ1 +NThaMCICEQCPjY15jr/uPa/jgQxzzNRzFw0xMjAzMDgyMTExMDRaMCICEQCPL9ts +yJvVAQRifRYUx5nKFw0xMjAzMDgyMjEyMjlaMCECED0r3wQlt+8pncx/NnXjgUsX +DTEyMDMwODIyMTI0MFowIgIRAOjfIB5LlHleIUQ54yh6fIsXDTEyMDMwODIyMTI1 +MVowIgIRAKs71aS+3JIso/3m6OpdN10XDTEyMDMwODIyMTMwOVowIgIRALXBxyOo +RpRv3mLvNILRcu8XDTEyMDMwODIyMTM1NlowIgIRAJ0QOS3eiaj3wrBoTp8oRcwX +DTEyMDMwOTEzNTEyM1owIQIQG46xXnSRWi/SJ3mYEFzKuBcNMTIwMzA5MTY1NTAw +WjAiAhEAmX2QTJ9SqH8mNymrliFVkhcNMTIwMzA5MTY1NTU0WjAiAhEA9mCSDR64 +O0iV/E2aRL78+BcNMTIwMzA5MjExNjEzWjAiAhEAuMkiCVjX4Nv6ggJCr/vQpxcN +MTIwMzA5MjIyNzE0WjAiAhEAy5754KPUM0HMCtvmjxm/MBcNMTIwMzA5MjIyNzE5 +WjAhAhBlffjpHDe/yXcDnIHgCOeIFw0xMjAzMTIxNjMyMzFaMCECEE9sXE2UBglb +/i+NF/hE0FYXDTEyMDMxMzExMDkzNFowIgIRALA8T1AlnjNUCLjgjuALNlAXDTEy +MDMxMzEyMDgwM1owIQIQdV4Uxi5t2v/Krn9xvRkmYRcNMTIwMzE0MTgyMTAyWjAi +AhEAwuYENopd9gkZnnTfBCjM5hcNMTIwMzE0MjAxNTQwWjAhAhA+ussSLWdYiVEU +dM4a1wwCFw0xMjAzMTQyMDIwMTBaMCECECPH4bGRBNg2u+wr89EVGBwXDTEyMDMx +NTE0MTIzOVowIQIQA/qpmTMqvRsvRE9CAuhx5BcNMTIwMzE1MTQyNTAzWjAhAhB2 +axQLhdfRUJ954S9l/fFYFw0xMjAzMTUxNDI1MzNaMCECEFhAqkq09ji08fe80eFF +kt0XDTEyMDMxNTE1MzMyN1owIQIQL0qyzrMgQnPqTkts10QnbxcNMTIwMzE1MTk1 +NzA2WjAiAhEAjdbHQqDv+wU22f52QATC4RcNMTIwMzE1MjIyMzM0WjAiAhEAzrU3 +craoLeb9nlJGlRr0thcNMTIwMzE1MjIyMzQ1WjAiAhEAjdpBJutbZoffhODIkpkz +cBcNMTIwMzE2MDgxNzMxWjAhAhBAGTV/PJMguhPlSdEwOHBMFw0xMjAzMTYwODU5 +MDNaMCECEH2dMIqXLYDQeE2cq3iPggMXDTEyMDMxNjE1MDQwOVowIgIRAO/Ld1vM +3MPIbmP/6jiyOCwXDTEyMDMxNzEwMDQ0MFowIgIRAPF2/VYvVXAPfd4bnT+GWLMX +DTEyMDMxOTA0MjA0NFowIQIQQcdD6zDpy4zXI/vyUMIn7hcNMTIwMzE5MTEzMjIw +WjAhAhBI1/SLIMgSIXpTRq5ej/J7Fw0xMjAzMTkxMzM4NTNaMCICEQD67B8oXkxY +ubajwxYH0ODEFw0xMjAzMTkxNzE1MDFaMCICEQDoDxyq4IbR9WMFN7YCtkJBFw0x +MjAzMTkxODAzMTlaMCICEQCY4atIxVH+WUnhwBF4NWNvFw0xMjAzMTkyMTI5NTBa +MCICEQC8xRh8MCk9P2x6Lokf/oYDFw0xMjAzMTkyMTMwMDRaMCICEQDSI0NNhrvH +t6J+vTAdv1ltFw0xMjAzMTkyMTQ3MDJaMCECEF9X6kcfMThvf8c/jd5uf4IXDTEy +MDMyMDE0MDIzMFowIgIRAPTCw4nWdC6f7wnw9utcqoQXDTEyMDMyMDE4MTIxNlow +IgIRAP+9yFXeZ45a7Q6fqT+WgWgXDTEyMDMyMDE4NTM0NFowIgIRANOdOFui98LA +zJY2+JQO6fcXDTEyMDMyMDE5NTIyN1owIQIQOJyDv3Isb8wZqzAuWnkshBcNMTIw +MzIwMTk1MzMyWjAiAhEAutpwUD4eukl3qrl9O6iwVxcNMTIwMzIwMjEwMDEwWjAi +AhEApBoOaaXMvO51TF2nTIsZphcNMTIwMzIwMjExOTI0WjAiAhEA8TD7Az6xNawv +2mGEU7E4CxcNMTIwMzIwMjEyMDI1WjAhAhAt5pAPqWXH8uKAAvWWYt+wFw0xMjAz +MjAyMjUxNTdaMCECEF9ygZFJRL3YCv2p1B0huBcXDTEyMDMyMTE2NDkwNlowIgIR +AOLOXaJtPl6OKkve/CwBCpMXDTEyMDMyMTIxMzMyMVowIQIQISYUxD9C1C7H9hqE +lt+YMxcNMTIwMzIxMjE1NTQzWjAiAhEA8C1ntq5BmVQ2SoKfrW3TuBcNMTIwMzIx +MjMzODI3WjAiAhEAqZdNt6bnuN4/dL4JDVKLgBcNMTIwMzIyMDg0NzA3WjAhAhBi +ilJQsT/DHb05U42LykoHFw0xMjAzMjIxMTM0NThaMCECEBUWrhWEVQeOQTfjQtwn +WewXDTEyMDMyMjE1MTE0N1owIgIRANffYIZCD7OCWrwZMSBQp44XDTEyMDMyMjIw +MDQ0MlowIQIQUl5pODR7W430qnrpva7jtBcNMTIwMzIzMTI0NzUxWjAhAhAEoxjw +tpjIv9k+xKoXFFcNFw0xMjAzMjYwNDMxMzlaMCECEHpQxBb3u8xcSBAsolRjyCUX +DTEyMDMyNjEzMDQwMlowIgIRAMJAxxPNjxTVU4MbP1KC8SoXDTEyMDMyNjEzMDg1 +OVowIgIRAIF4S/epEj12LDNOu38Hk5cXDTEyMDMyNjE0MzY0N1owIgIRAMGRSF9w +h+hUid42inDDhP8XDTEyMDMyNjE3MDM0OFowIQIQHZXYVmfWE7FRAe1QHtaZdhcN +MTIwMzI3MTExNjQ2WjAhAhALTmY1TuIQ7lMKCHwTuETIFw0xMjAzMjcxODA0NTNa +MCECEGJdtOF+Lckz+bbgASACuQYXDTEyMDMyNzIxMjc0NlowIQIQR1ZinS90GJoH +u/vMCo7iDRcNMTIwMzI3MjE0NjUzWjAhAhAoIi+MqBpCDQn3kgTkXFHsFw0xMjAz +MjgwNzI3MjZaMCECEGd512pFuZnR7D8TAxPpj9kXDTEyMDMyODEwNTcwNVowIgIR +AL2Lfzy1/Bk8MNFjgGqY7m8XDTEyMDMyODEwNTcyNlowIQIQCtphNLcE7rsARpQX +kxx+MRcNMTIwMzI4MTA1NzQ0WjAhAhBmyUBVUlQr8C160WJcOBd8Fw0xMjAzMjgx +MDU3NTlaMCECEBYjx/c3lj4RwvxSgeKmXdkXDTEyMDMyODEzNDA1OVowIQIQDVdW +o3BH6wCh5GAA0EjnBBcNMTIwMzI5MTQzMjE1WjAiAhEA3Z6JUemVObHzrtuDkAEF +sRcNMTIwMzI5MTUzNjMwWjAhAhBMbVbc0z3CZriKBokfa3sOFw0xMjAzMjkxODI2 +MTVaMCECEGtUqumU3dI/KmprczjDqBsXDTEyMDMyOTE4MjgwMFowIgIRAMy2GERF +FW9xnSczPb3FXQoXDTEyMDMzMDE1MDEyMVowIQIQOlmYvqwPpUybzsTN47OtaRcN +MTIwMzMwMTgxNzI4WjAiAhEA6DatqymOU6yR7ZV4K90s+xcNMTIwMzMwMTgyMDA5 +WjAhAhArga+GVieYyTZRiUCYk1WdFw0xMjA0MDQwMTAzMTZaMCECEC7AKlfZVOZY +HRRR4kekBmUXDTEyMDQwNDE0NDYxNFowIgIRAIbiks3msm5+erXXbUoH+2gXDTEy +MDQwNDE1MDEyOVowIQIQSGkAoYQwDYQ3aBmgviECXRcNMTIwNDA0MTU1MTA3WjAi +AhEAhFDtuM4f3sgtp9jk5DAIgxcNMTIwNDA0MTY0NTA5WjAiAhEAyr8DW92qAIXe +dx0aGLmMOhcNMTIwNDA0MTgzNTE3WjAhAhA1Nf2sAAP45JcAGPahkg6NFw0xMjA0 +MDQxODM1MzFaMCECEHMGh+kJ1/e0rGSJ7KjbjzQXDTEyMDQwNDE4MzU0MVowIQIQ +QkVqab/qfuYi5IB0e6LPYRcNMTIwNDA0MTgzNTUyWjAhAhBDyOmtMSLtloINEGsn +4vWHFw0xMjA0MDQxODM2MDJaMCECEDaxfa9FrS/KtTJjY004zHUXDTEyMDQwNDE4 +MzYxNlowIQIQSdtfM1N75/7/sGApMfYLCxcNMTIwNDA0MjE1MjM5WjAhAhBDPJd8 +/jm+pAU37glkfDI3Fw0xMjA0MDUxMjQ4MTlaMCICEQDyH/U2obbWxkV+z0mIyJGq +Fw0xMjA0MDUxNTMyMDhaMCICEQD9BrJ1IMF+gCf3JMEwtKyZFw0xMjA0MDUxODAz +MzZaMCECEEfelOuY/i4WDBdwtcdP6ZQXDTEyMDQwNTE4NTIwOFowIgIRALCSWhnt +hqqXXcAyy1EEtj8XDTEyMDQwNTE4NTIyOVowIgIRANhYbvpGCTH0EVxVeWb505kX +DTEyMDQwNTE4NTI0NFowIQIQWYRgaqKq50cY+T9+GT7wpxcNMTIwNDA1MTg1NzM4 +WjAhAhA9vUJ2uIbuyHLi6i7TIYpmFw0xMjA0MDYwMzQ4MzRaMCICEQCapuLNTjzG +Nx0l3flk7vfSFw0xMjA0MDYxNDA2NTRaMCICEQCXh3CuO366/xsVHgfp9Cs5Fw0x +MjA0MDYxNjEzNDNaMCICEQCbip79/GwYwpzjo2l8c7mbFw0xMjA0MDkwNDM4MTBa +MCECEDUShMY8vRW7dVSCxs2UV0MXDTEyMDQwOTA0MzgzOVowIQIQUXyyVhrjHtOb +1t5cNARrkRcNMTIwNDA5MDQzODUyWjAhAhBElj+GVM7emg+ljcaQVn0cFw0xMjA0 +MDkxNDA4NTFaMCICEQC/nr6P6ZQdG1wtRtzpX0yJFw0xMjA0MDkxNTA1MzlaMCEC +EBQKhieY/w1xR2XNSj4iBYcXDTEyMDQwOTIzMzAwMFowIgIRAMii7lOy7hjYVE12 +bQqnmkIXDTEyMDQxMDE1NTkxOFowIQIQcvC1QHe/iHGc5Po8ztZX9BcNMTIwNDEw +MTY1NTIwWjAhAhBQjecnZ1O74Q4E+19yUjk5Fw0xMjA0MTEwMjAwNThaMCICEQCi +cbwX4MLMwBt3mIZ32Ml1Fw0xMjA0MTExNTQ2MjNaMCECEF3VdIQESoiDBs4M2JMw +PBsXDTEyMDQxMTE2NDY1OVowIgIRANCKHNsxiSVzwhU3gDmJ1YUXDTEyMDQxMTE5 +MjYwNlowIgIRALq0nkAMONen0PkT6v0qorAXDTEyMDQxMTE5MjYxOFowIQIQHBvS +p0nWY/jZHltZJTn7dBcNMTIwNDEyMTUzMjUzWjAhAhAT4JYP0ZEnAO7kl32q/yvm +Fw0xMjA0MTIxNTMzMDJaMCECEFn+Y25szrdOm/bX7ckAa78XDTEyMDQxMjIwNDUz +MlowIQIQMkRd9mSNcO5CPrNbVAuA6BcNMTIwNDEyMjEwMDIxWjAhAhBuCETthx9Y +tH6/SFi+7Bq4Fw0xMjA0MTIyMTA3MzhaMCICEQDzuxweW+83O9mX6A/CsW6mFw0x +MjA0MTMwMTUxMjlaMCICEQCHsVmDCWupE8n0M0iItWYYFw0xMjA0MTMwMzI3NDBa +MCECEAVhjcO4NTnJejeGmC671PwXDTEyMDQxMzA5MDc1OFowIgIRAJ1zOi74YXob ++b89bhsfVGMXDTEyMDQxMzA5MzIwMVowIgIRAO7mVa/IE9uRvMSWu/uKxY0XDTEy +MDQxMzIwMTcyM1owIgIRAKSbdYxHnxPxwQUdI7PUAbsXDTEyMDQxMzIwMTgwMFow +IQIQDw5rnhldBMvfBi5ueWsrZhcNMTIwNDEzMjMyNTQzWjAhAhArzfsgCXXH0M8j +ZAxk/aknFw0xMjA0MTYxMjQyMzFaMCICEQDe1QPVJHXpcbHBNM6QkDWvFw0xMjA0 +MTYyMDIzMTlaMCECEE6cDA5154aF3JZLx3T7lpsXDTEyMDQxNzA2MTE0MVowIgIR +ALqpOPRdkwkEub0AouiLE88XDTEyMDQxNzEyMTcyNVowIQIQdbgJqkXbu2wdlBjQ +36CIuxcNMTIwNDE3MjEwOTQ0WjAiAhEAnv1Sr86evoqMury1pWrhmBcNMTIwNDE3 +MjIxMjAxWjAiAhEAmSM2O2xiAS8DLotFaO9xOxcNMTIwNDE3MjMwMzU0WjAiAhEA +1jJVsKWJb0/t5k9h2bt+hRcNMTIwNDE4MDI1MDA4WjAhAhBKiU7ahJFBUtnETxt7 +rS1MFw0xMjA0MTgxNTEyNDRaMCICEQDvewDnOYFNn/HfnGK7z65jFw0xMjA0MTgx +ODUxNTVaMCECEArrDMIjO5vTGVTQ1sPYYLsXDTEyMDQxODE5MDQyMVowIQIQaVhs +YBzKm0Wtf/QsKF1BShcNMTIwNDE4MTkwODIxWjAhAhBICTJL6XX+zLi+Ec+ocrOD +Fw0xMjA0MTgxOTM0MjFaMCECEBr997ly0Ki0YWmgJIiM+lsXDTEyMDQxODE5NTIx +MlowIgIRAPGs7L/rPXih03umMi7CziYXDTEyMDQxODIxNTY0MVowIgIRAIIaxfF1 +MmV+chjXcpB3QLoXDTEyMDQxOTAzMTUxMVowIQIQDuU4F3NlAs22o3H7810WkxcN +MTIwNDE5MTkwMTEwWjAhAhBN2OqN84dqdyArywiUNsPuFw0xMjA0MTkyMjA4MTha +MCICEQCpJ5Yz9auSGmn7OUqNCY+GFw0xMjA0MjAxNDI4MjBaMCECEEigh99Jpvmj +CF3zY9A3zUUXDTEyMDQyMDE1MzkzM1owIQIQZ0jNJqVqzm/F8SiOj9Ty4BcNMTIw +NDIwMTYwNzI1WjAhAhALZHDNQtjUCXiy7v4YsnluFw0xMjA0MjAyMDM2MDlaMCEC +EBtBVz6JkU62tp0SyDDVc18XDTEyMDQyMDIwNDg0N1owIgIRAIJZVcWe2taFWA1F +1eW8HPUXDTEyMDQyMTIyNDE0N1owIgIRALJomgQct1OqQ2Qtx1YLuz8XDTEyMDQy +MzE0NDcyOFowIgIRAK2zzBKVboFa8xbNzCtIAi4XDTEyMDQyMzE0NTYxNlowIgIR +AOkL2wQh6DZdtHRq2cZ5pO0XDTEyMDQyMzE1MDEzOFowIgIRAPglVsG1OgUc0MWf +BUgFqSYXDTEyMDQyMzE1NTM1OVowIgIRAPgdCf28XepnIuRUx8ckZWQXDTEyMDQy +MzE2NTgzNFowIQIQemRkBktaoA54QnHAzyd5cxcNMTIwNDIzMTcwMjQ4WjAhAhAV +MBnFFy5VUU9SXzV5vGXkFw0xMjA0MjMxODE4NTlaMCECEB+tRaN+3SvsAKpqdVOH +XgsXDTEyMDQyMzIxMjQwOVowIQIQJ7ERXVmTsAdEW8pwtgWcFhcNMTIwNDIzMjEz +NDAyWjAhAhAEX87tPz8XniX1kWiYBdseFw0xMjA0MjQxNTI1MDFaMCICEQCF/SY5 +ICPFUStGjfesvbQSFw0xMjA0MjQxNzE0MTZaMCECEAfej+GIQ6NPrzoNB15Don8X +DTEyMDQyNDE3NDkxOVowIQIQAxdtp4xR5J7fkYN/GWhRqBcNMTIwNDI0MTc1OTM1 +WjAhAhAFIhf6rbBUR+nGhOyWlBDyFw0xMjA0MjQxODAwMjlaMCICEQCOufFMhf9U +MyU4VScitld7Fw0xMjA0MjQxODAyMjBaMCICEQD6ULn3x8dKECeFAxOWJKg2Fw0x +MjA0MjQxODAzMThaMCECEDo0GXWHXjY2GZSz/VBgDM0XDTEyMDQyNTE0MDc0MVow +IgIRALidk4bD2BXDxseUqIhglxUXDTEyMDQyNTE0NTQxOFowIgIRAO2658o4Y74b +FW4XMnDnn3kXDTEyMDQyNTE0NTQyOFowIQIQSdCBeQGIT9cs4nCx/33OohcNMTIw +NDI3MDgxNzE1WjAiAhEAh86TIN3VUSRczb0XikHNyhcNMTIwNDI3MTAyNTA2WjAi +AhEAqsJ96CX0UiKH4JsFXcx8BRcNMTIwNDI3MTIxNDQ3WjAhAhAMRH5JNKpRSU3m +9TUbJtjSFw0xMjA0MjcxMjE1MDNaMCICEQCdGBhTdc7Kf2qUJax7CT0pFw0xMjA0 +MjcxMjE1MTdaMCECEDhc+VPw4fHyYLwVl12z2DoXDTEyMDQyNzEyMTYxMlowIgIR +AIj673Pym3RRXIqdQlOBLUgXDTEyMDQyNzEyMTc0NFowIQIQe7vzjRXPZiJLTo8S +zt24hBcNMTIwNDI3MTIxNzQ5WjAiAhEAj9t18dSQD3yG29imaQSqiBcNMTIwNDI3 +MTIxOTAyWjAiAhEA4IbphuPTv7kfAQKjZm5pXhcNMTIwNDI3MTIxOTA4WjAiAhEA +4sMMdZf/ltUI2SEAxjvuqBcNMTIwNDI3MTIyMjA1WjAiAhEAk3xpp+GiDPOhQ0Xd +1gjFWBcNMTIwNDI3MTIyMjE2WjAiAhEAqjf3Ac7OeE3LXEyQdv5q9BcNMTIwNDI3 +MTUyNjI2WjAhAhA+2ym8s1vQbhk7O/WjhM0UFw0xMjA0MjcxNTQyMzRaMCICEQDq +Bx3kJbNIaYdI5Y7/QlruFw0xMjA0MjkxOTU5NDJaMCICEQDZCYcUwe1IvqODXRxf +v70uFw0xMjA0MzAxNTA4MDhaMCECECp3aEUSWBXemw3WnmJqPrQXDTEyMDQzMDE3 +NTkwM1owIgIRAOI9fsJaeW4KWREVbzigc4AXDTEyMDUwMTE1MjAzNVowIgIRAKyS +lJ65rUvuf8T+e5ZNcb8XDTEyMDUwMTE1MjQwOVowIQIQEReIXQpEXzLT72zqOA/+ +0hcNMTIwNTAxMTUzMzA0WjAhAhByCZbTtJMzEhxDUeRUZz5LFw0xMjA1MDIwNzE3 +NTRaMCECEHlCi4tJsBQTZ4RXLjHxUTIXDTEyMDUwMjA4NTQwOVowIQIQR4FCJqmm +M8VECWCMYFtwFRcNMTIwNTAyMTkxOTI2WjAiAhEA5feYcYzSJ9dC9Ma4zfCjiRcN +MTIwNTAyMjAzNzI5WjAiAhEAlJ/bnP3l0V9b1vGMO6WrZhcNMTIwNTAyMjA1NzI4 +WjAiAhEA41nZycAhYDa4lnzggHGbOBcNMTIwNTAyMjI0NzU0WjAhAhBXahi1lPOs +pH/TSB8eJ+SeFw0xMjA1MDMwMDM4MjFaMCECEG0qQH+khpOh1mtEuSK9ydgXDTEy +MDUwMzE0NTgyN1owIQIQMm75KxrLHwebDg3wpIIY8RcNMTIwNTAzMTUwMDM4WjAh +AhADKS/R+m1tWQuhZs1TxuGgFw0xMjA1MDMxNjE5MjNaMCICEQCuSpWyXsYqGJpz +VDQ7+6q0Fw0xMjA1MDMxNjQ1MjRaMCECEDuyUSXMadOL2mrwgNpUvsMXDTEyMDUw +MzE4NDkxM1owIgIRAKGDZ1KS29SZJp0SinYXu2UXDTEyMDUwMzE4NTIxNVowIQIQ +ROHuRj7OR35qjtJQYi3aPxcNMTIwNTAzMTkwMzU1WjAiAhEA4hxUOTeFv0Nxn488 +axsGpRcNMTIwNTA0MDYwOTU0WjAiAhEAzfdnTANqyFAJ6qUABwNKFRcNMTIwNTA0 +MTYwNzE0WjAhAhA2Sz5n6tgbGUKFQjHVI4cRFw0xMjA1MDQxOTE4NDNaMCECEE1x +N4vTTuGH8Lt9CVWsjiAXDTEyMDUwNDIwMDgwM1owIQIQYAeLMBhT952suRU68R13 ++xcNMTIwNTA1MTIzMzI3WjAhAhB+K1xMVHPGvY2tK2yskSyIFw0xMjA1MDYxMDMz +NTFaMCICEQD3HZGkery+xZybo1A0huwKFw0xMjA1MDcxMzE0MjNaMCICEQDZMBVq +sYInku1yNqt3+eZkFw0xMjA1MDcxNTA3NDRaMCICEQDHpYQsBEVZ8I4EU6re1phs +Fw0xMjA1MDcyMDMxMTBaMCECECjVvrbPJfmdcNfl6Z5ltGMXDTEyMDUwNzIxMjIy +NVowIQIQSC/iIL22kdLNoBJABPUc9hcNMTIwNTA3MjM1MTQ3WjAhAhBBkDbziH2z +BVna/2G90qzUFw0xMjA1MDgxMjMwMzVaMCECECHN0kSPiTy2DTntiR4qUXMXDTEy +MDUwODE0MzIyMFowIQIQQn30gQcO22A14x7Df2+uUxcNMTIwNTA4MTYyOTI5WjAi +AhEA5p80YqMWD2EELOf53h6jBBcNMTIwNTA4MTkzNDM0WjAiAhEA6LIgZn2gLf1u +iXUVPNJBmRcNMTIwNTA5MTUzNzU0WjAiAhEA3wzpE06tdSbijmkAl9kO2RcNMTIw +NTA5MTU1MDE2WjAiAhEA5UTHRBpwJnfmXGUk/ULmIBcNMTIwNTA5MTkyODM4WjAh +AhBc8dodcm6hv5VZEVUDPBWnFw0xMjA1MTAxMzI2MDVaMCECEGwr8YY2MtYkpFbZ +NXEns7UXDTEyMDUxMDE0MDIyOVowIQIQSTbmtOKKrqkAcUnOmrS/qRcNMTIwNTEw +MTUyNTU5WjAiAhEA062JdMwl6DcF4fzEMsq/hBcNMTIwNTEwMTczNTIwWjAiAhEA +21gdBPLrnZJVYKjrbNmZSBcNMTIwNTEwMjIxNDQ4WjAhAhAcGv3H38nVJicVDad6 +V1PnFw0xMjA1MTAyMjM2NTFaMCECEAlI5BwNuYKisHQp+E4xHgUXDTEyMDUxMTA3 +MjQ0NlowIgIRAKYHRCSKzNnjdd1LZ5PKfhkXDTEyMDUxMTEyMjEwN1owIQIQIare +XnDvW5ntIDw9RKNIaxcNMTIwNTExMTM0NjMyWjAhAhAyHkvhWLqh1Pek0dypttyd +Fw0xMjA1MTQwODU0MzFaMCECEE/E1TfkE1SgnSWnmhXvcxAXDTEyMDUxNDA5MTA0 +MVowIgIRAJvZFSsh2vI2ev8wb2gCUTUXDTEyMDUxNDEzNTYyMFowIQIQJ6tT+t+w +J5ANuD9bAKUphRcNMTIwNTE0MTQyMjMxWjAhAhB6UfJ3tXjE02/IB80bAwv+Fw0x +MjA1MTQxOTM1NTVaMCECEESIjthcnrz2Df78H9ubNbcXDTEyMDUxNDIxMzYyMlow +IQIQPQaoPX/Cvw+ZDDMbtJQM2BcNMTIwNTE1MTMxNjM3WjAiAhEA/Fcwmt/PYnxQ +uxuFUpzjVhcNMTIwNTE1MTYwNTI5WjAhAhANnvoaBIUI2/GG2xUs18dAFw0xMjA1 +MTUxNzM2MDFaMCICEQCTMqiAAfpMK37DzIdO8d2yFw0xMjA1MTUyMTAxMDBaMCEC +EBtVhplYOjL/ld73hpDTKzIXDTEyMDUxNjAzMTgwMVowIgIRAOuWcbPfEv4fup4B +RrYQqXEXDTEyMDUxNjA1MzA1NFowIQIQEbq7XY56yYw7OVI+nbYEuBcNMTIwNTE2 +MDUzMTUzWjAhAhB8J6muKYq70/GG275IYZKTFw0xMjA1MTYwODE3NDhaMCICEQDA +OobQqlD147kL7gARdmQ2Fw0xMjA1MTYwOTIzMTRaMCECEB5NS9aEbu7tKJRj8g5b +2p8XDTEyMDUxNjEzMzg0MFowIgIRAMlFPVzLGsqv55VjwIEmt5EXDTEyMDUxNjEz +MzkwMVowIAIPZq9XKk3ymz4evHHdiX5QFw0xMjA1MTYxODE3NTZaMCICEQCUQAZd +WfcCmSuWAAovEc8jFw0xMjA1MTcxNTAxMDVaMCICEQCSvf3BrXt6Fys5TJWL611O +Fw0xMjA1MTcxNjA4NTFaMCECEFzuBUe9wcElI/52NIcQprMXDTEyMDUxNzE3Mjk1 +MlowIQIQO7vR9RtRUf6u7cIMxID36hcNMTIwNTE4MTAxNzE3WjAhAhBYI5+APArn +JQZn8ZpERSjOFw0xMjA1MTgxMzI3MTNaMCECEByDB6gJw33EtJe+tw1mtsoXDTEy +MDUxODIzMzUwN1owIQIQY2SdXMLzFAzJfQWkEovg1hcNMTIwNTIxMTQxNzU4WjAh +AhB1r0y1jqgyF0w5yam4WKxEFw0xMjA1MjExNDM3MzdaMCICEQCDlg82j3LIYNwP +ihasWPKkFw0xMjA1MjExNjE5MTBaMCICEQCy9ELeRcHbovq8cA2KfEdMFw0xMjA1 +MjEyMDE5MTlaMCICEQCDEU6PNkFWN1WOO3h3EwmyFw0xMjA1MjEyMDE5MzhaMCEC +EAuAYp9HvOhBuTRiNtpN8cIXDTEyMDUyMTIwMjEzOFowIgIRAKJ/Q2RxwPrJ1Kym +jbByf5cXDTEyMDUyMTIxMTEwN1owIQIQL0P50caiXINycfh8kzBN9RcNMTIwNTIy +MjAxMDMyWjAhAhAW8Lmd9XXvKT+rRkCJMMdSFw0xMjA1MjMxMDA3MDhaMCECECat +Z+Nb6syp0OYg0yY4LCEXDTEyMDUyMzEyMjUwOFowIgIRAOzyoJZtxcEYq0f55wQl +jEcXDTEyMDUyMzEyNTI1OVowIgIRALz+qxOXSqczrqXBoiJvRYAXDTEyMDUyNDAw +MTk0OFowIQIQIRFhqHD2OocuLaxcPwKFvRcNMTIwNTI0MTAxNTM1WjAhAhAO7T7a +N9k2c9QtLe4E+EImFw0xMjA1MjQxMzQ5NDBaMCECEDu4GhkFQ8q6dfVDh6JcUPUX +DTEyMDUyNDE0MzEwNVowIQIQG0MMND86VmZu+6q3l0BVahcNMTIwNTI0MTkzNDE4 +WjAhAhAr0/mtfNa22X3DeO62DK/WFw0xMjA1MjUxMjUyNDBaMCACDyX2WvGLVklO +TsF6MDI7+xcNMTIwNTI1MTM1MjMxWjAhAhBzKgXNPK/T0NjSRCKa7qkYFw0xMjA1 +MjUxNDE3NTNaMCICEQC0mJuv/Zzagnmx3gZfvJW2Fw0xMjA1MjUxODE3MzdaMCEC +EA/DDsRawHW7MxI2jN8HkGMXDTEyMDUyNTE4MTgxOVowIQIQbF81tEOvXFkeg0/T +57SGnRcNMTIwNTI1MTgyMjM5WjAhAhAETdseAc4mLsa9kZg6qOyCFw0xMjA1MjUx +ODI5MjNaMCICEQD1FvV+35SGQi6QANn8oMuJFw0xMjA1MjUxODMzMDlaMCICEQCx +PrGUe5SL8nHcj/hB10h+Fw0xMjA1MjkxMDE4MDZaMCECEES6wENGefWUFGcAxDQY +sW8XDTEyMDUyOTExMDQxMlowIgIRAO1cgGIbZ0Y5ZSiyjBrrlNUXDTEyMDUyOTEz +MDAyNFowIQIQBSU2VOML1LdbDWrrKY+tBRcNMTIwNTI5MTQxNzU5WjAhAhAShec9 +h++F8RVIqvPiEJ0bFw0xMjA1MjkxNjA0NTVaMCECEGZa/lHosQT4G3lZWEu8KsgX +DTEyMDUyOTIxMjA1OFowIQIQWBlXzU15qNgQFv8Bx0VCfhcNMTIwNTMwMTA1MTE0 +WjAhAhAow3J12UbAbKqSc0IGDktqFw0xMjA1MzAxMjQ4NThaMCECEBp5JiQrkiYQ +/us4fifkYVYXDTEyMDUzMDE3MDExM1owIQIQE5xUqUlyeTK1u6QpOMP6ARcNMTIw +NTMwMTc0NTI0WjAhAhAz00sXHA63qE+QDPn/1v36Fw0xMjA1MzAxOTE0MDVaMCEC +EDigGO7xVxslDFLGWQtb3ooXDTEyMDUzMTE1NTEyMFowIQIQPBKpG6kcJsk5ydgz +l9k/YBcNMTIwNTMxMTkwNDAyWjAhAhA9XUmejW/nvWMSaHnRsyLnFw0xMjA2MDEw +OTQyMjdaMCECEHnkJkUK3GwE3A7erN+ZrRQXDTEyMDYwMTEyMjAxMFowIgIRAPVt +dYdHnsH1WcHErixQS+kXDTEyMDYwMTEyMjEwNFowIgIRAPCUANGSi821j5C6p4wG +nTMXDTEyMDYwMTE0NTM1MVowIgIRALWtdzuSmjVvbIzK6vuQbX4XDTEyMDYwMTE1 +NDUyNVowIQIQHJZY3HZyxsNHEnrVyHZJsxcNMTIwNjAxMTgzMDQzWjAhAhAUmmOe +xT1kwVskvoYbxEqRFw0xMjA2MDExOTU3MzhaMCICEQCIF7Cnog/3fKtBhP90wT6J +Fw0xMjA2MDEyMDIxMTNaMCICEQCMpecUSuT5McqPfcXEEI2cFw0xMjA2MDMyMjM3 +MTdaMCECEBCU4syqPJWaCwB7rBWvDDMXDTEyMDYwNDA0MDQxNFowIgIRAIyyfjoR +6u24ecMwLgP9yrIXDTEyMDYwNDExMzIyOFowIgIRAIsiBsKvzXbXc/VfvJIjjNwX +DTEyMDYwNDEyNDM0N1owIQIQYIgEZWEkPGI/WGV7M201NhcNMTIwNjA0MTY0NTQ0 +WjAhAhBAtukeEzBFkH0gDvUQ2W3JFw0xMjA2MDQyMDE3NTZaMCICEQCjZ6BsqlwQ +eW5i4zKaHMZxFw0xMjA2MDUxNTA2NThaMCECEH+qKznjh/DmOOueZDfbRzIXDTEy +MDYwNTE2MDgyN1owIgIRAM/OCVvSpWFwXSUXIz/7yDYXDTEyMDYwNTE2NTYzMFow +IQIQGkj4zwkPEIfn8U2OV+Ds2RcNMTIwNjA1MTkxODM2WjAhAhBo7akUoYmi+6I8 +yGyROjgZFw0xMjA2MDUxOTM0NTFaMCECECHKgh6Ghu1jKm7wOfjNZ4IXDTEyMDYw +NTIwMzExMFowIQIQW6R59gVKxOoDbK3Gzv2fLRcNMTIwNjA2MTU0MjE3WjAiAhEA +9oabDCOaZA8kiSGXKkds0RcNMTIwNjA2MTU0MzQzWjAhAhAnTPNP2+4I99G/igTG +I0evFw0xMjA2MDYxNjAwNDRaMCICEQCtg82ZnSD3QI0umytn9ippFw0xMjA2MDYx +NjE0NDZaMCICEQC7o8z1LXA8MBLgHO7YiSYRFw0xMjA2MDYxNzA1NTVaMCICEQCy +nbPqjIhYnJGkSltIsmKbFw0xMjA2MDYxODA4MzBaMCECEAQDrH9abRxNBTOJM5rQ +6E8XDTEyMDYwNjE5NDczM1owIQIQGaHvKRW0u4wF2kjaYc2SsxcNMTIwNjA3MDAz +ODUxWjAhAhBKZ0Rehj5nDOguBVetegRMFw0xMjA2MDcwMDQ4NTFaMCECEENCtLfh +85T9kZMtHGjL0IoXDTEyMDYwNzAzMjg0NlowIQIQet5zPv5ioHkSSIDAmrc9FBcN +MTIwNjA3MTMxNzA0WjAhAhAqC/cvMTiXJkHp6w6SzkwOFw0xMjA2MDcxNTA1MjRa +MCICEQDcWkhR1Dj1s0jklgVFSnT6Fw0xMjA2MDcxNTU3MDNaMCECEG+065GIGiD0 +Q2ZOCny34KkXDTEyMDYwODEzMzUzNFowIQIQQ45Sp1uE2TYgA/R6Im9tchcNMTIw +NjA4MTQ1NDIwWjAhAhAVOzMtpB5WuW5XkumkzuS0Fw0xMjA2MDgxOTE3MDVaMCIC +EQCalgBUFPp62vyXXnAXZPwnFw0xMjA2MDgxOTMwMDBaMCICEQD72+McqAaCurEz +fx75I/wdFw0xMjA2MDgxOTMxMThaMCICEQChOyam72f3srqhnZX3qZYNFw0xMjA2 +MTAwODA2MjlaMCICEQCpXFWEmXu9rVBM9v8bGX2JFw0xMjA2MTExMjEwMTZaMCEC +EEY6HBIJZ71cu+u89iWXuP8XDTEyMDYxMTE0MDQwN1owIgIRANBR8wgI9f9rHn1B +iWCJAgEXDTEyMDYxMTE0MzEyOVowIgIRAKUq8nK+Dr72D4v7ejVPFUIXDTEyMDYx +MTE1NTIyN1owIgIRANhfkf/HhpjdNQbxsYe94QkXDTEyMDYxMTE2MTUxMFowIgIR +ALfAKcgIyQstzSYuygEqzYMXDTEyMDYxMTE5MzA1OFowIgIRAPDf2kLECSXGCBun +ueifWbAXDTEyMDYxMTIyMTYxMFowIQIQZ04FVAcHA5uDT8qujk/RFxcNMTIwNjEy +MTMxMTMwWjAhAhA5q+v19zYjIB5NlOOEKRuKFw0xMjA2MTIxNDI2MDRaMCICEQDK +9IHoRjOLr0LQpCfLMjx4Fw0xMjA2MTIxNDQ3MTdaMCICEQDL8CoH3sipaAIFE+Kk +bRNnFw0xMjA2MTIxNjM1MzlaMCECEEpFcXtohZUFG+BJAfLxyS4XDTEyMDYxMjIy +MzEzMlowIgIRANMqaVDbd++MbMoyp0DXoqYXDTEyMDYxMjIzMDUzMVowIgIRAMCE +w/8XH+8AI8UkSFoiLEsXDTEyMDYxMzA0MDAzNFowIQIQPiGlK975jKCqEnD3dJOA +mxcNMTIwNjEzMDkxODM2WjAhAhBDEmTdXYudE1mZ7H1/gzLdFw0xMjA2MTMxMzMz +MTJaMCECEAwDtqq7zKzIPKDaQVJme74XDTEyMDYxMzE0NTYxMVowIgIRAM+Gjc8q +Wsri2g7WoDpp7qgXDTEyMDYxMzE2NTgyNlowIgIRANtYxvmIFnQDhImbDIj2K9sX +DTEyMDYxMzE4MDQ1NFowIQIQPCMjG8epI3CDQeUgDRly9RcNMTIwNjEzMTk1NDE0 +WjAhAhAkq5SPqRfi19yDmQT1bfP5Fw0xMjA2MTMyMDQ1MTlaMCECEC4NwHDzJvgf +YzEoKx6WipcXDTEyMDYxNDA4MzIwOVowIgIRAL6UIZpJAzoxGFOmIlTarnQXDTEy +MDYxNDExMzM0OVowIQIQKsSdthkVKFuaZsmIAQAB7BcNMTIwNjE0MTQ1NzM2WjAh +AhBwtIhLQeRvLdG+zQXaczoxFw0xMjA2MTQxNDU4NDlaMCICEQDdks2Gc653oOkQ +w6X57rW9Fw0xMjA2MTQxOTIzMTJaMCECEErBeoLCKlfpUQGZLyJAf48XDTEyMDYx +NDE5MjU1N1owIgIRAOfeWvqIBV0jCQUKVSxpYdIXDTEyMDYxNDE5MzU0NlowIgIR +AKJ0u3mrwdVLj+CvORXJMhAXDTEyMDYxNDE5NDQzNVowIgIRAOe2OrzyYO/1l9iL +Le5Ok0sXDTEyMDYxNDIwNDcxM1owIgIRAIElLujltSakol4RZITAuMAXDTEyMDYx +NDIwNTgyOVowIQIQP3DDt1aOuEknsxHfAOwDrhcNMTIwNjE1MTM1MjU2WjAiAhEA +8myKVsTY9e61T5/UgDW8YxcNMTIwNjE1MTUzODA2WjAhAhBNBklnxGMlFwdYWjJ7 +k3LzFw0xMjA2MTUxODAzMTlaMCECEEiFYaY1AzYi8s05DtIKyI0XDTEyMDYxNTIw +MTAxNVowIgIRAM/o3UpsGVexCQ1vSRVaEOkXDTEyMDYxNTIwMTEyN1owIgIRAP2Z +5MZNUti7kS9SYYvt3SoXDTEyMDYxNTIyNDEyNVowIgIRAPhxSGsJqOpnBmPdv/0e +o9gXDTEyMDYxNzIzMzcyM1owIgIRAMI8Rwbr8/GqwfNyTIeMCNEXDTEyMDYxODE4 +MzkwNlowIgIRANi/UlpzVb+isBieYXDNSloXDTEyMDYxODIwMTA0OVowIgIRAJhv +9M5YJRC+h0zW6qxBwvYXDTEyMDYxOTA2MTcyNlowIQIQR4acANV6JnnnTB00lh87 +5BcNMTIwNjE5MTIwMDAwWjAiAhEAwh7deugAl7DMn4LEiPlCZxcNMTIwNjE5MjAy +OTE5WjAhAhA9LKBvADggk1u/jDKR7I8sFw0xMjA2MTkyMDU3NTFaMCECEEiBCwSj +e+ms14vuG48tA4AXDTEyMDYyMDEwNTg0MlowIQIQax80zFetK277w5qK16fpThcN +MTIwNjIwMTEwMjQ4WjAhAhAR8umx63RPidW7EskuvHM9Fw0xMjA2MjAxNTE2NTJa +MCICEQD0oRD4M3qOubftEXQpjGzrFw0xMjA2MjAxNTMyNDJaMCECEAmyuEIy/b6b +gJdO51P7FNYXDTEyMDYyMDE2MDAwNFowIQIQC6NRiUXeJfaS7sz5Kdt07xcNMTIw +NjIwMTY1MzE4WjAhAhAdF1dgD5FKF51xmljI7FfOFw0xMjA2MjAyMDQ2MTRaMCIC +EQD9jXJkHPq7azUHzmSrcULhFw0xMjA2MjAyMjA2NTVaMCACDwgaIYpT4sSuz2QF +vG87BRcNMTIwNjIxMDY0NDUyWjAiAhEA1Uwg3GPuSacYeQ0v2Ruf9RcNMTIwNjIx +MDg0MjM5WjAiAhEAxm3+5wSqCAeKb7PVTdP8+hcNMTIwNjIxMTgxNTE1WjAhAhB1 +lPLjwb+toBcmEwm1NPA2Fw0xMjA2MjExODE1MjdaMCECEEkw8LL+luPolSTfh/up +cXEXDTEyMDYyMTE4NDgxMlowIQIQQUAVjZbwdPxPd2rWdfpiYRcNMTIwNjIxMjMz +MzU2WjAhAhB/nPHEQSdrwuGvHxzGlOAhFw0xMjA2MjIxNTIzMDdaMCECEEyVa5u7 +33ru1+EA/bhJStQXDTEyMDYyMjE1MjgwNFowIgIRAPVH4OswQl06/4y1oHeO81YX +DTEyMDYyMjE1NTk1NlowIQIQcIqYrTnpCacODWNaWmLkkRcNMTIwNjIyMTYwNjU0 +WjAhAhBugiolpT2rq8JiWUg0uw+kFw0xMjA2MjIxODQwMTZaMCICEQD0WZoVebqX +ncPg0/HIXpjFFw0xMjA2MjIxOTI1MzhaMCECEFPxJZ5UmIPO24igjv5qFOoXDTEy +MDYyMjIwMDc1M1owIgIRAIdRXGn2julNmsXHZq4MmNYXDTEyMDYyMjIwMzgwN1ow +IQIQOjSAxNkGDX8eEPY6oeAZxRcNMTIwNjI1MDQ0OTM1WjAhAhBWWl3AC6VKesFH +JjexUjzQFw0xMjA2MjUxNTE4NTdaMCICEQCJXT54XMZI3AuWlxhW1+O+Fw0xMjA2 +MjUxNjE2MDhaMCECEBZa1pyQA0BqSSQsAp2inkAXDTEyMDYyNTE4NDMyNVowIQIQ +GuYTM6e4vpA7SjbU8qc+WxcNMTIwNjI2MTQzODUyWjAiAhEAvwF2ch/WkIBuNT7q +y1TWkBcNMTIwNjI2MTUzMzI3WjAiAhEA+FMJl3JVP6ZbMhFRtI+9fBcNMTIwNjI2 +MTYyMjI2WjAiAhEAq1DKqSR69t0rTMqjgQrydRcNMTIwNjI2MTcyNjU2WjAhAhBG +H++0wZtKVpVzLAWOwquiFw0xMjA2MjYxOTIxMTVaMCICEQD5ko3AU2/WapTVw9Vf +L6nuFw0xMjA2MjYxOTIxMzRaMCICEQC9Y4Jsl3aIiEJ6Ue6SxH1hFw0xMjA2MjYx +OTIxNDZaMCICEQCBxdA4x+DEU1jHG947pKgQFw0xMjA2MjYxOTIyMDJaMCECEHo/ +MZsWE72t/nnDQb+gf3cXDTEyMDYyNjIxMjE0NVowIgIRAL0mn7oh4HZBmirgx3fr +/t0XDTEyMDYyNzEyMzY0MlowIgIRALOZ+D29lGzmZqCseEWk1xgXDTEyMDYyNzEz +MTUwN1owIgIRAK8np0QdJgTN28mKtP9RFUsXDTEyMDYyNzE4NDUzM1owIQIQSFE5 +u0BhIuJuYdMLMTKFiBcNMTIwNjI3MjI0NTQ4WjAhAhASnx7T5tieicZvTRhsvPVl +Fw0xMjA2MjcyMjQ2MThaMCICEQCUVnBJXDxkP3XLZY2l00uHFw0xMjA2MjgwMDA0 +MjBaMCECEGM3HxswULSZPPtRSr1q4vUXDTEyMDYyODAwMDQzMlowIQIQQN2A2vFU +d5y/2r1d3GIrAxcNMTIwNjI4MDEyMDI5WjAiAhEAvvtixEOVdVqr/7cm8aBIXRcN +MTIwNjI4MDg1MDU3WjAiAhEA9iRPGjfcJj9USDMACRX/dRcNMTIwNjI4MTYxNzI4 +WjAhAhBPMw38sQKNuMKj2aX1tfb7Fw0xMjA2MjgxNzAzMTlaMCECECP6O5F7XLLT +DKKhvJEw+YsXDTEyMDYyODE3MDg1MVowIQIQIRoYSnwxW48z/aHUU9yt6RcNMTIw +NjI4MjAwODU5WjAhAhAPWK4FZulFC71fkYVahXNSFw0xMjA2MjkwOTI3NDVaMCIC +EQDvoL0aZQTIhn8H1nXefOhtFw0xMjA2MjkwOTQ1MjFaMCECEGn6BBBEP8kBFNOC +/K13tiEXDTEyMDYyOTE0MTEwM1owIQIQQfzvY17ZFxZSb2tdCsra2BcNMTIwNjI5 +MTQxMjI5WjAhAhA8KS8vu5/qN/Xloibr6WhiFw0xMjA2MjkxNDIxMzFaMCICEQCQ ++Cg0Ln3jp66JWcG9ogzlFw0xMjA2MjkxNDI0MzVaMCECEEgyqiPP4DNQdsfHS5K+ +FukXDTEyMDYyOTE4MDEwOFowIQIQBlH32iQxQycwgsgmaLi/qxcNMTIwNjI5MTgy +OTAxWjAhAhAy5FVi+BIaQvvpmgLem0FTFw0xMjA2MjkxODI5MTlaMCICEQD9LZx2 +vyPAHiXuyQrJvFULFw0xMjA2MjkxODI5MzdaMCICEQCDYPMZxddS8Z70txEai4Db +Fw0xMjA2MjkxODI5NTZaMCICEQC8me48EsPXrzZgCqrEugVSFw0xMjA2MjkxOTI0 +MDlaMCECEAskCccrUoOTPwcRZ0QGqcQXDTEyMDYyOTE5NDkzNlowIQIQDZZ90d/t ++feiaf6GPYTNDxcNMTIwNzAyMDg1NTQzWjAiAhEAwnE2Na3Uj7ocEl4F9y9z3RcN +MTIwNzAyMTQxMzAwWjAhAhBPtn2vBkF8CR0tbQoraONYFw0xMjA3MDIxNDU4MzVa +MCECEB3Rm9kw41gLXl9UA4oEdc0XDTEyMDcwMjE1MjUyMFowIQIQMDG6u689Uwda +w6L4P/LPPBcNMTIwNzAyMTUyNTU0WjAiAhEAu5TH6z1m+yWjWy0jDSHBPxcNMTIw +NzAyMTUyNjE5WjAiAhEA0yia6YEnIjVqMNhkYUxXiRcNMTIwNzAyMTUyNjQ1WjAh +AhB9rOZyLwK5h5ttke/fYXioFw0xMjA3MDIxNTI3MDlaMCICEQC/AZWgimZbyeD0 +2NcaFXggFw0xMjA3MDIxNjExMTRaMCECEAkmsxZPVjI3cAE5l6qObkoXDTEyMDcw +MjIxMTUxNVowIQIQJWmioCwaZU8SA9tUCeEdzBcNMTIwNzAzMTUxMTQ0WjAiAhEA +xZZ95+5SUR+tguAHZERpIxcNMTIwNzAzMjAyMjU2WjAiAhEAxiIpn0uI5rhc9qI3 +q17VcRcNMTIwNzAzMjA0MDQ1WjAhAhAuFHN6UtnPTERm4brnxYsZFw0xMjA3MDMy +MTAyMTdaMCECEDuZBL5ki0rIVtSJFMNgKuoXDTEyMDcwMzIxMDIzMVowIgIRALPj +TyGvCdr6f8D4aurNtCEXDTEyMDcwMzIxNDQzMlowIQIQObaFw5zoTRq9uKfvBDPx +QhcNMTIwNzA0MTIwNzU4WjAiAhEAk0r11qdG7gff5poS4iVHrhcNMTIwNzA1MTIy +MjEzWjAiAhEAylPQI0oj4gDfcrVg7o0YKRcNMTIwNzA1MTMxODUwWjAiAhEA44D7 +7yIsQB99IoLQaF1yBhcNMTIwNzA1MTUzMjAzWjAiAhEAwg1Ej8k5Yg9RtCOe/FHj +xhcNMTIwNzA1MTYwMDQyWjAiAhEArfRU59MPjhESAhCR85cOnRcNMTIwNzA1MTY1 +NzUwWjAiAhEA26Utmti/ckXAS3L2UQm9LhcNMTIwNzA1MTkwMDI5WjAhAhA82VrX +w7LNVlQl6rM+pHkpFw0xMjA3MDUyMTM2NDhaMCECECiL7JJrlr/m4C2qx2N5w9EX +DTEyMDcwNTIxNTYzMFowIgIRAO0tnmLEwdlCE1s4eIqR5z4XDTEyMDcwNjE1Mjc1 +MVowIgIRAIX8u2KcFeb7jkl/Mkv/k5UXDTEyMDcwNjE5NDI1OFowIgIRAKThxaSd +eovkk5bX2OnJSkMXDTEyMDcwNjIxMDIxNFowIQIQSXl9FaFP4FXYxH0oW3N2RxcN +MTIwNzA2MjIyMTI1WjAhAhBRLbJhO1gjH+BgU85Fm804Fw0xMjA3MDYyMjIxNDZa +MCICEQCQrDNtvZRz5zdhdHL9kCDNFw0xMjA3MDYyMjIyMTFaMCICEQCAyFE9et8J +AxrBJ5Y1PTOtFw0xMjA3MDYyMjQ4MDBaMCICEQCRO+ZItGa+LXbYSxxHgrC5Fw0x +MjA3MDkxMzQ3NDJaMCICEQDIprfleU7oH9oc40Md8T+HFw0xMjA3MDkxNzU2MzNa +MCECEAegoF1pr/QUmwabU+3czhIXDTEyMDcwOTE4MjAyNFowIQIQaacq8sdQPBKx +jL//jACI/xcNMTIwNzA5MjA1MDQ2WjAiAhEAwI0L0ing6Z+5iPMN06HeeRcNMTIw +NzEwMDMyMjU0WjAiAhEAwgnLDiEOD/+IA+ut5fvIKhcNMTIwNzEwMDM1OTQ3WjAi +AhEAh5HS7G83BUYQ4xnT12TlJRcNMTIwNzEwMDk0MzE3WjAiAhEA9tuls2lurwpD +MWCPBJt/4xcNMTIwNzEwMTUxNTAwWjAiAhEAr+YpwRG4kWMqk55m7tmkmxcNMTIw +NzEwMTU0MTI1WjAhAhAS/UriU7TbQcKdagzI+3l7Fw0xMjA3MTAxNjA3NTJaMCEC +EBWvy5ahNlqwNx6qNG8k+24XDTEyMDcxMDIwMTcwMlowIgIRAPD6Bwpj7e8TLYlh +GocdrkIXDTEyMDcxMDIxMjcyOFowIQIQEEPDO7l5c2drajPWeAWeLBcNMTIwNzEw +MjEzNDAyWjAhAhA0nvs2Isgy/YV7KThjruJNFw0xMjA3MTExMTE4MzNaMCICEQCO +9Z86B0Wh93k9YSfKirHOFw0xMjA3MTExMTQ3NThaMCECEHmBKisODIWZaElCyr5k +vH0XDTEyMDcxMTE1NTAyMVowIgIRAO0U7B0B6CiMAja1h77/Ak8XDTEyMDcxMTE3 +MDcyMVowIQIQEFMoNlprj+KKOlz9GoMLMBcNMTIwNzExMjAwNTQyWjAhAhAmkB2n +GmdPIUh7/ljPunKOFw0xMjA3MTEyMDA2MTBaMCECEAh47V9XFLJLPEu2B+MAG6gX +DTEyMDcxMjA3MjA0NFowIQIQFtXGXKBzhBHnZZsYv5fC5xcNMTIwNzEyMTQyMjQ0 +WjAiAhEA0YbXhhebiISyYdOFHMqyZhcNMTIwNzEyMTQyNjUwWjAhAhA9ob2jSvzc +GY2Sg8Upbx3xFw0xMjA3MTIxNDMwMzlaMCECEEtrlmjILKUcChk/NumUdAEXDTEy +MDcxMjE0MzEzNVowIgIRALxU00yMHwSZguthUZlMNBkXDTEyMDcxMjE0NTE1MFow +IQIQbkqlx70tyy7hZV4kqfN8LhcNMTIwNzEyMTUwMTU3WjAiAhEA4Qp7NVWcPfMn +GURTBdX2mhcNMTIwNzEyMTUyODM4WjAiAhEA7KRK2JO1Rel9EatXsUaGihcNMTIw +NzEyMTUzMzUxWjAiAhEAvLLdgDfe/Sr8Z0GVB3xCwhcNMTIwNzEyMTUzNDE0WjAi +AhEA4dqvozyNSKBBhJVYI1N3uRcNMTIwNzEyMTUzNDI5WjAhAhA9AGsLd/8YLs+o +YmND3eDrFw0xMjA3MTIxNTM4MzRaMCECEGnKQVb96zne/PdH4uv7emcXDTEyMDcx +MjE1NDMwN1owIQIQQHR/43Eqi5kI7BBhFax+6RcNMTIwNzEyMTU1MjI1WjAhAhAG +QqxOe4Gsqd2ZtSmSZ+xKFw0xMjA3MTIxNjA2MTBaMCICEQCnVIA4ytNZPApVFH6H +ZXZXFw0xMjA3MTIxNzE1MDhaMCECEGK93tJmFWCtgCJ1R88g5OYXDTEyMDcxMjE4 +MDUxOFowIgIRAL6d709HzDsLYSnM8A5LAX0XDTEyMDcxMjE4MzY1M1owIQIQXmIz +Hg7xs+FIEXHUVl8RWBcNMTIwNzEyMjIxOTU4WjAiAhEA0NE4NOymbJWCLBmLQRyl +vRcNMTIwNzEyMjI0NDU5WjAhAhBC0q/WvGmEBxnv9Lruoll+Fw0xMjA3MTIyMjU4 +MzRaMCECEDZ9/rcX6u4h0PDFbkp8ul0XDTEyMDcxMzE0MzU1N1owIQIQfhYN9+jl +oU0y8V3/nPW3CBcNMTIwNzEzMTUxMDU1WjAiAhEA1BrW3dE9kkvnJRaDW+jVkRcN +MTIwNzEzMTcyNTI5WjAhAhBlnWeoQPtAGoYb0NB22vrXFw0xMjA3MTMxOTE3NDJa +MCICEQC34UiVGYkPoLRzdwU6FoQjFw0xMjA3MTMxOTE3NTFaMCECEDH9ZumOOwwE +hrQ5y/teDCMXDTEyMDcxMzIwMjI0OVowIgIRANu1A3LiaDezA5c9SrayuOMXDTEy +MDcxMzIxMDEyOFowIQIQUQeTXzxec9L2s4tqlc9/bxcNMTIwNzEzMjIyNjA0WjAh +AhAc46+4rXieMS/MVSd1b+n0Fw0xMjA3MTQxNTI2MzlaMCECEHYCjDQ1AG6G7CSM +PvHfvNsXDTEyMDcxNDE2MDM1MlowIgIRANej4BSkd2Wwi+ibl32ccAEXDTEyMDcx +NjA1NDcyNlowIQIQaW2i7Po0oc/6EHdpXZ/K/RcNMTIwNzE2MDU0ODE5WjAhAhB+ +e2eRF/G3SbE5g7APIVG0Fw0xMjA3MTYwOTM4MzNaMCECEHw91ISpCISoeC8JcyTi +ni0XDTEyMDcxNjE2MjA0OVowIgIRANTto42qvC834JQJZ78942kXDTEyMDcxNjE3 +MDAxMFowIQIQGEguHtDkJgVhqssPVu2Q4RcNMTIwNzE2MTg0NjI2WjAhAhAZeo7p +ZxE1k5j+x8CDm7q4Fw0xMjA3MTYxODU0MjhaMCICEQDOvqn3TAtV6Z7tHQojCJX0 +Fw0xMjA3MTYyMDQ3MTZaMCICEQCFqYxLRaNyRZwxqcVrH6txFw0xMjA3MTcxMTM4 +MjJaMCECEFhnkvaUk9HO+fmxz/FlCycXDTEyMDcxNzEyMDIwNVowIQIQUUE7SGOx +DSqEjuYASO6/KBcNMTIwNzE3MTIwNTU3WjAgAg81m1u+RmX60nmhFVap8UQXDTEy +MDcxNzEzNDUzNVowIgIRALsI67L+hNFqITy7wU959qwXDTEyMDcxNzEzNDY1MFow +IQIQcs7JVDo84+FqpEXkV6/uPhcNMTIwNzE3MTQxOTM3WjAhAhA/XTP9au01mBrQ +PosiL/zmFw0xMjA3MTcyMDU5MjBaMCICEQDHV3HfVJuzNslF/XJ7g3TbFw0xMjA3 +MTcyMjQ0MTdaMCECECirgSDrzPekRqrhM+qNzDYXDTEyMDcxODA3MTc1MVowIQIQ +WNejLS0FTVxrlbnnLM3TlBcNMTIwNzE4MTMwMTE4WjAiAhEAv4z/F3ION+D+GFYQ +Zm2nOBcNMTIwNzE4MTMyNDMxWjAiAhEAxwJMMFwf9wEieyeqfnXPVRcNMTIwNzE4 +MTM0MTU5WjAhAhALETZ2uAoQ+H4KtU2efTwkFw0xMjA3MTgxNDAxMjlaMCECEHHs +q42Y4yBSxs5eF3a+z1wXDTEyMDcxODE0MDE1MVowIgIRAKSImVUJEFDkulL0yhMb +5v8XDTEyMDcxODE1MTAwOVowIQIQLAMv3JCxxJkHKK8/OOzGPhcNMTIwNzE4MTY0 +NTI5WjAiAhEA51uuhTLTzCFOw6F54u0wzhcNMTIwNzE4MTczNDQ2WjAhAhByRd1s +wWWuz4T5pZrA927IFw0xMjA3MTgxNzM1MDFaMCECEC3rM54x+ksAIDfze4nVPQwX +DTEyMDcxODIxMTEyOVowIQIQWCPBzq73AmFeHV048nQcCxcNMTIwNzE4MjEyODA1 +WjAiAhEA0NDVSmCiirD3UIML6Z2SBhcNMTIwNzE4MjEyOTQ4WjAiAhEAprvfmZxp +N6Bx1aAUDlexcxcNMTIwNzE5MTEyODQwWjAhAhAbdbG9cinH7nvBzgVoAPMUFw0x +MjA3MTkxODU1NDJaMCECEC+JMcClPKXPZRpAZ3AFm+kXDTEyMDcxOTE4NTYzMFow +IQIQSiy9mzZgrDLwKWj96w6BARcNMTIwNzE5MTkxNjM0WjAhAhAIPUHTGQRCkWJk +2inhLr7eFw0xMjA3MTkyMDMxMzRaMCICEQC57meV3ak7w7QJPPwDqHaJFw0xMjA3 +MTkyMTU5MDZaMCECEHB5ULum0bvQbPQ8As5P+pkXDTEyMDcxOTIyMTk1NFowIQIQ +P8/FDL8bxS10VyWjL98KTRcNMTIwNzIwMTI1MDU2WjAiAhEAxeA9NJ1pSeYthjPL +gqcZHRcNMTIwNzIwMTQ0NTA3WjAiAhEAnmyoBmRgJ3YtM3SKC3m+DhcNMTIwNzIw +MTUzNjE5WjAiAhEAi9tTy0nRDYhRObJlhltFhhcNMTIwNzIwMTU1NjU0WjAhAhBR +kpXOAVJWE5V4guhDB8T0Fw0xMjA3MjAxODIwMzRaMCICEQDUVu2rbiGhcPn3FJmm +kad8Fw0xMjA3MjAxOTQ1MzlaMCECEGDks9xflJ749I8kkiXBw4QXDTEyMDcyMDE5 +NDkyOFowIQIQKS3pFqh5kdrLgFCAdl/JKRcNMTIwNzIxMDAyNjU1WjAhAhBiIzeT +/owzV/btW2V/KNkNFw0xMjA3MjEwMDI3MTJaMCICEQDdR6HxgFMULnr4q02F8UZM +Fw0xMjA3MjExMDMwMDhaMCECEDGD1TM01yim0nAAL5bd5UsXDTEyMDcyMjIyMjkw +M1owIgIRAK3y+VEV0y3zmziBcrZpjBIXDTEyMDcyMzA1MTg1NlowIgIRAPJbL4+2 +2Npmv3l5n9cQTbQXDTEyMDcyMzEyNDEzM1owIQIQQVR1wklWqmCyE8F8kGxeqhcN +MTIwNzIzMTMxOTM0WjAiAhEAx2Z+2IhLdB4ULWvNA9g8xRcNMTIwNzIzMTQwMjMy +WjAiAhEA5LkvdnfyhmdoHW6PeQrMnRcNMTIwNzIzMTYzMDE3WjAiAhEAufxWYhhU +Z2CnroVevCHZxhcNMTIwNzIzMTYzMTEwWjAiAhEAuavDymvPzK22geBV32PMTxcN +MTIwNzIzMTYzMTI0WjAhAhAGTEJ2LR9PjyvQuQoARFQOFw0xMjA3MjMyMzExMTha +MCICEQC6pw60XT2sltoZJo/Z35TGFw0xMjA3MjQxNjMwMzJaMCECEGetttbVe9N+ +9KVeUuoLm5kXDTEyMDcyNDE2MzYxMVowIQIQQJdsZOKZr/rlfGMd9DEXCxcNMTIw +NzI0MTY1NjE2WjAhAhBeWt8o9CFJMwV7qtTxgKKlFw0xMjA3MjQxOTA1NTFaMCEC +EEqQJ+Pc5Hv4n2+aFiC/3/kXDTEyMDcyNDIwMzE1NlowIgIRAKkp1Pw9UKWX6QdV +WeG173YXDTEyMDcyNDIwNDIwNFowIgIRAOySjPjnbaGL40g3oZQbUI0XDTEyMDcy +NDIwNDIyMVowIgIRAIvVpXrYa2FoVG+A3HR87n0XDTEyMDcyNDIxNDgzOFowIQIQ +RF+kCS7wlIAru2JYPt8frRcNMTIwNzI1MDMzMjQ2WjAhAhBPBLVKYW1ptHo0vitV +4r4cFw0xMjA3MjUwODQ4MTVaMCICEQD2FCuS5rc2ZiJBqZ0u8FtKFw0xMjA3MjUw +ODU1NDNaMCECEAL4v+B8OdiHMwGQ5V0+784XDTEyMDcyNTExMzM0NlowIQIQBgpT +thkwZus+zk7xKvLXABcNMTIwNzI1MTE1MTM1WjAiAhEAnYS7u1sfdJyKgpWsVMB3 +6RcNMTIwNzI1MTUzMDQyWjAhAhBKzMyDDcNJ4Z1VYWLA53M8Fw0xMjA3MjUyMTMz +MjZaMCICEQDYwNNeFx2RRgJIetGOjmLrFw0xMjA3MjYxMzMyMjZaMCECEHX8n/de +Vu36kKFWCGRoI1EXDTEyMDcyNjE0NTMzMlowIQIQO+ptoDGjv93AJsqKq/7mtxcN +MTIwNzI2MTU0NTQyWjAhAhAo56M0k52ld0VRYwIlYO+qFw0xMjA3MjYxNjA0MTRa +MCICEQCLck9UVP8GfxCBS4iE73leFw0xMjA3MjYxNjA0NDFaMCICEQDgeT6Wn8y7 +jwwESH9v0z03Fw0xMjA3MjYxNjA0NDVaMCICEQCGC26QEf6Ue0GE8Z0IZwC6Fw0x +MjA3MjYxNjA0NDlaMCICEQCBtDjlk8akgfz8v4VPRpNeFw0xMjA3MjYyMDQ5NTBa +MCICEQCJFv5ccqSefSEkRBTs/8y1Fw0xMjA3MjYyMDUxNDRaMCICEQDWf6Hemc7u +84m46xTobArYFw0xMjA3MjYyMDU0NDRaMCICEQCE+cOsAXoc4DZoFFmQon05Fw0x +MjA3MjYyMDU4MDZaMCECEGaO+2khbLXTRHPwz+ebKk4XDTEyMDcyNjIwNTgzMVow +IQIQFO1c6nOpq4UUXpdbLPgnfxcNMTIwNzI3MTAzMTAwWjAiAhEAzwhHONj4Ki/b +ezW+UqcO3hcNMTIwNzI3MTMyNzIzWjAhAhBddMa2Hy9Gfzt5evdZBsfrFw0xMjA3 +MjcxNDExNDRaMCECEDkhIUOZ6dXkb359/mRfrosXDTEyMDcyNzE0MjkyN1owIQIQ +Z0oxff5E9dXGF2ZaWb3VVBcNMTIwNzI3MTUwOTI4WjAhAhBrZzPlv3bKitBE1bjr +N8BnFw0xMjA3MjcxNjM4NDdaMCICEQCo/s0avly3L+77uh+iQcXCFw0xMjA3Mjcx +ODUzNThaMCECEArv6M/ZJ1ZaFehDNaoeCTYXDTEyMDcyNzIwMzQwOVowIgIRALpa +zlas5XMoQZ70/yWVG1QXDTEyMDcyNzIwNDQ0MFowIQIQNKXvfZRiOOagJ32Z+vIi +FBcNMTIwNzI3MjA1MTQ5WjAhAhBoux9voYXlPImda9632pdxFw0xMjA3MzAwMjQ4 +MTRaMCICEQDtW68Eo39BovUtxDPRt+rXFw0xMjA3MzAwNzIxMDhaMCICEQCY+3be +XKqMiS7X98LT45zOFw0xMjA3MzAxNDMzMjBaMCECECQXOTZnqN1YMujasXR/1McX +DTEyMDczMDE4MDM0NVowIQIQFfVRpLzDXSvMvlr7j76bURcNMTIwNzMwMTgwMzU4 +WjAiAhEA7u6ptCG3tnxa8jZ7xz2E/RcNMTIwNzMwMTkyNjU1WjAiAhEA1Hs38Ln8 +MY0llwBgaCpwkRcNMTIwNzMwMTkyNjU1WjAhAhAlEpgCW6M09+ZKRMSGPa+pFw0x +MjA3MzAxOTM0NTdaMCICEQDx0l/34w0wo6DGvWl5FgjZFw0xMjA3MzAxOTM1MTNa +MCECED8pD1JAt3/cSLOL3U47zt4XDTEyMDczMDE5MzYyOFowIQIQRfJuAU8T4BcY ++1m3h24CfRcNMTIwNzMwMTkzNjQ1WjAhAhAhAdhg/ywPj4JHchRoizR3Fw0xMjA3 +MzAxOTM3MDJaMCICEQC22+4CmUiqPM6K1Nfu+4ZsFw0xMjA3MzAxOTM4MTVaMCIC +EQCsuaGVQH/khMNKG19sjNGnFw0xMjA3MzAxOTM4MjRaMCICEQDVNT1L0Sm7o8k+ +QuM3n0xbFw0xMjA3MzAxOTM4MzFaMCECEAMyiuPTJjHd0cj7oO1q+2gXDTEyMDcz +MDIwMDMzOFowIgIRAIWfW4j/wl7oAaPFUqREoZYXDTEyMDczMDIwMDM0NVowIQIQ +NTAmDOghKhmFOtTEC7lyDBcNMTIwNzMwMjAzMjQ3WjAiAhEAtb6xXZaHZyOWoAUl +WBPIixcNMTIwNzMxMTM1MjE3WjAiAhEAwJBWq/CUoh2+VbTWQp0dQBcNMTIwNzMx +MTUyNTQ4WjAhAhBamOTRUCyb69oCmLXBZf6JFw0xMjA3MzEyMDA1MzFaMCECECBU +uPZVOpo7h7ahZnh0F5gXDTEyMDczMTIwMjE0OFowIgIRAM+DVtU1L1NqY0EUSODg +1b4XDTEyMDczMTIxMDMyMFowIQIQGR5fivGPPxRFMpWeMlWXbhcNMTIwNzMxMjE0 +MTE5WjAiAhEA98bdVodFh+J7AVLUNoObTBcNMTIwODAxMDEyOTUwWjAhAhAbSQwo +6NHF+BiyRzjobes3Fw0xMjA4MDEyMjMyMzNaMCICEQCfZwRbKufOvWNsMxXmazSG +Fw0xMjA4MDIxNTA4MTNaMCICEQD6/Q20Q7A4ZBZiKVKdB9LLFw0xMjA4MDIyMDE4 +NDBaMCICEQCE86FV41NcIsRmQM8FXFySFw0xMjA4MDIyMTAzMTRaMCICEQDJqr8a +RSjJttFjpKEs9k8+Fw0xMjA4MDIyMTA3MzVaMCICEQDx6WBK7QfypA+gOv6dbs13 +Fw0xMjA4MDIyMTU4MTRaMCICEQCZ+AHhCt+EKhwNUSpE7bJIFw0xMjA4MDMwNzMz +MzBaMCICEQDW0e6BdYIDeugfc1E9WlgzFw0xMjA4MDMxMjMxNDlaMCICEQD6Ui9z +f/aD6JOE2BbuRrx3Fw0xMjA4MDMxNDM1MjFaMCECEA9RAU9lpiPn8n207wyCWi8X +DTEyMDgwMzE1Mzk1NFowIgIRAOqazBQ1sTXwAJYCe1R4PZkXDTEyMDgwMzE3MjYx +OVowIQIQHci6zLNjjtDGbRlMGBBCdBcNMTIwODAzMjAxNzM2WjAhAhA7iC0PQdsT +sbWavh8mNhLTFw0xMjA4MDMyMDM4MTJaMCICEQC0cxzcE6shLuWj4PB51oHdFw0x +MjA4MDMyMDM4NDFaMCICEQC30ObvPDzxpIVwZYl/huclFw0xMjA4MDMyMDM5MDha +MCICEQDpg1atBVRvllaYXlgHPgzYFw0xMjA4MDMyMDQ2MTVaMCICEQDI39Kq+VHa +fvjwFyltMl3FFw0xMjA4MDMyMTI0NThaMCECEE5MFHxl4R8dp08oc43EP0IXDTEy +MDgwMzIxMjUzNVowIgIRAMdDqc9EjG5+Ft885WIcGwAXDTEyMDgwNjE3NDkwOFow +IQIQUAN8YG1KhgGwk3gFBighThcNMTIwODA2MjAyMzA0WjAiAhEA3TjNg0OOQog9 +qj8MAYXw2hcNMTIwODA2MjM1NDM5WjAiAhEA50Ll10IYZCvmLouQl3cZ/RcNMTIw +ODA3MDkxODM4WjAiAhEAt9KqNq54EU13y4WHqUHvYRcNMTIwODA3MTU0OTQ0WjAh +AhAvie8qbWMQydLUAMZYgpyGFw0xMjA4MDcxNjMzMDdaMCICEQCXsAjmuHHou3dz +1cZuBlLkFw0xMjA4MDcxNzA2MDRaMCICEQC4vfIJF8g+WpSRYV4uOjFaFw0xMjA4 +MDcxOTQwMjBaMCACD2k0lgEBFuQBU6RADuUtjRcNMTIwODA3MTk0MzA2WjAhAhBW +axb97hGQ0+wFGRZwFfifFw0xMjA4MDcyMDQxMjBaMCECEGrp87yxn8XUI4PyX6a1 +sXYXDTEyMDgwNzIwNDEyOVowIQIQJZaax0k9v4L6QgwdhxOE1hcNMTIwODA3MjA0 +MTM3WjAhAhA2dOkBAna+UOMNSze09NOkFw0xMjA4MDcyMDQxNDdaMCECEBjE94Hl +auUq0V/5f/vRuv4XDTEyMDgwNzIwNDE1MlowIQIQIjKCbYA7bckLHc0YcP22xBcN +MTIwODA4MDkwMTEyWjAhAhAO8edXye4TFva6B8cH9PvyFw0xMjA4MDgxNDM3NTFa +MCECEF3AGk18trr9c9THrMjlFdMXDTEyMDgwODE4MTIzNFowIgIRAIqCjsCXFt62 +kNRd8+NQGFEXDTEyMDgwODE4MTI0MlowIgIRALi755N/iyT9G9B8vmnTf/MXDTEy +MDgwODIwNTI0NFowIQIQC0CLBpPx/1cpE1wS90QyqRcNMTIwODA5MDczNjI0WjAi +AhEAq8ol2tO3HcZOIgM/zu4V+BcNMTIwODA5MTMxODM3WjAiAhEA2i6V6WKHplOw +NGGJoA8gSxcNMTIwODA5MTQyNzQxWjAhAhAle2tpRyrjmlX8GCHU991ZFw0xMjA4 +MDkxNTE4NTVaMCICEQDDikxI9gkegNV/EtxgDbuAFw0xMjA4MDkxNTM1MTdaMCIC +EQDmUzYas7aXjpHNR4mw7RnAFw0xMjA4MDkxNTQ2MTJaMCICEQDUf9w6NEbB9+/h +ouFe1FUfFw0xMjA4MDkxNTQ4MjNaMCICEQDhSnbYE3llQQGVjhAOfGqcFw0xMjA4 +MDkxNzUzNDVaMCECEFZFT4kIDKbSgTbn62PEPVIXDTEyMDgwOTIwNDAzN1owIQIQ +SEn6cfrS4anPqcvPDOMQsxcNMTIwODA5MjExNDQ2WjAiAhEAsZSnXHf/whJRvZkM +Jj6JkxcNMTIwODEwMDIzNjI3WjAhAhBuVujFp3uD4kGp8gmRoo4gFw0xMjA4MTAx +NDU2MjlaMCICEQD4084oJvxuHXtqzy1R+KFrFw0xMjA4MTAxODQ2NDhaMCICEQDp +hzqYfIHos7IQuJk9OucGFw0xMjA4MTAyMDAyMjFaMCECEFJNO8g80HtWsHrFFwhf +vS8XDTEyMDgxMDIwMDIzMVowIQIQONVFbtmrLDTFiYsWaZtT+BcNMTIwODEzMDkx +NDEyWjAiAhEAoPzE7mr70JNOsOB86Yqn3BcNMTIwODEzMTU0NDMyWjAhAhBSWY+o +78PSgTLmddKlUYUkFw0xMjA4MTMxNTQ1NTFaMCECEELqvjqOzLVL9HSvsuGtBcUX +DTEyMDgxMzE2MDcwNlowIQIQFCwyquKEaumaDDfnUDueJRcNMTIwODEzMTYwOTQ1 +WjAiAhEAsPSMf+cWe/4TV+dkkVYcbBcNMTIwODEzMTYxNTQ3WjAhAhAokZEPJCLs +jQig6mk9+p/QFw0xMjA4MTQxMzMwMjlaMCICEQDtoVzSSm9XZQxeRuWIYZpsFw0x +MjA4MTQxMzM4MDNaMCICEQCk6Bbg6BgitDCzwKJFxbxKFw0xMjA4MTQxNTExMjla +MCICEQDwwVI7NBhWRBXWNLxDJFnnFw0xMjA4MTQxODM1MDZaMCECEBLr/sehWQmx +t8sBaQh0TY0XDTEyMDgxNDIwNTcyOVowIgIRAPYfQnFA4Jj0YIHI2fT1ZlQXDTEy +MDgxNDIxMDYyOVowIgIRAJXaOyl2UnzUvw8fO5zdpu4XDTEyMDgxNTEzNTQ1MVow +IQIQcVADXWCWAA4DugzpRQZiTxcNMTIwODE1MTM1NDU3WjAhAhAdDCYRe4CVeo1S +2phlg1idFw0xMjA4MTUxNDI2MjFaMCICEQCEvM5RIeJvavPu3L+WYoE8Fw0xMjA4 +MTUxNDI3MjNaMCECEBod8xOooorfcS9yHXP6VbUXDTEyMDgxNTE2MTgxN1owIQIQ +eNrInk2Dvhwco28jiHDutRcNMTIwODE1MTkxNDIzWjAhAhA/OnZiaLneOKjS8oFi +oVpaFw0xMjA4MTUxOTIzNDNaMCICEQDBCOSITgKh5AN7prEzhbvIFw0xMjA4MTUx +OTQwNDFaMCICEQDTYez57qwP1d2n/TLPGpPvFw0xMjA4MTUyMDI4NDdaMCECEGbh +xCpuFKyKY1UoQHx+MDAXDTEyMDgxNTIwMzEwNlowIgIRAI+nD0JuLzvJO14AZNBE +isAXDTEyMDgxNTIwNDI1M1owIgIRAIRI5LNPSRELKl9j5dW1OXwXDTEyMDgxNTIw +NTE0NVowIQIQIT+sBrovLqRoc44/Fl7RzhcNMTIwODE1MjA1MjAwWjAhAhAPDvvk +4yGE9wRasrsxI3lGFw0xMjA4MTYxMjU1NTJaMCECEGgkCNY2EFXaL4yqGJbBlTMX +DTEyMDgxNjE1MjMzN1owIQIQE+fbp5/fm5mdX0Sgb1FEuRcNMTIwODE2MTkwNzQz +WjAiAhEAu+IBavcdKP76wjOWqFkE9BcNMTIwODE3MTIwNzMzWjAiAhEA8xDPT0n+ +S52qPPl5bKdAKhcNMTIwODE3MTMyNDE5WjAiAhEA7SUHLpmNVUeA5ddpYY6d9xcN +MTIwODE3MTQyODE3WjAhAhBbWEitIOi4i6uMtr38WjTHFw0xMjA4MTcxNzA1NTVa +MCICEQC8We5IkO5scqSzISs+idm7Fw0xMjA4MTcxNzA5MjVaMCICEQCxh8tbDWz5 +SgbofQ326gZWFw0xMjA4MTcxNzIzNDZaMCECEA7A0TLFX3P2HcLix/2ABW0XDTEy +MDgxNzE3MzYxNVowIQIQGOh1Jz7JXPNOvyjZPSEz2RcNMTIwODE3MTgwNjUyWjAi +AhEAliIH1zTC8hCywxoDsMsB8hcNMTIwODE3MTkzNTEyWjAiAhEA74LZM027ewuw +xEQfC+qmTxcNMTIwODE3MjAyMzA1WjAiAhEAm4xHunF8eNh70XqnhhkeWRcNMTIw +ODE3MjAyNDA5WjAhAhBMkxmB2QiBToboJSftyQbxFw0xMjA4MTcyMzE1MDdaMCIC +EQCNdWqPTU032hyu00RPfrzmFw0xMjA4MTgxMDM2MjhaMCICEQDTmKWBgusSLOeA +aWI6CEdCFw0xMjA4MjAxMzE4MTBaMCICEQDe2PKD90JWHx4nk88u5u3ZFw0xMjA4 +MjAxMzQ5MjRaMCECEBdlG7Xse8aJ63S3VTHbCqEXDTEyMDgyMDE1MjgwMFowIgIR +AJ/xgrkxNRXg6B+5hPrD+AUXDTEyMDgyMDE3MDcwMVowIQIQEgDE18RIf9aOfvQx +P/QTkRcNMTIwODIwMTczNzAyWjAhAhAoJED7PNkK6hvxwRtcJ6oQFw0xMjA4MjEw +MzQxNDVaMCICEQCKOsoY6FEkUGSBiMI5MFqaFw0xMjA4MjExMTQ5NDdaMCECEHTl +T8FVUpexIEtUoUk9ETEXDTEyMDgyMTE1MjUxNVowIgIRAKfXGabPgvw3f3W7rMa2 +VH0XDTEyMDgyMTE1MzI0NlowIgIRAIrMparAx1LwXWMMX25Q9TMXDTEyMDgyMTE3 +MzQwM1owIQIQIP25EMU1PaUKzMRMESdnsxcNMTIwODIxMjEyMzIwWjAhAhBYnc5m +85mh1fnxz6H5gWZ2Fw0xMjA4MjIwMjE1NTNaMCICEQCoPa6mE5kDQWEf+OiGCCas +Fw0xMjA4MjIxOTIwMjBaMCICEQDGgl+BRyM8c/DtofilkgN/Fw0xMjA4MjMwNjUz +MzVaMCICEQCEt80uGCz7o0r3r1VdiSRUFw0xMjA4MjMwODU2MTRaMCICEQC65SA1 +vQv6s9d4NKTQTdm1Fw0xMjA4MjMxMzQ5MTJaMCICEQDH9sZGPcLeckToAJdzF14k +Fw0xMjA4MjMxNjA1MDVaMCICEQCU/K9hMji+J7ZifT5wpJ86Fw0xMjA4MjMxNjU4 +NTBaMCECEEj8qNPosuO8khBRiEfoHd0XDTEyMDgyMzE4MTA0NlowIgIRAJJ0+xu/ +emNbRfulCvLjYi4XDTEyMDgyMzE4MzEyOVowIQIQaP6SzmcWmL8Rd/flv+vjFxcN +MTIwODIzMTg0MDA1WjAhAhA2DAQd4wnHefM1DEH/evwdFw0xMjA4MjMxODQ4NTJa +MCECEH2Gzg8g0QmQv0JVMlcyBMMXDTEyMDgyMzE5NDIzMlowIQIQAsK18oey1NCf +BI0bUTlWlRcNMTIwODI0MTU0ODQyWjAhAhBqXvLjFf1qkwx31a4wsLWpFw0xMjA4 +MjQxNzQ3MzNaMCECEH7qH8hs9PD+xQVmmcMRXwAXDTEyMDgyNDIwMzY1NlowIQIQ +foK1z7Qh2zvYEcAPh6TzlRcNMTIwODI3MDQ1NjM1WjAiAhEA0HUgycleE6Qse6P1 +l9QtgxcNMTIwODI3MTUyMDA4WjAiAhEAmp29gaJkpP16cBT9XP4+BBcNMTIwODI3 +MTc1MTUyWjAhAhA5NHPHQQ59HqAifL8LkU6eFw0xMjA4MjcyMzQxMjZaMCICEQDB +QK0lGGzb8UmNFyMuntFfFw0xMjA4MjcyMzQzMjRaMCICEQDeMat4MRG6nBL796W+ +B/COFw0xMjA4MjgwMzM4MThaMCECEDWF1S1kHmIJkgakS92LMFoXDTEyMDgyODE0 +NDg0NVowIQIQd99MDVO//lGvF085K/RS9BcNMTIwODI4MTU0MTE1WjAiAhEAo7Nt +4glxwGYXqNdjfsFNYBcNMTIwODI5MDkwNTQ5WjAhAhBnnMrX8JVU2BPFBh1duWn4 +Fw0xMjA4MjkxMzU3NTJaMCICEQCCG2YfzlVaFa6Y9JSTHEAvFw0xMjA4MjkxNDU1 +MDBaMCECEHeVlclGfcE8R95rwLZFyv4XDTEyMDgyOTE1MjI1OVowIQIQSgZf19KW +lgA4jE3b4YTFGhcNMTIwODI5MTY0OTI5WjAhAhApp6FsFxvWDjC7GX6S20KTFw0x +MjA4MjkxNjU1NDlaMCECEDpwptVSWKnzBX8ZA+XzfG4XDTEyMDgyOTE3MDA1MVow +IgIRAIXAn+cwPMmPevmSStWY8fEXDTEyMDgyOTE3NDk1MlowIQIQZwxRL3GNpFrR +FX6dkQuUMhcNMTIwODI5MTc1MDMzWjAhAhBv94pnGvS18YHvLHamHiCWFw0xMjA4 +MjkxODAxMzBaMCECEEC8oom6pHLRyiOQyDDrxp0XDTEyMDgyOTE5MjAwNFowIgIR +AOto0v7hfcKlHK6c1g0b+f0XDTEyMDgyOTIwMTQyOFowIgIRALyBTRqefWeM7ciu +ge/8h2wXDTEyMDgyOTIwMjM0MVowIQIQdE1GQqX6He5bJ3zp1Q6V9hcNMTIwODI5 +MjAyMzU4WjAiAhEAyeM8ThMMOrBL+TQH9JlBkhcNMTIwODI5MjAzODU1WjAiAhEA +inWkWgEp1Td9ZbYw22dnNRcNMTIwODI5MjA0MDMzWjAhAhAlyo0vRAqDmlMJitnW +wOrwFw0xMjA4MzAxNDQzMTRaMCECEBCGzkIZPyo8ZCN7xCkwbX0XDTEyMDgzMDE4 +NDg1NVowIgIRAIwkrQKmtogxkRfmoZQuqq8XDTEyMDgzMDIwMzg0M1owIgIRAJWH +nLOaTVFVNywvQJ+XXQwXDTEyMDgzMTE1NTc0MlowIgIRAOvJqzu8unX9jZTeqHgu +Q88XDTEyMDgzMTE1NTgxMFowIQIQXdCy5uIoqacfYppvUhYqEBcNMTIwODMxMTYw +MzUxWjAhAhBfz+hTbx+XycjRCBh0INawFw0xMjA4MzExNjA0MDZaMCECEGb0GiBY +CA/j3B9WiEvWAVgXDTEyMDgzMTE2MjE0OVowIgIRAIDkhdGn4466KESA1/6otYYX +DTEyMDkwMzAyMDExNlowIgIRALSWhHM2JN1SpZMpPBXHZfMXDTEyMDkwNDEyMDIx +NlowIQIQJm7masEzWoyQwkEbpjJffRcNMTIwOTA0MTY0NTA1WjAhAhB8gS4+i6ub +J39CdVnRsE/2Fw0xMjA5MDQxODAyNTZaMCECEFmj7FHO0a9WpNZ5tAqrTMUXDTEy +MDkwNDE4MTUyNlowIgIRAM3zUq86tU87t3boDwWgOCUXDTEyMDkwNDE5NTgyMFow +IQIQPr2uy2N26ly62z4NPVblVRcNMTIwOTA0MjEzMzA2WjAiAhEAh+4dAeTnK64v +tPLKskIYuxcNMTIwOTA0MjEzNTQ1WjAhAhBLkY+KNunkZdrmwk9ZnjUuFw0xMjA5 +MDUwODI4MTdaMCECEFwXiAugpZuyBP8EuYRX/joXDTEyMDkwNTE1MjUxMFowIQIQ +ZCDRRHdixkwOMjTaDtGhvxcNMTIwOTA1MTYwMDQ0WjAhAhBaYOfN5TVKh/EBBj/E +srEIFw0xMjA5MDUxNjQ2NTlaMCICEQC14Z1m8AclQYJ+HaNNLi94Fw0xMjA5MDUy +MDQxNDhaMCICEQC9RQvkUGSLO8ZegGCXMXQPFw0xMjA5MDUyMTExMTJaMCECEA5x +Djl5x8p/6tk6m/P0ArMXDTEyMDkwNTIxMTEzOVowIQIQcKftBHkvVGSUR0k1ioYO +xRcNMTIwOTA2MDAwOTI5WjAiAhEAmVypEC0G+Vgf1wuRgHuubxcNMTIwOTA2MDIw +MDIwWjAhAhAsaA4tyN4Ect4dcPeYvZBuFw0xMjA5MDYxMzEzMjNaMCICEQCSDUX9 +SSOGT2DJ/UOnidUOFw0xMjA5MDYxMzM0MDBaMCICEQCLMtcNzt1jnm8rXGxdYwih +Fw0xMjA5MDYxNDMxNTlaMCECEEMOJrAvUZC4N6uUvmEwjD0XDTEyMDkwNjE0NDg0 +OFowIgIRAPqn0+kn4qqCt1Z4mNOILqsXDTEyMDkwNjE0NDkwMlowIgIRAOTfE3xp +emIDrDcbKCDupgoXDTEyMDkwNjE0NDkwOVowIQIQM/oQw1e0nHSCauIf6u0L0BcN +MTIwOTA2MTYwMjI2WjAiAhEAm989cQIpiZFjMbM9rlNYxBcNMTIwOTA2MTYwNjM0 +WjAhAhA4u/gJHRbZR4qxnKuENu8KFw0xMjA5MDYyMjAwNDJaMCICEQCn1GnFq16p +0Yx3LNc0guINFw0xMjA5MDcwNjQ4MzdaMCECEHka71paMRyTAne45gMso0sXDTEy +MDkwNzE1MTQyM1owIQIQFqWdheEKGOfOslfN3KAQchcNMTIwOTA3MTYwNjM0WjAh +AhBE+x4bW1Hln9rKy0XCpoTaFw0xMjA5MDcxNjE4NDFaMCICEQCYM5Qf5TCheDrG +xX+x9mb5Fw0xMjA5MDcxNjQxMzdaMCICEQDp+u96A73AgsK+J+icl+FFFw0xMjA5 +MDcxNzAyMTRaMCECEBLvCNv7Pkm+xMMgoZqB3ZIXDTEyMDkwNzE4MDQxNVowIgIR +AI9EOxapiS/w9fwC/iDYA9QXDTEyMDkwNzIwMzI1MVowIgIRAJnxmlifkhEBgD/h +/cE3XvgXDTEyMDkwNzIyMDExOFowIgIRAPAfpV7qvz8Tk/g7llh7PNYXDTEyMDkw +OTA5MjEyNFowIgIRAP5Oz+UCRURE0l36WXigy5QXDTEyMDkxMDEyMTc1M1owIQIQ +Eeeevv8KWrde8jOrmQ2hzBcNMTIwOTEwMTYzMTM4WjAiAhEA4/+0pqEb0aCraLRX +ZJqdLxcNMTIwOTExMDQ1MTQ1WjAiAhEA5QlmYkG0HSZxnU7AZHXoQRcNMTIwOTEx +MDQ1MzIxWjAhAhB+WovSVuaOM642zQ/7qp5IFw0xMjA5MTEwNzEwMjVaMCICEQCp +dP0gq2cNDWgFuGJ4S4r/Fw0xMjA5MTExMjM1MzZaMCECEGOaVKGHWlHOTXJdsMmD +6T0XDTEyMDkxMTEzNTcxMlowIQIQFkQC2XsZJrEdM98zpyJAghcNMTIwOTExMTYz +NjQ1WjAhAhBjnZ9ExSE8Rp1d16pX8eLTFw0xMjA5MTExNjQxNDJaMCICEQCTChGd +94JeEVb9Sz0ALNmoFw0xMjA5MTExNjQzMDlaMCICEQDhc91a9wVE/NyQmC86tEz6 +Fw0xMjA5MTExNjQ1MTBaMCECEBwBPJiI1rWDNI0I2sbhXRMXDTEyMDkxMTE2NDc0 +MVowIgIRAJvdoKm+aEuPfj946R7bFlsXDTEyMDkxMTE2NDkyOFowIgIRAKkvKKoV +sotqOWTzvIvCz88XDTEyMDkxMTE3NTAzNFowIgIRAKFGiUIRfvtNlfnzxND/j7IX +DTEyMDkxMTIwNDIxNlowIgIRAMpQyrvzRW80w16mxFXfa0AXDTEyMDkxMTIxNDcx +NlowIgIRAO1JZ64xX/QhY+m8xjPuo5kXDTEyMDkxMjA1NTg0NFowIgIRAJFHSR3Z +rXQX+jjVKNoXTFYXDTEyMDkxMjA2NDY1MFowIQIQZI+hAdfsT6UZzf31EV/fHxcN +MTIwOTEyMDk1MTIzWjAiAhEAu2UDlEhtYqNg0DqAUBJfBRcNMTIwOTEyMTMzODA2 +WjAiAhEA9zeP3Id/LP8MKA3ZdtP47BcNMTIwOTEyMTM0OTEzWjAiAhEAkEExJ8+o +indZfNqcVySijxcNMTIwOTEyMTQwNDUyWjAhAhAuQfERrMoFYuNLsrNiLhExFw0x +MjA5MTIxNjE4MThaMCICEQD+0HhUijVK2zFj1MHp7UwbFw0xMjA5MTIxNzAxNTNa +MCECEGB8my3fR2Z1EBYgBN26twgXDTEyMDkxMjE4NDYxNVowIQIQPIw70Hhul0qt +i40Kkq9pBRcNMTIwOTEyMjAwNjM4WjAhAhBBFhP9iCpOoSYScmsV+ZwsFw0xMjA5 +MTIyMTE3NDdaMCECEHXjkGF2B9EbPgSpcRv3iSwXDTEyMDkxMjIzMDA0MlowIQIQ +HsRtdEMPaqlA8r77OOnT0hcNMTIwOTEzMTEwNDE3WjAiAhEAvNt/RlbcG72R7qzG +vFNdPhcNMTIwOTEzMTMzNDE2WjAiAhEAyY43YmQQl0y8/osOk5trTBcNMTIwOTEz +MTQxNjM0WjAiAhEA8KJjI+rGYFD6/uxQ7vmwsBcNMTIwOTEzMTk0NDQ0WjAiAhEA +ztjwmDAFADHdvN797KH3ZRcNMTIwOTEzMTk0NTE5WjAgAg9dvQsORR3W2EjHJYLg +7vYXDTEyMDkxMzE5NTcyN1owIgIRAJ+AW375xNvB/MGFeooiQoEXDTEyMDkxMzIw +MzUwNFowIQIQQUFUrUY1Ypn5D2oytz1mkhcNMTIwOTEzMjEwNTM1WjAhAhBVt/9X +SkpFIG2ivww5fwRHFw0xMjA5MTMyMTA5MjVaMCICEQD+JQF/UQuK3TDs/1DaGE0Z +Fw0xMjA5MTQxMTA3NDZaMCICEQCHvTB4FqBeIaUhNvotW8/MFw0xMjA5MTQxMjE3 +MzJaMCICEQC5xHHYL61fcL8EdmiX8XusFw0xMjA5MTQxOTE5MDNaMCECEBZ8srM7 +vfYvOshxSTrjSrgXDTEyMDkxNDE5MzEwMFowIQIQHf/0FjLCwD5qs/6pJCYWbxcN +MTIwOTE0MjAwNjU0WjAhAhBkHelzAZpBUM5nSTK8Us8GFw0xMjA5MTQyMDA5MTVa +MCICEQD0fL2ib8RTXOushagLicRKFw0xMjA5MTUwMDExNTZaMCICEQC5I33oV5Ry +r2WSuWJ+iFVjFw0xMjA5MTcxMTAxMzVaMCECEGxWJ1FFk3VllD/TFpQvzGsXDTEy +MDkxNzEyMDc1OVowIgIRAIQuey9Cre7YBrLmqfzMuVMXDTEyMDkxNzEzMTUwN1ow +IQIQNMs0Da+PgNtUNp35BbhzORcNMTIwOTE3MjEwNjI5WjAiAhEAg71znMW2gj8+ +bh8g0f3X1xcNMTIwOTE4MDQxMTMzWjAhAhAArBmSQDgdl3nHqD+JAXwAFw0xMjA5 +MTgxMjEzNDlaMCICEQD9tSVIRUfdLdF+x+79JEUnFw0xMjA5MTgxNDE1MTlaMCIC +EQDrvTs+uBW8s2DrcuY16yNNFw0xMjA5MTgxOTU1MTdaMCECEFtSWecbxqrzZql1 +Y3ywhqkXDTEyMDkxODIwMDQyM1owIQIQBCZYQ+EqeTBwjyQxVU+IKxcNMTIwOTE4 +MjAwOTEzWjAhAhAmQ815szgpARKS7zkNTUNjFw0xMjA5MTgyMDIxMTlaMCICEQD9 +vrCiJDDOeqOLilJt1vSHFw0xMjA5MTgyMTExMzVaMCICEQD61CGSyf7PHZlIMhIj +wrJjFw0xMjA5MTgyMTExNThaMCICEQDtd58q/oBvQ7G4tF7cXWc5Fw0xMjA5MTgy +MTE2MTdaMCECECoTYK3v2FZA+xlIA3Y3GukXDTEyMDkxODIxMTY0NFowIQIQJOK7 +DUqUDleZQdIL0QcgyhcNMTIwOTE4MjExODA0WjAhAhADazKx3LpI5aB89uP30+Kf +Fw0xMjA5MTkwNjU4MTNaMCICEQCOU08wns0qtP0Hj+FSwHnuFw0xMjA5MTkxMzMz +MjhaMCICEQDcE8pBq4Et000koNnPFJmEFw0xMjA5MTkxNDI5NDNaMCECEHRrj+Kv +Jgk9Ii1GsRG54R4XDTEyMDkxOTIxMjUzMVowIgIRAOU7fOY3ru+TZOIQBRhesTQX +DTEyMDkyMDA0MDIyM1owIgIRAPtsQf5Ge+Cxq0EC5PTNCu0XDTEyMDkyMDA5NDUw +MVowIQIQZsTxY5fIBVN6I+UGcB1zkRcNMTIwOTIwMTMwMzM2WjAiAhEA5t+dqIqE +p3Xw5BEAK509JhcNMTIwOTIwMTQ0NzE5WjAhAhBB6LALZdqHDGagBXnqhtleFw0x +MjA5MjAxNTMyMTNaMCICEQD/nx6IkVnEp3DIZVGcLqTGFw0xMjA5MjAxNjQ0NTVa +MCECEBGgd/ivgz6Utz/eYKH8EdsXDTEyMDkyMDE3MTczOVowIQIQWL1h2fcpLcG8 +lDi/VEdObBcNMTIwOTIwMTcyOTA5WjAhAhBgs4sbBl2yoL+xR5FbR7KkFw0xMjA5 +MjAxNzUxMDNaMCECEBSj/JRQVpyF1hNwJ7xd+l8XDTEyMDkyMDIyMTk0NFowIQIQ +RE+WxGU4K1cNx/fdthaq9BcNMTIwOTIwMjIyMDQ4WjAhAhAdDG1vuYpT3Xl2RhDo +9fR7Fw0xMjA5MjAyMjIxMDVaMCECEBQKl2cf0LjGaRv3CA/HWdkXDTEyMDkyMDIy +MjEyNFowIgIRANYLYY2PuYwONvN7rXxdUvIXDTEyMDkyMTAyMzQ0MVowIgIRANCS +Awb4gLNrMT78Op2ZPwcXDTEyMDkyMTA3MDcwM1owIQIQJOk5H/uAUNiRyx38xHIc +excNMTIwOTIxMDc1NzE2WjAhAhAfahTgH8ZHEU5COEcZXR9VFw0xMjA5MjExNDU3 +NTRaMCICEQDfZTU3wDOcJRKahaDITXg/Fw0xMjA5MjExNzEyMzlaMCECEDQY2840 +rMREMe3Z3um8gVMXDTEyMDkyMTE4MjEzMVowIgIRAPSe6yl8JTB4Oj4P77iqEgkX +DTEyMDkyMTIwMTA0OVowIgIRAJ2S1kO2L0uR3V2UCLgXdL0XDTEyMDkyMTIwMTYx +MlowIQIQWTrb2YbdGEpq9+IBoC116xcNMTIwOTIxMjEwMDAyWjAiAhEAvqmgYYV9 +mS6IwcW0SDdwZBcNMTIwOTIyMDE0NjA4WjAhAhA/7thRlVVX8EUCcROIec41Fw0x +MjA5MjQxNDE3MDZaMCECEAnq+2q9cnRyOhzzoqksqGIXDTEyMDkyNDE4NTIzOFow +IQIQKIy6aAUAU08K+mmGm1YDeRcNMTIwOTI0MjAxOTEyWjAiAhEAwj1WFeJehsHg +tBSm1bQF+hcNMTIwOTI0MjA0MzM3WjAiAhEA0Yzy5/vbCs9l73J364MQYRcNMTIw +OTI0MjA1MjM2WjAiAhEAtOtJZZpZ2bTI7Mqb9wqY/RcNMTIwOTI1MDk0ODM3WjAh +AhByfHERg8sIEbSCPWhM+AbZFw0xMjA5MjUxNDU4MjVaMCECEDDcxevZ4N8PXD9x +kDcn69kXDTEyMDkyNTE1MjcxM1owIgIRAMsBy1uldPCqLVtGkD2N2dcXDTEyMDky +NTE1MjcyMlowIQIQAjQzq+HhKD3zIRAMv/B5CBcNMTIwOTI1MTUyODM5WjAhAhAQ +kxXAx62MatrJ1TYy6M0cFw0xMjA5MjUxNjUxNThaMCECEBTE5Et/BClXKsMcMeQm +cs4XDTEyMDkyNTE3NTU0OVowIgIRAIe5OFqYlGmpZ6tFNCrY1TEXDTEyMDkyNTE5 +NTk0MlowIQIQRMIAaTzHhkc5Z+bGWjoRsxcNMTIwOTI1MjEwODM5WjAiAhEA1D/6 +wHka1Q3SJw8xGlGIhRcNMTIwOTI2MTQyMzAwWjAhAhBvd6BxzfG6uSJwSU2lRqaC +Fw0xMjA5MjYxNDQxMDJaMCECEFFIwi32Re8sQhKAjEwtRu4XDTEyMDkyNjIwMDY1 +OFowIgIRAIdy0hxhxqqJWl40H9kCp6MXDTEyMDkyNjIwMjAyM1owIgIRAIrteGzC +BoAR+yPjZTeuIbgXDTEyMDkyNzAzMjIxNVowIQIQCQ0YIvxRLQwMDaSi3c6VKxcN +MTIwOTI3MDMyMjI3WjAhAhATNGo+UKDQVUd7j/ObQYv6Fw0xMjA5MjcwOTE4Mzla +MCICEQDesrCRGWXbzporRZz9NyN9Fw0xMjA5MjcxMzU0MTRaMCECEEwCLKYAok1r +dqZIf8velxwXDTEyMDkyNzE0MjEyN1owIgIRAKj5R6R0mpqO9Qm/38F5s5gXDTEy +MDkyNzE3NTIzNFowIQIQBr6FYp1S7TLmPKnbHYbw8RcNMTIwOTI3MTc1NzM3WjAi +AhEAqThb0EkhjYHwVxQF/DqT+RcNMTIwOTI3MTgwOTIyWjAiAhEA8HrSH8wd5y0t +Jzh7jqqFlRcNMTIwOTI4MTEwMDAwWjAhAhBw1JwFdNgDVQwk67CPWEvZFw0xMjA5 +MjgxMzI3MjNaMCICEQDV01C2rY6mB6pTY2QdzOgbFw0xMjA5MjgxNTQ5MjZaMCIC +EQDxnaMjhdc1zdoc9XLJk5yjFw0xMjA5MjgxNTQ5NDVaMCICEQDhy79MT/eA4OJj +E+5Ck3UQFw0xMjA5MjgxOTQyMzdaMCICEQDIZsfC/nz4MMoFN8/IkJLLFw0xMjA5 +MjgyMDM0MDFaMCECEBsMiGbaBXU+E1CL4b4qHRkXDTEyMDkyODIwNDQwNFowIgIR +AL/Dx8kq4jpHUljb3CbvopwXDTEyMDkyODIxMDYzNFowIQIQc+1l9Nd/OkfIOnic +wQCFaRcNMTIwOTI4MjEwNjQyWjAiAhEA7b85iVpLaIl5Am/Ix/w0XBcNMTIwOTI4 +MjEzMDI2WjAiAhEAvo5zzJ3N7CUXsTHUodPsQRcNMTIwOTI5MDAwNDUyWjAiAhEA +5Tynmkkk+FaSffR1y7WYhxcNMTIxMDAxMDI0OTM3WjAhAhAIyMBYFCGSGcPgM8F+ +8BWjFw0xMjEwMDEwNjM2NTFaMCECECAgZfmctx9Nl4H9GZfHTnEXDTEyMTAwMTA4 +NTkzM1owIgIRAM7MAyy2fkqaDfDPf6UbMzAXDTEyMTAwMTE0MDQxNFowIgIRAMnD +4dPlgBqYxutOsrPkHYAXDTEyMTAwMTE0MzUzOVowIQIQItBIdmkATg3wyGbfjrBt +tRcNMTIxMDAxMTY0MjUxWjAiAhEA33Pptfx5C9YUIu0VIHFrFRcNMTIxMDAxMTgw +MTM1WjAhAhBc21Nd9pnsqF0el3PEBNU4Fw0xMjEwMDEyMTQ2MjVaMCICEQCekNVq ++84cQE4QCBVeYsWPFw0xMjEwMDIwOTM1NTRaMCICEQCdybzEPtchK4lvVIELjX1h +Fw0xMjEwMDIxNDA0NDhaMCECEFycf9TreTcfXEKhvrlY7qsXDTEyMTAwMjE0MzIw +NVowIgIRAJusuB3xOKP8aQzRm8aJhZEXDTEyMTAwMjE1MTI1NlowIgIRAKJhqYE2 +uL3P0WSQrqhf95QXDTEyMTAwMjE1MjYxM1owIgIRAPSqkSuhZZAYHrV0nJZdLJcX +DTEyMTAwMjE1MzI1MVowIgIRALyUGthKKh2/1BP/JoZQYhgXDTEyMTAwMjE1NDM1 +NlowIQIQDGwAG79d65R8/jsDJHDHVhcNMTIxMDAyMTYyNzE3WjAiAhEAljk4rJD1 +u0mMXnSZyeeHqRcNMTIxMDAyMTY0MzE1WjAhAhBMzBNuoFZ6a3UV8krEErkuFw0x +MjEwMDIxNzMxNTBaMCICEQDyG20WunXUYE+jZCnyrteCFw0xMjEwMDIxOTE4NTha +MCECEHxiJWezOn9gOaM63osbV60XDTEyMTAwMjIxMDEzM1owIQIQDeIq0c55Evlh +rE7Fjq3xwxcNMTIxMDAyMjIwMDExWjAhAhAjPCg2HBwUY4i78JbZwu7lFw0xMjEw +MDMwNjA5MDVaMCECEHLi4PwhwpovwwWMrhi5Au0XDTEyMTAwMzA2MTQ0OFowIQIQ +FK24XEOAIYSpnRCxQD0DKxcNMTIxMDAzMTQ1MjI5WjAhAhAbcT58BfacIZ+SOvQj +exnCFw0xMjEwMDMxODE4NDZaMCECEA+3C2HbbBX9Acjw2QErZiQXDTEyMTAwMzE5 +MjgwMlowIQIQbJlUZMTO3lL10KzZygXKPBcNMTIxMDAzMjA0NTA4WjAiAhEAjJ33 +U3/KR9HjxtrElfw7BhcNMTIxMDAzMjA0NTE2WjAhAhB+MsqNr8G3SUJ0O+q+BXcT +Fw0xMjEwMDQwMjI2NTJaMCECEGBlwI0Poz5SQrHasZfqX4EXDTEyMTAwNDAyMjcw +NFowIgIRAJcDgHrIlQSUpBhgBbbYDUQXDTEyMTAwNDAyMzIyNlowIgIRAN4m7vfN +G6xSJD7C67v0C3IXDTEyMTAwNDA1MDUzN1owIgIRAPlK863jzW8LnMfRnuJJk18X +DTEyMTAwNDA1MDYxOFowIQIQZMD0X7cza8M/NhmvFfGbPRcNMTIxMDA0MDkyOTA0 +WjAiAhEA4IoP6YtLI8Eq1yLb1aVdHhcNMTIxMDA0MTAxMTAzWjAhAhATYcQkyfO9 +2BsRfCAVLayXFw0xMjEwMDQxMjUxMzNaMCECEEypgssDR55Yz4gFmf3/TLoXDTEy +MTAwNDEzNDAxNFowIQIQA4/q6MvIHET3xkN68IlDpBcNMTIxMDA0MTQ1ODUzWjAi +AhEApybdBDPzLlu1eQYk4Rpk0xcNMTIxMDA0MTYwNTI4WjAiAhEAyOIvRoSSYJWf +Nfm1NVTvEhcNMTIxMDA0MTYxOTEwWjAhAhBqdJp1lXgAO73pfFKKhxhGFw0xMjEw +MDQxNjQ5NTFaMCICEQDEBnkeEWTPX132mhu8ZfV3Fw0xMjEwMDQxNzMzMTJaMCEC +EAEXi0m3oKWbSwb2OynsnosXDTEyMTAwNDIwMjI0MVowIgIRAJ9cLwLcykdOxuQV +cWyXbGgXDTEyMTAwNDIwMjYyNVowIQIQVTiPCqXrss1HE+EpHcqBTxcNMTIxMDA1 +MDcxNTE2WjAhAhBHGg74zeHSCjGlSvpPO1vxFw0xMjEwMDUwODAxMDFaMCECEEX4 +WdcniilI0MDkf8UXHOcXDTEyMTAwNTEzMjgzMlowIgIRALtEAHMI9WPFrKIBtJn2 +QNQXDTEyMTAwNTE0MTIyMVowIQIQeFUHH1PcCj5OqCuBTThxoBcNMTIxMDA1MTQ1 +MjU4WjAiAhEA6tx/qwBBLf1R/fqdkndAYhcNMTIxMDA1MTYwMzE5WjAiAhEAj79P +F14f69DiV6cNBN+vGBcNMTIxMDA1MTYxODIyWjAhAhAN2OuRBFY4OfABPGxX81Uf +Fw0xMjEwMDUxNzE2NDNaMCICEQDqPjwQ0sb2OS5erEZwZW0lFw0xMjEwMDUxODMy +MjZaMCICEQDazeVpcNORcNsclx1flYDPFw0xMjEwMDUyMDQ4MDlaMCECED3g6hMU +2JAvCnWFRAHhdU0XDTEyMTAwNjAyMTMxMFowIgIRAKMvX+56UlQ2rsE8vmTiB0IX +DTEyMTAwNjA0MDUxMlowIQIQNU6E5jTG21i24lBMhFR9gRcNMTIxMDA2MTg0NDE4 +WjAhAhABbxMpYSyEAe0a2B/1vLnlFw0xMjEwMDgwMjEzMDNaMCICEQCxFmS6hbdC +8CbUYJRUjEVrFw0xMjEwMDgxMjExNDlaMCICEQDbMHR4HaPb/NwU7wjCu30HFw0x +MjEwMDgxODUwMjJaMCECEH2X836mkFB3Qu9ZVnapc9kXDTEyMTAwODE5NTEzN1ow +IQIQbdeqaG8DaeVc25+uTtPzqRcNMTIxMDA5MDEwMTAyWjAhAhA4heUBVSexLHeb +UnBqwTsYFw0xMjEwMDkxMjM5MTJaMCICEQDlHwstAWKbMyWdkjmmTifvFw0xMjEw +MDkxNDEwNDNaMCICEQDohytC1TNhtyJnLBA1FdFWFw0xMjEwMDkxNDEyNDBaMCIC +EQD2A0rZqBefAVT/PG9ZAiFhFw0xMjEwMDkxNDMxMDdaMCECEEf5srwhlDFwT8pt +S2V849QXDTEyMTAwOTE1MDgzMFowIgIRALP+Mf/So8qlNf8e94aFw/4XDTEyMTAw +OTE1MDkwMlowIQIQKaNfVUXi9mK22LuCttK27BcNMTIxMDA5MTUxMjM5WjAhAhAD +0Z2jkzy9PtI0Y53aiOUZFw0xMjEwMDkxNjI3NDZaMCICEQDT2LYHlZScXSnREckc +8WaDFw0xMjEwMDkxNzQ0NTZaMCECEHGZxGD/ZrJz9QfVAq1vPDEXDTEyMTAwOTE4 +MTM0M1owIgIRAMNcizeKz1/ZHVYLQJTj/i8XDTEyMTAwOTE4MTM0M1owIgIRAMHL +ppLqB5v4IFvxy1MRh3AXDTEyMTAwOTE4NTA1NVowIQIQAYXRbcLyLmd3gAYv1Wba +WxcNMTIxMDEwMTMzMTA3WjAiAhEAwg+H1IQP3xsOYs+UIXwYoxcNMTIxMDEwMTcw +MTU5WjAhAhApYaMGUzg0JqeHoWKQ8iyvFw0xMjEwMTAxNzAyMzVaMCICEQDdzrx9 +mk/M4ls83nxyzHL3Fw0xMjEwMTAxODQyMzdaMCECEF/V8eMHc1LW/HVRIbs6OKAX +DTEyMTAxMDE4NDU1OVowIgIRAMuRkmtsoz1K3kzsjYJr/NMXDTEyMTAxMDE4NDY1 +NVowIgIRAP73iQW6zRiySX8byrLMIVoXDTEyMTAxMDE5MzUxNlowIgIRAOcf4CcM +fD5TObLFE6QSuPgXDTEyMTAxMDIwNDMwNVowIQIQUYaXjuvRsHbN4pAnRXdQFBcN +MTIxMDEwMjM0MDQ3WjAiAhEAxEQd3tNqQR6XiKz+IAxmSRcNMTIxMDExMTQxNDMy +WjAiAhEAs4tAIg9pOsK0fqM+qZjpsBcNMTIxMDExMTcxNjA2WjAiAhEAimlz5nXw +fB/eoTDGalw8rxcNMTIxMDExMTg1NTUzWjAhAhAxBLbXp5zqDN6EoaGWTtyXFw0x +MjEwMTEyMDA0MjdaMCICEQCog7GDbFllumdeVqnAIcJ8Fw0xMjEwMTEyMDA1Mzda +MCECEBhmQF0QFJ/prY+NroFr5yEXDTEyMTAxMTIwNTExM1owIgIRALtOll6AiYN2 +E/FCaZG72MEXDTEyMTAxMjEwNDkzN1owIQIQAjytiiAtfdl0QJ2zO+SZLBcNMTIx +MDEyMTc1NTM5WjAiAhEA2yzd+VMnZvdnwPQhdpanOxcNMTIxMDEyMjE0MzUyWjAi +AhEAhNf7AJ2xJYwmGylfi0yfhxcNMTIxMDEyMjE0NzM2WjAiAhEA5ARI+5bSmYCv +u8lnvLhHbhcNMTIxMDE0MTUxMTE5WjAhAhBgSU4vgC5TknSPHb2+dGTFFw0xMjEw +MTQyMzI2NThaMCICEQDuFVgLhz6rNEy/tF/C4tIIFw0xMjEwMTUwMjMwNTlaMCEC +EAgVTGN7O/3PDNKs8ekAaGYXDTEyMTAxNTA3NDkwMlowIgIRAMOXbtdCVcshhP2e +7BfHcyMXDTEyMTAxNTE2MDAxM1owIgIRALkockAw/8CZMmzFEiu049MXDTEyMTAx +NTE3MjgyOVowIQIQbBmoLN56m2bmFj4+BahrKxcNMTIxMDE1MjAxNzE5WjAiAhEA +6D/w0TZRD546rgr4eh2u8BcNMTIxMDE1MjAxNzM5WjAiAhEAmdeitjIMyE+iFfVC +A9tCQhcNMTIxMDE2MDc1NTE0WjAhAhA32lV9lwxEsZol51OIVgstFw0xMjEwMTYx +MDI0NTJaMCECEEMSTUnJMYPB47QHaAm7RSAXDTEyMTAxNjEyMTQ0OFowIQIQRp18 +9/tZbHv421IsDeXMCRcNMTIxMDE2MTMzMTI3WjAiAhEAgHc+06cTSdVZJoSEN29W +TxcNMTIxMDE2MTMzMTMzWjAiAhEA/LVyLNKwsbEv8txcA2+I6RcNMTIxMDE2MTMz +NzAzWjAiAhEAuGhucIlGIPXP4FAhieXLAxcNMTIxMDE2MTM0NTAxWjAhAhB2auq7 +VJ3Q1bcJ7UbvKTj6Fw0xMjEwMTYxMzQ1NDJaMCICEQDJyUbR3lKY4LkAZ7uTV+xS +Fw0xMjEwMTYxNzU4MjRaMCECEF74610KZ5Eljh4KgLn3S24XDTEyMTAxNjE4MTkz +MlowIgIRAOGVr4T5UxBmUarjWFdaBZUXDTEyMTAxNjE4MjkxOVowIQIQQmmDnd7q +daWfl8kDE/XcMxcNMTIxMDE2MTkxMzE0WjAhAhAI6SGHNcwAacQLV8rp19ZEFw0x +MjEwMTYxOTM0NTBaMCICEQCHG4JLew5+7VEYrl1EnttpFw0xMjEwMTYxOTU4Mzla +MCECEGysD29JHixvPud5VM6QRhsXDTEyMTAxNzA4NDUyMlowIgIRAOXRR4JaUT7E +7uvpkdNSyX0XDTEyMTAxNzE1MjIyMVowIQIQR6YUrcY0tOLISaiCsP8PcxcNMTIx +MDE3MTgxMzQyWjAiAhEA7fyxwQfCSMe3Yfq/lvpwEBcNMTIxMDE3MTg0MzI5WjAi +AhEA6IePZtlPttaDYeNthqD0GRcNMTIxMDE3MjAwMTU1WjAhAhBnP13ZD/+8X7gV +mlX5uIWTFw0xMjEwMTcyMDAyMDlaMCECEFyB1uEmytFnsSbT3ssMlAIXDTEyMTAx +NzIwMzQyOFowIgIRAPhHajwISyA0Rt6VReMRSr4XDTEyMTAxNzIwMzU1MVowIgIR +APqRalluQFCSItVu1okx8A0XDTEyMTAxODA4MTAzN1owIQIQM6u84c0VrVdwjj11 +diY81hcNMTIxMDE4MTAyNDQ4WjAhAhA1yEp4EHu+LUdZScRLNBkiFw0xMjEwMTgx +MzA2MDZaMCICEQCGYn5LVOj+nExkAh9fDcEjFw0xMjEwMTgxNzQwNTZaMCECECCA +k9flFlGjfLJ5uxYSLT0XDTEyMTAxODE3NDQzNlowIgIRAKxgu76p6Epd1iRDr+OS +H/AXDTEyMTAxODE4MTAzOVowIQIQd/aqpoKeI9Q4aY7MdoIBVRcNMTIxMDE4MTky +OTE4WjAiAhEA5JlkuugE6QqpbR6o1U8v4hcNMTIxMDE4MTkyOTM1WjAiAhEAixmg +xvja4UPfwSoEFTrOwxcNMTIxMDE4MjIzOTMzWjAhAhBTFT9hMdBgX4dlcLd4EskU +Fw0xMjEwMTkwMjQ0MjFaMCICEQCMRvFDtZ8teRcKHNpuG0GAFw0xMjEwMTkwMjQ1 +MjVaMCECEANdiIUzMmpzJLCjtYW3VzQXDTEyMTAxOTA4MDk1NFowIgIRAOlOc1P4 +Us61LlSICdpXoWMXDTEyMTAxOTEyNTgzNFowIgIRAIItkWqkIiFknIV4eMzTOE4X +DTEyMTAxOTE1MzIxMlowIgIRAMh117GKH6M0GV1ikJN60YIXDTEyMTAxOTE1NDAz +M1owIgIRAMJLnxehqeL0wmJLNp5wFyAXDTEyMTAxOTE1NDA0N1owIgIRAI7PSchZ +ESneIlRau5Fsfq8XDTEyMTAxOTE2MDc0MVowIgIRAKvwUFRKcYn9pJ5fixgjsGcX +DTEyMTAxOTE4MjQxM1owIgIRAMWF4ngnGDWU3iLiRbl1yfoXDTEyMTAxOTIwMzMx +OVowIQIQIDDhUVrz3maYkGGhH7RnTBcNMTIxMDE5MjAzMzMyWjAhAhAIpDI8oDDI +Y9T1yScjcEFxFw0xMjEwMTkyMDMzNDNaMCICEQDe0iXmoJeRcYN67qgURjSYFw0x +MjEwMTkyMDMzNTNaMCICEQCtpTNSf234o8UUEf2+/BxYFw0xMjEwMTkyMDM0MDda +MCICEQC3L8d/QuErxx1PGFOyEvRaFw0xMjEwMTkyMDM0MTdaMCICEQDChW6rfnJo +7if6TctAYFvPFw0xMjEwMTkyMDM0MzBaMCICEQDp61dHXvUcfRpFxMt/tyYTFw0x +MjEwMTkyMDM0NDJaMCICEQCSJCWmC2lp3sO7reRuLw3+Fw0xMjEwMTkyMTE4MTla +MCECEAIBGP9YWMVnHmUncd2exZwXDTEyMTAxOTIxMjM0MlowIQIQOTazvnIjWut8 +K+pOV8Qz/BcNMTIxMDE5MjMzNDQ1WjAhAhBtz9V7XzQE4vQgwhVG5rLRFw0xMjEw +MjAxMzUwMzFaMCECEFUkTiDrAIVX+j9AALzoMlIXDTEyMTAyMTE1NDgwN1owIQIQ +YT/mxJDUfnM1Rte6NpDxJRcNMTIxMDIxMjM0NjIwWjAhAhAGsL1SSwxL5YN1KdJi +4puiFw0xMjEwMjIwODU5NThaMCICEQDtCO/crR+jSGNc1jXV75aUFw0xMjEwMjIx +MzA0NDJaMCECEBi9/OlLbQlwQiS5sNTgmdkXDTEyMTAyMjEzMzQyOFowIgIRAMuC +9llUtFQ3p/xle/ynuXkXDTEyMTAyMjE2NDYwM1owIQIQePlfOK7RfNKboBoCsR2c +GxcNMTIxMDIyMTgwNDAxWjAhAhB8PPvrYFSHD8DL0576G3X9Fw0xMjEwMjIxODMz +MzVaMCECEC+7uiUE0eokrWGUAIEO94MXDTEyMTAyMjIxMDcyNFowIgIRAP8w8rux +mAX2ybLEgyYuQ8cXDTEyMTAyMzEwNDEwOVowIQIQH0hQpocJ5dKSgXvG4objWBcN +MTIxMDIzMTQxNjE2WjAiAhEA/luy/o21gKrHY9Yxc9IZohcNMTIxMDIzMTQxNzQ0 +WjAhAhAfhGZxA6pLZlcp5cwCOckzFw0xMjEwMjMxNDMyNDdaMCECEEh6/9DyYcJM +Sd10PwVYSV0XDTEyMTAyMzE1MTUyNlowIgIRAOddlsvm8mAyv/YIzkOXSocXDTEy +MTAyMzE1MTgzM1owIgIRAI5XjSi9tRWnahT8/q0P83cXDTEyMTAyMzE2MzU0NFow +IQIQIwXLj/9M8df0k3YDbdaVPxcNMTIxMDIzMTkzMDM5WjAhAhA+5aU/rNsyxo7W +jLtVpNZ1Fw0xMjEwMjMxOTMxMDRaMCICEQDoXOrWcinWmsP6HF0VvQmdFw0xMjEw +MjMxOTQ4MTZaMCICEQDf8pR/DpTZ7a8DeSfgh06XFw0xMjEwMjMyMDE0MThaMCIC +EQCIExK+4Z4H1FkAR+hohCliFw0xMjEwMjQxMjEzMzVaMCICEQDUG1ME1iLVKR7f +CjYB3p0jFw0xMjEwMjQxMjUxMDdaMCICEQCzqcE1nqfRHg6HdXZsvEu6Fw0xMjEw +MjQxNTI2NDdaMCECEAKJ5gw9HXrWwsOuo8jMUacXDTEyMTAyNDE2NDA1NVowIgIR +ANtyhJ7x5g8ud1x0yKuFrvEXDTEyMTAyNDIwMzMxMlowIgIRAL52+4GJw+OKcubm +j0lqH4UXDTEyMTAyNDIwMzYwN1owIgIRAPatBHu8dQwgdfPdvL21XHwXDTEyMTAy +NDIwNTkzM1owIQIQJrGOMZLZo1w+CDhYSwdBfxcNMTIxMDI0MjEwMDAyWjAiAhEA +tDwMe84sb+dJecpqJl7RdBcNMTIxMDI1MTQ0MzQyWjAiAhEAyb4Mp4wNk08AtaCO +rygGRxcNMTIxMDI1MTQ1MjE5WjAhAhBlon+DqMW1Hj1FFFgjyNqjFw0xMjEwMjUx +NTQ2NTBaMCECEH/XOVCiJi9zATtsRpvx1r0XDTEyMTAyNTE4MzgxOVowIgIRAO/E +rPWgg15sP3arrqrfAuUXDTEyMTAyNTE5MTgyNVowIgIRAJ1lwUocGrZAQ1yGjF3n +6d8XDTEyMTAyNjExNDU0NFowIQIQMaI7NNlXddYvbH2BeSOHDhcNMTIxMDI2MTMy +MTA1WjAiAhEAi+QEsOdb6hnvwzQplE1r0xcNMTIxMDI2MTUxMDI2WjAiAhEA1aox +p7Wwx9+/TkCqMzSC+xcNMTIxMDI2MTg0ODAyWjAhAhAO/2edQz/UXhkwuf0EGQ67 +Fw0xMjEwMjYxOTM4MDJaMCECEA8VxSLhPGUhGVoPoqTCcccXDTEyMTAyNjE5NTY0 +MlowIgIRAL2c/pdkTG6Bl0r0cC1FekQXDTEyMTAyNjIwMzEwN1owIQIQbNTF8ojO +MT6LIOVG0JG5ihcNMTIxMDI2MjA0MzEzWjAhAhBzdWGoZOZVDN9UUtTWPeTwFw0x +MjEwMjcwMjEzMDVaMCICEQCOyRVJsvdaRq4nx94LVLE4Fw0xMjEwMjcwOTE5NTBa +MCICEQDEE6F9UuPmcVrOZzMZ4xHDFw0xMjEwMjgwMjEzMTJaMCECEAHphPMFLJdb +qz+tDmO4Q/QXDTEyMTAyOTA5MzczMlowIQIQTzHdU4aIW2nx5OQ5J2KHpRcNMTIx +MDI5MTQyNjQ1WjAiAhEA8ZU5AXkK8DSUzBYcpJ4uxhcNMTIxMDI5MTU1NzMxWjAh +AhBxqLq9WJxGcsk2BCM5ZdgzFw0xMjEwMjkxNzQzMTdaMCECEC3s1EQJAnXJ7KHc +PC1sopgXDTEyMTAyOTE5MjIyNFowIgIRAOI4Ngi1ZxwUo+EbqC8qnTgXDTEyMTAy +OTE5MjgyOFowIQIQUPsxyamG8W2qegGgxpzmkRcNMTIxMDI5MjEzMDA4WjAiAhEA +vShM+jNhKk6P3w1Om+AE/RcNMTIxMDMwMTMzNzAxWjAiAhEAj1xTHCnyfrbQG3PR +/VzGvBcNMTIxMDMwMTM0OTE5WjAhAhADDg5WebF+5zhtNbSVofOTFw0xMjEwMzAx +NDA4MjdaMCECEAQTzfjZG3yxG2pSStZS3TwXDTEyMTAzMDE0NTg1N1owIgIRAIgW +gs3lAAmc8eEqaBGfWz0XDTEyMTAzMDE1MDc1OVowIQIQBZKPdBJHYZojMmiQWXBz +DBcNMTIxMDMwMTYwMzEyWjAhAhBaDuNfCABg1JUfipUTihzVFw0xMjEwMzAxNjQw +MzlaMCECEAJEM3RXII8lvT5Orp26OkoXDTEyMTAzMDE2NDA1MFowIgIRAJVfa/sY +LqovCw+gavns62EXDTEyMTAzMDE3MTg1OVowIQIQNNCjk6/Z5vpuMv1XkldKnRcN +MTIxMDMwMTcyMjU1WjAiAhEA3pjUTgVB9ch05s0tlKZDvBcNMTIxMDMwMTcyMzM3 +WjAiAhEA//lOfZIGapc+8wq6PpSzehcNMTIxMDMwMTgyMzA0WjAiAhEAjhEwtth+ +tLLAhwe/wpLk/BcNMTIxMDMwMTg0ODM0WjAhAhBQiZ1ZaoA3+U6lOGOQ7YyyFw0x +MjEwMzAxOTExMTBaMCICEQDob8BJwKhu6tc6/fr7V51VFw0xMjEwMzAxOTIzMjha +MCECEH/ZMarTXzyOijwcWqkO9uUXDTEyMTAzMDE5MjQxM1owIgIRAInMQqsSlbgn +rn2X0cljoEsXDTEyMTAzMTEwMjQxN1owIgIRALH8021tZx5Nq7S55nlGWx0XDTEy +MTAzMTE1MzgzNVowIQIQXYlQer4EXjSq4Tqf683tFRcNMTIxMDMxMTkwNDU0WjAi +AhEAtKWvm80Fofp4NLloZ1ckaRcNMTIxMDMxMTkzNzE0WjAiAhEAw2p9UbzUGke4 +AkIU4ngS4xcNMTIxMDMxMjAzNjIwWjAiAhEAizDNPrpUIHiKL1UGvkJbjBcNMTIx +MTAxMTIzNTA0WjAhAhBhAzRj+sH7N+a8B8liELo1Fw0xMjExMDExNDA5MDNaMCIC +EQC++yyj6EklkvkT9BEE9sjsFw0xMjExMDExNDExMDRaMCECEGTBd4EcgSUQO5db +JeISOvgXDTEyMTEwMTE0MTIzM1owIQIQPU/MMN27PxfxmRTTYVC4LRcNMTIxMTAx +MTQyMTQ5WjAhAhBJpcIQTKGI4AS3tXhWtslpFw0xMjExMDExNDI0MjVaMCECEFqI +Eh3UB/m17OCj6q85J4MXDTEyMTEwMTE0NTYwNFowIQIQb1G6yIUjm4AUte9rPtgD +TRcNMTIxMTAxMTU1MTExWjAhAhBz3pwtR/Nr4yq5kajn4aQaFw0xMjExMDExNTUx +MzFaMCICEQDdB5thhI6NcYeUN+GUqLPFFw0xMjExMDExODU0NDdaMCECECOYPTIC +xV/rvJYBhtYR9mYXDTEyMTEwMTE4NTYwOVowIQIQfp5QV6V+eavaNokO3HRrORcN +MTIxMTAxMTg1NzI2WjAhAhBQmWygguW/nNnoknhdFwGkFw0xMjExMDExODU4NTda +MCICEQDLoQlJZB2J8GuNrUUFKEK1Fw0xMjExMDExODU5NTNaMCICEQC8U1mAVjg4 +X2gvugWbLAPxFw0xMjExMDExOTAwNTdaMCICEQCXra6Cwy4FnFaIrQrS0V3iFw0x +MjExMDExOTAyMTRaMCECECg0T5xwakGPsCaA0RR7XAsXDTEyMTEwMTE5MDMxNVow +IgIRANpewh+G83NFgqxiWuW1Oj4XDTEyMTEwMTE5MDQwNFowIQIQMPeF+EyikUdq +cgbBY05gUhcNMTIxMTAxMTkxMDE3WjAiAhEAuab7cPj7wHsVkiYsKbZfchcNMTIx +MTAxMjEzMjUzWjAiAhEArruxjcmVGBh2mZKW5KiZCRcNMTIxMTAyMTIyNzI5WjAh +AhAgTHNueXGhcbeEWK3gpGZyFw0xMjExMDIxNTEwNTNaMCECEDOx8eV+qu4miu/M +TRgL94IXDTEyMTEwMjE2MzM1MFowIQIQIkaMu0Fx8t9vaNiArWJvrhcNMTIxMTAy +MTgxMjI3WjAiAhEA+nUtwQZu46R5BgGY7LIMMRcNMTIxMTAyMTgxMjQxWjAiAhEA +ssHWCS6X+AZD2S0RTPbtuhcNMTIxMTAyMTgxNTA0WjAhAhBnnIIk9QMBgdgyDVWZ +CaQoFw0xMjExMDIxODE1MjZaMCECEAIoJu01AgRm8bUg0ioXlVIXDTEyMTEwMjE5 +MTM0NlowIQIQX0IxG6PMKmZXLFsvyUrAFBcNMTIxMTAyMTkxNDQwWjAhAhAxv28L +Pb9DUTGz3zXpLmBoFw0xMjExMDIyMDMxMzhaMCICEQDPlPv0eAZMcw9xilU/W6OA +Fw0xMjExMDIyMDQyMDRaMCECEBnL6wB/5O50dOFlJGpM7toXDTEyMTEwMzAyMTMw +NVowIQIQMXO6G8EvbE9efXsWgFORHhcNMTIxMTA1MTYyMDQ2WjAiAhEAmcAmughE +sc6aT4q7LyTy3xcNMTIxMTA1MTY0NzA2WjAiAhEA+dwLFs44Khk+d9AjPugdVxcN +MTIxMTA1MTY0NzE4WjAhAhAbyJDIOKEuyRujO8fPrHY/Fw0xMjExMDUyMTM5NDVa +MCECEFyU2GvYyay/wbaoKmyZ2MEXDTEyMTEwNTIzMTUwOFowIgIRAP2dbtcSenfs +o5hMTa0+kJAXDTEyMTEwNjA4NTc1M1owIgIRAO4jE9Lyyzvjs2g35ExXZOQXDTEy +MTEwNjE4MDcwOVowIgIRAJeXpPDUXEQXDh7ghJIET10XDTEyMTEwNjIxMTgyOVow +IQIQQ9uTeufhGEqegng5jwKmMxcNMTIxMTA3MDk0ODA0WjAiAhEAy9+NdjeeW76c +wNfe5Q58JBcNMTIxMTA3MTM1OTI0WjAiAhEAiQunks3qzHQyvFu1vWnXWBcNMTIx +MTA3MTgyOTA4WjAhAhAjPNrsvHW9m2oqyqkocXwtFw0xMjExMDgxMjQ5MDNaMCEC +EG9YKPwHlt7doDs66cQt7yIXDTEyMTEwODE0NDU1NlowIgIRAM1w/U5NUXmmpHxz +sNoXgzIXDTEyMTEwODE1MDM1M1owIgIRAKe221CFw3m4hGwnHBlkNLYXDTEyMTEw +ODE2MDg1NFowIQIQKx5hmXR/SiGUJlliCfu4PxcNMTIxMTA4MTkwNzM5WjAhAhAd +WhjQUqAtsn3Oq5PFAjooFw0xMjExMDgyMDAyMDNaMCICEQCaqnQZrlOYJ8+PGq4W +2O6FFw0xMjExMDgyMDM4MDRaMCICEQDMp3Pd5R859Ngg1faciHS9Fw0xMjExMDgy +MDU0NTFaMCECEDUBpvzEq1Xi/wz6BR/ckSgXDTEyMTEwODIxMjU1NFowIgIRAIR5 +5TJp5khfzaJ0A0tdwvYXDTEyMTEwODIxNDQyOFowIgIRAKqJni9pKo9ZeeZWMoAg +gicXDTEyMTEwODIxNDczNlowIQIQdU5+JAk4PJlflAgQarpkZBcNMTIxMTA5MDkx +NjM4WjAhAhBVhni/VFutJNZxSgH0CikLFw0xMjExMDkxMDMwMjFaMCECED7u2t0z +8g9W3dzFSEiDQrwXDTEyMTEwOTE0MTQwOVowIQIQYfi/Jpwd3yIj0jszEXEd8hcN +MTIxMTA5MTQxOTQ5WjAhAhB8hpYkLXyP30Txr3KXJFHKFw0xMjExMDkxNTA5NTRa +MCICEQDmUlN3XhTxS5MKpmAB/sk4Fw0xMjExMDkxODI3NTBaMCECEAaTbKeMb0Q2 +GIiJrK3gH+oXDTEyMTEwOTE5MDEwNlowIgIRAPeMpXWXfzXYlN84Kh8ZBIsXDTEy +MTEwOTE5MDExM1owIgIRAOodRmeAjxjMj3GnbIHVGPgXDTEyMTEwOTE5MDExOVow +IQIQIeR0fzCOhcOsWORxoUkdvxcNMTIxMTA5MTkwMTI0WjAhAhAlE37ZA27lNTRG +sG50XPhHFw0xMjExMDkxOTAxMjlaMCECEHr3j27batCwVtC1rOPOkQsXDTEyMTEw +OTE5MDEzOVowIgIRAIt4kkcUoB17bM27V03VIVIXDTEyMTEwOTE5MDkwNlowIgIR +AM1s0mOIZaViBwiD+GKGdooXDTEyMTEwOTIxMjE1MlowIgIRAJ/5vDy1LAColDX3 +OVCVvL4XDTEyMTExMDAyMTMwNlowIQIQYPsTK1qUrjSZHkgJcfVcQhcNMTIxMTEy +MTczMDM5WjAiAhEAlFUDBU++HSHuyo7iktYvohcNMTIxMTEyMTc1OTM4WjAhAhB4 +WliO1rs79PTZLgzd/MD/Fw0xMjExMTMwOTI4MzVaMCICEQCicTpVKCmHAF+Rs3C+ +iRA/Fw0xMjExMTMwOTQ3MzdaMCECECqG0jyiBhKSETGeHR4ycZcXDTEyMTExMzEx +NDE0MlowIQIQabnsu5DfQCqX6p3n/4Sb3RcNMTIxMTEzMTMxNjAyWjAiAhEAoytx +pd3gJe/mFFIeZNBnTxcNMTIxMTEzMTM1ODAwWjAiAhEA/2AmuQLRqsdOBhUU/mjX +URcNMTIxMTEzMTYwMjM5WjAiAhEAmfXGspPU7epcoe4tXH4n9xcNMTIxMTEzMTcx +ODA0WjAhAhAJ011tMIUKU2/u55ZObb6KFw0xMjExMTMxODQ3MzhaMCICEQCDP2m8 +jaY6+wzXuh6UqFc8Fw0xMjExMTMxOTAzMDZaMCICEQDPQaP+1DvivS2TFGLBKE2/ +Fw0xMjExMTMyMDE0MzVaMCICEQC1y38fB6xgNDfiKyp9jGPDFw0xMjExMTMyMDE0 +MzVaMCECEECuubGQXjd9EJhgvPq5JdEXDTEyMTExMzIwMTQzNVowIgIRANhUVCSP +BdYCUU+4XwvM2EAXDTEyMTExMzIxNTUzMFowIgIRAMESsWUZbBXq9tZNqkzNIX8X +DTEyMTExNDAwMjQzNVowIgIRAOgeOLJGvXWdYEOXWrW+PJQXDTEyMTExNDAwMjQz +NVowIQIQMgIGX3R89dmEyj7YxS1dkRcNMTIxMTE0MTQxMzUwWjAiAhEA7c4vKjiR +r8yQlaqJMonc5xcNMTIxMTE0MjI0OTUyWjAiAhEAtcX01RoQCmHEO+N99flqzBcN +MTIxMTE1MDQyMTI3WjAiAhEAz1f4oBr7EDsPsb1c/0aGxBcNMTIxMTE1MTExNjEy +WjAiAhEAgjfOmklXz2iKMqjElXiZCBcNMTIxMTE1MTIyMDM0WjAhAhAmxVKSKh7T +5PQPlQ195hUUFw0xMjExMTUxNTA3MTZaMCECEAsJaShfbKzvo4T65CQt80MXDTEy +MTExNTE5NTUxMVowIQIQF4ViB5E/k63y40ZOfhNssRcNMTIxMTE1MjEwNjU1WjAh +AhBrvvcjOJFDelk2Frc1gRz9Fw0xMjExMTUyMTIyNDJaMCICEQDaII9j5LcINLZ7 +Ia9BgcWhFw0xMjExMTUyMTM2MzhaMCICEQCfQ4n8jcuD5GRSlwaO0S1iFw0xMjEx +MTUyMTM3MTNaMCICEQCO0xdBlpBM4djaYHAH/9fsFw0xMjExMTUyMTQ0MTZaMCIC +EQD+iaYTycI4xQchV244JzllFw0xMjExMTYxNDE4NTdaMCECEF6nwSi9fVhGlLaz +7nMl/RUXDTEyMTExNjE0MzAyOFowIgIRAI+8YhdX3ZSC73qXvzmA8LoXDTEyMTEx +NjE1NDkzN1owIgIRAP9ZYcAxRDDMk8jH1gKe7kcXDTEyMTExNjE1NTY0OFowIgIR +AIuXx29+PRil984koAyaX6YXDTEyMTExNjE1NTg0N1owIQIQSZWYNmtMVz439gVx +nfTTbRcNMTIxMTE2MTYwODE3WjAiAhEA+gknoWjt1S+FkYTpIE+aexcNMTIxMTE2 +MTgyMjI0WjAiAhEAzFcm766U8WFx5lneHB3uJBcNMTIxMTE2MTgyMjUxWjAiAhEA +n/XfAGGjqaTav+qzeGr+OhcNMTIxMTE2MTgyMzA5WjAhAhBlqHhqtfiv0qA4Pmt9 +Xa3ZFw0xMjExMTYyMTQ0NDBaMCICEQC3rM/yOkoiklL/AN/LWUH6Fw0xMjExMTYy +MjM0NTZaMCECEAvR9epOv2BO8GeEQH7vnPwXDTEyMTExNjIyNDYwNVowIQIQdIqQ +slZnuYjta1XnIo5cFxcNMTIxMTE3MDIxMzAzWjAiAhEAjlgQ2IKCoOWL/1XgZ0au +iBcNMTIxMTE5MDc1NDMxWjAhAhAEHzvEt0s5Rv6YoQSDt5p0Fw0xMjExMTkwNzU1 +MzBaMCECEELvT+zUKNnH3et2n5ebYNgXDTEyMTExOTA5NDY0N1owIgIRAKxqEV2Q +Ihed3F2Smsi6SqcXDTEyMTExOTA5NDcxM1owIQIQfRtU7Sa3+OfShf9xrHsmxRcN +MTIxMTE5MTUyODQ4WjAhAhAJDgKVYfcqI032unKbK2gqFw0xMjExMTkxNjA3NTVa +MCECEDWLJqsdqvfwvm/xEa51MEMXDTEyMTExOTE2MjIwMlowIgIRAOgqcdcWDQNX +eKBwJULkfwIXDTEyMTExOTE2NDUwMlowIQIQQqubbP8wcV5ESCa8hI5tCBcNMTIx +MTE5MTY0NTExWjAhAhAo48u0RJFsEoO2b7JJlRinFw0xMjExMTkxOTQwMTFaMCEC +EEZyv6d3Qb/nQtg3Z5HON1AXDTEyMTExOTE5NTU1NlowIQIQBxTJ58Hk/QSC40ML +ECNyOBcNMTIxMTE5MjIwNzUxWjAhAhBWduTL0YrP/9MPmbRgzXVuFw0xMjExMjAw +ODM0MTVaMCICEQDGksDFXVDmwPexoEt6u2jrFw0xMjExMjAwOTIyMjFaMCECEC4G +An6oOEZ7i6lZ2FRHA2UXDTEyMTEyMDEyMjIxMlowIQIQaNIRTB6MS68WM1e8l1jo +uRcNMTIxMTIwMTMyNDI2WjAhAhBZ73KZu8Hhz/Km2c7/3JacFw0xMjExMjAxOTAy +MDFaMCECECUNNryTnYD1cfx8O9YjBEMXDTEyMTEyMDE5MTkwNVowIgIRAJBHB5NH +4L2gut/l+UBA65EXDTEyMTEyMDE5MjcyNlowIgIRAKD7iLVJ/KAEo/WJv+L+zLcX +DTEyMTEyMDIxMjkzM1owIQIQbhnuVWeWpFQpnVMGghpaChcNMTIxMTIwMjE1MDA5 +WjAhAhA7Z8egnd9PekJkLWZGt8KVFw0xMjExMjAyMjQ5MDZaMCECEF/G1jzOvjrc +Y3z4HvXlRJgXDTEyMTEyMTEwMDU1NVowIQIQc1+nOzAfIMbudZEW7uuyCBcNMTIx +MTIxMTM0NzIyWjAiAhEAmqcVVzUfe9zofDGQ6weWlxcNMTIxMTIxMTM0OTUwWjAh +AhAIwH6tMyFEsdQB73TvzJXmFw0xMjExMjExNzM4MjZaMCECEFqFYDqUL02qnt7d +S0Zes4IXDTEyMTEyMTE5MzkzOFowIgIRANZldyq2D8YALoQzLAUV7XIXDTEyMTEy +MTIwMjUxN1owIQIQRYoFhslTmjAEHkrxhr36HxcNMTIxMTIyMDAzMzI2WjAiAhEA +2fiu0Br+bc72s+C9Q9ehVhcNMTIxMTIyMDY1MTUwWjAiAhEAsomoAHXzlJxG4oNk +UxFeyhcNMTIxMTIyMDkyMzM5WjAhAhA+K1SnyM41Jr5Tx7wCmlbWFw0xMjExMjIx +MDA4MTZaMCECEBLpXnF5NEpbP5HU3gD2gHwXDTEyMTEyMjE0NTg0OVowIgIRAJJM +h0ipkBZNt6/0bK3pwXAXDTEyMTEyMjE1MjMyMlowIgIRAJaMcTiug/mvJpqNYn+c +gm4XDTEyMTEyMjE2MDg0N1owIQIQT8BiCy8O0xzcqGld0ww7LxcNMTIxMTIzMTIw +OTEzWjAiAhEA0oqDuQNERgpF3cwr+ljs2hcNMTIxMTI2MDgxOTM5WjAhAhBeGHNb +j1XwHIrGIZ32YYaGFw0xMjExMjYxMTM1MzBaMCICEQC26ohQQKuCJwjedIh6eqSA +Fw0xMjExMjYxNDQ2MDdaMCECEE9D/Kq/j1nRlWKbUIb1hd0XDTEyMTEyNjE2NTgw +M1owIQIQKkWbSM3TmxkP/fdmAaVQXRcNMTIxMTI2MjExNzQ2WjAiAhEAjz+nfLoy +9PoGP13pdV+e8BcNMTIxMTI2MjE1MTU1WjAhAhAP4+P5QZvc4gS4mxvc0ullFw0x +MjExMjYyMjA1MDlaMCICEQCeCByZesNVnT1f55y90IyIFw0xMjExMjcwMTEwMzZa +MCICEQD4u52d267BDgZKrH99cvgKFw0xMjExMjcwMTQwNTVaMCECEGlhpDgljCrs +ve11A3s3//oXDTEyMTEyNzAyMTMwOVowIgIRALdFhNgS+Wr3RL1A1zGNRv8XDTEy +MTEyNzAyMTMxMVowIgIRAIfCp3Z2w31/GptuXOud4egXDTEyMTEyNzE0MTA1Mlow +IQIQPHSS9qUZhni2vc31uKk5uhcNMTIxMTI3MTUzMDU4WjAhAhAKZA65byx9xNfH +F6ned0jJFw0xMjExMjcxNTU4MDhaMCICEQCYGgLI6xhHDWv6r7BSussuFw0xMjEx +MjcxNjExMjhaMCECEF2ydnmOQxpqnvFY4iJw2PYXDTEyMTEyNzE2MjAzNVowIgIR +AP2LSD0QhN0NX3UGmT9OBZIXDTEyMTEyNzE2MzkyM1owIgIRAKE3Ew0+RSjVDjQV +ScZkMCEXDTEyMTEyNzE4MzQyMlowIgIRAMhpC8z+H+y0PHw0s5LyYQYXDTEyMTEy +NzE5MjQzMFowIgIRAN4uek8QHh5OuVsmFRXRBPYXDTEyMTEyNzE5NTcyOVowIQIQ +IDZAQRbuIvjhKLoqwJH4khcNMTIxMTI4MTQwODExWjAiAhEAzcqLGTISHWm39DHl +IiqoAhcNMTIxMTI4MTcxNzEwWjAhAhByS0HGfTj3f/TJM7/aklMoFw0xMjExMjgx +NzE4MDJaMCICEQCdpTcq7Wf+KZdnve11t6IUFw0xMjExMjgyMDM4MTdaMCECEEu5 +Vb1o5xWK5Ehr9l8kXCMXDTEyMTEyOTA4NTE0OVowIgIRAKT1B6DbOYivRZG65HYh +3nIXDTEyMTEyOTEzMjMxNlowIgIRAIKOmWkKtM/aS9Qe9A6J1UQXDTEyMTEyOTEz +MjMyNVowIgIRALZahBav4sl+iVXCGTKp3N8XDTEyMTEyOTEzMjMyOVowIQIQcTT9 +FDVFUQeWGmxkJFU1/RcNMTIxMTI5MTMyMzM0WjAiAhEArpl4O4XV1JqW1vmZUGwY +5RcNMTIxMTI5MTU0MTMyWjAhAhBwXbrjWqPMxbUcwsBKCjFgFw0xMjExMjkxNjIz +MThaMCICEQDu7JCJdp8x4dRNVUsacYNUFw0xMjExMjkxNjM5MTZaMCICEQCHpojQ +KOy8soVh1bSo24gzFw0xMjExMjkxNjQyNTlaMCICEQCI7eQU7okL4fHIowfNfmnt +Fw0xMjExMjkxNzM5MzBaMCICEQCTClBwc8ar4Ot/GpA5E7HLFw0xMjExMjkyMDM4 +MDRaMCECEGZrfk6xFIfOWVrzNQzkGqIXDTEyMTEyOTIwMzgxOVowIQIQQWT53aII +dKLztwQWLnzTfRcNMTIxMTMwMTA1NDI3WjAiAhEA4dufR4aaMl9+nWCoiNbtTRcN +MTIxMTMwMTExNDAyWjAhAhAY1p7wQJXHdAL2cwAsPm7hFw0xMjExMzAxMzA0MDJa +MCICEQDaXErRhWQ7e8pu4YZHmh64Fw0xMjExMzAxNTE3MTFaMCECECzSxKJPQjkg +2y8StKwtVE4XDTEyMTEzMDE1MzU1N1owIQIQLS0rUWNPH2CgcnpAwNPgDxcNMTIx +MTMwMTU1MTM5WjAiAhEApUbncH5W8amzhSwMKkT2hxcNMTIxMTMwMjIzOTU3WjAh +AhByEwjZfwUHdjSkzV0Z60VqFw0xMjEyMDEwMzAwNTVaMCICEQCvQ/CxP51blMHR +BDtlJldWFw0xMjEyMDIxODQ2NDdaMCECEHcG9WzFuL69jP9RhNSz/YkXDTEyMTIw +MzE0NTY1NFowIQIQJ02Lxv/1296OHFDRtllYAhcNMTIxMjAzMTc0NzIyWjAhAhA3 +Jl6PE/sxc/iG79Em8m1eFw0xMjEyMDMxNzQ3MjZaMCECEA0GKZg3TmCu8Giqe5s5 +6zIXDTEyMTIwMzE5MzgxMVowIgIRAPMLs8H9LveYT2cFo6PN7OQXDTEyMTIwMzIw +NTYyNVowIQIQSdhIa5+5VP2tUzfYOJFu2BcNMTIxMjA0MTEzOTU4WjAhAhBKy3B/ +KL6Oh7uJlZKCCuALFw0xMjEyMDQxMjEzMDRaMCICEQDdm3kf7BBda5KDisbgSrWh +Fw0xMjEyMDQxNDEyNTRaMCICEQCgooyvMjhvTG4mrIuIIQQXFw0xMjEyMDQxNjQ0 +MjJaMCECEExXdoJ6PLQlyMzPinpHDTIXDTEyMTIwNDE2NDQ1NlowIgIRAMVTAF3+ +9ehSuykA11hjVZwXDTEyMTIwNDE2NDgyOVowIgIRAKZJefSJy/AMxoQwJ1p/zUAX +DTEyMTIwNDE2NTAwMVowIgIRAKpEuEAOHsxr2gAbUmkNxlEXDTEyMTIwNDE2NTAw +NVowIQIQE/RK0gmB5p+nNakwoDk0khcNMTIxMjA0MTgwNTE0WjAhAhAPv9pvJ8wh +gC2EGEHiXU1ZFw0xMjEyMDQxOTAwMTRaMCECED4tCzh0uOk7ylIzJ7+NM9UXDTEy +MTIwNDE5MTEyN1owIQIQMoL97JwMD0pn2INy66U9ABcNMTIxMjA0MTk0NjQ3WjAi +AhEAoxHMZZZlJL8s2ry0se1RTxcNMTIxMjA0MTk0NzI4WjAiAhEA2YjWHC2Puzhy +HW1hHO1M/RcNMTIxMjA0MTk1MjQ2WjAhAhAKzxq/C2UEA21LvrygQLn1Fw0xMjEy +MDQyMjQ3NDlaMCECEAEHV+sm7WCXFvKNmfk60u0XDTEyMTIwNTA5MjQyOFowIQIQ +bw5jNR684intU3jfLtblyhcNMTIxMjA1MDkyNDQyWjAiAhEAgDf3rNlizIL8CyDo +KrRXoRcNMTIxMjA1MTQwNjQ2WjAhAhBHzMmNDGHiGPLpjefOvBsYFw0xMjEyMDUx +NDExNDJaMCECECeCgFFkGMr8QwpKvCYIQWQXDTEyMTIwNTE2MDYwMVowIgIRALLC +uQLSqO1mlOb4CF7Pt6MXDTEyMTIwNTE3NDM1N1owIgIRAIE8EO1GUss98mGXCt9g +sg8XDTEyMTIwNTE4MTUyNFowIgIRAN230fSblgozH+x7ztgqCUcXDTEyMTIwNTE5 +MjI0OFowIgIRAPeVsXaA7EIa/jOnIQQLPNkXDTEyMTIwNTIxMzE0MVowIgIRANhz +j+RDDKayqNC/OcPMgKEXDTEyMTIwNjExNDIwOVowIQIQf71RcSj6ZhEmF7klCAlx +wBcNMTIxMjA2MTU0NDA0WjAiAhEA4ItTTyKtqNaGCziPZZg6/RcNMTIxMjA2MTU0 +NDE1WjAhAhAursEe6gqY7wTqsw0A3hqXFw0xMjEyMDYxNTQ0MjVaMCECEEtGK4pl +o7TsHCojIebLUTwXDTEyMTIwNjE1NDQzOVowIgIRALK0xaEdU2Rsci+M7u3X1nEX +DTEyMTIwNjE1NTAxMVowIgIRAIoSoK3K2Vv/Bt0WE/z9QmYXDTEyMTIwNjE5MzM0 +OVowIgIRAOApOqrIfkmMdRknKAxwhcIXDTEyMTIwNjE5NTYzMlowIgIRANYOIZlM +7zTdhnKbMS7N7OMXDTEyMTIwNjIzMTQzMlowIgIRAPbp4Kxi0qqWG4phshOL7J0X +DTEyMTIwNzExMDMwNFowIQIQX0c3gzw0NyWGMg0pmEK/FxcNMTIxMjA3MTQ1MTQ3 +WjAiAhEAg1xp/zv7GOOM30Km4CUB+RcNMTIxMjA3MTUyMTM4WjAhAhATsoN0jlzl +XnOKCjgrf6GuFw0xMjEyMDcxNTI2MzBaMCECEBSEiLJhINLZRv4KHbs0xgIXDTEy +MTIwNzE2NDMxMVowIQIQPGAwOEb4lOgwOfP7/Bjd7BcNMTIxMjEwMTA0OTU0WjAh +AhBpW3mkelSBsCbbaVQfXxeiFw0xMjEyMTAxNDM2MzBaMCECEA1OHlVYx6d1TjWl +ZzuMZmQXDTEyMTIxMDE3MDAwOVowIQIQTCr1iE//7zKl+UxfEzDSFBcNMTIxMjEw +MTcwMDQzWjAiAhEA40V1bjGloqHQX4sfyR/4aBcNMTIxMjEwMTcyNzMzWjAiAhEA +ud/cEXtJqc6HdwVfQmkpfhcNMTIxMjEwMTc1MzQ3WjAhAhB6mpmZAgatPRfEf+u/ +O5x7Fw0xMjEyMTAyMDA4MjBaMCECEDI1u3pfd1nIQzG019wsgKUXDTEyMTIxMDIw +MTU0MlowIgIRAKaL9N9PWWbBGjhxWJmqFPUXDTEyMTIxMDIwMzAwMFowIgIRAJbF +rBkacACl9HOMiOTKD0wXDTEyMTIxMDIxMDUxNVowIgIRAJ4fDYmNPQlgK8b3+5Uk +2uEXDTEyMTIxMTAyMTMwNFowIgIRAL3eDGbv/M+SsEnz00MKWm8XDTEyMTIxMTE1 +NDUzNlowIQIQc13WBTlyS70+P2rN5u5+lxcNMTIxMjExMTU1NjMwWjAhAhARNHbj +W7WVDOAHn7epWSG4Fw0xMjEyMTExNjU2NTVaMCICEQD9s7MZjg4pdP2LzMs3kN/L +Fw0xMjEyMTExNzE1MjZaMCICEQDZlUgKMBKm6jW/eNFnlmpZFw0xMjEyMTExODA2 +MDhaMCICEQC9WlCVLZQBNTpwOiOurF/gFw0xMjEyMTIxMjU4MzZaMCICEQDC/Xsw +ZODdbDy9H1DWAuRzFw0xMjEyMTIxNTUyMjdaMCECEGiVxDv3ByvnalMMrKD2E0EX +DTEyMTIxMjE4MTU1MVowIQIQPsK02RtqH1jCDWXy2d7GARcNMTIxMjEyMTg1NjEx +WjAhAhA3a6NrHd3Qv2XyTpwxBBNpFw0xMjEyMTIyMDIzMjFaMCECEDlrLg0uye/f +AvtbyOfRj3kXDTEyMTIxMzEyMTEwNVowIgIRALAxDP3haCV3O3VwbtqSAX0XDTEy +MTIxMzE0NDUyNFowIQIQQN76c8jsiC5baFnad1LwphcNMTIxMjEzMTQ1MjMyWjAh +AhALfHEGh5bTmZQFQeoBUH4oFw0xMjEyMTMxNTMwMDBaMCECEBySYNns7stQ6XYz +ptMDLK8XDTEyMTIxMzE1Mzg1M1owIgIRAOhzBe5m/hCbj5C7HVcj26kXDTEyMTIx +MzE1NDgxOVowIgIRAP9avrVCJJOXWznVQS1RlwkXDTEyMTIxMzE1NDgyOVowIgIR +AOPqEx/41RMqZ0f+rFonCVMXDTEyMTIxMzE2MDgwNFowIQIQP7rpEOue4Yb5L37H +dkxFCRcNMTIxMjEzMTYyNDU5WjAiAhEA3PzSTJWpRn6n1uDhoP99WRcNMTIxMjEz +MTY1MzExWjAiAhEAxzreZkLsKeW1C7p/hAGPiRcNMTIxMjEzMTcxNjQ3WjAhAhBH +yRPRwNmL6vXIMW5lXtpnFw0xMjEyMTMxNzU4NDhaMCICEQDkuQJpy8m2HQ6TY71+ +2w5eFw0xMjEyMTMxOTM3MTJaMCECECOVdDnNiDYpGKMkJd9pPCgXDTEyMTIxMzE5 +NTI1NVowIQIQSKmnTE2w6na6PqgYZaJG/BcNMTIxMjEzMjEzNjI0WjAhAhANy6Yc +CrAtua1CiPF+x/LdFw0xMjEyMTQwOTEyNTVaMCECEEOIhSc+lO9qS2SQdDNcsAMX +DTEyMTIxNDA5MTQyNVowIgIRAPHo5vdl3JYWRLIgfMGAZq4XDTEyMTIxNDA5MTYz +MVowIQIQHaEzcVPraJDxTPQyxja13xcNMTIxMjE0MTUzNTI0WjAhAhAtFUspFCVL +pQvHTHf+OwpKFw0xMjEyMTQxNTM5MzNaMCECECUtmfgzB0EHzvJ3tT0tYykXDTEy +MTIxNDE1NDMwN1owIQIQOCF4MaM6pIMa5NA2hLtPRBcNMTIxMjE0MTU0NDQ0WjAh +AhBeL1J5exb0HU24/dCoY/gZFw0xMjEyMTQxNTUwMzVaMCICEQCSfn708mup31Le +glPb9PEsFw0xMjEyMTQxNTUxMDlaMCICEQDWJXmkjpnYoJ396kI/dAjYFw0xMjEy +MTQxNTUxNDZaMCICEQCM1TTJ7DFuePlrEpjcfnawFw0xMjEyMTQxNTUyMTZaMCIC +EQD8n7L/QmmZl1+O/ApTIiw0Fw0xMjEyMTQxNTUyNDVaMCECEG2OluJOJ2cCklUP +N6lxRcwXDTEyMTIxNDE1NTMzN1owIgIRALCMx3xwF2etiwSEHYrb+aUXDTEyMTIx +NDE2NTEzNFowIgIRAMs6nXMPE4cHeQH5ElvAAfEXDTEyMTIxNDE3MjUzNVowIgIR +AK8+D/EpntVB/8vrDnRed7oXDTEyMTIxNDE4MTQxOVowIgIRAPuNoESvhFTvpg5W +5H4TmAUXDTEyMTIxNDE4NDUyM1owIgIRAIBbiunJmzkHalp9vQj1mQIXDTEyMTIx +NTAyMTMwM1owIgIRAIxNFrS5Zk9QhNM2DmJnoCMXDTEyMTIxNzA3NTcyNVowIgIR +AOHOu7hQjp7ySoMSH0qhDRgXDTEyMTIxNzExMzIyOFowIQIQbrXaG/tTwlfy13S6 +N6Uq8hcNMTIxMjE3MTUzNDA1WjAiAhEAhf/yAeaHFKvdVzQOMiavQxcNMTIxMjE3 +MTgxNjIyWjAhAhAoZinBONbdwheK0zNCLlxOFw0xMjEyMTcxODIzNTlaMCECEBYx +rtotN1cOl59f6wGtOq8XDTEyMTIxNzIwMjg0OFowIQIQNjeL2o8bLCBAsfCAJKpH +5xcNMTIxMjE3MjMxODA5WjAhAhBN5haok0lS9v5Po5S7BJ+GFw0xMjEyMTcyMzE5 +MTBaMCECEH27WaYMjDcmHeqqfWH3X6sXDTEyMTIxNzIzMTkzMlowIQIQAeu3Ee2h +IbfhREwhN/+qshcNMTIxMjE4MDkyOTMwWjAiAhEApppusnWs5EzpI4hRhtFmaBcN +MTIxMjE4MTQxNTAzWjAhAhAFL2MKPdJKdM+eHwl3iinlFw0xMjEyMTgxNTMwNDla +MCICEQC8f+5ha4kD2xB7EhIj0NVHFw0xMjEyMTgxNjEyNDJaMCECEEq3wmYT+bVU +YJyNHpntS+sXDTEyMTIxODE2MzczNFowIQIQUk6KY7E9hxHmJImO9RdMshcNMTIx +MjE4MTcxMjI1WjAhAhBR5SOZ/XXIbgl9JQjV10gSFw0xMjEyMTgxNzI1NTBaMCEC +EAI/SP/mUgJlK1FWqWbqL28XDTEyMTIxODE4MDIzNFowIgIRAMznG0Ykl2uwb8By +kLDyB0QXDTEyMTIxODE4MzAzMlowIQIQH5KcDkDQVNrCj9UwNvK9TRcNMTIxMjE4 +MjIxMDQzWjAiAhEAtSV6DWLyakae+pwnbRbG8hcNMTIxMjE4MjMwNzM3WjAhAhBA +xPJ89H/S92pqL4tXeP3+Fw0xMjEyMTkxMjUyMjRaMCICEQC990slGm2gnZ03esQd +yEiEFw0xMjEyMTkxNTI5NDhaMCICEQDqhrByoxoH6bPNe/cRt03GFw0xMjEyMTkx +NzQzNDVaMCECEC9j4B8zgp3102bb7sL8LjkXDTEyMTIxOTE4MjAxM1owIQIQMSX4 +hM9BKThprCTObsmwYxcNMTIxMjE5MTkxNDIwWjAhAhBxoaUWxbOdjecTD4ilSsGu +Fw0xMjEyMTkxOTE3MTBaMCICEQCRAYEMO3DKp5THMck17Zm2Fw0xMjEyMTkyMDA0 +MDhaMCICEQC3XFWIwgx6feOODfMlK0XpFw0xMjEyMTkyMDMyNTlaMCECEBFK5m0n +kjKI2qlaofKO3+UXDTEyMTIyMDExNTczNlowIgIRANNfVcQAEgHH5ZgF4Up80AEX +DTEyMTIyMDE2MzY0OVowIgIRAMH0kVWXqtcX6hDmiMlGUGMXDTEyMTIyMDE3NTQw +NlowIQIQWLOt1KBYCS56PT8rIIRM8BcNMTIxMjIwMTkzMjA1WjAiAhEAoTpJTkan +PiCzQC1V1xc/6BcNMTIxMjIwMjExNDAzWjAiAhEAsyj3F3+C5YuyTLXRJ9jy2xcN +MTIxMjIxMTMwNzQxWjAhAhA36JU1Sc8SFwjB8toBUeDcFw0xMjEyMjExMzA3NTha +MCICEQDYppD0XOLp48rpaeRFdeC2Fw0xMjEyMjExNDAyMzZaMCICEQCiCzwLzc5w +nq0gWFYN15BCFw0xMjEyMjExNDQzMzBaMCECED/hwJ6GN1UelETdQJCAADwXDTEy +MTIyMTE1MjI1MVowIgIRAL67ZDBNLfB4UJ/SN7d33ewXDTEyMTIyMTE1NTk0Nlow +IgIRAK6WkaPR6d3c4BTNTumhw+4XDTEyMTIyMTE3Mzk1MVowIQIQV/OroWbbZ0SP +h9ENOQus6hcNMTIxMjIxMTc0MDI3WjAiAhEAviWz/dfmdBIkkVkcL2WDgxcNMTIx +MjIxMjE0MjU0WjAiAhEA14uTaOR9UFhTq493AChALhcNMTIxMjIyMTUyMDA5WjAi +AhEArOEd2gQqO/IsSUshVvdXZRcNMTIxMjIzMDIxMzI4WjAhAhB1mOU7mD/7LR5h +NUeXJyi+Fw0xMjEyMjQwMjEzMTJaMCECED0Z4pOwQDtei2j3KPvs3tUXDTEyMTIy +NDEwMDMzMlowIgIRAKAD7YAeZMe6xSg1ypL8IxQXDTEyMTIyNDE1MjQwNlowIgIR +AJDJCX2Ia8UCzo3WM4b3CwIXDTEyMTIyNDE2MjAxM1owIgIRAJwAu8hqybssfymA +zbRDNUUXDTEyMTIyNDE2NTk0OFowIQIQPos/aes9/yh0IDP3Yu01/hcNMTIxMjI2 +MTY0NDM2WjAiAhEArHcp5kvWaEM06RJwRTARbxcNMTIxMjI2MTgzNTE4WjAiAhEA +qEdG1o4nZNUv84xYwMKDcRcNMTIxMjI2MTgzNjE4WjAhAhBZxm8yezL0RwKjv7a2 +fNYJFw0xMjEyMjYxODQwMjhaMCECEAyikwR3l2u+j5uji7zPaJIXDTEyMTIyNjIw +NTAyNFowIgIRAJtUMGFvFN7dfhn1hjW8DuIXDTEyMTIyNzE2MDMwM1owIgIRAKyF +1rIJBc8youBsbnv+IMEXDTEyMTIyNzE2MTUxMVowIQIQL15xKNASfPFhSekht7Le +nhcNMTIxMjI4MTYwODM5WjAiAhEA9v8DJ4ouQsqmsudpR+R7RxcNMTIxMjI4MTYy +NjU0WjAhAhAZiKymCMluZRdM+VO0fbGCFw0xMzAxMDIwNTE5MjhaMCICEQCmnc2c +XQ3V9wFrIg0pvFXMFw0xMzAxMDIxNTU4MzRaMCICEQCrU7H8ZSZFNcehDaoGU/1H +Fw0xMzAxMDIxNzEzMDRaMCICEQC3atmA4rIhxDzLv7qaI/BPFw0xMzAxMDIxNzM0 +MDBaMCECEBpODI8F3I9mkiduNyjC3S4XDTEzMDEwMjIxMDYzNlowIQIQMdr0VFxh +33GKZJqo6rW3yRcNMTMwMTAyMjExMjIzWjAhAhB1TNuqCZs0RASPdo4gXa4NFw0x +MzAxMDMwOTM5MzFaMCECEHt0oblwQnMpCa8h/2speNwXDTEzMDEwMzEwMzgzOVow +IgIRALn1CqqSylLPmaZEs21pUB4XDTEzMDEwMzExMjIzMlowIQIQIkwsO+BRiGZM +bDbPUtxmcxcNMTMwMTAzMTM1NTAwWjAhAhACV5aEwdax9zQDsfbsLRGYFw0xMzAx +MDMxNTQ5NDJaMCICEQC9PbXAKUrwF0WX5KEHuVhBFw0xMzAxMDMxNjA0MzBaMCEC +EGtEoefUels+mSowPpCOdVQXDTEzMDEwMzE2MDQ0MlowIQIQEb8nUdwjXCpj4jy0 +eqLDYhcNMTMwMTAzMTYwNDQ5WjAiAhEAwVtdQBfiZlc7Me9TFRm4KRcNMTMwMTAz +MTgyMTQ1WjAhAhBIe9efPVyCGFXjgSc3oqRYFw0xMzAxMDMyMTI3MDNaMCICEQDm +ATFqCbjc/fIeNsab9vpPFw0xMzAxMDMyMjI1MzlaMCICEQDEbbvIrLFbFGV5N3nu +060RFw0xMzAxMDMyMjI2MDNaMCICEQDn3yoxbyARJrkwBPi3FQYYFw0xMzAxMDMy +MzEzNDBaMCICEQCpAbucjidFJ0iJJi6mEduYFw0xMzAxMDQxMDUyMDBaMCICEQDV +EPASg6EUcLbmvcUbLn7WFw0xMzAxMDQxNDMzNDBaMCECEC82NhJlTGXFwAkVJ2f0 +VZEXDTEzMDEwNDE0NDQwNFowIQIQBhVmnO1jXYHKPzaW02hXnxcNMTMwMTA0MTYy +OTI3WjAiAhEAxwZA/9Q2wckGvXouHZOM+BcNMTMwMTA0MTgwODUyWjAiAhEAxbeA +QZluaOy3zf1ESDhRHhcNMTMwMTA0MTg1NzU4WjAhAhBs5A/KanR6H++rLijYp7Ik +Fw0xMzAxMDQyMDIyMDBaMCICEQDxSILCvzG5j+ydFsnwtXkLFw0xMzAxMDQyMTI5 +NTBaMCECEAsMgKmfhtgsviYkDQxzRyEXDTEzMDEwNDIxNTUxOVowIgIRAP3mhwEY +YO0aueX7F7Rdf3oXDTEzMDEwNDIzMDIzN1owIQIQMdmP94v6VGvtCxX4hGbduBcN +MTMwMTA3MDIxMzAxWjAhAhA/K5Rfh/FcD51uth24fMgdFw0xMzAxMDcxNDQwNDBa +MCECED6nnr2R7mP7VCR/SIpD0Z0XDTEzMDEwNzE5MjAzOVowIgIRAL5O8Wog7daZ +J7aIvfUyi54XDTEzMDEwNzIwMjQwMVowIgIRAL5pf8ndwEtsww/1uyHjYokXDTEz +MDEwNzIwMzIzMlowIQIQcuI86WPtzpwdvq54c9oL9xcNMTMwMTA3MjAzMjQ4WjAh +AhBfkjfF1SAWbKotbV7hkWoCFw0xMzAxMDgwNzQxMDJaMCECEGe8so0hmyRQixxE +XavRsR4XDTEzMDEwODE0MTI0M1owIQIQboR35hZn7ZjcIr65Z4xnuhcNMTMwMTA4 +MTUxNjM5WjAiAhEAwfbD9yqenXBwESijuCkIMxcNMTMwMTA4MTUzODUzWjAhAhBa +da/mXsQHbOH2IdGQ5eCAFw0xMzAxMDgxOTA0NTRaMCICEQCi9YBvilMGyrLrvfZL +Xvm0Fw0xMzAxMDgyMDU4NTBaMCECEAC9OOq0bNGePvMmZ+dhQugXDTEzMDEwODIx +MDUwN1owIgIRALCkVMzdu7GpQ8+rH18M36cXDTEzMDEwODIxMTkyNFowIQIQNM3w +H0H1WIni6uCKciJSFRcNMTMwMTA4MjIyMjQ1WjAiAhEAntqN78OmbDanV2cpa3fp +QRcNMTMwMTA5MDAxODMxWjAiAhEA2RZMhV+xLQpLWTBONRpI9RcNMTMwMTA5MDAy +MDE5WjAiAhEAxcDn9RVb8Kb6x/yiC0mZARcNMTMwMTA5MDAyMDU2WjAhAhB7Oh0+ +Jli0icgiS7+rXh3CFw0xMzAxMDkwMDIxMjZaMCICEQCIWY2LEVReN7cH9CREDvG5 +Fw0xMzAxMDkwMDIxNTNaMCICEQCiq3KMdsw1tlHfRRE448sKFw0xMzAxMDkwMDIy +MTZaMCECEDrcMdq/qUu0GZgUodKBABkXDTEzMDEwOTAwMjI0NVowIQIQGqCwgbvr +6yTPoD/6nNYiwhcNMTMwMTA5MDAyMzEwWjAiAhEA29TBxjpsqf6yiePjfS6+yxcN +MTMwMTA5MDAyMzQ0WjAhAhAso1B+Yxsqhckqt10nC072Fw0xMzAxMDkxNTA4Mjda +MCICEQCwotnsC17r2yxKKRPGj/UNFw0xMzAxMDkxNTU2MzdaMCICEQCD1H7gjKqC +m9ykyCOqGseEFw0xMzAxMDkxNjE4MTBaMCECEADjyN40nn2SK1FVxnuZiosXDTEz +MDEwOTE2NDcyNFowIgIRALY7xvw46aXL9BjibXSZXt8XDTEzMDEwOTE3MDc0Nlow +IgIRAIH1cJXHovWQgjvpDM9/N9EXDTEzMDEwOTE4NDg1MVowIgIRAPVTg5GoDZxI +df9O9hplnzQXDTEzMDEwOTE5MjM1M1owIgIRAN0pTqfIRyqYP7lTDS8ICiUXDTEz +MDExMDA4MjYyNlowIgIRALZ+fIOgbi3e9GeuE5dWjrEXDTEzMDExMDE1NDAzM1ow +IQIQcJAXRDzHwVu0JW8tuTo+IRcNMTMwMTEwMTU1NDI3WjAhAhBOHjcoCcUSZU2g ++IFVBpLPFw0xMzAxMTAxODQ2NTlaMCICEQCaTCQ2IZRplW4XQEN/tZPoFw0xMzAx +MTAxOTE4NDBaMCICEQCMU8rdzYiVFR7BEBB99qSGFw0xMzAxMTAxOTM2MjRaMCEC +EAg82dQY33VWEl3RNeF0liwXDTEzMDExMDIwMDE0MVowIgIRAIHGldGHp8gc4H+V +NW+B4PgXDTEzMDExMDIwMzMyNlowIQIQGr5bIlQbPULdgZGJvvjDnRcNMTMwMTEw +MjA1NDU5WjAiAhEAtk7H9WyuM3NRIbJAMjVAYRcNMTMwMTEwMjA1NzEwWjAhAhAD +IeWcC18QQI3sHnvH/eK5Fw0xMzAxMTAyMTE1NDlaMCICEQDO8g1UZtuWtklG5oyP ++bVmFw0xMzAxMTAyMTQyMTZaMCECEErDHCtFy2K3rnmKeLYslncXDTEzMDExMTEy +MjEwNFowIgIRANnxIgdrPVIjYsvcdPe0rwcXDTEzMDExMTE2MDExMlowIQIQHy1Z +TAcxdjb+LhQ1ofj1GBcNMTMwMTExMTg1NTU0WjAiAhEA+4LhP1ptoLwEuiQ3gLLA +ORcNMTMwMTExMTkwOTU2WjAhAhARcLyudq9d/NEF1qym66RhFw0xMzAxMTEyMjMx +MjJaMCECEAGv7Wj21Qh7+4x6g1kvq2sXDTEzMDExMTIyMzUzMFowIQIQBXch/aer +M4GwM+lYX9eT4hcNMTMwMTEyMDEwNDIxWjAhAhBJsTFKV1pHUPxbvyLGIwi2Fw0x +MzAxMTMyMDUzMjJaMCECEHZ5WU0FGbWAX3pBshFAvioXDTEzMDExNDAyMTMwNVow +IgIRAJK7g4KNsHsezwmfgKEeYgkXDTEzMDExNDE0MjMxMlowIgIRAOV8J4toC9cS +k8FOgVvpihgXDTEzMDExNDE1MTQzMVowIQIQDis8tRKkEynepJ69SCtEbBcNMTMw +MTE0MTYwNjMwWjAiAhEAipKri/FgwORB8hrAbyxq8BcNMTMwMTE0MTYyOTA0WjAi +AhEAncEQB9V+DlrMXbopS0ZaMBcNMTMwMTE0MTkyOTAzWjAhAhAmXBA3jzR2BAOm +rmfbHrRsFw0xMzAxMTQxOTQ4MzVaMCECEEzqdPVKfz4IA5907mfPUxEXDTEzMDEx +NDE5NDg0N1owIgIRAKFtqqLRZ/TvNkIlO2F0nI0XDTEzMDExNDIxMTkyNVowIgIR +AIPx3ATTM+mwka+yHVCZbHkXDTEzMDExNDIyMjA0MlowIQIQfsAy7pWK651lV6Jy +PLwV0xcNMTMwMTE1MDA1NzUyWjAhAhBW0wXeQz7pmHRResuzLHxwFw0xMzAxMTUx +NzU3MjZaMCECEFNQAdcNhexeIG4v1vwG2KsXDTEzMDExNTE3NTczMVowIgIRALt8 +mgvGzsQMi9lA/L46tsEXDTEzMDExNTE3NTczNFowIgIRAJu1fGOy9BvthCobi2sp +LaQXDTEzMDExNTE4MjQ0NFowIgIRAIL5EpMXbu3inPOuD0MhSUwXDTEzMDExNTE5 +MDY0NFowIQIQLTsMPLBCS+8PzwYx7n7tdhcNMTMwMTE1MTkzNDA0WjAhAhBL47we +tHH1vVG+yZaiAuEuFw0xMzAxMTUyMTA0MDRaMCECEBbakNB8UiHKuMGqRRdbiT8X +DTEzMDExNTIxMTEwOFowIQIQST22zAZG71CvzmUciVwmVxcNMTMwMTE2MTIxNjUy +WjAhAhBAe4Rw7MnGvhIVaRqvJI2hFw0xMzAxMTYyMDM5NDJaMCECEAs/ESmBGSTr +Ycqy5bHQpUoXDTEzMDExNjIwNDUzNlowIgIRAIRw4hrJyfXUPO7ys08qYR0XDTEz +MDExNjIxNDY0N1owIQIQPKqQSaBcvDB+s7RU7BehTBcNMTMwMTE3MDI0NjI0WjAi +AhEA6/t60v0DwIr3MrXxOoOcHhcNMTMwMTE3MTE1NjM5WjAhAhBkNu8b5fRltb9Z +uAhBnLCIFw0xMzAxMTcxNTU3MjhaMCECEBM6En6b0w1RcOSxlc/vSC0XDTEzMDEx +NzE2MTM1NFowIgIRAJIWlpp3HMGxdcDwkMSoxVcXDTEzMDExNzE3MzY1MFowIgIR +APs0mjj8rN4nzTrJ7owS29kXDTEzMDExNzE3MzgxNFowIgIRAOWLOcCns1yGAwHI +WiS+gxgXDTEzMDExNzE3MzkxOFowIQIQfK2pGs9gF/TB7je2JiAKoBcNMTMwMTE3 +MTc0MDQ5WjAiAhEAnFk9Ha7ZnG5l9+cDjkFcLBcNMTMwMTE3MTc0MjE4WjAhAhB4 +KO6KadZnD0Dd6X8+DJ2nFw0xMzAxMTcxNzQ0MzZaMCECEBitPjQz322e4IJal3Mc ++cQXDTEzMDExNzE3NDcxNlowIQIQNV70ROXnfdm2eTHSTW8bShcNMTMwMTE3MTg1 +NjU1WjAiAhEA5WnANTCRipSbTqR3CJIkDhcNMTMwMTE3MTkwNzUyWjAiAhEArfW0 +e3lAmavVEHGZ6UqUrhcNMTMwMTE3MjE0NDQxWjAhAhBB/hE2UBuJi+j50uBouxNF +Fw0xMzAxMTcyMjI3NTJaMCICEQDc6V8FwaFr5Y1OTtA1G0hzFw0xMzAxMTgwMjEx +NDJaMCECECQWinlu/Dls5K8MoRBuZj0XDTEzMDExODAyMTIxMFowIQIQVdU3XVBT +a2dyfjebtWkZARcNMTMwMTE4MDIxMjI1WjAiAhEAj2GJe5hyscaSPahmtPzsVxcN +MTMwMTE4MDIxMjM4WjAiAhEAtTuf/UERAuD6qT4YKyuT2RcNMTMwMTE4MDIxMzA0 +WjAiAhEA2iaeqaoE456Wr++rmyPyqxcNMTMwMTE4MTY0NjM1WjAhAhAxsdQNbDGt +/qBE99VJgRVCFw0xMzAxMTgxODI1MTNaMCICEQDpANdRPf/S8djnF/f9dP7iFw0x +MzAxMTgxOTIzMjFaMCECEBdvaTOcK85YNw72DRMvsLkXDTEzMDExODIxMTIwMlow +IQIQZkkIosq5SmHly8FwCSlaKRcNMTMwMTE4MjIzODM3WjAhAhBWBtKruCFt0Gyg +1aHJOxyuFw0xMzAxMTkwMjEzMDRaMCECEHGvgBz1WYgJYIGjS5IipNwXDTEzMDEx +OTE4NTA1M1owIgIRALqf5obPoVxgi6fwu9RGTTkXDTEzMDEyMDAyMTMwN1owIQIQ +CsNsjxDN14kHS30W4CL0dRcNMTMwMTIwMTk0NjE3WjAiAhEAuK3f3wBvo8ZgPIRg +jzJwYxcNMTMwMTIxMTQ0MzQ3WjAhAhBxhM7zdGleAH9uvZwWwdlnFw0xMzAxMjEx +NTAxMjBaMCECEB6K7bem1J6z1hU2ilnXDYIXDTEzMDEyMTE1MzM0MVowIgIRAIiJ +7hCxhCw/mhn5OJfWO5AXDTEzMDEyMTE4MjQwMlowIgIRAJE57f18zmi7fIJmlydp +oRoXDTEzMDEyMTIwMzI1MVowIgIRAPQqD3FpPUTfOHyuG3CNAhkXDTEzMDEyMjA0 +NTc1NVowIgIRAPh2wHZcCMjX7K+uHjVz9Z8XDTEzMDEyMjEzMzQwNVowIQIQGthJ +MijZOzkVHEacZKrr3hcNMTMwMTIyMTUzMjIwWjAhAhAZXtvh63oqjvP/TG/BvQxn +Fw0xMzAxMjIxNjA1NTJaMCECEEOiPvatDCUZ+JOzS4NjDPYXDTEzMDEyMjE5NTQz +N1owIgIRAJku+ZVkIaqnPJdwlGoCUogXDTEzMDEyMjE5NTczN1owIQIQTJamUqYq +dBPT9rirSNmh5RcNMTMwMTIyMjEwMDE3WjAiAhEA8CO4fJJPi36mW5l/B0Kv2RcN +MTMwMTIyMjEwMDM4WjAiAhEAoHfkg8agF9EWfvxpi7ChmRcNMTMwMTIyMjEwNDU2 +WjAhAhAWYBcIKxOSnkHDvwOCq5lmFw0xMzAxMjIyMTE1MjJaMCICEQC+XNygyGS5 +l0Wn6efEf55IFw0xMzAxMjMxMDI2MzhaMCICEQDuNbo4Mbqif1DyQ+brGhxAFw0x +MzAxMjMxMDQwNDZaMCICEQDQTaHH6BAcTFxM90FlwjfwFw0xMzAxMjMxMjE2MTda +MCECEGDPaZatwqttqBEgwpxJQIsXDTEzMDEyMzEzMTUyN1owIQIQHAC3F+Mujp4G ++/WMoDZ0zxcNMTMwMTIzMTMzNjA1WjAiAhEAj5ktfQrf/iNMP//p+A+USRcNMTMw +MTIzMTMzODE0WjAiAhEAq4dnAD22PK8aDjAtGtPHiBcNMTMwMTIzMTQ0MDUzWjAh +AhB2K9OrwGbhEJh7WQHx9NwkFw0xMzAxMjMxNzI0MjNaMCECECIyrLC7PB08QiHo +QDfk+JsXDTEzMDEyMzE3NDkwMVowIgIRAI3l37rXIz0MlI/JSTwSwrgXDTEzMDEy +MzE3NTAwNVowIQIQA4jFuxFVrRh1sX8oVxYDchcNMTMwMTIzMTc1MDI2WjAhAhAO +7skyzm185llUZB3S6RelFw0xMzAxMjMxNzUwNDVaMCICEQCrkylI6GfJbmF1BlPs +q7U8Fw0xMzAxMjMxODIxMjdaMCECEAK74MPoHxT95ZQ7D0UKNu0XDTEzMDEyNDE0 +MjAzOFowIQIQWa+Oo1vUBBBizJetJAbNdhcNMTMwMTI0MTYxMzI4WjAiAhEAsHIh +ZgKri94DiC5koLhhQhcNMTMwMTI0MTYyMTQ3WjAhAhAzYLjHsXjrJjQvJOJjETUn +Fw0xMzAxMjQxNjM2MTVaMCICEQDIrXfoXNY7wIVhMYxUXYGEFw0xMzAxMjQxNjQ3 +MjNaMCECEAY0jQLMysEiFMBHzYJqx5wXDTEzMDEyNDE2NTAwN1owIgIRAMeV7Yv0 +/Brt5xqP+/Zx5fAXDTEzMDEyNDE2NTg1NlowIQIQKj/nffIPW2rqfVEc69/IAhcN +MTMwMTI0MTcwMDI2WjAhAhB8nQg6uT3FiDqyWpadUDcoFw0xMzAxMjQxNzE1NTha +MCECECTE/BJvITFCnlQxvu5JUGYXDTEzMDEyNDE4MTkyMFowIgIRAPx6tiERUy2f +pAXgDS32+bwXDTEzMDEyNDE5MjAyNFowIgIRAPjgr2Eb2BD5UGOPdJe2q6UXDTEz +MDEyNDE5MzIwMVowIQIQQXK6chUCWBwG2HEn9F7trRcNMTMwMTI0MTkzNTI2WjAh +AhBLL9a9OH0OWt4lEqpfa8+WFw0xMzAxMjQxOTQ2NDlaMCECEGLXrp2QLZW2Hb+g +3yTJxlEXDTEzMDEyNDE5NTQxNFowIgIRAOEDc7lhuUuQWGqJzOF6bPQXDTEzMDEy +NDIxMzkwNlowIQIQV29NHg4670rToHOxoRsfGRcNMTMwMTI1MTM0OTQ3WjAhAhBa +JKCu7fUR+4EYh42Gj7WnFw0xMzAxMjUxNDQ4MTlaMCECEGWQY+LI5aacdfRX/W3I +hmwXDTEzMDEyNTE1MDUyOFowIgIRAKhYYV8OEzciWjx7q/Glo5EXDTEzMDEyNTE2 +NDEzOFowIgIRAJP48O7pQvu1LsBqSnjuSDoXDTEzMDEyNTE2NDE0NlowIQIQdLfZ +Fc+8ti4EcoyZ2PCUWBcNMTMwMTI1MTcxMDE4WjAhAhAE8JHp4kyebEajEMJyQXO0 +Fw0xMzAxMjUxNzU5MzdaMCICEQDfqddvh+zlc5e1u6jFx5d7Fw0xMzAxMjUxODI3 +MDlaMCECEAhGpA1dCwT9/0VzSFTsKuMXDTEzMDEyNTIwMjAwMlowIQIQObsNNaGv +C9aIab1TkO4K5BcNMTMwMTI1MjA1NjIwWjAiAhEAljJ/e3z5Tr84jEAEQxZYcxcN +MTMwMTI2MDIwNDA0WjAiAhEAlrWD+CttgFl8diTA2IAkrRcNMTMwMTI4MDgzOTUw +WjAiAhEApnMoR5BHKgsGz5BrEn7SthcNMTMwMTI4MDkxNTUyWjAhAhAH10puYxMY +yDiFF2i2syE0Fw0xMzAxMjgxNDQxNTJaMCICEQCaFH7obT7uDhd3AwMypqXuFw0x +MzAxMjgxNjAwMzZaMCECEEFYYnCXRhg/3/RNMQC+D2EXDTEzMDEyODE2MTQxMlow +IQIQcqhksqyIRrCQMhc51y/r2BcNMTMwMTI4MTYxNDE4WjAiAhEAvyYIlSUYyv7v +0mNGeaPljBcNMTMwMTI4MTkyODA2WjAiAhEAjBUaUZGVWE4pzvDCtpGk0RcNMTMw +MTI4MTkyODQxWjAhAhBFDzr6Pt5E3G4zYI/+cQCNFw0xMzAxMjgxOTU1MzdaMCEC +EHA8JakqMY7w6MCxYuUZwQ4XDTEzMDEyODE5NTUzN1owIQIQR5S7D6Gd9NkqVvwQ +c17AsRcNMTMwMTI4MjAxNDA2WjAhAhAkC8kf+VgyCeSUvKzk7guYFw0xMzAxMjgy +MTU3MjFaMCECEBqJRXbDpNswLgai8/8UtjIXDTEzMDEyOTA5NDcxMFowIQIQcone +dsbHU/GbFFWeHM4dtBcNMTMwMTI5MTQwODE4WjAhAhBDkozKX/oQi1c4y3mOnj6M +Fw0xMzAxMjkxNDA4MjZaMCECEEtUAyMfGCkR4oz/c3+C0lEXDTEzMDEyOTE0MDk1 +NlowIgIRALem6+tFdozqaqPtKbh+fcEXDTEzMDEyOTE1MzkwMlowIgIRAKmwHJWK +VC6pyqyGncQmMPcXDTEzMDEyOTE4MDMyMFowIQIQRN4hLEpJ/2FSkFCqnAxxVBcN +MTMwMTI5MTg0ODIwWjAiAhEA0Xi2dJ9wHQYZNFuAzSGWjhcNMTMwMTI5MjAyNjE2 +WjAhAhATtIJmpygecZgOPd1quJ4LFw0xMzAxMjkyMDU4MjlaMCECEFZSBPW1CTB/ +seH/uA7sidAXDTEzMDEyOTIxNDI0M1owIQIQfGgzBM++tQENlHrre6RGzRcNMTMw +MTMwMTQwMzQ0WjAhAhB/K1x8SF8ktZdQsCmIlqe2Fw0xMzAxMzAxNDExMDFaMCIC +EQDlIU6eB664ZtDJiuHtZuIAFw0xMzAxMzAxNDU4MTBaMCICEQCACsj++TY9Pq/x +CSB3CggzFw0xMzAxMzAxNTAwMjlaMCECEEiJfc7b44sGkUHlUxqltXsXDTEzMDEz +MDE1MjIxOFowIgIRAI8S1f/7joUvzJoefUM6J+4XDTEzMDEzMDE2MDAxNFowIQIQ +Egn1fT4nvmr/0fTr4HyZ2RcNMTMwMTMwMTczODA3WjAhAhAo/9vpgkpr7EYUVhZP +bB2gFw0xMzAxMzAxNzU1NTZaMCICEQD9aadQ9/8EAZm6OL0fRGK/Fw0xMzAxMzAx +NzU2MDRaMCICEQCNK3mo/dIYLpWzrf3wdLaxFw0xMzAxMzAxNzU2MTBaMCECEH9b +RF3z8cBjaRTY8Kbnx/sXDTEzMDEzMDE3NTYxN1owIgIRAN0/sihFNgEBA9+Ps+Ff +JAcXDTEzMDEzMDE3NTYyM1owIgIRANrbEvZu5YNO+jY81w9Qy+AXDTEzMDEzMDE4 +MDQwMVowIgIRANFFCxFGb1xszbU9JvA70cYXDTEzMDEzMDE4MTMwNVowIQIQE5Lk +F5TJi2T3cnIV19X5iBcNMTMwMTMwMTg0NDQ0WjAhAhBf4UbPYsuannZpGom64hWN +Fw0xMzAxMzAyMTQxNDJaMCICEQCysQvo8Yskd4Wit7nmvoRSFw0xMzAxMzAyMTQz +MDRaMCECEGfu0lhOBOXzWEjDEVCg1XkXDTEzMDEzMTE0NTQ0MFowIQIQcCL1Y/FO ++RcLBSu6rNlPMxcNMTMwMTMxMjAyMzUzWjAhAhAfHDUhQQs2Mr+zN2g5d0/BFw0x +MzAxMzEyMjQxMDBaMCICEQDV3GWKc2R+Wm/Hmc3bGwAQFw0xMzAyMDEwMDAyNTla +MCECEBJoutbIdLmHt6rnUbkz6BoXDTEzMDIwMTAwMDMxOVowIgIRANPQPOv9X0FM +OlLPI1IRdQcXDTEzMDIwMTAxMDUxNVowIgIRAIafFNZd9rX2JRRr6S7dqj4XDTEz +MDIwMTAzNTk0OVowIgIRAI/DeQu3Jj0N5Q0TYE2xPGsXDTEzMDIwMTA0MjYzNlow +IQIQZKzrFz6vDXbPePX+BSridRcNMTMwMjAxMTMzMTE3WjAhAhAfPXUD167mr4QZ +i06PsWGUFw0xMzAyMDExNjExMTRaMCICEQC4zf6ueyi+1DuuCPbqUVM7Fw0xMzAy +MDExODIzNDBaMCECEDWTZj6meRiKaa2rR+eyyd8XDTEzMDIwMTE4MzI0MVowIQIQ +K0DWFFWJTVbsznKQ6QQUMBcNMTMwMjAxMTgzMzAzWjAhAhAQGpqD5fexs/IXUYfD +J9Z0Fw0xMzAyMDExODUxMDVaMCECEBryIKj2k/eBU9dKj3Vd3PEXDTEzMDIwMTE4 +NTEwNVowIQIQPInoTO4aHjrLNcTGk2rGqhcNMTMwMjAxMTg1MTA2WjAiAhEAsYvP +eDCXW8c6g/rI3akifBcNMTMwMjAxMTg1NjA0WjAhAhAfHsta8hFk71YbmIJksWzT +Fw0xMzAyMDExOTI2MDdaMCECEG4R1sc4cwhXWsvCivepORcXDTEzMDIwMTIxMTYz +N1owIgIRAPj2b/byVfKuP1PYKraC/BIXDTEzMDIwMTIyNDQyNVowIgIRAPN9sdpT +vCCua7qpnGgCPogXDTEzMDIwNDA3NDAxN1owIQIQVnF85Ctov4aBZIqZmlceiRcN +MTMwMjA0MDc1MTAzWjAiAhEArpO2ZYpcUgPMMPyFuA0AkxcNMTMwMjA0MTQzNDE0 +WjAiAhEA8xBO0NNrz2jOTEMek5KYGhcNMTMwMjA0MTQzNTUxWjAiAhEAhpgdWjqw +W9q8onFRIA0C+BcNMTMwMjA0MTQ1ODUwWjAiAhEAgduUj4mXzlhgKGgyH8wwCRcN +MTMwMjA0MTUwODA1WjAiAhEAlUBJww3CiHjKUAeJW8+huRcNMTMwMjA0MTUyODU2 +WjAhAhBrMmDEev0YF3728PYRWcAmFw0xMzAyMDQxNTMwMjFaMCECECTOAhhQIb0j +CC/TL5HheU0XDTEzMDIwNDE2MDQ1MlowIgIRANnpHZheqZ3xhABqYaWNSuEXDTEz +MDIwNDE2NDAwNVowIQIQc5DhTJVlI+wvqFOcLKw2aBcNMTMwMjA0MTcyMDUwWjAi +AhEAicgCwOUctnJJ0o1ViyVSsRcNMTMwMjA0MTcyNzU3WjAiAhEA+/uBRoZgDYlC +SGc6/rPP5BcNMTMwMjA0MjAzMTQ2WjAhAhBcjqoAqnf3MFA+ihRm0QJvFw0xMzAy +MDUwNzA0MDBaMCECEDkBIGx0r31O4000foWqcdMXDTEzMDIwNTEwMzUwMVowIQIQ +dirsKgbFuHFBHzdXEBJAFhcNMTMwMjA1MTQxNDU1WjAiAhEA9ndNVdhORqEslPsh +pKSRcBcNMTMwMjA1MTQxNTE4WjAiAhEAyKZVjAbibu3XO6IqGiwD8BcNMTMwMjA1 +MTQyODUyWjAhAhAS+gnn/b16I1TSPbkg4s5pFw0xMzAyMDUxNTEyMjRaMCECECX3 +1iQ9mKGddDTUVw4JwZoXDTEzMDIwNTE1MTI1MlowIQIQMPqO4ZMXGeS/t1lRW+Et +5RcNMTMwMjA1MTYxNjI1WjAiAhEA29gi9E5PlejC8k8mDJi36RcNMTMwMjA1MTc0 +NzE3WjAhAhBfCPMbubFwRwamLwDLcp9ZFw0xMzAyMDUxODExNTFaMCECEGF7O1uW +XjlA0ZXFA41x+gMXDTEzMDIwNTE4MjAzOVowIgIRAN+Jm7Q2YrqhNbDlat4YvWwX +DTEzMDIwNTE5MzczNlowIgIRAIzEJOZJBQl+QtjTmIFcFgAXDTEzMDIwNTIyMjMy +MlowIgIRALchuPGm9z+5A+h7bSG1XB0XDTEzMDIwNjA3MDkwMVowIQIQWfggCc4d +5YXBw1vRRN8j2xcNMTMwMjA2MDcwOTQ2WjAiAhEAthPBbcfiWeJxlB20wAKKjxcN +MTMwMjA2MDcxMjM5WjAhAhARBjvgOL5Ru4qE6g6tna/lFw0xMzAyMDYxMzQ4MjRa +MCECEB6wdNi/dsrh2/MOy9MvDTcXDTEzMDIwNjE3MjcyNFowIgIRANwXAndeU6Gs +uGWFoxnWlAwXDTEzMDIwNjE5Mjg1NlowIgIRANL/pdezeVQ1N2XwvteMK38XDTEz +MDIwNjIxNDIxMFowIQIQZCPlx8rkkUkF7Nhss4Q+DhcNMTMwMjA2MjMzMjQ3WjAi +AhEAmokMNOxXyPVv+8D5xQAlURcNMTMwMjA3MTUxNjQ5WjAhAhAh2xn5qXV+L5yp +D1TX3b+5Fw0xMzAyMDcxNTMwNTJaMCICEQDXzHoSpTOrF0NbF6DJ6xGOFw0xMzAy +MDcxNTQ4NTVaMCICEQDpCMcDpFIrjR3CdaRi4gnoFw0xMzAyMDcxNTUyMTdaMCEC +EFZ7GX3Bn+9gTI8x+SRVhyYXDTEzMDIwNzE2MTYzN1owIQIQRKOKiyJZeRb5B+o4 ++pngKxcNMTMwMjA3MTcwNzMwWjAiAhEAswkLcKWu6Xfb221FixY1dhcNMTMwMjA3 +MTgxMTQxWjAhAhAZIUz5LQ94bw1aA2TJPnOHFw0xMzAyMDcxODE0NDZaMCECEHpR +TPLpCUUud4Lcf7qNqdgXDTEzMDIwNzE4MTY0OFowIgIRAJWeghyJi/fmhJQxsDDI +42sXDTEzMDIwNzE5MjI0MlowIQIQEOkedAPOHRgJpyr9r7gFXhcNMTMwMjA3MjA0 +NTUxWjAhAhB+wSc9mmUkYfLVzgnYjE7VFw0xMzAyMDcyMTExNTRaMCICEQDtIJS7 +dys/SHsjZiKARNsKFw0xMzAyMDcyMzAzMDFaMCECEHE2PwQ3dSLzr2IhcfItr+sX +DTEzMDIwNzIzMTExOFowIgIRAO4fDbJ6FivfkKH40s7c+UQXDTEzMDIwNzIzMzM1 +OFowIgIRAPqPZTgYyubFDu12QRyrwCAXDTEzMDIwODE0MDQyNFowIQIQaojRCawz +KPkipZQAFDJlQRcNMTMwMjA4MTUxMTQwWjAhAhBxKyUZAYO15Z42WfUIFDWjFw0x +MzAyMDgxNTIzMjRaMCICEQDnCH6FuMPcfdaQzYGywrcjFw0xMzAyMDgxNjE4NTRa +MCECEE6XU8LV82qbUOLrcCRzKjEXDTEzMDIwODE2MzMxNFowIgIRAOxRn7WE6K9y +EB9c/4E4S60XDTEzMDIwODE3MjMyNlowIgIRAJsqyHJhorpgIW6Vay3vGeUXDTEz +MDIwODE4MDkwNlowIQIQW83iXUH9Alm0AkllPaAqYhcNMTMwMjA4MTgyMDMyWjAi +AhEA5lsZYBXOKVrGH8zl0spVChcNMTMwMjA4MTgzOTQ5WjAhAhB81DkGp98m+D5B +2cTaMROiFw0xMzAyMDgxODQ2MzBaMCICEQDB7jL4r8xWM0kv7TfvRW/rFw0xMzAy +MDgyMDMyMTNaMCECEB5n5F7QLxjVPRdmSY6JYwIXDTEzMDIwODIwNTYyOFowIQIQ +GkurBKWFB98rOO7zsQCGwxcNMTMwMjA4MjE0MDIzWjAhAhBx9mPFcoykWd1xhQZg +dqj9Fw0xMzAyMDgyMjUwMDhaMCICEQD+7MUrvHjy0Uoj5W8WYcLeFw0xMzAyMTAw +NzM1MzlaMCECEG89yJp1Pu9nxdq+22TCOyoXDTEzMDIxMTAwMzgwN1owIQIQCuxG +MqVGQMXvV83bTX3E5RcNMTMwMjExMDIxMzAzWjAiAhEAy+178b5tFRrC9hl/A4lU +wBcNMTMwMjExMTAwOTM1WjAiAhEAqgNLDvdPpKEcEVVbLvS96RcNMTMwMjExMTIw +MTE4WjAiAhEAnmPEmheJXbiEwU1hZt3e7BcNMTMwMjExMTMzMTM2WjAiAhEA4WhG +Fo9fAADYITjz/Sr6VBcNMTMwMjExMTYxNDMzWjAhAhBbI/qixUlwM/POr7ubbAXR +Fw0xMzAyMTExNzE1NDFaMCICEQDdoZxlboaz2pWzkZtTq94iFw0xMzAyMTExODAz +MjBaMCECEFkyAd0E/PlBuc5yY0L2Sc8XDTEzMDIxMTE4MjEwMlowIgIRAMaDLlU5 +DiQ1cEDNHLORLO4XDTEzMDIxMTIwMTUzN1owIQIQHmRXK3Z0P/Tt3cE+qO4x3xcN +MTMwMjExMjEzMzEyWjAhAhBfirBvWdCnZEuMXPcTOHPHFw0xMzAyMTEyMTQ1Mzha +MCECEEpXr3LA5RiLcCAeb8jWYjQXDTEzMDIxMTIxNDg1OFowIQIQbb8CU4qfh/MV +nUlkNz2dsRcNMTMwMjExMjIyOTQ1WjAiAhEAsoRmP4IdsyR/ZBV/RDdASBcNMTMw +MjExMjMwMDQ3WjAhAhAySVlaGNQCTenoeVzr7/LaFw0xMzAyMTIwMjEzMDRaMCIC +EQDMkrUgphBq1gwM3mGIkjAxFw0xMzAyMTIxMDE0MjNaMCECEBaj+p3G470C0wAY +dYHvVM0XDTEzMDIxMjE1MDU0N1owIQIQa7ZcOXCW7BnkE3TP1er3DBcNMTMwMjEy +MTcyMjMxWjAhAhBQ2W+X78I0f27ocGoMUR/JFw0xMzAyMTIxNzU0NTVaMCICEQCO +P6+0ve9tnEVHLg2rExcHFw0xMzAyMTIxOTQ3MzZaMCECEDrfw/J9SzE8S6kbgnxS +TU8XDTEzMDIxMjIwNDgzOVowIQIQbWVDSeQUkY03xJ7LadK6uBcNMTMwMjEzMTYw +ODQ1WjAiAhEA2nu8zDOf/zVIoSwWaiYgEhcNMTMwMjEzMTYwOTA0WjAiAhEA8Is3 +MKPT7/FnrH0wtkw1GRcNMTMwMjEzMTYwOTE0WjAhAhAKx3+gnmlqBHzlGS/iI1ET +Fw0xMzAyMTMxNjA5NDNaMCICEQDWzD1syCAr7va3fbeV8c0uFw0xMzAyMTMxNjU5 +MDJaMCICEQCkj2yBn4LXelCQbm+mMi90Fw0xMzAyMTMxNjU5MzFaMCICEQDvnyiB +v6k9SgqpdqSBle6HFw0xMzAyMTMxNzIwNTdaMCICEQDW9YcZU2x9vbyyz7jnZS/0 +Fw0xMzAyMTMxNzU0NDdaMCICEQD8RJCZyqoiIamAe7nFEoumFw0xMzAyMTMxOTIx +MzVaMCECEHRqiYS36CCQinCk3j6m1wIXDTEzMDIxMzIwMTIyNVowIQIQVTRuUenf +S5W86ZYYC+NEOxcNMTMwMjEzMjAyODEyWjAhAhAoMzaApQIok+UsUsuiVObAFw0x +MzAyMTMyMDMxMzZaMCECEElXT2wbsqHRj9RfntvQ76MXDTEzMDIxMzIwNDAxNFow +IQIQDMJU0DV4fHVDiGMJIXY+SRcNMTMwMjEzMjA0MDIyWjAhAhAqm10FVz5OSzNn +RH4t5oLnFw0xMzAyMTMyMDUzNDdaMCICEQDIZjwnx4TjdfZYjLzkh+ChFw0xMzAy +MTMyMTI1MDlaMCECED1xsw4AnAYeIrNyMDK1xWoXDTEzMDIxMzIzMDcwOVowIgIR +AMD7ezWkrHFRoEecAHYwTJsXDTEzMDIxNDEyNDg1NFowIQIQbVsb/6nO1zabv2sH +v2ChbxcNMTMwMjE0MTcxMjMwWjAiAhEA6Cq76PbAP5Lgs4QVoB+LBRcNMTMwMjE0 +MTg0MjI2WjAiAhEAlgAFOSoRzbLFNtT74Rwm4BcNMTMwMjE0MTg1NjI1WjAhAhA6 +tPcpiTIgOmzEDSAXzj+wFw0xMzAyMTQxODU5MzlaMCECEDm3GHm6G9gXinbYw+hw +zIoXDTEzMDIxNDE5NTExM1owIQIQLxE93TM3VJBkEsvSnk65rhcNMTMwMjE0MTk1 +MTMzWjAiAhEAov5p8DLUb+64iCmBZpVY8hcNMTMwMjE0MTk1MjI3WjAhAhAPBxZp +MtGLqavaLVM93ZPhFw0xMzAyMTQyMDEzNTBaMCICEQCXnuPWwpc7syTwSthSeN60 +Fw0xMzAyMTQyMDQxMjFaMCICEQDcyUO32POih38y2xk37tbNFw0xMzAyMTQyMTUw +MjNaMCECEDS7Y34MU5RLPTrY2VyR+scXDTEzMDIxNDIyMTM0M1owIQIQP/dYq/Oo +Yv3w8mYlCMAVRRcNMTMwMjE0MjIxNDI1WjAiAhEA62zgx/Wp/4xGuDNn9Zp2axcN +MTMwMjE0MjIxNjE0WjAhAhAFPmIaK27xn+2ruXjk+xtlFw0xMzAyMTQyMzIwMDVa +MCICEQCENIbt/g/BZzVaegJo8z6UFw0xMzAyMTUxMjE4MzFaMCICEQCK8EGc/b78 +2zUFvtB6Hd8JFw0xMzAyMTUxNDEwMTFaMCECEG4aPYWPZdQMgo84kCdryB8XDTEz +MDIxNTE0MTEzOVowIgIRAM833KI3sPl/EqV5NubBIycXDTEzMDIxNTE1MjAzMFow +IQIQDZsn3SWrFdp3w4wYxEBVOhcNMTMwMjE1MTUzODE3WjAhAhAjbsmK4rGJsbkM +5tb2FhJaFw0xMzAyMTUxODMzNDJaMCECEBsolW8NEBcWsIjOY5iQYMwXDTEzMDIx +NTE5MTExMlowIQIQRvyZgSmkeo4txiHhOqTQKBcNMTMwMjE1MTkxMTI3WjAhAhBt ++D1nZDGYp51JJhHT/zTsFw0xMzAyMTUxOTM3NTdaMCECEFWW7qoNe+WbCPqPp6Wt +3+gXDTEzMDIxNTIwMTkxMFowIQIQPl5jAIqXBOaIeE23g08G1BcNMTMwMjE1MjAz +NzE2WjAiAhEAnYGg/Z3/3jnCp/FDGDpXUxcNMTMwMjE1MjEzMzUwWjAiAhEAifM1 +b+EuFrKSqVMc97oFiBcNMTMwMjE2MDA0MTEzWjAiAhEAnCI8GCXiPzJ/J8vAUQI/ +1RcNMTMwMjE2MDM1NjIyWjAhAhA+zxOYwp7DMo34KjahGGK1Fw0xMzAyMTYwNDI1 +MTdaMCICEQD072ELKykus9JS0ytEPlZRFw0xMzAyMTYwNDI1MThaMCICEQDjK6R6 +SNlYUWv2cSkKg2yEFw0xMzAyMTYxNDQ3MzFaMCICEQDcfon405M5Wbr66ZXEixZb +Fw0xMzAyMTgwNTE3NTJaMCICEQD+cflk+fqqFc/cOqBApP06Fw0xMzAyMTgwNzIw +NTFaMCICEQCwtBR1G9OFVLNOH88Nm9PyFw0xMzAyMTgxNzQ1MjBaMCICEQCayHFh +awskp/VdtXhwhJxeFw0xMzAyMTgxOTUyMzBaMCECEH3XlQrwQY6Ut94N61CbLmMX +DTEzMDIxODIyNTAxNlowIQIQFwGMgEwFrrHBc/rt9F5DdxcNMTMwMjE5MDE0OTEx +WjAhAhB4O17SGj1/QJno8Thx9DCzFw0xMzAyMTkwMTQ5MjNaMCICEQDS5OFlLzgq +/j4Wh+PMadHGFw0xMzAyMTkwODMwMDFaMCICEQD2ID7Ld2vtrPwjZ9I4hdjUFw0x +MzAyMTkxNTQxNTVaMCECEBxkCwj1NOJBJ70Iz497nOMXDTEzMDIxOTE1NDczM1ow +IQIQIUCE6Oq8GXmbvGVVDoScOxcNMTMwMjE5MTU1NjM4WjAiAhEAr2hQ7uzCFrlb +vTS6mr+GRBcNMTMwMjE5MTU1ODQzWjAiAhEA6MdTU//EG4BxE9Z6LQUoFhcNMTMw +MjE5MTY0ODMzWjAiAhEA3b0a/tDz37cAkI+TIPxURBcNMTMwMjE5MTY0ODU5WjAh +AhAUDR94TKjubjihEXxHgu/1Fw0xMzAyMTkxNjQ5MTdaMCICEQDQHLJUStNufRHA +cWxfLHRtFw0xMzAyMTkxNjU2NDJaMCECEBgnj5XCdY9Cfst48WnVDokXDTEzMDIx +OTE3NTM1NFowIgIRAMVQme4+9EBbx2GQaTehk9cXDTEzMDIxOTE4MDExNlowIQIQ +U+03r3nW3W3veR+VXm6NnxcNMTMwMjE5MTgwMjQ4WjAhAhBPJa92Tpv3ozRb6QXv +HxtWFw0xMzAyMTkxODA4NDFaMCICEQDb9CdarrOkZHKsELzJ+HWaFw0xMzAyMTky +MTUwMjNaMCECEG4cOqyZMwyoFkq45NMIHagXDTEzMDIxOTIxNTAzNFowIQIQS/dZ +dx3kPxxyds11rlUUDBcNMTMwMjE5MjMyNzMzWjAiAhEA/pZEuXYv+WKwEHE1SvPV +nhcNMTMwMjIwMDk0MTU5WjAiAhEA/ck01GPfXmnE+EIb7CpUvxcNMTMwMjIwMTcx +NTI5WjAhAhB+Q2pks+a6dzz/b1q+NxRYFw0xMzAyMjAxOTQ5MzdaMCICEQCz1yWx +EFN09SJnZwtldFpPFw0xMzAyMjAyMDA4MjlaMCECEHVxSNnxQpacAR9GT/WBYmsX +DTEzMDIyMDIxMTQyMlowIQIQNrf0rv+DFLcUwucaeyrnmhcNMTMwMjIwMjEzMjI3 +WjAhAhB+l/BhMkILwF5tU7pxu8XHFw0xMzAyMjAyMTQyNDlaMCICEQDRNgDXkg9G +4td3lULJ5ZEOFw0xMzAyMjEwMjA2MzFaMCICEQCOzDWJ02I2jNqsx2RXf4BCFw0x +MzAyMjEwODIyNTFaMCECEFqYL7n3d0eTJHXLMfLt2nEXDTEzMDIyMTA4MjM0Mlow +IQIQOTdQJ91i2wSQLhxMHGKwpRcNMTMwMjIxMTMyNDE0WjAiAhEA16ZUJlHH3kRi +aCg5vvMC5hcNMTMwMjIxMTU1MDM0WjAiAhEA0K72BNo4aSx8wrS8vHxTZhcNMTMw +MjIxMTcwNDEwWjAiAhEA1gpq/eZqxsSBdGyMxPbMaBcNMTMwMjIxMTczOTQwWjAh +AhAS5MWwypVtjeA03xDvWr78Fw0xMzAyMjExOTE5MDBaMCICEQDaV5xO+vb7q1qp +L00fULyNFw0xMzAyMjEyMDAxNTdaMCICEQCU+ZnvE8hIWQ22ojT4q6quFw0xMzAy +MjEyMDQ3MzBaMCICEQCwSetjzdGqpLjm9FSV1g2GFw0xMzAyMjEyMDU0NThaMCEC +ED8hvQxkFJtDBrNfZ7c553EXDTEzMDIyMTIwNTUyMVowIQIQH5PjObDoskQZL0b8 +S2raUBcNMTMwMjIxMjA1NTUwWjAhAhAc/cR1pnE8p/UuIs6XDc2bFw0xMzAyMjIw +ODIyNTBaMCICEQCUdCxg6GQz/ILN180kw2s8Fw0xMzAyMjIxMTIwMjdaMCICEQDa +pbEZKSuZ46RCuRrIIuhCFw0xMzAyMjIxNDIwMDJaMCICEQC/inT8I0KWBZr915PI +evP0Fw0xMzAyMjIxNDIzNDBaMCECEDNk3ABGfi+n7NefXpZf+D0XDTEzMDIyMjE1 +Mjk0MVowIQIQLhDEIphcdtrxQgaipPy3jBcNMTMwMjIyMTYyODQzWjAhAhAmFgF5 +YVwhwP+vF5RojHvjFw0xMzAyMjIxNjUzNTlaMCECEBG4uEUFjpHAnwIIY3rXyz0X +DTEzMDIyMjE3MjUzMVowIgIRAJcru9I/SaSGuKSDyVB2u3gXDTEzMDIyMjE4MzMz +N1owIQIQCkvpD0ABYuL0BWH4V+WxERcNMTMwMjIyMTk0MjQyWjAhAhAiE6c/dYR9 +qoi0a9whrrE2Fw0xMzAyMjIxOTQ4MjZaMCECECxWg3SNEf2wI4j9df0Uza0XDTEz +MDIyMjIxMjAzNVowIgIRAM8tmYmLo6e/E24BjkCmmJcXDTEzMDIyMzIzMzQxNFow +IgIRAJlsqTLrlE+V8bqroU9QxE0XDTEzMDIyNDIwMjk0MlowIQIQb3QQ+MY/S2Nr +7cVlq3sChRcNMTMwMjI1MDIxMzAyWjAhAhBU9Ge2G7hvh8USZzqq4ZVuFw0xMzAy +MjUxNDU3MzRaMCICEQDfjox/tgryblOAohzKqOKrFw0xMzAyMjUxNTU3MDhaMCEC +EGybbOTVKSTPm80x4R7PXa0XDTEzMDIyNTE3MTc1MFowIgIRAIYblGnNTBEvmTDe ++n1g034XDTEzMDIyNTE3MTk1MlowIgIRAPQkc5E/AgApP2kvABUA2LwXDTEzMDIy +NTE3NTQ1MVowIgIRAO8/l3omazmosT3ZMD7QSpoXDTEzMDIyNTIxNTk1MVowIQIQ +E57ARseNyMTzrm+I+IZzihcNMTMwMjI1MjIwMDE0WjAhAhBOrNSqZ//gzfkbQrGZ +7l7oFw0xMzAyMjYxNDI3NTdaMCECEAcNuECRuq5h3f/iQPwubPAXDTEzMDIyNjE1 +MTI1OVowIgIRALloThAlUBQzUFXJqbx+4awXDTEzMDIyNjE1MzcyNlowIQIQMY/S +N22BAUE0OJlFKwTaVBcNMTMwMjI2MTYxMzM0WjAhAhBKIb8UYkInnVIHLoKrJuCk +Fw0xMzAyMjYxNjIzMDJaMCECEAKtL03TaGDH+0z0C/8P2zkXDTEzMDIyNjE2MzMw +MFowIgIRAPFm1XnnRsWst61DqPB1Vr8XDTEzMDIyNjE2NTU0M1owIgIRAP26bNcg +9AQQ1o+3lKR3z30XDTEzMDIyNjE3MzgxMVowIgIRAN4IqnQI8KAjzPltzGhiuhgX +DTEzMDIyNjIxMDkxNFowIQIQYxOfZvA4rT290HLP5AbwhRcNMTMwMjI2MjEyMzUy +WjAiAhEAuAeXuij2IvHd7FdNjxUZNhcNMTMwMjI2MjE1MDM4WjAiAhEAjyFnf97/ +I3IGl2QDOJT2LRcNMTMwMjI2MjE1MTM4WjAhAhAOpyiVkKeF1HnzdCjXOGakFw0x +MzAyMjYyMTUxMzhaMCICEQCBZ90VZTajkEerYTsCEBfkFw0xMzAyMjYyMTUxMzla +MCICEQDfSpLrQOiIIAwckqSTPdOqFw0xMzAyMjcxMjA0NDRaMCICEQCy+bPx59wn +xLryhtRe38X5Fw0xMzAyMjcxNDMyNDBaMCICEQDLyQJbqx0a3a9AVbZcA6aEFw0x +MzAyMjcxNTIwMjZaMCECEFaeKA+rj+8YSgF+uWdRkOoXDTEzMDIyNzE1NDMyMlow +IgIRAPkOrbv1DDUGXy5jlUuFwBUXDTEzMDIyNzE1NTE1OFowIQIQWFMdBbAlw4dK +NjkYQGBEAhcNMTMwMjI3MTYxODA4WjAiAhEAsYQEDdY8lxMz1el1Io9jthcNMTMw +MjI3MTcwNDQ2WjAhAhBsd8e4hF+UQKrPDoz3tQl/Fw0xMzAyMjcxNzIyMjJaMCIC +EQCW22zJlfM30O0Wow6lEpPLFw0xMzAyMjcxNzI2MDJaMCICEQCo6mD/UA4Nvy0+ +mRdDttZgFw0xMzAyMjcxOTI5NDBaMCECEGYsVGBAGSl4dik/KbD9BPkXDTEzMDIy +ODEwMTcwMlowIgIRAKymWGWi1RGa0k9OL6kDCeQXDTEzMDIyODExNDY0NFowIgIR +AIxd+KcCQEJ8W6KSvEao+7MXDTEzMDIyODEzNTEyMFowIgIRANxUj2ltgfN4fCiA +8PC5l90XDTEzMDIyODE1MDMxMlowIgIRAM0L0iXHHuFnxhNOhWmzT/UXDTEzMDIy +ODE1MTMxMFowIgIRAMEIY4fPPtHLpy33sxe5roAXDTEzMDIyODE1NTgzOVowIQIQ +RBDuU5IRvcCYr47qaz4WghcNMTMwMjI4MTYwNjI3WjAhAhB6NSDS3Kg6AicvoEq/ +2OnFFw0xMzAyMjgxNjM2NDlaMCICEQDLcrFvNahpnUq6LBb8fYMfFw0xMzAyMjgx +NjUyNThaMCICEQCADGINU+iistIdK23WdByMFw0xMzAyMjgxODM2MzJaMCICEQDk +gKG7aP9TlmyM2PuHjDMzFw0xMzAyMjgxOTE0MjdaMCECEEvraeoExhDAuCgTuVQd +6+wXDTEzMDIyODE5NDEwNFowIQIQQNtI8i9XeX+ZReMKeObEihcNMTMwMjI4MjEx +NTE3WjAhAhBF9ImRbhtjF6WQWINmIpXYFw0xMzAyMjgyMTIwMTBaMCICEQDbaoRe +LdExOUzmtBl0qbt8Fw0xMzAzMDExNTQzMTlaMCECEE+j1uBWffzUIRAUzd8R+xYX +DTEzMDMwMTE1NDY0NVowIgIRAJK7Q2N+PtCtZUFAtL5RFesXDTEzMDMwMTE2MDY1 +MVowIgIRAInTfhwhEhZ8MfNIGbHUAWkXDTEzMDMwMTE2MTE1NVowIgIRANeHwn0z +WpC0rLGQLAKbUF0XDTEzMDMwMTE2MTYzMlowIQIQGBSjAtU51X6TG0A+5x2dcRcN +MTMwMzAxMTY0MTMyWjAiAhEA79GGdSKhIHzi5ft57tToJRcNMTMwMzAxMTgxMzQz +WjAiAhEAwbOhPLfR1wysbLG8GpX+rxcNMTMwMzAxMTkyMDEyWjAiAhEA96QijA/X +0e7imB4RK17OohcNMTMwMzAxMjE1MjIyWjAiAhEA3+NGeMTU7pTtI7om9z72kxcN +MTMwMzAyMDIxMzA1WjAiAhEAyviZczojI6X7Yc7NX6FrUxcNMTMwMzAyMDIxMzA2 +WjAiAhEA0BnGRPOQDP4d0+vCZv1MgxcNMTMwMzAyMjE1MzU2WjAiAhEAr5ynVBTE +Gs7OGANWQtWL9BcNMTMwMzAyMjIxNDAzWjAiAhEAl3Qp0l8sKkRb885oV/g+SRcN +MTMwMzAyMjMwMzIwWjAiAhEArBvE4A20ei2WBXRj/rNXPxcNMTMwMzAzMTczNDU0 +WjAhAhBs3odzKaK1j3LMGyoHOitkFw0xMzAzMDMxODM4MzdaMCECEHC+fBR/KLjS +7zNKwGmSJaUXDTEzMDMwNDE0MzcxOFowIgIRAMDMbw+Ffi/NkaG+7iCacTAXDTEz +MDMwNDE3NDM0OFowIgIRAPu9LQGWwFdOVYsx43WTa+AXDTEzMDMwNDE3NTAwMFow +IQIQdqARvbHWsr4fkptzflkUOxcNMTMwMzA0MTc1MjM5WjAiAhEAkUcxpB3rTYHX +vlxYVzQqEhcNMTMwMzA0MTgzMzM3WjAiAhEA7ZTc4vXhh/Hn/ZzzUE4OXxcNMTMw +MzA0MjA1NTM5WjAiAhEA/9jiQNbJ07cXLEsLvT+L2hcNMTMwMzA0MjA1NTM5WjAh +AhBv+PrUiPxNGfUYPMEQZXMRFw0xMzAzMDQyMTQyMjBaMCICEQDZuyD3pxTmeJbi +gTJlcEpZFw0xMzAzMDUxNjMzMjJaMCECEA/K3SytW7eGcr+dF4W2R/MXDTEzMDMw +NTE2NDgwMFowIQIQSrikiMvhVsD2pAmBtyqLchcNMTMwMzA1MTY1NjA5WjAiAhEA +oJGlR8A3oSwNgXJmmsbBHRcNMTMwMzA1MTY1ODMxWjAiAhEAwJKf/Lt1X1ZzuCtI +QKcs/xcNMTMwMzA1MTcwMDUwWjAhAhBF3/wwHcljl82ewIVbx1OSFw0xMzAzMDUx +ODIxMjdaMCICEQDE40JsbBi7rTOvuFkeBo0rFw0xMzAzMDUxODI0NDZaMCICEQDF +nsy69Hv0BZWCBP2W6h5oFw0xMzAzMDUyMDE4MzRaMCECEFCOXtU7nQoHYYtkoMOZ +jsgXDTEzMDMwNTIwMjMxOFowIgIRAPQBpq1+EFL4Bh2cy1nfoMEXDTEzMDMwNTIx +MjEzNVowIQIQZjW1BWp01zp1X+jsH+TOaRcNMTMwMzA1MjMzNzEwWjAiAhEA/zLY +7t/O1sSl3GsKfgtGUBcNMTMwMzA2MDA1NTQ2WjAiAhEA4RymuRtKKUK+des2rehn +VBcNMTMwMzA2MTAyNzQ5WjAiAhEAkXxDlWqAUQ6v2feLmHz3CxcNMTMwMzA2MTA0 +MDI5WjAiAhEAiGWZQwYtTX3gS++1KJN9JBcNMTMwMzA2MTA0MDQxWjAiAhEAyoPt +QslZuu0nSrHAho5WQxcNMTMwMzA2MTA0MDUwWjAiAhEAtjB57sufRoJ4JIIrZ+e4 +XRcNMTMwMzA2MTQ1ODU1WjAhAhAc9h/eN5wXUf2x78wYdHZSFw0xMzAzMDYxNTIw +MTNaMCECEESKmqdLvYSMTpH5YVP+/NsXDTEzMDMwNjE2MTk1NFowIQIQKGMZHjL4 +aYf/h1cDDeyFChcNMTMwMzA2MTgyNTI3WjAhAhAzMa6rQysPFBA25lgHHcuVFw0x +MzAzMDYxODMzNTZaMCICEQDRWQGMc12FMIlJSankTQB/Fw0xMzAzMDYxODUyMTZa +MCICEQCo8GxjPkeiQPS40AvAo49PFw0xMzAzMDYxOTEwMTlaMCECEHyp+rYeKWMO +e38joa4qmtcXDTEzMDMwNjE5MzE0OVowIgIRAJYqCbzu4ojhbqeEqGzFjXUXDTEz +MDMwNjIwMDMzOFowIgIRAIQGOXpDJGqlW8PU9wdcJlgXDTEzMDMwNzEzMzYwN1ow +IgIRAOeka+LWAuNnNFUDNGy2V+IXDTEzMDMwNzE0MDIxNVowIgIRAPv5YBDYUfym +lyTK7oLi+nQXDTEzMDMwNzE0MDcxNFowIgIRAK26jZ9pMrDWpDvGN1rlbukXDTEz +MDMwNzE1MDMxM1owIgIRAKhTHbVN1+Hon8JjIV+znS8XDTEzMDMwNzE1MTMxNFow +IQIQNAcybNkur8S63+qear3mdRcNMTMwMzA3MTYwNzI0WjAhAhAeGxGWofFvDO3v +yFpjPmMiFw0xMzAzMDcxNjA3NTVaMCICEQDEoEOtsaej+YZTtjxazJqbFw0xMzAz +MDcxNjEyMjdaMCECEGjiAxlAuysOUwikplFJIooXDTEzMDMwNzE2MTIzMFowIQIQ +f5meQpzgHbACVv8cQjXgkBcNMTMwMzA3MTYxMzE4WjAiAhEA8k6Ff51KUJAPQUKP +WdTUrRcNMTMwMzA3MTcyOTUxWjAhAhBnvFafK6c70EmmZXMNR8w8Fw0xMzAzMDcx +NzMwMjZaMCICEQC61OfCuUHf0KTaAMOhygT6Fw0xMzAzMDcxNzM0MTNaMCICEQDH +1dpgA7s6vuXSz+ERa2IxFw0xMzAzMDcxNzM2MzhaMCICEQC0aCffgVYr4MwrOVnP +arYqFw0xMzAzMDcxNzM4MjNaMCICEQDT+d/ZlE1gC1pJ6Bn8RFk7Fw0xMzAzMDcx +NzQwNTlaMCECEBIM9qqBWYLXi20NM+knJMYXDTEzMDMwNzE3NDU1OVowIQIQQecE +hron/kkuAH0tdpJNjRcNMTMwMzA3MTc1MDEyWjAiAhEAziVcVkNWeemSbAp7WRY2 +JBcNMTMwMzA3MTgwMzEzWjAhAhB7UABHRP60LTpx6GbZphH6Fw0xMzAzMDcxODAz +MzVaMCECEAx998AteIePNLzzQtM1o3sXDTEzMDMwNzE4MDQyMFowIgIRAM7mLzc1 +eoul8irbakT8RboXDTEzMDMwNzE4MDQ0MlowIgIRAKNa8oeusdAolugVr1uc7tcX +DTEzMDMwNzE4MDgzOFowIQIQYttF/dq9d+ups+gvUBBMpBcNMTMwMzA3MTg1NTA5 +WjAhAhAHRCTwVLdkD/eIkogSh2k1Fw0xMzAzMDcxOTQ4MzhaMCECEHjGBVFjF9mC +cpBfIgPp4TMXDTEzMDMwNzE5NTU1NVowIgIRAJXZaVKSuL3+Jsuf/lR3crwXDTEz +MDMwNzIwMDQzNFowIQIQHIV1bDwUJ99lvQ9VtpAc2xcNMTMwMzA3MjAyMDM0WjAi +AhEA+1qVOHzrL6/PDMATrqO/qRcNMTMwMzA3MjAyNzUyWjAhAhAcD3IACWg826gX +/p0gE2+HFw0xMzAzMDcyMDI5NDJaMCICEQCQvgrn6wFzfzAYJVnbdMz8Fw0xMzAz +MDcyMDI5NThaMCECED/zq2TlPb1HmUt66ziGE3YXDTEzMDMwNzIwMzAzOVowIQIQ +NBCSJOIpDa84agfu61CvxhcNMTMwMzA3MjAzNjU4WjAiAhEAh44nYctScENii/Gl +XyY2lBcNMTMwMzA4MDAwNzAxWjAiAhEAgA3u2WvDKjecgr0jvfjoTRcNMTMwMzA4 +MTQ1NjM0WjAiAhEA9lhJJYHVr38dBTQ4DtY2ZxcNMTMwMzA4MTQ1NzMzWjAiAhEA +h6qmrYagKeK5iZQa9f144xcNMTMwMzA4MTUwNjA1WjAiAhEA5Q+e7Q35cQjlpaso +05hSvRcNMTMwMzA4MTUzMjA0WjAhAhAHHk8IIozE/VXD14SYBIWHFw0xMzAzMDgx +NTMyMjVaMCECEF7LnuTmEoZ+mW6guR0RZdEXDTEzMDMwODE4NTA0NFowIQIQNhj7 +VqfhunkIk6fuX3DB4xcNMTMwMzA4MjEwMzM3WjAiAhEA0i4Z3wyfAC/65U2Vc5yl +6RcNMTMwMzA4MjExNzA1WjAhAhBmIjp5BU/woOslr/m209b6Fw0xMzAzMDgyMTQ1 +MzRaMCECEGUu3Bpl4XCOUXl/h5Q6k+sXDTEzMDMwODIxNDgwNVowIgIRALbcToGO +NK2Ut36yROhcHjMXDTEzMDMwODIyMTIzNFowIgIRAOwldwjTm73Zpl9HjXpdYMEX +DTEzMDMwODIyMTI1M1owIgIRAMXDRIP6f7dAkZ4oAdqABUUXDTEzMDMwODIyMzIz +M1owIQIQdQ1Kwtvo+P0qZCm2STtxBxcNMTMwMzExMDcwMzE2WjAiAhEAtN+WwOy4 +iGPOXQvZFc6EzRcNMTMwMzExMTMxNzM2WjAhAhBlXStDpipi2CkJFRxdJuJXFw0x +MzAzMTExNTQ2MjlaMCECECQ3GYJR2Cr8cc/6X8RoZ1IXDTEzMDMxMTE2MTQxNlow +IgIRAM3l1uiWWXKVwpeSMYvXtCwXDTEzMDMxMTE2MTc0OFowIQIQKX3+jpCcQZ3s +FxBDnpCFjRcNMTMwMzExMTYyNjQyWjAiAhEA3TrIfVDsRyW/qoOKmTf4uhcNMTMw +MzExMTYzODE0WjAhAhB6+6WkIMbrgOIyboUSSHqfFw0xMzAzMTExODA5MzFaMCIC +EQCWUXt1CfIIX/AUFgteiAcZFw0xMzAzMTExOTA2MDFaMCECEDhU4ioRtytVei4C +H56IyCkXDTEzMDMxMTE5MzExM1owIgIRAKfdUHY0g6Et2eOPMQyqXKIXDTEzMDMx +MjE0MDQ1M1owIgIRAIqMZ+KAe/OVfFEWAASlswAXDTEzMDMxMjE1NTMwM1owIQIQ +eCUf1sJJf94H+9oB/e6xCBcNMTMwMzEyMTczNDIwWjAiAhEAxkcI6A0SOIuyWi67 +tMSeVxcNMTMwMzEyMTgzNTM0WjAiAhEAqzzJ2QFXiHcbwevjLQt3wxcNMTMwMzEy +MTgzNjEzWjAiAhEAz+2RywYcGnNjqq1wlHhrjRcNMTMwMzEyMTkyNDE2WjAhAhB/ +MmHU9GWMcIWXT4buTnPfFw0xMzAzMTIxOTI4MzFaMCECECmlkDzw6MpVydHkYg4G +KwsXDTEzMDMxMjIwMjY0MFowIgIRAMjMzNxlE5L5wn4OVtuBtdsXDTEzMDMxMzA5 +MDYwNlowIQIQSje8UUvKza1uYMOZPtsTURcNMTMwMzEzMTMzMzMyWjAiAhEAw5y8 +QGODl3zX05AzYa3FJBcNMTMwMzEzMTQxNDMzWjAiAhEAv2wXY0P4uDglBkTSWp5l +kBcNMTMwMzEzMTQyMzU3WjAiAhEA2AEoePx8/23tOtUmwjXFWRcNMTMwMzEzMTQz +NTU5WjAhAhBPfJyVgvdvp0ud9mrCxrpaFw0xMzAzMTMxNTIyNDJaMCICEQCaYopW +iCOkfVYAXpA1QsrYFw0xMzAzMTMxNjI2MzZaMCECECygFIEdXqmHifFPGwg4EwoX +DTEzMDMxMzE3MDUzNFowIQIQdrh41acjXmq2N+AY2X7p5xcNMTMwMzEzMTcxMTM1 +WjAhAhAuQQXukMVE/AAxi+kKsD2HFw0xMzAzMTMxODE0MTBaMCECEEUbR89aEYNu +oYNxwuanL2IXDTEzMDMxMzE4MTQxN1owIgIRAILY0DcvaqZZ9zqmzcxqqkkXDTEz +MDMxMzIwMzYxNFowIQIQc2MUu9zbRCdiuf/lhZRYIxcNMTMwMzEzMjA0MzA2WjAi +AhEAg4lP6GGHaMcWthSMPOXE3BcNMTMwMzEzMjA1MTE0WjAhAhB6KVdC4PpZSxrV +eOLudBoaFw0xMzAzMTMyMTEwMTFaMCECEH2sRq+yO1UTmO2RNC2g7wMXDTEzMDMx +MzIzMzc1NVowIgIRAMSjqHKiUFbsqCMvWM8Df1oXDTEzMDMxNDExMjMxNlowIQIQ +Ie8CQbQSqpxi3k9X1+ohuxcNMTMwMzE0MTMxMDI2WjAiAhEA8fxhWVb/BwMkRdLT +viIZKRcNMTMwMzE0MTM1ODMzWjAhAhBu+cxAmGqZr3oDRCJ4g3TvFw0xMzAzMTQx +NDQ2MDVaMCECEDr8oh59HKzjK24aaEoo1nsXDTEzMDMxNDE1MjgyOFowIQIQXl77 +4F4OzuOVWr3Na8/+DhcNMTMwMzE0MTUzNjEzWjAhAhBuMIVjkRZGKkOvbTqV+CAn +Fw0xMzAzMTQxNzEwNTFaMCICEQDSeI6VFX1t4W6ZjKFA9ARHFw0xMzAzMTQxNzE2 +NDdaMCECEGpFD4bGNwvXL4PdVVnpjcwXDTEzMDMxNDE5NDk0NlowIQIQNrRYKYpy +m6NW1y7cfuFUNRcNMTMwMzE0MjAyODQ4WjAhAhACMo/4owAJI+L13ynorxsoFw0x +MzAzMTQyMzMxMzBaMCECEG8sUfFomYd3tAQRTX+uWKYXDTEzMDMxNTAyMTMwM1ow +IgIRAMkXEQK+f11LoRYY02UofeQXDTEzMDMxNTA4NDI0MVowIgIRAKJ67VtXiWWI +7j6sHSaHQnkXDTEzMDMxNTA4NDMxNFowIQIQbtX/CQvXOdtBRZj+I0nQaxcNMTMw +MzE1MDg0MzM2WjAiAhEAiCVo1fME0b0B5JfVD6Nt+xcNMTMwMzE1MTMxNDM2WjAi +AhEAvukXIkERzW57F0NADxnBCRcNMTMwMzE1MTMzNDIwWjAhAhA0EVLH9PtG10rZ +hC2qMt+YFw0xMzAzMTUxMzM0NDFaMCECEFgbKl9C7DCcMlIOQ6YPN70XDTEzMDMx +NTE1MjgwOVowIgIRAKj5PRIqhTtIISe6rx5zGUgXDTEzMDMxNTE2NDU0NFowIQIQ +JfMJwaAQZvcLEPMXbwPOyxcNMTMwMzE1MTY1NDM3WjAiAhEAkoHkcT+EwwwYsRwj +5RkPKBcNMTMwMzE1MTgzMjMxWjAiAhEA8io0n/fC6iY2+lD9a2vGKxcNMTMwMzE1 +MTg0MDAxWjAiAhEAzN06iHZIdL+D6U9wJtbInRcNMTMwMzE1MTk0MjI5WjAhAhA5 +NKF4GW9xD/CscwsWp/zMFw0xMzAzMTUyMDQ2MThaMCECEHstURUAKa7oNu95Iuir +eMIXDTEzMDMxNTIwNTAzNFowIQIQVAAiuvxJ7b8adrBKZq2dohcNMTMwMzE1MjA1 +MTEwWjAiAhEAr0uFfsME7uBREoSwZOkfDBcNMTMwMzE1MjA1MTQ5WjAhAhASGyJ1 +aHuKiWQBUNVD3f2jFw0xMzAzMTYxMzI4NDdaMCECEEHV6/3zLRlGKJPjl3UAw88X +DTEzMDMxNjEzNDYwNlowIgIRAJIGVfHFFNOmFl+PIVXyCVAXDTEzMDMxNzAyMTMx +NFowIgIRAOfnGZAw6JaS3IKkbnzwbmAXDTEzMDMxNzIzMTMxOVowIgIRAJNNtcA0 +jy09wpJn6zjVYnoXDTEzMDMxODAwMDQwN1owIgIRAOA0aaKzxx4TfLsZoxv8khAX +DTEzMDMxODAwMDU0N1owIQIQPWgXtICN//4NlnK8gHwUSBcNMTMwMzE4MDIxMzAz +WjAhAhAZ99j9jS8IwmInQUfywvTpFw0xMzAzMTgwMjEzMDRaMCECEGGHHmHMf1jz +wSUpp9n/54AXDTEzMDMxODExNTYwNFowIgIRAJsHnW6qKgUu7KE17FbibJoXDTEz +MDMxODEyNDE1NFowIQIQO0EwUdzq9r9osL2924IDghcNMTMwMzE4MTUwMjAwWjAi +AhEAoUPIpBis6XXLbbJPsOJV2xcNMTMwMzE4MTUzOTE1WjAiAhEA7yvQzKX5W3Zj +xxXYsCecVxcNMTMwMzE4MTUzOTI2WjAhAhADj6gb8Aa8/3iievhYtW46Fw0xMzAz +MTgxNjU2NTVaMCICEQDxQnrS24GwvBRAUxvILCHwFw0xMzAzMTgxNzU5MDhaMCEC +EDNafWeOUOZvrv+qJwUKhCUXDTEzMDMxODE5MTIxN1owIQIQOCxTLAVrSffUrDun +gd6FURcNMTMwMzE4MTkxNzAzWjAiAhEAwPh4D2LdB08qgRhiL5jhzhcNMTMwMzE4 +MTkyNjU4WjAhAhBaUG4Yb+Qf3c/7RW38/y9EFw0xMzAzMTgxOTMxMjRaMCICEQDm +Im4HiJmcwJpjOSPFgrPpFw0xMzAzMTgxOTMzMzRaMCECEEWei4l9cis0DMtjxeFq +HYsXDTEzMDMxODIxMzgxM1owIQIQY9EmKGSqvmdXElroJo9kFBcNMTMwMzE5MDk0 +MTExWjAhAhB9z7QFIV3U4yjxauvyFkzeFw0xMzAzMTkxMzE0MDJaMCECEGGNt1oF +THOCyat0NSYMoOgXDTEzMDMxOTEzNTM1N1owIQIQdyE30CRQTTgKnJ93JXb6lxcN +MTMwMzE5MTUxNDUyWjAiAhEA89hP5Q31BvsrlFhL3UTo0hcNMTMwMzE5MTUxNjAy +WjAiAhEAtTouOA7tJqcBuqfYyFbS/RcNMTMwMzE5MTY1NTIwWjAhAhAWB6CvN7ik +/zy09Jx5dPEJFw0xMzAzMTkxOTEwMjdaMCECEE3wJHEeJZBeu3nMNG/1jBYXDTEz +MDMxOTE5NTI1MFowIQIQZW4KpuY/1Czek3AGicH8xhcNMTMwMzE5MTk1NTI0WjAi +AhEA4o00+FO5BDaWyH+bSNaJhhcNMTMwMzE5MTk1NTUzWjAiAhEAs1EkEHvwH7Ot +2heWKuQXshcNMTMwMzE5MTk1NzE4WjAiAhEA4jfp/coRXafD7R7aEOBQtxcNMTMw +MzE5MjAyMTExWjAhAhA3CGELR9aepS1wrYyamJKLFw0xMzAzMTkyMDU1NDJaMCIC +EQC0Dnm9y0P5yGSzlOZYDKOJFw0xMzAzMTkyMTQ5NTlaMCECEFkUTlXV189xib4p +yKam7swXDTEzMDMyMDA5MzU0MFowIgIRAKRBIE37P6b4QWJV0f1sqq0XDTEzMDMy +MDExNTk1M1owIQIQeufOZ7WiZmPYEd/kNmpv5RcNMTMwMzIwMTMzMjA2WjAhAhAa +x6Tbzx5hZD/CIpA8UOEaFw0xMzAzMjAxNzMwMzhaMCICEQCanTK+FptKh+kAl672 +Hhb7Fw0xMzAzMjAxNzMyMDBaMCECECl5T6Cg61jhnLBbFtJ9TfwXDTEzMDMyMDE5 +MjkzMlowIQIQawlUKdtpKXx5y3p4jNMOJRcNMTMwMzIwMTkzMDE3WjAiAhEAxM9j +KYuB4uko3rB/zlbl6hcNMTMwMzIwMTkzNzA0WjAiAhEAnMj3zqjywal0ms9eULad +ZxcNMTMwMzIwMjAwMDA3WjAiAhEA+qeHoxAoXKFuIdsstADULxcNMTMwMzIwMjEw +NzAwWjAhAhAdczer11IqGgPxc9ZbNsjmFw0xMzAzMjAyMjI4MjFaMCICEQCoqgD8 +gToFx3Eh5H1mNZBxFw0xMzAzMjExNzA4MTRaMCICEQC2veXZA+ETI8yA5j/5eIrk +Fw0xMzAzMjExNzEwMzdaMCECECT9Ney9nzYMwp/j367ufyUXDTEzMDMyMTE3NDAx +M1owIgIRANUFYS2UYWzMWVKAoBNXIGwXDTEzMDMyMTE4NTQwMlowIQIQBOY3hx2h +SGt0qKxl8+w8hBcNMTMwMzIxMjAyNjA2WjAhAhBZEm2QF1HPYHxIWvzGCjPBFw0x +MzAzMjEyMDMxNDlaMCICEQCbTm2IIwbMLQchIrW0rJnHFw0xMzAzMjEyMDQyMDha +MCICEQC0ZlEt7XMk7wxsEifWNo9hFw0xMzAzMjEyMDUyMzBaMCECEC+UrLDsdiF6 +TjgozOQCDzwXDTEzMDMyMTIzMTgzN1owIQIQMPtbcSpAAc81qtVo3afQtRcNMTMw +MzIyMDQyNDI2WjAiAhEAxPZrbdv5Gtul38kebiED7xcNMTMwMzIyMTIxNTQ4WjAi +AhEApzNOu+RyzGP2rXqVn4Gd/BcNMTMwMzIyMTQxMTM0WjAhAhB4G3qHcu3Uy1sC +b0Dw4Up+Fw0xMzAzMjIxNDEzNTZaMCECEDL2+E3nwC0tT8bM7LiG/8YXDTEzMDMy +MjE0MTY0MFowIgIRAL/9XHn80Y2KEl2IEXh5TYkXDTEzMDMyMjE0MjMxOVowIgIR +ANL4vP3WJtlAAl2KynWkEcEXDTEzMDMyMjE0Mjk1N1owIQIQDQVHCRrGIWkeH8eM +yYxryhcNMTMwMzIyMTQzMjQzWjAhAhBuMBj3Ebku072xfgR1gf/RFw0xMzAzMjIx +NDQ1MzFaMCICEQD/HW7uPWrh61iSzf8bYqD3Fw0xMzAzMjIxNDUwMzRaMCECEC9W +4hJyyVndU/HPagucT14XDTEzMDMyMjE1MDQzMFowIQIQDNJYttp4E5NkSPpx9oSF +JxcNMTMwMzIyMTUyNjIzWjAiAhEA3wIAK9SMccGoRODs0rx08xcNMTMwMzIyMTUz +MDAzWjAhAhAtL9Y0prgfaT2Y7y0POm5CFw0xMzAzMjIxNzU3MDNaMCECED8P1Az1 +4CUY6ShJtfc8ZEAXDTEzMDMyMjE5MTYzM1owIgIRAL0kSE5eJpAlidESfdXZpAIX +DTEzMDMyMjE5MTY0OFowIgIRAPS2Ox1jHkqu9H7lTELfA94XDTEzMDMyMjIwMjI1 +MFowIgIRANSPdIbJ8ddaBenIUqVjAZMXDTEzMDMyMjIwMzIxNFowIQIQQYZDsDK4 +CYXr+IoV3enG4RcNMTMwMzIyMjE1NjE4WjAhAhA5pdBVY2m1on2asjo56u1VFw0x +MzAzMjMwMDEwNDlaMCICEQDBoOLJ5KT94dT4A+pyg1T0Fw0xMzAzMjMwMjAyMjha +MCECEEdTY6OdTP9Lw260zx1vMy0XDTEzMDMyMzAyMDMwM1owIgIRAMBVBeoEaXT9 +8GujlKs0ZWUXDTEzMDMyMzAyMTMwNlowIQIQcJUFHjFeBknFwlVwWy5wPBcNMTMw +MzIzMDIyOTA5WjAhAhA/G2tvH3tplVe/mA3jvBamFw0xMzAzMjMwMjI5MzBaMCEC +EHCZGGE6moyAe0dT0AP08ewXDTEzMDMyMzAyMzEwNVowIQIQaJdjAQoxGinM7SWp +ksV0FBcNMTMwMzIzMDIzMjM2WjAhAhBz831LR6Y6qDT4GAblm65AFw0xMzAzMjMw +MjMyNDlaMCECEF+pufznFMFSHY4RmI/Vl8MXDTEzMDMyMzAyNDQyNlowIgIRAPkT +lX5dAzyXgl/s8sOQOy4XDTEzMDMyMzAyNDQ0NFowIQIQCvnsGmPpqR9J2poqT//I +jRcNMTMwMzI0MDIxMzExWjAhAhBxkJ0hiKIjpip3aixSPlaxFw0xMzAzMjQwMjEz +MTNaMCECEHqDW+P18Kxovx4g8zEm7yEXDTEzMDMyNTA5MDAzMVowIgIRAPGkeDt/ +5nYA+FLz6mKBMi8XDTEzMDMyNTEyNTA1MVowIgIRAJ6zrL6K91fvFSopk8uZZIkX +DTEzMDMyNTEzMjkyMlowIQIQBF+ovD+b4CA+gGqRY1YaChcNMTMwMzI1MTQ0OTEy +WjAhAhAQjmzu4uIwK4MBjjLy+Uc9Fw0xMzAzMjUxNDQ5NTdaMCECED5rZNCMuQRz +HzvOP9UXMlIXDTEzMDMyNTE0NTA0NlowIQIQPr5nOsfwvBjwyeQL4UUeVhcNMTMw +MzI1MTQ1NDMxWjAhAhAZTM1kHUFxt6Q3/pXEIHp/Fw0xMzAzMjUxNDU0MzRaMCIC +EQD+pCs/c+Siy49f5DC2763KFw0xMzAzMjUxNDU0MzZaMCICEQD4YWd7BhgBqpx8 +D++6hILkFw0xMzAzMjUxNTU1MDlaMCECEAn7NLgKRFxdKbdxM31M04oXDTEzMDMy +NTE3NTgwOFowIQIQTXISvFF3ndKMAcpS8uIw6BcNMTMwMzI1MTgxMzA4WjAhAhAB +JV1OBTHX4+bjDB6xN5pTFw0xMzAzMjUxODM2MjNaMCICEQC8B/2s4ft2UZavGUFQ +XIE6Fw0xMzAzMjUxODQ0MTNaMCICEQDI03WCaBDEMJ/t70olyRyNFw0xMzAzMjUx +ODU5MjdaMCICEQCKScCrDvQcQ1WFrs2UZBMrFw0xMzAzMjUxOTIwMjZaMCECEE+X +hsutgJQZscW5kfqp98YXDTEzMDMyNTE5MzI1NlowIgIRALj1NYDKVYXRBXEqbVFq +UpYXDTEzMDMyNTIwMjE0OFowIQIQMURE4MUlQY85BofKWTVkexcNMTMwMzI1MjA1 +MDMyWjAhAhBlk7LPivOJVIcYbcxfYJHcFw0xMzAzMjUyMDUxMDJaMCICEQCgUFYM +3RjMLIjr5UAZQndtFw0xMzAzMjUyMDUxNTFaMCICEQDTLEptS0+7wkkUo066U8YA +Fw0xMzAzMjYxMTEwMDVaMCICEQCXikI/6szgepwP1y51RPwSFw0xMzAzMjYxMzMz +MzlaMCECEBqkTRfKxfBAb1Lgjl2tIcMXDTEzMDMyNjE0NTUzNVowIgIRAKSCZSTg +o0szEgoJOZtqPaQXDTEzMDMyNjE0NTU1N1owIQIQPR7AQPzwzQXtKWQtaYEhpxcN +MTMwMzI2MTQ1NjIwWjAiAhEA4I+UY6ayPYtDwiLt6oKYwxcNMTMwMzI2MTUwNTQx +WjAhAhA/w1eb1ZfEZrP4UiZ/befkFw0xMzAzMjYxNjA1MDRaMCICEQDPQtCw9WCc +YLeNvX39Q7PcFw0xMzAzMjYxNjQwMTJaMCICEQC6COhpU67BqNn3yfm70CNBFw0x +MzAzMjYxNzMzMDNaMCECECfr92A0fpJ2czyhREyRIaoXDTEzMDMyNjE3NTkxMlow +IgIRAO2E2QWmls50+UBMMLIpgTYXDTEzMDMyNjE4MTQxMlowIQIQAvBvH3W2uDA7 +Dulc4utZjRcNMTMwMzI2MTgzMjQ1WjAhAhAJ65WVfofkqtoh9VuPJh+bFw0xMzAz +MjYxODMzMTZaMCICEQCha/OVJ1XN0eCzNM2t7D/2Fw0xMzAzMjYxODMzNDJaMCEC +EFsbvlgzr8wPylv05zLsjUEXDTEzMDMyNjE5MzAyNFowIQIQT9Oo3ORFbOdWJd/j +cqcThxcNMTMwMzI2MjAyODU1WjAiAhEAoT9dUCBxBasfgrC1F+x8UxcNMTMwMzI2 +MjAyOTA1WjAiAhEAryHCdMwcQWvMmZ/1R6kfsBcNMTMwMzI2MjA0ODU2WjAiAhEA +mrdbyiFOGmePvaihhShuBxcNMTMwMzI2MjA1MDQ1WjAhAhBLV9VQnd2ywAdaS1ie +2ndAFw0xMzAzMjYyMDUxMjRaMCICEQDcWVn1Jcoeic54At64U2pSFw0xMzAzMjYy +MTQyMTFaMCECEDB6nHrACD4VEMDgCZCgA98XDTEzMDMyNjIxNTIyN1owIQIQd2k8 +7EVOU7HUGjID1/NxlxcNMTMwMzI3MTMzMTMwWjAiAhEA4xwKuGkZju2q+h3eytiY +qRcNMTMwMzI3MTM0OTM5WjAiAhEA/zXxCbfjQsjC3xjKYclpvxcNMTMwMzI3MTQz +MjQ5WjAiAhEAwItCSoPUqgpYlrrHqfP83xcNMTMwMzI3MTUwMTIxWjAhAhAwAoIc +7wFl/cRk6lNS0DdxFw0xMzAzMjcxNTUxMDNaMCECEFqyumcfU8Al645TW+Pbl0kX +DTEzMDMyNzE4MDIyM1owIQIQECj1/hxdlzbi0NKTkGJyAxcNMTMwMzI3MTgwOTE4 +WjAhAhAUb7EKimp84S4f8D8wum2pFw0xMzAzMjcxODI4NTBaMCECEEy9bl5LVSXR +V7rK4JlOVPcXDTEzMDMyNzE4NTUzNFowIQIQTGFcB7a+7p5FaB6v4KlqGBcNMTMw +MzI3MTg1NzUyWjAhAhAooL5krgkK3W3tp1gYWs+ZFw0xMzAzMjcxOTE1NTlaMCIC +EQCzUtN31JFSwri5bEtero32Fw0xMzAzMjcxOTI5MjZaMCECEEHv5DauuLqrf2Co +JxVLV7AXDTEzMDMyNzIwMzMxMFowIQIQSPXYQPGGjbNFAfvEeifs7BcNMTMwMzI3 +MjAzNzM0WjAhAhBZw7ZB4WsuxYopbfqVbLfwFw0xMzAzMjcyMDUzMjdaMCECEF/6 +lgfXat79ShMLWtOwRtQXDTEzMDMyNzIxNTUzN1owIQIQcFJ+xAj79mP/DcLuxVd7 +2BcNMTMwMzI3MjMyMDU1WjAiAhEA4zEaUuEcg5MUqCje91939BcNMTMwMzI4MTE1 +MDQ5WjAiAhEArSrbROIQcI3RxdF9ikBtYBcNMTMwMzI4MTQ1NDUwWjAhAhAh1CLf +ZYeXghbG3I7HRlNbFw0xMzAzMjgxNDU1NTFaMCECEDx1C/TGGbxsyVwcG3wRuEcX +DTEzMDMyODE1MDgxNFowIgIRALmhTXlM6prAUTljrzt+U78XDTEzMDMyODE1MDkw +MlowIgIRALQjCQLqNA9uXQBgGy6sBksXDTEzMDMyODE1MTMwMVowIgIRAK/++69H +PTrT5kNpwkYpYD8XDTEzMDMyODE1NDExNlowIgIRAPaXto5r5JXBocAzseIPH+8X +DTEzMDMyODE1NDcxN1owIQIQUWrhD1sNr8aiAtOIa+t8rBcNMTMwMzI4MTY0NjE4 +WjAhAhBdkOa5QfKx1hkfsA/pTkcaFw0xMzAzMjgxNzAyNDJaMCICEQCveDRWFcim +wIOOScJraKfLFw0xMzAzMjgxNzA5NTFaMCECEHBWyH1IiWCmCwfEuPb9IQgXDTEz +MDMyODE4NDE1NlowIgIRAPAxY1CXSUm7ebpOj68c3OcXDTEzMDMyODE4NDk0Mlow +IQIQK0gqIr55bDL2FvLs/HM9/xcNMTMwMzI4MTg0OTU2WjAiAhEA1R4RS4q2YzLN +IrEAecndrhcNMTMwMzI4MTg1MDE0WjAiAhEArvbW7j0FwcG+WfxFmp/ehxcNMTMw +MzI4MjM1MDA5WjAhAhBP4kJ94T7AetLKXM0W5MtaFw0xMzAzMjkxMjQxNTBaMCIC +EQCsFuDrvY6dSo99yxM9G4X8Fw0xMzAzMjkxMzQwNDBaMCICEQCvQZsIuICUngNY +fFuZsge+Fw0xMzAzMjkxMzQyMTZaMCICEQD4TrnK8F4VXq6bJ/Mxv5FtFw0xMzAz +MjkxNTE1MjVaMCICEQDR7hIorUH+mBzkyacWXM15Fw0xMzAzMjkxNTQ1NDRaMCIC +EQC3BijHBthaf0kfo7NUjI4dFw0xMzAzMjkxNjEzMTlaMCECEFreKqTRIE8S8nds +thgZ3rIXDTEzMDMyOTE3NTQzMlowIgIRAJFARQdCdTAPq7NmXzoQzhUXDTEzMDMy +OTE3NTg1NVowIgIRANewZ9kQ1rXJCynRRpVoQkIXDTEzMDMyOTE5MDg0OVowIQIQ +aNUd3rJYq3BAa3JqZAj/qxcNMTMwMzI5MTk1MjQ2WjAhAhB0v4a4rmqVuXOjTgy1 +CiTxFw0xMzAzMjkyMDA1MjlaMCECEHPpdup0pvuGEl2JRPNklbcXDTEzMDMyOTIw +MTQxOFowIgIRANHvw7JhlMDtLz6TD00Y1cIXDTEzMDMzMTAyMTMzMVowIgIRAMdg +0jRxRO9lH4JpDUD7KHgXDTEzMDMzMTIwNTczMlowIgIRALoHRF8hGQ7C9zW3Kg8j +U3cXDTEzMDQwMTA5MDkyMFowIgIRANZdEPzexfTMTLmk85zEJF0XDTEzMDQwMTE0 +MDQzN1owIQIQTYw/iU1JSrYgmobD9ST2GhcNMTMwNDAxMTQ0OTM2WjAiAhEAotDc +D3M6lI0dDg7VE+cnLRcNMTMwNDAxMTY0NjIxWjAiAhEAuAdAL9hcqR6jBF5qlmm5 +kRcNMTMwNDAxMTcxNTUyWjAiAhEA8xPqv0Wkoot6RH4/ewuENRcNMTMwNDAxMTcx +ODUzWjAiAhEAm3yEnMA43Bgf0tt3ZmvC/hcNMTMwNDAxMTcxOTE0WjAhAhAsNy83 ++8et2eADLurGDI0ZFw0xMzA0MDExNzM1NDRaMCECEBdQm6o9iDPENbAvLK0mO2AX +DTEzMDQwMTE4MDcyMVowIgIRAMPRBFPPPnK+3+dOT5pnFr0XDTEzMDQwMTE4MTEy +N1owIgIRAMKmnRUFjVD6MdOXBs8gcY0XDTEzMDQwMTE4MTEzOVowIgIRAI2kbTRu +C72UCNEnqv0BNXwXDTEzMDQwMTE5MTkzNVowIQIQOvV6iMtSIRTfFskxudva/BcN +MTMwNDAxMjAzNjM1WjAhAhAgwRTxxDcdcD8im50x6CdfFw0xMzA0MDEyMDM2NDZa +MCECEDIlVIF553snHxTw4c2NZp0XDTEzMDQwMTIwMzY1NVowIgIRAJnJwgUwk3/Z +BJcszW/dRH0XDTEzMDQwMTIxNDczM1owIQIQH4/qlM3WDCtyI5sUYgl5RhcNMTMw +NDAyMDIxMzA0WjAiAhEAvGg3CHXRD9qJ2K37qLa3cBcNMTMwNDAyMTYxNDE5WjAh +AhAnJPIBPOE7jRzv0OTSNGiaFw0xMzA0MDIxOTExNDVaMCECEElNK/MRgnPKb54/ +/TZcjBoXDTEzMDQwMjE5MTI1MlowIgIRAPeKAI767vQk3etasdbgAdAXDTEzMDQw +MjE5MjkyNVowIQIQE501jb3wmekrGud2LlAOihcNMTMwNDAyMTk1MzQ4WjAhAhAb +K5Hqgxsntb/+AwBrn1oUFw0xMzA0MDIxOTU1MDZaMCECEFy0usFxOx3BLQTrp4Gb +BWEXDTEzMDQwMjIxMTkzMlowIQIQJbwcaWYccrPPpyn4hzDa8xcNMTMwNDAzMTEz +NTE1WjAhAhAjNo7LZVDPY7R2R7SkHud7Fw0xMzA0MDMxMTM1MzFaMCECEAe4eYHq +gUoCC4S1P8nSnncXDTEzMDQwMzEzMDA1NFowIgIRAKF+CL7B5jWILgxTGGVuiEsX +DTEzMDQwMzE1MTkxM1owIQIQHGv2QT6ze82UiG72mBVmjRcNMTMwNDAzMTc1NDA2 +WjAiAhEA34IsIhYqdWv7EzR8D65wIhcNMTMwNDAzMjA0MDU1WjAhAhAs4Jz+XF4s +EqwDHY1mW39zFw0xMzA0MDQxMDAyMzVaMCICEQD28qGcYNsXUk966ItsHNylFw0x +MzA0MDQxNTEwMjNaMCICEQDRbRzUtQHulgCCnv17C8UEFw0xMzA0MDQxNTM1MTZa +MCECEHbnre43TCgSdXs7T7M0N5oXDTEzMDQwNDE3NDg1MVowIgIRAOCAAFLF89St +6en/yNQpegsXDTEzMDQwNDE4MTAzNVowIgIRAN4pIgYQVKoOMC/vDkxJyeIXDTEz +MDQwNDIwMzI1MlowIQIQd6WZQlH6i2IVk73nQHyk4hcNMTMwNDA0MjAzMzA0WjAh +AhBis17GOFO6aJiCA8DodzqEFw0xMzA0MDUwODAxNDlaMCICEQDvH9k+ioPYBSBR +4N3JKPAsFw0xMzA0MDUxMTQ3MjBaMCECEFSHw0K5knhLoxvwwGpX8BUXDTEzMDQw +NTEyMDE1NVowIgIRAK1CgmHTgqcTpRyYYs14LnoXDTEzMDQwNTEzMzUxOVowIgIR +AIrJVgGFOt94oopjl3FV13UXDTEzMDQwNTEzNDcwNFowIQIQda+8YHaUPac/J9s6 +aR3VGRcNMTMwNDA1MTQxMzEyWjAiAhEAkvbk5bkfpDH0k0yoP1diwhcNMTMwNDA1 +MjAxMDA1WjAhAhBWFPAISWfr8BmQMXQrRuGOFw0xMzA0MDUyMDI5NDRaMCICEQCM +HIU8HFTaJ6ZjcSP76HfIFw0xMzA0MDUyMjA2MjJaMCICEQDY7CPYWG0EX1Z77fBM +sPqtFw0xMzA0MDYwMjEzMDZaMCECECq3all0JIci7wbixny2WuwXDTEzMDQwODAy +MTMwNFowIQIQS36j2voRdBNplyL6EK2SLBcNMTMwNDA4MDIxMzA0WjAiAhEA/zNR +akLlEIwxdX35PogNXhcNMTMwNDA4MDYxMzAxWjAhAhAPYbL908pGsgytTD/L8Pj7 +Fw0xMzA0MDgwOTMwMDhaMCICEQCvSvPAGJNCW0h3alGF8errFw0xMzA0MDgwOTQy +MjNaMCECEBWKG84kAy/VTqzLoCdD/54XDTEzMDQwODA5NTUxOFowIQIQHRlYiHIy +/zmjJBciL3MAFxcNMTMwNDA4MTAwNjQ1WjAiAhEAg4VLqBbc6mSppee6vyZMDBcN +MTMwNDA4MTA1MjA3WjAiAhEA5dHIHmlgi7AsPRvtuYuPTBcNMTMwNDA4MTUyMDU0 +WjAiAhEA3VNDqzI9beh0NdOWJqxkkRcNMTMwNDA4MTUyNDI3WjAiAhEAs08DcQGy +DSsVlPUxaMAcNBcNMTMwNDA4MTUyNTMxWjAiAhEApofTYYVv9nWmse/Vp1t5vRcN +MTMwNDA4MTU0MDE1WjAiAhEAl/Ac+8v4OKfVXVcdTI1/bRcNMTMwNDA4MTYzNjQx +WjAiAhEAt2h5e837I01tbPqxaTsNARcNMTMwNDA4MTcwMjI4WjAhAhAdwdygs6+/ +kRtYm6w1CHdDFw0xMzA0MDgxNzEwMzJaMCECEGKveq9OAuegIBMwZq2t2CEXDTEz +MDQwODE3MTA0MVowIQIQCsxSqtmhCh68ikZ5gIrJPRcNMTMwNDA4MTcxMzEyWjAi +AhEAs+dYMvfveEKIxAbofyUErRcNMTMwNDA4MTcyODE5WjAhAhBDSdl0io1z5x5M +CEM7SzgWFw0xMzA0MDgxNzUwNTdaMCICEQDhDVI3bzaTihqKJqCoS+FbFw0xMzA0 +MDgxNzUzMjFaMCECEFXitE1LzvMbTniALuBeZYkXDTEzMDQwODE4MDcyMlowIQIQ +SGNUlrC4v9YgF3MQ6MRY3xcNMTMwNDA4MTkwMDExWjAhAhBq4ohnI+zggLZ2KiUg +uU8kFw0xMzA0MDgxOTU3MDFaMCICEQDoacArG4F4/qr2Rw8NsmLTFw0xMzA0MDgy +MDE0NDNaMCECEDUY2EUW6T3zpBCGv+USthwXDTEzMDQwODIzNTU0NlowIgIRAPG+ +0crpTBSKH5kjpxBBjWIXDTEzMDQwOTAwMDgwOFowIQIQYE5AYPwsoUvMoqlhK9xD +xxcNMTMwNDA5MDkxOTEyWjAiAhEAvjipLP/DQyNH1AdRJsEziRcNMTMwNDA5MTMz +MTExWjAiAhEAlH7BfFM4LTG/vG6kNZyA7hcNMTMwNDA5MTQ0NzE0WjAiAhEA+LbF +qMq+JaUiU3fjLmdwqBcNMTMwNDA5MTQ1OTE5WjAhAhAY2OvMvkLacTVBdUX1AFkp +Fw0xMzA0MDkxNTE2MzRaMCICEQCCJDkC7aaWNYwy+3AwX98KFw0xMzA0MDkxNTI2 +MTZaMCICEQCFfrlebiIIhO67ewn19c3IFw0xMzA0MDkxNjM4MjZaMCECECJ5hyQP ++aRY1EYUBRP7DLgXDTEzMDQwOTE3MzU1MVowIgIRAM/FmKh91DxNv/we5bcudzcX +DTEzMDQwOTE3MzYxMlowIQIQMbRgHgElN3Uc7HWGYaXSwhcNMTMwNDA5MTgwMDIz +WjAhAhBnwr/GRK7W/VnztQIaJs57Fw0xMzA0MDkxODMzMDlaMCICEQDciyKaVrJo +/gTaHmHzVFEoFw0xMzA0MDkxOTE3MTdaMCICEQCxGmAoWx08M2drS2gqena/Fw0x +MzA0MDkxOTIxNDVaMCECECGvyJ3lG0R2eRXU2jiL7I8XDTEzMDQwOTIwMzgxOVow +IgIRAPgrI9GCczY06dy/1gHoPf4XDTEzMDQwOTIxMTcyNlowIQIQJdyzj7i4eEk/ +1sBU6UInwhcNMTMwNDEwMTQzNzMwWjAiAhEA3rW7U63zvo9K8+6if/xYuxcNMTMw +NDEwMTQzODI5WjAiAhEA6r4DbQ5HbLevmT5lUBN6GBcNMTMwNDEwMTQ1MTE2WjAh +AhAp/FhOOcsPvVZw+etQ461UFw0xMzA0MTAxNTI2MzNaMCECEBAsx6olfjAzaLQW +4+SmYCEXDTEzMDQxMDE1MjY0NlowIQIQbNLBpy985uxEQZ5KJHIpYRcNMTMwNDEw +MTgwODAzWjAiAhEAiDe6H9S0i+SOJIWaMre6DRcNMTMwNDEwMTgzMjUwWjAhAhBy +P+Vu2JaWvP8bNrYyL+LrFw0xMzA0MTAxOTA1NDVaMCICEQDY0T8nmBAiH52+mUtw +yPWYFw0xMzA0MTAyMDM2NTVaMCECEDVQGzoUm5Sce7tkgcDy5DsXDTEzMDQxMDIy +NTI1NlowIQIQF+BlJvrzSB+srSlxlqgOrxcNMTMwNDEwMjMwNzE4WjAiAhEA4U5v +ZBfRThuivjaW9wd2WhcNMTMwNDExMDk0MTQ3WjAiAhEArL8S109Slv/5G82EnUEK +CRcNMTMwNDExMTUyODQ4WjAiAhEA1IYQVgm3bazPo8SQSxkT2hcNMTMwNDExMTUz +OTI5WjAiAhEA0UsTpEbeewaRlYP0gpA+eRcNMTMwNDExMTYyODQzWjAhAhBehb7h +kQivimEotZUaOHYjFw0xMzA0MTExNjI5MDdaMCICEQCEPfEFSO6GcQ/eLU4Jh7bV +Fw0xMzA0MTExOTI1MzdaMCICEQCEz3zyJBVxwXMIvM9WIfeYFw0xMzA0MTExOTI4 +MjBaMCICEQDyOlJn7NmA/CcV82i9puH3Fw0xMzA0MTExOTMwNTZaMCECEBjovHuC +deNE3DxnkLcgCzgXDTEzMDQxMTE5MzMxN1owIQIQK46bFYx9OTY9XGFNMdS2qBcN +MTMwNDExMjAwNTQyWjAiAhEAg+m43k90ZmpAWKo4S9cLeBcNMTMwNDExMjIxMzI2 +WjAiAhEA8vbLJomkDDhqrv/JgwE+whcNMTMwNDExMjMxNDA1WjAhAhBVRbEOkZdX +jvvsBv1nrp1YFw0xMzA0MTIxMjI5NTNaMCECEE0FWlYCrdlME3MQ9X2bitEXDTEz +MDQxMjE0MTU1MlowIgIRAJ4J5o7jXiljliWyleLN0fwXDTEzMDQxMjE1MDA1N1ow +IgIRAMxmCpd0Hsy/O5jm3/rcDUoXDTEzMDQxMjE1MjY1NFowIgIRAKp7Eu6VGD3b +HPVqWnZPAOoXDTEzMDQxMjE4MTI0N1owIgIRAJ8bZqs4jgzpjjFlw5Z/OvUXDTEz +MDQxMjE4MzcyMVowIQIQJyr4sPw7TfIa9M4MpSQkGBcNMTMwNDEyMjAzODA0WjAi +AhEAvuotHCyI8WNldubymMK5ORcNMTMwNDEyMjAzODE3WjAiAhEA9uVOaRubAikA +F7KiTSIPShcNMTMwNDEyMjE1ODUzWjAiAhEAxLD5BsP/ZpUtlt9L/ZSTbRcNMTMw +NDEyMjE1OTEzWjAiAhEA2zPhCf1dhtH32ROETW2mLBcNMTMwNDEyMjIzMDUyWjAi +AhEAumuRToEr3bz/+/CSTbQOsBcNMTMwNDEyMjIzMTE1WjAhAhB75yMsJbKthSsU +x1lR9ufYFw0xMzA0MTIyMjMxMjZaMCICEQDenAj90bEyLOZSgJozLKjZFw0xMzA0 +MTUwMjEzMDVaMCECEFj59kOIsBP1iOpp0CKc9hkXDTEzMDQxNTEzMTkwMlowIgIR +ANJ8C/ucIihL1NJkbSgoD8wXDTEzMDQxNTE0NDYxNFowIgIRAKtZ8U76fAdpp9I1 +w0ztOYgXDTEzMDQxNTE1NTY0NlowIQIQFq02kqlN1kKkVgGtsElG0hcNMTMwNDE1 +MTY0MjE0WjAhAhB+KPGZ2Yen++IPh6R8GhJdFw0xMzA0MTUxNzIxMjNaMCICEQD4 +L45sN0aIsqlCvxqKlvMAFw0xMzA0MTUxNzQ1NTNaMCECEHcgYROT4gOKSfTuY5Hc +8AcXDTEzMDQxNTE5MDQyNVowIQIQQmQeMuftqM62KqeK98UCvBcNMTMwNDE1MjA0 +MDMzWjAiAhEA1hxmFmO4yZQl7e9dEMaJzBcNMTMwNDE1MjA0MTI2WjAiAhEAqSmj +3381qjhSj4ZMkPPKjxcNMTMwNDE1MjA0MzA4WjAhAhBSBVZlVaKK5VPFSM+j5Fmc +Fw0xMzA0MTUyMDQ5NDlaMCICEQC6XcCmMZnGozuyHYoZ7gD3Fw0xMzA0MTUyMDUz +MjdaMCICEQCLTa32Hf/08oyBO4HCJ8dRFw0xMzA0MTYwMjEzMDNaMCECEHBAB8Qr +9QANbwQTBdmc/CUXDTEzMDQxNjA0MTEwNlowIgIRALqjL8jE16hJV8tOpez6hmkX +DTEzMDQxNjA3NDAxMFowIQIQRoAE40iTwxZx7zWi2g7gyBcNMTMwNDE2MTI1MjI3 +WjAiAhEAtJPo6+5a2+yqJkpBPJ3rMBcNMTMwNDE2MTI1NzE2WjAiAhEAh31SHMIM +OuH2P7H4Njd9aBcNMTMwNDE2MTQwMzMzWjAhAhAbLbbEdwHeK1NO5CDO7SjSFw0x +MzA0MTYxNTA0MjRaMCECEFkY1s/YSbHu7WuaT7dejNMXDTEzMDQxNjE1MTkyM1ow +IQIQD3wqB+p7lGJowAzHpNY5CRcNMTMwNDE2MTYwMjM1WjAhAhB4HFaU2mOOCoG4 +CxowyRl9Fw0xMzA0MTYxNzEyNDRaMCICEQCI8CV94EGHmYrZikoI1M6DFw0xMzA0 +MTYxNzEzNDFaMCICEQCVLp2+qGkIlTywyw2I1SqBFw0xMzA0MTYxNzE0MjJaMCEC +EDeqD6Fkyw4/0MrN/tT2IhQXDTEzMDQxNjE5MTMyNlowIgIRAIf0jO/8WmaK3jeI +SbUbPdoXDTEzMDQxNjE5MjQzOFowIgIRAN+0tHOOS0f7Gf6nowz6XLMXDTEzMDQx +NjIwMDAxOVowIgIRAOeEbP/Vu2m5qdt9Bmb3zMkXDTEzMDQxNjIwMDI1N1owIgIR +ANGwG4AEuC2gr4A6wt8rbjUXDTEzMDQxNjIwMDM1MlowIQIQNjEnWp5hJQCAKve5 +wFKQmxcNMTMwNDE2MjAwNDA1WjAiAhEA1vIk6Ng1hEHVXA3rJM1JYxcNMTMwNDE2 +MjAwNDE4WjAiAhEAnIRcJFZUe6iqh+ZuzYjemRcNMTMwNDE2MjAxMzQzWjAhAhBA +Ucf62SIJqFLZ8AHQBfNRFw0xMzA0MTYyMDE0MzNaMCECEF0aGfEeOhCOJzS1jmnI +rEAXDTEzMDQxNjIwMjIzMVowIgIRANrgaxzv25SVSaOj1PQtqyMXDTEzMDQxNzA0 +MDkxN1owIQIQL78x8KS3N5XvH24wapK/ERcNMTMwNDE3MTMxODI4WjAiAhEAsIaR +tkScxDZ9d8a4iJFKORcNMTMwNDE3MTMyMjMyWjAiAhEA/zziP4FuC3fyF73m7K02 +jhcNMTMwNDE3MTMyNTAxWjAhAhAGIUmn/V1CqQgjw5znZsudFw0xMzA0MTcxNDQx +MTZaMCECEG69/+LeHRc8T5Xe8WE7cN0XDTEzMDQxNzE1NTc0OFowIgIRANuvHxvZ +sF/VkI684Pl3knsXDTEzMDQxNzE1NTg0M1owIgIRAISXu4T6OzLgCI7JI2gxJMIX +DTEzMDQxNzE1NTk1NFowIgIRAIw0Q2LSYAFb3RtAIJE0IMsXDTEzMDQxNzE2MDA0 +MVowIgIRAKAEeJDnNeLHArqNVCzFQiMXDTEzMDQxNzE2NDYwOVowIQIQeVgN/nNd +zI1Tkf/PjzsIIBcNMTMwNDE3MTk1MzU4WjAhAhBzG9wnFFIOCrfZ7L45Im/vFw0x +MzA0MTcyMDExMDhaMCICEQCKOMAslxDeZtCsS6RQ0jljFw0xMzA0MTcyMDM2MTVa +MCECEBH72YApJ7ZjjSkx4mQbIawXDTEzMDQxNzIwNDY1M1owIgIRALd4kDxOpkZs +T2aLfCNSVDQXDTEzMDQxODA2NTg0MlowIQIQOwZBOyeBSRIOqAo8EYP8FhcNMTMw +NDE4MDY1ODU5WjAhAhAawbVJLTNVMhKm+FFrqPrQFw0xMzA0MTgwNjU5MTlaMCEC +EEuTJvz04O6x/ovs+qKABqIXDTEzMDQxODA2NTk0MlowIQIQVCg60ikFL4oB54v/ +ETuMZBcNMTMwNDE4MDkxMjQzWjAiAhEA202kYeq06TgsTcJHrz47vBcNMTMwNDE4 +MTM1NDA2WjAiAhEAuAeo4NuuiPnKzKYGdlUOyBcNMTMwNDE4MTQxOTMxWjAhAhAK +fwjgOgKjKDmuyN31iJWMFw0xMzA0MTgxNDIyNDZaMCICEQDSUo5z9DalZpnrshsj +c8ypFw0xMzA0MTgxNDQzMzJaMCICEQCY3XRHr/O7F8semti677JaFw0xMzA0MTgx +NDU2MjBaMCECEEV0nU9SI6mCKMQVvGs0SaoXDTEzMDQxODE2MTExMVowIgIRALCw +cFOJNiediTPT+uSifeMXDTEzMDQxODE2NDY1M1owIgIRAI+QRXrJPvMR6yatBpDf +SUAXDTEzMDQxODE5MzExM1owIQIQIg3Vh5gJYPu8wkCW7dfNHRcNMTMwNDE4MjAz +MDEwWjAiAhEA3TVr1TX/S5IymDzRB6/1UBcNMTMwNDE4MjA0NzA3WjAhAhASejTX +lH1zyi4eZYzoszINFw0xMzA0MTkwODMyMjNaMCICEQD8s8B/C/LNVSpk6ChnX7YK +Fw0xMzA0MTkwODMyMzlaMCICEQCvAGjo5RzZXwOP3lqTPLDWFw0xMzA0MTkxNDQ3 +MzhaMCECECY3r93lUn/C2fvyXrF9bWkXDTEzMDQxOTE4MjUwOVowIQIQUbqB7ulF +V8EwoLffc2vhaxcNMTMwNDE5MjAyMjA1WjAgAg8L6QTDhnrMIQWpEZkHHYEXDTEz +MDQyMDA2MzYxMFowIQIQG+lehE+WEZ+KT5tgqCxU4hcNMTMwNDIxMTU1NDU2WjAh +AhAiEhCDSpnJ/Kq6ak+IZvIPFw0xMzA0MjIwMjEzMDVaMCICEQCrOIexIsBO9Rfy +vo1B/FVeFw0xMzA0MjIxMDI0MDVaMCICEQDUELyZyhPTCldMLtI0ZqEZFw0xMzA0 +MjIxNTE4MDVaMCECECp5lHsQlTgD8Nld1J9BCuwXDTEzMDQyMjE1MTgyOVowIQIQ +X8DM4AmoZREUL16KQ15hRBcNMTMwNDIyMTUyNDQyWjAiAhEAvRYDZ5YFRQnju+5c +ZNUHpxcNMTMwNDIyMTU1MjE3WjAhAhB2uSrUPRl5aOFsPPrr2MpbFw0xMzA0MjIx +NTU0NDRaMCECEFFVSJO6AC7AWYN+VXEPL0EXDTEzMDQyMjE2MTMxNVowIgIRAMwZ +S3RtlFrgpj5+kRvfKNMXDTEzMDQyMjE2MjcwOFowIgIRAMoB1P/KWQ13XcoJBotY +3UEXDTEzMDQyMjE3MDEyOVowIgIRAIhTQpX9t9KCUxzXQslT4IAXDTEzMDQyMjE3 +MjA0MFowIgIRAKLHr3ZXuCaac/+L454adFwXDTEzMDQyMjE4MjExNVowIQIQaJ3/ +5yK3G9/znaT3TYiThRcNMTMwNDIyMTk1NTIyWjAiAhEA0rsaydvGRpvowP5ZkPEr +dxcNMTMwNDIyMjA0NjAyWjAhAhAiejnliDM34Z8089g+9kARFw0xMzA0MjMxMzQ5 +MTJaMCICEQCtOWTQXRpxPT0FfC8fGeghFw0xMzA0MjMxNDUxNTBaMCECEHFDYdCn ++WiODI8SiJcRWOYXDTEzMDQyMzE0NTMzMVowIQIQOd6+/dtRWpBfjUBfeAFnzxcN +MTMwNDIzMTQ1MzU3WjAhAhBraonQUHgKdRFYZ1dAPc9yFw0xMzA0MjMxODU1MjNa +MCICEQDeYrRuUDSvgdLi0uC8Y6g4Fw0xMzA0MjMxODU1MjdaMCICEQC8cwzqaJ+p +3JBzNB/gXfpxFw0xMzA0MjMxOTE4NDlaMCICEQCzXBTP25Fox4zIpsoNdvHTFw0x +MzA0MjMxOTM5MjNaMCECECoWtJht/QGVkZP1vrI0oFkXDTEzMDQyMzE5NDU1NFow +IQIQExWrzlD4jPOikShy9ZJ8vRcNMTMwNDIzMjAzMDMzWjAhAhAsuITczK+5/HIf +rC3qRcneFw0xMzA0MjMyMDQ4NDlaMCICEQChXI3FUkpQq387kDBxy/wVFw0xMzA0 +MjMyMTQ3NDZaMCICEQCFshODrqHnQYUQZpRR7Z+lFw0xMzA0MjQwMTQ0NDhaMCAC +Dw/+48XY6Bkc6Q7Y9NYqyhcNMTMwNDI0MDM0MTIyWjAiAhEA4klBrn3HfwTrDma7 +3lPo8BcNMTMwNDI0MDg0ODI2WjAiAhEAv7nYiJ5ou2g3OnpG5ZME9BcNMTMwNDI0 +MDkzNTM5WjAhAhBU4ndiDdcHBlWlwLxD/g+dFw0xMzA0MjQxMzUwMDVaMCECECp4 +QHxto9gXqZkiv9GYRP0XDTEzMDQyNDEzNTAxN1owIQIQdM6tFKcYU4zs/1UIRN3e +3xcNMTMwNDI0MTM1OTUyWjAhAhBgjwVvOZzNmFARGsxhqzpFFw0xMzA0MjQxNDEz +NTdaMCICEQDp7dUOlk8dUR2taKkQr4dcFw0xMzA0MjQxNDIyMTNaMCICEQCFVlSI +pHkXvE4gGIQ/IffrFw0xMzA0MjQxNDIyMTlaMCECEFsudu8NJD5Azytt54v01dwX +DTEzMDQyNDE0MzYwMFowIgIRAMQOtGyGJwbD8c1rE1qM5ugXDTEzMDQyNDE0NDYw +MVowIgIRAIMRMvfwHWeNrgf61Exk3bAXDTEzMDQyNDE3MDcyNlowIQIQQjoRXHcn +n+EPaoKgR8oT1hcNMTMwNDI0MTkyMzE3WjAhAhBtN5QKdAl1x+uA4rJWA7IbFw0x +MzA0MjQxOTI3MThaMCICEQCwPMI8VREoi5JUdD+kySkJFw0xMzA0MjQxOTM0MzRa +MCICEQDgZSlGcDzamb1GhQCcoE9tFw0xMzA0MjQxOTM3NDNaMCICEQCud7GITfDe +XgZLVEG4+7ztFw0xMzA0MjQyMDMzNDhaMCECEG6GGe1jVsEwn0juKMm3I3IXDTEz +MDQyNTAxMDQzMFowIgIRAIWVMzHY+swhcQeOydnfsOIXDTEzMDQyNTA4MzIyNVow +IQIQKJth66S0DHzRAd6wAAzLpxcNMTMwNDI1MDg0OTM2WjAiAhEApR8++5/YYsL5 +bCccCdkiXRcNMTMwNDI1MTMwNjU2WjAhAhBF4rg+Io6w5vmiOMemuwlZFw0xMzA0 +MjUxMzI1NTdaMCICEQDlkKP87Sdh/NiXtmgyAfF8Fw0xMzA0MjUxNjA3MTdaMCEC +EBEES63vA7KyleGPAeDl79wXDTEzMDQyNTE2NDI0NlowIgIRAN3cCJvt/b2KgzFD +DSxHx/oXDTEzMDQyNTE3NTEyOVowIgIRAIXZzBNAE1lj37KwtNwN4l4XDTEzMDQy +NTIwMDczOVowIgIRAPubrM3CtiL3jIgsqjkGmisXDTEzMDQyNTIwMTA1OFowIgIR +AKsA696oynq3O+jIA4kLSKAXDTEzMDQyNTIwMzgyN1owIQIQEq+BWC7CfUL3AgrI +/nEuSxcNMTMwNDI1MjAzOTMyWjAhAhAncJH35orkWoJ/r/UKiFu3Fw0xMzA0MjUy +MDQwMzBaMCICEQCk094L9PaUhPGNn6K4u0DCFw0xMzA0MjUyMTI5MjlaMCICEQDO +lfL7beSbHW271b7Q6KdgFw0xMzA0MjUyMjE4NDdaMCICEQD6hOQUqdDmjfNvT+8y +VFzfFw0xMzA0MjUyMjMxMDNaMCECEG8yZA/RYMN0/ksJDS1bMvQXDTEzMDQyNTIy +MzEyOVowIgIRALdUC2rqvWDHbbubi8fAGNAXDTEzMDQyNTIyMzEyOVowIQIQfu7h +8OdMd2mDa8H0htUdehcNMTMwNDI2MDIxMzA1WjAhAhBVZm6G3aRoFxpKHcZRHq8R +Fw0xMzA0MjYxMzM4MzdaMCICEQCctX3dfUTcAnPXIP5d0KnQFw0xMzA0MjYxNTE0 +MzlaMCECEC5GqDaWvHZiZl7LveSt3hcXDTEzMDQyNjE4MjI1MVowIgIRAOnNuJEl +3hKJIVpzVo+XOocXDTEzMDQyNjIwMjE1NlowIQIQMZBAnXlzzqIIaAg4pAKmGhcN +MTMwNDI4MTU1MDM3WjAiAhEA/WNS+calnfA59XU/ZWU5NBcNMTMwNDI5MDIxMzA3 +WjAiAhEA8lHZNsh8BJoPnjF4jCeWuxcNMTMwNDI5MTExNzU2WjAhAhAIKvxGL225 +aqVInSwW5eAHFw0xMzA0MjkxMTU3MzNaMCICEQC5x4+xXuar9fL5+Z5XPK0uFw0x +MzA0MjkxNDI2NTZaMCECEDnBs11VEBq+TMnh6wYmHWIXDTEzMDQyOTE0Mzc0MVow +IgIRAOIBgkUI45sr6MsF6dlWvYkXDTEzMDQyOTE3NDgzOVowIgIRALM8YWry+BLC +wpS2coEy2S4XDTEzMDQyOTE4MjMxOFowIQIQdo1hzSm45AX2eKPjSXeO0BcNMTMw +NDI5MjA1MDUwWjAiAhEAuKKsFdXplLJl6u/D/T2sghcNMTMwNDI5MjEwODIyWjAi +AhEA/dsN7moNnsPUS66XJJbygRcNMTMwNDI5MjE0ODUwWjAhAhB6ewdmcaM58HhM +yxEoMfY/Fw0xMzA0MjkyMTQ5MjZaMCICEQCCBv8uZthKM57quWBRhoukFw0xMzA0 +MzAwMjEzMDVaMCICEQCoqF+c0ioSJBsJRjDpsANXFw0xMzA0MzAxMTAxNDdaMCEC +EEldhRBnqzT9kOBu1hhIhnUXDTEzMDQzMDE0NDI1M1owIgIRAO526NlWSm5eSq0/ +0gWOUEUXDTEzMDQzMDE1MDk0N1owIgIRAICpD6x8XTd14qtvmEHuZD4XDTEzMDQz +MDE2MTUxOFowIgIRAJX/A2pDlPkDrvVne0JrG+UXDTEzMDQzMDE5MjA1OVowIQIQ +KNzeMX/RzBoiyHn4YKbgcRcNMTMwNDMwMjAzMDA0WjAiAhEAnd/3z+N7aYdbpTJE +Ob/vQxcNMTMwNDMwMjAzMDIxWjAhAhBRJJaZcJ3vnM94mov6DwLiFw0xMzA0MzAy +MDMwMzhaMCICEQDErPohcG+gjeCjIRP00wA/Fw0xMzA0MzAyMDMxMTNaMCECEAvm +t1UEFcUxGZwKdkweYKIXDTEzMDQzMDIzMjUxN1owIgIRAOr8gD+nROsuVoG3RKFb +pWYXDTEzMDUwMTEzMzU1M1owIgIRAPS8DjumOWpVigj3N2iF28YXDTEzMDUwMTEz +MzYxNVowIQIQeYIEDkKrMzpoJ8iBCo+NyxcNMTMwNTAxMTQzNzIyWjAiAhEA2eKu +RKNdltt6a02DXMYy2hcNMTMwNTAxMTQ1ODMyWjAiAhEAw8FwxZGYttniBMtTz3kh +5BcNMTMwNTAxMTUxNzE0WjAiAhEAwaKhZYdfAghq+vGEJ1aMPBcNMTMwNTAxMTg0 +NzI2WjAiAhEA9N6nuUA927yvDeZbZrQPPBcNMTMwNTAxMTg0NzU0WjAhAhB+7+jW +wGrLLR/6PTrIxkNHFw0xMzA1MDExODQ4MTBaMCICEQCDQYOfhhgyCMVY3RpYeHcf +Fw0xMzA1MDExOTAxNDNaMCECEDT/7m2oG0fK6wm8I9C7prsXDTEzMDUwMTE5MjM0 +M1owIgIRALa6Ou9y3UhvSLghdmwP+eQXDTEzMDUwMTIwNTgwMFowIQIQHwQ+tnmy +hQuBR6i5YaUnIRcNMTMwNTAxMjA1ODEwWjAhAhBfS+3COkiw7Rd2fOo6ZisnFw0x +MzA1MDEyMDU4MjRaMCICEQDdEJYGuRGuIHGhnr8UZsRRFw0xMzA1MDEyMDU4MjRa +MCICEQCrpao5lfbF+JexwKEePBBgFw0xMzA1MDIwNzE5NTBaMCECEDfqH5pjnK+L +sXbSo0HlPycXDTEzMDUwMjEwMzY0OVowIQIQVsF3AQHThCtNv/3ibaSO3hcNMTMw +NTAyMTE1MjMxWjAhAhAq8BZXuxAzrWaxFAFJOkJxFw0xMzA1MDIxNDM4NDBaMCIC +EQDaLV35kR9Ho9WTYs91PBKqFw0xMzA1MDIxNDUwNTRaMCICEQDxBrAY3flwXz1I +sZVMCBNFFw0xMzA1MDIxNzM4NDJaMCICEQDgIgTksk6EdA/uqRGrE3nMFw0xMzA1 +MDIyMDA0MzJaMCICEQDhKZfZW+8oqPJenvQp3AOJFw0xMzA1MDIyMDIyMjZaMCEC +EDlPjGGG0efv+wpSVJ6rJQwXDTEzMDUwMjIwMzMxM1owIgIRAOOTXBkmE/zkhw1e +Gii1GU0XDTEzMDUwMjIwMzMzN1owIgIRALGUddW0kUdt4qUYnvfMTaYXDTEzMDUw +MjIwNDY0NVowIQIQNtagWHtL5n4QdJuSYCoRcxcNMTMwNTAyMjA1NjEwWjAhAhBp +EClezduGVpK1uoKwcRnxFw0xMzA1MDMwODEzMjBaMCICEQCzH0bxM+7ZgfPGAJ69 +l5/sFw0xMzA1MDMxMDU0NTRaMCECECIFWzzfCZp4JqkddeyNb5kXDTEzMDUwMzE0 +NTUzNVowIQIQbqOCgxTfvprve2prKP5m9BcNMTMwNTAzMTUwNjEyWjAhAhB2Ezkb +GhpynTpVcTNMCgrpFw0xMzA1MDMxNTA2MzJaMCECEElK3Xp9TCgVoZHIxgj1yKgX +DTEzMDUwMzIxMjUwNlowIgIRAM14JBq1ySGlsYmjECOV6SoXDTEzMDUwNDAyMTMw +NFowIgIRAPgDXOD8/Nk3jVk3NHfuPMkXDTEzMDUwNTIzNDk1MFowIQIQLM8t3T5w +uLevBiGgdYqeRhcNMTMwNTA2MDY1MTM4WjAiAhEAnQo9BZGubHMz2eBoOsaE/hcN +MTMwNTA2MTE1NDI4WjAhAhBpzBQd0XDB5hR5r+GnASpSFw0xMzA1MDYxMTU1MDda +MCICEQC2XN2SKKMq+aqMEhvma9F1Fw0xMzA1MDYxNTI1MjZaMCICEQDn3yB9ZKTI +lIC50+Efjs43Fw0xMzA1MDYxNTI2NDZaMCECEFMMR+vZg0puAyrlAK1Bf5UXDTEz +MDUwNjE1MjgwOFowIgIRAPCKWTSI4TsQXwMARiN5uSkXDTEzMDUwNjE1NTcwMFow +IQIQQ4e6W7URM/EBjumQ5VGj4xcNMTMwNTA2MTgwOTI2WjAiAhEAqO2TnBDVp5WQ +1gVWnt3GEBcNMTMwNTA2MTgxNzI2WjAiAhEArQ0xSJXL8uHdSZXi4QmlwxcNMTMw +NTA2MTgxODMwWjAhAhA3IzyC8CEwpNpm7CLZqmeiFw0xMzA1MDYxODMwMTRaMCEC +EFwlhJK4gt/fANMRLsvn6nkXDTEzMDUwNjE5MzExNVowIgIRAKNG17mt8VxIK15s +6iMig9wXDTEzMDUwNzEwMTYwM1owIgIRAKznFlgFUx+l0MNoaMTk8B0XDTEzMDUw +NzEwNDQxOFowIgIRAI6r7WSx+hE3gOC7pBceZZsXDTEzMDUwNzExNTAxN1owIQIQ +UWgaLKCSSQextkmrd1ucShcNMTMwNTA3MTUxOTA3WjAhAhBea3IVluByoTlrIAZt +D8GdFw0xMzA1MDcxNTE5MzZaMCICEQCESXzN0LIGzknGDfOePQ1xFw0xMzA1MDcx +NjMwNDFaMCICEQDZIiRnvn1I+YMiUDNvO64yFw0xMzA1MDcxNjQ5NTVaMCICEQDF +nRCfEKR2y/xs0B2WXk8sFw0xMzA1MDcxODE5MDdaMCECEDjk2Bxr+afujc4bdA7d +2pQXDTEzMDUwNzE4NDMzN1owIgIRAIyZog+TKy69aFgzWglG8wkXDTEzMDUwNzIw +MjQxN1owIgIRAK2TT6EEXoTsreQgxf0jip4XDTEzMDUwNzIxMTEwN1owIQIQGG+O +wCo7Oz+6mMQvzUb0yRcNMTMwNTA3MjExMTExWjAhAhABxjMq5ia4+5hbCvvGSmaE +Fw0xMzA1MDcyMTExMTVaMCICEQDAr8oWtm0WOIkWu3g1Xp3oFw0xMzA1MDcyMTEx +NDlaMCECEBR+Bhun45wAfeQ5Nf2OEvsXDTEzMDUwNzIxMTIzMVowIgIRANZ7yybc +RrUwbZzlvLbprOYXDTEzMDUwNzIxMTMwN1owIQIQHwcIGJEQywZlx2WFoFxeJBcN +MTMwNTA3MjExMzA3WjAhAhBF3PvGBU5AD+kHzk8i8TE/Fw0xMzA1MDcyMTE0NTVa +MCICEQD7Z/r1WTrKhFULjprbrC/TFw0xMzA1MDcyMTE2MjZaMCICEQC7lzK3mAGd +EbePOoM/7+YVFw0xMzA1MDcyMTMwMTZaMCICEQCbcsUTGGTG5sPrC5uDbdjyFw0x +MzA1MDgwNjI0MzhaMCECEG7BADLBJ0Ffn9fsJpjeQ5YXDTEzMDUwODA3NDk0NFow +IgIRAMVIR8bkJSnqFhb0KH5qDdAXDTEzMDUwODA3NDk1OFowIgIRAK7BuMoPDzlO +m31OVZC47NkXDTEzMDUwODE0MTAzN1owIQIQEHGYf1VCRgfAh+PrxTPFCxcNMTMw +NTA4MTQxMjI4WjAhAhAPr5xk5ys5mPIl5Jp/d46OFw0xMzA1MDgxNDE5NDNaMCEC +EAka1EAzR6aTBL8N8v19AeYXDTEzMDUwODE1NDgzMVowIgIRAK77VdV7br6vGf2c +2C8ub7oXDTEzMDUwODE2NDYzOVowIQIQP5Q4lXUffop0ZLpXE4zoFBcNMTMwNTA4 +MTgxMDUzWjAiAhEAmi4IfS8iWVpKp0JBlfjE3RcNMTMwNTA5MTMwODQ1WjAhAhBl +M8f5EA/wLXM+t81aGBIIFw0xMzA1MDkxNDAzNDRaMCICEQC04gUxIu6Ls2JlfrTE +f7V3Fw0xMzA1MDkxNDUzMTlaMCICEQDZXx945ox7eYxl2ZN9kdcoFw0xMzA1MDkx +NTI1NTNaMCECEB3PxVFJMo533zRjN5VlOHYXDTEzMDUwOTE4MTAzMVowIgIRAN3Y +uLw4cKwFRX+M/zN2yCIXDTEzMDUwOTIwMjcxM1owIQIQMXqi08aBjoFQ5EOubGtR +vRcNMTMwNTEwMDYzODI1WjAiAhEAplnw8B3/bbN2SKxvHGI9NhcNMTMwNTEwMTIx +MjQwWjAiAhEAtHzaJcbSeST24EuAmNFUEhcNMTMwNTEwMTQwMzI3WjAiAhEA3p2j +Z4Helb+HmG8gRC5AvxcNMTMwNTEwMTQzMDEwWjAhAhAEXxCp7QUR68FAlMeDx8oA +Fw0xMzA1MTAxNDM2MTlaMCECEHzKRJrd0TxOMsx8/4RqkUsXDTEzMDUxMDE0MzYy +M1owIgIRAI9PeOz5zidDjbUijIC3GJUXDTEzMDUxMDE1MDMzNFowIQIQH3HMf/HT +pyrABcwi/SrLQxcNMTMwNTEwMTgwMjM0WjAhAhB4pmsCrFZ7aReYJxAfcCVEFw0x +MzA1MTAxODAzMDdaMCICEQCxCST4IKHUR2qHoQ57mgC+Fw0xMzA1MTAxODAzNDha +MCICEQDeMfAmmqy4vc3XhIKz/yGAFw0xMzA1MTIxOTMwNDVaMCICEQDAyxIQvrhu +4EY3FU6qRG+wFw0xMzA1MTMxMzM1NDJaMCICEQCvQwQ7aNR7v0/5dOIM2XPrFw0x +MzA1MTMxMzM4MTFaMCICEQDaE0nwJHTgVEtiRTq/wmyBFw0xMzA1MTMxMzM5Mzha +MCECED1r4tx5evBneHIMAEb5HTAXDTEzMDUxMzE0MDA0NlowIQIQXbzhSOh0hM9H +G5lDlA3c8BcNMTMwNTEzMTQwMzA5WjAiAhEAthFi4gM8YxczlF4jjSJO9hcNMTMw +NTEzMTQxMjM0WjAiAhEAsF0p72lIPQXmTArVSElaYRcNMTMwNTEzMTQ1MjUyWjAi +AhEAg+ZXVXbmIPoCLQyqgYqlWBcNMTMwNTEzMTQ1OTU5WjAhAhA1HDtBSHsM9uwy +EO7q6yT1Fw0xMzA1MTMxNTA0MjNaMCICEQD602dlRxHo8/tD1CRwPB+9Fw0xMzA1 +MTMxNTE1MjNaMCECEB4UOXx1Rp4gpEW4J21DmOwXDTEzMDUxMzE3MjcwOFowIgIR +AL8FDNY5nN/8XS6h8LHx8mIXDTEzMDUxMzE4MjgzOFowIgIRALz10fbQfuovIpkY +7gZBvzoXDTEzMDUxMzE5MjE0OFowIgIRAP68N8Fj29zFOp58pULOJhAXDTEzMDUx +MzIwNDgwMlowIgIRAMN+hgnKmxujowXw33Sido4XDTEzMDUxMzIwNDgxMFowIgIR +APNeOKxSDqSVOAP6IZitc30XDTEzMDUxMzIxMDgzM1owIgIRAOVzfhrbEDHOU82s +wsy42GkXDTEzMDUxNDAwMjYzOFowIQIQXrXLhCCk2t4TxRmKwl//dRcNMTMwNTE0 +MDIxMzAzWjAiAhEAu/3LpfiUXRzblzu5bMHq0RcNMTMwNTE0MDkwNDI1WjAiAhEA ++2Pj2zv5rmkNhm4vTR1bohcNMTMwNTE0MTM0NzA2WjAhAhBurTTaVzqpaKCiX/js +lMglFw0xMzA1MTQxMzU4NTZaMCICEQDReYf/hPJm9UA8tAjfF6PsFw0xMzA1MTQx +NDEzMTVaMCECEB0C9tJMwTeJHNL6zqPALvMXDTEzMDUxNDE0MjcxNFowIQIQC3ji +l2DqQ4o4m02rENenQxcNMTMwNTE0MTgxNTMzWjAiAhEAu7UwfBE78CIrTnSxMHG/ +JRcNMTMwNTE0MjAwMTU2WjAhAhAKd0QWOaZj9QQl81kmp2kBFw0xMzA1MTQyMDAy +MDhaMCECEH735xettS1H3CDvx8Cm8OIXDTEzMDUxNDIxMDQwM1owIgIRALK1A4Jy +i7FaBmUduGHYZHAXDTEzMDUxNDIxMDgxM1owIgIRAIzfAEIYLGbToXbx8puh6TQX +DTEzMDUxNTAyNTgyM1owIQIQWQXQ5qS1OkNwGKixBYAIsBcNMTMwNTE1MTMwMzM1 +WjAhAhAaIbYxSTpHfSQcqsxDDE6RFw0xMzA1MTUxMzA0NDRaMCECEFbIpqB114IT +bTLvi+x+j0MXDTEzMDUxNTEzNDMyMFowIQIQSs9pJpRysKvxcwedm5yDEBcNMTMw +NTE1MTQxNjIzWjAiAhEAlNtwYEpOYByKB/kWU22oPxcNMTMwNTE1MTUxMjIyWjAh +AhBz1ViX8n4mEUONgSf2MyNmFw0xMzA1MTUxNjI4MTNaMCICEQCGHY2ixB4UlBh7 +82awLzs5Fw0xMzA1MTUxNjI4MjVaMCECEDhNc5Metiegv4tDVm5EuUwXDTEzMDUx +NTE2Mjg0NVowIQIQd3YrumwUHjnUmu635i2P7hcNMTMwNTE1MTgxNjE5WjAhAhAR +rVm0QfgvUlgEaLJPywUOFw0xMzA1MTUxOTMwMDVaMCICEQD+6T5ypSO9buV1zt48 +81HeFw0xMzA1MTUxOTMwNTFaMCICEQDjeKh3p2AUFOc9x5M41iyFFw0xMzA1MTUx +OTMxMTFaMCECEB9Cg9tMlTeUYgHk++8YE+cXDTEzMDUxNjEwNDc1NVowIgIRAKuK +y5PCMR3hYQVirqWQHqcXDTEzMDUxNjExMzc0M1owIQIQZXDu8rEr3j7nVNCm3ZKz +oRcNMTMwNTE2MTMxMTEzWjAhAhBtzT9aQ81+iEw1KhG/KjFfFw0xMzA1MTYxMzQz +MjNaMCECED/3WvkkoJItyBmk7pFM414XDTEzMDUxNjE0MDg1NVowIQIQZJwh1UPq +L0gjwKtuBtW0whcNMTMwNTE2MTQ1NTU2WjAiAhEAoqOdsaHx0lDy2XPpRyEnxxcN +MTMwNTE2MTUwNTUwWjAiAhEAm1Pu9hfYlxhLONZFfW3xVRcNMTMwNTE2MTUwNjAx +WjAiAhEAlg+7VKL1ob7ripAVRYEMHBcNMTMwNTE2MTUwNjM4WjAiAhEA6X0TjXhN +5mS1Ga62oq2g8hcNMTMwNTE2MTUwNjQ3WjAiAhEA7LLcn2tTorlwHDsLs+WudxcN +MTMwNTE2MTUzNTEwWjAhAhBKkj7v+ZBiVrAIF/LYVR4oFw0xMzA1MTYxODQxNTBa +MCECEAgdxuUnw8fAisa+yUAs6K0XDTEzMDUxNjIwMzI0M1owIgIRAOE4+RCiRWcM +uruKEup8ZzYXDTEzMDUxNjIwMzY0NVowIgIRAM468mSKhj8seH1jVOs9ttsXDTEz +MDUxNjIxMjkxNFowIgIRALOFwOO8mxK8zS01eIU07swXDTEzMDUxNjIxNDIxN1ow +IgIRAJrLDUr8KrHdXbZ8iP5+igcXDTEzMDUxNjIxNDI0NlowIQIQDVvJW96r5hiN +5yBriNqUkBcNMTMwNTE2MjE0MzE2WjAiAhEAwUCNfBAm0nyEPmdrqqeJ6RcNMTMw +NTE3MTAzOTEwWjAhAhA1kXdNzJ56Epwf0o7TpM4PFw0xMzA1MTcxNzQ5MjNaMCEC +EGEBKtSpkOfBbHXxKcDp9/sXDTEzMDUxNzIwNTA1OVowIQIQaV/XhHUAyWIS9VL0 +c+5dMBcNMTMwNTIwMTIzNDMyWjAhAhAFbGS0Bi5WzqN1HqcPnwORFw0xMzA1MjAx +NDAzNDJaMCICEQDX9EKZrk+7rDmnNpqFfdNaFw0xMzA1MjAxNzA5MTVaMCICEQDj +7MuxwytSlZ1m3bqaw4neFw0xMzA1MjAxODA5NTJaMCECEFjkv+4jCInhXnonasqu +8FwXDTEzMDUyMDE4MTMxNVowIAIPUeoRyr3X/+0bmV6GbaYeFw0xMzA1MjAxOTEx +MjlaMCICEQDdPCUhNUG8f5F6MsZ27jkZFw0xMzA1MjAyMjIyMzVaMCECED//Y4dV +12uMVJly/rCMZBgXDTEzMDUyMDIyMjI1MlowIgIRAJIQYwViZPA5I1zdaPETswcX +DTEzMDUyMDIyMjMxMFowIQIQen0lG22xjL92L3XqFu7jKRcNMTMwNTIwMjI0NjI2 +WjAhAhBNOB91ntRu7HZ7KilMiWRAFw0xMzA1MjEwNDQ3MjlaMCICEQCAw8iIAr9D +PXt1YveBUC6KFw0xMzA1MjEwNzMyMTNaMCICEQCYq/3xdrdVpgYME3s74rCeFw0x +MzA1MjEwOTAwMDhaMCECEDw5dHKW4FQN8cSxnUS7eE8XDTEzMDUyMTA5NTMwMVow +IAIPRMXqafYQsQjYGET7IQAdFw0xMzA1MjEwOTUzMDhaMCECEHiuw1sqaUmVJ+E7 +N8g0dMMXDTEzMDUyMTEyNDMxOFowIgIRAIRDC2NT9Xw3Gp0eSkpGPT0XDTEzMDUy +MTEyNDMyNFowIQIQAKafdwSy2djejwWZ3tAYTRcNMTMwNTIxMTQzNzA1WjAhAhBi +ZXpTbasKJXCbyDQK4DAYFw0xMzA1MjExNDQ1MjVaMCECEB3qjYaDcuUvWhZrgGP+ +m0kXDTEzMDUyMTE1MDY1NFowIgIRALD+RLes/O+xItwUHh59eHAXDTEzMDUyMTE2 +NTYwNlowIgIRAPtRx/xO+1RxuEBnT3+4HQgXDTEzMDUyMjA5MTI1NFowIgIRAKlk +xqzzbVvfFXMO1RlVN+cXDTEzMDUyMjEwMDk0MFowIQIQcQHcnnf67EEyMZ6j2iL3 +4BcNMTMwNTIyMTM0OTE4WjAhAhB4Jla+3S5DZ2UZTwy0AcXDFw0xMzA1MjIxNTQ1 +NDZaMCECEDmJZWkNBIy5SG42FYNMb3IXDTEzMDUyMjE5NDM1NFowIQIQVw92tPN3 +N43vFnWxTls0XRcNMTMwNTIyMTk0NDIwWjAhAhBgzc/mqd+gbzK7O5oNLu4vFw0x +MzA1MjIxOTQ0NTBaMCICEQDkw4QHJDu62hz6/7PHNrOsFw0xMzA1MjIyMDExMzVa +MCICEQDSAHCmbT16NOSHJjXwCQ59Fw0xMzA1MjMxNDQwMDFaMCICEQCHFSIDZeOh +tSHYSixYfW0nFw0xMzA1MjMxNDQwMThaMCICEQD5fgzh+hzT05agQSRXt/I3Fw0x +MzA1MjMxODMxMDJaMCECEGlX9Ean6VWQ4aMdEXyL7BEXDTEzMDUyMzE4NDIwMVow +IQIQckSOMwaEpdFV3qjpeuBz4xcNMTMwNTIzMTkwOTA1WjAiAhEAmqxKFfaTC5mx +zpS/zF55OxcNMTMwNTI0MTE1NjI4WjAiAhEAqfebtNJCnpzekUIBdqxLYBcNMTMw +NTI0MTM0NTU1WjAhAhBYkvTeEH4CLFVCFaAwqTzZFw0xMzA1MjQxMzUxNDNaMCIC +EQCFs7Y4Tz0lXf9SU1Zgbem9Fw0xMzA1MjQxNTQyMzNaMCECEES1sEhsF7jZeorm +DoK22tQXDTEzMDUyNDE3NDkzNlowIgIRAIuMI9sNBKB34nDH5k4Oe2kXDTEzMDUy +NDIzMzQ1MVowIgIRAM0AxMSsN/Mf75m1ivoyMhkXDTEzMDUyNTIxMjgxMFowIQIQ +Cfh0mmPgwRu443UERG4jGxcNMTMwNTI1MjE0NzUzWjAiAhEAl8n3O1ArvcDzJtew +OWLm6RcNMTMwNTI2MDIxMzA4WjAiAhEArAH23YLcY11wMetfS5fT3BcNMTMwNTI3 +MDgyNzMzWjAhAhAEyDJcAPerAELKWbPIzyGhFw0xMzA1MjcwODI4MzJaMCICEQC5 +lW2XPmkffxX37slmzu3EFw0xMzA1MjcwOTAyMzJaMCICEQDzruur2us68T22n24c +1VB8Fw0xMzA1MjcxMjAwNDRaMCECEEW+GvPBryv9xgSswlgzRwgXDTEzMDUyNzEz +MzA1NFowIQIQEKfw1xtAMb3o9joot3a2qRcNMTMwNTI3MTUxNzU1WjAiAhEA7WW7 +Hl1o19wfSDp4Tbk/NBcNMTMwNTI3MTUxODM4WjAhAhBq3Kv4v+ciGv7ZyWEXefsI +Fw0xMzA1MjgwODAyNTRaMCECEDCjX4l/hnrFq2FpZAWGIY8XDTEzMDUyODEzNDY1 +MFowIgIRAKCKgP5wrj5nh8XLhBPSNVIXDTEzMDUyODE0MTc0N1owIgIRAKxcmVyF +o+5uQdEQPKlJ/q8XDTEzMDUyODE1MTQwMlowIQIQPi6P3kQHuCieHylj7w0/wBcN +MTMwNTI4MTYwNTQxWjAiAhEAsnMFJMEAENqS/1462laxEhcNMTMwNTI4MTkwNDQ0 +WjAiAhEAjSSDPn9CRbaqi8L+FwlOkxcNMTMwNTI4MTkwNDQ3WjAhAhA0yM7b4sJk +SEEJRZqQefwcFw0xMzA1MjgyMTMyMjhaMCECEFng7JGf5VZxjtcMgQatkbUXDTEz +MDUyODIxNDExMVowIgIRALPQAIoglIW6M9KMmpLVnBYXDTEzMDUyODIyMDIyM1ow +IQIQTrh3GLN6jAWKliwtmmtztxcNMTMwNTI4MjI0NTAwWjAhAhBPR9JuMh41lxcU +Vzxi+9eXFw0xMzA1MjkwNjQzNTJaMCICEQDJBtIYwAsCJ/xEcXoTCbbnFw0xMzA1 +MjkxMTI5MTRaMCECEAmjzTzHVgjr+IrPm+ZlgoMXDTEzMDUyOTEzMDkzN1owIgIR +AMRBWxD3iQ56ZTQY7sPLtrYXDTEzMDUyOTE1MjkwOFowIQIQD+t/v1aoTePv9T/u +kYRzZhcNMTMwNTI5MTgzNzQxWjAhAhAfFircU7jozZ746x+SZMgEFw0xMzA1Mjkx +ODQzNDNaMCICEQCUSZ4gxM+eeh4QKBAphq/mFw0xMzA1MjkyMTE3MTZaMCECEFVt +BwCl5jGUbrxhG5oF4ZcXDTEzMDUyOTIxMjA0NVowIQIQRCywJtIW6kUfv6AYTNeu +HxcNMTMwNTI5MjM1NzE4WjAiAhEArxkOOlSk6y382LNevJifWBcNMTMwNTMwMDc0 +MDEwWjAhAhAm18ou7ix6kf/kkmOSXCabFw0xMzA1MzAwNzQxMjNaMCICEQCopgur +XPEDlHrYw71hpXMaFw0xMzA1MzAxMTQzMTBaMCECEExHsRbcRuNCTHcFV3vtfegX +DTEzMDUzMDEzNDAwNlowIgIRAIGe07qzWdp6379CaEbU8BMXDTEzMDUzMDEzNDAx +NVowIgIRAPHKNFTUKVujV9M2TaU7utEXDTEzMDUzMDEzNDAyM1owIQIQae9FhZbb +9CdnksgZLz8LOBcNMTMwNTMwMTUyMTI0WjAhAhAyOVBrA2CDUod9iOyHnH7CFw0x +MzA1MzAxNzI1MzNaMCECEDzNJ+jzTzsnuGh87wzZJ+AXDTEzMDUzMDE4Mjk1N1ow +IgIRALyYXl+sO/6f1uoACu1RvHAXDTEzMDUzMDE5MDkxM1owIgIRAO0tIWTi53yC +DtJ/vKO2WDEXDTEzMDUzMDE5MDkxNVowIgIRANlOBPXsEfdmgwzTrLalw7EXDTEz +MDUzMDIwMzMxMlowIgIRALkpNdPc3aoVSmMQHwJALP4XDTEzMDUzMDIxMTgzOFow +IgIRAOiPvz2ZsXDUpnlmrw5LVlUXDTEzMDUzMDIyNDIyNlowIgIRANAdqkVvymcJ +9agpiemIhewXDTEzMDUzMDIyNDMwOFowIQIQPHd0UlVQbI4R7APSXjmQNRcNMTMw +NTMxMDIxMzA0WjAgAg8/CA/ukbmaCtshSLfHmHEXDTEzMDUzMTAyMTMwNVowIQIQ +Dv7TI5hkAgjCSXmjWw6NFxcNMTMwNTMxMDgzOTUwWjAhAhAODYMjqg3PFIEexlyz +HgzEFw0xMzA1MzEwOTA2MDdaMCICEQCYGF1Xa96R1feLVqFuxd89Fw0xMzA1MzEw +OTA2NDZaMCICEQDK89uOTheYUOP8rkJJBVUTFw0xMzA1MzEwOTE1NTZaMCECEHnL +ovzecHOTqVh08dO1mSkXDTEzMDUzMTA5MjMxMVowIgIRAPL9d/zGV1GUXTWqdFn1 +GjgXDTEzMDUzMTA5MjMzOVowIQIQIKGx7EVnh4HwsTEGwYxquxcNMTMwNTMxMTMw +ODEyWjAiAhEAh5gG1WTbyzPDtQOjSwVWxxcNMTMwNTMxMTMxNDM3WjAiAhEA9ofp +5k0QcIEVvtMa3XbsGBcNMTMwNTMxMTUyNTA5WjAiAhEA/RCZ6RsZccjfIreyZvkG +4RcNMTMwNTMxMTUyODIzWjAhAhBF4YdwwNZfRE/Mm/BkTaikFw0xMzA1MzExNTMw +NDRaMCECEHIDfWYeiknnz8FJnd1+Yf4XDTEzMDUzMTE2MDUzNFowIgIRAJGgznhu +dXJ2r85z1yH590cXDTEzMDUzMTE2MjIyNVowIgIRAMftfDg6om1UCQ0LCvABVTUX +DTEzMDUzMTE4MDU1MVowIgIRAJjYZ0497s8gjdP4WzGSb5gXDTEzMDUzMTE4NDMz +NVowIgIRAJZeZ+iFNCM2a6OsRX6UPSQXDTEzMDUzMTIxMDIzM1owIQIQSogb44Q1 +pVKI0dOxvAkKhRcNMTMwNjAxMDIxMzA1WjAiAhEAz1xxl0GO1Aq62aGlCa4XNRcN +MTMwNjAxMTQzNjA4WjAhAhBMXlJ2fciWza5Upz+Yn5aJFw0xMzA2MDMwMjEzMDda +MCECEHr5oT6bJWzvWWH9tFqmPikXDTEzMDYwMzAyMTMwN1owIgIRAOoo4SJYqkdb +N9bP4wZB2ZkXDTEzMDYwMzA5MTUxM1owIgIRAIdqCGUi6JWyXV//1/BA9JMXDTEz +MDYwMzEwNTMxNFowIQIQFTB4HMEVIeL/5fZs5ObHixcNMTMwNjAzMTEzNDM1WjAi +AhEAsvFOBvHFlrJ+dE8pq3SS1xcNMTMwNjAzMTUyMTAyWjAhAhBefeaYFYv3nGfy +9JNotOOZFw0xMzA2MDMxNTQ2MzdaMCICEQDTRN57ztnDpjQxeSKjUJ+3Fw0xMzA2 +MDMxNjIwMTdaMCICEQDe2gyfHyGUkXriKRjGw9euFw0xMzA2MDMxNjIzMzBaMCEC +EF3IhOKt4Gxp2BY7VcnACwYXDTEzMDYwMzE3NTIyMlowIQIQa+r8EU3jfOoza9RA +FEM3DBcNMTMwNjAzMTkxODExWjAhAhBlHcxBUkfOg94DbP7bcA7oFw0xMzA2MDMy +MDA1MzVaMCICEQC8onRx3pkVV3FyjNnQfPJCFw0xMzA2MDMyMDMzMDJaMCECEH/G +E2hLB7tExokA1pmPOBIXDTEzMDYwMzIwNDMwNlowIQIQciM6kCYVDhyBKiNcV3Jx +OBcNMTMwNjAzMjA0NDE1WjAhAhBfudbId9GRS4IgdtSS3e18Fw0xMzA2MDMyMDQ2 +MDVaMCECEAhs8wOU9oLJMegpn4x+V5cXDTEzMDYwMzIwNDk1M1owIQIQLjhLsSWS +C0a7hQ5CUyjFJBcNMTMwNjAzMjA1NjA2WjAhAhBcKyc7OVq6HVyF4OdCXYlnFw0x +MzA2MDMyMTA4NDFaMCACDxPPW8LOCOThROfTxmnrqBcNMTMwNjAzMjEwODQ0WjAh +AhASRmc2w92QMudKufk78vgDFw0xMzA2MDMyMjMzMTNaMCICEQDHNZ05THEaf5+B +EL1KdAkvFw0xMzA2MDMyMjM1MjhaMCECEG8LWL9uR/laPq9l3SE93j0XDTEzMDYw +MzIyNTMxN1owIQIQAaLJ8u1vMIbD3RSZxrN13hcNMTMwNjAzMjI1NTE2WjAhAhBd +SB1WAdXIYwmEzG4wuXO0Fw0xMzA2MDQxMTIxMDlaMCICEQC+BowgfWegq46r8o6U +oWsyFw0xMzA2MDQxMjAxMjNaMCICEQDFyNCQjTRTi1j6ATAMQgKKFw0xMzA2MDQx +MjUwMDJaMCICEQCRenqrqMSAdJndRUGqZLSKFw0xMzA2MDQxMzA0NThaMCICEQD+ +H7YRKVc8BGWXXw/77KLzFw0xMzA2MDQxMzA1MjdaMCICEQCTLmrds01cZt9nHImo +xNs4Fw0xMzA2MDQxMzM1MTRaMCICEQCaXeo26EjfTGoe4LdaY1EOFw0xMzA2MDQx +MzQ0MzNaMCICEQCwhUKUxVNQwyOuIaWuhZ5sFw0xMzA2MDQxMzQ3NTZaMCECEDMb +nJ2/SaEx2x3HNGEH8xgXDTEzMDYwNDE0MDI1OFowIgIRAPP2yOUcmnKPuy6XNTMZ +UaQXDTEzMDYwNDE0MDkwMFowIgIRAKDM7yiD/VDTdKXGOevKXH0XDTEzMDYwNDE0 +MTAwM1owIgIRAKeTW8YlJtaCpwXIYif8nUMXDTEzMDYwNDE0NDMzMFowIgIRANFj +8tbAgD2sejq6q6a26Z0XDTEzMDYwNDE1MjIzMlowIQIQG8Lp2rPKqqJztErQ2s9D +7hcNMTMwNjA0MTYwNzM2WjAhAhBxujcZZj3E9oH4Uxv6OzS7Fw0xMzA2MDQxODM0 +MjRaMCICEQCJYtyNmj3u+oeNO2jEGFipFw0xMzA2MDUxMDU4NTRaMCECEHp0hXjq +0Efd/bcKA4P51DsXDTEzMDYwNTExMzgxNlowIgIRANk6w2wyg7iOIQ9bfG0Jn30X +DTEzMDYwNTEyNDMzNlowIQIQAIf6GTHxBvSvbg/ozTCSIhcNMTMwNjA1MTMzODAw +WjAhAhBdYps2aCRGkXj4BNMTpwndFw0xMzA2MDUxNDM5MDZaMCICEQCcPotrd1Xe +UTzIXKvkPWxZFw0xMzA2MDUxNDUzMzRaMCICEQCtt1TRPx/ek16ijwZ5kD9+Fw0x +MzA2MDUxNTAxMDFaMCECEEr6zeNotRTYHDoJDEpF+ZkXDTEzMDYwNTE1MDEyMFow +IgIRAOO1T16G94FffnA4T0UOgnwXDTEzMDYwNTE2MDY0OVowIQIQb+YYOYqY5SFs +gVOoblOEdBcNMTMwNjA1MTYwNzQ1WjAiAhEAk+Wi+bHgcUnK5p25ddK3ihcNMTMw +NjA1MTYyMzM2WjAhAhBEf/ogjxKOAW38RgObOX63Fw0xMzA2MDUxNzMxMTVaMCIC +EQDAxgxcCTPFcdLEw+Q0ZuwJFw0xMzA2MDUyMDMxMjhaMCICEQCDdc9LkYX+4XQl +nBjz4xxXFw0xMzA2MDUyMTE4NDhaMCICEQDvabxUcLn6T1vCmsBL6/b2Fw0xMzA2 +MDYxMDU3NDBaMCICEQDAhdynxsKEvpLXtuC7H+iZFw0xMzA2MDYxMTE1NTJaMCIC +EQDopk6lh7vp93dUWIHPt930Fw0xMzA2MDYxMjAyMzRaMCECEEzt17ncOppxiDG7 +EEA/Ay8XDTEzMDYwNjEyMzM1MFowIgIRAOMFEQTxxZXw3Wk6+hb0Oq0XDTEzMDYw +NjEzMDIyM1owIQIQX5gfTN/Jfs+FaBMj+VcmfhcNMTMwNjA2MTMyNDI5WjAiAhEA +zjSTmMOAi6Qdv6U/L+NWmxcNMTMwNjA2MTUyNDQ5WjAhAhAkPHT6Qjm/eTDBrlNA +IVI/Fw0xMzA2MDYxNTMyNDNaMCECEGDLI3WJTkrDnCcS2kbqo9cXDTEzMDYwNjE3 +MDIwOVowIQIQaELLI13L44nf7OegyOPL4hcNMTMwNjA2MTczODUzWjAhAhBa35rZ +ROve+Dr21Xn9L3qaFw0xMzA2MDYxOTUyMzFaMCICEQDTm+ArJuMnN1edJmiAB9VD +Fw0xMzA2MDYyMDM2MDNaMCICEQDohn7zZufzC3kzZjQpf7bxFw0xMzA2MDYyMDQw +MTZaMCECEFboLb/RAPtpWusG5BmIgv0XDTEzMDYwNjIwNDYzOFowIgIRAMM2yoSd +5l6YVL3CQbgZA+UXDTEzMDYwNzExMzU1NVowIgIRAIGQ+0yElf8RfV99kp4RWHcX +DTEzMDYwNzEyMDI1OFowIQIQL17fZB6FGn97FmNLq1ymaBcNMTMwNjA3MTIwOTQy +WjAhAhA8tZBVLGf7iM5Hy9Z2G/5wFw0xMzA2MDcxNjQxMzlaMCICEQDMz4SaD4nw +3JuFjCJW1t/9Fw0xMzA2MDcxODIxMDZaMCECEEmRYiIReY1t4geyq4d3AZgXDTEz +MDYwNzE4NTIzMlowIQIQMUNcWTLQDW5aMf5bMGMO9BcNMTMwNjA3MTk1ODUxWjAh +AhBUa1KpkePb+Xucitv22qikFw0xMzA2MDcyMTMxMjhaMCECEHUO9fNdLmEERRWU +UYwWMEAXDTEzMDYwNzIyMDY1MVowIgIRANahoYMrIvUyp5rKzlVMnN4XDTEzMDYw +ODAyMTMwNlowIQIQHQSEp2qrYRnA8DEhVy8SGxcNMTMwNjA5MDIxMzEwWjAiAhEA +gML0bqs3OYnxGyXRH3qJdxcNMTMwNjEwMTAzODQ0WjAhAhABuHJDKiKE1CV6FWWN +d4ByFw0xMzA2MTAxNDMzNTZaMCICEQCzibtU4zNGPRg8T7b92dk2Fw0xMzA2MTAx +NTAyNTNaMCICEQCcYRXpTpUyxp4Tnl0gp2eJFw0xMzA2MTAxNTI5NDZaMCICEQDi +d/FXVnPpMNVKjnFXhL6kFw0xMzA2MTAxNTI5NTdaMCECEH0ro55vYThTaLNbFbXV +CXkXDTEzMDYxMDE1MzUyMFowIgIRAItdqzq4VilDyqs7vpEm48oXDTEzMDYxMDE1 +MzU0NFowIQIQRuOLPgiHcnCV/+Cza3yoARcNMTMwNjEwMTUzNTUxWjAhAhBA5NyB +N59f5zIeXge1oroSFw0xMzA2MTAxNTM2MDJaMCICEQD8AmNxW3vD2antcI+IBMTY +Fw0xMzA2MTAxNTM5MzdaMCICEQC6Nc3DOfXLOnnn3gmoDx4FFw0xMzA2MTAxNTU0 +MTFaMCICEQDhRXTJtMywZxC4VdtZZz/VFw0xMzA2MTAxNjA0NTZaMCICEQC0e8er +QU5pdRa8KGwocMKlFw0xMzA2MTAxNjA3NDVaMCECEE6Q7BfB/OrZyQZiS3fHj7oX +DTEzMDYxMDE2MTAyNlowIQIQDysPutd3dZ2CeLw8kYpZ+BcNMTMwNjEwMTYzNzM2 +WjAhAhAQpsjFzhqzVNqq2WlycpqSFw0xMzA2MTAxNjU1NTdaMCECEBbRMoMPmgwf +zZAId8MS3TQXDTEzMDYxMDE2NTYyNVowIQIQV8vRuctwEUHoTz2QyI88kxcNMTMw +NjEwMTY1ODE1WjAhAhB/qCD39/VAe1dIzpZ++me5Fw0xMzA2MTAxNzM3MDhaMCEC +EG1gaTK6xa1VX9oG72t1YA4XDTEzMDYxMDE3NTQzMVowIQIQfoHkulHOp7OcMUNX +5z3JhBcNMTMwNjEwMTc1NDQ5WjAiAhEAgA3sk3izQjZ4oClZ/bE1uxcNMTMwNjEw +MTc1NTAzWjAiAhEAlAhUx9mBU79c1Yd20ajN5xcNMTMwNjEwMTc1NTIwWjAiAhEA +mjGdaN80Ticd2Xf7TiY8LhcNMTMwNjEwMTc1NTM4WjAiAhEA0nMkpZWTnCi00Ma0 +QDs8OBcNMTMwNjEwMTc1NTU1WjAhAhAdsDLrSQ1G/nsU7pIZsNfTFw0xMzA2MTAx +NzU2MDlaMCICEQD8G+V4yC3L8vzD8G/Lf/XMFw0xMzA2MTAxOTQ1MjFaMCECEGEa +ioZmCxurcDvQMzAPkNIXDTEzMDYxMDE5NDUzOFowIgIRAPCdz+TAQMPJxZn3bnTR +ASYXDTEzMDYxMDIwMjAwMVowIQIQOzX3M8QfWz+hreGFZw7w5BcNMTMwNjEwMjEx +MDI0WjAhAhBJf5UQ/eulvxGhDHW5vOhgFw0xMzA2MTAyMzU4MjVaMCECEGNbgOSJ +9pebLh7RVIgrnOAXDTEzMDYxMTAxMTUzMVowIQIQIUXCNWYyC3nRnCciSU8aqRcN +MTMwNjExMDc1MDA3WjAhAhAFpqFe02bT92Dkj8kcNNKgFw0xMzA2MTExMDIzMDVa +MCICEQD8EXPLrqXJMd+lZSyO9IWqFw0xMzA2MTExMTU1MDhaMCICEQC5TSc/P3Yr +HKQgXl+RpB7pFw0xMzA2MTExMjUxMDJaMCICEQD1YR3SY3bjQuzcBVwl3nqEFw0x +MzA2MTExNDAwNTdaMCICEQDJ1YMBmbaPMAfXfWVENezlFw0xMzA2MTExNDAxNTJa +MCECEG+acvIsboM7GmYMeXNwLdgXDTEzMDYxMTE0NDUyN1owIgIRAJOKgCVMg8x8 +CEJ0ivHkAjQXDTEzMDYxMTE0NDkxNVowIQIQC+E6QE+Yh9w1eNxsvpInGBcNMTMw +NjExMTU1ODAyWjAiAhEAtBtWSjpiQiKOFs5p81+3UxcNMTMwNjExMTc0NDM5WjAi +AhEA3a7LaG/EYlYzujitMSirJhcNMTMwNjExMTc0NTA2WjAiAhEAysEw7SOOW7iT +nZm9ughO9xcNMTMwNjExMTc0NTMwWjAhAhAqtX8r5lYU1WzN54E0nBFTFw0xMzA2 +MTExNzQ2MDJaMCECEGg+XEzeZ0VPengqAK7Ql3sXDTEzMDYxMTE3NDY1NlowIgIR +AKSXgemNnzMSv1eIA83/PgYXDTEzMDYxMTE3NDcyN1owIgIRAKtLHTrTen/UpO0o +b9/W1BUXDTEzMDYxMTE4MzYzNVowIgIRAOnIJG/kntuBNvysiocactUXDTEzMDYx +MTIwNDUzOVowIgIRAP76fHXDha1c3m9e1piqW/0XDTEzMDYxMTIxMjcyN1owIQIQ +Ps8pK/sH+Z34SZ1/KDEk2BcNMTMwNjExMjI1MTU0WjAiAhEAsRAda7Yt99LH6ca7 +bb9tMxcNMTMwNjEyMDI1OTE3WjAhAhBQX0SDHaqLV8oLByEdGkUPFw0xMzA2MTIw +MjU5MzNaMCICEQCX4mqwV9/LOi8lWsK6UsZ+Fw0xMzA2MTIxMjA0MTFaMCECED2U +k6/jLpT/FiA3cfLlXhgXDTEzMDYxMjEyMDQzMVowIgIRAMn8hxB5c5w06NMazyDQ +1oAXDTEzMDYxMjEyMTYxNVowIgIRAJRgPxZ6jJB18H16/8RN1XQXDTEzMDYxMjEy +MTYyNVowIQIQKB+S+516izwMMYIIomRGHBcNMTMwNjEyMTIxNjMyWjAiAhEAtGX6 +e0KvsmmBiPV8rLBAFRcNMTMwNjEyMTIxNjM4WjAhAhB+97EwtkoJnjfsn/3xk13L +Fw0xMzA2MTIxMjE2NDRaMCICEQC0a6swMjb3KHEfci+n8oWEFw0xMzA2MTIxMzAy +MjNaMCICEQDzzNnRpJaZyxEnSYmITeFnFw0xMzA2MTIxMzIwNDNaMCICEQD1N3wu +fJrdKqEWVZ6TrWVDFw0xMzA2MTIxNDE1NDBaMCECEDVFrFwWHz0pnBuRyBu1AacX +DTEzMDYxMjE0MTYwMFowIQIQSHXaG5eHS8vTT3X/2AoiKhcNMTMwNjEyMTUwOTEw +WjAiAhEAjvCspHn0jraNhQFHyHYANxcNMTMwNjEyMTUwOTI2WjAhAhB50yR3ds5f +7bkwE71iSoblFw0xMzA2MTIxNTEwMjJaMCICEQDandxfm8Hyyoc43DatGenQFw0x +MzA2MTIxNTEyMTdaMCICEQD/BwUQpaavIEDm9f0Ln7AsFw0xMzA2MTIxNTE2MTla +MCICEQC6V5g36rJOUBgfkcmJQIZjFw0xMzA2MTIxNTE3MzhaMCECEBn16tK2SOqf +mfwW3gC/yQkXDTEzMDYxMjE1MjczNlowIQIQJ8lxYPY2kUSbiGAN2p6U6BcNMTMw +NjEyMTUzNDE3WjAiAhEAmPElAANPIgsP4dpZdQS4wBcNMTMwNjEyMTczMTM1WjAi +AhEAnJreHGmC4VWGLL5EdfLwKBcNMTMwNjEyMTczMzAwWjAiAhEApZN58rPHK4o4 +6OhJNfnA4BcNMTMwNjEyMTc0NDI0WjAhAhBGlOXLGLsTjLZqFRS1VGDeFw0xMzA2 +MTIxODIwMTlaMCECEF4lg3wFKy9Fc2jyzjR9njAXDTEzMDYxMjE5NDQzNFowIQIQ +ISNFyCbWvzlPJlReucK2hhcNMTMwNjEyMjAwMjE2WjAhAhAf9C4IqBPRwafGARDN +0YZiFw0xMzA2MTIyMDAyNThaMCECEFluOuVcQBwMSDR5ouK5uxEXDTEzMDYxMjIw +NDA1MFowIgIRANYAItxKBWEwY/80pDEw0NQXDTEzMDYxMjIwNDI0MFowIgIRANdT +RD4xg7IWMnFUTT18/FEXDTEzMDYxMjIwNDI0NlowIQIQblXjvlUb/wt3NboHncyi +0hcNMTMwNjEyMjA0MjU3WjAhAhBCmwN0NKGxhDv7RRXmgfpgFw0xMzA2MTIyMDQ0 +MDdaMCICEQCoQGQI+EHKUtyOeTGQ00GWFw0xMzA2MTIyMDQ3MTdaMCICEQDg0N3X +0Bn+qNoyNvGhGGeeFw0xMzA2MTIyMzExNThaMCICEQCHQUSQVMGWmYdtgAW4taWo +Fw0xMzA2MTMwNDU4NDVaMCECEHG+hj+VKkQZ3N+lWJhwyyEXDTEzMDYxMzEzNTEx +NlowIgIRALMKhowB8eRNV0KmCwuX34YXDTEzMDYxMzEzNTEzNlowIgIRAKLSFtK1 +WHUy5FYK/Ex2vdEXDTEzMDYxMzE2MTQyMlowIgIRAJzwl8JqR7I/jlst7oE5HM0X +DTEzMDYxMzE2NDY0MVowIQIQH2U4fA/+KzgR9zox+ViMvBcNMTMwNjEzMTgwNjMx +WjAiAhEAsdkEnbFbHKUR48e8I9bzCRcNMTMwNjEzMTgwNjM3WjAiAhEA/PmTdXrA +x7tzAKX2JMjJSxcNMTMwNjEzMTgxMjM5WjAiAhEA4qtKW+25kdw4b4WLn+UrYRcN +MTMwNjEzMTgxMjQxWjAiAhEAktrd3R3CBASzMHUU/0RvgxcNMTMwNjEzMTgyMDI4 +WjAiAhEAnp5ZLt6HEyIzFkD63wqTzBcNMTMwNjEzMTgyMzA2WjAhAhAHsrdc5Tcx +mxE++D2e93IkFw0xMzA2MTMxODM3MzBaMCECEBAyvCrQzV0UnNr2+Ve/0nQXDTEz +MDYxMzE4NDgyN1owIgIRAKKFF4pfDFd1elrpt/d19UsXDTEzMDYxMzE5MTEyN1ow +IgIRAN9gsqkshVt/ZF5pqd7/HbMXDTEzMDYxMzE5MTE0NlowIgIRAIJ0vqjdLEMi +h6AclxM4r5wXDTEzMDYxMzE5NTgxNVowIgIRAKIE4BIksQeMsEfMznS+JwgXDTEz +MDYxMzIwNDQ0NlowIQIQX814p6XKFXU9ho8Vqch/5xcNMTMwNjE0MDAzMDIxWjAh +AhBd+ZoHHK2Ypd0dBMOXkXUfFw0xMzA2MTQwNjQ2MDJaMCECECRf4yOPOwlMAb34 +W4gCWDoXDTEzMDYxNDA3NTY0MVowIgIRAPzyVr6Dc42j4+JD2oAOq1wXDTEzMDYx +NDA4NTIzNlowIQIQNo/ah+xWc7Y2/OxVqCw4HxcNMTMwNjE0MTMwODMyWjAhAhBi +NXSVim//eNCGD828EgauFw0xMzA2MTQxMzE2MTBaMCICEQDhQ9dUDLmZuvZpgn6r +4Is9Fw0xMzA2MTQxODUxMDJaMCECEBI1vcJV6rpydx7GDLql6CwXDTEzMDYxNDE4 +NTQyMFowIQIQBPTmktp363AHm2OB2kG7yhcNMTMwNjE0MTg1NDI1WjAiAhEA1tIE +ZeP9uxCJ0YVCu3081BcNMTMwNjE0MjA1NTE1WjAiAhEAymT+Km88E36c5qUGsZbv +6RcNMTMwNjE0MjExNTQ1WjAhAhAHkHpsU8+dnPyABg+HI764Fw0xMzA2MTQyMTE2 +MDBaMCECEF/jPIfxYqvBQKLIfuXfYtYXDTEzMDYxNDIxMTgxOVowIgIRAOCiXJBo +cWjtOzDPeZU9XV4XDTEzMDYxNDIxMjYzMFowIgIRAP54g4gFEkvCbfGs4RhvLqIX +DTEzMDYxNTAyMTMwNVowIgIRAJajjwFYd25UL2OkILbtZ5YXDTEzMDYxNTE4NDI0 +MFowIgIRAJ8E/yQZRl6qZxBOap8Y3YcXDTEzMDYxNzE0MzU0MFowIgIRAKIfJ/M7 +clW5gGsfgkkiQDsXDTEzMDYxNzE2Mjg1NlowIQIQRMlDEsD4I+0dOR2fp+NPkRcN +MTMwNjE3MTgwNzU5WjAhAhBppqU2fi7muTl9tvkOeF45Fw0xMzA2MTcyMDI1NDZa +MCECEF5tSEI+saIrelolDWl7wz8XDTEzMDYxNzIxMTg1NVowIgIRAPfSJCgiKVod +MUc5UgngF2oXDTEzMDYxODA3MDM1MVowIQIQZkNBAwA+4Wm3jontO4B0IhcNMTMw +NjE4MDg1MjEwWjAiAhEAo7p5k3PcZ+wq9+S/1RR+oBcNMTMwNjE4MDkwMTEzWjAh +AhB2fXa4V7RtbroFhupcVb75Fw0xMzA2MTgwOTMwMDlaMCICEQC0XWEIdaiZhRbR +vJfiMLUaFw0xMzA2MTgxMTAzNTJaMCICEQCswEG6VDZaSZqXBGXp85qUFw0xMzA2 +MTgxMjAwNDJaMCECEHrG9FBqtZeO28L7DQHGgRYXDTEzMDYxODEyNTkwNFowIgIR +AMx6Cem/8zNPspBwlTWbYNUXDTEzMDYxODEzNDkxN1owIQIQPHE5DyU8CEmULs8m +dr9caRcNMTMwNjE4MTM1MjU5WjAiAhEA4NwvnNFMOdo+3k1ZimlQLxcNMTMwNjE4 +MTM1NDI0WjAiAhEAm8bZHQvZTQrC+0Hb/Lh1SxcNMTMwNjE4MTU0MjA2WjAiAhEA +wmuyFibACBRmVCf6yBlGUhcNMTMwNjE4MTU1NjEyWjAiAhEA69F712Qa3JkUAZ9J +I61thBcNMTMwNjE4MTYyNjE5WjAiAhEA3k6xUk7df4Gf6DBjT++d0xcNMTMwNjE4 +MTYzNjA0WjAhAhBqbbMwPiObD/ExWBQU0B25Fw0xMzA2MTgxOTAzNDNaMCICEQCD +YxAa8nqInkKUkr+lYHHLFw0xMzA2MTgxOTEzMjVaMCECEB05/B8FkP5csiz6dtgT +vtIXDTEzMDYxODE5MTUzMFowIgIRALsc1dZq14SJu2NhgTma+nAXDTEzMDYxODE5 +MTcxNFowIgIRAPlsizbXNNAop4RdyMZfUl8XDTEzMDYxODE5MjM1N1owIQIQJnjP +As7p0ZUrkT8uQ1ZydRcNMTMwNjE4MTkzMzQxWjAiAhEAnd9Hset1vsHecex7h1Ga +ExcNMTMwNjE4MTk0NjAwWjAiAhEAgACvv32tfuMXPbKGUIemqRcNMTMwNjE4MTk1 +NDA5WjAiAhEAo/AkydMoIyt6BRjrpxavQxcNMTMwNjE4MjAwNTA1WjAiAhEAvgpE +C7/2wB/32etD38kOzhcNMTMwNjE4MjAxNDM5WjAhAhAhovcoJ1L/Mt643n6wBbhB +Fw0xMzA2MTgyMDIxMjFaMCECEFZitb1769RnWcydnJRlW6wXDTEzMDYxODIwMjcy +NVowIQIQVAhYElLrWvBA/dG/NQEf0hcNMTMwNjE4MjAyOTIwWjAiAhEAhejcNxkV +MQ56hNih/Y6p+hcNMTMwNjE4MjAzMTA4WjAiAhEAjAcJLcrLtIjE8Q6UCDh1hhcN +MTMwNjE4MjAzMjEzWjAhAhBCbEcqEsCP/vwyMz0DH6oBFw0xMzA2MTgyMDQ0MzVa +MCECEGZQdoCh49V1/M9uMxjIGvIXDTEzMDYxOTA2NDMxNlowIQIQRjojWMhaNyD+ +Aed2uFgzERcNMTMwNjE5MDk0ODI2WjAhAhBMjbNcIm+y1OtS5Imb6q6GFw0xMzA2 +MTkwOTQ4NDlaMCACDzKVfFkr0s8ePsavDGOUexcNMTMwNjE5MTAxNzI3WjAhAhB9 +4w5pXappKE5XD+IzoimvFw0xMzA2MTkxMDE3MzNaMCECEBqpAhvjNw1yZxa3cr2l +g5gXDTEzMDYxOTEwMTc0MVowIQIQLf82cYvgVw31kH5XYicd/hcNMTMwNjE5MTAx +NzQ4WjAiAhEA3hDq0QWfxadjU90ZVvtIZBcNMTMwNjE5MTQxOTMzWjAiAhEAsT4y +nqKBd5lY0+BPUwD5UBcNMTMwNjE5MTYwODM1WjAhAhBkxwZYKiXiDphkDFQKea4y +Fw0xMzA2MTkxNjMwMjlaMCICEQDZim46zb3FA7zq0vwsrwrzFw0xMzA2MTkxNzM2 +MTVaMCECEGT6/z8xjC1W/rVFkJyu0HUXDTEzMDYxOTE3MzcxM1owIgIRAJePlw79 +rAhq1YSjwmOs8WQXDTEzMDYxOTE3Mzg1N1owIQIQaQuOMy8EWxdDr00jDO4pjRcN +MTMwNjE5MTczOTE3WjAiAhEA1YE8DVfH5ndfIM2J7L47ZBcNMTMwNjE5MTc1ODIx +WjAhAhAcL8+vEe6CtIu/80DpFBYzFw0xMzA2MTkxODAxMTVaMCECEBAW0kcddeHR +ZiWTgzP6zzMXDTEzMDYxOTE4MDExOVowIgIRAKkj2AA/owROcxxi8LHPm4cXDTEz +MDYxOTE4MzcyNVowIQIQCmx2wkwNxF8kXRrln1Fs/hcNMTMwNjE5MjAwNzEwWjAh +AhBp22cl3dq2Y4TRZ/TEawLdFw0xMzA2MTkyMTMzMjNaMCECEENwhnlgsQBS3NXZ +UeLxDVAXDTEzMDYxOTIzMDYxNFowIgIRAKB2FpBCsTFyBAVZDaMlMV8XDTEzMDYy +MDA0NTkxNlowIgIRAL0cHG+lncZ1jsh17jMQxJEXDTEzMDYyMDA3NTAzOFowIgIR +AMzdHIRuQ20KUMImSDPl1noXDTEzMDYyMDExNDIwNlowIgIRAOWK0FGXe4tfO0EY +bgcQNVkXDTEzMDYyMDEyMTMzNFowIQIQRi/8XsmItPjzwAcw1yNQqxcNMTMwNjIw +MTMwNDA5WjAhAhAxjM/bd7hsNMjaB7jWT+kjFw0xMzA2MjAxMzA0MTRaMCICEQDb +rSwLYudKDQMIOerr3R7kFw0xMzA2MjAxMzA0MjBaMCICEQClXe0m365T1Z/6g30M +J9g1Fw0xMzA2MjAxMzA1MDRaMCECECxFBpSb/yVtXNFwKuv/9OgXDTEzMDYyMDE0 +MzkyOVowIQIQR6K/+8CK8eG0ZyY0UKS5lxcNMTMwNjIwMTQ0NzEzWjAhAhAUZzpa +mvhDlShe093nPK03Fw0xMzA2MjAxNTQ2MzJaMCECECZQ9uJUoRutsn/wd7wLhM0X +DTEzMDYyMDE1NDYzNlowIQIQI5bV1+j0hq3ZZ7C9ug8cahcNMTMwNjIwMTg1MjIw +WjAhAhB6exWXFwb8IA6vt8thIqJ8Fw0xMzA2MjAxOTU1MzFaMCECEH+IWoPPxCpa +Buu71WWHD3cXDTEzMDYyMDIyMTAzMlowIgIRAKcrwA8zBFPOj96nDct1w1EXDTEz +MDYyMTAyMTMwNVowIQIQYpaD8Me9k9smF8idoRbX+xcNMTMwNjIxMTAwOTM0WjAi +AhEA7YlP8VNVNOA6b+DYvUjmcBcNMTMwNjIxMTI0NzAwWjAhAhB1LDzW9+8E/yBy +KkjXpJkUFw0xMzA2MjExNTA4NTdaMCECEF4cc8AQYtx6jRiCm8LfcjUXDTEzMDYy +MTE2MDUzM1owIQIQJkDcr06pQ4TvJdCQy7wqwRcNMTMwNjIxMTY0MDQ5WjAhAhB9 +r0AZk0b3DULFTbIT1KUPFw0xMzA2MjExNzMzMTlaMCECEG9w+HRdqOw3vJWKeW5V +fTAXDTEzMDYyMTIwNTQ1NVowIgIRAIILuXBJoq96rpGRj1PeAHIXDTEzMDYyMTIw +NTYxN1owIQIQUMxsVy/ica9b8cv9Ylik2RcNMTMwNjIxMjA1NzQwWjAhAhAUVhmb +kq6fSS4V53kl9mCGFw0xMzA2MjEyMTI5MDBaMCICEQDfZvbVEH2aqdSunRASJ4la +Fw0xMzA2MjEyMzA5NDNaMCICEQDtaxObFeEkiKYvDjuA9wnsFw0xMzA2MjIwMjEz +MDZaMCECEBAq7/xsxxydbWsBXPFK810XDTEzMDYyMjA2MTgwOVowIQIQGPUP9on1 +i2u4JmocUYpSYBcNMTMwNjI0MDIxMzA1WjAiAhEApAuSpWbSMqIaZDVgLWJluxcN +MTMwNjI0MDkzODUzWjAiAhEA6d3jqc00F7dWQMw7NU5/6RcNMTMwNjI0MTMwMzE4 +WjAiAhEA9Nih0/Oq8MnwSt6UKFDFRRcNMTMwNjI0MTMwMzMyWjAiAhEA2rwRpMDw +LyZ3+8yS+sUgAxcNMTMwNjI0MTYzNjQ4WjAhAhABbgSIs2geFWd5Z6oBTH5XFw0x +MzA2MjQxODI5MDhaMCICEQCnYLIQs4NXM08K6zZ045avFw0xMzA2MjQxOTA0MzNa +MCICEQCq17cwBZ6c0SSz2hfZOB2pFw0xMzA2MjQxOTA1MzJaMCICEQD7vg6GqabI +Te2sIuQgTV6EFw0xMzA2MjQxOTA2MDhaMCECEFzeFaYPIltmOayK+jqljPcXDTEz +MDYyNDE5MTk1N1owIgIRAOCHf/iK1eflCVihfAfoFfAXDTEzMDYyNDIwMDk0M1ow +IQIQRADkX45likPxbwSc+qAFhxcNMTMwNjI0MjExNTQ5WjAiAhEAkMtINNtzmq6c +etKqint9HBcNMTMwNjI0MjExNjM5WjAiAhEAmTTe2DmdYgKF7KtsLdgVpxcNMTMw +NjI0MjExODQwWjAhAhAKoyNb7LdCiJGrSPqaiX84Fw0xMzA2MjQyMTE5MTNaMCEC +ED1JgNY4CD0noajMRiGSUUYXDTEzMDYyNDIxMjAyN1owIQIQIJ1FSW4PFiwlPfF3 ++zpiKRcNMTMwNjI0MjEyMTA4WjAiAhEA0joT002oXvmiMDh89mlpoBcNMTMwNjI0 +MjEyMTQ3WjAhAhB71X1mgJYzDDlqgj1B4bpnFw0xMzA2MjQyMTIyNDhaMCECEFUF +UCBqxPlu1sD/5xQjQTMXDTEzMDYyNDIxMjMzNlowIQIQWQyBgYS2AG8A/Qi4L748 +0BcNMTMwNjI0MjEyNDUyWjAhAhA4yk9Z5TgllA2XxiXAaXSuFw0xMzA2MjQyMTI1 +MzRaMCICEQCwm5jwkCXMp5mBrjgieHkRFw0xMzA2MjQyMTI2MTRaMCICEQCLjUlG +Aho+/PxHgwk6ZRmqFw0xMzA2MjQyMTI2NDlaMCECEHNpGtMRhmkQHDTCerqRAW8X +DTEzMDYyNDIxMjc0NlowIAIPbx0PWNyQzzpjdv57JmK2Fw0xMzA2MjQyMTI4MTFa +MCECEDM51neQ8QrelwA3wfsOpPUXDTEzMDYyNDIxMjg0MVowIQIQDLDOn25ilLr5 +5BM9+l9W7xcNMTMwNjI0MjEzMTA0WjAhAhBX/BMiFEirBxVtyWOp4paGFw0xMzA2 +MjQyMTMzMjVaMCECEBqrDHFgUnxcMv1SefmwUL4XDTEzMDYyNTAyMTMwNVowIQIQ +eY7N7/4wu6Iop1AeuzuEABcNMTMwNjI1MDIxMzA2WjAiAhEA5FbHqUwjRtGi7kg4 +lPniKRcNMTMwNjI1MDIxMzA2WjAhAhB8tKv6R/7UdRVZUMJmIunNFw0xMzA2MjUw +NzI1MTRaMCICEQDygdGR3U13lHkhjo7IgOrPFw0xMzA2MjUxMDIzMDhaMCECEAtv +kLkPYB0q/WLLUTr4KVkXDTEzMDYyNTEyMjk1NlowIgIRAMQdjKWzhN8AtEMKz/Mk +5GQXDTEzMDYyNTEyNTMxNVowIgIRALEJEaCdnzmyLK5sEd2uwTsXDTEzMDYyNTEz +MjAxMlowIgIRAMINe37fgxrMMnqt2RWK/hYXDTEzMDYyNTEzMzI1M1owIgIRAI7C +4pxo7VaTbR1Wz18wnowXDTEzMDYyNTEzNTIzMlowIgIRALJNm1xvVrTj9VN3RqXw +cDwXDTEzMDYyNTEzNTM1N1owIQIQSxdz96rDnWS4Y4iK+d0Y7RcNMTMwNjI1MTQz +MjQzWjAhAhB9V7p/2eiES4aQOmfFP8LIFw0xMzA2MjUxNTAwNTBaMCECEE3QnOaW +VUYmkJP5UGTviwsXDTEzMDYyNTE1MTg0OFowIgIRAOuSf0vh+aDrDqDDJE5l154X +DTEzMDYyNTE3NTgxOFowIQIQemCrrAZRCwCb6bRGjBy7YxcNMTMwNjI1MTgxNTEy +WjAhAhAiVX4WJsJBFHs3V0Irge3WFw0xMzA2MjUxODI2MTNaMCICEQDisfJep115 +5kPG7D0iAFrpFw0xMzA2MjUxOTUyMThaMCICEQDDV8//P0xziJe3UqYdZy9PFw0x +MzA2MjUyMDE3NTRaMCICEQDC2HQN00SC65kQcoEuv2exFw0xMzA2MjUyMTQ1MjZa +MCICEQCgcJgCivE2KgcJngSuDVRZFw0xMzA2MjUyMTQ3NDVaMCECEBcpFS6PSpJD +K8yom87jCnsXDTEzMDYyNTIxNDgwN1owIQIQXa29o6ATtnulvvtITpPAoRcNMTMw +NjI1MjE0ODM2WjAiAhEAuzC1HbL19P/zxkb3sjJrphcNMTMwNjI1MjE1ODU5WjAh +AhAyByWt3+NZjyzKCetA8j6DFw0xMzA2MjYwNTEzNDhaMCECEGeIR3fKPrSH/IC1 +zH5nNOgXDTEzMDYyNjEzNTkyN1owIgIRANfbi5B5fFDARQQEJU669GwXDTEzMDYy +NjEzNTkzNVowIgIRAPYvJpIIvgNzD44Zdtv4M9gXDTEzMDYyNjEzNTk1OFowIgIR +AMPyhmcbCtL30ZN3iWhhbY4XDTEzMDYyNjE0MDIwNlowIQIQQIMd03dDBafEI8vS +i/YCSBcNMTMwNjI2MTQxNDI5WjAiAhEAs/bD9B/JEFEZXwbSUChHTBcNMTMwNjI2 +MTQyNjUyWjAhAhAmeZNR1Dkmfi/hyxy9ZTmfFw0xMzA2MjYxNTA4MzFaMCICEQDF +N9fQqkvbceBYYLZk6XVwFw0xMzA2MjYxNTA5MjZaMCECEEhDb4Lb77CQrTispMzW +2JEXDTEzMDYyNjE1MTIyNlowIQIQMxvA929Qgq8/vBIHHorXXhcNMTMwNjI2MTYx +MzIxWjAiAhEA0+DTEkVwIK3IVzAmy/OQfhcNMTMwNjI2MTYxMzI3WjAiAhEApoKK +1kgK+0x9rtwHP0CNxxcNMTMwNjI2MTYxNDAwWjAhAhBb6y6oogC+y0CeSEMG+65C +Fw0xMzA2MjYxNjM4MjZaMCECEB40uG8O0xo121p4RiEbHRkXDTEzMDYyNjE3NDg0 +MlowIQIQbxyZ8LJ5U5b9cJygQkZQ+BcNMTMwNjI2MTgyMTUxWjAiAhEAkZu0JgM7 +1CQEBBf+mMfvSBcNMTMwNjI2MTgyODE4WjAiAhEA5LQmWBaDGrf+frg6Rff1whcN +MTMwNjI2MTgzMjE3WjAhAhBPFpDnKN9WerWpS5NgU/5GFw0xMzA2MjYxODQ0MzNa +MCICEQDRG3QgKQkIW4SNyKH/ulDmFw0xMzA2MjYxODUzNDRaMCECEFTfQsQPtpMP +onVsR+c5aVoXDTEzMDYyNjE4NTczNFowIQIQVpThYEFcYestVNzg6wwO8BcNMTMw +NjI2MTg1NzU2WjAhAhBnjjrEI/d5l1xwGg/A4LLQFw0xMzA2MjYxOTU3MjhaMCEC +ED436mkKdNRgM1lwOgW3axgXDTEzMDYyNjIwMDMwMFowIgIRAO2rRn9vfOYkAt3T +4dbAcdwXDTEzMDYyNjIwMDU0NVowIQIQG1pdQyTIboUXOrmUon2aMxcNMTMwNjI2 +MjE0NjEzWjAiAhEA2/bPt6mRW5PRMWNzNjg8IhcNMTMwNjI2MjE1NzUxWjAhAhAe +vaPRaEND2uRi1uOEE2QPFw0xMzA2MjcxMDE5NDhaMCICEQDvhPyuY0vPTCXW9LQU +KyZgFw0xMzA2MjcxMDI4MzZaMCECEFdVXL989/cgxwbKD0jraCwXDTEzMDYyNzEw +Mjg0MlowIQIQR1LOlSE/cofCiUyDyHrQNRcNMTMwNjI3MTIzNzQ4WjAhAhB9YE7m +Eg41wA46auPK7ULRFw0xMzA2MjcxMzE3NTlaMCICEQCStupmDD8pU4nFW87oosp7 +Fw0xMzA2MjcxMzE4MDVaMCECEHNBRPhAFCCADEi3OlY8G3wXDTEzMDYyNzE0MzQw +NFowIgIRAI9YOa8jZU0Gvtyve/JMPvsXDTEzMDYyNzE0NTcwM1owIgIRANkqghhb +9w9pCoxznFLhe7wXDTEzMDYyNzE0NTkwNVowIgIRAINLqvx3rOGbtpDm6ZHCH3gX +DTEzMDYyNzE1MTIzN1owIQIQQ+05thvK4kog3F/sh7rmWRcNMTMwNjI3MTUyNjU1 +WjAhAhApD1485lwfpgiJMyrISQ9+Fw0xMzA2MjcxNTM1MTFaMCICEQDjWWByXAJ3 +2QHuvVD5aAL3Fw0xMzA2MjcxNzAwMzJaMCECEDnYcdYjCr+fLFWHSbg/aNkXDTEz +MDYyNzE3MzY1NFowIgIRAIMThol2ejcnBlAHGoXL7MsXDTEzMDYyNzE4NDEwMlow +IQIQDuxwM8InmnTBCJLs1QOQohcNMTMwNjI3MjMyNTQ2WjAhAhAr5Pxr4NAnrkRI +GULWvEsmFw0xMzA2MjgwODA3NTZaMCECEDG5RtDmqg/tQVBIvUgwxogXDTEzMDYy +ODA4MjY0NVowIQIQVLO1CrqWH1/bWHP5iXxehBcNMTMwNjI4MTI1NzExWjAiAhEA +tUajF5u60G3Vt3CQ0bXtOhcNMTMwNjI4MTMyNDMwWjAiAhEApf0auPIibZuGPB4L +z+OyiBcNMTMwNjI4MTgxNTQ5WjAhAhA0X8R6P///AMOePYP804eiFw0xMzA2Mjgx +OTE4NDNaMCICEQCLB/0Teq0pfdF/IqEHBmMbFw0xMzA2MjgyMDExMDZaMCICEQDf +dU0YVXDSy5XAJrvgBuv5Fw0xMzA2MjgyMDIwMzlaMCICEQDN13RmJJuuP1D952e9 +wT9SFw0xMzA2MjgyMDQ2MDZaMCICEQCAc/P+FjW0Dbag8JYSWCaNFw0xMzA2MzAw +MjEzMDdaMCECEEfJfzIGcP3t78sF69bijwoXDTEzMDcwMTAyMTMwNFowIgIRAIhY ++T183UlL41XN2J7DyzgXDTEzMDcwMTEwMTgzMlowIgIRAO8NAd0HaK0/4NEqDKcE +cnEXDTEzMDcwMTEwNTUxOFowIQIQCaOc3MbFVbF+Oz8iEmgeqhcNMTMwNzAxMTA1 +NTI2WjAiAhEAiGNUF0Y0MBSn1/Gc3cH2UxcNMTMwNzAxMTM0NzQ0WjAhAhBFdoxT +PqYzxbFHClsE6B/pFw0xMzA3MDExNjI5NDFaMCECEGZzhpzFhfJS2Hu7L86Flz8X +DTEzMDcwMTE2MzM0NVowIQIQYoQ098OIjRKLxmz3QVWSVhcNMTMwNzAxMTYzNjE4 +WjAhAhAfL/qCKduJy7/pGBvJ8L6ZFw0xMzA3MDExNjM3MjRaMCICEQDBzSAmzv9F +SgzBemqXMRtJFw0xMzA3MDExNzAwNDJaMCICEQDfWG7ljfCnSOpXfb603coVFw0x +MzA3MDExNzAzMDVaMCICEQDgfRxEBipRQoAt6KRu15kwFw0xMzA3MDExNzExMDZa +MCICEQD3CI5iuPXYDLtMf0j0uUASFw0xMzA3MDExNzEzMTZaMCICEQDp4TM0waAb +o4B2F7x1RMa3Fw0xMzA3MDExNzI2MzhaMCECEEmfq6tZkLrmPPx54D86DHoXDTEz +MDcwMTE3MjcxNlowIQIQfQq9qrIu12HqgWyo3qYdqxcNMTMwNzAxMTkyNjUwWjAi +AhEAo0nnP5DheeQXeXNztXK6KRcNMTMwNzAxMTkyNjU4WjAiAhEApLYIcK+h6fZs +QGyJ6iswpRcNMTMwNzAxMTkzMTI3WjAiAhEA0UZOJa17R9xGt0kO9ira3xcNMTMw +NzAxMjA1MjA2WjAhAhBWB78YGO0L9q1lwC7CcoMOFw0xMzA3MDEyMTI5NDlaMCIC +EQCWgwEgljs6iyNS1LKNQ7HxFw0xMzA3MDEyMjUzMTRaMCECEE8NeBK1ZZBg23Nz +J10BY94XDTEzMDcwMTIzNTMzMlowIgIRAOjXUoXIYeRuM3hd+c/+H1sXDTEzMDcw +MjA4MzUyM1owIQIQDG8sLEo37zXRxtWW7cyrzBcNMTMwNzAyMDgzNTI4WjAhAhAC +D2z3Z7C33G9jZUQ4YiqxFw0xMzA3MDIwODM1MzJaMCECEDSs6AwwLjvbkpbq8Ubi +hcUXDTEzMDcwMjA4MzUzNlowIQIQLwHDTatyrktscg5z1GMhVRcNMTMwNzAyMDgz +NTQwWjAhAhAqhXDlmz4JEuhXiC40orN5Fw0xMzA3MDIwODM1NDRaMCICEQCDYz1B +5PCUQM7tKTmAPKbbFw0xMzA3MDIwODM1NDhaMCICEQDbLGyCJwqdNlWaOgMdd4nN +Fw0xMzA3MDIwOTU3MzRaMCECEHGzQcUaav+5cmxiK5GN1e0XDTEzMDcwMjEwMjMx +NlowIQIQGlLSmMg+5EKTfWz4wUUsiRcNMTMwNzAyMTI1MjM2WjAhAhBI/2SjDwh4 +BkaY5D8ruWXNFw0xMzA3MDIxMjU4MTBaMCECEHT7RkCc9CFiy4T2rYH7EyEXDTEz +MDcwMjEzMDIxNVowIgIRANa/9SBLx56HuJK26ZET8ekXDTEzMDcwMjEzMzAzNFow +IgIRAMQjOhNAtp2RO1raslxRJHwXDTEzMDcwMjEzNDgyN1owIgIRAMGYQd60yRxE +GLgszdSJUU4XDTEzMDcwMjE0MDE1NlowIgIRAM2kc2QGlt2+IjCq+F0ESSgXDTEz +MDcwMjE0NTQzNVowIQIQeCY6/pKl6FJvHYg9dsK4vBcNMTMwNzAyMTQ1NjQ2WjAh +AhBje+k0AA23mUDILt+XnEfeFw0xMzA3MDIxNDU3MDNaMCECEEFm6ItS0Pw9KKvs +97HLywoXDTEzMDcwMjE0NTcxMFowIQIQKQJBJCVguP3QWx1z40WOghcNMTMwNzAy +MTUxNzEyWjAiAhEAh1Y10LgsVp05WUg1QsP5vRcNMTMwNzAyMTU1ODQxWjAhAhBP +d7nkR9rl16pCiYsLArtmFw0xMzA3MDIxNjE2MTZaMCECECkPhJb28QUCpGOFPl/p +FdUXDTEzMDcwMjE2MjAwNlowIgIRAJwwTZVIrvIczytS2qEwT0MXDTEzMDcwMjE2 +MzA1MFowIAIPfx8Nm/CT7tUaLtdQ8Og2Fw0xMzA3MDIxNjM2MjlaMCECEHxb5Sm9 +BFNdYQTl5A5cQNAXDTEzMDcwMjE2MzcxNVowIQIQc7Iak30jttYVy9vqiA3KjBcN +MTMwNzAyMTcxMzIxWjAhAhBXR4PWPfLQFKrlzW4j/qL6Fw0xMzA3MDIxNzIyNDRa +MCECEFu3na269JFKMmbXVfQ7y0cXDTEzMDcwMjIwMDAzNVowIgIRAK33fEadyoNN +gpuTvTBlNX4XDTEzMDcwMjIwNDUzM1owIQIQTdLpU/RGmVtZdqm+1CMDlRcNMTMw +NzAyMjEwNDU1WjAhAhBW1R7idaOYTDkG3udaDpuTFw0xMzA3MDIyMTM0MzRaMCEC +EH9Gq6lflnBxawjnA6PIrosXDTEzMDcwMjIxMzQzNlowIgIRAMLHSSQCLoLXBS4F +5hZZbawXDTEzMDcwMjIxMzQ0M1owIQIQJ608sFPPPP16BJ6Q1tJIkhcNMTMwNzAy +MjEzNDQ3WjAiAhEAkwsw+GTkfBnTHQthfhMNpRcNMTMwNzAyMjEzNDQ5WjAiAhEA ++ymY4mGWItlSMNplsJFzsRcNMTMwNzAyMjEzNDUzWjAiAhEAkmIHNTAe9DC7ONVF +SbUMMxcNMTMwNzAzMDgzNzMyWjAiAhEA9H7KfL+UADUV6ZagzINd5BcNMTMwNzAz +MDg0NjUyWjAiAhEA/bTxCJx0vCGyMEShpkoh6hcNMTMwNzAzMTEzMTU1WjAhAhAL +TtpCE3vNtTx502HPl2+8Fw0xMzA3MDMxNDIxMTBaMCECEA6DLF9WLPF9bVLuS2ON +SyMXDTEzMDcwMzE0MjIxMVowIgIRAImbjwJVj3CvdU6keJhrWooXDTEzMDcwMzE0 +MzIzNVowIgIRAOebdoRTskke8tsOcj7xkm8XDTEzMDcwMzE0MzI0M1owIgIRAIfs +SzXcSwpYHklv7tuDCwwXDTEzMDcwMzE0MzQxNVowIgIRAKjFuuX1FgCb2izOQvxU +32UXDTEzMDcwMzE0MzcyMFowIQIQJDOuWM1G6V7JhgCGHH5s+RcNMTMwNzAzMTQ0 +MjU5WjAhAhBOwRayic6N86RxbnyHk1S/Fw0xMzA3MDMxNDQ0MTBaMCECED+7rQ4l +iL6FaE3udbmLmsAXDTEzMDcwMzE1MTI0NlowIQIQbt0myMIcV5w6wowjunYixxcN +MTMwNzAzMTUzMTE1WjAhAhBMd2rWmRW7o8s421ZeeFyrFw0xMzA3MDMxNTQ1Mzda +MCICEQDqBD18MZcq8eQj7GjI6AL4Fw0xMzA3MDMxNzQyMTFaMCECEGRtlal/w0Yn +2YJKe7YdKvkXDTEzMDcwMzE3NDMwNlowIgIRAMQhDzNwouott4i2IGeLn6oXDTEz +MDcwMzE3NTI0OVowIgIRAMyUPqJ1EngF+xud6CDSb6UXDTEzMDcwMzE4MTIxNFow +IQIQLcF/A2SUdzd8DW2N/Obr4hcNMTMwNzAzMTgxNDU5WjAiAhEA11c3WGrL1ZAH +pdLcDgqgNhcNMTMwNzAzMTkwNDUzWjAhAhBiXBhGrg5SHsqvxBjMR7h+Fw0xMzA3 +MDQxMTA2MTlaMCECEDpChuWVWadRD4bcd98HAzYXDTEzMDcwNDEzMTc1N1owIgIR +AKKM+cg6VxUGZoDjN80NGV8XDTEzMDcwNDE0MjczMFowIQIQeApZdVDA/5JHA2Ey +rXue9BcNMTMwNzA0MTcxOTIwWjAiAhEA+I9N0E1Zhp3CSrs5BKao/hcNMTMwNzA0 +MjAxOTU4WjAiAhEA/I6QIKQQeX2/tD6p2r4lPhcNMTMwNzA1MDc1MjI0WjAiAhEA +3ckE1TcBOJto9r1qNZEWpBcNMTMwNzA1MTAwNzI5WjAiAhEAgaMgzWKn/poeoqvG +czYpVBcNMTMwNzA1MTA1OTAzWjAhAhALeTseqfQxBd+naKeDI8AyFw0xMzA3MDUx +MTE5NDRaMCECECFCFzkExlswmq/VVBFHAzsXDTEzMDcwNTE0MTU0MFowIgIRAMFl +spQiU9Chv0ZkwzTD7sUXDTEzMDcwNTE0MTYzOVowIQIQMqexKkJ8OOG6TblCN7nL +GBcNMTMwNzA1MTQxOTE2WjAhAhAXy2Aq0D0ar3mKUHGxGk86Fw0xMzA3MDUxNDQz +MjNaMCECEEl2l7Ze1Y23AR7tfcIA8SAXDTEzMDcwNTE1MDA0OFowIgIRAMNkNhqP +BfIKn2CxpFagLRQXDTEzMDcwNTE1MjQ0MFowIQIQOGPZ+iDYV+w70w2hbw/ulRcN +MTMwNzA1MTU1NjAwWjAiAhEAwwO+Rp481P+7lZ5Hk3uzAhcNMTMwNzA1MTY0ODI0 +WjAiAhEAwVmUejOL+Be79k41+RNaRhcNMTMwNzA1MTkyNTQ5WjAhAhA3ihvADtRF +IYj78HF06t/eFw0xMzA3MDUyMDM4MjNaMCICEQC/+rGS2VLBFG0aAKfnWZ2OFw0x +MzA3MDYwMjEzMDRaMCECECJTpOJCW3H7hxU9DS+2t8QXDTEzMDcwNjA1MzUyM1ow +IQIQWM8F4qTPyAXRXYeDf4qm1BcNMTMwNzA4MDcxNjQ0WjAhAhAhPr12Vcoxp8HZ +2VBf0VvEFw0xMzA3MDgxMDQzMDJaMCICEQDzxAOVMeoucUtuHcLj+hMOFw0xMzA3 +MDgxMDQzMzhaMCECEEdgO4SYcdHu4Lx+PZ12DAUXDTEzMDcwODEwNDQxM1owIQIQ +Io9JFsrLjF7Z4AvNjWPA/xcNMTMwNzA4MTA0NDQ3WjAhAhA6/Rj8QJLpof5kZ9eH +Ib/HFw0xMzA3MDgxMDQ1NTRaMCICEQCc7aiWgbWEoZY1o5xnoma7Fw0xMzA3MDgx +MzMwNTFaMCECEF9I664aq9eZQM/7/aSCruMXDTEzMDcwODEzMzcwNlowIgIRAPV9 +7OGq57DcdvP/8p0NkPEXDTEzMDcwODE0MTA1N1owIgIRAJfyMzgxwCMcsZ2AXodH +epMXDTEzMDcwODE2MjgzNVowIgIRAPRGsGvP4m1JoeT8K4H6i6oXDTEzMDcwODE5 +MTMwM1owIgIRAMmd5TUA4qiRntj2rFge3OYXDTEzMDcwODIwNTM1M1owIQIQaIqd +YNcDBArXknkqVqS/FxcNMTMwNzA4MjIzNDAwWjAiAhEA9YV6wXI91rRflWEhsExS +6RcNMTMwNzA4MjIzNDI3WjAiAhEAkcUBlnbWJYP6s6wDAmwYkRcNMTMwNzA5MDE1 +MzA3WjAhAhB4r7Ag/V3JpWSrYNPx1/0eFw0xMzA3MDkwMTUzMjBaMCICEQDruAqK +zG+dR/SSVuaW+CcZFw0xMzA3MDkwNzIzMTBaMCECEEDSVXa3u73bNWl4Z6jUF7QX +DTEzMDcwOTEyNDIwNFowIgIRALXdxm65LRgUbNk+4o4HXu0XDTEzMDcwOTEyNDIx +NVowIQIQbGgkAqnYIFQ3CLOCB+J65BcNMTMwNzA5MTMzMzA2WjAiAhEApTUdttJl +olzXJmiZmnpwPhcNMTMwNzA5MTQxNjQ4WjAhAhB4Rc33OhAo+DSIJK82HM9XFw0x +MzA3MDkxNDMwNDFaMCICEQDSW2YnqzjO/PDNy2V1TB8lFw0xMzA3MDkxNDMyNTNa +MCICEQD46xJ/COC2/awan+D535okFw0xMzA3MDkxNDQ0NDFaMCECEG09GR0J3ni2 +IIwAzIm0JAkXDTEzMDcwOTE0NDUwN1owIgIRALThR/Yxzkmb3C0Fxu591/8XDTEz +MDcwOTE1NDMyN1owIgIRAOK+mt5+ymM1gmOjZWQFJfAXDTEzMDcwOTE3MTI0N1ow +IQIQX1gkYAyK7wh6vS/3p3WcKxcNMTMwNzA5MTcxODI3WjAhAhAtwlvY2VQYV+Kb +dAB+3v0HFw0xMzA3MDkxNzUxMTNaMCECEAhn9SUOcpfhqZpWDmBZmvAXDTEzMDcw +OTE3NTQ0N1owIgIRAKaXYKmcGbrO+BKjHPKb+oMXDTEzMDcwOTE4MjQwNFowIgIR +AP/IuZJSAl23sxuEmgpe6/gXDTEzMDcwOTE4NTEyNFowIQIQVPdZYi1uwio+pzKM +Dz3dWBcNMTMwNzA5MTkwNzU5WjAiAhEA1o1YLu+/jvcLSfPAE4aOERcNMTMwNzA5 +MTkwODEwWjAhAhBBZuE1158Zu5KuvizGT8w4Fw0xMzA3MDkxOTA4MjBaMCICEQDs +OU7dakNi/3hj9CyLBj/jFw0xMzA3MDkxOTMzMjNaMCICEQDL/tvHCDLjzHnZA8D7 +hFv1Fw0xMzA3MDkxOTMzMjhaMCECECIqxauDhraBfTaiRQdhZ1IXDTEzMDcwOTE5 +NDAzMlowIQIQMQLjwXOiYWB6W/ubSgYKcxcNMTMwNzA5MTk0MTQ1WjAhAhBoGHXw +kHxxuxy+q8/qSUt2Fw0xMzA3MDkyMDU3NTZaMCICEQDKVByRfn5VrpwItrGhrMLa +Fw0xMzA3MDkyMjAyMTFaMCECEC4Dxx3R8Cfn00iZMDCeQtUXDTEzMDcwOTIyMjMz +N1owIQIQZrg50NEdtBc/mMD6i+R4KxcNMTMwNzA5MjI0NjI4WjAiAhEAop95t84H +pF7uFV39+laN2BcNMTMwNzEwMTMyMDA4WjAhAhBISZ3U4G3jARh33iGr5syDFw0x +MzA3MTAxMzI5MzdaMCICEQDJMzQn4/OaNaah85QN/8qkFw0xMzA3MTAxMzM2MDVa +MCICEQClsSc17hfxWLTKedcNrUhWFw0xMzA3MTAxMzQzMjFaMCICEQCZvQkXWcXv +LonE8RcklSs+Fw0xMzA3MTAxNzU0NDJaMCECEBSeVK8H7IY8C9/zPo2M2xQXDTEz +MDcxMDE4MzM0NFowIQIQYeoJTIzu4UQKQauqAnK2txcNMTMwNzEwMTg0MDM1WjAh +AhAZrcVwoaM9zUDGDNK+TuwTFw0xMzA3MTAxODUxMjNaMCICEQCGCv/4FBqzlkUM +kTZw9W0jFw0xMzA3MTAxOTIwNDFaMCECEHLVVa/3RvkZEfN9i0taBc4XDTEzMDcx +MDE5MjYxOVowIQIQE/Mx4dsBqUstge7zyrwjwxcNMTMwNzEwMTkyODE4WjAiAhEA +nREp91am5o5qmgt1NGxdMxcNMTMwNzEwMTkyOTEzWjAhAhAG2DVkNqHAQp/D4H5y +MutYFw0xMzA3MTAyMDIyNDNaMCECECX3uLcT8aoXRum+rEbeUY0XDTEzMDcxMDIw +MjI1NVowIQIQF/eEehbHSDcNVLFTdplAWBcNMTMwNzEwMjAyMjU2WjAhAhAt4MIC +0wMhYOW9gRmXNYaUFw0xMzA3MTAyMDIyNTlaMCICEQD+/ilrMVtPBsiUBeQxoV8f +Fw0xMzA3MTAyMDIzMTFaMCECEDge1SqthQzauPBo6FaXtfUXDTEzMDcxMDIwMjMx +OFowIQIQb10fqO1QIfor10xmSCkUeBcNMTMwNzEwMjAyMzI1WjAhAhBqfnTYJsXM +WghWfcgx6u66Fw0xMzA3MTAyMDIzMzdaMCECEFU9mu/fZADlObIhZhXXVRMXDTEz +MDcxMDIwMjM0M1owIgIRAPWEt/3cjt5rrjKXUAm4a/8XDTEzMDcxMDIwNTYxMlow +IgIRAP40shuz8yATNQQt6GAriEwXDTEzMDcxMDIzMzk1MFowIgIRAIH3oaLIKTu6 +e5sfR0zVnn8XDTEzMDcxMTAxMzcwMVowIgIRAJkwg54ix6jMUQ4pIeMNedkXDTEz +MDcxMTAxMzczMVowIgIRAK3jhuWwhukgoyNaFMid6N8XDTEzMDcxMTA3MzUyOFow +IQIQBkjOTK4+JbxKEYHqvCKMiRcNMTMwNzExMDgyNTE4WjAhAhB58Fd+g68QB53R +o8ym33lMFw0xMzA3MTExMTQ2MjFaMCICEQChjfvABFjWNVdQUSMspBCiFw0xMzA3 +MTExMzU0MTBaMCICEQCJyvxwi9/xHDRtcwPIltE5Fw0xMzA3MTExNDQ2MTBaMCEC +EB4pMfyLbbQV9Qr1eATKf/8XDTEzMDcxMTE3MDUyOFowIgIRAIQHBGiL6Y7RJxeQ +SoqPoxwXDTEzMDcxMTE3MTY0N1owIgIRAMwz4AzP8r9nRwpc0zY2rKIXDTEzMDcx +MTE3MTY1NFowIQIQUFWtecsR7vlUbH3PmS8J4hcNMTMwNzExMTcxOTM2WjAiAhEA +4zxAklJqOF8B6JVS9Wb+dBcNMTMwNzExMTczNzAxWjAiAhEAq2Scv1vIYKLGj+KC +zWyu7xcNMTMwNzExMTgwNjAwWjAiAhEAqaVCa9+N3Vq3nmoNasqP1BcNMTMwNzEx +MTgwNjI4WjAhAhBv0acYbLoL70+hTced03MKFw0xMzA3MTExODA4NDNaMCICEQD/ +KCc1tNt3s9uJeYXHjbC6Fw0xMzA3MTExODM0MThaMCICEQCjc4495m9Zf5Hk3MJL +kqG1Fw0xMzA3MTExODU2MzVaMCICEQDRud4334qI6xfM/5qcW+hjFw0xMzA3MTEy +MDA2MDlaMCICEQCZHb8pz11ayyjDJUulVKovFw0xMzA3MTEyMDA4NTlaMCICEQDO +dTAsh3b1tvXpuDbyayGQFw0xMzA3MTEyMDA5NTVaMCICEQD6mBqMMrLw+Uh/qVw1 +mJXyFw0xMzA3MTEyMDEzNDlaMCECEGscVygHdcUaTbE3TaDKtg0XDTEzMDcxMTIw +NDgyM1owIgIRAPtkb/u8xK4l2stAqv+foU8XDTEzMDcxMTIwNTMyNlowIgIRAJeo +xI1lyUDn7HZevaiVoJAXDTEzMDcxMTIxMDYwOFowIgIRAO5xFrtaYDziAYsqUXy1 +ejEXDTEzMDcxMTIxMDkwOVowIgIRAKVb6tU9z2/ardo/YA3xeSMXDTEzMDcxMTIx +MTQzNVowIQIQHo/VixQkB2a8oKjwgw47txcNMTMwNzExMjMzMjA1WjAhAhAfnL6C +Yc1RB5bWeomvV/kdFw0xMzA3MTEyMzMyMTlaMCECEAxy4mGCVrKfpxTQDZEDgRAX +DTEzMDcxMjA2NDMxNFowIQIQenxeEwF7TKb7mrJf8ruXdxcNMTMwNzEyMDczMTQy +WjAiAhEAnSct2rTZUctgZlw/KyUKgRcNMTMwNzEyMDgyMDM3WjAhAhAYFGkfahgf +dFjM3yH8vjWdFw0xMzA3MTIxMDQxNTRaMCECEEgo0UZ2wOntTdzPwi9BfwAXDTEz +MDcxMjEzMDkxMFowIQIQA0o3WOZX+jRZ5T3O+olb/xcNMTMwNzEyMTMxNTMyWjAh +AhBwZH6LHJPFrQTTi3Ssh/baFw0xMzA3MTIxNDA4NThaMCICEQDG04ywLk1JdF9g +dJLqPe+hFw0xMzA3MTIxNTM0NDZaMCICEQC1TIm1mElEUtJ1IqUmnX6eFw0xMzA3 +MTIxNjA0MTVaMCICEQCHqI4LPs2u313cjpG2xnAgFw0xMzA3MTIxNjA0NDNaMCIC +EQDWTWk/jepqeBwzxk1iiEp1Fw0xMzA3MTIxNjI0MzBaMCICEQCjLDK66w4iugpw +x26ikp5GFw0xMzA3MTIxNjMzMzRaMCICEQCEpqNzDTGTlTywpHBuZzTlFw0xMzA3 +MTIxODA2NDdaMCICEQDJ2sIXvjUPcMHChJutrV8tFw0xMzA3MTIxODE5MjhaMCIC +EQDAIkqAPi29bR0GUIs/WguDFw0xMzA3MTIxODQwMjBaMCECEGQ2QDKbBT5s1qdb +6V2ib10XDTEzMDcxMjIwMDMxN1owIQIQc8YtUunNpxCpzzBuSC9sahcNMTMwNzEz +MDEzMzU2WjAhAhAVwxEZLXufNKD5IjQGzOuvFw0xMzA3MTMwMTM0NTRaMCICEQDH +t8pIU1Z7UqnTy6h/cVD9Fw0xMzA3MTMwMjEzMDZaMCECEH2HfgBkbWGcDUsHUikS +1DIXDTEzMDcxMzAyNTYwNlowIgIRAOmSYMiFrdb2lE2vVJpmHeoXDTEzMDcxNTA1 +NDkwM1owIgIRAIwWwQLpxypSdjBBdVSmHI4XDTEzMDcxNTEyMzIxN1owIQIQVNOG +n/z5fhd9d6Snp6Hm5xcNMTMwNzE1MTQzMTMyWjAiAhEA8mPLqDKhKbHhQ+WjkeBj +LRcNMTMwNzE1MTYwMzA2WjAhAhAZpK74j64IRUi532oYTXHoFw0xMzA3MTUxNjQ0 +MDBaMCICEQCknOhs+VdtOqOc7MW/+c11Fw0xMzA3MTUxNjQ3MDVaMCECEBvgKv5s +9GBt+bktpxsP2AQXDTEzMDcxNTE3NDkzMlowIgIRAPqrj15uBO9ESOIBbbS5S+gX +DTEzMDcxNTE4MzQxMlowIQIQZb9ykdhL2CTSap+B/JX1PBcNMTMwNzE1MTkwNzQ5 +WjAhAhAZkAzgUvrYATyN0Da1PfffFw0xMzA3MTUxOTU1MzZaMCICEQCVG6pnRIIr +5+Jmn0PBtJ9bFw0xMzA3MTUxOTU5NDNaMCECEFUUGDg1aAt8ZmRch3ctg8wXDTEz +MDcxNTIwNTYxNlowIgIRAJKhKUrSR4lv75zqD1i5IR8XDTEzMDcxNTIwNTY1OVow +IgIRANoCfWEGoZ/G1m/q/hWKWAgXDTEzMDcxNjAyNTQwOFowIQIQNcf7BdC8MIDV +1xS5uW2ArxcNMTMwNzE2MDYxMTAzWjAhAhBnkeiqKNj4pIc1VqPtBFIfFw0xMzA3 +MTYwOTU3MDZaMCECEAvrZI48v6g+jM/r5Olv8y0XDTEzMDcxNjEzNTAzMlowIQIQ +XEW7SOZqKzneX5XhcasoOBcNMTMwNzE2MTM1MTU2WjAiAhEAi2ULct36EAu8f220 +BZz/qxcNMTMwNzE2MTQ0MzUyWjAhAhB2KZTBuePqq6MiTnnQZxFoFw0xMzA3MTYx +NDQ4MTZaMCECEC+1d3i2AgHzYO6xsqcck1sXDTEzMDcxNjE1MTQ0MVowIgIRAN4a +w0AmKEs+whBgFKymXtEXDTEzMDcxNjE1MjAyNVowIQIQDuAfyhjuwstIxRL6Gzta +4BcNMTMwNzE2MTUzNTAzWjAhAhAYgYd5eAIP3EeWUVrPBNMQFw0xMzA3MTYxNTQw +MDZaMCICEQDNNWqAJ1m5z/9xJJl7xC6YFw0xMzA3MTYxNzAzMjdaMCICEQDr/ywQ +ioSk752pLm3dxJ8EFw0xMzA3MTYxNzIxMTBaMCECEE4npPiAWuKPXXDxGI8KPrsX +DTEzMDcxNjE4MTkzMlowIQIQB/KHOK0Fj6xOhjZ2gxemthcNMTMwNzE2MTg1MjA2 +WjAhAhBuopYRQlwLjPBUToHhEIkSFw0xMzA3MTYxODU1MDlaMCECECltzCXM7O7I +FuidTUV6XtoXDTEzMDcxNjE5MDU1OVowIgIRAN6nGC30PGHaM53fClZSITIXDTEz +MDcxNjIwMDU0OVowIgIRAI2uRGDOALtnscQGVK5ZuggXDTEzMDcxNjIwMjQxNVow +IQIQI/xH74DGMTQPuFsk30ZLSRcNMTMwNzE3MTE1MzM1WjAhAhA9k4YW+XXeJccp +XHLkiU2zFw0xMzA3MTcxMjI3MjlaMCECEDXcEBNzFEq3sLrJbRT/f5IXDTEzMDcx +NzEyMzE0NFowIQIQUYQk/YuI7Yn3jKEtCvYY1xcNMTMwNzE3MTI0MTQ5WjAhAhAs +6s9xPw4NxC2xQa9spfD/Fw0xMzA3MTcxMjQyMTZaMCECED1WkfGADK/r2Eyw4EVd +XgcXDTEzMDcxNzE0MDAyNVowIgIRAPvixzLYR5RGzQ9IaRPYLcgXDTEzMDcxNzE0 +MDQwNFowIQIQLoVCe2YH0/PeAAGdv4L6ahcNMTMwNzE3MTQwOTU3WjAhAhBtvjSm +yKrKGyCOqqT2AN5JFw0xMzA3MTcxNDEwMDdaMCECEEa2bayIh6P38p/4H2jk/isX +DTEzMDcxNzE0MTAzNlowIQIQTvgpCLk236JJX6W1aqY0ChcNMTMwNzE3MTQxMDQ1 +WjAhAhAJFlCE1r6kCNuPxv/al5LmFw0xMzA3MTcxNDMwNDhaMCICEQCvBwKzuQIx +dPFDNxyABsNQFw0xMzA3MTcxNDUxNTdaMCECEF+bcmT79dolEdOEeLCxnjsXDTEz +MDcxNzE0NTkyMlowIQIQPwKsiWgXydSHk0Pi0a7EGBcNMTMwNzE3MTU0NDE0WjAi +AhEAoUGqDYq6AaM8Trv4C3J3NBcNMTMwNzE3MTU1NTM4WjAhAhBWsjlxJcl/ehpU +YSEHwmMPFw0xMzA3MTcxNjQ5NDZaMCECEAQM/t7dxL/4oKD5ctXP4UcXDTEzMDcx +NzE3NDIwMFowIQIQdxyGkJtnnhLLXu5mV4Y70RcNMTMwNzE3MTgyMjQ0WjAhAhBh +WS5TgdpZbUaRhE0V2iuVFw0xMzA3MTcxODI1MzBaMCICEQC1EeNoJ8WpMQtxfPTy +lVJrFw0xMzA3MTcxODI2MTFaMCICEQDqg8kSqQkxx5V/E2+ysR6fFw0xMzA3MTgw +ODAzNDJaMCICEQDeSA4BKleLRyGfTSjSG6BLFw0xMzA3MTgxNTAyNDdaMCICEQCG +Ew9tX0nkxO2idiMPQbx6Fw0xMzA3MTgxNTE1MDRaMCICEQDkQpkisREHZNKtMugO +0AcjFw0xMzA3MTgxNTE1MTZaMCICEQC32rqSOICTdNOM6nxStnaMFw0xMzA3MTgx +NTM2MDFaMCECEHLO6JWqQZQpsjeVGepMhOQXDTEzMDcxODE2NTMyOFowIgIRAJEF +Pn9E95Eda70jWxWDUMgXDTEzMDcxODE5MDUyN1owIgIRAK29G450Yl5Owltj6Fpe +Yl4XDTEzMDcxODE5MTMwN1owIQIQA+F0eBPwRg+4cReprqtlxRcNMTMwNzE4MjAz +MTM5WjAiAhEAzEx1Im1YVHTlqI+A8m8xAhcNMTMwNzE4MjAzMTQyWjAiAhEAwlVD +DH4khp0CxPukNwumtBcNMTMwNzE4MjEyODA0WjAhAhAgWQ6utanGfdgxU8nUJpx2 +Fw0xMzA3MTkwMjEzMDRaMCECEF0oYMPNBsHI2Uo8FS63ZBUXDTEzMDcxOTA5MDY0 +MFowIgIRAJ3OR9OkTV4ySu7Nv6twuqUXDTEzMDcxOTExNTAxOVowIQIQLCUaqkzI +48QUfMj2K7DhjhcNMTMwNzE5MTE1MDI2WjAiAhEA9Ww5HhgPZ1f3mpa3XoLkUhcN +MTMwNzE5MTE1MDM1WjAhAhBsNN4F01uSFMF3Mh4YmLaxFw0xMzA3MTkxMjUzNTRa +MCICEQDsVTSGirhOj4l7IAAGnh0dFw0xMzA3MTkxNDE3MzdaMCICEQD35qbhqyDt +qkzAUYyuSovSFw0xMzA3MTkxNDIxMDRaMCECEGUoG63eIjEng99AkfZ47F0XDTEz +MDcxOTE0MjUyMFowIQIQURRg68S7DK3IWlNP4UgkmBcNMTMwNzE5MTQ0MjIyWjAh +AhA4CmiMiNCbd+oGaEo2VBM6Fw0xMzA3MTkxNDQ2MjFaMCECED15hnHW5E8o6XVC +B/oAslIXDTEzMDcxOTE2MDQyNFowIQIQFVHuafpU/VhN2QQKV9IVehcNMTMwNzE5 +MTY0MzUzWjAhAhBlg7SHuSE69HjXYf+fKbfFFw0xMzA3MTkxNzAxMTBaMCECEBth +7UthTuCninYsrA27xoAXDTEzMDcxOTE3MjAxMlowIgIRAJM1o/d9YSaIH48+r1iC +cCkXDTEzMDcxOTE3NDUwM1owIQIQD91mr0aJLaKmqtuSqcQqRhcNMTMwNzE5MTgy +OTAwWjAiAhEAoznWb6CB8fZmjILI+MCsYRcNMTMwNzE5MTgyOTM1WjAhAhAysi4o +mvn5n4q+c9nQQF7iFw0xMzA3MTkxOTQzMzVaMCECEBE6V4LElLRaRDCX4BL04a4X +DTEzMDcxOTE5NDM1MVowIQIQC9hkyn+EJpBqdvci2NGf6BcNMTMwNzIwMDIxMzA2 +WjAhAhA82MrSY3Wp3HlMc4/DZ0lJFw0xMzA3MjIwMjEzMDVaMCICEQDgp0hYFMNT +V2RUVmrySPY/Fw0xMzA3MjIwNzMzMzBaMCICEQDoLLTFSO/P1OUUJUA8zYevFw0x +MzA3MjIxMTE3MDFaMCICEQCCdfED+PEBZkF+2YDm1Sr8Fw0xMzA3MjIxMzQzMjZa +MCECEB+4gZYu0n1DHfzFiNNwJQgXDTEzMDcyMjE1MTMwNFowIgIRAMzYCCshBlh0 +YMWoKvfw8+QXDTEzMDcyMjE1NDY1NFowIQIQEn9rxslcu7FPY2HVd86WXxcNMTMw +NzIyMTYxMjQyWjAhAhBCq3HUM2R0dTrrT3UgNXflFw0xMzA3MjIxODExMTFaMCEC +EGevW1vlP72Opn9OPdH2Q6oXDTEzMDcyMjE4MjE1MlowIgIRAMWUPzxmurPiQk6E +/rOiImAXDTEzMDcyMjE4MjYxMlowIgIRAIU3fQ6UsIZNB8LHtav0of0XDTEzMDcy +MjE4MzM1MlowIQIQPJWi7UqXssulUPyVhAYnAhcNMTMwNzIyMTg0MDEzWjAhAhAE +nSAo+SaAP8FPdh/r65e5Fw0xMzA3MjIxODUwMzdaMCICEQCHp5DVKuKKxqtzzNDW +lwytFw0xMzA3MjIxODUwNDBaMCICEQDqvRgq2IMVbLtNM58W2CpgFw0xMzA3MjIx +OTAyMjJaMCICEQDlHCftB2ccih6YWH9shtt5Fw0xMzA3MjIxOTI2MTlaMCECEHcL +4xFYa8nN4O0+AV6BTCcXDTEzMDcyMjE5NDUwNlowIQIQHzL6+j0zNAWZIWxH3H4P +tBcNMTMwNzIyMjAyNzM2WjAiAhEA96QocF6CShdNbE1lTp4U1xcNMTMwNzIyMjEw +NDE0WjAhAhAHmxX1K6YQAahGFs2cvz+XFw0xMzA3MjIyMjI2MjVaMCECEH+gvQKv ++G+UShbTZf7VKIcXDTEzMDcyMzEzMzE1OVowIgIRAKRJeKXOXhH3RghrtkXQlT8X +DTEzMDcyMzEzMzMxOVowIgIRANLHWi3X0d4bvE9r7x29qncXDTEzMDcyMzEzMzk0 +NlowIQIQTUjigG1J82eM0P8s9BFtQhcNMTMwNzIzMTUzNDAxWjAiAhEA/RWZZXzB +TOLHUJcsZ39RahcNMTMwNzIzMTU0MjQ0WjAiAhEA1Sj+iM0Oo+JrZQbIrmOhRxcN +MTMwNzIzMTYxMTM5WjAhAhB8PplwVUkKxaWJbhezjxzgFw0xMzA3MjMxNjE2Mjla +MCECEEKMY12aTNFx0Ir2Nm2+BgsXDTEzMDcyMzE2MzIyNVowIgIRALv5fskXIKNb +jMd80bZcWaMXDTEzMDcyMzE2MzM0M1owIgIRANJUEradNAgjmIrIT93Fr0AXDTEz +MDcyMzE4MjQ0MlowIgIRAJJDjHF32UTtivI3vxqheNoXDTEzMDcyMzE5MTQzNVow +IgIRALUIjOX5XPaecAemQ+fSdwgXDTEzMDcyMzE5NDQxN1owIQIQTWx8jQQu2Qnz +6BRe8ThKJRcNMTMwNzIzMTk1NzUyWjAhAhAuKEaYiJrKH+GwuadRxjJ9Fw0xMzA3 +MjMyMDM3NDJaMCICEQD/LMWGQlysLiMBXxuib4x3Fw0xMzA3MjMyMDQzMTRaMCIC +EQCbN81JrVDMsH1mt2a2SM99Fw0xMzA3MjMyMTUxNDFaMCICEQD98KIfMXsvMrjg +5EkMOMQrFw0xMzA3MjMyMTU5MTZaMCECEHbTpA9UZUvIJIGm40/qjXgXDTEzMDcy +MzIzMzI0OVowIQIQLPnY8/tITSUnQyhFDcc6+BcNMTMwNzI0MDc1NzA1WjAiAhEA +7+ovTcobVZfV+vZ0hoZZtRcNMTMwNzI0MDgwMzIzWjAiAhEAz19p0ZVdmbpbyPmi +S4eItxcNMTMwNzI0MDkxMTE4WjAhAhAcRpV9bHu8Fofn0yhKtkW/Fw0xMzA3MjQx +NDE5NTlaMCICEQCBV2xgMRParbUVaHBwprroFw0xMzA3MjQxNDUzNDNaMCECEAOK +hbSfnhvPoPf6m/THWN8XDTEzMDcyNDE1NTYxOVowIQIQPToGAwo3Dd7fN4Iqhtub +4RcNMTMwNzI0MTU1ODU2WjAhAhBlNPx9VykXjpHq3B0KqkyBFw0xMzA3MjQxNjEw +MTFaMCICEQCaMc7NhtjadoFpgwlsTzt4Fw0xMzA3MjQxNjQzNDVaMCICEQD9imdQ +w8aDY8a+VF1brcUgFw0xMzA3MjQxNjQ0MjdaMCECEEQQqlF2kdCeqyppekD7eQ0X +DTEzMDcyNDE2NTcxNFowIgIRAM9tbzf0Qr8F/wXYEYh8sOIXDTEzMDcyNDE2NTcx +N1owIgIRANSeWX23hL43DbISvoJf0boXDTEzMDcyNDE4MTAxMVowIgIRAO/Ei9My +E5u13EkkZ+J2MsMXDTEzMDcyNDE4MzkyNVowIgIRAKRrHCHFsBc7DpCIzu8s3voX +DTEzMDcyNDE5MTE0MFowIQIQJ2EfvqZP5mzhUcZt74iStRcNMTMwNzI0MTkxMzM2 +WjAhAhAfmekkFkL0E2pZlphHJIo3Fw0xMzA3MjQyMDM5MzRaMCICEQC3UTNK+DU/ +CXrTraZfv/Q+Fw0xMzA3MjUwNjUwMjRaMCICEQDDNi1W2Op3wWhOOZcqPk3aFw0x +MzA3MjUwNzU2MzRaMCECEHnO6MkqXppE7SgxdqyjMmcXDTEzMDcyNTA3NTgzOFow +IQIQIjCfmX8b17sRt7dBuWleCRcNMTMwNzI1MTU1ODM4WjAiAhEA5cQDhTVizCMT +4D83dAm0mBcNMTMwNzI1MTYyNTIxWjAiAhEAgVm+Za99I2+jl/BoLr/tehcNMTMw +NzI1MTY1MTA5WjAhAhAiRe5BpG/Wj7bE3JKrU2XmFw0xMzA3MjUxNzIxMzhaMCIC +EQDEcoCQg7AZghr2jjv/4mhWFw0xMzA3MjUyMDA5MTlaMCICEQCk3RSqDmGyFPNY +4O6V4WSyFw0xMzA3MjUyMDMzMjVaMCECEHO5A9nXqyp6/0u3lKB/07EXDTEzMDcy +NjAxMzgxOVowIQIQFvHig/QUbPkm9CiojInImhcNMTMwNzI2MDIxMzA3WjAiAhEA +ufaIJ69doB9kI6VIH3XktxcNMTMwNzI2MDQzNjQyWjAiAhEA7OHa29zo8VnK2jkg +BRB6gRcNMTMwNzI2MTMxMTA4WjAiAhEAsbQ96NH/Om/iK84WobpVbRcNMTMwNzI2 +MTMyNDM5WjAhAhBhvpHaP3sf9gwwI5q6s3Z6Fw0xMzA3MjYxMzI5MzlaMCECEARG +lDiGCow+jFGG0a57ccsXDTEzMDcyNjE0MDMxMFowIgIRAIL2+XA8VcAd2CENjVrI +u7YXDTEzMDcyNjE0MjExNVowIQIQU8cMmxn9WcPLw7hZHYVTPRcNMTMwNzI2MTQz +NTA3WjAiAhEAjfPoBUI30XcNjz3L+FkvMRcNMTMwNzI2MTUwMjI3WjAhAhBs5gQd +SUBnHUu54XMGjHTsFw0xMzA3MjYxNjMyNDNaMCICEQDKDTIXciMgJ1jky6udPW+n +Fw0xMzA3MjYxNjQ5NDBaMCICEQCZ/5sBevr0mOz/lPuWKWUtFw0xMzA3MjYxOTUw +MzZaMCICEQCZhaVJL/FwAHJWQKo6YKbSFw0xMzA3MjYxOTU1NDNaMCICEQCdaS8O +FGeripB73Ucuni+MFw0xMzA3MjYyMDU2MTVaMCACD3O9T5lH8wt6KGUV0rJughcN +MTMwNzI2MjA1NzMxWjAhAhBweC5MHOXTSTb98OSXpq2tFw0xMzA3MjYyMTA4MTBa +MCECECs7xt9OBaJ62TT8folwhA4XDTEzMDcyNjIxMTMyNFowIgIRANqHdmm6DE6w +6zwb9MKjm4MXDTEzMDcyNzAwNTkyNlowIQIQAypg+Mpwgn4qzBv70bvNXhcNMTMw +NzI4MDIxMzA3WjAiAhEA4YSThxyVrn8+dyhR45p24RcNMTMwNzI4MDIxMzA3WjAi +AhEAiwI9FijpyyZuugDIjvq77xcNMTMwNzI4MTQyOTQyWjAiAhEA7ED14akq7RYC +3JlRVR5eJRcNMTMwNzI5MDgxMzIzWjAhAhBFAbI1kfCkQv8hOAOteuHMFw0xMzA3 +MjkwODQzMTdaMCICEQChQZu0AcoIoX1CVpuUAg8eFw0xMzA3MjkwOTI0MzJaMCEC +EGARQjoaJtOsiqJL04sl9e8XDTEzMDcyOTExNTcwN1owIgIRALZ9CigonDcOmpMb +PiDa8hgXDTEzMDcyOTEyNTcyNFowIgIRAJJXlauLjAshv8vLZ0ocAq4XDTEzMDcy +OTEzMjE1N1owIgIRAP3DKy9HD75BVCBZgfMePiYXDTEzMDcyOTE2MTQyOFowIQIQ +ei7CskWdMIMFvZdoFPEmWBcNMTMwNzI5MTYxNTQzWjAhAhB6JX+SsnNK4hJV2XDb +CbfAFw0xMzA3MjkxNjE5MjdaMCECEBgB3Erfr+PghZdkxq8p1e4XDTEzMDcyOTE2 +MjAwOVowIQIQa+aKEZQKUax2zjKBFTDP0BcNMTMwNzI5MTY0NjE5WjAiAhEA2Ouu +AuRsCmDMfFNRis1LbRcNMTMwNzI5MTcwMjA1WjAgAg9GuuaJ75/0ViTYTOtJSKAX +DTEzMDcyOTE3MzcyNVowIgIRAM79CP6ssJW1oE26i1YwmdYXDTEzMDcyOTE4MDQx +MlowIQIQbfLRfYm64/TmU2kInm5iIRcNMTMwNzI5MTgxNTM4WjAiAhEAt1ynyuET +Ihnh6Ij0RWo9uBcNMTMwNzI5MTkwMDQ2WjAhAhBP2dmtv/18/pciJMfSrfrdFw0x +MzA3MjkxOTQ2NDhaMCICEQC7GVaEXVgQkERFdRRSlpGOFw0xMzA3MzAwMjEzMDZa +MCECEDw19bM5hXBDFHM1gbkbtskXDTEzMDczMDA2MTEzN1owIQIQKQx2Hjk9+nCI +a7LJQGYX9RcNMTMwNzMwMTAxODQzWjAiAhEA146KcLj9z3xLy/IX9X2OWBcNMTMw +NzMwMTEzODQ3WjAhAhB3req1+ayaOO1m375KeAhnFw0xMzA3MzAxMTUxNDRaMCEC +EA5SPNvaM+VSHKaSXlWlBPsXDTEzMDczMDE1MTQzNVowIQIQfKOHWRGB6FQOtw9X +jkMQ9RcNMTMwNzMwMTY1MjI1WjAiAhEA14YPHuvQK15S1d0aihxG9RcNMTMwNzMw +MTcwMDE3WjAiAhEAnYOgOz70gNvqUl/r0MCeIhcNMTMwNzMwMTcxNjE1WjAhAhBC +zayvANTDBoUCXTtVaCemFw0xMzA3MzAxOTExMzhaMCECEBX+lj8ibdv73wnXFudo +PzAXDTEzMDczMDE5MTIwN1owIQIQQT6g8YzUq148mCMxcS+JixcNMTMwNzMwMjAz +NjQ5WjAiAhEAhyLaJ1zN3JbBXzXaZf+4mxcNMTMwNzMwMjAzNjUxWjAiAhEApK64 +CO3BNZeRQMTWEcSpphcNMTMwNzMwMjAzNjUzWjAiAhEA4yFuYNfdXnLbCMBtizRM +FxcNMTMwNzMwMjAzNjU1WjAhAhBneZbZcfilT/pygZWAaf7CFw0xMzA3MzAyMTAz +NDdaMCECEB2DK7YzO3HM3gK1keRDgeoXDTEzMDczMDIyMzQyMlowIgIRAPNrfP3M +n8qDScgt72pIYRYXDTEzMDczMDIzMjA0NlowIQIQNJmyNlEvtT1fFU8dUHUPrxcN +MTMwNzMxMDgxMDIzWjAhAhAzkkFv5CbJ0+O5f1S0yZP0Fw0xMzA3MzEwOTM2NDRa +MCECED/Y2/Bzhc9gd9A/PRwFDwcXDTEzMDczMTExMjYwNVowIQIQN34uHtzS6Ak8 +j36CYezhRhcNMTMwNzMxMTE1NjEyWjAiAhEAzVMBASIJFYaRP6QrvSF/vRcNMTMw +NzMxMTMwMTU2WjAhAhBwTBn7VtMlfPj2w7KrOI0uFw0xMzA3MzExNDE0MjRaMCIC +EQCs1pJDcRA+Bro9OW/JdnjbFw0xMzA3MzExNDM1MDdaMCICEQCDK7TAnMcqgWOI +xzc25XSbFw0xMzA3MzExNDM4MzlaMCECEBZF/+WxF1cwJevw0NsK8/EXDTEzMDcz +MTE1NTIwNlowIgIRAMsO+Nl7Zyn/WPyf9HQ5qhYXDTEzMDczMTE4MTM0NFowIgIR +AOBC+gFUtNJ0lMCDHlvt43UXDTEzMDczMTE5MDIwM1owIQIQTzBHQ8wR7HxrAZLo +lPS4OBcNMTMwNzMxMTkxMzM4WjAhAhAjLZQ8brXzkZG0Aoio41GGFw0xMzA3MzEy +MDQxMDlaMCECEAeIEMdRFG9Ft3JKjT1roDcXDTEzMDczMTIwNDczNFowIgIRANEd +gMk3FGmZJqF/GmOaPQIXDTEzMDczMTIwNDkyMFowIgIRAJb2WrxiF+tNaotnkptJ +GlMXDTEzMDczMTIwNTM1M1owIgIRAI64uygGzj0GnF3YJYwHKG8XDTEzMDczMTIz +NTIwN1owIQIQDHGdDKw+sS3E7VJN7mrGCBcNMTMwNzMxMjM1MjE5WjAiAhEAvJcE +MDRHft8cBvMSvPBMfxcNMTMwNzMxMjM1MjI1WjAhAhBLQK2bYAupF5nf9M+ZRmKS +Fw0xMzA3MzEyMzUyMzRaMCICEQCZW08tatxMCr7vTPGhlHWAFw0xMzA3MzEyMzUy +NDNaMCECEDoLpZ1c0KD36/UOUiLoMIoXDTEzMDczMTIzNTI1MFowIQIQIKoqsJxr +plD3rsph5S+ZgxcNMTMwODAxMDAzNDIyWjAhAhA2tyNIH8u7FmJ7hKRsSEVkFw0x +MzA4MDEwMDM0MzBaMCECEB4tz1UmxN5FRjltXBvWtFsXDTEzMDgwMTAwMzQzOFow +IgIRAMr1QS44gsXonVuTZuwtRF4XDTEzMDgwMTAwMzQ0OVowIgIRAIw5eHj6QpI+ +rwvj+3GvnXUXDTEzMDgwMTA3NDQyNlowIgIRAPLURO+Q/w9CFblk+bTvLBMXDTEz +MDgwMTExMzQwOFowIgIRANGm78+MVyVyckouH21mLX0XDTEzMDgwMTExNTkzMlow +IgIRAJtKpEZU5fgUVjzdhnwv5LIXDTEzMDgwMTEzMTU1NVowIgIRAJtktW4iQ8x8 +GLgbBvWQ9NEXDTEzMDgwMTE0Mzg0NVowIQIQeP4gWxOatov4jf+nBX0aChcNMTMw +ODAxMTQ0NzE2WjAhAhAE6XZJgREYpag99H6/0ucxFw0xMzA4MDExNTAzNDRaMCIC +EQCssuCPErSMSRXO94DpRqRHFw0xMzA4MDExNjI3MzFaMCECEAJLcGi7rv2GCdac +YQu6Y5MXDTEzMDgwMTE3MjYwMVowIQIQVPuT7aKdz/fQ9nhakJFqORcNMTMwODAy +MTA1NTE5WjAiAhEAgEOZgR1nGUyyQmfIwU9D+BcNMTMwODAyMTEzMjM3WjAhAhBA +XIVNn3/cvMacsm6W93DbFw0xMzA4MDIxMjI1NDlaMCICEQCxx6MIQnOVuXVLufBY +m0MpFw0xMzA4MDIxMzExMzNaMCICEQD3ptaIrMdu7hr2PHXTj0XcFw0xMzA4MDIx +MzM4MzRaMCICEQCxaNrC3qouUV6MGkaubZ9BFw0xMzA4MDIxMzQ4MjhaMCECEF9L +Ic9G4bjizVM38wh1MRcXDTEzMDgwMjE0MzQ1MVowIQIQDTiQe8WQsPTDeYNL1qrO +BxcNMTMwODAyMTQzNjQyWjAhAhAgiky1NHR71NBmq7Qi7bmJFw0xMzA4MDIxNDQ3 +MTNaMCECEHtMfHT5L0h9UChHi6oD4UUXDTEzMDgwMjE1NDYwOVowIgIRAKnVbXAd ++fsXv0cRiGWIJrkXDTEzMDgwMjE4MDUyMlowIQIQCY3IjkocG8wv4Tsp0HVfJxcN +MTMwODAyMTgyNDI5WjAiAhEA6S7FJ8I+V6qx4evNi3KmEBcNMTMwODAyMjAxODM4 +WjAiAhEAmDkgROLN5fOTSa6v05idVBcNMTMwODAyMjAxODUzWjAhAhBO7BzzjGhM +PwxgN9xRAtWYFw0xMzA4MDIyMDE5MDFaMCECEBIWeV2FRhufLo7XXl2svCwXDTEz +MDgwMjIwMzcyOVowIQIQdHj5qfGgLsdQAAQMo7vTcBcNMTMwODAyMjIxMzQ0WjAi +AhEA+AASmZNuHLKLu3Zy1s8I4BcNMTMwODAyMjIxNDM5WjAhAhB3OnTPgCK+CH2n +aFITMlK8Fw0xMzA4MDIyMzAzMjhaMCICEQD7wBks4WSp2XJlEvxoQfxDFw0xMzA4 +MDMyMTA0NTdaMCECED+L/I+NvwJTuvh8rC+x0QYXDTEzMDgwNTAzMTEyMFowIgIR +AL3aOtCBfHR59A+YuA+D4f4XDTEzMDgwNTA5NTAyMVowIQIQEfsPTOuX4ZL9b67b +Vxo3rBcNMTMwODA1MTEwMDU4WjAhAhB4SofSy3bbibo72J0eoz98Fw0xMzA4MDUx +MzIzNTBaMCECEANBRErOdQIVxhVOtywUwTYXDTEzMDgwNTEzMjkwMFowIQIQTFiz +1+evX4duEqXI3hoW4xcNMTMwODA1MTMyOTUzWjAhAhBe6XMusSmRdVLXpq2K71he +Fw0xMzA4MDUxNDIwNDJaMCECEFeEEN0QhUxhhEeo/PhXGxkXDTEzMDgwNTE2MDc0 +M1owIQIQVNj2KDnrzXE0o1XyfMkiaxcNMTMwODA1MTcwODQxWjAhAhAk3nHxtbff +94H7PbLS1OH4Fw0xMzA4MDUxODA2NDlaMCICEQCi34gkyG8SnscQp/uc4qsMFw0x +MzA4MDUxOTE2MTJaMCICEQDW4XpDix5fH0DJ7yVmcc08Fw0xMzA4MDYwMjI4NTha +MCECED7kUPNvpE2qh38xmTbXwPoXDTEzMDgwNjA3NTExM1owIQIQE1FZ4eRyYE2k +MbJF/gs+DhcNMTMwODA2MTIyNTE3WjAiAhEAtC96H9hBZwDlD31mq8sUHhcNMTMw +ODA2MTUxMDE2WjAiAhEA7uGYvueiyVqoXen9RNO5xhcNMTMwODA2MTUxMzQ1WjAi +AhEA1bxx0//a1cvx+050jdOfGhcNMTMwODA2MTYwMzQxWjAiAhEAz0MU2KqKYh4D ++HPV7rURKRcNMTMwODA2MTYyNTA1WjAiAhEAu6V/lMCUUb6dr2/piy6aiRcNMTMw +ODA2MTgwMzAyWjAhAhAeP8a2H1brEddvWdTtXDVFFw0xMzA4MDcwOTEzNTBaMCIC +EQCAWi1cXEHeAxF8Y8NOAzFwFw0xMzA4MDcxNTAzNDRaMCICEQDx+1hpbHNy8MAk +gms3AxV/Fw0xMzA4MDcxNTE2NTdaMCECEHZR0+M7BCm+xbiz21mMdLkXDTEzMDgw +NzE2NTg0NFowIQIQDSik7X+mCgzKyyVTj1kDnBcNMTMwODA3MTgyNDUzWjAiAhEA +icj55vvq1QGHv0D7vNzx4RcNMTMwODA3MTg1NTQ3WjAhAhBM/QXAGirrMGoF8Lxq +XcH6Fw0xMzA4MDcxOTAwNDNaMCICEQC+J9DGKdU/VEg6atQ5uFE0Fw0xMzA4MDcx +OTAzMTFaMCECEBobxQo4aI0NnkjWbCnQbM0XDTEzMDgwNzE5MDYwOVowIQIQJ9KJ +0ZxdgDuNOo+PYywOcxcNMTMwODA3MTk0MDMxWjAhAhAmlxVh4+inocrPXHFC/ple +Fw0xMzA4MDcxOTUxMjBaMCICEQCab0vLHaYzP9JXBT8Iy0O3Fw0xMzA4MDgwNTQz +MDRaMCECEGWaZlaVRVYZgm35BOtQMDUXDTEzMDgwODEwNTcwNFowIgIRAPrSMHBi +7WqVEXOmtu+KSX8XDTEzMDgwODE2MDc0MVowIQIQeVRISlzqZhjo8kLx7ssZVhcN +MTMwODA4MTcyMjU1WjAhAhAgHi0DLtdEFupgKZr8VuR6Fw0xMzA4MDgxODE0MDJa +MCICEQDJSLGvrviJlYoEBHNXmt3XFw0xMzA4MDgxODE2NDRaMCICEQD20yhcGcJp +s5TTCrb1+TYZFw0xMzA4MDgxODUzMDVaMCECEANLGDVaRgbpLBvZVzs0jtsXDTEz +MDgwODE5NDAwNlowIgIRAMmdjJ6WBoeSeBoY94nsyiEXDTEzMDgwODE5NDQyNFow +IgIRAJa5yAoXR/wNtICupr73QMEXDTEzMDgwODIwMzQyMVowIgIRANrnDFGJc6Xq +5O7AruB2Xw0XDTEzMDgwODIxNDMwNFowIgIRANTus7Y3Rym9GKDgjrxckIkXDTEz +MDgwOTA5NTgzNFowIQIQScnxVria9+7AdBH4nwaiCxcNMTMwODA5MTMxMTIxWjAi +AhEAtJicv7osMEhmk3TmZYCLIxcNMTMwODA5MTMyNjQ1WjAhAhAnlmHr/8Y3dqrU +Ytsmm6QMFw0xMzA4MDkxNTAyNDBaMCECEAEmI2xfuhCFTMlLzltrrF8XDTEzMDgw +OTE1NDIwNVowIgIRAMKdv/vPZXC44lZgBdPQbNgXDTEzMDgwOTE2MzkwOVowIgIR +AL4pXTlk1JPwkWE4BX92QycXDTEzMDgwOTE3NTU1N1owIQIQVtLwwhFMYQ8LmaYi +mkxy3xcNMTMwODA5MTgwMjQ5WjAiAhEAkc8WrUejzbt7Lx+5GMocORcNMTMwODA5 +MTgwNTQ2WjAhAhAHTBXv86jDVCC+4FMkL0eNFw0xMzA4MDkxODM0MTRaMCECEGeG +DliSOL/HxXEhGhA13xEXDTEzMDgwOTE4NDYxOVowIQIQOHPkcZJ59lxWU7XyryPJ +0RcNMTMwODA5MTg1NTU0WjAhAhBRZ/L6v7Kk0SUlZXbfMXhaFw0xMzA4MDkxOTQ4 +MjhaMCICEQCvu25OhUlnEdbg+U2ROt1cFw0xMzA4MDkyMDAwNDRaMCICEQC0kGjr +evH1C78F2uKHMDWxFw0xMzA4MDkyMTExMTBaMCECEB+EbCYriSD0hk44kadGAvAX +DTEzMDgxMDE5Mzg1MVowIQIQAK4HZEACROgnlf6FG7rTchcNMTMwODExMDIxMzEx +WjAhAhADZOWj76K6BVIIRx/x7Eu0Fw0xMzA4MTEwMjEzMTJaMCECEHqRJmSB1WLv +7QoI2tPpA0MXDTEzMDgxMTAyMTMxMlowIgIRAPe/lcg0Z+Tfwemnh20hYf4XDTEz +MDgxMTE5NTAyMlowIQIQXBrqZn/E06bPpGinznsceRcNMTMwODExMjIzODU1WjAi +AhEApXSTNmyP3fneP0Zbqh7CQRcNMTMwODEyMDQ0NTE2WjAhAhAncKbiQI05K2eQ +FGT/9Xm8Fw0xMzA4MTIwNjQzNTFaMCICEQC8clTc02FSI1v6d/5L++VCFw0xMzA4 +MTIxMjUyNThaMCICEQDsHggaF180AE+DxFsZgcE+Fw0xMzA4MTIxMzI4MzVaMCIC +EQDc7rOsh73Ds/K07O+WNlzPFw0xMzA4MTIxNDAyMThaMCICEQCy1kcaS9JJzvSP +goldUkWkFw0xMzA4MTIxNDE0MDRaMCICEQCkBF9URELcCEmxc7i97NFeFw0xMzA4 +MTIxNzA1MzNaMCICEQCvTHcZ3rtirfhcjLcFQfj9Fw0xMzA4MTIxNzM2MDBaMCEC +EHJFk4tCivFW9hoWJNkUu5MXDTEzMDgxMjE3NDA1MlowIgIRAKc19BNyiz2ervpo +8PlHSPQXDTEzMDgxMjE5MTcyMFowIgIRAPXXXMcJ6Svv7noHDe/n9W0XDTEzMDgx +MjE5MjYxMVowIQIQVQ11NfNYvmSZZnsondaFPxcNMTMwODEyMTkyNzU0WjAiAhEA +0XgMt2qklmuYaKRrxTKP/hcNMTMwODEyMTkyODI1WjAhAhBnWeh+5qz+oTMGyWzA +/8rPFw0xMzA4MTIxOTI4NTJaMCICEQCvr/yLrEMMphKQpMXjDrI9Fw0xMzA4MTMw +MjEzMDlaMCECEFdIkDapNs6JzHmdZgqwCOwXDTEzMDgxMzE1MTQxOFowIQIQB2PD +QLssB26cRryOdibRbRcNMTMwODEzMTUyNDQxWjAiAhEAieG/SFzU5DiNcoW0yq2D +UxcNMTMwODEzMTUzMDUxWjAiAhEAr4dX+qWaX7df9dhmR97y8RcNMTMwODEzMTU0 +NzAxWjAhAhA3kuA6zUTbjs8+eZDn9sTnFw0xMzA4MTMxODI0MjRaMCECEAJGBafO +gh++3tO6RyqtZ6sXDTEzMDgxMzE4MjU0NVowIQIQH11XSYKxkTPIz8TU/rlHqBcN +MTMwODEzMTkyNTM5WjAhAhAyhMqqeuaPk+IT/YDMb+rMFw0xMzA4MTMxOTMzNTRa +MCECEFCacrtGTRuGN3aLvUmclk0XDTEzMDgxMzIzNDgwN1owIQIQLB4lKKgPcGX+ +IoXQm5bpRxcNMTMwODE0MDQyNzE1WjAiAhEAl/91LZKc9lvPeHtnhyajFxcNMTMw +ODE0MDc1NTA1WjAhAhAF8cBFWhRfZ33F1vSC2E11Fw0xMzA4MTQwNzU1MTRaMCEC +ECSg1M4qQVflXbFKGlbf+ogXDTEzMDgxNDA3NTUyNFowIgIRAKvzq+MMbs1+r2G9 +dHF6QzMXDTEzMDgxNDA5MDkxMFowIgIRAJBc5zdc0HNfwPI3O5qW8SgXDTEzMDgx +NDEyMzE1OFowIQIQSrWafvQ0pkVfvmQePGQnoRcNMTMwODE0MTMwMjQ3WjAiAhEA +/ZCwq5ePFMAfdNpeItu/RxcNMTMwODE0MTY1MzQyWjAhAhBD9pZt/Qe/4ibLYMgO +yu89Fw0xMzA4MTQxNzI1NDhaMCICEQDjZm0UE6htj+ySAoEG0VzUFw0xMzA4MTQx +OTM4MjlaMCECEHzjlGCIlPwjsM0ElTGasLYXDTEzMDgxNDIwMDM1NFowIQIQGJmZ +Vsne/u2irM5bn6oZ3RcNMTMwODE1MDYyNDQ0WjAhAhAsFC0qPYWXAcqZ+yWMCf1d +Fw0xMzA4MTUwODIxNTVaMCICEQDDpuoeuF2PiQs30iNyyJFiFw0xMzA4MTUxMDQx +MjNaMCECEGvReNuL9ndr/e2qWiNQ0T8XDTEzMDgxNTEzNTI1M1owIgIRAL8NIDE/ +tV5WBy1UFIwC8CIXDTEzMDgxNTE0NDgzNlowIgIRAKErcr+CBUbXFQ4W0Tc7sV4X +DTEzMDgxNTE3NDAyOVowIgIRALix1GzgU6mLZzwb5a1O2t4XDTEzMDgxNTE4MjQw +MFowIQIQUp/lyb5xgE8MnbZFmOdWxhcNMTMwODE1MTkxMDEwWjAhAhBxkr0Lyoix +d16cFoMzo/5qFw0xMzA4MTUxOTEwMjBaMCECEB3Gb3/TybQ7+R+dBcWyLSAXDTEz +MDgxNTE5MTk1N1owIQIQXCLAMTGFCe6sSicpLMxHYhcNMTMwODE1MjAzMDQ4WjAh +AhBmpqzsykRml4KjrGYcmQMFFw0xMzA4MTYwODQwMDVaMCICEQC7Mjziy72ESheM +o7sSNgKXFw0xMzA4MTYwODUwMTNaMCECEHtPCQqJo9CnHG0/GHtAVEYXDTEzMDgx +NjEzMDUwMFowIgIRAPJU9Q2jlApmmyIM9P4OUrQXDTEzMDgxNjE1MTgzNVowIgIR +AMPx7XAHmS0Bpd8kP9Is+kcXDTEzMDgxNjE3MTIwN1owIgIRAJ7kiywEwuufWQm0 +vRI4734XDTEzMDgxNjIyNDcyMVowIgIRAKKMmcSi8lqNPsVvPQSW2EkXDTEzMDgx +NzAyMTMwNlowIgIRAPZIqM0xgoIyDDjwk3N/wYMXDTEzMDgxODE2MjExOVowIgIR +AJ5EoGlSjkFdfmJWPgQhNcUXDTEzMDgxOTAyNTIyOFowIQIQJKuWB2TpEKJNPsjn +pT8JCxcNMTMwODE5MDI1NjIwWjAiAhEA0rgY8ywrNBVqjDTuOsT3/xcNMTMwODE5 +MDMwOTA5WjAiAhEA0v/JYb80YKO4QvuU8goSExcNMTMwODE5MDMxOTE0WjAhAhA4 ++r36Q5YHe+jey5od6iN1Fw0xMzA4MTkwNTM2MjVaMCECEGEFh90PcYcbrlj5FI5t +VicXDTEzMDgxOTA3NDAzOFowIgIRALEFzd3HqaWYP8Gs3HAEJcMXDTEzMDgxOTEx +Mzk1OVowIgIRAMyI/R4Ttj9AiokOg5v1828XDTEzMDgxOTEzMDcyNlowIgIRAOEO +O2TBzxXF9svWZREf6uUXDTEzMDgxOTE0MTc0M1owIgIRAI4muCKqKZVlMwIP8oD5 +MB0XDTEzMDgxOTE0MTgyNlowIQIQOcx/zT6wHC6cA0om8/j3eRcNMTMwODE5MTU0 +NTU2WjAhAhAPqQDJ+z536xu/miXdCRtHFw0xMzA4MTkxODU4MDlaMCECEHFVCO8c +/s/y0z2hzDcWtMsXDTEzMDgxOTE5MjIwMlowIQIQNFlNhL3S3aTBS3sFRS6rehcN +MTMwODE5MjA1MTA2WjAhAhBYRDbALzX8mt/FenzoqCkYFw0xMzA4MjAwODI2NDZa +MCICEQCmgyUPqyEAb2H4mOISQeQbFw0xMzA4MjAxMzA5MjNaMCICEQDOWRJnlbAZ +nxA5iZIbnOqJFw0xMzA4MjAxMzQ1MjVaMCECEF+FfSFVibnbJn2KN0a0WyMXDTEz +MDgyMDE0MjUxN1owIgIRAK8xUMms+/i61Dn1hxPSR0oXDTEzMDgyMDE2NDYxM1ow +IgIRAOEGUVbh6YWLD0HistxqWnUXDTEzMDgyMDE4MzQyM1owIQIQKU6FfpLZOKDx +/8gzWL+MyxcNMTMwODIwMTkxMDIzWjAiAhEA4rHu0sHTEwASpSKOhGkjsRcNMTMw +ODIwMjA1MzA4WjAiAhEAyOemQrBCWq3FlctYKbPYFxcNMTMwODIwMjIwNTMxWjAh +AhAD7+46P0IdW6DiL3mwi0kbFw0xMzA4MjEwOTIyMjFaMCECEE//1++p5ch/xbAN +v/WfQZUXDTEzMDgyMTEwNTQyOFowIQIQXZD0Vn8eRzxCWDibjfJX0hcNMTMwODIx +MTIyODEwWjAhAhAxzgvuxBpnkdE33Cmn59jGFw0xMzA4MjExMjI4MjJaMCICEQCb +G2/Z8SEVmT3DYYTCUL5HFw0xMzA4MjExMjI4MzhaMCECECCiM51PNwZ9H0HeViy3 +qakXDTEzMDgyMTEyMjg1MFowIgIRAKCZcVyq0Ga4N0Tzl4ZzymsXDTEzMDgyMTEy +MjkwMFowIgIRAMU/LLdG51ecWd8VAygwCt4XDTEzMDgyMTEyMjkxM1owIQIQAvJR +VShTFvnqoAiUYl3NAhcNMTMwODIxMTIyOTQyWjAiAhEA86ejTvfD6UnYGl+zCpvQ +0xcNMTMwODIxMTIyOTUzWjAiAhEA+fz+SwZrR0FR0QzS3wx+thcNMTMwODIxMTIz +MDA2WjAhAhBmGTYD7wEygJaOjoDKgCyEFw0xMzA4MjExMjMwMTZaMCICEQDiO39S +xa8pTiCVxIKbcSwKFw0xMzA4MjExMjMwMjZaMCICEQDozXmKKSZu3qK6OrYJ9diR +Fw0xMzA4MjExMjMwMzVaMCECEGpLra+3EFBdMl+SY8ZaJKsXDTEzMDgyMTE1NTIx +NlowIQIQDBPjzudwKvSOJ92twyyOdBcNMTMwODIxMTkwOTIwWjAiAhEA7hsFinD0 +uWcPg2WsuKMMVxcNMTMwODIyMDIxNzU3WjAhAhB4O50cK5PJqcG7P+XunQ8WFw0x +MzA4MjIxNDA3MTBaMCICEQDUI1fwphYnmUC4hlo3R6nMFw0xMzA4MjIxNDEwMzFa +MCICEQCyOjdrFGOygrF9qAdxiFjkFw0xMzA4MjIxNTIwMjZaMCICEQDRLyPf2QNA +9wbSXFl5fMq5Fw0xMzA4MjIxNjE3MTNaMCECEBEaRExxda5Dt52jfXwl1m0XDTEz +MDgyMjE4NDAzMVowIQIQNYoLea5CDpr4OGS+flCf7hcNMTMwODIyMTg0MjM4WjAh +AhAAssHfMFvM3SJDi0Mk/cC0Fw0xMzA4MjIxODQ3NDJaMCECED+jkNw8fxAB6lck +mlWGfNcXDTEzMDgyMjE5NTcwNFowIQIQYtmwTbaC/ZpEQGhQF56ACRcNMTMwODIy +MjExMzIxWjAiAhEApsuZTBwODvcjCBZZrCxxYRcNMTMwODIzMDgyNzQwWjAiAhEA +rjF3l0K2rw54AkqDrSy8mBcNMTMwODIzMDgyNzUzWjAhAhBIzEqzlW1WM0KIIrbi +N5EmFw0xMzA4MjMxMjI1MDhaMCICEQCcvW2HBECx1kPUZ/ldHJ0fFw0xMzA4MjMx +MzQ2MzNaMCICEQCspU1Y6Notclyu8NMLshEdFw0xMzA4MjMxMzU1MTNaMCECECJQ +iyhbb1HRfp2oQ9BSrNcXDTEzMDgyMzE0MTYyM1owIQIQcD9Mq4R2XO52dm7O3M/6 +DhcNMTMwODIzMTQyNzE5WjAhAhATshuFs7bLJr5n6bZpZ+QyFw0xMzA4MjMxNDQ5 +MjJaMCECEHA7DkfBUaL5BD8RH3iNk5AXDTEzMDgyMzE1MDcyNFowIgIRANxJE1iu +6abhJGqasgH1AtUXDTEzMDgyMzE1MTQ1MFowIQIQY81iuKItrxrbnUY4nNaEBRcN +MTMwODIzMTUxOTQ3WjAhAhAXzg6DVpr23sJqKr8Wp3+WFw0xMzA4MjMxNTE5NTBa +MCECEEBIxTs+vyBfFBcuc0DYP7AXDTEzMDgyMzE2NDMzMVowIgIRANobWCm6hC+v +AXGGG9T0Y3wXDTEzMDgyMzE4MjUyNVowIgIRAN9cQIB5RSxPrwskqp79BaoXDTEz +MDgyMzE5MzQzOVowIQIQXFBpBpQnKDgXXEdnScFk4xcNMTMwODI0MDI1NTMzWjAi +AhEA53OFzcKHgQxUG+gL5xs+eBcNMTMwODI2MDIxMzA1WjAiAhEAsF9nRUkkrgHU +Q5FBt9ouhxcNMTMwODI2MDIxMzA2WjAhAhB7TZ4KgByrd2snfZ33CmF2Fw0xMzA4 +MjYxMzE5NDlaMCICEQDqVW6jwD0wn5FONjB4i9FXFw0xMzA4MjYxNDIwMjRaMCIC +EQCvgknt5o2uXBBkcD7cOQfeFw0xMzA4MjYxNTA4NDlaMCECEBvNQmT0yMZRTuuY +WjFV+jUXDTEzMDgyNjE4NTIxN1owIgIRAJogLJodb2RuKiIIj/1G5IgXDTEzMDgy +NjE4NTMxOFowIQIQViDSuP5SsLqlDOIFbx5khxcNMTMwODI2MjMxNTI2WjAiAhEA +qr3yCiAyFHNUZT1Q2sqTkRcNMTMwODI3MDExOTA1WjAhAhA6xDwn13XeBidLswLq +lNf0Fw0xMzA4MjcxMjIwMjZaMCECEE6OhB+jsMBExzLUPm5wxtQXDTEzMDgyNzEy +MjA0NFowIgIRAIidwnaiFxNFBvIGfikApGAXDTEzMDgyNzEzMTAwNFowIQIQOD3X +q0pUg71C5ZARz9eUxxcNMTMwODI3MTQ0MTIxWjAhAhBRAHD+lLEdj+4IMeUV1GSO +Fw0xMzA4MjcxNzIyNDNaMCICEQDN4NZlFc14SU1TjkUjkIb8Fw0xMzA4MjcxNzMw +MzRaMCECEGTWeWoy5LxwM5+MesjxYDgXDTEzMDgyNzE4MDgxM1owIgIRAJt2utr4 +inYtpRpk7dSlBKsXDTEzMDgyNzE4MjAyN1owIgIRAI6NQVEx0NcPTE+VvASB5QcX +DTEzMDgyNzE4MjYxOFowIQIQU2xgAgEaKIdOuLbqffrIERcNMTMwODI3MTgyNjMx +WjAhAhBpe+oW4MmaN8E5FD05+TyYFw0xMzA4MjcxODQ4NDRaMCECEEKKfHpl7wG6 +xU6TgmD+tPkXDTEzMDgyNzE5MTgwMlowIQIQG1qRUr7AR7FYxTWZED3AkhcNMTMw +ODI3MTkyNDE1WjAhAhABVBsiDk91xjksNI5JCQwMFw0xMzA4MjcxOTI0NTNaMCIC +EQC5xDLjdSqmlv9ggYzmia03Fw0xMzA4MjcxOTI4NTNaMCECEHEEBuhVZetMG8/u +8Vh/rrIXDTEzMDgyNzE5NDk1NFowIgIRAMxINhK/biKXPUJOaK+l7W0XDTEzMDgy +NzIyNTE0MFowIgIRAMsLTIT/iEJ8XTr5K7995TIXDTEzMDgyODA4NDc0MlowIgIR +ALbPwcddB3F+OCud06INJnkXDTEzMDgyODE0MTEwMFowIgIRANc9Qocj8Dd3+66T +n/z6oXcXDTEzMDgyODE0MTExNVowIQIQYeJ/nx/wmSNYCa3I21C8OxcNMTMwODI4 +MTQzNTI5WjAhAhALRaZSE5W1BUBARSPtUXFJFw0xMzA4MjgxNTQwNDVaMCICEQCx +6FEIKh4OHkOhLD47pOJ+Fw0xMzA4MjgxNjEwNTlaMCICEQC5VStWzQ0QezoyoQQu +LxjJFw0xMzA4MjgxNjExMzZaMCICEQDbeL7HKAiwZLFCTncCu/aiFw0xMzA4Mjgx +NzMyMjVaMCICEQCrJWksXlHqurSjEGsLCFRfFw0xMzA4MjgxNzQ1MDBaMCICEQCl +wsRJuzYp0n3rN4gAgewEFw0xMzA4MjgxNzQ5MzBaMCICEQC8ESEFB6oh6YPiNAcF +46pbFw0xMzA4MjgxNzQ5MzFaMCICEQCEVeXTzx7HztU+u90WcjnTFw0xMzA4Mjgx +NzUwMjdaMCECEH8PsIAQWqUQ7d3bkZI7CiIXDTEzMDgyODE3NTAyOFowIgIRALWJ +2R1EyivE5m7GOt+SRZIXDTEzMDgyODE4MjIwOFowIQIQEQIyhXV/FL974RGWbNpN +tRcNMTMwODI4MTkyOTUyWjAiAhEA4Hr2hrOBfe8ehVvHKYfUchcNMTMwODI4MjAz +NjAzWjAiAhEAo6vb/ZNyDHMf85XkfRwmahcNMTMwODI4MjIxNTA0WjAhAhBmagMS +ZKy1K8QBDQe6syXZFw0xMzA4MjkwNzExMzNaMCICEQCGnTO9AH+1YrnYCRT7KFBw +Fw0xMzA4MjkwNzI2NTZaMCECEHaa1E/Iw4dK+/T92kzBEVQXDTEzMDgyOTA5MDY0 +NlowIQIQEUElJcvQqGUpY7f6WWOUlRcNMTMwODI5MTMxNzQwWjAhAhBDVuFKlkWg +2GvPCXNiU09ZFw0xMzA4MjkxNzAwMjRaMCICEQDG2Uw4Yqs1ox42htWjsHZuFw0x +MzA4MjkxNzMxMDhaMCICEQD+AvKgh0acRwo5soIvw/i2Fw0xMzA4MjkxNzM2MDNa +MCECEGrJDRJaJNA0TNSIAPur3t8XDTEzMDgyOTE3NDI1OFowIgIRANq/dBYF1WBP +gaZo2oWi+pYXDTEzMDgyOTE4MzAzOFowIgIRAMcja++NdhL2JoktgzDA1b4XDTEz +MDgyOTIxMzQ0OVowIgIRANNtX1pGHO4w5OPnaiDYiIEXDTEzMDgyOTIxMzUxM1ow +IgIRAPH1a1oYSnbEET4APBfqRAgXDTEzMDgzMDEwNTUwMFowIQIQTKpOh8QW4cDR +OGNX2cWo9BcNMTMwODMwMTE1OTI4WjAhAhB/HKp0wcGoC6foqkh1hSy/Fw0xMzA4 +MzAxMzI3MjlaMCECEArLTc6glS1kfwDm+kpCqrAXDTEzMDgzMDEzNDcxNFowIQIQ +E6oHr2oT9Yn3+yKN7yMJ3hcNMTMwODMwMTQxMTI5WjAiAhEA4ODpZN3Hi3BedD9D +hGSrYBcNMTMwODMwMTUxMTE1WjAhAhABleyPk58awHKwoyxeKhixFw0xMzA4MzAx +NTE2MTFaMCICEQCBt49AeNUgarQt7WbReqoWFw0xMzA4MzAxNjU5MTNaMCECEFNW +V/JTA5BRO85xLeTkccIXDTEzMDgzMTAyMTMwNFowIQIQEi1tfVNIRwitt6k+JUAi +fhcNMTMwOTAxMDIxMzE5WjAhAhBKQOUpw/p6hHn/4vrbMHARFw0xMzA5MDIwOTEx +MzNaMCECEH9aD/NSHqhesVvd+DJB7eUXDTEzMDkwMjA5MTMzNFowIQIQLFRHOZVj +/v78nX4Zton3ExcNMTMwOTAyMDkxMzUzWjAiAhEAnrQuzmpTUmhB0MRpnqgrChcN +MTMwOTAyMDkxNDAxWjAiAhEA1brhSMYEQx9bLEf5qCbg8hcNMTMwOTAyMTUyMzA1 +WjAhAhBmMRwxTyH0XlCbWCY5KO1BFw0xMzA5MDIxODIxNDJaMCECEHPdxyYlfDRx +7BgnsDpRpvYXDTEzMDkwMzAxMzgzM1owIgIRAOuqSRSI2b02opURfTlz6MIXDTEz +MDkwMzA0MTAxN1owIQIQYZrb6SE8M5pgo3W4ruak5xcNMTMwOTAzMDQxMDIwWjAh +AhAxxMd2I4IrlM5VJ2F5DnjiFw0xMzA5MDMwODA3NTRaMCECEGIKAlMZZQbnnTsr +AModbu8XDTEzMDkwMzEyNDQxNFowIQIQYTjiB5zapHLzQjnp0R4U4RcNMTMwOTAz +MTMyOTI4WjAhAhBDFxznPz7ZyQZr1BsYxBPjFw0xMzA5MDMxNTE5NDZaMCECEHhl +JmDtvXmV4HUoGLMftocXDTEzMDkwMzE1NTkxM1owIgIRANi/IHRBvdZ9NnopbRSb +fLUXDTEzMDkwMzE4MjIzNlowIgIRAK8heln3QQx20gTwqxr1fzkXDTEzMDkwMzE5 +MTc0NlowIQIQGoufEnAtVYv2ZTuw3TALihcNMTMwOTAzMTkzMzI0WjAhAhAtg5cG +OIvKZsVZqocouYwdFw0xMzA5MDMxOTM0MzNaMCECEE7wLdnxlTdt9QrVtKNPAZ0X +DTEzMDkwMzE5NDA1NVowIgIRAK1rWrDGv4/AHOiKMoGD4/8XDTEzMDkwMzE5NTEz +NVowIQIQbr4TAhz2diEGPXWhQZ8aJxcNMTMwOTAzMjEyODAzWjAhAhBr3myuTsQB +qxfSPqEl1yZ7Fw0xMzA5MDMyMTI4MDlaMCECEGmDAujy0hJojJ19sZ0HsBkXDTEz +MDkwNDA0MTI0M1owIQIQXm9JbeCtQDIXwAY2wy4SPBcNMTMwOTA0MDQxMjUwWjAi +AhEAz9GqW4PPJYYrJC8xWH24ZBcNMTMwOTA0MDQxMzA1WjAiAhEAwrh/CCN9bIzM +fNeSCj1BNRcNMTMwOTA0MDQxMzEzWjAhAhBUvnFWzUCdtxvBB85nov75Fw0xMzA5 +MDQxMTQ0NDdaMCICEQDi9DdBOthCoweHN29uAm7QFw0xMzA5MDQxMzU3MDFaMCEC +EDYxAwQ80CZhK+Uplck+aPIXDTEzMDkwNDE0MDMxNVowIQIQNC9kN0fun9/HXzc9 +zXNCTxcNMTMwOTA0MTQ0NzExWjAhAhA/efiJ6/h9yl8ecqy9yp5AFw0xMzA5MDQx +NTI3NDVaMCECECITaFdwVHsb6ylWB4SuI78XDTEzMDkwNDE1NDYxOVowIQIQVgxS +Wdv/WTLTd2wgpQE3pRcNMTMwOTA0MTYxMDU3WjAhAhAm11Mn102eFEvr5pPcoDCa +Fw0xMzA5MDQxNjUxNTdaMCICEQC689fuzcDIlaMeKVIewgqGFw0xMzA5MDQxNzA4 +MjNaMCICEQD1kgTfdXGqgMkYA3MYzhbIFw0xMzA5MDQxNzQwMzNaMCICEQCRwPJ6 +O0uqFyJ9x9b3fwFeFw0xMzA5MDQxODU4MDNaMCECEBvSAh8hXO8qVsu22gKYsQ4X +DTEzMDkwNDE5MTAzMVowIQIQJE7SI6HVRXS+ENttEDafEBcNMTMwOTA0MTkxMzA3 +WjAhAhBM+2ZX7ZDdrZfmCM54kxfkFw0xMzA5MDQyMDIyMjdaMCECEFds8ngpPupL +X8e9Tkig1JcXDTEzMDkwNDIxNDgwMFowIgIRAJ4QZt3zfPwH8qbcepS63Y4XDTEz +MDkwNTExMDUwMFowIQIQHmAExrbuTHpAEdLNALBNGxcNMTMwOTA1MTEzMzEyWjAh +AhANeo00NoEuC7GEMJRCpZ5JFw0xMzA5MDUxMTM2MDZaMCICEQCZlSLSWr4EM+cj +x4o+YOGvFw0xMzA5MDUxMzMwMDlaMCICEQDJx6Uj+XDNvd/eR7nku1gTFw0xMzA5 +MDUxNDAyMDZaMCICEQCu57qjOBAhL+lpgoEnr+4/Fw0xMzA5MDUxNTIzMTRaMCIC +EQDPEHm07V5nEfgfq03NYMGEFw0xMzA5MDUxNTI0MTNaMCICEQCmIDoRX9Buee5F +CdireIA8Fw0xMzA5MDUxNTQ1MjdaMCICEQCkLDbJCBkJQMDYvq4gh1aUFw0xMzA5 +MDUxNjE2NDhaMCECEBnOS6AXzsSjuokNmKHk7YwXDTEzMDkwNTE4MzIxNlowIQIQ +C/vbaILgNueQ21t5YbxV+xcNMTMwOTA1MTg1MTAyWjAhAhB7cZMDFBxRqCwAm9Dy +qxvDFw0xMzA5MDUxOTQ4NTFaMCECEE1EjJ0A/8fM4prTF23L6FcXDTEzMDkwNTIw +MTgxM1owIgIRAP/VxZllyePfC5BAH99ZeCMXDTEzMDkwNjAyMTMwNlowIQIQQM0V +1/lYlzX6yuJuO9iJhhcNMTMwOTA2MDIxMzA2WjAiAhEAgV3uPZVMobBzqRd8LcrH +txcNMTMwOTA2MDczMDA2WjAiAhEAld3DpxxPkDC/8HnizuJGdhcNMTMwOTA2MTQ1 +NjU5WjAhAhAe/dCfrB+/Ea4d0gXbEw7LFw0xMzA5MDYxNTI4MzdaMCICEQDG6Klz +wVbuBRWXRFESvrAjFw0xMzA5MDYxNTUwNTJaMCECEG1qxMHTeyof4ukd6OSRMtcX +DTEzMDkwNjE2MjMyN1owIQIQf3y/h9y7UEebS9gPynpbgRcNMTMwOTA2MTYzMDM1 +WjAiAhEA6Bah/i9XnqlanMttiV0T8hcNMTMwOTA2MTg1MDU3WjAhAhArZd4MiY7t +nQMIjiNh5HnBFw0xMzA5MDYxODUxMzBaMCECEHwZb27hbXWSuauRh9o418YXDTEz +MDkwNjE4NTEzMFowIQIQc/C9rjTgCobipF4gRtuthRcNMTMwOTA2MTkzNTI0WjAi +AhEA9rqlBYMaab4CUqqmyileIxcNMTMwOTA2MTk1OTExWjAiAhEA+2mbm/jdHwWB +AexAWkezkxcNMTMwOTA2MTk1OTE3WjAhAhA0mPVzjJZG7XN2IZ9kwO6pFw0xMzA5 +MDYyMDA3NDNaMCECEDZ2eNTh7J5Gm0Q24yWfilgXDTEzMDkwNjIwMjMwMVowIgIR +AN8s25eDA/ZavGNIaCq36KIXDTEzMDkwNjIwMjY0M1owIQIQQMLoUa8w9FCSRyk6 +lXFNPxcNMTMwOTA2MjA0MDMzWjAhAhBsFa3q2IT8tTMAkWw9q7zpFw0xMzA5MDYy +MTIyMThaMCICEQDYNY9Btye1tN8FNr40E7wuFw0xMzA5MDYyMjMxNDFaMCICEQCl +72TIudye4MJxPBBp0sWPFw0xMzA5MDcwMjEzMDVaMCECEAlWwScn3yZTZ031gQvH +xd4XDTEzMDkwNzAyMTMwNVowIQIQKbsJzYvx69VAOXavwYA1LBcNMTMwOTA3MjE0 +MTMxWjAiAhEA6YQHfG2UIaNmhi1cuLoU8BcNMTMwOTA3MjE0MTM5WjAhAhBgUpYF +fE8ppyXv8Q7bGlb6Fw0xMzA5MDcyMjIwMzZaMCICEQDlsrBCC21SPKzHnA41ZqI+ +Fw0xMzA5MDgwMjEzMTFaMCICEQC47fhPjOFSUWZINUpsqWGBFw0xMzA5MDgwMjEz +MTFaMCECEFXUc1yHoGHJEm6SvOkfT+AXDTEzMDkwOTAyMTMwNFowIgIRAIH5QDZk +z9TOcfCWdQMtaisXDTEzMDkwOTA5MTc1NlowIQIQJnLXIVi5TFSMzLgZFyn8ChcN +MTMwOTA5MDkxODMwWjAiAhEAz2W2qnzt4eT9lPcgmpXLMxcNMTMwOTA5MTA1NTAy +WjAiAhEAngMTG77j9YfxIDtHVV15xRcNMTMwOTA5MTEzMDQ5WjAhAhAaG7DcUs8a +kHKJdvZosSCxFw0xMzA5MDkxMTQ0MTNaMCICEQDHF5XtJOHrDXgziJHeuN+kFw0x +MzA5MDkxMjI4NDhaMCICEQC6OakEkd4KrSLNYRy01MplFw0xMzA5MDkxMjI4NTZa +MCICEQDmSkJ+0E/4m0EHPj8bR1fYFw0xMzA5MDkxMzM2MjRaMCECEE5Kmn+dax/q +wma1/i1OV3AXDTEzMDkwOTEzMzY1MVowIQIQGZRgG6RimgGrHNkRFgM7GxcNMTMw +OTA5MTMzNzI1WjAhAhAH5/Vp1J7AzicBIQVlaoTQFw0xMzA5MDkxMzM3NDBaMCEC +EDCarVfQe5/jTrKikpa3MdMXDTEzMDkwOTEzMzc1NlowIQIQAeXyc2B8vQpEeIJg +yQhTeBcNMTMwOTA5MTM0OTE4WjAhAhBaK0FJ8f6i8k3jizatBXjfFw0xMzA5MDkx +NDMwMzFaMCECEG9SyPcqQzOPR4X94zal2Y8XDTEzMDkwOTE2MDAyMVowIgIRALpN ++18h8EQGf8Qgn/aJDg4XDTEzMDkwOTE2MDAzMVowIgIRAMPQ4cMGNic9vSHRmZKK +lzEXDTEzMDkwOTE2MDI0NVowIQIQPGz8mwalPoKctVUkr7XqPxcNMTMwOTA5MTYx +MzA3WjAiAhEA47sHrPvrITzd5ndbvB4DthcNMTMwOTA5MTYxMzIzWjAiAhEA2Zwf +tgh4806EFDThRtsIfxcNMTMwOTA5MTcxODE5WjAhAhANMB3C6UEbRJYLjFaOGbap +Fw0xMzA5MDkxNzQ0NTBaMCECEEH0U0fsoHLAMKmxFtLjEaIXDTEzMDkwOTE3NDkw +M1owIQIQGYglngkc7ZJufmhCyK3l3BcNMTMwOTA5MTgwNTU0WjAiAhEApXPeb746 +EJ6vCUAqyXhgWhcNMTMwOTA5MTgxNDQ0WjAhAhABzEPYpAU6w9co28/LkJ52Fw0x +MzA5MDkxODE5MzNaMCECEEOfzKKt9p08uLg/nRswcGgXDTEzMDkwOTE4MjAxOFow +IgIRAOLJlKjlUfJxhG3DdXhc+/wXDTEzMDkwOTE4MjIyOFowIQIQO2zljT4fLfTw +zrSxZ/12vxcNMTMwOTA5MTgzMzA0WjAiAhEA1gtolgOKSTPAeHZY+VU3PhcNMTMw +OTA5MTg0OTE0WjAhAhAUPmrhqCmzEKUgl8zPUvlbFw0xMzA5MDkxOTU3NDFaMCEC +EBKaKj1XaENCrronnTDjSRcXDTEzMDkwOTIwMDA1MVowIgIRANR0+Vh4iyAtKUX9 +SoE517QXDTEzMDkwOTIzMDUwNFowIQIQc5gG909yavJ5mQhZGw6vJBcNMTMwOTEw +MDEzNjIwWjAiAhEAu9H/q15h48cDafRU5amnARcNMTMwOTEwMDIxMzA2WjAhAhAE +HhaOmCHsqnZrRN0L+YB1Fw0xMzA5MTAwNzQyMjdaMCICEQCkK3r0wrPW6vKHQb0b +B2NDFw0xMzA5MTAxMjUyMTRaMCECEGz/yzYugzS7qJ0uzbE5sysXDTEzMDkxMDEz +MjE0NVowIgIRAJM4c4AqB42mzWBp28nrq3QXDTEzMDkxMDEzMzAyNFowIQIQClS7 +8NY3E6puFLXE1DgnmBcNMTMwOTEwMTQwNjIyWjAiAhEArouxxgcQOJpNI2wOHxD4 +CBcNMTMwOTEwMTQ1NTEwWjAhAhATBfZ8Ocew1+hr2dV94inqFw0xMzA5MTAxNTQ5 +MzVaMCECEHXid+gSMi1j1u6UsaCOn98XDTEzMDkxMDIwMDA0OVowIQIQSzQfrg3D +I8IMwyIOiQva9hcNMTMwOTEwMjA1MzI2WjAhAhAc2EesFgbpCKyw2UrW0E4DFw0x +MzA5MTEwODA4NTVaMCICEQCv4pj9zejJ1JKuJYkXOY8cFw0xMzA5MTEwODQxNDda +MCECEBWGuto9+Nd9cGcGMSSktNgXDTEzMDkxMTA4NDkyN1owIQIQSJmfUVLeZhX9 +bKOY+z1HBxcNMTMwOTExMTIwMTQ4WjAiAhEAtw+xyns/e9x575t/AnevehcNMTMw +OTExMTIyNzU5WjAhAhAWS0M6OX2PH7ZOiCcEwk6bFw0xMzA5MTExMzM0NDlaMCIC +EQCY7k83iPrYPC+xcrMGAhO7Fw0xMzA5MTExNDQwMzRaMCECEFvTLEZ7iWF4Ra+b +X/mQ+3gXDTEzMDkxMTE0NTEwN1owIgIRAPZZWdWH34/LdxbwxgGNnSgXDTEzMDkx +MTE0NTM0NlowIQIQS9NDgAgYcRZvOaqayOIF1hcNMTMwOTExMTQ1NzEyWjAiAhEA +qAtelmMxqM4dWQrC2jNo4BcNMTMwOTExMTUyMDM5WjAhAhBsDoFMVjJva7lURO5F +VI5mFw0xMzA5MTExNTUwMDlaMCECEHzlXcCPtKpxPrxRBzyDHokXDTEzMDkxMTE2 +MDU1MFowIgIRAIOXe1uklSbb6yKnHEz1kP4XDTEzMDkxMTE2MzkwOVowIQIQXHsJ +BeW8nm7vbiTRKQ3RWxcNMTMwOTExMTgyNTEyWjAiAhEAsOg+PROi4qF0G8IXfLb/ +TBcNMTMwOTExMTg0OTA5WjAhAhAm/q/pTIIRCg29pzzU6R6DFw0xMzA5MTEyMDM3 +MTlaMCICEQCbi81uKPVGruIWzwLd0l1BFw0xMzA5MTEyMTEyMTJaMCECEFvhh3+Y +/9rJ1z4WGYYGQoMXDTEzMDkxMTIxMzYxMFowIQIQLOL2HMF2Cnq6oQbsWIlPyhcN +MTMwOTExMjIzMTU1WjAhAhA+viMEqfz8Fv4XeImSQDEvFw0xMzA5MTIwNjIyNTBa +MCICEQCIGPBlBBkHIRC4Xo2Lx9OvFw0xMzA5MTIxNDA0NTRaMCICEQCaQ6urO0G8 +bTyGEaozrbk2Fw0xMzA5MTIxNDI2MjBaMCICEQCRfVPEfaVwGDwgt+5SeWfkFw0x +MzA5MTIxNTAzMzhaMCICEQDoIO3f7vfbLGM2/15qisjiFw0xMzA5MTIxNzUzNTRa +MCECEHknRm93o9Rhfr/03tRkuzgXDTEzMDkxMjE3NTQxNFowIgIRAI6Rpp63yhqg +ffn7jEmCZWAXDTEzMDkxMjE3NTU1OVowIgIRAPrE9O8TaWxxWI3t+cWxbuAXDTEz +MDkxMjE4MTEwN1owIgIRALSl1J394hCi473iBqyjodIXDTEzMDkxMjE4NDMwNlow +IgIRAPlBxQUR7EZbwQNg11ZeFrQXDTEzMDkxMjE5MDA1MVowIgIRAK5vupfk6hlF +t1QWf+2opBUXDTEzMDkxMjE5MDIwNFowIQIQHVM8jtxhCA7OKWjBkiMJ5BcNMTMw +OTEyMTkwMzU1WjAhAhAlMjF6puBHUzlVG94fHukTFw0xMzA5MTIxOTAzNThaMCIC +EQCLfVn2RvIkdTroN1rEiSkSFw0xMzA5MTIxOTE0MTVaMCECEADFFATN5gFLWh8h +NC0cyboXDTEzMDkxMjE5MTYxMlowIQIQeRBFGkZKfkH+0iom1JD6oBcNMTMwOTEy +MTk1MzIzWjAhAhBinAASzImb9lGBZ/wk97YsFw0xMzA5MTIxOTU4NTdaMCECEDWj +5Jek+vweI/WtzgJGQyAXDTEzMDkxMjE5NTkyMFowIgIRANcnQsdMkopi+8eQ+pib +o1sXDTEzMDkxMjIwMTg0M1owIQIQE0dGlzDzgI9T3dtVKJHXhBcNMTMwOTEyMjE0 +NzE1WjAhAhA/qHtIgXb6up8skweYilW+Fw0xMzA5MTMwMjEzMDZaMCICEQCoTB08 +gCNsP+Q/w8wxQUd7Fw0xMzA5MTMwNjEyNTZaMCICEQCfadZYr+Dvd6f1zYpR/wiX +Fw0xMzA5MTMwODQ4NDhaMCICEQCJW6gXw9mC75C4flWUIhV3Fw0xMzA5MTMxMzI2 +MDBaMCICEQCKo/q/dZWo5V77gxfX4ztNFw0xMzA5MTMxNDExMzlaMCICEQCBCOrK +Ohrb6HN8FN4d++TFFw0xMzA5MTMxNzEwMzBaMCECEAoX+LoVhMVTW23QcwxlRIQX +DTEzMDkxMzE3MTIzN1owIgIRALSpUZac6IIXcefYVhktU3cXDTEzMDkxMzE4MzM1 +OVowIgIRAJUw43CqxraSe+THv2vQQBkXDTEzMDkxMzE4MzQwNVowIQIQWp8WEX70 +bPyk5SjALA9NPRcNMTMwOTEzMTgzNjUwWjAiAhEA8kd2wQN0XEd6s2EwXWbxNBcN +MTMwOTEzMTk0NTMyWjAiAhEAqV5lJk9eR1Zv9fPri/2Z4BcNMTMwOTEzMTk1NTE3 +WjAiAhEAxb5DqGJBYUpusLt10tFq6hcNMTMwOTEzMjExODE5WjAiAhEAj+HL78zd +nDBhPSD+MBncTBcNMTMwOTE0MDIxMzA2WjAiAhEA/9Q9MTNjtKkA+yjE0Ah4RRcN +MTMwOTE0MTE1MTQzWjAhAhANa+c0MTW3QV9D4ywemwFGFw0xMzA5MTUxOTEzMDNa +MCICEQDLhSJiUO4QflxoLJopTL/1Fw0xMzA5MTYwNDU5MzNaMCECECXs1DtDOaR9 +bI3/U/qG3xQXDTEzMDkxNjA1MzM1MVowIQIQBgJrT8wF2/53TFPKMbyCyhcNMTMw +OTE2MDc1MTIzWjAiAhEAvL2vmPiVNWixmYgi0TNGwRcNMTMwOTE2MDc1MjI4WjAi +AhEAmOtT6LriTVirtGkwRok2uBcNMTMwOTE2MDgxNDMzWjAhAhBT3ouB3hThEenR +gaJ6wt2pFw0xMzA5MTYwODI2MzdaMCICEQD8ByXAo8T0LSILyA68pOCaFw0xMzA5 +MTYxMTE0MjlaMCICEQC59sJO2IZk7G+p5yGXWDv3Fw0xMzA5MTYxMzM3MDlaMCEC +EDp89duzr5AO6yg0dxDbtMkXDTEzMDkxNjE0NDcyMVowIQIQMzRWZaWRt+dFX4C7 +VgBbwxcNMTMwOTE2MTg1NDAxWjAiAhEAjN3oYjWVyfNq9MaNqhJXlBcNMTMwOTE2 +MTkxNDI3WjAiAhEA4w+Y6L3+3/uP21Xax1sCSBcNMTMwOTE2MTkxNTM2WjAhAhAc +Dh2Dc+7Fa/yZhFmG1UcPFw0xMzA5MTYxOTE3MDVaMCICEQCACtHaTJB4a8eUdZ/y +bwmJFw0xMzA5MTYxOTE4MDZaMCICEQCkdPLGEeBdKf3NmwN1ZTHPFw0xMzA5MTYy +MDQxMzJaMCECEDliGjE7bts11Q8VNI4VVScXDTEzMDkxNjIzMDQzNVowIgIRAOwb ++/jXE11uneesxYNnFuoXDTEzMDkxNzAyMTMwNVowIQIQcSJ6FRl3whjUJ6Q3KUVP +mxcNMTMwOTE3MDgyNTI2WjAhAhAGIUmOsD3b5ra2ppc+bE/XFw0xMzA5MTcwOTIz +NDBaMCECEGeMwQyjS6Uo/dzJFfkSRFUXDTEzMDkxNzA5MjUyMFowIQIQMWxsNB2k +X86TFMLJB4ZB1xcNMTMwOTE3MDkyODE4WjAhAhA/7kRyhQeHKfSmledscaRiFw0x +MzA5MTcwOTMxMjJaMCICEQD3ffgN6xx2vFkr2qxlrzWyFw0xMzA5MTcwOTM3MDZa +MCICEQDvxryCfDu42IZeMBqs0IzWFw0xMzA5MTcwOTM3MTNaMCECEBZsGocek9Ze +4rjPYF8ZxK4XDTEzMDkxNzEwNTA0OVowIQIQYxdbcEA6W4AWzBmL/GJwjBcNMTMw +OTE3MTI1MjUzWjAhAhAn18Njajv+Ek1IECoCodHAFw0xMzA5MTcxMjU0MTZaMCEC +EBgW8LKMZ+wOHdzRmMfdvw8XDTEzMDkxNzEzMzgzMlowIgIRAMJl81XSMo8pJaLR +t0z3ci8XDTEzMDkxNzEzNTI1NlowIQIQSiHi4VtP1kSPkjqumYHdtRcNMTMwOTE3 +MTQ0MzQwWjAhAhBzTTFRv/OaEPKRh7gVHYcMFw0xMzA5MTcxNDQ3MDlaMCICEQC1 +Yh2B0LuJEWvtjF39KiOjFw0xMzA5MTcxNjIwMDFaMCECEE+YPH6aIyDssNp14HJo +t8cXDTEzMDkxNzE4NTQxM1owIgIRALKIZ/m8nEFnYJ3t4pitdGEXDTEzMDkxNzIw +NTAzMFowIgIRAL93XDXVfGovXPCjWkpOapoXDTEzMDkxNzIyMjE0M1owIgIRALfv +jvkl4l1ZyGZEpDhqxVAXDTEzMDkxODAxMTQ1NlowIgIRAPmGDo/NK/SB66g862iK +1wYXDTEzMDkxODA2MzQwOVowIgIRANrqhBmwuxniqVgyR93Mq6YXDTEzMDkxODA3 +NDcwNVowIgIRAOY66UFjCdyVcRT1FZFHFKgXDTEzMDkxODA4MTMyNlowIgIRAJWE +Xalr76ZoBo9WqpL7r+QXDTEzMDkxODExMzczMlowIgIRAIogcpcZVwQsZi0+CVs7 +g0QXDTEzMDkxODEzNTIyNFowIQIQMa2gFFDODWq9ZhU5ZY58BhcNMTMwOTE4MTQy +MTU4WjAiAhEA5J5vED4I0X7rF37KGhQdbBcNMTMwOTE4MTUxOTM4WjAiAhEAjiOJ +n4D3kjkojn8a19yJ3xcNMTMwOTE4MTUyMDAzWjAhAhAqucLd8fSFv8JwqoNOi2uA +Fw0xMzA5MTgxNjE2NDdaMCICEQDAbSj1VbAsTGT7E6GfhhwDFw0xMzA5MTgxNjMy +NTBaMCICEQCoRSc36tliRuENCOdiEP86Fw0xMzA5MTgxNzI5MThaMCECEGEfQ4Dv +Wqb7DRGakSnuWpEXDTEzMDkxODE3MzE1M1owIgIRAPYKG04Umyuj3Owl9VVUn2IX +DTEzMDkxODE5MjIwM1owIQIQLqdRXgH7lISHAvxwgE3OCxcNMTMwOTE4MTk0NTQx +WjAiAhEAlHqNqoE8OgAl1HE0mBBRfhcNMTMwOTE4MTk0NTQ2WjAiAhEAnNGiyCFk +PQKk63ubsJtJjhcNMTMwOTE4MTk1MjA5WjAhAhAEGQxdus57v+LyR3jDgVcGFw0x +MzA5MTgxOTUzMjdaMCICEQD1epe+0HwbKbHrWk5/iDnpFw0xMzA5MTgxOTU0NTda +MCECEAtJH6buGQTbSou+KWyRq5gXDTEzMDkxODE5NTUzMlowIgIRAKFSLrEyTXQ8 +ZbOxc/VeJNIXDTEzMDkxODE5NTYzMVowIQIQQvALVVi2UqqVGF7u/XcoOhcNMTMw +OTE4MTk1NjU1WjAiAhEA4NAI2pXbc0gQhtfHVsFcxxcNMTMwOTE4MTk1ODAxWjAi +AhEAlUMsMpNdg9B3iJXdbBL1dBcNMTMwOTE4MTk1OTI1WjAhAhAnDsGg3MN9WtC6 +ri+9NfSUFw0xMzA5MTgyMDAwMjJaMCICEQCrOBzkZVCgR1nTdQsdoxZXFw0xMzA5 +MTgyMDAwNTdaMCECED8B6IoB9gfnXtRdQfTKMF4XDTEzMDkxODIwMDMwOFowIgIR +ALbL5mhPAc7oO2tw3CAH5SMXDTEzMDkxODIwMDMzNFowIgIRAPbFb0HN189SpJs1 +yWR36R0XDTEzMDkxODIwMDQwMlowIgIRAM+dKq27TzeCLfBSZ0DdFDoXDTEzMDkx +ODIwMDQzN1owIgIRAIVz0MX/vM8u3c584v07D8QXDTEzMDkxODIwMDkwMVowIgIR +AI+d08TuoRsUs9oyoD8g8okXDTEzMDkxODIwMDkzMlowIQIQPtfMASl7zxiYe4sc +ErwLfBcNMTMwOTE4MjAxMDEzWjAhAhBNUHILXM5EJLV+ZSuZfr/AFw0xMzA5MTgy +MDEwNTBaMCECEHypNr8YCnOlz8V9nJYMoWsXDTEzMDkxODIwMTMzMFowIgIRAODu +son3zKu9TKMB1YsATE8XDTEzMDkxODIwMTkxNFowIgIRAPDu6/Yfnniyi0hjAgIe +qkEXDTEzMDkxODIwMjAxM1owIQIQSi60BzN5e0kh/AExsYjnnRcNMTMwOTE4MjAy +MjQ3WjAhAhBzwdo36+ezGwB/PPxVnvo/Fw0xMzA5MTgyMDQ5MjdaMCICEQCBwtoy +4RDMBw0zSWXkoSpDFw0xMzA5MTgyMDU2MjZaMCECEEuReTECQK1PZyiKwJPiK88X +DTEzMDkxODIwNTYzN1owIgIRANKQHbnSVCo2yrj/7NNRf+IXDTEzMDkxODIwNTg1 +NFowIQIQZA+Rzp3mJ7SmJkJ/RwZfMxcNMTMwOTE4MjA1OTA1WjAiAhEAr+ZnK3Y7 +m4K6YyG+bjrskhcNMTMwOTE4MjA1OTE1WjAhAhANsXobGu3fB7P0NE1Pmeh7Fw0x +MzA5MTgyMjI3NDVaMCICEQC+riupJnv93LJ5KGpeMt1aFw0xMzA5MTgyMjI4NDVa +MCICEQDwwU2mYvW9VxR0F0cv8AhbFw0xMzA5MTgyMjI4NDVaMCECEB3oHVvdFa9J +m9vDkACBDwIXDTEzMDkxODIyMjg0NVowIgIRAKFkEg33mYhoS9LvrJIL1WsXDTEz +MDkxODIyMjg0NVowIQIQFhSm6r+Np42ab+ZwQwfWThcNMTMwOTE4MjIyODQ1WjAh +AhBYCORoeF57fBZMCeXkyCmpFw0xMzA5MTgyMjI4NDZaMCECEDgsdz7fQTD6JWjg +/PCu6ncXDTEzMDkxODIyMjk0NVowIgIRAILsXljPrR886e+7bgHyXMQXDTEzMDkx +ODIyMjk0NVowIgIRAMypzWC9i5p9ybvokCJuB1kXDTEzMDkxOTExNTcxOVowIQIQ +IpRKRxXAEvcdD2hQS/qKExcNMTMwOTE5MTUxNjEyWjAhAhB1cbHeOQliPvZKa+Hk +onOxFw0xMzA5MTkxNTE2NDlaMCICEQCDt1FxgaiJYE95BEm3OGswFw0xMzA5MTkx +NTE5MDlaMCECEF1YA1R352/f0LmlSkBe8awXDTEzMDkxOTE1MzAwM1owIQIQLURA +/mRzMXrM6T+2jmZWjxcNMTMwOTE5MTUzMTI2WjAhAhBuDYdfte1Y/CYzWaOcg9my +Fw0xMzA5MTkxNzM2MDdaMCICEQDT1Y/SuR5Kpi94u8hPatR2Fw0xMzA5MTkxNzM5 +MjVaMCECEELVJQSbRUsL0pojSXgzhhsXDTEzMDkxOTE4MzMyNFowIQIQcwIP/RmB +KQH1msZjjNE15xcNMTMwOTE5MTg1ODQ4WjAiAhEAklP6gxa6f6fqdcgbx1yONxcN +MTMwOTE5MTkwMzEzWjAhAhAGP9HZ36TMJ6opUclUl9xSFw0xMzA5MTkyMDM3Mzla +MCECEDnApfmLf3o5PKb6NBfgs+kXDTEzMDkyMDAyMTMwNFowIgIRALz4uRXNRF2g +Ce3LelUcYWkXDTEzMDkyMDEyMzg0MVowIQIQSA60BzNZwVQUR/MUu7JrgRcNMTMw +OTIwMTM0MzU5WjAhAhB4FQbu/rrV54dVbEf+oSI0Fw0xMzA5MjAxNTI5NDVaMCEC +EG2HkSO2p5DfNNazfB1x7Q0XDTEzMDkyMDE1NDg1M1owIQIQeh1VcR0ydyoi2T+g +poL8BRcNMTMwOTIwMTczODA5WjAhAhANGQdQqeZaHZylmIfiCms9Fw0xMzA5MjAx +OTE1MzdaMCICEQCE6cc1/bVx9G0DWbtvsAS+Fw0xMzA5MjAxOTE3MTFaMCECEF43 +8F8mMVgPOu15NJiyt6IXDTEzMDkyMDIwMjU1M1owIQIQN4uUL7AtJIkFVKLIhD6x +BBcNMTMwOTIwMjAzMzU5WjAhAhAWzu2Q7NjcE+vo4DDYl9OmFw0xMzA5MjAyMDM2 +NDNaMCICEQDbCRYQXlm9D6tweZ0cNpbpFw0xMzA5MjAyMDM3NTZaMCICEQCAGm/a +z75dvBrqJxB900DoFw0xMzA5MjAyMDM4NDdaMCECED70tM7hhED6LSdOuLgEZX0X +DTEzMDkyMDIxMTgzNFowIgIRAMUNfG4LSzQoWuq134+7Pl8XDTEzMDkyMTAyMTMw +NlowIQIQVIuO2npG+9/3qT82Fqs3SBcNMTMwOTIxMDYwNzI0WjAhAhBKnrl5qziy +nWGAJjWhvONDFw0xMzA5MjExNDUyMDZaMCECEDpV7FpBGybRBsYrh5xV9VoXDTEz +MDkyMjA2NDgyOFowIQIQBPIWLn2Pfg09EDYonTjcuBcNMTMwOTIzMTI0NDA1WjAi +AhEA8eBS6LqY7kOE7jNoLQJ8ZRcNMTMwOTIzMTMzMDM2WjAiAhEAk43FLFiROShf +PnUYiozbEBcNMTMwOTIzMTUxOTA4WjAiAhEA8jEkMf+edzEG89069sqwLhcNMTMw +OTIzMTYxMjE4WjAiAhEAtKOfWBonX8vxIhofp7MmPRcNMTMwOTIzMTYyNzI4WjAi +AhEAwx2BmoEEO/jv2WxE6wlhJRcNMTMwOTIzMTcxMDQ2WjAiAhEAm3/WFf7hHGne +ti1dduS9qxcNMTMwOTIzMTcxNjU4WjAhAhAMvjTuNpZXYTFMTnMxWMGHFw0xMzA5 +MjMxODI4MDRaMCICEQDw+RWnMfq51+7mqJyido0+Fw0xMzA5MjMyMDMyMThaMCIC +EQCh1a8mIjICkamQ/NjTxq2iFw0xMzA5MjMyMDMyMzFaMCECEBIaYt4+aEPUMFrl +0I58vd0XDTEzMDkyMzIwMzIzOFowIQIQMA5KmT5zh2LmTt2GBMFUahcNMTMwOTIz +MjAzMjQ3WjAiAhEA4R609pQhTfbb11GxSlGypBcNMTMwOTIzMjE1NjU4WjAiAhEA +iCB1ljljh+5xcQ/hBlo9pxcNMTMwOTI0MDc1MzExWjAhAhB1BNuEHORaTFlNECJL +4xPyFw0xMzA5MjQwOTE3NDVaMCECEBS6wb2ZYv+skvIo5VccuiEXDTEzMDkyNDA5 +MTc1M1owIgIRAOuSy9YmS58JSp1OE2qXLRQXDTEzMDkyNDEzMjYxM1owIQIQfOyT +RAWUDmDYsMn26pWrnhcNMTMwOTI0MTM1MzU3WjAhAhBxGi5xoSem7XEfxwUzZZT9 +Fw0xMzA5MjQxNDIyMDlaMCECEFIt4GZ+zymEHm3Ekf0m+dwXDTEzMDkyNDE0Mjkw +MlowIgIRAKS/yGyq5C97TlxTGTk3QvkXDTEzMDkyNDE0NTAyNFowIgIRAKOqXH92 +/NZz/Ztik0Bm6i4XDTEzMDkyNDE0NTg0MlowIgIRAPxPbHlBFBYrHz5gOEqZqnYX +DTEzMDkyNDE1MDUxMVowIgIRAJ0abPcjlOUqIeCeOV6lBEoXDTEzMDkyNDE1MDU0 +MVowIQIQKEwm8InGigelDlvFl/3qShcNMTMwOTI0MTUwNjA4WjAiAhEA4Bj3VMn9 +IhSHJpme1YCDOhcNMTMwOTI0MTUwNjUzWjAiAhEA0FVzefcYFyrz8RwFsueNGRcN +MTMwOTI0MTU0NzQyWjAhAhBU3dFazPfM1o2Q+Ca+kHrnFw0xMzA5MjQxNjA0MTZa +MCECECHnmocTVh/ulJX95rw+IGIXDTEzMDkyNDE3MzIwOFowIQIQKmylnv23YyX6 +KO4DWCEdshcNMTMwOTI0MTczMjUyWjAiAhEAo0wb7h1PoAj8xDhUbB8wBhcNMTMw +OTI0MTgyODMzWjAiAhEAl7UvPKK0CEZtZygeWX7+YxcNMTMwOTI0MTgyODQ4WjAh +AhBlav2oUIED2NeyacKAaOVYFw0xMzA5MjQxODM4NTBaMCECEBJsshW3pvcJhOKm +YVIJBocXDTEzMDkyNDIwNTAxMFowIgIRAIuF0bHxWYcth82IVfqrlSYXDTEzMDky +NDIxNDgwNlowIQIQMu62LaNTDmn4+7N5tqOV9RcNMTMwOTI1MDMyNzUwWjAiAhEA +i7hW8PT+nKIeOrPpWYdQbhcNMTMwOTI1MDg1NjE5WjAiAhEAgEVI4Yxz+3lvQEgt +Yns9zBcNMTMwOTI1MTI0ODA0WjAiAhEAo+w4RpWPiimpu1fUasgM/xcNMTMwOTI1 +MTMwMjMzWjAiAhEAwl3OzdRjjjKzHmJdIh7O7xcNMTMwOTI1MTM0NzU5WjAhAhB/ +FY6jqXyBvZzkQzXcpB2oFw0xMzA5MjUxNDAxNTJaMCICEQDtsz2mderqDnrLEr/3 +z5j/Fw0xMzA5MjUxNDQyMzdaMCECECRndDP5Ut5JG+/gKiaqubIXDTEzMDkyNTE1 +MjEyMFowIgIRAJCr2IICY0g+b46M6XG0vhEXDTEzMDkyNTE1NTk1OVowIQIQMgdC +OxZarleX+oSTCW1o4RcNMTMwOTI1MTYyMzEwWjAiAhEA8lkcmUp1b4CaSXbZ25cN +5xcNMTMwOTI1MTcxNDA5WjAiAhEAsTUfFuDMW5aHcG8SlzqV8hcNMTMwOTI1MTcx +NDI3WjAhAhA4WRPruTwOXeg5MdNj7zT2Fw0xMzA5MjUxNzE0NDVaMCICEQD/P0qh +69S4qbIhZUck1QqyFw0xMzA5MjUxNzI1MjdaMCICEQCIVOk2r+lhnpkSEQCKtXjR +Fw0xMzA5MjUxOTA0MzJaMCICEQC7XvCwbSq4H6XG4AhI690UFw0xMzA5MjUxOTU1 +MDBaMCECED3+vHfDGe4aTSA2Nr2g8p0XDTEzMDkyNjEwNTI0OVowIgIRAMiCdPCT +3luoeGCL9Hfgs9UXDTEzMDkyNjExMDUyM1owIQIQDNC/9zOUCPENVtC7G+8W0hcN +MTMwOTI2MTI1MjA1WjAiAhEAhDwWc4Cr0KKLtWY/rQe7lxcNMTMwOTI2MTQzMTA1 +WjAhAhBnLnPuAL6/62XWEJEgQzoGFw0xMzA5MjYxNDMxNDFaMCECEFkiksRYFZoZ +VxxHACdl40oXDTEzMDkyNjE0NDAzMlowIgIRAIWrslGs20sHSS8sMeedW+sXDTEz +MDkyNjE0NTIzM1owIQIQabvM3ILJ2gYTcf3CiSzcnRcNMTMwOTI2MTQ1MjM3WjAi +AhEAudrYuFzvVBDF9W6gCBQDEhcNMTMwOTI2MTUwMjI4WjAiAhEA/KhJFxk4xXeg +cQ9prAVwGxcNMTMwOTI2MTUzMjIwWjAhAhBnZ5N8yH+2NQI7Sb56qHqBFw0xMzA5 +MjYxNTQxMDNaMCICEQCLrtip9f2q9prtikGPkP7+Fw0xMzA5MjYxNjMyMjRaMCIC +EQD6z/IOjTlQm4MUL0idhSrFFw0xMzA5MjYxODE3MjVaMCECEBA1B+gNrs9u8hnY +XnpKTLIXDTEzMDkyNjE5MTIyNlowIgIRAPlza9BAk87+1wMOHKNEi+MXDTEzMDky +NjE5MzkyOVowIQIQMwvc/NSh/nmQd0FSKauZCRcNMTMwOTI2MTk0MDU3WjAiAhEA +rq1JoTCVCLyImxZgQZFeVxcNMTMwOTI2MTk0MzMxWjAiAhEA364ZfDZTskvkJZmP +xy6ntBcNMTMwOTI2MTk0NDUxWjAiAhEAvycZjgpJw1nyosIoZEACeBcNMTMwOTI2 +MTk0NjAwWjAiAhEAihtathaf+I/10J2khElwuRcNMTMwOTI2MjExMDAwWjAhAhBk +DgtLmZTPcGYraSXWYg1+Fw0xMzA5MjcwNzUyMDFaMCICEQCMTs8yjSZ9fuPy0tWv +zZS7Fw0xMzA5MjcwNzUyMjBaMCICEQDwCPHEf8aMMX2rwFXW30VOFw0xMzA5Mjcw +ODMxMjNaMCICEQDcEGXoZP0emL/fSJ3aGwmWFw0xMzA5MjcwODQyNTZaMCECEFEO +9O1pP/zNR+yiOCYYTEcXDTEzMDkyNzA5NDM0NVowIQIQGgX2BQkpxjFJBJPsysZJ +eBcNMTMwOTI3MTA1MjUwWjAiAhEAibnP6sPl7mBZ+mwrBbLyTRcNMTMwOTI3MTEy +ODM0WjAiAhEAt239dMu+kNioIhtonUJhRhcNMTMwOTI3MTU1NzQzWjAiAhEA+aLV +8I3fdnP2ZIYQqrY1KRcNMTMwOTI3MTU1NzUwWjAhAhAd8iVZmgct9ixbeizRUA+L +Fw0xMzA5MjcxNjM4MjVaMCECEE8OTO4cd24CJt00FK7g4+EXDTEzMDkyNzE2NDY1 +MlowIgIRAPRB+GABVENe4eA08BCbYRsXDTEzMDkyNzE3NTUwM1owIgIRANQ0zQgd +AywnVnb+2pHOKQ8XDTEzMDkyNzE4MzkzMlowIQIQT1eQOTs1g/quuLyc3bL5RBcN +MTMwOTI3MTk0NTU0WjAiAhEAhjpDxU+7/h/MXsY0PppuchcNMTMwOTI3MjA0NjE0 +WjAhAhAg+yUOXV3A3HmxMXZAnZYjFw0xMzA5MjcyMTU0MDBaMCICEQCbxfcCu+Ed +M/vqMCCX/3T1Fw0xMzA5MjcyMTU0NTJaMCECEGToLFC9n0bFV3gTqiC5x20XDTEz +MDkyNzIxNTUyM1owIQIQQzg9v0ExnR4OaYuJnVsnlBcNMTMwOTI3MjE1NTU2WjAi +AhEAjxvZ4zZe6quUJGTLhVZRLxcNMTMwOTI3MjE1NzA1WjAiAhEA8WmNBs/qeNOp +hm6O72akRRcNMTMwOTI4MDAwMTI5WjAhAhAtpBqvR/7ddJDDPKytgsTKFw0xMzA5 +MjgwMjEzMDNaMCECEBHu8jPWrAd/wOjtDTY6yjUXDTEzMDkyODE1NTUzM1owIgIR +AKn5O1s1XxSA9uUf5B0Ta0MXDTEzMDkyODIxMjYwNlowIQIQMXWN01OkpT5wUU8X +3PbQhBcNMTMwOTI5MDIxMzA2WjAhAhBs+SiYbHYSiNdxg6dW0NLkFw0xMzA5Mjkx +NjI5MDJaMCICEQDX1+9kcYsOOM/YtBCYyWx6Fw0xMzA5MjkxNjM5MjJaMCECEDCu +Fa0200t8VmoAw0Mc8KgXDTEzMDkzMDAxNDMxMFowIgIRAPEAsxkmxrywDHhr1zfX +MsgXDTEzMDkzMDAyMTMwNFowIQIQYO1tQM2iAM1R3PQ+pV5x1RcNMTMwOTMwMDY1 +NTAzWjAiAhEA7VPIfC/+L0r0o08HqC8WdxcNMTMwOTMwMDgxNTA1WjAiAhEAoJoB +oQz+otIwWwawgWvw7RcNMTMwOTMwMDkyNTA3WjAiAhEA0FmhP5QllmdGT0cSMoS9 +bxcNMTMwOTMwMTEwNzIyWjAhAhB+QxCR0ULPcM9KGPzJT5qbFw0xMzA5MzAxNDM3 +MjZaMCECEBBz+naRlr3H/ywyTfcRkDMXDTEzMDkzMDE1NTY0N1owIgIRAKNLOo+N +Xnv5mwBfjp99elIXDTEzMDkzMDE1NTY1M1owIgIRAOX6hYSENYQqcOLX7n/f9UUX +DTEzMDkzMDE4MTc0NFowIgIRAIbgPbs+6EB05+kBIkiZ5k8XDTEzMDkzMDE4MTkx +NlowIgIRAKH/z1ohWKBJpxiBo62brfEXDTEzMDkzMDE4MjIyNlowIgIRAOCaeEtm +9FnCdJqsrjBlua4XDTEzMDkzMDE4MjIyOFowIQIQM7SNIKJulybbrWL/C0T2IBcN +MTMwOTMwMTgyMjQwWjAhAhBiVCDJPwmaWioyi0jxc6X7Fw0xMzA5MzAxODI5MTda +MCECEC89bvCPoZkTJ8UyAkFZIVYXDTEzMDkzMDE4MzAxMFowIQIQGieXWBia+BL2 +a9U/pbL6yBcNMTMwOTMwMjAwMzM4WjAhAhBUj15Om/ezhSIuT1z0robPFw0xMzA5 +MzAyMDA3MjRaMCECEDOpNsVNTrUipSWRrUYfRvoXDTEzMTAwMTE0NDk0M1owIQIQ +flR1YEIzHhLvB7sZQDj8RxcNMTMxMDAxMTQ1NjI0WjAhAhANdvrZVZR+7Q/YIaGg +CrCRFw0xMzEwMDExNTIxMzdaMCICEQDodFakTV7fWJvEvnkyYXTWFw0xMzEwMDEx +NTIyNThaMCECEDIpvGbWTeIhsvEKpF+yy5gXDTEzMTAwMTE1MjQyM1owIQIQcsVR +w3DWZtd5arnHPC83IhcNMTMxMDAxMTcxNzE0WjAhAhAbQPPbJY+3oCFOlgeXTPYA +Fw0xMzEwMDExODAzMjRaMCECEAceBejWfYEWCoin1aObVQgXDTEzMTAwMTE4MjE0 +NVowIQIQR3vHJ9rKYrOgh+rJLJi8VBcNMTMxMDAxMTkwNTIzWjAiAhEAqawJtcWe +Ff47X4vhya+9mRcNMTMxMDAxMTkwNjUzWjAiAhEAjQOR52U3zOOBJmIVOo2NlhcN +MTMxMDAxMTkxNTQyWjAhAhBfq80rJoiWfE6/UtxVZxADFw0xMzEwMDExOTE3MTRa +MCICEQCNQltr7aP+DmHwi6PKv/MtFw0xMzEwMDExOTE5MTlaMCECEB2A4QnI0GcP +cNq/TAlpvmEXDTEzMTAwMTE5MjQwOFowIQIQJr9raiXAmqt9kKwIobhUVRcNMTMx +MDAxMTkyNTQyWjAhAhA25F3MgPJUZFaY8SRmqkt9Fw0xMzEwMDExOTM2MTJaMCIC +EQDPHdavPsaneqXwM2hHAeIsFw0xMzEwMDExOTQ0NTdaMCICEQCNMZzeic4s9J0F +b8RlxwYaFw0xMzEwMDExOTQ3NTlaMCICEQDW71LOmJzvWiR06qUGEcGAFw0xMzEw +MDExOTQ4NDNaMCECEEfeImZ15Ey4Lo1+y15y6D4XDTEzMTAwMTE5NDg1N1owIgIR +AN4/PMtk+9rVR0IrfN2jBvYXDTEzMTAwMTE5NDkyOVowIQIQVLjC5WRaH6cJ/DGm +V6GKgBcNMTMxMDAxMTk1MDAwWjAgAg9U6eXC27u/MCX7A673Kh8XDTEzMTAwMTIx +MzYwMFowIQIQSSJT+gmd2Gy16VlAvDJf8xcNMTMxMDAyMDYxMjU5WjAhAhBcgJ2f +1iUdkg8LythLlRKUFw0xMzEwMDIxNDI2NDZaMCECEBZvuMXraPvr0oMXMuuUs2wX +DTEzMTAwMjE0MjY1MFowIQIQYJkh4E7eosqfAU+TaBNXjBcNMTMxMDAyMTcyNTAx +WjAhAhA/p1j5h/NOKPhSdYspsLcmFw0xMzEwMDIxODA4NDdaMCICEQCKZbSXPO3R +CRpIHrZ/wrlIFw0xMzEwMDIxODM3MjVaMCECEAXqYGvXbMxmicVws3CZDDcXDTEz +MTAwMjE5MjMwN1owIgIRANXFCI90OsR7Zxls2+Jwz7wXDTEzMTAwMjE5MzYyNlow +IgIRAI/G1pthTNBOVveHQgq+NC4XDTEzMTAwMjIyNTgyMFowIQIQCuXwRyEJK/Ja +qAE/7kF46RcNMTMxMDAzMDAwNDM1WjAiAhEA0AxEOgil8qUkEiWiexPfaBcNMTMx +MDAzMDAwNDQ0WjAiAhEAm9LzLiLmttt6GFcn8L+LURcNMTMxMDAzMDAwNDU0WjAi +AhEAx5Pj+VuPaIuvBB8vYHniZhcNMTMxMDAzMDAxMjM4WjAiAhEAz8//e4kqpd27 +hqiUIFGTlhcNMTMxMDAzMDYzNTUzWjAhAhBSqF68Nj4he3gQK77YLk+OFw0xMzEw +MDMxMjQ2MzlaMCECEFXSSAa0q0+RHbEAe60dZoUXDTEzMTAwMzEzMTgyNlowIgIR +AMjHqGnRZrU1D6+xaDT63ioXDTEzMTAwMzEzMjY0MFowIgIRANykJSN/oIl570Zo +/2Z4kdUXDTEzMTAwMzEzMjgyNVowIgIRAPVEecEFosqHp6BUzfQI5mkXDTEzMTAw +MzEzMzUxNVowIQIQTpu4AfrzuBebDXPAiUsVHhcNMTMxMDAzMTM0NjEwWjAhAhA/ +INcZwI9Td00Y3iYFa5X5Fw0xMzEwMDMxNDI1MjRaMCECEC1fWV+/aiH4+GQcoSJL +QpcXDTEzMTAwMzE0MzIxNlowIQIQH80wdmOMwa1/yZ8KDZ8cCBcNMTMxMDAzMTUx +MjE0WjAhAhACKP5DUChPYdBpq5W36rKvFw0xMzEwMDMxNTE2MjlaMCICEQDxTrzY ++PKaCmy0OmUAprZNFw0xMzEwMDMxNTM1MDJaMCECEG/CIV+QVDTbgapgke+CpiQX +DTEzMTAwMzE1NDUxNVowIgIRALJ/cgFKRPynDoT1ptMdzeUXDTEzMTAwMzE1NTU0 +M1owIQIQNWF2AuBUgAam0JWeMu7uYhcNMTMxMDAzMjAzNjAzWjAiAhEAsfGWu69e +7/aLiFZlEYo29xcNMTMxMDAzMjE0NDI1WjAiAhEAqOTVI6VklgOp60iJp4ZNahcN +MTMxMDA0MDQzODM4WjAhAhAz7rZPGYfj8A1LhWSGdzE/Fw0xMzEwMDQwNDM5MDFa +MCICEQDtxRUVX+p3nmYhvZW+7jGTFw0xMzEwMDQxMjAwNThaMCICEQCuM80hptLd ++U+4LS7RBV/VFw0xMzEwMDQxNTA0MjBaMCICEQCNfMjcHPiV6Ojzp3Sx26QEFw0x +MzEwMDQxNjI0MzVaMCECEAZL9/UdzP2QyemVoYhzl44XDTEzMTAwNDE3MzQzMlow +IQIQalfKYCe35fy2j3TDnKk5uxcNMTMxMDA0MTc0OTAzWjAhAhBaXvLY+add9Oqz +oizgtt78Fw0xMzEwMDQxNzU5MzRaMCICEQCAaq59xTohupxZNMNQ2OzpFw0xMzEw +MDQxOTEyMzJaMCECEGNbfD7Xg062AQ9yIaUbHboXDTEzMTAwNDE5MzczNlowIQIQ +M0N1II8QlwYgNp5HN6YBlBcNMTMxMDA0MjAxMzA0WjAiAhEAsEH2sB0utlAJbla+ +NbEHzRcNMTMxMDA0MjAzNDE1WjAhAhBMgX9AFfP78+GGQ5E23R0nFw0xMzEwMDQy +MDM1MzJaMCECEFIsLpFTedf4d0j2E/vPQrAXDTEzMTAwNDIwNDAwNFowIQIQYaYQ +lHBaUa3CXv60mKzPohcNMTMxMDA0MjA0NjU4WjAiAhEAmdzGDOuB93tiQRltC05O +fRcNMTMxMDA0MjA0ODU5WjAhAhB/GVmwJV+PliSupGmntiSeFw0xMzEwMDQyMDU2 +MjBaMCICEQC6yzoTrQj0AR5mjC40cnkmFw0xMzEwMDQyMTA5MDVaMCECEHgp4Lxv +c9F72MjJZjjXuHQXDTEzMTAwNDIxMDkyM1owIgIRAIH1EYeeuMqYgf3ADuofhMAX +DTEzMTAwNDIxMDkzNlowIQIQa1Bv/Y7HuuxV1gkBlcbYbBcNMTMxMDA0MjE0MzIx +WjAiAhEA7d1LKqXVwNjPhpo7q/aS7xcNMTMxMDA0MjE0NzQ2WjAhAhBHUwaIpxQk +eZSERpWTJY8SFw0xMzEwMDUwMjEzMDRaMCICEQD4SzP4+6o7fSxMSDrtRYQaFw0x +MzEwMDYyMzEyNTdaMCECECM2O/4pKEDU/s1xTgBOKWYXDTEzMTAwNzAyMTMwNVow +IQIQcvTQvj+KHYPbdjuDBBjg8hcNMTMxMDA3MDczMDE3WjAiAhEA5vgep5Gfyqvb +x/SccoL2IhcNMTMxMDA3MTQxNTIyWjAiAhEAprAE1dEhHCXd6BLrU3KNQRcNMTMx +MDA3MTQyNzE2WjAiAhEAoIpEc+jG3c6tMER4la3HHRcNMTMxMDA3MTYwMDA0WjAi +AhEA2QGvsLFfq25mrm/H5+b4kxcNMTMxMDA3MTY1NjExWjAhAhAorhdphLOzV94f +yKH8NqiGFw0xMzEwMDcxNzQ1MzJaMCICEQCuLWBQTk2d/IKGce8pEdB4Fw0xMzEw +MDcxODU1MjNaMCICEQDuorWnVZ9Dk+8bGxtQGT8cFw0xMzEwMDcyMDM4MzhaMCIC +EQCRal2FjS7DwR6PzsTF7tOlFw0xMzEwMDgwMjEzMDRaMCICEQDVmKANoQmiC3PG +7JiR5sfTFw0xMzEwMDgwMjEzMDVaMCECEG9xNrq+Q7SYv9pBO7IrWkkXDTEzMTAw +ODEzMTMyMVowIQIQBqkKnRphqh0C9/Hp1t/2vhcNMTMxMDA4MTM1MDE0WjAiAhEA +sJPRJnDZspoypmxuFoZqxRcNMTMxMDA4MTQxMTMxWjAhAhB3cp2e931+2C02Ilk4 +tAgKFw0xMzEwMDgxNTE3NDhaMCICEQCcKT2rAA37d9QVD8hB3v4sFw0xMzEwMDgx +NTUxNTRaMCECEAJIkJve2ijhH2BIFkMgT2sXDTEzMTAwODE2NDcwN1owIgIRAJ74 +en/a76GMnbwwBKJA8MwXDTEzMTAwODE2NTUyN1owIQIQZ3b//hOdro9IuR92h8nG +3xcNMTMxMDA4MTgxODU4WjAhAhBNn47/sYZwopb0klf1Ckn9Fw0xMzEwMDgxODI0 +NTlaMCICEQDIDJwAtZhN3tw1oZC4mFUlFw0xMzEwMDgxODU1NTdaMCICEQC7+buO +2oiBdsX6jKw0Xk5jFw0xMzEwMDgxOTAyMzVaMCECEGJBlza/nOaJc2HgCQynGNsX +DTEzMTAwODIwNDUwM1owIQIQd2suHAOk0WbQcbLjj9frqBcNMTMxMDA5MDkyMDI0 +WjAiAhEAr+EPGE6sxMswZHsHOg6jHBcNMTMxMDA5MDkyMDI0WjAiAhEA4ColkygT +HUrhMBm+phBTmRcNMTMxMDA5MDkyMDMzWjAhAhAvb+MEaRB+c3xyWG0dNukdFw0x +MzEwMDkwOTIwNDBaMCICEQCZM820oDybfkOtA8fDUso1Fw0xMzEwMDkwOTIwNDha +MCICEQDzQ40euewCzZsTJCWqfbweFw0xMzEwMDkwOTIwNTZaMCECEG7seLCVZhyY +VKqX7CdUgbEXDTEzMTAwOTEzMjQzMVowIQIQQZyaLFJ+LkTrh5EQ0CNTnRcNMTMx +MDA5MTQxNTA3WjAhAhBduErLlZdnA9UPJ2gwGh1GFw0xMzEwMDkxNDI2MjVaMCEC +EDO5obU7qCfbCogGwLz69/QXDTEzMTAwOTE0MjgwMVowIQIQUsS2S0KpsfVMi5xy +yBtgWRcNMTMxMDA5MTUzNTI4WjAhAhAnOI2wbXeyr9zjWjtKZL9PFw0xMzEwMDkx +ODMwMzVaMCECEH4HpDoX+oyARdHWuiwqk3wXDTEzMTAwOTE4NDIzMlowIgIRALDF +lm8jAHJzKQTQpq+NtZoXDTEzMTAwOTE5MTEwNVowIgIRAMffF/ZmJpfymDma8LuI +/3AXDTEzMTAwOTE5MTEyNFowIQIQIvONkK4/U1t4yUMLNGFFAhcNMTMxMDA5MTk1 +MTM5WjAhAhANhUPIYhO5nGFH3R+9+atOFw0xMzEwMTAxMjEwMDBaMCECEBJa2GYM +ZTDSgueCD8FjHKAXDTEzMTAxMDEzMTEwNlowIQIQAKGtKJwb18iIVASld1cIthcN +MTMxMDEwMTMyNDA4WjAhAhAVsnMGjr3jXN5Zl7djzlPDFw0xMzEwMTAxMzI0MjZa +MCECEBOcGeQd8ih06LB9F+pNl/sXDTEzMTAxMDE0MzYxMlowIgIRAJX4ShNsPgF1 +0IDFd/PgxYwXDTEzMTAxMDE2MTUxMVowIQIQWcD3rzEIpNSMgEuKA/Q8khcNMTMx +MDEwMTYyMTM5WjAhAhB0M2ZQadiRhZXAqlg7FOB1Fw0xMzEwMTAxNzAyMjVaMCEC +EC7mQJjHDblykIrQ18THM/gXDTEzMTAxMDE3MjQ1NVowIgIRAP5zDaZAEEUqqh4l +zl0mMtAXDTEzMTAxMDE3MzEwMlowIgIRAPEGXn1OfAQ0aCGlYmqvii0XDTEzMTAx +MDE3MzExOFowIQIQE+ndSSArN5kmkc88R9dA6xcNMTMxMDEwMTczMTMxWjAiAhEA +oQh9O2XA52nPNvBc2Q0AhBcNMTMxMDEwMTc0MDU2WjAiAhEA0DeCjKTEYItcQq7x +km4VhRcNMTMxMDEwMTc1NTExWjAhAhBPvbYOK/o3iCmH+SUBsdF+Fw0xMzEwMTAx +ODExNDRaMCECEAzBtvBq5/06aALtYglIfvsXDTEzMTAxMDE4Mzk0NFowIgIRALj+ +OHAa+3ycwE3HfQBaZB4XDTEzMTAxMDE5MDUzOFowIQIQWdzYW7qoLnpmM0ozbA0H +HRcNMTMxMDEwMTkwNTQyWjAhAhBTmuKwhslbvWZmaPCAZaoSFw0xMzEwMTAxOTE3 +MjdaMCECEHpJSshpMaDe+ZjcekUREh4XDTEzMTAxMDE5MjI1M1owIQIQd2Z995jK +fb7eiEPPcHcPDRcNMTMxMDEwMjAxNzQwWjAhAhBxmTUHh1ez24sm+XG7zJnGFw0x +MzEwMTEwMzEwNTdaMCECED++7607UxlHayxXl+CL3zIXDTEzMTAxMTA4MDE1Nlow +IQIQd/JOaqFJQKYgleJzXsFmXBcNMTMxMDExMTAzMjAzWjAiAhEA5ci1HOz+O4Qh +6Ya9XJnArRcNMTMxMDExMTIyMTMyWjAiAhEAzVv8/Wcv3OJpuyqDXGn2gRcNMTMx +MDExMTcyMzMyWjAiAhEAx56gYadZhS7hhPBNvhbA9hcNMTMxMDExMTgyNTAxWjAh +AhAh+aPLLHyF5d+AsAq4OPgkFw0xMzEwMTExODI1MTBaMCECEFUFvWbT17bpZC61 +4k55AaMXDTEzMTAxMTE5MjAxMVowIQIQQAjBhh+SKYAsBt9hyFYFEhcNMTMxMDEx +MTk0MzAwWjAiAhEAtfXRfnHopNjZVRM3IedPPRcNMTMxMDExMTk1NTA0WjAiAhEA +pOcaG3AVX2fYYYAxgSJexRcNMTMxMDExMjIxODE4WjAhAhBvdLW/KGh6JrPSWab7 +Lf1FFw0xMzEwMTIwMjEzMDVaMCICEQCaurVoCuP+1ESHLdm2Vd5jFw0xMzEwMTIw +MjEzMDVaMCICEQCs48svC8bxvaGXqANiGEkxFw0xMzEwMTMwMjEzMDdaMCICEQDA +lONQheeHRkBlbqkbcUcEFw0xMzEwMTQxMTIwNDdaMCECEB6woPV7t10l4Mni7lXz +fw8XDTEzMTAxNDE0MDE0OFowIgIRALo7fMFT1I7I51w7Ks8VxeUXDTEzMTAxNDE0 +MDIwNVowIQIQFmAf4N2rnJRQEL3DzzgNrhcNMTMxMDE0MTQwNjQ0WjAiAhEA84vk +FWGXoQPYg40T/ypcjRcNMTMxMDE0MTQyNDAwWjAiAhEAw6F+YcVqlnn+v0aSvM66 +EhcNMTMxMDE0MTQ1MzEzWjAhAhAHr+lNBP7mDbFcjHXQbStYFw0xMzEwMTQxNTEz +MjVaMCICEQCUMw7Aox1s9b9qjHys2f5dFw0xMzEwMTQxNTQzMzlaMCICEQDhWIKU +nGtDjznxLTkKs1LgFw0xMzEwMTQxNjIwMDFaMCICEQCY7T7tYzUge98OMP4zzGex +Fw0xMzEwMTQxNjI3MzNaMCECEDU3qcdbK8Im4OIvsXt0lS4XDTEzMTAxNDE3NDc1 +MlowIgIRAIMdaum2Hq/whwbYiKiTYG0XDTEzMTAxNDE3NTAxOFowIgIRAKv6sYg4 +TS6xiSHpoTTWLQgXDTEzMTAxNDE4MTU0NlowIQIQb96/WFfqGnD2MRdCLThc8hcN +MTMxMDE0MTk0MTI0WjAhAhBl2E3hCK+2cBQpH263gFAxFw0xMzEwMTQyMTMyMjBa +MCICEQCOW6jA0NviwZP5ySVjFNm0Fw0xMzEwMTUwMjEzMDZaMCECEFgO/lH404Yn +CSGBpAY+vk4XDTEzMTAxNTA3NDkyMFowIQIQSTPFfR4EAuLv+uifjw8GyhcNMTMx +MDE1MDc0OTM4WjAhAhBL3LimDcNXC4MNK6vSGv4hFw0xMzEwMTUwODEyMDNaMCEC +EGNSAvPaiemKS3meRj3BwNwXDTEzMTAxNTEyNTU0MlowIQIQRsD3Wv1zL7UN2HQK +PCfE2hcNMTMxMDE1MTMyNTUyWjAhAhBAJT4Lzd+0do2c4sJRYPfgFw0xMzEwMTUx +NDE1NTdaMCICEQDnAch0Oy8KRq6Cf1Oi7RcnFw0xMzEwMTUxNDE2MDJaMCICEQDM +7vcwX7hJGRSiho84k/U7Fw0xMzEwMTUxNTIwMjdaMCICEQCEyYrf/ehHsLSrUnw9 +b8LCFw0xMzEwMTUxNjA4MTdaMCICEQDF5l/Qd4gWjvr0L4sk8NkwFw0xMzEwMTUx +NzA4MTVaMCICEQC/w3PjoEPHXAziX96LYxMAFw0xMzEwMTUxNzA4MjBaMCECEBDp ++/o9A1p8omG+cLmjBwUXDTEzMTAxNTE3NDAwOFowIQIQXkO2fxRWnGq+C0ZoxgdI +cBcNMTMxMDE1MTc0MDIwWjAhAhAVT9Co3BA9OKsp9Tn3bIL8Fw0xMzEwMTUxNzQw +MzdaMCICEQC7KjCHGn0fbiI2D+77MnUlFw0xMzEwMTUxODUwNTNaMCECEAnMW15a +HWG0MPfKdP+3i30XDTEzMTAxNTE4NTEyMFowIQIQatqC5N63P3NL7saF9Kk3VhcN +MTMxMDE1MTg1MTUzWjAhAhANs2OHmBUIOtE07ipiDsIIFw0xMzEwMTUxODUyMjFa +MCECECzqOM80QY8RsrXbACsTcrkXDTEzMTAxNTE4NTI0N1owIQIQYh010exDb9km +/eMI5ea3DRcNMTMxMDE1MTk1NzAyWjAhAhBBdGIRfBL/WKWwQQW25bJAFw0xMzEw +MTUxOTU4NDhaMCICEQDNG1wJKoQYjGPxpQoZh6a4Fw0xMzEwMTUyMDUxNTdaMCEC +EAiHqoJD4jvB5B/cau6IVQ4XDTEzMTAxNTIxNDgxNFowIgIRAOWoDrYQ6lYc1Pfx +sLi/OXMXDTEzMTAxNTIyMDEyNlowIgIRAPVZDSnXJ9NberTgityBKekXDTEzMTAx +NjAwNTk1NFowIQIQFg9iaWHr0rVOO6RLoS/tghcNMTMxMDE2MDgzMzE0WjAiAhEA +r7FjJZeB8Gfr4QFk2UdSkBcNMTMxMDE2MDk1NDE0WjAhAhARm9yqOem/TKZeXOnY +FyviFw0xMzEwMTYxMDQxMTRaMCICEQCtjGgyVZUPWyTLALOKvzZMFw0xMzEwMTYx +MjA5NDhaMCICEQDzkUsBZwoaHYRqGn5CSLm4Fw0xMzEwMTYxNDIyMjhaMCECEHKs +nPdl8gt2qeDPCowiXHIXDTEzMTAxNjE1MjkwMFowIQIQBxlRFinxQD1cYt+dCnvM +URcNMTMxMDE2MTYwMTU0WjAiAhEAtZsoqxz+uRh7KxbKrmYSUxcNMTMxMDE2MTYw +MjI2WjAhAhAPWBwJRPlau5W2pLpYQswkFw0xMzEwMTYxNzE2NDFaMCICEQChR7qq +kGUjgb1kXquwk/GlFw0xMzEwMTYyMTUwNTJaMCECECpCuvTdLnaPoXx9ophSMyIX +DTEzMTAxNzA5MTEwNVowIgIRAO4O28UIr8LnPCULI2dsDhcXDTEzMTAxNzEyMzYz +OFowIgIRAOhquJAitZuoHZg8pYTg7TUXDTEzMTAxNzEyMzgwMlowIgIRAL1ppBYU +Gh9ofYIOPBlSlKQXDTEzMTAxNzEzMjAyMFowIQIQHn/uRoSkchGxWq6QWfTn9BcN +MTMxMDE3MTMzNzI0WjAiAhEAkdpvA0slllZKRohPL4e4JhcNMTMxMDE3MTMzNzM2 +WjAhAhB7Xgccu5wSBews+Bjy1n7KFw0xMzEwMTcxMzM3NDNaMCICEQDOloAizmEO +l87/5PETKYx5Fw0xMzEwMTcxNDU1NDRaMCECEFNtACzCJIEPzQyc+chWKIEXDTEz +MTAxNzE1NDQwMFowIQIQSmkRvP59ufQaxDWOTqQk6hcNMTMxMDE3MTU1MTA1WjAi +AhEAtgdJXqtvT3OX09xndzzrHxcNMTMxMDE3MTYyNjAwWjAhAhAULRPzHQIaj4gd +doXNk1DVFw0xMzEwMTcxNjI2MDRaMCECEAZK7rqr0bEslNTYnGRk2OYXDTEzMTAx +NzE2MjcxOVowIgIRAKwptaMKuHU3ZGS17oCUHpYXDTEzMTAxNzE2Mjc1NlowIgIR +AMxYGCJm0fW3M4Odye9aq3cXDTEzMTAxNzE2MjgwMFowIgIRAMfH4Kmhtmk8AJGs +KylEsXkXDTEzMTAxNzE2MzQyN1owIgIRAL2BXaB5MYZj9Xi7dABKNrMXDTEzMTAx +NzE2MzU1NVowIQIQFd5Nvkovb5mC4tAwCWc5CRcNMTMxMDE3MTcwNjIzWjAiAhEA +5eQf4+ap+BuJxJY8OFg4ZRcNMTMxMDE3MTgwODI3WjAiAhEA/5dA8mNksFMTHhsT +7dDkUhcNMTMxMDE3MTgxMTMxWjAhAhBRKl5XKn6Ikdnne8jUjDsBFw0xMzEwMTcx +ODEyMzNaMCECEDHmy8WHL4vcaXzKSaIiPV4XDTEzMTAxNzE4MTYzNlowIgIRAOdI +0nDyLF79NWhhv4DWQ+AXDTEzMTAxNzE4MTcxMlowIQIQDgoEF+if4rt8pzXYPBWW +5RcNMTMxMDE3MTgyMTE0WjAhAhBbD5Agi0ZtDTAQ1EcGv89zFw0xMzEwMTcxODIx +MjhaMCECEBVmrFt0ue82XBcv6cqralUXDTEzMTAxNzE4MjM0OFowIQIQGVm3hn9k +t11LFA5QQHjV3RcNMTMxMDE3MjA0NTU0WjAhAhBFxVFz2lRhIKmy/PZCrsJHFw0x +MzEwMTcyMDQ4MzlaMCECEFovuoMAjpcKd8g6XiYh6xEXDTEzMTAxODAyMTMwNlow +IQIQPSM3+Q27IOFabVqUSHXHJxcNMTMxMDE4MDIxMzA2WjAiAhEAhqTqPCctbVKm +WX4QzsrCeBcNMTMxMDE4MTMzMTUxWjAiAhEAs9XVgLJk9mcq8/nzdKLrVBcNMTMx +MDE4MTQyNTQzWjAhAhA9M44WZGBvsqgbmIaUQWIYFw0xMzEwMTgxNDI2MDRaMCEC +EEWUApbl5/4tzkqr4C4g1yUXDTEzMTAxODE1MzQwN1owIQIQNDJXmBHd3/ggkHP4 +yK18sxcNMTMxMDE4MTU0NzM0WjAiAhEAgNBqq19/GD8gDPZBSuICjBcNMTMxMDE4 +MTU1NDIyWjAiAhEAnvttvWc2XyFKQ+uUIpw0TBcNMTMxMDE4MTU1NDM0WjAiAhEA +rFqgSh+ojPXkLFYgFO5b6hcNMTMxMDE4MTYyODMxWjAiAhEAzHChDNMu/f2K7FhM +3gD9KRcNMTMxMDE4MTYzOTU2WjAiAhEAwrOgkzo6TssPuZQfYk6jjBcNMTMxMDE4 +MTY0MDAzWjAhAhACo7M7LUfijTqTulFFKGbTFw0xMzEwMTgxNzQ3MjJaMCICEQDv +d0d8AXVpNtmJIS7bYbyZFw0xMzEwMTgxODE5MDJaMCICEQDRKg1zi6SPYhavZL2m +WNNwFw0xMzEwMTgxODU5MTlaMCICEQD1mV9lvdbVH5IOMjkIQ66VFw0xMzEwMTgx +ODU5MjFaMCICEQDS0B2JrhcuFs9iwUrgl07IFw0xMzEwMTgxODU5MjdaMCECEDft +q1+SZreApzGhjTKkRecXDTEzMTAxODIwMTQ1OVowIQIQW0kP28BiS7/KWcPTsu6R +lxcNMTMxMDE4MjA1MTAxWjAiAhEAjvyKqrmnk/JwH5C/c3FtCBcNMTMxMDE4MjA1 +MTM0WjAiAhEA8wjT3ZUNOE4s/mnWpDQ56xcNMTMxMDE4MjExNzA3WjAiAhEAsxrF +hIxluAkTUp8y4Ua7LBcNMTMxMDIwMDExMTA1WjAiAhEAxKhE3qcAqhMu5K6ODmUb +hRcNMTMxMDIwMDIxMzExWjAhAhBbD44HTivkhHWzlcZ5gz30Fw0xMzEwMjEwMjEz +MDVaMCECEEsnu9eknHRpDSMZCkYY400XDTEzMTAyMTA5NTIwNlowIQIQdtABTQ47 +B6Gm8RftLM4gcRcNMTMxMDIxMDk1MjM2WjAiAhEA45fzGlkXGtXMdhEa2znLsBcN +MTMxMDIxMDk1MzM4WjAiAhEAmtVi1qQK6dtcSNa6SpmZghcNMTMxMDIxMTIwNjMx +WjAhAhAm7Mqgqb+3zCWtjq1BjfzGFw0xMzEwMjExNDAzMjJaMCECEHDCXv3Xn4VU +M5W/odf8DRcXDTEzMTAyMTE0MTQ1OFowIQIQF2wWiKgXEnQZuwqHotvagBcNMTMx +MDIxMTQxNTU4WjAhAhBDnWYR74qhWsA+0uQcslCuFw0xMzEwMjExNjA2NTdaMCEC +EC52szA+C5OosVvlI0BI6nMXDTEzMTAyMTE2NDgxN1owIQIQb6gTWlcLA8TZABt3 +CjUNsBcNMTMxMDIxMTY1OTU1WjAhAhAkh4lIeA1ftsyOh3TLMyW+Fw0xMzEwMjEy +MDAwNDNaMCECEH06LbNrLXlrPPkV5eLzKckXDTEzMTAyMTIwMDA1N1owIQIQP8WT +MLzXaJqk3KEfEPB9BxcNMTMxMDIxMjAwNTA3WjAhAhBuKaap9tfvC7oeqxsg971Y +Fw0xMzEwMjEyMDI5MzNaMCECEBK/ep5+5YLMmGRr8ethXCkXDTEzMTAyMTIwMzEy +M1owIgIRAOSC6tAPZkD0fnpZTsSasDsXDTEzMTAyMjA2MDIyMlowIQIQYveeE9i3 +LdQk36FYvqUYDBcNMTMxMDIyMDkzMTAzWjAiAhEAyDmklxMqythl0xc0mJoR3BcN +MTMxMDIyMDk0NTE3WjAiAhEAwlBpqXxog7NruF9aKtdnYRcNMTMxMDIyMDk1NjI4 +WjAiAhEAhbTi8MkPnaLj234iWI/CsBcNMTMxMDIyMTAyMTMzWjAhAhB0SFE7JO18 +p2E7OI80PDxkFw0xMzEwMjIxMDM0MzVaMCECEAnY2HBSaKOnHFq5SJVqrmsXDTEz +MTAyMjEzNTMyNVowIQIQTTmlWkVfo7IgB8nzwUAaJxcNMTMxMDIyMTU0ODA3WjAi +AhEAqH6EZ1EmcWWOmRB9iJ4K3BcNMTMxMDIyMTYwNDA3WjAiAhEA3ldqd3tqHC8I +5VQq7bMhYhcNMTMxMDIyMTYwNDU5WjAhAhAWQkEBvl+Jagx8267WeouPFw0xMzEw +MjIxNjA1MzJaMCECEDJE+EdEKZNhhecuHbgsRMcXDTEzMTAyMjE2Mzg0MFowIgIR +ALoabANVfpGkiJcNx4XaznoXDTEzMTAyMjE2NTU0OFowIQIQGAk/j5lquedFsBcn +ivqWJRcNMTMxMDIyMTcwMDE4WjAiAhEA7KR11/mniKARe8ZipTg1JhcNMTMxMDIy +MTcwMTMzWjAiAhEAzlVPylAmpBuLPOLgsFSHvhcNMTMxMDIyMTcwNjQ5WjAiAhEA +wpeGPmD+VOBuoDK+UlFlcRcNMTMxMDIyMTcwNzE0WjAiAhEAsYYIQv9wtmO8Q1XS +lUWaDhcNMTMxMDIyMTc0ODQ4WjAiAhEAyLCJn9mOK5KiiW8nyXn9oBcNMTMxMDIy +MTkzMzI5WjAhAhBdCf4cvu7KoJcP0A6zYlHDFw0xMzEwMjIxOTQyNDJaMCICEQCv +Z9Bm/DvwB5v9xS8MjKpCFw0xMzEwMjIxOTQ3NTdaMCECEE2yHoELQ1NAExK9w3PS +EJoXDTEzMTAyMjIzMTEyNFowIgIRAOC8hzUnEnFpB49RCjaqpagXDTEzMTAyMjIz +MTEzMVowIgIRAOSiWB1doNk2wzBeiz0i7JAXDTEzMTAyMjIzMTEzOFowIgIRAJf2 +iuPkgN4SXntsMP3EkMkXDTEzMTAyMzA3MTU0NlowIgIRAJAg8+c6xQjZvCYRaT2j +EmEXDTEzMTAyMzA4MDE0MVowIgIRANSqwRr+L+Slc9zpcEqfBnwXDTEzMTAyMzA4 +MDIwMlowIQIQYi8/7eNyM9cOB4NkG+nWdhcNMTMxMDIzMDgwNjA5WjAhAhBHnao/ +oZWmTHCU0iHLG4T2Fw0xMzEwMjMxNTA0MzFaMCICEQDgfOns+HDpB5ElbRIGOdhY +Fw0xMzEwMjMxNTE0MjlaMCECEBLcDtxs6hjiWM0ZHY5oCu8XDTEzMTAyMzE1MzUy +NFowIQIQB2+zStFdA/IiUKfcurrNIRcNMTMxMDIzMTcwNzIxWjAiAhEAvcylaWnA +pLiJl+VCFj1/2RcNMTMxMDIzMTc0ODUxWjAhAhBmvOUgtviLqbHkUKu8gIDjFw0x +MzEwMjMxODQ4MjBaMCICEQCUxT1EZ6khjvnfYI5ntLtGFw0xMzEwMjMxODUzMTJa +MCECEF4fAhLHFcsNSFN4Js2GSHcXDTEzMTAyMzIwMTkzOFowIQIQC8CMgsTH95Ho +0Qe5pmtbuhcNMTMxMDIzMjA0OTA5WjAhAhBSkiIbfyg5Y0gfuFSh2QGhFw0xMzEw +MjMyMTE2MjNaMCECECvJUECqOAXS0ualxRSxcAAXDTEzMTAyNDA5MjQyMFowIQIQ +CA0LohuKpkkuX2owY79C7BcNMTMxMDI0MTEzMTA0WjAhAhASdSIp8cXBsdPCGHvx +HO9+Fw0xMzEwMjQxMjE1NThaMCICEQDNq7wX2pWyunsdTOPVx/anFw0xMzEwMjQx +MjE3MTNaMCECEBY03iExQpYLl3MXCz7IjQ4XDTEzMTAyNDEyMTczMFowIQIQdDmi +x7jIwU9t0QV3yj+FFxcNMTMxMDI0MTIxNzU5WjAiAhEAmxXNxfr0atxiPO8GfnoN +DxcNMTMxMDI0MTQ0MjU3WjAhAhBqHWItQT4NhZ3WNkz/7xaHFw0xMzEwMjQxNDQz +MDlaMCECEE89RkIw14Op2CP/617Zt2kXDTEzMTAyNDE0NTY1MVowIgIRAMZ851JN ++iLAviiUomJLxCQXDTEzMTAyNDE1NTg0MlowIgIRALy81TClE43GJGqxCJJ5UH0X +DTEzMTAyNDE1NTkxM1owIgIRAIlBa6CjGRzSyGb6MKz7/+gXDTEzMTAyNDE2MjMw +M1owIQIQJmcxbO+m1DyBuTkIIitaYRcNMTMxMDI0MTYzNDE2WjAhAhAcxyRmDL7d +9YoQqF+OIXyfFw0xMzEwMjQxNjU4NTlaMCICEQChL0jyCC4pMHw1DnjFgczMFw0x +MzEwMjQxODA4MDBaMCICEQCQ/WAmQPgo0dzCYbMh+ML8Fw0xMzEwMjQxODExMjFa +MCECECLu61XbdOhVOQ5G4CQft3IXDTEzMTAyNDE5MjY0NlowIgIRAMD9a8A8F1jm +YxGTpGNDBI4XDTEzMTAyNDE5NTExNlowIQIQIhm4XHe0uVuyrJjH1gSJKRcNMTMx +MDI1MDEzMjA0WjAhAhA6aQt5jecmCwRnoVBkhullFw0xMzEwMjUwODQwNTVaMCIC +EQC+46/QTEvLHesW9pIs+bSTFw0xMzEwMjUxMTIxNTJaMCICEQCz/XrDJzxrUkwj +/rbPI14rFw0xMzEwMjUxMTI5MzJaMCICEQCgbCripk/qv2y3QSLSw97eFw0xMzEw +MjUxMzA3MzBaMCICEQCa/fQ7pNT/UJhrAh9DpHd6Fw0xMzEwMjUxMzQ0NDdaMCEC +EFolfZj1Wqv4MuJkFxVREMwXDTEzMTAyNTE0MjcyNFowIQIQIMbp9eAugOIlgWTX +qwvKNBcNMTMxMDI1MTU1MTEyWjAhAhApvnfkq7LolGaMkCzmENxgFw0xMzEwMjUx +NTU2NTJaMCECEBQ9JFdazCPsSnaWeBlPOIkXDTEzMTAyNTE4MzUyNFowIQIQcRcC +0RvuhYIt5e/Q04CkExcNMTMxMDI1MTgzNzM2WjAhAhBWYeis9SSkwC5fc9g3YXp4 +Fw0xMzEwMjUxODQxNTlaMCICEQD4lbyvSjbMaky8NOt2iwWFFw0xMzEwMjUxOTIz +MzNaMCICEQDPmkDIoRUm9ISIOnLigfRLFw0xMzEwMjUxOTMwMDZaMCECEBvrSnUe +7Viu/DpL19AjcJcXDTEzMTAyNTE5MzIwM1owIQIQXs4QCuNQ0r0tjD5caWJ3ihcN +MTMxMDI1MjAwNjQ5WjAhAhBvm2Yvj3lsKfgybkHm9ti3Fw0xMzEwMjUyMTIyMzRa +MCECED5xJwdNKpGHiKbNXqepvTIXDTEzMTAyNTIxNDUxNVowIQIQVmT9mXBJ2Va2 +FUxPjmnD8RcNMTMxMDI2MDIxMzA1WjAhAhAJkcvzs7u0u03EOlui2djKFw0xMzEw +MjcwMjEzMDlaMCECED1JUjOCss+I2LFjAaxgjrwXDTEzMTAyODA0MDkyMVowIQIQ +C+natbPeQAWd4mqrlrOjWBcNMTMxMDI4MDQxMDIwWjAhAhAt87UlczC7lh0Zw0M4 +DGD0Fw0xMzEwMjgxMDE3NDNaMCECEEjHQS4xy6M8+VqXO1ApPEIXDTEzMTAyODEy +MjQ1M1owIQIQdi+kk0B2Y3VLZHrGlYVYjBcNMTMxMDI4MTMyMDQyWjAiAhEAgN8M +bHm1h1HrFI/dWwq7uxcNMTMxMDI4MTMzNTI0WjAhAhA2Et1wklW6urnUW/OvfsiB +Fw0xMzEwMjgxNDEwMTNaMCICEQC4KqBql58Cvrq1KIr2RcJxFw0xMzEwMjgxNDE2 +MzlaMCICEQCSsg5KTg23o5xu+wGrUrmpFw0xMzEwMjgxNDUyNTNaMCECEAjNt/o5 +kByL1jaFelLd4iEXDTEzMTAyODE0NTkzMlowIgIRAIDjzcKIEOLdL7Jj2kqDkLIX +DTEzMTAyODE1MDQyOVowIgIRAI3gtimXArhED8eAsghniH4XDTEzMTAyODE1MDQ1 +MlowIgIRALfU4jS0QmBODDoYURzcTYoXDTEzMTAyODE3MDIxNFowIQIQBo1Lsl8n +NZM6++D61EQ64BcNMTMxMDI4MTgwOTAzWjAiAhEA6bKvgtNrfSmxjeCNi5idBBcN +MTMxMDI4MTkwNTAyWjAhAhBsi8FEqKem5wiEJ/YSc0FsFw0xMzEwMjgxOTA3MDda +MCECEF5tCraW51D7cQ3sTirosVsXDTEzMTAyOTAwMjMyOVowIgIRAIHJI1gEFi11 +TShieU+8ixgXDTEzMTAyOTAxNDUzNFowIgIRAN3z5ewnnMJHUdUCVrT4X8UXDTEz +MTAyOTEyNTU1NVowIQIQOndOVSnVO7oVqr7O0di4CRcNMTMxMDI5MTMxNTIxWjAi +AhEAhLn4ZccJJVngTt7LO+TBmxcNMTMxMDI5MTMyNTExWjAhAhBvEaEuROXc03IO +UAHpwAMWFw0xMzEwMjkxNDEwMjZaMCECEH5Ki/829Byqg/4ZQ8G3iJMXDTEzMTAy +OTE0MjI0M1owIQIQUmu7WDAKytKVzgQ4nNBINBcNMTMxMDI5MTUwMjE0WjAiAhEA +wULPOIyMaHINr3NX9WsmchcNMTMxMDI5MTU1NzU2WjAiAhEAyPWiyyl60+kGljlh +doBsIBcNMTMxMDI5MTYxMDExWjAiAhEAm/I4th5Qnh1CqoQt7x8MWhcNMTMxMDI5 +MTYxMzAyWjAiAhEAiAq/c4Y+f5fAjF9VTJA6PhcNMTMxMDI5MTYzNjA5WjAhAhBb +mQ6bKpmeEn669INb0kHsFw0xMzEwMjkxNjM2MzdaMCECEFn0DJhQMdBct7OG8IlZ +5jgXDTEzMTAyOTE2MzcwM1owIQIQGyNLUAvQPs/ygOwKnKIFxxcNMTMxMDI5MTY1 +NDMyWjAhAhBBFAF33WKSU7IEwyK774h2Fw0xMzEwMjkxODM4NThaMCECEA1iscwq +Z8WnIj6IljU9mUkXDTEzMTAyOTE5NDczM1owIQIQAIAcZgP7h9zhJEXAMbtkZBcN +MTMxMDI5MTk1NTE2WjAiAhEAiHWHeb3v3Qq2lUUC+xftLhcNMTMxMDI5MTk1NjU3 +WjAhAhAaeMer0Ntx10U9xbWiG1gvFw0xMzEwMjkyMDM4NDNaMCECEAP93JlUim3d +/GLMyzt12X8XDTEzMTAyOTIwNDQ0NlowIQIQJhC2frrpJwBwRIqXhx7ETBcNMTMx +MDI5MjA0NTM0WjAiAhEAv7C6RRaRJxaLMpcwY9UJshcNMTMxMDI5MjA1NzU3WjAh +AhBYESnJPA2NuDFU7nmJd92AFw0xMzEwMjkyMTUwMzRaMCICEQDksul2qTKhTrBU +zD1CnzY7Fw0xMzEwMzAwMTMxMDNaMCICEQCMkTWAB52aefHcybzLlNH+Fw0xMzEw +MzAxMjI4MzZaMCICEQCLnPX0jjYuahGnz6bsrtJ3Fw0xMzEwMzAxMjUzMDJaMCEC +EFMgwEx6GqdrL7UD5k4DILMXDTEzMTAzMDEzMTIyOVowIgIRAN2JpMyNlY5qiRu2 +qJBDMOAXDTEzMTAzMDEzMTI1NFowIgIRAIv9Pajvo/ZhJq3JRTeVa5kXDTEzMTAz +MDEzNTAzMFowIAIPIOylAYcNKW2GUNNILbJcFw0xMzEwMzAxNDAwMjdaMCECEDcV +9yYvupXXgCQDPudqlDoXDTEzMTAzMDE0MTAxOFowIgIRAONkEBxnxnC4KSpa6nbh +wwcXDTEzMTAzMDE0MzAxMlowIQIQfLy/lb09lO5ULqAWG3nSXRcNMTMxMDMwMTQz +MDI2WjAiAhEA4VLtqh1V6iXGblTY29MaABcNMTMxMDMwMTQzMDM5WjAiAhEAlCxt +Hl7deYIufP0y8IUTWxcNMTMxMDMwMTQzMDUxWjAiAhEAoTgr/ajCrD4phaJMDn4n +xBcNMTMxMDMwMTQzMTA3WjAhAhB//tZpGRcQMr7/GR5DK+FnFw0xMzEwMzAxNDM0 +MTlaMCECEF2QQYBYcuS+e7uC2EPmAVYXDTEzMTAzMDE2MTkwOVowIgIRAITGJvZk +Ubj7CxMwJlym3qoXDTEzMTAzMDE2MjE1OVowIQIQO3YFEfYv1WJRtKGZkAJKNBcN +MTMxMDMwMTYyMjU0WjAiAhEA/eVEIx1AvaW1zBfs+zNCDBcNMTMxMDMwMTYyMzM3 +WjAhAhA/7V9ISneA1+UBp7mGQASaFw0xMzEwMzAxNjM3MDVaMCICEQDCyESYJlJK +wNVYtTMhnWOTFw0xMzEwMzAxNjQyNDlaMCECEE6viIHnrt4wGGbeDtu3vhcXDTEz +MTAzMDE4MDIwOVowIgIRAJw9DdFCMveAe3IMFRAG3isXDTEzMTAzMDE4MjMwMFow +IQIQQiOkPASeMzrV99rpn2WV6RcNMTMxMDMwMTg0NDQyWjAiAhEA5wRRTYno4Emz +vSa918lxNhcNMTMxMDMwMTkxOTE3WjAiAhEAgk56JSslYVujCmmfnQohtRcNMTMx +MDMwMTk0ODM4WjAhAhBdTY1Pvj8Vhuzuw7rE6FSeFw0xMzEwMzAyMDE0NDZaMCIC +EQCVAZIOJVeBnCU5/3UuSGP3Fw0xMzEwMzAyMDE5NDNaMCICEQDBymMJLb2T8cRz +7owIvwMFFw0xMzEwMzAyMDI3MTJaMCICEQD9nkJ57jL+o4dLJnQSvkNGFw0xMzEw +MzExMTM2MTdaMCECEAKLkqCrdzRPk+zlJzDN6IEXDTEzMTAzMTEyNTcwOFowIgIR +AMAR93k7ApfWcTghf6g/cAkXDTEzMTAzMTE0MjgyMFowIQIQeF2ZGBiFEZT2r/un +sRJFMRcNMTMxMDMxMTUwNzM1WjAhAhBBXLGF9K6FCJ0DWx75Bw4EFw0xMzEwMzEx +NjI4MzZaMCICEQDgcPN2dCdYGdPQ2Oho/0KaFw0xMzEwMzExNzE4MTVaMCICEQDY +tw0pH876ZwxNv0gEutKMFw0xMzEwMzExNzM1NTdaMCICEQDCjzqp7snkiI+Ykltu +iyaSFw0xMzEwMzEyMDIwMTRaMCICEQDoWfjbG3MR7wY6erctEMuoFw0xMzEwMzEy +MTM3MTdaMCECEA9hrgcW04jfUp19Nij1QPAXDTEzMTEwMTAyMTMwM1owIgIRANyw +5O6HKI3nr3qZiaccKFAXDTEzMTEwMTEyNDU0OVowIQIQGRE9TSSZp89tFBzfy3pe +2xcNMTMxMTAxMTI1NzAwWjAiAhEAoxr9E8eGbQP7+bWVrm6zsBcNMTMxMTAxMTMx +OTQ1WjAhAhAPKl8PBfyPm6RRwo/bWkNmFw0xMzExMDExNTA1NDVaMCECEDdJdGVp +URzATFy6lxDwFWYXDTEzMTEwMTE2MTMwMFowIgIRAItWXFgnUAlmwYyZLRF7kwQX +DTEzMTEwMTE2MTcyM1owIQIQG74KqjaTM5Zo5Py9MjC2dhcNMTMxMTAxMTc0NDAx +WjAhAhBVkkd+w+oRTfhdGXxImLciFw0xMzExMDExODIzNTRaMCECEAgBj6s1U+Fx +QsITJquhrdcXDTEzMTEwMTE5MTAwN1owIQIQOPEb8LwoBqeqx94gbzoMVRcNMTMx +MTAxMTkxMDExWjAhAhBYMN/XjsdtjA4YqiGPcV/LFw0xMzExMDExOTEzMjRaMCEC +EBtSHPJ4tMk8yHEHLckjZeUXDTEzMTEwMTE5MTQ0MVowIgIRAIn0+VXv+yOWiYY6 +PkpuF1wXDTEzMTEwMTE5MjE0MlowIQIQassDHJRlp2FJv9f5HYhY3BcNMTMxMTAx +MTkyODEzWjAhAhAfMMh07wNDkQ/67HkGlLqYFw0xMzExMDExOTI4MjNaMCICEQDb +ieO4frQf4YABHUtx1EzKFw0xMzExMDExOTI4MzFaMCECEDqB2qONo8Vof+UG+8nv +c7EXDTEzMTEwMTE5NDIxMlowIQIQFWV5QG9kttoMojEXHUom8BcNMTMxMTAxMTk0 +MzAxWjAhAhAGhr08BGSoxPNzX4ZehZnrFw0xMzExMDExOTQ2MjdaMCICEQCOlgTl +JjT+iAeIDvvZNNCbFw0xMzExMDExOTQ3MzhaMCECEDEk65qaVWzAj+Rdqa2W1koX +DTEzMTEwMTE5NTUyMVowIQIQR1l/txyXViRHZ2Nawf0RqxcNMTMxMTAyMDIxMzA1 +WjAiAhEAkOtYHiE+voWAUiWG97JjXxcNMTMxMTAyMTIxODAzWjAhAhBQJhYp5MuD +Fmg8D7dFyQAWFw0xMzExMDIxMjE4MTZaMCICEQDQwkbaM1xyApQigjjJ0pntFw0x +MzExMDIxMjE4NDBaMCICEQCZzMt/zLP1Sq2qm4wWbuB6Fw0xMzExMDIxMjE4NTNa +MCICEQCZCu4xLZqll8+xlxVg05KaFw0xMzExMDIxMjE5MDJaMCECEDeex2kAAc3v +kQG8fM3nOs0XDTEzMTEwMjEyMTkyNFowIQIQSU68BYWIkq6pAGaEekl5YxcNMTMx +MTAyMTIxOTUyWjAiAhEAk7I2Dj4qco0CsRMwE0BKphcNMTMxMTAzMDQwNDM4WjAh +AhABo4pIugW4S2XNxbkgb11cFw0xMzExMDMxNDIwMTBaMCECECWniULWXvlc7/XE +haldcqAXDTEzMTEwNDE0NDIzMFowIgIRAKIiLqPVR34CILdu9KtEk/gXDTEzMTEw +NDE1NDYxMVowIgIRAKV1D+5AgiTyg3I+UidajIkXDTEzMTEwNDE1NDc1N1owIgIR +APuV/ZFhMTq0QX3KFYx3CXwXDTEzMTEwNDE2MjEyMFowIgIRAOuDEQEcbPMtEjWa +Yh0BQmEXDTEzMTEwNDE2NDkwMVowIQIQSkLycPjDX6wdvMWBztPrcBcNMTMxMTA0 +MTczMjU1WjAhAhAS+J3gMdfzUOFnME0cjyerFw0xMzExMDQxNzQyNTJaMCECEA2s +Ezy6PKap/BsLvhcgCy0XDTEzMTEwNDE3NTYzMFowIgIRAK/OzTMn2LwOdCMtDdIk +/e0XDTEzMTEwNDE3NTcyN1owIgIRAMdkWgkoEu+4WCcB0+D/deoXDTEzMTEwNDE4 +MjE0MVowIQIQJI+nz1Ds0JqkWDpj+cMmFhcNMTMxMTA0MTkwOTI5WjAiAhEA3GJf +YtDe0+LCmhoVcmjcshcNMTMxMTA0MTkzMzU3WjAhAhBIqi5D+vF5CrjMF7KNPK8C +Fw0xMzExMDQyMDQyMTdaMCECEDShEF+7dMG2Q05AHNptWAEXDTEzMTEwNDIxMzQy +M1owIQIQFEeeBXuPA1KL+PRL7gA9yRcNMTMxMTA0MjE0MjA3WjAiAhEA8c6GfF+e +TxrTnYDTZ4ncbxcNMTMxMTA1MDY0MjI4WjAiAhEAl57qExX6191/Rq4zoDSYwRcN +MTMxMTA1MDY0MjQ4WjAhAhBdKmHKh4Kd5XSEIJcEUwgJFw0xMzExMDUwODE1MjZa +MCECEF4l5+Gj86SfoqdYyIrFNVgXDTEzMTEwNTE0MDA0NVowIgIRAIPxmEB7HL21 +J880AqkNo1gXDTEzMTEwNTE0MzYxOVowIQIQJslFQqHAto0d3+AvSVmWORcNMTMx +MTA1MTUzMzMxWjAiAhEAlyD1TNrtDbKFZBa52Nla1xcNMTMxMTA1MTU1OTA0WjAi +AhEA/M1iGIaJK3eBcsIAELJlPBcNMTMxMTA1MTU1OTE2WjAiAhEA9X2JV5znErH+ +ndq+nCkBDBcNMTMxMTA1MTgyMzA5WjAiAhEAn4xR25Z6N9mkcEfOJhPR4hcNMTMx +MTA1MTgzNzIwWjAiAhEAm+e3ga+gIfypvSIeeZvmFBcNMTMxMTA1MjAwNTM2WjAi +AhEAhdM5OiWWFw4sNMfOcG+echcNMTMxMTA1MjAwNTU5WjAhAhAC+y81WGo6XMcp +67hzj45AFw0xMzExMDUyMDEzMDZaMCECEE91y+kborPs8oJ8HIMmq7AXDTEzMTEw +NTIwNDg0N1owIgIRAOuedxTwdr6nDE7sBzEcpQgXDTEzMTEwNTIwNDkwMFowIQIQ +J7TtMBoR7aLlC1RnFE/0QhcNMTMxMTA1MjA1ODQ4WjAhAhBn73+77bIBfQbBUihg +SrDSFw0xMzExMDUyMTEwMzJaMCICEQCkmKxbOlvCyx3J2nBTnFKQFw0xMzExMDUy +MTEwNDZaMCICEQCYZq3jPaIIf5zufm48eHuSFw0xMzExMDUyMTE3NDNaMCICEQCN +0x6+8qR9Kazf/doTa07JFw0xMzExMDYwMjEzMDNaMCICEQC9IampnkuWABidpN+C +ZHR3Fw0xMzExMDYwOTM4NDJaMCICEQDg41tAKNC/4yr8+UgQ4E7bFw0xMzExMDYx +MTM0MDVaMCICEQDCANfHG99Q9KemtIcNcSvhFw0xMzExMDYxMjAzNTJaMCICEQC/ +cFxOhSy9I7M2FpS9xtkxFw0xMzExMDYxMzE1MTZaMCECEHatstA3SsyZWn9gebL2 +VFYXDTEzMTEwNjEzMTkwMFowIQIQPNzTk07z35ashPJq0hJn3RcNMTMxMTA2MTUw +NDQ1WjAhAhBga3uoAY1Bn5KEDVJJeVTBFw0xMzExMDYxNTIxMzFaMCICEQCqMJvA +C46YvHLGHaGD7xmPFw0xMzExMDYxNTIxNDVaMCECEDbQuypCbHSnbzRdaK1DkXQX +DTEzMTEwNjE1MjIzMlowIgIRAKejeUX2cmtvDumhtUesZcwXDTEzMTEwNjE1MjI0 +NVowIgIRALYBJwRU8nVjYu+xPV43sNUXDTEzMTEwNjE1MjI1N1owIQIQMxJAeQBC +8GO5z4vEhF6csxcNMTMxMTA2MTUyMzE0WjAhAhAo27x/msg25Fdfg3Ibay6WFw0x +MzExMDYxNTIzMjdaMCECEDEU9AU9+cIUHO8NYDZi4TYXDTEzMTEwNjE1MjM0Nlow +IgIRAO5bTviz6sePqjbr0cT9nasXDTEzMTEwNjE2MDMyNlowIgIRAK9AlGTc0OMr +pgo73xDsGtoXDTEzMTEwNjE2NDc0NlowIQIQbILQ/v3UTanTqPENDHdi6xcNMTMx +MTA2MTc1MjUwWjAhAhB8saUvw52E8sOX3GzmmsuDFw0xMzExMDYxODA2MTJaMCIC +EQDeBrWIEjpDzxcltPghOiczFw0xMzExMDYxODA4NDlaMCECEErfj1gIDwGI8VpE +koIkpY4XDTEzMTEwNjE4MTgxOFowIQIQRo7vsQ1FvTNOmAn2EpDKBhcNMTMxMTA2 +MTgyMDQwWjAhAhA6YAIBD/XKM93fcsrhOMZ+Fw0xMzExMDYxODQ2NTFaMCICEQDX +E/Abz3XAwy5ogybLJOkKFw0xMzExMDYxOTM2NDZaMCICEQDBZOSKrhpidxHMvE+g +5IirFw0xMzExMDYxOTQyNDBaMCICEQD4XKEjyWTRmPF387i+su+/Fw0xMzExMDYy +MzA4MjlaMCECEEO5hHBppeq6eYxbmBug2g8XDTEzMTEwNzEyMzkyOVowIgIRAORJ +3pbV9/FRSdNaZWGoCxIXDTEzMTEwNzEzNDg1OFowIQIQPMhJaOuevIOGgmGKcsyT +2xcNMTMxMTA3MTM1NDQ5WjAiAhEA+/GZSPMfzj8nfAl8PvtDYxcNMTMxMTA3MTQy +NDQ3WjAhAhBpEDTbe48dzSxkvXAwscHWFw0xMzExMDcxNjI0MDdaMCICEQDnisMB +3OFDaokQ68wIUDELFw0xMzExMDcxNzA2MDlaMCECEBwYQRlnPRLSKHm9APrOiEkX +DTEzMTEwNzE3Mjc0MFowIQIQfJW5J6vMG+XnxyKJJlmOYxcNMTMxMTA3MTgxMjI5 +WjAiAhEAiMGtKI0zZdnKayLz/eDMnxcNMTMxMTA3MTkzMzAzWjAiAhEAzGaPASb4 +Fng3e7C1kd3qXRcNMTMxMTA3MjAwNzA5WjAiAhEA7L7SVxq3aESb187i3nMLQBcN +MTMxMTA3MjAxODA0WjAiAhEA7+Vi0A0yGLZzCKSIKZ5XuhcNMTMxMTA3MjAxODQx +WjAhAhAwcbbjC81jSnbl7O1aCj/DFw0xMzExMDcyMDI3MDVaMCECEHOcAib3YRH5 +TF9cP4tnMc4XDTEzMTEwNzIwNDYxN1owIQIQXOL0XFmKkPRNVN7YTLsvoxcNMTMx +MTA3MjIyOTE5WjAhAhAZ4LzoQeXJCx5x/cHKDrm0Fw0xMzExMDgwMjEzMDJaMCIC +EQD1hPDCvAQW2WyHAW2P534KFw0xMzExMDgwNTQ4MjhaMCICEQCrDObwF05KSzCR +6IrBHRtxFw0xMzExMDgwNjQzNTlaMCICEQCvHEnv5K++0CxejI3tHIQ2Fw0xMzEx +MDgwOTU3MjVaMCECEAHZifQdcmzlx+uL06hsNPgXDTEzMTEwODEwMzAxNVowIgIR +APKYmh2v/QNFS/UBdY7zInAXDTEzMTEwODEyNTUwM1owIQIQZuDejAbI3IpHmydA +ZAYOFxcNMTMxMTA4MTMzMjExWjAhAhByZN7ifmTzZgIp7LaArSYpFw0xMzExMDgx +NDI2MDBaMCECEGx2EghfHXA2PN9OmmSQ0AMXDTEzMTEwODE0MjYxNlowIgIRAMGt +gbNdJhzlZLu3z53OZIsXDTEzMTEwODE0MjYzMVowIQIQGS1W7zLdQ/gB5o+1dVUi +fhcNMTMxMTA4MTQzMDA4WjAhAhAOOeJssP3mtmDiRv/turLEFw0xMzExMDgxNDM2 +MjRaMCICEQCMCBKdVGgLoWsknC/O2dJBFw0xMzExMDgxNTM1MzFaMCECEDsbMMjm +jdxdKJQoUlVMpskXDTEzMTEwODE1MzkxNlowIQIQaWkQQC3Lx8l78/0h3iBG9hcN +MTMxMTA4MTY1OTQ4WjAhAhBgYWA/sYd2detLzmCCBQ9jFw0xMzExMDgxNzQxMjVa +MCECEDxV+IfzBOQyK0QxJYzMB2EXDTEzMTEwODE5MzgzMlowIgIRAPKrsQFoDcmF +bAi89X6DpGgXDTEzMTEwODIwMzQxMFowIgIRAMBnQs/8GQZpHLtIXlpB66oXDTEz +MTEwODIxMTgxMlowIgIRALL61LMIXnHEoKzpcTbWJjoXDTEzMTEwODIxMjI0MFow +IgIRANjvxjvcBIBAG38q+rdRmA8XDTEzMTExMDAwMjAyN1owIQIQeXkwX/XNC5O3 +6a0PXkRQFRcNMTMxMTEwMDIxMzA2WjAiAhEAxjqJS7GMRoGx53B1jqkjtRcNMTMx +MTEwMDIxMzA2WjAiAhEAz/1ulaHnNzpH3fPY6Bm/kRcNMTMxMTEwMDkwMTE5WjAh +AhBTH6ASWQXlPUf+ZMTO/6X7Fw0xMzExMTEwOTU2NTdaMCECEAJr7ZOQx+yIioAc +5vxazhgXDTEzMTExMTE2MzA1NFowIQIQGmVHfO2d1Cea5VUuOStQdxcNMTMxMTEx +MTY1NDAyWjAhAhBIv8nu1znYwSZ2XIzo8hABFw0xMzExMTExNzE1MTBaMCECEBJ8 +aMLefQacSIQ3435jCIoXDTEzMTExMTE3MjQyN1owIgIRANME5jqNGwy1dUzcCQtF +8QUXDTEzMTExMTE3Mjg1OFowIgIRAJWEfRCxre8sfuwh46GEPLQXDTEzMTExMTE5 +MDYxM1owIgIRAM9ZyJkErAWv0oqIWGq40SkXDTEzMTExMTE5MjczNVowIQIQItam +iHDuY6j/MqV63iFDQBcNMTMxMTExMTk0NzM5WjAiAhEAocoJtCZAhnbrFxiTmlq3 +jRcNMTMxMTExMjAxMDAyWjAhAhAKwCC0WtTlrvK5q2mQcROpFw0xMzExMTEyMDM0 +NTJaMCICEQCB3PvDy4eHr30/JAdH7JARFw0xMzExMTEyMTA2MjFaMCECEE/JSR/2 +M6axYVo9vaQiVDUXDTEzMTExMTIxMzI0NVowIgIRAIVGtXpca3bssKELjkSt8pgX +DTEzMTExMjAyMTMwNFowIgIRAKTvKihV5Is0JUO8lXexJRoXDTEzMTExMjA5MTkw +MlowIgIRAKAi4Eo+mw5CdJ1tqbw+5/oXDTEzMTExMjA5NDEyMVowIgIRAI4gOISJ +ANGPvxoU2YNyThsXDTEzMTExMjEwMjUzM1owIgIRAJmQjSv/j6j0de5L4oBkmS4X +DTEzMTExMjExMzcwNlowIgIRAK3PXmpNS2X/UWirtosygKAXDTEzMTExMjEzMTg1 +NVowIgIRAP5gDRsedWL5/PxW96SPkaoXDTEzMTExMjEzMjkyMFowIQIQVaELqy+s +8ZKzi76D9c1N+RcNMTMxMTEyMTQwODUzWjAhAhBotrEIg986Xgxd3ez6Mz3eFw0x +MzExMTIxNDI0MDhaMCICEQC36tPvUwZNtHdT0BDo9rUHFw0xMzExMTIxNDI1NDla +MCICEQCudKkhBLn59i9yx7JiTMIAFw0xMzExMTIxNTEyMzZaMCECEDGZjuQAwZPL +WUK0A/LM8QsXDTEzMTExMjE1MTIzOVowIQIQSS7z2eJOlsAhU9eeg+PnWhcNMTMx +MTEyMTgyOTEyWjAhAhBu9z5yD3ROuaqXMAJVewSfFw0xMzExMTIxOTQwMzVaMCIC +EQC7d0PEkh/Z9c33X1+9CHpZFw0xMzExMTIyMDIyNDRaMCECEDfS6Xn9n3cQpCVN +99+j01cXDTEzMTExMjIwMjI1OVowIgIRALFAhW9akSLkGYrClhYqadkXDTEzMTEx +MjIwNTY0NVowIgIRAIfTlas010vqjEZ/aJwkQY4XDTEzMTExMjIxMDU1N1owIQIQ +EtSTc/mwRzgDwUpVSq+HVhcNMTMxMTEyMjEyODEzWjAiAhEAq2sIJvn45A9Lvgjl +hr72gxcNMTMxMTEyMjEzNjQ4WjAhAhBKLa/6pCoNXSYQ4S4m4znwFw0xMzExMTMw +NzMwMzVaMCICEQC9vmEYDYeY2Nd5KVXcEEGNFw0xMzExMTMwODU2MzVaMCECEDWE +qBnzPY19vbiNUFoGGHgXDTEzMTExMzExNTIyOFowIgIRAL+mNS4nQDDTRlu/dPuQ +wSUXDTEzMTExMzEzNDYyOFowIgIRAKrJ/lLhJ/uarl0SO6/YQUwXDTEzMTExMzE1 +NDQ1OVowIQIQZqZLoZyJZ5ULSml5PuicHxcNMTMxMTEzMTY1MjQwWjAhAhAzfUi4 +1v5iMxxWNZqVP9KFFw0xMzExMTMxNzA1MTVaMCECED0iREMzp2ks2jd6HuiMABkX +DTEzMTExMzE3MTQyNVowIQIQd7PGdYC6VB/TrrH/geBd7RcNMTMxMTEzMTc1MjE2 +WjAiAhEA0CRkqmHzF+yKYlhaObgqHRcNMTMxMTEzMTgyNTE5WjAhAhBXKh4yvffP +R18Jga1NerI1Fw0xMzExMTMxODM2MjBaMCECEA6pr9Gj/dqLuJbDjserb2kXDTEz +MTExMzE4NDUwOVowIgIRAN/7yXsniqiQb2po19Lwsj4XDTEzMTExMzE5MDczMlow +IgIRAIDVYlYEvMr20FzcxUAo9RQXDTEzMTExMzE5MzAwNlowIgIRAKJfb5M3mfdz +ElBrxCdZIToXDTEzMTExMzE5MzA0OFowIgIRAJ+ani71UWVLL2vHAUjqpFsXDTEz +MTExMzE5MzA1MFowIQIQTjydtU9QpZmF3U8VcUlluxcNMTMxMTEzMTkzMjA4WjAi +AhEAhwvzSu8KlAcMoyEnzpC1rxcNMTMxMTEzMTkzOTAwWjAiAhEApP9JxwWKLbiD +y1VRaDn2whcNMTMxMTEzMTkzOTEzWjAiAhEAxPVanfmehiDdG+hoXJwPARcNMTMx +MTEzMTkzOTQ4WjAiAhEA8WgbQaQ6SMAlFpNvYBIhWBcNMTMxMTEzMTkzOTUxWjAh +AhApYT7hoA3bgBxkc+xc9qAgFw0xMzExMTMxOTQwMTRaMCECEB0Ehi+Zzub7U8hs +Z/DJJskXDTEzMTExMzE5NDAyNVowIQIQdBjXBQAkPMfV697URDoQuxcNMTMxMTEz +MTk0MDQ5WjAhAhA+0m/yAIao6VwJIAOBzBEuFw0xMzExMTMxOTQwNTFaMCICEQC/ +5t9rxHiurvDMJiuAHFc2Fw0xMzExMTMxOTQxMTBaMCECEEJFbVriXy8lYOu0xKcc +h60XDTEzMTExMzE5NDEyNVowIQIQU5Pt4bJb77ZMHHuxAxjNJRcNMTMxMTEzMTk0 +MTQ5WjAhAhAmyFhu63l5kPwFSX+nFSbuFw0xMzExMTMxOTQzMjBaMCICEQDk5zaT +Bf83oqCVDlaS9MEYFw0xMzExMTMxOTQ1MjhaMCECEHI3faHVzUtYz2qZLfz1ePYX +DTEzMTExMzE5NDYxMlowIQIQXHI65mxjUAMtG53ZIHASCBcNMTMxMTEzMTk1ODEw +WjAiAhEA0VxgXVRqXwRqalMHd8P7/hcNMTMxMTEzMTk1OTAwWjAiAhEA8+z8oy0u +/25LvtIv0MP9lBcNMTMxMTEzMjAwMTQyWjAhAhAT5YH62oCKQhTLwD/lXI5cFw0x +MzExMTMyMDAyMTFaMCECEGqixBEMPmmEUiBoJCt6+SAXDTEzMTExMzIwMDQxMlow +IQIQDsdZyNIRDagQgJIbCVyUnhcNMTMxMTEzMjAyMzAwWjAiAhEAgS5UirYgwXhd +YJOE++TxuhcNMTMxMTEzMjAzNDE2WjAhAhBCRLH7y0/1UFY8VINilFb8Fw0xMzEx +MTMyMDQ2MDJaMCICEQDaH3n26LhE/UGznnfLuhYUFw0xMzExMTMyMDUwMDRaMCEC +ECNe9WWfJZOuZZ6QndUGyjsXDTEzMTExMzIwNTE0OVowIQIQJAHBKtnMPtNZcb1o +UbuszBcNMTMxMTEzMjA1MTU2WjAhAhBkgARIs7ugYx9JDybywpXEFw0xMzExMTMy +MjIzMDBaMCICEQDi+S5rcxnZs9/usTdEfxfLFw0xMzExMTMyMzU1NTZaMCICEQDf +nf0iulLJ4QTIF7APQcWJFw0xMzExMTQwNTQwNDFaMCECEEsv97koQHvTxkzixJYJ +1VAXDTEzMTExNDA5MDU1NFowIgIRAJVbg95ZoiyfbBuM1uBkGjsXDTEzMTExNDEx +MzIwNlowIgIRAKYcNX4cMqz9v6obBsU7vmAXDTEzMTExNDE0MTIzNlowIgIRALzK +N7f7NqzzEKQtpw+FLSMXDTEzMTExNDE0Mzk0OVowIgIRAJXRwfpfMDX4OwEedH1x +q/UXDTEzMTExNDE0Mzk1NlowIQIQBT3tueR89tevtlsz6glPTxcNMTMxMTE0MTUw +OTQwWjAiAhEA5qhIV4kbRVSrepn4aZINbRcNMTMxMTE0MTUzMTQ2WjAiAhEAgxi5 +GIrOg11Wv/Y+qTxJghcNMTMxMTE0MTY0NjA0WjAiAhEA7/gp8tRaqSB90W0MDxkO +AxcNMTMxMTE0MTY0NjQ2WjAhAhArNvKCYYGFV9NzWh2/2wYOFw0xMzExMTQxNzA2 +MDNaMCICEQCLQq6QDFJvD4YhrOhzEhyEFw0xMzExMTQxODM3MzRaMCECEHwJDS/i +4ijAQ/0VRh5jbu8XDTEzMTExNDE5MzI1M1owIQIQXwcaC6vcoJmMCwRDvxBjmhcN +MTMxMTE0MTkzNTMyWjAiAhEA092slBoPvn1vMYdk4NnSqRcNMTMxMTE0MTk1MDE1 +WjAiAhEAgFQE9acNFEzfz6YH2e28WRcNMTMxMTE0MjAyODA3WjAhAhAbcg0CldfZ +cW9txUTJqsCfFw0xMzExMTQyMTMwMjdaMCECEDwk6x1h3gCHdZJirnETuDYXDTEz +MTExNDIyNDIwN1owIgIRAOgG/avbXGmRkC96vIuyN/sXDTEzMTExNDIzMTIzNVow +IAIPWkDnb7oY+A4pZx4+kwiyFw0xMzExMTUxMDU4MjhaMCICEQDYbHhSbiyY2kgr +4u/caFa3Fw0xMzExMTUxMDU5MjdaMCICEQDq0T/GnudCtl2dPrndhv0iFw0xMzEx +MTUxMzM2MjZaMCECEE0DOV9RqqewQdH5AWmGhh0XDTEzMTExNTE0MzQ1OVowIQIQ +M/MhDpuG6Kye1zfSv6qagBcNMTMxMTE1MTkxODIzWjAhAhB+BIcDWpvMxwEzbSxI +hyB5Fw0xMzExMTUxOTM2MDVaMCECEFgCTdaElHzujqZvUU7BJKsXDTEzMTExNTE5 +NDg1N1owIgIRAMySxwvQO5QXvmfuMTaILysXDTEzMTExNTIwNTg0MVowIQIQDh8L +LotrXEyo+BGhlZcDKRcNMTMxMTE1MjA1ODQ2WjAhAhBtVzBvJyM/V10InX48ld4k +Fw0xMzExMTUyMDU4NTFaMCECEEyiHljg9s+CTmg4EZ+EeuMXDTEzMTExNTIwNTg1 +N1owIQIQc3JvlN5//rTLxqGCWy6vkBcNMTMxMTE1MjA1OTAyWjAiAhEAn4RTqx9f +AicIV0xDuWXHtxcNMTMxMTE1MjA1OTA3WjAiAhEAqkyOH5gqfB0R9oX5MUvXhRcN +MTMxMTE1MjIzNTExWjAhAhBWwvJpe72TklGaw1iZbg5NFw0xMzExMTcwNjAwMjBa +MCICEQDXYkvSMznfhKX/cMtt1drkFw0xMzExMTcxOTQ2NDNaMCICEQDVUy6vrAv/ +DnnlG0TiH2qkFw0xMzExMTgxMjQyNTlaMCICEQC9ohdp73fhZpeCzgp5pxYVFw0x +MzExMTgxMzIwMzFaMCECEHbPFSg6EsU7GVv1BPvXAG0XDTEzMTExODEzNTIzOVow +IgIRAIatUy5/jz8StjWzVeJjLU8XDTEzMTExODE0Mjk1MlowIgIRAMD9OJzq8lv+ +b2AyMNBLB50XDTEzMTExODE1MzAwOFowIgIRAIuXbw2kfYaRmoYTM0YNcjQXDTEz +MTExODE1NDUyN1owIQIQdATu1Mo/tWTZ/mHpzvTxOhcNMTMxMTE4MTcyNjM1WjAi +AhEA/63doyQBMox0Xc4TawBm3hcNMTMxMTE4MTcyNzE0WjAiAhEAloPXC0F5ppQX +uogO1dSy1xcNMTMxMTE4MTc1NDIyWjAiAhEA/SO33v7lKGUmYrMqCs2PUhcNMTMx +MTE4MTc1NDQ3WjAiAhEA04Liuw0xizkRmH7X2e7CyhcNMTMxMTE4MTc1NDU3WjAi +AhEA72WHxTZhSs5WQDro/E7LEBcNMTMxMTE4MTgwNDQ1WjAiAhEAsoDEB0yPRhm/ +URnrolhMJRcNMTMxMTE4MjExMjE4WjAiAhEAisToIgfmlg3jBHLuks9SIxcNMTMx +MTE4MjEzOTAxWjAhAhBcY04TOyQH6iWtvdd7O9TEFw0xMzExMTgyMjMyMDlaMCIC +EQCO89H8mCOAIxlMv5pL0jO6Fw0xMzExMTkxNDM5MTNaMCICEQC96p/IPidj9vaM +BBFreqh2Fw0xMzExMTkxNDM5MzVaMCICEQDzsIuSzONH//gkBcH2SpsPFw0xMzEx +MTkxNTExMTVaMCICEQCUFhO3NTpalOyDyAC8QVPCFw0xMzExMTkxNTM4MjZaMCIC +EQC7mxoZF5tcVfU/krN42iB8Fw0xMzExMTkxNTQ3MTZaMCICEQCDGObMG6xXNkWB +h3mOWJ0NFw0xMzExMTkxNTQ5MjJaMCICEQCRRF0Jlsjj83sXU55Jk5DgFw0xMzEx +MTkxNTUwMzNaMCECEHkjKBenmN5mrWBsOJ3O1xEXDTEzMTExOTE2MDAxOFowIgIR +ANg9DrXK/SHdhybmybWCThcXDTEzMTExOTE2MDMxNFowIQIQKOO9f1fbk94F9HWH +kuA3SBcNMTMxMTE5MTYxMTQwWjAhAhAR9xXjMK/591qknZ16G0rZFw0xMzExMTkx +NjExNDhaMCICEQD/hhazr5GOMMoLkojukwVYFw0xMzExMTkxNjExNThaMCECEDu+ +/TYkkj4Q4FdUp/l1CUIXDTEzMTExOTE2MjA0MlowIQIQGPpQxgwlLuMX/e0v6Y9d +bhcNMTMxMTE5MTY1MDI1WjAhAhAT1XDXB75mHBWBePRP1/v8Fw0xMzExMTkxNzE3 +MTdaMCICEQDRL/G4Fp7mLj5WCrnl8MzIFw0xMzExMTkxOTQzMTZaMCECEG5Z9pYH +8IVhkPhm7DCBUY0XDTEzMTExOTIyMjExNFowIQIQarQopAiApsTLhALYTWSwMRcN +MTMxMTE5MjIyMTIwWjAhAhAr1TPdH88y4ermGHLT6s1vFw0xMzExMjAwMjEzMDRa +MCICEQDv+4Kj+TTAEL5MG9e/fWuIFw0xMzExMjAwMjU5MzBaMCECEDzdNtDRLKAA +uDiwrHrsz2AXDTEzMTEyMDA5NTI1NVowIgIRAMv7Wd8xLeydms/4Tn2ctjYXDTEz +MTEyMDEwMDEzMlowIgIRAKRmgmteV8MvuRXvsS8/SgQXDTEzMTEyMDEzMTMxM1ow +IgIRAKwu1Ebd8OftmZZ7CeC2RrEXDTEzMTEyMDE0NDQ0OFowIQIQEL7upQPJuYK9 +MpMZFJUExBcNMTMxMTIwMTUxNzQ3WjAiAhEAlMIGmvj7DYU73GbHnmRkPBcNMTMx +MTIwMTUzMzI4WjAhAhB9xOFUfw7wpz6mGMlK7HBFFw0xMzExMjAxNTUzNTJaMCEC +EADr/N1AsUk4MaBWaDLUkR8XDTEzMTEyMDE2MDIyNlowIgIRAM4GowcTyVK63N4r +XVUvCJ8XDTEzMTEyMDE2MDIyOVowIAIPR2IE6cC2ma2xhVB8y3jXFw0xMzExMjAx +NjAyMzlaMCICEQCdUXyfrtLVEMhOjOc+0Ej/Fw0xMzExMjAxNjM2MjhaMCECEFDt +GN2DopO5khX0yKRN89wXDTEzMTEyMDE2MzcyNlowIgIRAKDX4lCrmbz3BDZlWMhb +YvkXDTEzMTEyMDE2Mzc0OVowIQIQKqE7/Hrbbspn264h7vqUeRcNMTMxMTIwMTY0 +MDE5WjAiAhEAq5J4pt/R5VFcC7lvYd806hcNMTMxMTIwMTY0MTM2WjAiAhEAkaxl +15ay91ETpxZ+5fLa2RcNMTMxMTIwMTc0MjIzWjAiAhEAqdInzd3e3ee/eGdzPwxR +sBcNMTMxMTIwMTc0MjMwWjAiAhEAlls8PHLKdGUcdOIilsm5XhcNMTMxMTIwMTc0 +MjM3WjAiAhEAzL/DuPX321mEcs/lV7HZ7RcNMTMxMTIwMTgwODM1WjAiAhEAhFe+ +5frvYjaP1aBo33NQRBcNMTMxMTIwMTgzNDE1WjAhAhBQSrONBg9Qcz0EOrxZLCw0 +Fw0xMzExMjAxOTQ1MjJaMCECEFeacJeVTxY2bMziSJANRf8XDTEzMTEyMDE5NDUz +MFowIgIRALZuQLlmhM/U1zOxIhGCf2AXDTEzMTEyMDE5NDU0MVowIQIQMiyCqmW1 +qt2e8Gva/uGQUxcNMTMxMTIwMjAzNjQ5WjAiAhEAkVj7ObeGWP1zNUebgDosQhcN +MTMxMTIwMjA1ODM2WjAhAhB/3UBUDUbuiU4308d6D1ZsFw0xMzExMjAyMTU5NTJa +MCICEQCTWqjg3Evs8HLM70+lqa/BFw0xMzExMjAyMjI3NTNaMCECEAHHztMuzFgd +uwCs9dY32tMXDTEzMTEyMTA1MzgxNlowIgIRAMydT9FVhPihMkBdaTGZNAcXDTEz +MTEyMTA2MjUwN1owIgIRALS2ky6BcauzpanQopm3db8XDTEzMTEyMTA5NTA1MFow +IgIRAO5jNBAloC9p2dD7n6WnX4EXDTEzMTEyMTEwNTAyNFowIgIRAMlPyNwAXt5q +KDo7KK8i/S8XDTEzMTEyMTExMDMxNFowIQIQTy9S+HK5xL0qsxMpOBp3HBcNMTMx +MTIxMTE0MjQ4WjAiAhEA+EjruDp4GdJqFFTHWlNU8xcNMTMxMTIxMTE1MzQwWjAi +AhEAi/TLR6PS3H+zfvuqHGiqVBcNMTMxMTIxMTM1MTU3WjAiAhEAsPTvk7jCG9NF +YvRNVKdfghcNMTMxMTIxMTQyNzUxWjAiAhEA4psudKcSbXo5qFyTHLTqexcNMTMx +MTIxMTQ0MTIwWjAhAhAL4cgTYpU9BXEZBV/5sxriFw0xMzExMjExNDUzNDZaMCIC +EQCfTpW7vZCPUAbOGftf7rKMFw0xMzExMjExNTI0MjJaMCICEQCjSyaFklzFs9nI +9QbjT6a9Fw0xMzExMjExNTQwMDdaMCECEG83Q/y1jCX6FDYVlY7BXJEXDTEzMTEy +MTE2MjgzOFowIQIQQbHjkz//z1BFyL6TQVIH8xcNMTMxMTIxMTcxMjQzWjAiAhEA +1LkdYl2fwT9xHCDd7d3ORBcNMTMxMTIxMjAwODA0WjAiAhEA37DqO1qz/bxs666v +4Of2BhcNMTMxMTIxMjA1MDM0WjAhAhA+hvRRMnkMTKdB9tLU7Zg2Fw0xMzExMjEy +MDUyMTVaMCICEQCBVYQ6pP6lYZ6hPciRLfw6Fw0xMzExMjEyMDUzMjBaMCECEGdY +7nNAeLOYdLqoxoyk1CwXDTEzMTEyMTIwNTMyM1owIQIQU/vvKpm0rNBzR8ib4To+ +fRcNMTMxMTIxMjA1MzI1WjAiAhEAqLxY3aGmEeHpM4hxZLj00RcNMTMxMTIyMDUz +NTU3WjAiAhEApHz1oQQOsLeNpkwmeIKpFxcNMTMxMTIyMDUzNjA3WjAhAhBXLp2r +toVvs5XkMatXq47UFw0xMzExMjIwNzA3NDRaMCICEQDN+f3FDBWSe5Fuf4UGV1GH +Fw0xMzExMjIwODI5MzRaMCECEHFrGxoDMDG4Oyx1BycejP8XDTEzMTEyMjA5MjU1 +NVowIQIQMFrBNZx3m74V1a7UXfqIxRcNMTMxMTIyMTAxMzM0WjAiAhEAsonqkwTB +Q0wODlrpmgQwtBcNMTMxMTIyMTE1ODI0WjAhAhBzSs7xWhYKINdGWx9zkKKaFw0x +MzExMjIxNDA1MDJaMCECEDAmv3TwJ43xx/Qf2Iq6ZjAXDTEzMTEyMjE1NDEwOVow +IgIRAI2MO+hwQK64NJyU2U/wK5QXDTEzMTEyMjE3MTU1NVowIQIQQMafCZpYfSc1 +0Bmr3uMeLxcNMTMxMTIyMTczMTI5WjAhAhA1D+Xd+lqHBPowu5ct6igCFw0xMzEx +MjIyMDI5MjJaMCICEQDzOTuWEXkFwVipcXl9RJ1dFw0xMzExMjIyMDMwMTdaMCIC +EQDfUVBZ/HW1zrbW5+qg0cJ2Fw0xMzExMjIyMDMwMzBaMCICEQCDArzZ2AQ3MEcx +JEoQxQj/Fw0xMzExMjIyMDMwNDZaMCECEF89Uyy2OJm3MDHyI+9cxfEXDTEzMTEy +MjIwMzIzMlowIQIQaqrnVbp4wGYnfoCBWMUbwBcNMTMxMTIyMjA0NDAxWjAiAhEA +rKf6fRieX9Nh12rfpwjgQRcNMTMxMTIyMjA0NDE5WjAhAhA0DIM1Yzd83wV02FmQ +14wBFw0xMzExMjIyMDQ0NDVaMCICEQCE02UbUYkVKmZroN44pebbFw0xMzExMjIy +MDQ1MDVaMCICEQCE8eVPZt4bHU7+VSOwl3GlFw0xMzExMjIyMDUxNTBaMCECEFcZ +dEUi8yVKjrrwglkdTtUXDTEzMTEyMjIxMjQ1M1owIQIQDCLNP5y3YmTiQyIbqFAt +JBcNMTMxMTIyMjEzNTMxWjAhAhBYcm6rtypcYnb5k0audBmHFw0xMzExMjIyMTM1 +NDBaMCICEQDgzWSXAT5TwIFWjlvcB3L/Fw0xMzExMjIyMTM1NDhaMCICEQC+VbfZ +6rNl/0lQU/2a7UhcFw0xMzExMjIyMTM2MTRaMCECEAkdlgXoGGGlwnyaFUq2hIEX +DTEzMTEyMjIxMzgxMVowIgIRAJepd8+9VKl2LCg6ZRky5xYXDTEzMTEyMjIxNDA1 +M1owIgIRAMlqfxnjkE7S8bOGaqEEKn0XDTEzMTEyMjIxNDI1NlowIQIQffY/GctE +mLHtAZZwRJ31dRcNMTMxMTIyMjIzMzI3WjAiAhEAvkwOa5YRHa/cOIS1jW+yrxcN +MTMxMTIyMjMwOTA1WjAiAhEA9GgfTmRHJqNJG0Y4G/T0MxcNMTMxMTIzMDIxMzA0 +WjAhAhAsQnezHxhKFUI6e/13BuWFFw0xMzExMjMxMTUyMDBaMCICEQC2Bfo4C7HM +ybxUHhpawBDkFw0xMzExMjQwMjEzMDlaMCECEDlsmJMaVBIR6GvO3fFIc0MXDTEz +MTEyNTAyMTMwNVowIQIQL7eRw5u6NaDjO0HmFShZ5BcNMTMxMTI1MTIxOTUyWjAh +AhBwhsqbdkLmy4UsgL3Y6E0PFw0xMzExMjUxNjEwNTJaMCICEQCYfBOT3u7RH5Rx +G/oHyflFFw0xMzExMjUxNjE5MzdaMCICEQCwcqYOBdHmzWaEE7u28iu3Fw0xMzEx +MjUxNjI4MjdaMCECEAGC6yLTfqdzNCBAM/nUivYXDTEzMTEyNTE2NDM0NlowIgIR +ANHPYm8AhAi1Hs+B/WTSes8XDTEzMTEyNTE3MzM0NVowIgIRAKYg+i4C98ou2IkS +6eiwXz0XDTEzMTEyNTE3NDgzNlowIgIRAMFSUioPPrBZMyOPaWJXzucXDTEzMTEy +NTE5MjYwNFowIgIRAMplzxxnkKNkp/8qkXAZsO0XDTEzMTEyNTE5Mzk1NlowIgIR +ALai3vCrOcQxQaf1uS7gg7oXDTEzMTEyNTIxNDM0MlowIgIRALHzRf50/4bfVcLZ +K3MitqsXDTEzMTEyNTIyNDUwM1owIgIRAOBzWXmjuN266ONaiOAcfckXDTEzMTEy +NjAwMTcyN1owIQIQDC+FbNtQHLW7XL8OZJWmQRcNMTMxMTI2MDIxMzA0WjAiAhEA +5EHInqYMyA8RdMUFQSKP+hcNMTMxMTI2MTMwMjI3WjAiAhEA+YDFetFDPZGursiv +Ls/E2xcNMTMxMTI2MTMwMzE2WjAhAhBpmnr8WOmCwcksCkDARX5kFw0xMzExMjYx +MzA1MTRaMCICEQDS3k1l085fUqNU99WIggSsFw0xMzExMjYxNTA0NTVaMCECEH8P +PNFgmSYSkpzwxCXOTJYXDTEzMTEyNjE1NDIyOFowIQIQM+f2IFngh4UBqugedT+N +3BcNMTMxMTI2MTYyMDM1WjAhAhA1y3wpMw76rwpZd6gGgfS6Fw0xMzExMjYxNjI3 +MzdaMCICEQCs/jp/dAM+RvcvD/j10koIFw0xMzExMjYxNjMwNTlaMCICEQCtlhPy +zGDEu2wzhlzWjPFgFw0xMzExMjYxNjU2MjhaMCICEQD+fNnVY5LJJ7P3jb7mK2E0 +Fw0xMzExMjYxNzExMjFaMCECEEVzvhGoRBD6YFSowszbY4IXDTEzMTEyNjE3MTIz +NFowIgIRAJu3tmqd8KqJreRzx2BsF04XDTEzMTEyNjE3MTM1MlowIgIRAINBEcbE +R56uM0KXnUb2+gcXDTEzMTEyNjE3MTQwNlowIQIQft18JKkUJmK6FNQ7hDQu2xcN +MTMxMTI2MTc0MDU5WjAhAhBQCXXsB4RuhiPZbdIHbK6VFw0xMzExMjYxNzQzMzla +MCICEQDrwRFFGFPzqlmWSqBKpGVtFw0xMzExMjYxOTI4MzdaMCICEQCufEOprt2P +cOI8++c7T3HTFw0xMzExMjYyMDE4MjlaMCECEF+0ubfADivov4UijGyG/18XDTEz +MTEyNjIwMTgzNVowIQIQGnheIzRAOK5citA5YbhizRcNMTMxMTI2MjAxOTE1WjAh +AhBT1bMyxJaYXexXp4HHZCInFw0xMzExMjYyMDE5MjlaMCECEHnlRCEX+Avqx/cu +XBZaywcXDTEzMTEyNjIwMzMxMVowIgIRALADKoSgVMd72KPOOv8APwsXDTEzMTEy +NjIwNDI0N1owIgIRAJ0UcejVowAe5FTb9i4uWZIXDTEzMTEyNjIxMTkwNFowIQIQ +aviouYOyYX3tW2eoNV/+UxcNMTMxMTI2MjIzODIzWjAiAhEAvPrmH06CcCYJ81tB +UuN4NBcNMTMxMTI2MjMwMzIzWjAiAhEAn4527KFFk+BvgKSXq7OCdhcNMTMxMTI3 +MDkwNDQwWjAiAhEA3WCfbBnivGRBRb2pGDsdGRcNMTMxMTI3MTEyNDQwWjAiAhEA +j0Os+TFQnAF9gtSI7fKrtxcNMTMxMTI3MTQyNTIyWjAiAhEAvLLkRBV5cQypgVpu +UsfvQRcNMTMxMTI3MTQzMTAwWjAhAhAa/1F25f0CwFqUOX/Qj58qFw0xMzExMjcx +NDMxMTBaMCICEQD7HeT3wIWDxisCT2Z35UTRFw0xMzExMjcxNTMzNTRaMCICEQDC +qbLTs01dLI9BbKgW1ayWFw0xMzExMjcxNzAyMTBaMCECEGq4YRRB2TPlpP+joV6u +gFkXDTEzMTEyNzE3MDIxNVowIgIRAPL2s2ST4XQxF2ClXN+3AhgXDTEzMTEyNzE3 +MjAyMlowIgIRAII02eBz3bIa3QopGAL8FOcXDTEzMTEyNzE3MjEwM1owIQIQaIl+ +Ctdsq65zmmAd+77QGRcNMTMxMTI3MTc0NTQxWjAiAhEArFWyCenrfqqQMqwIcHCH +9BcNMTMxMTI3MTc0NzIzWjAhAhAardJQ3BdgWb12gmniVmCRFw0xMzExMjcxODIx +MDFaMCICEQDpNWqhVK4ubRvG8X1IIUirFw0xMzExMjcxODIxMTNaMCECEGesZoY0 +KZxAZkORshSQLU8XDTEzMTEyNzE4MjE0OFowIQIQJY+WrFoE1BXbT2DGLKxUcxcN +MTMxMTI3MTg0NTUyWjAiAhEAuaSKMlGAvKj3vTyP64eA1xcNMTMxMTI3MTkzMTM3 +WjAhAhAPkjGdz+wVlRC+eAQgu0eYFw0xMzExMjgwNzQ2NThaMCICEQC2pAmF+FY7 +4Jne8zyiYY7iFw0xMzExMjgwODA1NDlaMCICEQC7QqttndSlJEJa7xLavehDFw0x +MzExMjgwOTMwNDRaMCECEBnSQ9fpLxdzI1l5rj/YjkUXDTEzMTEyODEwMzgxNVow +IgIRALLxhadbNT3im14LF6BZMGgXDTEzMTEyODE0NTQzNlowIQIQJobFqvE3y5bG +OXQpzRFHchcNMTMxMTI5MDIxMzA0WjAiAhEAvjWBhdzT81eVH8jfIRGbXhcNMTMx +MTI5MTAxMzMyWjAiAhEArBz2NyGpxJbUqOpih2Wc1RcNMTMxMTI5MTQyNTI3WjAi +AhEAzj1e57RaFdgJaZeTZbU6dRcNMTMxMTI5MTYxOTEzWjAhAhAawOMqVzy8SZAE +HwwivtpbFw0xMzExMjkxNjE5MjRaMCECECBq8KBchgBvgENSTImVc7gXDTEzMTEz +MDAyMTMwNVowIgIRANykBCmayzwoiPPVxGVn1fQXDTEzMTIwMTAyMTMwNFowIgIR +AMxpI224qOpzRMr2ToOk6ygXDTEzMTIwMTAyMTMwNFowIQIQc+1EQzt+MDeOgOYm +ibzdVRcNMTMxMjAyMDIxMzA0WjAiAhEA/cDG7MDk+eY4x/f8I31CyRcNMTMxMjAy +MDgxMDE5WjAiAhEAmBISdgifUxdhWxP4qfpwmhcNMTMxMjAyMDkzNjAyWjAhAhAk +6dwNZMB3B0EjUV+HbgvaFw0xMzEyMDIwOTQxNDFaMCECEDB1S9TyWRc0B7WNeY8a +Wb0XDTEzMTIwMjEwNDkyNVowIQIQSJefTiXNGEARvzRLOOsAZhcNMTMxMjAyMTEy +MzA1WjAgAg8Cr4GpMzIHZfClXQY+21cXDTEzMTIwMjExMzAyNFowIQIQKrB1H0OV +TBgNkVQhvglNgRcNMTMxMjAyMTE1NzU1WjAhAhBuubo6IgNp2GaEE9Cb4buZFw0x +MzEyMDIxMjAyMzdaMCICEQDH5y9kpLjkufVW8W1DelRcFw0xMzEyMDIxMjExMjRa +MCECEHuvEYWtwNf1fOL8wPpSuD4XDTEzMTIwMjE0MDc0N1owIQIQMESUIHxjUJYg +NO+6VnwB+BcNMTMxMjAyMTUxMjUwWjAiAhEA/QtHxS7WLTee059v+eJi6RcNMTMx +MjAyMTYyMjE5WjAhAhBChA0HAUTsibvbOUih3qUhFw0xMzEyMDIxNjI0MDBaMCEC +EHdQ+GHeeK+UlnT3KEFo4rsXDTEzMTIwMjE3MTkyNVowIgIRAJv26ptJbNeHQfUv +ySSO/nYXDTEzMTIwMjE3NDgzMFowIQIQfzgpPnBy3xcuEf0yHvApDhcNMTMxMjAy +MjEwMzIzWjAhAhAatTDiMTQw0gi8TN7an1KlFw0xMzEyMDIyMTIxMjBaMCECEDRn +4PvlFgBGacKPD0cqJXAXDTEzMTIwMjIxMjIwNVowIgIRAIjmfn02f5oQOsl9cUv5 +hQMXDTEzMTIwMjIxMzI1M1owIgIRAKF92whLeHelQ6nBR1aE+dwXDTEzMTIwMjIx +MzM1MVowIQIQG0hAqNp5zyDUCopig4EKPRcNMTMxMjAyMjIwOTQ3WjAiAhEAh34Y +eXswIQdV3CE1IoRXMRcNMTMxMjAyMjI1MDA0WjAhAhA4CfaIlJ9ds/7vrKW1HYeB +Fw0xMzEyMDMwMDU5MTFaMCICEQCsN5P+On+LGljMb+zYqPAcFw0xMzEyMDMwODA1 +MDZaMCECED2bErhC1h7YeyQuuWqNcnoXDTEzMTIwMzA4Mzc0NFowIgIRAPcQym3S +VwlLGO+rviLdXfkXDTEzMTIwMzA4Mzg0MFowIgIRAOTZxkR/+EFbinNzJX2GeLgX +DTEzMTIwMzA4NTcyOFowIQIQCiCjTiYa02fy+3vQIuwxlhcNMTMxMjAzMTAyMzEw +WjAiAhEApdlUcKzH12A4iTMqCt69hxcNMTMxMjAzMTAzNDI3WjAiAhEAy5fFjORa +dVA6Hhvxhf+omRcNMTMxMjAzMTQyMzE2WjAiAhEA/76hoEQjWP1zz6U4Nzva7xcN +MTMxMjAzMTQ0NDU4WjAhAhA61O5jT5rog2aw5vOj1sjAFw0xMzEyMDMxNDQ1Mjha +MCICEQCm4KcfrO0O7Q5F+eznDOGJFw0xMzEyMDMxNDQ1MzVaMCECEHUMYBz527XX +Si76nHLZrnAXDTEzMTIwMzE1MTA1MVowIQIQLTk+NrENXYrcbqHugwD6sRcNMTMx +MjAzMTUxOTExWjAhAhBPhuCMbn6d0i2GgPaYEj/OFw0xMzEyMDMxNTM1MjJaMCEC +ED/6ZKQzmWTXRszVx1dc7QAXDTEzMTIwMzE1MzU0MVowIgIRALYB3xRuHE2BJqN9 +U5xQFUUXDTEzMTIwMzE2NDcyMlowIgIRAKSZftVaoPrGMZy69mnC5bMXDTEzMTIw +MzE2NTg0NlowIQIQUiAls9ZXHTNAiYWzm/fE0RcNMTMxMjAzMTcxNzAzWjAhAhBL +hImI/bOdY2otqpfT1jbgFw0xMzEyMDMxNzI1NThaMCECEH87RqvV5lglpe8O7ccj +0KQXDTEzMTIwMzE3MjYwM1owIgIRAMM9ixDkJfWkRR/RSSGwdNoXDTEzMTIwMzE3 +MzM1MVowIgIRAMTT5YxTj/qvzqib1Jmr4GQXDTEzMTIwMzE3NTYzN1owIQIQYQMN +J1Yr9bjxS7oUnJOx4BcNMTMxMjAzMTc1NzAyWjAiAhEA6hOmuWrxp07ob1XjXgmY +5RcNMTMxMjAzMTgwMTM0WjAiAhEAinhPS5SicZwvkhlIqMc6vhcNMTMxMjAzMTgy +NDE2WjAiAhEA35Zsf727S5SB5s0LvoH/1BcNMTMxMjAzMTgzNzAxWjAiAhEAlsU/ +EuKOaBmeshQUN3yWCRcNMTMxMjAzMTg0NjI5WjAhAhB8/ocsvFcyHYtq3ohY0lrI +Fw0xMzEyMDMxODU3MzBaMCECEBR03Kt7RgCYe87gNimwE2cXDTEzMTIwMzE5MDY1 +M1owIgIRANvkgBbBOEbQjcb50qBCCR4XDTEzMTIwMzE5MzQxNlowIQIQaGhf9p3K +XBNhaorXD/JfWxcNMTMxMjAzMjAyMDMwWjAhAhA/Pn3SlSMKqchZxRWJ4O1qFw0x +MzEyMDMyMjI3MzhaMCECEH7vTnhirGjRfQ3OhBRro7MXDTEzMTIwMzIyMjc1NVow +IQIQS9HeNjaxSNfHuTSG8mx5lBcNMTMxMjAzMjIyOTQ1WjAhAhBXZS/H/g0THYCN +z2x6Sk3gFw0xMzEyMDMyMjI5NTRaMCICEQCwANouroeGlK60B7P7h4FxFw0xMzEy +MDQwMjA2MjRaMCICEQDJ02TwgXA56lq2MY+Ri4L7Fw0xMzEyMDQwMzU0MTBaMCIC +EQDpSP9AUWzFWIjTyp/OL45eFw0xMzEyMDQwOTE4MjJaMCICEQDGvPdBWpxoLt0g +OQoeg3xaFw0xMzEyMDQxMTE4NDlaMCICEQCnZgMhVnGlZgaCiLbft3pvFw0xMzEy +MDQxMTU5NTJaMCICEQDyysqQ2QwzMS0TGNfVixfXFw0xMzEyMDQxNDMzMzhaMCEC +EBErMBhB8hv6Yp10qot4wSwXDTEzMTIwNDE0MzkzOFowIgIRAKIrVi5NMMWlzFym +KSwMLDMXDTEzMTIwNDE1MjEyNVowIQIQb9nJ1zZSpalouLYOnmCxQRcNMTMxMjA0 +MTUyMTMwWjAiAhEAgsn6Ceoaou4DrEeDWF3x2hcNMTMxMjA0MTUzNzE5WjAiAhEA +iwz9k45kAjaoMTu7817G5hcNMTMxMjA0MTUzODQxWjAhAhBJ9B7mMvTgEWj0yJl6 +idkhFw0xMzEyMDQxNTQ4MDBaMCECEH7NATgaBKlQEszX/KCMvhwXDTEzMTIwNDE1 +NTkwMlowIgIRALLM1JHyGngHzbRKcok4O68XDTEzMTIwNDE1NTkwMlowIgIRAMkw +tKbkc9DH1VUZmc1vefAXDTEzMTIwNDE2MDQxN1owIgIRALnmsN65I9tod2McAmAR +TRUXDTEzMTIwNDE3MTgyMFowIQIQEk+dMiJZjVRtb0eEcOpF/hcNMTMxMjA0MTk0 +NjA5WjAhAhB1Ng9Szd/etYpUUci6/u1qFw0xMzEyMDQxOTUxMTRaMCECECacEhdC +20aVSP0+LrwqX0wXDTEzMTIwNDIwMzU0N1owIgIRAK7nmLBXEJR3jX0JZqnExvoX +DTEzMTIwNDIxMTE1NFowIQIQGxUoi0RTwGwAPzxjFljbqRcNMTMxMjA0MjEzNzI3 +WjAiAhEAounE18gwI0CBjXUUeUe2vxcNMTMxMjA0MjE1NjMwWjAiAhEA0lebnNxV +JPlgSWkOejJ/CRcNMTMxMjA0MjIxMDA3WjAhAhBfwok6oIXnq/xKC1F2523GFw0x +MzEyMDUwOTE2NDhaMCECEHcMDhwcRen4P3nhIApQQZIXDTEzMTIwNTEyMzU1OVow +IQIQLz8kYHOfAOzLgIamwA5e7BcNMTMxMjA1MTM0NTUzWjAhAhAHWu1XWWS4OAXm +eL7IxhAHFw0xMzEyMDUxNjQ5NDlaMCECEG6+3523vr7/qPhOjYjXMxgXDTEzMTIw +NTE3MTEyMlowIQIQe3B86xQivxpzWU6/RpZ28xcNMTMxMjA1MTgzODQ1WjAhAhAW +U/dcu1NJ+1DMl3f4lcXSFw0xMzEyMDUxODM5NThaMCECEFDV4AD9btHzY6BnC0j1 +ToIXDTEzMTIwNTE5MjExM1owIgIRAPu6RNtdm6dG5dHM3m2DohoXDTEzMTIwNTE5 +NDE0M1owIQIQBTTFogY2aZ+NDWs4Z93vIRcNMTMxMjA1MjAyNTAzWjAhAhA6c8yA +3xZHHLO8Ehkg6hJjFw0xMzEyMDUyMDI5MDlaMCECEEjbwHsdeV8+AgeoEoCS4GYX +DTEzMTIwNTIwNTcwNVowIQIQVLY1vP487XBg2lcYUVACXRcNMTMxMjA1MjEyNDQ0 +WjAiAhEArnfVtbiO2Z7KSNFV+5gUJhcNMTMxMjA1MjMyMDE5WjAhAhAasi/MfWx6 +9uQRPz0MXpX/Fw0xMzEyMDYwMjEzMDZaMCICEQD6889KUXlkBNvYaRg6AA7CFw0x +MzEyMDYwODE4MjBaMCICEQDNmxThPVuktP/ghxsIRtMIFw0xMzEyMDYxMjU0MzNa +MCICEQDxJG9tiWlTi6sgDGNt0H62Fw0xMzEyMDYxMzQ3MjJaMCICEQDignvzWn1w +9s1Sq1gS3ecMFw0xMzEyMDYxNDM3NDhaMCICEQCjcgv8FlKVIEtQHEFYMYT4Fw0x +MzEyMDYxNDM3NTVaMCECEAVJ5H4a/5plIPGx1hoLt9QXDTEzMTIwNjE0NTc1NVow +IgIRALb1iETrA9FyTp7HoFFlGm0XDTEzMTIwNjE1MDYyOFowIQIQTPrHFEmibBSf +wNT6BosSEhcNMTMxMjA2MTUyNjAyWjAhAhAVooiL4ks+vgHN+j1au6DVFw0xMzEy +MDYxNTQ5MDFaMCICEQCBzKfxsR0GaeoJeUZCRTpeFw0xMzEyMDYxNjMxMzhaMCIC +EQDJInsipaTwRSS+N4Tn4R8SFw0xMzEyMDYxNjU3MTdaMCECEBxkOFshpLYiDBH/ +UnwebbAXDTEzMTIwNjE4MTExNlowIQIQDzlWVE0YmljLcj3xFGOPbRcNMTMxMjA2 +MTkwNzUzWjAhAhAnBTeX8TLeXpg1Lz1Yxje0Fw0xMzEyMDYxOTEzMzRaMCICEQD5 +yy6hbXwslxCSwAFeGaTGFw0xMzEyMDYyMDAxNDFaMCICEQD2s1Txdy/uAnfv+aAC +37uIFw0xMzEyMDYyMDExMDNaMCECECQLUnza0ZCSTehCVsOoNbQXDTEzMTIwNjIx +MDExNlowIQIQTeJyojsei/3m3xAEnOV4VxcNMTMxMjA2MjEyNTQ1WjAiAhEAgahF +Q8CZautg7g27FEGMtxcNMTMxMjA2MjE0MDQ0WjAiAhEAvtFE6hx10IcdUdqB9uH8 +RxcNMTMxMjA2MjE0NDUzWjAiAhEAuhRzXOI07BLnwQ9mqqxeNxcNMTMxMjA3MDIx +MzAxWjAiAhEA93Rqu/ixRF5UAh3oR3flGxcNMTMxMjA3MTAyNzI2WjAiAhEA85ya +fFI9f+YjUxH2vhNu/RcNMTMxMjA3MTQyNTU3WjAiAhEA2Bu/TFY8LXK/6sLwp0Zw +5BcNMTMxMjA4MDIxMzA0WjAhAhBVHm3FKcX/MqE7kRS1PAXwFw0xMzEyMDgwMjEz +MDRaMCICEQDV+vTMHeAN5t3tqyesqjhbFw0xMzEyMDgwMjEzMDRaMCICEQDffLkA +oXOUSYjTP+lDEgdnFw0xMzEyMDkxMTU3MDFaMCECEFa0feNkw3/Qj/O8i8JsNCAX +DTEzMTIwOTEyMjk0N1owIQIQCtQUJjdBejpRdpIFwx2PlhcNMTMxMjA5MTQ1NTAx +WjAhAhBXlrB6kXPzcYfTEzG9OXqEFw0xMzEyMDkxNTIwMTJaMCICEQCDMBgvWki1 +q7My9BNXXku5Fw0xMzEyMDkxNTQ5NTBaMCECEEXYDeuvfq8URNRIkr2gF/YXDTEz +MTIwOTE2MDAyN1owIQIQBP03fXUhj66BrxGo8XzSWxcNMTMxMjA5MTcxMjQ5WjAi +AhEAmbhocDOtuXopH1qNnKj66xcNMTMxMjA5MTczNTIyWjAiAhEAmfXy5aqMTqp6 +rQ+hwMOzIRcNMTMxMjA5MTc1NDQ5WjAhAhAyWF8x6XkE/BMhmJO55QgmFw0xMzEy +MDkxNzU1MDhaMCECEAjb4as2Qi1h9+bq8q7VVIEXDTEzMTIwOTE4MjMzNVowIgIR +AITq50PpY2LuJxE8fvAVRBUXDTEzMTIwOTE4NTQyMFowIQIQS55YOTHM7IAjuFag +vtakCxcNMTMxMjA5MTkyODQ5WjAhAhA552pzSwkd6i/UmtsAswKOFw0xMzEyMDky +MDI0MDZaMCECEDqrjMxBL46FeNpZH20kV0UXDTEzMTIwOTIzMDcwOFowIgIRAL0z +gLSr5W3b0tlATfBW0coXDTEzMTIxMDEyMjgzMFowIgIRAMtC/Z8Hrw1PKgB91EEg +HakXDTEzMTIxMDEyMjg0N1owIQIQRKDphLYaPYAQxL6vrmMYaxcNMTMxMjEwMTMy +MDM2WjAiAhEAwwG7nn7J3Z2eHSs/LW6CbBcNMTMxMjEwMTMyMTEzWjAhAhBqZJ2f +4HKGRq2NYR3ZcUwrFw0xMzEyMTAxNDU3MTFaMCECEC1ZTP0FtJpQk6pYF8vzb9gX +DTEzMTIxMDE0NTcxM1owIQIQGS+b7EFkGxeIe7uV5ayMqxcNMTMxMjEwMTQ1NzE2 +WjAiAhEA9ZxFB+vBagHFMKRR2eWzpBcNMTMxMjEwMTUyNDM5WjAhAhAixd+JXDeX +HXj2fchyJqEJFw0xMzEyMTAxNjAxMDJaMCICEQCrGNWJiC/tn0c5oYWA8bgRFw0x +MzEyMTAxNzUzMzhaMCICEQCzJYGtiEp4Gn/wG66uX6PgFw0xMzEyMTAxNzU4Mjla +MCICEQDooOO5wLJhD9nbGfNhX4VDFw0xMzEyMTAyMjAwMThaMCECEDckxjH16J/3 +kEe54HRBRxMXDTEzMTIxMDIyNDAyN1owIgIRAJ+mlCRmu04XOC7xAxAvdbcXDTEz +MTIxMDIyNTg0N1owIQIQSYctqyNq2WlhrP8WcaEh+BcNMTMxMjEwMjI1OTE4WjAi +AhEA1mFxqz7zt/vCv6sV1upKMxcNMTMxMjExMDEzMzI2WjAhAhAlMQGPlcRhvp0P +7s4NnKbTFw0xMzEyMTEwMTM0MTFaMCICEQCfonDI7HzZ/TKTKeTAJ9jfFw0xMzEy +MTEwMTM0MzRaMCICEQDz52aTpwdJ32p0ZlIUTWu0Fw0xMzEyMTEwOTEyMTlaMCIC +EQDO62idxhKrzNauwN5T5xnmFw0xMzEyMTEwOTI5MDBaMCICEQDPY5rjF/UXzJkS +F2EMuwfKFw0xMzEyMTExMjU0MzFaMCECECV4rUdyK/6gw2vqW9/4lSUXDTEzMTIx +MTE0NTExNlowIQIQW3ee4d5i0zhdnauQrJalqRcNMTMxMjExMTUwOTIxWjAhAhAb +ycFzPU15pBEfcAaRIgN1Fw0xMzEyMTExNTM0MTVaMCICEQCVO4/ZMtt7m2K0v8Oy +LTrnFw0xMzEyMTExNzU5NDRaMCICEQDJUxmFkLBglE/NqbhDuunEFw0xMzEyMTEx +ODQxNDVaMCECEAixEZgtKnfJRT16yT/wWNsXDTEzMTIxMTE4NDMxMFowIQIQRldX +Rf7zWVQxSubAcYEABRcNMTMxMjExMTg1OTIxWjAiAhEAxcUbCu1OHv7Qams4WD22 ++xcNMTMxMjExMTkwNzE1WjAhAhBWH2vCXUQ6QSJRBxvzX70TFw0xMzEyMTExOTE4 +NDJaMCECEHdzX0TGNunaL+p0QFTmsKoXDTEzMTIxMTE5MTkxNVowIQIQPC2tuBPw +knhQ9b0mAIPilhcNMTMxMjExMTkyMjAzWjAiAhEAhgW1VU/agMXOv/3hTgqdYhcN +MTMxMjExMjAwNjQ0WjAiAhEAhMmYJNV8tWduf6/6D+IfRhcNMTMxMjExMjExNDI4 +WjAiAhEA3B5AH1h+gm58RfzkAZ0NJBcNMTMxMjExMjEzMzAyWjAhAhARqFtb/34Y +iYN7mC9UZtQMFw0xMzEyMTEyMTM2MTlaMCECEAjAHE17uD75Oa92CMyX/mEXDTEz +MTIxMTIyNTExNlowIgIRAOs2cLutU8JQeoAw4Hli7ocXDTEzMTIxMjEwMjAzOVow +IQIQHPiPG8YwD0WMuo6doljYHRcNMTMxMjEyMTM0ODU0WjAhAhBpJqxVcdzRzV6d +mCOt9z1LFw0xMzEyMTIxNDA5MjdaMCICEQCi6BIvh92WRTJhoLJky4cUFw0xMzEy +MTIxNTI4NDBaMCECEEplv0jqykKpr35Ez+7Wyz4XDTEzMTIxMjE1NTYwNFowIgIR +AMk8YuXMKRy4E3fqoNyupAMXDTEzMTIxMjE1NTYzMVowIQIQKtQBNkd/WFDllU1J +SIhuwxcNMTMxMjEyMTU1NjQ0WjAiAhEAo3Z5ngujzhZMr+LLNEUe7RcNMTMxMjEy +MTU1ODA2WjAiAhEAuGUpe7BVMRH/jw07FY/oyxcNMTMxMjEyMTYwMzMyWjAiAhEA +kgmRBYywneYYKz+LQxLnZxcNMTMxMjEyMTYwNDI1WjAhAhBJ4s/HgZMtepFwil9U +iY0KFw0xMzEyMTIxNjA0NTJaMCICEQD+Vrkr1oBxOT533V7wBpS1Fw0xMzEyMTIx +NjA1MTJaMCECEFjoq+/ISHrfzYhP8W1FnLIXDTEzMTIxMjE2MDU0NVowIQIQCxhB +fKdoXLHUP8cV2ExkZRcNMTMxMjEyMTYwNjA0WjAhAhAmaTQHj21gT2f6kDsV7J3m +Fw0xMzEyMTIxNzEzMjdaMCICEQDgifKrpm8NOjNp1hIMS+BfFw0xMzEyMTIxNzEz +MjlaMCECEECfmXHJWp1MB5zZrm/QscAXDTEzMTIxMjE3MTMzMVowIQIQIxOqhyzs +Wtr4RshrMhztSRcNMTMxMjEyMTcyNzQ1WjAiAhEAnEKs2B9gC6d64f0lrEkiJRcN +MTMxMjEyMTc1MzUwWjAhAhB/ZFL/o+NAVJeTVZHNJrCsFw0xMzEyMTIxODQ5NTZa +MCECEG0TL2Fn1FgfSEWrVy0gNrgXDTEzMTIxMjE5MjkzMlowIgIRAOC2JOy7qp9T +ukvaSTA6QNQXDTEzMTIxMjE5MzQ1N1owIQIQcqtcOMqH1uHCoc9kMWeVJRcNMTMx +MjEyMjA1MDA4WjAhAhB1nKNsesp65LZPUXWmrcIkFw0xMzEyMTIyMTE4MDhaMCEC +EDB11hgV8ilb/NN5W7XpVzYXDTEzMTIxMjIxMTg1MVowIgIRAPv37qg0l+NbnkoK +6mSfh0IXDTEzMTIxMjIxMTkzNlowIgIRAJsm0FxPguXVmn0Bekg1fXIXDTEzMTIx +MjIxMjIzNFowIgIRAPDzCLirwIFITudDMN3p2FQXDTEzMTIxMzA5MDc0N1owIQIQ +b2tkAQehbYZltM08+zke/hcNMTMxMjEzMTEyMjAwWjAhAhAK8eREhIYv5FatfeY3 +xT4TFw0xMzEyMTMxMTIyMzZaMCICEQC5Aw42+ouDoamasEwNeBZfFw0xMzEyMTMx +MTQwNTdaMCICEQCFtj1w+9R0YUDiLTUMV6oEFw0xMzEyMTMxMTQxMDRaMCECEDBl +risJdpFkhXGDLZDgZpgXDTEzMTIxMzExNDEzMlowIQIQJNsesFh0fkIDWNP+cwAs +RBcNMTMxMjEzMTE0MTM5WjAhAhB6Tq4/6FlakoiBpjDM+I15Fw0xMzEyMTMxMTQ0 +MjBaMCECEGMRbfPR6M3JN2E7Q228XoMXDTEzMTIxMzE0NTIyN1owIgIRANk1w/mc +9ybcjQpELR8dJ30XDTEzMTIxMzE0NTI1MlowIQIQNqL3SSxUkMUlv8Wz//33hxcN +MTMxMjEzMTUwMzA1WjAiAhEA4zPoZPVFLoTa3cw781gsqxcNMTMxMjEzMTUwMzI4 +WjAhAhAZ2RsaegxK74ctj63EgKK9Fw0xMzEyMTMxNTAzNDlaMCICEQCxtqK2Uaz5 +CgLN0QBvnjctFw0xMzEyMTMxNTA1NTRaMCECEDyRw/sAGQaTCjTBpvrvfmcXDTEz +MTIxMzE1MDY0MlowIgIRAM54NrY7ZlOYMvPBHjApX58XDTEzMTIxMzE1MDcwN1ow +IgIRAKjtHWfPaM/9fOaWAH8oJFkXDTEzMTIxMzE1MDcxM1owIQIQJubs0it8asXV +lv4Qn7ORjxcNMTMxMjEzMTUwNzMzWjAiAhEA6zTOQ9oR5c0Z2fBgAykUgRcNMTMx +MjEzMTUwODE0WjAhAhANegXJxvZWtJOXOp2Yit8FFw0xMzEyMTMxNTQ0NDJaMCIC +EQDDNpjxDvViI/OZdTn6zRAWFw0xMzEyMTMxNTQ2MzdaMCECEGQa+R7uTEgXZuAp +JrU9KpMXDTEzMTIxMzE2MjcxMFowIQIQHLhsBfuBcTJqSqKDJUxIPRcNMTMxMjEz +MTYzNTU2WjAhAhA1TSM8ILsA6Xa9NPFmDCHxFw0xMzEyMTMxNzI0NTZaMCICEQCz +JktMTwECE92r/dgUZp9JFw0xMzEyMTMxNzI5MDZaMCICEQC6wiknDqy+DGk2h3Vt +Ufx5Fw0xMzEyMTMxNzM0MjJaMCICEQCI9glxP1weNvtDC08Nj8XsFw0xMzEyMTMx +ODIwMjVaMCECEFUictKf2l/Vs9trnPosR4EXDTEzMTIxMzE4MjA1MFowIgIRAJWD +vobuwthqcJDehd9QB2wXDTEzMTIxMzE4NTUwNVowIQIQPNSrw4DRDFbP/bIZLQb9 +qBcNMTMxMjEzMTkyMzM5WjAiAhEAw6CKRwqrmGtkmSMevXR1ChcNMTMxMjEzMTk1 +NDM5WjAhAhBBtEFEWbHW5sNqQihxt3mdFw0xMzEyMTMyMDA4MjZaMCECEGuoe/o6 +w5uJot7cw/VpbRsXDTEzMTIxMzIwMTU1NVowIQIQCvTxfKxotDDCrk2c/6Cf/RcN +MTMxMjEzMjA0NjIwWjAiAhEA4d5sPTGcDQJW8HasDiEh2xcNMTMxMjEzMjA0NjMw +WjAhAhBR8wIsUTzJG+KoDbyfYUT8Fw0xMzEyMTQwMjEzMDRaMCICEQC7UWCePzc6 +MWM0I3lsJ4o2Fw0xMzEyMTQxNzQ4MDlaMCECEFij2AiMz9cD0x1sLedPa4IXDTEz +MTIxNTAyMTMwNFowIQIQIBgP4aqaHhdj3Rs/0wSkFRcNMTMxMjE2MDQ0OTEyWjAi +AhEAiwuJDSdC1C9REUZdVHlr+hcNMTMxMjE2MDgwMDI3WjAhAhB9Mr+FBlc2qsUV +vem7/HE9Fw0xMzEyMTYwODA5NTFaMCECEFfLR+IN6SdtTyWfaZFEu8cXDTEzMTIx +NjA4MDk1N1owIQIQJL77SMAE4yCp+/HRiUUheBcNMTMxMjE2MDkyNjE3WjAhAhB4 +JE6/YVwyvEtxYL0efC+fFw0xMzEyMTYxMjE2NTFaMCICEQCrue0tAw4RQrLWDzTa +7m0zFw0xMzEyMTYxNDQwMjZaMCECEEQSWUAEwVemVXrQ41xqUZ0XDTEzMTIxNjE0 +NDgxNlowIgIRALogtfKctr6fAWcY4eVfDg0XDTEzMTIxNjE1MjMwOVowIgIRANeI +IbMoxLwGdkT+Hqhvye8XDTEzMTIxNjE2MDkwN1owIQIQbJT4m8r5/8JWamfGqDbd ++xcNMTMxMjE2MTYwOTEwWjAiAhEAqW7Ha6cLyR11GPVzZrsG5hcNMTMxMjE2MTc1 +ODQ5WjAiAhEAnVzi0QM+eOfmTU5yLcyUZhcNMTMxMjE2MTgzMjA0WjAhAhA0Vmsl +ukR+AiR+TPvM/eAvFw0xMzEyMTYxODQxNDVaMCECEBdD5jXyZL5O4lLJ7gvEfRYX +DTEzMTIxNjE5MTM0MVowIgIRALXd/52lR5YOmy2cOdEjbVQXDTEzMTIxNjIwMTgx +MlowIQIQPIpIKQcyo/+Fs+hX9RdbqBcNMTMxMjE2MjEwNTE1WjAhAhAH5mXewBCS +HbQlnEOTI4SnFw0xMzEyMTYyMTE1MjNaMCECEDltbC/NhIMukvGtqNdiq0gXDTEz +MTIxNjIxNDAyOVowIgIRAP9sQMUO0IoPZJVtlVVkiYsXDTEzMTIxNjIyMjkzNlow +IgIRAMfnRy6DOpWcf06NCS5yIbMXDTEzMTIxNzAyMTMwN1owIQIQGT9txhodFc6V +a7HC4JushBcNMTMxMjE3MDY1MDA5WjAhAhA72oe1YWNSuayBEwhW2CZVFw0xMzEy +MTcwNzM1NDJaMCICEQDJtvgSKJG+s+nfT9d146LJFw0xMzEyMTcwODU0NDlaMCEC +EATJOQTAkq6f6u/WUs3yavIXDTEzMTIxNzE0NDYyN1owIgIRAOeBBb91o0fGityk +HJvzJYYXDTEzMTIxNzE0NDcyOVowIgIRAJut4+atE71i26fTyKRSPeMXDTEzMTIx +NzE0NDczN1owIgIRAIxhsR4w9lDsjD/emCDOukMXDTEzMTIxNzE1Mjk1M1owIQIQ +TRkL5NeQuGHgWVp7rb/QeBcNMTMxMjE3MTUzNDE2WjAgAg9AbD7RnSDq5IEFXN4t +344XDTEzMTIxNzE1MzkxN1owIQIQd0xjWdq2cfQwV4ajrNQYEBcNMTMxMjE3MTU0 +MDEyWjAhAhAZwwBNst5+Q2zh2yoczK5DFw0xMzEyMTcxNTQwMTVaMCICEQDN76Yk +qwdoW+DBUVfoptJnFw0xMzEyMTcxNTQwMzZaMCECEEg1FIWNdLGK9072zrbLE8YX +DTEzMTIxNzE2Mjg0NFowIgIRAKVM4ZELdjos5oiF/q7fFHUXDTEzMTIxNzE3MDg1 +M1owIgIRANbhrtguCawoQEOdUzC/tG0XDTEzMTIxNzE3MDkxN1owIQIQWLh5ZvC8 +M6tf/+3vmCsz9BcNMTMxMjE3MTc0MzU4WjAiAhEAjWf8Ub/fDY88Tuxc6CN9mBcN +MTMxMjE3MjAxNTU0WjAiAhEAqKloKgZgD3syIarVg63BIhcNMTMxMjE3MjAxNjU0 +WjAhAhBxuByyMl/gZo7BgOCW3UuWFw0xMzEyMTcyMDMwMzNaMCECEBRFm5UbCSec +LpOsUXq4ScQXDTEzMTIxNzIwNTc0NVowIgIRAJ0YZ/G7uSHdopyaWbuEAT0XDTEz +MTIxNzIxNDQwMVowIgIRAPTovywlax9Qb1688ZbqNc0XDTEzMTIxNzIxNTI0MVow +IQIQFatj6WgL4L9aCMwjnnsLPRcNMTMxMjE3MjE1MzAwWjAiAhEA/bNhZcry5DEo +jdyQdVTpSRcNMTMxMjE3MjIwOTEwWjAiAhEAq34hXwFKExYRgV4VgoW6axcNMTMx +MjE3MjIzNDQ3WjAhAhBV5iYd8GLYYVsSgW1Ht7XkFw0xMzEyMTcyMzE0NDNaMCEC +ECRcd3xXOP9RDGPrt4uyM0oXDTEzMTIxNzIzMTcxN1owIgIRANCTrEMtIOR5Qrky +3EYjmA8XDTEzMTIxODAwMTUzMVowIQIQLvByC0s7bR4w0vz2/Yxd7hcNMTMxMjE4 +MTAyMTM5WjAhAhBZd9roDIDLMhXSKOQV1dJBFw0xMzEyMTgxMTQ4MzNaMCICEQCw +rfJMy7oPkO/6iL8lEhfzFw0xMzEyMTgxNTEwNTJaMCECEHAIagrOuaCPenMjtnl7 +3rIXDTEzMTIxODE1MjAzOVowIQIQJjiD38D6gPNT+/j6fBEhxRcNMTMxMjE4MTcw +NDU0WjAiAhEAoUaCJJB4VBu0ECIZFmrpmxcNMTMxMjE4MTcwNjQ5WjAhAhB9p2sf +zUyLdQB8iYt3+fXIFw0xMzEyMTgxNzA3NDNaMCECEF68RcguIKzRDVy+ffp3kC0X +DTEzMTIxODE5NTUwNlowIgIRAJzEhVKc5JQ3LgnBP8Jr6MkXDTEzMTIxODE5NTUx +NlowIQIQCWiYkchbL6v26evP36STzBcNMTMxMjE4MTk1NTMxWjAiAhEAtOY5+Ky/ ++TRGBKUUIBC0hBcNMTMxMjE4MjAxMzU1WjAiAhEA6g5l01x3qORugSDAWP4m1xcN +MTMxMjE4MjAxNDAwWjAiAhEAkd8ujFvX+Gdbkn1q2n4FdRcNMTMxMjE4MjA1MDI3 +WjAhAhAm4nDxYV2eyb0kDh+ZGT3gFw0xMzEyMTgyMDUyMjFaMCECEEnCh0dDQGZ8 +dR6dtpgqk/4XDTEzMTIxODIxMDUzMVowIgIRAJg0L+lHbfRBorf0aZbUIIIXDTEz +MTIxODIxMTIwNlowIQIQDsjNMGg1AM2HeaITrTrMChcNMTMxMjE4MjExNDM4WjAi +AhEArI/92EaTuTYQn7QC+mzbFRcNMTMxMjE4MjExNDQ4WjAiAhEAy6sciT0TOkfT +24S1ItiQ4xcNMTMxMjE4MjExNTMyWjAhAhBkXgFaqlr6L2C36F2/UKSLFw0xMzEy +MTgyMTE5NDZaMCICEQC9M9S80tBnprjUuncEHa3OFw0xMzEyMTgyMTQ0NDVaMCIC +EQCGu5J5UUFOj7OgADGfCh78Fw0xMzEyMTgyMTQ3MThaMCICEQCxtu6Yu2Nt+Q/F +FlD2ZNL5Fw0xMzEyMTgyMTQ3MjFaMCECEEwAB2ffJXxMdg6Aw/iSn84XDTEzMTIx +OTA2NDcxMlowIgIRAIzLmhliBmg0GWT5KC9aVzIXDTEzMTIxOTA2NDcyM1owIgIR +AMx7wMV7u7DbfeUSZ8dmHN4XDTEzMTIxOTEwNTY1N1owIgIRANn4c/jDztcOk9os +Z7EyLy4XDTEzMTIxOTE1MDcwM1owIgIRAM7lPPlFcJVzA956pOEN0x0XDTEzMTIx +OTE3MTkxNFowIgIRAJ8YdjL8V4ESsTim34l4iLcXDTEzMTIxOTE4MDExMlowIgIR +ALGZ/f0X5qQ9dq7ef4EEgK4XDTEzMTIxOTE4MTEwMlowIgIRAL+DvPIhEOzfmoNa +oTYay/gXDTEzMTIxOTE5MzIyM1owIgIRAIMQYhM5ecI5hUbE9ir0RpkXDTEzMTIx +OTE5NTYzMlowIQIQKB4MqMiygRw7iAyXu5rRFhcNMTMxMjE5MjAyNzAwWjAhAhBX +5hzlsc08h3KbdclFTfzsFw0xMzEyMTkyMDMzNTlaMCECEBP2TyUHlVRGhOhsXGLA +OXAXDTEzMTIxOTIxMDg1MFowIQIQJHqE8V9xcpT78mzkhD8wiBcNMTMxMjE5MjEy +MjQyWjAhAhAaj9KOF1Vrbw1b7iOoqOr/Fw0xMzEyMjAwMTI1NTlaMCECEEakb7oS +albk3DDc6ol0MFkXDTEzMTIyMDEzNTAzM1owIgIRAPyaVBHpQ/Nk67zm07uyggsX +DTEzMTIyMDE0MjY0NVowIgIRAJASxh1Ne6f7pvyOHa0b1QoXDTEzMTIyMDE0Mjcw +M1owIQIQRPS0/TclGRBhZf4sLIhC4xcNMTMxMjIwMTcwMTEzWjAhAhBOx+EX3ut2 +hfPlfJfLhiqkFw0xMzEyMjAyMDE3NTFaMCECECh2DmOeA1vHQcwoHdKFrdsXDTEz +MTIyMDIxMjkyMlowIQIQLtXKWP/PoFX26S03SLXd4hcNMTMxMjIwMjE1MDA4WjAi +AhEA6rs46W5qs39dSM8BIcisLhcNMTMxMjIwMjE1MTE0WjAiAhEAxTpmXGCYUIM4 +ThdiHQT9EBcNMTMxMjIwMjE1MjIwWjAiAhEA99wYigRGnRsgtWS+QruMNBcNMTMx +MjIwMjE1NDAxWjAhAhBhL5btYs46F6aZAZj5y0tOFw0xMzEyMjAyMTU0MTNaMCIC +EQCh+PP20pnLFXyeV47DdKyaFw0xMzEyMjAyMTU4MTJaMCECEF8yfmR65w51ZI6f +P/OSKekXDTEzMTIyMDIxNTgzMFowIQIQc6Y4A465cSlU/MPkKIanxxcNMTMxMjIw +MjE1OTE3WjAiAhEAqbIT+5PY5uIti9LBpLSrzxcNMTMxMjIwMjE1OTMxWjAhAhBB +KUB0GR1GBWhZBTsK2z9cFw0xMzEyMjEwOTQ5MzNaMCICEQCpIh0ridO+UDzL3KE6 +xwiCFw0xMzEyMjIxNTU1MDNaMCICEQCo49iHrFXm3NgIeyazaTqoFw0xMzEyMjMw +ODUxMDdaMCECEATKwwtunpKCwoGOxBrQvgEXDTEzMTIyMzEzNDUwNFowIQIQZv4z +6TQ8DDtJPhzMOBdwrBcNMTMxMjIzMTQzMDUwWjAiAhEA7cTK+JWinG5VLbKnbxH2 +VBcNMTMxMjIzMTQzNDI2WjAhAhBqjRm7b2qAFCBRvSdNb6UmFw0xMzEyMjMxNDQx +NTJaMCECEDeurr6YXa7qCTC6cBZ9fq8XDTEzMTIyMzE0NDI1MFowIgIRAKy7orzg +SxcgOdX6/h6aoQQXDTEzMTIyMzE0NTMyMFowIgIRALieja5wG2T3YU7qrGcXQcoX +DTEzMTIyMzE0NTQ1OFowIgIRANZVsRgNlH1HpV+Uk5GWTycXDTEzMTIyMzE0NTUz +MVowIQIQFMiaF7DJxYsQW2F4LgkvLhcNMTMxMjIzMTQ1NzI3WjAiAhEAmds76W1s +RHJWaqPEAYrvjBcNMTMxMjIzMTUwMTMyWjAiAhEApLW+CPJK0pKlxnNBUdysrxcN +MTMxMjIzMTUwNDEyWjAiAhEAxRwjeVb5GRgxkgQ3Mkg6XhcNMTMxMjIzMTUwNTIy +WjAhAhAC4g5CZhW3eturMZw+NXxTFw0xMzEyMjMxNTA1NDFaMCICEQDfQo/d2dt4 +RDnC3q6jZ+jNFw0xMzEyMjMxNTA1NTRaMCICEQDyVoXTQKIkO9zeWqUme/akFw0x +MzEyMjMxNTA2MDFaMCECEFgM8nWUpav8+UJju6Gd2IYXDTEzMTIyMzE1MDc0Mlow +IgIRAOLNUMRdJe7TF8JM9986PwgXDTEzMTIyMzE1MDgzNVowIQIQOB4kpe39mYyu +1enQxhHPDBcNMTMxMjIzMTUwODM5WjAhAhBEc4KNJHYnb5i9f6B6vTvvFw0xMzEy +MjMxNTA4NDJaMCECEAJFJQYs5l2w9Joej3iQI20XDTEzMTIyMzE1MTQyM1owIgIR +ANqTJXwmoChud9wGKJEIQZ8XDTEzMTIyMzE1MTQ0MVowIgIRAOsl9zM4+dPCvH1o +7jnevLsXDTEzMTIyMzE1MjcwNFowIgIRAN6jn5QFgD2hmoT6yRHiNoAXDTEzMTIy +MzE1MjcwN1owIgIRAJzRFYRoUdHZH5rQRolQ3WsXDTEzMTIyMzE1MjcyNFowIgIR +ANHvjzXDJ8YmnUReKGjFm50XDTEzMTIyMzE1MjcyOVowIgIRAOnlmWJn4vY7znZg +OPE7ZfEXDTEzMTIyMzE1Mjc0NVowIQIQAIvDYqULh/b0xrEpwclpYhcNMTMxMjIz +MTUyNzQ5WjAiAhEAogbC56IZKJtUgMVR7B9NVhcNMTMxMjIzMTU1NzQ0WjAiAhEA +guflMO5z27i1qkNFWA4/4BcNMTMxMjIzMTYwODE5WjAhAhA0x1mYX8abtGH8ZQ5q +cDc9Fw0xMzEyMjMxODUyNTJaMCICEQDCer5gbjUUzJNAkjv0P/txFw0xMzEyMjQx +NTQ4NDdaMCICEQC7Xtbb0U0yP47XWtdc8U7oFw0xMzEyMjQxOTE2NTFaMCECEDpY +R+8HrAVLfhC2jACvUGEXDTEzMTIyNDE5MzEyMFowIgIRAKfea6giUtbVI1PSRTue +4dAXDTEzMTIyNTAwNDczMVowIgIRAMFmUQBK4EsoUlnXfMEczVsXDTEzMTIyNjE0 +NDQwNFowIgIRAKULjmaDYNZVyDx0EbkEa3IXDTEzMTIyNjIzNDg1NlowIQIQP4+X +2grGVjmxJAPSGsGCjxcNMTMxMjI3MTM1NTQ4WjAiAhEAoFZIr3HcO3jgX3CgKh6S +sRcNMTMxMjI3MTQyNjQxWjAiAhEAxSCeNc3rXzbzy6j3qXEwmxcNMTMxMjI3MTQz +MTAxWjAhAhBb3CqESSNCaDvAyLkedBqoFw0xMzEyMjcyMDU3MzBaMCECEF/qw9BW +FjCTSoy9WhqHRr0XDTEzMTIyNzIxMDIzMFowIgIRANEH54Yniqf+cZBkzvxB6WUX +DTEzMTIyNzIxMjgzM1owIgIRAM1HuzQL0j4FVXVWnuKXMx0XDTEzMTIzMDA4MjAw +NFowIQIQayeYm3Akz5/W5N6dvpJ9vxcNMTMxMjMwMTQ1MTA3WjAiAhEAucunu7qb +q9pz6lGiAddIahcNMTMxMjMwMTUyMDQwWjAhAhAjHJLZW07BpOuEnMb6LbU6Fw0x +MzEyMzAxNTU3NDFaMCECEG7QxZtAFj0tfVN4SG3hZ3IXDTEzMTIzMDE2MDQ1Nlow +IgIRAKTw/Na8T3roqnY1EssgXzIXDTEzMTIzMDE2MTAyOFowIgIRANpWNB/IDocS +Tke8P9g3EeUXDTEzMTIzMDE2MTcwOFowIgIRAP3szZlJp72rSI2h+YsxTrUXDTEz +MTIzMDIxMjgyN1owIQIQEd4HhOwOaHYYfibsgCc3XhcNMTMxMjMwMjEyOTAxWjAi +AhEA1k4VLK4pKPV9oDOKyWFvbBcNMTMxMjMwMjEyOTI3WjAhAhBIasngz6HapLO2 +BuJ0hWPeFw0xMzEyMzAyMTMwMDJaMCECEEItk2b3j9EMIrpwb60miA8XDTEzMTIz +MDIxNDQ0MlowIQIQemikmgDcjMWPvRoQyLXqLBcNMTMxMjMwMjE0NDQ4WjAiAhEA +nzQd1ZsbTCdqzSvnCjKVPBcNMTMxMjMxMDg0NjMxWjAhAhApO/zM8mSBb7zRfLwp +ZsxJFw0xMzEyMzExMTIwNTRaMCICEQDgANUHJhMPsM1WL/og9UH5Fw0xMzEyMzEx +NTIyMDNaMCICEQCRD0wm1D83O0rYyINuMPEBFw0xMzEyMzExNzE4NDNaMCECEBdE +wwGKK87BKNBg3UTxc6oXDTEzMTIzMTIyNTQxMVowIQIQDs4VvkuBuv+TL6F/aHRu +ChcNMTQwMTAyMDkxOTU3WjAhAhBVW3k2pD2PdmDoomsMEVJPFw0xNDAxMDIxMzQ2 +MDFaMCICEQDJRgdLYdE8jRaJpp4SxN7wFw0xNDAxMDIxNDE2MDJaMCECEFXkHAlP +PbhKlspyb6MYYxIXDTE0MDEwMjE0MjM0OFowIgIRAMfLxKxBfbnwbFTLc0osKl0X +DTE0MDEwMjE1Mjc1MVowIgIRAICaPLLv71uzf16k7GtMeW8XDTE0MDEwMjE2MjE0 +MFowIQIQeEI9mJLRl2uzdxoUNj8hURcNMTQwMTAyMTYyMTQzWjAiAhEAzqmWBR4A +1x40yBT+um6pOBcNMTQwMTAyMTYyMjA4WjAhAhBHEwM34aebyLS0NYqkJ8FVFw0x +NDAxMDIxNjM3MzJaMCECEFO4W1rZ/u/4NQcjGN5nRyEXDTE0MDEwMjE2NTg0NFow +IgIRALV3wAmqxvsQV8xlnUboL3IXDTE0MDEwMjE3MTkzNFowIQIQYtGPdU8amezL +wEyNVSbsQxcNMTQwMTAyMTgwNzI2WjAhAhAhwu1NUbAHe819jRFnea8BFw0xNDAx +MDIxODA4MDFaMCICEQCQLVV1bT5kXqbeqL3LPCz2Fw0xNDAxMDIxODA4NDlaMCEC +EBgJFOx5e2urNR4vibSjgDEXDTE0MDEwMjE4NDcxMVowIgIRALFXazNb+jSeSYPt +UQthuKEXDTE0MDEwMjE5MzAzNFowIgIRAPz50MztdvgLJITmyNZFKxEXDTE0MDEw +MjIwMzkxMVowIQIQcFacZyMTmyA755VKo3kYWxcNMTQwMTAyMjA0MjQ3WjAhAhBo +186m/cHsPk2OazJp148GFw0xNDAxMDIyMDUwMDJaMCECECbSG7L3j6pMJHKfSvqm +smQXDTE0MDEwMjIxMzEwNlowIQIQPGZlsPE1xMKJLYh0yZXJahcNMTQwMTAzMDI1 +NTMzWjAhAhBSbHmiMD0BdInkDN2i0rvqFw0xNDAxMDMwMjU1MzlaMCICEQDJceGq +BxYS31k5mqIpWK6zFw0xNDAxMDMwOTU2NDVaMCICEQCNztuuNMZDgIb61qcI8bV7 +Fw0xNDAxMDMxNTU4MzZaMCECEGkxhNH+7+QwyUbjHn99H6QXDTE0MDEwMzE2MTE1 +NVowIgIRAOAfQ5B3DfX33T1GM5UmwmAXDTE0MDEwMzE2MTIxNVowIQIQcsqN1++T +NRwEeqWg6hELVBcNMTQwMTAzMTcwOTAyWjAhAhBP3qRZIrNQHexjX1R21pkbFw0x +NDAxMDMxODQwMTBaMCECEFRuPeaR/ca6b8N1pKESKKAXDTE0MDEwMzE5MDQzOVow +IQIQMXnRxSbznPqqC+G167FNrxcNMTQwMTAzMTkwNDQ0WjAhAhBwp+UGSO2iKhod +gnJjOWlXFw0xNDAxMDMyMDA4MzFaMCICEQDKEwa+tTcSOUTTyfOmillzFw0xNDAx +MDMyMTMzMTFaMCICEQDq+1+6jNDfUJ/+P64sdHYWFw0xNDAxMDMyMTU2MTNaMCIC +EQCJKmNwgAUqMWx40RqD/khaFw0xNDAxMDMyMjA4MzBaMCICEQDXN5bF72iUB1Jb +JmV3QAaNFw0xNDAxMDUxNzU5MTFaMCICEQD0WAn/r+yGPnNeQIsAcBX3Fw0xNDAx +MDYwNDUyMTFaMCICEQD2TTUX7luTXtgzdQKN8rHfFw0xNDAxMDYwOTU2NTVaMCEC +EFtabFSt75Dt8jlYhH6NRUAXDTE0MDEwNjEwMjkzN1owIQIQUiNr726d8EnxH2WL +bz+PnBcNMTQwMTA2MTI0OTU4WjAhAhAN/AAS6QVS0oYrSBx+7mOzFw0xNDAxMDYx +MzA3MThaMCECEBWo60bvh3mnR1QPTi/f4S0XDTE0MDEwNjEzMDkzOVowIgIRAKLe +KKNZDbENIjTOeujRQc0XDTE0MDEwNjEzMjA1MlowIQIQeBxyArKQwmRoREgdYnbG +bBcNMTQwMTA2MTMyNjQ4WjAhAhB7B/JUiYI64tAmA199cufdFw0xNDAxMDYxNDQ4 +MDlaMCECEFDEsZdlW6dKqeKLm3npsNQXDTE0MDEwNjE1MTU1N1owIgIRAL0IHCWG ++thgfFiQf52V7dcXDTE0MDEwNjE1MzU0N1owIQIQKjDXfNtm+6OXydVVUI3qehcN +MTQwMTA2MTUzNjAxWjAiAhEAysrmJyuth0TVPBc4cuz6shcNMTQwMTA2MTU0MDQx +WjAiAhEA2BHDe/yC9ReTAAjTGoHIPhcNMTQwMTA2MTU0MDU1WjAiAhEA+ggMwGSL +xSuJJqlx7jfM5xcNMTQwMTA2MTU1MzU1WjAiAhEA6DqAoZVX9Bjckf0fhGYzHxcN +MTQwMTA2MTY0NTM5WjAiAhEA0Ax3uIEIsTTg2ADCFdSYDRcNMTQwMTA2MTkyMDI4 +WjAhAhBejpmqVR2xJmZWr/UBGpeZFw0xNDAxMDYyMDExNDVaMCECED14MHYpG/Po +sB9G+24jirQXDTE0MDEwNjIwMTU0NlowIgIRANeNS70RJMfzD921qRRXATcXDTE0 +MDEwNjIwMjAzN1owIQIQGfr8dYr7QcmkcAAsmuVTFxcNMTQwMTA2MjAyNzA1WjAi +AhEA1FmMDKr/vs7e//FKeNBTzBcNMTQwMTA2MjMxNjQwWjAiAhEA67THCmpHgEDR +v4+UMVgbkhcNMTQwMTA2MjMxNjUyWjAiAhEAgTF76H2Wiq4PJ1uv4fFDuBcNMTQw +MTA2MjMxNzA0WjAhAhBbFZQM2C7JluV7b5vIJ+mUFw0xNDAxMDYyMzE3MTdaMCEC +EBdHLr+IoXcT5X7m3QXh4uMXDTE0MDEwNjIzMTczN1owIQIQJXIS+lYPdfeK2bD0 +x5ARvBcNMTQwMTA2MjMxODE0WjAhAhAkdHg2bk4NLHJwaMQywFxvFw0xNDAxMDYy +MzE4MjdaMCICEQCTAtOn7yU1v73oYaTAMiDeFw0xNDAxMDcwODM4MjRaMCICEQCr +pF1Stc6IqWI0BNJrtmmAFw0xNDAxMDcxMzMyMzBaMCECEBsLtomD4DKAte6FtqDm +734XDTE0MDEwNzE0MTAzM1owIQIQClXdFo0ors7MV8sBGZXAyBcNMTQwMTA3MTYz +NzQ3WjAhAhApMlt1RHUNKyjfp7uNZbhFFw0xNDAxMDcxNzM4MTFaMCICEQDsApO0 +Hgo2ZjegQc9DU5qIFw0xNDAxMDcxNzQ1MDBaMCECEAKBaXHKucXuMORIeD8hAoAX +DTE0MDEwNzE3NDUwMFowIQIQWkHKBU7vF8+FpKy34BScSxcNMTQwMTA3MTc0NTAw +WjAiAhEAs5wt5l/n00MfwmYlSmX/zhcNMTQwMTA3MTkwMDU4WjAhAhAKjCK7H9uF +ECiZrenBvcpvFw0xNDAxMDcxOTAxMDBaMCECEBBraGG7MnQM8PqEOa6ioBIXDTE0 +MDEwNzE5NDg0N1owIQIQXrLaI6C324X2BlZ8eqzHuBcNMTQwMTA3MTk1MDQ4WjAi +AhEA72HeYXZZHdMNJFsUdZGR3hcNMTQwMTA3MjAyNDUwWjAiAhEAm3qUVzT24RZ+ +RL02bro6qhcNMTQwMTA3MjAzNzUwWjAhAhAH9SZ+j+QvNIcQkJTvOJhMFw0xNDAx +MDcyMjM2MzJaMCICEQDc4N/mWnpvMTtPfX4KEpWuFw0xNDAxMDcyMjM2NTBaMCIC +EQD9iD72WOudgzmoxb55kCiZFw0xNDAxMDcyMjQ0NDNaMCICEQDqB9WzEzzfYop2 +PYozpaAVFw0xNDAxMDgwMjExMDZaMCECEGpIMCIAw0VEwu2YzmjJiO8XDTE0MDEw +ODExMjc1M1owIQIQTnUgvQ76IFZWcPIZhItDXRcNMTQwMTA4MTUzODAxWjAhAhAd +PQOI6f6lAWEMyUTmOAFbFw0xNDAxMDgxNTQ0MjdaMCECEBPteCfpfEKzPtMtuQ7g +kvkXDTE0MDEwODE1NDQzN1owIQIQGLfhdzs12X+TQCNL7faHthcNMTQwMTA4MTU0 +NTE0WjAhAhAPcpS1hx+sipV0IqmhiwMQFw0xNDAxMDgxNTQ1MjlaMCICEQC9kYJs +5XNtU9K21fMSsbKPFw0xNDAxMDgxNTU5NDRaMCECEGO0rPE+SdXBthk7Idr0SHoX +DTE0MDEwODE2MDU0MVowIgIRAOW/Qae/y0RC7+3Nx+SLwIkXDTE0MDEwODE2MDU0 +OVowIgIRAK+CKFKhwbPCPLrX+i/ji54XDTE0MDEwODE2MjczMlowIgIRAPP+3m5o +u/QIz2XdyGIb6/8XDTE0MDEwODE2MjgwMFowIgIRAMLwOlMM+U9ef/IrYZn11BYX +DTE0MDEwODE3MjY1N1owIQIQOTWVcVSu6VyFdwj5jG42lhcNMTQwMTA4MTc0NzM1 +WjAhAhAsHgGS1zPADLmqHwC/X/XdFw0xNDAxMDgyMDMzMTZaMCECEFBu5lyQBeuG +a4lDdE4Z144XDTE0MDEwODIxMjcyMlowIQIQei24cpmWudskAML5FyDxzBcNMTQw +MTA4MjE0MDA5WjAiAhEAkzINDZip5S4GIMFprji10hcNMTQwMTA4MjMzMTUzWjAh +AhAe5wGBN6zdXhk8VrmkzGRxFw0xNDAxMDgyMzU1MjZaMCICEQCoxmoBlbDKyW5L ++tGb7qaJFw0xNDAxMDkxMDUxMzZaMCICEQDxJhx/Cwl8uKYmA970wiLGFw0xNDAx +MDkxMTM4NDJaMCECEH89rCcPJhMXJ/TuT0r/f+cXDTE0MDEwOTEyMDc1NFowIQIQ +KD45hL8SHCEBapXHuULAABcNMTQwMTA5MTMyMTI3WjAiAhEAz0NDFaQH4rJZ+F37 +OA2TshcNMTQwMTA5MTM1MTE4WjAiAhEAnkC4bwDHU9Ks+Reaf62lmRcNMTQwMTA5 +MTQwOTA0WjAiAhEAwYNPtljlv8B8DOiz7t2wqhcNMTQwMTA5MTUwNDM5WjAhAhA9 +ezVMlRUPCl/dEqQbJh4+Fw0xNDAxMDkxNTA5MTBaMCECEAWz/tHEwckG/DoHLzTK +njYXDTE0MDEwOTE1NDg1M1owIQIQIy+0uPfABd0JCJpXsk2JoRcNMTQwMTA5MTYy +NjE2WjAiAhEAxr0xTX9SP47brn9MU9R28xcNMTQwMTA5MTY0MzI0WjAhAhB29fPf +G/t9yKLpdC5YYWjMFw0xNDAxMDkxNjUyMjlaMCICEQDwlDDuTU3lBocz9gvXQNXf +Fw0xNDAxMDkxNzI2MDZaMCICEQDC1gacaBkHZlGktt/5WT55Fw0xNDAxMDkxNzQ1 +MjhaMCICEQCQIE3LSVgNfNLV/xKSwcdvFw0xNDAxMDkxOTM1MDlaMCICEQC2LRWF +jkVt75E8VV7x4CnCFw0xNDAxMDkyMDA2MzVaMCECECMDgaQnhtkB42N3A6hjMRsX +DTE0MDEwOTIwMjUyOVowIQIQX6d8WpywkVwqdI8Xfkc06hcNMTQwMTA5MjAyNjUz +WjAhAhA8hrvBjaoWKU8ON+YWVj8xFw0xNDAxMDkyMTM5MTNaMCECEA/VD/odlDkI +ZtBm1h3eJk4XDTE0MDEwOTIyMjIzM1owIQIQZN0xAqnF1mRkgn7fm6uw2BcNMTQw +MTA5MjM0NTI5WjAiAhEA37EdOjfvu3cCOe2jP9QGUxcNMTQwMTEwMDAwMDQyWjAh +AhAkJRidwAp2cin/cCYRYsyUFw0xNDAxMTAwNzM3MTBaMCICEQCIn2N3nZVbe68N +SmSkoKJIFw0xNDAxMTAxNDA3NDJaMCICEQCBquRf0Dox3bW7/wQE4C9yFw0xNDAx +MTAxNDMwMjRaMCICEQCjQa6ej2+jvUzW8v7XUpAuFw0xNDAxMTAxNDUxMzNaMCIC +EQDrd/8VUEnZJmQl+GPaQkNtFw0xNDAxMTAxNTMzMDhaMCECEEl5OyPgJKb2QFYH +APCdRTAXDTE0MDExMDE1MzMyMFowIgIRAO5iyIU9tVlc8+iMgyKJny8XDTE0MDEx +MDE2MDM0MFowIQIQP/UF9ad7TXiZ++rEbwKWjxcNMTQwMTEwMTYyNjEzWjAiAhEA +5UqbScEpV64eoCdNdzfDzxcNMTQwMTEwMTgwODQ5WjAiAhEA1KaOAP0BMw6hPEhq +9Zu40hcNMTQwMTEwMjAxODMyWjAhAhAjJ48TYX0eYy5YyUD0USv9Fw0xNDAxMTAy +MDE4MzlaMCICEQCZwzgUxVCQ3w47/w7PAKVjFw0xNDAxMTAyMDMzMjhaMCECEG28 +Ysxo5MI5soFqwu9/yiYXDTE0MDExMDIxMDExNlowIgIRAMWsgXIFUKhvSBBa7cRj +uekXDTE0MDExMDIxMDQ0NVowIQIQYt7SbnaQPcniM50idnSRVhcNMTQwMTEwMjEw +NDUwWjAiAhEA/MGyw82JBccRNF2x1q9uuRcNMTQwMTEwMjIwNzM3WjAhAhBgW7UV +V4Q3rWRkvcQ4h52nFw0xNDAxMTAyMjA4MjZaMCECEFOrfHx67moIoxSflCNFUWgX +DTE0MDExMDIyMDgyOVowIgIRAPni2J4N0Gn8rF81kX6eMCwXDTE0MDExMzA4MDgy +MVowIQIQFVWq76FWoaT1pvGK6r+t0xcNMTQwMTEzMTA1MTI4WjAhAhA4DOkMQR/2 +akdwGcBUhPQdFw0xNDAxMTMxMjA3NTJaMCICEQDuvrnI+OfMJGB3mcrkbQ1JFw0x +NDAxMTMxNjMwMzVaMCICEQCLoIJOtiosTXDyssuhg3wrFw0xNDAxMTMxNzIyNTNa +MCICEQDP2QFmZqaShmWILmvZPq2EFw0xNDAxMTMxNzUwMDFaMCICEQCPvzykeMKB +mZx/Euwexik/Fw0xNDAxMTMxNzU0MjBaMCICEQCc6GkfjXl/aUmQ+gUYyVTuFw0x +NDAxMTMxODE4MzZaMCECEB5aQ8Vocx7Bnti3ow5YVxsXDTE0MDExMzIwMTYxN1ow +IQIQYQBoZpGbVg9T9eX7Fl3lGxcNMTQwMTEzMjAzMzUxWjAiAhEA2Kywlc4gKqhM +Eij49zwQRBcNMTQwMTEzMjMzNjE0WjAhAhAEMgNij/PcHG31x6gb4+U6Fw0xNDAx +MTQwMDEzMTZaMCECEAYTqxGZZq15monQw77o6N4XDTE0MDExNDAyMjM0N1owIgIR +AKtJLV7f5lgyFazenMtWDXYXDTE0MDExNDA4MTEyNVowIgIRAOvRosptaCs/uEfa ++eYOETUXDTE0MDExNDE1MDMyNFowIQIQDDZv0/LjG/EcygGdp2urxxcNMTQwMTE0 +MTUxMjA5WjAhAhBU0n0cahETxOfTl9/U5Y7LFw0xNDAxMTQxNjMyMTdaMCICEQDR +1NroPJSOPU/90Cj5juZAFw0xNDAxMTQxNjMyMzNaMCICEQCfgk5u0JKOVuxMEMLA +U3/XFw0xNDAxMTQxNzI1NTlaMCICEQCO0ipernfbWFks7hFAbl7vFw0xNDAxMTQx +NzQ1MjJaMCICEQDd/dOMeG0e044g0Io+1XiZFw0xNDAxMTQxNzQ4NTVaMCECEG6V +KoX5vmtOqKD4kuUKmI0XDTE0MDExNDE3NTAyNVowIQIQbcJOLBj5O5uQYEvMzgfw +9xcNMTQwMTE0MTgwNTU0WjAhAhB/668AP1DtkhcH3sgxuPcgFw0xNDAxMTQxODUx +MjhaMCECEDfI45VAoiRQmE0NndFXz18XDTE0MDExNDE4NTYyOFowIQIQQDU7l7gJ +s6OYycqlHqxdFBcNMTQwMTE0MTk1MzI2WjAiAhEAlqjwmU39jo6sxvr7mtw3zRcN +MTQwMTE0MjMxNDIxWjAhAhBwcK09g5xXZU86utQ4xIN5Fw0xNDAxMTUwMTUyMzJa +MCECEAejHohN2BZHg1N7abVlSP8XDTE0MDExNTA2NDY1OFowIgIRAO2i/T+9bF0s +w7WIqH5OjZ4XDTE0MDExNTA4MTMwNVowIgIRAPKQyin0Jc+UoJ58S/hUJ7oXDTE0 +MDExNTEwMDMzMlowIQIQJKxauTVSU75kHBoYFT3B/xcNMTQwMTE1MTExNjM0WjAh +AhB0r7BDZS+0ltgXNT7A87fSFw0xNDAxMTUxMTQ3NDNaMCECEC1JSNL6GeGwInqS +h5GudckXDTE0MDExNTEyNTg1NVowIgIRAJQ3cD8YKvWSXE7W3CS6wqYXDTE0MDEx +NTEzNDgzOVowIgIRALK+wq1eIQVKtBu1MCKNWnIXDTE0MDExNTEzNTIyNFowIgIR +AOBqojgqwVprnX+JunvdYkgXDTE0MDExNTE1MjczM1owIQIQKE28a7FXd5Cw9RJq +6Kq9BxcNMTQwMTE1MTYzNzI3WjAiAhEAhDUyTwwRG8ELtbYkRA7/CBcNMTQwMTE1 +MTgzNzA0WjAhAhBWiog5yka+I/3ponFozy3ZFw0xNDAxMTUxODQ4MjlaMCECEEqt +I6Ub/FuMiortQ6WdkrsXDTE0MDExNTE4NDgzMVowIQIQehKkqxmRdg/kvncepAcV +NxcNMTQwMTE1MTg0ODUxWjAiAhEA747kjmpo6FpNerKqrlo3SRcNMTQwMTE1MTkw +MzMwWjAhAhA67ndGG8UO5Xx1gqtFKqsBFw0xNDAxMTUxOTAzNTlaMCECEEWxOEya +QEhTnw/U63/EDeAXDTE0MDExNTE5MTM1OFowIQIQMRTxfAE5Ntx5DacRqZbq4xcN +MTQwMTE1MjAyOTAxWjAiAhEAhQhkPPU7jOBBp040GPtFRhcNMTQwMTE1MjA0NTU3 +WjAhAhAOoSB+wjVO5zdagtfu0uoAFw0xNDAxMTUyMjExNTRaMCICEQDUy1nFAZmS +wKoO27uqebBJFw0xNDAxMTUyMjI2NDlaMCICEQC7qk1ubr03p4mDe6VND2e3Fw0x +NDAxMTYxMzAzMDdaMCICEQCTMGw2lkrAob6leHtuB/eLFw0xNDAxMTYxMzIyMjJa +MCICEQC0Op7W33MZG955oQRv+cy0Fw0xNDAxMTYxMzIyNTNaMCICEQDiKCjTYmLX +pdXAwPyf8+tGFw0xNDAxMTYxMzM2MThaMCECED7sYxEYJpXLCk286yI1jFEXDTE0 +MDExNjEzMzYzOVowIgIRAOsq/o3KfRbMhcq+DCSuhrAXDTE0MDExNjEzNDczNlow +IQIQHHT4oc1STs7MIoPvOTL5vRcNMTQwMTE2MTQwODUyWjAhAhBoBIFIpRPyPHvo +5mAQxXCiFw0xNDAxMTYxNjM2MTNaMCICEQDptgBGSoUsH/2TkqVguPXRFw0xNDAx +MTYxNjM3MDhaMCECEER28K/sNLgoosWa754fbR8XDTE0MDExNjE3MDgzMVowIQIQ +cozXOPAjBCIlss6x7jpgzRcNMTQwMTE2MTczNzEzWjAhAhBDQXVMiQiHsovv1xlX +IHmdFw0xNDAxMTYxNzM3MzJaMCICEQCqU1k46tGBvgowYEZGuRHCFw0xNDAxMTYx +NzM3MzdaMCECEGTyaKFbhVONJYc3gVO32W0XDTE0MDExNjE3Mzc0OFowIQIQZAl2 +9jLoIRriMgkev25uVhcNMTQwMTE2MTczODU1WjAhAhAmUUOvHV7ZzbvYXSVvzIA6 +Fw0xNDAxMTYxNzUwMTBaMCICEQDR+h2SrmxBuWw+MHW6RKHgFw0xNDAxMTYxODUx +MzZaMCICEQCmz0I9dsS/oESQzofjkAtAFw0xNDAxMTYyMDIxMTFaMCECEGz/ZWx/ ++8A1G6y6VT9/y4oXDTE0MDExNjIxMDYyMFowIgIRAIZHmSY+jJkz2PUziL9kql0X +DTE0MDExNjIxMjgxM1owIgIRAMKD+0SpOGuqd9hy6Y/MW04XDTE0MDExNjIxMzcy +MVowIQIQQb+72cq8E6f3iDgK3L88/RcNMTQwMTE2MjMyMjM3WjAiAhEAtbMIo2DW +CxYiDArlQTw+vBcNMTQwMTE3MDM0ODEyWjAiAhEAqH++jdRZPy2cSsWltaeYghcN +MTQwMTE3MDk1NjU3WjAiAhEAi1GkIsw4MsBuUSJdRe0gnhcNMTQwMTE3MTAxMDE1 +WjAhAhBbysty9K8q3T3onlAuUQsRFw0xNDAxMTcxMDUyNTVaMCECEDWBBdIs99Fh +XjjhJbR/TfEXDTE0MDExNzE1MzU1N1owIQIQHHUXhutQeV80xE+QA9vbGBcNMTQw +MTE3MTU0NTIwWjAhAhBFDOJpK96Zc9NrDZNy0w97Fw0xNDAxMTcxNjQyNTNaMCEC +EEsdA/GAAJD1I0Ta16G+apsXDTE0MDExNzE3MDIwOVowIQIQFtnNdEZzV3qRRjbi +59SgAhcNMTQwMTE3MTcxNzM1WjAiAhEAgO73eTCD3A0sI+GrvNtCzhcNMTQwMTE3 +MTg1NjE0WjAhAhAWtGuob0N++mSl0+sFkXbsFw0xNDAxMTcxOTI3MDJaMCICEQCT +nNe/lAigk2+4VTK1ENuyFw0xNDAxMTcxOTUzNDVaMCECEAuivDUQ/ikppZXwYlf8 +mC8XDTE0MDExNzIwMjU1OFowIQIQGqU6pSMSqO/5Quvdu13khBcNMTQwMTE3MjAz +MjIxWjAiAhEA7kWNDqM5M3/DdOwdiu0sGhcNMTQwMTE3MjA0NTExWjAiAhEA4LbW +00lt1Tuwc67fCAuZlxcNMTQwMTE3MjEwMTM0WjAhAhAW81JDQwNpOQt+6pfc2rs7 +Fw0xNDAxMTcyMjUzMTVaMCICEQDj41tjhhZ15PX2uAhB4fgcFw0xNDAxMTcyMjU1 +NTdaMCECEArsDDQHs1152F+Rl6yFJZkXDTE0MDExNzIzMDA0NlowIQIQe5oG6P4V +LYCVp1zbFiGZFRcNMTQwMTE4MDIzODMzWjAiAhEAwSnUQ/SVDAXn3BXXh5pCzxcN +MTQwMTE4MDgyMTE2WjAiAhEA2NnMOByTRLsUvrW7pdnTSRcNMTQwMTIwMTE0ODE5 +WjAhAhAWulD6WtCzwDVwoFxZPyUCFw0xNDAxMjAxMjAxMjBaMCECEB9AyRmU10pf ++f6ameMhi5YXDTE0MDEyMDEzMTg0NFowIgIRAJt80apzvfXXTF8Cz91fImYXDTE0 +MDEyMDEzNDgyNVowIQIQTk3b028msWcbMsSDAPKlbRcNMTQwMTIwMTQzNjAzWjAh +AhAzzaR37fQ0IfTjq+jsS6xmFw0xNDAxMjAxNjAyMDVaMCICEQC8TgBlFXe0fY8w +vL3P2z8HFw0xNDAxMjAxNjA5MDhaMCICEQCrEM4e1hILHXWY31LhHi/IFw0xNDAx +MjAxNjA5MDhaMCICEQCmZYuoKXtMOs84slDTlZNuFw0xNDAxMjAxNjQ1MjFaMCEC +EF9UWYi2Y+jHwJRR/DwraF8XDTE0MDEyMDIwMTU1MFowIgIRAIcaW/7xvrSQtoBp +SoJqAkIXDTE0MDEyMDIwMzUwOFowIQIQOWz3eLX8CcxkPW8QuIVH7xcNMTQwMTIw +MjIyMDMwWjAhAhBkaf1KRys8KRRGujzfqcJdFw0xNDAxMjEwMzI5MzhaMCECEA/9 +OkXfLnXdE9omuPRX+JIXDTE0MDEyMTEzNDY0NVowIQIQFuv/8BMMrB8QQqQjk+MP +IhcNMTQwMTIxMTM1MTI2WjAhAhAnOeK6OjyT1NYXPq81joVPFw0xNDAxMjExNDIz +NThaMCICEQCAqsvi9iniOm5S2LWbnmKIFw0xNDAxMjExNDQzNDBaMCECECT5Hd6x +vQlJPI/fvFGxlwcXDTE0MDEyMTE0NTA0MFowIgIRAODUaROrTvz18qvZeEoMcOUX +DTE0MDEyMTE1MzQzMlowIQIQOp9uqLMJGO2ouq4AOguwjxcNMTQwMTIxMTYxNTA4 +WjAhAhAsF1j7kemafEVqT5tHE8SmFw0xNDAxMjExNjM0MDZaMCECEDY6363B8ohe +ow5p0XruJUsXDTE0MDEyMTE3MDIwMVowIgIRANmnvxXttZzO9oY9ImQ15m8XDTE0 +MDEyMTE3MDMzNlowIgIRAPIVjdQBOimBRx0sejM46ZgXDTE0MDEyMTE3NDYzMVow +IQIQD2wd1gvy2ycpsHXSzf/9wxcNMTQwMTIxMTg0NDAyWjAiAhEAiwmiZNKSsr+I +bs/MB1j0yBcNMTQwMTIxMTg1MzQ1WjAhAhAlDy7ee9/MsOCK30RiQNxtFw0xNDAx +MjExOTAyMjFaMCECEFJHtb3BkijGGLDPmJysFW4XDTE0MDEyMTIwNDMxM1owIgIR +AI9RTmvTJ4yMkJRiggIJcNoXDTE0MDEyMTIwNDczMlowIgIRAO4yYgOkAqr8Ud+X +CgE44rgXDTE0MDEyMTIwNDgzOVowIQIQOl+PQRFSbQJloZAzbV5pERcNMTQwMTIx +MjExOTU3WjAhAhBRAXxpz68oCSDtQFzczzbXFw0xNDAxMjIwMDIwMDlaMCICEQDc +HHpi/AYM52i7D+rMAOf4Fw0xNDAxMjIwMjM4NThaMCECEBDbs0jpYdhk6JVolF9p ++lcXDTE0MDEyMjAzMjIxOVowIgIRAP4NSBpWCn6jSWDS+L20iG4XDTE0MDEyMjA3 +MDk1MlowIgIRAPvykrUDlQF5/JMVKdd9feUXDTE0MDEyMjE0MjczMlowIQIQCd3w +ODkGTXva4gzm/ppJ1hcNMTQwMTIyMTQ0MjA2WjAiAhEAhL9HvZEMERRXyNTIcDGs +pxcNMTQwMTIyMTUwNDAyWjAiAhEA8BpRPp7q35Al9XaObI/6BBcNMTQwMTIyMTUx +MjM0WjAiAhEA5uL5N9uAtC7c8+enodWm7BcNMTQwMTIyMTUxNTIwWjAiAhEA7OPq +4s4/aZlzV2BjVvcSzRcNMTQwMTIyMTUxOTIxWjAiAhEAmgabV2HatjwWpTAIxdqP +4xcNMTQwMTIyMTcxNjI0WjAiAhEAn9RQsv3jLCvEGFwdhx9+2BcNMTQwMTIyMTc0 +NDQ0WjAiAhEAsgbInsr/zNM4Fh9u8LcA+hcNMTQwMTIyMTg0MTQzWjAhAhBf1p7u +LIf2TG/omz1cYv5LFw0xNDAxMjIxODQxNTNaMCICEQDscAcKeB4DqwZU3Us6Cr/V +Fw0xNDAxMjIxOTE1MzNaMCICEQDPoSBlCCJ/7AvgAjNHf0KYFw0xNDAxMjIxOTU0 +NDhaMCICEQCudeYHPCFmYdiw1xO4kYddFw0xNDAxMjIyMDU4MzhaMCICEQDak7O4 +vLqNrNy5jkE41VrBFw0xNDAxMjMwNDI3NTJaMCICEQDwZeYlMKvPLlKJH4OWtNc5 +Fw0xNDAxMjMxMzIzMTZaMCECEGJMTYyHPNM2MtA+RjYL1YoXDTE0MDEyMzE0MjQz +NlowIQIQM2EnDhiUETuji5jQZxERmxcNMTQwMTIzMTQ1NjMyWjAiAhEAgXvKz2uw +ZMXog93bl1P/tRcNMTQwMTIzMTUwMDE4WjAhAhAI6RkM/rmpSZvNc45zJQ7vFw0x +NDAxMjMxNTA1MDRaMCECEGdfk6W7IqUrxYwEjK4AYtIXDTE0MDEyMzE2MDcwNlow +IQIQDd7h141UcIe/ZTga+CkjBBcNMTQwMTIzMTYzMzEyWjAhAhB0pI4ZQhus37KJ +Kvrg7tswFw0xNDAxMjMxNjQ5NTBaMCICEQD1unjgnrlK5ZQhJJnsBFGlFw0xNDAx +MjMxNzE0NTZaMCICEQCB4CeqMpOWG1x7CLBt8LuAFw0xNDAxMjMxNzQ3MTVaMCEC +EGUhVx9YFNubL/Do9YRCxfAXDTE0MDEyMzIxNDIwMVowIQIQAc3G7rj0yrjwdw4u +igHGfhcNMTQwMTIzMjE1MjI1WjAhAhAqdMfGDBnVTYaVK8XrLkZJFw0xNDAxMjMy +MjEzMjRaMCECEE7dwq3j6Nwzpw+3AxJr090XDTE0MDEyNDA5MTM1MVowIQIQFOYW +0ShdKzMlR0wa7NbjIxcNMTQwMTI0MTAwMzM4WjAhAhBauuohxGqrQLJ12EGEAc/P +Fw0xNDAxMjQxNTAwNDZaMCICEQDoyQks6+Z2DQGMrVFPp8m9Fw0xNDAxMjQxNTI5 +NTZaMCECEA4WssPzwlyCgcd5jHVc30sXDTE0MDEyNDE1MzI1MVowIQIQJxp4x1QX +xRlHMWuyMg4ZyhcNMTQwMTI0MTUzMzA4WjAiAhEAh8rjhWdsnPdaP4fVfqK+NRcN +MTQwMTI0MTUzMzI2WjAhAhB8f/rSLJbQ7oCDqaTaQffDFw0xNDAxMjQxNTMzNDNa +MCICEQDOcj4dXUgGACmEbGlaszr7Fw0xNDAxMjQxNTM0MTZaMCICEQDVuaFGRoYT +DkvJ4jeQpbiOFw0xNDAxMjQxNjQ2MzZaMCECED2kRBvdbmB7D4nr3R9/Em8XDTE0 +MDEyNDE3MjczNFowIQIQTwZaPSFJwBquAWtpuJdQShcNMTQwMTI0MTg0MDExWjAh +AhBrFaLSOHtd/GLEOwxgEC69Fw0xNDAxMjQxOTAwMTRaMCICEQDGKOhslAFmJNcK +2HvvkCTzFw0xNDAxMjQxOTAwMjZaMCECEGdmfAX6G8oCcQX4LAdKu/QXDTE0MDEy +NDE5MzQxMVowIQIQMrV6FrCtJxZ6noRHlHaxkxcNMTQwMTI0MjA1ODEwWjAiAhEA +tm7XoIJAlznndVIbQLFgCxcNMTQwMTI0MjEyNTM1WjAiAhEAv2k8YPSXCdnB1gnP +9eCb1xcNMTQwMTI0MjIwMjI3WjAiAhEA+EWJTxwzgJNlcTaaULsgwRcNMTQwMTI0 +MjIzMjM4WjAhAhBhgbe5SjfFsmNmsAPEfpbOFw0xNDAxMjYxMzA5NTBaMCICEQDp +JzBmP2vY0uuBc+fUK8uoFw0xNDAxMjcwNzA2MzJaMCECECRoQwXYKLOULmDipfhX +RqcXDTE0MDEyNzA4MTUyNFowIgIRALBNoa5acQ9k2uy4TZhFY0UXDTE0MDEyNzEx +MTE0MFowIgIRAOofXH72vjx0FWwjs4uts34XDTE0MDEyNzE0NTI0OVowIgIRAJQb +/AMvxBRkTNp+J2nd/jMXDTE0MDEyNzE0NTMxNlowIgIRAJZc4Z0aLLazuhRMTqTH +Gn8XDTE0MDEyNzE0NTk0NVowIQIQdoH7FbiojYEuEEuATesZUhcNMTQwMTI3MTYw +NDMxWjAiAhEAl1T45QS3IA80u5tilgInDBcNMTQwMTI3MTY1NDE5WjAiAhEA4j9Z +1mqa6cJWYrP1GCgUphcNMTQwMTI3MTcwMzM2WjAhAhA63sb24XUtbiPoGiSdLyYU +Fw0xNDAxMjcxODA5NDRaMCICEQCCia7Ruf7L1fY3QIrOV3W+Fw0xNDAxMjcxODM5 +MTlaMCICEQD3XEh3ZSvmIPNfE9nHZ3rTFw0xNDAxMjcxODQ2NTdaMCICEQDIEAjx +dglcR9BofsXlQ86kFw0xNDAxMjcxOTQ3MTVaMCECEEp1xsAYFEfwuMGG1sXXCOUX +DTE0MDEyNzE5NTE0OFowIQIQXSHhU7JxxTBKBp0+36sd3xcNMTQwMTI3MjAxMjA5 +WjAiAhEA0dM55X7rKqsHZMHtZPOBaxcNMTQwMTI3MjAyODQ4WjAiAhEAtUs1fHgi +wBO3HleH5hEOrxcNMTQwMTI3MjA0MzU5WjAiAhEAnWE7wRoV43ffPqxUQ72uIRcN +MTQwMTI4MDkwMDQwWjAhAhBqxXf8V1XAu0KsiaNZbZitFw0xNDAxMjgxMDI2NTVa +MCECEEoua97dbgFLq0yfyW4KjYEXDTE0MDEyODEwMjcwM1owIQIQPYIN0DJs2JTV +WqgIB3MzfxcNMTQwMTI4MTAyNzEwWjAiAhEAlhcXijVsJl7tEkgixaKbMBcNMTQw +MTI4MTAyNzE4WjAiAhEAyPZA6hsHorTdZzLsZR76IBcNMTQwMTI4MTAyNzI1WjAh +AhA2mSnkzFdyZ5cO71JCv3F8Fw0xNDAxMjgxMTUxMTZaMCECEBI/Q8ZiVmj+K4aO +K9uJwTgXDTE0MDEyODEyNTUzNFowIgIRAIYpK1XAkYH1pu8uk8wm5f4XDTE0MDEy +ODEyNTUzNVowIQIQVLm6bX1i92ggJm7IBke+1BcNMTQwMTI4MTI1NTM2WjAhAhBB +DkCoYHUwvJ6t2IKZ89IIFw0xNDAxMjgxMjU1MzhaMCECEFmCrokn5AZfGns3JvyL +JjgXDTE0MDEyODEyNTUzOFowIQIQOqPhoXqlGryiFuqiApZfaxcNMTQwMTI4MTI1 +NTM5WjAhAhAp1dusxXRSAoQNJhk0hKGAFw0xNDAxMjgxMzM0MTlaMCECEAhv2MT/ +rAxtQM6ziBIO/EAXDTE0MDEyODE1MDI1MlowIQIQMkWipHJg8mOAN+Oio2k3cRcN +MTQwMTI4MTY0MzM1WjAhAhA0H+iJgE9MxZF6QRv2yDpnFw0xNDAxMjgxNjQ3NDda +MCECEDJ2OAONlniDKH89VVD3OG8XDTE0MDEyODE2NDg1MlowIQIQGgIIa85uIqUw +/FamigUjmRcNMTQwMTI4MTczMTQ1WjAhAhAFK4YC5B5hQ9Nca3Ww13BOFw0xNDAx +MjgxNzM3MjhaMCECEFT2kJhSQ42YoLFhj8oGioEXDTE0MDEyODE3NDkwMFowIQIQ +CsUaULyLi0p3mT9PCZhi8xcNMTQwMTI4MTgwMjE1WjAhAhATGy1NWFYiEnrbaSBS +hURMFw0xNDAxMjgxOTMzMjBaMCECEHMGJkToeKl3flhhXzM6Y/AXDTE0MDEyODIw +MTc1OFowIgIRALhb0chRCLpQbUVuat0F+zMXDTE0MDEyODIwMzM0MlowIgIRAMuU +hyXW+jWZGYU2o9LVaccXDTE0MDEyODIxMDY1M1owIQIQUFDNtfXEphPdLJlxwvZq +QRcNMTQwMTI4MjE1MjQ3WjAiAhEAt6zhYFB0uU+q0v4+CSioRhcNMTQwMTI4MjM1 +NDEzWjAhAhAecOZCBFcqO/OHnOnWsGS/Fw0xNDAxMjkxMDAxMDdaMCICEQCseFno +xrDZrDs+wvoXjwqIFw0xNDAxMjkxMzU1NDhaMCECEFvd3ta+eBSwZtY0GeOwdM4X +DTE0MDEyOTE1MTgyOFowIgIRAIIlCC8L2EGbajMmX0+UrAwXDTE0MDEyOTE1Mjc0 +OVowIQIQWGHpTHFAxN/ui9xXdh7UbxcNMTQwMTI5MTU0MzMwWjAhAhBnbx2IUewl +fAYm3ESzU7EvFw0xNDAxMjkxNjExMTRaMCECEEdfLgEaaX31OsYivIdx7+8XDTE0 +MDEyOTE2MzIyMFowIgIRAIiuUNta+6VTh+qwniiP5NwXDTE0MDEyOTE3MDQwOVow +IQIQGL+bTldtWaBfvK+Psy3myhcNMTQwMTI5MTcyMTAwWjAhAhBje2VT28E1hjma +/XHEo2UTFw0xNDAxMjkxNzI1NDVaMCECEFZNtmoTCKH8dFZL0YvGsM8XDTE0MDEy +OTE3MjU0N1owIgIRAIn1Wb0WANH1ESGtwlOPT6MXDTE0MDEyOTE3MjgwN1owIQIQ +NNjS9M0eEUtbmuV8Ca9ysRcNMTQwMTI5MTg0ODQyWjAiAhEAkz96F7hj4kNy8YwA +dEOLBhcNMTQwMTI5MTkwNzQ4WjAiAhEA4yAZzEuYaMzQMyAdvVOt/hcNMTQwMTI5 +MjIwMjIwWjAiAhEAyL7YKm2Fe+iZCyrhjYfahxcNMTQwMTI5MjIwMjM5WjAiAhEA +p76/49KPw4T699IqfkJF7BcNMTQwMTI5MjIwMzI3WjAhAhBLCqwf7NsVbMjfFCnb +w8PMFw0xNDAxMjkyMjAzMzVaMCICEQD0D1HYwy/y9Nl1sTfsdxH8Fw0xNDAxMjky +MjEzNDZaMCICEQCNPTJcgR1/P6KlUfC9IWkjFw0xNDAxMjkyMjE5NDhaMCECEDba +5RU/+3g/qfkC6eJV6x4XDTE0MDEyOTIyMTk1N1owIQIQH55Ktqyq+HE6lEwWwoSx +WhcNMTQwMTI5MjIyMDA2WjAiAhEApjwHShZvdXX4fTV9LPVT5hcNMTQwMTI5MjIy +MDE3WjAiAhEAh+w2Nlws/hrWrQW3V6gwOBcNMTQwMTMwMDQzNzU0WjAiAhEA/Wh3 +hQP66JBq8EY60iMBIxcNMTQwMTMwMTEyNzUzWjAhAhA+Tr4CPyl8HOPCL0vmaVsE +Fw0xNDAxMzAxNDI2NTNaMCECEEBeDJl1OjSNNnT3JNqXUIQXDTE0MDEzMDE3MzIy +M1owIgIRAJbvgzjhih6a5WJCHdCj3f8XDTE0MDEzMDE4MDYwN1owIQIQCZuTCaih +hGh1AknmGUzushcNMTQwMTMwMjAyNDUxWjAiAhEA/CnvLp7yaqfYTuNouMrDMhcN +MTQwMTMwMjAzMzM3WjAhAhBSHN/y3z6dTit0tD4FpQg0Fw0xNDAxMzAyMDUzMzBa +MCECEEVbYg5QJQLPlU3UYi5Yy7kXDTE0MDEzMDIxMzg0MVowIQIQCRoJV/CNjqJy +mmmIHgFbvBcNMTQwMTMwMjIyOTIwWjAhAhB7v0VK2Psx1oBC9F6+O7zmFw0xNDAx +MzAyMzEyNTVaMCECEFhZZZOSwey84Uivu7++PDIXDTE0MDEzMDIzMTMxNVowIQIQ +N8sp2A9JPlciXMLFpulFMhcNMTQwMTMxMDkxMjE0WjAiAhEA3F3u/UsROvfUKfQg +uLftahcNMTQwMTMxMTM1NTA0WjAhAhAbQQbThKjJNihx/IrNVOFVFw0xNDAxMzEx +NDExMjVaMCECEGmmTa/iPvzqRY5g0OnP2iYXDTE0MDEzMTE0MzEzNFowIQIQUnqV +ul43gfgSN836JFo1oBcNMTQwMTMxMTQzNTAzWjAiAhEAynmB7kvvJocFpikbebzP +YxcNMTQwMTMxMTQ1OTQ1WjAhAhAlpXPVUDfh+CmmTLV7FVW1Fw0xNDAxMzExNTAw +MDNaMCICEQCF/q139OnkAbRbkQI4s+ecFw0xNDAxMzExNTIyMzlaMCECEByYq0Nt +6qi/vZgjZGl2u1AXDTE0MDEzMTE1Mjc0N1owIgIRANQlLik8UKwheoIc3OQ1xF8X +DTE0MDEzMTE1NDMwMFowIgIRAN5VZJWU4OTfJXQIfRZL0ywXDTE0MDEzMTE1NDUz +N1owIgIRAOaKQFecCcdO2I669PpZ8zwXDTE0MDEzMTE2MDU1NFowIgIRAKcHvJYE +ZJfrq7E6H6EQ0QYXDTE0MDEzMTE3MTMyOVowIQIQNDsW4LWyRCQcwLxTiEXerBcN +MTQwMTMxMTcxNzE0WjAiAhEArnEOAWDDnekngIxSbMrCbRcNMTQwMTMxMTcyNDQy +WjAiAhEA7v0isxYrNQPsY/n4yD1zuRcNMTQwMTMxMTcyNDU5WjAiAhEA4x2K54j5 +SipIQOxaYQXuKBcNMTQwMTMxMTcyNTE4WjAiAhEAq5tmo/n3eUliDSHI5ZYfhBcN +MTQwMTMxMTg0OTM3WjAhAhBPkG3s0COSp1x+l/3ldJujFw0xNDAxMzExOTE5NTha +MCICEQCam1WcBUIDR52nMWym9Rf0Fw0xNDAxMzExOTI1MzdaMCECEErstzIktq1d +lg9zTVvhqgMXDTE0MDEzMTE5MjY0MlowIQIQU0bqCS23ECe0XZRXEyhuVRcNMTQw +MTMxMTk0MTQ1WjAiAhEAv9p9harUhjOpCZLzSt0ujRcNMTQwMTMxMjEwMzMzWjAh +AhBpfaOc5Uj7YwNn9TNL8nESFw0xNDAyMDIxODE1MzNaMCECEHHjW1AegLS2RR/H +ZHMzGEwXDTE0MDIwMzA4MDYxNFowIQIQJW4zQ/0wcBF/xptu7QIlKhcNMTQwMjAz +MTMzODE0WjAiAhEAr6ilScHuIa3iZwm5l8L4lRcNMTQwMjAzMTM1MzIxWjAiAhEA +8JN33mYU7XCvjCybzCT8gRcNMTQwMjAzMTQ0NDM1WjAhAhAW0NBjbZZ+bftUrbV0 +6trRFw0xNDAyMDMxNDQ0NDhaMCICEQCoxmKqiwLdxoESq+u9Up6iFw0xNDAyMDMx +NTMxMTFaMCICEQCqu0f2O2s8U/0RPdJxL/E0Fw0xNDAyMDMxNjM4MDRaMCECEAf9 +xYzL1QO+Dpc/PJp+1hMXDTE0MDIwMzE4MTkwNFowIQIQJUbueCQUpaIB9+fMF4nk +KRcNMTQwMjAzMTgyMjQ4WjAiAhEAwaA/+gM3vTodW8WZCMe9aRcNMTQwMjAzMTgy +NDQ2WjAiAhEAkKRfSZWAVKpLkNkkzpdyRhcNMTQwMjAzMTg1MjI4WjAiAhEA+evQ +WhEvvxZmIy14jqZ41xcNMTQwMjAzMTkwNTEwWjAhAhB3XDUsWiZgpEoa9RXPR/RQ +Fw0xNDAyMDMxOTA5MDJaMCICEQCgSr5jkSiVUTXkDQmfSU/uFw0xNDAyMDMxOTM2 +MjhaMCECEHLwXyxD2XfdNSMcyyp6UuUXDTE0MDIwMzIwMzgwNVowIgIRAOaO/tEm +lUAe/e7gNVyIUQoXDTE0MDIwMzIwNDQ0OVowIgIRAPiiOEKc4hndpMX4D7gcwjgX +DTE0MDIwMzIwNDc1M1owIgIRAInks1xKvkWpFmPcA3NYdT8XDTE0MDIwMzIwNTM0 +N1owIQIQWGONbMVzBffbl3rRMb69lRcNMTQwMjAzMjExMjA4WjAhAhBLSwAMV4Gr +GARbaJIFRwbRFw0xNDAyMDMyMjEwNTNaMCECEDHZgGIrPHkJK+U/cN4Xg9EXDTE0 +MDIwMzIyMTA1OVowIQIQDNGBLLu+VPbkaZm/NNvHJxcNMTQwMjA0MDcwODIxWjAh +AhAAntoCXvm+aZjicHVSFA8dFw0xNDAyMDQwNzU3NDRaMCECEH/Qg/HG9nK1h4KM +0NIbNsUXDTE0MDIwNDEwNTUyOVowIgIRAOybG+aJfNIget4FNIEfNm4XDTE0MDIw +NDEwNTUzMFowIgIRAJDHqhz2q/KpUO2aSP74vnUXDTE0MDIwNDEwNTUzMFowIgIR +AManHwN+p9xz7JEMQx2m4UIXDTE0MDIwNDExMTUwNVowIQIQUBJfei4gybHF/fot +tpdfjBcNMTQwMjA0MTE0NTM5WjAiAhEA52KcvuPDy/tqNgedP9CNDRcNMTQwMjA0 +MTE1MDE2WjAhAhAtZ7lGqf7ctVn0LGZImEXsFw0xNDAyMDQxMjAxMThaMCICEQDT +IWC74HfcKeue0zEqAJvRFw0xNDAyMDQxMzUzNTBaMCECEHHgVSo98Qmjcp9j0cpP +wEQXDTE0MDIwNDE0NDI0MVowIgIRAPfPNWGzH6mF9BiNsvVGNMgXDTE0MDIwNDE0 +NTA0NlowIQIQKI0bgNXLsreqcagkhXYEPhcNMTQwMjA0MTQ1NjQ2WjAiAhEAwGGR +Rx7VW5zmn3HO5sN4/RcNMTQwMjA0MTUwMDA4WjAiAhEAmZL49dj8TdICvnCCXdpB +xhcNMTQwMjA0MTUwNjEzWjAhAhA8Of8v9d3xM0u1/qU4QgSjFw0xNDAyMDQxNTA3 +MDBaMCICEQCKrDJ8vkRzQTd2ovvHeVJlFw0xNDAyMDQxNTQ2NDZaMCECEF8NpWkk +nOm0ri1rxWNFd28XDTE0MDIwNDE2MjMzM1owIgIRAL7Ri9NT9xAXZNwU7B5IDiIX +DTE0MDIwNDE2MjM0N1owIgIRAJVp00ZD6BH3FNwnbV3SmwAXDTE0MDIwNDE2MjQx +MFowIQIQVkk1W5Kc/FzMN1aoeAD1QhcNMTQwMjA0MTYyNDIwWjAhAhBYojmCptF+ +sKYeE45n92QUFw0xNDAyMDQxNjUwMzNaMCICEQDEmy3dSdYYu60+SqLa5+sgFw0x +NDAyMDQxODEwMTVaMCICEQCkk+fNtBAwpXGHfKnKx67dFw0xNDAyMDQxODEwMjVa +MCICEQDgzMBR09ommRhQtasz0c9bFw0xNDAyMDQxODEwMzdaMCECEDkFIpuP8eIR +yqqC/5zKjZ0XDTE0MDIwNDE4MzgzN1owIgIRAIYK/gPDJmvNGeGfM+RWXSAXDTE0 +MDIwNDE4NDU1NFowIQIQJmvSS4Iue0X+1HMg/DPEORcNMTQwMjA0MTkwNzA1WjAh +AhAVvepmkbHPO4ylvf8l6PzgFw0xNDAyMDQxOTEwMTFaMCECEEnvkeZNxHoZKMly +FICkslIXDTE0MDIwNDIwMjkyNFowIQIQEl8vlVxFy6He9ybgzLT1ihcNMTQwMjA0 +MjA0NDQyWjAhAhBX44UWsNtRVFV0+xftaG+kFw0xNDAyMDQyMTAxMTdaMCECED3g +4CMIOogd25ka5+Km21MXDTE0MDIwNDIxMDYwNFowIQIQNDpzdBaodVAanFUD4P6o +XhcNMTQwMjA1MTI0NTM4WjAiAhEAiqu9gukueO9Ot8hgHFT/KBcNMTQwMjA1MTUz +MjMwWjAiAhEAtWvvbszpY4GCqqg76apAoBcNMTQwMjA1MTUzNjMwWjAhAhB/duwX +eY3eGx/JdHVxwtruFw0xNDAyMDUxNTQwMzJaMCECEDhxNx2bfxw0+jdBGu0ZcAkX +DTE0MDIwNTE1NTAzMVowIQIQaIr3HoK5ySkHQxorO3jhDxcNMTQwMjA1MTU1ODQy +WjAhAhAjAQfsXEKZPLbjIs7aq6yeFw0xNDAyMDUxNjAwMjdaMCICEQCgaBu3v1mx +m3WK8TdjV8TyFw0xNDAyMDUxNjE5MTZaMCICEQCk6P/zd/g7CaLn9C8mJVD1Fw0x +NDAyMDUxNjI3NDBaMCICEQDiuB0EjGPZu5Fjpe6cQpi7Fw0xNDAyMDUxNjM4MTda +MCICEQDlO8DAGUlG0iNM56iIJpIkFw0xNDAyMDUxNzAxMjJaMCECED5bkrb799nx +AGVo0gYdeSYXDTE0MDIwNTE3NTAyNFowIQIQaA60u46m4UsNh3YBbByOJRcNMTQw +MjA1MTc1MDI5WjAhAhBbnVE8MRIw9hurEAPXAgozFw0xNDAyMDUxNzUxMTZaMCIC +EQD0YMXhP5cSC3ArHDSy+ZkwFw0xNDAyMDUxNzU0MzNaMCICEQCXAXR6reDn+ULW +3XIhI+jpFw0xNDAyMDUxODAyMTBaMCICEQCku5MR5QA6ZDRWIgv7z7hPFw0xNDAy +MDUxODEyNTdaMCICEQDSNFgmVTDq2QKHWWmAHnwHFw0xNDAyMDUxODU5MzRaMCEC +ECYxL/jBL14pVjFEB1Th3DcXDTE0MDIwNTE5MTc0MVowIgIRAIplb1cPdoQgT9rq +mTepr8QXDTE0MDIwNTE5NTYyM1owIgIRAMnGax6xpnD+Gsj9E1Co4GEXDTE0MDIw +NTIwMDgyOVowIQIQbn/zsMXWptJ5QCkAA2weABcNMTQwMjA1MjAzMjU0WjAhAhBp +JDyGVn5RO1oQjqsSNnMmFw0xNDAyMDYxMTM1MDZaMCECEGM0apEgxWXWrYmAv+Cd +t9wXDTE0MDIwNjExNTcyOFowIgIRAIDX0jUgxJ/1ncaImd2gvSoXDTE0MDIwNjE0 +MDA1M1owIgIRAL8nZVJppnfcdzBDFZLEm5IXDTE0MDIwNjE0MjkzMFowIQIQJlLy +Nt2Oe18nvhPEy5F9KRcNMTQwMjA2MTY1MjUzWjAhAhAoWjQJXapYMRD/sprBwICU +Fw0xNDAyMDYxNzA0MjlaMCICEQCA9lJT9Z9OiylwVIk45aJeFw0xNDAyMDYxNzA2 +MDZaMCECEDIAKJ5ML3HxSGaRz79OMU0XDTE0MDIwNjE3MTI0MVowIQIQUF+CBnxY +oZLWMA2YvqDY3hcNMTQwMjA2MTcyNzA5WjAiAhEA7WqtH9+UL0vuft9Bzl2FlBcN +MTQwMjA2MTczMDIzWjAhAhB24GCUHgNO0gXxsRBpNnu9Fw0xNDAyMDYxNzQzMjRa +MCICEQDUU+yHTzF70y8CxtCX4nPgFw0xNDAyMDYxNzQ0NDVaMCECEDo4/VK+wfg6 +upo5ntudjPAXDTE0MDIwNjE4NTgwM1owIgIRAKKQxsUGFm+vJC/DKAPnFEsXDTE0 +MDIwNjE4NTkxMFowIQIQdzqFljcl2Zmwi07zC2cNRxcNMTQwMjA2MTkyOTE0WjAh +AhBYy/3El3aQiEllyEaAdowPFw0xNDAyMDYxOTMwMDRaMCECEGWlezZdwArgtMz1 +3ILAxfEXDTE0MDIwNjIwMTUxM1owIgIRANyb8hun/zWjnXoMFSYW7dAXDTE0MDIw +NjIwNDAwMFowIgIRANDTn7MPnW2LiewuUk0PmfIXDTE0MDIwNjIwNDczNVowIQIQ +bV9ErI1ENPQ+yMfNyO74BRcNMTQwMjA2MjEwMjA3WjAhAhAJBJ/xuAdqvCMUtfLl +FS3SFw0xNDAyMDYyMTA1MDVaMCECEGqkwYvn7uSb/ZQ7GRdtrVAXDTE0MDIwNjIx +NTAzOFowIgIRAKt4Qy7epQW6rygPgtologQXDTE0MDIwNjIyMDEwMlowIgIRAKk7 +xFQwLmxO3DE91vm2p4IXDTE0MDIwNjIyMjUyOVowIgIRAMj2JsoynTQvrKBf7Dr5 +SzMXDTE0MDIwNjIzMjUxOFowIgIRAJovHSaH5GEo5r5Tgor+xPIXDTE0MDIwNzAx +NTgwNlowIQIQcWMY/ZeJHHgQgJXsrmWZDRcNMTQwMjA3MDgzMTUzWjAiAhEA9d+Y +oEcDeTbmHKvQrGLGxRcNMTQwMjA3MDkwMTE0WjAhAhAe/PYNic8OAHv+voBBUM8O +Fw0xNDAyMDcwOTEyMTdaMCICEQDVxfWxRt97USRDBYs5iVjoFw0xNDAyMDcwOTIz +MzVaMCICEQDidGOc7DLkyL8E9wHWeG1LFw0xNDAyMDcxMDQyMTNaMCICEQC8ni0/ +CkJ3qsLWWg4eWnkLFw0xNDAyMDcxNDU3MDhaMCICEQDYQSh21Qk60ENVwPYO82uj +Fw0xNDAyMDcxNTQyNDZaMCECEGzc4SdTSqqllc625w1GmSsXDTE0MDIwNzE2NDQw +OFowIQIQXl+GzmNAdq11ccUsn+xRQhcNMTQwMjA3MTY0NzAxWjAiAhEA2rXvpApr +ksPQqIYhrsR/dRcNMTQwMjA3MTczNTI4WjAiAhEAivxtWAa6yA3YdSA9RZ8I6RcN +MTQwMjA3MTc0ODA4WjAhAhBXpaoUChRYttvq3zYu5bAqFw0xNDAyMDcxNzQ4MzZa +MCECECjKbSFAH9x79wdZCDZ0mrwXDTE0MDIwNzE3NDkyOFowIQIQCLiD5/NOLKTc +PSRvcdia+RcNMTQwMjA3MTgwMDM3WjAiAhEAnE9vn/mWH0z4UOyUxzbJ/xcNMTQw +MjA3MTgxMTU0WjAhAhA4u79YJ8L2ndt0vnj+tQXeFw0xNDAyMDcxODM2NDZaMCEC +ECG6UeyAC/KMLn7sx/e2EDAXDTE0MDIwNzE5MzcwM1owIgIRAIsrkFNMCg+aU3O7 +JFjvNfUXDTE0MDIwNzIwMjAxNlowIQIQWHJxXHucWU31g4iqB4XtqRcNMTQwMjA3 +MjExNTM2WjAhAhApTbBbxDiNSsnEW3iypZ+3Fw0xNDAyMDcyMTM4MDRaMCICEQCo +Hez+9/WQWNz94kTC/R63Fw0xNDAyMDcyMTM5MTVaMCECEGJofyCTRW6lkI50Hdtx +sXgXDTE0MDIwNzIxMzk0N1owIgIRAInmVpd4lbBD+c4IeTM2WowXDTE0MDIwNzIx +NDIxMVowIgIRAJCsWGkf+tNUNvkqNfSPhKUXDTE0MDIwNzIyMDQzMFowIQIQCqeB +Zxb0C7dlCwaFbatjnRcNMTQwMjA3MjMxODAxWjAiAhEAvzBhuEAsyhx6KjBFyjDU +KBcNMTQwMjA3MjMxODM2WjAiAhEAz6fVOiXLN+GKxzu+56R4lBcNMTQwMjA3MjM0 +NTU3WjAhAhAj6ea6AalUW4K2GSx/eerOFw0xNDAyMTAxMTIwNDVaMCECEDGBfpPE +efxM0pc4SohEoDYXDTE0MDIxMDEzNTc1MVowIgIRAIIlOTgTd0IqLjsnfcsmzCQX +DTE0MDIxMDE0NDIzN1owIQIQBrEuNBsgb7u16BWeTO8/8RcNMTQwMjEwMTUzODA4 +WjAiAhEAi/dSWYUmGylOS9v2DJEHfRcNMTQwMjEwMTY1NTE1WjAiAhEAmJfijl5t +tqgbIF8gMh5vsBcNMTQwMjEwMTgzODQ4WjAiAhEA6NtlbihuY4QAeRwQbPVz+xcN +MTQwMjEwMTg1MjExWjAiAhEAiG4o+TRvp0dwxN7CGbUvcBcNMTQwMjEwMjAxMzA5 +WjAhAhA1IAdIKDImBbXPdO1LKiZdFw0xNDAyMTAyMDEzMzVaMCECEFKwZR8DHr8D +0CPb27NEhroXDTE0MDIxMDIwMTM1MVowIQIQIwqC9cOKHGdK9yi3nthR9hcNMTQw +MjEwMjAxNzI3WjAiAhEAwgFIMLhdAbZ2c9IOs3fxTxcNMTQwMjEwMjAzNTAyWjAi +AhEA1kCRytKQDjSJCSs9fUA37BcNMTQwMjEwMjAzOTA1WjAhAhBQUd8S60wnIAS3 +wiI1sxxuFw0xNDAyMTAyMDU3NTVaMCECEG5orbagvztshjpS2rrl7pQXDTE0MDIx +MDIxMjQyNFowIgIRAIgSGP7KIJIJAFROEkggJWIXDTE0MDIxMDIxMzY0MFowIQIQ +Q1o709YmXRzwrpsJOlVBZBcNMTQwMjEwMjIyNDQyWjAhAhAKVxe4C2TdELCKzB9a +cwD/Fw0xNDAyMTEwMTUxMzdaMCECEF8OBdnWEz7l33ATY2zRMdMXDTE0MDIxMTA4 +MjIxOVowIgIRAJKDqK1E1wYMJ2uDuDyGs8IXDTE0MDIxMTA5NDgyNFowIgIRAJNb +MKJmP2bqNEu8YctYkWEXDTE0MDIxMTEzMzA1MlowIgIRAPsoJSX3jCGmF/wPoOfo +35UXDTE0MDIxMTE0MjU1OVowIgIRANYLVIdvmIpKZO/2w7vk9AYXDTE0MDIxMTE4 +NTEyMlowIgIRAKzq05rWhwdn5aWX5GkepqcXDTE0MDIxMTIyMjQxM1owIQIQUpD8 +T6wOUVKjVkgWSG3TWRcNMTQwMjEyMDUwNDI2WjAhAhAVKI1abdHDpbxphiZVos44 +Fw0xNDAyMTIwOTQ2NTFaMCICEQC1i1mFsZa5lQ5MfZp6y2HsFw0xNDAyMTIxMjM1 +NTZaMCECECkPPq+EbdDIHoBa2bC2t3UXDTE0MDIxMjEzMTgwN1owIgIRAKdVPLv0 +RjuBiZFDxHJnvEkXDTE0MDIxMjEzMzAwOVowIgIRAJ+QBDd9netb/T5enM7escQX +DTE0MDIxMjEzNTkyOVowIgIRALfuqZwTCT+p56KXuXQwrwAXDTE0MDIxMjEzNTk1 +NVowIgIRAKJzcxYgqQ4RaCUKovVxdQsXDTE0MDIxMjE0MDAyMVowIgIRALRfm+qX +yJ58UiSDktCC9KsXDTE0MDIxMjE0MDA0MFowIgIRAK2VkFbHYZ34YW4zdYSb8MsX +DTE0MDIxMjE1NDk0NFowIgIRAP5X754manJd2epjIQCQnyoXDTE0MDIxMjE1NTU0 +OVowIQIQT0h4UcP5YPyv9fiAS6K4VRcNMTQwMjEyMTcwNjU4WjAiAhEAqcY+TCtB +gXdjPe0aVm4GCBcNMTQwMjEyMTczMjM3WjAiAhEAq5dkdUFJE0ASL31EjzVfrhcN +MTQwMjEyMTc1NjQ3WjAiAhEA/Dw/7qEtODy2fp/OoIpovBcNMTQwMjEyMjAzMjU2 +WjAhAhAeaXflJWJja6W/iAJ1cd0AFw0xNDAyMTIyMTEyMDJaMCICEQDzV/yUU2GD +pR5UzGAgje/CFw0xNDAyMTMwODA2NDFaMCECEC17TNFPRKmka8ZwENipri4XDTE0 +MDIxMzA4MTczNVowIQIQH6Ho7bwAj+PnDCSZyzYELBcNMTQwMjEzMTQzNDI1WjAh +AhAr8GgaduWS/95oLE12RxTYFw0xNDAyMTMxNDM4MzNaMCICEQCMAFmY41Xv9PB9 +PDJXl2NmFw0xNDAyMTMxNDU0NDdaMCECED43GloQnUb/cy9WT8h6aSAXDTE0MDIx +MzE1MTYwNFowIQIQGx1dsmauGo1rLUbf7AsM2hcNMTQwMjEzMTUxNjI3WjAhAhBv +/JFfL0en4dDQTrSIFqYmFw0xNDAyMTMxNTMyMDVaMCICEQDAZZ5MDRCovYFtNRrm +/8n7Fw0xNDAyMTMxNTMyMjhaMCECEBCa06UGo0jo0XSPd16/vWIXDTE0MDIxMzE1 +MzUwNlowIgIRALkP8HNfdD9+d9rCeshgQVcXDTE0MDIxMzE1MzkzMlowIQIQHdMo +afsn2yge4IxqOPGs4BcNMTQwMjEzMTU0NzExWjAiAhEAzsCFhxqMJTg1izFpGKi0 +rxcNMTQwMjEzMTU0ODU2WjAiAhEA9zQDF6+sXAYn+2nPblnexhcNMTQwMjEzMTU0 +OTU0WjAiAhEA4FDSEtUXz5GZ6cRMMxdTDhcNMTQwMjEzMTY0MDI3WjAhAhBxQV8i +Y/aGSLV3sMbNghpaFw0xNDAyMTMxNjQxMDhaMCICEQDOHd9vXBIHiSh4Wt4m9eXT +Fw0xNDAyMTMxNzE1MTVaMCICEQCeH+wMwgqcdaXVq/SOzBErFw0xNDAyMTMxNzI0 +MThaMCECEE9XM3iIUH10ZyBbV9ZsL/8XDTE0MDIxMzE4MzE0NlowIQIQOAkiQQsv +8CJQrjELAefAaRcNMTQwMjEzMjAyNDM4WjAhAhBh5tXdbyqa8b2zjibSLJN+Fw0x +NDAyMTMyMTEwNTdaMCECECT1sFAB0Tw735uZ7lyCdKgXDTE0MDIxNDA1MjExNVow +IgIRAJhsvdE1FVJpNC3pH/AtuZ0XDTE0MDIxNDEyMTI0MlowIgIRANRyCXVa7JIT +w/Y/AZInzQYXDTE0MDIxNDEzMzMyNVowIQIQMkXLUy0zTp8r0FTFGkLOmRcNMTQw +MjE0MTUyNDUyWjAiAhEA1xbMlCM8P4VKPpwE4eet1RcNMTQwMjE0MTU1NzI2WjAh +AhBwemR27AFfdSQYRZxBGVBjFw0xNDAyMTQxNTU5MjFaMCICEQDhSV8XToj6+8/h +Rij3NgmpFw0xNDAyMTQxNjI5NThaMCICEQDlzcMt2v1qG1pDl4kcGyrNFw0xNDAy +MTQxNjU2NDhaMCECEF5wDcZ5ZRX8K8SFjjPlK7UXDTE0MDIxNDE2NTcwNVowIQIQ +G01IhrrMJ0fuNwtjfquJrRcNMTQwMjE0MTcwMDQ1WjAiAhEA0cytCXhmjdJc0fsE +WlvAgxcNMTQwMjE0MTcwMTAzWjAhAhAvTTbJ0eSiLnbdjnoUz7M2Fw0xNDAyMTQx +OTMxNDJaMCICEQD9SjS8O4nRPDKxRUWT8w4dFw0xNDAyMTQyMDQ3MzNaMCICEQCM +nlXAJDjxuCiPbFxVnlqyFw0xNDAyMTQyMDQ3NDJaMCECEHt1E6YJr7zMaYRRawAs +H9sXDTE0MDIxNDIwNDc1OFowIgIRAKomNcLVW/0nH2dvxLbGVeoXDTE0MDIxNDIw +NTE1MFowIQIQXm63zo4WYup/pjZNjJNbVhcNMTQwMjE0MjEwMTA1WjAhAhAfcJoN +dD6g9DQAozjHlqIfFw0xNDAyMTQyMTE1NDNaMCICEQCujgjfwiG+kvTK5jIg8gtA +Fw0xNDAyMTQyMTQ2MThaMCICEQD0d8QzCrzPPAxeRjUixl+NFw0xNDAyMTUxMDMx +MzJaMCICEQDurYms1VwerYF0n/mdbWduFw0xNDAyMTYyMTM0MTNaMCICEQDvSTMa +uoyKqCrkhURUzEW4Fw0xNDAyMTcwODAyMDBaMCECEEUeEzNFurCzgi3aKG5uAX8X +DTE0MDIxNzA4NTU1NVowIgIRAPj6MqVVaDfn3rkWeKhoXVIXDTE0MDIxNzA5MTAz +NVowIgIRAN1il/v28H73tk4mM+CwiEoXDTE0MDIxNzA5MjAxNFowIgIRAKOuDVYz +fv/RbrigfyEjcqEXDTE0MDIxNzA5NDgzNVowIQIQFRZEWAId7zvkgj0NPySiLBcN +MTQwMjE3MTQwMzQ3WjAhAhAGE9asA3lActCHxuv46SyCFw0xNDAyMTcxNDQ2MTha +MCICEQCK/TwggmoQLAvUtTn6yMzdFw0xNDAyMTcxNDQ2MjdaMCECEBt/qalTtuJ6 +/VCc76o/N+EXDTE0MDIxNzE4NDgyMVowIQIQc55XQqCCRu2YWsi9Ngq4QRcNMTQw +MjE3MTk0NDAwWjAhAhBPgxdXuFslRUWGmID0bgk2Fw0xNDAyMTcyMTUwNTVaMCIC +EQC1GIzIKEMmWNUpsHiUJD3xFw0xNDAyMTcyMTUxMDFaMCECEHPs3kkQ6rByYk7O +q6vbluwXDTE0MDIxNzIxNTEwN1owIQIQAV8XFdoZ1eAJT5jDkhnWwxcNMTQwMjE4 +MTAzMzU4WjAiAhEAyPVeOqJAVgXgFVqmrB3aKBcNMTQwMjE4MTAzNDE3WjAhAhAj +RpeDzKDliVrJ1eMApm1aFw0xNDAyMTgxMzAzMzFaMCECEEIG5Wc+fNJukszaPuO3 +wMAXDTE0MDIxODE0Mzk1MlowIQIQU8uWw06s6CuyAqxRcicPRBcNMTQwMjE4MTYw +OTQ4WjAiAhEA5nH06r++5zGbmDDrfZlTvBcNMTQwMjE4MTYyMDU0WjAhAhB63zKN +apdwdhpB83sqqNwpFw0xNDAyMTgxNjM5NDFaMCECEBivlYmpj8IiozwMM/HoAtkX +DTE0MDIxODE3MTgwOVowIgIRAINB/+hRq9Vx/QA/qgJjpAoXDTE0MDIxODE3MzIx +NlowIQIQM89HeNy5JjDCMxsyh7P39RcNMTQwMjE4MTgzODQ5WjAhAhBye0AFZ8sJ +d7AaIo42GCARFw0xNDAyMTgxODQ1MTZaMCECEAnVfYVTlx24UZSO8lTFWUkXDTE0 +MDIxODIwMzE1OFowIQIQM0ItCBcl6LWTbM+ySEQxkhcNMTQwMjE4MjEwNzU3WjAi +AhEAg6ybwdDQjfFTE9W1kIb5OhcNMTQwMjE4MjE1NjEwWjAhAhA8+ADf/JRmZ3z9 +o4i/e+uEFw0xNDAyMTgyMTU5NDNaMCECEHWp5IkkyYpl62v/fHcqrKcXDTE0MDIx +ODIyMDE1MFowIQIQWhDYopv9ocLRwCcSSuldLhcNMTQwMjE5MTIwOTA1WjAiAhEA +zfBqzhOTyCXlADD/yXNJXRcNMTQwMjE5MTI1NDIxWjAiAhEAm+Wkzh0siYtJkx3t +RZRWLBcNMTQwMjE5MTI1NDMxWjAhAhBQ/+ydG7cu5WTlXk4ZQxkNFw0xNDAyMTkx +MjU0NDRaMCICEQDMiPQL6tiFmAWvwcC3VGMWFw0xNDAyMTkxMzA2MzNaMCICEQDa +rawOh4NXyYNeelnjz2pYFw0xNDAyMTkxNTIxMTJaMCICEQDbVHej8avu1H2dI6aS +p556Fw0xNDAyMTkxNjM3MDRaMCECEHKqK0LWQVkzz85/L9/0/lAXDTE0MDIxOTE2 +NTgzMVowIgIRAJYIvs1K8qykfRVYBxxK9C0XDTE0MDIxOTE3NDI0M1owIQIQUOu8 +h/HM761NtLwmuUh91xcNMTQwMjE5MTkzMjA2WjAhAhALThl/vNo1+ngcWvnGf+CJ +Fw0xNDAyMTkxOTQwMDRaMCECEE475+ek7m6rqso+s8hvzSYXDTE0MDIxOTIwMDMy +OFowIgIRAPEopN5X1ohGqfCSN1av6BsXDTE0MDIxOTIwMDQ0NlowIgIRAMZnH6eA +U4Avffikp+egRPMXDTE0MDIxOTIxMjczOFowIQIQCm/gufF274EKznKjCC5EnBcN +MTQwMjE5MjEzNTI2WjAhAhABv1Xbkh1WbhrnhUmVwXWWFw0xNDAyMjAwOTM0NDJa +MCICEQDpJViZE/1yhQM+uBYBS6ksFw0xNDAyMjAxMDMwNDZaMCECEAyq0ij/7y8Z +gwGsiec3OFoXDTE0MDIyMDExNTE1NlowIgIRAJ1Oq7FTi/AeZYZ5kb9CsGcXDTE0 +MDIyMDE0MzI1MVowIgIRALQO8nh8w90olh/3EI1n7JAXDTE0MDIyMDE0NDQyOVow +IQIQB+DTlZ/i1ihyNbcoBbDlWhcNMTQwMjIwMTQ0NzU5WjAhAhAeYnyt2cYEjPXJ +M8YnFX5CFw0xNDAyMjAxNTU0MjBaMCECEGCo1s43HI/uX4YmVWUS9YAXDTE0MDIy +MDE1NTQzOVowIQIQcKea3TL066Tkroy2rRpGnhcNMTQwMjIwMTU1NTE0WjAhAhAg +dhiPBBd88AQx0lTzDv5MFw0xNDAyMjAxNzUxNTBaMCICEQC17mFQQ6SjRmoCmWym +7q2tFw0xNDAyMjAxODM0MDhaMCICEQCUAfZGRO0ckLCV9ngB6pbfFw0xNDAyMjAx +ODU5NTdaMCECEDFrFO4K68pobQfdtebMrEUXDTE0MDIyMDE5MjI0M1owIgIRAPdJ +KQh0anVd06VLYjWBAUYXDTE0MDIyMDE5MjQ0NVowIgIRAKi2hxB2ycujCvUc8t1U +i8oXDTE0MDIyMDE5MzczNlowIQIQIaGy8T4kR1/oDK7fwtOfHRcNMTQwMjIwMjAy +NjA1WjAiAhEAzBnUZfMrXmMO5Xb2MoIVJxcNMTQwMjIwMjEwNDEyWjAhAhBEriuC +k9j1K3JIU3V39QC9Fw0xNDAyMjAyMTM3NDRaMCICEQCrK25qlS8J1Ln+4d0ySX9g +Fw0xNDAyMjAyMjEwMzNaMCECEHROYNLLBDY/9PNHPsUsCBQXDTE0MDIyMDIzMzc1 +N1owIgIRAIm6SXt7q+bwcjOZAf94OVcXDTE0MDIyMTA5MTMxN1owIgIRALjteeYW +h7/TteG6ka9KZMgXDTE0MDIyMTA5Mzg1NFowIgIRALLhh0zmuW+gNZlhCqP1xtkX +DTE0MDIyMTA5NDQ1OFowIQIQKE3P9m46UYsZxY7NkdNO3hcNMTQwMjIxMTEyNjA3 +WjAiAhEAqPidYjft5arssLqpu1KyzBcNMTQwMjIxMTIwMzE0WjAiAhEAhsd9xuk1 +Gzb4QtEdl96qahcNMTQwMjIxMTI1ODI3WjAiAhEA79fee/JSUq+gwSvoWt/q7xcN +MTQwMjIxMTMzMDUzWjAiAhEAsmvI50gZfGP0ObF3yIvlAhcNMTQwMjIxMTQwNTE2 +WjAiAhEA0YPyX2xzOK0p4T3nn11qmxcNMTQwMjIxMTQyODE0WjAhAhAfoQWXp6WK +uIXaxblvmAgiFw0xNDAyMjExNTU5NDVaMCICEQDg96EXYf/wcHRIh1Ac4WgyFw0x +NDAyMjEyMDE2NDJaMCECEEy1xaTGa7J5xeE7N0Lh11cXDTE0MDIyMTIxMDUwOFow +IgIRAPDLiDDg0mXSNqE2+1pZSO4XDTE0MDIyMTIxMzQyMFowIQIQZP/KVFrz6lbN +JuqW1SqN5hcNMTQwMjIxMjEzNjAxWjAhAhBewBzr7N6Qv+EQ8KGsn6DFFw0xNDAy +MjIwNTA3MDBaMCICEQDirwLB+BaXwo8jj+Kd45PUFw0xNDAyMjIxNzEzMDJaMCEC +EDXVDeNahxEgfPramjbNIbAXDTE0MDIyNDE1NDkzNlowIgIRAMyBRv2AYKPBcUMJ +YglC6goXDTE0MDIyNDE3MzM0NlowIgIRAIXRBV/UVLLp97gzFC89Oe0XDTE0MDIy +NDE4MTI1NFowIgIRAKz6AgJKxRuiNCMROhwl4TQXDTE0MDIyNDE4MTMxMlowIgIR +AN4Ih2wnmlSo3/HKPrBDvMsXDTE0MDIyNDIwMDUzOFowIgIRAOckcQlOQXq7G7nj +5uhNt+gXDTE0MDIyNDIwMzUzN1owIgIRAMJwoCOdJGC0Dp/0BvjsyTcXDTE0MDIy +NDIxNDcyOFowIgIRAPL9OabFm6puscskcOfFKfAXDTE0MDIyNDIxNDczMVowIgIR +AIgk19TgKfLHK1n2bUUu+ygXDTE0MDIyNDIxNTAyMlowIgIRANGjU72WC3IoK/WF +c0S9rFkXDTE0MDIyNDIyMDQxM1owIQIQbpVvcgKLXpGmoOESDxVSihcNMTQwMjI1 +MDIwNzIyWjAhAhBCiDU+esA4ESGh3B/JIgRmFw0xNDAyMjUwMzI0MTdaMCECEFz3 +rlVdtZ3C98Vn4ZtU/qcXDTE0MDIyNTA4NTc0NVowIQIQKh/QLt/oyooELQKWvc7f +pxcNMTQwMjI1MTIyODI2WjAiAhEA59q4jkr+NT85r2xZv0E5OhcNMTQwMjI1MTMw +MTUyWjAiAhEAlhu1qJb3dP6yDyzQKvojKxcNMTQwMjI1MTUwMDQxWjAiAhEAgPvG +moKZOC+G72oy/PT2LBcNMTQwMjI1MTUzMjEwWjAiAhEAkmfIGpMpw/+Smq5CWdwQ +QBcNMTQwMjI1MTUzMjM0WjAiAhEAsgVm99mQ96nP2P609AORsRcNMTQwMjI1MTUz +MzEyWjAiAhEA76QycZSE0Zxt8Hb724F0sBcNMTQwMjI1MTY1NjA0WjAhAhB9LOv9 +gZPI+snrZwapWBL+Fw0xNDAyMjUxNzEzNDJaMCECECx+wNl09jIbu9XvMlx3wD4X +DTE0MDIyNTE3MzIwMlowIgIRAMX4kB6FxBx8u/rZwNW+9FkXDTE0MDIyNTE3NDMw +MVowIQIQB8dYhRGaNIW5RFrX7zNz8RcNMTQwMjI1MTc0NTM2WjAiAhEA8NGRGAxL +Sc7ZyOWz9dCllxcNMTQwMjI1MTc0OTE0WjAiAhEAtkfOCi9DlAgCG6Y3TAxUCRcN +MTQwMjI1MTgwMjUxWjAhAhAVrAess889PD141fUluaeEFw0xNDAyMjUxOTQ0MjRa +MCECEBT/PuNPtmn5vxuJUaFB57IXDTE0MDIyNTE5NTg1MlowIQIQLykAJ4L8dcNh +XmNzmDKRkhcNMTQwMjI1MjAwODU3WjAhAhA4VfXMeFgyUC9I9p23h2U5Fw0xNDAy +MjUyMjMxMzFaMCICEQD3pLc4K3zpiY5ADU2Qa0YpFw0xNDAyMjUyMjMxNDVaMCEC +EHQMcHwEEglWMcpKIYlhu4AXDTE0MDIyNTIyMzE1N1owIgIRAN5wL0HEvt7DJfcg +UvzKdMAXDTE0MDIyNTIyMzIxMlowIgIRALD95RvzTTcQKuCgnawfb8sXDTE0MDIy +NTIyMzIzMFowIgIRAIKLofWY8hUYx85ueVQpStYXDTE0MDIyNTIyMzIzOFowIQIQ +ANYNf4aH0KwdJM4sdsEcFBcNMTQwMjI2MDkxNTM4WjAiAhEA+D/7WQ0NUbOguz9O +XD8wLxcNMTQwMjI2MTAyMjEwWjAiAhEA5OmULfCMbv8oadOLtbR5pxcNMTQwMjI2 +MTIyNDQzWjAhAhB/J+Fu56jy2zTp5JkDyVSVFw0xNDAyMjYxNTE5MjNaMCICEQCF +Go7gaG2c4foy0GyEMQz4Fw0xNDAyMjYxNTM1NDVaMCICEQCfoNawvJp47xRaoaKy +SpbyFw0xNDAyMjYxNTM5NTVaMCECEGBZrSFUmTzAiBSdeEIaGJ8XDTE0MDIyNjE1 +NDczMlowIQIQMM76XqceFFM7g6rkVBsCzBcNMTQwMjI2MTU0OTUzWjAiAhEA/h05 +N0Hw3tuvrfsZJ5TnQRcNMTQwMjI2MTU1NDMyWjAhAhBtVEMcadcYBiaDikfo+tAF +Fw0xNDAyMjYxNjU3MjFaMCECEBHnXrem8lf8yiBcPiKvaQUXDTE0MDIyNjE3MDQx +M1owIQIQCvG+zL5Ks/oThd2UfL9TNRcNMTQwMjI2MTc0NjU5WjAhAhBivkvcUgA+ +M2kLQOWDE+VGFw0xNDAyMjYxOTAzNTRaMCICEQDns5+eueK7DY1AGKH8ig1VFw0x +NDAyMjYxOTIxMDNaMCECEBESn3VTwEXlOsL3zdbpAM8XDTE0MDIyNjE5MjEyM1ow +IgIRAK7hxrcd+EXIuwA3g4XOGA4XDTE0MDIyNjE5MzUzM1owIQIQBJaDU4luYaaR +3fqVkrD75RcNMTQwMjI2MjAwNDE5WjAhAhB6L9s0zPzragjPCjn30A5+Fw0xNDAy +MjYyMDUwMTFaMCECEETXEjAlZ+LJTW09ilPeQKEXDTE0MDIyNjIwNTc0M1owIgIR +AIENh0TJ0RWrqZkhWqik7UUXDTE0MDIyNjIwNTgwNlowIgIRANOnMM+CPuXLd15g +/eYCpMcXDTE0MDIyNjIwNTg0NVowIQIQU5cOG1vm5lb7DZir01Zg1hcNMTQwMjI2 +MjEwMDAwWjAiAhEA4guSs5Ipb0JlM5E+b65RERcNMTQwMjI2MjEwMTQ3WjAhAhAL +SARLYtskB2Gn1kzPol3fFw0xNDAyMjYyMTAyNTlaMCICEQC/jLP4W0K0aUfCYQpH +x+AfFw0xNDAyMjYyMTAzMTBaMCICEQCON82ZIpGt8SwJrCSWQgJuFw0xNDAyMjYy +MTM5NTFaMCECEDVrcLwwYsef8wylptKbQeUXDTE0MDIyNjIxNTQxNFowIQIQCo70 +9gfaOFrPlBTsAOejrxcNMTQwMjI2MjI1NTI0WjAhAhBA/CPaSeS56QKjIVR1NqWP +Fw0xNDAyMjcwMzIyMDRaMCECEB/7OjA+7rTFF5Y2nHXY02sXDTE0MDIyNzA4NTcx +NVowIgIRANyfppVSyHcxNnrboNs1vPQXDTE0MDIyNzA4NTgwNVowIQIQSTgd5p8M +o/EnEwIMBzWNcRcNMTQwMjI3MDkwMDU1WjAhAhBLeatMwF+Owbbi4PTwHSGJFw0x +NDAyMjcwOTAxMDVaMCICEQCUspEMrbaORydCIxiF0tlfFw0xNDAyMjcxMDIzMTla +MCECEAdNZlvFrF6pRgPQC2nHZIIXDTE0MDIyNzE0NDA0MFowIgIRALqRy9rrxv/7 +kiIlM8XhD3gXDTE0MDIyNzE4MjAyNFowIQIQSSEyhtolwimfC7j6EqJWHxcNMTQw +MjI3MTkwMTMyWjAiAhEAwC6dngBQlE8D8R3SsWODyhcNMTQwMjI3MTk0NDM4WjAi +AhEAschvrUUwyiqM5I467XpdKxcNMTQwMjI3MjAxMzA5WjAiAhEA5HGVzC8eQsDL +Kjn/4wjUeBcNMTQwMjI3MjAxMzIwWjAhAhB5q5JPX7EjovxKOlq+kRldFw0xNDAy +MjcyMDEzNDRaMCICEQCaO8KyQONuoY4rbyW5V10lFw0xNDAyMjcyMDQ2MDFaMCIC +EQCzvaEZHXsXq/PGODG9ZwpOFw0xNDAyMjcyMDU0MjhaMCECEFD2KGxYSUDX3dt8 +YEMzzoQXDTE0MDIyNzIxMDQ0N1owIQIQDVSKRmw3fuK1mT/898dh8xcNMTQwMjI3 +MjEzNjI5WjAiAhEAniCSQ7CpEMZfpmHzNHQ2bhcNMTQwMjI3MjE1NDM4WjAiAhEA +4RVPWkeFtDdcnY+N/zm61hcNMTQwMjI3MjIxMjA0WjAiAhEA3OCR8rWpbBYugaPV +vCZhSRcNMTQwMjI3MjI1ODE3WjAiAhEA+jso+kobQ+Tpgu1cfOvkDhcNMTQwMjI3 +MjI1ODI0WjAhAhAahA0cJ4AH97dtdD7ZqVTVFw0xNDAyMjcyMzQxNTdaMCICEQDk +KrmFX68bfw0kXOBIN/5kFw0xNDAyMjgwNTMzNDRaMCICEQCjWBwMiGph8hPgAyZK +kr4GFw0xNDAyMjgwNTMzNTFaMCECEGIWddYbgAjlqZqTduIbLhsXDTE0MDIyODA2 +MTMwM1owIQIQXNeviJ0u8Xs/1Rj6hXLJFxcNMTQwMjI4MTEyNjM0WjAiAhEAlrIk +O72fNDDn8y0SPCnnXxcNMTQwMjI4MTEyNzI0WjAiAhEA2ppkRYHNsvqWBB8oZV8X +bRcNMTQwMjI4MTEyODE5WjAhAhAG9kpVoPxNV5Oi5s/hXKYlFw0xNDAyMjgxMTI5 +MDJaMCICEQCzFx//gvWwUGhUyUXSyPo7Fw0xNDAyMjgxMTMwMzlaMCICEQC/R+M5 +VMfuPigtlXP2FK4xFw0xNDAyMjgxMTMxNTNaMCECEGZeGxBIJO82ep/pjq+KP7UX +DTE0MDIyODExMzIzOFowIgIRAKe5kpohIlADp2NyMBiQpk0XDTE0MDIyODExMzMz +NFowIgIRAIc5QnY5IWTyQceuSVrXqTQXDTE0MDIyODExMzQyNVowIgIRAOJT0rlO +shNSaoN8Y5OSRn4XDTE0MDIyODExMzUyN1owIgIRAIEjm3YatUgGGNFmh79KdcEX +DTE0MDIyODExMzYxOFowIgIRAKgRyBgSiL8Q+E+ELh2sJoEXDTE0MDIyODExMzcw +MVowIQIQKdd4o5IpSJpYaEeaFYYTfxcNMTQwMjI4MTM1OTA3WjAhAhBVlr/mQ636 +8V7XXm1MYwOmFw0xNDAyMjgxNDAxMjJaMCECEBmIU0PYsCe4w4tL+qLi0T8XDTE0 +MDIyODE0MjExMVowIQIQBQgghRF/brmUCq5BCpWqZxcNMTQwMjI4MTQ0ODExWjAh +AhA6mGRxJYYmwUhg8An2eR0mFw0xNDAyMjgxNDUzNDJaMCECEAvx2MDU7/K/NI8A +1wqaTPwXDTE0MDIyODE3MDIyM1owIQIQQqVoCmGYIC+XsbOXXpyOwxcNMTQwMjI4 +MTgyOTIzWjAiAhEAxVC0MGg3kJVP0nFGR1Br7RcNMTQwMjI4MTkxNzExWjAhAhA3 +40CQDz1F42R1LtJkA3jGFw0xNDAyMjgxOTE4MDBaMCICEQD3t48iyp7Gxt19z9IF +XtzyFw0xNDAyMjgxOTI5MDZaMCECEDBYgE/P8LkvHc/Ls5XGCQUXDTE0MDIyODIx +MDAwOFowIgIRAO5QiuWl+bvL5h2Y0yJISCgXDTE0MDIyODIxMDUzNFowIgIRAI1h +0zIux7TaxO9SqwiM6ycXDTE0MDIyODIxMjA1MVowIgIRAPaXboXCIhT3XcI/5o1H +BUAXDTE0MDIyODIxMjMxNVowIQIQOFE1UF2iIFou5+xlPdiFpBcNMTQwMjI4MjEy +NTE4WjAhAhA3Q2224AYvb1ApdIOPWOPvFw0xNDAyMjgyMTI2MDJaMCICEQDKDQrD +lp0IDObeN5LoUt3SFw0xNDAyMjgyMTI2MjRaMCECEAibIyRh2025DoM2NKtQK6cX +DTE0MDIyODIxMjY0M1owIQIQYSVaZpGMqOFzZ0pU+OU2AxcNMTQwMjI4MjEyODI3 +WjAhAhAxaSZOJsb5ezzCMMsmxnejFw0xNDAyMjgyMTMwMTVaMCICEQDQjzEu2Z8N +57/61whw2KCCFw0xNDAyMjgyMTM1NTRaMCECEEZcxW8JIb+mHP9SiHS0oxMXDTE0 +MDIyODIxMzY1MVowIgIRAK5qEcYTY2Ex/482Nfbz65YXDTE0MDIyODIxMzY1M1ow +IQIQYbN7am6DbxC5vQ3Qf8azORcNMTQwMjI4MjEzODIzWjAhAhAGy7saBlA6Z76L +ddCZVnCXFw0xNDAyMjgyMTM4MzdaMCICEQDOP0z35y0HBT43kKjAa7EoFw0xNDAy +MjgyMTQwMjRaMCICEQD9gl6aRIQ2t/XSKa1c4ft2Fw0xNDAyMjgyMTQ0NTRaMCEC +EEWLPn3k/g523mzVzQoggigXDTE0MDIyODIxNDcxNFowIgIRAMZ4mZwqx7DIuCAM +sh8kdZ4XDTE0MDIyODIxNTAyOFowIgIRAKaKnmb2lOOm2gNA2FJ11X4XDTE0MDIy +ODIxNTEwNVowIgIRAJLiIyTHUI59ScCrhQ0mb7MXDTE0MDIyODIxNTUwNVowIgIR +APykHCfLI8SqxFQToYjm2PIXDTE0MDIyODIxNTUyMVowIgIRAJQtyZTuiJRBbvq7 +oc16H/oXDTE0MDIyODIxNTcwNVowIQIQEgdT5ZFzqMMLf3q8SsDqchcNMTQwMjI4 +MjE1NzIzWjAhAhAbo/IhzQebxwKnk+Oi7LmFFw0xNDAyMjgyMjUxNThaMCICEQCm +OVTmkF5/pwgcodj7wWCTFw0xNDAzMDExNjA0MzNaMCICEQDF3CO9KTQUAQjcF2kX +2lx0Fw0xNDAzMDIwMzQzMzFaMCECEG88jk6/D/ouw2sNjJMhsCYXDTE0MDMwMzEw +MTQwM1owIQIQDE9r2I693EtJ6OnWzd5CERcNMTQwMzAzMTAxODE0WjAiAhEAk3FS +1Hfh2VQ8oklibWdAcRcNMTQwMzAzMTEyMzA0WjAhAhAkTi7girA00Z+t/X8w9HIH +Fw0xNDAzMDMxNTEzNDdaMCICEQDGU/V534qRqvxPmgjmnuWwFw0xNDAzMDMxNjI0 +MDdaMCICEQCKzug/lboHeg2DsSAhXvNBFw0xNDAzMDMxNjI0MzhaMCICEQCLv/UM +Db9GQ3XJ7IeBxIRmFw0xNDAzMDMxNzA2MTJaMCICEQCsflhWYJqyrKV8POkrSVOJ +Fw0xNDAzMDMxNzQwMjhaMCECEC7e1COFQ98jMlOm6JBxttUXDTE0MDMwMzE3NTEx +MFowIQIQXsQNZWYTK9/yqN2MsUgUJRcNMTQwMzAzMTkwNTU1WjAiAhEAhqo7sne/ +ARNmWM+/PUNglRcNMTQwMzAzMTk0MjEzWjAiAhEA88QpyKXjudSfBou0V127GxcN +MTQwMzAzMTk1NjE1WjAhAhAYGNXjjGxM9zF13kuGbdw0Fw0xNDAzMDMyMDIxMDla +MCECEEZviAqtIQ0Ttlb9HRYOQNIXDTE0MDMwMzIwNTQ0MlowIgIRAJdTNQ9JmcKf +2u93/rWEdyMXDTE0MDMwMzIxMDUxM1owIgIRANIzZydwNaSm++aSYrY8bqQXDTE0 +MDMwMzIxMDYyNVowIQIQU/ol2CEwlKngB8PIPA7KqRcNMTQwMzAzMjEwNzAzWjAh +AhANq3qdRkVYMDvDV8nmsL7FFw0xNDAzMDMyMTIxMTNaMCECEEY/6NI/tJ9l0slB +S25UCG8XDTE0MDMwMzIxMjYwM1owIQIQJD8JJ/st0EbJU1lTEWloTxcNMTQwMzAz +MjEyNjQ1WjAhAhB+1sB6iy7dXDXTnMl934oQFw0xNDAzMDMyMTMwMjhaMCECECgB +XS1wS4Mf/VP2B0NKO+kXDTE0MDMwMzIxMzg1OVowIgIRAMiAM8+BxV3IPtv/QSlT +8+QXDTE0MDMwMzIxNDUxNlowIQIQQNsyekc+VTian5TgpzEspRcNMTQwMzAzMjIw +MzM4WjAiAhEA7Lg/3qHI+ySlxUXf2hw5MhcNMTQwMzA0MDAyMDI4WjAhAhAvr+QU +E+G6rDuWL75hSKceFw0xNDAzMDQwMjM2MTNaMCECEHnkgBC8yJqQW4VDwoX1KxYX +DTE0MDMwNDExMzQxMlowIgIRAKvZi6cGw8VhL1ZSNAecLdoXDTE0MDMwNDE0MjYw +OVowIQIQS1c+0rnNEBWn59TjCELrGRcNMTQwMzA0MTQyNzIwWjAhAhB7GK0LKQ8V +brj56C0hqbaZFw0xNDAzMDQxNDQzMTRaMCICEQCiSFteV6m5Yki4+uWWala8Fw0x +NDAzMDQxNDU1MDNaMCECEAhbQOTep6gayk4X8s22gtcXDTE0MDMwNDE1MDkyMVow +IQIQfT82qYPygsH8r7Fse7onuxcNMTQwMzA0MTUwOTMxWjAhAhAw6nxuGvRx0c8N +zpatKsbfFw0xNDAzMDQxNTIxMjVaMCECEBjBJkBf+0sGq8E6sgMCA0gXDTE0MDMw +NDE1NDQzNVowIQIQPQq3PCCEFI+EL0GfvP8KWBcNMTQwMzA0MTYxMTU3WjAhAhAc +rmTyHsOGaJMmlgAxWwxtFw0xNDAzMDQxNjU1MDhaMCICEQDid5R9gotncsWo3sr2 +4o8KFw0xNDAzMDQxNzMxMDhaMCICEQC0FZCfuPfxrSXNOslCQoDkFw0xNDAzMDQx +NzU1MzhaMCECECx4Xdm9nItQLdH3v83XlEUXDTE0MDMwNDE4NTUxMFowIQIQHEVz +GY9+kttNxhXm8hB0mRcNMTQwMzA0MjAwMzQxWjAhAhBmJW29WZmJsGVy/cayz9/M +Fw0xNDAzMDQyMDE0MzNaMCECECazpNi7Rovang4BtOayz14XDTE0MDMwNDIxMDEx +OFowIgIRAI8gea4QRQvn5LIOfvRDkBcXDTE0MDMwNDIxMDMxOVowIQIQEHoEHECR +plhgL+irKtqPKBcNMTQwMzA0MjEwNDQ2WjAhAhAnyFf9S4HSMXjPWRvlq8gKFw0x +NDAzMDQyMTIyMDZaMCECEBm8ViRz5GBbm4Xv/tbGZiYXDTE0MDMwNDIxMjMxMFow +IgIRAIN9wUexTDDdT+Abr+alqwMXDTE0MDMwNDIxMjM1MVowIgIRAKULaoqIH++i +aOoWH3rumjwXDTE0MDMwNDIxMjQzMlowIgIRAPJ7W5wD0ao2YFoQ9TyyH4EXDTE0 +MDMwNDIxMjgwNFowIgIRAPhkCWkfh+4iHI7RXYyqnXYXDTE0MDMwNTA5NDYyN1ow +IQIQdFpoU+5jygLWUby9DPtgrhcNMTQwMzA1MTAyNjU0WjAhAhAZ1GjluW3IQ6xf +VkKV6NXAFw0xNDAzMDUxMzIzMDdaMCICEQC+NwgBWw4G4ItG9tS8Dm/eFw0xNDAz +MDUxNDExNTdaMCECEEmfMIgpLysKa2tyScUgOA8XDTE0MDMwNTE0MTg0MFowIQIQ +UVP7yC6hBID3gvL9tkb5IRcNMTQwMzA1MTUzNDMzWjAhAhBzUQ8q5+wskpGdVSZJ +h3egFw0xNDAzMDUxNTQyNTJaMCICEQCSE9HHghaU0uCp9tzb6g/3Fw0xNDAzMDUx +NjQwNTlaMCECEDZElkJ7ljS2/ln06NYbK4EXDTE0MDMwNTE5NTcwOFowIQIQJTIL +6W48X5yB8neHmwU9IRcNMTQwMzA1MjAwNjQyWjAiAhEAo67CsGOZrjj5fMrV/FpF +JBcNMTQwMzA1MjE0NTM2WjAiAhEAiwqTonDyuDb7WmqsOhNS3RcNMTQwMzA1MjIy +OTMzWjAiAhEA/cbF4DekTNSzwjN+FHieORcNMTQwMzA1MjIyOTQ2WjAhAhAkHMmm +K8TL/vu4A6AYtLGLFw0xNDAzMDUyMjQwNTlaMCECEG+t4Z0gWY/2ZV6tk29ey+gX +DTE0MDMwNjA3NTUzMlowIQIQcn0uZlBKbJcotKQ7/CDW+RcNMTQwMzA2MDc1NjMw +WjAiAhEAhyB1iymGd190kiUM6bte4xcNMTQwMzA2MDc1NzAwWjAiAhEAu14dMYdc +7OjZG48NNCa3QxcNMTQwMzA2MTIyOTQzWjAhAhBBHgt+FErseUxWyRN8zpTLFw0x +NDAzMDYxNDA4NThaMCICEQDjilQgW7LWecP4fl6uz8xyFw0xNDAzMDYxNDA5MTVa +MCICEQD8+VZwsPelU4kzfveA+mfQFw0xNDAzMDYxNDU4MjlaMCECEAznHUW5hlaT +Lwy+VIyJSwAXDTE0MDMwNjE1MDU0N1owIQIQZ66t+gFPNZU5M+PHZE4XZhcNMTQw +MzA2MTUxMzUxWjAiAhEA02qbZO7Q3p3CdvxoDU4OeBcNMTQwMzA2MTUyNjExWjAh +AhA5Kr5dDI7k/TvJbpxDq7d9Fw0xNDAzMDYxNTQ5NThaMCECEBwVfU1Y9b7dM9lk +bWe8ekgXDTE0MDMwNjE1NTYxOVowIQIQIpCVjJtkL/H1isUWaDV03xcNMTQwMzA2 +MTYyMjM0WjAiAhEAzGVRQOnwyHXuj7CtMS40VRcNMTQwMzA2MTcwMzMxWjAhAhAb +JoO7NZhlxN9OtMGG9VinFw0xNDAzMDYxNzIyMTJaMCECEF1GQ537/kbY45mKE7eD +PkcXDTE0MDMwNjE3MzAyNFowIgIRAKbH6gwDiVuqpyY3WbxTqFIXDTE0MDMwNjE4 +MzkyNVowIgIRAL/sdP3wqxioYLj8lUpqCBAXDTE0MDMwNjE4NTAyNVowIgIRAIBn +aw+ygUDpTHK2Tq0Myl4XDTE0MDMwNjE5MjMzNVowIgIRAOIuUi0j8d3nLWqThhX6 +UBoXDTE0MDMwNjE5NTAyMVowIgIRAJVNxaOh12itKvK6Ziag5ZQXDTE0MDMwNjIw +MDc1M1owIgIRAOg9FToUMb7HmU4YXVf4YPEXDTE0MDMwNzA3MzAxMVowIAIPWFln +Qm3wlPlPkgA/hfxpFw0xNDAzMDcxMzMyMTBaMCICEQC3MIN55ys8MblT91kf/sqE +Fw0xNDAzMDcxNDA2NDlaMCECEES5EZwEYIdcZvjrPPapDGwXDTE0MDMwNzE1MDkz +OVowIgIRALrF/lA2I8MYfOVDI4MmilcXDTE0MDMwNzE1MzMwN1owIQIQBehJFu3M +nyhp7EY9Sm4n6xcNMTQwMzA3MTYxNjMwWjAiAhEAvk+4Y2E/qsmeUqgfB18CHxcN +MTQwMzA3MTcxNjUwWjAiAhEA98UJlAkmmurYm/XslEdWABcNMTQwMzA3MTgxMDI3 +WjAhAhB/tI5FjmD9LIqsiH67mAxKFw0xNDAzMDcxOTA0MjBaMCECEHdy0WiSWYVQ +kbi8rO7MGGEXDTE0MDMwNzE5MDQyN1owIQIQGPhXC3lzGn/hnVDW+fNmVBcNMTQw +MzA3MTkzNDQ4WjAiAhEA5N0cOeA9PNnsKcbUs2MtjxcNMTQwMzA3MjAxMjA5WjAi +AhEAizahSRmcx45+N+S3PuzZQBcNMTQwMzA3MjAxNDM0WjAiAhEA+kfAiFWusnQp +NeRW4bNR3xcNMTQwMzA3MjAxNjQzWjAhAhABYNEqtoNrslsKVxCvRz97Fw0xNDAz +MDcyMDIwMDNaMCICEQDLxqc0zlXVSYDSdfbjv68BFw0xNDAzMDcyMTEyNTdaMCIC +EQCnW5CIoJRSC11X3Y/1WTzQFw0xNDAzMDcyMTIwMTNaMCECECSr/obYT+QivjZ6 +76agLC4XDTE0MDMwNzIxMjA0OFowIgIRAI0QqHP5DwDzwOv1ShZtM3QXDTE0MDMw +NzIxMzk1NFowIQIQYh8meRCyoluMsWFCSnpr+xcNMTQwMzA3MjE0MTI0WjAiAhEA +wQ+0XQ9MRZ0HmEo6S4tSERcNMTQwMzA4MjAyNzQ0WjAhAhAbhG+ln/K1psv9YvEJ +kylQFw0xNDAzMTAxMTE0MThaMCICEQCrBms4SN2JN5rsTpsU+QECFw0xNDAzMTAx +MTI2MThaMCICEQCSymp+g89whbIMSLeTE72WFw0xNDAzMTAxMjUzMDlaMCICEQD8 +EE+xbl21CeH6pJDYao2rFw0xNDAzMTAxMzE2NDBaMCICEQDu5LeL9SIHKErMnba/ +v/aBFw0xNDAzMTAxNDAyMjRaMCECEGqmKSW1WZpnR6XLqghilkkXDTE0MDMxMDE0 +MjM0OFowIQIQbzwKm8vkgSq/HQVUPxs/vRcNMTQwMzEwMTUwNjU2WjAhAhBgjqeM +xIKZ4Yv7NCJ7E5vFFw0xNDAzMTAxNTE2NDZaMCECEB4xuaULaOppZiubH0IPsnwX +DTE0MDMxMDE2MzgxNFowIQIQGyF/PUL3yrviWphafiiB7hcNMTQwMzEwMTcxMTQ4 +WjAiAhEAgVpnC5Gkfg5xaDZee9+bARcNMTQwMzEwMTczNTU5WjAhAhBbeJHMKSON +pOVLcpHeLfpWFw0xNDAzMTAxODIwMzRaMCICEQDaLih6kzUFWNjjs6yZ36o1Fw0x +NDAzMTAxODIyNDJaMCICEQDBkOyc5ySmI84dcFVUxKmpFw0xNDAzMTAxODI5NDha +MCECEDEvzuKyPoKJL4fTOljKbjEXDTE0MDMxMDE5MTMzOFowIgIRANS86Ip+NmBp +h6KR65IuyFoXDTE0MDMxMDIwMDM1MVowIQIQUItcGI9ANn+g3FC1/dFaGxcNMTQw +MzEwMjE0MjE0WjAhAhAN17Z1bOYqSToZATLUyD6UFw0xNDAzMTAyMTQ0MTlaMCIC +EQCpEU7u/1nygyA6PvP4T42XFw0xNDAzMTAyMTQ1MjVaMCICEQCWromqQ0KQHrov +RdxEDuIoFw0xNDAzMTAyMTQ2NTNaMCICEQCbDqmdV5y7FhvZYjmUd2boFw0xNDAz +MTAyMTQ3NDJaMCECEG6uAdq2kaekVOPVxnIb14MXDTE0MDMxMDIxNDg1OVowIQIQ +E0h8sR79uKszsoJVrW6vtRcNMTQwMzExMDAwNjQ3WjAiAhEAo11Q8nzB8nmLvDS8 +8pyZKxcNMTQwMzExMDgwMjU2WjAiAhEAqeVHxwhbVKMkAQLSfRm/ixcNMTQwMzEx +MDkzNzU0WjAiAhEA7SrWX54thm6D8IkZpkPMrBcNMTQwMzExMDk0MTIzWjAiAhEA +3lMWSbz6kx2OG0QRdGpLORcNMTQwMzExMDk0MTQ5WjAiAhEA06NXFDy+5crwfWKb +2IHY/BcNMTQwMzExMDk0NTMxWjAiAhEAiCIS5PH8vjb4TADFowA7HxcNMTQwMzEx +MTIzMjA5WjAiAhEAopuN9NgUEuDD7B8TpPwzMhcNMTQwMzExMTQ0OTI2WjAiAhEA +i0MAMdb3x1Hxc7lSGtJPbxcNMTQwMzExMTUxMDA1WjAhAhBDA49j3h4vRYTnROFR +NjLpFw0xNDAzMTExNTM4NTVaMCICEQC8O2YYBvvodCfWF/DwskPGFw0xNDAzMTEx +NjI1MzhaMCECEF0zhaVNXSd2xD/KKRtLf9kXDTE0MDMxMTE2NTkyMFowIgIRAI/N +q44yGPGaubWYF6oYogIXDTE0MDMxMTE3MDczMVowIgIRAPXuzfvB0VW34mz/Hwzi +uGMXDTE0MDMxMTE4MjYwNlowIgIRAK8AaqEJQDSm6PotKKniQ4YXDTE0MDMxMTE4 +Mjc1M1owIgIRALeY/tYIwvkB86Rr2cBfUWEXDTE0MDMxMTE5MDU0NlowIQIQFsXx +g3/smub8JLdIBNy3BxcNMTQwMzExMTk0NTM1WjAiAhEA0uJgz+m8YPe653eWc6nv +DxcNMTQwMzExMjExNzA1WjAhAhByO7YLu9FEhIxGJTb4INfcFw0xNDAzMTIwMzAw +MjNaMCECEFH/s0UogdsudtPEj0aq2uEXDTE0MDMxMjAzMDA0M1owIgIRAKcKa7wn +u4lzMUpysiMw0roXDTE0MDMxMjAzMDA1NlowIgIRAI7KnQb3SuRYMRkHWX8WTlIX +DTE0MDMxMjAzMDExMFowIgIRAMPOmsDuJzQrSsMI1S3rsaQXDTE0MDMxMjA2NDQ0 +NlowIQIQNEQ9ubfCrqDE+4f5UgWIMBcNMTQwMzEyMTEyNzI4WjAiAhEA/nG0ktxN +LE/VPug6XUZQKRcNMTQwMzEyMTMwOTM4WjAhAhByEI6boFwA0252/E2ZRDYtFw0x +NDAzMTIxMzMzMjlaMCICEQCv1dc8VfKdB2KxcfJbwJxdFw0xNDAzMTIxMzM5MDda +MCICEQCFD1I6boFJGbwwUaxgCH8QFw0xNDAzMTIxMzQ4NDJaMCECEHnNggranomV +9KEpTiNdOhUXDTE0MDMxMjEzNTIwMFowIQIQIgsrVbs6KfezRFbKETKA/hcNMTQw +MzEyMTQwOTM0WjAiAhEA8/azXxG2pvVDDupnukYzUxcNMTQwMzEyMTQyNTQzWjAh +AhB+byCHBaw6qgHbRJytjTezFw0xNDAzMTIxNDI2NDNaMCICEQDrGRBPpouzBtmr +fWdSUSl0Fw0xNDAzMTIxNDI3MDBaMCECECkw2VwYHnjo3L7610TlHucXDTE0MDMx +MjE0MjcxMVowIgIRAI2O5Ro7/yBRy8gEIv9FNWYXDTE0MDMxMjE0MjcyMlowIQIQ +V7LTQoyzQ8FVQ5uDjUNngxcNMTQwMzEyMTQyODAxWjAiAhEA7STC6Vof2I2c2Ek+ +UJNTwBcNMTQwMzEyMTQyODExWjAiAhEAwU5X7N9x/LELmentDbL4SRcNMTQwMzEy +MTQyODIyWjAhAhA3Y09e5Cngq9J6I/HBGadEFw0xNDAzMTIxNDI4MjlaMCICEQDI +WeAFZAUOk1DHBD5tNugIFw0xNDAzMTIxNDQ1MzBaMCICEQDuoLnlP5BXxRrJDDLK +XccyFw0xNDAzMTIxNDQ1MzRaMCECEDQYEx8I2vHxmqPjHAl6I4wXDTE0MDMxMjE0 +NDU0MVowIgIRALkLNJdIVgLTza15c9xz11MXDTE0MDMxMjE1MjczOVowIQIQD1Id +NJ08n95whCsTuEOJtRcNMTQwMzEyMTUzMzM1WjAhAhBHE49TynwGowvyDqAw39e8 +Fw0xNDAzMTIxNjE0MThaMCECEF3jQhf2CJrJ4cqpptdOzsIXDTE0MDMxMjE2Mzk1 +M1owIQIQb5UNx+wtr8sOVr+qpeQ94hcNMTQwMzEyMTcwMDI1WjAhAhBdwaMuyssn +g7snj3R7e1BdFw0xNDAzMTIxNzA5NTlaMCICEQDw1vc0tbyCoS715lRGA988Fw0x +NDAzMTIxNzM0MzRaMCICEQCYBw14EhpYJNF5/m/nHkmJFw0xNDAzMTIxNzQ1MjNa +MCECEBPtxE99iLbjEMoDdr6P0/UXDTE0MDMxMjIwNDUxMFowIQIQehBargAqaHmo +/IUdI7nW4RcNMTQwMzEzMDYyNzM0WjAhAhAHrCcTzupRXRIILzX1xaTAFw0xNDAz +MTMxMjQzNTVaMCECEFGTViSUpPeDUV2n0zpttCUXDTE0MDMxMzEyNDQzM1owIgIR +AMvlF9DYlXDsJhLLnbXHD+cXDTE0MDMxMzEyNTI1N1owIgIRAK4wihtlQAUrFLVg +8ZSjJLsXDTE0MDMxMzEzMTAzMFowIQIQH/0GwablFNLYMjZYZpRytRcNMTQwMzEz +MTUwMDU3WjAiAhEA2d8C5Ir+LKenexfsRGNOrBcNMTQwMzEzMTUyNzM2WjAiAhEA +7h948oM5l/XbcojjIuEhBRcNMTQwMzEzMTYyMDE5WjAiAhEA8WF4l3CqnjLtzzt4 +wpK1/hcNMTQwMzEzMTcxMzA2WjAhAhAnVUMfSy2rV2Z4RGe/d+qUFw0xNDAzMTMx +OTE2MDRaMCICEQCVThPvTAVehZohMjfcf9guFw0xNDAzMTMxOTE2MTNaMCICEQCL +fE+ioNPVNSA4IsWL2QPJFw0xNDAzMTMxOTE2MTlaMCICEQCj+mJ+9le92OPLDDOl +qEzxFw0xNDAzMTMxOTM4MzVaMCECEDOGbmEed7VMFUM3+6PXA9gXDTE0MDMxMzIw +MzMyN1owIQIQDC+AErV4xY0UzGoXYTdHExcNMTQwMzEzMjA1NzM5WjAhAhB+sJTR +fWRJMAZay28A+fJ0Fw0xNDAzMTMyMTA5NTdaMCICEQCwdw7FL4DHB3TiEAUEG5eY +Fw0xNDAzMTMyMTI5NDRaMCECEFtc3Ms/yw+/IKrZ4Sjn8gIXDTE0MDMxMzIzNDE1 +NFowIgIRAJGxjfJBNF5bWYgpxCCP4xMXDTE0MDMxNDA5Mjg0MVowIQIQGtf7ubVq +J4LI2tSMJA7uhRcNMTQwMzE0MTE0OTIxWjAiAhEAiqUkYlVB2co78Jxcrz3bfhcN +MTQwMzE0MTM1MDAzWjAhAhB+J3wmfD5x7ilC1/+td539Fw0xNDAzMTQxNDIyNTFa +MCECEDWBldnCUZn/aeLwRzsLY4UXDTE0MDMxNDE0MzgyNlowIgIRAOuJP4VSJJIj +qxJriF6Up2YXDTE0MDMxNDE1MTkzMFowIgIRAJ/97MaFUDrTe5pwX5wQfecXDTE0 +MDMxNDE2MjgxM1owIQIQB86AwCrLjaChgiPeSCJWZBcNMTQwMzE0MTc0MzI4WjAi +AhEA64WL6RZzmb3T4K9RD94ZoRcNMTQwMzE0MTkxMTUwWjAiAhEAvsnNGp/oSRPv +bugXZkyhohcNMTQwMzE0MTkzNDQ3WjAhAhBSF0u7pU8du5E87hHVu203Fw0xNDAz +MTQxOTQ3MDNaMCECEFw1IDwtPnHr9Qzy4R442yEXDTE0MDMxNDE5NDcwOVowIQIQ +ZTOxCnN6yQ5714XnL9Z+gxcNMTQwMzE0MjAxNzU5WjAhAhAFDSZtR9AuUea/p6G/ +tM7SFw0xNDAzMTQyMDM4MzFaMCICEQCkw3sEM1ckVvl6SV+Aq8vlFw0xNDAzMTQy +MDUzNThaMCECECm4BSA3fl3R/gEq5y+iVUMXDTE0MDMxNDIwNTUzNVowIgIRAKAe +VJquYKrl/i/c9B61tKcXDTE0MDMxNDIyMDkwMlowIQIQa54Ak5mq7+j6XViMLy3W +yBcNMTQwMzE0MjI1NjE1WjAiAhEAnR2QW//MsEyI9pAwR3/bLBcNMTQwMzE2MDEw +NjU3WjAiAhEAt77CTfvankLwEwZHECh2UhcNMTQwMzE2MjM1MTAyWjAiAhEA8Jnn +LCJOJcjTMjQymRbGPhcNMTQwMzE3MDczNzE1WjAhAhBMm5nrQE5Ca8QVGV3nXwBy +Fw0xNDAzMTcxMzM3MDNaMCICEQDTIOJWHLzrjDe2ESCHevzZFw0xNDAzMTcxNDA1 +MzdaMCECEF33Doh/Qj+wf4wJkSNT8ocXDTE0MDMxNzE1MDgzM1owIgIRAIlF6Gbg +4ncoJnzs+nT6SrIXDTE0MDMxNzE1MDgzOFowIgIRAORIAO4wxkhs2v2/6KtDrv8X +DTE0MDMxNzE1MzMxNlowIgIRAOScK3nvmOhcQtLDujGleooXDTE0MDMxNzE3MTMw +MVowIQIQAITOsDArjaKM3iNZXFEAmxcNMTQwMzE3MTcyNTEzWjAiAhEAiu03pj92 +Rw8zU1pavvNYdhcNMTQwMzE3MTcyNTM0WjAiAhEA9I1SlHkNzs49KsY0EPLYGRcN +MTQwMzE3MTczNjA2WjAhAhBixp63G/I/HPqSQNC+P9xkFw0xNDAzMTcxNzQ2MzBa +MCECECXILuGT/84S9oYxxk6s2WAXDTE0MDMxNzE3NDgzOVowIQIQZk+K0i9SBSbL +Xhyq9r9qWBcNMTQwMzE3MTgxODUzWjAiAhEAu0/xMnPGxfH8yKO1zau4rxcNMTQw +MzE3MTgxOTAxWjAhAhA52pJy+parIocDcs4IOf2+Fw0xNDAzMTcxODIzNDlaMCIC +EQDgcFYmEzcMfp/T7964u/9nFw0xNDAzMTcxODI2NDlaMCECEEYOJ4Jwk42n5O/0 +lKikLk0XDTE0MDMxNzE4Mjc1N1owIQIQcOyi1Dne5UTLpjQcvJXG8xcNMTQwMzE3 +MjAwMjA0WjAhAhAcr7P/t7eFbC8mzJCOwjCIFw0xNDAzMTcyMDA0NDhaMCECEAbk +BKWIdRm3apWLKodla78XDTE0MDMxNzIwMjcyMlowIgIRAKGevrH2GhfV0yHYMoNJ +RmUXDTE0MDMxODA3NTYwM1owIQIQLKadEStaRKqhONZgcW8qCRcNMTQwMzE4MTI0 +ODU5WjAhAhASEIOazamS5EVDnBDu8gUmFw0xNDAzMTgxNDIwNDZaMCECECCnbyLe +yb7D7Y9g8kwBpM0XDTE0MDMxODE0MzgzOVowIQIQNs3jN0Mv7fFXCGuI8r142BcN +MTQwMzE4MTU1NzM3WjAhAhB34nVmMKKQflfeY7tTaBUcFw0xNDAzMTgxNzU2NTda +MCICEQDOd6WOBwx3Fs7bofVT0IHqFw0xNDAzMTgxODMwMTZaMCICEQC964QboUny +kGcKqOxzGxp9Fw0xNDAzMTgxODQxMDlaMCECEBtoTqVj+LUVH9xuZoiIP6cXDTE0 +MDMxODE5MDY1MFowIgIRAIaXVJYLxheuZSVzPnaa/TwXDTE0MDMxODE5MDgxM1ow +IQIQZv6y1dWqIMx7hSFjYyFPShcNMTQwMzE4MTkxNzAwWjAiAhEA2m8xypXG3N0h +Fi8dv9qQJBcNMTQwMzE4MTkxNzQyWjAiAhEAsxaMvmZr18bZXDMNhE0pRRcNMTQw +MzE4MjAwNjQ5WjAhAhA/uy3p6KmreF9MvVj3K0blFw0xNDAzMTgyMDI5MDNaMCEC +EDeMLOnyYk+8X6U47YPoh6gXDTE0MDMxODIxMDQyN1owIQIQUT+niemqKBy5NPat +APu3WBcNMTQwMzE4MjEwNDQ3WjAhAhAONHkc7s+LPimHeoXvjfxRFw0xNDAzMTkx +MDAxMzdaMCICEQCWJgJR5tYzthpJBAfiug3wFw0xNDAzMTkxMDI3MjJaMCICEQCE +8hCfWdtzGhZnSrrF+yBGFw0xNDAzMTkxMjU0MDZaMCICEQD7rhuDXoZ4DOKxljsA +Ouj2Fw0xNDAzMTkxMjU0MjBaMCICEQDlFNcw56Vo4diz8bHg8W39Fw0xNDAzMTkx +MjU0MzhaMCECECyX4kiCe2azzr0QUn5AGusXDTE0MDMxOTE0MTMxMlowIgIRALE1 +hXrxkK0WRcSjRP5oDBIXDTE0MDMxOTE0MzE1MFowIgIRAKFQmHzTc4VrllOGYhpj +W5EXDTE0MDMxOTE1MjYzM1owIgIRAJlHQ1uAXakzh3MNiSvBVY4XDTE0MDMxOTE1 +MjkzM1owIgIRAMfIwtuebS/vnS++5JnBhboXDTE0MDMxOTE1NTIyNFowIQIQL58z +utUKRInZjvEvdBfwQBcNMTQwMzE5MTYxMTI0WjAiAhEAnS+0A+cl8YDp/35yiBru +fhcNMTQwMzE5MTYxNzI2WjAhAhAG4E2AjuNmhQZy/KiskLXuFw0xNDAzMTkxNjM3 +MTJaMCACD11hocgEj1Bht5ZQkzehMBcNMTQwMzE5MTY0ODI5WjAiAhEA0ZPzgIq0 +Wced2FbmMHsECRcNMTQwMzE5MTcxMzAzWjAiAhEA50eWp2fwsSBhsjYtSJMUUBcN +MTQwMzE5MTczNTU5WjAiAhEAx+kMw/iW4KNCB4pwk1oE5BcNMTQwMzE5MTczNzQw +WjAhAhADiKyDvTj8mNT0Oq5adAPRFw0xNDAzMTkxODAzMjlaMCICEQCLN07zCeaB +6SQDN178Q0HMFw0xNDAzMTkxODUwMDFaMCECEBW320F3Yuk7GpFYhVAU9YgXDTE0 +MDMxOTE5MTEyOFowIQIQOO6tlwVgkxd5dt5cCeQUsRcNMTQwMzE5MTkxMjEyWjAh +AhADfciZ5v98d9RS8oqQRuhSFw0xNDAzMTkxOTE3MjhaMCECECws/ne+RxKedjMA +tGeeS6QXDTE0MDMxOTE5MjAyOFowIQIQWMMFzFp6id43jc8apn61PBcNMTQwMzE5 +MTkyMTA5WjAiAhEA3pTFYq5UeARtZ/nGe8xsjxcNMTQwMzIwMTMwMTU4WjAiAhEA +qltFG4yCoW8+xmhdnT4bexcNMTQwMzIwMTMzMjEzWjAiAhEAxQiXEox5neC3oSDY +C+DiQBcNMTQwMzIwMTMzNjE4WjAiAhEAyrI4WjT1slD0hxZq14jsERcNMTQwMzIw +MTQxNDA1WjAhAhA+6cRzOM+aenF8HOugEYfBFw0xNDAzMjAxNDE3NDNaMCICEQDo +oRO6fJfyzcP0pBgK29f7Fw0xNDAzMjAxNDE4MjZaMCICEQDKe4RCyHhXxflgel64 +5eHSFw0xNDAzMjAxNDI2NDRaMCICEQDxtfTF+OJIzAdepNfhHSxQFw0xNDAzMjAx +NDI3MDdaMCICEQDrPIpVtHhunISczEiXawyKFw0xNDAzMjAxNDMxMjhaMCICEQDj +BYTNBC7qUQOCNZNrNTaTFw0xNDAzMjAxNDUxMDRaMCICEQCJKkk9n6kcMShRky2B +ahRLFw0xNDAzMjAxNTAxMTVaMCECEBwCFqcMPi+nYkxbF5XpjLoXDTE0MDMyMDE1 +MDMwN1owIQIQEullj2R644jNKgmLXQvvTRcNMTQwMzIwMTUxNDA0WjAhAhBd56aK +31gyQGyvnjSTd3QHFw0xNDAzMjAxNTE0MDdaMCECEAvK9DUWuspQDAJIeVF6yWUX +DTE0MDMyMDE1MTQxM1owIQIQXZ89q400bB529YRyTF+e+BcNMTQwMzIwMTUxODMz +WjAiAhEAz71oIvbfmssmFxdRIbfD2RcNMTQwMzIwMTUxOTI5WjAiAhEA7NmiEbgy +prtXq6ELCamFERcNMTQwMzIwMTUyMzQwWjAhAhBm9C06eAqa/d4BZDzTeqtHFw0x +NDAzMjAxNTI2NDBaMCECEGqxT/If5QlkEflS33JdFZoXDTE0MDMyMDE1Mjg1OVow +IQIQU52dj5BfguufKmpyZPGgDxcNMTQwMzIwMTUyOTEzWjAiAhEAl6Jt68LUEmpY +3L9vUEq4UxcNMTQwMzIwMTUyOTI3WjAhAhAD7R2JmXKw9z+TY3Q/lQl/Fw0xNDAz +MjAxNTQxNDlaMCICEQCfBkuwGfZzBOCOIDx5n/5lFw0xNDAzMjAxNjM4MzlaMCEC +EBG+5MfqNQx7BZ6160M0jagXDTE0MDMyMDE2MzkzOFowIgIRALu0n9nEJdRYT6Z9 +BLXzjAMXDTE0MDMyMDE2NTYzM1owIQIQLArulMODFMmkpJza9NmvmRcNMTQwMzIw +MTcwNzQyWjAhAhA8J22vGT2/fZcC8UIJwa3BFw0xNDAzMjAxNzA4MjdaMCICEQC7 +5Emf7WyHQDaOKgdRLumeFw0xNDAzMjAxNzA5NDZaMCECEF/iuXz2iHN2i98SRvWh +f88XDTE0MDMyMDE4MDMyNFowIQIQWHuWtw6gMXDXfsz17ABU7hcNMTQwMzIwMTgw +NjA0WjAiAhEAiSHn0O6IdKmn6UMtVhTGOBcNMTQwMzIwMTgwNzIwWjAgAg8N1tUV +440qe+ZQ9Ao3sZQXDTE0MDMyMDE4MDczNlowIgIRAKZvZyaIFCPqM6YjDpzjcmwX +DTE0MDMyMDE4MDgyOVowIQIQR/sm9XZ8Ur4VptMnBhJD/BcNMTQwMzIwMTgxMjQ5 +WjAiAhEAmdQ5OqLy/FcMQ9D0tjg60BcNMTQwMzIwMTgxNDQ0WjAiAhEAyfTEBqIZ +qRB4LEZBwMWazRcNMTQwMzIwMTkwODQ3WjAhAhAnzeGJNnFwY21iQ/R+1QY9Fw0x +NDAzMjAxOTE4NDRaMCECEHLP+ZjXHmybxnmvnmSAdjEXDTE0MDMyMDE5MjAzMlow +IgIRAIkwWNCIjH4UtsXBgjh1We8XDTE0MDMyMDE5MjU1NlowIQIQAJ5rWyedNBXS +JxqSM+CVoxcNMTQwMzIwMTkyNzI3WjAiAhEA/aB8vpPcJoA0QllaUyqCDhcNMTQw +MzIwMTkzMjU1WjAhAhA4PvNOmvzLbYm8LpXGQx2uFw0xNDAzMjAxOTM1MzNaMCEC +EANWslywsVxf5+AASegyMrkXDTE0MDMyMDE5MzYyN1owIgIRAJ2Vg+LFUyTT9iL0 +Lgf+rqUXDTE0MDMyMDE5MzgyMVowIgIRAMOSjPu0PxNlAsb0Eesum3UXDTE0MDMy +MDE5MzgyNVowIQIQZqyglTMDmzWrU4KPrdNmfxcNMTQwMzIwMTk0OTA2WjAiAhEA +ojd+1vXcE06vYQUH/GmfyBcNMTQwMzIwMjAxMjE2WjAhAhAuYTJbSTAXhlM5FP7R +sfjbFw0xNDAzMjEwOTUxMDVaMCECEH/P1aOl0bw6wVe2XziYtdIXDTE0MDMyMTEw +MTU0MVowIQIQNXSNBHT2b5EYp4TeMT0TchcNMTQwMzIxMTAxNjA0WjAiAhEA1+qe +7Hj8OT6mW5cRTQhDMxcNMTQwMzIxMTI1NzQ1WjAhAhA+mjapwFUw97tRWr50HyWQ +Fw0xNDAzMjExMzMwMTdaMCICEQDkguK05MBmc+xUJDEjBsR7Fw0xNDAzMjExMzQ4 +NDdaMCECEHJNzDlH8kHb73FPVRNBPtAXDTE0MDMyMTEzNDg1NVowIgIRALpPlfVy +WhWxbc65YCeCoBgXDTE0MDMyMTEzNDkxNFowIQIQJTXPBwu9z+IMeMGeFLVO+BcN +MTQwMzIxMTM0OTI1WjAiAhEA8FdBunM0BsLb2yu4pVD3sxcNMTQwMzIxMTQxNzI0 +WjAhAhBniz7bsFSYF2rbGVO8UsJyFw0xNDAzMjExNjE4MzJaMCICEQCTEnt7DJlu +PbX7KDfFn+lrFw0xNDAzMjExNzAzMzhaMCECEC5xVNR6HUhiAdmIP8X4LFIXDTE0 +MDMyMTE3MDM1NlowIQIQU+9v46uSWMBKhDCNhas60hcNMTQwMzIxMTcwNDE1WjAh +AhBAAHChnv/ZbePm35LFzQb7Fw0xNDAzMjExNzI5MzZaMCECEBPHqRjSLtn8X2+4 +NLDioFEXDTE0MDMyMTE3NDYxNFowIgIRAMSJUmPiHlZW0oapcBU4ts0XDTE0MDMy +MTE3NDY1NFowIgIRAPCusqIQRxjnasTsrbLb3FkXDTE0MDMyMTE4NTYzMFowIgIR +AOBmx+MYay/3dRpw9mYbYF0XDTE0MDMyMTE5MTI0M1owIgIRANMuwFKgxzxA26h2 +MhXqbIwXDTE0MDMyMTE5MjYwMFowIgIRALa3TcanIGMyYyH4wmgLZMkXDTE0MDMy +MTE5NTY0M1owIgIRAKoMlfpgBhuKRnjvwxCpqd4XDTE0MDMyMTE5NTc0MVowIQIQ +YIop+3WYOHCQPipKSrydiBcNMTQwMzIxMTk1ODE5WjAhAhBl/k9PSMzKej8n2OhS +dgjMFw0xNDAzMjEyMDQ3MTlaMCECECIzJvWUNlPM/mcUJluFGJIXDTE0MDMyMTIw +NDczMVowIgIRAPWSawoIgWVNZ6ULSGFgQGUXDTE0MDMyMzE4MDUyNFowIQIQbSl3 +UqcI2TKO81LD36OxoRcNMTQwMzI0MDA1OTQ1WjAhAhAiwnEwWVOin3FvUG6ePyRr +Fw0xNDAzMjQxMzA2MDlaMCECEAJElkG3kjFqVuoGrHk1MXsXDTE0MDMyNDEzMzE1 +MVowIgIRAPQ91Q+kmzyGFkmb0QRTHqUXDTE0MDMyNDE0MDUzNVowIgIRAKbF0MLS +XSMY8lgOtKfajBQXDTE0MDMyNDE0MzAzMFowIgIRAKRTXvQJZ+trkwefRzFB1L4X +DTE0MDMyNDE0MzQ1MlowIgIRANU6mAag7nCmIyyHug0Mm9QXDTE0MDMyNDE1MTMw +MVowIgIRAK3YvsHIGtrmS0TkGzEOfB8XDTE0MDMyNDE1MzYxN1owIgIRAJF+oMA8 +cDaRjbExgSSua60XDTE0MDMyNDE1NDQzOFowIgIRANdDpc2l5n0p7qTjWB7e0X8X +DTE0MDMyNDE1NDQ0OVowIQIQRSbakUMOCQPAnvG+Gz021hcNMTQwMzI0MTU1MTMz +WjAhAhBF5D3mAkAoF4uvvvpvn+rXFw0xNDAzMjQxNjUzMzZaMCECEH7cDgDbtLow +du2Y66jH+IsXDTE0MDMyNDE2NTgwNVowIgIRAIMtW5UgsXnd7xPLmn/rwy4XDTE0 +MDMyNDE3MjE0OVowIgIRAOQJ1Nq4z4aZ61PUeCbCo1cXDTE0MDMyNDE3NTM0NFow +IgIRAKb/lS1qeDKgPywu01xhnVUXDTE0MDMyNDE4MDg1M1owIgIRAKouU2wLff6W +acVP8xEBKd8XDTE0MDMyNDE4NDE0MFowIQIQUQQCiWXLUtUCbNqINogzMRcNMTQw +MzI0MTkwNTMwWjAhAhAmdVTshrbnuOfLeFcifxDKFw0xNDAzMjQyMDEwMTBaMCEC +EDzaKtT/sTVIp4QeCclsrRoXDTE0MDMyNTA5MjcyMlowIQIQbrjKvso4BNrI4Efh +QjxGuBcNMTQwMzI1MTI0ODUzWjAhAhBI6SVEe4DkHCmzAWdgOUj+Fw0xNDAzMjUx +NjEzMTdaMCECEBhvmDxK9BJj+PJBwxBKhocXDTE0MDMyNTE2MzIxN1owIQIQL8uY +wnzNVlHUCpWQjugfZhcNMTQwMzI1MTYzNDAzWjAiAhEAh/DJZVGssHdJjy7bme+z +lhcNMTQwMzI1MTY0OTIwWjAiAhEA4VbM5aQ3c15xGCJKvTz0WhcNMTQwMzI1MTcy +NzAxWjAiAhEA1FjdybvXlRLI6D8B/Su6VxcNMTQwMzI1MTc1NjEyWjAhAhBxyAYN +j1GaGHBvYniL/GqOFw0xNDAzMjUxODM0MDNaMCICEQD9F7zGR4PQXjyltHViR+VF +Fw0xNDAzMjUxODM0MDlaMCECEEfLrIgraeGzZyYwauP9uD8XDTE0MDMyNTE4Mzgz +OVowIQIQK10MtsWSic90sGQvWFnZMxcNMTQwMzI1MTgzOTQ3WjAhAhAZ5SSrgjbu ++Ep8QJ4WDC7+Fw0xNDAzMjUxODQ2MTJaMCICEQCb6wHRdo9ll+/v94Koc3anFw0x +NDAzMjUxODQ4MThaMCECEBbqgBuPbM2L0hZNoGOVGwgXDTE0MDMyNTE4NDg1NVow +IgIRAJ/C1LpwSJZSwrQ2n0D+Qr4XDTE0MDMyNTE4NDk0M1owIgIRALZHlBisq01a +ApSaZeKpYCcXDTE0MDMyNTE4NTAxOVowIgIRAJlX1snWGmyQB4Omi74xly0XDTE0 +MDMyNTE4NTEwMVowIQIQPgnMGW7wIyyqe4dAPwDSBBcNMTQwMzI1MTkyMzE3WjAh +AhBx9k4fkYO/oFRAGFAdlnFxFw0xNDAzMjUxOTQ0NDFaMCECEB62gPb9adEtSHO1 +/H7nyzsXDTE0MDMyNTIwMDk1MVowIgIRAOuygXlp1fSLoJ4WKbN1f/YXDTE0MDMy +NTIwMDk1M1owIQIQLcRDyZPmYT24BqAHyrSDDRcNMTQwMzI1MjAwOTU4WjAhAhA8 +BQnbW6r/vp8QenWNSIS2Fw0xNDAzMjUyMDU2MTlaMCICEQCHV7AtZiUjYj+uxxIG +WevXFw0xNDAzMjUyMjA2MzBaMCICEQDR/gCgDuY5WNcYhQxa5V1xFw0xNDAzMjUy +MzE3NTlaMCICEQDv6IHsvfeC6rCiPp+aQnohFw0xNDAzMjUyMzE4MDhaMCICEQDD +qIhB4YPj8QLqEUaBgXrzFw0xNDAzMjYwMjI2MDBaMCECECW28j4dv4nJRtp3T/Sv +wvgXDTE0MDMyNjA0NDY0MFowIQIQMMH7FwtGWNeUFGXccy/S3hcNMTQwMzI2MDkz +NDQ5WjAiAhEA8PqouKT88A36Q4ioIA7/NRcNMTQwMzI2MDkzNTA2WjAhAhACtyQN +zMbe3Tm6Wl9mk3MrFw0xNDAzMjYxMzM4NDBaMCECEAEkDWK/5I1EtiixHYGBJeAX +DTE0MDMyNjE0MDIyMVowIgIRANM0m+RHiJJNm+jg3rkKftcXDTE0MDMyNjE2MDgw +NlowIQIQYD2zw8yoGO58DDXOK/c11BcNMTQwMzI2MTcyMjQ0WjAhAhBmRwXUNpJ0 +TPQS5F1W0LbCFw0xNDAzMjYxNzIzMDJaMCICEQDRu6ck83ftTrkX5wn+4XvpFw0x +NDAzMjYxNzIzMTdaMCICEQC2M+n9oxlHZrjlkLLZhqD2Fw0xNDAzMjYxNzIzMzBa +MCICEQC4kHUKiwaBAfu1lgmDlirmFw0xNDAzMjYxNzIzNDVaMCECEAW+UZkncP8J +NajhhYm4abwXDTE0MDMyNjE3MjQwMFowIQIQGR42RS9eGqHtBpvJI6YBAxcNMTQw +MzI2MTcyNDEyWjAiAhEAiwhUY4XYrk1T6/capNlXqxcNMTQwMzI2MTcyNDI3WjAh +AhAf/cuIgZ5Bri3IelTJ2MrTFw0xNDAzMjYxNzI0MzhaMCECECOohAhnTEr+dm4O +IwL4vloXDTE0MDMyNjE3MjQ1NlowIQIQHnPR96cY12t7qcNYtCdRxhcNMTQwMzI2 +MTcyNTA3WjAiAhEAj9JSdhi5ZMjOxDzori1DZRcNMTQwMzI2MTcyNTE4WjAhAhBm +EidRfvmA5N2lQne5PslIFw0xNDAzMjYxNzI1MzJaMCICEQCXqIi8dQv9qLxexgcl +XmYSFw0xNDAzMjYxNzI1NDRaMCECEG2VR8xU8fN5tz+jnv8zUBkXDTE0MDMyNjE3 +MjU1NFowIgIRAObD+eKfLgQw/KJZqwYbvNoXDTE0MDMyNjE3MjYwNFowIgIRAISt +3MD1JGUAmJfPfnKmp1EXDTE0MDMyNjE3MjYxN1owIgIRAKbZPY5PvRWUHrB9yTLW +Z9cXDTE0MDMyNjE4MDkxNVowIgIRAJ3op7qyuVWSFjpXdWjyfmwXDTE0MDMyNjE4 +MzgzNVowIQIQdT+G9o317e9U/AjOLgryXhcNMTQwMzI2MTg0NjAwWjAiAhEA3VqR +aL2MllcEC6J1Ud3wjxcNMTQwMzI2MTg1NzM5WjAhAhAGk7UVOIh3CHuchl2CMvgz +Fw0xNDAzMjYxOTA3MDZaMCICEQDleiH+UTvROlIYJwC5aGqcFw0xNDAzMjYxOTA3 +MjRaMCICEQDZdyfbpTyy7iZtBQl2xhqeFw0xNDAzMjYxOTA4NDdaMCECEHHYCl1r +zqw7Fk68A7flTY0XDTE0MDMyNjE5MTExNVowIgIRANnBl9Tz66RwAeF2NKf2vmYX +DTE0MDMyNjE5MTIzMlowIQIQUd+TTzo6u2s3cs3pPlm13hcNMTQwMzI2MTkxMjM1 +WjAiAhEAqQy2Jy0piu6AA7ZC14UzSxcNMTQwMzI2MTkxMjM4WjAhAhAe4RRRIzta +S7gAv9SMWsFtFw0xNDAzMjYxOTIzNDlaMCICEQDOU1OtEsmxAamztUcfO+yAFw0x +NDAzMjYyMDA0NDFaMCECEF1xlEaYJBEf1iqr08BYnU4XDTE0MDMyNjIwMjY0N1ow +IgIRAISDvj6uBeLvU3sA4RkdSukXDTE0MDMyNjIwMjY1OFowIQIQJdd3giLr3rbb +65Ww9zmtzBcNMTQwMzI2MjA0NjEwWjAhAhBiFMSQ8xxbVBzOiXCbc3mrFw0xNDAz +MjYyMTU0NDVaMCICEQDaClHN3enXsA8SS1n+f71cFw0xNDAzMjYyMTU0NTVaMCEC +EBTgjXqr97mg84iwLGUT6eoXDTE0MDMyNzA4MDQ0M1owIQIQRDvg0QhpdfKcH6x5 +nh3bqBcNMTQwMzI3MTAyMzU5WjAhAhBer2y+dldDdTJTlHfEWhzcFw0xNDAzMjcx +MTE0MjJaMCICEQDQeiVHi5dlInAc/FhljT+rFw0xNDAzMjcxMjQwNDJaMCECED60 +MhNmqUHywWKFrEWxVs4XDTE0MDMyNzEzMzY1NVowIQIQIkammqMY9K5d9DjMlKDl +nhcNMTQwMzI3MTQxODI3WjAiAhEAyPMU4n6wDZUe93FasAE8ERcNMTQwMzI3MTQx +ODMxWjAhAhAkrFm/dku/HUdmSOUhyu0MFw0xNDAzMjcxNDE4MzRaMCECEAZlEpy2 +B6fC0H2oydsZlGcXDTE0MDMyNzE0MTgzN1owIQIQJs1KdnygEzBxCQBaK+WO7hcN +MTQwMzI3MTQ0NTE1WjAhAhA4xyluNrf6R+ToxSn3sWBGFw0xNDAzMjcxNjAyMTNa +MCICEQCzFF/UDAioJaIKFvQCo26aFw0xNDAzMjcxNjMzMDlaMCICEQCQ6HBiXVRR +hUbLxJTwqC+kFw0xNDAzMjcxODA1MTdaMCICEQC1Mwxu5mzZbcIs3TZCeDdCFw0x +NDAzMjcxODE3MjFaMCECEA/1GoRO/j+MAU5nOk1xxV0XDTE0MDMyNzE5MzQyNFow +IAIPfmtCeKlE2vav4w1f5kClFw0xNDAzMjcxOTM1MzJaMCECEFfDEp+wFiOwkiOT +iYHPtPwXDTE0MDMyNzIwMDMwMlowIQIQGECMYXWuUYbIkwC6uk+xGRcNMTQwMzI3 +MjAwNjM5WjAhAhBHfiapEB37/Ejmf9wfS2kbFw0xNDAzMjcyMDE0MTJaMCECEHPD +2UoF6sz5QkzNvw2FMqQXDTE0MDMyNzIwNDc0N1owIgIRAKgnAgruvydLL58uIS+1 +F38XDTE0MDMyNzIxMDcwNVowIQIQbaVf3Axz7kQbLoTvfmL3HBcNMTQwMzI3MjEw +OTUwWjAiAhEA2dOpuFw2YYsgSQWpNDnTaBcNMTQwMzI4MDA0MTE1WjAiAhEAyG+n +FpRTeo5267tj8I0GdRcNMTQwMzI4MDA0MTMxWjAhAhBJz2H319V3csyRIgnUcH+y +Fw0xNDAzMjgwMDQzMTJaMCECEA1jtXz3sutdUjN9Gy2gpQIXDTE0MDMyODAxMDEx +OVowIQIQchpBO1OZNXcXRSL487kloxcNMTQwMzI4MDgzNjQxWjAiAhEA0nwAxk87 +V1zu2karGs1jdBcNMTQwMzI4MTMwODEzWjAhAhAFkmYnW0nFli2wAR23Jpc8Fw0x +NDAzMjgxMzQxNTJaMCECEE0hC/f09WGmTYfWD4pI3o0XDTE0MDMyODE0MjkwM1ow +IgIRANCMxWW28Bc0jNZNJggrqFgXDTE0MDMyODE0NDY0N1owIQIQaU2BON5xdkFN +HZgp58QnWRcNMTQwMzI4MTQ1NTA2WjAiAhEAn6227FvlfMrZCm/SKlIM4hcNMTQw +MzI4MTU1MjI3WjAhAhAbWQE+jjKYnQr/fKv2343pFw0xNDAzMjgxODIyNThaMCEC +EG1Nvv21wMBMAv90c1BQNTUXDTE0MDMyODE4MzkxNVowIgIRAOK0Wq9OvK65GGwg +uRFglXUXDTE0MDMyODE4NDUyOVowIgIRAIanoKT2ETE40Od5K4sEWOIXDTE0MDMy +ODE5MzU0OFowIgIRAKKSeiVb/g1XHq/BJUstomgXDTE0MDMyODIwMDYxMVowIQIQ +ftYI8VX86Nfc6GeJD8BRfhcNMTQwMzI4MjIyNzQyWjAhAhBAiwf3V6889N6oc6Kp +nLVGFw0xNDAzMjgyMjU4MzRaMCICEQCVz1PHcWDqSxetfqOl0KIKFw0xNDAzMjgy +MzM5MjBaMCECEGSOQlSvzwYM1iiriYgE8GkXDTE0MDMyOTE3MTMwNFowIgIRANzb +iJP/fQ8aDmQZdDxPCRoXDTE0MDMyOTE3MTMwNFowIQIQDZwC3pnu59ZWDVYhFWA6 +3BcNMTQwMzMxMDcyMTQ0WjAhAhAQavn/TtKbjxVUXjAA3hKjFw0xNDAzMzEwODIz +NTFaMCICEQC5pPZ8ZBxnKJROpug+IU7bFw0xNDAzMzExMjMzNDdaMCECECXaJ/ed +HGrcl5FcBJ00J+4XDTE0MDMzMTEzMDI1OFowIgIRAMX1Ci4sqp+ycuyDXA+93DcX +DTE0MDMzMTEzNTIwN1owIgIRAPRhNGT8e9iAt38TSXqVyswXDTE0MDMzMTE0Mjc1 +NlowIQIQCNgBokwIHYk/xENZT3xgbRcNMTQwMzMxMTQyODE1WjAhAhAN7C29a1aB +hegGSn19uxacFw0xNDAzMzExNDI4MjdaMCECEHkmTre2y9qh62NKdlR1v34XDTE0 +MDMzMTE0MzE0N1owIgIRAIZbv54qgMfIFqiyOuwBBVMXDTE0MDMzMTE0NDQzOVow +IgIRAI6E7h3mf79mA0+JgAOlTOUXDTE0MDMzMTE1MDkzOFowIQIQYy8WJdcbwDFz +3e4CwFAluhcNMTQwMzMxMTUwOTQyWjAhAhB26gbrt+CzB3aiXCt6alAgFw0xNDAz +MzExNTE2MTRaMCICEQCTI9VY3+Diu8ixDe4HDD1AFw0xNDAzMzExNTI1MzVaMCEC +EDgfnnCdUApyp8VkdQgEUD4XDTE0MDMzMTE1MjYwNlowIgIRAIdB7nOyHGGAYPtN +3JZWx5IXDTE0MDMzMTE2MTgzMlowIQIQQPNJiM8A34r7xEo83hIyrBcNMTQwMzMx +MTczNDAwWjAhAhBspKNrcoGnJxIif6eJHAULFw0xNDAzMzExNzU3NThaMCICEQDE +4Y2aF5ZyAC+hR/WBCaudFw0xNDAzMzExNzU4MjZaMCICEQDu3n6QZdxm4SX7Y+WX +RITrFw0xNDAzMzExNzU5MTRaMCICEQCGPMdpdWJfdbkFp9Q0yX7tFw0xNDAzMzEx +ODMwMDdaMCICEQCnnKro76rgIgaObptCy4kaFw0xNDAzMzExODMwNDVaMCICEQDN +CgDY9r6jDR45frJxwsvJFw0xNDAzMzExODQyMjVaMCICEQCNP61IayHGw8orVrng +ho9nFw0xNDAzMzExODQ5MjFaMCICEQDJDq/NGs8+50WtinVnCRRwFw0xNDAzMzEx +ODUyMDhaMCICEQCJgQINnp0KYfnFgEOoFrbdFw0xNDAzMzExODUyNDRaMCICEQDw +IOdI3RDrLs6BogUql2OZFw0xNDAzMzExODU0MTFaMCECEDQABk7ryD69JqD8u7Wz +PjwXDTE0MDMzMTE4NTc0OVowIQIQawpdNTlH1OfZ7/1nRmXpUxcNMTQwMzMxMTg1 +NzU1WjAiAhEA7mMdk/3nvT+hpF++PvhgkBcNMTQwMzMxMTkwNTUyWjAhAhApTvIT +GmVbqudcKmi7t2q/Fw0xNDAzMzExOTA4MTRaMCICEQDbGiqfjHbT+DxJqXk4AzJc +Fw0xNDAzMzExOTEzMjhaMCICEQCTYUPUjXaHu57O3uvOW+7fFw0xNDAzMzExOTUw +MTBaMCICEQD60mcXYbLA5BvgZAaN/vdfFw0xNDAzMzEyMDU1MjJaMCECEHUTFEMy +hrpSnx7zt5dtqhMXDTE0MDMzMTIwNTg1M1owIQIQGXEq6jHmlWKO6QitkiuV5hcN +MTQwMzMxMjE0NzI5WjAhAhAUT5jtYkHLva5Hz3hBI8OiFw0xNDAzMzEyMTUwMTJa +MCICEQDNw+hZaNVz34Z/JdIhss2dFw0xNDA0MDEwMDEyMjdaMCICEQC3izkMA3EO +bytmFh3USr8rFw0xNDA0MDEwMDEyNDlaMCICEQD/YKeFRUrl2sJrRwa0M8AyFw0x +NDA0MDEwMDEzNDdaMCICEQCNBvKKOgoCor5S/HpgzDT3Fw0xNDA0MDEwMDM5NDRa +MCICEQChYkafYLbOvQeumXgXVNm1Fw0xNDA0MDEwNzUyNDRaMCICEQCg8PXNBF6F +eVshhE8VgxzwFw0xNDA0MDExMDExMzdaMCICEQC8hU/EwBk6pkkyLmanf8dTFw0x +NDA0MDExMzM3MjVaMCICEQCZ7PL4kqPUCUfPcDvgmwUmFw0xNDA0MDExNTU0MzZa +MCECEG/6Ruqfyifl91kv/q0YvVsXDTE0MDQwMTE2MTUyMlowIQIQaEzhrH4v2ZHq +ULk62uxTSxcNMTQwNDAxMTYxNTM3WjAhAhA8tWDxXlD2H4YGdt0T5Hv5Fw0xNDA0 +MDExNjE1NDlaMCICEQCi05IK1pK48clB+12+7mc8Fw0xNDA0MDExNjE2MDJaMCIC +EQDpdnuaykyNxNZGRgvGnoTfFw0xNDA0MDExNjE2MTRaMCECEDudwjCACXkx3Ok0 +KL7QjRkXDTE0MDQwMTE2MTYzM1owIgIRAKMeF1deUHNFSdvWy8iRRjgXDTE0MDQw +MTE2MTY0NlowIQIQHcUkvZk5cZWex5LIdqQLGxcNMTQwNDAxMTYxNzA0WjAhAhAs +kE1OnX/tdTzr7ZQWPbOlFw0xNDA0MDExNjE3MTVaMCICEQCE27uKyCQU0YVpDk+k +CYAEFw0xNDA0MDExNjE3MjZaMCICEQCBhn8KtjuPL2J+Z+kVsdXxFw0xNDA0MDEx +NjE3MzZaMCICEQCFrYYqepwGWPz0Pe1mgi/+Fw0xNDA0MDExNjE3NTFaMCICEQDd +m2lWw85uB5jFgfwXiaZnFw0xNDA0MDExNjE4MDNaMCICEQDbbZOQgdCfM8aSH7Mq +0cdYFw0xNDA0MDExNjE4NDJaMCECEE6/8IcmsqSQrRlwGeRRjjUXDTE0MDQwMTE2 +MTg1MVowIgIRANsNUMZtKs4kzoYcnAZNRucXDTE0MDQwMTE3MDc0NlowIgIRAPdx +3R5zAGYOAt7J8AUN3xYXDTE0MDQwMTE4NDM1MVowIQIQVe/c4QUNGELIoip3oF97 +0BcNMTQwNDAxMTk1OTI5WjAhAhA/RQBaGN44kjYkBVG5r1/iFw0xNDA0MDEyMTQy +NTFaMCICEQD/lCwFHqbCE+Vh4zi25Xy8Fw0xNDA0MDEyMTQ2MjlaMCECEFeBgY/f +d57ujqABIVBFLU0XDTE0MDQwMTIxNDY0MVowIQIQUZG74UnXZtRWi4TRVsfCtxcN +MTQwNDAxMjE1NzQ0WjAiAhEAxfDnW9RljMOJ1BcUcwqJpxcNMTQwNDAyMDMxMDI2 +WjAhAhBogpnU4SKr1gRs8uxE71jqFw0xNDA0MDIwODI2NDRaMCICEQDJj8owfsE9 +UbgJ7F88MS+TFw0xNDA0MDIxMzE4MjRaMCICEQCo/Ho177udIY+9KQooiI/iFw0x +NDA0MDIxMzM5NDFaMCECEHOykB30rOLxpX/NITHAJe4XDTE0MDQwMjEzMzk1Mlow +IgIRAJdggOowIhy8DMALY8ZlM2UXDTE0MDQwMjEzNTIyMFowIQIQC7uC3Ea4NJKm +PNgSkjE/OBcNMTQwNDAyMTUxNDA2WjAiAhEAkfkclQ6LaKxSJmQxSStj6hcNMTQw +NDAyMTUxOTM5WjAiAhEA5j0zrlI+jxNLhHYmdLeA7BcNMTQwNDAyMTgxNzM4WjAh +AhBpq088DKysD1HHfs8/mMHiFw0xNDA0MDIxODU0MDNaMCICEQCZIecCmeZc7lGw +5G0RZ2rzFw0xNDA0MDIxOTE1MDJaMCECEFej3OPTQ6KHNbu4Vc6NSOUXDTE0MDQw +MjE5NTIzNVowIQIQRqDLyIAPxthwAzdAmX1JdhcNMTQwNDAyMjA1NTA0WjAhAhBM +ejEasul2i2TTFwHFjAnSFw0xNDA0MDIyMTA1NDJaMCICEQCHLsZCOGUvGGAyQg4i +Fc27Fw0xNDA0MDIyMTA2MzRaMCECEDLWn8BKRuGzwvqomoKRd1wXDTE0MDQwMjIx +MDY0OFowIgIRAIFzmevmvdgKg4Q3k22iMr8XDTE0MDQwMjIyMTgwNFowIQIQV7j+ +n6cdKJaZbcdi8xQwRhcNMTQwNDAzMDAyODA0WjAhAhAhxVV/4Lx56GoQeEaPuWFs +Fw0xNDA0MDMwNDI4NThaMCICEQDzZBmEoJjux8GVUir24dGgFw0xNDA0MDMwNDU4 +MjVaMCECEBiiwjkfJYDiVPSwjW68dzgXDTE0MDQwMzExMTgzM1owIgIRAMDZ6eNu +TKzZr4UaVLIOaO4XDTE0MDQwMzExMTk1OFowIgIRALsM+8DyNISepms3xwLW2ocX +DTE0MDQwMzEzMDMzMFowIgIRAJ8RVUUn0kCzbZeRuTMVvecXDTE0MDQwMzEzMTEw +OVowIgIRAKT5AS8brD7L0xygjzDNRw8XDTE0MDQwMzE0Mzk1MlowIQIQVQozVr4f +ukpr4lr/MubCcRcNMTQwNDAzMTUwMzA2WjAiAhEAkyZi7VAWRQi7Q5CHcBG1+xcN +MTQwNDAzMTUyNzQwWjAiAhEA+ZOaIGlHFEC3S432p8RikhcNMTQwNDAzMTU1MDEw +WjAhAhBb7H1tvUCSb0zxe6FmNd7vFw0xNDA0MDMxNjI2NTNaMCECEG3LaeK6C+Ib +HGrK/0NJrf0XDTE0MDQwMzE3MTMwNFowIQIQcRNAgGlVwz2qOPLNS71ZOhcNMTQw +NDAzMTcxMzA1WjAiAhEAw33LKLCKEVKd8d2HHUPpIBcNMTQwNDAzMTczNDQzWjAh +AhAH0hneW3ytVC3x3lHxkICfFw0xNDA0MDMxNzM1MDFaMCICEQC1N0dTzN2Ya46V +xEaQvgCXFw0xNDA0MDMxNzM2MzRaMCICEQDffcCqNsFH8sc1CnOTxjdOFw0xNDA0 +MDMxNzM3MDZaMCICEQCSgehodD0kIm9jP0F19mDnFw0xNDA0MDMxNzM3NTVaMCIC +EQCYHxmqxQoV1tZtAnYkzT+mFw0xNDA0MDMxNzU5MzhaMCICEQDJ/g0cz2RJW6lZ +PVG+tl2fFw0xNDA0MDMxOTA1NTBaMCECEGYy52ajpwhB3qv5d6Atp3IXDTE0MDQw +MzE5MTc1M1owIQIQX5tWgN1xk0lCROVgDgW5yRcNMTQwNDAzMTk0ODI4WjAhAhB+ +Fh0bS5IarKjX9pOmKxvRFw0xNDA0MDMyMDIyNTZaMCICEQDf0HHq2SI5jtMwp4+d +vN+qFw0xNDA0MDMyMDI5MDBaMCECEAOWuMpUHZY0p0NuCh7UhP4XDTE0MDQwMzIw +NTAyMFowIQIQQrp1seYiIRIS/rAKK+r23BcNMTQwNDAzMjExNTEzWjAiAhEA92RU +8hlRo8+ZVVkVVWRuKxcNMTQwNDAzMjE0NjExWjAhAhBnBS6C0atrFveyCjpnvCW8 +Fw0xNDA0MDQwMjAzMjlaMCECEAev/dmVzPbawCg4ljUKGVAXDTE0MDQwNDAyMDQw +MlowIQIQEfQZhH2cXZ7B+HoSXyy9ahcNMTQwNDA0MDYxMzAzWjAhAhBiMlgtbEsC +7RUIjOEoN/t1Fw0xNDA0MDQwNzM2NTZaMCECEE+mxfcyfYFV1r+U+psfNRwXDTE0 +MDQwNDA4MDk1OVowIQIQSWYinRjHfTPzxyRlYQMguxcNMTQwNDA0MDkwMzE3WjAi +AhEAkTaU3LOUG68qdiFyDeUSNhcNMTQwNDA0MTE0NDE1WjAhAhA8/ryS7Lrcf+HK +35MR5P6sFw0xNDA0MDQxMTQ1NTJaMCICEQDVCnn/WhTIB0/daOByCWKSFw0xNDA0 +MDQxMTQ2MjFaMCICEQCrGXNR0sR92XeXAiqbafxvFw0xNDA0MDQxNTQ1MzdaMCIC +EQC4cgzhSq1S2ujyI62cVMPAFw0xNDA0MDQxNTU0MzlaMCECEEQx1MXZonrxCKeN +RIo10IsXDTE0MDQwNDE3NTMwNVowIQIQOUWjA50gbCp3czwu4aqfLRcNMTQwNDA0 +MTc1MzE4WjAhAhA/OkZUkSUl8MH0A3fHzfJEFw0xNDA0MDQxODM2NTNaMCICEQCB +4ysWU4P1+gekrJJudXw3Fw0xNDA0MDQxOTEyMjlaMCECEBitV5G5qliqxfaI053d ++eMXDTE0MDQwNDE5MjA0MlowIQIQJ8NtDFuRgrcLG9z/XDPj7xcNMTQwNDA0MTkz +MjU3WjAiAhEAoNg4qs5RM653zkrtbrYYrBcNMTQwNDA0MTkzNjE4WjAhAhBfCNMI +LpdvZBX8Jbqr7P0LFw0xNDA0MDQyMDE5MThaMCICEQDR4yTd/IlJr88paB0mwEFf +Fw0xNDA0MDQyMDE5MjBaMCECEFFCkPswOPMAinukZese+j0XDTE0MDQwNDIwMTky +MlowIQIQLKaUjRmYJUr1hGBjuRSARBcNMTQwNDA0MjAxOTI0WjAhAhBTqdZzjH8J +oLpUjvGnAUmFFw0xNDA0MDQyMTE1MDBaMCICEQCROH5VT7W4XMRxojUSvGAFFw0x +NDA0MDQyMTIzMjlaMCICEQCVH87xai64FAwgEqYDzbCJFw0xNDA0MDQyMTI4MTRa +MCICEQCr5DuUM8QXY0xgMgGNh2eQFw0xNDA0MDQyMTI5MzVaMCICEQC5lJxSN+An +p4fBtZxe6P33Fw0xNDA0MDQyMTMwNDFaMCICEQDM3Yq88lBrkxUQBI+FICJBFw0x +NDA0MDUxNzEzMDFaMCECEHUGrowoFgsHfmlFrYKEogYXDTE0MDQwNjE3MTMwM1ow +IQIQBszKq3geSNtkCiVRjUaPWhcNMTQwNDA2MTcxMzAzWjAiAhEA/jYOG1FFvSVo +iRnZYRPiMhcNMTQwNDA3MDExNzM5WjAiAhEAgflWfI3qpTFm5qbIXBB1VRcNMTQw +NDA3MDgyNTM3WjAiAhEAo1SFM/0YropSy3PW1RvrLBcNMTQwNDA3MTA0NzI3WjAh +AhAdL7Fz1yvyo4t1ifHLIiAHFw0xNDA0MDcxMTI3MjNaMCICEQDuBZmMkCSkrnUu +3cCSjNuqFw0xNDA0MDcxMjIxMzdaMCICEQD9LRyLwYwv72KLWg8JC3sTFw0xNDA0 +MDcxMzAzMTBaMCICEQDI8KDUAHz2rWIAoekm6vokFw0xNDA0MDcxMzU1MzRaMCEC +ECmunDF+1JFb3ZHlTgnj/GsXDTE0MDQwNzE0MzUzOFowIgIRAJOo0FCc5f8FOHE1 +vtnSkAAXDTE0MDQwNzE0NTI1OVowIgIRALjFtL6rTatTRMp9RXYPQc4XDTE0MDQw +NzE1NDY0NlowIQIQOqJ0+n3TDQ7tS8O/9jm4DBcNMTQwNDA3MTYxMTMxWjAhAhBh +r/8FmSGeB3ggnsebaUclFw0xNDA0MDcxNjIyMjhaMCICEQCoJ6/kc2ay2OpWsyAn +3j5KFw0xNDA0MDcxNjIyMzBaMCICEQDqwTVI9Kpr2duQ4RiY6MnMFw0xNDA0MDcx +OTQxMTRaMCECEH0Mfo8UwHZhbcXVthIsc74XDTE0MDQwNzE5NDQxNVowIQIQTa/d +yvR8aixttj07IcRo5BcNMTQwNDA3MTk0NDI0WjAiAhEAtEJJHCOga0dl+/AzjljP +WRcNMTQwNDA3MTk0OTU1WjAiAhEAmWuA3ejO0PoGwomtGGppwhcNMTQwNDA3MTk1 +MDE2WjAhAhAWZGaGbfCUAH+ZRFMp3uk3Fw0xNDA0MDcxOTUyNTFaMCICEQCC/9Ae +4pJPd9shEWg1iburFw0xNDA0MDcyMDExMTdaMCECEBL9+XKLkFGF7Cc7Rb14JVAX +DTE0MDQwNzIwMTk0OVowIQIQb6wZ0e4sMtdiGEM9SbIUaxcNMTQwNDA3MjAzNTEz +WjAhAhAqd3ZqOeiIyvCVWbMthEHJFw0xNDA0MDcyMDUzNDBaMCICEQCMxLIt+KtW +gxpi97nl9UAtFw0xNDA0MDcyMzE0MjBaMCECEGB43jrTTdQxplagtZj3db0XDTE0 +MDQwODAxMzcyNVowIQIQK5h/DbeqDJM9CaAJruFIDhcNMTQwNDA4MDkxMzM0WjAi +AhEAhHLf8LllcBqUKEX4KiqKcBcNMTQwNDA4MDk1MjA3WjAiAhEAzK4CKF0vDys8 +qLWMry4ixRcNMTQwNDA4MTAxNzEyWjAhAhAv+ydcQUZLQMn5X4xo8+FlFw0xNDA0 +MDgxMjAwNTdaMCICEQCHCgMB2GUahEJ7DmQN4RLzFw0xNDA0MDgxMjMwNTNaMCEC +ECQdH8SdvZqto3QuEHJ/tqgXDTE0MDQwODEyMzA1OFowIQIQBDFwX5RUPL/xlkxi +2I31axcNMTQwNDA4MTMwMDMzWjAhAhBKe8Z1VQmBF6jvS3/gz77GFw0xNDA0MDgx +MzIwMDhaMCECEHnFhFbAw7JmXplBtWkNpwcXDTE0MDQwODEzMzEyNVowIgIRAMwy +qAHiHw5AOyHF4eNJPeMXDTE0MDQwODEzMzI0NFowIQIQPibPrZ/OLPrOKNJxF9TX +ahcNMTQwNDA4MTMzMzE3WjAhAhAYAxiGeDVTGqhdPzzD6aNQFw0xNDA0MDgxMzU2 +NTNaMCECEGXFSyH2TerHA2J0ieX0T+8XDTE0MDQwODE0NTE1NlowIQIQHQrNsIkF +WDk0pmt+JmisxxcNMTQwNDA4MTQ1MjM3WjAiAhEAzdxQ3MK8I9zn5IdarsZ4EhcN +MTQwNDA4MTQ1MzAzWjAiAhEA83zDxTvkofdxm69CH4KGjRcNMTQwNDA4MTQ1OTE4 +WjAhAhBuNnaWlYo+8h9v+WSGcr/yFw0xNDA0MDgxNTE4NTZaMCECEFVEojqwtvA+ +S2wyrXACFqwXDTE0MDQwODE1MTkxMFowIQIQc4lsWYbc40FRGkxCA9RODxcNMTQw +NDA4MTUxOTMyWjAhAhB1yDcsikN+IjgIteZmPii1Fw0xNDA0MDgxNTE5NTJaMCEC +ECO+PyT6I9IIoHOni2A45FUXDTE0MDQwODE1MjMzMlowIgIRAPPoaFA7wzAV11/6 ++8nRLyUXDTE0MDQwODE1MjY1NVowIgIRAN+Jt0BxQNhwW8PzRfWcQf4XDTE0MDQw +ODE1MzEwNFowIgIRANRWyHgog+ltiVLIEZbK3TEXDTE0MDQwODE1NDIzOVowIQIQ +JyGMVmkZQPSSvIwPkU31WBcNMTQwNDA4MTYxNjUwWjAiAhEApX7gpPKR5jXIFRL5 +uIPvExcNMTQwNDA4MTYyNjAyWjAhAhBn0icGQxaJh+CDailXpj7JFw0xNDA0MDgx +NjI2MTdaMCICEQC3hiW3rBEw4/996wf2sMraFw0xNDA0MDgxNjI2MzFaMCICEQDA +vBys6hF4GJz9MzRKnPJIFw0xNDA0MDgxNjI2NDNaMCECEHqF4kZNmKUQgieakMrf +DB4XDTE0MDQwODE2MjY1OFowIgIRAOWKjuah6uuaCiPmMkq5s5wXDTE0MDQwODE2 +MjcwNFowIgIRAMIU+qnJDfxhb79AwewQ60sXDTE0MDQwODE2MjkxOFowIgIRAJBy +YrtfNzSa8yMNLFcsYAgXDTE0MDQwODE2Mzc0OVowIQIQPQT8juQ+sDmcjNvqAGz9 +WxcNMTQwNDA4MTY0MDE4WjAiAhEAkbIiOMdKgB2ZKpHq969flhcNMTQwNDA4MTY0 +MTM5WjAiAhEAqQTK//FbOXrmH57oSJXhthcNMTQwNDA4MTc1MzIyWjAiAhEA0lZy +oZdcGRAHURMmf0XT9BcNMTQwNDA4MTc1NTA4WjAhAhBiQu/2w6RBA0sZysu9Q0A3 +Fw0xNDA0MDgxODIxNThaMCICEQDZnWFbVQQ/3bFguMQmkCxyFw0xNDA0MDgxODM2 +NDJaMCICEQCfMApZ7twv02qA8rp/W/lCFw0xNDA0MDgxODQ0MTNaMCECEGJZ3ebH +AVds9CjqFmvgq4IXDTE0MDQwODE4NTY1M1owIQIQBcLauwc+E9EtqcRfcHg5wxcN +MTQwNDA4MTkxOTQ5WjAhAhBrb9Tu/l1GKXy+cspSBCTnFw0xNDA0MDgxOTI4MTRa +MCICEQC6aYEtAZ1R7BZCZ2TgEgUQFw0xNDA0MDgxOTI4MjNaMCICEQC9WhcQLgAF +1tEABOWclKdcFw0xNDA0MDgxOTMxNTZaMCICEQDGabeyTLfcJNg/4vG1jAKJFw0x +NDA0MDgxOTM4MDZaMCECEEubUA2+AIsm5Pa1erlxhU0XDTE0MDQwODE5NDI1OFow +IQIQYHyhQB/nl6B03SG8Fg1gCxcNMTQwNDA4MTk0OTAyWjAhAhAbTvxXG3ZmnAuh +4z0jFquqFw0xNDA0MDgyMDI5NDBaMCECEG75KmNWUapMA9o0NQumXtcXDTE0MDQw +ODIwNTE0MlowIgIRAPoJT43e6kphzOE48Nzt+wUXDTE0MDQwODIxMjEyMlowIQIQ +Embba6vOX1WKX3QLF35XtxcNMTQwNDA4MjEzMjQ4WjAhAhBLKvWE4hrXdzK+zHd6 +wijVFw0xNDA0MDgyMTMzMDVaMCECECP9K6BqXWpzFfh+E2si4HsXDTE0MDQwODIy +MDIxNFowIgIRALeWWHmAKHA69y/z9v9OKiIXDTE0MDQwODIyMDIzM1owIQIQLu0z +Logzsv8w9lCj9EVUmhcNMTQwNDA4MjIwMjUzWjAiAhEAzN6klVkRapKgCW4hu57h +ThcNMTQwNDA4MjI0MTE1WjAiAhEA6MoO7DSkTKT4wkf9qXwMLxcNMTQwNDA4MjMz +MjI5WjAhAhByaHvNNzhz1Gmu5wJ6hxT6Fw0xNDA0MDgyMzM4NTRaMCICEQDZlwq6 +y7gSRHuLlY6XM96gFw0xNDA0MDgyMzM5NDdaMCICEQCyHjlpSo3XkxTIx0aNMDR6 +Fw0xNDA0MDkwMTAzNDZaMCICEQDvcVYJ6dpKej95/dyAVD2yFw0xNDA0MDkwMjEw +MTJaMCECEBGsFxzftFh2VaS9O0LD1/sXDTE0MDQwOTAyNTA1MlowIQIQB1YKIqe8 +aAdDnlIYXPfvnxcNMTQwNDA5MDI1MTMzWjAhAhBiPVwee0gMJeu7wdg8bRDAFw0x +NDA0MDkwMzI4NTRaMCICEQCFwB4mdRdlEJeCfmNgKYguFw0xNDA0MDkwNzI1MzZa +MCICEQCYdoZYPSo9DnIpZ73A/z/cFw0xNDA0MDkwOTE0MTFaMCICEQDEzbEmdAyh +E8+k9dQMBtHUFw0xNDA0MDkxMDEyMzhaMCECEC7sNzlbuu+9vexSYzlCc2UXDTE0 +MDQwOTEwMjYyMFowIgIRAKw0FrQg9uVo+qsMUCe51V4XDTE0MDQwOTEwNDYzMFow +IQIQHor3bTk0X4avT7gG0ineVxcNMTQwNDA5MTEwMjM1WjAhAhAuClMwDlmvBnUX +LGazgS68Fw0xNDA0MDkxMjE3NDBaMCICEQCahPrXmTXkwXNgk4bq+OgSFw0xNDA0 +MDkxMjE4MTVaMCICEQCWYVmFcisMAOHeX3OZ84iSFw0xNDA0MDkxMjE4NTdaMCEC +EBA4g7s8wRbnhnz/qZBhyu8XDTE0MDQwOTEyMTk1NFowIgIRAO9dzzMTJ/Rf7B2C +89nw//sXDTE0MDQwOTEyMjAyNVowIgIRAKiRUFqs9rOTrhxWssIY+8sXDTE0MDQw +OTEyMjA1OVowIQIQA6dsrSkcjtC7Vn9F5556yhcNMTQwNDA5MTIyMTMyWjAhAhAb +oK54c4BT09ZL37FALBUEFw0xNDA0MDkxMjIxNTdaMCECECVx+tcw3/RTzIqAmUhy +r3MXDTE0MDQwOTEyMjIzMFowIQIQI7zpM2bdtZLTU/SmrJv3WRcNMTQwNDA5MTIy +MzEzWjAhAhB0xua18rxG13b7OjMlz6xwFw0xNDA0MDkxMjIzNDFaMCECEDFcAUVc +Dk6hbIKe55nDgH0XDTE0MDQwOTEyMjQwNVowIgIRANY7ZWzbNOifpYdJUyo4ArsX +DTE0MDQwOTEyMjQzNFowIQIQdF12Et6tE1Ym2oNZqmqkuxcNMTQwNDA5MTIyNDU2 +WjAiAhEAlDc78iAgZOoQqRYZgIHnThcNMTQwNDA5MTIyNTM4WjAiAhEAkMf0geWE +0xkSTs02tA5RixcNMTQwNDA5MTIyNjI5WjAhAhBdkHIOsVluoBo1H2fPQQ5JFw0x +NDA0MDkxMjI3MDRaMCECEH2YBhfXWy8VAe7qTERjy1UXDTE0MDQwOTEyMjc0Nlow +IQIQEWNMkaoG0kdudnN3LIqCRRcNMTQwNDA5MTIyNzU4WjAhAhB564Tq3uj0g177 +qNB0vhUpFw0xNDA0MDkxMjI4MDRaMCECEBVqxsQ1E8NG0jPyMiqFy44XDTE0MDQw +OTEyMjkyMFowIgIRALEm/nqe3lhduEWaDkmVt/wXDTE0MDQwOTEyMzcxNVowIgIR +AMPodfu2Ay38znUMF8GoOxEXDTE0MDQwOTEyMzg1N1owIgIRAPouH7LG2iIMpg7F +ma0Tq0MXDTE0MDQwOTEzMDk0MVowIQIQZup0iaVyqSPop3NERjwzAxcNMTQwNDA5 +MTMyODI0WjAhAhAHpQ+NrN1LIo5xxAEGyfK2Fw0xNDA0MDkxMzMwMjRaMCICEQC9 +FQUDHZKazJpVrtXdZGyGFw0xNDA0MDkxMzMwMjdaMCICEQC8uOZ3b7y3jATcGijG +7ourFw0xNDA0MDkxMzMwMzBaMCICEQCgN2qEC0QVYBcVd1CW5nfEFw0xNDA0MDkx +MzMwMzJaMCECED/fuvujUdjJtyi2UhopwogXDTE0MDQwOTEzNDAzMVowIQIQbZ36 +RY47zEUqd+R1PpqO5RcNMTQwNDA5MTM1NzI5WjAhAhBEJE9r/yiJokE+c3jEhQWO +Fw0xNDA0MDkxMzU3NTRaMCICEQCiwErbSboZVu9Jw56x/cIcFw0xNDA0MDkxMzU4 +MjBaMCECEHO7SlSoHaRwWWJnXKK7Tm4XDTE0MDQwOTE0MDAzMFowIgIRALxgllHz +OXkyNJ+l5tifRowXDTE0MDQwOTE0MDIwNVowIgIRAIA94EaHnFNJgbMNItFQgNgX +DTE0MDQwOTE0MDIzMFowIQIQZSvXerX9OPhrYz2PRTcqwBcNMTQwNDA5MTQwMjM2 +WjAiAhEAxKoV1mP0jdpeXHOE2G1MVxcNMTQwNDA5MTQwMzI1WjAiAhEAqYamHLAZ +s1k4ILTQpVC1BxcNMTQwNDA5MTQwMzQwWjAhAhBlPX1qa8rLjA5dCDAmLFvhFw0x +NDA0MDkxNDExMjdaMCECEBgW7FaGywYI1gI/w5gOEjUXDTE0MDQwOTE0MjA0Mlow +IgIRAJgub57Fs3kxHMM8+Gi1jOMXDTE0MDQwOTE0MjM1MlowIQIQdJt6RIzpRbpq +2+9Gx8jsPBcNMTQwNDA5MTQyNjUzWjAiAhEAsWoGSbcPbgl9hPqhOIimIBcNMTQw +NDA5MTQyNzE0WjAhAhATil49z+9X25As7rZc8KCFFw0xNDA0MDkxNDI3MjdaMCEC +EHOPxq3w2md2/nhK7xlSuW0XDTE0MDQwOTE0Mjc0OVowIQIQGaVBlZMH6Y3GKFvC +5gGi/BcNMTQwNDA5MTQzMTIzWjAiAhEA2TbJAtuF/pJSYbrdWBVbUBcNMTQwNDA5 +MTQzOTM0WjAhAhBuiDyCgRaeEVWpscTyZESRFw0xNDA0MDkxNDQ1MTBaMCECEDxE +549auMtnKvOiT01UWGUXDTE0MDQwOTE0NDk0MVowIQIQGZsu2+tHHblfu9NJSbHn +mhcNMTQwNDA5MTUwMDM5WjAhAhASEhgPhoKw+ZCuiBqpvp5IFw0xNDA0MDkxNTA1 +MTJaMCECEEF2yVKt8wCqjy1B80YlegcXDTE0MDQwOTE1MTEzMlowIQIQf2h0BG0Y +hDZjPaonQA27XxcNMTQwNDA5MTUyNDU3WjAiAhEAhi18QpGWe0pCZF72duYDohcN +MTQwNDA5MTUyNzA1WjAiAhEA7WEY88GJ/FozFgl0KeoKzxcNMTQwNDA5MTUzNzA1 +WjAiAhEArkC63qC+sqeXBmxDVyC8HhcNMTQwNDA5MTU0MzQ5WjAiAhEAjaQlKBL9 +yBxMGRM0xpIm4BcNMTQwNDA5MTcwOTM1WjAiAhEArai+0aOIMUBvbnQydAPUjxcN +MTQwNDA5MTcxMzAxWjAhAhB6CRKfXxcDn9v6oJL3mSIyFw0xNDA0MDkxNzE2NTBa +MCECEAhP2R0YIxWEqnsChKRAQcsXDTE0MDQwOTE3MTcwNVowIgIRAONeGFD5rNrK +uhIInzxLT44XDTE0MDQwOTE3MzExMlowIgIRAPF9hh49H1zL4t6C1USE8fEXDTE0 +MDQwOTE3NDQwM1owIQIQDbrwPGydmsyq8+f3jlVPuBcNMTQwNDA5MTc0NDE3WjAh +AhAi2V82/wkyOhhnRcXT/Sr2Fw0xNDA0MDkxODQzNDBaMCECECyiZzK0scvXXRjV +iqPNpN8XDTE0MDQwOTE4NDQ0NVowIgIRAMit7J1i8fQ1ZHB2Dbi3vCQXDTE0MDQw +OTE4NDUyOVowIgIRAILmxqTTgVwVvqeWTPk6teEXDTE0MDQwOTE5MDUyNlowIQIQ +RvJCpfFQ7L5r9+cjsy16whcNMTQwNDA5MTkxMjIyWjAhAhA2oRhJ8KGi9k274KWe +wsiVFw0xNDA0MDkxOTE1MTlaMCICEQC7i2ClUp4LvJUniFwbE5p8Fw0xNDA0MDkx +OTI2MTZaMCECEDRI01oVRrgE9umMATXfO84XDTE0MDQwOTE5MzAyMVowIQIQfFuT +UsGw3jcHjjy9tLCF4RcNMTQwNDA5MjAxOTU3WjAhAhBtX0l0mvsPls0ICvf1ledg +Fw0xNDA0MDkyMDI4MjhaMCICEQDC7k4CxI7MMMyl2/XkcafBFw0xNDA0MDkyMDI4 +NDVaMCECEGE/PXIfuGGYRhUgzPC90eYXDTE0MDQwOTIwMzczMFowIQIQIqE++TCp +9rYrE3s/bJZ22hcNMTQwNDA5MjAzNzU5WjAiAhEA4nAmHY0grgiYYjlrcr/+oxcN +MTQwNDA5MjA1NDM1WjAiAhEAlXvQzSW7VTvprBBoNbSfKBcNMTQwNDA5MjEwMTE5 +WjAiAhEA9XQVdUw+wTZHOGtExcrLXhcNMTQwNDA5MjEwMTI4WjAiAhEAi+Ey9n9r +BrbyqtWdYuFUAhcNMTQwNDA5MjExMDQ3WjAiAhEAhKFd16OfdHsX2OGRgj9UKBcN +MTQwNDA5MjExMzE0WjAhAhBvrRKc4eGpxFx8f+IWhOmfFw0xNDA0MDkyMjI1MDZa +MCICEQCxCRq4AOIfxvzO9a9RoaXmFw0xNDA0MDkyMjM0MTNaMCICEQDnbRjFGuAh +caAf0zk7+y8oFw0xNDA0MTAwMDA2MjNaMCECEEqI23AU2Q+yYnE5RlMaU4oXDTE0 +MDQxMDAwMzcxN1owIQIQE7sbu/JPFiz/N1dWVrlpChcNMTQwNDEwMDUzNzA2WjAi +AhEArZOoisdKrPDhw7KXBzBeFhcNMTQwNDEwMDUzNzI1WjAhAhAXXOAoN0auOpbd ++2OUz2pCFw0xNDA0MTAwNzA0NTNaMCECECFvCXOStnxlKb8/oQ3WiqsXDTE0MDQx +MDA3NDkxN1owIQIQVKAQNEp78ZTruG4NgjlIRxcNMTQwNDEwMDg0MDI1WjAiAhEA +isCsDmv0M0gCgjaf7LVQuxcNMTQwNDEwMDg1MjIyWjAhAhBOu56tLnmWLTNWqCRT +00pdFw0xNDA0MTAwOTQ0MDRaMCECECMfR1imz0j/J5T4BVZEfogXDTE0MDQxMDEw +MTQxMFowIgIRAO8ISvq76EyxFc4h/c668TcXDTE0MDQxMDEwMzUwMVowIQIQc0dN +zVz3WfjRd9jWe9D/tBcNMTQwNDEwMTEwMDU3WjAiAhEAuX5RhcFt7Euzifz/JWdE +LRcNMTQwNDEwMTExMjU0WjAiAhEA577gdiq3LNL06Qxlhnza+hcNMTQwNDEwMTEy +OTMxWjAhAhBkJv4fKe7CzLnFQPQuvN2wFw0xNDA0MTAxMTM4MTBaMCECEHM2Yec2 +ESCVGjO3LhY1UTsXDTE0MDQxMDExNTQxNVowIgIRAPymtsjAivGmFIPhvI6VcxcX +DTE0MDQxMDEyMDYyNFowIgIRALspUS0BPnCWp6AfJvO+3t8XDTE0MDQxMDEyMTQz +OFowIQIQXsbeYk/VSfIUepzBL5qiohcNMTQwNDEwMTI0ODUxWjAiAhEA+UEy0Rtm +Reb3jJOlUtWhgBcNMTQwNDEwMTI1NDU3WjAhAhByX0h0GWl6bKeNLonv6Y7OFw0x +NDA0MTAxMzAwMjJaMCECEB0DHFUQHLFuraRvm9aOrOwXDTE0MDQxMDEzMTAxM1ow +IQIQIenABtmWfMjkCGRVmf/XBxcNMTQwNDEwMTMzNTAyWjAhAhAZh+y+pXEK6HHh +t0FezFETFw0xNDA0MTAxMzQ0MjlaMCICEQDzWA3SuSa3qerBT5nNZbzDFw0xNDA0 +MTAxMzQ1MTdaMCICEQC+8gpqY1Uccib6z/URP6mJFw0xNDA0MTAxMzQ3NDlaMCEC +EAWP9dThqdM3m3c8ho0bQk0XDTE0MDQxMDEzNTQzN1owIgIRAJ+WrIDNshPAk62/ +8f0X3hEXDTE0MDQxMDEzNTUwNVowIgIRAOKnwgH44kq071c4K4sirSAXDTE0MDQx +MDEzNTUzMVowIgIRAKgem2REmVAlehVbtk/iQ4MXDTE0MDQxMDEzNTU1NVowIgIR +APd/qzxmCjdAnYz8fvquEP8XDTE0MDQxMDEzNTYxN1owIgIRAMa7nM5xtXn2bsPs +JL8mD+IXDTE0MDQxMDEzNTY0NFowIQIQDkiPLa1dd0rySpCKHQ3rXhcNMTQwNDEw +MTM1NzExWjAhAhASD7U37obJgSbZ78TFo7HLFw0xNDA0MTAxNDE2MjBaMCECEE+3 +Abzqti1acLBXtdcy6fMXDTE0MDQxMDE0MTcxN1owIgIRAMvv2bQVxM3HH9NgAoDf +HX8XDTE0MDQxMDE0MjA0NlowIQIQSM0s9chb5z3AVwCAK2gRzxcNMTQwNDEwMTQy +MjU4WjAhAhBri8ztXsHZK+YELxJBQsluFw0xNDA0MTAxNDI2MTBaMCECEBHurJps +VlTGjwiPBaCA0+EXDTE0MDQxMDE0MjczM1owIgIRAM227Uh7Ae+8lQep0IxYvJMX +DTE0MDQxMDE0MzEwMFowIgIRAPq/q3Ir+N1uADWWpbstsRwXDTE0MDQxMDE0MzEx +OVowIgIRALWAh+1fpqHbkXzMQwIEZ7kXDTE0MDQxMDE0MzE0MFowIgIRAPhr4Yqs +To0JwdqHqlISDykXDTE0MDQxMDE0NDM0NFowIQIQDDIscHU85FWB0RxAithU+xcN +MTQwNDEwMTUwMzQxWjAiAhEAnHuA4EXZXR7kh4NxpoRWlRcNMTQwNDEwMTUyMzQ4 +WjAhAhB/NO4o/JolQ+JIpO8b8p0HFw0xNDA0MTAxNTIzNTZaMCECEG6a+nJN7Xsa +NVesoItMQhoXDTE0MDQxMDE1Mjg1NFowIQIQd619Suv9JIfGXqrtNI64ARcNMTQw +NDEwMTUzNDQ2WjAiAhEAhHJIjzbN0/Rw3wpMmL+wLxcNMTQwNDEwMTUzNDQ5WjAi +AhEA9Ik0IRa+Ymz036PWWIBQVRcNMTQwNDEwMTUzNzQwWjAiAhEAhH9cobSZaJtf +puga119AsxcNMTQwNDEwMTUzODM2WjAiAhEAkEEH9eJ/1RjUsw0F5hlpqxcNMTQw +NDEwMTUzODM3WjAiAhEAl53lsbNaBWSk5Lwnn3JEvRcNMTQwNDEwMTYwNzQwWjAh +AhBomVpugPGpj0bAGoGM91hBFw0xNDA0MTAxNjIxMzVaMCECEHQIiBhakxitXJye +aOLP04IXDTE0MDQxMDE2MjgxNlowIQIQcR/cgAzx444Um2uOFHsmlBcNMTQwNDEw +MTYyOTQ0WjAiAhEA9fA3ngxNCUQSALjHeeCVjRcNMTQwNDEwMTYzMDExWjAhAhBc +/hcSrIZDq7Vm3mSkQqNEFw0xNDA0MTAxNjM2MTRaMCECEHxP+v4fRvGXprhIxEYp +WKwXDTE0MDQxMDE2MzYzM1owIgIRAIM2qJ5nNwVuf5VZFlw+tUQXDTE0MDQxMDE2 +MzcwMFowIgIRAN5oXo/4pL8vvA0rr8X7RlkXDTE0MDQxMDE2NDAyM1owIQIQF2X2 +L0aonCXRpAfmAuG/yRcNMTQwNDEwMTY0NzE0WjAhAhBctG5mMdBm0y97QcoN4Hhh +Fw0xNDA0MTAxNzAyNDVaMCECEBLA8Et6whRkkPnNG495d/0XDTE0MDQxMDE3MTMw +MlowIQIQGeZIXNJa7De/+tgAwPOrzBcNMTQwNDEwMTcxMzAyWjAhAhBnqC3mD0Px +7q488qMoGHRdFw0xNDA0MTAxNzEzMDNaMCECEDKg8NL1jCz30pOId+KvmacXDTE0 +MDQxMDE3MjYxNlowIgIRAJX36kGs+wV8h6FIkFZCN44XDTE0MDQxMDE3MzcyMFow +IgIRAK6EKJ7+M84Of/bFWfmGS0wXDTE0MDQxMDE3NDg1OVowIQIQBJU5aEveKHUx +5WuEHiZgKRcNMTQwNDEwMTc1MTM0WjAhAhBrwiWxndkjHhxevw/diC0eFw0xNDA0 +MTAxNzUyMDBaMCICEQDFriLMbxWe4J+nDFOZT28JFw0xNDA0MTAxNzU1NDdaMCEC +EHZgrhw3lYqcgIDoM/BWur8XDTE0MDQxMDE3NTczNFowIgIRAPtal6hO+TejugRB +1jtSO6UXDTE0MDQxMDE3NTgxNVowIQIQGAxONEqBgegT2aiSNWPezRcNMTQwNDEw +MTc1ODQyWjAiAhEA/IqCa/3rs+JcXhNVeO8+7BcNMTQwNDEwMTgwNDIzWjAhAhAH +9HjJ+ARicMWNj/YNHDr5Fw0xNDA0MTAxODA3MjdaMCICEQC0TQ7FVmdfduw9xfk9 +xYj+Fw0xNDA0MTAxODIyNTJaMCICEQDAxxMUqYFGjTavntHjYuEPFw0xNDA0MTAx +ODI3NDJaMCICEQDtA3sUn5ciclUsZv19PeXAFw0xNDA0MTAxODI5MjlaMCICEQDV +2yaAwpmQ+7b50swrHPXmFw0xNDA0MTAxODMzMjZaMCECEE3kqAti5t8xu9WQvL84 +UboXDTE0MDQxMDE4NDQwNVowIgIRAPU/IhUVwQRJ5OYytqVuQDoXDTE0MDQxMDE4 +NDQzOVowIgIRAON0Y5ayRyaZnXgRcbJj4rsXDTE0MDQxMDE4NDQ1M1owIQIQPl2Y +tobOjfE2bWYKkwElxBcNMTQwNDEwMTg0NTUyWjAhAhBSGxNRvhH8EBMaMIum3I9m +Fw0xNDA0MTAxODQ3MDdaMCECEDoQsPbLVvNOQrXFAjKzozoXDTE0MDQxMDE4NDkx +NFowIQIQJ/Ms92Gemi8PH0oWH5IgLxcNMTQwNDEwMTg1MDU0WjAiAhEAis4aEr9P +fMrMFdk0K0sQaRcNMTQwNDEwMTkxMDQ4WjAhAhBiMJJwD6EH5DVVzNmmOEHTFw0x +NDA0MTAxOTM0NDZaMCECEEkZLz2+NQ9gOPQ/qvYtkE8XDTE0MDQxMDE5NDIxOFow +IQIQOksVvJXzSNxdGSVaPuwUhxcNMTQwNDEwMTk1MzIxWjAhAhB7N39GQh325iWP +6+WtivGHFw0xNDA0MTAyMDE4MTNaMCECEFlJ2HH0DSHhZWgYdkzVihgXDTE0MDQx +MDIwMTg0MFowIQIQV8kFAOLk5V9zsEZSDezHYxcNMTQwNDEwMjAzMTU2WjAhAhBb +wVzUyHqDV0P/5hnnEJl0Fw0xNDA0MTAyMDQ4NTlaMCECEHsFz4pPvN9UtfmfGfO7 +SY8XDTE0MDQxMDIwNTMzOFowIQIQL1onkFl8gJIlCQxLYQaO0hcNMTQwNDEwMjEw +NDUwWjAhAhANZ44ZCwdvGYKcTChTHKBfFw0xNDA0MTAyMTA1MjNaMCICEQDywwCK +I5vIax5bsMmvpCDyFw0xNDA0MTAyMTA1NTlaMCICEQCjiAwjkhVQGS2OI5pB+ytr +Fw0xNDA0MTAyMTA2MzFaMCICEQDrtwrNZxnvS6DH8lUnVKXGFw0xNDA0MTAyMTE3 +MDNaMCECEEis52VjoC2vk1QxlSeD3NoXDTE0MDQxMDIyMjExOFowIgIRAPMaKXYI +Xq6uqdVgJJ4bXTAXDTE0MDQxMDIyNDYzM1owIgIRAPZqulYzcD59dBgG8pNhgoUX +DTE0MDQxMDIzMzEwN1owIgIRALYSw3AnNsZfUYmSIt9kKLgXDTE0MDQxMDIzMzE1 +MlowIQIQNgfPCIc9Y+pBQQp4KL04NhcNMTQwNDEwMjMzMjI3WjAhAhA4q3fx5FAb +fI3BXeiQThfyFw0xNDA0MTAyMzMzMTBaMCECEGd3WD7dr/dwAybwgVDchIwXDTE0 +MDQxMDIzMzQ0N1owIQIQC55vEH+2kG8DCFh+gs0GkhcNMTQwNDEwMjMzNTE1WjAh +AhA1xLsQ4U8xbMRt+S2SmCIKFw0xNDA0MTAyMzM1MzRaMCECEFxm3syAil+4Xf9r +1eYguyIXDTE0MDQxMDIzMzYyMlowIQIQCQTc3aOn41HFsmWMJZWORRcNMTQwNDEw +MjMzNjQ5WjAiAhEA2BRABAUOF0p3rYgxx5tOEhcNMTQwNDEwMjMzNzEzWjAiAhEA +6bfWjy8Qv/fvgs7ZE+pptRcNMTQwNDEwMjMzNzQxWjAiAhEAhvV79sj6l6LRaBr1 +/eUqYhcNMTQwNDEwMjMzODAxWjAhAhBL6cd8EkoYuxXrZBu3PMiXFw0xNDA0MTAy +MzM5MThaMCICEQDXalQqy/B+NHOnPz1gnQqsFw0xNDA0MTAyMzQyMDRaMCICEQCH +UY8+wrBjvJ/TzPkzpU5XFw0xNDA0MTAyMzQyMTdaMCICEQDco9prKBypCtMFDrKq +QFyzFw0xNDA0MTAyMzQyNTlaMCECECfUCAdDdQfew217pYO2PBgXDTE0MDQxMDIz +NDM0OVowIQIQAbWX4K4pB64WgVIWdAV9jRcNMTQwNDEwMjM0NjQzWjAhAhAQmX1K +y49CHsGpUNiX1DA1Fw0xNDA0MTAyMzQ3NDNaMCICEQDlLi9kb6X/wB+DYkULIAZE +Fw0xNDA0MTAyMzQ3NDhaMCICEQDZjLhO7DVr16kSWxfyeDTQFw0xNDA0MTAyMzQ5 +MTFaMCECECUS1RC0L4iBglr44l08BIgXDTE0MDQxMDIzNTAyMVowIgIRAPocGRAD +FsmZSZ0/qHfyWv0XDTE0MDQxMDIzNTEwNlowIQIQFYMD6SQEa/YSLzZLnADCgxcN +MTQwNDEwMjM1MTUwWjAhAhBJkMb4XGfRWE4JFhHRZyuHFw0xNDA0MTAyMzUyMDZa +MCICEQDYXx5EkfAVCjLI57xZ9jbzFw0xNDA0MTAyMzUyMzNaMCECEHOZHKf1kAN2 +qRuLCWSpFwUXDTE0MDQxMDIzNTI0OVowIQIQaJ9crnPtvESX5AC19YXY9RcNMTQw +NDEwMjM1MjU2WjAiAhEA0VRESzP+Mnje8/viSTukBRcNMTQwNDEwMjM1MzM3WjAh +AhBVsz6bK4EczbULYxeT1gHzFw0xNDA0MTAyMzU0NDhaMCICEQDxfQ6ZL4uU+pb4 +2wv1A0qYFw0xNDA0MTAyMzU1MTFaMCECEAeuU08sFkKO/NhgdfXA4CQXDTE0MDQx +MDIzNTUzN1owIgIRANmFCpVrzHaLNQWQ7VaKfPYXDTE0MDQxMDIzNTg0OFowIgIR +APJC006TPDu7VQwumAzPL+gXDTE0MDQxMDIzNTkyN1owIgIRAIje4LD/vr+ESZhI +6zs4SOgXDTE0MDQxMDIzNTk1OFowIQIQBmEuPsl0RIi9ik48BTOMWxcNMTQwNDEx +MDAxNTU4WjAhAhBjLbOz4BOGxXOUpGEJXHv5Fw0xNDA0MTEwMDI3MTZaMCECEAOk +kgp69s+2dmhBYNbhC1IXDTE0MDQxMTAwMzIxMlowIgIRANoBbrAJWMyNclsNrikL +kFQXDTE0MDQxMTAxMDExOVowIQIQAKRD+bdGaEdxr32sajjeGxcNMTQwNDExMDE1 +OTQ5WjAhAhA0/qNXYxfVltXTyglmYFRLFw0xNDA0MTEwMjAzMzRaMCICEQCuo6TY +Ur/MBzI3VEu1s3PkFw0xNDA0MTEwMjQxMzlaMCECEG2DurDd5nzZ7vPASXKqwGAX +DTE0MDQxMTAyNTIwNlowIQIQLA8XXadAMmweu6/fLKPvlBcNMTQwNDExMDMyOTMw +WjAhAhAvPW+1ogeU4DmO7xIga5dGFw0xNDA0MTEwNDAxNTRaMCECEEOLBkoyLjbl +bmI4GLe9X1YXDTE0MDQxMTA0MDE1OVowIQIQeKQWOgzSIFP4CPEeVDclzRcNMTQw +NDExMDQwMjA1WjAhAhAug9RsiOFH0WjpjvfWtv/qFw0xNDA0MTEwNTI2MTBaMCEC +EC1PeeaN4AjDgwhKW3k4qS8XDTE0MDQxMTA2NDEzNlowIQIQT6MGrVNbpyUrzuMy +FB5WAxcNMTQwNDExMDcxMzU5WjAhAhAWEt2eJ8TlsoEGOL3RzSnGFw0xNDA0MTEw +ODExNDVaMCICEQDRy9yn8BqMmsCYlUZLAByXFw0xNDA0MTEwODE5NDZaMCICEQDD +e9s9VL+3xlTmBmZ8QHpbFw0xNDA0MTEwODI1MjVaMCECEFueRXpFPGxBsKAFpG2P +5kcXDTE0MDQxMTA4NTkyOFowIgIRAPyi/f/ZdQsP3l9GtNWh+nwXDTE0MDQxMTA5 +Mjg0MFowIgIRALpGc8ZEojLqI0yWvwJ6CwYXDTE0MDQxMTA5MzQxNVowIgIRAItN +1IowWBV0mh43c6eMJxsXDTE0MDQxMTA5Mzk1MlowIQIQORS4CIou0/ymUQUh0P/e +wRcNMTQwNDExMTAzMTI3WjAiAhEAjE7+uNg4V5KTsOiR/h6lzxcNMTQwNDExMTAz +NjU5WjAhAhAcmkNCmoCRT67Uwgcl1IoBFw0xNDA0MTExMTAxMjVaMCECEDkDkd/X +U4+l1P6iGp5bv18XDTE0MDQxMTExMDE1NFowIQIQcL1YGc9fdtDUVlmd4slqHBcN +MTQwNDExMTEwMjQwWjAiAhEA8NKNQjT6qv5JPHlD443R4RcNMTQwNDExMTEwMzEy +WjAhAhBQ6h7WJtvai9uSv6v2htdWFw0xNDA0MTExMTExMTdaMCECEA8+qLKQtCnz +gWsyP0YCRmEXDTE0MDQxMTExMTE0NVowIgIRAKjHyDVInRN0Tm7eG8rrXNkXDTE0 +MDQxMTExMTIwM1owIgIRAOFe6SlrJoSo0Cu9C4PX440XDTE0MDQxMTExMTIyOFow +IgIRAJ+Pci5LvoYGjY/p6FiiQAoXDTE0MDQxMTExMTI0N1owIQIQJ6rIyehQp9sI +NB793CnVRxcNMTQwNDExMTExMzEwWjAhAhA48nlfxtxeVfVL08wd4MfDFw0xNDA0 +MTExMTEzMzJaMCICEQDnJDwoBi2Zb1UCn4kLAC+hFw0xNDA0MTExMTE0MDJaMCEC +EG+8lv5bgdE2GkZXAVceJZsXDTE0MDQxMTExMTQyNlowIgIRALDSMVn8hQgjfZKJ +It5wmUwXDTE0MDQxMTExMTQ0N1owIgIRAOi81Y2+XMOV7n/agu+9IeYXDTE0MDQx +MTExMTYxNlowIQIQMegtLKyrp9R41fY5et5BZhcNMTQwNDExMTE0NjE4WjAhAhA0 +rvJidS9FbqNMFbYP7wR4Fw0xNDA0MTExMjEyMzNaMCICEQDpzES9fyvUYyBDaZZ4 +hfYpFw0xNDA0MTExMjIzMTBaMCECEHLWC+6Ljbhr3b2tT63QTewXDTE0MDQxMTEy +MjYwM1owIgIRAIksqzHGryH/LS1vlFoq2esXDTE0MDQxMTEyMjc1MFowIQIQRtIb +f1k//KXdmbtrPVX5MhcNMTQwNDExMTI0MDAyWjAiAhEA5jA7HErmfrCeCfxHZD7D +nBcNMTQwNDExMTMwNzUwWjAhAhA9qPraNelY6A+HfqgZGLQoFw0xNDA0MTExMzEx +MjhaMCICEQDQv2wDWSQ5D5VSrI9fgEcIFw0xNDA0MTExMzEyMTJaMCECED1AhzWK +o08fXjPjI2G4qS8XDTE0MDQxMTEzMTQwNlowIQIQHDJ/TlDvH1WQFvphrHUAmBcN +MTQwNDExMTMxODUzWjAhAhBob86QQyEmlv+qPYeWpFxoFw0xNDA0MTExMzIwNTBa +MCECEH0rEAZNOwRoas8VuLK1HpcXDTE0MDQxMTEzMjMwMFowIgIRAJLEn3Om5+pF +t+N+pGYVzCMXDTE0MDQxMTEzMjMwMVowIQIQUpu6G+yR5J7CL8D34KM/qxcNMTQw +NDExMTMyMzA3WjAhAhAN6iNrPlRwQCH+SQzhvhvyFw0xNDA0MTExMzI5MDJaMCEC +EEtjakwYlLSYfe76qXOFR4kXDTE0MDQxMTEzMjkzNVowIgIRAPT22JvmjiLeeCVY +IukhX5EXDTE0MDQxMTEzMzAxN1owIQIQWyZHvALxTy1uy6NuXB6RmxcNMTQwNDEx +MTMzNjIzWjAhAhAj3XBUGadF2+BbKbRyfYB3Fw0xNDA0MTExMzM2NTVaMCICEQDB +z+KtepQ7sNjEjmCmz7dFFw0xNDA0MTExMzM3MDZaMCICEQC4rC3Ye351EqfZ4/6b +bxtOFw0xNDA0MTExMzQxMjdaMCICEQC9v/VgS6HKj2Q4KoOa8/PlFw0xNDA0MTEx +MzQyMzRaMCICEQCY0m8y7j+SGSbxXN53XBR8Fw0xNDA0MTExMzUxNDJaMCICEQDy +OJAw1Ap6V1DbJVfb9TGGFw0xNDA0MTExMzU5MDZaMCICEQDXt0QYEZf/7Afx7N2L +eJI+Fw0xNDA0MTExNDAzMzNaMCICEQDmBFkALHPqvfzyaVPPAO3FFw0xNDA0MTEx +NDA1MzdaMCICEQCBUozI16JAxomH0gcMj7FbFw0xNDA0MTExNDA2NDNaMCECECqV +uj0+ZEeWEHb0tn+N7ucXDTE0MDQxMTE0MDk1OFowIQIQYsk3R9TNpbzD5La+BL8H +SxcNMTQwNDExMTQxMTU1WjAiAhEA8EvDgripo+TOxQeSy9O2nRcNMTQwNDExMTQx +NDA4WjAhAhBuEWlUAFYE9X+kVAw7qAlxFw0xNDA0MTExNDIzNTJaMCECEHwDIhfL +QxitUAytkVSUZ94XDTE0MDQxMTE0MjQ1MlowIQIQE+MAglVlVmpli3senJi/AxcN +MTQwNDExMTQyNjAyWjAhAhBBG89MbraTBFMbe2Wu49aEFw0xNDA0MTExNDI3MDFa +MCICEQCkbmUmrFMFD2avG20cKsT6Fw0xNDA0MTExNDI5MThaMCICEQCjg0jKOxBg +PxC9U126u7kYFw0xNDA0MTExNDI5NDNaMCECEBK54yvxEc/pRQMFcu4ioykXDTE0 +MDQxMTE0MzM1MVowIgIRAPmL/mRhohI+dxmPMvxuJDAXDTE0MDQxMTE0MzY0MFow +IgIRAMZWRzqMac8DiflY3wy+hikXDTE0MDQxMTE0NDAzMVowIgIRAJOzc3wKTFWI +Og4JJqvzbRMXDTE0MDQxMTE0NDA0MVowIgIRAIot2so/466HJFYmYoww8BsXDTE0 +MDQxMTE0NDA1NlowIQIQeLvb1jw0eVs13Sbj2zhMIhcNMTQwNDExMTQ1NTAyWjAi +AhEAsjIWzGXyMW41g/dS9UaccxcNMTQwNDExMTUwNTE5WjAiAhEAu7ML2Hjx+GJL +0cWBTlC9XxcNMTQwNDExMTUwNjA0WjAhAhABBNPBeDzL/CaGUv/k2I2bFw0xNDA0 +MTExNTA2NTlaMCICEQDIHtZEpJvhGxrDAx91f1mRFw0xNDA0MTExNTA5MTNaMCIC +EQDELLHiWnfY+aLJ20mE68x2Fw0xNDA0MTExNTEwMTJaMCICEQCKD60hDNPNiqtR +4xUo8lkGFw0xNDA0MTExNTEwMzBaMCECEDHwTN6S5gXt+w9YrBj3i+wXDTE0MDQx +MTE1MjA0MFowIQIQXqc2QI2GtJ4MeTGi3jrNJhcNMTQwNDExMTUyMTAxWjAiAhEA +iJoPPmn/5AwCHZZPniWOUBcNMTQwNDExMTUyMjM3WjAiAhEA8IEPqnr4BnhsVcDG +7DcNKxcNMTQwNDExMTUyNzU4WjAhAhATt9WboilMPU+nfYRbFpcGFw0xNDA0MTEx +NjA4MTlaMCECECGFCnC7Km09m60zC3pgloUXDTE0MDQxMTE2NDM1MVowIQIQKsTO +XJ1RFob8D3QeyPLe1BcNMTQwNDExMTY1MjQxWjAiAhEAxpwLpfMcnxrOllXBPHw+ +NBcNMTQwNDExMTcwOTA3WjAhAhB3yKCC0qVk8RcUUcB8Zv8GFw0xNDA0MTExNzI5 +MjJaMCICEQDCfbyW/gTbW0o8LJQHMyU4Fw0xNDA0MTExNzMzMDhaMCICEQDxToTi +q9SGBUQK33D6TGo8Fw0xNDA0MTExNzQyNTNaMCECEEOkx3PY/6z8NOSDA3XWsfQX +DTE0MDQxMTE3NDgyNlowIQIQPr9VyTry/eXYi4hxM9xENxcNMTQwNDExMTc0ODUz +WjAiAhEAlbvuoBHxl6607l3uY7uvVhcNMTQwNDExMTc0OTQ3WjAiAhEAt23NTzCU +TLo1/YmJ2il7LRcNMTQwNDExMTc1NTEwWjAiAhEA1D9sQegl+BoyT+ZyVZNX3RcN +MTQwNDExMTgxMjQxWjAhAhBE8L7dkpNq3b2LqglRjrkqFw0xNDA0MTExODEzMzFa +MCECEAe/jYt0g9dd7ceCelDWmEYXDTE0MDQxMTE4MTMzNlowIgIRAKJZhnkBgs8n +8q56Q/VzJDEXDTE0MDQxMTE4MTYyOFowIQIQESFDYjdhXdhFo//eUgH5ahcNMTQw +NDExMTgyNjE4WjAhAhBS8H8HuIaGUNgBKGfkMGrCFw0xNDA0MTExODI2MzdaMCEC +ECcanlcQr/AAinBo8FW5k9AXDTE0MDQxMTE4MjY1MFowIgIRAJAPTcITrX65WxZm +7ThzB8QXDTE0MDQxMTE4MjgxMVowIQIQV+8Seuz6vZheF4c7WUGGcxcNMTQwNDEx +MTg0MjI3WjAiAhEAqb0TOvn3VQO9CtqZtbOA1BcNMTQwNDExMTg0MjU2WjAiAhEA +j23bN7J+wxK+7zQM+Q4QGRcNMTQwNDExMTg0MzQwWjAiAhEAvU5FuBUMNyVFC6w4 +h97mzRcNMTQwNDExMTg0NDA4WjAhAhAJFdoGuO4Vk2pw0o8rUYFTFw0xNDA0MTEx +ODQ0NDRaMCECEGSLb7zqCKh7QY9dj4bpts0XDTE0MDQxMTE4NDYxMVowIgIRAPdT +n4NTbIEYqh8ox98tY7cXDTE0MDQxMTE4NDc1MVowIQIQJ+nHTRpH/CX/dUJGfb0F +mBcNMTQwNDExMTkzMzQ5WjAhAhAl6C2v01TNwblcCvUYTrxzFw0xNDA0MTExOTMz +NThaMCACDy7qgd8dyMjPgMkYhP8mtBcNMTQwNDExMTkzNDU1WjAhAhAfz0Yng6tU +Tt9v0aDvEpSkFw0xNDA0MTEyMDI5NDdaMCICEQDm6R1oshL6VU+Hjc8au7v/Fw0x +NDA0MTEyMDI5NThaMCECEF/xzC5aIvWWc34WB3AhHDMXDTE0MDQxMTIwMzAxM1ow +IgIRAIlWbI5cXdjxcRQqoINZLyoXDTE0MDQxMTIwMzAyOFowIgIRALaG116Av29h +24vSknkMmTcXDTE0MDQxMTIwMzA0MlowIQIQTHLi6c4ZOyVQvtE1OASvxhcNMTQw +NDExMjAzODI4WjAiAhEAitlc9UjGA03NIYoCenE5eBcNMTQwNDExMjAzODMzWjAi +AhEAnhUUzTnouauoecjsQS15MBcNMTQwNDExMjA0NTMwWjAhAhA0Ci+69lTnI4B7 +dS1TfXLqFw0xNDA0MTEyMDU5NDVaMCECEG1KmAY0FYeZoX8i7msbDR8XDTE0MDQx +MTIxMTgwM1owIQIQBMFtlRz2tC+D5U4Dal8KIxcNMTQwNDExMjExODM2WjAiAhEA +67aZ05opvG0APZkozWkYjBcNMTQwNDExMjExODQwWjAiAhEApq4fSI2NvtEdepk7 +WRsqfRcNMTQwNDExMjEyMzMyWjAhAhBoOXqcbvbdqdsZjQbkSzTuFw0xNDA0MTEy +MTI4MzZaMCECEG16/YT2clFp4Pc5yBDa22sXDTE0MDQxMTIxMzI0NVowIgIRALYT +0J73LA/hjewAS+CJEP8XDTE0MDQxMTIxMzgxMlowIgIRAKrUe46DTFgbSFu8OSCI +QAMXDTE0MDQxMTIxNDIwMVowIQIQf23AoukoNeLsMad/Su5m1BcNMTQwNDExMjE0 +NTA3WjAhAhBZVFgbnkLQZW6h9GzIt2XXFw0xNDA0MTEyMTQ1NDVaMCECEE2n1374 +0rngmNjt8jF8exUXDTE0MDQxMTIxNTY1N1owIgIRALRKCwYay/oldQl17U8CUngX +DTE0MDQxMTIyMTgyN1owIQIQAyd5r4YRHr/Brr6mHpohdRcNMTQwNDEyMDAyNjQy +WjAhAhB5UeK3fSyo4IepFDzHem/AFw0xNDA0MTIwMDM5NDZaMCECEEBb5Ovf2UZv +65lcK4LGGZYXDTE0MDQxMjAyMTEwMVowIgIRAIVxmmyLcP90m9qrHZJVPGgXDTE0 +MDQxMjA4MTEyOVowIQIQH7KV57tD8IZ0hSUv91btPhcNMTQwNDEyMDg0MzI1WjAi +AhEA+mM9NmkXVBTffSXPnPSZ3xcNMTQwNDEyMDkwNTE1WjAhAhAwbXupbQoOKh8D +sS1Eo0DtFw0xNDA0MTIxMDA4NTdaMCECEFPmRRqE9DHGoM3NFnIb1qwXDTE0MDQx +MjE1NDk1OVowIgIRAJN3DIrh7E49vfnawk2jWNEXDTE0MDQxMjE3MTMwNFowIQIQ +O3QmETPJO0ysATmdvWH3ARcNMTQwNDEyMTcxMzA1WjAiAhEAxnqmQHJ17HM1Pz5q +iiBSBhcNMTQwNDEyMTcxMzA3WjAhAhB4H2twmUwzwbyMOkhl1G6qFw0xNDA0MTIx +NzEzMDdaMCICEQCrDozUWQSuWOBnmiFvChBGFw0xNDA0MTIxNzEzMDdaMCECEET7 +8u9lmvTXwBy+QHcLN7oXDTE0MDQxMjE3MTgxMlowIgIRAOX2kP0yIJYtjJqjGo+H +SBQXDTE0MDQxMjE3MzAzMlowIQIQN+SktBZ5oCFOMb/oVGsZ7BcNMTQwNDEyMTgw +MTIwWjAiAhEAsS1ia9c4P0NAgzeRzuTFWxcNMTQwNDEyMjMxODQ3WjAhAhAyWZ8W +ds0FDXy9qhe4G/nAFw0xNDA0MTMwMzM5NDRaMCICEQDMLBHSr24ReJa/FGL5cTVy +Fw0xNDA0MTMwMzM5NTFaMCECEDR/wxd29AS1+mAAMNi+FCEXDTE0MDQxMzA2MTMw +NlowIgIRAJ+sGn7jhv0De8TdJDY3HOoXDTE0MDQxMzE0NDAyNlowIQIQc0QXeuNY +OGL5AQ074BacphcNMTQwNDEzMTYxNTUzWjAiAhEAiyybhpGZYzZhfIPBNeHCixcN +MTQwNDEzMTcwNDMzWjAiAhEAtqj8680xTGT1gTEp7HhKXBcNMTQwNDEzMTcxMzA0 +WjAiAhEA0zJIvu85j7nO3n23GCdw/BcNMTQwNDEzMTcxMzA0WjAhAhA/1yL11C0y +JL+/VggiXjHRFw0xNDA0MTMxNzEzMDVaMCICEQCe3SjWnDqZmL2CWRXphljvFw0x +NDA0MTMxNzM5MDNaMCECEHAFZsTCs4RU/x3TDVk5OVgXDTE0MDQxMzE4MDU0M1ow +IgIRAIb9QfcATjTS64+GjpgQNUUXDTE0MDQxMzE4MDYyNVowIQIQCagpDOyWH1bp +1m0mQ41cchcNMTQwNDEzMTk0NjU0WjAiAhEAs0uiy1Dk1cI2curqHeIFLBcNMTQw +NDEzMjA1MzM5WjAiAhEAgVjM2zjgpIqFGVurexNHAxcNMTQwNDEzMjMzMTE1WjAi +AhEA7lNIj7K/6jTeTw4wS2P3lBcNMTQwNDE0MDEwMDE4WjAiAhEAmGIkNE7XIBoY +HHl7BDJMohcNMTQwNDE0MDExODI4WjAiAhEAne1h51AT8iAMc1iW44budhcNMTQw +NDE0MDM0MjA4WjAiAhEAnakh2xQ/wpCQzPpbmmP8ehcNMTQwNDE0MDM0MjM5WjAi +AhEA/RtV7GWM32Kw6gI0fY6UMRcNMTQwNDE0MDQyMDI4WjAiAhEAow0DLuRrLC2r +rmtP5VAG0hcNMTQwNDE0MDcxMjM3WjAhAhBx5N7n5MZmHUjUwXqAROlRFw0xNDA0 +MTQwNzQ1MDZaMCICEQDPVHyFLnQjAB0hO6TKFwUVFw0xNDA0MTQwODQ5MjJaMCIC +EQD1x94Mf5e2YYzvGvpujPW1Fw0xNDA0MTQwODQ5NTZaMCECEApl+iKrImurS/Dt +xpnrUJ0XDTE0MDQxNDA4NTIwMVowIgIRAK0y8WWo4layyLDjXVPDoxMXDTE0MDQx +NDA4NTI0OFowIQIQSg99eQ/xiy91epDgHe3eeBcNMTQwNDE0MDkwODE3WjAhAhAq +r8orhO8O15ZIrcCLEF6HFw0xNDA0MTQwOTEyMjFaMCICEQCDX07hnaZ0XG2gOLow +LFv3Fw0xNDA0MTQwOTUxMDlaMCECEDOHsqJhfBLTsdBmnZTxrnYXDTE0MDQxNDA5 +NTIyN1owIgIRAL3Fk6v/TTtu7dGbmuhJfx0XDTE0MDQxNDEwMDAxMVowIQIQI47C +lOgIbUyIBOFsP+gpeRcNMTQwNDE0MTAxNjUxWjAhAhAUk7pDqmiofVeke9G4CdOP +Fw0xNDA0MTQxMTE1NDZaMCICEQCsedIstlfeZzvFxQuLjTVyFw0xNDA0MTQxMTE5 +MzlaMCECEGpYX7yl4DxFRssWa6EtRxgXDTE0MDQxNDExMzM0OFowIgIRAI7KaJ7f +msEuyfNwPF34pUsXDTE0MDQxNDExMzQwOFowIQIQcB/C0wVBKQOsZ8R9OSrI8xcN +MTQwNDE0MTE0NTUyWjAhAhBv/LqBUjZDVIb908ea53HaFw0xNDA0MTQxMTQ1NTla +MCICEQDXpTYWHrz5Jk9dbuAiMLIeFw0xNDA0MTQxMTQ2MDVaMCICEQCi8Cuwjj/O +f7qihY/zmLP0Fw0xNDA0MTQxMTQ2MTFaMCECECEUZCG4Yj2prx+9tVi+QekXDTE0 +MDQxNDExNTEwOVowIgIRAJjDRZyq3kGqrCWFmMo90BgXDTE0MDQxNDExNTExOVow +IQIQKofYhYKoK9krStgmuOjd8BcNMTQwNDE0MTE1MTI2WjAiAhEAn9bX7gU34uUj +2OWtu3kM+xcNMTQwNDE0MTE1MzMxWjAhAhAIqB26CZKk+/uFC58FPqI6Fw0xNDA0 +MTQxMTU0MDZaMCECEE8ksOyEwif4uU6HkNk5u/YXDTE0MDQxNDEyMjIyMFowIgIR +AOZEsNZkucx7/S3pde6unuMXDTE0MDQxNDEyMjk0NVowIgIRAMq2P7HFWbj1WO95 +jjGE2EoXDTE0MDQxNDEyMjk1MlowIQIQDEbmOlK6OmtVWmmMLmYvHRcNMTQwNDE0 +MTMwODU2WjAiAhEAq9PSxV3cdlgp1qJTzqoeKxcNMTQwNDE0MTMxNTIwWjAiAhEA +1hZbeRNIGsMxPz4UZPecnBcNMTQwNDE0MTMxOTE5WjAiAhEAiqREWTeMHzo85IPN +RMajbBcNMTQwNDE0MTMxOTIyWjAiAhEAgAnvFbAsFurSNDQRIwR5WhcNMTQwNDE0 +MTMxOTU3WjAiAhEAsHVTOzAtQAh375Fh16NS7hcNMTQwNDE0MTMyMDMzWjAiAhEA +k1t8Fq8J5KORyLVoIO3gCxcNMTQwNDE0MTMyMDQ1WjAhAhAYvlEzqmf5yEfCSMmg +mtmrFw0xNDA0MTQxMzIwNTZaMCICEQCMAaP3nH99oPK8tr3GFfw8Fw0xNDA0MTQx +MzIxMTBaMCECEB1KgMzvF+4mcvLgbBGkbJ0XDTE0MDQxNDEzMjExNFowIQIQFTCO +isUPIVcimQG8+ieG/BcNMTQwNDE0MTMyMjI0WjAhAhBWngh+Bhbdm3QvDLK/DW4N +Fw0xNDA0MTQxMzIyMzVaMCICEQDeNA4j62vkb3DchTTDuae3Fw0xNDA0MTQxMzI1 +MDJaMCECECxO1JUIk3xXetnd4ikHCOcXDTE0MDQxNDEzMjY0NVowIgIRAOjQwdUu +ptxDO5+8Ic3aaHgXDTE0MDQxNDEzMjY1OVowIQIQC0/4EmYNYa4u9rwCo5nEChcN +MTQwNDE0MTMyNzEwWjAiAhEAkQ90QspMAUZE/y2JJOhetxcNMTQwNDE0MTMyNzE2 +WjAiAhEAtAC3XFe+h/o7NvZjVer/mBcNMTQwNDE0MTMzMDI3WjAiAhEAhU1EfiIp +ogKXd4A/BBhIghcNMTQwNDE0MTMzMDM3WjAiAhEAiaJK7t4kKD6nHVPSSpaNFxcN +MTQwNDE0MTMzMDU0WjAiAhEAi7ff6p+br6Zt1MsiI5d2eRcNMTQwNDE0MTMzMTA0 +WjAiAhEAgB76QUNbjbv4RjdYk6UbnRcNMTQwNDE0MTM0MzAzWjAhAhBV3DNg3R8e +j0InliJL6YawFw0xNDA0MTQxMzQzMTBaMCICEQDLNQH+G3Xl5xNeFn6BI2N8Fw0x +NDA0MTQxMzQ3NDhaMCICEQCLbEy55sDNF7HS2i5DVamZFw0xNDA0MTQxMzQ4MTBa +MCICEQDEQfxNY5uiWY5cy5/eTfdbFw0xNDA0MTQxNDA0MzBaMCECEHg7xzitnXOF +fzlh9JsNrwwXDTE0MDQxNDE0MDk0MVowIgIRALI0hWzNk7d25f4tTftz7CgXDTE0 +MDQxNDE0MDk0NVowIQIQNHmPi9dXxycB8dXd1PimwhcNMTQwNDE0MTQwOTQ3WjAi +AhEA0lo41X7Fy+xQ9BiLbIT4JxcNMTQwNDE0MTQwOTUwWjAhAhAktZdmDammvcpS +tQcKJwBlFw0xNDA0MTQxNDA5NTNaMCICEQDWaV1iAnFyjb/8nj21lHQaFw0xNDA0 +MTQxNDA5NTZaMCECEHPA4j5RIHtVflRYMX8wYp4XDTE0MDQxNDE0MDk1OVowIQIQ +XxwwbbAmdbIWdMU42m3aMxcNMTQwNDE0MTQxMzEwWjAiAhEA4MZvByGxomgrD81a +aOJ/2xcNMTQwNDE0MTQxMzI3WjAhAhBTU5lyOa1gBi/lYedjiNwdFw0xNDA0MTQx +NDIxNTFaMCECEBXw3D2uVGPcDYs7RYPZJC0XDTE0MDQxNDE0MzQyOVowIQIQARg+ +o4PYuP/PPBZZT0BD0BcNMTQwNDE0MTQzNTIxWjAhAhAHpRQhIlFAJlX4w5lw0w4W +Fw0xNDA0MTQxNTA5MjNaMCICEQCONAcG/P43l4znhSrWW+19Fw0xNDA0MTQxNTIy +NDJaMCECEHhSpxQ8FdWqxwCKA4W5bDAXDTE0MDQxNDE1MzQyOFowIgIRAPEnpy+p +vO4qbn49BiG/bL0XDTE0MDQxNDE1MzUyOVowIQIQcxdmJBy6t52yNeQqiCKnlRcN +MTQwNDE0MTUzNTM0WjAiAhEArNthfyUVaNEIhaO1r+Ne7RcNMTQwNDE0MTUzNTQ2 +WjAiAhEA7tWHYGZR35NjbEo4PndR7hcNMTQwNDE0MTUzNjA5WjAiAhEAhPoWsTGi +O+o5z5gzZ35SoBcNMTQwNDE0MTYxMTQ4WjAiAhEAv8N4kKa3Lb0pBOGCBtFVBhcN +MTQwNDE0MTYxMjEyWjAiAhEAn5KR/NVOMlV77t1PzsvpoBcNMTQwNDE0MTYyMDMw +WjAiAhEAikDcsG9MECTk95ObfvfSBhcNMTQwNDE0MTYyMTA2WjAhAhB+EJyxIkx/ +crYWlVHJKQ5RFw0xNDA0MTQxNjIyMDhaMCECECokFUGiGLgU9JlH2bdaUvsXDTE0 +MDQxNDE2MjMwNFowIQIQHH7rgTb9oqTXDiNzBbSonxcNMTQwNDE0MTYyMzA5WjAh +AhBmBK52jeqGRSDJlQAelJECFw0xNDA0MTQxNjI1MTlaMCICEQCtukffmeIwqOz8 +QErlsSWuFw0xNDA0MTQxNjI1NDJaMCECECiTv4d6Cr+ZSobYBN5mUJEXDTE0MDQx +NDE2MzEzOFowIgIRALOkGxpN/r0k9/c8ZSeLvXgXDTE0MDQxNDE2MzYyMVowIQIQ +TJpUlBLVGMZFqOwcHtpcqRcNMTQwNDE0MTcwMjU3WjAiAhEA+THJhdGTrHwLhxoH +78XiQBcNMTQwNDE0MTcwNjU5WjAhAhBjVNGMWCYkzNIO0M2nKTThFw0xNDA0MTQx +NzMwNTVaMCICEQDi3JjL/zKWqMNYyBtWLlnRFw0xNDA0MTQxODIwMzlaMCICEQCP +t9iqsWJqrNWBPiBL50+4Fw0xNDA0MTQxODIxNTZaMCECEGaiHy4Xf+9eglFaeIP6 +nw4XDTE0MDQxNDE4MjI1OVowIgIRANuR06vfOf/SsMcNpkFYlIwXDTE0MDQxNDE4 +NTEzMFowIQIQA5B4H7ZXb/qrhfEewe8L/BcNMTQwNDE0MTg1MjA0WjAhAhAVUDaA +MkxPUb4Df0S2ArL8Fw0xNDA0MTQxODU0NDZaMCECEGRmgMNC1aG1p+Wf3tixi2wX +DTE0MDQxNDE5MTQwM1owIQIQWax+cyBxxNTyS6oFduqWZBcNMTQwNDE0MTkyMDUy +WjAhAhBOYPaaYvWTumtnadffi/k2Fw0xNDA0MTQxOTUxNTJaMCICEQDe22HrqP6T +99ChNR56YV7EFw0xNDA0MTQxOTUxNThaMCECEEmkUQXtLCC/+4tQnKZKDbcXDTE0 +MDQxNDE5NTgyM1owIQIQF+UFn729NeCPovalLb4bwhcNMTQwNDE0MjA1MTQ1WjAh +AhBR+q81XbDH2TIUILCF0kShFw0xNDA0MTQyMDUzMDhaMCICEQD++uaq1CbLjbL0 +7nKr/q+MFw0xNDA0MTQyMDU1MjZaMCICEQCuNnbcbhAS3p3u1Pbz+P1SFw0xNDA0 +MTQyMDU2MDdaMCICEQC9A825Fg/l5HpyFzG6PSIPFw0xNDA0MTQyMDU5MzVaMCIC +EQCAIVVFAkPE1XNmHHhj7ihgFw0xNDA0MTQyMTAzMzlaMCICEQDm/AY6s0irhegB +ID65pyoBFw0xNDA0MTQyMTA5MTBaMCECEEYGficIqLvcOUqylUhEGYAXDTE0MDQx +NDIxMTUzMlowIQIQY3VI4667ZLCdJl4xz7/DExcNMTQwNDE0MjEyNzQ4WjAhAhBv +25uU3ep1iSAzEfMxRSK/Fw0xNDA0MTQyMjAwNDBaMCECEC+mz/LH8Im+IgoApV58 +8/cXDTE0MDQxNDIyMzA1M1owIgIRAO7jayO46tmuygYYzTgBI+EXDTE0MDQxNDIy +MzczM1owIgIRAOV2xO8XuNncpRp4LrNTpNwXDTE0MDQxNDIzMzE0OFowIQIQIo1y +ilNeizyg+Wd8f9UcvhcNMTQwNDE1MDQzNTE3WjAhAhAC8fknUOPikac48NcXIfaJ +Fw0xNDA0MTUwNjIyNDJaMCICEQCXBRFkh8N+Ho81UnZGDWRFFw0xNDA0MTUwNjU5 +NDBaMCICEQCHVrl/mECuRWCgfLMaXF0oFw0xNDA0MTUwNzIyNTFaMCICEQCTgQkn +Hlzc5JQk79ZJN/ZmFw0xNDA0MTUwNzIzMTZaMCECEEZWhHJ/qkyMz49fLMbSXuAX +DTE0MDQxNTA3MjMzN1owIgIRALbDMYXJjKqh/JooJpaWxKAXDTE0MDQxNTA3NDU1 +N1owIgIRAPXoDjGzkBdw/7rY7LbA4lAXDTE0MDQxNTA4MzYxNVowIgIRAIgxcnTT +hNUhSlyCZYwgvwAXDTE0MDQxNTA5MDEwMVowIgIRAOJEt2/LCtj94Xe3wIxJfbsX +DTE0MDQxNTA5MTUxMFowIgIRAK90QDP7pm/cdX3WCEQLGG8XDTE0MDQxNTEyMDE0 +M1owIQIQY9PeKZ96PtwX/h5MPuRdAhcNMTQwNDE1MTIxMjM2WjAiAhEAkwGDL/Qr +8eWEBJScVQpWHhcNMTQwNDE1MTIyNzQ5WjAhAhA0lEBOWpZQq1an+dfV9ShqFw0x +NDA0MTUxMjI5NTVaMCICEQCmn6ba/ED8o7/HBi533otSFw0xNDA0MTUxMjM2NDla +MCECEDtrK686wM0pgVGSF+L7aLQXDTE0MDQxNTEyNDcxMlowIgIRAOhGcAegN56Z +WXPcaNuZQQ0XDTE0MDQxNTEyNTQzOVowIQIQSXTZqosJYX+B5ShjqWMq8RcNMTQw +NDE1MTMyMzI5WjAhAhA99cNe5fZ7hw1gmDbyDiy4Fw0xNDA0MTUxMzUzNThaMCEC +EGbAJB5iglwnTsUPCrCwUq0XDTE0MDQxNTE0MTEyN1owIgIRAObuVFprymcNqaDT +6AErGFEXDTE0MDQxNTE0MTY1NVowIQIQPclclOFpqEsaI9kZPwv/AxcNMTQwNDE1 +MTQxNzA0WjAiAhEAu8OtAKU7PLMsH8koviNBSxcNMTQwNDE1MTQ0NzE5WjAiAhEA +msILVYY+03H6/CUspCUE8hcNMTQwNDE1MTQ1MjE0WjAiAhEAtvNhimyhih0WGC10 +87YHZhcNMTQwNDE1MTUwMzQzWjAiAhEA7NH9d7dIEuUf1+enBvIH3BcNMTQwNDE1 +MTUwNTUwWjAhAhAyrUo//OVf6fanB4vU0+KuFw0xNDA0MTUxNTA3NTZaMCECEGbx +Axa2ObKO+hIJl5xHVJUXDTE0MDQxNTE1MDg0MlowIgIRAJrJ6m7yzadqAH3kymee +2ZMXDTE0MDQxNTE1MTAxM1owIgIRAMj5JApXn6svQQ1eYC6aSekXDTE0MDQxNTE1 +MTIxM1owIgIRAMt75iczzwu3ctnDdlgfjacXDTE0MDQxNTE1MjMyNFowIQIQGogb +EdxcUbEC1qao/omb6hcNMTQwNDE1MTUyMzM3WjAiAhEA9sekKfvyktXQ8eVd+Srz ++xcNMTQwNDE1MTUzNjE0WjAiAhEApNYSyuCLVQGhwkHOrwp6HRcNMTQwNDE1MTU0 +NTA0WjAhAhBMsi6we8kQbMhAuV0wZXM9Fw0xNDA0MTUxNTQ5MDhaMCICEQCtAMER +vVLwPltYam3FTq5iFw0xNDA0MTUxNTUwNTFaMCECEBqScnsInkqMEuLQ7o8+U4oX +DTE0MDQxNTE1NTEwMlowIgIRAPJFkbC24G1gnYzgZUzBCXEXDTE0MDQxNTE1NTIw +N1owIgIRAJRHfjHsqIJEcCoFFFfnCSUXDTE0MDQxNTE1NTI0MFowIgIRAKVuAbKD +yD0q4S2lE3ZNSt0XDTE0MDQxNTE1NTI1N1owIQIQNtmL2uMg8VCQZlkPNhYXoRcN +MTQwNDE1MTYxMTI2WjAhAhAKVuslN9EnWhTETW97HPHaFw0xNDA0MTUxNjIxNDRa +MCICEQDxwQBpgOP4Ir/0SjYkYS+tFw0xNDA0MTUxNzAwMThaMCICEQCuNyQs5Fkc +/BDrAduFWOhpFw0xNDA0MTUxNzEzMDJaMCECEEqItpiqXP3vH4icIIoPYY4XDTE0 +MDQxNTE3MTQzN1owIQIQQ0A0e1fvAN0VZSgALsj5xhcNMTQwNDE1MTcyOTU4WjAh +AhB4OeAMVN/GJS/QOjyyPBhhFw0xNDA0MTUxNzMwMDZaMCECEDVIkTnMIaaGnRNd +8J5AZK0XDTE0MDQxNTE3NDcyMlowIgIRAK0u4SaALlOOi6/hu8r8wXIXDTE0MDQx +NTE3NDc1MlowIQIQDJtLLFdPCjs+Nz613H3vxBcNMTQwNDE1MTc0ODAwWjAhAhBz +wwAq6jG+YHbCjKga9+MUFw0xNDA0MTUxNzQ4MjhaMCECEDBvfQ0DhctrvmovYTSm +4gwXDTE0MDQxNTE3NDg1MlowIgIRAIlTHKLcIcOjtX8AerUAAGIXDTE0MDQxNTE4 +MDg0MFowIQIQRNskOoEDxgtSChV0vq/NJBcNMTQwNDE1MTgxMjE3WjAiAhEA+ddC +VFuyn6jQzkHQRJXKGhcNMTQwNDE1MTgyNjA4WjAhAhBo4QDvqnWI0REVn3JwJyNL +Fw0xNDA0MTUxODI5MDJaMCICEQDVH/+GxSQslNGq8OoxjiT2Fw0xNDA0MTUxODMx +NDJaMCICEQDuIPVG6pykh6JZIKlNNDtpFw0xNDA0MTUxODM5MjRaMCECEE9I6DTk +MU6Yyzhhjv2BU4EXDTE0MDQxNTE5MTczMlowIQIQdCgfpw3SvbCKkiXopxN2BxcN +MTQwNDE1MTkxOTQxWjAiAhEAhySTofPZpWaREzdfaYsowBcNMTQwNDE1MTkyNjIw +WjAiAhEA7d99yTxxS9kA93O2AwBekRcNMTQwNDE1MTkzMTE0WjAiAhEAgaPeTt3G +i0PYh8kLXjJk6hcNMTQwNDE1MTk0NzA2WjAiAhEA0vlX69zkxT99MkoNnzkV3BcN +MTQwNDE1MTk1NzU1WjAiAhEApWXP5aWkIiW7mQeegJtvcRcNMTQwNDE1MjAxODU2 +WjAiAhEAluKztj5/+e/AYDfR81H2KBcNMTQwNDE1MjAyMTM4WjAhAhBXED3ZpI8F +qwNmqqY9S7sjFw0xNDA0MTUyMDMxNTdaMCECECVHRldsI8Iv3TwYjeWrOeQXDTE0 +MDQxNTIwNDUyMVowIgIRAMzLnDTZmQYzxGVxRMBEEigXDTE0MDQxNTIwNDYyNFow +IQIQD/ztkp9cblaoDEJCTLvI6RcNMTQwNDE1MjEzNjAwWjAhAhBGsDSBj5WgwrQf +nRbh8TukFw0xNDA0MTUyMjAxNDZaMCICEQC9X/xSEYvChqAzGSCrWcocFw0xNDA0 +MTUyMzAxNThaMCECEASiq2AFeaCk8lJIKC2H81UXDTE0MDQxNTIzMTUzMVowIgIR +AOJjSFK4qwm5/TPfTOMsFIMXDTE0MDQxNjA2MzUxOFowIgIRAIhncYADiTqXuUrg +/JBvSFoXDTE0MDQxNjA3MzMwM1owIQIQPlk7owm9qgErFNcBGU8X5RcNMTQwNDE2 +MDczMzA4WjAhAhAHbCOm3gUDlZHXBVT4eubfFw0xNDA0MTYwNzM0MTdaMCECEF4g +NfyVlkNuZx0s/W7/294XDTE0MDQxNjA3MzQ1NFowIQIQFVltHrTNgKbUioYQ9O4l +YRcNMTQwNDE2MDc0MzExWjAiAhEA7EassLiDOhc9HXu75JVZYRcNMTQwNDE2MDc0 +OTAyWjAhAhBX8n9jsa6uApCntP3VkDIFFw0xNDA0MTYwODQzNTZaMCICEQDyoxXp +aXszafLqy65f/gi4Fw0xNDA0MTYxMDE0NDJaMCICEQDA/MqpR2H2Y0UjCacqkKtB +Fw0xNDA0MTYxMDE1MDJaMCECEEJtsaGOO4rzaqP1W62KR6wXDTE0MDQxNjEwMjAx +NVowIgIRAORuNwlhtvzkCNjrOIE3sroXDTE0MDQxNjEwNTU1MFowIgIRAPeVxyVD +BtcKDj9aAhjcsyIXDTE0MDQxNjExMDQ1NlowIQIQfr3+ImlI0BOydp5JrYcTzhcN +MTQwNDE2MTEwNTI5WjAhAhBOtBobCHW89p05z0tN/P1pFw0xNDA0MTYxMTA1NDVa +MCICEQCEyXLdbWx2JSguylp7JjdSFw0xNDA0MTYxMTIzMDhaMCECEH80x0Hvr9l7 +6x6OTF2gQeUXDTE0MDQxNjExMjM1MVowIgIRAL7L104e786IkGphpflfUyAXDTE0 +MDQxNjExMjQyMFowIQIQSou3rnzR/iCcPsz8hX+huxcNMTQwNDE2MTEyNDU3WjAh +AhARwg1ADlDK0WrEz89TsQCXFw0xNDA0MTYxMTI1MzJaMCECEGMwf5MBhF/0R/gC +56MCRLUXDTE0MDQxNjExMjYxNFowIgIRAJJMNC51Mza0l2E7wHYpZHAXDTE0MDQx +NjExMjcwMVowIgIRAP719/tFTImn/GXTSm21R4UXDTE0MDQxNjExMjc0NlowIgIR +AIil/LLpuT6PpZr0blSk/XMXDTE0MDQxNjExMjgxNlowIgIRANtGqj4FMOx3pSjL +9W+/SFsXDTE0MDQxNjExMjg0N1owIQIQX0j83kQGAlnqa9p0onpvmxcNMTQwNDE2 +MTEyOTE5WjAiAhEA6a2h+lSPHQaxC3H23PSRHBcNMTQwNDE2MTEzMDI1WjAiAhEA +zXkiV5nyxf6/zjmoyI6bFhcNMTQwNDE2MTEzMDUzWjAhAhBXrSYR0jK+qZ5Sfrg+ +mjxtFw0xNDA0MTYxMTMxMjNaMCICEQCBMeMoNiTSSxIKPKMSRPgzFw0xNDA0MTYx +MTM1MzRaMCICEQDTEJ8csJ98ms1iyudNianuFw0xNDA0MTYxMjUxNTZaMCECEGRx +QQRVQ511HCXmKCmd4qUXDTE0MDQxNjEyNTIzN1owIQIQKZ+sf4CnLclnbvtSUovv +IxcNMTQwNDE2MTI1NjIwWjAiAhEAx1kl/vMWQmxndmfvHnGO0RcNMTQwNDE2MTMw +MzE2WjAhAhAe2i0oVk/KnUjs/8k86ntVFw0xNDA0MTYxMzA0MDZaMCECEBEVckzl +8JcnAP9DNqdU028XDTE0MDQxNjEzMDcxMFowIQIQVidIFOcSp1KOzyUR8mLqLxcN +MTQwNDE2MTMwNzI3WjAhAhAT92CtdEYIrj/WzdYS6nE2Fw0xNDA0MTYxMzA3NTda +MCICEQCZK8Gn0wqY1Yh9pMvKVvozFw0xNDA0MTYxMzQwMzRaMCECEGInpBRpXIbW +I80JJZGzDoIXDTE0MDQxNjEzNTAwN1owIgIRAMztdsHPGw4fQSGKCG9NjqcXDTE0 +MDQxNjEzNTQ0N1owIQIQWJj8upG2Z3K/x+VsboVwihcNMTQwNDE2MTM1NTMwWjAi +AhEAoZ4TLOQY1xIdoDi1dlrbrRcNMTQwNDE2MTQyOTIwWjAgAg8jRMiZSgGiW8SG +JeyIOdkXDTE0MDQxNjE0NDY0N1owIQIQUYe4AN8KiyQcC1iK+RwlvBcNMTQwNDE2 +MTQ0NzEyWjAhAhBKJXnWr6o+yi6JS1/hR6osFw0xNDA0MTYxNTE3MTJaMCECEHBM +D5VVCd7liGHJGMYtt2sXDTE0MDQxNjE2MDIwMFowIQIQE6uX17Q/88R2yk3ppZ+V +vBcNMTQwNDE2MTYxMTA2WjAiAhEA3blOeOWDlovlJIOTpLBaSxcNMTQwNDE2MTYx +MTM2WjAhAhBdChnBcfkDpxj5wBY1wkrIFw0xNDA0MTYxNjExMzlaMCICEQDPvZ3s +/G6NUDQtMxWJR3DzFw0xNDA0MTYxNjI0MzVaMCECEGJEMyyKByQmEGEPnH8flUUX +DTE0MDQxNjE2NDE1N1owIQIQTrHAWFd/tiPA8vJ2x16YQxcNMTQwNDE2MTY1NDQ2 +WjAiAhEAsFusjI8wzZaWhI0RtlGKRRcNMTQwNDE2MTY1NjE3WjAhAhB63yoc/pP5 +7SaF5XH1SPX4Fw0xNDA0MTYxNzAzMzdaMCECEEucEujnxW0R22Dd9HfpAnoXDTE0 +MDQxNjE3MDUxM1owIQIQOet810KebDEEQOOgxC/zyRcNMTQwNDE2MTcxMDQzWjAh +AhBzpUxJmaE1rTvcds9SzdDwFw0xNDA0MTYxNzEzMDNaMCECEFy38BuBJblnX/J2 +J7UcFk4XDTE0MDQxNjE3MTMwM1owIQIQfBu/82fBVM0nzUxRqbYxMxcNMTQwNDE2 +MTczMDQ4WjAiAhEAtaagdOJrNHQliDVQd6NYfhcNMTQwNDE2MTc0NjA4WjAhAhAU +iy2u6BrUq8PT2loC2nBsFw0xNDA0MTYxNzQ2MTFaMCECEFSpazQRIJSJbwGR8Eeh +dG4XDTE0MDQxNjE4MTIzNVowIgIRAI5IHe9NPJHHUe/NilueGBUXDTE0MDQxNjE4 +MTYyOFowIQIQbvBXdN8dp0BYqYkVmfO61hcNMTQwNDE2MTgyNTM0WjAiAhEAsYHn +38CJaDGDZNnm2dYxBBcNMTQwNDE2MTgyODIzWjAiAhEA4bO1gil41kwN3kv58/ul +DRcNMTQwNDE2MTgyODQwWjAhAhBx5ycLQ11cwcZCxZAIWNNGFw0xNDA0MTYxODI4 +NThaMCICEQDrLd2UQ/wSfsRk34CbrhrHFw0xNDA0MTYxODI5MTdaMCICEQDP7e/k +Vhp71qIGsEpq8yJGFw0xNDA0MTYxODI5MzZaMCECEG+FBOZT8pYD9RRG0/kGNHsX +DTE0MDQxNjE4Mjk1NlowIQIQIbNdIuASKpl5DUEyD1RWHRcNMTQwNDE2MTgzMTE4 +WjAhAhAtTRF7Xnnx1btd/0o1fnjQFw0xNDA0MTYxODMxMzdaMCICEQDgvl8U6JUh +OMWbAMg+89V9Fw0xNDA0MTYxODM4MTVaMCECEGl0vp68ShYtQkqB8hUmiUMXDTE0 +MDQxNjE4MzgzOFowIgIRALE1IQILmWB5ETmBhZYDHh0XDTE0MDQxNjE4Mzg1Nlow +IQIQOR3fFYxg+wcdxAFMQAujXxcNMTQwNDE2MTg0MjI3WjAhAhA5AuV3WzPm+UDK +NKUEmRhuFw0xNDA0MTYxODQyMzVaMCECEEEexoJulYCjFa/9jkt17SoXDTE0MDQx +NjE4NDI0NVowIQIQCS3/GJUYuUVHjBWJ6QRQnBcNMTQwNDE2MTg0NTIxWjAhAhAT +zfIXneCe1Z/7JuWVy4TnFw0xNDA0MTYxODQ4MjNaMCICEQChsJkF0s9jBK6LFyGg +qUa5Fw0xNDA0MTYxODUyMjNaMCICEQDOqUbzpPNDa+LvqDgpVj5MFw0xNDA0MTYx +ODUzNDNaMCICEQCJ7B2xg0u5rP9pcwk90b1CFw0xNDA0MTYxODUzNTVaMCECEHe1 +JAKN/RtgvrgTN1qMQe4XDTE0MDQxNjE4NTQwNFowIQIQf5fEbsGZEKO32xKkHtGC +YRcNMTQwNDE2MTkwNjAyWjAiAhEAiAQQGurP9c6OhQbNoiaVDxcNMTQwNDE2MTky +MzQwWjAhAhAKuqziyiNnjpXmuCuCosHHFw0xNDA0MTYxOTIzNDdaMCICEQDjSMA1 +KBTUzhhpt3JS+Gl9Fw0xNDA0MTYxOTI1MjBaMCECEGVcROix6xNVe6U77gTFZ7oX +DTE0MDQxNjE5MjUzNVowIQIQDTYRF0XdL2KGaTIqa2GccxcNMTQwNDE2MTk0NjQz +WjAhAhBZzy+xFANJKQtcazN06uKqFw0xNDA0MTYxOTQ3MDVaMCECEH2ReFvPWAaM +U1UR+xuwb4oXDTE0MDQxNjE5NDcxN1owIgIRALMyGnnnf05tnrTnRrzbwbIXDTE0 +MDQxNjE5NTc1N1owIQIQBQURogm58ExkiKnhLDgxcxcNMTQwNDE2MjAwMDI1WjAh +AhAwkaNik95qsg2Zofxg6gm3Fw0xNDA0MTYyMDE4MTFaMCICEQDWt95AK7UqdwKU +QXywWSv0Fw0xNDA0MTYyMDMzMDhaMCECEAIuZi+PD+UMcYae45S/ov4XDTE0MDQx +NjIwMzM1NVowIQIQZZF65nfvCvMFF2lacCsRQxcNMTQwNDE2MjAzNDA2WjAhAhAm +eaX+R/4Hhkf3hqU/giLCFw0xNDA0MTYyMDM0MDdaMCICEQCK1as+Q/OMGERmptAQ +rHvHFw0xNDA0MTYyMDM2NDFaMCICEQCx7u9U9jXVMZTuhhwFDybZFw0xNDA0MTYy +MDQyNTFaMCICEQCMYTpH7Fdb6GYF5AScMS2qFw0xNDA0MTYyMDQzMzJaMCICEQCP +jR3MXv23ryTXlxy6GOwkFw0xNDA0MTYyMDQzNDNaMCICEQDIOXUCm0ACrL96TAkS +EiLuFw0xNDA0MTYyMDQzNThaMCECEGAPOCglfKf29CJSG28YcuMXDTE0MDQxNjIw +NTEzNVowIgIRAMVeMQZNh8N/YlNTWZsZyR0XDTE0MDQxNjIwNTE1N1owIQIQc3S9 +5YgdjTE7AXUYTX45hBcNMTQwNDE2MjA1MjE4WjAiAhEAkSkJdWufy6C42lHsYBs7 +4RcNMTQwNDE2MjEwNDE0WjAhAhBuZmO9dno+44WlxGany3IvFw0xNDA0MTYyMTA0 +NTNaMCICEQDiAQaFr3KhsuuHjbVKUaqdFw0xNDA0MTYyMTE0MjRaMCECEGR8K9AJ +9DdJd2BUPuSglxcXDTE0MDQxNjIxMTgzNFowIQIQEUQtqAkw1T5TKpVeKgom2xcN +MTQwNDE2MjExODUyWjAiAhEAxAy9XJRXNPnMkYwQvV9UZxcNMTQwNDE2MjEzNTQy +WjAiAhEAjhNTMfCBpfMVe8hX4/bKrxcNMTQwNDE3MDA0ODI0WjAiAhEA/Hysv25r +ioNYIwqn33gKfxcNMTQwNDE3MDExMjA1WjAiAhEA03Yrs5iGnUyuMVzVDQnCpRcN +MTQwNDE3MDUzMDMxWjAhAhB3Hoyw00GSqEW4rPT1O4fBFw0xNDA0MTcwNTU4MzBa +MCECEHJiTdQ5UPJt2dStoz3Q+GcXDTE0MDQxNzA1NTkwNlowIgIRALAlY2Yw2mpF +KXO4Oz8ILKcXDTE0MDQxNzA2NTA0MlowIgIRAIjLjRIvOabFiT0QbPCFTX0XDTE0 +MDQxNzA3MTgzNVowIQIQU93+4FcSLN7ZhsBbYWjRkhcNMTQwNDE3MDcyMDEwWjAi +AhEAkvm7rGfocRKobtSO9RlqohcNMTQwNDE3MDc1MjUyWjAiAhEAwt5Go0gaJ4oP +WYP+B5OzthcNMTQwNDE3MDc1MzE1WjAhAhAG2DSHdHgcq4Q6SyErsk7oFw0xNDA0 +MTcwODI0MzBaMCECECxC0AD0p9QYRlbclP4udbkXDTE0MDQxNzA4NTYyNFowIQIQ +O/LMRkNB0xnPY8Ju5fOWAhcNMTQwNDE3MDkxNjAyWjAiAhEA1MTPKOrH5s+a075s +QdBZtxcNMTQwNDE3MDkzODI0WjAiAhEA2DwHHfqbkq5yC0hdc23hlRcNMTQwNDE3 +MTE0NjU3WjAhAhB7r4NTPtXhE30yZZpL0HoVFw0xNDA0MTcxMTUwNTJaMCECECWb +v7hoK3/JonX69/3ejtkXDTE0MDQxNzEyMTcwNVowIQIQDc+A0rPCkynON4wcs/Cm +CxcNMTQwNDE3MTIxNzE5WjAhAhBdjp3hjrk8zDm0NrSQ+3tnFw0xNDA0MTcxMjE3 +NTVaMCICEQD8XgovT212uaQ20iEsmV4zFw0xNDA0MTcxMjE4MDRaMCICEQD6ZiGP +KAN38VmhNxYMhlN3Fw0xNDA0MTcxMjE5MzVaMCECEHbT4MiS/l1A5/S20Fj2FwEX +DTE0MDQxNzEyMTk0MFowIgIRAOUqVONhE/cxMPEMHJqGl0cXDTE0MDQxNzEyMjIw +NFowIgIRANTVR6ZK11p5qCtQSHETA7EXDTE0MDQxNzEyMjUzNVowIgIRAKXVQIbi +iJRuevstCVtxnJsXDTE0MDQxNzEyNTk1NFowIgIRALW6pEhKpYoboQt8JcG8G4sX +DTE0MDQxNzEzMjE1N1owIQIQOz2BHs4galaXj5+bOSINqRcNMTQwNDE3MTMzNDEz +WjAiAhEA3AHfMRv3a7X/TXLSIzqSzxcNMTQwNDE3MTM1NTU4WjAiAhEA+GoBfzcw +N4KDvBoz9N2yUBcNMTQwNDE3MTM1NjIzWjAhAhBtF9csblqSHCvZpKPB6Ye2Fw0x +NDA0MTcxMzU4MTRaMCECEFNtw2sCGNlfKeputqMe8S8XDTE0MDQxNzE0MjIxN1ow +IgIRAPgINKKQD0oENLe053lyyfgXDTE0MDQxNzE0MjYzOVowIQIQb5KbZtVSilM3 +kkiR+KtguRcNMTQwNDE3MTQzNTMxWjAhAhA74LolpyxVD9pVfd9VhRquFw0xNDA0 +MTcxNDM2MDFaMCICEQD0sTRU55hiC4248dze2LMBFw0xNDA0MTcxNDM2MzJaMCEC +EHtgKoCyyiYJjahk9ENScaYXDTE0MDQxNzE0MzY1N1owIQIQEQi8I2LjLew1Uc5T +HWz9yRcNMTQwNDE3MTQ0MzMzWjAhAhAPOnMXmQ/DHppeScsKREbLFw0xNDA0MTcx +NDQ0MDZaMCICEQD9sH9UeWCYIaDANQiI1DWaFw0xNDA0MTcxNTEyMzlaMCICEQCN +PJxkcFAm1y16BjP077flFw0xNDA0MTcxNTIyMzdaMCECEHrbxuN19hGZXFVMNYSL +D2wXDTE0MDQxNzE1MjI0MVowIgIRAOXHDormcGnjtHV1WxmBXIEXDTE0MDQxNzE1 +MjM0NVowIQIQSZgGknk0NiDM0D/MkZsFSRcNMTQwNDE3MTUyMzQ4WjAhAhAPt8B0 +1Zr7qHbFRIWFdQ3QFw0xNDA0MTcxNTIzNTRaMCECEFMZQCx0IiQbhLpLgdv6KboX +DTE0MDQxNzE1MzY1OFowIgIRAPqGleFF59Wo3hjhm7fpLpwXDTE0MDQxNzE1Mzcw +NVowIQIQMdTkUmlAYqJy+zxZu/Ab5hcNMTQwNDE3MTUzOTEwWjAiAhEA1eKhQnXW +M8u9xYpVxDyYZxcNMTQwNDE3MTU0MzM5WjAiAhEAloDAL6bhxUXj9A3S9dMIoRcN +MTQwNDE3MTU0NDMwWjAhAhBAEp4LGy1TEikYlNdZlEwbFw0xNDA0MTcxNTQ0NDJa +MCICEQCVJFXZOvQMaqrTTkZPcyAqFw0xNDA0MTcxNTU2MDBaMCICEQDliMsBznHF +OpSAKmhbDwGRFw0xNDA0MTcxNjA4NTNaMCICEQDNXryZhKTAZCYNd4K+88ayFw0x +NDA0MTcxNjQzNDFaMCECEFBtkUI9LeLzA/jjCwXRoPQXDTE0MDQxNzE2NDUwMFow +IgIRAPr7ZJ14RkBFkrR2OU+LWXAXDTE0MDQxNzE2NDYzNVowIgIRALfmczX9TFvV +bcD12PZXScsXDTE0MDQxNzE2NDc1OFowIQIQPUrhZJXZtw/sL31E2GbglBcNMTQw +NDE3MTY1MjQ3WjAhAhBLGaHvtqjZ/Wm5D9GfuRlcFw0xNDA0MTcxNjUyNTBaMCEC +EDUoBcnDHYF+nGCVvQAnIIAXDTE0MDQxNzE3MTMwM1owIQIQW9oifWMFkiwQRDVj +XRaZSxcNMTQwNDE3MTcxMzA1WjAiAhEA2NUGXbSvSMYd7NI83JHYYBcNMTQwNDE3 +MTcxMzA1WjAhAhBUkRrc5itBAfuYJCj5w205Fw0xNDA0MTcxNzEzMDZaMCICEQCz +6o1xkWdrskBNVQUlw9yZFw0xNDA0MTcxNzQ1MDJaMCICEQCd27BKJZ9sVIDdsgkB +lH4CFw0xNDA0MTcxNzUxMDFaMCICEQDx4wpf9xIZZFGC7Zu4rgqmFw0xNDA0MTcx +NzUxMThaMCECEA5Cwy6zYMUlxYSyh5UpYnUXDTE0MDQxNzE3NTIwOFowIQIQctlg +HJMK01ERPHQk2kcGYhcNMTQwNDE3MTc1MjMwWjAiAhEA0geEZpKNh8iniQpsKQXK +IRcNMTQwNDE3MTc1MjQ5WjAiAhEAqUQB5mbqXdYvjpRlSOnQPhcNMTQwNDE3MTc1 +MzI0WjAiAhEAm8CkiKHVipI1IwPkCCwo7xcNMTQwNDE3MTc1NDAwWjAiAhEAmH/V +qxLPc8XryJblPQ2BIxcNMTQwNDE3MTc1NTEyWjAhAhBYRHdu2l1+ZswtR0g+/yfz +Fw0xNDA0MTcxNzU2MDNaMCECECJZ+umGoW7IFcOrFvutedgXDTE0MDQxNzE3NTYy +OFowIQIQAme1ucsosf+88Z3AifaixxcNMTQwNDE3MTgwMTI0WjAiAhEA4Z1FEtk9 +0pOEvB4JzUoucRcNMTQwNDE3MTgwMTQ1WjAiAhEAwevGxMPuFH2C44y365XHGRcN +MTQwNDE3MTgwMTU0WjAiAhEApsoOFGoHVrXCdX076DKoLBcNMTQwNDE3MTgwMjIx +WjAhAhBczPcWOVDHtoP7/hZJCDw6Fw0xNDA0MTcxODAyMjdaMCECEFdu1hErtlLT +HrIe16YG1NYXDTE0MDQxNzE4MDIzN1owIgIRAM2LN8TZ9eY6QxTW5PrFqOYXDTE0 +MDQxNzE4MDQ0N1owIgIRAPVFNjEYEawmnv1tCig5m2EXDTE0MDQxNzE4MDUxMFow +IgIRAPDSOnF+NthBSYDkWzINqdoXDTE0MDQxNzE4MDUzMlowIgIRAN8iK8j8W9Mp +iVQKSZ3KC5sXDTE0MDQxNzE4MDU0MlowIgIRALTJqL38SLDE/5sdXSvAmx0XDTE0 +MDQxNzE4MTAyNFowIQIQWF06rzMbomZxRp1u5zARPhcNMTQwNDE3MTgxNzU1WjAi +AhEA8dA3n+FH+MTjYoPWA3l+ChcNMTQwNDE3MTgxOTE2WjAhAhB57sWdOW/yDXJB +IOtqiJBNFw0xNDA0MTcxOTI4MDhaMCICEQCQ1qyM8w4B3n4cl+s/zwnUFw0xNDA0 +MTcxOTI4MzRaMCICEQDXace+gEnh8e7IVl0lL9vSFw0xNDA0MTcxOTI5MzJaMCIC +EQC0wukNqdGiTSYxBMWpEsS3Fw0xNDA0MTcxOTMwMzRaMCICEQD7hawroeQhea/t +JejqSz44Fw0xNDA0MTcxOTMwNDlaMCICEQD1axopnTeh4SgWjalXPoKyFw0xNDA0 +MTcxOTMxMzlaMCICEQDXcXfnpQPPMSUJUKwICSKZFw0xNDA0MTcxOTMxNTZaMCIC +EQDysgHPKukgAWHBwtnUBVJsFw0xNDA0MTcxOTMyMTNaMCICEQDo/pympmddDqnB +OaKf+ZnTFw0xNDA0MTcxOTMyMjZaMCECEBT2WKI4nQ1a6wkd9pX9x+cXDTE0MDQx +NzE5MzMzM1owIgIRALvdwqxqoKFi3uXv/MhQpBAXDTE0MDQxNzE5MzM0OFowIQIQ +ZSlK/77vpOFCzleVMBRX0RcNMTQwNDE3MTkzNTQ5WjAiAhEAhSin/DKfHeOJvd5J +lzrJBBcNMTQwNDE3MTkzNTU1WjAiAhEA0PILB6YJZKfft/3cy16g+BcNMTQwNDE3 +MTkzNjEzWjAiAhEAiooPD7/xUxHXpjoMJj/MXhcNMTQwNDE3MTkzODE0WjAiAhEA +og2o1mJfU7m/FGeI7+bKDxcNMTQwNDE3MTk0MDQ0WjAiAhEA4zHPjt+cOdYMbarw +syxerxcNMTQwNDE3MTk0MTAwWjAhAhBCWutTrGBw2ZdhcEEQDTLSFw0xNDA0MTcx +OTQxMTZaMCECEGqfV0OSNfwH183OG9MdOLIXDTE0MDQxNzE5NDEyM1owIgIRALAk +ZpxA4YBYg4JxO+vAF08XDTE0MDQxNzE5NDE1NlowIgIRALbMbhgDvspi13lC7I2j +sx0XDTE0MDQxNzE5NDIxNVowIgIRAI3u4ZYuUQQGC4LwOzNe4i4XDTE0MDQxNzE5 +NDIzMFowIQIQbh0vVANfU9zd1Tgac1vVkhcNMTQwNDE3MTk0MzI1WjAiAhEAhent +dfVQd8ubZH3l7CjBtBcNMTQwNDE3MTk0MzI2WjAiAhEAgmp2sAhE88EW9aTKmc5r ++BcNMTQwNDE3MTk0MzM5WjAiAhEA6ywIkP0ng42h5fytDZ/BVxcNMTQwNDE3MTk0 +MzQ5WjAhAhBX0R+smJfwOxBXBs/D45qOFw0xNDA0MTcxOTQ0MTVaMCICEQC99aBZ +tv9NikgySa1/kchzFw0xNDA0MTcxOTQ0MTlaMCICEQD1/U6nuxBoO8MCH48Jc0d/ +Fw0xNDA0MTcxOTQ0MzBaMCECEBAY6POB2KQHlIB5mK7AVeUXDTE0MDQxNzE5NDQ0 +MVowIQIQYwrfY6FhV/4CC6kE6JCGJxcNMTQwNDE3MTk0NDUxWjAhAhB4culQs++g +Zh6xH0hweg/sFw0xNDA0MTcxOTQ0NTNaMCECEBeIoedZOTSdCPkL13CNiZcXDTE0 +MDQxNzE5NDUwOVowIgIRAMU3IB5QzRz2leOyefV7ggYXDTE0MDQxNzE5NDUyM1ow +IQIQQdm4tsE9vbuCoqHadRFi6hcNMTQwNDE3MTk0NTIzWjAiAhEA1vIEP39LUVL7 +oR4yxY8AOBcNMTQwNDE3MTk0NTQyWjAhAhBAZeHI4IHoO8j0PByPvVp8Fw0xNDA0 +MTcxOTQ1NDlaMCECEDdpoeoOEjy2Uf0wr13nV2sXDTE0MDQxNzE5NDU1N1owIQIQ +JoU6e+z+1dUF8JWs//8EEhcNMTQwNDE3MTk0NjEyWjAiAhEAm9Kaf1Bj0tdYC+UH +UsJm+BcNMTQwNDE3MTk0NjIzWjAhAhBH0lQlVq6ClJW1XJbZFgB4Fw0xNDA0MTcx +OTQ2MzdaMCICEQCyBcFYUsm5q/qGAIBCIj2bFw0xNDA0MTcxOTQ3MDFaMCICEQCK +6Zx1xZlhpVfW3eXpb5rsFw0xNDA0MTcxOTQ3MTBaMCICEQDt8m0+Z+kqVN44y+GU +vVIKFw0xNDA0MTcxOTQ3MTRaMCECEGCURJ1E/NqqRRBjfL86sbgXDTE0MDQxNzE5 +NDczNFowIgIRANQIoRD9F6ToCs7GfbWr6VcXDTE0MDQxNzE5NDc1MFowIQIQCvpE +pYCg80T99Ii9R6Ff0BcNMTQwNDE3MTk0ODEyWjAiAhEAxjWr4K7kKNj2qV5OPq4O +YhcNMTQwNDE3MTk0ODI3WjAhAhBZAv2iIa6jPRvgRnGKyzlvFw0xNDA0MTcxOTQ4 +MzlaMCECECEWSQGf68CzKzCD/tLeq8wXDTE0MDQxNzE5NDg1N1owIQIQF+wQICTX +S2kntPv+rN4a1BcNMTQwNDE3MTk0OTE3WjAhAhAvbusJ9wBnuihXJD7J8YyYFw0x +NDA0MTcxOTQ5MzdaMCICEQDcxBIPvui66exR8q8+2d1cFw0xNDA0MTcxOTQ5NTFa +MCICEQD6MLIxi+WdYe/TCNWulS97Fw0xNDA0MTcxOTUwMDVaMCECEHDzD7Qu5Mte +cEc+z7mGwpsXDTE0MDQxNzE5NTAyNFowIQIQVfPebiulmWqaNdOSec4nsRcNMTQw +NDE3MTk1MDM3WjAhAhBFsfaVQ/UyvGzrGv29CUUgFw0xNDA0MTcxOTUxMDVaMCIC +EQCaGqsrgzeG/ZVZXfHNuZbNFw0xNDA0MTcxOTUxMjNaMCECEHT1RpPKry+8C8Or +1Lj6YB0XDTE0MDQxNzE5NTE0M1owIQIQdf5X2IZ4aBuXRqzXQEeybxcNMTQwNDE3 +MTk1MTU4WjAhAhAsOgnMFlct7JbaQUROCP3gFw0xNDA0MTcxOTUyMDRaMCECEHvW +3iODNnzH9XkQHI26Rw4XDTE0MDQxNzE5NTIxN1owIgIRAKa3Z/XRg91VcwkUlQ0B +35QXDTE0MDQxNzE5NTIzNlowIgIRAP5V837UyfQe/+P2nk3ft5IXDTE0MDQxNzE5 +NTI0M1owIQIQE3v0+dPa9L3QiI+YByS6VxcNMTQwNDE3MTk1MzEyWjAiAhEAyq4L +kj1ZFdmjTFkM9wxr1xcNMTQwNDE3MjAwMzQ5WjAhAhB7fK5NvUmBccpoFce+mElo +Fw0xNDA0MTcyMDA0MDNaMCICEQDMb1c7p8UhVjhYE+hf/y8wFw0xNDA0MTcyMDA0 +MjhaMCECEB7Kk/rJSwMFq0pHmPWHXO4XDTE0MDQxNzIwMTkwMlowIgIRAO46MpOT +j9xHZyL7+0wTR7UXDTE0MDQxNzIwMjIzN1owIQIQdbXo/yXKLY0dl8ocIOW8XxcN +MTQwNDE3MjAyMzQ5WjAhAhAywTSFXtYGnf94iQrKnytaFw0xNDA0MTcyMDM4MjNa +MCICEQC4L0uPkq7ouPmrBi4xZB51Fw0xNDA0MTcyMDQxMTNaMCICEQDjEFbI8rBv +yTScjWTvUVm8Fw0xNDA0MTcyMDQzNTNaMCICEQCj7hj4sI9Kq4keVWSfl0ZDFw0x +NDA0MTcyMDQ1MjVaMCICEQDCaM6Rz8xebUtICPh2WEa8Fw0xNDA0MTcyMDQ1NTBa +MCICEQCVlKST2Q0HvBQ0Ns2VUmmkFw0xNDA0MTcyMDQ1NTVaMCICEQC5++7OmxNH +2KVn7W7aVerqFw0xNDA0MTcyMDQ2MDFaMCECEEsxoX1dfc2hti129Um/bPsXDTE0 +MDQxNzIwNDYzOVowIgIRAI+52gG/3Z3IEjmy4cB2iukXDTE0MDQxNzIwNDY0Nlow +IgIRAKPTSttl1Oih8vfuTSNT1EMXDTE0MDQxNzIyMDAwMFowIQIQDk1NBCFviYhA +waogcHGtYhcNMTQwNDE3MjIwODUxWjAiAhEA/on//yVcvs32nqULKv/6GhcNMTQw +NDE3MjI1OTE0WjAhAhAKvB+6KN5AaGKSOUQ7LQUfFw0xNDA0MTgwMDM2NThaMCIC +EQCehtMBorsSNqYK1Ba2KwwhFw0xNDA0MTgwMzUwNTJaMCECEA4Ra7bjsgo3t1u4 +EmxhqDEXDTE0MDQxODAzNTExMlowIQIQfPY2nW2glklYvgneRi5D3BcNMTQwNDE4 +MDgwMDM4WjAhAhBfnDo4S0WSKUv7IGNbh4KRFw0xNDA0MTgxMDI2MDJaMCICEQCD +x6UhWxgB6wXMd6SMJtXZFw0xNDA0MTgxMDI5MjdaMCICEQCEUu/t6KUSjH2q8mUS +2aM3Fw0xNDA0MTgxMDM4NTRaMCICEQDMhUl328HCPE504a1QfBJFFw0xNDA0MTgx +MDU0MDJaMCICEQDJf1hr3AFL93I606WSLbx0Fw0xNDA0MTgxMDU0MzNaMCICEQDN +2HqxLUOZORKGnSKvqAatFw0xNDA0MTgxMjA4MzBaMCICEQCd/kKhaPv2fO0ikvyK +h/6oFw0xNDA0MTgxMjA4MzlaMCICEQCm7Mm1HOuQNyz6O4E73whvFw0xNDA0MTgx +MjEwNDJaMCECEAQavDxljJcU1CeeWlKoXQkXDTE0MDQxODEyNDQxNlowIgIRAJmg +KZTHeA9k3GF/Eeq/VDAXDTE0MDQxODEzMDE1NVowIgIRAI5TP/jHIN7z2U12PEsJ +92AXDTE0MDQxODEzMTgyNVowIQIQWU0fPm+Ywa6kE+lMqMU8LhcNMTQwNDE4MTMz +NTE5WjAiAhEA5ky8rYLJvOtkx66P1eHvoRcNMTQwNDE4MTM0MzMxWjAhAhAwkDXv +ytcVnHhXc49Q/fsuFw0xNDA0MTgxMzQ0NDdaMCECEHhrss68SDTSn5n5s71fgk0X +DTE0MDQxODEzNTgxMFowIgIRAJcWsOb7vAwMYsnHdAMMcUEXDTE0MDQxODE0MDAy +OFowIgIRAJv3pLX3b/tXHRwgSotMIP4XDTE0MDQxODE0MDIwMlowIQIQQh6osPFB +PaDTdKnYxs8OkxcNMTQwNDE4MTQwMjQyWjAiAhEA/q4+8buh33gcuvuEHRC6GRcN +MTQwNDE4MTQyMzA1WjAhAhAgA6wjF3HCgYcT2/EwGTNZFw0xNDA0MTgxNTA1NDFa +MCECEBzp0jXahltXTxi3qXFynPwXDTE0MDQxODE2MzcyNlowIgIRAMpWSUbT0oqZ +IxtmtFHmoLAXDTE0MDQxODE2NDIzM1owIgIRANr2VahZzlOPUXipW9Ho/7YXDTE0 +MDQxODE2NDMyMlowIQIQfzYWVV2wmWERoHxiVYucoBcNMTQwNDE4MTY0MzMyWjAh +AhBKaE6ba2uYfefOpDBvKTazFw0xNDA0MTgxNjQ0MzRaMCECEG56Grnh4vdEhZs8 +bm1rJoMXDTE0MDQxODE2NDQ0NFowIQIQU2VzT10zanp5wPfO9nhWTRcNMTQwNDE4 +MTcwNTExWjAhAhBj+EdobZNsXONYedHMFkq7Fw0xNDA0MTgxNzA1MzRaMCICEQCo +8rDdIVWZNQosq4GOxZH0Fw0xNDA0MTgxNzA2MDZaMCICEQCFiHIPqHiOTwThajo2 +Rh8LFw0xNDA0MTgxNzA2MTRaMCECEGpwS9+hRllSNsisSEu0iGYXDTE0MDQxODE3 +MDYxOVowIQIQCPbWDwE8oQuiO2eeA81leRcNMTQwNDE4MTcwNjI2WjAiAhEA0l5e +VpWfl//r2biav6Ic/BcNMTQwNDE4MTcwNjM2WjAhAhBOSZzg9qi+u8HL257S/lYD +Fw0xNDA0MTgxNzA2NDFaMCICEQDEZ8hVtk6QapYSYS4BnuwOFw0xNDA0MTgxNzA2 +NDhaMCECEAJH9OMcl13uYXHQfUtY/u4XDTE0MDQxODE3MDY1NlowIQIQa1w58m3c +e3slnjlo3WKTbRcNMTQwNDE4MTcwNzAzWjAiAhEAth+oea/fUAF/BLnyfD9eBRcN +MTQwNDE4MTcwNzA3WjAhAhBCzwdx8wmVaQZ8iZBNTgSLFw0xNDA0MTgxNzA3MTNa +MCECEFQC+Kr+WEN9uEmGVpPwL5cXDTE0MDQxODE3MDcxOVowIgIRALMDxoZiVQQo +F6QzB+bLwBcXDTE0MDQxODE3MDcyNlowIgIRALPPSmGdBXY0I8RZa9Blc78XDTE0 +MDQxODE3MDczMVowIQIQUoAxxFffGC9R7KEbfiY1KBcNMTQwNDE4MTcwNzM1WjAh +AhAMxOYVt8dBuK0Zep/upD6cFw0xNDA0MTgxNzA3NDNaMCECEA8OF77cKL2OW6ex +Tjv+67IXDTE0MDQxODE3MDc0OVowIgIRALcLXa4siizfLnpVouDc+hkXDTE0MDQx +ODE3MDc1NVowIQIQZ2uNypKZDu9zjZNFB7PpKRcNMTQwNDE4MTcwODAyWjAhAhAU +GaRhHpsgegR60w4oe24xFw0xNDA0MTgxNzA4MDhaMCICEQCS5Pn1UyzbVd1F0FyS +z8VXFw0xNDA0MTgxNzEzMDVaMCECEHPnWMrKueC1rCEkpGFXRagXDTE0MDQxODE3 +MjkxM1owIgIRAOo8kREbcujhYEO5wOPGzeQXDTE0MDQxODE3MjkyMVowIgIRAKY2 +VDbBkviVUOC9QxF6qkQXDTE0MDQxODE3MjkyOVowIgIRAMzt/JRiUiZB/LYIA3et +rVwXDTE0MDQxODE3MjkzM1owIQIQflo8dvbUtyfT1J/yCs8TmhcNMTQwNDE4MTcy +OTM4WjAiAhEAu8fCwxVsotHl3/YcF2dH9hcNMTQwNDE4MTcyOTQzWjAhAhBsoxNC +21zijsn0upemibBEFw0xNDA0MTgxNzI5NDhaMCECECOoiqTBS4rcEGyE5tJzC0YX +DTE0MDQxODE3Mjk1M1owIQIQJKR+nKG8hXh25jj+sdTbTxcNMTQwNDE4MTcyOTU3 +WjAhAhArylEGnGvi9P8nKKvThu6DFw0xNDA0MTgxNzMwMDJaMCECEDgfXpa1f1ql +n/l6CcnbYLgXDTE0MDQxODE3MzAwNlowIQIQQEKrcEKcQHpcCK8E451gTBcNMTQw +NDE4MTczMDI2WjAiAhEA2TqLjUShDNdODJjk/Q2ggBcNMTQwNDE4MTczMDMwWjAi +AhEA5mKXw+BYG4C+vsMNPySmLRcNMTQwNDE4MTczMDM0WjAhAhBUtuw4OpM1Tddk +PqWrNEG1Fw0xNDA0MTgxNzMwMzhaMCICEQDpUnBNRL6KdcMjf/AspKceFw0xNDA0 +MTgxNzMwNDJaMCECEFFdDJK/hoqFaWnKyB9QxhkXDTE0MDQxODE3MzA0NlowIQIQ +WZ85S6Mlxd/LY7XSLZdvDRcNMTQwNDE4MTczMDUwWjAhAhADk6fN24SlQ7l1jiYB +3X21Fw0xNDA0MTgxNzMwNTRaMCICEQCpBpUudeXAuiK69zmuR3aaFw0xNDA0MTgx +NzMwNThaMCICEQDslJS2Tu5gEeqwz1qJAqTsFw0xNDA0MTgxNzMxMDJaMCICEQDA +eJIGlIP2sjT3mFCHMmRZFw0xNDA0MTgxNzMxMDdaMCECEFspqKxarbYGRYXzxR0C +jTUXDTE0MDQxODE3MzExMVowIgIRAOUaczRCn+YZ1mLb3DmRrgsXDTE0MDQxODE3 +MzExNVowIgIRALpVHjx9I8UR3HXIOyavW0kXDTE0MDQxODE3MzEyOFowIgIRAIaL +I7RiTHmHE88hHrA6H2wXDTE0MDQxODE3MzEzM1owIQIQDgl1w9quCbt6QEMsv3c0 +5BcNMTQwNDE4MTczMTM4WjAhAhA4vun5/SyoLzslbPFFwywAFw0xNDA0MTgxNzMx +NDJaMCECEBbBNn0gVDmEpDBIGzfyHe0XDTE0MDQxODE3MzE0N1owIQIQfcgLDCVb +lry2AzPSJN1asBcNMTQwNDE4MTczMTU0WjAhAhA75M7qCGYavaFydHtRbWGVFw0x +NDA0MTgxNzMyMDNaMCICEQDbly+of3J0JBHeXpCaHa3rFw0xNDA0MTgyMDQwNTla +MCICEQCQ1CrSmGgytsYCcaPpgAaaFw0xNDA0MTkwOTUyMDVaMCECEHTMMH6WzsHz +HjYFNBUxXT8XDTE0MDQxOTE3MTMwOFowIgIRANxxzrJrVA/6v/liE709C/kXDTE0 +MDQyMDAxMjAzMFowIQIQMjuIEx5BPVeaVcAq4nI1gBcNMTQwNDIwMDEyMDM1WjAi +AhEAn1I1X/rqYz/OkRk6AcCT6hcNMTQwNDIwMDQxNzIyWjAhAhBARhGDOeLwBe7S +9FQehscLFw0xNDA0MjAwNDE3NDBaMCICEQCUmKbd+oc1Bu8rLHQm6kVtFw0xNDA0 +MjAwNjIzNTdaMCECEFWTwP3RhtUvGb1gIFajF5QXDTE0MDQyMDEzMzAxMVowIQIQ +ExBFp2sIJyztYUHkR5wk0BcNMTQwNDIwMTQwMTE0WjAiAhEAxiOjgnF2ZO7jF/3x +vaTXwxcNMTQwNDIwMTQ0NzA5WjAiAhEA9t7ynA2dM5vSbSB4u3uIGRcNMTQwNDIw +MjEyNDM4WjAhAhBOI3tj1btXApbXemz9l7T9Fw0xNDA0MjEwMDA1MzRaMCICEQCH +vnvlKig2vfub9h0UkjIoFw0xNDA0MjExMTQxNDVaMCECEGVwgp2ZRxSAFjaYQbCR +i2oXDTE0MDQyMTEyMTY1NlowIgIRAJX+IrI/YCrJW0cdhb0QDaEXDTE0MDQyMTEy +MTcwMlowIgIRAIw+363VdpxVXQz2Cz8Op1MXDTE0MDQyMTEzMjU1MVowIgIRAI3u +bqD9+qtPpoDZkt3dbfwXDTE0MDQyMTE0MjI1M1owIgIRALKTGpO7lhrjGZjHhIjG +SwMXDTE0MDQyMTE0NDUyOFowIgIRAMH8Q3gDPWKgwPivPmYU2iYXDTE0MDQyMTE0 +NTQxNlowIQIQdsUC1CPaRFnI9pQeyub6LRcNMTQwNDIxMTUzODUwWjAiAhEAhFbO +aa/ZAqHh8YbAtRr0sRcNMTQwNDIxMTc1OTM1WjAhAhByd/3NRghWGu7Y83B4+l7D +Fw0xNDA0MjExODQ0NTRaMCICEQDdSzAQG4JseDwABP3C/kH6Fw0xNDA0MjExODQ2 +MDZaMCECEHnktvMtxQXCbBQST+zwYeoXDTE0MDQyMTE4NDY0M1owIgIRAMEY8vhe +TLAsj1cvoc8UJH4XDTE0MDQyMTE4NDcyM1owIQIQE5bRjHs3yMZT1+xIgvoqMRcN +MTQwNDIxMTg0ODI4WjAiAhEA5UjFwDaTbRFy5xqfo1CyWRcNMTQwNDIxMTg0OTMz +WjAhAhANZ7srIZX5k+SLII2kUTGbFw0xNDA0MjExOTE4NDZaMCICEQCoJmO1sHQ1 +qMl1NpeGkXJdFw0xNDA0MjExOTI2MTZaMCECEFRw4lO4OBuq+i7hpTdoHqgXDTE0 +MDQyMTE5Mjg1OVowIQIQJ3seWzLxA3G8Po/ZQ74PcBcNMTQwNDIxMTkzNDU1WjAi +AhEAsi/VGEREhwNmjG+d62DzthcNMTQwNDIxMjAyMDQ3WjAhAhAaAwDdqF+MMf+z +f5LeFAtRFw0xNDA0MjEyMDIxNDZaMCICEQCoht5JzViS+kG/feyA6GcJFw0xNDA0 +MjIwMzQ5MzBaMCECEAPsJkrtCdbv03ERMBmxzZIXDTE0MDQyMjAzNDkzNVowIgIR +ANuzv++CZIiXx7aQj6aKOqsXDTE0MDQyMjAzNTE0OVowIgIRAPDJHrTRDr49t98D +rG/D2e8XDTE0MDQyMjAzNTE1OVowIQIQcEk2CKLviNhO9BHWMt6T7RcNMTQwNDIy +MDM1MjE1WjAiAhEAjsaH3cFwxuMyQ/+9VqiwahcNMTQwNDIyMDQxNjA2WjAhAhB+ +6VtxfcXlr8FcgZn7LpNKFw0xNDA0MjIwNDIwMzdaMCICEQD5NK3TxjnbCjT2kC4m +13eVFw0xNDA0MjIwNDIxMDJaMCICEQCJfPYKmxSyC9sAnQvCmhRmFw0xNDA0MjIw +ODE3MTRaMCECEE1bmmAq3MRZgFI7C5ejzPgXDTE0MDQyMjA4MTcyMFowIgIRAN5W +G7IfXEKl+rqrRmPUDDMXDTE0MDQyMjA4MTg0NlowIgIRAPkHEl9Xq0sPel+MnKyq +7CoXDTE0MDQyMjA4MTkyMVowIgIRANZkJqPNvFqvK9GqyL95b4YXDTE0MDQyMjEw +MjI0OFowIgIRAMOi661tfjeJsaLq5emzSMEXDTE0MDQyMjEwMjgxMVowIQIQNcnA +PSRU2wjIDl96Mby7CRcNMTQwNDIyMTA1ODU2WjAhAhBatOexymkqcquU8/4hqCEH +Fw0xNDA0MjIxMTM1MzNaMCECEHyPwlI508ihaUrvQ/g9tjUXDTE0MDQyMjExMzYz +M1owIQIQHhx4ASOeFDKmzdatcBWTRBcNMTQwNDIyMTEzNjQ3WjAhAhB7L0w0QE8K +IerGC/pZtuTNFw0xNDA0MjIxMjQ4NTVaMCECEEkiyafwJFWeVOTxeF8P1pcXDTE0 +MDQyMjEyNDkwNFowIQIQaNXm9m1x3M8BnoWzRUemPBcNMTQwNDIyMTI0OTA3WjAh +AhAyLqtGKeKAaXVegAZufj1uFw0xNDA0MjIxMjU5MzBaMCICEQC458mzkNdBdeLE +Fd4UYARQFw0xNDA0MjIxMzExNDhaMCECEA5bCtlqDxH9yZXYYtU8MqQXDTE0MDQy +MjEzNDMwNlowIQIQDwI9Uv+bImwei0oiRI3j/BcNMTQwNDIyMTM0NDI5WjAiAhEA +1wtyaiF6hEHqTY7X/N0KBxcNMTQwNDIyMTM0NTQ2WjAiAhEAkUrKp82GNHHkBBwW +b8KS+hcNMTQwNDIyMTM1MjUzWjAhAhACZhqOq0DPiYZMmTWss4LkFw0xNDA0MjIx +MzU0MTRaMCECEAyJKXxo5sS3+IytEhdL9gQXDTE0MDQyMjEzNTUzN1owIQIQGZMO +yp+O2mYQWvuH+enXjBcNMTQwNDIyMTM1NzA4WjAiAhEA8eLfIZhrAzvLY810Lpwg +8hcNMTQwNDIyMTM1ODI2WjAiAhEA5UD+hRZcmKnYH99RxBRtPhcNMTQwNDIyMTM1 +OTQ5WjAhAhBaSlovN4HjP1Qf/uo0xm3jFw0xNDA0MjIxNDQ1MThaMCICEQDnHY9r +/ep3CIa2gGrJBVgeFw0xNDA0MjIxNDU4NDZaMCECEG1Q5ffDtUkhGJW6h1FILhwX +DTE0MDQyMjE0NTg0OVowIgIRALyYlsR20YUKMAbnFS+spJMXDTE0MDQyMjE1MDgx +MlowIgIRANWssZ3AFIuRud3Qhavb6KUXDTE0MDQyMjE1MDkxM1owIQIQUmhaiQqZ +2evjpttVFEPLnxcNMTQwNDIyMTUxMDQwWjAhAhA5MtQAG64ezU41RRB9xgfGFw0x +NDA0MjIxNTExMDFaMCICEQC7U9QuG4F4nyOB0JrfZXrBFw0xNDA0MjIxNTE0MDda +MCICEQDQYWsu6CRBopQNncSceHKWFw0xNDA0MjIxNTE0MzlaMCECEDb6mrHAqxLc +eJlHfN36d+AXDTE0MDQyMjE1MTU0MVowIgIRAK/fsHFkXI+yEz4+p26LfTYXDTE0 +MDQyMjE1MTc0N1owIQIQMo/ZSv6SFQaVB0XMHdF66xcNMTQwNDIyMTUxOTI2WjAi +AhEAiJf7NTPgmg5LdRfLaIp38BcNMTQwNDIyMTUyMjQxWjAhAhAlWHSZj346bQQE +frRBurY5Fw0xNDA0MjIxNTIzNDNaMCECEEtANBTsr2IAAtR/0shy7gUXDTE0MDQy +MjE1MjQwN1owIQIQEqa9+CQqdht72/bj++EBNBcNMTQwNDIyMTUyNDI1WjAhAhBa +8+79KWF/7Mnqi+tt0BZqFw0xNDA0MjIxNTI1MTVaMCECEFA1Bw57xMLnxbfztAL/ +fHYXDTE0MDQyMjE1MjY0M1owIQIQIkWo27HHcPDTgeT4rNmlCxcNMTQwNDIyMTUy +OTM5WjAhAhB3nA7v+oBIZsh/yc7eR/nSFw0xNDA0MjIxNTMwMDBaMCECEGQkB9fy +m9KYFJcOk1Ucgm8XDTE0MDQyMjE1MzEwNVowIgIRANDQ7BFRqK2TXVji0F9Ak18X +DTE0MDQyMjE1MzI1MVowIgIRAIZjMX/eqb/0aYjdPAFQIqYXDTE0MDQyMjE1MzQw +MVowIQIQXk+7EjR5/5DM5vmXUkAA2xcNMTQwNDIyMTUzNDM0WjAhAhACcvAZ0M6u +UZHkkLaerRmxFw0xNDA0MjIxNTM0NDBaMCECECYHdENxXmOjxPzuNig82O8XDTE0 +MDQyMjE1NDU0OFowIQIQRZHW1DTchlsr53bA9dEzJxcNMTQwNDIyMTU0NzQzWjAi +AhEAiHBuLb/Ba1q8vZ9sj+XZohcNMTQwNDIyMTU0ODEzWjAhAhAR8yp9/PE4jQXt +lu2PELuuFw0xNDA0MjIxNTQ4MzZaMCECEAYoW7MJv8b2eknOipCqOgEXDTE0MDQy +MjE1NDkyNFowIQIQdwYCYDgeXGxO5bvGXYQqJRcNMTQwNDIyMTU1MDExWjAhAhAS +OIDXjwKj5G1hpk/yjXVzFw0xNDA0MjIxNjI3MDlaMCECEEfeGv0BuGOMqXNCNMTn +R2kXDTE0MDQyMjE2MzE0MFowIQIQS34pazUdo43qPPd2b39N+RcNMTQwNDIyMTYz +MjQ2WjAiAhEA9pPWwL17NywvTY0O3szzvBcNMTQwNDIyMTY0NzIwWjAhAhBVbYGY +MjqesZbr5PZKdQi0Fw0xNDA0MjIxNjU4NDBaMCICEQDEYeTglN86yNAMfx6zSM9l +Fw0xNDA0MjIxOTI3MTFaMCICEQDfA8dCcpGJhEo3g2pqw6bmFw0xNDA0MjIxOTQ5 +NTVaMCECECJu4GoCwz/G2kHO5nskaN0XDTE0MDQyMjE5NTAwOVowIQIQa7VVfAXn +1FqCldmpT3IfqxcNMTQwNDIyMjAxMjE3WjAhAhAdU7zKFzVK3zfLxixKHRwnFw0x +NDA0MjIyMDMzMThaMCICEQDPd/vrCSD2YahK4SyE5ks/Fw0xNDA0MjIyMDM0MTVa +MCICEQD9X8LCRF+TsV/LPzgIM2eOFw0xNDA0MjIyMDM1NTNaMCECEDaqY/pmMyxX +xYSpWNi1JpoXDTE0MDQyMjIwMzcwMVowIQIQGeQlhJLb0KxRj/cExvi2YRcNMTQw +NDIyMjAzNzU0WjAiAhEAuPNGSiM/7eBrytREs0LWxxcNMTQwNDIyMjAzODQ2WjAi +AhEAzk8yemTY2yASHNsytx2B6xcNMTQwNDIyMjAzOTM4WjAiAhEAx6YzKAvenxCB +tximxYqiAxcNMTQwNDIyMjA0NTE5WjAiAhEAhHBpBrRcxIfjQsxFRLWDqxcNMTQw +NDIyMjEwMDI5WjAhAhBUxZfQ/x0b6EeBhhfASpU3Fw0xNDA0MjIyMjIyMzJaMCIC +EQCIO6tVP2HTz/DAOopFMpcWFw0xNDA0MjIyMjIyNDFaMCICEQD2hPR6uO21OZ+f +M1TIQEKmFw0xNDA0MjIyMzI0NDNaMCICEQD8zxNTIgoWw6k9X5XvFGyYFw0xNDA0 +MjMwNzU1NTZaMCICEQDi2kx/gPpvfZgwKwVdKQazFw0xNDA0MjMwNzU2MzJaMCIC +EQCJsFg1mvRQUQoIJv/uFTP8Fw0xNDA0MjMwODQyNThaMCICEQCl2PnmGJLwI2SX +nVLPRwoLFw0xNDA0MjMwOTA1MTFaMCICEQC2mNe2+W3CaqzERMKlnMJfFw0xNDA0 +MjMwOTA2NDNaMCICEQDXrDpke1DAqxK/eUR3wYwtFw0xNDA0MjMwOTEwMzhaMCEC +EAPOrhv2DwCFVe39il0pZxEXDTE0MDQyMzEwNTYyMlowIQIQOWbTAi1/ifv7kPt0 +lSO7sRcNMTQwNDIzMTA1ODM0WjAhAhAVrKMVhF5sOHl5gY626U92Fw0xNDA0MjMx +MDU5MzlaMCICEQDlNUa+EmFMGj3RE16sI0GUFw0xNDA0MjMxMTAwNDNaMCICEQC0 +SS751OH5qIcfcqfc0RDfFw0xNDA0MjMxMTAxNDFaMCECEF3u+Hj+RHJEtvRfF0Qy +zf4XDTE0MDQyMzExMDIzOVowIgIRAJhu40FdSa2jQyL2z5WS6coXDTE0MDQyMzEx +MDM0NFowIQIQJkGBS1N5oVyf6BZpcONo9xcNMTQwNDIzMTEwNDMzWjAiAhEAqy9O +YAqJ6oH4eQrNjZ517RcNMTQwNDIzMTEwNTU0WjAiAhEAqxegHIZdDpQyiGF4ywtF +IxcNMTQwNDIzMTEwNjQ1WjAiAhEAlDkpLz8WVq12NXBjV66PDRcNMTQwNDIzMTEw +NzM5WjAhAhBfwGBqIs2lSmitNCyRMLymFw0xNDA0MjMxMTA4MzdaMCICEQCC/Elq +V1/nal1RZIUWZccQFw0xNDA0MjMxMTEwMDNaMCECEAZ6QPVI5Quu/LqJ8Tq/KSMX +DTE0MDQyMzExMTA1M1owIgIRALQr9PlQHhQhinFbwKOQET0XDTE0MDQyMzExMTE0 +N1owIQIQKTC7LdfOO5iS6zfPkcjTuhcNMTQwNDIzMTExMzEwWjAiAhEAqrgktUpE +S+7q9Hr7+NMMixcNMTQwNDIzMTExNDA2WjAhAhAktg+TPCcy0yBV/HStYtjoFw0x +NDA0MjMxMTE0NTNaMCECEHXeKgP3nJiDGqrJIT1EysEXDTE0MDQyMzExMjUzNFow +IQIQBzTGrbJBXRh+YA7mLRipExcNMTQwNDIzMTEyNjQyWjAiAhEAz4aLzhhJMCEo +RmhmxdrPxxcNMTQwNDIzMTE0ODA1WjAhAhAtnoppquoGDCJwRPIxZUUQFw0xNDA0 +MjMxMjA1MDdaMCECEEesmK0tvwFPI6KlXpkqBGkXDTE0MDQyMzEyMjk0MlowIQIQ +PKbaMSVeAr2vllWzuf54aRcNMTQwNDIzMTIyOTQ5WjAiAhEAuPv7rPs62YNu5xzq +x35H8xcNMTQwNDIzMTI1NDQ0WjAhAhBV4KvRYfwzwbdGcxSfr4S/Fw0xNDA0MjMx +MzE5MTNaMCICEQDlKo+p0qVLTkX7du0a6d+EFw0xNDA0MjMxMzIzMDNaMCECEAq9 +y/Rkn3GgZK3atOfFBJQXDTE0MDQyMzEzMzUxMVowIgIRAPSktpy670IMxcWo9eNM +X0QXDTE0MDQyMzEzNTQyNVowIQIQG4/tVs5ByZSjHmjGnNoo+xcNMTQwNDIzMTM1 +NTMyWjAiAhEAjWyg/UuJ/yKc3t6dC7AeBhcNMTQwNDIzMTQ0NzE0WjAiAhEAkLs5 +7TE/pyTy2KbldEdnyRcNMTQwNDIzMTQ1MjU0WjAhAhBkhQn+8QAxEKffqfhGy4nV +Fw0xNDA0MjMxNDU5MDRaMCICEQC15+kJGU8ZZPtI7lr6Or78Fw0xNDA0MjMxNTAz +NDJaMCECEC2NTnfu0ZCmhHYfHpkBflUXDTE0MDQyMzE1MDc1OFowIQIQA3whWKoA +d6ntumudRhSA/hcNMTQwNDIzMTUwODM3WjAiAhEA54xJweXOXX3FqWpwHpnedBcN +MTQwNDIzMTUxMDIzWjAiAhEAsQ95E2Q95AqUrJCEV3TfgBcNMTQwNDIzMTUxMzA0 +WjAiAhEAnEu1zhoilmzJvNQwx35tNRcNMTQwNDIzMTUxNTUwWjAiAhEAj00STRWa +wt8mpnRajoSJFBcNMTQwNDIzMTUzMTQ4WjAhAhA8mZstheGT2Cqal9e47ouFFw0x +NDA0MjMxNjU0MTdaMCICEQD7PvCmlfJbvZ+WTEKIdX+dFw0xNDA0MjMxNjU1MTla +MCICEQCDpEwB4QQpgKM7d+EmRQRwFw0xNDA0MjMxNjU2MjNaMCICEQCYuhW3Z00y +nOAg/CDbpmAMFw0xNDA0MjMxNjU3MjNaMCECEFdowHYRn6zAjMICGLK5ZRUXDTE0 +MDQyMzE2NTgxN1owIQIQB3OYc4FDmvBE8vUhtqRoeBcNMTQwNDIzMTY1OTE2WjAi +AhEA6Qk1kdEnKkX9YvGzmLk2eRcNMTQwNDIzMTcwMDE0WjAiAhEAxfZN0RzorA5z +lLDBcLL6jRcNMTQwNDIzMTcwMTAwWjAhAhBZZBUOk+mtzhjxQIctBsVXFw0xNDA0 +MjMxNzAyMTJaMCICEQCTVutzl6/HxbiyK/+j5IxzFw0xNDA0MjMxNzAzMjNaMCEC +ECEkq/zz8R8ADsGOlEvzdlkXDTE0MDQyMzE3MDQyMVowIQIQBGn/j+Y4rEqF9G8Y +JplhCRcNMTQwNDIzMTcwNTE3WjAhAhBxedrJrpzcJxWUC34XQ4vrFw0xNDA0MjMx +NzA2MDdaMCECEHIjA0SdAqB+K2o/cG9RD9UXDTE0MDQyMzE3MDY1OVowIQIQeXzf +Hx+IvtcRvrBu/XfoaBcNMTQwNDIzMTcwNzUzWjAhAhB/x5dffzvGsbzsA0t/lomB +Fw0xNDA0MjMxNzA5MDFaMCICEQClmizWR5p6j6xPM5eW09fzFw0xNDA0MjMxOTEw +MjNaMCECEA0FMk1rWl2VAz6WrKknCEkXDTE0MDQyMzE5MTI0NVowIQIQQliV8oMl +PBWm/W5W4K+G5hcNMTQwNDIzMTkxNDA2WjAhAhBEff22u7tvjGcfYe7xNKByFw0x +NDA0MjMxOTE0MTFaMCECEH0VmnuaMjkaebA5OBKwVJgXDTE0MDQyMzE5NDgyMFow +IgIRAOSSdVTtdKJf8fPz9QL6dYgXDTE0MDQyMzE5NDgzOVowIgIRALTtEZ02BLBA +ppfgS3jxM38XDTE0MDQyMzIwMDk0OFowIgIRAKbfKfXT1swPMBbdZZKGaUoXDTE0 +MDQyMzIwMDk1NlowIgIRAOwkd95uPaHu6BJrjvWRIOgXDTE0MDQyMzIwMTAwM1ow +IQIQLcMlwb57n7nZREeFny/tsRcNMTQwNDIzMjAxMDExWjAhAhBuQw/0KyuW38u8 +oXKi2+3ZFw0xNDA0MjMyMDMwNDRaMCICEQCHdgk/GJwQN7UCLFhufiJoFw0xNDA0 +MjMyMDQyMDNaMCECED8f1BPMwaJnHFR+bqrFjJsXDTE0MDQyNDA1MjM1OVowIQIQ +Fp4o6epxxbhXd2DfGyzwYRcNMTQwNDI0MDUyNTI4WjAiAhEA+Ary0V/o66gE5+qW +aWOVvhcNMTQwNDI0MDYxOTEwWjAhAhAZO/knh3Kj2ngttR+yRu6bFw0xNDA0MjQw +NjE5NDFaMCICEQCQslu1ZQ2BAu5hzXqshk6/Fw0xNDA0MjQwNjIwMDZaMCICEQDB +JhbELPrAn8sGTY0aevQWFw0xNDA0MjQwODM2MDJaMCECEFiwk2ilS7IoV4XkgtY3 +VS0XDTE0MDQyNDA4MzcwMlowIQIQARMV7cBXw0WMr+rYzMtNrxcNMTQwNDI0MDgz +NzIyWjAiAhEA5hcujgtSklhtqHzzEvlwNBcNMTQwNDI0MDg1OTE3WjAiAhEAxFiY +6646FGk/ZWSK5RzBvBcNMTQwNDI0MDkxMDM2WjAiAhEAizSF3Q+UquLNxmJcLo+N +YxcNMTQwNDI0MDkzNzU0WjAiAhEAvXh4O8pMN0SbEOXfXHUYNRcNMTQwNDI0MTEy +NTA2WjAiAhEAz2XBwgvHemCwhlIWOqWmchcNMTQwNDI0MTEyNjQwWjAhAhA+xi/4 +4+wZ+QS/Y6Y7AHKwFw0xNDA0MjQxMTUyNTNaMCECECe5Pu/ITaZH5mt8sgH38fEX +DTE0MDQyNDExNTM0MVowIQIQUb8wNQ6jptjoc+0FE2wgNRcNMTQwNDI0MTIxMjE0 +WjAiAhEAlfhOzpxX4L4+J994XtdDvBcNMTQwNDI0MTIxMzU5WjAhAhANaNWQUCpP +imv9WL5wckxCFw0xNDA0MjQxMjIxMDdaMCECEHvOK1G1wkExLGxfZa+7PiQXDTE0 +MDQyNDEyNDQ1NVowIQIQDUpBiSXBTUbvXdsBHGbZERcNMTQwNDI0MTMwMTIxWjAh +AhBOYWrJPpy7UGxe3/HLlna2Fw0xNDA0MjQxMzA4MTdaMCICEQDScv586FzuTJA7 +OIOKGy+2Fw0xNDA0MjQxMzE1MjBaMCECEHs+HxVXmDTn3TVF+ams5+sXDTE0MDQy +NDEzMTUzNVowIgIRAPMTNXCaoyeZGZC0IOR7c+QXDTE0MDQyNDEzNDEyOFowIgIR +ALrHs02TIeURo1/E/0cXtVQXDTE0MDQyNDE0MTExNFowIgIRALNss2zBpS5njglU +DDKUiycXDTE0MDQyNDE0MzgxM1owIQIQK9KKtIOdEiDs25EKcF+qlRcNMTQwNDI0 +MTUwODM2WjAhAhBOcI26Q/aKYVG+jRGPZdcLFw0xNDA0MjQxNjE5MzlaMCICEQCQ +7bpPuEV33IPu/j1Z1PqJFw0xNDA0MjQxNjE5NDFaMCECEHu84WDxIECDy5NjEPoZ +q0sXDTE0MDQyNDE2MzU0NlowIQIQChILxnq92T5XntaUVQQ1XxcNMTQwNDI0MTY0 +MTU5WjAhAhA7nHBTua6j+Noo3F9lxLO9Fw0xNDA0MjQxNjU2NDBaMCECEHgC/Xyn +NQBpEQhV4WPvI4UXDTE0MDQyNDE2NTcwN1owIgIRALPC2M4IkHcJxv3134IiD/wX +DTE0MDQyNDE2NTcyNFowIgIRAJEKdLaoMx8s7F+i9MjySuQXDTE0MDQyNDE2NTc1 +NFowIQIQCBbpVIrIvrOahYR4hZTAjRcNMTQwNDI0MTY1ODI3WjAiAhEA7NjUBKTN +g7vqHYLUInVN7hcNMTQwNDI0MTgzNDMzWjAhAhAppXzO2niC9yYsYOCLQeBRFw0x +NDA0MjQxODQzMjdaMCICEQDF821l2qSUuCoWbTVmIRAyFw0xNDA0MjQxODQ1MDJa +MCICEQDOOjbPWWXy1IWVKZiUAlezFw0xNDA0MjQxODQ1MzRaMCICEQC7IHhDIbP/ +UEMQzXJEbCx4Fw0xNDA0MjQxODQ2MTlaMCECEGcEz9xvy2RqsfWeawuuvRoXDTE0 +MDQyNDE4NTAzOFowIgIRAI9xO8AE4lrr4R4gMobQ+VMXDTE0MDQyNDE5MDgzMVow +IQIQZOLGyqJxOdGYYFJs/akiQBcNMTQwNDI0MTkwODM4WjAhAhABRpiaycKgyB39 +lsG9JXMPFw0xNDA0MjQxOTQ5NTNaMCECEDBiPUficNbou2Hs65t0scAXDTE0MDQy +NDE5NTUzM1owIgIRAOBuQ9PEGAEmvu/rQeEQbNYXDTE0MDQyNDIxMDkwMVowIgIR +ANrs4kUS5CiF1Kag86ld84UXDTE0MDQyNDIxMzMyNVowIgIRANWqBOj3NnxMt94L +iGtvlzcXDTE0MDQyNDIyMzIzN1owIgIRAOqLZGh5mAtVyieAaLaBQe0XDTE0MDQy +NDIyMzMxNVowIQIQCPnTeU2/ZlyFKMLfG6JGnhcNMTQwNDI1MDM1MTQwWjAhAhBn +4FacOjmot/TqSXBpvV96Fw0xNDA0MjUwMzU5MTlaMCICEQDDxLClaTJJnLxT5M+4 +qjTfFw0xNDA0MjUwMzU5MjRaMCICEQC6ZwoyVD9cto2GLoZPZUveFw0xNDA0MjUx +MDEyMzZaMCECECaXFKyWwpfgx28P341YUXQXDTE0MDQyNTEwMTY1N1owIQIQQuER +JVLGvVpWcGk1EwPIQhcNMTQwNDI1MTExNzIyWjAhAhARQNpBuWxRoGRGeossq/x1 +Fw0xNDA0MjUxMjM1MjBaMCICEQDWH3eQnPGjYLlp5bmx6ri3Fw0xNDA0MjUxMjQ5 +MTVaMCECEFjCbsk68jBEobNB9tnlQqAXDTE0MDQyNTEyNTMwOVowIQIQKzoAxx1e ++/TSz0G5ZwAn8RcNMTQwNDI1MTI1MzE0WjAhAhB7VaQLCqZ6ZaZ84GGdZT8yFw0x +NDA0MjUxMjUzNTNaMCECEFpts+GtwMfZIlZI3MGOrzUXDTE0MDQyNTEyNTQxNVow +IgIRAINX4zXXgrg3pHvDkiPyc9YXDTE0MDQyNTEyNTQyMFowIQIQPZGnO0yaIxrn +Qux5Dx07NhcNMTQwNDI1MTI1NTAzWjAhAhAbQDwWMK0cLxY+AScKSFPBFw0xNDA0 +MjUxMjU1MzFaMCICEQDEF8qFQbnGOM9Jgj/T5bvJFw0xNDA0MjUxMjU1MzZaMCEC +EGLm9F3HcZsSravlvPx2iEAXDTE0MDQyNTEyNTYzN1owIQIQE6dBPUsps85iXw4y +jTSeFhcNMTQwNDI1MTI1NzE1WjAiAhEAtBzDEOgnuAPK+UoMYRNmkhcNMTQwNDI1 +MTI1NzQxWjAiAhEAj0RLjw0mZEqgG5T42pRqCxcNMTQwNDI1MTI1NzQ5WjAiAhEA +mpl6RyBwz6alk3VmofVBSBcNMTQwNDI1MTI1NzUxWjAhAhA7Z4LQkkEMST7mpcU8 +k9qxFw0xNDA0MjUxMzAwMjhaMCECECVCt7tVowQ0/H/o8w9HfWoXDTE0MDQyNTEz +MDAzN1owIgIRAIU6+E9rqfJ5nPPtMvyfwF0XDTE0MDQyNTEzMDA1MVowIgIRAOdI +Q9mwZ8kVYe2NpDeQjOgXDTE0MDQyNTEzMDA1NVowIgIRAP2csJnnBJ40zNTM6Cwf +MwwXDTE0MDQyNTEzMDEyMFowIgIRALf1VHk0jyPGIdEuow6nbtAXDTE0MDQyNTEz +MDEyNVowIgIRANF+ydCmjp/CUSWfCsDWp08XDTE0MDQyNTEzMDE1MlowIQIQWZtW +OeWu49vddXbDAvIxmBcNMTQwNDI1MTMwMjIyWjAiAhEAhztTs4D7cOZ0740jjjIq +UBcNMTQwNDI1MTMwMjU4WjAiAhEA+DzDLElRlPnudh2OO5a+9xcNMTQwNDI1MTMw +MzI3WjAiAhEAisThFsGWn4igzDn3plBSeRcNMTQwNDI1MTMwMzU0WjAhAhAHAs53 +GqqUDu2rTnRkFbkRFw0xNDA0MjUxMzA3NTlaMCECEEANgreWHddcNQ0ZvsT7BTIX +DTE0MDQyNTEzMDkwNlowIQIQdv23gq4FRjURnvmjXW0PjxcNMTQwNDI1MTMwOTQ3 +WjAiAhEAlL9Zfq1Yyx1C0FPIx0tolBcNMTQwNDI1MTMxMTEwWjAiAhEA5dckAjeg ++l/qS3LZUBr5jRcNMTQwNDI1MTMxMTU5WjAhAhAMIVviPBnlJCJ4I1SaHg9bFw0x +NDA0MjUxMzEzMDJaMCECEB3y/yCwhcKV+JJmD/mFf5IXDTE0MDQyNTEzMTM1OFow +IQIQL8NuWvxNTCaSdDdCMyi73hcNMTQwNDI1MTMxNTA2WjAiAhEA4uRh0xdBWtOS +NQeIptwUohcNMTQwNDI1MTMxNTM5WjAiAhEA4LmIj6Ism9j0tAkGj7nxWhcNMTQw +NDI1MTMxODAzWjAhAhBOxebh01OgEAKICfRf/+fGFw0xNDA0MjUxMzE4MzBaMCIC +EQC9adegYvmFYdUFOS3JQrVaFw0xNDA0MjUxMzE5MDVaMCECEFdGKf6THAFjK7TC +HoXIOQcXDTE0MDQyNTEzMTk1MlowIQIQJ+UYuLpkXt2Rz1vJQHvo5RcNMTQwNDI1 +MTMyMDExWjAhAhBtcDGz5utbxwSMVg/SUWrGFw0xNDA0MjUxMzIwMjlaMCECEAYq +CufEeoP3wDIy8Q+vvuYXDTE0MDQyNTEzMjA1N1owIgIRAKnrnYRnDIZP/R/K0cv/ +5kEXDTE0MDQyNTEzMjExOFowIgIRAPBWHmn+nI+yWQeK+N99vCoXDTE0MDQyNTEz +MjEyM1owIQIQRu+GTOPnOuRrsGeoX2suGBcNMTQwNDI1MTMyMjA1WjAhAhBkOCKn +YV1PXhfUFgZ25DKWFw0xNDA0MjUxMzIyNDlaMCECEFXXjC2pJI4FHZ0H0mzv+lMX +DTE0MDQyNTEzMjMwOFowIQIQC39Yrw8zmyJpufBvLm+HrxcNMTQwNDI1MTMyMzM2 +WjAiAhEA84iS6hKvhD/uLKmydWsOQBcNMTQwNDI1MTMyMzM3WjAhAhBiC64hF8NS +dCNZ0UkkwevkFw0xNDA0MjUxMzI0MTBaMCICEQDpkXmYE9Ou4n2305Awwa5fFw0x +NDA0MjUxMzI0MzBaMCECEC9zyeY/fNyIhil8SFpv20UXDTE0MDQyNTEzMjUzOVow +IgIRAPqsp3VoLxCFdjaXWHNi7bUXDTE0MDQyNTEzMjU0MlowIQIQVCjtoueIVXVr +z/NcL4yCNBcNMTQwNDI1MTMyNTQ3WjAhAhB1ywa47Vakb1z/ALTCmhx8Fw0xNDA0 +MjUxMzI2MjBaMCICEQDShDxeoy+DXfQpjQBumC5CFw0xNDA0MjUxMzI3MDJaMCIC +EQDPlIpESxdsuRxTx+MUuxWjFw0xNDA0MjUxMzI3NDNaMCECEGlcLqFJHfDEBpM+ +YQeIG2MXDTE0MDQyNTEzMjgzMFowIQIQatYzXd0teEdaM46lZEAlGhcNMTQwNDI1 +MTMyOTMxWjAhAhAjaNyVUlV4nh4K5wUiKUzkFw0xNDA0MjUxMzMwMTdaMCECEEF8 +i1220udLRKD73CchBXsXDTE0MDQyNTEzMzA0NVowIQIQFUPtNFENTQDqk2/RX11a +4BcNMTQwNDI1MTMzMDQ3WjAiAhEAoJta+WUCx3mOeKeHIRO+lxcNMTQwNDI1MTMz +MTIzWjAiAhEAyQlPF6vxW4vgik4qWJZsYhcNMTQwNDI1MTMzMjAwWjAhAhBsoYuu +HVzI14ZWjuE5VnXAFw0xNDA0MjUxMzMzNDFaMCECEHcX9VlTvik2WgOlnJodSn4X +DTE0MDQyNTEzMzQ0OFowIgIRAJ9j/XrjMGdLv8PvicsIXJEXDTE0MDQyNTEzMzYy +NVowIQIQFMSiHzNwmgcJDgBmbk+CdhcNMTQwNDI1MTMzNzEyWjAhAhAqHJu0PlzF +/GeCMAoa2TUOFw0xNDA0MjUxMzM4MjNaMCECEDDD7xA1nLnasq5pj3qB+GgXDTE0 +MDQyNTEzMzgzM1owIgIRAPVHQU39mlrdI6urxhGi1ugXDTE0MDQyNTEzMzkxOFow +IQIQEB8xRSFlOR7L1NlvmWSJ8BcNMTQwNDI1MTM0NTA1WjAhAhAtCX8quoSZ57a3 +4g/zd4ajFw0xNDA0MjUxMzUwNTFaMCICEQCRsOnhKkFjJWgTHln99wRUFw0xNDA0 +MjUxMzUzNTJaMCICEQCY1sYyj43IctBZVsc0C1XqFw0xNDA0MjUxNTIwNDZaMCEC +EA0Q+kkRj1jok1jL+8J6wBkXDTE0MDQyNTE1MjUyN1owIQIQHNpivpjesLhV2RO5 +I74PqRcNMTQwNDI1MTUzMTQ5WjAhAhAheSBSkcnmrJdJST3/0yJUFw0xNDA0MjUx +NjExMTFaMCICEQD3wZ8Y5FImR8Vi5sjAr8kBFw0xNDA0MjUxNjEzMDJaMCECEAc7 +b1wsX6/3jN9NW3GG2xEXDTE0MDQyNTE2MTMwMlowIgIRALKMPrSZkXyOCQZpxJjK +OF8XDTE0MDQyNTE2MTQ1MFowIQIQSfi70iJ6z+XERcxNfVTXuRcNMTQwNDI1MTY0 +OTIyWjAhAhBp9RtKT7wJHj0FvYBJMjClFw0xNDA0MjUxNjU0MDVaMCECEC7VgK3s +LiIOe0qiCgJGIZMXDTE0MDQyNTE2NTk1NlowIgIRAONMShVehbFLD7kzSp7+Q08X +DTE0MDQyNTE3MjY1OFowIgIRAO9VYm9mggD76c868kGqyCAXDTE0MDQyNTE3MzAy +MFowIQIQWTLmBM2xGiCTRjbSIKfZvRcNMTQwNDI1MTczMjIxWjAiAhEAg+Ke1y2B +3Asi15VcioBouRcNMTQwNDI1MTczNTA4WjAhAhATmTFshCXIzPR8XjZySeNJFw0x +NDA0MjUxNzM5NDNaMCECEDPQefFucUhsdKVxeq5PZsgXDTE0MDQyNTE3NDEyNFow +IgIRALapLPF0gsQwVcwwqA3a5HgXDTE0MDQyNTE3NDI0MVowIQIQTFRGRr8Ma4SI +bHVAUlA3VBcNMTQwNDI1MTc0NDI1WjAiAhEAld3BPp1utBeHzvm1mS0y1RcNMTQw +NDI1MTc1NTE3WjAiAhEAv78UPzA2DgKNFwBuytO3HhcNMTQwNDI1MTc1ODQ1WjAh +AhA1zhqbYClMMc78e6QH1VYYFw0xNDA0MjUxODAxMTFaMCICEQCZgp92M0DXeASy +owSDPL8NFw0xNDA0MjUxODAyNTRaMCICEQDVShb56XRnE1n6iWAOlnA+Fw0xNDA0 +MjUxODEzMDBaMCICEQDouBu2scThvJcqgt7/wK/4Fw0xNDA0MjUxODE1MzdaMCEC +EGNVDuwJ5hGJ3Z0atCuPGpcXDTE0MDQyNTE4MjEwOVowIgIRAKbmL/2ypHX8b5hb +Y3eVFG4XDTE0MDQyNTE4MjIwMlowIgIRAOhlwMRmuuRES+/E2ikZpCYXDTE0MDQy +NTE4MzUzOFowIQIQf0OMkvo52N0I388+Qs0I/hcNMTQwNDI1MTgzNTU5WjAiAhEA +xA2nMVZJBSvYdjfzQSWEWhcNMTQwNDI1MTgzNjM0WjAiAhEA5oNVj8tb5I15kHub +HBxqchcNMTQwNDI1MTg0MTU0WjAhAhBPVa5d8X3JWIFZy+l8D3EfFw0xNDA0MjUx +OTIxNTlaMCICEQD2FtmeWQmSbp4soAXlLjKwFw0xNDA0MjUxOTI5NTJaMCICEQCU +yEMT4cXXi8hvcnBFnd+8Fw0xNDA0MjUxOTM0NTFaMCICEQDg8Mq5ZXnhy+qE0NjU +oEGWFw0xNDA0MjUxOTM4NDJaMCICEQDHlupPKiQdSk0dFMV48bXJFw0xNDA0MjUx +OTQzNTlaMCECEE/ekvt1xAvzhAvK1vEEjxgXDTE0MDQyNTE5NDc0MlowIQIQS4vg +ejpqoFZbCbR6eaV/KRcNMTQwNDI1MTk0OTE0WjAiAhEAmWQA5+WQietLUr4xmojt +VhcNMTQwNDI1MTk0OTMwWjAhAhBOAZNCrRSS7ckToiBU9Bd1Fw0xNDA0MjUxOTU1 +MzNaMCICEQD1InoMLw3u6DKYqDrEjquhFw0xNDA0MjUyMDAxMTVaMCECEA7DMeip +1HOXuw099nh+gYoXDTE0MDQyNTIwMDMzNFowIgIRAOpcVmk9Er9ZRhRMDM5JwvgX +DTE0MDQyNTIwMDQyMFowIgIRAKMH0PtZ/KzPKQxUu3MECB8XDTE0MDQyNTIwMDcw +MlowIgIRAJ0TbezgWHU1DSSlU5S/aOUXDTE0MDQyNTIwMTM1M1owIQIQVi34G9ie +/acee/XlA223JhcNMTQwNDI1MjAxNDMzWjAhAhB4pDoTjnB82wcx0b1lWYPZFw0x +NDA0MjUyMDE1MDZaMCICEQDWYlqFtegrPyMs7vRadgO2Fw0xNDA0MjUyMDE1NDFa +MCICEQDw9MEU4y/ULEFK6IoX0ffuFw0xNDA0MjUyMDIzMjBaMCICEQDUDLpxOWI1 +n9ESPgHNtj8uFw0xNDA0MjUyMDMzMjhaMCICEQD7qxqTr6yI6yw+6T6K4wcyFw0x +NDA0MjUyMTAxMThaMCICEQDAcNWuBuxNAXKXDsJyH1UxFw0xNDA0MjcxMDE2Mzda +MCECEDhLygyC2O0ezKSg1SclI3cXDTE0MDQyNzE5NDgzNVowIQIQAMGJnTObPzua +3AXlYXBjGRcNMTQwNDI3MjMyNDI3WjAhAhAVOrkTz69Amov+ICa6vHlWFw0xNDA0 +MjcyMzI1MTVaMCICEQCKpeUJONyFQpE3f7N2Ks0AFw0xNDA0MjgwMzEzNDJaMCIC +EQCdjsdn/S7M0oyOLU1u1Z8PFw0xNDA0MjgwNTA0MTFaMCICEQDvjAOXwkuvVr+8 +pfnbQm2WFw0xNDA0MjgwNzMxMjVaMCICEQCn9COuCtYnDD0Ux1JshzLaFw0xNDA0 +MjgxMDA0NDFaMCECEBUOyBEKrEux47NulyrpkNwXDTE0MDQyODEyMDMzOFowIQIQ +TxvRZ3tI5FS5JK59Xe5TyxcNMTQwNDI4MTI1NjM0WjAhAhBqrsf8Iz/AsxulCc1y +kw5aFw0xNDA0MjgxMzA5MDhaMCECEFnzVhKk8hXH7KzSWFtFXHgXDTE0MDQyODEz +MjIzOVowIQIQDbn5eYC5YL4uXh8f600FdhcNMTQwNDI4MTMzNTI4WjAhAhBWMXPp +pf0fghLpPbxw9/W+Fw0xNDA0MjgxMzQyMjlaMCICEQCovlEQI1Rcp63W9Tc4y5uZ +Fw0xNDA0MjgxMzQyMzhaMCICEQC/qvlFJogwCb1gkE3OLm0hFw0xNDA0MjgxMzQy +NTJaMCICEQCx1IVxRtuE7n0N0sQeyg6vFw0xNDA0MjgxMzQzMDZaMCICEQDYQBRS +RIJ5+hzi3L02TjF5Fw0xNDA0MjgxMzQzMzFaMCICEQD/pnuzpA3s3UPI1w+bbuqe +Fw0xNDA0MjgxMzUwMjNaMCECEEBli4NgrW2U6R64lutBPyYXDTE0MDQyODEzNTMx +MFowIQIQLfNUsCULFWlXuktUxLb+HRcNMTQwNDI4MTQ0ODEwWjAhAhAx4fMKlO0c ++U47fWrw9fevFw0xNDA0MjgxNTAwMjNaMCECEEpqxmFBZVlw25x1UNedwSQXDTE0 +MDQyODE1MDAyOVowIgIRAIDHWQLSmWpmR5qKnuN8YzoXDTE0MDQyODE1MDAzM1ow +IgIRAKa5EJxrykHZD17aUOSqgkUXDTE0MDQyODE1MDExM1owIQIQAhOiPXagBFRo +bpocGKNlDxcNMTQwNDI4MTUwMTE5WjAiAhEA4iEDZT714oouo6bL6VUgJhcNMTQw +NDI4MTUwMjA4WjAiAhEAzB8YyxonzWahgir8pj2iYRcNMTQwNDI4MTUwMjMxWjAi +AhEAsYHrH0ULHUsxAy7NqRbw1RcNMTQwNDI4MTUwMjM2WjAiAhEA9LIGxtBXz4zC +YaLiYq1BYBcNMTQwNDI4MTUxNjE5WjAiAhEA12Db1hWC8rRI0v1Ic/RC0xcNMTQw +NDI4MTUyMDM3WjAhAhBdW0RzfKgoPUwR7355S43nFw0xNDA0MjgxNTIyMTNaMCEC +EEnLkj2Tjf1dvp3soHROIMcXDTE0MDQyODE1MzAxMlowIgIRAKs2UcF5dHkG4Y5i ++sCSH8QXDTE0MDQyODE1MzE1N1owIgIRAKbeNL98uyIJhle5jBM2t7gXDTE0MDQy +ODE1MzIxMFowIgIRAKuGjKSSj7CLb62ikkB2694XDTE0MDQyODE2MTA0MVowIQIQ +cgut3Ke2uea4HXbHHo/bVxcNMTQwNDI4MTYzMzQyWjAiAhEA6JEaDIWdlUaD5SB/ +Ee3b1xcNMTQwNDI4MTYzNjQ3WjAhAhByk0WTzfengZC1UEFF4kE7Fw0xNDA0Mjgx +ODQ1MDNaMCICEQDt26mnfStoa8cfj6vGWC+vFw0xNDA0MjgxODQ1MTZaMCICEQD2 +tdY/SFcvJ9XJndGssavjFw0xNDA0MjgxODQ1MzJaMCECEHkBOjsEYyT/GQTFQzvV +aIAXDTE0MDQyODE4NDU0NlowIgIRAPTKJQP0DxUDT0Vkco2vWTYXDTE0MDQyODE4 +NDg1OFowIQIQQQ1B58axep0H8q6oD7uErxcNMTQwNDI4MjAxNzAxWjAiAhEAmjvi +Y7EWADc4cbrwjqI7FBcNMTQwNDI4MjExMjE4WjAhAhABjuF4R09/fb6Q/FvjtdU8 +Fw0xNDA0MjgyMTEzMzBaMCECEFCf/QCrFkvE1X05rlwx97AXDTE0MDQyODIyMTU1 +MVowIgIRAKzli3dTKm0d7W8Zxv3wY+4XDTE0MDQyODIyMTY1MVowIQIQTQ89sJzt +QloGD2qXKOY/lhcNMTQwNDI4MjIxNzM3WjAhAhBL8HEkCC+FQR4Uw6dpdFGrFw0x +NDA0MjkwOTQwMTRaMCICEQCUVU1hGNMlcKeiGusa6bDbFw0xNDA0MjkxMDE4NDha +MCECECTGeH+lu4s6T2d2YjD7J2QXDTE0MDQyOTEwMjA1NFowIgIRAJjAikhtHreG +AkUV+iFaLzsXDTE0MDQyOTEwMjEyN1owIgIRAMyOpPUKSd2l5GfleSZv1IUXDTE0 +MDQyOTEwMjEzMlowIgIRAIbHWtkpED2qcpD/fBOzGMgXDTE0MDQyOTEwMzU1MVow +IgIRAMgfOyhtRlZ/drKvgO+0NhQXDTE0MDQyOTExMjE0NlowIQIQSJeS/iksZKcL +iwU5KymMoxcNMTQwNDI5MTIxNTQ0WjAhAhBlDu4lUkK95hxaqvBRU0dXFw0xNDA0 +MjkxMjI0MDdaMCECEDsmZiIvvtp3BGGI5qFx0rEXDTE0MDQyOTEyMjQyOVowIgIR +AJYtJB4L05hkZ6XvDPxOHs8XDTE0MDQyOTEyMjQ0OFowIQIQKaOwgtxVspgvAM/6 +W7S0chcNMTQwNDI5MTIyNTA4WjAhAhAdvcBQQGp9VlGxNe5jOf+bFw0xNDA0Mjkx +MjUyMjJaMCICEQDPSS5rYfBCddFBt3X8biqSFw0xNDA0MjkxMjUyMzRaMCECEDIm +Mu+33Pw6BVjq+9VGysQXDTE0MDQyOTEyNTI0MVowIQIQCoFv6ARH3EhYyILDJBuj +9RcNMTQwNDI5MTI1MjQ5WjAhAhA0chzOJjA2RwrlY5ITDlFaFw0xNDA0MjkxMjU0 +MDVaMCICEQD3BACvEJUzFCuUEF8NCNIOFw0xNDA0MjkxMjU0MTJaMCECECg9klBe +p1Sj5FBwKvYq9xMXDTE0MDQyOTEyNTQxN1owIQIQF/GdeArcoz6eFePRW6r/WxcN +MTQwNDI5MTI1NDIyWjAhAhBB6u9Sli95m9SylC+2zcHIFw0xNDA0MjkxMzE0MDRa +MCECEAwW8tHgahWe3cK4hu3QlrUXDTE0MDQyOTEzMTk0OFowIgIRAKlcHDeMKCaL +Mnbfho0h3iYXDTE0MDQyOTEzMTk1OVowIQIQRPZQF+6v2FHBQ3zaelPqvRcNMTQw +NDI5MTMzMzAxWjAiAhEApc5BGLaizr/dRSCy2RENaRcNMTQwNDI5MTQwODAwWjAi +AhEA3S7n6A3+EnKW2jEof7P2yBcNMTQwNDI5MTQxMTI0WjAiAhEAjcGxgSo+6myk +OG9fjPVSyRcNMTQwNDI5MTQxMjA3WjAhAhAp/T7RUCKUdmMvggn2+akIFw0xNDA0 +MjkxNDM1MTRaMCECEAFKOGYZuCHwVCIAON58MDwXDTE0MDQyOTE1NTY1OVowIgIR +APKzABjIgtywRq+4liQ4HskXDTE0MDQyOTE1NTczMVowIQIQbJY97Fjfllm2oYH9 +gQiV1hcNMTQwNDI5MTU1ODA5WjAiAhEAg97C0rQ6yEH9gia55YiHuhcNMTQwNDI5 +MTU1ODE0WjAiAhEA2HEbprK6rfp3RMb/p7XKghcNMTQwNDI5MTU1OTA5WjAhAhB/ +HP5pCJ4DspBAfZZ8ig+1Fw0xNDA0MjkxNTU5NDVaMCECEHw0kM2RIM3WXWeWkQPN ++xYXDTE0MDQyOTE1NTk1MFowIgIRAK2vXeVhkqJ7j0l7cTLjxi8XDTE0MDQyOTE2 +MDA0MFowIQIQEAcVrzwcXGcAsxmaRJq2GxcNMTQwNDI5MTYwMDQ0WjAiAhEAr+LS +ivW/sGXwrK4w0UQ+DRcNMTQwNDI5MTYwMjQzWjAiAhEAvW8lqhcgT9KUcXzkejzl +jxcNMTQwNDI5MTYwMzA2WjAhAhAwNlFwNm9ezB+j8HMmtIm+Fw0xNDA0MjkxNjAz +NDZaMCECEF00T/rvqcj52c4Y2xyR1DEXDTE0MDQyOTE2MDM1MVowIgIRAP0hMkyn +WDDQb2oPLfvDhA8XDTE0MDQyOTE2MDM1N1owIQIQWuc+VNMUsI+O30B9smvDxxcN +MTQwNDI5MTYwNTA1WjAiAhEAwckurns8jaH0RxEVEd83GRcNMTQwNDI5MTYwNTE0 +WjAhAhBQB03uZ1CU+z4f2Y8wCi5vFw0xNDA0MjkxNjA1MzhaMCICEQDpdoY9idyw +x/lshSZZnf2MFw0xNDA0MjkxNjA2NTJaMCECEBFAG6k86GK1QET3AR6rfs8XDTE0 +MDQyOTE2MDcxNVowIgIRAL6461MpGNxYSxrHWHO7CmEXDTE0MDQyOTE2MDcyMVow +IgIRAKtSuUFIj2NFgZc3EZFsjGkXDTE0MDQyOTE2MDc1NVowIgIRANyn1M8zpUAO +V5OPM3HjMtoXDTE0MDQyOTE2MDgwMFowIgIRANn+qJfof+1LRo8SAQUKpXoXDTE0 +MDQyOTE2MTMwM1owIgIRAP5oYe88S/Nj9R6nxjic01YXDTE0MDQyOTE2MTcwNVow +IgIRAMpcIGNv8crXHWIfERAC/dsXDTE0MDQyOTE2NDMyMFowIgIRANm6lhE211aj +0ZutNAd1pmcXDTE0MDQyOTE3MDQ0MFowIQIQELu2+UIUJU+Bs/09KS58BRcNMTQw +NDI5MTcwNTIyWjAiAhEA1XUdXVCsBHIZvpkitDAZmhcNMTQwNDI5MTcwNTQ5WjAh +AhBvj+Zq1vrb9qMBpLL8wkGxFw0xNDA0MjkxNzEyNDFaMCICEQC43BihsuoK32fa +0RZCR1MuFw0xNDA0MjkxNzE0MzZaMCICEQCuq4oZR6z4jwV44Fav+rAiFw0xNDA0 +MjkxNzE2MzZaMCICEQCMUMaI74OaLian/mCJZxOyFw0xNDA0MjkxNzE3MTNaMCIC +EQCE4Q1C4EjyXpZjsPDIBjsZFw0xNDA0MjkxNzE4MzNaMCICEQC5fZcKxgTO6Wb9 +MDzNr3Y4Fw0xNDA0MjkxNzE5MTRaMCECECojZV0C7Q0/OcpxfRCZnBEXDTE0MDQy +OTE3MjAxMVowIgIRAKWoOa5QCj45SWjCSo8qi1gXDTE0MDQyOTE3MjExNVowIgIR +AICqSAmvOuhem6hZ0AHcn4kXDTE0MDQyOTE3MjEzNVowIgIRALXnjZsAcBJE2jra +5Q7hf3sXDTE0MDQyOTE3MjI0MFowIgIRAJTjBCOQR+o5hgPaSRIXQ5sXDTE0MDQy +OTE3MjM1NlowIgIRAIYKw5bfxmnZ/9ontfDLj50XDTE0MDQyOTE3MjQzN1owIgIR +AObBfoPf82lWpgC2UxWwNRcXDTE0MDQyOTE3MjYzNlowIQIQbS7YOeLqwz55MjVC +sNEqXhcNMTQwNDI5MTcyNzE1WjAhAhB6kCucIZ7bJOZfab/rrGAOFw0xNDA0Mjkx +NzI4MzNaMCICEQD3YLxUJoRw3aKtoe9vN+koFw0xNDA0MjkxNzI5MDlaMCICEQDE +WFc/PrbzjkE0dybzxtvxFw0xNDA0MjkxNzI5NDZaMCICEQCl/qvqDABavdn/GCGn +hJf3Fw0xNDA0MjkxNzMwMjhaMCECEBckHtjn88+GgWgql++iRrkXDTE0MDQyOTE3 +MzA1N1owIgIRAIkyKhyk9PzcWrQUhch3ThAXDTE0MDQyOTE3MzIwMFowIQIQD9H8 +nkc05Lyxh//jc97vDxcNMTQwNDI5MTczNzA2WjAiAhEA/BxKGlo1u3B9VM2VVAiN +SRcNMTQwNDI5MTk1NDU4WjAiAhEAkDcdTwEE95OrpuPl3FcmUxcNMTQwNDI5MTk1 +NzQ5WjAiAhEAwbMMcYT2vIEtwUJRyAnz3BcNMTQwNDI5MTk1OTUyWjAhAhBy2l7u +SgS9SYvjsS43k6shFw0xNDA0MjkyMDEyNTlaMCECEHztQlI0/CBOLB7sNMVQYCcX +DTE0MDQyOTIwMTMxOVowIgIRAIeLvbr7GpkQIdqAG9R6HI0XDTE0MDQyOTIwMTM0 +NFowIQIQZ5h3NplxXDndKZo62H3AGBcNMTQwNDI5MjAxNDAxWjAiAhEA9OWSvpaJ +1N+pj5vctZ9MQhcNMTQwNDI5MjAxNDQ5WjAhAhA1S701p2A9si4rEMLqwQezFw0x +NDA0MjkyMDE1MjBaMCICEQD/2Ah0s4pZ2LY6gZOiOSVTFw0xNDA0MjkyMDE4Mjda +MCICEQD1eSOywHp7H27qmw6PJY+zFw0xNDA0MjkyMDE4NTJaMCECEDiObVE/IgNr +lA9nxOHQonIXDTE0MDQyOTIwMzU0MlowIgIRAIVtB2+ExbjSWAQzYnll6HYXDTE0 +MDQyOTIwNTMyNFowIQIQL7J1HBdEEc+UT3dd3haiABcNMTQwNDI5MjIwNDQwWjAi +AhEAptsXSHpqT9A9s25LHLzF9BcNMTQwNDI5MjMxMTExWjAhAhB43Q3M7pQtQnCv +O6Ye5uAaFw0xNDA0MzAwMjQ4MzJaMCICEQDZYD+byU7MhCweGhFTd8bjFw0xNDA0 +MzAwMjQ4MzhaMCECEC7500yW/Oj2at6NJ6whDoUXDTE0MDQzMDAzMzAwNVowIgIR +ANPAcIQM5ApFeq7wX5ByTSkXDTE0MDQzMDAzMzAyM1owIQIQSTtYV+Y/OvNgELAT ++8I0NhcNMTQwNDMwMDYzNjM5WjAiAhEAtBJu7meJYaez0QtGmR0wSBcNMTQwNDMw +MDcxMTU4WjAiAhEAwzi1QDCW8t3yN1gUsKHj+hcNMTQwNDMwMDcxMjI0WjAhAhBb +AFU1QJu60iwdWfCqN8afFw0xNDA0MzAwNzEyNDZaMCECEAOMi+PipsBBsOwQsqrp +45QXDTE0MDQzMDEwMjMyNFowIgIRAJdQGmJX3nIDpSzZ29cXYsIXDTE0MDQzMDEy +MzA0MlowIgIRAL1PpfYLgjdq2WINsJt/X3gXDTE0MDQzMDEyMzEwM1owIgIRAOxN +ysABY0wguKXJsazFDawXDTE0MDQzMDEyNTEwN1owIgIRAPcc7RrzVCxHYYStHNrT +b1cXDTE0MDQzMDEzNDMyNVowIQIQbn1W6HVZgsxmUnf1RrDPWhcNMTQwNDMwMTM0 +NDM4WjAiAhEA9OtE3sO6w9GS3YJOpl10JhcNMTQwNDMwMTQwNjA2WjAhAhAZ8/3/ +VDb4R4+V7ExZQpaRFw0xNDA0MzAxNTAyNTJaMCICEQDkLQRblvYKyAbCu0HFo1We +Fw0xNDA0MzAxNTE3NDRaMCICEQD6iuIBNOztabtM5umRvllcFw0xNDA0MzAxNTI3 +NTdaMCECEAi1Pu9+XVycS1fWSWgHOEMXDTE0MDQzMDE1MjkwMFowIQIQLv1B6see +CpwFKT7GRtYovBcNMTQwNDMwMTYwMjMwWjAhAhAXFaj/pmvlh4Jilw9Ug8ufFw0x +NDA0MzAxNjE0MjhaMCECEG4+PKG4j964DZVucUSF5iIXDTE0MDQzMDE2NDExM1ow +IgIRAMH7UwtMmIPYppOpLlNXdr0XDTE0MDQzMDE3MjAwM1owIQIQSi3CfClS1QUM +YirbU5uIPxcNMTQwNDMwMTkwNTE3WjAhAhB87op4rSNpL1die6CdM1xuFw0xNDA0 +MzAxOTA1MjZaMCICEQCVPg2MNwK0YvFiY4fGOAQxFw0xNDA0MzAxOTA1NDdaMCIC +EQCcQzUHif3OEdVSc9q042XRFw0xNDA0MzAxOTA1NTZaMCICEQD3YJ09Ih1xYo2z +VLXPLU7kFw0xNDA0MzAxOTA2MDlaMCICEQC0xJP9p596mWZTUtXUfjXaFw0xNDA0 +MzAxOTU0MzVaMCECEERHyShN5P0GQWP3J8NYzFIXDTE0MDQzMDIwMTAwOVowIgIR +AID0leHax/6y3VnXLAtmI2UXDTE0MDQzMDIwMTE1MlowIQIQXiJgQ/LwPp3x1y9z +ZZumZhcNMTQwNDMwMjEwMzI0WjAiAhEAvvDQOp16HFDoSZFx4clMShcNMTQwNTAx +MDA0ODQwWjAiAhEA1QofJfdha2VPI0hqPQglDRcNMTQwNTAxMDgzMTI4WjAiAhEA +6/m8pInFbsePYINV3vOC9BcNMTQwNTAxMDkxNTEzWjAiAhEA/5/tht5pB/B6cTP7 +BfJFYRcNMTQwNTAxMTEzNDA1WjAiAhEAm/9iSsM/PKpUTBBavIsg3RcNMTQwNTAx +MTQxMzM0WjAiAhEAvY3Uv6m/nQ8xL6rsychCVhcNMTQwNTAxMTQxNTMwWjAhAhA0 +mv/bjTtlr5jMBs4hoY3NFw0xNDA1MDExNTA0NDZaMCECEBxgUvCbLqzGOvCDLBgN +R9wXDTE0MDUwMTE1MDc1OFowIgIRAKls643ys0YcMGkIDGrdtlcXDTE0MDUwMTE2 +MTE1NlowIgIRAPb+S4H3+kLBMdZ84xEEX88XDTE0MDUwMTE2MTMwMlowIQIQE4LX +GegJ2l+4GFme2oLaFhcNMTQwNTAxMTYxMzAyWjAhAhA0v0MlHFuW/quO9+BG8VeM +Fw0xNDA1MDExNjE2MTlaMCECEBVwSNKHRt1s/ZAF+OjFYhoXDTE0MDUwMTE2NDMx +MVowIQIQBBLQb/I5hrbkIPxorIyjDRcNMTQwNTAxMTgwMDIwWjAiAhEA9wkgacvk +fvbL7FLBGpO8DhcNMTQwNTAxMTgzNjMwWjAhAhBHNXOB+mLA+ptIYg/LMM+oFw0x +NDA1MDExODM3NTRaMCECECCY2MKUzOceCcE50nQgl+oXDTE0MDUwMTE4MzkwNlow +IgIRAIRFY6+o/mDw5jdaD7dPsboXDTE0MDUwMTE4NDAxNVowIQIQG3NRFtWf0rhh +hayu2WhSbxcNMTQwNTAxMTg0MjUxWjAiAhEA6xQ6itldU3YRdyhX86ePzxcNMTQw +NTAxMTg0MzQwWjAhAhBsZ+TOb9LyERbNHOchL8szFw0xNDA1MDExODQ0MzFaMCIC +EQDdyXCERhI5I0P1LBsf40R1Fw0xNDA1MDExODQ1MTBaMCECED99I86UvcMI5ggZ +x4mXnyAXDTE0MDUwMTE4NDYzMlowIQIQdRnykR1Aj35J4aYx81pAwBcNMTQwNTAx +MTg0NzEwWjAhAhAiHO0S/Hcmif5SMLhEIB8MFw0xNDA1MDExODU1MThaMCECEAiM +DFA0nDyKmYnYomI0sIYXDTE0MDUwMTE4NTkxOFowIgIRAKfAxAbd2xE9b3ewf5bg +m68XDTE0MDUwMTE4NTkyM1owIQIQRiRzo96YcjLgiAWRZgnxkRcNMTQwNTAxMTg1 +OTI3WjAhAhBGRFfKPvDtiolWp6wTLHUaFw0xNDA1MDExOTUyMjJaMCICEQC223/0 +PyuaGZag7HvUxeaRFw0xNDA1MDEyMDAyNTNaMCICEQCiXrMNAM9gTvwkOm+QSyzN +Fw0xNDA1MDEyMDM2MTZaMCECECfDGLpDZ2yZTPF0dM4BHooXDTE0MDUwMTIwMzcw +MlowIQIQcTbRfcSxxW28xpp26hrh6BcNMTQwNTAxMjAzNzI2WjAhAhAlPEKaNK2p +UDGkN4/fe4ryFw0xNDA1MDEyMDM4MTVaMCICEQC1spmy5FOMgzR2KOokgWLiFw0x +NDA1MDEyMDM4NTZaMCECECExbGQBPi2XG1Ua/ZeHKNgXDTE0MDUwMTIwNDQzM1ow +IQIQYvJbUz7ujb0EMKWoUkVUhBcNMTQwNTAxMjA0NjEyWjAiAhEAwvfuklY/zpDb +YOmK4H9myxcNMTQwNTAxMjA0NzQyWjAiAhEA4A9RltfYAIj7Vt24qxuZVRcNMTQw +NTAxMjEzOTI2WjAiAhEA/oSEgagT0VKU62CymktivRcNMTQwNTAxMjIwMTQ5WjAi +AhEAzXRvCoisqW3WtryJtU64nxcNMTQwNTAyMDY0MzQ1WjAiAhEA95rCW9CiKrUK +mGgAW7XlGBcNMTQwNTAyMDc0MTE5WjAhAhAV3egb8rvcjQuU5JWeKXieFw0xNDA1 +MDIwOTIwNTFaMCECEFE9la6fqUJiWyNsPT0amiMXDTE0MDUwMjEwMDAyM1owIQIQ +bEWHLZoFKL9y6zexAfdkqxcNMTQwNTAyMTAxNzAxWjAhAhAgqZWuMQMigh0u47zC +WJn0Fw0xNDA1MDIxMDMyNDBaMCECEAu1wZOeJu6cUgSrAEN5vgYXDTE0MDUwMjEw +NTkyOVowIgIRANcliwm6dj2Q13h6l2cFJ+kXDTE0MDUwMjEwNTkzNVowIQIQXOXq +QpyJNEB6L8NX1YBfsRcNMTQwNTAyMTExNjI2WjAhAhAZ7lxwa3zSba2LI7l9aUGa +Fw0xNDA1MDIxMjU2MjdaMCECEGOjgzQg04lIFvqYRLRf4U0XDTE0MDUwMjEyNTYz +NFowIgIRAPTgY+gtZ7TrFI5dQ+mi9yAXDTE0MDUwMjEyNTY0MFowIgIRAMinMwx9 +pnHBahXoQLwuMuMXDTE0MDUwMjEzMDQwNVowIQIQFtalvyAHXxyXhXwjzQpILxcN +MTQwNTAyMTMyNTI3WjAiAhEAxg3Q0RDLY+av9Tu9yIDy+hcNMTQwNTAyMTMzNjI4 +WjAiAhEAhf8Aw7zQ8/4FQyfe5ynBlxcNMTQwNTAyMTU0NjEyWjAiAhEA5dvcBk3R +Ojpogz9b15ocGBcNMTQwNTAyMTU1MjA2WjAhAhBiXmB8OwidePtd53uyiL21Fw0x +NDA1MDIxNjEzMDRaMCECEFtFzFTD52JaQWjzsHelME0XDTE0MDUwMjE2NDUxNlow +IQIQBDEVZSAf2BWrW4CggagRVxcNMTQwNTAyMTgyMzE5WjAiAhEAskeOl/vu2m62 +LW2THh8b7xcNMTQwNTAyMTgyNTE4WjAiAhEAmoBnP0Gd5q7a58VWYp9E9hcNMTQw +NTAyMTg0MjM0WjAhAhAM6iNu6+PVvztgRgNhb/urFw0xNDA1MDIxODUzNDZaMCEC +EGVCrftqzmrTaqZr5Gg/l2UXDTE0MDUwMjIwMjgyNFowIgIRALkmYZua4A+sEbFB +tBL1hDkXDTE0MDUwMjIwMjgyNlowIQIQT7zgEbp4JSL2QSwfM0IYqRcNMTQwNTAy +MjAyODI5WjAiAhEAnI1SZbnzgjSNRBS36duPwxcNMTQwNTAyMjAyODMyWjAiAhEA +ioHph+gfUhu7UhmOTf8tKBcNMTQwNTAyMjEyMDQ5WjAhAhBPCIe1Xbuq7HZ7uivN +V6sgFw0xNDA1MDMxNjEzMDRaMCICEQClJAgprrl9XsQuyHH67HSPFw0xNDA1MDMx +NzA2MThaMCICEQDlIEYEI/QiwPYgZNfaka4ZFw0xNDA1MDQwNjEzMDNaMCICEQDx +ACfArx4+dWikbfpWSSUxFw0xNDA1MDUwNjU3MzZaMCICEQDwMOsqP4XC1mb8zmWO +HcB9Fw0xNDA1MDUwNzIzNTFaMCECECFTpG+FBWNoh8UXUU4S8t0XDTE0MDUwNTA3 +MjQyM1owIQIQZcYvbZr2PzZaSG/dZX6/lRcNMTQwNTA1MDcyNDQ2WjAiAhEAz5yU +A3Sg09IV72iNGG5rEBcNMTQwNTA1MDgxMTQ5WjAhAhAQ52znMXTBEGePKkTXdIe7 +Fw0xNDA1MDUwODM5NTVaMCICEQCo6a8Z+k5lahwj9TqbOIw7Fw0xNDA1MDUwOTE4 +NDdaMCECEEe433Ab+OrftCtQPPZFfrMXDTE0MDUwNTEwMzA1NFowIgIRAPaZp7QF +yFCDFMN718HnWdUXDTE0MDUwNTEwMzQzMFowIQIQWshLVw+s72aQl2Z+tNGPbBcN +MTQwNTA1MTA0MjEzWjAhAhBjVI0OJmBO6dRXnvz3knRaFw0xNDA1MDUxMTIyMzRa +MCECEGpzg5fb4CuYDSrKXWSlcQcXDTE0MDUwNTExMjM1MFowIgIRAJfzhXZ4YfBi ++LQhc/5KMe0XDTE0MDUwNTExMjQyN1owIgIRAIib2ZvoARo3p1PuqiBNivsXDTE0 +MDUwNTExMjUxMlowIQIQdCoTpBBrAXKhkBlXZOECexcNMTQwNTA1MTEzMTQ1WjAi +AhEA3WROyJx/S470S0WySGDhVRcNMTQwNTA1MTQzMjI2WjAhAhAlMh8R7ynPy0pO +vCatyu2EFw0xNDA1MDUxNTEwNTZaMCICEQDlA4bREI8TJiOrhBiOXDaoFw0xNDA1 +MDUxNTEyMjNaMCICEQCs6Y9ypXRPxdjg10brFkZEFw0xNDA1MDUxNTEzMjJaMCEC +EFuHZAE2csTwihvrSm6zLMQXDTE0MDUwNTE1MTYyMVowIQIQavvDrT1sJwmqL0cF +fd3GeRcNMTQwNTA1MTUyMDQ0WjAhAhAOdBOY5wxDXNPFBnu32i40Fw0xNDA1MDUx +NTIxMTZaMCICEQCfigVS9t2XJKe1n9rJv3CTFw0xNDA1MDUxNjAyNTFaMCICEQCT +G1CWGYHLa5rwoUx7uuyCFw0xNDA1MDUxNzExNTNaMCICEQCV3RXD1Vyiw0ZyAb6/ +tDmqFw0xNDA1MDUxNzE1MzJaMCECEGXsG2izGBHIIEi8lVXeuxQXDTE0MDUwNTE3 +MzI0N1owIgIRAKkk4SIU5xea2ld6df4JiIEXDTE0MDUwNTE4MTM1MFowIgIRAIQV +5xLFeSQ1U/ChHTo2x80XDTE0MDUwNTE4NTQzMlowIgIRAJNX1DaidpgLSin+z0x0 +QHIXDTE0MDUwNTE5MDEyM1owIQIQUuzYexX10izyxQUN+MBuuhcNMTQwNTA1MTkw +NjUyWjAiAhEArFfUogsgUe6RfeuYEzREzhcNMTQwNTA1MTk0ODQ1WjAiAhEAtOGb +yY9zVOF5uLCDqfmWNhcNMTQwNTA1MjAxODQ1WjAhAhAsOCjY8/SdJK1XgHzoQOHL +Fw0xNDA1MDUyMDI3MDVaMCECEHqANs7rdOrybikXPajMRfYXDTE0MDUwNTIwMjc1 +MlowIQIQKb9Z48W7mPr3+SDQPoQ8IhcNMTQwNTA1MjAzNjMxWjAhAhBNAA5BEka+ +m7wrWTnGAS1ZFw0xNDA1MDUyMDQ1MzlaMCECEHgeDd39u6F+lkVGFq9F84wXDTE0 +MDUwNTIxNTcyOVowIgIRAPrpwhWOPYBDhZe8Ohce3W4XDTE0MDUwNTIzMDE1MFow +IQIQDVzkBGt2UQ+XLcEbX5ud2hcNMTQwNTA2MDUwMzA5WjAhAhBYrr2H7IQommg8 +8BSh8YQjFw0xNDA1MDYwNTE3NTFaMCICEQDTslJSX1K8eqW05nTpn1tNFw0xNDA1 +MDYwNTE4MTZaMCECEFDTxyp9JNVjPOxSzkPlUkwXDTE0MDUwNjA1MTgyNlowIgIR +AJSSQ22yPHmohhxi+nl3BVQXDTE0MDUwNjA1MjEwOVowIgIRAJ+8L8O1wgWkjFcE +Mqu/Y+EXDTE0MDUwNjA1MjQxOVowIQIQAmFeYmAi7PU9zm9z0/91yhcNMTQwNTA2 +MTE1MjQ0WjAiAhEAllrd8nCb/MeukqQ2uSE+RhcNMTQwNTA2MTIwMDM0WjAhAhBR +RyUrTBqpBVwhbE7x8Z2nFw0xNDA1MDYxMjU0MTRaMCICEQCgvUCwzz2gQijKJ8bY +jpjLFw0xNDA1MDYxMzAxMjNaMCECEHxOKgHvx9hbXwE68tuyPTEXDTE0MDUwNjEz +MDEyN1owIQIQbcGZAwbrXHpIui1MyIJ0qhcNMTQwNTA2MTM1MTIxWjAiAhEAhk9d +syDB2HllzDn/x/fNRRcNMTQwNTA2MTM1MTI1WjAhAhA+1Io6mXidjGQOV5u3zDph +Fw0xNDA1MDYxNDEyMTBaMCECECcH0WXXhWqm7p90AvXmicAXDTE0MDUwNjE0MTMw +NFowIgIRAOfknuNY6u37wVBHa9TnLa8XDTE0MDUwNjE0MTM1OFowIgIRAMPS/TQP +FhUpZtB9pmtNmxUXDTE0MDUwNjE0MTUxN1owIQIQcFdRdA7AvONs7Wv3AoXBLxcN +MTQwNTA2MTQxNjExWjAhAhBZ2Rcwug4zI2YPpCFfKXOdFw0xNDA1MDYxNDIxNTJa +MCECEHDNzPwq0Il7AdAnTULRNi4XDTE0MDUwNjE0MjMxMVowIQIQD8X0FvEmF3CT +vima0NxxBxcNMTQwNTA2MTQyNjA2WjAiAhEAqwqowowTNzneglbMMGsgyBcNMTQw +NTA2MTQyNjMzWjAhAhAnSxMHhyQaAL5nk9dcEQj3Fw0xNDA1MDYxNDI3MDBaMCIC +EQCQ87OM+hshVIg5uQSWf6EeFw0xNDA1MDYxNDI3NDlaMCICEQCEvYf/3nNUe0ie +lPxs3/fjFw0xNDA1MDYxNDI4MzFaMCECEG+X8WIRUV6qaONUFZt1zwIXDTE0MDUw +NjE0Mjk0NlowIgIRAKvAV/M8jeN6K3o9fQWZoM8XDTE0MDUwNjE0MzAxNVowIQIQ +KDAAtLmXVf4/YaIdcA1jmhcNMTQwNTA2MTQzMTEyWjAhAhBZSWQ9ZslX+8WGBzIq +XEzPFw0xNDA1MDYxNDM1NTRaMCICEQDDX0+sgQ7acn+ucsnklxvfFw0xNDA1MDYx +NDM2MTNaMCICEQDqiCU3R8GWQavAZWtyaCJpFw0xNDA1MDYxNDM3MDNaMCECEF4z +KQejsRgeY15wxn59vD4XDTE0MDUwNjE0MzczNlowIQIQRYl4u87XSEJhJwkzqYbt +uBcNMTQwNTA2MTQzODMxWjAiAhEA8xyBFXL06XRK8b91NUtGCRcNMTQwNTA2MTQz +ODU4WjAhAhAEyE3lfLbrYiiwAURs8XQHFw0xNDA1MDYxNDM5MzFaMCICEQCi6aMZ +kGZIjzZuNzodyyltFw0xNDA1MDYxNDQxMjdaMCECEC0dYWDgOl2fRGiqq87TRIMX +DTE0MDUwNjE0NDM0OVowIQIQH31KHKMOpwZydwtTsXx6VBcNMTQwNTA2MTQ0NDIz +WjAhAhBOOaTau+PkYKJUHF1AKxv6Fw0xNDA1MDYxNDQ1MDBaMCECECFxqZEBOSww +PekV+MQkoAIXDTE0MDUwNjE0NDUzNFowIgIRAJD4yAQyPcNBnTY5Hl3WfIQXDTE0 +MDUwNjE0NDYxNlowIQIQZ1F/Y/SFvgZPimya4dKK8RcNMTQwNTA2MTYzOTU2WjAh +AhBIcASIRozHZ3r/LwaXwb27Fw0xNDA1MDYxNjQzMjVaMCICEQDipsMPNbU5fgZ1 +xR5BhJOLFw0xNDA1MDYxNjUzMzVaMCICEQDGW8AMAgvTZb0HGLgoBh9gFw0xNDA1 +MDYxNjU0MzBaMCICEQD3nNBoXJlSxgHKwf6DJk0WFw0xNDA1MDYxNjU1MjhaMCEC +EEOQt8Wr3rTkeP2SSH5ubhEXDTE0MDUwNjE2NTY1MlowIQIQEXMmDn9tjcOUmay+ +U5VN5xcNMTQwNTA2MTgwMjAwWjAiAhEAwlis7Dj/dAc6h1BGpV9t3BcNMTQwNTA2 +MTg1NjM1WjAhAhB1dspvBNYAsrngpNL958cfFw0xNDA1MDYxOTE4MzhaMCECED3l +rB/fR1aMQkVHNWugGXQXDTE0MDUwNjE5MTg0N1owIgIRAMZ9yZw/2+QPzFha3GZV +qnMXDTE0MDUwNjE5MTk1M1owIgIRAK5HLKnNLeGEeeLNDNssULEXDTE0MDUwNjIw +MDExM1owIQIQLSOee0yYKHnAB7nUJOPJTxcNMTQwNTA2MjAwMjMyWjAiAhEA9cPJ +oM1gerfsKJy9ownN7hcNMTQwNTA2MjAwODMzWjAhAhBMc/kfERKkE/iER7JoKa7r +Fw0xNDA1MDYyMzA4MTNaMCICEQDJ5Jof1v3ZsRPzdlIl1vr9Fw0xNDA1MDcwODM1 +MDZaMCECECRwZSEMzY2dofN4IiK3jhsXDTE0MDUwNzA5MjYzMlowIQIQLMVTxfLs +Ia+SbdHnQ0f2gRcNMTQwNTA3MTAzMjI3WjAhAhBG/TOZSYk5WHtZQBmYyC04Fw0x +NDA1MDcxMzM1MzJaMCECEAGGNxGjW7r6eAXl6R79ZucXDTE0MDUwNzE1Mjg1Nlow +IgIRAOaCrl7k+0ssUpOSib8nu2gXDTE0MDUwNzE1NDYzMlowIgIRANJgu4ezwlHV +Php1lVOpBFgXDTE0MDUwNzE1NDc1OVowIgIRAKX9X58zeAlS0lbegaPygtkXDTE0 +MDUwNzE1NDgzNVowIQIQLUy6aEbWIDplP1Ir5OoT5hcNMTQwNTA3MTU1MTM5WjAi +AhEAscv/BcfNn80SX2LcbAaZVRcNMTQwNTA3MTU1MjQ3WjAhAhAqyghJXK1dBgGS +ygDTOAB3Fw0xNDA1MDcxNTUzMzRaMCICEQC+7EXEzT6rx3GRd8kRk3GPFw0xNDA1 +MDcxNTU0MzlaMCICEQCe02Tcs4ef2DBQz/KEi2XTFw0xNDA1MDcxNTU2MThaMCEC +EHPK4+e3MMabHCo6+3M9pXcXDTE0MDUwNzE1NTY1MVowIQIQRZH6Mq0kssg1oarm +M3t3uhcNMTQwNTA3MTU1OTAxWjAhAhAMr3HEpUbrcK8wtzjN0YJ4Fw0xNDA1MDcx +NTU5NDBaMCICEQCn2AYDgV1c1aVA/wMcmGzyFw0xNDA1MDcxNjAwNDRaMCECEDQ6 +jdm5vZ/KLG4W0BQ06igXDTE0MDUwNzE2MDExN1owIQIQGSYx8tvsRaxoak3AxIkQ +HhcNMTQwNTA3MTYwMjAzWjAhAhB+yUNUZNl/2DXgPecDtbxMFw0xNDA1MDcxNjAz +NTRaMCICEQCgS9Xw0YpNBczSMxBpDKdkFw0xNDA1MDcxNjA0MzBaMCECEGiDtrRj +gH1lGQDfePe1HgYXDTE0MDUwNzE2MDUxNVowIgIRANurtdIZEzMWuv4AvVRSahQX +DTE0MDUwNzE2MDU1MVowIQIQBmm7uwU5dS1B6C2uHKux7hcNMTQwNTA3MTYwNjI3 +WjAiAhEA5Qg+4mnbYEyRaCCWseX7jBcNMTQwNTA3MTYwNzA4WjAiAhEA8kzRWlvB +c9e3be9qXez3LxcNMTQwNTA3MTYwNzUxWjAgAg9fAsVI4TMEuiozdVcNc94XDTE0 +MDUwNzE2MDkxMlowIQIQN5ohiuYTwmphA8Jeuq7SDBcNMTQwNTA3MTYxMDMwWjAi +AhEAmnXnI4amJate02iliuCErhcNMTQwNTA3MTYxMTAxWjAiAhEAmbW9+7WtfKrp +8Lpa8rp+xBcNMTQwNTA3MTYxMTMzWjAhAhBQWDq8BKT/wTKzdvbNdYJjFw0xNDA1 +MDcxNjEyMDlaMCICEQClH6eF/NBfardWNhSgeFfJFw0xNDA1MDcxNjEyMzhaMCEC +EHxpuUFwBjUJjmMeDwcNznoXDTE0MDUwNzE2MTMxN1owIgIRAJZ38ZMJfRyz6Yyx +2Qi/6vsXDTE0MDUwNzE2MTM0NVowIQIQQzZjqaKoYeo0jgTgoUrp5xcNMTQwNTA3 +MTYxNDIxWjAhAhAy2Aqb3sIdMy5Ds4/ciKoSFw0xNDA1MDcxODQyMDdaMCECEH/I +qAq48qbhZANRSUiClb8XDTE0MDUwNzE4NDI1OFowIQIQcfmEoJmQMrgnDSyHCtu2 +vRcNMTQwNTA3MTkzNjA1WjAhAhAFje7xJchKYJZOqIQuiKrXFw0xNDA1MDcyMDA2 +NDhaMCECEH3Ikd97/qlT3TQTItACvzgXDTE0MDUwNzIwMDcyM1owIgIRAPI/HyrC +Kf6ayG/q3KWNhqYXDTE0MDUwNzIwMjYzOVowIgIRAKlYRz22yTEUcc6882VXBpoX +DTE0MDUwNzIwMzEyMlowIgIRAKo7FcPTIpgfuUZWjFNuGX0XDTE0MDUwNzIwMzYz +N1owIQIQeiOIwugU2+KPpxg5w28mJBcNMTQwNTA3MjEyMTQ3WjAhAhAKVj2xX9Wy +eajapekIH/PSFw0xNDA1MDcyMTM4NTdaMCECEFQ6NGBooqauXgamP1/gI7QXDTE0 +MDUwODA4NTUyM1owIgIRAOdfKsw5W7DJjolUmEcIEl4XDTE0MDUwODA4NTUzOVow +IQIQDTXJW3VkTdYhu9DQyYGHRBcNMTQwNTA4MDkzNjAxWjAiAhEAh9Q97ibOOyVy +miYsFdJMpxcNMTQwNTA4MTAxMDA0WjAhAhAX73yblfqVXlqXjdL0G+zeFw0xNDA1 +MDgxMDEyMzRaMCICEQD65IJUfDIjP9Iebu4a5jpYFw0xNDA1MDgxMjAzNTJaMCIC +EQDzEaSEOj6a9rJjggYKPAJxFw0xNDA1MDgxMjMwNDlaMCICEQDVP0ncNtWjQ9zD +BvNnDf8JFw0xNDA1MDgxMzU3NTJaMCICEQC7l8qRjea4YO4nMzhTphpBFw0xNDA1 +MDgxNDE1MDZaMCICEQCl8gVCGOsX76sx9j8wtw0pFw0xNDA1MDgxNDE4NTZaMCIC +EQCSLnPdD0ABskdpJUuK7kD6Fw0xNDA1MDgxNDE5MzVaMCECEFsImfZUI7lnhvy4 +yOL5858XDTE0MDUwODE1MzgzMFowIQIQdokX0vGPjzm3g+qRF8SrABcNMTQwNTA4 +MTYxMzA1WjAhAhBl0nW4GnAQ0vBxbwJDfMbjFw0xNDA1MDgxNzI3NTFaMCECECyx +D7lmmNy+hn0QjRcbITgXDTE0MDUwODE3MzczN1owIgIRAOcATSWJNNylT7goQik9 +mVgXDTE0MDUwODE3Mzc1M1owIgIRANO+XaoX0UZKYzQ2toEHzV0XDTE0MDUwODE3 +MzkwMFowIgIRALRcUc0KVGZ7WL4fPajmw4IXDTE0MDUwODE3MzkyNFowIgIRAMUk ++J9KFYgvBynTYv0NF10XDTE0MDUwODE3Mzk0OVowIgIRAP2a97+JkoJgsv6Yshud +lkkXDTE0MDUwODE3NDAxNVowIQIQZN/EEI7Up8ZTLcG19f1DsxcNMTQwNTA4MTc0 +MjIwWjAhAhAbtMobeKZPlLxQi4kLaHdCFw0xNDA1MDgxNzQyMzZaMCECEDkSY9aE +f+iD696gLP9FDIAXDTE0MDUwODE3NDMxMFowIQIQXfZiWRN8ngBfuNvz///cmhcN +MTQwNTA4MTc0MzE5WjAiAhEAy8Jsoyi0vG3GefSHEo6QjRcNMTQwNTA4MTkwOTIx +WjAiAhEA2l32XDvJRJ7j6j5cA68ifRcNMTQwNTA4MTk0NzIzWjAiAhEAmngpBGB7 +s/eupNs30qUY3xcNMTQwNTA4MTk0ODI1WjAiAhEArW3VFmNWnewOqSnwyWXInBcN +MTQwNTA4MTk1MjMyWjAhAhBc1b9wDJ/vDb7qmnYHy6H0Fw0xNDA1MDgxOTU1MDda +MCICEQD5URy9pxJt5OCdDcoaWZb9Fw0xNDA1MDgyMDA5MTNaMCECEADUv/Ige58Y +WnS0AS2EQgoXDTE0MDUwODIwMjcwN1owIQIQPuUj/7vdw+03FHcKSK+NIBcNMTQw +NTA4MjEwNjMxWjAhAhAng6ql2m8XWmiinwjfMLmWFw0xNDA1MDgyMjA0MTVaMCIC +EQD6V74yfhKxJ+LVgUJzF2ZUFw0xNDA1MDgyMjA3MjhaMCECEDHL2nyhxAWpLYxw +Bqel2n0XDTE0MDUwODIzNTUwOVowIQIQTBrX+C4+4tTOBB2OrQxEWRcNMTQwNTA5 +MDQ1MjI1WjAiAhEArpovSipwixFJ+oR8hB2oUBcNMTQwNTA5MDUwMDE5WjAiAhEA +8exuqSpteA/Y34ALpBP5OxcNMTQwNTA5MDUwMDI4WjAhAhAZpqYG6FgeJ4ShnC0x +umi3Fw0xNDA1MDkwNTAwMzhaMCECEBbsh4bLruaHeJQtBrK179oXDTE0MDUwOTA1 +MDE1MlowIgIRANgh+HIXwRAsWRLitDvYj6oXDTE0MDUwOTA1MDc1MlowIgIRAK0g +Dv5ZlzmVf0kVPjc+nmMXDTE0MDUwOTA2NDE1MFowIQIQQfRZPlZxnmuUZOOubY9m +kxcNMTQwNTA5MTAwMjAyWjAiAhEAidacdGgJgOp2LeTXh1svnxcNMTQwNTA5MTEw +MTAzWjAhAhAFHe7ikBls7KXErMwSEM/vFw0xNDA1MDkxMTA4MTZaMCECEHRGZfzp ++QC/rJyN/LPNiGEXDTE0MDUwOTE0MTM0M1owIQIQbQaQx2VhZFkrkUy5qIQbmhcN +MTQwNTA5MTQ1MTEwWjAiAhEA7lbRo8HTLWthhtaDcFLCORcNMTQwNTA5MTUwNjEx +WjAiAhEA2vq0QK+3yWnH62QtjoJHEBcNMTQwNTA5MTUwOTQxWjAhAhAE7uKyCgn3 +pW5M9iOZu3iZFw0xNDA1MDkxNTEyNTVaMCICEQCLeKRm1TGumobnokMMle06Fw0x +NDA1MDkxNTEzMTVaMCICEQDcNERsJqXo2yCc8U+At/E+Fw0xNDA1MDkxNTEzNTRa +MCECECjpLNhQpJXpzJ0RJcfwq6EXDTE0MDUwOTE2MzE0OFowIQIQf3+/mDaARBFv +RAM+G/nmbRcNMTQwNTA5MTYzNzIzWjAiAhEAkQRGwZQqtfCVGZ6HoEO2nRcNMTQw +NTA5MTY1MzEwWjAhAhBBqm1skrhxSzHLqxR4s5fzFw0xNDA1MDkxNjUzMTlaMCEC +EExv0YHKGH+Ibrc7rqSodyUXDTE0MDUwOTE2NTMzMFowIQIQZg3AXFIjKZ3ER2Oc +YEeJPhcNMTQwNTA5MTc1NjEzWjAiAhEA7fRJgfOqtOwF4TPd2jnl8xcNMTQwNTA5 +MTc1NjIzWjAiAhEAkPoRRms80m65cbAm4Zqf7BcNMTQwNTA5MTgzOTA4WjAhAhBk +dt0yQe2QkQYwZc6V2nLwFw0xNDA1MDkxOTE2MjhaMCICEQC9feP5oT/3x3uhW7kf +oWlpFw0xNDA1MDkxOTIwMTZaMCECEHJt/GC2aFpeRcxhoX9SmboXDTE0MDUwOTE5 +MjYxM1owIQIQL3b2/aqS3hrTmYdPp/CpMxcNMTQwNTA5MTkzNjU2WjAiAhEA/Wlu +fnigmRrHZ16CLCKm/BcNMTQwNTA5MTk0MzUyWjAiAhEAjt8aBvWBVXYoI4Rig1cT +EBcNMTQwNTA5MjE1ODAwWjAhAhBnNGDbyqXWjjQQ5P3vWkCVFw0xNDA1MDkyMjU5 +MzdaMCECEDh5Fb1796ayunN5JWs7aegXDTE0MDUxMDAxMDgwNFowIQIQOmmbIgQ/ +nThhfrj3VAt6jRcNMTQwNTEwMDEwOTIwWjAhAhBK48rW0GhRjTyRKSMDq5UKFw0x +NDA1MTAwMjAzMjVaMCICEQCSyeAeDFpAJnaatxle7vxfFw0xNDA1MTAwNzQ1NTBa +MCECECR1HI4whdidyr0kesf1iXAXDTE0MDUxMDE2MTMwM1owIQIQQvFmZwAwwe+q +2MXf8tQ1JxcNMTQwNTEwMTYxMzA0WjAiAhEA63SyNhNwb0h9XwHJtqFTghcNMTQw +NTExMDg1NDIzWjAhAhA3jCLWt+DP6zGPCxw7bmO2Fw0xNDA1MTIwNDQzNThaMCIC +EQD5p5d3e99n+dOoCBjv6bMnFw0xNDA1MTIwNzE4MDFaMCICEQDpUIUPrCvHN0qe +Rwj+pJXCFw0xNDA1MTIwNzI5MjFaMCICEQDAquJgyOZ7W29FmxcVKYYUFw0xNDA1 +MTIwNzMwMzhaMCECEDZxoHeYadTckVZeX0JRJVsXDTE0MDUxMjA3MzIxNVowIgIR +APKBkSqWQBV8U0lskaONsyIXDTE0MDUxMjA3MzQyMlowIQIQNGBHllS0Z2LJ9Xbf +uX/M5RcNMTQwNTEyMDczNDI5WjAiAhEAv02Gp6ApJRe42UboNVomNhcNMTQwNTEy +MDczNDM3WjAhAhA9uSokBX5WQ9655CsRkioXFw0xNDA1MTIwNzM0NDRaMCECEDAo +H8XmC7xfA+1ylKEfF6QXDTE0MDUxMjA3Mzg1NlowIQIQSjWrq05/7QS5UPWLOhFz +hRcNMTQwNTEyMDczOTAyWjAhAhAtga8w+3pwMmh7zhIT/JH3Fw0xNDA1MTIwNzM5 +MTFaMCECEAI2iua1iLqdwYt7y2U59a4XDTE0MDUxMjA4MjQzOVowIgIRAJG34f3F +5d5KwD5fzAk8t5gXDTE0MDUxMjExMjAyOFowIgIRAO1pmKmRINKXdFq3zrjJw+8X +DTE0MDUxMjExMjAzOFowIQIQXkRy7nrnuUBAI9oys9Ar6xcNMTQwNTEyMTQxNTE5 +WjAiAhEAmA6CY8u9oBvFdYCNfRgedxcNMTQwNTEyMTUzODEzWjAhAhB3/RNNLOBV +ystrSIV3HrHpFw0xNDA1MTIxNTUxNTZaMCICEQD1Kzql4CvpGzfkEn40C2X2Fw0x +NDA1MTIxNjAyMzhaMCICEQDNwqBkWs/r0aevC9kN82ibFw0xNDA1MTIxNjAyMzha +MCECECmTZbT+K2UdRcKBE3tykmgXDTE0MDUxMjE2MDIzOFowIgIRALM89Izs4TyW +KI2cKVIrA94XDTE0MDUxMjE2MDIzOVowIQIQTMXKH5tBQ4B6Fuao0UZpbxcNMTQw +NTEyMTYwMjM5WjAiAhEAu3F4MrJjZ7voPUWHeIqvjBcNMTQwNTEyMTYwMjQwWjAi +AhEAjAcNHgiEpkhWteHaeJVCxxcNMTQwNTEyMTYwMjQwWjAhAhAhN7NJ/FTjmdXf +BbZCjqE8Fw0xNDA1MTIxNjAyNDFaMCECEDQaqjpefgOCJHy/WzZqqGUXDTE0MDUx +MjE2MDI0MVowIQIQWxBt3lf/5HzPNNWwjereyxcNMTQwNTEyMTYwMjQyWjAiAhEA +3yXIjb4/9xxgt0ZDSepK8hcNMTQwNTEyMTYwMjQzWjAiAhEAkiz947uhFcsj1Q/4 +PJYv8BcNMTQwNTEyMTYwMjQzWjAhAhAN2frnkpe9fII9DSVNr7R0Fw0xNDA1MTIx +NjAyNDRaMCECEBx/3Bjg97Ztfc0A2lOUAssXDTE0MDUxMjE2MDI0NFowIgIRAIyC +WobRjZVmFYb54R5oRHUXDTE0MDUxMjE2MDI0NFowIgIRAK36sbeeG84wSK1GMzlX +ORkXDTE0MDUxMjE2MDI0NlowIQIQJ9iChT1HPm9AiD7LL890OBcNMTQwNTEyMTYw +MjQ2WjAgAg98j0l8W5scIzof1lKnuzkXDTE0MDUxMjE2MDI0OFowIgIRAL7D2HQ+ +7TkXvukIaiOlGTkXDTE0MDUxMjE2MDI0OFowIQIQEdiHLK9JnGScsCnid+HgXhcN +MTQwNTEyMTYwMjQ4WjAhAhAeI4Xy4T+2UnbDtDjB6j5lFw0xNDA1MTIxNjAyNDla +MCICEQDZFFKOG2IBb1H8QnMt82rhFw0xNDA1MTIxNjAyNTBaMCICEQD1wqAiOWWX +ipBeT8VkZmDTFw0xNDA1MTIxNjAyNTBaMCECEC4rMkvsHaNIo2OOBCmQ5fYXDTE0 +MDUxMjE2MDI1MlowIgIRANMnrA7sgxMHlldOkRVXE+oXDTE0MDUxMjE2MDI1Mlow +IgIRALy67qezWGIVztHG33vQrSEXDTE0MDUxMjE2MDI1MlowIQIQeW9uIrtB4byV +oFHTUHWxMxcNMTQwNTEyMTYwMjUzWjAhAhBHQffCMPyXyKZqKBnjeZV8Fw0xNDA1 +MTIxNjAyNTNaMCECEHxyJne+oAS8Tcau2dYbyfAXDTE0MDUxMjE2MDI1NVowIQIQ +H9jm9pDj6TEZv6WdFap/dRcNMTQwNTEyMTYwMjU1WjAiAhEA416P7d0TfSIaLsSe +hsWN6xcNMTQwNTEyMTYwMjU3WjAiAhEA1AoV5mOAT3oRI+RiKV7wBRcNMTQwNTEy +MTYwMjU3WjAiAhEA3DkQt6QLd6a0bTaSvxij8hcNMTQwNTEyMTYwMjU3WjAhAhBH +yUPW5YhWGPL1rvER2lF3Fw0xNDA1MTIxNjAyNTlaMCICEQDGj0Eu3dApe17/Ae5S +w++EFw0xNDA1MTIxNjAyNTlaMCECEAgaWL7wFb9VLVfGAWqVjxoXDTE0MDUxMjE2 +MDMwMFowIgIRAMfKc+SnvhyKqaJcWH/QaVsXDTE0MDUxMjE2MDMwMVowIQIQLKMS +xxjU3sBAn7QqllKxuhcNMTQwNTEyMTYwMzAyWjAiAhEAnpsd3P7UjAu68HI6hdnN +NhcNMTQwNTEyMTYxMzA1WjAhAhAeSe1I+KMua9kXgVoRbpMNFw0xNDA1MTIxNzQ5 +MjVaMCECEDWkOTlFDd3v9cpGGABBJusXDTE0MDUxMjE4NTAzOVowIQIQdNYL9YXC +8WNGU7kFn6nxgBcNMTQwNTEyMTkxNzI0WjAhAhBtsxr/oVepDWE8ze12Lvb7Fw0x +NDA1MTIyMDA1NTlaMCECECb23JH2vdZuRr2roDG3ys0XDTE0MDUxMjIwMzcxOFow +IgIRAKPRiLGjpBS51yQqwgjuRUoXDTE0MDUxMjIwMzc0MFowIgIRAMJ2rx0N8cGK +ySjb6su3CGAXDTE0MDUxMjIxMDMyMVowIQIQOVxAO760lLG9E1Gbz+vDcRcNMTQw +NTEzMDMzNTU0WjAiAhEAz1vGha+QU9N8FG1I6D1LdxcNMTQwNTEzMDcyMDM1WjAi +AhEAlwhiYysJx/8D9iiGx22HwRcNMTQwNTEzMDcyMjEzWjAiAhEAvmclpfQhcX21 +4E7puPM9nBcNMTQwNTEzMDcyMjM2WjAiAhEAqS/VaNfAcPcpBZpNDcNvxRcNMTQw +NTEzMDcyMzA3WjAiAhEA2RlBpIJ7Vd2rbrE2E1j2qBcNMTQwNTEzMDcyMzMzWjAi +AhEA/MH8lUmz8YyLFG4wLHoiIRcNMTQwNTEzMDc1NzAwWjAhAhBtB2FiUuNFsHDU +kIOzdQzkFw0xNDA1MTMxMzA1MTdaMCICEQCHR/+0B71J5HIyAdCyid/BFw0xNDA1 +MTMxMzMyNDlaMCECEH5hX82V7EJW2kOd6mrSGJUXDTE0MDUxMzEzMzUxMlowIgIR +ANSR2AxxImLEerqgrUfjDuIXDTE0MDUxMzEzMzgwMFowIgIRAKyCuxOdyUQg7NeK +aSQuTHUXDTE0MDUxMzEzMzgzOVowIgIRAIX6xGv3enkAPWMqUWFdLjEXDTE0MDUx +MzEzMzg1MlowIgIRAJyhH7AlmNgzFQHiqZRIijoXDTE0MDUxMzEzMzkyMFowIQIQ +JTDntRvxtxdxD84F1QHJmBcNMTQwNTEzMTMzOTM0WjAhAhAsMEBEB7JAme7yhHVg +MeXgFw0xNDA1MTMxNDEyMjlaMCECEBIS+pNaLAHnmNQ09r39PYoXDTE0MDUxMzE0 +NDY0M1owIgIRANNLbEgOdx9fFiMcfOhwZV0XDTE0MDUxMzE0NDk0OFowIgIRAOtF +68PVoP1baA3csYv81TkXDTE0MDUxMzE0NTYxNVowIgIRAOHKSy7O/P/dUKZf+zBZ +gnEXDTE0MDUxMzE0NTYxOVowIgIRAP9V9CXBwFJSrqJLcVYzF2YXDTE0MDUxMzE0 +NTYzOVowIQIQFfV/QNpLRGJaZ2jtd3EO8RcNMTQwNTEzMTQ1NjQxWjAhAhBbo2zd +pwNNvVF6K7fgmyhvFw0xNDA1MTMxNTEzMjJaMCICEQDdsvmCgCBDOxFnP+PSgyps +Fw0xNDA1MTMxNjAwMDNaMCICEQC4bT+wzK3nVNBoSw6CwaopFw0xNDA1MTMxNzAx +MDdaMCECEBzpjbfMi6SwddNk/eXHuZoXDTE0MDUxMzE3MDkzNFowIgIRANWNMNQ9 +fPklSNMjVWdwzDoXDTE0MDUxMzE4MDQwNlowIgIRALOTeR+V4dOZDDQJXS19exMX +DTE0MDUxMzE4MTcyMVowIQIQJ2BK9423ge4hs94hXODoOBcNMTQwNTEzMTgxOTE3 +WjAiAhEA77XIHtEwuurW96oVYlISOBcNMTQwNTEzMTgzOTQzWjAhAhBCZEc4C1Ff +pUBpQf1sOOEbFw0xNDA1MTMxODQ5NTdaMCICEQCEYn47Bjv73YXpDQkpaQGGFw0x +NDA1MTMxOTI5NTZaMCECEGz5jjltST1K/48bioM/ZUMXDTE0MDUxMzE5MzAxMVow +IgIRAKVmt5BuJdDCeka3PmXR3D4XDTE0MDUxMzE5MzAzMlowIQIQHRWWq6++I2O0 +g1KJ3pqY+xcNMTQwNTEzMTkzMDQzWjAhAhALr60hvu+WP+KIABakLCamFw0xNDA1 +MTMxOTMwNTlaMCECEDtuzAO4XEL6aD2AEBQEXX4XDTE0MDUxMzE5MzExNVowIQIQ +OkTREn2CSngEspAjtuIT4hcNMTQwNTEzMTk1MjA4WjAiAhEA57Jpp5p9EPCp2mc2 +3uUtjhcNMTQwNTEzMjAwMjE3WjAhAhAW7lbXE0wweTe/rIqx7vvaFw0xNDA1MTMy +MDAyNDJaMCICEQCE3gkzh093ZqYScMKelyn3Fw0xNDA1MTMyMDAzMDJaMCICEQDq +WPr/Ad8zz0hZBeqcLmKxFw0xNDA1MTMyMDAzMTNaMCICEQDU/VYlcWR8zCZ1meIV +XiVnFw0xNDA1MTMyMDAzMjdaMCECEAGatr5SsFuIATNA81Fji4kXDTE0MDUxMzIx +MzcxMlowIgIRAKI+C54L16hJx5TuDC44nf8XDTE0MDUxMzIxNTczN1owIgIRAIrM +/QUW0Tx/Uyjs4bYYbXMXDTE0MDUxMzIxNTc1N1owIQIQFnmqfhoOZAVxF5mQxVnz +UhcNMTQwNTEzMjMzMTI0WjAiAhEAhiv2M5ws//fnRsDg+0E1EBcNMTQwNTEzMjMz +MTU1WjAhAhB/0eJGkhPFJ7+b6gKwmh5eFw0xNDA1MTMyMzMyMjVaMCICEQCmDYAF +sNKtdSgO0/lQgkPBFw0xNDA1MTMyMzMyNTBaMCECEC1OlkcGijoNpMup0L/DBJcX +DTE0MDUxMzIzMzMxNFowIQIQKUreW4/ibWihDUVkYv/s9hcNMTQwNTEzMjMzMzM3 +WjAiAhEA2OcLVvk+gnIM/+2AfCibpxcNMTQwNTEzMjMzNDAwWjAhAhBNdD94nDRq +SeWHr5RzJcc2Fw0xNDA1MTMyMzM0MTdaMCICEQD4OGj4IQALWBHgwOJ6otXJFw0x +NDA1MTMyMzM0MzRaMCECEEZucMfCVvsesqDgT5h42/MXDTE0MDUxMzIzMzQ1Mlow +IgIRANiWw/8MfJSvEE7oMq/ievoXDTE0MDUxMzIzMzUxMFowIQIQZQD2jxaBUlAG +o8ENUqOUSRcNMTQwNTEzMjMzNTI4WjAhAhARKwoz9830h2ok49vvi/aeFw0xNDA1 +MTQwNjEzMDNaMCICEQCAYtN8VajccFw/qq2UBvI7Fw0xNDA1MTQwNzU5NTdaMCEC +ECAIFbUc9VelLmw0Bu4b0WMXDTE0MDUxNDA4MDA1M1owIQIQYwqn3VounLaUQ2gA +pRfthBcNMTQwNTE0MDgwMTQ0WjAhAhA+1gLqWWRMLMDgcjfa9/RpFw0xNDA1MTQw +ODAzNTZaMCECEBOSMynQp26XUvvRhg2NcjAXDTE0MDUxNDA5NDg0MlowIQIQPFkF +I24NN8StpzGcly+cnRcNMTQwNTE0MTAyODI5WjAhAhAQVTY+ZA5aoxK7ga40tes4 +Fw0xNDA1MTQxMDI5NDJaMCICEQD2Dk/EiJQC281t4JMXbifWFw0xNDA1MTQxMTA0 +NTVaMCECEERoVob7qFB1kQ1rJQG07cgXDTE0MDUxNDExMTY0NFowIgIRAPDxhRbx +IhMzkfvfvdQlw/0XDTE0MDUxNDExMjQwOVowIQIQQqptMTGpiKPqCIlojBsN5BcN +MTQwNTE0MTE1NDIyWjAiAhEA1I++BAVYQbpFxwVvYBDjABcNMTQwNTE0MTMxMjI5 +WjAhAhBXcMtukQ1ND04QgAalcwiMFw0xNDA1MTQxMzEzNDVaMCECEEptBaKexMRf +nDERS+zaFV8XDTE0MDUxNDEzMTM1NVowIQIQWJEAdZBf47gaf23VEbdnZBcNMTQw +NTE0MTMzMDU3WjAiAhEAnXAVudEVQdIpXsfYimUpLxcNMTQwNTE0MTM1MDQ2WjAi +AhEAzPLrx2ww8sKhTD6iJOv/chcNMTQwNTE0MTM1NTAxWjAhAhBZgIKizhKdIFZf +q5spP/8PFw0xNDA1MTQxNDA5NDRaMCECEGAnwZWPTkiQxiYoGaiUxgcXDTE0MDUx +NDE0MjIwNVowIQIQOMRWE3uQTPUscodnmKU3KxcNMTQwNTE0MTQzNDA2WjAiAhEA +0J5IHEjZy64K6kQjKB4ozxcNMTQwNTE0MTQ0OTE1WjAhAhBLJFtD4gTBXym1CJW5 ++/uLFw0xNDA1MTQxNDQ5NDNaMCICEQDcLKtDfipIUmm8ypwGulzpFw0xNDA1MTQx +NDU4MTBaMCECEGUldtI7XgLV84FijluM6zMXDTE0MDUxNDE1MTg0M1owIQIQNH2C +vAfwiLbDGjc6zoZtERcNMTQwNTE0MTYwOTA2WjAhAhB5NG0jgDN350x2TnJfG4KV +Fw0xNDA1MTQxNjEzMDJaMCICEQDgEvwAF1Rc5QEu9xeAHYKkFw0xNDA1MTQxNjEz +MDJaMCICEQCVD2CDZT+Qx/iUQyWZt1swFw0xNDA1MTQxNjEzMDNaMCICEQCgLW9Y +62k9ETq1dgdDDouPFw0xNDA1MTQxNzEzMzVaMCECEDEoeYYBYy0238hkNsAUAFgX +DTE0MDUxNDE3MTQxMFowIgIRAMG0diysQQZ23Xlri2EzOi8XDTE0MDUxNDE3MTUw +OFowIQIQdIFFKplnUnX6lpovF/7F5hcNMTQwNTE0MTc1NjA3WjAiAhEA88cq6O6G +2TkshmOPskwrwBcNMTQwNTE0MTgwNTE0WjAiAhEA/oo9ksd34x0fGTX6A2O5BxcN +MTQwNTE0MTgxNDUzWjAiAhEAm1kCUzJQ3XZG0vy8WomsohcNMTQwNTE0MTgyMTI4 +WjAhAhAxZ5x6xzhWL9l601Q+wl3yFw0xNDA1MTQxOTE0MDJaMCECEDncezNebrPc +VxrLBJi6BikXDTE0MDUxNDIwMTM1NVowIgIRAL7/exKUh2I4mmgplldKUTgXDTE0 +MDUxNDIxMzgzM1owIgIRAPK0MKOPuw9ZtmUpuGk1qNgXDTE0MDUxNTAwMTMwNFow +IgIRANCe+7JnD/xV4Ocaojs2AbYXDTE0MDUxNTAyNDUyNFowIQIQMc+iyAXWVH2U +NBfCDJgZxxcNMTQwNTE1MDI1MzQ2WjAiAhEAloA/ScBo/smlEJ/xNXpgQhcNMTQw +NTE1MDYxMTAyWjAiAhEA7pVtjbpZbfg4lOwJ74LEURcNMTQwNTE1MDYxMTExWjAi +AhEA3nqN6o51hOQdt/jkixwH/xcNMTQwNTE1MDYxNDM5WjAhAhAQPiA5Tpbpz3Qh +8116MoXGFw0xNDA1MTUwNjE1MzVaMCECED+Z9nYB2IFdrrQ/I1J2BiQXDTE0MDUx +NTA2MTY0MVowIgIRAMxx3yoYB5jKNuHAnd7z8A0XDTE0MDUxNTA2MTY1N1owIgIR +AI1WX/JV/Gs2SDcqdBeUG+oXDTE0MDUxNTA2MjIxMVowIQIQHgSGGp1ad3Zp3/F5 +It9gzhcNMTQwNTE1MDYyMjI1WjAiAhEA+Iszt42gwJufFL3qtM/ZnxcNMTQwNTE1 +MDYyMjM5WjAhAhBU/E8BTXPhQraOdBHhz0/8Fw0xNDA1MTUwNzQxNDVaMCICEQC2 +Sa1fWUjPa5B8Bt97OuD0Fw0xNDA1MTUxNDI2MjJaMCICEQCoZC4pTe6JFj7feHMZ +8YfyFw0xNDA1MTUxNDI2NDBaMCICEQDB9vLJ3cXvhN/lAYtG9AKlFw0xNDA1MTUx +NDI2NTJaMCECEE+2883ozeMOzEs3Pk7UQuEXDTE0MDUxNTE0MjcwN1owIQIQHBBj +ZMqfgrvzguU0vF3mNhcNMTQwNTE1MTQzMDUzWjAhAhBEoOkLLJLOZ83oYDmaUMJc +Fw0xNDA1MTUxNDM5MjBaMCECEGDnBt21NEo8DcPz0GyomSwXDTE0MDUxNTE0NDQ1 +NlowIgIRAMbS8jTOI/aSQjFfyuezV+EXDTE0MDUxNTE2MTMwNFowIQIQJbGKAqhO +IbjuNHzAsXtT4RcNMTQwNTE1MTYxMzA4WjAiAhEA3fp6s83uh4sDxKMm2pUdoBcN +MTQwNTE1MTY0MDQ3WjAhAhB7Qv6NRScko3xnPSDHgL9qFw0xNDA1MTUxODUzMDla +MCECEF+L9+CeuRO4R/corjM02XAXDTE0MDUxNTE4NTc0OVowIQIQEN5x0YAUjb+c +CfPM4oHNsxcNMTQwNTE1MjAyMjAxWjAiAhEA6qfwQNDV91OUadLU1IeIXhcNMTQw +NTE1MjA0MjExWjAiAhEAvddTsZHfAFxb0GTBCl1eoBcNMTQwNTE1MjA0MzA0WjAi +AhEAglN6JhjAHlSsLL8apwnOYRcNMTQwNTE1MjA0NzU1WjAhAhBnXUfFT0tea7Oa +JF586OCbFw0xNDA1MTUyMzMyMTNaMCICEQCpa2Wlb8tk29WH9Yn76dOrFw0xNDA1 +MTYwMjMwMDNaMCICEQCGUMZxFDV7iO68rUcNmpVZFw0xNDA1MTYwMjMwNTBaMCEC +EEdavkwXZqyw6/1BNKSr2EwXDTE0MDUxNjAyMzQ0M1owIQIQXo18lDnvquxS9INX +WTEMwRcNMTQwNTE2MDUwNDQyWjAiAhEAlrP/yJowizpYn2a/3OHc/RcNMTQwNTE2 +MDUyNDA1WjAiAhEA4Prs87CZISnOaoNE7MYJIxcNMTQwNTE2MDYxMzA2WjAiAhEA +rEZAWDHHcmTykHfCf41n3RcNMTQwNTE2MDYyMTM3WjAhAhA0Z1T47le0Wo4QjxUD +xzcIFw0xNDA1MTYwOTIyMTJaMCECEGQkf5W9y5HdXCa0F6nvOAAXDTE0MDUxNjEx +NDU1N1owIQIQWqj5b57LQFDKeeXSxoqeLhcNMTQwNTE2MTE0ODI3WjAiAhEAnmNf +qbngo7E7mmzJXxrtYxcNMTQwNTE2MTIxOTUwWjAhAhAPgmBAphK0/wDRTnTgmrHQ +Fw0xNDA1MTYxMjIwMDNaMCECEFfWr84jJPcgatHX7l3vyNMXDTE0MDUxNjEyMjAx +NlowIQIQMzZ1oJt/kOmAth5NbjavRBcNMTQwNTE2MTIyMDI4WjAiAhEAkUM/1UIz +VoiCedvh9ZjvBRcNMTQwNTE2MTIzMzIxWjAhAhBE8eKvDE96FGjb8aS+HzyfFw0x +NDA1MTYxMzIwMDZaMCICEQCXhKt5Y6sswZ6R3IXRODmXFw0xNDA1MTYxMzMyMjJa +MCECEE9jOegFQGlf3Lx5TqjdISoXDTE0MDUxNjEzNTY1MFowIgIRAM539cexVNn0 +Q5XvqY55DGcXDTE0MDUxNjE0MzMyNFowIQIQSMZrClW7YEGgZN395rG2NRcNMTQw +NTE2MTUzNjI3WjAiAhEA7NcqFPMK47VA4Yk7z8vKnxcNMTQwNTE2MTYxMzA0WjAh +AhBlexWHFrybHzN2NydxUSKzFw0xNDA1MTYxNjEzMDlaMCICEQDXyeG2iLtxzsnd +g23k6AM/Fw0xNDA1MTYxNjEzMTBaMCECEAYsFIZpWE14of+hBvGrNeMXDTE0MDUx +NjE2NDUwMFowIgIRAKP+tPOcsKBOoxEp28oiwxMXDTE0MDUxNjE3MTgwNlowIQIQ +IS8Po7zdv0Dh0l4O/VpYQRcNMTQwNTE2MTc1NTI5WjAiAhEA+DYoVrICp4NdNa/Q +i3wz9RcNMTQwNTE2MTgxNjM1WjAhAhARbJt9hSHrs/FqPDhcxazNFw0xNDA1MTYx +ODI2NTVaMCICEQCp42xqAfPIO5Xz3BF9kPjEFw0xNDA1MTYxOTE3MjFaMCICEQCW +uAHDRStKeJDTwcb06YNDFw0xNDA1MTYxOTQ0MzVaMCICEQCfAfFC+KxHqzHOL5yf +eLivFw0xNDA1MTYxOTQ0NTlaMCICEQChY2gQ6Jj/UZqx37XpC+weFw0xNDA1MTcx +NDUwMjlaMCECECMsoxg+VANj1ZUK7ml5TKcXDTE0MDUxODE2MTMwOFowIgIRAOSl +P2z6lhp2t6QUF92J0AUXDTE0MDUxOTA5MzgxNFowIgIRAJHmSRgcj4VMgzRyvA5i +tw4XDTE0MDUxOTA5MzgyMVowIQIQb5H5czO9yWoRsMIW5hIGExcNMTQwNTE5MTAw +NjM2WjAiAhEAyTCpw81/RCWZgSzTOQUS4hcNMTQwNTE5MTEwNTUyWjAhAhB3mBWM +LJ0UleBbHQNzTbBdFw0xNDA1MTkxMTA2MDVaMCECEHqu7p7DPXxnwbMjZsIvQM4X +DTE0MDUxOTExMjkyOVowIgIRAL/fYXXemlvXHe5XNlg1VhgXDTE0MDUxOTEzMzk1 +N1owIAIPQleGAHKmTptqxg4w9jU9Fw0xNDA1MTkxMzUyNTNaMCICEQCvEvHXLxjJ +bsHfXluxNrLTFw0xNDA1MTkxNDExMjVaMCECEA1L6bannuSV56PXLc6IuCAXDTE0 +MDUxOTE1MDQzNFowIQIQGEG8yI34T3aDOpXhRSLzChcNMTQwNTE5MTUwODQyWjAh +AhB0VRWu+dF10f5TWh8KKMWcFw0xNDA1MTkxNTQ1NTdaMCICEQDDZsCMBoP01LCA +Ic0Q0D/5Fw0xNDA1MTkxNTQ4MDBaMCECEG/Gx4PQQWBBSFTRtqaIxSoXDTE0MDUx +OTE2MTMwM1owIQIQG8aWPZN7JMWFftEHHNzQvhcNMTQwNTE5MTYxMzAzWjAhAhAL +OvESPVFArjMvO108Ic5NFw0xNDA1MTkxNjEzMDNaMCECEDS2W+cLySQpQF50a85s +bkAXDTE0MDUxOTE2NDcyMFowIgIRAPVW5Ux/0xvjItGyzpzGE0kXDTE0MDUxOTE2 +NTAzMVowIgIRAJTVv76oeg4Cefpf1Le5z5kXDTE0MDUxOTE5MjQwMFowIgIRALxa +SRvZ1o6FEt3v6hHtb1MXDTE0MDUxOTE5NDIxOFowIQIQGkI8h/HQ6ftsaVZISRwl +DhcNMTQwNTE5MjEyNDA3WjAiAhEA8puI6X4ztmUNNBrecbmYRBcNMTQwNTE5MjIw +MDI5WjAiAhEA5hDcJEKSYLaLBfFZhlueHRcNMTQwNTE5MjMyNzI5WjAhAhA/osQg +oMLpdCO1XpBLnhbEFw0xNDA1MjAwNzExNDVaMCICEQDq++APSTA3j6D3NrD4uV3i +Fw0xNDA1MjAwNzEyMTdaMCECEBLzEaEPqYIV+NcVWg79fIwXDTE0MDUyMDA3MTIz +NlowIQIQaxBIa4fXzmqWqvIhhlynrxcNMTQwNTIwMDcxMzEyWjAhAhAu2ClA/DUk +hRogRPvpyroRFw0xNDA1MjAwNzEzMzBaMCECEG6gnkzG0/+2zcm1giKyST0XDTE0 +MDUyMDA3MTM0OFowIQIQNDlQXkpiBalq6OCxt7EKpRcNMTQwNTIwMDcxNDA4WjAi +AhEAtTdzz0fAMuF2al9Xqz18MBcNMTQwNTIwMDcxNDI3WjAiAhEA0lKqvRfL9ffz +hirkkjf12hcNMTQwNTIwMDcxNDQ1WjAhAhAsm4Vh+01w+BUzzSqvfY+XFw0xNDA1 +MjAwNzE1MDVaMCICEQD86B9x8U8ZfApFXpYSX+M/Fw0xNDA1MjAwNzE1MjVaMCIC +EQDnWUsSJy1+o2BM/oHXAZDHFw0xNDA1MjAwNzE1NDdaMCECED++3TCneGys2b90 +HHIm0UkXDTE0MDUyMDA3MTYwOFowIQIQaLg/8WvZ3PMEtgV8xU9CJhcNMTQwNTIw +MDcxNjI1WjAhAhBO3hC9SzpH/2gCNkNyz9cKFw0xNDA1MjAwNzE2NDRaMCECEHeQ +BgDIGClIMeQZ3af7MfcXDTE0MDUyMDEwMjQ0N1owIgIRAIKYltpqUfnrHw9buCOB +6pMXDTE0MDUyMDE0MDU1NFowIQIQC8aH1PxX3cVuaEIHMeXyaxcNMTQwNTIwMTQ1 +MjQxWjAhAhBN5zzHiTRoVtRbXp2AlMFvFw0xNDA1MjAxNTEzMTdaMCICEQCpYJ35 +DVQC7td1cCN7Ecs0Fw0xNDA1MjAxNTQzMjBaMCECEE+3fH3NDfn3GoO2f5UCwjsX +DTE0MDUyMDE1NDM0NFowIQIQTEc8zzL5LbnkfBcPZFwGexcNMTQwNTIwMTU0NDA1 +WjAiAhEAksziwUL62q0bSUloLHPEFxcNMTQwNTIwMTU1MTMyWjAiAhEA5vgZLI/q +3spDP/HI25qkoBcNMTQwNTIwMTYxMzA3WjAiAhEAz753v7xUCDvs5iaKP9CJMxcN +MTQwNTIwMTY1OTA2WjAiAhEA4iqYlScODN/T6eqJoNB+shcNMTQwNTIwMTc0NzQz +WjAhAhAND64Sca/SZJmj3pSVJSBsFw0xNDA1MjAxODQ5NTJaMCICEQC/mN86194o +l7xB1xKFH2VlFw0xNDA1MjExMzE2NTBaMCICEQDnPkISAycUkTAfTpvK/eSkFw0x +NDA1MjExMzIzNDhaMCICEQDEo4kesnP5Tl9kLSgtxtEoFw0xNDA1MjExMzI2MDVa +MCECEAayAp/Zay6KzZwGno1rHPAXDTE0MDUyMTEzMjYwOFowIgIRAMfGW06D6mgf +MEH07Q1dHdoXDTE0MDUyMTEzMjYxNlowIgIRAKiOAlLQHDJ6XwcKKWcyXgkXDTE0 +MDUyMTE1MDU1N1owIgIRAIEWUZZjTdtE/qk+IYNs8csXDTE0MDUyMTE1MDgyMlow +IQIQZXnxjmE9Vz7NiEAYUAppWBcNMTQwNTIxMTUyMDIwWjAiAhEArk8jsml7VtEt +FBXDNUxM0BcNMTQwNTIxMTUzMjM4WjAhAhArL9pjKuMrs3+Hfj0ovxS9Fw0xNDA1 +MjExNTMzNTNaMCICEQDg7cbFrZIoXtANzyRLoMn+Fw0xNDA1MjExNTM4MDZaMCEC +EFgLaIeaq2flA/+RJoHzmL8XDTE0MDUyMTE1MzkxNFowIQIQRuVwf7//qw56I0x+ +T5ghIhcNMTQwNTIxMTU0MDEyWjAhAhAQa1c+ddbqI/XIad855p2CFw0xNDA1MjEx +NTQwNDVaMCECECQBOVEhdLb50Cz7ZZcPHncXDTE0MDUyMTE1NDExMlowIQIQTXmT +Vh1VB4pWVk9goHD2khcNMTQwNTIxMTU0MTQwWjAhAhAdnpjznymBgXZrjHavo56C +Fw0xNDA1MjExNTQ1MjBaMCECECtoJSWfjkRXk51bwiOO4dkXDTE0MDUyMTE1NDgx +M1owIQIQEKxTXQw6jZL5RyXckiHVIBcNMTQwNTIxMTU0ODMyWjAhAhBSKsakaIa8 +vX8nWTdoJjp/Fw0xNDA1MjExNTQ4NTBaMCICEQDkJeEizPlUWp1xSSRpBomFFw0x +NDA1MjExNjA5MzdaMCECEE1yF5GJ86MrRNAkKnClv9kXDTE0MDUyMTE2MTA1NVow +IgIRAIHmBO3J34hSsCscwrJFabsXDTE0MDUyMTE2NTgyOVowIQIQbG/OtV6JDGUu +s3XjvRw0nRcNMTQwNTIxMTcwNzQxWjAiAhEA9PcRcvWduqnedDFyAyTM6BcNMTQw +NTIxMTcxMDQ3WjAhAhAiBU9M6kBdycDJ96MrJCQtFw0xNDA1MjExNzExNTFaMCIC +EQDgYxzsJnlHPAyfzlb5ckfIFw0xNDA1MjExNzQzMzFaMCICEQDSpUNEEbfTgb3B +SBOWszQRFw0xNDA1MjExNzQ0MzdaMCECEHC9ebbwGInqIgkW5r6SfkYXDTE0MDUy +MTE3NDY1MFowIgIRAL++4jPxFK7XQks44bABiA8XDTE0MDUyMTE3NDkyM1owIQIQ +e2I3bgHiaZlRS1g8H9/5YBcNMTQwNTIxMTc1MDE0WjAhAhBH6rd7xWcr3P5m9N11 +ZuQlFw0xNDA1MjExNzUwNThaMCICEQDgXSPbtAOmv048tjvo7lfpFw0xNDA1MjEx +NzUxNDVaMCICEQDxMOFQgIJGfteSdgYCq5+4Fw0xNDA1MjExNzUyMzZaMCECEGAi +H6J5XwngUGQVg1SlpWAXDTE0MDUyMTE3NTI1N1owIgIRAIHvnPwlj6Iadxdh6WLD +WTwXDTE0MDUyMTE4MDgxM1owIgIRAJN7Y1FA1BE1a4OaICtxSwwXDTE0MDUyMTE4 +MjE0MFowIQIQSdrmJuWj2E/d87J7zr0zcBcNMTQwNTIxMTgzMDUyWjAiAhEAwQa0 +RGATLIagGxJ/DRPdeBcNMTQwNTIxMTg1NDEwWjAhAhA//UPAdWCrvJnGzJyB4D1n +Fw0xNDA1MjExODU0NDlaMCECEF2zhs4xjZQINbW5GuqzWwsXDTE0MDUyMTE4NTUx +NVowIgIRAO+xtqSRuAJFGN53BQRykMAXDTE0MDUyMTE5MDExOFowIgIRAI/cknUg +iuUqz4QW0vfLzOIXDTE0MDUyMTE5MDcyNlowIgIRAIw66KxR5fxk6rE5Kr22mhoX +DTE0MDUyMTE5NDEzOVowIQIQMru1i0IA3uZ/Iri3HqqAvhcNMTQwNTIxMjAwNDA5 +WjAhAhBpzzoxlUWW/kUNxd2VILeoFw0xNDA1MjEyMDEzMjJaMCECEEKxzypPZadV +1lXNedunHAEXDTE0MDUyMTIwMzIyMlowIgIRAJPp3n0HzT1WfCSWGa7iC9MXDTE0 +MDUyMTIxMTI1M1owIgIRAO7x0HUkyZQIGXFe/A3U7HAXDTE0MDUyMTIxMjUzMVow +IQIQVkmp59AXx+jhs5iLtfGivBcNMTQwNTIyMDUwNDI4WjAiAhEA9HpsHiRTqxQQ +E1/Op5bFFBcNMTQwNTIyMDc1MTQ0WjAhAhAZZDpxVU74LFbH9ubslD0qFw0xNDA1 +MjIxMDEzNTJaMCICEQCQLGIjI9x/LLJw8SOWJuz1Fw0xNDA1MjIxMTU2MzlaMCIC +EQD4i9APvj276ef2rzqNM9HFFw0xNDA1MjIxMjEwMjNaMCECECq+a6zVbbmN6Obm +MqK4TR4XDTE0MDUyMjEyNTYyMFowIQIQJDRXmg7W/tnE6fXwWR4s2RcNMTQwNTIy +MTM1MzU1WjAiAhEA1otiQqmqSGO4JXxZMwZ4rBcNMTQwNTIyMTQyNDQxWjAhAhAx +YCBwxOQEqrwcWs5nRh4BFw0xNDA1MjIxNDQyNTFaMCECEA89udR3M8NkoodEWc6x +Z0cXDTE0MDUyMjE0NDMwNlowIgIRAMXyQtQQ675lb+sxwIFBpnsXDTE0MDUyMjE0 +NDMxNlowIQIQBNI8fI4KNRMJKqM0jEXY9BcNMTQwNTIyMTQ0MzIzWjAiAhEAmMIB +2zXT/9fECoW603j4LBcNMTQwNTIyMTQ0MzI5WjAiAhEAs5qPEW4Un4EbJh98mxeH +XxcNMTQwNTIyMTQ0MzM3WjAiAhEA2JxzpESizum178Spz8qUIRcNMTQwNTIyMTU1 +MDUwWjAhAhBtDkgQZRK2WdJWVk97ZmJLFw0xNDA1MjIxNjEzNTJaMCECEChEyCAx +sLwAh1qE6aWUL40XDTE0MDUyMjE2MjYwNVowIQIQCYNpFt3qU58jZ4CRkXR8IxcN +MTQwNTIyMTYzMjI1WjAhAhB7erhdct4fmK78r3lG7x/pFw0xNDA1MjIxNjMyNDRa +MCECECudAF5TgAqFmSjaihr/LesXDTE0MDUyMjE4MTUyMVowIQIQUPO0x/Ep+ECa +Ff6VwL/mzRcNMTQwNTIyMTgxNjA0WjAhAhAiZ8QtR+TkO/rXK0Z1ZaTLFw0xNDA1 +MjIxODM2MjBaMCICEQCWIS5USrU/bTzrcI6qkhFQFw0xNDA1MjIxODQyNDhaMCIC +EQDPosPA9gtfinA4j+Iehs0jFw0xNDA1MjIxOTAwMjdaMCECEC98Hg9Ct2E2tKeg +kQecUWkXDTE0MDUyMjE5MjgxNlowIQIQebb8UsGp+pLp4AzgAxFOGxcNMTQwNTIy +MTkzODIyWjAiAhEAr8r3tLa/8uge0AtkZ8MRNxcNMTQwNTIyMjA1OTUzWjAiAhEA +4ZVbEL06PtN9AVaje1JvZBcNMTQwNTIyMjEwMDAyWjAiAhEAjRPXrzglBeNfSwAz +sKoJoxcNMTQwNTIyMjEwNDA3WjAhAhBUDlbD2TQQDwRnI2QfIpvUFw0xNDA1MjIy +MjA0MzFaMCECECvqx1pu4rGGN43Vqm65ScAXDTE0MDUyMjIzMTYzNFowIQIQXktO +KuEj1i6oxuJ/hCjMERcNMTQwNTIzMDM0MDA3WjAiAhEA3R/ZYfnxagcGFB6T0O4b +HxcNMTQwNTIzMDM0MDMyWjAhAhAYzu1eZtAQ9bD30xPL9nOZFw0xNDA1MjMwNTAz +MzhaMCECEB53EwOz20Pp1asCzBfZ2mUXDTE0MDUyMzA5NDMyOFowIQIQOjfALhtb +Gf2e5sF+qcNNSBcNMTQwNTIzMTExNTQzWjAhAhA16XNiKYA/Bz7FghilmeK4Fw0x +NDA1MjMxMTI1MjlaMCICEQCQ9yiL7hGR622ZglYqWEqMFw0xNDA1MjMxMzUwMjda +MCICEQDtG03OQlEadCxAjo6Ue5fHFw0xNDA1MjMxMzUwMjlaMCECEElFwOwpq4Bn ++sM2DSBcT7gXDTE0MDUyMzEzNTAzMVowIQIQGHuEeys5I9HXYZ/mSynW2RcNMTQw +NTIzMTM1MDQwWjAhAhBIKCq7jls8hl8Ov4aiWvd7Fw0xNDA1MjMxMzUxMDlaMCIC +EQC6YuL/HIrvtvypE5iVGKR/Fw0xNDA1MjMxNDE2MjZaMCICEQCEsCOo4s3p0Bv0 +2utLf2ksFw0xNDA1MjMxNDM2MjZaMCECEHforX209FfUJgaJzlhOqaYXDTE0MDUy +MzE1MTAxNlowIgIRANmsOfRy5vfCo+UjmfOFJswXDTE0MDUyMzE1MTcyMVowIQIQ +CuqXAxeCXxb6KTQl8/yv6hcNMTQwNTIzMTUyMDA5WjAiAhEA1KBCgd61M4JzK0FR +wZwI/xcNMTQwNTIzMTUyNzAwWjAhAhBoG8yrRQJYSNY4fPrZImQJFw0xNDA1MjMx +NTI3MThaMCECEA+XRoY/fAivFqijHDzjdfQXDTE0MDUyMzE1MzgyMFowIQIQR9wm +icKvqp+fBubvfR9JJhcNMTQwNTIzMTU0MTU2WjAiAhEA5AhfAw/LsJFdQJikq3em +TxcNMTQwNTIzMTYxMzAyWjAiAhEAsAW2ly/la6VlVu/eHfrxnBcNMTQwNTIzMTYx +OTE3WjAiAhEA10qdt6VprEsJIJCu0ls5mxcNMTQwNTIzMTgxNTEzWjAiAhEAgRpS +girkcwMDHz9ehPTd+BcNMTQwNTIzMTgxNjA4WjAiAhEAxZahzgokMQG91i1PzqtX +cxcNMTQwNTIzMTgxNzIyWjAiAhEAyND/xTiTELq77X6r82EdXBcNMTQwNTIzMTky +MzU0WjAiAhEAhfGE63WTU2RHnX/7YzlRYBcNMTQwNTIzMjA0ODQ3WjAhAhAOMgwU +A7n7KisQBa5lmVeWFw0xNDA1MjMyMDQ5MzBaMCICEQDeo8eW26LV2yRLbMq5o8K1 +Fw0xNDA1MjMyMTAwMjNaMCECEAJJvMMA7WkP32yYwe3oYhIXDTE0MDUyMzIxMTQw +OVowIgIRALf9EdhMraqR9yXC5cGiZbQXDTE0MDUyMzIxMTQ1NVowIQIQbdF/5Oee +5C5nzY12lVjFwxcNMTQwNTIzMjEzODUxWjAiAhEAlNM05LcP1zmWik3nDJ8McBcN +MTQwNTIzMjEzOTA0WjAhAhAPTOoTBNCGnTefF7J9+akdFw0xNDA1MjMyMTM5MTda +MCICEQDK0H91d83zRZ3dHu5hrJApFw0xNDA1MjMyMTUzMTlaMCICEQCa3GbWBmlS +1B6PoDiFBX+HFw0xNDA1MjQyMDA2MjZaMCECEEHz+N4L5ZUE/gWn6MzTShwXDTE0 +MDUyNjA5MDcxNVowIQIQVJGO1WhlmHnQy1G6lX48HRcNMTQwNTI2MTE1MTE1WjAh +AhBfVI7Mg2vJyCsPSuU6p3r3Fw0xNDA1MjYxMjA5MzNaMCICEQDwT8Jk3mBgYe9t +qVpnzwuLFw0xNDA1MjYxNDMwNDhaMCECEBP231eGgMEf/jh90eOrKWsXDTE0MDUy +NjE1NDUwN1owIQIQM6jZmazywZ/WG+9ei6Dw8RcNMTQwNTI2MTU0NTIxWjAhAhBs +f4cRYQv3XUuB42IuBTFgFw0xNDA1MjcwNTI3NTBaMCICEQCR5nHpEGS5b5UNj0a+ +3lMyFw0xNDA1MjcwNTI3NTRaMCECEF4+Et2vruEh3GJl8s0ij3EXDTE0MDUyNzEz +Mjc1MFowIQIQcP9kq52G7dJIw0EMYzNQLxcNMTQwNTI3MTQ0NDMyWjAiAhEAz2Yx +4aaGrhuA+xbEHDXGuhcNMTQwNTI3MTQ0NDU0WjAhAhAGGQOba7ZNp2hH9Iw1XauP +Fw0xNDA1MjcxNDQ1MDlaMCECEB3E74mwcfHifN8zTJpwnloXDTE0MDUyNzE1NDIx +MlowIgIRAKBwyYmEOKAtLTu0gRiGym4XDTE0MDUyNzE2MTMwNVowIQIQE++Zj/Xo +mzKTRwGhXPgCJBcNMTQwNTI3MTYzNzE5WjAhAhB1+hUhT1w5anr+J0AwZZuMFw0x +NDA1MjcxNzA3NDlaMCECEBcPPbQKa435lP1IiaMCg7IXDTE0MDUyNzE5MjczN1ow +IgIRAPXp27RKL8pvOHdc32LUQtoXDTE0MDUyNzE5MjgxMlowIQIQQpKSuu9b+ULf +bjyNPA37XxcNMTQwNTI3MTkyODQwWjAhAhB/VfCw7LLhPo0a16AApo9rFw0xNDA1 +MjcxOTI5MjdaMCICEQCUVj/h4k7SVqwYQS3vxrg1Fw0xNDA1MjcxOTMyMDlaMCIC +EQD9/NC3+lM8/6zGMM0S+O/OFw0xNDA1MjcxOTM1NTlaMCECECgD+PCWG5rI1RwH +3S1MmoMXDTE0MDUyNzE5MzY0MlowIQIQHXx2sK0OZqTxzL0uFQgCBxcNMTQwNTI3 +MTkzNzAyWjAiAhEA7LdwHk7hhzP+Yd0KIhe3BRcNMTQwNTI3MjAyOTQzWjAhAhBb +JrMjJSER0xysM/SQwkPKFw0xNDA1MjcyMTAzMjBaMCECEF83W21zolTM33nHrB9c +uOQXDTE0MDUyNzIyMzU0MFowIQIQMQ61ZlGhckH+pSbPa96CFxcNMTQwNTI3MjMx +MTUyWjAiAhEAs+fDmxGSTWuaoZCT6r/GTBcNMTQwNTI4MDUyMzE1WjAhAhBE3em2 +wG0RwWjA7fNgPy3iFw0xNDA1MjgwODUzNDlaMCECEBomnheWQ0BYHTorZDFsjU4X +DTE0MDUyODExMTk1N1owIQIQKtlghM4teb4XIMHqgXTHRRcNMTQwNTI4MTEzNTQy +WjAiAhEAxr7h3sTNaGHeIUjRBsMNOBcNMTQwNTI4MTMxMjUyWjAhAhBx7qdkbNTS +WLpBItM6emZfFw0xNDA1MjgxMzQ5NTdaMCECEFr85aNjM+CB8yLyl4F3cY4XDTE0 +MDUyODE1MDEwNFowIgIRAOV700fI+dSXh6zleRs1uYsXDTE0MDUyODE1MDk0Nlow +IgIRAJ8e/5aC8GZUtTOklr/PKfEXDTE0MDUyODE1MjYwMVowIQIQN5p4PeKTRMYW +iKIniobrNxcNMTQwNTI4MTUzNTUxWjAiAhEA/aebk0VnzPl5Nbb8cGeweBcNMTQw +NTI4MTU0NTQ2WjAhAhAUB8+dhOJmYzb2TI2PTpgbFw0xNDA1MjgxNjAwMThaMCIC +EQDSnwFBQMTjtxf5kzrxs68OFw0xNDA1MjgxNjEzMDdaMCECEA7DpRLGf6G7TbWY +fcObuSQXDTE0MDUyODE2MjYwMlowIQIQCaP51q+BAlvjSE0V3lXk/hcNMTQwNTI4 +MTYyNjM0WjAhAhAy+vmYSF6zLKpOVG01iUFTFw0xNDA1MjgxNjQ0NDFaMCICEQD+ +R3z+ZvI2olmC1MlRavbcFw0xNDA1MjgxNjUxNTBaMCICEQC40fq0fao6wZdh5diV +NiubFw0xNDA1MjgxNzAwMTlaMCECECSleeJ/dhHudMUfFQAFLEEXDTE0MDUyODE3 +MzI1N1owIQIQbf+eTwutvd6mFGPr/vv56RcNMTQwNTI4MTczNjI5WjAiAhEAttnn +YIcQIl/PMTGf6AmwtxcNMTQwNTI4MTc0MTA1WjAhAhAnq8dkGo1msPVlHFTUdnWg +Fw0xNDA1MjgxNzQzMTdaMCICEQCma/tiJ/LYRYZDVGM+CPsfFw0xNDA1MjgxNzUy +MjNaMCECED197SZTn2iR9EeVQzu2JLUXDTE0MDUyODE4NTY1NVowIgIRANp1bbRc +snZ68IxuZUpw+qkXDTE0MDUyODIzMzYyNVowIgIRAMuccpEiTgSpXmJPVlW/yhcX +DTE0MDUyOTAwMTIwM1owIQIQHYzMW01nqS4gBniwyg7AGxcNMTQwNTI5MDAxMjEz +WjAhAhBciwmn9Y1LQiu1Ej6ah7X3Fw0xNDA1MjkwNjAxMTBaMCECEDinO/rXRCRC +IlDEoFdHznYXDTE0MDUyOTA2MDEzNFowIQIQGzP7dGRmzl4x1eCtXroQmRcNMTQw +NTI5MTI0OTEzWjAiAhEA96BKtvWV94o5LQwy+OllWhcNMTQwNTI5MTI1NjU2WjAh +AhApSS6ou/qGzZgb7dlMdttyFw0xNDA1MjkxMzEzMzhaMCICEQD2f0KdLzDjIlNU +DEEat45gFw0xNDA1MjkxMzE4MjBaMCECEEW3YCOfOuGcrXLPV18WYBQXDTE0MDUy +OTEzMjgyNFowIgIRALOFNi1hb8g/tBI9lhycsuEXDTE0MDUyOTE0MTUwNVowIgIR +ALDK2g/E24RPf9joLVU4LGIXDTE0MDUyOTE0MTcxNVowIgIRAKxcrB1GZi5l4q0k +tFCLxa0XDTE0MDUyOTE0MjMyNVowIQIQRq/PWk2txM/hTYQc5xNMuxcNMTQwNTI5 +MTQyNjE5WjAhAhBF4QV9tPHppVB8qAGnDR8ZFw0xNDA1MjkxNDQ0NDJaMCICEQCg +SBfXsccbG+CF4R0jr5xKFw0xNDA1MjkxNDQ2MTFaMCECEDjgNrs6ycyYvvV9eFsC +wh4XDTE0MDUyOTE0NDc1OFowIQIQavPzyEe7Hm4NlJRek02whRcNMTQwNTI5MTUy +MDI5WjAiAhEAvXEpdE3vzeTO/o1G8U48KxcNMTQwNTI5MTU1MjQ3WjAhAhAxI1Zz +iuh+kD2K78JnJA9ZFw0xNDA1MjkxNjEzMDdaMCICEQDOQWLjIoAncJSyhAeIPaHj +Fw0xNDA1MjkxNjEzMzVaMCICEQC2820dur3oY4a2ymXamblXFw0xNDA1MjkxNzIw +MDlaMCECEB2koXnLCX9tmRMiNj1GZXAXDTE0MDUyOTE3MjU0OVowIgIRAOcOexE+ +tJXNskyo36dkxJgXDTE0MDUyOTE3MjkwN1owIQIQRcOomW7wkf14WiIy4taEvBcN +MTQwNTI5MTc0NjAwWjAhAhBNPexnk9wAV8yXB/lqUxfxFw0xNDA1MjkxODA4Mjda +MCICEQDNKwdoA8A6hiLqY5IRzTujFw0xNDA1MjkyMDU4MTJaMCICEQCxEWbMIXZO +Oezgdrjal6JhFw0xNDA1MzAxMDM2MjhaMCECEDbgpvuAaiGTO+m5ftT2mUIXDTE0 +MDUzMDEyMTMzN1owIgIRAPPvSK9qOG0+HDVxwU8Rh0AXDTE0MDUzMDEyNDIyM1ow +IgIRAK7/m3ssCmDtmmhfWOmrT4MXDTE0MDUzMDEzMTUxOFowIQIQbGVxAv1dyfyG +Cy1A80GW9xcNMTQwNTMwMTMxNTI1WjAiAhEAou4fma27eeGgGwzR4XoetxcNMTQw +NTMwMTMyNjUxWjAiAhEAtOyBB5Oiy5kNsZAR1oWRAhcNMTQwNTMwMTMyODM2WjAi +AhEAhPV+Cc+OLtI/lL6sEpaa0hcNMTQwNTMwMTMzMzA5WjAhAhA28U18xuX/4O5q +kMu8wQbPFw0xNDA1MzAxMzU4MDVaMCICEQCZuUb9zjXmKVxIr2f4OYWOFw0xNDA1 +MzAxMzU5MjBaMCICEQCvdv3r31zY0+mLB2mI0G+vFw0xNDA1MzAxNDAyMjFaMCEC +EEPiQHzbYf85QTwPmaKp3msXDTE0MDUzMDE0MTE1MFowIgIRAPk26UDQYw+AjNYF +nEoJEmAXDTE0MDUzMDE0MTIxMVowIgIRAOx2Y+1NaLVgvYvWjJCGEfEXDTE0MDUz +MDE0MTQwMlowIQIQO88JZSvzggyKsGKXUuHEAxcNMTQwNTMwMTQxNDI5WjAiAhEA +4Io/FCKDB4guJpWmVwFOjhcNMTQwNTMwMTQxNzA2WjAhAhAVQXpiYXrtPo1RQf9t +gm9sFw0xNDA1MzAxNDIwMDhaMCECEEpW4fm9mzELKrAF7UaghkIXDTE0MDUzMDE0 +MjA1NVowIgIRAKTqn3YihdvlfDfS0t50UwEXDTE0MDUzMDE0MjQ1OFowIgIRALue +ugBjwvgradzTc2Q4mwoXDTE0MDUzMDE0NDk0N1owIQIQAUTH2ieDgpN1wJrn1ZN+ +PRcNMTQwNTMwMTQ1MzU1WjAiAhEAuxNtAxe2lcexUh03Vw9K1hcNMTQwNTMwMTUx +MzA0WjAiAhEA2cPeu5vJOc6OS8jGEz21phcNMTQwNTMwMTUxNDM4WjAiAhEAqbJr +ywDAdTF9XJBF0bMP3hcNMTQwNTMwMTUyNzMxWjAiAhEAw4bTPp7Xz0GgEFcWpm+t +nxcNMTQwNTMwMTU0NDIwWjAiAhEA/mKey9EN1H6u02cUN/dBShcNMTQwNTMwMTYx +MzQ0WjAiAhEAmrIoNxJACit8M/GOC1bo8xcNMTQwNTMwMTYzNzU0WjAhAhA7JMoi +ZgGvedzXW0UMHsAvFw0xNDA1MzAxODExMjdaMCECEBQJt5VG0TzKP9q/6fG3Uc0X +DTE0MDUzMDE4NDE0MlowIQIQcwejTYJodj7nEy5mkQgdIRcNMTQwNTMwMTg1MDUw +WjAhAhB+B4gGKZBqaYE+E0M2BGXGFw0xNDA1MzAyMjQwNDNaMCECEHWVON0kQ0Dg +oeoLj6B9VBMXDTE0MDUzMDIyNDIwNlowIgIRAMBDOpKuz2SLpEqgly9PvEsXDTE0 +MDUzMDIzMTA0M1owIgIRALRbDo2o1JeWpV0wHzv9VusXDTE0MDUzMTE4MjYyNFow +IgIRANfHC7RUwVyX5sRFrZwwNtQXDTE0MDYwMTIzMjYzOFowIQIQVREtZQT6omE9 +NrBQLQwkKhcNMTQwNjAxMjM0OTU4WjAhAhBaIYT0onokPHGCuDeNbvaIFw0xNDA2 +MDEyMzUyMTlaMCICEQC0V4GYxMZxfbA0JkFRb7wsFw0xNDA2MDIwMTM5MTZaMCEC +EFdJpGxSxdT+O/joHVKGFf4XDTE0MDYwMjEzMTIzNVowIgIRANCJ1ih8UN/Bgfvy +lTw2jxQXDTE0MDYwMjEzMTQwNlowIQIQJBsAogxYht4kp/mkwkD7oRcNMTQwNjAy +MTMzMDU0WjAiAhEAuNIYuqLPJWrdSE8+jbCapBcNMTQwNjAyMTQzNzQ2WjAhAhAJ +suAB8tyITI+LMWNSDMfxFw0xNDA2MDIxNDM5MzJaMCECEERvqm1h5KZe2f7o49+Z +eScXDTE0MDYwMjE0NDAyOVowIQIQa86iCzYAXlWXSVgl9DQUMxcNMTQwNjAyMTQ0 +NjE3WjAiAhEAmGak+bdSqsuvegQaVwIZFxcNMTQwNjAyMTQ0OTA1WjAhAhBR2Q3C +oopVXDMOC7N0GCA+Fw0xNDA2MDIxNTA1NDRaMCICEQDX9TIaKUxn9hzmo216xTXB +Fw0xNDA2MDIxNTMwMTdaMCECEHIaObGUkqHaQz/4115xgroXDTE0MDYwMjE1MzE1 +MFowIgIRAL3nTjnrL3pLDBZUsU/OdJUXDTE0MDYwMjE1NDgyM1owIgIRAIDXIZVl +6l1GSbinAw8KgmwXDTE0MDYwMjE2MzkwMlowIgIRAJuJoMvay6ukGIpDkCLZJC4X +DTE0MDYwMjE2Mzk0OVowIQIQe3fQ+X8RrduJP2+TDEbKYhcNMTQwNjAyMTcyMzA4 +WjAhAhBAjE5X7amblGH9QOFsvdm1Fw0xNDA2MDIxNzMxMzJaMCICEQCmxnCJND/c +OeHVz/sD2/k3Fw0xNDA2MDIxNzM5NTZaMCICEQCu4jy8U0R6EWz7/cIHjhNWFw0x +NDA2MDIxNzQzMzZaMCECEDTAQnonDGBS6tLNWID0q8YXDTE0MDYwMjE5MTA1NFow +IQIQRog1z5Z/kQlXLKBlOxDNpRcNMTQwNjAyMTkyNjE1WjAiAhEAnhcq1Hko3uZD +UM2olpEDwxcNMTQwNjAyMTkzNjM3WjAhAhBGqhdZOipJYIqyE32Oc+AkFw0xNDA2 +MDIxOTU5NTFaMCECEHvp1H8As54ezjxNbdRDXP0XDTE0MDYwMjIwMTIzNFowIgIR +ANX39cM/WGRQ8G2Gg4D5Nu8XDTE0MDYwMjIwMTU0MlowIQIQPK9bXIGWvnE8grRH +zJ1XSBcNMTQwNjAyMjAzNzA0WjAiAhEAyR2DUZ8TIWyuy6YFISHEgBcNMTQwNjAy +MjA1NzU3WjAhAhBGIDWZm+XZmmpRylxImbNaFw0xNDA2MDIyMDU5MjJaMCECEDGA +N4s4IZo21L/jUtNjhgYXDTE0MDYwMjIxMDA0NFowIgIRAKDq2OxilYaCboNtFhSQ +VkIXDTE0MDYwMjIyMDMzMlowIgIRAJcTAsNNOXYpZuXGDiqbOToXDTE0MDYwMjIz +NDQyOVowIQIQRYO2V/s7hURRuT31UnE8FBcNMTQwNjAzMTAxMjM3WjAiAhEAn5Pv +9ou3I2cch13HmEwTbxcNMTQwNjAzMTMyMTEzWjAiAhEA7qU7R0P2ADpOjjR2c3GL +tRcNMTQwNjAzMTMyMjAxWjAiAhEAtvl05miIW5xt7oM8giK3KBcNMTQwNjAzMTMz +NjQxWjAhAhBeoofQq5fcqTM44nxP/GnFFw0xNDA2MDMxMzU0MTRaMCICEQCkJFP3 +U/A+XIIrsyTR/56AFw0xNDA2MDMxNDA2MDRaMCICEQCZVsRcDrBB/hUjR3401iD4 +Fw0xNDA2MDMxNDA5MzRaMCICEQCWbdgB1ybGjPoXp8TJAy93Fw0xNDA2MDMxNDEw +NDZaMCECEA7LVa9kADceqNTGNq+nnJcXDTE0MDYwMzE0MzIxNlowIQIQVC9qoMAG +nBb4XI92bA99bxcNMTQwNjAzMTQ1MzMyWjAhAhBbN6RdoSIfn/1RwISlte4ZFw0x +NDA2MDMxNTA3MzNaMCICEQDrVY/eHSjCh8Jcd236FeCYFw0xNDA2MDMxNTUzMDha +MCECEGQzwOX0lcLFIu3yz72dttMXDTE0MDYwMzE2MTM1MlowIgIRAKZjLSzld077 +V8eec36jYNQXDTE0MDYwMzE2MTUwOFowIgIRAPWlV7xgL6nbqP81Zy5M6dkXDTE0 +MDYwMzE2MTU0MFowIgIRAN8fx5wu7gvH8OnrvADzA7oXDTE0MDYwMzE2MjYxNlow +IQIQYwQdvFZfvU2+S9Ljg1c40BcNMTQwNjAzMTY1NTA0WjAiAhEAtdXgmDdIO7FT +Pw1sqLu/0xcNMTQwNjAzMTcyOTM1WjAhAhBa6afSOSWXUZ8mytFBh8eqFw0xNDA2 +MDMxNzMxMDNaMCICEQD6z/fAnH7wPz4NljCszqf2Fw0xNDA2MDMxOTQ1MTJaMCIC +EQDmRRqelKbZJZM1TNHvYRkrFw0xNDA2MDMxOTQ5MTNaMCICEQDEOj1rejJ81k9s +vbFtbsdoFw0xNDA2MDMxOTU1NDdaMCICEQDN7qlFdlh/fNfd9fyUJ2VfFw0xNDA2 +MDMxOTU5MjFaMCECEAGhtfMa8IkgzIt2Bjs6TGcXDTE0MDYwMzIwMTY0MlowIgIR +AP0QrNU8WjaOxcZI4SafXvYXDTE0MDYwMzIwMTc0NlowIQIQbV0rLV2HbFu7wZ3H +/RiO6BcNMTQwNjAzMjAxODU1WjAiAhEArreps1yC/SXVZHAepsQlKhcNMTQwNjAz +MjAxOTM1WqAwMC4wHwYDVR0jBBgwFoAUP9W10NZEeVBKF6ObjErcuLAiZGswCwYD +VR0UBAQCAgYEMA0GCSqGSIb3DQEBBQUAA4IBAQA3vD3SX/rQyXfjmOjkj76Uv/hF +IEqsy3vqmdcI+mEGPIyoNMQ8exwEa//iky9MASskUzgBrp5rPwAWNCHAiHLp9C+3 +rlJYwKiSDYpQs1G7STzDQTYY0+pTkW8U/jXs88WXi03vlF35z0iIiWktOt79f2d8 +771BImFmzqs3Mn2vSPebbpZiYd3Sfq4h1ZtQr9Tt+Jeg1W6TZU/vWL1m8o1ZkbtE +28XA3sREsSxBkj2OfabxWTMeTAEaPdwWV9B/6BtpEQOzwJIWZ2r1GiQSI/mehxrF +HuDc9SviNg36+foQEwjRQkwFo8m/mn0a+b9+GKRe8YsgHkzq0cVIv6CRevMy +-----END X509 CRL----- diff --git a/tests/data/pkcs7-cat-ca.pem b/tests/data/pkcs7-cat-ca.pem new file mode 100644 index 0000000..884a191 --- /dev/null +++ b/tests/data/pkcs7-cat-ca.pem @@ -0,0 +1,103 @@ +-----BEGIN CERTIFICATE----- +MIIFaDCCBFCgAwIBAgITMwAAAB4ljnxCUcXR+gABAAAAHjANBgkqhkiG9w0BAQUF +ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT +B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE1MDMGA1UE +AxMsTWljcm9zb2Z0IFdpbmRvd3MgSGFyZHdhcmUgQ29tcGF0aWJpbGl0eSBQQ0Ew +HhcNMTUwODE4MTgwMzU5WhcNMTYxMTE4MTgwMzU5WjCBoDELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT +FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UECxMETU9QUjE7MDkGA1UEAxMy +TWljcm9zb2Z0IFdpbmRvd3MgSGFyZHdhcmUgQ29tcGF0aWJpbGl0eSBQdWJsaXNo +ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0T8mJvC7jS8JlVaBK +u2QmH32PEXDADrEY550UUhMshTNjGiPOKAOlWyyWqNfjgv1D/gvr8TrKU/VNPagm +g6hWCBhPR+4gf9U4MfrBGaJ1D/7GtrpiczVrLb8OjdiyILO1gRxrBJ1F9GB4ClK8 +JeFq2GZV3kdwKi9+fZiuNnd/bMmE41V5nGc0Y9/iaRCx/fevstXY02ugS7b2SWAM +E9eEuToXtFekE50dPACxLzJKMkRlGAnZaCcxkJ5LVUdKVxsSBQ5WDIO/8EL3FBJb +Ommin+eAZaKs4jGVJUTbkXm9OqxjJVmNX7HyknUTO4oM1IWj4U4HVErEf7cewaht +UMspAgMBAAGjggGsMIIBqDAfBgNVHSUEGDAWBggrBgEFBQcDAwYKKwYBBAGCNwoD +BTAdBgNVHQ4EFgQUq8xkJml7DihPiwEa71js/Ux0JvwwUQYDVR0RBEowSKRGMEQx +DTALBgNVBAsTBE1PUFIxMzAxBgNVBAUTKjMxNjQxKzE4YjlmYjdlLTcwYmMtNGFh +OC1iMTYwLTA0NTRkMjhhYTViNDAfBgNVHSMEGDAWgBQozO9hpHy8P5Zr9g0if2or +gIg+LTB2BgNVHR8EbzBtMGugaaBnhmVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20v +cGtpL0NSTC9wcm9kdWN0cy9NaWNyb3NvZnQlMjBXaW5kb3dzJTIwSGFyZHdhcmUl +MjBDb21wYXRpYmlsaXR5JTIwUENBKDEpLmNybDB6BggrBgEFBQcBAQRuMGwwagYI +KwYBBQUHMAKGXmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWlj +cm9zb2Z0JTIwV2luZG93cyUyMEhhcmR3YXJlJTIwQ29tcGF0aWJpbGl0eSUyMFBD +QSgxKS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAKEe7l/ZvxP2YahM0oz0kSWIVSLH +QJ2QZU2dr6l6wd1u4lcUWZLe+WyBfR7/rUEwuaZ9QIgTmuAbPq2R8U7fqNZz6t8G +02MpBBvrodBBh4wgFvUCyHtrF+DlVFF/3OOcG1ntR4CC9z5L1lkrsKLBYxse/L+N +Ndq3LPmlRaSipumnPyWytH8ttso8QB3T2Hoa8uEtkU0g3w8KudveM33peya9JIAS +xesCB89EfCV3FVqHSVdHDBWghurBUG+MT494meaICh8ihSl/vvI1/oznFIGK/oQn +pCX6u0si7RkLdP6Uv2F8LBcFY+T0ILew1fR1GNErved+XHKVbVUSE9aGGiM= +-----END CERTIFICATE----- + +-----ABEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgITMwAAADguUOhqmJ2VfwAAAAAAODANBgkqhkiG9w0BAQUF +ADBfMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9z +b2Z0MS0wKwYDVQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMTIwNjA0MjEwNTQ2WhcNMjAwNjA0MjExNTQ2WjCBizELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV +BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE1MDMGA1UEAxMsTWljcm9zb2Z0IFdp +bmRvd3MgSGFyZHdhcmUgQ29tcGF0aWJpbGl0eSBQQ0EwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCsge7/cvvtvGEDyhF28m5hWnKgIgiQb+M/TWny9z0m +bEBUJARQMARhfcmZFTNt+xWD4xLPR5YXA7iQW8vLXC4batD6Y06OZYHxDlXA60Uy +fCjwWrXhSMlQbvUAn0GhtVcRYrfS1+cYFM1H9LNxX27jc0Qo4cof5LlAUBYcAURo +blBRbpI+h7NDIXW5wqEug0J3F0kDErCaeWxqLUU+ETWLlCsicZBjZbPysBO26bBg +rclcwivZU5bg88D6WkH9FWRKmAAiLZ1mfAQsvHap7thWmdGmX7xoEODzK9E5JAqT +ByQxDl+7n7JZ0q3UJ3t639erUtZuyIkuIBczgAEmigunAgMBAAGjggFeMIIBWjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQozO9hpHy8P5Zr9g0if2orgIg+LTAL +BgNVHQ8EBAMCAYYwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQU +csgQ1cQCzn5FX6fciH4uYY/yDHEwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEw +HwYDVR0jBBgwFoAUDqyCYEBWJ5flJRP8KuEKU5VZ5KQwUAYDVR0fBEkwRzBFoEOg +QYY/aHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvbWlj +cm9zb2Z0cm9vdGNlcnQuY3JsMFQGCCsGAQUFBwEBBEgwRjBEBggrBgEFBQcwAoY4 +aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNyb3NvZnRSb290 +Q2VydC5jcnQwDQYJKoZIhvcNAQEFBQADggIBAA3fmJmTGKEfF3qxNQ+/Nqdn8Zqu +nStoePAN9GvlUeGiAGx99k9Uk3apKcktFcsehL/e21NjjJn1GevB4MExaSn4CP7r +QJihdCoIXh218GSynkXVHsCC25SNZifFwT2M7DGpTiaCwuOhHR95WVe1lZ4r8Vc1 +8WXuUyM2/XJQRy9WSxEMAzFl6dFR6Ey7GBZsR5vxk8ytevtOClp99VVGc+69nMfp +VhbFvcH0MjaY9n5iTl3lRxee6KLvGgNva1NnkNi3mN61ZSeaLvfWBphoPlclgpBQ +dEx59XCmCtWipC3KhmO0qkA6Q85B7XYFPVCdvv4K+L4ApwNDnn4w+CxD0EzV5OXM +/qi8fg2CfJMaMntfYNto1hWSqWRPtzvoEu0ugZGt1V5TVpXN61eR4pDhosipJiUi +gDhdBIgS4DMiXYSQJj5P3DarcEJZI6eNaqE6xvcdEm8REPr1zzw/GIAmIcVe2sQ1 +YdkAKwywKH7jfyrHFZ9/Cf7mf4cB7Q851Q4bnf6vFhFq8wHQwBveFDmZIwDfnkcH +fWKTaRy9xKqm/LrAcf6ouPOuyQNBKDNKwVNYQJuLg3FQPZ+6PyyIT8ZIsFs5CO1x +CuJsdQnvElPWD8GWQSCfT4jQaVmSvPJVXnmQhvkpEhrNN4BXxtPGi5srYzeHAanM +um5QwMgMd80KU3me +-----END CERTIFICATE----- + +-----ABEGIN CERTIFICATE----- +MIIGBzCCA++gAwIBAgIKYRZoNAAAAAAAHDANBgkqhkiG9w0BAQUFADBfMRMwEQYK +CZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MS0wKwYD +VQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcw +NDAzMTI1MzA5WhcNMjEwNDAzMTMwMzA5WjB3MQswCQYDVQQGEwJVUzETMBEGA1UE +CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z +b2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgVGltZS1TdGFtcCBQ +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfoWyx39tIkip8ay4Z +4b3i48WZUSNQrc7dGE4kD+7Rp9FMrXQwIBHrB9VUlRVJlBtCkq6YXDAm2gBr6Hu9 +7IkHD/cOBJjwicwfyzMkh53y9GccLPx754gd6udOo6HBI1PKjfpFzwnQXq/QsEIE +ovmmbJNn1yjcRlOwhtDlKEYuJ6yGT1VSDOQDLPtqkJAwbofzWTCd+n7Wl7PoIZd+ ++NIT8wi3U21StEWQn0gASkdmEScpZqiX5NMGgUqi+YSnEUcUCYKfhO1VeP4Bmh1Q +CIUAEDBG7bfeI0a7xC1Un68eeEExd8yb3zuDk6FhArUdDbH895uyAc4iS1T/+QXD +wiALAgMBAAGjggGrMIIBpzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjNPjZ +UkZwCu1A+3b7syuwwzWzDzALBgNVHQ8EBAMCAYYwEAYJKwYBBAGCNxUBBAMCAQAw +gZgGA1UdIwSBkDCBjYAUDqyCYEBWJ5flJRP8KuEKU5VZ5KShY6RhMF8xEzARBgoJ +kiaJk/IsZAEZFgNjb20xGTAXBgoJkiaJk/IsZAEZFgltaWNyb3NvZnQxLTArBgNV +BAMTJE1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eYIQea0WoUqg +pa1Mc1j0BxMuZTBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwOi8vY3JsLm1pY3Jvc29m +dC5jb20vcGtpL2NybC9wcm9kdWN0cy9taWNyb3NvZnRyb290Y2VydC5jcmwwVAYI +KwYBBQUHAQEESDBGMEQGCCsGAQUFBzAChjhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j +b20vcGtpL2NlcnRzL01pY3Jvc29mdFJvb3RDZXJ0LmNydDATBgNVHSUEDDAKBggr +BgEFBQcDCDANBgkqhkiG9w0BAQUFAAOCAgEAEJeKw1wDRDbd6bStd9vOeVFNAbEu +dHFbbQwTq86+e4+4LtQSooxtYrhXAstOIBNQmd16QOJXu69YmhzhHQGGrLt48ovQ +7DsB7uK+jwoFyI1I4vBTFd1Pq5Lk541q1YDB5pTyBi+FA+mRKiQicPv2/OR4mS4N +9wficLwYTp2OawpylbihOZxnLcVRDupiXD8WmIsgP+IHGjL5zDFKdjE9K3ILyOpw +Pf+FChPfwgphjvDXuBfrTot/xTUrXqO/67x9C0J71FNyIe4wyrt4ZVxbARcKFA7S +2hSY9Ty5ZlizLS/n+YWGzFFW6J1wlGysOUzU9nm/qhh6YinvopspNAZ3GmLJPR5t +H4LwC8csu89Ds+X57H2146SodDW4TsVxIxImdgs8UoxxWkZDFLyzs7BNZ8ifQv+A +eSGAnhUwZuhCEl4ayJ4iIdBD6Svpu/RIzCzU2DKATCYqSCRfWupW76bemZ3KOm+9 +gSd0BhHudiG/m4LBJ1S2sWo9iaF2YbRuoROmv6pH8BJv/YoybLL+31HIjCPJZr2d +HYcSZAI9La9Zj7jkIeW1sMpjtHhUBdRBLlCslLCleKuzoJZ1GtmShxN1Ii8yqAhu +oFuMJb+g74TKIdbrHk/Jmu5J4PcBZW+JC33Iacjmbuqnl84xKf8OxVtc2E0bodj6 +L54/LlUWa8kTo/0= +-----END CERTIFICATE----- + diff --git a/tests/data/test1.cat b/tests/data/test1.cat new file mode 100644 index 0000000..543e62a Binary files /dev/null and b/tests/data/test1.cat differ diff --git a/tests/data/test1.cat.data b/tests/data/test1.cat.data new file mode 100644 index 0000000..e0bac4c Binary files /dev/null and b/tests/data/test1.cat.data differ diff --git a/tests/data/test1.cat.out b/tests/data/test1.cat.out new file mode 100644 index 0000000..d5b2076 --- /dev/null +++ b/tests/data/test1.cat.out @@ -0,0 +1,7014 @@ +eContent Type: 1.3.6.1.4.1.311.10.1 +Signers: + Signer's issuer DN: CN=Microsoft Windows Hardware Compatibility PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US + Signer's serial: 330000001e258e7c4251c5d1fa00010000001e + Signature Algorithm: RSA-SHA1 + Signed Attributes: + 1.3.6.1.4.1.311.2.1.12: 3064a030802e004800650077006c006500740074002d005000610063006b00610072006400200043006f006d00700061006e0079a130802e687474703a2f2f7777772e6d6963726f736f66742e636f6d2f776864632f68636c2f64656661756c742e6d737078 + messageDigest: 04141c448883117564c1fe830b2833c0ef6b83030c0e + 1.3.6.1.4.1.311.2.1.11: 300c060a2b060104018237020115 + contentType: 06092b0601040182370a01 + Unsigned Attributes: + countersignature: 3082021102010130818e3077310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3121301f060355040313184d6963726f736f66742054696d652d5374616d7020504341021333000000af5347776c1bf1a3020000000000af300906052b0e03021a0500a05d301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3136303931333231313930395a302306092a864886f70d01090431160414d488cf8097e0d20f170aa7cff5414d9dc2f28f7b300d06092a864886f70d01010505000482010016dcd01f53ac52f8f37898f02352716c9de8dcdee53a2dfb243d503b31f252878e54c5716cd2f2237b82a1269322c50ed304c00a85e50c47b3ce43b2dfff9d1d8032541e28216281e715407b8cbe565fee869aa0e6fb6f421c1c5516c7fead80c1c2117998b0a754bb0683971d78a864707349514121bf2158305d672f8800ea02bd266c198afc22449f4579d7f0db337919accd8f8093539e1d24e5c89c0c1f9734ea8f9bec2ce9ff9f22f9649069b759ba05967742615a3953645572eddb4c5006b6fd4c6226beded0038548ed82d3993b17b473ca75e9891d524be5c39ec422d7a78baaa475bf1aa0e196d7db1858edcacea1ef34b2655772ab8fca3c7766 + +Number of certificates: 4 + +-----BEGIN CERTIFICATE----- +MIIEwzCCA6ugAwIBAgITMwAAAK9TR3dsG/GjAgAAAAAArzANBgkqhkiG9w0BAQUF +ADB3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH +UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQD +ExhNaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EwHhcNMTYwNTAzMTcxMzI1WhcNMTcw +ODAzMTcxMzI1WjCBszELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x +EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv +bjENMAsGA1UECxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNOOjMxQzUt +MzBCQS03QzkxMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNl +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIU6bFARsNjTYwC3p63c +eKHrpHQuCZTbNDUUaayYlNptTs9au9YI+P9IBOKErcKjXkxftzeQaum86O7IGQlJ +Pvqr0Cms32bitA6yECmWddujRimd4ULql8Imc452jaG1pjiPfq8uZcTgYHkJ5/AM +Q+K2NuGTLEw4//BTmnBMOugRKUuUZcVQZG+E9wot5slnIe1p/VgYpt8DejA4crXF +zAeAXtj4XEY7NdE351GaIET0Y1LeKdWjnwhz2dqjhX2BJE/HDid/HYv3bnrgHBlH +fmOTkaB799B8amERbJjNJfqrCKofWxUBWq7R1iStUCFjSSvt+Q/OS2aoYsLXObA2 +rwIDAQABo4IBCTCCAQUwHQYDVR0OBBYEFGgYUtBYbEj/U4U9IDez4/ZMdPF4MB8G +A1UdIwQYMBaAFCM0+NlSRnAK7UD7dvuzK7DDNbMPMFQGA1UdHwRNMEswSaBHoEWG +Q2h0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY3Jv +c29mdFRpbWVTdGFtcFBDQS5jcmwwWAYIKwYBBQUHAQEETDBKMEgGCCsGAQUFBzAC +hjxodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY3Jvc29mdFRp +bWVTdGFtcFBDQS5jcnQwEwYDVR0lBAwwCgYIKwYBBQUHAwgwDQYJKoZIhvcNAQEF +BQADggEBAIz32N/DMfk74OzCmb8uSgdkrVDlMU0+O4OWsClrjoUq0o6w2qNxSX+n +zxxbt7e7paBO+0pyf2m4XaGBLfuZW8lBRC2mR+U5K1wXzZTqy/3v1dIKyngU2cPT +1L8yaC5v6FkpDljzBfslTmPvPljhN41uKTifBPqxpO+H41lCVaG/zN6HDovSoSt8 +jMOh01+9VCUsbccY6J7D9iT3erE1a0FVXy7cn9mDckXaeAOfz8cMJWlcNWqN1J+D +jUWpArxwQjVX+gxC1CUx8Z1aA+HSBfbCXaOAtLRni3VUf1Wje/mHZevDfUkM2gKd +9TcEu2IN1pDcWnjcSb5KLOPfSOU7Xz8= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIFaDCCBFCgAwIBAgITMwAAAB4ljnxCUcXR+gABAAAAHjANBgkqhkiG9w0BAQUF +ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT +B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE1MDMGA1UE +AxMsTWljcm9zb2Z0IFdpbmRvd3MgSGFyZHdhcmUgQ29tcGF0aWJpbGl0eSBQQ0Ew +HhcNMTUwODE4MTgwMzU5WhcNMTYxMTE4MTgwMzU5WjCBoDELMAkGA1UEBhMCVVMx +EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT +FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UECxMETU9QUjE7MDkGA1UEAxMy +TWljcm9zb2Z0IFdpbmRvd3MgSGFyZHdhcmUgQ29tcGF0aWJpbGl0eSBQdWJsaXNo +ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0T8mJvC7jS8JlVaBK +u2QmH32PEXDADrEY550UUhMshTNjGiPOKAOlWyyWqNfjgv1D/gvr8TrKU/VNPagm +g6hWCBhPR+4gf9U4MfrBGaJ1D/7GtrpiczVrLb8OjdiyILO1gRxrBJ1F9GB4ClK8 +JeFq2GZV3kdwKi9+fZiuNnd/bMmE41V5nGc0Y9/iaRCx/fevstXY02ugS7b2SWAM +E9eEuToXtFekE50dPACxLzJKMkRlGAnZaCcxkJ5LVUdKVxsSBQ5WDIO/8EL3FBJb +Ommin+eAZaKs4jGVJUTbkXm9OqxjJVmNX7HyknUTO4oM1IWj4U4HVErEf7cewaht +UMspAgMBAAGjggGsMIIBqDAfBgNVHSUEGDAWBggrBgEFBQcDAwYKKwYBBAGCNwoD +BTAdBgNVHQ4EFgQUq8xkJml7DihPiwEa71js/Ux0JvwwUQYDVR0RBEowSKRGMEQx +DTALBgNVBAsTBE1PUFIxMzAxBgNVBAUTKjMxNjQxKzE4YjlmYjdlLTcwYmMtNGFh +OC1iMTYwLTA0NTRkMjhhYTViNDAfBgNVHSMEGDAWgBQozO9hpHy8P5Zr9g0if2or +gIg+LTB2BgNVHR8EbzBtMGugaaBnhmVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20v +cGtpL0NSTC9wcm9kdWN0cy9NaWNyb3NvZnQlMjBXaW5kb3dzJTIwSGFyZHdhcmUl +MjBDb21wYXRpYmlsaXR5JTIwUENBKDEpLmNybDB6BggrBgEFBQcBAQRuMGwwagYI +KwYBBQUHMAKGXmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWlj +cm9zb2Z0JTIwV2luZG93cyUyMEhhcmR3YXJlJTIwQ29tcGF0aWJpbGl0eSUyMFBD +QSgxKS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAKEe7l/ZvxP2YahM0oz0kSWIVSLH +QJ2QZU2dr6l6wd1u4lcUWZLe+WyBfR7/rUEwuaZ9QIgTmuAbPq2R8U7fqNZz6t8G +02MpBBvrodBBh4wgFvUCyHtrF+DlVFF/3OOcG1ntR4CC9z5L1lkrsKLBYxse/L+N +Ndq3LPmlRaSipumnPyWytH8ttso8QB3T2Hoa8uEtkU0g3w8KudveM33peya9JIAS +xesCB89EfCV3FVqHSVdHDBWghurBUG+MT494meaICh8ihSl/vvI1/oznFIGK/oQn +pCX6u0si7RkLdP6Uv2F8LBcFY+T0ILew1fR1GNErved+XHKVbVUSE9aGGiM= +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgITMwAAADguUOhqmJ2VfwAAAAAAODANBgkqhkiG9w0BAQUF +ADBfMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9z +b2Z0MS0wKwYDVQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMTIwNjA0MjEwNTQ2WhcNMjAwNjA0MjExNTQ2WjCBizELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV +BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE1MDMGA1UEAxMsTWljcm9zb2Z0IFdp +bmRvd3MgSGFyZHdhcmUgQ29tcGF0aWJpbGl0eSBQQ0EwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQCsge7/cvvtvGEDyhF28m5hWnKgIgiQb+M/TWny9z0m +bEBUJARQMARhfcmZFTNt+xWD4xLPR5YXA7iQW8vLXC4batD6Y06OZYHxDlXA60Uy +fCjwWrXhSMlQbvUAn0GhtVcRYrfS1+cYFM1H9LNxX27jc0Qo4cof5LlAUBYcAURo +blBRbpI+h7NDIXW5wqEug0J3F0kDErCaeWxqLUU+ETWLlCsicZBjZbPysBO26bBg +rclcwivZU5bg88D6WkH9FWRKmAAiLZ1mfAQsvHap7thWmdGmX7xoEODzK9E5JAqT +ByQxDl+7n7JZ0q3UJ3t639erUtZuyIkuIBczgAEmigunAgMBAAGjggFeMIIBWjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQozO9hpHy8P5Zr9g0if2orgIg+LTAL +BgNVHQ8EBAMCAYYwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQU +csgQ1cQCzn5FX6fciH4uYY/yDHEwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEw +HwYDVR0jBBgwFoAUDqyCYEBWJ5flJRP8KuEKU5VZ5KQwUAYDVR0fBEkwRzBFoEOg +QYY/aHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvbWlj +cm9zb2Z0cm9vdGNlcnQuY3JsMFQGCCsGAQUFBwEBBEgwRjBEBggrBgEFBQcwAoY4 +aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNyb3NvZnRSb290 +Q2VydC5jcnQwDQYJKoZIhvcNAQEFBQADggIBAA3fmJmTGKEfF3qxNQ+/Nqdn8Zqu +nStoePAN9GvlUeGiAGx99k9Uk3apKcktFcsehL/e21NjjJn1GevB4MExaSn4CP7r +QJihdCoIXh218GSynkXVHsCC25SNZifFwT2M7DGpTiaCwuOhHR95WVe1lZ4r8Vc1 +8WXuUyM2/XJQRy9WSxEMAzFl6dFR6Ey7GBZsR5vxk8ytevtOClp99VVGc+69nMfp +VhbFvcH0MjaY9n5iTl3lRxee6KLvGgNva1NnkNi3mN61ZSeaLvfWBphoPlclgpBQ +dEx59XCmCtWipC3KhmO0qkA6Q85B7XYFPVCdvv4K+L4ApwNDnn4w+CxD0EzV5OXM +/qi8fg2CfJMaMntfYNto1hWSqWRPtzvoEu0ugZGt1V5TVpXN61eR4pDhosipJiUi +gDhdBIgS4DMiXYSQJj5P3DarcEJZI6eNaqE6xvcdEm8REPr1zzw/GIAmIcVe2sQ1 +YdkAKwywKH7jfyrHFZ9/Cf7mf4cB7Q851Q4bnf6vFhFq8wHQwBveFDmZIwDfnkcH +fWKTaRy9xKqm/LrAcf6ouPOuyQNBKDNKwVNYQJuLg3FQPZ+6PyyIT8ZIsFs5CO1x +CuJsdQnvElPWD8GWQSCfT4jQaVmSvPJVXnmQhvkpEhrNN4BXxtPGi5srYzeHAanM +um5QwMgMd80KU3me +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIGBzCCA++gAwIBAgIKYRZoNAAAAAAAHDANBgkqhkiG9w0BAQUFADBfMRMwEQYK +CZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MS0wKwYD +VQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcw +NDAzMTI1MzA5WhcNMjEwNDAzMTMwMzA5WjB3MQswCQYDVQQGEwJVUzETMBEGA1UE +CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z +b2Z0IENvcnBvcmF0aW9uMSEwHwYDVQQDExhNaWNyb3NvZnQgVGltZS1TdGFtcCBQ +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfoWyx39tIkip8ay4Z +4b3i48WZUSNQrc7dGE4kD+7Rp9FMrXQwIBHrB9VUlRVJlBtCkq6YXDAm2gBr6Hu9 +7IkHD/cOBJjwicwfyzMkh53y9GccLPx754gd6udOo6HBI1PKjfpFzwnQXq/QsEIE +ovmmbJNn1yjcRlOwhtDlKEYuJ6yGT1VSDOQDLPtqkJAwbofzWTCd+n7Wl7PoIZd+ ++NIT8wi3U21StEWQn0gASkdmEScpZqiX5NMGgUqi+YSnEUcUCYKfhO1VeP4Bmh1Q +CIUAEDBG7bfeI0a7xC1Un68eeEExd8yb3zuDk6FhArUdDbH895uyAc4iS1T/+QXD +wiALAgMBAAGjggGrMIIBpzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQjNPjZ +UkZwCu1A+3b7syuwwzWzDzALBgNVHQ8EBAMCAYYwEAYJKwYBBAGCNxUBBAMCAQAw +gZgGA1UdIwSBkDCBjYAUDqyCYEBWJ5flJRP8KuEKU5VZ5KShY6RhMF8xEzARBgoJ +kiaJk/IsZAEZFgNjb20xGTAXBgoJkiaJk/IsZAEZFgltaWNyb3NvZnQxLTArBgNV +BAMTJE1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eYIQea0WoUqg +pa1Mc1j0BxMuZTBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwOi8vY3JsLm1pY3Jvc29m +dC5jb20vcGtpL2NybC9wcm9kdWN0cy9taWNyb3NvZnRyb290Y2VydC5jcmwwVAYI +KwYBBQUHAQEESDBGMEQGCCsGAQUFBzAChjhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j +b20vcGtpL2NlcnRzL01pY3Jvc29mdFJvb3RDZXJ0LmNydDATBgNVHSUEDDAKBggr +BgEFBQcDCDANBgkqhkiG9w0BAQUFAAOCAgEAEJeKw1wDRDbd6bStd9vOeVFNAbEu +dHFbbQwTq86+e4+4LtQSooxtYrhXAstOIBNQmd16QOJXu69YmhzhHQGGrLt48ovQ +7DsB7uK+jwoFyI1I4vBTFd1Pq5Lk541q1YDB5pTyBi+FA+mRKiQicPv2/OR4mS4N +9wficLwYTp2OawpylbihOZxnLcVRDupiXD8WmIsgP+IHGjL5zDFKdjE9K3ILyOpw +Pf+FChPfwgphjvDXuBfrTot/xTUrXqO/67x9C0J71FNyIe4wyrt4ZVxbARcKFA7S +2hSY9Ty5ZlizLS/n+YWGzFFW6J1wlGysOUzU9nm/qhh6YinvopspNAZ3GmLJPR5t +H4LwC8csu89Ds+X57H2146SodDW4TsVxIxImdgs8UoxxWkZDFLyzs7BNZ8ifQv+A +eSGAnhUwZuhCEl4ayJ4iIdBD6Svpu/RIzCzU2DKATCYqSCRfWupW76bemZ3KOm+9 +gSd0BhHudiG/m4LBJ1S2sWo9iaF2YbRuoROmv6pH8BJv/YoybLL+31HIjCPJZr2d +HYcSZAI9La9Zj7jkIeW1sMpjtHhUBdRBLlCslLCleKuzoJZ1GtmShxN1Ii8yqAhu +oFuMJb+g74TKIdbrHk/Jmu5J4PcBZW+JC33Iacjmbuqnl84xKf8OxVtc2E0bodj6 +L54/LlUWa8kTo/0= +-----END CERTIFICATE----- + +-----BEGIN PKCS7----- +MIMFBwgGCSqGSIb3DQEHAqCDBQb4MIMFBvMCAQExCzAJBgUrDgMCGgUAMIME6+8G +CSsGAQQBgjcKAaCDBOvfMIME69owDAYKKwYBBAGCNwwBAQQQxHDzCEOAZkaD462J +QBJq+hcNMTYwOTEzMTEzOTE5WjAOBgorBgEEAYI3DAECBQAwggc6MIIBzQRSMQBE +ADgANQAyADkANABFAEIARgBGAEMARgBDAEEARABCAEQAMAA3ADYAMQAwADYAMQAx +AEQAQwA4ADUAMQAzADIANAAwADAAQgA2AEYAOAAAADGCAXUwPgYKKwYBBAGCNwwC +ATEwMC4eCABGAGkAbABlAgQQAQABBBxoAHAAZgB4ADYANABnAGUAbgAuAHMAeQBz +AAAAMGIGCisGAQQBgjcMAgIxVDBSHkwAewBDADYAOAA5AEEAQQBCADgALQA4AEUA +NwA4AC0AMQAxAEQAMAAtADgAQwA0ADcALQAwADAAQwAwADQARgBDADIAOQA1AEUA +RQB9AgICADBkBgorBgEEAYI3DAIBMVYwVB4MAE8AUwBBAHQAdAByAgQQAQABBD4y +ADoANgAuADAALAAyADoANgAuADEALAAyADoANgAuADIALAAyADoANgAuADMALAAy +ADoAMQAwAC4AMAAAADBpBgorBgEEAYI3AgEEMVswWTA0BgorBgEEAYI3AgEPMCYD +AgWgoCCiHoAcADwAPAA8AE8AYgBzAG8AbABlAHQAZQA+AD4APjAhMAkGBSsOAwIa +BQAEFB2FKU6//PytvQdhBhHchRMkALb4MIIBzwRSMgAyADIARQA0ADkAOQA0AEUA +QwBDAEYAOQA4ADcANwA1ADQANgA2AEMANwAyADgANAA0ADkAQQA2AEUANwA0AEEA +RgBCADEAQgBGADgAMwAAADGCAXcwQAYKKwYBBAGCNwwCATEyMDAeCABGAGkAbABl +AgQQAQABBB5oAHAAZgB4ADYANABiAHUAbABrAC4AcwB5AHMAAAAwYgYKKwYBBAGC +NwwCAjFUMFIeTAB7AEMANgA4ADkAQQBBAEIAOAAtADgARQA3ADgALQAxADEARAAw +AC0AOABDADQANwAtADAAMABDADAANABGAEMAMgA5ADUARQBFAH0CAgIAMGQGCisG +AQQBgjcMAgExVjBUHgwATwBTAEEAdAB0AHICBBABAAEEPjIAOgA2AC4AMAAsADIA +OgA2AC4AMQAsADIAOgA2AC4AMgAsADIAOgA2AC4AMwAsADIAOgAxADAALgAwAAAA +MGkGCisGAQQBgjcCAQQxWzBZMDQGCisGAQQBgjcCAQ8wJgMCBaCgIKIegBwAPAA8 +ADwATwBiAHMAbwBsAGUAdABlAD4APgA+MCEwCQYFKw4DAhoFAAQUIi5JlOzPmHdU +ZscoRJpudK+xv4MwggHLBFI3AEQAOABFADEAOAAyAEYAQwBGADAAQgA4AEUANgAw +ADMAMgA1ADEAOQBDADYARQAwAEQARgA3ADMANABBADEARgBDADUAQwBGAEUAMgA0 +AAAAMYIBczA8BgorBgEEAYI3DAIBMS4wLB4IAEYAaQBsAGUCBBABAAEEGmgAcABt +AGUAdwBzADAAMgAuAGQAbABsAAAAMGIGCisGAQQBgjcMAgIxVDBSHkwAewBDADYA +OAA5AEEAQQBCADgALQA4AEUANwA4AC0AMQAxAEQAMAAtADgAQwA0ADcALQAwADAA +QwAwADQARgBDADIAOQA1AEUARQB9AgICADBkBgorBgEEAYI3DAIBMVYwVB4MAE8A +UwBBAHQAdAByAgQQAQABBD4yADoANgAuADAALAAyADoANgAuADEALAAyADoANgAu +ADIALAAyADoANgAuADMALAAyADoAMQAwAC4AMAAAADBpBgorBgEEAYI3AgEEMVsw +WTA0BgorBgEEAYI3AgEPMCYDAgWgoCCiHoAcADwAPAA8AE8AYgBzAG8AbABlAHQA +ZQA+AD4APjAhMAkGBSsOAwIaBQAEFH2OGC/PC45gMlGcbg33NKH8XP4kMIIBwwRS +OAAyAEYAOABFADgAMgBFADQAQwAyADYAMQA4ADMANABCADMANAA1ADkAOAAyADUA +NABEADgAMQAwADAAOAA4ADEAQQBCAEQAOAA3ADQAMQAAADGCAWswPAYKKwYBBAGC +NwwCATEuMCweCABGAGkAbABlAgQQAQABBBpoAHAAbQBlAHcAcwAwADIALgBpAG4A +ZgAAADBhBgorBgEEAYI3AgEEMVMwUTAsBgorBgEEAYI3AgEZoh6AHAA8ADwAPABP +AGIAcwBvAGwAZQB0AGUAPgA+AD4wITAJBgUrDgMCGgUABBSC+OguTCYYNLNFmCVN +gQCIGr2HQTBiBgorBgEEAYI3DAICMVQwUh5MAHsARABFADMANQAxAEEANAAyAC0A +OABFADUAOQAtADEAMQBEADAALQA4AEMANAA3AC0AMAAwAEMAMAA0AEYAQwAyADkA +NQBFAEUAfQICAgAwZAYKKwYBBAGCNwwCATFWMFQeDABPAFMAQQB0AHQAcgIEEAEA +AQQ+MgA6ADYALgAwACwAMgA6ADYALgAxACwAMgA6ADYALgAyACwAMgA6ADYALgAz +ACwAMgA6ADEAMAAuADAAAACggwTkWDCDBORTMEoGCisGAQQBgjcMAgEEPDA6HiYA +UQB1AGEAbABpAGYAaQBjAGEAdABpAG8AbgAgAEwAZQB2AGUAbAIEEAEAAQQKNQAw +ADAAMAAAADAkBgorBgEEAYI3DAIBBBYwFB4GAEQAVABDAgQQAQABBAQxAAAAMEQG +CisGAQQBgjcMAgEENjA0HhoAUwB1AGIAbQBpAHMAcwBpAG8AbgAgAEkARAIEEAEA +AQQQMQA4ADkANAAwADUANQAAADCB2wYKKwYBBAGCNwwCAQSBzDCByR4EAE8AUwIE +EAEAAQSBulMAZQByAHYAZQByADIAMAAwADgAWAA2ADQALAA3AFgANgA0ACwAUwBl +AHIAdgBlAHIAMgAwADAAOABSADIAWAA2ADQALAA4AFgANgA0ACwAUwBlAHIAdgBl +AHIAMgAwADEAMgBYADYANAAsAF8AdgA2ADMAXwBYADYANAAsAF8AdgA2ADMAXwBT +AGUAcgB2AGUAcgBfAFgANgA0ACwAXwB2ADEAMAAwAF8AWAA2ADQAXwBSAFMAMQAA +ADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA4ADEAMAIEEAEAAQQ4dQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEAMwAxADcAJgBtAGkAXwAw +ADAAAAAwaAYKKwYBBAGCNwwCAQRaMFgeEABIAFcASQBEADIAOAAwADkCBBABAAEE +PnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGMAMQA3ACYAcgBl +AHYAXwAwADEAMAAwAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAyADgA +MAA4AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQAy +ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAAADBWBgorBgEEAYI3 +DAIBBEgwRh4QAEgAVwBJAEQAMgA4ADAANwIEEAEAAQQsdQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfAGEAMgAxADcAAAAwdAYKKwYBBAGCNwwCAQRmMGQe +EABIAFcASQBEADIAOAAwADYCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA5AGIAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAw +AAAAMFYGCisGAQQBgjcMAgEESDBGHhAASABXAEkARAAyADgAMAA1AgQQAQABBCx1 +AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBiADEANwAAADB0Bgor +BgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMgA4ADAANAIEEAEAAQRKdQBzAGIAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAOQAxADcAJgByAGUAdgBfADAAMQAw +ADAAJgBtAGkAXwAwADAAAAAwVgYKKwYBBAGCNwwCAQRIMEYeEABIAFcASQBEADIA +OAAwADMCBBABAAEELHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5 +ADkAMQA3AAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADgAMAAyAgQQ +AQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQA3ADEAMgAm +AG0AaQBfADAAMgAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMgA4ADAA +MQIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUANwAx +ADIAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAAAAwYgYKKwYBBAGCNwwC +AQRUMFIeEABIAFcASQBEADIAOAAwADACBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA1ADAAMQAyACYAbQBpAF8AMAAyAAAAMHQGCisGAQQB +gjcMAgEEZjBkHhAASABXAEkARAAyADcAOQA5AgQQAQABBEp1AHMAYgBcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAwADEAMgAmAHIAZQB2AF8AMAAxADAAMAAm +AG0AaQBfADAAMgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA3ADkA +OAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQAOQAx +ADIAJgBtAGkAXwAwADEAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADIA +NwA5ADcCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0 +ADkAMQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxAAAAMFYGCisGAQQB +gjcMAgEESDBGHhAASABXAEkARAAyADcAOQA2AgQQAQABBCx1AHMAYgBcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AOQA3ADEANwAAADBoBgorBgEEAYI3DAIBBFow +WB4QAEgAVwBJAEQAMgA3ADkANQIEEAEAAQQ+dQBzAGIAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADkANwAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwVgYKKwYB +BAGCNwwCAQRIMEYeEABIAFcASQBEADIANwA5ADQCBBABAAEELHUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA5ADUAMQA3AAAAMGgGCisGAQQBgjcMAgEE +WjBYHhAASABXAEkARAAyADcAOQAzAgQQAQABBD51AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AOQA1ADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBWBgor +BgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMgA3ADkAMgIEEAEAAQQsdQBzAGIAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkANgAxADcAAAAwaAYKKwYBBAGCNwwC +AQRaMFgeEABIAFcASQBEADIANwA5ADECBBABAAEEPnUAcwBiAFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA5ADYAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMGIG +CisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADcAOQAwAgQQAQABBDh1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgBlADEAMgAmAG0AaQBfADAAMgAA +ADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMgA3ADgAOQIEEAEAAQRKdQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAZQAxADIAJgByAGUAdgBf +ADAAMQAwADAAJgBtAGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcA +SQBEADIANwA4ADgCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwA0ADcAMQAyACYAbQBpAF8AMAAyAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAA +SABXAEkARAAyADcAOAA3AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8ANAA3ADEAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMgAA +ADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA3ADgANgIEEAEAAQQ4dQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAZAAxADIAJgBtAGkAXwAw +ADIAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADIANwA4ADUCBBABAAEE +SnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGQAMQAyACYAcgBl +AHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAA +SABXAEkARAAyADcAOAA0AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8ANAA2ADEAMgAmAG0AaQBfADAAMQAAADB0BgorBgEEAYI3DAIBBGYw +ZB4QAEgAVwBJAEQAMgA3ADgAMwIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADQANgAxADIAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAw +ADEAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIANwA4ADICBBABAAEE +OHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADQAMQAxACYAbQBp +AF8AMAAyAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADcAOAAxAgQQ +AQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAAwADEAMQAm +AG0AaQBfADAAMQAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA3ADgA +MAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcANwAx +ADEAJgBtAGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIA +NwA3ADkCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3 +AGYAMQAxACYAbQBpAF8AMAAxAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkA +RAAyADcANwA4AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8ANwA5ADEAMQAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgA +VwBJAEQAMgA3ADcANwIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADcAMwAxADEAJgBtAGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIe +EABIAFcASQBEADIANwA3ADYCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAyAGIAMQAyACYAbQBpAF8AMAAyAAAAMHQGCisGAQQBgjcMAgEE +ZjBkHhAASABXAEkARAAyADcANwA1AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMgBiADEAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBf +ADAAMgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA3ADcANAIEEAEA +AQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAYwAxADIAJgBt +AGkAXwAwADIAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADIANwA3ADMC +BBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGMAMQAy +ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMGIGCisGAQQBgjcMAgEE +VDBSHhAASABXAEkARAAyADcANwAyAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMgBhADEAMgAmAG0AaQBfADAAMgAAADB0BgorBgEEAYI3 +DAIBBGYwZB4QAEgAVwBJAEQAMgA3ADcAMQIEEAEAAQRKdQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADIAYQAxADIAJgByAGUAdgBfADAAMQAwADAAJgBt +AGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIANwA3ADAC +BBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADMAMQAy +ACYAbQBpAF8AMAAyAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAyADcA +NgA5AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwAz +ADEAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMgAAADB0BgorBgEEAYI3 +DAIBBGYwZB4QAEgAVwBJAEQAMgA3ADYAOAIEEAEAAQRKdQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADQANQAxADIAJgByAGUAdgBfADAAMQAwADAAJgBt +AGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIANwA2ADcC +BBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADUAMQAy +ACYAbQBpAF8AMAAyAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAyADcA +NgA2AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAA0 +ADEAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3 +DAIBBFQwUh4QAEgAVwBJAEQAMgA3ADYANQIEEAEAAQQ4dQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADQANAAxADIAJgBtAGkAXwAwADIAAAAwdAYKKwYB +BAGCNwwCAQRmMGQeEABIAFcASQBEADIANwA2ADQCBBABAAEESnUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADMAMQAyACYAcgBlAHYAXwAwADEAMAAw +ACYAbQBpAF8AMAAxAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADcA +NgAzAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAAz +ADEAMgAmAG0AaQBfADAAMQAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQA +MgA3ADYAMgIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADQAMgAxADIAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADEAAAAwYgYKKwYB +BAGCNwwCAQRUMFIeEABIAFcASQBEADIANwA2ADECBBABAAEEOHUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADIAMQAyACYAbQBpAF8AMAAxAAAAMHQG +CisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAyADcANgAwAgQQAQABBEp1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAAwADEAMgAmAHIAZQB2AF8AMAAx +ADAAMAAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQA +MgA3ADUAOQIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADQAMAAxADIAJgBtAGkAXwAwADIAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcA +SQBEADIANwA1ADgCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwAzADkAMQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMGIG +CisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADcANQA3AgQQAQABBDh1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA5ADEAMgAmAG0AaQBfADAAMgAA +ADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMgA3ADUANgIEEAEAAQRKdQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMAOAAxADIAJgByAGUAdgBf +ADAAMQAwADAAJgBtAGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcA +SQBEADIANwA1ADUCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwAzADgAMQAyACYAbQBpAF8AMAAyAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAA +SABXAEkARAAyADcANQA0AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AMwA2ADEAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMQAA +ADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA3ADUAMwIEEAEAAQQ4dQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMANgAxADIAJgBtAGkAXwAw +ADEAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIANwA1ADICBBABAAEE +OHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADkAMAA0ACYAbQBp +AF8AMAAyAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADcANQAxAgQQ +AQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgBiADEAMQAm +AG0AaQBfADAAMgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA3ADUA +MAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGQAMQAw +ADIAJgBtAGkAXwAwADEAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIA +NwA0ADkCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAy +ADgAMAA0ACYAbQBpAF8AMAAxAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkA +RAAyADcANAA4AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8ANgBmADEAMQAmAG0AaQBfADAAMQAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgA +VwBJAEQAMgA3ADQANwIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADcAMgAxADEAJgBtAGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIe +EABIAFcASQBEADIANwA0ADYCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA3ADEAMQAxACYAbQBpAF8AMAAyAAAAMGIGCisGAQQBgjcMAgEE +VDBSHhAASABXAEkARAAyADcANAA1AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8ANwAwADEAMQAmAG0AaQBfADAAMgAAADB0BgorBgEEAYI3 +DAIBBGYwZB4QAEgAVwBJAEQAMgA3ADQANAIEEAEAAQRKdQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADMAMgAxADIAJgByAGUAdgBfADAAMQAwADAAJgBt +AGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIANwA0ADMC +BBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADIAMQAy +ACYAbQBpAF8AMAAyAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAyADcA +NAAyAgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwAx +ADEAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3 +DAIBBFQwUh4QAEgAVwBJAEQAMgA3ADQAMQIEEAEAAQQ4dQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADMAMQAxADIAJgBtAGkAXwAwADIAAAAwdAYKKwYB +BAGCNwwCAQRmMGQeEABIAFcASQBEADIANwA0ADACBBABAAEESnUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwAzADAAMQAyACYAcgBlAHYAXwAwADEAMAAw +ACYAbQBpAF8AMAAyAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADcA +MwA5AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwAw +ADEAMgAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQA +MgA3ADMAOAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADMANAAxADIAJgBtAGkAXwAwADIAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcA +SQBEADIANwAzADcCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwAzADQAMQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMHQG +CisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAyADcAMwA2AgQQAQABBEp1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA3ADEAMgAmAHIAZQB2AF8AMAAx +ADAAMAAmAG0AaQBfADAAMQAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQA +MgA3ADMANQIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADIANwAxADIAJgBtAGkAXwAwADEAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcA +SQBEADIANwAzADQCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwAyADgAMQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxAAAAMGIG +CisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADcAMwAzAgQQAQABBDh1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA4ADEAMgAmAG0AaQBfADAAMQAA +ADBWBgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMgA3ADMAMgIEEAEAAQQsdQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAYwAxADcAAAAwVgYKKwYB +BAGCNwwCAQRIMEYeEABIAFcASQBEADIANwAzADECBBABAAEELHUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADUAMQA3AAAAMFYGCisGAQQBgjcMAgEE +SDBGHhAASABXAEkARAAyADcAMwAwAgQQAQABBCx1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AOABhADEANwAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgA +VwBJAEQAMgA3ADIAOQIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfAGIAZAAwADIAJgBtAGkAXwAwADEAAAAwYgYKKwYBBAGCNwwCAQRUMFIe +EABIAFcASQBEADIANwAyADgCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAxAGUAMAA0ACYAbQBpAF8AMAAxAAAAMGIGCisGAQQBgjcMAgEE +VDBSHhAASABXAEkARAAyADcAMgA3AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8ANgA3ADEAMQAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3 +DAIBBFQwUh4QAEgAVwBJAEQAMgA3ADIANgIEEAEAAQQ4dQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfAGQAMAAwADIAJgBtAGkAXwAwADEAAAAwYgYKKwYB +BAGCNwwCAQRUMFIeEABIAFcASQBEADIANwAyADUCBBABAAEEOHUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwAyADQAMAA0ACYAbQBpAF8AMAAyAAAAMGIG +CisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADcAMgA0AgQQAQABBDh1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgBjADEAMQAmAG0AaQBfADAAMgAA +ADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA3ADIAMwIEEAEAAQQ4dQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIANQAwADQAJgBtAGkAXwAw +ADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIANwAyADICBBABAAEE +OHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2AGQAMQAxACYAbQBp +AF8AMAAxAAAAMFYGCisGAQQBgjcMAgEESDBGHhAASABXAEkARAAyADcAMgAxAgQQ +AQABBCx1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgBhADEANwAA +ADBWBgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMgA3ADIAMAIEEAEAAQQsdQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIANAAxADcAAAAwVgYKKwYB +BAGCNwwCAQRIMEYeEABIAFcASQBEADIANwAxADkCBBABAAEELHUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwAyADUAMQA3AAAAMFYGCisGAQQBgjcMAgEE +SDBGHhAASABXAEkARAAyADcAMQA4AgQQAQABBCx1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMgBhADEANwAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgA +VwBJAEQAMgA3ADEANwIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADMANQAxADcAJgBtAGkAXwAwADAAAAAwdAYKKwYBBAGCNwwCAQRmMGQe +EABIAFcASQBEADIANwAxADYCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAzADUAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAw +AAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADcAMQA1AgQQAQABBDh1 +AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA0ADEANwAmAG0AaQBf +ADAAMAAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMgA3ADEANAIEEAEA +AQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMANAAxADcAJgBy +AGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIe +EABIAFcASQBEADIANwAxADMCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAzADMAMQA3ACYAbQBpAF8AMAAwAAAAMHQGCisGAQQBgjcMAgEE +ZjBkHhAASABXAEkARAAyADcAMQAyAgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMwAzADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBf +ADAAMAAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA3ADEAMQIEEAEA +AQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMAMgAxADcAJgBt +AGkAXwAwADAAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADIANwAxADAC +BBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADIAMQA3 +ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAwAAAAMFYGCisGAQQBgjcMAgEE +SDBGHhAASABXAEkARAAyADcAMAA5AgQQAQABBCx1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AOAAxADEANwAAADBoBgorBgEEAYI3DAIBBFowWB4QAEgA +VwBJAEQAMgA3ADAAOAIEEAEAAQQ+dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADgAMQAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwVgYKKwYBBAGCNwwC +AQRIMEYeEABIAFcASQBEADIANwAwADcCBBABAAEELHUAcwBiAFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA4ADAAMQA3AAAAMGgGCisGAQQBgjcMAgEEWjBYHhAA +SABXAEkARAAyADcAMAA2AgQQAQABBD51AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AOAAwADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBWBgorBgEEAYI3 +DAIBBEgwRh4QAEgAVwBJAEQAMgA3ADAANQIEEAEAAQQsdQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADgAMgAxADcAAAAwaAYKKwYBBAGCNwwCAQRaMFge +EABIAFcASQBEADIANwAwADQCBBABAAEEPnUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA4ADIAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMFYGCisGAQQB +gjcMAgEESDBGHhAASABXAEkARAAyADcAMAAzAgQQAQABBCx1AHMAYgBcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AOAA5ADEANwAAADBoBgorBgEEAYI3DAIBBFow +WB4QAEgAVwBJAEQAMgA3ADAAMgIEEAEAAQQ+dQBzAGIAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADgAOQAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwYgYKKwYB +BAGCNwwCAQRUMFIeEABIAFcASQBEADIANwAwADECBBABAAEEOHUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA2ADYAMQAxACYAbQBpAF8AMAAyAAAAMGIG +CisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADcAMAAwAgQQAQABBDh1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA3ADAAMgAmAG0AaQBfADAAMQAA +ADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA2ADkAOQIEEAEAAQQ4dQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYANQAxADEAJgBtAGkAXwAw +ADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIANgA5ADgCBBABAAEE +OHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADYAMAAyACYAbQBp +AF8AMAAxAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADYAOQA3AgQQ +AQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQBlADEAMQAm +AG0AaQBfADAAMQAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA2ADkA +NgIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAOQAw +ADIAJgBtAGkAXwAwADEAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIA +NgA5ADUCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1 +AGQAMQAxACYAbQBpAF8AMAAyAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkA +RAAyADYAOQA0AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8ANgA0ADEAMQAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgA +VwBJAEQAMgA2ADkAMwIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADYAYQAxADEAJgBtAGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIe +EABIAFcASQBEADIANgA5ADICBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA2ADkAMQAxACYAbQBpAF8AMAAxAAAAMGIGCisGAQQBgjcMAgEE +VDBSHhAASABXAEkARAAyADYAOQAxAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8ANgA4ADEAMQAmAG0AaQBfADAAMQAAADBiBgorBgEEAYI3 +DAIBBFQwUh4QAEgAVwBJAEQAMgA2ADkAMAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADIANwAwADQAJgBtAGkAXwAwADIAAAAwYgYKKwYB +BAGCNwwCAQRUMFIeEABIAFcASQBEADIANgA4ADkCBBABAAEEOHUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA3AGUAMAA0ACYAbQBpAF8AMAAyAAAAMGIG +CisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADYAOAA4AgQQAQABBDh1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBkADAANAAmAG0AaQBfADAAMgAA +ADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA2ADgANwIEEAEAAQQ4dQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUAYwAxADEAJgBtAGkAXwAw +ADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIANgA4ADYCBBABAAEE +OHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGYAMAAyACYAbQBp +AF8AMAAyAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADYAOAA1AgQQ +AQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBlADAAMgAm +AG0AaQBfADAAMQAAADBWBgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMgA2ADgA +NAIEEAEAAQQsdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAOAAx +ADcAAAAwVgYKKwYBBAGCNwwCAQRIMEYeEABIAFcASQBEADIANgA4ADMCBBABAAEE +LHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADcAMQA3AAAAMFYG +CisGAQQBgjcMAgEESDBGHhAASABXAEkARAAyADYAOAAyAgQQAQABBCx1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOABkADEANwAAADBoBgorBgEEAYI3 +DAIBBFowWB4QAEgAVwBJAEQAMgA2ADgAMQIEEAEAAQQ+dQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADgAZAAxADcAJgByAGUAdgBfADAAMQAwADAAAAAw +VgYKKwYBBAGCNwwCAQRIMEYeEABIAFcASQBEADIANgA4ADACBBABAAEELHUAcwBi +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3AGMAMQA3AAAAMGgGCisGAQQB +gjcMAgEEWjBYHhAASABXAEkARAAyADYANwA5AgQQAQABBD51AHMAYgBcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBjADEANwAmAHIAZQB2AF8AMAAxADAAMAAA +ADBWBgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMgA2ADcAOAIEEAEAAQQsdQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYAZgAxADcAAAAwaAYKKwYB +BAGCNwwCAQRaMFgeEABIAFcASQBEADIANgA3ADcCBBABAAEEPnUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA2AGYAMQA3ACYAcgBlAHYAXwAwADEAMAAw +AAAAMFYGCisGAQQBgjcMAgEESDBGHhAASABXAEkARAAyADYANwA2AgQQAQABBCx1 +AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAA0ADEANwAAADBoBgor +BgEEAYI3DAIBBFowWB4QAEgAVwBJAEQAMgA2ADcANQIEEAEAAQQ+dQBzAGIAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgANAAxADcAJgByAGUAdgBfADAAMQAw +ADAAAAAwVgYKKwYBBAGCNwwCAQRIMEYeEABIAFcASQBEADIANgA3ADQCBBABAAEE +LHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADMAMQA3AAAAMGgG +CisGAQQBgjcMAgEEWjBYHhAASABXAEkARAAyADYANwAzAgQQAQABBD51AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAAzADEANwAmAHIAZQB2AF8AMAAx +ADAAMAAAADBWBgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMgA2ADcAMgIEEAEA +AQQsdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAMQAxADcAAAAw +aAYKKwYBBAGCNwwCAQRaMFgeEABIAFcASQBEADIANgA3ADECBBABAAEEPnUAcwBi +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADEAMQA3ACYAcgBlAHYAXwAw +ADEAMAAwAAAAMFYGCisGAQQBgjcMAgEESDBGHhAASABXAEkARAAyADYANwAwAgQQ +AQABBCx1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwA3ADEANwAA +ADBoBgorBgEEAYI3DAIBBFowWB4QAEgAVwBJAEQAMgA2ADYAOQIEEAEAAQQ+dQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcANwAxADcAJgByAGUAdgBf +ADAAMQAwADAAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADIANgA2ADgC +BBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADgAMQA3 +ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAwAAAAMHQGCisGAQQBgjcMAgEE +ZjBkHhAASABXAEkARAAyADYANgA3AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMgA3ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBf +ADAAMAAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMgA2ADYANgIEEAEA +AQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIANgAxADcAJgBy +AGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAAAAAwVgYKKwYBBAGCNwwCAQRIMEYe +EABIAFcASQBEADIANgA2ADUCBBABAAEELHUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA3ADgAMQA3AAAAMGgGCisGAQQBgjcMAgEEWjBYHhAASABXAEkA +RAAyADYANgA0AgQQAQABBD51AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8ANwA4ADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBWBgorBgEEAYI3DAIBBEgw +Rh4QAEgAVwBJAEQAMgA2ADYAMwIEEAEAAQQsdQBzAGIAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADcAZAAxADcAAAAwaAYKKwYBBAGCNwwCAQRaMFgeEABIAFcA +SQBEADIANgA2ADICBBABAAEEPnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwA3AGQAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMFYGCisGAQQBgjcMAgEE +SDBGHhAASABXAEkARAAyADYANgAxAgQQAQABBCx1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8ANwBiADEANwAAADBoBgorBgEEAYI3DAIBBFowWB4QAEgA +VwBJAEQAMgA2ADYAMAIEEAEAAQQ+dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADcAYgAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwVgYKKwYBBAGCNwwC +AQRIMEYeEABIAFcASQBEADIANgA1ADkCBBABAAEELHUAcwBiAFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA3ADQAMQA3AAAAMGgGCisGAQQBgjcMAgEEWjBYHhAA +SABXAEkARAAyADYANQA4AgQQAQABBD51AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8ANwA0ADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBWBgorBgEEAYI3 +DAIBBEgwRh4QAEgAVwBJAEQAMgA2ADUANwIEEAEAAQQsdQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADcAYQAxADcAAAAwaAYKKwYBBAGCNwwCAQRaMFge +EABIAFcASQBEADIANgA1ADYCBBABAAEEPnUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA3AGEAMQA3ACYAcgBlAHYAXwAwADQAMAAwAAAAMFYGCisGAQQB +gjcMAgEESDBGHhAASABXAEkARAAyADYANQA1AgQQAQABBCx1AHMAYgBcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8ANwA1ADEANwAAADBoBgorBgEEAYI3DAIBBFow +WB4QAEgAVwBJAEQAMgA2ADUANAIEEAEAAQQ+dQBzAGIAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADcANQAxADcAJgByAGUAdgBfADAANAAwADAAAAAwVgYKKwYB +BAGCNwwCAQRIMEYeEABIAFcASQBEADIANgA1ADMCBBABAAEELHUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADkAMQA3AAAAMGgGCisGAQQBgjcMAgEE +WjBYHhAASABXAEkARAAyADYANQAyAgQQAQABBD51AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8ANwA5ADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBWBgor +BgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMgA2ADUAMQIEEAEAAQQsdQBzAGIAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAMgAxADcAAAAwaAYKKwYBBAGCNwwC +AQRaMFgeEABIAFcASQBEADIANgA1ADACBBABAAEEPnUAcwBiAFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA3ADIAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMFYG +CisGAQQBgjcMAgEESDBGHhAASABXAEkARAAyADYANAA5AgQQAQABBCx1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwA2ADEANwAAADBWBgorBgEEAYI3 +DAIBBEgwRh4QAEgAVwBJAEQAMgA2ADQAOAIEEAEAAQQsdQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADcAMwAxADcAAAAwVgYKKwYBBAGCNwwCAQRIMEYe +EABIAFcASQBEADIANgA0ADcCBBABAAEELHUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA2ADYAMQA3AAAAMFYGCisGAQQBgjcMAgEESDBGHhAASABXAEkA +RAAyADYANAA2AgQQAQABBCx1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8ANgA0ADEANwAAADBWBgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMgA2ADQA +NQIEEAEAAQQsdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAOQAx +ADcAAAAwVgYKKwYBBAGCNwwCAQRIMEYeEABIAFcASQBEADIANgA0ADQCBBABAAEE +LHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADgAMQA3AAAAMFYG +CisGAQQBgjcMAgEESDBGHhAASABXAEkARAAyADYANAAzAgQQAQABBCx1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQA3ADEANwAAADBWBgorBgEEAYI3 +DAIBBEgwRh4QAEgAVwBJAEQAMgA2ADQAMgIEEAEAAQQsdQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADEANgAxADcAAAAwVgYKKwYBBAGCNwwCAQRIMEYe +EABIAFcASQBEADIANgA0ADECBBABAAEELHUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAyADMAMQA3AAAAMFYGCisGAQQBgjcMAgEESDBGHhAASABXAEkA +RAAyADYANAAwAgQQAQABBCx1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8ANgAzADEANwAAADBWBgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMgA2ADMA +OQIEEAEAAQQsdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYAMgAx +ADcAAAAwVgYKKwYBBAGCNwwCAQRIMEYeEABIAFcASQBEADIANgAzADgCBBABAAEE +LHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGQAMQA3AAAAMFYG +CisGAQQBgjcMAgEESDBGHhAASABXAEkARAAyADYAMwA3AgQQAQABBCx1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA5ADEANwAAADBWBgorBgEEAYI3 +DAIBBEgwRh4QAEgAVwBJAEQAMgA2ADMANgIEEAEAAQQsdQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADEAYwAxADcAAAAwVgYKKwYBBAGCNwwCAQRIMEYe +EABIAFcASQBEADIANgAzADUCBBABAAEELHUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAxAGYAMQA3AAAAMFYGCisGAQQBgjcMAgEESDBGHhAASABXAEkA +RAAyADYAMwA0AgQQAQABBCx1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8ANgA5ADEANwAAADBoBgorBgEEAYI3DAIBBFowWB4QAEgAVwBJAEQAMgA2ADMA +MwIEEAEAAQQ+dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYAOQAx +ADcAJgByAGUAdgBfADAAMQAwADAAAAAwVgYKKwYBBAGCNwwCAQRIMEYeEABIAFcA +SQBEADIANgAzADICBBABAAEELHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwA2ADcAMQA3AAAAMGgGCisGAQQBgjcMAgEEWjBYHhAASABXAEkARAAyADYA +MwAxAgQQAQABBD51AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgA3 +ADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBWBgorBgEEAYI3DAIBBEgwRh4QAEgA +VwBJAEQAMgA2ADMAMAIEEAEAAQQsdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADYAOAAxADcAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADIA +NgAyADkCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBj +ADgAMAAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxAAAAMGIGCisGAQQB +gjcMAgEEVDBSHhAASABXAEkARAAyADYAMgA4AgQQAQABBDh1AHMAYgBcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AYwA4ADAAMgAmAG0AaQBfADAAMQAAADB0Bgor +BgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMgA2ADIANwIEEAEAAQRKdQBzAGIAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUAYgAxADEAJgByAGUAdgBfADAAMQAw +ADAAJgBtAGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIA +NgAyADYCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1 +AGIAMQAxACYAbQBpAF8AMAAyAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkA +RAAyADYAMgA1AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8AMgA1ADEAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMgAAADBiBgor +BgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA2ADIANAIEEAEAAQQ4dQBzAGIAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIANQAxADIAJgBtAGkAXwAwADIAAAAw +dAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADIANgAyADMCBBABAAEESnUAcwBi +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGYAMQAyACYAcgBlAHYAXwAw +ADEAMAAwACYAbQBpAF8AMAAxAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkA +RAAyADYAMgAyAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8AMQBmADEAMgAmAG0AaQBfADAAMQAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgA +VwBJAEQAMgA2ADIAMQIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADIAMwAxADIAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAAAAw +YgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIANgAyADACBBABAAEEOHUAcwBi +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADMAMQAyACYAbQBpAF8AMAAy +AAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAyADYAMQA5AgQQAQABBEp1 +AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgAyADEAMgAmAHIAZQB2 +AF8AMAAxADAAMAAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgA +VwBJAEQAMgA2ADEAOAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADIAMgAxADIAJgBtAGkAXwAwADIAAAAwdAYKKwYBBAGCNwwCAQRmMGQe +EABIAFcASQBEADIANgAxADcCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAyADEAMQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAy +AAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADYAMQA2AgQQAQABBDh1 +AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgAxADEAMgAmAG0AaQBf +ADAAMgAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMgA2ADEANQIEEAEA +AQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAMAAxADIAJgBy +AGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADEAAAAwYgYKKwYBBAGCNwwCAQRUMFIe +EABIAFcASQBEADIANgAxADQCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAyADAAMQAyACYAbQBpAF8AMAAxAAAAMGIGCisGAQQBgjcMAgEE +VDBSHhAASABXAEkARAAyADYAMQAzAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8ANQA2ADEAMQAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3 +DAIBBFQwUh4QAEgAVwBJAEQAMgA2ADEAMgIEEAEAAQQ4dQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADUAOQAxADEAJgBtAGkAXwAwADIAAAAwYgYKKwYB +BAGCNwwCAQRUMFIeEABIAFcASQBEADIANgAxADECBBABAAEEOHUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA1AGEAMQAxACYAbQBpAF8AMAAyAAAAMGIG +CisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADYAMQAwAgQQAQABBDh1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQA4ADEAMQAmAG0AaQBfADAAMgAA +ADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA2ADAAOQIEEAEAAQQ4dQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUANwAxADEAJgBtAGkAXwAw +ADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIANgAwADgCBBABAAEE +OHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBjADQAMAAyACYAbQBp +AF8AMAAxAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADYAMAA3AgQQ +AQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYwA2ADAAMgAm +AG0AaQBfADAAMQAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA2ADAA +NgIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGMANQAw +ADIAJgBtAGkAXwAwADEAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIA +NgAwADUCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBj +ADcAMAAyACYAbQBpAF8AMAAxAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkA +RAAyADYAMAA0AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8AMQA5ADAAMgAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgA +VwBJAEQAMgA2ADAAMwIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADEAZAAwADIAJgBtAGkAXwAwADEAAAAwYgYKKwYBBAGCNwwCAQRUMFIe +EABIAFcASQBEADIANgAwADICBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAxAGEAMAAyACYAbQBpAF8AMAAxAAAAMGIGCisGAQQBgjcMAgEE +VDBSHhAASABXAEkARAAyADYAMAAxAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMQBiADAAMgAmAG0AaQBfADAAMQAAADBiBgorBgEEAYI3 +DAIBBFQwUh4QAEgAVwBJAEQAMgA2ADAAMAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADEAYwAwADIAJgBtAGkAXwAwADEAAAAwYgYKKwYB +BAGCNwwCAQRUMFIeEABIAFcASQBEADIANQA5ADkCBBABAAEEOHUAcwBiAFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADUAMQAxACYAbQBpAF8AMAAyAAAAMGIG +CisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADUAOQA4AgQQAQABBDh1AHMAYgBc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQA0ADEAMQAmAG0AaQBfADAAMgAA +ADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA1ADkANwIEEAEAAQQ4dQBz +AGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUAMwAxADEAJgBtAGkAXwAw +ADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIANQA5ADYCBBABAAEE +OHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADIAMQAxACYAbQBp +AF8AMAAyAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAyADUAOQA1AgQQ +AQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAxADEAMQAm +AG0AaQBfADAAMgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMgA1ADkA +NAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUAMAAx +ADEAJgBtAGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIA +NQA5ADMCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0 +AGUAMQAxACYAbQBpAF8AMAAyAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkA +RAAyADUAOQAyAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8AOAA5ADAANAAmAG0AaQBfADAAMQAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgA +VwBJAEQAMgA1ADkAMQIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADgAOAAwADQAJgBtAGkAXwAwADEAAAAwbgYKKwYBBAGCNwwCAQRgMF4e +EABIAFcASQBEADIANQA5ADACBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3 +AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAG8AZgA1ADgAOABhAAAAMG4G +CisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUAOAA5AgQQAQABBER1AHMAYgBw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBj +AG8AZgBkAGEAZQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADgA +OAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBj +AGsAYQByAGQAaABwAF8AbABhADEANwBmADkAAAAwbgYKKwYBBAGCNwwCAQRgMF4e +EABIAFcASQBEADIANQA4ADcCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3 +AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkADcAMwA4AAAAMG4G +CisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUAOAA2AgQQAQABBER1AHMAYgBw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAZAA2ADcAOAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADgA +NQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBy +AGsAYQByAGQAaABwAF8AbABhADMAYQA1ADYAAAAwagYKKwYBBAGCNwwCAQRcMFoe +EABIAFcASQBEADIANQA4ADQCBBABAAEEQGQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfAGEAMwAxADcAJgBtAGkAXwAwADAAAAAwfAYKKwYB +BAGCNwwCAQRuMGweEABIAFcASQBEADIANQA4ADMCBBABAAEEUmQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEAMwAxADcAJgByAGUAdgBf +ADAAMQAwADAAJgBtAGkAXwAwADAAAAAwagYKKwYBBAGCNwwCAQRcMFoeEABIAFcA +SQBEADIANQA4ADICBBABAAEEQGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADkAYwAxADcAJgBtAGkAXwAwADAAAAAwfAYKKwYBBAGCNwwC +AQRuMGweEABIAFcASQBEADIANQA4ADECBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAYwAxADcAJgByAGUAdgBfADAAMQAw +ADAAJgBtAGkAXwAwADAAAAAwfAYKKwYBBAGCNwwCAQRuMGweEABIAFcASQBEADIA +NQA4ADACBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfAGEAMgAxADcAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAAAAAw +bgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADIANQA3ADkCBBABAAEERHUAcwBi +AHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABf +AGMAbwBmAGIAYQBiAAAAMHwGCisGAQQBgjcMAgEEbjBsHhAASABXAEkARAAyADUA +NwA4AgQQAQABBFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwA5AGIAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAwAAAAMG4G +CisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUANwA3AgQQAQABBER1AHMAYgBw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBj +AG8ANgAyADgANwAAADB8BgorBgEEAYI3DAIBBG4wbB4QAEgAVwBJAEQAMgA1ADcA +NgIEEAEAAQRSZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8AOQA5ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAAADBuBgor +BgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADcANQIEEAEAAQREdQBzAGIAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBv +AGYAYQA3ADcAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADIANQA3ADQC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGMAbwBiAGEAOAA2AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAA +SABXAEkARAAyADUANwAzAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AOABhADgANAAAADBuBgor +BgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADcAMgIEEAEAAQREdQBzAGIAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBv +ADEAYQA4ADUAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADIANQA3ADEC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQA5ADgANgAyAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAA +SABXAEkARAAyADUANwAwAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMQBkADgAOQAAADBuBgor +BgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADYAOQIEEAEAAQREdQBzAGIAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABh +ADgAOAAwADAAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADIANQA2ADgC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGMAbwA4AGUAOQAzAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAA +SABXAEkARAAyADUANgA3AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AOQBlADgAMwAAADBuBgor +BgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADYANgIEEAEAAQREdQBzAGIAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABh +ADMANgA5ADYAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADIANQA2ADUC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQA5ADcAMwBiAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAA +SABXAEkARAAyADUANgA0AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANQA3AGYAYQAAADBuBgor +BgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADYAMwIEEAEAAQREdQBzAGIAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABh +ADUAMwBiAGEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADIANQA2ADIC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQA5ADMANwBiAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAA +SABXAEkARAAyADUANgAxAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAOQAyADMAYgAAADBuBgor +BgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADYAMAIEEAEAAQREdQBzAGIAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABh +ADUAMgBmAGEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADIANQA1ADkC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQA5ADAAYgBiAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAA +SABXAEkARAAyADUANQA4AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANQAwADcAYQAAADBuBgor +BgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADUANwIEEAEAAQREdQBzAGIAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABh +ADUAMQAzAGEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADIANQA1ADYC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGMAbwA5ADQAYQAyAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAA +SABXAEkARAAyADUANQA1AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AYwA0ADUAYwAAADBuBgor +BgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADUANAIEEAEAAQREdQBzAGIAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBv +ADIAMwBhADMAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADIANQA1ADMC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQAzADgAZABjAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAA +SABXAEkARAAyADUANQAyAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZQA5AGQAZAAAADBuBgor +BgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADUAMQIEEAEAAQREdQBzAGIAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBt +ADEAMgBlAGUAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADIANQA1ADAC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGMAbQAyADEAYQBhAAAAMHAGCisGAQQBgjcMAgEEYjBgHhAA +SABXAEkARAAyADUANAA5AgQQAQABBEZkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwAxAGMAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMF4G +CisGAQQBgjcMAgEEUDBOHhAASABXAEkARAAyADUANAA4AgQQAQABBDRkAG8AdAA0 +AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGMAMQA3AAAAMG4G +CisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUANAA3AgQQAQABBER1AHMAYgBw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBj +AG8ANgA1ADAAYQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADQA +NgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBj +AGsAYQByAGQAaABwAF8AbABhADAAYwBhADUAAAAwbgYKKwYBBAGCNwwCAQRgMF4e +EABIAFcASQBEADIANQA0ADUCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3 +AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBhAGUAMgBiAAAAMG4G +CisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUANAA0AgQQAQABBER1AHMAYgBw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAYQBkADEAZQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADQA +MwIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBj +AGsAYQByAGQAaABwAF8AbABhADYAZgA1AGYAAAAwbgYKKwYBBAGCNwwCAQRgMF4e +EABIAFcASQBEADIANQA0ADICBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3 +AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBhAGUAZABlAAAAMG4G +CisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUANAAxAgQQAQABBER1AHMAYgBw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAMgA3AGIAYgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADQA +MAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBj +AGsAYQByAGQAaABwAF8AbABhADIANgBhAGIAAAAwbgYKKwYBBAGCNwwCAQRgMF4e +EABIAFcASQBEADIANQAzADkCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3 +AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBlADcANwBhAAAAMG4G +CisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUAMwA4AgQQAQABBER1AHMAYgBw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAZABhAGIANwAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMgA1ADMA +NwIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8AMgA0ADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBuBgorBgEEAYI3DAIBBGAw +Xh4QAEgAVwBJAEQAMgA1ADMANgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADEAYQBlADYAAAAw +cAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADIANQAzADUCBBABAAEERmQAbwB0 +ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYAYQAxADcAJgBy +AGUAdgBfADAAMQAwADAAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADIA +NQAzADQCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAGwAYQA4AGEAZQA3AAAAMG4GCisGAQQBgjcMAgEE +YDBeHhAASABXAEkARAAyADUAMwAzAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AYwA4AGUAYgAA +ADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMgA1ADMAMgIEEAEAAQREdQBz +AGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AbABhAGEAMwAwADQAAAAwXgYKKwYBBAGCNwwCAQRQME4eEABIAFcASQBEADIA +NQAzADECBBABAAEENGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADgAOQAxADcAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADIA +NQAzADACBBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADgAOQAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwbgYKKwYBBAGCNwwC +AQRgMF4eEABIAFcASQBEADIANQAyADkCBBABAAEERHUAcwBiAHAAcgBpAG4AdABc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA0AGMAOQA0 +AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUAMgA4AgQQAQABBER1 +AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBsAGEAYwAyAGYAYgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQA +MgA1ADIANwIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AbABhADAAMgAzAGEAAAAwbgYKKwYBBAGCNwwC +AQRgMF4eEABIAFcASQBEADIANQAyADYCBBABAAEERHUAcwBiAHAAcgBpAG4AdABc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAxADQAYgA2 +AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUAMgA1AgQQAQABBER1 +AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBsAGEAYgA2ADcAYwAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQA +MgA1ADIANAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADIAZgBmAGEAAAAwbgYKKwYBBAGCNwwC +AQRgMF4eEABIAFcASQBEADIANQAyADMCBBABAAEERHUAcwBiAHAAcgBpAG4AdABc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBmADEAYgA0 +AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUAMgAyAgQQAQABBER1 +AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBjAG8AOQA5ADQAZAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQA +MgA1ADIAMQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGUAYwA1AGMAAAAwbgYKKwYBBAGCNwwC +AQRgMF4eEABIAFcASQBEADIANQAyADACBBABAAEERHUAcwBiAHAAcgBpAG4AdABc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwAzADUANQA0 +AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUAMQA5AgQQAQABBER1 +AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBsAGEANgAxADkAYgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQA +MgA1ADEAOAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGIAYQAxADAAAAAwbgYKKwYBBAGCNwwC +AQRgMF4eEABIAFcASQBEADIANQAxADcCBBABAAEERHUAcwBiAHAAcgBpAG4AdABc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA2AGIAMQAx +AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUAMQA2AgQQAQABBER1 +AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBsAGEAOQAwADkAMAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQA +MgA1ADEANQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGUAMQBlADkAAAAwbgYKKwYBBAGCNwwC +AQRgMF4eEABIAFcASQBEADIANQAxADQCBBABAAEERHUAcwBiAHAAcgBpAG4AdABc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA4ADYANgA1 +AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAyADUAMQAzAgQQAQABBER1 +AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBjAG8AOAA3ADgANQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQA +MgA1ADEAMgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADQANQAwADQAAAAwgYQGCisGAQQBgjcM +AgEEdjB0HhAASABXAEkARAAyADUAMQAxAgQQAQABBFpkAG8AdAA0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQAZQBiAGYAJgBkAG8A +dAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABI +AFcASQBEADIANQAxADACBBABAAEERmQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAZABlAGIAZgAmAGQAbwB0ADQAAAAwegYK +KwYBBAGCNwwCAQRsMGoeEABIAFcASQBEADIANQAwADkCBBABAAEEUGQAbwB0ADQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZABlAGIA +ZgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGWBgorBgEEAYI3DAIBBIGHMIGEHhAA +SABXAEkARAAyADUAMAA4AgQQAQABBGpkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA0ADMAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAw +ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGCBgorBgEEAYI3DAIB +BHQwch4QAEgAVwBJAEQAMgA1ADAANwIEEAEAAQRYZABvAHQANABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8ANAAzADIAYQAmAG0AaQBfADAAMAAmAGQAbwB0ADQA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADB2BgorBgEEAYI3DAIBBGgwZh4QAEgAVwBJ +AEQAMgA1ADAANgIEEAEAAQRMZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8ANAAzADIAYQAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCB +iAYKKwYBBAGCNwwCAQR6MHgeEABIAFcASQBEADIANQAwADUCBBABAAEEXmQAbwB0 +ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQAMwAyAGEAJgByAGUAdgBf +ADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYB +BAGCNwwCAQReMFweEABIAFcASQBEADIANQAwADQCBBABAAEEQmQAbwB0ADQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQAMwAyAGEAJgBwAHIAaQBuAHQAXwBo +AHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMgA1ADAAMwIEEAEA +AQRGaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQAZQBi +AGYAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYKKwYBBAGCNwwCAQR2MHQeEABI +AFcASQBEADIANQAwADICBBABAAEEWmQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAA3ADYAMAAmAGQAbwB0ADQAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMgA1 +ADAAMQIEEAEAAQRGZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQBkADcANgAwACYAZABvAHQANAAAADB6BgorBgEEAYI3DAIB +BGwwah4QAEgAVwBJAEQAMgA1ADAAMAIEEAEAAQRQZABvAHQANABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkADcANgAwACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwgZYGCisGAQQBgjcMAgEEgYcwgYQeEABIAFcASQBEADIA +NAA5ADkCBBABAAEEamQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADIAOAAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAAJgBkAG8AdAA0 +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYIGCisGAQQBgjcMAgEEdDByHhAASABX +AEkARAAyADQAOQA4AgQQAQABBFhkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAyADgAMgBhACYAbQBpAF8AMAAwACYAZABvAHQANAAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMHYGCisGAQQBgjcMAgEEaDBmHhAASABXAEkARAAyADQAOQA3 +AgQQAQABBExkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADgA +MgBhACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGIBgorBgEEAYI3 +DAIBBHoweB4QAEgAVwBJAEQAMgA0ADkANgIEEAEAAQReZABvAHQANABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA4ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAm +AGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4w +XB4QAEgAVwBJAEQAMgA0ADkANQIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMgA4ADIAYQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAG +CisGAQQBgjcMAgEEYjBgHhAASABXAEkARAAyADQAOQA0AgQQAQABBEZoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAA3ADYAMAAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMIGEBgorBgEEAYI3DAIBBHYwdB4QAEgAVwBJAEQAMgA0 +ADkAMwIEEAEAAQRaZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwBmAGQAMwBlACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHhAASABXAEkARAAyADQAOQAyAgQQAQAB +BEZkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvAGYAZAAzAGUAJgBkAG8AdAA0AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABX +AEkARAAyADQAOQAxAgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AYwBvAGYAZAAzAGUAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADCBlgYKKwYBBAGCNwwCAQSBhzCBhB4QAEgAVwBJAEQAMgA0ADkAMAIEEAEA +AQRqZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBhADIAYQAm +AHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0MHIeEABIAFcASQBEADIANAA4 +ADkCBBABAAEEWGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEA +YQAyAGEAJgBtAGkAXwAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwdgYKKwYBBAGCNwwCAQRoMGYeEABIAFcASQBEADIANAA4ADgCBBABAAEETGQA +bwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAYQAyAGEAJgBkAG8A +dAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYgGCisGAQQBgjcMAgEEejB4HhAA +SABXAEkARAAyADQAOAA3AgQQAQABBF5kAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAxAGEAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAZABvAHQANAAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkA +RAAyADQAOAA2AgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwAxAGEAMgBhACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwC +AQRiMGAeEABIAFcASQBEADIANAA4ADUCBBABAAEERmgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAGMAbwBmAGQAMwBlACYAcAByAGkAbgB0AF8AaABw +AHoAAAAwgYQGCisGAQQBgjcMAgEEdjB0HhAASABXAEkARAAyADQAOAA0AgQQAQAB +BFpkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADcAMABjADYAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYK +KwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADIANAA4ADMCBBABAAEERmQAbwB0ADQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8ANwAwAGMA +NgAmAGQAbwB0ADQAAAAwegYKKwYBBAGCNwwCAQRsMGoeEABIAFcASQBEADIANAA4 +ADICBBABAAEEUGQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBjAG8ANwAwAGMANgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGWBgor +BgEEAYI3DAIBBIGHMIGEHhAASABXAEkARAAyADQAOAAxAgQQAQABBGpkAG8AdAA0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADQAMgBhACYAcgBlAHYAXwAw +ADEAMAAwACYAbQBpAF8AMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMIGCBgorBgEEAYI3DAIBBHQwch4QAEgAVwBJAEQAMgA0ADgAMAIEEAEAAQRY +ZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAA0ADIAYQAmAG0A +aQBfADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB2BgorBgEE +AYI3DAIBBGgwZh4QAEgAVwBJAEQAMgA0ADcAOQIEEAEAAQRMZABvAHQANABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAA0ADIAYQAmAGQAbwB0ADQAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADCBiAYKKwYBBAGCNwwCAQR6MHgeEABIAFcASQBEADIA +NAA3ADgCBBABAAEEXmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADQANAAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0 +AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADIANAA3ADcC +BBABAAEEQmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQANAAy +AGEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgA +VwBJAEQAMgA0ADcANgIEEAEAAQRGaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQBy +AGQAaABwAF8AYwBvADcAMABjADYAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYK +KwYBBAGCNwwCAQR2MHQeEABIAFcASQBEADIANAA3ADUCBBABAAEEWmQAbwB0ADQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AOQBmAGYA +YwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIB +BGIwYB4QAEgAVwBJAEQAMgA0ADcANAIEEAEAAQRGZABvAHQANABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA5AGYAZgBjACYAZABvAHQA +NAAAADB6BgorBgEEAYI3DAIBBGwwah4QAEgAVwBJAEQAMgA0ADcAMwIEEAEAAQRQ +ZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMA +bwA5AGYAZgBjACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgZYGCisGAQQBgjcMAgEE +gYcwgYQeEABIAFcASQBEADIANAA3ADICBBABAAEEamQAbwB0ADQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADEAYgAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBt +AGkAXwAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYIGCisG +AQQBgjcMAgEEdDByHhAASABXAEkARAAyADQANwAxAgQQAQABBFhkAG8AdAA0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGIAMgBhACYAbQBpAF8AMAAwACYA +ZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHYGCisGAQQBgjcMAgEEaDBm +HhAASABXAEkARAAyADQANwAwAgQQAQABBExkAG8AdAA0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwAxAGIAMgBhACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMIGIBgorBgEEAYI3DAIBBHoweB4QAEgAVwBJAEQAMgA0ADYAOQIEEAEA +AQReZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBiADIAYQAm +AHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgA0ADYAOAIEEAEAAQRCZABv +AHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBiADIAYQAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHhAASABXAEkARAAyADQA +NgA3AgQQAQABBEZoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBj +AG8AOQBmAGYAYwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGEBgorBgEEAYI3DAIB +BHYwdB4QAEgAVwBJAEQAMgA0ADYANgIEEAEAAQRaZABvAHQANABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAG8AZgA1ADgAOABhACYAZABvAHQA +NAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHhAASABX +AEkARAAyADQANgA1AgQQAQABBEZkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbwBmADUAOAA4AGEAJgBkAG8AdAA0AAAAMHoGCisG +AQQBgjcMAgEEbDBqHhAASABXAEkARAAyADQANgA0AgQQAQABBFBkAG8AdAA0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbwBmADUAOAA4AGEA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADCBlgYKKwYBBAGCNwwCAQSBhzCBhB4QAEgA +VwBJAEQAMgA0ADYAMwIEEAEAAQRqZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AMwA2ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAm +AGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0 +MHIeEABIAFcASQBEADIANAA2ADICBBABAAEEWGQAbwB0ADQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADMANgAyAGEAJgBtAGkAXwAwADAAJgBkAG8AdAA0ACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwdgYKKwYBBAGCNwwCAQRoMGYeEABIAFcASQBE +ADIANAA2ADECBBABAAEETGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADMANgAyAGEAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYgG +CisGAQQBgjcMAgEEejB4HhAASABXAEkARAAyADQANgAwAgQQAQABBF5kAG8AdAA0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADYAMgBhACYAcgBlAHYAXwAw +ADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQB +gjcMAgEEXjBcHhAASABXAEkARAAyADQANQA5AgQQAQABBEJkAG8AdAA0AFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwAzADYAMgBhACYAcAByAGkAbgB0AF8AaABw +AHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADIANAA1ADgCBBABAAEE +RmgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAG8AZgA1ADgAOABh +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYQGCisGAQQBgjcMAgEEdjB0HhAASABX +AEkARAAyADQANQA3AgQQAQABBFpkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbwBmADIANQAwADMAJgBkAG8AdAA0ACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADIANAA1 +ADYCBBABAAEERmQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBvAGYAMgA1ADAAMwAmAGQAbwB0ADQAAAAwegYKKwYBBAGCNwwCAQRs +MGoeEABIAFcASQBEADIANAA1ADUCBBABAAEEUGQAbwB0ADQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBvAGYAMgA1ADAAMwAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMIGWBgorBgEEAYI3DAIBBIGHMIGEHhAASABXAEkARAAyADQA +NQA0AgQQAQABBGpkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAy +AGIAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAwACYAZABvAHQANAAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4QAEgAVwBJ +AEQAMgA0ADUAMwIEEAEAAQRYZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AMgBiADIAYQAmAG0AaQBfADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADB2BgorBgEEAYI3DAIBBGgwZh4QAEgAVwBJAEQAMgA0ADUAMgIE +EAEAAQRMZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgBiADIA +YQAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBiAYKKwYBBAGCNwwC +AQR6MHgeEABIAFcASQBEADIANAA1ADECBBABAAEEXmQAbwB0ADQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADIAYgAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBk +AG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFwe +EABIAFcASQBEADIANAA1ADACBBABAAEEQmQAbwB0ADQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADIAYgAyAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgor +BgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMgA0ADQAOQIEEAEAAQRGaABlAHcAbABl +AHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbwBmADIANQAwADMAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADCBhAYKKwYBBAGCNwwCAQR2MHQeEABIAFcASQBEADIANAA0 +ADgCBBABAAEEWmQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBvAGYAYwBlADQAOAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMgA0ADQANwIEEAEAAQRG +ZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAG8A +ZgBjAGUANAA4ACYAZABvAHQANAAAADB6BgorBgEEAYI3DAIBBGwwah4QAEgAVwBJ +AEQAMgA0ADQANgIEEAEAAQRQZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAG8AZgBjAGUANAA4ACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwgZYGCisGAQQBgjcMAgEEgYcwgYQeEABIAFcASQBEADIANAA0ADUCBBABAAEE +amQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMANQAyAGEAJgBy +AGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0 +AF8AaABwAHoAAAAwgYIGCisGAQQBgjcMAgEEdDByHhAASABXAEkARAAyADQANAA0 +AgQQAQABBFhkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADUA +MgBhACYAbQBpAF8AMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MHYGCisGAQQBgjcMAgEEaDBmHhAASABXAEkARAAyADQANAAzAgQQAQABBExkAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADUAMgBhACYAZABvAHQA +NAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGIBgorBgEEAYI3DAIBBHoweB4QAEgA +VwBJAEQAMgA0ADQAMgIEEAEAAQReZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AMwA1ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQA +MgA0ADQAMQIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8AMwA1ADIAYQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEE +YjBgHhAASABXAEkARAAyADQANAAwAgQQAQABBEZoAGUAdwBsAGUAdAB0AC0AcABh +AGMAawBhAHIAZABoAHAAXwBvAGYAYwBlADQAOAAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMIGEBgorBgEEAYI3DAIBBHYwdB4QAEgAVwBJAEQAMgA0ADMAOQIEEAEAAQRa +ZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMA +bwBmAGQAYQBlACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisG +AQQBgjcMAgEEYjBgHhAASABXAEkARAAyADQAMwA4AgQQAQABBEZkAG8AdAA0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGYAZABhAGUA +JgBkAG8AdAA0AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADQAMwA3 +AgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AYwBvAGYAZABhAGUAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBlgYKKwYB +BAGCNwwCAQSBhzCBhB4QAEgAVwBJAEQAMgA0ADMANgIEEAEAAQRqZABvAHQANABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA3ADIAYQAmAHIAZQB2AF8AMAAx +ADAAMAAmAG0AaQBfADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADCBggYKKwYBBAGCNwwCAQR0MHIeEABIAFcASQBEADIANAAzADUCBBABAAEEWGQA +bwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMANwAyAGEAJgBtAGkA +XwAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwdgYKKwYBBAGC +NwwCAQRoMGYeEABIAFcASQBEADIANAAzADQCBBABAAEETGQAbwB0ADQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADMANwAyAGEAJgBkAG8AdAA0ACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwgYgGCisGAQQBgjcMAgEEejB4HhAASABXAEkARAAyADQA +MwAzAgQQAQABBF5kAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAz +ADcAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABf +AGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADQAMwAyAgQQ +AQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADcAMgBh +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcA +SQBEADIANAAzADECBBABAAEERmgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBk +AGgAcABfAGMAbwBmAGQAYQBlACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYQGCisG +AQQBgjcMAgEEdjB0HhAASABXAEkARAAyADQAMwAwAgQQAQABBFpkAG8AdAA0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADYAYgBkADEA +JgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADIANAAyADkCBBABAAEERGQAbwB0ADQAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADYAYgBkADEAJgBkAG8AdAA0AAAA +MHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADQAMgA4AgQQAQABBFBkAG8A +dAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADYA +YgBkADEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBlgYKKwYBBAGCNwwCAQSBhzCB +hB4QAEgAVwBJAEQAMgA0ADIANwIEEAEAAQRqZABvAHQANABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMQBkADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBf +ADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYBBAGC +NwwCAQR0MHIeEABIAFcASQBEADIANAAyADYCBBABAAEEWGQAbwB0ADQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADEAZAAyAGEAJgBtAGkAXwAwADAAJgBkAG8A +dAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwdgYKKwYBBAGCNwwCAQRoMGYeEABI +AFcASQBEADIANAAyADUCBBABAAEETGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADEAZAAyAGEAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwgYgGCisGAQQBgjcMAgEEejB4HhAASABXAEkARAAyADQAMgA0AgQQAQABBF5k +AG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGQAMgBhACYAcgBl +AHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwG +CisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADQAMgAzAgQQAQABBEJkAG8AdAA0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGQAMgBhACYAcAByAGkAbgB0 +AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADIANAAyADIC +BBABAAEERmgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA2 +AGIAZAAxACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYQGCisGAQQBgjcMAgEEdjB0 +HhAASABXAEkARAAyADQAMgAxAgQQAQABBFpkAG8AdAA0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGYAZAA1AGUAJgBkAG8AdAA0ACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBE +ADIANAAyADACBBABAAEERmQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBjAG8AZgBkADUAZQAmAGQAbwB0ADQAAAAwegYKKwYBBAGC +NwwCAQRsMGoeEABIAFcASQBEADIANAAxADkCBBABAAEEUGQAbwB0ADQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AZgBkADUAZQAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMIGWBgorBgEEAYI3DAIBBIGHMIGEHhAASABXAEkA +RAAyADQAMQA4AgQQAQABBGpkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwAxAGMAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAwACYAZABv +AHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4Q +AEgAVwBJAEQAMgA0ADEANwIEEAEAAQRYZABvAHQANABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMQBjADIAYQAmAG0AaQBfADAAMAAmAGQAbwB0ADQAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADB2BgorBgEEAYI3DAIBBGgwZh4QAEgAVwBJAEQAMgA0 +ADEANgIEEAEAAQRMZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MQBjADIAYQAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBiAYKKwYB +BAGCNwwCAQR6MHgeEABIAFcASQBEADIANAAxADUCBBABAAEEXmQAbwB0ADQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAYwAyAGEAJgByAGUAdgBfADAAMQAw +ADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwC +AQReMFweEABIAFcASQBEADIANAAxADQCBBABAAEEQmQAbwB0ADQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADEAYwAyAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMgA0ADEAMwIEEAEAAQRGaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGYAZAA1AGUAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADCBhAYKKwYBBAGCNwwCAQR2MHQeEABIAFcASQBE +ADIANAAxADICBBABAAEEWmQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEANwBkAGEAMQAmAGQAbwB0ADQAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMgA0ADEAMQIE +EAEAAQRGZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQA3AGQAYQAxACYAZABvAHQANAAAADB6BgorBgEEAYI3DAIBBGwwah4Q +AEgAVwBJAEQAMgA0ADEAMAIEEAEAAQRQZABvAHQANABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA3AGQAYQAxACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwgZYGCisGAQQBgjcMAgEEgYcwgYQeEABIAFcASQBEADIANAAwADkC +BBABAAEEamQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAZQAy +AGEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAAJgBkAG8AdAA0ACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwgYIGCisGAQQBgjcMAgEEdDByHhAASABXAEkARAAy +ADQAMAA4AgQQAQABBFhkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAxAGUAMgBhACYAbQBpAF8AMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMHYGCisGAQQBgjcMAgEEaDBmHhAASABXAEkARAAyADQAMAA3AgQQAQAB +BExkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGUAMgBhACYA +ZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGIBgorBgEEAYI3DAIBBHow +eB4QAEgAVwBJAEQAMgA0ADAANgIEEAEAAQReZABvAHQANABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMQBlADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0 +ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgA +VwBJAEQAMgA0ADAANQIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AMQBlADIAYQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQB +gjcMAgEEYjBgHhAASABXAEkARAAyADQAMAA0AgQQAQABBEZoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANwBkAGEAMQAmAHAAcgBpAG4AdABf +AGgAcAB6AAAAMIGEBgorBgEEAYI3DAIBBHYwdB4QAEgAVwBJAEQAMgA0ADAAMwIE +EAEAAQRaZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQAxADYAYwA2ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MHAGCisGAQQBgjcMAgEEYjBgHhAASABXAEkARAAyADQAMAAyAgQQAQABBEZkAG8A +dAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADEA +NgBjADYAJgBkAG8AdAA0AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAy +ADQAMAAxAgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADEANgBjADYAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCB +lgYKKwYBBAGCNwwCAQSBhzCBhB4QAEgAVwBJAEQAMgA0ADAAMAIEEAEAAQRqZABv +AHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBmADIAYQAmAHIAZQB2 +AF8AMAAxADAAMAAmAG0AaQBfADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBo +AHAAegAAADCBggYKKwYBBAGCNwwCAQR0MHIeEABIAFcASQBEADIAMwA5ADkCBBAB +AAEEWGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAZgAyAGEA +JgBtAGkAXwAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwdgYK +KwYBBAGCNwwCAQRoMGYeEABIAFcASQBEADIAMwA5ADgCBBABAAEETGQAbwB0ADQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAZgAyAGEAJgBkAG8AdAA0ACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwgYgGCisGAQQBgjcMAgEEejB4HhAASABXAEkA +RAAyADMAOQA3AgQQAQABBF5kAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwAxAGYAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADMA +OQA2AgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAx +AGYAMgBhACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAe +EABIAFcASQBEADIAMwA5ADUCBBABAAEERmgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQAxADYAYwA2ACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +gYQGCisGAQQBgjcMAgEEdjB0HhAASABXAEkARAAyADMAOQA0AgQQAQABBFpkAG8A +dAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADgA +NgBmADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGC +NwwCAQRiMGAeEABIAFcASQBEADIAMwA5ADMCBBABAAEERmQAbwB0ADQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAOAA2AGYAMAAmAGQA +bwB0ADQAAAAwegYKKwYBBAGCNwwCAQRsMGoeEABIAFcASQBEADIAMwA5ADICBBAB +AAEEUGQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAOAA2AGYAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGWBgorBgEEAYI3 +DAIBBIGHMIGEHhAASABXAEkARAAyADMAOQAxAgQQAQABBGpkAG8AdAA0AFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGQAMQA3ACYAcgBlAHYAXwAwADEAMAAw +ACYAbQBpAF8AMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGC +BgorBgEEAYI3DAIBBHQwch4QAEgAVwBJAEQAMgAzADkAMAIEEAEAAQRYZABvAHQA +NABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBkADEANwAmAG0AaQBfADAA +MAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB2BgorBgEEAYI3DAIB +BGgwZh4QAEgAVwBJAEQAMgAzADgAOQIEEAEAAQRMZABvAHQANABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AOQBkADEANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADCBiAYKKwYBBAGCNwwCAQR6MHgeEABIAFcASQBEADIAMwA4ADgC +BBABAAEEXmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAZAAx +ADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABw +AHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADIAMwA4ADcCBBABAAEE +QmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAZAAxADcAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQA +MgAzADgANgIEEAEAAQRGaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AbABhADgANgBmADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYKKwYBBAGC +NwwCAQR2MHQeEABIAFcASQBEADIAMwA4ADUCBBABAAEEWmQAbwB0ADQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANgBiADUANgAmAGQA +bwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4Q +AEgAVwBJAEQAMgAzADgANAIEEAEAAQRGZABvAHQANABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA2AGIANQA2ACYAZABvAHQANAAAADB8 +BgorBgEEAYI3DAIBBG4wbB4QAEgAVwBJAEQAMgAzADgAMwIEEAEAAQRSZABvAHQA +NABcAGgAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADYA +YgA1ADYAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBlgYKKwYBBAGCNwwCAQSBhzCB +hB4QAEgAVwBJAEQAMgAzADgAMgIEEAEAAQRqZABvAHQANABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AOQBhADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBf +ADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYBBAGC +NwwCAQR0MHIeEABIAFcASQBEADIAMwA4ADECBBABAAEEWGQAbwB0ADQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADkAYQAxADcAJgBtAGkAXwAwADAAJgBkAG8A +dAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwdgYKKwYBBAGCNwwCAQRoMGYeEABI +AFcASQBEADIAMwA4ADACBBABAAEETGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADkAYQAxADcAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwgYgGCisGAQQBgjcMAgEEejB4HhAASABXAEkARAAyADMANwA5AgQQAQABBF5k +AG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGEAMQA3ACYAcgBl +AHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwG +CisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADMANwA4AgQQAQABBEJkAG8AdAA0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGEAMQA3ACYAcAByAGkAbgB0 +AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADIAMwA3ADcC +BBABAAEERmgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA2 +AGIANQA2ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYQGCisGAQQBgjcMAgEEdjB0 +HhAASABXAEkARAAyADMANwA2AgQQAQABBFpkAG8AdAA0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADQAYgBhADkAJgBkAG8AdAA0ACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBE +ADIAMwA3ADUCBBABAAEERmQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEANABiAGEAOQAmAGQAbwB0ADQAAAAwegYKKwYBBAGC +NwwCAQRsMGoeEABIAFcASQBEADIAMwA3ADQCBBABAAEEUGQAbwB0ADQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANABiAGEAOQAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMIGWBgorBgEEAYI3DAIBBIGHMIGEHhAASABXAEkA +RAAyADMANwAzAgQQAQABBGpkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwBhADYAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAwACYAZABv +AHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4Q +AEgAVwBJAEQAMgAzADcAMgIEEAEAAQRYZABvAHQANABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AYQA2ADEANwAmAG0AaQBfADAAMAAmAGQAbwB0ADQAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADB2BgorBgEEAYI3DAIBBGgwZh4QAEgAVwBJAEQAMgAz +ADcAMQIEEAEAAQRMZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +YQA2ADEANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBiAYKKwYB +BAGCNwwCAQR6MHgeEABIAFcASQBEADIAMwA3ADACBBABAAEEXmQAbwB0ADQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEANgAxADcAJgByAGUAdgBfADAAMQAw +ADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwC +AQReMFweEABIAFcASQBEADIAMwA2ADkCBBABAAEEQmQAbwB0ADQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfAGEANgAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMgAzADYAOAIEEAEAAQRGaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADQAYgBhADkAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADCBhgYKKwYBBAGCNwwCAQR4MHYeEABIAFcASQBE +ADIAMwA2ADcCBBABAAEEXGQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEAZgAxADUANwBzACYAZABvAHQANAAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHhAASABXAEkARAAyADMANgA2 +AgQQAQABBEZkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhAGYAMQA1ADcAJgBkAG8AdAA0AAAAMHoGCisGAQQBgjcMAgEEbDBq +HhAASABXAEkARAAyADMANgA1AgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGYAMQA1ADcAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADCBlgYKKwYBBAGCNwwCAQSBhzCBhB4QAEgAVwBJAEQAMgAzADYA +NAIEEAEAAQRqZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBm +ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAmAGQAbwB0ADQAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0MHIeEABIAFcASQBE +ADIAMwA2ADMCBBABAAEEWGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADkAZgAxADcAJgBtAGkAXwAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwdgYKKwYBBAGCNwwCAQRoMGYeEABIAFcASQBEADIAMwA2ADICBBAB +AAEETGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAZgAxADcA +JgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYgGCisGAQQBgjcMAgEE +ejB4HhAASABXAEkARAAyADMANgAxAgQQAQABBF5kAG8AdAA0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA5AGYAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAZABv +AHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAA +SABXAEkARAAyADMANgAwAgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA5AGYAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYB +BAGCNwwCAQRiMGAeEABIAFcASQBEADIAMwA1ADkCBBABAAEERmgAZQB3AGwAZQB0 +AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBmADEANQA3ACYAcAByAGkAbgB0 +AF8AaABwAHoAAAAwgYQGCisGAQQBgjcMAgEEdjB0HhAASABXAEkARAAyADMANQA4 +AgQQAQABBFpkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADIAZABhAGIAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADIAMwA1ADcCBBABAAEERmQA +bwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +MgBkAGEAYgAmAGQAbwB0ADQAAAAwegYKKwYBBAGCNwwCAQRsMGoeEABIAFcASQBE +ADIAMwA1ADYCBBABAAEEUGQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEAMgBkAGEAYgAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MIGWBgorBgEEAYI3DAIBBIGHMIGEHhAASABXAEkARAAyADMANQA1AgQQAQABBGpk +AG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGUAMQA3ACYAcgBl +AHYAXwAwADEAMAAwACYAbQBpAF8AMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABf +AGgAcAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4QAEgAVwBJAEQAMgAzADUANAIE +EAEAAQRYZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBlADEA +NwAmAG0AaQBfADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB2 +BgorBgEEAYI3DAIBBGgwZh4QAEgAVwBJAEQAMgAzADUAMwIEEAEAAQRMZABvAHQA +NABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBlADEANwAmAGQAbwB0ADQA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADCBiAYKKwYBBAGCNwwCAQR6MHgeEABIAFcA +SQBEADIAMwA1ADICBBABAAEEXmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADkAZQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADIA +MwA1ADECBBABAAEEQmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADkAZQAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIw +YB4QAEgAVwBJAEQAMgAzADUAMAIEEAEAAQRGaABlAHcAbABlAHQAdAAtAHAAYQBj +AGsAYQByAGQAaABwAF8AbABhADIAZABhAGIAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMgAzADQAOQIEEAEAAQRGaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADEANwBmADkAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQA +MgAzADQAOAIEEAEAAQRGaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AbABhAGQANwAzADgAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3 +DAIBBGIwYB4QAEgAVwBJAEQAMgAzADQANwIEEAEAAQRGaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQANgA3ADgAJgBwAHIAaQBuAHQAXwBo +AHAAegAAADCBhAYKKwYBBAGCNwwCAQR2MHQeEABIAFcASQBEADIAMwA0ADYCBBAB +AAEEWmQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAMQA3AGYAOQAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBw +BgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMgAzADQANQIEEAEAAQRGZABvAHQA +NABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAxADcA +ZgA5ACYAZABvAHQANAAAADB6BgorBgEEAYI3DAIBBGwwah4QAEgAVwBJAEQAMgAz +ADQANAIEEAEAAQRQZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQAxADcAZgA5ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwWAYK +KwYBBAGCNwwCAQRKMEgeEABIAFcASQBEADIAMwA0ADMCBBABAAEELmQAbwB0ADQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEANQAxADcAAAAwgYQGCisGAQQB +gjcMAgEEdjB0HhAASABXAEkARAAyADMANAAyAgQQAQABBFpkAG8AdAA0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQANwAzADgAJgBk +AG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAe +EABIAFcASQBEADIAMwA0ADECBBABAAEERmQAbwB0ADQAXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAA3ADMAOAAmAGQAbwB0ADQAAAAw +egYKKwYBBAGCNwwCAQRsMGoeEABIAFcASQBEADIAMwA0ADACBBABAAEEUGQAbwB0 +ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAA3 +ADMAOAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGIGCisGAQQBgjcMAgEEVDBSHhAA +SABXAEkARAAyADMAMwA5AgQQAQABBDhkAG8AdAA0AFwAZABvAHQANABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AYQA1ADEANwAAADCBhAYKKwYBBAGCNwwCAQR2 +MHQeEABIAFcASQBEADIAMwAzADgCBBABAAEEWmQAbwB0ADQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAA2ADcAOAAmAGQAbwB0ADQA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJ +AEQAMgAzADMANwIEEAEAAQRGZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQBkADYANwA4ACYAZABvAHQANAAAADB6BgorBgEE +AYI3DAIBBGwwah4QAEgAVwBJAEQAMgAzADMANgIEEAEAAQRQZABvAHQANABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkADYANwA4ACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwgZYGCisGAQQBgjcMAgEEgYcwgYQeEABIAFcA +SQBEADIAMwAzADUCBBABAAEEamQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfAGEANQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAAJgBk +AG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYIGCisGAQQBgjcMAgEEdDBy +HhAASABXAEkARAAyADMAMwA0AgQQAQABBFhkAG8AdAA0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwBhADUAMQA3ACYAbQBpAF8AMAAwACYAZABvAHQANAAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMHYGCisGAQQBgjcMAgEEaDBmHhAASABXAEkARAAy +ADMAMwAzAgQQAQABBExkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBhADUAMQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGIBgor +BgEEAYI3DAIBBHoweB4QAEgAVwBJAEQAMgAzADMAMgIEEAEAAQReZABvAHQANABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQA1ADEANwAmAHIAZQB2AF8AMAAx +ADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3 +DAIBBF4wXB4QAEgAVwBJAEQAMgAzADMAMQIEEAEAAQRCZABvAHQANABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AYQA1ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMHAGCisGAQQBgjcMAgEEYjBgHhAASABXAEkARAAyADMAMwAwAgQQAQABBEZo +AGUAdwBsAGUAdAB0AC0AcABhAHIAawBhAHIAZABoAHAAXwBsAGEAMwBhADUANgAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMIGEBgorBgEEAYI3DAIBBHYwdB4QAEgAVwBJ +AEQAMgAzADIAOQIEEAEAAQRaZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQA3AGUAMwBkACYAZABvAHQANAAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHhAASABXAEkARAAyADMAMgA4 +AgQQAQABBEZkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADcAZQAzAGQAJgBkAG8AdAA0AAAAMHoGCisGAQQBgjcMAgEEbDBq +HhAASABXAEkARAAyADMAMgA3AgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQByAGsAYQByAGQAaABwAF8AbABhADMAYQA1ADYAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADCBlgYKKwYBBAGCNwwCAQSBhzCBhB4QAEgAVwBJAEQAMgAzADIA +NgIEEAEAAQRqZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQA0 +ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAmAGQAbwB0ADQAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0MHIeEABIAFcASQBE +ADIAMwAyADUCBBABAAEEWGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfAGEANAAxADcAJgBtAGkAXwAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwdgYKKwYBBAGCNwwCAQRoMGYeEABIAFcASQBEADIAMwAyADQCBBAB +AAEETGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEANAAxADcA +JgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYgGCisGAQQBgjcMAgEE +ejB4HhAASABXAEkARAAyADMAMgAzAgQQAQABBF5kAG8AdAA0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwBhADQAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAZABv +AHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAA +SABXAEkARAAyADMAMgAyAgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwBhADQAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYB +BAGCNwwCAQRqMGgeEABIAFcASQBEADIAMwAyADECBBABAAEETmQAbwB0ADQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEAMwAxADcAJgBtAGkAXwAwADAAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQA +MgAzADIAMAIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8AYQAzADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMH4GCisGAQQBgjcMAgEE +cDBuHhAASABXAEkARAAyADMAMQA5AgQQAQABBFRkAG8AdAA0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwBhADMAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwgYIGCisGAQQBgjcMAgEEdDByHhAASABXAEkARAAy +ADMAMQA4AgQQAQABBFhkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBhADMAMQA3ACYAbQBpAF8AMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADMAMQA3AgQQAQAB +BFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhADAAOQBlAGQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB2BgorBgEEAYI3DAIB +BGgwZh4QAEgAVwBJAEQAMgAzADEANgIEEAEAAQRMZABvAHQANABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AYQAzADEANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADCBiAYKKwYBBAGCNwwCAQR6MHgeEABIAFcASQBEADIAMwAxADUC +BBABAAEEXmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEAMwAx +ADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABw +AHoAAAAwfgYKKwYBBAGCNwwCAQRwMG4eEABIAFcASQBEADIAMwAxADQCBBABAAEE +VGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAYwAxADcAJgBy +AGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3 +DAIBBGowaB4QAEgAVwBJAEQAMgAzADEAMwIEEAEAAQROZABvAHQANABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBjADEANwAmAG0AaQBfADAAMAAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQAMgAz +ADEAMgIEEAEAAQRgZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +OQBjADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADMAMQAx +AgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADAAOABmAGQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYB +BAGCNwwCAQR0MHIeEABIAFcASQBEADIAMwAxADACBBABAAEEWGQAbwB0ADQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAYwAxADcAJgBtAGkAXwAwADAAJgBk +AG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwdgYKKwYBBAGCNwwCAQRoMGYe +EABIAFcASQBEADIAMwAwADkCBBABAAEETGQAbwB0ADQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADkAYwAxADcAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABw +AHoAAAAwgYgGCisGAQQBgjcMAgEEejB4HhAASABXAEkARAAyADMAMAA4AgQQAQAB +BF5kAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGMAMQA3ACYA +cgBlAHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADMAMAA3AgQQAQABBFBkAG8A +dAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGYA +YgBhAGIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB2BgorBgEEAYI3DAIBBGgwZh4Q +AEgAVwBJAEQAMgAzADAANgIEEAEAAQRMZABvAHQANABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AYQAyADEANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADCBiAYKKwYBBAGCNwwCAQR6MHgeEABIAFcASQBEADIAMwAwADUCBBABAAEE +XmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEAMgAxADcAJgBy +AGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +egYKKwYBBAGCNwwCAQRsMGoeEABIAFcASQBEADIAMwAwADQCBBABAAEEUGQAbwB0 +ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8ANgAy +ADgANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHYGCisGAQQBgjcMAgEEaDBmHhAA +SABXAEkARAAyADMAMAAzAgQQAQABBExkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA5AGIAMQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMIGIBgorBgEEAYI3DAIBBHoweB4QAEgAVwBJAEQAMgAzADAAMgIEEAEAAQRe +ZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBiADEANwAmAHIA +ZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB6 +BgorBgEEAYI3DAIBBGwwah4QAEgAVwBJAEQAMgAzADAAMQIEEAEAAQRQZABvAHQA +NABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBmAGEA +NwA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwdgYKKwYBBAGCNwwCAQRoMGYeEABI +AFcASQBEADIAMwAwADACBBABAAEETGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADkAOQAxADcAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwgYgGCisGAQQBgjcMAgEEejB4HhAASABXAEkARAAyADIAOQA5AgQQAQABBF5k +AG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5ADkAMQA3ACYAcgBl +AHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHgG +CisGAQQBgjcMAgEEajBoHhAASABXAEkARAAyADIAOQA4AgQQAQABBE5kAG8AdAA0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADcAMQAyACYAbQBpAF8AMAAy +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYoGCisGAQQBgjcMAgEEfDB6HhAASABX +AEkARAAyADIAOQA3AgQQAQABBGBkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA1ADcAMQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyACYA +cAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABIAFcASQBE +ADIAMgA5ADYCBBABAAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADUAMAAxADIAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCB +igYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMgA5ADUCBBABAAEEYGQAbwB0 +ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUAMAAxADIAJgByAGUAdgBf +ADAAMQAwADAAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4Bgor +BgEEAYI3DAIBBGowaB4QAEgAVwBJAEQAMgAyADkANAIEEAEAAQROZABvAHQANABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAA5ADEAMgAmAG0AaQBfADAAMQAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJ +AEQAMgAyADkAMwIEEAEAAQRgZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8ANAA5ADEAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMQAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAy +ADIAOQAyAgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADkAOAA2ADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBs +BgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAyADkAMQIEEAEAAQRCZABvAHQA +NABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQA3ADEANwAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMH4GCisGAQQBgjcMAgEEcDBuHhAASABXAEkARAAyADIAOQAw +AgQQAQABBFRkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5ADcA +MQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAwegYK +KwYBBAGCNwwCAQRsMGoeEABIAFcASQBEADIAMgA4ADkCBBABAAEEUGQAbwB0ADQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMQBkADgA +OQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABX +AEkARAAyADIAOAA4AgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA5ADUAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYKKwYBBAGC +NwwCAQRwMG4eEABIAFcASQBEADIAMgA4ADcCBBABAAEEVGQAbwB0ADQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADkANQAxADcAJgByAGUAdgBfADAAMQAwADAA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADB6BgorBgEEAYI3DAIBBGwwah4QAEgAVwBJ +AEQAMgAyADgANgIEEAEAAQRQZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQA4ADgAMAAwACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADIAMgA4ADUCBBABAAEEQmQA +bwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkANgAxADcAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAwbh4QAEgAVwBJAEQAMgAy +ADgANAIEEAEAAQRUZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +OQA2ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkARAAyADIAOAAzAgQQAQABBE5kAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGUAMQAyACYAbQBpAF8A +MAAyACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYoGCisGAQQBgjcMAgEEfDB6HhAA +SABXAEkARAAyADIAOAAyAgQQAQABBGBkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAyAGUAMQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAy +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABIAFcA +SQBEADIAMgA4ADECBBABAAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADQANwAxADIAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMgA4ADACBBABAAEEYGQA +bwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQANwAxADIAJgByAGUA +dgBfADAAMQAwADAAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4 +BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJAEQAMgAyADcAOQIEEAEAAQROZABvAHQA +NABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgBkADEAMgAmAG0AaQBfADAA +MgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgA +VwBJAEQAMgAyADcAOAIEEAEAAQRgZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AMgBkADEAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMgAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkA +RAAyADIANwA3AgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwA0ADYAMQAyACYAbQBpAF8AMAAxACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +gYoGCisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAyADIANwA2AgQQAQABBGBkAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADYAMQAyACYAcgBlAHYA +XwAwADEAMAAwACYAbQBpAF8AMAAxACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYK +KwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMgA3ADUCBBABAAEETmQAbwB0ADQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcANAAxADEAJgBtAGkAXwAwADIA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJ +AEQAMgAyADcANAIEEAEAAQROZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOAAwADEAMQAmAG0AaQBfADAAMQAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkARAAyADIANwAzAgQQAQABBE5kAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADcAMQAxACYAbQBpAF8A +MAAyACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABI +AFcASQBEADIAMgA3ADICBBABAAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADcAZgAxADEAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADB4BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJAEQAMgAyADcAMQIEEAEAAQRO +ZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwA5ADEAMQAmAG0A +aQBfADAAMgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEEajBo +HhAASABXAEkARAAyADIANwAwAgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA3ADMAMQAxACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwgYoGCisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAyADIANgA5AgQQ +AQABBGBkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADUAMQAy +ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8AaABw +AHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMgA2ADgCBBABAAEE +TmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQANQAxADIAJgBt +AGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8 +MHoeEABIAFcASQBEADIAMgA2ADcCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADQANAAxADIAJgByAGUAdgBfADAAMQAwADAAJgBtAGkA +XwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3DAIBBGowaB4Q +AEgAVwBJAEQAMgAyADYANgIEEAEAAQROZABvAHQANABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANAA0ADEAMgAmAG0AaQBfADAAMgAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQAMgAyADYANQIEEAEA +AQRgZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAAzADEAMgAm +AHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMQAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkARAAyADIANgA0AgQQAQABBE5k +AG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADMAMQAyACYAbQBp +AF8AMAAxACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYoGCisGAQQBgjcMAgEEfDB6 +HhAASABXAEkARAAyADIANgAzAgQQAQABBGBkAG8AdAA0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA0ADIAMQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8A +MAAxACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABI +AFcASQBEADIAMgA2ADICBBABAAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADQAMgAxADIAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMgA2ADECBBABAAEE +YGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQAMAAxADIAJgBy +AGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADB4BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJAEQAMgAyADYAMAIEEAEAAQROZABv +AHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAAwADEAMgAmAG0AaQBf +ADAAMgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGKBgorBgEEAYI3DAIBBHwweh4Q +AEgAVwBJAEQAMgAyADUAOQIEEAEAAQRgZABvAHQANABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMwA5ADEAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAA +MgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEEajBoHhAASABX +AEkARAAyADIANQA4AgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAzADkAMQAyACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwgYoGCisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAyADIANQA3AgQQAQABBGBk +AG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADgAMQAyACYAcgBl +AHYAXwAwADEAMAAwACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +eAYKKwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMgA1ADYCBBABAAEETmQAbwB0 +ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMAOAAxADIAJgBtAGkAXwAw +ADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABI +AFcASQBEADIAMgA1ADUCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADMANgAxADIAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADEA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJ +AEQAMgAyADUANAIEEAEAAQROZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AMwA2ADEAMgAmAG0AaQBfADAAMQAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkARAAyADIANQAzAgQQAQABBE5kAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGIAMQAyACYAbQBpAF8A +MAAyACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYoGCisGAQQBgjcMAgEEfDB6HhAA +SABXAEkARAAyADIANQAyAgQQAQABBGBkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAyAGIAMQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAy +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABIAFcA +SQBEADIAMgA1ADECBBABAAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADIAYwAxADIAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMgA1ADACBBABAAEEYGQA +bwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAYwAxADIAJgByAGUA +dgBfADAAMQAwADAAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4 +BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJAEQAMgAyADQAOQIEEAEAAQROZABvAHQA +NABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgBhADEAMgAmAG0AaQBfADAA +MgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgA +VwBJAEQAMgAyADQAOAIEEAEAAQRgZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AMgBhADEAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMgAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkA +RAAyADIANAA3AgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwAzADMAMQAyACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +gYoGCisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAyADIANAA2AgQQAQABBGBkAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADMAMQAyACYAcgBlAHYA +XwAwADEAMAAwACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYK +KwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMgA0ADUCBBABAAEETmQAbwB0ADQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAOQAwADQAJgBtAGkAXwAwADIA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJ +AEQAMgAyADQANAIEEAEAAQROZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8ANgBiADEAMQAmAG0AaQBfADAAMgAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkARAAyADIANAAzAgQQAQABBE5kAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBkADEAMAAyACYAbQBpAF8A +MAAxACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABI +AFcASQBEADIAMgA0ADICBBABAAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADIAOAAwADQAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADB4BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJAEQAMgAyADQAMQIEEAEAAQRO +ZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgBmADEAMQAmAG0A +aQBfADAAMQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEEajBo +HhAASABXAEkARAAyADIANAAwAgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA3ADIAMQAxACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8A +aABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMgAzADkCBBAB +AAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAMQAxADEA +JgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3DAIB +BGowaB4QAEgAVwBJAEQAMgAyADMAOAIEEAEAAQROZABvAHQANABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8ANwAwADEAMQAmAG0AaQBfADAAMgAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkARAAyADIAMwA3 +AgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADEA +MQAyACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYoGCisGAQQB +gjcMAgEEfDB6HhAASABXAEkARAAyADIAMwA2AgQQAQABBGBkAG8AdAA0AFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwAzADEAMQAyACYAcgBlAHYAXwAwADEAMAAw +ACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwC +AQRqMGgeEABIAFcASQBEADIAMgAzADUCBBABAAEETmQAbwB0ADQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADMAMgAxADIAJgBtAGkAXwAwADIAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMgAz +ADQCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMA +MgAxADIAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADB4BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJAEQAMgAyADMAMwIE +EAEAAQROZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwAwADEA +MgAmAG0AaQBfADAAMgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGKBgorBgEEAYI3 +DAIBBHwweh4QAEgAVwBJAEQAMgAyADMAMgIEEAEAAQRgZABvAHQANABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AMwAwADEAMgAmAHIAZQB2AF8AMAAxADAAMAAm +AG0AaQBfADAAMgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEE +ajBoHhAASABXAEkARAAyADIAMwAxAgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwAyADcAMQAyACYAbQBpAF8AMAAxACYAcAByAGkAbgB0 +AF8AaABwAHoAAAAwgYoGCisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAyADIAMwAw +AgQQAQABBGBkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADcA +MQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxACYAcAByAGkAbgB0AF8A +aABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMgAyADkCBBAB +AAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMANAAxADIA +JgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwC +AQR8MHoeEABIAFcASQBEADIAMgAyADgCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADMANAAxADIAJgByAGUAdgBfADAAMQAwADAAJgBt +AGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3DAIBBGow +aB4QAEgAVwBJAEQAMgAyADIANwIEEAEAAQROZABvAHQANABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMgA4ADEAMgAmAG0AaQBfADAAMQAmAHAAcgBpAG4AdABf +AGgAcAB6AAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQAMgAyADIANgIE +EAEAAQRgZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA4ADEA +MgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMQAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADIAMgA1AgQQAQAB +BFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADkANABhADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIB +BF4wXB4QAEgAVwBJAEQAMgAyADIANAIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AOABjADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADIAMgAzAgQQAQABBFBkAG8A +dAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGYA +OQA0AGMAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4wXB4Q +AEgAVwBJAEQAMgAyADIAMgIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOAA1ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisG +AQQBgjcMAgEEbDBqHhAASABXAEkARAAyADIAMgAxAgQQAQABBFBkAG8AdAA0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGEAYgAzADcA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJ +AEQAMgAyADIAMAIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOABhADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHgGCisGAQQBgjcM +AgEEajBoHhAASABXAEkARAAyADIAMQA5AgQQAQABBE5kAG8AdAA0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwBiAGQAMAAyACYAbQBpAF8AMAAxACYAcAByAGkA +bgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMgAx +ADgCBBABAAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEA +ZQAwADQAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEE +AYI3DAIBBGowaB4QAEgAVwBJAEQAMgAyADEANwIEEAEAAQROZABvAHQANABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgA3ADEAMQAmAG0AaQBfADAAMgAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkARAAy +ADIAMQA2AgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBkADAAMAAyACYAbQBpAF8AMAAxACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYK +KwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMgAxADUCBBABAAEETmQAbwB0ADQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIANAAwADQAJgBtAGkAXwAwADIA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJ +AEQAMgAyADEANAIEEAEAAQROZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8ANgBjADEAMQAmAG0AaQBfADAAMgAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkARAAyADIAMQAzAgQQAQABBE5kAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADUAMAA0ACYAbQBpAF8A +MAAyACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABI +AFcASQBEADIAMgAxADICBBABAAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADYAZAAxADEAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADB6BgorBgEEAYI3DAIBBGwwah4QAEgAVwBJAEQAMgAyADEAMQIEEAEAAQRQ +ZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwA +YQA0AGMAOQA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYKKwYBBAGCNwwCAQRw +MG4eEABIAFcASQBEADIAMgAxADACBBABAAEEVGQAbwB0ADQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADgAOQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAy +ADAAOQIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +OAA5ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBq +HhAASABXAEkARAAyADIAMAA4AgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADgAYQBlADcAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAyADAANwIE +EAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgBhADEA +NwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABX +AEkARAAyADIAMAA2AgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhADEAYQBlADYAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAyADAANQIEEAEAAQRC +ZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA0ADEANwAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAy +ADIAMAA0AgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADUAMwAwADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBs +BgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAyADAAMwIEEAEAAQRCZABvAHQA +NABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA1ADEANwAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADIAMAAy +AgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADMAMwAwADUAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEE +AYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAyADAAMQIEEAEAAQRCZABvAHQANABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgBhADEANwAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADIAMAAwAgQQAQAB +BFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhADMANgA5ADYAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB6BgorBgEEAYI3DAIB +BGwwah4QAEgAVwBJAEQAMgAxADkAOQIEEAEAAQRQZABvAHQANABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA5ADcAMwBiACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwegYKKwYBBAGCNwwCAQRsMGoeEABIAFcASQBEADIAMQA5 +ADgCBBABAAEEUGQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEANQA3AGYAYQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisG +AQQBgjcMAgEEbDBqHhAASABXAEkARAAyADEAOQA3AgQQAQABBFBkAG8AdAA0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADUAMwBiAGEA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADB6BgorBgEEAYI3DAIBBGwwah4QAEgAVwBJ +AEQAMgAxADkANgIEEAEAAQRQZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQA5ADMANwBiACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwegYKKwYBBAGCNwwCAQRsMGoeEABIAFcASQBEADIAMQA5ADUCBBABAAEEUGQA +bwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +OQAyADMAYgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBq +HhAASABXAEkARAAyADEAOQA0AgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADUAMgBmAGEAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADB6BgorBgEEAYI3DAIBBGwwah4QAEgAVwBJAEQAMgAxADkAMwIE +EAEAAQRQZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQA5ADAAYgBiACYAcAByAGkAbgB0AF8AaABwAHoAAAAwegYKKwYBBAGC +NwwCAQRsMGoeEABIAFcASQBEADIAMQA5ADICBBABAAEEUGQAbwB0ADQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANQAwADcAYQAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAy +ADEAOQAxAgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADUAMQAzAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB6 +BgorBgEEAYI3DAIBBGwwah4QAEgAVwBJAEQAMgAxADkAMAIEEAEAAQRQZABvAHQA +NABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA4AGUA +OQAzACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABI +AFcASQBEADIAMQA4ADkCBBABAAEEQmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADgAOAAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB6BgorBgEE +AYI3DAIBBGwwah4QAEgAVwBJAEQAMgAxADgAOAIEEAEAAQRQZABvAHQANABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA5AGUAOAAzACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBE +ADIAMQA4ADcCBBABAAEEQmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADgANwAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIB +BF4wXB4QAEgAVwBJAEQAMgAxADgANgIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AOABkADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MH4GCisGAQQBgjcMAgEEcDBuHhAASABXAEkARAAyADEAOAA1AgQQAQABBFRkAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4AGQAMQA3ACYAcgBlAHYA +XwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAwegYKKwYBBAGCNwwCAQRs +MGoeEABIAFcASQBEADIAMQA4ADQCBBABAAEEUGQAbwB0ADQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMgA3AGIAYgAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADEAOAAz +AgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADEA +MQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYKKwYBBAGCNwwCAQRwMG4eEABI +AFcASQBEADIAMQA4ADICBBABAAEEVGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADgAMQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADB6BgorBgEEAYI3DAIBBGwwah4QAEgAVwBJAEQAMgAxADgAMQIE +EAEAAQRQZABvAHQANABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQAyADYAYQBiACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGC +NwwCAQReMFweEABIAFcASQBEADIAMQA4ADACBBABAAEEQmQAbwB0ADQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADgAMAAxADcAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADB+BgorBgEEAYI3DAIBBHAwbh4QAEgAVwBJAEQAMgAxADcAOQIEEAEAAQRU +ZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAAwADEANwAmAHIA +ZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcM +AgEEbDBqHhAASABXAEkARAAyADEANwA4AgQQAQABBFBkAG8AdAA0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGUANwA3AGEAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAx +ADcANwIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +OAAyADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMH4GCisGAQQBgjcMAgEEcDBu +HhAASABXAEkARAAyADEANwA2AgQQAQABBFRkAG8AdAA0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA4ADIAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcAByAGkA +bgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMQA3 +ADUCBBABAAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYA +NgAxADEAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEE +AYI3DAIBBGowaB4QAEgAVwBJAEQAMgAxADcANAIEEAEAAQROZABvAHQANABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA3ADAAMgAmAG0AaQBfADAAMQAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkARAAy +ADEANwAzAgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA2ADUAMQAxACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYK +KwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMQA3ADICBBABAAEETmQAbwB0ADQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIANgAwADIAJgBtAGkAXwAwADEA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJ +AEQAMgAxADcAMQIEEAEAAQROZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8ANQBlADEAMQAmAG0AaQBfADAAMQAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkARAAyADEANwAwAgQQAQABBE5kAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADkAMAAyACYAbQBpAF8A +MAAxACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABI +AFcASQBEADIAMQA2ADkCBBABAAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADUAZAAxADEAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADB4BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJAEQAMgAxADYAOAIEEAEAAQRO +ZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgA0ADEAMQAmAG0A +aQBfADAAMgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEEajBo +HhAASABXAEkARAAyADEANgA3AgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA2AGEAMQAxACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8A +aABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMQA2ADYCBBAB +AAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYAOQAxADEA +JgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3DAIB +BGowaB4QAEgAVwBJAEQAMgAxADYANQIEEAEAAQROZABvAHQANABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8ANgA4ADEAMQAmAG0AaQBfADAAMQAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkARAAyADEANgA0 +AgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADcA +MAA0ACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYBBAGC +NwwCAQRqMGgeEABIAFcASQBEADIAMQA2ADMCBBABAAEETmQAbwB0ADQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADcAZQAwADQAJgBtAGkAXwAwADIAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJAEQAMgAx +ADYAMgIEEAEAAQROZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +NwBkADAANAAmAG0AaQBfADAAMgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHgGCisG +AQQBgjcMAgEEajBoHhAASABXAEkARAAyADEANgAxAgQQAQABBE5kAG8AdAA0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1AGMAMQAxACYAbQBpAF8AMAAyACYA +cAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABIAFcASQBE +ADIAMQA2ADACBBABAAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADEAZgAwADIAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4 +BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJAEQAMgAxADUAOQIEEAEAAQROZABvAHQA +NABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBlADAAMgAmAG0AaQBfADAA +MQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABX +AEkARAAyADEANQA4AgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AYwBvAGMANAA1AGMAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAxADUANwIEEAEAAQRC +ZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgBmADEANwAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMH4GCisGAQQBgjcMAgEEcDBuHhAASABXAEkARAAy +ADEANQA2AgQQAQABBFRkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA2AGYAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwegYKKwYBBAGCNwwCAQRsMGoeEABIAFcASQBEADIAMQA1ADUCBBABAAEEUGQA +bwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8A +MgAzAGEAMwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBc +HhAASABXAEkARAAyADEANQA0AgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA3AGMAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYK +KwYBBAGCNwwCAQRwMG4eEABIAFcASQBEADIAMQA1ADMCBBABAAEEVGQAbwB0ADQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAYwAxADcAJgByAGUAdgBfADAA +MQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB6BgorBgEEAYI3DAIBBGwwah4Q +AEgAVwBJAEQAMgAxADUAMgIEEAEAAQRQZABvAHQANABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAzADgAZABjACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADIAMQA1ADECBBAB +AAEEQmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgANAAxADcA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAwbh4QAEgAVwBJ +AEQAMgAxADUAMAIEEAEAAQRUZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOAA0ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADEANAA5AgQQAQAB +BFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhAGUAOQBkAGQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIB +BF4wXB4QAEgAVwBJAEQAMgAxADQAOAIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AOAAzADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MH4GCisGAQQBgjcMAgEEcDBuHhAASABXAEkARAAyADEANAA3AgQQAQABBFRkAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADMAMQA3ACYAcgBlAHYA +XwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQRe +MFweEABIAFcASQBEADIAMQA0ADYCBBABAAEEQmQAbwB0ADQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADcAMQAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+ +BgorBgEEAYI3DAIBBHAwbh4QAEgAVwBJAEQAMgAxADQANQIEEAEAAQRUZABvAHQA +NABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwAxADEANwAmAHIAZQB2AF8A +MAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBc +HhAASABXAEkARAAyADEANAA0AgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA3ADcAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYK +KwYBBAGCNwwCAQRwMG4eEABIAFcASQBEADIAMQA0ADMCBBABAAEEVGQAbwB0ADQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcANwAxADcAJgByAGUAdgBfADAA +MQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3DAIBBGowaB4Q +AEgAVwBJAEQAMgAxADQAMgIEEAEAAQROZABvAHQANABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMgA2ADEANwAmAG0AaQBfADAAMAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQAMgAxADQAMQIEEAEA +AQRgZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA2ADEANwAm +AHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADEANAAwAgQQAQABBEJk +AG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADgAMQA3ACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwfgYKKwYBBAGCNwwCAQRwMG4eEABIAFcASQBEADIA +MQAzADkCBBABAAEEVGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADcAOAAxADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADB+BgorBgEEAYI3DAIBBHAwbh4QAEgAVwBJAEQAMgAxADMAOAIEEAEAAQRUZABv +AHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBkADEANwAmAHIAZQB2 +AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEE +XjBcHhAASABXAEkARAAyADEAMwA3AgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA3AGIAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +fgYKKwYBBAGCNwwCAQRwMG4eEABIAFcASQBEADIAMQAzADYCBBABAAEEVGQAbwB0 +ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAYgAxADcAJgByAGUAdgBf +ADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4w +XB4QAEgAVwBJAEQAMgAxADMANQIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8ANwA0ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMH4G +CisGAQQBgjcMAgEEcDBuHhAASABXAEkARAAyADEAMwA0AgQQAQABBFRkAG8AdAA0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADQAMQA3ACYAcgBlAHYAXwAw +ADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFwe +EABIAFcASQBEADIAMQAzADMCBBABAAEEQmQAbwB0ADQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADcAYQAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+Bgor +BgEEAYI3DAIBBHAwbh4QAEgAVwBJAEQAMgAxADMAMgIEEAEAAQRUZABvAHQANABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBhADEANwAmAHIAZQB2AF8AMAA0 +ADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAA +SABXAEkARAAyADEAMwAxAgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA3ADUAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYKKwYB +BAGCNwwCAQRwMG4eEABIAFcASQBEADIAMQAzADACBBABAAEEVGQAbwB0ADQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcANQAxADcAJgByAGUAdgBfADAANAAw +ADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgA +VwBJAEQAMgAxADIAOQIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8ANwA5ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMH4GCisGAQQB +gjcMAgEEcDBuHhAASABXAEkARAAyADEAMgA4AgQQAQABBFRkAG8AdAA0AFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADkAMQA3ACYAcgBlAHYAXwAwADEAMAAw +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcA +SQBEADIAMQAyADcCBBABAAEEQmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADcAMgAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEEAYI3 +DAIBBHAwbh4QAEgAVwBJAEQAMgAxADIANgIEEAEAAQRUZABvAHQANABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8ANwAyADEANwAmAHIAZQB2AF8AMAAxADAAMAAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkA +RAAyADEAMgA1AgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBj +AGsAYQByAGQAaABwAF8AbABhAGMAMgBmAGIAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAxADIANAIEEAEAAQRCZABv +AHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwA2ADEANwAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADEA +MgAzAgQQAQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQBy +AGQAaABwAF8AbABhADAAMgAzAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgor +BgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAxADIAMgIEEAEAAQRCZABvAHQANABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwAzADEANwAmAHAAcgBpAG4AdABf +AGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADEAMgAxAgQQ +AQABBFBkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AbABhADEANABiADYAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3 +DAIBBF4wXB4QAEgAVwBJAEQAMgAxADIAMAIEEAEAAQRCZABvAHQANABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8ANgA2ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMHoGCisGAQQBgjcMAgEEbDBqHhAASABXAEkARAAyADEAMQA5AgQQAQABBFBk +AG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABh +AGIANgA3AGMAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4w +XB4QAEgAVwBJAEQAMgAxADEAOAIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8ANgA0ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwG +CisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADEAMQA3AgQQAQABBEJkAG8AdAA0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADkAMQA3ACYAcAByAGkAbgB0 +AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADIAMQAxADYC +BBABAAEEQmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAOAAx +ADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgA +VwBJAEQAMgAxADEANQIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AMQA3ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQB +gjcMAgEEXjBcHhAASABXAEkARAAyADEAMQA0AgQQAQABBEJkAG8AdAA0AFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwAxADYAMQA3ACYAcAByAGkAbgB0AF8AaABw +AHoAAAAwgYoGCisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAyADEAMQAzAgQQAQAB +BGBkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADUAMQA3ACYA +cgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAwACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwgYoGCisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAyADEAMQAyAgQQAQABBGBk +AG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADQAMQA3ACYAcgBl +AHYAXwAwADEAMAAwACYAbQBpAF8AMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +gYoGCisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAyADEAMQAxAgQQAQABBGBkAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADMAMQA3ACYAcgBlAHYA +XwAwADEAMAAwACYAbQBpAF8AMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYoG +CisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAyADEAMQAwAgQQAQABBGBkAG8AdAA0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADIAMQA3ACYAcgBlAHYAXwAw +ADEAMAAwACYAbQBpAF8AMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAwegYKKwYB +BAGCNwwCAQRsMGoeEABIAFcASQBEADIAMQAwADkCBBABAAEEUGQAbwB0ADQAXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZABhAGIANwAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkA +RAAyADEAMAA4AgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwAyADMAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwC +AQReMFweEABIAFcASQBEADIAMQAwADcCBBABAAEEQmQAbwB0ADQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADcAZAAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAxADAANgIEEAEAAQRCZABv +AHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgAyADEANwAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADEA +MAA1AgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAx +AGQAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFwe +EABIAFcASQBEADIAMQAwADQCBBABAAEEQmQAbwB0ADQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADIAOQAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgor +BgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAxADAAMwIEEAEAAQRCZABvAHQANABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBjADEANwAmAHAAcgBpAG4AdABf +AGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADEAMAAyAgQQ +AQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGYAMQA3 +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcA +SQBEADIAMQAwADECBBABAAEEQmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADYAOQAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEEAYI3 +DAIBBHAwbh4QAEgAVwBJAEQAMgAxADAAMAIEEAEAAQRUZABvAHQANABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8ANgA5ADEANwAmAHIAZQB2AF8AMAAxADAAMAAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkA +RAAyADAAOQA5AgQQAQABBEJkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwA2ADcAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYKKwYBBAGCNwwC +AQRwMG4eEABIAFcASQBEADIAMAA5ADgCBBABAAEEVGQAbwB0ADQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADYANwAxADcAJgByAGUAdgBfADAAMQAwADAAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQA +MgAwADkANwIEEAEAAQRCZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8ANgA4ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGKBgorBgEEAYI3DAIB +BHwweh4QAEgAVwBJAEQAMgAwADkANgIEEAEAAQRgZABvAHQANABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AYwA4ADAAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0A +aQBfADAAMQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEEajBo +HhAASABXAEkARAAyADAAOQA1AgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwBjADgAMAAyACYAbQBpAF8AMAAxACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwgYoGCisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAyADAAOQA0AgQQ +AQABBGBkAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1AGIAMQAx +ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8AaABw +AHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMAA5ADMCBBABAAEE +TmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUAYgAxADEAJgBt +AGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8 +MHoeEABIAFcASQBEADIAMAA5ADICBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADIANQAxADIAJgByAGUAdgBfADAAMQAwADAAJgBtAGkA +XwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB4BgorBgEEAYI3DAIBBGowaB4Q +AEgAVwBJAEQAMgAwADkAMQIEEAEAAQROZABvAHQANABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMgA1ADEAMgAmAG0AaQBfADAAMgAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQAMgAwADkAMAIEEAEA +AQRgZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBmADEAMgAm +AHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMQAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMHgGCisGAQQBgjcMAgEEajBoHhAASABXAEkARAAyADAAOAA5AgQQAQABBE5k +AG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGYAMQAyACYAbQBp +AF8AMAAxACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYoGCisGAQQBgjcMAgEEfDB6 +HhAASABXAEkARAAyADAAOAA4AgQQAQABBGBkAG8AdAA0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwAyADMAMQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8A +MAAyACYAcAByAGkAbgB0AF8AaABwAHoAAAAweAYKKwYBBAGCNwwCAQRqMGgeEABI +AFcASQBEADIAMAA4ADcCBBABAAEETmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADIAMwAxADIAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMAA4ADYCBBABAAEE +YGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAMgAxADIAJgBy +AGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADB4BgorBgEEAYI3DAIBBGowaB4QAEgAVwBJAEQAMgAwADgANQIEEAEAAQROZABv +AHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgAyADEAMgAmAG0AaQBf +ADAAMgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGKBgorBgEEAYI3DAIBBHwweh4Q +AEgAVwBJAEQAMgAwADgANAIEEAEAAQRgZABvAHQANABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMgAxADEAMgAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAA +MgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHgGCisGAQQBgjcMAgEEajBoHhAASABX +AEkARAAyADAAOAAzAgQQAQABBE5kAG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAyADEAMQAyACYAbQBpAF8AMAAyACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwgYoGCisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAyADAAOAAyAgQQAQABBGBk +AG8AdAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADAAMQAyACYAcgBl +AHYAXwAwADEAMAAwACYAbQBpAF8AMAAxACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +eAYKKwYBBAGCNwwCAQRqMGgeEABIAFcASQBEADIAMAA4ADECBBABAAEETmQAbwB0 +ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAMAAxADIAJgBtAGkAXwAw +ADEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABI +AFcASQBEADIAMAA4ADACBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADUANgAxADEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcA +SQBEADIAMAA3ADkCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADUAOQAxADEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBE +ADIAMAA3ADgCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADUAYQAxADEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIA +MAA3ADcCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADUAOAAxADEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMAA3 +ADYCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUA +NwAxADEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMAA3ADUC +BBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGMANAAw +ADIAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBo +AHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMAA3ADQCBBAB +AAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGMANgAwADIA +JgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMAA3ADMCBBABAAEE +YGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGMANQAwADIAJgBy +AGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMAA3ADICBBABAAEEYGQA +bwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGMANwAwADIAJgByAGUA +dgBfADAAMQAwADAAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCB +igYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMAA3ADECBBABAAEEYGQAbwB0 +ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAOQAwADIAJgByAGUAdgBf +ADAAMgAwADAAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYK +KwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMAA3ADACBBABAAEEYGQAbwB0ADQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAZAAwADIAJgByAGUAdgBfADAA +MgAwADAAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYB +BAGCNwwCAQR8MHoeEABIAFcASQBEADIAMAA2ADkCBBABAAEEYGQAbwB0ADQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAYQAwADIAJgByAGUAdgBfADAAMgAw +ADAAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGC +NwwCAQR8MHoeEABIAFcASQBEADIAMAA2ADgCBBABAAEEYGQAbwB0ADQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADEAYgAwADIAJgByAGUAdgBfADAAMgAwADAA +JgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwC +AQR8MHoeEABIAFcASQBEADIAMAA2ADcCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADEAYwAwADIAJgByAGUAdgBfADAAMgAwADAAJgBt +AGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8 +MHoeEABIAFcASQBEADIAMAA2ADYCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADUANQAxADEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkA +XwAwADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoe +EABIAFcASQBEADIAMAA2ADUCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADUANAAxADEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAw +ADIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABI +AFcASQBEADIAMAA2ADQCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADUAMwAxADEAJgByAGUAdgBfADAAMgAwADAAJgBtAGkAXwAwADIA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcA +SQBEADIAMAA2ADMCBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADUAMgAxADEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBE +ADIAMAA2ADICBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADUAMQAxADEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIA +MAA2ADECBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADUAMAAxADEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMAA2 +ADACBBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQA +ZQAxADEAJgByAGUAdgBfADAAMgAwADAAJgBtAGkAXwAwADIAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMAA1ADkC +BBABAAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAOQAw +ADQAJgByAGUAdgBfADAAMgAwADAAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBo +AHAAegAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADIAMAA1ADgCBBAB +AAEEYGQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAOAAwADQA +JgByAGUAdgBfADAAMgAwADAAJgBtAGkAXwAwADEAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADBIBgorBgEEAYI3DAIBBDowOB4QAEgAVwBJAEQAMgAwADUANwIEEAEAAQQe +ZABvAHQANABcAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBc +HhAASABXAEkARAAyADAANQA2AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADQAYwA5ADQAAAAwbAYK +KwYBBAGCNwwCAQReMFweEABIAFcASQBEADIAMAA1ADUCBBABAAEEQmwAcAB0AGUA +bgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +OABhAGUANwAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAwADUANAIE +EAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQAxAGEAZQA2AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABX +AEkARAAyADAANQAzAgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADUAMwAwADQAAAAwbAYKKwYBBAGC +NwwCAQReMFweEABIAFcASQBEADIAMAA1ADICBBABAAEEQmwAcAB0AGUAbgB1AG0A +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMwAzADAA +NQAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAwADUAMQIEEAEAAQRC +bABwAHQAZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQBjADIAZgBiAAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAy +ADAANQAwAgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhADAAMgAzAGEAAAAwbAYKKwYBBAGCNwwCAQRe +MFweEABIAFcASQBEADIAMAA0ADkCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMwA1ADUANAAAADBs +BgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAwADQAOAIEEAEAAQRCbABwAHQA +ZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMA +bwAyAGYAZgBhAAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADAANAA3 +AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADQANwA1ADQAAAAwbAYKKwYBBAGCNwwCAQReMFweEABI +AFcASQBEADIAMAA0ADYCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMQA0AGIANgAAADBsBgorBgEE +AYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAwADQANQIEEAEAAQRCbABwAHQAZQBuAHUA +bQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBiADYA +NwBjAAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADAANAA0AgQQAQAB +BEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AYwBvAGYAMQBiADQAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBE +ADIAMAA0ADMCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAYwA3ADcAYgAAADBsBgorBgEEAYI3DAIB +BF4wXB4QAEgAVwBJAEQAMgAwADQAMgIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAwAGMAYQA1AAAA +MGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADAANAAxAgQQAQABBEJsAHAA +dABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhAGQAYQBiADcAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADIAMAA0 +ADACBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEAYQAzADAANAAAADBsBgorBgEEAYI3DAIBBF4wXB4Q +AEgAVwBJAEQAMgAwADMAOQIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBjADgAZQBiAAAAMGwGCisG +AQQBgjcMAgEEXjBcHhAASABXAEkARAAyADAAMwA4AgQQAQABBEJsAHAAdABlAG4A +dQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADYA +NQAwAGEAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADIAMAAzADcCBBAB +AAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAMwBlAGIAMgAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJ +AEQAMgAwADMANgIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAwAGUANAA1AAAAMGwGCisGAQQBgjcM +AgEEXjBcHhAASABXAEkARAAyADAAMwA1AgQQAQABBEJsAHAAdABlAG4AdQBtAFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADkAZQA0ADQA +AAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADIAMAAzADQCBBABAAEEQmwA +cAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEANgBkADgANAAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAw +ADMAMwIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwA5ADkANABkAAAAMGwGCisGAQQBgjcMAgEEXjBc +HhAASABXAEkARAAyADAAMwAyAgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADQANQAwADQAAAAwbAYK +KwYBBAGCNwwCAQReMFweEABIAFcASQBEADIAMAAzADECBBABAAEEQmwAcAB0AGUA +bgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8A +OAA2ADYANQAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMgAwADMAMAIE +EAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwA4ADcAOAA1AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABX +AEkARAAyADAAMgA5AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGUAYwA1AGMAAAAwbAYKKwYBBAGC +NwwCAQReMFweEABIAFcASQBEADIAMAAyADgCBBABAAEEQmwAcAB0AGUAbgB1AG0A +XABoAGUAdwBsAGUAdAB0AC0AcABhAHIAawBhAHIAZABoAHAAXwBsAGEAMwBhADUA +NgAAADBoBgorBgEEAYI3DAIBBFowWB4QAEgAVwBJAEQAMgAwADIANwIEEAEAAQQ+ +dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQAMwAyAGEAJgByAGUA +dgBfADAAMQAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIAMAAy +ADYCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADMA +MgBhACYAbQBpAF8AMAAwAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAy +ADAAMgA1AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +NAAzADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAAADBWBgorBgEE +AYI3DAIBBEgwRh4QAEgAVwBJAEQAMgAwADIANAIEEAEAAQQsdQBzAGIAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADQAMwAyAGEAAAAwbAYKKwYBBAGCNwwCAQRe +MFweEABIAFcASQBEADIAMAAyADMCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZABlAGIAZgAAADBo +BgorBgEEAYI3DAIBBFowWB4QAEgAVwBJAEQAMgAwADIAMgIEEAEAAQQ+dQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAOAAyAGEAJgByAGUAdgBfADAA +MQAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIAMAAyADECBBAB +AAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADgAMgBhACYA +bQBpAF8AMAAwAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAyADAAMgAw +AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA4ADIA +YQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAAADBWBgorBgEEAYI3DAIB +BEgwRh4QAEgAVwBJAEQAMgAwADEAOQIEEAEAAQQsdQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADIAOAAyAGEAAAAwbAYKKwYBBAGCNwwCAQReMFweEABI +AFcASQBEADIAMAAxADgCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAA3ADYAMAAAADBoBgorBgEE +AYI3DAIBBFowWB4QAEgAVwBJAEQAMgAwADEANwIEEAEAAQQ+dQBzAGIAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADEAYQAyAGEAJgByAGUAdgBfADAAMQAwADAA +AAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADIAMAAxADYCBBABAAEEOHUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGEAMgBhACYAbQBpAF8A +MAAwAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAyADAAMQA1AgQQAQAB +BEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBhADIAYQAmAHIA +ZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAAADBWBgorBgEEAYI3DAIBBEgwRh4Q +AEgAVwBJAEQAMgAwADEANAIEEAEAAQQsdQBzAGIAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADEAYQAyAGEAAAAwaAYKKwYBBAGCNwwCAQRaMFgeEABIAFcASQBE +ADIAMAAxADMCBBABAAEEPnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA0ADQAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBS +HhAASABXAEkARAAyADAAMQAyAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANAA0ADIAYQAmAG0AaQBfADAAMAAAADB0BgorBgEEAYI3DAIB +BGYwZB4QAEgAVwBJAEQAMgAwADEAMQIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADQANAAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkA +XwAwADAAAAAwVgYKKwYBBAGCNwwCAQRIMEYeEABIAFcASQBEADIAMAAxADACBBAB +AAEELHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADQAMgBhAAAA +MGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAyADAAMAA5AgQQAQABBEJsAHAA +dABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADcAMABjADYAAAAwaAYKKwYBBAGCNwwCAQRaMFgeEABIAFcASQBEADIAMAAw +ADgCBBABAAEEPnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGIA +MgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABX +AEkARAAyADAAMAA3AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AMQBiADIAYQAmAG0AaQBfADAAMAAAADB0BgorBgEEAYI3DAIBBGYwZB4Q +AEgAVwBJAEQAMgAwADAANgIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADEAYgAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAA +AAAwVgYKKwYBBAGCNwwCAQRIMEYeEABIAFcASQBEADIAMAAwADUCBBABAAEELHUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGIAMgBhAAAAMGwGCisG +AQQBgjcMAgEEXjBcHhAASABXAEkARAAyADAAMAA0AgQQAQABBEJsAHAAdABlAG4A +dQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADkA +ZgBmAGMAAAAwaAYKKwYBBAGCNwwCAQRaMFgeEABIAFcASQBEADIAMAAwADMCBBAB +AAEEPnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGUAMgBhACYA +cgBlAHYAXwAwADEAMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAy +ADAAMAAyAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MQBlADIAYQAmAG0AaQBfADAAMAAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJ +AEQAMgAwADAAMQIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADEAZQAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAAAAAwVgYK +KwYBBAGCNwwCAQRIMEYeEABIAFcASQBEADIAMAAwADACBBABAAEELHUAcwBiAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGUAMgBhAAAAMGgGCisGAQQBgjcM +AgEEWjBYHhAASABXAEkARAAxADkAOQA5AgQQAQABBD51AHMAYgBcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AMQBmADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBi +BgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA5ADkAOAIEEAEAAQQ4dQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAZgAyAGEAJgBtAGkAXwAwADAA +AAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADEAOQA5ADcCBBABAAEESnUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGYAMgBhACYAcgBlAHYA +XwAwADEAMAAwACYAbQBpAF8AMAAwAAAAMFYGCisGAQQBgjcMAgEESDBGHhAASABX +AEkARAAxADkAOQA2AgQQAQABBCx1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AMQBmADIAYQAAADBoBgorBgEEAYI3DAIBBFowWB4QAEgAVwBJAEQAMQA5 +ADkANQIEEAEAAQQ+dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMA +NgAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABI +AFcASQBEADEAOQA5ADQCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAzADYAMgBhACYAbQBpAF8AMAAwAAAAMHQGCisGAQQBgjcMAgEEZjBk +HhAASABXAEkARAAxADkAOQAzAgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMwA2ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAA +MAAAADBWBgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMQA5ADkAMgIEEAEAAQQs +dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMANgAyAGEAAAAwbAYK +KwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAOQA5ADECBBABAAEEQmwAcAB0AGUA +bgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBvAGYA +NQA4ADgAYQAAADBoBgorBgEEAYI3DAIBBFowWB4QAEgAVwBJAEQAMQA5ADkAMAIE +EAEAAQQ+dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAYgAyAGEA +JgByAGUAdgBfADAAMQAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBE +ADEAOQA4ADkCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAyAGIAMgBhACYAbQBpAF8AMAAwAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABX +AEkARAAxADkAOAA4AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AMgBiADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAAADBW +BgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMQA5ADgANwIEEAEAAQQsdQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAYgAyAGEAAAAwbAYKKwYBBAGC +NwwCAQReMFweEABIAFcASQBEADEAOQA4ADYCBBABAAEEQmwAcAB0AGUAbgB1AG0A +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBvAGYAMgA1ADAA +MwAAADBoBgorBgEEAYI3DAIBBFowWB4QAEgAVwBJAEQAMQA5ADgANQIEEAEAAQQ+ +dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMANQAyAGEAJgByAGUA +dgBfADAAMQAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOQA4 +ADQCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADUA +MgBhACYAbQBpAF8AMAAwAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAx +ADkAOAAzAgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MwA1ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAAADBWBgorBgEE +AYI3DAIBBEgwRh4QAEgAVwBJAEQAMQA5ADgAMgIEEAEAAQQsdQBzAGIAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADMANQAyAGEAAAAwbAYKKwYBBAGCNwwCAQRe +MFweEABIAFcASQBEADEAOQA4ADECBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBvAGYAYwBlADQAOAAAADBo +BgorBgEEAYI3DAIBBFowWB4QAEgAVwBJAEQAMQA5ADgAMAIEEAEAAQQ+dQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMANwAyAGEAJgByAGUAdgBfADAA +MQAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOQA3ADkCBBAB +AAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADcAMgBhACYA +bQBpAF8AMAAwAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAxADkANwA4 +AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA3ADIA +YQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAAADBWBgorBgEEAYI3DAIB +BEgwRh4QAEgAVwBJAEQAMQA5ADcANwIEEAEAAQQsdQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADMANwAyAGEAAAAwaAYKKwYBBAGCNwwCAQRaMFgeEABI +AFcASQBEADEAOQA3ADYCBBABAAEEPnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAxAGQAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGIGCisGAQQBgjcM +AgEEVDBSHhAASABXAEkARAAxADkANwA1AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AMQBkADIAYQAmAG0AaQBfADAAMAAAADB0BgorBgEE +AYI3DAIBBGYwZB4QAEgAVwBJAEQAMQA5ADcANAIEEAEAAQRKdQBzAGIAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADEAZAAyAGEAJgByAGUAdgBfADAAMQAwADAA +JgBtAGkAXwAwADAAAAAwVgYKKwYBBAGCNwwCAQRIMEYeEABIAFcASQBEADEAOQA3 +ADMCBBABAAEELHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGQA +MgBhAAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAxADkANwAyAgQQAQAB +BEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AYwBvADYAYgBkADEAAAAwaAYKKwYBBAGCNwwCAQRaMFgeEABIAFcASQBE +ADEAOQA3ADECBBABAAEEPnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAxAGMAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBS +HhAASABXAEkARAAxADkANwAwAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMQBjADIAYQAmAG0AaQBfADAAMAAAADB0BgorBgEEAYI3DAIB +BGYwZB4QAEgAVwBJAEQAMQA5ADYAOQIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADEAYwAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkA +XwAwADAAAAAwVgYKKwYBBAGCNwwCAQRIMEYeEABIAFcASQBEADEAOQA2ADgCBBAB +AAEELHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGMAMgBhAAAA +MGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAxADkANgA3AgQQAQABBEJsAHAA +dABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvAGYAZAA1AGUAAAAwaAYKKwYBBAGCNwwCAQRaMFgeEABIAFcASQBEADEAOQA2 +ADYCBBABAAEEPnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGQA +MQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABX +AEkARAAxADkANgA1AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOQBkADEANwAmAG0AaQBfADAAMAAAADB0BgorBgEEAYI3DAIBBGYwZB4Q +AEgAVwBJAEQAMQA5ADYANAIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADkAZAAxADcAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAA +AAAwVgYKKwYBBAGCNwwCAQRIMEYeEABIAFcASQBEADEAOQA2ADMCBBABAAEELHUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGQAMQA3AAAAMGgGCisG +AQQBgjcMAgEEWjBYHhAASABXAEkARAAxADkANgAyAgQQAQABBD51AHMAYgBcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBhADEANwAmAHIAZQB2AF8AMAAxADAA +MAAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA5ADYAMQIEEAEAAQQ4 +dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAYQAxADcAJgBtAGkA +XwAwADAAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADEAOQA2ADACBBAB +AAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGEAMQA3ACYA +cgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAwAAAAMFYGCisGAQQBgjcMAgEESDBG +HhAASABXAEkARAAxADkANQA5AgQQAQABBCx1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOQBhADEANwAAADBoBgorBgEEAYI3DAIBBFowWB4QAEgAVwBJ +AEQAMQA5ADUAOAIEEAEAAQQ+dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfAGEANgAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwYgYKKwYBBAGCNwwCAQRU +MFIeEABIAFcASQBEADEAOQA1ADcCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwBhADYAMQA3ACYAbQBpAF8AMAAwAAAAMHQGCisGAQQBgjcM +AgEEZjBkHhAASABXAEkARAAxADkANQA2AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AYQA2ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0A +aQBfADAAMAAAADBWBgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMQA5ADUANQIE +EAEAAQQsdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEANgAxADcA +AAAwaAYKKwYBBAGCNwwCAQRaMFgeEABIAFcASQBEADEAOQA1ADQCBBABAAEEPnUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGYAMQA3ACYAcgBlAHYA +XwAwADEAMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAxADkANQAz +AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBmADEA +NwAmAG0AaQBfADAAMAAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMQA5 +ADUAMgIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkA +ZgAxADcAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAAAAAwVgYKKwYBBAGC +NwwCAQRIMEYeEABIAFcASQBEADEAOQA1ADECBBABAAEELHUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA5AGYAMQA3AAAAMGgGCisGAQQBgjcMAgEEWjBY +HhAASABXAEkARAAxADkANQAwAgQQAQABBD51AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOQBlADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBiBgorBgEE +AYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA5ADQAOQIEEAEAAQQ4dQBzAGIAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADkAZQAxADcAJgBtAGkAXwAwADAAAAAwdAYK +KwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADEAOQA0ADgCBBABAAEESnUAcwBiAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGUAMQA3ACYAcgBlAHYAXwAwADEA +MAAwACYAbQBpAF8AMAAwAAAAMFYGCisGAQQBgjcMAgEESDBGHhAASABXAEkARAAx +ADkANAA3AgQQAQABBCx1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +OQBlADEANwAAADBoBgorBgEEAYI3DAIBBFowWB4QAEgAVwBJAEQAMQA5ADQANgIE +EAEAAQQ+dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEANQAxADcA +JgByAGUAdgBfADAAMQAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBE +ADEAOQA0ADUCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBhADUAMQA3ACYAbQBpAF8AMAAwAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABX +AEkARAAxADkANAA0AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AYQA1ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAAADBW +BgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMQA5ADQAMwIEEAEAAQQsdQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEANQAxADcAAAAwaAYKKwYBBAGC +NwwCAQRaMFgeEABIAFcASQBEADEAOQA0ADICBBABAAEEPnUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwBhADQAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAA +MGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAxADkANAAxAgQQAQABBDh1AHMA +YgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQA0ADEANwAmAG0AaQBfADAA +MAAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMQA5ADQAMAIEEAEAAQRK +dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEANAAxADcAJgByAGUA +dgBfADAAMQAwADAAJgBtAGkAXwAwADAAAAAwVgYKKwYBBAGCNwwCAQRIMEYeEABI +AFcASQBEADEAOQAzADkCBBABAAEELHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwBhADQAMQA3AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAx +ADkAMwA4AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhADcAZQAzAGQAAAAwZAYKKwYBBAGCNwwCAQRW +MFQeEABIAFcASQBEADEAOQAzADcCBBABAAEEOnUAcwBiAFwAdgBpAGQAIABfADAA +MwBmADAAJgBwAGkAZABfAGEAMwAxADcAJgBtAGkAXwAwADAAAAAwaAYKKwYBBAGC +NwwCAQRaMFgeEABIAFcASQBEADEAOQAzADYCBBABAAEEPnUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwBhADMAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAA +MHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAxADkAMwA1AgQQAQABBEp1AHMA +YgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQAzADEANwAmAHIAZQB2AF8A +MAAxADAAMAAmAG0AaQBfADAAMAAAADBWBgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJ +AEQAMQA5ADMANAIEEAEAAQQsdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfAGEAMwAxADcAAAAwagYKKwYBBAGCNwwCAQRcMFoeEABIAFcASQBEADEAOQAz +ADMCBBABAAEEQHUAcwBiAFwAdgBpAGQAXwAwACAAMwBmADAAJgBwAGkAZABfADkA +YwAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABI +AFcASQBEADEAOQAzADICBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA5AGMAMQA3ACYAbQBpAF8AMAAwAAAAMHQGCisGAQQBgjcMAgEEZjBk +HhAASABXAEkARAAxADkAMwAxAgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOQBjADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAA +MAAAADBWBgorBgEEAYI3DAIBBEgwRh4QAEgAVwBJAEQAMQA5ADMAMAIEEAEAAQQs +dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAYwAxADcAAAAwbAYK +KwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAOQAyADkCBBABAAEEQmwAcAB0AGUA +bgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +OQA4ADYAMgAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMQA5ADIAOAIE +EAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwAxAGQAOAA5AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABX +AEkARAAxADkAMgA3AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADgAOAAwADAAAAAwbAYKKwYBBAGC +NwwCAQReMFweEABIAFcASQBEADEAOQAyADYCBBABAAEEQmwAcAB0AGUAbgB1AG0A +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AOABlADkA +MwAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMQA5ADIANQIEEAEAAQRC +bABwAHQAZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwA5AGUAOAAzAAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAx +ADkAMgA0AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhADMANgA5ADYAAAAwbAYKKwYBBAGCNwwCAQRe +MFweEABIAFcASQBEADEAOQAyADMCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAOQA3ADMAYgAAADBs +BgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMQA5ADIAMgIEEAEAAQRCbABwAHQA +ZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwA +YQA1ADcAZgBhAAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAxADkAMgAx +AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADUAMwBiAGEAAAAwbAYKKwYBBAGCNwwCAQReMFweEABI +AFcASQBEADEAOQAyADACBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAOQAzADcAYgAAADBsBgorBgEE +AYI3DAIBBF4wXB4QAEgAVwBJAEQAMQA5ADEAOQIEEAEAAQRCbABwAHQAZQBuAHUA +bQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA5ADIA +MwBiAAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAxADkAMQA4AgQQAQAB +BEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADUAMgBmAGEAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBE +ADEAOQAxADcCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAOQAwAGIAYgAAADBsBgorBgEEAYI3DAIB +BF4wXB4QAEgAVwBJAEQAMQA5ADEANgIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA1ADAANwBhAAAA +MGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAxADkAMQA1AgQQAQABBEJsAHAA +dABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhADUAMQAzAGEAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAOQAx +ADQCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBjAG8AZgA5ADQAYwAAADBsBgorBgEEAYI3DAIBBF4wXB4Q +AEgAVwBJAEQAMQA5ADEAMwIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBhAGIAMwA3AAAAMGwGCisG +AQQBgjcMAgEEXjBcHhAASABXAEkARAAxADkAMQAyAgQQAQABBEJsAHAAdABlAG4A +dQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADIA +NwBiAGIAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAOQAxADECBBAB +AAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAMgA2AGEAYgAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJ +AEQAMQA5ADEAMAIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBlADcANwBhAAAAMGwGCisGAQQBgjcM +AgEEXjBcHhAASABXAEkARAAxADkAMAA5AgQQAQABBEJsAHAAdABlAG4AdQBtAFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADkANABhADIA +AAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAOQAwADgCBBABAAEEQmwA +cAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG8AMgAzAGEAMwAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMQA5 +ADAANwIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwBjADQANQBjAAAAMGwGCisGAQQBgjcMAgEEXjBc +HhAASABXAEkARAAxADkAMAA2AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADMAOABkAGMAAAAwbAYK +KwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAOQAwADUCBBABAAEEQmwAcAB0AGUA +bgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +ZQA5AGQAZAAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA5ADAANAIE +EAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEANQA1ADQA +JgBtAGkAXwAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOQAw +ADMCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBhAGEA +MgBhACYAbQBpAF8AMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAx +ADkAMAAyAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +OQA2ADIAYQAmAG0AaQBfADAAMwAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJ +AEQAMQA5ADAAMQIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADYANAAyAGEAJgBtAGkAXwAwADUAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABI +AFcASQBEADEAOQAwADACBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA2ADQAMgBhACYAbQBpAF8AMAA0AAAAMGIGCisGAQQBgjcMAgEEVDBS +HhAASABXAEkARAAxADgAOQA5AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOAA0ADIAYQAmAG0AaQBfADAAMAAAADBiBgorBgEEAYI3DAIB +BFQwUh4QAEgAVwBJAEQAMQA4ADkAOAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADUAYQAyAGEAJgBtAGkAXwAwADAAAAAwYgYKKwYBBAGC +NwwCAQRUMFIeEABIAFcASQBEADEAOAA5ADcCBBABAAEEOHUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA1ADMAMgBhACYAbQBpAF8AMAAwAAAAMGIGCisG +AQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgAOQA2AgQQAQABBDh1AHMAYgBcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgBlADIAYQAmAG0AaQBfADAAMAAAADBi +BgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADkANQIEEAEAAQQ4dQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEAYgAxADEAJgBtAGkAXwAwADAA +AAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAA5ADQCBBABAAEEOHUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBjADAAMQAxACYAbQBpAF8A +MAAwAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgAOQAzAgQQAQAB +BDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYgBmADEAMQAmAG0A +aQBfADAAMAAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADkAMgIE +EAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYAMgAxADIA +JgBtAGkAXwAwADAAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADEAOAA5 +ADECBBABAAEERmQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAMwBlAGIAMgAmAHMAYwBhAG4AAAAwcAYKKwYBBAGCNwwCAQRi +MGAeEABIAFcASQBEADEAOAA5ADACBBABAAEERmQAbwB0ADQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMABlADQANQAmAHMAYwBhAG4A +AAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADEAOAA4ADkCBBABAAEERmQA +bwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +OQBlADQANAAmAHMAYwBhAG4AAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBE +ADEAOAA4ADgCBBABAAEERmQAbwB0ADQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEANgBkADgANAAmAHMAYwBhAG4AAAAwgYAGCisGAQQB +gjcMAgEEcjBwHhAASABXAEkARAAxADgAOAA3AgQQAQABBFZkAG8AdAA0AFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwAzADUAMQA3ACYAcgBlAHYAXwAwADEAMAAw +ACYAbQBpAF8AMAAwACYAcwBjAGEAbgAAADCBgAYKKwYBBAGCNwwCAQRyMHAeEABI +AFcASQBEADEAOAA4ADYCBBABAAEEVmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADMANAAxADcAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAA +JgBzAGMAYQBuAAAAMIGABgorBgEEAYI3DAIBBHIwcB4QAEgAVwBJAEQAMQA4ADgA +NQIEEAEAAQRWZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwAz +ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAmAHMAYwBhAG4AAAAw +gYAGCisGAQQBgjcMAgEEcjBwHhAASABXAEkARAAxADgAOAA0AgQQAQABBFZkAG8A +dAA0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADIAMQA3ACYAcgBlAHYA +XwAwADEAMAAwACYAbQBpAF8AMAAwACYAcwBjAGEAbgAAADCBgAYKKwYBBAGCNwwC +AQRyMHAeEABIAFcASQBEADEAOAA4ADMCBBABAAEEVmQAbwB0ADQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADIAOAAxADcAJgByAGUAdgBfADAAMQAwADAAJgBt +AGkAXwAwADAAJgBzAGMAYQBuAAAAMIGABgorBgEEAYI3DAIBBHIwcB4QAEgAVwBJ +AEQAMQA4ADgAMgIEEAEAAQRWZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AMgA2ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAmAHMA +YwBhAG4AAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADEAOAA4ADECBBAB +AAEESmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAOQAxADcA +JgByAGUAdgBfADAAMQAwADAAJgBzAGMAYQBuAAAAMHQGCisGAQQBgjcMAgEEZjBk +HhAASABXAEkARAAxADgAOAAwAgQQAQABBEpkAG8AdAA0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwAxADgAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcwBjAGEA +bgAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMQA4ADcAOQIEEAEAAQRK +ZABvAHQANABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQA3ADEANwAmAHIA +ZQB2AF8AMAAxADAAMAAmAHMAYwBhAG4AAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABI +AFcASQBEADEAOAA3ADgCBBABAAEESmQAbwB0ADQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADEANgAxADcAJgByAGUAdgBfADAAMQAwADAAJgBzAGMAYQBuAAAA +MHAGCisGAQQBgjcMAgEEYjBgHhAASABXAEkARAAxADgANwA3AgQQAQABBEZkAG8A +dAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADAA +ZQAyAGQAJgBzAGMAYQBuAAAAMHAGCisGAQQBgjcMAgEEYjBgHhAASABXAEkARAAx +ADgANwA2AgQQAQABBEZkAG8AdAA0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhAGIANwA3ADAAJgBzAGMAYQBuAAAAMHQGCisGAQQBgjcM +AgEEZjBkHhAASABXAEkARAAxADgANwA1AgQQAQABBEpkAG8AdAA0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAwADkAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYA +cwBjAGEAbgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADcANAIE +EAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAMQAyAGEA +JgBtAGkAXwAwADMAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAA3 +ADMCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADUA +MgBhACYAbQBpAF8AMAAzAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAx +ADgANwAyAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +OAAzADIAYQAmAG0AaQBfADAAMwAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJ +AEQAMQA4ADcAMQIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADgAMgAyAGEAJgBtAGkAXwAwADMAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABI +AFcASQBEADEAOAA3ADACBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA3ADgAMgBhACYAbQBpAF8AMAAzAAAAMGIGCisGAQQBgjcMAgEEVDBS +HhAASABXAEkARAAxADgANgA5AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANwA0ADIAYQAmAG0AaQBfADAAMwAAADBiBgorBgEEAYI3DAIB +BFQwUh4QAEgAVwBJAEQAMQA4ADYAOAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADcANQAyAGEAJgBtAGkAXwAwADMAAAAwYgYKKwYBBAGC +NwwCAQRUMFIeEABIAFcASQBEADEAOAA2ADcCBBABAAEEOHUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA0ADAAMgBhACYAbQBpAF8AMAAzAAAAMGIGCisG +AQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgANgA2AgQQAQABBDh1AHMAYgBcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAAxADIAYQAmAG0AaQBfADAAMwAAADBi +BgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADYANQIEEAEAAQQ4dQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQAYQAyAGEAJgBtAGkAXwAwADMA +AAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAA2ADQCBBABAAEEOHUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzAGEAMgBhACYAbQBpAF8A +MAAzAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgANgAzAgQQAQAB +BDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBhADEAMgAmAG0A +aQBfADAAMAAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADYAMgIE +EAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGQANgAxADEA +JgBtAGkAXwAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAA2 +ADECBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBkADUA +MQAxACYAbQBpAF8AMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAx +ADgANgAwAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +ZgBhADEAMQAmAG0AaQBfADAAMAAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJ +AEQAMQA4ADUAOQIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfAGYAMgAxADEAJgBtAGkAXwAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABI +AFcASQBEADEAOAA1ADgCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwBkADQAMQAxACYAbQBpAF8AMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBS +HhAASABXAEkARAAxADgANQA3AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOAA2ADIAYQAmAG0AaQBfADAAMAAAADBiBgorBgEEAYI3DAIB +BFQwUh4QAEgAVwBJAEQAMQA4ADUANgIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADUAMQAyAGEAJgBtAGkAXwAwADAAAAAwYgYKKwYBBAGC +NwwCAQRUMFIeEABIAFcASQBEADEAOAA1ADUCBBABAAEEOHUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAzAGIAMgBhACYAbQBpAF8AMAAwAAAAMGIGCisG +AQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgANQA0AgQQAQABBDh1AHMAYgBcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgBkADIAYQAmAG0AaQBfADAAMAAAADBi +BgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADUAMwIEEAEAAQQ4dQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMANAAyAGEAJgBtAGkAXwAwADAA +AAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAA1ADICBBABAAEEOHUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADcAMgBhACYAbQBpAF8A +MAAwAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgANQAxAgQQAQAB +BDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMABjADIAYQAmAG0A +aQBfADAAMAAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADUAMAIE +EAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAMgAyAGEA +JgBtAGkAXwAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAA0 +ADkCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADQA +MgBhACYAbQBpAF8AMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAx +ADgANAA4AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MAA4ADIAYQAmAG0AaQBfADAAMAAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJ +AEQAMQA4ADQANwIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADAANgAyAGEAJgBtAGkAXwAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABI +AFcASQBEADEAOAA0ADYCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA2ADMAMQAyACYAbQBpAF8AMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBS +HhAASABXAEkARAAxADgANAA1AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMAA3ADIAYQAmAG0AaQBfADAAMAAAADBiBgorBgEEAYI3DAIB +BFQwUh4QAEgAVwBJAEQAMQA4ADQANAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADAAMQAyAGEAJgBtAGkAXwAwADAAAAAwYgYKKwYBBAGC +NwwCAQRUMFIeEABIAFcASQBEADEAOAA0ADMCBBABAAEEOHUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA1AGIAMQA3ACYAbQBpAF8AMAAwAAAAMGIGCisG +AQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgANAAyAgQQAQABBDh1AHMAYgBcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQBhADEANwAmAG0AaQBfADAAMAAAADBi +BgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADQAMQIEEAEAAQQ4dQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUAOQAxADcAJgBtAGkAXwAwADAA +AAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAA0ADACBBABAAEEOHUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0AGYAMQA3ACYAbQBpAF8A +MAAwAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgAMwA5AgQQAQAB +BDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANABlADEANwAmAG0A +aQBfADAAMAAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADMAOAIE +EAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQAYwAxADcA +JgBtAGkAXwAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAAz +ADcCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADUA +MQA3ACYAbQBpAF8AMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAx +ADgAMwA2AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +NABkADEANwAmAG0AaQBfADAAMAAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJ +AEQAMQA4ADMANQIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADQAMwAxADcAJgBtAGkAXwAwADAAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABI +AFcASQBEADEAOAAzADQCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA0ADIAMQA3ACYAbQBpAF8AMAAwAAAAMGIGCisGAQQBgjcMAgEEVDBS +HhAASABXAEkARAAxADgAMwAzAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMgA1ADIAYQAmAG0AaQBfADAAMAAAADBiBgorBgEEAYI3DAIB +BFQwUh4QAEgAVwBJAEQAMQA4ADMAMgIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADYANAAyAGEAJgBtAGkAXwAwADYAAAAwYgYKKwYBBAGC +NwwCAQRUMFIeEABIAFcASQBEADEAOAAzADECBBABAAEEOHUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA1AGEAMgBhACYAbQBpAF8AMAAyAAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADgAMwAwAgQQAQABBER1AHMAYgBwAHIA +aQBuAHQAXABoAHAAaABwAF8AbwBmAGYAaQBjAGUAagBlAHQAXwBwAHIAbwBfAHgA +ZAA1ADIAZgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA4ADIAOQIE +EAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABwAGgAcABfAG8AZgBmAGkAYwBlAGoA +ZQB0AF8AcAByAG8AXwB4ADcAYwA4AGIAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEAOAAyADgCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAcABoAHAA +XwBvAGYAZgBpAGMAZQBqAGUAdABfAHAAcgBvAF8AeAA1ADQAMgBkAAAAMGIGCisG +AQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgAMgA3AgQQAQABBDh1AHMAYgBcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAxADIAYQAmAG0AaQBfADAAMgAAADBi +BgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADIANgIEEAEAAQQ4dQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMAYgAyAGEAJgBtAGkAXwAwADIA +AAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAAyADUCBBABAAEEOHUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGQAMgBhACYAbQBpAF8A +MAAyAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgAMgA0AgQQAQAB +BDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA0ADIAYQAmAG0A +aQBfADAAMgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADIAMwIE +EAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYAMgAxADIA +JgBtAGkAXwAwADMAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAAy +ADICBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADcA +MgBhACYAbQBpAF8AMAAyAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAx +ADgAMgAxAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MQAyADIAYQAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJ +AEQAMQA4ADIAMAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADEANAAyAGEAJgBtAGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABI +AFcASQBEADEAOAAxADkCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAwADgAMgBhACYAbQBpAF8AMAAyAAAAMGIGCisGAQQBgjcMAgEEVDBS +HhAASABXAEkARAAxADgAMQA4AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMAA3ADIAYQAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3DAIB +BFQwUh4QAEgAVwBJAEQAMQA4ADEANwIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADAAMQAyAGEAJgBtAGkAXwAwADIAAAAwYgYKKwYBBAGC +NwwCAQRUMFIeEABIAFcASQBEADEAOAAxADYCBBABAAEEOHUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA1AGIAMQA3ACYAbQBpAF8AMAA0AAAAMGIGCisG +AQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgAMQA1AgQQAQABBDh1AHMAYgBcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQBhADEANwAmAG0AaQBfADAAMwAAADBi +BgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADEANAIEEAEAAQQ4dQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQAZgAxADcAJgBtAGkAXwAwADQA +AAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAAxADMCBBABAAEEOHUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0AGMAMQA3ACYAbQBpAF8A +MAAzAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgAMQAyAgQQAQAB +BDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANABkADEANwAmAG0A +aQBfADAAMwAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADEAMQIE +EAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIANQAyAGEA +JgBtAGkAXwAwADIAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAAx +ADACBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADgA +MQA3ACYAbQBpAF8AMAAxAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAx +ADgAMAA5AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MgA3ADEANwAmAG0AaQBfADAAMQAAADBiBgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJ +AEQAMQA4ADAAOAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADIANgAxADcAJgBtAGkAXwAwADEAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABI +AFcASQBEADEAOAAwADcCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA0ADMAMQA3ACYAbQBpAF8AMAAyAAAAMGIGCisGAQQBgjcMAgEEVDBS +HhAASABXAEkARAAxADgAMAA2AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANAAyADEANwAmAG0AaQBfADAAMgAAADBiBgorBgEEAYI3DAIB +BFQwUh4QAEgAVwBJAEQAMQA4ADAANQIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADMANQAxADcAJgBtAGkAXwAwADEAAAAwYgYKKwYBBAGC +NwwCAQRUMFIeEABIAFcASQBEADEAOAAwADQCBBABAAEEOHUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAzADQAMQA3ACYAbQBpAF8AMAAxAAAAMGIGCisG +AQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgAMAAzAgQQAQABBDh1AHMAYgBcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwAzADEANwAmAG0AaQBfADAAMQAAADBi +BgorBgEEAYI3DAIBBFQwUh4QAEgAVwBJAEQAMQA4ADAAMgIEEAEAAQQ4dQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMAMgAxADcAJgBtAGkAXwAwADEA +AAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEAOAAwADECBBABAAEEOHUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAwAGEAMgBhACYAbQBpAF8A +MAAxAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAxADgAMAAwAgQQAQAB +BDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAxADEANwAmAG0A +aQBfADAAMQAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMQA3ADkAOQIE +EAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQAZgAxADcA +JgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIAAAAwdAYKKwYBBAGCNwwCAQRm +MGQeEABIAFcASQBEADEANwA5ADgCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA0AGUAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8A +MAAyAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAxADcAOQA3AgQQAQAB +BEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQBiADEANwAmAHIA +ZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMgAAADB0BgorBgEEAYI3DAIBBGYwZB4Q +AEgAVwBJAEQAMQA3ADkANgIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADUAYQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADIA +AAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADEANwA5ADUCBBABAAEESnUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADkAMQA3ACYAcgBlAHYA +XwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABX +AEkARAAxADcAOQA0AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8ANQBkADEANwAmAHIAZQB2AF8AMAAwADAAMQAmAG0AaQBfADAAMQAAADB0 +BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMQA3ADkAMwIEEAEAAQRKdQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUAYwAxADcAJgByAGUAdgBfADAA +MAAwADEAJgBtAGkAXwAwADEAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBE +ADEANwA5ADICBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA1AGQAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxAAAAMHQGCisG +AQQBgjcMAgEEZjBkHhAASABXAEkARAAxADcAOQAxAgQQAQABBEp1AHMAYgBcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQBjADEANwAmAHIAZQB2AF8AMAAxADAA +MAAmAG0AaQBfADAAMQAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMQA3 +ADkAMAIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUA +NAAxADcAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADEAAAAwdAYKKwYBBAGC +NwwCAQRmMGQeEABIAFcASQBEADEANwA4ADkCBBABAAEESnUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA1ADMAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYA +bQBpAF8AMAAxAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAxADcAOAA4 +AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAyADEA +NwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMQAAADB0BgorBgEEAYI3DAIB +BGYwZB4QAEgAVwBJAEQAMQA3ADgANwIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADUAMAAxADcAJgByAGUAdgBfADAAMQAwADAAJgBtAGkA +XwAwADEAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADEANwA4ADYCBBAB +AAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADQAMQA3ACYA +cgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxAAAAMHQGCisGAQQBgjcMAgEEZjBk +HhAASABXAEkARAAxADcAOAA1AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANABjADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAA +MgAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJAEQAMQA3ADgANAIEEAEAAQRK +dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQANQAxADcAJgByAGUA +dgBfADAAMQAwADAAJgBtAGkAXwAwADIAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABI +AFcASQBEADEANwA4ADMCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA0AGQAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAA +MHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAxADcAOAAyAgQQAQABBEp1AHMA +YgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwAxADEANwAmAHIAZQB2AF8A +MAAxADAAMAAmAG0AaQBfADAAMQAAADB0BgorBgEEAYI3DAIBBGYwZB4QAEgAVwBJ +AEQAMQA3ADgAMQIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADIAZgAxADcAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADEAAAAwdAYK +KwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADEANwA4ADACBBABAAEESnUAcwBiAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADYAMQA3ACYAcgBlAHYAXwAwADEA +MAAwACYAbQBpAF8AMAAxAAAAMHQGCisGAQQBgjcMAgEEZjBkHhAASABXAEkARAAx +ADcANwA5AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MwBjADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMQAAADB0BgorBgEE +AYI3DAIBBGYwZB4QAEgAVwBJAEQAMQA3ADcAOAIEEAEAAQRKdQBzAGIAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADMANwAxADcAJgByAGUAdgBfADAAMQAwADAA +JgBtAGkAXwAwADEAAAAwdAYKKwYBBAGCNwwCAQRmMGQeEABIAFcASQBEADEANwA3 +ADcCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADgA +MQA3ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxAAAAMFgGCisGAQQBgjcM +AgEESjBIHhAASABXAEkARAAxADcANwA2AgQQAQABBC5sAHAAdABlAG4AdQBtAFwA +aABwAHUAcABkAHAAcwBfAHYANgAuADMALgAwAAAAMHIGCisGAQQBgjcMAgEEZDBi +HhAASABXAEkARAAxADcANwA1AgQQAQABBEh3AHMAZABwAHIAaQBuAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADEANQA1ADQAJgByAGUAdgBfADAAMQAwADAA +AAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANwA3ADQCBBABAAEENncA +cwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQA1ADUA +NAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA3ADcAMwIEEAEAAQRE +dwBzAGQAcAByAGkAbgB0AFwAaABwAGgAcABfAG8AZgBmAGkAYwBlAGoAZQB0AF8A +cAByAG8AXwA4AGMAYwA1ADkAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBE +ADEANwA3ADICBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMQA1ADUANAAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEE +AYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA3ADcAMQIEEAEAAQQ2dQBzAGIAcAByAGkA +bgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADUANQA0AAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADcANwAwAgQQAQABBER1AHMAYgBwAHIA +aQBuAHQAXABoAHAAaABwAF8AbwBmAGYAaQBjAGUAagBlAHQAXwBwAHIAbwBfADgA +YwBjADUAOQAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA3ADYAOQIE +EAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA2ADQAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQ +HhAASABXAEkARAAxADcANgA4AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADYANAAyAGEAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEANwA2ADcCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgA +cABoAHAAXwBsAGEAcwBlAHIAagBlAHQAXwBtAGYAcABfAG0AMgA1ADQAMwAwAAAA +MHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADcANgA2AgQQAQABBEh1AHMA +YgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYANAAyAGEA +JgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBE +ADEANwA2ADUCBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANgA0ADIAYQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJ +AEQAMQA3ADYANAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABwAGgAcABfAGwA +YQBzAGUAcgBqAGUAdABfAG0AZgBwAF8AbQAyADUANAAzADAAAAAwcgYKKwYBBAGC +NwwCAQRkMGIeEABIAFcASQBEADEANwA2ADMCBBABAAEESHcAcwBkAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgAzADIAYQAmAHIAZQB2AF8A +MAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA3ADYAMgIE +EAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA2ADMAMgBhAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADcANgAx +AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAHAAaABwAF8AbABhAHMAZQByAGoA +ZQB0AF8AbQAyADAAMwAtAG0AYwBlADEAZgAAADByBgorBgEEAYI3DAIBBGQwYh4Q +AEgAVwBJAEQAMQA3ADYAMAIEEAEAAQRIdQBzAGIAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA2ADMAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAA +MGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADcANQA5AgQQAQABBDZ1AHMA +YgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYAMwAyAGEA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANwA1ADgCBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAcABoAHAAXwBsAGEAcwBlAHIAagBlAHQAXwBtADIA +MAAzAC0AbQBjAGUAMQBmAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAx +ADcANQA3AgQQAQABBEh3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfAGYAMgAxADEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGC +NwwCAQRSMFAeEABIAFcASQBEADEANwA1ADYCBBABAAEENncAcwBkAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AZgAyADEAMQAAADBuBgorBgEE +AYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA3ADUANQIEEAEAAQREdwBzAGQAcAByAGkA +bgB0AFwAaABwAGgAcABfAHAAYQBnAGUAdwBpAGQAZQBfADMANwA3AGQAdwBfAGIA +ZQBlADQAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANwA1ADQCBBAB +AAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +ZgAyADEAMQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4Q +AEgAVwBJAEQAMQA3ADUAMwIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwBmADIAMQAxAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADcANQAyAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAHAA +aABwAF8AcABhAGcAZQB3AGkAZABlAF8AMwA3ADcAZAB3AF8AYgBlAGUANAAAADBy +BgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA3ADUAMQIEEAEAAQRIdwBzAGQA +cAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBmADAAMQAxACYA +cgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAx +ADcANQAwAgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfAGYAMAAxADEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEANwA0ADkCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAcABoAHAAXwBwAGEA +ZwBlAHcAaQBkAGUAXwAzADUAMgBkAHcAXwAyADgAMQBjAAAAMHIGCisGAQQBgjcM +AgEEZDBiHhAASABXAEkARAAxADcANAA4AgQQAQABBEh1AHMAYgBwAHIAaQBuAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGYAMAAxADEAJgByAGUAdgBfADAA +MQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANwA0ADcCBBAB +AAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +ZgAwADEAMQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA3ADQANgIE +EAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABwAGgAcABfAHAAYQBnAGUAdwBpAGQA +ZQBfADMANQAyAGQAdwBfADIAOAAxAGMAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABI +AFcASQBEADEANwA0ADUCBBABAAEESHcAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AZgBhADEAMQAmAHIAZQB2AF8AMAAxADAAMAAAADBg +BgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA3ADQANAIEEAEAAQQ2dwBzAGQA +cAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBmAGEAMQAxAAAA +MG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADcANAAzAgQQAQABBER3AHMA +ZABwAHIAaQBuAHQAXABoAHAAaABwAF8AcABhAGcAZQB3AGkAZABlAF8AbQBmAHAA +XwBwADUANQBlADkAZgAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA3 +ADQAMgIEEAEAAQRIdQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwBmAGEAMQAxACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcM +AgEEUjBQHhAASABXAEkARAAxADcANAAxAgQQAQABBDZ1AHMAYgBwAHIAaQBuAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGYAYQAxADEAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eEABIAFcASQBEADEANwA0ADACBBABAAEERHUAcwBiAHAAcgBpAG4A +dABcAGgAcABoAHAAXwBwAGEAZwBlAHcAaQBkAGUAXwBtAGYAcABfAHAANQA1AGUA +OQBmAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADcAMwA5AgQQAQAB +BEh3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGYA +OQAxADEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABI +AFcASQBEADEANwAzADgCBBABAAEENncAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AZgA5ADEAMQAAADBuBgorBgEEAYI3DAIBBGAwXh4Q +AEgAVwBJAEQAMQA3ADMANwIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABwAGgA +cABfAHAAYQBnAGUAdwBpAGQAZQBfAHAANQA1ADIANQAwADIAMwA0AGYAAAAwcgYK +KwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANwAzADYCBBABAAEESHUAcwBiAHAA +cgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AZgA5ADEAMQAmAHIA +ZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA3 +ADMANQIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwBmADkAMQAxAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAx +ADcAMwA0AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAHAAaABwAF8AcABhAGcA +ZQB3AGkAZABlAF8AcAA1ADUAMgA1ADAAMgAzADQAZgAAADByBgorBgEEAYI3DAIB +BGQwYh4QAEgAVwBJAEQAMQA3ADMAMwIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADIAMgBhACYAcgBlAHYAXwAwADEA +MAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADcAMwAyAgQQAQAB +BDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgA +MgAyAGEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANwAzADECBBAB +AAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAHAAYQBhAGQAOABlAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABX +AEkARAAxADcAMwAwAgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADgAMgAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYK +KwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANwAyADkCBBABAAEENnUAcwBiAHAA +cgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAAyADIAYQAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA3ADIAOAIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +cABhAGEAZAA4AGUAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANwAy +ADcCBBABAAEESHcAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOAAxADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIB +BFIwUB4QAEgAVwBJAEQAMQA3ADIANgIEEAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADEAMgBhAAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADcAMgA1AgQQAQABBER3AHMAZABwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBwAGEAYgA5ADIA +NgAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA3ADIANAIEEAEAAQRI +dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADEA +MgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABX +AEkARAAxADcAMgAzAgQQAQABBDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADgAMQAyAGEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEANwAyADICBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAHAAYQBiADkAMgA2AAAAMHIGCisG +AQQBgjcMAgEEZDBiHhAASABXAEkARAAxADcAMgAxAgQQAQABBEh3AHMAZABwAHIA +aQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgANQAyAGEAJgByAGUA +dgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANwAy +ADACBBABAAEENncAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOAA1ADIAYQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA3 +ADEAOQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AcABhAGUAZQA1AGMAAAAwcgYKKwYBBAGCNwwCAQRk +MGIeEABIAFcASQBEADEANwAxADgCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAA1ADIAYQAmAHIAZQB2AF8AMAAxADAA +MAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA3ADEANwIEEAEAAQQ2 +dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADUA +MgBhAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADcAMQA2AgQQAQAB +BER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBwAGEAZQBlADUAYwAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJ +AEQAMQA3ADEANQIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA3ADkAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisG +AQQBgjcMAgEEUjBQHhAASABXAEkARAAxADcAMQA0AgQQAQABBDZ3AHMAZABwAHIA +aQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAOQAyAGEAAAAwbgYK +KwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANwAxADMCBBABAAEERHcAcwBkAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAHAA +YQA0ADUAYwAyAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADcAMQAy +AgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADcAOQAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRS +MFAeEABIAFcASQBEADEANwAxADECBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwA5ADIAYQAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQA3ADEAMAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AcABhADQANQBjADIA +AAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANwAwADkCBBABAAEESHcA +cwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgA1ADIA +YQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJ +AEQAMQA3ADAAOAIEEAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA2ADUAMgBhAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABX +AEkARAAxADcAMAA3AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAHAAaABwAF8A +bABhAHMAZQByAGoAZQB0AF8AcAByAG8AXwBtADUANAA1ADcANQAAADBuBgorBgEE +AYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA3ADAANgIEEAEAAQREdwBzAGQAcAByAGkA +bgB0AFwAaABwAGgAcABfAGwAYQBzAGUAcgBqAGUAdABfAHAAcgBvAF8AbQA1AGIA +MgAxAGIAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANwAwADUCBBAB +AAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +NgA1ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4Q +AEgAVwBJAEQAMQA3ADAANAIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA2ADUAMgBhAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADcAMAAzAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAHAA +aABwAF8AbABhAHMAZQByAGoAZQB0AF8AcAByAG8AXwBtADUANAA1ADcANQAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA3ADAAMgIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABwAGgAcABfAGwAYQBzAGUAcgBqAGUAdABfAHAAcgBvAF8A +bQA1AGIAMgAxAGIAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANwAw +ADECBBABAAEESHcAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOAAzADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIB +BFIwUB4QAEgAVwBJAEQAMQA3ADAAMAIEEAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADMAMgBhAAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADYAOQA5AgQQAQABBER3AHMAZABwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBwAGEAMAA4ADQA +MQAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA2ADkAOAIEEAEAAQRI +dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADMA +MgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABX +AEkARAAxADYAOQA3AgQQAQABBDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADgAMwAyAGEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEANgA5ADYCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAHAAYQAwADgANAAxAAAAMHIGCisG +AQQBgjcMAgEEZDBiHhAASABXAEkARAAxADYAOQA1AgQQAQABBEh3AHMAZABwAHIA +aQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAMAAyAGEAJgByAGUA +dgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANgA5 +ADQCBBABAAEENncAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOAAwADIAYQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA2 +ADkAMwIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AcABhADgAYQA2AGYAAAAwcgYKKwYBBAGCNwwCAQRk +MGIeEABIAFcASQBEADEANgA5ADICBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAAwADIAYQAmAHIAZQB2AF8AMAAxADAA +MAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA2ADkAMQIEEAEAAQQ2 +dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADAA +MgBhAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADYAOQAwAgQQAQAB +BER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBwAGEAOABhADYAZgAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJ +AEQAMQA2ADgAOQIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA4ADYAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisG +AQQBgjcMAgEEUjBQHhAASABXAEkARAAxADYAOAA4AgQQAQABBDZ3AHMAZABwAHIA +aQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgANgAyAGEAAAAwbgYK +KwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANgA4ADcCBBABAAEERHcAcwBkAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMA +bwA1AGIAMQA1AAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADYAOAA2 +AgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADgANgAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRS +MFAeEABIAFcASQBEADEANgA4ADUCBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAA2ADIAYQAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQA2ADgANAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADUAYgAxADUA +AAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANgA4ADMCBBABAAEESHcA +cwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AZAA2ADEA +MQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJ +AEQAMQA2ADgAMgIEEAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwBkADYAMQAxAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABX +AEkARAAxADYAOAAxAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAHAAaABwAF8A +cABhAGcAZQB3AGkAZABlAF8AcAByAG8AXwA1ADcAYwBhAGIAMgAAADByBgorBgEE +AYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA2ADgAMAIEEAEAAQRIdQBzAGIAcAByAGkA +bgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBkADYAMQAxACYAcgBlAHYA +XwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADYANwA5 +AgQQAQABBDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfAGQANgAxADEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANgA3 +ADgCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAcABoAHAAXwBwAGEAZwBlAHcA +aQBkAGUAXwBwAHIAbwBfADUANwBjAGEAYgAyAAAAMHIGCisGAQQBgjcMAgEEZDBi +HhAASABXAEkARAAxADYANwA3AgQQAQABBEh3AHMAZABwAHIAaQBuAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfAGQANQAxADEAJgByAGUAdgBfADAAMQAwADAA +AAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANgA3ADYCBBABAAEENncA +cwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AZAA1ADEA +MQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA2ADcANQIEEAEAAQRE +dwBzAGQAcAByAGkAbgB0AFwAaABwAGgAcABfAHAAYQBnAGUAdwBpAGQAZQBfAHAA +cgBvAF8ANAA3AGYANAA5ADIAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBE +ADEANgA3ADQCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AZAA1ADEAMQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEE +AYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA2ADcAMwIEEAEAAQQ2dQBzAGIAcAByAGkA +bgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBkADUAMQAxAAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADYANwAyAgQQAQABBER1AHMAYgBwAHIA +aQBuAHQAXABoAHAAaABwAF8AcABhAGcAZQB3AGkAZABlAF8AcAByAG8AXwA0ADcA +ZgA0ADkAMgAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA2ADcAMQIE +EAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBkADQAMQAxACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQ +HhAASABXAEkARAAxADYANwAwAgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfAGQANAAxADEAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEANgA2ADkCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgA +cABoAHAAXwBwAGEAZwBlAHcAaQBkAGUAXwBwAHIAbwBfADQANwAzADYAOABmAAAA +MHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADYANgA4AgQQAQABBEh1AHMA +YgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGQANAAxADEA +JgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBE +ADEANgA2ADcCBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AZAA0ADEAMQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJ +AEQAMQA2ADYANgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABwAGgAcABfAHAA +YQBnAGUAdwBpAGQAZQBfAHAAcgBvAF8ANAA3ADMANgA4AGYAAAAwcgYKKwYBBAGC +NwwCAQRkMGIeEABIAFcASQBEADEANgA2ADUCBBABAAEESHcAcwBkAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AZAAzADEAMQAmAHIAZQB2AF8A +MAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA2ADYANAIE +EAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBkADMAMQAxAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADYANgAz +AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAHAAaABwAF8AcABhAGcAZQB3AGkA +ZABlAF8AcAByAG8AXwA1ADUAMgBiADMAYgAAADByBgorBgEEAYI3DAIBBGQwYh4Q +AEgAVwBJAEQAMQA2ADYAMgIEEAEAAQRIdQBzAGIAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwBkADMAMQAxACYAcgBlAHYAXwAwADEAMAAwAAAA +MGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADYANgAxAgQQAQABBDZ1AHMA +YgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGQAMwAxADEA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANgA2ADACBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAcABoAHAAXwBwAGEAZwBlAHcAaQBkAGUAXwBwAHIA +bwBfADUANQAyAGIAMwBiAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAx +ADYANQA5AgQQAQABBEh3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfAGQAMgAxADEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGC +NwwCAQRSMFAeEABIAFcASQBEADEANgA1ADgCBBABAAEENncAcwBkAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AZAAyADEAMQAAADBuBgorBgEE +AYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA2ADUANwIEEAEAAQREdwBzAGQAcAByAGkA +bgB0AFwAaABwAGgAcABfAHAAYQBnAGUAdwBpAGQAZQBfAHAAcgBvAF8ANAA1AGIA +NgAyADcAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANgA1ADYCBBAB +AAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +ZAAyADEAMQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4Q +AEgAVwBJAEQAMQA2ADUANQIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwBkADIAMQAxAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADYANQA0AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAHAA +aABwAF8AcABhAGcAZQB3AGkAZABlAF8AcAByAG8AXwA0ADUAYgA2ADIANwAAADBs +BgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMQA2ADUAMwIEEAEAAQRCdwBzAGQA +cAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBkADEAMQAxACYA +cgBlAHYAXwAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADYANQAy +AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfAGQAMQAxADEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANgA1 +ADECBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAcABoAHAAXwBwAGEAZwBlAHcA +aQBkAGUAXwBwAHIAbwBfADQANQAyADYAOAAwAAAAMHIGCisGAQQBgjcMAgEEZDBi +HhAASABXAEkARAAxADYANQAwAgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfAGQAMQAxADEAJgByAGUAdgBfADAAMQAwADAA +AAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANgA0ADkCBBABAAEENnUA +cwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AZAAxADEA +MQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA2ADQAOAIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABwAGgAcABfAHAAYQBnAGUAdwBpAGQAZQBfAHAA +cgBvAF8ANAA1ADIANgA4ADAAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBE +ADEANgA0ADcCBBABAAEESHcAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANgAzADEAMgAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEE +AYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA2ADQANgIEEAEAAQQ2dwBzAGQAcAByAGkA +bgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2ADMAMQAyAAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADYANAA1AgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAHAAaABwAF8AbwBmAGYAaQBjAGUAagBlAHQAXwBwAHIAbwBfADgA +YQA5AGQAZQAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA2ADQANAIE +EAEAAQRIdQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA2ADMAMQAyACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQ +HhAASABXAEkARAAxADYANAAzAgQQAQABBDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADYAMwAxADIAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEANgA0ADICBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +cABoAHAAXwBvAGYAZgBpAGMAZQBqAGUAdABfAHAAcgBvAF8AOABhADkAZABlAAAA +MHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADYANAAxAgQQAQABBEh3AHMA +ZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAYQAxADIA +JgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBE +ADEANgA0ADACBBABAAEENncAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANwBhADEAMgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJ +AEQAMQA2ADMAOQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABwAGgAcABfAG8A +ZgBmAGkAYwBlAGoAZQB0AF8AcAByAG8AXwA4ADkAOQBkAGMAAAAwcgYKKwYBBAGC +NwwCAQRkMGIeEABIAFcASQBEADEANgAzADgCBBABAAEESHUAcwBiAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBhADEAMgAmAHIAZQB2AF8A +MAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA2ADMANwIE +EAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA3AGEAMQAyAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADYAMwA2 +AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAHAAaABwAF8AbwBmAGYAaQBjAGUA +agBlAHQAXwBwAHIAbwBfADgAOQA5AGQAYwAAADByBgorBgEEAYI3DAIBBGQwYh4Q +AEgAVwBJAEQAMQA2ADMANQIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA3AGQAMQAyACYAcgBlAHYAXwAwADEAMAAwAAAA +MGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADYAMwA0AgQQAQABBDZ3AHMA +ZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAZAAxADIA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANgAzADMCBBABAAEERHcA +cwBkAHAAcgBpAG4AdABcAGgAcABoAHAAXwBvAGYAZgBpAGMAZQBqAGUAdABfAHAA +cgBvAF8AOABmADgAYwBkAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAx +ADYAMwAyAgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADcAZAAxADIAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGC +NwwCAQRSMFAeEABIAFcASQBEADEANgAzADECBBABAAEENnUAcwBiAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBkADEAMgAAADBuBgorBgEE +AYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA2ADMAMAIEEAEAAQREdQBzAGIAcAByAGkA +bgB0AFwAaABwAGgAcABfAG8AZgBmAGkAYwBlAGoAZQB0AF8AcAByAG8AXwA4AGYA +OABjAGQAAAAwYgYKKwYBBAGCNwwCAQRUMFIeEABIAFcASQBEADEANgAyADkCBBAB +AAEEOHcAcwBkAHAAcgBpAG4AdABcADEAMgA4ADQAXwBjAGkAZABfAGgAcABsAGoA +cABkAGwAdgAxAAAAMGIGCisGAQQBgjcMAgEEVDBSHhAASABXAEkARAAxADYAMgA4 +AgQQAQABBDh1AHMAYgBwAHIAaQBuAHQAXAAxADIAOAA0AF8AYwBpAGQAXwBoAHAA +bABqAHAAZABsAHYAMQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA2 +ADIANwIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbQBmAGQAMAAyADYAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEANgAyADYCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAG0AZgA0ADIAMgA3AAAA +MHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADYAMgA1AgQQAQABBEh3AHMA +ZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcANAAyAGEA +JgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBE +ADEANgAyADQCBBABAAEENncAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANwA0ADIAYQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJ +AEQAMQA2ADIAMwIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbwBmADEAYwA4AGQAAAAwcgYKKwYBBAGC +NwwCAQRkMGIeEABIAFcASQBEADEANgAyADICBBABAAEESHUAcwBiAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwA0ADIAYQAmAHIAZQB2AF8A +MAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA2ADIAMQIE +EAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA3ADQAMgBhAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADYAMgAw +AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBvAGYAMQBjADgAZAAAADByBgorBgEEAYI3DAIBBGQwYh4Q +AEgAVwBJAEQAMQA2ADEAOQIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA3ADUAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAA +MGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADYAMQA4AgQQAQABBDZ3AHMA +ZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcANQAyAGEA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANgAxADcCBBABAAEERHcA +cwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAG8AZgBlAGUAMwA0AAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAx +ADYAMQA2AgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADcANQAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGC +NwwCAQRSMFAeEABIAFcASQBEADEANgAxADUCBBABAAEENnUAcwBiAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwA1ADIAYQAAADBuBgorBgEE +AYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA2ADEANAIEEAEAAQREdQBzAGIAcAByAGkA +bgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbwBmAGUA +ZQAzADQAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANgAxADMCBBAB +AAEESHcAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +OAA0ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4Q +AEgAVwBJAEQAMQA2ADEAMgIEEAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA4ADQAMgBhAAAAMHIGCisGAQQBgjcMAgEEZDBi +HhAASABXAEkARAAxADYAMQAxAgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADgANAAyAGEAJgByAGUAdgBfADAAMQAwADAA +AAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANgAxADACBBABAAEENnUA +cwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAA0ADIA +YQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA2ADAAOQIEEAEAAQRE +dwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AYwBvADUAZQAyAGQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEANgAwADgCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA1AGUAMgBkAAAAMHIGCisGAQQBgjcM +AgEEZDBiHhAASABXAEkARAAxADYAMAA3AgQQAQABBEh3AHMAZABwAHIAaQBuAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQAMQAyAGEAJgByAGUAdgBfADAA +MQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANgAwADYCBBAB +AAEENncAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +NAAxADIAYQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA2ADAANQIE +EAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADgAYwAwAGYAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABI +AFcASQBEADEANgAwADQCBBABAAEESHcAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8ANAAwADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBg +BgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA2ADAAMwIEEAEAAQQ2dwBzAGQA +cAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADAAMgBhAAAA +MG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADYAMAAyAgQQAQABBER3AHMA +ZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAOAA3AGQAMAAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA2 +ADAAMQIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA0ADIAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcM +AgEEUjBQHhAASABXAEkARAAxADYAMAAwAgQQAQABBDZ3AHMAZABwAHIAaQBuAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQAMgAyAGEAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eEABIAFcASQBEADEANQA5ADkCBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkADUA +NQA1AAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADUAOQA4AgQQAQAB +BEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQA +MQAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABI +AFcASQBEADEANQA5ADcCBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8ANAAxADIAYQAAADBuBgorBgEEAYI3DAIBBGAwXh4Q +AEgAVwBJAEQAMQA1ADkANgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADgAYwAwAGYAAAAwcgYK +KwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANQA5ADUCBBABAAEESHUAcwBiAHAA +cgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAAwADIAYQAmAHIA +ZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA1 +ADkANAIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA0ADAAMgBhAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAx +ADUAOQAzAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAOAA3AGQAMAAAADByBgorBgEEAYI3DAIB +BGQwYh4QAEgAVwBJAEQAMQA1ADkAMgIEEAEAAQRIdQBzAGIAcAByAGkAbgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADIAMgBhACYAcgBlAHYAXwAwADEA +MAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADUAOQAxAgQQAQAB +BDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQA +MgAyAGEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANQA5ADACBBAB +AAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQBkADUANQA1AAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABX +AEkARAAxADUAOAA5AgQQAQABBEh3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADQAYQAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwcgYK +KwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANQA4ADgCBBABAAEESHcAcwBkAHAA +cgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwBhADIAYQAmAHIA +ZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA1 +ADgANwIEEAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA0AGEAMgBhAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAx +ADUAOAA2AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADMAYQAyAGEAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBE +ADEANQA4ADUCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANABhADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADByBgorBgEE +AYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA1ADgANAIEEAEAAQRIdQBzAGIAcAByAGkA +bgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzAGEAMgBhACYAcgBlAHYA +XwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADUAOAAz +AgQQAQABBDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADQAYQAyAGEAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANQA4 +ADICBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AMwBhADIAYQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1 +ADgAMQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AYwBvADIAOQA2AGQAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEANQA4ADACBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA0ADAANwAwAAAA +MG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADUANwA5AgQQAQABBER3AHMA +ZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG8AYQBkADQAOAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1 +ADcAOAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AYwBvADIAOQA2AGQAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEANQA3ADcCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA0ADAANwAwAAAA +MG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADUANwA2AgQQAQABBER1AHMA +YgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG8AYQBkADQAOAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1 +ADcANQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhADIAMQBlADkAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEANQA3ADQCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAyADEAZQA5AAAA +MG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADUANwAzAgQQAQABBER3AHMA +ZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAZQBiADIAOAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1 +ADcAMgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhAGUAYgAyADgAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEANQA3ADECBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkAGQAZQA4AAAA +MG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADUANwAwAgQQAQABBER1AHMA +YgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAZABkAGUAOAAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA1 +ADYAOQIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA1AGEAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcM +AgEEUjBQHhAASABXAEkARAAxADUANgA4AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUAYQAyAGEAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eEABIAFcASQBEADEANQA2ADcCBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAxADcA +MgA5AAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADUANgA2AgQQAQAB +BEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUA +YQAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABI +AFcASQBEADEANQA2ADUCBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8ANQBhADIAYQAAADBuBgorBgEEAYI3DAIBBGAwXh4Q +AEgAVwBJAEQAMQA1ADYANAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADEANwAyADkAAAAwbgYK +KwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANQA2ADMCBBABAAEERHcAcwBkAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwA +YQA4ADYANABhAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADUANgAy +AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEAOAA2ADQAYQAAADByBgorBgEEAYI3DAIBBGQwYh4Q +AEgAVwBJAEQAMQA1ADYAMQIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA1ADMAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAA +MGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADUANgAwAgQQAQABBDZ3AHMA +ZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUAMwAyAGEA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANQA1ADkCBBABAAEERHcA +cwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQA0ADYAMQBiAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAx +ADUANQA4AgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADUAMwAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGC +NwwCAQRSMFAeEABIAFcASQBEADEANQA1ADcCBBABAAEENnUAcwBiAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAzADIAYQAAADBuBgorBgEE +AYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1ADUANgIEEAEAAQREdQBzAGIAcAByAGkA +bgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADQA +NgAxAGIAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANQA1ADUCBBAB +AAEESHcAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +NgAwADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADByBgorBgEEAYI3DAIBBGQwYh4Q +AEgAVwBJAEQAMQA1ADUANAIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA1ADQAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAA +MGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADUANQAzAgQQAQABBDZ3AHMA +ZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYAMAAyAGEA +AAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANQA1ADICBBABAAEENncA +cwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQA0ADIA +YQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1ADUAMQIEEAEAAQRE +dwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADQAMAA3ADkAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEANQA1ADACBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA4ADAAMgA4AAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADUANAA5AgQQAQABBER3AHMAZABwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAYgBlADEA +NwAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1ADQAOAIEEAEAAQRE +dwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADIAZQAxADYAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEANQA0ADcCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA4ADgAYgA4AAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADUANAA2AgQQAQABBER3AHMAZABwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANAA4AGUA +OQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1ADQANQIEEAEAAQRE +dwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhAGIAOQA5ADcAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEANQA0ADQCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAyADkAOQA2AAAAMHIGCisGAQQBgjcM +AgEEZDBiHhAASABXAEkARAAxADUANAAzAgQQAQABBEh1AHMAYgBwAHIAaQBuAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYAMAAyAGEAJgByAGUAdgBfADAA +MQAwADAAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANQA0ADICBBAB +AAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +NQA0ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4Q +AEgAVwBJAEQAMQA1ADQAMQIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA2ADAAMgBhAAAAMGAGCisGAQQBgjcMAgEEUjBQ +HhAASABXAEkARAAxADUANAAwAgQQAQABBDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADUANAAyAGEAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEANQAzADkCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA0ADAANwA5AAAA +MG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADUAMwA4AgQQAQABBER1AHMA +YgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAOAAwADIAOAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1 +ADMANwIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhAGIAZQAxADcAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEANQAzADYCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAyAGUAMQA2AAAA +MG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADUAMwA1AgQQAQABBER1AHMA +YgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAOAA4AGIAOAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1 +ADMANAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhADQAOABlADkAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEANQAzADMCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBiADkAOQA3AAAA +MG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADUAMwAyAgQQAQABBER1AHMA +YgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAMgA5ADkANgAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA1 +ADMAMQIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA1ADEAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMHIGCisGAQQBgjcM +AgEEZDBiHhAASABXAEkARAAxADUAMwAwAgQQAQABBEh3AHMAZABwAHIAaQBuAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUAMgAyAGEAJgByAGUAdgBfADAA +MQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANQAyADkCBBAB +AAEENncAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +NQAxADIAYQAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA1ADIAOAIE +EAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA1ADIAMgBhAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADUAMgA3 +AgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADUAMQAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwcgYKKwYBBAGCNwwCAQRk +MGIeEABIAFcASQBEADEANQAyADYCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAyADIAYQAmAHIAZQB2AF8AMAAxADAA +MAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA1ADIANQIEEAEAAQQ2 +dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADEA +MgBhAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADUAMgA0AgQQAQAB +BDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUA +MgAyAGEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANQAyADMCBBAB +AAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwBhAGUANwA3AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABX +AEkARAAxADUAMgAyAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8ANgA0AGIANgAAADBuBgorBgEE +AYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1ADIAMQIEEAEAAQREdwBzAGQAcAByAGkA +bgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADAA +ZQA3ADEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANQAyADACBBAB +AAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwBjADcAMwAyAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABX +AEkARAAxADUAMQA5AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMABkAGYAMwAAADBuBgorBgEE +AYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1ADEAOAIEEAEAAQREdwBzAGQAcAByAGkA +bgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADYA +NwAzADQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANQAxADcCBBAB +AAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwBhAGUANwA3AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABX +AEkARAAxADUAMQA2AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8ANgA0AGIANgAAADBuBgorBgEE +AYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1ADEANQIEEAEAAQREdQBzAGIAcAByAGkA +bgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADAA +ZQA3ADEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANQAxADQCBBAB +AAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwBjADcAMwAyAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABX +AEkARAAxADUAMQAzAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMABkAGYAMwAAADBuBgorBgEE +AYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1ADEAMgIEEAEAAQREdQBzAGIAcAByAGkA +bgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADYA +NwAzADQAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANQAxADECBBAB +AAEESHcAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MwBmADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4Q +AEgAVwBJAEQAMQA1ADEAMAIEEAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAzAGYAMgBhAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADUAMAA5AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAA1AGEANQAAADBy +BgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA1ADAAOAIEEAEAAQRIdwBzAGQA +cAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzAGUAMgBhACYA +cgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAx +ADUAMAA3AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADMAZQAyAGEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEANQAwADYCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkADQAZQA1AAAAMHIGCisGAQQBgjcM +AgEEZDBiHhAASABXAEkARAAxADUAMAA1AgQQAQABBEh3AHMAZABwAHIAaQBuAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADUANQAyAGEAJgByAGUAdgBfADAA +MQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANQAwADQCBBAB +AAEENncAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +NQA1ADIAYQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA1ADAAMwIE +EAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADEANAAyADQAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABI +AFcASQBEADEANQAwADICBBABAAEESHcAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8ANQA4ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBg +BgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA1ADAAMQIEEAEAAQQ2dwBzAGQA +cAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADgAMgBhAAAA +MG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADUAMAAwAgQQAQABBER3AHMA +ZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG8AZgBjADgAZQAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA0 +ADkAOQIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAzADgAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcM +AgEEUjBQHhAASABXAEkARAAxADQAOQA4AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMAOAAyAGEAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eEABIAFcASQBEADEANAA5ADcCBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwAzAGMA +NABmAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADQAOQA2AgQQAQAB +BEh3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMA +YgAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABI +AFcASQBEADEANAA5ADUCBBABAAEENncAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AMwBiADIAYQAAADByBgorBgEEAYI3DAIBBGQwYh4Q +AEgAVwBJAEQAMQA0ADkANAIEEAEAAQRIdQBzAGIAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAzAGIAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAA +MGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADQAOQAzAgQQAQABBDZ1AHMA +YgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMAYgAyAGEA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA5ADICBBABAAEERHcA +cwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwBhAGIAMQA4AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAx +ADQAOQAxAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBjAG8AOQBmAGEAYQAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQA0ADkAMAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADUAZgA2AGIA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA4ADkCBBABAAEERHcA +cwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwA1AGIAMgBiAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAx +ADQAOAA4AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBjAG8AOQBiAGUAYQAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQA0ADgANwIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADkAYgAyADgA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA4ADYCBBABAAEERHcA +cwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwA5AGEAYQBhAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAx +ADQAOAA1AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBjAG8ANQBhADYAYgAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQA0ADgANAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADkAOAAyAGEA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA4ADMCBBABAAEERHcA +cwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwA1ADgAZQBiAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAx +ADQAOAAyAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBjAG8ANQA5AGEAYgAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQA0ADgAMQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGEAZQAyAGQA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA4ADACBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwBhAGIAMQA4AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAx +ADQANwA5AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBjAG8AOQBmAGEAYQAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQA0ADcAOAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADUAZgA2AGIA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA3ADcCBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwA1AGIAMgBiAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAx +ADQANwA2AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBjAG8AOQBiAGUAYQAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQA0ADcANQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADkAYgAyADgA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA3ADQCBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwA5AGEAYQBhAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAx +ADQANwAzAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBjAG8ANQBhADYAYgAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQA0ADcAMgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADkAOAAyAGEA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA3ADECBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwA1ADgAZQBiAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAx +ADQANwAwAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBjAG8ANQA5AGEAYgAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQA0ADYAOQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGEAZQAyAGQA +AAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEANAA2ADgCBBABAAEESHcA +cwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwBjADIA +YQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJ +AEQAMQA0ADYANwIEEAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwAzAGMAMgBhAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABX +AEkARAAxADQANgA2AgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADMAYwAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYK +KwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEANAA2ADUCBBABAAEENnUAcwBiAHAA +cgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwBjADIAYQAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADYANAIEEAEAAQREdwBzAGQA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADAAOQBmADgAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA2 +ADMCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwBmAGUAMgBjAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADQANgAyAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMwBlAGUAZAAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADYAMQIEEAEAAQREdwBzAGQA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADMAYQBhAGQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA2 +ADACBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwBmAGEANgBjAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADQANQA5AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AZgBhAGEAZQAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADUAOAIEEAEAAQREdwBzAGQA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvAGYAYgAyAGMAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA1 +ADcCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwAzAGIAZQBkAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADQANQA2AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AZgA5AGEAYwAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADUANQIEEAEAAQREdwBzAGQA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADMAOQA2AGQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA1 +ADQCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwAzADgAMgBkAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADQANQAzAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AYQA4AGEAZgAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADUAMgIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADAAOQBmADgAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA1 +ADECBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwBmAGUAMgBjAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADQANQAwAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMwBlAGUAZAAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADQAOQIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADMAYQBhAGQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA0 +ADgCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwBmAGEANgBjAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADQANAA3AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AZgBhAGEAZQAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADQANgIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvAGYAYgAyAGMAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA0 +ADUCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwAzAGIAZQBkAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADQANAA0AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AZgA5AGEAYwAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADQAMwIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADMAOQA2AGQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEANAA0 +ADICBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwAzADgAMgBkAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADQANAAxAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AYQA4AGEAZgAAADBy +BgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA0ADQAMAIEEAEAAQRIdwBzAGQA +cAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGMAMgBhACYA +cgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAx +ADQAMwA5AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADIAYwAyAGEAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBE +ADEANAAzADgCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMgBjADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEE +AYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA0ADMANwIEEAEAAQQ2dQBzAGIAcAByAGkA +bgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGMAMgBhAAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADQAMwA2AgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +YwA2ADQANAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADMANQIE +EAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADQAMgBmAGYAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEANAAzADQCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAwADMAYwA0AAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADQAMwAzAgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +YwAyADMANAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADMAMgIE +EAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADAAMgBmADUAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEANAAzADECBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAwADYAYgA1AAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADQAMwAwAgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +YwA2ADcANAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADIAOQIE +EAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhAGMANgBiADYAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEANAAyADgCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBjADcAMwA0AAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADQAMgA3AgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +MAA3AGYANQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADIANgIE +EAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhAGMANQBiADQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEANAAyADUCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAwADUANwA1AAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADQAMgA0AgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +MAA0ADMANQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADIAMwIE +EAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhAGIAMABmAGYAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEANAAyADICBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBjADYANAA0AAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADQAMgAxAgQQAQABBER1AHMAYgBwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +NAAyAGYAZgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADIAMAIE +EAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADAAMwBjADQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEANAAxADkCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBjADIAMwA0AAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADQAMQA4AgQQAQABBER1AHMAYgBwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +MAAyAGYANQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADEANwIE +EAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADAANgBiADUAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEANAAxADYCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBjADYANwA0AAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADQAMQA1AgQQAQABBER1AHMAYgBwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +YwA2AGIANgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADEANAIE +EAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhAGMANwAzADQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEANAAxADMCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAwADcAZgA1AAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADQAMQAyAgQQAQABBER1AHMAYgBwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +YwA1AGIANAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQA0ADEAMQIE +EAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADAANQA3ADUAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEANAAxADACBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAwADQAMwA1AAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADQAMAA5AgQQAQABBER1AHMAYgBwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +YgAwAGYAZgAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQA0ADAAOAIE +EAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAyAGQAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQ +HhAASABXAEkARAAxADQAMAA3AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADIAZAAyAGEAAAAwcgYKKwYBBAGCNwwCAQRk +MGIeEABIAFcASQBEADEANAAwADYCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgBkADIAYQAmAHIAZQB2AF8AMAAxADAA +MAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQA0ADAANQIEEAEAAQQ2 +dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGQA +MgBhAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADQAMAA0AgQQAQAB +BER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAMwA4AGQAOAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJ +AEQAMQA0ADAAMwIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGYAMgAxADkAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eEABIAFcASQBEADEANAAwADICBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBmAGMA +NgBiAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADQAMAAxAgQQAQAB +BER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAZgA4ADIAYgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJ +AEQAMQA0ADAAMAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADMAOABlAGEAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eEABIAFcASQBEADEAMwA5ADkCBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAzADkA +YQBhAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADMAOQA4AgQQAQAB +BER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAMwA4ADIAOAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJ +AEQAMQAzADkANwIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGYAOQA2AGIAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eEABIAFcASQBEADEAMwA5ADYCBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAzAGIA +MgBhAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADMAOQA1AgQQAQAB +BER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAZgBiAGUAYgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJ +AEQAMQAzADkANAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGYAYQBhAGIAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eEABIAFcASQBEADEAMwA5ADMCBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAwADYA +NQA1AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADMAOQAyAgQQAQAB +BER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAZgAyAGUAOQAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJ +AEQAMQAzADkAMQIEEAEAAQRIdQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwAzAGYAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisG +AQQBgjcMAgEEUjBQHhAASABXAEkARAAxADMAOQAwAgQQAQABBDZ1AHMAYgBwAHIA +aQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMAZgAyAGEAAAAwcgYK +KwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEAMwA4ADkCBBABAAEESHUAcwBiAHAA +cgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwBlADIAYQAmAHIA +ZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQAz +ADgAOAIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAzAGUAMgBhAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAx +ADMAOAA3AgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADUANQAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGC +NwwCAQRSMFAeEABIAFcASQBEADEAMwA4ADYCBBABAAEENnUAcwBiAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQA1ADIAYQAAADByBgorBgEE +AYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAzADgANQIEEAEAAQRIdQBzAGIAcAByAGkA +bgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADgAMgBhACYAcgBlAHYA +XwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADMAOAA0 +AgQQAQABBDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADMAOAAyAGEAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEAMwA4 +ADMCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8ANQA4ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIB +BFIwUB4QAEgAVwBJAEQAMQAzADgAMgIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADgAMgBhAAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADMAOAAxAgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAA1AGEA +NQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAzADgAMAIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhAGQANABlADUAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEAMwA3ADkCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAxADQAMgA0AAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADMANwA4AgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AZgBjADgA +ZQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAzADcANwIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AYwBvADMAYwA0AGYAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEAMwA3ADYCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAzADgAZAA4AAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADMANwA1AgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZgAyADEA +OQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAzADcANAIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhAGYAYwA2AGIAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEAMwA3ADMCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBmADgAMgBiAAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADMANwAyAgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMwA4AGUA +YQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAzADcAMQIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADMAOQBhAGEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEAMwA3ADACBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAzADgAMgA4AAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADMANgA5AgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZgA5ADYA +YgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAzADYAOAIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADMAYgAyAGEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEAMwA2ADcCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBmAGIAZQBiAAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADMANgA2AgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZgBhAGEA +YgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAzADYANQIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADAANgA1ADUAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEAMwA2ADQCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBmADIAZQA5AAAAMHwGCisGAQQBgjcM +AgEEbjBsHhAASABXAEkARAAxADMANgAzAgQQAQABBFJkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADMAMgBhACYAZABvAHQANAAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMIGPBgorBgEEAYI3DAIBBIGAMH4eEABIAFcASQBE +ADEAMwA2ADICBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADQAMwAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBE +ADEAMwA2ADECBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADQAMwAyAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYKKwYB +BAGCNwwCAQR2MHQeEABIAFcASQBEADEAMwA2ADACBBABAAEEWmQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQAMwAyAGEAJgByAGUAdgBf +ADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBeBgorBgEEAYI3DAIBBFAw +Th4QAEgAVwBJAEQAMQAzADUAOQIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8ANAAzADIAYQAAADBwBgorBgEEAYI3DAIBBGIw +YB4QAEgAVwBJAEQAMQAzADUAOAIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8ANAAzADIAYQAmAHIAZQB2AF8AMAAxADAAMAAA +ADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAzADUANwIEEAEAAQRIdwBz +AGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADMAMgBh +ACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkA +RAAxADMANQA2AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADQAMwAyAGEAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcA +SQBEADEAMwA1ADUCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8ANAAzADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgor +BgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQAzADUANAIEEAEAAQQ2dQBzAGIAcABy +AGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADMAMgBhAAAAMIGK +BgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQAMQAzADUAMwIEEAEAAQRgZABvAHQA +NABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwA +YQBkAGUAYgBmACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGABgor +BgEEAYI3DAIBBHIwcB4QAEgAVwBJAEQAMQAzADUAMgIEEAEAAQRWZABvAHQANABw +AHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBk +AGUAYgBmACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFwe +EABIAFcASQBEADEAMwA1ADECBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZABlAGIAZgAAADBuBgor +BgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAzADUAMAIEEAEAAQREdwBzAGQAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABh +AGQAZQBiAGYAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMwA0ADkC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQBkAGUAYgBmAAAAMIGPBgorBgEEAYI3DAIBBIGAMH4e +EABIAFcASQBEADEAMwA0ADgCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADIAOAAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBk +AG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYQGCisGAQQBgjcMAgEEdjB0 +HhAASABXAEkARAAxADMANAA3AgQQAQABBFpkAG8AdAA0AHAAcgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAyADgAMgBhACYAcgBlAHYAXwAwADEAMAAwACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBE +ADEAMwA0ADYCBBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADIAOAAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwfAYKKwYBBAGC +NwwCAQRuMGweEABIAFcASQBEADEAMwA0ADUCBBABAAEEUmQAbwB0ADQAcAByAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAOAAyAGEAJgBkAG8AdAA0ACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBE +ADEAMwA0ADQCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADIAOAAyAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBeBgorBgEE +AYI3DAIBBFAwTh4QAEgAVwBJAEQAMQAzADQAMwIEEAEAAQQ0ZABvAHQANABwAHIA +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA4ADIAYQAAADByBgorBgEE +AYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAzADQAMgIEEAEAAQRIdwBzAGQAcAByAGkA +bgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADgAMgBhACYAcgBlAHYA +XwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADMANAAx +AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADIAOAAyAGEAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEAMwA0 +ADACBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AMgA4ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIB +BFIwUB4QAEgAVwBJAEQAMQAzADMAOQIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADgAMgBhAAAAMIGKBgorBgEEAYI3 +DAIBBHwweh4QAEgAVwBJAEQAMQAzADMAOAIEEAEAAQRgZABvAHQANABwAHIAdABc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkADcANgAw +ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGABgorBgEEAYI3DAIB +BHIwcB4QAEgAVwBJAEQAMQAzADMANwIEEAEAAQRWZABvAHQANABwAHIAdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkADcANgAwACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBE +ADEAMwAzADYCBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAA3ADYAMAAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQAzADMANQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQANwA2ADAA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMwAzADQCBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQBkADcANgAwAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAx +ADMAMwAzAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBtAGYAYgAxADYANwAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQAzADMAMgIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGQAYwAxADYA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMwAzADECBBABAAEERHcA +cwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwA3AGMAZAA2AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAx +ADMAMwAwAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBjAG8AMgBkADUANgAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQAzADIAOQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGYAZABhAGUA +AAAwgYoGCisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAxADMAMgA4AgQQAQABBGBk +AG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AYwBvAGYAZABhAGUAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +gYAGCisGAQQBgjcMAgEEcjBwHhAASABXAEkARAAxADMAMgA3AgQQAQABBFZkAG8A +dAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvAGYAZABhAGUAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIB +BF4wXB4QAEgAVwBJAEQAMQAzADIANgIEEAEAAQRCZABvAHQANABwAHIAdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBmAGQAYQBlAAAA +MHwGCisGAQQBgjcMAgEEbjBsHhAASABXAEkARAAxADMAMgA1AgQQAQABBFJkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADcAMgBhACYA +ZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGPBgorBgEEAYI3DAIBBIGA +MH4eEABIAFcASQBEADEAMwAyADQCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADMANwAyAGEAJgByAGUAdgBfADAAMQAwADAA +JgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRk +MGIeEABIAFcASQBEADEAMwAyADMCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADMANwAyAGEAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADCBhAYKKwYBBAGCNwwCAQR2MHQeEABIAFcASQBEADEAMwAyADICBBABAAEE +WmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMANwAy +AGEAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgor +BgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMQAzADIAMQIEEAEAAQRGZABvAHQANABw +AHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA3ADIAYQAmAHIAZQB2 +AF8AMAAxADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4QAEgAVwBJAEQAMQAzADIA +MAIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8AMwA3ADIAYQAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMQAzADEA +OQIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGMAbwBmAGQAYQBlAAAAMHwGCisGAQQBgjcMAgEEbjBsHhAA +SABXAEkARAAxADMAMQA4AgQQAQABBFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwAzADYAMgBhACYAZABvAHQANAAmAHAAcgBpAG4AdABf +AGgAcAB6AAAAMIGPBgorBgEEAYI3DAIBBIGAMH4eEABIAFcASQBEADEAMwAxADcC +BBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADMANgAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0 +AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEAMwAxADYC +BBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADMANgAyAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYKKwYBBAGCNwwCAQR2 +MHQeEABIAFcASQBEADEAMwAxADUCBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADMANgAyAGEAJgByAGUAdgBfADAAMQAwADAA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADBeBgorBgEEAYI3DAIBBFAwTh4QAEgAVwBJ +AEQAMQAzADEANAIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMwA2ADIAYQAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJ +AEQAMQAzADEAMwIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMwA2ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADByBgorBgEE +AYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAzADEAMgIEEAEAAQRIdwBzAGQAcAByAGkA +bgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADYAMgBhACYAcgBlAHYA +XwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADMAMQAx +AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADMANgAyAGEAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEAMwAx +ADACBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AMwA2ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIB +BFIwUB4QAEgAVwBJAEQAMQAzADAAOQIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADYAMgBhAAAAMHwGCisGAQQBgjcM +AgEEbjBsHhAASABXAEkARAAxADMAMAA4AgQQAQABBFJkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGIAMgBhACYAZABvAHQANAAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMIGPBgorBgEEAYI3DAIBBIGAMH4eEABIAFcASQBE +ADEAMwAwADcCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADIAYgAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBE +ADEAMwAwADYCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADIAYgAyAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYKKwYB +BAGCNwwCAQR2MHQeEABIAFcASQBEADEAMwAwADUCBBABAAEEWmQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAYgAyAGEAJgByAGUAdgBf +ADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBeBgorBgEEAYI3DAIBBFAw +Th4QAEgAVwBJAEQAMQAzADAANAIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AMgBiADIAYQAAADBwBgorBgEEAYI3DAIBBGIw +YB4QAEgAVwBJAEQAMQAzADAAMwIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AMgBiADIAYQAmAHIAZQB2AF8AMAAxADAAMAAA +ADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAzADAAMgIEEAEAAQRIdwBz +AGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGIAMgBh +ACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkA +RAAxADMAMAAxAgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADIAYgAyAGEAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcA +SQBEADEAMwAwADACBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMgBiADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgor +BgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQAyADkAOQIEEAEAAQQ2dQBzAGIAcABy +AGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGIAMgBhAAAAMHwG +CisGAQQBgjcMAgEEbjBsHhAASABXAEkARAAxADIAOQA4AgQQAQABBFJkAG8AdAA0 +AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADUAMgBhACYAZABv +AHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGPBgorBgEEAYI3DAIBBIGAMH4e +EABIAFcASQBEADEAMgA5ADcCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADMANQAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBk +AG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRkMGIe +EABIAFcASQBEADEAMgA5ADYCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADMANQAyAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADCBhAYKKwYBBAGCNwwCAQR2MHQeEABIAFcASQBEADEAMgA5ADUCBBABAAEEWmQA +bwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMANQAyAGEA +JgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBeBgorBgEE +AYI3DAIBBFAwTh4QAEgAVwBJAEQAMQAyADkANAIEEAEAAQQ0ZABvAHQANABwAHIA +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA1ADIAYQAAADBwBgorBgEE +AYI3DAIBBGIwYB4QAEgAVwBJAEQAMQAyADkAMwIEEAEAAQRGZABvAHQANABwAHIA +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA1ADIAYQAmAHIAZQB2AF8A +MAAxADAAMAAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAyADkAMgIE +EAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAzADUAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQ +HhAASABXAEkARAAxADIAOQAxAgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADMANQAyAGEAAAAwcgYKKwYBBAGCNwwCAQRk +MGIeEABIAFcASQBEADEAMgA5ADACBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA1ADIAYQAmAHIAZQB2AF8AMAAxADAA +MAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQAyADgAOQIEEAEAAQQ2 +dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADUA +MgBhAAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQAMQAyADgAOAIEEAEA +AQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBk +AGgAcABfAG8AZgAxADcAMQA5ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMIGABgorBgEEAYI3DAIBBHIwcB4QAEgAVwBJAEQAMQAyADgANwIEEAEAAQRW +ZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAG8AZgAxADcAMQA5ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGC +NwwCAQReMFweEABIAFcASQBEADEAMgA4ADYCBBABAAEEQmQAbwB0ADQAcAByAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBvAGYAMQA3ADEA +OQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAyADgANQIEEAEAAQRE +dwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbwBmADEANwAxADkAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEAMgA4ADQCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAG8AZgAxADcAMQA5AAAAMIGKBgorBgEEAYI3 +DAIBBHwweh4QAEgAVwBJAEQAMQAyADgAMwIEEAEAAQRgZABvAHQANABwAHIAdABc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAG8AZgAyADUAMAAz +ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGABgorBgEEAYI3DAIB +BHIwcB4QAEgAVwBJAEQAMQAyADgAMgIEEAEAAQRWZABvAHQANABwAHIAdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAG8AZgAyADUAMAAzACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBE +ADEAMgA4ADECBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBvAGYAMgA1ADAAMwAAADBuBgorBgEEAYI3DAIB +BGAwXh4QAEgAVwBJAEQAMQAyADgAMAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbwBmADIANQAwADMA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMgA3ADkCBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAG8AZgAyADUAMAAzAAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQA +MQAyADcAOAIEEAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAG8AZgBjAGUANAA4ACYAZABvAHQANAAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMIGABgorBgEEAYI3DAIBBHIwcB4QAEgAVwBJAEQAMQAy +ADcANwIEEAEAAQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAG8AZgBjAGUANAA4ACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAMgA3ADYCBBABAAEEQmQA +bwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBvAGYAYwBlADQAOAAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAy +ADcANQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbwBmAGMAZQA0ADgAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEAMgA3ADQCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAG8AZgBjAGUANAA4AAAA +MHwGCisGAQQBgjcMAgEEbjBsHhAASABXAEkARAAxADIANwAzAgQQAQABBFJkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADQAMgBhACYA +ZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGPBgorBgEEAYI3DAIBBIGA +MH4eEABIAFcASQBEADEAMgA3ADICBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADQANAAyAGEAJgByAGUAdgBfADAAMQAwADAA +JgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRk +MGIeEABIAFcASQBEADEAMgA3ADECBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADQANAAyAGEAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADCBhAYKKwYBBAGCNwwCAQR2MHQeEABIAFcASQBEADEAMgA3ADACBBABAAEE +WmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQANAAy +AGEAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBeBgor +BgEEAYI3DAIBBFAwTh4QAEgAVwBJAEQAMQAyADYAOQIEEAEAAQQ0ZABvAHQANABw +AHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAA0ADIAYQAAADBwBgor +BgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMQAyADYAOAIEEAEAAQRGZABvAHQANABw +AHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAA0ADIAYQAmAHIAZQB2 +AF8AMAAxADAAMAAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAyADYA +NwIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwA0ADQAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEE +UjBQHhAASABXAEkARAAxADIANgA2AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQANAAyAGEAAAAwcgYKKwYBBAGCNwwC +AQRkMGIeEABIAFcASQBEADEAMgA2ADUCBBABAAEESHUAcwBiAHAAcgBpAG4AdABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAA0ADIAYQAmAHIAZQB2AF8AMAAx +ADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQAyADYANAIEEAEA +AQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0 +ADQAMgBhAAAAMIGPBgorBgEEAYI3DAIBBIGAMH4eEABIAFcASQBEADEAMgA2ADMC +BBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADEAYgAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0 +AF8AaABwAHoAAAAwgYQGCisGAQQBgjcMAgEEdjB0HhAASABXAEkARAAxADIANgAy +AgQQAQABBFpkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAxAGIAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADEAMgA2ADECBBABAAEERmQA +bwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAYgAyAGEA +JgByAGUAdgBfADAAMQAwADAAAAAwfAYKKwYBBAGCNwwCAQRuMGweEABIAFcASQBE +ADEAMgA2ADACBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADEAYgAyAGEAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEAMgA1ADkCBBABAAEESGQA +bwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAYgAyAGEA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADBeBgorBgEEAYI3DAIBBFAwTh4QAEgAVwBJ +AEQAMQAyADUAOAIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMQBiADIAYQAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJ +AEQAMQAyADUANwIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwAxAGIAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisG +AQQBgjcMAgEEUjBQHhAASABXAEkARAAxADIANQA2AgQQAQABBDZ3AHMAZABwAHIA +aQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAYgAyAGEAAAAwcgYK +KwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEAMgA1ADUCBBABAAEESHUAcwBiAHAA +cgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBiADIAYQAmAHIA +ZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQAy +ADUANAIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAxAGIAMgBhAAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQA +MQAyADUAMwIEEAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAGMAbwA3ADAAYwA2ACYAZABvAHQANAAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMIGABgorBgEEAYI3DAIBBHIwcB4QAEgAVwBJAEQAMQAy +ADUAMgIEEAEAAQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwA3ADAAYwA2ACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAMgA1ADECBBABAAEEQmQA +bwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG8ANwAwAGMANgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAy +ADUAMAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AYwBvADcAMABjADYAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eEABIAFcASQBEADEAMgA0ADkCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA3ADAAYwA2AAAA +MIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQAMQAyADQAOAIEEAEAAQRgZABv +AHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABf +AGMAbwA5AGYAZgBjACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGA +BgorBgEEAYI3DAIBBHIwcB4QAEgAVwBJAEQAMQAyADQANwIEEAEAAQRWZABvAHQA +NABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMA +bwA5AGYAZgBjACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQRe +MFweEABIAFcASQBEADEAMgA0ADYCBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AOQBmAGYAYwAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAyADQANQIEEAEAAQREdwBzAGQA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADkAZgBmAGMAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMgA0 +ADQCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwA5AGYAZgBjAAAAMHwGCisGAQQBgjcMAgEEbjBs +HhAASABXAEkARAAxADIANAAzAgQQAQABBFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAxAGQAMgBhACYAZABvAHQANAAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMIGPBgorBgEEAYI3DAIBBIGAMH4eEABIAFcASQBEADEAMgA0 +ADICBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADEAZAAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEAMgA0 +ADECBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADEAZAAyAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYKKwYBBAGCNwwC +AQR2MHQeEABIAFcASQBEADEAMgA0ADACBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAZAAyAGEAJgByAGUAdgBfADAAMQAw +ADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBeBgorBgEEAYI3DAIBBFAwTh4QAEgA +VwBJAEQAMQAyADMAOQIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMQBkADIAYQAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgA +VwBJAEQAMQAyADMAOAIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMQBkADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADByBgor +BgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAyADMANwIEEAEAAQRIdwBzAGQAcABy +AGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGQAMgBhACYAcgBl +AHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADIA +MwA2AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADEAZAAyAGEAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEA +MgAzADUCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AMQBkADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3 +DAIBBFIwUB4QAEgAVwBJAEQAMQAyADMANAIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGQAMgBhAAAAMHwGCisGAQQB +gjcMAgEEbjBsHhAASABXAEkARAAxADIAMwAzAgQQAQABBFJkAG8AdAA0AHAAcgB0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGMAMgBhACYAZABvAHQANAAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMIGPBgorBgEEAYI3DAIBBIGAMH4eEABIAFcA +SQBEADEAMgAzADICBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADEAYwAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0 +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcA +SQBEADEAMgAzADECBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADEAYwAyAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYK +KwYBBAGCNwwCAQR2MHQeEABIAFcASQBEADEAMgAzADACBBABAAEEWmQAbwB0ADQA +cAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAYwAyAGEAJgByAGUA +dgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBeBgorBgEEAYI3DAIB +BFAwTh4QAEgAVwBJAEQAMQAyADIAOQIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBjADIAYQAAADBwBgorBgEEAYI3DAIB +BGIwYB4QAEgAVwBJAEQAMQAyADIAOAIEEAEAAQRGZABvAHQANABwAHIAdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBjADIAYQAmAHIAZQB2AF8AMAAxADAA +MAAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAyADIANwIEEAEAAQRI +dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGMA +MgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABX +AEkARAAxADIAMgA2AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADEAYwAyAGEAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABI +AFcASQBEADEAMgAyADUCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AMQBjADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBg +BgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQAyADIANAIEEAEAAQQ2dQBzAGIA +cAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGMAMgBhAAAA +MIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQAMQAyADIAMwIEEAEAAQRgZABv +AHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABf +AGMAbwA2AGIAZAAxACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGA +BgorBgEEAYI3DAIBBHIwcB4QAEgAVwBJAEQAMQAyADIAMgIEEAEAAQRWZABvAHQA +NABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMA +bwA2AGIAZAAxACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQRe +MFweEABIAFcASQBEADEAMgAyADECBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8ANgBiAGQAMQAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAyADIAMAIEEAEAAQREdwBzAGQA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADYAYgBkADEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMgAx +ADkCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwA2AGIAZAAxAAAAMIGKBgorBgEEAYI3DAIBBHww +eh4QAEgAVwBJAEQAMQAyADEAOAIEEAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3 +AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBmAGQANQBlACYAZABv +AHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGABgorBgEEAYI3DAIBBHIwcB4Q +AEgAVwBJAEQAMQAyADEANwIEEAEAAQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBmAGQANQBlACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAMgAx +ADYCBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBjAG8AZgBkADUAZQAAADBuBgorBgEEAYI3DAIBBGAwXh4Q +AEgAVwBJAEQAMQAyADEANQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGYAZAA1AGUAAAAwbgYK +KwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMgAxADQCBBABAAEERHUAcwBiAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMA +bwBmAGQANQBlAAAAMHAGCisGAQQBgjcMAgEEYjBgHhAASABXAEkARAAxADIAMQAz +AgQQAQABBEZsAHAAdABlAG4AdQBtAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAxAGUAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMF4GCisGAQQBgjcMAgEEUDBO +HhAASABXAEkARAAxADIAMQAyAgQQAQABBDRsAHAAdABlAG4AdQBtAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAxAGUAMgBhAAAAMHwGCisGAQQBgjcMAgEEbjBs +HhAASABXAEkARAAxADIAMQAxAgQQAQABBFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAxAGUAMgBhACYAZABvAHQANAAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMIGPBgorBgEEAYI3DAIBBIGAMH4eEABIAFcASQBEADEAMgAx +ADACBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADEAZQAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEAMgAw +ADkCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADEAZQAyAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYKKwYBBAGCNwwC +AQR2MHQeEABIAFcASQBEADEAMgAwADgCBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAZQAyAGEAJgByAGUAdgBfADAAMQAw +ADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBeBgorBgEEAYI3DAIBBFAwTh4QAEgA +VwBJAEQAMQAyADAANwIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMQBlADIAYQAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgA +VwBJAEQAMQAyADAANgIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMQBlADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADByBgor +BgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAyADAANQIEEAEAAQRIdwBzAGQAcABy +AGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGUAMgBhACYAcgBl +AHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADIA +MAA0AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADEAZQAyAGEAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEA +MgAwADMCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AMQBlADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3 +DAIBBFIwUB4QAEgAVwBJAEQAMQAyADAAMgIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGUAMgBhAAAAMHAGCisGAQQB +gjcMAgEEYjBgHhAASABXAEkARAAxADIAMAAxAgQQAQABBEZsAHAAdABlAG4AdQBt +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGYAMgBhACYAcgBlAHYAXwAw +ADEAMAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHhAASABXAEkARAAxADIAMAAwAgQQ +AQABBDRsAHAAdABlAG4AdQBtAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAx +AGYAMgBhAAAAMHwGCisGAQQBgjcMAgEEbjBsHhAASABXAEkARAAxADEAOQA5AgQQ +AQABBFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAx +AGYAMgBhACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGPBgorBgEE +AYI3DAIBBIGAMH4eEABIAFcASQBEADEAMQA5ADgCBBABAAEEZGQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAZgAyAGEAJgByAGUAdgBf +ADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcgYKKwYB +BAGCNwwCAQRkMGIeEABIAFcASQBEADEAMQA5ADcCBBABAAEESGQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAZgAyAGEAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADCBhAYKKwYBBAGCNwwCAQR2MHQeEABIAFcASQBEADEAMQA5 +ADYCBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADEAZgAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADBeBgorBgEEAYI3DAIBBFAwTh4QAEgAVwBJAEQAMQAxADkANQIEEAEAAQQ0 +ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBmADIA +YQAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMQAxADkANAIEEAEAAQRG +ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBmADIA +YQAmAHIAZQB2AF8AMAAxADAAMAAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJ +AEQAMQAxADkAMwIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwAxAGYAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisG +AQQBgjcMAgEEUjBQHhAASABXAEkARAAxADEAOQAyAgQQAQABBDZ3AHMAZABwAHIA +aQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAZgAyAGEAAAAwcgYK +KwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEAMQA5ADECBBABAAEESHUAcwBiAHAA +cgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBmADIAYQAmAHIA +ZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQAx +ADkAMAIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAxAGYAMgBhAAAAMHAGCisGAQQBgjcMAgEEYjBgHhAASABXAEkARAAx +ADEAOAA5AgQQAQABBEZsAHAAdABlAG4AdQBtAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAxAGEAMgBhACYAcgBlAHYAXwAwADEAMAAwAAAAMF4GCisGAQQBgjcM +AgEEUDBOHhAASABXAEkARAAxADEAOAA4AgQQAQABBDRsAHAAdABlAG4AdQBtAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGEAMgBhAAAAMHwGCisGAQQBgjcM +AgEEbjBsHhAASABXAEkARAAxADEAOAA3AgQQAQABBFJkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGEAMgBhACYAZABvAHQANAAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMIGPBgorBgEEAYI3DAIBBIGAMH4eEABIAFcASQBE +ADEAMQA4ADYCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADEAYQAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBE +ADEAMQA4ADUCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADEAYQAyAGEAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYKKwYB +BAGCNwwCAQR2MHQeEABIAFcASQBEADEAMQA4ADQCBBABAAEEWmQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAYQAyAGEAJgByAGUAdgBf +ADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBeBgorBgEEAYI3DAIBBFAw +Th4QAEgAVwBJAEQAMQAxADgAMwIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBhADIAYQAAADBwBgorBgEEAYI3DAIBBGIw +YB4QAEgAVwBJAEQAMQAxADgAMgIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBhADIAYQAmAHIAZQB2AF8AMAAxADAAMAAA +ADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAxADgAMQIEEAEAAQRIdwBz +AGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGEAMgBh +ACYAcgBlAHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkA +RAAxADEAOAAwAgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADEAYQAyAGEAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcA +SQBEADEAMQA3ADkCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMQBhADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgor +BgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQAxADcAOAIEEAEAAQQ2dQBzAGIAcABy +AGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGEAMgBhAAAAMHAG +CisGAQQBgjcMAgEEYjBgHhAASABXAEkARAAxADEANwA3AgQQAQABBEZsAHAAdABl +AG4AdQBtAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADUAMgBhACYAcgBl +AHYAXwAwADEAMAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHhAASABXAEkARAAxADEA +NwA2AgQQAQABBDRsAHAAdABlAG4AdQBtAFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwA0ADUAMgBhAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADEA +NwA1AgQQAQABBEh3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADQANQAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwC +AQRSMFAeEABIAFcASQBEADEAMQA3ADQCBBABAAEENncAcwBkAHAAcgBpAG4AdABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAA1ADIAYQAAADByBgorBgEEAYI3 +DAIBBGQwYh4QAEgAVwBJAEQAMQAxADcAMwIEEAEAAQRIdQBzAGIAcAByAGkAbgB0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADUAMgBhACYAcgBlAHYAXwAw +ADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADEANwAyAgQQ +AQABBDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADQANQAyAGEAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADEAMQA3ADEC +BBABAAEERmwAcAB0AGUAbgB1AG0AXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADMAMQAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwXgYKKwYBBAGCNwwCAQRQME4e +EABIAFcASQBEADEAMQA3ADACBBABAAEENGwAcAB0AGUAbgB1AG0AXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADMAMQAyAGEAAAAwcgYKKwYBBAGCNwwCAQRkMGIe +EABIAFcASQBEADEAMQA2ADkCBBABAAEESHcAcwBkAHAAcgBpAG4AdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AMwAxADIAYQAmAHIAZQB2AF8AMAAxADAAMAAA +ADBgBgorBgEEAYI3DAIBBFIwUB4QAEgAVwBJAEQAMQAxADYAOAIEEAEAAQQ2dwBz +AGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADEAMgBh +AAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABXAEkARAAxADEANgA3AgQQAQABBEh1 +AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMAMQAy +AGEAJgByAGUAdgBfADAAMQAwADAAAAAwYAYKKwYBBAGCNwwCAQRSMFAeEABIAFcA +SQBEADEAMQA2ADYCBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMwAxADIAYQAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgA +VwBJAEQAMQAxADYANQIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwAZQB0 +AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA4AGQANwBjAAAAMG4GCisGAQQB +gjcMAgEEYDBeHhAASABXAEkARAAxADEANgA0AgQQAQABBER3AHMAZABwAHIAaQBu +AHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAOABk +ADcAYwAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAxADYAMwIEEAEA +AQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQBy +AGQAaABwAF8AbABhADgAZAA3AGMAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcA +SQBEADEAMQA2ADICBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAYgBkADcAZQAAADBuBgorBgEEAYI3 +DAIBBGAwXh4QAEgAVwBJAEQAMQAxADYAMQIEEAEAAQREdwBzAGQAcAByAGkAbgB0 +AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGIAZAA3 +AGUAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMQA2ADACBBABAAEE +RHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBk +AGgAcABfAGwAYQBiAGQANwBlAAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkA +RAAxADEANQA5AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGIAOQAzAGUAAAAwbgYKKwYBBAGCNwwC +AQRgMF4eEABIAFcASQBEADEAMQA1ADgCBBABAAEERHUAcwBiAHAAcgBpAG4AdABc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBiADkAMwBl +AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAxADEANQA3AgQQAQABBEJs +AHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AYwBvAGYAZAAzAGUAAAAwgYoGCisGAQQBgjcMAgEEfDB6HhAASABXAEkARAAx +ADEANQA2AgQQAQABBGBkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AYwBvAGYAZAAzAGUAJgBkAG8AdAA0ACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwgYAGCisGAQQBgjcMAgEEcjBwHhAASABXAEkARAAxADEA +NQA1AgQQAQABBFZkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBj +AGsAYQByAGQAaABwAF8AYwBvAGYAZAAzAGUAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMQAxADUANAIEEAEAAQRCZABv +AHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABf +AGMAbwBmAGQAMwBlAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADEA +NQAzAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABh +AGMAawBhAHIAZABoAHAAXwBjAG8AZgBkADMAZQAAADBuBgorBgEEAYI3DAIBBGAw +Xh4QAEgAVwBJAEQAMQAxADUAMgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGYAZAAzAGUAAAAw +bAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAMQA1ADECBBABAAEEQmwAcAB0 +AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEANwBkAGEAMQAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADEAMQA1 +ADACBBABAAEEYGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEANwBkAGEAMQAmAGQAbwB0ADQAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADCBgAYKKwYBBAGCNwwCAQRyMHAeEABIAFcASQBEADEAMQA0ADkC +BBABAAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBsAGEANwBkAGEAMQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwG +CisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAxADEANAA4AgQQAQABBEJkAG8AdAA0 +AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABh +ADcAZABhADEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMQA0ADcC +BBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQA3AGQAYQAxAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAA +SABXAEkARAAxADEANAA2AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANwBkAGEAMQAAADBsBgor +BgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMQAxADQANQIEEAEAAQRCbABwAHQAZQBu +AHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAx +ADYAYwA2AAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQAMQAxADQANAIE +EAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQAxADYAYwA2ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMIGABgorBgEEAYI3DAIBBHIwcB4QAEgAVwBJAEQAMQAxADQAMwIEEAEA +AQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBk +AGgAcABfAGwAYQAxADYAYwA2ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYB +BAGCNwwCAQReMFweEABIAFcASQBEADEAMQA0ADICBBABAAEEQmQAbwB0ADQAcABy +AHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMQA2 +AGMANgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAxADQAMQIEEAEA +AQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQBy +AGQAaABwAF8AbABhADEANgBjADYAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcA +SQBEADEAMQA0ADACBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0 +AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAxADYAYwA2AAAAMG4GCisGAQQB +gjcMAgEEYDBeHhAASABXAEkARAAxADEAMwA5AgQQAQABBER3AHMAZABwAHIAaQBu +AHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANgA0 +AGEANwAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAxADMAOAIEEAEA +AQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQBy +AGQAaABwAF8AbABhADYANABhADcAAAAwgY8GCisGAQQBgjcMAgEEgYAwfh4QAEgA +VwBJAEQAMQAxADMANwIEEAEAAQRkZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AOQBkADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0 +ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYKKwYBBAGCNwwCAQR2MHQeEABI +AFcASQBEADEAMQAzADYCBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADkAZAAxADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMQAx +ADMANQIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOQBkADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADB8BgorBgEEAYI3DAIB +BG4wbB4QAEgAVwBJAEQAMQAxADMANAIEEAEAAQRSZABvAHQANABwAHIAdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBkADEANwAmAGQAbwB0ADQAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAx +ADMAMwIEEAEAAQRIZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOQBkADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMF4GCisGAQQBgjcM +AgEEUDBOHhAASABXAEkARAAxADEAMwAyAgQQAQABBDRkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGQAMQA3AAAAMIGKBgorBgEEAYI3 +DAIBBHwweh4QAEgAVwBJAEQAMQAxADMAMQIEEAEAAQRgZABvAHQANABwAHIAdABc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA4ADYAZgAw +ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGABgorBgEEAYI3DAIB +BHIwcB4QAEgAVwBJAEQAMQAxADMAMAIEEAEAAQRWZABvAHQANABwAHIAdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA4ADYAZgAwACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBE +ADEAMQAyADkCBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAOAA2AGYAMAAAADByBgorBgEEAYI3DAIB +BGQwYh4QAEgAVwBJAEQAMQAxADIAOAIEEAEAAQRIdwBzAGQAcAByAGkAbgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGQAMQA3ACYAcgBlAHYAXwAwADEA +MAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADEAMgA3AgQQAQAB +BDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkA +ZAAxADcAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMQAyADYCBBAB +AAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQA4ADYAZgAwAAAAMHIGCisGAQQBgjcMAgEEZDBiHhAASABX +AEkARAAxADEAMgA1AgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADkAZAAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwYAYK +KwYBBAGCNwwCAQRSMFAeEABIAFcASQBEADEAMQAyADQCBBABAAEENnUAcwBiAHAA +cgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBkADEANwAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAxADIAMwIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhADgANgBmADAAAAAwcAYKKwYBBAGCNwwCAQRiMGAeEABIAFcASQBEADEAMQAy +ADICBBABAAEERmwAcAB0AGUAbgB1AG0AXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADkAZAAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwXgYKKwYBBAGCNwwCAQRQ +ME4eEABIAFcASQBEADEAMQAyADECBBABAAEENGwAcAB0AGUAbgB1AG0AXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADkAZAAxADcAAAAwbAYKKwYBBAGCNwwCAQRe +MFweEABIAFcASQBEADEAMQAyADACBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAOAA2AGYAMAAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAxADEAOQIEEAEAAQREdwBzAGQA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhAGYAYwAxAGQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMQAx +ADgCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQAzAGQAOQBjAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADEAMQA3AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMwA5AGQAYwAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAxADEANgIEEAEAAQREdwBzAGQA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhAGYAMwAxAGQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMQAx +ADUCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQA1ADUANwA4AAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADEAMQA0AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANQA1ADcAOAAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAxADEAMwIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhAGYAYwAxAGQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMQAx +ADICBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQAzAGQAOQBjAAAAMG4GCisGAQQBgjcMAgEEYDBe +HhAASABXAEkARAAxADEAMQAxAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMwA5AGQAYwAAADBu +BgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAxADEAMAIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhAGYAMwAxAGQAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAMQAw +ADkCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEAMwAwAGQAMAAAADCBigYKKwYBBAGCNwwCAQR8MHoe +EABIAFcASQBEADEAMQAwADgCBBABAAEEYGQAbwB0ADQAcAByAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMwAwAGQAMAAmAGQAbwB0 +ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBgAYKKwYBBAGCNwwCAQRyMHAeEABI +AFcASQBEADEAMQAwADcCBBABAAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMwAwAGQAMAAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMGwGCisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAxADEAMAA2 +AgQQAQABBEJkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADMAMABkADAAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABI +AFcASQBEADEAMQAwADUCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAzADAAZAAwAAAAMG4GCisG +AQQBgjcMAgEEYDBeHhAASABXAEkARAAxADEAMAA0AgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +MwAwAGQAMAAAADBwBgorBgEEAYI3DAIBBGIwYB4QAEgAVwBJAEQAMQAxADAAMwIE +EAEAAQRGbABwAHQAZQBuAHUAbQBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +OQBhADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4Q +AEgAVwBJAEQAMQAxADAAMgIEEAEAAQQ0bABwAHQAZQBuAHUAbQBcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AOQBhADEANwAAADBsBgorBgEEAYI3DAIBBF4wXB4Q +AEgAVwBJAEQAMQAxADAAMQIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA2AGIANQA2AAAAMHwGCisG +AQQBgjcMAgEEbjBsHhAASABXAEkARAAxADEAMAAwAgQQAQABBFJkAG8AdAA0AHAA +cgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGEAMQA3ACYAZABvAHQA +NAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGPBgorBgEEAYI3DAIBBIGAMH4eEABI +AFcASQBEADEAMAA5ADkCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADkAYQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8A +dAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABI +AFcASQBEADEAMAA5ADgCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADkAYQAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCB +hAYKKwYBBAGCNwwCAQR2MHQeEABIAFcASQBEADEAMAA5ADcCBBABAAEEWmQAbwB0 +ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAYQAxADcAJgBy +AGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3 +DAIBBGIwYB4QAEgAVwBJAEQAMQAwADkANgIEEAEAAQRGZABvAHQANABwAHIAdABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBhADEANwAmAHIAZQB2AF8AMAAx +ADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4QAEgAVwBJAEQAMQAwADkANQIEEAEA +AQQ0ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBh +ADEANwAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADEAMAA5ADQCBBAB +AAEEYGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEANgBiADUANgAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADCBgAYKKwYBBAGCNwwCAQRyMHAeEABIAFcASQBEADEAMAA5ADMCBBABAAEE +VmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBsAGEANgBiADUANgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQB +gjcMAgEEXjBcHhAASABXAEkARAAxADAAOQAyAgQQAQABBEJkAG8AdAA0AHAAcgB0 +AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADYAYgA1 +ADYAAAAwcgYKKwYBBAGCNwwCAQRkMGIeEABIAFcASQBEADEAMAA5ADECBBABAAEE +SHcAcwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBh +ADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBgBgorBgEEAYI3DAIBBFIwUB4QAEgA +VwBJAEQAMQAwADkAMAIEEAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA5AGEAMQA3AAAAMG4GCisGAQQBgjcMAgEEYDBeHhAA +SABXAEkARAAxADAAOAA5AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANgBiADUANgAAADByBgor +BgEEAYI3DAIBBGQwYh4QAEgAVwBJAEQAMQAwADgAOAIEEAEAAQRIdQBzAGIAcABy +AGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGEAMQA3ACYAcgBl +AHYAXwAwADEAMAAwAAAAMGAGCisGAQQBgjcMAgEEUjBQHhAASABXAEkARAAxADAA +OAA3AgQQAQABBDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADkAYQAxADcAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEA +MAA4ADYCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAGwAYQA2AGIANQA2AAAAMG4GCisGAQQBgjcMAgEE +YDBeHhAASABXAEkARAAxADAAOAA1AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8ANwAzADMAMAAA +ADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAwADgANAIEEAEAAQREdQBz +AGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AYwBvAGIAMgBiADEAAAAwfAYKKwYBBAGCNwwCAQRuMGweEABIAFcASQBEADEA +MAA4ADMCBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADMANQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAAAAAw +agYKKwYBBAGCNwwCAQRcMFoeEABIAFcASQBEADEAMAA4ADICBBABAAEEQGQAbwB0 +ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMANQAxADcAJgBt +AGkAXwAwADAAAAAwgYgGCisGAQQBgjcMAgEEejB4HhAASABXAEkARAAxADAAOAAx +AgQQAQABBF5kAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAzADUAMQA3ACYAbQBpAF8AMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMHwGCisGAQQBgjcMAgEEbjBsHhAASABXAEkARAAxADAAOAAwAgQQAQAB +BFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADQA +MQA3ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAwAAAAMGoGCisGAQQBgjcM +AgEEXDBaHhAASABXAEkARAAxADAANwA5AgQQAQABBEBkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADQAMQA3ACYAbQBpAF8AMAAwAAAA +MIGIBgorBgEEAYI3DAIBBHoweB4QAEgAVwBJAEQAMQAwADcAOAIEEAEAAQReZABv +AHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA0ADEANwAm +AG0AaQBfADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB8Bgor +BgEEAYI3DAIBBG4wbB4QAEgAVwBJAEQAMQAwADcANwIEEAEAAQRSZABvAHQANABw +AHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwAzADEANwAmAHIAZQB2 +AF8AMAAxADAAMAAmAG0AaQBfADAAMAAAADBqBgorBgEEAYI3DAIBBFwwWh4QAEgA +VwBJAEQAMQAwADcANgIEEAEAAQRAZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AMwAzADEANwAmAG0AaQBfADAAMAAAADCBiAYKKwYBBAGC +NwwCAQR6MHgeEABIAFcASQBEADEAMAA3ADUCBBABAAEEXmQAbwB0ADQAcAByAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMAMwAxADcAJgBtAGkAXwAwADAA +JgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfAYKKwYBBAGCNwwCAQRu +MGweEABIAFcASQBEADEAMAA3ADQCBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADMAMgAxADcAJgByAGUAdgBfADAAMQAwADAA +JgBtAGkAXwAwADAAAAAwagYKKwYBBAGCNwwCAQRcMFoeEABIAFcASQBEADEAMAA3 +ADMCBBABAAEEQGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADMAMgAxADcAJgBtAGkAXwAwADAAAAAwgYgGCisGAQQBgjcMAgEEejB4HhAA +SABXAEkARAAxADAANwAyAgQQAQABBF5kAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwAzADIAMQA3ACYAbQBpAF8AMAAwACYAZABvAHQANAAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMHwGCisGAQQBgjcMAgEEbjBsHhAASABXAEkA +RAAxADAANwAxAgQQAQABBFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAyADgAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAw +AAAAMGoGCisGAQQBgjcMAgEEXDBaHhAASABXAEkARAAxADAANwAwAgQQAQABBEBk +AG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADgAMQA3 +ACYAbQBpAF8AMAAwAAAAMIGIBgorBgEEAYI3DAIBBHoweB4QAEgAVwBJAEQAMQAw +ADYAOQIEEAEAAQReZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AMgA4ADEANwAmAG0AaQBfADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADB8BgorBgEEAYI3DAIBBG4wbB4QAEgAVwBJAEQAMQAwADYAOAIE +EAEAAQRSZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MgA3ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMAAAADBqBgorBgEE +AYI3DAIBBFwwWh4QAEgAVwBJAEQAMQAwADYANwIEEAEAAQRAZABvAHQANABwAHIA +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA3ADEANwAmAG0AaQBfADAA +MAAAADCBiAYKKwYBBAGCNwwCAQR6MHgeEABIAFcASQBEADEAMAA2ADYCBBABAAEE +XmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIANwAx +ADcAJgBtAGkAXwAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +fAYKKwYBBAGCNwwCAQRuMGweEABIAFcASQBEADEAMAA2ADUCBBABAAEEUmQAbwB0 +ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIANgAxADcAJgBy +AGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADAAAAAwagYKKwYBBAGCNwwCAQRcMFoe +EABIAFcASQBEADEAMAA2ADQCBBABAAEEQGQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADIANgAxADcAJgBtAGkAXwAwADAAAAAwgYgGCisG +AQQBgjcMAgEEejB4HhAASABXAEkARAAxADAANgAzAgQQAQABBF5kAG8AdAA0AHAA +cgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADYAMQA3ACYAbQBpAF8A +MAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcM +AgEEYjBgHhAASABXAEkARAAxADAANgAyAgQQAQABBEZkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADkAMQA3ACYAcgBlAHYAXwAwADEA +MAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHhAASABXAEkARAAxADAANgAxAgQQAQAB +BDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADkA +MQA3AAAAMHwGCisGAQQBgjcMAgEEbjBsHhAASABXAEkARAAxADAANgAwAgQQAQAB +BFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADkA +MQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcM +AgEEYjBgHhAASABXAEkARAAxADAANQA5AgQQAQABBEZkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADgAMQA3ACYAcgBlAHYAXwAwADEA +MAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHhAASABXAEkARAAxADAANQA4AgQQAQAB +BDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADgA +MQA3AAAAMHwGCisGAQQBgjcMAgEEbjBsHhAASABXAEkARAAxADAANQA3AgQQAQAB +BFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADgA +MQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcM +AgEEYjBgHhAASABXAEkARAAxADAANQA2AgQQAQABBEZkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADcAMQA3ACYAcgBlAHYAXwAwADEA +MAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHhAASABXAEkARAAxADAANQA1AgQQAQAB +BDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADcA +MQA3AAAAMHwGCisGAQQBgjcMAgEEbjBsHhAASABXAEkARAAxADAANQA0AgQQAQAB +BFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADcA +MQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcM +AgEEYjBgHhAASABXAEkARAAxADAANQAzAgQQAQABBEZkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADYAMQA3ACYAcgBlAHYAXwAwADEA +MAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHhAASABXAEkARAAxADAANQAyAgQQAQAB +BDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADYA +MQA3AAAAMHwGCisGAQQBgjcMAgEEbjBsHhAASABXAEkARAAxADAANQAxAgQQAQAB +BFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADYA +MQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcM +AgEEYjBgHhAASABXAEkARAAxADAANQAwAgQQAQABBEZkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAwADkAMQA3ACYAcgBlAHYAXwAwADEA +MAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHhAASABXAEkARAAxADAANAA5AgQQAQAB +BDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAwADkA +MQA3AAAAMHwGCisGAQQBgjcMAgEEbjBsHhAASABXAEkARAAxADAANAA4AgQQAQAB +BFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAwADkA +MQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcM +AgEEYjBgHhAASABXAEkARAAxADAANAA3AgQQAQABBEZkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAwADgAMQA3ACYAcgBlAHYAXwAwADEA +MAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHhAASABXAEkARAAxADAANAA2AgQQAQAB +BDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAwADgA +MQA3AAAAMHwGCisGAQQBgjcMAgEEbjBsHhAASABXAEkARAAxADAANAA1AgQQAQAB +BFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAwADgA +MQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADAANAA0AgQQAQABBER3AHMAZABwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBvAGYANwBkADMA +ZQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAwADQAMwIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbwBmADcAZAAzAGUAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEAMAA0ADICBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAG8AZgA1ADYAYgA1AAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADAANAAxAgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBvAGYANQA2AGIA +NQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAwADQAMAIEEAEAAQRE +dwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbwBmADcAMgAzAGUAAAAwbgYKKwYBBAGCNwwCAQRgMF4eEABIAFcASQBE +ADEAMAAzADkCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAG8AZgA3ADIAMwBlAAAAMGAGCisGAQQBgjcM +AgEEUjBQHhAASABXAEkARAAxADAAMwA4AgQQAQABBDZ1AHMAYgBwAHIAaQBuAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEAMwAxADEAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eEABIAFcASQBEADEAMAAzADcCBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAxADkA +MwBlAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADAAMwA2AgQQAQAB +BER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAMQA5ADMAZQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJ +AEQAMQAwADMANQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQAOQBmAGYAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eEABIAFcASQBEADEAMAAzADQCBBABAAEERHUAcwBiAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkADkA +ZgBmAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADAAMwAzAgQQAQAB +BER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAMQBiAGIAZQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJ +AEQAMQAwADMAMgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADEAYgBiAGUAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eEABIAFcASQBEADEAMAAzADECBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAwADYA +ZAAyAAAAMG4GCisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADAAMwAwAgQQAQAB +BER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAMAA2AGQAMgAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJ +AEQAMQAwADIAOQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADQAYgBhADkAAAAwbAYKKwYBBAGC +NwwCAQReMFweEABIAFcASQBEADEAMAAyADgCBBABAAEEQnYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AYQA2ADEANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADB8BgorBgEEAYI3DAIBBG4wbB4QAEgAVwBJAEQAMQAwADIANwIEEAEAAQRS +ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQA2ADEA +NwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYKKwYBBAGCNwwC +AQR2MHQeEABIAFcASQBEADEAMAAyADYCBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEANgAxADcAJgByAGUAdgBfADAAMQAw +ADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBjwYKKwYBBAGCNwwCAQSBgDB+HhAA +SABXAEkARAAxADAAMgA1AgQQAQABBGRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwBhADYAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAZABv +AHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHhAA +SABXAEkARAAxADAAMgA0AgQQAQABBEZkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwBhADYAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMG4G +CisGAQQBgjcMAgEEYDBeHhAASABXAEkARAAxADAAMgAzAgQQAQABBER3AHMAZABw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEANABiAGEAOQAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADEAMAAy +ADICBBABAAEEYGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEANABiAGEAOQAmAGQAbwB0ADQAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADCBgAYKKwYBBAGCNwwCAQRyMHAeEABIAFcASQBEADEAMAAyADEC +BBABAAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBsAGEANABiAGEAOQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwG +CisGAQQBgjcMAgEEXjBcHhAASABXAEkARAAxADAAMgAwAgQQAQABBEJkAG8AdAA0 +AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABh +ADQAYgBhADkAAAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAMAAxADkC +BBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBsAGEANABiAGEAOQAAADByBgorBgEEAYI3DAIBBGQwYh4QAEgA +VwBJAEQAMQAwADEAOAIEEAEAAQRIZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AYQA1ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGE +BgorBgEEAYI3DAIBBHYwdB4QAEgAVwBJAEQAMQAwADEANwIEEAEAAQRaZABvAHQA +NABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQA1ADEANwAmAHIA +ZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMG4GCisGAQQBgjcM +AgEEYDBeHhAASABXAEkARAAxADAAMQA2AgQQAQABBER3AHMAZABwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMQA3AGYA +OQAAADCBigYKKwYBBAGCNwwCAQR8MHoeEABIAFcASQBEADEAMAAxADUCBBABAAEE +YGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBsAGEAMQA3AGYAOQAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADCBgAYKKwYBBAGCNwwCAQRyMHAeEABIAFcASQBEADEAMAAxADQCBBABAAEEVmQA +bwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAMQA3AGYAOQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGwGCisGAQQBgjcM +AgEEXjBcHhAASABXAEkARAAxADAAMQAzAgQQAQABBEJkAG8AdAA0AHAAcgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADEANwBmADkA +AAAwbAYKKwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAMAAxADICBBABAAEEQmwA +cAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAMQA3AGYAOQAAADBuBgorBgEEAYI3DAIBBGAwXh4QAEgAVwBJAEQAMQAw +ADEAMQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhAGQANwAzADgAAAAwgYoGCisGAQQBgjcMAgEE +fDB6HhAASABXAEkARAAxADAAMQAwAgQQAQABBGBkAG8AdAA0AHAAcgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQANwAzADgAJgBk +AG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYAGCisGAQQBgjcMAgEEcjBw +HhAASABXAEkARAAxADAAMAA5AgQQAQABBFZkAG8AdAA0AHAAcgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQANwAzADgAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADBsBgorBgEEAYI3DAIBBF4wXB4QAEgAVwBJAEQAMQAw +ADAAOAIEEAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQBkADcAMwA4AAAAMGwGCisGAQQBgjcMAgEEXjBc +HhAASABXAEkARAAxADAAMAA3AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQANwAzADgAAAAwbgYK +KwYBBAGCNwwCAQRgMF4eEABIAFcASQBEADEAMAAwADYCBBABAAEERHcAcwBkAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwA +YQBkADYANwA4AAAAMIGKBgorBgEEAYI3DAIBBHwweh4QAEgAVwBJAEQAMQAwADAA +NQIEEAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQBkADYANwA4ACYAZABvAHQANAAmAHAAcgBpAG4AdABf +AGgAcAB6AAAAMIGABgorBgEEAYI3DAIBBHIwcB4QAEgAVwBJAEQAMQAwADAANAIE +EAEAAQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQBkADYANwA4ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbAYK +KwYBBAGCNwwCAQReMFweEABIAFcASQBEADEAMAAwADMCBBABAAEEQmQAbwB0ADQA +cAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +ZAA2ADcAOAAAADB8BgorBgEEAYI3DAIBBG4wbB4QAEgAVwBJAEQAMQAwADAAMgIE +EAEAAQRSZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +YQA1ADEANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBjwYKKwYB +BAGCNwwCAQSBgDB+HhAASABXAEkARAAxADAAMAAxAgQQAQABBGRkAG8AdAA0AHAA +cgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBhADUAMQA3ACYAcgBlAHYA +XwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisG +AQQBgjcMAgEEYjBgHhAASABXAEkARAAxADAAMAAwAgQQAQABBEZkAG8AdAA0AHAA +cgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBhADUAMQA3ACYAcgBlAHYA +XwAwADEAMAAwAAAAMFwGCisGAQQBgjcMAgEETjBMHg4ASABXAEkARAA5ADkAOQIE +EAEAAQQ0ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +YQA1ADEANwAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQAOQA5ADgCBBAB +AAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAZAA2ADcAOAAAADCBigYKKwYBBAGCNwwCAQR8MHoeDgBIAFcA +SQBEADkAOQA3AgQQAQABBGJkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AbABhADMAYQA1ADYAIAAmAGQAbwB0ADQAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADCBgAYKKwYBBAGCNwwCAQRyMHAeDgBIAFcASQBE +ADkAOQA2AgQQAQABBFhkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhADMAYQA1ADYAIAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAA5ADkANQIEEAEAAQRC +ZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQAzAGEANQA2AAAAMHoGCisGAQQBgjcMAgEEbDBqHg4ASABXAEkARAA5 +ADkANAIEEAEAAQRSZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AYQA0ADEANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCB +jAYKKwYBBAGCNwwCAQR+MHweDgBIAFcASQBEADkAOQAzAgQQAQABBGRkAG8AdAA0 +AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBhADQAMQA3ACYAcgBl +AHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAG +CisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAA5ADkAMgIEEAEAAQRIZABvAHQANABw +AHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQA0ADEANwAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4OAEgAVwBJAEQAOQA5 +ADECBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfAGEANAAxADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADBuBgorBgEEAYI3DAIBBGAwXh4OAEgAVwBJAEQAOQA5ADACBBABAAEERmQA +bwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEANAAxADcA +JgByAGUAdgBfADAAMQAwADAAAAAwXAYKKwYBBAGCNwwCAQROMEweDgBIAFcASQBE +ADkAOAA5AgQQAQABBDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwBhADQAMQA3AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA5 +ADgAOAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhADMAYQA1ADYAAAAwagYKKwYBBAGCNwwCAQRc +MFoeDgBIAFcASQBEADkAOAA3AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADMAYQA1ADYAAAAwbAYK +KwYBBAGCNwwCAQReMFweDgBIAFcASQBEADkAOAA2AgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +YgBkADIAMgAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOQA4ADUCBBAB +AAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQBiAGQAMgAyAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAA5ADgANAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADcANwBlADMAAAAwbAYKKwYBBAGC +NwwCAQReMFweDgBIAFcASQBEADkAOAAzAgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANwA3AGUA +MwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOQA4ADICBBABAAEERHcA +cwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQAxAGQAMgA0AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA5 +ADgAMQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhADEAZAAyADQAAAAwbAYKKwYBBAGCNwwCAQRe +MFweDgBIAFcASQBEADkAOAAwAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANQBjAGYAZAAAADBs +BgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOQA3ADkCBBABAAEERHUAcwBiAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwA +YQA1AGMAZgBkAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA5ADcAOAIE +EAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhAGUAYwBkADcAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBI +AFcASQBEADkANwA3AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZQBjAGQANwAAADBsBgorBgEE +AYI3DAIBBF4wXB4OAEgAVwBJAEQAOQA3ADYCBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAyADYA +MQA2AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA5ADcANQIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADIANgAxADYAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBE +ADkANwA0AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAMwBhAGQAMgAAADBsBgorBgEEAYI3DAIB +BF4wXB4OAEgAVwBJAEQAOQA3ADMCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAzAGEAZAAyAAAA +MG4GCisGAQQBgjcMAgEEYDBeHg4ASABXAEkARAA5ADcAMgIEEAEAAQRGZABvAHQA +NABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQAxADEANwAmAHIA +ZQB2AF8AMAAxADAAMAAAADBcBgorBgEEAYI3DAIBBE4wTB4OAEgAVwBJAEQAOQA3 +ADECBBABAAEENGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfAGEAMQAxADcAAAAwgYwGCisGAQQBgjcMAgEEfjB8Hg4ASABXAEkARAA5ADcA +MAIEEAEAAQRkZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8AYQAxADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0MHIeDgBIAFcASQBEADkANgA5 +AgQQAQABBFpkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBhADEAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwegYKKwYBBAGCNwwCAQRsMGoeDgBIAFcASQBEADkANgA4AgQQAQABBFJkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBhADEAMQA3ACYA +ZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBg +Hg4ASABXAEkARAA5ADYANwIEEAEAAQRIZABvAHQANABwAHIAdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AYQAxADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MIGIBgorBgEEAYI3DAIBBHoweB4OAEgAVwBJAEQAOQA2ADYCBBABAAEEYGQAbwB0 +ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAYgBiADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+Bgor +BgEEAYI3DAIBBHAwbh4OAEgAVwBJAEQAOQA2ADUCBBABAAEEVmQAbwB0ADQAcABy +AHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAYgBi +ADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4A +SABXAEkARAA5ADYANAIEEAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0 +AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBiAGIAMAAwAAAAMGoGCisGAQQB +gjcMAgEEXDBaHg4ASABXAEkARAA5ADYAMwIEEAEAAQRCbABwAHQAZQBuAHUAbQBc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBiAGIAMAAw +AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA5ADYAMgIEEAEAAQREdwBz +AGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AbABhAGMAYgAxADcAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADkA +NgAxAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABh +AGMAawBhAHIAZABoAHAAXwBsAGEAMAA3AGQANgAAADBsBgorBgEEAYI3DAIBBF4w +XB4OAEgAVwBJAEQAOQA2ADACBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3 +AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA4ADUAMwA3AAAAMGwG +CisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA5ADUAOQIEEAEAAQREdwBzAGQAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABh +ADgAYgA1ADcAAAAwWgYKKwYBBAGCNwwCAQRMMEoeDgBIAFcASQBEADkANQA4AgQQ +AQABBDJoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAYwBi +ADEANwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOQA1ADcCBBABAAEE +RHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBk +AGgAcABfAGwAYQBjAGIAMQA3AAAAMFoGCisGAQQBgjcMAgEETDBKHg4ASABXAEkA +RAA5ADUANgIEEAEAAQQyaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AbABhADAANwBkADYAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADkA +NQA1AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABh +AGMAawBhAHIAZABoAHAAXwBsAGEAMAA3AGQANgAAADBaBgorBgEEAYI3DAIBBEww +Sh4OAEgAVwBJAEQAOQA1ADQCBBABAAEEMmgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQA4ADUAMwA3AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4A +SABXAEkARAA5ADUAMwIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABl +AHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADgANQAzADcAAAAwcAYKKwYB +BAGCNwwCAQRiMGAeDgBIAFcASQBEADkANQAyAgQQAQABBEh1AHMAYgBwAHIAaQBu +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADAAMQAyAGEAJgByAGUAdgBf +ADAAMQAwADAAAAAwXgYKKwYBBAGCNwwCAQRQME4eDgBIAFcASQBEADkANQAxAgQQ +AQABBDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADAAMQAyAGEAAAAwWgYKKwYBBAGCNwwCAQRMMEoeDgBIAFcASQBEADkANQAwAgQQ +AQABBDJoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAOABi +ADUANwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOQA0ADkCBBABAAEE +RHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBk +AGgAcABfAGwAYQA4AGIANQA3AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkA +RAA5ADQAOAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQAZgA5ADIAAAAwbAYKKwYBBAGCNwwC +AQReMFweDgBIAFcASQBEADkANAA3AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAYwBiADkAMQAA +ADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOQA0ADYCBBABAAEERHcAcwBk +AHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABf +AGwAYQAzADcAOQAwAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA5ADQA +NQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBj +AGsAYQByAGQAaABwAF8AbABhADcAMwA5ADAAAAAwbAYKKwYBBAGCNwwCAQReMFwe +DgBIAFcASQBEADkANAA0AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAAxADIAYwAAADBsBgor +BgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOQA0ADMCBBABAAEERHcAcwBkAHAAcgBp +AG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAx +ADEANwBkAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA5ADQAMgIEEAEA +AQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQBy +AGQAaABwAF8AbABhADEAMQA4AGQAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcA +SQBEADkANAAxAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAAwAGMAYwAAADBaBgorBgEEAYI3 +DAIBBEwwSh4OAEgAVwBJAEQAOQA0ADACBBABAAEEMmgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkAGYAOQAyAAAAMGwGCisGAQQBgjcMAgEE +XjBcHg4ASABXAEkARAA5ADMAOQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQAZgA5ADIAAAAw +WgYKKwYBBAGCNwwCAQRMMEoeDgBIAFcASQBEADkAMwA4AgQQAQABBDJoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAYwBiADkAMQAAADBsBgor +BgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOQAzADcCBBABAAEERHUAcwBiAHAAcgBp +AG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBj +AGIAOQAxAAAAMFoGCisGAQQBgjcMAgEETDBKHg4ASABXAEkARAA5ADMANgIEEAEA +AQQyaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADMANwA5 +ADAAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADkAMwA1AgQQAQABBER1 +AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBsAGEAMwA3ADkAMAAAADBaBgorBgEEAYI3DAIBBEwwSh4OAEgAVwBJAEQA +OQAzADQCBBABAAEEMmgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABf +AGwAYQA3ADMAOQAwAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA5ADMA +MwIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBj +AGsAYQByAGQAaABwAF8AbABhADcAMwA5ADAAAAAwWgYKKwYBBAGCNwwCAQRMMEoe +DgBIAFcASQBEADkAMwAyAgQQAQABBDJoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBsAGEAZAAxADIAYwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgA +VwBJAEQAOQAzADECBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0 +AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkADEAMgBjAAAAMFoGCisGAQQB +gjcMAgEETDBKHg4ASABXAEkARAA5ADMAMAIEEAEAAQQyaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AbABhADEAMQA3AGQAAAAwbAYKKwYBBAGCNwwC +AQReMFweDgBIAFcASQBEADkAMgA5AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMQAxADcAZAAA +ADBaBgorBgEEAYI3DAIBBEwwSh4OAEgAVwBJAEQAOQAyADgCBBABAAEEMmgAZQB3 +AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAxADEAOABkAAAAMGwG +CisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA5ADIANwIEEAEAAQREdQBzAGIAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABh +ADEAMQA4AGQAAAAwcAYKKwYBBAGCNwwCAQRiMGAeDgBIAFcASQBEADkAMgA2AgQQ +AQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADAANwAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAwXgYKKwYBBAGCNwwCAQRQME4e +DgBIAFcASQBEADkAMgA1AgQQAQABBDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADAANwAyAGEAAAAwWgYKKwYBBAGCNwwCAQRMMEoe +DgBIAFcASQBEADkAMgA0AgQQAQABBDJoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBsAGEAZAAwAGMAYwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgA +VwBJAEQAOQAyADMCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0 +AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkADAAYwBjAAAAMGwGCisGAQQB +gjcMAgEEXjBcHg4ASABXAEkARAA5ADIAMgIEEAEAAQREdwBzAGQAcAByAGkAbgB0 +AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGUANAAx +ADMAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADkAMgAxAgQQAQABBER3 +AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBsAGEAZQA3ADIAMwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQA +OQAyADACBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAGwAYQAyADcANwAyAAAAMGwGCisGAQQBgjcMAgEE +XjBcHg4ASABXAEkARAA5ADEAOQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADIANwA4ADAAAAAw +bAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADkAMQA4AgQQAQABBER3AHMAZABw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAMgAyADAAMAAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOQAxADcC +BBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQBiADIAMAAxAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4A +SABXAEkARAA5ADEANgIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABl +AHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADQAMAAwADEAAAAwbAYKKwYB +BAGCNwwCAQReMFweDgBIAFcASQBEADkAMQA1AgQQAQABBER3AHMAZABwAHIAaQBu +AHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANQBh +ADAAMgAAADBaBgorBgEEAYI3DAIBBEwwSh4OAEgAVwBJAEQAOQAxADQCBBABAAEE +MmgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBlADQAMQAz +AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA5ADEAMwIEEAEAAQREdQBz +AGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AbABhAGUANAAxADMAAAAwWgYKKwYBBAGCNwwCAQRMMEoeDgBIAFcASQBEADkA +MQAyAgQQAQABBDJoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAZQA3ADIAMwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOQAxADEC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQBlADcAMgAzAAAAMFoGCisGAQQBgjcMAgEETDBKHg4A +SABXAEkARAA5ADEAMAIEEAEAAQQyaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQBy +AGQAaABwAF8AbABhADIANwA3ADIAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcA +SQBEADkAMAA5AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMgA3ADcAMgAAADBaBgorBgEEAYI3 +DAIBBEwwSh4OAEgAVwBJAEQAOQAwADgCBBABAAEEMmgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAGwAYQAyADcAOAAwAAAAMGwGCisGAQQBgjcMAgEE +XjBcHg4ASABXAEkARAA5ADAANwIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADIANwA4ADAAAAAw +WgYKKwYBBAGCNwwCAQRMMEoeDgBIAFcASQBEADkAMAA2AgQQAQABBDJoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMgAyADAAMAAAADBsBgor +BgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOQAwADUCBBABAAEERHUAcwBiAHAAcgBp +AG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAy +ADIAMAAwAAAAMFoGCisGAQQBgjcMAgEETDBKHg4ASABXAEkARAA5ADAANAIEEAEA +AQQyaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGIAMgAw +ADEAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADkAMAAzAgQQAQABBER1 +AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBsAGEAYgAyADAAMQAAADBaBgorBgEEAYI3DAIBBEwwSh4OAEgAVwBJAEQA +OQAwADICBBABAAEEMmgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABf +AGwAYQA0ADAAMAAxAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA5ADAA +MQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBj +AGsAYQByAGQAaABwAF8AbABhADQAMAAwADEAAAAwcAYKKwYBBAGCNwwCAQRiMGAe +DgBIAFcASQBEADkAMAAwAgQQAQABBEh1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADAAMgAyAGEAJgByAGUAdgBfADAAMQAwADAAAAAw +XgYKKwYBBAGCNwwCAQRQME4eDgBIAFcASQBEADgAOQA5AgQQAQABBDZ1AHMAYgBw +AHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADAAMgAyAGEAAAAw +WgYKKwYBBAGCNwwCAQRMMEoeDgBIAFcASQBEADgAOQA4AgQQAQABBDJoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANQBhADAAMgAAADBsBgor +BgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOAA5ADcCBBABAAEERHUAcwBiAHAAcgBp +AG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA1 +AGEAMAAyAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA4ADkANgIEEAEA +AQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQBy +AGQAaABwAF8AbABhADAAOQBlAGQAAAAwgYgGCisGAQQBgjcMAgEEejB4Hg4ASABX +AEkARAA4ADkANQIEEAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAwADkAZQBkACYAZABvAHQANAAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMH4GCisGAQQBgjcMAgEEcDBuHg4ASABXAEkARAA4 +ADkANAIEEAEAAQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQAwADkAZQBkACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwagYKKwYBBAGCNwwCAQRcMFoeDgBIAFcASQBEADgAOQAzAgQQAQABBEJkAG8A +dAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhADAAOQBlAGQAAAAwagYKKwYBBAGCNwwCAQRcMFoeDgBIAFcASQBEADgAOQAy +AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADAAOQBlAGQAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBI +AFcASQBEADgAOQAxAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMAA4AGYAZAAAADCBiAYKKwYB +BAGCNwwCAQR6MHgeDgBIAFcASQBEADgAOQAwAgQQAQABBGBkAG8AdAA0AHAAcgB0 +AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADAAOABm +AGQAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYKKwYBBAGCNwwC +AQRwMG4eDgBIAFcASQBEADgAOAA5AgQQAQABBFZkAG8AdAA0AHAAcgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADAAOABmAGQAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQA +OAA4ADgCBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABh +AGMAawBhAHIAZABoAHAAXwBsAGEAMAA4AGYAZAAAADBqBgorBgEEAYI3DAIBBFww +Wh4OAEgAVwBJAEQAOAA4ADcCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMAA4AGYAZAAAADBsBgor +BgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOAA4ADYCBBABAAEERHcAcwBkAHAAcgBp +AG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA2 +ADIAOAA3AAAAMIGIBgorBgEEAYI3DAIBBHoweB4OAEgAVwBJAEQAOAA4ADUCBBAB +AAEEYGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBjAG8ANgAyADgANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADB+BgorBgEEAYI3DAIBBHAwbh4OAEgAVwBJAEQAOAA4ADQCBBABAAEEVmQA +bwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG8ANgAyADgANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcM +AgEEXDBaHg4ASABXAEkARAA4ADgAMwIEEAEAAQRCZABvAHQANABwAHIAdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA2ADIAOAA3AAAA +MHoGCisGAQQBgjcMAgEEbDBqHg4ASABXAEkARAA4ADgAMgIEEAEAAQRSZABvAHQA +NABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBiADEANwAmAGQA +bwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBjAYKKwYBBAGCNwwCAQR+MHwe +DgBIAFcASQBEADgAOAAxAgQQAQABBGRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA5AGIAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAZABv +AHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHg4A +SABXAEkARAA4ADgAMAIEEAEAAQRIZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AOQBiADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGC +BgorBgEEAYI3DAIBBHQwch4OAEgAVwBJAEQAOAA3ADkCBBABAAEEWmQAbwB0ADQA +cAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAYgAxADcAJgByAGUA +dgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBuBgorBgEEAYI3DAIB +BGAwXh4OAEgAVwBJAEQAOAA3ADgCBBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADkAYgAxADcAJgByAGUAdgBfADAAMQAwADAA +AAAwXAYKKwYBBAGCNwwCAQROMEweDgBIAFcASQBEADgANwA3AgQQAQABBDRkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGIAMQA3AAAA +MGoGCisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAA4ADcANgIEEAEAAQRCbABwAHQA +ZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMA +bwA2ADIAOAA3AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA4ADcANQIE +EAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AYwBvAGYAYgBhAGIAAAAwgYgGCisGAQQBgjcMAgEEejB4Hg4A +SABXAEkARAA4ADcANAIEEAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0 +AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBmAGIAYQBiACYAZABvAHQANAAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMH4GCisGAQQBgjcMAgEEcDBuHg4ASABXAEkA +RAA4ADcAMwIEEAEAAQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAGMAbwBmAGIAYQBiACYAcAByAGkAbgB0AF8AaABw +AHoAAAAwagYKKwYBBAGCNwwCAQRcMFoeDgBIAFcASQBEADgANwAyAgQQAQABBEJk +AG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AYwBvAGYAYgBhAGIAAAAwegYKKwYBBAGCNwwCAQRsMGoeDgBIAFcASQBEADgA +NwAxAgQQAQABBFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwBhADIAMQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGM +BgorBgEEAYI3DAIBBH4wfB4OAEgAVwBJAEQAOAA3ADACBBABAAEEZGQAbwB0ADQA +cAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEAMgAxADcAJgByAGUA +dgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYK +KwYBBAGCNwwCAQRiMGAeDgBIAFcASQBEADgANgA5AgQQAQABBEhkAG8AdAA0AHAA +cgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBhADIAMQA3ACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwgYIGCisGAQQBgjcMAgEEdDByHg4ASABXAEkARAA4ADYA +OAIEEAEAAQRaZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8AYQAyADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMG4GCisGAQQBgjcMAgEEYDBeHg4ASABXAEkARAA4ADYANwIEEAEAAQRGZABv +AHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQAyADEANwAm +AHIAZQB2AF8AMAAxADAAMAAAADBcBgorBgEEAYI3DAIBBE4wTB4OAEgAVwBJAEQA +OAA2ADYCBBABAAEENGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfAGEAMgAxADcAAAAwagYKKwYBBAGCNwwCAQRcMFoeDgBIAFcASQBEADgA +NgA1AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBj +AGsAYQByAGQAaABwAF8AYwBvAGYAYgBhAGIAAAAwbAYKKwYBBAGCNwwCAQReMFwe +DgBIAFcASQBEADgANgA0AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AZgBhADcANwAAADCBiAYK +KwYBBAGCNwwCAQR6MHgeDgBIAFcASQBEADgANgAzAgQQAQABBGBkAG8AdAA0AHAA +cgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGYA +YQA3ADcAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYKKwYBBAGC +NwwCAQRwMG4eDgBIAFcASQBEADgANgAyAgQQAQABBFZkAG8AdAA0AHAAcgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGYAYQA3ADcA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJ +AEQAOAA2ADECBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBjAG8AZgBhADcANwAAADB6BgorBgEEAYI3DAIB +BGwwah4OAEgAVwBJAEQAOAA2ADACBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADkAOQAxADcAJgBkAG8AdAA0ACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwgYwGCisGAQQBgjcMAgEEfjB8Hg4ASABXAEkARAA4ADUA +OQIEEAEAAQRkZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8AOQA5ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAOAA1ADgC +BBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADkAOQAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0 +MHIeDgBIAFcASQBEADgANQA3AgQQAQABBFpkAG8AdAA0AHAAcgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA5ADkAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwbgYKKwYBBAGCNwwCAQRgMF4eDgBIAFcASQBE +ADgANQA2AgQQAQABBEZkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA5ADkAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMFwGCisGAQQBgjcM +AgEETjBMHg4ASABXAEkARAA4ADUANQIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQA5ADEANwAAADBqBgorBgEEAYI3DAIB +BFwwWh4OAEgAVwBJAEQAOAA1ADQCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AZgBhADcANwAAADCB +iAYKKwYBBAGCNwwCAQR6MHgeDgBIAFcASQBEADgANQAzAgQQAQABBGBkAG8AdAA0 +AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBv +AGUAZQAxADYAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYKKwYB +BAGCNwwCAQRwMG4eDgBIAFcASQBEADgANQAyAgQQAQABBFZkAG8AdAA0AHAAcgB0 +AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGUAZQAx +ADYAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgA +VwBJAEQAOAA1ADECBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AZQBlADEANgAAADB6BgorBgEEAYI3 +DAIBBGwwah4OAEgAVwBJAEQAOAA1ADACBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAOAAxADcAJgBkAG8AdAA0ACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwgYwGCisGAQQBgjcMAgEEfjB8Hg4ASABXAEkARAA4 +ADQAOQIEEAEAAQRkZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOAA4ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAOAA0 +ADgCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADgAOAAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwC +AQR0MHIeDgBIAFcASQBEADgANAA3AgQQAQABBFpkAG8AdAA0AHAAcgB0AFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADgAMQA3ACYAcgBlAHYAXwAwADEAMAAw +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwXAYKKwYBBAGCNwwCAQROMEweDgBIAFcA +SQBEADgANAA2AgQQAQABBDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA4ADgAMQA3AAAAMG4GCisGAQQBgjcMAgEEYDBeHg4ASABXAEkA +RAA4ADQANQIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AOAA4ADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADB6BgorBgEEAYI3 +DAIBBGwwah4OAEgAVwBJAEQAOAA0ADQCBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgANwAxADcAJgBkAG8AdAA0ACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwgYwGCisGAQQBgjcMAgEEfjB8Hg4ASABXAEkARAA4 +ADQAMwIEEAEAAQRkZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOAA3ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAOAA0 +ADICBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADgANwAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwC +AQR0MHIeDgBIAFcASQBEADgANAAxAgQQAQABBFpkAG8AdAA0AHAAcgB0AFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADcAMQA3ACYAcgBlAHYAXwAwADEAMAAw +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwXAYKKwYBBAGCNwwCAQROMEweDgBIAFcA +SQBEADgANAAwAgQQAQABBDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA4ADcAMQA3AAAAMG4GCisGAQQBgjcMAgEEYDBeHg4ASABXAEkA +RAA4ADMAOQIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AOAA3ADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBsBgorBgEEAYI3 +DAIBBF4wXB4OAEgAVwBJAEQAOAAzADgCBBABAAEERHcAcwBkAHAAcgBpAG4AdABc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBlAGUAMQA2 +AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA4ADMANwIEEAEAAQREdwBz +AGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AYwBvADgAZQA5ADMAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADgA +MwA2AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABh +AGMAawBhAHIAZABoAHAAXwBjAG8AOQBlADgAMwAAADCBjAYKKwYBBAGCNwwCAQR+ +MHweDgBIAFcASQBEADgAMwA1AgQQAQABBGRkAG8AdAA0AHAAcgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA4AGQAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYA +ZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBq +Hg4ASABXAEkARAA4ADMANAIEEAEAAQRSZABvAHQANABwAHIAdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AOABkADEANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0MHIeDgBIAFcASQBEADgAMwAzAgQQ +AQABBFpkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4 +AGQAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +cAYKKwYBBAGCNwwCAQRiMGAeDgBIAFcASQBEADgAMwAyAgQQAQABBEhkAG8AdAA0 +AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4AGQAMQA3ACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwgYgGCisGAQQBgjcMAgEEejB4Hg4ASABXAEkARAA4 +ADMAMQIEEAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQAzADYAOQA2ACYAZABvAHQANAAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMH4GCisGAQQBgjcMAgEEcDBuHg4ASABXAEkARAA4ADMAMAIE +EAEAAQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQAzADYAOQA2ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwagYK +KwYBBAGCNwwCAQRcMFoeDgBIAFcASQBEADgAMgA5AgQQAQABBEJkAG8AdAA0AHAA +cgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADMA +NgA5ADYAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADgAMgA4AgQQAQAB +BER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAMwA2ADkANgAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJ +AEQAOAAyADcCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBhAGIAMwA3AAAAMGwGCisGAQQBgjcM +AgEEXjBcHg4ASABXAEkARAA4ADIANgIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADAAZQAzAGIA +AAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADgAMgA1AgQQAQABBER3AHMA +ZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAZgAwAGEAZgAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOAAy +ADQCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQA1ADAAMwA5AAAAMGwGCisGAQQBgjcMAgEEXjBc +Hg4ASABXAEkARAA4ADIAMwIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADMAOQBhAGUAAAAwbAYK +KwYBBAGCNwwCAQReMFweDgBIAFcASQBEADgAMgAyAgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +MwBlADIAZQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAOAAyADECBBAB +AAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQBhAGUAMwA4AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAA4ADIAMAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGYAOQA0AGMAAAAwgYwGCisGAQQB +gjcMAgEEfjB8Hg4ASABXAEkARAA4ADEAOQIEEAEAAQRkZABvAHQANABwAHIAdABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOABjADEANwAmAHIAZQB2AF8AMAAx +ADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB6BgorBgEEAYI3 +DAIBBGwwah4OAEgAVwBJAEQAOAAxADgCBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAYwAxADcAJgBkAG8AdAA0ACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwgYIGCisGAQQBgjcMAgEEdDByHg4ASABXAEkARAA4 +ADEANwIEEAEAAQRaZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOABjADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAA4ADEANgIEEAEAAQRI +ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOABjADEA +NwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMG4GCisGAQQBgjcMAgEEYDBeHg4ASABX +AEkARAA4ADEANQIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOABjADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADCBiAYKKwYB +BAGCNwwCAQR6MHgeDgBIAFcASQBEADgAMQA0AgQQAQABBGBkAG8AdAA0AHAAcgB0 +AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADkANABh +ADIAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYKKwYBBAGCNwwC +AQRwMG4eDgBIAFcASQBEADgAMQAzAgQQAQABBFZkAG8AdAA0AHAAcgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADkANABhADIAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQA +OAAxADICBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABh +AGMAawBhAHIAZABoAHAAXwBjAG8AOQA0AGEAMgAAADBsBgorBgEEAYI3DAIBBF4w +XB4OAEgAVwBJAEQAOAAxADECBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3 +AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA5ADkAZgA4AAAAMIGI +BgorBgEEAYI3DAIBBHoweB4OAEgAVwBJAEQAOAAxADACBBABAAEEYGQAbwB0ADQA +cAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8A +OQA5AGYAOAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEE +AYI3DAIBBHAwbh4OAEgAVwBJAEQAOAAwADkCBBABAAEEVmQAbwB0ADQAcAByAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AOQA5AGYA +OAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABX +AEkARAA4ADAAOAIEEAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA5ADkAZgA4AAAAMIGMBgorBgEEAYI3 +DAIBBH4wfB4OAEgAVwBJAEQAOAAwADcCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAYgAxADcAJgByAGUAdgBfADAAMQAw +ADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYIGCisGAQQBgjcM +AgEEdDByHg4ASABXAEkARAA4ADAANgIEEAEAAQRaZABvAHQANABwAHIAdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOABiADEANwAmAHIAZQB2AF8AMAAxADAA +MAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMG4GCisGAQQBgjcMAgEEYDBeHg4ASABX +AEkARAA4ADAANQIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOABiADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBsBgorBgEE +AYI3DAIBBF4wXB4OAEgAVwBJAEQAOAAwADQCBBABAAEERHUAcwBiAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBmADkA +NABjAAAAMIGIBgorBgEEAYI3DAIBBHoweB4OAEgAVwBJAEQAOAAwADMCBBABAAEE +YGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBjAG8AZgA5ADQAYwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADB+BgorBgEEAYI3DAIBBHAwbh4OAEgAVwBJAEQAOAAwADICBBABAAEEVmQAbwB0 +ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBj +AG8AZgA5ADQAYwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcMAgEE +XDBaHg4ASABXAEkARAA4ADAAMQIEEAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3 +AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBmADkANABjAAAAMIGM +BgorBgEEAYI3DAIBBH4wfB4OAEgAVwBJAEQAOAAwADACBBABAAEEZGQAbwB0ADQA +cAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgANQAxADcAJgByAGUA +dgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYIG +CisGAQQBgjcMAgEEdDByHg4ASABXAEkARAA3ADkAOQIEEAEAAQRaZABvAHQANABw +AHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAA1ADEANwAmAHIAZQB2 +AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEE +bDBqHg4ASABXAEkARAA3ADkAOAIEEAEAAQRSZABvAHQANABwAHIAdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AOAA1ADEANwAmAGQAbwB0ADQAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADBuBgorBgEEAYI3DAIBBGAwXh4OAEgAVwBJAEQANwA5ADcC +BBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADgANQAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwgY8GCisGAQQBgjcMAgEEgYAw +fh4OAEgAVwBJAEQANwA5ADYCBBABAAEEZnUAcwBiAHAAcgBpAG4AdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8ANQBjADEANwAmAHIAZQB2AF8AMAAxADAAMAAm +AGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBhAYKKwYBBAGCNwwCAQR2 +MHQeDgBIAFcASQBEADcAOQA1AgQQAQABBFx1AHMAYgBwAHIAaQBuAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADUAYwAxADcAJgByAGUAdgBfADAAMQAwADAA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJ +AEQANwA5ADQCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANQBjADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEE +AYI3DAIBBFAwTh4OAEgAVwBJAEQANwA5ADMCBBABAAEENnUAcwBiAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQBjADEANwAAADBsBgorBgEE +AYI3DAIBBF4wXB4OAEgAVwBJAEQANwA5ADICBBABAAEERHUAcwBiAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBmADAA +YQBmAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA3ADkAMQIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADUAMAAzADkAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBE +ADcAOQAwAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAMwA5AGEAZQAAADBsBgorBgEEAYI3DAIB +BF4wXB4OAEgAVwBJAEQANwA4ADkCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAzAGUAMgBlAAAA +MGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA3ADgAOAIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhAGEAZQAzADgAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADcAOAA3 +AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBjAG8AYQBiADMANwAAADCBiAYKKwYBBAGCNwwCAQR6MHge +DgBIAFcASQBEADcAOAA2AgQQAQABBGBkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABl +AHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGEAYgAzADcAJgBkAG8AdAA0 +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYKKwYBBAGCNwwCAQRwMG4eDgBIAFcA +SQBEADcAOAA1AgQQAQABBFZkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGEAYgAzADcAJgBwAHIAaQBuAHQAXwBo +AHAAegAAADCBjAYKKwYBBAGCNwwCAQR+MHweDgBIAFcASQBEADcAOAA0AgQQAQAB +BGRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4AGEA +MQA3ACYAcgBlAHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHg4ASABXAEkARAA3ADgAMwIEEAEAAQRS +ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOABhADEA +NwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBuBgorBgEEAYI3DAIB +BGAwXh4OAEgAVwBJAEQANwA4ADICBBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADgAYQAxADcAJgByAGUAdgBfADAAMQAwADAA +AAAwagYKKwYBBAGCNwwCAQRcMFoeDgBIAFcASQBEADcAOAAxAgQQAQABBEJkAG8A +dAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvAGEAYgAzADcAAAAwagYKKwYBBAGCNwwCAQRcMFoeDgBIAFcASQBEADcAOAAw +AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADkAZAAyADQAAAAwagYKKwYBBAGCNwwCAQRcMFoeDgBI +AFcASQBEADcANwA5AgQQAQABBEJsAHAAdABlAG4AdQBtAFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGYAMQA1ADcAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eDgBIAFcASQBEADcANwA4AgQQAQABBEZsAHAAdABlAG4AdQBtAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGYAMQA3ACYAcgBlAHYAXwAwADEA +MAAwAAAAMFwGCisGAQQBgjcMAgEETjBMHg4ASABXAEkARAA3ADcANwIEEAEAAQQ0 +bABwAHQAZQBuAHUAbQBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBmADEA +NwAAADBuBgorBgEEAYI3DAIBBGAwXh4OAEgAVwBJAEQANwA3ADYCBBABAAEERmwA +cAB0AGUAbgB1AG0AXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAZQAxADcA +JgByAGUAdgBfADAAMQAwADAAAAAwXAYKKwYBBAGCNwwCAQROMEweDgBIAFcASQBE +ADcANwA1AgQQAQABBDRsAHAAdABlAG4AdQBtAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA5AGUAMQA3AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAA3 +ADcANAIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQA0AGMANQA0AAAAMGoGCisGAQQBgjcMAgEEXDBa +Hg4ASABXAEkARAA3ADcAMwIEEAEAAQRCbABwAHQAZQBuAHUAbQBcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAyAGQAZgAxAAAAMGoGCisG +AQQBgjcMAgEEXDBaHg4ASABXAEkARAA3ADcAMgIEEAEAAQRCbABwAHQAZQBuAHUA +bQBcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAyAGQA +YQBiAAAAMG4GCisGAQQBgjcMAgEEYDBeHg4ASABXAEkARAA3ADcAMQIEEAEAAQRG +ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgAzADEA +NwAmAHIAZQB2AF8AMAAxADAAMAAAADBcBgorBgEEAYI3DAIBBE4wTB4OAEgAVwBJ +AEQANwA3ADACBBABAAEENGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADIAMwAxADcAAAAwgYwGCisGAQQBgjcMAgEEfjB8Hg4ASABXAEkA +RAA3ADYAOQIEEAEAAQRkZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AMgAzADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0MHIeDgBIAFcASQBE +ADcANgA4AgQQAQABBFpkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAyADMAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwegYKKwYBBAGCNwwCAQRsMGoeDgBIAFcASQBEADcANgA3AgQQAQAB +BFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADMA +MQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcM +AgEEYjBgHg4ASABXAEkARAA3ADYANgIEEAEAAQRIZABvAHQANABwAHIAdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgAzADEANwAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMG4GCisGAQQBgjcMAgEEYDBeHg4ASABXAEkARAA3ADYANQIEEAEAAQRG +ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQBmADEA +NwAmAHIAZQB2AF8AMAAxADAAMAAAADBcBgorBgEEAYI3DAIBBE4wTB4OAEgAVwBJ +AEQANwA2ADQCBBABAAEENGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADEAZgAxADcAAAAwgYwGCisGAQQBgjcMAgEEfjB8Hg4ASABXAEkA +RAA3ADYAMwIEEAEAAQRkZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AMQBmADEANwAmAHIAZQB2AF8AMAA0ADAAMAAmAGQAbwB0ADQAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0MHIeDgBIAFcASQBE +ADcANgAyAgQQAQABBFpkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAxAGYAMQA3ACYAcgBlAHYAXwAwADQAMAAwACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwbgYKKwYBBAGCNwwCAQRgMF4eDgBIAFcASQBEADcANgAxAgQQAQAB +BEZkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGYA +MQA3ACYAcgBlAHYAXwAwADQAMAAwAAAAMIGMBgorBgEEAYI3DAIBBH4wfB4OAEgA +VwBJAEQANwA2ADACBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADEAZgAxADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0 +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYIGCisGAQQBgjcMAgEEdDByHg4ASABX +AEkARAA3ADUAOQIEEAEAAQRaZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMQBmADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHg4ASABXAEkARAA3ADUAOAIE +EAEAAQRSZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MQBmADEANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEE +AYI3DAIBBGIwYB4OAEgAVwBJAEQANwA1ADcCBBABAAEESGQAbwB0ADQAcAByAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAZgAxADcAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADCBiAYKKwYBBAGCNwwCAQR6MHgeDgBIAFcASQBEADcANQA2AgQQ +AQABBGBkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQBy +AGQAaABwAF8AYwBvAGMAOABlAGIAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABw +AHoAAAAwfgYKKwYBBAGCNwwCAQRwMG4eDgBIAFcASQBEADcANQA1AgQQAQABBFZk +AG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AYwBvAGMAOABlAGIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEEAYI3 +DAIBBFwwWh4OAEgAVwBJAEQANwA1ADQCBBABAAEEQmQAbwB0ADQAcAByAHQAXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AYwA4AGUAYgAA +ADCBjAYKKwYBBAGCNwwCAQR+MHweDgBIAFcASQBEADcANQAzAgQQAQABBGRkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGMAMQA3ACYA +cgBlAHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MIGCBgorBgEEAYI3DAIBBHQwch4OAEgAVwBJAEQANwA1ADICBBABAAEEWmQAbwB0 +ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAYwAxADcAJgBy +AGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB6BgorBgEEAYI3 +DAIBBGwwah4OAEgAVwBJAEQANwA1ADECBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEAYwAxADcAJgBkAG8AdAA0ACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeDgBIAFcASQBEADcA +NQAwAgQQAQABBEhkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwAxAGMAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYgGCisGAQQBgjcM +AgEEejB4Hg4ASABXAEkARAA3ADQAOQIEEAEAAQRgZABvAHQANABwAHIAdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA2ADUAMABhACYA +ZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMH4GCisGAQQBgjcMAgEEcDBu +Hg4ASABXAEkARAA3ADQAOAIEEAEAAQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA2ADUAMABhACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwagYKKwYBBAGCNwwCAQRcMFoeDgBIAFcASQBEADcANAA3 +AgQQAQABBEJkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AYwBvADYANQAwAGEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eDgBI +AFcASQBEADcANAA2AgQQAQABBEZkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwAyAGEAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMFwGCisG +AQQBgjcMAgEETjBMHg4ASABXAEkARAA3ADQANQIEEAEAAQQ0ZABvAHQANABwAHIA +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgBhADEANwAAADCBjAYKKwYB +BAGCNwwCAQR+MHweDgBIAFcASQBEADcANAA0AgQQAQABBGRkAG8AdAA0AHAAcgB0 +AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGEAMQA3ACYAcgBlAHYAXwAw +ADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGCBgorBgEE +AYI3DAIBBHQwch4OAEgAVwBJAEQANwA0ADMCBBABAAEEWmQAbwB0ADQAcAByAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIAYQAxADcAJgByAGUAdgBfADAA +MQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB6BgorBgEEAYI3DAIBBGwwah4O +AEgAVwBJAEQANwA0ADICBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADIAYQAxADcAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeDgBIAFcASQBEADcANAAxAgQQAQAB +BEhkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGEA +MQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYgGCisGAQQBgjcMAgEEejB4Hg4A +SABXAEkARAA3ADQAMAIEEAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0 +AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAzADMAMAA1ACYAZABvAHQANAAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMH4GCisGAQQBgjcMAgEEcDBuHg4ASABXAEkA +RAA3ADMAOQIEEAEAAQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAGwAYQAzADMAMAA1ACYAcAByAGkAbgB0AF8AaABw +AHoAAAAwagYKKwYBBAGCNwwCAQRcMFoeDgBIAFcASQBEADcAMwA4AgQQAQABBEJk +AG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AbABhADMAMwAwADUAAAAwbgYKKwYBBAGCNwwCAQRgMF4eDgBIAFcASQBEADcA +MwA3AgQQAQABBEZkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwAyADUAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMFwGCisGAQQBgjcMAgEE +TjBMHg4ASABXAEkARAA3ADMANgIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA1ADEANwAAADCBjAYKKwYBBAGCNwwCAQR+ +MHweDgBIAFcASQBEADcAMwA1AgQQAQABBGRkAG8AdAA0AHAAcgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAyADUAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYA +ZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGCBgorBgEEAYI3DAIBBHQw +ch4OAEgAVwBJAEQANwAzADQCBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADIANQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADB6BgorBgEEAYI3DAIBBGwwah4OAEgAVwBJAEQA +NwAzADMCBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADIANQAxADcAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +cAYKKwYBBAGCNwwCAQRiMGAeDgBIAFcASQBEADcAMwAyAgQQAQABBEhkAG8AdAA0 +AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADUAMQA3ACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwgYgGCisGAQQBgjcMAgEEejB4Hg4ASABXAEkARAA3 +ADMAMQIEEAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQA1ADMAMAA0ACYAZABvAHQANAAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMH4GCisGAQQBgjcMAgEEcDBuHg4ASABXAEkARAA3ADMAMAIE +EAEAAQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQA1ADMAMAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwagYK +KwYBBAGCNwwCAQRcMFoeDgBIAFcASQBEADcAMgA5AgQQAQABBEJkAG8AdAA0AHAA +cgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADUA +MwAwADQAAAAwbgYKKwYBBAGCNwwCAQRgMF4eDgBIAFcASQBEADcAMgA4AgQQAQAB +BEZkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADkA +MQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMFwGCisGAQQBgjcMAgEETjBMHg4ASABX +AEkARAA3ADIANwIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMgA5ADEANwAAADCBjAYKKwYBBAGCNwwCAQR+MHweDgBIAFcA +SQBEADcAMgA2AgQQAQABBGRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwAyADkAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAZABvAHQANAAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4OAEgAVwBJ +AEQANwAyADUCBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADIAOQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADB6BgorBgEEAYI3DAIBBGwwah4OAEgAVwBJAEQANwAyADQCBBAB +AAEEUmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADIA +OQAxADcAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGC +NwwCAQRiMGAeDgBIAFcASQBEADcAMgAzAgQQAQABBEhkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADkAMQA3ACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwgYgGCisGAQQBgjcMAgEEejB4Hg4ASABXAEkARAA3ADIAMgIEEAEA +AQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBk +AGgAcABfAGwAYQBhADMAMAA0ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMH4GCisGAQQBgjcMAgEEcDBuHg4ASABXAEkARAA3ADIAMQIEEAEAAQRWZABv +AHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABf +AGwAYQBhADMAMAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwagYKKwYBBAGCNwwC +AQRcMFoeDgBIAFcASQBEADcAMgAwAgQQAQABBEJkAG8AdAA0AHAAcgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGEAMwAwADQAAAAw +bgYKKwYBBAGCNwwCAQRgMF4eDgBIAFcASQBEADcAMQA5AgQQAQABBEZkAG8AdAA0 +AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADgAMQA3ACYAcgBl +AHYAXwAwADEAMAAwAAAAMIGMBgorBgEEAYI3DAIBBH4wfB4OAEgAVwBJAEQANwAx +ADgCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADcAOAAxADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwgYIGCisGAQQBgjcMAgEEdDByHg4ASABXAEkARAA3ADEA +NwIEEAEAAQRaZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8ANwA4ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMHoGCisGAQQBgjcMAgEEbDBqHg4ASABXAEkARAA3ADEANgIEEAEAAQRSZABv +AHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwA4ADEANwAm +AGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIw +YB4OAEgAVwBJAEQANwAxADUCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADcAOAAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADCBiAYKKwYBBAGCNwwCAQR6MHgeDgBIAFcASQBEADcAMQA0AgQQAQABBGBkAG8A +dAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADkAOQA0AGQAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYK +KwYBBAGCNwwCAQRwMG4eDgBIAFcASQBEADcAMQAzAgQQAQABBFZkAG8AdAA0AHAA +cgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADkA +OQA0AGQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEEAYI3DAIBBFwwWh4O +AEgAVwBJAEQANwAxADICBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AOQA5ADQAZAAAADBuBgorBgEE +AYI3DAIBBGAwXh4OAEgAVwBJAEQANwAxADECBBABAAEERmQAbwB0ADQAcAByAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAZAAxADcAJgByAGUAdgBfADAA +MQAwADAAAAAwXAYKKwYBBAGCNwwCAQROMEweDgBIAFcASQBEADcAMQAwAgQQAQAB +BDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3AGQA +MQA3AAAAMIGMBgorBgEEAYI3DAIBBH4wfB4OAEgAVwBJAEQANwAwADkCBBABAAEE +ZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAZAAx +ADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABw +AHoAAAAwgYIGCisGAQQBgjcMAgEEdDByHg4ASABXAEkARAA3ADAAOAIEEAEAAQRa +ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBkADEA +NwAmAHIAZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisG +AQQBgjcMAgEEbDBqHg4ASABXAEkARAA3ADAANwIEEAEAAQRSZABvAHQANABwAHIA +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBkADEANwAmAGQAbwB0ADQA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJ +AEQANwAwADYCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADcAZAAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBiAYKKwYB +BAGCNwwCAQR6MHgeDgBIAFcASQBEADcAMAA1AgQQAQABBGBkAG8AdAA0AHAAcgB0 +AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADMANQA1 +ADQAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYKKwYBBAGCNwwC +AQRwMG4eDgBIAFcASQBEADcAMAA0AgQQAQABBFZkAG8AdAA0AHAAcgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADMANQA1ADQAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQA +NwAwADMCBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABh +AGMAawBhAHIAZABoAHAAXwBjAG8AMwA1ADUANAAAADBuBgorBgEEAYI3DAIBBGAw +Xh4OAEgAVwBJAEQANwAwADICBBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADcAYgAxADcAJgByAGUAdgBfADAAMQAwADAAAAAw +gYwGCisGAQQBgjcMAgEEfjB8Hg4ASABXAEkARAA3ADAAMQIEEAEAAQRkZABvAHQA +NABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBiADEANwAmAHIA +ZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCB +ggYKKwYBBAGCNwwCAQR0MHIeDgBIAFcASQBEADcAMAAwAgQQAQABBFpkAG8AdAA0 +AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3AGIAMQA3ACYAcgBl +AHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAwegYKKwYBBAGCNwwC +AQRsMGoeDgBIAFcASQBEADYAOQA5AgQQAQABBFJkAG8AdAA0AHAAcgB0AFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA3AGIAMQA3ACYAZABvAHQANAAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAA2ADkA +OAIEEAEAAQRIZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8ANwBiADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGIBgorBgEEAYI3DAIB +BHoweB4OAEgAVwBJAEQANgA5ADcCBBABAAEEYGQAbwB0ADQAcAByAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AZQBjADUAYwAmAGQA +bwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAwbh4O +AEgAVwBJAEQANgA5ADYCBBABAAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AZQBjADUAYwAmAHAAcgBpAG4A +dABfAGgAcAB6AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAA2ADkANQIE +EAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwBlAGMANQBjAAAAMFwGCisGAQQBgjcMAgEETjBMHg4ASABX +AEkARAA2ADkANAIEEAEAAQQ0ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOQA3ADEANwAAADCBiAYKKwYBBAGCNwwCAQR6MHgeDgBIAFcA +SQBEADYAOQAzAgQQAQABBGBkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAt +AHAAYQBjAGsAYQByAGQAaABwAF8AbABhADkAOAA2ADIAJgBkAG8AdAA0ACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwfgYKKwYBBAGCNwwCAQRwMG4eDgBIAFcASQBEADYA +OQAyAgQQAQABBFZkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBj +AGsAYQByAGQAaABwAF8AbABhADkAOAA2ADIAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQANgA5ADECBBABAAEEQmQAbwB0 +ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAOQA4ADYAMgAAADBuBgorBgEEAYI3DAIBBGAwXh4OAEgAVwBJAEQANgA5ADAC +BBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADcANAAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwgYwGCisGAQQBgjcMAgEEfjB8 +Hg4ASABXAEkARAA2ADgAOQIEEAEAAQRkZABvAHQANABwAHIAdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8ANwA0ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAGQA +bwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0MHIe +DgBIAFcASQBEADYAOAA4AgQQAQABBFpkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA3ADQAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwegYKKwYBBAGCNwwCAQRsMGoeDgBIAFcASQBEADYA +OAA3AgQQAQABBFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwA3ADQAMQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAG +CisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAA2ADgANgIEEAEAAQRIZABvAHQANABw +AHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwA0ADEANwAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMIGIBgorBgEEAYI3DAIBBHoweB4OAEgAVwBJAEQANgA4 +ADUCBBABAAEEYGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEANgAxADkAYgAmAGQAbwB0ADQAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAwbh4OAEgAVwBJAEQANgA4ADQCBBAB +AAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEANgAxADkAYgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGoGCisG +AQQBgjcMAgEEXDBaHg4ASABXAEkARAA2ADgAMwIEEAEAAQRCZABvAHQANABwAHIA +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA2ADEA +OQBiAAAAMG4GCisGAQQBgjcMAgEEYDBeHg4ASABXAEkARAA2ADgAMgIEEAEAAQRG +ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBhADEA +NwAmAHIAZQB2AF8AMAAxADAAMAAAADCBjAYKKwYBBAGCNwwCAQR+MHweDgBIAFcA +SQBEADYAOAAxAgQQAQABBGRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA3AGEAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAZABvAHQANAAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4OAEgAVwBJ +AEQANgA4ADACBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADcAYQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADB6BgorBgEEAYI3DAIBBGwwah4OAEgAVwBJAEQANgA3ADkCBBAB +AAEEUmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcA +YQAxADcAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGC +NwwCAQRiMGAeDgBIAFcASQBEADYANwA4AgQQAQABBEhkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3AGEAMQA3ACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwgYgGCisGAQQBgjcMAgEEejB4Hg4ASABXAEkARAA2ADcANwIEEAEA +AQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBk +AGgAcABfAGwAYQBlADEAZQA5ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMH4GCisGAQQBgjcMAgEEcDBuHg4ASABXAEkARAA2ADcANgIEEAEAAQRWZABv +AHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABf +AGwAYQBlADEAZQA5ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwagYKKwYBBAGCNwwC +AQRcMFoeDgBIAFcASQBEADYANwA1AgQQAQABBEJkAG8AdAA0AHAAcgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGUAMQBlADkAAAAw +bgYKKwYBBAGCNwwCAQRgMF4eDgBIAFcASQBEADYANwA0AgQQAQABBEZkAG8AdAA0 +AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADUAMQA3ACYAcgBl +AHYAXwAwADEAMAAwAAAAMIGMBgorBgEEAYI3DAIBBH4wfB4OAEgAVwBJAEQANgA3 +ADMCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADcANQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwgYIGCisGAQQBgjcMAgEEdDByHg4ASABXAEkARAA2ADcA +MgIEEAEAAQRaZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8ANwA1ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMHoGCisGAQQBgjcMAgEEbDBqHg4ASABXAEkARAA2ADcAMQIEEAEAAQRSZABv +AHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwA1ADEANwAm +AGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIw +YB4OAEgAVwBJAEQANgA3ADACBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADcANQAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADCBiAYKKwYBBAGCNwwCAQR6MHgeDgBIAFcASQBEADYANgA5AgQQAQABBGBkAG8A +dAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhADkAMAA5ADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYK +KwYBBAGCNwwCAQRwMG4eDgBIAFcASQBEADYANgA4AgQQAQABBFZkAG8AdAA0AHAA +cgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADkA +MAA5ADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEEAYI3DAIBBFwwWh4O +AEgAVwBJAEQANgA2ADcCBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAOQAwADkAMAAAADBuBgorBgEE +AYI3DAIBBGAwXh4OAEgAVwBJAEQANgA2ADYCBBABAAEERmQAbwB0ADQAcAByAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAOQAxADcAJgByAGUAdgBfADAA +MQAwADAAAAAwgYwGCisGAQQBgjcMAgEEfjB8Hg4ASABXAEkARAA2ADYANQIEEAEA +AQRkZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwA5 +ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBo +AHAAegAAADCBggYKKwYBBAGCNwwCAQR0MHIeDgBIAFcASQBEADYANgA0AgQQAQAB +BFpkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADkA +MQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAwegYK +KwYBBAGCNwwCAQRsMGoeDgBIAFcASQBEADYANgAzAgQQAQABBFJkAG8AdAA0AHAA +cgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADkAMQA3ACYAZABvAHQA +NAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHg4ASABX +AEkARAA2ADYAMgIEEAEAAQRIZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANwA5ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGIBgor +BgEEAYI3DAIBBHoweB4OAEgAVwBJAEQANgA2ADECBBABAAEEYGQAbwB0ADQAcABy +AHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANgBi +ADEAMQAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEEAYI3 +DAIBBHAwbh4OAEgAVwBJAEQANgA2ADACBBABAAEEVmQAbwB0ADQAcAByAHQAXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANgBiADEAMQAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABXAEkA +RAA2ADUAOQIEEAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAGwAYQA2AGIAMQAxAAAAMG4GCisGAQQBgjcMAgEE +YDBeHg4ASABXAEkARAA2ADUAOAIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8ANwAyADEANwAmAHIAZQB2AF8AMAAxADAAMAAA +ADCBjAYKKwYBBAGCNwwCAQR+MHweDgBIAFcASQBEADYANQA3AgQQAQABBGRkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADIAMQA3ACYA +cgBlAHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MIGCBgorBgEEAYI3DAIBBHQwch4OAEgAVwBJAEQANgA1ADYCBBABAAEEWmQAbwB0 +ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAMgAxADcAJgBy +AGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3 +DAIBBGIwYB4OAEgAVwBJAEQANgA1ADUCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAMgAxADcAJgBwAHIAaQBuAHQAXwBo +AHAAegAAADCBiAYKKwYBBAGCNwwCAQR6MHgeDgBIAFcASQBEADYANQA0AgQQAQAB +BGBkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhAGIAYQAxADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwfgYKKwYBBAGCNwwCAQRwMG4eDgBIAFcASQBEADYANQAzAgQQAQABBFZkAG8A +dAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhAGIAYQAxADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEEAYI3DAIB +BFwwWh4OAEgAVwBJAEQANgA1ADICBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAYgBhADEAMAAAADBu +BgorBgEEAYI3DAIBBGAwXh4OAEgAVwBJAEQANgA1ADECBBABAAEERmQAbwB0ADQA +cAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcANgAxADcAJgByAGUA +dgBfADAAMQAwADAAAAAwgYwGCisGAQQBgjcMAgEEfjB8Hg4ASABXAEkARAA2ADUA +MAIEEAEAAQRkZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBk +AF8ANwA2ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0MHIeDgBIAFcASQBEADYANAA5 +AgQQAQABBFpkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA3ADYAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwegYKKwYBBAGCNwwCAQRsMGoeDgBIAFcASQBEADYANAA4AgQQAQABBFJkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADYAMQA3ACYA +ZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBg +Hg4ASABXAEkARAA2ADQANwIEEAEAAQRIZABvAHQANABwAHIAdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8ANwA2ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAA +MIGIBgorBgEEAYI3DAIBBHoweB4OAEgAVwBJAEQANgA0ADYCBBABAAEEYGQAbwB0 +ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAYwAyAGYAYgAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+Bgor +BgEEAYI3DAIBBHAwbh4OAEgAVwBJAEQANgA0ADUCBBABAAEEVmQAbwB0ADQAcABy +AHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAYwAy +AGYAYgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4A +SABXAEkARAA2ADQANAIEEAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0 +AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBjADIAZgBiAAAAMG4GCisGAQQB +gjcMAgEEYDBeHg4ASABXAEkARAA2ADQAMwIEEAEAAQRGZABvAHQANABwAHIAdABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwAzADEANwAmAHIAZQB2AF8AMAAx +ADAAMAAAADCBjAYKKwYBBAGCNwwCAQR+MHweDgBIAFcASQBEADYANAAyAgQQAQAB +BGRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADMA +MQA3ACYAcgBlAHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4OAEgAVwBJAEQANgA0ADECBBABAAEE +WmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAMwAx +ADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB6Bgor +BgEEAYI3DAIBBGwwah4OAEgAVwBJAEQANgA0ADACBBABAAEEUmQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAMwAxADcAJgBkAG8AdAA0 +ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeDgBIAFcA +SQBEADYAMwA5AgQQAQABBEhkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA3ADMAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYgGCisG +AQQBgjcMAgEEejB4Hg4ASABXAEkARAA2ADMAOAIEEAEAAQRgZABvAHQANABwAHIA +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAwADIA +MwBhACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMH4GCisGAQQBgjcM +AgEEcDBuHg4ASABXAEkARAA2ADMANwIEEAEAAQRWZABvAHQANABwAHIAdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAwADIAMwBhACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwagYKKwYBBAGCNwwCAQRcMFoeDgBIAFcASQBE +ADYAMwA2AgQQAQABBEJkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhADAAMgAzAGEAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eDgBIAFcASQBEADYAMwA1AgQQAQABBEZkAG8AdAA0AHAAcgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA2ADYAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAA +MFwGCisGAQQBgjcMAgEETjBMHg4ASABXAEkARAA2ADMANAIEEAEAAQQ0ZABvAHQA +NABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgA2ADEANwAAADCB +jAYKKwYBBAGCNwwCAQR+MHweDgBIAFcASQBEADYAMwAzAgQQAQABBGRkAG8AdAA0 +AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2ADYAMQA3ACYAcgBl +AHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGC +BgorBgEEAYI3DAIBBHQwch4OAEgAVwBJAEQANgAzADICBBABAAEEWmQAbwB0ADQA +cAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYANgAxADcAJgByAGUA +dgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB6BgorBgEEAYI3DAIB +BGwwah4OAEgAVwBJAEQANgAzADECBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADYANgAxADcAJgBkAG8AdAA0ACYAcAByAGkA +bgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeDgBIAFcASQBEADYAMwAw +AgQQAQABBEhkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA2ADYAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbgYKKwYBBAGCNwwCAQRg +MF4eDgBIAFcASQBEADYAMgA5AgQQAQABBEZkAG8AdAA0AHAAcgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA2ADQAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAA +MIGMBgorBgEEAYI3DAIBBH4wfB4OAEgAVwBJAEQANgAyADgCBBABAAEEZGQAbwB0 +ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADYANAAxADcAJgBy +AGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +gYIGCisGAQQBgjcMAgEEdDByHg4ASABXAEkARAA2ADIANwIEEAEAAQRaZABvAHQA +NABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgA0ADEANwAmAHIA +ZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcM +AgEEbDBqHg4ASABXAEkARAA2ADIANgIEEAEAAQRSZABvAHQANABwAHIAdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgA0ADEANwAmAGQAbwB0ADQAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQANgAy +ADUCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADYANAAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBuBgorBgEEAYI3DAIB +BGAwXh4OAEgAVwBJAEQANgAyADQCBBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADYAMwAxADcAJgByAGUAdgBfADAAMQAwADAA +AAAwgYwGCisGAQQBgjcMAgEEfjB8Hg4ASABXAEkARAA2ADIAMwIEEAEAAQRkZABv +AHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANgAzADEANwAm +AHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADCBggYKKwYBBAGCNwwCAQR0MHIeDgBIAFcASQBEADYAMgAyAgQQAQABBFpkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2ADMAMQA3ACYA +cgBlAHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAwegYKKwYBBAGC +NwwCAQRsMGoeDgBIAFcASQBEADYAMgAxAgQQAQABBFJkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2ADMAMQA3ACYAZABvAHQANAAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAA2 +ADIAMAIEEAEAAQRIZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8ANgAzADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGIBgorBgEEAYI3 +DAIBBHoweB4OAEgAVwBJAEQANgAxADkCBBABAAEEYGQAbwB0ADQAcAByAHQAXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMgBmAGYAYQAm +AGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAw +bh4OAEgAVwBJAEQANgAxADgCBBABAAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMgBmAGYAYQAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAA2ADEA +NwIEEAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGMAbwAyAGYAZgBhAAAAMG4GCisGAQQBgjcMAgEEYDBeHg4A +SABXAEkARAA2ADEANgIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8ANgAyADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADCBggYK +KwYBBAGCNwwCAQR0MHIeDgBIAFcASQBEADYAMQA1AgQQAQABBFpkAG8AdAA0AHAA +cgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2ADIAMQA3ACYAcgBlAHYA +XwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYwGCisGAQQBgjcMAgEE +fjB8Hg4ASABXAEkARAA2ADEANAIEEAEAAQRkZABvAHQANABwAHIAdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8ANgAyADEANwAmAHIAZQB2AF8AMAAxADAAMAAm +AGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB6BgorBgEEAYI3DAIBBGww +ah4OAEgAVwBJAEQANgAxADMCBBABAAEEUmQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADYAMgAxADcAJgBkAG8AdAA0ACYAcAByAGkAbgB0 +AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeDgBIAFcASQBEADYAMQAyAgQQ +AQABBEhkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2 +ADIAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYgGCisGAQQBgjcMAgEEejB4 +Hg4ASABXAEkARAA2ADEAMQIEEAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBmADEAYgA0ACYAZABvAHQA +NAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMH4GCisGAQQBgjcMAgEEcDBuHg4ASABX +AEkARAA2ADEAMAIEEAEAAQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBmADEAYgA0ACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwagYKKwYBBAGCNwwCAQRcMFoeDgBIAFcASQBEADYAMAA5AgQQAQAB +BEJkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AYwBvAGYAMQBiADQAAAAwSgYKKwYBBAGCNwwCAQQ8MDoeDgBIAFcASQBE +ADYAMAA4AgQQAQABBCJsAHAAdABlAG4AdQBtAFwAaABwAHUAcABkAF8AcABzAAAA +MGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA2ADAANwIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvADkAOAA4ADUAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADYAMAA2 +AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBjAG8AMABmADMAMAAAADBsBgorBgEEAYI3DAIBBF4wXB4O +AEgAVwBJAEQANgAwADUCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBiAGEAMgA1AAAAMHAGCisG +AQQBgjcMAgEEYjBgHg4ASABXAEkARAA2ADAANAIEEAEAAQRIdQBzAGIAcAByAGkA +bgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADgAMQA3ACYAcgBlAHYA +XwAwADEAMAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHg4ASABXAEkARAA2ADAAMwIE +EAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAzADgAMQA3AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA2ADAAMgIE +EAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhAGYANQA1ADIAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBI +AFcASQBEADYAMAAxAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AOQBiAGYAOAAAADBsBgorBgEE +AYI3DAIBBF4wXB4OAEgAVwBJAEQANgAwADACBBABAAEERHUAcwBiAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA3ADkA +YgA0AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA1ADkAOQIEEAEAAQRE +dwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AYwBvAGMANAA1AGMAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBE +ADUAOQA4AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBjAG0AMQAyAGUAZQAAADBsBgorBgEEAYI3DAIB +BF4wXB4OAEgAVwBJAEQANQA5ADcCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbQAyADEAYQBhAAAA +MGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA1ADkANgIEEAEAAQREdwBzAGQA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhADMAOABkAGMAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADUAOQA1 +AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEAOAA4ADAAMAAAADBsBgorBgEEAYI3DAIBBF4wXB4O +AEgAVwBJAEQANQA5ADQCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBlADkAZABkAAAAMGwGCisG +AQQBgjcMAgEEXjBcHg4ASABXAEkARAA1ADkAMwIEEAEAAQREdwBzAGQAcAByAGkA +bgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADEA +ZAA4ADkAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADUAOQAyAgQQAQAB +BER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBjAG8AMgAzAGEAMwAAADCBjAYKKwYBBAGCNwwCAQR+MHweDgBIAFcA +SQBEADUAOQAxAgQQAQABBGRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAw +ACYAcABpAGQAXwA2AGYAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAZABvAHQANAAm +AHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEEbDBqHg4ASABXAEkA +RAA1ADkAMAIEEAEAAQRSZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8ANgBmADEANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADCBggYKKwYBBAGCNwwCAQR0MHIeDgBIAFcASQBEADUAOAA5AgQQAQABBFpkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2AGYAMQA3ACYA +cgBlAHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGC +NwwCAQRiMGAeDgBIAFcASQBEADUAOAA4AgQQAQABBEhkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2AGYAMQA3ACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwbgYKKwYBBAGCNwwCAQRgMF4eDgBIAFcASQBEADUAOAA3AgQQAQAB +BEZkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2AGYA +MQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMIGIBgorBgEEAYI3DAIBBHoweB4OAEgA +VwBJAEQANQA4ADYCBBABAAEEYGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AYwA0ADUAYwAmAGQAbwB0ADQAJgBw +AHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAwbh4OAEgAVwBJAEQA +NQA4ADUCBBABAAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABh +AGMAawBhAHIAZABoAHAAXwBjAG8AYwA0ADUAYwAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAA1ADgANAIEEAEAAQRCZABv +AHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABf +AGMAbwBjADQANQBjAAAAMIGIBgorBgEEAYI3DAIBBHoweB4OAEgAVwBJAEQANQA4 +ADMCBBABAAEEYGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEAOQBkADIANAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQA +XwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAwbh4OAEgAVwBJAEQANQA4ADICBBAB +AAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAOQBkADIANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGoGCisG +AQQBgjcMAgEEXDBaHg4ASABXAEkARAA1ADgAMQIEEAEAAQRCZABvAHQANABwAHIA +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA5AGQA +MgA0AAAAMIGIBgorBgEEAYI3DAIBBHoweB4OAEgAVwBJAEQANQA4ADACBBABAAEE +YGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBsAGEAZgAxADUANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADB+BgorBgEEAYI3DAIBBHAwbh4OAEgAVwBJAEQANQA3ADkCBBABAAEEVmQAbwB0 +ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAZgAxADUANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcMAgEE +XDBaHg4ASABXAEkARAA1ADcAOAIEEAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3 +AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBmADEANQA3AAAAMHoG +CisGAQQBgjcMAgEEbDBqHg4ASABXAEkARAA1ADcANwIEEAEAAQRSZABvAHQANABw +AHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBmADEANwAmAGQAbwB0 +ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBjAYKKwYBBAGCNwwCAQR+MHweDgBI +AFcASQBEADUANwA2AgQQAQABBGRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA5AGYAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAZABvAHQA +NAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHg4ASABX +AEkARAA1ADcANQIEEAEAAQRIZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOQBmADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGCBgor +BgEEAYI3DAIBBHQwch4OAEgAVwBJAEQANQA3ADQCBBABAAEEWmQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAZgAxADcAJgByAGUAdgBf +ADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBcBgorBgEEAYI3DAIBBE4w +TB4OAEgAVwBJAEQANQA3ADMCBBABAAEENGQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADkAZgAxADcAAAAwbgYKKwYBBAGCNwwCAQRgMF4e +DgBIAFcASQBEADUANwAyAgQQAQABBEZkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA5AGYAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMIGI +BgorBgEEAYI3DAIBBHoweB4OAEgAVwBJAEQANQA3ADECBBABAAEEYGQAbwB0ADQA +cAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +NABjADUANAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEE +AYI3DAIBBHAwbh4OAEgAVwBJAEQANQA3ADACBBABAAEEVmQAbwB0ADQAcAByAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANABjADUA +NAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABX +AEkARAA1ADYAOQIEEAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA0AGMANQA0AAAAMIGIBgorBgEEAYI3 +DAIBBHoweB4OAEgAVwBJAEQANQA2ADgCBBABAAEEYGQAbwB0ADQAcAByAHQAXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMgBkAGYAMQAm +AGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAw +bh4OAEgAVwBJAEQANQA2ADcCBBABAAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMgBkAGYAMQAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAA1ADYA +NgIEEAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQAyAGQAZgAxAAAAMIGIBgorBgEEAYI3DAIBBHoweB4O +AEgAVwBJAEQANQA2ADUCBBABAAEEYGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMgBkAGEAYgAmAGQAbwB0ADQA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAwbh4OAEgAVwBJ +AEQANQA2ADQCBBABAAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAMgBkAGEAYgAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAA1ADYAMwIEEAEAAQRC +ZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQAyAGQAYQBiAAAAMHoGCisGAQQBgjcMAgEEbDBqHg4ASABXAEkARAA1 +ADYAMgIEEAEAAQRSZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOQBlADEANwAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCB +jAYKKwYBBAGCNwwCAQR+MHweDgBIAFcASQBEADUANgAxAgQQAQABBGRkAG8AdAA0 +AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGUAMQA3ACYAcgBl +AHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHAG +CisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAA1ADYAMAIEEAEAAQRIZABvAHQANABw +AHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBlADEANwAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4OAEgAVwBJAEQANQA1 +ADkCBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADkAZQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADBcBgorBgEEAYI3DAIBBE4wTB4OAEgAVwBJAEQANQA1ADgCBBABAAEENGQA +bwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAZQAxADcA +AAAwbgYKKwYBBAGCNwwCAQRgMF4eDgBIAFcASQBEADUANQA3AgQQAQABBEZkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGUAMQA3ACYA +cgBlAHYAXwAwADEAMAAwAAAAMIGMBgorBgEEAYI3DAIBBH4wfB4OAEgAVwBJAEQA +NQA1ADYCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADcANwAxADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwegYKKwYBBAGCNwwCAQRsMGoeDgBIAFcASQBEADUA +NQA1AgQQAQABBFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABp +AGQAXwA3ADcAMQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGC +BgorBgEEAYI3DAIBBHQwch4OAEgAVwBJAEQANQA1ADQCBBABAAEEWmQAbwB0ADQA +cAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcANwAxADcAJgByAGUA +dgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIB +BGIwYB4OAEgAVwBJAEQANQA1ADMCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADcANwAxADcAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADBuBgorBgEEAYI3DAIBBGAwXh4OAEgAVwBJAEQANQA1ADICBBABAAEERmQA +bwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcANwAxADcA +JgByAGUAdgBfADAAMQAwADAAAAAwXAYKKwYBBAGCNwwCAQROMEweDgBIAFcASQBE +ADUANQAxAgQQAQABBDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA3ADcAMQA3AAAAMIGIBgorBgEEAYI3DAIBBHoweB4OAEgAVwBJAEQA +NQA1ADACBBABAAEEYGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABh +AGMAawBhAHIAZABoAHAAXwBjAG0AMgAxAGEAYQAmAGQAbwB0ADQAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAwbh4OAEgAVwBJAEQANQA0ADkC +BBABAAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBjAG0AMgAxAGEAYQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGoG +CisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAA1ADQAOAIEEAEAAQRCZABvAHQANABw +AHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbQAy +ADEAYQBhAAAAMIGMBgorBgEEAYI3DAIBBH4wfB4OAEgAVwBJAEQANQA0ADcCBBAB +AAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcA +MQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwegYKKwYBBAGCNwwCAQRsMGoeDgBIAFcASQBEADUANAA2AgQQAQAB +BFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADEA +MQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGCBgorBgEEAYI3 +DAIBBHQwch4OAEgAVwBJAEQANQA0ADUCBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAMQAxADcAJgByAGUAdgBfADAAMQAw +ADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgA +VwBJAEQANQA0ADQCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADcAMQAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBuBgor +BgEEAYI3DAIBBGAwXh4OAEgAVwBJAEQANQA0ADMCBBABAAEERmQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAMQAxADcAJgByAGUAdgBf +ADAAMQAwADAAAAAwXAYKKwYBBAGCNwwCAQROMEweDgBIAFcASQBEADUANAAyAgQQ +AQABBDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3 +ADEAMQA3AAAAMIGIBgorBgEEAYI3DAIBBHoweB4OAEgAVwBJAEQANQA0ADECBBAB +AAEEYGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBjAG0AMQAyAGUAZQAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAA +egAAADB+BgorBgEEAYI3DAIBBHAwbh4OAEgAVwBJAEQANQA0ADACBBABAAEEVmQA +bwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG0AMQAyAGUAZQAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcM +AgEEXDBaHg4ASABXAEkARAA1ADMAOQIEEAEAAQRCZABvAHQANABwAHIAdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbQAxADIAZQBlAAAA +MIGMBgorBgEEAYI3DAIBBH4wfB4OAEgAVwBJAEQANQAzADgCBBABAAEEZGQAbwB0 +ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgANAAxADcAJgBy +AGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +egYKKwYBBAGCNwwCAQRsMGoeDgBIAFcASQBEADUAMwA3AgQQAQABBFJkAG8AdAA0 +AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADQAMQA3ACYAZABv +AHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4O +AEgAVwBJAEQANQAzADYCBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADgANAAxADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIA +aQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQANQAz +ADUCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkA +ZABfADgANAAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBuBgorBgEEAYI3DAIB +BGAwXh4OAEgAVwBJAEQANQAzADQCBBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADgANAAxADcAJgByAGUAdgBfADAAMQAwADAA +AAAwgYgGCisGAQQBgjcMAgEEejB4Hg4ASABXAEkARAA1ADMAMwIEEAEAAQRgZABv +AHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABf +AGwAYQAzADgAZABjACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMH4G +CisGAQQBgjcMAgEEcDBuHg4ASABXAEkARAA1ADMAMgIEEAEAAQRWZABvAHQANABw +AHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAz +ADgAZABjACYAcAByAGkAbgB0AF8AaABwAHoAAAAwagYKKwYBBAGCNwwCAQRcMFoe +DgBIAFcASQBEADUAMwAxAgQQAQABBEJkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABl +AHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADMAOABkAGMAAAAwgYwGCisG +AQQBgjcMAgEEfjB8Hg4ASABXAEkARAA1ADMAMAIEEAEAAQRkZABvAHQANABwAHIA +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQA2ADEANwAmAHIAZQB2AF8A +MAAxADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB6BgorBgEE +AYI3DAIBBGwwah4OAEgAVwBJAEQANQAyADkCBBABAAEEUmQAbwB0ADQAcAByAHQA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkANgAxADcAJgBkAG8AdAA0ACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwgYIGCisGAQQBgjcMAgEEdDByHg4ASABXAEkA +RAA1ADIAOAIEEAEAAQRaZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAm +AHAAaQBkAF8AOQA2ADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABf +AGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAA1ADIANwIEEAEA +AQRIZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQA2 +ADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMG4GCisGAQQBgjcMAgEEYDBeHg4A +SABXAEkARAA1ADIANgIEEAEAAQRGZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8AOQA2ADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADCBiAYK +KwYBBAGCNwwCAQR6MHgeDgBIAFcASQBEADUAMgA1AgQQAQABBGBkAG8AdAA0AHAA +cgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADgA +OAAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwfgYKKwYBBAGC +NwwCAQRwMG4eDgBIAFcASQBEADUAMgA0AgQQAQABBFZkAG8AdAA0AHAAcgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADgAOAAwADAA +JgBwAHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJ +AEQANQAyADMCBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAOAA4ADAAMAAAADCBjAYKKwYBBAGCNwwC +AQR+MHweDgBIAFcASQBEADUAMgAyAgQQAQABBGRkAG8AdAA0AHAAcgB0AFwAdgBp +AGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADMAMQA3ACYAcgBlAHYAXwAwADEAMAAw +ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMHoGCisGAQQBgjcMAgEE +bDBqHg4ASABXAEkARAA1ADIAMQIEEAEAAQRSZABvAHQANABwAHIAdABcAHYAaQBk +AF8AMAAzAGYAMAAmAHAAaQBkAF8AOAAzADEANwAmAGQAbwB0ADQAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0MHIeDgBIAFcASQBEADUAMgAw +AgQQAQABBFpkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA4ADMAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoA +AAAwcAYKKwYBBAGCNwwCAQRiMGAeDgBIAFcASQBEADUAMQA5AgQQAQABBEhkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADMAMQA3ACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwbgYKKwYBBAGCNwwCAQRgMF4eDgBIAFcASQBE +ADUAMQA4AgQQAQABBEZkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA4ADMAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMIGIBgorBgEEAYI3 +DAIBBHoweB4OAEgAVwBJAEQANQAxADcCBBABAAEEYGQAbwB0ADQAcAByAHQAXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZQA5AGQAZAAm +AGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAw +bh4OAEgAVwBJAEQANQAxADYCBBABAAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZQA5AGQAZAAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAA1ADEA +NQIEEAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQBlADkAZABkAAAAMIGMBgorBgEEAYI3DAIBBH4wfB4O +AEgAVwBJAEQANQAxADQCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADkANwAxADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8A +dAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwegYKKwYBBAGCNwwCAQRsMGoeDgBI +AFcASQBEADUAMQAzAgQQAQABBFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA5ADcAMQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4OAEgAVwBJAEQANQAxADICBBABAAEE +WmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkANwAx +ADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgor +BgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQANQAxADECBBABAAEESGQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkANwAxADcAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADBuBgorBgEEAYI3DAIBBGAwXh4OAEgAVwBJAEQANQAxADAC +BBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADkANwAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwgYgGCisGAQQBgjcMAgEEejB4 +Hg4ASABXAEkARAA1ADAAOQIEEAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA2ADAAOABiACYAZABvAHQA +NAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMH4GCisGAQQBgjcMAgEEcDBuHg4ASABX +AEkARAA1ADAAOAIEEAEAAQRWZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA2ADAAOABiACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwagYKKwYBBAGCNwwCAQRcMFoeDgBIAFcASQBEADUAMAA3AgQQAQAB +BEJkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADYAMAA4AGIAAAAwXAYKKwYBBAGCNwwCAQROMEweDgBIAFcASQBE +ADUAMAA2AgQQAQABBDRkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA5ADUAMQA3AAAAMIGIBgorBgEEAYI3DAIBBHoweB4OAEgAVwBJAEQA +NQAwADUCBBABAAEEYGQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABh +AGMAawBhAHIAZABoAHAAXwBjAG8AMgAyADcAZgAmAGQAbwB0ADQAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAwbh4OAEgAVwBJAEQANQAwADQC +BBABAAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBjAG8AMgAyADcAZgAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMGoG +CisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAA1ADAAMwIEEAEAAQRCZABvAHQANABw +AHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwAy +ADIANwBmAAAAMIGMBgorBgEEAYI3DAIBBH4wfB4OAEgAVwBJAEQANQAwADICBBAB +AAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkA +NQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwegYKKwYBBAGCNwwCAQRsMGoeDgBIAFcASQBEADUAMAAxAgQQAQAB +BFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5ADUA +MQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGCBgorBgEEAYI3 +DAIBBHQwch4OAEgAVwBJAEQANQAwADACBBABAAEEWmQAbwB0ADQAcAByAHQAXAB2 +AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkANQAxADcAJgByAGUAdgBfADAAMQAw +ADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgA +VwBJAEQANAA5ADkCBBABAAEESGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBm +ADAAJgBwAGkAZABfADkANQAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBuBgor +BgEEAYI3DAIBBGAwXh4OAEgAVwBJAEQANAA5ADgCBBABAAEERmQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkANQAxADcAJgByAGUAdgBf +ADAAMQAwADAAAAAwgYgGCisGAQQBgjcMAgEEejB4Hg4ASABXAEkARAA0ADkANwIE +EAEAAQRgZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwAxAGQAOAA5ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMH4GCisGAQQBgjcMAgEEcDBuHg4ASABXAEkARAA0ADkANgIEEAEAAQRW +ZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwAxAGQAOAA5ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwagYKKwYBBAGC +NwwCAQRcMFoeDgBIAFcASQBEADQAOQA1AgQQAQABBEJkAG8AdAA0AHAAcgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADEAZAA4ADkA +AAAwegYKKwYBBAGCNwwCAQRsMGoeDgBIAFcASQBEADQAOQA0AgQQAQABBFJkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBhADMAMQA3ACYA +ZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGMBgorBgEEAYI3DAIBBH4w +fB4OAEgAVwBJAEQANAA5ADMCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfAGEAMwAxADcAJgByAGUAdgBfADAAMQAwADAAJgBk +AG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAe +DgBIAFcASQBEADQAOQAyAgQQAQABBEhkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwBhADMAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +gYIGCisGAQQBgjcMAgEEdDByHg4ASABXAEkARAA0ADkAMQIEEAEAAQRaZABvAHQA +NABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQAzADEANwAmAHIA +ZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMG4GCisGAQQBgjcM +AgEEYDBeHg4ASABXAEkARAA0ADkAMAIEEAEAAQRGZABvAHQANABwAHIAdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQAzADEANwAmAHIAZQB2AF8AMAAxADAA +MAAAADBcBgorBgEEAYI3DAIBBE4wTB4OAEgAVwBJAEQANAA4ADkCBBABAAEENGQA +bwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfAGEAMwAxADcA +AAAwegYKKwYBBAGCNwwCAQRsMGoeDgBIAFcASQBEADQAOAA4AgQQAQABBFJkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGMAMQA3ACYA +ZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMIGMBgorBgEEAYI3DAIBBH4w +fB4OAEgAVwBJAEQANAA4ADcCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADkAYwAxADcAJgByAGUAdgBfADAAMQAwADAAJgBk +AG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAe +DgBIAFcASQBEADQAOAA2AgQQAQABBEhkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA5AGMAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +gYIGCisGAQQBgjcMAgEEdDByHg4ASABXAEkARAA0ADgANQIEEAEAAQRaZABvAHQA +NABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBjADEANwAmAHIA +ZQB2AF8AMAAxADAAMAAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMG4GCisGAQQBgjcM +AgEEYDBeHg4ASABXAEkARAA0ADgANAIEEAEAAQRGZABvAHQANABwAHIAdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBjADEANwAmAHIAZQB2AF8AMAAxADAA +MAAAADBcBgorBgEEAYI3DAIBBE4wTB4OAEgAVwBJAEQANAA4ADMCBBABAAEENGQA +bwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADkAYwAxADcA +AAAwgYwGCisGAQQBgjcMAgEEfjB8Hg4ASABXAEkARAA0ADgAMgIEEAEAAQRkZABv +AHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBjADEANwAm +AHIAZQB2AF8AMAAxADAAMAAmAGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAA +ADB6BgorBgEEAYI3DAIBBGwwah4OAEgAVwBJAEQANAA4ADECBBABAAEEUmQAbwB0 +ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcAYwAxADcAJgBk +AG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwgYIGCisGAQQBgjcMAgEEdDBy +Hg4ASABXAEkARAA0ADgAMAIEEAEAAQRaZABvAHQANABwAHIAdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8ANwBjADEANwAmAHIAZQB2AF8AMAAxADAAMAAmAHAA +cgBpAG4AdABfAGgAcAB6AAAAMHAGCisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAA0 +ADcAOQIEEAEAAQRIZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8ANwBjADEANwAmAHAAcgBpAG4AdABfAGgAcAB6AAAAMG4GCisGAQQBgjcM +AgEEYDBeHg4ASABXAEkARAA0ADcAOAIEEAEAAQRGZABvAHQANABwAHIAdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBjADEANwAmAHIAZQB2AF8AMAAxADAA +MAAAADCBiAYKKwYBBAGCNwwCAQR6MHgeDgBIAFcASQBEADQANwA3AgQQAQABBGBk +AG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AYwBvADIAMwBhADMAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAw +fgYKKwYBBAGCNwwCAQRwMG4eDgBIAFcASQBEADQANwA2AgQQAQABBFZkAG8AdAA0 +AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBv +ADIAMwBhADMAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEEAYI3DAIBBFww +Wh4OAEgAVwBJAEQANAA3ADUCBBABAAEEQmQAbwB0ADQAcAByAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMgAzAGEAMwAAADBsBgor +BgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQANAA3ADQCBBABAAEERHcAcwBkAHAAcgBp +AG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwAw +AGIAMgBhAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA0ADcAMwIEEAEA +AQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQBy +AGQAaABwAF8AYwBvAGMAOAA0AGIAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcA +SQBEADQANwAyAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMAA4AGUAYQAAADBsBgorBgEEAYI3 +DAIBBF4wXB4OAEgAVwBJAEQANAA3ADECBBABAAEERHcAcwBkAHAAcgBpAG4AdABc +AGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwAwADkAMABh +AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA0ADcAMAIEEAEAAQREdwBz +AGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AYwBvAGMAOQBhAGIAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADQA +NgA5AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABh +AGMAawBhAHIAZABoAHAAXwBjAG8ANgBkAGYANQAAADBsBgorBgEEAYI3DAIBBF4w +XB4OAEgAVwBJAEQANAA2ADgCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3 +AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwAwAGQAZgAxAAAAMGwG +CisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA0ADYANwIEEAEAAQREdwBzAGQAcABy +AGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBv +ADYAZABmADAAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADQANgA2AgQQ +AQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBjAG8AYwBkAGYAMwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgA +VwBJAEQANAA2ADUCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0 +AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBhAGQAZgAyAAAAMGwGCisGAQQB +gjcMAgEEXjBcHg4ASABXAEkARAA0ADYANAIEEAEAAQREdwBzAGQAcAByAGkAbgB0 +AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGIANQBm +AGQAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADQANgAzAgQQAQABBER3 +AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBjAG8ANwAxADcAYwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQA +NAA2ADICBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAGMAbwBiADAAZgBkAAAAMGwGCisGAQQBgjcMAgEE +XjBcHg4ASABXAEkARAA0ADYAMQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGIAMgA3AGQAAAAw +bAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADQANgAwAgQQAQABBER3AHMAZABw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBj +AG8ANwAzAGYAYwAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQANAA1ADkC +BBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBsAGEAZABiADgAZgAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgA +VwBJAEQANAA1ADgCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZABhAGMAZgAAADBqBgorBgEEAYI3 +DAIBBFwwWh4OAEgAVwBJAEQANAA1ADcCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMQBhADAAZQAA +ADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQANAA1ADYCBBABAAEEQmwAcAB0 +AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEANAAwAGQAMgAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQANAA1ADUC +BBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBsAGEAZAA1AGMAZgAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgA +VwBJAEQANAA1ADQCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAA3ADQAZgAAADBqBgorBgEEAYI3 +DAIBBFwwWh4OAEgAVwBJAEQANAA1ADMCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMQA3ADgAZQAA +ADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQANAA1ADICBBABAAEEQmwAcAB0 +AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAMQA2AGMAZQAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQANAA1ADEC +BBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBjAG8AMABiADIAYQAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgA +VwBJAEQANAA1ADACBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AYwA4ADQAYgAAADBqBgorBgEEAYI3 +DAIBBFwwWh4OAEgAVwBJAEQANAA0ADkCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMAA4AGUAYQAA +ADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQANAA0ADgCBBABAAEEQmwAcAB0 +AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBj +AG8AMAA5ADAAYQAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQANAA0ADcC +BBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBjAG8AYwA5AGEAYgAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgA +VwBJAEQANAA0ADYCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8ANgBkAGYANQAAADBqBgorBgEEAYI3 +DAIBBFwwWh4OAEgAVwBJAEQANAA0ADUCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AMABkAGYAMQAA +ADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQANAA0ADQCBBABAAEEQmwAcAB0 +AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBj +AG8ANgBkAGYAMAAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQANAA0ADMC +BBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBjAG8AYwBkAGYAMwAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgA +VwBJAEQANAA0ADICBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AYQBkAGYAMgAAADBqBgorBgEEAYI3 +DAIBBFwwWh4OAEgAVwBJAEQANAA0ADECBBABAAEEQmwAcAB0AGUAbgB1AG0AXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AYgA1AGYAZAAA +ADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQANAA0ADACBBABAAEEQmwAcAB0 +AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBj +AG8ANwAxADcAYwAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgAVwBJAEQANAAzADkC +BBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBh +AHIAZABoAHAAXwBjAG8AYgAwAGYAZAAAADBqBgorBgEEAYI3DAIBBFwwWh4OAEgA +VwBJAEQANAAzADgCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AYgAyADcAZAAAADBqBgorBgEEAYI3 +DAIBBFwwWh4OAEgAVwBJAEQANAAzADcCBBABAAEEQmwAcAB0AGUAbgB1AG0AXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8ANwAzAGYAYwAA +ADCBggYKKwYBBAGCNwwCAQR0MHIeDgBIAFcASQBEADQAMwA2AgQQAQABBFpsAHAA +dABlAG4AdQBtAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADEAMQA3ACYA +cgBlAHYAXwAwADEAMAAwACYAcAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGC +NwwCAQRiMGAeDgBIAFcASQBEADQAMwA1AgQQAQABBEhsAHAAdABlAG4AdQBtAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADEAMQA3ACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwbgYKKwYBBAGCNwwCAQRgMF4eDgBIAFcASQBEADQAMwA0AgQQAQAB +BEZsAHAAdABlAG4AdQBtAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADEA +MQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMFwGCisGAQQBgjcMAgEETjBMHg4ASABX +AEkARAA0ADMAMwIEEAEAAQQ0bABwAHQAZQBuAHUAbQBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANQAxADEANwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJ +AEQANAAzADICBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwAwAGIAMgBhAAAAMGwGCisGAQQBgjcM +AgEEXjBcHg4ASABXAEkARAA0ADMAMQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGMAOAA0AGIA +AAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADQAMwAwAgQQAQABBER1AHMA +YgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG8AMAA5ADAAYQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQANAAy +ADkCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwBjADkAYQBiAAAAMGwGCisGAQQBgjcMAgEEXjBc +Hg4ASABXAEkARAA0ADIAOAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADYAZABmADUAAAAwbAYK +KwYBBAGCNwwCAQReMFweDgBIAFcASQBEADQAMgA3AgQQAQABBER1AHMAYgBwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8A +MABkAGYAMQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQANAAyADYCBBAB +AAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwA2AGQAZgAwAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAA0ADIANQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGMAZABmADMAAAAwbAYKKwYBBAGC +NwwCAQReMFweDgBIAFcASQBEADQAMgA0AgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AYQBkAGYA +MgAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQANAAyADMCBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwBiADUAZgBkAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA0 +ADIAMgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AYwBvADcAMQA3AGMAAAAwbAYKKwYBBAGCNwwCAQRe +MFweDgBIAFcASQBEADQAMgAxAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AYgAwAGYAZAAAADBs +BgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQANAAyADACBBABAAEERHUAcwBiAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMA +bwBiADIANwBkAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA0ADEAOQIE +EAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AYwBvADcAMwBmAGMAAAAwgYQGCisGAQQBgjcMAgEEdjB0Hg4A +SABXAEkARAA0ADEAOAIEEAEAAQRcdQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA1ADEAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYAcABy +AGkAbgB0AF8AaABwAHoAAAAwcgYKKwYBBAGCNwwCAQRkMGIeDgBIAFcASQBEADQA +MQA3AgQQAQABBEp1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADUAMQAxADcAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgorBgEEAYI3 +DAIBBGIwYB4OAEgAVwBJAEQANAAxADYCBBABAAEESHUAcwBiAHAAcgBpAG4AdABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAxADEANwAmAHIAZQB2AF8AMAAx +ADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJAEQANAAxADUCBBABAAEE +NnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAx +ADEANwAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJAEQANAAxADQCBBABAAEE +NnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANABk +ADEANwAAADBaBgorBgEEAYI3DAIBBEwwSh4OAEgAVwBJAEQANAAxADMCBBABAAEE +MmgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkADcAYwBl +AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAA0ADEAMgIEEAEAAQREdQBz +AGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABw +AF8AbABhAGQANwBjAGUAAAAwXgYKKwYBBAGCNwwCAQRQME4eDgBIAFcASQBEADQA +MQAxAgQQAQABBDZ1AHMAYgBwAHIAaQBuAHQAXAB2AGkAZABfADAAMwBmADAAJgBw +AGkAZABfADQAYwAxADcAAAAwWgYKKwYBBAGCNwwCAQRMMEoeDgBIAFcASQBEADQA +MQAwAgQQAQABBDJoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAOQBhAGQAMgAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQANAAwADkC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQA5AGEAZAAyAAAAMF4GCisGAQQBgjcMAgEEUDBOHg4A +SABXAEkARAA0ADAAOAIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAw +ADMAZgAwACYAcABpAGQAXwA0ADUAMQA3AAAAMFoGCisGAQQBgjcMAgEETDBKHg4A +SABXAEkARAA0ADAANwIEEAEAAQQyaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQBy +AGQAaABwAF8AbABhADcAOAA4AGIAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcA +SQBEADQAMAA2AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0 +AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANwA4ADgAYgAAADBwBgorBgEEAYI3 +DAIBBGIwYB4OAEgAVwBJAEQANAAwADUCBBABAAEESHUAcwBiAHAAcgBpAG4AdABc +AHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAwADEANwAmAHIAZQB2AF8AMAAx +ADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJAEQANAAwADQCBBABAAEE +NnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAw +ADEANwAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQANAAwADMCBBABAAEE +SHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAA0 +ADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgA +VwBJAEQANAAwADICBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAz +AGYAMAAmAHAAaQBkAF8ANAA0ADEANwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgA +VwBJAEQANAAwADECBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0 +AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA2ADkAZAA5AAAAMGwGCisGAQQB +gjcMAgEEXjBcHg4ASABXAEkARAA0ADAAMAIEEAEAAQREdQBzAGIAcAByAGkAbgB0 +AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGEAOQA4 +ADgAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADMAOQA5AgQQAQABBER1 +AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABo +AHAAXwBjAG8AYQBhAGIAOAAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQA +MwA5ADgCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBw +AGEAYwBrAGEAcgBkAGgAcABfAGMAbwAyADkAZgAwAAAAMGwGCisGAQQBgjcMAgEE +XjBcHg4ASABXAEkARAAzADkANwIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABl +AHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGQAOQBmADAAAAAw +bAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADMAOQA2AgQQAQABBER1AHMAYgBw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBj +AG8ANAA5AGYAMQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMwA5ADUC +BBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGMAbwA3ADkAZgAzAAAAMIGMBgorBgEEAYI3DAIBBH4wfB4O +AEgAVwBJAEQAMwA5ADQCBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADgAMAAxADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8A +dAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwegYKKwYBBAGCNwwCAQRsMGoeDgBI +AFcASQBEADMAOQAzAgQQAQABBFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA4ADAAMQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4OAEgAVwBJAEQAMwA5ADICBBABAAEE +WmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAMAAx +ADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgor +BgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMwA5ADECBBABAAEESGQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAMAAxADcAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADBuBgorBgEEAYI3DAIBBGAwXh4OAEgAVwBJAEQAMwA5ADAC +BBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADgAMAAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwXgYKKwYBBAGCNwwCAQRQME4e +DgBIAFcASQBEADMAOAA5AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADgAMAAxADcAAAAwcAYKKwYBBAGCNwwCAQRiMGAe +DgBIAFcASQBEADMAOAA4AgQQAQABBEh3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADgAMAAxADcAJgByAGUAdgBfADAAMQAwADAAAAAw +bAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADMAOAA3AgQQAQABBER3AHMAZABw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAMgA2AGEAYgAAADCBiAYKKwYBBAGCNwwCAQR6MHgeDgBIAFcASQBEADMAOAA2 +AgQQAQABBGBkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADIANgBhAGIAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwfgYKKwYBBAGCNwwCAQRwMG4eDgBIAFcASQBEADMAOAA1AgQQAQAB +BFZkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADIANgBhAGIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEE +AYI3DAIBBFwwWh4OAEgAVwBJAEQAMwA4ADQCBBABAAEEQmQAbwB0ADQAcAByAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMgA2AGEA +YgAAADCBjAYKKwYBBAGCNwwCAQR+MHweDgBIAFcASQBEADMAOAAzAgQQAQABBGRk +AG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADIAMQA3 +ACYAcgBlAHYAXwAwADEAMAAwACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgAcAB6 +AAAAMHoGCisGAQQBgjcMAgEEbDBqHg4ASABXAEkARAAzADgAMgIEEAEAAQRSZABv +AHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAAyADEANwAm +AGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADCBggYKKwYBBAGCNwwCAQR0 +MHIeDgBIAFcASQBEADMAOAAxAgQQAQABBFpkAG8AdAA0AHAAcgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA4ADIAMQA3ACYAcgBlAHYAXwAwADEAMAAwACYA +cAByAGkAbgB0AF8AaABwAHoAAAAwcAYKKwYBBAGCNwwCAQRiMGAeDgBIAFcASQBE +ADMAOAAwAgQQAQABBEhkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA4ADIAMQA3ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwbgYKKwYBBAGC +NwwCAQRgMF4eDgBIAFcASQBEADMANwA5AgQQAQABBEZkAG8AdAA0AHAAcgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4ADIAMQA3ACYAcgBlAHYAXwAwADEA +MAAwAAAAMFwGCisGAQQBgjcMAgEETjBMHg4ASABXAEkARAAzADcAOAIEEAEAAQQ0 +ZABvAHQANABwAHIAdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAAyADEA +NwAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJAEQAMwA3ADcCBBABAAEENncA +cwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAAyADEA +NwAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMwA3ADYCBBABAAEESHcA +cwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAAyADEA +NwAmAHIAZQB2AF8AMAAxADAAMAAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJ +AEQAMwA3ADUCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBlADcANwBhAAAAMIGIBgorBgEEAYI3 +DAIBBHoweB4OAEgAVwBJAEQAMwA3ADQCBBABAAEEYGQAbwB0ADQAcAByAHQAXABo +AGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZQA3ADcAYQAm +AGQAbwB0ADQAJgBwAHIAaQBuAHQAXwBoAHAAegAAADB+BgorBgEEAYI3DAIBBHAw +bh4OAEgAVwBJAEQAMwA3ADMCBBABAAEEVmQAbwB0ADQAcAByAHQAXABoAGUAdwBs +AGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZQA3ADcAYQAmAHAAcgBp +AG4AdABfAGgAcAB6AAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAAzADcA +MgIEEAEAAQRCZABvAHQANABwAHIAdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBr +AGEAcgBkAGgAcABfAGwAYQBlADcANwBhAAAAMIGMBgorBgEEAYI3DAIBBH4wfB4O +AEgAVwBJAEQAMwA3ADECBBABAAEEZGQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADgAMQAxADcAJgByAGUAdgBfADAAMQAwADAAJgBkAG8A +dAA0ACYAcAByAGkAbgB0AF8AaABwAHoAAAAwegYKKwYBBAGCNwwCAQRsMGoeDgBI +AFcASQBEADMANwAwAgQQAQABBFJkAG8AdAA0AHAAcgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA4ADEAMQA3ACYAZABvAHQANAAmAHAAcgBpAG4AdABfAGgA +cAB6AAAAMIGCBgorBgEEAYI3DAIBBHQwch4OAEgAVwBJAEQAMwA2ADkCBBABAAEE +WmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAMQAx +ADcAJgByAGUAdgBfADAAMQAwADAAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBwBgor +BgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMwA2ADgCBBABAAEESGQAbwB0ADQAcABy +AHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADgAMQAxADcAJgBwAHIAaQBu +AHQAXwBoAHAAegAAADBuBgorBgEEAYI3DAIBBGAwXh4OAEgAVwBJAEQAMwA2ADcC +BBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABf +ADgAMQAxADcAJgByAGUAdgBfADAAMQAwADAAAAAwXgYKKwYBBAGCNwwCAQRQME4e +DgBIAFcASQBEADMANgA2AgQQAQABBDZ3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADgAMQAxADcAAAAwcAYKKwYBBAGCNwwCAQRiMGAe +DgBIAFcASQBEADMANgA1AgQQAQABBEh3AHMAZABwAHIAaQBuAHQAXAB2AGkAZABf +ADAAMwBmADAAJgBwAGkAZABfADgAMQAxADcAJgByAGUAdgBfADAAMQAwADAAAAAw +bAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADMANgA0AgQQAQABBER3AHMAZABw +AHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBs +AGEAMgA3AGIAYgAAADCBiAYKKwYBBAGCNwwCAQR6MHgeDgBIAFcASQBEADMANgAz +AgQQAQABBGBkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADIANwBiAGIAJgBkAG8AdAA0ACYAcAByAGkAbgB0AF8A +aABwAHoAAAAwfgYKKwYBBAGCNwwCAQRwMG4eDgBIAFcASQBEADMANgAyAgQQAQAB +BFZkAG8AdAA0AHAAcgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADIANwBiAGIAJgBwAHIAaQBuAHQAXwBoAHAAegAAADBqBgorBgEE +AYI3DAIBBFwwWh4OAEgAVwBJAEQAMwA2ADECBBABAAEEQmQAbwB0ADQAcAByAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMgA3AGIA +YgAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMwA2ADACBBABAAEESHUA +cwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA1ADIA +YQAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJ +AEQAMwA1ADkCBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMgA1ADIAYQAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJ +AEQAMwA1ADgCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANABlADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEE +AYI3DAIBBFAwTh4OAEgAVwBJAEQAMwA1ADcCBBABAAEENnUAcwBiAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANABlADEANwAAADBwBgorBgEE +AYI3DAIBBGIwYB4OAEgAVwBJAEQAMwA1ADYCBBABAAEESHUAcwBiAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANABmADEANwAmAHIAZQB2AF8A +MAAxADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJAEQAMwA1ADUCBBAB +AAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +NABmADEANwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMwA1ADQCBBAB +AAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQBlADgANwBlAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAAzADUAMwIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGUAOQAzAGUAAAAwbAYKKwYBBAGC +NwwCAQReMFweDgBIAFcASQBEADMANQAyAgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMgBiADcA +ZgAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMwA1ADECBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQAyAGEAMwBmAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAz +ADUAMAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhAGUAYQBmAGUAAAAwbAYKKwYBBAGCNwwCAQRe +MFweDgBIAFcASQBEADMANAA5AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMAA2ADIAMgAAADBs +BgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMwA0ADgCBBABAAEERHUAcwBiAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwA +YQBlADEAYgBlAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAzADQANwIE +EAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADIAMQA3AGYAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBI +AFcASQBEADMANAA2AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZQA0AGIAZQAAADBsBgorBgEE +AYI3DAIBBF4wXB4OAEgAVwBJAEQAMwA0ADUCBBABAAEERHUAcwBiAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAyADUA +MwBmAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAzADQANAIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhAGUANwA3AGUAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBE +ADMANAAzAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAMQAzAGMANgAAADBsBgorBgEEAYI3DAIB +BF4wXB4OAEgAVwBJAEQAMwA0ADICBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBkADkAMAA3AAAA +MGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAzADQAMQIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhAGUAMgA3AGUAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADMANAAw +AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEAYgAyADYAOAAAADBsBgorBgEEAYI3DAIBBF4wXB4O +AEgAVwBJAEQAMwAzADkCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA3ADgAYQA5AAAAMGwGCisG +AQQBgjcMAgEEXjBcHg4ASABXAEkARAAzADMAOAIEEAEAAQREdQBzAGIAcAByAGkA +bgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGEA +ZQA0AGUAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADMAMwA3AgQQAQAB +BER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAYQA5AGMAZQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJ +AEQAMwAzADYCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBhAGEAMABlAAAAMGwGCisGAQQBgjcM +AgEEXjBcHg4ASABXAEkARAAzADMANQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADIAYwBiAGYA +AAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADMAMwA0AgQQAQABBER1AHMA +YgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG8AOQBmADMAZAAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMwAz +ADMCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwAzADgAYgBjAAAAMGwGCisGAQQBgjcMAgEEXjBc +Hg4ASABXAEkARAAzADMAMgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGUAZAAxAGEAAAAwbAYK +KwYBBAGCNwwCAQReMFweDgBIAFcASQBEADMAMwAxAgQQAQABBER1AHMAYgBwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8A +NQBlADkAOAAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMwAzADACBBAB +AAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwBmADkAMQA5AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAAzADIAOQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADcAMgA1AGIAAAAwbAYKKwYBBAGC +NwwCAQReMFweDgBIAFcASQBEADMAMgA4AgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8AZQA4AGEA +OQAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMwAyADcCBBABAAEESHUA +cwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQAyADIA +YQAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJ +AEQAMwAyADYCBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMQAyADIAYQAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJ +AEQAMwAyADUCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMQAzADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEE +AYI3DAIBBFAwTh4OAEgAVwBJAEQAMwAyADQCBBABAAEENnUAcwBiAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQAzADIAYQAAADBwBgorBgEE +AYI3DAIBBGIwYB4OAEgAVwBJAEQAMwAyADMCBBABAAEESHUAcwBiAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMQA0ADIAYQAmAHIAZQB2AF8A +MAAxADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJAEQAMwAyADICBBAB +AAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MQA0ADIAYQAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMwAyADECBBAB +AAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MQA1ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4O +AEgAVwBJAEQAMwAyADACBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AMQA1ADIAYQAAADBwBgorBgEEAYI3DAIBBGIwYB4O +AEgAVwBJAEQAMwAxADkCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8ANQA0ADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBe +BgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJAEQAMwAxADgCBBABAAEENnUAcwBiAHAA +cgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQA0ADEANwAAADBw +BgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMwAxADcCBBABAAEESHUAcwBiAHAA +cgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAzADEANwAmAHIA +ZQB2AF8AMAAxADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJAEQAMwAx +ADYCBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8ANQAzADEANwAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMwAx +ADUCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8ANQAyADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEEAYI3DAIB +BFAwTh4OAEgAVwBJAEQAMwAxADQCBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAyADEANwAAADBwBgorBgEEAYI3DAIB +BGIwYB4OAEgAVwBJAEQAMwAxADMCBBABAAEESHcAcwBkAHAAcgBpAG4AdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA0ADIAYQAmAHIAZQB2AF8AMAAxADAA +MAAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJAEQAMwAxADICBBABAAEENncA +cwBkAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA0ADIA +YQAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMwAxADECBBABAAEESHUA +cwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA0ADIA +YQAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJ +AEQAMwAxADACBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMwA0ADIAYQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJ +AEQAMwAwADkCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA1AGIAZgAxAAAAMGwGCisGAQQBgjcM +AgEEXjBcHg4ASABXAEkARAAzADAAOAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADkAMQAzADAA +AAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADMAMAA3AgQQAQABBER1AHMA +YgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG8AZgBiAGYANwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMwAw +ADYCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwA1AGIAZgAxAAAAMGwGCisGAQQBgjcMAgEEXjBc +Hg4ASABXAEkARAAzADAANQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADkAMQAzADAAAAAwbAYK +KwYBBAGCNwwCAQReMFweDgBIAFcASQBEADMAMAA0AgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8A +ZgBiAGYANwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMwAwADMCBBAB +AAEERHUAcwBiAHAAcgBpAG4AdABcAGgAcABoAHAAXwBvAGYAZgBpAGMAZQBqAGUA +dABfAHAAcgBvAF8AeABhADMAMQA2AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAAzADAAMgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABwAGgAcABfAG8A +ZgBmAGkAYwBlAGoAZQB0AF8AcAByAG8AXwB4ADMAMwAxAGIAAAAwbAYKKwYBBAGC +NwwCAQReMFweDgBIAFcASQBEADMAMAAxAgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAHAAaABwAF8AbwBmAGYAaQBjAGUAagBlAHQAXwBwAHIAbwBfAHgAZgAxADAA +NAAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMwAwADACBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAcABoAHAAXwBvAGYAZgBpAGMAZQBqAGUAdABfAHAA +cgBvAF8AeAA4AGUAOABmAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAy +ADkAOQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABwAGgAcABfAG8AZgBmAGkA +YwBlAGoAZQB0AF8AcAByAG8AXwB4ADAAZgA4AGQAAAAwbAYKKwYBBAGCNwwCAQRe +MFweDgBIAFcASQBEADIAOQA4AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAHAA +aABwAF8AbwBmAGYAaQBjAGUAagBlAHQAXwBwAHIAbwBfAHgANQBmADAAOQAAADBs +BgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgA5ADcCBBABAAEERHcAcwBkAHAA +cgBpAG4AdABcAGgAcABoAHAAXwBvAGYAZgBpAGMAZQBqAGUAdABfAHAAcgBvAF8A +eABhADMAMQA2AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADkANgIE +EAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABwAGgAcABfAG8AZgBmAGkAYwBlAGoA +ZQB0AF8AcAByAG8AXwB4ADMAMwAxAGIAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBI +AFcASQBEADIAOQA1AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAHAAaABwAF8A +bwBmAGYAaQBjAGUAagBlAHQAXwBwAHIAbwBfAHgAZgAxADAANAAAADBsBgorBgEE +AYI3DAIBBF4wXB4OAEgAVwBJAEQAMgA5ADQCBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAcABoAHAAXwBvAGYAZgBpAGMAZQBqAGUAdABfAHAAcgBvAF8AeAA4AGUA +OABmAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADkAMwIEEAEAAQRE +dwBzAGQAcAByAGkAbgB0AFwAaABwAGgAcABfAG8AZgBmAGkAYwBlAGoAZQB0AF8A +cAByAG8AXwB4ADAAZgA4AGQAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBE +ADIAOQAyAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAHAAaABwAF8AbwBmAGYA +aQBjAGUAagBlAHQAXwBwAHIAbwBfAHgANQBmADAAOQAAADBsBgorBgEEAYI3DAIB +BF4wXB4OAEgAVwBJAEQAMgA5ADECBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgA +cABvAGYAZgBpAGMAZQBqAGUAdABfAHAAcgBvAF8AeAA1ADUAMQAyAGEAZgBiAAAA +MGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADkAMAIEEAEAAQREdwBzAGQA +cAByAGkAbgB0AFwAaABwAG8AZgBmAGkAYwBlAGoAZQB0AF8AcAByAG8AXwB4ADQA +NQAxADIAZgBiAGYAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADIAOAA5 +AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAHAAbwBmAGYAaQBjAGUAagBlAHQA +XwBwAHIAbwBfAHgANAA1ADEAOAA5ADAANQAAADBsBgorBgEEAYI3DAIBBF4wXB4O +AEgAVwBJAEQAMgA4ADgCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAcABvAGYA +ZgBpAGMAZQBqAGUAdABfAHAAcgBvAF8AeAA1ADAAMQA0ADUANgBhAAAAMGwGCisG +AQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADgANwIEEAEAAQREdwBzAGQAcAByAGkA +bgB0AFwAaABwAG8AZgBmAGkAYwBlAGoAZQB0AF8AcAByAG8AXwB4ADQAMAAxAGUA +MwBhAGUAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADIAOAA2AgQQAQAB +BER3AHMAZABwAHIAaQBuAHQAXABoAHAAbwBmAGYAaQBjAGUAagBlAHQAXwBwAHIA +bwBfAHgANAAwADEAOAA2ADkANwAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJ +AEQAMgA4ADUCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AYQA0ADEAMQAmAHIAZQB2AF8AMAAxADAAMAAAADBwBgorBgEE +AYI3DAIBBGIwYB4OAEgAVwBJAEQAMgA4ADQCBBABAAEESHUAcwBiAHAAcgBpAG4A +dABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYwAwADEAMQAmAHIAZQB2AF8A +MAAxADAAMAAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMgA4ADMCBBAB +AAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +YgBmADEAMQAmAHIAZQB2AF8AMAAxADAAMAAAADBwBgorBgEEAYI3DAIBBGIwYB4O +AEgAVwBJAEQAMgA4ADICBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AYgAyADEAMQAmAHIAZQB2AF8AMAAxADAAMAAAADBw +BgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMgA4ADECBBABAAEESHUAcwBiAHAA +cgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AYQBhADEAMQAmAHIA +ZQB2AF8AMAAxADAAMAAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMgA4 +ADACBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AYQAzADEAMQAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEEAYI3DAIB +BFAwTh4OAEgAVwBJAEQAMgA3ADkCBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMAA2ADIAYQAAADBsBgorBgEEAYI3DAIB +BF4wXB4OAEgAVwBJAEQAMgA3ADgCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +cABvAGYAZgBpAGMAZQBqAGUAdABfAHAAcgBvAF8AOAAwADAAMABjADIAOAAzAAAA +MF4GCisGAQQBgjcMAgEEUDBOHg4ASABXAEkARAAyADcANwIEEAEAAQQ2dQBzAGIA +cAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADYAMQAyAAAA +MGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADcANgIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvAGIAZgAzADMAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADIANwA1 +AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBjAG8ANwA1ADQANQAAADBsBgorBgEEAYI3DAIBBF4wXB4O +AEgAVwBJAEQAMgA3ADQCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBjADUAZABjAAAAMGwGCisG +AQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADcAMwIEEAEAAQREdQBzAGIAcAByAGkA +bgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADcA +ZgA2ADIAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADIANwAyAgQQAQAB +BER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBjAG8AZQA1ADQANAAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJ +AEQAMgA3ADECBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwAwADUAMQBkAAAAMGwGCisGAQQBgjcM +AgEEXjBcHg4ASABXAEkARAAyADcAMAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGIAZgBjADEA +AAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADIANgA5AgQQAQABBER1AHMA +YgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG8AOAA3ADQANQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgA2 +ADgCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwBjADQAOQBjAAAAMGwGCisGAQQBgjcMAgEEXjBc +Hg4ASABXAEkARAAyADYANwIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADcAZgA5ADIAAAAwbAYK +KwYBBAGCNwwCAQReMFweDgBIAFcASQBEADIANgA2AgQQAQABBER1AHMAYgBwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8A +MQA1ADQANAAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgA2ADUCBBAB +AAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwAwADQANQBkAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAAyADYANAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQAYgA4AGYAAAAwbAYKKwYBBAGC +NwwCAQReMFweDgBIAFcASQBEADIANgAzAgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZABhAGMA +ZgAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgA2ADICBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQAxAGEAMABlAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAy +ADYAMQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhADQAMABkADIAAAAwbAYKKwYBBAGCNwwCAQRe +MFweDgBIAFcASQBEADIANgAwAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZAA1AGMAZgAAADBs +BgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgA1ADkCBBABAAEERHUAcwBiAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwA +YQBkADcANABmAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADUAOAIE +EAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADEANwA4AGUAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBI +AFcASQBEADIANQA3AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMQA2AGMAZQAAADBsBgorBgEE +AYI3DAIBBF4wXB4OAEgAVwBJAEQAMgA1ADYCBBABAAEERHUAcwBiAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAxADIA +ZgAwAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADUANQIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhAGQAOAAzADEAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBE +ADIANQA0AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAOQBkADIANAAAADBsBgorBgEEAYI3DAIB +BF4wXB4OAEgAVwBJAEQAMgA1ADMCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBmADEANQA3AAAA +MHAGCisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAAyADUAMgIEEAEAAQRIdwBzAGQA +cAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA5AGYAMQA3ACYA +cgBlAHYAXwAwADEAMAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHg4ASABXAEkARAAy +ADUAMQIEEAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA5AGYAMQA3AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAy +ADUAMAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhADQAYwA1ADQAAAAwbAYKKwYBBAGCNwwCAQRe +MFweDgBIAFcASQBEADIANAA5AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMgBkAGYAMQAAADBs +BgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgA0ADgCBBABAAEERHcAcwBkAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwA +YQAyAGQAYQBiAAAAMF4GCisGAQQBgjcMAgEEUDBOHg4ASABXAEkARAAyADQANwIE +EAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA2ADEAMQAyAAAAMF4GCisGAQQBgjcMAgEEUDBOHg4ASABXAEkARAAyADQANgIE +EAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA2ADIAMQAyAAAAMHAGCisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAAyADQANQIE +EAEAAQRIdwBzAGQAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA5AGUAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMF4GCisGAQQBgjcMAgEEUDBO +Hg4ASABXAEkARAAyADQANAIEEAEAAQQ2dwBzAGQAcAByAGkAbgB0AFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA5AGUAMQA3AAAAMGwGCisGAQQBgjcMAgEEXjBc +Hg4ASABXAEkARAAyADQAMwIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADEAMgBmADAAAAAwbAYK +KwYBBAGCNwwCAQReMFweDgBIAFcASQBEADIANAAyAgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +ZAA4ADMAMQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgA0ADECBBAB +AAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQBiADIANgA4AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAAyADQAMAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADcAOABhADkAAAAwbAYKKwYBBAGC +NwwCAQReMFweDgBIAFcASQBEADIAMwA5AgQQAQABBER3AHMAZABwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAYQBlADQA +ZQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgAzADgCBBABAAEERHcA +cwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQBhADkAYwBlAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAy +ADMANwIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhAGEAYQAwAGUAAAAwbAYKKwYBBAGCNwwCAQRe +MFweDgBIAFcASQBEADIAMwA2AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZQA4ADcAZQAAADBs +BgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgAzADUCBBABAAEERHcAcwBkAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwA +YQBlADkAMwBlAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADMANAIE +EAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADIAYgA3AGYAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBI +AFcASQBEADIAMwAzAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMgBhADMAZgAAADBsBgorBgEE +AYI3DAIBBF4wXB4OAEgAVwBJAEQAMgAzADICBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBlAGEA +ZgBlAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADMAMQIEEAEAAQRE +dwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADAANgAyADIAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBE +ADIAMwAwAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAZQAxAGIAZQAAADBsBgorBgEEAYI3DAIB +BF4wXB4OAEgAVwBJAEQAMgAyADkCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQAyADEANwBmAAAA +MGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADIAOAIEEAEAAQREdwBzAGQA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhAGUANABiAGUAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADIAMgA3 +AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEAMgA1ADMAZgAAADBsBgorBgEEAYI3DAIBBF4wXB4O +AEgAVwBJAEQAMgAyADYCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBlADcANwBlAAAAMGwGCisG +AQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADIANQIEEAEAAQREdwBzAGQAcAByAGkA +bgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADEA +MwBjADYAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADIAMgA0AgQQAQAB +BER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBsAGEAZAA5ADAANwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJ +AEQAMgAyADMCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBlADIANwBlAAAAMGwGCisGAQQBgjcM +AgEEXjBcHg4ASABXAEkARAAyADIAMgIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGQAYgA4AGYA +AAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADIAMgAxAgQQAQABBER3AHMA +ZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAZABhAGMAZgAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgAy +ADACBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGwAYQAxAGEAMABlAAAAMGwGCisGAQQBgjcMAgEEXjBc +Hg4ASABXAEkARAAyADEAOQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADQAMABkADIAAAAwbAYK +KwYBBAGCNwwCAQReMFweDgBIAFcASQBEADIAMQA4AgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +ZAA1AGMAZgAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgAxADcCBBAB +AAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQBkADcANABmAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAAyADEANgIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADEANwA4AGUAAAAwbAYKKwYBBAGC +NwwCAQReMFweDgBIAFcASQBEADIAMQA1AgQQAQABBER3AHMAZABwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMQA2AGMA +ZQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgAxADQCBBABAAEERHcA +cwBkAHAAcgBpAG4AdABcAGgAcABvAGYAZgBpAGMAZQBqAGUAdABfAHAAcgBvAF8A +MgA1ADAAXwAxADYAZgBkAAAAMGoGCisGAQQBgjcMAgEEXDBaHg4ASABXAEkARAAy +ADEAMwIEEAEAAQRCdwBzAGQAcAByAGkAbgB0AFwAaABwAG8AZgBmAGkAYwBlAGoA +ZQB0AF8AcAByAG8AXwAyADAAMABkADYANAA0AAAAMGwGCisGAQQBgjcMAgEEXjBc +Hg4ASABXAEkARAAyADEAMgIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhAGEAZQA3AGQAAAAwbAYK +KwYBBAGCNwwCAQReMFweDgBIAFcASQBEADIAMQAxAgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEA +YQBmADMAZAAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgAxADACBBAB +AAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGwAYQA2AGQANwBjAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAAyADAAOQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADYAYwAzAGMAAAAwbAYKKwYBBAGC +NwwCAQReMFweDgBIAFcASQBEADIAMAA4AgQQAQABBER3AHMAZABwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAYQBjAGYA +ZAAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgAwADcCBBABAAEERHcA +cwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQAwADcAMgA0AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAy +ADAANgIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhAGEANwBiAGQAAAAwbAYKKwYBBAGCNwwCAQRe +MFweDgBIAFcASQBEADIAMAA1AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANgA3ADcAYwAAADBs +BgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMgAwADQCBBABAAEERHcAcwBkAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwA +YQBhADIAYgBkAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADAAMwIE +EAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhADYAMwAzAGMAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBI +AFcASQBEADIAMAAyAgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAYQAxADcAZAAAADBsBgorBgEE +AYI3DAIBBF4wXB4OAEgAVwBJAEQAMgAwADECBBABAAEERHcAcwBkAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBhADQA +NwBkAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAyADAAMAIEEAEAAQRE +dwBzAGQAcAByAGkAbgB0AFwAaABwAGgAcABfAG8AZgBmAGkAYwBlAGoAZQB0AF8A +cAByAG8AXwAyAGEAOAAxAGMAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBE +ADEAOQA5AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAHAAaABwAF8AbwBmAGYA +aQBjAGUAagBlAHQAXwBwAHIAbwBfADIAMwA0AGMANQAAADBsBgorBgEEAYI3DAIB +BF4wXB4OAEgAVwBJAEQAMQA5ADgCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgA +cABvAGYAZgBpAGMAZQBqAGUAdABfAHAAcgBvAF8AOAAwADAAMABjADIAOAAzAAAA +MGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAxADkANwIEEAEAAQREdwBzAGQA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +YwBvAGIAZgAzADMAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADEAOQA2 +AgQQAQABBER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBjAG8ANwA1ADQANQAAADBsBgorBgEEAYI3DAIBBF4wXB4O +AEgAVwBJAEQAMQA5ADUCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwBjADUAZABjAAAAMGwGCisG +AQQBgjcMAgEEXjBcHg4ASABXAEkARAAxADkANAIEEAEAAQREdwBzAGQAcAByAGkA +bgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADcA +ZgA2ADIAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADEAOQAzAgQQAQAB +BER3AHMAZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBjAG8AZQA1ADQANAAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJ +AEQAMQA5ADICBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwAwADUAMQBkAAAAMGwGCisGAQQBgjcM +AgEEXjBcHg4ASABXAEkARAAxADkAMQIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvAGIAZgBjADEA +AAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADEAOQAwAgQQAQABBER3AHMA +ZABwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG8AOAA3ADQANQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMQA4 +ADkCBBABAAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwBjADQAOQBjAAAAMGwGCisGAQQBgjcMAgEEXjBc +Hg4ASABXAEkARAAxADgAOAIEEAEAAQREdwBzAGQAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADcAZgA5ADIAAAAwbAYK +KwYBBAGCNwwCAQReMFweDgBIAFcASQBEADEAOAA3AgQQAQABBER3AHMAZABwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8A +MQA1ADQANAAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMQA4ADYCBBAB +AAEERHcAcwBkAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwAwADQANQBkAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAAxADgANQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADkAZAAyADQAAAAwbAYKKwYBBAGC +NwwCAQReMFweDgBIAFcASQBEADEAOAA0AgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAZgAxADUA +NwAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMQA4ADMCBBABAAEESHUA +cwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBmADEA +NwAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEEAYI3DAIBBFAwTh4OAEgAVwBJ +AEQAMQA4ADICBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOQBmADEANwAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJ +AEQAMQA4ADECBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA0AGMANQA0AAAAMGwGCisGAQQBgjcM +AgEEXjBcHg4ASABXAEkARAAxADgAMAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AbABhADIAZABmADEA +AAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADEANwA5AgQQAQABBER1AHMA +YgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBsAGEAMgBkAGEAYgAAADBwBgorBgEEAYI3DAIBBGIwYB4OAEgAVwBJAEQAMQA3 +ADgCBBABAAEESHUAcwBiAHAAcgBpAG4AdABcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOQBlADEANwAmAHIAZQB2AF8AMAAxADAAMAAAADBeBgorBgEEAYI3DAIB +BFAwTh4OAEgAVwBJAEQAMQA3ADcCBBABAAEENnUAcwBiAHAAcgBpAG4AdABcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOQBlADEANwAAADBuBgorBgEEAYI3DAIB +BGAwXh4OAEgAVwBJAEQAMQA3ADYCBBABAAEERmQAbwB0ADQAcAByAHQAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADgAZAAxADcAJgByAGUAdgBfADAAMQAwADAA +AAAwXAYKKwYBBAGCNwwCAQROMEweDgBIAFcASQBEADEANwA1AgQQAQABBDRkAG8A +dAA0AHAAcgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA4AGQAMQA3AAAA +MHAGCisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAAxADcANAIEEAEAAQRIdQBzAGIA +cAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxAGYAMQA3ACYA +cgBlAHYAXwAwADQAMAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHg4ASABXAEkARAAx +ADcAMwIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAxAGYAMQA3AAAAMF4GCisGAQQBgjcMAgEEUDBOHg4ASABXAEkARAAx +ADcAMgIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA2ADIAMQAyAAAAMF4GCisGAQQBgjcMAgEEUDBOHg4ASABXAEkARAAx +ADcAMQIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA2ADEAMQAyAAAAMHAGCisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAAx +ADcAMAIEEAEAAQRIdQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA1AGIAMQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMF4GCisGAQQBgjcM +AgEEUDBOHg4ASABXAEkARAAxADYAOQIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1AGIAMQA3AAAAMHAGCisGAQQBgjcM +AgEEYjBgHg4ASABXAEkARAAxADYAOAIEEAEAAQRIdQBzAGIAcAByAGkAbgB0AFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1AGEAMQA3ACYAcgBlAHYAXwAwADEA +MAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHg4ASABXAEkARAAxADYANwIEEAEAAQQ2 +dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1AGEA +MQA3AAAAMHAGCisGAQQBgjcMAgEEYjBgHg4ASABXAEkARAAxADYANgIEEAEAAQRI +dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADkA +MQA3ACYAcgBlAHYAXwAwADEAMAAwAAAAMF4GCisGAQQBgjcMAgEEUDBOHg4ASABX +AEkARAAxADYANQIEEAEAAQQ2dQBzAGIAcAByAGkAbgB0AFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA1ADkAMQA3AAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAAxADYANAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABwAGgAcABfAG8A +ZgBmAGkAYwBlAGoAZQB0AF8AcAByAG8AXwAyAGEAOAAxAGMAAAAwbAYKKwYBBAGC +NwwCAQReMFweDgBIAFcASQBEADEANgAzAgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAHAAaABwAF8AbwBmAGYAaQBjAGUAagBlAHQAXwBwAHIAbwBfADIAMwA0AGMA +NQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMQA2ADICBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGwAYQBhAGUANwBkAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAx +ADYAMQIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAA +YQBjAGsAYQByAGQAaABwAF8AbABhAGEAZgAzAGQAAAAwbAYKKwYBBAGCNwwCAQRe +MFweDgBIAFcASQBEADEANgAwAgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUA +dwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEANgBkADcAYwAAADBs +BgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMQA1ADkCBBABAAEERHUAcwBiAHAA +cgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwA +YQA2AGMAMwBjAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAxADUAOAIE +EAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsA +YQByAGQAaABwAF8AbABhAGEAYwBmAGQAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBI +AFcASQBEADEANQA3AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUA +dAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBsAGEAMAA3ADIANAAAADBsBgorBgEE +AYI3DAIBBF4wXB4OAEgAVwBJAEQAMQA1ADYCBBABAAEERHUAcwBiAHAAcgBpAG4A +dABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQBhADcA +YgBkAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAxADUANQIEEAEAAQRE +dQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQA +aABwAF8AbABhADYANwA3AGMAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBE +ADEANQA0AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0A +cABhAGMAawBhAHIAZABoAHAAXwBsAGEAYQAyAGIAZAAAADBsBgorBgEEAYI3DAIB +BF4wXB4OAEgAVwBJAEQAMQA1ADMCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgA +ZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGwAYQA2ADMAMwBjAAAA +MGwGCisGAQQBgjcMAgEEXjBcHg4ASABXAEkARAAxADUAMgIEEAEAAQREdQBzAGIA +cAByAGkAbgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8A +bABhAGEAMQA3AGQAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADEANQAx +AgQQAQABBER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMA +awBhAHIAZABoAHAAXwBsAGEAYQA0ADcAZAAAADBsBgorBgEEAYI3DAIBBF4wXB4O +AEgAVwBJAEQAMQA1ADACBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwA +ZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA0AGUAMgBkAAAAMGwGCisG +AQQBgjcMAgEEXjBcHg4ASABXAEkARAAxADQAOQIEEAEAAQREdQBzAGIAcAByAGkA +bgB0AFwAaABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADgA +NgAyAGYAAAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADEANAA4AgQQAQAB +BER1AHMAYgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIA +ZABoAHAAXwBjAG8AZQAyADIAZgAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJ +AEQAMQA0ADcCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQA +LQBwAGEAYwBrAGEAcgBkAGgAcABfAGMAbwA1AGIAOQA0AAAAMGwGCisGAQQBgjcM +AgEEXjBcHg4ASABXAEkARAAxADQANgIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwA +aABlAHcAbABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADkAYQBkAGYA +AAAwbAYKKwYBBAGCNwwCAQReMFweDgBIAFcASQBEADEANAA1AgQQAQABBER1AHMA +YgBwAHIAaQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAA +XwBjAG8AOQBhAGIAOQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMQA0 +ADQCBBABAAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEA +YwBrAGEAcgBkAGgAcABfAGMAbwA4AGYAOAA4AAAAMGwGCisGAQQBgjcMAgEEXjBc +Hg4ASABXAEkARAAxADQAMwIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcA +bABlAHQAdAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADQANwA4AGEAAAAwbAYK +KwYBBAGCNwwCAQReMFweDgBIAFcASQBEADEANAAyAgQQAQABBER1AHMAYgBwAHIA +aQBuAHQAXABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8A +MgAzADgAYQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMQA0ADECBBAB +AAEERHUAcwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEA +cgBkAGgAcABfAGMAbwA2ADEANABiAAAAMGwGCisGAQQBgjcMAgEEXjBcHg4ASABX +AEkARAAxADQAMAIEEAEAAQREdQBzAGIAcAByAGkAbgB0AFwAaABlAHcAbABlAHQA +dAAtAHAAYQBjAGsAYQByAGQAaABwAF8AYwBvADMAZgBmAGIAAAAwbAYKKwYBBAGC +NwwCAQReMFweDgBIAFcASQBEADEAMwA5AgQQAQABBER1AHMAYgBwAHIAaQBuAHQA +XABoAGUAdwBsAGUAdAB0AC0AcABhAGMAawBhAHIAZABoAHAAXwBjAG8ANQAwADAA +NQAAADBsBgorBgEEAYI3DAIBBF4wXB4OAEgAVwBJAEQAMQAzADgCBBABAAEERHUA +cwBiAHAAcgBpAG4AdABcAGgAZQB3AGwAZQB0AHQALQBwAGEAYwBrAGEAcgBkAGgA +cABfAGMAbwAwADgAZQBhAAAAMFQGCisGAQQBgjcMAgEERjBEHg4ASABXAEkARAAx +ADMANwIEEAEAAQQsdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMA +ZQAyAGEAAAAwVAYKKwYBBAGCNwwCAQRGMEQeDgBIAFcASQBEADEAMwA2AgQQAQAB +BCx1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwA4ADIAYQAAADBU +BgorBgEEAYI3DAIBBEYwRB4OAEgAVwBJAEQAMQAzADUCBBABAAEELHUAcwBiAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADkAMgBhAAAAMFQGCisGAQQBgjcM +AgEERjBEHg4ASABXAEkARAAxADMANAIEEAEAAQQsdQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADMAYQAyAGEAAAAwVAYKKwYBBAGCNwwCAQRGMEQeDgBI +AFcASQBEADEAMwAzAgQQAQABBCx1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AMwBmADIAYQAAADByBgorBgEEAYI3DAIBBGQwYh4OAEgAVwBJAEQAMQAz +ADICBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADIA +MgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAzAAAAMHIGCisGAQQBgjcM +AgEEZDBiHg4ASABXAEkARAAxADMAMQIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADQAMgAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkA +XwAwADIAAAAwcgYKKwYBBAGCNwwCAQRkMGIeDgBIAFcASQBEADEAMwAwAgQQAQAB +BEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANAAyADIAYQAmAHIA +ZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMQAAADBgBgorBgEEAYI3DAIBBFIwUB4O +AEgAVwBJAEQAMQAyADkCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA3AGEAMQAyACYAbQBpAF8AMAA0AAAAMGAGCisGAQQBgjcMAgEEUjBQ +Hg4ASABXAEkARAAxADIAOAIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADcAYQAxADIAJgBtAGkAXwAwADIAAAAwYAYKKwYBBAGCNwwCAQRS +MFAeDgBIAFcASQBEADEAMgA3AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANgAzADEAMgAmAG0AaQBfADAANAAAADBgBgorBgEEAYI3DAIB +BFIwUB4OAEgAVwBJAEQAMQAyADYCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA2ADMAMQAyACYAbQBpAF8AMAAyAAAAMGAGCisGAQQBgjcM +AgEEUjBQHg4ASABXAEkARAAxADIANQIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAA +MwBmADAAJgBwAGkAZABfADMAZQAyAGEAJgBtAGkAXwAwADMAAAAwYAYKKwYBBAGC +NwwCAQRSMFAeDgBIAFcASQBEADEAMgA0AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AMwBlADIAYQAmAG0AaQBfADAAMgAAADBgBgorBgEE +AYI3DAIBBFIwUB4OAEgAVwBJAEQAMQAyADMCBBABAAEEOHUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAzAGUAMgBhACYAbQBpAF8AMAAxAAAAMHIGCisG +AQQBgjcMAgEEZDBiHg4ASABXAEkARAAxADIAMgIEEAEAAQRKdQBzAGIAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADAAZgAyAGEAJgByAGUAdgBfADAAMQAwADAA +JgBtAGkAXwAwADEAAAAwYAYKKwYBBAGCNwwCAQRSMFAeDgBIAFcASQBEADEAMgAx +AgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANwBkADEA +MgAmAG0AaQBfADAAMwAAADBgBgorBgEEAYI3DAIBBFIwUB4OAEgAVwBJAEQAMQAy +ADACBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3AGQA +MQAyACYAbQBpAF8AMAAxAAAAMHIGCisGAQQBgjcMAgEEZDBiHg4ASABXAEkARAAx +ADEAOQIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADEA +NQAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADEAAAAwcgYKKwYBBAGC +NwwCAQRkMGIeDgBIAFcASQBEADEAMQA4AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AMQAyADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0A +aQBfADAAMwAAADByBgorBgEEAYI3DAIBBGQwYh4OAEgAVwBJAEQAMQAxADcCBBAB +AAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAxADQAMgBhACYA +cgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAzAAAAMHIGCisGAQQBgjcMAgEEZDBi +Hg4ASABXAEkARAAxADEANgIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADMAMwAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADMA +AAAwcgYKKwYBBAGCNwwCAQRkMGIeDgBIAFcASQBEADEAMQA1AgQQAQABBEp1AHMA +YgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMgA0ADIAYQAmAHIAZQB2AF8A +MAAxADAAMAAmAG0AaQBfADAAMgAAADByBgorBgEEAYI3DAIBBGQwYh4OAEgAVwBJ +AEQAMQAxADQCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAzADIAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAzAAAAMHIGCisG +AQQBgjcMAgEEZDBiHg4ASABXAEkARAAxADEAMwIEEAEAAQRKdQBzAGIAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADIAMgAyAGEAJgByAGUAdgBfADAAMQAwADAA +JgBtAGkAXwAwADIAAAAwcgYKKwYBBAGCNwwCAQRkMGIeDgBIAFcASQBEADEAMQAy +AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMABiADIA +YQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMQAAADByBgorBgEEAYI3DAIB +BGQwYh4OAEgAVwBJAEQAMQAxADECBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA5ADMAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8A +MAAyAAAAMHIGCisGAQQBgjcMAgEEZDBiHg4ASABXAEkARAAxADEAMAIEEAEAAQRK +dQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADQANQAyAGEAJgByAGUA +dgBfADAAMQAwADAAJgBtAGkAXwAwADEAAAAwcgYKKwYBBAGCNwwCAQRkMGIeDgBI +AFcASQBEADEAMAA5AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AMwAxADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMQAAADBy +BgorBgEEAYI3DAIBBGQwYh4OAEgAVwBJAEQAMQAwADgCBBABAAEESnUAcwBiAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzADQAMgBhACYAcgBlAHYAXwAwADEA +MAAwACYAbQBpAF8AMAAzAAAAMHIGCisGAQQBgjcMAgEEZDBiHg4ASABXAEkARAAx +ADAANwIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADMA +YwAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADQAAAAwcgYKKwYBBAGC +NwwCAQRkMGIeDgBIAFcASQBEADEAMAA2AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AMwBjADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0A +aQBfADAAMwAAADByBgorBgEEAYI3DAIBBGQwYh4OAEgAVwBJAEQAMQAwADUCBBAB +AAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzAGMAMgBhACYA +cgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMHIGCisGAQQBgjcMAgEEZDBi +Hg4ASABXAEkARAAxADAANAIEEAEAAQRKdQBzAGIAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADMAYwAyAGEAJgByAGUAdgBfADAAMQAwADAAJgBtAGkAXwAwADEA +AAAwcgYKKwYBBAGCNwwCAQRkMGIeDgBIAFcASQBEADEAMAAzAgQQAQABBEp1AHMA +YgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAxADEANwAmAHIAZQB2AF8A +MAAxADAAMAAmAG0AaQBfADAAMgAAADByBgorBgEEAYI3DAIBBGQwYh4OAEgAVwBJ +AEQAMQAwADICBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA4ADYAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAA1AAAAMHIGCisG +AQQBgjcMAgEEZDBiHg4ASABXAEkARAAxADAAMQIEEAEAAQRKdQBzAGIAXAB2AGkA +ZABfADAAMwBmADAAJgBwAGkAZABfADgANgAyAGEAJgByAGUAdgBfADAAMQAwADAA +JgBtAGkAXwAwADQAAAAwcgYKKwYBBAGCNwwCAQRkMGIeDgBIAFcASQBEADEAMAAw +AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAA2ADIA +YQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMwAAADBwBgorBgEEAYI3DAIB +BGIwYB4MAEgAVwBJAEQAOQA5AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOAA2ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAA +MgAAADBwBgorBgEEAYI3DAIBBGIwYB4MAEgAVwBJAEQAOQA4AgQQAQABBEp1AHMA +YgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAxADIAYQAmAHIAZQB2AF8A +MAAxADAAMAAmAG0AaQBfADAANgAAADBwBgorBgEEAYI3DAIBBGIwYB4MAEgAVwBJ +AEQAOQA3AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +NQAxADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAANQAAADBwBgorBgEE +AYI3DAIBBGIwYB4MAEgAVwBJAEQAOQA2AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8ANQAxADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0A +aQBfADAANAAAADBwBgorBgEEAYI3DAIBBGIwYB4MAEgAVwBJAEQAOQA1AgQQAQAB +BEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8ANQAxADIAYQAmAHIA +ZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMwAAADBwBgorBgEEAYI3DAIBBGIwYB4M +AEgAVwBJAEQAOQA0AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAA +aQBkAF8AOAA0ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAANQAAADBw +BgorBgEEAYI3DAIBBGIwYB4MAEgAVwBJAEQAOQAzAgQQAQABBEp1AHMAYgBcAHYA +aQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAA0ADIAYQAmAHIAZQB2AF8AMAAxADAA +MAAmAG0AaQBfADAANAAAADBwBgorBgEEAYI3DAIBBGIwYB4MAEgAVwBJAEQAOQAy +AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AOAA0ADIA +YQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMwAAADBwBgorBgEEAYI3DAIB +BGIwYB4MAEgAVwBJAEQAOQAxAgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AOAA0ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAA +MgAAADBwBgorBgEEAYI3DAIBBGIwYB4MAEgAVwBJAEQAOQAwAgQQAQABBEp1AHMA +YgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwBiADIAYQAmAHIAZQB2AF8A +MAAxADAAMAAmAG0AaQBfADAANgAAADBwBgorBgEEAYI3DAIBBGIwYB4MAEgAVwBJ +AEQAOAA5AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8A +MwBiADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAANQAAADBwBgorBgEE +AYI3DAIBBGIwYB4MAEgAVwBJAEQAOAA4AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8A +MAAzAGYAMAAmAHAAaQBkAF8AMwBiADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0A +aQBfADAANAAAADBwBgorBgEEAYI3DAIBBGIwYB4MAEgAVwBJAEQAOAA3AgQQAQAB +BEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYAMAAmAHAAaQBkAF8AMwBiADIAYQAmAHIA +ZQB2AF8AMAAxADAAMAAmAG0AaQBfADAAMwAAADBOBgorBgEEAYI3DAIBBEAwPh4M +AEgAVwBJAEQAOAA2AgQQAQABBCh1AHMAYgBcAG0AcwBfAGMAbwBtAHAAXwB1AHMA +YgBzAGMAYQBuAAAAMEwGCisGAQQBgjcMAgEEPjA8HgwASABXAEkARAA4ADUCBBAB +AAEEJnUAcwBiAFwAbQBzAF8AYwBvAG0AcABfAHcAaQBuAHUAcwBiAAAAMHAGCisG +AQQBgjcMAgEEYjBgHgwASABXAEkARAA4ADQCBBABAAEESnUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAyAGQAMgBhACYAcgBlAHYAXwAwADEAMAAwACYA +bQBpAF8AMAAzAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABXAEkARAA4ADMCBBAB +AAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADYAMQAyACYA +bQBpAF8AMAAxAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABXAEkARAA4ADICBBAB +AAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBkADUAMQAxACYA +bQBpAF8AMAA0AAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABXAEkARAA4ADECBBAB +AAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBkADUAMQAxACYA +bQBpAF8AMAAyAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABXAEkARAA4ADACBBAB +AAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBkADQAMQAxACYA +bQBpAF8AMAA0AAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABXAEkARAA3ADkCBBAB +AAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBkADQAMQAxACYA +bQBpAF8AMAAyAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABXAEkARAA3ADgCBBAB +AAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBkADYAMQAxACYA +bQBpAF8AMAA0AAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABXAEkARAA3ADcCBBAB +AAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBkADYAMQAxACYA +bQBpAF8AMAAyAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAA3ADYCBBAB +AAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1AGEAMgBhACYA +cgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAA2AAAAMHAGCisGAQQBgjcMAgEEYjBg +HgwASABXAEkARAA3ADUCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA1AGEAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAA1AAAA +MHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAA3ADQCBBABAAEESnUAcwBiAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1AGEAMgBhACYAcgBlAHYAXwAwADEA +MAAwACYAbQBpAF8AMAA0AAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAA3 +ADMCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1AGEA +MgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAzAAAAMHAGCisGAQQBgjcM +AgEEYjBgHgwASABXAEkARAA3ADICBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA1ADMAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8A +MAA1AAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAA3ADECBBABAAEESnUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADMAMgBhACYAcgBlAHYA +XwAwADEAMAAwACYAbQBpAF8AMAA0AAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABX +AEkARAA3ADACBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA1ADMAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAzAAAAMHAGCisG +AQQBgjcMAgEEYjBgHgwASABXAEkARAA2ADkCBBABAAEESnUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA1ADMAMgBhACYAcgBlAHYAXwAwADEAMAAwACYA +bQBpAF8AMAAyAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAA2ADgCBBAB +AAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAwAGEAMgBhACYA +cgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMF4GCisGAQQBgjcMAgEEUDBO +HgwASABXAEkARAA2ADcCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA1ADgAMgBhACYAbQBpAF8AMAAzAAAAMF4GCisGAQQBgjcMAgEEUDBO +HgwASABXAEkARAA2ADYCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA1ADgAMgBhACYAbQBpAF8AMAAyAAAAMF4GCisGAQQBgjcMAgEEUDBO +HgwASABXAEkARAA2ADUCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA1ADgAMgBhACYAbQBpAF8AMAAxAAAAMF4GCisGAQQBgjcMAgEEUDBO +HgwASABXAEkARAA2ADQCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAzADgAMgBhACYAbQBpAF8AMAAzAAAAMF4GCisGAQQBgjcMAgEEUDBO +HgwASABXAEkARAA2ADMCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAzADgAMgBhACYAbQBpAF8AMAAyAAAAMF4GCisGAQQBgjcMAgEEUDBO +HgwASABXAEkARAA2ADICBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAzADgAMgBhACYAbQBpAF8AMAAxAAAAMHAGCisGAQQBgjcMAgEEYjBg +HgwASABXAEkARAA2ADECBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAwADEAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAzAAAA +MHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAA2ADACBBABAAEESnUAcwBiAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBjADAAMQAxACYAcgBlAHYAXwAwADEA +MAAwACYAbQBpAF8AMAA0AAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAA1 +ADkCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBiAGYA +MQAxACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAA0AAAAMHAGCisGAQQBgjcM +AgEEYjBgHgwASABXAEkARAA1ADgCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwBhAGIAMQAxACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8A +MAA0AAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAA1ADcCBBABAAEESnUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAwADIAMgBhACYAcgBlAHYA +XwAwADEAMAAwACYAbQBpAF8AMAAxAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABX +AEkARAA1ADYCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBkADIAMQAxACYAbQBpAF8AMAAzAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABX +AEkARAA1ADUCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBkADIAMQAxACYAbQBpAF8AMAAxAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABX +AEkARAA1ADQCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBkADEAMQAxACYAbQBpAF8AMAAzAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABX +AEkARAA1ADMCBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBkADEAMQAxACYAbQBpAF8AMAAxAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABX +AEkARAA1ADICBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBkADMAMQAxACYAbQBpAF8AMAAzAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABX +AEkARAA1ADECBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBkADMAMQAxACYAbQBpAF8AMAAxAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABX +AEkARAA1ADACBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAyADcAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAzAAAAMHAGCisG +AQQBgjcMAgEEYjBgHgwASABXAEkARAA0ADkCBBABAAEESnUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA1ADIAMgBhACYAcgBlAHYAXwAwADEAMAAwACYA +bQBpAF8AMAA0AAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAA0ADgCBBAB +AAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADIAMgBhACYA +cgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAzAAAAMHAGCisGAQQBgjcMAgEEYjBg +HgwASABXAEkARAA0ADcCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA1ADIAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAA +MHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAA0ADYCBBABAAEESnUAcwBiAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADIAMgBhACYAcgBlAHYAXwAwADEA +MAAwACYAbQBpAF8AMAAxAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAA0 +ADUCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2ADIA +MQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAA0AAAAMHAGCisGAQQBgjcM +AgEEYjBgHgwASABXAEkARAA0ADQCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA2ADEAMQAyACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8A +MAAyAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAA0ADMCBBABAAEESnUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyADUAMgBhACYAcgBlAHYA +XwAwADEAMAAwACYAbQBpAF8AMAAzAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABX +AEkARAA0ADICBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA1ADUAMgBhACYAbQBpAF8AMAAzAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABX +AEkARAA0ADECBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA1ADUAMgBhACYAbQBpAF8AMAAyAAAAMF4GCisGAQQBgjcMAgEEUDBOHgwASABX +AEkARAA0ADACBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA1ADUAMgBhACYAbQBpAF8AMAAxAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABX +AEkARAAzADkCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAwAGMAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMHAGCisG +AQQBgjcMAgEEYjBgHgwASABXAEkARAAzADgCBBABAAEESnUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAyAGUAMgBhACYAcgBlAHYAXwAwADEAMAAwACYA +bQBpAF8AMAAyAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAzADcCBBAB +AAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2ADAAMgBhACYA +cgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAA0AAAAMHAGCisGAQQBgjcMAgEEYjBg +HgwASABXAEkARAAzADYCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA2ADAAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAzAAAA +MHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAzADUCBBABAAEESnUAcwBiAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2ADAAMgBhACYAcgBlAHYAXwAwADEA +MAAwACYAbQBpAF8AMAAyAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAz +ADQCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA2ADAA +MgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxAAAAMHAGCisGAQQBgjcM +AgEEYjBgHgwASABXAEkARAAzADMCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwA1ADQAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8A +MAA0AAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAzADICBBABAAEESnUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA1ADQAMgBhACYAcgBlAHYA +XwAwADEAMAAwACYAbQBpAF8AMAAzAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABX +AEkARAAzADECBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwA1ADQAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMHAGCisG +AQQBgjcMAgEEYjBgHgwASABXAEkARAAzADACBBABAAEESnUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA1ADQAMgBhACYAcgBlAHYAXwAwADEAMAAwACYA +bQBpAF8AMAAxAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAyADkCBBAB +AAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAwADcAMgBhACYA +cgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAzAAAAMHAGCisGAQQBgjcMAgEEYjBg +HgwASABXAEkARAAyADgCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA0AGEAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAA +MHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAyADcCBBABAAEESnUAcwBiAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0AGEAMgBhACYAcgBlAHYAXwAwADEA +MAAwACYAbQBpAF8AMAAxAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAy +ADYCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAzAGEA +MgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMHAGCisGAQQBgjcM +AgEEYjBgHgwASABXAEkARAAyADUCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwAzAGEAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8A +MAAxAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAyADQCBBABAAEESnUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAwADgAMgBhACYAcgBlAHYA +XwAwADEAMAAwACYAbQBpAF8AMAAzAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABX +AEkARAAyADMCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwAwADYAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMHAGCisG +AQQBgjcMAgEEYjBgHgwASABXAEkARAAyADICBBABAAEESnUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwAxADMAMgBhACYAcgBlAHYAXwAwADEAMAAwACYA +bQBpAF8AMAAxAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAyADECBBAB +AAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADEAMgBhACYA +cgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMHAGCisGAQQBgjcMAgEEYjBg +HgwASABXAEkARAAyADACBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA0ADEAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxAAAA +MHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAxADkCBBABAAEESnUAcwBiAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADAAMgBhACYAcgBlAHYAXwAwADEA +MAAwACYAbQBpAF8AMAAyAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAx +ADgCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA0ADAA +MgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxAAAAMHAGCisGAQQBgjcM +AgEEYjBgHgwASABXAEkARAAxADcCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMA +ZgAwACYAcABpAGQAXwBhAGEAMQAxACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8A +MAAyAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAxADYCBBABAAEESnUA +cwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwBhADMAMQAxACYAcgBlAHYA +XwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABX +AEkARAAxADUCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQA +XwBiADMAMQAxACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMHAGCisG +AQQBgjcMAgEEYjBgHgwASABXAEkARAAxADQCBBABAAEESnUAcwBiAFwAdgBpAGQA +XwAwADMAZgAwACYAcABpAGQAXwA3ADcAMgBhACYAcgBlAHYAXwAwADEAMAAwACYA +bQBpAF8AMAAyAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAxADMCBBAB +AAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADcAMgBhACYA +cgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxAAAAMHAGCisGAQQBgjcMAgEEYjBg +HgwASABXAEkARAAxADICBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwA3ADUAMgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAA +MHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAxADECBBABAAEESnUAcwBiAFwA +dgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADUAMgBhACYAcgBlAHYAXwAwADEA +MAAwACYAbQBpAF8AMAAxAAAAMHAGCisGAQQBgjcMAgEEYjBgHgwASABXAEkARAAx +ADACBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADgA +MgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAyAAAAMG4GCisGAQQBgjcM +AgEEYDBeHgoASABXAEkARAA5AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANwA4ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAA +MQAAADBuBgorBgEEAYI3DAIBBGAwXh4KAEgAVwBJAEQAOAIEEAEAAQRKdQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcANAAyAGEAJgByAGUAdgBfADAA +MQAwADAAJgBtAGkAXwAwADIAAAAwbgYKKwYBBAGCNwwCAQRgMF4eCgBIAFcASQBE +ADcCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwA3ADQA +MgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxAAAAMG4GCisGAQQBgjcM +AgEEYDBeHgoASABXAEkARAA2AgQQAQABBEp1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8ANwA2ADIAYQAmAHIAZQB2AF8AMAAxADAAMAAmAG0AaQBfADAA +MgAAADBuBgorBgEEAYI3DAIBBGAwXh4KAEgAVwBJAEQANQIEEAEAAQRKdQBzAGIA +XAB2AGkAZABfADAAMwBmADAAJgBwAGkAZABfADcANgAyAGEAJgByAGUAdgBfADAA +MQAwADAAJgBtAGkAXwAwADEAAAAwbgYKKwYBBAGCNwwCAQRgMF4eCgBIAFcASQBE +ADQCBBABAAEESnUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYAcABpAGQAXwAyAGMA +MgBhACYAcgBlAHYAXwAwADEAMAAwACYAbQBpAF8AMAAxAAAAMFwGCisGAQQBgjcM +AgEETjBMHgoASABXAEkARAAzAgQQAQABBDh1AHMAYgBcAHYAaQBkAF8AMAAzAGYA +MAAmAHAAaQBkAF8AMwBmADIAYQAmAG0AaQBfADAAMwAAADBcBgorBgEEAYI3DAIB +BE4wTB4KAEgAVwBJAEQAMgIEEAEAAQQ4dQBzAGIAXAB2AGkAZABfADAAMwBmADAA +JgBwAGkAZABfADMAZgAyAGEAJgBtAGkAXwAwADIAAAAwXAYKKwYBBAGCNwwCAQRO +MEweCgBIAFcASQBEADECBBABAAEEOHUAcwBiAFwAdgBpAGQAXwAwADMAZgAwACYA +cABpAGQAXwAzAGYAMgBhACYAbQBpAF8AMAAxAAAAoIIWGjCCBMMwggOroAMCAQIC +EzMAAACvU0d3bBvxowIAAAAAAK8wDQYJKoZIhvcNAQEFBQAwdzELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV +BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEhMB8GA1UEAxMYTWljcm9zb2Z0IFRp +bWUtU3RhbXAgUENBMB4XDTE2MDUwMzE3MTMyNVoXDTE3MDgwMzE3MTMyNVowgbMx +CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt +b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xDTALBgNVBAsTBE1P +UFIxJzAlBgNVBAsTHm5DaXBoZXIgRFNFIEVTTjozMUM1LTMwQkEtN0M5MTElMCMG +A1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALyFOmxQEbDY02MAt6et3Hih66R0LgmU2zQ1FGms +mJTabU7PWrvWCPj/SATihK3Co15MX7c3kGrpvOjuyBkJST76q9AprN9m4rQOshAp +lnXbo0YpneFC6pfCJnOOdo2htaY4j36vLmXE4GB5CefwDEPitjbhkyxMOP/wU5pw +TDroESlLlGXFUGRvhPcKLebJZyHtaf1YGKbfA3owOHK1xcwHgF7Y+FxGOzXRN+dR +miBE9GNS3inVo58Ic9nao4V9gSRPxw4nfx2L92564BwZR35jk5Gge/fQfGphEWyY +zSX6qwiqH1sVAVqu0dYkrVAhY0kr7fkPzktmqGLC1zmwNq8CAwEAAaOCAQkwggEF +MB0GA1UdDgQWBBRoGFLQWGxI/1OFPSA3s+P2THTxeDAfBgNVHSMEGDAWgBQjNPjZ +UkZwCu1A+3b7syuwwzWzDzBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLm1p +Y3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNyb3NvZnRUaW1lU3RhbXBQ +Q0EuY3JsMFgGCCsGAQUFBwEBBEwwSjBIBggrBgEFBQcwAoY8aHR0cDovL3d3dy5t +aWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNyb3NvZnRUaW1lU3RhbXBQQ0EuY3J0 +MBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBBQUAA4IBAQCM99jfwzH5 +O+Dswpm/LkoHZK1Q5TFNPjuDlrApa46FKtKOsNqjcUl/p88cW7e3u6WgTvtKcn9p +uF2hgS37mVvJQUQtpkflOStcF82U6sv979XSCsp4FNnD09S/Mmgub+hZKQ5Y8wX7 +JU5j7z5Y4TeNbik4nwT6saTvh+NZQlWhv8zehw6L0qErfIzDodNfvVQlLG3HGOie +w/Yk93qxNWtBVV8u3J/Zg3JF2ngDn8/HDCVpXDVqjdSfg41FqQK8cEI1V/oMQtQl +MfGdWgPh0gX2wl2jgLS0Z4t1VH9Vo3v5h2Xrw31JDNoCnfU3BLtiDdaQ3Fp43Em+ +Sizj30jlO18/MIIFaDCCBFCgAwIBAgITMwAAAB4ljnxCUcXR+gABAAAAHjANBgkq +hkiG9w0BAQUFADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x +EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv +bjE1MDMGA1UEAxMsTWljcm9zb2Z0IFdpbmRvd3MgSGFyZHdhcmUgQ29tcGF0aWJp +bGl0eSBQQ0EwHhcNMTUwODE4MTgwMzU5WhcNMTYxMTE4MTgwMzU5WjCBoDELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx +HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UECxMETU9QUjE7 +MDkGA1UEAxMyTWljcm9zb2Z0IFdpbmRvd3MgSGFyZHdhcmUgQ29tcGF0aWJpbGl0 +eSBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0T8mJ +vC7jS8JlVaBKu2QmH32PEXDADrEY550UUhMshTNjGiPOKAOlWyyWqNfjgv1D/gvr +8TrKU/VNPagmg6hWCBhPR+4gf9U4MfrBGaJ1D/7GtrpiczVrLb8OjdiyILO1gRxr +BJ1F9GB4ClK8JeFq2GZV3kdwKi9+fZiuNnd/bMmE41V5nGc0Y9/iaRCx/fevstXY +02ugS7b2SWAME9eEuToXtFekE50dPACxLzJKMkRlGAnZaCcxkJ5LVUdKVxsSBQ5W +DIO/8EL3FBJbOmmin+eAZaKs4jGVJUTbkXm9OqxjJVmNX7HyknUTO4oM1IWj4U4H +VErEf7cewahtUMspAgMBAAGjggGsMIIBqDAfBgNVHSUEGDAWBggrBgEFBQcDAwYK +KwYBBAGCNwoDBTAdBgNVHQ4EFgQUq8xkJml7DihPiwEa71js/Ux0JvwwUQYDVR0R +BEowSKRGMEQxDTALBgNVBAsTBE1PUFIxMzAxBgNVBAUTKjMxNjQxKzE4YjlmYjdl +LTcwYmMtNGFhOC1iMTYwLTA0NTRkMjhhYTViNDAfBgNVHSMEGDAWgBQozO9hpHy8 +P5Zr9g0if2orgIg+LTB2BgNVHR8EbzBtMGugaaBnhmVodHRwOi8vd3d3Lm1pY3Jv +c29mdC5jb20vcGtpL0NSTC9wcm9kdWN0cy9NaWNyb3NvZnQlMjBXaW5kb3dzJTIw +SGFyZHdhcmUlMjBDb21wYXRpYmlsaXR5JTIwUENBKDEpLmNybDB6BggrBgEFBQcB +AQRuMGwwagYIKwYBBQUHMAKGXmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kv +Y2VydHMvTWljcm9zb2Z0JTIwV2luZG93cyUyMEhhcmR3YXJlJTIwQ29tcGF0aWJp +bGl0eSUyMFBDQSgxKS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAKEe7l/ZvxP2YahM +0oz0kSWIVSLHQJ2QZU2dr6l6wd1u4lcUWZLe+WyBfR7/rUEwuaZ9QIgTmuAbPq2R +8U7fqNZz6t8G02MpBBvrodBBh4wgFvUCyHtrF+DlVFF/3OOcG1ntR4CC9z5L1lkr +sKLBYxse/L+NNdq3LPmlRaSipumnPyWytH8ttso8QB3T2Hoa8uEtkU0g3w8Kudve +M33peya9JIASxesCB89EfCV3FVqHSVdHDBWghurBUG+MT494meaICh8ihSl/vvI1 +/oznFIGK/oQnpCX6u0si7RkLdP6Uv2F8LBcFY+T0ILew1fR1GNErved+XHKVbVUS +E9aGGiMwggXYMIIDwKADAgECAhMzAAAAOC5Q6GqYnZV/AAAAAAA4MA0GCSqGSIb3 +DQEBBQUAMF8xEzARBgoJkiaJk/IsZAEZFgNjb20xGTAXBgoJkiaJk/IsZAEZFglt +aWNyb3NvZnQxLTArBgNVBAMTJE1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1 +dGhvcml0eTAeFw0xMjA2MDQyMTA1NDZaFw0yMDA2MDQyMTE1NDZaMIGLMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe +MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTUwMwYDVQQDEyxNaWNyb3Nv +ZnQgV2luZG93cyBIYXJkd2FyZSBDb21wYXRpYmlsaXR5IFBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKyB7v9y++28YQPKEXbybmFacqAiCJBv4z9N +afL3PSZsQFQkBFAwBGF9yZkVM237FYPjEs9HlhcDuJBby8tcLhtq0PpjTo5lgfEO +VcDrRTJ8KPBateFIyVBu9QCfQaG1VxFit9LX5xgUzUf0s3FfbuNzRCjhyh/kuUBQ +FhwBRGhuUFFukj6Hs0MhdbnCoS6DQncXSQMSsJp5bGotRT4RNYuUKyJxkGNls/Kw +E7bpsGCtyVzCK9lTluDzwPpaQf0VZEqYACItnWZ8BCy8dqnu2FaZ0aZfvGgQ4PMr +0TkkCpMHJDEOX7ufslnSrdQne3rf16tS1m7IiS4gFzOAASaKC6cCAwEAAaOCAV4w +ggFaMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFCjM72GkfLw/lmv2DSJ/aiuA +iD4tMAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcV +AgQWBBRyyBDVxALOfkVfp9yIfi5hj/IMcTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBi +AEMAQTAfBgNVHSMEGDAWgBQOrIJgQFYnl+UlE/wq4QpTlVnkpDBQBgNVHR8ESTBH +MEWgQ6BBhj9odHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0 +cy9taWNyb3NvZnRyb290Y2VydC5jcmwwVAYIKwYBBQUHAQEESDBGMEQGCCsGAQUF +BzAChjhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY3Jvc29m +dFJvb3RDZXJ0LmNydDANBgkqhkiG9w0BAQUFAAOCAgEADd+YmZMYoR8XerE1D782 +p2fxmq6dK2h48A30a+VR4aIAbH32T1STdqkpyS0Vyx6Ev97bU2OMmfUZ68HgwTFp +KfgI/utAmKF0KgheHbXwZLKeRdUewILblI1mJ8XBPYzsMalOJoLC46EdH3lZV7WV +nivxVzXxZe5TIzb9clBHL1ZLEQwDMWXp0VHoTLsYFmxHm/GTzK16+04KWn31VUZz +7r2cx+lWFsW9wfQyNpj2fmJOXeVHF57oou8aA29rU2eQ2LeY3rVlJ5ou99YGmGg+ +VyWCkFB0THn1cKYK1aKkLcqGY7SqQDpDzkHtdgU9UJ2+/gr4vgCnA0OefjD4LEPQ +TNXk5cz+qLx+DYJ8kxoye19g22jWFZKpZE+3O+gS7S6Bka3VXlNWlc3rV5HikOGi +yKkmJSKAOF0EiBLgMyJdhJAmPk/cNqtwQlkjp41qoTrG9x0SbxEQ+vXPPD8YgCYh +xV7axDVh2QArDLAofuN/KscVn38J/uZ/hwHtDznVDhud/q8WEWrzAdDAG94UOZkj +AN+eRwd9YpNpHL3Eqqb8usBx/qi4867JA0EoM0rBU1hAm4uDcVA9n7o/LIhPxkiw +WzkI7XEK4mx1Ce8SU9YPwZZBIJ9PiNBpWZK88lVeeZCG+SkSGs03gFfG08aLmytj +N4cBqcy6blDAyAx3zQpTeZ4wggYHMIID76ADAgECAgphFmg0AAAAAAAcMA0GCSqG +SIb3DQEBBQUAMF8xEzARBgoJkiaJk/IsZAEZFgNjb20xGTAXBgoJkiaJk/IsZAEZ +FgltaWNyb3NvZnQxLTArBgNVBAMTJE1pY3Jvc29mdCBSb290IENlcnRpZmljYXRl +IEF1dGhvcml0eTAeFw0wNzA0MDMxMjUzMDlaFw0yMTA0MDMxMzAzMDlaMHcxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k +MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xITAfBgNVBAMTGE1pY3Jv +c29mdCBUaW1lLVN0YW1wIFBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAJ+hbLHf20iSKnxrLhnhveLjxZlRI1Ctzt0YTiQP7tGn0UytdDAgEesH1VSV +FUmUG0KSrphcMCbaAGvoe73siQcP9w4EmPCJzB/LMySHnfL0Zxws/HvniB3q506j +ocEjU8qN+kXPCdBer9CwQgSi+aZsk2fXKNxGU7CG0OUoRi4nrIZPVVIM5AMs+2qQ +kDBuh/NZMJ36ftaXs+ghl3740hPzCLdTbVK0RZCfSABKR2YRJylmqJfk0waBSqL5 +hKcRRxQJgp+E7VV4/gGaHVAIhQAQMEbtt94jRrvELVSfrx54QTF3zJvfO4OToWEC +tR0Nsfz3m7IBziJLVP/5BcPCIAsCAwEAAaOCAaswggGnMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFCM0+NlSRnAK7UD7dvuzK7DDNbMPMAsGA1UdDwQEAwIBhjAQ +BgkrBgEEAYI3FQEEAwIBADCBmAYDVR0jBIGQMIGNgBQOrIJgQFYnl+UlE/wq4QpT +lVnkpKFjpGEwXzETMBEGCgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkW +CW1pY3Jvc29mdDEtMCsGA1UEAxMkTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5ghB5rRahSqClrUxzWPQHEy5lMFAGA1UdHwRJMEcwRaBDoEGGP2h0 +dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL21pY3Jvc29m +dHJvb3RjZXJ0LmNybDBUBggrBgEFBQcBAQRIMEYwRAYIKwYBBQUHMAKGOGh0dHA6 +Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljcm9zb2Z0Um9vdENlcnQu +Y3J0MBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBBQUAA4ICAQAQl4rD +XANENt3ptK132855UU0BsS50cVttDBOrzr57j7gu1BKijG1iuFcCy04gE1CZ3XpA +4le7r1iaHOEdAYasu3jyi9DsOwHu4r6PCgXIjUji8FMV3U+rkuTnjWrVgMHmlPIG +L4UD6ZEqJCJw+/b85HiZLg33B+JwvBhOnY5rCnKVuKE5nGctxVEO6mJcPxaYiyA/ +4gcaMvnMMUp2MT0rcgvI6nA9/4UKE9/CCmGO8Ne4F+tOi3/FNSteo7/rvH0LQnvU +U3Ih7jDKu3hlXFsBFwoUDtLaFJj1PLlmWLMtL+f5hYbMUVbonXCUbKw5TNT2eb+q +GHpiKe+imyk0BncaYsk9Hm0fgvALxyy7z0Oz5fnsfbXjpKh0NbhOxXEjEiZ2CzxS +jHFaRkMUvLOzsE1nyJ9C/4B5IYCeFTBm6EISXhrIniIh0EPpK+m79EjMLNTYMoBM +JipIJF9a6lbvpt6Znco6b72BJ3QGEe52Ib+bgsEnVLaxaj2JoXZhtG6hE6a/qkfw +Em/9ijJssv7fUciMI8lmvZ0dhxJkAj0tr1mPuOQh5bWwymO0eFQF1EEuUKyUsKV4 +q7OglnUa2ZKHE3UiLzKoCG6gW4wlv6DvhMoh1useT8ma7kng9wFlb4kLfchpyOZu +6qeXzjEp/w7FW1zYTRuh2Povnj8uVRZryROj/TGCBM0wggTJAgEBMIGjMIGLMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u +ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTUwMwYDVQQDEyxNaWNy +b3NvZnQgV2luZG93cyBIYXJkd2FyZSBDb21wYXRpYmlsaXR5IFBDQQITMwAAAB4l +jnxCUcXR+gABAAAAHjAJBgUrDgMCGgUAoIHTMBgGCSqGSIb3DQEJAzELBgkrBgEE +AYI3CgEwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwIwYJKoZIhvcNAQkE +MRYEFBxEiIMRdWTB/oMLKDPA72uDAwwOMHQGCisGAQQBgjcCAQwxZjBkoDCALgBI +AGUAdwBsAGUAdAB0AC0AUABhAGMAawBhAHIAZAAgAEMAbwBtAHAAYQBuAHmhMIAu +aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3doZGMvaGNsL2RlZmF1bHQubXNweDAN +BgkqhkiG9w0BAQEFAASCAQAzY/ZS8lz8sQnhabDDZav2bn1Wddd1cGw6t+/9MC3k +4hDloQ/ZssjnnPkNl6OTVeomyamAEMTT/YZzySTKKGts4Ak6Dtp7YsGeAxANVRDn +K4ekFx1IEWgFTM7X2YkPBqJJPrVTayPj0GSGDA2J0V5OEnd8oS007lx1dyDTZA5y +gRBoNkoHs4DO1s5a9kOxr2HiPLqkioQdlJWr9A+pdl7ueKbPcahqXyekNsTn9JQS +jMsmnWc/N9K7ezaoaTVyNvoTV/cgF2YfEgBriGUwWb4WP4jYfBAf0e6ZLWgqHotQ +w1Y8BWEjXw6MTrW5A01sDp+0f952USXFvrXdq7ocBGsyoYICKDCCAiQGCSqGSIb3 +DQEJBjGCAhUwggIRAgEBMIGOMHcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo +aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y +cG9yYXRpb24xITAfBgNVBAMTGE1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQQITMwAA +AK9TR3dsG/GjAgAAAAAArzAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqG +SIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTYwOTEzMjExOTA5WjAjBgkqhkiG9w0B +CQQxFgQU1IjPgJfg0g8XCqfP9UFNncLyj3swDQYJKoZIhvcNAQEFBQAEggEAFtzQ +H1OsUvjzeJjwI1JxbJ3o3N7lOi37JD1QOzHyUoeOVMVxbNLyI3uCoSaTIsUO0wTA +CoXlDEezzkOy3/+dHYAyVB4oIWKB5xVAe4y+Vl/uhpqg5vtvQhwcVRbH/q2AwcIR +eZiwp1S7BoOXHXioZHBzSVFBIb8hWDBdZy+IAOoCvSZsGYr8IkSfRXnX8NszeRms +zY+Ak1OeHSTlyJwMH5c06o+b7Czp/58i+WSQabdZugWWd0JhWjlTZFVy7dtMUAa2 +/UxiJr7e0AOFSO2C05k7F7RzynXpiR1SS+XDnsQi16eLqqR1vxqg4ZbX2xhY7crO +oe80smVXcquPyjx3Zg== +-----END PKCS7----- diff --git a/tests/data/test2.cat b/tests/data/test2.cat new file mode 100644 index 0000000..288599d Binary files /dev/null and b/tests/data/test2.cat differ diff --git a/tests/data/test2.cat.data b/tests/data/test2.cat.data new file mode 100644 index 0000000..b72a5dd Binary files /dev/null and b/tests/data/test2.cat.data differ diff --git a/tests/data/test2.cat.out b/tests/data/test2.cat.out new file mode 100644 index 0000000..aec0af9 --- /dev/null +++ b/tests/data/test2.cat.out @@ -0,0 +1,74 @@ +eContent Type: 1.3.6.1.4.1.311.10.1 +Signers: + Signer's issuer DN: CN=WDKTestCert asn\,131206795480483453 + Signer's serial: 1656c8b2bf9bb3b24e6f3411cdcff0b5 + Signature Algorithm: RSA-SHA1 + Signed Attributes: + messageDigest: 041490608f08aab36bbeef8cb509bef6e60385058afa + 1.3.6.1.4.1.311.2.1.11: 300c060a2b060104018237020115 + contentType: 06092b0601040182370a01 + 1.3.6.1.4.1.311.2.1.12: 3000 + +Number of certificates: 1 + +-----BEGIN CERTIFICATE----- +MIIDCDCCAfCgAwIBAgIQFlbIsr+bs7JObzQRzc/wtTANBgkqhkiG9w0BAQUFADAt +MSswKQYDVQQDEyJXREtUZXN0Q2VydCBhc24sMTMxMjA2Nzk1NDgwNDgzNDUzMB4X +DTE2MTAxMTE3MTIyOFoXDTI2MTAxMTAwMDAwMFowLTErMCkGA1UEAxMiV0RLVGVz +dENlcnQgYXNuLDEzMTIwNjc5NTQ4MDQ4MzQ1MzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAKQ+rj0b53bgPJ7C94HfznU2c5PqdD/bwEPZFW0RRt/f1Lki +CJu58jTuO07u4QgbivKuc8GN9Z2imjpCyTME6VKJyP68BRIa7exMBTYtmkVXshG6 +i5cAsxSuayRsz8A6eL3CqVj7Kg+ZjigTlziG0LeZfDIijPdYkar8BBINRG2vIShd +z/zB09mWsTMuDkHSXYI6L0kH6ooQOahtcMF100L1nkB77dUzvr1DU3J2ztGJyLhv +nNFg5Y5+FFS2KNhxZNXOzJE32F9zs3VG8V6TLB220Lp9l1Nr/skEYFYh1A3uBuqR +s+Lq/2jedgxBZKiFAgHiVgYRuKULzApdtC/9fQ8CAwEAAaMkMCIwCwYDVR0PBAQD +AgQwMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBQUAA4IBAQBObe7e +ZV1GCRofMbuNdskRAZVMUE+FInfSnPxppsIkL4pyjFsI3aMMbX50Uf2c62w+QFVU +CGjOiUoMyxB98dIHjfRajMXGiVZLJ1HMfYqlpveG856D8/RV5YEPnupcfbwhD9W7 +rclIY+5vMotKZA/J18H/HLM2j2NrY6jGvKO+/1uqQ1IyBiRzSLGScCDf6iU90sbP +TW/KsC34ygexaWi4AvQQG+961nVtrkEhrVjvQb3+/33IDpNkrtQhWU3/2aKhW7U0 +PkMJfdm7lBZk5cqPYFZjx12Vn3mGiA8E3p9hSON1pixLIHvF5X7/k6RS028tgVpy +oLcQbBwOi/RXpsa8 +-----END CERTIFICATE----- + +-----BEGIN PKCS7----- +MIIHSwYJKoZIhvcNAQcCoIIHPDCCBzgCAQExCzAJBgUrDgMCGgUAMIICNwYJKwYB +BAGCNwoBoIICKDCCAiQwDAYKKwYBBAGCNwwBAQQQu/ZNvyszUkS6h2Pwl4hELRcN +MTYxMDExMTcxMzAyWjAOBgorBgEEAYI3DAECBQAwggGVMIIBkQRSRQA1ADIAMgAx +ADUANAAwAEQAQwA0AEIAOQA3ADQARgA1ADQARABCADQARQAzADkAMABCAEYARgA0 +ADEAMwAyADMAOQA5AEMAOAAwADMANwAAADGCATkwQAYKKwYBBAGCNwwCATEyMDAe +CABGAGkAbABlAgQQAQABBB5zAGEAbQBiAGEAcAAxADAAMAAwAC4AaQBuAGYAAAAw +RQYKKwYBBAGCNwIBBDE3MDUwEAYKKwYBBAGCNwIBGaICgAAwITAJBgUrDgMCGgUA +BBTlIhVA3EuXT1TbTjkL/0EyOZyANzBKBgorBgEEAYI3DAIBMTwwOh4MAE8AUwBB +AHQAdAByAgQQAQABBCQyADoANgAuADAALAAyADoANgAuADEALAAyADoANgAuADQA +AAAwYgYKKwYBBAGCNwwCAjFUMFIeTAB7AEQARQAzADUAMQBBADQAMgAtADgARQA1 +ADkALQAxADEARAAwAC0AOABDADQANwAtADAAMABDADAANABGAEMAMgA5ADUARQBF +AH0CAgIAoEowSDBGBgorBgEEAYI3DAIBBDgwNh4EAE8AUwIEEAEAAQQoVgBpAHMA +dABhAFgAOAA2ACwANwBYADgANgAsADEAMABYADgANgAAAKCCAwwwggMIMIIB8KAD +AgECAhAWVsiyv5uzsk5vNBHNz/C1MA0GCSqGSIb3DQEBBQUAMC0xKzApBgNVBAMT +IldES1Rlc3RDZXJ0IGFzbiwxMzEyMDY3OTU0ODA0ODM0NTMwHhcNMTYxMDExMTcx +MjI4WhcNMjYxMDExMDAwMDAwWjAtMSswKQYDVQQDEyJXREtUZXN0Q2VydCBhc24s +MTMxMjA2Nzk1NDgwNDgzNDUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEApD6uPRvnduA8nsL3gd/OdTZzk+p0P9vAQ9kVbRFG39/UuSIIm7nyNO47Tu7h +CBuK8q5zwY31naKaOkLJMwTpUonI/rwFEhrt7EwFNi2aRVeyEbqLlwCzFK5rJGzP +wDp4vcKpWPsqD5mOKBOXOIbQt5l8MiKM91iRqvwEEg1Eba8hKF3P/MHT2ZaxMy4O +QdJdgjovSQfqihA5qG1wwXXTQvWeQHvt1TO+vUNTcnbO0YnIuG+c0WDljn4UVLYo +2HFk1c7MkTfYX3OzdUbxXpMsHbbQun2XU2v+yQRgViHUDe4G6pGz4ur/aN52DEFk +qIUCAeJWBhG4pQvMCl20L/19DwIDAQABoyQwIjALBgNVHQ8EBAMCBDAwEwYDVR0l +BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQEFBQADggEBAE5t7t5lXUYJGh8xu412 +yREBlUxQT4Uid9Kc/GmmwiQvinKMWwjdowxtfnRR/ZzrbD5AVVQIaM6JSgzLEH3x +0geN9FqMxcaJVksnUcx9iqWm94bznoPz9FXlgQ+e6lx9vCEP1butyUhj7m8yi0pk +D8nXwf8cszaPY2tjqMa8o77/W6pDUjIGJHNIsZJwIN/qJT3Sxs9Nb8qwLfjKB7Fp +aLgC9BAb73rWdW2uQSGtWO9Bvf7/fcgOk2Su1CFZTf/ZoqFbtTQ+Qwl92buUFmTl +yo9gVmPHXZWfeYaIDwTen2FI43WmLEsge8Xlfv+TpFLTby2BWnKgtxBsHA6L9Fem +xrwxggHZMIIB1QIBATBBMC0xKzApBgNVBAMTIldES1Rlc3RDZXJ0IGFzbiwxMzEy +MDY3OTU0ODA0ODM0NTMCEBZWyLK/m7OyTm80Ec3P8LUwCQYFKw4DAhoFAKBvMBAG +CisGAQQBgjcCAQwxAjAAMBgGCSqGSIb3DQEJAzELBgkrBgEEAYI3CgEwHAYKKwYB +BAGCNwIBCzEOMAwGCisGAQQBgjcCARUwIwYJKoZIhvcNAQkEMRYEFJBgjwiqs2u+ +74y1Cb725gOFBYr6MA0GCSqGSIb3DQEBAQUABIIBAI4vlVYFKOLdIfs/7kx9ADl5 +zaniHZMgjKiLAljglGCzkfO46IMdOP9/KfmTTTwWBtaP9s7fv9O0XGyOl2qH8Ufg +2d+0iS7CI8CqwF1Q8NLPYrSl2peKAPNibfIVbLR2+RUJ7zHxevdVou9Dt36A59mW +BZ78THyix0mVJ1ZivfzFwarChq5S4YI2fpbugTFftlr8YkRB78ki5J2sXICkcWtU +JRBZqhvsFlsghRWbUKyp20YyPNTgaGelumFj57OLGCVGAejxme/iF8EkmrUV8zs/ +FKuAqJdZ8QPdLD5sKyOL8a19md0tYpCV2ThOWD8okm8PrSMfz4fWlIKpTOi/KE0= +-----END PKCS7----- diff --git a/tests/datefudge-check.c b/tests/datefudge-check.c new file mode 100644 index 0000000..f2d896d --- /dev/null +++ b/tests/datefudge-check.c @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2019 Red Hat + * + * Author: Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include +#include + +int +main (void) +{ + char outstr[200]; + time_t t; + struct tm *tmp; + + t = time(NULL); + tmp = localtime(&t); + if (tmp == NULL) { + perror("localtime"); + exit(EXIT_FAILURE); + } + + if (strftime(outstr, sizeof(outstr), "%s", tmp) == 0) { + fprintf(stderr, "strftime returned 0"); + exit(EXIT_FAILURE); + } + + puts(outstr); + exit(EXIT_SUCCESS); +} diff --git a/tests/dh-compute.c b/tests/dh-compute.c new file mode 100644 index 0000000..828fb05 --- /dev/null +++ b/tests/dh-compute.c @@ -0,0 +1,231 @@ +/* + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Simo Sorce + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This program tests functionality of DH exchanges */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include "utils.h" + +#ifdef ENABLE_FIPS140 +int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params, + gnutls_datum_t *priv_key, gnutls_datum_t *pub_key); + +int _gnutls_dh_compute_key(gnutls_dh_params_t dh_params, + const gnutls_datum_t *priv_key, + const gnutls_datum_t *pub_key, + const gnutls_datum_t *peer_key, gnutls_datum_t *Z); + +static void params(gnutls_dh_params_t *dh_params, const gnutls_datum_t *p, + const gnutls_datum_t *q, const gnutls_datum_t *g) +{ + int ret; + + ret = gnutls_dh_params_init(dh_params); + if (ret != 0) + fail("error\n"); + + ret = gnutls_dh_params_import_raw3(*dh_params, p, q, g); + if (ret != 0) + fail("error\n"); +} + +static void genkey(const gnutls_dh_params_t dh_params, + gnutls_datum_t *priv_key, gnutls_datum_t *pub_key) +{ + int ret; + + ret = _gnutls_dh_generate_key(dh_params, priv_key, pub_key); + if (ret != 0) + fail("error\n"); +} + +static void compute_key(const char *name, const gnutls_dh_params_t dh_params, + const gnutls_datum_t *priv_key, const gnutls_datum_t *pub_key, + const gnutls_datum_t *peer_key, int expect_error, + gnutls_datum_t *result, bool expect_success) +{ + gnutls_datum_t Z = { 0 }; + bool success; + int ret; + + ret = _gnutls_dh_compute_key(dh_params, priv_key, pub_key, + peer_key, &Z); + if (expect_error != ret) + fail("%s: error %d (expected %d)\n", name, ret, expect_error); + + if (result) { + success = (Z.size != result->size && + memcmp(Z.data, result->data, Z.size)); + if (success != expect_success) + fail("%s: failed to match result\n", name); + } + gnutls_free(Z.data); +} + +struct dh_test_data { + const char *name; + const gnutls_datum_t prime; + const gnutls_datum_t q; + const gnutls_datum_t generator; + const gnutls_datum_t peer_key; + int expected_error; + gnutls_fips140_operation_state_t fips_state_genkey; + gnutls_fips140_operation_state_t fips_state_compute_key; +}; + +void doit(void) +{ + struct dh_test_data test_data[] = { + { + "[y == 0]", + gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, + gnutls_ffdhe_2048_group_generator, + { (void *)"\x00", 1 }, + GNUTLS_E_MPI_SCAN_FAILED, + GNUTLS_FIPS140_OP_APPROVED, + /* does not reach _wrap_nettle_pk_derive */ + GNUTLS_FIPS140_OP_INITIAL, + }, + { + "[y < 2]", + gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, + gnutls_ffdhe_2048_group_generator, + { (void *)"\x01", 1 }, + GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, + GNUTLS_FIPS140_OP_APPROVED, + GNUTLS_FIPS140_OP_ERROR, + }, + { + "[y > p - 2]", + gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, + gnutls_ffdhe_2048_group_generator, + gnutls_ffdhe_2048_group_prime, + GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, + GNUTLS_FIPS140_OP_APPROVED, + GNUTLS_FIPS140_OP_ERROR, + }, + { + "[y ^ q mod p == 1]", + gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, + gnutls_ffdhe_2048_group_generator, + gnutls_ffdhe_2048_group_q, + GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, + GNUTLS_FIPS140_OP_APPROVED, + GNUTLS_FIPS140_OP_ERROR, + }, + { + "Legal Input", + gnutls_ffdhe_2048_group_prime, + gnutls_ffdhe_2048_group_q, + gnutls_ffdhe_2048_group_generator, + { (void *)"\x02", 1 }, + 0, + GNUTLS_FIPS140_OP_APPROVED, + GNUTLS_FIPS140_OP_APPROVED, + }, + { NULL } + }; + +#define FIPS_PUSH_CONTEXT() do { \ + if (gnutls_fips140_mode_enabled()) { \ + ret = gnutls_fips140_push_context(fips_context); \ + if (ret < 0) { \ + fail("gnutls_fips140_push_context failed\n"); \ + } \ + } \ +} while (0) + +#define FIPS_POP_CONTEXT(state) do { \ + if (gnutls_fips140_mode_enabled()) { \ + ret = gnutls_fips140_pop_context(); \ + if (ret < 0) { \ + fail("gnutls_fips140_context_pop failed\n"); \ + } \ + fips_state = gnutls_fips140_get_operation_state(fips_context); \ + if (fips_state != state) { \ + fail("operation state is not %d (%d)\n", \ + state, fips_state); \ + } \ + } \ +} while (0) + + for (int i = 0; test_data[i].name != NULL; i++) { + gnutls_datum_t priv_key, pub_key; + gnutls_dh_params_t dh_params; + gnutls_fips140_context_t fips_context; + gnutls_fips140_operation_state_t fips_state; + int ret; + + if (gnutls_fips140_mode_enabled()) { + ret = gnutls_fips140_context_init(&fips_context); + if (ret < 0) { + fail("Cannot initialize FIPS context\n"); + } + } + + FIPS_PUSH_CONTEXT(); + params(&dh_params, &test_data[i].prime, &test_data[i].q, + &test_data[i].generator); + FIPS_POP_CONTEXT(GNUTLS_FIPS140_OP_INITIAL); + + success("%s genkey\n", test_data[i].name); + + FIPS_PUSH_CONTEXT(); + genkey(dh_params, &priv_key, &pub_key); + FIPS_POP_CONTEXT(test_data[i].fips_state_genkey); + + success("%s compute_key\n", test_data[i].name); + + FIPS_PUSH_CONTEXT(); + compute_key(test_data[i].name, dh_params, &priv_key, + &pub_key, &test_data[i].peer_key, + test_data[i].expected_error, NULL, 0); + FIPS_POP_CONTEXT(test_data[i].fips_state_compute_key); + + gnutls_dh_params_deinit(dh_params); + gnutls_free(priv_key.data); + gnutls_free(pub_key.data); + + if (gnutls_fips140_mode_enabled()) { + gnutls_fips140_context_deinit(fips_context); + } + } + + success("all ok\n"); +} +#else +void doit(void) +{ + return; +} +#endif diff --git a/tests/dh-fips-approved.sh b/tests/dh-fips-approved.sh new file mode 100755 index 0000000..cc98b91 --- /dev/null +++ b/tests/dh-fips-approved.sh @@ -0,0 +1,127 @@ +#!/bin/sh + +# Copyright (C) 2017 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem +CA1=${srcdir}/../doc/credentials/x509/ca.pem + +ALLOWED_PARAMS=" +rfc3526-group-14-2048 +rfc3526-group-15-3072 +rfc3526-group-16-4096 +rfc3526-group-17-6144 +rfc3526-group-18-8192 +rfc7919-ffdhe2048 +rfc7919-ffdhe3072 +rfc7919-ffdhe4096 +rfc7919-ffdhe6144 +rfc7919-ffdhe8192 +" + +DISALLOWED_PARAMS=" +rfc2409-group-2-1024 +rfc3526-group-5-1536 +rfc5054-1024 +rfc5054-1536 +rfc5054-2048 +rfc5054-3072 +rfc5054-4096 +rfc5054-6144 +rfc5054-8192 +rfc5114-group-22-1024 +rfc5114-group-23-2048 +rfc5114-group-24-2048 +" + +OPTS="--priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+AES-128-GCM:-GROUP-ALL" + +for params in $ALLOWED_PARAMS; do + echo "Checking with approved DH params: $params" + + PARAMS=${srcdir}/../doc/credentials/dhparams/${params}.pem + + eval "${GETPORT}" + launch_server ${OPTS} --x509keyfile ${KEY1} --x509certfile ${CERT1} --dhparams ${PARAMS} + PID=$! + wait_server ${PID} + + ${VALGRIND} "${CLI}" ${OPTS} -p "${PORT}" 127.0.0.1 --verify-hostname=localhost --x509cafile ${CA1} /dev/null || \ + fail ${PID} "handshake should have succeeded!" + + kill ${PID} + wait +done + +for params in $DISALLOWED_PARAMS; do + echo "Checking with non-approved DH params: $params" + + PARAMS=${srcdir}/../doc/credentials/dhparams/${params}.pem + + eval "${GETPORT}" + launch_server ${OPTS} --x509keyfile ${KEY1} --x509certfile ${CERT1} --dhparams ${PARAMS} + PID=$! + wait_server ${PID} + + ${VALGRIND} "${CLI}" ${OPTS} -p "${PORT}" 127.0.0.1 --verify-hostname=localhost --x509cafile ${CA1} /dev/null + + RET=$? + + if test $RET -eq 0; then + if test "${GNUTLS_FORCE_FIPS_MODE}" = 1; then + fail ${PID} "handshake should have failed (FIPS mode 1)!" + fi + else + if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then + fail ${PID} "handshake should have succeeded (FIPS mode 0)!" + fi + fi + + kill ${PID} + wait +done + +exit 0 diff --git a/tests/dh-params.c b/tests/dh-params.c new file mode 100644 index 0000000..1458c7a --- /dev/null +++ b/tests/dh-params.c @@ -0,0 +1,114 @@ +/* + * Copyright (C) 2016-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This program tests functionality in gnutls_dh_params structure */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "utils.h" + +static int compare(gnutls_datum_t *d1, gnutls_datum_t *d2) +{ + gnutls_datum_t t1, t2; + t1.data = d1->data; + t1.size = d1->size; + t2.data = d2->data; + t2.size = d2->size; + + /* skip any differences due to zeros */ + while (t1.data[0] == 0) { + t1.data++; + t1.size--; + } + + while (t2.data[0] == 0) { + t2.data++; + t2.size--; + } + + if (t1.size != t2.size) + return -1; + if (memcmp(t1.data, t2.data, t1.size) != 0) + return -1; + return 0; +} + +void doit(void) +{ + gnutls_dh_params_t dh_params, tmp_params; + gnutls_x509_privkey_t privkey; + gnutls_datum_t p1, g1, p2, g2, q; + unsigned bits = 0; + int ret; + + /* import DH parameters from DSA key and verify they are the same */ + assert(gnutls_dh_params_init(&dh_params) >= 0); + assert(gnutls_dh_params_init(&tmp_params) >= 0); + assert(gnutls_x509_privkey_init(&privkey) >= 0); + + ret = gnutls_x509_privkey_import(privkey, &dsa_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("error in %s: %d\n", __FILE__, __LINE__); + + ret = gnutls_dh_params_import_dsa(tmp_params, privkey); + if (ret < 0) + fail("error in %s: %d\n", __FILE__, __LINE__); + + assert(gnutls_dh_params_cpy(dh_params, tmp_params) >= 0); + gnutls_dh_params_deinit(tmp_params); + + ret = gnutls_dh_params_export_raw(dh_params, &p1, &g1, &bits); + if (ret < 0) + fail("error in %s: %d\n", __FILE__, __LINE__); + + ret = gnutls_x509_privkey_export_dsa_raw(privkey, &p2, &q, &g2, NULL, NULL); + if (ret < 0) + fail("error in %s: %d\n", __FILE__, __LINE__); + + if (bits > q.size*8 || bits < q.size*8-8) + fail("error in %s: %d\n", __FILE__, __LINE__); + + if (compare(&p1, &p2) != 0) + fail("error in %s: %d\n", __FILE__, __LINE__); + + if (compare(&g1, &g2) != 0) + fail("error in %s: %d\n", __FILE__, __LINE__); + + gnutls_free(p1.data); + gnutls_free(g1.data); + gnutls_free(p2.data); + gnutls_free(g2.data); + gnutls_free(q.data); + + gnutls_dh_params_deinit(dh_params); + gnutls_x509_privkey_deinit(privkey); + success("all ok\n"); +} diff --git a/tests/dhepskself.c b/tests/dhepskself.c new file mode 100644 index 0000000..6358cc8 --- /dev/null +++ b/tests/dhepskself.c @@ -0,0 +1,308 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include + +#include "utils.h" + +/* A very basic TLS client, with PSK authentication. + */ + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static void client(int sd) +{ + int ret, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_psk_client_credentials_t pskcred; + const gnutls_datum_t key = { (void *) "DEADBEEF", 8 }; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(5); + + gnutls_psk_allocate_client_credentials(&pskcred); + gnutls_psk_set_client_credentials(pskcred, "test", &key, + GNUTLS_PSK_KEY_HEX); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:+DHE-PSK", NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + print_dh_params_info(session); + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) + fputc(buffer[ii], stdout); + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + close(sd); + + gnutls_deinit(session); + + gnutls_psk_free_client_credentials(pskcred); + + gnutls_global_deinit(); +} + +/* This is a sample TLS 1.0 echo server, for PSK authentication. + */ + +#define MAX_BUF 1024 + +/* These are global */ +gnutls_psk_server_credentials_t server_pskcred; + +static gnutls_session_t initialize_tls_session(void) +{ + gnutls_session_t session; + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:+DHE-PSK", NULL); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); + + return session; +} + +static gnutls_dh_params_t dh_params; + +static int generate_dh_params(void) +{ + const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; + /* Generate Diffie-Hellman parameters - for use with DHE + * kx algorithms. These should be discarded and regenerated + * once a day, once a week or once a month. Depending on the + * security requirements. + */ + gnutls_dh_params_init(&dh_params); + return gnutls_dh_params_import_pkcs3(dh_params, &p3, + GNUTLS_X509_FMT_PEM); +} + +static int +pskfunc(gnutls_session_t session, const char *username, + gnutls_datum_t * key) +{ + if (debug) + printf("psk callback to get %s's password\n", username); + key->data = gnutls_malloc(4); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; +} + +int err, ret; +char topbuf[512]; +gnutls_session_t session; +char buffer[MAX_BUF + 1]; +int optval = 1; + +static void server(int sd) +{ + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + generate_dh_params(); + + gnutls_psk_allocate_server_credentials(&server_pskcred); + gnutls_psk_set_server_credentials_function(server_pskcred, + pskfunc); + gnutls_psk_set_server_dh_params(server_pskcred, dh_params); + + session = initialize_tls_session(); + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + print_dh_params_info(session); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_psk_free_server_credentials(server_pskcred); + + gnutls_dh_params_deinit(dh_params); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +void doit(void) +{ + pid_t child; + int sockets[2]; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + server(sockets[0]); + wait(&status); + check_wait_status(status); + } else { + client(sockets[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/dhex509self.c b/tests/dhex509self.c new file mode 100644 index 0000000..d9ed7ca --- /dev/null +++ b/tests/dhex509self.c @@ -0,0 +1,395 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include "cert-common.h" + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include + +#include "utils.h" + +#include "ex-session-info.c" +#include "ex-x509-info.c" + +pid_t child; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, + str); +} + +/* A very basic TLS client, with anonymous authentication. + */ + + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + + +static void client(int sd) +{ + int ret, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + gnutls_certificate_credentials_t tst_cred; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&xcred); + + /* sets the trusted cas file + */ + gnutls_certificate_set_x509_trust_mem(xcred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_x509_key_mem(xcred, &cli_ca3_cert, &cli_ca3_key, + GNUTLS_X509_FMT_PEM); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", NULL); + + /* put the x509 credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else if (debug) { + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + if (debug) + print_info(session); + + print_dh_params_info(session); + + ret = gnutls_credentials_get(session, GNUTLS_CRD_CERTIFICATE, (void**)&tst_cred); + if (ret < 0) { + fail("client: gnutls_credentials_get failed: %s\n", gnutls_strerror(ret)); + } + if (tst_cred != xcred) { + fail("client: gnutls_credentials_get returned invalid value\n"); + } + + ret = gnutls_record_send(session, MSG, strlen(MSG)); + + if (ret == strlen(MSG)) { + if (debug) + success("client: sent record.\n"); + } else { + fail("client: failed to send record.\n"); + gnutls_perror(ret); + goto end; + } + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (debug) + success("client: recv returned %d.\n", ret); + + if (ret == GNUTLS_E_REHANDSHAKE) { + if (debug) + success("client: doing handshake!\n"); + ret = gnutls_handshake(session); + if (ret == 0) { + if (debug) + success + ("client: handshake complete, reading again.\n"); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } else { + fail("client: handshake failed.\n"); + } + } + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); +} + +/* This is a sample TLS 1.0 echo server, using X.509 authentication. + */ + +#define MAX_BUF 1024 +#define DH_BITS 1024 + +/* These are global */ +gnutls_certificate_credentials_t x509_cred; + +static gnutls_session_t initialize_tls_session(void) +{ + gnutls_session_t session; + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", NULL); + gnutls_handshake_set_timeout(session, get_timeout()); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + /* request client certificate if any. + Moved to later on to be able to test re-handshakes. + gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); + */ + + gnutls_dh_set_prime_bits(session, DH_BITS); + + return session; +} + +static gnutls_dh_params_t dh_params; + +static int generate_dh_params(void) +{ + const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; + gnutls_dh_params_init(&dh_params); + return gnutls_dh_params_import_pkcs3(dh_params, &p3, + GNUTLS_X509_FMT_PEM); +} + +int err, ret; +char topbuf[512]; +gnutls_session_t session; +char buffer[MAX_BUF + 1]; +int optval = 1; + + +static void server(int sd) +{ + /* this must be called once in the program + */ + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_mem(x509_cred, + &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + + if (debug) + success("Launched, generating DH parameters...\n"); + + generate_dh_params(); + + gnutls_certificate_set_dh_params(x509_cred, dh_params); + + session = initialize_tls_session(); + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) { + success("server: Handshake was completed\n"); + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + } + + /* see the Getting peer's information example */ + if (debug) + print_info(session); + + print_dh_params_info(session); + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + gnutls_certificate_server_set_request(session, + GNUTLS_CERT_REQUEST); + + if (debug) + success + ("server: got data, forcing rehandshake.\n"); + + ret = gnutls_rehandshake(session); + if (ret < 0) { + fail("server: rehandshake failed\n"); + gnutls_perror(ret); + break; + } + + ret = gnutls_handshake(session); + if (ret < 0) { + fail("server: (re)handshake failed\n"); + gnutls_perror(ret); + break; + } + + if (debug) + success("server: rehandshake complete.\n"); + + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_dh_params_deinit(dh_params); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + + +void doit(void) +{ + int sockets[2]; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + + server(sockets[0]); + wait(&status); + check_wait_status(status); + } else { + client(sockets[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/dn.c b/tests/dn.c new file mode 100644 index 0000000..a242d37 --- /dev/null +++ b/tests/dn.c @@ -0,0 +1,158 @@ +/* + * Copyright (C) 2006-2012 Free Software Foundation, Inc. + * Author: Simon Josefsson, Howard Chu + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include +#include +#include "utils.h" + +static char pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIE8jCCAtqgAwIBAgIDAkQVMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv\n" + "b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ\n" + "Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y\n" + "dEBjYWNlcnQub3JnMB4XDTA2MDUxNTE1MjEzMVoXDTA3MDUxNTE1MjEzMVowPjEY\n" + "MBYGA1UEAxMPQ0FjZXJ0IFdvVCBVc2VyMSIwIAYJKoZIhvcNAQkBFhNzaW1vbkBq\n" + "b3NlZnNzb24ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuddO\n" + "vxr7gfof8Ejtk/EOC16m0UdymQhwQwfPM5wWKJCJK9l5GoXSHe+s/+6HPLhXo2do\n" + "byUS6X3w7ODO6MGnlWALJUapUa2LinofYwYWFVlOlwyuN2lW+xQgeQjn24R8Glzl\n" + "KQ2f5C9JOE3RSGnHr7VH/6JJy+rPovh+gqKHjt9UH6Su1LFEQGUg+x+CVPAluYty\n" + "ECfHdAad2Gcbgn3vkMyKEF6VAKR/G9uDb7bBVuA73UWkUtDi3dekM882UqH5HQRj\n" + "mGYoGJk49PQ52jGftXNIDyHDOYWXTl9W64dHKRGaW0LOrkLrodjMPdudTvSsoWzK\n" + "DpMMdHLsFx2/+MAsPwIDAQABo4G9MIG6MAwGA1UdEwEB/wQCMAAwVgYJYIZIAYb4\n" + "QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBoZWFk\n" + "IG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMDIGCCsGAQUFBwEBBCYwJDAi\n" + "BggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9yZzAeBgNVHREEFzAVgRNz\n" + "aW1vbkBqb3NlZnNzb24ub3JnMA0GCSqGSIb3DQEBBQUAA4ICAQCXhyNfM8ozU2Jw\n" + "H+XEDgrt3lUgnUbXQC+AGXdj4ZIJXQfHOCCQxZOO6Oe9V0rxldO3M5tQi92yRjci\n" + "aa892MCVPxTkJLR0h4Kx4JfeTtSvl+9nWPSRrZbPTdWZ3ecnCyrfLfEas6pZp1ur\n" + "lJkaEksAg5dGNrvJGPqBbF6A44b1wlBTCHEBZy2n/7Qml7Nhydymq2nFhDtlQJ6X\n" + "w+6juM85vaEII6kuNatk2OcMJG9R0JxbC0e+PPI1jk7wuAz4WIMyj+ZudGNOTWKN\n" + "3ohK9v0/EE1/S+KMy3T7fzMkbKkwAQZzQNoDf8bSzvDwtZsoudA4Kcloz8a/iKEH\n" + "C9nKYBU8sFBd1cYV7ocFhN2awvuVnBlfsEN4eO5TRA50hmLxwt5D8Vs2v55n1kl6\n" + "7PBo6H2ZMfbQcws731k4RpOqQcU+2yl/wBlDChOOO95mbJ31tqMh27yIjIemgD6Z\n" + "jxL92AgHPzSFy/nyqmZ1ADcnB5fC5WsEYyr9tPM1gpjJEsi95YIBrO7Uyt4tj5U3\n" + "dYDvbU+Mg1r0gJi61wciuyAllwKfu9aqkCjJKQGHrTimWzRa6RPygaojWIEmap89\n" + "bHarWgDg9CKVP1DggVkcD838s//kE1Vl2DReyfAtEQ1agSXLFncgxL+yOi1o3lcq\n" + "+dmDgpDn168TY1Iug80uVKg7AfkLrA==\n" "-----END CERTIFICATE-----\n"; + +static void print_dn(gnutls_x509_dn_t dn) +{ + int i, j, ret = 0; + gnutls_x509_ava_st ava; + + for (i = 0; ret == 0; i++) + for (j = 0; ret == 0; j++) { + ret = gnutls_x509_dn_get_rdn_ava(dn, i, j, &ava); + if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { + if (j > 0) { + j = 0; + ret = 0; + } + break; + } + if (ret < 0) + fail("get_rdn_ava %d\n", ret); + if (debug) + printf + ("dn[%d][%d] OID=%.*s\n\tDATA=%.*s\n", + i, j, ava.oid.size, ava.oid.data, + ava.value.size, ava.value.data); + } +} + +void doit(void) +{ + int ret; + gnutls_datum_t pem_cert = { (unsigned char *) pem, sizeof(pem) }; + gnutls_x509_crt_t cert; + gnutls_datum_t strdn; + gnutls_x509_dn_t xdn; + + ret = global_init(); + if (ret < 0) + fail("init %d\n", ret); + + ret = gnutls_x509_crt_init(&cert); + if (ret < 0) + fail("crt_init %d\n", ret); + + ret = gnutls_x509_crt_import(cert, &pem_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("crt_import %d\n", ret); + + ret = gnutls_x509_crt_get_issuer(cert, &xdn); + if (ret < 0) + fail("get_issuer %d\n", ret); + + if (debug) { + printf("Issuer:\n"); + print_dn(xdn); + } + + ret = gnutls_x509_crt_get_subject(cert, &xdn); + if (ret < 0) + fail("get_subject %d\n", ret); + + /* test the original function behavior */ + ret = gnutls_x509_dn_get_str(xdn, &strdn); + if (ret < 0) + fail("gnutls_x509_dn_get_str %d\n", ret); + + if (strdn.size != 44 || strcmp((char*)strdn.data, "CN=CAcert WoT User,EMAIL=simon@josefsson.org") != 0) { + fail("gnutls_x509_dn_get_str string comparison failed: '%s'/%d\n", strdn.data, strdn.size); + } + gnutls_free(strdn.data); + + /* test the new function behavior */ + ret = gnutls_x509_dn_get_str2(xdn, &strdn, 0); + if (ret < 0) + fail("gnutls_x509_dn_get_str2 %d\n", ret); + if (strdn.size != 44 || strcmp((char*)strdn.data, "EMAIL=simon@josefsson.org,CN=CAcert WoT User") != 0) { + fail("gnutls_x509_dn_get_str2 string comparison failed: '%s'/%d\n", strdn.data, strdn.size); + } + gnutls_free(strdn.data); + + /* test the new/compat function behavior */ + ret = gnutls_x509_dn_get_str2(xdn, &strdn, GNUTLS_X509_DN_FLAG_COMPAT); + if (ret < 0) + fail("gnutls_x509_dn_get_str2 %d\n", ret); + if (strdn.size != 44 || strcmp((char*)strdn.data, "CN=CAcert WoT User,EMAIL=simon@josefsson.org") != 0) { + fail("gnutls_x509_dn_get_str2 string comparison failed: '%s'/%d\n", strdn.data, strdn.size); + } + gnutls_free(strdn.data); + + if (debug) { + printf("Subject:\n"); + print_dn(xdn); + } + + if (debug) + success("done\n"); + + gnutls_x509_crt_deinit(cert); + gnutls_global_deinit(); +} diff --git a/tests/dn2.c b/tests/dn2.c new file mode 100644 index 0000000..5c696f2 --- /dev/null +++ b/tests/dn2.c @@ -0,0 +1,109 @@ +/* + * Copyright (C) 2009-2012 Free Software Foundation, Inc. + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include +#include +#include "utils.h" + +static char pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIFpzCCBI+gAwIBAgIQSOyh48ZYvgTFR8HspnpkMzANBgkqhkiG9w0BAQUFADCB\n" + "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n" + "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n" + "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n" + "HhcNMDgxMTEzMDAwMDAwWhcNMDkxMTEzMjM1OTU5WjCB6zETMBEGCysGAQQBgjc8\n" + "AgEDEwJERTEZMBcGCysGAQQBgjc8AgEBFAhNdWVuY2hlbjEbMBkGA1UEDxMSVjEu\n" + "MCwgQ2xhdXNlIDUuKGIpMRMwEQYDVQQFEwpIUkIgMTQ0MjYxMQswCQYDVQQGEwJE\n" + "RTEOMAwGA1UEERQFODA4MDcxEDAOBgNVBAgTB0JhdmFyaWExETAPBgNVBAcUCE11\n" + "ZW5jaGVuMR0wGwYDVQQJFBRGcmFua2Z1cnRlciBSaW5nIDEyOTERMA8GA1UEChQI\n" + "R01YIEdtYkgxEzARBgNVBAMUCnd3dy5nbXguZGUwgZ8wDQYJKoZIhvcNAQEBBQAD\n" + "gY0AMIGJAoGBAN/ZbLu17YtZo2OGnOfQDwhQlCvks2c+5nJDXjnCHI/ykSGlPH4G\n" + "5qc7/TScNV1/g0bUTRCA11+aVkvf6haRZfgwbxpY1iySNv8eOlm52QAfh3diJQ9N\n" + "5LxQblLHMRxXSFCJThl4BYAt70YdNMT9mVD21xx6ae+m3xEuco31aV7ZAgMBAAGj\n" + "ggH0MIIB8DAJBgNVHRMEAjAAMB0GA1UdDgQWBBTW4UAZN3wEg5TRWaoM1angbgOX\n" + "tjALBgNVHQ8EBAMCBaAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAqMCgGCCsG\n" + "AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMD4GA1UdHwQ3MDUw\n" + "M6AxoC+GLWh0dHA6Ly9FVkludGwtY3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2\n" + "LmNybDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATAf\n" + "BgNVHSMEGDAWgBROQ8gddu83U3pP8lhvlPM44tW93zB2BggrBgEFBQcBAQRqMGgw\n" + "KwYIKwYBBQUHMAGGH2h0dHA6Ly9FVkludGwtb2NzcC52ZXJpc2lnbi5jb20wOQYI\n" + "KwYBBQUHMAKGLWh0dHA6Ly9FVkludGwtYWlhLnZlcmlzaWduLmNvbS9FVkludGwy\n" + "MDA2LmNlcjBuBggrBgEFBQcBDARiMGChXqBcMFowWDBWFglpbWFnZS9naWYwITAf\n" + "MAcGBSsOAwIaBBRLa7kolgYMu9BSOJsprEsHiyEFGDAmFiRodHRwOi8vbG9nby52\n" + "ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYwDQYJKoZIhvcNAQEFBQADggEBAKpNJQYO\n" + "JTp34I24kvRF01WpOWOmfBx4K1gqruda/7U0UZqgTgBJVvwraKf6WeTZpHRqDCTw\n" + "iwySv7jil+gLMT0qIZxL1pII90z71tz08h8xYi1MOLeciG87O9C5pteL/iEtiMxB\n" + "96B6WWBo9mzgwSM1d8LDhrarZ7uQhm+kBAMyEXhmDnCPWhvExvxJzjEmOlxjThyP\n" + "2yvIgfLyDfplRe+jUbsY7YNe08eEyoLRq1jwPuRWTaEx2gA7C6pq45747/HkJrtF\n" + "ya3ULM/AJv6Nj6pobxzQ5rEkUGEwKavu7GMjLrSMnHrbVCiQrn1v6c7B9nSPA31L\n" + "/do1TDFI0vSl5+M=\n" "-----END CERTIFICATE-----\n"; + +static const char *info = + "subject `CN=www.gmx.de,O=GMX GmbH,street=Frankfurter Ring 129,L=Muenchen,ST=Bavaria,postalCode=80807,C=DE,serialNumber=HRB 144261,businessCategory=V1.0\\, Clause 5.(b),jurisdictionOfIncorporationLocalityName=Muenchen,jurisdictionOfIncorporationCountryName=DE', issuer `CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign\\, Inc.,C=US', serial 0x48eca1e3c658be04c547c1eca67a6433, RSA key 1024 bits, signed using RSA-SHA1 (broken!), activated `2008-11-13 00:00:00 UTC', expires `2009-11-13 23:59:59 UTC', pin-sha256=\"sVjloAiiqTbOeTkJWYtVweNaVPijLP/X95L96gJOSvk=\""; + +void doit(void) +{ + gnutls_datum_t pem_cert = { (void *) pem, sizeof(pem) }; + gnutls_x509_crt_t cert; + gnutls_datum_t out; + int ret; + + ret = global_init(); + if (ret < 0) + fail("init %d\n", ret); + + ret = gnutls_x509_crt_init(&cert); + if (ret < 0) + fail("crt_init %d\n", ret); + + ret = gnutls_x509_crt_import(cert, &pem_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("crt_import %d\n", ret); + + ret = gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_ONELINE, &out); + if (ret < 0) + fail("x509_crt_print %d\n", ret); + +/* When allowing SHA1, the output is different: no broken! string */ +#ifndef ALLOW_SHA1 + if (out.size != strlen(info) || + strcasecmp((char *) out.data, info) != 0) { + fprintf(stderr, "comparison fail (%d/%d)\nexpected: %s\n\n got: %.*s\n\n", + out.size, (int) strlen(info), info, out.size, + out.data); + fail("comparison failed\n"); + } +#endif + + gnutls_x509_crt_deinit(cert); + gnutls_global_deinit(); + gnutls_free(out.data); + + if (debug) + success("done\n"); +} diff --git a/tests/dss-sig-val.c b/tests/dss-sig-val.c new file mode 100644 index 0000000..961e3ea --- /dev/null +++ b/tests/dss-sig-val.c @@ -0,0 +1,241 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include +#include + +#include "utils.h" + +static void encode(const char *test_name, const gnutls_datum_t * sig, + const gnutls_datum_t * r, const gnutls_datum_t * s) +{ + int ret; + gnutls_datum_t tmp_r, tmp_s, tmp_sig; + + ret = gnutls_decode_rs_value(sig, &tmp_r, &tmp_s); + if (ret < 0) { + fail("%s: gnutls_decode_rs_value: %s\n", test_name, + gnutls_strerror(ret)); + exit(1); + } + + if (tmp_r.size != r->size || memcmp(r->data, tmp_r.data, r->size) != 0) { + fail("%s: gnutls_decode_rs_value: r doesn't match\n", + test_name); + exit(1); + } + + if (tmp_s.size != s->size || memcmp(s->data, tmp_s.data, s->size) != 0) { + fail("%s: gnutls_decode_rs_value: s doesn't match\n", + test_name); + exit(1); + } + + gnutls_free(tmp_r.data); + gnutls_free(tmp_s.data); + + /* check encoding */ + ret = gnutls_encode_rs_value(&tmp_sig, r, s); + if (ret < 0) { + fail("%s: gnutls_encode_rs_value: %s\n", test_name, + gnutls_strerror(ret)); + exit(1); + } + + if (tmp_sig.size != sig->size + || memcmp(sig->data, tmp_sig.data, sig->size) != 0) { + fail("%s: gnutls_encode_rs_value: sig doesn't match\n", + test_name); + exit(1); + } + + gnutls_free(tmp_sig.data); + + return; +} + +struct encode_tests_st { + const char *name; + gnutls_datum_t sig; + gnutls_datum_t r; + gnutls_datum_t s; +}; + +struct encode_tests_st encode_tests[] = { + { + .name = "test1", + .sig = + {(unsigned char *) + "\x30\x46\x02\x21\x00\xe8\xa4\x26\x96\x2c\x32\xc6\x92\x55\x71\x31\xd7\x10\x35\x92\x60\x85\x34\xf0\x65\x03\x08\x2e\x38\x2b\xc8\x28\x67\xde\x10\x7c\xf5\x02\x21\x00\xc9\x8e\x56\x4f\xb1\x62\xe1\x74\xbe\x8c\x9d\xff\x04\x88\x75\x76\x63\x91\x8a\xd6\x9d\x41\x76\xef\xe2\xb5\x8e\xbb\xa8\x88\xba\x9f", + 72}, + .r = + {(unsigned char *) + "\x00\xe8\xa4\x26\x96\x2c\x32\xc6\x92\x55\x71\x31\xd7\x10\x35\x92\x60\x85\x34\xf0\x65\x03\x08\x2e\x38\x2b\xc8\x28\x67\xde\x10\x7c\xf5", + 33}, + .s = + {(unsigned char *) + "\x00\xc9\x8e\x56\x4f\xb1\x62\xe1\x74\xbe\x8c\x9d\xff\x04\x88\x75\x76\x63\x91\x8a\xd6\x9d\x41\x76\xef\xe2\xb5\x8e\xbb\xa8\x88\xba\x9f", + 33} + }, + { + .name = "test2", + .sig = + {(unsigned char *) + "\x30\x44\x02\x20\x07\xd2\x7f\xd0\xef\x77\xa8\x29\x31\x9b\x46\x01\xb3\xaf\x66\xac\x33\x48\x15\x94\xb8\x80\xa1\x97\x71\x8f\x4a\x32\x43\x12\xec\x1f\x02\x20\x37\x06\x13\xbe\x4c\x6d\xdd\xcd\xa1\x4c\x88\xc5\x66\x85\x81\xf5\x50\x41\xb1\x4a\xee\x29\xce\x73\x2c\x09\xff\xba\xe3\x5e\x8a\x12", + 70}, + .r = + {(unsigned char *) + "\x07\xd2\x7f\xd0\xef\x77\xa8\x29\x31\x9b\x46\x01\xb3\xaf\x66\xac\x33\x48\x15\x94\xb8\x80\xa1\x97\x71\x8f\x4a\x32\x43\x12\xec\x1f", + 32}, + .s = + {(unsigned char *) + "\x37\x06\x13\xbe\x4c\x6d\xdd\xcd\xa1\x4c\x88\xc5\x66\x85\x81\xf5\x50\x41\xb1\x4a\xee\x29\xce\x73\x2c\x09\xff\xba\xe3\x5e\x8a\x12", + 32} + }, + { + .name = "test3", + .sig = + {(unsigned char *) + "\x30\x44\x02\x20\x57\x53\x71\xfd\x9c\xb5\x96\xc2\xc5\xc7\x59\xce\x2f\xc2\xbe\x8f\xdc\x22\xf9\xab\x38\xdc\x57\x81\xfb\x34\x78\x12\xae\x88\x9a\x50\x02\x20\x60\x6b\xd4\x5b\xd6\x32\x05\xae\x1f\xe6\x08\xf4\x73\x0f\x42\xbc\x32\x55\x1f\x8d\xea\x81\xec\x2b\x4a\x0b\x8c\x0f\xb1\xbe\x5f\x9b", + 70}, + .r = + {(unsigned char *) + "\x57\x53\x71\xfd\x9c\xb5\x96\xc2\xc5\xc7\x59\xce\x2f\xc2\xbe\x8f\xdc\x22\xf9\xab\x38\xdc\x57\x81\xfb\x34\x78\x12\xae\x88\x9a\x50", + 32}, + .s = + {(unsigned char *) + "\x60\x6b\xd4\x5b\xd6\x32\x05\xae\x1f\xe6\x08\xf4\x73\x0f\x42\xbc\x32\x55\x1f\x8d\xea\x81\xec\x2b\x4a\x0b\x8c\x0f\xb1\xbe\x5f\x9b", + 32} + + }, + { + .name = "test4", + .sig = + {(unsigned char *) + "\x30\x46\x02\x21\x00\xe7\xdd\x79\x58\x96\xf6\x12\x05\xc1\x7a\x44\xd6\xdf\xde\x83\xe9\xb6\x30\xa7\xff\x02\x85\x97\x34\x5a\xcd\x2f\xae\xbd\xc6\x5d\xde\x02\x21\x00\xb5\x64\xbc\x53\x97\xc5\x64\x6f\x6b\x81\xe7\x4d\xad\x36\x29\x50\xd1\x62\x91\x65\x51\xf0\xc4\xa5\x28\x80\x20\x51\x9b\xce\xcc\xc8", + 72}, + .r = + {(unsigned char *) + "\x00\xe7\xdd\x79\x58\x96\xf6\x12\x05\xc1\x7a\x44\xd6\xdf\xde\x83\xe9\xb6\x30\xa7\xff\x02\x85\x97\x34\x5a\xcd\x2f\xae\xbd\xc6\x5d\xde", + 33}, + .s = + {(unsigned char *) + "\x00\xb5\x64\xbc\x53\x97\xc5\x64\x6f\x6b\x81\xe7\x4d\xad\x36\x29\x50\xd1\x62\x91\x65\x51\xf0\xc4\xa5\x28\x80\x20\x51\x9b\xce\xcc\xc8", + 33} + }, + { + .name = "test5", + .sig = + {(unsigned char *) + "\x30\x45\x02\x20\x54\xce\x1b\x8d\x63\x5d\xa4\xdb\x26\x58\x1c\x8f\xf0\xb0\x6d\xf3\x2f\x6a\xdb\x83\xcf\x7e\xe7\xda\x98\x52\xa6\x5f\x1f\xc9\x50\x73\x02\x21\x00\xfa\xb9\x6a\x18\xd4\xc6\x45\x3c\xf2\xbf\xc2\x3d\x15\x0d\xc6\xd4\x0c\x78\x52\x12\xec\xb5\x3c\xf5\xe0\x8a\xbf\x6c\x11\xd3\xfd\x4f", + 71}, + .r = + {(unsigned char *) + "\x54\xce\x1b\x8d\x63\x5d\xa4\xdb\x26\x58\x1c\x8f\xf0\xb0\x6d\xf3\x2f\x6a\xdb\x83\xcf\x7e\xe7\xda\x98\x52\xa6\x5f\x1f\xc9\x50\x73", + 32}, + .s = + {(unsigned char *) + "\x00\xfa\xb9\x6a\x18\xd4\xc6\x45\x3c\xf2\xbf\xc2\x3d\x15\x0d\xc6\xd4\x0c\x78\x52\x12\xec\xb5\x3c\xf5\xe0\x8a\xbf\x6c\x11\xd3\xfd\x4f", + 33} + }, + { + .name = "test6", + .sig = + {(unsigned char *) + "\x30\x45\x02\x20\x3b\x77\x03\xcf\x8f\xe7\x92\xf1\x6a\x68\x3b\xcd\xb7\x21\x5b\x80\xcd\x00\x75\x65\x38\x31\x8c\xc2\x9b\x92\x6a\x1a\x02\x4b\xd8\x73\x02\x21\x00\xd9\x88\x28\x68\xae\x31\x5d\x95\xa4\x8b\x5e\x3a\x95\x24\x7b\x0d\x07\xaa\xc4\xe0\xeb\xb1\xf1\x89\xc0\xab\x4d\x88\x15\x84\x5f\x01", + 71}, + .r = + {(unsigned char *) + "\x3b\x77\x03\xcf\x8f\xe7\x92\xf1\x6a\x68\x3b\xcd\xb7\x21\x5b\x80\xcd\x00\x75\x65\x38\x31\x8c\xc2\x9b\x92\x6a\x1a\x02\x4b\xd8\x73", + 32}, + .s = + {(unsigned char *) + "\x00\xd9\x88\x28\x68\xae\x31\x5d\x95\xa4\x8b\x5e\x3a\x95\x24\x7b\x0d\x07\xaa\xc4\xe0\xeb\xb1\xf1\x89\xc0\xab\x4d\x88\x15\x84\x5f\x01", + 33} + }, + { + .name = "test7", + .sig = + {(unsigned char *) + "\x30\x45\x02\x20\x22\xa1\xbf\x7d\xcd\x7b\x5e\xab\xa0\x08\x20\xe5\xcc\x22\x34\x61\xf1\x1f\xd0\x3a\x32\xc3\x61\x19\xcf\xe4\xeb\xff\x66\xe6\x51\xa1\x02\x21\x00\x9d\x62\xcb\x04\x3e\xb6\x1f\xc1\x2e\x52\xd4\x73\x7f\xbd\xa5\x9c\x29\x49\x75\x6d\x08\xf9\xcb\x74\xd7\x41\xdc\xcb\x66\x4d\x9a\x77", + 71}, + .r = + {(unsigned char *) + "\x22\xa1\xbf\x7d\xcd\x7b\x5e\xab\xa0\x08\x20\xe5\xcc\x22\x34\x61\xf1\x1f\xd0\x3a\x32\xc3\x61\x19\xcf\xe4\xeb\xff\x66\xe6\x51\xa1", + 32}, + .s = + {(unsigned char *) + "\x00\x9d\x62\xcb\x04\x3e\xb6\x1f\xc1\x2e\x52\xd4\x73\x7f\xbd\xa5\x9c\x29\x49\x75\x6d\x08\xf9\xcb\x74\xd7\x41\xdc\xcb\x66\x4d\x9a\x77", + 33} + }, + { + .name = "test8", + .sig = + {(unsigned char *) + "\x30\x44\x02\x20\x41\xc9\x32\x16\x2e\x6f\x0c\x1f\x0f\x81\xc0\x0f\x01\x50\x31\x75\x10\x55\x25\x45\x2a\x75\xb1\xdf\x91\x8e\xdf\x24\x30\xf2\xa8\x5f\x02\x20\x07\x80\xa7\x9b\xb8\x1c\x4f\x6e\xc4\x97\x5c\xb7\x9e\x61\x2a\xf0\xfc\x16\xdd\xe7\xa3\xcc\x15\x99\x68\x08\x8e\x85\x60\x9d\x34\xf8", + 70}, + .r = + {(unsigned char *) + "\x41\xc9\x32\x16\x2e\x6f\x0c\x1f\x0f\x81\xc0\x0f\x01\x50\x31\x75\x10\x55\x25\x45\x2a\x75\xb1\xdf\x91\x8e\xdf\x24\x30\xf2\xa8\x5f", + 32}, + .s = + {(unsigned char *) + "\x07\x80\xa7\x9b\xb8\x1c\x4f\x6e\xc4\x97\x5c\xb7\x9e\x61\x2a\xf0\xfc\x16\xdd\xe7\xa3\xcc\x15\x99\x68\x08\x8e\x85\x60\x9d\x34\xf8", + 32} + + }, + { + .name = "test9", + .sig = + {(unsigned char *) + "\x30\x46\x02\x21\x00\xbe\xa1\x01\x12\x64\x1d\x66\x5a\x68\x4a\xa0\xd5\x7e\x3e\x0c\x83\x51\xaa\x21\x9a\x0f\x7b\x38\xf0\xc0\x8b\xc5\xba\xfe\x25\x83\x51\x02\x21\x00\xfb\xea\x25\x74\x78\xd3\xaa\x91\x7b\xc8\x49\x26\x22\x26\xc7\x72\x6b\x25\xfd\x05\xac\x71\x5d\xeb\x1d\xc5\xaa\x4e\xc9\x6e\x34\xb5", + 72}, + .r = + {(unsigned char *) + "\x00\xbe\xa1\x01\x12\x64\x1d\x66\x5a\x68\x4a\xa0\xd5\x7e\x3e\x0c\x83\x51\xaa\x21\x9a\x0f\x7b\x38\xf0\xc0\x8b\xc5\xba\xfe\x25\x83\x51", + 33}, + .s = + {(unsigned char *) + "\x00\xfb\xea\x25\x74\x78\xd3\xaa\x91\x7b\xc8\x49\x26\x22\x26\xc7\x72\x6b\x25\xfd\x05\xac\x71\x5d\xeb\x1d\xc5\xaa\x4e\xc9\x6e\x34\xb5", + 33} + + } +}; + +void doit(void) +{ + unsigned i; + + for (i = 0; i < sizeof(encode_tests) / sizeof(encode_tests[0]); i++) { + encode(encode_tests[i].name, &encode_tests[i].sig, + &encode_tests[i].r, &encode_tests[i].s); + } +} diff --git a/tests/dtls-client-with-seccomp.c b/tests/dtls-client-with-seccomp.c new file mode 100644 index 0000000..c39068c --- /dev/null +++ b/tests/dtls-client-with-seccomp.c @@ -0,0 +1,311 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static void terminate(void); + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + + return send(fd, data, len, 0); +} + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + ret = disable_system_calls(); + if (ret < 0) { + fprintf(stderr, "could not enable seccomp\n"); + exit(2); + } + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, + prio, + NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) { + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + } + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t xcred; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + ret = gnutls_certificate_set_x509_key_mem(xcred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, + prio, + NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + memset(buffer, 1, sizeof(buffer)); + do { + ret = gnutls_record_send(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: data sending has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) { + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + } + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void run(const char *name, const char *prio) +{ + int fd[2]; + int ret; + + success("testing seccomp with %s\n", name); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + close(fd[1]); + server(fd[0], prio); + + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } +} + +void doit(void) +{ + run("dtls1.2", "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-DTLS1.2"); +} +#endif /* _WIN32 */ diff --git a/tests/dtls-etm.c b/tests/dtls-etm.c new file mode 100644 index 0000000..1a8c1b5 --- /dev/null +++ b/tests/dtls-etm.c @@ -0,0 +1,346 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +static void terminate(void); + +/* This program tests whether EtM is negotiated as expected. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* A very basic TLS client, with anonymous authentication. + */ + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio, unsigned etm) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (etm != 0 && gnutls_session_etm_status(session) == 0) { + fail("client: EtM was not negotiated with %s!\n", prio); + exit(1); + } else if (etm == 0 && gnutls_session_etm_status(session) != 0) { + fail("client: EtM was negotiated with %s!\n", prio); + exit(1); + } + + if (etm != 0 && ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_ETM) == 0)) { + fail("client: EtM was not negotiated with %s!\n", prio); + exit(1); + } else if (etm == 0 && ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_ETM) != 0)) { + fail("client: EtM was negotiated with %s!\n", prio); + exit(1); + } + + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio, unsigned etm) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + unsigned to_send = sizeof(buffer)/4; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER|GNUTLS_DATAGRAM); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + if (etm != 0 && gnutls_session_etm_status(session) == 0) { + fail("server: EtM was not negotiated with %s!\n", prio); + exit(1); + } else if (etm == 0 && gnutls_session_etm_status(session) != 0) { + fail("server: EtM was negotiated with %s!\n", prio); + exit(1); + } + + if (etm != 0 && ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_ETM) == 0)) { + fail("server: EtM was not negotiated with %s!\n", prio); + exit(1); + } else if (etm == 0 && ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_ETM) != 0)) { + fail("server: EtM was negotiated with %s!\n", prio); + exit(1); + } + + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + do { + ret = + gnutls_record_send(session, buffer, + sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("Error sending %d byte packet: %s\n", to_send, + gnutls_strerror(ret)); + terminate(); + } + to_send++; + } + while (to_send < 64); + + to_send = -1; + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *prio, unsigned etm) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio, etm); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], prio, etm); + exit(0); + } +} + +#define AES_CBC "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_CBC_SHA256 "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_GCM "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + + start(AES_CBC, 1); + start(AES_CBC_SHA256, 1); + start(AES_GCM, 0); +} + +#endif /* _WIN32 */ diff --git a/tests/dtls-handshake-versions.c b/tests/dtls-handshake-versions.c new file mode 100644 index 0000000..507aa06 --- /dev/null +++ b/tests/dtls-handshake-versions.c @@ -0,0 +1,143 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This tests whether the server reacts as expected on various client + * hello TLS versions */ + +void _gnutls_hello_set_default_version(gnutls_session_t session, + unsigned char major, + unsigned char minor); + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static void try(unsigned char major, unsigned char minor, int ret1, int ret2) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_priority_set_direct(server, + "NORMAL", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, + server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, "NORMAL", NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, + client_pull_timeout_func); + gnutls_transport_set_ptr(client, client); + _gnutls_hello_set_default_version(client, major, minor); + + HANDSHAKE_DTLS_EXPECT(client, server, ret1, ret2); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); +} + +void doit(void) +{ + global_init(); + + try(255, 255, GNUTLS_E_AGAIN, GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + reset_buffers(); + try(255, 128, GNUTLS_E_AGAIN, GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + reset_buffers(); + try(254, 128, 0, 0); + reset_buffers(); + try(252, 64, 0, 0); + reset_buffers(); + + gnutls_global_deinit(); +} diff --git a/tests/dtls-max-record.c b/tests/dtls-max-record.c new file mode 100644 index 0000000..7934668 --- /dev/null +++ b/tests/dtls-max-record.c @@ -0,0 +1,153 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" + +#define SERVER_PUSH_ADD if (len > 512 + 5+8+32) fail("max record set to 512, len: %d\n", (int)len); +#include "eagain-common.h" + +#include "cert-common.h" + +/* This tests whether the max-record extension is respected. + */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static +void run(const char *prio) +{ + global_init(); + + int ret; + char buf[1024]; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server2_cert, &server2_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + assert(gnutls_priority_set_direct(server, + prio, + NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, + server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca2_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, prio, NULL); + if (ret < 0) + exit(1); + + gnutls_record_set_max_size(client, 512); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, + client_pull_timeout_func); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE_DTLS(client, server); + + memset(buf, 1, sizeof(buf)); + ret = gnutls_record_send(server, buf, 513); + if (ret != GNUTLS_E_LARGE_PACKET && ret < 0) { + gnutls_perror(ret); + exit(1); + } + success("did not send a 513-byte packet\n"); + + ret = gnutls_record_send(server, buf, 512); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + success("did send a 512-byte packet\n"); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +void doit(void) +{ + run("NORMAL:-VERS-ALL:+VERS-DTLS1.2"); +} diff --git a/tests/dtls-pthread.c b/tests/dtls-pthread.c new file mode 100644 index 0000000..aab1e73 --- /dev/null +++ b/tests/dtls-pthread.c @@ -0,0 +1,369 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +# include +# include +#endif +#include +#include "utils.h" +#include "cert-common.h" + +#ifdef _WIN32 + +void doit(void) +{ + exit(77); +} + +#else + +/* These are global */ +pid_t child; + +/* Tests whether we can send and receive from different threads + * using DTLS, either as server or client. DTLS is a superset of + * TLS, so correct behavior under fork means TLS would operate too. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define MSG "hello1111" +#define MSG2 "xxxxxxxxxxxx" + +#define NO_MSGS 128 + +static void *recv_thread(void *arg) +{ + gnutls_session_t session = arg; + int ret; + unsigned i; + char buf[64]; + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + for (i=0;i=0); + + if (false_start) + flags |= GNUTLS_ENABLE_FALSE_START; + + assert(gnutls_init(&session, flags|GNUTLS_DATAGRAM) >= 0); + gnutls_dtls_set_mtu(session, 1500); + gnutls_dtls_set_timeouts(session, get_dtls_retransmit_timeout(), get_timeout()); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + assert(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred)>=0); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (do_thread) + do_thread_stuff(session); + else + do_reflect_stuff(session); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +static void server(int fd, const char *prio, unsigned do_thread) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + +#if 0 + if (debug) { + side = "server"; + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4711); + } +#endif + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM)>=0); + gnutls_dtls_set_timeouts(session, get_dtls_retransmit_timeout(), get_timeout()); + gnutls_dtls_set_mtu(session, 400); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (do_thread) + do_thread_stuff(session); + else + do_reflect_stuff(session); + + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void run(const char *str, const char *prio, unsigned do_thread, unsigned false_start) +{ + int fd[2]; + int ret; + + if (str) + success("running %s\n", str); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + close(fd[1]); + client(fd[0], prio, do_thread, false_start); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1], prio, 1-do_thread); + exit(0); + } +} + +void doit(void) +{ + signal(SIGPIPE, SIG_IGN); + run("default, threaded client", "NORMAL", 0, 0); + run("default, threaded server", "NORMAL", 1, 0); + run("dtls1.2, threaded client", "NORMAL:-VERS-ALL:+VERS-DTLS1.2", 0, 0); + run("dtls1.2, threaded server", "NORMAL:-VERS-ALL:+VERS-DTLS1.2", 1, 0); + run("dtls1.2 false start, threaded client", "NORMAL:-VERS-ALL:+VERS-DTLS1.2", 0, 1); + run("dtls1.2 false start, threaded server", "NORMAL:-VERS-ALL:+VERS-DTLS1.2", 1, 1); +} +#endif /* _WIN32 */ diff --git a/tests/dtls-rehandshake-anon.c b/tests/dtls-rehandshake-anon.c new file mode 100644 index 0000000..f281f5d --- /dev/null +++ b/tests/dtls-rehandshake-anon.c @@ -0,0 +1,382 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests the rehandshake in DTLS + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* A very basic TLS client, with anonymous authentication. + */ + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + + return send(fd, data, len, 0); +} + +static void client(int fd, int server_init) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + gnutls_session_t session; + + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (!server_init) { + sec_sleep(60); + if (debug) + success("Initiating client rehandshake\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("2nd client gnutls_handshake: %s\n", + gnutls_strerror(ret)); + exit(1); + } + } else { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (server_init && ret == GNUTLS_E_REHANDSHAKE) { + if (debug) + success + ("Initiating rehandshake due to server request\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + } + + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + do { + ret = gnutls_record_send(session, MSG, strlen(MSG)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, int server_init) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_server_credentials_t anoncred; + gnutls_session_t session; + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + if (server_init) { + if (debug) + success("server: Sending dummy packet\n"); + ret = gnutls_rehandshake(session); + if (ret < 0) { + fail("gnutls_rehandshake: %s\n", + gnutls_strerror(ret)); + terminate(); + } + + if (debug) + success("server: Initiating rehandshake\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("server: 2nd gnutls_handshake: %s\n", + gnutls_strerror(ret)); + terminate(); + } + } + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + if (!server_init && ret == GNUTLS_E_REHANDSHAKE) { + if (debug) + success + ("Initiating rehandshake due to client request\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 + && gnutls_error_is_fatal(ret) == 0); + if (ret == 0) + break; + } + + fail("server: Received corrupted data(%s). Closing...\n", gnutls_strerror(ret)); + terminate(); + } else if (ret > 0) { + /* echo data back to the client + */ + do { + ret = + gnutls_record_send(session, buffer, + strlen(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } + } + + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(int server_initiated) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status = 0; + /* parent */ + + server(fd[0], server_initiated); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], server_initiated); + exit(0); + } +} + +void doit(void) +{ + start(0); + start(1); +} + +#endif /* _WIN32 */ diff --git a/tests/dtls-rehandshake-cert-2.c b/tests/dtls-rehandshake-cert-2.c new file mode 100644 index 0000000..c9d5058 --- /dev/null +++ b/tests/dtls-rehandshake-cert-2.c @@ -0,0 +1,400 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static void terminate(void); + +/* This program tests the rehandshake from anon + * to certification auth in DTLS. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* Tests the operation of rehandshake under DTLS using + * certificates. + */ + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +static ssize_t push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int)tr; + + return send(fd, data, len, 0); +} + +static void client(int fd, int server_init, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t clientx509cred; + gnutls_anon_client_credentials_t anoncred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + assert(gnutls_anon_allocate_client_credentials(&anoncred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clientx509cred) >= 0); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + + snprintf(buffer, sizeof(buffer), "%s:+ANON-ECDH", prio); + assert(gnutls_priority_set_direct(session, + buffer, + NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, clientx509cred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* update priorities to allow cert auth */ + snprintf(buffer, sizeof(buffer), "%s:+ECDHE-RSA", prio); + assert(gnutls_priority_set_direct(session, + buffer, + NULL) >= 0); + + if (!server_init) { + sec_sleep(60); + if (debug) + success("Initiating client rehandshake\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("2nd client gnutls_handshake: %s\n", + gnutls_strerror(ret)); + exit(1); + } + } else { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + } + + if (ret == 0) { + if (debug) + success("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (server_init && ret == GNUTLS_E_REHANDSHAKE) { + if (debug) + success + ("Initiating rehandshake due to server request\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + } + + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + do { + ret = gnutls_record_send(session, MSG, strlen(MSG)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(clientx509cred); + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, int server_init, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t serverx509cred; + gnutls_anon_server_credentials_t anoncred; + gnutls_session_t session; + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + assert(gnutls_anon_allocate_server_credentials(&anoncred) >= 0); + assert(gnutls_certificate_allocate_credentials(&serverx509cred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + snprintf(buffer, sizeof(buffer), "%s:+ECDHE-RSA:+ANON-ECDH", prio); + assert(gnutls_priority_set_direct(session, + buffer, + NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, serverx509cred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (gnutls_kx_get(session) != GNUTLS_KX_ANON_ECDH) { + fail("did not negotiate an anonymous ciphersuite on initial auth\n"); + } + + /* see the Getting peer's information example */ + /* print_info(session); */ + + if (server_init) { + if (debug) + success("server: Sending dummy packet\n"); + ret = gnutls_rehandshake(session); + if (ret < 0) { + fail("gnutls_rehandshake: %s\n", gnutls_strerror(ret)); + terminate(); + } + + if (debug) + success("server: Initiating rehandshake\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("server: 2nd gnutls_handshake: %s\n", + gnutls_strerror(ret)); + terminate(); + } + } + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + if (!server_init && ret == GNUTLS_E_REHANDSHAKE) { + if (debug) + success + ("Initiating rehandshake due to client request\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 + && gnutls_error_is_fatal(ret) == 0); + if (ret == 0) + break; + } + + fail("server: Received corrupted data(%s). Closing...\n", gnutls_strerror(ret)); + terminate(); + } else if (ret > 0) { + /* echo data back to the client + */ + do { + ret = + gnutls_record_send(session, buffer, + strlen(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } + } + + if (gnutls_kx_get(session) != GNUTLS_KX_ECDHE_RSA) { + fail("did not negotiate a certificate ciphersuite on second auth\n"); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_anon_free_server_credentials(anoncred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(int server_initiated, const char *prio) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status = 0; + /* parent */ + + server(fd[0], server_initiated, prio); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], server_initiated, prio); + exit(0); + } +} + +void doit(void) +{ + start(0, "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+CURVE-ALL"); + start(1, "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+CURVE-ALL"); +} + +#endif /* _WIN32 */ diff --git a/tests/dtls-rehandshake-cert-3.c b/tests/dtls-rehandshake-cert-3.c new file mode 100644 index 0000000..855f63c --- /dev/null +++ b/tests/dtls-rehandshake-cert-3.c @@ -0,0 +1,392 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * Copyright (C) 2016 Guillaume Roguez + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +#define MTU 1500 +#define MAX_BUF 4096 +#define MSG "Hello TLS" + +static int server_fd = -1; +static char pkt_buf[MAX_BUF]; +static int pkt_found = 0; +static int pkt_delivered = 0; + +static void terminate(void); + +/* This program tests the rehandshake from anon + * to certificate auth in DTLS, but will account for + * packet reconstruction (with loss/delay) for the certificate packet. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static ssize_t push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int)tr; + + if (fd == server_fd) { + if (!pkt_found && len > 1200) { + memcpy(pkt_buf, data, len); + pkt_found = 1; + if (debug) + success("*** packet delayed\n"); + return len; + } + if (pkt_found && !pkt_delivered) { + int res = send(fd, data, len, 0); + send(fd, pkt_buf, MTU, 0); + pkt_delivered = 1; + if (debug) + success("*** swap done\n"); + return res; + } + } + + return send(fd, data, len, 0); +} + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t clientx509cred; + gnutls_anon_client_credentials_t anoncred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + assert(gnutls_anon_allocate_client_credentials(&anoncred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clientx509cred) >= 0); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, MTU); + + snprintf(buffer, sizeof(buffer), "%s:+ANON-ECDH", prio); + assert(gnutls_priority_set_direct(session, + buffer, + NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, clientx509cred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + gnutls_dtls_set_timeouts(session, get_dtls_retransmit_timeout(), get_timeout()); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* update priorities to allow cert auth */ + snprintf(buffer, sizeof(buffer), "%s:+ECDHE-RSA", prio); + assert(gnutls_priority_set_direct(session, + buffer, + NULL) >= 0); + + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (ret == GNUTLS_E_REHANDSHAKE) { + if (debug) + success + ("Initiating rehandshake due to server request\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + } + + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + do { + ret = gnutls_record_send(session, MSG, strlen(MSG)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(clientx509cred); + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t serverx509cred; + gnutls_anon_server_credentials_t anoncred; + gnutls_session_t session; + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + assert(gnutls_anon_allocate_server_credentials(&anoncred) >= 0); + assert(gnutls_certificate_allocate_credentials(&serverx509cred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, MTU); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + snprintf(buffer, sizeof(buffer), "%s:+ECDHE-RSA:+ANON-ECDH", prio); + assert(gnutls_priority_set_direct(session, + buffer, + NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, serverx509cred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (gnutls_kx_get(session) != GNUTLS_KX_ANON_ECDH) { + fail("did not negotiate an anonymous ciphersuite on initial auth\n"); + } + + /* see the Getting peer's information example */ + /* print_info(session); */ + + if (debug) + success("server: Sending dummy packet\n"); + ret = gnutls_rehandshake(session); + if (ret < 0) { + fail("gnutls_rehandshake: %s\n", gnutls_strerror(ret)); + terminate(); + } + + if (debug) + success("server: Initiating rehandshake\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("server: 2nd gnutls_handshake: %s\n", + gnutls_strerror(ret)); + terminate(); + } + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%s). Closing...\n", gnutls_strerror(ret)); + terminate(); + } else if (ret > 0) { + /* echo data back to the client + */ + do { + ret = + gnutls_record_send(session, buffer, + strlen(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } + } + + if (gnutls_kx_get(session) != GNUTLS_KX_ECDHE_RSA) { + fail("did not negotiate a certificate ciphersuite on second auth\n"); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_anon_free_server_credentials(anoncred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *prio) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status = 0; + /* parent */ + + server_fd = fd[0]; + server(fd[0], prio); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } +} + +void doit(void) +{ + start("NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+CURVE-ALL"); +} + +#endif /* _WIN32 */ diff --git a/tests/dtls-rehandshake-cert.c b/tests/dtls-rehandshake-cert.c new file mode 100644 index 0000000..3439ee9 --- /dev/null +++ b/tests/dtls-rehandshake-cert.c @@ -0,0 +1,388 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static void terminate(void); + +/* This program tests the rehandshake in DTLS + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* Tests the operation of rehandshake under DTLS using + * certificates. + */ + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + + return send(fd, data, len, 0); +} + +static void client(int fd, int server_init, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + assert(gnutls_certificate_allocate_credentials(&clientx509cred) >= 0); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + + /* Use default priorities */ + snprintf(buffer, sizeof(buffer), "%s:+ECDHE-RSA", prio); + assert(gnutls_priority_set_direct(session, + buffer, + NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (!server_init) { + sec_sleep(60); + if (debug) + success("Initiating client rehandshake\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("2nd client gnutls_handshake: %s\n", + gnutls_strerror(ret)); + exit(1); + } + } else { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (server_init && ret == GNUTLS_E_REHANDSHAKE) { + if (debug) + success + ("Initiating rehandshake due to server request\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + } + + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + do { + ret = gnutls_record_send(session, MSG, strlen(MSG)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, int server_init, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t session; + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + assert(gnutls_certificate_allocate_credentials(&serverx509cred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + snprintf(buffer, sizeof(buffer), "%s:+ECDHE-RSA", prio); + assert(gnutls_priority_set_direct(session, + buffer, + NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + if (server_init) { + if (debug) + success("server: Sending dummy packet\n"); + ret = gnutls_rehandshake(session); + if (ret < 0) { + fail("gnutls_rehandshake: %s\n", + gnutls_strerror(ret)); + terminate(); + } + + if (debug) + success("server: Initiating rehandshake\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("server: 2nd gnutls_handshake: %s\n", + gnutls_strerror(ret)); + terminate(); + } + } + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + if (!server_init && ret == GNUTLS_E_REHANDSHAKE) { + if (debug) + success + ("Initiating rehandshake due to client request\n"); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 + && gnutls_error_is_fatal(ret) == 0); + if (ret == 0) + break; + } + + fail("server: Received corrupted data(%s). Closing...\n", gnutls_strerror(ret)); + terminate(); + } else if (ret > 0) { + /* echo data back to the client + */ + do { + ret = + gnutls_record_send(session, buffer, + strlen(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } + } + + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(serverx509cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(int server_initiated, const char *prio) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status = 0; + /* parent */ + + server(fd[0], server_initiated, prio); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], server_initiated, prio); + exit(0); + } +} + +void doit(void) +{ + start(0, "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+CURVE-ALL"); + start(1, "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+CURVE-ALL"); +} + +#endif /* _WIN32 */ diff --git a/tests/dtls-repro-20170915.c b/tests/dtls-repro-20170915.c new file mode 100644 index 0000000..78910a0 --- /dev/null +++ b/tests/dtls-repro-20170915.c @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2015-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the various certificate key exchange methods supported + * in gnutls */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "common-cert-key-exchange.h" +#include "cert-repro-20170915.h" + +void doit(void) +{ + global_init(); + + dtls_try_with_key_mtu("DTLS 1.2 with cli-cert", "NONE:+VERS-DTLS1.0:+MAC-ALL:+KX-ALL:+CIPHER-ALL:+SIGN-ALL:+COMP-ALL:+CURVE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, + &server_repro_cert, &server_repro_key, &client_repro_cert, &client_repro_key, USE_CERT, 1452); + + gnutls_global_deinit(); +} diff --git a/tests/dtls-session-ticket-lost.c b/tests/dtls-session-ticket-lost.c new file mode 100644 index 0000000..df3a606 --- /dev/null +++ b/tests/dtls-session-ticket-lost.c @@ -0,0 +1,247 @@ +/* + * Copyright (C) 2018 Red Hat, Inc + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* This program is a reproducer for issue #543; the timeout + * of DTLS handshake when a NewSessionTicket is lost. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(6); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM)>=0); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + gnutls_record_set_timeout(session, 30*1000); + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_WR); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); +} + + +static ssize_t +server_push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + const uint8_t *d = data; + static int dropped = 0; + + if (d[13] == GNUTLS_HANDSHAKE_NEW_SESSION_TICKET) { + if (dropped == 0) { + success("dropping message: %s\n", gnutls_handshake_description_get_name(d[13])); + dropped = 1; + return len; + } + } + + return send((long)tr, data, len, 0); +} + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_datum_t skey; + + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(6); + } + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&session, GNUTLS_SERVER|GNUTLS_DATAGRAM)>=0); + + assert(gnutls_session_ticket_key_generate(&skey)>=0); + assert(gnutls_session_ticket_enable_server(session, &skey) >= 0); + + gnutls_transport_set_push_function(session, server_push); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + /* failure is expected here */ + goto end; + } + + if (debug) { + success("server: Handshake was completed\n"); + } + + gnutls_record_set_timeout(session, 30*1000); + + success("waiting for EOF\n"); + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret != 0) + fail("error waiting for EOF: %s\n", gnutls_strerror(ret)); + + end: + close(fd); + gnutls_deinit(session); + gnutls_free(skey.data); + + gnutls_certificate_free_credentials(x509_cred); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static +void start(const char *prio) +{ + int fd[2]; + int ret, status = 0; + pid_t child; + + success("trying %s\n", prio); + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + client(fd[0], prio); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1], prio); + exit(0); + } + + return; +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-DTLS1.2"); +} + +#endif /* _WIN32 */ diff --git a/tests/dtls-sliding-window.c b/tests/dtls-sliding-window.c new file mode 100644 index 0000000..d8e3c78 --- /dev/null +++ b/tests/dtls-sliding-window.c @@ -0,0 +1,508 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +/* Unit test for DTLS window handling */ + +#define LARGE_INT 4194304 +#define INT_OVER_32_BITS 281474976708836LL + +struct record_parameters_st { + uint64_t dtls_sw_bits; + uint64_t dtls_sw_next; + unsigned dtls_sw_have_recv; + unsigned epoch; +}; + +#define gnutls_assert_val(x) x + +void _dtls_reset_window(struct record_parameters_st *rp); +int _dtls_record_check(struct record_parameters_st *rp, uint64_t _seq); + +#define DTLS_SW_NO_INCLUDES +#include "../lib/dtls-sw.c" + +#define RESET_WINDOW \ + memset(&state, 0, sizeof(state)) + +#define SET_WINDOW_NEXT(x) \ + state.dtls_sw_next = (((x)&DTLS_SEQ_NUM_MASK)) + +#define SET_WINDOW_LAST_RECV(x) \ + t = x; \ + state.dtls_sw_have_recv = 1 + +static void check_dtls_window_uninit_0(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(0); + + t = 0; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_uninit_large(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + + t = LARGE_INT+1+64; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_uninit_very_large(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + + t = INT_OVER_32_BITS; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_12(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(0); + SET_WINDOW_LAST_RECV(1); + + t = 2; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_19(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(0); + SET_WINDOW_LAST_RECV(1); + + t = 9; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_skip1(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + unsigned i; + + RESET_WINDOW; + SET_WINDOW_NEXT(0); + SET_WINDOW_LAST_RECV(1); + + for (i=2;i<256;i+=2) { + t = i; + assert_int_equal(_dtls_record_check(&state, t), 0); + } +} + +static void check_dtls_window_skip3(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + unsigned i; + + RESET_WINDOW; + SET_WINDOW_NEXT(0); + SET_WINDOW_LAST_RECV(1); + + for (i=5;i<256;i+=2) { + t = i; + assert_int_equal(_dtls_record_check(&state, t), 0); + } +} + +static void check_dtls_window_21(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(0); + SET_WINDOW_LAST_RECV(2); + + t = 1; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_91(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(0); + SET_WINDOW_LAST_RECV(9); + + t = 1; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_large_21(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(LARGE_INT); + SET_WINDOW_LAST_RECV(LARGE_INT+2); + + t = LARGE_INT+1; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_large_12(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(LARGE_INT); + SET_WINDOW_LAST_RECV(LARGE_INT+1); + + t = LARGE_INT+2; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_large_91(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(LARGE_INT); + SET_WINDOW_LAST_RECV(LARGE_INT+9); + + t = LARGE_INT+1; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_large_19(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(LARGE_INT); + SET_WINDOW_LAST_RECV(LARGE_INT+1); + + t = LARGE_INT+9; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_very_large_12(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(INT_OVER_32_BITS); + SET_WINDOW_LAST_RECV(INT_OVER_32_BITS+1); + + t = INT_OVER_32_BITS+2; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_very_large_91(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(INT_OVER_32_BITS); + SET_WINDOW_LAST_RECV(INT_OVER_32_BITS+9); + + t = INT_OVER_32_BITS+1; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_very_large_19(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(INT_OVER_32_BITS); + SET_WINDOW_LAST_RECV(INT_OVER_32_BITS+1); + + t = INT_OVER_32_BITS+9; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_outside(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(0); + SET_WINDOW_LAST_RECV(1); + + t = 1+64; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_large_outside(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(LARGE_INT); + SET_WINDOW_LAST_RECV(LARGE_INT+1); + + t = LARGE_INT+1+64; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_very_large_outside(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(INT_OVER_32_BITS); + SET_WINDOW_LAST_RECV(INT_OVER_32_BITS+1); + + t = INT_OVER_32_BITS+1+64; + + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_dup1(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(LARGE_INT-1); + SET_WINDOW_LAST_RECV(LARGE_INT); + + t = LARGE_INT; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+1; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+16; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+1; + assert_int_equal(_dtls_record_check(&state, t), -3); +} + +static void check_dtls_window_dup2(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(LARGE_INT-1); + SET_WINDOW_LAST_RECV(LARGE_INT); + + t = LARGE_INT; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+16; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+1; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+16; + assert_int_equal(_dtls_record_check(&state, t), -3); +} + +static void check_dtls_window_dup3(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(LARGE_INT-1); + SET_WINDOW_LAST_RECV(LARGE_INT); + + t = LARGE_INT; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+16; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+15; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+14; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+5; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+5; + assert_int_equal(_dtls_record_check(&state, t), -3); +} + +static void check_dtls_window_out_of_order(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(LARGE_INT-1); + SET_WINDOW_LAST_RECV(LARGE_INT); + + t = LARGE_INT; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+8; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+7; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+6; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+5; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+4; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+3; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+2; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+1; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = LARGE_INT+9; + assert_int_equal(_dtls_record_check(&state, t), 0); +} + +static void check_dtls_window_epoch_higher(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + SET_WINDOW_NEXT(LARGE_INT-1); + SET_WINDOW_LAST_RECV(LARGE_INT); + + t = LARGE_INT; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = (LARGE_INT+8)|0x1000000000000LL; + assert_int_equal(_dtls_record_check(&state, t), -1); +} + +static void check_dtls_window_epoch_lower(void **glob_state) +{ + struct record_parameters_st state; + uint64_t t; + + RESET_WINDOW; + t = 0x1000000000000LL; + + state.epoch = 1; + SET_WINDOW_NEXT(0x1000000000000LL); + SET_WINDOW_LAST_RECV((0x1000000000000LL) + 1); + + t = 2 | 0x1000000000000LL; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = 3 | 0x1000000000000LL; + assert_int_equal(_dtls_record_check(&state, t), 0); + + t = 5; + assert_int_equal(_dtls_record_check(&state, t), -1); +} + + +int main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(check_dtls_window_uninit_0), + cmocka_unit_test(check_dtls_window_uninit_large), + cmocka_unit_test(check_dtls_window_uninit_very_large), + cmocka_unit_test(check_dtls_window_12), + cmocka_unit_test(check_dtls_window_21), + cmocka_unit_test(check_dtls_window_19), + cmocka_unit_test(check_dtls_window_91), + cmocka_unit_test(check_dtls_window_large_21), + cmocka_unit_test(check_dtls_window_large_12), + cmocka_unit_test(check_dtls_window_large_19), + cmocka_unit_test(check_dtls_window_large_91), + cmocka_unit_test(check_dtls_window_dup1), + cmocka_unit_test(check_dtls_window_dup2), + cmocka_unit_test(check_dtls_window_dup3), + cmocka_unit_test(check_dtls_window_outside), + cmocka_unit_test(check_dtls_window_large_outside), + cmocka_unit_test(check_dtls_window_out_of_order), + cmocka_unit_test(check_dtls_window_epoch_lower), + cmocka_unit_test(check_dtls_window_epoch_higher), + cmocka_unit_test(check_dtls_window_very_large_12), + cmocka_unit_test(check_dtls_window_very_large_19), + cmocka_unit_test(check_dtls_window_very_large_91), + cmocka_unit_test(check_dtls_window_very_large_outside), + cmocka_unit_test(check_dtls_window_skip3), + cmocka_unit_test(check_dtls_window_skip1) + }; + return cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/tests/dtls-with-seccomp.c b/tests/dtls-with-seccomp.c new file mode 100644 index 0000000..357c333 --- /dev/null +++ b/tests/dtls-with-seccomp.c @@ -0,0 +1,307 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static void terminate(void); + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + + return send(fd, data, len, 0); +} + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) { + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + } + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t xcred; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + ret = gnutls_certificate_set_x509_key_mem(xcred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = disable_system_calls(); + if (ret < 0) { + fprintf(stderr, "could not enable seccomp\n"); + exit(2); + } + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_dtls_set_mtu(session, 1500); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + memset(buffer, 1, sizeof(buffer)); + do { + ret = gnutls_record_send(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: data sending has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) { + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + } + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void run(const char *name, const char *prio) +{ + int fd[2]; + int ret; + + success("trying: %s\n", name); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + close(fd[0]); + client(fd[1], prio); + + wait(&status); + check_wait_status(status); + } else { + close(fd[1]); + server(fd[0], prio); + exit(0); + } +} + +void doit(void) +{ + run("dtls1.0", "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-DTLS1.0"); + run("dtls1.2", "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-DTLS1.2"); + run("default", "NORMAL"); +} + + +#endif /* _WIN32 */ diff --git a/tests/dtls/dtls-resume.sh b/tests/dtls/dtls-resume.sh new file mode 100755 index 0000000..debd59e --- /dev/null +++ b/tests/dtls/dtls-resume.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -e + +if test "${WINDIR}" != ""; then + exit 77 +fi + +./dtls-stress -resume -sfinished 012 -cfinished 01 -d +./dtls-stress -resume -sfinished 210 -cfinished 01 -d +./dtls-stress -resume -sfinished 120 -cfinished 01 -d +./dtls-stress -resume -sfinished 210 -cfinished 10 -d +./dtls-stress -resume -sfinished 120 -cfinished 10 -d + +./dtls-stress -resume -sfinished 012 -cfinished 01 -d SHello +./dtls-stress -resume -sfinished 012 -cfinished 01 -d CChangeCipherSpec +./dtls-stress -resume -sfinished 012 -cfinished 01 -d SChangeCipherSpec +./dtls-stress -resume -sfinished 012 -cfinished 01 -d SHello SChangeCipherSpec +./dtls-stress -resume -sfinished 012 -cfinished 01 -d CChangeCipherSpec SChangeCipherSpec CFinished +./dtls-stress -resume -sfinished 012 -cfinished 01 -d CChangeCipherSpec SChangeCipherSpec SFinished +./dtls-stress -resume -sfinished 012 -cfinished 01 -d CFinished SFinished +./dtls-stress -resume -sfinished 012 -cfinished 01 -d CFinished SFinished SChangeCipherSpec +./dtls-stress -resume -sfinished 012 -cfinished 01 -d CFinished SFinished CChangeCipherSpec + +exit 0 diff --git a/tests/dtls/dtls-stress.c b/tests/dtls/dtls-stress.c new file mode 100644 index 0000000..826bd29 --- /dev/null +++ b/tests/dtls/dtls-stress.c @@ -0,0 +1,1558 @@ +/* + * Copyright (C) 2012-2016 Sean Buckheister + * Copyright (C) 2016 Nikos Mavrogiannopoulos + * Copyright (C) 2016 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* + * DTLS stress test utility + * + * **** Available parameters **** + * + * -nb enable nonblocking operations on sessions + * -batch read test identifiers from stdin and run them + * -d increase debug level by one + * -r replay messages (very crude replay mechanism) + * -d set debug level to + * -die don't start new tests after the first detected failure + * -timeout set handshake timeout to seconds. Tests that don't make progress + * within twice this time will be forcibly killed. (default: 120) + * -retransmit set retransmit timeout to milliseconds (default: 100) + * -j run up to tests in parallel + * -full use full handshake with mutual certificate authentication + * -resume use resumed handshake + * -shello run only one test, with the server hello flight permuted as + * -sfinished run only one test, with the server finished flight permuted as + * -cfinished run only one test, with the client finished flight permuted as + * run only one test, drop three times + * valid values for are: + * SHello, SCertificate, SKeyExchange, SCertificateRequest, SHelloDone, + * CCertificate, CKeyExchange, CCertificateVerify, CChangeCipherSpec, + * CFinished, SChangeCipherSpec, SFinished + * using *Certificate* without -full will yield unexpected results + * + * + * **** Permutation handling **** + * + * Flight length for -sfinished is 2, for -shello and -cfinished they are 5 with -full, 3 otherwise. + * Permutations are given with base 0 and specify the order in which reordered packets are transmitted. + * For example, -full -shello 42130 will transmit server hello flight packets in the order + * SHelloDone, SKeyExchange, SCertificate, SCertificateRequest, SHello + * + * When -resume is specified the -sfinished flight length is 3 (same as shello), cfinished is 2. + * The -resume option has to be combined with sfinished or cfinished. + * + * **** Output format **** + * + * Every line printed for any given test is prefixed by a unique id for that test. See run_test_by_id for + * exact composition. Errors encountered during execution are printed, with one status line after test + * completen. The format for this line is as follows: + * + * SHello(), SFinished(), CFinished() :- + * + * The format for error lines is | , with being the role of the child process + * that encountered the error, and being obvious. + * + * is the unique id for the test, it can be used as input to -batch. + * can be ++ for a successful test, -- for a failure, TT for a deadlock timeout killed test, + * or !! for a test has died due to some unforeseen circumstances like syscall failures. + * , , show the permutation for the respective flights used. + * They can be used as input to -shello, -sfinished, and -cfinished, respectively. + * is a comma separated list of , one for every packet dropped thrice + * + * + * **** Exit status **** + * + * 0 all tests have passed + * 1 some tests have failed + * 4 the master processed has encountered unexpected errors + * 8 error parsing command line + */ + +#include +#include +#include +#include +#include +#include "../utils.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if _POSIX_TIMERS && (_POSIX_TIMERS - 200112L) >= 0 + +// {{{ types + +#define log(fmt, ...) \ + if (debug) fprintf(stdout, "%i %s| "fmt, run_id, role_name, ##__VA_ARGS__) + +typedef struct { + int count; +} filter_packet_state_t; + +typedef struct { + const char *name; + gnutls_datum_t packets[5]; + int *order; + int count; +} filter_permute_state_t; + +typedef void (*filter_fn) (gnutls_transport_ptr_t, const unsigned char *, + size_t); + +typedef int (*match_fn) (const unsigned char *, size_t); + +enum role { SERVER, CLIENT }; + +// }}} + +// {{{ static data + +static int permutations2[2][2] += { {0, 1}, {1, 0} }; + +static const char *permutation_names2[] += { "01", "10", 0 }; + +static int permutations3[6][3] += { {0, 1, 2}, {0, 2, 1}, {1, 0, 2}, {1, 2, 0}, {2, 0, 1}, {2, 1, 0} }; + +static const char *permutation_names3[] += { "012", "021", "102", "120", "201", "210", 0 }; + +static int permutations5[120][5] = { + {0, 1, 2, 3, 4}, {0, 2, 1, 3, 4}, {1, 0, 2, 3, 4}, {1, 2, 0, 3, 4}, + {2, 0, 1, 3, 4}, {2, 1, 0, 3, 4}, {0, 1, 3, 2, 4}, {0, 2, 3, 1, 4}, + {1, 0, 3, 2, 4}, {1, 2, 3, 0, 4}, {2, 0, 3, 1, 4}, {2, 1, 3, 0, 4}, + {0, 3, 1, 2, 4}, {0, 3, 2, 1, 4}, {1, 3, 0, 2, 4}, {1, 3, 2, 0, 4}, + {2, 3, 0, 1, 4}, {2, 3, 1, 0, 4}, {3, 0, 1, 2, 4}, {3, 0, 2, 1, 4}, + {3, 1, 0, 2, 4}, {3, 1, 2, 0, 4}, {3, 2, 0, 1, 4}, {3, 2, 1, 0, 4}, + {0, 1, 2, 4, 3}, {0, 2, 1, 4, 3}, {1, 0, 2, 4, 3}, {1, 2, 0, 4, 3}, + {2, 0, 1, 4, 3}, {2, 1, 0, 4, 3}, {0, 1, 3, 4, 2}, {0, 2, 3, 4, 1}, + {1, 0, 3, 4, 2}, {1, 2, 3, 4, 0}, {2, 0, 3, 4, 1}, {2, 1, 3, 4, 0}, + {0, 3, 1, 4, 2}, {0, 3, 2, 4, 1}, {1, 3, 0, 4, 2}, {1, 3, 2, 4, 0}, + {2, 3, 0, 4, 1}, {2, 3, 1, 4, 0}, {3, 0, 1, 4, 2}, {3, 0, 2, 4, 1}, + {3, 1, 0, 4, 2}, {3, 1, 2, 4, 0}, {3, 2, 0, 4, 1}, {3, 2, 1, 4, 0}, + {0, 1, 4, 2, 3}, {0, 2, 4, 1, 3}, {1, 0, 4, 2, 3}, {1, 2, 4, 0, 3}, + {2, 0, 4, 1, 3}, {2, 1, 4, 0, 3}, {0, 1, 4, 3, 2}, {0, 2, 4, 3, 1}, + {1, 0, 4, 3, 2}, {1, 2, 4, 3, 0}, {2, 0, 4, 3, 1}, {2, 1, 4, 3, 0}, + {0, 3, 4, 1, 2}, {0, 3, 4, 2, 1}, {1, 3, 4, 0, 2}, {1, 3, 4, 2, 0}, + {2, 3, 4, 0, 1}, {2, 3, 4, 1, 0}, {3, 0, 4, 1, 2}, {3, 0, 4, 2, 1}, + {3, 1, 4, 0, 2}, {3, 1, 4, 2, 0}, {3, 2, 4, 0, 1}, {3, 2, 4, 1, 0}, + {0, 4, 1, 2, 3}, {0, 4, 2, 1, 3}, {1, 4, 0, 2, 3}, {1, 4, 2, 0, 3}, + {2, 4, 0, 1, 3}, {2, 4, 1, 0, 3}, {0, 4, 1, 3, 2}, {0, 4, 2, 3, 1}, + {1, 4, 0, 3, 2}, {1, 4, 2, 3, 0}, {2, 4, 0, 3, 1}, {2, 4, 1, 3, 0}, + {0, 4, 3, 1, 2}, {0, 4, 3, 2, 1}, {1, 4, 3, 0, 2}, {1, 4, 3, 2, 0}, + {2, 4, 3, 0, 1}, {2, 4, 3, 1, 0}, {3, 4, 0, 1, 2}, {3, 4, 0, 2, 1}, + {3, 4, 1, 0, 2}, {3, 4, 1, 2, 0}, {3, 4, 2, 0, 1}, {3, 4, 2, 1, 0}, + {4, 0, 1, 2, 3}, {4, 0, 2, 1, 3}, {4, 1, 0, 2, 3}, {4, 1, 2, 0, 3}, + {4, 2, 0, 1, 3}, {4, 2, 1, 0, 3}, {4, 0, 1, 3, 2}, {4, 0, 2, 3, 1}, + {4, 1, 0, 3, 2}, {4, 1, 2, 3, 0}, {4, 2, 0, 3, 1}, {4, 2, 1, 3, 0}, + {4, 0, 3, 1, 2}, {4, 0, 3, 2, 1}, {4, 1, 3, 0, 2}, {4, 1, 3, 2, 0}, + {4, 2, 3, 0, 1}, {4, 2, 3, 1, 0}, {4, 3, 0, 1, 2}, {4, 3, 0, 2, 1}, + {4, 3, 1, 0, 2}, {4, 3, 1, 2, 0}, {4, 3, 2, 0, 1}, {4, 3, 2, 1, 0} +}; + +static const char *permutation_names5[] + = { "01234", "02134", "10234", "12034", "20134", "21034", "01324", + "02314", "10324", "12304", "20314", "21304", "03124", "03214", + "13024", "13204", "23014", "23104", "30124", "30214", "31024", + "31204", "32014", "32104", "01243", "02143", "10243", "12043", + "20143", "21043", "01342", "02341", "10342", "12340", "20341", + "21340", "03142", "03241", "13042", "13240", "23041", "23140", + "30142", "30241", "31042", "31240", "32041", "32140", "01423", + "02413", "10423", "12403", "20413", "21403", "01432", "02431", + "10432", "12430", "20431", "21430", "03412", "03421", "13402", + "13420", "23401", "23410", "30412", "30421", "31402", "31420", + "32401", "32410", "04123", "04213", "14023", "14203", "24013", + "24103", "04132", "04231", "14032", "14230", "24031", "24130", + "04312", "04321", "14302", "14320", "24301", "24310", "34012", + "34021", "34102", "34120", "34201", "34210", "40123", "40213", + "41023", "41203", "42013", "42103", "40132", "40231", "41032", + "41230", "42031", "42130", "40312", "40321", "41302", "41320", + "42301", "42310", "43012", "43021", "43102", "43120", "43201", + "43210", 0 +}; + +static const char *filter_names[8] + = { "SHello", + "SKeyExchange", + "SHelloDone", + "CKeyExchange", + "CChangeCipherSpec", + "CFinished", + "SChangeCipherSpec", + "SFinished" +}; + +static const char *filter_names_resume[] + = { "SHello", + "SChangeCipherSpec", + "SFinished", + "CChangeCipherSpec", + "CFinished" +}; + +static const char *filter_names_full[12] + = { "SHello", + "SCertificate", + "SKeyExchange", + "SCertificateRequest", + "SHelloDone", + "CCertificate", + "CKeyExchange", + "CCertificateVerify", + "CChangeCipherSpec", + "CFinished", + "SChangeCipherSpec", + "SFinished" +}; + +#include "cert-common.h" + +// }}} + +// {{{ other global state + +enum role role; + +#define role_name (role == SERVER ? "server" : "client") + +int debug; +int nonblock; +int replay; +int full; +int resume; +int timeout_seconds; +int retransmit_milliseconds; +int run_to_end; + +int run_id; + +// }}} + +// {{{ logging and error handling + +static void logfn(int level, const char *s) +{ + if (debug) { + fprintf(stdout, "%i %s|<%i> %s", run_id, role_name, level, s); + } +} + +static void auditfn(gnutls_session_t session, const char *s) +{ + if (debug) { + fprintf(stdout, "%i %s| %s", run_id, role_name, s); + } +} + +static void drop(const char *packet) +{ + if (debug) { + log("dropping %s\n", packet); + } +} + +static int _process_error(int loc, int code, int die) +{ + if (code < 0 && (die || code != GNUTLS_E_AGAIN)) { + fprintf(stdout, "%i <%s tls> line %i: %s", run_id, + role_name, loc, gnutls_strerror(code)); + if (gnutls_error_is_fatal(code) || die) { + fprintf(stdout, " (fatal)\n"); + exit(1); + } else { + fprintf(stdout, "\n"); + } + } + return code; +} + +#define die_on_error(code) _process_error(__LINE__, code, 1) +#define process_error(code) _process_error(__LINE__, code, 0) + +static void _process_error_or_timeout(int loc, int err, time_t tdiff) +{ + if (err < 0) { + if (err != GNUTLS_E_TIMEDOUT || tdiff >= 60) { + _process_error(loc, err, 0); + } else { + log("line %i: {spurious timeout} (fatal)", loc); + exit(1); + } + } +} + +#define process_error_or_timeout(code, tdiff) _process_error_or_timeout(__LINE__, code, tdiff) + +static void rperror(const char *name) +{ + fprintf(stdout, "%i %s| %s\n", run_id, role_name, name); +} + +// }}} + +// {{{ init, shared, and teardown code and data for packet stream filters + +filter_packet_state_t state_packet_ServerHello = { 0 }; +filter_packet_state_t state_packet_ServerCertificate = { 0 }; +filter_packet_state_t state_packet_ServerKeyExchange = { 0 }; +filter_packet_state_t state_packet_ServerCertificateRequest = { 0 }; +filter_packet_state_t state_packet_ServerHelloDone = { 0 }; +filter_packet_state_t state_packet_ClientCertificate = { 0 }; +filter_packet_state_t state_packet_ClientKeyExchange = { 0 }; +filter_packet_state_t state_packet_ClientCertificateVerify = { 0 }; +filter_packet_state_t state_packet_ClientChangeCipherSpec = { 0 }; +filter_packet_state_t state_packet_ClientFinished = { 0 }; +filter_packet_state_t state_packet_ClientFinishedResume = { 0 }; +filter_packet_state_t state_packet_ServerChangeCipherSpec = { 0 }; +filter_packet_state_t state_packet_ServerFinished = { 0 }; +filter_packet_state_t state_packet_ServerFinishedResume = { 0 }; + +static filter_permute_state_t state_permute_ServerHello = + { 0, {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}}, 0, 0 }; +static filter_permute_state_t state_permute_ServerHelloFull = + { 0, {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}}, 0, 0 }; +static filter_permute_state_t state_permute_ServerFinished = + { 0, {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}}, 0, 0 }; +static filter_permute_state_t state_permute_ServerFinishedResume = + { 0, {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}}, 0, 0 }; +static filter_permute_state_t state_permute_ClientFinished = + { 0, {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}}, 0, 0 }; +static filter_permute_state_t state_permute_ClientFinishedResume = + { 0, {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}}, 0, 0 }; +static filter_permute_state_t state_permute_ClientFinishedFull = + { 0, {{0, 0}, {0, 0}, {0, 0}, {0, 0}, {0, 0}}, 0, 0 }; + +filter_fn filter_chain[32]; +int filter_current_idx; + +static void filter_permute_state_free_buffer(filter_permute_state_t * state) +{ + unsigned int i; + + for (i = 0; i < sizeof(state->packets) / sizeof(state->packets[0]); i++) { + free(state->packets[i].data); + state->packets[i].data = NULL; + } +} + +static void filter_clear_state(void) +{ + filter_current_idx = 0; + + filter_permute_state_free_buffer(&state_permute_ServerHello); + filter_permute_state_free_buffer(&state_permute_ServerHelloFull); + filter_permute_state_free_buffer(&state_permute_ServerFinished); + filter_permute_state_free_buffer(&state_permute_ServerFinishedResume); + filter_permute_state_free_buffer(&state_permute_ClientFinished); + filter_permute_state_free_buffer(&state_permute_ClientFinishedResume); + filter_permute_state_free_buffer(&state_permute_ClientFinishedFull); + + memset(&state_packet_ServerHello, 0, sizeof(state_packet_ServerHello)); + memset(&state_packet_ServerCertificate, 0, + sizeof(state_packet_ServerCertificate)); + memset(&state_packet_ServerKeyExchange, 0, + sizeof(state_packet_ServerKeyExchange)); + memset(&state_packet_ServerCertificateRequest, 0, + sizeof(state_packet_ServerCertificateRequest)); + memset(&state_packet_ServerHelloDone, 0, + sizeof(state_packet_ServerHelloDone)); + memset(&state_packet_ClientCertificate, 0, + sizeof(state_packet_ClientCertificate)); + memset(&state_packet_ClientKeyExchange, 0, + sizeof(state_packet_ClientKeyExchange)); + memset(&state_packet_ClientCertificateVerify, 0, + sizeof(state_packet_ClientCertificateVerify)); + memset(&state_packet_ClientChangeCipherSpec, 0, + sizeof(state_packet_ClientChangeCipherSpec)); + memset(&state_packet_ClientFinished, 0, + sizeof(state_packet_ClientFinished)); + memset(&state_packet_ClientFinishedResume, 0, + sizeof(state_packet_ClientFinishedResume)); + memset(&state_packet_ServerChangeCipherSpec, 0, + sizeof(state_packet_ServerChangeCipherSpec)); + memset(&state_packet_ServerFinished, 0, + sizeof(state_packet_ServerFinished)); + memset(&state_packet_ServerFinishedResume, 0, + sizeof(state_packet_ServerFinishedResume)); + memset(&state_permute_ServerHello, 0, + sizeof(state_permute_ServerHello)); + memset(&state_permute_ServerHelloFull, 0, + sizeof(state_permute_ServerHelloFull)); + memset(&state_permute_ServerFinished, 0, + sizeof(state_permute_ServerFinished)); + memset(&state_permute_ClientFinished, 0, + sizeof(state_permute_ClientFinished)); + memset(&state_permute_ClientFinishedResume, 0, + sizeof(state_permute_ClientFinishedResume)); + memset(&state_permute_ClientFinishedFull, 0, + sizeof(state_permute_ClientFinishedFull)); + + state_permute_ServerHello.name = "ServerHello"; + state_permute_ServerHelloFull.name = "ServerHelloFull"; + state_permute_ServerFinished.name = "ServerFinished"; + state_permute_ServerFinishedResume.name = "ServerFinishedResume"; + state_permute_ClientFinished.name = "ClientFinished"; + state_permute_ClientFinishedResume.name = "ClientFinishedResume"; + state_permute_ClientFinishedFull.name = "ClientFinishedFull"; +} + +/* replay buffer */ +static int rbuffer[5 * 1024]; +unsigned rbuffer_size = 0; + +static void filter_run_next(gnutls_transport_ptr_t fd, + const unsigned char *buffer, size_t len) +{ + int ret = 0; + filter_fn fn = filter_chain[filter_current_idx]; + filter_current_idx++; + if (fn) { + fn(fd, buffer, len); + } else { + ret = send((int)(intptr_t) fd, buffer, len, 0); + } + filter_current_idx--; + + if (ret > 0 && replay != 0) { + if (rbuffer_size == 0 && len < sizeof(rbuffer)) { + memcpy(rbuffer, buffer, len); + rbuffer_size = len; + } else if (rbuffer_size != 0) { + send((int)(intptr_t) fd, rbuffer, rbuffer_size, 0); + if (len < sizeof(rbuffer) && len > rbuffer_size) { + memcpy(rbuffer, buffer, len); + rbuffer_size = len; + } + } + } +} + +// }}} + +// {{{ packet match functions + +static int match_ServerHello(const unsigned char *buffer, size_t len) +{ + return role == SERVER && len >= 13 + 1 && buffer[0] == 22 + && buffer[13] == 2; +} + +static int match_ServerCertificate(const unsigned char *buffer, size_t len) +{ + return role == SERVER && len >= 13 + 1 && buffer[0] == 22 + && buffer[13] == 11; +} + +static int match_ServerKeyExchange(const unsigned char *buffer, size_t len) +{ + return role == SERVER && len >= 13 + 1 && buffer[0] == 22 + && buffer[13] == 12; +} + +static int match_ServerCertificateRequest(const unsigned char *buffer, + size_t len) +{ + return role == SERVER && len >= 13 + 1 && buffer[0] == 22 + && buffer[13] == 13; +} + +static int match_ServerHelloDone(const unsigned char *buffer, size_t len) +{ + return role == SERVER && len >= 13 + 1 && buffer[0] == 22 + && buffer[13] == 14; +} + +static int match_ClientCertificate(const unsigned char *buffer, size_t len) +{ + return role == CLIENT && len >= 13 + 1 && buffer[0] == 22 + && buffer[13] == 11; +} + +static int match_ClientKeyExchange(const unsigned char *buffer, size_t len) +{ + return role == CLIENT && len >= 13 + 1 && buffer[0] == 22 + && buffer[13] == 16; +} + +static int match_ClientCertificateVerify(const unsigned char *buffer, + size_t len) +{ + return role == CLIENT && len >= 13 + 1 && buffer[0] == 22 + && buffer[13] == 15; +} + +static int match_ClientChangeCipherSpec(const unsigned char *buffer, size_t len) +{ + return role == CLIENT && len >= 13 && buffer[0] == 20; +} + +static int match_ClientFinished(const unsigned char *buffer, size_t len) +{ + return role == CLIENT && len >= 13 && buffer[0] == 22 && buffer[4] == 1; +} + +static int match_ServerChangeCipherSpec(const unsigned char *buffer, size_t len) +{ + return role == SERVER && len >= 13 && buffer[0] == 20; +} + +static int match_ServerFinished(const unsigned char *buffer, size_t len) +{ + return role == SERVER && len >= 13 && buffer[0] == 22 && buffer[4] == 1; +} + +// }}} + +// {{{ packet drop filters + +#define FILTER_DROP_COUNT 3 +#define DECLARE_FILTER(packet) \ + static void filter_packet_##packet(gnutls_transport_ptr_t fd, \ + const unsigned char* buffer, size_t len) \ + { \ + if (match_##packet(buffer, len) && (state_packet_##packet).count++ < FILTER_DROP_COUNT) { \ + drop(#packet); \ + } else { \ + filter_run_next(fd, buffer, len); \ + } \ + } + +DECLARE_FILTER(ServerHello) + DECLARE_FILTER(ServerCertificate) + DECLARE_FILTER(ServerKeyExchange) + DECLARE_FILTER(ServerCertificateRequest) + DECLARE_FILTER(ServerHelloDone) + DECLARE_FILTER(ClientCertificate) + DECLARE_FILTER(ClientKeyExchange) + DECLARE_FILTER(ClientCertificateVerify) + DECLARE_FILTER(ClientChangeCipherSpec) + DECLARE_FILTER(ClientFinished) + DECLARE_FILTER(ServerChangeCipherSpec) + DECLARE_FILTER(ServerFinished) +// }}} +// {{{ flight permutation filters +static void filter_permute_state_run(filter_permute_state_t * state, + int packetCount, + gnutls_transport_ptr_t fd, + const unsigned char *buffer, size_t len) +{ + unsigned char *data; + int packet = state->order[state->count]; + + if (debug > 2) + log("running permutation for %s/%d/%d\n", state->name, packetCount, state->count); + + data = malloc(len); + assert(data); + memcpy(data, buffer, len); + state->packets[packet].data = data; + state->packets[packet].size = len; + state->count++; + + if (state->count == packetCount) { + for (packet = 0; packet < packetCount; packet++) { + filter_run_next(fd, state->packets[packet].data, + state->packets[packet].size); + } + filter_permute_state_free_buffer(state); + state->count = 0; + } +} + +#define DECLARE_PERMUTE(flight) \ + static void filter_permute_##flight(gnutls_transport_ptr_t fd, \ + const unsigned char* buffer, size_t len) \ + { \ + int count = sizeof(permute_match_##flight) / sizeof(permute_match_##flight[0]); \ + int i; \ + for (i = 0; i < count; i++) { \ + if (permute_match_##flight[i](buffer, len)) { \ + filter_permute_state_run(&state_permute_##flight, count, fd, buffer, len); \ + return; \ + } \ + } \ + filter_run_next(fd, buffer, len); \ + } + +static match_fn permute_match_ServerHello[] = + { match_ServerHello, match_ServerKeyExchange, match_ServerHelloDone }; + +static match_fn permute_match_ServerHelloFull[] = + { match_ServerHello, match_ServerCertificate, match_ServerKeyExchange, + match_ServerCertificateRequest, match_ServerHelloDone +}; + +static match_fn permute_match_ServerFinished[] = + { match_ServerChangeCipherSpec, match_ServerFinished }; + +static match_fn permute_match_ServerFinishedResume[] = + { match_ServerHello, match_ServerChangeCipherSpec, match_ServerFinished }; + +static match_fn permute_match_ClientFinished[] = + { match_ClientKeyExchange, match_ClientChangeCipherSpec, + match_ClientFinished +}; + +static match_fn permute_match_ClientFinishedResume[] = + { match_ClientChangeCipherSpec, match_ClientFinished +}; + +static match_fn permute_match_ClientFinishedFull[] = + { match_ClientCertificate, match_ClientKeyExchange, + match_ClientCertificateVerify, match_ClientChangeCipherSpec, + match_ClientFinished +}; + +DECLARE_PERMUTE(ServerHello) + DECLARE_PERMUTE(ServerHelloFull) + DECLARE_PERMUTE(ServerFinishedResume) + DECLARE_PERMUTE(ServerFinished) + DECLARE_PERMUTE(ClientFinished) + DECLARE_PERMUTE(ClientFinishedResume) + DECLARE_PERMUTE(ClientFinishedFull) +// }}} +// {{{ emergency deadlock resolution time bomb +timer_t killtimer_tid = 0; + +static void killtimer_set(void) +{ + struct sigevent sig; + struct itimerspec tout = { {0, 0}, {2 * timeout_seconds, 0} }; + + if (killtimer_tid != 0) { + timer_delete(killtimer_tid); + } + + memset(&sig, 0, sizeof(sig)); + sig.sigev_notify = SIGEV_SIGNAL; + sig.sigev_signo = 15; + if (timer_create(CLOCK_MONOTONIC, &sig, &killtimer_tid) < 0) { + rperror("timer_create"); + exit(3); + } + + timer_settime(killtimer_tid, 0, &tout, 0); +} + +// }}} + +// {{{ actual gnutls operations + +gnutls_certificate_credentials_t cred; +gnutls_session_t session; + +static ssize_t writefn(gnutls_transport_ptr_t fd, const void *buffer, + size_t len) +{ + filter_run_next(fd, (const unsigned char *)buffer, len); + return len; +} + +static void await(int fd, int timeout) +{ + if (nonblock) { + struct pollfd p = { fd, POLLIN, 0 }; + if (poll(&p, 1, timeout) < 0 && errno != EAGAIN + && errno != EINTR) { + rperror("poll"); + exit(3); + } + } +} + +static void cred_init(void) +{ + assert(gnutls_certificate_allocate_credentials(&cred)>=0); + + gnutls_certificate_set_x509_key_mem(cred, &cli_ca3_cert, &cli_ca3_key, + GNUTLS_X509_FMT_PEM); +} + +static void session_init(int sock, int server) +{ + gnutls_init(&session, + GNUTLS_DATAGRAM | (server ? GNUTLS_SERVER : GNUTLS_CLIENT) + | GNUTLS_NONBLOCK * nonblock); + gnutls_priority_set_direct(session, + "NORMAL:+ECDHE-RSA:+ANON-ECDH", + 0); + gnutls_transport_set_int(session, sock); + + if (full) { + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred); + if (server) { + gnutls_certificate_server_set_request(session, + GNUTLS_CERT_REQUIRE); + } + } else if (server) { + gnutls_anon_server_credentials_t acred; + assert(gnutls_anon_allocate_server_credentials(&acred)>=0); + gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred); + } else { + gnutls_anon_client_credentials_t acred; + assert(gnutls_anon_allocate_client_credentials(&acred)>=0); + gnutls_credentials_set(session, GNUTLS_CRD_ANON, acred); + } + + gnutls_dtls_set_mtu(session, 1400); + gnutls_dtls_set_timeouts(session, retransmit_milliseconds, + timeout_seconds * 1000); +} + +static void client(int sock) +{ + int err = 0; + time_t started = time(0); + const char *line = "foobar!"; + char buffer[8192]; + int len, ret; + gnutls_datum_t data = {NULL, 0}; + + session_init(sock, 0); + + killtimer_set(); + + if (resume) { + do { + err = process_error(gnutls_handshake(session)); + if (err != 0) { + int t = gnutls_dtls_get_timeout(session); + await(sock, t ? t : 100); + } + } while (err != 0); + process_error_or_timeout(err, time(0) - started); + + ret = gnutls_session_get_data2(session, &data); + if (ret < 0) { + exit(1); + } + gnutls_deinit(session); + + session_init(sock, 0); + gnutls_session_set_data(session, data.data, data.size); + gnutls_free(data.data); + data.data = NULL; + + if (debug) { + fprintf(stdout, "%i %s| initial handshake complete\n", run_id, role_name); + } + } + + gnutls_transport_set_push_function(session, writefn); + + killtimer_set(); + do { + err = process_error(gnutls_handshake(session)); + if (err != 0) { + int t = gnutls_dtls_get_timeout(session); + await(sock, t ? t : 100); + } + } while (err != 0); + process_error_or_timeout(err, time(0) - started); + + if (debug) { + fprintf(stdout, "%i %s| handshake complete\n", run_id, role_name); + } + + if (resume) { + killtimer_set(); + + do { + await(sock, -1); + len = + process_error(gnutls_record_recv + (session, buffer, sizeof(buffer))); + } while (len < 0); + + log("received data\n"); + + die_on_error(gnutls_record_send(session, buffer, len)); + + log("sent data\n"); + exit(0); + + } else { + killtimer_set(); + die_on_error(gnutls_record_send(session, line, strlen(line))); + + log("sent data\n"); + + do { + await(sock, -1); + len = + process_error(gnutls_record_recv + (session, buffer, sizeof(buffer))); + } while (len < 0); + + log("received data\n"); + + if (len > 0 && strncmp(line, buffer, len) == 0) { + exit(0); + } else { + exit(1); + } + } + +} + +static gnutls_datum_t saved_data = {NULL, 0}; + +static gnutls_datum_t db_fetch(void *dbf, gnutls_datum_t key) +{ + gnutls_datum_t t = {NULL, 0}; + t.data = malloc(saved_data.size); + if (t.data == NULL) + return t; + memcpy(t.data, saved_data.data, saved_data.size); + t.size = saved_data.size; + + return t; +} + +static int db_delete(void *dbf, gnutls_datum_t key) +{ + return 0; +} + +static int db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data) +{ + saved_data.data = malloc(data.size); + if (saved_data.data == NULL) + return -1; + memcpy(saved_data.data, data.data, data.size); + saved_data.size = data.size; + return 0; +} + +static void server(int sock) +{ + int err; + const char *line = "server foobar!"; + time_t started = time(0); + char buffer[8192]; + int len; + + session_init(sock, 1); + + await(sock, -1); + + killtimer_set(); + if (resume) { + gnutls_db_set_retrieve_function(session, db_fetch); + gnutls_db_set_store_function(session, db_store); + gnutls_db_set_remove_function(session, db_delete); + gnutls_db_set_ptr(session, NULL); + + do { + err = process_error(gnutls_handshake(session)); + if (err != 0) { + int t = gnutls_dtls_get_timeout(session); + await(sock, t ? t : 100); + } + } while (err != 0); + process_error_or_timeout(err, time(0) - started); + + gnutls_deinit(session); + + session_init(sock, 1); + gnutls_db_set_retrieve_function(session, db_fetch); + gnutls_db_set_store_function(session, db_store); + gnutls_db_set_remove_function(session, db_delete); + gnutls_db_set_ptr(session, NULL); + + if (debug) { + fprintf(stdout, "%i %s| initial handshake complete\n", run_id, role_name); + } + } + + gnutls_transport_set_push_function(session, writefn); + + await(sock, -1); + + killtimer_set(); + do { + err = process_error(gnutls_handshake(session)); + if (err != 0) { + int t = gnutls_dtls_get_timeout(session); + await(sock, t ? t : 100); + } + } while (err != 0); + process_error_or_timeout(err, time(0) - started); + + log("handshake complete\n"); + + if (resume) { + free(saved_data.data); + saved_data.data = NULL; + } + + if (resume) { + killtimer_set(); + die_on_error(gnutls_record_send(session, line, strlen(line))); + + log("sent data\n"); + + do { + await(sock, -1); + len = + process_error(gnutls_record_recv + (session, buffer, sizeof(buffer))); + } while (len < 0); + + log("received data\n"); + + if (len > 0 && strncmp(line, buffer, len) == 0) { + exit(0); + } else { + exit(1); + } + } else { + killtimer_set(); + + do { + await(sock, -1); + len = + process_error(gnutls_record_recv + (session, buffer, sizeof(buffer))); + } while (len < 0); + + log("received data\n"); + + die_on_error(gnutls_record_send(session, buffer, len)); + + log("sent data\n"); + } + + exit(0); +} + +// }}} + +// {{{ test running/handling itself + +#if 0 +static void udp_sockpair(int *socks) +{ + struct sockaddr_in6 sa = + { AF_INET6, htons(30000), 0, in6addr_loopback, 0 }; + struct sockaddr_in6 sb = + { AF_INET6, htons(20000), 0, in6addr_loopback, 0 }; + + socks[0] = socket(AF_INET6, SOCK_DGRAM, 0); + socks[1] = socket(AF_INET6, SOCK_DGRAM, 0); + + bind(socks[0], (struct sockaddr *)&sa, sizeof(sa)); + bind(socks[1], (struct sockaddr *)&sb, sizeof(sb)); + + connect(socks[1], (struct sockaddr *)&sa, sizeof(sa)); + connect(socks[0], (struct sockaddr *)&sb, sizeof(sb)); +} +#endif + +static int run_test(void) +{ + int fds[2]; + int pid1, pid2; + int status2; + + if (socketpair(AF_LOCAL, SOCK_STREAM, 0, fds) < 0) { + rperror("socketpair"); + exit(2); + } + + if (nonblock) { + fcntl(fds[0], F_SETFL, (long)O_NONBLOCK); + fcntl(fds[1], F_SETFL, (long)O_NONBLOCK); + } + + if (!(pid1 = fork())) { + role = SERVER; + server(fds[1]); // noreturn + } else if (pid1 < 0) { + rperror("fork server"); + exit(2); + } + if (!(pid2 = fork())) { + role = CLIENT; + client(fds[0]); // noreturn + } else if (pid2 < 0) { + rperror("fork client"); + exit(2); + } + while (waitpid(pid2, &status2, 0) < 0 && errno == EINTR) ; + kill(pid1, 15); + while (waitpid(pid1, 0, 0) < 0 && errno == EINTR) ; + + close(fds[0]); + close(fds[1]); + + if (!WIFSIGNALED(status2) && WEXITSTATUS(status2) != 3) { + return ! !WEXITSTATUS(status2); + } else { + return 3; + } +} + +static filter_fn filters[] + = { filter_packet_ServerHello, + filter_packet_ServerKeyExchange, + filter_packet_ServerHelloDone, + filter_packet_ClientKeyExchange, + filter_packet_ClientChangeCipherSpec, + filter_packet_ClientFinished, + filter_packet_ServerChangeCipherSpec, + filter_packet_ServerFinished +}; + +static filter_fn filters_resume[] + = { filter_packet_ServerHello, + filter_packet_ServerChangeCipherSpec, + filter_packet_ServerFinished, + filter_packet_ClientChangeCipherSpec, + filter_packet_ClientFinished +}; + +static filter_fn filters_full[] + = { filter_packet_ServerHello, + filter_packet_ServerCertificate, + filter_packet_ServerKeyExchange, + filter_packet_ServerCertificateRequest, + filter_packet_ServerHelloDone, + filter_packet_ClientCertificate, + filter_packet_ClientKeyExchange, + filter_packet_ClientCertificateVerify, + filter_packet_ClientChangeCipherSpec, + filter_packet_ClientFinished, + filter_packet_ServerChangeCipherSpec, + filter_packet_ServerFinished +}; + +static int run_one_test(int dropMode, int serverFinishedPermute, + int serverHelloPermute, int clientFinishedPermute) +{ + int fnIdx = 0; + int res, filterIdx; + filter_fn *local_filters; + const char **local_filter_names; + const char **client_finished_permutation_names; + const char **server_finished_permutation_names; + const char **server_hello_permutation_names; + int filter_count; + + if (full) { + local_filters = filters_full; + local_filter_names = filter_names_full; + filter_count = sizeof(filters_full)/sizeof(filters_full[0]); + client_finished_permutation_names = permutation_names5; + server_finished_permutation_names = permutation_names2; + server_hello_permutation_names = permutation_names5; + } else if (resume) { + local_filters = filters_resume; + local_filter_names = filter_names_resume; + filter_count = sizeof(filters_resume)/sizeof(filters_resume[0]); + client_finished_permutation_names = permutation_names2; + server_finished_permutation_names = permutation_names3; + server_hello_permutation_names = NULL; + } else { + local_filters = filters; + local_filter_names = filter_names; + filter_count = sizeof(filters)/sizeof(filters[0]); + client_finished_permutation_names = permutation_names3; + server_finished_permutation_names = permutation_names2; + server_hello_permutation_names = permutation_names3; + } + + run_id = + ((dropMode * 2 + serverFinishedPermute) * (full ? 120 : 6) + + serverHelloPermute) * (full ? 120 : 6) + clientFinishedPermute; + + filter_clear_state(); + + if (full) { + filter_chain[fnIdx++] = filter_permute_ServerHelloFull; + state_permute_ServerHelloFull.order = + permutations5[serverHelloPermute]; + + filter_chain[fnIdx++] = filter_permute_ClientFinishedFull; + state_permute_ClientFinishedFull.order = + permutations5[clientFinishedPermute]; + + filter_chain[fnIdx++] = filter_permute_ServerFinished; + state_permute_ServerFinished.order = + permutations2[serverFinishedPermute]; + } else if (resume) { + filter_chain[fnIdx++] = filter_permute_ServerFinishedResume; + state_permute_ServerFinishedResume.order = + permutations3[serverFinishedPermute]; + + filter_chain[fnIdx++] = filter_permute_ClientFinishedResume; + state_permute_ClientFinishedResume.order = + permutations2[clientFinishedPermute]; + } else { + filter_chain[fnIdx++] = filter_permute_ServerHello; + state_permute_ServerHello.order = + permutations3[serverHelloPermute]; + + filter_chain[fnIdx++] = filter_permute_ClientFinished; + state_permute_ClientFinished.order = + permutations3[clientFinishedPermute]; + + filter_chain[fnIdx++] = filter_permute_ServerFinished; + state_permute_ServerFinished.order = + permutations2[serverFinishedPermute]; + } + + if (dropMode) { + for (filterIdx = 0; filterIdx < filter_count; filterIdx++) { + if (dropMode & (1 << filterIdx)) { + filter_chain[fnIdx++] = + local_filters[filterIdx]; + } + } + } + filter_chain[fnIdx++] = NULL; + + res = run_test(); + + switch (res) { + case 0: + fprintf(stdout, "%i ++ ", run_id); + break; + case 1: + fprintf(stdout, "%i -- ", run_id); + break; + case 2: + fprintf(stdout, "%i !! ", run_id); + break; + case 3: + fprintf(stdout, "%i TT ", run_id); + break; + } + + if (!resume) + fprintf(stdout, "SHello(%s), ", server_hello_permutation_names[serverHelloPermute]); + fprintf(stdout, "SFinished(%s), ", + server_finished_permutation_names[serverFinishedPermute]); + fprintf(stdout, "CFinished(%s) :- ", + client_finished_permutation_names[clientFinishedPermute]); + if (dropMode) { + for (filterIdx = 0; filterIdx < filter_count; filterIdx++) { + if (dropMode & (1 << filterIdx)) { + if (dropMode & ((1 << filterIdx) - 1)) { + fprintf(stdout, ", "); + } + fprintf(stdout, "%s", + local_filter_names[filterIdx]); + } + } + } + fprintf(stdout, "\n"); + + return res; +} + +static int run_test_by_id(int id) +{ + int pscale = full ? 120 : 6; + int dropMode, serverFinishedPermute, serverHelloPermute, + clientFinishedPermute; + + clientFinishedPermute = id % pscale; + id /= pscale; + + serverHelloPermute = id % pscale; + id /= pscale; + + serverFinishedPermute = id % 2; + id /= 2; + + dropMode = id; + + return run_one_test(dropMode, serverFinishedPermute, + serverHelloPermute, clientFinishedPermute); +} + +int *job_pids; +int job_limit; +int children = 0; + +static void register_child(int pid) +{ + int idx; + + children++; + for (idx = 0; idx < job_limit; idx++) { + if (job_pids[idx] == 0) { + job_pids[idx] = pid; + return; + } + } +} + +static int wait_children(int child_limit) +{ + int fail = 0; + int result = 1; + + while (children > child_limit) { + int status; + int idx; + int pid = waitpid(0, &status, 0); + if (pid < 0 && errno == ECHILD) { + break; + } + for (idx = 0; idx < job_limit; idx++) { + if (job_pids[idx] == pid) { + children--; + if (WEXITSTATUS(status)) { + result = 1; + if (!run_to_end && !fail) { + fprintf(stderr, + "One test failed, waiting for remaining tests\n"); + fail = 1; + child_limit = 0; + } + } + job_pids[idx] = 0; + break; + } + } + } + + if (fail) { + exit(1); + } + + return result; +} + +static int run_tests_from_id_list(int childcount) +{ + int test_id; + int ret; + int result = 0; + + while ((ret = fscanf(stdin, "%i\n", &test_id)) > 0) { + int pid; + if (test_id < 0 + || test_id > + 2 * (full ? 120 * 120 * (1 << 12) : 6 * 6 * 256)) { + fprintf(stderr, "Invalid test id %i\n", test_id); + break; + } + if (!(pid = fork())) { + exit(run_test_by_id(test_id)); + } else if (pid < 0) { + rperror("fork"); + result = 4; + break; + } else { + register_child(pid); + result |= wait_children(childcount); + } + } + + if (ret < 0 && ret != EOF) { + fprintf(stderr, "Error reading test id list\n"); + } + + result |= wait_children(0); + + return result; +} + +static int run_all_tests(int childcount) +{ + int dropMode, serverFinishedPermute, serverHelloPermute, + clientFinishedPermute; + int result = 0; + + for (dropMode = 0; dropMode != 1 << (full ? 12 : 8); dropMode++) + for (serverFinishedPermute = 0; serverFinishedPermute < 2; + serverFinishedPermute++) + for (serverHelloPermute = 0; + serverHelloPermute < (full ? 120 : 6); + serverHelloPermute++) + for (clientFinishedPermute = 0; + clientFinishedPermute < + (full ? 120 : 6); + clientFinishedPermute++) { + int pid; + if (!(pid = fork())) { + exit(run_one_test + (dropMode, + serverFinishedPermute, + serverHelloPermute, + clientFinishedPermute)); + } else if (pid < 0) { + rperror("fork"); + result = 4; + break; + } else { + register_child(pid); + result |= + wait_children(childcount); + } + } + + result |= wait_children(0); + + return result; +} + +// }}} + +static int parse_permutation(const char *arg, const char *permutations[], + int *val) +{ + *val = 0; + while (permutations[*val]) { + if (strcmp(permutations[*val], arg) == 0) { + return 1; + } else { + *val += 1; + } + } + return 0; +} + +int main(int argc, const char *argv[]) +{ + int dropMode = 0; + int serverFinishedPermute = 0; + int serverHelloPermute = 0; + int clientFinishedPermute = 0; + int batch = 0; + unsigned single = 0; + int arg; + + nonblock = 0; + replay = 0; + debug = 0; + timeout_seconds = 120; + retransmit_milliseconds = 100; + full = 0; + run_to_end = 1; + job_limit = 1; + +#define NEXT_ARG(name) \ + do { \ + if (++arg >= argc) { \ + fprintf(stderr, "No argument for -" #name "\n"); \ + exit(8); \ + } \ + } while (0); +#define FAIL_ARG(name) \ + do { \ + fprintf(stderr, "Invalid argument for -" #name "\n"); \ + exit(8); \ + } while (0); + + for (arg = 1; arg < argc; arg++) { + if (strcmp("-die", argv[arg]) == 0) { + run_to_end = 0; + } else if (strcmp("-batch", argv[arg]) == 0) { + batch = 1; + } else if (strcmp("-d", argv[arg]) == 0) { + char *end; + int level; + + if (arg+1 < argc) { + level = strtol(argv[arg + 1], &end, 10); + if (*end == '\0') { + debug = level; + arg++; + } else + debug++; + } else { + debug++; + } + } else if (strcmp("-nb", argv[arg]) == 0) { + nonblock = 1; + } else if (strcmp("-r", argv[arg]) == 0) { + replay = 1; + } else if (strcmp("-timeout", argv[arg]) == 0) { + char *end; + int val; + + NEXT_ARG(timeout); + val = strtol(argv[arg], &end, 10); + if (*end == '\0') { + timeout_seconds = val; + } else { + FAIL_ARG(timeout); + } + } else if (strcmp("-retransmit", argv[arg]) == 0) { + char *end; + int val; + + NEXT_ARG(retransmit); + val = strtol(argv[arg], &end, 10); + if (*end == '\0') { + retransmit_milliseconds = val; + } else { + FAIL_ARG(retransmit); + } + } else if (strcmp("-j", argv[arg]) == 0) { + char *end; + int val; + + NEXT_ARG(timeout); + val = strtol(argv[arg], &end, 10); + if (*end == '\0') { + job_limit = val; + } else { + FAIL_ARG(j); + } + } else if (strcmp("-full", argv[arg]) == 0) { + if (resume) { + fprintf(stderr, "You cannot combine full with resume\n"); + exit(1); + } + + full = 1; + } else if (strcmp("-resume", argv[arg]) == 0) { + if (full) { + fprintf(stderr, "You cannot combine full with resume\n"); + exit(1); + } + + resume = 1; + } else if (strcmp("-shello", argv[arg]) == 0) { + if (resume) { + fprintf(stderr, "Please use -sfinished instead of -shello\n"); + exit(1); + } + + NEXT_ARG(shello); + if (!parse_permutation + (argv[arg], + full ? permutation_names5 : + permutation_names3, &serverHelloPermute)) { + FAIL_ARG(shell); + } + single++; + } else if (strcmp("-sfinished", argv[arg]) == 0) { + const char **pname; + NEXT_ARG(cfinished); + if (resume) pname = permutation_names3; + else pname = permutation_names2; + if (!parse_permutation + (argv[arg], pname, + &serverFinishedPermute)) { + FAIL_ARG(cfinished); + } + single++; + } else if (strcmp("-cfinished", argv[arg]) == 0) { + const char **pname; + NEXT_ARG(cfinished); + if (full) pname = permutation_names5; + else if (resume) pname = permutation_names2; + else pname = permutation_names3; + if (!parse_permutation + (argv[arg], pname, + &clientFinishedPermute)) { + FAIL_ARG(cfinished); + } + single++; + } else { + int drop; + int filter_count; + const char **local_filter_names; + + if (full) { + local_filter_names = filter_names_full; + filter_count = sizeof(filters_full)/sizeof(filters_full[0]); + } else if (resume) { + local_filter_names = filter_names_resume; + filter_count = sizeof(filters_resume)/sizeof(filters_resume[0]); + } else { + local_filter_names = filter_names; + filter_count = sizeof(filters)/sizeof(filters[0]); + } + + for (drop = 0; drop < filter_count; drop++) { + if (strcmp + (local_filter_names[drop], + argv[arg]) == 0) { + dropMode |= (1 << drop); + break; + } + } + if (drop == filter_count) { + fprintf(stderr, "Unknown packet %s\n", + argv[arg]); + exit(8); + } + single++; + } + } + + setlinebuf(stdout); + global_init(); + cred_init(); + gnutls_global_set_log_function(logfn); + gnutls_global_set_audit_log_function(auditfn); + gnutls_global_set_log_level(debug); + + if (single) { + if (debug) + fprintf(stderr, "single test mode\n"); + return run_one_test(dropMode, serverFinishedPermute, + serverHelloPermute, clientFinishedPermute); + } else { + if (debug) + fprintf(stderr, "multi test mode\n"); + + if (resume) { + fprintf(stderr, "full run not implemented yet for resumed runs\n"); + exit(5); + } + + job_pids = calloc(sizeof(int), job_limit); + if (batch) { + return run_tests_from_id_list(job_limit); + } else { + return run_all_tests(job_limit); + } + } +} + +// vim: foldmethod=marker + +#else /* NO POSIX TIMERS */ + +int main(int argc, const char *argv[]) +{ + exit(77); +} + +#endif diff --git a/tests/dtls/dtls.sh b/tests/dtls/dtls.sh new file mode 100755 index 0000000..0b79ae8 --- /dev/null +++ b/tests/dtls/dtls.sh @@ -0,0 +1,44 @@ +#!/bin/sh + +# Copyright (C) 2012 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -e + +if test "${WINDIR}" != ""; then + exit 77 +fi + +./dtls-stress -full -shello 01234 -sfinished 01 -cfinished 01234 CCertificate CKeyExchange CCertificateVerify CChangeCipherSpec CFinished +./dtls-stress -full -r -shello 42130 -sfinished 10 -cfinished 43210 SHello SKeyExchange SHelloDone CKeyExchange CChangeCipherSpec CFinished SChangeCipherSpec SCertificate SFinished + +./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished +./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone +./dtls-stress -shello 012 -sfinished 01 -cfinished 021 SHello SKeyExchange SHelloDone +./dtls-stress -shello 021 -sfinished 01 -cfinished 201 SHello SHelloDone CChangeCipherSpec SChangeCipherSpec SFinished +./dtls-stress -shello 102 -sfinished 01 -cfinished 120 SHello SHelloDone CKeyExchange CFinished SChangeCipherSpec SFinished +./dtls-stress -shello 210 -sfinished 01 -cfinished 201 CChangeCipherSpec SChangeCipherSpec SFinished +./dtls-stress -shello 021 -sfinished 10 -cfinished 210 SHello SHelloDone SChangeCipherSpec CChangeCipherSpec CFinished +./dtls-stress -shello 210 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone CKeyExchange CChangeCipherSpec CFinished SChangeCipherSpec SFinished + +./dtls-stress -full -shello 42130 -sfinished 10 -cfinished 43210 SHello SKeyExchange SHelloDone CKeyExchange CChangeCipherSpec CFinished SChangeCipherSpec SCertificate SFinished +./dtls-stress -full -shello 12430 -sfinished 01 -cfinished 01324 SHello SKeyExchange SHelloDone CKeyExchange CChangeCipherSpec CFinished SCertificate SFinished + +exit 0 diff --git a/tests/dtls1-2-mtu-check.c b/tests/dtls1-2-mtu-check.c new file mode 100644 index 0000000..f27929b --- /dev/null +++ b/tests/dtls1-2-mtu-check.c @@ -0,0 +1,242 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the MTU calculation in various cipher/mac algorithm combinations + * in gnutls */ + +#include +#include +#include +#include +#include +#include +#include "eagain-common.h" +#include "cert-common.h" +#include "utils.h" +#include + +#define myfail(fmt, ...) \ + fail("%s: "fmt, name, ##__VA_ARGS__) + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static void dtls_mtu_try(const char *name, const char *client_prio, + unsigned link_mtu, unsigned tunnel_mtu) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + unsigned dmtu; + unsigned i; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + reset_buffers(); + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_init(&server, GNUTLS_SERVER|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK) >= 0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + assert(gnutls_priority_set_direct(server, + "NORMAL:+ANON-ECDH:+ANON-DH:+3DES-CBC:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+SHA256:+CURVE-X25519", + NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK); + if (ret < 0) + exit(1); + + assert(gnutls_certificate_allocate_credentials(&clientx509cred) >= 0); + assert(gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred) >= 0); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, client_pull_timeout_func); + + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, NULL); + if (ret < 0) { + fail("%s: error in priority setting\n", name); + exit(1); + } + success("negotiating %s\n", name); + HANDSHAKE_DTLS(client, server); + + gnutls_dtls_set_mtu(client, link_mtu); + dmtu = gnutls_dtls_get_data_mtu(client); + if (dmtu != tunnel_mtu) { + fail("%s: Calculated MTU (%d) does not match expected (%d)\n", name, dmtu, tunnel_mtu); + } + + { + char *msg = gnutls_malloc(dmtu+1); + assert(msg); + memset(msg, 1, dmtu+1); + ret = gnutls_record_send(client, msg, dmtu+1); + if (ret != (int)GNUTLS_E_LARGE_PACKET) { + myfail("could send larger packet than MTU (%d), ret: %d\n", dmtu, ret); + } + + ret = gnutls_record_send(client, msg, dmtu); + if (ret != (int)dmtu) { + myfail("could not send %d bytes (sent %d)\n", dmtu, ret); + } + + memset(msg, 2, dmtu); + ret = gnutls_record_recv(server, msg, dmtu); + if (ret != (int)dmtu) { + myfail("could not receive %d bytes (received %d)\n", dmtu, ret); + } + + for (i=0;i +#endif + +/* This program tests the various certificate key exchange methods supported + * in gnutls */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "common-cert-key-exchange.h" +#include "cert-common.h" + +void doit(void) +{ + global_init(); + + dtls_try("DTLS 1.0 with anon-ecdh", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+ANON-ECDH", GNUTLS_KX_ANON_ECDH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + dtls_try("DTLS 1.0 with anon-dh", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + dtls_try("DTLS 1.0 with dhe-rsa no cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + dtls_try("DTLS 1.0 with ecdhe x25519 rsa no cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + dtls_try("DTLS 1.0 with ecdhe rsa no cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + dtls_try_with_key("DTLS 1.0 with ecdhe ecdsa no cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0); + + dtls_try("DTLS 1.0 with rsa no cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + dtls_try_cli("DTLS 1.0 with dhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + dtls_try_cli("DTLS 1.0 with ecdhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + dtls_try_cli("DTLS 1.0 with rsa cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + dtls_try_with_key("DTLS 1.0 with ecdhe ecdsa cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_RSA_SHA256, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT); + + dtls_try_cli("DTLS 1.0 with dhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + dtls_try_cli("DTLS 1.0 with ecdhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + dtls_try_cli("DTLS 1.0 with rsa ask cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + dtls_try_with_key("DTLS 1.0 with ecdhe ecdsa cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.0:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, ASK_CERT); + + gnutls_global_deinit(); +} diff --git a/tests/dtls12-cert-key-exchange.c b/tests/dtls12-cert-key-exchange.c new file mode 100644 index 0000000..8202804 --- /dev/null +++ b/tests/dtls12-cert-key-exchange.c @@ -0,0 +1,76 @@ +/* + * Copyright (C) 2015-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the various certificate key exchange methods supported + * in gnutls */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "common-cert-key-exchange.h" +#include "cert-common.h" + +void doit(void) +{ + global_init(); + + dtls_try("DTLS 1.2 with anon-ecdh", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ANON-ECDH", GNUTLS_KX_ANON_ECDH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + dtls_try("DTLS 1.2 with anon-dh", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + dtls_try("DTLS 1.2 with dhe-rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + dtls_try("DTLS 1.2 with ecdhe x25519 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + dtls_try("DTLS 1.2 with ecdhe rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + dtls_try_with_key("DTLS 1.2 with ecdhe ecdsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0); + + dtls_try("DTLS 1.2 with ecdhe rsa-pss sig no-cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + dtls_try("DTLS 1.2 with ecdhe rsa-pss no-cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + dtls_try_with_key("TLS 1.2 with ecdhe rsa-pss/rsa-pss no-cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, NULL, NULL, 0); + dtls_try("DTLS 1.2 with rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + + dtls_try_cli("DTLS 1.2 with dhe-rsa cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + dtls_try_cli("DTLS 1.2 with ecdhe-rsa cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + dtls_try_cli("DTLS 1.2 with rsa cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + dtls_try_with_key("DTLS 1.2 with ecdhe ecdsa cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_RSA_SHA256, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT); + dtls_try_with_key("DTLS 1.2 with ecdhe ecdsa/ecdsa cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_ECDSA_SHA256, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, USE_CERT); + + + dtls_try_cli("DTLS 1.2 with ecdhe-rsa-pss cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, USE_CERT); + dtls_try_with_key("DTLS 1.2 with ecdhe-rsa-pss/rsa-pss cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_RSA_PSS_SHA256, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &cli_ca3_rsa_pss_cert, &cli_ca3_rsa_pss_key, USE_CERT); + dtls_try_cli("DTLS 1.2 with dhe-rsa ask cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + dtls_try_cli("DTLS 1.2 with ecdhe-rsa ask cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + dtls_try_cli("DTLS 1.2 with rsa ask cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + dtls_try_with_key("DTLS 1.2 with ecdhe ecdsa cli-cert", "NORMAL:-VERS-ALL:+VERS-DTLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, ASK_CERT); + + gnutls_global_deinit(); +} diff --git a/tests/duplicate-extensions.c b/tests/duplicate-extensions.c new file mode 100644 index 0000000..819fbb8 --- /dev/null +++ b/tests/duplicate-extensions.c @@ -0,0 +1,226 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#if defined(_WIN32) || !defined(ENABLE_SSL2) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +pid_t child; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, + str); +} + +/* A very basic TLS client, with anonymous authentication. + */ + + +static unsigned char tls1_hello[] = + "\x16\x03\x01\x01\x5e\x01\x00\x01\x5a\x03\x03\x59\x41\x25\x0e\x19" + "\x02\x56\xa2\xe4\x97\x00\xea\x18\xd2\xb0\x00\xb9\xa2\x8a\x61\xb3" + "\xdd\x65\xed\xfd\x03\xaf\x93\x8d\xb2\x15\xf3\x00\x00\xd4\xc0\x30" + "\xcc\xa8\xc0\x8b\xc0\x14\xc0\x28\xc0\x77\xc0\x2f\xc0\x8a\xc0\x13" + "\xc0\x27\xc0\x76\xc0\x12\xc0\x2c\xc0\xad\xcc\xa9\xc0\x87\xc0\x0a" + "\xc0\x24\xc0\x73\xc0\x2b\xc0\xac\xc0\x86\xc0\x09\xc0\x23\xc0\x72" + "\xc0\x08\x00\x9d\xc0\x9d\xc0\x7b\x00\x35\x00\x3d\x00\x84\x00\xc0" + "\x00\x9c\xc0\x9c\xc0\x7a\x00\x2f\x00\x3c\x00\x41\x00\xba\x00\x0a" + "\x00\x9f\xc0\x9f\xcc\xaa\xc0\x7d\x00\x39\x00\x6b\x00\x88\x00\xc4" + "\x00\x9e\xc0\x9e\xc0\x7c\x00\x33\x00\x67\x00\x45\x00\xbe\x00\x16" + "\x00\xa3\xc0\x81\x00\x38\x00\x6a\x00\x87\x00\xc3\x00\xa2\xc0\x80" + "\x00\x32\x00\x40\x00\x44\x00\xbd\x00\x13\x00\xa9\xc0\xa5\xcc\xab" + "\xc0\x8f\x00\x8d\x00\xaf\xc0\x95\x00\xa8\xc0\xa4\xc0\x8e\x00\x8c" + "\x00\xae\xc0\x94\x00\x8b\x00\xab\xc0\xa7\xcc\xad\xc0\x91\x00\x91" + "\x00\xb3\xc0\x97\x00\xaa\xc0\xa6\xc0\x90\x00\x90\x00\xb2\xc0\x96" + "\x00\x8f\xcc\xac\xc0\x36\xc0\x38\xc0\x9b\xc0\x35\xc0\x37\xc0\x9a" + "\xc0\x34\x01\x00\x00\x5d\x00\x17\x00\x00\x00\x16\x00\x00\x00\x05" + "\x00\x05\x01\x00\x00\x00\x00\x00\x00\x00\x13\x00\x11\x00\x00\x0e" + "\x77\x77\x77\x2e\x61\x6d\x61\x7a\x6f\x6e\x2e\x63\x6f\x6d\xff\x01" + "\x00\x01\x00\x00\x23\x00\x00\x00\x0b\x00\x02\x01\x00\x00\x0b\x00" + "\x02\x01\x00\x00\x0d\x00\x16\x00\x14\x04\x01\x04\x03\x05\x01\x05" + "\x03\x06\x01\x06\x03\x03\x01\x03\x03\x02\x01\x02\x03\x00\x0a\x00" + "\x02\x00\x17"; + +static void client(int sd) +{ + char buf[1024]; + int ret; + struct pollfd pfd; + unsigned int timeout; + + /* send a TLS 1.x hello with duplicate extensions */ + + ret = send(sd, tls1_hello, sizeof(tls1_hello)-1, 0); + if (ret < 0) + fail("error sending hello\n"); + + pfd.fd = sd; + pfd.events = POLLIN; + pfd.revents = 0; + + timeout = get_timeout(); + if (timeout > INT_MAX) + fail("invalid timeout value\n"); + + do { + ret = poll(&pfd, 1, (int)timeout); + } while (ret == -1 && errno == EINTR); + + if (ret == -1 || ret == 0) { + fail("timeout waiting for reply\n"); + } + + success("sent hello\n"); + ret = recv(sd, buf, sizeof(buf), 0); + if (ret < 0) + fail("error receiving alert\n"); + + success("received reply\n"); + + if (ret < 7) + fail("error in size of received alert\n"); + + if (buf[0] != 0x15 || buf[1] != 0x03) + fail("error in received alert data\n"); + + success("all ok\n"); + + close(sd); +} + +static void server(int sd) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + gnutls_handshake_set_timeout(session, get_timeout()); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, sd); + do { + ret = gnutls_handshake(session); + } while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); + + if (ret != GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION) { + fail("server: Handshake succeeded unexpectedly\n"); + } + + gnutls_alert_send_appropriate(session, ret); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + + +void doit(void) +{ + int sockets[2]; + int err; + + signal(SIGPIPE, SIG_IGN); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + + client(sockets[1]); + wait(&status); + check_wait_status(status); + } else { + server(sockets[0]); + _exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/eagain-auto-auth.c b/tests/eagain-auto-auth.c new file mode 100644 index 0000000..2083175 --- /dev/null +++ b/tests/eagain-auto-auth.c @@ -0,0 +1,235 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#define RANDOMIZE +#include "cert-common.h" +#include "cmocka-common.h" + +/* This tests operation under non-blocking mode in TLS1.2/TLS1.3 + * rekey/rehandshake. + */ +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..." + +static unsigned int cert_asked = 0; + +static int cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_pcert_st ** pcert, + unsigned int *pcert_length, gnutls_privkey_t * pkey) +{ + cert_asked = 1; + *pcert_length = 0; + *pcert = NULL; + *pkey = NULL; + + return 0; +} + +static void async_handshake(void **glob_state, const char *prio, unsigned rehsk) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret, cret; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + /* Need to enable anonymous KX specifically. */ + char buffer[MAX_BUF + 1]; + int ret, transferred = 0, msglen; + + /* General init. */ + reset_buffers(); + cert_asked = 0; + gnutls_global_init(); + gnutls_global_set_log_function(tls_log_func); + + /* Init server */ + assert_return_code(gnutls_certificate_allocate_credentials(&serverx509cred), 0); + assert_return_code(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM), 0); + ret = gnutls_init(&server, GNUTLS_SERVER|GNUTLS_POST_HANDSHAKE_AUTH); + assert_return_code(ret, 0); + + ret = + gnutls_priority_set_direct(server, + prio, + NULL); + assert_return_code(ret, 0); + + + ret = gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); + assert_return_code(ret, 0); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + assert_return_code(ret, 0); + + gnutls_certificate_set_retrieve_function2(clientx509cred, cert_callback); + + ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_AUTO_REAUTH|GNUTLS_POST_HANDSHAKE_AUTH); + ret = + gnutls_priority_set_direct(client, + prio, + NULL); + assert_return_code(ret, 0); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); + assert_return_code(ret, 0); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (rehsk == 1) { + char b[1]; + unsigned hstarted = 0; + + do { + sret = gnutls_rehandshake(server); + } while (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_INTERRUPTED); + assert_true(sret == 0); + assert_true(gnutls_record_get_direction(server)==1); + + sret = cret = GNUTLS_E_AGAIN; + do { + if (!hstarted) { + sret = gnutls_record_recv(server, b, 1); + if (sret == GNUTLS_E_INTERRUPTED) sret = GNUTLS_E_AGAIN; + + if (sret == GNUTLS_E_REHANDSHAKE) { + hstarted = 1; + sret = GNUTLS_E_AGAIN; + } + assert_true(sret == GNUTLS_E_AGAIN); + } + + if (sret == GNUTLS_E_AGAIN && hstarted) { + sret = gnutls_handshake (server); + if (sret == GNUTLS_E_INTERRUPTED) sret = GNUTLS_E_AGAIN; + assert_true(sret == GNUTLS_E_AGAIN || sret == 0); + } + + /* we are done in client side */ + if (hstarted && gnutls_record_get_direction(client) == 0 && to_client_len == 0) + cret = 0; + + if (cret == GNUTLS_E_AGAIN) { + cret = gnutls_record_recv(client, b, 1); + if (cret == GNUTLS_E_INTERRUPTED) cret = GNUTLS_E_AGAIN; + } + assert_true(cret == GNUTLS_E_AGAIN || cret >= 0); + + } while (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN); + assert_true(hstarted != 0); + } else { + char b[1]; + + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + do { + sret = gnutls_reauth(server, 0); + } while (sret == GNUTLS_E_INTERRUPTED); + + assert_true(sret == GNUTLS_E_AGAIN || sret >= 0); + + cret = GNUTLS_E_AGAIN; + do { + if (cret == GNUTLS_E_AGAIN) { + cret = gnutls_record_recv(client, b, 1); + if (cret == GNUTLS_E_INTERRUPTED) cret = GNUTLS_E_AGAIN; + } + + if (sret == GNUTLS_E_AGAIN) { + sret = gnutls_reauth(server, 0); + if (sret == GNUTLS_E_INTERRUPTED) sret = GNUTLS_E_AGAIN; + } + + /* we are done in client side */ + if (gnutls_record_get_direction(client) == 0 && to_client_len == 0) + cret = 0; + } while (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN); + } + assert_return_code(cret, 0); + assert_return_code(sret, 0); + assert_return_code(cert_asked, 1); + + msglen = strlen(MSG); + TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF); + + assert_true(gnutls_bye(client, GNUTLS_SHUT_WR)>=0); + assert_true(gnutls_bye(server, GNUTLS_SHUT_WR)>=0); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +static void tls12_async_handshake(void **glob_state) +{ + async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.2", 1); +} + +static void tls13_async_handshake(void **glob_state) +{ + async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0); +} + +int main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(tls12_async_handshake), + cmocka_unit_test(tls13_async_handshake), + }; + return cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/tests/eagain-common.h b/tests/eagain-common.h new file mode 100644 index 0000000..6b168cb --- /dev/null +++ b/tests/eagain-common.h @@ -0,0 +1,368 @@ +#ifndef GNUTLS_TESTS_EAGAIN_COMMON_H +#define GNUTLS_TESTS_EAGAIN_COMMON_H + +#include +#include +#include + +#define min(x,y) ((x)<(y)?(x):(y)) + +extern const char *side; + +#ifdef USE_CMOCKA +# define failure() fail() +# define client_transfer_failure(r) {fprintf(stderr, "client transfer failure: %s\n", gnutls_strerror(r)); fail();} +# define server_transfer_failure(r) {fprintf(stderr, "server transfer failure: %s\n", gnutls_strerror(r)); fail();} +# define switch_side(str) +#else +# define failure() fail("Handshake failed\n") +# define client_transfer_failure(r) fail("client transfer failure: %s\n", gnutls_strerror(r)) +# define server_transfer_failure(r) fail("client transfer failure: %s\n", gnutls_strerror(r)) +# define switch_side(str) side = str +#endif + +#define HANDSHAKE_EXPECT(c, s, clierr, serverr) \ + sret = cret = GNUTLS_E_AGAIN; \ + do \ + { \ + if (cret == GNUTLS_E_AGAIN) \ + { \ + switch_side("client"); \ + cret = gnutls_handshake (c); \ + if (cret == GNUTLS_E_INTERRUPTED) cret = GNUTLS_E_AGAIN; \ + } \ + if (sret == GNUTLS_E_AGAIN) \ + { \ + switch_side("server"); \ + sret = gnutls_handshake (s); \ + if (sret == GNUTLS_E_INTERRUPTED) sret = GNUTLS_E_AGAIN; \ + } \ + } \ + while ((cret == GNUTLS_E_AGAIN || (cret == 0 && sret == GNUTLS_E_AGAIN)) && (sret == GNUTLS_E_AGAIN || (sret == 0 && cret == GNUTLS_E_AGAIN))); \ + if ((clierr != -1 && cret != clierr) || (serverr != -1 && sret != serverr)) \ + { \ + fprintf(stderr, "client[%d]: %s\n", cret, gnutls_strerror(cret)); \ + fprintf(stderr, "server[%d]: %s\n", sret, gnutls_strerror(sret)); \ + failure(); \ + } + +#define HANDSHAKE(c, s) \ + HANDSHAKE_EXPECT(c,s,0,0) + +#define HANDSHAKE_DTLS_EXPECT(c, s, clierr, serverr) \ + sret = cret = GNUTLS_E_AGAIN; \ + do \ + { \ + if (cret == GNUTLS_E_LARGE_PACKET) \ + { \ + unsigned int mtu = gnutls_dtls_get_mtu(s); \ + gnutls_dtls_set_mtu(s, mtu/2); \ + } \ + if (cret < 0 && gnutls_error_is_fatal(cret) == 0) \ + { \ + switch_side("client"); \ + cret = gnutls_handshake (c); \ + } \ + if (sret == GNUTLS_E_LARGE_PACKET) \ + { \ + unsigned int mtu = gnutls_dtls_get_mtu(s); \ + gnutls_dtls_set_mtu(s, mtu/2); \ + } \ + if (sret < 0 && gnutls_error_is_fatal(sret) == 0) \ + { \ + switch_side("server"); \ + sret = gnutls_handshake (s); \ + } \ + } \ + while (((gnutls_error_is_fatal(cret) == 0 && gnutls_error_is_fatal(sret) == 0)) && (cret < 0 || sret < 0)); \ + if (cret != clierr || sret != serverr) \ + { \ + fprintf(stderr, "client: %s\n", gnutls_strerror(cret)); \ + fprintf(stderr, "server: %s\n", gnutls_strerror(sret)); \ + failure(); \ + } + +#define HANDSHAKE_DTLS(c, s) \ + HANDSHAKE_DTLS_EXPECT(c,s,0,0) + +#define HANDSHAKE(c, s) \ + HANDSHAKE_EXPECT(c,s,0,0) + +#define TRANSFER2(c, s, msg, msglen, buf, buflen, retry_send_with_null) { \ + int _ret; \ + switch_side("client"); \ + _ret = record_send_loop (c, msg, msglen, retry_send_with_null); \ + \ + if (_ret < 0) client_transfer_failure(_ret); \ + \ + do \ + { \ + do \ + { \ + switch_side("server"); \ + _ret = gnutls_record_recv (s, buf, buflen); \ + } \ + while(_ret == GNUTLS_E_AGAIN); \ + if (_ret <= 0) \ + { \ + server_transfer_failure(_ret); \ + } \ + else \ + { \ + transferred += _ret; \ + } \ + switch_side("server"); \ + _ret = record_send_loop (server, msg, msglen, retry_send_with_null); \ + if (_ret < 0) server_transfer_failure(_ret); \ + do \ + { \ + switch_side("client"); \ + _ret = gnutls_record_recv (client, buf, buflen); \ + } \ + while(_ret == GNUTLS_E_AGAIN); \ + if (_ret <= 0) \ + { \ + client_transfer_failure(_ret); \ + } \ + else \ + { \ + if (msglen != _ret || memcmp (buf, msg, msglen) != 0) \ + { \ + failure(); \ + } \ + /* echo back */ \ + switch_side("client"); \ + _ret = record_send_loop (client, buf, msglen, retry_send_with_null); \ + if (_ret < 0) client_transfer_failure(_ret); \ + transferred += _ret; \ + } \ + } \ + while (transferred < 70000); \ + } + +#define EMPTY_BUF(s, c, buf, buflen) \ + { \ + switch_side("client"); int _ret = 0; \ + while((_ret == GNUTLS_E_AGAIN && to_server_len > 0) || to_server_len > 0) \ + { \ + switch_side("server"); \ + _ret = gnutls_record_recv (s, buf, buflen); \ + } \ + if (_ret < 0 && _ret !=GNUTLS_E_AGAIN) \ + { \ + server_transfer_failure(_ret); \ + } \ + switch_side("server"); _ret = 0; \ + while((to_client_len > 0 && _ret == GNUTLS_E_AGAIN) || to_client_len > 0) \ + { \ + switch_side("client"); \ + _ret = gnutls_record_recv (client, buf, buflen); \ + } \ + if (_ret < 0 && _ret !=GNUTLS_E_AGAIN) \ + { \ + client_transfer_failure(_ret); \ + } \ + } + +#define TRANSFER(c, s, msg, msglen, buf, buflen) \ + TRANSFER2(c, s, msg, msglen, buf, buflen, 0); \ + TRANSFER2(c, s, msg, msglen, buf, buflen, 1) + +static char to_server[64 * 1024]; +static size_t to_server_len = 0; + +static char to_client[64 * 1024]; +static size_t to_client_len = 0; + + +#ifdef RANDOMIZE +#define RETURN_RND_EAGAIN(session) \ + unsigned int rnd = time(0); \ + if (rnd++ % 3 == 0) \ + { \ + gnutls_transport_set_errno (session, EAGAIN); \ + return -1; \ + } +#else +#define RETURN_RND_EAGAIN(session) +#endif + +#ifndef IGNORE_PUSH +static ssize_t +client_push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + size_t newlen; + RETURN_RND_EAGAIN(tr); + + len = min(len, sizeof(to_server) - to_server_len); + + newlen = to_server_len + len; + memcpy(to_server + to_server_len, data, len); + to_server_len = newlen; +#ifdef EAGAIN_DEBUG + fprintf(stderr, "eagain: pushed %d bytes to server (avail: %d)\n", + (int) len, (int) to_server_len); +#endif + return len; +} + +#endif + +static ssize_t +client_pull(gnutls_transport_ptr_t tr, void *data, size_t len) +{ + RETURN_RND_EAGAIN(tr); + + if (to_client_len == 0) { +#ifdef EAGAIN_DEBUG + fprintf(stderr, + "eagain: Not enough data by server (asked for: %d, have: %d)\n", + (int) len, (int) to_client_len); +#endif + gnutls_transport_set_errno((gnutls_session_t) tr, EAGAIN); + return -1; + } + + len = min(len, to_client_len); + + memcpy(data, to_client, len); + + memmove(to_client, to_client + len, to_client_len - len); + to_client_len -= len; +#ifdef EAGAIN_DEBUG + fprintf(stderr, "eagain: pulled %d bytes by client (avail: %d)\n", + (int) len, (int) to_client_len); +#endif + return len; +} + +static ssize_t +server_pull(gnutls_transport_ptr_t tr, void *data, size_t len) +{ + //success ("server_pull len %d has %d\n", len, to_server_len); + RETURN_RND_EAGAIN(tr); + + if (to_server_len == 0) { +#ifdef EAGAIN_DEBUG + fprintf(stderr, + "eagain: Not enough data by client (asked for: %d, have: %d)\n", + (int) len, (int) to_server_len); +#endif + gnutls_transport_set_errno((gnutls_session_t) tr, EAGAIN); + return -1; + } + + len = min(len, to_server_len); +#ifdef EAGAIN_DEBUG + fprintf(stderr, "eagain: pulled %d bytes by server (avail: %d)\n", + (int) len, (int) to_server_len); +#endif + memcpy(data, to_server, len); + + memmove(to_server, to_server + len, to_server_len - len); + to_server_len -= len; + + return len; +} + +#ifndef IGNORE_PUSH +static ssize_t +server_push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + size_t newlen; + RETURN_RND_EAGAIN(tr); + +// hexprint (data, len); + + len = min(len, sizeof(to_client) - to_client_len); + + newlen = to_client_len + len; + memcpy(to_client + to_client_len, data, len); + to_client_len = newlen; +#ifdef EAGAIN_DEBUG + fprintf(stderr, "eagain: pushed %d bytes to client (avail: %d)\n", + (int) len, (int) to_client_len); +#endif + + +#ifdef SERVER_PUSH_ADD + SERVER_PUSH_ADD +#endif + + return len; +} + +#endif + +/* inline is used to avoid a gcc warning if used in mini-eagain */ +inline static int server_pull_timeout_func(gnutls_transport_ptr_t ptr, + unsigned int ms) +{ + int ret; + + if (to_server_len > 0) + ret = 1; /* available data */ + else + ret = 0; /* timeout */ + +#ifdef EAGAIN_DEBUG + fprintf(stderr, + "eagain: server_pull_timeout: %d (avail: cli %d, serv %d)\n", + ret, (int) to_client_len, (int) to_server_len); +#endif + + return ret; +} + +inline static int client_pull_timeout_func(gnutls_transport_ptr_t ptr, + unsigned int ms) +{ + int ret; + + if (to_client_len > 0) + ret = 1; + else + ret = 0; + +#ifdef EAGAIN_DEBUG + fprintf(stderr, + "eagain: client_pull_timeout: %d (avail: cli %d, serv %d)\n", + ret, (int) to_client_len, (int) to_server_len); +#endif + + return ret; +} + +inline static void reset_buffers(void) +{ + to_server_len = 0; + to_client_len = 0; +} + +inline static int record_send_loop(gnutls_session_t session, + const void *data, size_t sizeofdata, + int use_null_on_retry) +{ + int ret; + const void *retry_data; + size_t retry_sizeofdata; + + if (use_null_on_retry) { + retry_data = 0; + retry_sizeofdata = 0; + } else { + retry_data = data; + retry_sizeofdata = sizeofdata; + } + + ret = gnutls_record_send(session, data, sizeofdata); + while (ret == GNUTLS_E_AGAIN) { + ret = + gnutls_record_send(session, retry_data, + retry_sizeofdata); + } + + return ret; +} + +#endif /* GNUTLS_TESTS_EAGAIN_COMMON_H */ diff --git a/tests/eagain.c b/tests/eagain.c new file mode 100644 index 0000000..cc7b35a --- /dev/null +++ b/tests/eagain.c @@ -0,0 +1,194 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#define RANDOMIZE +#include "cert-common.h" +#include "cmocka-common.h" + +/* This tests operation under non-blocking mode in TLS1.2/TLS1.3 + * as well as operation under TLS1.2 re-handshake. + */ +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..." + +static void async_handshake(void **glob_state, const char *prio, unsigned rehsk) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret, cret; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + /* Need to enable anonymous KX specifically. */ + char buffer[MAX_BUF + 1]; + int ret, transferred = 0, msglen; + + /* General init. */ + reset_buffers(); + gnutls_global_init(); + gnutls_global_set_log_function(tls_log_func); + + /* Init server */ + assert_return_code(gnutls_certificate_allocate_credentials(&serverx509cred), 0); + assert_return_code(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM), 0); + ret = gnutls_init(&server, GNUTLS_SERVER); + assert_return_code(ret, 0); + + ret = + gnutls_priority_set_direct(server, + prio, + NULL); + assert_return_code(ret, 0); + + ret = gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); + assert_return_code(ret, 0); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + assert_return_code(ret, 0); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + ret = + gnutls_priority_set_direct(client, + prio, + NULL); + assert_return_code(ret, 0); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, clientx509cred); + assert_return_code(ret, 0); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (rehsk == 1 || rehsk == 3) { + ssize_t n; + char b[1]; + + do { + sret = gnutls_rehandshake(server); + } while (sret == GNUTLS_E_AGAIN); + + do { + n = gnutls_record_recv(client, b, 1); + } while(n == GNUTLS_E_AGAIN); + + assert_int_equal(n, GNUTLS_E_REHANDSHAKE); + + if (rehsk == 3) { + /* client sends app data and the server ignores them */ + do { + cret = gnutls_record_send(client, "x", 1); + } while (cret == GNUTLS_E_AGAIN); + + do { + sret = gnutls_handshake(server); + } while (sret == GNUTLS_E_AGAIN); + assert_int_equal(sret, GNUTLS_E_GOT_APPLICATION_DATA); + + do { + n = gnutls_record_recv(server, buffer, sizeof(buffer)); + } while(n == GNUTLS_E_AGAIN); + } + + HANDSHAKE(client, server); + } else if (rehsk == 2) { + HANDSHAKE(client, server); + } + + msglen = strlen(MSG); + TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF); + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +static void tls12_async_handshake(void **glob_state) +{ + async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.2", 0); +} + +static void tls12_async_rehandshake_client(void **glob_state) +{ + async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.2", 1); +} + +static void tls12_async_rehandshake_server(void **glob_state) +{ + async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.2", 2); +} + +static void tls12_async_rehandshake_server_appdata(void **glob_state) +{ + async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.2", 3); +} + +static void tls13_async_handshake(void **glob_state) +{ + async_handshake(glob_state, "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0); +} + +int main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(tls12_async_handshake), + cmocka_unit_test(tls12_async_rehandshake_client), + cmocka_unit_test(tls12_async_rehandshake_server), + cmocka_unit_test(tls12_async_rehandshake_server_appdata), + cmocka_unit_test(tls13_async_handshake), + }; + return cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/tests/ecdh-compute.c b/tests/ecdh-compute.c new file mode 100644 index 0000000..2eac61c --- /dev/null +++ b/tests/ecdh-compute.c @@ -0,0 +1,209 @@ +/* + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Simo Sorce + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This program tests functionality of DH exchanges */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include "utils.h" + +#ifdef ENABLE_FIPS140 +int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve, + const gnutls_datum_t *x, const gnutls_datum_t *y, + const gnutls_datum_t *k, + const gnutls_datum_t *peer_x, const gnutls_datum_t *peer_y, + gnutls_datum_t *Z); + +int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve, + gnutls_datum_t *x, gnutls_datum_t *y, + gnutls_datum_t *k); + +static void genkey(gnutls_ecc_curve_t curve, gnutls_datum_t *x, + gnutls_datum_t *y, gnutls_datum_t *key) +{ + int ret; + + ret = _gnutls_ecdh_generate_key(curve, x, y, key); + if (ret != 0) + fail("error\n"); +} + +static void compute_key(gnutls_ecc_curve_t curve, const gnutls_datum_t *x, + const gnutls_datum_t *y, const gnutls_datum_t *key, + const gnutls_datum_t *peer_x, + const gnutls_datum_t *peer_y, + int expect_error, + gnutls_datum_t *result, bool expect_success) +{ + gnutls_datum_t Z = { 0 }; + bool success; + int ret; + + ret = _gnutls_ecdh_compute_key(curve, x, y, key, peer_x, peer_y, &Z); + if (expect_error != ret) + fail("error (%d)\n", ret); + + if (result) { + success = (Z.size != result->size && + memcmp(Z.data, result->data, Z.size)); + if (success != expect_success) + fail("error\n"); + } + gnutls_free(Z.data); +} + +struct dh_test_data { + gnutls_ecc_curve_t curve; + const gnutls_datum_t x; + const gnutls_datum_t y; + const gnutls_datum_t key; + const gnutls_datum_t peer_x; + const gnutls_datum_t peer_y; + int expected_error; +}; + +void doit(void) +{ + struct dh_test_data test_data[] = { + { + /* x == 0, y == 0 */ + GNUTLS_ECC_CURVE_SECP256R1, + { 0 }, { 0 }, { 0 }, + { (void *)"\x00", 1 }, + { (void *)"\x00", 1 }, + /* Should be GNUTLS_E_PK_INVALID_PUBKEY but mpi scan + * balks on values of 0 */ + GNUTLS_E_MPI_SCAN_FAILED, + }, + { + /* x > p -1 */ + GNUTLS_ECC_CURVE_SECP256R1, + { 0 }, { 0 }, { 0 }, + { (void *)"\xff\xff\xff\xff\x00\x00\x00\x01" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff", 1 }, + { (void *)"\x02", 1 }, + GNUTLS_E_PK_INVALID_PUBKEY, + }, + { + /* y > p -1 */ + GNUTLS_ECC_CURVE_SECP256R1, + { 0 }, { 0 }, { 0 }, + { (void *)"\x02", 1 }, + { (void *)"\xff\xff\xff\xff\x00\x00\x00\x01" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff", 1 }, + GNUTLS_E_PK_INVALID_PUBKEY, + }, + { + /* From CAVS tests */ + GNUTLS_ECC_CURVE_SECP521R1, + { (void *)"\xac\xbe\x4a\xd4\xf6\x73\x44\x0a" + "\xfc\x31\xf0\xb0\x3d\x28\xd4\xd5" + "\x14\xbe\x7b\xdd\x7a\x31\xb0\x32" + "\xec\x27\x27\x17\xa5\x7d\xc2\x6c" + "\xc4\xc9\x56\x29\xdb\x2d\x8c\x05" + "\x86\x2b\xe6\x15\xc6\x06\x28\xa3" + "\x24\xf2\x01\x7f\x98\xbd\xf9\x11" + "\xcc\xf8\x83\x5e\x43\x9e\xb2\xc1" + "\x88", 65 }, + { (void *)"\xd6\x9b\x29\xa2\x37\x82\x36\x92" + "\xe8\xdb\x90\xa3\x25\x68\x67\x6c" + "\x92\xff\x3d\x23\x85\xe2\xfd\x13" + "\x16\x12\x72\xb3\x4b\x55\x88\x72" + "\xb0\x35\xab\xb5\x10\x89\x52\x5f" + "\x42\x9f\x53\x02\x60\x80\xc3\xd5" + "\x36\x6e\xe9\xdd\x28\xae\xd2\x38" + "\xab\xbe\x68\x6a\x54\x3e\x19\xf2" + "\x77", 65 }, + { (void *)"\xd7\xdd\x17\x7c\xb9\x7f\x19\x09" + "\xbe\x56\x79\xba\x38\x7b\xee\x64" + "\xf7\xb4\x08\x4a\x4f\xaa\x6c\x31" + "\x8b\x82\xe9\xf2\xf7\x50\xc5\xc1" + "\x82\x26\x20\xd4\x88\x25\x0b\xf6" + "\xb4\x14\xea\x9b\x2c\x07\x93\x50" + "\xb9\xad\x78\x0a\x5e\xc6\xa6\xf8" + "\xb2\x9f\xa1\xc4\x76\xce\x1d\xa9" + "\xf5", 65 }, + { (void *)"\x01\x41\xbe\x1a\xfa\x21\x99\xc9" + "\xb2\x2d\xaa\x0a\xff\x90\xb2\x67" + "\x18\xa2\x67\x04\x7e\xae\x28\x40" + "\xe8\xbc\xa0\xbd\x0c\x75\x41\x51" + "\xf1\xa0\x4d\xcf\x09\xa5\x4f\x1e" + "\x13\x5e\xa0\xdd\x13\xed\x86\x74" + "\x05\xc0\xcb\x6d\xac\x14\x6a\x24" + "\xb8\xdc\xf3\x78\xed\xed\x5d\xcd" + "\x57\x5b", 66 }, + { (void *)"\x19\x52\xbd\x5d\xe6\x26\x40\xc3" + "\xfc\x8c\xc1\x55\xe2\x9c\x71\x14" + "\x5e\xdc\x62\x1c\x3a\x94\x4e\x55" + "\x56\x75\xf7\x45\x6e\xa4\x9e\x94" + "\xb8\xfe\xda\xd4\xac\x7d\x76\xc5" + "\xb4\x65\xed\xb4\x49\x34\x71\x14" + "\xdb\x8f\x10\x90\xa3\x05\x02\xdc" + "\x86\x92\x6c\xbe\x9b\x57\x32\xe3" + "\x2c", 65 }, + 0, + }, + { 0 } + }; + + for (int i = 0; test_data[i].curve != 0; i++) { + gnutls_datum_t x, y, key; + + if (test_data[i].key.data == NULL) { + genkey(test_data[i].curve, &x, &y, &key); + } else { + x = test_data[i].x; + y = test_data[i].y; + key = test_data[i].key; + } + + compute_key(test_data[i].curve, &x, &y, &key, + &test_data[i].peer_x, + &test_data[i].peer_y, + test_data[i].expected_error, + NULL, 0); + + if (test_data[i].key.data == NULL) { + gnutls_free(x.data); + gnutls_free(y.data); + gnutls_free(key.data); + } + } + + success("all ok\n"); +} +#else +void doit(void) +{ + return; +} +#endif diff --git a/tests/empty_retrieve_function.c b/tests/empty_retrieve_function.c new file mode 100644 index 0000000..ecdab3c --- /dev/null +++ b/tests/empty_retrieve_function.c @@ -0,0 +1,132 @@ +/* + * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * Copyright (C) 2018 Dmitry Eremin-Solenikov + * Copyright (C) 2018 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* Test for behavior of the library when certificate callbacks + * return no certificates. + */ + +static int cert_cb1(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, + int nreqs, + const gnutls_pk_algorithm_t * pk_algos, + int pk_algos_length, + gnutls_retr2_st *retr) +{ + memset(retr, 0, sizeof(*retr)); + return 0; +} + +static int cert_cb2(gnutls_session_t session, + const gnutls_datum_t *req_ca_rdn, + int nreqs, + const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_length, + gnutls_pcert_st** pcert, + unsigned int *pcert_length, + gnutls_privkey_t *privkey) +{ + *pcert_length = 0; + *privkey = NULL; + *pcert = NULL; + + return 0; +} + +static int cert_cb3(gnutls_session_t session, + const struct gnutls_cert_retr_st *info, + gnutls_pcert_st **certs, + unsigned int *pcert_length, + gnutls_ocsp_data_st **ocsp, + unsigned int *ocsp_length, + gnutls_privkey_t *privkey, + unsigned int *flags) +{ + *privkey = NULL; + *ocsp_length = 0; + *pcert_length = 0; + return 0; +} + + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +void doit(void) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_certificate_credentials_t clicred; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&x509_cred); + + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert_chain, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in error code\n"); + exit(1); + } + + gnutls_certificate_allocate_credentials(&clicred); + gnutls_certificate_set_retrieve_function(clicred, cert_cb1); + _test_cli_serv(x509_cred, clicred, "NORMAL", "NORMAL", "localhost", NULL, NULL, NULL, 0, 1, GNUTLS_E_CERTIFICATE_REQUIRED, -1); + gnutls_certificate_free_credentials(clicred); + + gnutls_certificate_allocate_credentials(&clicred); + gnutls_certificate_set_retrieve_function2(clicred, cert_cb2); + _test_cli_serv(x509_cred, clicred, "NORMAL", "NORMAL", "localhost", NULL, NULL, NULL, 0, 1, GNUTLS_E_CERTIFICATE_REQUIRED, -1); + gnutls_certificate_free_credentials(clicred); + + gnutls_certificate_allocate_credentials(&clicred); + gnutls_certificate_set_retrieve_function3(clicred, cert_cb3); + _test_cli_serv(x509_cred, clicred, "NORMAL", "NORMAL", "localhost", NULL, NULL, NULL, 0, 1, GNUTLS_E_CERTIFICATE_REQUIRED, -1); + gnutls_certificate_free_credentials(clicred); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/fallback-scsv.c b/tests/fallback-scsv.c new file mode 100644 index 0000000..d823e62 --- /dev/null +++ b/tests/fallback-scsv.c @@ -0,0 +1,318 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +static void terminate(void); + +/* This program tests whether EtM is negotiated as expected. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* This tests whether the fallback SCSV is working as intended. + */ + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio, unsigned expect_fail) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (expect_fail) { + goto end; + } + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio, unsigned expect_fail) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + unsigned to_send = sizeof(buffer)/4; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (expect_fail) { + if (ret == GNUTLS_E_INAPPROPRIATE_FALLBACK) { + if (debug) + success("server: received inappropriate fallback error\n"); + goto cleanup; + } else { + fail("server: received unexpected error: %s\n", gnutls_strerror(ret)); + } + } + + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + do { + ret = + gnutls_record_send(session, buffer, + sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("Error sending %d byte packet: %s\n", to_send, + gnutls_strerror(ret)); + terminate(); + } + to_send++; + } + while (to_send < 64); + + to_send = -1; + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + cleanup: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *server_prio, const char *cli_prio, unsigned expect_fail) +{ + int fd[2]; + int ret, status = 0; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], server_prio, expect_fail); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], cli_prio, expect_fail); + exit(0); + } +} + +static void ch_handler(int sig) +{ + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start("NORMAL", "NORMAL", 0); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2", 0); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:%FALLBACK_SCSV", 0); + start("NORMAL", "NORMAL:%FALLBACK_SCSV", 0); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:%FALLBACK_SCSV", 0); + start("NORMAL", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:%FALLBACK_SCSV", 1); + /* Check whether a TLS1.3 server rejects a TLS1.2 client which includes the SCSV */ + start("NORMAL:+VERS-TLS1.3:+VERS-TLS1.2", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:%FALLBACK_SCSV", 1); + start("NORMAL:+VERS-TLS1.3:+VERS-TLS1.2", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:%FALLBACK_SCSV", 0); +} + +#endif /* _WIN32 */ diff --git a/tests/fastopen.sh b/tests/fastopen.sh new file mode 100755 index 0000000..23a474e --- /dev/null +++ b/tests/fastopen.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +echo "Checking Fast open" + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem +CA1=${srcdir}/../doc/credentials/x509/ca.pem + +eval "${GETPORT}" +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" localhost --fastopen --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509cafile ${CA1} +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +# include +# include +#endif +#include "utils.h" + +#ifdef _WIN32 + +void doit(void) +{ + exit(77); +} + +#else + +/* Tests whether we can use gnutls_fips140_set_mode() and + * gnutls_fips140_mode_enabled() under multiple threads. + */ + +typedef struct thread_data_st { + unsigned mode; + unsigned set_mode; + int line; + pthread_t id; +} thread_data_st; + +static void *test_set_per_thread(void *arg) +{ + thread_data_st *data = arg; + unsigned mode; + int ret; + unsigned char digest[20]; + + mode = gnutls_fips140_mode_enabled(); + if (mode != data->mode) + fail("%d: gnutls_fips140_mode_enabled: wrong mode returned (%d, exp: %d)\n", data->line, mode, data->mode); + + if (data->set_mode) + gnutls_fips140_set_mode(data->set_mode, GNUTLS_FIPS140_SET_MODE_THREAD); + + mode = gnutls_fips140_mode_enabled(); + if (mode != data->set_mode) { + fail("%d: gnutls_fips140_mode_enabled: wrong mode returned after set (%d, exp: %d)\n", data->line, mode, data->set_mode); + } + + /* reset mode */ + gnutls_fips140_set_mode(data->mode, GNUTLS_FIPS140_SET_MODE_THREAD); + mode = gnutls_fips140_mode_enabled(); + if (mode != data->mode) + fail("%d: gnutls_fips140_mode_enabled: wrong mode returned after set (%d, exp: %d)\n", data->line, mode, data->mode); + + ret = gnutls_hmac_fast(GNUTLS_MAC_MD5, "keykeykey", 9, "abcdefgh", + 8, digest); + if (mode == GNUTLS_FIPS140_STRICT && ret >= 0) { + fail("gnutls_hmac_fast(MD5): succeeded in strict mode!\n"); + } else if (mode != GNUTLS_FIPS140_STRICT && ret < 0) { + fail("gnutls_hmac_fast(MD5): failed in non-strict mode!\n"); + } + + /* put to a random state */ + gnutls_fips140_set_mode(data->set_mode, GNUTLS_FIPS140_SET_MODE_THREAD); + + pthread_exit(0); +} + +#define MAX_THREADS 48 + +void doit(void) +{ + int ret; + thread_data_st *data; + unsigned i, j; + unsigned mode; + + signal(SIGPIPE, SIG_IGN); + + mode = gnutls_fips140_mode_enabled(); + if (mode == 0) { + success("We are not in FIPS140 mode\n"); + exit(77); + } + + data = calloc(1, sizeof(thread_data_st)*MAX_THREADS); + if (data == NULL) + abort(); + + success("starting threads\n"); + /* Test if changes per thread apply, and whether the global + * setting will remain the same */ + for (i=0;i +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +unsigned audit_called = 0; + +/* This does check the FIPS140 override support with + * gnutls_fips140_set_mode(). + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +static void audit_log_func(gnutls_session_t session, const char *str) +{ + audit_called = 1; +} + + +static void try_crypto(void) +{ + static uint8_t key16[16]; + static uint8_t iv16[16]; + gnutls_datum_t key = { key16, sizeof(key16) }; + gnutls_datum_t iv = { iv16, sizeof(iv16) }; + gnutls_cipher_hd_t ch; + gnutls_hmac_hd_t mh; + int ret; + gnutls_x509_privkey_t privkey; + + ret = + gnutls_cipher_init(&ch, GNUTLS_CIPHER_ARCFOUR_128, &key, &iv); + if (ret < 0) { + fail("gnutls_cipher_init failed\n"); + } + gnutls_cipher_deinit(ch); + + ret = + gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv); + if (ret < 0) { + fail("gnutls_cipher_init failed\n"); + } + gnutls_cipher_deinit(ch); + + ret = gnutls_hmac_init(&mh, GNUTLS_MAC_MD5, key.data, key.size); + if (ret < 0) { + fail("gnutls_hmac_init failed\n"); + } + gnutls_hmac_deinit(mh, NULL); + + ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size); + if (ret < 0) { + fail("gnutls_hmac_init failed\n"); + } + gnutls_hmac_deinit(mh, NULL); + + ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16)); + if (ret < 0) { + fail("gnutls_rnd failed\n"); + } + + assert(gnutls_x509_privkey_init(&privkey) == 0); + ret = gnutls_x509_privkey_generate(privkey, GNUTLS_PK_RSA, 512, 0); + if (ret < 0) { + fail("gnutls_x509_privkey_generate failed for 512-bit key\n"); + } + gnutls_x509_privkey_deinit(privkey); +} + +void doit(void) +{ + int ret; + unsigned int mode; + + fprintf(stderr, + "Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n"); + + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_audit_log_function(audit_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + mode = gnutls_fips140_mode_enabled(); + if (mode == 0) { + success("We are not in FIPS140 mode\n"); + exit(77); + } + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); + } + + /* switch to lax mode and check whether forbidden algorithms are accessible */ + gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); + + try_crypto(); + + /* check whether audit log was called */ + if (audit_called) { + fail("the audit function was called in lax mode!\n"); + } + + gnutls_fips140_set_mode(GNUTLS_FIPS140_LOG, 0); + + try_crypto(); + + /* check whether audit log was called */ + if (!audit_called) { + fail("the audit function was not called in log mode!\n"); + } + + gnutls_fips140_set_mode(GNUTLS_FIPS140_SELFTESTS, 0); + if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_STRICT) + fail("switching to selftests didn't switch the lib to the expected mode\n"); + + gnutls_fips140_set_mode(532, 0); + if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_STRICT) + fail("switching to unknown mode didn't switch the lib to the expected mode\n"); + + GNUTLS_FIPS140_SET_LAX_MODE(); + if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_LAX) + fail("switching to lax mode did not succeed!\n"); + + GNUTLS_FIPS140_SET_STRICT_MODE(); + if (gnutls_fips140_mode_enabled() != GNUTLS_FIPS140_STRICT) + fail("switching to strict mode did not succeed!\n"); + + gnutls_global_deinit(); + return; +} diff --git a/tests/fips-rsa-sizes.c b/tests/fips-rsa-sizes.c new file mode 100644 index 0000000..84b9aff --- /dev/null +++ b/tests/fips-rsa-sizes.c @@ -0,0 +1,328 @@ +/* + * Copyright (C) 2022 Red Hat, Inc. + * + * Author: Alexander Sosedkin + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include +#include + +#define FIPS_PUSH_CONTEXT() do { \ + ret = gnutls_fips140_push_context(fips_context); \ + if (ret < 0) { \ + fail("gnutls_fips140_push_context failed\n"); \ + } \ +} while (0) + +#define FIPS_POP_CONTEXT(state) do { \ + ret = gnutls_fips140_pop_context(); \ + if (ret < 0) { \ + fail("gnutls_fips140_context_pop failed\n"); \ + } \ + fips_state = gnutls_fips140_get_operation_state(fips_context); \ + if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \ + fail("operation state is not " # state " (%d)\n", \ + fips_state); \ + } \ +} while (0) + + +void generate_successfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey, + unsigned int size); +void generate_unsuccessfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey, + unsigned int size); +void sign_verify_successfully(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey); +void sign_verify_unsuccessfully(gnutls_privkey_t privkey, + gnutls_pubkey_t pubkey); +void nosign_verify(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey); + + +void generate_successfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey, + unsigned int size) +{ + int ret; + gnutls_x509_privkey_t xprivkey; + gnutls_fips140_context_t fips_context; + gnutls_fips140_operation_state_t fips_state; + assert(gnutls_fips140_context_init(&fips_context) == 0); + + fprintf(stderr, "%d-bit\n", size); + + /* x509 generation as well just because why not */ + FIPS_PUSH_CONTEXT(); + assert(gnutls_x509_privkey_init(&xprivkey) == 0); + ret = gnutls_x509_privkey_generate(xprivkey, GNUTLS_PK_RSA, size, 0); + if (ret != GNUTLS_E_SUCCESS) + fail("%d-bit x509_privkey_init (%d)\n", size, ret); + FIPS_POP_CONTEXT(APPROVED); + gnutls_x509_privkey_deinit(xprivkey); + + FIPS_PUSH_CONTEXT(); + assert(gnutls_privkey_init(privkey) == 0); + ret = gnutls_privkey_generate(*privkey, GNUTLS_PK_RSA, size, 0); + if (ret != GNUTLS_E_SUCCESS) + fail("%d-bit privkey_init (%d)\n", size, ret); + FIPS_POP_CONTEXT(APPROVED); + + assert(gnutls_pubkey_init(pubkey) == 0); + FIPS_PUSH_CONTEXT(); + ret = gnutls_pubkey_import_privkey(*pubkey, *privkey, + GNUTLS_KEY_DIGITAL_SIGNATURE, 0); + if (ret != GNUTLS_E_SUCCESS) + fail("%d-bit pubkey_import_privkey (%d)\n", size, ret); + FIPS_POP_CONTEXT(INITIAL); + + gnutls_fips140_context_deinit(fips_context); +} + + +void generate_unsuccessfully(gnutls_privkey_t* privkey, gnutls_pubkey_t* pubkey, + unsigned int size) +{ + int ret; + gnutls_x509_privkey_t xprivkey; + gnutls_fips140_context_t fips_context; + gnutls_fips140_operation_state_t fips_state; + assert(gnutls_fips140_context_init(&fips_context) == 0); + + fprintf(stderr, "%d-bit\n", size); + + /* short x509 generation: ERROR, blocked */ + FIPS_PUSH_CONTEXT(); + assert(gnutls_x509_privkey_init(&xprivkey) == 0); + ret = gnutls_x509_privkey_generate(xprivkey, GNUTLS_PK_RSA, size, 0); + if (ret != GNUTLS_E_PK_GENERATION_ERROR) + fail("%d-bit x509_privkey_init (%d)\n", size, ret); + FIPS_POP_CONTEXT(ERROR); + gnutls_x509_privkey_deinit(xprivkey); + + /* short key generation: ERROR, blocked */ + FIPS_PUSH_CONTEXT(); + assert(gnutls_privkey_init(privkey) == 0); + ret = gnutls_privkey_generate(*privkey, GNUTLS_PK_RSA, size, 0); + if (ret != GNUTLS_E_PK_GENERATION_ERROR) + fail("%d-bit privkey_init (%d)\n", size, ret); + FIPS_POP_CONTEXT(ERROR); + gnutls_privkey_deinit(*privkey); + + /* Disable FIPS to generate them anyway */ + gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); + assert(gnutls_fips140_mode_enabled() == GNUTLS_FIPS140_LAX); + + assert(gnutls_x509_privkey_init(&xprivkey) == 0); + ret = gnutls_x509_privkey_generate(xprivkey, GNUTLS_PK_RSA, size, 0); + if (ret != GNUTLS_E_SUCCESS) + fail("%d-bit x509_privkey_init (%d)\n", size, ret); + gnutls_x509_privkey_deinit(xprivkey); + + assert(gnutls_privkey_init(privkey) == 0); + ret = gnutls_privkey_generate(*privkey, GNUTLS_PK_RSA, size, 0); + if (ret != GNUTLS_E_SUCCESS) + fail("%d-bit privkey_init (%d)\n", size, ret); + + assert(gnutls_pubkey_init(pubkey) == 0); + ret = gnutls_pubkey_import_privkey(*pubkey, *privkey, + GNUTLS_KEY_DIGITAL_SIGNATURE, 0); + if (ret != GNUTLS_E_SUCCESS) + fail("%d-bit pubkey_import_privkey (%d)\n", size, ret); + + gnutls_fips140_set_mode(GNUTLS_FIPS140_STRICT, 0); + assert(gnutls_fips140_mode_enabled()); + + gnutls_fips140_context_deinit(fips_context); +} + + +void sign_verify_successfully(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey) { + int ret; + gnutls_fips140_context_t fips_context; + gnutls_fips140_operation_state_t fips_state; + + gnutls_datum_t signature; + gnutls_datum_t plaintext = { + .data = (unsigned char* const) "Hello world!", + .size = 12 + }; + assert(gnutls_fips140_context_init(&fips_context) == 0); + + /* RSA sign: approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, + &plaintext, &signature); + if (ret < 0) + fail("gnutls_privkey_sign_data failed\n"); + FIPS_POP_CONTEXT(APPROVED); + + /* RSA verify: approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA256, 0, + &plaintext, &signature); + if (ret < 0) + fail("gnutls_pubkey_verify_data2 failed\n"); + FIPS_POP_CONTEXT(APPROVED); + + gnutls_free(signature.data); + gnutls_fips140_context_deinit(fips_context); +} + + +void sign_verify_unsuccessfully(gnutls_privkey_t privkey, + gnutls_pubkey_t pubkey) { + int ret; + gnutls_fips140_context_t fips_context; + gnutls_fips140_operation_state_t fips_state; + + gnutls_datum_t signature; + gnutls_datum_t plaintext = { + .data = (unsigned char* const) "Hello world!", + .size = 12 + }; + assert(gnutls_fips140_context_init(&fips_context) == 0); + + /* small key RSA sign: not approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, + &plaintext, &signature); + if (ret < 0) + fail("gnutls_privkey_sign_data failed\n"); + FIPS_POP_CONTEXT(NOT_APPROVED); + + /* small key RSA verify: not approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA256, 0, + &plaintext, &signature); + if (ret < 0) + fail("gnutls_pubkey_verify_data2 failed\n"); + FIPS_POP_CONTEXT(NOT_APPROVED); + + gnutls_free(signature.data); + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(privkey); + gnutls_fips140_context_deinit(fips_context); +} + + +void nosign_verify(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey) { + int ret; + gnutls_fips140_context_t fips_context; + gnutls_fips140_operation_state_t fips_state; + + gnutls_datum_t signature; + gnutls_datum_t plaintext = { + .data = (unsigned char* const) "Hello world!", + .size = 12 + }; + assert(gnutls_fips140_context_init(&fips_context) == 0); + + /* 1024, 1280, 1536, 1792 key RSA sign: not approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, + &plaintext, &signature); + if (ret < 0) + fail("gnutls_privkey_sign_data failed\n"); + FIPS_POP_CONTEXT(NOT_APPROVED); + + /* Disable FIPS to sign them anyway */ + gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); + assert(gnutls_fips140_mode_enabled() == GNUTLS_FIPS140_LAX); + + ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, + &plaintext, &signature); + if (ret < 0) + fail("gnutls_privkey_sign_data failed\n"); + + gnutls_fips140_set_mode(GNUTLS_FIPS140_STRICT, 0); + assert(gnutls_fips140_mode_enabled()); + + /* 1024, 1280, 1536, 1792 key RSA verify: approved (exception) */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA256, 0, + &plaintext, &signature); + if (ret < 0) + fail("gnutls_pubkey_verify_data2 failed\n"); + FIPS_POP_CONTEXT(APPROVED); + + gnutls_free(signature.data); + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(privkey); + gnutls_fips140_context_deinit(fips_context); +} + + +void doit(void) +{ + gnutls_fips140_context_t fips_context; + gnutls_privkey_t privkey; + gnutls_pubkey_t pubkey; + + if (gnutls_fips140_mode_enabled() == 0) { + success("We are not in FIPS140 mode\n"); + exit(77); /* SKIP */ + } + + assert(gnutls_fips140_context_init(&fips_context) == 0); + + /* 512-bit RSA: no generate, no sign, no verify */ + generate_unsuccessfully(&privkey, &pubkey, 512); + sign_verify_unsuccessfully(privkey, pubkey); + /* 512-bit RSA again (to be safer about going in and out of FIPS) */ + generate_unsuccessfully(&privkey, &pubkey, 512); + sign_verify_unsuccessfully(privkey, pubkey); + /* 600-bit RSA: no generate, no sign, no verify */ + generate_unsuccessfully(&privkey, &pubkey, 600); + sign_verify_unsuccessfully(privkey, pubkey); + + /* 768-bit RSA not-an-exception: nogenerate, nosign, verify */ + generate_unsuccessfully(&privkey, &pubkey, 768); + sign_verify_unsuccessfully(privkey, pubkey); + /* 1024-bit RSA exception: nogenerate, nosign, verify */ + generate_unsuccessfully(&privkey, &pubkey, 1024); + nosign_verify(privkey, pubkey); + /* 1280-bit RSA exception: nogenerate, nosign, verify */ + generate_unsuccessfully(&privkey, &pubkey, 1280); + nosign_verify(privkey, pubkey); + /* 1500-bit RSA not-an-exception: nogenerate, nosign, noverify */ + generate_unsuccessfully(&privkey, &pubkey, 1500); + sign_verify_unsuccessfully(privkey, pubkey); + /* 1536-bit RSA exception: nogenerate, nosign, verify */ + generate_unsuccessfully(&privkey, &pubkey, 1536); + nosign_verify(privkey, pubkey); + /* 1792-bit RSA exception: nogenerate, nosign, verify */ + generate_unsuccessfully(&privkey, &pubkey, 1792); + nosign_verify(privkey, pubkey); + /* 2000-bit RSA not-an-exception: nogenerate, nosign, noverify */ + generate_unsuccessfully(&privkey, &pubkey, 2000); + sign_verify_unsuccessfully(privkey, pubkey); + + /* 2048-bit RSA: generate, sign, verify */ + generate_successfully(&privkey, &pubkey, 2048); + sign_verify_successfully(privkey, pubkey); + /* 2432-bit RSA: nogenerate, sign, verify */ + generate_unsuccessfully(&privkey, &pubkey, 2432); + sign_verify_successfully(privkey, pubkey); + /* 3072-bit RSA: generate, sign, verify */ + generate_successfully(&privkey, &pubkey, 3072); + sign_verify_successfully(privkey, pubkey); + + gnutls_fips140_context_deinit(fips_context); +} diff --git a/tests/fips-test.c b/tests/fips-test.c new file mode 100644 index 0000000..475b739 --- /dev/null +++ b/tests/fips-test.c @@ -0,0 +1,559 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* This does check the FIPS140 support. + */ + +#define FIPS_PUSH_CONTEXT() do { \ + ret = gnutls_fips140_push_context(fips_context); \ + if (ret < 0) { \ + fail("gnutls_fips140_push_context failed\n"); \ + } \ +} while (0) + +#define FIPS_POP_CONTEXT(state) do { \ + ret = gnutls_fips140_pop_context(); \ + if (ret < 0) { \ + fail("gnutls_fips140_context_pop failed\n"); \ + } \ + fips_state = gnutls_fips140_get_operation_state(fips_context); \ + if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \ + fail("operation state is not " # state " (%d)\n", \ + fips_state); \ + } \ +} while (0) + +void _gnutls_lib_simulate_error(void); + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +static uint8_t key16[16]; +static uint8_t iv16[16]; +uint8_t key_data[64]; +uint8_t iv_data[16]; +gnutls_fips140_context_t fips_context; +gnutls_fips140_operation_state_t fips_state; + +static const gnutls_datum_t data = { .data = (unsigned char *)"foo", 3 }; +static const uint8_t rsa2342_sha1_sig_data[] = { + 0x9b, 0x3e, 0x15, 0x36, 0xec, 0x9d, 0x51, 0xd7, 0xa2, 0xb1, 0x3a, 0x15, + 0x1a, 0xfe, 0x4e, 0x12, 0x43, 0x3c, 0xa8, 0x58, 0x4c, 0x2a, 0x82, 0xc1, + 0x02, 0x3f, 0xc0, 0x6f, 0xa2, 0x23, 0xba, 0x58, 0x9f, 0xc0, 0xfc, 0x87, + 0x5e, 0xfd, 0x13, 0x32, 0xa6, 0xd9, 0x72, 0x63, 0x04, 0x68, 0xb9, 0x0f, + 0x46, 0x21, 0x3f, 0x7f, 0xe1, 0xa2, 0xb0, 0xfa, 0x66, 0x84, 0xd9, 0x64, + 0x87, 0x40, 0x31, 0x27, 0xec, 0xb3, 0xbb, 0x53, 0xb5, 0x8f, 0xf9, 0x3c, + 0x45, 0x1c, 0xcc, 0x30, 0xf5, 0xab, 0x9e, 0x1b, 0x86, 0x92, 0x6a, 0x58, + 0xeb, 0xa1, 0x87, 0x71, 0x40, 0xfb, 0x9d, 0x8f, 0x2c, 0x82, 0x32, 0xe1, + 0x7f, 0xfc, 0xe9, 0xd1, 0x76, 0xa3, 0x56, 0xdf, 0x38, 0xdb, 0xe2, 0x8a, + 0xd3, 0x7e, 0xb4, 0xe2, 0xc9, 0x6a, 0xb2, 0x02, 0xe8, 0xf6, 0x34, 0xde, + 0x51, 0x36, 0xd7, 0x3a, 0xba, 0x0f, 0x51, 0x3d, 0xb0, 0xe8, 0x8e, 0x58, + 0x72, 0x1c, 0x89, 0xac, 0x68, 0xa5, 0x03, 0xb1, 0xd6, 0x5d, 0x32, 0x2f, + 0x3c, 0x71, 0xcc, 0xc2, 0xd7, 0xf9, 0x51, 0xb1, 0xc8, 0x07, 0x07, 0x63, + 0xe7, 0xa9, 0x9b, 0x9f, 0xdb, 0xc5, 0xb5, 0x68, 0xfd, 0xed, 0x11, 0x0c, + 0xa7, 0xfa, 0x08, 0x59, 0xa8, 0x84, 0xcd, 0x36, 0x6b, 0xa5, 0xfe, 0xf9, + 0xd3, 0xe1, 0x36, 0xaf, 0x71, 0x47, 0x39, 0x1e, 0xb7, 0xbc, 0x06, 0x66, + 0xb8, 0xd7, 0x6d, 0x37, 0x6d, 0x52, 0x85, 0x34, 0x2b, 0x05, 0x62, 0x2e, + 0xbe, 0x6d, 0xa3, 0x76, 0xcd, 0xe0, 0xd6, 0x3e, 0x9d, 0xcf, 0x74, 0xf9, + 0xb4, 0x6b, 0xc0, 0x20, 0xe9, 0xd7, 0x19, 0x2d, 0xe6, 0x8a, 0xfd, 0xa2, + 0xa4, 0x4a, 0xea, 0x01, 0x91, 0xf5, 0xb5, 0x29, 0x7a, 0xda, 0x68, 0xc6, + 0x6c, 0xa0, 0x99, 0x5b, 0x79, 0x18, 0x96, 0xb1, 0xbe, 0x38, 0x74, 0x66, + 0x4b, 0x47, 0x46, 0x89, 0xea, 0x25, 0x2a, 0x9e, 0x3a, 0xdc, 0x49, 0x6b, + 0xba, 0xcb, 0xe4, 0x7a, 0x8f, 0x60, 0x35, 0xf3, 0x9f, 0x9d, 0xeb, 0x9d, + 0xfa, 0x0c, 0xaf, 0x6e, 0x47, 0x65, 0xaf, 0x17, 0x18, 0x56, 0x16, 0xe8, + 0x01, 0xd5, 0x55, 0xdf, 0xca, 0x41, 0x63, 0xd0, 0x48, 0x9b, 0x08, 0xdb, + 0xdd, 0x73, 0x4a, 0xa5, +}; + +static const gnutls_datum_t rsa2342_sha1_sig = { + .data = (unsigned char *)rsa2342_sha1_sig_data, + .size = sizeof(rsa2342_sha1_sig_data), +}; + +static void +rsa_import_keypair(gnutls_privkey_t *privkey, gnutls_pubkey_t *pubkey, + const char *filename) +{ + const char *srcdir; + char path[256]; + gnutls_datum_t tmp; + gnutls_x509_privkey_t xprivkey; + int ret; + + ret = gnutls_x509_privkey_init(&xprivkey); + if (ret < 0) { + fail("gnutls_x509_privkey_init failed\n"); + } + srcdir = getenv("srcdir"); + if (!srcdir) { + srcdir = "."; + } + snprintf(path, sizeof(path), "%s/certs/%s", srcdir, filename); + ret = gnutls_load_file(path, &tmp); + if (ret < 0) { + fail("gnutls_load_file failed\n"); + } + ret = gnutls_x509_privkey_import(xprivkey, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_privkey_import failed\n"); + } + gnutls_free(tmp.data); + + ret = gnutls_privkey_init(privkey); + if (ret < 0) { + fail("gnutls_privkey_init failed\n"); + } + ret = gnutls_privkey_import_x509(*privkey, xprivkey, + GNUTLS_PRIVKEY_IMPORT_COPY); + if (ret < 0) { + fail("gnutls_privkey_import_x509 failed\n"); + } + gnutls_x509_privkey_deinit(xprivkey); + + ret = gnutls_pubkey_init(pubkey); + if (ret < 0) { + fail("gnutls_pubkey_init failed\n"); + } + ret = gnutls_pubkey_import_privkey(*pubkey, *privkey, + GNUTLS_KEY_DIGITAL_SIGNATURE, 0); + if (ret < 0) { + fail("gnutls_pubkey_import_privkey failed\n"); + } + +} + +static void +test_aead_cipher_approved(gnutls_cipher_algorithm_t cipher) +{ + int ret; + unsigned key_size = gnutls_cipher_get_key_size(cipher); + gnutls_aead_cipher_hd_t h; + gnutls_datum_t key = { key_data, key_size }; + gnutls_memset(key_data, 0, key_size); + + FIPS_PUSH_CONTEXT(); + ret = gnutls_aead_cipher_init(&h, cipher, &key); + if (ret < 0) { + fail("gnutls_aead_cipher_init failed for %s\n", + gnutls_cipher_get_name(cipher)); + } + gnutls_aead_cipher_deinit(h); + FIPS_POP_CONTEXT(APPROVED); +} + +static void +test_cipher_approved(gnutls_cipher_algorithm_t cipher) +{ + int ret; + unsigned key_size = gnutls_cipher_get_key_size(cipher); + unsigned iv_size = gnutls_cipher_get_iv_size(cipher); + gnutls_cipher_hd_t h; + gnutls_datum_t key = { key_data, key_size }; + gnutls_datum_t iv = { iv_data, iv_size }; + gnutls_memset(key_data, 0, key_size); + gnutls_memset(iv_data, 0, iv_size); + + FIPS_PUSH_CONTEXT(); + ret = gnutls_cipher_init(&h, cipher, &key, &iv); + if (ret < 0) { + fail("gnutls_cipher_init failed for %s\n", + gnutls_cipher_get_name(cipher)); + } + gnutls_cipher_deinit(h); + FIPS_POP_CONTEXT(APPROVED); +} + +static void +test_cipher_allowed(gnutls_cipher_algorithm_t cipher) +{ + int ret; + unsigned key_size = gnutls_cipher_get_key_size(cipher); + unsigned iv_size = gnutls_cipher_get_iv_size(cipher); + gnutls_cipher_hd_t h; + gnutls_datum_t key = { key_data, key_size }; + gnutls_datum_t iv = { iv_data, iv_size }; + gnutls_memset(key_data, 0, key_size); + gnutls_memset(iv_data, 0, iv_size); + + FIPS_PUSH_CONTEXT(); + ret = gnutls_cipher_init(&h, cipher, &key, &iv); + if (ret < 0) { + fail("gnutls_cipher_init failed for %s\n", + gnutls_cipher_get_name(cipher)); + } + gnutls_cipher_deinit(h); + FIPS_POP_CONTEXT(NOT_APPROVED); +} + +static void +test_cipher_disallowed(gnutls_cipher_algorithm_t cipher) +{ + int ret; + unsigned key_size = gnutls_cipher_get_key_size(cipher); + unsigned iv_size = gnutls_cipher_get_iv_size(cipher); + gnutls_cipher_hd_t h; + gnutls_datum_t key = { key_data, key_size }; + gnutls_datum_t iv = { iv_data, iv_size }; + gnutls_memset(key_data, 0, key_size); + gnutls_memset(iv_data, 0, iv_size); + + FIPS_PUSH_CONTEXT(); + ret = gnutls_cipher_init(&h, cipher, &key, &iv); + if (ret != GNUTLS_E_UNWANTED_ALGORITHM) { + if (ret == 0) + gnutls_cipher_deinit(h); + fail("gnutls_cipher_init should have failed with " + "GNUTLS_E_UNWANTED_ALGORITHM for %s\n", + gnutls_cipher_get_name(cipher)); + } + FIPS_POP_CONTEXT(ERROR); +} + +static inline void +test_ciphers(void) +{ + test_cipher_approved(GNUTLS_CIPHER_AES_128_CBC); + test_cipher_approved(GNUTLS_CIPHER_AES_192_CBC); + test_cipher_approved(GNUTLS_CIPHER_AES_256_CBC); + test_aead_cipher_approved(GNUTLS_CIPHER_AES_128_CCM); + test_aead_cipher_approved(GNUTLS_CIPHER_AES_256_CCM); + test_aead_cipher_approved(GNUTLS_CIPHER_AES_128_CCM_8); + test_aead_cipher_approved(GNUTLS_CIPHER_AES_256_CCM_8); + test_cipher_approved(GNUTLS_CIPHER_AES_128_CFB8); + test_cipher_approved(GNUTLS_CIPHER_AES_192_CFB8); + test_cipher_approved(GNUTLS_CIPHER_AES_256_CFB8); + test_cipher_allowed(GNUTLS_CIPHER_AES_128_GCM); + test_cipher_allowed(GNUTLS_CIPHER_AES_192_GCM); + test_cipher_allowed(GNUTLS_CIPHER_AES_256_GCM); + test_cipher_disallowed(GNUTLS_CIPHER_ARCFOUR_128); + test_cipher_disallowed(GNUTLS_CIPHER_ESTREAM_SALSA20_256); + test_cipher_disallowed(GNUTLS_CIPHER_SALSA20_256); + test_cipher_disallowed(GNUTLS_CIPHER_CHACHA20_32); + test_cipher_disallowed(GNUTLS_CIPHER_CHACHA20_64); + test_cipher_disallowed(GNUTLS_CIPHER_CAMELLIA_192_CBC); + test_cipher_disallowed(GNUTLS_CIPHER_CAMELLIA_128_CBC); + test_cipher_disallowed(GNUTLS_CIPHER_CHACHA20_POLY1305); + test_cipher_disallowed(GNUTLS_CIPHER_CAMELLIA_128_GCM); + test_cipher_disallowed(GNUTLS_CIPHER_CAMELLIA_256_GCM); + test_cipher_disallowed(GNUTLS_CIPHER_GOST28147_CPA_CFB); + test_cipher_disallowed(GNUTLS_CIPHER_GOST28147_CPB_CFB); + test_cipher_disallowed(GNUTLS_CIPHER_GOST28147_CPC_CFB); + test_cipher_disallowed(GNUTLS_CIPHER_AES_128_SIV); + test_cipher_disallowed(GNUTLS_CIPHER_AES_256_SIV); + test_cipher_disallowed(GNUTLS_CIPHER_GOST28147_TC26Z_CNT); + test_cipher_disallowed(GNUTLS_CIPHER_MAGMA_CTR_ACPKM); + test_cipher_disallowed(GNUTLS_CIPHER_KUZNYECHIK_CTR_ACPKM); + test_cipher_disallowed(GNUTLS_CIPHER_3DES_CBC); + test_cipher_disallowed(GNUTLS_CIPHER_DES_CBC); + test_cipher_disallowed(GNUTLS_CIPHER_ARCFOUR_40); + test_cipher_disallowed(GNUTLS_CIPHER_RC2_40_CBC); +} + +void doit(void) +{ + int ret; + unsigned int mode; + gnutls_cipher_hd_t ch; + gnutls_hmac_hd_t mh; + gnutls_session_t session; + gnutls_pubkey_t pubkey; + gnutls_x509_privkey_t xprivkey; + gnutls_privkey_t privkey; + gnutls_datum_t key = { key16, sizeof(key16) }; + gnutls_datum_t iv = { iv16, sizeof(iv16) }; + gnutls_datum_t signature; + unsigned int bits; + uint8_t hmac[64]; + + fprintf(stderr, + "Please note that if in FIPS140 mode, you need to assure the library's integrity prior to running this test\n"); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + mode = gnutls_fips140_mode_enabled(); + if (mode == 0) { + success("We are not in FIPS140 mode\n"); + exit(77); + } + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); + } + + ret = gnutls_fips140_context_init(&fips_context); + if (ret < 0) { + fail("Cannot initialize FIPS context\n"); + } + fips_state = gnutls_fips140_get_operation_state(fips_context); + if (fips_state != GNUTLS_FIPS140_OP_INITIAL) { + fail("operation state is not initial\n"); + } + ret = gnutls_fips140_pop_context(); + if (ret != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_fips140_pop_context succeeded while not pushed\n"); + } + + /* Try crypto.h functionality */ + test_ciphers(); + + FIPS_PUSH_CONTEXT(); + ret = gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv); + if (ret < 0) { + fail("gnutls_cipher_init failed\n"); + } + gnutls_cipher_deinit(ch); + FIPS_POP_CONTEXT(APPROVED); + + FIPS_PUSH_CONTEXT(); + ret = gnutls_cipher_init(&ch, GNUTLS_CIPHER_ARCFOUR_128, &key, &iv); + if (ret != GNUTLS_E_UNWANTED_ALGORITHM) { + fail("gnutls_cipher_init succeeded for arcfour\n"); + } + FIPS_POP_CONTEXT(ERROR); + + ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size); + if (ret < 0) { + fail("gnutls_hmac_init failed\n"); + } + gnutls_hmac_deinit(mh, NULL); + + ret = gnutls_hmac_init(&mh, GNUTLS_MAC_MD5, key.data, key.size); + if (ret != GNUTLS_E_UNWANTED_ALGORITHM) { + fail("gnutls_hmac_init succeeded for md5\n"); + } + + /* HMAC with key equal to or longer than 112 bits: approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA256, key.data, key.size); + if (ret < 0) { + fail("gnutls_hmac_init failed\n"); + } + gnutls_hmac_deinit(mh, NULL); + FIPS_POP_CONTEXT(APPROVED); + + /* HMAC with key shorter than 112 bits: not approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA256, key.data, 13); + if (ret < 0) { + fail("gnutls_hmac_init failed\n"); + } + gnutls_hmac_deinit(mh, NULL); + FIPS_POP_CONTEXT(NOT_APPROVED); + + /* HMAC with key equal to or longer than 112 bits: approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_hmac_fast(GNUTLS_MAC_SHA256, key.data, key.size, + data.data, data.size, hmac); + if (ret < 0) { + fail("gnutls_hmac_fast failed\n"); + } + FIPS_POP_CONTEXT(APPROVED); + + /* HMAC with key shorter than 112 bits: not approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_hmac_fast(GNUTLS_MAC_SHA256, key.data, 13, + data.data, data.size, hmac); + if (ret < 0) { + fail("gnutls_hmac_fast failed\n"); + } + FIPS_POP_CONTEXT(NOT_APPROVED); + + ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16)); + if (ret < 0) { + fail("gnutls_rnd failed\n"); + } + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) { + fail("gnutls_pubkey_init failed\n"); + } + gnutls_pubkey_deinit(pubkey); + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) { + fail("gnutls_privkey_init failed\n"); + } + gnutls_privkey_deinit(privkey); + + ret = gnutls_init(&session, 0); + if (ret < 0) { + fail("gnutls_init failed\n"); + } + gnutls_deinit(session); + + /* Generate 2048-bit RSA key */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_x509_privkey_init(&xprivkey); + if (ret < 0) { + fail("gnutls_privkey_init failed\n"); + } + bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_MEDIUM); + ret = gnutls_x509_privkey_generate(xprivkey, GNUTLS_PK_RSA, bits, 0); + if (ret < 0) { + fail("gnutls_x509_privkey_generate failed (%d) for %u-bit key\n", + ret, bits); + } + gnutls_x509_privkey_deinit(xprivkey); + FIPS_POP_CONTEXT(APPROVED); + + /* Generate 512-bit RSA key */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_x509_privkey_init(&xprivkey); + if (ret < 0) { + fail("gnutls_privkey_init failed\n"); + } + ret = gnutls_x509_privkey_generate(xprivkey, GNUTLS_PK_RSA, 512, 0); + if (ret != GNUTLS_E_PK_GENERATION_ERROR) { + fail("gnutls_x509_privkey_generate succeeded (%d) for 512-bit key\n", ret); + } + gnutls_x509_privkey_deinit(xprivkey); + FIPS_POP_CONTEXT(ERROR); + + /* Import 2432-bit RSA key; not a security function */ + FIPS_PUSH_CONTEXT(); + rsa_import_keypair(&privkey, &pubkey, "rsa-2432.pem"); + FIPS_POP_CONTEXT(INITIAL); + + /* Create a signature with 2432-bit RSA and SHA256; approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, + &data, &signature); + if (ret < 0) { + fail("gnutls_privkey_sign_data failed\n"); + } + FIPS_POP_CONTEXT(APPROVED); + + /* Verify a signature with 2432-bit RSA and SHA256; approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA256, 0, + &data, &signature); + if (ret < 0) { + fail("gnutls_pubkey_verify_data2 failed\n"); + } + FIPS_POP_CONTEXT(APPROVED); + gnutls_free(signature.data); + + /* Create a signature with 2432-bit RSA and SHA-1; not approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, + &data, &signature); + if (ret < 0) { + fail("gnutls_privkey_sign_data failed\n"); + } + FIPS_POP_CONTEXT(NOT_APPROVED); + + /* Verify a signature created with 2432-bit RSA and SHA-1; approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA1, + GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, &data, + &rsa2342_sha1_sig); + if (ret < 0) { + fail("gnutls_pubkey_verify_data2 failed\n"); + } + FIPS_POP_CONTEXT(APPROVED); + gnutls_free(signature.data); + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(privkey); + + /* Import 512-bit RSA key; not a security function */ + FIPS_PUSH_CONTEXT(); + rsa_import_keypair(&privkey, &pubkey, "rsa-512.pem"); + FIPS_POP_CONTEXT(INITIAL); + + /* Create a signature with 512-bit RSA and SHA256; not approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA256, 0, + &data, &signature); + if (ret < 0) { + fail("gnutls_privkey_sign_data failed\n"); + } + FIPS_POP_CONTEXT(NOT_APPROVED); + + /* Verify a signature with 512-bit RSA and SHA256; not approved */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_RSA_SHA256, 0, + &data, &signature); + if (ret < 0) { + fail("gnutls_pubkey_verify_data2 failed\n"); + } + FIPS_POP_CONTEXT(NOT_APPROVED); + gnutls_free(signature.data); + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(privkey); + + /* Test RND functions */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_rnd(GNUTLS_RND_RANDOM, key16, sizeof(key16)); + if (ret < 0) { + fail("gnutls_rnd failed\n"); + } + FIPS_POP_CONTEXT(APPROVED); + + /* run self-tests manually */ + FIPS_PUSH_CONTEXT(); + ret = gnutls_rnd(GNUTLS_RND_RANDOM, key16, sizeof(key16)); + ret = gnutls_fips140_run_self_tests(); + if (ret < 0) { + fail("gnutls_fips140_run_self_tests failed\n"); + } + FIPS_POP_CONTEXT(APPROVED); + + /* Test when FIPS140 is set to error state */ + _gnutls_lib_simulate_error(); + + + /* Try crypto.h functionality */ + ret = + gnutls_cipher_init(&ch, GNUTLS_CIPHER_AES_128_CBC, &key, &iv); + if (ret >= 0) { + fail("gnutls_cipher_init succeeded when in FIPS140 error state\n"); + } + + ret = gnutls_hmac_init(&mh, GNUTLS_MAC_SHA1, key.data, key.size); + if (ret >= 0) { + fail("gnutls_hmac_init succeeded when in FIPS140 error state\n"); + } + + ret = gnutls_rnd(GNUTLS_RND_NONCE, key16, sizeof(key16)); + if (ret >= 0) { + fail("gnutls_rnd succeeded when in FIPS140 error state\n"); + } + + ret = gnutls_pubkey_init(&pubkey); + if (ret >= 0) { + fail("gnutls_pubkey_init succeeded when in FIPS140 error state\n"); + } + + ret = gnutls_privkey_init(&privkey); + if (ret >= 0) { + fail("gnutls_privkey_init succeeded when in FIPS140 error state\n"); + } + + ret = gnutls_x509_privkey_init(&xprivkey); + if (ret >= 0) { + fail("gnutls_x509_privkey_init succeeded when in FIPS140 error state\n"); + } + + ret = gnutls_init(&session, 0); + if (ret >= 0) { + fail("gnutls_init succeeded when in FIPS140 error state\n"); + } + + gnutls_fips140_context_deinit(fips_context); + + gnutls_global_deinit(); + return; +} diff --git a/tests/fixtures/templates/arb-extensions.tmpl.exp b/tests/fixtures/templates/arb-extensions.tmpl.exp new file mode 100644 index 0000000..852b77a --- /dev/null +++ b/tests/fixtures/templates/arb-extensions.tmpl.exp @@ -0,0 +1,17 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +uid: clauper +serial: 9 +expiration_days: 2590 +email_protection_key: +add_extension: 1.2.3.4 0001020304050607AAABCD +add_extension: 1.6.7.8 0x0001020304050607AAABCD +add_extension: 1.2.3.4.5.6.7 1d34cd5ad065dc27c17e9447b0aaaca7 +add_extension: 1.2.3.4294967295.7 178f0e413f041cc9d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7 +add_critical_extension: 1.10.11.12.13.14.15.16.17.1.5 CAFE +add_extension: 1.2.6710656.7 d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7 +add_extension: 1.0.1.5 octet_string(CAFEBEAF) +add_critical_extension: 1.0.1.5.1 octet_string(BEAFCAFEFAFA) diff --git a/tests/fixtures/templates/crit-extensions.tmpl.exp b/tests/fixtures/templates/crit-extensions.tmpl.exp new file mode 100644 index 0000000..cfb46a0 --- /dev/null +++ b/tests/fixtures/templates/crit-extensions.tmpl.exp @@ -0,0 +1,10 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +uid: clauper +serial: 9 +expiration_days: 2590 +add_critical_extension: 1.10.11.12.13.14.15.16.17.1.5 CAFE +add_critical_extension: 1.2.1.5.1 octet_string(BEAFCAFEFAFA) diff --git a/tests/fixtures/templates/inhibit-anypolicy.tmpl.exp b/tests/fixtures/templates/inhibit-anypolicy.tmpl.exp new file mode 100644 index 0000000..23d962d --- /dev/null +++ b/tests/fixtures/templates/inhibit-anypolicy.tmpl.exp @@ -0,0 +1,25 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +uid: clauper +dn_oid: 2.5.4.12 Dr. +dn_oid: 2.5.4.65 jackal +pkcs9_email: none@none.org +serial: 7 +inhibit_anypolicy_skip_certs: 3 +expiration_days: 2590 +dns_name: www.none.org +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl1/ +crl_dist_points: http://www.getcrl.crl/getcrl2/ +crl_dist_points: http://www.getcrl.crl/getcrl3/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/simple-policy.tmpl.exp b/tests/fixtures/templates/simple-policy.tmpl.exp new file mode 100644 index 0000000..c197d52 --- /dev/null +++ b/tests/fixtures/templates/simple-policy.tmpl.exp @@ -0,0 +1,9 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +uid: clauper +serial: 10 +expiration_days: 2590 +policy1: 2.16.840.1.101.3.2.1.48.1 diff --git a/tests/fixtures/templates/template-crq.tmpl.exp b/tests/fixtures/templates/template-crq.tmpl.exp new file mode 100644 index 0000000..1ec355d --- /dev/null +++ b/tests/fixtures/templates/template-crq.tmpl.exp @@ -0,0 +1,3 @@ +serial: 567 +honor_crq_ext: 2.5.29.15 +honor_crq_ext: 2.5.29.37 diff --git a/tests/fixtures/templates/template-date.tmpl.exp b/tests/fixtures/templates/template-date.tmpl.exp new file mode 100644 index 0000000..28485a2 --- /dev/null +++ b/tests/fixtures/templates/template-date.tmpl.exp @@ -0,0 +1,23 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +uid: clauper +dn_oid: 2.5.4.12 Dr. +dn_oid: 2.5.4.65 jackal +pkcs9_email: none@none.org +serial: 7 +expiration_date: 2015-05-24 14:29:12 +activation_date: 2029-01-12 11:36:11 +dns_name: www.none.org +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-dates-after2038.tmpl.exp b/tests/fixtures/templates/template-dates-after2038.tmpl.exp new file mode 100644 index 0000000..d53ad5a --- /dev/null +++ b/tests/fixtures/templates/template-dates-after2038.tmpl.exp @@ -0,0 +1,23 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +uid: clauper +dn_oid: 2.5.4.12 Dr. +dn_oid: 2.5.4.65 jackal +pkcs9_email: none@none.org +serial: 7 +expiration_date: 2043-05-24 14:29:12 +activation_date: 2039-01-12 11:36:11 +dns_name: www.none.org +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-dn-err.tmpl.exp b/tests/fixtures/templates/template-dn-err.tmpl.exp new file mode 100644 index 0000000..5353e24 --- /dev/null +++ b/tests/fixtures/templates/template-dn-err.tmpl.exp @@ -0,0 +1,14 @@ +dn: acn=Nik,st=Attiki,C=GR,surNameO=Mavrogiannopoulos,2.5.4.9=Arkadias +serial: 7 +expiration_days: 2590 +dns_name: www.none.org +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-dn.tmpl.exp b/tests/fixtures/templates/template-dn.tmpl.exp new file mode 100644 index 0000000..173eb94 --- /dev/null +++ b/tests/fixtures/templates/template-dn.tmpl.exp @@ -0,0 +1,14 @@ +dn: 2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik +serial: 7 +expiration_days: 2590 +dns_name: www.none.org +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-generalized.tmpl.exp b/tests/fixtures/templates/template-generalized.tmpl.exp new file mode 100644 index 0000000..997eb24 --- /dev/null +++ b/tests/fixtures/templates/template-generalized.tmpl.exp @@ -0,0 +1,23 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +uid: clauper +dn_oid: 2.5.4.12 Dr. +dn_oid: 2.5.4.65 jackal +pkcs9_email: none@none.org +serial: 7 +expiration_date: 2055-05-24 14:29:12 +activation_date: 2051-01-12 11:36:11 +dns_name: www.none.org +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-krb5name.tmpl.exp b/tests/fixtures/templates/template-krb5name.tmpl.exp new file mode 100644 index 0000000..c428424 --- /dev/null +++ b/tests/fixtures/templates/template-krb5name.tmpl.exp @@ -0,0 +1,16 @@ +dn: 2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik +serial: 7 +expiration_days: 2590 +krb5_principal: user@email.domain@KERBEROS.REALM +krb5_principal: user@REALM.COM +krb5_principal: HTTP/user@REALM.COM +krb5_principal: comp1/comp2/user@REALM.COM +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-long-dns.tmpl.exp b/tests/fixtures/templates/template-long-dns.tmpl.exp new file mode 100644 index 0000000..c3e02a1 --- /dev/null +++ b/tests/fixtures/templates/template-long-dns.tmpl.exp @@ -0,0 +1,14 @@ +dn: cn=super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com +serial: 7 +expiration_days: 2590 +o: super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long org +ou: super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long dept +dns_name: super-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-very-long.com +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +tls_www_server: +signing_key: diff --git a/tests/fixtures/templates/template-long-serial.tmpl.exp b/tests/fixtures/templates/template-long-serial.tmpl.exp new file mode 100644 index 0000000..4650f7c --- /dev/null +++ b/tests/fixtures/templates/template-long-serial.tmpl.exp @@ -0,0 +1,24 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +uid: clauper +dn_oid: 2.5.4.12 Dr. +dn_oid: 2.5.4.65 jackal +pkcs9_email: none@none.org +serial: 0x1234567890abcdeffedcba0987654321abcdef12 +expiration_days: 2590 +dns_name: www.none.org +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl1/ +crl_dist_points: http://www.getcrl.crl/getcrl2/ +crl_dist_points: http://www.getcrl.crl/getcrl3/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-nc.tmpl.exp b/tests/fixtures/templates/template-nc.tmpl.exp new file mode 100644 index 0000000..5dc8b9e --- /dev/null +++ b/tests/fixtures/templates/template-nc.tmpl.exp @@ -0,0 +1,27 @@ +dn: 2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik +serial: 7 +expiration_days: 2590 +dns_name: www.none.org +dns_name: www.morethanone.org +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +ca: +signing_key: +nc_permit_dns: example.com +nc_exclude_dns: net +nc_exclude_dns: org +nc_exclude_dns: +nc_permit_email: nmav@example.com +nc_exclude_email: example.net +nc_exclude_email: example.li +nc_permit_ip: 192.168.5.0/24 +nc_permit_ip: 10.10.10.0/16 +nc_permit_ip: 172.23.122.0/23 +nc_exclude_ip: 10.10.100.0/24 +nc_exclude_ip: 10.10.101.5/24 +nc_permit_ip: fc4c:fe8f:7ffa:18bd::/64 +nc_exclude_ip: fc4c:fe8f:7ffa:18bd:72c8:64b9::/96 +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-no-ca-explicit.tmpl.exp b/tests/fixtures/templates/template-no-ca-explicit.tmpl.exp new file mode 100644 index 0000000..935a6a8 --- /dev/null +++ b/tests/fixtures/templates/template-no-ca-explicit.tmpl.exp @@ -0,0 +1,11 @@ +cn: No CA +serial: 02 +email_protection_key: +add_extension: 1.2.3.4 0001020304050607AAABCD +add_extension: 1.6.7.8 0x0001020304050607AAABCD +add_extension: 1.2.3.4.5.6.7 1d34cd5ad065dc27c17e9447b0aaaca7 +add_extension: 1.2.3.4294967295.7 178f0e413f041cc9d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7 +add_critical_extension: 1.10.11.12.13.14.15.16.17.1.5 CAFE +add_extension: 1.2.6710656.7 d64af64bf3b66c7ceac6fa34a4d77ed64c968b26c761709445f40d9ca0a00091af7d212789c00b7387b1d0d7ab623dd4029d4b86db3653621d34cd5ad065dc27c17e9447b0aaaca7 +add_extension: 1.0.1.5 octet_string(CAFEBEAF) +add_critical_extension: 1.0.1.5.1 octet_string(BEAFCAFEFAFA) diff --git a/tests/fixtures/templates/template-no-ca-honor.tmpl.exp b/tests/fixtures/templates/template-no-ca-honor.tmpl.exp new file mode 100644 index 0000000..4da60e4 --- /dev/null +++ b/tests/fixtures/templates/template-no-ca-honor.tmpl.exp @@ -0,0 +1,3 @@ +cn: No CA +serial: 02 +honor_crq_extensions: diff --git a/tests/fixtures/templates/template-no-ca.tmpl.exp b/tests/fixtures/templates/template-no-ca.tmpl.exp new file mode 100644 index 0000000..06e845b --- /dev/null +++ b/tests/fixtures/templates/template-no-ca.tmpl.exp @@ -0,0 +1,2 @@ +cn: No CA +serial: 02 diff --git a/tests/fixtures/templates/template-othername-xmpp.tmpl.exp b/tests/fixtures/templates/template-othername-xmpp.tmpl.exp new file mode 100644 index 0000000..9e6c37b --- /dev/null +++ b/tests/fixtures/templates/template-othername-xmpp.tmpl.exp @@ -0,0 +1,15 @@ +dn: 2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik +serial: 7 +expiration_days: 2590 +dns_name: www.none.org +dns_name: www.morethanone.org +xmpp_name: juliet@im.example.com +xmpp_name: hello@hello.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-othername.tmpl.exp b/tests/fixtures/templates/template-othername.tmpl.exp new file mode 100644 index 0000000..a022590 --- /dev/null +++ b/tests/fixtures/templates/template-othername.tmpl.exp @@ -0,0 +1,18 @@ +dn: 2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik +serial: 7 +expiration_days: 2590 +dns_name: www.none.org +dns_name: www.morethanone.org +other_name: 1.3.6.1.5.2.2 302ca00d1b0b56414e5245494e2e4f5247a11b3019a006020400000002a10f300d1b047269636b1b0561646d696e +other_name_utf8: 1.3.6.1.5.5.7.8.7 nmav@gnutls.org +other_name_utf8: 1.3.6.1.5.5.7.8.5 nmav@gnutls.org +other_name_octet: 1.2.4.5.6 a test string +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-overflow.tmpl.exp b/tests/fixtures/templates/template-overflow.tmpl.exp new file mode 100644 index 0000000..2753b00 --- /dev/null +++ b/tests/fixtures/templates/template-overflow.tmpl.exp @@ -0,0 +1,22 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +uid: clauper +dn_oid: 2.5.4.12 Dr. +dn_oid: 2.5.4.65 jackal +pkcs9_email: none@none.org +serial: 7 +expiration_days: -1 +dns_name: www.none.org +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-overflow2.tmpl.exp b/tests/fixtures/templates/template-overflow2.tmpl.exp new file mode 100644 index 0000000..8e6ac7b --- /dev/null +++ b/tests/fixtures/templates/template-overflow2.tmpl.exp @@ -0,0 +1,22 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +uid: clauper +dn_oid: 2.5.4.12 Dr. +dn_oid: 2.5.4.65 jackal +pkcs9_email: none@none.org +serial: 7 +expiration_days: 99999 +dns_name: www.none.org +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-test.tmpl.exp b/tests/fixtures/templates/template-test.tmpl.exp new file mode 100644 index 0000000..b4a8d2d --- /dev/null +++ b/tests/fixtures/templates/template-test.tmpl.exp @@ -0,0 +1,24 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +uid: clauper +dn_oid: 2.5.4.12 Dr. +dn_oid: 2.5.4.65 jackal +pkcs9_email: none@none.org +serial: 7 +expiration_days: 2590 +dns_name: www.none.org +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl1/ +crl_dist_points: http://www.getcrl.crl/getcrl2/ +crl_dist_points: http://www.getcrl.crl/getcrl3/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-tlsfeature-crq.tmpl.exp b/tests/fixtures/templates/template-tlsfeature-crq.tmpl.exp new file mode 100644 index 0000000..7323cf7 --- /dev/null +++ b/tests/fixtures/templates/template-tlsfeature-crq.tmpl.exp @@ -0,0 +1,6 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +honor_crq_extensions: diff --git a/tests/fixtures/templates/template-tlsfeature.tmpl.exp b/tests/fixtures/templates/template-tlsfeature.tmpl.exp new file mode 100644 index 0000000..a204db9 --- /dev/null +++ b/tests/fixtures/templates/template-tlsfeature.tmpl.exp @@ -0,0 +1,25 @@ +organization: Koko inc. +unit: sleeping dept. +state: Attiki +country: GR +cn: Cindy Lauper +uid: clauper +tls_feature: 5 +tls_feature: 17 +dn_oid: 2.5.4.12 Dr. +dn_oid: 2.5.4.65 jackal +pkcs9_email: none@none.org +serial: 7 +expiration_days: 2590 +dns_name: www.none.org +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +crl_dist_points: http://www.getcrl.crl/getcrl1/ +crl_dist_points: http://www.getcrl.crl/getcrl2/ +crl_dist_points: http://www.getcrl.crl/getcrl3/ +email: where@none.org +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-unique.tmpl.exp b/tests/fixtures/templates/template-unique.tmpl.exp new file mode 100644 index 0000000..55ae48c --- /dev/null +++ b/tests/fixtures/templates/template-unique.tmpl.exp @@ -0,0 +1,16 @@ +dn: 2.5.4.9=Arkadias,surName=Mavrogiannopoulos,C=GR,st=Attiki,cn=Nik +serial: 7 +expiration_days: 2590 +dns_name: www.none.org +dns_name: www.morethanone.org +ip_address: 192.168.1.1 +dns_name: www.evenmorethanone.org +email: none@none.org +subject_unique_id: 0015232425 +issuer_unique_id: 11142324251224 +crl_dist_points: http://www.getcrl.crl/getcrl/ +email: where@none.org +ca: +signing_key: +cert_signing_key: +ocsp_signing_key: diff --git a/tests/fixtures/templates/template-utf8.tmpl.exp b/tests/fixtures/templates/template-utf8.tmpl.exp new file mode 100644 index 0000000..4cd7ffa --- /dev/null +++ b/tests/fixtures/templates/template-utf8.tmpl.exp @@ -0,0 +1,14 @@ +organization: Μεγάλη εταιÏία +cn: 🨠+state: Αττική +country: GR +serial: 009 +policy1: 1.3.6.1.4.1.5484.1.10.99.1.0 +policy1_txt: Μια πολιτική που θέλει διάβασμα +policy1_url: http://www.example.com/a-policy-to-read +policy2: 1.3.6.1.4.1.5484.1.10.99.1.1 +policy2_txt: Another policy +policy2_url: http://www.example.com/another-policy-to-read +policy3: 1.3.6.1.4.1.5484.1.10.99.1.2 +policy3_txt: More policies +policy3_url: http://example.com/a-policy-to-read diff --git a/tests/global-init-override.c b/tests/global-init-override.c new file mode 100644 index 0000000..bb72d7e --- /dev/null +++ b/tests/global-init-override.c @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" + +/* We test whether implicit global initialization can be overridden */ + +static int weak_symbol_works; + +struct gnutls_subject_alt_names_st { + struct name_st *names; + unsigned int size; +}; + +/* gnutls_subject_alt_names_init() is called by gnutls_x509_crt_init(). + * We override it here to test if weak symbols work at all. + */ +__attribute__ ((visibility ("protected"))) +int gnutls_subject_alt_names_init(gnutls_subject_alt_names_t * sans) +{ + weak_symbol_works = 1; + + *sans = gnutls_calloc(1, sizeof(struct gnutls_subject_alt_names_st)); + if (*sans == NULL) { + return GNUTLS_E_MEMORY_ERROR; + } + + return 0; +} + +GNUTLS_SKIP_GLOBAL_INIT + +void doit(void) +{ + + int ret; + gnutls_x509_crt_t crt; + + ret = gnutls_x509_crt_init(&crt); + if (ret >= 0) { + if (!weak_symbol_works) + exit(77); + + fail("Library is already initialized\n"); + } + + gnutls_global_init(); + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + fail("Could not init certificate!\n"); + } + gnutls_x509_crt_deinit(crt); + + gnutls_global_deinit(); +} diff --git a/tests/global-init.c b/tests/global-init.c new file mode 100644 index 0000000..8dec7c8 --- /dev/null +++ b/tests/global-init.c @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include + +#include "utils.h" + +void doit(void) +{ + int ret; + + ret = gnutls_global_init(); + if (ret < 0) { + fail("Could not initialize\n"); + } + + /* That shouldn't crash */ + gnutls_global_deinit(); + gnutls_global_deinit(); + gnutls_global_deinit(); + gnutls_global_deinit(); + + ret = gnutls_global_init(); + if (ret < 0) { + fail("Could not initialize: %d\n", __LINE__); + } + + /* the rest shouldn't cause a leak */ + ret = gnutls_global_init(); + if (ret < 0) { + fail("Could not initialize: %d\n", __LINE__); + } + + ret = gnutls_global_init(); + if (ret < 0) { + fail("Could not initialize: %d\n", __LINE__); + } + + gnutls_global_deinit(); + gnutls_global_deinit(); + gnutls_global_deinit(); + gnutls_global_deinit(); + gnutls_global_deinit(); + + /* This should fail */ + ret = gnutls_global_init(); + if (ret < 0) { + fail("Could not initialize: %d\n", __LINE__); + } + + gnutls_global_deinit(); +} diff --git a/tests/gnutls-asan.supp b/tests/gnutls-asan.supp new file mode 100644 index 0000000..2c4a3c5 --- /dev/null +++ b/tests/gnutls-asan.supp @@ -0,0 +1,2 @@ +leak:libp11-kit +leak:opensc-pkcs11 diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh new file mode 100755 index 0000000..3c3e221 --- /dev/null +++ b/tests/gnutls-cli-debug.sh @@ -0,0 +1,226 @@ +#!/bin/sh + +# Copyright (C) 2017-2018 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see +# + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${DCLI=../src/gnutls-cli-debug${EXEEXT}} +OUTFILE=cli-debug.$$.tmp +TMPFILE=config.$$.tmp +unset RETCODE + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${DCLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem +KEY2=${srcdir}/../doc/credentials/x509/key-ecc.pem +CERT2=${srcdir}/../doc/credentials/x509/cert-ecc.pem +KEY3=${srcdir}/../doc/credentials/x509/key-rsa-pss.pem +CERT3=${srcdir}/../doc/credentials/x509/cert-rsa-pss.pem +KEY4=${srcdir}/../doc/credentials/x509/key-gost12.pem +CERT4=${srcdir}/../doc/credentials/x509/cert-gost12.pem +CAFILE=${srcdir}/../doc/credentials/x509/ca.pem +TMPFILE=outcert.$$.tmp + +# TLS1.1 and TLS1.2 test +echo "Checking output of gnutls-cli-debug for TLS1.1 and TLS1.2 server" + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ + --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} >/dev/null 2>&1 +PID=$! +wait_server ${PID} + +timeout 1800 datefudge "2017-08-9" \ +"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" + +kill ${PID} +wait + +check_text() { + echo " - Checking ${OUTFILE} for \"$1\"" + grep "$1" $OUTFILE >/dev/null + if test $? != 0; then + echo "failed" + exit 1 + fi +} + +check_text "whether we need to disable TLS 1.2... no" +check_text "for TLS 1.0 (RFC2246) support... no" +check_text "for TLS 1.1 (RFC4346) support... yes" +check_text "for TLS 1.2 (RFC5246) support... yes" +check_text "TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" +check_text "for safe renegotiation (RFC5746) support... yes" +check_text "for encrypt-then-MAC (RFC7366) support... yes" +check_text "for ext master secret (RFC7627) support... yes" +check_text "for RFC7919 Diffie-Hellman support... yes" +check_text "for RSA key exchange support... yes" +check_text "for curve SECP256r1 (RFC4492)... yes" +check_text "for AES-GCM cipher (RFC5288) support... yes" +check_text "for SHA1 MAC support... yes" +if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then + #these tests are not run in FIPS mode + check_text "for MD5 MAC support... no" + check_text "for ARCFOUR 128 cipher (RFC2246) support... no" + check_text "for CHACHA20-POLY1305 cipher (RFC7905) support... yes" +fi + +rm -f ${OUTFILE} + +# TLS1.3 and TLS1.2 test +echo "" +echo "Checking output of gnutls-cli-debug for TLS1.3 and TLS1.2 server" + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ + --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} >/dev/null 2>&1 +PID=$! +wait_server ${PID} + +timeout 1800 datefudge "2017-08-9" \ +"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" + +kill ${PID} +wait + +check_text "whether we need to disable TLS 1.2... no" +check_text "for TLS 1.0 (RFC2246) support... no" +check_text "for TLS 1.1 (RFC4346) support... no" +check_text "for TLS 1.2 (RFC5246) support... yes" +check_text "for TLS 1.3 (RFC8446) support... yes" +check_text "TLS1.2 neg fallback from TLS 1.6 to... TLS1.2" +check_text "for safe renegotiation (RFC5746) support... yes" +check_text "for encrypt-then-MAC (RFC7366) support... yes" +check_text "for ext master secret (RFC7627) support... yes" +check_text "for RFC7919 Diffie-Hellman support... yes" +check_text "for curve SECP256r1 (RFC4492)... yes" +check_text "for AES-GCM cipher (RFC5288) support... yes" +check_text "for RSA key exchange support... yes" +check_text "for SHA1 MAC support... yes" +check_text "whether the server accepts default record size (512 bytes)... yes" +check_text "whether %ALLOW_SMALL_RECORDS is required... no" + +if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then + #these tests are not run in FIPS mode + check_text "for MD5 MAC support... no" + check_text "for ARCFOUR 128 cipher (RFC2246) support... no" + check_text "for CHACHA20-POLY1305 cipher (RFC7905) support... yes" +fi + +rm -f ${OUTFILE} + +# Small records test +echo "" +echo "Checking output of gnutls-cli-debug for small records and no RSA" + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-RSA:%ALLOW_SMALL_RECORDS" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ + --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} --recordsize=64 >/dev/null 2>&1 +PID=$! +wait_server ${PID} + +timeout 1800 datefudge "2017-08-9" \ +"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" + +kill ${PID} +wait + +check_text "whether the server accepts default record size (512 bytes)... no" +check_text "whether %ALLOW_SMALL_RECORDS is required... yes" +check_text "for RSA key exchange support... no" + +echo "" +echo "Checking output of gnutls-cli-debug when algorithms are disabled" +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ + --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} >/dev/null 2>&1 +PID=$! +wait_server ${PID} + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +tls-disabled-cipher = CAMELLIA-128-CBC +tls-disabled-cipher = CAMELLIA-256-CBC +_EOF_ + +GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" \ +timeout 1800 datefudge "2017-08-9" \ +"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" + +kill ${PID} +wait + +check_text "for AES-GCM cipher (RFC5288) support... yes" +check_text "for RSA key exchange support... yes" +check_text "for SHA1 MAC support... yes" + +rm -f ${OUTFILE} +rm -f ${TMPFILE} + +if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != 1 ; then + # GOST_CNT test + echo "" + echo "Checking output of gnutls-cli-debug for GOST-enabled server" + + eval "${GETPORT}" + launch_server --echo --priority "NORMAL:+GOST" --x509keyfile ${KEY4} --x509certfile ${CERT4} >/dev/null 2>&1 + PID=$! + wait_server ${PID} + + timeout 1800 datefudge "2017-08-9" \ + "${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" + + kill ${PID} + wait + + check_text "for VKO GOST-2012 (draft-smyshlyaev-tls12-gost-suites) support... yes" + check_text "for GOST28147-CNT cipher (draft-smyshlyaev-tls12-gost-suites) support... yes" + check_text "for GOST28147-IMIT MAC (draft-smyshlyaev-tls12-gost-suites) support... yes" + + rm -f ${OUTFILE} + +fi + +exit 0 diff --git a/tests/gnutls-cli-invalid-crl.sh b/tests/gnutls-cli-invalid-crl.sh new file mode 100755 index 0000000..32e7263 --- /dev/null +++ b/tests/gnutls-cli-invalid-crl.sh @@ -0,0 +1,188 @@ +#!/bin/sh + +# Copyright (C) 2018 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE +TMPFILE=crl-inv.$$.pem.tmp +CAFILE=crl-inv-ca.$$.pem.tmp +CRLFILE=crl-inv-crl.$$.pem.tmp + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +echo "Checking whether connecting to a server but with an invalid CRL provided, returns the expected error" + +cat <<__EOF__ >${TMPFILE} +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAxfNimQ1uOFXUSVCm0lBems4HpfLkW1Ykf5qLd9kdoHte7YAs +BHjFPaPSdXitYI36YMwqVcXT6RDJa0mcAV3QmMMxAnpKq7LIDVC9BNgjc7Dq5ou5 +X2wNKrs3ygqg6HR87nJaw9TFqKetoP9mX37igBc2QWg5Fx6/Gem57hwD+mBEs+Hv +jd7q4wDlLaNS/165DBECr5dDUAIVr0bh0+1s/rDzIpjuq1qtN7b0C1rmWlsyphYu +aYm07X7x6hZcjvAoM3w5FLzbOnS6QrBeQOc2J6VBHqaHMKEVc+Dwt+Ggn0De0QCK +ucQRUCO5DQDUZnVLZhUpObvm1cBvQd5Db15IiwIDAQABAoIBACUSqhqkC0p9uJ5q +fnPRHYa8o24PCXmZrog/d3NgtE3EDUlJwfSscbRTpCzgBwiYTpYmZp9dx4xU2oQ/ +avpOiayykdE2+hkiCJmFz4DCwhD+x1+aN4OJhwXDvnUWfIBMoME/pYQbq1Ek5j3K +1293IhB/SGgDjv2ngn7l6S6RDKWtYZry61oMEoVRy96FJ+88o5khlvfWE2zF2+M6 +T2qFbzO29oq++cDSIlgm9eSN6gG5uzZcxqTapEvWrRdKZfEqcyGJuysQbShrASvI +GvJclewdnguBW2+X/bwABSEaG7AdPZJdfQJayk97gKJ8xpFZLY9auub7O/0z1CJi +lFsj4LECgYEA5TY8Z73ODtR87HEE3uUqiix4wPO4yJXWfZUwxNAyet2Jx5e5HYvL +iEkbZdadlKtSoPTnVSu6OZxhWZVBS5WoxxijBneDvh7I6gN8eVtch9EJVmJig6Eg +kHTo5Z2ZwheGe/RxB3ml3IT2IAdr5+QE6CfVBNA0fzVTItCLgO3YI/8CgYEA3RXZ +yskckcbCr1rceRmQ8CPbKg1bWGujLMpTILW0/Ii51PMredyG3E063G4kbMOFRmVj +eI5AFgZX7w5N4vjaf8PbOhsqrQvQ/UglB1fD0tLX8LgF9xwh7P1Y4VLHFMEGJUy1 +PEGVCT0FIe2REGxAmyELaP8SSvW8fGjXJSp2K3UCgYBSlq5BOxTKJyo0D60Pm0cu +rkN8UtUcAVFdwqnl4Javyq9gaXzb9okJvD3Q/fmdnfWR5WyNNcpOA9jX7H2wfGZq +BqiHJf0kPfdqyoLJP3Ahx+IzbBPPFfmj01wvkA/c7ZkZhMRNSznGMWp1s/bfgTt7 +Yw7QQy0HQPGJs9bwR8L/hQKBgQCXFvvEbjSsG12pYTsTN7mpo5d/4ajvgH//eDXf +QM7zVq1JLvYjTeaMX+s+Abe67NQEC/4ywWRiqOsnYGsyFkec0UjdKPu9TzoAHnHP +1tbpGVaiF+Fbw0ocH/fB5URQlqmQjB+/kkI8EguT6DsfMhvk6GxX0Rm7SL0LeMqv +h5lCkQKBgAR2U6cjbzJRhDyEOmUJH2keYHDwWUMx8ypvfhbPiPJyTC2sDcRrMrnO +WB3NtiB88aLFPjZ7sFZYE5plCESGkxK4Y21/UJHlw3I7X4JKYslE7dMq8Qzbv58r +23fZkHop4UJ1bHk7O4FRL3brU6KlIzZTOXzEeP+MRRehhwzkwpxf +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDiTCCAkGgAwIBAgIUEOtG5aJHVFm4ARA8uv4bJ/OqL4YwPQYJKoZIhvcNAQEK +MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC +AUAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xODA5MTgwNjQyMzdaGA85OTk5MTIzMTIz +NTk1OVowEzERMA8GA1UEAxMIc2VydmVyLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDF82KZDW44VdRJUKbSUF6azgel8uRbViR/mot32R2ge17tgCwE +eMU9o9J1eK1gjfpgzCpVxdPpEMlrSZwBXdCYwzECekqrssgNUL0E2CNzsOrmi7lf +bA0quzfKCqDodHzuclrD1MWop62g/2ZffuKAFzZBaDkXHr8Z6bnuHAP6YESz4e+N +3urjAOUto1L/XrkMEQKvl0NQAhWvRuHT7Wz+sPMimO6rWq03tvQLWuZaWzKmFi5p +ibTtfvHqFlyO8CgzfDkUvNs6dLpCsF5A5zYnpUEepocwoRVz4PC34aCfQN7RAIq5 +xBFQI7kNANRmdUtmFSk5u+bVwG9B3kNvXkiLAgMBAAGjdzB1MAwGA1UdEwEB/wQC +MAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0O +BBYEFJVJTYVERYv5/qI31HwTDqATv4GRMB8GA1UdIwQYMBaAFBnn35UaLvLuW/YH +E3v2gKntMzNNMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIBoRowGAYJKoZI +hvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAA4IBAQCPVloFdhqdJqGjhxpl2Wv2ftD3 +w+IeHSqURyCeijUCIOkqMlA3085nuoULiJ0p1ryi8rRWOvNjRsRQ30/lnLsxfmMh +oVR+g9uq0YZcFqkeRL5aDTrfJZWFeVSqXuuJvhyw1el5hs4bDSahMFB+dx2G+3zX +Ycd4Sq3sXDkdLnfD9GSeVvvbzAb7Z7qD1cdh1HaEnX2fsXT69czsFiaTgknr3Vxc +P0yFZVNCT360EVsduLkLWnCqZYVWWDFUlut7SOwhsYUx2ZOoM4RuBy+uDF2PM8BP +BkgYEHeWFA31nnwBNePyvWrAZ1DguOvnETSMB/+8zDX3+teNZNNdTVTQ6ypQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDgTCCAjmgAwIBAgIUE8klaC2IZj3Tr2/jEVEiJGj8piYwPQYJKoZIhvcNAQEK +MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC +AUAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xODA5MTgwNjQyMzdaGA85OTk5MTIzMTIz +NTk1OVowDzENMAsGA1UEAxMEQ0EtMDCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg +hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCC +AQoCggEBALUJWYFxTq3vWG+hZq8KsRe0YRf5pqftxR21uZ7MSr25Muo7/s69toZG +7SaV1ZFp2n+Njm96nRLDqCc7cnaPLpKeMBFI84pQOYMdJs2mxs7wrBvejTBpxw3f +o1L2cJWznXZwvDQd+iz3qt62kF53tjpUzQ0Cqn6AMU961+H99Tq39iONcAvmTYeT +Bf+P4jhg3h5cOkdhsB4zrr0ek0OdgSdHiTIWvmYbEvizwhBc8pLOc007FkslqlQ5 +b7Fplx/B+v/etqUoW7/742phxJhTjhRW75BWoCiQyhglwUfpDv0tXnMXousXdwaQ +Ao1EM1v/OCsYj/U2u10Bo/5y1q6Jjz8CAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB +/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQZ59+VGi7y7lv2BxN79oCp7TMz +TTA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL +BglghkgBZQMEAgGiAwIBQAOCAQEAMAgvcHqmjz1Ox5USoup5pe6HWPKtOR5pVGX2 +1zAk1wq7GoTKvo5QA6HtNR0ex1A2//XhklAKcqsIv1ELEh/3K/L0dEuaN4Zs784e +zaP0g/Ax6X3ClrHgARA4FA6MtaQblezj+7Zfc6cg1gKtfYleiOoK/Q+kk6JxOYAH +Lz9MF/6bZ8mYJQv8DURSp2p5NVWSEjbQV5IG2dw/eknZtbFaN5b+db3eVtrK0ZeS +l1e3hTwopCLNoh4qHUW/qKl0l1Gt7kPPxAsRReOxdcb1Pv73iuK7w5wbPyyWp0kM +FQj9tqRIMQZIer3gaURWG8OZfntCAvtlSSwc1PjwLBXO9ZvNBw== +-----END CERTIFICATE----- +__EOF__ + +cat <<__EOF__ >${CRLFILE} +-----BEGIN X509 CRL----- +MIIB/TCBtgIBATA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqG +SIb3DQEBCDALBglghkgBZQMEAgGiAwIBQDAPMQ0wCwYDVQQDEwRDQS0wFw0xODA5 +MTgwNjQyMzdaFw0xOTA5MTgwNjQyMzdaMACgQTA/MB8GA1UdIwQYMBaAFBnn35Ua +LvLuW/YHE3v2gKntMzNNMBwGA1UdFAQVAhNboJ5dKaGvdv1Vo9o1XXTbeiMKMD0G +CSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCG +SAFlAwQCAaIDAgFAA4IBAQBgodBpVGTDHV4HBSgNPUnz7BH/BdRX1OPB8oYclDtv +l0xTzRR4qm/dMU3N3iH7vMk2y8U/TwD7NueyUnumt0vATTfjR2cle5lu2czksYsR +e4As9cI5cb4Sk+cf3/HyAVwnmZemTAA+cAJHkL6p7E+mSUoBVB6m8h8d6RH8jXmO +BXBE3z1xVITqahDdD6sLaR5jpnOtg/1nBAW8Hzr2p8tjEwhI8TCfZXbL9Q6fZtTr +apDrIx0D/G4hDKmmtQeY2q3RCOSJldg4YzUjjuhWs6BahHj9jDJpz02180ao7bda +eoNetNEqNvBvFvkO9gtgSzOzS34taiMpkIBwBbCNkm4p +-----END X509 CRL----- +__EOF__ + +cat <<__EOF__ >${CAFILE} +-----BEGIN CERTIFICATE----- +MIIDgTCCAjmgAwIBAgIUE8klaC2IZj3Tr2/jEVEiJGj8piYwPQYJKoZIhvcNAQEK +MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC +AUAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xODA5MTgwNjQyMzdaGA85OTk5MTIzMTIz +NTk1OVowDzENMAsGA1UEAxMEQ0EtMDCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg +hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCC +AQoCggEBALUJWYFxTq3vWG+hZq8KsRe0YRf5pqftxR21uZ7MSr25Muo7/s69toZG +7SaV1ZFp2n+Njm96nRLDqCc7cnaPLpKeMBFI84pQOYMdJs2mxs7wrBvejTBpxw3f +o1L2cJWznXZwvDQd+iz3qt62kF53tjpUzQ0Cqn6AMU961+H99Tq39iONcAvmTYeT +Bf+P4jhg3h5cOkdhsB4zrr0ek0OdgSdHiTIWvmYbEvizwhBc8pLOc007FkslqlQ5 +b7Fplx/B+v/etqUoW7/742phxJhTjhRW75BWoCiQyhglwUfpDv0tXnMXousXdwaQ +Ao1EM1v/OCsYj/U2u10Bo/5y1q6Jjz8CAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB +/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQZ59+VGi7y7lv2BxN79oCp7TMz +TTA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL +BglghkgBZQMEAgGiAwIBQAOCAQEAMAgvcHqmjz1Ox5USoup5pe6HWPKtOR5pVGX2 +1zAk1wq7GoTKvo5QA6HtNR0ex1A2//XhklAKcqsIv1ELEh/3K/L0dEuaN4Zs784e +zaP0g/Ax6X3ClrHgARA4FA6MtaQblezj+7Zfc6cg1gKtfYleiOoK/Q+kk6JxOYAH +Lz9MF/6bZ8mYJQv8DURSp2p5NVWSEjbQV5IG2dw/eknZtbFaN5b+db3eVtrK0ZeS +l1e3hTwopCLNoh4qHUW/qKl0l1Gt7kPPxAsRReOxdcb1Pv73iuK7w5wbPyyWp0kM +FQj9tqRIMQZIer3gaURWG8OZfntCAvtlSSwc1PjwLBXO9ZvNBw== +-----END CERTIFICATE----- +__EOF__ + +eval "${GETPORT}" +launch_server --echo --x509keyfile ${TMPFILE} --x509certfile ${TMPFILE} +PID=$! +wait_server ${PID} + +datefudge "2018-9-19" \ +${VALGRIND} "${CLI}" -p "${PORT}" localhost --x509crlfile ${CRLFILE} --x509cafile ${CAFILE} >${TMPFILE} 2>&1 + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE +CERTFILE1=rawpk-script1.$$.pem.tmp +CERTFILE2=rawpk-script2.$$.pem.tmp + +TMPFILE=rawpk-script.$$.log + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +echo "Checking whether we can connect with raw public-keys" + +cat <<__EOF__ >${CERTFILE1} +-----BEGIN CERTIFICATE----- +MIIEXDCCAsSgAwIBAgIIWkcxay17JgYwDQYJKoZIhvcNAQELBQAwQjEaMBgGA1UE +AxMRdGVzdC1hbGwtZGVmYXVsdHMxCzAJBgNVBAYTAkFUMRcwFQYKCZImiZPyLGQB +GRYHYmVidC5kZTAeFw0xNzEyMzAwNjI1NDhaFw0xOTEyMjAwNjI1NTFaMEIxGjAY +BgNVBAMTEXRlc3QtYWxsLWRlZmF1bHRzMQswCQYDVQQGEwJBVDEXMBUGCgmSJomT +8ixkARkWB2JlYnQuZGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCv +M1Y+Q4goCtHi3SLHTBQ14LS6NI4UbEa8YZFfaOfmOOufzwdNUntUkSA2PPS7mQ55 +SN+Sdel1x4f4EjfxCWhj0j0Y26OmJS+wYNz3oOdoKThLq4Mn5SumO7mhU684mZTi +EP2qrxFeYvQqQBdjv8rfP2LJ+RsB/3CiwWdkx4qeudoSUCqzWo8e6K2ul0JJuk+Z +fvqkPpDl+cVTikmxNwqjAt4Ef9oiT1YjUIBUae+RCdNZEa6d2AhW+4bD+vl0Pci+ +EBPzhLeR8iYuIEX66Tpv8AUvv412SuvVZbizGP5EDH4gkWtNWem9yNPCHA9rBqrC +6Nib4TPPLm1aN4mJyLdoQ1gD0STHcFADo+1H0JDywzxlgkks9cj5sQmApO7+AuGs +JoUDAp4g4LHnBw/H/5esVta5Pn7GThKwu7PRY0Y59ZKQrT5deXm9TeySdav+9wR/ +5aiIZpAsAM5zWnN5qAP58Xl+pa0qN48GPcwmAsa4Zh9ehGhzR00MFHD3V8i0rFcC +AwEAAaNWMFQwDAYDVR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwDwYD +VR0PAQH/BAUDAwegADAdBgNVHQ4EFgQU0tGobgnLApQRxvbzIhOT2gAUQAYwDQYJ +KoZIhvcNAQELBQADggGBAHmqS1jOY5J9ad63aFXaei0lZhTnYCsFOGWuyLqZtz9K +21n0V8WVXeGmBjXkYNS3LCwPwFqKsp3vhsh4Hw5cyKkfQIri0HlWASYiJCPZxDLH +odVJSOPV65Q+gmhT/ltHK5CW4DJ2Gy82vPEFqw3+Kca28IJ0m2wr0FlhOCvnHUa7 +GMS/+SdaMbsi1Eui0wUG/xWw8/2kY26IjhDJHrsTUjpYQ+vTy5oOjyq6Yf15Orjw +tJTwGgRcfoiBGhzMgTbUfFCO33L6f0u/WR/sI7DYDO/6JW1USnTrMuwEL6/jMNAw +QPl6irVOy/UwcIcLIBw8ta5cR8JVbhYuV7cUT9qDVwCOqotkwjDVsH2aztLLLr5d +ywMQXvXh2UI4jSujWf9vYY3F7GkDGy/cOwVprZoAe0mXwvuCvDyNZqXJTxKtq/w9 +ZwOveNtNeXHOJljseNXLQPCfCcQ6mEUNjqwo2eDqH0OtJsQRN2CAUsn+YBnAALrv +P4J46RbB7bnzQ9kHiv6KuA== +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEArzNWPkOIKArR4t0ix0wUNeC0ujSOFGxGvGGRX2jn5jjrn88H +TVJ7VJEgNjz0u5kOeUjfknXpdceH+BI38QloY9I9GNujpiUvsGDc96DnaCk4S6uD +J+Urpju5oVOvOJmU4hD9qq8RXmL0KkAXY7/K3z9iyfkbAf9wosFnZMeKnrnaElAq +s1qPHuitrpdCSbpPmX76pD6Q5fnFU4pJsTcKowLeBH/aIk9WI1CAVGnvkQnTWRGu +ndgIVvuGw/r5dD3IvhAT84S3kfImLiBF+uk6b/AFL7+Ndkrr1WW4sxj+RAx+IJFr +TVnpvcjTwhwPawaqwujYm+Ezzy5tWjeJici3aENYA9Ekx3BQA6PtR9CQ8sM8ZYJJ +LPXI+bEJgKTu/gLhrCaFAwKeIOCx5wcPx/+XrFbWuT5+xk4SsLuz0WNGOfWSkK0+ +XXl5vU3sknWr/vcEf+WoiGaQLADOc1pzeagD+fF5fqWtKjePBj3MJgLGuGYfXoRo +c0dNDBRw91fItKxXAgMBAAECggGACEz1XBPVApioowf5Gtom5vqTdXMB/EO5AjnZ +Kl0NB6JQv4yOewJaZ4JMtWUj7zNsNSDXvtepTPQ8I+uxDNF2SaxvSps1YKzIWqHs +NitAa3Xwfd1NZHl+HO0deWA+n/7ex+soKYsL1p33lXzd3tL6aKNXKdyMhAa3Lm7d +WDAACE8j3tQ/ganbuAosGGaANIAIP2x9sYRpVwwDZlbZ8PR7o4eCP1JTYmbB3QB2 +ZAl02TlO8xxcWowesQhPtT9RzEkVAqKC8EULvdvY4b5OFQxkmLDQYv/c+HqetKQ7 +/ewkp/PRndGJ+k0Nebr6G2yIj6D3pN1YfquTfwGMi2yTZh4hQgkXi2WP8KRRgpIU +iUfsSA9wZ4s2WNTMPQANfztP2cUVSPHW8UlTM373qLc3TGDuxmR+h7vqeQ0kVakL +vhQ+HkEvQ2yrxc3m3g1BDoM3/ShHx7IskBqeX3L3Ad7pZpu/Q+Y/z5tVtDUY42LW +DTeB/mKZcKZLK0BCz+o4L9KPceQxAoHBANZfiYobRMXmT0yOfTj68JWR/g7B9XBV +rQ03xKxpI9mVckAT52xPJCUsSRVyUbJDs4hnBOe/y3Uk3jejDoCoI1h8ZyKCwhHq +Py0GFCmB/AzeYRchD0TY1H69r4PZjloGX6SWlha784ajcJspoV5TYuLkhOVDFsA/ +R4Yu4irkQ2hugPT/q3ysiDXgQSB9+SqCYGUfMbadC+Ppm5+egTF8uyHJeV4YQ/Jr +CNvsA6wxnONg0gbhsd3wLixjzz8jfJ1N6QKBwQDROIg0JumHkO5pl7wdKUSRx43y +OOBNOf3KqGsRT8EDnRcepJy1gdg/SIp5/MRi+PJLqDfLNcIr8gQhanJnZ160UFVX +8IhJ02Of/NGrFvctURJ3Dt63SspIoi6Yt/7Z1IQrvxpHsD3eaNtqywtYF59yhkdB +hKomPn++LraDyXHqu0xCuO9te61ZP2haHhPsGI1Z2fuep5dnZJRLNR9BZWuqmkv9 +qj34ftm6Np8qSpdp9GotsRL2WIRaNF/sP+Z6gD8CgcAF7VZMLzzTi+6dW0MzFB0a +xZKUreAvXu8N8oDJk46eMXebNfGsGPQS4wqSQTrpBt4r401Law4hCwfp2eRIwl1X +0Pi5B4x+Gk/s2sIr86AYav2cOhnF+YjGiFAWASnia1Kxpkg4ELJHArXWVGxVw1B0 +nYTfId+7KQS9PQab0PvcI1IFdBw1sj+B3dVvJIyDFF+97ALf3a+6eXcIDsXbrGsw +H/XvGBSo2zS/f+MKG8UOtFqaPhtA26crKwdL45tKbiECgcAO468NxxcnhrDw4tOI +X795gHIhotqTpGTjX0j/WmWqFCvpCl38rNju6AKy28I+KOlVaQtPcuv2pKqWljS+ +FyUuP+lS8NNCLcERSbTCMEg2+WYPAwfmk3QB50jZpX6FkhI16su7/lbo1R2IZBrS +khvO0q+Pghl5z0jYCAsFJfjtc5bhyLeBWyPjDhgnEazpSHYGxvSZPeQQf5/uGkG3 +LbiT05dE3jC61ow4LFr3b4eHCtXjmo526aXBpaiN754/aZECgcBAK3aOmgwI5vw4 +7a94mWffD0LzHl26D2ayXHvXmzjTOv7hsvilUTitdlqNrlZ3AxOWX1nGUcxdUwPT +Ri1h4yIi28MvTjBD+wvXOGwmINGkBFWKIzkhh/bvbzQsuRSmG09JF1tBJjE6oCUs +5ZJ7v0NCtg7yGOY8ciWIpahFc796prk17ZgIn/t0hebc9ZTaIat5QKbr4SWLZJEl +i2yISkQxkJZp8sTwSlIGZSBpuZcDq9AdUjan1WhGgl4hpHpjr3Y= +-----END RSA PRIVATE KEY----- +__EOF__ + +cat <<__EOF__ >${CERTFILE2} +-----BEGIN PUBLIC KEY----- +MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAtfCQ/U13p076UUEggNm8 +mI+bEilHrvKiyZpY/NZ2JYhmU+n0ChuH6XweXuiuW2gKR/Fl0vpGAxhugQAR3lMS +0XJZjg4z1gFP0BMeR0YYQuWe2Gfg24fUNPluHCf+dJMHAadIVKyUvVKFPDTwu6yU +lVafn0uoMme8b51yAwQAeXGOJnTFHSaRhuDWAokaTsW0kdAr5FSxMadSTVuDNSav +ic6qSUimJvPjT+URzpIjy/2MG8aj00At1MSj8sC/g5JuBvMKXe4mg6/Xd1YsP9gT +GhpfuBzwt+H4HDm4MzwNqdWNJ7pAhdcBOztqsScZJUqmGT742Fr0OjYYOFvHYLcx +SMD65huLlKTiQwg0HocVFA/VilLLV65cW+AUakr0YCXKyucPz4omVy/RINi663Bn +UyIR3pkOwbr71syuiU1S9cMnG0BxHsPmbvgaYttnCwp0cexB8MrJNJv5FcKLOGUL +MMCvSIT7elYwGN2p5gtAg1RLmyVvubTmkOAmxAgybgqHAgMBAAE= +-----END PUBLIC KEY----- + +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAtfCQ/U13p076UUEggNm8mI+bEilHrvKiyZpY/NZ2JYhmU+n0 +ChuH6XweXuiuW2gKR/Fl0vpGAxhugQAR3lMS0XJZjg4z1gFP0BMeR0YYQuWe2Gfg +24fUNPluHCf+dJMHAadIVKyUvVKFPDTwu6yUlVafn0uoMme8b51yAwQAeXGOJnTF +HSaRhuDWAokaTsW0kdAr5FSxMadSTVuDNSavic6qSUimJvPjT+URzpIjy/2MG8aj +00At1MSj8sC/g5JuBvMKXe4mg6/Xd1YsP9gTGhpfuBzwt+H4HDm4MzwNqdWNJ7pA +hdcBOztqsScZJUqmGT742Fr0OjYYOFvHYLcxSMD65huLlKTiQwg0HocVFA/VilLL +V65cW+AUakr0YCXKyucPz4omVy/RINi663BnUyIR3pkOwbr71syuiU1S9cMnG0Bx +HsPmbvgaYttnCwp0cexB8MrJNJv5FcKLOGULMMCvSIT7elYwGN2p5gtAg1RLmyVv +ubTmkOAmxAgybgqHAgMBAAECggGAAoHBDaxulKCS9GGoV/4oChYYdeSZt0Bim9KD +nWA7GoNJnahgk28TrVTnejlMhbfmRF2AIKsQIeTJSP++P0j3vmkL8NgjQLSd6+kH +hsXhebJ+QM8VmxDBDMXPDZZDfEm2VACBD6GdHwqvCUhVdNCI75HU+zXoqGEjiIor +0vzQINw+sCr1uFQatzgL2tcWxLUWqteqcyfzlRKQIL69DRNuYcC2OfJFT84WeLhY +SXdcBOiGcK+I/FUrDH51H9gmC2MOGRnWsB0daTMUraJ2or9TCH3PrULGshlMuMzs +aMnecKf79DBKj4BO/x2VFo2rq7H2uPczv6+6bHapjagMtxWcogFceUqjNXnnWyiK +8oH7iin2PnIDUX+ks3YwQ9hpbJIy3V9UF2J6PgyaKDGfyT2mVoLmTbD0IpPlpF7G +xGdUCEVB3AqB1nA8KE6vim8BKktInVM1fMylR/n0jj7mSK1oqqH76S1kmfH4sla/ +KetthtIy2IVnljsgIbrABp1A5gd5AoHBANnDTBXsDMA9VE+ArOB8WNkzT1gl44QO +cKHLJQ2sTGNrSA5m9xjGgcmOogJTw5wxz5vPqqKol0xpIEHIAmftREt1qpem7+Gi +CNslPzHR9PYe5XGAV3bgFe4iL2Q9dD+rOx5/EK9GroqNtNNSEzcckAu414whIazb +sNhFcsCd1Yn6kadfeMRdt8MQ4sgQWWxON1gjOynbx5lHuLqZs8SYUJ6v3RRn7ZXv +cGI9NeuAxHDpZPqhnpsFyfWbLFHJIUaaVQKBwQDV4vmL0gpdiBfKPS6D8OkVSayQ +CBLoaq9sW4VWPpv83lTtB6nf6zfhxs7ho+0aosieV5KQkJho0KY5mHvKfFO5ih1g +ADtG90X37tVxHyQLXxqBpOBQO12lVsc/ILO6hqDOFoAzGMPpT43CrF2/09GQM/uA +Uo2s0Z9mvMalybtWcGDrsfGQhuY5soeEho9gziAC3zFMtSZJDBd5pf+Ls2ZcBDFp +5GrIvVFYGIOqbSheeSuYyhgZGHiAXtibRkroZWsCgcAeCMiisWbk0NCjEn1FjQD4 +HBKSds9VdGRmfE1FAIGcqLxMeDkWarKV6R1BMupkzZ3zwIWpX5VWjZ1MVVi3msrz +mWwI9JZbSWztRMrdhTbDB2nf6LKni6qaqI5exfcVnPlPcHkNo7MJGxhYmRZbYI4h +f8IC6sLpQ3e1rIZyOJKuMCgMrKdMdhyVQ+vzagXbYUJS3rEXSd/SrUi2O+LGd7eO +23Sjjt3+8wJOGmEodR8i753kz4u/l+HOBTPsp8/2G+0CgcBD72Pz1TMVojRsOCKe +JdbivBPja60VxU0Szb78Nca1+qhe4SBDzyJgxBTR9o9I9otiP859vG+sWxlxEc2/ +8t1lAUlzRJ+PWtsOdP22gH2iXwK8SvI0iaak7Xs7wddUV46b5umxURxo7qvIOZdN +ZqoZc2leyNnXGn3W0/8EiZ7HRcqDEnH3xeE6UkpY/aRsywu/3cR66M7QRNbv/Jm+ +daz9bReE2thQClHb+W1YpHM+Dp6aWRZuYidkHrwOFbWVOyECgcBSsN2yk6eV9pmQ +p4yHZcJ6QdCHm1KqdAMK/pSurjSf3+281mkxTAkZBGLl2QwZKEBTapKZhvsoC3+d +fpk1UZneP1g9PHoRS7rooQV5baUj0sOd3RyD3iylb1soyyEKWxbzdiS/nswYbwCV +LMvucEsmS5aIfIUo4ntlNs3bVZqLdh0BAG9+WuimpYyp7pxrvuj2FM+gwbwDZvto +O2/1wSKkPX2klUKg1hNNELJAXfxHLw2+NvV9x4rDiu5xJHgDCD0= +-----END RSA PRIVATE KEY----- +__EOF__ + +trap "cleanup" EXIT QUIT + +cleanup() +{ + kill ${PID} >/dev/null 2>&1 + rm -f ${CERTFILE1} ${CERTFILE2} + +} + +echo " * testing server X.509, client RAW" + +eval "${GETPORT}" +launch_server --echo --x509keyfile ${CERTFILE1} --x509certfile ${CERTFILE1} --priority NORMAL:-CTYPE-CLI-ALL:+CTYPE-CLI-RAWPK --require-client-cert +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" localhost --priority NORMAL:-CTYPE-CLI-ALL:+CTYPE-CLI-RAWPK --no-ca-verification --rawpkkeyfile ${CERTFILE2} --rawpkfile ${CERTFILE2} >${TMPFILE} 2>&1 ${TMPFILE} 2>&1 ${TMPFILE} 2>&1 ${TMPFILE} 2>&1 ${TMPFILE} 2>&1 ${TMPFILE} 2>&1 ${TMPFILE} 2>&1 ${TMPFILE} 2>&1 ${TMPFILE} 2>&1 ${TMPFILE} 2>&1 ${TMPFILE} 2>&1 ${TMPFILE} 2>&1 ${TMPFILE} 2>&1 +# + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +eval "${GETPORT}" +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +run_server_test() { + local priority=$1 + local id=$2 + local TMPFILE=resume.$$-$i.tmp + + "${CLI}" -p "${PORT}" 127.0.0.1 --logfile=${TMPFILE} --priority="${priority}" --resume --insecure /dev/null || \ + exit 1 + grep -H "* This is a resumed session" ${TMPFILE} || + exit 1 + + rm -f ${TMPFILE} + + exit 0 +} + +echo "Checking whether session resumption works reliably under TLS1.3" +PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.3" +WAITPID="" + +i=0 +while [ $i -lt 10 ] +do + run_server_test "${PRIORITY}" $i & + WAITPID="$WAITPID $!" + i=`expr $i + 1` +done + +for i in "$WAITPID";do + wait $i + test $? != 0 && exit 1 +done + +echo "Checking whether session resumption works reliably under TLS1.2" +PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.2" +WAITPID="" + +i=0 +while [ $i -lt 10 ] +do + run_server_test "${PRIORITY}" $i & + WAITPID="$WAITPID $!" + i=`expr $i + 1` +done + +for i in "$WAITPID";do + wait $i + test $? != 0 && exit 1 +done + +echo "Checking whether session resumption works reliably under TLS1.2 (no tickets)" +PRIORITY="NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_TICKETS" +WAITPID="" + +i=0 +while [ $i -lt 10 ] +do + run_server_test "${PRIORITY}" $i & + WAITPID="$WAITPID $!" + i=`expr $i + 1` +done + +for i in "$WAITPID";do + wait $i + test $? != 0 && exit 1 +done + +kill ${PID} +wait + +exit 0 diff --git a/tests/gnutls-cli-save-data.sh b/tests/gnutls-cli-save-data.sh new file mode 100755 index 0000000..785d907 --- /dev/null +++ b/tests/gnutls-cli-save-data.sh @@ -0,0 +1,82 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +echo "Checking whether saving OCSP response and cert succeeds" + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem +OCSP1=${srcdir}/ocsp-tests/response1.der + +TMPFILE1=save-data1.$$.tmp +TMPFILE2=save-data2.$$.tmp + +eval "${GETPORT}" +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} --ocsp-response=${OCSP1} --ignore-ocsp-response-errors -d 6 +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --save-cert ${TMPFILE1} --save-ocsp ${TMPFILE2} /dev/null && \ + fail ${PID} "1. handshake should have failed!" + + +kill ${PID} +wait + +if ! test -f ${TMPFILE1};then + echo "Could not retrieve certificate" + exit 1 +fi + +if ! test -f ${TMPFILE2};then + echo "Could not retrieve OCSP response" + exit 1 +fi + +rm -f ${TMPFILE1} ${TMPFILE2} + +exit 0 diff --git a/tests/gnutls-cli-self-signed.sh b/tests/gnutls-cli-self-signed.sh new file mode 100755 index 0000000..8fd7ea9 --- /dev/null +++ b/tests/gnutls-cli-self-signed.sh @@ -0,0 +1,143 @@ +#!/bin/sh + +# Copyright (C) 2017 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE +TMPFILE=self-signed.$$.pem.tmp + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +echo "Checking whether connecting to a self signed certificate returns the expected error" + +cat <<__EOF__ >${TMPFILE} +-----BEGIN CERTIFICATE----- +MIIEXDCCAsSgAwIBAgIIWkcxay17JgYwDQYJKoZIhvcNAQELBQAwQjEaMBgGA1UE +AxMRdGVzdC1hbGwtZGVmYXVsdHMxCzAJBgNVBAYTAkFUMRcwFQYKCZImiZPyLGQB +GRYHYmVidC5kZTAeFw0xNzEyMzAwNjI1NDhaFw0xOTEyMjAwNjI1NTFaMEIxGjAY +BgNVBAMTEXRlc3QtYWxsLWRlZmF1bHRzMQswCQYDVQQGEwJBVDEXMBUGCgmSJomT +8ixkARkWB2JlYnQuZGUwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCv +M1Y+Q4goCtHi3SLHTBQ14LS6NI4UbEa8YZFfaOfmOOufzwdNUntUkSA2PPS7mQ55 +SN+Sdel1x4f4EjfxCWhj0j0Y26OmJS+wYNz3oOdoKThLq4Mn5SumO7mhU684mZTi +EP2qrxFeYvQqQBdjv8rfP2LJ+RsB/3CiwWdkx4qeudoSUCqzWo8e6K2ul0JJuk+Z +fvqkPpDl+cVTikmxNwqjAt4Ef9oiT1YjUIBUae+RCdNZEa6d2AhW+4bD+vl0Pci+ +EBPzhLeR8iYuIEX66Tpv8AUvv412SuvVZbizGP5EDH4gkWtNWem9yNPCHA9rBqrC +6Nib4TPPLm1aN4mJyLdoQ1gD0STHcFADo+1H0JDywzxlgkks9cj5sQmApO7+AuGs +JoUDAp4g4LHnBw/H/5esVta5Pn7GThKwu7PRY0Y59ZKQrT5deXm9TeySdav+9wR/ +5aiIZpAsAM5zWnN5qAP58Xl+pa0qN48GPcwmAsa4Zh9ehGhzR00MFHD3V8i0rFcC +AwEAAaNWMFQwDAYDVR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwDwYD +VR0PAQH/BAUDAwegADAdBgNVHQ4EFgQU0tGobgnLApQRxvbzIhOT2gAUQAYwDQYJ +KoZIhvcNAQELBQADggGBAHmqS1jOY5J9ad63aFXaei0lZhTnYCsFOGWuyLqZtz9K +21n0V8WVXeGmBjXkYNS3LCwPwFqKsp3vhsh4Hw5cyKkfQIri0HlWASYiJCPZxDLH +odVJSOPV65Q+gmhT/ltHK5CW4DJ2Gy82vPEFqw3+Kca28IJ0m2wr0FlhOCvnHUa7 +GMS/+SdaMbsi1Eui0wUG/xWw8/2kY26IjhDJHrsTUjpYQ+vTy5oOjyq6Yf15Orjw +tJTwGgRcfoiBGhzMgTbUfFCO33L6f0u/WR/sI7DYDO/6JW1USnTrMuwEL6/jMNAw +QPl6irVOy/UwcIcLIBw8ta5cR8JVbhYuV7cUT9qDVwCOqotkwjDVsH2aztLLLr5d +ywMQXvXh2UI4jSujWf9vYY3F7GkDGy/cOwVprZoAe0mXwvuCvDyNZqXJTxKtq/w9 +ZwOveNtNeXHOJljseNXLQPCfCcQ6mEUNjqwo2eDqH0OtJsQRN2CAUsn+YBnAALrv +P4J46RbB7bnzQ9kHiv6KuA== +-----END CERTIFICATE----- + +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEArzNWPkOIKArR4t0ix0wUNeC0ujSOFGxGvGGRX2jn5jjrn88H +TVJ7VJEgNjz0u5kOeUjfknXpdceH+BI38QloY9I9GNujpiUvsGDc96DnaCk4S6uD +J+Urpju5oVOvOJmU4hD9qq8RXmL0KkAXY7/K3z9iyfkbAf9wosFnZMeKnrnaElAq +s1qPHuitrpdCSbpPmX76pD6Q5fnFU4pJsTcKowLeBH/aIk9WI1CAVGnvkQnTWRGu +ndgIVvuGw/r5dD3IvhAT84S3kfImLiBF+uk6b/AFL7+Ndkrr1WW4sxj+RAx+IJFr +TVnpvcjTwhwPawaqwujYm+Ezzy5tWjeJici3aENYA9Ekx3BQA6PtR9CQ8sM8ZYJJ +LPXI+bEJgKTu/gLhrCaFAwKeIOCx5wcPx/+XrFbWuT5+xk4SsLuz0WNGOfWSkK0+ +XXl5vU3sknWr/vcEf+WoiGaQLADOc1pzeagD+fF5fqWtKjePBj3MJgLGuGYfXoRo +c0dNDBRw91fItKxXAgMBAAECggGACEz1XBPVApioowf5Gtom5vqTdXMB/EO5AjnZ +Kl0NB6JQv4yOewJaZ4JMtWUj7zNsNSDXvtepTPQ8I+uxDNF2SaxvSps1YKzIWqHs +NitAa3Xwfd1NZHl+HO0deWA+n/7ex+soKYsL1p33lXzd3tL6aKNXKdyMhAa3Lm7d +WDAACE8j3tQ/ganbuAosGGaANIAIP2x9sYRpVwwDZlbZ8PR7o4eCP1JTYmbB3QB2 +ZAl02TlO8xxcWowesQhPtT9RzEkVAqKC8EULvdvY4b5OFQxkmLDQYv/c+HqetKQ7 +/ewkp/PRndGJ+k0Nebr6G2yIj6D3pN1YfquTfwGMi2yTZh4hQgkXi2WP8KRRgpIU +iUfsSA9wZ4s2WNTMPQANfztP2cUVSPHW8UlTM373qLc3TGDuxmR+h7vqeQ0kVakL +vhQ+HkEvQ2yrxc3m3g1BDoM3/ShHx7IskBqeX3L3Ad7pZpu/Q+Y/z5tVtDUY42LW +DTeB/mKZcKZLK0BCz+o4L9KPceQxAoHBANZfiYobRMXmT0yOfTj68JWR/g7B9XBV +rQ03xKxpI9mVckAT52xPJCUsSRVyUbJDs4hnBOe/y3Uk3jejDoCoI1h8ZyKCwhHq +Py0GFCmB/AzeYRchD0TY1H69r4PZjloGX6SWlha784ajcJspoV5TYuLkhOVDFsA/ +R4Yu4irkQ2hugPT/q3ysiDXgQSB9+SqCYGUfMbadC+Ppm5+egTF8uyHJeV4YQ/Jr +CNvsA6wxnONg0gbhsd3wLixjzz8jfJ1N6QKBwQDROIg0JumHkO5pl7wdKUSRx43y +OOBNOf3KqGsRT8EDnRcepJy1gdg/SIp5/MRi+PJLqDfLNcIr8gQhanJnZ160UFVX +8IhJ02Of/NGrFvctURJ3Dt63SspIoi6Yt/7Z1IQrvxpHsD3eaNtqywtYF59yhkdB +hKomPn++LraDyXHqu0xCuO9te61ZP2haHhPsGI1Z2fuep5dnZJRLNR9BZWuqmkv9 +qj34ftm6Np8qSpdp9GotsRL2WIRaNF/sP+Z6gD8CgcAF7VZMLzzTi+6dW0MzFB0a +xZKUreAvXu8N8oDJk46eMXebNfGsGPQS4wqSQTrpBt4r401Law4hCwfp2eRIwl1X +0Pi5B4x+Gk/s2sIr86AYav2cOhnF+YjGiFAWASnia1Kxpkg4ELJHArXWVGxVw1B0 +nYTfId+7KQS9PQab0PvcI1IFdBw1sj+B3dVvJIyDFF+97ALf3a+6eXcIDsXbrGsw +H/XvGBSo2zS/f+MKG8UOtFqaPhtA26crKwdL45tKbiECgcAO468NxxcnhrDw4tOI +X795gHIhotqTpGTjX0j/WmWqFCvpCl38rNju6AKy28I+KOlVaQtPcuv2pKqWljS+ +FyUuP+lS8NNCLcERSbTCMEg2+WYPAwfmk3QB50jZpX6FkhI16su7/lbo1R2IZBrS +khvO0q+Pghl5z0jYCAsFJfjtc5bhyLeBWyPjDhgnEazpSHYGxvSZPeQQf5/uGkG3 +LbiT05dE3jC61ow4LFr3b4eHCtXjmo526aXBpaiN754/aZECgcBAK3aOmgwI5vw4 +7a94mWffD0LzHl26D2ayXHvXmzjTOv7hsvilUTitdlqNrlZ3AxOWX1nGUcxdUwPT +Ri1h4yIi28MvTjBD+wvXOGwmINGkBFWKIzkhh/bvbzQsuRSmG09JF1tBJjE6oCUs +5ZJ7v0NCtg7yGOY8ciWIpahFc796prk17ZgIn/t0hebc9ZTaIat5QKbr4SWLZJEl +i2yISkQxkJZp8sTwSlIGZSBpuZcDq9AdUjan1WhGgl4hpHpjr3Y= +-----END RSA PRIVATE KEY----- +__EOF__ + +eval "${GETPORT}" +launch_server --echo --x509keyfile ${TMPFILE} --x509certfile ${TMPFILE} +PID=$! +wait_server ${PID} + +datefudge "2018-1-1" \ +${VALGRIND} "${CLI}" -p "${PORT}" localhost >${TMPFILE} 2>&1 +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +void doit(void) +{ + assert(gnutls_certificate_verification_profile_get_id("very weak") == GNUTLS_PROFILE_VERY_WEAK); + assert(gnutls_certificate_verification_profile_get_id("low") == GNUTLS_PROFILE_LOW); + assert(gnutls_certificate_verification_profile_get_id("legacy") == GNUTLS_PROFILE_LEGACY); + assert(gnutls_certificate_verification_profile_get_id("MedIum") == GNUTLS_PROFILE_MEDIUM); + assert(gnutls_certificate_verification_profile_get_id("ultra") == GNUTLS_PROFILE_ULTRA); + assert(gnutls_certificate_verification_profile_get_id("future") == GNUTLS_PROFILE_FUTURE); + assert(gnutls_certificate_verification_profile_get_id("xxx") == GNUTLS_PROFILE_UNKNOWN); +} diff --git a/tests/gnutls-strcodes.c b/tests/gnutls-strcodes.c new file mode 100644 index 0000000..952fc5f --- /dev/null +++ b/tests/gnutls-strcodes.c @@ -0,0 +1,138 @@ +/* + * Copyright (C) 2017 Red Hat + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "utils.h" + +unsigned _gnutls_ecc_curve_is_supported(gnutls_ecc_curve_t); + +/* Check whether the string functions will return a non-repeated and + * non null value. + */ + +static +void _check_non_null(int line, int i, const char *val) +{ + if (val == NULL) + fail("issue in line %d, item %d\n", line, i); +} + +static +void _check_unique_non_null(int line, int i, const char *val) +{ + static char previous_val[128]; + + if (val == NULL) + fail("issue in line %d, item %d\n", line, i); + + if (strcmp(val, previous_val)==0) { + fail("issue in line %d, item %d: %s\n", line, i, val); + } + + snprintf(previous_val, sizeof(previous_val), "%s", val); +} + +static +void _check_unique(int line, int i, const char *val) +{ + static char previous_val[128]; + + if (val == NULL) { + previous_val[0] = 0; + return; + } + + if (strcmp(val, previous_val)==0) + fail("issue in line %d, item %d: %s\n", line, i, val); + + snprintf(previous_val, sizeof(previous_val), "%s", val); +} + +#define check_unique(x) _check_unique(__LINE__, i, x) +#define check_unique_non_null(x) _check_unique_non_null(__LINE__, i, x) +#define check_non_null(x) _check_non_null(__LINE__, i, x) + +void doit(void) +{ + int ret; + int i; + + ret = global_init(); + if (ret < 0) { + fail("global_init\n"); + exit(1); + } + + for (i=GNUTLS_E_UNIMPLEMENTED_FEATURE;i<=0;i++) { + check_unique(gnutls_strerror(i)); + check_unique(gnutls_strerror_name(i)); + } + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" +#include "tls13/ext-parse.h" + +/* This program tests gnutls_ext_raw_parse with GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO + * flag. + */ + +#define HOSTNAME "example.com" + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned found_server_name = 0; +static unsigned found_status_req = 0; +static unsigned bare_version = 0; + +static int ext_callback(void *ctx, unsigned tls_id, const unsigned char *data, unsigned size) +{ + if (tls_id == 0) { /* server name */ + /* very interesting extension, 4 bytes of sizes + * and 1 byte of type. */ + unsigned esize = (data[0] << 8) | data[1]; + assert(esize == strlen(HOSTNAME)+3); + + size -= 2; + data += 2; + + assert(data[0] == 0); + data++; + size--; + + esize = (data[0] << 8) | data[1]; + + assert(esize == strlen(HOSTNAME)); + data += 2; + size -= 2; + + assert(memcmp(data, HOSTNAME, strlen(HOSTNAME)) == 0); + found_server_name = 1; + } else if (tls_id == 5) { + found_status_req = 1; + } else { + if (debug) + success("found extension: %u\n", tls_id); + } + return 0; +} + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + int ret; + + if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && post) { + if (bare_version) { + ret = gnutls_ext_raw_parse(NULL, ext_callback, msg, GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO); + } else { + unsigned pos; + gnutls_datum_t mmsg; + assert(msg->size >= HANDSHAKE_SESSION_ID_POS); + pos = HANDSHAKE_SESSION_ID_POS; + SKIP8(pos, msg->size); + SKIP16(pos, msg->size); + SKIP8(pos, msg->size); + + mmsg.data = &msg->data[pos]; + mmsg.size = msg->size - pos; + ret = gnutls_ext_raw_parse(NULL, ext_callback, &mmsg, 0); + } + assert(ret >= 0); + } + return 0; +} + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + assert(gnutls_server_name_set(session, GNUTLS_NAME_DNS, HOSTNAME, strlen(HOSTNAME))>=0); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) { + /* success */ + goto end; + } + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +static void server(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + gnutls_handshake_set_timeout(session, get_timeout()); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HOOK_POST, + handshake_callback); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + /* failure is expected here */ + goto end; + } + + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + assert(found_server_name != 0); + assert(found_status_req != 0); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static void start(unsigned val) +{ + int fd[2]; + int ret, status = 0; + pid_t child; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + bare_version = val; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0]); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } + + return; +} + +void doit(void) +{ + start(0); + start(1); +} + +#endif /* _WIN32 */ diff --git a/tests/gnutls_ext_raw_parse_dtls.c b/tests/gnutls_ext_raw_parse_dtls.c new file mode 100644 index 0000000..3292c80 --- /dev/null +++ b/tests/gnutls_ext_raw_parse_dtls.c @@ -0,0 +1,292 @@ +/* + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" +#include "tls13/ext-parse.h" + +/* This program tests gnutls_ext_raw_parse with GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO + * flag. + */ + +#define HOSTNAME "example.com" + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned found_server_name = 0; +static unsigned found_status_req = 0; + +static int ext_callback(void *ctx, unsigned tls_id, const unsigned char *data, unsigned size) +{ + if (tls_id == 0) { /* server name */ + /* very interesting extension, 4 bytes of sizes + * and 1 byte of type. */ + unsigned esize = (data[0] << 8) | data[1]; + assert(esize == strlen(HOSTNAME)+3); + + size -= 2; + data += 2; + + assert(data[0] == 0); + data++; + size--; + + esize = (data[0] << 8) | data[1]; + + assert(esize == strlen(HOSTNAME)); + data += 2; + size -= 2; + + assert(memcmp(data, HOSTNAME, strlen(HOSTNAME)) == 0); + found_server_name = 1; + } else if (tls_id == 5) { + found_status_req = 1; + } else { + if (debug) + success("found extension: %u\n", tls_id); + } + return 0; +} + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + int ret; + + if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && post) { + ret = gnutls_ext_raw_parse(NULL, ext_callback, msg, GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO); + + assert(ret >= 0); + } + return 0; +} + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM); + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-DTLS1.2", NULL)>= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + assert(gnutls_server_name_set(session, GNUTLS_NAME_DNS, HOSTNAME, strlen(HOSTNAME))>=0); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) { + /* success */ + goto end; + } + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +static void server(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER|GNUTLS_DATAGRAM); + gnutls_handshake_set_timeout(session, get_timeout()); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HOOK_POST, + handshake_callback); + + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-DTLS1.2", NULL)>= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + /* failure is expected here */ + goto end; + } + + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + assert(found_server_name != 0); + assert(found_status_req != 0); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +void doit(void) +{ + int fd[2]; + int ret, status = 0; + pid_t child; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0]); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } + + return; +} + + +#endif /* _WIN32 */ diff --git a/tests/gnutls_hmac_fast.c b/tests/gnutls_hmac_fast.c new file mode 100644 index 0000000..67b10d6 --- /dev/null +++ b/tests/gnutls_hmac_fast.c @@ -0,0 +1,137 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + unsigned char digest[20]; + int err; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + err = + gnutls_hmac_fast(GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh", + 8, digest); + if (err < 0) + fail("gnutls_hmac_fast(SHA1) failed: %d\n", err); + else { + if (memcmp(digest, "\x58\x93\x7a\x58\xfe\xea\x82\xf8" + "\x0e\x64\x62\x01\x40\x2b\x2c\xed\x5d\x54\xc1\xfa", + 20) == 0) { + if (debug) + success("gnutls_hmac_fast(SHA1) OK\n"); + } else { + hexprint(digest, 20); + fail("gnutls_hmac_fast(SHA1) failure\n"); + } + } + + /* enable MD5 usage */ + if (gnutls_fips140_mode_enabled()) { + gnutls_fips140_set_mode(GNUTLS_FIPS140_LOG, 0); + } + + err = + gnutls_hmac_fast(GNUTLS_MAC_MD5, "keykeykey", 9, "abcdefgh", 8, + digest); + if (err < 0) + fail("gnutls_hmac_fast(MD5) failed: %d\n", err); + else { + if (memcmp(digest, "\x3c\xb0\x9d\x83\x28\x01\xef\xc0" + "\x7b\xb3\xaf\x42\x69\xe5\x93\x9a", 16) == 0) { + if (debug) + success("gnutls_hmac_fast(MD5) OK\n"); + } else { + hexprint(digest, 16); + fail("gnutls_hmac_fast(MD5) failure\n"); + } + } + + err = + gnutls_hmac_fast(GNUTLS_MAC_AES_GMAC_128, "keykeykeykeykeyk", 16, "abcdefghabc", 8, + digest); + if (err >= 0) + fail("gnutls_hmac_fast(GMAC-128) succeeded unexpectedly: %d\n", err); + else if (err != GNUTLS_E_INVALID_REQUEST) + fail("gnutls_hmac_fast(GMAC-128) failure: %d\n", err); + else if (debug) + success("gnutls_hmac_fast(GMAC-128) OK\n"); + + err = + gnutls_hmac_fast(GNUTLS_MAC_AES_GMAC_192, "keykeykeykeykeykeykeykey", 24, + "abcdefghabc", 8, + digest); + if (err >= 0) + fail("gnutls_hmac_fast(GMAC-192) succeeded unexpectedly: %d\n", err); + else if (err != GNUTLS_E_INVALID_REQUEST) + fail("gnutls_hmac_fast(GMAC-192) failure: %d\n", err); + else if (debug) + success("gnutls_hmac_fast(GMAC-192) OK\n"); + + err = + gnutls_hmac_fast(GNUTLS_MAC_AES_GMAC_256, "keykeykeykeykeykeykeykeykeykeyke", 32, + "abcdefghabc", 8, + digest); + if (err >= 0) + fail("gnutls_hmac_fast(GMAC-256) succeeded unexpectedly: %d\n", err); + else if (err != GNUTLS_E_INVALID_REQUEST) + fail("gnutls_hmac_fast(GMAC-256) failure: %d\n", err); + else if (debug) + success("gnutls_hmac_fast(GMAC-256) OK\n"); + + err = + gnutls_hmac_fast(GNUTLS_MAC_UMAC_96, "keykeykeykeykeyk", 16, "abcdefghabc", 8, + digest); + if (err >= 0) + fail("gnutls_hmac_fast(UMAC-96) succeeded unexpectedly: %d\n", err); + else if (err != GNUTLS_E_INVALID_REQUEST) + fail("gnutls_hmac_fast(UMAC-96) failure: %d\n", err); + else if (debug) + success("gnutls_hmac_fast(UMAC-96) OK\n"); + + err = + gnutls_hmac_fast(GNUTLS_MAC_UMAC_128, "keykeykeykeykeyk", 16, "abcdefghabc", 8, + digest); + if (err >= 0) + fail("gnutls_hmac_fast(UMAC-128) succeeded unexpectedly: %d\n", err); + else if (err != GNUTLS_E_INVALID_REQUEST) + fail("gnutls_hmac_fast(UMAC-128) failure: %d\n", err); + else if (debug) + success("gnutls_hmac_fast(UMAC-128) OK\n"); + + gnutls_global_deinit(); +} diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c new file mode 100644 index 0000000..8f9c5fa --- /dev/null +++ b/tests/gnutls_ktls.c @@ -0,0 +1,357 @@ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main(void) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello world!" + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_handshake_set_timeout(session, 0); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + goto end; + } + if (debug) + success("client: Handshake was completed\n"); + + ret = gnutls_transport_is_ktls_enabled(session); + if (!(ret & GNUTLS_KTLS_RECV)){ + fail("client: KTLS was not properly initialized\n"); + goto end; + } + + /* server send message via gnutls_record_send */ + memset(buffer, 0, sizeof(buffer)); + do{ + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } + while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if(strncmp(buffer, MSG, ret)){ + fail("client: Message doesn't match\n"); + goto end; + } + + if (debug) + success ("client: messages received\n"); + + /* server send message via gnutls_record_sendfile */ + memset(buffer, 0, sizeof(buffer)); + do{ + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } + while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if(strncmp(buffer, MSG, ret)){ + fail("client: Message doesn't match\n"); + goto end; + } + + if (debug) + success ("client: messages received\n"); + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) { + fail("client: error in closing session: %s\n", gnutls_strerror(ret)); + } + + ret = 0; + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (ret != 0) + exit(1); +} + +pid_t child; +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + gnutls_init(&session, GNUTLS_SERVER); + gnutls_handshake_set_timeout(session, 0); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + goto end; + } + if (debug) + success("server: Handshake was completed\n"); + + ret = gnutls_transport_is_ktls_enabled(session); + if (!(ret & GNUTLS_KTLS_SEND)){ + fail("server: KTLS was not properly initialized\n"); + goto end; + } + do { + ret = gnutls_record_send(session, MSG, strlen(MSG)+1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("server: data sending has failed (%s)\n\n", + gnutls_strerror(ret)); + goto end; + } + + /* send file + */ + FILE *fp = tmpfile(); + if (fp == NULL){ + fail("temporary file for testing couldn't be created"); + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + goto end; + } + + fputs(MSG, fp); + rewind(fp); + + off_t offset = 0; + if (fp == NULL) { + fail("server: couldn't open file for testing ...send_file() function"); + goto end; + } + + do { + ret = gnutls_record_send_file(session, fileno(fp), &offset, 512); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("server: data sending has failed (%s)\n\n", + gnutls_strerror(ret)); + goto end; + } + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + + ret = 0; +end: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (ret){ + terminate(); + } + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static void run(const char *prio) +{ + int ret; + struct sockaddr_in saddr; + socklen_t addrlen; + int listener; + int fd; + + success("running ktls test with %s\n", prio); + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + listener = socket(AF_INET, SOCK_STREAM, 0); + if (listener == -1){ + fail("error in listener(): %s\n", strerror(errno)); + } + + memset(&saddr, 0, sizeof(saddr)); + saddr.sin_family = AF_INET; + saddr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + saddr.sin_port = 0; + + ret = bind(listener, (struct sockaddr*)&saddr, sizeof(saddr)); + if (ret == -1){ + fail("error in bind(): %s\n", strerror(errno)); + } + + addrlen = sizeof(saddr); + ret = getsockname(listener, (struct sockaddr*)&saddr, &addrlen); + if (ret == -1){ + fail("error in getsockname(): %s\n", strerror(errno)); + } + + child = fork(); + if (child < 0) { + fail("error in fork(): %s\n", strerror(errno)); + exit(1); + } + + if (child) { + int status; + /* parent */ + ret = listen(listener, 1); + if (ret == -1) { + fail("error in listen(): %s\n", strerror(errno)); + } + + fd = accept(listener, NULL, NULL); + if (fd == -1) { + fail("error in accept(): %s\n", strerror(errno)); + } + server(fd, prio); + + wait(&status); + check_wait_status(status); + } else { + fd = socket(AF_INET, SOCK_STREAM, 0); + if (fd == -1){ + fail("error in socket(): %s\n", strerror(errno)); + exit(1); + } + usleep(1000000); + connect(fd, (struct sockaddr*)&saddr, addrlen); + client(fd, prio); + exit(0); + } +} + +void doit(void) +{ + run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM"); + run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM"); + run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM"); + run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM"); +} + +#endif /* _WIN32 */ diff --git a/tests/gnutls_ocsp_resp_list_import2.c b/tests/gnutls_ocsp_resp_list_import2.c new file mode 100644 index 0000000..1157f6e --- /dev/null +++ b/tests/gnutls_ocsp_resp_list_import2.c @@ -0,0 +1,261 @@ +/* + * Copyright (C) 2017 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This tests key import for gnutls_ocsp_resp_t APIs */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include "ocsp-common.h" +#include "utils.h" + +#define testfail(fmt, ...) \ + fail("%s: "fmt, name, ##__VA_ARGS__) + +static void load_list(const char *name, const gnutls_datum_t *txt, + unsigned int nocsps, + int format, + unsigned flags, int exp_err) +{ + gnutls_ocsp_resp_t *ocsps; + unsigned int i, size; + int ret; + + ret = gnutls_ocsp_resp_list_import2(&ocsps, &size, txt, format, flags); + if (ret < 0) { + if (exp_err == ret) + return; + testfail("gnutls_x509_crt_list_import: %s\n", gnutls_strerror(ret)); + } + + for (i=0;i. + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This is a unit test of _gnutls_record_overhead. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +#include +#include "../lib/gnutls_int.h" + +#undef _gnutls_debug_log +#undef gnutls_assert +#undef gnutls_assert_val +#define _gnutls_debug_log printf +#define gnutls_assert() +#define gnutls_assert_val(val) val + +/* #pragma doesn't work to suppress preprocessor warnings like -Wunused-macros. + * So we just use the above defined macros here. */ +#if defined _gnutls_debug_log && defined gnutls_assert && defined gnutls_assert_val +#include "../lib/algorithms.h" +#endif + +unsigned _gnutls_record_overhead(const version_entry_st *ver, + const cipher_entry_st *cipher, + const mac_entry_st *mac, + unsigned max); + +#define OVERHEAD(v, c, m) \ + _gnutls_record_overhead(version_to_entry(v), cipher_to_entry(c), mac_to_entry(m), \ + 0) + +#define MAX_OVERHEAD(v, c, m) \ + _gnutls_record_overhead(version_to_entry(v), cipher_to_entry(c), mac_to_entry(m), \ + 1) + +static void check_aes_gcm(void **glob_state) +{ + const unsigned ov = 16+8; + /* Under AES-GCM the overhead is constant */ + assert_int_equal(OVERHEAD(GNUTLS_TLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD), ov); + assert_int_equal(MAX_OVERHEAD(GNUTLS_TLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD), ov); +} + +static void check_tls13_aes_gcm(void **glob_state) +{ + const unsigned ov = 16+1; + /* Under AES-GCM the overhead is constant */ + assert_int_equal(OVERHEAD(GNUTLS_TLS1_3, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD), ov); + assert_int_equal(MAX_OVERHEAD(GNUTLS_TLS1_3, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD), ov); +} + +static void check_aes_sha1_min(void **glob_state) +{ + const unsigned mac = 20; + const unsigned block = 16; + assert_int_equal(OVERHEAD(GNUTLS_TLS1_2, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1), 1+mac+block); +} + +static void check_aes_sha1_max(void **glob_state) +{ + const unsigned mac = 20; + const unsigned block = 16; + + assert_int_equal(MAX_OVERHEAD(GNUTLS_TLS1_2, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1), block+mac+block); +} + +int main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(check_aes_gcm), + cmocka_unit_test(check_tls13_aes_gcm), + cmocka_unit_test(check_aes_sha1_min), + cmocka_unit_test(check_aes_sha1_max) + }; + return cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/tests/gnutls_session_set_id.c b/tests/gnutls_session_set_id.c new file mode 100644 index 0000000..b085c0a --- /dev/null +++ b/tests/gnutls_session_set_id.c @@ -0,0 +1,210 @@ +/* + * Copyright (C) 2018 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +const char *side; + +static gnutls_datum_t test_id = { (void*)"\xff\xff\xff\xff\xff\xff", 6 }; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static gnutls_datum_t dbdata = {NULL, 0}; + +static int +wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data) +{ + unsigned *try_resume = dbf; + + assert(dbdata.data == NULL); + + if (!(*try_resume)) + return 0; + + dbdata.data = gnutls_malloc(data.size); + assert(dbdata.data != NULL); + + memcpy(dbdata.data, data.data, data.size); + dbdata.size = data.size; + return 0; +} + +static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key) +{ + unsigned *try_resume = dbf; + gnutls_datum_t r = {NULL, 0}; + + if (key.size != test_id.size || memcmp(test_id.data, key.data, test_id.size) != 0) + fail("received ID does not match the expected\n"); + + if (!(*try_resume)) + return r; + + r.data = gnutls_malloc(dbdata.size); + assert(r.data != NULL); + + memcpy(r.data, dbdata.data, dbdata.size); + r.size = dbdata.size; + + return r; +} + +static int wrap_db_delete(void *dbf, gnutls_datum_t key) +{ + return 0; +} + +static void start(const char *test, unsigned try_resume) +{ + int ret; + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + gnutls_datum_t data; + char buf[128]; + + success("%s\n", test); + reset_buffers(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&server, GNUTLS_SERVER)>=0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_set_default_priority(server); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + gnutls_db_set_retrieve_function(server, wrap_db_fetch); + gnutls_db_set_remove_function(server, wrap_db_delete); + gnutls_db_set_store_function(server, wrap_db_store); + gnutls_db_set_ptr(server, &try_resume); + + assert(gnutls_certificate_allocate_credentials(&clientx509cred)>=0); + assert(gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&client, GNUTLS_CLIENT)>=0); + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred)>=0); + + assert(gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + memset(buf, 0, sizeof(buf)); + ret = gnutls_session_set_data(client, buf, sizeof(buf)); + if (ret != GNUTLS_E_DB_ERROR) { + fail("unexpected error: %s\n", gnutls_strerror(ret)); + } + + HANDSHAKE(client, server); + + ret = gnutls_session_get_data2(client, &data); + if (ret != 0) { + fail("unexpected error: %s\n", gnutls_strerror(ret)); + } + + gnutls_deinit(client); + gnutls_deinit(server); + + assert(gnutls_init(&server, GNUTLS_SERVER)>=0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_set_default_priority(server); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + gnutls_db_set_retrieve_function(server, wrap_db_fetch); + gnutls_db_set_remove_function(server, wrap_db_delete); + gnutls_db_set_store_function(server, wrap_db_store); + gnutls_db_set_ptr(server, &try_resume); + + assert(gnutls_init(&client, GNUTLS_CLIENT)>=0); + + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred)>=0); + + assert(gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + memset(buf, 0, sizeof(buf)); + ret = gnutls_session_set_id(client, &test_id); + if (ret != 0) { + fail("unexpected error: %s\n", gnutls_strerror(ret)); + } + gnutls_free(data.data); + + if (try_resume) { + HANDSHAKE_EXPECT(client, server, GNUTLS_E_UNEXPECTED_PACKET, GNUTLS_E_AGAIN); + } else { + HANDSHAKE(client, server); + } + + assert(gnutls_session_resumption_requested(client) == 0); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_free(dbdata.data); + dbdata.size = 0; +} + +void doit(void) +{ + start("functional: see if session ID is sent", 0); + start("negative: see if the expected error is seen on client side", 1); +} diff --git a/tests/gnutls_x509_crq_sign.c b/tests/gnutls_x509_crq_sign.c new file mode 100644 index 0000000..42cf680 --- /dev/null +++ b/tests/gnutls_x509_crq_sign.c @@ -0,0 +1,164 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static unsigned char saved_crq_pem[] = + "-----BEGIN NEW CERTIFICATE REQUEST-----\n" + "MIIBgzCB7QIBADAAMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7ZkP18sXX\n" + "tozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y89+wEdhMXi2SJIlvA3VN8O+18\n" + "BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpNaP/JEeIyjc49gAuNde/YAIGP\n" + "KAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQABoEQwQgYJKoZIhvcNAQkOMTUw\n" + "MzAPBgNVHRMBAf8EBTADAgEAMA0GA1UdDwEB/wQDAwEAMBEGA1UdEQEB/wQHMAWC\n" + "A2ZvbzANBgkqhkiG9w0BAQsFAAOBgQBKFQhbmY8RJBPiXm80PmYnZH7WaMeaOLJZ\n" + "JBVjsmdjFtDbgHaY9Vizrbh9jFM8iyvw01y+FZqCt2kSzvaPRoQad06NCV00oN6W\n" + "mG2iRKBSwVEX7JleigliK3M3Y5dlHV77CC1Or9BGC9Rbx9n9mV6z/NAWW5LyPHb5\n" + "gf4oXM6OPw==\n" + "-----END NEW CERTIFICATE REQUEST-----\n"; + +const gnutls_datum_t saved_crq = { saved_crq_pem, sizeof(saved_crq_pem)-1 }; + +static unsigned char key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; +const gnutls_datum_t key = { key_pem, sizeof(key_pem)-1 }; + +static time_t mytime(time_t * t) +{ + time_t then = 1207000800; + + if (t) + *t = then; + + return then; +} + +static gnutls_x509_crq_t generate_crq(void) +{ + gnutls_x509_crq_t crq; + gnutls_x509_privkey_t pkey; + int ret; + size_t s = 0; + + ret = gnutls_x509_privkey_init(&pkey); + if (ret != 0) + fail("gnutls_x509_privkey_init\n"); + + ret = gnutls_x509_privkey_import(pkey, &key, GNUTLS_X509_FMT_PEM); + if (ret != 0) + fail("gnutls_x509_privkey_import\n"); + + ret = gnutls_x509_crq_init(&crq); + if (ret != 0) + fail("gnutls_x509_crq_init\n"); + + ret = gnutls_x509_crq_set_version(crq, 0); + if (ret != 0) + fail("gnutls_x509_crq_set_version\n"); + + ret = gnutls_x509_crq_set_key(crq, pkey); + if (ret != 0) + fail("gnutls_x509_crq_set_key\n"); + + s = 0; + ret = gnutls_x509_crq_get_extension_info(crq, 0, NULL, &s, NULL); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + fail("gnutls_x509_crq_get_extension_info\n"); + + ret = gnutls_x509_crq_set_basic_constraints(crq, 0, 0); + if (ret != 0) + fail("gnutls_x509_crq_set_basic_constraints %d\n", ret); + + ret = gnutls_x509_crq_set_key_usage(crq, 0); + if (ret != 0) + fail("gnutls_x509_crq_set_key_usage %d\n", ret); + + ret = gnutls_x509_crq_set_subject_alt_name(crq, GNUTLS_SAN_DNSNAME, + "foo", 3, 1); + if (ret != 0) + fail("gnutls_x509_crq_set_subject_alt_name\n"); + + ret = gnutls_x509_crq_sign(crq, pkey); + if (ret < 0) + fail("gnutls_x509_crq_sign: %s\n", gnutls_strerror(ret)); + + gnutls_x509_privkey_deinit(pkey); + + return crq; +} + +static void verify_crq(const gnutls_datum_t *pem) +{ + gnutls_x509_crq_t crq; + + assert(gnutls_x509_crq_init(&crq) >= 0); + assert(gnutls_x509_crq_import(crq, pem, GNUTLS_X509_FMT_PEM)>=0); + assert(gnutls_x509_crq_verify(crq, 0) >= 0); + gnutls_x509_crq_deinit(crq); +} + +void doit(void) +{ + gnutls_datum_t out; + gnutls_x509_crq_t crq; + + gnutls_global_set_time_function(mytime); + + crq = generate_crq(); + + assert(gnutls_x509_crq_export2(crq, GNUTLS_X509_FMT_PEM, &out) >= 0); + + if (debug) + printf("%s\n", out.data); + + assert(out.size == saved_crq.size); + assert(memcmp(out.data, saved_crq.data, out.size)==0); + + verify_crq(&out); + + gnutls_free(out.data); + gnutls_x509_crq_deinit(crq); +} diff --git a/tests/gnutls_x509_crt_list_import.c b/tests/gnutls_x509_crt_list_import.c new file mode 100644 index 0000000..51fdfcb --- /dev/null +++ b/tests/gnutls_x509_crt_list_import.c @@ -0,0 +1,368 @@ +/* + * Copyright (C) 2017 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This tests key import for gnutls_x509_privkey_t APIs */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "utils.h" + +#define testfail(fmt, ...) \ + fail("%s: "fmt, name, ##__VA_ARGS__) + +#define MAX_CERTS 8 + +static void load_list(const char *name, const gnutls_datum_t *txt, + unsigned int ncerts, + unsigned int max1, + unsigned int max2, + unsigned flags, int exp_err) +{ + gnutls_x509_crt_t certs[MAX_CERTS]; + unsigned int max, i; + unsigned retried = 0; + int ret; + + assert(max1<=MAX_CERTS); + assert(max2<=MAX_CERTS); + + if (max1) + max = max1; + else + max = MAX_CERTS; + + retry: + ret = gnutls_x509_crt_list_import(certs, &max, txt, GNUTLS_X509_FMT_PEM, flags); + if (ret < 0) { + if (retried == 0 && ret == GNUTLS_E_SHORT_MEMORY_BUFFER && max2 && max2 != max) { + max = max2; + retried = 1; + goto retry; + } + if (exp_err == ret) + return; + testfail("gnutls_x509_crt_list_import: %s\n", gnutls_strerror(ret)); + } + + for (i=0;i +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +#include "cert-common.h" + +static unsigned char saved_crt_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICIjCCAYugAwIBAgIDChEAMA0GCSqGSIb3DQEBCwUAMCsxDjAMBgNVBAMTBW5p\n" + "a29zMRkwFwYDVQQKExBub25lIHRvLCBtZW50aW9uMCAXDTA4MDMzMTIyMDAwMFoY\n" + "Dzk5OTkxMjMxMjM1OTU5WjArMQ4wDAYDVQQDEwVuaWtvczEZMBcGA1UEChMQbm9u\n" + "ZSB0bywgbWVudGlvbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu2ZD9fLF\n" + "17aMzMXf9Yg7sclLag6hrSBQQAiAoU9co9D4bM/mPPfsBHYTF4tkiSJbwN1TfDvt\n" + "fAS7gLkovo6bxo6gpRLL9Vceoue7tzNJn+O7Sq5qTWj/yRHiMo3OPYALjXXv2ACB\n" + "jygEA6AijWEEB/q2N30hB0nSCWFpmJCjWKkCAwEAAaNSMFAwDAYDVR0TAQH/BAIw\n" + "ADAOBgNVHQ8BAf8EBAMCB4AwDgYDVR0RBAcwBYIDYXBhMCAGA1UdJQEB/wQWMBQG\n" + "CCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOBgQCiZrNQBktpWsND\n" + "MsH9kdwscx1ybGoeRibdngltnwzIjcl5T+D52fADzKHpuvwq6m5qHUz/f/872E3w\n" + "AKw9YX7n9316fTydee22/WyNGmP5r6E82Inu6wQpgkrOsgfhs/jNDGEhOw/G1lwZ\n" + "dAtaww1V7OEVK1WufVUtQ3rQzxYPcQ==\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t saved_crt = { saved_crt_pem, sizeof(saved_crt_pem)-1 }; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1207000800; + + if (t) + *t = then; + + return then; +} + +void doit(void) +{ + gnutls_x509_privkey_t pkey; + gnutls_x509_crt_t crt; + gnutls_x509_crt_t crt2; + const char *err = NULL; + gnutls_datum_t out; + size_t s = 0; + unsigned int status; + int ret; + + ret = global_init(); + if (ret < 0) + fail("global_init\n"); + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = gnutls_x509_crt_init(&crt); + if (ret != 0) + fail("gnutls_x509_crt_init\n"); + + ret = gnutls_x509_crt_init(&crt2); + if (ret != 0) + fail("gnutls_x509_crt_init\n"); + + ret = gnutls_x509_crt_import(crt2, &server_ecc_cert, GNUTLS_X509_FMT_PEM); + if (ret != 0) + fail("gnutls_x509_crt_import\n"); + + ret = gnutls_x509_privkey_init(&pkey); + if (ret != 0) + fail("gnutls_x509_privkey_init\n"); + + ret = gnutls_x509_privkey_import(pkey, &key_dat, GNUTLS_X509_FMT_PEM); + if (ret != 0) + fail("gnutls_x509_privkey_import\n"); + + /* Setup CRT */ + + ret = gnutls_x509_crt_set_version(crt, 3); + if (ret != 0) + fail("gnutls_x509_crt_set_version\n"); + + ret = gnutls_x509_crt_set_serial(crt, "\x0a\x11\x00", 3); + if (ret != 0) + fail("gnutls_x509_crt_set_serial\n"); + + ret = gnutls_x509_crt_set_expiration_time(crt, -1); + if (ret != 0) + fail("error\n"); + + ret = gnutls_x509_crt_set_activation_time(crt, mytime(0)); + if (ret != 0) + fail("error\n"); + + ret = gnutls_x509_crt_set_key(crt, pkey); + if (ret != 0) + fail("gnutls_x509_crt_set_key\n"); + + ret = gnutls_x509_crt_set_basic_constraints(crt, 0, -1); + if (ret < 0) { + fail("error\n"); + } + + ret = gnutls_x509_crt_set_key_usage(crt, GNUTLS_KEY_DIGITAL_SIGNATURE); + if (ret != 0) + fail("gnutls_x509_crt_set_key_usage %d\n", ret); + + ret = gnutls_x509_crt_set_dn(crt, "o = none to\\, mention,cn = nikos", &err); + if (ret < 0) { + fail("gnutls_x509_crt_set_dn: %s, %s\n", gnutls_strerror(ret), err); + } + + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME, + "foo", 3, 1); + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name\n"); + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_RFC822NAME, + "foo@bar.org", strlen("foo@bar.org"), 1); + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name\n"); + + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_IPADDRESS, + "\xc1\x5c\x96\x3", 4, 1); + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name\n"); + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_IPADDRESS, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16, 1); + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name\n"); + + ret = gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME, + "apa", 3, 0); + if (ret != 0) + fail("gnutls_x509_crt_set_subject_alt_name\n"); + + s = 0; + ret = gnutls_x509_crt_get_key_purpose_oid(crt, 0, NULL, &s, NULL); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + fail("gnutls_x509_crt_get_key_purpose_oid %d\n", ret); + + s = 0; + ret = + gnutls_x509_crt_set_key_purpose_oid(crt, + GNUTLS_KP_TLS_WWW_SERVER, + 0); + if (ret != 0) + fail("gnutls_x509_crt_set_key_purpose_oid %d\n", ret); + + s = 0; + ret = gnutls_x509_crt_get_key_purpose_oid(crt, 0, NULL, &s, NULL); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + fail("gnutls_x509_crt_get_key_purpose_oid %d\n", ret); + + s = 0; + ret = + gnutls_x509_crt_set_key_purpose_oid(crt, + GNUTLS_KP_TLS_WWW_CLIENT, + 1); + if (ret != 0) + fail("gnutls_x509_crt_set_key_purpose_oid2 %d\n", ret); + + /* in the end this will be ignored as the issuer will be set + * by gnutls_x509_crt_sign2() */ + ret = gnutls_x509_crt_set_issuer_dn(crt, "cn = my CA, o = big\\, and one", &err); + if (ret < 0) { + fail("gnutls_x509_crt_set_issuer_dn: %s, %s\n", gnutls_strerror(ret), err); + } + + /* Sign and finalize the certificate */ + ret = gnutls_x509_crt_sign(crt, crt, pkey); + if (ret < 0) + fail("gnutls_x509_crt_sign2: %s\n", gnutls_strerror(ret)); + + + ret = gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_FULL, &out); + if (ret != 0) + fail("gnutls_x509_crt_print\n"); + if (debug) + printf("crt: %.*s\n", out.size, out.data); + gnutls_free(out.data); + + ret = gnutls_x509_crt_get_raw_dn(crt, &out); + if (ret < 0 || out.size == 0) + fail("gnutls_x509_crt_get_raw_dn: %s\n", gnutls_strerror(ret)); + + if (out.size != 45 || + memcmp(out.data, "\x30\x2b\x31\x0e\x30\x0c\x06\x03\x55\x04\x03\x13\x05\x6e\x69\x6b\x6f\x73\x31\x19\x30\x17\x06\x03\x55\x04\x0a\x13\x10\x6e\x6f\x6e\x65\x20\x74\x6f\x2c\x20\x6d\x65\x6e\x74\x69\x6f\x6e", 45) != 0) { + fail("DN comparison failed\n"); + } + gnutls_free(out.data); + + ret = gnutls_x509_crt_equals(crt, crt); + if (ret == 0) { + fail("equality test failed\n"); + } + + ret = gnutls_x509_crt_equals(crt, crt2); + if (ret != 0) { + fail("equality test failed\n"); + } + + ret = gnutls_x509_crt_verify(crt, &crt, 1, 0, &status); + if (ret < 0) { + fail("verification failed\n"); + } + + if (status != 0) { + fail("verification status failed\n"); + } + + assert(gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_PEM, &out) >= 0); + + if (debug) + fprintf(stderr, "%s\n", out.data); + assert(out.size == saved_crt.size); + assert(memcmp(out.data, saved_crt.data, out.size)==0); + + gnutls_free(out.data); + + gnutls_x509_crt_deinit(crt); + gnutls_x509_crt_deinit(crt2); + gnutls_x509_privkey_deinit(pkey); + + gnutls_global_deinit(); +} diff --git a/tests/gnutls_x509_privkey_import.c b/tests/gnutls_x509_privkey_import.c new file mode 100644 index 0000000..ae8cc06 --- /dev/null +++ b/tests/gnutls_x509_privkey_import.c @@ -0,0 +1,221 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This tests key import for gnutls_x509_privkey_t APIs */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "utils.h" + +#define testfail(fmt, ...) \ + fail("%s: "fmt, name, ##__VA_ARGS__) + +const gnutls_datum_t raw_data = { + (void *) "hello there", + 11 +}; + +static int sign_verify_data(gnutls_x509_privkey_t pkey, gnutls_sign_algorithm_t algo) +{ + int ret; + gnutls_privkey_t privkey; + gnutls_pubkey_t pubkey = NULL; + gnutls_datum_t signature; + + /* sign arbitrary data */ + assert(gnutls_privkey_init(&privkey) >= 0); + + ret = gnutls_privkey_import_x509(privkey, pkey, 0); + if (ret < 0) + fail("gnutls_privkey_import_x509\n"); + + ret = gnutls_privkey_sign_data2(privkey, algo, 0, + &raw_data, &signature); + if (ret < 0) { + ret = -1; + goto cleanup; + } + + /* verify data */ + assert(gnutls_pubkey_init(&pubkey) >= 0); + + ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0); + if (ret < 0) + fail("gnutls_pubkey_import_privkey\n"); + + ret = gnutls_pubkey_verify_data2(pubkey, algo, + GNUTLS_VERIFY_ALLOW_BROKEN, &raw_data, &signature); + if (ret < 0) { + ret = -1; + goto cleanup; + } + + ret = 0; + cleanup: + if (pubkey) + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(privkey); + gnutls_free(signature.data); + + return ret; +} + +static void load_privkey(const char *name, const gnutls_datum_t *txtkey, gnutls_pk_algorithm_t pk, + gnutls_sign_algorithm_t sig, int exp_key_err) +{ + gnutls_x509_privkey_t tmp; + int ret; + + ret = gnutls_x509_privkey_init(&tmp); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = gnutls_x509_privkey_import(tmp, txtkey, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + if (exp_key_err) { + testfail("did not fail in key import, although expected\n"); + } + + testfail("gnutls_privkey_import: %s\n", gnutls_strerror(ret)); + } + + if (gnutls_x509_privkey_get_pk_algorithm(tmp) != (int)pk) { + testfail("pk algorithm doesn't match!\n"); + } + + ret = gnutls_x509_privkey_verify_params(tmp); + if (ret < 0) + testfail("gnutls_privkey_verify_params: %s\n", gnutls_strerror(ret)); + + sign_verify_data(tmp, sig); + + gnutls_x509_privkey_deinit(tmp); + + return; +} + +static void load_privkey_in_der(const char *name, const gnutls_datum_t *txtkey, gnutls_pk_algorithm_t pk, + gnutls_sign_algorithm_t sig, int exp_key_err) +{ + gnutls_x509_privkey_t tmp; + gnutls_datum_t der; + int ret; + + ret = gnutls_x509_privkey_init(&tmp); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = gnutls_pem_base64_decode2(NULL, txtkey, &der); + if (ret < 0 || der.size == 0) { + testfail("could not convert key to DER form: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_x509_privkey_import(tmp, &der, GNUTLS_X509_FMT_DER); + gnutls_free(der.data); + + if (ret < 0) { + if (exp_key_err) { + testfail("did not fail in key import, although expected\n"); + } + + testfail("gnutls_privkey_import: %s\n", gnutls_strerror(ret)); + } + + if (gnutls_x509_privkey_get_pk_algorithm(tmp) != (int)pk) { + testfail("pk algorithm doesn't match!\n"); + } + + ret = gnutls_x509_privkey_verify_params(tmp); + if (ret < 0) + testfail("gnutls_privkey_verify_params: %s\n", gnutls_strerror(ret)); + + sign_verify_data(tmp, sig); + + gnutls_x509_privkey_deinit(tmp); + + return; +} + +typedef struct test_st { + const char *name; + gnutls_pk_algorithm_t pk; + gnutls_sign_algorithm_t sig; + const gnutls_datum_t *key; + int exp_key_err; +} test_st; + +static const test_st tests[] = { + {.name = "ecc key", + .pk = GNUTLS_PK_ECDSA, + .sig = GNUTLS_SIGN_ECDSA_SHA256, + .key = &server_ca3_ecc_key, + }, + {.name = "rsa-sign key", + .pk = GNUTLS_PK_RSA, + .sig = GNUTLS_SIGN_RSA_SHA384, + .key = &server_ca3_key, + }, + {.name = "rsa-pss-sign key (PKCS#8)", + .pk = GNUTLS_PK_RSA_PSS, + .sig = GNUTLS_SIGN_RSA_PSS_SHA256, + .key = &server_ca3_rsa_pss2_key, + }, + {.name = "dsa key", + .pk = GNUTLS_PK_DSA, + .sig = GNUTLS_SIGN_DSA_SHA1, + .key = &dsa_key, + }, + {.name = "ed25519 key (PKCS#8)", + .pk = GNUTLS_PK_EDDSA_ED25519, + .sig = GNUTLS_SIGN_EDDSA_ED25519, + .key = &server_ca3_eddsa_key, + } +}; + +void doit(void) +{ + unsigned int i; + + for (i=0;i +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define TESTDATA "xxxtesttest1234" + +/* counts the number of calls of send_testdata() within a handshake */ +enum { + TEST_SEND_RECV, + TEST_RECV_SEND, + TEST_HANDSHAKE_CALL, + TEST_BYE, + TESTNO_MAX +}; + +#define myfail(fmt, ...) \ + fail("%s%s %d: "fmt, dtls?"dtls":"tls", name, testno, ##__VA_ARGS__) + +static void try(const char *name, unsigned testno, unsigned fs, + const char *prio, unsigned dhsize, + unsigned dtls) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_anon_client_credentials_t clientanoncred; + gnutls_anon_server_credentials_t serveranoncred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + char buffer[512]; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + const gnutls_datum_t p3_2048 = + { (void *)pkcs3_2048, strlen(pkcs3_2048) }; + const gnutls_datum_t p3_3072 = + { (void *)pkcs3_3072, strlen(pkcs3_3072) }; + gnutls_dh_params_t dh_params; + unsigned flags = 0; + + if (testno == TEST_HANDSHAKE_CALL && fs == 0) + return; + + if (dtls) + flags |= GNUTLS_DATAGRAM|GNUTLS_NONBLOCK; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(999); + + gnutls_dh_params_init(&dh_params); + + if (dhsize < 3072) { + ret = gnutls_dh_params_import_pkcs3(dh_params, &p3_2048, + GNUTLS_X509_FMT_PEM); + } else { + ret = gnutls_dh_params_import_pkcs3(dh_params, &p3_3072, + GNUTLS_X509_FMT_PEM); + } + + /* Init server */ + gnutls_anon_allocate_server_credentials(&serveranoncred); + gnutls_anon_set_server_dh_params(serveranoncred, dh_params); + + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_ecc_cert, &server_ecc_key, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params(serverx509cred, dh_params); + + gnutls_init(&server, GNUTLS_SERVER|flags); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); + + gnutls_credentials_set(server, GNUTLS_CRD_ANON, serveranoncred); + + gnutls_priority_set_direct(server, prio, NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + gnutls_anon_allocate_client_credentials(&clientanoncred); + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = + gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_ENABLE_FALSE_START|flags); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_ANON, clientanoncred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, prio, NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, client_pull_timeout_func); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if ((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_FALSE_START) + && !fs) { + myfail("false start occurred but not expected\n"); + } + + if (!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_FALSE_START) + && fs) { + myfail("false start expected but not happened\n"); + } + + if (testno == TEST_SEND_RECV) { + side = "client"; + ret = + gnutls_record_send(client, TESTDATA, sizeof(TESTDATA) - 1); + if (ret < 0) { + myfail("error sending false start data: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + side = "server"; + /* verify whether the server received the expected data */ + ret = gnutls_record_recv(server, buffer, sizeof(buffer)); + if (ret < 0) { + myfail("error receiving data: %s\n", + gnutls_strerror(ret)); + } + + if (ret != sizeof(TESTDATA) - 1) { + myfail("error in received data size\n"); + } + + if (memcmp(buffer, TESTDATA, ret) != 0) { + myfail("error in received data\n"); + } + + /* check handshake completion */ + ret = + gnutls_record_send(server, TESTDATA, sizeof(TESTDATA) - 1); + if (ret < 0) { + myfail("error sending false start data: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + side = "client"; + do { + ret = + gnutls_record_recv(client, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) { + myfail("error receiving data: %s\n", + gnutls_strerror(ret)); + } + } else if (testno == TEST_RECV_SEND) { + side = "server"; + ret = + gnutls_record_send(server, TESTDATA, sizeof(TESTDATA) - 1); + if (ret < 0) { + myfail("error sending false start data: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + side = "client"; + /* verify whether the server received the expected data */ + ret = gnutls_record_recv(client, buffer, sizeof(buffer)); + if (ret < 0) { + myfail("error receiving data: %s\n", + gnutls_strerror(ret)); + } + + if (ret != sizeof(TESTDATA) - 1) { + myfail("error in received data size\n"); + } + + if (memcmp(buffer, TESTDATA, ret) != 0) { + myfail("error in received data\n"); + } + } else if (testno == TEST_HANDSHAKE_CALL) { + /* explicit completion by caller */ + ret = gnutls_handshake(client); + if (ret != GNUTLS_E_HANDSHAKE_DURING_FALSE_START) { + myfail + ("error in explicit handshake after false start: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + goto exit; + } + + side = "server"; + ret = gnutls_bye(server, GNUTLS_SHUT_WR); + if (ret < 0) { + myfail("error in server bye: %s\n", + gnutls_strerror(ret)); + } + + side = "client"; + ret = gnutls_bye(client, GNUTLS_SHUT_RDWR); + if (ret < 0) { + myfail("error in client bye: %s\n", + gnutls_strerror(ret)); + } + + success("%5s%s \tok\n", dtls?"dtls-":"tls-", name); + exit: + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_dh_params_deinit(dh_params); + gnutls_anon_free_server_credentials(serveranoncred); + gnutls_anon_free_client_credentials(clientanoncred); + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); +} + +void doit(void) +{ + unsigned i, j; + + global_init(); + + + for (j=0;j<2;j++) { + for (i = 0; i < TESTNO_MAX; i++) { + try("1.2 anon-dh :", i, 0, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+ANON-DH", 3072, j); + reset_buffers(); + try("1.2 anon-ecdh:", i, 0, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+ANON-ECDH", 2048, j); + reset_buffers(); + try("1.2 ecdhe-rsa:", i, 1, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", 2048, j); + reset_buffers(); + try("1.2 ecdhe-x25519-rsa:", i, 1, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", 2048, j); + reset_buffers(); + try("1.2 ecdhe-ecdsa:", i, 1, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA", 2048, j); + reset_buffers(); + try("1.2 dhe-rsa-2048:", i, 0, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", 2048, j); + reset_buffers(); + try("1.2 dhe-rsa-3072:", i, 1, "NORMAL:-VERS-ALL:+VERS-DTLS1.2:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", 3072, j); + reset_buffers(); + } + } + + /* it should work, but false start will not be reported */ + try("1.3 secp256r1:", i, 0, "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1", 2048, 0); + reset_buffers(); + try("1.3 ffdhe2048:", i, 0, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-FFDHE2048", 2048, 0); + reset_buffers(); + + gnutls_global_deinit(); +} diff --git a/tests/handshake-large-cert.c b/tests/handshake-large-cert.c new file mode 100644 index 0000000..66b84ed --- /dev/null +++ b/tests/handshake-large-cert.c @@ -0,0 +1,260 @@ +/* + * Copyright (C) 2016-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#endif +#include +#include +#include + +#include "utils.h" + +/* This test checks whether a large certificate packet can be sent by + * server and received by client. */ +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static void client(int sd, const char *prio) +{ + int ret; + gnutls_session_t session; + char buf[1]; + gnutls_certificate_credentials_t clientx509cred; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "client"; + + assert(gnutls_certificate_allocate_credentials(&clientx509cred)>=0); + + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + do { + ret = gnutls_handshake(session); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("client: Handshake failed\n"); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + do { + ret = gnutls_record_recv(session, buf, 1); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + assert(ret == 0); + + close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEowIBAAKCAQEAwJo7662RNezA254WRsXlbuzkPV5eNX7pX5Pj66T8/RKfz7rL\n" + "GpKs4fNxhhIMSUDjy2KbEQXPUH9MWROgU8V//CfcnagLYCHtniqRE+eXv0fCLwWU\n" + "SrA8n0qCBj94/NMA4kSmHf6dE5YdjDSpukyza5IshAuxZ32MDevE3JqMjvnZ5vY7\n" + "drJSfal0V5gof3/7J41ZVxl+WJph50e2pY1E27/hY8q5yQ3DXnE5kTQjX664ozQ8\n" + "UPtqGfkr4YjYe4e6PUWAjU27mQng0O0K+/w8gg6xBxN/AH3U7dg5/cY5IKDsN+Iq\n" + "4UrcCgXWjhosv9IlIXqzK7IBMMphPmRMCLMH2QIDAQABAoIBAGpOdxZdZdH6zHQr\n" + "rKYBouJ39H5+8MbcNtmfWmT9WvogZn8U3ffbz3qjkRxsJ8XjABiJY4egyk3nBXAB\n" + "KjQyxbKbGeUXFLhJ4cq0OgFfid11MRQdIz2aSsutJ1llfVUm7cz2ES5rE6305Hg3\n" + "tRr0LPAJ7XIwtgmmPUCNysnsr/pVrmPLfAnl/CfbLF2v/SfpbSpkgUTrZCNUMC44\n" + "929K4c7cFEM4SP6pUad6MipPzY/SmxZ9yhX3MsROcLp+XLCOOJhhkqoB6LWiess2\n" + "d7odweFRZ0Q0gBD/9EMMy3J5iUwfasf8b5n7z8AgPg9CeB+p/As2/RhRPXnwlS0A\n" + "2KrxWQECgYEA0wM+5fJeL91s19vozCqi3mKVXTv68aL9iQJQNJc4UQm+yu7JvMn9\n" + "koPri74QUpYkmyttaJsGNc90Oj54rSsR/cmEFJKgHOEAYSLeVetyO2XNoQvKdyB9\n" + "UVof6joMLxQ368YCahfz4ogHTQqpzN0BD2TTnKXwCXQDikN/EBb4fHkCgYEA6aov\n" + "8XVIVlxUY4VB/9PQ03OwxTLi+zTJMFJvNJozkat6MLJjAv2zxMt2kmlb0xx3wftD\n" + "VJKHIQCeZmU8qWEZS0G58OPg+TPvQPqdnZmRz3bGfW6F++IDAqV4DEhQ+zXQL8Js\n" + "j9+ocre+s0zXq1HkHgemBGOHy5/jN9cXnH3XTmECgYATRFiZ5mdzN2SY0RuQiNQW\n" + "OiopOTDQn3FG8U8hfi1GOP2Syfrhog/lMOZw/AnBgLQW9wAmbQFEKI0URGAAb85U\n" + "vfGxbzHvcRv3wpdKgRUNF16PNeRmvDC1HOWNHX+/TLlObeYKieVa6dDA2Bho/ET8\n" + "gthPlVc1hcJM/Zy8e1x1AQKBgQCuLDiugGDaVtpkkIlAu8/WPk9Ovv6oh5FMHrZb\n" + "/HFiLPLY56+cJCZjE9Kfkj9rHrY59yQaH1rwg7iO1PmhvAoRqb2DTSl+OHMn+WeR\n" + "eU5R2dRc3QysU60wxMy2QxVyG4vCfedUW0ABuutAVZARWOp0Y/khHluzscu57O/h\n" + "q3/ZIQKBgEXHmOjftWrkWV+/zfZT64k2Z1g7s3dpXW/SFK9jPrt6oqI1GNkYz6Ds\n" + "O1dUiPsNXDCLytUtvYrvrT3rJaPjJDRU2HrN/cYdxXgf6HSEr3Cdcpqyp/5rOOxD\n" + "ALEix6R4MZlsQV8FfgWjvTAET7NtY303JrCdFPqIigwl/PFGPLiB\n" + "-----END RSA PRIVATE KEY-----\n"; + +static void server(int sd, const char *prio) +{ + gnutls_certificate_credentials_t serverx509cred; + const gnutls_datum_t key = { server_key_pem, + sizeof(server_key_pem)-1 + }; + int ret; + gnutls_session_t session; + gnutls_datum_t cert; + const char *src = getenv("srcdir"); + char cert_path[256]; + + if (src == NULL) + src = "."; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "server"; + + snprintf(cert_path, sizeof(cert_path), "%s/data/large-cert.pem", src); + + assert(gnutls_load_file(cert_path, &cert)>=0); + + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &cert, &key, + GNUTLS_X509_FMT_PEM)>=0); + + gnutls_free(cert.data); + + assert(gnutls_init(&session, GNUTLS_SERVER)>=0); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + do { + ret = gnutls_handshake(session); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(serverx509cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void start(const char *name, const char *prio) +{ + pid_t child; + int sockets[2]; + int err; + + success("testing %s\n", name); + + signal(SIGPIPE, SIG_IGN); + signal(SIGCHLD, SIG_IGN); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status = 0; + /* parent */ + close(sockets[0]); + client(sockets[1], prio); + wait(&status); + check_wait_status(status); + } else { + close(sockets[1]); + server(sockets[0], prio); + exit(0); + } +} + +void doit(void) +{ + start("tls1.2", "NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("tls1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("default", "NORMAL"); +} + +#endif /* _WIN32 */ diff --git a/tests/handshake-large-packet.c b/tests/handshake-large-packet.c new file mode 100644 index 0000000..8db73d4 --- /dev/null +++ b/tests/handshake-large-packet.c @@ -0,0 +1,297 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#endif +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* This test checks whether a large handshake packet is accepted by client + * and by server. (large is around 64kb) + */ +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define TLSEXT_TYPE1 0xFA +#define TLSEXT_TYPE2 0xFB +#define TLSEXT_TYPE3 0xFC +#define TLSEXT_TYPE4 0xFD +#define TLSEXT_TYPE5 0xFE + +static int TLSEXT_TYPE_server_sent = 0; +static int TLSEXT_TYPE_client_received = 0; + +#define MAX_SIZE (12*1024) + +static int ext_recv_client_params(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + if (buflen != MAX_SIZE) + fail("ext_recv_client_params: Invalid input buffer length\n"); + + TLSEXT_TYPE_client_received++; + + return 0; //Success +} + +static int ext_send_client_params(gnutls_session_t session, gnutls_buffer_t extdata) +{ + unsigned char *data = gnutls_calloc(1, MAX_SIZE); + if (data == NULL) + return -1; + + gnutls_buffer_append_data(extdata, data, MAX_SIZE); + gnutls_free(data); + return MAX_SIZE; +} + +static int ext_recv_server_params(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + return 0; //Success +} + +static int ext_send_server_params(gnutls_session_t session, gnutls_buffer_t extdata) +{ + unsigned char *data = gnutls_calloc(1, MAX_SIZE); + if (data == NULL) + return -1; + + TLSEXT_TYPE_server_sent++; + gnutls_buffer_append_data(extdata, data, MAX_SIZE); + gnutls_free(data); + return MAX_SIZE; +} + +static void client(int sd, const char *prio) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t clientx509cred; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "client"; + + gnutls_certificate_allocate_credentials(&clientx509cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + gnutls_session_ext_register(session, "ext_client1", TLSEXT_TYPE1, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_client2", TLSEXT_TYPE2, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_client3", TLSEXT_TYPE3, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_client4", TLSEXT_TYPE4, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_client5", TLSEXT_TYPE5, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, 0); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (TLSEXT_TYPE_client_received != 5) + fail("client: extensions were not properly sent/received\n"); + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + +end: + close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +static void server(int sd, const char *prio) +{ + gnutls_certificate_credentials_t serverx509cred; + int ret; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "server"; + + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_session_ext_register(session, "ext_server1", TLSEXT_TYPE1, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_server2", TLSEXT_TYPE2, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_server3", TLSEXT_TYPE3, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_server4", TLSEXT_TYPE4, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, 0); + gnutls_session_ext_register(session, "ext_server5", TLSEXT_TYPE5, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, 0); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + do { + ret = gnutls_handshake(session); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + if (TLSEXT_TYPE_server_sent != 5) + fail("server: extensions were not properly sent\n"); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(serverx509cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void start(const char *prio) +{ + pid_t child; + int sockets[2]; + int err; + + signal(SIGPIPE, SIG_IGN); + TLSEXT_TYPE_server_sent = 0; + TLSEXT_TYPE_client_received = 0; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + close(sockets[0]); + client(sockets[1], prio); + wait(&status); + check_wait_status(status); + } else { + close(sockets[1]); + server(sockets[0], prio); + exit(0); + } +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.1"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} + +#endif /* _WIN32 */ diff --git a/tests/handshake-timeout.c b/tests/handshake-timeout.c new file mode 100644 index 0000000..47c1ef3 --- /dev/null +++ b/tests/handshake-timeout.c @@ -0,0 +1,234 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* This program tests whether the handshake timeout value is enforced. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static void client(int fd, int tmo_ms) +{ + int ret; + gnutls_anon_client_credentials_t anoncred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_handshake_set_timeout(session, tmo_ms); + + /* Use default priorities */ + gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:-VERS-ALL:+VERS-TLS1.2", NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + gnutls_deinit(session); + gnutls_anon_free_client_credentials(anoncred); + gnutls_global_deinit(); + + if (ret < 0) { + if (ret != GNUTLS_E_TIMEDOUT || tmo_ms == 0) { + if (debug) + fail("client: unexpected error: %s\n", + gnutls_strerror(ret)); + exit(1); + } + if (debug) + success("client: expected timeout occurred\n"); + } else { + if (tmo_ms != 0) { + fail("client: handshake was completed unexpectedly\n"); + gnutls_perror(ret); + exit(1); + } + } + + shutdown(fd, SHUT_RDWR); + return; +} + +static void server(int fd, int tmo_ms) +{ + int ret; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:+ANON-ECDH:-VERS-ALL:+VERS-TLS1.2", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + if (tmo_ms) { + char buf[32]; + + // read until client closes connection + while (read(fd, buf, sizeof(buf)) > 0) + ; + } else { + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret == 0) + gnutls_bye(session, GNUTLS_SHUT_RDWR); + } + + gnutls_deinit(session); + gnutls_anon_free_server_credentials(anoncred); + gnutls_global_deinit(); +} + +static void start(int tmo_ms) +{ + int fd[2]; + int ret; + pid_t child; + + if (debug && tmo_ms) + fprintf(stderr, "\nWill test timeout %dms\n", tmo_ms); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status = 0; + /* parent */ + close(fd[1]); + server(fd[0], tmo_ms); + close(fd[0]); + + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], tmo_ms); + close(fd[1]); + exit(0); + } +} + +static void ch_handler(int sig) +{ + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + /* make sure that normal handshake occurs */ + start(0); + + /* check the handshake with a 100ms timeout */ + start(100); + + /* check the handshake with a 1000ms timeout */ + start(1000); +} + +#endif /* _WIN32 */ diff --git a/tests/handshake-versions.c b/tests/handshake-versions.c new file mode 100644 index 0000000..831c029 --- /dev/null +++ b/tests/handshake-versions.c @@ -0,0 +1,142 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This tests whether the server reacts as expected on various client + * hello TLS versions */ + +void _gnutls_hello_set_default_version(gnutls_session_t session, + unsigned char major, + unsigned char minor); + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static void try(unsigned char major, unsigned char minor, int ret1, int ret2) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_priority_set_direct(server, + "NORMAL:+VERS-TLS-ALL", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, "NORMAL", NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + _gnutls_hello_set_default_version(client, major, minor); + + HANDSHAKE_EXPECT(client, server, ret1, ret2); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); +} + +void doit(void) +{ + global_init(); + + try(1,1, GNUTLS_E_AGAIN, GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + reset_buffers(); + try(2,1, GNUTLS_E_AGAIN, GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + reset_buffers(); + /* check SSL 3.0 which is disabled by default */ + try(3,0, GNUTLS_E_AGAIN, GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + reset_buffers(); + try(3,2, 0, 0); + reset_buffers(); + try(3,23, 0, 0); + reset_buffers(); + try(4,0, 0, 0); + reset_buffers(); + gnutls_global_deinit(); +} diff --git a/tests/handshake-write.c b/tests/handshake-write.c new file mode 100644 index 0000000..33463e7 --- /dev/null +++ b/tests/handshake-write.c @@ -0,0 +1,164 @@ +/* + * Copyright (C) 2020 Red Hat, Inc. + * + * Author: Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "cert-common.h" + +#include "utils.h" +#define RANDOMIZE +#include "eagain-common.h" + +/* This tests gnutls_record_set_write_function() and + * gnutls_record_push_data() by short-circuiting the handshake. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..." + +static ssize_t +error_push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + fail("push_func called unexpectedly"); + return -1; +} + +static ssize_t +error_pull(gnutls_transport_ptr_t tr, void *data, size_t len) +{ + fail("pull_func called unexpectedly"); + return -1; +} + +static int +handshake_read_func(gnutls_session_t session, + gnutls_record_encryption_level_t level, + gnutls_handshake_description_t htype, + const void *data, size_t data_size) +{ + gnutls_session_t peer = gnutls_session_get_ptr(session); + + if (htype == GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC) + return 0; + + return gnutls_handshake_write(peer, level, data, data_size); +} + +static void run(const char *name, const char *prio) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t scred; + gnutls_session_t server; + /* Client stuff. */ + gnutls_certificate_credentials_t ccred; + gnutls_session_t client; + int sret, cret; + char buffer[MAX_BUF + 1]; + int transferred = 0; + + success("%s\n", name); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(9); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&scred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(scred, + &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); + assert(gnutls_priority_set_direct(server, prio, NULL) >= 0); + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); + gnutls_transport_set_push_function(server, error_push); + gnutls_transport_set_pull_function(server, error_pull); + + /* Init client */ + assert(gnutls_certificate_allocate_credentials(&ccred) >= 0); + assert(gnutls_certificate_set_x509_trust_mem + (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&client, GNUTLS_CLIENT); + assert(gnutls_priority_set_direct(client, prio, NULL) >= 0); + + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred) >= 0); + + gnutls_transport_set_push_function(client, error_push); + gnutls_transport_set_pull_function(client, error_pull); + + gnutls_session_set_ptr(server, client); + gnutls_session_set_ptr(client, server); + + gnutls_handshake_set_read_function(server, handshake_read_func); + gnutls_handshake_set_read_function(client, handshake_read_func); + + HANDSHAKE(client, server); + if (debug) + success("Handshake established\n"); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); + TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(scred); + gnutls_certificate_free_credentials(ccred); + + gnutls_global_deinit(); + reset_buffers(); +} + +void doit(void) +{ + run("TLS 1.3", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); +} diff --git a/tests/hex.c b/tests/hex.c new file mode 100644 index 0000000..4e8cf01 --- /dev/null +++ b/tests/hex.c @@ -0,0 +1,225 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include +#include + +#include "utils.h" + +static void encode(const char *test_name, const gnutls_datum_t *raw, const char *expected) +{ + int ret; + gnutls_datum_t out, in; + + ret = gnutls_hex_encode2(raw, &out); + if (ret < 0) { + fail("%s: gnutls_hex_encode2: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (strlen(expected)!=out.size) { + fail("%s: gnutls_hex_encode2: output has incorrect size (%d, expected %d)\n", test_name, (int)out.size, (int)strlen(expected)); + exit(1); + } + + if (strncasecmp(expected, (char*)out.data, out.size) != 0) { + fail("%s: gnutls_hex_encode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + in.data = (void*)expected; + in.size = strlen(expected); + ret = gnutls_hex_decode2(&in, &out); + if (ret < 0) { + fail("%s: gnutls_hex_decode2: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (raw->size!=out.size) { + fail("%s: gnutls_hex_decode2: output has incorrect size (%d, expected %d)\n", test_name, out.size, raw->size); + exit(1); + } + + if (memcmp(raw->data, out.data, out.size) != 0) { + fail("%s: gnutls_hex_decode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + return; +} + +static void decode(const char *test_name, const gnutls_datum_t *raw, const char *hex, int res) +{ + int ret; + gnutls_datum_t out, in; + + in.data = (void*)hex; + in.size = strlen(hex); + ret = gnutls_hex_decode2(&in, &out); + if (ret < 0) { + if (res == ret) /* expected */ + return; + fail("%s: gnutls_hex_decode2: %d/%s\n", test_name, ret, gnutls_strerror(ret)); + exit(1); + } + + if (res != 0) { + fail("%s: gnutls_hex_decode2: expected failure, but succeeded!\n", test_name); + exit(1); + } + + if (raw->size!=out.size) { + fail("%s: gnutls_hex_decode2: output has incorrect size (%d, expected %d)\n", test_name, out.size, raw->size); + exit(1); + } + + if (memcmp(raw->data, out.data, out.size) != 0) { + fail("%s: gnutls_hex_decode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + return; +} + +static void decode2(const char *test_name, const gnutls_datum_t *raw, const char *hex, int res) +{ + int ret; + unsigned char output[128]; + size_t outlen; + + outlen = sizeof(output); + ret = gnutls_hex2bin(hex, strlen(hex), output, &outlen); + if (ret < 0) { + if (res == ret) /* expected */ + return; + fail("%s: gnutls_hex2bin: %d/%s\n", test_name, ret, gnutls_strerror(ret)); + exit(1); + } + + if (res != 0) { + fail("%s: gnutls_hex2bin: expected failure, but succeeded!\n", test_name); + exit(1); + } + + if (raw->size!=outlen) { + fail("%s: gnutls_hex2bin: output has incorrect size (%d, expected %d)\n", test_name, (int)outlen, raw->size); + exit(1); + } + + if (memcmp(raw->data, output, outlen) != 0) { + fail("%s: gnutls_hex2bin: output does not match the expected\n", test_name); + exit(1); + } + + return; +} + +struct encode_tests_st { + const char *name; + gnutls_datum_t raw; + const char *hex; +}; + +struct encode_tests_st encode_tests[] = { + { + .name = "rnd1", + .hex = "f69a468a84697a2883da52cd602f3978", + .raw = {(void*)"\xf6\x9a\x46\x8a\x84\x69\x7a\x28\x83\xda\x52\xcd\x60\x2f\x39\x78", 16} + }, + { + .name = "rnd2", + .hex = "2c9ffb8546774ed3c8cf6765739f98bc42def9", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19} + } +}; + +struct decode_tests_st { + const char *name; + gnutls_datum_t raw; + const char *hex; + int res; + int hex2bin_res; +}; + +struct decode_tests_st decode_tests[] = { + { + .name = "dec-rnd1", + .hex = "f69a468a84697a2883da52cd602f3978", + .raw = {(void*)"\xf6\x9a\x46\x8a\x84\x69\x7a\x28\x83\xda\x52\xcd\x60\x2f\x39\x78", 16}, + .res = 0, + .hex2bin_res = 0 + }, + { + .name = "dec-rnd2", + .hex = "2c9ffb8546774ed3c8cf6765739f98bc42def9", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = 0, + .hex2bin_res = 0 + }, + { + .name = "dec-colon", + .hex = "2c:9f:fb:85:46:77:4e:d3:c8:cf:67:65:73:9f:98:bc:42:de:f9", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = GNUTLS_E_PARSING_ERROR, + .hex2bin_res = 0 + }, + { + .name = "dec-odd-len", + .hex = "2c9ffb8546774ed3c8cf6765739f98bc42def9a", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = GNUTLS_E_PARSING_ERROR, + .hex2bin_res = GNUTLS_E_PARSING_ERROR + } +}; + +void doit(void) +{ + unsigned i; + + for (i=0;i + */ + +#ifndef GNUTLS_TESTS_HEX_H +#define GNUTLS_TESTS_HEX_H + +#include +#include +#include + +inline static gnutls_datum_t SHEX(const char *hex) +{ + gnutls_datum_t input, output; + int ret; + + input.data = (void*)hex; + input.size = strlen(hex); + + ret = gnutls_hex_decode2(&input, &output); + assert_int_equal(ret, 0); + return output; +} + +inline static gnutls_datum_t SDATA(const char *txt) +{ + gnutls_datum_t output; + output.data = (void*)gnutls_strdup(txt); + output.size = strlen(txt); + return output; +} + +#endif /* GNUTLS_TESTS_HEX_H */ diff --git a/tests/hostname-check-utf8.c b/tests/hostname-check-utf8.c new file mode 100644 index 0000000..1ea2aa1 --- /dev/null +++ b/tests/hostname-check-utf8.c @@ -0,0 +1,232 @@ +/* + * Copyright (C) 2016-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#if defined(HAVE_LIBIDN2) +/* to obtain version */ +#include +#endif + +#include "utils.h" + +/* + A self-test of the RFC 2818 hostname matching algorithm for UTF-8 + certificates. +*/ + +char pem_inv_utf8_dns[] = "\n" + " Subject Alternative Name (not critical):\n" + " DNSname: γγγ.τόστ.gr\n" + " DNSname: τέστ.gr\n" + " DNSname: *.teχ.gr\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDWzCCAkOgAwIBAgIMU/SjEDp2nsS3kX9vMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIhgPMjAxNDA4MjAxMzMwNTZaGA85OTk5MTIzMTIzNTk1OVow\n" + "EzERMA8GA1UEAxMIc2VydmVyLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQDggz41h9PcOjL7UOqx0FfZNtqoRhYQn6bVQqCehwERMDlR4QOqK3LRqE2B\n" + "cYyVlcdS63tnNFjYCLCz3/CV4rcJBNI3hfFZHUza70iFQ72xMvcgFPyl7UmXqIne\n" + "8swJ9jLMKou350ztPhshhXORqKxaDHBMcgD/Ade3Yxo2N1smsyINK+riged7A4QD\n" + "O9IgR9eERQbFrHGz+WgUUgoLFLF4DN1ANpWuZcOV1f9bRB8ADPyKo1yZY1sJj1gE\n" + "JRRsiOZLSLZ9D/1MLM7BXPuxWmWlJAGfNvrcXX/7FHe6QxC5gi1C6ZUEIZCne+Is\n" + "HpDNoz/A9vDn6iXZJBFXKyijNpVfAgMBAAGjga4wgaswDAYDVR0TAQH/BAIwADA1\n" + "BgNVHREELjAsghLOs86zzrMuz4TPjM+Dz4QuZ3KCC8+Ezq3Pg8+ELmdyggkqLnRl\n" + "z4cuZ3IwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV\n" + "HQ4EFgQUvjD8gT+By/Xj/n+SGCVvL/KVElMwHwYDVR0jBBgwFoAUhU7w94kERpAh\n" + "6DEIh3nEVJnwSaUwDQYJKoZIhvcNAQELBQADggEBAIKuSREAd6ZdcS+slbx+hvew\n" + "IRBz5QGlCCjR4Oj5arIwFGnh0GdvAgzPa3qn6ReG1gvpe8k3X6Z2Yevw+DubLZNG\n" + "9CsfLfDIg2wUm05cuQdQG+gTSBVqw56jWf/JFXXwzhnbjX3c2QtepFsvkOnlWGFE\n" + "uVX6AiPfiNChVxnb4e1xpxOt6W/su19ar5J7rdDrdyVVm/ioSKvXhbBXI4f8NF2x\n" + "wTEzbtl99HyjbLIRRCWpUU277khHLr8SSFqdSr100zIkdiB72LfPXAHVld1onV2z\n" + "PPFYVMsnY+fuxIsTVErX3bLj6v67Bs3BNzagFUlyJl5rBGwn73UafNWz3BYDyxY=\n" + "-----END CERTIFICATE-----\n"; + +char pem_utf8_dns[] = + "Subject Alternative Name (not critical):\n" + " DNSname: xn--oxaaa.xn--4xabb4a.gr (γγγ.τόστ.gr)\n" + " DNSname: xn--ixa8bbc.gr (τέστ.gr)\n" + " DNSname: *.xn--te-8bc.gr (*.teχ.gr)\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIEFTCCAn2gAwIBAgIMWElZgiWN43F5pluiMA0GCSqGSIb3DQEBCwUAMA0xCzAJ\n" + "BgNVBAYTAkdSMB4XDTA0MDIyOTE1MjE0MloXDTI0MDIyOTE1MjE0MVowDTELMAkG\n" + "A1UEBhMCR1IwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC23cZ4hvts\n" + "D/zjXmX70ewCWpFaOXXhSiB1U4ogVsIYPh0o3eJ3w2vr8k7f8CHZXT9T64g9UYoH\n" + "PM+vPkcT6RnwHNfe6SpSqTtPCNC9UQyp4wVq+HxnQsxOrmf2bClYn6CGaXQvDNiG\n" + "KQCDGoxLZx+d12dYUxL4l07J3rogk7Wqe9znkpC+9UqyDJIAZgF9e4H190sRY0FM\n" + "zrOkDDDmt/vBlu0SPhP0sktUJDjvOtHY/V2IDp0y9tImxnFhdl5k4kAEiPiph72C\n" + "QjSRf/Kb5siUcgRxmTvN9GgWNPg3EtmyynMjIlnzicO1p6Wju80hAuVhYKOI3aq6\n" + "FAUHY0DQkkna7dcmKwJdUo9jzMWBV+B+eOT69rDKcAvQJz5PfrrnE9SJ4/eteam7\n" + "l4BcIZIKSuaZz48ymh6exEpSY+P3SD05oZbeQVfgi4e7Ui81S63XRlPqLPCYp0+N\n" + "q2nSeVedR59AtQhyGhQLgQneV0R17aym+1nJ8AjsZXL7sfYef/OOxeMCAwEAAaN1\n" + "MHMwDAYDVR0TAQH/BAIwADBEBgNVHREEPTA7ghh4bi0tb3hhYWEueG4tLTR4YWJi\n" + "NGEuZ3KCDnhuLS1peGE4YmJjLmdygg8qLnhuLS10ZS04YmMuZ3IwHQYDVR0OBBYE\n" + "FPmohhljtqQUE2B2DwGaNTbv8bSvMA0GCSqGSIb3DQEBCwUAA4IBgQAOAECgc096\n" + "3WH7G83bRmVDooGATNP0v3cmYebVu3RL77/vlCO3UOS9lVxEwlF/6V1u3OqEqwUy\n" + "EzGInEAmqR/VIoubIVrFqzaMMjfCHdKPuyWeCb3ylp0o2lxRKbC9m/Bu8Iv5rZdN\n" + "fTZVyJbp1Ddw4GhM0UZ/IK3h8J8UtarSijhha0UX9EwQo4wi1NRpc2nxRGy7xUHG\n" + "GqUCFBe6cgKBEBRWh3Gha5UgwqkapA9eGGmb7CRzOHZA0raIcxwb2w2Htf7ziE1G\n" + "UBdo0ZtpVYq/EDggP4XIvqHb8bJVFuOiu2xf71JoPgjg4+1CEj+vgkI4j/RGDjZ/\n" + "bQ66XHY2EbCjhSLoCGpY924frilrFL3cMofdMguxtsONwUotYmCF6VI/EtELvIdf\n" + "NbdaPqI2524oBDlD98DTJa5mGoaFUyJGotcK3e9fniIxbVW8/Ykwhqbj+9wKjYEP\n" + "ywY/9UOj+wjwULkIxK9g91yGLRDAO/6xzCF5ly5i4oXBqKLAKZ7vBTU=\n" + "-----END CERTIFICATE-----\n"; + +void doit(void) +{ + gnutls_x509_crt_t x509; + gnutls_datum_t data; + int ret; + +#if !defined(HAVE_LIBIDN2) + exit(77); +#endif + + ret = global_init(); + if (ret < 0) + fail("global_init: %d\n", ret); + + ret = gnutls_x509_crt_init(&x509); + if (ret < 0) + fail("gnutls_x509_crt_init: %d\n", ret); + + if (debug) + success("Testing pem_invalid_utf8_dns...\n"); + data.data = (unsigned char *) pem_inv_utf8_dns; + data.size = strlen(pem_inv_utf8_dns); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "τεστ.gr"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "Ï„oστ.gr"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "γαβ.τόστ.gr"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.in.teχ.gr"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.teχ.gr"); + if (ret) + fail("%d: Invalid hostname incorrectly matches (%d)\n", __LINE__, ret); + +#if IDN2_VERSION_NUMBER >= 0x00160000 + ret = gnutls_x509_crt_check_hostname(x509, "γΓγ.τόΣτ.gr"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "ΤΈΣΤ.gr"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); +#endif + ret = gnutls_x509_crt_check_hostname(x509, "γγγ.τόστ.gr"); + if (ret) + fail("%d: Invalid hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "γΓγ.τόΣτ.gr"); + if (ret) + fail("%d: Invalid hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "τέστ.gr"); + if (ret) + fail("%d: Invalid hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "ΤΈΣΤ.gr"); + if (ret) + fail("%d: Invalid hostname incorrectly matches (%d)\n", __LINE__, ret); + + + if (debug) + success("Testing pem_utf8_dns...\n"); + data.data = (unsigned char *) pem_utf8_dns; + data.size = strlen(pem_utf8_dns); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "τεστ.gr"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "Ï„oστ.gr"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "γαβ.τόστ.gr"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.in.teχ.gr"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.teχ.gr"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "γγγ.τόστ.gr"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "τέστ.gr"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + +#if IDN2_VERSION_NUMBER >= 0x00160000 + ret = gnutls_x509_crt_check_hostname(x509, "γΓγ.τόΣτ.gr"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "ΤΈΣΤ.gr"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); +#endif + + gnutls_x509_crt_deinit(x509); + + gnutls_global_deinit(); +} diff --git a/tests/hostname-check.c b/tests/hostname-check.c new file mode 100644 index 0000000..18cb227 --- /dev/null +++ b/tests/hostname-check.c @@ -0,0 +1,1220 @@ +/* + * Copyright (C) 2007-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#ifdef ENABLE_OPENPGP +#include +#endif + +#include "utils.h" + +/* + A self-test of the RFC 2818 hostname matching algorithm. Used to + detect regressions of the bug reported in: + http://lists.gnupg.org/pipermail/gnutls-dev/2007-February/001385.html +*/ + +/* CN="*.com" + * dns_name = *.org + * dns_name = .example.net + * dns_name = .example.edu.gr +*/ +char wildcards[] = "-----BEGIN CERTIFICATE-----" +"MIICwDCCAimgAwIBAgICPd8wDQYJKoZIhvcNAQELBQAwVTEOMAwGA1UEAwwFKi5j" +"b20xETAPBgNVBAsTCENBIGRlcHQuMRIwEAYDVQQKEwlLb2tvIGluYy4xDzANBgNV" +"BAgTBkF0dGlraTELMAkGA1UEBhMCR1IwIhgPMjAxNDAzMTkxMzI4MDhaGA85OTk5" +"MTIzMTIzNTk1OVowVTEOMAwGA1UEAwwFKi5jb20xETAPBgNVBAsTCENBIGRlcHQu" +"MRIwEAYDVQQKEwlLb2tvIGluYy4xDzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMC" +"R1IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKXGznVDhL9kngInE/EDWfd5" +"LZLtfC9QpAPxLXm5hosFfjq7RKqvhM8TmB4cSjj3My16n3LUa20msDE3cBD7QunY" +"nRhlfhlJ/AWWBGiDHneGv+315RI7E/4zGJwaeh1pr0cCYHofuejP28g0MFGWPYyW" +"XAC8Yd4ID7E2IX+pAOMFAgMBAAGjgZowgZcwDAYDVR0TAQH/BAIwADBCBgNVHREE" +"OzA5gg93d3cuZXhhbXBsZS5jb22CBSoub3Jngg0qLmV4YW1wbGUubmV0ghAqLmV4" +"YW1wbGUuZWR1LmdyMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH" +"oAAwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMA0GCSqGSIb3DQEBCwUA" +"A4GBAGcDnJIJFqjaDMk806xkfz7/FtbHYkj18ma3l7wgp27jeO/QDYunns5pqbqV" +"sxaKuPKLdWQdfIG7l4+TUnm/Hue6h2PFgbAyZtZbHlAtpEmLoSCmYlFqbRNqux0z" +"F5H1ocGzmbu1WQYXMlY1FYBvRDrAk7Wxt09WLdajH00S/fPT" +"-----END CERTIFICATE-----"; + +/* Certificate with no SAN nor CN. */ +char pem1[] = + "X.509 Certificate Information:\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Issuer: O=GnuTLS hostname check test CA\n" + " Validity:\n" + " Not Before: Fri Feb 16 12:59:09 UTC 2007\n" + " Not After: Fri Mar 30 12:59:13 UTC 2007\n" + " Subject: O=GnuTLS hostname check test CA\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n" + " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n" + " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n" + " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n" + " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n" + " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n" + " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n" + " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Key Identifier (not critical):\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + " Signature Algorithm: RSA-SHA\n" + " Signature:\n" + " 7b:e8:11:6c:15:3f:f9:01:a0:f1:28:0c:62:50:58:f8\n" + " 92:44:fb:bf:ab:20:8a:3b:81:ca:e5:68:60:71:df:2b\n" + " e8:50:58:82:32:ef:fb:6e:4a:72:2c:c9:37:4f:88:1d\n" + " d7:1b:68:5b:db:83:1b:1a:f3:b4:8e:e0:88:03:e2:43\n" + " 91:be:d8:b1:ca:f2:62:ec:a1:fd:1a:c8:41:8c:fe:53\n" + " 1b:be:03:c9:a1:3d:f4:ae:57:fc:44:a6:34:bb:2c:2e\n" + " a7:56:14:1f:89:e9:3a:ec:1f:a3:da:d7:a1:94:3b:72\n" + " 1d:12:71:b9:65:a1:85:a2:4c:3a:d1:2c:e9:e9:ea:1c\n" + "Other Information:\n" + " MD5 fingerprint:\n" + " fd845ded8c28ba5e78d6c1844ceafd24\n" + " SHA-1 fingerprint:\n" + " 0bae431dda3cae76012b82276e4cd92ad7961798\n" + " Public Key ID:\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIB8TCCAVygAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n" + "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDcwMjE2MTI1OTA5WhcNMDcwMzMw\n" + "MTI1OTEzWjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n" + "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGAvuyYeh1vfmslnuggeEKgZAVmQ5lt\n" + "SdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T7EPH/N6RvB4BprdssgcQLsthR3XK\n" + "A84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRikfYSW2JazLrtCC4yRCas/SPOUxu7\n" + "8of+3HiTfFm/oXUCAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\n" + "6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBAHvoEWwVP/kBoPEo\n" + "DGJQWPiSRPu/qyCKO4HK5Whgcd8r6FBYgjLv+25KcizJN0+IHdcbaFvbgxsa87SO\n" + "4IgD4kORvtixyvJi7KH9GshBjP5TG74DyaE99K5X/ESmNLssLqdWFB+J6TrsH6Pa\n" + "16GUO3IdEnG5ZaGFokw60Szp6eoc\n" "-----END CERTIFICATE-----\n"; + +/* Certificate with CN but no SAN. */ +char pem2[] = + "X.509 Certificate Information:\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Issuer: CN=www.example.org\n" + " Validity:\n" + " Not Before: Fri Feb 16 13:30:30 UTC 2007\n" + " Not After: Fri Mar 30 13:30:32 UTC 2007\n" + " Subject: CN=www.example.org\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n" + " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n" + " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n" + " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n" + " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n" + " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n" + " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n" + " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Key Identifier (not critical):\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + " Signature Algorithm: RSA-SHA\n" + " Signature:\n" + " b0:4e:ac:fb:89:12:36:27:f3:72:b8:1a:57:dc:bf:f3\n" + " a9:27:de:15:75:94:4f:65:cc:3a:59:12:4b:91:0e:28\n" + " b9:8d:d3:6e:ac:5d:a8:3e:b9:35:81:0c:8f:c7:95:72\n" + " d9:51:61:06:00:c6:aa:68:54:c8:52:3f:b6:1f:21:92\n" + " c8:fd:15:50:15:ac:d4:18:29:a1:ff:c9:25:5a:ce:5e\n" + " 11:7f:82:b2:94:8c:44:3c:3f:de:d7:3b:ff:1c:da:9c\n" + " 81:fa:63:e1:a7:67:ee:aa:fa:d0:c9:2f:66:1b:5e:af\n" + " 46:8c:f9:53:55:e7:80:7e:74:95:98:d4:2d:5f:94:ab\n" + "Other Information:\n" + " MD5 fingerprint:\n" + " 30cda7de4f0360892547974f45111ac1\n" + " SHA-1 fingerprint:\n" + " 39e3f8fec6a8d842390b6536998a957c1a6b7322\n" + " Public Key ID:\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIB1TCCAUCgAwIBAgIBADALBgkqhkiG9w0BAQUwGjEYMBYGA1UEAxMPd3d3LmV4\n" + "YW1wbGUub3JnMB4XDTA3MDIxNjEzMzAzMFoXDTA3MDMzMDEzMzAzMlowGjEYMBYG\n" + "A1UEAxMPd3d3LmV4YW1wbGUub3JnMIGcMAsGCSqGSIb3DQEBAQOBjAAwgYgCgYC+\n" + "7Jh6HW9+ayWe6CB4QqBkBWZDmW1J1RjsfblYZLKAoxRhnQpPvi/wLvzSq1w231Ps\n" + "Q8f83pG8HgGmt2yyBxAuy2FHdcoDziNuOPE0JxoazfeW87PwDWd/yneEP5wp9GKR\n" + "9hJbYlrMuu0ILjJEJqz9I85TG7vyh/7ceJN8Wb+hdQIDAQABozIwMDAPBgNVHRMB\n" + "Af8EBTADAQH/MB0GA1UdDgQWBBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG\n" + "9w0BAQUDgYEAsE6s+4kSNifzcrgaV9y/86kn3hV1lE9lzDpZEkuRDii5jdNurF2o\n" + "Prk1gQyPx5Vy2VFhBgDGqmhUyFI/th8hksj9FVAVrNQYKaH/ySVazl4Rf4KylIxE\n" + "PD/e1zv/HNqcgfpj4adn7qr60MkvZhter0aM+VNV54B+dJWY1C1flKs=\n" + "-----END CERTIFICATE-----\n"; + +/* Certificate with SAN but no CN. */ +char pem3[] = + "X.509 Certificate Information:" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Issuer: O=GnuTLS hostname check test CA\n" + " Validity:\n" + " Not Before: Fri Feb 16 13:36:27 UTC 2007\n" + " Not After: Fri Mar 30 13:36:29 UTC 2007\n" + " Subject: O=GnuTLS hostname check test CA\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n" + " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n" + " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n" + " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n" + " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n" + " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n" + " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n" + " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " DNSname: www.example.org\n" + " Key Purpose (not critical):\n" + " TLS WWW Server.\n" + " Subject Key Identifier (not critical):\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + " Signature Algorithm: RSA-SHA\n" + " Signature:\n" + " a1:30:bc:01:b3:0f:98:7f:8e:76:7d:23:87:34:15:7f\n" + " a6:ae:a1:fb:87:75:e3:e8:1a:e5:5e:03:5d:bf:44:75\n" + " 46:4f:d2:a1:28:50:84:49:6d:3b:e0:bc:4e:de:79:85\n" + " fa:e1:07:b7:6e:0c:14:04:4a:82:b9:f3:22:6a:bc:99\n" + " 14:20:3b:49:1f:e4:97:d9:ea:eb:73:9a:83:a6:cc:b8\n" + " 55:fb:52:8e:5f:86:7c:9d:fa:af:03:76:ae:97:e0:64\n" + " 50:59:73:22:99:55:cf:da:59:31:0a:e8:6d:a0:53:bc\n" + " 39:63:2e:ac:92:4a:e9:8b:1e:d0:03:df:33:bb:4e:88\n" + "Other Information:\n" + " MD5 fingerprint:\n" + " df3f57d00c8149bd826b177d6ea4f369\n" + " SHA-1 fingerprint:\n" + " e95e56e2acac305f72ea6f698c11624663a595bd\n" + " Public Key ID:\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n" + "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDcwMjE2MTMzNjI3WhcNMDcwMzMw\n" + "MTMzNjI5WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n" + "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGAvuyYeh1vfmslnuggeEKgZAVmQ5lt\n" + "SdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T7EPH/N6RvB4BprdssgcQLsthR3XK\n" + "A84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRikfYSW2JazLrtCC4yRCas/SPOUxu7\n" + "8of+3HiTfFm/oXUCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAaBgNVHREEEzAR\n" + "gg93d3cuZXhhbXBsZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE\n" + "FOk8HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQChMLwBsw+Yf452\n" + "fSOHNBV/pq6h+4d14+ga5V4DXb9EdUZP0qEoUIRJbTvgvE7eeYX64Qe3bgwUBEqC\n" + "ufMiaryZFCA7SR/kl9nq63Oag6bMuFX7Uo5fhnyd+q8Ddq6X4GRQWXMimVXP2lkx\n" + "CuhtoFO8OWMurJJK6Yse0APfM7tOiA==\n" "-----END CERTIFICATE-----\n"; + +/* Certificate with wildcard SAN but no CN. */ +char pem4[] = + "X.509 Certificate Information:\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Issuer:\n" + " Validity:\n" + " Not Before: Fri Feb 16 13:40:10 UTC 2007\n" + " Not After: Fri Mar 30 13:40:12 UTC 2007\n" + " Subject:\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " be:ec:98:7a:1d:6f:7e:6b:25:9e:e8:20:78:42:a0:64\n" + " 05:66:43:99:6d:49:d5:18:ec:7d:b9:58:64:b2:80:a3\n" + " 14:61:9d:0a:4f:be:2f:f0:2e:fc:d2:ab:5c:36:df:53\n" + " ec:43:c7:fc:de:91:bc:1e:01:a6:b7:6c:b2:07:10:2e\n" + " cb:61:47:75:ca:03:ce:23:6e:38:f1:34:27:1a:1a:cd\n" + " f7:96:f3:b3:f0:0d:67:7f:ca:77:84:3f:9c:29:f4:62\n" + " 91:f6:12:5b:62:5a:cc:ba:ed:08:2e:32:44:26:ac:fd\n" + " 23:ce:53:1b:bb:f2:87:fe:dc:78:93:7c:59:bf:a1:75\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " DNSname: *.example.org\n" + " Key Purpose (not critical):\n" + " TLS WWW Server.\n" + " Subject Key Identifier (not critical):\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + " Signature Algorithm: RSA-SHA\n" + " Signature:\n" + " b1:62:e5:e3:0b:a5:99:58:b0:1c:5c:f5:d1:3f:7c:bb\n" + " 67:e1:43:c5:d7:a2:5c:db:f2:5a:f3:03:fc:76:e4:4d\n" + " c1:a0:89:36:24:82:a4:a1:ad:f5:83:e3:96:75:f4:c4\n" + " f3:eb:ff:3a:9b:da:d2:2c:58:d4:10:37:50:33:d1:39\n" + " 53:71:9e:48:2d:b2:5b:27:ce:1e:d9:d5:36:59:ac:17\n" + " 3a:83:cc:59:6b:8f:6a:24:b8:9f:f0:e6:14:03:23:5a\n" + " 87:e7:33:10:32:11:58:a2:bb:f1:e5:5a:88:87:bb:80\n" + " 1b:b6:bb:12:18:cb:15:d5:3a:fc:99:e4:42:5a:ba:45\n" + "Other Information:\n" + " MD5 fingerprint:\n" + " a411da7b0fa064d214116d5f94e06c24\n" + " SHA-1 fingerprint:\n" + " 3596e796c73ed096d762ab3d440a9ab55a386b3b\n" + " Public Key ID:\n" + " e93c1cfbad926ee606a4562ca2e1c05327c8f295\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIB0DCCATugAwIBAgIBADALBgkqhkiG9w0BAQUwADAeFw0wNzAyMTYxMzQwMTBa\n" + "Fw0wNzAzMzAxMzQwMTJaMAAwgZwwCwYJKoZIhvcNAQEBA4GMADCBiAKBgL7smHod\n" + "b35rJZ7oIHhCoGQFZkOZbUnVGOx9uVhksoCjFGGdCk++L/Au/NKrXDbfU+xDx/ze\n" + "kbweAaa3bLIHEC7LYUd1ygPOI2448TQnGhrN95bzs/ANZ3/Kd4Q/nCn0YpH2Elti\n" + "Wsy67QguMkQmrP0jzlMbu/KH/tx4k3xZv6F1AgMBAAGjYTBfMA8GA1UdEwEB/wQF\n" + "MAMBAf8wGAYDVR0RBBEwD4INKi5leGFtcGxlLm9yZzATBgNVHSUEDDAKBggrBgEF\n" + "BQcDATAdBgNVHQ4EFgQU6Twc+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEF\n" + "A4GBALFi5eMLpZlYsBxc9dE/fLtn4UPF16Jc2/Ja8wP8duRNwaCJNiSCpKGt9YPj\n" + "lnX0xPPr/zqb2tIsWNQQN1Az0TlTcZ5ILbJbJ84e2dU2WawXOoPMWWuPaiS4n/Dm\n" + "FAMjWofnMxAyEViiu/HlWoiHu4AbtrsSGMsV1Tr8meRCWrpF\n" + "-----END CERTIFICATE-----\n"; + +#ifdef SUPPORT_COMPLEX_WILDCARDS +/* Certificate with multiple wildcards SAN but no CN. */ +char pem6[] = + "X.509 Certificate Information:\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Validity:\n" + " Not Before: Sat May 3 11:00:51 UTC 2008\n" + " Not After: Sat May 17 11:00:54 UTC 2008\n" + " Subject: O=GnuTLS hostname check test CA\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n" + " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n" + " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n" + " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n" + " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n" + " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n" + " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n" + " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " DNSname: *.*.example.org\n" + " Key Purpose (not critical):\n" + " TLS WWW Server.\n" + " Subject Key Identifier (not critical):\n" + " 5493e6599b283b4529378818aef9a4abbf4d9918\n" + "Other Information:\n" + " Public Key ID:\n" + " 5493e6599b283b4529378818aef9a4abbf4d9918\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIICIjCCAY2gAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n" + "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEwMDUxWhcNMDgwNTE3\n" + "MTEwMDU0WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n" + "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n" + "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n" + "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n" + "AUp+YdcEIQVM8QcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAaBgNVHREEEzAR\n" + "gg8qLiouZXhhbXBsZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHQYDVR0OBBYE\n" + "FFST5lmbKDtFKTeIGK75pKu/TZkYMAsGCSqGSIb3DQEBBQOBgQAQ9PStleVvfmlK\n" + "wRs8RE/oOO+ouC3qLdnumNEITMRFh8Q12/X4yMLD3CH0aQ/hvHcP26PxAWzpNutk\n" + "swNx7AzsCu6pN1t1aI3jLgo8e4/zZi57e8QcRuXZPDJxtJxVhJZX/C4pSz802WhS\n" + "64NgtpHEMu9JUHFhtRwPcvVGYqPUUA==\n" "-----END CERTIFICATE-----\n"; + +/* Certificate with prefixed and suffixed wildcard SAN but no CN. */ +char pem7[] = + "X.509 Certificate Information:\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Validity:\n" + " Not Before: Sat May 3 11:02:43 UTC 2008\n" + " Not After: Sat May 17 11:02:45 UTC 2008\n" + " Subject: O=GnuTLS hostname check test CA\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n" + " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n" + " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n" + " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n" + " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n" + " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n" + " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n" + " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " DNSname: foo*bar.example.org\n" + " Key Purpose (not critical):\n" + " TLS WWW Server.\n" + " Subject Key Identifier (not critical):\n" + " 5493e6599b283b4529378818aef9a4abbf4d9918\n" + "Other Information:\n" + " Public Key ID:\n" + " 5493e6599b283b4529378818aef9a4abbf4d9918\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIICJjCCAZGgAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n" + "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEwMjQzWhcNMDgwNTE3\n" + "MTEwMjQ1WjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n" + "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n" + "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n" + "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n" + "AUp+YdcEIQVM8QcCAwEAAaNnMGUwDwYDVR0TAQH/BAUwAwEB/zAeBgNVHREEFzAV\n" + "ghNmb28qYmFyLmV4YW1wbGUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1Ud\n" + "DgQWBBRUk+ZZmyg7RSk3iBiu+aSrv02ZGDALBgkqhkiG9w0BAQUDgYEAPPNe38jc\n" + "8NsZQVKKLYc1Y4y8LRPhvnxkSnlcGa1RzYZY1s12BZ6OVIfyxD1Z9BcNdqRSq7bQ\n" + "kEicsGp5ugGQTNq6aSlzYOUD9/fUP3jDsH7HVb36aCF3waGCQWj+pLqK0LYcW2p/\n" + "xnr5+z4YevFBhn7l/fMhg8TzKejxYm7TECg=\n" "-----END CERTIFICATE-----\n"; +#endif + +/* Certificate with ending wildcard SAN but no CN. */ +char pem8[] = + "X.509 Certificate Information:\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Validity:\n" + " Not Before: Sat May 3 11:24:38 UTC 2008\n" + " Not After: Sat May 17 11:24:40 UTC 2008\n" + " Subject: O=GnuTLS hostname check test CA\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " d2:05:c1:65:cb:bd:1e:2e:eb:7b:87:07:94:4c:93:33\n" + " f3:81:83:7d:32:1b:71:4e:4e:7f:c7:bc:bf:4b:2f:f2\n" + " 49:b5:cf:bf:c0:b8:e8:29:cc:f3:61:bd:2e:1d:e4:e8\n" + " 19:dd:c5:bd:2e:f0:35:b1:fd:30:d7:f5:a8:7c:83:9a\n" + " 13:9e:bf:25:ed:08:a6:05:9e:7b:4e:23:59:c3:0e:5a\n" + " f3:bf:54:c7:dc:d4:13:57:a1:0f:a2:9e:c8:ab:75:66\n" + " de:07:84:8d:68:ad:71:04:e0:9c:bd:cb:f6:08:7a:97\n" + " 42:f8:10:94:29:01:4a:7e:61:d7:04:21:05:4c:f1:07\n" + " Exponent:\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " DNSname: www.example.*\n" + " Key Purpose (not critical):\n" + " TLS WWW Server.\n" + " Subject Key Identifier (not critical):\n" + " 5493e6599b283b4529378818aef9a4abbf4d9918\n" + "Other Information:\n" + " Public Key ID:\n" + " 5493e6599b283b4529378818aef9a4abbf4d9918\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIICIDCCAYugAwIBAgIBADALBgkqhkiG9w0BAQUwKDEmMCQGA1UEChMdR251VExT\n" + "IGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0EwHhcNMDgwNTAzMTEyNDM4WhcNMDgwNTE3\n" + "MTEyNDQwWjAoMSYwJAYDVQQKEx1HbnVUTFMgaG9zdG5hbWUgY2hlY2sgdGVzdCBD\n" + "QTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA0gXBZcu9Hi7re4cHlEyTM/OBg30y\n" + "G3FOTn/HvL9LL/JJtc+/wLjoKczzYb0uHeToGd3FvS7wNbH9MNf1qHyDmhOevyXt\n" + "CKYFnntOI1nDDlrzv1TH3NQTV6EPop7Iq3Vm3geEjWitcQTgnL3L9gh6l0L4EJQp\n" + "AUp+YdcEIQVM8QcCAwEAAaNhMF8wDwYDVR0TAQH/BAUwAwEB/zAYBgNVHREEETAP\n" + "gg13d3cuZXhhbXBsZS4qMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBRU\n" + "k+ZZmyg7RSk3iBiu+aSrv02ZGDALBgkqhkiG9w0BAQUDgYEAZ7gLXtXwFW61dSAM\n" + "0Qt6IN68WBH7LCzetSF8ofG1WVUImCUU3pqXhXYtPGTrswOh2AavWTRbzVTtrFvf\n" + "WJg09Z7H6I70RPvAYGsK9t9qJ/4TPoYTGYQgsTbVpkv13O54O6jzemd8Zws/xMH5\n" + "7/q6C7P5OUmGOtfVe7UVDY0taQM=\n" "-----END CERTIFICATE-----\n"; + +/* Certificate with SAN and CN but for different names. */ +char pem9[] = + "X.509 Certificate Information:\n" + " Version: 3\n" + " Serial Number (hex): 4a827d5c\n" + " Issuer: O=GnuTLS hostname check test CA,CN=foo.example.org\n" + " Validity:\n" + " Not Before: Wed Aug 12 08:29:17 UTC 2009\n" + " Not After: Thu Aug 13 08:29:23 UTC 2009\n" + " Subject: O=GnuTLS hostname check test CA,CN=foo.example.org\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " bb:66:43:f5:f2:c5:d7:b6:8c:cc:c5:df:f5:88:3b:b1\n" + " c9:4b:6a:0e:a1:ad:20:50:40:08:80:a1:4f:5c:a3:d0\n" + " f8:6c:cf:e6:3c:f7:ec:04:76:13:17:8b:64:89:22:5b\n" + " c0:dd:53:7c:3b:ed:7c:04:bb:80:b9:28:be:8e:9b:c6\n" + " 8e:a0:a5:12:cb:f5:57:1e:a2:e7:bb:b7:33:49:9f:e3\n" + " bb:4a:ae:6a:4d:68:ff:c9:11:e2:32:8d:ce:3d:80:0b\n" + " 8d:75:ef:d8:00:81:8f:28:04:03:a0:22:8d:61:04:07\n" + " fa:b6:37:7d:21:07:49:d2:09:61:69:98:90:a3:58:a9\n" + " Exponent (bits 24):\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " DNSname: bar.example.org\n" + " Key Purpose (not critical):\n" + " TLS WWW Server.\n" + " Subject Key Identifier (not critical):\n" + " 4cb90a9bfa1d34e37edecbd20715fea1dacb6891\n" + " Signature Algorithm: RSA-SHA\n" + " Signature:\n" + " a2:1f:d2:90:5f:c9:1c:6f:92:1d:c5:0b:ac:b0:17:23\n" + " c5:67:46:94:6f:0f:62:7d:66:4c:28:ff:b7:10:73:60\n" + " ae:0e:a2:47:82:83:bb:89:0d:f1:16:5e:f9:5b:35:4b\n" + " ce:ee:5e:d0:ad:b5:8b:cc:37:b3:ac:4d:1b:58:c2:4f\n" + " 1c:7f:c6:ac:3d:25:18:67:37:f0:27:11:9b:2c:20:b6\n" + " 78:24:21:a6:77:44:e7:1a:e5:f6:bf:45:84:32:81:67\n" + " af:8d:96:26:f7:39:31:6b:63:c5:15:9d:e0:a0:9a:1e\n" + " 96:12:cb:ad:85:cb:a7:d4:86:ac:d8:f5:e9:a4:2b:20\n" + "Other Information:\n" + " MD5 fingerprint:\n" + " f27b18092c7497f206e70f504eee0f8e\n" + " SHA-1 fingerprint:\n" + " bebdac9d0dd54e8f044642e0f065fae5d75ca6e5\n" + " Public Key ID:\n" + " 4cb90a9bfa1d34e37edecbd20715fea1dacb6891\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIICWTCCAcSgAwIBAgIESoJ9XDALBgkqhkiG9w0BAQUwQjEmMCQGA1UEChMdR251\n" + "VExTIGhvc3RuYW1lIGNoZWNrIHRlc3QgQ0ExGDAWBgNVBAMTD2Zvby5leGFtcGxl\n" + "Lm9yZzAeFw0wOTA4MTIwODI5MTdaFw0wOTA4MTMwODI5MjNaMEIxJjAkBgNVBAoT\n" + "HUdudVRMUyBob3N0bmFtZSBjaGVjayB0ZXN0IENBMRgwFgYDVQQDEw9mb28uZXhh\n" + "bXBsZS5vcmcwgZwwCwYJKoZIhvcNAQEBA4GMADCBiAKBgLtmQ/Xyxde2jMzF3/WI\n" + "O7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeLZIkiW8DdU3w77XwEu4C5KL6O\n" + "m8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKNzj2AC41179gAgY8oBAOgIo1h\n" + "BAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wGgYD\n" + "VR0RBBMwEYIPYmFyLmV4YW1wbGUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0G\n" + "A1UdDgQWBBRMuQqb+h00437ey9IHFf6h2stokTALBgkqhkiG9w0BAQUDgYEAoh/S\n" + "kF/JHG+SHcULrLAXI8VnRpRvD2J9Zkwo/7cQc2CuDqJHgoO7iQ3xFl75WzVLzu5e\n" + "0K21i8w3s6xNG1jCTxx/xqw9JRhnN/AnEZssILZ4JCGmd0TnGuX2v0WEMoFnr42W\n" + "Jvc5MWtjxRWd4KCaHpYSy62Fy6fUhqzY9emkKyA=\n" + "-----END CERTIFICATE-----\n"; + +/* Certificate with SAN and CN that match iff you truncate the SAN to + the embedded NUL. + See . */ +char pem10[] = + "X.509 Certificate Information:\n" + " Version: 3\n" + " Serial Number (hex): 0b5d0a870d09\n" + " Issuer: C=NN,O=Edel Curl Arctic Illudium Research Cloud,CN=Northern Nowhere Trust Anchor\n" + " Validity:\n" + " Not Before: Tue Aug 04 22:07:33 UTC 2009\n" + " Not After: Sat Oct 21 22:07:33 UTC 2017\n" + " Subject: C=NN,O=Edel Curl Arctic Illudium Research Cloud,CN=localhost\n" + " Subject Public Key Algorithm: RSA\n" + " Modulus (bits 1024):\n" + " be:67:3b:b4:ea:c0:85:b4:c3:56:c1:a4:96:23:36:f5\n" + " c6:77:aa:ad:e5:c1:dd:ce:c1:9a:97:07:dd:16:90:eb\n" + " f0:38:b5:95:6b:a6:0f:b9:73:4e:7d:82:57:ab:5f:b5\n" + " ba:5c:a0:48:8c:82:77:fd:67:d8:53:44:61:86:a5:06\n" + " 19:bf:73:51:68:2e:1a:0a:c5:05:39:ca:3d:ca:83:ed\n" + " 07:fe:ae:b7:73:1d:60:dd:ab:9e:0e:7e:02:f3:68:42\n" + " 93:27:c8:5f:c5:fa:cb:a9:84:06:2f:f3:66:bd:de:7d\n" + " 29:82:57:47:e4:a9:df:bf:8b:bc:c0:46:33:5a:7b:87\n" + " Exponent (bits 24):\n" + " 01:00:01\n" + " Extensions:\n" + " Subject Alternative Name (not critical):\n" + "warning: SAN contains an embedded NUL, replacing with '!'\n" + " DNSname: localhost!h\n" + " Key Usage (not critical):\n" + " Key encipherment.\n" + " Key Purpose (not critical):\n" + " TLS WWW Server.\n" + " Subject Key Identifier (not critical):\n" + " 0c37a3db0f73b3388a69d36eb3a7d6d8774eda67\n" + " Authority Key Identifier (not critical):\n" + " 126b24d24a68b7a1b01ccdbfd64ccc405b7fe040\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): FALSE\n" + " Signature Algorithm: RSA-SHA\n" + " Signature:\n" + " 88:a0:17:77:77:bf:c1:8a:18:4e:a3:94:6e:45:18:31\n" + " fa:2f:7b:1f:ee:95:20:d1:cd:40:df:ee:f0:45:2e:e9\n" + " e6:cf:c8:77:bd:85:16:d7:9f:18:52:78:3f:ea:9c:86\n" + " 62:6e:db:90:b0:cd:f1:c1:6f:2d:87:4a:a0:be:b3:dc\n" + " 6d:e4:6b:d1:da:b9:10:25:7e:35:1f:1b:aa:a7:09:2f\n" + " 84:77:27:b0:48:a8:6d:54:57:38:35:22:34:03:0f:d4\n" + " 5d:ab:1c:72:15:b1:d9:89:56:10:12:fb:7d:0d:18:12\n" + " a9:0a:38:dc:93:cf:69:ff:75:86:9e:e3:6b:eb:92:6c\n" + " 55:16:d5:65:8b:d7:9c:5e:4b:82:c8:92:6c:8b:e6:18\n" + " a2:f8:8c:65:aa:b6:eb:23:ed:cb:99:db:fc:8b:8e:1d\n" + " 7a:39:c9:f5:7b:7f:58:7b:ed:01:6c:3c:40:ec:e3:a9\n" + " 5f:c4:3d:cb:81:17:03:6d:2d:d7:bd:00:5f:c4:79:f2\n" + " fb:ab:c6:0e:a2:01:8b:a1:42:73:de:96:29:3e:bf:d7\n" + " d9:51:a7:d4:98:07:7f:f0:f4:cd:00:a1:e1:ac:6c:05\n" + " ac:ab:93:1b:b0:5c:2c:13:ad:ff:27:dc:80:99:34:66\n" + " bd:e3:31:54:d5:b6:3f:ce:d4:08:a3:52:28:61:5e:bd\n" + "Other Information:\n" + " MD5 fingerprint:\n" + " 0b4d6d944200cdd1639008b24dc0fe0a\n" + " SHA-1 fingerprint:\n" + " ce85660f5451b0cc12f525577f0eb9411a20c76b\n" + " Public Key ID:\n" + " a1d18c15e65c7c4935512eeea7ca5d3e6baad4e1\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDQzCCAiugAwIBAgIGC10Khw0JMA0GCSqGSIb3DQEBBQUAMGcxCzAJBgNVBAYT\n" + "Ak5OMTEwLwYDVQQKDChFZGVsIEN1cmwgQXJjdGljIElsbHVkaXVtIFJlc2VhcmNo\n" + "IENsb3VkMSUwIwYDVQQDDBxOb3RoZXJuIE5vd2hlcmUgVHJ1c3QgQW5jaG9yMB4X\n" + "DTA5MDgwNDIyMDczM1oXDTE3MTAyMTIyMDczM1owVDELMAkGA1UEBhMCTk4xMTAv\n" + "BgNVBAoMKEVkZWwgQ3VybCBBcmN0aWMgSWxsdWRpdW0gUmVzZWFyY2ggQ2xvdWQx\n" + "EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" + "vmc7tOrAhbTDVsGkliM29cZ3qq3lwd3OwZqXB90WkOvwOLWVa6YPuXNOfYJXq1+1\n" + "ulygSIyCd/1n2FNEYYalBhm/c1FoLhoKxQU5yj3Kg+0H/q63cx1g3aueDn4C82hC\n" + "kyfIX8X6y6mEBi/zZr3efSmCV0fkqd+/i7zARjNae4cCAwEAAaOBizCBiDAWBgNV\n" + "HREEDzANggtsb2NhbGhvc3QAaDALBgNVHQ8EBAMCBSAwEwYDVR0lBAwwCgYIKwYB\n" + "BQUHAwEwHQYDVR0OBBYEFAw3o9sPc7M4imnTbrOn1th3TtpnMB8GA1UdIwQYMBaA\n" + "FBJrJNJKaLehsBzNv9ZMzEBbf+BAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF\n" + "BQADggEBAIigF3d3v8GKGE6jlG5FGDH6L3sf7pUg0c1A3+7wRS7p5s/Id72FFtef\n" + "GFJ4P+qchmJu25CwzfHBby2HSqC+s9xt5GvR2rkQJX41HxuqpwkvhHcnsEiobVRX\n" + "ODUiNAMP1F2rHHIVsdmJVhAS+30NGBKpCjjck89p/3WGnuNr65JsVRbVZYvXnF5L\n" + "gsiSbIvmGKL4jGWqtusj7cuZ2/yLjh16Ocn1e39Ye+0BbDxA7OOpX8Q9y4EXA20t\n" + "170AX8R58vurxg6iAYuhQnPelik+v9fZUafUmAd/8PTNAKHhrGwFrKuTG7BcLBOt\n" + "/yfcgJk0Zr3jMVTVtj/O1AijUihhXr0=\n" "-----END CERTIFICATE-----\n"; + +char pem_too_many[] = "\n" + " Subject: C=BE,CN=******************.gnutls.org\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDljCCAk6gAwIBAgIETcMNdjANBgkqhkiG9w0BAQsFADA6MQswCQYDVQQGEwJC\n" + "RTErMCkGA1UEAxMiKioqKioqKioqKioqKioqKioqKioqKiouZ251dGxzLm9yZzAe\n" + "Fw0xMTA1MDUyMDQ5NTlaFw02NDAxMTUyMDUwMDJaMDoxCzAJBgNVBAYTAkJFMSsw\n" + "KQYDVQQDEyIqKioqKioqKioqKioqKioqKioqKioqKi5nbnV0bHMub3JnMIIBUjAN\n" + "BgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEA3c+X0qUdld2GGNjEua2mDLSdttz6\n" + "3CHhOmI0B+gzsuiX7ixB0hLxX+3kdv9lJh4Mx0EVaV8N+a2JFI3q1xZSmkfBuwAC\n" + "5IhFc3ikrts4w8YH0mQOh+10jGvEwAJQfE6m0Vjp5RMJqdta6usPBoBcCe+UyOn7\n" + "Ny514ayTrZs3E0tmOnYz2MTXTPthyJIhB/zfqYhU5KOpR9JsuOM5iRGIOC2i3D5e\n" + "SqmkjtUfstDdQTzaEGieRxtlAqLFKHMCgwMJ/fUpfpfcKk5LqnlGRnCGG5u49oq+\n" + "KYd9X9qll2vvyEMJQ+IfihZ+HVBd9doC7vLDKkjmazDqAtfvrIsMuMGF2L98hage\n" + "g75cJi55e0f1Sj9mYpL9QSC2LADwUsomBi18z3pQfQ/L3ZcgyG/k4FD04wIDAQAB\n" + "o0QwQjAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQW\n" + "BBSSU9ZxufhoqrNT9o31OUVmnKflMTANBgkqhkiG9w0BAQsFAAOCATEAUMK435LP\n" + "0XpmpWLBBuC6VLLIsAGmXRv7odw8sG9fOctalsbK3zd9pDOaoFI/128GOmlTp1aC\n" + "n4a/pZ9G5wTKRvdxVqecdYkozDtAS35uwCSQPU/P12Oug6kA4NNJDxF3FGm5eov6\n" + "SnZDL0Qlhat9y0yOakaOkVNwESAwgUEYClZeR45htvH5oP48XEgwqHQ9jPS2MXAe\n" + "QLBjqqeYzIvWqwT4z14tIkN0VWWqqVo/dzV+lfNwQy0UL8iWVYnks8wKs2SBkVHx\n" + "41wBR3uCgCDwlYGDLIG1cm0n7mXrnE7KNcrwQKXL8WGNRAVvx5MVO1vDoWPyQ1Y4\n" + "sDdnQiVER9ee/KxO6IgCTGh+nCBTSSYgLX2E/m789quPvzyi9Hf/go28he6E3dSK\n" + "q7/LRSxaZenB/Q==\n" "-----END CERTIFICATE-----\n"; + +#ifdef ENABLE_OPENPGP +/* Check basic OpenPGP comparison too. + . */ +char pem11[] = + "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "Version: GnuPG v1.4.6 (GNU/Linux)\n" + "\n" + "mQGiBEXInlgRBAD0teb6ohIlchkHcFlmmvtVW1KXexlDfXExf8T+fOz5z354GPOX\n" + "sDq98ztCEE3hnPEOFj4NT0X3nEtrvLkhmZqrDHSbuJACB4qxeHwEbGFx7OIDW8+u\n" + "4sKxpaza1GVf1NQ7VIaQiXaGHy8Esn9SW7oNhK6z5l4TIRlm3OBt3cxU3wCgjnnO\n" + "jpGJeeo0OnZzSH+xsNLJQEcEAOmUc+7N9OhpT/gqddIgzYRr/FD0Ad6HBfABol6Q\n" + "wWCapzIxggnZJ9i+lHujpcA8idtrBU/DGhkGtW95QaHwQ8d5SvetM7Wc/xoHEP3o\n" + "HGvSGoXtfqlofastcC7eso39EBD10cpIB+gUmhe1MpaXm7A6m+KJO+2CkqE1vMkc\n" + "tmKHBACzDRrWgkV+AtGWKl3ge9RkYHKxAPc0FBrpzDrvmvvNMaIme2u/+WP/xa4T\n" + "nTjgys+pfeplHVfCO/n6nKWrVepMPE0+ZeNWzY6CsfhL7VjSN99vm7qzNHswBiJS\n" + "gCSwJXRmQcJcS9hxqLciUyVEB32zPqX24QHnsyPYaSCzEBgOnLQPdGVzdC5nbnV0\n" + "bHMub3JniF8EExECACAFAkXInlgCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK\n" + "CRCuX60+XR0U2FcfAJ9eZDmhk5a9k4K/zu+a5xFwb9SWsgCXTkDnOIQmueZPHg5U\n" + "VgKnazckK7kCDQRFyJ51EAgAozi9Vk9R5I2AtRcqV4jLfpzh3eiBYSUt4U3ZLxff\n" + "LAyvGMUXA7OATGGhuKphNQLux17AGpRN4nugnIWMLE9akyrxXqg/165UFKbwwVsl\n" + "po7KzPvEXHmOYDgVEqS0sZNWmkJeMPdCVsD2wifPkocufUu2Ux8CmrvT1nEgoiVu\n" + "kUjplJOralQBdsPkIEk8LMVtF3IW2aHCEET0yrJ2Y2q0i/u1K4bxSUi5ESrN0UNa\n" + "WT7wtCegdwWlObwJEgwcu/8YtjMnfBI855gXVdJiRLdOJvkU+65I/jnPQG5QEIQM\n" + "weLty/+GHkXVN2xw5OGUIryIPUHi8+EDGOGqoxqNUMTzvwADBQf/bTPc0z3oHp+X\n" + "hsj3JP/AMCSQV87peKqFYEnRIubsN4Y4tTwVjEkRA3s5u+qTNvdypE1tvAEmdspa\n" + "CL/EKfMCEltcW3WUwqUIULQ2Z0t9tBuVfMEH1Z1jjb68IOVwTJYz+iBtmbq5Wxoq\n" + "lc5woOCDVL9qaKR6hOuAukTl6L3wQL+5zGBE4k5UfLf8UVJEa4ZTqsoMi3iyQAFO\n" + "/h7WzqUATH3aQSz9tpilJ760wadDhc+Sdt2a0W6cC+SBmJaU/ym9seTd26nyWHG+\n" + "03G+ynCHf5pBAXHhfCNhA0lMv5h3eJECNElcCh0sYGmo19jOzbnlRSGKRqrflOtO\n" + "YwhQXK9y/ohJBBgRAgAJBQJFyJ51AhsMAAoJEK5frT5dHRTYDDgAn2bLaS5n3Xy8\n" + "Z/V2Me1st/9pqPfZAJ4+9YBnyjCq/0vosIoZabi+s92m7g==\n" + "=NkXV\n" "-----END PGP PUBLIC KEY BLOCK-----\n"; +#endif + +char pem_ips[] = "\n" + "X.509 Certificate Information:\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Issuer: CN=server-0\n" + " Validity:\n" + " Not Before: Fri Jun 27 09:14:36 UTC 2014\n" + " Not After: Fri Dec 31 23:59:59 UTC 9999\n" + " Subject: CN=server-0\n" + " Subject Public Key Algorithm: RSA\n" + " Algorithm Security Level: Medium (2048 bits)\n" + " Modulus (bits 2048):\n" + " 00:c1:56:12:f6:c3:c7:e3:4c:7e:ff:04:4e:88:1d:67\n" + " a7:f3:4d:64:cc:12:a7:ff:50:aa:5c:31:b9:3c:d1:d1\n" + " ba:78:2c:7d:dd:54:4a:cd:5a:f2:38:8b:b2:c5:26:7e\n" + " 25:05:36:b6:92:e6:1d:c3:00:39:a0:c5:1c:b5:63:3d\n" + " 00:e9:b4:b5:75:a7:14:b1:ff:a0:03:9d:ba:77:da:e5\n" + " de:21:fb:56:da:06:9d:84:57:53:3d:08:45:45:20:fd\n" + " e7:60:65:2e:55:60:db:d3:91:da:64:ff:c4:42:42:54\n" + " 77:cb:47:54:68:1e:b4:62:ad:8a:3c:0a:28:89:cb:d3\n" + " 81:d3:15:9a:1d:67:90:51:83:90:6d:fb:a1:0e:54:6b\n" + " 29:d7:ef:79:19:14:f6:0d:82:73:8f:79:58:0e:af:0e\n" + " cc:bd:17:ab:b5:a2:1f:76:a1:9f:4b:7b:e8:f9:7b:28\n" + " 56:cc:f1:5b:0e:93:c9:e5:44:2f:2d:0a:22:7d:0b:2b\n" + " 30:84:c3:1e:d6:4d:63:5b:41:51:83:d4:b5:09:f4:cc\n" + " ab:ad:51:1b:8e:a1:f6:b1:27:5b:43:3c:bc:ae:10:93\n" + " d4:ce:3b:10:ca:3f:22:dd:9e:a8:3f:4a:a6:a8:cd:8f\n" + " d0:6a:e0:40:26:28:0f:af:0e:13:e1:ac:b9:ac:41:cc\n" + " 5d\n" + " Exponent (bits 24):\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " IPAddress: 127.0.0.1\n" + " IPAddress: 192.168.5.1\n" + " IPAddress: 10.100.2.5\n" + " IPAddress: 0:0:0:0:0:0:0:1\n" + " IPAddress: fe80:0:0:0:3e97:eff:fe18:359a\n" + " Key Usage (critical):\n" + " Certificate signing.\n" + " Subject Key Identifier (not critical):\n" + " bd3d0b6cab6b33d8a8e1ed15b7ab17587cc2a09f\n" + " Signature Algorithm: RSA-SHA256\n" + " Signature:\n" + " 02:22:52:4b:69:e5:4f:f8:17:0a:46:34:d1:ec:6b:f5\n" + " ae:5b:fc:e2:00:ca:1f:f0:1d:74:91:9c:85:0a:a7:06\n" + " 3d:fa:93:0d:35:85:ea:3e:01:9f:9e:bc:52:72:95:b2\n" + " 8a:3a:78:6e:d2:5d:4d:60:88:2b:be:6f:68:75:c7:19\n" + " ac:c9:ea:ab:74:f6:62:4d:30:1e:87:e4:70:1e:96:f4\n" + " 0b:48:ef:c9:28:14:6f:fa:c1:7b:d3:ef:b3:d8:52:90\n" + " 5d:20:d0:aa:8b:10:ab:74:86:46:be:cb:6c:93:54:60\n" + " bc:6e:d6:4d:b2:1e:25:65:38:52:5b:6c:b4:57:8f:0f\n" + " 26:4f:36:ea:42:eb:71:68:93:f3:a9:7a:66:5c:b6:07\n" + " 7d:15:b5:f4:b8:5c:7c:e0:cd:d0:fa:5b:2a:6b:fd:4c\n" + " 71:12:45:d0:37:9e:cf:90:59:6e:fd:ba:3a:8b:ca:37\n" + " 01:cc:6f:e0:32:c7:9e:a4:ea:61:2c:e5:ad:66:73:80\n" + " 5c:5e:0c:44:ec:c2:74:b8:fe:6e:66:af:76:cc:30:10\n" + " 1f:3a:ac:34:36:e6:5b:72:f3:ee:5a:68:c3:43:37:56\n" + " c3:08:02:3c:96:1c:27:18:d0:38:fa:d7:51:4e:82:7d\n" + " fc:81:a2:23:c5:05:80:0e:b4:ba:d3:19:39:74:9c:74\n" + "Other Information:\n" + " SHA1 fingerprint:\n" + " 43536dd4198f6064c117c3825020b14c108f9a34\n" + " SHA256 fingerprint:\n" + " 5ab6626aa069da15650edcfff7305767ff5b8d338289f851a624ea89b50ff06a\n" + " Public Key ID:\n" + " bd3d0b6cab6b33d8a8e1ed15b7ab17587cc2a09f\n" + " Public key's random art:\n" + " +--[ RSA 2048]----+\n" + " | |\n" + " | . |\n" + " | . + |\n" + " | . .= . |\n" + " | .S+oo |\n" + " | E+.+ |\n" + " | . +. *.o |\n" + " | . oo.=..+ o |\n" + " | ooo.+Bo . |\n" + " +-----------------+\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDKzCCAhOgAwIBAgIBADANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhzZXJ2\n" + "ZXItMDAiGA8yMDE0MDYyNzA5MTQzNloYDzk5OTkxMjMxMjM1OTU5WjATMREwDwYD\n" + "VQQDEwhzZXJ2ZXItMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFW\n" + "EvbDx+NMfv8ETogdZ6fzTWTMEqf/UKpcMbk80dG6eCx93VRKzVryOIuyxSZ+JQU2\n" + "tpLmHcMAOaDFHLVjPQDptLV1pxSx/6ADnbp32uXeIftW2gadhFdTPQhFRSD952Bl\n" + "LlVg29OR2mT/xEJCVHfLR1RoHrRirYo8CiiJy9OB0xWaHWeQUYOQbfuhDlRrKdfv\n" + "eRkU9g2Cc495WA6vDsy9F6u1oh92oZ9Le+j5eyhWzPFbDpPJ5UQvLQoifQsrMITD\n" + "HtZNY1tBUYPUtQn0zKutURuOofaxJ1tDPLyuEJPUzjsQyj8i3Z6oP0qmqM2P0Grg\n" + "QCYoD68OE+GsuaxBzF0CAwEAAaOBhTCBgjAPBgNVHRMBAf8EBTADAQH/MD8GA1Ud\n" + "EQQ4MDaHBH8AAAGHBMCoBQGHBApkAgWHEAAAAAAAAAAAAAAAAAAAAAGHEP6AAAAA\n" + "AAAAPpcO//4YNZowDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUvT0LbKtrM9io\n" + "4e0Vt6sXWHzCoJ8wDQYJKoZIhvcNAQELBQADggEBAAIiUktp5U/4FwpGNNHsa/Wu\n" + "W/ziAMof8B10kZyFCqcGPfqTDTWF6j4Bn568UnKVsoo6eG7SXU1giCu+b2h1xxms\n" + "yeqrdPZiTTAeh+RwHpb0C0jvySgUb/rBe9Pvs9hSkF0g0KqLEKt0hka+y2yTVGC8\n" + "btZNsh4lZThSW2y0V48PJk826kLrcWiT86l6Zly2B30VtfS4XHzgzdD6Wypr/Uxx\n" + "EkXQN57PkFlu/bo6i8o3Acxv4DLHnqTqYSzlrWZzgFxeDETswnS4/m5mr3bMMBAf\n" + "Oqw0NuZbcvPuWmjDQzdWwwgCPJYcJxjQOPrXUU6CffyBoiPFBYAOtLrTGTl0nHQ=\n" + "-----END CERTIFICATE-----\n" + ""; + +char multi_cns[] = "\n" + "Subject: CN=www.example.com,CN=www.example2.com,CN=www.example3.com\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDXzCCAkegAwIBAgIMU+p6uAg2JlqRhAbAMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIhgPMjAxNDA4MTIyMDM2MDhaGA85OTk5MTIzMTIzNTk1OVow\n" + "UDEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tMRkwFwYDVQQDExB3d3cuZXhhbXBs\n" + "ZTIuY29tMRkwFwYDVQQDExB3d3cuZXhhbXBsZTMuY29tMIIBIjANBgkqhkiG9w0B\n" + "AQEFAAOCAQ8AMIIBCgKCAQEAqP5QQUqIS2lquM8hYbDHljqHBDWlGtr167DDPwix\n" + "oIlnq84Xr1zI5zpJ2t/3U5kGTbRJiVroQCh3cVhiQyGTPSJPK+CJGi3diw5Vc2rK\n" + "oAPxaFtaxvE36mLLH2SSuc49b6hhlRpXdWE0TgnsvJojL5V20/CZI23T27fl+DjT\n" + "MduU92qH8wdCgp7q3sHZvtvTZuFM+edYvKZjhUz8P7JwiamG0A2UH+NiyicdAOxc\n" + "+lfwfoyetJdTHLfwxdCXT4X91xGd9eOW9lIL5BqLuAArODTcmHDmiXpXEO/sEyHq\n" + "L96Eawjon0Gz4IRNq7/kwDjSPJOIN0GHq6DtNmXl6J0C5wIDAQABo3YwdDAMBgNV\n" + "HRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAw\n" + "HQYDVR0OBBYEFH6NTStc4XH/M74Meat1sT2o53fUMB8GA1UdIwQYMBaAFK8aMLKE\n" + "hAwWmkzQxRkQ1/efnumUMA0GCSqGSIb3DQEBCwUAA4IBAQBdHknM+rddB0ET+UI2\n" + "Or8qSNjkqBHwsZqb4hJozXFS35a1CJPQuxPzY13eHpiIfmdWL2EpKnLOU8vtAW9e\n" + "qpozMGDyrAuZhxsXUtInbF15C+Yuw9/sqCPK44b5DCtDf6J/N8m8FvdwqO803z1D\n" + "MGcSpES5I68+N3dwSRFYNpSLA1ul5MSlnmoffml959kx9hZNcI4N/UqkO1LMCKXX\n" + "Nf8kGFyLdPjANcIwL5sqP+Dp4HP3wdf7Ny+KFCZ6zDbpa53gb3G0naMdllK8BMfI\n" + "AQ4Y07zSA4K1QMdxeqaMgPIcCDLoKiMXAXNa42+K04F6SOkTjsVx9b5m0oynLt0u\n" + "MUjE\n" + "-----END CERTIFICATE-----\n"; + +char txt_ip_in_names[] = + "Subject: CN=172.15.1.1\n" + "Subject Alternative Name (not critical):\n" + " DNSname: 172.15.2.1\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIEJDCCAoygAwIBAgIMWQXA/TIEZUXpwL2dMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwNDMwMTA0ODI5WhgPOTk5OTEyMzEyMzU5NTlaMBUx\n" + "EzARBgNVBAMTCjE3Mi4xNS4xLjEwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK\n" + "AoIBgQDP3DsT65aY+fHi6FivWbypF71T9UjAGYcho7XXPUCvBr6xQbyERZjb08qn\n" + "RPvVDaiLeDfVve44gSho70t+fxMsCYZqkf9HN4aUzuxx2fHgMBCwyrhgm9zZ/zgA\n" + "D92oXOPem2mKNjPavXtthqvgvwu6HmpJDd+YYR7FFbkgZswrqjd+lg0z+PGt5Xee\n" + "LW3amPZINyc5Rai+LMlYIU29YK9G+CM3XVPQ8ygsQva+4/YoU1DVQRXFYTO1ERdn\n" + "QDV9kmJKvQOxbjchNkLLMdBWee/WpJtBDE4KcidAsbd/6eUIINVAD7Nm5uE39mDv\n" + "2ld4vup4j4A5dQNVhUd6iIYfkkwp9NnGMNGpgvSudPSHH8sFlfxXD8ysbD2wHeXL\n" + "S0Q4Ejypij7tEzy5KdUWqft1QqClHawc2hZ9KKnCHW3xoUsAWxcTIlsgqUUJOkXR\n" + "Qij2N+0SKrn6M6DSOiklCCunLUCUCceM7fiwYndhNFm5YvZq+m+Afnvxk5V7RnBu\n" + "DLoxPxkCAwEAAaN4MHYwDAYDVR0TAQH/BAIwADAVBgNVHREEDjAMggoxNzIuMTUu\n" + "Mi4xMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFFqnqgPcjDWmHm0PJNxKNeEx\n" + "Msk1MB8GA1UdIwQYMBaAFOnh1ZODb8QbrqHBHpWyyrEVTpanMA0GCSqGSIb3DQEB\n" + "CwUAA4IBgQArsZSxJdZ1W+y3m+y6f1Me3FB/XUscpHQ9cS0wlaikeqBvIru5zp7U\n" + "tLT8qRS7Q8fxsL6LWiOmW5Izi4A51DYJQ9bUEqSIbp9SIV78u5v0oO1bnb7d5SV+\n" + "BZm/zYuox2uTT9PSoB+iqQXUJ7brWdKe0NdPAzRpM928CqWJLPw0gn41GOIPN6wS\n" + "IH29CvqRABkxzIsI8IcxHb3/F+DxTnq6aICoWe2XPeL+RqB7moP6YAC9W/r+hds2\n" + "m8Gok+rGuG3VXk2vc/j1LRnGZfpCQV2L7e7b5eLyQ2Ce46fnxkQSTt4tc0//FTfr\n" + "6X9624hAOV6MSlkPHNBwVE42z8KsxJfPxeHX+YzFBXqBiQ/r/TvOHDt5Tsny6lXh\n" + "TDqlJ3NwdS/K9PAlLqhDiZwwakUS9lEY6IC7biP7mxNM8npzlqogfS07XTJgGxgb\n" + "FtcITJKW0NPA8cnyEAt9jcgaDWw/xbVV+pIytFuGL8pjHEQ4H9Ymu6ifLNlkyu/e\n" + "3XYCeqo17QE=\n" + "-----END CERTIFICATE-----\n"; + +char txt_ip_in_cn[] = + "CN=172.15.1.1\n" + "-----BEGIN CERTIFICATE-----\n" + "MIICCDCCAXGgAwIBAgIMWQXCYQfV3T9BXL4hMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwNDMwMTA1NDI1WhgPOTk5OTEyMzEyMzU5NTlaMBUx\n" + "EzARBgNVBAMTCjE3Mi4xNS4xLjEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\n" + "AM5hibrtVPezTZ018YR3DG+r71pTmfxVD1hWMAywQTMdut11Cg16dBtU/WJ6X3YF\n" + "b3MAtrJf7eHnaxPneY7j590eOcqiDmb0skUATuZrX4Su0QMP4ygTcXlzMAxOFYwQ\n" + "pd3d9LQiUxCVlg7fPI7BiqyWA1igBB34OaVbV0GHuJBVAgMBAAGjYTBfMAwGA1Ud\n" + "EwEB/wQCMAAwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUSXWLgTdjnYj1kv1g\n" + "TEGZep6b0MMwHwYDVR0jBBgwFoAU3rLZPebH2OG+u4iAlJ+zbDif4GYwDQYJKoZI\n" + "hvcNAQELBQADgYEAifPWTjcErYbxCqRZW5JhwaosOFHCJVboPsLrIM8W0HEJgqet\n" + "TwarBBiE0mzQKU3GtjGj1ZSxUI/jBg9bzC+fs25VtdlC9nIxi5tSDI/HOoBBgXNr\n" + "f0+Un2eHAxFcRZPWdPy1/mn83NUMnjquuA/HHcju+pcoZrEwAI3PPQHgsGQ=\n" + "-----END CERTIFICATE-----\n"; + + +void doit(void) +{ + gnutls_x509_crt_t x509; +#ifdef ENABLE_OPENPGP + gnutls_openpgp_crt_t pgp; +#endif + gnutls_datum_t data; + int ret; + + ret = global_init(); + if (ret < 0) + fail("global_init: %d\n", ret); + + ret = gnutls_x509_crt_init(&x509); + if (ret < 0) + fail("gnutls_x509_crt_init: %d\n", ret); + +#ifdef ENABLE_OPENPGP + ret = gnutls_openpgp_crt_init(&pgp); + if (ret < 0) + fail("gnutls_openpgp_crt_init: %d\n", ret); +#endif + if (debug) + success("Testing wildcards...\n"); + data.data = (unsigned char *) wildcards; + data.size = strlen(wildcards); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "example.org"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.example.net"); + if (ret==0) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + if (debug) + success("Testing pem1...\n"); + data.data = (unsigned char *) pem1; + data.size = strlen(pem1); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "foo"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + if (debug) + success("Testing pem2...\n"); + data.data = (unsigned char *) pem2; + data.size = strlen(pem2); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "foo"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.example.org"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "*.example.org"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + if (debug) + success("Testing pem3...\n"); + data.data = (unsigned char *) pem3; + data.size = strlen(pem3); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "foo"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.example.org"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "*.example.org"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + if (debug) + success("Testing pem4...\n"); + data.data = (unsigned char *) pem4; + data.size = strlen(pem4); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "foo"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.example.org"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname2(x509, "www.example.org", GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "foo.example.org"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "foo.example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + +#ifdef SUPPORT_COMPLEX_WILDCARDS + if (debug) + success("Testing pem6...\n"); + data.data = (unsigned char *) pem6; + data.size = strlen(pem6); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "foo.example.org"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "bar.foo.example.org"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + if (debug) + success("Testing pem7...\n"); + data.data = (unsigned char *) pem7; + data.size = strlen(pem7); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "foo.bar.example.org"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = + gnutls_x509_crt_check_hostname(x509, "foobar.bar.example.org"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "foobar.example.org"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = + gnutls_x509_crt_check_hostname(x509, "foobazbar.example.org"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); +#endif + + if (debug) + success("Testing pem8...\n"); + data.data = (unsigned char *) pem8; + data.size = strlen(pem8); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + /* this was passing in old gnutls versions, but that was not a + * good idea. See http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7380 + * for a discussion. */ + ret = gnutls_x509_crt_check_hostname(x509, "www.example.org"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.example."); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + /* this was passing in old gnutls versions, but that was not a + * good idea. See http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7380 + * for a discussion. */ + ret = gnutls_x509_crt_check_hostname(x509, "www.example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.example.foo.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + if (debug) + success("Testing pem9...\n"); + data.data = (unsigned char *) pem9; + data.size = strlen(pem9); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "foo.example.org"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "bar.example.org"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + if (debug) + success("Testing pem10...\n"); + data.data = (unsigned char *) pem10; + data.size = strlen(pem10); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "localhost"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + if (debug) + success("Testing pem_too_many...\n"); + data.data = (unsigned char *) pem_too_many; + data.size = strlen(pem_too_many); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = + gnutls_x509_crt_check_hostname(x509, + "localhost.gnutls.gnutls.org"); + if (ret) + fail("%d: Hostname verification should have failed (too many wildcards)\n", __LINE__); + + if (debug) + success("Testing pem-ips...\n"); + data.data = (unsigned char *) pem_ips; + data.size = strlen(pem_ips); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "127.0.0.2"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "127.0.0.1"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "192.168.5.1"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "::1"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "fe80::3e97:eff:fe18:359a"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + /* test that we don't fallback to CN matching if a supported SAN (IP addresses + * in that case) is found. */ + ret = gnutls_x509_crt_check_hostname(x509, "server-0"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + /* test flag GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES */ + ret = gnutls_x509_crt_check_hostname2(x509, "127.0.0.1", GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname2(x509, "::1", GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname2(x509, "127.0.0.2", GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + if (debug) + success("Testing multi-cns...\n"); + data.data = (unsigned char *) multi_cns; + data.size = strlen(multi_cns); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.example2.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "www.example3.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + if (debug) + success("Testing textual IPs...\n"); + data.data = (unsigned char *) txt_ip_in_names; + data.size = strlen(txt_ip_in_names); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "172.15.1.1"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "172.15.2.1"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + if (debug) + success("Testing textual IPs (CN)...\n"); + data.data = (unsigned char *) txt_ip_in_cn; + data.size = strlen(txt_ip_in_cn); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "172.15.1.1"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + +#ifdef ENABLE_OPENPGP + if (debug) + success("Testing pem11...\n"); + data.data = (unsigned char *) pem11; + data.size = strlen(pem11); + + ret = + gnutls_openpgp_crt_import(pgp, &data, + GNUTLS_OPENPGP_FMT_BASE64); + if (ret < 0) + fail("%d: gnutls_openpgp_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_openpgp_crt_check_hostname(pgp, "test.gnutls.org"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + gnutls_openpgp_crt_deinit(pgp); +#endif + gnutls_x509_crt_deinit(x509); + + gnutls_global_deinit(); +} diff --git a/tests/id-on-xmppAddr.c b/tests/id-on-xmppAddr.c new file mode 100644 index 0000000..c143f53 --- /dev/null +++ b/tests/id-on-xmppAddr.c @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2021 Steffen Jaeckel + * + * Author: Steffen Jaeckel + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include +#include +#include + +#include "utils.h" + +#define should_succeed(f) do{ int ret##__LINE__ = (f); if(ret##__LINE__ < 0) { fail(#f " failed %d\n", ret##__LINE__); } }while(0) + +void doit(void) +{ + int ret; + gnutls_x509_crt_t cert; + gnutls_datum_t data; + size_t name_len = 128; + char name[128]; + char path[256]; + const char *src; + const char *id_on_xmppAddr = + "very.long.username@so.the.asn1.length.is.a.valid.ascii.character"; + + src = getenv("srcdir"); + if (src == NULL) + src = "."; + + snprintf(path, sizeof(path), "%s/%s", src, "certs/id-on-xmppAddr.pem"); + + ret = global_init(); + if (ret < 0) + fail("init %d\n", ret); + + should_succeed(gnutls_x509_crt_init(&cert)); + should_succeed(gnutls_load_file(path, &data)); + should_succeed(gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM)); + ret = gnutls_x509_crt_get_subject_alt_name(cert, 0, name, &name_len, + NULL); + if (ret != GNUTLS_SAN_OTHERNAME_XMPP) + fail("did not recognize GNUTLS_SAN_OTHERNAME_XMPP"); + + if (strcmp(name, id_on_xmppAddr) != 0) + fail("xmppAddr not decoded correctly: %s", name); + + gnutls_free(data.data); + gnutls_x509_crt_deinit(cert); + gnutls_global_deinit(); +} diff --git a/tests/infoaccess.c b/tests/infoaccess.c new file mode 100644 index 0000000..71189ed --- /dev/null +++ b/tests/infoaccess.c @@ -0,0 +1,231 @@ +/* + * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "utils.h" + +static char cert_with_aia_data[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC\n" + "TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0\n" + "aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0\n" + "aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz\n" + "MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw\n" + "IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR\n" + "dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG\n" + "9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp\n" + "li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D\n" + "rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ\n" + "WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug\n" + "F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU\n" + "xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC\n" + "Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv\n" + "dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw\n" + "ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl\n" + "IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh\n" + "c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy\n" + "ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh\n" + "Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI\n" + "KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T\n" + "KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq\n" + "y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p\n" + "dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD\n" + "VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL\n" + "MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk\n" + "fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8\n" + "7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R\n" + "cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y\n" + "mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW\n" + "xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK\n" + "SnQ2+Q==\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t cert_with_aia = { + (void *) cert_with_aia_data, sizeof(cert_with_aia_data) +}; + +void doit(void) +{ + gnutls_x509_crt_t crt; + int ret; + gnutls_datum_t data; + unsigned int critical; + + ret = global_init(); + if (ret < 0) { + fail("global_init\n"); + exit(1); + } + + ret = gnutls_x509_crt_init(&crt); + if (ret != 0) { + fail("gnutls_x509_crt_init\n"); + exit(1); + } + + ret = + gnutls_x509_crt_import(crt, &cert_with_aia, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import\n"); + exit(1); + } + + /* test null input */ + ret = + gnutls_x509_crt_get_authority_info_access(NULL, 0, 0, NULL, + NULL); + if (ret != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_x509_crt_get_authority_info_access null input\n"); + exit(1); + } + + /* test unused enum */ + ret = + gnutls_x509_crt_get_authority_info_access(crt, 0, 44, NULL, + NULL); + if (ret != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_x509_crt_get_authority_info_access insane input\n"); + exit(1); + } + + /* test basic query with null output */ + ret = gnutls_x509_crt_get_authority_info_access + (crt, 0, GNUTLS_IA_ACCESSMETHOD_OID, NULL, NULL); + if (ret < 0) { + fail("gnutls_x509_crt_get_authority_info_access " + "GNUTLS_IA_ACCESSMETHOD_OID null output critical\n"); + exit(1); + } + + /* test same as previous but also check that critical flag is + correct */ + ret = gnutls_x509_crt_get_authority_info_access + (crt, 0, GNUTLS_IA_ACCESSMETHOD_OID, NULL, &critical); + if (ret < 0) { + fail("gnutls_x509_crt_get_authority_info_access " + "GNUTLS_IA_ACCESSMETHOD_OID null output\n"); + exit(1); + } + + if (critical != 0) { + fail("gnutls_x509_crt_get_authority_info_access " + "critical failed: %d\n", critical); + exit(1); + } + + /* basic query of another type */ + ret = gnutls_x509_crt_get_authority_info_access + (crt, 0, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, NULL, + NULL); + if (ret < 0) { + fail("gnutls_x509_crt_get_authority_info_access " + "GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE null output\n"); + exit(1); + } + + /* basic query of another type, with out-of-bound sequence */ + ret = gnutls_x509_crt_get_authority_info_access + (crt, 1, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, NULL, + NULL); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fail("gnutls_x509_crt_get_authority_info_access " + "GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE out-of-bounds\n"); + exit(1); + } + + /* basic query and check output value */ + ret = gnutls_x509_crt_get_authority_info_access + (crt, 0, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL); + if (ret < 0) { + fail("gnutls_x509_crt_get_authority_info_access " + "GNUTLS_IA_ACCESSMETHOD_OID\n"); + exit(1); + } + + if (memcmp("1.3.6.1.5.5.7.48.1", data.data, data.size) != 0) { + fail("memcmp OCSP OID failed\n"); + exit(1); + } + gnutls_free(data.data); + + /* basic query of another type and check output value */ + ret = gnutls_x509_crt_get_authority_info_access + (crt, 0, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data, + NULL); + if (ret < 0) { + fail("gnutls_x509_crt_get_authority_info_access " + "GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE\n"); + exit(1); + } + + if (memcmp("uniformResourceIdentifier", data.data, data.size) != 0) { + fail("memcmp URI failed\n"); + exit(1); + } + gnutls_free(data.data); + + /* specific query */ + ret = gnutls_x509_crt_get_authority_info_access + (crt, 0, GNUTLS_IA_URI, &data, NULL); + if (ret < 0) { + fail("gnutls_x509_crt_get_authority_info_access GNUTLS_IA_URI\n"); + exit(1); + } + + if (memcmp + ("https://ocsp.quovadisoffshore.com", data.data, + data.size) != 0) { + fail("memcmp URI value failed\n"); + exit(1); + } + gnutls_free(data.data); + + /* even more specific query */ + ret = gnutls_x509_crt_get_authority_info_access + (crt, 0, GNUTLS_IA_OCSP_URI, &data, NULL); + if (ret < 0) { + fail("gnutls_x509_crt_get_authority_info_access GNUTLS_IA_OCSP_URI\n"); + exit(1); + } + + if (memcmp + ("https://ocsp.quovadisoffshore.com", data.data, + data.size) != 0) { + fail("memcmp URI value failed\n"); + exit(1); + } + gnutls_free(data.data); + + gnutls_x509_crt_deinit(crt); + + gnutls_global_deinit(); + +} diff --git a/tests/init_roundtrip.c b/tests/init_roundtrip.c new file mode 100644 index 0000000..4160b61 --- /dev/null +++ b/tests/init_roundtrip.c @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#include "utils.h" + +/* See . */ + +void doit(void) +{ + int res; + + res = global_init(); + if (res != 0) + fail("global_init\n"); + + gnutls_global_deinit(); + + res = global_init(); + if (res != 0) + fail("global_init2\n"); + + gnutls_global_deinit(); + + if (debug) + success("init-deinit round-trip success\n"); +} diff --git a/tests/insecure_key.c b/tests/insecure_key.c new file mode 100644 index 0000000..3a95460 --- /dev/null +++ b/tests/insecure_key.c @@ -0,0 +1,112 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* Test for detection of certificates with insecure keys (too small) + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1474109119; + if (t) + *t = then; + + return then; +} + +void doit(void) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_certificate_credentials_t clicred; + int ret; + unsigned status; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_x509_key_mem2(x509_cred, &server_ca3_localhost_insecure_cert, &server_ca3_localhost_insecure_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("%s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_x509_key_mem2(x509_cred, &server_ca3_localhost6_cert_chain, &server_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("%s\n", gnutls_strerror(ret)); + + test_cli_serv(x509_cred, clicred, "NORMAL", "localhost6", NULL, NULL, NULL); + status = test_cli_serv_vf(x509_cred, clicred, "NORMAL", "localhost"); + + assert(status == (GNUTLS_CERT_INVALID|GNUTLS_CERT_INSECURE_ALGORITHM)); + + gnutls_certificate_free_credentials(x509_cred); + gnutls_certificate_free_credentials(clicred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} + diff --git a/tests/iov.c b/tests/iov.c new file mode 100644 index 0000000..2acd2b5 --- /dev/null +++ b/tests/iov.c @@ -0,0 +1,269 @@ +/* + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "gnutls_int.h" +#include "../lib/iov.h" + +#include "utils.h" + +struct exp_st { + ssize_t ret; + size_t iov_index; + size_t iov_offset; +}; + +struct test_st { + const char *name; + const giovec_t *iov; + size_t iovcnt; + size_t block_size; + const struct exp_st *exp; + size_t expcnt; +}; + +static const giovec_t iov16[] = { + {(void *) "0123456789012345", 16}, + {(void *) "0123456789012345", 16}, + {(void *) "0123456789012345", 16}, + {(void *) "0123456789012345", 16} +}; + +static const struct exp_st exp16_64[] = { + {64, 4, 0}, + {0, 0, 0} +}; + +static const struct exp_st exp16_32[] = { + {32, 2, 0}, + {32, 4, 0}, + {0, 0, 0} +}; + +static const struct exp_st exp16_16[] = { + {16, 1, 0}, + {16, 2, 0}, + {16, 3, 0}, + {16, 4, 0}, + {0, 0, 0} +}; + +static const struct exp_st exp16_4[] = { + {16, 1, 0}, + {16, 2, 0}, + {16, 3, 0}, + {16, 4, 0}, + {0, 0, 0} +}; + +static const struct exp_st exp16_3[] = { + {15, 0, 15}, + {3, 1, 2}, + {12, 1, 14}, + {3, 2, 1}, + {15, 3, 0}, + {15, 3, 15}, + {1, 4, 0}, + {0, 0, 0} +}; + +static const giovec_t iov8[] = { + {(void *) "01234567", 8}, + {(void *) "01234567", 8}, + {(void *) "01234567", 8}, + {(void *) "01234567", 8} +}; + +static const struct exp_st exp8_64[] = { + {32, 4, 0}, + {0, 0, 0} +}; + +static const giovec_t iov_odd[] = { + {(void *) "0", 1}, + {(void *) "012", 3}, + {(void *) "01234", 5}, + {(void *) "0123456", 7}, + {(void *) "012345678", 9}, + {(void *) "01234567890", 11}, + {(void *) "0123456789012", 13}, + {(void *) "012345678901234", 15} +}; + +static const struct exp_st exp_odd_16[] = { + {16, 4, 0}, + {16, 5, 7}, + {16, 6, 12}, + {16, 8, 0}, + {0, 0, 0} +}; + +static const giovec_t iov_skip[] = { + {(void *) "0123456789012345", 16}, + {(void *) "01234567", 8}, + {(void *) "", 0}, + {(void *) "", 0}, + {(void *) "0123456789012345", 16} +}; + +static const struct exp_st exp_skip_16[] = { + {16, 1, 0}, + {16, 4, 8}, + {8, 5, 0}, + {0, 0, 0} +}; + +static const giovec_t iov_empty[] = { + {(void *) "", 0}, + {(void *) "", 0}, + {(void *) "", 0}, + {(void *) "", 0} +}; + +static const struct exp_st exp_empty_16[] = { + {0, 0, 0} +}; + +static const struct test_st tests[] = { + { "16/64", iov16, sizeof(iov16)/sizeof(iov16[0]), 64, + exp16_64, sizeof(exp16_64)/sizeof(exp16_64[0]) }, + { "16/32", iov16, sizeof(iov16)/sizeof(iov16[0]), 32, + exp16_32, sizeof(exp16_32)/sizeof(exp16_32[0]) }, + { "16/16", iov16, sizeof(iov16)/sizeof(iov16[0]), 16, + exp16_16, sizeof(exp16_16)/sizeof(exp16_16[0]) }, + { "16/4", iov16, sizeof(iov16)/sizeof(iov16[0]), 4, + exp16_4, sizeof(exp16_4)/sizeof(exp16_4[0]) }, + { "16/3", iov16, sizeof(iov16)/sizeof(iov16[0]), 3, + exp16_3, sizeof(exp16_3)/sizeof(exp16_3[0]) }, + { "8/64", iov8, sizeof(iov8)/sizeof(iov8[0]), 64, + exp8_64, sizeof(exp8_64)/sizeof(exp8_64[0]) }, + { "odd/16", iov_odd, sizeof(iov_odd)/sizeof(iov_odd[0]), 16, + exp_odd_16, sizeof(exp_odd_16)/sizeof(exp_odd_16[0]) }, + { "skip/16", iov_skip, sizeof(iov_skip)/sizeof(iov_skip[0]), 16, + exp_skip_16, sizeof(exp_skip_16)/sizeof(exp_skip_16[0]) }, + { "empty/16", iov_empty, sizeof(iov_empty)/sizeof(iov_empty[0]), 16, + exp_empty_16, sizeof(exp_empty_16)/sizeof(exp_empty_16[0]) }, +}; + +static void +copy(giovec_t *dst, uint8_t *buffer, const giovec_t *src, size_t iovcnt) +{ + uint8_t *p = buffer; + size_t i; + + for (i = 0; i < iovcnt; i++) { + dst[i].iov_base = p; + dst[i].iov_len = src[i].iov_len; + memcpy(dst[i].iov_base, src[i].iov_base, src[i].iov_len); + p += src[i].iov_len; + } +} + +static void +translate(uint8_t *data, size_t len) +{ + for (; len > 0; len--) { + uint8_t *p = &data[len - 1]; + if (*p >= '0' && *p <= '9') + *p = 'A' + *p - '0'; + else if (*p >= 'A' && *p <= 'Z') + *p = '0' + *p - 'A'; + } +} + +#define MAX_BUF 1024 +#define MAX_IOV 16 + +void +doit (void) +{ + uint8_t buffer[MAX_BUF]; + size_t i; + + for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) { + giovec_t iov[MAX_IOV]; + struct iov_iter_st iter; + const struct exp_st *exp = tests[i].exp; + uint8_t *data; + size_t j; + + copy(iov, buffer, tests[i].iov, tests[i].iovcnt); + + success("%s\n", tests[i].name); + assert(_gnutls_iov_iter_init(&iter, + iov, tests[i].iovcnt, + tests[i].block_size) == 0); + for (j = 0; j < tests[i].expcnt; j++) { + ssize_t ret; + + ret = _gnutls_iov_iter_next(&iter, &data); + if (ret != exp[j].ret) + fail("iov_iter_next: %d != %d\n", + (int) ret, (int) exp[j].ret); + else if (debug) + success("iov_iter_next: %d == %d\n", + (int) ret, (int) exp[j].ret); + if (ret == 0) + break; + if (ret > 0) { + if (iter.iov_index != exp[j].iov_index) + fail("iter.iov_index: %u != %u\n", + (unsigned) iter.iov_index, (unsigned) exp[j].iov_index); + else if (debug) + success("iter.iov_index: %u == %u\n", + (unsigned) iter.iov_index, (unsigned) exp[j].iov_index); + if (iter.iov_offset != exp[j].iov_offset) + fail("iter.iov_offset: %u != %u\n", + (unsigned) iter.iov_offset, (unsigned) exp[j].iov_offset); + else if (debug) + success("iter.iov_offset: %u == %u\n", + (unsigned) iter.iov_offset, (unsigned) exp[j].iov_offset); + if (iter.block_offset != 0) + fail("iter.block_offset: %u != 0\n", + (unsigned) iter.block_offset); + else if (debug) + success("iter.block_offset: %u == 0\n", + (unsigned) iter.block_offset); + + translate(data, ret); + + ret = _gnutls_iov_iter_sync(&iter, data, ret); + if (ret < 0) + fail("sync failed\n"); + } + } + + for (j = 0; j < tests[i].iovcnt; j++) { + translate(iov[j].iov_base, iov[j].iov_len); + + if (memcmp(iov[j].iov_base, tests[i].iov[j].iov_base, + iov[j].iov_len) != 0) + fail("iov doesn't match: %*s != %*s\n", + (int)iov[j].iov_len, + (char *)iov[j].iov_base, + (int)tests[i].iov[j].iov_len, + (char *)tests[i].iov[j].iov_len); + } + } +} diff --git a/tests/ip-check.c b/tests/ip-check.c new file mode 100644 index 0000000..8443864 --- /dev/null +++ b/tests/ip-check.c @@ -0,0 +1,212 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#ifdef ENABLE_OPENPGP +#include +#endif + +#include "utils.h" + +/* + * A self-test of the IP matching algorithm. See + * name-constraints-ip.c for lower level checks. + */ + +char pem_ips[] = "\n" + "X.509 Certificate Information:\n" + " Version: 3\n" + " Serial Number (hex): 00\n" + " Issuer: CN=server-0\n" + " Validity:\n" + " Not Before: Fri Jun 27 09:14:36 UTC 2014\n" + " Not After: Fri Dec 31 23:59:59 UTC 9999\n" + " Subject: CN=server-0\n" + " Subject Public Key Algorithm: RSA\n" + " Algorithm Security Level: Medium (2048 bits)\n" + " Modulus (bits 2048):\n" + " 00:c1:56:12:f6:c3:c7:e3:4c:7e:ff:04:4e:88:1d:67\n" + " a7:f3:4d:64:cc:12:a7:ff:50:aa:5c:31:b9:3c:d1:d1\n" + " ba:78:2c:7d:dd:54:4a:cd:5a:f2:38:8b:b2:c5:26:7e\n" + " 25:05:36:b6:92:e6:1d:c3:00:39:a0:c5:1c:b5:63:3d\n" + " 00:e9:b4:b5:75:a7:14:b1:ff:a0:03:9d:ba:77:da:e5\n" + " de:21:fb:56:da:06:9d:84:57:53:3d:08:45:45:20:fd\n" + " e7:60:65:2e:55:60:db:d3:91:da:64:ff:c4:42:42:54\n" + " 77:cb:47:54:68:1e:b4:62:ad:8a:3c:0a:28:89:cb:d3\n" + " 81:d3:15:9a:1d:67:90:51:83:90:6d:fb:a1:0e:54:6b\n" + " 29:d7:ef:79:19:14:f6:0d:82:73:8f:79:58:0e:af:0e\n" + " cc:bd:17:ab:b5:a2:1f:76:a1:9f:4b:7b:e8:f9:7b:28\n" + " 56:cc:f1:5b:0e:93:c9:e5:44:2f:2d:0a:22:7d:0b:2b\n" + " 30:84:c3:1e:d6:4d:63:5b:41:51:83:d4:b5:09:f4:cc\n" + " ab:ad:51:1b:8e:a1:f6:b1:27:5b:43:3c:bc:ae:10:93\n" + " d4:ce:3b:10:ca:3f:22:dd:9e:a8:3f:4a:a6:a8:cd:8f\n" + " d0:6a:e0:40:26:28:0f:af:0e:13:e1:ac:b9:ac:41:cc\n" + " 5d\n" + " Exponent (bits 24):\n" + " 01:00:01\n" + " Extensions:\n" + " Basic Constraints (critical):\n" + " Certificate Authority (CA): TRUE\n" + " Subject Alternative Name (not critical):\n" + " IPAddress: 127.0.0.1\n" + " IPAddress: 192.168.5.1\n" + " IPAddress: 10.100.2.5\n" + " IPAddress: 0:0:0:0:0:0:0:1\n" + " IPAddress: fe80:0:0:0:3e97:eff:fe18:359a\n" + " Key Usage (critical):\n" + " Certificate signing.\n" + " Subject Key Identifier (not critical):\n" + " bd3d0b6cab6b33d8a8e1ed15b7ab17587cc2a09f\n" + " Signature Algorithm: RSA-SHA256\n" + " Signature:\n" + " 02:22:52:4b:69:e5:4f:f8:17:0a:46:34:d1:ec:6b:f5\n" + " ae:5b:fc:e2:00:ca:1f:f0:1d:74:91:9c:85:0a:a7:06\n" + " 3d:fa:93:0d:35:85:ea:3e:01:9f:9e:bc:52:72:95:b2\n" + " 8a:3a:78:6e:d2:5d:4d:60:88:2b:be:6f:68:75:c7:19\n" + " ac:c9:ea:ab:74:f6:62:4d:30:1e:87:e4:70:1e:96:f4\n" + " 0b:48:ef:c9:28:14:6f:fa:c1:7b:d3:ef:b3:d8:52:90\n" + " 5d:20:d0:aa:8b:10:ab:74:86:46:be:cb:6c:93:54:60\n" + " bc:6e:d6:4d:b2:1e:25:65:38:52:5b:6c:b4:57:8f:0f\n" + " 26:4f:36:ea:42:eb:71:68:93:f3:a9:7a:66:5c:b6:07\n" + " 7d:15:b5:f4:b8:5c:7c:e0:cd:d0:fa:5b:2a:6b:fd:4c\n" + " 71:12:45:d0:37:9e:cf:90:59:6e:fd:ba:3a:8b:ca:37\n" + " 01:cc:6f:e0:32:c7:9e:a4:ea:61:2c:e5:ad:66:73:80\n" + " 5c:5e:0c:44:ec:c2:74:b8:fe:6e:66:af:76:cc:30:10\n" + " 1f:3a:ac:34:36:e6:5b:72:f3:ee:5a:68:c3:43:37:56\n" + " c3:08:02:3c:96:1c:27:18:d0:38:fa:d7:51:4e:82:7d\n" + " fc:81:a2:23:c5:05:80:0e:b4:ba:d3:19:39:74:9c:74\n" + "Other Information:\n" + " SHA1 fingerprint:\n" + " 43536dd4198f6064c117c3825020b14c108f9a34\n" + " SHA256 fingerprint:\n" + " 5ab6626aa069da15650edcfff7305767ff5b8d338289f851a624ea89b50ff06a\n" + " Public Key ID:\n" + " bd3d0b6cab6b33d8a8e1ed15b7ab17587cc2a09f\n" + " Public key's random art:\n" + " +--[ RSA 2048]----+\n" + " | |\n" + " | . |\n" + " | . + |\n" + " | . .= . |\n" + " | .S+oo |\n" + " | E+.+ |\n" + " | . +. *.o |\n" + " | . oo.=..+ o |\n" + " | ooo.+Bo . |\n" + " +-----------------+\n" + "\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDKzCCAhOgAwIBAgIBADANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhzZXJ2\n" + "ZXItMDAiGA8yMDE0MDYyNzA5MTQzNloYDzk5OTkxMjMxMjM1OTU5WjATMREwDwYD\n" + "VQQDEwhzZXJ2ZXItMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFW\n" + "EvbDx+NMfv8ETogdZ6fzTWTMEqf/UKpcMbk80dG6eCx93VRKzVryOIuyxSZ+JQU2\n" + "tpLmHcMAOaDFHLVjPQDptLV1pxSx/6ADnbp32uXeIftW2gadhFdTPQhFRSD952Bl\n" + "LlVg29OR2mT/xEJCVHfLR1RoHrRirYo8CiiJy9OB0xWaHWeQUYOQbfuhDlRrKdfv\n" + "eRkU9g2Cc495WA6vDsy9F6u1oh92oZ9Le+j5eyhWzPFbDpPJ5UQvLQoifQsrMITD\n" + "HtZNY1tBUYPUtQn0zKutURuOofaxJ1tDPLyuEJPUzjsQyj8i3Z6oP0qmqM2P0Grg\n" + "QCYoD68OE+GsuaxBzF0CAwEAAaOBhTCBgjAPBgNVHRMBAf8EBTADAQH/MD8GA1Ud\n" + "EQQ4MDaHBH8AAAGHBMCoBQGHBApkAgWHEAAAAAAAAAAAAAAAAAAAAAGHEP6AAAAA\n" + "AAAAPpcO//4YNZowDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUvT0LbKtrM9io\n" + "4e0Vt6sXWHzCoJ8wDQYJKoZIhvcNAQELBQADggEBAAIiUktp5U/4FwpGNNHsa/Wu\n" + "W/ziAMof8B10kZyFCqcGPfqTDTWF6j4Bn568UnKVsoo6eG7SXU1giCu+b2h1xxms\n" + "yeqrdPZiTTAeh+RwHpb0C0jvySgUb/rBe9Pvs9hSkF0g0KqLEKt0hka+y2yTVGC8\n" + "btZNsh4lZThSW2y0V48PJk826kLrcWiT86l6Zly2B30VtfS4XHzgzdD6Wypr/Uxx\n" + "EkXQN57PkFlu/bo6i8o3Acxv4DLHnqTqYSzlrWZzgFxeDETswnS4/m5mr3bMMBAf\n" + "Oqw0NuZbcvPuWmjDQzdWwwgCPJYcJxjQOPrXUU6CffyBoiPFBYAOtLrTGTl0nHQ=\n" + "-----END CERTIFICATE-----\n" + ""; + +void doit(void) +{ + gnutls_x509_crt_t x509; + gnutls_datum_t data; + int ret; + + ret = global_init(); + if (ret < 0) + fail("global_init: %d\n", ret); + + ret = gnutls_x509_crt_init(&x509); + if (ret < 0) + fail("gnutls_x509_crt_init: %d\n", ret); + + data.data = (unsigned char *) pem_ips; + data.size = strlen(pem_ips); + + ret = gnutls_x509_crt_import(x509, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("%d: gnutls_x509_crt_import: %d\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "127.0.0.2"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "example.com"); + if (ret) + fail("%d: Hostname incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "127.0.0.1"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "192.168.5.1"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "::1"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_hostname(x509, "fe80::3e97:eff:fe18:359a"); + if (!ret) + fail("%d: Hostname incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_ip(x509, (unsigned char*)"\x7f\x00\x00\x02", 4, 0); + if (ret) + fail("%d: IP incorrectly matches (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_ip(x509, (unsigned char*)"\x7f\x00\x00\x01", 4, 0); + if (!ret) + fail("%d: IP incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_ip(x509, (unsigned char*)"\xc0\xa8\x05\x01", 4, 0); + if (!ret) + fail("%d: IP incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_ip(x509, (unsigned char*)"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 16, 0); + if (!ret) + fail("%d: IP incorrectly does not match (%d)\n", __LINE__, ret); + + ret = gnutls_x509_crt_check_ip(x509, (unsigned char*)"\xfe\x80\x00\x00\x00\x00\x00\x00\x3e\x97\x0e\xff\xfe\x18\x35\x9a", 16, 0); + if (!ret) + fail("%d: IP incorrectly does not match (%d)\n", __LINE__, ret); + + gnutls_x509_crt_deinit(x509); + + gnutls_global_deinit(); +} diff --git a/tests/ip-utils.c b/tests/ip-utils.c new file mode 100644 index 0000000..59977df --- /dev/null +++ b/tests/ip-utils.c @@ -0,0 +1,152 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Authors: Nikos Mavrogiannopoulos, Martin Ukrop + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef _WIN32 +# include +# include + +#define BUILD_IN_TESTS +#include "../lib/x509/ip-in-cidr.h" + +#define _MATCH_FUNC(fname, CIDR, IP, status) \ +static void fname(void **glob_state) \ +{ \ + gnutls_datum_t dcidr; \ + const char cidr[] = CIDR; \ + const char ip[] = IP; \ + char xip[4]; \ + gnutls_datum_t dip = {(unsigned char*)xip, sizeof(xip)}; \ + assert_int_equal(gnutls_x509_cidr_to_rfc5280(cidr, &dcidr), 0); \ + assert_int_equal(inet_pton(AF_INET, ip, xip), 1); \ + assert_int_equal(ip_in_cidr(&dip, &dcidr), status); \ + gnutls_free(dcidr.data); \ +} + +#define MATCH_FUNC_OK(fname, CIDR, IP) _MATCH_FUNC(fname, CIDR, IP, 1) +#define MATCH_FUNC_NOT_OK(fname, CIDR, IP) _MATCH_FUNC(fname, CIDR, IP, 0) + +MATCH_FUNC_OK(check_ip1_match, "192.168.1.0/24", "192.168.1.128"); +MATCH_FUNC_OK(check_ip2_match, "192.168.1.0/24", "192.168.1.1"); +MATCH_FUNC_OK(check_ip3_match, "192.168.1.0/24", "192.168.1.0"); +MATCH_FUNC_OK(check_ip4_match, "192.168.1.0/28", "192.168.1.0"); +MATCH_FUNC_OK(check_ip5_match, "192.168.1.0/28", "192.168.1.14"); + +MATCH_FUNC_NOT_OK(check_ip1_not_match, "192.168.1.0/24", "192.168.2.128"); +MATCH_FUNC_NOT_OK(check_ip2_not_match, "192.168.1.0/24", "192.168.128.1"); +MATCH_FUNC_NOT_OK(check_ip3_not_match, "192.168.1.0/24", "193.168.1.0"); +MATCH_FUNC_NOT_OK(check_ip4_not_match, "192.168.1.0/28", "192.168.1.16"); +MATCH_FUNC_NOT_OK(check_ip5_not_match, "192.168.1.0/28", "192.168.1.64"); +MATCH_FUNC_NOT_OK(check_ip6_not_match, "192.168.1.0/24", "10.0.0.0"); +MATCH_FUNC_NOT_OK(check_ip7_not_match, "192.168.1.0/24", "192.169.1.0"); + +#define CIDR_MATCH(fname, CIDR, EXPECTED) \ +static void fname(void **glob_state) \ +{ \ + gnutls_datum_t dcidr; \ + const char cidr[] = CIDR; \ + assert_int_equal(gnutls_x509_cidr_to_rfc5280(cidr, &dcidr), 0); \ + assert_memory_equal(EXPECTED, dcidr.data, dcidr.size); \ + gnutls_free(dcidr.data); \ +} + +#define CIDR_FAIL(fname, CIDR) \ +static void fname(void **glob_state) \ +{ \ + gnutls_datum_t dcidr; \ + const char cidr[] = CIDR; \ + assert_int_not_equal(gnutls_x509_cidr_to_rfc5280(cidr, &dcidr), 0); \ +} + +CIDR_MATCH(check_cidr_ok1, "0.0.0.0/32","\x00\x00\x00\x00\xff\xff\xff\xff"); +CIDR_MATCH(check_cidr_ok2, "192.168.1.1/12", "\xc0\xa0\x00\x00\xff\xf0\x00\x00"); +CIDR_MATCH(check_cidr_ok3, "192.168.1.1/0", "\x00\x00\x00\x00\x00\x00\x00\x00"); +CIDR_MATCH(check_cidr_ok4, "::/19", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"); +CIDR_MATCH(check_cidr_ok5, "::1/128", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"); +CIDR_MATCH(check_cidr_ok6, "2001:db8::/48", "\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"); + +CIDR_FAIL(check_cidr_fail1, "0.0.0.0/100"); +CIDR_FAIL(check_cidr_fail2, "1.2.3.4/-1"); +CIDR_FAIL(check_cidr_fail3, "1.300.3.4/-1"); +CIDR_FAIL(check_cidr_fail4, "1.2.3/-1"); +CIDR_FAIL(check_cidr_fail5, "1.2.3.4.5/-1"); +CIDR_FAIL(check_cidr_fail6, "1.2.3.4"); +CIDR_FAIL(check_cidr_fail7, ":://128"); +CIDR_FAIL(check_cidr_fail8, "192.168.1.1/"); +CIDR_FAIL(check_cidr_fail9, "192.168.1.1/33"); +CIDR_FAIL(check_cidr_fail10, "::/"); +CIDR_FAIL(check_cidr_fail11, "::/129"); + +int main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(check_ip1_match), + cmocka_unit_test(check_ip2_match), + cmocka_unit_test(check_ip3_match), + cmocka_unit_test(check_ip4_match), + cmocka_unit_test(check_ip5_match), + cmocka_unit_test(check_ip1_not_match), + cmocka_unit_test(check_ip2_not_match), + cmocka_unit_test(check_ip3_not_match), + cmocka_unit_test(check_ip4_not_match), + cmocka_unit_test(check_ip5_not_match), + cmocka_unit_test(check_ip6_not_match), + cmocka_unit_test(check_ip7_not_match), + + cmocka_unit_test(check_cidr_ok1), + cmocka_unit_test(check_cidr_ok2), + cmocka_unit_test(check_cidr_ok3), + cmocka_unit_test(check_cidr_ok4), + cmocka_unit_test(check_cidr_ok5), + cmocka_unit_test(check_cidr_ok6), + + cmocka_unit_test(check_cidr_fail1), + cmocka_unit_test(check_cidr_fail2), + cmocka_unit_test(check_cidr_fail3), + cmocka_unit_test(check_cidr_fail4), + cmocka_unit_test(check_cidr_fail5), + cmocka_unit_test(check_cidr_fail6), + cmocka_unit_test(check_cidr_fail7), + cmocka_unit_test(check_cidr_fail8), + cmocka_unit_test(check_cidr_fail9), + cmocka_unit_test(check_cidr_fail10), + cmocka_unit_test(check_cidr_fail11), + }; + return cmocka_run_group_tests(tests, NULL, NULL); +} +#else +int main(void) +{ + exit(77); +} +#endif diff --git a/tests/kdf-api.c b/tests/kdf-api.c new file mode 100644 index 0000000..9724502 --- /dev/null +++ b/tests/kdf-api.c @@ -0,0 +1,205 @@ +/* + * Copyright (C) 2020 Red Hat, Inc. + * + * Author: Daiki Ueno + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#include "config.h" + +#include +#include + +#include +#include + +#include "utils.h" + +#define MAX_BUF 1024 + +static gnutls_fips140_context_t fips_context; +static gnutls_fips140_operation_state_t fips_state; + +#define FIPS_PUSH_CONTEXT() do { \ + if (gnutls_fips140_mode_enabled()) { \ + ret = gnutls_fips140_push_context(fips_context); \ + if (ret < 0) { \ + fail("gnutls_fips140_push_context failed\n"); \ + } \ + } \ +} while (0) + +#define FIPS_POP_CONTEXT(state) do { \ + if (gnutls_fips140_mode_enabled()) { \ + ret = gnutls_fips140_pop_context(); \ + if (ret < 0) { \ + fail("gnutls_fips140_context_pop failed\n"); \ + } \ + fips_state = gnutls_fips140_get_operation_state(fips_context); \ + if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \ + fail("operation state is not " # state " (%d)\n", \ + fips_state); \ + } \ + } \ +} while (0) + +static void +test_hkdf(gnutls_mac_algorithm_t mac, + const char *ikm_hex, + const char *salt_hex, + const char *info_hex, + size_t length, + const char *prk_hex, + const char *okm_hex) +{ + gnutls_datum_t hex; + gnutls_datum_t ikm; + gnutls_datum_t salt; + gnutls_datum_t info; + gnutls_datum_t prk; + gnutls_datum_t okm; + uint8_t buf[MAX_BUF]; + int ret; + + success("HKDF test with %s\n", gnutls_mac_get_name(mac)); + + /* Test HKDF-Extract */ + hex.data = (void *)ikm_hex; + hex.size = strlen(ikm_hex); + assert(gnutls_hex_decode2(&hex, &ikm) >= 0); + + hex.data = (void *)salt_hex; + hex.size = strlen(salt_hex); + assert(gnutls_hex_decode2(&hex, &salt) >= 0); + + FIPS_PUSH_CONTEXT(); + assert(gnutls_hkdf_extract(mac, &ikm, &salt, buf) >= 0); + FIPS_POP_CONTEXT(NOT_APPROVED); + gnutls_free(ikm.data); + gnutls_free(salt.data); + + prk.data = buf; + prk.size = strlen(prk_hex) / 2; + assert(gnutls_hex_encode2(&prk, &hex) >= 0); + + if (strcmp((char *)hex.data, prk_hex)) + fail("prk doesn't match: %s != %s\n", + (char *)hex.data, prk_hex); + + gnutls_free(hex.data); + + /* Test HKDF-Expand */ + hex.data = (void *)info_hex; + hex.size = strlen(info_hex); + assert(gnutls_hex_decode2(&hex, &info) >= 0); + + FIPS_PUSH_CONTEXT(); + assert(gnutls_hkdf_expand(mac, &prk, &info, buf, + gnutls_hmac_get_len(mac) * 256) == + GNUTLS_E_INVALID_REQUEST); + FIPS_POP_CONTEXT(ERROR); + + FIPS_PUSH_CONTEXT(); + assert(gnutls_hkdf_expand(mac, &prk, &info, buf, length) >= 0); + FIPS_POP_CONTEXT(NOT_APPROVED); + + gnutls_free(info.data); + + okm.data = buf; + okm.size = strlen(okm_hex) / 2; + assert(gnutls_hex_encode2(&okm, &hex) >= 0); + + if (strcmp((char *)hex.data, okm_hex)) + fail("okm doesn't match: %s != %s\n", + (char *)hex.data, okm_hex); + + gnutls_free(hex.data); +} + +static void +test_pbkdf2(gnutls_mac_algorithm_t mac, + const char *ikm_hex, + const char *salt_hex, + unsigned iter_count, + size_t length, + const char *okm_hex) +{ + gnutls_datum_t hex; + gnutls_datum_t ikm; + gnutls_datum_t salt; + gnutls_datum_t okm; + uint8_t buf[MAX_BUF]; + int ret; + + success("PBKDF2 test with %s\n", gnutls_mac_get_name(mac)); + + hex.data = (void *)ikm_hex; + hex.size = strlen(ikm_hex); + assert(gnutls_hex_decode2(&hex, &ikm) >= 0); + + hex.data = (void *)salt_hex; + hex.size = strlen(salt_hex); + assert(gnutls_hex_decode2(&hex, &salt) >= 0); + + FIPS_PUSH_CONTEXT(); + assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0); + FIPS_POP_CONTEXT(APPROVED); + gnutls_free(ikm.data); + gnutls_free(salt.data); + + okm.data = buf; + okm.size = length; + assert(gnutls_hex_encode2(&okm, &hex) >= 0); + + if (strcmp((char *)hex.data, okm_hex)) + fail("okm doesn't match: %s != %s\n", + (char *)hex.data, okm_hex); + + gnutls_free(hex.data); +} + +void +doit(void) +{ + assert(gnutls_fips140_context_init(&fips_context) >= 0); + + /* Test vector from RFC 5869. More thorough testing is done + * in nettle. */ + test_hkdf(GNUTLS_MAC_SHA256, + "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b" + "0b0b0b0b0b0b", + "000102030405060708090a0b0c", + "f0f1f2f3f4f5f6f7f8f9", + 42, + "077709362c2e32df0ddc3f0dc47bba63" + "90b6c73bb50f9c3122ec844ad7c2b3e5", + "3cb25f25faacd57a90434f64d0362f2a" + "2d2d0a90cf1a5a4c5db02d56ecc4c5bf" + "34007208d5b887185865"); + + /* Test vector from RFC 6070. More thorough testing is done + * in nettle. */ + test_pbkdf2(GNUTLS_MAC_SHA1, + "70617373776f7264", /* "password" */ + "73616c74", /* "salt" */ + 4096, + 20, + "4b007901b765489abead49d926f721d065a429c1"); + + gnutls_fips140_context_deinit(fips_context); +} diff --git a/tests/key-export-pkcs8.c b/tests/key-export-pkcs8.c new file mode 100644 index 0000000..9956e50 --- /dev/null +++ b/tests/key-export-pkcs8.c @@ -0,0 +1,255 @@ +/* + * Copyright (C) 2018 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +unsigned char dsa_p[] = "\x00\xb9\x84\xf5\x5a\x81\xbe\x1a\x0d\xc5\x8a\x73\x8f\x0c\x9b\x2f\x9b\xb6\x0e\x4b\xc3\x74\x1a\x7f\x64\xad\x9d\xf3\x28\xc5\xa0\x47\xbc\x9b\x57\x56\xf1\x97\xd5\x7e\x37\x03\xe9\xf2\x4c\xf4\xe3\x8b\x7f\x30\xa3\x5d\x2f\xbb\xa1\xa2\x37\xc2\xea\x35\x8f\x1f\xb1\x5f\xa6\xa2\x5f\x01\xf1\x23\x36\x2b\xe4\x4f\x2f\x2d\xdd\x9d\xd5\x3a\xa6\x39\xaf\x7a\x51\x7c\xd2\x25\x8e\x97\x74\xcf\x1e\xc5\x7b\x4b\x76\x43\x81\x07\x1f\x06\x14\xb8\x6e\x58\x12\xe1\x90\xe2\x37\x6f\xd2\x1b\xec\x68\xc5\x58\xe2\xe6\x30\xe0\x6a\x5e\x2c\x63\x78\xec\x07"; +unsigned char dsa_q[] = "\x00\x9f\x56\x8c\x48\x64\x2f\xfe\x8d\xaa\x7a\x6d\x96\xdb\x04\x5d\x16\xef\x08\xa5\x71"; +unsigned char dsa_g[] = "\x62\x06\x7e\xe4\x5c\x76\x08\xb7\x46\x1a\x5d\xd7\x97\xd4\x2a\x21\xfb\x1f\x31\xc9\xd2\xf4\xfa\x39\xd8\x27\xd1\x9b\xfc\x27\x5d\xa7\x0a\xa7\x1a\xfc\x53\xc1\x2f\x43\xc2\x37\xc8\x85\x7f\x3d\x4c\xab\x5d\x81\x32\xfb\x1d\x5e\x1e\x54\x11\x16\x20\xc6\x80\x5a\xd9\x8c\x9b\x43\xf0\xdd\x6b\xa0\xf4\xc3\xf2\x8a\x9c\x39\xd2\x1c\x7b\x0f\xef\xfa\x28\x93\x8f\xd2\xa1\x22\xeb\xdc\xe0\x8a\x8b\xad\x28\x0e\xcf\xef\x09\x85\xe9\x36\xbd\x8b\x7a\x50\xd5\x7b\xf7\x25\x0d\x6c\x60\x11\xc4\xef\x70\x90\xcf\xd6\x1b\xeb\xbb\x8e\xc6\x3e\x3a\x97"; +unsigned char dsa_y[] = "\x0f\x8a\x87\x57\xf2\xd1\xc2\xdc\xac\xdf\x4b\x8b\x0f\x8b\xba\x29\xf7\xe1\x03\xe4\x55\xfa\xb2\x98\x07\xd6\xfd\x12\xb1\x80\xbc\xf5\xba\xb4\x50\xd4\x7f\xa0\x0e\x43\xe7\x9f\xc9\x78\x11\x5f\xe5\xe4\x0c\x2c\x6b\x6a\xa4\x35\xdc\xbd\x54\xe5\x60\x36\x9a\x31\xd1\x8a\x59\x6e\x6b\x1c\xba\xbd\x2e\xba\xeb\x7c\x87\xef\xda\xc8\xdd\xa1\xeb\xa4\x83\xe6\x8b\xad\xfa\xfa\x8e\x5b\xd7\x37\xc8\x32\x3e\x96\xc2\x3e\xf4\x43\xda\x7d\x91\x02\x0f\xb7\xbc\xf8\xef\x8f\xf7\x41\x00\x5e\x96\xdf\x0f\x08\x96\xdc\xea\xb2\xe9\x06\x82\xaf\xd2\x2f"; +unsigned char dsa_x[] = "\x4b\x9f\xeb\xff\x6c\x9a\x02\x83\x41\x5e\x37\x81\x8e\x00\x86\x31\xe8\xb6\x9b\xc1"; + +unsigned char rsa_m[] = "\x00\xbb\x66\x43\xf5\xf2\xc5\xd7\xb6\x8c\xcc\xc5\xdf\xf5\x88\x3b\xb1\xc9\x4b\x6a\x0e\xa1\xad\x20\x50\x40\x08\x80\xa1\x4f\x5c\xa3\xd0\xf8\x6c\xcf\xe6\x3c\xf7\xec\x04\x76\x13\x17\x8b\x64\x89\x22\x5b\xc0\xdd\x53\x7c\x3b\xed\x7c\x04\xbb\x80\xb9\x28\xbe\x8e\x9b\xc6\x8e\xa0\xa5\x12\xcb\xf5\x57\x1e\xa2\xe7\xbb\xb7\x33\x49\x9f\xe3\xbb\x4a\xae\x6a\x4d\x68\xff\xc9\x11\xe2\x32\x8d\xce\x3d\x80\x0b\x8d\x75\xef\xd8\x00\x81\x8f\x28\x04\x03\xa0\x22\x8d\x61\x04\x07\xfa\xb6\x37\x7d\x21\x07\x49\xd2\x09\x61\x69\x98\x90\xa3\x58\xa9"; +unsigned char rsa_e[] = "\x01\x00\x01"; +unsigned char rsa_d[] = "\x0e\x99\x80\x44\x6e\x42\x43\x14\xbe\x01\xeb\x0d\x90\x69\xa9\x6a\xe7\xa9\x88\x2c\xf5\x24\x11\x7f\x27\x09\xf2\x89\x7e\xaf\x13\x35\x21\xd1\x8a\x5d\xdf\xd4\x99\xce\xdc\x2b\x0f\x1b\xc5\x3c\x98\xd0\x68\xa5\x65\x8e\x69\x75\xce\x42\x69\x20\x35\x6c\xaa\xf1\xdd\xc9\x57\x6c\x7b\xc3\x3e\x42\x7e\xa1\xc3\x8c\x76\xa7\x9a\xe8\x81\xdb\xe1\x84\x82\xf5\x99\xd5\xa8\xee\x35\x9e\x54\x94\xc5\x44\xa0\x7b\xcc\xb7\x4c\x3e\xcd\xf2\x49\xdb\x5c\x21\x06\x85\xf6\x75\x00\x43\x62\x89\x12\xf9\x5d\x90\xed\xe6\xfd\xb4\x49\x14\x4a\x79\xe2\x4d"; +unsigned char rsa_p[] = "\x00\xd8\xcb\xe4\x65\x4e\x6c\x11\x0f\xa8\x72\xed\x4b\x4c\x8d\x1d\x07\xdc\x24\x99\x25\xe4\x3c\xb2\xf3\x02\xc4\x72\xe6\x3a\x5b\x86\xf4\x7d\x54\x2a\x4e\x79\x64\x16\x1f\x45\x3b\x17\x9e\x2a\x94\x90\x90\x59\xe7\x0b\x95\xd4\xbf\xa9\x47\xd1\x0a\x71\xaf\x3d\x6b\xed\x55"; +unsigned char rsa_q[] = "\x00\xdd\x49\x81\x7a\x5c\x04\xbf\x6b\xbd\x70\x05\x35\x42\x32\xa3\x9b\x08\xee\xd4\x98\x17\x6e\xb8\xc4\xa2\x12\xbe\xdc\x1e\x72\xd0\x44\x84\x5c\xf0\x30\x35\x04\xfd\x4e\xb0\xcc\xd6\x6f\x40\xcb\x16\x13\x58\xbc\x57\xf7\x77\x48\xe5\x0c\x0d\x14\x9b\x66\x6e\xd8\xde\x05"; +unsigned char rsa_u[] = "\x4a\x74\x5c\x95\x83\x54\xa3\xb0\x71\x35\xba\x02\x3a\x7d\x4a\x8c\x2d\x9a\x26\x77\x60\x36\x28\xd4\xb1\x7d\x8a\x06\xf8\x89\xa2\xef\xb1\x66\x46\x7d\xb9\xd4\xde\xbc\xa3\xbe\x46\xfa\x62\xe1\x63\x82\xdc\xdb\x64\x36\x47\x59\x00\xa8\xf3\xf7\x0e\xb4\xe0\x66\x3d\xd9"; +unsigned char rsa_e1[] = "\x45\x20\x96\x5e\x1b\x28\x68\x34\x46\xf1\x06\x6b\x09\x28\xc1\xc5\xfc\xd3\x0a\xa6\x43\x65\x7b\x65\xf3\x4e\xf2\x98\x28\xa9\x80\x99\xba\xd0\xb8\x80\xb7\x42\x4b\xaf\x82\xe2\xb9\xc0\x2c\x31\x9c\xfa\xfa\x3f\xaa\xb9\x06\xd2\x6a\x46\xc5\x08\x00\x81\xf1\x22\xd5\xd5"; +unsigned char rsa_e2[] = "\x00\xa6\x50\x60\xa7\xfe\x10\xf3\x6d\x9e\x6b\x5a\xfe\xb4\x4a\x2a\xfc\x92\xb2\x2d\xc6\x41\x96\x4d\xf8\x3b\x77\xab\x4a\xf4\xf7\x85\xe0\x79\x3b\x00\xaa\xba\xae\x8d\x53\x5f\x3e\x14\xcc\x78\xfe\x2a\x11\x50\x57\xfe\x25\x57\xd9\xc9\x8c\x4d\x28\x77\xc3\x7c\xfc\x31\xa1"; + +unsigned char ecc_x[] = "\x3c\x15\x6f\x1d\x48\x3e\x64\x59\x13\x2c\x6d\x04\x1a\x38\x0d\x30\x5c\xe4\x3f\x55\xcb\xd9\x17\x15\x46\x72\x71\x92\xc1\xf8\xc6\x33"; +unsigned char ecc_y[] = "\x3d\x04\x2e\xc8\xc1\x0f\xc0\x50\x04\x7b\x9f\xc9\x48\xb5\x40\xfa\x6f\x93\x82\x59\x61\x5e\x72\x57\xcb\x83\x06\xbd\xcc\x82\x94\xc1"; +unsigned char ecc_k[] = "\x00\xfd\x2b\x00\x80\xf3\x36\x5f\x11\x32\x65\xe3\x8d\x30\x33\x3b\x47\xf5\xce\xf8\x13\xe5\x4c\xc2\xcf\xfd\xe8\x05\x6a\xca\xc9\x41\xb1"; + +unsigned char false_ed25519_x[] = "\xac\xac\x9a\xb3\xc3\x41\x8d\x41\x22\x21\xc1\x84\xa7\xb8\x70\xfb\x44\x6e\xc7\x7e\x20\x87\x7b\xd9\x22\xa4\x5d\xd2\x97\x09\xd5\x48"; +unsigned char ed25519_x[] = "\xab\xaf\x98\xb3\xc3\x41\x8d\x41\x22\x21\xc1\x86\xa7\xb8\x70\xfb\x44\x6e\xc7\x7e\x20\x87\x7b\xd9\x22\xa4\x5d\xd2\x97\x09\xd5\x48"; +unsigned char ed25519_k[] = "\x1c\xa9\x23\xdc\x35\xa8\xfd\xd6\x2d\xa8\x98\xb9\x60\x7b\xce\x10\x3d\xf4\x64\xc6\xe5\x4b\x0a\x65\x56\x6a\x3c\x73\x65\x51\xa2\x2f"; + +unsigned char gost_x[] = "\xd0\xbb\xe9\xf4\xc6\xa8\x60\x3c\x73\x91\x44\x55\xcf\xbd\x50\xdd\x2c\x3d\x5a\xbc\x1a\xd8\x5e\x3c\xdf\x10\xdd\xd2\x63\x88\x0f\xc0"; +unsigned char gost_y[] = "\x8a\xec\x96\x3c\x0b\xc8\x33\xff\x57\x5f\x66\x78\x94\x39\xb4\xf5\x24\xc6\xba\x86\x41\xac\x43\x21\x6f\x3c\xb0\xfa\x56\xbd\x5b\x37"; +unsigned char gost_k[] = "\x47\x59\x41\x2c\x8a\xf8\x58\x1a\x67\xe0\xc3\x82\x1f\xca\x31\x19\x66\xf9\xd8\x43\xcd\x2f\x78\x23\x34\x98\x90\xb8\x14\x2e\x7f\xa5"; + +gnutls_datum_t _dsa_p = {dsa_p, sizeof(dsa_p)-1}; +gnutls_datum_t _dsa_q = {dsa_q, sizeof(dsa_q)-1}; +gnutls_datum_t _dsa_g = {dsa_g, sizeof(dsa_g)-1}; +gnutls_datum_t _dsa_y = {dsa_y, sizeof(dsa_y)-1}; +gnutls_datum_t _dsa_x = {dsa_x, sizeof(dsa_x)-1}; + +gnutls_datum_t _rsa_m = {rsa_m, sizeof(rsa_m)-1}; +gnutls_datum_t _rsa_e = {rsa_e, sizeof(rsa_e)-1}; +gnutls_datum_t _rsa_d = {rsa_d, sizeof(rsa_d)-1}; +gnutls_datum_t _rsa_p = {rsa_p, sizeof(rsa_p)-1}; +gnutls_datum_t _rsa_q = {rsa_q, sizeof(rsa_q)-1}; +gnutls_datum_t _rsa_u = {rsa_u, sizeof(rsa_u)-1}; +gnutls_datum_t _rsa_e1 = {rsa_e1, sizeof(rsa_e1)-1}; +gnutls_datum_t _rsa_e2 = {rsa_e2, sizeof(rsa_e2)-1}; + +gnutls_datum_t _ecc_x = {ecc_x, sizeof(ecc_x)-1}; +gnutls_datum_t _ecc_y = {ecc_y, sizeof(ecc_y)-1}; +gnutls_datum_t _ecc_k = {ecc_k, sizeof(ecc_k)-1}; + +gnutls_datum_t _false_ed25519_x = {false_ed25519_x, sizeof(false_ed25519_x)-1}; +gnutls_datum_t _ed25519_x = {ed25519_x, sizeof(ed25519_x)-1}; +gnutls_datum_t _ed25519_k = {ed25519_k, sizeof(ed25519_k)-1}; + +gnutls_datum_t _gost_x = {gost_x, sizeof(gost_x)-1}; +gnutls_datum_t _gost_y = {gost_y, sizeof(gost_y)-1}; +gnutls_datum_t _gost_k = {gost_k, sizeof(gost_k)-1}; + +static +int check_dsa(void) +{ + gnutls_x509_privkey_t key; + gnutls_datum_t out; + int ret; + + success("Checking DSA key operations\n"); + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_import_dsa_raw(key, &_dsa_p, &_dsa_q, &_dsa_g, &_dsa_y, &_dsa_x); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_export2_pkcs8(key, GNUTLS_X509_FMT_DER, NULL, 0, &out); + if (ret < 0 || out.size == 0) + fail("error in pkcs8 export\n"); + gnutls_free(out.data); + + gnutls_x509_privkey_deinit(key); + + return 0; +} + +static +int check_rsa(void) +{ + gnutls_x509_privkey_t key; + gnutls_datum_t out; + int ret; + + success("Checking RSA key operations\n"); + + /* RSA */ + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_import_rsa_raw2(key, &_rsa_m, &_rsa_e, &_rsa_d, &_rsa_p, &_rsa_q, &_rsa_u, &_rsa_e1, &_rsa_e2); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_export2_pkcs8(key, GNUTLS_X509_FMT_DER, NULL, 0, &out); + if (ret < 0 || out.size == 0) + fail("error in pkcs8 export\n"); + gnutls_free(out.data); + + gnutls_x509_privkey_deinit(key); + + return 0; +} + +static +int check_ed25519(void) +{ + gnutls_x509_privkey_t key; + gnutls_datum_t out; + int ret; + + success("Checking ed25519 key operations\n"); + + /* ECC */ + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_ed25519_x, NULL, &_ed25519_k); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_export2_pkcs8(key, GNUTLS_X509_FMT_DER, NULL, 0, &out); + if (ret < 0 || out.size == 0) + fail("error in pkcs8 export\n"); + gnutls_free(out.data); + + gnutls_x509_privkey_deinit(key); + + return 0; +} + +static +int check_gost(void) +{ +#ifdef ENABLE_GOST + gnutls_x509_privkey_t key; + gnutls_datum_t out; + int ret; + + success("Checking GOST key operations\n"); + + /* ECC */ + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_import_gost_raw(key, GNUTLS_ECC_CURVE_GOST256CPXA, GNUTLS_DIG_GOSTR_94, GNUTLS_GOST_PARAMSET_CP_A, &_gost_x, &_gost_y, &_gost_k); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_export2_pkcs8(key, GNUTLS_X509_FMT_DER, NULL, 0, &out); + if (ret < 0 || out.size == 0) + fail("error in pkcs8 export\n"); + gnutls_free(out.data); + + gnutls_x509_privkey_deinit(key); +#endif + + return 0; +} + +static +int check_ecc(void) +{ + gnutls_x509_privkey_t key; + gnutls_datum_t out; + int ret; + + success("Checking SECP256R1 key operations\n"); + + /* ECC */ + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_SECP256R1, &_ecc_x, &_ecc_y, &_ecc_k); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_export2_pkcs8(key, GNUTLS_X509_FMT_PEM, NULL, 0, &out); + if (ret < 0 || out.size == 0) + fail("error in pkcs8 export\n"); + + fprintf(stderr, "%s\n", out.data); + gnutls_free(out.data); + + gnutls_x509_privkey_deinit(key); + + return 0; +} + +void doit(void) +{ + if (check_dsa() != 0) { + fail("error in DSA check\n"); + exit(1); + } + + if (check_rsa() != 0) { + fail("error in RSA check\n"); + exit(1); + } + + if (check_ecc() != 0) { + fail("error in ecdsa check\n"); + } + + if (check_ed25519() != 0) { + fail("error in ed25519 check\n"); + } + + if (check_gost() != 0) { + fail("error in gost check\n"); + } +} diff --git a/tests/key-import-export.c b/tests/key-import-export.c new file mode 100644 index 0000000..18de0fd --- /dev/null +++ b/tests/key-import-export.c @@ -0,0 +1,1127 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "cert-common.h" + +static char rsa_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t rsa_key = { (void*)rsa_key_pem, + sizeof(rsa_key_pem) +}; + +static void dump(const char *name, unsigned char *buf, int buf_size) +{ + int i; + fprintf(stderr, "%s: ", name); + for (i = 0; i < buf_size; i++) + fprintf(stderr, "\\x%.2x", buf[i]); + fprintf(stderr, "\n"); +} + +unsigned char dsa_p[] = "\x00\xb9\x84\xf5\x5a\x81\xbe\x1a\x0d\xc5\x8a\x73\x8f\x0c\x9b\x2f\x9b\xb6\x0e\x4b\xc3\x74\x1a\x7f\x64\xad\x9d\xf3\x28\xc5\xa0\x47\xbc\x9b\x57\x56\xf1\x97\xd5\x7e\x37\x03\xe9\xf2\x4c\xf4\xe3\x8b\x7f\x30\xa3\x5d\x2f\xbb\xa1\xa2\x37\xc2\xea\x35\x8f\x1f\xb1\x5f\xa6\xa2\x5f\x01\xf1\x23\x36\x2b\xe4\x4f\x2f\x2d\xdd\x9d\xd5\x3a\xa6\x39\xaf\x7a\x51\x7c\xd2\x25\x8e\x97\x74\xcf\x1e\xc5\x7b\x4b\x76\x43\x81\x07\x1f\x06\x14\xb8\x6e\x58\x12\xe1\x90\xe2\x37\x6f\xd2\x1b\xec\x68\xc5\x58\xe2\xe6\x30\xe0\x6a\x5e\x2c\x63\x78\xec\x07"; +unsigned char dsa_q[] = "\x00\x9f\x56\x8c\x48\x64\x2f\xfe\x8d\xaa\x7a\x6d\x96\xdb\x04\x5d\x16\xef\x08\xa5\x71"; +unsigned char dsa_g[] = "\x62\x06\x7e\xe4\x5c\x76\x08\xb7\x46\x1a\x5d\xd7\x97\xd4\x2a\x21\xfb\x1f\x31\xc9\xd2\xf4\xfa\x39\xd8\x27\xd1\x9b\xfc\x27\x5d\xa7\x0a\xa7\x1a\xfc\x53\xc1\x2f\x43\xc2\x37\xc8\x85\x7f\x3d\x4c\xab\x5d\x81\x32\xfb\x1d\x5e\x1e\x54\x11\x16\x20\xc6\x80\x5a\xd9\x8c\x9b\x43\xf0\xdd\x6b\xa0\xf4\xc3\xf2\x8a\x9c\x39\xd2\x1c\x7b\x0f\xef\xfa\x28\x93\x8f\xd2\xa1\x22\xeb\xdc\xe0\x8a\x8b\xad\x28\x0e\xcf\xef\x09\x85\xe9\x36\xbd\x8b\x7a\x50\xd5\x7b\xf7\x25\x0d\x6c\x60\x11\xc4\xef\x70\x90\xcf\xd6\x1b\xeb\xbb\x8e\xc6\x3e\x3a\x97"; +unsigned char dsa_y[] = "\x0f\x8a\x87\x57\xf2\xd1\xc2\xdc\xac\xdf\x4b\x8b\x0f\x8b\xba\x29\xf7\xe1\x03\xe4\x55\xfa\xb2\x98\x07\xd6\xfd\x12\xb1\x80\xbc\xf5\xba\xb4\x50\xd4\x7f\xa0\x0e\x43\xe7\x9f\xc9\x78\x11\x5f\xe5\xe4\x0c\x2c\x6b\x6a\xa4\x35\xdc\xbd\x54\xe5\x60\x36\x9a\x31\xd1\x8a\x59\x6e\x6b\x1c\xba\xbd\x2e\xba\xeb\x7c\x87\xef\xda\xc8\xdd\xa1\xeb\xa4\x83\xe6\x8b\xad\xfa\xfa\x8e\x5b\xd7\x37\xc8\x32\x3e\x96\xc2\x3e\xf4\x43\xda\x7d\x91\x02\x0f\xb7\xbc\xf8\xef\x8f\xf7\x41\x00\x5e\x96\xdf\x0f\x08\x96\xdc\xea\xb2\xe9\x06\x82\xaf\xd2\x2f"; +unsigned char dsa_x[] = "\x4b\x9f\xeb\xff\x6c\x9a\x02\x83\x41\x5e\x37\x81\x8e\x00\x86\x31\xe8\xb6\x9b\xc1"; + +unsigned char rsa_m[] = "\x00\xbb\x66\x43\xf5\xf2\xc5\xd7\xb6\x8c\xcc\xc5\xdf\xf5\x88\x3b\xb1\xc9\x4b\x6a\x0e\xa1\xad\x20\x50\x40\x08\x80\xa1\x4f\x5c\xa3\xd0\xf8\x6c\xcf\xe6\x3c\xf7\xec\x04\x76\x13\x17\x8b\x64\x89\x22\x5b\xc0\xdd\x53\x7c\x3b\xed\x7c\x04\xbb\x80\xb9\x28\xbe\x8e\x9b\xc6\x8e\xa0\xa5\x12\xcb\xf5\x57\x1e\xa2\xe7\xbb\xb7\x33\x49\x9f\xe3\xbb\x4a\xae\x6a\x4d\x68\xff\xc9\x11\xe2\x32\x8d\xce\x3d\x80\x0b\x8d\x75\xef\xd8\x00\x81\x8f\x28\x04\x03\xa0\x22\x8d\x61\x04\x07\xfa\xb6\x37\x7d\x21\x07\x49\xd2\x09\x61\x69\x98\x90\xa3\x58\xa9"; +unsigned char rsa_e[] = "\x01\x00\x01"; +unsigned char rsa_d[] = "\x0e\x99\x80\x44\x6e\x42\x43\x14\xbe\x01\xeb\x0d\x90\x69\xa9\x6a\xe7\xa9\x88\x2c\xf5\x24\x11\x7f\x27\x09\xf2\x89\x7e\xaf\x13\x35\x21\xd1\x8a\x5d\xdf\xd4\x99\xce\xdc\x2b\x0f\x1b\xc5\x3c\x98\xd0\x68\xa5\x65\x8e\x69\x75\xce\x42\x69\x20\x35\x6c\xaa\xf1\xdd\xc9\x57\x6c\x7b\xc3\x3e\x42\x7e\xa1\xc3\x8c\x76\xa7\x9a\xe8\x81\xdb\xe1\x84\x82\xf5\x99\xd5\xa8\xee\x35\x9e\x54\x94\xc5\x44\xa0\x7b\xcc\xb7\x4c\x3e\xcd\xf2\x49\xdb\x5c\x21\x06\x85\xf6\x75\x00\x43\x62\x89\x12\xf9\x5d\x90\xed\xe6\xfd\xb4\x49\x14\x4a\x79\xe2\x4d"; +unsigned char rsa_p[] = "\x00\xd8\xcb\xe4\x65\x4e\x6c\x11\x0f\xa8\x72\xed\x4b\x4c\x8d\x1d\x07\xdc\x24\x99\x25\xe4\x3c\xb2\xf3\x02\xc4\x72\xe6\x3a\x5b\x86\xf4\x7d\x54\x2a\x4e\x79\x64\x16\x1f\x45\x3b\x17\x9e\x2a\x94\x90\x90\x59\xe7\x0b\x95\xd4\xbf\xa9\x47\xd1\x0a\x71\xaf\x3d\x6b\xed\x55"; +unsigned char rsa_q[] = "\x00\xdd\x49\x81\x7a\x5c\x04\xbf\x6b\xbd\x70\x05\x35\x42\x32\xa3\x9b\x08\xee\xd4\x98\x17\x6e\xb8\xc4\xa2\x12\xbe\xdc\x1e\x72\xd0\x44\x84\x5c\xf0\x30\x35\x04\xfd\x4e\xb0\xcc\xd6\x6f\x40\xcb\x16\x13\x58\xbc\x57\xf7\x77\x48\xe5\x0c\x0d\x14\x9b\x66\x6e\xd8\xde\x05"; +unsigned char rsa_u[] = "\x4a\x74\x5c\x95\x83\x54\xa3\xb0\x71\x35\xba\x02\x3a\x7d\x4a\x8c\x2d\x9a\x26\x77\x60\x36\x28\xd4\xb1\x7d\x8a\x06\xf8\x89\xa2\xef\xb1\x66\x46\x7d\xb9\xd4\xde\xbc\xa3\xbe\x46\xfa\x62\xe1\x63\x82\xdc\xdb\x64\x36\x47\x59\x00\xa8\xf3\xf7\x0e\xb4\xe0\x66\x3d\xd9"; +unsigned char rsa_e1[] = "\x45\x20\x96\x5e\x1b\x28\x68\x34\x46\xf1\x06\x6b\x09\x28\xc1\xc5\xfc\xd3\x0a\xa6\x43\x65\x7b\x65\xf3\x4e\xf2\x98\x28\xa9\x80\x99\xba\xd0\xb8\x80\xb7\x42\x4b\xaf\x82\xe2\xb9\xc0\x2c\x31\x9c\xfa\xfa\x3f\xaa\xb9\x06\xd2\x6a\x46\xc5\x08\x00\x81\xf1\x22\xd5\xd5"; +unsigned char rsa_e2[] = "\x00\xa6\x50\x60\xa7\xfe\x10\xf3\x6d\x9e\x6b\x5a\xfe\xb4\x4a\x2a\xfc\x92\xb2\x2d\xc6\x41\x96\x4d\xf8\x3b\x77\xab\x4a\xf4\xf7\x85\xe0\x79\x3b\x00\xaa\xba\xae\x8d\x53\x5f\x3e\x14\xcc\x78\xfe\x2a\x11\x50\x57\xfe\x25\x57\xd9\xc9\x8c\x4d\x28\x77\xc3\x7c\xfc\x31\xa1"; + +unsigned char ecc_x[] = "\x3c\x15\x6f\x1d\x48\x3e\x64\x59\x13\x2c\x6d\x04\x1a\x38\x0d\x30\x5c\xe4\x3f\x55\xcb\xd9\x17\x15\x46\x72\x71\x92\xc1\xf8\xc6\x33"; +unsigned char ecc_y[] = "\x3d\x04\x2e\xc8\xc1\x0f\xc0\x50\x04\x7b\x9f\xc9\x48\xb5\x40\xfa\x6f\x93\x82\x59\x61\x5e\x72\x57\xcb\x83\x06\xbd\xcc\x82\x94\xc1"; +unsigned char ecc_k[] = "\x00\xfd\x2b\x00\x80\xf3\x36\x5f\x11\x32\x65\xe3\x8d\x30\x33\x3b\x47\xf5\xce\xf8\x13\xe5\x4c\xc2\xcf\xfd\xe8\x05\x6a\xca\xc9\x41\xb1"; + +unsigned char false_ed25519_x[] = "\xac\xac\x9a\xb3\xc3\x41\x8d\x41\x22\x21\xc1\x84\xa7\xb8\x70\xfb\x44\x6e\xc7\x7e\x20\x87\x7b\xd9\x22\xa4\x5d\xd2\x97\x09\xd5\x48"; +unsigned char ed25519_x[] = "\xab\xaf\x98\xb3\xc3\x41\x8d\x41\x22\x21\xc1\x86\xa7\xb8\x70\xfb\x44\x6e\xc7\x7e\x20\x87\x7b\xd9\x22\xa4\x5d\xd2\x97\x09\xd5\x48"; +unsigned char ed25519_k[] = "\x1c\xa9\x23\xdc\x35\xa8\xfd\xd6\x2d\xa8\x98\xb9\x60\x7b\xce\x10\x3d\xf4\x64\xc6\xe5\x4b\x0a\x65\x56\x6a\x3c\x73\x65\x51\xa2\x2f"; + +unsigned char gost_x[] = "\xd0\xbb\xe9\xf4\xc6\xa8\x60\x3c\x73\x91\x44\x55\xcf\xbd\x50\xdd\x2c\x3d\x5a\xbc\x1a\xd8\x5e\x3c\xdf\x10\xdd\xd2\x63\x88\x0f\xc0"; +unsigned char gost_y[] = "\x8a\xec\x96\x3c\x0b\xc8\x33\xff\x57\x5f\x66\x78\x94\x39\xb4\xf5\x24\xc6\xba\x86\x41\xac\x43\x21\x6f\x3c\xb0\xfa\x56\xbd\x5b\x37"; +unsigned char gost_k[] = "\x47\x59\x41\x2c\x8a\xf8\x58\x1a\x67\xe0\xc3\x82\x1f\xca\x31\x19\x66\xf9\xd8\x43\xcd\x2f\x78\x23\x34\x98\x90\xb8\x14\x2e\x7f\xa5"; + +gnutls_datum_t _dsa_p = {dsa_p, sizeof(dsa_p)-1}; +gnutls_datum_t _dsa_q = {dsa_q, sizeof(dsa_q)-1}; +gnutls_datum_t _dsa_g = {dsa_g, sizeof(dsa_g)-1}; +gnutls_datum_t _dsa_y = {dsa_y, sizeof(dsa_y)-1}; +gnutls_datum_t _dsa_x = {dsa_x, sizeof(dsa_x)-1}; + +gnutls_datum_t _rsa_m = {rsa_m, sizeof(rsa_m)-1}; +gnutls_datum_t _rsa_e = {rsa_e, sizeof(rsa_e)-1}; +gnutls_datum_t _rsa_d = {rsa_d, sizeof(rsa_d)-1}; +gnutls_datum_t _rsa_p = {rsa_p, sizeof(rsa_p)-1}; +gnutls_datum_t _rsa_q = {rsa_q, sizeof(rsa_q)-1}; +gnutls_datum_t _rsa_u = {rsa_u, sizeof(rsa_u)-1}; +gnutls_datum_t _rsa_e1 = {rsa_e1, sizeof(rsa_e1)-1}; +gnutls_datum_t _rsa_e2 = {rsa_e2, sizeof(rsa_e2)-1}; + +gnutls_datum_t _ecc_x = {ecc_x, sizeof(ecc_x)-1}; +gnutls_datum_t _ecc_y = {ecc_y, sizeof(ecc_y)-1}; +gnutls_datum_t _ecc_k = {ecc_k, sizeof(ecc_k)-1}; + +gnutls_datum_t _false_ed25519_x = {false_ed25519_x, sizeof(false_ed25519_x)-1}; +gnutls_datum_t _ed25519_x = {ed25519_x, sizeof(ed25519_x)-1}; +gnutls_datum_t _ed25519_k = {ed25519_k, sizeof(ed25519_k)-1}; + +gnutls_datum_t _gost_x = {gost_x, sizeof(gost_x)-1}; +gnutls_datum_t _gost_y = {gost_y, sizeof(gost_y)-1}; +gnutls_datum_t _gost_k = {gost_k, sizeof(gost_k)-1}; + +unsigned char ecc_params[] = "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"; +unsigned char ecc_point[] = "\x04\x41\x04\x3c\x15\x6f\x1d\x48\x3e\x64\x59\x13\x2c\x6d\x04\x1a\x38\x0d\x30\x5c\xe4\x3f\x55\xcb\xd9\x17\x15\x46\x72\x71\x92\xc1\xf8\xc6\x33\x3d\x04\x2e\xc8\xc1\x0f\xc0\x50\x04\x7b\x9f\xc9\x48\xb5\x40\xfa\x6f\x93\x82\x59\x61\x5e\x72\x57\xcb\x83\x06\xbd\xcc\x82\x94\xc1"; + +static int _gnutls_privkey_export2_pkcs8(gnutls_privkey_t key, gnutls_x509_crt_fmt_t f, + const char *password, unsigned flags, gnutls_datum_t *out) +{ + gnutls_x509_privkey_t xkey; + int ret; + + ret = gnutls_privkey_export_x509(key, &xkey); + if (ret < 0) + fail("error in gnutls_privkey_export_x509\n"); + + assert(gnutls_x509_privkey_fix(xkey)>=0); + + ret = gnutls_x509_privkey_export2_pkcs8(xkey, f, password, 0, out); + gnutls_x509_privkey_deinit(xkey); + + return ret; +} + +#define CMP(name, dat, v) cmp(name, __LINE__, dat, v, sizeof(v)-1) +static int cmp(const char *name, int line, gnutls_datum_t *v1, unsigned char *v2, unsigned size) +{ + if (size != v1->size) { + fprintf(stderr, "error in %s:%d size\n", name, line); + dump("expected", v2, size); + dump("got", v1->data, v1->size); + exit(1); + } + + if (memcmp(v1->data, v2, size) != 0) { + fprintf(stderr, "error in %s:%d\n", name, line); + dump("expected", v2, size); + dump("got", v1->data, v1->size); + exit(1); + } + return 0; +} + +/* leading zero on v2 is ignored */ +#define CMP_NO_LZ(name, dat, v) cmp_no_lz(name, __LINE__, dat, v, sizeof(v)-1) +static int cmp_no_lz(const char *name, int line, gnutls_datum_t *v1, unsigned char *i2, unsigned size) +{ + gnutls_datum_t v2; + if (size > 0 && i2[0] == 0) { + v2.data = &i2[1]; + v2.size = size-1; + } else { + v2.data = i2; + v2.size = size; + } + + if (v2.size != v1->size) { + fprintf(stderr, "error in %s:%d size\n", name, line); + dump("expected", v2.data, v2.size); + dump("got", v1->data, v1->size); + exit(1); + } + + if (memcmp(v1->data, v2.data, v2.size) != 0) { + fprintf(stderr, "error in %s:%d\n", name, line); + dump("expected", v2.data, v2.size); + dump("got", v1->data, v1->size); + exit(1); + } + return 0; +} + +static +int check_x509_privkey(void) +{ + gnutls_x509_privkey_t key; + gnutls_datum_t p, q, g, y, x; + gnutls_datum_t m, e, u, e1, e2, d; + gnutls_ecc_curve_t curve; + int ret; + + global_init(); + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_import(key, &dsa_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_export_dsa_raw(key, &p, &q, &g, &y, &x); + if (ret < 0) + fail("error\n"); + + CMP("p", &p, dsa_p); + CMP("q", &q, dsa_q); + CMP("g", &g, dsa_g); + CMP("y", &y, dsa_y); + CMP("x", &x, dsa_x); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + gnutls_free(x.data); + gnutls_x509_privkey_deinit(key); + + /* RSA */ + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_import(key, &rsa_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_export_rsa_raw2(key, &m, &e, &d, &p, &q, &u, &e1, &e2); + if (ret < 0) + fail("error\n"); + + CMP("m", &m, rsa_m); + CMP("e", &e, rsa_e); + CMP("d", &d, rsa_d); + CMP("p", &p, rsa_p); + CMP("q", &q, rsa_q); + CMP("u", &u, rsa_u); + CMP("e1", &e1, rsa_e1); + CMP("e2", &e2, rsa_e2); + gnutls_free(m.data); + gnutls_free(e.data); + gnutls_free(d.data); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(u.data); + gnutls_free(e1.data); + gnutls_free(e2.data); + gnutls_x509_privkey_deinit(key); + + /* ECC */ + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_import(key, &server_ecc_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("error\n"); + + ret = gnutls_x509_privkey_export_ecc_raw(key, &curve, &x, &y, &p); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_SECP256R1) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + CMP("x", &x, ecc_x); + CMP("y", &y, ecc_y); + CMP("k", &p, ecc_k); + gnutls_free(x.data); + gnutls_free(y.data); + gnutls_free(p.data); + gnutls_x509_privkey_deinit(key); + + return 0; +} + +static +int check_privkey_import_export(void) +{ + static const struct rsa_privkey_opt_args + { + gnutls_datum_t *_u, *_e1, *_e2; + } + rsa_opt_args[] = + { + { NULL, NULL, NULL }, + { NULL, &_rsa_e1, &_rsa_e2 }, + { NULL, &_rsa_e1, NULL }, + { NULL, NULL, &_rsa_e2 }, + { &_rsa_u, NULL, NULL }, + { &_rsa_u, &_rsa_e1, NULL }, + { &_rsa_u, NULL, &_rsa_e2 }, + }; + gnutls_privkey_t key; + gnutls_datum_t p, q, g, y, x; + gnutls_datum_t m, e, u, e1, e2, d; + gnutls_ecc_curve_t curve; +#ifdef ENABLE_GOST + gnutls_digest_algorithm_t digest; + gnutls_gost_paramset_t paramset; +#endif + unsigned i; + int ret; + + global_init(); + + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_dsa_raw(key, &_dsa_p, &_dsa_q, &_dsa_g, &_dsa_y, &_dsa_x); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_export_dsa_raw2(key, &p, &q, &g, &y, &x, 0); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + CMP("p", &p, dsa_p); + CMP("q", &q, dsa_q); + CMP("g", &g, dsa_g); + CMP("y", &y, dsa_y); + CMP("x", &x, dsa_x); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + gnutls_free(x.data); + + ret = gnutls_privkey_export_dsa_raw2(key, &p, &q, &g, &y, &x, GNUTLS_EXPORT_FLAG_NO_LZ); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + CMP_NO_LZ("p", &p, dsa_p); + CMP_NO_LZ("q", &q, dsa_q); + CMP_NO_LZ("g", &g, dsa_g); + CMP_NO_LZ("y", &y, dsa_y); + CMP_NO_LZ("x", &x, dsa_x); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + gnutls_free(x.data); + gnutls_privkey_deinit(key); + + /* Optional y argument */ + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_dsa_raw(key, &_dsa_p, &_dsa_q, &_dsa_g, NULL, &_dsa_x); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_export_dsa_raw2(key, &p, &q, &g, &y, &x, 0); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + CMP("p", &p, dsa_p); + CMP("q", &q, dsa_q); + CMP("g", &g, dsa_g); + CMP("y", &y, dsa_y); + CMP("x", &x, dsa_x); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + gnutls_free(x.data); + gnutls_privkey_deinit(key); + + /* RSA */ + + /* Optional arguments */ + for (i = 0; i < sizeof(rsa_opt_args) / sizeof(rsa_opt_args[0]); i++) + { + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_rsa_raw(key, &_rsa_m, &_rsa_e, &_rsa_d, &_rsa_p, &_rsa_q, rsa_opt_args[i]._u, rsa_opt_args[i]._e1, rsa_opt_args[i]._e2); + if (ret < 0) + fail("error\n"); + + gnutls_privkey_deinit(key); + } + + /* Optional private exponent */ + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_rsa_raw(key, &_rsa_m, &_rsa_e, NULL, &_rsa_p, &_rsa_q, NULL, NULL, NULL); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_export_rsa_raw2(key, &m, &e, &d, &p, &q, &u, &e1, &e2, 0); + if (ret < 0) + fail("error\n"); + + CMP("m", &m, rsa_m); + CMP("e", &e, rsa_e); + CMP("d", &d, rsa_d); + CMP("p", &p, rsa_p); + CMP("q", &q, rsa_q); + CMP("u", &u, rsa_u); + CMP("e1", &e1, rsa_e1); + CMP("e2", &e2, rsa_e2); + gnutls_free(m.data); + gnutls_free(e.data); + gnutls_free(d.data); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(u.data); + gnutls_free(e1.data); + gnutls_free(e2.data); + + gnutls_privkey_deinit(key); + + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + /* Import/export */ + ret = gnutls_privkey_import_rsa_raw(key, &_rsa_m, &_rsa_e, &_rsa_d, &_rsa_p, &_rsa_q, &_rsa_u, &_rsa_e1, &_rsa_e2); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_export_rsa_raw2(key, &m, &e, &d, &p, &q, &u, &e1, &e2, 0); + if (ret < 0) + fail("error\n"); + + CMP("m", &m, rsa_m); + CMP("e", &e, rsa_e); + CMP("d", &d, rsa_d); + CMP("p", &p, rsa_p); + CMP("q", &q, rsa_q); + CMP("u", &u, rsa_u); + CMP("e1", &e1, rsa_e1); + CMP("e2", &e2, rsa_e2); + gnutls_free(m.data); + gnutls_free(e.data); + gnutls_free(d.data); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(u.data); + gnutls_free(e1.data); + gnutls_free(e2.data); + + ret = gnutls_privkey_export_rsa_raw2(key, &m, &e, &d, &p, &q, &u, &e1, &e2, GNUTLS_EXPORT_FLAG_NO_LZ); + if (ret < 0) + fail("error\n"); + + CMP_NO_LZ("m", &m, rsa_m); + CMP_NO_LZ("e", &e, rsa_e); + CMP_NO_LZ("d", &d, rsa_d); + CMP_NO_LZ("p", &p, rsa_p); + CMP_NO_LZ("q", &q, rsa_q); + CMP_NO_LZ("u", &u, rsa_u); + CMP_NO_LZ("e1", &e1, rsa_e1); + CMP_NO_LZ("e2", &e2, rsa_e2); + gnutls_free(m.data); + gnutls_free(e.data); + gnutls_free(d.data); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(u.data); + gnutls_free(e1.data); + gnutls_free(e2.data); + gnutls_privkey_deinit(key); + + /* ECC */ + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_SECP256R1, &_ecc_x, &_ecc_y, &_ecc_k); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_export_ecc_raw2(key, &curve, &x, &y, &p, 0); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_SECP256R1) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + CMP("x", &x, ecc_x); + CMP("y", &y, ecc_y); + CMP("k", &p, ecc_k); + gnutls_free(x.data); + gnutls_free(y.data); + gnutls_free(p.data); + + ret = gnutls_privkey_export_ecc_raw2(key, &curve, &x, &y, &p, GNUTLS_EXPORT_FLAG_NO_LZ); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_SECP256R1) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + CMP_NO_LZ("x", &x, ecc_x); + CMP_NO_LZ("y", &y, ecc_y); + CMP_NO_LZ("k", &p, ecc_k); + gnutls_free(x.data); + gnutls_free(y.data); + gnutls_free(p.data); + gnutls_privkey_deinit(key); + + /* Ed25519 */ + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + /* test whether an invalid size would fail */ + ret = gnutls_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_rsa_m, NULL, &_rsa_m); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("error\n"); + + ret = gnutls_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_ed25519_x, NULL, &_ed25519_k); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_verify_params(key); + if (ret != 0) + fail("error: %s\n", gnutls_strerror(ret)); + + ret = gnutls_privkey_export_ecc_raw(key, &curve, &x, NULL, &p); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_ED25519) { + fail("unexpected curve value: %d\n", (int)curve); + } + CMP("x", &x, ed25519_x); + CMP("k", &p, ed25519_k); + gnutls_free(x.data); + gnutls_free(p.data); + gnutls_privkey_deinit(key); + + /* Ed25519 with incorrect public key */ + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_false_ed25519_x, NULL, &_ed25519_k); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_verify_params(key); + if (ret != GNUTLS_E_ILLEGAL_PARAMETER) + fail("error: %s\n", gnutls_strerror(ret)); + + gnutls_privkey_deinit(key); + + /* GOST */ +#ifdef ENABLE_GOST + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_gost_raw(key, GNUTLS_ECC_CURVE_GOST256CPXA, GNUTLS_DIG_GOSTR_94, GNUTLS_GOST_PARAMSET_CP_A, &_gost_x, &_gost_y, &_gost_k); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_export_gost_raw2(key, &curve, &digest, ¶mset, &x, &y, &p, 0); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_GOST256CPXA) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + if (digest != GNUTLS_DIG_GOSTR_94) { + fprintf(stderr, "unexpected digest value: %d\n", (int)digest); + exit(1); + } + if (paramset != GNUTLS_GOST_PARAMSET_CP_A) { + fprintf(stderr, "unexpected paramset value: %d\n", (int)paramset); + exit(1); + } + CMP("x", &x, gost_x); + CMP("y", &y, gost_y); + CMP("k", &p, gost_k); + gnutls_free(x.data); + gnutls_free(y.data); + gnutls_free(p.data); + + ret = gnutls_privkey_export_gost_raw2(key, &curve, &digest, ¶mset, &x, &y, &p, GNUTLS_EXPORT_FLAG_NO_LZ); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_GOST256CPXA) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + if (digest != GNUTLS_DIG_GOSTR_94) { + fprintf(stderr, "unexpected digest value: %d\n", (int)digest); + exit(1); + } + if (paramset != GNUTLS_GOST_PARAMSET_CP_A) { + fprintf(stderr, "unexpected paramset value: %d\n", (int)paramset); + exit(1); + } + CMP_NO_LZ("x", &x, gost_x); + CMP_NO_LZ("y", &y, gost_y); + CMP_NO_LZ("k", &p, gost_k); + gnutls_free(x.data); + gnutls_free(y.data); + gnutls_free(p.data); + gnutls_privkey_deinit(key); +#endif + + return 0; +} + +static +int check_dsa(void) +{ + gnutls_privkey_t key; + gnutls_pubkey_t pub; + gnutls_datum_t p, q, g, y, x; + int ret; + + global_init(); + + success("Checking DSA key operations\n"); + + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_init(&pub); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_x509_raw(key, &dsa_key, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_import_privkey(pub, key, 0, 0); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_export_dsa_raw2(pub, &p, &q, &g, &y, 0); + if (ret < 0) + fail("error\n"); + + CMP("p", &p, dsa_p); + CMP("q", &q, dsa_q); + CMP("g", &g, dsa_g); + CMP("y", &y, dsa_y); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + + ret = gnutls_pubkey_export_dsa_raw2(pub, &p, &q, &g, &y, GNUTLS_EXPORT_FLAG_NO_LZ); + if (ret < 0) + fail("error\n"); + + CMP_NO_LZ("p", &p, dsa_p); + CMP_NO_LZ("q", &q, dsa_q); + CMP_NO_LZ("g", &g, dsa_g); + CMP_NO_LZ("y", &y, dsa_y); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + + ret = gnutls_privkey_export_dsa_raw(key, &p, &q, &g, &y, &x); + if (ret < 0) + fail("error\n"); + CMP("p", &p, dsa_p); + CMP("q", &q, dsa_q); + CMP("g", &g, dsa_g); + CMP("y", &y, dsa_y); + CMP("x", &x, dsa_x); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + gnutls_free(x.data); + + ret = _gnutls_privkey_export2_pkcs8(key, GNUTLS_X509_FMT_DER, NULL, 0, &x); + if (ret < 0 || x.size == 0) + fail("error in pkcs8 export\n"); + gnutls_free(x.data); + + gnutls_privkey_deinit(key); + gnutls_pubkey_deinit(pub); + + return 0; +} + +static +int check_rsa(void) +{ + gnutls_privkey_t key; + gnutls_pubkey_t pub; + gnutls_datum_t m, e, d, p, q, u, e1, e2; + int ret; + + success("Checking RSA key operations\n"); + + /* RSA */ + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_init(&pub); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_x509_raw(key, &rsa_key, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_import_privkey(pub, key, 0, 0); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_export_rsa_raw2(pub, &m, &e, 0); + if (ret < 0) + fail("error\n"); + + CMP("m", &m, rsa_m); + CMP("e", &e, rsa_e); + gnutls_free(m.data); + gnutls_free(e.data); + + ret = gnutls_pubkey_export_rsa_raw2(pub, &m, &e, GNUTLS_EXPORT_FLAG_NO_LZ); + if (ret < 0) + fail("error\n"); + + CMP_NO_LZ("m", &m, rsa_m); + CMP_NO_LZ("e", &e, rsa_e); + gnutls_free(m.data); + gnutls_free(e.data); + + ret = gnutls_privkey_export_rsa_raw(key, &m, &e, &d, &p, &q, &u, &e1, &e2); + if (ret < 0) + fail("error\n"); + + CMP("m", &m, rsa_m); + CMP("e", &e, rsa_e); + CMP("d", &d, rsa_d); + CMP("p", &p, rsa_p); + CMP("q", &q, rsa_q); + CMP("u", &u, rsa_u); + CMP("e1", &e1, rsa_e1); + CMP("e2", &e2, rsa_e2); + gnutls_free(m.data); + gnutls_free(e.data); + gnutls_free(d.data); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(u.data); + gnutls_free(e1.data); + gnutls_free(e2.data); + + ret = _gnutls_privkey_export2_pkcs8(key, GNUTLS_X509_FMT_DER, NULL, 0, &m); + if (ret < 0 || m.size == 0) + fail("error in pkcs8 export\n"); + gnutls_free(m.data); + + gnutls_privkey_deinit(key); + gnutls_pubkey_deinit(pub); + + return 0; +} + +static +int check_ecc(void) +{ + gnutls_privkey_t key; + gnutls_pubkey_t pub; + gnutls_datum_t y, x, k; + gnutls_ecc_curve_t curve; + int ret; + + success("Checking SECP256R1 key operations\n"); + + /* ECC */ + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_init(&pub); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_x509_raw(key, &server_ecc_key, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_import_privkey(pub, key, 0, 0); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_export_ecc_raw2(pub, &curve, &x, &y, 0); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_SECP256R1) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + CMP("x", &x, ecc_x); + CMP("y", &y, ecc_y); + gnutls_free(x.data); + gnutls_free(y.data); + + ret = gnutls_pubkey_export_ecc_raw2(pub, &curve, &x, &y, GNUTLS_EXPORT_FLAG_NO_LZ); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_SECP256R1) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + CMP_NO_LZ("x", &x, ecc_x); + CMP_NO_LZ("y", &y, ecc_y); + gnutls_free(x.data); + gnutls_free(y.data); + + + /* check the private key export */ + ret = gnutls_privkey_export_ecc_raw(key, &curve, &x, &y, &k); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_SECP256R1) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + CMP("x", &x, ecc_x); + CMP("y", &y, ecc_y); + CMP("k", &k, ecc_k); + gnutls_free(x.data); + gnutls_free(y.data); + gnutls_free(k.data); + + ret = _gnutls_privkey_export2_pkcs8(key, GNUTLS_X509_FMT_DER, NULL, 0, &x); + if (ret < 0 || x.size == 0) + fail("error in pkcs8 export\n"); + gnutls_free(x.data); + + gnutls_privkey_deinit(key); + + /* More public key ops */ + + ret = gnutls_pubkey_export_ecc_x962(pub, &x, &y); + if (ret < 0) + fail("error\n"); + + CMP("parameters", &x, ecc_params); + CMP("ecpoint", &y, ecc_point); + + ret = gnutls_pubkey_import_ecc_x962(pub, &x, &y); + if (ret < 0) + fail("error\n"); + gnutls_free(x.data); + gnutls_free(y.data); + + /* check again */ + ret = gnutls_pubkey_export_ecc_raw(pub, &curve, &x, &y); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_SECP256R1) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + fail("error\n"); + } + CMP("x", &x, ecc_x); + CMP("y", &y, ecc_y); + gnutls_free(x.data); + gnutls_free(y.data); + + gnutls_pubkey_deinit(pub); + + return 0; +} + +static +int check_ed25519(void) +{ + gnutls_privkey_t key; + gnutls_pubkey_t pub; + gnutls_datum_t y, x, k; + gnutls_ecc_curve_t curve; + int ret; + + success("Checking ed25519 key operations\n"); + + /* ECC */ + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_init(&pub); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_x509_raw(key, &server_ca3_eddsa_key, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_import_privkey(pub, key, 0, 0); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_export_ecc_raw(pub, &curve, &x, NULL); + if (ret < 0) + fail("error\n"); + gnutls_free(x.data); + + ret = gnutls_pubkey_export_ecc_raw(pub, &curve, &x, &y); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_ED25519) { + fail("unexpected curve value: %d\n", (int)curve); + } + CMP("x", &x, ed25519_x); + + if (y.data != NULL) { + fail("expected NULL value in Y\n"); + } + gnutls_free(x.data); + + + /* check the private key export */ + ret = gnutls_privkey_export_ecc_raw(key, &curve, &x, NULL, &k); + if (ret < 0) + fail("error\n"); + gnutls_free(x.data); + gnutls_free(k.data); + + ret = gnutls_privkey_export_ecc_raw(key, &curve, &x, &y, &k); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_ED25519) { + fail("unexpected curve value: %d\n", (int)curve); + } + CMP("x", &x, ed25519_x); + CMP("k", &k, ed25519_k); + gnutls_free(x.data); + gnutls_free(k.data); + + if (y.data != NULL) { + fail("expected NULL value in Y\n"); + } + + ret = _gnutls_privkey_export2_pkcs8(key, GNUTLS_X509_FMT_DER, NULL, 0, &x); + if (ret < 0 || x.size == 0) + fail("error in pkcs8 export\n"); + gnutls_free(x.data); + + gnutls_privkey_deinit(key); + + /* More public key ops */ + + ret = gnutls_pubkey_export_ecc_x962(pub, &x, &y); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("error\n"); + + gnutls_pubkey_deinit(pub); + + return 0; +} + +static +int check_gost(void) +{ +#ifdef ENABLE_GOST + gnutls_privkey_t key; + gnutls_pubkey_t pub; + gnutls_datum_t y, x, k; + gnutls_ecc_curve_t curve; + gnutls_digest_algorithm_t digest; + gnutls_gost_paramset_t paramset; + int ret; + + success("Checking GOST key operations\n"); + + /* ECC */ + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_init(&pub); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_x509_raw(key, &server_ca3_gost01_key, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_import_privkey(pub, key, 0, 0); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_export_gost_raw2(pub, &curve, &digest, ¶mset, &x, &y, 0); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_GOST256CPXA) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + if (digest != GNUTLS_DIG_GOSTR_94) { + fprintf(stderr, "unexpected digest value: %d\n", (int)digest); + exit(1); + } + if (paramset != GNUTLS_GOST_PARAMSET_CP_A) { + fprintf(stderr, "unexpected paramset value: %d\n", (int)paramset); + exit(1); + } + CMP("x", &x, gost_x); + CMP("y", &y, gost_y); + gnutls_free(x.data); + gnutls_free(y.data); + + ret = gnutls_pubkey_export_gost_raw2(pub, &curve, &digest, ¶mset, &x, &y, GNUTLS_EXPORT_FLAG_NO_LZ); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_GOST256CPXA) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + if (digest != GNUTLS_DIG_GOSTR_94) { + fprintf(stderr, "unexpected digest value: %d\n", (int)digest); + exit(1); + } + if (paramset != GNUTLS_GOST_PARAMSET_CP_A) { + fprintf(stderr, "unexpected paramset value: %d\n", (int)paramset); + exit(1); + } + CMP_NO_LZ("x", &x, gost_x); + CMP_NO_LZ("y", &y, gost_y); + gnutls_free(x.data); + gnutls_free(y.data); + + + /* check the private key export */ + ret = gnutls_privkey_export_gost_raw2(key, &curve, &digest, ¶mset, &x, &y, &k, 0); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_GOST256CPXA) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + if (digest != GNUTLS_DIG_GOSTR_94) { + fprintf(stderr, "unexpected digest value: %d\n", (int)digest); + exit(1); + } + if (paramset != GNUTLS_GOST_PARAMSET_CP_A) { + fprintf(stderr, "unexpected paramset value: %d\n", (int)paramset); + exit(1); + } + CMP("x", &x, gost_x); + CMP("y", &y, gost_y); + CMP("k", &k, gost_k); + gnutls_free(x.data); + gnutls_free(y.data); + gnutls_free(k.data); + + ret = _gnutls_privkey_export2_pkcs8(key, GNUTLS_X509_FMT_DER, NULL, 0, &x); + if (ret < 0 || x.size == 0) + fail("error in pkcs8 export\n"); + gnutls_free(x.data); + + gnutls_privkey_deinit(key); + + gnutls_pubkey_deinit(pub); +#endif + + return 0; +} + +void doit(void) +{ + if (check_x509_privkey() != 0) { + fail("error in privkey check\n"); + exit(1); + } + + if (check_privkey_import_export() != 0) { + fail("error in privkey import/export check\n"); + exit(1); + } + + if (check_dsa() != 0) { + fail("error in DSA check\n"); + exit(1); + } + + if (check_rsa() != 0) { + fail("error in RSA check\n"); + exit(1); + } + + if (check_ecc() != 0) { + fail("error in ecdsa check\n"); + } + + if (check_ed25519() != 0) { + fail("error in ed25519 check\n"); + } + + if (check_gost() != 0) { + fail("error in gost check\n"); + } +} diff --git a/tests/key-material-dtls.c b/tests/key-material-dtls.c new file mode 100644 index 0000000..e54500d --- /dev/null +++ b/tests/key-material-dtls.c @@ -0,0 +1,405 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * Copyright (C) 2013-2016 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(ENABLE_ALPN) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests whether the gnutls_record_get_state() works as + * expected. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +/* A very basic DTLS client, with anonymous authentication, that negotiates SRTP + */ + +static void dump(const char *name, uint8_t *data, unsigned data_size) +{ + unsigned i; + + fprintf(stderr, "%s", name); + for (i=0;i 0 || ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_dh_params_deinit(dh_params); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(void) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + server(fd[0]); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +void doit(void) +{ + start(); +} + +#endif /* _WIN32 */ diff --git a/tests/key-material-set-dtls.c b/tests/key-material-set-dtls.c new file mode 100644 index 0000000..6e6d6d2 --- /dev/null +++ b/tests/key-material-set-dtls.c @@ -0,0 +1,394 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * Copyright (C) 2013-2016 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(ENABLE_ALPN) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests whether the gnutls_record_set_state() works as + * expected on DTLS (where sliding window is involved). + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +static void terminate(void) +{ + int status = 0; + + if (child) { + kill(child, SIGTERM); + wait(&status); + } + exit(1); +} + +static void client(int fd) +{ + gnutls_session_t session; + int ret; + gnutls_anon_client_credentials_t anoncred; + unsigned char rseq_number[8]; + unsigned char wseq_number[8]; + unsigned i; + char buf[128]; + const char *err; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM); + gnutls_record_set_timeout(session, 10000); + + /* Use default priorities */ + ret = gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-DH:+ANON-ECDH:+CURVE-ALL", + &err); + if (ret < 0) { + fail("client: priority set failed (%s): %s\n", + gnutls_strerror(ret), err); + exit(1); + } + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed: %s\n", strerror(ret)); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + ret = gnutls_cipher_get(session); + if (ret != GNUTLS_CIPHER_AES_128_CBC) { + fprintf(stderr, "negotiated unexpected cipher: %s\n", gnutls_cipher_get_name(ret)); + exit(1); + } + + ret = gnutls_mac_get(session); + if (ret != GNUTLS_MAC_SHA1) { + fprintf(stderr, "negotiated unexpected mac: %s\n", gnutls_mac_get_name(ret)); + exit(1); + } + + /* save state */ + ret = gnutls_record_get_state(session, 0, NULL, NULL, NULL, wseq_number); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + gnutls_perror(ret); + exit(1); + } + + ret = gnutls_record_get_state(session, 1, NULL, NULL, NULL, rseq_number); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + gnutls_perror(ret); + exit(1); + } + + /* skip past the sliding window */ + for (i=0;i<96;i++) { + ret = gnutls_record_send(session, "hello", 5); + if (ret < 0) { + fail("gnutls_record_send: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_record_recv(session, buf, sizeof(buf)); + if (ret < 0) { + fail("gnutls_record_recv: %s\n", gnutls_strerror(ret)); + } + } + + ret = gnutls_record_send(session, "reset", 5); + if (ret < 0) { + fail("gnutls_record_send(reset): %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_record_set_state(session, 0, wseq_number); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + gnutls_perror(ret); + exit(1); + } + + ret = gnutls_record_set_state(session, 1, rseq_number); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + gnutls_perror(ret); + exit(1); + } + + ret = gnutls_record_send(session, "ping", 4); + if (ret < 0) { + fail("gnutls_record_send(ping): %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_record_recv(session, buf, sizeof(buf)); + if (ret < 0) { + fail("gnutls_record_recv(pong): %s\n", gnutls_strerror(ret)); + } + + if (ret != 4 || memcmp(buf, "pong", 4) != 0) { + fail("did not receive the expected data"); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + +static void server(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_dh_params_t dh_params; + unsigned char rseq_number[8]; + unsigned char wseq_number[8]; + char buf[128]; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_anon_set_server_dh_params(anoncred, dh_params); + + gnutls_init(&session, GNUTLS_SERVER|GNUTLS_DATAGRAM); + gnutls_record_set_timeout(session, 10000); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + ret = gnutls_priority_set_direct(session, + "NORMAL:+VERS-DTLS1.0:+ANON-DH:+ANON-ECDH", NULL); + if (ret < 0) { + fail("server: priority set failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* save state */ + ret = gnutls_record_get_state(session, 0, NULL, NULL, NULL, wseq_number); + if (ret < 0) { + fail("error in %d\n", __LINE__); + } + + ret = gnutls_record_get_state(session, 1, NULL, NULL, NULL, rseq_number); + if (ret < 0) { + fail("error in %d\n", __LINE__); + } + + do { + ret = gnutls_record_recv(session, buf, sizeof(buf)); + + if (ret > 0) { + if (ret == 5 && memcmp(buf, "reset", 5) == 0) { + if (debug) + success("got reset\n"); + break; + } + + ret = gnutls_record_send(session, buf, ret); + } + } while(ret > 0); + + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_record_set_state(session, 0, wseq_number); + if (ret < 0) { + fail("error in %d\n", __LINE__); + } + + ret = gnutls_record_set_state(session, 1, rseq_number); + if (ret < 0) { + fail("error in %d\n", __LINE__); + } + + ret = gnutls_record_recv(session, buf, sizeof(buf)); + + if (ret == 4 && memcmp(buf, "ping", 4) == 0) { + ret = gnutls_record_send(session, "pong", 4); + } else if (ret > 0) { + fail("did not receive ping; received: %.*s\n", ret, buf); + } else if (ret < 0) { + fail("error receiving: %s\n", gnutls_strerror(ret)); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_dh_params_deinit(dh_params); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(void) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + server(fd[0]); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +void doit(void) +{ + start(); +} + +#endif /* _WIN32 */ diff --git a/tests/key-openssl.c b/tests/key-openssl.c new file mode 100644 index 0000000..7800f23 --- /dev/null +++ b/tests/key-openssl.c @@ -0,0 +1,260 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: David Marín Carreño + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", "crq_key_id", level, str); +} + +static char plain_key[] = +"-----BEGIN RSA PRIVATE KEY-----\n" +"MIIEpQIBAAKCAQEA2d3Qs4fYDkzojm9nbaz7vdX2GIAv3stAAmI0MWq7uxWcJ7lz\n" +"4UCvSh7CFWESMqOPcIymXXZB3rdrG6RQAHhE2YfFFFi0W/5rqcmkiTMnGmAjYy2Q\n" +"lCU87b18SQgjX27YLygvlbtZrveCgT2rbJYL57Gph+wIi+cJsEUanR/2fd12hL7k\n" +"RumZNEofamTHQm6Bn47ZhhCdVfs+QkfiMh+LHJM3fFiVusAUhMIJYhml53O+cSrR\n" +"VgWVdp4za/FdUzmDnSxG4heMHblRMS+UyqtssDZEaVHytiNQXFkuQ/U3v0E+2knR\n" +"NPKy+s7ZmSISC0qzDn6C5yeJc17Kc91y5RLoZwIDAQABAoIBAQCRXAu5HPOsZufq\n" +"0K2DYZz9BdqSckR+M8HbVUZZiksDAeIUJwoHyi6qF2eK+B86JiK4Bz+gsBw2ys3t\n" +"vW2bQqM9N/boIl8D2fZfbCgZWkXGtUonC+mgzk+el4Rq/cEMFVqr6/YDwuKNeJpc\n" +"PJc5dcsvpTvlcjgpj9bJAvJEz2SYiIUpvtG4WNMGGapVZZPDvWn4/isY+75T5oDf\n" +"1X5jG0lN9uoUjcuGuThN7gxjwlRkcvEOPHjXc6rxfrWIDdiz/91V46PwpqVDpRrg\n" +"ig6U7+ckS0Oy2v32x0DaDhwAfDJ2RNc9az6Z+11lmY3LPkjG/p8Klcmgvt4/lwkD\n" +"OYRC5QGRAoGBAPFdud6nmVt9h1DL0o4R6snm6P3K81Ds765VWVmpzJkK3+bwe4PQ\n" +"GQQ0I0zN4hXkDMwHETS+EVWllqkK/d4dsE3volYtyTti8zthIATlgSEJ81x/ChAQ\n" +"vvXxgx+zPUnb1mUwy+X+6urTHe4bxN2ypg6ROIUmT+Hx1ITG40LRRiPTAoGBAOcT\n" +"WR8DTrj42xbxAUpz9vxJ15ZMwuIpk3ShE6+CWqvaXHF22Ju4WFwRNlW2zVLH6UMt\n" +"nNfOzyDoryoiu0+0mg0wSmgdJbtCSHoI2GeiAnjGn5i8flQlPQ8bdwwmU6g6I/EU\n" +"QRbGK/2XLmlrGN52gVy9UX0NsAA5fEOsAJiFj1CdAoGBAN9i3nbq6O2bNVSa/8mL\n" +"XaD1vGe/oQgh8gaIaYSpuXlfbjCAG+C4BZ81XgJkfj3CbfGbDNqimsqI0fKsAJ/F\n" +"HHpVMgrOn3L+Np2bW5YMj0Fzwy+1SCvsQ8C+gJwjOLMV6syGp/+6udMSB55rRv3k\n" +"rPnIf+YDumUke4tTw9wAcgkPAoGASHMkiji7QfuklbjSsslRMyDj21gN8mMevH6U\n" +"cX7pduBsA5dDqu9NpPAwnQdHsSDE3i868d8BykuqQAfLut3hPylY6vPYlLHfj4Oe\n" +"dj+xjrSX7YeMBE34qvfth32s1R4FjtzO25keyc/Q2XSew4FcZftlxVO5Txi3AXC4\n" +"bxnRKXECgYEAva+og7/rK+ZjboJVNxhFrwHp9bXhz4tzrUaWNvJD2vKJ5ZcThHcX\n" +"zCig8W7eXHLPLDhi9aWZ3kUZ1RLhrFc/6dujtVtU9z2w1tmn1I+4Zi6D6L4DzKdg\n" +"nMRLFoXufs/qoaJTqa8sQvKa+ceJAF04+gGtw617cuaZdZ3SYRLR2dk=\n" +"-----END RSA PRIVATE KEY-----\n"; + +const char key1[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "Proc-Type: 4,ENCRYPTED\n" + "DEK-Info: DES-EDE3-CBC,82B2F7684A1713F8\n" + "\n" + "1zzOuu89dfFc2UkFCtSJBsBeEFxV8wE84OSxoWu4aYkPhl1LR08BchaTbjeLTP0b\n" + "t961vVpva0ekJkwGDEgmqlGjmhJq9y2sJfq7IeYa8OdTilfGrG1xeJ1QGBi6SCfR\n" + "s/PhkMxwGBtrZ2Z7bEcLT5dQKmKRqsthnClQggmngvk7zX7bPk0hKQKvf+FDxt6x\n" + "hzEaF3k9juU6vAVVSakrZ4QDqk9MUuTGHx0ksTDcC4EESS0l3Ybuum/rAzR4lQKR\n" + "4OLmAeYBDl+l/PSMllfd5x/z1YXYoiAbkpT4ix0lyZJgHrvrYIeUtJk2ODiMHezL\n" + "9BbK7EobtOGmrDLUNVX5BpdaExkWMGkioqzs2QqD/VkKu8RcNSsHVGqkdWKuhzXo\n" + "wcczQ+RiHckN2uy/zApubEWZNLPeDQ499kaF+QdZ+h4RM6E1r1Gu+A==\n" + "-----END RSA PRIVATE KEY-----\n"; + +const char key2[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "Proc-Type: 4,ENCRYPTED\n" + "DEK-Info: AES-128-CBC,2A57FF97B701B3F760145D7446929481\n" + "\n" + "mGAPhSw48wZBnkHOhfMDg8yL2IBgMuTmeKE4xoHi7T6isHBNfkqMd0iJ+DJP/OKb\n" + "t+7lkKjj/xQ7w/bOBvBxlfRe4MW6+ejCdAFD9XSolW6WN6CEJPMI4UtmOK5inqcC\n" + "8l2l54f/VGrVN9uavU3KlXCjrd3Jp9B0Mu4Zh/UU4+EWs9rJAZfLIn+vHZ3OHetx\n" + "g74LdV7nC7lt/fjxc1caNIfgHs40dUt9FVrnJvAtkcNMtcjX/D+L8ZrLgQzIWFcs\n" + "WAbUZj7Me22mCli3RPET7Je37K59IzfWgbWFCGaNu3X02g5xtCfdcn/Uqy9eofH0\n" + "YjKRhpgXPeGJCkoRqDeUHQNPpVP5HrzDZMVK3E4DC03C8qvgsYvuwYt3KkbG2fuA\n" + "F3bDyqlxSOm7uxF/K3YzI44v8/D8GGnLBTpN+ANBdiY=\n" + "-----END RSA PRIVATE KEY-----\n"; + +static int good_pwd_cb(void* userdata, int attempt, const char* token_url, + const char* token_label, unsigned int flags, + char* pin, size_t pin_max) { + snprintf(pin, pin_max, "%s", "123456"); + return 0; +} + +static int bad_pwd_cb(void* userdata, int attempt, const char* token_url, + const char* token_label, unsigned int flags, + char* pin, size_t pin_max) { + snprintf(pin, pin_max, "%s", "bad"); + return 0; +} + +void doit(void) +{ + gnutls_x509_privkey_t pkey; + int ret; + gnutls_datum_t key; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + ret = global_init(); + if (ret < 0) + fail("global_init: %d\n", ret); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) + fail("gnutls_x509_privkey_init: %d\n", ret); + + key.data = (void *) key1; + key.size = sizeof(key1); + ret = gnutls_x509_privkey_import_openssl(pkey, &key, "123456"); + if (ret < 0) { + fail("gnutls_x509_privkey_import_openssl (key1): %s\n", + gnutls_strerror(ret)); + } + gnutls_x509_privkey_deinit(pkey); + + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) + fail("gnutls_x509_privkey_init: %d\n", ret); + + key.data = (void *) key2; + key.size = sizeof(key2); + ret = gnutls_x509_privkey_import_openssl(pkey, &key, "a123456"); + if (ret < 0) { + fail("gnutls_x509_privkey_import_openssl (key2): %s\n", + gnutls_strerror(ret)); + } + + gnutls_x509_privkey_deinit(pkey); + + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) + fail("gnutls_x509_privkey_init: %d\n", ret); + + key.data = (void *) key1; + key.size = sizeof(key1); + ret = + gnutls_x509_privkey_import2(pkey, &key, GNUTLS_X509_FMT_PEM, + "123456", 0); + if (ret < 0) { + fail("gnutls_x509_privkey_import2: %s\n", + gnutls_strerror(ret)); + } + gnutls_x509_privkey_deinit(pkey); + + /* import a plain key */ + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) + fail("gnutls_x509_privkey_init: %d\n", ret); + + key.data = (void *) plain_key; + key.size = sizeof(plain_key); + ret = + gnutls_x509_privkey_import2(pkey, &key, GNUTLS_X509_FMT_PEM, + "123456", 0); + if (ret < 0) { + fail("gnutls_x509_privkey_import2: %s\n", + gnutls_strerror(ret)); + } + gnutls_x509_privkey_deinit(pkey); + + /* GNUTLS_E_DECRYPTION_FAILED with neither password nor pin */ + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) + fail("gnutls_x509_privkey_init: %d\n", ret); + + key.data = (void *) key1; + key.size = sizeof(key1); + ret = gnutls_x509_privkey_import2(pkey, &key, GNUTLS_X509_FMT_PEM, + NULL, 0); + if (ret != GNUTLS_E_DECRYPTION_FAILED) { + fail("gnutls_x509_privkey_import2 (expect decrypt fail): %s\n", + gnutls_strerror(ret)); + } + gnutls_x509_privkey_deinit(pkey); + + /* + * Pin callback passwords will only be used if the password supplied to + * gnutls_x509_privkey_import2 in NULL. Consider possible combinations + * of passwords supplied via the import function/pin callback: + * good/bad => success + * NULL/good => success + * NULL/bad => failure + */ + + /* import_openssl good / callback bad => success */ + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) + fail("gnutls_x509_privkey_init: %d\n", ret); + + gnutls_x509_privkey_set_pin_function(pkey, bad_pwd_cb, NULL); + key.data = (void *) key1; + key.size = sizeof(key1); + ret = gnutls_x509_privkey_import2(pkey, &key, GNUTLS_X509_FMT_PEM, + "123456", 0); + if (ret < 0) { + fail("gnutls_x509_privkey_import2 (good func/bad pin): %s\n", + gnutls_strerror(ret)); + } + gnutls_x509_privkey_deinit(pkey); + + /* import_openssl NULL / callback good => success */ + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) + fail("gnutls_x509_privkey_init: %d\n", ret); + + gnutls_x509_privkey_set_pin_function(pkey, good_pwd_cb, NULL); + key.data = (void *) key1; + key.size = sizeof(key1); + ret = gnutls_x509_privkey_import2(pkey, &key, GNUTLS_X509_FMT_PEM, + NULL, 0); + if (ret < 0) { + fail("gnutls_x509_privkey_import2 (good pin): %s\n", + gnutls_strerror(ret)); + } + gnutls_x509_privkey_deinit(pkey); + + /* import_openssl NULL / callback bad => success */ + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) + fail("gnutls_x509_privkey_init: %d\n", ret); + + gnutls_x509_privkey_set_pin_function(pkey, bad_pwd_cb, NULL); + key.data = (void *) key1; + key.size = sizeof(key1); + ret = gnutls_x509_privkey_import2(pkey, &key, GNUTLS_X509_FMT_PEM, + NULL, 0); + if (ret != GNUTLS_E_DECRYPTION_FAILED) { + fail("gnutls_x509_privkey_import2 (bad pin): %s\n", + gnutls_strerror(ret)); + } + gnutls_x509_privkey_deinit(pkey); + + gnutls_global_deinit(); +} diff --git a/tests/key-usage-ecdhe-rsa.c b/tests/key-usage-ecdhe-rsa.c new file mode 100644 index 0000000..4926d2b --- /dev/null +++ b/tests/key-usage-ecdhe-rsa.c @@ -0,0 +1,308 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +const char *side; + +/* This test checks whether a key usage violation is detected when + * using a certificate for digital signatures in the RSA ciphersuites. + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char encryption_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDoTCCAgmgAwIBAgIIWD7Wvx22i+gwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" + "AxMEQ0EtMzAgFw0xNjExMzAxMzQwMTZaGA85OTk5MTIzMTIzNTk1OVowADCCASIw\n" + "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3XiAz9NK/9K4mciW5cioUfOrH8\n" + "W5QlnzgODc5O9vKypx+2Y42BmVArdTNox9ypyQHs4Tf1RVs8MkKLLRPVPvFTTwsB\n" + "sYYR0WwtjLaUAG6uEQOkQ1tKnkPveR+7Yaz/WurUTFH/6tt9PLkjUa2MFClJfQyA\n" + "+Ip0DOChfZVWDmKEsGxf0+HDrUwI6Yrue6Xjq4MtQ644vxYuIZrEU53bExNrZ7y9\n" + "fvwsYa86eNBO3lEierVnusFqvngsXzuhHMTh7Dd1kdewWnNX9cFyXFPU1oxpEqgD\n" + "9b/WOELpt4/Vyi6GAKthroTADOrgqIS4yVv/IwTE+I75820inSJBXwpVi9sCAwEA\n" + "AaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNV\n" + "HSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDByAAMB0GA1UdDgQWBBThAci6\n" + "ST9MfTP8KV4xkB0p2hgsyjAfBgNVHSMEGDAWgBT5qIYZY7akFBNgdg8BmjU27/G0\n" + "rzANBgkqhkiG9w0BAQsFAAOCAYEAQSaXhGYE0VvpFidR+txfhRXZhoIyO6bCxrOE\n" + "WFTdglZ3XE9/avlONa18hAVmMqBXJFKiTIMou2qQu7dJ80dMphQPFSOgVTwNP5yD\n" + "MM0iJHSlcBweukA3+Jfo3lbGSYOGh3D157XwPQ5+dKFSgzFWdQApDAZ2Y5wg1mlD\n" + "riapOliMXEBHuKaBEAGYHLNQEUoutc/8lpv7FrE8YPp2J5f/kBlL21ygHNCNbRQZ\n" + "XTTajRgY5dg0R7CPM1wkyk/K1Lke2BgteF4FWlKTzh3b42swWJAlW9oDcqA8xRHu\n" + "cvU+7PKs3SpXky6dGC+rgWMfV99z00gNICdZJrqTRTd6JvMa+Q8QCChHtyE40LWe\n" + "MXFfeQW2kWD+q2CUAiY5K/fk4p74w4TtHuln3/+IZd+fwMfq9eD9524n+61AoTvm\n" + "FM9vezUEwybmHVTx+390aiY2SaAxl4BCopauOgpBTnj8Rcd5dMO3qEW4+QaXKMlU\n" + "wIEPoaEfCDQ/XXy0bM5zFUFWgTNX\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t enc_cert = { encryption_cert_pem, + sizeof(encryption_cert_pem)-1 +}; + +static unsigned char encryption_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEpgIBAAKCAQEAzdeIDP00r/0riZyJblyKhR86sfxblCWfOA4Nzk728rKnH7Zj\n" + "jYGZUCt1M2jH3KnJAezhN/VFWzwyQostE9U+8VNPCwGxhhHRbC2MtpQAbq4RA6RD\n" + "W0qeQ+95H7thrP9a6tRMUf/q2308uSNRrYwUKUl9DID4inQM4KF9lVYOYoSwbF/T\n" + "4cOtTAjpiu57peOrgy1Drji/Fi4hmsRTndsTE2tnvL1+/Cxhrzp40E7eUSJ6tWe6\n" + "wWq+eCxfO6EcxOHsN3WR17Bac1f1wXJcU9TWjGkSqAP1v9Y4Qum3j9XKLoYAq2Gu\n" + "hMAM6uCohLjJW/8jBMT4jvnzbSKdIkFfClWL2wIDAQABAoIBAQC70D11xI6PSUux\n" + "St/mj49gOYdfoOeaO92T0tbr+AbAmRt+Bve8xJQznwNX/fHmOBCMriss2KEIxtsA\n" + "9mYR44+Dt8S2QTxOHPHdZ44thMsEMdSaYwWGRYY0bEszFdDgfTnibASbCQusaw+9\n" + "ySkcVWSL616qyv57rbmWOCMS4CtN3Sk982mtzSdCkJ8tiq6n3C60QPom/zo5TBS5\n" + "vaJ70NRnj7Zuq9VPwNKOwhkYW9OUZsAmdwLqenmsLfQEnZnu/ielJ10LI8SrQG5x\n" + "lANdYRD07W5lpwImJCELUqK5X2iw5ii6/4vl/Si/WcL4pRFpuCOCp1B8SDuSkOKS\n" + "zebU/Z3hAoGBAPvIN/WlSQ+Iy5TNGsnV5B96Xvl8YrXVInJZ7z4MOrPgyvN8mQXX\n" + "sQ6D01H2tba3mWt0S16lWwBsOll5LDBj5kcvp+4702xUxoOap79wXPS1Ibi+uXlO\n" + "5c7V3pa7r2nw7YQL+ehYpgBdaVaYdAnHKn0Mo7zMd+yjNnQEfEcDwNFxAoGBANFK\n" + "S7y327IEms1wdn0hb1r812PKsn464j4xbnfnrAYzE2cttgLSYsRRYNMo++ZS9Y3v\n" + "3MZGmgOsKRgpbblxhUxNY5pKeHcXKUy1YtaGJVpeQwI8u69Th9tUDS2/yt7Op4/0\n" + "p5115DTEfmvKzF//PH7GtX5Ox/JoNSHaPcORT0wLAoGBANXYEZ8zCMCG4NG6+hue\n" + "7KfHmU6wVG43XZBdzhKW9Gy+aeEvXBBYR2saj6q3rVJI0acwGKuEKaxMP6qqfduD\n" + "nZusYCa47TK/NfOksQCpgGneRYvRgVoEpq5reyfutGd4V2KlgVXTpPn+XG9OAJAl\n" + "dnLK/25lAx4a6S7UeHEgQO4hAoGBAKyfch6jK3MGd0RxuVl2RWmv2Fw36MdS/B6+\n" + "GNaPYITwhdV5j4F+U/aHBKzGRhbwYBcFO3zS6N+UlYSXTyhAqOiJgFjXicr4cJkT\n" + "lwVIOfDyhKSIwWlYJVtTVVdhtQvXOb/z1Hh8r5CSbY+tAqs/U39hmHsosaSQLRrR\n" + "7lWrOdOHAoGBAIndZqW8HHfUk5Y6ZlbDzz/GRi81nrU3p2Ii1M17PLFyFhKZcPyM\n" + "kJDhqStyWEQKN7Xig0uxGvGAFYTBsILmoS/XAFnRpfcmNkF7hXRGHuHFRopZuIic\n" + "gZ9oloj50/wHdTSU/MExRExhC7DUom2DzihUz3a5uqWOK/SnpfNeIJPs\n" + "-----END RSA PRIVATE KEY-----\n"; +const gnutls_datum_t enc_key = { encryption_key_pem, + sizeof(encryption_key_pem)-1 +}; + +static +void server_check(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &enc_cert, &enc_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, + "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_priority_set_direct(client, "NORMAL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_NO_CIPHER_SUITES); + + if (debug) + success("server returned the expected code\n"); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +static gnutls_privkey_t g_pkey = NULL; +static gnutls_pcert_st *g_pcert = NULL; + +static int +cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_pcert_st ** pcert, + unsigned int *pcert_length, gnutls_privkey_t * pkey) +{ + int ret; + gnutls_pcert_st *p; + gnutls_privkey_t lkey; + + if (g_pkey == NULL) { + p = gnutls_malloc(sizeof(*p)); + if (p==NULL) + return -1; + + ret = gnutls_pcert_import_x509_raw(p, &enc_cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) + return -1; + + ret = gnutls_privkey_init(&lkey); + if (ret < 0) + return -1; + + ret = gnutls_privkey_import_x509_raw(lkey, &enc_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + return -1; + + g_pcert = p; + g_pkey = lkey; + + *pcert = p; + *pcert_length = 1; + } else { + *pcert = g_pcert; + *pcert_length = 1; + } + *pkey = g_pkey; + + return 0; +} + +static +void client_check(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_retrieve_function2(serverx509cred, cert_callback); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, + "NORMAL:-KX-ALL:+ECDHE-RSA:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS:-VERS-ALL:+VERS-TLS1.2", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_priority_set_direct(client, "NORMAL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE_EXPECT(client, server, GNUTLS_E_KEY_USAGE_VIOLATION, GNUTLS_E_AGAIN); + + if (debug) + success("client returned the expected code: %s\n", gnutls_strerror(cret)); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +void doit(void) +{ + server_check(); + reset_buffers(); + client_check(); + + if (g_pcert) { + gnutls_pcert_deinit(g_pcert); + gnutls_free(g_pcert); + } + if (g_pkey) { + gnutls_privkey_deinit(g_pkey); + } +} diff --git a/tests/key-usage-rsa.c b/tests/key-usage-rsa.c new file mode 100644 index 0000000..5eb2cfe --- /dev/null +++ b/tests/key-usage-rsa.c @@ -0,0 +1,347 @@ +/* + * Copyright (C) 2015-2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +const char *side; + +/* This test checks whether a key usage violation is detected when + * using a certificate for digital signatures in the RSA ciphersuites. + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char ca_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIC8zCCAdugAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCAXDTE1MDgxNDA5MzUxMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4O2BYEx/hl7URXhb\n" +"52erURO6HrlfacZjG0fQ2WqRcJJTqg2baAbA7+1SLdhphZ+KJDypEjJWmOgbaehI\n" +"hlK7zDZb+0r0uXlUQ11mgf7FcCDQoJBmC1dcN3o6zPeXg5hkWV+ZV2h7hhJTwkRc\n" +"C4DXTbaDKy8PNiC0MRMOGjeMfnL26oaxzuHNgH4u1J02+XUZ0UcSDrUc52O1lJ02\n" +"i1SbD+fTNBgmFQADXyAllZYJ/xwbxf44TFhQjiOvVpz/9EB2+/x5H0r1YvwKGY6v\n" +"5mfkUsEAE5+uxDXdZT84ltEKkAjbZ9cIgdmXRuD4mkyo3NHLh7oHCdsRRE/S/rZe\n" +"ikmGpQIDAQABo1gwVjAPBgNVHRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUF\n" +"BwMJMA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFEvjsNoFTfqDEKbcwFnxKId+\n" +"ZQP8MA0GCSqGSIb3DQEBCwUAA4IBAQAKrbc6hER0xAjn5driLNyoz0JJr5P07PDI\n" +"d8AR3ZC56DSJNdvKDqdFIvAoo/JePCTFSdhbaqu+08MoTtRK5TKqjRiDiG4XCxiz\n" +"Ado7QouS+ZgDP1Uxv8j2YWeSpkusD+oIEK96wbeDaYi0ENbLWbm9zWqvHaaEYn4c\n" +"ov78n+7VvP3I2OFuJ0EPy+r55GPxSCRCh6apL78yAc6TfcyOwwTihvCF5ejCqRg/\n" +"T1As5NCCpdYP2nejRymjO6wMRsRFBX9+gndO9qVQZJr8zBTw8k8/pMtDubjkYqEv\n" +"qRME4/3q8+Sm8HlZ8FPpcU9XbLl+ASd+SWr8jCTGLSxF2hME8Lgg\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t ca_cert = { ca_cert_pem, + sizeof(ca_cert_pem) +}; + +static unsigned char server_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIDITCCAgmgAwIBAgIMVc22UBIVIpQdKaDeMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" +"BgNVBAMTBENBLTAwIBcNMTUwODE0MDkzNTEyWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" +"ETAPBgNVBAMTCHNlcnZlci0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\n" +"AQEAvhX+gDD8GkLW0GVH5C+AdbCFKAcj0tG+S+OuCpDp8NGZN4GXtbljUk5U82ha\n" +"nyq52eJCptCSspXNKq6Hn0H/eSXlRndnIblB49Dqy6kHq0i1ysmrbdbe9BWrUqeU\n" +"uKSZ8O98ANzHfVDOxCvhqGfytvrgudfk5JZxqAD2CXU6R5AjG60cnR49xGkplfKS\n" +"31fpdshDkQMm+w2hfa97wqjrTbQ7K4SIgB9AYbRNvHd8PAo6fxXrLaBPZkQu9AiP\n" +"D+sEz5bGrhzlIwz5SdcGAjuysB1WAygrWcTZ2zvX96lVTMhRF4umo8Rd1rzapB6G\n" +"Uj64cKtkyJjcGV54Ifd6E/lmDwIDAQABo3cwdTAMBgNVHRMBAf8EAjAAMBQGA1Ud\n" +"EQQNMAuCCWxvY2FsaG9zdDAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBSTZZoN\n" +"JNpaTuLaiXd+abUidelNDDAfBgNVHSMEGDAWgBRL47DaBU36gxCm3MBZ8SiHfmUD\n" +"/DANBgkqhkiG9w0BAQsFAAOCAQEANot3py74nzCijhKilXyHz44LnpzbZGxMzbdr\n" +"gK9maqqfiOWJMohOmSezYvMItudDn/Z3Bu7xzDxchDF80sBN+4UiDxl47uYbNl6o\n" +"UFfpFu4GmO0HfeWkbM1ZqVJGBa6zOCkc3aw0LK7O2YRcBcsjzdIPQpePf/jRpppJ\n" +"mz4qShtGa37Vfv4XxoXFPJdfil3uXl8Pe3qo+f8+DiMIIuxzKyQatu0DP4CjuEf1\n" +"6sgcBFbeUMAJsCh0qFbqObWyOe9XxFEukLMPV7s2EKnRcY7Xhyuf6wyNI/oPkmon\n" +"+m/yxJVZSWkpERsyXW1ZkR0Xw2KnJ4bzdQkDTs73ijOd4jFQvA==\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIIC8zCCAdugAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCAXDTE1MDgxNDA5MzUxMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4O2BYEx/hl7URXhb\n" +"52erURO6HrlfacZjG0fQ2WqRcJJTqg2baAbA7+1SLdhphZ+KJDypEjJWmOgbaehI\n" +"hlK7zDZb+0r0uXlUQ11mgf7FcCDQoJBmC1dcN3o6zPeXg5hkWV+ZV2h7hhJTwkRc\n" +"C4DXTbaDKy8PNiC0MRMOGjeMfnL26oaxzuHNgH4u1J02+XUZ0UcSDrUc52O1lJ02\n" +"i1SbD+fTNBgmFQADXyAllZYJ/xwbxf44TFhQjiOvVpz/9EB2+/x5H0r1YvwKGY6v\n" +"5mfkUsEAE5+uxDXdZT84ltEKkAjbZ9cIgdmXRuD4mkyo3NHLh7oHCdsRRE/S/rZe\n" +"ikmGpQIDAQABo1gwVjAPBgNVHRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUF\n" +"BwMJMA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFEvjsNoFTfqDEKbcwFnxKId+\n" +"ZQP8MA0GCSqGSIb3DQEBCwUAA4IBAQAKrbc6hER0xAjn5driLNyoz0JJr5P07PDI\n" +"d8AR3ZC56DSJNdvKDqdFIvAoo/JePCTFSdhbaqu+08MoTtRK5TKqjRiDiG4XCxiz\n" +"Ado7QouS+ZgDP1Uxv8j2YWeSpkusD+oIEK96wbeDaYi0ENbLWbm9zWqvHaaEYn4c\n" +"ov78n+7VvP3I2OFuJ0EPy+r55GPxSCRCh6apL78yAc6TfcyOwwTihvCF5ejCqRg/\n" +"T1As5NCCpdYP2nejRymjO6wMRsRFBX9+gndO9qVQZJr8zBTw8k8/pMtDubjkYqEv\n" +"qRME4/3q8+Sm8HlZ8FPpcU9XbLl+ASd+SWr8jCTGLSxF2hME8Lgg\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = +"-----BEGIN RSA PRIVATE KEY-----\n" +"MIIEowIBAAKCAQEAvhX+gDD8GkLW0GVH5C+AdbCFKAcj0tG+S+OuCpDp8NGZN4GX\n" +"tbljUk5U82hanyq52eJCptCSspXNKq6Hn0H/eSXlRndnIblB49Dqy6kHq0i1ysmr\n" +"bdbe9BWrUqeUuKSZ8O98ANzHfVDOxCvhqGfytvrgudfk5JZxqAD2CXU6R5AjG60c\n" +"nR49xGkplfKS31fpdshDkQMm+w2hfa97wqjrTbQ7K4SIgB9AYbRNvHd8PAo6fxXr\n" +"LaBPZkQu9AiPD+sEz5bGrhzlIwz5SdcGAjuysB1WAygrWcTZ2zvX96lVTMhRF4um\n" +"o8Rd1rzapB6GUj64cKtkyJjcGV54Ifd6E/lmDwIDAQABAoIBAQCPPDOSlVbi0wrb\n" +"7fXGVKUQCfvMtdSgv7wNo3s6KwidltNFqDmRjijxlGUfJbtjxOZW8NAYs4JXX9pC\n" +"F1HLCAhiWdPyzXbBSsAD0yGaZbyJrTiPnne3RPqsIsf+eJjwqdf2Xf+rBrKsE4A7\n" +"AnYAWJPknhdI8w5f0Z3DYzYC2nsYAI/FvJCpQvs9qMfVznctzcLUpvquDYrkDaFA\n" +"Rk14xQ8zhXKSugx1N2QAabk9YhMIDgBRHvZkQfBYJ/bNhfpLveQZX14QLn++EuFZ\n" +"F0QpoOtJhWNZDbDdroud2G821dl5bLKsKx0cD63Bsz1uV8vUQF0F2xx8t64SPhz9\n" +"zC/eZB+BAoGBAM57D4Nav1zreqBJZnWVtR7qr54AIg3nKccFPXLeezhI1iJi07tn\n" +"Fc2YdP+5NzRAVBOBKaMwuJ4ZdLnclsKD8A/LzMgerRfuV6EDHOPKAgWISU/+Up6x\n" +"Q5tQ2ocPjQFHb5gK3Le9lMkBHt1j6ZIptUIXTqzzwKYSDDYkdMCmSyBXAoGBAOus\n" +"XvHE/DIV6idE4k590nq+o9OdMet+LWUzmyTjlbVhPZ09vTSHs+3U1Fe4te6aNUI+\n" +"KkhizCHMvx+M0uzCwy31TDdLe9QbmtkQet0AAX/Qsb5IQrDi5iLl7UuvZMa7tCUe\n" +"R0puBRBzvZg4LQWDgJ9U4fO3YO0c3VBRpicQbvUJAoGAFN6bUst5TAsA+fJxSLE4\n" +"/Ub7OR0KVB1pO5RsAZA7JBU4j4EtpWNl8MHYEYDG86EM3mvPqY7jGhe4lJCXLFHp\n" +"ka8no5J2LFUKxltqMBva2HRN9Kff8eo4yxoA/GW1+ssdnGB8rpWa1DYoyHeww/Uz\n" +"PNreONzqO97XHSHSKyajsUECgYAe/3ENg8dYHyHJQHozsMD6fBC4SLjELLhz0zHY\n" +"zEZosP2VrQUx35d+9LtpPlZPp+DRcbPGCZin6XJKCA/GLGfXp6f6reb/oxHe8xf1\n" +"8YZA9YYrbP24nl9+v5dSmSM8MHwlVbIyy/3GiDKrzte9HerRCi0eDUSma2GAqvyb\n" +"rsGpYQKBgCj7dXo0LKYaEJ17NXCD6Cu7gMP9haYo0HHfkhBnIgYs/Cytgnedzp6k\n" +"kRcVr4yllg5yEgiqPvg+PyuL1sm0epQ85qeYOaR2CsbN6mYnwX8/8LLZ7Ep4v3vv\n" +"m0SlmY5Hgw6lit1DOr1HDoZZKzbpT3H//TrMMhvBPdcBQwjcHMHl\n" +"-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static +void server_check(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, + "NORMAL:-KX-ALL:+RSA:-VERS-ALL:+VERS-TLS1.2", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_priority_set_direct(client, "NORMAL:+RSA:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_NO_CIPHER_SUITES); + + if (debug) + success("server returned the expected code\n"); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +static gnutls_privkey_t g_pkey = NULL; +static gnutls_pcert_st *g_pcert = NULL; + +static int +cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_pcert_st ** pcert, + unsigned int *pcert_length, gnutls_privkey_t * pkey) +{ + int ret; + gnutls_pcert_st *p; + gnutls_privkey_t lkey; + + if (g_pkey == NULL) { + p = gnutls_malloc(sizeof(*p)); + if (p==NULL) + return -1; + + ret = gnutls_pcert_import_x509_raw(p, &server_cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) + return -1; + + ret = gnutls_privkey_init(&lkey); + if (ret < 0) + return -1; + + ret = gnutls_privkey_import_x509_raw(lkey, &server_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + return -1; + + g_pcert = p; + g_pkey = lkey; + + *pcert = p; + *pcert_length = 1; + } else { + *pcert = g_pcert; + *pcert_length = 1; + } + *pkey = g_pkey; + + return 0; +} + +static +void client_check(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_retrieve_function2(serverx509cred, cert_callback); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, + "NORMAL:-KX-ALL:+RSA:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS:-VERS-ALL:+VERS-TLS1.2", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_priority_set_direct(client, "NORMAL:+RSA:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE_EXPECT(client, server, GNUTLS_E_KEY_USAGE_VIOLATION, GNUTLS_E_AGAIN); + + if (debug) + success("client returned the expected code: %s\n", gnutls_strerror(cret)); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +void doit(void) +{ + server_check(); + reset_buffers(); + client_check(); + + if (g_pcert) { + gnutls_pcert_deinit(g_pcert); + gnutls_free(g_pcert); + } + if (g_pkey) { + gnutls_privkey_deinit(g_pkey); + } +} diff --git a/tests/keylog-env.c b/tests/keylog-env.c new file mode 100644 index 0000000..5f5f74e --- /dev/null +++ b/tests/keylog-env.c @@ -0,0 +1,177 @@ +/* + * Copyright (C) 2016 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* Test for SSLKEYLOGFILE being functional. + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +/* In TLS 1.2, we only expect CLIENT_RANDOM. */ +static const char *tls12_included_labels[] = { "CLIENT_RANDOM", NULL }; +static const char *tls12_excluded_labels[] = { NULL }; + +/* In TLS 1.3, we expect secrets derived in handshake phases, but not + * CLIENT_RANDOM. */ +static const char *tls13_included_labels[] = { + "CLIENT_HANDSHAKE_TRAFFIC_SECRET", + "SERVER_HANDSHAKE_TRAFFIC_SECRET", + "CLIENT_TRAFFIC_SECRET_0", + "SERVER_TRAFFIC_SECRET_0", + "EXPORTER_SECRET", + NULL +}; +static const char *tls13_excluded_labels[] = { "CLIENT_RANDOM", NULL }; + +static void search_for_str(const char *filename, const char *label, bool excluded) +{ + char line[512]; + FILE *fp = fopen(filename, "r"); + char *p; + + while( (p = fgets(line, sizeof(line), fp)) != NULL) { + success("%s", line); + if (strncmp(line, label, strlen(label)) == 0 && + line[strlen(label)] == ' ') { + fclose(fp); + if (excluded) + fail("file should not contain %s\n", label); + return; + } + } + fclose(fp); + if (!excluded) + fail("file should contain %s\n", label); +} + +static void run(const char *filename, const char *prio, + const char **included, const char **excluded) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_certificate_credentials_t clicred; + const char **p; + int ret; + +#ifdef _WIN32 + { + char buf[512]; + snprintf(buf, sizeof(buf), "SSLKEYLOGFILE=%s", filename); + _putenv(buf); + } +#else + setenv("SSLKEYLOGFILE", filename, 1); +#endif + + if (debug) { + gnutls_global_set_log_level(6); + gnutls_global_set_log_function(tls_log_func); + } + + /* test gnutls_certificate_flags() */ + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert_chain, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in error code\n"); + exit(1); + } + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + + test_cli_serv(x509_cred, clicred, prio, "localhost", NULL, NULL, NULL); + + if (access(filename, R_OK) != 0) { + fail("keylog file was not created\n"); + exit(1); + } + + for (p = included; *p; p++) + search_for_str(filename, *p, false); + for (p = excluded; *p; p++) + search_for_str(filename, *p, true); + + gnutls_certificate_free_credentials(x509_cred); + gnutls_certificate_free_credentials(clicred); + + if (debug) + success("success"); +} + +void doit(void) +{ + char filename[TMPNAME_SIZE]; + + assert(get_tmpname(filename)!=NULL); + + remove(filename); + global_init(); + + run(filename, + "NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", + tls12_included_labels, tls12_excluded_labels); + + /* This is needed because the SSLKEYLOGFILE envvar is checked + * only once and the file is never closed until the library is + * unloaded. Truncate the file to zero length, so we can + * reuse the same file for multiple tests. */ + truncate(filename, 0); + + run(filename, + "NONE:+VERS-TLS1.3:+AES-256-GCM:+AEAD:+SIGN-ALL:+GROUP-ALL", + tls13_included_labels, tls13_excluded_labels); + + gnutls_global_deinit(); + remove(filename); +} diff --git a/tests/keylog-func.c b/tests/keylog-func.c new file mode 100644 index 0000000..8145c55 --- /dev/null +++ b/tests/keylog-func.c @@ -0,0 +1,353 @@ +/* + * Copyright (C) 2019 Free Software Foundation, Inc. + * + * Author: Aniketh Girish + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#if !defined(__linux__) || !defined(__GNUC__) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* This program tests whether a keylog function is called. + */ + +static void terminate(void); + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +const char *side = ""; + +/* These are global */ +static pid_t child; +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +static int +keylog_func(gnutls_session_t session, + const char *label, + const gnutls_datum_t *secret) +{ + unsigned int *call_count = gnutls_session_get_ptr(session); + static const char *exp_labels[] = { + "CLIENT_HANDSHAKE_TRAFFIC_SECRET", + "SERVER_HANDSHAKE_TRAFFIC_SECRET", + "EXPORTER_SECRET", + "CLIENT_TRAFFIC_SECRET_0", + "SERVER_TRAFFIC_SECRET_0" + }; + + if (*call_count >= sizeof(exp_labels)/sizeof(exp_labels[0])) + fail("unexpected secret at call count %u\n", + *call_count); + + if (strcmp(label, exp_labels[*call_count]) != 0) + fail("unexpected %s at call count %u\n", + label, *call_count); + else if (debug) + success("received %s at call count %u\n", + label, *call_count); + + (*call_count)++; + return 0; +} + +static void client(int fd, const char *prio, unsigned int exp_call_count) +{ + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + unsigned int call_count = 0; + int ret, ii; + gnutls_certificate_credentials_t clientx509cred; + const char *err; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&clientx509cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + gnutls_session_set_ptr(session, &call_count); + + /* Use default priorities */ + ret = gnutls_priority_set_direct(session, prio, &err); + if (ret < 0) { + fail("client: priority set failed (%s): %s\n", + gnutls_strerror(ret), err); + exit(1); + } + + ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_transport_set_int(session, fd); + + gnutls_session_set_keylog_function(session, keylog_func); + assert(gnutls_session_get_keylog_function(session) == keylog_func); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_record_send(session, MSG, strlen(MSG)); + + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + if (call_count != exp_call_count) + fail("secret hook is not called %u times (%u)\n", + call_count, exp_call_count); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +static void server(int fd, const char *prio, unsigned int exp_call_count) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + unsigned int call_count = 0; + gnutls_certificate_credentials_t serverx509cred; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&serverx509cred); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_session_set_ptr(session, &call_count); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + ret = gnutls_priority_set_direct(session, + "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA384:-GROUP-ALL:+GROUP-SECP256R1", NULL); + if (ret < 0) { + fail("server: priority set failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_transport_set_int(session, fd); + + gnutls_session_set_keylog_function(session, keylog_func); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) { + success("server: Handshake was completed\n"); + } + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + memset(buffer, 0, MAX_BUF + 1); + + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success("server: Peer has closed the GnuTLS connection\n"); + } else if (ret < 0) { + fail("server: Received corrupted data(%d). Closing...\n", ret); + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + + if (call_count != exp_call_count) + fail("secret hook is not called %u times (%u)\n", + call_count, exp_call_count); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(serverx509cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void terminate(void) +{ + int status = 0; + + if (child) { + kill(child, SIGTERM); + wait(&status); + } + exit(1); +} + +static void +run(const char *prio, unsigned int exp_call_count) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status = 0; + /* parent */ + + server(fd[0], prio, exp_call_count); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], prio, exp_call_count); + exit(0); + } +} + +void doit(void) +{ + run("NORMAL:-VERS-ALL:+VERS-TLS1.3", 5); +} + +#endif /* _WIN32 */ diff --git a/tests/ktls.sh b/tests/ktls.sh new file mode 100755 index 0000000..cace328 --- /dev/null +++ b/tests/ktls.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# Copyright (C) 2022 Red Hat, Inc. +# +# Author: Daiki Ueno +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${builddir=.} + +. "$srcdir/scripts/common.sh" + +if ! grep '^tls ' /proc/modules 2>&1 /dev/null; then + exit 77 +fi + +testdir=`create_testdir ktls` + +cfg="$testdir/config" + +cat < "$cfg" +[global] +ktls = true +EOF + +GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 \ +GNUTLS_SYSTEM_PRIORITY_FILE="$cfg" \ +"$builddir/gnutls_ktls" "$@" +rc=$? + +rm -rf "$testdir" +exit $rc diff --git a/tests/logfile-option.sh b/tests/logfile-option.sh new file mode 100755 index 0000000..e0086dc --- /dev/null +++ b/tests/logfile-option.sh @@ -0,0 +1,169 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +echo "Checking whether logfile option works." + +KEY1=${srcdir}/../doc/credentials/x509/example.com-key.pem +CERT1=${srcdir}/../doc/credentials/x509/example.com-cert.pem +CA1=${srcdir}/../doc/credentials/x509/ca.pem +PSK=${srcdir}/psk.passwd + +TMPFILE1=save-data1.$$.tmp +TMPFILE2=save-data2.$$.tmp + +OPTS="--sni-hostname example.com --verify-hostname example.com" + +eval "${GETPORT}" +launch_server --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=${PSK} +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskusername=jas --pskkey=9e32cf7786321a828ef7668f09fb35db ${TMPFILE2} + +kill ${PID} +wait + +if test -f ${TMPFILE1};then + echo "Logfile should not be created!" + exit 1 +fi +if ! test -s ${TMPFILE2};then + echo "Stdout should not be empty!" + exit 1 +fi +if grep -q "Handshake was completed" ${TMPFILE2};then + echo "Find the expected output!" +else + echo "Cannot find the expected output!" + exit 1 +fi + +rm -f ${TMPFILE1} ${TMPFILE2} + +eval "${GETPORT}" +launch_server --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=${PSK} +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --logfile ${TMPFILE1} --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskusername=jas --pskkey=9e32cf7786321a828ef7668f09fb35db ${TMPFILE2} + +kill ${PID} +wait + +if ! test -f ${TMPFILE1};then + echo "Logfile should be created!" + exit 1 +fi +if test -s ${TMPFILE2};then + echo "Stdout should be empty!" + exit 1 +fi + +if grep -q "Handshake was completed" ${TMPFILE1}; then + echo "Found the expected output!" +else + echo "Cannot find the expected output!" + exit 1 +fi +rm -f ${TMPFILE1} ${TMPFILE2} + + +echo "x509 functionality test" +eval "${GETPORT}" +launch_server --echo --sni-hostname-fatal --sni-hostname example.com --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 ${OPTS} --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509cafile ${CA1} ${TMPFILE2} +kill ${PID} +wait + +if test -f ${TMPFILE1};then + echo "Logfile should not be created!" + exit 1 +fi +if ! test -s ${TMPFILE2};then + echo "Stdout should not be empty!" + exit 1 +fi +if grep -q "Handshake was completed" ${TMPFILE2};then + echo "Find the expected output!" +else + echo "Cannot find the expected output!" + exit 1 +fi + +rm -f ${TMPFILE1} ${TMPFILE2} + +eval "${GETPORT}" +launch_server --echo --sni-hostname-fatal --sni-hostname example.com --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 ${OPTS} --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509cafile ${CA1} --logfile ${TMPFILE1} ${TMPFILE2} +kill ${PID} +wait + +if ! test -f ${TMPFILE1};then + echo "Logfile should be created!" + exit 1 +fi +if test -s ${TMPFILE2};then + echo "Stdout should be empty!" + exit 1 +fi + +if grep -q "Handshake was completed" ${TMPFILE1}; then + echo "Found the expected output!" +else + echo "Cannot find the expected output!" + exit 1 +fi +rm -f ${TMPFILE1} ${TMPFILE2} + +exit 0 diff --git a/tests/long-crl.sh b/tests/long-crl.sh new file mode 100755 index 0000000..b59c8cb --- /dev/null +++ b/tests/long-crl.sh @@ -0,0 +1,52 @@ +#!/bin/sh + +# Copyright (C) 2014 Red Hat +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +. "${srcdir}/scripts/common.sh" + +TMPFILE=long.$$.pem.tmp + +${VALGRIND} "${CERTTOOL}" --crl-info --inder --infile "${srcdir}/data/long.crl" --outfile $TMPFILE +if test $? != 0; then + echo "CRL decoding failed 1!" + exit 1 +fi + +check_if_equal "${srcdir}/data/long.pem" $TMPFILE "^warning" +if test $? != 0; then + echo "CRL decoding failed 2!" + exit 1 +fi + +rm -f $TMPFILE + +exit 0 diff --git a/tests/long-session-id.c b/tests/long-session-id.c new file mode 100644 index 0000000..6a40633 --- /dev/null +++ b/tests/long-session-id.c @@ -0,0 +1,249 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +void doit(void) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" + +/* This program tests the robustness of record + * decoding. + */ + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + + +/* A very basic TLS client, with anonymous authentication. + */ + +static void client(int fd, const char *prio) +{ + int ret; + unsigned r; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + gnutls_global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + r = gnutls_ecc_curve_get(session); + if (r == 0xffffffff) { + fprintf(stderr, "memory was overwritten\n"); + kill(getpid(), SIGSEGV); + } + + if (ret == GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER) { + fprintf(stderr, "client: Handshake failed (expected): %s\n", gnutls_strerror(ret)); + goto cleanup; + } else { + fprintf(stderr, "client: Handshake was completed or failed with unknown error code(%d): %s\n", ret, gnutls_strerror(ret)); + kill(getpid(), SIGSEGV); + } + + cleanup: + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void server(int fd, const char *prio) +{ + int ret; + uint8_t id[255]; + uint8_t buffer[] = "\x16\x03\x01\x01\x25" + "\x02\x00\x01\x21" + "\x03\x01"/*Server Version */ + /*Random*/"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00" + /*SessionID*/"\xfe"; + + ret = read(fd, id, sizeof(id)); + if (ret < 0) { + abort(); + } + + ret = write(fd, buffer, sizeof(buffer)); + if (ret < 0) { + return; + } + + memset(id, 0xff, sizeof(id)); + ret = write(fd, id, sizeof(id)); + if (ret < 0) { + return; + } + + memset(id, 0xff, sizeof(id)); + ret = write(fd, id, sizeof(id)); + if (ret < 0) { + return; + } + sec_sleep(3); + + return; +} + +static void start(const char *prio) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } +} + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-alpn.c b/tests/mini-alpn.c new file mode 100644 index 0000000..a8c9eb5 --- /dev/null +++ b/tests/mini-alpn.c @@ -0,0 +1,304 @@ +/* + * Copyright (C) 2013 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(ENABLE_ALPN) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests the rehandshake in DTLS + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +/* A very basic DTLS client, with anonymous authentication, that negotiates SRTP + */ + +static void client(int fd, const char *protocol0, const char *protocol2, const char *protocol1) +{ + gnutls_session_t session; + int ret; + gnutls_datum_t proto; + gnutls_anon_client_credentials_t anoncred; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + if (protocol1) { + gnutls_datum_t t[3]; + t[0].data = (void *) protocol0; + t[0].size = strlen(protocol0); + t[1].data = (void *) protocol1; + t[1].size = strlen(protocol1); + t[2].data = (void *) protocol2; + t[2].size = strlen(protocol2); + + ret = gnutls_alpn_set_protocols(session, t, 3, 0); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + } + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + ret = gnutls_alpn_get_selected_protocol(session, &proto); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + + if (debug) { + fprintf(stderr, "selected protocol: %.*s\n", + (int) proto.size, proto.data); + } + + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, const char *protocol1, const char *protocol2) +{ + int ret; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_datum_t t[2]; + gnutls_datum_t selected; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + t[0].data = (void *) protocol1; + t[0].size = strlen(protocol1); + t[1].data = (void *) protocol2; + t[1].size = strlen(protocol2); + + ret = gnutls_alpn_set_protocols(session, t, 2, 0); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + ret = gnutls_alpn_get_selected_protocol(session, &selected); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + + if (debug) { + success("Protocol: %.*s\n", (int) selected.size, selected.data); + } + + if (selected.size != strlen(protocol1) || memcmp(selected.data, protocol1, selected.size) != 0) { + fail("did not select the expected protocol (selected %.*s, expected %s)\n", selected.size, selected.data, protocol1); + exit(1); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *p1, const char *p2) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + server(fd[0], p1, p2); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], "unknown/1.4", p2, p1); + exit(0); + } +} + +void doit(void) +{ + start("h2", "http/1.1"); + start("spdy/2", "spdy/3"); + start("spdy/3", "spdy/2"); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-chain-unsorted.c b/tests/mini-chain-unsorted.c new file mode 100644 index 0000000..2ac949e --- /dev/null +++ b/tests/mini-chain-unsorted.c @@ -0,0 +1,366 @@ +/* + * Copyright (C) 2014 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* This program tests whether the import functions sort the + * chain. + */ + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned char server_cert_pem[] = +/* 0 */ "-----BEGIN CERTIFICATE-----\n" + "MIIDIzCCAgugAwIBAgIMVHc8lDcqr/T62g5oMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTIwIhgPMjAxNDExMjcxNTAwMzZaGA85OTk5MTIzMTIzNTk1OVow\n" + "EzERMA8GA1UEAxMIc2VydmVyLTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQCsfFrZmOxA7ijkppwPtakc8ecuBRr9Dr4pe/alC/OXVZsZlAlnR0xd53XF\n" + "uUPwo9Ga2q7iY8+8yPRNs8gfl6IrHvUUtaukWdMlQq5nhRFaPgOzHOEZGGEUk3UF\n" + "R/8lld6xQFoe7FvHwQ5cIkIl0cN/I4jiUb9fQhRwcBPjmQbCisYXUZDe8KtCnkjw\n" + "ZZfOp7UclWPm+hv4G3cfeRUUis0Xf8sScjLAam7ojkGL9CeETXl1JGSqqmVN7svN\n" + "yDsiQebCSrA4wCt+ENe9rE6Cme6dEv+U4lyx4oijn4sNvPwwgmu+/g6XjhE6IWBL\n" + "kWXLJ1K4rixbqt3d3+H7IAFiX99bAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYD\n" + "VR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFNt6\n" + "DwawLeNaZ+5LMNBdeTVWZsmOMB8GA1UdIwQYMBaAFCjlkQq5yKVHzXPQLahHCcmS\n" + "AJRpMA0GCSqGSIb3DQEBCwUAA4IBAQClbMnEQpHwwqcdrGKiNXQYyJDClVfQFTlh\n" + "fTU2qUx8gfyP+1yR0lqsdremSzSjLPM6LmcJLAdu7GhL32Lc3068CCzDtd6vJDGf\n" + "vO1eudcixbAf7NuELCZM08wLuJvKQFlNYFSVZSb04habhcwgowsiy0YC+dF9XQKa\n" + "5YDGvOuMTqqKt5Wph+izCGQ+6WyRZQp2CIFWo0vBCYFaslaA/TBnsldIuACJFmg9\n" + "kmspW97ROmNr1jfQNyBVWjd1EER80zZCngXq4+JnP1tppJNcYFhHeqSGQCqASehY\n" + "CC7ITbKAK8IdwU4gVk7R92rOKyrFPimc1UwObNpxbL5jizZqemW7\n" + "-----END CERTIFICATE-----\n" +/* 3 */ "-----BEGIN CERTIFICATE-----\n" + "MIIC9TCCAd2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCIYDzIwMTQxMTI3MTUwMDM2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" + "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC16A/jNGbd6oP3\n" + "t/neq6hlWopjKEPnM9FMZgPSNVsKtQEb1dOx2EDCuP3rC2POogAjo0NuE/SZtM0N\n" + "Nyf+X3QdjwcFdugMLTXGmGlEhCeWhSEjLwrd6eapdHzwpV0Ag22CvzoKEQenu92+\n" + "TI1MN/1j3XOgnOP3t4q5TeSZn7XtAMCBqt9b+LJT5XJ/sF6b1sH803HqV3CZ6ga+\n" + "kFY+uDcpImQEJNZi/B1xYObSHF+frg4SyeqjxiV9vmFHhRgLmD96iVukQTC/RPX3\n" + "ntl0wGBjpmglUVdcAJdZL7L2um1T1n3u+jS3U5FW7+MOnnTGqRT2pcYtHHLg2GDf\n" + "SSUpeuphAgMBAAGjWDBWMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n" + "BQUHAwkwDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQU1aTwaphaQJeRY+IF9NNT\n" + "mHHpIQ0wDQYJKoZIhvcNAQELBQADggEBAGUjVPu4aeel7UmgUvjBEpGbw6j9wKRL\n" + "4vVgGllKWH0diISEjPcJv0dTDJs4ZbY7KAEc4DRCl1QwNFsuASP5BlMSrWo+eGiC\n" + "oxsndY2EIpHAheLHXkVwbOwM5VRN2IhlcmVtHM370luvJjNa1MXy1p1/VEjGS794\n" + "FgtMOm9yILCM8WqwRHOY/mAOu/9iY/Zfqfobm+IfqgBmQMOLAIMKJffh15meTDRi\n" + "W3QXdf/khr1T3JEJ55t1WxcC1cWV4FnecUU4wlKs1mBghV+/8cgbYjoIdUAsYsdv\n" + "SjySP3B65XXw9G3MmHOjNoRpF7Oeea8tN+zxw3xFx/a9Uq19BdOlrHE=\n" + "-----END CERTIFICATE-----\n" +/* 1 */ "-----BEGIN CERTIFICATE-----\n" + "MIIDFjCCAf6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0x\n" + "MCIYDzIwMTQxMTI3MTUwMDM2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" + "BENBLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOnFo6ntaysv14\n" + "ewFwkm+mbE/8hEiZEcMNnWNSJb9tgpATLgu9LefStzRIvzns4OyLL77TEz8Gl8gJ\n" + "syfba2aIKxLveO1jpqQSfkcVlufa/GHspPKMkHMjz1UB+fQEAazAjVKHoofemKxW\n" + "0TtLeuL0LoE4g452Yy60vxRNwOs7WPZ5lktIQTYZTYcEjiiVlrRXXGgo9qCSfG4n\n" + "B+TmlraGHHPlKINcsOJnZOOZ6qHx+ZpqeCvuD7apiPcVzfLhxdJFoznY4r/bdCZT\n" + "ehChrKCYk5DmaPRBW0TLWoYrny745SG9U8XzTkKYaCDLhyMvn1oMrRVdbwO3/e6q\n" + "DbEvbpUrAgMBAAGjeTB3MA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n" + "BQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUKOWRCrnIpUfNc9AtqEcJ\n" + "yZIAlGkwHwYDVR0jBBgwFoAUarsjXomEecxGrV0LDBX8Dy+vh68wDQYJKoZIhvcN\n" + "AQELBQADggEBAKgo2SIyLywamhcqLnhxCXgx0SHJgmEVD7CvPgTISZisg5yMS77G\n" + "WqtHbyo7kOYIjbrzVRGOsijKmgCgqNTQXSMbWUfDOV93q82nV0bjQtnvZKMc0+OM\n" + "/cB5PA7BFKvVrpYGefFQtrgkFhHSoUwDtpJAdYJPWgUMiqpvDuQdD/d6FQ18rb7w\n" + "QuIIvUeHaawm8HLrJ5JZoy7BnryY4SEFqGSTeNWp4CyeTeQPAcCdZ3NlnSDV1RM2\n" + "QelcD8S6GAp8l8LcF1zqiaoqWVYdeVnO6Doabx/IP7ZxctcdaEAdUQYjJ/dG3A2p\n" + "wpf3tVoOBKFByhdBrz7uda09sq57+AmvQdk=\n" + "-----END CERTIFICATE-----\n" +/* 2 */ "-----BEGIN CERTIFICATE-----\n" + "MIIDFjCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCIYDzIwMTQxMTI3MTUwMDM2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" + "BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDft9fjnipXU+WO\n" + "NsIhqVgTkwQPWklvuJbAphYa0oCm/+S0dvalVEq9RMqV+sUtqrZ55LsHxvtD1iu9\n" + "03kf/FcqaAjSVZBt6n8JIfl4xyi//FYizamm2KEsBCEsUCH6iJGMGXfYAWgpMJ/6\n" + "yHwikBDI0Ea5ckIW58eWHI6Hmd11DTSy6OGNnOFqyEe3S/m1zTtNNGiA0VcSyAjg\n" + "98zaWGQHaQuqczqfoMz0dB5ly0mw2LfVxCPM8Z8xH1S9TNVqWnKu483Gp+2TkeKl\n" + "bJ5dI1XMihaxFq6xf9OsULGtMd8biRNxl8f8zsfd0A9LoPJWKdp345OJ33ULwogI\n" + "M6kUMw63AgMBAAGjeTB3MA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n" + "BQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUarsjXomEecxGrV0LDBX8\n" + "Dy+vh68wHwYDVR0jBBgwFoAU1aTwaphaQJeRY+IF9NNTmHHpIQ0wDQYJKoZIhvcN\n" + "AQELBQADggEBALGbNfhgr46cnDIbvPxXmNmMm840oVc9n5pW4be9emTWO67zkqll\n" + "KBjLbEAZTVSsjqPh8357iR5nVAen23eVYD5eGkuDZZAP3kvfVNVNCTQAEm0XDAse\n" + "kxbxL0ZWezMbC/U8R3tFSDZOCb/bM+wCKg1hX5My0+utKAmhbwlYQY9fKyhZCUdv\n" + "GnO3f5JInJDH2FmG80RouZ8Av6CjOwfChz+SPTgrMsbTugYWX9SVQ8oRF+N7cudC\n" + "7XlvScNQKlbzmMl2zLQOrL78djCLVdU70bZcpq1o7L/R59YNAB+4fGH8rTWZMYQB\n" + "rSoCPlyNAYAqMPXPsUFV/ngeYNSbpTz3SGA=\n" + "-----END CERTIFICATE-----\n" + "\n"; + +const gnutls_datum_t server_cert = { + server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEowIBAAKCAQEArHxa2ZjsQO4o5KacD7WpHPHnLgUa/Q6+KXv2pQvzl1WbGZQJ\n" + "Z0dMXed1xblD8KPRmtqu4mPPvMj0TbPIH5eiKx71FLWrpFnTJUKuZ4URWj4Dsxzh\n" + "GRhhFJN1BUf/JZXesUBaHuxbx8EOXCJCJdHDfyOI4lG/X0IUcHAT45kGworGF1GQ\n" + "3vCrQp5I8GWXzqe1HJVj5vob+Bt3H3kVFIrNF3/LEnIywGpu6I5Bi/QnhE15dSRk\n" + "qqplTe7Lzcg7IkHmwkqwOMArfhDXvaxOgpnunRL/lOJcseKIo5+LDbz8MIJrvv4O\n" + "l44ROiFgS5FlyydSuK4sW6rd3d/h+yABYl/fWwIDAQABAoIBAQCL0vc25C/I5wfB\n" + "a4qhdYsVCsh0VvEs6TGgoXwtCYY7TMtBre79iR/QE902HtyDi9lT5ijVH0J88I6T\n" + "GsWFTr/Iovzb//WXcrWmw+prwsRxWkpXfXbAiDHSo0K+uEGOr3JqUBd+b+5q/QZu\n" + "C9uBmw0W2LCTft9bEk9NYp3M5/VB6DaQbk//b7E9KFc7nFgzeQaSYHu9NBSLGZ2e\n" + "HqvzotiwlI6yfWTPm/esipXWaB4zqesx0TedoNK9SUAFdFBEHTyqm5RoGotjNLoM\n" + "bN08Fj3qOJekjPGBrMu37UKoRGdaTyPlmCGZ0+HN2F4kuaUGE8HHnUU3VIA3lTMh\n" + "LGt8jYpxAoGBAMsr8XlLsGFUgntHbCe5GhNKd9RJtRH1+zNw88ilfjttpxjggcL7\n" + "KGbcCK1VOhuD0Ud1pTklYFOUckZY6y1b4nUkp5SG4w8OiIcIZeE9erKwprnHa9RF\n" + "cewMtYhJ68evPrbM9UHEkTbdNBI4Cv561cY80pnsMTxy9al/aM23SLIJAoGBANlV\n" + "0J/lUuA4Lsvrtu/IriwUguMIBw7hC5gBIU58K9Xpo6fr55VTt6OALDrY5zbCPf38\n" + "pGMZgPsP3FG61BycA7jWB01Y++3COYKNKQtddWuY0SqCVS7Mdt6DwpYwUD7gRDY3\n" + "aIHMUP45glYEVnHgpwNM09f+ldiK4TnCJuKYRM9DAoGAYM3NPlf78EQN76M2Oy8M\n" + "54gh1DpSVf539CirXzzLCpHSfh3qdfapZ2kLkVr8VsPV4VCCqtnOLcSbNj2DwJb5\n" + "LYuLdU9XvILWNlCgClP6tE1LA1WrYPa9sxTTId7mwrwTC5JYgT+hWRzIhK3DP0FT\n" + "viKYzdImG4FC38HfM7VSo9ECgYBiP+wnTKlxmZR2NWIm9ibe4IrnDYr7S/tMxT4E\n" + "WBgNBSkp0XiIxibfcCMOm12zII6b0mmSL0ZiuSHVhMs8/76jAYadjdud+U68WQo0\n" + "DBT4BkaQnAjcNiyKnTALa13rfsD3bYb+HpqCwwbL0fwuUOvPjxy5qWqeUPJOhRnF\n" + "GCcLNwKBgHtDlVG5lJqtNty4aL9oBgcP0VcY/73Dx+l25DhprdlTHsjg+ue0rpjA\n" + "ieq7o2hENu6MA1AQ8o+BP6SlRuhYmvzh7vVbs3qFjnslaMCveHZDITN/0NJqF9xO\n" + "IeKrLzOIboyQw/sMSrPIPYILgXP0YnueteOgPUSZEcrqPIJI08Sb\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + + +/* A very basic TLS client, with anonymous authentication. + */ + +#define MAX_BUF 1024 + +static void client(int fd) +{ + int ret; + const char *p; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + ret = + gnutls_priority_set_direct(session, + "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", + &p); + if (ret < 0) { + fail("error in setting priority: %s\n", p); + exit(1); + } + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + if (debug) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + } + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void server(int fd) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", + NULL); + + if (debug) { + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("server: gnutls_certificate_set_x509_key_mem: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(void) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[0]); + client(fd[1]); + waitpid(-1, NULL, 0); + //kill(child, SIGTERM); + } else { + close(fd[1]); + server(fd[0]); + exit(0); + } +} + +static void ch_handler(int sig) +{ + int status = 0; + + waitpid(-1, &status, 0); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start(); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-dtls-discard.c b/tests/mini-dtls-discard.c new file mode 100644 index 0000000..7b0d23e --- /dev/null +++ b/tests/mini-dtls-discard.c @@ -0,0 +1,305 @@ +/* + * Copyright (C) 2014 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +#define TXT1 "hello there" +#define TXT1_SIZE (sizeof(TXT1)-1) + +#define TXT2 "2hello there" +#define TXT2_SIZE (sizeof(TXT2)-1) + +static void terminate(void); + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + static int counter = 0; + + if (counter % 2 == 0) { + errno = EAGAIN; + counter++; + return -1; + } + return send(fd, data, len, 0); +} + +static void client(int fd, const char *prio) +{ + int ret; + gnutls_anon_client_credentials_t anoncred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_transport_set_push_function(session, push); + do { + ret = gnutls_record_send(session, TXT1, TXT1_SIZE); + if (ret == GNUTLS_E_AGAIN) { + if (debug) success("discarding\n"); + gnutls_record_discard_queued(session); + } + + } while (ret == GNUTLS_E_INTERRUPTED); + + do { + ret = gnutls_record_send(session, TXT2, TXT2_SIZE); + } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + gnutls_anon_server_credentials_t anoncred; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret != TXT2_SIZE || memcmp(buffer, TXT2, TXT2_SIZE) != 0) { + fail("didn't receive the expected data!\n"); + terminate(); + } + + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: data sending has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void start(const char *prio) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + server(fd[0], prio); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } +} + +void doit(void) +{ + start("NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"); + start("NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-dtls-fork.c b/tests/mini-dtls-fork.c new file mode 100644 index 0000000..f7b0ee7 --- /dev/null +++ b/tests/mini-dtls-fork.c @@ -0,0 +1,384 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +# include +#endif +#include "utils.h" + +#ifdef _WIN32 + +void doit(void) +{ + exit(77); +} + +#else + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +/* Tests whether we can send and receive from different processes + * using DTLS, either as server or client. DTLS is a superset of + * TLS, so correct behavior under fork means TLS would operate too. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\n" + "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\n" + "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\n" + "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\n" + "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\n" + "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\n" + "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\n" + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\n" + "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\n" + "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\n" + "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\n" + "fGa5kHvHARBPc8YAIVIqDvHH1Q==\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN EC PRIVATE KEY-----\n" + "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\n" + "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\n" + "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\n" + "-----END EC PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +#define MSG "hello1111" +#define MSG2 "xxxxxxxxxxxx" + +static +void do_fork_stuff(gnutls_session_t session) +{ + pid_t pid; + int ret; + char buf[64]; + + /* separate sending from receiving */ + pid = fork(); + if (pid == -1) { + exit(1); + } else if (pid != 0) { + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + sec_sleep(1); + /* the server should reflect our messages */ + ret = gnutls_record_recv(session, buf, sizeof(buf)); + if (ret != sizeof(MSG)-1 || memcmp(buf, MSG, sizeof(MSG)-1) != 0) { + fail("client: recv failed: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (debug) { + fprintf(stderr, "client received: %.*s\n", ret, buf); + } + + ret = gnutls_record_recv(session, buf, sizeof(buf)); + if (ret != sizeof(MSG2)-1 || memcmp(buf, MSG2, sizeof(MSG2)-1) != 0) { + fail("client: recv2 failed: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (debug) { + fprintf(stderr, "client received: %.*s\n", ret, buf); + } + + ret = gnutls_record_recv(session, buf, sizeof(buf)); + if (ret != 0) { + fail("client: recv3 failed: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else if (pid == 0) { /* child */ + ret = gnutls_record_send(session, MSG, sizeof(MSG)-1); + if (ret != sizeof(MSG)-1) { + fail("client: send failed: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_record_send(session, MSG2, sizeof(MSG2)-1); + if (ret != sizeof(MSG2)-1) { + fail("client: send2 failed: %s\n", gnutls_strerror(ret)); + exit(1); + } + sec_sleep(2); + gnutls_bye(session, GNUTLS_SHUT_WR); + } +} + +static void do_reflect_stuff(gnutls_session_t session) +{ + char buf[64]; + unsigned buf_size; + int ret; + + do { + ret = gnutls_record_recv(session, buf, sizeof(buf)); + if (ret < 0) { + fail("server: recv failed: %s\n", gnutls_strerror(ret)); + terminate(); + } + + if (ret == 0) + break; + + buf_size = ret; + if (debug) { + fprintf(stderr, "server received: %.*s\n", buf_size, buf); + } + + ret = gnutls_record_send(session, buf, buf_size); + if (ret < 0) { + fail("server: send failed: %s\n", gnutls_strerror(ret)); + terminate(); + } + } while(1); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); +} + +static void client(int fd, unsigned do_fork) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + side = "client"; + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + gnutls_dtls_set_timeouts(session, get_dtls_retransmit_timeout(), get_timeout()); + //gnutls_transport_set_push_function(session, push); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (do_fork) + do_fork_stuff(session); + else + do_reflect_stuff(session); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + exit(0); +} + + +static void server(int fd, unsigned do_fork) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + +#if 0 + if (debug) { + side = "server"; + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4711); + } +#endif + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_dtls_set_timeouts(session, get_dtls_retransmit_timeout(), get_timeout()); + gnutls_dtls_set_mtu(session, 400); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL", + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (do_fork) + do_fork_stuff(session); + else + do_reflect_stuff(session); + + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void run(unsigned do_fork) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + close(fd[1]); + client(fd[0], do_fork); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1], 1-do_fork); + exit(0); + } +} + +void doit(void) +{ + signal(SIGPIPE, SIG_IGN); + run(0); + run(1); +} +#endif /* _WIN32 */ diff --git a/tests/mini-dtls-heartbeat.c b/tests/mini-dtls-heartbeat.c new file mode 100644 index 0000000..c5ca28b --- /dev/null +++ b/tests/mini-dtls-heartbeat.c @@ -0,0 +1,351 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests the rehandshake in DTLS + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +/* A very basic DTLS client, with anonymous authentication, that exchanges heartbeats. + */ + +#define MAX_BUF 1024 + + +static void client(int fd, int server_init) +{ + gnutls_session_t session; + int ret, ret2; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND); + gnutls_dtls_set_mtu(session, 1500); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: DTLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (!server_init) { + do { + ret = + gnutls_record_recv(session, buffer, + sizeof(buffer)); + + if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED) { + if (debug) + success + ("Ping received. Replying with pong.\n"); + ret2 = gnutls_heartbeat_pong(session, 0); + if (ret2 < 0) { + fail("pong: %s\n", + gnutls_strerror(ret)); + exit(1); + } + } + } + while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED); + + if (ret < 0) { + fail("recv: %s\n", gnutls_strerror(ret)); + exit(1); + } + } else { + do { + ret = + gnutls_heartbeat_ping(session, 256, 5, + GNUTLS_HEARTBEAT_WAIT); + + if (debug) + success("Ping sent.\n"); + } + while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("ping: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + + + +static gnutls_session_t initialize_tls_session(void) +{ + gnutls_session_t session; + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + return session; +} + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, int server_init) +{ + int ret, ret2; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + session = initialize_tls_session(); + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + if (server_init) { + do { + ret = + gnutls_record_recv(session, buffer, + sizeof(buffer)); + + if (ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED) { + if (debug) + success + ("Ping received. Replying with pong.\n"); + ret2 = gnutls_heartbeat_pong(session, 0); + if (ret2 < 0) { + fail("pong: %s\n", + gnutls_strerror(ret)); + terminate(); + } + } + } + while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED + || ret == GNUTLS_E_HEARTBEAT_PING_RECEIVED); + } else { + do { + ret = + gnutls_heartbeat_ping(session, 256, 5, + GNUTLS_HEARTBEAT_WAIT); + + if (debug) + success("Ping sent.\n"); + } + while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("ping: %s\n", gnutls_strerror(ret)); + terminate(); + } + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(int server_initiated) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + server(fd[0], server_initiated); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], server_initiated); + exit(0); + } +} + +void doit(void) +{ + start(0); + start(1); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-dtls-hello-verify-48.c b/tests/mini-dtls-hello-verify-48.c new file mode 100644 index 0000000..3594f7c --- /dev/null +++ b/tests/mini-dtls-hello-verify-48.c @@ -0,0 +1,311 @@ +/* + * Copyright (C) 2013-2015 Nikos Mavrogiannopoulos + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +/* This checks the proper behavior of the client when + * invalid data are sent by the server in the hello verify + * request. + */ + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + + return send(fd, data, len, 0); +} + +static void client(int fd) +{ + int ret; + gnutls_anon_client_credentials_t anoncred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + success("client: Handshake failed as expected\n"); + gnutls_perror(ret); + goto exit; + } else { + fail("client: Handshake completed unexpectedly\n"); + goto exit; + } + + exit: + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +#define CLI_ADDR (void*)"test" +#define CLI_ADDR_LEN 4 + +static +ssize_t recv_timeout(int sockfd, void *buf, size_t len, unsigned flags, unsigned sec) +{ +int ret; +struct timeval tv; +fd_set set; + + tv.tv_sec = sec; + tv.tv_usec = 0; + + FD_ZERO(&set); + FD_SET(sockfd, &set); + + do { + ret = select(sockfd + 1, &set, NULL, NULL, &tv); + } while (ret == -1 && errno == EINTR); + + if (ret == -1 || ret == 0) { + errno = ETIMEDOUT; + return -1; + } + + return recv(sockfd, buf, len, flags); +} + +#define SERV_TIMEOUT 30 + +static void server(int fd) +{ + int ret, csend = 0; + gnutls_anon_server_credentials_t anoncred; + char buffer[MAX_BUF + 1]; + gnutls_datum_t cookie_key; + gnutls_dtls_prestate_st prestate; + gnutls_session_t session; + unsigned try = 0; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + ret = gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE); + if (ret < 0) { + fail("Cannot generate key: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_handshake_set_timeout(session, SERV_TIMEOUT * 1000); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + for (;;) { + ret = recv_timeout(fd, buffer, sizeof(buffer), MSG_PEEK, SERV_TIMEOUT); + if (ret < 0) { + if (try != 0) { + success("Server was terminated as expected!\n"); + goto exit; + } else { + fail("Error receiving first message\n"); + exit(1); + } + } + try++; + + memset(&prestate, 0, sizeof(prestate)); + prestate.record_seq = 105791312; + prestate.hsk_write_seq = 67166359; + ret = + gnutls_dtls_cookie_verify(&cookie_key, CLI_ADDR, + CLI_ADDR_LEN, buffer, ret, + &prestate); + if (ret < 0) { /* cookie not valid */ + if (debug) + success("Sending hello verify request\n"); + + ret = + gnutls_dtls_cookie_send(&cookie_key, CLI_ADDR, + CLI_ADDR_LEN, + &prestate, + (gnutls_transport_ptr_t) + (long) fd, push); + if (ret < 0) { + fail("Cannot send data\n"); + exit(1); + } + + /* discard peeked data */ + recv_timeout(fd, buffer, sizeof(buffer), 0, SERV_TIMEOUT); + csend++; + + if (csend > 2) { + fail("too many cookies sent\n"); + exit(1); + } + + continue; + } + + /* success */ + break; + } + + fail("Shouldn't have reached here\n"); + exit(1); + exit: + gnutls_deinit(session); + gnutls_free(cookie_key.data); + + gnutls_anon_free_server_credentials(anoncred); + + gnutls_global_deinit(); +} + +void doit(void) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + client(fd[0]); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/mini-dtls-hello-verify.c b/tests/mini-dtls-hello-verify.c new file mode 100644 index 0000000..8019313 --- /dev/null +++ b/tests/mini-dtls-hello-verify.c @@ -0,0 +1,351 @@ +/* + * Copyright (C) 2013 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests the client hello verify in DTLS + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* A very basic TLS client, with anonymous authentication. + */ + +#define MAX_BUF 1024 + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + + return send(fd, data, len, 0); +} + +static void client(int fd) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +#define CLI_ADDR (void*)"test" +#define CLI_ADDR_LEN 4 + +static void server(int fd) +{ + int ret, csend = 0; + gnutls_anon_server_credentials_t anoncred; + char buffer[MAX_BUF + 1]; + gnutls_datum_t cookie_key; + gnutls_dtls_prestate_st prestate; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + ret = gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE); + if (ret < 0) { + fail("Cannot generate key: %s\n", gnutls_strerror(ret)); + terminate(); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + for (;;) { + ret = recv(fd, buffer, sizeof(buffer), MSG_PEEK); + if (ret < 0) { + fail("Cannot receive data\n"); + terminate(); + } + + memset(&prestate, 0, sizeof(prestate)); + ret = + gnutls_dtls_cookie_verify(&cookie_key, CLI_ADDR, + CLI_ADDR_LEN, buffer, ret, + &prestate); + if (ret < 0) { /* cookie not valid */ + if (debug) + success("Sending hello verify request\n"); + + ret = + gnutls_dtls_cookie_send(&cookie_key, CLI_ADDR, + CLI_ADDR_LEN, + &prestate, + (gnutls_transport_ptr_t) + (long) fd, push); + if (ret < 0) { + fail("Cannot send data\n"); + terminate(); + } + + /* discard peeked data */ + recv(fd, buffer, sizeof(buffer), 0); + csend++; + + if (csend > 2) { + fail("too many cookies sent\n"); + terminate(); + } + + continue; + } + + /* success */ + break; + } + + gnutls_dtls_prestate_set(session, &prestate); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + do { + ret = gnutls_record_send(session, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: data sending has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_free(cookie_key.data); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +void doit(void) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + server(fd[0]); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/mini-dtls-large.c b/tests/mini-dtls-large.c new file mode 100644 index 0000000..96e2a15 --- /dev/null +++ b/tests/mini-dtls-large.c @@ -0,0 +1,353 @@ +/* + * Copyright (C) 2013 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests large packet sending in DTLS + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +/* A very basic DTLS client, with anonymous authentication, that exchanges heartbeats. + */ + +#define MAX_BUF 24*1024 +#define MAX_MTU 20*1024 + +static void client(int fd) +{ + gnutls_session_t session; + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND); + gnutls_dtls_set_mtu(session, 1500); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: DTLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } + while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED || ret > 0); + + if (ret < 0) { + fail("recv: %s\n", gnutls_strerror(ret)); + exit(1); + } + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + +static void terminate(void) +{ + int status; + + kill(child, SIGTERM); + wait(&status); +} + +static void server(int fd) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + terminate(); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + /* avoid uninitialized warnings */ + memset(buffer, 1, sizeof(buffer)); + + ret = + gnutls_record_send(session, buffer, + gnutls_dtls_get_data_mtu(session) + 12); + if (ret != GNUTLS_E_LARGE_PACKET) { + terminate(); + fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + } + + ret = + gnutls_record_send(session, buffer, + gnutls_dtls_get_data_mtu(session) + 5048); + if (ret != GNUTLS_E_LARGE_PACKET) { + terminate(); + fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + } + + ret = + gnutls_record_send(session, buffer, + gnutls_dtls_get_data_mtu(session)); + if (ret < 0) { + terminate(); + fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + } + + gnutls_dtls_set_mtu(session, MAX_MTU); + ret = + gnutls_record_send(session, buffer, + gnutls_dtls_get_data_mtu(session) + 12); + if (ret != GNUTLS_E_LARGE_PACKET) { + terminate(); + fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + } + + ret = + gnutls_record_send(session, buffer, + gnutls_dtls_get_data_mtu(session) + 5048); + if (ret != GNUTLS_E_LARGE_PACKET) { + terminate(); + fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + } + + ret = + gnutls_record_send(session, buffer, + gnutls_dtls_get_data_mtu(session)); + if (ret > 16384 || ret < 0) { + terminate(); + fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + } + + /* test cork and uncork */ + gnutls_record_cork(session); + + ret = + gnutls_record_send(session, buffer, + gnutls_dtls_get_data_mtu(session)); + if (ret < 0) { + terminate(); + fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + } + + ret = gnutls_record_uncork(session, 0); + if (ret < 0) { + terminate(); + fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + } + + gnutls_record_cork(session); + + ret = + gnutls_record_send(session, buffer, + gnutls_dtls_get_data_mtu(session) - 16); + if (ret < 0) { + terminate(); + fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + } + + ret = + gnutls_record_send(session, buffer, + gnutls_dtls_get_data_mtu(session)); + if (ret != GNUTLS_E_LARGE_PACKET) { + terminate(); + fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + } + + ret = gnutls_record_uncork(session, GNUTLS_RECORD_WAIT); + if (ret < 0) { + terminate(); + fail("send[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(void) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + server(fd[0]); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +void doit(void) +{ + start(); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-dtls-lowmtu.c b/tests/mini-dtls-lowmtu.c new file mode 100644 index 0000000..6f8da5c --- /dev/null +++ b/tests/mini-dtls-lowmtu.c @@ -0,0 +1,340 @@ +/* + * Copyright (C) 2014 Red Hat + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +/* This tests the behavior of server in a low-mtu case scenario */ + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests the robustness of record + * decoding. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\n" + "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\n" + "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\n" + "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\n" + "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\n" + "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\n" + "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\n" + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\n" + "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\n" + "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\n" + "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\n" + "fGa5kHvHARBPc8YAIVIqDvHH1Q==\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN EC PRIVATE KEY-----\n" + "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\n" + "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\n" + "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\n" + "-----END EC PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + + +/* A very basic TLS client, with anonymous authentication. + */ + +#define MAX_BUF 1024 + +static int mtu = 0; + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(6); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); +// gnutls_dtls_set_mtu(session, 104); + + /* Use default priorities */ + gnutls_priority_set_direct(session, prio, NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(6); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 104); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + mtu = gnutls_dtls_get_mtu(session); + + do { + ret = + gnutls_record_send(session, buffer, + gnutls_dtls_get_data_mtu(session)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) { + fail("Error sending packet: %s\n", + gnutls_strerror(ret)); + terminate(); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *prio) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } +} + +#define AES_GCM "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+ECDHE-ECDSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + + start(AES_GCM); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-dtls-mtu.c b/tests/mini-dtls-mtu.c new file mode 100644 index 0000000..d48c328 --- /dev/null +++ b/tests/mini-dtls-mtu.c @@ -0,0 +1,315 @@ +/* + * Copyright (C) 2014 Nikos Mavrogiannopoulos, Andreas Schultz + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include "utils.h" + +#define SERVER_MTU 500 + +#ifdef _WIN32 + +void doit(void) +{ + exit(77); +} + +#else + +#include + +/* Tests whether packing multiple DTLS records in a single UDP packet + * will be handled correctly. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\n" + "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\n" + "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\n" + "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\n" + "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\n" + "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\n" + "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\n" + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\n" + "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\n" + "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\n" + "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\n" + "fGa5kHvHARBPc8YAIVIqDvHH1Q==\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN EC PRIVATE KEY-----\n" + "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\n" + "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\n" + "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\n" + "-----END EC PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static int client_pull_timeout(gnutls_transport_ptr_t ptr, unsigned int ms) +{ + fd_set rfds; + struct timeval tv; + int ret; + int fd = (long int)ptr; + + FD_ZERO(&rfds); + FD_SET(fd, &rfds); + + tv.tv_sec = (ms / 1000); + tv.tv_usec = (ms % 1000) * 1000; + + ret = select(fd + 1, &rfds, NULL, NULL, &tv); + if (ret <= 0) + return ret; + + return ret; +} + +static ssize_t client_pull(gnutls_transport_ptr_t ptr, void *data, size_t len) +{ + int fd = (long int)ptr; + ssize_t ret; + + ret = recv(fd, data, len, 0); + if (ret > SERVER_MTU) { + fail("client: packet size beyond server MTU, got %d bytes, expect max. %d bytes\n", (int)ret, SERVER_MTU); + exit(1); + } + + return ret; +} + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + side = "client"; + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_pull_function(session, client_pull); + gnutls_transport_set_pull_timeout_function(session, client_pull_timeout); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + side = "server"; + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_dtls_set_mtu(session, SERVER_MTU); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL", + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + + + +void doit(void) +{ + int fd[2]; + int err; + + err = socketpair(AF_UNIX, SOCK_DGRAM, 0, fd); + if (err == -1) { + perror("socketpair"); + fail("socketpair"); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + close(fd[0]); + server(fd[1]); + wait(&status); + check_wait_status(status); + } else { + close(fd[1]); + client(fd[0]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/mini-dtls-record-asym.c b/tests/mini-dtls-record-asym.c new file mode 100644 index 0000000..59e7467 --- /dev/null +++ b/tests/mini-dtls-record-asym.c @@ -0,0 +1,361 @@ +/* + * Copyright (C) 2014 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" + +#ifdef _WIN32 + +void doit(void) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include + +/* Tests whether packing multiple DTLS records in a single UDP packet + * will be handled correctly, as well as an asymmetry in MTU sizes + * between server and client. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static ssize_t push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + static uint8_t buffer[6 * 1024]; + static unsigned buffer_size = 0; + const uint8_t *d = data; + int fd = (long int)tr; + int ret; + + if (buffer_size + len > sizeof(buffer)) { + abort(); + } + + memcpy(&buffer[buffer_size], data, len); + buffer_size += len; + + if (d[0] == 22) { /* handshake */ + if (d[13] == GNUTLS_HANDSHAKE_CERTIFICATE_PKT || + d[13] == GNUTLS_HANDSHAKE_CERTIFICATE_STATUS || + d[13] == GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE || + d[13] == GNUTLS_HANDSHAKE_SERVER_HELLO || + d[13] == GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST || + d[13] == GNUTLS_HANDSHAKE_NEW_SESSION_TICKET || + d[13] == GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY || + d[13] == GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE) { + + if (debug) + fprintf(stderr, "caching: %s (buffer: %d)\n", + gnutls_handshake_description_get_name(d[13]), + buffer_size); + return len; + } else if (debug) { + fprintf(stderr, "sending: %s\n", + gnutls_handshake_description_get_name(d[13])); + + } + } + + if (debug) + fprintf(stderr, "sending %d bytes\n", (int)buffer_size); + ret = send(fd, buffer, buffer_size, 0); + if (ret >= 0) { + if (debug) + fprintf(stderr, "reset cache\n"); + buffer_size = 0; + } + return len; +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\n" + "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\n" + "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\n" + "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\n" + "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\n" + "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\n" + "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\n" + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\n" + "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\n" + "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\n" + "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\n" + "fGa5kHvHARBPc8YAIVIqDvHH1Q==\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN EC PRIVATE KEY-----\n" + "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\n" + "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\n" + "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\n" + "-----END EC PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static void client(int fd, unsigned cache) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + unsigned int timeout; + + global_init(); + + if (debug) { + side = "client"; + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + gnutls_dtls_set_timeouts(session, get_dtls_retransmit_timeout(), get_timeout()); + //gnutls_transport_set_push_function(session, push); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS-ALL:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + timeout = get_timeout(); + if (timeout > INT_MAX) + fail("invalid timeout value\n"); + + /* Perform the TLS handshake + */ + do { + struct pollfd pfd; + + ret = gnutls_handshake(session); + + if (ret == GNUTLS_E_AGAIN && gnutls_record_get_direction(session) == 0) { + int rv; + pfd.fd = fd; + pfd.events = POLLIN; + pfd.revents = 0; + + do { + rv = poll(&pfd, 1, (int)timeout); + } while (rv == -1 && errno == EINTR); + + if (rv == -1) + perror("poll()"); + else if (!rv) + fail("test %d: No data were received.\n", cache); + } + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, unsigned cache) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + +#if 0 + if (debug) { + side = "server"; + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4711); + } +#endif + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_dtls_set_timeouts(session, get_dtls_retransmit_timeout(), get_timeout()); + gnutls_dtls_set_mtu(session, 400); + if (cache != 0) + gnutls_transport_set_push_function(session, push); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-ECDSA:+CURVE-ALL", + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void run(unsigned cache) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + close(fd[1]); + client(fd[0], cache); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1], cache); + exit(0); + } +} + +void doit(void) +{ + signal(SIGPIPE, SIG_IGN); + run(0); + run(1); +} +#endif /* _WIN32 */ diff --git a/tests/mini-dtls-record.c b/tests/mini-dtls-record.c new file mode 100644 index 0000000..83d4900 --- /dev/null +++ b/tests/mini-dtls-record.c @@ -0,0 +1,406 @@ +/* + * Copyright (C) 2012-2013 Free Software Foundation, Inc. + * Copyright (C) 2013 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static int test_finished = 0; +static void terminate(void); + +/* This program tests whether messages in DTLS are received + * with the expected sequence. That is whether the message + * sequence numbers returned correspond to the received messages. + */ + +/* +static void +tls_audit_log_func (gnutls_session_t session, const char *str) +{ + fprintf (stderr, "|<%p>| %s", session, str); +} +*/ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +/* A test client/server app for DTLS duplicate packet detection. + */ + +#define MAX_BUF 1024 + +#define MAX_SEQ 128 + +static int msg_seq[] = + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 10, 16, 5, 32, 11, 11, 11, 11, 12, + 10, 13, 14, 15, 16, 17, 19, 20, 18, 22, 24, 23, 25, 26, 27, 29, 28, + 29, 29, 30, 31, 32, 33, 34, 35, 37, 36, 38, 39, 42, 37, 40, 41, 41, + -1 +}; + +static unsigned int current = 0; +static unsigned int pos = 0; + +unsigned char *stored_messages[MAX_SEQ]; +unsigned int stored_sizes[MAX_SEQ]; + +static ssize_t odd_push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + ssize_t ret; + unsigned i; + + if (msg_seq[current] == -1 || test_finished != 0) { + test_finished = 1; + return len; + } + + stored_messages[current] = malloc(len); + assert(stored_messages[current]); + memcpy(stored_messages[current], data, len); + stored_sizes[current] = len; + + if (pos != current) { + for (i = pos; i <= current; i++) { + if (stored_messages[msg_seq[i]] != NULL) { + do { + ret = + send((long int)tr, + stored_messages[msg_seq + [i]], + stored_sizes[msg_seq[i]], 0); + } + while (ret == -1 && (errno == EAGAIN || errno == EINTR)); + pos++; + } else + break; + } + } else if (msg_seq[current] == (int)current) { + do { + ret = send((long int)tr, data, len, 0); + } + while (ret == -1 && (errno == EAGAIN || errno == EINTR)); + + current++; + pos++; + + return ret; + } else if (stored_messages[msg_seq[current]] != NULL) { + do { + ret = + send((long int)tr, + stored_messages[msg_seq[current]], + stored_sizes[msg_seq[current]], 0); + } + while (ret == -1 && (errno == EAGAIN || errno == EINTR)); + current++; + pos++; + return ret; + } + + current++; + + return len; +} + +static ssize_t n_push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + return send((unsigned long)tr, data, len, 0); +} + +/* The first five messages are handshake. Thus corresponds to msg_seq+5 */ +static int recv_msg_seq[] = + { 1, 2, 3, 4, 5, 6, 12, 28, 7, 8, 9, 10, 11, 13, 15, 16, 14, 18, 20, + 19, 21, 22, 23, 25, 24, 26, 27, 29, 30, 31, 33, 32, 34, 35, 38, 36, 37, + -1 +}; + +static void client(int fd) +{ + gnutls_session_t session; + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + unsigned char seq[8]; + uint32_t useq; + + memset(buffer, 0, sizeof(buffer)); + + /* Need to enable anonymous KX specifically. */ + +/* gnutls_global_set_audit_log_function (tls_audit_log_func); */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(2); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_timeouts(session, get_dtls_retransmit_timeout(), get_timeout()); + gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND); + gnutls_dtls_set_mtu(session, 1500); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + gnutls_record_send(session, buffer, 1); + + if (debug) + success("client: DTLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + do { + ret = + gnutls_record_recv_seq(session, buffer, sizeof(buffer), + seq); + + if (ret > 0) { + useq = + seq[7] | (seq[6] << 8) | (seq[5] << 16) | + (seq[4] << 24); + + if (debug) + success("received %u\n", (unsigned int)useq); + + if (recv_msg_seq[current] == -1) { + fail("received message sequence differs\n"); + exit(1); + } + if (((uint32_t)recv_msg_seq[current]) != useq) { + fail("received message sequence differs (current: %u, got: %u, expected: %u)\n", + (unsigned)current, (unsigned)useq, (unsigned)recv_msg_seq[current]); + exit(1); + } + + current++; + } + } + while ((ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED + || ret > 0)); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + char c; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(2); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_dtls_set_timeouts(session, get_dtls_retransmit_timeout(), get_timeout()); + gnutls_transport_set_push_function(session, odd_push); + gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_record_recv(session, &c, 1); + do { + do { + ret = gnutls_record_send(session, &c, 1); + } + while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("send: %s\n", gnutls_strerror(ret)); + terminate(); + } + } + while (test_finished == 0); + + gnutls_transport_set_push_function(session, n_push); + do { + ret = gnutls_bye(session, GNUTLS_SHUT_WR); + } + while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(void) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + close(fd[1]); + server(fd[0]); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +void doit(void) +{ + start(); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-dtls-srtp.c b/tests/mini-dtls-srtp.c new file mode 100644 index 0000000..1d40d73 --- /dev/null +++ b/tests/mini-dtls-srtp.c @@ -0,0 +1,343 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests the rehandshake in DTLS + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +#define MAX_KEY_MATERIAL 64*4 +/* A very basic DTLS client, with anonymous authentication, that negotiates SRTP + */ + +static void client(int fd, int profile) +{ + gnutls_session_t session; + int ret; + gnutls_anon_client_credentials_t anoncred; + uint8_t km[MAX_KEY_MATERIAL]; + char buf[2 * MAX_KEY_MATERIAL]; + gnutls_datum_t cli_key, cli_salt, server_key, server_salt; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND); + gnutls_dtls_set_mtu(session, 1500); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + if (profile) + ret = + gnutls_srtp_set_profile_direct(session, + "SRTP_AES128_CM_HMAC_SHA1_80", + NULL); + else + ret = + gnutls_srtp_set_profile_direct(session, + "SRTP_NULL_HMAC_SHA1_80", + NULL); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: DTLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + ret = + gnutls_srtp_get_keys(session, km, sizeof(km), &cli_key, + &cli_salt, &server_key, &server_salt); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + + if (debug) { + size_t size = sizeof(buf); + gnutls_hex_encode(&cli_key, buf, &size); + success("Client key: %s\n", buf); + + size = sizeof(buf); + gnutls_hex_encode(&cli_salt, buf, &size); + success("Client salt: %s\n", buf); + + size = sizeof(buf); + gnutls_hex_encode(&server_key, buf, &size); + success("Server key: %s\n", buf); + + size = sizeof(buf); + gnutls_hex_encode(&server_salt, buf, &size); + success("Server salt: %s\n", buf); + } + + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); +} + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, int profile) +{ + int ret; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + uint8_t km[MAX_KEY_MATERIAL]; + char buf[2 * MAX_KEY_MATERIAL]; + gnutls_datum_t cli_key, cli_salt, server_key, server_salt; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_heartbeat_enable(session, GNUTLS_HB_PEER_ALLOWED_TO_SEND); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + if (profile) + ret = + gnutls_srtp_set_profile_direct(session, + "SRTP_AES128_CM_HMAC_SHA1_80", + NULL); + else + ret = + gnutls_srtp_set_profile_direct(session, + "SRTP_NULL_HMAC_SHA1_80", + NULL); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + ret = + gnutls_srtp_get_keys(session, km, sizeof(km), &cli_key, + &cli_salt, &server_key, &server_salt); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + + if (debug) { + size_t size = sizeof(buf); + gnutls_hex_encode(&cli_key, buf, &size); + success("Client key: %s\n", buf); + + size = sizeof(buf); + gnutls_hex_encode(&cli_salt, buf, &size); + success("Client salt: %s\n", buf); + + size = sizeof(buf); + gnutls_hex_encode(&server_key, buf, &size); + success("Server key: %s\n", buf); + + size = sizeof(buf); + gnutls_hex_encode(&server_salt, buf, &size); + success("Server salt: %s\n", buf); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(int profile) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + server(fd[0], profile); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], profile); + exit(0); + } +} + +void doit(void) +{ + start(0); + start(1); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-dtls0-9.c b/tests/mini-dtls0-9.c new file mode 100644 index 0000000..1877f7c --- /dev/null +++ b/tests/mini-dtls0-9.c @@ -0,0 +1,326 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests the client hello verify in DTLS + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* A very basic DTLS client handling DTLS 0.9 which sets premaster secret. + */ + +#define MAX_BUF 1024 + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + + return send(fd, data, len, 0); +} + +static gnutls_datum_t master = + { (void*)"\x44\x66\x44\xa9\xb6\x29\xed\x6e\xd6\x93\x15\xdb\xf0\x7d\x4b\x2e\x18\xb1\x9d\xed\xff\x6a\x86\x76\xc9\x0e\x16\xab\xc2\x10\xbb\x17\x99\x24\xb1\xd9\xb9\x95\xe7\xea\xea\xea\xea\xea\xff\xaa\xac", 48}; +static gnutls_datum_t sess_id = + { (void*)"\xd9\xb9\x95\xe7\xea", 5}; + +static void client(int fd, int proto, int cipher, int mac) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-128-GCM:+AEAD:+AES-128-CBC:+SHA1:+RSA:%COMPAT", + NULL); + + ret = gnutls_session_set_premaster(session, GNUTLS_CLIENT, + proto, GNUTLS_KX_RSA, + cipher, mac, + GNUTLS_COMP_NULL, &master, &sess_id); + if (ret < 0) { + fail("client: gnutls_session_set_premaster failed: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, int proto, int cipher, int mac) +{ + int ret; + gnutls_certificate_credentials_t xcred; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + + success("testing for %s-%s\n", gnutls_cipher_get_name(cipher), gnutls_mac_get_name(mac)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-128-CBC:+AES-128-GCM:+AEAD:+SHA1:+RSA:%COMPAT", + NULL); + + ret = gnutls_session_set_premaster(session, GNUTLS_SERVER, + proto, GNUTLS_KX_RSA, + cipher, mac, + GNUTLS_COMP_NULL, &master, &sess_id); + if (ret < 0) { + fail("server: gnutls_session_set_premaster failed: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + memset(buffer, 1, sizeof(buffer)); + do { + ret = gnutls_record_send(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: data sending has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void run(int proto, int cipher, int mac) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + close(fd[1]); + server(fd[0], proto, cipher, mac); + wait(&status); + check_wait_status(status); + close(fd[0]); + } else { + close(fd[0]); + client(fd[1], proto, cipher, mac); + close(fd[1]); + exit(0); + } +} + +void doit(void) +{ + signal(SIGPIPE, SIG_IGN); + + run(GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1); + run(GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-eagain-dtls.c b/tests/mini-eagain-dtls.c new file mode 100644 index 0000000..594d49d --- /dev/null +++ b/tests/mini-eagain-dtls.c @@ -0,0 +1,137 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#define RANDOMIZE +#include "eagain-common.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static int handshake = 0; + +#define MAX_BUF 1024 +#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..." + +void doit(void) +{ + /* Server stuff. */ + gnutls_anon_server_credentials_t s_anoncred; + const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; + static gnutls_dh_params_t dh_params; + gnutls_session_t server; + int sret, cret; + /* Client stuff. */ + gnutls_anon_client_credentials_t c_anoncred; + gnutls_session_t client; + /* Need to enable anonymous KX specifically. */ + char buffer[MAX_BUF + 1]; + int ret, transferred = 0, msglen; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(99); + + /* Init server */ + gnutls_anon_allocate_server_credentials(&s_anoncred); + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_anon_set_server_dh_params(s_anoncred, dh_params); + gnutls_init(&server, + GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); + ret = + gnutls_priority_set_direct(server, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", + NULL); + if (ret < 0) + exit(1); + gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, + server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_anon_allocate_client_credentials(&c_anoncred); + gnutls_init(&client, + GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); + cret = + gnutls_priority_set_direct(client, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", + NULL); + if (cret < 0) + exit(1); + gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, + client_pull_timeout_func); + gnutls_transport_set_ptr(client, client); + + handshake = 1; + HANDSHAKE(client, server); + + handshake = 0; + if (debug) + success("Handshake established\n"); + + do { + ret = gnutls_record_send(client, MSG, strlen(MSG)); + } + while (ret == GNUTLS_E_AGAIN); + + msglen = strlen(MSG); + TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF); + + if (debug) + fputs("\n", stdout); + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_anon_free_client_credentials(c_anoncred); + gnutls_anon_free_server_credentials(s_anoncred); + + gnutls_dh_params_deinit(dh_params); + + gnutls_global_deinit(); +} diff --git a/tests/mini-emsgsize-dtls.c b/tests/mini-emsgsize-dtls.c new file mode 100644 index 0000000..af2737a --- /dev/null +++ b/tests/mini-emsgsize-dtls.c @@ -0,0 +1,191 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" +#define RANDOMIZE +#define IGNORE_PUSH +#include "eagain-common.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static int handshake = 0; + +#define MAX_BUF 1024 +#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..." + +static ssize_t +client_push_300(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + size_t newlen; + + if (len > 300) { + gnutls_transport_set_errno((gnutls_session_t) tr, + EMSGSIZE); + return -1; + } + + len = min(len, sizeof(to_server) - to_server_len); + + newlen = to_server_len + len; + memcpy(to_server + to_server_len, data, len); + to_server_len = newlen; +#ifdef EAGAIN_DEBUG + fprintf(stderr, "eagain: pushed %d bytes to server (avail: %d)\n", + (int) len, (int) to_server_len); +#endif + return len; +} + +static ssize_t +server_push_300(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + size_t newlen; + + if (len > 300) { + gnutls_transport_set_errno((gnutls_session_t) tr, + EMSGSIZE); + return -1; + } + + len = min(len, sizeof(to_client) - to_client_len); + + newlen = to_client_len + len; + memcpy(to_client + to_client_len, data, len); + to_client_len = newlen; +#ifdef EAGAIN_DEBUG + fprintf(stderr, "eagain: pushed %d bytes to client (avail: %d)\n", + (int) len, (int) to_client_len); +#endif + + return len; +} + +void doit(void) +{ + /* Server stuff. */ + gnutls_anon_server_credentials_t s_anoncred; + const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; + static gnutls_dh_params_t dh_params; + gnutls_session_t server; + int sret, cret; + /* Client stuff. */ + gnutls_anon_client_credentials_t c_anoncred; + gnutls_session_t client; + /* Need to enable anonymous KX specifically. */ + char buffer[MAX_BUF + 1]; + int ret, transferred = 0, msglen; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(99); + + /* Init server */ + gnutls_anon_allocate_server_credentials(&s_anoncred); + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_anon_set_server_dh_params(s_anoncred, dh_params); + gnutls_init(&server, + GNUTLS_SERVER | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); + ret = + gnutls_priority_set_direct(server, + "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", + NULL); + if (ret < 0) + exit(1); + gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); + gnutls_transport_set_push_function(server, server_push_300); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, + server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_anon_allocate_client_credentials(&c_anoncred); + gnutls_init(&client, + GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); + cret = + gnutls_priority_set_direct(client, + "NONE:+VERS-DTLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", + NULL); + if (cret < 0) + exit(1); + gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); + gnutls_transport_set_push_function(client, client_push_300); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, + client_pull_timeout_func); + gnutls_transport_set_ptr(client, client); + + handshake = 1; + HANDSHAKE_DTLS(client, server); + + if (gnutls_protocol_get_version(client) != GNUTLS_DTLS1_2) { + fail("Error in negotiated version\n"); + exit(1); + } + + handshake = 0; + if (debug) + success("Handshake established\n"); + + do { + ret = gnutls_record_send(client, MSG, strlen(MSG)); + } + while (ret == GNUTLS_E_AGAIN); + + msglen = strlen(MSG); + TRANSFER(client, server, MSG, msglen, buffer, MAX_BUF); + + if (debug) + fputs("\n", stdout); + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_anon_free_client_credentials(c_anoncred); + gnutls_anon_free_server_credentials(s_anoncred); + + gnutls_dh_params_deinit(dh_params); + + gnutls_global_deinit(); +} diff --git a/tests/mini-global-load.c b/tests/mini-global-load.c new file mode 100644 index 0000000..fa6df2e --- /dev/null +++ b/tests/mini-global-load.c @@ -0,0 +1,147 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Test whether the library is operational without gnutls_global_init() + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static void start(const char *prio) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + success("running test with %s\n", prio); + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, prio, NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, prio, NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.1"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} diff --git a/tests/mini-key-material.c b/tests/mini-key-material.c new file mode 100644 index 0000000..39493d9 --- /dev/null +++ b/tests/mini-key-material.c @@ -0,0 +1,413 @@ +/* + * Copyright (C) 2013 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(ENABLE_ALPN) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests whether the gnutls_record_get_state() works as + * expected. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +/* A very basic DTLS client, with anonymous authentication, that negotiates SRTP + */ + +static void dump(const char *name, uint8_t *data, unsigned data_size) +{ + unsigned i; + + fprintf(stderr, "%s", name); + for (i=0;i 0); + + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_dh_params_deinit(dh_params); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(void) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + server(fd[0]); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +void doit(void) +{ + start(); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-loss-time.c b/tests/mini-loss-time.c new file mode 100644 index 0000000..4883b69 --- /dev/null +++ b/tests/mini-loss-time.c @@ -0,0 +1,331 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* This program tests whether a DTLS handshake would timeout + * in the expected time. + */ + +static void print_type(const unsigned char *buf, int size) +{ + if (buf[0] == 22 && size >= 13) { + if (buf[13] == 1) + fprintf(stderr, "Client Hello\n"); + else if (buf[13] == 2) + fprintf(stderr, "Server Hello\n"); + else if (buf[13] == 12) + fprintf(stderr, "Server Key exchange\n"); + else if (buf[13] == 14) + fprintf(stderr, "Server Hello Done\n"); + else if (buf[13] == 11) + fprintf(stderr, "Certificate\n"); + else if (buf[13] == 16) + fprintf(stderr, "Client Key Exchange\n"); + else if (buf[4] == 1) + fprintf(stderr, "Finished\n"); + else + fprintf(stderr, "Unknown handshake\n"); + } else if (buf[0] == 20) { + fprintf(stderr, "Change Cipher Spec\n"); + } else + fprintf(stderr, "Unknown\n"); +} + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* A very basic TLS client, with anonymous authentication. + */ + +static int counter; +static int packet_to_lose; + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + + counter++; + + if (packet_to_lose != -1 && packet_to_lose == counter) { + if (debug) { + fprintf(stderr, "Discarding packet %d: ", counter); + print_type(data, len); + } + + packet_to_lose = 1; + counter = 0; + return len; + } + return send(fd, data, len, 0); +} + +static void client(int fd, unsigned timeout) +{ + int ret; + gnutls_anon_client_credentials_t anoncred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + gnutls_dtls_set_timeouts(session, 1 * 1000, timeout * 1000); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + counter = 0; + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)); + + gnutls_deinit(session); + gnutls_anon_free_client_credentials(anoncred); + gnutls_global_deinit(); + + if (ret < 0) { + if (ret == GNUTLS_E_TIMEDOUT) { + if (debug) + success("client: received timeout\n"); + return; + } + fail("client: Handshake failed with unexpected reason: %s\n", gnutls_strerror(ret)); + } else { + fail("client: Handshake was completed (unexpected)\n"); + } +} + + +/* These are global */ +pid_t child; + +static void server(int fd, int packet, unsigned timeout) +{ + gnutls_anon_server_credentials_t anoncred; + gnutls_session_t session; + int ret; + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + gnutls_dtls_set_timeouts(session, 1 * 1000, timeout * 1000); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + counter = 0; + packet_to_lose = packet; + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)); + + gnutls_deinit(session); + gnutls_anon_free_server_credentials(anoncred); + gnutls_global_deinit(); + + if (ret < 0) { + if (ret == GNUTLS_E_TIMEDOUT) { + if (debug) + success("server received timeout\n"); + return; + } + fail("server: Handshake failed with unexpected reason: %s\n", gnutls_strerror(ret)); + } else { + fail("server: Handshake was completed (unexpected)\n"); + } + + if (ret < 0) { + return; + } +} + +static void start(int server_packet, int wait_server) +{ + int fd[2]; + int ret; + + if (debug) + fprintf(stderr, "\nWill discard server packet %d\n", + server_packet); + + /* we need dgram in this test */ + ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[0]); + if (wait_server) + server(fd[1], server_packet, 30); + else + client(fd[1], 30); + close(fd[1]); + kill(child, SIGTERM); + } else { + close(fd[1]); + if (wait_server) + client(fd[0], 32); + else + server(fd[0], server_packet, 32); + close(fd[0]); + exit(0); + } +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + time_t tstart, tstop; + int tries = 5; /* we try multiple times because in very busy systems the suite may fail to finish on time */ + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + for (;tries>=0;tries--) { + tstart = time(0); + start(2, 0); + + tstop = time(0); + + tstop = tstop - tstart; + + if (!(tstop < 40 && tstop > 25)) { + if (tries == 0) + fail("Client wait time difference: %u\n", (unsigned) tstop); + else if (debug) + success("Client wait time difference: %u\n", (unsigned) tstop); + } else break; + } + + for (;tries>=0;tries--) { + tstart = time(0); + start(2, 1); + + tstop = time(0); + + tstop = tstop - tstart; + + if (!(tstop < 40 && tstop > 25)) { + if (tries == 0) + fail("Server wait time difference: %u\n", (unsigned) tstop); + else if (debug) + success("Server wait time difference: %u\n", (unsigned) tstop); + } else break; + } +} + +#endif /* _WIN32 */ diff --git a/tests/mini-overhead.c b/tests/mini-overhead.c new file mode 100644 index 0000000..9836ea5 --- /dev/null +++ b/tests/mini-overhead.c @@ -0,0 +1,342 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests the robustness of record + * decoding. + */ + +static void server_log_func(int level, const char *str) +{ +// fprintf (stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + + +/* A very basic TLS client, with anonymous authentication. + */ + +#define MAX_BUF 1024 +#define MTU 1500 + +static void client(int fd, const char *prio, unsigned overhead) +{ + int ret; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + + /* Use default priorities */ + ret = gnutls_priority_set_direct(session, prio, NULL); + if (ret < 0) { + fail("error in setting priority: %s\n", prio); + exit(1); + } + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed for %s\n", prio); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_dtls_set_mtu(session, MTU); + ret = gnutls_dtls_get_data_mtu(session); + + if (MTU - ret != (int) overhead) { + fail("overhead for %s is %d, expected %u\n", prio, + MTU - ret, overhead); + exit(1); + } + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +gnutls_anon_server_credentials_t anoncred; +gnutls_certificate_credentials_t x509_cred; +pid_t child; + +static gnutls_session_t initialize_tls_session(const char *prio) +{ + gnutls_session_t session; + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + return session; +} + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + session = initialize_tls_session(prio); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s) for %s\n\n", + gnutls_strerror(ret), prio); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *prio, unsigned overhead) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio); + waitpid(-1, NULL, 0); + //kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], prio, overhead); + exit(0); + } +} + +static void ch_handler(int sig) +{ + int status = 0; + + waitpid(-1, &status, 0); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + + /* overhead for CBC depends on MTU */ + + /* 13 + 20(sha1) + 16(iv) + 16(pad) */ + start + ("NONE:+VERS-DTLS1.0:%NO_ETM:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", + 65); + + /* 13 + 20(sha1) + 8(iv) + 8(max pad) */ + if (!gnutls_fips140_mode_enabled()) + start + ("NONE:+VERS-DTLS1.0:+3DES-CBC:%NO_ETM:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", + 49); + + /* 13 + 16(tag) + 4(iv) */ + start + ("NONE:+VERS-DTLS1.2:+AES-128-GCM:%NO_ETM:+AEAD:+SIGN-ALL:+COMP-NULL:+RSA", + 37); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-record-2.c b/tests/mini-record-2.c new file mode 100644 index 0000000..6a73ad9 --- /dev/null +++ b/tests/mini-record-2.c @@ -0,0 +1,462 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests the ability to transfer various data size + * by the record layer, under different ciphersuites. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + + +/* A very basic TLS client, with anonymous authentication. + */ + +#define MAX_BUF 24*1024 + +static void client(int fd, const char *prio, int ign) +{ + int ret; + unsigned i; + char buffer[MAX_BUF + 1]; + const char* err; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + memset(buffer, 2, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + ret = gnutls_priority_set_direct(session, prio, &err); + if (ret < 0) { + fail("error setting priority: %s\n", err); + exit(1); + } + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client (%s): Handshake has failed (%s)\n\n", prio, + gnutls_strerror(ret)); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* Test sending */ + for (i = 1; i < 16384; i++) { + do { + ret = gnutls_record_send(session, buffer, i); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("server (%s): Error sending %d byte packet: %s\n", prio, i, gnutls_strerror(ret)); + exit(1); + } + } + + /* Try sending a bit more */ + i = 21056; + do { + ret = gnutls_record_send(session, buffer, i); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("server (%s): Error sending %d byte packet: %s\n", + prio, i, gnutls_strerror(ret)); + exit(1); + } else if (ign == 0 && ret != 16384) { + fail("server (%s): Error sending %d byte packet; sent %d bytes instead of 16384\n", prio, i, ret); + exit(1); + } + + ret = gnutls_bye(session, GNUTLS_SHUT_WR); + if (ret < 0) { + fail("server (%s): Error sending alert\n", prio); + exit(1); + } + + /* make sure we are not blocked forever */ + gnutls_record_set_timeout(session, 10000); + + /* Test receiving */ + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio, int ign) +{ + int ret; + unsigned i; + const char* err; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + ret = gnutls_priority_set_direct(session, prio, &err); + if (ret < 0) { + fail("error setting priority: %s\n", err); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server (%s): Handshake has failed (%s)\n\n", prio, + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* Here we do both a receive and a send test because if valgrind + * detects an error on the peer, the main process will never know. + */ + + /* Test receiving */ + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (ret != 0) { + fail("expected closure alert! Got: %d\n", ret); + } + + /* Test sending */ + for (i = 1; i < 16384; i++) { + do { + ret = gnutls_record_send(session, buffer, i); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("server (%s): Error sending %d byte packet: %s\n", prio, i, gnutls_strerror(ret)); + terminate(); + } + } + + /* Try sending a bit more */ + i = 21056; + do { + ret = gnutls_record_send(session, buffer, i); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("server (%s): Error sending %d byte packet: %s\n", + prio, i, gnutls_strerror(ret)); + terminate(); + } else if (ign == 0 && ret != 16384) { + fail("server (%s): Error sending %d byte packet; sent %d bytes instead of 16384\n", prio, i, ret); + terminate(); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *name, const char *prio, int ign) +{ + int fd[2]; + int ret; + int status; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + success("testing %s\n", name); + close(fd[1]); + server(fd[0], prio, ign); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], prio, ign); + exit(0); + } +} + +#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define AES_CCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define AES_CCM_8 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CCM-8:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" + +#define ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define ARCFOUR_MD5 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:+RSA" + +#define NULL_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+NULL:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+RSA:+CURVE-ALL" + +#define CHACHA_POLY1305 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+CHACHA20-POLY1305:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-RSA:+CURVE-ALL" + +#define TLS13_AES_GCM "NONE:+VERS-TLS1.3:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+GROUP-ALL" +#define TLS13_AES_CCM "NONE:+VERS-TLS1.3:-CIPHER-ALL:+RSA:+AES-128-CCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+GROUP-ALL" +#define TLS13_CHACHA_POLY1305 "NONE:+VERS-TLS1.3:-CIPHER-ALL:+RSA:+CHACHA20-POLY1305:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+GROUP-ALL" + +static void ch_handler(int sig) +{ + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + + start("aes-cbc", AES_CBC, 1); + start("aes-cbc-sha256", AES_CBC_SHA256, 1); + start("aes-gcm", AES_GCM, 0); + start("aes-ccm", AES_CCM, 0); + start("aes-ccm-8", AES_CCM_8, 0); + + if (!gnutls_fips140_mode_enabled()) { + start("null-sha1", NULL_SHA1, 0); + + start("arcfour-sha1", ARCFOUR_SHA1, 0); + start("arcfour-md5", ARCFOUR_MD5, 0); + start("chacha20-poly1305", CHACHA_POLY1305, 0); + start("tls13-chacha20-poly1305", TLS13_CHACHA_POLY1305, 0); + } + + start("tls13-aes-gcm", TLS13_AES_GCM, 0); + start("tls13-aes-ccm", TLS13_AES_CCM, 0); + +} + +#endif /* _WIN32 */ diff --git a/tests/mini-record-failure.c b/tests/mini-record-failure.c new file mode 100644 index 0000000..5eb2eff --- /dev/null +++ b/tests/mini-record-failure.c @@ -0,0 +1,367 @@ +/* + * Copyright (C) 2014 Nikos Mavrogiannopoulos + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "utils.h" + +static void terminate(void); + +/* This program tests the ability of the record layer, + * to detect modified record packets, under various + * ciphersuites. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static int modify = 0; + +static ssize_t +client_push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + unsigned int fd = (long)tr; + + if (modify == 0) + return send(fd, data, len, 0); + else { + uint8_t *p = (void*)data; + if (len < 30) { + fail("test error in packet sending\n"); + exit(1); + } + p[len-30]++; + return send(fd, data, len, 0); + } +} + +#define MAX_BUF 24*1024 + +static void client(int fd, const char *prio, int ign) +{ + int ret; + char buffer[MAX_BUF + 1]; + const char* err; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + memset(buffer, 2, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + gnutls_transport_set_push_function(session, client_push); + /* Use default priorities */ + ret = gnutls_priority_set_direct(session, prio, &err); + if (ret < 0) { + fail("error setting priority: %s\n", err); + exit(1); + } + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client (%s): Handshake has failed (%s)\n\n", prio, + gnutls_strerror(ret)); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + modify = 1; + do { + ret = gnutls_record_send(session, buffer, 2048); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + modify = 0; + + if (ret < 0) { + fail("client[%s]: Error sending packet: %s\n", prio, gnutls_strerror(ret)); + exit(1); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio, int ign) +{ + int ret; + const char* err; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + ret = gnutls_priority_set_direct(session, prio, &err); + if (ret < 0) { + fail("error setting priority: %s\n", err); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server (%s): Handshake has failed (%s)\n\n", prio, + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* Here we do both a receive and a send test because if valgrind + * detects an error on the peer, the main process will never know. + */ + + /* make sure we are not blocked forever */ + gnutls_record_set_timeout(session, 10000); + + /* Test receiving */ + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret != GNUTLS_E_DECRYPTION_FAILED) { + fail("server: received modified packet with error code %d\n", ret); + exit(1); + } + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *name, const char *prio, int ign) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + success("testing %s\n", name); + close(fd[1]); + server(fd[0], prio, ign); + } else { + close(fd[0]); + client(fd[1], prio, ign); + exit(0); + } +} + +#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define AES_CCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define AES_CCM_8 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CCM-8:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" + +#define ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define ARCFOUR_MD5 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:+RSA" + +#define NULL_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+NULL:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+RSA:+CURVE-ALL" + +#define NO_ETM ":%NO_ETM" + +#define TLS13_AES_GCM "NONE:+VERS-TLS1.3:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+GROUP-ALL" +#define TLS13_AES_CCM "NONE:+VERS-TLS1.3:-CIPHER-ALL:+RSA:+AES-128-CCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+GROUP-ALL" +#define TLS13_CHACHA_POLY1305 "NONE:+VERS-TLS1.3:-CIPHER-ALL:+RSA:+CHACHA20-POLY1305:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+GROUP-ALL" + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGPIPE, SIG_IGN); + signal(SIGCHLD, ch_handler); + + start("aes-cbc", AES_CBC, 1); + start("aes-cbc-sha256", AES_CBC_SHA256, 1); + start("aes-gcm", AES_GCM, 0); + start("aes-ccm", AES_CCM, 0); + start("aes-ccm-8", AES_CCM_8, 0); + + if (!gnutls_fips140_mode_enabled()) { + start("null-sha1", NULL_SHA1, 0); + + start("arcfour-sha1", ARCFOUR_SHA1, 0); + start("arcfour-md5", ARCFOUR_MD5, 0); + } + + start("aes-cbc-no-etm", AES_CBC NO_ETM, 1); + start("aes-cbc-sha256-no-etm", AES_CBC_SHA256 NO_ETM, 1); + start("aes-gcm-no-etm", AES_GCM NO_ETM, 0); + + if (!gnutls_fips140_mode_enabled()) { + start("null-sha1-no-etm", NULL_SHA1 NO_ETM, 0); + + start("arcfour-sha1-no-etm", ARCFOUR_SHA1 NO_ETM, 0); + start("arcfour-md5-no-etm", ARCFOUR_MD5 NO_ETM, 0); + start("tls13-chacha20-poly1305", TLS13_CHACHA_POLY1305, 0); + } + + start("tls13-aes-gcm", TLS13_AES_GCM, 0); + start("tls13-aes-ccm", TLS13_AES_CCM, 0); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-record-range.c b/tests/mini-record-range.c new file mode 100644 index 0000000..4c4242a --- /dev/null +++ b/tests/mini-record-range.c @@ -0,0 +1,345 @@ +/* + * Copyright (C) 2012-2018 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main(void) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +#define MAX_BUF 1024 +#define HIGH(x) (3*x) +static void terminate(void); +static int to_send; +static size_t total; + +/* This program tests the robustness of record range sending. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + + +/* A very basic TLS client, with anonymous authentication. + */ + + + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + + if (to_send >= 0) + total += len; + return send(fd, data, len, 0); +} + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, prio, NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_range_st range; + + to_send = 0; + + range.low = MAX_BUF; + range.high = HIGH(MAX_BUF); + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_transport_set_push_function(session, push); + + if (gnutls_record_can_use_length_hiding(session) == 0) { + fail("Length hiding isn't possible\n"); + terminate(); + } + + do { + total = 0; + do { + ret = + gnutls_record_send_range(session, buffer, + sizeof(buffer), + &range); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("Error sending packet: %s\n", + gnutls_strerror(ret)); + terminate(); + } + if (total < HIGH(MAX_BUF)) { + fail("Sent data (%u) are lower than expected (%u)\n", + (unsigned) total, (unsigned) HIGH(MAX_BUF)); + terminate(); + } + + to_send++; + } + while (to_send < 4); + + to_send = -1; + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *prio) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } +} + +#define AES_CBC "NONE:+VERS-TLS1.2:+AES-128-CBC:+MAC-ALL:+SIGN-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_GCM "NONE:+VERS-TLS1.3:+AES-256-GCM:+AEAD:+SIGN-ALL:+GROUP-ALL" + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + + start(AES_CBC); + start(AES_GCM); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-record.c b/tests/mini-record.c new file mode 100644 index 0000000..4081cde --- /dev/null +++ b/tests/mini-record.c @@ -0,0 +1,380 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +static void terminate(void); + +/* This program tests the robustness of record + * decoding. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static int to_send = -1; +static int mtu = 0; + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + + return send(fd, data, len, 0); +} + +#define RECORD_HEADER_SIZE (5+8) + +static ssize_t +push_crippled(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + int _len, ret; + uint8_t *_data = (void *) data; + + if (to_send == -1) + return send(fd, data, len, 0); + else { +#if 0 + _len = + ((uint8_t *) data)[11] << 8 | ((uint8_t *) data)[12]; + fprintf(stderr, "mtu: %d, len: %d", mtu, (int) _len); + fprintf(stderr, " send: %d\n", (int) to_send); +#endif + + _len = to_send; + _data[11] = _len >> 8; + _data[12] = _len; + + /* correct len */ + ret = send(fd, data, RECORD_HEADER_SIZE + _len, 0); + + if (ret < 0) + return ret; + + return len; + } +} + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + + /* Use default priorities */ + ret = gnutls_priority_set_direct(session, prio, NULL); + if (ret < 0) { + fail("error in priority '%s': %s\n", prio, gnutls_strerror(ret)); + exit(1); + } + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* make sure we are not blocked forever */ + gnutls_record_set_timeout(session, 10000); + + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0 || ret == GNUTLS_E_TIMEDOUT) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + ret = gnutls_priority_set_direct(session, prio, NULL); + if (ret < 0) { + fail("error in priority '%s': %s\n", prio, gnutls_strerror(ret)); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push_crippled); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + mtu = gnutls_dtls_get_mtu(session); + + do { + usleep(10000); /* some systems like FreeBSD have their buffers full during this send */ + do { + ret = + gnutls_record_send(session, buffer, + sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("Error sending %d byte packet: %s\n", to_send, + gnutls_strerror(ret)); + terminate(); + } + to_send++; + } + while (to_send < 64); + + to_send = -1; + + /* wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *name, const char *prio) +{ + int fd[2]; + int ret, status = 0; + + ret = socketpair(AF_UNIX, SOCK_DGRAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + success("trying: %s\n", name); + close(fd[0]); + client(fd[1], prio); + wait(&status); + check_wait_status(status); + } else { + close(fd[1]); + server(fd[0], prio); + exit(0); + } +} + +#define AES_CBC "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_CBC_SHA256 "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_GCM "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_CCM "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-CCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_CCM_8 "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-CCM-8:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define CHACHA_POLY1305 "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+CHACHA20-POLY1305:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-RSA:+CURVE-ALL" + +static void ch_handler(int sig) +{ + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start("aes-cbc", AES_CBC); + start("aes-cbc-sha256", AES_CBC_SHA256); + start("aes-gcm", AES_GCM); + start("aes-ccm", AES_CCM); + start("aes-ccm-8", AES_CCM_8); + if (!gnutls_fips140_mode_enabled()) { + start("chacha20", CHACHA_POLY1305); + } +} + +#endif /* _WIN32 */ diff --git a/tests/mini-server-name.c b/tests/mini-server-name.c new file mode 100644 index 0000000..cc431ad --- /dev/null +++ b/tests/mini-server-name.c @@ -0,0 +1,331 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include "cert-common.h" + +#ifdef _WIN32 + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +#define MAX_BUF 1024 +static void terminate(void); + +/* This program tests gnutls_server_name_set() and gnutls_server_name_get(). + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* internal function */ +int _gnutls_server_name_set_raw(gnutls_session_t session, + gnutls_server_name_type_t type, + const void *name, size_t name_length); + +static void client(const char *test_name, const char *prio, int fd, unsigned raw, const char *name, unsigned name_len, int server_err) +{ + int ret; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, prio, NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + if (raw) + _gnutls_server_name_set_raw(session, GNUTLS_NAME_DNS, name, name_len); + else + gnutls_server_name_set(session, GNUTLS_NAME_DNS, name, name_len); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + if (server_err < 0) + goto cleanup; + test_fail("Handshake failed\n"); + goto cleanup; + } else { + if (debug) + test_success("Handshake was completed\n"); + } + + if (debug) + test_success("TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + cleanup: + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(const char *test_name, const char *prio, int fd, const char *name, unsigned name_len, int exp_err) +{ + int ret; + char buffer[MAX_BUF + 1]; + unsigned int type; + size_t buffer_size; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + if (exp_err == ret) + goto cleanup; + close(fd); + gnutls_deinit(session); + test_fail("Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + test_success("Handshake was completed\n"); + + if (debug) + test_success("TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + buffer_size = sizeof(buffer); + ret = gnutls_server_name_get(session, buffer, &buffer_size, &type, 0); + + if ((name == NULL || name[0] == 0) && (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE || ret == GNUTLS_E_IDNA_ERROR)) { + /* expected */ + if (debug) + test_success("empty name matches\n"); + } else if (ret < 0) { + test_fail("server_name: %s/%d\n", gnutls_strerror(ret), ret); + } else { + if (name == NULL || name[0] == 0) { + test_fail("did not receive the expected name: got: %s\n", buffer); + exit(1); + } + if (buffer_size != strlen(buffer)) { + test_fail("received name '%s/%d/%d', with embedded null\n", buffer, (int)buffer_size, (int)strlen(buffer)); + exit(1); + } + if (name_len != buffer_size || memcmp(name, buffer, name_len) != 0) { + test_fail("received name '%s/%d', expected '%s/%d'\n", buffer, (int)buffer_size, name, (int)name_len); + exit(1); + } + if (debug) + test_success("name matches (%s/%s)\n", buffer, name); + } + + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + cleanup: + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + test_success("finished\n"); +} + +/* name: the name sent by client + * server_exp: the name which should be expected by the server to see + */ +static void start(const char *test_name, const char *prio, unsigned raw, const char *name, unsigned len, const char *server_exp, unsigned server_exp_len, int server_error) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + test_fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(test_name, prio, fd[0], server_exp, server_exp_len, server_error); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(test_name, prio, fd[1], raw, name, len, server_error); + exit(0); + } +} + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +#define PRIO_TLS12 "NORMAL:-VERS-ALL:+VERS-TLS1.2" +#define PRIO_TLS13 "NORMAL:-VERS-ALL:+VERS-TLS1.3" +#define PRIO_NORMAL "NORMAL" + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start("tls1.2 NULL", PRIO_TLS12, 0, NULL, 0, NULL, 0, 0); + start("tls1.2 empty", PRIO_TLS12, 0, "", 0, "", 0, 0); + start("tls1.2 test.example.com", PRIO_TLS12, 0, "test.example.com", strlen("test.example.com"), "test.example.com", strlen("test.example.com"), 0); + start("tls1.2 longtest.example.com", PRIO_TLS12, 0, "longtest.example.com.", strlen("longtest.example.com"), "longtest.example.com.", strlen("longtest.example.com"), 0); + /* test embedded NULL */ + start("tls1.2 embedded-NULL", PRIO_TLS12, 1, "invalid\x00.example.com.", sizeof("invalid\x00.example.com")-1, NULL, 0, GNUTLS_E_RECEIVED_DISALLOWED_NAME); + + start("tls1.3 NULL", PRIO_TLS13, 0, NULL, 0, NULL, 0, 0); + start("tls1.3 empty", PRIO_TLS13, 0, "", 0, "", 0, 0); + start("tls1.3 test.example.com", PRIO_TLS13, 0, "test.example.com", strlen("test.example.com"), "test.example.com", strlen("test.example.com"), 0); + start("tls1.3 longtest.example.com", PRIO_TLS13, 0, "longtest.example.com.", strlen("longtest.example.com"), "longtest.example.com.", strlen("longtest.example.com"), 0); + /* test embedded NULL */ + start("tls1.3 embedded-NULL", PRIO_TLS13, 1, "invalid\x00.example.com.", sizeof("invalid\x00.example.com")-1, NULL, 0, GNUTLS_E_RECEIVED_DISALLOWED_NAME); + + start("NULL", PRIO_NORMAL, 0, NULL, 0, NULL, 0, 0); + start("empty", PRIO_NORMAL, 0, "", 0, "", 0, 0); + start("test.example.com", PRIO_NORMAL, 0, "test.example.com", strlen("test.example.com"), "test.example.com", strlen("test.example.com"), 0); + start("longtest.example.com", PRIO_NORMAL, 0, "longtest.example.com.", strlen("longtest.example.com"), "longtest.example.com.", strlen("longtest.example.com"), 0); + /* test embedded NULL */ + start("embedded-NULL", PRIO_NORMAL, 1, "invalid\x00.example.com.", sizeof("invalid\x00.example.com")-1, NULL, 0, GNUTLS_E_RECEIVED_DISALLOWED_NAME); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-session-verify-function.c b/tests/mini-session-verify-function.c new file mode 100644 index 0000000..26d015b --- /dev/null +++ b/tests/mini-session-verify-function.c @@ -0,0 +1,328 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include + +/* Tests whether the session verify callbacks are operational. + */ + +const char *side; +static int client_ok = 0, server_ok = 0; +static int client_ret_val = 0; +static int server_ret_val = 0; + +static int client_callback(gnutls_session_t session) +{ + client_ok = 1; + return client_ret_val; +} + +static int server_callback(gnutls_session_t session) +{ + server_ok = 1; + + if (gnutls_protocol_get_version(session) == GNUTLS_TLS1_2) { + if (gnutls_handshake_get_last_in(session) != + GNUTLS_HANDSHAKE_CERTIFICATE_PKT) { + fail("client's last input message was unexpected: %s\n", + gnutls_handshake_description_get_name(gnutls_handshake_get_last_in(session))); + exit(1); + } + + if (gnutls_handshake_get_last_out(session) != + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) { + fail("client's last output message was unexpected: %s\n", + gnutls_handshake_description_get_name(gnutls_handshake_get_last_out(session))); + exit(1); + } + } + return server_ret_val; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static +void test_success1(const char *prio) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + to_server_len = 0; + to_client_len = 0; + client_ret_val = 0; + server_ret_val = 0; + server_ok = 0; + client_ok = 0; + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_session_set_verify_function(server, server_callback); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, prio, NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + gnutls_session_set_verify_function(client, + client_callback); + + HANDSHAKE(client, server); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + if (server_ok == 0) + fail("Server certificate verify callback wasn't called\n"); + + if (client_ok == 0) + fail("Client certificate verify callback wasn't called\n"); +} + +static +void test_failure_client(const char *prio) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + + to_server_len = 0; + to_client_len = 0; + client_ret_val = GNUTLS_E_CERTIFICATE_ERROR; + server_ret_val = 0; + server_ok = 0; + client_ok = 0; + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_session_set_verify_function(server, server_callback); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, prio, NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + gnutls_session_set_verify_function(client, + client_callback); + + HANDSHAKE_EXPECT(client, server, GNUTLS_E_CERTIFICATE_ERROR, GNUTLS_E_AGAIN); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + if (client_ok == 0) + fail("%s: certificate verify callback wasn't called\n", __func__); +} + +static +void test_failure_server(const char *prio) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + + to_server_len = 0; + to_client_len = 0; + client_ret_val = 0; + server_ret_val = GNUTLS_E_CERTIFICATE_ERROR; + server_ok = 0; + client_ok = 0; + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_session_set_verify_function(server, server_callback); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, prio, NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + gnutls_session_set_verify_function(client, client_callback); + + HANDSHAKE_EXPECT(client, server, -1, GNUTLS_E_CERTIFICATE_ERROR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + if (server_ok == 0) + fail("%s: certificate verify callback wasn't called\n", __func__); +} + +static void start(const char *prio) +{ + success("running tests for %s\n", prio); + + client_ok = 0; + server_ok = 0; + client_ret_val = 0; + server_ret_val = 0; + + test_failure_client(prio); + test_failure_server(prio); + test_success1(prio); +} + +void doit(void) +{ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(99); + + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); + + gnutls_global_deinit(); +} diff --git a/tests/mini-termination.c b/tests/mini-termination.c new file mode 100644 index 0000000..2bb2d47 --- /dev/null +++ b/tests/mini-termination.c @@ -0,0 +1,325 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests the robustness of record + * decoding. + */ + +static void server_log_func(int level, const char *str) +{ +// fprintf (stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + + +/* A very basic TLS client, with anonymous authentication. + */ + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, prio, NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == GNUTLS_E_PREMATURE_TERMINATION) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else { + fail("client: Unexpected error: %d (%s)\n", ret, + gnutls_strerror(ret)); + exit(1); + } + + end: + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *prio) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio); + waitpid(-1, NULL, 0); + //kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } +} + +static void ch_handler(int sig) +{ + int status = 0; + + waitpid(-1, &status, 0); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-tls-nonblock.c b/tests/mini-tls-nonblock.c new file mode 100644 index 0000000..b2c6578 --- /dev/null +++ b/tests/mini-tls-nonblock.c @@ -0,0 +1,356 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests whether our pull timeout function is called + * during handshake. + */ + +static void server_log_func(int level, const char *str) +{ +// fprintf (stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + + +/* A very basic TLS client, with anonymous authentication. + */ + +#define MAX_BUF 1024 +static const char *g_msg = ""; + +static ssize_t +my_pull(gnutls_transport_ptr_t tr, void *data, size_t len) +{ + return recv((long)tr, data, len, 0); +} + +static ssize_t +my_push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + return send((long)tr, data, len, 0); +} + +static int +my_pull_timeout(gnutls_transport_ptr_t tr, unsigned ms) +{ + if (ms != 0) { + fail("pull timeout was called: %s!\n", g_msg); + exit(1); + } + return 1; +} + +static void client(int fd, const char *msg, const char *prio, unsigned expl) +{ + int ret; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + g_msg = msg; + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + /* set socket to non-blocking */ + ret = fcntl(fd, F_GETFL, 0); + fcntl(fd, F_SETFL, ret | O_NONBLOCK); + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT|expl); + + /* Use default priorities */ + ret = gnutls_priority_set_direct(session, prio, NULL); + if (ret < 0) { + fail("error in setting priority\n"); + exit(1); + } + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, my_push); + gnutls_transport_set_pull_function(session, my_pull); + gnutls_transport_set_pull_timeout_function(session, my_pull_timeout); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio, unsigned expl) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + if (expl & GNUTLS_DATAGRAM) + gnutls_init(&session, GNUTLS_SERVER|GNUTLS_DATAGRAM); + else + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *msg, const char *prio, unsigned expl) +{ + int fd[2]; + int ret; + + success("trying %s\n", msg); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + client(fd[0], msg, prio, expl); + waitpid(-1, NULL, 0); + //kill(child, SIGTERM); + } else { + close(fd[0]); + server(fd[1], prio, expl); + exit(0); + } +} + +static void ch_handler(int sig) +{ + int status = 0; + + waitpid(-1, &status, 0); + check_wait_status(status); + return; +} + +#ifndef GNUTLS_NONBLOCK +# error GNUTLS_NONBLOCK should have been defined +#endif + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + + start("TLS1.2-explicit flag", "NORMAL:-VERS-ALL:+VERS-TLS1.2", GNUTLS_NONBLOCK); + start("TLS1.2-explicit flag", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_NONBLOCK); + start("TLS-explicit flag", "NORMAL", GNUTLS_NONBLOCK); + start("DTLS1.2-explicit flag", "NORMAL:-VERS-ALL:+VERS-DTLS1.2", GNUTLS_NONBLOCK|GNUTLS_DATAGRAM); + start("DTLS-explicit flag", "NORMAL", GNUTLS_NONBLOCK|GNUTLS_DATAGRAM); + start("TLS1.2-no flag", "NORMAL:-VERS-ALL:+VERS-TLS1.2", 0); + start("TLS1.3-no flag", "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0); + start("TLS-no flag", "NORMAL", 0); +} + +#endif /* _WIN32 */ diff --git a/tests/mini-x509-2.c b/tests/mini-x509-2.c new file mode 100644 index 0000000..c1bc544 --- /dev/null +++ b/tests/mini-x509-2.c @@ -0,0 +1,459 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include + +/* This tests gnutls_certificate_set_x509_key() */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char ca_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwNDA5MDgwMjM0WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuLSye8pe3yWKZ\n" +"Yp7tLQ4ImwLqqh1aN7x9pc5spLDj6krVArzkyyYDcWvtQNDjErEfLUrZZrCc4aIl\n" +"oU1Ghb92kI8ofZnHFbj3z5zdcWqiPppj5Y+hRdc4LszTWb+itrD9Ht/D67EK+m7W\n" +"ev6xxUdyiBYUmb2O3CnPZpUVshMRtEe45EDGI5hUgL2n4Msj41htTq8hATYPXgoq\n" +"gQUyXFpKAX5XDCyOG+FC6jmEys7UCRYv3SCl7TPWJ4cm+lHcFI2/OTOCBvMlKN2J\n" +"mWCdfnudZldqthin+8fR9l4nbuutOfPNt1Dj9InDzWZ1W/o4LrjKa7fsvszj2Z5A\n" +"Fn+xN/4zAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQUwRHwbXyPosKNNkBiZduEwL5ZCwswDQYJKoZIhvcNAQELBQAD\n" +"ggEBAEKr0b7WoJL+L8St/LEITU/i7FwFrCP6DkbaNo0kgzPmwnvNmw88MLI6UKwE\n" +"JecnjFhurRBBZ4FA85ucNyizeBnuXqFcyJ20+XziaXGPKV/ugKyYv9KBoTYkQOCh\n" +"nbOthmDqjvy2UYQj0BU2dOywkjUKWhYHEZLBpZYck0Orynxydwil5Ncsz4t3smJw\n" +"ahzCW8SzBFTiO99qQBCH2RH1PbUYzfAnJxZS2VScpcqlu9pr+Qv7r8E3p9qHxnQM\n" +"gO5laWO6lc13rNsbZRrtlCvacsiDSuDnS8EVXm0ih4fAntpRHacPbXZbOPQqJ/+1\n" +"G7/qJ6cDC/9aW+fU80ogTkAoFg4=\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t ca_cert = { ca_cert_pem, + sizeof(ca_cert_pem) +}; + +static unsigned char server_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIDOjCCAiKgAwIBAgIMU0T+mwoDu5uVLKeeMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" +"BgNVBAMTBENBLTEwIhgPMjAxNDA0MDkwODAyMzVaGA85OTk5MTIzMTIzNTk1OVow\n" +"EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" +"AoIBAQDXfvgsMWXHNf3iUaEoZSNztZZr6+UdBkoUhbdWJDR+GwR+GHfnYaYHsuqb\n" +"bNEl/QFI+8Jeth0SmG7TNB+b/AlHFoBm8TwBt7H+Mn6AQIdo872Vs262UkHgbZN6\n" +"dEQeRCgiXmlsOVe+MVpf79Xi32MYz1FZ/ueS6tr8sIDhECThIZkq2eulVjAV86N2\n" +"zQ72Ml1k8rPw4SdK5OFhcXNdXr6CsAol8MmiORKDF0iAZxwtFVc00nBGqQC5rwrN\n" +"3A8czH5TsvyvrcW0mwV2XOVvZM5kFM1T/X0jF6RQHiGGFBYK4s6JZxSSOhJMFYYh\n" +"koPEKsuVZdmBJ2yTTdGumHZfG9LDAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAU\n" +"BgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0P\n" +"AQH/BAUDAwegADAdBgNVHQ4EFgQURXiN5VD5vgqAprhd/37ldGKv4/4wHwYDVR0j\n" +"BBgwFoAU8MUzmkotjSmVa5r1ejMkMQ6BiZYwDQYJKoZIhvcNAQELBQADggEBABSU\n" +"cmMX0nGeg43itPnLjSTIUuYEamRhfsFDwgRYQn5w+BcFG1p0scBRxLAShUEb9A2A\n" +"oEJV4rQDpCn9bcMrMHhTCR5sOlLh/2o9BROjK0+DjQLDkooQK5xa+1GYEiy6QYCx\n" +"QjdCCnMhHh24oP2/vUggRKhevvD2QQFKcCDT6n13RFYm+HX82gIh6SAtRs0oahY5\n" +"k9CM9TYRPzXy+tQqhZisJzc8BLTW/XA97kAJW6+hUhPir7AYR6BKJhNeIxcN/yMy\n" +"jsHzWDLezip/8q+kzw658V5e40hne7ZaJycGUaUdLVnJcpNtBgGE82TRS/XZSQKF\n" +"fpy8FLGcJynqlIOzdKs=\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIIDATCCAemgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwNDA5MDgwMjM0WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZq3sA+mjFadII\n" +"EMDHfj1fYh+UOUSa8c814E9NfCdYZ9Z11BmPpBeR5mXV12j1DKjkTlqTUL7s4lVR\n" +"RKfyAdCpQIfeXHDeTYYUq2uBnbi5YMG5Y+WbCiYacgRU3IypYrSzaeh1mY7GiEFe\n" +"U/NaImHLCf+TdAvTJ3Fo0QPe5QN2Lrv6l//cqOv7enZ91KRWxClDMM6EAr+C/7dk\n" +"rOTXRrCuH/e/KVBXEJ/YeSYPmBIwolGktRrGdsVagdqYArr4dhJ7VThIVRUX1Ijl\n" +"THCLstI/LuD8WkDccU3ZSdm47f2U43p/+rSO0MiNOXiaskeK56G/9DbJEeETUbzm\n" +"/B2712MVAgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQU8MUzmkotjSmVa5r1ejMkMQ6BiZYwHwYDVR0jBBgwFoAUwRHw\n" +"bXyPosKNNkBiZduEwL5ZCwswDQYJKoZIhvcNAQELBQADggEBACKxBPj9u1t52uIF\n" +"eQ2JPb8/u+MBttvSLo0qPKXwpc4q8hNclh66dpqGWiF0iSumsKyKU54r6CIF9Ikm\n" +"t1V1GR9Ll4iTnz3NdIt1w3ns8rSlU5O/dgKysK/1C/5xJWEUYtEO5mnyi4Zaf8FB\n" +"hKmQ1aWF5dTB81PVAQxyCiFEnH7YumK7pJeIpnCOPIqLZLUHfrTUeL8zONF4i5Sb\n" +"7taZ8SQ6b7IaioU+NJ50uT2wy34lsyvCWf76Azezv9bggkdNDo/7ktMgsfRrSyM8\n" +"+MVob5ePGTjKx5yMy/sy2vUkkefwW3RiEss/y2JRb8Hw7nDlA9ttilYKFwGFwRvw\n" +"KRsXqo8=\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = +"-----BEGIN RSA PRIVATE KEY-----\n" +"MIIEpAIBAAKCAQEA1374LDFlxzX94lGhKGUjc7WWa+vlHQZKFIW3ViQ0fhsEfhh3\n" +"52GmB7Lqm2zRJf0BSPvCXrYdEphu0zQfm/wJRxaAZvE8Abex/jJ+gECHaPO9lbNu\n" +"tlJB4G2TenREHkQoIl5pbDlXvjFaX+/V4t9jGM9RWf7nkura/LCA4RAk4SGZKtnr\n" +"pVYwFfOjds0O9jJdZPKz8OEnSuThYXFzXV6+grAKJfDJojkSgxdIgGccLRVXNNJw\n" +"RqkAua8KzdwPHMx+U7L8r63FtJsFdlzlb2TOZBTNU/19IxekUB4hhhQWCuLOiWcU\n" +"kjoSTBWGIZKDxCrLlWXZgSdsk03Rrph2XxvSwwIDAQABAoIBAB7trDS7ij4DM8MN\n" +"sDGaAnKS91nZ63I0+uDjKCMG4znOKuDmJh9hVnD4bs+L2KC5JTwSVh09ygJnOlC5\n" +"xGegzrwTMK6VpOUiNjujh6BkooqfoPAhZpxoReguEeKbWUN2yMPWBQ9xU3SKpMvs\n" +"IiiDozdmWeiuuxHM/00REA49QO3Gnx2logeB+fcvXXD1UiZV3x0xxSApiJt1sr2r\n" +"NmqSyGdNUgpmnTP8zbKnDaRe5Wj4tj1TCTLE/HZ0tzdRuwlkIqvcpGg1LMtKm5N8\n" +"xIWjTGMFwGjG+OF8LGqHLH+28pI3iMB6QqO2YLwOp+WZKImKP3+Dp3s8lCw8t8cm\n" +"q5/Qc9ECgYEA2xwxm+pFkrFmZNLCakP/6S5AZqpfSBRUlF/uX2pBKO7o6I6aOV9o\n" +"zq2QWYIZfdyD+9MvAFUQ36sWfTVWpGA34WGtsGtcRRygKKTigpJHvBldaPxiuYuk\n" +"xbS54nWUdix/JzyQAy22xJXlp4XJvtFJjHhA2td0XA7tfng9n8jmvEUCgYEA+8cA\n" +"uFIQFbaZ2y6pnOvlVj8OH0f1hZa9M+3q01fWy1rnDAsLrIzJy8TZnBtpDwy9lAun\n" +"Sa6wzu6qeHmF17xwk5U7BCyK2Qj/9KhRLg1mnDebQ/CiLSAaJVnrYFp9Du96fTkN\n" +"ollvbFiGF92QwPTDf2f1gHZQEPwa+f/ox37ad2cCgYEAwMgXpfUD7cOEMeV2BQV7\n" +"XnDBXRM97i9lE38sPmtAlYFPD36Yly4pCt+PCBH9181zmtf+nK47wG/Jw7RwXQQD\n" +"ZpwItBZiArTi/Z/FY9jMoOU4WKznOBVzjjgq7ONDEo6n+Z/BnepUyraQb0q5bNi7\n" +"e4o6ldHHoU/JCeNFZRbgXHkCgYA6vJU9at+XwS6phHxLQHkTIsivoYD0tlLTX4it\n" +"30sby8wk8hq6GWomYHkHwxlCSo2bkRBozxkuXV1ll6wSxUJaG7FV6vJFaaUUtYOi\n" +"w7uRbCOLuQKMlnWjCxQvOUz9g/7GYd39ZvHoi8pUnPrdGPzWpzEN1AwfukCs2/e5\n" +"Oq3KtwKBgQCkHmDU8h0kOfN28f8ZiyjJemQMNoOGiJqnGexaKvsRd+bt4H+7DsWQ\n" +"OnyKm/oR0wCCSmFM5aQc6GgzPD7orueKVYHChbY7HLTWKRHNs6Rlk+6hXJvOld0i\n" +"Cl7KqL2x2ibGMtt4LtSntdzWqa87N7vCWMSTmvd8uLgflBs33xUIiQ==\n" +"-----END RSA PRIVATE KEY-----\n"; + +static unsigned char cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" + "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" + "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" + "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" + "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" + "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" + "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" + "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" + "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" + "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t cli_cert = { cert_pem, sizeof(cert_pem) - 1}; + +static unsigned char key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; +const gnutls_datum_t cli_key = { key_pem, sizeof(key_pem) - 1}; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static +void start(const char *prio) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + gnutls_x509_crt_t *crts; + unsigned int crts_size; + unsigned i; + gnutls_x509_privkey_t pkey; + + success("trying %s\n", prio); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &server_cert, GNUTLS_X509_FMT_PEM, + GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_privkey_import(pkey, &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key(serverx509cred, crts, crts_size, pkey); + gnutls_x509_privkey_deinit(pkey); + for (i=0;i= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + /* Init client */ + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_key_mem(clientx509cred, + &cli_cert, &cli_key, + GNUTLS_X509_FMT_PEM); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_priority_set_direct(client, prio, NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + /* check gnutls_certificate_get_ours() - server side */ + { + const gnutls_datum_t *mcert; + gnutls_datum_t scert; + gnutls_x509_crt_t crt; + + mcert = gnutls_certificate_get_ours(server); + if (mcert == NULL) { + fail("gnutls_certificate_get_ours(): failed\n"); + exit(1); + } + + gnutls_x509_crt_init(&crt); + ret = gnutls_x509_crt_import(crt, &server_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &scert); + if (ret < 0) { + fail("gnutls_x509_crt_export2: %s\n", gnutls_strerror(ret)); + exit(1); + } + assert(ret == 0); + gnutls_x509_crt_deinit(crt); + + if (scert.size != mcert->size || memcmp(scert.data, mcert->data, mcert->size) != 0) { + fail("gnutls_certificate_get_ours output doesn't match cert\n"); + exit(1); + } + gnutls_free(scert.data); + + assert(gnutls_certificate_type_get(server)==GNUTLS_CRT_X509); + } + + /* check gnutls_certificate_get_ours() - client side */ + { + const gnutls_datum_t *mcert; + gnutls_datum_t ccert; + gnutls_x509_crt_t crt; + + mcert = gnutls_certificate_get_ours(client); + if (mcert == NULL) { + fail("gnutls_certificate_get_ours(): failed\n"); + exit(1); + } + + gnutls_x509_crt_init(&crt); + ret = gnutls_x509_crt_import(crt, &cli_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &ccert); + if (ret < 0) { + fail("gnutls_x509_crt_export2: %s\n", gnutls_strerror(ret)); + exit(1); + } + assert(ret == 0); + gnutls_x509_crt_deinit(crt); + + if (ccert.size != mcert->size || memcmp(ccert.data, mcert->data, mcert->size) != 0) { + fail("gnutls_certificate_get_ours output doesn't match cert\n"); + exit(1); + } + gnutls_free(ccert.data); + + assert(gnutls_certificate_type_get(client)==GNUTLS_CRT_X509); + } + + /* check the number of certificates received */ + { + unsigned cert_list_size = 0; + gnutls_typed_vdata_st data[2]; + unsigned status; + + memset(data, 0, sizeof(data)); + + /* check with wrong hostname */ + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)"localhost1"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + gnutls_certificate_get_peers(client, &cert_list_size); + if (cert_list_size < 2) { + fprintf(stderr, "received a certificate list of %d!\n", cert_list_size); + exit(1); + } + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fprintf(stderr, "should not have accepted!\n"); + exit(1); + } + + /* check with wrong purpose */ + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)"localhost"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_CLIENT; + + gnutls_certificate_get_peers(client, &cert_list_size); + if (cert_list_size < 2) { + fprintf(stderr, "received a certificate list of %d!\n", cert_list_size); + exit(1); + } + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fprintf(stderr, "should not have accepted!\n"); + exit(1); + } + + /* check with correct purpose */ + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)"localhost"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + fprintf(stderr, "could not verify certificate: %.4x\n", status); + exit(1); + } + + status = gnutls_ocsp_status_request_is_checked(client, 0); + if (status != 0) { + fprintf(stderr, "gnutls_ocsp_status_request_is_checked: unexpected value (%u)\n", status); + exit(1); + } + + status = gnutls_ocsp_status_request_is_checked(client, GNUTLS_OCSP_SR_IS_AVAIL); + if (status != 0) { + fprintf(stderr, "gnutls_ocsp_status_request_is_checked: unexpected value (%u)\n", status); + exit(1); + } + + status = gnutls_ocsp_status_request_is_checked(server, 0); + if (status != 0) { + fprintf(stderr, "gnutls_ocsp_status_request_is_checked: unexpected value (%u)\n", status); + exit(1); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} diff --git a/tests/mini-x509-callbacks-intr.c b/tests/mini-x509-callbacks-intr.c new file mode 100644 index 0000000..02b7ec8 --- /dev/null +++ b/tests/mini-x509-callbacks-intr.c @@ -0,0 +1,206 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +/* Tests whether the verify callbacks are operational. + * In addition gnutls_handshake_get_last_in() and gnutls_handshake_get_last_out() + * are tested. + */ + +const char *side; +static int client_ok = 0, server_ok = 0; +static int pch_ok = 0; + +static int client_callback(gnutls_session_t session) +{ + client_ok = 1; + return 0; +} + +static int post_client_hello_callback(gnutls_session_t session) +{ + pch_ok = 1; + return GNUTLS_E_AGAIN; +} + +static int server_callback(gnutls_session_t session) +{ + server_ok = 1; + + if (gnutls_protocol_get_version(session) == GNUTLS_TLS1_2) { + if (gnutls_handshake_get_last_in(session) != + GNUTLS_HANDSHAKE_CERTIFICATE_PKT) { + fail("client's last input message was unexpected\n"); + exit(1); + } + + if (gnutls_handshake_get_last_out(session) != + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) { + fail("client's last output message was unexpected\n"); + exit(1); + } + } + + return 0; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static +void start(const char *prio) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + success("trying %s\n", prio); + client_ok = 0; + server_ok = 0; + pch_ok = 0; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, "NORMAL", NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_certificate_set_verify_function(serverx509cred, + server_callback); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + gnutls_handshake_set_post_client_hello_function(server, + post_client_hello_callback); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, "NORMAL", NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + gnutls_certificate_set_verify_function(clientx509cred, + client_callback); + + HANDSHAKE(client, server); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + if (pch_ok == 0) + fail("Post client hello callback wasn't called\n"); + + if (server_ok == 0) + fail("Server certificate verify callback wasn't called\n"); + + if (client_ok == 0) + fail("Client certificate verify callback wasn't called\n"); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} diff --git a/tests/mini-x509-callbacks.c b/tests/mini-x509-callbacks.c new file mode 100644 index 0000000..4380e1f --- /dev/null +++ b/tests/mini-x509-callbacks.c @@ -0,0 +1,302 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +/* Tests whether the verify callbacks are operational. + * In addition gnutls_handshake_get_last_in() and gnutls_handshake_get_last_out() + * are tested. + */ + +const char *side; +static int client_ok = 0, server_ok = 0; +static int pch_ok = 0; + +static int client_callback(gnutls_session_t session) +{ + client_ok = 1; + return 0; +} + +static void verify_alpn(gnutls_session_t session) +{ + int ret; + gnutls_datum_t selected; + char str[64]; + + snprintf(str, sizeof(str), "myproto"); + + ret = gnutls_alpn_get_selected_protocol(session, &selected); + if (ret < 0) { + fail("gnutls_alpn_get_selected_protocol: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (strlen(str) != selected.size || memcmp(str, selected.data, selected.size) != 0) { + fail("expected protocol %s, got %.*s\n", str, selected.size, selected.data); + exit(1); + } + + if (debug) + success("ALPN got: %s\n", str); +} + +static int post_client_hello_callback(gnutls_session_t session) +{ + /* verify that the post-client-hello callback has access to ALPN data */ + verify_alpn(session); + pch_ok = 1; + return 0; +} + +unsigned int msg_order[] = { + GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HANDSHAKE_SERVER_HELLO, + GNUTLS_HANDSHAKE_CERTIFICATE_PKT, + GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, + GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, + GNUTLS_HANDSHAKE_CERTIFICATE_PKT, + GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, + GNUTLS_HANDSHAKE_FINISHED, + GNUTLS_HANDSHAKE_FINISHED, +}; + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *rawmsg) +{ + static unsigned idx = 0; + unsigned int msg; + + if (msg_order[idx] != htype) { + fail("%s: %s, expected %s\n", + incoming != 0 ? "Received" : "Sent", + gnutls_handshake_description_get_name(htype), + gnutls_handshake_description_get_name(msg_order + [idx])); + exit(1); + } + idx++; + + if (incoming != 0) { + msg = gnutls_handshake_get_last_in(session); + if (msg != htype) { + fail("last input message was not recorded (exp: %d, found: %d) \n", msg, htype); + exit(1); + } + } else { + msg = gnutls_handshake_get_last_out(session); + if (msg != htype) { + fail("last output message was not recorded (exp: %d, found: %d) \n", msg, htype); + exit(1); + } + } + + return 0; +} + +static int server_callback(gnutls_session_t session) +{ + server_ok = 1; + + if (gnutls_protocol_get_version(session) == GNUTLS_TLS1_2) { + if (gnutls_handshake_get_last_in(session) != + GNUTLS_HANDSHAKE_CERTIFICATE_PKT) { + fail("client's last input message was unexpected\n"); + exit(1); + } + + if (gnutls_handshake_get_last_out(session) != + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) { + fail("client's last output message was unexpected\n"); + exit(1); + } + } + + return 0; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static void append_alpn(gnutls_session_t session) +{ + gnutls_datum_t protocol; + int ret; + char str[64]; + + snprintf(str, sizeof(str), "myproto"); + + protocol.data = (void*)str; + protocol.size = strlen(str); + + ret = gnutls_alpn_set_protocols(session, &protocol, 1, 0); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } +} + +static +void start(const char *prio, unsigned check_order) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + success("trying %s\n", prio); + + client_ok = 0; + server_ok = 0; + pch_ok = 0; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, prio, NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_certificate_set_verify_function(serverx509cred, + server_callback); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + gnutls_handshake_set_post_client_hello_function(server, + post_client_hello_callback); + if (check_order) + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_POST, + handshake_callback); + append_alpn(server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, prio, NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + gnutls_certificate_set_verify_function(clientx509cred, + client_callback); + append_alpn(client); + + HANDSHAKE(client, server); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + if (pch_ok == 0) + fail("Post client hello callback wasn't called\n"); + + if (server_ok == 0) + fail("Server certificate verify callback wasn't called\n"); + + if (client_ok == 0) + fail("Client certificate verify callback wasn't called\n"); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2", 1); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3", 0); + start("NORMAL", 0); +} diff --git a/tests/mini-x509-cas.c b/tests/mini-x509-cas.c new file mode 100644 index 0000000..818d98e --- /dev/null +++ b/tests/mini-x509-cas.c @@ -0,0 +1,126 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* Tests whether a very long CA list, that spans over multiple records + * is tolerated */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static +void start(const char *prio) +{ + const char *ca_file; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN, ret; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + success("trying %s\n", prio); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + ca_file = getenv("CAFILE"); + if (ca_file == NULL) { + ca_file = "certs/ca-certs.pem"; + } + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + ret = + gnutls_certificate_set_x509_trust_file(serverx509cred, ca_file, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "%s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + assert(gnutls_priority_set_direct(client, prio, NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} diff --git a/tests/mini-x509-ipaddr.c b/tests/mini-x509-ipaddr.c new file mode 100644 index 0000000..81ce052 --- /dev/null +++ b/tests/mini-x509-ipaddr.c @@ -0,0 +1,269 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1490171562; + + if (t) + *t = then; + + return then; +} + +/* A unit test for GNUTLS_DT_IP_ADDRESS option of + * gnutls_certificate_verify_peers(). + */ + +void doit(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + gnutls_typed_vdata_st data[2]; + gnutls_datum_t t; + unsigned status; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_global_set_time_function(mytime); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + ret = gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_ca3_ipaddr_cert, &server_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("could not import cert: %s\n", gnutls_strerror(ret)); + } + + assert(gnutls_init(&server, GNUTLS_SERVER)>=0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert(gnutls_set_default_priority(server)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + assert(gnutls_set_default_priority(client) >= 0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + /* attempt to verify */ + { + + /* try hostname - which is invalid */ + memset(data, 0, sizeof(data)); + + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)"localhost1"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fail("should not have accepted!\n"); + exit(1); + } + + /* try bogus IP */ + memset(data, 0, sizeof(data)); + + data[0].type = GNUTLS_DT_IP_ADDRESS; + data[0].data = (void*)"\x01\x00\x01\x02"; + data[0].size = 4; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fail("should not have accepted!\n"); + exit(1); + } + + /* try correct IP */ + memset(data, 0, sizeof(data)); + + data[0].type = GNUTLS_DT_IP_ADDRESS; + data[0].data = (void*)"\x7f\x00\x00\x01"; + data[0].size = 4; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + assert(gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, &t, 0)>=0); + fail("could not verify: %s/%.4x!\n", t.data, status); + } + + /* try the other verification functions */ + ret = gnutls_certificate_verify_peers3(client, "127.0.0.1", &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + assert(gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, &t, 0)>=0); + fail("could not verify: %s/%.4x!\n", t.data, status); + } + } + + { + /* change the flags */ + gnutls_certificate_set_verify_flags(clientx509cred, GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES); + + /* now the compatibility option should fail */ + ret = gnutls_certificate_verify_peers3(client, "127.0.0.1", &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fail("should not have accepted!\n"); + exit(1); + } + + memset(data, 0, sizeof(data)); + + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)"127.0.0.1"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fail("should not have accepted!\n"); + exit(1); + } + + /* try again the right one */ + memset(data, 0, sizeof(data)); + + data[0].type = GNUTLS_DT_IP_ADDRESS; + data[0].data = (void*)"\x7f\x00\x00\x01"; + data[0].size = 4; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + assert(gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, &t, 0)>=0); + fail("could not verify: %s/%.4x!\n", t.data, status); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} diff --git a/tests/mini-x509.c b/tests/mini-x509.c new file mode 100644 index 0000000..a4fb56e --- /dev/null +++ b/tests/mini-x509.c @@ -0,0 +1,268 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" +#include + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1461671166; + + if (t) + *t = then; + + return then; +} + +static +void start(const char *prio, unsigned expect_max) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + success("trying %s\n", prio); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_global_set_time_function(mytime); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_priority_set_direct(client, prio, NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + assert((gnutls_session_get_flags(server) & GNUTLS_SFLAGS_CLI_REQUESTED_OCSP) != 0); + assert((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_CLI_REQUESTED_OCSP) != 0); + + /* check gnutls_certificate_get_ours() - client side */ + { + const gnutls_datum_t *mcert; + + mcert = gnutls_certificate_get_ours(client); + if (mcert != NULL) { + fail("gnutls_certificate_get_ours(): failed\n"); + exit(1); + } + } + + assert(gnutls_certificate_type_get(server)==GNUTLS_CRT_X509); + assert(gnutls_certificate_type_get(client)==GNUTLS_CRT_X509); + + /* check the number of certificates received and verify */ + { + unsigned cert_list_size = 0; + gnutls_typed_vdata_st data[2]; + unsigned status; + + memset(data, 0, sizeof(data)); + + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)"localhost1"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + gnutls_certificate_get_peers(client, &cert_list_size); + if (cert_list_size < 2) { + fail("received a certificate list of %d!\n", cert_list_size); + exit(1); + } + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fail("should not have accepted!\n"); + exit(1); + } + + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)"localhost"; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + fail("could not verify certificate: %.4x\n", status); + exit(1); + } + + /* check gnutls_certificate_verify_peers3 */ + ret = gnutls_certificate_verify_peers3(client, "localhost1", &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fail("should not have accepted!\n"); + exit(1); + } + + ret = gnutls_certificate_verify_peers3(client, "localhost", &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + fail("could not verify certificate: %.4x\n", status); + exit(1); + } + + /* check gnutls_certificate_verify_peers2 */ + ret = gnutls_certificate_verify_peers2(client, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + fail("could not verify certificate: %.4x\n", status); + exit(1); + } + } + + { + /* check the expiration and activation time legacy functions */ + time_t t; + + t = gnutls_certificate_activation_time_peers(client); + if (t != 1396641545) { + fail("unexpected activation time: %lu\n", (long unsigned)t); + } + + if (sizeof(time_t) >= 8) { + t = gnutls_certificate_expiration_time_peers(client); + if (t != (time_t)253402300799UL) { + fail("unexpected expiration time: %lu\n", (long unsigned)t); + } + } + } + + if (expect_max) { + if (gnutls_protocol_get_version(client) != GNUTLS_TLS_VERSION_MAX) { + fail("The negotiated TLS protocol is not the maximum supported\n"); + } + } + + if (gnutls_protocol_get_version(client) == GNUTLS_TLS1_2) { + ret = gnutls_session_ext_master_secret_status(client); + if (ret != 1) { + fail("Extended master secret wasn't negotiated by default (client ret: %d)\n", ret); + } + + ret = gnutls_session_ext_master_secret_status(server); + if (ret != 1) { + fail("Extended master secret wasn't negotiated by default (server ret: %d)\n", ret); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2", 0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3", 0); + start("NORMAL", 1); +} diff --git a/tests/missingissuer.c b/tests/missingissuer.c new file mode 100644 index 0000000..226d095 --- /dev/null +++ b/tests/missingissuer.c @@ -0,0 +1,272 @@ +/* + * Copyright (C) 2008-2014 Free Software Foundation, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" +#include "test-chains-issuer.h" + +#define DEFAULT_THEN 1605514504 +static time_t then = DEFAULT_THEN; + +/* GnuTLS internally calls time() to find out the current time when + verifying certificates. To avoid a time bomb, we hard code the + current time. This should work fine on systems where the library + call to time is resolved at run-time. */ +static time_t mytime(time_t * t) +{ + if (t) + *t = then; + + return then; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +struct getissuer_data { + const char **insert; + unsigned int count; +}; + +static int getissuer_callback(gnutls_x509_trust_list_t tlist, + const gnutls_x509_crt_t crt, + gnutls_x509_crt_t **issuers, + unsigned int *issuers_size) +{ + gnutls_datum_t tmp; + int ret; + unsigned int i; + struct getissuer_data *data; + + data = gnutls_x509_trust_list_get_ptr(tlist); + + tmp.data = (unsigned char *)data->insert[data->count]; + if (!tmp.data) { + fprintf(stderr, "getissuer_callback is called more times than expected\n"); + return -1; + } + + tmp.size = strlen(data->insert[data->count]); + + data->count++; + + ret = gnutls_x509_crt_list_import2(issuers, issuers_size, &tmp, + GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + return -1; + } + + assert(gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &tmp) >= 0); + + if (debug) + printf("\t Certificate missing issuer is: %.*s\n", + tmp.size, tmp.data); + gnutls_free(tmp.data); + + for (i = 0; i < *issuers_size; i++) { + assert(gnutls_x509_crt_print((*issuers)[i], GNUTLS_CRT_PRINT_ONELINE, &tmp) >= 0); + + if (debug) + printf("\t Appended issuer certificate is: %.*s\n", + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + return 0; +} + +void doit(void) +{ + int exit_val = 0; + int ret; + gnutls_x509_trust_list_t tl; + unsigned int verify_status; + gnutls_x509_crt_t certs[MAX_CHAIN]; + gnutls_x509_crt_t ca; + gnutls_datum_t tmp; + size_t i, j; + + /* The overloading of time() seems to work in linux (ELF?) + * systems only. Disable it on windows. + */ +#ifdef _WIN32 + exit(77); +#endif + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + + if (debug) + gnutls_global_set_log_level(4711); + + for (i = 0; chains[i].chain; i++) { + struct getissuer_data data; + + printf("[%d]: Chain '%s'...\n", (int)i, chains[i].name); + + for (j = 0; chains[i].chain[j]; j++) { + assert(j < MAX_CHAIN); + + if (debug > 2) + printf("\tAdding certificate %d...", (int)j); + + ret = gnutls_x509_crt_init(&certs[j]); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init[%d]: %s\n", + (int)j, gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *)chains[i].chain[j]; + tmp.size = strlen(chains[i].chain[j]); + + ret = + gnutls_x509_crt_import(certs[j], &tmp, + GNUTLS_X509_FMT_PEM); + if (debug > 2) + printf("done\n"); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import[%d]: %s\n", + (int)j, + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_print(certs[j], + GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf("\tCertificate %d: %.*s\n", (int)j, + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + if (debug > 2) + printf("\tAdding CA certificate..."); + + ret = gnutls_x509_crt_init(&ca); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *)*chains[i].ca; + tmp.size = strlen(*chains[i].ca); + + ret = gnutls_x509_crt_import(ca, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (debug > 2) + printf("done\n"); + + gnutls_x509_crt_print(ca, GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf("\tCA Certificate: %.*s\n", tmp.size, tmp.data); + gnutls_free(tmp.data); + + if (debug) + printf("\tVerifying..."); + + gnutls_x509_trust_list_init(&tl, 0); + + ret = gnutls_x509_trust_list_add_cas(tl, &ca, 1, 0); + if (ret != 1) { + fail("gnutls_x509_trust_list_add_trust_mem\n"); + exit(1); + } + + data.count = 0; + data.insert = chains[i].insert; + + gnutls_x509_trust_list_set_ptr(tl, &data); + gnutls_x509_trust_list_set_getissuer_function(tl, getissuer_callback); + + ret = gnutls_x509_trust_list_verify_crt(tl, certs, j, + chains[i].verify_flags, + &verify_status, + NULL); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_trust_list_verify_crt: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (verify_status != chains[i].expected_verify_result) { + gnutls_datum_t out1, out2; + gnutls_certificate_verification_status_print + (verify_status, GNUTLS_CRT_X509, &out1, 0); + gnutls_certificate_verification_status_print + (chains[i].expected_verify_result, + GNUTLS_CRT_X509, &out2, 0); + fail("chain[%s]:\nverify_status: %d: %s\nexpected: %d: %s\n", chains[i].name, verify_status, out1.data, chains[i].expected_verify_result, out2.data); + gnutls_free(out1.data); + gnutls_free(out2.data); + + } else if (debug) + printf("done\n"); + + if (debug) + printf("\tCleanup..."); + + gnutls_x509_trust_list_deinit(tl, 0); + gnutls_x509_crt_deinit(ca); + for (j = 0; chains[i].chain[j]; j++) + gnutls_x509_crt_deinit(certs[j]); + + if (debug) + printf("done\n\n\n"); + } + + gnutls_global_deinit(); + + if (debug) + printf("Exit status...%d\n", exit_val); + + exit(exit_val); +} diff --git a/tests/missingissuer_aia.c b/tests/missingissuer_aia.c new file mode 100644 index 0000000..1e68305 --- /dev/null +++ b/tests/missingissuer_aia.c @@ -0,0 +1,249 @@ +/* + * Copyright (C) 2008-2014 Free Software Foundation, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" +#include "test-chains-issuer-aia.h" + +#define DEFAULT_THEN 1605443778 +static time_t then = DEFAULT_THEN; + +/* GnuTLS internally calls time() to find out the current time when + verifying certificates. To avoid a time bomb, we hard code the + current time. This should work fine on systems where the library + call to time is resolved at run-time. */ +static time_t mytime(time_t * t) +{ + if (t) + *t = then; + + return then; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static int getissuer_callback(gnutls_x509_trust_list_t tlist, + const gnutls_x509_crt_t crt, + gnutls_x509_crt_t **issuers, + unsigned int *issuers_size) +{ + int ret; + gnutls_datum_t aia; + gnutls_datum_t tmp; + unsigned int i; + + assert(gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &tmp) >= 0); + + if (debug) + printf("\t Certificate missing issuer is: %.*s\n", + tmp.size, tmp.data); + gnutls_free(tmp.data); + + ret = gnutls_x509_crt_get_authority_info_access(crt, 1, + GNUTLS_IA_CAISSUERS_URI, &aia, NULL); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + return -1; + } + + if (debug) + printf("\t AIA URI from the cert is: %s\n", aia.data); + gnutls_free(aia.data); + + /* Download the cert from the above URI and append it to issuer */ + + tmp.data = (unsigned char *)missing_cert_aia_insert; + tmp.size = strlen(missing_cert_aia_insert); + + ret = gnutls_x509_crt_list_import2(issuers, issuers_size, &tmp, + GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + return -1; + } + + for (i = 0; i < *issuers_size; i++) { + assert(gnutls_x509_crt_print(*issuers[i], GNUTLS_CRT_PRINT_ONELINE, &tmp) >= 0); + + if (debug) + printf("\t Appended missing certificate is: %.*s\n", + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + return 0; +} + +void doit(void) +{ + int exit_val = 0; + int ret; + gnutls_x509_trust_list_t tl; + unsigned int verify_status; + gnutls_x509_crt_t certs[MAX_CHAIN]; + gnutls_x509_crt_t ca; + gnutls_datum_t tmp; + size_t j; + + /* The overloading of time() seems to work in linux (ELF?) + * systems only. Disable it on windows. + */ +#ifdef _WIN32 + exit(77); +#endif + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + } + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + + if (debug) + gnutls_global_set_log_level(4711); + + for (j = 0; j < MAX_CHAIN; j++) { + if (debug > 2) + printf("\tAdding certificate %d...", (int)j); + + ret = gnutls_x509_crt_init(&certs[j]); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init[%d]: %s\n", + (int)j, gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *)missing_cert_aia[j]; + tmp.size = strlen(missing_cert_aia[j]); + + ret = + gnutls_x509_crt_import(certs[j], &tmp, + GNUTLS_X509_FMT_PEM); + if (debug > 2) + printf("done\n"); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import[%d]: %s\n", + (int)j, + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_print(certs[j], + GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf("\tCertificate %d: %.*s\n", (int)j, + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + if (debug > 2) + printf("\tAdding CA certificate..."); + + ret = gnutls_x509_crt_init(&ca); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *)missing_cert_aia_ca[0]; + tmp.size = strlen(missing_cert_aia_ca[0]); + + ret = gnutls_x509_crt_import(ca, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (debug > 2) + printf("done\n"); + + gnutls_x509_crt_print(ca, GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf("\tCA Certificate: %.*s\n", tmp.size, tmp.data); + gnutls_free(tmp.data); + + if (debug) + printf("\tVerifying..."); + + gnutls_x509_trust_list_init(&tl, 0); + + ret = gnutls_x509_trust_list_add_cas(tl, &ca, 1, 0); + if (ret != 1) { + fail("gnutls_x509_trust_list_add_trust_mem\n"); + } + + gnutls_x509_trust_list_set_getissuer_function(tl, getissuer_callback); + + ret = gnutls_x509_trust_list_verify_crt(tl, certs, MAX_CHAIN, + 0, + &verify_status, + NULL); + if (ret < 0) { + fail("gnutls_x509_crt_list_verify: %s\n", gnutls_strerror(ret)); + } + if (verify_status) { + gnutls_datum_t out; + + gnutls_certificate_verification_status_print + (verify_status, GNUTLS_CRT_X509, &out, 0); + fail("verification failed: %s\n", out.data); + gnutls_free(out.data); + } + + if (debug) + printf("\tCleanup..."); + + gnutls_x509_trust_list_deinit(tl, 1); + + for (j = 0; j < MAX_CHAIN; j++) + gnutls_x509_crt_deinit(certs[j]); + + if (debug) + printf("done\n\n\n"); + + gnutls_global_deinit(); + + if (debug) + printf("Exit status...%d\n", exit_val); + + exit(exit_val); +} diff --git a/tests/mpi.c b/tests/mpi.c new file mode 100644 index 0000000..65a0dd0 --- /dev/null +++ b/tests/mpi.c @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2007-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos, Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#include "../lib/gnutls_int.h" +#include "../lib/mpi.h" +#include "../lib/errors.h" +#include "../lib/debug.h" + +/* utils.h must be loaded after gnutls_int.h, as it redefines some + * macros from gnulib */ +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + bigint_t n1, n2, n3, n4; + int ret; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(99); + + ret = _gnutls_mpi_init_multi(&n1, &n2, &n3, &n4, NULL); + if (ret < 0) + fail("mpi_new failed\n"); + + ret = _gnutls_mpi_set_ui(n2, 2); + if (ret < 0) + fail("mpi_set_ui failed\n"); + + ret = _gnutls_mpi_set_ui(n3, 5); + if (ret < 0) + fail("mpi_set_ui failed\n"); + + ret = _gnutls_mpi_set_ui(n1, 12498924); + if (ret < 0) + fail("mpi_set_ui failed\n"); + + ret = _gnutls_mpi_addm(n4, n1, n3, n2); + if (ret < 0) + fail("mpi_set_ui failed\n"); + + if (_gnutls_mpi_cmp_ui(n4, 0) != 0 + && _gnutls_mpi_cmp_ui(n4, 1) != 0) + fail("mpi_cmp_ui failed\n"); + + _gnutls_mpi_release(&n1); + _gnutls_mpi_release(&n2); + _gnutls_mpi_release(&n3); + _gnutls_mpi_release(&n4); + + gnutls_global_deinit(); + + if (debug) + success("mpi ops ok\n"); +} diff --git a/tests/multi-alerts.c b/tests/multi-alerts.c new file mode 100644 index 0000000..84a412c --- /dev/null +++ b/tests/multi-alerts.c @@ -0,0 +1,227 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +/* In this test we check whether the server will bail out after receiving + * a bunch of warning alerts. That is to avoid DoS due to the asymmetry of + * cost of sending an alert vs the cost of receiving. + */ + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +pid_t child; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, + str); +} + +static unsigned char tls_hello[] = + "\x16\x03\x01\x01\x38\x01\x00\x01" + "\x34\x03\x03\xfc\x77\xa8\xc7\x46" + "\xf7\xfd\x04\x5b\x3c\xc6\xfa\xa4" + "\xea\x3e\xfa\x76\x99\xfe\x1a\x2e" + "\xe0\x79\x17\xb2\x27\x06\xc4\x5c" + "\xd8\x78\x31\x00\x00\xb6\xc0\x30" + "\xc0\x2c\xc0\x28\xc0\x24\xc0\x14" + "\xc0\x0a\x00\xa5\x00\xa3\x00\xa1" + "\x00\x9f\x00\x6b\x00\x6a\x00\x69" + "\x00\x68\x00\x39\x00\x38\x00\x37" + "\x00\x36\x00\x88\x00\x87\x00\x86" + "\x00\x85\xc0\x32\xc0\x2e\xc0\x2a" + "\xc0\x26\xc0\x0f\xc0\x05\x00\x9d" + "\x00\x3d\x00\x35\x00\x84\xc0\x2f" + "\xc0\x2b\xc0\x27\xc0\x23\xc0\x13" + "\xc0\x09\x00\xa4\x00\xa2\x00\xa0" + "\x00\x9e\x00\x67\x00\x40\x00\x3f" + "\x00\x3e\x00\x33\x00\x32\x00\x31" + "\x00\x30\x00\x9a\x00\x99\x00\x98" + "\x00\x97\x00\x45\x00\x44\x00\x43" + "\x00\x42\xc0\x31\xc0\x2d\xc0\x29" + "\xc0\x25\xc0\x0e\xc0\x04\x00\x9c" + "\x00\x3c\x00\x2f\x00\x96\x00\x41" + "\x00\x07\xc0\x11\xc0\x07\xc0\x0c" + "\xc0\x02\x00\x05\x00\x04\xc0\x12" + "\xc0\x08\x00\x16\x00\x13\x00\x10" + "\x00\x0d\xc0\x0d\xc0\x03\x00\x0a" + "\x00\x15\x00\x12\x00\x0f\x00\x0c" + "\x00\x09\x00\xff\x01\x00\x00\x55" + "\x00\x0b\x00\x04\x03\x00\x01\x02" + "\x00\x0a\x00\x1c\x00\x1a\x00\x17" + "\x00\x19\x00\x1c\x00\x1b\x00\x18" + "\x00\x1a\x00\x16\x00\x0e\x00\x0d" + "\x00\x0b\x00\x0c\x00\x09\x00\x0a" + "\x00\x23\x00\x00\x00\x0d\x00\x20" + "\x00\x1e\x06\x01\x06\x02\x06\x03" + "\x05\x01\x05\x02\x05\x03\x04\x01" + "\x04\x02\x04\x03\x03\x01\x03\x02" + "\x03\x03\x02\x01\x02\x02\x02\x03" + "\x00\x0f\x00\x01\x01"; + +static unsigned char tls_alert[] = + "\x15\x03\x03\x00\x02\x00\x0A"; + +static void client(int sd) +{ + char buf[1024]; + int ret; + unsigned i; + + /* send a TLS hello, and then a list of warning alerts */ + + ret = send(sd, tls_hello, sizeof(tls_hello)-1, 0); + if (ret < 0) + fail("error sending hello\n"); + + ret = recv(sd, buf, sizeof(buf), 0); + if (ret < 0) + fail("error receiving hello\n"); + + for (i=0;i<128;i++) { + ret = send(sd, tls_alert, sizeof(tls_alert)-1, 0); + if (ret < 0) + fail("error sending hello\n"); + } + + close(sd); +} + +static void server(int sd) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + int ret; + unsigned loops; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + + if (debug) + success("Launched, generating DH parameters...\n"); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, sd); + loops = 0; + do { + ret = gnutls_handshake(session); + loops++; + if (loops > 64) + fail("Too many loops in the handshake!\n"); + } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_WARNING_ALERT_RECEIVED); + + if (ret >= 0) { + fail("server: Handshake succeeded unexpectedly\n"); + } + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + + +void doit(void) +{ + int sockets[2]; + int err; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + + server(sockets[0]); + wait(&status); + check_wait_status(status); + } else { + client(sockets[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/naked-alerts.c b/tests/naked-alerts.c new file mode 100644 index 0000000..1ea0c40 --- /dev/null +++ b/tests/naked-alerts.c @@ -0,0 +1,175 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +/* In this test we check whether the server will bail out after receiving + * a bunch of warning alerts without a client hello. + */ + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +pid_t child; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, + str); +} + +static unsigned char tls_alert[] = + "\x15\x03\x03\x00\x02\x00\x0A"; + +static void client(int sd) +{ + int ret; + unsigned i; + + /* send a list of warning alerts */ + + for (i=0;i<128;i++) { + ret = send(sd, tls_alert, sizeof(tls_alert)-1, 0); + if (ret < 0) + fail("error sending hello\n"); + } + + close(sd); +} + +static void server(int sd) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + int ret; + unsigned loops; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + + if (debug) + success("Launched, generating DH parameters...\n"); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, sd); + loops = 0; + do { + ret = gnutls_handshake(session); + loops++; + if (loops > 64) + fail("Too many loops in the handshake!\n"); + } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_WARNING_ALERT_RECEIVED); + + if (ret != GNUTLS_E_UNEXPECTED_PACKET) { + fail("server: Handshake didn't fail with expected code (failed with %d)\n", ret); + } + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + + +void doit(void) +{ + int sockets[2]; + int err; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + + server(sockets[0]); + wait(&status); + check_wait_status(status); + } else { + client(sockets[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/name-constraints-ip.c b/tests/name-constraints-ip.c new file mode 100644 index 0000000..85ebf5a --- /dev/null +++ b/tests/name-constraints-ip.c @@ -0,0 +1,720 @@ +/* + * Copyright (C) 2016 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos, Martin Ukrop + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include +#include +#include "../lib/x509/ip.h" + +typedef struct test_vars_t { + gnutls_x509_name_constraints_t nc; + gnutls_x509_name_constraints_t nc2; + gnutls_datum_t ip; +} test_vars_t; + +/* just declaration: function is exported privately + from lib/x509/name_constraints.c (declared in lib/x509/x509_int.h) + but including the header breaks includes */ +extern int _gnutls_x509_name_constraints_merge( + gnutls_x509_name_constraints_t nc, + gnutls_x509_name_constraints_t nc2); + +static void check_for_error(int ret) { + if (ret != GNUTLS_E_SUCCESS) + fail_msg("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); +} + +#define IP_ACCEPTED 1 +#define IP_REJECTED 0 + +static void check_test_result(int ret, int expected_outcome, + gnutls_datum_t *tested_ip) { + if (expected_outcome == IP_ACCEPTED ? ret == 0 : ret != 0) { + char ip_out[48]; + _gnutls_ip_to_string(tested_ip->data, tested_ip->size, ip_out, sizeof(ip_out)); + if (expected_outcome == IP_ACCEPTED) { + fail_msg("Checking %.*s should have succeeded.\n", + (int) sizeof(ip_out), ip_out); + } else { + fail_msg("Checking %.*s should have failed.\n", + (int) sizeof(ip_out), ip_out); + } + } +} + +static void parse_cidr(const char* cidr, gnutls_datum_t *datum) { + if (datum->data != NULL) { + gnutls_free(datum->data); + } + int ret = gnutls_x509_cidr_to_rfc5280(cidr, datum); + check_for_error(ret); +} + +static void tls_log_func(int level, const char *str) { + fprintf(stderr, "<%d>| %s", level, str); +} + +static unsigned char cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix\n" + "RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1\n" + "dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p\n" + "YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw\n" + "NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK\n" + "EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl\n" + "cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl\n" + "c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB\n" + "BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz\n" + "dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ\n" + "fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns\n" + "bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD\n" + "75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP\n" + "FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV\n" + "HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp\n" + "5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu\n" + "b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA\n" + "A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p\n" + "6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8\n" + "TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7\n" + "dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys\n" + "Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI\n" + "l7WdmplNsDz4SgCbZN2fOUvRJ9e4\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) }; + +// CIDRs mostly use prefix for documentation purposes (RFC5737, RFC3849) + +static void check_generation_reading_basic_checking(void **glob_state) +{ + int ret; + gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; + gnutls_datum_t *ip = &(((test_vars_t*)*glob_state)->ip); + + unsigned int i, num_permitted, num_excluded, type; + gnutls_x509_crt_t crt; + gnutls_datum_t name; + + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(2); + + /* 1: test the generation of name constraints */ + + ret = gnutls_x509_crt_init(&crt); + check_for_error(ret); + + ret = gnutls_x509_crt_import(crt, &cert, GNUTLS_X509_FMT_PEM); + check_for_error(ret); + + num_permitted = num_excluded = 0; + + parse_cidr("203.0.113.0/24", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + num_permitted++; + check_for_error(ret); + + parse_cidr("2001:DB8::/32", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + num_permitted++; + check_for_error(ret); + + parse_cidr("203.0.113.0/26", ip); + ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_IPADDRESS, ip); + num_excluded++; + check_for_error(ret); + + parse_cidr("2001:DB8::/34", ip); + ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_IPADDRESS, ip); + num_excluded++; + check_for_error(ret); + + // Try to add invalid name constraints + + parse_cidr("2001:DB8::/34", ip); + ip->data[30] = 2; + ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_IPADDRESS, ip); + if (ret == 0) + fail_msg("Checking invalid network mask should have failed."); + + parse_cidr("2001:DB8::/34", ip); + ip->size = 31; + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + if (ret == 0) + fail_msg("Checking invalid IP size should have failed."); + + ret = gnutls_x509_crt_set_name_constraints(crt, nc, 1); + check_for_error(ret); + + /* 2: test the reading of the generated constraints */ + + i = 0; + do { + ret = gnutls_x509_name_constraints_get_permitted(nc, i++, &type, &name); +#ifdef DEBUG + _gnutls_cidr_to_string(name.data, name.size, ip_out, sizeof(ip_out)); + printf("Loaded name constraint: %s\n",ip_out); +#endif + } while(ret == 0); + + if (i-1 != num_permitted) { + fail_msg("Could not read all constraints; read %d, expected %d\n", i-1, num_permitted); + } + + i = 0; + do { + ret = gnutls_x509_name_constraints_get_excluded(nc, i++, &type, &name); +#ifdef DEBUG + _gnutls_cidr_to_string(name.data, name.size, ip_out, sizeof(ip_out)); + printf("Loaded name constraint: %s\n",ip_out); +#endif + } while(ret == 0); + + if (i-1 != num_excluded) { + fail_msg("Could not read all excluded constraints; read %d, expected %d\n", i-1, num_excluded); + } + + /* 3: test the name constraints check function */ + + parse_cidr("203.0.113.250/32", ip); + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_ACCEPTED, ip); + + parse_cidr("203.0.114.0/32", ip); + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("203.0.113.10/32", ip); + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + + parse_cidr("2001:DB8:4000::/128", ip); + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_ACCEPTED, ip); + + parse_cidr("2001:DB9::/128", ip); + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("2001:DB8:10::/128", ip); + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + gnutls_x509_crt_deinit(crt); +} + +static void check_universal_constraint_checking(void **glob_state) +{ + /* 3b setting universal constraint */ + int ret; + gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; + gnutls_datum_t *ip = &(((test_vars_t*)*glob_state)->ip); + + parse_cidr("2001:DB8::/0", ip); + ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + + parse_cidr("2001:DB8:10::/128", ip); + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("::/128", ip); + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); +} + +static void check_simple_intersection(void **glob_state) +{ + /* 4: simple intersection + * --------P:203.0.113.0/24-------- + * --P:203.0.113.0/26-- + * A B C + */ + int ret; + gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; + gnutls_x509_name_constraints_t nc2 = ((test_vars_t*)*glob_state)->nc2; + gnutls_datum_t *ip = &(((test_vars_t*)*glob_state)->ip); + + parse_cidr("203.0.113.0/24", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("203.0.113.0/26", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + ret = _gnutls_x509_name_constraints_merge(nc, nc2); + check_for_error(ret); + + parse_cidr("203.0.113.2/32", ip); // A + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_ACCEPTED, ip); + + parse_cidr("203.0.113.250/32", ip); // B + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("203.0.114.0/32", ip); // C + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); +} + +static void check_empty_intersection(void **glob_state) +{ + /* 5: empty intersection + * --P:127.0.113.0/24-- + * --P:255.0.113.0/24-- + * A B C + */ + int ret; + gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; + gnutls_x509_name_constraints_t nc2 = ((test_vars_t*)*glob_state)->nc2; + gnutls_datum_t *ip = &(((test_vars_t*)*glob_state)->ip); + + parse_cidr("127.0.113.0/24", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("255.0.113.0/24", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + ret = _gnutls_x509_name_constraints_merge(nc, nc2); + check_for_error(ret); + + parse_cidr("127.0.113.2/32", ip); // A + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("255.0.0.2/32", ip); // B + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("255.0.113.2/32", ip); // C + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); +} + +static void check_mediocre_intersection(void **glob_state) +{ + /* 6: mediocre intersection + * --------P:127.0.113.0/24-------- + * --P:127.0.113.0/26-- --P:255.0.113.0/24-- + * A B C D + */ + int ret; + gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; + gnutls_x509_name_constraints_t nc2 = ((test_vars_t*)*glob_state)->nc2; + gnutls_datum_t *ip = &(((test_vars_t*)*glob_state)->ip); + + parse_cidr("127.0.113.0/24", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("127.0.113.0/26", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("255.0.113.0/24", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + ret = _gnutls_x509_name_constraints_merge(nc, nc2); + check_for_error(ret); + + parse_cidr("127.0.113.2/32", ip); // A + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_ACCEPTED, ip); + + parse_cidr("127.0.113.250/32", ip); // B + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("255.0.0.2/32", ip); // C + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("255.0.113.2/32", ip); // D + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); +} + +static void check_difficult_intersection(void **glob_state) +{ + /* 7: difficult intersection + * --------P:0.0.0.0/3--------------- --P:88.0.0.0/5-- + * --P:0.0.0.0/5-- --P:16.0.0.0/5-- ----P:64.0.0.0/3---- + * A B C D E F G H + */ + int ret; + gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; + gnutls_x509_name_constraints_t nc2 = ((test_vars_t*)*glob_state)->nc2; + gnutls_datum_t *ip = &(((test_vars_t*)*glob_state)->ip); + + parse_cidr("0.0.0.0/3", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("88.0.0.0/5", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("0.0.0.0/5", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("16.0.0.0/5", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("64.0.0.0/3", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + ret = _gnutls_x509_name_constraints_merge(nc, nc2); + check_for_error(ret); + + parse_cidr("0.0.113.2/32", ip); // A + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_ACCEPTED, ip); + + parse_cidr("15.255.255.255/32", ip); // B + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("16.0.0.0/32", ip); // C + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_ACCEPTED, ip); + + parse_cidr("31.12.25.2/32", ip); // D + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("63.255.255.255/32", ip); // E + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("64.0.0.0/32", ip); // F + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("89.125.7.187/32", ip); // G + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_ACCEPTED, ip); + + parse_cidr("96.0.0.0/32", ip); // H + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); +} + +static void check_ipv6_intersection(void **glob_state) +{ + /* 8: IPv6 intersection + * --------P:affb::/16----- --P:affd:0000::/20-- + * --P:affb:aa00::/24-- + * A B C D E F G + */ + int ret; + gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; + gnutls_x509_name_constraints_t nc2 = ((test_vars_t*)*glob_state)->nc2; + gnutls_datum_t *ip = &(((test_vars_t*)*glob_state)->ip); + + parse_cidr("affb::/16", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("affd:0000::/20", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("affb:aa00::/24", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + ret = _gnutls_x509_name_constraints_merge(nc, nc2); + check_for_error(ret); + + parse_cidr("affa:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128", ip); // A + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("affb:a500::/128", ip); // B + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("affb:aa00::/128", ip); // C + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_ACCEPTED, ip); + + parse_cidr("affb:ab01::/128", ip); // D + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("affc::/128", ip); // E + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("affd:0fff::/128", ip); // F + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("affd:1000::/128", ip); // G + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); +} + +static void check_empty_ipv4_intersection_ipv6_remains(void **glob_state) +{ + /* 9: IPv4 and IPv6 in a common test case + * IPv4 with empty intersection, but IPv6 gets restricted as well + * --P:127.0.113.0/24-- + * --P:255.0.113.0/24-- + * A B C + * + * --P:bfa6::/16-- + * D E + */ + int ret; + gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; + gnutls_x509_name_constraints_t nc2 = ((test_vars_t*)*glob_state)->nc2; + gnutls_datum_t *ip = &(((test_vars_t*)*glob_state)->ip); + + parse_cidr("127.0.113.0/24", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("bfa6::/16", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("255.0.113.0/24", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + ret = _gnutls_x509_name_constraints_merge(nc, nc2); + check_for_error(ret); + + parse_cidr("127.0.113.2/32", ip); // A + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("255.0.0.2/32", ip); // B + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("255.0.113.2/32", ip); // C + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("bfa6:ab01::/128", ip); // D + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("bfa7::/128", ip); // E + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); +} + +static void check_empty_ipv4v6_intersections(void **glob_state) +{ + /* 10: IPv4 and IPv6 in a common test case + * both IPv4 and IPv6 have empty intersection + * --P:127.0.113.0/24-- + * --P:255.0.113.0/24-- + * A B C + * + * --P:bfa6::/16-- + * --P:cfa6::/16-- + * D E F + */ + int ret; + gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; + gnutls_x509_name_constraints_t nc2 = ((test_vars_t*)*glob_state)->nc2; + gnutls_datum_t *ip = &(((test_vars_t*)*glob_state)->ip); + + parse_cidr("127.0.113.0/24", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("bfa6::/16", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("255.0.113.0/24", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("cfa6::/16", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + ret = _gnutls_x509_name_constraints_merge(nc, nc2); + check_for_error(ret); + + parse_cidr("127.0.113.2/32", ip); // A + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("255.0.0.2/32", ip); // B + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("255.0.113.2/32", ip); // C + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("bfa6:ab01::/128", ip); // D + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("bfa7::/128", ip); // E + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("cfa7:00cc::/128", ip); // F + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); +} + +static void check_ipv4v6_single_constraint_each(void **glob_state) +{ + /* 11: 1 IPv4 range and 1 IPv6 range in a common test case + * (no overlap) + * --P:127.0.113.0/24-- + * A B + * + * --P:bfa6::/16-- + * C D + */ + int ret; + gnutls_x509_name_constraints_t nc = ((test_vars_t*)*glob_state)->nc; + gnutls_x509_name_constraints_t nc2 = ((test_vars_t*)*glob_state)->nc2; + gnutls_datum_t *ip = &(((test_vars_t*)*glob_state)->ip); + + parse_cidr("127.0.113.0/24", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + parse_cidr("bfa6::/16", ip); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_IPADDRESS, ip); + check_for_error(ret); + ret = _gnutls_x509_name_constraints_merge(nc, nc2); + check_for_error(ret); + + parse_cidr("127.0.113.2/32", ip); // A + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("255.0.0.2/32", ip); // B + ip->size = 4; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("bfa6:ab01::/128", ip); // C + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); + + parse_cidr("bfa7::/128", ip); // D + ip->size = 16; // strip network mask + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, ip); + check_test_result(ret, IP_REJECTED, ip); +} + +static int setup(void **state) { + test_vars_t* test_vars = gnutls_malloc(sizeof(test_vars_t)); + if (test_vars == NULL) + return -1; + test_vars->ip.size = 0; + test_vars->ip.data = NULL; + + int ret; + ret = gnutls_x509_name_constraints_init(&(test_vars->nc)); + check_for_error(ret); + ret = gnutls_x509_name_constraints_init(&(test_vars->nc2)); + check_for_error(ret); + + *state = test_vars; + return 0; +} + +static int teardown(void **state) { + test_vars_t* test_vars = *state; + gnutls_free(test_vars->ip.data); + gnutls_x509_name_constraints_deinit(test_vars->nc); + gnutls_x509_name_constraints_deinit(test_vars->nc2); + gnutls_free(*state); + return 0; +} + +int main(int argc, char **argv) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown(check_generation_reading_basic_checking, setup, teardown), + cmocka_unit_test_setup_teardown(check_universal_constraint_checking, setup, teardown), + cmocka_unit_test_setup_teardown(check_simple_intersection, setup, teardown), + cmocka_unit_test_setup_teardown(check_empty_intersection, setup, teardown), + cmocka_unit_test_setup_teardown(check_mediocre_intersection, setup, teardown), + cmocka_unit_test_setup_teardown(check_difficult_intersection, setup, teardown), + cmocka_unit_test_setup_teardown(check_ipv6_intersection, setup, teardown), + cmocka_unit_test_setup_teardown(check_empty_ipv4_intersection_ipv6_remains, setup, teardown), + cmocka_unit_test_setup_teardown(check_empty_ipv4v6_intersections, setup, teardown), + cmocka_unit_test_setup_teardown(check_ipv4v6_single_constraint_each, setup, teardown) + }; + cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/tests/name-constraints-merge.c b/tests/name-constraints-merge.c new file mode 100644 index 0000000..76430fb --- /dev/null +++ b/tests/name-constraints-merge.c @@ -0,0 +1,376 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Authors: Nikos Mavrogiannopoulos, Martin Ukrop + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "../lib/gnutls_int.h" +#include "../lib/x509/x509_int.h" + +#include "utils.h" + +/* Test for name constraints PKIX extension. + */ + +static void check_for_error(int ret) { + if (ret != GNUTLS_E_SUCCESS) + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); +} + +#define NAME_ACCEPTED 1 +#define NAME_REJECTED 0 + +static void check_test_result(int suite, int ret, int expected_outcome, + gnutls_datum_t *tested_data) { + if (expected_outcome == NAME_ACCEPTED ? ret == 0 : ret != 0) { + if (expected_outcome == NAME_ACCEPTED) { + fail("Checking \"%.*s\" should have succeeded (suite %d).\n", + tested_data->size, tested_data->data, suite); + } else { + fail("Checking \"%.*s\" should have failed (suite %d).\n", + tested_data->size, tested_data->data, suite); + } + } +} + +static void set_name(const char *name, gnutls_datum_t *datum) { + datum->data = (unsigned char*) name; + datum->size = strlen((char*) name); +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +void doit(void) +{ + int ret, suite; + gnutls_x509_name_constraints_t nc1, nc2; + gnutls_datum_t name; + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(1000); + + /* 0: test the merge permitted name constraints + * NC1: permitted DNS org + * permitted DNS ccc.com + * permitted email ccc.com + * NC2: permitted DNS org + * permitted DNS aaa.bbb.ccc.com + */ + suite = 0; + + ret = gnutls_x509_name_constraints_init(&nc1); + check_for_error(ret); + + ret = gnutls_x509_name_constraints_init(&nc2); + check_for_error(ret); + + set_name("org", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc1, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + set_name("ccc.com", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc1, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + set_name("ccc.com", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc1, GNUTLS_SAN_RFC822NAME, &name); + check_for_error(ret); + + set_name("org", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + set_name("aaa.bbb.ccc.com", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + ret = _gnutls_x509_name_constraints_merge(nc1, nc2); + check_for_error(ret); + + /* unrelated */ + set_name("xxx.example.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("example.org", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_ACCEPTED, &name); + + set_name("com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("xxx.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("ccc.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + /* check intersection of permitted */ + set_name("xxx.aaa.bbb.ccc.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_ACCEPTED, &name); + + set_name("aaa.bbb.ccc.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_ACCEPTED, &name); + + set_name("xxx.bbb.ccc.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("xxx.ccc.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("ccc.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("ccc.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_RFC822NAME, &name); + check_test_result(suite, ret, NAME_ACCEPTED, &name); + + set_name("xxx.ccc.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_RFC822NAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + gnutls_x509_name_constraints_deinit(nc1); + gnutls_x509_name_constraints_deinit(nc2); + + /* 1: test the merge of excluded name constraints + * NC1: denied DNS example.com + * NC2: denied DNS example.net + */ + suite = 1; + + ret = gnutls_x509_name_constraints_init(&nc1); + check_for_error(ret); + + ret = gnutls_x509_name_constraints_init(&nc2); + check_for_error(ret); + + set_name("example.com", &name); + ret = gnutls_x509_name_constraints_add_excluded(nc1, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + set_name("example.net", &name); + ret = gnutls_x509_name_constraints_add_excluded(nc2, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + ret = _gnutls_x509_name_constraints_merge(nc1, nc2); + check_for_error(ret); + + set_name("xxx.example.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("xxx.example.net", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("example.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("example.net", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("example.org", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_ACCEPTED, &name); + + gnutls_x509_name_constraints_deinit(nc1); + gnutls_x509_name_constraints_deinit(nc2); + + /* 2: test permitted constraints with empty intersection + * (no permitted nodes remain) + * NC1: permitted DNS one.example.com + * NC2: permitted DNS two.example.com + */ + suite = 2; + + ret = gnutls_x509_name_constraints_init(&nc1); + check_for_error(ret); + + ret = gnutls_x509_name_constraints_init(&nc2); + check_for_error(ret); + + set_name("one.example.com", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc1, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + set_name("two.example.com", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + ret = _gnutls_x509_name_constraints_merge(nc1, nc2); + check_for_error(ret); + + set_name("one.example.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("two.example.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("three.example.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("example.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("org", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + gnutls_x509_name_constraints_deinit(nc1); + gnutls_x509_name_constraints_deinit(nc2); + + /* 3: test more permitted constraints, some with empty intersection + * NC1: permitted DNS foo.com + * permitted DNS bar.com + * permitted email redhat.com + * NC2: permitted DNS sub.foo.com + */ + suite = 3; + + ret = gnutls_x509_name_constraints_init(&nc1); + check_for_error(ret); + + ret = gnutls_x509_name_constraints_init(&nc2); + check_for_error(ret); + + set_name("foo.com", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc1, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + set_name("bar.com", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc1, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + set_name("sub.foo.com", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + ret = _gnutls_x509_name_constraints_merge(nc1, nc2); + check_for_error(ret); + + set_name("foo.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("bar.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("sub.foo.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_ACCEPTED, &name); + + set_name("anothersub.foo.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + gnutls_x509_name_constraints_deinit(nc1); + gnutls_x509_name_constraints_deinit(nc2); + + /* 4: test permitted constraints with empty intersection + * almost identical to 2, but extra name constraint of different type + * that remains after intersection + * NC1: permitted DNS three.example.com + * permitted email redhat.com + * NC2: permitted DNS four.example.com + */ + suite = 4; + + ret = gnutls_x509_name_constraints_init(&nc1); + check_for_error(ret); + + ret = gnutls_x509_name_constraints_init(&nc2); + check_for_error(ret); + + set_name("three.example.com", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc1, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + set_name("redhat.com", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc1, GNUTLS_SAN_RFC822NAME, &name); + check_for_error(ret); + + set_name("four.example.com", &name); + ret = gnutls_x509_name_constraints_add_permitted(nc2, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + ret = _gnutls_x509_name_constraints_merge(nc1, nc2); + check_for_error(ret); + + set_name("three.example.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("four.example.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("five.example.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("example.com", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + set_name("org", &name); + ret = gnutls_x509_name_constraints_check(nc1, GNUTLS_SAN_DNSNAME, &name); + check_test_result(suite, ret, NAME_REJECTED, &name); + + gnutls_x509_name_constraints_deinit(nc1); + gnutls_x509_name_constraints_deinit(nc2); + + /* Test footer */ + + if (debug) + success("Test success.\n"); +} diff --git a/tests/name-constraints.c b/tests/name-constraints.c new file mode 100644 index 0000000..a6f3fe7 --- /dev/null +++ b/tests/name-constraints.c @@ -0,0 +1,331 @@ +/* + * Copyright (C) 2014 Free Software Foundation, Inc. + * + * Authors: Nikos Mavrogiannopoulos, Martin Ukrop + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* Test for name constraints PKIX extension. + */ + +static void check_for_error(int ret) { + if (ret != GNUTLS_E_SUCCESS) + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); +} + +#define NAME_ACCEPTED 1 +#define NAME_REJECTED 0 + +static void check_test_result(int ret, int expected_outcome, gnutls_datum_t *tested_data) { + if (expected_outcome == NAME_ACCEPTED ? ret == 0 : ret != 0) { + if (expected_outcome == NAME_ACCEPTED) { + fail("Checking \"%.*s\" should have succeeded.\n", tested_data->size, tested_data->data); + } else { + fail("Checking \"%.*s\" should have failed.\n", tested_data->size, tested_data->data); + } + } +} + +static void set_name(const char *name, gnutls_datum_t *datum) { + datum->data = (unsigned char*) name; + datum->size = strlen((char*) name); +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +static unsigned char cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix\n" + "RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1\n" + "dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p\n" + "YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw\n" + "NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK\n" + "EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl\n" + "cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl\n" + "c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB\n" + "BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz\n" + "dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ\n" + "fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns\n" + "bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD\n" + "75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP\n" + "FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV\n" + "HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp\n" + "5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu\n" + "b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA\n" + "A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p\n" + "6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8\n" + "TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7\n" + "dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys\n" + "Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI\n" + "l7WdmplNsDz4SgCbZN2fOUvRJ9e4\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) }; + +const gnutls_datum_t name1 = { (void*)"com", 3 }; +const gnutls_datum_t name2 = { (void*)"example.com", sizeof("example.com")-1 }; +const gnutls_datum_t name3 = { (void*)"another.example.com", sizeof("another.example.com")-1 }; +const gnutls_datum_t name4 = { (void*)".gr", 3 }; + +const gnutls_datum_t mail1 = { (void*)"example.com", sizeof("example.com")-1 }; +const gnutls_datum_t mail2 = { (void*)".example.net", sizeof(".example.net")-1 }; +const gnutls_datum_t mail3 = { (void*)"nmav@redhat.com", sizeof("nmav@redhat.com")-1 }; +const gnutls_datum_t mail4 = { (void*)"koko.example.net", sizeof("koko.example.net")-1 }; + +void doit(void) +{ + int ret; + unsigned int crit, i, permitted, excluded; + gnutls_x509_crt_t crt; + gnutls_x509_name_constraints_t nc; + unsigned type; + gnutls_datum_t name; + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* 0: test the reading of name constraints */ + + ret = gnutls_x509_name_constraints_init(&nc); + check_for_error(ret); + + ret = gnutls_x509_crt_init(&crt); + check_for_error(ret); + + ret = gnutls_x509_crt_import(crt, &cert, GNUTLS_X509_FMT_PEM); + check_for_error(ret); + + ret = gnutls_x509_crt_get_name_constraints(crt, nc, 0, &crit); + check_for_error(ret); + + if (crit != 0) { + fail("error reading criticality\n"); + } + + i = 0; + do { + ret = gnutls_x509_name_constraints_get_permitted(nc, i++, &type, &name); + + if (ret >= 0 && i == 2) { + if (name.size != 3 || memcmp(name.data, ".eu", 3) != 0) { + fail("error reading 2nd constraint\n"); + } + } + } while(ret == 0); + + if (i-1 != 8) { + fail("Could not read all constraints; read %d, expected %d\n", i-1, 8); + } + + gnutls_x509_name_constraints_deinit(nc); + gnutls_x509_crt_deinit(crt); + + /* 1: test the generation of name constraints */ + + permitted = 0; + excluded = 0; + + ret = gnutls_x509_name_constraints_init(&nc); + check_for_error(ret); + + ret = gnutls_x509_crt_init(&crt); + check_for_error(ret); + + ret = gnutls_x509_crt_import(crt, &cert, GNUTLS_X509_FMT_PEM); + check_for_error(ret); + + permitted++; + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_DNSNAME, &name1); + check_for_error(ret); + + excluded++; + ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_DNSNAME, &name2); + check_for_error(ret); + + excluded++; + ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_DNSNAME, &name3); + check_for_error(ret); + + permitted++; + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_DNSNAME, &name4); + check_for_error(ret); + + excluded++; + ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_URI, &name3); + check_for_error(ret); + + permitted++; + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_RFC822NAME, &mail1); + check_for_error(ret); + + permitted++; + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_RFC822NAME, &mail2); + check_for_error(ret); + + permitted++; + ret = gnutls_x509_name_constraints_add_permitted(nc, GNUTLS_SAN_RFC822NAME, &mail3); + check_for_error(ret); + + excluded++; + ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_RFC822NAME, &mail4); + check_for_error(ret); + + ret = gnutls_x509_crt_set_name_constraints(crt, nc, 1); + check_for_error(ret); + + /* 2: test the reading of the generated constraints */ + + i = 0; + do { + ret = gnutls_x509_name_constraints_get_permitted(nc, i++, &type, &name); + + if (ret >= 0 && i == 1) { + if (name.size != name1.size || memcmp(name.data, name1.data, name1.size) != 0) { + fail("%d: error reading 1st constraint\n", __LINE__); + } + } + } while(ret == 0); + + if (i-1 != permitted) { + fail("Could not read all constraints; read %d, expected %d\n", i-1, permitted); + } + + i = 0; + do { + ret = gnutls_x509_name_constraints_get_excluded(nc, i++, &type, &name); + + if (ret >= 0 && i == 1) { + if (name.size != name2.size || memcmp(name.data, name2.data, name2.size) != 0) { + fail("%d: error reading 1st excluded constraint\n", __LINE__); + } + } + if (ret >= 0 && i == 2) { + if (name.size != name3.size || memcmp(name.data, name3.data, name3.size) != 0) { + fail("%d: error reading 1st excluded constraint\n", __LINE__); + } + } + } while(ret == 0); + + if (i-1 != excluded) { + fail("Could not read all excluded constraints; read %d, expected %d\n", i-1, excluded); + } + + /* 3: test the name constraints check function */ + + /* This name constraints structure doesn't have any excluded GNUTLS_SAN_DN so + * this test should succeed */ + set_name("ASFHAJHjhafjs", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DN, &name); + check_test_result(ret, NAME_ACCEPTED, &name); + + /* Test e-mails */ + set_name("nmav@redhat.com", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_RFC822NAME, &name); + check_test_result(ret, NAME_ACCEPTED, &name); + + set_name("nmav@radhat.com", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_RFC822NAME, &name); + check_test_result(ret, NAME_REJECTED, &name); + + set_name("nmav@example.com", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_RFC822NAME, &name); + check_test_result(ret, NAME_ACCEPTED, &name); + + set_name("nmav@test.example.net", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_RFC822NAME, &name); + check_test_result(ret, NAME_ACCEPTED, &name); + + set_name("nmav@example.net", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_RFC822NAME, &name); + check_test_result(ret, NAME_REJECTED, &name); + + set_name("nmav@koko.example.net", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_RFC822NAME, &name); + check_test_result(ret, NAME_REJECTED, &name); + + /* This name constraints structure does have an excluded URI so + * this test should fail */ + set_name("http://www.com", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_URI, &name); + check_test_result(ret, NAME_REJECTED, &name); + + set_name("goodexample.com", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name); + check_test_result(ret, NAME_ACCEPTED, &name); + + set_name("good.com", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name); + check_test_result(ret, NAME_ACCEPTED, &name); + + set_name("www.example.com", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name); + check_test_result(ret, NAME_REJECTED, &name); + + set_name("www.example.net", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name); + check_test_result(ret, NAME_REJECTED, &name); + + set_name("www.example.gr", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name); + check_test_result(ret, NAME_ACCEPTED, &name); + + gnutls_x509_name_constraints_deinit(nc); + gnutls_x509_crt_deinit(crt); + + /* 4: corner cases */ + + /* 4a: empty excluded name (works as wildcard) */ + + ret = gnutls_x509_name_constraints_init(&nc); + check_for_error(ret); + + set_name("", &name); + ret = gnutls_x509_name_constraints_add_excluded(nc, GNUTLS_SAN_DNSNAME, &name); + check_for_error(ret); + + set_name("example.net", &name); + ret = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_DNSNAME, &name); + check_test_result(ret, NAME_REJECTED, &name); + + gnutls_x509_name_constraints_deinit(nc); + + // Test suite end. + + if (debug) + success("Test success.\n"); +} diff --git a/tests/no-extensions.c b/tests/no-extensions.c new file mode 100644 index 0000000..3bd9d06 --- /dev/null +++ b/tests/no-extensions.c @@ -0,0 +1,212 @@ +/* + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" +#include "tls13/ext-parse.h" +#include + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static int server_handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, + const gnutls_datum_t *msg) +{ + unsigned pos; + gnutls_datum_t mmsg; + + assert(post && htype == GNUTLS_HANDSHAKE_SERVER_HELLO); + + switch (htype) { + case GNUTLS_HANDSHAKE_SERVER_HELLO: + assert(msg->size >= HANDSHAKE_SESSION_ID_POS); + pos = HANDSHAKE_SESSION_ID_POS; + SKIP8(pos, msg->size); + pos += 3; /* ciphersuite + compression */ + + mmsg.data = &msg->data[pos]; + mmsg.size = msg->size - pos; + if (pos != msg->size) { + if (pos < msg->size-1) { + fprintf(stderr, "additional bytes: %.2x%.2x\n", mmsg.data[0], mmsg.data[1]); + } + fail("the server hello contains additional bytes\n"); + } + break; + } + return 0; +} + +static int client_handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, + const gnutls_datum_t *msg) +{ + unsigned pos; + gnutls_datum_t mmsg; + + assert(!post && htype == GNUTLS_HANDSHAKE_CLIENT_HELLO); + + switch (htype) { + case GNUTLS_HANDSHAKE_CLIENT_HELLO: + assert(msg->size >= HANDSHAKE_SESSION_ID_POS); + pos = HANDSHAKE_SESSION_ID_POS; + SKIP8(pos, msg->size); + SKIP16(pos, msg->size); + SKIP8(pos, msg->size); + + mmsg.data = &msg->data[pos]; + mmsg.size = msg->size - pos; + + if (pos != msg->size) { + if (pos < msg->size-1) { + fprintf(stderr, "additional bytes: %.2x%.2x\n", mmsg.data[0], mmsg.data[1]); + } + fail("the client hello contains additional bytes\n"); + } + break; + } + return 0; +} + +static +void start(const char *prio, gnutls_protocol_t exp_version) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + success("trying %s\n", prio); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + gnutls_handshake_set_hook_function(server, + GNUTLS_HANDSHAKE_SERVER_HELLO, + GNUTLS_HOOK_POST, + server_handshake_callback); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_priority_set_direct(client, prio, NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + gnutls_handshake_set_hook_function(client, + GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HOOK_PRE, + client_handshake_callback); + + HANDSHAKE(client, server); + + /* check gnutls_certificate_get_ours() - client side */ + { + const gnutls_datum_t *mcert; + + mcert = gnutls_certificate_get_ours(client); + if (mcert != NULL) { + fail("gnutls_certificate_get_ours(): failed\n"); + exit(1); + } + } + + assert(gnutls_protocol_get_version(server) == exp_version); + + assert(gnutls_certificate_type_get(server)==GNUTLS_CRT_X509); + assert(gnutls_certificate_type_get(client)==GNUTLS_CRT_X509); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.0:%NO_EXTENSIONS", GNUTLS_TLS1_0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.1:%NO_EXTENSIONS", GNUTLS_TLS1_1); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_EXTENSIONS", GNUTLS_TLS1_2); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:%NO_EXTENSIONS", GNUTLS_TLS1_2); +} diff --git a/tests/no-signal.c b/tests/no-signal.c new file mode 100644 index 0000000..c73d02c --- /dev/null +++ b/tests/no-signal.c @@ -0,0 +1,244 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +# include +# include +# include +# include +# include +# include +# include +# include +# include + +# ifndef MSG_NOSIGNAL + +int main(void) +{ + exit(77); +} + +# else + +# include "utils.h" + +static +void sigpipe(int sig) +{ + _exit(2); +} + +#define BUF_SIZE 64 + +static void client(int fd) +{ + int ret; + gnutls_anon_client_credentials_t anoncred; + gnutls_session_t session; + char buf[BUF_SIZE]; + char buf2[BUF_SIZE]; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)); + + ret = gnutls_record_recv(session, buf, sizeof(buf)); + if (ret < 0 || ret != sizeof(buf)) { + kill(getppid(), SIGPIPE); + fail("client: recv failed"); + } + if (debug) + success("client: received %d bytes\n", ret); + + memset(buf2, 0, sizeof(buf)); + if (memcmp(buf, buf2, sizeof(buf)) != 0) { + kill(getppid(), SIGPIPE); + fail("client: recv data failed"); + } + + close(fd); + gnutls_deinit(session); + gnutls_anon_free_client_credentials(anoncred); + gnutls_global_deinit(); + + if (ret < 0) { + fail("client: Handshake failed with unexpected reason: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } +} + + +/* These are global */ +pid_t child; + +static void server(int fd) +{ + gnutls_anon_server_credentials_t anoncred; + gnutls_session_t session; + int ret; + char buf[BUF_SIZE]; + unsigned i; + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_level(4711); + } + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER|GNUTLS_NO_SIGNAL); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, + "NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)); + + if (ret < 0) { + fail("error in handshake: %s\n", gnutls_strerror(ret)); + exit(1); + } + + memset(buf, 0, sizeof(buf)); + for (i=0;i<5;i++) { + sleep(3); + ret = gnutls_record_send(session, buf, sizeof(buf)); + if (ret < 0) + break; + } + + sleep(3); + + gnutls_deinit(session); + gnutls_anon_free_server_credentials(anoncred); + gnutls_global_deinit(); + +} + +static void start(void) +{ + int fd[2]; + int ret; + + /* we need dgram in this test */ + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[0]); + server(fd[1]); + close(fd[1]); + kill(child, SIGTERM); + } else { + close(fd[1]); + client(fd[0]); + close(fd[0]); + exit(0); + } +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, sigpipe); + + start(); +} + +# endif /* MSG_NOSIGNAL */ +#endif /* _WIN32 */ diff --git a/tests/nul-in-x509-names.c b/tests/nul-in-x509-names.c new file mode 100644 index 0000000..208bd38 --- /dev/null +++ b/tests/nul-in-x509-names.c @@ -0,0 +1,148 @@ +/* + * Copyright (C) 2009-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "utils.h" + +/* Thanks to Tomas Hoger for generating the two + certs that trigger this bug. */ + +static char badguy_nul_cn_data[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDjTCCAnWgAwIBAgIBATANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJHQjES\n" + "MBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5N\n" + "eSBDb21wYW55IEx0ZDELMAkGA1UECxMCQ0ExGTAXBgNVBAMTEE5VTEwtZnJpZW5k\n" + "bHkgQ0EwHhcNMDkwODA0MDczMzQzWhcNMTkwODAyMDczMzQzWjAjMSEwHwYDVQQD\n" + "Exh3d3cuYmFuay5jb20ALmJhZGd1eS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" + "DwAwggEKAoIBAQDNJnCWqaZdPpztDwgVWnwXJWhorxO5rUH6ElTihHJ9WNHiQELB\n" + "We0FPaoQU3AAiDp3oMBWnqx9ISpxRFEIvBcH2qijdtxRvBuK9gIaVb9GtERrJ16+\n" + "5ReLVrLGgjYRg6i/9y8NF/bNR7VvK6ZBto0zX+rqi7Ea4pk4/1lbCqFxE8o3P7mw\n" + "HpGayJM1DErgnfTSYcdOW0EKfDFUmdv1Zc6A08ICN2T9VBJ76qyFWVwX4S720Kjy\n" + "0C6UWS/Cpl/aB957LhQH7eQnJDedCS6x+VpIuYAkQ+bLx24139VpNP/m1p7odmZu\n" + "X1kBPJY77HILPB6VD85oE5wi3Ru1RChQSgV/AgMBAAGjezB5MAkGA1UdEwQCMAAw\n" + "LAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0G\n" + "A1UdDgQWBBQzFSS+2mY6BovZJzQ6r2JA5JVmXTAfBgNVHSMEGDAWgBQKaTlfnTAE\n" + "GAguAg7m6p2yJvbiajANBgkqhkiG9w0BAQUFAAOCAQEAMmUjH8jZU4SC0ArrFFEk\n" + "A7xsGypa/hvw6GkMKxmGz38ydtgr0s+LxNG2W5xgo5kuknIGzt6L0qLSiXwTqQtO\n" + "vhIJ5dYoOqynJlaUfxPuZH3elGB1wbxVl9SqE44C2LCwcFOuGFPOqrIshT7j8+Em\n" + "8/pc7vh7C8Y5tQQzXq64Xg5mzKjAag3sYMHF2TnqvRuPHH0WOLHoyDcBqkuZ3+QP\n" + "EL5h7prPzScFRgBg2Gp0CDI8i5ABagczDGyQ2+r7ahcadrtzFCfhpH7V3TCxXfIO\n" + "qtSy1Uz2T5EqB/Q3wc9IGcX+fpKWqN9QajGSo7EU/kHMSWKYTerFugUtScMicu9B\n" + "CQ==\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t badguy_nul_cn = { + (void *) badguy_nul_cn_data, sizeof(badguy_nul_cn_data) +}; + +static char badguy_nul_san_data[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDrTCCApWgAwIBAgIBADANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJHQjES\n" + "MBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5N\n" + "eSBDb21wYW55IEx0ZDELMAkGA1UECxMCQ0ExGTAXBgNVBAMTEE5VTEwtZnJpZW5k\n" + "bHkgQ0EwHhcNMDkwODA0MDY1MzA1WhcNMTkwODAyMDY1MzA1WjAZMRcwFQYDVQQD\n" + "Ew53d3cuYmFkZ3V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" + "AM0mcJappl0+nO0PCBVafBclaGivE7mtQfoSVOKEcn1Y0eJAQsFZ7QU9qhBTcACI\n" + "OnegwFaerH0hKnFEUQi8FwfaqKN23FG8G4r2AhpVv0a0RGsnXr7lF4tWssaCNhGD\n" + "qL/3Lw0X9s1HtW8rpkG2jTNf6uqLsRrimTj/WVsKoXETyjc/ubAekZrIkzUMSuCd\n" + "9NJhx05bQQp8MVSZ2/VlzoDTwgI3ZP1UEnvqrIVZXBfhLvbQqPLQLpRZL8KmX9oH\n" + "3nsuFAft5CckN50JLrH5Wki5gCRD5svHbjXf1Wk0/+bWnuh2Zm5fWQE8ljvscgs8\n" + "HpUPzmgTnCLdG7VEKFBKBX8CAwEAAaOBpDCBoTAJBgNVHRMEAjAAMCwGCWCGSAGG\n" + "+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU\n" + "MxUkvtpmOgaL2Sc0Oq9iQOSVZl0wHwYDVR0jBBgwFoAUCmk5X50wBBgILgIO5uqd\n" + "sib24mowJgYDVR0RBB8wHYIbd3d3LmJhbmsuY29tAHd3dy5iYWRndXkuY29tMA0G\n" + "CSqGSIb3DQEBBQUAA4IBAQAnbn2zqYZSV2qgxjBsHpQJp2+t/hGfvjKNAXuLlGbX\n" + "fLaxkPzk9bYyvGxxI7EYiNZHvNoHx15GcTrmQG7Bfx1WlnBl2FGp3J6lBgCY5x4Q\n" + "vIK6AOVOog8+7Irdb8bJweztbXwxPmaHR6GLFTwhfuwheD0hcHK6cMNk+B1P2dAn\n" + "PD5+olmuvprTAESncjrjP8ibxY+xlP4AD264FIjxA1CRUa/wHve4WqRXNS3xrciu\n" + "3SlhFH3q0TSAXBv960PcIW3GRPk7VHbEkVuspI5y59gk/6dawO8nw9fk+X9VjQ0w\n" + "7KLZbch29L6UPRIySpFP28PndgdaEpcYtxUAmFkhiT41\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t badguy_nul_san = { + (void *) badguy_nul_san_data, sizeof(badguy_nul_san_data) +}; + +void doit(void) +{ + gnutls_x509_crt_t crt; + int ret; + + ret = global_init(); + if (ret < 0) { + fail("global_init"); + exit(1); + } + + ret = gnutls_x509_crt_init(&crt); + if (ret != 0) { + fail("gnutls_x509_crt_init"); + exit(1); + } + + ret = + gnutls_x509_crt_import(crt, &badguy_nul_cn, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import"); + exit(1); + } + + ret = gnutls_x509_crt_check_hostname(crt, "www.bank.com"); + if (ret == 0) { + if (debug) + success + ("gnutls_x509_crt_check_hostname OK (NUL-IN-CN)"); + } else { + fail("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-CN)"); + } + + ret = + gnutls_x509_crt_import(crt, &badguy_nul_san, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import"); + exit(1); + } + + ret = gnutls_x509_crt_check_hostname(crt, "www.bank.com"); + if (ret == 0) { + if (debug) + success + ("gnutls_x509_crt_check_hostname OK (NUL-IN-SAN)"); + } else { + fail("gnutls_x509_crt_check_hostname BROKEN (NUL-IN-SAN)"); + } + + gnutls_x509_crt_deinit(crt); + + gnutls_global_deinit(); + +} diff --git a/tests/null_retrieve_function.c b/tests/null_retrieve_function.c new file mode 100644 index 0000000..5c4464a --- /dev/null +++ b/tests/null_retrieve_function.c @@ -0,0 +1,126 @@ +/* + * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * Copyright (C) 2018 Dmitry Eremin-Solenikov + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* Test for behavior of the library when NULL is set as certificate + * function. + */ + +static int cert_cb1(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, + int nreqs, + const gnutls_pk_algorithm_t * pk_algos, + int pk_algos_length, + gnutls_retr2_st *retr) +{ + return -1; +} + +static int cert_cb2(gnutls_session_t session, + const gnutls_datum_t *req_ca_rdn, + int nreqs, + const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_length, + gnutls_pcert_st** pcert, + unsigned int *pcert_length, + gnutls_privkey_t *privkey) +{ + return -1; +} + +static int cert_cb3(gnutls_session_t session, + const struct gnutls_cert_retr_st *info, + gnutls_pcert_st **certs, + unsigned int *pcert_length, + gnutls_ocsp_data_st **ocsp, + unsigned int *ocsp_length, + gnutls_privkey_t *privkey, + unsigned int *flags) +{ + return -1; +} + + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +void doit(void) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_certificate_credentials_t clicred; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&x509_cred); + + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert_chain, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in error code\n"); + exit(1); + } + + gnutls_certificate_allocate_credentials(&clicred); + gnutls_certificate_set_retrieve_function(clicred, cert_cb1); + gnutls_certificate_set_retrieve_function(clicred, NULL); + _test_cli_serv(x509_cred, clicred, "NORMAL", "NORMAL", "localhost", NULL, NULL, NULL, 0, 1, GNUTLS_E_CERTIFICATE_REQUIRED, -1); + gnutls_certificate_free_credentials(clicred); + + gnutls_certificate_allocate_credentials(&clicred); + gnutls_certificate_set_retrieve_function2(clicred, cert_cb2); + gnutls_certificate_set_retrieve_function2(clicred, NULL); + _test_cli_serv(x509_cred, clicred, "NORMAL", "NORMAL", "localhost", NULL, NULL, NULL, 0, 1, GNUTLS_E_CERTIFICATE_REQUIRED, -1); + gnutls_certificate_free_credentials(clicred); + + gnutls_certificate_allocate_credentials(&clicred); + gnutls_certificate_set_retrieve_function3(clicred, cert_cb3); + gnutls_certificate_set_retrieve_function3(clicred, NULL); + _test_cli_serv(x509_cred, clicred, "NORMAL", "NORMAL", "localhost", NULL, NULL, NULL, 0, 1, GNUTLS_E_CERTIFICATE_REQUIRED, -1); + gnutls_certificate_free_credentials(clicred); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/ocsp-common.h b/tests/ocsp-common.h new file mode 100644 index 0000000..64662af --- /dev/null +++ b/tests/ocsp-common.h @@ -0,0 +1,678 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifndef GNUTLS_TESTS_OCSP_COMMON_H +#define GNUTLS_TESTS_OCSP_COMMON_H + +#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) +# pragma GCC diagnostic push +# pragma GCC diagnostic ignored "-Wunused-variable" +#endif + +/* Date for responses to be valid */ +#define OCSP_RESP_DATE 1508329639 + +/* ocsp response with unknown status for + * server_ca3_localhost6_cert. Signed with + * RSA-SHA256. + */ +static const char _ocsp_ca3_localhost6_unknown[] = { + 0x30, 0x82, 0x02, 0x3A, 0x0A, 0x01, 0x00, 0xA0, + 0x82, 0x02, 0x33, 0x30, 0x82, 0x02, 0x2F, 0x06, + 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x02, 0x20, 0x30, 0x82, + 0x02, 0x1C, 0x30, 0x81, 0x85, 0xA1, 0x14, 0x30, + 0x12, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x07, 0x73, 0x75, 0x62, 0x43, + 0x41, 0x2D, 0x33, 0x18, 0x0F, 0x32, 0x30, 0x31, + 0x37, 0x31, 0x30, 0x31, 0x38, 0x31, 0x32, 0x32, + 0x30, 0x34, 0x39, 0x5A, 0x30, 0x5C, 0x30, 0x5A, + 0x30, 0x45, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, + 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14, 0xB2, + 0xE6, 0x5C, 0x8E, 0x6E, 0x83, 0x4B, 0xBD, 0x11, + 0xD9, 0x97, 0xFA, 0x36, 0x93, 0x59, 0x9E, 0xAD, + 0x5C, 0x15, 0xC4, 0x04, 0x14, 0x9E, 0x91, 0xEC, + 0x8C, 0xAA, 0x24, 0x5B, 0x22, 0xE0, 0xE8, 0x11, + 0xE8, 0xE9, 0xA4, 0x91, 0xB5, 0x91, 0x26, 0x00, + 0xF1, 0x02, 0x0C, 0x57, 0xA3, 0x1D, 0x32, 0x37, + 0x64, 0x58, 0xFA, 0x7B, 0x52, 0x6F, 0xD7, 0x82, + 0x00, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, 0x31, + 0x30, 0x31, 0x38, 0x31, 0x32, 0x32, 0x30, 0x34, + 0x39, 0x5A, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x81, 0x00, 0x98, 0x3C, + 0xFF, 0xD1, 0x76, 0x93, 0xB0, 0xDD, 0x42, 0xCA, + 0x8C, 0x7D, 0x4F, 0x9F, 0xE7, 0x78, 0x14, 0x1D, + 0x90, 0x25, 0x67, 0x34, 0x51, 0x3C, 0xF6, 0x10, + 0x7E, 0xB9, 0x8C, 0x19, 0xF4, 0x9A, 0x32, 0x6A, + 0xFD, 0x5B, 0x77, 0xE9, 0x0A, 0xB2, 0xCD, 0x31, + 0x5E, 0x0F, 0x5B, 0x11, 0xA7, 0x75, 0x38, 0x7B, + 0x01, 0xFA, 0x2B, 0x68, 0x2C, 0x14, 0x6F, 0xAF, + 0x90, 0xC9, 0x69, 0x67, 0x13, 0x70, 0x78, 0x51, + 0x44, 0x0B, 0xA6, 0x16, 0x84, 0x6B, 0x09, 0xC3, + 0x27, 0xFF, 0x06, 0x25, 0x90, 0x27, 0x08, 0x87, + 0x23, 0xCB, 0x1A, 0x56, 0x61, 0x9E, 0x28, 0x9C, + 0x42, 0x19, 0xEA, 0x93, 0x7C, 0x05, 0x14, 0x04, + 0x7F, 0xC7, 0x1C, 0x40, 0xDD, 0x35, 0xC6, 0x50, + 0x79, 0x46, 0xD7, 0x6A, 0xB1, 0x59, 0xAF, 0xC6, + 0xDA, 0x0C, 0xD2, 0x1B, 0xAC, 0x3B, 0x46, 0x09, + 0x0E, 0x7B, 0x02, 0xC3, 0x01, 0x55, 0x5E, 0xE9, + 0x4F, 0x10, 0x58, 0x16, 0xB8, 0x54, 0xA8, 0x54, + 0xBB, 0x31, 0xEB, 0x99, 0x64, 0x73, 0xEE, 0x3F, + 0x44, 0xCE, 0xBB, 0xF9, 0x0A, 0xDB, 0x36, 0x90, + 0x51, 0x80, 0xAA, 0xE1, 0x6F, 0xC3, 0x00, 0x13, + 0x65, 0x80, 0x36, 0x3A, 0x63, 0x48, 0x05, 0x52, + 0x7F, 0x91, 0x96, 0xB0, 0x7F, 0x53, 0xFC, 0x5D, + 0x87, 0x0C, 0x6E, 0x5C, 0xAC, 0x0A, 0x45, 0x22, + 0x83, 0x72, 0xC0, 0xAF, 0x5E, 0xDB, 0x5C, 0xE4, + 0xA9, 0x80, 0x16, 0x43, 0xAB, 0x55, 0x72, 0x9B, + 0x37, 0x41, 0xBB, 0xEF, 0x20, 0x45, 0xD5, 0xCB, + 0xF8, 0xCE, 0xA9, 0x50, 0x12, 0x79, 0xAC, 0x6E, + 0xC0, 0x79, 0xA4, 0x74, 0x1C, 0xF8, 0x48, 0xD4, + 0xFC, 0xDC, 0xBB, 0xDA, 0x36, 0x72, 0x46, 0x05, + 0x32, 0x97, 0x4C, 0x6B, 0xA4, 0x3C, 0xA0, 0x0E, + 0xB7, 0xAC, 0x49, 0xA4, 0x52, 0xF0, 0xAC, 0xD5, + 0x8D, 0x86, 0x07, 0xDB, 0xC3, 0x67, 0xE4, 0x95, + 0x62, 0x52, 0x33, 0x33, 0x2D, 0x00, 0x49, 0x23, + 0xCC, 0x12, 0x62, 0xFB, 0x89, 0x27, 0xD5, 0x27, + 0xCB, 0x75, 0xC4, 0xCB, 0x60, 0x17, 0xFD, 0x4E, + 0x7A, 0x2A, 0xD7, 0x0B, 0x09, 0x84, 0x03, 0x20, + 0x38, 0x53, 0x73, 0x71, 0x66, 0xFC, 0x64, 0x9C, + 0x6E, 0x1A, 0x1E, 0xC5, 0x5E, 0x0C, 0xAD, 0x9D, + 0xE3, 0x37, 0xF2, 0xC2, 0xFC, 0xA1, 0x31, 0x26, + 0x2C, 0xA1, 0xDF, 0x05, 0x19, 0xD6, 0x18, 0xE8, + 0x25, 0x7C, 0x23, 0x23, 0xDE, 0x89, 0x6F, 0x5E, + 0x98, 0xE8, 0xB6, 0xB2, 0x25, 0x28, 0x30, 0x12, + 0x19, 0xB1, 0x84, 0x95, 0x8F, 0x8F, 0x65, 0x75, + 0x2D, 0x90, 0xA8, 0x8D, 0xD9, 0xC3, 0x40, 0x79, + 0xC8, 0xC8, 0xA1, 0xDC, 0xD0, 0x16, 0x02, 0xFE, + 0x60, 0xBE, 0xA3, 0x58, 0xA2, 0xC4, 0xBA, 0xE5, + 0x86, 0x4F, 0xF3, 0x2F, 0x46, 0xB9, 0x62, 0x2F, + 0xCD, 0xE4, 0x1A, 0x62, 0x83, 0x76 +}; + +const char _ocsp_ca3_localhost6_unknown_pem[] = + "-----BEGIN OCSP RESPONSE-----\n" + "MIICOgoBAKCCAjMwggIvBgkrBgEFBQcwAQEEggIgMIICHDCBhaEUMBIxEDAOBgNV\n" + "BAMTB3N1YkNBLTMYDzIwMTcxMDE4MTIyMDQ5WjBcMFowRTAJBgUrDgMCGgUABBSy\n" + "5lyOboNLvRHZl/o2k1merVwVxAQUnpHsjKokWyLg6BHo6aSRtZEmAPECDFejHTI3\n" + "ZFj6e1Jv14IAGA8yMDE3MTAxODEyMjA0OVowDQYJKoZIhvcNAQELBQADggGBAJg8\n" + "/9F2k7DdQsqMfU+f53gUHZAlZzRRPPYQfrmMGfSaMmr9W3fpCrLNMV4PWxGndTh7\n" + "AforaCwUb6+QyWlnE3B4UUQLphaEawnDJ/8GJZAnCIcjyxpWYZ4onEIZ6pN8BRQE\n" + "f8ccQN01xlB5RtdqsVmvxtoM0husO0YJDnsCwwFVXulPEFgWuFSoVLsx65lkc+4/\n" + "RM67+QrbNpBRgKrhb8MAE2WANjpjSAVSf5GWsH9T/F2HDG5crApFIoNywK9e21zk\n" + "qYAWQ6tVcps3QbvvIEXVy/jOqVASeaxuwHmkdBz4SNT83LvaNnJGBTKXTGukPKAO\n" + "t6xJpFLwrNWNhgfbw2fklWJSMzMtAEkjzBJi+4kn1SfLdcTLYBf9Tnoq1wsJhAMg\n" + "OFNzcWb8ZJxuGh7FXgytneM38sL8oTEmLKHfBRnWGOglfCMj3olvXpjotrIlKDAS\n" + "GbGElY+PZXUtkKiN2cNAecjIodzQFgL+YL6jWKLEuuWGT/MvRrliL83kGmKDdg==\n" + "-----END OCSP RESPONSE-----"; + +static gnutls_datum_t ocsp_ca3_localhost6_unknown = { + (void *)_ocsp_ca3_localhost6_unknown, + sizeof(_ocsp_ca3_localhost6_unknown) +}; + +static gnutls_datum_t ocsp_ca3_localhost6_unknown_pem = { + (void *)_ocsp_ca3_localhost6_unknown_pem, + sizeof(_ocsp_ca3_localhost6_unknown_pem)-1 +}; + +/* ocsp response with unknown status for + * server_ca3_localhost_cert. Signed with + * RSA-SHA512. + */ +static const char _ocsp_ca3_localhost_unknown[] = { + 0x30, 0x82, 0x06, 0x53, 0x0A, 0x01, 0x00, 0xA0, + 0x82, 0x06, 0x4C, 0x30, 0x82, 0x06, 0x48, 0x06, + 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x06, 0x39, 0x30, 0x82, + 0x06, 0x35, 0x30, 0x81, 0x85, 0xA1, 0x14, 0x30, + 0x12, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x07, 0x73, 0x75, 0x62, 0x43, + 0x41, 0x2D, 0x33, 0x18, 0x0F, 0x32, 0x30, 0x31, + 0x37, 0x31, 0x30, 0x31, 0x38, 0x31, 0x32, 0x30, + 0x39, 0x33, 0x30, 0x5A, 0x30, 0x5C, 0x30, 0x5A, + 0x30, 0x45, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, + 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14, 0xB2, + 0xE6, 0x5C, 0x8E, 0x6E, 0x83, 0x4B, 0xBD, 0x11, + 0xD9, 0x97, 0xFA, 0x36, 0x93, 0x59, 0x9E, 0xAD, + 0x5C, 0x15, 0xC4, 0x04, 0x14, 0x9E, 0x91, 0xEC, + 0x8C, 0xAA, 0x24, 0x5B, 0x22, 0xE0, 0xE8, 0x11, + 0xE8, 0xE9, 0xA4, 0x91, 0xB5, 0x91, 0x26, 0x00, + 0xF1, 0x02, 0x0C, 0x57, 0xA3, 0x1D, 0x32, 0x36, + 0xC8, 0x0C, 0xA1, 0xCA, 0xB0, 0xBD, 0xF6, 0x82, + 0x00, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, 0x31, + 0x30, 0x31, 0x38, 0x31, 0x32, 0x30, 0x39, 0x33, + 0x30, 0x5A, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0D, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x81, 0x00, 0x56, 0x64, + 0x2B, 0x10, 0xAA, 0xE7, 0x26, 0x7F, 0xF1, 0x7F, + 0x86, 0x97, 0x0E, 0x18, 0xB4, 0x75, 0x92, 0x65, + 0x12, 0x2B, 0x46, 0x9F, 0x3E, 0x96, 0x98, 0xE4, + 0xAB, 0x10, 0xD1, 0x0E, 0xEA, 0x08, 0xE2, 0xA5, + 0x01, 0x75, 0xA4, 0x5B, 0x76, 0xAC, 0x49, 0x2B, + 0x9E, 0xF1, 0x4A, 0xF2, 0x79, 0x3A, 0x4E, 0x15, + 0x81, 0xFF, 0x4D, 0xD3, 0x65, 0x8E, 0xAE, 0x4A, + 0xBB, 0x33, 0x35, 0x8B, 0x0F, 0xB6, 0x5D, 0x32, + 0xEF, 0xF5, 0xE1, 0x25, 0xBF, 0xBD, 0x52, 0x1D, + 0x99, 0xF2, 0x34, 0xE0, 0xFB, 0x38, 0x34, 0x6C, + 0x9A, 0xEF, 0x53, 0xB2, 0x90, 0xC6, 0xFB, 0x75, + 0xA0, 0x8C, 0xBC, 0x6B, 0x8E, 0xD8, 0xDE, 0x33, + 0xE4, 0x6F, 0xF2, 0xAD, 0xF2, 0xA2, 0x4F, 0xC2, + 0x58, 0x47, 0xE2, 0x68, 0x6D, 0x3A, 0x3A, 0xB3, + 0x0A, 0x82, 0x3D, 0xA4, 0x85, 0x00, 0x58, 0x3E, + 0x00, 0x35, 0x9D, 0x6B, 0x1F, 0xFF, 0x9F, 0xAE, + 0xB0, 0x9A, 0xE2, 0xC7, 0x0E, 0x9A, 0xB3, 0x7C, + 0x52, 0xE9, 0xDA, 0x50, 0x57, 0x35, 0x72, 0x71, + 0x81, 0xA7, 0xC0, 0x40, 0x28, 0xEA, 0x2B, 0xCE, + 0x09, 0x47, 0x1D, 0xB1, 0x80, 0x41, 0x59, 0xF6, + 0x5D, 0xD3, 0x3C, 0xEA, 0x11, 0xD8, 0x13, 0xB9, + 0x0F, 0x32, 0x6A, 0x29, 0x72, 0xBE, 0xC1, 0xC3, + 0x1B, 0xB5, 0x4C, 0x4D, 0x0D, 0xA1, 0xD5, 0xF0, + 0xC4, 0xEC, 0xC5, 0x5A, 0x93, 0x41, 0x7A, 0x01, + 0x24, 0xB3, 0x7A, 0x71, 0x82, 0xA3, 0xC6, 0x08, + 0x42, 0x91, 0x0E, 0x6B, 0xE7, 0x86, 0x0B, 0xAF, + 0xBE, 0xDF, 0x07, 0x5A, 0x8C, 0x35, 0xF8, 0x5F, + 0x7F, 0x2F, 0x60, 0x04, 0xDD, 0x2A, 0xF2, 0x0D, + 0xC0, 0x1C, 0x6F, 0xA0, 0x30, 0x80, 0xA4, 0x35, + 0x83, 0xD3, 0xC3, 0xCC, 0x35, 0x46, 0x36, 0xEB, + 0xE9, 0xB1, 0x3C, 0x08, 0x8F, 0xCC, 0x5D, 0xCA, + 0xD9, 0xAF, 0x3E, 0xD4, 0x58, 0xBB, 0x90, 0x5D, + 0xEF, 0x01, 0x9C, 0xD9, 0x3E, 0x56, 0x7E, 0xCF, + 0x13, 0xAA, 0x11, 0xC4, 0x22, 0xD2, 0xA0, 0x9F, + 0x1B, 0xE9, 0xF0, 0x78, 0x70, 0x3B, 0xCC, 0x21, + 0x7D, 0x6B, 0x46, 0x97, 0x3F, 0x3B, 0x0C, 0x5B, + 0x8F, 0xA8, 0x28, 0x72, 0x4A, 0x41, 0x4D, 0xE6, + 0xDD, 0x2E, 0xBD, 0xF1, 0xA4, 0x1E, 0xA2, 0xA2, + 0x94, 0x6E, 0xAD, 0x33, 0xC2, 0x56, 0xD3, 0x29, + 0xCF, 0x75, 0x5E, 0x35, 0x59, 0xEB, 0x07, 0x78, + 0x23, 0x0B, 0x20, 0x4E, 0xEB, 0x61, 0x2B, 0x46, + 0x77, 0x0A, 0x9F, 0xA4, 0x57, 0xA8, 0x45, 0x45, + 0x6E, 0x8F, 0xB4, 0xD5, 0x9C, 0xFC, 0x84, 0x78, + 0xC3, 0x82, 0xD9, 0xB6, 0xA7, 0xD5, 0x76, 0xE0, + 0x23, 0x09, 0x2B, 0x9A, 0x7C, 0x7C, 0xB5, 0x6D, + 0x84, 0x9D, 0x1F, 0x47, 0x0C, 0x9C, 0xD6, 0x86, + 0x2B, 0xDD, 0xF4, 0xFA, 0x97, 0xE7, 0x72, 0xE7, + 0x42, 0x52, 0x74, 0xE8, 0x4D, 0x01, 0xA0, 0x82, + 0x04, 0x15, 0x30, 0x82, 0x04, 0x11, 0x30, 0x82, + 0x04, 0x0D, 0x30, 0x82, 0x02, 0x75, 0xA0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x0C, 0x57, 0xA3, 0x1D, + 0x32, 0x35, 0xB3, 0x4F, 0xD0, 0xB9, 0xF5, 0xE7, + 0x3C, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + 0x30, 0x0F, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x13, 0x04, 0x43, 0x41, 0x2D, + 0x33, 0x30, 0x20, 0x17, 0x0D, 0x31, 0x36, 0x30, + 0x35, 0x31, 0x30, 0x30, 0x38, 0x34, 0x38, 0x33, + 0x30, 0x5A, 0x18, 0x0F, 0x39, 0x39, 0x39, 0x39, + 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, + 0x35, 0x39, 0x5A, 0x30, 0x12, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x07, + 0x73, 0x75, 0x62, 0x43, 0x41, 0x2D, 0x33, 0x30, + 0x82, 0x01, 0xA2, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x8F, 0x00, 0x30, + 0x82, 0x01, 0x8A, 0x02, 0x82, 0x01, 0x81, 0x00, + 0xA0, 0x39, 0xC3, 0x57, 0xCD, 0x2B, 0x4E, 0x9D, + 0x11, 0x68, 0x8B, 0x4E, 0x5A, 0x31, 0x12, 0xDE, + 0x30, 0x1E, 0x39, 0x5F, 0x86, 0xB6, 0xB2, 0xB4, + 0x81, 0xBA, 0x5D, 0xD4, 0x2F, 0x10, 0xD2, 0x1A, + 0x32, 0x0F, 0xD0, 0x41, 0x25, 0xFF, 0xF5, 0xF6, + 0x58, 0xB8, 0xA8, 0xA5, 0xEF, 0xF1, 0x34, 0xBF, + 0x1B, 0x3C, 0x24, 0x69, 0x23, 0x5B, 0x12, 0x55, + 0x79, 0x7C, 0x1D, 0xBD, 0x5C, 0x2B, 0x7A, 0x96, + 0x34, 0x66, 0xB3, 0x56, 0x60, 0xBB, 0xC5, 0x6D, + 0x3B, 0x37, 0x12, 0xF6, 0xE8, 0x8F, 0x3A, 0x7B, + 0x7F, 0xC1, 0x55, 0x19, 0xEA, 0xF2, 0x2A, 0x15, + 0xB6, 0xF3, 0xD0, 0xC0, 0x4A, 0x6F, 0xB8, 0x8F, + 0x05, 0xF7, 0xBC, 0x75, 0xBC, 0xBF, 0xE7, 0xF9, + 0xC7, 0xDC, 0x76, 0x43, 0x7B, 0xEC, 0xD4, 0x9C, + 0xAF, 0x90, 0xBD, 0x8C, 0x73, 0x15, 0x8A, 0x84, + 0x6F, 0x0B, 0xEA, 0x8A, 0xCF, 0xD6, 0xD4, 0x07, + 0x1E, 0x43, 0x4B, 0x24, 0x95, 0xEB, 0xA3, 0xD1, + 0xE7, 0xEC, 0x06, 0xB0, 0x90, 0xEF, 0x91, 0xFB, + 0x26, 0x8D, 0x53, 0xA0, 0xAA, 0x24, 0xE5, 0x49, + 0x64, 0x12, 0xE4, 0x6D, 0xE7, 0x30, 0xCA, 0xB4, + 0x46, 0x2C, 0x6C, 0x73, 0x97, 0x4F, 0xE5, 0x6C, + 0xA0, 0x91, 0xB7, 0x61, 0xF7, 0xEE, 0x39, 0x50, + 0x2B, 0x4E, 0x6D, 0xC9, 0xC7, 0x00, 0x12, 0x6B, + 0x3F, 0xE1, 0xAD, 0x2E, 0x21, 0xB4, 0x00, 0xE5, + 0x31, 0xEA, 0x83, 0xF3, 0x3E, 0xD7, 0x99, 0x2F, + 0x5D, 0xDE, 0xAD, 0x65, 0xE0, 0xEF, 0x36, 0x2E, + 0xB1, 0x36, 0xAB, 0x8F, 0xDA, 0xD3, 0x71, 0xDB, + 0x20, 0x47, 0xF2, 0x26, 0xD6, 0x62, 0x33, 0x98, + 0x3D, 0xA2, 0xEC, 0x68, 0x49, 0xA3, 0x81, 0xA3, + 0xD1, 0x29, 0x37, 0x46, 0xAF, 0x77, 0x27, 0x27, + 0x80, 0xF8, 0x0C, 0xB9, 0x50, 0xF9, 0xAA, 0x72, + 0x6F, 0x9D, 0xA9, 0x7D, 0x34, 0x6F, 0x8F, 0x4C, + 0x4D, 0x3B, 0xF8, 0x1A, 0xD3, 0xB9, 0xDE, 0x42, + 0xD0, 0x48, 0x25, 0xD8, 0x14, 0x9F, 0x7A, 0x8D, + 0xC3, 0x22, 0x5C, 0xCC, 0xC1, 0x14, 0x90, 0xF5, + 0x44, 0xEB, 0x1D, 0x93, 0x85, 0x94, 0x79, 0xDF, + 0xED, 0x24, 0xC1, 0xDF, 0x7E, 0xDB, 0x43, 0xCF, + 0xD8, 0xF7, 0x59, 0xCB, 0x97, 0xF4, 0xCD, 0xA7, + 0xCD, 0x34, 0xF6, 0xC6, 0x56, 0xAE, 0xA2, 0x48, + 0xDB, 0x10, 0x08, 0x51, 0x0D, 0x1C, 0x39, 0x7F, + 0x10, 0x85, 0x66, 0x1E, 0xD3, 0x6E, 0x66, 0x87, + 0xE2, 0xFC, 0xAC, 0x0C, 0xEF, 0x54, 0x65, 0x75, + 0x44, 0x5D, 0x22, 0xCA, 0xA2, 0x74, 0x36, 0x2E, + 0x6C, 0xAC, 0xA3, 0x8F, 0x2C, 0xFC, 0x6D, 0xF4, + 0x56, 0x69, 0x52, 0x8E, 0xD3, 0xED, 0x26, 0xA4, + 0x6C, 0xBF, 0xFA, 0x0F, 0xA4, 0x23, 0xBF, 0x73, + 0x40, 0xFA, 0x06, 0xB9, 0x07, 0x57, 0x9E, 0x41, + 0xE3, 0xCC, 0x5F, 0x9B, 0x22, 0x05, 0x8E, 0x01, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x64, 0x30, + 0x62, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, + 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, + 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x03, 0x03, + 0x07, 0x06, 0x00, 0x30, 0x1D, 0x06, 0x03, 0x55, + 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x2D, 0x33, + 0x04, 0x1B, 0x27, 0x7F, 0x94, 0x04, 0x7C, 0xC7, + 0xE3, 0x35, 0x4F, 0xE9, 0x25, 0xA4, 0x94, 0xE1, + 0xB7, 0xA1, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xF9, + 0xA8, 0x86, 0x19, 0x63, 0xB6, 0xA4, 0x14, 0x13, + 0x60, 0x76, 0x0F, 0x01, 0x9A, 0x35, 0x36, 0xEF, + 0xF1, 0xB4, 0xAF, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x81, 0x00, 0x32, + 0x28, 0xB9, 0x1B, 0x1D, 0xFF, 0x77, 0xFE, 0x7C, + 0xA0, 0x34, 0x72, 0xE5, 0xAD, 0x28, 0x3E, 0xF4, + 0x21, 0x91, 0x4D, 0x1D, 0x29, 0xAE, 0xB5, 0x35, + 0xF8, 0xE3, 0x3B, 0x3F, 0x6E, 0xAB, 0x13, 0x52, + 0x8A, 0x52, 0xC9, 0x13, 0xB8, 0xC6, 0x24, 0xF6, + 0x86, 0xDA, 0xD2, 0xAD, 0x0B, 0xF5, 0xD4, 0xD5, + 0x86, 0xEA, 0x97, 0x6B, 0x6A, 0x41, 0x8E, 0xBC, + 0x92, 0x88, 0x23, 0x2A, 0xCD, 0xF5, 0x40, 0x2E, + 0x91, 0x16, 0x4A, 0x19, 0x00, 0x5A, 0x2E, 0x4C, + 0x9B, 0x75, 0xD6, 0x4C, 0xDB, 0x81, 0x55, 0x8A, + 0x7B, 0x00, 0xA4, 0xDF, 0xF3, 0xAB, 0x03, 0x4F, + 0xD9, 0x91, 0x1A, 0xC0, 0x7C, 0x4D, 0x0F, 0x99, + 0xAF, 0xCD, 0x21, 0x34, 0x70, 0x4C, 0x79, 0x93, + 0xB1, 0x03, 0x9D, 0xBF, 0xF6, 0xF3, 0x47, 0xEC, + 0x48, 0x3E, 0x18, 0xCA, 0xC4, 0xAA, 0xCA, 0xC8, + 0x91, 0x4C, 0x1B, 0x9C, 0x5B, 0xF9, 0x0D, 0x0E, + 0x29, 0x26, 0xDD, 0xF2, 0x40, 0xE9, 0x81, 0x85, + 0x8A, 0xA1, 0xBE, 0x71, 0xDA, 0x3B, 0x0D, 0x62, + 0x01, 0x03, 0xA7, 0xC9, 0xD8, 0x49, 0x14, 0xF8, + 0xE5, 0x21, 0xB0, 0xED, 0xCE, 0xC5, 0x72, 0xE9, + 0xA4, 0x5F, 0x3D, 0xA7, 0x03, 0xAA, 0xF9, 0x37, + 0x06, 0xE7, 0x84, 0x42, 0xEF, 0x34, 0x52, 0xBC, + 0x7F, 0x3B, 0x18, 0xF9, 0x02, 0x4A, 0x1D, 0xA0, + 0x25, 0x27, 0xD0, 0x9C, 0x96, 0x58, 0x8F, 0xD4, + 0xF8, 0xA2, 0x01, 0xC9, 0x76, 0x2D, 0x0A, 0x36, + 0x81, 0xAC, 0xA0, 0x58, 0xD8, 0x83, 0xFA, 0x08, + 0x27, 0xAB, 0x3C, 0xBB, 0x9E, 0xA6, 0xA6, 0xF6, + 0xB8, 0x9E, 0x38, 0xE3, 0x07, 0x96, 0xCD, 0x64, + 0x28, 0x50, 0x05, 0xAD, 0x6C, 0xB6, 0x83, 0xF7, + 0x01, 0x85, 0x37, 0xD2, 0xFB, 0xFE, 0xD2, 0x86, + 0x97, 0xB1, 0xEC, 0xD2, 0xB6, 0x18, 0x08, 0xAE, + 0x8E, 0x05, 0x15, 0xD1, 0x36, 0x47, 0x13, 0x21, + 0x19, 0xB7, 0xAB, 0xA6, 0xE2, 0x02, 0xD2, 0xF6, + 0xFC, 0x14, 0x2A, 0xCF, 0xD1, 0xE1, 0x74, 0xBD, + 0x54, 0xBF, 0xDB, 0x06, 0x57, 0xC0, 0xCB, 0x68, + 0x40, 0x55, 0x37, 0x94, 0x7A, 0x38, 0x91, 0x04, + 0x67, 0x93, 0x26, 0x4A, 0x81, 0xBB, 0xBF, 0x9C, + 0xE0, 0x57, 0x6B, 0x08, 0x1C, 0x95, 0x85, 0xA7, + 0x90, 0x01, 0x23, 0x18, 0xBB, 0xF9, 0x60, 0x6B, + 0xC7, 0x9A, 0x18, 0xBD, 0x73, 0x25, 0xB2, 0x5E, + 0xD8, 0x14, 0x16, 0x23, 0xBE, 0x78, 0x28, 0x36, + 0x03, 0x4F, 0xDA, 0x8A, 0x36, 0xA1, 0xA5, 0x83, + 0x2B, 0x2B, 0xE0, 0x05, 0x63, 0x7B, 0xBC, 0xF5, + 0x63, 0x53, 0x10, 0xEF, 0x64, 0xA7, 0x7E, 0xBC, + 0xD8, 0x49, 0x0C, 0x3A, 0x04, 0x1F, 0x39, 0x0A, + 0xEA, 0xC1, 0xEA, 0x2A, 0x2E, 0xDD, 0x0F, 0x9E, + 0x33, 0x8A, 0x38, 0x83, 0xFF, 0xB1, 0x18, 0x4B, + 0x83, 0xA3, 0x43, 0x5E, 0xFF, 0xC8, 0xAB +}; + +const char _ocsp_ca3_localhost_unknown_pem[] = + "-----BEGIN OCSP RESPONSE-----\n" + "MIICNwoBAKCCAjAwggIsBgkrBgEFBQcwAQEEggIdMIICGTCBgqERMA8xDTALBgNV\n" + "BAMTBENBLTMYDzIwMTcxMDE4MTIzODUyWjBcMFowRTAJBgUrDgMCGgUABBS3yg+r\n" + "3G+4sJZ6FayYCg8Z/qQS3gQUHoXtf55x+gidN0hDoBLv5arh44oCDFejHTI1s0/Q\n" + "ufXnPIIAGA8yMDE3MTAxODEyMzg1MlowDQYJKoZIhvcNAQELBQADggGBALMParB9\n" + "K97DlT4FmMdPScoT7oAAsar4XxKLU9+oraht7H+WTAYSpnCxh/ugR17G0jtzTzIw\n" + "nLQFAyR9MDYKp4Om4YqQ7r+43DiIqKVU25WcrVifUbtkR+LbjH+Bk1UHvFE8mCOX\n" + "ZB+cmQyjGap1RX0dnj2Wm48vUwqp71nA8AYcXL575xZ4rb9DDhaoV2h3S0Zlu4IN\n" + "btuDIVsxJ53kqkGjjVB4/R0RtqCXOI2ThMK3SfDWqwzF9tYA763VVXi+g+w3oyv4\n" + "ZtP8QUWOVUY4azpElX1wqoO8znUjxs1AzROLUeLPK8GMLVIZLP361J2kLgcj0Gdq\n" + "GIVH5N54p6bl5OgSUP3EdKbFRZyCVZ2n8Der3Cf9PtfvGV7Ze4Cv/CCN6rJkk54P\n" + "6auP6pEJg0ESGC5fop5HFCyVM+W/ot0A1cxN0+cHYlqB1NQholLqe3psDjJ2EoIK\n" + "LtN5dRLO6z5L74CwwiJ1SeLh8XyJtr/ee9RnFB56XCzO7lyhbHPx/VT6Qw==\n" + "-----END OCSP RESPONSE-----"; + +static gnutls_datum_t ocsp_ca3_localhost_unknown = { + (void *)_ocsp_ca3_localhost_unknown, sizeof(_ocsp_ca3_localhost_unknown) +}; + +static gnutls_datum_t ocsp_ca3_localhost_unknown_pem = { + (void *)_ocsp_ca3_localhost_unknown_pem, sizeof(_ocsp_ca3_localhost_unknown_pem) +}; + + +/* ocsp response with unknown status for + * server_ca3_localhost_cert. Signed with + * RSA-SHA1. + */ +static const char _ocsp_ca3_localhost_unknown_sha1[] = { + 0x30, 0x82, 0x02, 0x3A, 0x0A, 0x01, 0x00, 0xA0, + 0x82, 0x02, 0x33, 0x30, 0x82, 0x02, 0x2F, 0x06, + 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x02, 0x20, 0x30, 0x82, + 0x02, 0x1C, 0x30, 0x81, 0x85, 0xA1, 0x14, 0x30, + 0x12, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x07, 0x73, 0x75, 0x62, 0x43, + 0x41, 0x2D, 0x33, 0x18, 0x0F, 0x32, 0x30, 0x31, + 0x37, 0x31, 0x30, 0x31, 0x38, 0x31, 0x32, 0x32, + 0x32, 0x30, 0x36, 0x5A, 0x30, 0x5C, 0x30, 0x5A, + 0x30, 0x45, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, + 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14, 0xB2, + 0xE6, 0x5C, 0x8E, 0x6E, 0x83, 0x4B, 0xBD, 0x11, + 0xD9, 0x97, 0xFA, 0x36, 0x93, 0x59, 0x9E, 0xAD, + 0x5C, 0x15, 0xC4, 0x04, 0x14, 0x9E, 0x91, 0xEC, + 0x8C, 0xAA, 0x24, 0x5B, 0x22, 0xE0, 0xE8, 0x11, + 0xE8, 0xE9, 0xA4, 0x91, 0xB5, 0x91, 0x26, 0x00, + 0xF1, 0x02, 0x0C, 0x57, 0xA3, 0x1D, 0x32, 0x36, + 0xC8, 0x0C, 0xA1, 0xCA, 0xB0, 0xBD, 0xF6, 0x82, + 0x00, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, 0x31, + 0x30, 0x31, 0x38, 0x31, 0x32, 0x32, 0x32, 0x30, + 0x36, 0x5A, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x81, 0x00, 0x29, 0x91, + 0xFA, 0x87, 0x8F, 0x4D, 0xC2, 0x25, 0x67, 0x4F, + 0x2A, 0x39, 0xF9, 0xDA, 0x05, 0x4A, 0x8E, 0xBC, + 0x72, 0xB7, 0x8B, 0xF1, 0x6C, 0x77, 0x5E, 0x2F, + 0x0F, 0xA4, 0xEC, 0x7F, 0xD6, 0x63, 0xEA, 0x39, + 0x17, 0x6F, 0xAA, 0x4B, 0x86, 0x46, 0x0E, 0xB2, + 0xE1, 0x65, 0x1C, 0xEC, 0x97, 0x05, 0x00, 0x4D, + 0xAC, 0xBA, 0xA5, 0xD4, 0x1B, 0xB8, 0x4A, 0x05, + 0x94, 0x6C, 0xC9, 0xE1, 0x41, 0x5B, 0x44, 0x4F, + 0x39, 0x9C, 0xF7, 0xAF, 0x04, 0x31, 0x1A, 0x5B, + 0xF8, 0x5E, 0x42, 0xDA, 0xEA, 0xFF, 0x25, 0x67, + 0x75, 0x3E, 0x46, 0xC4, 0x7D, 0x31, 0x74, 0xBD, + 0x19, 0xFF, 0x11, 0x7F, 0x21, 0x39, 0x4D, 0xE3, + 0x07, 0x2F, 0xF4, 0xF5, 0x6B, 0xE7, 0x10, 0xF8, + 0x6C, 0x57, 0x7B, 0x83, 0x84, 0xCD, 0x3D, 0x61, + 0xFD, 0x91, 0x87, 0x03, 0x03, 0xDD, 0x7A, 0x60, + 0xF9, 0x1D, 0x82, 0xE9, 0xD9, 0x4B, 0xC9, 0xF2, + 0x6F, 0xE5, 0x09, 0xCC, 0xEC, 0x63, 0xD7, 0xC1, + 0xED, 0x54, 0x6D, 0x03, 0xC8, 0xC5, 0x92, 0xBC, + 0x22, 0x11, 0xCD, 0x3A, 0x2E, 0x51, 0xCD, 0x5F, + 0xA5, 0xB5, 0xA3, 0x5C, 0x8D, 0x54, 0x92, 0x85, + 0x6B, 0x92, 0x2A, 0x23, 0x5E, 0xFB, 0x35, 0xFB, + 0x23, 0xDA, 0x17, 0x16, 0x6D, 0xB2, 0xFB, 0xD8, + 0x8D, 0x43, 0x9F, 0x36, 0xE9, 0x5E, 0xA2, 0xCB, + 0xA5, 0x2D, 0xAE, 0xDD, 0x63, 0xFC, 0x53, 0x90, + 0xB5, 0x54, 0x82, 0x7C, 0xBD, 0x08, 0xD7, 0x4E, + 0xEA, 0x11, 0x84, 0x3C, 0x5B, 0x63, 0x06, 0xA5, + 0x2C, 0x8B, 0x09, 0x13, 0xC7, 0x04, 0x5F, 0xAF, + 0x73, 0xB1, 0x89, 0x40, 0x12, 0xEA, 0x9C, 0x56, + 0xC6, 0x08, 0x39, 0xD4, 0xAA, 0x1F, 0xAF, 0x74, + 0x78, 0xCC, 0x84, 0xC2, 0x8A, 0xE8, 0x0B, 0xCD, + 0xD3, 0x2D, 0xCD, 0x98, 0x2E, 0x8D, 0xAB, 0x59, + 0xFC, 0xCF, 0x4C, 0x1A, 0x30, 0xED, 0x8E, 0x3F, + 0xF8, 0xC7, 0xBD, 0xE3, 0x64, 0x94, 0x0C, 0xFC, + 0x24, 0x85, 0x35, 0x0A, 0x0E, 0x65, 0xA7, 0x2C, + 0x0B, 0x80, 0xB9, 0xB0, 0x97, 0xA5, 0x70, 0xE0, + 0x12, 0x86, 0x69, 0x74, 0x22, 0xEA, 0xE3, 0x11, + 0x4B, 0x34, 0xB1, 0xFB, 0x24, 0xEE, 0x00, 0x73, + 0x71, 0x33, 0x74, 0x62, 0x64, 0x10, 0xDD, 0x5A, + 0x3A, 0x10, 0xA3, 0x8E, 0x36, 0x03, 0x0D, 0x17, + 0xE3, 0x72, 0x29, 0xAE, 0x5A, 0xBD, 0x2E, 0xE0, + 0xFD, 0xB1, 0xDF, 0x8F, 0x2C, 0x24, 0xCF, 0xB9, + 0x10, 0x99, 0x68, 0xA2, 0x55, 0x01, 0x1E, 0xFB, + 0x9B, 0x14, 0x4C, 0x1E, 0xB4, 0x59, 0x79, 0xB7, + 0x8F, 0x07, 0x28, 0x3E, 0xB4, 0x2E, 0x8F, 0x91, + 0x51, 0xFD, 0x8F, 0x12, 0x8D, 0xC6, 0x57, 0x7B, + 0x87, 0xEF, 0x9C, 0x8B, 0x90, 0xD3, 0xA5, 0xB0, + 0xBE, 0x4B, 0xFA, 0x33, 0x54, 0x87, 0x81, 0xCF, + 0x96, 0x9A, 0xD3, 0xDC, 0xA9, 0xB6 +}; + +static gnutls_datum_t ocsp_ca3_localhost_unknown_sha1 = { + (void *)_ocsp_ca3_localhost_unknown_sha1, + sizeof(_ocsp_ca3_localhost_unknown_sha1) +}; + +/* ocsp response with unknown status for + * subca3_cert_pem. Signed with + * RSA-SHA256. + */ +static const char _ocsp_subca3_unknown[] = { + 0x30, 0x82, 0x02, 0x37, 0x0A, 0x01, 0x00, 0xA0, + 0x82, 0x02, 0x30, 0x30, 0x82, 0x02, 0x2C, 0x06, + 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x02, 0x1D, 0x30, 0x82, + 0x02, 0x19, 0x30, 0x81, 0x82, 0xA1, 0x11, 0x30, + 0x0F, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x04, 0x43, 0x41, 0x2D, 0x33, + 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, 0x31, 0x30, + 0x31, 0x38, 0x31, 0x32, 0x33, 0x38, 0x35, 0x32, + 0x5A, 0x30, 0x5C, 0x30, 0x5A, 0x30, 0x45, 0x30, + 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, + 0x05, 0x00, 0x04, 0x14, 0xB7, 0xCA, 0x0F, 0xAB, + 0xDC, 0x6F, 0xB8, 0xB0, 0x96, 0x7A, 0x15, 0xAC, + 0x98, 0x0A, 0x0F, 0x19, 0xFE, 0xA4, 0x12, 0xDE, + 0x04, 0x14, 0x1E, 0x85, 0xED, 0x7F, 0x9E, 0x71, + 0xFA, 0x08, 0x9D, 0x37, 0x48, 0x43, 0xA0, 0x12, + 0xEF, 0xE5, 0xAA, 0xE1, 0xE3, 0x8A, 0x02, 0x0C, + 0x57, 0xA3, 0x1D, 0x32, 0x35, 0xB3, 0x4F, 0xD0, + 0xB9, 0xF5, 0xE7, 0x3C, 0x82, 0x00, 0x18, 0x0F, + 0x32, 0x30, 0x31, 0x37, 0x31, 0x30, 0x31, 0x38, + 0x31, 0x32, 0x33, 0x38, 0x35, 0x32, 0x5A, 0x30, + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x81, 0x00, 0xB3, 0x0F, 0x6A, 0xB0, 0x7D, + 0x2B, 0xDE, 0xC3, 0x95, 0x3E, 0x05, 0x98, 0xC7, + 0x4F, 0x49, 0xCA, 0x13, 0xEE, 0x80, 0x00, 0xB1, + 0xAA, 0xF8, 0x5F, 0x12, 0x8B, 0x53, 0xDF, 0xA8, + 0xAD, 0xA8, 0x6D, 0xEC, 0x7F, 0x96, 0x4C, 0x06, + 0x12, 0xA6, 0x70, 0xB1, 0x87, 0xFB, 0xA0, 0x47, + 0x5E, 0xC6, 0xD2, 0x3B, 0x73, 0x4F, 0x32, 0x30, + 0x9C, 0xB4, 0x05, 0x03, 0x24, 0x7D, 0x30, 0x36, + 0x0A, 0xA7, 0x83, 0xA6, 0xE1, 0x8A, 0x90, 0xEE, + 0xBF, 0xB8, 0xDC, 0x38, 0x88, 0xA8, 0xA5, 0x54, + 0xDB, 0x95, 0x9C, 0xAD, 0x58, 0x9F, 0x51, 0xBB, + 0x64, 0x47, 0xE2, 0xDB, 0x8C, 0x7F, 0x81, 0x93, + 0x55, 0x07, 0xBC, 0x51, 0x3C, 0x98, 0x23, 0x97, + 0x64, 0x1F, 0x9C, 0x99, 0x0C, 0xA3, 0x19, 0xAA, + 0x75, 0x45, 0x7D, 0x1D, 0x9E, 0x3D, 0x96, 0x9B, + 0x8F, 0x2F, 0x53, 0x0A, 0xA9, 0xEF, 0x59, 0xC0, + 0xF0, 0x06, 0x1C, 0x5C, 0xBE, 0x7B, 0xE7, 0x16, + 0x78, 0xAD, 0xBF, 0x43, 0x0E, 0x16, 0xA8, 0x57, + 0x68, 0x77, 0x4B, 0x46, 0x65, 0xBB, 0x82, 0x0D, + 0x6E, 0xDB, 0x83, 0x21, 0x5B, 0x31, 0x27, 0x9D, + 0xE4, 0xAA, 0x41, 0xA3, 0x8D, 0x50, 0x78, 0xFD, + 0x1D, 0x11, 0xB6, 0xA0, 0x97, 0x38, 0x8D, 0x93, + 0x84, 0xC2, 0xB7, 0x49, 0xF0, 0xD6, 0xAB, 0x0C, + 0xC5, 0xF6, 0xD6, 0x00, 0xEF, 0xAD, 0xD5, 0x55, + 0x78, 0xBE, 0x83, 0xEC, 0x37, 0xA3, 0x2B, 0xF8, + 0x66, 0xD3, 0xFC, 0x41, 0x45, 0x8E, 0x55, 0x46, + 0x38, 0x6B, 0x3A, 0x44, 0x95, 0x7D, 0x70, 0xAA, + 0x83, 0xBC, 0xCE, 0x75, 0x23, 0xC6, 0xCD, 0x40, + 0xCD, 0x13, 0x8B, 0x51, 0xE2, 0xCF, 0x2B, 0xC1, + 0x8C, 0x2D, 0x52, 0x19, 0x2C, 0xFD, 0xFA, 0xD4, + 0x9D, 0xA4, 0x2E, 0x07, 0x23, 0xD0, 0x67, 0x6A, + 0x18, 0x85, 0x47, 0xE4, 0xDE, 0x78, 0xA7, 0xA6, + 0xE5, 0xE4, 0xE8, 0x12, 0x50, 0xFD, 0xC4, 0x74, + 0xA6, 0xC5, 0x45, 0x9C, 0x82, 0x55, 0x9D, 0xA7, + 0xF0, 0x37, 0xAB, 0xDC, 0x27, 0xFD, 0x3E, 0xD7, + 0xEF, 0x19, 0x5E, 0xD9, 0x7B, 0x80, 0xAF, 0xFC, + 0x20, 0x8D, 0xEA, 0xB2, 0x64, 0x93, 0x9E, 0x0F, + 0xE9, 0xAB, 0x8F, 0xEA, 0x91, 0x09, 0x83, 0x41, + 0x12, 0x18, 0x2E, 0x5F, 0xA2, 0x9E, 0x47, 0x14, + 0x2C, 0x95, 0x33, 0xE5, 0xBF, 0xA2, 0xDD, 0x00, + 0xD5, 0xCC, 0x4D, 0xD3, 0xE7, 0x07, 0x62, 0x5A, + 0x81, 0xD4, 0xD4, 0x21, 0xA2, 0x52, 0xEA, 0x7B, + 0x7A, 0x6C, 0x0E, 0x32, 0x76, 0x12, 0x82, 0x0A, + 0x2E, 0xD3, 0x79, 0x75, 0x12, 0xCE, 0xEB, 0x3E, + 0x4B, 0xEF, 0x80, 0xB0, 0xC2, 0x22, 0x75, 0x49, + 0xE2, 0xE1, 0xF1, 0x7C, 0x89, 0xB6, 0xBF, 0xDE, + 0x7B, 0xD4, 0x67, 0x14, 0x1E, 0x7A, 0x5C, 0x2C, + 0xCE, 0xEE, 0x5C, 0xA1, 0x6C, 0x73, 0xF1, 0xFD, + 0x54, 0xFA, 0x43 +}; + +const char _ocsp_subca3_unknown_pem[] = + "-----BEGIN OCSP RESPONSE-----\n" + "MIIGUwoBAKCCBkwwggZIBgkrBgEFBQcwAQEEggY5MIIGNTCBhaEUMBIxEDAOBgNV\n" + "BAMTB3N1YkNBLTMYDzIwMTcxMDE4MTIwOTMwWjBcMFowRTAJBgUrDgMCGgUABBSy\n" + "5lyOboNLvRHZl/o2k1merVwVxAQUnpHsjKokWyLg6BHo6aSRtZEmAPECDFejHTI2\n" + "yAyhyrC99oIAGA8yMDE3MTAxODEyMDkzMFowDQYJKoZIhvcNAQENBQADggGBAFZk\n" + "KxCq5yZ/8X+Glw4YtHWSZRIrRp8+lpjkqxDRDuoI4qUBdaRbdqxJK57xSvJ5Ok4V\n" + "gf9N02WOrkq7MzWLD7ZdMu/14SW/vVIdmfI04Ps4NGya71OykMb7daCMvGuO2N4z\n" + "5G/yrfKiT8JYR+JobTo6swqCPaSFAFg+ADWdax//n66wmuLHDpqzfFLp2lBXNXJx\n" + "gafAQCjqK84JRx2xgEFZ9l3TPOoR2BO5DzJqKXK+wcMbtUxNDaHV8MTsxVqTQXoB\n" + "JLN6cYKjxghCkQ5r54YLr77fB1qMNfhffy9gBN0q8g3AHG+gMICkNYPTw8w1Rjbr\n" + "6bE8CI/MXcrZrz7UWLuQXe8BnNk+Vn7PE6oRxCLSoJ8b6fB4cDvMIX1rRpc/Owxb\n" + "j6gockpBTebdLr3xpB6iopRurTPCVtMpz3VeNVnrB3gjCyBO62ErRncKn6RXqEVF\n" + "bo+01Zz8hHjDgtm2p9V24CMJK5p8fLVthJ0fRwyc1oYr3fT6l+dy50JSdOhNAaCC\n" + "BBUwggQRMIIEDTCCAnWgAwIBAgIMV6MdMjWzT9C59ec8MA0GCSqGSIb3DQEBCwUA\n" + "MA8xDTALBgNVBAMTBENBLTMwIBcNMTYwNTEwMDg0ODMwWhgPOTk5OTEyMzEyMzU5\n" + "NTlaMBIxEDAOBgNVBAMTB3N1YkNBLTMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw\n" + "ggGKAoIBgQCgOcNXzStOnRFoi05aMRLeMB45X4a2srSBul3ULxDSGjIP0EEl//X2\n" + "WLiope/xNL8bPCRpI1sSVXl8Hb1cK3qWNGazVmC7xW07NxL26I86e3/BVRnq8ioV\n" + "tvPQwEpvuI8F97x1vL/n+cfcdkN77NScr5C9jHMVioRvC+qKz9bUBx5DSySV66PR\n" + "5+wGsJDvkfsmjVOgqiTlSWQS5G3nMMq0Rixsc5dP5Wygkbdh9+45UCtObcnHABJr\n" + "P+GtLiG0AOUx6oPzPteZL13erWXg7zYusTarj9rTcdsgR/Im1mIzmD2i7GhJo4Gj\n" + "0Sk3Rq93JyeA+Ay5UPmqcm+dqX00b49MTTv4GtO53kLQSCXYFJ96jcMiXMzBFJD1\n" + "ROsdk4WUed/tJMHffttDz9j3WcuX9M2nzTT2xlauokjbEAhRDRw5fxCFZh7TbmaH\n" + "4vysDO9UZXVEXSLKonQ2Lmyso48s/G30VmlSjtPtJqRsv/oPpCO/c0D6BrkHV55B\n" + "48xfmyIFjgECAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMD\n" + "BwYAMB0GA1UdDgQWBBQtMwQbJ3+UBHzH4zVP6SWklOG3oTAfBgNVHSMEGDAWgBT5\n" + "qIYZY7akFBNgdg8BmjU27/G0rzANBgkqhkiG9w0BAQsFAAOCAYEAMii5Gx3/d/58\n" + "oDRy5a0oPvQhkU0dKa61NfjjOz9uqxNSilLJE7jGJPaG2tKtC/XU1Ybql2tqQY68\n" + "kogjKs31QC6RFkoZAFouTJt11kzbgVWKewCk3/OrA0/ZkRrAfE0Pma/NITRwTHmT\n" + "sQOdv/bzR+xIPhjKxKrKyJFMG5xb+Q0OKSbd8kDpgYWKob5x2jsNYgEDp8nYSRT4\n" + "5SGw7c7FcumkXz2nA6r5NwbnhELvNFK8fzsY+QJKHaAlJ9CclliP1PiiAcl2LQo2\n" + "gaygWNiD+ggnqzy7nqam9rieOOMHls1kKFAFrWy2g/cBhTfS+/7Shpex7NK2GAiu\n" + "jgUV0TZHEyEZt6um4gLS9vwUKs/R4XS9VL/bBlfAy2hAVTeUejiRBGeTJkqBu7+c\n" + "4FdrCByVhaeQASMYu/lga8eaGL1zJbJe2BQWI754KDYDT9qKNqGlgysr4AVje7z1\n" + "Y1MQ72SnfrzYSQw6BB85CurB6iou3Q+eM4o4g/+xGEuDo0Ne/8ir\n" + "-----END OCSP RESPONSE-----\n"; + +static gnutls_datum_t ocsp_subca3_unknown = { + (void *)_ocsp_subca3_unknown, sizeof(_ocsp_subca3_unknown) +}; + +static gnutls_datum_t ocsp_subca3_unknown_pem = { + (void *)_ocsp_subca3_unknown_pem, sizeof(_ocsp_subca3_unknown_pem)-1 +}; + +/* ocsp response with good status for + * cli_ca3_cert. Signed with + * RSA-SHA256. + */ + +const char _ocsp_cli_ca3_good_pem[] = + "-----BEGIN OCSP RESPONSE-----" + "MIIGPQoBAKCCBjYwggYyBgkrBgEFBQcwAQEEggYjMIIGHzCBgqERMA8xDTALBgNV" + "BAMTBENBLTMYDzIwMTkwOTIwMjAwMjMxWjBcMFowRTAJBgUrDgMCGgUABBSy5lyO" + "boNLvRHZl/o2k1merVwVxAQUnpHsjKokWyLg6BHo6aSRtZEmAPECDFejHTI2Wi75" + "obBaUoAAGA8yMDE5MDkyMDIwMDIzMVowDQYJKoZIhvcNAQELBQADggGBAC80EWal" + "PkJ29i/sZsO49hRolZXCMb1bjI0yxwhoH2Hk8Z0L41N0WFRphPqrDr8Dm3uRMcdx" + "n3xre+bxM0WL44mUMxptdYUcAwfb1M2gSQVhRvhvIfiMQZlkMYle4RPdVQN9nxmC" + "WbZD0WJmXQuYpFWYDVQkcL6f5Tlex5a8M/v/ihFBecs3wfstD1Bu4mD7nA8O/tGa" + "u0JQXxHnIM7FBOm73HccoxE5in307WEJtK1yTiUjwjlvl05hdWIzdydRToB6dNLL" + "MtgoFkKIX4aF6fkv1We4zooFdzlQanGdompaSDRGgMEONMZsQdWAs6Nmk+98f6cR" + "V426fFq3i6MLctLbwB5cOvvKbf9+P14KMD+bzcglupWqgJhNAmQlWksjWgMjfcCV" + "w4xATkcHnbMLlQ6ikORcXdkAbbhx8O0jJG1MdiUxErPOkOmKz2Nq14OYVYZII0t/" + "tbzuVGrYtNde4OM2mt9KSOY9rqX1wgKWOUPQW/FzOQvlAaiIwSQtrha/JaCCBAIw" + "ggP+MIID+jCCAmKgAwIBAgIIVzGgXgSsTYwwDQYJKoZIhvcNAQELBQAwDzENMAsG" + "A1UEAxMEQ0EtMzAgFw0xNjA1MTAwODQ4MzBaGA85OTk5MTIzMTIzNTk1OVowDzEN" + "MAsGA1UEAxMEQ0EtMzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALbd" + "xniG+2wP/ONeZfvR7AJakVo5deFKIHVTiiBWwhg+HSjd4nfDa+vyTt/wIdldP1Pr" + "iD1Rigc8z68+RxPpGfAc197pKlKpO08I0L1RDKnjBWr4fGdCzE6uZ/ZsKVifoIZp" + "dC8M2IYpAIMajEtnH53XZ1hTEviXTsneuiCTtap73OeSkL71SrIMkgBmAX17gfX3" + "SxFjQUzOs6QMMOa3+8GW7RI+E/SyS1QkOO860dj9XYgOnTL20ibGcWF2XmTiQASI" + "+KmHvYJCNJF/8pvmyJRyBHGZO830aBY0+DcS2bLKcyMiWfOJw7WnpaO7zSEC5WFg" + "o4jdqroUBQdjQNCSSdrt1yYrAl1Sj2PMxYFX4H545Pr2sMpwC9AnPk9+uucT1Inj" + "9615qbuXgFwhkgpK5pnPjzKaHp7ESlJj4/dIPTmhlt5BV+CLh7tSLzVLrddGU+os" + "8JinT42radJ5V51Hn0C1CHIaFAuBCd5XRHXtrKb7WcnwCOxlcvux9h5/847F4wID" + "AQABo1gwVjAPBgNVHRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8G" + "A1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFPmohhljtqQUE2B2DwGaNTbv8bSvMA0G" + "CSqGSIb3DQEBCwUAA4IBgQBhBi8dXQMtXH2oqcuHuEj9JkxraAsaJvc1WAoxbiqV" + "cJKcVSC0gvoCY3q+NQvuePzw5dzd5JBfkoIsP5U6ATWAUPPqCP+/jRnFqDQlH626" + "mhDGVS8W7Ee8z1KWqnKWGv5nkrZ6r3y9bVaNUmY7rytzuct1bI9YkX1kM66vgnU2" + "xeMIjDe36/wTtBRVFPSPpE3KL9hxCg3KgPSeSmmIhmQxJ1M6xe00314/GX3lTDt5" + "5UdMgmldl2LHV+0i1NPCgnuOEFVOiz2nHAnw2LNmvHEDDpPauz2Meeh9aaDeefIh" + "2u/wg39WRPhU1mYvmxvYZqA/jwSctiEhuKEBBZSOHxeTjplH1THlIziVnYyVW4sP" + "MiGUajXhTi47H219hx87+bldruOtirbDIslL9RGWqWAkMeGP+hUl1R2zvDukaqIK" + "qIN81/A/EeMoI6/IHb1BpgY2rGs/I/QTb3VTKqQUYv09Hi+itPCdKqamSm8dZMKK" + "aPA0fD9yskUMFPBhfj8BvXg=" + "-----END OCSP RESPONSE-----"; + +static gnutls_datum_t ocsp_cli_ca3_good_pem = { + (void *)_ocsp_cli_ca3_good_pem, sizeof(_ocsp_cli_ca3_good_pem) +}; + +const char _ocsp_cli_ca3_bad_pem[] = + "-----BEGIN OCSP RESPONSE-----" + "MIIGTgoBAKCCBkcwggZDBgkrBgEFBQcwAQEEggY0MIIGMDCBk6ERMA8xDTALBgNV" + "BAMTBENBLTMYDzIwMTkwOTIwMjAwMTIxWjBtMGswRTAJBgUrDgMCGgUABBSy5lyO" + "boNLvRHZl/o2k1merVwVxAQUnpHsjKokWyLg6BHo6aSRtZEmAPECDFejHTI2Wi75" + "obBaUqERGA8yMDE5MDUyMjEzNTEwMVoYDzIwMTkwOTIwMjAwMTIxWjANBgkqhkiG" + "9w0BAQsFAAOCAYEAdCpwIfVu7z2CW3G7IzRSAMBLxu1e/trNdmlKPpx9ptKVWISr" + "2Fbro6D73HE0/IoTkZXqmUNoEjK0Os3Z/FIlbRuDql0dLkK/KornsvFRD7SemW2z" + "Z93GIX4JUBJQJW5iYjKBq9xn31IKEhjn9Zhtsfe7a9vK9mnW5oefeIiRLqfmcS09" + "mclyvTI1aGPcfkSSdabywpKFFETwX1LBIyBhNL9cV07nf0xntOrv5xfLTjyM2uVt" + "1A4F87xJJG2OX3YJXtf2yuXh1JTAMlUOOrICq1ejXos0AW7iJMzuOkBmXuGHjbBA" + "1zcSHJF6eZK4iaasdKd4q+coI9x0IdtNohT0a++R4jwFyKlINMVxB8L3xL9l+Fxz" + "+bNlJt3oZSYAx3CmcFMbScN3LmmHXrsKc6BhuHmgLEhpU9qnnDmUTaJdIWtTHIrq" + "St+IjvU77wnBscIxQaY0p120rwbqFF9ZUWnbgzsxYqJJ8+qW6oESV5ezWF7bg2YI" + "d6W38uy7ibW/10froIIEAjCCA/4wggP6MIICYqADAgECAghXMaBeBKxNjDANBgkq" + "hkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0zMCAXDTE2MDUxMDA4NDgzMFoYDzk5" + "OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRDQS0zMIIBojANBgkqhkiG9w0BAQEF" + "AAOCAY8AMIIBigKCAYEAtt3GeIb7bA/8415l+9HsAlqRWjl14UogdVOKIFbCGD4d" + "KN3id8Nr6/JO3/Ah2V0/U+uIPVGKBzzPrz5HE+kZ8BzX3ukqUqk7TwjQvVEMqeMF" + "avh8Z0LMTq5n9mwpWJ+ghml0LwzYhikAgxqMS2cfnddnWFMS+JdOyd66IJO1qnvc" + "55KQvvVKsgySAGYBfXuB9fdLEWNBTM6zpAww5rf7wZbtEj4T9LJLVCQ47zrR2P1d" + "iA6dMvbSJsZxYXZeZOJABIj4qYe9gkI0kX/ym+bIlHIEcZk7zfRoFjT4NxLZsspz" + "IyJZ84nDtaelo7vNIQLlYWCjiN2quhQFB2NA0JJJ2u3XJisCXVKPY8zFgVfgfnjk" + "+vawynAL0Cc+T3665xPUieP3rXmpu5eAXCGSCkrmmc+PMpoensRKUmPj90g9OaGW" + "3kFX4IuHu1IvNUut10ZT6izwmKdPjatp0nlXnUefQLUIchoUC4EJ3ldEde2spvtZ" + "yfAI7GVy+7H2Hn/zjsXjAgMBAAGjWDBWMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0l" + "BAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQU+aiGGWO2" + "pBQTYHYPAZo1Nu/xtK8wDQYJKoZIhvcNAQELBQADggGBAGEGLx1dAy1cfaipy4e4" + "SP0mTGtoCxom9zVYCjFuKpVwkpxVILSC+gJjer41C+54/PDl3N3kkF+Sgiw/lToB" + "NYBQ8+oI/7+NGcWoNCUfrbqaEMZVLxbsR7zPUpaqcpYa/meStnqvfL1tVo1SZjuv" + "K3O5y3Vsj1iRfWQzrq+CdTbF4wiMN7fr/BO0FFUU9I+kTcov2HEKDcqA9J5KaYiG" + "ZDEnUzrF7TTfXj8ZfeVMO3nlR0yCaV2XYsdX7SLU08KCe44QVU6LPaccCfDYs2a8" + "cQMOk9q7PYx56H1poN558iHa7/CDf1ZE+FTWZi+bG9hmoD+PBJy2ISG4oQEFlI4f" + "F5OOmUfVMeUjOJWdjJVbiw8yIZRqNeFOLjsfbX2HHzv5uV2u462KtsMiyUv1EZap" + "YCQx4Y/6FSXVHbO8O6Rqogqog3zX8D8R4ygjr8gdvUGmBjasaz8j9BNvdVMqpBRi" + "/T0eL6K08J0qpqZKbx1kwopo8DR8P3KyRQwU8GF+PwG9eA==" + "-----END OCSP RESPONSE-----"; + +static gnutls_datum_t ocsp_cli_ca3_bad_pem = { + (void *)_ocsp_cli_ca3_bad_pem, sizeof(_ocsp_cli_ca3_bad_pem) +}; + + + +#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) +# pragma GCC diagnostic pop +#endif + +#endif /* GNUTLS_TESTS_OCSP_COMMON_H */ diff --git a/tests/ocsp-filename-memleak.c b/tests/ocsp-filename-memleak.c new file mode 100644 index 0000000..d6e2bda --- /dev/null +++ b/tests/ocsp-filename-memleak.c @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2016 Attila Molnar + * Copyright (C) 2013-2016 Nikos Mavrogiannopoulos + * Copyright (C) 2016 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This program tests if gnutls_certificate_set_ocsp_status_request_file() + * leaks memory if called more than once with the same credentials. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include "utils.h" + +#if !defined(ENABLE_OCSP) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +void doit(void) +{ + gnutls_certificate_credentials_t x509_cred; + + gnutls_certificate_allocate_credentials(&x509_cred); + /* The file does not need to exist for this test + */ + gnutls_certificate_set_ocsp_status_request_file + (x509_cred, "ocsp-status.der", 0); + gnutls_certificate_set_ocsp_status_request_file + (x509_cred, "ocsp-status.der", 0); + + gnutls_certificate_free_credentials(x509_cred); +} + +#endif diff --git a/tests/ocsp-tests/certs/ca.key b/tests/ocsp-tests/certs/ca.key new file mode 100644 index 0000000..3e6f5d8 --- /dev/null +++ b/tests/ocsp-tests/certs/ca.key @@ -0,0 +1,144 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Medium (2048 bits) + +modulus: + 00:a0:55:e9:3e:44:31:28:a3:31:fc:7f:7b:d3:24: + 6a:c1:f1:2e:2e:55:0e:fe:20:61:be:58:fe:7b:b1: + 8a:54:75:0a:90:91:83:a4:f0:9e:aa:6e:fe:d9:a4: + 8f:d5:d4:db:77:b0:66:e2:31:8d:bf:9e:3d:d3:87: + ec:09:a2:15:92:98:c5:9a:68:eb:ec:75:87:a1:82: + 06:a0:69:8e:78:96:37:5c:a0:b7:f9:8b:b3:a8:c0: + a4:90:25:18:e7:e0:ae:38:05:5b:38:3c:87:0b:20: + 9c:de:93:e6:09:f7:9c:54:bb:08:b8:45:90:94:5a: + bf:a0:ef:80:67:1f:46:74:86:42:ff:4e:fd:e1:99: + 0d:40:08:50:63:e8:bb:49:51:a6:23:8d:ef:b5:33: + 0d:19:af:10:d9:1e:eb:ee:b4:2c:1c:a0:25:90:f8: + ef:46:22:40:76:d4:e9:66:44:45:01:c4:ab:52:42: + 6e:1d:e2:5c:1d:52:b8:24:6a:7b:74:74:ef:92:3f: + bb:ff:b3:3a:40:f2:80:39:95:08:f4:18:aa:81:c9: + fb:70:27:7d:7a:63:b2:74:d3:8e:83:2e:a9:85:de: + d1:05:72:0a:0c:c0:78:58:1a:b7:25:d4:bb:14:af: + 3e:af:2b:55:35:58:bd:be:be:00:e5:c1:55:30:e2: + 76:9d: + +public exponent: + 01:00:01: + +private exponent: + 45:69:6b:f4:7c:e9:1b:42:ab:5d:38:83:8e:c0:f1: + 46:cc:f6:c5:30:25:b1:76:ab:5a:10:84:fb:5f:bd: + 17:1b:24:5b:b9:e3:58:00:a3:6f:fd:65:6f:2b:82: + e9:7b:a1:17:8b:d2:be:91:dd:5f:db:4d:c0:c9:d3: + 31:c8:6d:b6:6d:54:fe:a7:f5:9b:04:b6:97:01:07: + 85:62:ad:3f:1f:29:10:7c:b3:a8:e1:06:02:44:83: + f9:b3:55:b8:ec:d7:ff:80:b2:21:02:73:24:2a:16: + 3f:75:9f:dd:28:c9:11:15:77:8c:ee:f0:cc:89:0c: + f4:cb:3a:b7:6a:1e:c2:4a:be:38:97:c4:8a:e9:c6: + 63:12:6f:49:ab:6a:63:15:c2:3e:7a:d1:d9:55:cf: + 76:24:e7:f1:2b:f1:42:9c:bd:bd:c1:a4:bd:70:31: + 8e:7e:be:7d:2b:83:e7:ee:2e:50:36:3c:2a:db:d8: + df:4b:52:ce:d9:8e:ab:03:98:0f:8a:12:f2:01:2f: + bb:da:23:23:e4:fd:87:6e:ea:84:70:68:e1:55:8f: + 0c:14:99:ee:98:ff:09:9c:d4:11:b7:a1:fe:47:a2: + 5f:e7:d6:6f:06:25:cc:c0:b9:bf:01:08:1f:cb:36: + d5:fc:fb:be:e0:7f:54:9e:60:4c:f7:41:66:a1:12: + 31: + +prime1: + 00:cf:14:c8:cc:6d:58:82:10:47:f7:d2:4f:4f:d5: + db:ad:ef:17:97:94:b1:5d:4e:34:ee:97:9c:46:08: + 48:4c:d1:e6:e9:6f:7c:56:b2:2d:63:ba:c5:d1:29: + b5:61:c9:fe:96:6a:72:a7:ce:1a:45:90:96:28:0d: + 7e:02:7a:74:af:a8:50:d6:8e:d9:86:d1:a0:8d:d9: + 6e:7c:05:0b:cd:b4:84:84:78:3f:f2:e5:91:45:cb: + a8:04:3c:86:0a:d8:8f:49:31:74:fd:2b:3a:b8:ee: + da:e8:01:a7:e7:89:fa:b2:60:1b:de:a3:37:4d:98: + e8:a8:5f:0a:68:05:c4:5c:db: + +prime2: + 00:c6:36:30:e5:d1:3d:76:d2:b2:ef:40:67:77:ce: + d8:20:a9:6d:35:c4:1d:45:93:a3:ba:9e:03:d5:ce: + 9e:65:d1:ed:f1:52:0e:d9:7b:a9:f6:6e:cd:dd:ea: + c1:49:a9:47:24:98:7b:3f:f2:fc:cc:a6:65:06:b7: + f2:0a:00:71:31:e8:d0:2a:95:65:06:5b:12:44:8d: + 96:17:d2:42:31:c8:57:41:2d:37:24:57:14:0f:97: + a1:6f:f1:28:db:67:06:67:06:51:16:58:e8:c6:c8: + a7:4c:58:bc:68:69:de:1a:2c:e2:0b:3c:15:d5:28: + b4:90:e8:62:20:0a:81:17:e7: + +coefficient: + 4d:92:c6:fe:bb:a3:0d:d1:33:46:87:75:cb:33:6b: + 68:07:d9:3a:d0:48:9c:75:ee:ba:2c:73:c4:96:96: + 39:d9:b5:65:d2:20:8d:b9:6a:7f:39:a7:dd:44:ea: + 65:8b:fd:2b:dd:0d:08:13:92:c1:98:74:be:5e:cb: + e9:14:a4:d9:02:0b:ee:04:ed:de:34:eb:40:51:d6: + a4:7e:bf:ba:0f:ee:e6:2c:e8:0b:5b:e7:28:bd:2d: + a2:7a:8c:66:83:f6:d6:4c:9f:5d:9c:66:c5:26:1a: + 16:44:43:a9:2c:64:fd:3f:54:a2:14:22:81:e0:80: + 7f:46:5e:a4:8e:cd:8d:50: + +exp1: + 2e:1b:72:9a:11:be:a3:36:fc:cf:31:04:77:c2:26: + 27:94:14:ac:ab:6e:d2:57:97:71:88:50:43:47:94: + d1:85:ea:e4:0e:ee:a0:5f:0b:bc:28:d9:e2:b8:66: + aa:5f:4f:50:2e:63:58:f9:8a:df:f2:51:7c:99:84: + 75:08:ce:f2:4d:87:b2:3e:1c:30:e8:7b:d7:19:92: + 80:0a:9f:96:2d:9b:53:e3:72:59:a2:c3:b5:c6:a2: + a2:4e:d7:89:92:ae:54:9d:ae:6e:b0:31:62:fb:cb: + c1:dc:9c:85:f1:32:e0:84:85:b0:0c:a7:43:9f:c8: + 2d:b4:fb:9c:2d:ac:8b: + +exp2: + 4e:79:88:14:85:2a:1b:90:41:ed:bd:86:f9:85:38: + 46:7e:2d:d1:da:aa:68:30:92:e3:40:ca:6d:ed:17: + 03:63:01:1c:c9:0b:3e:09:da:f9:c9:56:d2:64:ae: + 50:16:a8:27:12:03:c2:06:d7:15:c3:4f:3e:40:b7: + a0:44:1a:8c:d3:0b:0f:c1:04:35:66:fb:2d:8f:0c: + fc:b3:6f:27:bc:94:e7:26:1a:ad:d5:98:08:b0:54: + e7:38:08:a0:0d:03:18:e9:04:53:9f:b1:d1:7a:01: + da:95:4b:4a:df:97:62:af:a0:73:28:3f:d0:9c:04: + 19:57:17:fa:6d:8e:3c:c3: + + +Public Key ID: 2D:D8:14:9A:16:D5:6D:FE:FB:B0:E0:DE:F1:F5:C5:23:0B:D3:62:BE +Public key's random art: ++--[ RSA 2048]----+ +| ..o. . | +| + .. o | +| + . o | +| . + . . | +| . S . . | +| . . .. | +| =.ooo+| +| o.+o+==| +| E+.o.+| ++-----------------+ + +-----BEGIN RSA PRIVATE KEY----- +MIIEoAIBAAKCAQEAoFXpPkQxKKMx/H970yRqwfEuLlUO/iBhvlj+e7GKVHUKkJGD +pPCeqm7+2aSP1dTbd7Bm4jGNv54904fsCaIVkpjFmmjr7HWHoYIGoGmOeJY3XKC3 ++YuzqMCkkCUY5+CuOAVbODyHCyCc3pPmCfecVLsIuEWQlFq/oO+AZx9GdIZC/079 +4ZkNQAhQY+i7SVGmI43vtTMNGa8Q2R7r7rQsHKAlkPjvRiJAdtTpZkRFAcSrUkJu +HeJcHVK4JGp7dHTvkj+7/7M6QPKAOZUI9Biqgcn7cCd9emOydNOOgy6phd7RBXIK +DMB4WBq3JdS7FK8+rytVNVi9vr4A5cFVMOJ2nQIDAQABAoIBAEVpa/R86RtCq104 +g47A8UbM9sUwJbF2q1oQhPtfvRcbJFu541gAo2/9ZW8rgul7oReL0r6R3V/bTcDJ +0zHIbbZtVP6n9ZsEtpcBB4VirT8fKRB8s6jhBgJEg/mzVbjs1/+AsiECcyQqFj91 +n90oyREVd4zu8MyJDPTLOrdqHsJKvjiXxIrpxmMSb0mramMVwj560dlVz3Yk5/Er +8UKcvb3BpL1wMY5+vn0rg+fuLlA2PCrb2N9LUs7ZjqsDmA+KEvIBL7vaIyPk/Ydu +6oRwaOFVjwwUme6Y/wmc1BG3of5Hol/n1m8GJczAub8BCB/LNtX8+77gf1SeYEz3 +QWahEjECgYEAzxTIzG1YghBH99JPT9Xbre8Xl5SxXU407pecRghITNHm6W98VrIt +Y7rF0Sm1Ycn+lmpyp84aRZCWKA1+Anp0r6hQ1o7ZhtGgjdlufAULzbSEhHg/8uWR +RcuoBDyGCtiPSTF0/Ss6uO7a6AGn54n6smAb3qM3TZjoqF8KaAXEXNsCgYEAxjYw +5dE9dtKy70Bnd87YIKltNcQdRZOjup4D1c6eZdHt8VIO2Xup9m7N3erBSalHJJh7 +P/L8zKZlBrfyCgBxMejQKpVlBlsSRI2WF9JCMchXQS03JFcUD5ehb/Eo22cGZwZR +FljoxsinTFi8aGneGiziCzwV1Si0kOhiIAqBF+cCfy4bcpoRvqM2/M8xBHfCJieU +FKyrbtJXl3GIUENHlNGF6uQO7qBfC7wo2eK4ZqpfT1AuY1j5it/yUXyZhHUIzvJN +h7I+HDDoe9cZkoAKn5Ytm1Pjclmiw7XGoqJO14mSrlSdrm6wMWL7y8HcnIXxMuCE +hbAMp0OfyC20+5wtrIsCgYBOeYgUhSobkEHtvYb5hThGfi3R2qpoMJLjQMpt7RcD +YwEcyQs+Cdr5yVbSZK5QFqgnEgPCBtcVw08+QLegRBqM0wsPwQQ1Zvstjwz8s28n +vJTnJhqt1ZgIsFTnOAigDQMY6QRTn7HRegHalUtK35dir6BzKD/QnAQZVxf6bY48 +wwKBgE2Sxv67ow3RM0aHdcsza2gH2TrQSJx17rosc8SWljnZtWXSII25an85p91E +6mWL/SvdDQgTksGYdL5ey+kUpNkCC+4E7d4060BR1qR+v7oP7uYs6Atb5yi9LaJ6 +jGaD9tZMn12cZsUmGhZEQ6ksZP0/VKIUIoHggH9GXqSOzY1Q +-----END RSA PRIVATE KEY----- diff --git a/tests/ocsp-tests/certs/ca.pem b/tests/ocsp-tests/certs/ca.pem new file mode 100644 index 0000000..2a5b006 --- /dev/null +++ b/tests/ocsp-tests/certs/ca.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8DCCAdigAwIBAgIIVvMK4C5SmsswDQYJKoZIhvcNAQELBQAwHDEaMBgGA1UE +AxMRVGVzdGluZyBBdXRob3JpdHkwIhgPMjAxNjAzMjMyMTMwMTVaGA85OTk5MTIz +MTIzNTk1OVowHDEaMBgGA1UEAxMRVGVzdGluZyBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgVek+RDEoozH8f3vTJGrB8S4uVQ7+IGG+ +WP57sYpUdQqQkYOk8J6qbv7ZpI/V1Nt3sGbiMY2/nj3Th+wJohWSmMWaaOvsdYeh +ggagaY54ljdcoLf5i7OowKSQJRjn4K44BVs4PIcLIJzek+YJ95xUuwi4RZCUWr+g +74BnH0Z0hkL/Tv3hmQ1ACFBj6LtJUaYjje+1Mw0ZrxDZHuvutCwcoCWQ+O9GIkB2 +1OlmREUBxKtSQm4d4lwdUrgkant0dO+SP7v/szpA8oA5lQj0GKqByftwJ316Y7J0 +046DLqmF3tEFcgoMwHhYGrcl1LsUrz6vK1U1WL2+vgDlwVUw4nadAgMBAAGjMjAw +MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFC3YFJoW1W3++7Dg3vH1xSML02K+ +MA0GCSqGSIb3DQEBCwUAA4IBAQBhhfGrP9BMNaa60Cjikm1Qd56yCxew/XzsSiBF +BDqa7WBoI7735Khu8Q0ET0ryIlct19MGUKc8rQoL5I13kPELCCDJ62KY8uokQkZA +5bYt4lKses6Owe4mGhCHSisurgp+c/0T7YuViSHqr4N1qkzXjl41iCt2nOnETqlH +FJS8ctQLpDUWLr6VbM0LvRQ7PXnHQOWjrwb29FpVY2xFN+xFbqL3msgaYD9HNiO8 +btswJKGzXZ+yWDThiceMffFjJXAj9GVOztMMJPcv1PxcQEanxSMwwtiWp04ti8ch +3UMPIlgL2gZLG+7y3TJ59vaa17XyoXAly1RAsUibiNbMBxEw +-----END CERTIFICATE----- diff --git a/tests/ocsp-tests/certs/chain-akamai.com.pem b/tests/ocsp-tests/certs/chain-akamai.com.pem new file mode 100644 index 0000000..bcb506e --- /dev/null +++ b/tests/ocsp-tests/certs/chain-akamai.com.pem @@ -0,0 +1,54 @@ +-----BEGIN CERTIFICATE----- +MIIEujCCBGCgAwIBAgIQY7nsfv+YgzXxE9Z9L4ZNNTAKBggqhkjOPQQDAjCBgDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTEwLwYDVQQDEyhTeW1hbnRlYyBD +bGFzcyAzIEVDQyAyNTYgYml0IFNTTCBDQSAtIEcyMB4XDTE2MDcyODAwMDAwMFoX +DTE3MDcyODIzNTk1OVoweTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1 +c2V0dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEiMCAGA1UECgwZQWthbWFpIFRlY2hu +b2xvZ2llcywgSW5jLjEaMBgGA1UEAwwRYTI0OC5lLmFrYW1haS5uZXQwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAQCpvwTzWb1uqosqE52ItPukH6zYbx1GjvTx4Bg +HGulRdgt9psnHybLLv404jXSmt1KkitP6xmokBA4qb1HZnQro4ICwDCCArwwbgYD +VR0RBGcwZYIOKi5ha2FtYWloZC5uZXSCFiouYWthbWFpaGQtc3RhZ2luZy5uZXSC +FyouYWthbWFpemVkLXN0YWdpbmcubmV0gg8qLmFrYW1haXplZC5uZXSCEWEyNDgu +ZS5ha2FtYWkubmV0MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMGEGA1UdIARa +MFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20v +Y3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud +HwQkMCIwIKAeoByGGmh0dHA6Ly9yYy5zeW1jYi5jb20vcmMuY3JsMB0GA1UdJQQW +MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBQl8IrhS3rZAZUK7cZT +8Yx4H9nz+DBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9yYy5z +eW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9yYy5zeW1jYi5jb20vcmMuY3J0 +MIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHV +XIiNPRHEzbbsvswAAAFWMxw8DAAABAMARzBFAiEA0jnhAc04ytMqwcpzdhepDolx +k4/Ly01z7TbzhrdEm68CIDBoqkfHeUf/Egy4Dc6WtF7d4Yaz6VQwtPZtE62nYobW +AHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFWMxw8aQAABAMA +RzBFAiEAtmv/WDAEkIzPoAmNg8rDB3hxjrqDE28O9ypcHfLfDKQCIAkexztlslo9 +vvg88draHLAFn6LehOKa+CDmG+7iBshSMAoGCCqGSM49BAMCA0gAMEUCIQCaLLx7 +OCmOUhNgoZX/s6pyGzE4p5dFiLJJm3u6dDw/jQIgS8vB1RZeveychMbXDPrx5y/W +HvfPyxlCkvHQR9TX15o= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEajCCA1KgAwIBAgIQP5KHvp0dpKN6nfYoLndaxDANBgkqhkiG9w0BAQsFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMTUwNTEyMDAwMDAwWhcNMjUwNTExMjM1OTU5WjCBgDEL +MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD +VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTEwLwYDVQQDEyhTeW1hbnRlYyBD +bGFzcyAzIEVDQyAyNTYgYml0IFNTTCBDQSAtIEcyMFkwEwYHKoZIzj0CAQYIKoZI +zj0DAQcDQgAEDxukkdfnrOfRTk63ZFvhj39uBNOrONtEt0Bcbb2WljffeYmGZ/ex +Hwie/WM7RoyfvVPoFdyXPiuBRq2Gfw4BOaOCAV0wggFZMC4GCCsGAQUFBwEBBCIw +IDAeBggrBgEFBQcwAYYSaHR0cDovL3Muc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYB +Af8CAQAwZQYDVR0gBF4wXDBaBgpghkgBhvhFAQc2MEwwIwYIKwYBBQUHAgEWF2h0 +dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkaF2h0dHBzOi8vZC5z +eW1jYi5jb20vcnBhMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9zLnN5bWNiLmNv +bS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKwYDVR0RBCQwIqQgMB4xHDAa +BgNVBAMTE1NZTUMtRUNDLUNBLXAyNTYtMjIwHQYDVR0OBBYEFCXwiuFLetkBlQrt +xlPxjHgf2fP4MB8GA1UdIwQYMBaAFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG +SIb3DQEBCwUAA4IBAQAMMGUXBaWTdaLxsTGtcB/naqjIQrLvoV9NG+7MoHpGd/69 +dZ/h2zOy7sGFUHoG/0HGRA9rxT/5w5GkEVIVkxtWyIWWq6rs4CTZt8Bej/KHYRbo +jtEDUkCTZSTLiCvguPyvinXgxy+LHT+PmdtEfXsvcdbeBSWUYpOsDYvD2hNtz9dw +Od5nBosMApmdxt+z7LQyZu8wMnfI1U6IMO+RWowxZ8uy0oswdFYd32l9xe+aAE/k +y9alLu/M9pvxiUKufqHJRgDBKA6uDjHLMPX+/nxXaNCPX3SI4KVZ1stHQ/U5oNlM +dHN9umAvlU313g0IgJrjsQ2nIdf9dsdP+6lrmP7s +-----END CERTIFICATE----- diff --git a/tests/ocsp-tests/certs/chain-amazon.com-unsorted.pem b/tests/ocsp-tests/certs/chain-amazon.com-unsorted.pem new file mode 100644 index 0000000..fc3818b --- /dev/null +++ b/tests/ocsp-tests/certs/chain-amazon.com-unsorted.pem @@ -0,0 +1,90 @@ +-----BEGIN CERTIFICATE----- +MIIGmzCCBYOgAwIBAgIQHUq9qnjQmv55nUG863p2YjANBgkqhkiG9w0BAQsFADB+ +MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd +BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj +IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MTAzMTAwMDAwMFoX +DTE3MTIzMTIzNTk1OVowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0 +b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4x +FzAVBgNVBAMMDnd3dy5hbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAwlooZ3Wf+B8c1nTZj/14wCPIjyhcOV5ytEZQDbtftWixOxTpG2Sl +k2GI1pztESpopBmbY/haM5YNWDYDHr01AQvzAqwsNyz5sX4rytkIEWI92DomKbvx +QKry0m0Zuj9MzabZb2vHb0dbWwUl2yXn5nlfHJSfmD0TS3UFNaQzXExFnlKU/i7V +omLEB/O9OtfJ0V2XZzbzOx3RfvTy5wmn4AxCC7nGRklNBKVa+npRl0zj+loyCaM+ +AF5YV9ZbURIuxYiZOW3u2a66VzYwCRa2EdtIbPALO/dSrFNAuaAhKqpFN0OB42d1 +6IWUOKiMiHDJL512YAJJBmfQPI7fVQtXJwIDAQABo4IDKTCCAyUwgdQGA1UdEQSB +zDCByYIKYW1hem9uLmNvbYIIYW16bi5jb22CEXVlZGF0YS5hbWF6b24uY29tgg11 +cy5hbWF6b24uY29tgg53d3cuYW1hem9uLmNvbYIMd3d3LmFtem4uY29tghRjb3Jw +b3JhdGUuYW1hem9uLmNvbYIRYnV5Ym94LmFtYXpvbi5jb22CEWlwaG9uZS5hbWF6 +b24uY29tgg15cC5hbWF6b24uY29tgg9ob21lLmFtYXpvbi5jb22CFW9yaWdpbi13 +d3cuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE +FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAj +BggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIw +GQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RD +FIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNv +bS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Mu +c3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNy +dDCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AN3rHSt6DU+mIIuBrYFocH4ujp0B +1VyIjT0RxM227L7MAAABWBifyfEAAAQDAEgwRgIhAOnxZYIIOlu0L1nvY3+yk8Ay +gYzt3RsoZD1Wcs5Tl+W/AiEArj03tMyYoSa1I25zrqujXDQp5GnMXoI0MHAXINWc +EV0AdwBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVgYn8oaAAAE +AwBIMEYCIQDRlQQ8KC2R/bvOeWJr0FGedxbjE4OglejZEYKSCHekRQIhALbGyJPw +AagwlRnFD5iqE1ZzSTO6uadnKEazPJcW2sRnMA0GCSqGSIb3DQEBCwUAA4IBAQA6 +5KlsAxxtgfs05qV0ywTqM6qGzBkMIgJzJpCh9OR+X+STrfjphnLQlOwIuHxiF0oV +phsf9oYW6TYQimBIKoFpP94WbG2ojsr39YJ6kiDhudt3ef24QnZ3AtnXM5OLVv46 +iwZst4TwdwO3/Ialn7ql3sVX7+13yscEXfwfMT0JI1yzl+vZ8tR6bc5X9HqwjuAD +JelImPs/TxshDt3JRhbUuKcFxjaEcEtRqoGemgZgEpRnifUSBvnl01IVzb71DGWu +Bpx0qrpruMAUU1lOJrg/rwQMSXC2lSZDiDn1cjK0z+XLi7x86N/7jW6zKh5RjSgr +r6H7ZhiwtwpJzLsjT1CX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp +U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg +SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln +biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm +GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve +fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ +aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj +aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW +kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC +4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga +FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw +CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV +BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs +YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb +A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW +9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu +s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T +L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK +Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0T +AQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2Iu +Y29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEw +HwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpg +hkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20v +Y3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkG +A1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4E +FgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnz +Qzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxny +H1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4W +Ko8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtG +QGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8t +TRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTY +Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc= +-----END CERTIFICATE----- diff --git a/tests/ocsp-tests/certs/chain-amazon.com.pem b/tests/ocsp-tests/certs/chain-amazon.com.pem new file mode 100644 index 0000000..970f695 --- /dev/null +++ b/tests/ocsp-tests/certs/chain-amazon.com.pem @@ -0,0 +1,68 @@ +-----BEGIN CERTIFICATE----- +MIIGmzCCBYOgAwIBAgIQHUq9qnjQmv55nUG863p2YjANBgkqhkiG9w0BAQsFADB+ +MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd +BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj +IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MTAzMTAwMDAwMFoX +DTE3MTIzMTIzNTk1OVowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0 +b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4x +FzAVBgNVBAMMDnd3dy5hbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAwlooZ3Wf+B8c1nTZj/14wCPIjyhcOV5ytEZQDbtftWixOxTpG2Sl +k2GI1pztESpopBmbY/haM5YNWDYDHr01AQvzAqwsNyz5sX4rytkIEWI92DomKbvx +QKry0m0Zuj9MzabZb2vHb0dbWwUl2yXn5nlfHJSfmD0TS3UFNaQzXExFnlKU/i7V +omLEB/O9OtfJ0V2XZzbzOx3RfvTy5wmn4AxCC7nGRklNBKVa+npRl0zj+loyCaM+ +AF5YV9ZbURIuxYiZOW3u2a66VzYwCRa2EdtIbPALO/dSrFNAuaAhKqpFN0OB42d1 +6IWUOKiMiHDJL512YAJJBmfQPI7fVQtXJwIDAQABo4IDKTCCAyUwgdQGA1UdEQSB +zDCByYIKYW1hem9uLmNvbYIIYW16bi5jb22CEXVlZGF0YS5hbWF6b24uY29tgg11 +cy5hbWF6b24uY29tgg53d3cuYW1hem9uLmNvbYIMd3d3LmFtem4uY29tghRjb3Jw +b3JhdGUuYW1hem9uLmNvbYIRYnV5Ym94LmFtYXpvbi5jb22CEWlwaG9uZS5hbWF6 +b24uY29tgg15cC5hbWF6b24uY29tgg9ob21lLmFtYXpvbi5jb22CFW9yaWdpbi13 +d3cuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE +FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAj +BggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIw +GQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RD +FIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNv +bS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Mu +c3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNy +dDCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AN3rHSt6DU+mIIuBrYFocH4ujp0B +1VyIjT0RxM227L7MAAABWBifyfEAAAQDAEgwRgIhAOnxZYIIOlu0L1nvY3+yk8Ay +gYzt3RsoZD1Wcs5Tl+W/AiEArj03tMyYoSa1I25zrqujXDQp5GnMXoI0MHAXINWc +EV0AdwBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVgYn8oaAAAE +AwBIMEYCIQDRlQQ8KC2R/bvOeWJr0FGedxbjE4OglejZEYKSCHekRQIhALbGyJPw +AagwlRnFD5iqE1ZzSTO6uadnKEazPJcW2sRnMA0GCSqGSIb3DQEBCwUAA4IBAQA6 +5KlsAxxtgfs05qV0ywTqM6qGzBkMIgJzJpCh9OR+X+STrfjphnLQlOwIuHxiF0oV +phsf9oYW6TYQimBIKoFpP94WbG2ojsr39YJ6kiDhudt3ef24QnZ3AtnXM5OLVv46 +iwZst4TwdwO3/Ialn7ql3sVX7+13yscEXfwfMT0JI1yzl+vZ8tR6bc5X9HqwjuAD +JelImPs/TxshDt3JRhbUuKcFxjaEcEtRqoGemgZgEpRnifUSBvnl01IVzb71DGWu +Bpx0qrpruMAUU1lOJrg/rwQMSXC2lSZDiDn1cjK0z+XLi7x86N/7jW6zKh5RjSgr +r6H7ZhiwtwpJzLsjT1CX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw +CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV +BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs +YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb +A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW +9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu +s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T +L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK +Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0T +AQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2Iu +Y29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEw +HwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpg +hkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20v +Y3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkG +A1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4E +FgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnz +Qzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxny +H1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4W +Ko8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtG +QGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8t +TRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTY +Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc= +-----END CERTIFICATE----- diff --git a/tests/ocsp-tests/certs/ocsp-akamai.com.der b/tests/ocsp-tests/certs/ocsp-akamai.com.der new file mode 100644 index 0000000..0687207 Binary files /dev/null and b/tests/ocsp-tests/certs/ocsp-akamai.com.der differ diff --git a/tests/ocsp-tests/certs/ocsp-amazon.com.der b/tests/ocsp-tests/certs/ocsp-amazon.com.der new file mode 100644 index 0000000..71f8f8f Binary files /dev/null and b/tests/ocsp-tests/certs/ocsp-amazon.com.der differ diff --git a/tests/ocsp-tests/certs/ocsp-server.key b/tests/ocsp-tests/certs/ocsp-server.key new file mode 100644 index 0000000..3092de2 --- /dev/null +++ b/tests/ocsp-tests/certs/ocsp-server.key @@ -0,0 +1,144 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Medium (2048 bits) + +modulus: + 00:d3:02:64:0a:0d:62:25:6e:e1:f4:ec:6d:f0:84: + dc:45:38:6e:5e:eb:24:2b:8c:a9:92:81:11:51:d9: + e3:44:cf:6d:5c:3f:d1:b2:12:16:7b:3e:ee:b2:b9: + 95:ac:d3:62:fb:d2:b9:32:75:74:26:47:9a:7c:16: + af:df:c9:93:9e:17:2e:b8:9e:67:25:61:f5:f3:cf: + eb:08:1e:77:71:fe:ac:2f:23:78:10:18:aa:0c:e3: + 2e:3a:79:f5:11:76:16:37:0f:b6:3e:9b:b5:fb:07: + 2d:b1:ef:08:d8:c6:78:e8:5d:97:a4:f0:c7:4f:cc: + 31:80:04:be:b5:da:d9:19:40:73:fd:5b:14:3e:93: + 6d:20:4e:cc:7a:cd:82:94:06:0c:45:3f:ce:33:af: + b1:22:55:2d:f7:5e:83:38:1d:bf:73:5a:61:c2:73: + d4:1d:c2:6d:66:5f:1d:b9:0e:9e:a8:39:1f:7b:a1: + 04:bf:49:af:a9:04:cf:a1:81:ff:1b:81:48:16:77: + 51:97:28:e6:b5:73:c4:56:02:c2:47:fc:59:a4:4d: + 39:0a:31:d0:d3:70:19:3a:20:2b:33:fa:97:f9:8c: + 16:5e:da:ad:86:c6:af:06:87:f8:ec:93:9e:18:d0: + a0:c1:91:ce:ab:09:89:ec:47:3d:4e:5a:64:18:73: + d4:95: + +public exponent: + 01:00:01: + +private exponent: + 00:95:9c:e8:59:c8:4b:82:c7:30:27:7d:4c:26:71: + cd:cc:b6:ca:6b:3a:c6:96:aa:51:c1:b3:0a:18:c3: + 29:45:ac:dd:99:bf:16:6b:f0:2f:48:8b:c2:ab:ae: + b2:d5:ab:bc:4f:59:86:3e:a4:d1:0a:23:53:02:11: + 03:fa:e4:ee:69:f5:7e:07:21:29:79:74:0f:f4:23: + c4:3e:29:7b:ff:b3:d7:5a:45:07:e8:41:d4:b0:f6: + 93:dc:9a:84:8d:30:f1:67:71:18:83:23:dc:d0:74: + b2:8d:ab:32:d6:a1:43:31:5e:cb:1b:04:2e:0e:02: + 76:46:93:16:b5:d2:ca:83:ff:c8:5a:c4:b0:dd:1a: + fa:8b:4c:3e:7e:50:ad:6f:87:4f:56:46:09:8a:33: + 0f:16:ff:c0:e0:ce:8c:a4:78:27:f4:9b:f2:9c:44: + a0:0d:33:42:07:16:1e:7f:4c:d8:79:54:d6:ce:24: + f0:bc:85:67:97:04:7c:43:f3:89:60:41:91:14:b5: + eb:e7:7d:71:3a:ac:73:eb:4c:1b:ee:1e:c2:91:47: + 4e:be:a5:af:94:bc:97:a5:67:61:f6:8c:a6:e9:4f: + 46:dd:f6:a7:4d:df:ea:25:58:1b:d7:e8:43:e8:13: + f6:a1:94:2d:85:8d:df:ee:38:85:fd:2a:5c:1e:c8: + 68:01: + +prime1: + 00:d4:b0:87:a1:7f:b7:8c:ef:99:fb:5d:d7:e4:0a: + 62:78:aa:00:46:dc:01:6d:aa:fc:22:a0:0a:76:54: + d1:ea:3b:54:69:7c:ed:39:64:3d:14:13:48:9c:a5: + 60:66:9f:d0:7e:8c:09:34:23:c7:60:16:58:c6:dd: + 60:05:3c:07:e4:80:b8:17:c9:10:5d:a1:1d:74:b7: + 61:b4:42:24:04:73:a3:c4:ed:72:47:58:86:c6:ef: + 59:af:79:77:02:2e:c1:62:1e:db:c3:6e:67:05:ca: + 70:10:b2:88:9a:23:6c:c8:5d:4e:af:e8:a6:c9:89: + 39:97:21:23:99:bf:e4:94:81: + +prime2: + 00:fd:fa:45:55:f4:ac:5d:da:54:49:4f:1e:96:3a: + 8b:95:bc:3a:bf:6c:ad:a9:54:94:90:e6:fd:10:49: + 74:2e:00:18:43:b9:55:2c:a4:37:19:d8:95:d2:c7: + f1:b2:47:c1:c4:27:f6:d7:d9:76:df:89:43:0e:34: + f0:84:ba:26:5e:97:94:de:30:db:55:ee:83:51:51: + 5e:4f:59:6a:52:69:ca:ed:58:e7:eb:00:46:c1:3c: + 58:be:82:d5:c0:77:64:9b:73:af:77:1a:de:3d:56: + 15:90:90:94:97:67:6e:35:aa:14:b7:43:fc:9a:76: + 17:2a:f5:d5:7d:ce:68:a6:15: + +coefficient: + 36:6e:b8:49:6c:ae:c6:be:21:a2:69:b9:35:af:ff: + 43:90:70:1c:6b:c2:b5:cd:dc:29:dc:5b:bf:50:f3: + d0:63:43:be:bc:5d:f8:9b:64:3c:6e:6e:6b:ee:78: + 48:7a:06:6c:15:85:db:90:e1:bb:ca:ad:23:fd:33: + 04:eb:89:d2:29:c1:c2:4c:69:80:42:c3:6d:9c:e5: + e4:10:f7:4f:f0:68:3b:fb:7e:e6:3d:4c:26:fc:28: + d2:27:f5:43:70:1f:e7:93:ce:58:7b:d5:c0:fc:bf: + 31:4f:52:ff:37:de:f8:f7:f8:1a:42:44:5f:d3:b1: + 02:ed:2d:07:5a:4a:e0:da: + +exp1: + 00:ae:cb:35:6c:40:6e:34:e1:65:06:f4:24:cd:40: + cb:94:a7:01:fb:3a:2b:e2:59:37:45:ad:89:6b:9e: + 61:b5:c2:74:a9:0d:06:58:b8:4c:8a:07:1f:11:bd: + c7:f0:0f:3f:66:00:e8:3f:75:78:11:3b:cc:52:02: + f5:3a:d8:0f:14:77:c4:d3:a7:66:4f:cc:6d:4c:d2: + b8:f5:4f:b6:12:02:87:80:fc:33:82:f6:fa:2c:db: + e0:35:19:f9:f8:4d:3c:98:cb:0b:89:1d:5e:85:9f: + cd:61:ab:98:20:35:24:dd:b5:f1:49:18:46:9a:32: + b0:a5:c7:92:5e:75:1a:02:01: + +exp2: + 2e:09:f8:17:a4:ca:ba:18:a1:be:c8:40:db:2a:b1: + b2:ea:f4:1b:4f:30:0b:c9:f1:44:73:1a:dc:a0:f4: + 16:82:9d:e3:68:ed:2f:b2:74:ea:92:80:56:3d:38: + 6b:00:e6:f7:0f:e7:87:29:3c:8b:38:ee:96:dc:b1: + dc:dd:81:a7:14:03:40:63:ca:de:c0:e5:bd:0f:ea: + f0:a7:5c:c6:a3:b6:cd:5f:98:6a:d9:19:fa:5d:5e: + 18:ea:ce:a4:9c:ff:f7:cd:f8:b8:b6:7e:22:d0:40: + 08:7c:ac:f2:e5:24:ed:45:6f:8b:e9:1f:19:40:de: + e2:42:bd:f8:98:3a:10:21: + + +Public Key ID: E7:3E:A1:70:15:01:A8:DA:F2:70:43:EF:4C:C8:87:1A:C3:98:74:3D +Public key's random art: ++--[ RSA 2048]----+ +| ..... | +| . . | +| .. . | +| . .oE . | +|.+.= +. S.. | +|o B B = .o. | +| O * o ... | +| . . o ... | +| .. | ++-----------------+ + +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA0wJkCg1iJW7h9Oxt8ITcRThuXuskK4ypkoERUdnjRM9tXD/R +shIWez7usrmVrNNi+9K5MnV0JkeafBav38mTnhcuuJ5nJWH188/rCB53cf6sLyN4 +EBiqDOMuOnn1EXYWNw+2Ppu1+wctse8I2MZ46F2XpPDHT8wxgAS+tdrZGUBz/VsU +PpNtIE7Mes2ClAYMRT/OM6+xIlUt916DOB2/c1phwnPUHcJtZl8duQ6eqDkfe6EE +v0mvqQTPoYH/G4FIFndRlyjmtXPEVgLCR/xZpE05CjHQ03AZOiArM/qX+YwWXtqt +hsavBof47JOeGNCgwZHOqwmJ7Ec9TlpkGHPUlQIDAQABAoIBAQCVnOhZyEuCxzAn +fUwmcc3MtsprOsaWqlHBswoYwylFrN2ZvxZr8C9Ii8KrrrLVq7xPWYY+pNEKI1MC +EQP65O5p9X4HISl5dA/0I8Q+KXv/s9daRQfoQdSw9pPcmoSNMPFncRiDI9zQdLKN +qzLWoUMxXssbBC4OAnZGkxa10sqD/8haxLDdGvqLTD5+UK1vh09WRgmKMw8W/8Dg +zoykeCf0m/KcRKANM0IHFh5/TNh5VNbOJPC8hWeXBHxD84lgQZEUtevnfXE6rHPr +TBvuHsKRR06+pa+UvJelZ2H2jKbpT0bd9qdN3+olWBvX6EPoE/ahlC2Fjd/uOIX9 +KlweyGgBAoGBANSwh6F/t4zvmftd1+QKYniqAEbcAW2q/CKgCnZU0eo7VGl87Tlk +PRQTSJylYGaf0H6MCTQjx2AWWMbdYAU8B+SAuBfJEF2hHXS3YbRCJARzo8TtckdY +hsbvWa95dwIuwWIe28NuZwXKcBCyiJojbMhdTq/opsmJOZchI5m/5JSBAoGBAP36 +RVX0rF3aVElPHpY6i5W8Or9sralUlJDm/RBJdC4AGEO5VSykNxnYldLH8bJHwcQn +9tfZdt+JQw408IS6Jl6XlN4w21Xug1FRXk9ZalJpyu1Y5+sARsE8WL6C1cB3ZJtz +r3ca3j1WFZCQlJdnbjWqFLdD/Jp2Fyr11X3OaKYVAoGBAK7LNWxAbjThZQb0JM1A +y5SnAfs6K+JZN0WtiWueYbXCdKkNBli4TIoHHxG9x/APP2YA6D91eBE7zFIC9TrY +DxR3xNOnZk/MbUzSuPVPthICh4D8M4L2+izb4DUZ+fhNPJjLC4kdXoWfzWGrmCA1 +JN218UkYRpoysKXHkl51GgIBAoGALgn4F6TKuhihvshA2yqxsur0G08wC8nxRHMa +3KD0FoKd42jtL7J06pKAVj04awDm9w/nhyk8izjultyx3N2BpxQDQGPK3sDlvQ/q +8KdcxqO2zV+YatkZ+l1eGOrOpJz/9834uLZ+ItBACHys8uUk7UVvi+kfGUDe4kK9 ++Jg6ECECgYA2brhJbK7GviGiabk1r/9DkHAca8K1zdwp3Fu/UPPQY0O+vF34m2Q8 +bm5r7nhIegZsFYXbkOG7yq0j/TME64nSKcHCTGmAQsNtnOXkEPdP8Gg7+37mPUwm +/CjSJ/VDcB/nk85Ye9XA/L8xT1L/N9749/gaQkRf07EC7S0HWkrg2g== +-----END RSA PRIVATE KEY----- diff --git a/tests/ocsp-tests/certs/ocsp-server.pem b/tests/ocsp-tests/certs/ocsp-server.pem new file mode 100644 index 0000000..fb9d2f9 --- /dev/null +++ b/tests/ocsp-tests/certs/ocsp-server.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQzCCAiugAwIBAgIMVvMY1hLemRdsyqHgMA0GCSqGSIb3DQEBCwUAMBwxGjAY +BgNVBAMTEVRlc3RpbmcgQXV0aG9yaXR5MB4XDTE2MDMyMzIyMjk0MloXDTE3MDMy +MzIyMjk0MlowKzEpMCcGA1UEAxMgVGVzdGluZyBBdXRob3JpdHkgT0NTUCBSZXNw +b25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTAmQKDWIlbuH0 +7G3whNxFOG5e6yQrjKmSgRFR2eNEz21cP9GyEhZ7Pu6yuZWs02L70rkydXQmR5p8 +Fq/fyZOeFy64nmclYfXzz+sIHndx/qwvI3gQGKoM4y46efURdhY3D7Y+m7X7By2x +7wjYxnjoXZek8MdPzDGABL612tkZQHP9WxQ+k20gTsx6zYKUBgxFP84zr7EiVS33 +XoM4Hb9zWmHCc9Qdwm1mXx25Dp6oOR97oQS/Sa+pBM+hgf8bgUgWd1GXKOa1c8RW +AsJH/FmkTTkKMdDTcBk6ICsz+pf5jBZe2q2Gxq8Gh/jsk54Y0KDBkc6rCYnsRz1O +WmQYc9SVAgMBAAGjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUH +AwkwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQU5z6hcBUBqNrycEPvTMiHGsOY +dD0wHwYDVR0jBBgwFoAULdgUmhbVbf77sODe8fXFIwvTYr4wDQYJKoZIhvcNAQEL +BQADggEBAHqmxPdEtXJAcLZnvfyExhlkS4QHxj9dw8OWYma1HHAyEiNxLlvXgcng +YspTVNHHHiErluOa3TdDkBlgdTdQ14aRJqEIT+EDXorU8MvvT7ujvDW/hm2IDDbr +bd4Cyd1g6sQJpuilBUvm4RV/LpkkAhRhd4dEhngHsoV0q1FbA7IxiPSNSixVjpBo +u2EhOPQFp4nFxFQvnEFK1gzltj22+plrekuiZtMS7Ofhg+ZaHb2QB0bhvqbMyL6j +b0/sxQZyy1qjID54G6nrr7j+PzN+SHqo1dfWhuYbHBQMJdp+AGmusGFhwGem1PmO +5AadPjc6lXs9mS///txyiheLGJJodQY= +-----END CERTIFICATE----- diff --git a/tests/ocsp-tests/certs/ocsp-staple-unrelated.der b/tests/ocsp-tests/certs/ocsp-staple-unrelated.der new file mode 100644 index 0000000..963da0f Binary files /dev/null and b/tests/ocsp-tests/certs/ocsp-staple-unrelated.der differ diff --git a/tests/ocsp-tests/certs/ocsp_index.txt b/tests/ocsp-tests/certs/ocsp_index.txt new file mode 100644 index 0000000..e9e2dd7 --- /dev/null +++ b/tests/ocsp-tests/certs/ocsp_index.txt @@ -0,0 +1,2 @@ +R 260329162441Z 160428142441Z 3 unknown CN=localhost +V 260329162441Z 2 unknown CN=localhost diff --git a/tests/ocsp-tests/certs/ocsp_index.txt.attr b/tests/ocsp-tests/certs/ocsp_index.txt.attr new file mode 100644 index 0000000..3a7e39e --- /dev/null +++ b/tests/ocsp-tests/certs/ocsp_index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/tests/ocsp-tests/certs/server_bad.key b/tests/ocsp-tests/certs/server_bad.key new file mode 100644 index 0000000..814693e --- /dev/null +++ b/tests/ocsp-tests/certs/server_bad.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEArwu2ueiYin7b177OgSjWY0Et7ypE1gXTuXdgTyu+LH2pYmsb +HxbAFIDf2OeOs/8z+FK0VqxvcRw2zb3lnsLYD3fgHNj8bZdZssiXy8+um/Mtnec2 +J8tkapdjUVkd7vTsUqardOTRcTwM0SWOgQXirZMSdkU1eoqkzAczxsPJTPVKnqVD +KhBEcPz/7OR+/ocYmQdAaOdl9m6gJn4lBBr2vCozjx0LyWig7zf5j6CgkZECb7jg +rANhDE3gD9iHC8CyaVPLuuDkllwIetBTfWGDi0tdHv1mY3K6YuuDsjdUnmOeFrPL +3i3zvnQEMLAD1f0GeRzUMNTHUOe5bKIAxKW9hlhJat10/VZyuP1Sjm1gdpoJkU4z +g5HPyr/C7mHHC2ofJZZ68Q4bQ2KXAq45MwPPkq0jEFzPdrDR925CRv+3HO6rw+2+ +atIylvZzzdwXfBuB5bOKpcU68tbjGSq58N3V/72DGSxDdNephGTMAmtmum22T+38 +KSPKiuIWT/bsSefbAgMBAAECggGAHQs6hFo9hS1LWN7F8NRPziQwdPB0f3Z0DN/r +0PcXFNa81iGjXGMv97bybVDucpszik5escrmqsPdrAGIKfF2XAqt2tt99skYDvwN +g7mv5RxSQ1Lrv2qV/MGlrwe0WcO1unkBFeIphjpKfiFXJb1OQTKX65vMJcr/UQMY +6i/uJKDGgtA09rPAR2cTJ8E5+Q19XVbArydF2b+9PuXLSoUWz13JNEPDguWjXk3R +UK18Nurylor8bE4bOilptfddYOvV5/UNxgy8y0XJq6ZJ/g3FqRsiu5e5C8jXm2t/ +qfJ33rJIAZv8LW0YWPteNw0OSo4DCbtfZQdekiJwz5tS0shhOqKhcFIX2hRwUMhj +yYBMxota6n5bQcKQBv+jf3URKFMDCThUst3GUZz6GIVb9xqTxavgU/KMXkZPUJ8N +KA5qYBrTK5lMVTf6iZ/N93yZKVky9rrrJdWmX/wWhPt1hr2Mj1UF/W6oi142SLjy +z7M8A/LaI2/gsm8sSp64JjDdtabBAoHBAObVHQSgV4SoseW5j0BjAklFHN9MRjOc +17GgZ4hfIda4bs+RpnDXjREU3kdAFmyg0F3/TLzQZklCAui2NKMvz+XHtbwF9aNP ++fK1eLOKiSRzAlKrAwiNPTKFkIFYNVFthH5pWBzS0be+Va52OoxwnSMmSaBEPzDH +NF7GKZHI+mEDWE+Vz7MiGpLkDuPj3UzG3KQwhxmy+ZVF2LVENFf+FGjiWSQMpxyx +q7M5nzq6pVPSbxqLFF+X9J7MScbCajL6sQKBwQDCIYIMsBM2pf2zFTifsH39BsXP +qpztEmdfDqy6D+dquEH5HTUSt2as6FMyk7oxRmuxxunl5bBtL3X2AR3eDdLP42W0 +sPphUQt2RFpyNu2Sd5pjYXcCxH7IQv16EQqPdxYytBU9jJMnRf+QN7Nl9j4nZrDC +wZcs2PUO1LDoK20+IKSeYRGMUMC65N9x+/qTGEaF4bRJJSGjkhyWPBAdrMekeTJH +4h5YRZfzXspzpJ1CSKRt+1zhO6IWM8YcalQTVksCgcA75eUnxCuxosy23dXMUWTQ +enypfPNihTp7PzJecsEnJKiseBEGiwhx/EZJmtm2ymwHWC4jeLhyHgz/Mfiqt8ds +ysvfxHQfMqubTXfKrxIzQRzDMtkQqQXOTFZZGfiL7q1I2DEjGZmN4nf9U3SR6M79 +xfuo+Myk7awrQ6SZzdsavXF3BVrmEt1ubHtoq0JLn/a1LFqCUqztDTjUoKQsiSPm +q4WSEy5yBbCWS0eER9aKz7pA2wIoZBf39O7YAq7oF6ECgcBl5Gx7+Fa9UjZsrnC/ +8ETQb6OXsfcXv5ceH3etWPef3gJSnG/k2Po9OtugKkWJ42pXLw5JKluFk2mYq1Ff +4WWK09HoGxPvzDf15T6LwCTFwZz5GIj8nOHmfrLIRPWEA39VMYwMeCIsdOMEcRfq +JmrNB2szbaTJVz6YgC4yTcjS2RNORaiOOzxNXB+jlhwY5J7vWl3kHmcfkWsLt47F +5JAM1cf8TsSalDyC8nfUZsxbpAEZ8Nr5JPGYMaiD9ZMXay0CgcEAjDWHG31/+Vmd +L17lUfNCNcyDChlf4cVXA748/HCHM49JuS7NSSxToAzWCaoy5DkUesg0xSHLM0Ko +HOAiCuQmzFDjOIi4/NSDEYwe02SnFF1trGFLIzta+Ona8VQlDKp6onQ9lxefL8In +9+6PujFy6/HEKk57Nypd3k1J0LHj0u5QeRHVnSiMq0XioXR/61yxeNURHPzI+wVd +726pM6NA3e6RFencK5SOgBoUi28RNAE1a3+BiXJGQRD2WxG9DaOG +-----END RSA PRIVATE KEY----- diff --git a/tests/ocsp-tests/certs/server_bad.template b/tests/ocsp-tests/certs/server_bad.template new file mode 100644 index 0000000..0408a97 --- /dev/null +++ b/tests/ocsp-tests/certs/server_bad.template @@ -0,0 +1,9 @@ +# static serial so the OCSP DB does not need to be changed +serial=3 +cn=localhost +tls_www_server +signing_key +encryption_key +dns_name="localhost" +activation_date = "2016-03-29 16:21:42" +expiration_date = "2026-03-29 16:24:41" diff --git a/tests/ocsp-tests/certs/server_good.key b/tests/ocsp-tests/certs/server_good.key new file mode 100644 index 0000000..f5e71dd --- /dev/null +++ b/tests/ocsp-tests/certs/server_good.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5QIBAAKCAYEApKIYxjNSYijlzMBWXLM7BEtKXUFtYpvta/fKgC16wuVW1rCT +sS6xB10QFjeVtYAnDY3qBSC17xVL7gmhYTJHBW6dBEzq0NBLimWDvy9FnHerwSn1 +q1EUBqFjlTKwEgKsRzI5AOnUf0jHV9FoSNJdyTO9vunEAPMylcqQRIDCnkpSQwh/ +8KAU2iIhaasoOw8uj5RH5w8NAepEY8AV+W2OPJB1vGip+TU+q8MoXjT9lYRK0E7J +c6iJAGb24ZjvHp3mpJcDhASifrp6E1OxeFfdADulAQ9xj8VLOzi8EmMjOrZritYl +Iq9ITlyw1ws+bFwG9szLXB6eV38e5Ubbu/VMqGx/XQ90SDgP7MAsorkRoe48i2IQ ++fea9QUGSgOfxAKu/SjehplpsGaARyb1Y5wXxzRnyVrX8dNwP5OojK5mQUaUW76k +biCbwOM37QDPUgwEgpLkItiNCwcXMdjwxsuXSusAn41u9cDF0+uXr9tUkDLaLcNz +9OZyNlZJO1ba3ksvAgMBAAECggGBAJRRPISDA/tO4Qh/Vs6Y4dhShCJTqVonI9Qb +HqIvVuNyfbNYzRXY/L+nhbCeTw9+7q/1ZBlOiNlllExU/MB17SnlpyuSqBGLNiLu +pax9x/bYkTGqvZqjpqj6iJ6HVbxEEDTr+BLslfY9+OkSzSKd8sQrCwyNyXkZoD72 +iNZOMgcs6cNeSvTbIy4JhZSPD+V1HftYGRb+pjdNeGNtT96wZm4FrywYFtlesKFJ +ZnrIvpQO5N+Zuz+pXBOyr0Q65WHt2cOxniTrMTlgWiGJvGlRF6s0UMnVJDFd36dD +OHyCHHkRYxVh5M4wnBnoVjRRPfO7Dr37MdZQuvMgcG3uZ600g2+8UEE6NS1WgsRk +oANsbyzoZkwNJplmPgJZ9b+Iupkp+ivTebzkxZbMWDaM+jGRZy0EwlNHKxRZubcF +bsxnfsR8zlzsTTRRFQxsvqjadg0d0SVH2+3+0ksfCIs7qbqDfLNSLKzkW3pQySII +EOEnNSb4Iwgb/hc7LluBdI5dd9WfEQKBwQDWyuyeepmMR9OqTKXPVB5Xe1yLq3vQ +HCN5n1Fp6weIpiWAZDHTGWfcQkUOVYm0dILoz0JXYQMV5n09NAN7QxU8SAaK5Skb +d2QBawny7At4MrpnSowA0cdyuTughLb7Lg2Yb77u1b09w71vXZHaAqIxmZCUMdjW +7o/PWHbVApmB3XlDpJ3Y2WMIbTKkAWJOgh7IfZXSeJR672yuDJOEfHX3BNcdJQZC +OmuNB36I3ZJmhxTlPOX9kO0nguLNDpol2GMCgcEAxDeyy7nk2kOZWdxzLfSS0m2E +/K3uJCzbqj4LBJ8pZFJRO5V8k4pIArz28jTrgt85OtvG14PJQIYIS1V2kRDFXHt3 +qTKZdzoylpplNTSvIIiVFj7TaneT6E+oqYUKKaYOn8wDMOxgflElf352F7/NgYEA +ZgTrmHm4FdcUQpVRQu3H1Cn4+6oyC5/ZQpxG/WZMbBN6xl5kNMFf4CSw5c98G/ZT +jeb0cb1MrQ6PYNTr8VVbMQd+nJzoYbPyf5UVg03FAoHAN6rF4ljR3Lps0BEnU/Fw +H6oYFRavcwMn6ohw2CuSe0bcJ0dQZm6KLVp7fTiMBNnBZ8b3YaAB5bYjtS36zQJY +yZO9Jlg37CdoIrn0DSJB4rf6+XQnjrrPnxsEqhhbOAP6gAxOBqYccpp9SRSODVtr +X8F16AJ3OVUArnM18QTIdhDJMc/DHQVSFkf+vOSi7sfoZHuvzal0idvtZbparRZ4 +mDmH6sTCt31ejGFp2Nzb6XiO4M6EqM/btsbEMvLa3n4TAoHBAKpImB8bTZNptOz6 +Vu7b4ItDxnSu0QuN7niY7WDua7KHib3G5lz4VbQin8Dk0jo6VOVSlAa2dPJNH2eZ +XJNaVZ0D/X3Vzr9cv0hZ51k8RntabN/oV/t+mNq0PvAW6BHq7agaGe7cRIV7EKrL +adsEdmlcNadTv84MXAiAJjH+eY424wOqBU0Kj/HsoFShYS5KGCp24UbD5fyukPDp +hqd54AA4TpzIgP0wRhmtmBp1zekbpU8wbN2ngjhAPUQhcpEH7QKBwQDFqimO5IDb +8DuWT6E5R/4TYttP2BjtaFgcV26UhKsKlcyy31OP7nHOM9jICodEKCVzfw477Dtf +g8Xp8QUnQ4MM8sTmokMtsKX6yKCGLxeadPV0jw0ASsDH7op0CBH30pcWNVPeEGlC +b3qfqHMNGDQJyAkGun5mAjAzjWT89eDrwJDfeuxnos5+XlAPz/xIqZaj9TSV0Xjs +1U/np8oqu50iEXhyLVqG6GqXRkiqJ4W73qRqCYCBu1O3Fuc00/TOPLM= +-----END RSA PRIVATE KEY----- diff --git a/tests/ocsp-tests/certs/server_good.template b/tests/ocsp-tests/certs/server_good.template new file mode 100644 index 0000000..2d02758 --- /dev/null +++ b/tests/ocsp-tests/certs/server_good.template @@ -0,0 +1,9 @@ +# static serial so the OCSP DB does not need to be changed +serial=2 +cn=localhost +tls_www_server +signing_key +encryption_key +dns_name="localhost" +activation_date = "2016-03-29 16:21:42" +expiration_date = "2026-03-29 16:24:41" diff --git a/tests/ocsp-tests/ocsp-load-chain.sh b/tests/ocsp-tests/ocsp-load-chain.sh new file mode 100755 index 0000000..33cc020 --- /dev/null +++ b/tests/ocsp-tests/ocsp-load-chain.sh @@ -0,0 +1,67 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +#set -e + +: ${srcdir=.} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${DIFF=diff} + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +datefudge -s "2017-06-19" \ + "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 - Amazon OCSP response verification - failed" + exit ${rc} +fi + +datefudge -s "2017-06-19" \ + "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com-unsorted.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 2 - Amazon OCSP response verification - failed" + exit ${rc} +fi + +# verify an OCSP response using ECDSA +datefudge -s "2017-06-29" \ + "${OCSPTOOL}" -d 6 -e --load-chain "${srcdir}/ocsp-tests/certs/chain-akamai.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-akamai.com.der" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 3 - Akamai (ECDSA) OCSP response verification - failed" + exit ${rc} +fi + +exit 0 diff --git a/tests/ocsp-tests/ocsp-must-staple-connection.sh b/tests/ocsp-tests/ocsp-must-staple-connection.sh new file mode 100755 index 0000000..049491a --- /dev/null +++ b/tests/ocsp-tests/ocsp-must-staple-connection.sh @@ -0,0 +1,515 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${DIFF=diff} +TEMPLATE_FILE="ms-out.$$.tmpl.tmp" +SERVER_CERT_FILE="ms-cert.$$.pem.tmp" +SERVER_CERT_NO_EXT_FILE="ms-cert-no-ext.$$.pem.tmp" +OCSP_RESPONSE_FILE="ms-resp.$$.tmp" +OCSP_REQ_FILE="ms-req.$$.tmp" + +export TZ="UTC" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT + +# Port to use for OCSP server, must match the OCSP URI set in the +# server_*.pem certificates +eval "${GETPORT}" +OCSP_PORT=$PORT + +# Maximum timeout for server startup (OCSP and TLS) +SERVER_START_TIMEOUT=10 + +# Check for OpenSSL +: ${OPENSSL=openssl} +if ! ("$OPENSSL" version) > /dev/null 2>&1; then + echo "You need openssl to run this test." + exit 77 +fi + +CERTDATE="2016-04-28" +TESTDATE="2016-04-29" +EXP_OCSP_DATE="2016-03-27" + +OCSP_PID="" +TLS_SERVER_PID="" +stop_servers () +{ + test -z "${OCSP_PID}" || kill "${OCSP_PID}" + test -z "${TLS_SERVER_PID}" || kill "${TLS_SERVER_PID}" + rm -f "$TEMPLATE_FILE" + rm -f "$SERVER_CERT_FILE" + rm -f "$SERVER_CERT_NO_EXT_FILE" + rm -f "$OCSP_RESPONSE_FILE" + rm -f "$OCSP_REQ_FILE" +} +trap stop_servers 1 15 2 EXIT + +echo "=== Generating good server certificate ===" + +rm -f "$TEMPLATE_FILE" +cp "${srcdir}/ocsp-tests/certs/server_good.template" "$TEMPLATE_FILE" +chmod u+w "$TEMPLATE_FILE" +echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE" + +# Generate certificates with the random port +datefudge -s "${CERTDATE}" ${CERTTOOL} \ + --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ + --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ + --load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \ + --template "${TEMPLATE_FILE}" --outfile "${SERVER_CERT_NO_EXT_FILE}" 2>/dev/null + +# Generate certificates with the random port (with mandatory stapling extension) +echo "tls_feature = 5" >>"$TEMPLATE_FILE" + +datefudge -s "${CERTDATE}" ${CERTTOOL} \ + --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ + --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ + --load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \ + --template "${TEMPLATE_FILE}" --outfile "${SERVER_CERT_FILE}" 2>/dev/null + +echo "=== Bringing OCSP server up ===" + +INDEXFILE="ocsp_index.txt" +ATTRFILE="${INDEXFILE}.attr" +cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt" ${INDEXFILE} +cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt.attr" ${ATTRFILE} + +# Start OpenSSL OCSP server +# +# WARNING: As of version 1.0.2g, OpenSSL OCSP cannot bind the TCP port +# if started repeatedly in a short time, probably a lack of +# SO_REUSEADDR usage. +PORT=${OCSP_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \ + -port "${OCSP_PORT}" \ + -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \ + -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" \ + -CA "${srcdir}/ocsp-tests/certs/ca.pem" +OCSP_PID="${!}" +wait_server "${OCSP_PID}" + +echo "=== Verifying OCSP server is up ===" + +# Port probing (as done in wait_port) makes the OpenSSL OCSP server +# crash due to the "invalid request", so try proper requests +t=0 +while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do + # Run a test request to make sure the server works + datefudge "${TESTDATE}" \ + ${VALGRIND} "${OCSPTOOL}" --ask \ + --load-cert "${SERVER_CERT_FILE}" \ + --load-issuer "${srcdir}/ocsp-tests/certs/ca.pem" \ + --outfile "${OCSP_RESPONSE_FILE}" + rc=$? + if test "${rc}" = "0"; then + break + else + t=`expr ${t} + 1` + sleep 1 + fi +done +# Fail if the final OCSP request failed +if test "${rc}" != "0"; then + echo "OCSP server check failed." + exit ${rc} +fi + +#echo "placed staple in ${OCSP_RESPONSE_FILE}" + +echo "=== Test 1: Server with valid certificate - no staple ===" + +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "1"; then + echo "Connecting to server with valid certificate and no staple succeeded" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 2: Server with valid certificate - valid staple ===" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${OCSP_RESPONSE_FILE}" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "0"; then + echo "Connecting to server with valid certificate and valid staple failed" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 3: Server with valid certificate - invalid staple ===" + +head -c 64 /dev/urandom >"${OCSP_RESPONSE_FILE}" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${OCSP_RESPONSE_FILE}" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "1"; then + echo "Connecting to server with valid certificate and invalid staple succeeded" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 4: Server with valid certificate - unrelated cert staple ===" + +rm -f "${OCSP_RESPONSE_FILE}" +cp "${srcdir}/ocsp-tests/certs/ocsp-staple-unrelated.der" "${OCSP_RESPONSE_FILE}" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${OCSP_RESPONSE_FILE}" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "1"; then + echo "Connecting to server with valid certificate and invalid staple succeeded" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + + +echo "=== Test 5: Server with valid certificate - expired staple ===" + +rm -f "${OCSP_RESPONSE_FILE}" + +# Generate an OCSP response which expires in 2 days and use it after +# a month. gnutls server doesn't send such a staple to clients. +${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}" +datefudge -s ${EXP_OCSP_DATE} \ + ${OPENSSL} ocsp -index "${INDEXFILE}" -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" -CA "${srcdir}/ocsp-tests/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" -ndays 2 + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} + +: ${TIMEOUT=timeout} +if ("$TIMEOUT" --version) >/dev/null 2>&1; then +${TIMEOUT} 30 "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${OCSP_RESPONSE_FILE}" +if test $? != 1;then + echo "Running gnutls-serv with an expired response, succeeds!" + exit ${rc} +fi +fi + +echo "=== Test 5.1: Server with valid certificate - expired staple (ignoring errors) ===" + +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ignore-ocsp-response-errors \ + --ocsp-response="${OCSP_RESPONSE_FILE}" +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "1"; then + echo "Connecting to server with valid certificate and expired staple succeeded" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 6: Server with valid certificate - old staple ===" + +# This case is funny. OCSP doesn't mandate an expiration date for a response so +# we are left to decide what to do with responses that don't contain the NextUpdate +# field. Here we test whether a month-old response with no clear expiration is rejected. + +rm -f "${OCSP_RESPONSE_FILE}" + +${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}" +datefudge -s ${EXP_OCSP_DATE} \ + ${OPENSSL} ocsp -index ${INDEXFILE} -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" -CA "${srcdir}/ocsp-tests/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${OCSP_RESPONSE_FILE}" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "1"; then + echo "Connecting to server with valid certificate and old staple succeeded" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 7: OSCP response error - client doesn't send status_request ===" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${srcdir}/ocsp-tests/response3.der" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --priority "NORMAL:%NO_EXTENSIONS" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "0"; then + echo "Connecting to server with valid certificate and OCSP error response failed" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 8: OSCP response error - client sends status_request, no TLS feature extension ===" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_NO_EXT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${srcdir}/ocsp-tests/response3.der" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "0"; then + echo "Connecting to server with valid certificate and OCSP error response failed" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Test 9: OSCP response error - client sends status_request, TLS feature extension present ===" + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" \ + --ocsp-response="${srcdir}/ocsp-tests/response3.der" --ignore-ocsp-response-errors +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" = "0"; then + echo "Connecting to server with valid certificate and OCSP error response unexpectedly succeeded" + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + + +kill ${OCSP_PID} +wait ${OCSP_PID} +unset OCSP_PID + +rm -f "${OCSP_RESPONSE_FILE}" +rm -f "${OCSP_REQ_FILE}" +rm -f "${SERVER_CERT_FILE}" +rm -f "${TEMPLATE_FILE}" +rm -f "${INDEXFILE}" "${ATTRFILE}" + +exit 0 diff --git a/tests/ocsp-tests/ocsp-signer-verify.sh b/tests/ocsp-tests/ocsp-signer-verify.sh new file mode 100755 index 0000000..ce815ce --- /dev/null +++ b/tests/ocsp-tests/ocsp-signer-verify.sh @@ -0,0 +1,61 @@ +#!/bin/sh + +# Copyright (C) 2021 Fiona Klute +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${srcdir=.} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${DIFF=diff} + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +date="2021-07-14 00:00" +sample_dir="${srcdir}/ocsp-tests/signer-verify" +trusted="${sample_dir}/trust.pem" + +verify_response () +{ + echo "verifying ${sample_dir}/${1} using ${trusted}" + datefudge --static "${date}" \ + "${OCSPTOOL}" --infile="${sample_dir}/${1}" \ + --verify-response --load-trust="${trusted}" + return $? +} + +if ! verify_response response-ca.der; then + echo "verification of OCSP response signature by CA failed" + exit 1 +fi + +if ! verify_response response-delegated.der; then + echo "verification of OCSP response signature by delegated signer failed" + exit 1 +fi + +if verify_response response-non-delegated.der; then + echo "verification of OCSP response signature by non-signer certificate " \ + "from the same CA succeeded, but should have failed" + exit 1 +fi diff --git a/tests/ocsp-tests/ocsp-test.sh b/tests/ocsp-tests/ocsp-test.sh new file mode 100755 index 0000000..cfb3033 --- /dev/null +++ b/tests/ocsp-tests/ocsp-test.sh @@ -0,0 +1,72 @@ +#!/bin/sh + +# Copyright (C) 2016 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${DIFF=diff} + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +# Note that in rare cases this test may fail because the +# time set using datefudge could have changed since the generation +# (if example the system was busy) + +datefudge -s "2016-04-22" \ + "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response1.der" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 - OCSP signed by CA - failed" + exit ${rc} +fi + +datefudge -s "2016-04-22" \ + "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --infile "${srcdir}/ocsp-tests/response2.der" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 2 - OCSP signed by delegated cert - failed" + exit ${rc} +fi + +datefudge -s "2016-04-22" \ + "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response2.der" -d 4 +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 3 - OCSP signed by delegated cert - failed" + exit ${rc} +fi + + +exit 0 diff --git a/tests/ocsp-tests/ocsp-tls-connection.sh b/tests/ocsp-tests/ocsp-tls-connection.sh new file mode 100755 index 0000000..84eda22 --- /dev/null +++ b/tests/ocsp-tests/ocsp-tls-connection.sh @@ -0,0 +1,231 @@ +#!/bin/sh + +# Test case: Try to establish TLS connections with gnutls-cli and +# check the validity of the server certificate via OCSP +# +# Copyright (C) 2016 Thomas Klute +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${DIFF=diff} +TEMPLATE_FILE="out.$$.tmpl.tmp" +SERVER_CERT_FILE="cert.$$.pem.tmp" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +export TZ="UTC" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +eval "${GETPORT}" +# Port for gnutls-serv +TLS_SERVER_PORT=$PORT + +# Port to use for OCSP server, must match the OCSP URI set in the +# server_*.pem certificates +eval "${GETPORT}" +OCSP_PORT=$PORT + +# Maximum timeout for server startup (OCSP and TLS) +SERVER_START_TIMEOUT=10 + +# Check for OpenSSL +: ${OPENSSL=openssl} +if ! ("$OPENSSL" version) > /dev/null 2>&1; then + echo "You need openssl to run this test." + exit 77 +fi + +CERTDATE="2016-04-28" +TESTDATE="2016-04-29" + +OCSP_PID="" +TLS_SERVER_PID="" +stop_servers () +{ + test -z "${OCSP_PID}" || kill "${OCSP_PID}" + test -z "${TLS_SERVER_PID}" || kill "${TLS_SERVER_PID}" + rm -f "$TEMPLATE_FILE" + rm -f "$SERVER_CERT_FILE" +} +trap stop_servers 1 15 2 EXIT + +echo "=== Generating good server certificate ===" + +rm -f "$TEMPLATE_FILE" +cp "${srcdir}/ocsp-tests/certs/server_good.template" "$TEMPLATE_FILE" +chmod u+w "$TEMPLATE_FILE" +echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE" + +# Generate certificates with the random port +datefudge -s "${CERTDATE}" ${CERTTOOL} \ + --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ + --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ + --load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \ + --template "${TEMPLATE_FILE}" --outfile "${SERVER_CERT_FILE}" 2>/dev/null + +echo "=== Bringing OCSP server up ===" + +# Start OpenSSL OCSP server +# +# WARNING: As of version 1.0.2g, OpenSSL OCSP cannot bind the TCP port +# if started repeatedly in a short time, probably a lack of +# SO_REUSEADDR usage. +PORT=${OCSP_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${OPENSSL}" ocsp -index "${srcdir}/ocsp-tests/certs/ocsp_index.txt" -text \ + -port "${OCSP_PORT}" \ + -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \ + -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" \ + -CA "${srcdir}/ocsp-tests/certs/ca.pem" +OCSP_PID="${!}" +wait_server "${OCSP_PID}" + +echo "=== Verifying OCSP server is up ===" + +# Port probing (as done in wait_port) makes the OpenSSL OCSP server +# crash due to the "invalid request", so try proper requests +t=0 +while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do + # Run a test request to make sure the server works + datefudge "${TESTDATE}" \ + ${VALGRIND} "${OCSPTOOL}" --ask \ + --load-cert "${SERVER_CERT_FILE}" \ + --load-issuer "${srcdir}/ocsp-tests/certs/ca.pem" + rc=$? + if test "${rc}" = "0"; then + break + else + t=`expr ${t} + 1` + sleep 1 + fi +done +# Fail if the final OCSP request failed +if test "${rc}" != "0"; then + echo "OCSP server check failed." + exit ${rc} +fi + +echo "=== Test 1: Server with valid certificate ===" + +PORT=${TLS_SERVER_PORT} +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" +TLS_SERVER_PID="${!}" +wait_server $TLS_SERVER_PID + +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +if test "${rc}" != "0"; then + echo "Connecting to server with valid certificate failed." + exit ${rc} +fi + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +echo "=== Generating bad server certificate ===" + +rm -f "${SERVER_CERT_FILE}" +rm -f "${TEMPLATE_FILE}" +cp "${srcdir}/ocsp-tests/certs/server_bad.template" "$TEMPLATE_FILE" +echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE" + +# Generate certificates with the random port +datefudge -s "${CERTDATE}" ${CERTTOOL} \ + --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ + --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ + --load-privkey "${srcdir}/ocsp-tests/certs/server_bad.key" \ + --template "${TEMPLATE_FILE}" --outfile "${SERVER_CERT_FILE}" + +echo "=== Test 2: Server with revoked certificate ===" + +eval "${GETPORT}" +TLS_SERVER_PORT=$PORT + +launch_bare_server \ + datefudge "${TESTDATE}" \ + "${SERV}" --echo --disable-client-cert \ + --x509keyfile="${srcdir}/ocsp-tests/certs/server_bad.key" \ + --x509certfile="${SERVER_CERT_FILE}" \ + --port="${TLS_SERVER_PORT}" +TLS_SERVER_PID="${!}" +wait_server ${TLS_SERVER_PID} +wait_for_port "${TLS_SERVER_PORT}" + +echo "test 123456" | \ + datefudge -s "${TESTDATE}" \ + "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ + --port="${TLS_SERVER_PORT}" localhost +rc=$? + +kill "${TLS_SERVER_PID}" +wait "${TLS_SERVER_PID}" +unset TLS_SERVER_PID + +# This connection should not work because the certificate has been +# revoked. +if test "${rc}" = "0"; then + echo "Connecting to server with revoked certificate succeeded." + exit 1 +fi + +kill ${OCSP_PID} +wait ${OCSP_PID} +unset OCSP_PID + +rm -f "${SERVER_CERT_FILE}" +rm -f "${TEMPLATE_FILE}" + +exit 0 diff --git a/tests/ocsp-tests/ocsptool.sh b/tests/ocsp-tests/ocsptool.sh new file mode 100755 index 0000000..b10013e --- /dev/null +++ b/tests/ocsp-tests/ocsptool.sh @@ -0,0 +1,89 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +#set -e + +# Sanity check program for various ocsptool options + +: ${srcdir=.} +: ${OCSPTOOL=../src/ocsptool${EXEEXT}} +: ${DIFF=diff} +: ${CMP=cmp} +TMPFILE=ocsp.$$.tmp + +if ! test -x "${OCSPTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +"${OCSPTOOL}" -j --infile "${srcdir}/ocsp-tests/response1.pem" --outfile "${TMPFILE}" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 1 - PEM loading failed" + exit ${rc} +fi + +${CMP} "${srcdir}/ocsp-tests/response1.der" "${TMPFILE}" >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test 1 - Comparison of DER file failed" + exit ${rc} +fi + +"${OCSPTOOL}" -j --outpem --infile "${srcdir}/ocsp-tests/response1.pem" --outfile "${TMPFILE}" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 2 - PEM loading failed" + exit ${rc} +fi + +${DIFF} -B "${srcdir}/ocsp-tests/response1.pem" "${TMPFILE}" >/dev/null 2>&1 +rc=$? +if test "${rc}" != "0"; then + echo "Test 2 - Comparison of PEM file failed $TMPFILE" + exit ${rc} +fi + + +"${OCSPTOOL}" -j --infile "${srcdir}/ocsp-tests/response1.der" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 3 - Transparent (backwards compatible) DER loading failed" + exit ${rc} +fi + +"${OCSPTOOL}" -j --inder --infile "${srcdir}/ocsp-tests/response1.der" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "Test 4 - DER loading failed" + exit ${rc} +fi + +rm -f "${TMPFILE}" + +exit 0 diff --git a/tests/ocsp-tests/response1.der b/tests/ocsp-tests/response1.der new file mode 100644 index 0000000..f632b4a Binary files /dev/null and b/tests/ocsp-tests/response1.der differ diff --git a/tests/ocsp-tests/response1.pem b/tests/ocsp-tests/response1.pem new file mode 100644 index 0000000..66adfe3 --- /dev/null +++ b/tests/ocsp-tests/response1.pem @@ -0,0 +1,45 @@ +OCSP Response Information: + Response Status: Successful + Response Type: Basic OCSP Response + Version: 1 + Responder ID: CN=Testing Authority + Produced At: Wed Mar 23 21:55:28 UTC 2016 + Responses: + Certificate ID: + Hash Algorithm: SHA1 + Issuer Name Hash: bac68790352ceb4c4de1534445348f8b4b5309b3 + Issuer Key Hash: e865fcb9123c7285fc28c803149f06ad94dfd934 + Serial Number: 56f304a1326dc9b2d51b31b3 + Certificate Status: unknown + This Update: Wed Mar 23 21:55:28 UTC 2016 + Extensions: + Signature Algorithm: RSA-SHA256 + +-----BEGIN OCSP RESPONSE----- +MIIEwAoBAKCCBLkwggS1BgkrBgEFBQcwAQEEggSmMIIEojCBj6EeMBwxGjAYBgNV +BAMTEVRlc3RpbmcgQXV0aG9yaXR5GA8yMDE2MDMyMzIxNTUyOFowXDBaMEUwCQYF +Kw4DAhoFAAQUusaHkDUs60xN4VNERTSPi0tTCbMEFOhl/LkSPHKF/CjIAxSfBq2U +39k0AgxW8wShMm3JstUbMbOCABgPMjAxNjAzMjMyMTU1MjhaMA0GCSqGSIb3DQEB +CwUAA4IBAQBKkt+j9Rd5Pjq67WsiWIc9rVjxA0vdiZahZUAYlCCauKpLN+FxSsda +uCUzYmotc4Jq4Erbmpl0pfvR5Y3nFArCQuKiLayOKk5NevUgnVMLbcaojrtwfPl/ +puf8zPFGOo+Ue2SQH+H8YX3wmQqeMEIblF2GonPVWm8pY+Gjx9ElBjUMCqAoCtig +CWcS9BbOm1BON0IEOsCb9gJ+VtRrLxpaOzLsc0lZGip74IuqHEyb6foA/bME8Ydy +T8v28oA9pfMdW0xoB/drpeq+lJfO3Hiu7QmHC56zRNyWNv3ovU9R87cEGEM2QD7o +/23eXMmoFODYx7Y5B6UOmiD34ufq7UaRoIIC+DCCAvQwggLwMIIB2KADAgECAghW +8wrgLlKayzANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDExFUZXN0aW5nIEF1dGhv +cml0eTAiGA8yMDE2MDMyMzIxMzAxNVoYDzk5OTkxMjMxMjM1OTU5WjAcMRowGAYD +VQQDExFUZXN0aW5nIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAKBV6T5EMSijMfx/e9MkasHxLi5VDv4gYb5Y/nuxilR1CpCRg6Twnqpu +/tmkj9XU23ewZuIxjb+ePdOH7AmiFZKYxZpo6+x1h6GCBqBpjniWN1ygt/mLs6jA +pJAlGOfgrjgFWzg8hwsgnN6T5gn3nFS7CLhFkJRav6DvgGcfRnSGQv9O/eGZDUAI +UGPou0lRpiON77UzDRmvENke6+60LBygJZD470YiQHbU6WZERQHEq1JCbh3iXB1S +uCRqe3R075I/u/+zOkDygDmVCPQYqoHJ+3AnfXpjsnTTjoMuqYXe0QVyCgzAeFga +tyXUuxSvPq8rVTVYvb6+AOXBVTDidp0CAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQULdgUmhbVbf77sODe8fXFIwvTYr4wDQYJKoZIhvcNAQELBQAD +ggEBAGGF8as/0Ew1prrQKOKSbVB3nrILF7D9fOxKIEUEOprtYGgjvvfkqG7xDQRP +SvIiVy3X0wZQpzytCgvkjXeQ8QsIIMnrYpjy6iRCRkDlti3iUqx6zo7B7iYaEIdK +Ky6uCn5z/RPti5WJIeqvg3WqTNeOXjWIK3ac6cROqUcUlLxy1AukNRYuvpVszQu9 +FDs9ecdA5aOvBvb0WlVjbEU37EVuoveayBpgP0c2I7xu2zAkobNdn7JYNOGJx4x9 +8WMlcCP0ZU7O0wwk9y/U/FxARqfFIzDC2JanTi2LxyHdQw8iWAvaBksb7vLdMnn2 +9prXtfKhcCXLVECxSJuI1swHETA= +-----END OCSP RESPONSE----- diff --git a/tests/ocsp-tests/response2.der b/tests/ocsp-tests/response2.der new file mode 100644 index 0000000..ee428bd Binary files /dev/null and b/tests/ocsp-tests/response2.der differ diff --git a/tests/ocsp-tests/response2.pem b/tests/ocsp-tests/response2.pem new file mode 100644 index 0000000..1ca75c3 --- /dev/null +++ b/tests/ocsp-tests/response2.pem @@ -0,0 +1,47 @@ +OCSP Response Information: + Response Status: Successful + Response Type: Basic OCSP Response + Version: 1 + Responder ID: CN=Testing Authority OCSP Responder + Produced At: Wed Mar 23 22:31:19 UTC 2016 + Responses: + Certificate ID: + Hash Algorithm: SHA1 + Issuer Name Hash: bac68790352ceb4c4de1534445348f8b4b5309b3 + Issuer Key Hash: e865fcb9123c7285fc28c803149f06ad94dfd934 + Serial Number: 56f318d612de99176ccaa1e0 + Certificate Status: unknown + This Update: Wed Mar 23 22:31:19 UTC 2016 + Extensions: + Signature Algorithm: RSA-SHA256 + +-----BEGIN OCSP RESPONSE----- +MIIFIgoBAKCCBRswggUXBgkrBgEFBQcwAQEEggUIMIIFBDCBnqEtMCsxKTAnBgNV +BAMTIFRlc3RpbmcgQXV0aG9yaXR5IE9DU1AgUmVzcG9uZGVyGA8yMDE2MDMyMzIy +MzExOVowXDBaMEUwCQYFKw4DAhoFAAQUusaHkDUs60xN4VNERTSPi0tTCbMEFOhl +/LkSPHKF/CjIAxSfBq2U39k0AgxW8xjWEt6ZF2zKoeCCABgPMjAxNjAzMjMyMjMx +MTlaMA0GCSqGSIb3DQEBCwUAA4IBAQAuMHdyI3qMEyU4v60vCsLQqZkbA7x7lh4X +detCl+Woe0WJoDUKZV8C78Ns9fhMY03tZLH2xGKtS8+C9r7Chi7r5SQUA9XyVaH1 +0L+McNed42kHtxvqNXNjZJHAZtY6NJ7IhocF97tPT/MZT+aCwNVh3DXCAo17b9bO +eKtwM4OwGJhtm4THGS2iyKlytll2yQM52bX/cp1yDensz8zcV1GxCwD2yGEI/iD3 +L/g/IzeY9B3RKZ1uZ21K8VU9aSBygpcbV7Ii9yb+zx21sL2PJCYTHUCsSyzJcWId +csrp8G2fdZfYEI6fJ/1GLUbSfVkbFWmEuvxNdN64vrYF3Vj2EU8qoIIDSzCCA0cw +ggNDMIICK6ADAgECAgxW8xjWEt6ZF2zKoeAwDQYJKoZIhvcNAQELBQAwHDEaMBgG +A1UEAxMRVGVzdGluZyBBdXRob3JpdHkwHhcNMTYwMzIzMjIyOTQyWhcNMTcwMzIz +MjIyOTQyWjArMSkwJwYDVQQDEyBUZXN0aW5nIEF1dGhvcml0eSBPQ1NQIFJlc3Bv +bmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMCZAoNYiVu4fTs +bfCE3EU4bl7rJCuMqZKBEVHZ40TPbVw/0bISFns+7rK5lazTYvvSuTJ1dCZHmnwW +r9/Jk54XLrieZyVh9fPP6wged3H+rC8jeBAYqgzjLjp59RF2FjcPtj6btfsHLbHv +CNjGeOhdl6Twx0/MMYAEvrXa2RlAc/1bFD6TbSBOzHrNgpQGDEU/zjOvsSJVLfde +gzgdv3NaYcJz1B3CbWZfHbkOnqg5H3uhBL9Jr6kEz6GB/xuBSBZ3UZco5rVzxFYC +wkf8WaRNOQox0NNwGTogKzP6l/mMFl7arYbGrwaH+OyTnhjQoMGRzqsJiexHPU5a +ZBhz1JUCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcD +CTAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBTnPqFwFQGo2vJwQ+9MyIcaw5h0 +PTAfBgNVHSMEGDAWgBQt2BSaFtVt/vuw4N7x9cUjC9NivjANBgkqhkiG9w0BAQsF +AAOCAQEAeqbE90S1ckBwtme9/ITGGWRLhAfGP13Dw5ZiZrUccDISI3EuW9eByeBi +ylNU0cceISuW45rdN0OQGWB1N1DXhpEmoQhP4QNeitTwy+9Pu6O8Nb+GbYgMNutt +3gLJ3WDqxAmm6KUFS+bhFX8umSQCFGF3h0SGeAeyhXSrUVsDsjGI9I1KLFWOkGi7 +YSE49AWnicXEVC+cQUrWDOW2Pbb6mWt6S6Jm0xLs5+GD5lodvZAHRuG+pszIvqNv +T+zFBnLLWqMgPngbqeuvuP4/M35IeqjV19aG5hscFAwl2n4Aaa6wYWHAZ6bU+Y7k +Bp0+NzqVez2ZL//+3HKKF4sYkmh1Bg== +-----END OCSP RESPONSE----- diff --git a/tests/ocsp-tests/response3.der b/tests/ocsp-tests/response3.der new file mode 100644 index 0000000..39e09cf --- /dev/null +++ b/tests/ocsp-tests/response3.der @@ -0,0 +1,2 @@ +0 + \ No newline at end of file diff --git a/tests/ocsp-tests/signer-verify/response-ca.der b/tests/ocsp-tests/signer-verify/response-ca.der new file mode 100644 index 0000000..6052421 Binary files /dev/null and b/tests/ocsp-tests/signer-verify/response-ca.der differ diff --git a/tests/ocsp-tests/signer-verify/response-delegated.der b/tests/ocsp-tests/signer-verify/response-delegated.der new file mode 100644 index 0000000..717edfd Binary files /dev/null and b/tests/ocsp-tests/signer-verify/response-delegated.der differ diff --git a/tests/ocsp-tests/signer-verify/response-non-delegated.der b/tests/ocsp-tests/signer-verify/response-non-delegated.der new file mode 100644 index 0000000..02574d5 Binary files /dev/null and b/tests/ocsp-tests/signer-verify/response-non-delegated.der differ diff --git a/tests/ocsp-tests/signer-verify/trust.pem b/tests/ocsp-tests/signer-verify/trust.pem new file mode 100644 index 0000000..941a18a --- /dev/null +++ b/tests/ocsp-tests/signer-verify/trust.pem @@ -0,0 +1,50 @@ +-----BEGIN CERTIFICATE----- +MIIEVDCCArygAwIBAgIEL5gfejANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDExFU +ZXN0aW5nIEF1dGhvcml0eTAeFw0yMTA3MTExNjAxNTFaFw0yMjA3MTExNjAxNTFa +MBExDzANBgNVBAMTBlN1YiBDQTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoC +ggGBAM2sgcNoA0aadfC4CrZYsJyxYU+2o+Ai8YgadLhjQHwVhs6O4oXV5HEcgXrr +t0RLXY1bMnfXESeXMsawAo84D4tFY1WXXwBo6DqwpR886lHtxE8DJeahR6lejt/b +4Pv6i85gDLwVWfPIfvEDo1YBimPWYokRGNdrX087qkVMhiylESH/+E4X4ucEAN2m +bHBuYpw3DtEVZkZFABHBgp+2cj28JX5vDYv4yDbXBe+PlgMQTjpOMJOL5KyEmBh0 +BEqFpWltQvKZSiJEyIxB/SlVCu0RFqDyJDCvmuxZeYVadtna0BZ8mWyE/UCTnntc +/vgcoLVl70rldLqxtM8gauIbnFseUoKO7azsOGvHzpJHep3H45JjaKUzfmGxlkIg +mjzxRUVo6y4B2EzW2uuq/KRUH5E6nz7EXAXLpZorPWM1SO2Wvtj1agcY2B1q3/sb +ytmpAslcA24uhbjliQtv2luloGW9MumbIGMdM9TK3QCi1FmpC/xgLM7x+HY05JMm ++T3mHwIDAQABo4GoMIGlMA8GA1UdEwEB/wQFMAMBAf8wQQYIKwYBBQUHAQEENTAz +MDEGCCsGAQUFBzABhiVodHRwOi8vbG9jYWxob3N0Ojk5MzYvb2NzcC9hdXRob3Jp +dHkvMA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFGzMZrzodsQyo/WdQc9poCPB +rR5EMB8GA1UdIwQYMBaAFKNgxYBNWRk9dHE+PBe9koa4tpMpMA0GCSqGSIb3DQEB +CwUAA4IBgQBYPjCSqo7DuIE8t9/yh0wqOcLXXpM03fxFLeTGZIA+qodW4BN7R1GD +a+CmjXhBZe/hV4h6toENXbLwGZe0rMF8VoV9+YdH8Dc3qW6Xzz5qWbliqi48pi1x +fMPlJFFCd7+Upob4L0OmB+iAk5iLtlSdNivAVelgTX9jqb6d0hSySoaoxfKcqD6L +VhoIc7sjBAFUtRAg9fpqQEVCCoY+uV+Fkf45/i9kyj3uwHiSmdQ8PgggkUr2+KU5 +1O4UJiE/Z/N+7qBBCnrhSqpe3U+pI/2R9OWG4b8+hy3AQBx/3PRmVsSeY64MZm+1 +CKNvNYRhH+EyyFIBxszqJQz9oZSK9/LKkXZNEcJN6p7BNWRxunerzlrexVtFyaX9 +sTCBvJWnioAYRTzuo0sv6BA1jCTUfLp/iKeSwxBftlAGu65c3kynLowITWLCgSiX +N1CZjBW3wLyLs+66Ab4YapdlPka/Ru0ws6v3968iCgixNF3Dtu0nuEe2iYfCrdx2 +1qtUEwQRpJ4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID9jCCAl6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDExFUZXN0 +aW5nIEF1dGhvcml0eTAeFw0yMTA3MTExNTQxMzBaFw0yMjA3MTExNTQxMzBaMBwx +GjAYBgNVBAMTEVRlc3RpbmcgQXV0aG9yaXR5MIIBojANBgkqhkiG9w0BAQEFAAOC +AY8AMIIBigKCAYEAvws8rQionbM4c8Cy8nYa9CHay+CFvTTLVw9EO0Kczqaq4PAG +uP+72DF4qmoWemNZslV5609K/MMumVzjyBT/b1kn1i8RAH4STKZMpswA2wouLLd0 +QhUYlxvbD+9Fe7LXk9U+kdO6V+lpYQVW0F8uB1zYRIOpuQ11DWXllcDexHHJrTsj +NOeOI3Bicr2QuB1KhOlZHH7sC8eDtTzsT9TLP8ftzEynSeF0MbMobv6IB9xC405V +mD4Zlpmw8Zggu+exOhGNbmlMgvfvfYqRJOjO5JDEEuzgAeOvlqay35VwaVJDdXMF +0Rn+C5n8Hfaz1Eq1qkPo8C13YI2na7ZzhjWP//8H1gJUgkD2ajcR2mD8g2KSx3zw +GQMmLgqTERB6qoR0D+uLfPC7qSA/eIN5PdYGHDRwybKuiQLR2Q2Uh2kvmMk3LoDb +dMLbdKdQTB9aKKsy7lM0NItrXERleu4Ty/rJUVR2miYUqWFHuuNzXLMtVihFgmSb +/G+eSzqzRxauXfzjAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/ +BAUDAwcGADAdBgNVHQ4EFgQUo2DFgE1ZGT10cT48F72Shri2kykwDQYJKoZIhvcN +AQELBQADggGBAKqI+hv9mMV/4cGN6XHt5p6ks1j5j6Q5uH8cahQhyIvwc54F3d6q +Arkit25QhGs8IOriAO/BRTMCDv6hKQNgNN/3Lux1NPX9LBddku5S1NtfOF9Lqss4 +E5TYcZxPzY0QxdGeMa0TH5eq+9CNayXqo95n5ixx9NCnMHROAtgOfUr4j3AGfBdz +4C16x35+kB0EO/N4ieCZo84ArF3IpOKd6RLLbI6Y5GygxMn29BLLQWWYsckW67j2 +iQFvlSE67p+lJ3WDQHJ6acgIb1ZNiEAwC5y6za7XPbwhJ02HL+jbL8q4DpNwtd0r +PGU/xMB7C5Sx9DryoWQk9pLelIpLgnDSUfHUuxunpFf5b2QIB/6JKA/f2dNjZY/w +ma/HoS3nN6Poi+tO628GbBh07JTzbL0hTpRCIde5XbbuHyKdS//KERswCXYe0AGB +gL2IE87/6/+Ax+e78O62evlyHpuOQ82PR8qN0sldpANPG2Ko/KUT7W1hlo4wBLrn +1kb6HIISAJS1pQ== +-----END CERTIFICATE----- diff --git a/tests/ocsp-tests/suppressions.valgrind b/tests/ocsp-tests/suppressions.valgrind new file mode 100644 index 0000000..64c3db6 --- /dev/null +++ b/tests/ocsp-tests/suppressions.valgrind @@ -0,0 +1,8 @@ +{ + ld-uncond-jump + Memcheck:Cond + fun:index + fun:expand_dynamic_string_token + fun:fillin_rpath + ... +} diff --git a/tests/ocsp.c b/tests/ocsp.c new file mode 100644 index 0000000..0f1a1b8 --- /dev/null +++ b/tests/ocsp.c @@ -0,0 +1,1686 @@ +/* + * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* Tests the OCSP request and response parsing in gnutls. + * If this test fails, you most probably need to update your + * libtasn1 */ + +static time_t _then = 1332548220; + +static time_t mytime(time_t * t) +{ + + if (t) + *t = _then; + + return _then; +} + +/* sample request */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +#define REQ1 "\x30\x67\x30\x65\x30\x3e\x30\x3c\x30\x3a\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14\x13\x9d\xa0\x9e\xf4\x32\xab\x8f\xe2\x89\x56\x67\xfa\xd0\xd4\xe3\x35\x86\x71\xb9\x04\x14\x5d\xa7\xdd\x70\x06\x51\x32\x7e\xe7\xb6\x6d\xb3\xb5\xe5\xe0\x60\xea\x2e\x4d\xef\x02\x01\x1d\xa2\x23\x30\x21\x30\x1f\x06\x09\x2b\x06\x01\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x35\xc5\xe3\x50\xc3\xcf\x04\x33\xcc\x9e\x06\x3a\x9a\x18\x80\xcc" + +static const gnutls_datum_t req1 = + { (unsigned char *) REQ1, sizeof(REQ1) - 1 }; + +#define REQ1INFO \ + "OCSP Request Information:\n" \ + " Version: 1\n" \ + " Request List:\n" \ + " Certificate ID:\n" \ + " Hash Algorithm: SHA1\n" \ + " Issuer Name Hash: 139da09ef432ab8fe2895667fad0d4e3358671b9\n" \ + " Issuer Key Hash: 5da7dd700651327ee7b66db3b5e5e060ea2e4def\n" \ + " Serial Number: 1d\n" \ + " Extensions:\n" \ + " Nonce: 35c5e350c3cf0433cc9e063a9a1880cc\n" + +#define REQ1NONCE "\x04\x10\x35\xc5\xe3\x50\xc3\xcf\x04\x33\xcc\x9e\x06\x3a\x9a\x18\x80\xcc" + +#define REQ1INH "\x13\x9d\xa0\x9e\xf4\x32\xab\x8f\xe2\x89\x56\x67\xfa\xd0\xd4\xe3\x35\x86\x71\xb9" +#define REQ1IKH "\x5d\xa7\xdd\x70\x06\x51\x32\x7e\xe7\xb6\x6d\xb3\xb5\xe5\xe0\x60\xea\x2e\x4d\xef" +#define REQ1SN "\x1d" + +/* sample response */ + +#define RESP1 "\x30\x03\x0a\x01\x01" + +static const gnutls_datum_t resp1 = + { (unsigned char *) RESP1, sizeof(RESP1) - 1 }; + +#define RESP1INFO \ + "OCSP Response Information:\n" \ + " Response Status: malformedRequest\n" + +#define RESP2 "\x30\x82\x06\x8C\x0A\x01\x00\xA0\x82\x06\x85\x30\x82\x06\x81\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\x72\x30\x82\x06\x6E\x30\x82\x01\x07\xA1\x69\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\x30\x64\x30\x62\x30\x3A\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x13\x9D\xA0\x9E\xF4\x32\xAB\x8F\xE2\x89\x56\x67\xFA\xD0\xD4\xE3\x35\x86\x71\xB9\x04\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\x02\x01\x1D\x80\x00\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\xA0\x11\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x39\x32\x38\x5A\xA1\x23\x30\x21\x30\x1F\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x16\x89\x7D\x91\x3A\xB5\x25\xA4\x45\xFE\xC9\xFD\xC2\xE5\x08\xA4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\xAD\x6B\x2B\xF7\xF2\xBF\xA9\x23\x1E\x3A\x0B\x06\xDB\x55\x53\x2B\x64\x54\x11\x32\xBF\x60\xF7\x4F\xE0\x8E\x9B\xA0\xA2\x4C\x79\xC3\x2A\xE0\x43\xF7\x40\x1A\xDC\xB9\xB4\x25\xEF\x48\x01\x97\x8C\xF5\x1E\xDB\xD1\x30\x37\x73\x69\xD6\xA7\x7A\x2D\x8E\xDE\x5C\xAA\xEA\x39\xB9\x52\xAA\x25\x1E\x74\x7D\xF9\x78\x95\x8A\x92\x1F\x98\x21\xF4\x60\x7F\xD3\x28\xEE\x47\x9C\xBF\xE2\x5D\xF6\x3F\x68\x0A\xD6\xFF\x08\xC1\xDC\x95\x1E\x29\xD7\x3E\x85\xD5\x65\xA4\x4B\xC0\xAF\xC3\x78\xAB\x06\x98\x88\x19\x8A\x64\xA6\x83\x91\x87\x13\xDB\x17\xCC\x46\xBD\xAB\x4E\xC7\x16\xD1\xF8\x35\xFD\x27\xC8\xF6\x6B\xEB\x37\xB8\x08\x6F\xE2\x6F\xB4\x7E\xD5\x68\xDB\x7F\x5D\x5E\x36\x38\xF2\x77\x59\x13\xE7\x3E\x4D\x67\x5F\xDB\xA2\xF5\x5D\x7C\xBF\xBD\xB5\x37\x33\x51\x36\x63\xF8\x21\x1E\xFC\x73\x8F\x32\x69\xBB\x97\xA7\xBD\xF1\xB6\xE0\x40\x09\x68\xEA\xD5\x93\xB8\xBB\x39\x8D\xA8\x16\x1B\xBF\x04\x7A\xBC\x18\x43\x01\xE9\x3C\x19\x5C\x4D\x4B\x98\xD8\x23\x37\x39\xA4\xC4\xDD\xED\x9C\xEC\x37\xAB\x66\x44\x9B\xE7\x5B\x5D\x32\xA2\xDB\xA6\x0B\x3B\x8C\xE1\xF5\xDB\xCB\x7D\x58\xA0\x82\x04\x4B\x30\x82\x04\x47\x30\x82\x04\x43\x30\x82\x03\x2B\xA0\x03\x02\x01\x02\x02\x01\x1E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x39\x31\x31\x32\x34\x31\x32\x35\x31\x35\x33\x5A\x17\x0D\x31\x34\x31\x31\x32\x33\x31\x32\x35\x31\x35\x33\x5A\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBC\x05\x3E\x4B\xBE\xC6\xB1\x33\x48\x0E\xC3\xD4\x0C\xEF\x83\x0B\xBD\xBC\x57\x5F\x14\xEF\xF5\x6D\x0B\xFF\xFA\x01\x9C\xFA\x21\x6D\x5C\xAE\x79\x29\x74\xFE\xBD\xAB\x70\x87\x98\x6B\x48\x35\x79\xE3\xE0\xC1\x14\x41\x1F\x0A\xF7\xE7\xA3\xA6\xDA\x6B\xFF\xCD\x74\xE9\x95\x00\x38\xAA\xD6\x3A\x60\xC6\x64\xA1\xE6\x02\x39\x58\x4E\xFD\xF2\x78\x08\x63\xB6\xD7\x7A\x96\x79\x62\x18\x39\xEE\x27\x8D\x3B\xA2\x3D\x48\x88\xDB\x43\xD6\x6A\x77\x20\x6A\x27\x39\x50\xE0\x02\x50\x19\xF2\x7A\xCF\x78\x23\x99\x01\xD4\xE5\xB1\xD1\x31\xE6\x6B\x84\xAF\xD0\x77\x41\x46\x85\xB0\x3B\xE6\x6A\x00\x0F\x3B\x7E\x95\x7F\x59\xA8\x22\xE8\x49\x49\x05\xC8\xCB\x6C\xEE\x47\xA7\x2D\xC9\x74\x5B\xEB\x8C\xD5\x99\xC2\xE2\x70\xDB\xEA\x87\x43\x84\x0E\x4F\x83\x1C\xA6\xEB\x1F\x22\x38\x17\x69\x9B\x72\x12\x95\x48\x71\xB2\x7B\x92\x73\x52\xAB\xE3\x1A\xA5\xD3\xF4\x44\x14\xBA\xC3\x35\xDA\x91\x6C\x7D\xB4\xC2\x00\x07\xD8\x0A\x51\xF1\x0D\x4C\xD9\x7A\xD1\x99\xE6\xA8\x8D\x0A\x80\xA8\x91\xDD\x8A\xA2\x6B\xF6\xDB\xB0\x3E\xC9\x71\xA9\xE0\x39\xC3\xA3\x58\x0D\x87\xD0\xB2\xA7\x9C\xB7\x69\x02\x03\x01\x00\x01\xA3\x82\x01\x1A\x30\x82\x01\x16\x30\x09\x06\x03\x55\x1D\x13\x04\x02\x30\x00\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x03\xA8\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x34\x91\x6E\x91\x32\xBF\x35\x25\x43\xCC\x28\x74\xEF\x82\xC2\x57\x92\x79\x13\x73\x30\x6D\x06\x03\x55\x1D\x23\x04\x66\x30\x64\x80\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\xA1\x49\xA4\x47\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x82\x01\x00\x30\x1E\x06\x03\x55\x1D\x11\x04\x17\x30\x15\x82\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x13\x06\x03\x55\x1D\x25\x04\x0C\x30\x0A\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x39\x06\x03\x55\x1D\x1F\x04\x32\x30\x30\x30\x2E\xA0\x2C\xA0\x2A\x86\x28\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x2F\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x6D\x78\xD7\x66\x90\xA6\xEB\xDD\xB5\x09\x48\xA4\xDA\x27\xFA\xAC\xB1\xBC\x8F\x8C\xBE\xCC\x8C\x09\xA2\x40\x0D\x6C\x4A\xAE\x72\x22\x1E\xC8\xAF\x6D\xF1\x12\xAF\xD7\x40\x51\x79\xD4\xDD\xB2\x0C\xDB\x97\x84\xB6\x24\xD5\xF5\xA8\xBB\xC0\x4B\xF9\x7F\x71\xF7\xB0\x65\x42\x4A\x7D\xFE\x76\x7E\x05\xD2\x46\xB8\x7D\xB3\x39\x4C\x5C\xB1\xFA\xB9\xEE\x3B\x70\x33\x39\x57\x1A\xB9\x95\x51\x33\x00\x25\x1B\x4C\xAA\xB4\xA7\x55\xAF\x63\x6D\x6F\x88\x17\x6A\x7F\xB0\x97\xDE\x49\x14\x6A\x27\x6A\xB0\x42\x80\xD6\xA6\x9B\xEF\x04\x5E\x11\x7D\xD5\x8E\x54\x20\xA2\x76\xD4\x66\x58\xAC\x9C\x12\xD3\xF5\xCA\x54\x98\xCA\x21\xEC\xC1\x55\xA1\x2F\x68\x0B\x5D\x04\x50\xD2\x5E\x70\x25\xD8\x13\xD9\x44\x51\x0E\x8A\x42\x08\x18\x84\xE6\x61\xCE\x5A\x7D\x7B\x81\x35\x90\xC3\xD4\x9D\x19\xB6\x37\xEE\x8F\x63\x5C\xDA\xD8\xF0\x64\x60\x39\xEB\x9B\x1C\x54\x66\x75\x76\xB5\x0A\x58\xB9\x3F\x91\xE1\x21\x9C\xA0\x50\x15\x97\xB6\x7E\x41\xBC\xD0\xC4\x21\x4C\xF5\xD7\xF0\x13\xF8\x77\xE9\x74\xC4\x8A\x0E\x20\x17\x32\xAE\x38\xC2\xA5\xA8\x62\x85\x17\xB1\xA2\xD3\x22\x9F\x95\xB7\xA3\x4C" + +#define RESP2INFO \ + "OCSP Response Information:\n" \ + " Response Status: Successful\n" \ + " Response Type: Basic OCSP Response\n" \ + " Version: 1\n" \ + " Responder ID: CN=ocsp.strongswan.org,OU=OCSP Signing Authority,O=Linux strongSwan,C=CH\n" \ + " Produced At: Tue Sep 27 09:54:28 UTC 2011\n" \ + " Responses:\n" \ + " Certificate ID:\n" \ + " Hash Algorithm: SHA1\n" \ + " Issuer Name Hash: 139da09ef432ab8fe2895667fad0d4e3358671b9\n" \ + " Issuer Key Hash: 5da7dd700651327ee7b66db3b5e5e060ea2e4def\n" \ + " Serial Number: 1d\n" \ + " Certificate Status: good\n" \ + " This Update: Tue Sep 27 09:54:28 UTC 2011\n" \ + " Next Update: Tue Sep 27 09:59:28 UTC 2011\n" \ + " Extensions:\n" \ + " Nonce: 16897d913ab525a445fec9fdc2e508a4\n" \ + " Signature Algorithm: RSA-SHA1\n" \ + " Signature:\n" \ + " 4e:ad:6b:2b:f7:f2:bf:a9:23:1e:3a:0b:06:db:55:53\n" \ + " 2b:64:54:11:32:bf:60:f7:4f:e0:8e:9b:a0:a2:4c:79\n" \ + " c3:2a:e0:43:f7:40:1a:dc:b9:b4:25:ef:48:01:97:8c\n" \ + " f5:1e:db:d1:30:37:73:69:d6:a7:7a:2d:8e:de:5c:aa\n" \ + " ea:39:b9:52:aa:25:1e:74:7d:f9:78:95:8a:92:1f:98\n" \ + " 21:f4:60:7f:d3:28:ee:47:9c:bf:e2:5d:f6:3f:68:0a\n" \ + " d6:ff:08:c1:dc:95:1e:29:d7:3e:85:d5:65:a4:4b:c0\n" \ + " af:c3:78:ab:06:98:88:19:8a:64:a6:83:91:87:13:db\n" \ + " 17:cc:46:bd:ab:4e:c7:16:d1:f8:35:fd:27:c8:f6:6b\n" \ + " eb:37:b8:08:6f:e2:6f:b4:7e:d5:68:db:7f:5d:5e:36\n" \ + " 38:f2:77:59:13:e7:3e:4d:67:5f:db:a2:f5:5d:7c:bf\n" \ + " bd:b5:37:33:51:36:63:f8:21:1e:fc:73:8f:32:69:bb\n" \ + " 97:a7:bd:f1:b6:e0:40:09:68:ea:d5:93:b8:bb:39:8d\n" \ + " a8:16:1b:bf:04:7a:bc:18:43:01:e9:3c:19:5c:4d:4b\n" \ + " 98:d8:23:37:39:a4:c4:dd:ed:9c:ec:37:ab:66:44:9b\n" \ + " e7:5b:5d:32:a2:db:a6:0b:3b:8c:e1:f5:db:cb:7d:58\n" + /* cut */ + +static const gnutls_datum_t resp2 = + { (unsigned char *) RESP2, sizeof(RESP2) - 1 }; + +#define RESP3 "\x30\x82\x01\xd3\x0a\x01\x00\xa0\x82\x01\xcc\x30\x82\x01\xc8\x06\x09\x2b\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x01\xb9\x30\x82\x01\xb5\x30\x81\x9e\xa2\x16\x04\x14\x50\xea\x73\x89\xdb\x29\xfb\x10\x8f\x9e\xe5\x01\x20\xd4\xde\x79\x99\x48\x83\xf7\x18\x0f\x32\x30\x31\x34\x30\x39\x30\x34\x30\x35\x34\x39\x30\x30\x5a\x30\x73\x30\x71\x30\x49\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14\xed\x48\xad\xdd\xcb\x7b\x00\xe2\x0e\x84\x2a\xa9\xb4\x09\xf1\xac\x30\x34\xcf\x96\x04\x14\x50\xea\x73\x89\xdb\x29\xfb\x10\x8f\x9e\xe5\x01\x20\xd4\xde\x79\x99\x48\x83\xf7\x02\x10\x02\x01\x48\x91\x5d\xfd\x5e\xb6\xe0\x02\x90\xa9\x67\xb0\xe4\x64\x80\x00\x18\x0f\x32\x30\x31\x34\x30\x39\x30\x34\x30\x35\x34\x39\x30\x30\x5a\xa0\x11\x18\x0f\x32\x30\x31\x34\x30\x39\x31\x31\x30\x36\x30\x34\x30\x30\x5a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x6e\x5e\x5e\x81\xff\x3f\x4d\xc7\x53\xc7\x1b\xf3\xd3\x1d\xdc\x9a\xc7\xce\x77\x2c\x67\x56\x13\x98\x91\x02\x01\x76\xdc\x48\xb2\x1f\x9b\x17\xea\xbf\x2c\x0a\xf5\x1d\x98\x90\x3c\x5f\x55\xc2\xff\x4b\x9a\xbc\xa6\x83\x9e\xab\x2b\xeb\x9d\x01\xea\x3b\x5f\xbe\x03\x29\x70\x63\x2a\xa4\x1d\xa8\xab\x69\xb2\x64\xba\x5d\x73\x91\x5c\x92\xf3\x69\xd4\xc9\x39\x9c\x7c\x7d\xa2\x47\x92\xc2\x56\xfe\xa1\x0d\x4a\x69\xff\xda\x48\xc5\x5e\xd8\xab\x39\x88\x6a\x06\xfa\x07\x57\xd6\x48\xb5\xce\xc9\x5f\xa5\x96\xfe\x37\x18\x5e\x7f\x35\x51\xc1\x9e\x79\x5a\x26\xba\x67\x67\x38\x2a\x80\x75\x42\x99\x68\x3e\xec\x2f\x7e\x2d\xa1\xa6\xbe\x9f\x01\x51\x22\x88\x3a\xc9\x9c\xed\x51\xef\x21\x66\x7e\xa9\xd0\x3f\x13\x9c\xbb\xd2\x94\x14\x6f\x4b\xd9\xc4\xf5\x2c\xf5\x7d\x07\x68\xf3\x51\xac\xda\xc2\x09\x66\xa9\x3d\xed\xad\x02\x4d\x9c\x11\x29\x1a\x54\xfb\x1e\x7e\x36\xf4\xbb\x0d\x08\x8c\x6a\x42\x08\x10\x29\x08\x7c\x56\x0b\x18\x47\xff\x87\x11\xfd\xb2\xfb\xc9\x22\x7f\xe3\x1f\x7b\xf9\x98\xaa\x3a\x32\xb6\x2f\x02\xba\xb6\xc1\xdc\xc3\x5d\xb5\x4b\xae\x5d\x29\x6a\x31\xde\xcd" + +#define RESP3INFO "OCSP Response Information:\n" \ +" Response Status: Successful\n" \ +" Response Type: Basic OCSP Response\n" \ +" Version: 1\n" \ +" Responder Key ID: 50ea7389db29fb108f9ee50120d4de79994883f7\n" \ +" Produced At: Thu Sep 04 05:49:00 UTC 2014\n" \ +" Responses:\n" \ +" Certificate ID:\n" \ +" Hash Algorithm: SHA1\n" \ +" Issuer Name Hash: ed48adddcb7b00e20e842aa9b409f1ac3034cf96\n" \ +" Issuer Key Hash: 50ea7389db29fb108f9ee50120d4de79994883f7\n" \ +" Serial Number: 020148915dfd5eb6e00290a967b0e464\n" \ +" Certificate Status: good\n" \ +" This Update: Thu Sep 04 05:49:00 UTC 2014\n" \ +" Next Update: Thu Sep 11 06:04:00 UTC 2014\n" \ +" Extensions:\n" \ +" Signature Algorithm: RSA-SHA1\n" \ +" Signature:\n" \ +" 6e:5e:5e:81:ff:3f:4d:c7:53:c7:1b:f3:d3:1d:dc:9a\n" \ +" c7:ce:77:2c:67:56:13:98:91:02:01:76:dc:48:b2:1f\n" \ +" 9b:17:ea:bf:2c:0a:f5:1d:98:90:3c:5f:55:c2:ff:4b\n" \ +" 9a:bc:a6:83:9e:ab:2b:eb:9d:01:ea:3b:5f:be:03:29\n" \ +" 70:63:2a:a4:1d:a8:ab:69:b2:64:ba:5d:73:91:5c:92\n" \ +" f3:69:d4:c9:39:9c:7c:7d:a2:47:92:c2:56:fe:a1:0d\n" \ +" 4a:69:ff:da:48:c5:5e:d8:ab:39:88:6a:06:fa:07:57\n" \ +" d6:48:b5:ce:c9:5f:a5:96:fe:37:18:5e:7f:35:51:c1\n" \ +" 9e:79:5a:26:ba:67:67:38:2a:80:75:42:99:68:3e:ec\n" \ +" 2f:7e:2d:a1:a6:be:9f:01:51:22:88:3a:c9:9c:ed:51\n" \ +" ef:21:66:7e:a9:d0:3f:13:9c:bb:d2:94:14:6f:4b:d9\n" \ +" c4:f5:2c:f5:7d:07:68:f3:51:ac:da:c2:09:66:a9:3d\n" \ +" ed:ad:02:4d:9c:11:29:1a:54:fb:1e:7e:36:f4:bb:0d\n" \ +" 08:8c:6a:42:08:10:29:08:7c:56:0b:18:47:ff:87:11\n" \ +" fd:b2:fb:c9:22:7f:e3:1f:7b:f9:98:aa:3a:32:b6:2f\n" \ +" 02:ba:b6:c1:dc:c3:5d:b5:4b:ae:5d:29:6a:31:de:cd\n" + +static const gnutls_datum_t resp3 = + { (unsigned char *) RESP3, sizeof(RESP3) - 1 }; + +static unsigned char issuer_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDuDCCAqCgAwIBAgIBADANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ\n" + "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS\n" + "b290IENBMB4XDTA0MDkxMDEwMDExOFoXDTE5MDkwNzEwMDExOFowRTELMAkGA1UE\n" + "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u\n" + "Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y\n" + "X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f\n" + "FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc\n" + "4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/\n" + "7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5\n" + "gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr\n" + "K+1LwdqRxo7HgMRiDw8CAwEAAaOBsjCBrzASBgNVHRMBAf8ECDAGAQH/AgEBMAsG\n" + "A1UdDwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0j\n" + "BGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkw\n" + "FwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJv\n" + "b3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACOSmqEBtBLR9aV3UyCI8gmzR5in\n" + "Lte9aUXXS+qis6F2h2Stf4sN+Nl6Gj7REC6SpfEH4wWdwiUL5J0CJhyoOjQuDl3n\n" + "1Dw3dE4/zqMZdyDKEYTU75TmvusNJBdGsLkrf7EATAjoi/nrTOYPPhSUZvPp/D+Y\n" + "vORJ9Ej51GXlK1nwEB5iA8+tDYniNQn6BD1MEgIejzK+fbiy7braZB1kqhoEr2Si\n" + "7luBSnU912sw494E88a2EWbmMvg2TVHPNzCpVkpNk7kifCiwmw9VldkqYy9y/lCa\n" + "Epyp7lTfKw7cbD04Vk8QJW782L6Csuxkl346b17wmOqn8AZips3tFsuAY3w=\n" + "-----END CERTIFICATE-----\n"; +const gnutls_datum_t issuer_data = { issuer_pem, sizeof(issuer_pem) }; + +static unsigned char subject_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEIjCCAwqgAwIBAgIBHTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ\n" + "MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS\n" + "b290IENBMB4XDTA5MDgyNzEwNDQ1MVoXDTE0MDgyNjEwNDQ1MVowWjELMAkGA1UE\n" + "BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh\n" + "cmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcN\n" + "AQEBBQADggEPADCCAQoCggEBANBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx\n" + "6kRPsjYAuuktgXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZ\n" + "Gamo5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6q95V\n" + "Wu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF5AzkZnFrw12G\n" + "I72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5PUdoDCte/Mcr1iiA+zOov\n" + "x55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3WEKTAmsZrVECAwEAAaOCAQYwggEC\n" + "MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBQfoamI2WSMtaCiVGQ5\n" + "tPI9dF1ufDBtBgNVHSMEZjBkgBRdp91wBlEyfue2bbO15eBg6i5N76FJpEcwRTEL\n" + "MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT\n" + "EnN0cm9uZ1N3YW4gUm9vdCBDQYIBADAfBgNVHREEGDAWgRRjYXJvbEBzdHJvbmdz\n" + "d2FuLm9yZzA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4u\n" + "b3JnL3N0cm9uZ3N3YW4uY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQC8pqX3KrSzKeul\n" + "GdzydAV4hGwYB3WiB02oJ2nh5MJBu7J0Kn4IVkvLUHSSZhSRxx55tQZfdYqtXVS7\n" + "ZuyG+6rV7sb595SIRwfkLAdjbvv0yZIl4xx8j50K3yMR+9aXW1NSGPEkb8BjBUMr\n" + "F2kjGTOqomo8OIzyI369z9kJrtEhnS37nHcdpewZC1wHcWfJ6wd9wxmz2dVXmgVQ\n" + "L2BjXd/BcpLFaIC4h7jMXQ5FURjnU7K9xSa4T8PpR6FrQhOcIYBXAp94GiM8JqmK\n" + "ZBGUpeP+3cy4i3DV18Kyr64Q4XZlzhZClNE43sgMqiX88dc3znpDzT7T51j+d+9k\n" + "Rf5Z0GOR\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t subject_data = { subject_pem, sizeof(subject_pem) }; + +/* For testing verify functions. */ + +#define BLOG_RESP "\x30\x82\x06\xF8\x0A\x01\x00\xA0\x82\x06\xF1\x30\x82\x06\xED\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\xDE\x30\x82\x06\xDA\x30\x82\x01\x25\xA1\x7E\x30\x7C\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x41\x55\x31\x0C\x30\x0A\x06\x03\x55\x04\x08\x13\x03\x4E\x53\x57\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x13\x06\x53\x79\x64\x6E\x65\x79\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x43\x41\x63\x65\x72\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15\x53\x65\x72\x76\x65\x72\x20\x41\x64\x6D\x69\x6E\x69\x73\x74\x72\x61\x74\x69\x6F\x6E\x31\x18\x30\x16\x06\x03\x55\x04\x03\x13\x0F\x6F\x63\x73\x70\x2E\x63\x61\x63\x65\x72\x74\x2E\x6F\x72\x67\x18\x0F\x32\x30\x31\x32\x30\x31\x31\x33\x30\x38\x35\x30\x34\x32\x5A\x30\x66\x30\x64\x30\x3C\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\xF2\x2A\x62\x16\x93\xA6\xDA\x5A\xD0\xB9\x8D\x3A\x13\x5E\x35\xD1\xEB\x18\x36\x61\x04\x14\x75\xA8\x71\x60\x4C\x88\x13\xF0\x78\xD9\x89\x77\xB5\x6D\xC5\x89\xDF\xBC\xB1\x7A\x02\x03\x00\xBC\xE0\x80\x00\x18\x0F\x32\x30\x31\x32\x30\x31\x31\x33\x30\x37\x32\x30\x34\x39\x5A\xA0\x11\x18\x0F\x32\x30\x31\x32\x30\x31\x31\x35\x30\x38\x35\x30\x34\x32\x5A\xA1\x2A\x30\x28\x30\x26\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02\x04\x19\x04\x17\x73\x69\xD2\xC5\x6F\xC7\x7E\x2E\xB0\x2F\xCC\xC3\xE2\x80\xD6\x2A\xCE\xD3\xDE\x8F\x27\x1B\xB2\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x3E\x50\x9D\xE9\xA2\xE0\xCA\x33\x88\x9B\x28\x7E\xE7\xA4\xAF\xDA\xBB\x75\x2D\xD9\x66\xA6\xD5\xFA\x17\x56\xC0\x3B\xDD\x74\xB6\x7E\x42\x2C\x28\xD0\x73\x91\x54\x69\xFA\xCF\xD8\xC7\x74\x1C\x5D\xBC\x8E\xCD\xE3\x0E\xD5\x3F\x80\x71\x9C\x95\x53\xC4\xD1\x95\x63\x5D\x72\xCE\xCC\x77\x9D\x7C\xAD\x47\x3F\x34\xDA\x90\x80\xC5\x15\xE1\x2B\xEE\x98\x57\xA3\xA7\x9F\xA2\xC3\xF5\x5E\xF7\x13\x26\x52\xDA\x09\x38\x5B\x18\x91\x07\x38\xCF\x09\xDA\x08\xED\x80\x4F\x26\x3A\xB9\xBE\xF6\xED\x65\x3F\xB1\x3A\x6D\xA3\x87\x22\xA3\x2A\xA5\x99\xCC\x06\xF3\x5A\xD5\x34\xFB\x9E\x32\x28\xC3\x3E\xF4\xAF\x33\x02\xCF\x6A\x74\x73\x17\x24\x17\x41\x0D\x7E\x86\x79\x83\x34\xE8\x82\x0A\x0D\x21\xED\xCB\x3B\xB7\x31\x64\xC9\xB6\x1E\xC7\x0C\x75\xCE\xBA\xB7\xDC\xB2\x67\x96\x2B\xAD\xBF\x86\x22\x81\x54\x66\xBA\x68\x89\xD7\x7E\x35\x60\x93\xEC\x6B\xD8\x59\x23\xA0\xD0\x95\x55\x8F\x93\x52\x48\x4E\x48\xCB\x92\xE9\x67\x71\x60\x07\xC9\xA3\x3B\xAC\xD1\xEA\x5B\x71\xDB\xC1\x94\x79\x85\x55\x8C\x03\x61\x9E\xC7\xD6\x32\x40\xFA\xDD\xF6\xC9\xF8\xE0\xFF\x4D\xAC\x54\xED\x61\xFE\xB2\xA0\x82\x04\x99\x30\x82\x04\x95\x30\x82\x04\x91\x30\x82\x02\x79\xA0\x03\x02\x01\x02\x02\x03\x00\xDC\xA6\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x54\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x43\x41\x63\x65\x72\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x43\x41\x63\x65\x72\x74\x2E\x6F\x72\x67\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x43\x41\x63\x65\x72\x74\x20\x43\x6C\x61\x73\x73\x20\x33\x20\x52\x6F\x6F\x74\x30\x1E\x17\x0D\x31\x31\x30\x38\x32\x33\x30\x30\x30\x38\x33\x37\x5A\x17\x0D\x31\x33\x30\x38\x32\x32\x30\x30\x30\x38\x33\x37\x5A\x30\x7C\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x41\x55\x31\x0C\x30\x0A\x06\x03\x55\x04\x08\x13\x03\x4E\x53\x57\x31\x0F\x30\x0D\x06\x03\x55\x04\x07\x13\x06\x53\x79\x64\x6E\x65\x79\x31\x14\x30\x12\x06\x03\x55\x04\x0A\x13\x0B\x43\x41\x63\x65\x72\x74\x20\x49\x6E\x63\x2E\x31\x1E\x30\x1C\x06\x03\x55\x04\x0B\x13\x15\x53\x65\x72\x76\x65\x72\x20\x41\x64\x6D\x69\x6E\x69\x73\x74\x72\x61\x74\x69\x6F\x6E\x31\x18\x30\x16\x06\x03\x55\x04\x03\x13\x0F\x6F\x63\x73\x70\x2E\x63\x61\x63\x65\x72\x74\x2E\x6F\x72\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\x9C\xC6\xD4\x6F\xE4\x23\xC7\xC3\x70\x4B\x75\x1F\xE4\xFC\xAE\xF6\x62\xC4\x60\xA1\xD6\xCF\xF9\x47\x40\x38\xD9\xAF\x06\xF5\xB3\x87\x09\xBA\x07\xC8\x7A\x3B\xE3\x3A\xE2\xC1\x6B\xDB\x0E\x9B\x7B\xB4\x98\x04\x40\x88\xC8\xE4\x20\x34\x9D\x5F\x94\xAE\x0C\xA0\x05\xA1\x74\x10\x3F\x1F\x93\x6D\xC5\xA0\xCE\x29\xB0\x2A\x03\x6E\xED\x3B\xD1\x9A\x7A\xF7\x0F\xA7\xB7\x39\xD7\xC3\xB4\xDE\x15\x67\x94\xF2\xEF\xB0\xDD\x5F\xE3\xC9\xD8\xD2\x34\x0E\x5D\x44\xDF\xBF\x99\xD8\x5E\x60\xF4\x39\x24\x8A\xFD\x5D\xC8\x46\x8D\x0A\xB1\x60\x7A\x4F\xD5\x27\x30\x60\x9E\x13\x06\xF8\x3A\xAA\xB3\xBB\x33\x34\x6F\x84\x81\x7E\x5C\xCC\x12\x89\xF2\xFE\x6E\x93\x83\xFA\x8B\xEE\xAB\x36\x4C\xB6\x40\xA9\xEE\xFB\xF8\x16\x5A\x55\xD1\x64\x0D\x49\xDA\x04\xDE\xD1\xC8\xCA\xEE\x5F\x24\xB1\x79\x78\xB3\x9A\x88\x13\xDD\x68\x51\x39\xE9\x68\x31\xAF\xD7\xF8\x4D\x35\x6D\x60\x58\x04\x42\xBB\x55\x92\x18\xF6\x98\x01\xA5\x74\x3B\xBC\x36\xDB\x20\x68\x18\xB8\x85\xD4\x8B\x6D\x30\x87\x4D\xD6\x33\x2D\x7A\x54\x36\x1D\x57\x42\x14\x5C\x7A\x62\x74\xD5\x1E\x2B\xD5\xBF\x04\xF3\xFF\xEC\x03\xC1\x02\x03\x01\x00\x01\xA3\x44\x30\x42\x30\x0C\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x02\x30\x00\x30\x27\x06\x03\x55\x1D\x25\x04\x20\x30\x1E\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x02\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x09\x06\x03\x55\x1D\x11\x04\x02\x30\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\x50\xDD\x63\xB7\x1A\x6F\x91\x4C\xE8\x7F\x82\x1A\x27\x04\x81\x05\xBB\xA6\x69\xAC\x41\x7B\x62\xFC\x4B\x08\xDC\x60\xCF\xB2\x5A\xF1\xB4\xB5\x27\x69\x6B\x12\xE4\x07\xC8\x16\xCE\x3B\x42\xCC\x02\x90\x66\x0E\x79\xB8\x6C\x4B\x90\x00\xC5\x66\x64\x92\x2B\x2B\x48\x0E\x84\xC2\x6D\xBF\xA5\xDE\x16\xE3\xBD\x19\xF5\x5C\x93\xA1\x86\x7F\xD9\x89\x78\x6A\x3F\x83\xF0\xAA\xF8\xEA\x1D\xA4\x13\xF7\x2A\x15\x4C\x51\x9C\xC4\xB0\xBE\x58\x66\xCF\x4C\x6C\x3D\x31\xE5\xF9\x54\x21\xCD\xA1\x30\x01\x6A\xB3\x1A\x48\x85\x34\x93\xB8\xF9\x15\x19\x48\x34\x8D\x73\xE7\x03\x50\xAF\xDE\x50\xC7\x62\xAF\x25\x22\x2B\xF6\xE8\x37\x2E\xE4\x71\xA9\x5C\x26\xEA\x79\xCB\x04\x29\x73\x6B\x8F\xDF\x1F\x5C\x41\x52\xC0\x36\xAA\xD7\x7D\x8E\x44\x54\x98\x06\x4C\x63\xA6\x0B\x01\x94\x5D\x0C\x5C\xD4\xCF\xCB\x0B\x7B\x2D\x56\xCC\xBF\x97\x7F\x15\x24\x1D\xBA\xEA\xB7\x97\xB0\x32\xAD\xFC\xEA\x6D\x94\x39\x7A\xE3\x25\x54\xFC\x4A\xF5\x3D\xBD\x2E\xD5\x31\x07\x49\x24\xCC\x92\x69\x0E\x79\xB9\xDF\xDB\x36\xBF\x04\x44\x15\xD0\x46\x99\x8C\xD2\x4C\x94\x38\x0E\x10\x64\x13\xAB\xD9\x1B\x54\x02\x31\x56\x20\xEE\x69\x95\xDF\x39\xBB\xE9\xA7\x6D\xC3\x23\x86\x0B\xD6\x34\x40\x37\xC3\xD4\x41\xA8\x2E\x71\x1D\x6E\x5B\xD7\xC5\x9F\x2A\xE6\x02\x80\xAE\x0A\x28\x69\x63\x4B\x89\x2E\xBD\x4F\x42\x58\xFB\x86\x9A\xA2\x18\xDC\xC6\x32\xC1\x46\xBA\x28\xD2\x8B\xCE\x56\x63\x04\x80\x51\x51\x39\x00\x3B\x00\xB9\x5F\x67\xFA\x90\x1E\xDA\x76\xB5\x31\xA5\xBD\x11\xD2\x5F\xDA\x5D\xD5\xF7\xEE\xAB\xC0\x62\x74\x60\x47\x32\x42\xFD\xB2\x2E\x04\x3A\x2E\xF2\xC8\xB3\x41\xA3\xBD\xFE\x94\x5F\xEF\x6E\xD7\x92\x7C\x1D\x04\xF0\xC6\x53\x8E\x46\xDC\x30\x3A\x35\x5F\x1A\x4B\xEA\x3B\x00\x8B\x97\xB5\xB9\xCE\x71\x6E\x5C\xD5\xA0\x0B\xB1\x33\x08\x89\x61\x23\xCF\x97\x9F\x8F\x9A\x50\xB5\xEC\xCE\x40\x8D\x82\x95\x8B\x79\x26\x66\xF3\xF4\x70\xD8\xEE\x58\xDD\x75\x29\xD5\x6A\x91\x51\x7A\x17\xBC\x4F\xD4\xA3\x45\x7B\x84\xE7\xBE\x69\x53\xC1\xE2\x5C\xC8\x45\xA0\x3A\xEC\xDF\x8A\x1E\xC1\x18\x84\x8B\x7A\x4E\x4E\x9E\x3A\x26\xFE\x5D\x22\xD4\xC5\x14\xBE\xEE\x06\xEB\x05\x4A\x66\xC9\xA4\xB3\x68\x04\xB0\x5D\x25\x54\xB3\x05\xED\x41\xF0\x65\x69\x6D\xA5\x4E\xB7\x97\xD8\xD8\xF5" + +static const gnutls_datum_t blog_resp = + { (unsigned char *) BLOG_RESP, sizeof(BLOG_RESP) - 1 }; + +static unsigned char blog_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIE8DCCAtigAwIBAgIDALzgMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB\n" + "Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV\n" + "BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTAxMTE2MjI1MjMzWhcNMTIxMTE1\n" + "MjI1MjMzWjAdMRswGQYDVQQDExJibG9nLmpvc2Vmc3Nvbi5vcmcwggEiMA0GCSqG\n" + "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBKA6bm/Kip0i00vU+BOmUF2MBDTwps41c\n" + "xKN5bDn7usWZj8loi6BHRPE2WzCVPnPRD1FJXBc4rXL8zZWrCRe1b4A+l8NjPN2o\n" + "uUgJvYLXYQ2hXkvxlPBQPKNOudaOAVsahpyxk6g6Z3mskOfqPhxvjutHvMC4fOsJ\n" + "1+FstMzvg5SpDd4uYM9m0UK8pbEUSuwW+fxyWqhciSi7kJtdrD6bwx3ub3t9GFkM\n" + "9uTzImIslTq19w8AHQsTICNnmNwfUGF5XMUIuxun0HlFt2KUP5G3Qg9Cd18wZFql\n" + "RQJvLA3nbVFtmN3M3yKXnGSsEn38ZJvC+UxFuSfYJN9UwgoG6gwhAgMBAAGjggEA\n" + "MIH9MAwGA1UdEwEB/wQCMAAwNAYDVR0lBC0wKwYIKwYBBQUHAwIGCCsGAQUFBwMB\n" + "BglghkgBhvhCBAEGCisGAQQBgjcKAwMwCwYDVR0PBAQDAgWgMDMGCCsGAQUFBwEB\n" + "BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuY2FjZXJ0Lm9yZy8wdQYDVR0R\n" + "BG4wbIISYmxvZy5qb3NlZnNzb24ub3JnoCAGCCsGAQUFBwgFoBQMEmJsb2cuam9z\n" + "ZWZzc29uLm9yZ4ISYmxvZy5qb3NlZnNzb24ub3JnoCAGCCsGAQUFBwgFoBQMEmJs\n" + "b2cuam9zZWZzc29uLm9yZzANBgkqhkiG9w0BAQUFAAOCAgEACQX0KziT81G0XJ4C\n" + "SlVumGN0KcVPDjtiUYskMpUvyLF951Q4Uuih0Aa9c0LynyZq8yqr6sW5OTmnRfSU\n" + "DuUK5IH+IPq5PU7qteQSIy+63yjMQ+1wye1zfCWI+MyaS54AOn6uZObsr4grq41i\n" + "sTwnX8OF/z15dQBjDR18WoehsnbuMz3Ld7+w5UcVWRGDzTyZ7JrYisEywQ7TXcoK\n" + "1IlhD1TqwFucH7lIr4mPWNjL7Nw0sw11HN0Syt9H3upcq6lqyEI0ygfNZ9cdxvmX\n" + "WqOBxxLc6G/87G4nGW4jw3WrCX7LqSmChlR3SbEC1UhWpaQMQ+mOU5+vXon7blRV\n" + "zGJ/1wK8mKu3fKw9rm5TQ1xfJuRABbzsD3BrrUaHlREQQ+i6SCPVFGer6oeAaxyv\n" + "so0NCbmBQkcpmUUl0COIR/Lh/YT78PjIEfxaUnUlaZXvCbKPKP2cM8LY7ltEaTgJ\n" + "4W6sZi3QNFySzd4sz7J/YhY/jGjqku7TfpN/GOheW8AzKTBlm3WLps1YXys4TKrB\n" + "0RStfaPfRJI1PeSlrWl6+kQu/5O8WA8NK0JZ/0Jc4d5LNrtUXo4VU9XCthrxLkgL\n" + "3XWgZKFrqJd1UeJJ7OvkRYfI1c5i4oAP5ksuF0SHTpqnXE8K39kUnUx3B+ItJlZP\n" + "VXTFhXRc06QwYqYXuYSAmj7/GJk=\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t blog_cert_data = { blog_cert_pem, + sizeof(blog_cert_pem) +}; + +static unsigned char blog_issuer_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv\n" + "b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ\n" + "Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y\n" + "dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU\n" + "MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0\n" + "Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN\n" + "AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a\n" + "iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1\n" + "aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C\n" + "jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia\n" + "pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0\n" + "FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt\n" + "XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL\n" + "oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6\n" + "R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp\n" + "rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/\n" + "LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA\n" + "BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow\n" + "gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV\n" + "BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG\n" + "A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS\n" + "c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH\n" + "AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr\n" + "BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB\n" + "MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y\n" + "Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj\n" + "ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5\n" + "b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D\n" + "QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc\n" + "7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH\n" + "Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4\n" + "D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3\n" + "VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a\n" + "lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW\n" + "Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt\n" + "hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz\n" + "0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn\n" + "ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT\n" + "d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60\n" + "4GGSt/M3mMS+lqO3ig==\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t blog_issuer_data = { blog_issuer_pem, + sizeof(blog_issuer_pem) +}; + +static unsigned char blog_signer_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIEkTCCAnmgAwIBAgIDANymMA0GCSqGSIb3DQEBBQUAMFQxFDASBgNVBAoTC0NB\n" + "Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV\n" + "BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTEwODIzMDAwODM3WhcNMTMwODIy\n" + "MDAwODM3WjB8MQswCQYDVQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZT\n" + "eWRuZXkxFDASBgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVTZXJ2ZXIgQWRt\n" + "aW5pc3RyYXRpb24xGDAWBgNVBAMTD29jc3AuY2FjZXJ0Lm9yZzCCASIwDQYJKoZI\n" + "hvcNAQEBBQADggEPADCCAQoCggEBAJzG1G/kI8fDcEt1H+T8rvZixGCh1s/5R0A4\n" + "2a8G9bOHCboHyHo74zriwWvbDpt7tJgEQIjI5CA0nV+UrgygBaF0ED8fk23FoM4p\n" + "sCoDbu070Zp69w+ntznXw7TeFWeU8u+w3V/jydjSNA5dRN+/mdheYPQ5JIr9XchG\n" + "jQqxYHpP1ScwYJ4TBvg6qrO7MzRvhIF+XMwSifL+bpOD+ovuqzZMtkCp7vv4FlpV\n" + "0WQNSdoE3tHIyu5fJLF5eLOaiBPdaFE56Wgxr9f4TTVtYFgEQrtVkhj2mAGldDu8\n" + "NtsgaBi4hdSLbTCHTdYzLXpUNh1XQhRcemJ01R4r1b8E8//sA8ECAwEAAaNEMEIw\n" + "DAYDVR0TAQH/BAIwADAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsG\n" + "AQUFBwMJMAkGA1UdEQQCMAAwDQYJKoZIhvcNAQEFBQADggIBAFDdY7cab5FM6H+C\n" + "GicEgQW7pmmsQXti/EsI3GDPslrxtLUnaWsS5AfIFs47QswCkGYOebhsS5AAxWZk\n" + "kisrSA6Ewm2/pd4W470Z9VyToYZ/2Yl4aj+D8Kr46h2kE/cqFUxRnMSwvlhmz0xs\n" + "PTHl+VQhzaEwAWqzGkiFNJO4+RUZSDSNc+cDUK/eUMdiryUiK/boNy7kcalcJup5\n" + "ywQpc2uP3x9cQVLANqrXfY5EVJgGTGOmCwGUXQxc1M/LC3stVsy/l38VJB266reX\n" + "sDKt/OptlDl64yVU/Er1Pb0u1TEHSSTMkmkOebnf2za/BEQV0EaZjNJMlDgOEGQT\n" + "q9kbVAIxViDuaZXfObvpp23DI4YL1jRAN8PUQagucR1uW9fFnyrmAoCuCihpY0uJ\n" + "Lr1PQlj7hpqiGNzGMsFGuijSi85WYwSAUVE5ADsAuV9n+pAe2na1MaW9EdJf2l3V\n" + "9+6rwGJ0YEcyQv2yLgQ6LvLIs0Gjvf6UX+9u15J8HQTwxlOORtwwOjVfGkvqOwCL\n" + "l7W5znFuXNWgC7EzCIlhI8+Xn4+aULXszkCNgpWLeSZm8/Rw2O5Y3XUp1WqRUXoX\n" + "vE/Uo0V7hOe+aVPB4lzIRaA67N+KHsEYhIt6Tk6eOib+XSLUxRS+7gbrBUpmyaSz\n" + "aASwXSVUswXtQfBlaW2lTreX2Nj1\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t blog_signer_data = { blog_signer_pem, + sizeof(blog_signer_pem) +}; + + +static unsigned char long_resp_signer_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIE3zCCA8egAwIBAgIQPZqC0NHDL2/ghF+ZEe5TQjANBgkqhkiG9w0BAQUFADCB\n" + "tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n" + "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm\n" + "VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTQwOTEy\n" + "MDAwMDAwWhcNMTQxMjExMjM1OTU5WjCBhzELMAkGA1UEBhMCVVMxFzAVBgNVBAoT\n" + "DlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3Jr\n" + "MT4wPAYDVQQDEzVWZXJpU2lnbiBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBH\n" + "MyBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" + "ALbm3lapt756SdAuFIelnhbtZvin09w/iS38GoMpR9A326dcSiKwmk7LYnLEkgQI\n" + "mb5g4Nx6+nkQuhZoJiSxvqoPTgwt1nZtQ4v1weitmI1elgOSin+YrrjxPCpiYrFp\n" + "j3qwbMz2K5ktlXl/2FeY5XWYuzz4ZscfxPF1mb1Nd5C7I+rZOE7nj7m9aQPEczgp\n" + "hfZbMBb5kceeuskBkGyv05PwYbSkPTA4bzNA5dKT2ZsXzp+XC92EssV2smRiR/A1\n" + "ai0uLUZeB4bJgICs6PNxPUaLt1Sn2gBgi+iw3039/8aAbx52FJm1yVv3MRDtaVqR\n" + "l1kWCnyG/VLEhP1YcyeAC0cCAwEAAaOCARUwggERMAkGA1UdEwQCMAAwgawGA1Ud\n" + "IASBpDCBoTCBngYLYIZIAYb4RQEHFwMwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8v\n" + "d3d3LnZlcmlzaWduLmNvbS9DUFMwYgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwg\n" + "SW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBpbmNvcnAuIGJ5IHJlZmVyZW5jZSBs\n" + "aWFiLiBsdGQuIChjKTk3IFZlcmlTaWduMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAsG\n" + "A1UdDwQEAwIHgDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYD\n" + "VQQDEwpUR1YtQi0xNzk4MA0GCSqGSIb3DQEBBQUAA4IBAQCM8gJSyR4O8S5m52za\n" + "FSzMfAcai+j5AqoRhYmY/+n/Hs/2bAdPy/6a+ukWGwhWZQRYLNr7SSSBkuSuVk/W\n" + "zZX9VJmxAt1WzFRrXvgFyjSDtnqtg89LJbUOz5hG95d/scgb3ndv5Ey5193H/b8T\n" + "O6GZ933J0O3X6qk4bnMBDUPFXgyn0Xfv0jeYzOa/Tu2IPpcf0ugogbrZscsIZWFy\n" + "jFlwHnFGpd2k1GXaFRPqxk+qtLAxJtjN+DfkmxGNoIAv1hHXpBhDhuzTpnmXVf32\n" + "YfFIyYfRt/x/Z4hztF/MZ41QxJdZIqvCMooi1GAgeG2jkXLx+x6ppfhkN7+zOF8A\n" + "4W5J\n" + "-----END CERTIFICATE-----\n"; +const gnutls_datum_t long_resp_signer_data = { long_resp_signer_pem, + sizeof(long_resp_signer_pem) +}; + +static unsigned char long_resp_str[] = + "\x30\x82\x06\xbe\x0a\x01\x00\xa0\x82\x06\xb7\x30\x82\x06\xb3\x06" + "\x09\x2b\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\xa4\x30\x82" + "\x06\xa0\x30\x81\x9e\xa2\x16\x04\x14\x81\x75\x7a\x7e\x22\xc8\xa4" + "\x4c\xdf\x9f\x2d\x3f\x87\x61\xaf\x57\xe1\xaf\x4f\xd9\x18\x0f\x32" + "\x30\x31\x34\x31\x31\x31\x30\x32\x30\x33\x33\x31\x37\x5a\x30\x73" + "\x30\x71\x30\x49\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04" + "\x14\x0c\x81\x29\x38\x74\xb2\x96\x29\x10\x7e\xd8\x35\x62\x52\x64" + "\x04\x53\x0d\xe0\x83\x04\x14\x0d\x44\x5c\x16\x53\x44\xc1\x82\x7e" + "\x1d\x20\xab\x25\xf4\x01\x63\xd8\xbe\x79\xa5\x02\x10\x4e\xeb\x31" + "\x09\x63\x39\x4e\x8e\xa0\x4e\x70\x9c\xa9\x1d\xcd\xa6\x80\x00\x18" + "\x0f\x32\x30\x31\x34\x31\x31\x31\x30\x32\x30\x33\x33\x31\x37\x5a" + "\xa0\x11\x18\x0f\x32\x30\x31\x34\x31\x31\x31\x37\x32\x30\x33\x33" + "\x31\x37\x5a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05" + "\x05\x00\x03\x82\x01\x01\x00\x67\xf8\x80\x8d\x1b\x17\x3d\xbe\x81" + "\xf4\x3e\x74\x6d\x65\x5d\x9c\xdf\xd7\xdc\x7c\xd5\x23\x75\x24\xaa" + "\x55\x8f\xa5\x99\xf8\x27\xd6\x69\x8e\x5a\x25\x0d\x5e\x1e\x49\xfc" + "\x50\x98\x7b\xe7\x49\xfb\x05\xa5\x04\x46\xb7\x5e\xf6\x20\x46\x18" + "\xd5\xdc\x70\xd8\x99\x2b\x64\x12\xae\x74\x8e\xa1\xdb\x0e\x9f\x11" + "\x47\xdf\x87\x6e\x9d\xb9\x13\xaa\x66\x33\x8c\xf3\x3d\xed\x33\x57" + "\x7d\x4c\x82\x21\xc6\x18\x67\x56\xbe\x46\x78\xa8\xec\xd0\x5b\xc0" + "\x2d\xb6\xee\x5a\xd8\xbf\xc3\xea\x49\xcd\x6d\x01\x97\x6e\x3a\x81" + "\x0f\x06\x16\xb4\x1e\x15\x08\x5c\x46\x35\x44\xa4\x06\x84\x32\xaa" + "\x1b\xb7\xc2\x97\xbf\xfd\xc8\xe2\x6b\x7a\xa2\x40\x3b\x50\x59\xd2" + "\xbe\xa2\x26\x09\xea\xf7\xc1\x9e\x89\x1d\x34\x79\xc3\xba\xa6\xb8" + "\x09\x92\xc8\xee\xa4\xe2\xe2\x32\x43\x48\xc8\xf6\x69\xe5\xde\x33" + "\x75\xe8\x38\x8a\xb0\xda\x19\x38\x75\x39\xab\xd6\x3f\x70\xcc\x4e" + "\x45\x16\x2a\x82\x32\x8e\x48\x92\xa4\x1f\xe9\x46\x85\x18\x78\xa7" + "\x46\xf7\x11\x9e\x37\x95\x1a\xc3\x30\x2d\x90\x6a\xc3\xfd\x95\x81" + "\x6b\xb1\xcb\x12\x26\x9e\xe4\xd3\x2a\xc1\xdf\x82\x57\xf2\x21\xea" + "\x6a\x16\x12\x40\x94\xe1\xc9\xa0\x82\x04\xe7\x30\x82\x04\xe3\x30" + "\x82\x04\xdf\x30\x82\x03\xc7\xa0\x03\x02\x01\x02\x02\x10\x3d\x9a" + "\x82\xd0\xd1\xc3\x2f\x6f\xe0\x84\x5f\x99\x11\xee\x53\x42\x30\x0d" + "\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x30\x81\xb5" + "\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x17\x30" + "\x15\x06\x03\x55\x04\x0a\x13\x0e\x56\x65\x72\x69\x53\x69\x67\x6e" + "\x2c\x20\x49\x6e\x63\x2e\x31\x1f\x30\x1d\x06\x03\x55\x04\x0b\x13" + "\x16\x56\x65\x72\x69\x53\x69\x67\x6e\x20\x54\x72\x75\x73\x74\x20" + "\x4e\x65\x74\x77\x6f\x72\x6b\x31\x3b\x30\x39\x06\x03\x55\x04\x0b" + "\x13\x32\x54\x65\x72\x6d\x73\x20\x6f\x66\x20\x75\x73\x65\x20\x61" + "\x74\x20\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x76\x65" + "\x72\x69\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f\x72\x70\x61\x20\x28" + "\x63\x29\x31\x30\x31\x2f\x30\x2d\x06\x03\x55\x04\x03\x13\x26\x56" + "\x65\x72\x69\x53\x69\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20" + "\x53\x65\x63\x75\x72\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41" + "\x20\x2d\x20\x47\x33\x30\x1e\x17\x0d\x31\x34\x30\x39\x31\x32\x30" + "\x30\x30\x30\x30\x30\x5a\x17\x0d\x31\x34\x31\x32\x31\x31\x32\x33" + "\x35\x39\x35\x39\x5a\x30\x81\x87\x31\x0b\x30\x09\x06\x03\x55\x04" + "\x06\x13\x02\x55\x53\x31\x17\x30\x15\x06\x03\x55\x04\x0a\x13\x0e" + "\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49\x6e\x63\x2e\x31\x1f" + "\x30\x1d\x06\x03\x55\x04\x0b\x13\x16\x56\x65\x72\x69\x53\x69\x67" + "\x6e\x20\x54\x72\x75\x73\x74\x20\x4e\x65\x74\x77\x6f\x72\x6b\x31" + "\x3e\x30\x3c\x06\x03\x55\x04\x03\x13\x35\x56\x65\x72\x69\x53\x69" + "\x67\x6e\x20\x43\x6c\x61\x73\x73\x20\x33\x20\x53\x65\x63\x75\x72" + "\x65\x20\x53\x65\x72\x76\x65\x72\x20\x43\x41\x20\x2d\x20\x47\x33" + "\x20\x4f\x43\x53\x50\x20\x52\x65\x73\x70\x6f\x6e\x64\x65\x72\x30" + "\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01" + "\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00" + "\xb6\xe6\xde\x56\xa9\xb7\xbe\x7a\x49\xd0\x2e\x14\x87\xa5\x9e\x16" + "\xed\x66\xf8\xa7\xd3\xdc\x3f\x89\x2d\xfc\x1a\x83\x29\x47\xd0\x37" + "\xdb\xa7\x5c\x4a\x22\xb0\x9a\x4e\xcb\x62\x72\xc4\x92\x04\x08\x99" + "\xbe\x60\xe0\xdc\x7a\xfa\x79\x10\xba\x16\x68\x26\x24\xb1\xbe\xaa" + "\x0f\x4e\x0c\x2d\xd6\x76\x6d\x43\x8b\xf5\xc1\xe8\xad\x98\x8d\x5e" + "\x96\x03\x92\x8a\x7f\x98\xae\xb8\xf1\x3c\x2a\x62\x62\xb1\x69\x8f" + "\x7a\xb0\x6c\xcc\xf6\x2b\x99\x2d\x95\x79\x7f\xd8\x57\x98\xe5\x75" + "\x98\xbb\x3c\xf8\x66\xc7\x1f\xc4\xf1\x75\x99\xbd\x4d\x77\x90\xbb" + "\x23\xea\xd9\x38\x4e\xe7\x8f\xb9\xbd\x69\x03\xc4\x73\x38\x29\x85" + "\xf6\x5b\x30\x16\xf9\x91\xc7\x9e\xba\xc9\x01\x90\x6c\xaf\xd3\x93" + "\xf0\x61\xb4\xa4\x3d\x30\x38\x6f\x33\x40\xe5\xd2\x93\xd9\x9b\x17" + "\xce\x9f\x97\x0b\xdd\x84\xb2\xc5\x76\xb2\x64\x62\x47\xf0\x35\x6a" + "\x2d\x2e\x2d\x46\x5e\x07\x86\xc9\x80\x80\xac\xe8\xf3\x71\x3d\x46" + "\x8b\xb7\x54\xa7\xda\x00\x60\x8b\xe8\xb0\xdf\x4d\xfd\xff\xc6\x80" + "\x6f\x1e\x76\x14\x99\xb5\xc9\x5b\xf7\x31\x10\xed\x69\x5a\x91\x97" + "\x59\x16\x0a\x7c\x86\xfd\x52\xc4\x84\xfd\x58\x73\x27\x80\x0b\x47" + "\x02\x03\x01\x00\x01\xa3\x82\x01\x15\x30\x82\x01\x11\x30\x09\x06" + "\x03\x55\x1d\x13\x04\x02\x30\x00\x30\x81\xac\x06\x03\x55\x1d\x20" + "\x04\x81\xa4\x30\x81\xa1\x30\x81\x9e\x06\x0b\x60\x86\x48\x01\x86" + "\xf8\x45\x01\x07\x17\x03\x30\x81\x8e\x30\x28\x06\x08\x2b\x06\x01" + "\x05\x05\x07\x02\x01\x16\x1c\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77" + "\x77\x77\x2e\x76\x65\x72\x69\x73\x69\x67\x6e\x2e\x63\x6f\x6d\x2f" + "\x43\x50\x53\x30\x62\x06\x08\x2b\x06\x01\x05\x05\x07\x02\x02\x30" + "\x56\x30\x15\x16\x0e\x56\x65\x72\x69\x53\x69\x67\x6e\x2c\x20\x49" + "\x6e\x63\x2e\x30\x03\x02\x01\x01\x1a\x3d\x56\x65\x72\x69\x53\x69" + "\x67\x6e\x27\x73\x20\x43\x50\x53\x20\x69\x6e\x63\x6f\x72\x70\x2e" + "\x20\x62\x79\x20\x72\x65\x66\x65\x72\x65\x6e\x63\x65\x20\x6c\x69" + "\x61\x62\x2e\x20\x6c\x74\x64\x2e\x20\x28\x63\x29\x39\x37\x20\x56" + "\x65\x72\x69\x53\x69\x67\x6e\x30\x13\x06\x03\x55\x1d\x25\x04\x0c" + "\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x09\x30\x0b\x06\x03" + "\x55\x1d\x0f\x04\x04\x03\x02\x07\x80\x30\x0f\x06\x09\x2b\x06\x01" + "\x05\x05\x07\x30\x01\x05\x04\x02\x05\x00\x30\x22\x06\x03\x55\x1d" + "\x11\x04\x1b\x30\x19\xa4\x17\x30\x15\x31\x13\x30\x11\x06\x03\x55" + "\x04\x03\x13\x0a\x54\x47\x56\x2d\x42\x2d\x31\x37\x39\x38\x30\x0d" + "\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01" + "\x01\x00\x8c\xf2\x02\x52\xc9\x1e\x0e\xf1\x2e\x66\xe7\x6c\xda\x15" + "\x2c\xcc\x7c\x07\x1a\x8b\xe8\xf9\x02\xaa\x11\x85\x89\x98\xff\xe9" + "\xff\x1e\xcf\xf6\x6c\x07\x4f\xcb\xfe\x9a\xfa\xe9\x16\x1b\x08\x56" + "\x65\x04\x58\x2c\xda\xfb\x49\x24\x81\x92\xe4\xae\x56\x4f\xd6\xcd" + "\x95\xfd\x54\x99\xb1\x02\xdd\x56\xcc\x54\x6b\x5e\xf8\x05\xca\x34" + "\x83\xb6\x7a\xad\x83\xcf\x4b\x25\xb5\x0e\xcf\x98\x46\xf7\x97\x7f" + "\xb1\xc8\x1b\xde\x77\x6f\xe4\x4c\xb9\xd7\xdd\xc7\xfd\xbf\x13\x3b" + "\xa1\x99\xf7\x7d\xc9\xd0\xed\xd7\xea\xa9\x38\x6e\x73\x01\x0d\x43" + "\xc5\x5e\x0c\xa7\xd1\x77\xef\xd2\x37\x98\xcc\xe6\xbf\x4e\xed\x88" + "\x3e\x97\x1f\xd2\xe8\x28\x81\xba\xd9\xb1\xcb\x08\x65\x61\x72\x8c" + "\x59\x70\x1e\x71\x46\xa5\xdd\xa4\xd4\x65\xda\x15\x13\xea\xc6\x4f" + "\xaa\xb4\xb0\x31\x26\xd8\xcd\xf8\x37\xe4\x9b\x11\x8d\xa0\x80\x2f" + "\xd6\x11\xd7\xa4\x18\x43\x86\xec\xd3\xa6\x79\x97\x55\xfd\xf6\x61" + "\xf1\x48\xc9\x87\xd1\xb7\xfc\x7f\x67\x88\x73\xb4\x5f\xcc\x67\x8d" + "\x50\xc4\x97\x59\x22\xab\xc2\x32\x8a\x22\xd4\x60\x20\x78\x6d\xa3" + "\x91\x72\xf1\xfb\x1e\xa9\xa5\xf8\x64\x37\xbf\xb3\x38\x5f\x00\xe1" + "\x6e\x49"; + +gnutls_datum_t long_resp = {long_resp_str, sizeof(long_resp_str)-1 }; + +static void ocsp_invalid_calls(void) +{ + gnutls_ocsp_req_t req; + gnutls_ocsp_resp_t resp; + gnutls_datum_t dat; + char c = 42; + void *p = &c; + int rc; + + rc = gnutls_ocsp_req_init(&req); + if (rc != GNUTLS_E_SUCCESS) { + fail("gnutls_ocsp_req_init alloc\n"); + exit(1); + } + rc = gnutls_ocsp_resp_init(&resp); + if (rc != GNUTLS_E_SUCCESS) { + fail("gnutls_ocsp_resp_init alloc\n"); + exit(1); + } + + gnutls_ocsp_req_deinit(NULL); + gnutls_ocsp_resp_deinit(NULL); + + rc = gnutls_ocsp_req_import(NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_import NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_import(NULL, p); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_import NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_import(req, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_import NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_resp_import(NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_resp_import NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_resp_import(NULL, p); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_resp_import NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_resp_import(resp, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_resp_import NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_export(NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_export NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_export(NULL, p); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_export NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_export(req, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_export NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_resp_export(NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_resp_export NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_resp_export(NULL, p); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_resp_export NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_resp_export(resp, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_resp_export NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_get_version(NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_get_version NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_get_cert_id(NULL, 0, NULL, NULL, NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_get_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_get_cert_id(req, 0, NULL, NULL, NULL, NULL); + if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fail("gnutls_ocsp_req_get_cert_id empty\n"); + exit(1); + } + + rc = gnutls_ocsp_req_add_cert_id(NULL, 0, NULL, NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_add_cert_id(req, 0, NULL, NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, NULL, NULL, + NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, p, NULL, + NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, NULL, p, + NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, NULL, NULL, + p); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, p, p, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, p, NULL, p); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, NULL, p, p); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_add_cert(NULL, 0, NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_add_cert(req, 0, NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + + rc = gnutls_ocsp_req_add_cert(req, 0, p, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_add_cert(req, 0, NULL, p); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_add_cert_id NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_get_extension(NULL, 0, NULL, NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_get_extension NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_get_extension(req, 0, NULL, NULL, NULL); + if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fail("gnutls_ocsp_req_get_extension NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_get_extension(req, 0, p, p, p); + if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fail("gnutls_ocsp_req_get_extension NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_set_extension(NULL, NULL, 0, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_set_extension NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_set_extension(req, NULL, 0, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_set_extension NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_set_extension(req, p, 0, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_set_extension NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_set_extension(req, NULL, 0, p); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_set_extension NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_get_nonce(NULL, NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_get_nonce NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_get_nonce(NULL, NULL, p); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_get_nonce NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_set_nonce(NULL, 0, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_set_nonce NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_set_nonce(req, 0, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_set_nonce NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_req_randomize_nonce(NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_req_randomize_nonce NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_resp_get_status(NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_resp_get_status NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_resp_get_status(resp); + if (rc != GNUTLS_E_ASN1_VALUE_NOT_FOUND) { + fail("gnutls_ocsp_resp_get_status %d\n", rc); + exit(1); + } + + rc = gnutls_ocsp_resp_get_response(NULL, NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_resp_get_response NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_resp_get_response(NULL, p, p); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_resp_get_response NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_resp_get_response(resp, NULL, NULL); + if (rc != GNUTLS_E_SUCCESS) { + fail("gnutls_ocsp_resp_get_response %d\n", rc); + exit(1); + } + + rc = gnutls_ocsp_resp_get_version(NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_resp_get_version NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_resp_get_version(resp); + if (rc != 1) { + fail("gnutls_ocsp_resp_get_version ret %d\n", rc); + exit(1); + } + + rc = gnutls_ocsp_resp_get_responder(NULL, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_resp_get_responder NULL\n"); + exit(1); + } + + rc = gnutls_ocsp_resp_get_responder(resp, NULL); + if (rc != GNUTLS_E_INVALID_REQUEST) { + fail("gnutls_ocsp_resp_get_responder 2nd %d\n", rc); + exit(1); + } + + rc = gnutls_ocsp_resp_get_responder(resp, &dat); + if (rc != 0 && dat.data != NULL) { + fail("gnutls_ocsp_resp_get_responder %d\n", rc); + exit(1); + } + + rc = gnutls_ocsp_resp_get_responder_raw_id(resp, GNUTLS_OCSP_RESP_ID_KEY, &dat); + if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fail("gnutls_ocsp_resp_get_responder_raw_id %s\n", gnutls_strerror(rc)); + exit(1); + } + + gnutls_free(dat.data); + + gnutls_ocsp_req_deinit(req); + gnutls_ocsp_resp_deinit(resp); +} + +/* import a request, query some fields and print and export it */ +static void req_parse(void) +{ + gnutls_ocsp_req_t req; + int ret; + gnutls_datum_t d; + + /* init request */ + + ret = gnutls_ocsp_req_init(&req); + if (ret != 0) { + fail("gnutls_ocsp_req_init\n"); + exit(1); + } + + /* import ocsp request */ + + ret = gnutls_ocsp_req_import(req, &req1); + if (ret != 0) { + fail("gnutls_ocsp_req_import %d\n", ret); + exit(1); + } + + /* simple version query */ + + ret = gnutls_ocsp_req_get_version(req); + if (ret != 1) { + fail("gnutls_ocsp_req_get_version %d\n", ret); + exit(1); + } + + /* check nonce */ + { + gnutls_datum_t expect = + { (unsigned char *) REQ1NONCE + 2, + sizeof(REQ1NONCE) - 3 }; + gnutls_datum_t got; + unsigned int critical; + + ret = gnutls_ocsp_req_get_nonce(req, &critical, &got); + if (ret != 0) { + fail("gnutls_ocsp_req_get_nonce %d\n", ret); + exit(1); + } + + if (critical != 0) { + fail("unexpected critical %d\n", critical); + exit(1); + } + + if (expect.size != got.size || + memcmp(expect.data, got.data, got.size) != 0) { + fail("ocsp request nonce memcmp failed\n"); + exit(1); + } + + gnutls_free(got.data); + } + + /* print request */ + + ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &d); + if (ret != 0) { + fail("gnutls_ocsp_req_print\n"); + exit(1); + } + + if (strlen(REQ1INFO) != d.size || + memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) { + printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n", + strlen(REQ1INFO), REQ1INFO, (int) d.size, + (int) d.size, d.data); + fail("ocsp request print failed\n"); + exit(1); + } + gnutls_free(d.data); + + /* test export */ + ret = gnutls_ocsp_req_export(req, &d); + if (ret != 0) { + fail("gnutls_ocsp_req_export %d\n", ret); + exit(1); + } + + /* compare against earlier imported bytes */ + + if (req1.size != d.size || memcmp(req1.data, d.data, d.size) != 0) { + fail("ocsp request export memcmp failed\n"); + exit(1); + } + gnutls_free(d.data); + + /* test setting nonce */ + { + gnutls_datum_t n1 = { (unsigned char *) "foo", 3 }; + gnutls_datum_t n2 = { (unsigned char *) "foobar", 6 }; + gnutls_datum_t got; + unsigned critical; + + ret = gnutls_ocsp_req_set_nonce(req, 0, &n1); + if (ret != 0) { + fail("gnutls_ocsp_req_set_nonce %d\n", ret); + exit(1); + } + + ret = gnutls_ocsp_req_get_nonce(req, &critical, &got); + if (ret != 0) { + fail("gnutls_ocsp_req_get_nonce %d\n", ret); + exit(1); + } + + if (critical != 0) { + fail("unexpected critical %d\n", critical); + exit(1); + } + + if (n1.size != got.size || + memcmp(n1.data, got.data, got.size) != 0) { + fail("ocsp request parse nonce memcmp failed\n"); + exit(1); + } + + gnutls_free(got.data); + + /* set another time */ + + ret = gnutls_ocsp_req_set_nonce(req, 1, &n2); + if (ret != 0) { + fail("gnutls_ocsp_req_set_nonce %d\n", ret); + exit(1); + } + + ret = gnutls_ocsp_req_get_nonce(req, &critical, &got); + if (ret != 0) { + fail("gnutls_ocsp_req_get_nonce %d\n", ret); + exit(1); + } + + if (critical != 1) { + fail("unexpected critical %d\n", critical); + exit(1); + } + + if (n2.size != got.size || + memcmp(n2.data, got.data, got.size) != 0) { + fail("ocsp request parse2 nonce memcmp failed\n"); + exit(1); + } + + gnutls_free(got.data); + + /* randomize nonce */ + + ret = gnutls_ocsp_req_randomize_nonce(req); + if (ret != 0) { + fail("gnutls_ocsp_req_randomize_nonce %d\n", ret); + exit(1); + } + + ret = gnutls_ocsp_req_get_nonce(req, &critical, &n1); + if (ret != 0) { + fail("gnutls_ocsp_req_get_nonce %d\n", ret); + exit(1); + } + + if (critical != 0) { + fail("unexpected random critical %d\n", critical); + exit(1); + } + + ret = gnutls_ocsp_req_randomize_nonce(req); + if (ret != 0) { + fail("gnutls_ocsp_req_randomize_nonce %d\n", ret); + exit(1); + } + + ret = gnutls_ocsp_req_get_nonce(req, &critical, &n2); + if (ret != 0) { + fail("gnutls_ocsp_req_get_nonce %d\n", ret); + exit(1); + } + + if (critical != 0) { + fail("unexpected random critical %d\n", critical); + exit(1); + } + + if (n2.size == got.size + && memcmp(n1.data, n2.data, n1.size) == 0) { + fail("ocsp request random nonce memcmp failed\n"); + exit(1); + } + + gnutls_free(n1.data); + gnutls_free(n2.data); + } + + /* cleanup */ + + gnutls_ocsp_req_deinit(req); +} + +/* check that creating a request (using low-level add_cert_id) ends up + with same DER as above. */ +static void req_addcert_id(void) +{ + gnutls_ocsp_req_t req; + int ret; + gnutls_datum_t d; + + /* init request */ + + ret = gnutls_ocsp_req_init(&req); + if (ret != 0) { + fail("gnutls_ocsp_req_init\n"); + exit(1); + } + + /* add ocsp request nonce */ + + { + gnutls_datum_t nonce = + { (unsigned char *) REQ1NONCE, sizeof(REQ1NONCE) - 1 }; + + ret = + gnutls_ocsp_req_set_extension(req, + "1.3.6.1.5.5.7.48.1.2", + 0, &nonce); + if (ret != 0) { + fail("gnutls_ocsp_req_set_extension %d\n", ret); + exit(1); + } + } + + /* add cert_id */ + { + gnutls_datum_t issuer_name_hash = + { (unsigned char *) REQ1INH, sizeof(REQ1INH) - 1 }; + gnutls_datum_t issuer_key_hash = + { (unsigned char *) REQ1IKH, sizeof(REQ1IKH) - 1 }; + gnutls_datum_t serial_number = + { (unsigned char *) REQ1SN, sizeof(REQ1SN) - 1 }; + + ret = gnutls_ocsp_req_add_cert_id(req, GNUTLS_DIG_SHA1, + &issuer_name_hash, + &issuer_key_hash, + &serial_number); + if (ret != 0) { + fail("gnutls_ocsp_add_cert_id %d\n", ret); + exit(1); + } + } + + /* print request */ + + ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &d); + if (ret != 0) { + fail("gnutls_ocsp_req_print\n"); + exit(1); + } + + if (strlen(REQ1INFO) != d.size || + memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) { + printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n", + strlen(REQ1INFO), REQ1INFO, (int) d.size, + (int) d.size, d.data); + fail("ocsp request print failed\n"); + exit(1); + } + gnutls_free(d.data); + + /* test export */ + ret = gnutls_ocsp_req_export(req, &d); + if (ret != 0) { + fail("gnutls_ocsp_req_export %d\n", ret); + exit(1); + } + + /* compare against earlier imported bytes */ + + if (req1.size != d.size || memcmp(req1.data, d.data, d.size) != 0) { + fail("ocsp request export memcmp failed\n"); + exit(1); + } + gnutls_free(d.data); + + /* cleanup */ + + gnutls_ocsp_req_deinit(req); +} + +/* check that creating a request (using high-level add_cert) ends up + with same DER as above. */ +static void req_addcert(void) +{ + gnutls_ocsp_req_t req; + int ret; + gnutls_datum_t d; + + /* init request */ + + ret = gnutls_ocsp_req_init(&req); + if (ret != 0) { + fail("gnutls_ocsp_req_init\n"); + exit(1); + } + + /* add ocsp request nonce */ + + { + gnutls_datum_t nonce = + { (unsigned char *) REQ1NONCE, sizeof(REQ1NONCE) - 1 }; + + ret = + gnutls_ocsp_req_set_extension(req, + "1.3.6.1.5.5.7.48.1.2", + 0, &nonce); + if (ret != 0) { + fail("gnutls_ocsp_req_set_extension %d\n", ret); + exit(1); + } + } + + /* add cert_id */ + { + gnutls_x509_crt_t issuer = NULL, subject = NULL; + + ret = gnutls_x509_crt_init(&issuer); + if (ret < 0) { + fail("gnutls_x509_crt_init (issuer) %d\n", ret); + exit(1); + } + + ret = gnutls_x509_crt_init(&subject); + if (ret < 0) { + fail("gnutls_x509_crt_init (subject) %d\n", ret); + exit(1); + } + + ret = + gnutls_x509_crt_import(issuer, &issuer_data, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import (issuer) %d\n", ret); + exit(1); + } + + ret = + gnutls_x509_crt_import(subject, &subject_data, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import (subject) %d\n", ret); + exit(1); + } + + ret = gnutls_ocsp_req_add_cert(req, GNUTLS_DIG_SHA1, + issuer, subject); + if (ret != 0) { + fail("gnutls_ocsp_add_cert %d\n", ret); + exit(1); + } + + gnutls_x509_crt_deinit(subject); + gnutls_x509_crt_deinit(issuer); + } + + /* print request */ + + ret = gnutls_ocsp_req_print(req, GNUTLS_OCSP_PRINT_FULL, &d); + if (ret != 0) { + fail("gnutls_ocsp_req_print\n"); + exit(1); + } + + if (strlen(REQ1INFO) != d.size || + memcmp(REQ1INFO, d.data, strlen(REQ1INFO)) != 0) { + printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n", + strlen(REQ1INFO), REQ1INFO, (int) d.size, + (int) d.size, d.data); + fail("ocsp request print failed\n"); + exit(1); + } + gnutls_free(d.data); + + /* test export */ + ret = gnutls_ocsp_req_export(req, &d); + if (ret != 0) { + fail("gnutls_ocsp_req_export %d\n", ret); + exit(1); + } + + /* compare against earlier imported bytes */ + + if (req1.size != d.size || memcmp(req1.data, d.data, d.size) != 0) { + fail("ocsp request export memcmp failed\n"); + exit(1); + } + gnutls_free(d.data); + + /* cleanup */ + + gnutls_ocsp_req_deinit(req); +} + +static void check_ocsp_resp(gnutls_ocsp_resp_t resp) +{ + int ret; + gnutls_digest_algorithm_t digest; + gnutls_datum_t issuer_name_hash; + gnutls_datum_t issuer_key_hash; + gnutls_datum_t serial_number; + unsigned cert_status; + time_t this_update; + time_t next_update; + time_t revocation_time; + unsigned revocation_reason; + + /* functionality check of gnutls_ocsp_resp_get_single(), the data + * sanity check is done with the gnutls_ocsp_resp_print() checks. */ + ret = gnutls_ocsp_resp_get_single(resp, 0, &digest, &issuer_name_hash, + &issuer_key_hash, &serial_number, &cert_status, &this_update, + &next_update, &revocation_time, &revocation_reason); + if (ret < 0) { + fail("error in gnutls_ocsp_resp_get_single: %s\n", gnutls_strerror(ret)); + } + + gnutls_free(issuer_key_hash.data); + gnutls_free(issuer_name_hash.data); + gnutls_free(serial_number.data); + + /* test if everything works with null params */ + ret = gnutls_ocsp_resp_get_single(resp, 0, &digest, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL); + if (ret < 0) { + fail("error in gnutls_ocsp_resp_get_single: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, &revocation_reason); + if (ret < 0) { + fail("error in gnutls_ocsp_resp_get_single: %s\n", gnutls_strerror(ret)); + } + + return; +} + +static void resp_import(void) +{ + gnutls_ocsp_resp_t resp; + int ret; + gnutls_datum_t d; + + /* init response */ + + ret = gnutls_ocsp_resp_init(&resp); + if (ret != 0) { + fail("gnutls_ocsp_resp_init\n"); + exit(1); + } + + /* import ocsp response */ + + ret = gnutls_ocsp_resp_import(resp, &resp1); + if (ret != 0) { + fail("gnutls_ocsp_resp_import[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + /* print response */ + + ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &d); + if (ret != 0) { + fail("gnutls_ocsp_resp_print\n"); + exit(1); + } + + if (strlen(RESP1INFO) != d.size || + memcmp(RESP1INFO, d.data, strlen(RESP1INFO)) != 0) { + printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n", + strlen(RESP1INFO), RESP1INFO, (int) d.size, + (int) d.size, d.data); + fail("ocsp response print failed\n"); + exit(1); + } + gnutls_free(d.data); + + /* import ocsp response */ + + ret = gnutls_ocsp_resp_import(resp, &resp2); + if (ret != 0) { + fail("gnutls_ocsp_resp_import[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + check_ocsp_resp(resp); + + /* print response */ + ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &d); + if (ret != 0) { + fail("gnutls_ocsp_resp_print\n"); + exit(1); + } + + if (memcmp(RESP2INFO, d.data, strlen(RESP2INFO)) != 0) { + printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n", + strlen(RESP2INFO), RESP2INFO, (int) d.size, + (int) d.size, d.data); + fail("ocsp response print failed\n"); + exit(1); + } + gnutls_free(d.data); + + /* cleanup */ + + gnutls_ocsp_resp_deinit(resp); + + /* import ocsp response 3*/ + + ret = gnutls_ocsp_resp_init(&resp); + if (ret != 0) { + fail("gnutls_ocsp_resp_init\n"); + exit(1); + } + + ret = gnutls_ocsp_resp_import(resp, &resp3); + if (ret != 0) { + fail("gnutls_ocsp_resp_import[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + /* print response */ + + ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &d); + if (ret != 0) { + fail("gnutls_ocsp_resp_print 3\n"); + exit(1); + } + + if (memcmp(RESP3INFO, d.data, strlen(RESP3INFO)) != 0) { + printf("expected (len %ld):\n%s\ngot (len %d):\n%.*s\n", + strlen(RESP3INFO), RESP3INFO, (int) d.size, + (int) d.size, d.data); + fail("ocsp response 3 print failed\n"); + exit(1); + } + gnutls_free(d.data); + + /* cleanup */ + + gnutls_ocsp_resp_deinit(resp); +} + +static void resp_verify(void) +{ + gnutls_ocsp_resp_t resp; + int ret; + gnutls_x509_crt_t cert = NULL, issuer = NULL, signer = NULL; + gnutls_x509_trust_list_t list; + unsigned verify; + + /* init response */ + + ret = gnutls_ocsp_resp_init(&resp); + if (ret != 0) { + fail("gnutls_ocsp_resp_init\n"); + exit(1); + } + + /* import ocsp response */ + + ret = gnutls_ocsp_resp_import(resp, &blog_resp); + if (ret != 0) { + fail("gnutls_ocsp_resp_import %d\n", ret); + exit(1); + } + + ret = gnutls_x509_crt_init(&cert); + if (ret < 0) { + fail("gnutls_x509_crt_init (cert) %d\n", ret); + exit(1); + } + + ret = gnutls_x509_crt_init(&issuer); + if (ret < 0) { + fail("gnutls_x509_crt_init (issuer) %d\n", ret); + exit(1); + } + + ret = gnutls_x509_crt_init(&signer); + if (ret < 0) { + fail("gnutls_x509_crt_init (signer) %d\n", ret); + exit(1); + } + + ret = + gnutls_x509_crt_import(cert, &blog_cert_data, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import (cert) %d\n", ret); + exit(1); + } + + ret = + gnutls_x509_crt_import(issuer, &blog_issuer_data, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import (issuer) %d\n", ret); + exit(1); + } + + ret = + gnutls_x509_crt_import(signer, &blog_signer_data, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import (signer) %d\n", ret); + exit(1); + } + + /* check direct verify with signer (should succeed) */ + + ret = gnutls_ocsp_resp_verify_direct(resp, signer, &verify, 0); + if (ret < 0) { + fail("gnutls_ocsp_resp_verify_direct (signer) %d\n", ret); + exit(1); + } + + if (verify != 0) { + fail("gnutls_ocsp_resp_verify_direct %d\n", verify); + exit(1); + } + + /* check direct verify with cert (should fail) */ + + ret = gnutls_ocsp_resp_verify_direct(resp, cert, &verify, GNUTLS_VERIFY_ALLOW_BROKEN); + if (ret < 0) { + fail("gnutls_ocsp_resp_verify_direct (cert) %d\n", ret); + exit(1); + } + + if (verify != GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER) { + fail("gnutls_ocsp_resp_verify_direct3 %d\n", verify); + exit(1); + } + + /* check trust verify with issuer (should succeed) */ + + ret = gnutls_x509_trust_list_init(&list, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_init %d\n", ret); + exit(1); + } + + ret = gnutls_x509_trust_list_add_cas(list, &issuer, 1, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_add_cas %d\n", ret); + exit(1); + } + + ret = gnutls_ocsp_resp_verify(resp, list, &verify, GNUTLS_VERIFY_ALLOW_BROKEN); + if (ret < 0) { + fail("gnutls_ocsp_resp_verify (issuer) %d\n", ret); + exit(1); + } + + if (verify != 0) { + fail("gnutls_ocsp_resp_verify %d\n", verify); + exit(1); + } + + gnutls_x509_trust_list_deinit(list, 0); + + /* check trust verify with signer (should succeed) */ + + ret = gnutls_x509_trust_list_init(&list, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_init %d\n", ret); + exit(1); + } + + ret = gnutls_x509_trust_list_add_cas(list, &signer, 1, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_add_cas %d\n", ret); + exit(1); + } + + ret = gnutls_ocsp_resp_verify(resp, list, &verify, 0); + if (ret < 0) { + fail("gnutls_ocsp_resp_verify (issuer) %d\n", ret); + exit(1); + } + + if (verify != 0) { + fail("gnutls_ocsp_resp_verify %d\n", verify); + exit(1); + } + + gnutls_x509_trust_list_deinit(list, 0); + + /* check trust verify with cert (should fail) */ + + ret = gnutls_x509_trust_list_init(&list, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_init %d\n", ret); + exit(1); + } + + ret = gnutls_x509_trust_list_add_cas(list, &cert, 1, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_add_cas %d\n", ret); + exit(1); + } + + ret = gnutls_ocsp_resp_verify(resp, list, &verify, GNUTLS_VERIFY_ALLOW_BROKEN); + if (ret < 0) { + fail("gnutls_ocsp_resp_verify (issuer) %d\n", ret); + exit(1); + } + + if (verify != GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER) { + fail("gnutls_ocsp_resp_verify %d\n", verify); + exit(1); + } + + gnutls_x509_trust_list_deinit(list, 0); + + /* check trust verify with all certs (should succeed) */ + + ret = gnutls_x509_trust_list_init(&list, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_init %d\n", ret); + exit(1); + } + + ret = gnutls_x509_trust_list_add_cas(list, &cert, 1, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_add_cas %d\n", ret); + exit(1); + } + + ret = gnutls_x509_trust_list_add_cas(list, &issuer, 1, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_add_cas %d\n", ret); + exit(1); + } + + ret = gnutls_x509_trust_list_add_cas(list, &signer, 1, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_add_cas %d\n", ret); + exit(1); + } + + ret = gnutls_ocsp_resp_verify(resp, list, &verify, 0); + if (ret < 0) { + fail("gnutls_ocsp_resp_verify (issuer) %d\n", ret); + exit(1); + } + + if (verify != 0) { + fail("gnutls_ocsp_resp_verify %d\n", verify); + exit(1); + } + + gnutls_x509_trust_list_deinit(list, 0); + + /* cleanup */ + + gnutls_ocsp_resp_deinit(resp); + gnutls_x509_crt_deinit(cert); + gnutls_x509_crt_deinit(issuer); + gnutls_x509_crt_deinit(signer); +} + +static void long_resp_check(void) +{ + gnutls_ocsp_resp_t resp; + int ret; + gnutls_x509_crt_t signer = NULL; + unsigned verify; + + /* init response */ + + ret = gnutls_ocsp_resp_init(&resp); + if (ret != 0) { + fail("gnutls_ocsp_resp_init\n"); + exit(1); + } + + /* import ocsp response */ + + ret = gnutls_ocsp_resp_import(resp, &long_resp); + if (ret != 0) { + fail("gnutls_ocsp_resp_import[%d]: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_init(&signer); + if (ret < 0) { + fail("gnutls_x509_crt_init (signer) %d\n", ret); + exit(1); + } + + ret = + gnutls_x509_crt_import(signer, &long_resp_signer_data, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import (cert) %d\n", ret); + exit(1); + } + + /* check direct verify with signer (should succeed) */ + + ret = gnutls_ocsp_resp_verify_direct(resp, signer, &verify, 0); + if (ret < 0) { + fail("gnutls_ocsp_resp_verify_direct (signer) %d\n", ret); + exit(1); + } + + if (verify != 0) { + fail("gnutls_ocsp_resp_verify_direct %d\n", verify); + exit(1); + } + + gnutls_x509_crt_deinit(signer); + gnutls_ocsp_resp_deinit(resp); +} + +void doit(void) +{ + int ret; + + ret = global_init(); + if (ret < 0) { + fail("global_init\n"); + exit(1); + } + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(99); + + ocsp_invalid_calls(); + req_parse(); + resp_import(); + req_addcert_id(); + req_addcert(); + resp_verify(); + + _then = 1415974540; + long_resp_check(); + + /* we're done */ + + gnutls_global_deinit(); +} diff --git a/tests/oids.c b/tests/oids.c new file mode 100644 index 0000000..ed65b05 --- /dev/null +++ b/tests/oids.c @@ -0,0 +1,111 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +#define SELF_TEST_SIG(x) \ + ret = gnutls_oid_to_sign(gnutls_sign_get_oid(x)); \ + if (ret != x) { \ + fail("error testing %s\n", gnutls_sign_get_name(x)); \ + } + +#define SELF_TEST_PK(x) \ + ret = gnutls_oid_to_pk(gnutls_pk_get_oid(x)); \ + if (ret != x) { \ + fail("error testing %s\n", gnutls_pk_get_name(x)); \ + } + +#define SELF_TEST_DIG(x) \ + ret = gnutls_oid_to_digest(gnutls_digest_get_oid(x)); \ + if (ret != x) { \ + fail("error testing %s\n", gnutls_digest_get_name(x)); \ + } + +void doit(void) +{ + int ret; + + SELF_TEST_SIG(GNUTLS_SIGN_RSA_SHA1); + SELF_TEST_SIG(GNUTLS_SIGN_RSA_SHA256); + + /* RSA-PSS uses a single OID which is independent + * of the signature parameters, such as the digest. + * As such we cannot test all variants. + */ + SELF_TEST_SIG(GNUTLS_SIGN_RSA_PSS_SHA256); + + SELF_TEST_SIG(GNUTLS_SIGN_ECDSA_SHA1); + SELF_TEST_SIG(GNUTLS_SIGN_ECDSA_SHA256); + SELF_TEST_SIG(GNUTLS_SIGN_ECDSA_SHA512); + + SELF_TEST_SIG(GNUTLS_SIGN_EDDSA_ED25519); + + if (!gnutls_fips140_mode_enabled()) { +#ifdef ENABLE_GOST + SELF_TEST_SIG(GNUTLS_SIGN_GOST_94); + SELF_TEST_SIG(GNUTLS_SIGN_GOST_256); + SELF_TEST_SIG(GNUTLS_SIGN_GOST_512); +#endif + } + + SELF_TEST_PK(GNUTLS_PK_RSA); + SELF_TEST_PK(GNUTLS_PK_DSA); + SELF_TEST_PK(GNUTLS_PK_EC); + SELF_TEST_PK(GNUTLS_PK_RSA_PSS); + SELF_TEST_PK(GNUTLS_PK_EDDSA_ED25519); + + if (!gnutls_fips140_mode_enabled()) { +#ifdef ENABLE_GOST + SELF_TEST_PK(GNUTLS_PK_GOST_01); + SELF_TEST_PK(GNUTLS_PK_GOST_12_256); + SELF_TEST_PK(GNUTLS_PK_GOST_12_512); +#endif + } + + SELF_TEST_DIG(GNUTLS_DIG_MD5); + SELF_TEST_DIG(GNUTLS_DIG_SHA1); + SELF_TEST_DIG(GNUTLS_DIG_SHA256); + SELF_TEST_DIG(GNUTLS_DIG_SHA512); + SELF_TEST_DIG(GNUTLS_DIG_SHA3_224); + SELF_TEST_DIG(GNUTLS_DIG_SHA3_256); + SELF_TEST_DIG(GNUTLS_DIG_SHA3_384); + SELF_TEST_DIG(GNUTLS_DIG_SHA3_512); + + if (!gnutls_fips140_mode_enabled()) { +#ifdef ENABLE_GOST + SELF_TEST_DIG(GNUTLS_DIG_GOSTR_94); + SELF_TEST_DIG(GNUTLS_DIG_STREEBOG_256); + SELF_TEST_DIG(GNUTLS_DIG_STREEBOG_512); +#endif + } +} diff --git a/tests/openconnect-dtls12.c b/tests/openconnect-dtls12.c new file mode 100644 index 0000000..bfe486a --- /dev/null +++ b/tests/openconnect-dtls12.c @@ -0,0 +1,320 @@ +/* + * Copyright (C) 2019 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* A DTLS client handling DTLS 1.2 resumption under AnyConnect protocol which sets premaster secret. + */ + +#define MAX_BUF 1024 + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + + return send(fd, data, len, 0); +} + +static gnutls_datum_t master = + { (void*)"\x44\x66\x44\xa9\xb6\x29\xed\x6e\xd6\x93\x15\xdb\xf0\x7d\x4b\x2e\x18\xb1\x9d\xed\xff\x6a\x86\x76\xc9\x0e\x16\xab\xc2\x10\xbb\x17\x99\x24\xb1\xd9\xb9\x95\xe7\xea\xea\xea\xea\xea\xff\xaa\xac", 48}; +static gnutls_datum_t sess_id = + { (void*)"\xd9\xb9\x95\xe7\xea", 5}; + +static void client(int fd, const char *prio, int proto, int cipher, int kx, int mac, const char *exp_desc) +{ + int ret; + char buffer[MAX_BUF + 1]; + char *desc; + gnutls_certificate_credentials_t xcred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM); + gnutls_dtls_set_mtu(session, 1500); + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, + prio, + NULL) >= 0); + + ret = gnutls_session_set_premaster(session, GNUTLS_CLIENT, + proto, kx, cipher, mac, + GNUTLS_COMP_NULL, &master, &sess_id); + if (ret < 0) { + fail("client: gnutls_session_set_premaster failed: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + desc = gnutls_session_get_desc(session); + if (desc == NULL) + fail("client: gnutls_session_get_desc: NULL\n"); + + if (strcmp(desc, exp_desc) != 0) + fail("client: gnutls_session_get_desc: found null str: %s\n", desc); + + success(" - connected with: %s\n", desc); + gnutls_free(desc); + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); +} + + +static void server(int fd, const char *prio, int proto, int cipher, int kx, int mac) +{ + int ret; + gnutls_certificate_credentials_t xcred; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_dtls_set_mtu(session, 1500); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, + prio, + NULL) >= 0); + + ret = gnutls_session_set_premaster(session, GNUTLS_SERVER, + proto, kx, cipher, mac, + GNUTLS_COMP_NULL, &master, &sess_id); + if (ret < 0) { + fail("server: gnutls_session_set_premaster failed: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, push); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + memset(buffer, 1, sizeof(buffer)); + do { + ret = gnutls_record_send(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: data sending has failed (%s)\n\n", + gnutls_strerror(ret)); + } + + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void run(const char *name, const char *prio, int proto, int cipher, int kx, int mac, const char *exp_desc) +{ + int fd[2]; + int ret; + pid_t child; + + success("Testing %s\n", name); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + close(fd[1]); + server(fd[0], prio, proto, cipher, kx, mac); + wait(&status); + check_wait_status(status); + close(fd[0]); + } else { + close(fd[0]); + client(fd[1], prio, proto, cipher, kx, mac, exp_desc); + close(fd[1]); + exit(0); + } +} + +void doit(void) +{ + signal(SIGPIPE, SIG_IGN); + + run("dtls1.2-aes128-ecdhe", "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-128-GCM:+AEAD:+ECDHE-RSA:+SIGN-ALL:%COMPAT", + GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD, "(DTLS1.2)-(ECDHE-RSA)-(AES-128-GCM)"); + run("dtls1.2-aes256-ecdhe", "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-256-GCM:+AEAD:+ECDHE-RSA:+SIGN-ALL:%COMPAT", + GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_AEAD, "(DTLS1.2)-(ECDHE-RSA)-(AES-256-GCM)"); + run("dtls1.2-aes128-rsa", "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-128-GCM:+AEAD:+RSA:+SIGN-ALL:%COMPAT", + GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, "(DTLS1.2)-(RSA)-(AES-128-GCM)"); + run("dtls1.2-aes256-rsa", "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-256-GCM:+AEAD:+RSA:+SIGN-ALL:%COMPAT", + GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA, GNUTLS_MAC_AEAD, "(DTLS1.2)-(RSA)-(AES-256-GCM)"); +} + +#endif /* _WIN32 */ diff --git a/tests/openssl.c b/tests/openssl.c new file mode 100644 index 0000000..b7a1608 --- /dev/null +++ b/tests/openssl.c @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include "utils.h" + +#include + +void doit(void) +{ + MD5_CTX c; + unsigned char md[MD5_DIGEST_LENGTH]; + + if (gnutls_fips140_mode_enabled()) { + exit(77); + } + + if (global_init() != 0) + fail("global_init\n"); + + if (!gnutls_check_version(GNUTLS_VERSION)) + success("gnutls_check_version ERROR\n"); + + MD5_Init(&c); + MD5_Update(&c, "abc", 3); + MD5_Final(&(md[0]), &c); + + if (memcmp(md, "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" + "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", sizeof(md)) != 0) { + hexprint(md, sizeof(md)); + fail("MD5 failure\n"); + } else if (debug) + success("MD5 OK\n"); + + gnutls_global_deinit(); +} diff --git a/tests/p11-kit-load.sh b/tests/p11-kit-load.sh new file mode 100755 index 0000000..3662924 --- /dev/null +++ b/tests/p11-kit-load.sh @@ -0,0 +1,204 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of p11-kit. +# +# p11-kit is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# p11-kit is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +#set -e + +: ${srcdir=.} +: ${builddir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${P11TOOL=../src/p11tool${EXEEXT}} +: ${DIFF=diff} +: ${PKG_CONFIG=pkg-config} +TMP_SOFTHSM_DIR="./softhsm-load.$$.tmp" +P11DIR="p11-kit-conf.$$.tmp" +PIN=1234 +PUK=1234 + +for lib in ${libdir} ${libdir}/pkcs11 /usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/;do + if test -f "${lib}/p11-kit-trust.so"; then + TRUST_MODULE="${lib}/p11-kit-trust.so" + echo "located ${MODULE}" + break + fi +done + +for lib in ${libdir} ${libdir}/pkcs11 /usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/ /usr/lib/softhsm/;do + if test -f "${lib}/libsofthsm2.so"; then + SOFTHSM_MODULE="${lib}/libsofthsm2.so" + echo "located ${MODULE}" + break + fi +done + +${PKG_CONFIG} --version >/dev/null || exit 77 + +${PKG_CONFIG} --atleast-version=0.23.10 p11-kit-1 +if test $? != 0;then + echo p11-kit 0.23.10 is required + exit 77 +fi + +if ! test -f "${TRUST_MODULE}"; then + echo "p11-kit trust module was not found" + exit 77 +fi + +if ! test -f "${SOFTHSM_MODULE}"; then + echo "softhsm module was not found" + exit 77 +fi + +# Create pkcs11.conf with two modules, a trusted (p11-kit-trust) +# and softhsm (not trusted) +mkdir -p ${P11DIR} + +cat <<_EOF_ >${P11DIR}/p11-kit-trust.module +module: p11-kit-trust.so +trust-policy: yes +_EOF_ + +cat <<_EOF_ >${P11DIR}/softhsm.module +module: libsofthsm2.so +_EOF_ + +# Setup softhsm +rm -rf ${TMP_SOFTHSM_DIR} +mkdir -p ${TMP_SOFTHSM_DIR} +SOFTHSM2_CONF=${TMP_SOFTHSM_DIR}/conf +export SOFTHSM2_CONF +echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" +echo "directories.tokendir = ${TMP_SOFTHSM_DIR}" >> "${SOFTHSM2_CONF}" + +softhsm2-util --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1 +if test $? != 0; then + echo "failed to initialize softhsm" + exit 1 +fi + +GNUTLS_PIN="${PIN}" ${P11TOOL} --login --label GnuTLS-Test-RSA --generate-privkey rsa --provider "${SOFTHSM_MODULE}" pkcs11: --outfile /dev/null +if test $? != 0; then + echo "failed to generate privkey" + exit 1 +fi + +FILTERTOKEN="sed s/token=.*//g" + +# Check whether both are listed + +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -a|${FILTERTOKEN}|sort -u|wc -l) +#nr=$(${P11TOOL} --list-tokens|grep 'Module:'|sort -u|wc -l) +if test "$nr" != 2;then + echo "Error: did not find 2 modules ($nr)" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} + exit 1 +fi + +# Check whether whether list-tokens will list the trust module +# if we only load softhsm. It shouldn't as we only load the +# trust module when needed (e.g., verification). + +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -s "${SOFTHSM_MODULE}"|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 1;then + echo "Error: did not find softhsm module" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -s "${SOFTHSM_MODULE}" + exit 1 +fi + +# Check whether both modules are found when gnutls_pkcs11_init +# is not called but a pkcs11 operation is called. +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -d|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 2;then + echo "Error in test 1: did not find 2 modules" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -d + exit 1 +fi + +# Check whether both modules are found when gnutls_pkcs11_init +# is called with the auto flag +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -a|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 2;then + echo "Error in test 2: did not find 2 modules" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -a + exit 1 +fi + +# Check whether only trusted modules are listed when the +# trusted flag is given to gnutls_pkcs11_init(). +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -t|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 1;then + echo "Error in test 3: did not find the trusted module" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -t + exit 1 +fi + +# Check whether only trusted is listed after certificate verification +# is performed. +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -v|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 1;then + echo "Error in test 4: did not find 1 module" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -v + exit 1 +fi + +# Check whether only trusted is listed when gnutls_pkcs11_init +# is called with manual flag and a certificate verification is performed. +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -v|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 1;then + echo "Error in test 5: did not find 1 module" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -m -v + exit 1 +fi + +# Check whether all modules are listed after certificate verification +# is performed then a PKCS#11 function is called. +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -v -d|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 2;then + echo "Error in test 6: did not find all modules" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -v -d + exit 1 +fi + +# Check whether all modules are listed after a private key operation. +nr=$(${builddir}/pkcs11/list-tokens -o ${P11DIR} -p|${FILTERTOKEN}|sort -u|wc -l) +if test "$nr" != 2;then + echo "Error in test 7: did not find all modules" + ${builddir}/pkcs11/list-tokens -o ${P11DIR} -p + exit 1 +fi + +# Check whether public key and privkey are listed. +nr=$(GNUTLS_PIN="${PIN}" ${builddir}/pkcs11/list-objects -o ${P11DIR} -t all pkcs11:token=GnuTLS-Test|sort -u|wc -l) +if test "$nr" != 2;then + echo "Error in test 8: did not find all objects" + ${builddir}/pkcs11/list-objects -o ${P11DIR} -t all pkcs11:token=GnuTLS-Test + exit 1 +fi + +# Check whether all privkeys are listed even if trust module is registered. +nr=$(GNUTLS_PIN="${PIN}" ${builddir}/pkcs11/list-objects -o ${P11DIR} -t privkey pkcs11:|sort -u|wc -l) +if test "$nr" != 1;then + echo "Error in test 9: did not find privkey objects" + ${builddir}/pkcs11/list-objects -o ${P11DIR} -t privkey pkcs11: + exit 1 +fi + +rm -f ${P11DIR}/* +rm -rf ${TMP_SOFTHSM_DIR} + +exit 0 diff --git a/tests/p11-kit-trust-data/Example_Root_CA.p11-kit b/tests/p11-kit-trust-data/Example_Root_CA.p11-kit new file mode 100644 index 0000000..3300d46 --- /dev/null +++ b/tests/p11-kit-trust-data/Example_Root_CA.p11-kit @@ -0,0 +1,11 @@ +[p11-kit-object-v1] +class: x-certificate-extension +label: "Example CA restriction for example.com and corp.example.com" +object-id: 2.5.29.30 +value: "%30%2e%06%03%55%1d%1e%04%27%30%25%a0%23%30%0d%82%0b%65%78%61%6d%70%6c%65%2e%63%6f%6d%30%12%82%10%63%6f%72%70%2e%65%78%61%6d%70%6c%65%2e%63%6f%6d" +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRtTajie6qgC9T/RJ1PvN6ntav ++rwcYBBLJoETGlnj/kVsOAQ5J0ZX/dW8jYoQtjvUCoFaRS/sPoHw2U5Pl99LMg8I +sSaivWlhXWY5Yy8QcDX7B4UK/1cSwfSDHfnG06S2cCuAoUB/SE7ZreuAzM+SwdGD +ZAEjR469MZgFa2t8NwIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/p11-kit-trust-data/Example_Root_CA.pem b/tests/p11-kit-trust-data/Example_Root_CA.pem new file mode 100644 index 0000000..8369815 --- /dev/null +++ b/tests/p11-kit-trust-data/Example_Root_CA.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB7DCCAVWgAwIBAgIIWRMNpygap1cwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UE +AxMKRXhhbXBsZSBDQTAgFw0xNzA1MTAxMjU1MDVaGA85OTk5MTIzMTIzNTk1OVow +FTETMBEGA1UEAxMKRXhhbXBsZSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEA0bU2o4nuqoAvU/0SdT7zep7Wr/q8HGAQSyaBExpZ4/5FbDgEOSdGV/3VvI2K +ELY71AqBWkUv7D6B8NlOT5ffSzIPCLEmor1pYV1mOWMvEHA1+weFCv9XEsH0gx35 +xtOktnArgKFAf0hO2a3rgMzPksHRg2QBI0eOvTGYBWtrfDcCAwEAAaNDMEEwDwYD +VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTAf2LZgNFX +6uQKWnFh05Br9JgOUjANBgkqhkiG9w0BAQsFAAOBgQA0xZVI3WmyWaa56nTSiuco +3u0Cye7N8bSzlfi2kmyh8efA7/OCyBuUzCtvmiftsfcG6fPz3A8fdk5sA2oy0gyY +kJXukhHmLP0FHLVpa3vw1Sva5AlAkLGeQ25aSeYVZCASalMAAS72WAhsKdaD5TRS +ifWyno0SswLLpXIJsLW2Lw== +-----END CERTIFICATE----- diff --git a/tests/p11-kit-trust.sh b/tests/p11-kit-trust.sh new file mode 100755 index 0000000..b47004a --- /dev/null +++ b/tests/p11-kit-trust.sh @@ -0,0 +1,138 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# This file is part of p11-kit. +# +# p11-kit is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# p11-kit is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${P11TOOL=../src/p11tool${EXEEXT}} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${DIFF=diff} + +EXPORTED_FILE=out.$$.tmp +DER_FILE=out-der.$$.tmp +TMPFILE=out-tmp.$$.tmp + +for lib in ${libdir} ${libdir}/pkcs11 /usr/lib64/pkcs11/ /usr/lib/pkcs11/ /usr/lib/x86_64-linux-gnu/pkcs11/;do + if test -f "${lib}/p11-kit-trust.so"; then + MODULE="${lib}/p11-kit-trust.so" + echo "located ${MODULE}" + break + fi +done + +if ! test -x "${P11TOOL}"; then + echo "p11tool was not found" + exit 77 +fi + +if ! test -f "${MODULE}"; then + echo "p11-kit trust module was not found" + exit 77 +fi + +TRUST_PATH="${srcdir}/p11-kit-trust-data/" +CACERT=${TRUST_PATH}/Example_Root_CA.pem + +# Test whether a CA extracted from a trust store can retrieve stapled +# extensions. + +OPTS="--provider ${MODULE} --provider-opts trusted,p11-kit:paths=\"${TRUST_PATH}\"" + +# Informational +${P11TOOL} --list-all-certs ${OPTS} 'pkcs11:' + + +#### +# Test 1: Extract the CA certificate from store + +${P11TOOL} --export 'pkcs11:object=Example%20CA' ${OPTS} --outder --outfile ${EXPORTED_FILE} +if test "$?" != "0"; then + echo "Exporting failed (1)" + exit 1 +fi + +${CERTTOOL} -i --infile ${CACERT} --outder --outfile ${DER_FILE} +if test "$?" != "0"; then + echo "Exporting failed (2)" + exit 1 +fi + +${DIFF} ${EXPORTED_FILE} ${DER_FILE} +if test "$?" != "0"; then + echo "Files ${EXPORTED_FILE} and ${DER_FILE} are not identical" + exit 1 +fi + +rm -f ${EXPORTED_FILE} ${DER_FILE} ${TMPFILE} + +echo "Root CA retrieval test passed..." + +#### +# Test 2: Extract the certificate from store with the stapled data + +${P11TOOL} --export-stapled 'pkcs11:object=Example%20CA' ${OPTS} --outder --outfile ${EXPORTED_FILE} +if test "$?" != "0"; then + echo "Exporting failed (3)" + exit 1 +fi + +${CERTTOOL} -i --infile ${CACERT} --outder --outfile ${DER_FILE} +if test "$?" != "0"; then + echo "Exporting failed (4)" + exit 1 +fi + +${DIFF} ${EXPORTED_FILE} ${DER_FILE} +if test "$?" = "0"; then + echo "Files are identical; no extensions were stapled" + exit 1 +fi + +${CERTTOOL} -i --inder --infile ${EXPORTED_FILE} --outfile ${TMPFILE} +if test "$?" != "0"; then + echo "PEM converting failed" + exit 1 +fi + +grep -i "Name Constraints" ${TMPFILE} +if test "$?" != "0"; then + cat ${TMPFILE} + echo "No name constraints found (1)" + exit 1 +fi + +grep -i "Permitted" ${TMPFILE} +if test "$?" != "0"; then + cat ${TMPFILE} + echo "No name constraints found (2)" + exit 1 +fi + +grep -i "DNSname: example.com" ${TMPFILE} +if test "$?" != "0"; then + cat ${TMPFILE} + echo "No name constraints found (3)" + exit 1 +fi + +echo "Root CA with stapled extensions retrieval test passed..." + +rm -f ${EXPORTED_FILE} ${DER_FILE} ${TMPFILE} +exit 0 diff --git a/tests/parse_ca.c b/tests/parse_ca.c new file mode 100644 index 0000000..0502e6a --- /dev/null +++ b/tests/parse_ca.c @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2007-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#include "utils.h" + +static char castr[] = + "-----BEGIN CERTIFICATE-----\r\n" + "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\r\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\r\n" + "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\r\n" + "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\r\n" + "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\r\n" + "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\r\n" + "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\r\n" + "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\r\n" + "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\r\n" + "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\r\n" + "PfqUpIhz5Bbm7J4=\r\n" + "-----END CERTIFICATE-----\r\n" + "-----BEGIN CERTIFICATE-----\r\n" + "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\r\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\r\n" + "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\r\n" + "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\r\n" + "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\r\n" + "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\r\n" + "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\r\n" + "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\r\n" + "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\r\n" + "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\r\n" + "PfqUpIhz5Bbm7J4=\r\n" "-----END CERTIFICATE-----\r\n"; + +void doit(void) +{ + int rc; + gnutls_certificate_credentials_t cred; + gnutls_datum_t ca = { (unsigned char *) castr, sizeof(castr) }; + + global_init(); + + rc = gnutls_certificate_allocate_credentials(&cred); + if (rc) + fail("allocate cred failed: %d\n", rc); + + rc = gnutls_certificate_set_x509_trust_mem(cred, &ca, + GNUTLS_X509_FMT_PEM); + if (rc != 2) + fail("import ca failed: %d\n", rc); + + ca.data = (unsigned char *) ""; + ca.size = 0; + + rc = gnutls_certificate_set_x509_trust_mem(cred, &ca, + GNUTLS_X509_FMT_PEM); + if (rc != 0) + fail("import ca failed: %d\n", rc); + + gnutls_certificate_free_credentials(cred); + + gnutls_global_deinit(); + + if (debug) + success("import ok\n"); +} diff --git a/tests/pcert-list.c b/tests/pcert-list.c new file mode 100644 index 0000000..5502b70 --- /dev/null +++ b/tests/pcert-list.c @@ -0,0 +1,368 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" + +/* This tests functions related to pcert-lists + */ + +#define CERT0 \ +"-----BEGIN CERTIFICATE-----\n" \ +"MIIEITCCAomgAwIBAgIMVsXM+TCHHodT4TxYMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" \ +"BgNVBAMTBENBLTIwIBcNMTYwMjE4MTM1NDAxWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" \ +"ETAPBgNVBAMTCHNlcnZlci0zMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" \ +"AYEAs6z83Jg9XjIuBb87zm6uuBjGG+45IpSw6gRgU/1izgBUofefrkdvjhpneBYU\n" \ +"7PySNxTcyKUe1ZijKAYwck5jE76Y/xKNdMffgYqXOusCij7xutssdtvYw7yJjUHv\n" \ +"43+zqbydONRNebO8qw1/BGXzKCsAE83iYumxJxSkwTsq04Kp9vrfW6zaTpa3VGq5\n" \ +"wYPBT+neszrT9/E/Bn+QJh66US+EYnl+TlI5XTp4J0XqGP8PB1OYG/WPPjdRgv7j\n" \ +"C/dSsEaLmV2YdQWjPRqZ+hxQbRJbLaJ9b7czBSdK1lhefAKshUEV+SGQI2MzEVGW\n" \ +"lP4tLpIhiy33fNWpnkhbxxsa/NnIS2Vb8JvQidKdgQLsJL8hRJ/it41B4JGiaBnM\n" \ +"uQmIwr+DFbVs2ibm2VlV1oNB1DrFOAYNURSIUJM0th+Wj4vI9hnwIVeUY/u3Dk5V\n" \ +"bhks+JfbPLmbJ7Tx9JiBCes7isuxNCtWrWRDUQj71IqCc2+iV86Q+gw3rcpLeLYN\n" \ +"yv3PAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0\n" \ +"MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFEnsKuMM/IbHLD1TnAK78YwFx0VF\n" \ +"MB8GA1UdIwQYMBaAFFGRr1BCIq0AHmB59tUBsghMjvz/MA0GCSqGSIb3DQEBCwUA\n" \ +"A4IBgQB0i38qq4/os7MIhUFnBFD/eduk5B+jaGvPTM8lsZJ/17BbiMBc5dyxjMVY\n" \ +"WYsm+KI5XEddBEqMYYwjdO/aoJzFLkkDu7E+UnygVZmMdQONuoyeQ/IrLk3l3zGi\n" \ +"JJlylxFBNkns+a4AnXwSAv/ZiZapjQQUX378IxOpZuqzELAPqCkqp/6LyJApDiVV\n" \ +"9av7WWySG5Wtp8lNs8o8l8ZxU14++fwo1euH0mQ4AM2DGLAhQSdOqChmROWt4MPd\n" \ +"7raaO8dl6wMI83OgOHIhZlvlmmZTYqbpPXYm/2lM9ePBU/bkA7Y/X7HFDbTIBH9Y\n" \ +"rkVZyq3FYPUtYRyqQXa8s730MQBxGmVZkKptCZjLDziZF4sAZGX78EyDeSl3Z3Jg\n" \ +"I5JGLsdznHlhqEx8hNJnYtINVv1arn2UHO7p3/cB8VXt2UdQP+YJYdVzCvT4WW1E\n" \ +"PvzTI6JbcwDpOs0MxRIrXrhgEZWylk0W93FO1WErd1+Sn3LZqvrtyXLzYB9wCl1I\n" \ +"A34kGlE=\n" \ +"-----END CERTIFICATE-----\n" + +static unsigned char server_cert_pem[] = +CERT0 +"-----BEGIN CERTIFICATE-----\n" +"MIIEFDCCAnygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0x\n" +"MCAXDTE2MDIxODEzNTQwMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAu1/IharA+97QfzDj\n" +"UXEBl9TAFqHkN9B5erj1yhMlwPAakreStR8VvuCx46TA3gP7sbUYU811T+2D5/GU\n" +"u7YuMWsFeSmGWvbxa/tKTpXoEM0bNV+rIbxAcfgtxbARZDocv8gxfG/70vc2dSDh\n" +"KgZCoMQyO6qGLRdsoPAf+De7YD8sKS7Q3d3Xnfyv4AVnDkbAVFsZhu4lQFuWXyfG\n" +"Sl95TT94wLDLdf/Gf/F0nNsv6+D6yb15afhJKdqo6PH19gsyE0U3zj6c/7abha2W\n" +"fvVe6hVbaW1HLDZdHZnjlJHamNFdrOHI5Xi+SJO7/3MWvdTzdMVFBDfS5o7TvYyS\n" +"pu6iTmVeJvJ1OpXV7Lw1M2dSTW9RJLzUF3fXYOsuh32qMel9IzhnVh8Veyl0I0WL\n" +"hThmkF73mGWcVq4lMPXwEnwYJtRLeH5HWvG3rgmb7m827XMNnqKE0NOkPH63OUqJ\n" +"0h4b6PBb6wiOgnsC3yZIf0KgB0gToySvmD6MyJsmbN9rQit1AgMBAAGjeTB3MA8G\n" +"A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD\n" +"AwcEADAdBgNVHQ4EFgQUUZGvUEIirQAeYHn21QGyCEyO/P8wHwYDVR0jBBgwFoAU\n" +"v9x1k1GrVS0yXKvMzD7k/zInm9gwDQYJKoZIhvcNAQELBQADggGBAIwUNzAo7Efm\n" +"X8dVGz6OEsfZ/RPIeYxZ5cmqWwcZ4oLBv55xGJNG+nIcgLMA2L6ybtFiK2nKtqy4\n" +"hMv/P6qvjX5vVQGVgLclvMkDkmXWVdqkTYDX7cSe/Bv6qIS2KBaVo87r2DIWN8Zu\n" +"J3w0U3RcD6ilXVmqvARLeKWBPrCep0DJvg/BEAFSjCgHImrpZdzm6NuUr1eYCfgN\n" +"HPwUj5Ivyy9ioPRXGzzHQH6T1p/xIRbuhqTGRUin3MqGQlFseBJ2qXPf6uQmCaWZ\n" +"tFp4oWLJThqVmlvHViPDy235roYSKkJXH4qxjbhuv0pgUZOzmSsG7YA/oYNGDm6I\n" +"bEvids1r45PjYDHctB4QLhXNY3SJVgMog1KuVCK6JQL8F8XP5Sup1qW4ed/WvXwe\n" +"PBTOWbE/ENnxF2/nQLwnr80cgVx8rAE5sxubNNQVHu/6NonPzGUhTHXmGleuXPbb\n" +"Mjv4x9s3QftWUVJb7b8GUt5bMAthqo7Y47Jed1kKIt2PAm0SNBMYrw==\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIIEFDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCAXDTE2MDIxODEzNTQwMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0QG/LnrMV5vsE3G7\n" +"mGVYr33PFQ/WojwKg1C8GGH9aaIn+VMuBS2d1/mwtM9axoje1uQzwKp/hPT+N3Z3\n" +"qmFWeX8somDwowNDWN3skST4ob/M4aSlfP6OhNeIfBNvPTz3GtsbOtN5TkOX7Nf2\n" +"+mfFm09xMHQ3z4yyGNmKG/oxGKY2WDe93hp0rlIZ6ihMPcsCHwWLfja3SAT4AcXs\n" +"TFrTxEnaTYuVxcRcoW7lEDtcCyGbPfszo/rEQfJxwxRF46Yoz6rrCSkXOzLhQa4v\n" +"PPsZJ6ltNqkCtSrnhcCl3SC9JqdI4e7lGsnDylq4evi8RtOYknVOqDwv0q/9DI2+\n" +"rhFUy4I0Ah9H2T7dC01KIOjGiHyThCgkt2Nee/AXFflpN2Ws7/SGALdx6Vy3OkVo\n" +"NkHYxlKKn/06Yp8XlNPR64EqxeJqPW9Pf742EJUCOeavu5wPWJtLQr03JyKWoeZf\n" +"IYT/HwZUJveqEBU1EKeZRSvrRwHnmzQJuxyUhj/2C92QF5edAgMBAAGjeTB3MA8G\n" +"A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD\n" +"AwcEADAdBgNVHQ4EFgQUv9x1k1GrVS0yXKvMzD7k/zInm9gwHwYDVR0jBBgwFoAU\n" +"2iUEUyXy7fPzZtc8ktanTiDzjuUwDQYJKoZIhvcNAQELBQADggGBAC9X5og786Il\n" +"CUKj4FpZrqgfN+Cwf1EebW1tX1iKYASGo8t7JS0Btt3ycVpx04JSJy5WM9cQNFU0\n" +"5vimaG0qAsWhHXljhmM0mr4ruW1Jw6KAuqw0V/JJ0oYRZaYnvi6UsoJJjq8YcatW\n" +"5ixtKr928933kYD71sMZBN7Um7ictDq0M2oaW4k0/Yt4Uqb9fv20E4EHKEpETMUR\n" +"FviTIjONdVsAVj4lxuS3u1Nt7B5ayYCkgFabME28ud6EazelwZWZwBRGiuPr6634\n" +"f8lZtnscRVU5oQb6DjkyD/SM+1ue6/wpNapoH7BimnvCcRmLvsG34vlyt7QC0BRO\n" +"cRmEPZCq8hIUIuD0x836FRNUSjjMVi2Dj+QjeNolpKgUjRF/h2yKmDRB2A7WAV5g\n" +"It7RRjMnkm3pvKj2d7/qb5OaccO4uoAq333PRAX0RLYT5yosFGq+RN8+WCnzuGsB\n" +"hCe33/7HCC6mO0/vsrQuRvECvAasznN9mF3t+ZXMvcsqTcOq4Iag1A==\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIID8zCCAlugAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCAXDTE2MDIxODEzNTQwMFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0MYBHVUjwlQH7Mvn\n" +"4viHyEONr+7M0+fLntPITQHihE8gxU3LpqAUpl7felAA4k0sJTaXvnZA+E1DCcIq\n" +"zksAhK3Qr8zZeCKNM41U1klcCh2+3IoGjg+CcQisb8gtiiXybH3qXYFgi3ww2YFG\n" +"cIjJAciZj8qLfwMhMcBPMx4IDHR7gdWH9V0xUZZiBkk7x3PBIWCr2FKD0877yR9t\n" +"wjlQ4Fbw5NW9j7WaUgeY2LV7iTtBH0bZ7D/04KsYdct6lKhUkzSUBg/bAUWCFp1j\n" +"ouFhzyqMf3jFDrcejxPKlRk15e9SkQYD/7dTpudXwbL9ugZfoP1xDRgslEyfyU/Q\n" +"DEyG5mlXjVBRiGvL+dfxRNw2E5xLpESt2rlMiBhe1cv8+XL5D6z/WBwDfBNUzoQR\n" +"X15YHK2NgNNHQ8u8GLtUbp3ZXaeKgj8fdR3UoRTqWgpy2vjVM3vN1xXFVTo13MJ8\n" +"isLXH/QNUR4tnOytDp1HyK2ybHkfXB1a0RMBwM5XDVD2LhPFAgMBAAGjWDBWMA8G\n" +"A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD\n" +"AwcGADAdBgNVHQ4EFgQU2iUEUyXy7fPzZtc8ktanTiDzjuUwDQYJKoZIhvcNAQEL\n" +"BQADggGBAJrJujtXifCeySYWbnJlraec63Zgqfv4SZIEdLt5GFLdpjk2WCxhFrN3\n" +"n6JZgI2aUWin2OL1VA1hfddAPUSHOCV8nP/Vu1f/BEaeQjEVS2AOF7T+eQSTNQtN\n" +"MkTTi0UKKXZjIIXiW4YXDs2b22JIOXkL9rFyrvN4vvbIp/jwLWx5UTHFtsktMkai\n" +"MteJBobd69ra7kdX43EkUKrgSDNpMQn10y3w4ziPDsLZ9sWaRxESbXWqDn4A7J9t\n" +"prfxut+s/3rsZgpt4s2FsswymfuW8DhzH1EjfV1Tb32blpgz/40sIRbU158Wh1UH\n" +"/DGQ6RVX0RcRt7ce7QCYTROD/yHYPVucqLfRpVNJ3oujGYaMgnSSuxEOsfwx5u+P\n" +"8USIxyQNR9cX/gQswzs3Ouj1rXBnjiSS1YXWZXvqHsUamJ8O7qpnqkL2Ti64O0HA\n" +"wdTtAcDO0BTHvanKZojLZm8nStvTvFpSVh7z+8Fu0A5zAcHsDj4vLABsdPDsXUTr\n" +"kb2G3Yy/UA==\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char unsorted_server_cert_pem[] = +CERT0 +"-----BEGIN CERTIFICATE-----\n" +"MIIEFDCCAnygAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCAXDTE2MDIxODEzNTQwMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0QG/LnrMV5vsE3G7\n" +"mGVYr33PFQ/WojwKg1C8GGH9aaIn+VMuBS2d1/mwtM9axoje1uQzwKp/hPT+N3Z3\n" +"qmFWeX8somDwowNDWN3skST4ob/M4aSlfP6OhNeIfBNvPTz3GtsbOtN5TkOX7Nf2\n" +"+mfFm09xMHQ3z4yyGNmKG/oxGKY2WDe93hp0rlIZ6ihMPcsCHwWLfja3SAT4AcXs\n" +"TFrTxEnaTYuVxcRcoW7lEDtcCyGbPfszo/rEQfJxwxRF46Yoz6rrCSkXOzLhQa4v\n" +"PPsZJ6ltNqkCtSrnhcCl3SC9JqdI4e7lGsnDylq4evi8RtOYknVOqDwv0q/9DI2+\n" +"rhFUy4I0Ah9H2T7dC01KIOjGiHyThCgkt2Nee/AXFflpN2Ws7/SGALdx6Vy3OkVo\n" +"NkHYxlKKn/06Yp8XlNPR64EqxeJqPW9Pf742EJUCOeavu5wPWJtLQr03JyKWoeZf\n" +"IYT/HwZUJveqEBU1EKeZRSvrRwHnmzQJuxyUhj/2C92QF5edAgMBAAGjeTB3MA8G\n" +"A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD\n" +"AwcEADAdBgNVHQ4EFgQUv9x1k1GrVS0yXKvMzD7k/zInm9gwHwYDVR0jBBgwFoAU\n" +"2iUEUyXy7fPzZtc8ktanTiDzjuUwDQYJKoZIhvcNAQELBQADggGBAC9X5og786Il\n" +"CUKj4FpZrqgfN+Cwf1EebW1tX1iKYASGo8t7JS0Btt3ycVpx04JSJy5WM9cQNFU0\n" +"5vimaG0qAsWhHXljhmM0mr4ruW1Jw6KAuqw0V/JJ0oYRZaYnvi6UsoJJjq8YcatW\n" +"5ixtKr928933kYD71sMZBN7Um7ictDq0M2oaW4k0/Yt4Uqb9fv20E4EHKEpETMUR\n" +"FviTIjONdVsAVj4lxuS3u1Nt7B5ayYCkgFabME28ud6EazelwZWZwBRGiuPr6634\n" +"f8lZtnscRVU5oQb6DjkyD/SM+1ue6/wpNapoH7BimnvCcRmLvsG34vlyt7QC0BRO\n" +"cRmEPZCq8hIUIuD0x836FRNUSjjMVi2Dj+QjeNolpKgUjRF/h2yKmDRB2A7WAV5g\n" +"It7RRjMnkm3pvKj2d7/qb5OaccO4uoAq333PRAX0RLYT5yosFGq+RN8+WCnzuGsB\n" +"hCe33/7HCC6mO0/vsrQuRvECvAasznN9mF3t+ZXMvcsqTcOq4Iag1A==\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIID8zCCAlugAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCAXDTE2MDIxODEzNTQwMFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0MYBHVUjwlQH7Mvn\n" +"4viHyEONr+7M0+fLntPITQHihE8gxU3LpqAUpl7felAA4k0sJTaXvnZA+E1DCcIq\n" +"zksAhK3Qr8zZeCKNM41U1klcCh2+3IoGjg+CcQisb8gtiiXybH3qXYFgi3ww2YFG\n" +"cIjJAciZj8qLfwMhMcBPMx4IDHR7gdWH9V0xUZZiBkk7x3PBIWCr2FKD0877yR9t\n" +"wjlQ4Fbw5NW9j7WaUgeY2LV7iTtBH0bZ7D/04KsYdct6lKhUkzSUBg/bAUWCFp1j\n" +"ouFhzyqMf3jFDrcejxPKlRk15e9SkQYD/7dTpudXwbL9ugZfoP1xDRgslEyfyU/Q\n" +"DEyG5mlXjVBRiGvL+dfxRNw2E5xLpESt2rlMiBhe1cv8+XL5D6z/WBwDfBNUzoQR\n" +"X15YHK2NgNNHQ8u8GLtUbp3ZXaeKgj8fdR3UoRTqWgpy2vjVM3vN1xXFVTo13MJ8\n" +"isLXH/QNUR4tnOytDp1HyK2ybHkfXB1a0RMBwM5XDVD2LhPFAgMBAAGjWDBWMA8G\n" +"A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD\n" +"AwcGADAdBgNVHQ4EFgQU2iUEUyXy7fPzZtc8ktanTiDzjuUwDQYJKoZIhvcNAQEL\n" +"BQADggGBAJrJujtXifCeySYWbnJlraec63Zgqfv4SZIEdLt5GFLdpjk2WCxhFrN3\n" +"n6JZgI2aUWin2OL1VA1hfddAPUSHOCV8nP/Vu1f/BEaeQjEVS2AOF7T+eQSTNQtN\n" +"MkTTi0UKKXZjIIXiW4YXDs2b22JIOXkL9rFyrvN4vvbIp/jwLWx5UTHFtsktMkai\n" +"MteJBobd69ra7kdX43EkUKrgSDNpMQn10y3w4ziPDsLZ9sWaRxESbXWqDn4A7J9t\n" +"prfxut+s/3rsZgpt4s2FsswymfuW8DhzH1EjfV1Tb32blpgz/40sIRbU158Wh1UH\n" +"/DGQ6RVX0RcRt7ce7QCYTROD/yHYPVucqLfRpVNJ3oujGYaMgnSSuxEOsfwx5u+P\n" +"8USIxyQNR9cX/gQswzs3Ouj1rXBnjiSS1YXWZXvqHsUamJ8O7qpnqkL2Ti64O0HA\n" +"wdTtAcDO0BTHvanKZojLZm8nStvTvFpSVh7z+8Fu0A5zAcHsDj4vLABsdPDsXUTr\n" +"kb2G3Yy/UA==\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIIEFDCCAnygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0x\n" +"MCAXDTE2MDIxODEzNTQwMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAu1/IharA+97QfzDj\n" +"UXEBl9TAFqHkN9B5erj1yhMlwPAakreStR8VvuCx46TA3gP7sbUYU811T+2D5/GU\n" +"u7YuMWsFeSmGWvbxa/tKTpXoEM0bNV+rIbxAcfgtxbARZDocv8gxfG/70vc2dSDh\n" +"KgZCoMQyO6qGLRdsoPAf+De7YD8sKS7Q3d3Xnfyv4AVnDkbAVFsZhu4lQFuWXyfG\n" +"Sl95TT94wLDLdf/Gf/F0nNsv6+D6yb15afhJKdqo6PH19gsyE0U3zj6c/7abha2W\n" +"fvVe6hVbaW1HLDZdHZnjlJHamNFdrOHI5Xi+SJO7/3MWvdTzdMVFBDfS5o7TvYyS\n" +"pu6iTmVeJvJ1OpXV7Lw1M2dSTW9RJLzUF3fXYOsuh32qMel9IzhnVh8Veyl0I0WL\n" +"hThmkF73mGWcVq4lMPXwEnwYJtRLeH5HWvG3rgmb7m827XMNnqKE0NOkPH63OUqJ\n" +"0h4b6PBb6wiOgnsC3yZIf0KgB0gToySvmD6MyJsmbN9rQit1AgMBAAGjeTB3MA8G\n" +"A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD\n" +"AwcEADAdBgNVHQ4EFgQUUZGvUEIirQAeYHn21QGyCEyO/P8wHwYDVR0jBBgwFoAU\n" +"v9x1k1GrVS0yXKvMzD7k/zInm9gwDQYJKoZIhvcNAQELBQADggGBAIwUNzAo7Efm\n" +"X8dVGz6OEsfZ/RPIeYxZ5cmqWwcZ4oLBv55xGJNG+nIcgLMA2L6ybtFiK2nKtqy4\n" +"hMv/P6qvjX5vVQGVgLclvMkDkmXWVdqkTYDX7cSe/Bv6qIS2KBaVo87r2DIWN8Zu\n" +"J3w0U3RcD6ilXVmqvARLeKWBPrCep0DJvg/BEAFSjCgHImrpZdzm6NuUr1eYCfgN\n" +"HPwUj5Ivyy9ioPRXGzzHQH6T1p/xIRbuhqTGRUin3MqGQlFseBJ2qXPf6uQmCaWZ\n" +"tFp4oWLJThqVmlvHViPDy235roYSKkJXH4qxjbhuv0pgUZOzmSsG7YA/oYNGDm6I\n" +"bEvids1r45PjYDHctB4QLhXNY3SJVgMog1KuVCK6JQL8F8XP5Sup1qW4ed/WvXwe\n" +"PBTOWbE/ENnxF2/nQLwnr80cgVx8rAE5sxubNNQVHu/6NonPzGUhTHXmGleuXPbb\n" +"Mjv4x9s3QftWUVJb7b8GUt5bMAthqo7Y47Jed1kKIt2PAm0SNBMYrw==\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t unsorted_server_cert = { unsorted_server_cert_pem, + sizeof(unsorted_server_cert_pem) +}; + +const gnutls_datum_t single_server_cert = { server_cert_pem, + sizeof(CERT0)-1 +}; + +static unsigned char isolated_server_cert_pem[] = +CERT0 +"-----BEGIN CERTIFICATE-----\n" +"MIID8zCCAlugAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCAXDTE2MDIxODEzNTQwMFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0MYBHVUjwlQH7Mvn\n" +"4viHyEONr+7M0+fLntPITQHihE8gxU3LpqAUpl7felAA4k0sJTaXvnZA+E1DCcIq\n" +"zksAhK3Qr8zZeCKNM41U1klcCh2+3IoGjg+CcQisb8gtiiXybH3qXYFgi3ww2YFG\n" +"cIjJAciZj8qLfwMhMcBPMx4IDHR7gdWH9V0xUZZiBkk7x3PBIWCr2FKD0877yR9t\n" +"wjlQ4Fbw5NW9j7WaUgeY2LV7iTtBH0bZ7D/04KsYdct6lKhUkzSUBg/bAUWCFp1j\n" +"ouFhzyqMf3jFDrcejxPKlRk15e9SkQYD/7dTpudXwbL9ugZfoP1xDRgslEyfyU/Q\n" +"DEyG5mlXjVBRiGvL+dfxRNw2E5xLpESt2rlMiBhe1cv8+XL5D6z/WBwDfBNUzoQR\n" +"X15YHK2NgNNHQ8u8GLtUbp3ZXaeKgj8fdR3UoRTqWgpy2vjVM3vN1xXFVTo13MJ8\n" +"isLXH/QNUR4tnOytDp1HyK2ybHkfXB1a0RMBwM5XDVD2LhPFAgMBAAGjWDBWMA8G\n" +"A1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD\n" +"AwcGADAdBgNVHQ4EFgQU2iUEUyXy7fPzZtc8ktanTiDzjuUwDQYJKoZIhvcNAQEL\n" +"BQADggGBAJrJujtXifCeySYWbnJlraec63Zgqfv4SZIEdLt5GFLdpjk2WCxhFrN3\n" +"n6JZgI2aUWin2OL1VA1hfddAPUSHOCV8nP/Vu1f/BEaeQjEVS2AOF7T+eQSTNQtN\n" +"MkTTi0UKKXZjIIXiW4YXDs2b22JIOXkL9rFyrvN4vvbIp/jwLWx5UTHFtsktMkai\n" +"MteJBobd69ra7kdX43EkUKrgSDNpMQn10y3w4ziPDsLZ9sWaRxESbXWqDn4A7J9t\n" +"prfxut+s/3rsZgpt4s2FsswymfuW8DhzH1EjfV1Tb32blpgz/40sIRbU158Wh1UH\n" +"/DGQ6RVX0RcRt7ce7QCYTROD/yHYPVucqLfRpVNJ3oujGYaMgnSSuxEOsfwx5u+P\n" +"8USIxyQNR9cX/gQswzs3Ouj1rXBnjiSS1YXWZXvqHsUamJ8O7qpnqkL2Ti64O0HA\n" +"wdTtAcDO0BTHvanKZojLZm8nStvTvFpSVh7z+8Fu0A5zAcHsDj4vLABsdPDsXUTr\n" +"kb2G3Yy/UA==\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t isolated_server_cert = { isolated_server_cert_pem, + sizeof(isolated_server_cert_pem) +}; + +void doit(void) +{ + gnutls_pcert_st pcert_list[16]; + unsigned pcert_list_size, flags, i; + int ret; + + flags = GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED; + + pcert_list_size = 3; + ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, + &server_cert, GNUTLS_X509_FMT_PEM, flags); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { + fail("the GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED was not considered\n"); + } + + pcert_list_size = 3; + ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, + &server_cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("the normal/smaller import has failed\n"); + } + + for (i=0;i +#endif + +#include +#include + +#include +#include +#include +#include + +#include "utils.h" + +static void encode(const char *test_name, gnutls_digest_algorithm_t hash, const gnutls_datum_t *raw, const gnutls_datum_t *expected) +{ + int ret; + gnutls_datum_t out; + gnutls_digest_algorithm_t thash; + uint8_t digest[128]; + unsigned int digest_size; + + ret = gnutls_encode_ber_digest_info(hash, raw, &out); + if (ret < 0) { + fail("%s: gnutls_encode_ber_digest_info: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (expected->size!=out.size) { + hexprint(out.data, out.size); + fail("%s: gnutls_encode_ber_digest_info: output has incorrect size (%d, expected %d)\n", test_name, (int)out.size, expected->size); + exit(1); + } + + if (memcmp(expected->data, out.data, out.size) != 0) { + hexprint(out.data, out.size); + fail("%s: gnutls_encode_ber_digest_info: output does not match the expected\n", test_name); + exit(1); + } + + digest_size = sizeof(digest); + ret = gnutls_decode_ber_digest_info(&out, &thash, digest, &digest_size); + if (ret < 0) { + fail("%s: gnutls_decode_ber_digest_info: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (thash != hash) { + fail("%s: gnutls_decode_ber_digest_info: wrong hash, got: %d, expected %d\n", test_name, (int)thash, (int)hash); + exit(1); + } + + if (raw->size!=digest_size) { + fail("%s: gnutls_decode_ber_digest_info: output has incorrect size (%d, expected %d)\n", test_name, digest_size, raw->size); + exit(1); + } + + if (memcmp(raw->data, digest, digest_size) != 0) { + fail("%s: gnutls_decode_ber_digest_info: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + return; +} + +static void decode(const char *test_name, gnutls_digest_algorithm_t hash, const gnutls_datum_t *raw, const gnutls_datum_t *di, int res) +{ + int ret; + uint8_t digest[128]; + unsigned digest_size; + gnutls_digest_algorithm_t thash; + + digest_size = sizeof(digest); + ret = gnutls_decode_ber_digest_info(di, &thash, digest, &digest_size); + if (res != ret) { + fail("%s: gnutls_decode_ber_digest_info: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (ret < 0) { + return; + } + + if (thash != hash) { + fail("%s: gnutls_decode_ber_digest_info: wrong hash, got: %d, expected %d\n", test_name, (int)thash, (int)hash); + exit(1); + } + + if (raw->size!=digest_size) { + fail("%s: gnutls_decode_ber_digest_info: output has incorrect size (%d, expected %d)\n", test_name, digest_size, raw->size); + exit(1); + } + + if (memcmp(raw->data, digest, digest_size) != 0) { + fail("%s: gnutls_decode_ber_digest_info: output does not match the expected\n", test_name); + exit(1); + } + + return; +} + +struct encode_tests_st { + const char *name; + gnutls_digest_algorithm_t hash; + const gnutls_datum_t raw; + const gnutls_datum_t di; +}; + +struct encode_tests_st encode_tests[] = { + { + .name = "rnd1", + .hash = GNUTLS_DIG_SHA1, + .raw = {(void*)"\xf6\x9a\x46\x8a\x84\x69\x7a\x28\x83\xda\x52\xcd\x60\x2f\x39\x78\xff\xa1\x32\x12", 20}, + .di = {(void*)"\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14\xf6\x9a\x46\x8a\x84\x69\x7a\x28\x83\xda\x52\xcd\x60\x2f\x39\x78\xff\xa1\x32\x12",35} + }, + { + .name = "rnd2", + .hash = GNUTLS_DIG_SHA256, + .raw = {(void*)"\x0b\x68\xdf\x4b\x27\xac\xc5\xc5\x52\x43\x74\x32\x39\x5c\x1e\xf5\x6a\xe2\x19\x5a\x58\x75\x81\xa5\x6a\xf5\xbf\x98\x85\xe3\xf9\x25", 32}, + .di = {(void*)"\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20\x0b\x68\xdf\x4b\x27\xac\xc5\xc5\x52\x43\x74\x32\x39\x5c\x1e\xf5\x6a\xe2\x19\x5a\x58\x75\x81\xa5\x6a\xf5\xbf\x98\x85\xe3\xf9\x25",51} + } +}; + +struct decode_tests_st { + const char *name; + gnutls_digest_algorithm_t hash; + const gnutls_datum_t raw; + const gnutls_datum_t di; + int res; +}; + +struct decode_tests_st decode_tests[] = { + { + .name = "dec-rnd1", + .hash = GNUTLS_DIG_SHA1, + .di = {(void*)"\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14\xf6\x9a\x46\x8a\x84\x69\x7a\x28\x83\xda\x52\xcd\x60\x2f\x39\x78\xff\xa1\x32\x12",35}, + .raw = {(void*)"\xf6\x9a\x46\x8a\x84\x69\x7a\x28\x83\xda\x52\xcd\x60\x2f\x39\x78\xff\xa1\x32\x12", 20}, + .res = 0, + }, + { + .name = "dec-rnd2", + .hash = GNUTLS_DIG_SHA256, + .raw = {(void*)"\x0b\x68\xdf\x4b\x27\xac\xc5\xc5\x52\x43\x74\x32\x39\x5c\x1e\xf5\x6a\xe2\x19\x5a\x58\x75\x81\xa5\x6a\xf5\xbf\x98\x85\xe3\xf9\x25", 32}, + .di = {(void*)"\x30\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20\x0b\x68\xdf\x4b\x27\xac\xc5\xc5\x52\x43\x74\x32\x39\x5c\x1e\xf5\x6a\xe2\x19\x5a\x58\x75\x81\xa5\x6a\xf5\xbf\x98\x85\xe3\xf9\x25",51}, + .res = 0, + }, + { + .name = "dec-wrong-tag", + .hash = GNUTLS_DIG_SHA256, + .raw = {(void*)"\x0b\x68\xdf\x4b\x27\xac\xc5\xc5\x52\x43\x74\x32\x39\x5c\x1e\xf5\x6a\xe2\x19\x5a\x58\x75\x81\xa5\x6a\xf5\xbf\x98\x85\xe3\xf9\x25", 32}, + .di = {(void*)"\x31\x31\x30\x0d\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20\x0b\x68\xdf\x4b\x27\xac\xc5\xc5\x52\x43\x74\x32\x39\x5c\x1e\xf5\x6a\xe2\x19\x5a\x58\x75\x81\xa5\x6a\xf5\xbf\x98\x85\xe3\xf9\x25",51}, + .res = GNUTLS_E_ASN1_TAG_ERROR + }, + { + .name = "dec-wrong-der", + .hash = GNUTLS_DIG_SHA256, + .raw = {(void*)"\x0b\x68\xdf\x4b\x27\xac\xc5\xc5\x52\x43\x74\x32\x39\x5c\x1e\xf5\x6a\xe2\x19\x5a\x58\x75\x81\xa5\x6a\xf5\xbf\x98\x85\xe3\xf9\x25", 32}, + .di = {(void*)"\x30\x31\x30\x0c\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20\x0b\x68\xdf\x4b\x27\xac\xc5\xc5\x52\x43\x74\x32\x39\x5c\x1e\xf5\x6a\xe2\x19\x5a\x58\x75\x81\xa5\x6a\xf5\xbf\x98\x86\xe3\xf9\x25",51}, + .res = GNUTLS_E_ASN1_DER_ERROR + }, + { + .name = "dec-wrong-hash", + .hash = GNUTLS_DIG_SHA256, + .raw = {(void*)"\x0b\x68\xdf\x4b\x27\xac\xc5\xc5\x52\x43\x74\x32\x39\x5c\x1e\xf5\x6a\xe2\x19\x5a\x58\x75\x81\xa5\x6a\xf5\xbf\x98\x85\xe3\xf9\x25", 32}, + .di = {(void*)"\x30\x31\x30\x0d\x06\x09\x61\x86\x48\x01\x65\x03\x04\x02\x01\x05\x00\x04\x20\x0b\x68\xdf\x4b\x27\xac\xc5\xc5\x52\x43\x74\x32\x39\x5c\x1e\xf5\x6a\xe2\x19\x5a\x58\x75\x81\xa5\x6a\xf5\xbf\x98\x86\xe3\xf9\x25",51}, + .res = GNUTLS_E_UNKNOWN_HASH_ALGORITHM + }, +}; + +void doit(void) +{ + unsigned i; + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "../utils.h" +#include "softhsm.h" + +/* Tests whether gnutls_x509_crt_list_import_url() will return a well + * sorted chain, out of values written to softhsm token. + */ + +#define CONFIG_NAME "softhsm-import-url" +#define CONFIG CONFIG_NAME".config" + +#include "../test-chains.h" + +#define PIN "123456" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +static int comp_cert(gnutls_pcert_st *pcert, unsigned i) +{ + int ret; + gnutls_datum_t data; + gnutls_x509_crt_t crt2; + + if (debug) + success("comparing cert %d\n", i); + + ret = gnutls_x509_crt_init(&crt2); + if (ret < 0) + return -1; + + data.data = (void*)nc_good2[i]; + data.size = strlen(nc_good2[i]); + ret = gnutls_x509_crt_import(crt2, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + return -1; + + if (!gnutls_x509_crt_equals2(crt2, &pcert->cert)) { + return -1; + } + + gnutls_x509_crt_deinit(crt2); + + return 0; +} + +static void load_cert(const char *url, unsigned i) +{ + int ret; + gnutls_datum_t data; + gnutls_x509_crt_t crt; + char name[64]; + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + data.data = (void*)nc_good2[i]; + data.size = strlen(nc_good2[i]); + ret = gnutls_x509_crt_import(crt, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("error[%d]: %s\n", i, gnutls_strerror(ret)); + + snprintf(name, sizeof(name), "cert-%d", i); + ret = gnutls_pkcs11_copy_x509_crt(url, crt, name, GNUTLS_PKCS11_OBJ_FLAG_LOGIN|GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE); + if (ret < 0) + fail("error[%d]: %s\n", i, gnutls_strerror(ret)); + + success("written cert-%d\n", i); + + gnutls_x509_crt_deinit(crt); +} + +static void load_chain(const char *url) +{ + load_cert(url, 1); + load_cert(url, 0); + load_cert(url, 4); + load_cert(url, 2); + load_cert(url, 3); +} + +static void write_certs(const char *file) +{ + FILE *fp = fopen(file, "w"); + assert(fp != NULL); + fwrite(nc_good2[0], strlen(nc_good2[0]), 1, fp); + fwrite(nc_good2[4], strlen(nc_good2[4]), 1, fp); + fwrite(nc_good2[1], strlen(nc_good2[1]), 1, fp); + fwrite(nc_good2[2], strlen(nc_good2[2]), 1, fp); + fwrite(nc_good2[3], strlen(nc_good2[3]), 1, fp); + fclose(fp); +} + +void doit(void) +{ + char buf[512]; + int ret; + const char *lib, *bin; + unsigned int i; + gnutls_pcert_st pcerts[16]; + unsigned int pcerts_size; + char file[TMPNAME_SIZE]; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + track_temp_files(); + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret < 0) { + fprintf(stderr, "add_provider: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, GNUTLS_PIN_USER); + if (ret < 0) { + fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); + } + + load_chain(SOFTHSM_URL); + gnutls_pkcs11_set_pin_function(NULL, NULL); + + success("import from URI\n"); + pcerts_size = 2; + ret = gnutls_pcert_list_import_x509_file(pcerts, &pcerts_size, SOFTHSM_URL";object=cert-0", + GNUTLS_X509_FMT_PEM, pin_func, NULL, 0); + assert(ret == GNUTLS_E_SHORT_MEMORY_BUFFER); + + pcerts_size = sizeof(pcerts)/sizeof(pcerts[0]); + ret = gnutls_pcert_list_import_x509_file(pcerts, &pcerts_size, SOFTHSM_URL";object=cert-0", + GNUTLS_X509_FMT_PEM, pin_func, NULL, 0); + if (ret < 0) + fail("cannot load certs: %s\n", gnutls_strerror(ret)); + + assert(pcerts_size == 5); + + for (i=0;i=0); + + for (i=0;i=0); + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "../utils.h" +#include "softhsm.h" + +/* Tests whether gnutls_x509_crt_list_import_url() will return a well + * sorted chain, out of values written to softhsm token. + */ + +#define CONFIG_NAME "x509-crt-list-import-url" +#define CONFIG CONFIG_NAME".config" + +#include "../test-chains.h" + +#define PIN "123456" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +static void comp_cert(gnutls_x509_crt_t crt1, unsigned i) +{ + int ret; + gnutls_datum_t data; + gnutls_x509_crt_t crt2; + + ret = gnutls_x509_crt_init(&crt2); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + data.data = (void*)nc_good2[i]; + data.size = strlen(nc_good2[i]); + ret = gnutls_x509_crt_import(crt2, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("error[%d]: %s\n", i, gnutls_strerror(ret)); + + if (!gnutls_x509_crt_equals(crt1, crt2)) { + fail("certificate doesn't match chain at %d\n", i); + } + + gnutls_x509_crt_deinit(crt2); +} + +static void load_cert(const char *url, unsigned i) +{ + int ret; + gnutls_datum_t data; + gnutls_x509_crt_t crt; + char name[64]; + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + data.data = (void*)nc_good2[i]; + data.size = strlen(nc_good2[i]); + ret = gnutls_x509_crt_import(crt, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("error[%d]: %s\n", i, gnutls_strerror(ret)); + + snprintf(name, sizeof(name), "cert-%d", i); + ret = gnutls_pkcs11_copy_x509_crt(url, crt, name, GNUTLS_PKCS11_OBJ_FLAG_LOGIN|GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE); + if (ret < 0) + fail("error[%d]: %s\n", i, gnutls_strerror(ret)); + + success("written cert-%d\n", i); + + gnutls_x509_crt_deinit(crt); +} + +static void load_chain(const char *url) +{ + load_cert(url, 1); + load_cert(url, 0); + load_cert(url, 4); + load_cert(url, 2); + load_cert(url, 3); +} + +void doit(void) +{ + char buf[512]; + int ret; + const char *lib, *bin; + gnutls_x509_crt_t *crts; + unsigned int crts_size, i; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret < 0) { + fprintf(stderr, "add_provider: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, GNUTLS_PIN_USER); + if (ret < 0) { + fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); + } + + load_chain(SOFTHSM_URL); + gnutls_pkcs11_set_pin_function(NULL, NULL); + + /* try importing without login */ + ret = gnutls_x509_crt_list_import_url(&crts, &crts_size, SOFTHSM_URL";object=cert-0", + pin_func, NULL, 0); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + fail("cannot load certs: %s\n", gnutls_strerror(ret)); + + /* try importing with login */ + ret = gnutls_x509_crt_list_import_url(&crts, &crts_size, SOFTHSM_URL";object=cert-0", + pin_func, NULL, GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) + fail("cannot load certs: %s\n", gnutls_strerror(ret)); + + assert(crts_size == 5); + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#define P11_KIT_FUTURE_UNSTABLE_API +#include +#include "cert-common.h" + +/* lists the registered PKCS#11 modules by p11-kit. + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static const char *opt_pin; + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, opt_pin); + return 0; + } + return -1; +} + +int main(int argc, char **argv) +{ + int ret; + unsigned i; + int opt; + char *url, *mod; + unsigned flags; + unsigned obj_flags = 0; + int attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL; + gnutls_pkcs11_obj_t *crt_list; + unsigned int crt_list_size = 0; + const char *envvar; + + ret = gnutls_global_init(); + if (ret != 0) { + fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + + while((opt = getopt(argc, argv, "o:t:")) != -1) { + switch(opt) { + case 'o': + mod = strdup(optarg); + p11_kit_override_system_files(NULL, NULL, mod, mod, NULL); + break; + case 't': + /* specify the object type to list */ + if (strcmp(optarg, "all") == 0) + attrs = GNUTLS_PKCS11_OBJ_ATTR_ALL; + else if (strcmp(optarg, "privkey") == 0) + attrs = GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY; + else { + fprintf(stderr, "Unknown object type %s\n", optarg); + exit(1); + } + break; + default: + fprintf(stderr, "Unknown option %c\n", (char)opt); + exit(1); + } + } + + if (optind == argc) { + fprintf(stderr, "specify URL\n"); + exit(1); + } + url = argv[optind]; + + envvar = getenv("GNUTLS_PIN"); + if (envvar && *envvar != '\0') { + opt_pin = envvar; + obj_flags |= GNUTLS_PKCS11_OBJ_FLAG_LOGIN; + gnutls_pkcs11_set_pin_function(pin_func, NULL); + } + + ret = gnutls_pkcs11_token_get_flags(url, &flags); + if (ret < 0) { + flags = 0; + } + + ret = + gnutls_pkcs11_obj_list_import_url2(&crt_list, &crt_list_size, + url, attrs, obj_flags); + if (ret != 0) { + fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + for (i = 0; i < crt_list_size; i++) { + char *output; + + ret = + gnutls_pkcs11_obj_export_url(crt_list[i], 0, + &output); + if (ret != 0) { + fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + fprintf(stdout, "%s\n", output); + gnutls_free(output); + gnutls_pkcs11_obj_deinit(crt_list[i]); + } + gnutls_free(crt_list); + + gnutls_global_deinit(); +} diff --git a/tests/pkcs11/list-tokens.c b/tests/pkcs11/list-tokens.c new file mode 100644 index 0000000..39cd730 --- /dev/null +++ b/tests/pkcs11/list-tokens.c @@ -0,0 +1,167 @@ +/* + * Copyright (C) 2016-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#define P11_KIT_FUTURE_UNSTABLE_API +#include +#include "cert-common.h" + +/* lists the registered PKCS#11 modules by p11-kit. + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +int +_gnutls_pkcs11_token_get_url(unsigned int seq, + gnutls_pkcs11_url_type_t detailed, char **url, + unsigned flags); + +int main(int argc, char **argv) +{ + int ret; + unsigned i; + int opt; + char *url, *mod; + gnutls_x509_trust_list_t tl; + gnutls_x509_crt_t crt; + gnutls_pkcs11_privkey_t key; + unsigned flag = 1; + unsigned int status; + + ret = gnutls_global_init(); + if (ret != 0) { + fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + //gnutls_global_set_log_level(4711); + + while((opt = getopt(argc, argv, "s:o:mvatdp")) != -1) { + switch(opt) { + case 'o': + mod = strdup(optarg); + p11_kit_override_system_files(NULL, NULL, mod, mod, NULL); + break; + case 'm': + /* initialize manually - i.e., do no module loading */ + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + break; + case 's': + /* load module */ + ret = gnutls_pkcs11_add_provider(optarg, NULL); + if (ret != 0) { + fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + break; + case 'd': + /* when call _gnutls_pkcs11_token_get_url() do proper initialization + * if none done */ + flag = 0; + break; + case 'p': + /* do private key operations */ + assert(gnutls_pkcs11_privkey_init(&key) >= 0); + gnutls_pkcs11_privkey_import_url(key, "pkcs11:", 0); + gnutls_pkcs11_privkey_deinit(key); + break; + case 'a': + /* initialize auto - i.e., do module loading */ + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL); + if (ret != 0) { + fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + break; + case 't': + /* do trusted module loading */ + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO_TRUSTED, NULL); + if (ret != 0) { + fprintf(stderr, "error at %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + break; + case 'v': + /* do verification which should trigger trusted module loading */ + assert(gnutls_x509_crt_init(&crt) >= 0); + assert(gnutls_x509_crt_import(crt, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_x509_trust_list_init(&tl, 0) >= 0); + assert(gnutls_x509_trust_list_add_system_trust(tl, 0, 0) >= 0); + gnutls_x509_trust_list_verify_crt2(tl, &crt, 1, NULL, 0, 0, &status, NULL); + gnutls_x509_trust_list_deinit(tl, 1); + gnutls_x509_crt_deinit(crt); + break; + default: + fprintf(stderr, "Unknown option %c\n", (char)opt); + exit(1); + } + } + + + for (i=0;;i++) { + ret = _gnutls_pkcs11_token_get_url(i, 0, &url, flag); + if (ret < 0) + break; + printf("%s\n", url); + free(url); + } + + /* try whether these URIs are operational */ + for (i=0;;i++) { + unsigned tflags; + + ret = _gnutls_pkcs11_token_get_url(i, 0, &url, flag); + if (ret < 0) + break; + ret = gnutls_pkcs11_token_get_flags(url, &tflags); + if (ret < 0) { + fprintf(stderr, "cannot get token %s flags: %s\n", url, gnutls_strerror(ret)); + exit(1); + } + free(url); + } + + gnutls_global_deinit(); +} diff --git a/tests/pkcs11/pkcs11-cert-import-url-exts.c b/tests/pkcs11/pkcs11-cert-import-url-exts.c new file mode 100644 index 0000000..bf806b1 --- /dev/null +++ b/tests/pkcs11/pkcs11-cert-import-url-exts.c @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" + +/* Tests the certificate extension override in "trusted" PKCS#11 modules */ + +#ifdef _WIN32 +# define P11LIB "libpkcs11mock1.dll" +#else +# define P11LIB "libpkcs11mock1.so" +#endif + +static time_t mytime(time_t * t) +{ + time_t then = 1424466893; + + if (t) + *t = then; + + return then; +} + +void doit(void) +{ + int ret; + gnutls_x509_crt_t crt, ocrt; + unsigned keyusage; + const char *lib; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + gnutls_global_set_time_function(mytime); + if (debug) { + gnutls_global_set_log_level(4711); + success("loading lib %s\n", lib); + } + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, "trusted"); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_x509_crt_init(&crt)>=0); + assert(gnutls_x509_crt_init(&ocrt)>=0); + + /* check high level certificate functions */ + ret = gnutls_x509_crt_import_url(crt, "pkcs11:type=cert;object=cert1", 0); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_import_url(ocrt, "pkcs11:type=cert;object=cert1", GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_equals(crt, ocrt); + if (ret != 0) { + fail("exported certificates are equal!\n"); + } + + ret = gnutls_x509_crt_get_ca_status(ocrt, NULL); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + if (ret == 0) { + fail("overridden cert is not a CA!\n"); + exit(1); + } + + ret = gnutls_x509_crt_get_key_usage(ocrt, &keyusage, NULL); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + if (keyusage != (GNUTLS_KEY_KEY_ENCIPHERMENT|GNUTLS_KEY_ENCIPHER_ONLY|GNUTLS_KEY_KEY_CERT_SIGN)) { + fail("Extension does not have the expected key usage!\n"); + } + + gnutls_x509_crt_deinit(crt); + gnutls_x509_crt_deinit(ocrt); + if (debug) + printf("done\n\n\n"); + + gnutls_global_deinit(); +} diff --git a/tests/pkcs11/pkcs11-cert-import-url4-exts.c b/tests/pkcs11/pkcs11-cert-import-url4-exts.c new file mode 100644 index 0000000..f9fe82f --- /dev/null +++ b/tests/pkcs11/pkcs11-cert-import-url4-exts.c @@ -0,0 +1,165 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" + +/* Tests the certificate extension override in "trusted" PKCS#11 modules */ + +#ifdef _WIN32 +# define P11LIB "libpkcs11mock1.dll" +#else +# define P11LIB "libpkcs11mock1.so" +#endif + +static time_t mytime(time_t * t) +{ + time_t then = 1424466893; + + if (t) + *t = then; + + return then; +} + +void doit(void) +{ + int ret; + gnutls_x509_crt_t crt, ocrt; + unsigned keyusage; + const char *lib; + gnutls_pkcs11_obj_t *plist; + unsigned int plist_size; + gnutls_pkcs11_obj_t *plist2; + unsigned int plist2_size, i; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + gnutls_global_set_time_function(mytime); + if (debug) { + gnutls_global_set_log_level(4711); + success("loading lib %s\n", lib); + } + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, "trusted"); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_x509_crt_init(&crt)>=0); + assert(gnutls_x509_crt_init(&ocrt)>=0); + + /* check low level certificate import functions */ + ret = gnutls_pkcs11_obj_list_import_url4(&plist, &plist_size, "pkcs11:type=cert;object=cert1", 0); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_obj_list_import_url4(&plist2, &plist2_size, "pkcs11:type=cert;object=cert1", GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + if (plist2_size != 1 || plist_size != 1) { + fail("could not import certs %d, %d\n", plist_size, plist2_size); + } + + ret = gnutls_x509_crt_import_pkcs11(crt, plist[0]); + if (ret != 0) { + fail("could not import cert!\n"); + } + + ret = gnutls_x509_crt_import_pkcs11(ocrt, plist2[0]); + if (ret != 0) { + fail("could not import cert!\n"); + } + + for (i=0;i +#endif + +#include +#include +#include +#include + +#include +#include + +#include "../utils.h" +#include "softhsm.h" +#include "../test-chains.h" + +#define CONFIG "softhsm-chainverify.config" + +#define DEFAULT_THEN 1256803113 +static time_t then = DEFAULT_THEN; + +/* GnuTLS internally calls time() to find out the current time when + verifying certificates. To avoid a time bomb, we hard code the + current time. This should work fine on systems where the library + call to time is resolved at run-time. */ +static time_t mytime(time_t * t) +{ + if (t) + *t = then; + + return then; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, "1234"); + return 0; + } + return -1; +} + +void doit(void) +{ + int exit_val = 0; + size_t i; + int ret; + const char *lib, *bin; + gnutls_typed_vdata_st vdata[2]; + char buf[128]; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + /* The overloading of time() seems to work in linux (ELF?) + * systems only. Disable it on windows. + */ +#ifdef _WIN32 + exit(77); +#endif + + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin 1234 --pin 1234", bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, "trusted"); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + for (i = 0; chains[i].chain; i++) { + gnutls_x509_trust_list_t tl; + unsigned int verify_status; + gnutls_x509_crt_t certs[MAX_CHAIN]; + gnutls_x509_crt_t ca; + gnutls_datum_t tmp; + size_t j; + + gnutls_x509_trust_list_iter_t get_ca_iter; + gnutls_datum_t get_ca_datum_test; + gnutls_datum_t get_ca_datum; + gnutls_x509_crt_t get_ca_crt; + + if (debug) + printf("Chain '%s' (%d)...\n", chains[i].name, + (int) i); + + if (chains[i].notfips && gnutls_fips140_mode_enabled()) { + if (debug) + printf("Skipping in FIPS mode...\n"); + continue; + } + + for (j = 0; chains[i].chain[j]; j++) { + if (debug > 2) + printf("\tAdding certificate %d...", + (int) j); + + ret = gnutls_x509_crt_init(&certs[j]); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init[%d,%d]: %s\n", + (int) i, (int) j, + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) chains[i].chain[j]; + tmp.size = strlen(chains[i].chain[j]); + + ret = + gnutls_x509_crt_import(certs[j], &tmp, + GNUTLS_X509_FMT_PEM); + if (debug > 2) + printf("done\n"); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import[%s,%d]: %s\n", + chains[i].name, (int) j, + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_print(certs[j], + GNUTLS_CRT_PRINT_ONELINE, + &tmp); + if (debug) + printf("\tCertificate %d: %.*s\n", (int) j, + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + if (debug > 2) + printf("\tAdding CA certificate..."); + + ret = gnutls_x509_crt_init(&ca); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) *chains[i].ca; + tmp.size = strlen(*chains[i].ca); + + ret = + gnutls_x509_crt_import(ca, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (debug > 2) + printf("done\n"); + + gnutls_x509_crt_print(ca, GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf("\tCA Certificate: %.*s\n", tmp.size, + tmp.data); + gnutls_free(tmp.data); + + if (debug) + printf("\tVerifying..."); + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, "1234", "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init\n"); + exit(1); + } + + /* write CA certificate to softhsm */ + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED| + GNUTLS_PKCS11_OBJ_FLAG_MARK_CA| + GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); + } + + gnutls_x509_trust_list_init(&tl, 0); + + ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_add_trust_file: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (ret < 1) { + fail("gnutls_x509_trust_list_add_trust_file returned zero!\n"); + exit(1); + } + + /* test trust list iteration */ + get_ca_iter = NULL; + while (gnutls_x509_trust_list_iter_get_ca(tl, &get_ca_iter, &get_ca_crt) == 0) { + ret = gnutls_x509_crt_export2(get_ca_crt, GNUTLS_X509_FMT_PEM, &get_ca_datum_test); + if (ret < 0) { + fail("gnutls_x509_crt_export2: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_export2(ca, GNUTLS_X509_FMT_PEM, &get_ca_datum); + if (ret < 0) { + fail("gnutls_x509_crt_export2: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (get_ca_datum_test.size != get_ca_datum.size || + memcmp(get_ca_datum_test.data, get_ca_datum.data, get_ca_datum.size) != 0) { + fail("gnutls_x509_trist_list_iter_get_ca: Unexpected certificate (%u != %u):\n\n%s\n\nvs.\n\n%s", get_ca_datum.size, get_ca_datum_test.size, get_ca_datum.data, get_ca_datum_test.data); + exit(1); + } + + gnutls_free(get_ca_datum.data); + gnutls_free(get_ca_datum_test.data); + gnutls_x509_crt_deinit(get_ca_crt); + } + + vdata[0].type = GNUTLS_DT_KEY_PURPOSE_OID; + vdata[0].data = (void *)chains[i].purpose; + + if (chains[i].expected_time != 0) + then = chains[i].expected_time; + else + then = DEFAULT_THEN; + + /* make sure that the two functions don't diverge */ + ret = gnutls_x509_trust_list_verify_crt2(tl, certs, j, + vdata, + chains[i].purpose==NULL?0:1, + chains[i].verify_flags, + &verify_status, NULL); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_list_verify[%d,%d]: %s\n", + (int) i, (int) j, gnutls_strerror(ret)); + exit(1); + } + + if (verify_status != chains[i].expected_verify_result) { + gnutls_datum_t out1, out2; + gnutls_certificate_verification_status_print + (verify_status, GNUTLS_CRT_X509, &out1, 0); + gnutls_certificate_verification_status_print(chains + [i]. + expected_verify_result, + GNUTLS_CRT_X509, + &out2, + 0); + fail("chain[%s]:\nverify_status: %d: %s\nexpected: %d: %s\n", chains[i].name, verify_status, out1.data, chains[i].expected_verify_result, out2.data); + gnutls_free(out1.data); + gnutls_free(out2.data); + +#if 0 + j = 0; + do { + fprintf(stderr, "%s\n", + chains[i].chain[j]); + } + while (chains[i].chain[++j] != NULL); +#endif + + if (!debug) + exit(1); + } else if (debug) + printf("done\n"); + + if (debug) + printf("\tCleanup..."); + + gnutls_x509_trust_list_deinit(tl, 0); + gnutls_x509_crt_deinit(ca); + for (j = 0; chains[i].chain[j]; j++) + gnutls_x509_crt_deinit(certs[j]); + + if (debug) + printf("done\n\n\n"); + } + + gnutls_global_deinit(); + + if (debug) + printf("Exit status...%d\n", exit_val); + remove(CONFIG); + + exit(exit_val); +} diff --git a/tests/pkcs11/pkcs11-combo.c b/tests/pkcs11/pkcs11-combo.c new file mode 100644 index 0000000..43189c4 --- /dev/null +++ b/tests/pkcs11/pkcs11-combo.c @@ -0,0 +1,431 @@ +/* + * Copyright (C) 2014 Red Hat + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include +#include +#include + +/* Tests whether the combination of a trust module + additional CAs + * in a trust list would work. + */ + +#include "../utils.h" +#include "../test-chains.h" +#include "softhsm.h" + +#define NAME "softhsm-combo" +#define CONFIG NAME".config" + +/* These CAs have the same DN */ +static const char *ca_list[MAX_CHAIN] = { +"-----BEGIN CERTIFICATE-----\n" +"MIIHSjCCBjKgAwIBAgIKYRHt9wABAAAAFTANBgkqhkiG9w0BAQUFADBSMQswCQYD\n" +"VQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHklu\n" +"dGVsIEludHJhbmV0IEJhc2ljIFBvbGljeSBDQTAeFw0xMzAyMDQyMTUyMThaFw0x\n" +"ODA1MjQxOTU5MzlaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBDb3Jw\n" +"b3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgSW50cmFuZXQgQmFzaWMgSXNzdWluZyBD\n" +"QSAyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALn3ogjraWSmK5Wb\n" +"/4e9mENA1F36FBVemaG7L93ZhRRXq4UV0PQM5/4TOe9KAaOlX+a2cuULeeUtN9Rk\n" +"V/nHAVzSWlqc/NTMJfuI/1AD7ICNejQFYLxDMXGjR7eAHtiMz0iTMp9u6YTw4WXh\n" +"WffqTPiqUZ6DEWsMic9dM9yw/JqzycKClLcTD1OCvtw7Fx4tNTu6/ngrYJcTo29e\n" +"BBh/DupgtgnYPYuExEkHmucb4VIDdjfRkPo/BdNqrUSYfYqnUDj5mH+hPzIgppsZ\n" +"Rw0S5PUZGuC1f+Zok+4vZPR+hGG3Pdm2LTUEWSnurlhyfBoM+0yxeHsmL9aHU7zt\n" +"EIzVmKUCAwEAAaOCBBwwggQYMBIGCSsGAQQBgjcVAQQFAgMCAAIwIwYJKwYBBAGC\n" +"NxUCBBYEFMqHyYZOx6LYwRwZ+5vjOyIl9hENMB0GA1UdDgQWBBQ4Y3b6tgU6qVlP\n" +"SoeNoIO3fpE6CzAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC\n" +"AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBRp6zCRHAOAgE4RFYhG\n" +"pOJBmtNpHzCCAaIGA1UdHwSCAZkwggGVMIIBkaCCAY2gggGJhlFodHRwOi8vd3d3\n" +"LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEludHJhbmV0JTIwQmFz\n" +"aWMlMjBQb2xpY3klMjBDQSgxKS5jcmyGWmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50\n" +"ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIwSW50cmFuZXQlMjBCYXNpYyUy\n" +"MFBvbGljeSUyMENBKDEpLmNybIaB12xkYXA6Ly8vQ049SW50ZWwlMjBJbnRyYW5l\n" +"dCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EoMSksQ049bWNzaWJwY2EsQ049Q0RQLENO\n" +"PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3Vy\n" +"YXRpb24sREM9Y29ycCxEQz1pbnRlbCxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0\n" +"aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIIB\n" +"uQYIKwYBBQUHAQEEggGrMIIBpzBmBggrBgEFBQcwAoZaaHR0cDovL3d3dy5pbnRl\n" +"bC5jb20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBJbnRyYW5ldCUy\n" +"MEJhc2ljJTIwUG9saWN5JTIwQ0EoMSkuY3J0MG8GCCsGAQUFBzAChmNodHRwOi8v\n" +"Y2VydGlmaWNhdGVzLmludGVsLmNvbS9yZXBvc2l0b3J5L2NlcnRpZmljYXRlcy9J\n" +"bnRlbCUyMEludHJhbmV0JTIwQmFzaWMlMjBQb2xpY3klMjBDQSgxKS5jcnQwgcsG\n" +"CCsGAQUFBzAChoG+bGRhcDovLy9DTj1JbnRlbCUyMEludHJhbmV0JTIwQmFzaWMl\n" +"MjBQb2xpY3klMjBDQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMs\n" +"Q049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jb3JwLERDPWludGVsLERD\n" +"PWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlv\n" +"bkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAsj8cHt2jSAmnIGulE9jXooAc\n" +"qH2xehlI+ko/al+nDnBzbjDYYjVS52XitYg8JGo6j72ijiGlGb/03FcQJRBZmUH6\n" +"znktx2rGTm4IdjL8quhvHthlzXXCozL8GMeeOuZ5rzHlhapKx764a5RuZtyx89uS\n" +"9cECon6oLGesXjFJ8Xrq6ecHZrQwJUpmvZalwvloKACAWqBh8yV12WDnUNZhtp8N\n" +"8rqeJZoy/lXGnTxsSSodO/5Y/CxYJM4W6u4WgvXNJSjO/0qWvb64S+pVLjBzwI+Y\n" +"X6oLqmBovRp1lGPOLjkXZi3EKDR8DmzhtpJq2677RtYowewnFedQ+exH9cXoJw==\n" +"-----END CERTIFICATE-----", +"-----BEGIN CERTIFICATE-----\n" +"MIIHSjCCBjKgAwIBAgIKYRXxrQABAAAAETANBgkqhkiG9w0BAQUFADBSMQswCQYD\n" +"VQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHklu\n" +"dGVsIEludHJhbmV0IEJhc2ljIFBvbGljeSBDQTAeFw0wOTA1MTUxODQyNDVaFw0x\n" +"NTA1MTUxODUyNDVaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBDb3Jw\n" +"b3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgSW50cmFuZXQgQmFzaWMgSXNzdWluZyBD\n" +"QSAyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbJOXtXYgfyoch6\n" +"ip5SSjijOXvpIjBxbTl5EGH/VYHmpM2O6SRlKh/uy77QS9m84sRWCJLr8cWwX9oH\n" +"qSmIylgcWvDpVNHx4v506DTTrbK0sbYRQYXRajOzJKeTt7NLeLrngyl45FrI9VAT\n" +"3yqp/2BCG1dUwcBha3dB2UbTkFOMt9o/gqoL6KvgswYMs/oGc/OIjeozdYuhnBT2\n" +"YlT9Ge5pfhOJWXh4DJbxnTmWwRUKq0MXFn0S00KQ/BZOTkc/5DibUmbmMrYi8ra4\n" +"Z2bpnoTq0WNA99O2Lk8IgmkqPdi6HwZwKCE/x01qwP8zo76rvN8sbW9pj2WzS1WF\n" +"tSDPeZECAwEAAaOCBBwwggQYMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYE\n" +"FPwbdyds7Cm03lobLKmI6q59npi+MAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEE\n" +"BQIDAQABMCMGCSsGAQQBgjcVAgQWBBRT1n27C6cZL4QFHaUX2nFSCPxhtTAZBgkr\n" +"BgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSMEGDAWgBRp6zCRHAOAgE4RFYhG\n" +"pOJBmtNpHzCCAaIGA1UdHwSCAZkwggGVMIIBkaCCAY2gggGJhlFodHRwOi8vd3d3\n" +"LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEludHJhbmV0JTIwQmFz\n" +"aWMlMjBQb2xpY3klMjBDQSgxKS5jcmyGWmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50\n" +"ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIwSW50cmFuZXQlMjBCYXNpYyUy\n" +"MFBvbGljeSUyMENBKDEpLmNybIaB12xkYXA6Ly8vQ049SW50ZWwlMjBJbnRyYW5l\n" +"dCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EoMSksQ049bWNzaWJwY2EsQ049Q0RQLENO\n" +"PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3Vy\n" +"YXRpb24sREM9Y29ycCxEQz1pbnRlbCxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0\n" +"aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIIB\n" +"uQYIKwYBBQUHAQEEggGrMIIBpzBmBggrBgEFBQcwAoZaaHR0cDovL3d3dy5pbnRl\n" +"bC5jb20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBJbnRyYW5ldCUy\n" +"MEJhc2ljJTIwUG9saWN5JTIwQ0EoMSkuY3J0MG8GCCsGAQUFBzAChmNodHRwOi8v\n" +"Y2VydGlmaWNhdGVzLmludGVsLmNvbS9yZXBvc2l0b3J5L2NlcnRpZmljYXRlcy9J\n" +"bnRlbCUyMEludHJhbmV0JTIwQmFzaWMlMjBQb2xpY3klMjBDQSgxKS5jcnQwgcsG\n" +"CCsGAQUFBzAChoG+bGRhcDovLy9DTj1JbnRlbCUyMEludHJhbmV0JTIwQmFzaWMl\n" +"MjBQb2xpY3klMjBDQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMs\n" +"Q049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jb3JwLERDPWludGVsLERD\n" +"PWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlv\n" +"bkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEArlAkrJXyMCssqAJT3PqnY7wt\n" +"sirq1fTMrVrHdmkpBKDXBQnDcTW1zfZtOPV/QDm3UsFwDBbGq+j/7U9qZ1zYHkv+\n" +"wrBpeFM6dlca/sgegGGAhYnQQwmlSzNXCKHMBltMjT61X8rVjyt1XJnucgat9rnT\n" +"2j8pztqoViVnORsGfT6DDB/bz/6bFKw4FMp1wDaJI7dKh5NUggvH36owTWI7JUvq\n" +"yJ8OI2qmjXrlqGexfwvltIkEk8xzuMIHWQoR8sERL2qf3nb2VYq1s1LbH5uCkZ0l\n" +"w/xgwFbbwjaGJ3TFOmkVKYU77nXSkfK9EXae0UZRU0WmX4t5NNt8jiL56TPpsw==\n" +"-----END CERTIFICATE-----\n", +"-----BEGIN CERTIFICATE-----\n" +"MIIHIzCCBgugAwIBAgIKYRok3wABAAAADDANBgkqhkiG9w0BAQUFADBSMQswCQYD\n" +"VQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHklu\n" +"dGVsIEludHJhbmV0IEJhc2ljIFBvbGljeSBDQTAeFw0wNjA1MjQxOTU2MDFaFw0x\n" +"MjA1MjQyMDA2MDFaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBDb3Jw\n" +"b3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgSW50cmFuZXQgQmFzaWMgSXNzdWluZyBD\n" +"QSAyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANE2pFSB0XqXoRWF\n" +"N7bzDesBAcTGEqcr6GVA+sMcJ5Vt17S8vGesmO2RgP6I49Q58nIhUnT054arUlOx\n" +"NKYbAEiVyGOK5zV2mZS4oW2UazfcpsV1uuO3j02UbzX+qcxQdNqoAHxwoB4nRJuU\n" +"Ijio45jWAssDbD8IKHZpmqRI5wUzbibkWnTZEc0YFO6iF40sNtqVr+uInP07PkQn\n" +"1Ttkyw6isa5Dhcyq6lTVOjnlj29bFYbZxN1uuDnTpUMVeov8oQv5wLyLrDVd1sMg\n" +"Njr2oofepZ8KjF3DKCkfsUekCHA9Pr2K/4hStd/nSwvIdNjCjfznqYadkB6wQ99a\n" +"hTX4uJkCAwEAAaOCA/UwggPxMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYE\n" +"FJunwCR+/af8p76CGTyhUZc3l/4DMAsGA1UdDwQEAwIBhjAQBgkrBgEEAYI3FQEE\n" +"AwIBADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSMEGDAWgBRp6zCR\n" +"HAOAgE4RFYhGpOJBmtNpHzCCAaIGA1UdHwSCAZkwggGVMIIBkaCCAY2gggGJhlFo\n" +"dHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEludHJh\n" +"bmV0JTIwQmFzaWMlMjBQb2xpY3klMjBDQSgxKS5jcmyGWmh0dHA6Ly9jZXJ0aWZp\n" +"Y2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIwSW50cmFuZXQl\n" +"MjBCYXNpYyUyMFBvbGljeSUyMENBKDEpLmNybIaB12xkYXA6Ly8vQ049SW50ZWwl\n" +"MjBJbnRyYW5ldCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EoMSksQ049bWNzaWJwY2Es\n" +"Q049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENO\n" +"PUNvbmZpZ3VyYXRpb24sREM9Y29ycCxEQz1pbnRlbCxEQz1jb20/Y2VydGlmaWNh\n" +"dGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlv\n" +"blBvaW50MIIBuQYIKwYBBQUHAQEEggGrMIIBpzBmBggrBgEFBQcwAoZaaHR0cDov\n" +"L3d3dy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBJ\n" +"bnRyYW5ldCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EoMSkuY3J0MG8GCCsGAQUFBzAC\n" +"hmNodHRwOi8vY2VydGlmaWNhdGVzLmludGVsLmNvbS9yZXBvc2l0b3J5L2NlcnRp\n" +"ZmljYXRlcy9JbnRlbCUyMEludHJhbmV0JTIwQmFzaWMlMjBQb2xpY3klMjBDQSgx\n" +"KS5jcnQwgcsGCCsGAQUFBzAChoG+bGRhcDovLy9DTj1JbnRlbCUyMEludHJhbmV0\n" +"JTIwQmFzaWMlMjBQb2xpY3klMjBDQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIw\n" +"U2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jb3JwLERD\n" +"PWludGVsLERDPWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2Vy\n" +"dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAe3SmN0lsGF0h\n" +"zq+NANnUD4YJS31UqreVm4kJv07+9CTBtlB0AVqJ2RcjRosdQmrbhx7R0WwcXSdR\n" +"QnRGhaoDVRNehKiz3Grp6ehJr9LInhCp6WtOeKRlOSb2xgRDJCtzCi07TuAb9h2I\n" +"urpmndeA4NEbPYL1GYEBpKYawUcFCq5yTv0YgZXy53DdBDv9ygRWYGEk7/gPgvCu\n" +"2O1GNs9n25goy+3/aMkHnUyl3MOtiooXJR7eKOEgTPHNe42LQ9KuUz5SoZQN8vSL\n" +"r49IRDC4dgMkGvsC5h0+ftixQ66ni6QJe6SNcpSZrpW5vBE9J+vtDI0gTyq2SYPo\n" +"0fiS3V8p4g==\n" +"-----END CERTIFICATE-----\n", +NULL}; + +/* GnuTLS internally calls time() to find out the current time when + verifying certificates. To avoid a time bomb, we hard code the + current time. This should work fine on systems where the library + call to time is resolved at run-time. */ +static time_t mytime(time_t * t) +{ + time_t then = 1256803113; + + if (t) + *t = then; + + return then; +} + +#define PIN "1234" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +void doit(void) +{ + char buf[128]; + int exit_val = 0; + int ret; + unsigned j; + const char *lib, *bin; + gnutls_x509_crt_t issuer = NULL; + gnutls_x509_trust_list_t tl; + gnutls_x509_crt_t certs[MAX_CHAIN]; + gnutls_x509_crt_t end, ca; + unsigned verify_status = 0; + gnutls_datum_t tmp; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + /* The overloading of time() seems to work in linux (ELF?) + * systems only. Disable it on windows. + */ +#ifdef _WIN32 + exit(77); +#endif + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, "trusted"); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + for (j = 0; ca_list[j]; j++) { + if (debug > 2) + printf("\tAdding certificate %d...", + (int) j); + + ret = gnutls_x509_crt_init(&certs[j]); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init[%d,%d]: %s\n", + (int) 3, (int) j, + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) ca_list[j]; + tmp.size = strlen(ca_list[j]); + + ret = + gnutls_x509_crt_import(certs[j], &tmp, + GNUTLS_X509_FMT_PEM); + if (debug > 2) + printf("done\n"); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import[%d]: %s\n", + (int) j, + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_print(certs[j], + GNUTLS_CRT_PRINT_ONELINE, + &tmp); + if (debug) + printf("\tCertificate %d: %.*s\n", (int) j, + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + if (debug > 2) + printf("\tAdding end certificate..."); + + ret = gnutls_x509_crt_init(&end); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) v1_root_check[0]; + tmp.size = strlen(v1_root_check[0]); + + ret = + gnutls_x509_crt_import(end, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_print(end, GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf("\tEnd Certificate: %.*s\n", tmp.size, + tmp.data); + gnutls_free(tmp.data); + + ret = gnutls_x509_crt_init(&ca); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) v1_root_check[1]; + tmp.size = strlen(v1_root_check[1]); + + ret = + gnutls_x509_crt_import(ca, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_print(end, GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf("\tCA Certificate: %.*s\n", tmp.size, + tmp.data); + gnutls_free(tmp.data); + + if (debug > 2) + printf("done\n"); + + + if (debug) + printf("\tChecking presence and verification..."); + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init\n"); + exit(1); + } + + /* write CA certificate to softhsm */ + for (j = 0; ca_list[j]; j++) { + char name[64]; + snprintf(name, sizeof(name), "test-ca%d", j); + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_x509_trust_list_init(&tl, 0); + + ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_add_trust_file\n"); + exit(1); + } + + ret = gnutls_x509_trust_list_add_cas(tl, &ca, 1, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_add_cas\n"); + exit(1); + } + + /* extract the issuer of the certificate */ + ret = gnutls_x509_trust_list_get_issuer(tl, end, &issuer, GNUTLS_TL_GET_COPY); + if (ret < 0) { + fail("gnutls_x509_trust_list_get_issuer should have succeeded\n"); + exit(1); + } + gnutls_x509_crt_deinit(issuer); + + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, ca, GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + if (ret != 0) { + fail("gnutls_pkcs11_crt_is_known should have failed!\n"); + exit(1); + } + + ret = gnutls_x509_trust_list_verify_crt2(tl, &end, 1, + NULL, 0, + GNUTLS_VERIFY_DISABLE_TIME_CHECKS, &verify_status, NULL); + if (ret < 0) { + fail("gnutls_x509_trust_list_verify_crt2 should have succeeded\n"); + exit(1); + } + + if (verify_status != 0) { + fail("verification should have succeeded: %.2x\n", verify_status); + exit(1); + } + + if (debug) + printf("\tCleanup..."); + + gnutls_x509_trust_list_deinit(tl, 0); + gnutls_x509_crt_deinit(ca); + gnutls_x509_crt_deinit(end); + for (j = 0; ca_list[j]; j++) { + gnutls_x509_crt_deinit(certs[j]); + } + if (debug) + printf("done\n\n\n"); + + gnutls_global_deinit(); + + if (debug) + printf("Exit status...%d\n", exit_val); + remove(CONFIG); + + exit(exit_val); +} diff --git a/tests/pkcs11/pkcs11-ec-privkey-test.c b/tests/pkcs11/pkcs11-ec-privkey-test.c new file mode 100644 index 0000000..782ba00 --- /dev/null +++ b/tests/pkcs11/pkcs11-ec-privkey-test.c @@ -0,0 +1,284 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "../utils.h" +#include "softhsm.h" + +#define CONFIG_NAME "softhsm-privkey-ecdsa-test" +#define CONFIG CONFIG_NAME".config" + +/* Tests whether signing with PKCS#11 may produce signed (invalid) + * INTEGER values in DSASignatureValue. */ + + +#include "../cert-common.h" + +#define PIN "1234" + +static const gnutls_datum_t testdata = {(void*)"test test", 9}; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +int _gnutls_decode_ber_rs_raw(const gnutls_datum_t * sig_value, gnutls_datum_t *r, gnutls_datum_t *s); + +void doit(void) +{ + char buf[128]; + int ret, pk; + const char *lib, *bin; + gnutls_x509_crt_t crt; + gnutls_x509_privkey_t key; + gnutls_datum_t tmp, sig; + gnutls_privkey_t pkey; + gnutls_pubkey_t pubkey; + gnutls_pubkey_t pubkey2; + gnutls_pubkey_t pubkey3; + gnutls_pubkey_t pubkey4; + unsigned i; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, "trusted"); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_crt_import(crt, &server_ecc_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (debug) { + gnutls_x509_crt_print(crt, + GNUTLS_CRT_PRINT_ONELINE, + &tmp); + + printf("\tCertificate: %.*s\n", + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_privkey_import(key, &server_ecc_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, GNUTLS_PIN_USER); + if (ret < 0) { + fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, crt, "cert", + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, key, "cert", GNUTLS_KEY_DIGITAL_SIGNATURE|GNUTLS_KEY_KEY_ENCIPHERMENT, + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_privkey: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* Write pubkey to the card too */ + assert(gnutls_pubkey_init(&pubkey) == 0); + assert(gnutls_pubkey_import_x509(pubkey, crt, 0) == 0); + + ret = gnutls_pkcs11_copy_pubkey(SOFTHSM_URL, pubkey, "cert", NULL, + GNUTLS_KEY_DIGITAL_SIGNATURE | + GNUTLS_KEY_KEY_ENCIPHERMENT, 0); + if (ret < 0) { + fail("gnutls_pkcs11_copy_pubkey: %s\n", + gnutls_strerror(ret)); + } + + gnutls_x509_crt_deinit(crt); + gnutls_x509_privkey_deinit(key); + gnutls_pubkey_deinit(pubkey); + gnutls_pkcs11_set_pin_function(NULL, NULL); + + assert(gnutls_privkey_init(&pkey) == 0); + + ret = gnutls_privkey_import_pkcs11_url(pkey, SOFTHSM_URL";object=cert;object-type=private;pin-value="PIN); + if (ret < 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + /* Try to read the public key with public key URI */ + assert(gnutls_pubkey_init(&pubkey3) == 0); + + + ret = + gnutls_pubkey_import_pkcs11_url(pubkey3, + SOFTHSM_URL + ";object=cert;object-type=public;pin-value=" + PIN, 0); + if (ret < 0) { + fail("error in gnutls_pubkey_import_pkcs11_url: %s\n", gnutls_strerror(ret)); + } + + /* Try to read the public key with certificate URI */ + assert(gnutls_pubkey_init(&pubkey4) == 0); + + ret = + gnutls_pubkey_import_pkcs11_url(pubkey4, + SOFTHSM_URL + ";object=cert;object-type=cert;pin-value=" + PIN, 0); + if (ret < 0) { + fail("error in gnutls_pubkey_import_pkcs11_url: %s\n", gnutls_strerror(ret)); + } + + assert(gnutls_pubkey_init(&pubkey) == 0); + assert(gnutls_pubkey_import_privkey(pubkey, pkey, 0, 0) == 0); + + pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL); + + assert(gnutls_pubkey_init(&pubkey2) == 0); + assert(gnutls_pubkey_import_x509_raw(pubkey2, &server_ecc_cert, GNUTLS_X509_FMT_PEM, 0) == 0); + + for (i=0;i<100;i++) { + gnutls_datum_t r = {NULL, 0}; + gnutls_datum_t s = {NULL, 0}; + + /* check whether privkey and pubkey are operational + * by signing and verifying */ + assert(gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA256, 0, &testdata, &sig) == 0); + + assert(_gnutls_decode_ber_rs_raw(&sig, &r, &s) == 0); + if (r.data[0] >= 0x80) { + fail("gnutls_privkey_sign_data resulted to a signed value for R\n"); + } + + if (s.data[0] >= 0x80) { + fail("gnutls_privkey_sign_data resulted to a signed value for S\n"); + } + + /* verify against the raw pubkey */ + assert(gnutls_pubkey_verify_data2(pubkey2, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA256), 0, &testdata, &sig) == 0); + + /* verify against the pubkey in PKCS #11 */ + assert(gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA256), 0, &testdata, &sig) == 0); + + gnutls_free(sig.data); + gnutls_free(r.data); + gnutls_free(s.data); + } + + gnutls_pubkey_deinit(pubkey4); + gnutls_pubkey_deinit(pubkey3); + gnutls_pubkey_deinit(pubkey2); + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(pkey); + + gnutls_global_deinit(); + + remove(CONFIG); +} + diff --git a/tests/pkcs11/pkcs11-eddsa-privkey-test.c b/tests/pkcs11/pkcs11-eddsa-privkey-test.c new file mode 100644 index 0000000..ebbfe52 --- /dev/null +++ b/tests/pkcs11/pkcs11-eddsa-privkey-test.c @@ -0,0 +1,299 @@ +/* + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos, Simo Sorce + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "../utils.h" +#include "softhsm.h" + +#define CONFIG_NAME "softhsm-privkey-eddsa-test" +#define CONFIG CONFIG_NAME".config" + +/* Tests whether signing with PKCS#11 and EDDSA would + * generate valid signatures */ + +#include "../cert-common.h" + +#define PIN "1234" + +static const gnutls_datum_t testdata = { (void *)"test test", 9 }; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void *userdata, int attempt, const char *url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +#define myfail(fmt, ...) \ + fail("%s (iter %d): "fmt, gnutls_sign_get_name(sigalgo), i, ##__VA_ARGS__) + +static unsigned verify_eddsa_presence(void) +{ + unsigned i; + unsigned long mechanism; + int ret; + + i = 0; + do { + ret = gnutls_pkcs11_token_get_mechanism("pkcs11:", i++, &mechanism); + if (ret >= 0 && mechanism == 0x1057 /* CKM_EDDSA */) + return 1; + } while(ret>=0); + + return 0; +} + +void doit(void) +{ + char buf[128]; + int ret; + const char *lib, *bin; + gnutls_x509_crt_t crt; + gnutls_x509_privkey_t key; + gnutls_datum_t tmp, sig; + gnutls_privkey_t pkey; + gnutls_pubkey_t pubkey; + gnutls_pubkey_t pubkey2; + gnutls_pubkey_t pubkey3; + gnutls_pubkey_t pubkey4; + unsigned i, sigalgo; + + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + } + + if (gnutls_fips140_mode_enabled()) { + gnutls_global_deinit(); + return; + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), + "%s --init-token --slot 0 --label test --so-pin " PIN " --pin " + PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret < 0) { + fail("gnutls_x509_crt_init: %s\n", gnutls_strerror(ret)); + } + + if (verify_eddsa_presence() == 0) { + fprintf(stderr, "Skipping test as no EDDSA mech is supported\n"); + exit(77); + } + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) + fail("gnutls_x509_crt_init: %s\n", gnutls_strerror(ret)); + + ret = + gnutls_x509_crt_import(crt, &server_ca3_eddsa_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("gnutls_x509_crt_import: %s\n", gnutls_strerror(ret)); + + if (debug) { + gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &tmp); + + printf("\tCertificate: %.*s\n", tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) { + fail("gnutls_x509_privkey_init: %s\n", gnutls_strerror(ret)); + } + + ret = + gnutls_x509_privkey_import(key, &server_ca3_eddsa_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_privkey_import: %s\n", gnutls_strerror(ret)); + } + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); + } + + ret = + gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, + GNUTLS_PIN_USER); + if (ret < 0) { + fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, crt, "cert", + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE | + GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); + } + + ret = + gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, key, "cert", + GNUTLS_KEY_DIGITAL_SIGNATURE | + GNUTLS_KEY_KEY_ENCIPHERMENT, + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE + | + GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE + | GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_privkey: %s\n", + gnutls_strerror(ret)); + } + + /* Write pubkey to the card too */ + assert(gnutls_pubkey_init(&pubkey) == 0); + assert(gnutls_pubkey_import_x509(pubkey, crt, 0) == 0); + + ret = gnutls_pkcs11_copy_pubkey(SOFTHSM_URL, pubkey, "cert", NULL, + GNUTLS_KEY_DIGITAL_SIGNATURE | + GNUTLS_KEY_KEY_ENCIPHERMENT, 0); + if (ret < 0) { + fail("gnutls_pkcs11_copy_pubkey: %s\n", + gnutls_strerror(ret)); + } + + gnutls_x509_crt_deinit(crt); + gnutls_x509_privkey_deinit(key); + gnutls_pubkey_deinit(pubkey); + gnutls_pkcs11_set_pin_function(NULL, NULL); + + assert(gnutls_privkey_init(&pkey) == 0); + + ret = + gnutls_privkey_import_pkcs11_url(pkey, + SOFTHSM_URL + ";object=cert;object-type=private;pin-value=" + PIN); + if (ret < 0) { + fail("error in gnutls_privkey_import_pkcs11_url: %s\n", gnutls_strerror(ret)); + } + + /* Try to read the public key with public key URI */ + assert(gnutls_pubkey_init(&pubkey3) == 0); + + + ret = + gnutls_pubkey_import_pkcs11_url(pubkey3, + SOFTHSM_URL + ";object=cert;object-type=public;pin-value=" + PIN, 0); + if (ret < 0) { + fail("error in gnutls_pubkey_import_pkcs11_url: %s\n", gnutls_strerror(ret)); + } + + /* Try to read the public key with certificate URI */ + assert(gnutls_pubkey_init(&pubkey4) == 0); + + ret = + gnutls_pubkey_import_pkcs11_url(pubkey4, + SOFTHSM_URL + ";object=cert;object-type=cert;pin-value=" + PIN, 0); + if (ret < 0) { + fail("error in gnutls_pubkey_import_pkcs11_url: %s\n", gnutls_strerror(ret)); + } + + assert(gnutls_pubkey_init(&pubkey) == 0); + assert(gnutls_pubkey_import_privkey(pubkey, pkey, 0, 0) == 0); + + assert(gnutls_pubkey_init(&pubkey2) == 0); + assert(gnutls_pubkey_import_x509_raw + (pubkey2, &server_ca3_eddsa_cert, GNUTLS_X509_FMT_PEM, 0) == 0); + + /* this is the algorithm supported by the certificate */ + sigalgo = GNUTLS_SIGN_EDDSA_ED25519; + + for (i = 0; i < 20; i++) { + /* check whether privkey and pubkey are operational + * by signing and verifying */ + ret = + gnutls_privkey_sign_data2(pkey, sigalgo, 0, + &testdata, &sig); + if (ret < 0) + myfail("Error signing data %s\n", gnutls_strerror(ret)); + + /* verify against the pubkey in PKCS #11 */ + ret = + gnutls_pubkey_verify_data2(pubkey, sigalgo, 0, + &testdata, &sig); + if (ret < 0) + myfail("Error verifying data1: %s\n", + gnutls_strerror(ret)); + + /* verify against the raw pubkey */ + ret = + gnutls_pubkey_verify_data2(pubkey2, sigalgo, 0, + &testdata, &sig); + if (ret < 0) + myfail("Error verifying data2: %s\n", + gnutls_strerror(ret)); + + gnutls_free(sig.data); + } + + /* TODO is there any sensible way to check the pubkeys are the same? */ + gnutls_pubkey_deinit(pubkey4); + gnutls_pubkey_deinit(pubkey3); + gnutls_pubkey_deinit(pubkey2); + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(pkey); + + gnutls_global_deinit(); + + remove(CONFIG); +} diff --git a/tests/pkcs11/pkcs11-get-exts.c b/tests/pkcs11/pkcs11-get-exts.c new file mode 100644 index 0000000..1d236a6 --- /dev/null +++ b/tests/pkcs11/pkcs11-get-exts.c @@ -0,0 +1,150 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" + +/* Tests the gnutls_pkcs11_obj_get_exts API */ + +#ifdef _WIN32 +# define P11LIB "libpkcs11mock1.dll" +#else +# define P11LIB "libpkcs11mock1.so" +#endif + +void doit(void) +{ + int ret; + const char *lib; + gnutls_x509_ext_st *exts; + unsigned int exts_size, i; + gnutls_pkcs11_obj_t obj; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + if (debug) { + gnutls_global_set_log_level(4711); + success("loading lib %s\n", lib); + } + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_pkcs11_obj_init(&obj)>=0); + + /* check extensions */ + ret = gnutls_pkcs11_obj_import_url(obj, "pkcs11:type=cert;object=cert1", 0); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_obj_get_exts(obj, &exts, &exts_size, 0); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + if (exts_size != 2) { + fail("the expected extensions were not found (found %d)!\n", exts_size); + exit(1); + } + + if (strcmp(exts[0].oid, "2.5.29.19") != 0) { + fail("Found OID for %d: %s\n", 0, exts[0].oid); + } + + { + unsigned ca; + int pathlen; + ret = gnutls_x509_ext_import_basic_constraints(&exts[0].data, &ca, &pathlen); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + if (debug) + success("ca: %d/%d\n", ca, pathlen); + if (ca != 1) { + fail("Extension does not set the CA constraint!\n"); + } + } + + if (strcmp(exts[1].oid, "2.5.29.15") != 0) { + fail("Found OID for %d: %s\n", 1, exts[1].oid); + } + + { + unsigned keyusage; + ret = gnutls_x509_ext_import_key_usage(&exts[1].data, &keyusage); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + if (debug) + success("usage: %x\n", keyusage); + if (keyusage != (GNUTLS_KEY_KEY_ENCIPHERMENT|GNUTLS_KEY_ENCIPHER_ONLY|GNUTLS_KEY_KEY_CERT_SIGN)) { + fail("Extension does not have the expected key usage!\n"); + } + } + + for (i=0;i +#endif + +#include +#include +#include +#include + +#include +#include +#include + +#include "../utils.h" +#include "../test-chains.h" +#include "softhsm.h" + +#define CONFIG "softhsm-issuer.config" + +/* GnuTLS internally calls time() to find out the current time when + verifying certificates. To avoid a time bomb, we hard code the + current time. This should work fine on systems where the library + call to time is resolved at run-time. */ +static time_t mytime(time_t * t) +{ + time_t then = 1256803113; + + if (t) + *t = then; + + return then; +} + +#define PIN "1234" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +void doit(void) +{ + char buf[128]; + int exit_val = 0; + int ret; + unsigned j; + const char *lib, *bin; + gnutls_x509_crt_t issuer = NULL; + gnutls_x509_trust_list_t tl; + gnutls_x509_crt_t certs[MAX_CHAIN]; + gnutls_x509_crt_t ca; + gnutls_datum_t tmp; + int idx = -1; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + /* The overloading of time() seems to work in linux (ELF?) + * systems only. Disable it on windows. + */ +#ifdef _WIN32 + exit(77); +#endif + for (j=0;;j++) { + if (chains[j].name == NULL) + break; + if (strcmp(chains[j].name, "verisign.com v1 ok") == 0) { + idx = j; + break; + } + } + + if (idx == -1) { + fail("could not find proper chain\n"); + exit(1); + } + + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + /* write softhsm.config */ + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, "trusted"); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + for (j = 0; chains[idx].chain[j]; j++) { + if (debug > 2) + printf("\tAdding certificate %d...", + (int) j); + + ret = gnutls_x509_crt_init(&certs[j]); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init[%d,%d]: %s\n", + (int) 3, (int) j, + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) chains[idx].chain[j]; + tmp.size = strlen(chains[idx].chain[j]); + + ret = + gnutls_x509_crt_import(certs[j], &tmp, + GNUTLS_X509_FMT_PEM); + if (debug > 2) + printf("done\n"); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import[%s,%d]: %s\n", + chains[idx].name, (int) j, + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_print(certs[j], + GNUTLS_CRT_PRINT_ONELINE, + &tmp); + if (debug) + printf("\tCertificate %d: %.*s\n", (int) j, + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + if (debug > 2) + printf("\tAdding CA certificate..."); + + ret = gnutls_x509_crt_init(&ca); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) *chains[idx].ca; + tmp.size = strlen(*chains[idx].ca); + + ret = + gnutls_x509_crt_import(ca, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (debug > 2) + printf("done\n"); + + gnutls_x509_crt_print(ca, GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf("\tCA Certificate: %.*s\n", tmp.size, + tmp.data); + gnutls_free(tmp.data); + + if (debug) + printf("\tVerifying..."); + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init\n"); + exit(1); + } + + /* write CA certificate to softhsm */ + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, ca, "test-ca", GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_trust_list_init(&tl, 0); + + ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_add_trust_file\n"); + exit(1); + } + + /* extract the issuer of the certificate */ + issuer = NULL; + ret = gnutls_x509_trust_list_get_issuer(tl, certs[2], &issuer, GNUTLS_TL_GET_COPY); + if (ret < 0) { + fail("error in gnutls_x509_trust_list_get_issuer\n"); + exit(1); + } + if (issuer == NULL) { + fail("error in gnutls_x509_trust_list_get_issuer return value\n"); + exit(1); + } + gnutls_x509_crt_deinit(issuer); + + /* extract the issuer of the certificate using the non-thread-safe approach */ + issuer = NULL; + ret = gnutls_x509_trust_list_get_issuer(tl, certs[2], &issuer, 0); + if (ret < 0) { + fail("error in gnutls_x509_trust_list_get_issuer\n"); + exit(1); + } + if (issuer == NULL) { + fail("error in gnutls_x509_trust_list_get_issuer return value\n"); + exit(1); + } + + /* extract (again) the issuer of the certificate - check for any leaks */ + ret = gnutls_x509_trust_list_get_issuer(tl, certs[2], &issuer, 0); + if (ret < 0) { + fail("error in gnutls_x509_trust_list_get_issuer\n"); + exit(1); + } + + /* Check gnutls_x509_trust_list_get_raw_issuer_by_dn */ + ret = gnutls_x509_crt_get_raw_issuer_dn(certs[2], &tmp); + if (ret < 0) { + fail("error in gnutls_x509_crt_get_raw_issuer_dn: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_trust_list_get_issuer_by_dn(tl, &tmp, &issuer, 0); + gnutls_free(tmp.data); + if (ret < 0) { + fail("error in gnutls_x509_trust_list_get_issuer\n"); + exit(1); + } + if (issuer == NULL) { + fail("error in gnutls_x509_trust_list_get_issuer_by_dn return value\n"); + exit(1); + } + gnutls_x509_crt_deinit(issuer); + + if (debug) + printf("\tCleanup..."); + + gnutls_x509_trust_list_deinit(tl, 0); + gnutls_x509_crt_deinit(ca); + for (j = 0; chains[idx].chain[j]; j++) + gnutls_x509_crt_deinit(certs[j]); + if (debug) + printf("done\n\n\n"); + + gnutls_global_deinit(); + + if (debug) + printf("Exit status...%d\n", exit_val); + remove(CONFIG); + + exit(exit_val); +} diff --git a/tests/pkcs11/pkcs11-get-raw-issuer-exts.c b/tests/pkcs11/pkcs11-get-raw-issuer-exts.c new file mode 100644 index 0000000..dec3088 --- /dev/null +++ b/tests/pkcs11/pkcs11-get-raw-issuer-exts.c @@ -0,0 +1,150 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" + +/* Tests the certificate extension override in "trusted" PKCS#11 modules + * when used with gnutls_pkcs11_get_raw_issuer(). + */ + +#ifdef _WIN32 +# define P11LIB "libpkcs11mock1.dll" +#else +# define P11LIB "libpkcs11mock1.so" +#endif + +static time_t mytime(time_t * t) +{ + time_t then = 1424466893; + + if (t) + *t = then; + + return then; +} + +void doit(void) +{ + int ret; + gnutls_x509_crt_t crt, ocrt; + unsigned keyusage; + const char *lib; + gnutls_datum_t issuer = {NULL, 0}; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + gnutls_global_set_time_function(mytime); + if (debug) { + gnutls_global_set_log_level(4711); + success("loading lib %s\n", lib); + } + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, "trusted"); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_x509_crt_init(&crt)>=0); + assert(gnutls_x509_crt_init(&ocrt)>=0); + + /* check high level certificate functions */ + ret = gnutls_x509_crt_import_url(crt, "pkcs11:type=cert;object=cert1", 0); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_get_raw_issuer("pkcs11:", crt, &issuer, GNUTLS_X509_FMT_DER, GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_equals2(crt, &issuer); + if (ret != 0) { + fail("exported certificates are equal!\n"); + } + + ret = gnutls_x509_crt_import(ocrt, &issuer, GNUTLS_X509_FMT_DER); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_get_ca_status(ocrt, NULL); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + if (ret == 0) { + fail("overridden cert is not a CA!\n"); + exit(1); + } + + ret = gnutls_x509_crt_get_key_usage(ocrt, &keyusage, NULL); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + if (keyusage != (GNUTLS_KEY_KEY_ENCIPHERMENT|GNUTLS_KEY_ENCIPHER_ONLY|GNUTLS_KEY_KEY_CERT_SIGN)) { + fail("Extension does not have the expected key usage!\n"); + } + + gnutls_x509_crt_deinit(crt); + gnutls_x509_crt_deinit(ocrt); + gnutls_free(issuer.data); + if (debug) + printf("done\n\n\n"); + + gnutls_global_deinit(); +} diff --git a/tests/pkcs11/pkcs11-import-url-privkey.c b/tests/pkcs11/pkcs11-import-url-privkey.c new file mode 100644 index 0000000..ded8c9a --- /dev/null +++ b/tests/pkcs11/pkcs11-import-url-privkey.c @@ -0,0 +1,132 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" +#include "pkcs11-mock-ext.h" + +/* Tests the private key import for sensitive keys in the common case and in + * some problematic cases. */ + +#ifdef ALL_CAPS_URI +#define PURI "PKCS11:" +#else +#define PURI "pkcs11:" +#endif + +#ifdef _WIN32 +# define P11LIB "libpkcs11mock1.dll" +#else +# include +# define P11LIB "libpkcs11mock1.so" +#endif + +void doit(void) +{ + int ret; + const char *lib; + gnutls_pkcs11_obj_t *obj_list; + unsigned int obj_list_size = 0; + unsigned int i; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_obj_list_import_url4(&obj_list, &obj_list_size, PURI, GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + for (i=0;i +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "../utils.h" +#include "softhsm.h" + +/* Tests whether a protected object is imported with PIN obtained using + * pin-value or pin-source. */ + +#define CONFIG_NAME "softhsm-import-with-pin" +#define CONFIG CONFIG_NAME".config" + +#include "../cert-common.h" + +#define PIN "1234" + +static const gnutls_datum_t testdata = {(void*)"test test", 9}; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +static void write_pin(const char *file, const char *pin) +{ + FILE *fp = fopen(file, "w"); + assert(fp != NULL); + fputs(pin, fp); + fclose(fp); +} + +void doit(void) +{ + char buf[512]; + int ret; + const char *lib, *bin; + gnutls_x509_privkey_t key; + gnutls_datum_t sig; + gnutls_privkey_t pkey; + char file[TMPNAME_SIZE]; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, "trusted"); + if (ret < 0) { + fprintf(stderr, "add_provider: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_privkey_import(key, &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, GNUTLS_PIN_USER); + if (ret < 0) { + fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, key, "cert", GNUTLS_KEY_DIGITAL_SIGNATURE|GNUTLS_KEY_KEY_ENCIPHERMENT, + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_privkey: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_privkey_deinit(key); + gnutls_pkcs11_set_pin_function(NULL, NULL); + + assert(gnutls_privkey_init(&pkey) == 0); + + /* Test 1 + * Try importing with wrong pin-value */ + ret = gnutls_privkey_import_pkcs11_url(pkey, SOFTHSM_URL";object=cert;object-type=private;pin-value=XXXX"); + if (ret != GNUTLS_E_PKCS11_PIN_ERROR) { + fprintf(stderr, "unexpected error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + gnutls_privkey_deinit(pkey); + assert(gnutls_privkey_init(&pkey) == 0); + + /* Test 2 + * Try importing with pin-value */ + ret = gnutls_privkey_import_pkcs11_url(pkey, SOFTHSM_URL";object=cert;object-type=private;pin-value="PIN); + if (ret < 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + /* check whether privkey is operational by signing */ + assert(gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA256, 0, &testdata, &sig) == 0); + gnutls_free(sig.data); + gnutls_privkey_deinit(pkey); + + /* Test 3 + * Try importing with wrong pin-source */ + track_temp_files(); + get_tmpname(file); + + write_pin(file, "XXXX"); + + assert(gnutls_privkey_init(&pkey) == 0); + snprintf(buf, sizeof(buf), "%s;object=cert;object-type=private;pin-source=%s", SOFTHSM_URL, file); + ret = gnutls_privkey_import_pkcs11_url(pkey, buf); + if (ret != GNUTLS_E_PKCS11_PIN_ERROR) { + fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + gnutls_privkey_deinit(pkey); + + /* Test 4 + * Try importing with pin-source */ + write_pin(file, PIN); + + assert(gnutls_privkey_init(&pkey) == 0); + snprintf(buf, sizeof(buf), "%s;object=cert;object-type=private;pin-source=%s", SOFTHSM_URL, file); + ret = gnutls_privkey_import_pkcs11_url(pkey, buf); + if (ret < 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + /* check whether privkey is operational by signing */ + assert(gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA256, 0, &testdata, &sig) == 0); + gnutls_free(sig.data); + gnutls_privkey_deinit(pkey); + + gnutls_global_deinit(); + delete_temp_files(); + + remove(CONFIG); +} + diff --git a/tests/pkcs11/pkcs11-is-known.c b/tests/pkcs11/pkcs11-is-known.c new file mode 100644 index 0000000..95b9c56 --- /dev/null +++ b/tests/pkcs11/pkcs11-is-known.c @@ -0,0 +1,656 @@ +/* + * Copyright (C) 2008-2014 Free Software Foundation, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "../utils.h" +#include "softhsm.h" + +#define MAX_CHAIN 16 + +#define OBJ_URL SOFTHSM_URL";object=test-ca0;object-type=cert" +#define CONFIG "softhsm-issuer2.config" + +/* These CAs have the same DN */ +static const char *ca_list[MAX_CHAIN] = { +"-----BEGIN CERTIFICATE-----\n" +"MIIHSjCCBjKgAwIBAgIKYRHt9wABAAAAFTANBgkqhkiG9w0BAQUFADBSMQswCQYD\n" +"VQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHklu\n" +"dGVsIEludHJhbmV0IEJhc2ljIFBvbGljeSBDQTAeFw0xMzAyMDQyMTUyMThaFw0x\n" +"ODA1MjQxOTU5MzlaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBDb3Jw\n" +"b3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgSW50cmFuZXQgQmFzaWMgSXNzdWluZyBD\n" +"QSAyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALn3ogjraWSmK5Wb\n" +"/4e9mENA1F36FBVemaG7L93ZhRRXq4UV0PQM5/4TOe9KAaOlX+a2cuULeeUtN9Rk\n" +"V/nHAVzSWlqc/NTMJfuI/1AD7ICNejQFYLxDMXGjR7eAHtiMz0iTMp9u6YTw4WXh\n" +"WffqTPiqUZ6DEWsMic9dM9yw/JqzycKClLcTD1OCvtw7Fx4tNTu6/ngrYJcTo29e\n" +"BBh/DupgtgnYPYuExEkHmucb4VIDdjfRkPo/BdNqrUSYfYqnUDj5mH+hPzIgppsZ\n" +"Rw0S5PUZGuC1f+Zok+4vZPR+hGG3Pdm2LTUEWSnurlhyfBoM+0yxeHsmL9aHU7zt\n" +"EIzVmKUCAwEAAaOCBBwwggQYMBIGCSsGAQQBgjcVAQQFAgMCAAIwIwYJKwYBBAGC\n" +"NxUCBBYEFMqHyYZOx6LYwRwZ+5vjOyIl9hENMB0GA1UdDgQWBBQ4Y3b6tgU6qVlP\n" +"SoeNoIO3fpE6CzAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC\n" +"AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBRp6zCRHAOAgE4RFYhG\n" +"pOJBmtNpHzCCAaIGA1UdHwSCAZkwggGVMIIBkaCCAY2gggGJhlFodHRwOi8vd3d3\n" +"LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEludHJhbmV0JTIwQmFz\n" +"aWMlMjBQb2xpY3klMjBDQSgxKS5jcmyGWmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50\n" +"ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIwSW50cmFuZXQlMjBCYXNpYyUy\n" +"MFBvbGljeSUyMENBKDEpLmNybIaB12xkYXA6Ly8vQ049SW50ZWwlMjBJbnRyYW5l\n" +"dCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EoMSksQ049bWNzaWJwY2EsQ049Q0RQLENO\n" +"PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3Vy\n" +"YXRpb24sREM9Y29ycCxEQz1pbnRlbCxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0\n" +"aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIIB\n" +"uQYIKwYBBQUHAQEEggGrMIIBpzBmBggrBgEFBQcwAoZaaHR0cDovL3d3dy5pbnRl\n" +"bC5jb20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBJbnRyYW5ldCUy\n" +"MEJhc2ljJTIwUG9saWN5JTIwQ0EoMSkuY3J0MG8GCCsGAQUFBzAChmNodHRwOi8v\n" +"Y2VydGlmaWNhdGVzLmludGVsLmNvbS9yZXBvc2l0b3J5L2NlcnRpZmljYXRlcy9J\n" +"bnRlbCUyMEludHJhbmV0JTIwQmFzaWMlMjBQb2xpY3klMjBDQSgxKS5jcnQwgcsG\n" +"CCsGAQUFBzAChoG+bGRhcDovLy9DTj1JbnRlbCUyMEludHJhbmV0JTIwQmFzaWMl\n" +"MjBQb2xpY3klMjBDQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMs\n" +"Q049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jb3JwLERDPWludGVsLERD\n" +"PWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlv\n" +"bkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAsj8cHt2jSAmnIGulE9jXooAc\n" +"qH2xehlI+ko/al+nDnBzbjDYYjVS52XitYg8JGo6j72ijiGlGb/03FcQJRBZmUH6\n" +"znktx2rGTm4IdjL8quhvHthlzXXCozL8GMeeOuZ5rzHlhapKx764a5RuZtyx89uS\n" +"9cECon6oLGesXjFJ8Xrq6ecHZrQwJUpmvZalwvloKACAWqBh8yV12WDnUNZhtp8N\n" +"8rqeJZoy/lXGnTxsSSodO/5Y/CxYJM4W6u4WgvXNJSjO/0qWvb64S+pVLjBzwI+Y\n" +"X6oLqmBovRp1lGPOLjkXZi3EKDR8DmzhtpJq2677RtYowewnFedQ+exH9cXoJw==\n" +"-----END CERTIFICATE-----", +"-----BEGIN CERTIFICATE-----\n" +"MIIHSjCCBjKgAwIBAgIKYRXxrQABAAAAETANBgkqhkiG9w0BAQUFADBSMQswCQYD\n" +"VQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHklu\n" +"dGVsIEludHJhbmV0IEJhc2ljIFBvbGljeSBDQTAeFw0wOTA1MTUxODQyNDVaFw0x\n" +"NTA1MTUxODUyNDVaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBDb3Jw\n" +"b3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgSW50cmFuZXQgQmFzaWMgSXNzdWluZyBD\n" +"QSAyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbJOXtXYgfyoch6\n" +"ip5SSjijOXvpIjBxbTl5EGH/VYHmpM2O6SRlKh/uy77QS9m84sRWCJLr8cWwX9oH\n" +"qSmIylgcWvDpVNHx4v506DTTrbK0sbYRQYXRajOzJKeTt7NLeLrngyl45FrI9VAT\n" +"3yqp/2BCG1dUwcBha3dB2UbTkFOMt9o/gqoL6KvgswYMs/oGc/OIjeozdYuhnBT2\n" +"YlT9Ge5pfhOJWXh4DJbxnTmWwRUKq0MXFn0S00KQ/BZOTkc/5DibUmbmMrYi8ra4\n" +"Z2bpnoTq0WNA99O2Lk8IgmkqPdi6HwZwKCE/x01qwP8zo76rvN8sbW9pj2WzS1WF\n" +"tSDPeZECAwEAAaOCBBwwggQYMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYE\n" +"FPwbdyds7Cm03lobLKmI6q59npi+MAsGA1UdDwQEAwIBhjASBgkrBgEEAYI3FQEE\n" +"BQIDAQABMCMGCSsGAQQBgjcVAgQWBBRT1n27C6cZL4QFHaUX2nFSCPxhtTAZBgkr\n" +"BgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSMEGDAWgBRp6zCRHAOAgE4RFYhG\n" +"pOJBmtNpHzCCAaIGA1UdHwSCAZkwggGVMIIBkaCCAY2gggGJhlFodHRwOi8vd3d3\n" +"LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEludHJhbmV0JTIwQmFz\n" +"aWMlMjBQb2xpY3klMjBDQSgxKS5jcmyGWmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50\n" +"ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIwSW50cmFuZXQlMjBCYXNpYyUy\n" +"MFBvbGljeSUyMENBKDEpLmNybIaB12xkYXA6Ly8vQ049SW50ZWwlMjBJbnRyYW5l\n" +"dCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EoMSksQ049bWNzaWJwY2EsQ049Q0RQLENO\n" +"PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3Vy\n" +"YXRpb24sREM9Y29ycCxEQz1pbnRlbCxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0\n" +"aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIIB\n" +"uQYIKwYBBQUHAQEEggGrMIIBpzBmBggrBgEFBQcwAoZaaHR0cDovL3d3dy5pbnRl\n" +"bC5jb20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBJbnRyYW5ldCUy\n" +"MEJhc2ljJTIwUG9saWN5JTIwQ0EoMSkuY3J0MG8GCCsGAQUFBzAChmNodHRwOi8v\n" +"Y2VydGlmaWNhdGVzLmludGVsLmNvbS9yZXBvc2l0b3J5L2NlcnRpZmljYXRlcy9J\n" +"bnRlbCUyMEludHJhbmV0JTIwQmFzaWMlMjBQb2xpY3klMjBDQSgxKS5jcnQwgcsG\n" +"CCsGAQUFBzAChoG+bGRhcDovLy9DTj1JbnRlbCUyMEludHJhbmV0JTIwQmFzaWMl\n" +"MjBQb2xpY3klMjBDQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMs\n" +"Q049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jb3JwLERDPWludGVsLERD\n" +"PWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlv\n" +"bkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEArlAkrJXyMCssqAJT3PqnY7wt\n" +"sirq1fTMrVrHdmkpBKDXBQnDcTW1zfZtOPV/QDm3UsFwDBbGq+j/7U9qZ1zYHkv+\n" +"wrBpeFM6dlca/sgegGGAhYnQQwmlSzNXCKHMBltMjT61X8rVjyt1XJnucgat9rnT\n" +"2j8pztqoViVnORsGfT6DDB/bz/6bFKw4FMp1wDaJI7dKh5NUggvH36owTWI7JUvq\n" +"yJ8OI2qmjXrlqGexfwvltIkEk8xzuMIHWQoR8sERL2qf3nb2VYq1s1LbH5uCkZ0l\n" +"w/xgwFbbwjaGJ3TFOmkVKYU77nXSkfK9EXae0UZRU0WmX4t5NNt8jiL56TPpsw==\n" +"-----END CERTIFICATE-----\n", +"-----BEGIN CERTIFICATE-----\n" +"MIIHIzCCBgugAwIBAgIKYRok3wABAAAADDANBgkqhkiG9w0BAQUFADBSMQswCQYD\n" +"VQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHklu\n" +"dGVsIEludHJhbmV0IEJhc2ljIFBvbGljeSBDQTAeFw0wNjA1MjQxOTU2MDFaFw0x\n" +"MjA1MjQyMDA2MDFaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBDb3Jw\n" +"b3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgSW50cmFuZXQgQmFzaWMgSXNzdWluZyBD\n" +"QSAyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANE2pFSB0XqXoRWF\n" +"N7bzDesBAcTGEqcr6GVA+sMcJ5Vt17S8vGesmO2RgP6I49Q58nIhUnT054arUlOx\n" +"NKYbAEiVyGOK5zV2mZS4oW2UazfcpsV1uuO3j02UbzX+qcxQdNqoAHxwoB4nRJuU\n" +"Ijio45jWAssDbD8IKHZpmqRI5wUzbibkWnTZEc0YFO6iF40sNtqVr+uInP07PkQn\n" +"1Ttkyw6isa5Dhcyq6lTVOjnlj29bFYbZxN1uuDnTpUMVeov8oQv5wLyLrDVd1sMg\n" +"Njr2oofepZ8KjF3DKCkfsUekCHA9Pr2K/4hStd/nSwvIdNjCjfznqYadkB6wQ99a\n" +"hTX4uJkCAwEAAaOCA/UwggPxMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYE\n" +"FJunwCR+/af8p76CGTyhUZc3l/4DMAsGA1UdDwQEAwIBhjAQBgkrBgEEAYI3FQEE\n" +"AwIBADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAfBgNVHSMEGDAWgBRp6zCR\n" +"HAOAgE4RFYhGpOJBmtNpHzCCAaIGA1UdHwSCAZkwggGVMIIBkaCCAY2gggGJhlFo\n" +"dHRwOi8vd3d3LmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRlbCUyMEludHJh\n" +"bmV0JTIwQmFzaWMlMjBQb2xpY3klMjBDQSgxKS5jcmyGWmh0dHA6Ly9jZXJ0aWZp\n" +"Y2F0ZXMuaW50ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIwSW50cmFuZXQl\n" +"MjBCYXNpYyUyMFBvbGljeSUyMENBKDEpLmNybIaB12xkYXA6Ly8vQ049SW50ZWwl\n" +"MjBJbnRyYW5ldCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EoMSksQ049bWNzaWJwY2Es\n" +"Q049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENO\n" +"PUNvbmZpZ3VyYXRpb24sREM9Y29ycCxEQz1pbnRlbCxEQz1jb20/Y2VydGlmaWNh\n" +"dGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlv\n" +"blBvaW50MIIBuQYIKwYBBQUHAQEEggGrMIIBpzBmBggrBgEFBQcwAoZaaHR0cDov\n" +"L3d3dy5pbnRlbC5jb20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBJ\n" +"bnRyYW5ldCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EoMSkuY3J0MG8GCCsGAQUFBzAC\n" +"hmNodHRwOi8vY2VydGlmaWNhdGVzLmludGVsLmNvbS9yZXBvc2l0b3J5L2NlcnRp\n" +"ZmljYXRlcy9JbnRlbCUyMEludHJhbmV0JTIwQmFzaWMlMjBQb2xpY3klMjBDQSgx\n" +"KS5jcnQwgcsGCCsGAQUFBzAChoG+bGRhcDovLy9DTj1JbnRlbCUyMEludHJhbmV0\n" +"JTIwQmFzaWMlMjBQb2xpY3klMjBDQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIw\n" +"U2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jb3JwLERD\n" +"PWludGVsLERDPWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2Vy\n" +"dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAe3SmN0lsGF0h\n" +"zq+NANnUD4YJS31UqreVm4kJv07+9CTBtlB0AVqJ2RcjRosdQmrbhx7R0WwcXSdR\n" +"QnRGhaoDVRNehKiz3Grp6ehJr9LInhCp6WtOeKRlOSb2xgRDJCtzCi07TuAb9h2I\n" +"urpmndeA4NEbPYL1GYEBpKYawUcFCq5yTv0YgZXy53DdBDv9ygRWYGEk7/gPgvCu\n" +"2O1GNs9n25goy+3/aMkHnUyl3MOtiooXJR7eKOEgTPHNe42LQ9KuUz5SoZQN8vSL\n" +"r49IRDC4dgMkGvsC5h0+ftixQ66ni6QJe6SNcpSZrpW5vBE9J+vtDI0gTyq2SYPo\n" +"0fiS3V8p4g==\n" +"-----END CERTIFICATE-----\n", +NULL}; + +/* this certificate has the same CN as one of the CAs above */ +static const char same_dn_cert_str[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIHSjCCBjKgAwIBAgIKYRHt9wABAAAAFTANBgkqhkiG9w0BAQUFADBSMQswCQYD\n" +"VQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHklu\n" +"dGVsIEludHJhbmV0IEJvc2FjIFBvbGljeSBDQTAeFw0xMzAyMDQyMTUyMThaFw0x\n" +"ODA1MjQxOTU5MzlaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBDb3Jw\n" +"b3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgSW50cmFuZXQgQmFzaWMgSXNzdWluZyBD\n" +"QSAyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALn3ogjraWSmK5Wb\n" +"/4e9mENA1F36FBVemaG7L93ZhRRXq4UV0PQM5/4TOe9KAaOlX+a2cuULeeUtN9Rk\n" +"V/nHAVzSWlqc/NTMJfuI/1AD7ICNejQFYLxDMXGjR7eAHtiMz0iTMp9u6YTw4WXh\n" +"WffqTPiqUZ6DEWsMic9dM9yw/JqzycKClLcTD1OCvtw7Fx4tNTu6/ngrYJcTo29e\n" +"BBh/DupgtgnYPYuExEkHmucb4VIDdjfRkPo/BdNqrUSYfYqnUDj5mH+hPzIgppsZ\n" +"Rw0S5PUZGuC1f+Zok+4vZPR+hGG3Pdm2LTUEWSnurlhyfBoM+0yxeHsmL9aHU7zt\n" +"EIzVmKUCAwEAAaOCBBwwggQYMBIGCSsGAQQBgjcVAQQFAgMCAAIwIwYJKwYBBAGC\n" +"NxUCBBYEFMqHyYZOx6LYwRwZ+5vjOyIl9hENMB0GA1UdDgQWBBQ4Y3b6tgU6qVlP\n" +"SoeNoIO3fpE6CzAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC\n" +"AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBRp6zCRHAOAgE4RFYhG\n" +"pOJBmtNpHzCCAaIGA1UdHwSCAZkwggGVMIIBkaCCAY2gggGJhlFodHRwOi8vd3d3\n" +"LmludGVsLmNvbS9yZXBvc2l0b3J5L1hYWC9JbnRlbCUyMEludHJhbmV0JTIwQmFz\n" +"aWMlMjBQb2xpY3klMjBDQSgxKS5jcmyGWmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50\n" +"ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIwSW50cmFuZXQlMjBCYXNpYyUy\n" +"MFBvbGljeSUyMENBKDEpLmNybIaB12xkYXA6Ly8vQ049SW50ZWwlMjBJbnRyYW5l\n" +"dCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EoMSksQ049bWNzaWJwY2EsQ049Q0RQLENO\n" +"PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3Vy\n" +"YXRpb24sREM9Y29ycCxEQz1pbnRlbCxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0\n" +"aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIIB\n" +"uQYIKwYBBQUHAQEEggGrMIIBpzBmBggrBgEFBQcwAoZaaHR0cDovL3d3dy5pbnRl\n" +"bC5jb20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBJbnRyYW5ldCUy\n" +"MEJhc2ljJTIwUG9saWN5JTIwQ0EoMSkuY3J0MG8GCCsGAQUFBzAChmNodHRwOi8v\n" +"Y2VydGlmaWNhdGVzLmludGVsLmNvbS9yZXBvc2l0b3J5L2NlcnRpZmljYXRlcy9J\n" +"bnRlbCUyMEludHJhbmV0JTIwQmFzaWMlMjBQb2xpY3klMjBDQSgxKS5jcnQwgcsG\n" +"CCsGAQUFBzAChoG+bGRhcDovLy9DTj1JbnRlbCUyMEludHJhbmV0JTIwQmFzaWMl\n" +"MjBQb2xpY3klMjBDQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMs\n" +"Q049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jb3JwLERDPWludGVsLERD\n" +"PWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlv\n" +"bkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAsj8cHt2jSAmnIGulE9jXooAc\n" +"qH2xehlI+ko/al+nDnBzbjDYYjVS52XitYg8JGo6j72ijiGlGb/03FcQJRBZmUH6\n" +"znktx2rGTm4IdjL8quhvHthlzXXCozL8GMeeOuZ5rzHlhapKx764a5RuZtyx89uS\n" +"9cECon6oLGesXjFJ8Xrq6ecHZrQwJUpmvZalwvloKACAWqBh8yV12WDnUNZhtp8N\n" +"8rqeJZoy/lXGnTxsSSodO/5Y/CxYJM4W6u4WgvXNJSjO/0qWvb64S+pVLjBzwI+Y\n" +"X6oLqmBovRp1lGPOLjkXZi3EKDR8DmzhtpJq2677RtYowewnFedQ+exH9cXoJw==\n" +"-----END CERTIFICATE-----\n"; + +/* this certificate has the same subject and issuer DNs and serial as one of the CAs above */ +static const char same_issuer_cert_str[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIHSjCCBjKgAwIBAgIKYRHt9wABAAAAFTANBgkqhkiG9w0BAQUFADBSMQswCQYD\n" +"VQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xJzAlBgNVBAMTHklu\n" +"dGVsIEludHJhbmV0IEJhc2ljIFBvbGljeSBDQTAeFw0xMzAyMDQyMTUyMThaFw0x\n" +"ODA1MjQxOTU5MzlaMFYxCzAJBgNVBAYTAlVTMRowGAYDVQQKExFJbnRlbCBDb3Jw\n" +"b3JhdGlvbjErMCkGA1UEAxMiSW50ZWwgSW50cmFuZXQgQmFzaWMgSXNzdWluZyBD\n" +"QSAyQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALn3ogjraWSmK5Wb\n" +"/4e9mENA1F36FBVemaG7L93ZhRRXq4UV0PQM5/4TOe9KAaOlX+a2cuULeeUtN9Rk\n" +"V/nHAVzSWlqc/NTMJfuI/1AD7ICNejQFYLxDMXGjR7eAHtiMz0iTMp9u6YTw4WXh\n" +"WffqTPiqUZ6DEWsMic9dM9yw/JqzycKClLcTD1OCvtw7Fx4tNTu6/ngrYJcTo29e\n" +"BBh/DupgtgnYPYuExEkHmucb4VIDdjfRkPo/BdNqrUSYfYqnUDj5mH+hPzIgppsZ\n" +"Rw0S5PUZGuC1f+Zok+4vZPR+hGG3Pdm2LTUEWSnurlhyfBoM+0yxeHsmL9aHU7zt\n" +"EIzVmKUCAwEAAaOCBBwwggQYMBIGCSsGAQQBgjcVAQQFAgMCAAIwIwYJKwYBBAGC\n" +"NxUCBBYEFMqHyYZOx6LYwRwZ+5vjOyIl9hENMB0GA1UdDgQWBBQ4Y3b6tgU6qVlP\n" +"SoeNoIO3fpE6CzAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC\n" +"AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBRp6zCRHAOAgE4RFYhG\n" +"pOJBmtNpHzCCAaIGA1UdHwSCAZkwggGVMIIBkaCCAY2gggGJhlFodHRwOi8vd3d3\n" +"LmludGVsLmNvbS9yZXBvc2l0b3J5L1hYWC9JbnRlbCUyMEludHJhbmV0JTIwQmFz\n" +"aWMlMjBQb2xpY3klMjBDQSgxKS5jcmyGWmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuaW50\n" +"ZWwuY29tL3JlcG9zaXRvcnkvQ1JML0ludGVsJTIwSW50cmFuZXQlMjBCYXNpYyUy\n" +"MFBvbGljeSUyMENBKDEpLmNybIaB12xkYXA6Ly8vQ049SW50ZWwlMjBJbnRyYW5l\n" +"dCUyMEJhc2ljJTIwUG9saWN5JTIwQ0EoMSksQ049bWNzaWJwY2EsQ049Q0RQLENO\n" +"PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3Vy\n" +"YXRpb24sREM9Y29ycCxEQz1pbnRlbCxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0\n" +"aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIIB\n" +"uQYIKwYBBQUHAQEEggGrMIIBpzBmBggrBgEFBQcwAoZaaHR0cDovL3d3dy5pbnRl\n" +"bC5jb20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBJbnRyYW5ldCUy\n" +"MEJhc2ljJTIwUG9saWN5JTIwQ0EoMSkuY3J0MG8GCCsGAQUFBzAChmNodHRwOi8v\n" +"Y2VydGlmaWNhdGVzLmludGVsLmNvbS9yZXBvc2l0b3J5L2NlcnRpZmljYXRlcy9J\n" +"bnRlbCUyMEludHJhbmV0JTIwQmFzaWMlMjBQb2xpY3klMjBDQSgxKS5jcnQwgcsG\n" +"CCsGAQUFBzAChoG+bGRhcDovLy9DTj1JbnRlbCUyMEludHJhbmV0JTIwQmFzaWMl\n" +"MjBQb2xpY3klMjBDQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMs\n" +"Q049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jb3JwLERDPWludGVsLERD\n" +"PWNvbT9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlv\n" +"bkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAsj8cHt2jSAmnIGulE9jXooAc\n" +"qH2xehlI+ko/al+nDnBzbjDYYjVS52XitYg8JGo6j72ijiGlGb/03FcQJRBZmUH6\n" +"znktx2rGTm4IdjL8quhvHthlzXXCozL8GMeeOuZ5rzHlhapKx764a5RuZtyx89uS\n" +"9cECon6oLGesXjFJ8Xrq6ecHZrQwJUpmvZalwvloKACAWqBh8yV12WDnUNZhtp8N\n" +"8rqeJZoy/lXGnTxsSSodO/5Y/CxYJM4W6u4WgvXNJSjO/0qWvb64S+pVLjBzwI+Y\n" +"X6oLqmBovRp1lGPOLjkXZi3EKDR8DmzhtpJq2677RtYowewnFedQ+exH9cXoJw==\n" +"-----END CERTIFICATE-----\n"; + +/* this certificate is issued by one of the above */ +static const char intermediate_str[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIH4DCCBsigAwIBAgIKFpIKYgACAAJ8lTANBgkqhkiG9w0BAQUFADBWMQswCQYD\n" +"VQQGEwJVUzEaMBgGA1UEChMRSW50ZWwgQ29ycG9yYXRpb24xKzApBgNVBAMTIklu\n" +"dGVsIEludHJhbmV0IEJhc2ljIElzc3VpbmcgQ0EgMkIwHhcNMTQwMTA4MTc0MTM5\n" +"WhcNMTcwMTA3MTc0MTM5WjB1MQswCQYDVQQGEwJJRTELMAkGA1UEBxMCSVIxGjAY\n" +"BgNVBAoTEUludGVsIENvcnBvcmF0aW9uMQswCQYDVQQLEwJJVDEWMBQGA1UEAxMN\n" +"dnBuLmludGVsLmNvbTEYMBYGA1UEAxMPc2NzaXIuaW50ZWwuY29tMIIBIjANBgkq\n" +"hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3WoORH5ITJ2lpcgCHex1HBUnmN/bb6s\n" +"sS1Arm50NEHMlqGfbsdCxq2iodMvrGWvdRAPaf/7Ii1UwUhEzxyKYAXC3KRAgioh\n" +"C0pvGmAFq1ciDYRhANPlW92lIgkt83WwGtOcES2u36VmUxBfdQe6rO3ldoZHVofY\n" +"uIG/ubBVLz0NhWMaRYSUzTv/4PKJ4paIS7COUROYsyKwc5wNjTcR2PB7RRW+YHgM\n" +"FkvqPpLjLAGpHdN+wuPNLlUcyzkZVhhXxvQJ9gc5hw/LLQvbmeiGIZCvOVy3ZSfi\n" +"cGw2jkbqKcFttVV52Wild3ZigALZtkKuFnGw5DEIfk4EAZhG8eHfFQIDAQABo4IE\n" +"jzCCBIswCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBR4EAIG7OggvIFAhrB8m0eyhCKV\n" +"GzAfBgNVHSMEGDAWgBQ4Y3b6tgU6qVlPSoeNoIO3fpE6CzCCAbkGA1UdHwSCAbAw\n" +"ggGsMIIBqKCCAaSgggGghoHibGRhcDovLy9DTj1JbnRlbCUyMEludHJhbmV0JTIw\n" +"QmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjAyQigyKSxDTj1BWlNNQ1NJQkVDQTAyLENO\n" +"PUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1D\n" +"b25maWd1cmF0aW9uLERDPWNvcnAsREM9aW50ZWwsREM9Y29tP2NlcnRpZmljYXRl\n" +"UmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Q\n" +"b2ludIZXaHR0cDovL3d3dy5pbnRlbC5jb20vcmVwb3NpdG9yeS9DUkwvSW50ZWwl\n" +"MjBJbnRyYW5ldCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwMkIoMikuY3JshmBo\n" +"dHRwOi8vY2VydGlmaWNhdGVzLmludGVsLmNvbS9yZXBvc2l0b3J5L0NSTC9JbnRl\n" +"bCUyMEludHJhbmV0JTIwQmFzaWMlMjBJc3N1aW5nJTIwQ0ElMjAyQigyKS5jcmww\n" +"ggHLBggrBgEFBQcBAQSCAb0wggG5MIHRBggrBgEFBQcwAoaBxGxkYXA6Ly8vQ049\n" +"SW50ZWwlMjBJbnRyYW5ldCUyMEJhc2ljJTIwSXNzdWluZyUyMENBJTIwMkIsQ049\n" +"QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNv\n" +"bmZpZ3VyYXRpb24sREM9Y29ycCxEQz1pbnRlbCxEQz1jb20/Y0FDZXJ0aWZpY2F0\n" +"ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwbAYIKwYB\n" +"BQUHMAKGYGh0dHA6Ly93d3cuaW50ZWwuY29tL3JlcG9zaXRvcnkvY2VydGlmaWNh\n" +"dGVzL0ludGVsJTIwSW50cmFuZXQlMjBCYXNpYyUyMElzc3VpbmclMjBDQSUyMDJC\n" +"KDIpLmNydDB1BggrBgEFBQcwAoZpaHR0cDovL2NlcnRpZmljYXRlcy5pbnRlbC5j\n" +"b20vcmVwb3NpdG9yeS9jZXJ0aWZpY2F0ZXMvSW50ZWwlMjBJbnRyYW5ldCUyMEJh\n" +"c2ljJTIwSXNzdWluZyUyMENBJTIwMkIoMikuY3J0MD0GCSsGAQQBgjcVBwQwMC4G\n" +"JisGAQQBgjcVCIbDjHWEmeVRg/2BKIWOn1OCkcAJZ4eC0UGC37J5AgFkAgERMB0G\n" +"A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAnBgkrBgEEAYI3FQoEGjAYMAoG\n" +"CCsGAQUFBwMCMAoGCCsGAQUFBwMBMCkGA1UdEQQiMCCCD3Njc2lyLmludGVsLmNv\n" +"bYINdnBuLmludGVsLmNvbTANBgkqhkiG9w0BAQUFAAOCAQEALjO591IHOTt28HZ9\n" +"+Vm2TJp8EJSgWW3luKFAAPUOxix5FgK7mqNQk1052qV8NCQKqChO64f6kl3R29Pp\n" +"yv0ALYaxdYZXkxPuts05gwu9caeH9fK6vGTRk5pWygVIsobS2MypCYFs9VftFw5d\n" +"EPUAOsigQmkBC+k+icYzZDjm4HBGd0mTHwniNsKkkjxSnF4UGH9OYp4+hs9/pWly\n" +"19X4gVWwuxKB59TOe/tVxHBt57zZA3zYyXG+VPzVmklmYLPxVFcmeUDOjWU3x3Wp\n" +"0D5YUmvQlsd4+73IYw0BrvB42bQEFDUU/v0u6mwluk1m0LEdm+jlM/YCbrAgA3O8\n" +"eV1xMQ==\n" +"-----END CERTIFICATE-----\n"; + + + +/* GnuTLS internally calls time() to find out the current time when + verifying certificates. To avoid a time bomb, we hard code the + current time. This should work fine on systems where the library + call to time is resolved at run-time. */ +static time_t mytime(time_t * t) +{ + time_t then = 1412850586; + + if (t) + *t = then; + + return then; +} + +#define PIN "1234" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +void doit(void) +{ + char buf[128]; + int exit_val = 0; + int ret; + unsigned j; + const char *lib, *bin; + gnutls_x509_crt_t issuer = NULL; + gnutls_x509_trust_list_t tl; + gnutls_x509_crt_t certs[MAX_CHAIN]; + gnutls_x509_crt_t intermediate, same_dn, same_issuer; + gnutls_datum_t tmp; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + /* The overloading of time() seems to work in linux (ELF?) + * systems only. Disable it on windows. + */ +#ifdef _WIN32 + exit(77); +#endif + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, "trusted"); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + for (j = 0; ca_list[j]; j++) { + if (debug > 2) + printf("\tAdding certificate %d...", + (int) j); + + ret = gnutls_x509_crt_init(&certs[j]); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init[%d,%d]: %s\n", + (int) 3, (int) j, + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) ca_list[j]; + tmp.size = strlen(ca_list[j]); + + ret = + gnutls_x509_crt_import(certs[j], &tmp, + GNUTLS_X509_FMT_PEM); + if (debug > 2) + printf("done\n"); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import[%d]: %s\n", + (int) j, + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_print(certs[j], + GNUTLS_CRT_PRINT_ONELINE, + &tmp); + if (debug) + printf("\tCertificate %d: %.*s\n", (int) j, + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + if (debug > 2) + printf("\tAdding intermediate certificate..."); + + ret = gnutls_x509_crt_init(&intermediate); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) intermediate_str; + tmp.size = strlen(intermediate_str); + + ret = + gnutls_x509_crt_import(intermediate, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (debug > 2) + printf("done\n"); + + gnutls_x509_crt_print(intermediate, GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf("\tIntermediate Certificate: %.*s\n", tmp.size, + tmp.data); + gnutls_free(tmp.data); + + assert(gnutls_x509_crt_init(&same_dn)>=0); + assert(gnutls_x509_crt_init(&same_issuer)>=0); + + tmp.data = (unsigned char *) same_issuer_cert_str; + tmp.size = strlen(same_issuer_cert_str); + + ret = + gnutls_x509_crt_import(same_dn, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + tmp.data = (unsigned char *) same_dn_cert_str; + tmp.size = strlen(same_dn_cert_str); + + ret = + gnutls_x509_crt_import(same_issuer, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (debug) + printf("\tVerifying..."); + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init\n"); + exit(1); + } + + /* write CA certificate to softhsm */ + for (j = 0; ca_list[j]; j++) { + char name[64]; + snprintf(name, sizeof(name), "test-ca%d", j); + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, certs[j], name, GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED|GNUTLS_PKCS11_OBJ_FLAG_MARK_CA|GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); + } + } + + + /* try to extract an issuer when using an object URL + */ + gnutls_x509_trust_list_init(&tl, 0); + + ret = gnutls_x509_trust_list_add_trust_file(tl, OBJ_URL, NULL, 0, 0, 0); + if (ret != 1) { + fail("gnutls_x509_trust_list_add_trust_file (with expl. object 0): %d\n", ret); + exit(1); + } + + /* extract the issuer of the certificate */ + ret = gnutls_x509_trust_list_get_issuer(tl, intermediate, &issuer, GNUTLS_TL_GET_COPY); + if (ret < 0) { + fail("gnutls_x509_trust_list_get_issuer (with expl. object) should have succeeded\n"); + exit(1); + } + gnutls_x509_crt_deinit(issuer); + + gnutls_x509_trust_list_deinit(tl, 1); + + + + /* Try to extract issuers using PKCS #11 token URL + */ + gnutls_x509_trust_list_init(&tl, 0); + + ret = gnutls_x509_trust_list_add_trust_file(tl, SOFTHSM_URL, NULL, 0, 0, 0); + if (ret < 0) { + fail("gnutls_x509_trust_list_add_trust_file\n"); + exit(1); + } + + /* extract the issuer of the certificate */ + ret = gnutls_x509_trust_list_get_issuer(tl, intermediate, &issuer, GNUTLS_TL_GET_COPY); + if (ret < 0) { + fail("gnutls_x509_trust_list_get_issuer should have succeeded\n"); + exit(1); + } + gnutls_x509_crt_deinit(issuer); + + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, certs[2], GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + if (ret == 0) { + fail("error in gnutls_pkcs11_crt_is_known - 0\n"); + exit(1); + } + + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, certs[0], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + if (ret == 0) { + fail("error in gnutls_pkcs11_crt_is_known - 0\n"); + exit(1); + } + + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, certs[1], GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + if (ret == 0) { + fail("error in gnutls_pkcs11_crt_is_known - 0\n"); + exit(1); + } + +#if 0 + /* test searching invalid certs. the distrusted flag disables any validity check except DN and serial number + * matching so it should work - unfortunately works only under p11-kit */ + + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, same_dn, GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED); + if (ret == 0) { + fail("error in gnutls_pkcs11_crt_is_known - did not get a known cert\n"); + exit(1); + } + + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, same_issuer, GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED); + if (ret == 0) { + fail("error in gnutls_pkcs11_crt_is_known - did not get a known cert\n"); + exit(1); + } +#endif + + /* we should find a certificate with the same DN */ + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, same_dn, 0); + if (ret != 0) { + fail("error in gnutls_pkcs11_crt_is_known - found a cert that doesn't match\n"); + exit(1); + } + + /* we should find a certificate with the same issuer DN + serial number */ + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, same_issuer, 0); + if (ret != 0) { + fail("error in gnutls_pkcs11_crt_is_known - found a cert that doesn't match\n"); + exit(1); + } + + /* these are invalid certificates but their key matches existing keys, the following should work */ + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, same_dn, GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + if (ret == 0) { + fail("error in gnutls_pkcs11_crt_is_known - did not find a cert that does match key\n"); + exit(1); + } + + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, same_issuer, GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + if (ret == 0) { + fail("error in gnutls_pkcs11_crt_is_known - did not find a cert that does match key\n"); + exit(1); + } + + + /* The following check whether the RETRIEVE_TRUSTED implies compare of the certificate */ + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, same_dn, GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + if (ret != 0) { + fail("error in gnutls_pkcs11_crt_is_known - found a cert that doesn't match\n"); + exit(1); + } + + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, same_issuer, GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + if (ret != 0) { + fail("error in gnutls_pkcs11_crt_is_known - found a cert that doesn't match\n"); + exit(1); + } + + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, same_dn, GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + if (ret != 0) { + fail("error in gnutls_pkcs11_crt_is_known - found a cert that doesn't match\n"); + exit(1); + } + + ret = gnutls_pkcs11_crt_is_known(SOFTHSM_URL, same_issuer, GNUTLS_PKCS11_OBJ_FLAG_COMPARE|GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED); + if (ret != 0) { + fail("error in gnutls_pkcs11_crt_is_known - found a cert that doesn't match\n"); + exit(1); + } + + gnutls_x509_trust_list_deinit(tl, 1); + + /* deinit */ + if (debug) + printf("\tCleanup..."); + + gnutls_x509_crt_deinit(intermediate); + gnutls_x509_crt_deinit(same_dn); + gnutls_x509_crt_deinit(same_issuer); + for (j = 0; ca_list[j]; j++) { + gnutls_x509_crt_deinit(certs[j]); + } + if (debug) + printf("done\n\n\n"); + + gnutls_global_deinit(); + + if (debug) + printf("Exit status...%d\n", exit_val); + remove(CONFIG); + + exit(exit_val); +} diff --git a/tests/pkcs11/pkcs11-mechanisms.c b/tests/pkcs11/pkcs11-mechanisms.c new file mode 100644 index 0000000..c38f6ac --- /dev/null +++ b/tests/pkcs11/pkcs11-mechanisms.c @@ -0,0 +1,120 @@ +/* + * Copyright (C) 2016-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" + +/* Tests whether a gnutls_privkey_t will continue to work after + * a fork(), when gnutls_pkcs11_reinit() is manually called. */ + +#if defined(HAVE___REGISTER_ATFORK) + +#ifdef _WIN32 +# define P11LIB "libpkcs11mock1.dll" +#else +# include +# define P11LIB "libpkcs11mock1.so" +#endif + + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int ret; + const char *lib; + unsigned long mech; + unsigned i; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + for (i=0;;i++) { + ret = gnutls_pkcs11_token_get_mechanism("pkcs11:", i, &mech); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + success("mech: %lu\n", mech); + ret = gnutls_pkcs11_token_check_mechanism("pkcs11:", mech, NULL, 0, 0); + if (ret == 0) { + fail("mechanism %ld was reported are supported, but is not found!\n", mech); + } + } + if (debug) + printf("done\n\n\n"); + + ret = gnutls_pkcs11_token_check_mechanism("pkcs11:", -1, NULL, 0, 0); + if (ret != 0) + fail("found invalid mechanism1\n"); + + ret = gnutls_pkcs11_token_check_mechanism("pkcs11:", -3, NULL, 0, 0); + if (ret != 0) + fail("found invalid mechanism2\n"); + + gnutls_pkcs11_deinit(); + gnutls_global_deinit(); +} +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/pkcs11/pkcs11-mock-ext.h b/tests/pkcs11/pkcs11-mock-ext.h new file mode 100644 index 0000000..277e4a7 --- /dev/null +++ b/tests/pkcs11/pkcs11-mock-ext.h @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef PKCS11_MOCK_EXT_H +# define PKCS11_MOCK_EXT_H + +/* This flag instructs the module to return CKR_OK on sensitive + * objects */ +#define MOCK_FLAG_BROKEN_GET_ATTRIBUTES 1 +#define MOCK_FLAG_ALWAYS_AUTH (1<<1) +/* simulate the safenet HSMs always auth behavior */ +#define MOCK_FLAG_SAFENET_ALWAYS_AUTH (1<<2) + +#endif diff --git a/tests/pkcs11/pkcs11-mock.c b/tests/pkcs11/pkcs11-mock.c new file mode 100644 index 0000000..0645187 --- /dev/null +++ b/tests/pkcs11/pkcs11-mock.c @@ -0,0 +1,2819 @@ +/* + * Copyright 2011-2016 The Pkcs11Interop Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * Written originally for the Pkcs11Interop project by: + * Jaroslav IMRICH + */ + +#include "pkcs11-mock.h" +#include "pkcs11-mock-ext.h" +#include +#include + +unsigned int pkcs11_mock_flags = 0; + +/* This is a very basic mock PKCS #11 module that will return a given fixed + * certificate, and public key for all searches. It will also provide a + * CKO_X_CERTIFICATE_EXTENSION so that it can be used as a p11-kit trust + * module. */ + +const char mock_certificate[] = + "\x30\x82\x03\x97\x30\x82\x02\x4f\xa0\x03\x02\x01\x02\x02\x04\x4d" + "\xa7\x54\x21\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b" + "\x05\x00\x30\x32\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42" + "\x45\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x13\x06\x47\x6e\x75\x54" + "\x4c\x53\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13\x09\x6c\x6f\x63" + "\x61\x6c\x68\x6f\x73\x74\x30\x1e\x17\x0d\x31\x31\x30\x34\x31\x34" + "\x32\x30\x30\x38\x30\x32\x5a\x17\x0d\x33\x38\x30\x38\x32\x39\x32" + "\x30\x30\x38\x30\x34\x5a\x30\x32\x31\x0b\x30\x09\x06\x03\x55\x04" + "\x06\x13\x02\x42\x45\x31\x0f\x30\x0d\x06\x03\x55\x04\x0a\x13\x06" + "\x47\x6e\x75\x54\x4c\x53\x31\x12\x30\x10\x06\x03\x55\x04\x03\x13" + "\x09\x6c\x6f\x63\x61\x6c\x68\x6f\x73\x74\x30\x82\x01\x52\x30\x0d" + "\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01" + "\x3f\x00\x30\x82\x01\x3a\x02\x82\x01\x31\x00\xdd\xcf\x97\xd2\xa5" + "\x1d\x95\xdd\x86\x18\xd8\xc4\xb9\xad\xa6\x0c\xb4\x9d\xb6\xdc\xfa" + "\xdc\x21\xe1\x3a\x62\x34\x07\xe8\x33\xb2\xe8\x97\xee\x2c\x41\xd2" + "\x12\xf1\x5f\xed\xe4\x76\xff\x65\x26\x1e\x0c\xc7\x41\x15\x69\x5f" + "\x0d\xf9\xad\x89\x14\x8d\xea\xd7\x16\x52\x9a\x47\xc1\xbb\x00\x02" + "\xe4\x88\x45\x73\x78\xa4\xae\xdb\x38\xc3\xc6\x07\xd2\x64\x0e\x87" + "\xed\x74\x8c\x6b\xc4\xc0\x02\x50\x7c\x4e\xa6\xd1\x58\xe9\xe5\x13" + "\x09\xa9\xdb\x5a\xea\xeb\x0f\x06\x80\x5c\x09\xef\x94\xc8\xe9\xfb" + "\x37\x2e\x75\xe1\xac\x93\xad\x9b\x37\x13\x4b\x66\x3a\x76\x33\xd8" + "\xc4\xd7\x4c\xfb\x61\xc8\x92\x21\x07\xfc\xdf\xa9\x88\x54\xe4\xa3" + "\xa9\x47\xd2\x6c\xb8\xe3\x39\x89\x11\x88\x38\x2d\xa2\xdc\x3e\x5e" + "\x4a\xa9\xa4\x8e\xd5\x1f\xb2\xd0\xdd\x41\x3c\xda\x10\x68\x9e\x47" + "\x1b\x65\x02\xa2\xc5\x28\x73\x02\x83\x03\x09\xfd\xf5\x29\x7e\x97" + "\xdc\x2a\x4e\x4b\xaa\x79\x46\x46\x70\x86\x1b\x9b\xb8\xf6\x8a\xbe" + "\x29\x87\x7d\x5f\xda\xa5\x97\x6b\xef\xc8\x43\x09\x43\xe2\x1f\x8a" + "\x16\x7e\x1d\x50\x5d\xf5\xda\x02\xee\xf2\xc3\x2a\x48\xe6\x6b\x30" + "\xea\x02\xd7\xef\xac\x8b\x0c\xb8\xc1\x85\xd8\xbf\x7c\x85\xa8\x1e" + "\x83\xbe\x5c\x26\x2e\x79\x7b\x47\xf5\x4a\x3f\x66\x62\x92\xfd\x41" + "\x20\xb6\x2c\x00\xf0\x52\xca\x26\x06\x2d\x7c\xcf\x7a\x50\x7d\x0f" + "\xcb\xdd\x97\x20\xc8\x6f\xe4\xe0\x50\xf4\xe3\x02\x03\x01\x00\x01" + "\xa3\x55\x30\x53\x30\x0c\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x02" + "\x30\x00\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08\x2b" + "\x06\x01\x05\x05\x07\x03\x01\x30\x0f\x06\x03\x55\x1d\x0f\x01\x01" + "\xff\x04\x05\x03\x03\x07\xa0\x00\x30\x1d\x06\x03\x55\x1d\x0e\x04" + "\x16\x04\x14\x92\x53\xd6\x71\xb9\xf8\x68\xaa\xb3\x53\xf6\x8d\xf5" + "\x39\x45\x66\x9c\xa7\xe5\x31\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7" + "\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x31\x00\x98\xbf\x48\x89\xc1" + "\xe6\xe6\x15\x13\xcc\xfc\xba\xed\xa0\x89\xe5\x86\x45\x30\x73\x68" + "\xb2\x79\x1f\x88\x02\x80\xfb\x2d\xc9\xb8\x21\x55\x8d\xc5\xb7\x56" + "\x1b\xcf\xc3\x76\xee\xd0\xf0\xd9\x22\x3a\x63\x92\xc5\x04\x86\x70" + "\x1e\x42\x33\x2a\x3b\xc4\x14\x08\xc5\x42\x92\x73\x7c\x3e\x39\xc0" + "\xee\x34\xc7\x33\x16\x5f\x93\xae\xcf\x1f\x9a\x30\x09\x51\xfe\x2d" + "\x94\x9c\x28\xad\x2a\x7e\xe4\x14\x81\x45\x6b\x0d\xd7\x11\x21\xfc" + "\xdb\x27\x17\x74\xb4\xcc\x94\x1a\x6e\x9e\x7b\x58\xa9\xe0\x06\x8d" + "\xda\x5f\x60\xe1\xb8\x6f\x28\x68\xb6\x58\xbe\xc5\xac\x36\x47\x37" + "\xf6\xa8\x38\x74\x23\x81\xf3\x22\xbe\x61\xff\x08\x08\x87\xeb\xc2" + "\x8f\x29\x25\x75\x5d\x4c\xeb\xd5\x09\x28\xab\x7b\x99\xf9\x69\x08" + "\xa2\xc6\x02\xd2\x2e\xcd\xfa\xf1\x19\xce\x3f\x44\x6a\xa1\x4b\xa8" + "\x56\xd5\x11\xae\x44\xe3\x68\x05\x50\x57\x8d\x72\x0f\xc7\x21\xdb" + "\x8f\xa3\x50\x78\x5d\x5a\x39\xcb\x90\x3d\x52\x43\x33\xbf\xea\x89" + "\x07\x1a\x92\xcc\x85\x27\xa8\x3d\x34\xb8\x5b\x52\xee\xef\x20\xb9" + "\xb6\xff\xea\xc5\x90\xd3\x47\xc5\x51\x90\xe2\xe6\x3e\x52\xb9\x1e" + "\x79\x18\xbe\xfd\xe2\x24\xbe\x47\x32\x5a\xb0\x03\x6b\xaa\xdb\xc3" + "\xdb\xf6\x60\x44\x08\xb6\x2c\x19\x47\xa2\xf0\x43\x7f\xf0\x07\x97" + "\x57\xab\xec\xa0\xb8\x6a\x49\xce\x08\xe6\xc3\x4d\xf2\xa4\xe9\xb8" + "\x43\xe7\xf0\x84\xd7\x1a\x72\x14\x5d\x82\x1a"; + +/* ca == true */ +const char mock_cert_ext1[] = "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff"; +/* GNUTLS_KEY_ENCIPHER_ONLY | GNUTLS_KEY_KEY_ENCIPHERMENT | GNUTLS_KEY_KEY_CERT_SIGN */ +const char mock_cert_ext2[] = "\x30\x0f\x06\x03\x55\x1d\x0f\x01\x01\xff\x04\x05\x03\x03\x07\x25\x00"; + +const char mock_pubkey[] = + "\x30\x82\x01\x52\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01" + "\x01\x05\x00\x03\x82\x01\x3f\x00\x30\x82\x01\x3a\x02\x82\x01\x31" + "\x00\xdd\xcf\x97\xd2\xa5\x1d\x95\xdd\x86\x18\xd8\xc4\xb9\xad\xa6" + "\x0c\xb4\x9d\xb6\xdc\xfa\xdc\x21\xe1\x3a\x62\x34\x07\xe8\x33\xb2" + "\xe8\x97\xee\x2c\x41\xd2\x12\xf1\x5f\xed\xe4\x76\xff\x65\x26\x1e" + "\x0c\xc7\x41\x15\x69\x5f\x0d\xf9\xad\x89\x14\x8d\xea\xd7\x16\x52" + "\x9a\x47\xc1\xbb\x00\x02\xe4\x88\x45\x73\x78\xa4\xae\xdb\x38\xc3" + "\xc6\x07\xd2\x64\x0e\x87\xed\x74\x8c\x6b\xc4\xc0\x02\x50\x7c\x4e" + "\xa6\xd1\x58\xe9\xe5\x13\x09\xa9\xdb\x5a\xea\xeb\x0f\x06\x80\x5c" + "\x09\xef\x94\xc8\xe9\xfb\x37\x2e\x75\xe1\xac\x93\xad\x9b\x37\x13" + "\x4b\x66\x3a\x76\x33\xd8\xc4\xd7\x4c\xfb\x61\xc8\x92\x21\x07\xfc" + "\xdf\xa9\x88\x54\xe4\xa3\xa9\x47\xd2\x6c\xb8\xe3\x39\x89\x11\x88" + "\x38\x2d\xa2\xdc\x3e\x5e\x4a\xa9\xa4\x8e\xd5\x1f\xb2\xd0\xdd\x41" + "\x3c\xda\x10\x68\x9e\x47\x1b\x65\x02\xa2\xc5\x28\x73\x02\x83\x03" + "\x09\xfd\xf5\x29\x7e\x97\xdc\x2a\x4e\x4b\xaa\x79\x46\x46\x70\x86" + "\x1b\x9b\xb8\xf6\x8a\xbe\x29\x87\x7d\x5f\xda\xa5\x97\x6b\xef\xc8" + "\x43\x09\x43\xe2\x1f\x8a\x16\x7e\x1d\x50\x5d\xf5\xda\x02\xee\xf2" + "\xc3\x2a\x48\xe6\x6b\x30\xea\x02\xd7\xef\xac\x8b\x0c\xb8\xc1\x85" + "\xd8\xbf\x7c\x85\xa8\x1e\x83\xbe\x5c\x26\x2e\x79\x7b\x47\xf5\x4a" + "\x3f\x66\x62\x92\xfd\x41\x20\xb6\x2c\x00\xf0\x52\xca\x26\x06\x2d" + "\x7c\xcf\x7a\x50\x7d\x0f\xcb\xdd\x97\x20\xc8\x6f\xe4\xe0\x50\xf4" + "\xe3\x02\x03\x01\x00\x01"; +const char mock_public_exponent[] = "\x01\x00\x01"; +const char mock_modulus[] = + "\xDD\xCF\x97\xD2\xA5\x1D\x95\xDD\x86\x18\xD8\xC4\xB9\xAD\xA6\x0C" + "\xB4\x9D\xB6\xDC\xFA\xDC\x21\xE1\x3A\x62\x34\x07\xE8\x33\xB2\xE8" + "\x97\xEE\x2C\x41\xD2\x12\xF1\x5F\xED\xE4\x76\xFF\x65\x26\x1E\x0C" + "\xC7\x41\x15\x69\x5F\x0D\xF9\xAD\x89\x14\x8D\xEA\xD7\x16\x52\x9A" + "\x47\xC1\xBB\x00\x02\xE4\x88\x45\x73\x78\xA4\xAE\xDB\x38\xC3\xC6" + "\x07\xD2\x64\x0E\x87\xED\x74\x8C\x6B\xC4\xC0\x02\x50\x7C\x4E\xA6" + "\xD1\x58\xE9\xE5\x13\x09\xA9\xDB\x5A\xEA\xEB\x0F\x06\x80\x5C\x09" + "\xEF\x94\xC8\xE9\xFB\x37\x2E\x75\xE1\xAC\x93\xAD\x9B\x37\x13\x4B" + "\x66\x3A\x76\x33\xD8\xC4\xD7\x4C\xFB\x61\xC8\x92\x21\x07\xFC\xDF" + "\xA9\x88\x54\xE4\xA3\xA9\x47\xD2\x6C\xB8\xE3\x39\x89\x11\x88\x38" + "\x2D\xA2\xDC\x3E\x5E\x4A\xA9\xA4\x8E\xD5\x1F\xB2\xD0\xDD\x41\x3C" + "\xDA\x10\x68\x9E\x47\x1B\x65\x02\xA2\xC5\x28\x73\x02\x83\x03\x09" + "\xFD\xF5\x29\x7E\x97\xDC\x2A\x4E\x4B\xAA\x79\x46\x46\x70\x86\x1B" + "\x9B\xB8\xF6\x8A\xBE\x29\x87\x7D\x5F\xDA\xA5\x97\x6B\xEF\xC8\x43" + "\x09\x43\xE2\x1F\x8A\x16\x7E\x1D\x50\x5D\xF5\xDA\x02\xEE\xF2\xC3" + "\x2A\x48\xE6\x6B\x30\xEA\x02\xD7\xEF\xAC\x8B\x0C\xB8\xC1\x85\xD8" + "\xBF\x7C\x85\xA8\x1E\x83\xBE\x5C\x26\x2E\x79\x7B\x47\xF5\x4A\x3F" + "\x66\x62\x92\xFD\x41\x20\xB6\x2C\x00\xF0\x52\xCA\x26\x06\x2D\x7C" + "\xCF\x7A\x50\x7D\x0F\xCB\xDD\x97\x20\xC8\x6F\xE4\xE0\x50\xF4\xE3"; +const char mock_subject[] = + "DN: C=US, O=Test Government, OU=Test Department, OU=Test Agency/serialNumber="; + +CK_BBOOL pkcs11_mock_initialized = CK_FALSE; +CK_BBOOL pkcs11_mock_session_opened = CK_FALSE; +CK_BBOOL pkcs11_mock_session_reauth = CK_FALSE; + +static session_ptr_st *mock_session = NULL; + +CK_FUNCTION_LIST pkcs11_mock_functions = +{ + {2, 20}, + &C_Initialize, + &C_Finalize, + &C_GetInfo, + &C_GetFunctionList, + &C_GetSlotList, + &C_GetSlotInfo, + &C_GetTokenInfo, + &C_GetMechanismList, + &C_GetMechanismInfo, + &C_InitToken, + &C_InitPIN, + &C_SetPIN, + &C_OpenSession, + &C_CloseSession, + &C_CloseAllSessions, + &C_GetSessionInfo, + &C_GetOperationState, + &C_SetOperationState, + &C_Login, + &C_Logout, + &C_CreateObject, + &C_CopyObject, + &C_DestroyObject, + &C_GetObjectSize, + &C_GetAttributeValue, + &C_SetAttributeValue, + &C_FindObjectsInit, + &C_FindObjects, + &C_FindObjectsFinal, + &C_EncryptInit, + &C_Encrypt, + &C_EncryptUpdate, + &C_EncryptFinal, + &C_DecryptInit, + &C_Decrypt, + &C_DecryptUpdate, + &C_DecryptFinal, + &C_DigestInit, + &C_Digest, + &C_DigestUpdate, + &C_DigestKey, + &C_DigestFinal, + &C_SignInit, + &C_Sign, + &C_SignUpdate, + &C_SignFinal, + &C_SignRecoverInit, + &C_SignRecover, + &C_VerifyInit, + &C_Verify, + &C_VerifyUpdate, + &C_VerifyFinal, + &C_VerifyRecoverInit, + &C_VerifyRecover, + &C_DigestEncryptUpdate, + &C_DecryptDigestUpdate, + &C_SignEncryptUpdate, + &C_DecryptVerifyUpdate, + &C_GenerateKey, + &C_GenerateKeyPair, + &C_WrapKey, + &C_UnwrapKey, + &C_DeriveKey, + &C_SeedRandom, + &C_GenerateRandom, + &C_GetFunctionStatus, + &C_CancelFunction, + &C_WaitForSlotEvent +}; + +#if defined(HAVE___REGISTER_ATFORK) +extern int __register_atfork(void (*)(void), void(*)(void), void (*)(void), void *); +extern void *__dso_handle; +static unsigned registered_fork_handler = 0; + +static void fork_handler(void) +{ + pkcs11_mock_initialized = CK_FALSE; + pkcs11_mock_session_opened = CK_FALSE; + if (mock_session) { + mock_session->state = CKS_RO_PUBLIC_SESSION; + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + free(mock_session->find_label); + } + free(mock_session); + mock_session = NULL; +} +#endif + + +CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) +{ + if (CK_TRUE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_ALREADY_INITIALIZED; + + IGNORE(pInitArgs); +#if defined(HAVE___REGISTER_ATFORK) + if (registered_fork_handler == 0) { + __register_atfork(NULL, NULL, fork_handler, __dso_handle); + registered_fork_handler = 1; + } +#endif + pkcs11_mock_initialized = CK_TRUE; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_Finalize)(CK_VOID_PTR pReserved) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + IGNORE(pReserved); + + pkcs11_mock_initialized = CK_FALSE; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GetInfo)(CK_INFO_PTR pInfo) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (NULL == pInfo) + return CKR_ARGUMENTS_BAD; + + pInfo->cryptokiVersion.major = 0x02; + pInfo->cryptokiVersion.minor = 0x14; + memset(pInfo->manufacturerID, ' ', sizeof(pInfo->manufacturerID)); + memcpy(pInfo->manufacturerID, PKCS11_MOCK_CK_INFO_MANUFACTURER_ID, strlen(PKCS11_MOCK_CK_INFO_MANUFACTURER_ID)); + pInfo->flags = 0; + memset(pInfo->libraryDescription, ' ', sizeof(pInfo->libraryDescription)); + memcpy(pInfo->libraryDescription, PKCS11_MOCK_CK_INFO_LIBRARY_DESCRIPTION, strlen(PKCS11_MOCK_CK_INFO_LIBRARY_DESCRIPTION)); + pInfo->libraryVersion.major = 0x01; + pInfo->libraryVersion.minor = 0x00; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) +{ + if (NULL == ppFunctionList) + return CKR_ARGUMENTS_BAD; + + *ppFunctionList = &pkcs11_mock_functions; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + IGNORE(tokenPresent); + + if (NULL == pulCount) + return CKR_ARGUMENTS_BAD; + + if (NULL == pSlotList) + { + *pulCount = 1; + } + else + { + if (0 == *pulCount) + return CKR_BUFFER_TOO_SMALL; + + pSlotList[0] = PKCS11_MOCK_CK_SLOT_ID; + *pulCount = 1; + } + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_SLOT_ID != slotID) + return CKR_SLOT_ID_INVALID; + + if (NULL == pInfo) + return CKR_ARGUMENTS_BAD; + + memset(pInfo->slotDescription, ' ', sizeof(pInfo->slotDescription)); + memcpy(pInfo->slotDescription, PKCS11_MOCK_CK_SLOT_INFO_SLOT_DESCRIPTION, strlen(PKCS11_MOCK_CK_SLOT_INFO_SLOT_DESCRIPTION)); + memset(pInfo->manufacturerID, ' ', sizeof(pInfo->manufacturerID)); + memcpy(pInfo->manufacturerID, PKCS11_MOCK_CK_SLOT_INFO_MANUFACTURER_ID, strlen(PKCS11_MOCK_CK_SLOT_INFO_MANUFACTURER_ID)); + pInfo->flags = CKF_TOKEN_PRESENT; + pInfo->hardwareVersion.major = 0x01; + pInfo->hardwareVersion.minor = 0x00; + pInfo->firmwareVersion.major = 0x01; + pInfo->firmwareVersion.minor = 0x00; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_SLOT_ID != slotID) + return CKR_SLOT_ID_INVALID; + + if (NULL == pInfo) + return CKR_ARGUMENTS_BAD; + + memset(pInfo->label, ' ', sizeof(pInfo->label)); + memcpy(pInfo->label, PKCS11_MOCK_CK_TOKEN_INFO_LABEL, strlen(PKCS11_MOCK_CK_TOKEN_INFO_LABEL)); + memset(pInfo->manufacturerID, ' ', sizeof(pInfo->manufacturerID)); + memcpy(pInfo->manufacturerID, PKCS11_MOCK_CK_TOKEN_INFO_MANUFACTURER_ID, strlen(PKCS11_MOCK_CK_TOKEN_INFO_MANUFACTURER_ID)); + memset(pInfo->model, ' ', sizeof(pInfo->model)); + memcpy(pInfo->model, PKCS11_MOCK_CK_TOKEN_INFO_MODEL, strlen(PKCS11_MOCK_CK_TOKEN_INFO_MODEL)); + memset(pInfo->serialNumber, ' ', sizeof(pInfo->serialNumber)); + memcpy(pInfo->serialNumber, PKCS11_MOCK_CK_TOKEN_INFO_SERIAL_NUMBER, strlen(PKCS11_MOCK_CK_TOKEN_INFO_SERIAL_NUMBER)); + pInfo->flags = CKF_RNG | CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED; + + if (pkcs11_mock_flags & MOCK_FLAG_SAFENET_ALWAYS_AUTH) + pInfo->flags &= ~CKF_LOGIN_REQUIRED; + + pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE; + pInfo->ulSessionCount = (CK_TRUE == pkcs11_mock_session_opened) ? 1 : 0; + pInfo->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE; + if ((CK_TRUE == pkcs11_mock_session_opened) && ((CKS_RO_PUBLIC_SESSION != mock_session->state) && (CKS_RO_USER_FUNCTIONS != mock_session->state))) + pInfo->ulRwSessionCount = 1; + else + pInfo->ulRwSessionCount = 0; + pInfo->ulMaxPinLen = PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN; + pInfo->ulMinPinLen = PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN; + pInfo->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION; + pInfo->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION; + pInfo->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION; + pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION; + pInfo->hardwareVersion.major = 0x01; + pInfo->hardwareVersion.minor = 0x00; + pInfo->firmwareVersion.major = 0x01; + pInfo->firmwareVersion.minor = 0x00; + memset(pInfo->utcTime, ' ', sizeof(pInfo->utcTime)); + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismList)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_SLOT_ID != slotID) + return CKR_SLOT_ID_INVALID; + + if (NULL == pulCount) + return CKR_ARGUMENTS_BAD; + + if (NULL == pMechanismList) + { + *pulCount = 9; + } + else + { + if (9 > *pulCount) + return CKR_BUFFER_TOO_SMALL; + + pMechanismList[0] = CKM_RSA_PKCS_KEY_PAIR_GEN; + pMechanismList[1] = CKM_RSA_PKCS; + pMechanismList[2] = CKM_SHA1_RSA_PKCS; + pMechanismList[3] = CKM_RSA_PKCS_OAEP; + pMechanismList[4] = CKM_DES3_CBC; + pMechanismList[5] = CKM_DES3_KEY_GEN; + pMechanismList[6] = CKM_SHA_1; + pMechanismList[7] = CKM_XOR_BASE_AND_DATA; + pMechanismList[8] = CKM_AES_CBC; + + *pulCount = 9; + } + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismInfo)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_SLOT_ID != slotID) + return CKR_SLOT_ID_INVALID; + + if (NULL == pInfo) + return CKR_ARGUMENTS_BAD; + + switch (type) + { + case CKM_RSA_PKCS_KEY_PAIR_GEN: + pInfo->ulMinKeySize = 1024; + pInfo->ulMaxKeySize = 1024; + pInfo->flags = CKF_GENERATE_KEY_PAIR; + break; + + case CKM_RSA_PKCS: + pInfo->ulMinKeySize = 1024; + pInfo->ulMaxKeySize = 1024; + pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_SIGN_RECOVER | CKF_VERIFY | CKF_VERIFY_RECOVER | CKF_WRAP | CKF_UNWRAP; + break; + + case CKM_SHA1_RSA_PKCS: + pInfo->ulMinKeySize = 1024; + pInfo->ulMaxKeySize = 1024; + pInfo->flags = CKF_SIGN | CKF_VERIFY; + break; + + case CKM_RSA_PKCS_OAEP: + pInfo->ulMinKeySize = 1024; + pInfo->ulMaxKeySize = 1024; + pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT; + break; + + case CKM_DES3_CBC: + pInfo->ulMinKeySize = 192; + pInfo->ulMaxKeySize = 192; + pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT; + break; + + case CKM_DES3_KEY_GEN: + pInfo->ulMinKeySize = 192; + pInfo->ulMaxKeySize = 192; + pInfo->flags = CKF_GENERATE; + break; + + case CKM_SHA_1: + pInfo->ulMinKeySize = 0; + pInfo->ulMaxKeySize = 0; + pInfo->flags = CKF_DIGEST; + break; + + case CKM_XOR_BASE_AND_DATA: + pInfo->ulMinKeySize = 128; + pInfo->ulMaxKeySize = 256; + pInfo->flags = CKF_DERIVE; + break; + + case CKM_AES_CBC: + pInfo->ulMinKeySize = 128; + pInfo->ulMaxKeySize = 256; + pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT; + break; + + default: + return CKR_MECHANISM_INVALID; + } + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_InitToken)(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_SLOT_ID != slotID) + return CKR_SLOT_ID_INVALID; + + if (NULL == pPin) + return CKR_ARGUMENTS_BAD; + + if ((ulPinLen < PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN) || (ulPinLen > PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN)) + return CKR_PIN_LEN_RANGE; + + if (NULL == pLabel) + return CKR_ARGUMENTS_BAD; + + if (CK_TRUE == pkcs11_mock_session_opened) + return CKR_SESSION_EXISTS; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_InitPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (CKS_RW_SO_FUNCTIONS != mock_session->state) + return CKR_USER_NOT_LOGGED_IN; + + if (NULL == pPin) + return CKR_ARGUMENTS_BAD; + + if ((ulPinLen < PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN) || (ulPinLen > PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN)) + return CKR_PIN_LEN_RANGE; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewLen) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if ((CKS_RO_PUBLIC_SESSION == mock_session->state) || (CKS_RO_USER_FUNCTIONS == mock_session->state)) + return CKR_SESSION_READ_ONLY; + + if (NULL == pOldPin) + return CKR_ARGUMENTS_BAD; + + if ((ulOldLen < PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN) || (ulOldLen > PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN)) + return CKR_PIN_LEN_RANGE; + + if (NULL == pNewPin) + return CKR_ARGUMENTS_BAD; + + if ((ulNewLen < PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN) || (ulNewLen > PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN)) + return CKR_PIN_LEN_RANGE; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + if (CK_TRUE == pkcs11_mock_session_opened) + return CKR_SESSION_COUNT; + + if (PKCS11_MOCK_CK_SLOT_ID != slotID) + return CKR_SLOT_ID_INVALID; + + if (!(flags & CKF_SERIAL_SESSION)) + return CKR_SESSION_PARALLEL_NOT_SUPPORTED; + + IGNORE(pApplication); + + IGNORE(Notify); + + if (NULL == phSession) + return CKR_ARGUMENTS_BAD; + + pkcs11_mock_session_opened = CK_TRUE; + + mock_session = calloc(1, sizeof(session_ptr_st)); + if (mock_session == NULL) + return CKR_HOST_MEMORY; + + mock_session->state = (flags & CKF_RW_SESSION) ? CKS_RW_PUBLIC_SESSION : CKS_RO_PUBLIC_SESSION; + + mock_session->find_op.find_result = CKR_OBJECT_HANDLE_INVALID; + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + mock_session->state = CKS_RO_PUBLIC_SESSION; + + *phSession = PKCS11_MOCK_CK_SESSION_ID; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_CloseSession)(CK_SESSION_HANDLE hSession) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + pkcs11_mock_session_opened = CK_FALSE; + mock_session->state = CKS_RO_PUBLIC_SESSION; + + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + free(mock_session->find_label); + free(mock_session); + mock_session = NULL; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_CloseAllSessions)(CK_SLOT_ID slotID) +{ + return C_CloseSession(PKCS11_MOCK_CK_SESSION_ID); +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GetSessionInfo)(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pInfo) + return CKR_ARGUMENTS_BAD; + + pInfo->slotID = PKCS11_MOCK_CK_SLOT_ID; + pInfo->state = mock_session->state; + pInfo->flags = CKF_SERIAL_SESSION; + if ((mock_session->state != CKS_RO_PUBLIC_SESSION) && (mock_session->state != CKS_RO_USER_FUNCTIONS)) + pInfo->flags = pInfo->flags | CKF_RW_SESSION; + pInfo->ulDeviceError = 0; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GetOperationState)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pulOperationStateLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pOperationState) + { + *pulOperationStateLen = 256; + } + else + { + if (256 > *pulOperationStateLen) + return CKR_BUFFER_TOO_SMALL; + + memset(pOperationState, 1, 256); + *pulOperationStateLen = 256; + } + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_SetOperationState)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen, CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pOperationState) + return CKR_ARGUMENTS_BAD; + + if (256 != ulOperationStateLen) + return CKR_ARGUMENTS_BAD; + + IGNORE(hEncryptionKey); + + IGNORE(hAuthenticationKey); + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen) +{ + CK_RV rv = CKR_OK; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if ((pkcs11_mock_flags & MOCK_FLAG_SAFENET_ALWAYS_AUTH) && userType == CKU_CONTEXT_SPECIFIC) { + return CKR_USER_TYPE_INVALID; + } + + if ((pkcs11_mock_flags & MOCK_FLAG_ALWAYS_AUTH) || (pkcs11_mock_flags & MOCK_FLAG_SAFENET_ALWAYS_AUTH)) { + if ((CKU_CONTEXT_SPECIFIC != userType) && (CKU_SO != userType) && (CKU_USER != userType)) + return CKR_USER_TYPE_INVALID; + } else if ((CKU_SO != userType) && (CKU_USER != userType)) { + return CKR_USER_TYPE_INVALID; + } + + if (NULL == pPin) + return CKR_ARGUMENTS_BAD; + + if ((ulPinLen < PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN) || (ulPinLen > PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN)) + return CKR_PIN_LEN_RANGE; + + switch (mock_session->state) + { + case CKS_RO_PUBLIC_SESSION: + + if (CKU_SO == userType) + rv = CKR_SESSION_READ_ONLY_EXISTS; + else + mock_session->state = CKS_RO_USER_FUNCTIONS; + + break; + + case CKS_RO_USER_FUNCTIONS: + case CKS_RW_USER_FUNCTIONS: + + rv = (CKU_SO == userType) ? CKR_USER_ANOTHER_ALREADY_LOGGED_IN : CKR_USER_ALREADY_LOGGED_IN; + + break; + + case CKS_RW_PUBLIC_SESSION: + + mock_session->state = (CKU_SO == userType) ? CKS_RW_SO_FUNCTIONS : CKS_RW_USER_FUNCTIONS; + + break; + + case CKS_RW_SO_FUNCTIONS: + + rv = (CKU_SO == userType) ? CKR_USER_ALREADY_LOGGED_IN : CKR_USER_ANOTHER_ALREADY_LOGGED_IN; + + break; + } + + if ((pkcs11_mock_flags & MOCK_FLAG_ALWAYS_AUTH || pkcs11_mock_flags & MOCK_FLAG_SAFENET_ALWAYS_AUTH) && rv == CKR_USER_ALREADY_LOGGED_IN) { + rv = 0; + } + + pkcs11_mock_session_reauth = 1; + return rv; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_Logout)(CK_SESSION_HANDLE hSession) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if ((mock_session->state == CKS_RO_PUBLIC_SESSION) || (mock_session->state == CKS_RW_PUBLIC_SESSION)) + return CKR_USER_NOT_LOGGED_IN; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_CreateObject)(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pTemplate) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulCount) + return CKR_ARGUMENTS_BAD; + + if (NULL == phObject) + return CKR_ARGUMENTS_BAD; + + for (i = 0; i < ulCount; i++) + { + if (NULL == pTemplate[i].pValue) + return CKR_ATTRIBUTE_VALUE_INVALID; + + if (0 >= pTemplate[i].ulValueLen) + return CKR_ATTRIBUTE_VALUE_INVALID; + } + + *phObject = PKCS11_MOCK_CK_OBJECT_HANDLE_DATA; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_CopyObject)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phNewObject) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_DATA != hObject) + return CKR_OBJECT_HANDLE_INVALID; + + if (NULL == phNewObject) + return CKR_ARGUMENTS_BAD; + + if ((NULL != pTemplate) && (0 >= ulCount)) + { + for (i = 0; i < ulCount; i++) + { + if (NULL == pTemplate[i].pValue) + return CKR_ATTRIBUTE_VALUE_INVALID; + + if (0 >= pTemplate[i].ulValueLen) + return CKR_ATTRIBUTE_VALUE_INVALID; + } + } + + *phNewObject = PKCS11_MOCK_CK_OBJECT_HANDLE_DATA; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_DestroyObject)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if ((PKCS11_MOCK_CK_OBJECT_HANDLE_DATA != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hObject)) + return CKR_OBJECT_HANDLE_INVALID; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GetObjectSize)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if ((PKCS11_MOCK_CK_OBJECT_HANDLE_DATA != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hObject)) + return CKR_OBJECT_HANDLE_INVALID; + + if (NULL == pulSize) + return CKR_ARGUMENTS_BAD; + + *pulSize = PKCS11_MOCK_CK_OBJECT_SIZE; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GetAttributeValue)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if ((PKCS11_MOCK_CK_OBJECT_HANDLE_DATA != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_CERTIFICATE_EXTENSION != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_CERTIFICATE != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hObject)) + return CKR_OBJECT_HANDLE_INVALID; + + if (NULL == pTemplate) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulCount) + return CKR_ARGUMENTS_BAD; + + for (i = 0; i < ulCount; i++) + { + if (CKA_PUBLIC_KEY_INFO == pTemplate[i].type && + (PKCS11_MOCK_CK_OBJECT_HANDLE_CERTIFICATE == hObject || PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY == hObject)) + { + if (pTemplate[i].ulValueLen < sizeof(mock_pubkey)-1) { + pTemplate[i].ulValueLen = sizeof(mock_pubkey)-1; + if (pTemplate[i].pValue == NULL) + return CKR_OK; + else + return CKR_BUFFER_TOO_SMALL; + } + pTemplate[i].ulValueLen = (CK_ULONG) sizeof(mock_pubkey)-1; + memcpy(pTemplate[i].pValue, mock_pubkey, pTemplate[i].ulValueLen); + } + else if (CKA_CLASS == pTemplate[i].type) + { + if (NULL != pTemplate[i].pValue) + { + if (pTemplate[i].ulValueLen < sizeof(hObject)) + return CKR_BUFFER_TOO_SMALL; + else + memcpy(pTemplate[i].pValue, &hObject, sizeof(hObject)); + } + + pTemplate[i].ulValueLen = sizeof(hObject); + } + else if (CKA_PUBLIC_EXPONENT == pTemplate[i].type && + (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY == hObject || PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY == hObject)) + { + if (NULL != pTemplate[i].pValue) + { + if (pTemplate[i].ulValueLen < sizeof(mock_public_exponent)-1) + return CKR_BUFFER_TOO_SMALL; + else + memcpy(pTemplate[i].pValue, mock_public_exponent, sizeof(mock_public_exponent)-1); + } + + pTemplate[i].ulValueLen = sizeof(mock_public_exponent)-1; + } + else if (CKA_MODULUS == pTemplate[i].type && + (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY == hObject || PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY == hObject)) + { + if (NULL != pTemplate[i].pValue) + { + if (pTemplate[i].ulValueLen < sizeof(mock_modulus)-1) + return CKR_BUFFER_TOO_SMALL; + else + memcpy(pTemplate[i].pValue, mock_modulus, sizeof(mock_modulus)-1); + } + + pTemplate[i].ulValueLen = sizeof(mock_modulus)-1; + } + else if (CKA_SUBJECT == pTemplate[i].type && PKCS11_MOCK_CK_OBJECT_HANDLE_CERTIFICATE == hObject) + { + if (NULL != pTemplate[i].pValue) + { + if (pTemplate[i].ulValueLen < strlen(mock_subject)) + return CKR_BUFFER_TOO_SMALL; + else + memcpy(pTemplate[i].pValue, mock_subject, strlen(mock_subject)); + } + + pTemplate[i].ulValueLen = strlen(mock_subject); + } + else if (CKA_LABEL == pTemplate[i].type) + { + if (NULL != pTemplate[i].pValue) + { + if (pTemplate[i].ulValueLen < strlen(PKCS11_MOCK_CK_OBJECT_CKA_LABEL)) + return CKR_BUFFER_TOO_SMALL; + else + memcpy(pTemplate[i].pValue, PKCS11_MOCK_CK_OBJECT_CKA_LABEL, strlen(PKCS11_MOCK_CK_OBJECT_CKA_LABEL)); + } + + pTemplate[i].ulValueLen = strlen(PKCS11_MOCK_CK_OBJECT_CKA_LABEL); + } + else if (CKA_KEY_TYPE == pTemplate[i].type) + { + CK_KEY_TYPE t; + if (pTemplate[i].ulValueLen != sizeof(CK_KEY_TYPE)) + return CKR_ARGUMENTS_BAD; + + t = CKK_RSA; + memcpy(pTemplate[i].pValue, &t, sizeof(CK_KEY_TYPE)); + } + else if (CKA_ALWAYS_AUTHENTICATE == pTemplate[i].type) + { + CK_BBOOL t; + if (pkcs11_mock_flags & MOCK_FLAG_SAFENET_ALWAYS_AUTH) + return CKR_ATTRIBUTE_TYPE_INVALID; + + if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) + return CKR_ARGUMENTS_BAD; + + if (!(pkcs11_mock_flags & MOCK_FLAG_ALWAYS_AUTH)) { + t = CK_FALSE; + } else { + t = CK_TRUE; + } + memcpy(pTemplate[i].pValue, &t, sizeof(CK_BBOOL)); + } + else if (CKA_ID == pTemplate[i].type) + { + if (NULL != pTemplate[i].pValue) + { + if (pTemplate[i].ulValueLen < strlen(PKCS11_MOCK_CK_OBJECT_CKA_LABEL)) + return CKR_BUFFER_TOO_SMALL; + else + memcpy(pTemplate[i].pValue, PKCS11_MOCK_CK_OBJECT_CKA_LABEL, strlen(PKCS11_MOCK_CK_OBJECT_CKA_LABEL)); + } + + pTemplate[i].ulValueLen = strlen(PKCS11_MOCK_CK_OBJECT_CKA_LABEL); + } + else if (CKA_CERTIFICATE_CATEGORY == pTemplate[i].type) + { + CK_ULONG t = 2; /* authority */ + if (pTemplate[i].ulValueLen < sizeof(CK_ULONG)) + return CKR_BUFFER_TOO_SMALL; + memcpy(pTemplate[i].pValue, &t, sizeof(CK_ULONG)); + } + else if (CKA_VALUE == pTemplate[i].type) + { + if (PKCS11_MOCK_CK_OBJECT_HANDLE_CERTIFICATE_EXTENSION == hObject) + { + const void *obj; + unsigned obj_len; + + if (mock_session->find_op.remaining_data == 1) { + obj = mock_cert_ext1; + obj_len = sizeof(mock_cert_ext1)-1; + } else { + obj = mock_cert_ext2; + obj_len = sizeof(mock_cert_ext2)-1; + } + + if (pTemplate[i].ulValueLen < obj_len) { + pTemplate[i].ulValueLen = obj_len; + if (pTemplate[i].pValue == NULL) + return CKR_OK; + else + return CKR_BUFFER_TOO_SMALL; + } + pTemplate[i].ulValueLen = (CK_ULONG) obj_len; + memcpy(pTemplate[i].pValue, obj, pTemplate[i].ulValueLen); + } + else if (PKCS11_MOCK_CK_OBJECT_HANDLE_CERTIFICATE == hObject) + { + if (pTemplate[i].ulValueLen < sizeof(mock_certificate)-1) { + pTemplate[i].ulValueLen = sizeof(mock_certificate)-1; + if (pTemplate[i].pValue == NULL) + return CKR_OK; + else + return CKR_BUFFER_TOO_SMALL; + } + pTemplate[i].ulValueLen = (CK_ULONG) sizeof(mock_certificate)-1; + memcpy(pTemplate[i].pValue, mock_certificate, pTemplate[i].ulValueLen); + } + else if (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY == hObject) + { + if (pTemplate[i].ulValueLen < sizeof(mock_pubkey)-1) { + pTemplate[i].ulValueLen = sizeof(mock_pubkey)-1; + if (pTemplate[i].pValue == NULL) + return CKR_OK; + else + return CKR_BUFFER_TOO_SMALL; + } + pTemplate[i].ulValueLen = (CK_ULONG) sizeof(mock_pubkey)-1; + memcpy(pTemplate[i].pValue, mock_pubkey, pTemplate[i].ulValueLen); + } + else if (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY == hObject) + { + pTemplate[i].ulValueLen = (CK_ULONG) -1; + if (!(pkcs11_mock_flags & MOCK_FLAG_BROKEN_GET_ATTRIBUTES)) { + return CKR_ATTRIBUTE_SENSITIVE; + } + } + else + { + if (NULL != pTemplate[i].pValue) + { + if (pTemplate[i].ulValueLen < strlen(PKCS11_MOCK_CK_OBJECT_CKA_VALUE)) + return CKR_BUFFER_TOO_SMALL; + else + memcpy(pTemplate[i].pValue, PKCS11_MOCK_CK_OBJECT_CKA_VALUE, strlen(PKCS11_MOCK_CK_OBJECT_CKA_VALUE)); + } + + pTemplate[i].ulValueLen = strlen(PKCS11_MOCK_CK_OBJECT_CKA_VALUE); + } + } + else + { + return CKR_ATTRIBUTE_TYPE_INVALID; + } + } + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_SetAttributeValue)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if ((PKCS11_MOCK_CK_OBJECT_HANDLE_DATA != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hObject) && + (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hObject)) + return CKR_OBJECT_HANDLE_INVALID; + + if (NULL == pTemplate) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulCount) + return CKR_ARGUMENTS_BAD; + + for (i = 0; i < ulCount; i++) + { + if ((CKA_LABEL == pTemplate[i].type) || (CKA_VALUE == pTemplate[i].type)) + { + if (NULL == pTemplate[i].pValue) + return CKR_ATTRIBUTE_VALUE_INVALID; + + if (0 >= pTemplate[i].ulValueLen) + return CKR_ATTRIBUTE_VALUE_INVALID; + } + else + { + return CKR_ATTRIBUTE_TYPE_INVALID; + } + } + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount) +{ + CK_ULONG i = 0; + CK_ULONG_PTR cka_class_value = NULL; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation) + return CKR_OPERATION_ACTIVE; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pTemplate) + return CKR_ARGUMENTS_BAD; + + IGNORE(ulCount); + + mock_session->find_op.find_result = CK_INVALID_HANDLE; + + for (i = 0; i < ulCount; i++) + { + if (NULL == pTemplate[i].pValue) + return CKR_ATTRIBUTE_VALUE_INVALID; + + if (0 >= pTemplate[i].ulValueLen) + return CKR_ATTRIBUTE_VALUE_INVALID; + + if (CKA_LABEL == pTemplate[i].type) + { + free(mock_session->find_label); + mock_session->find_label = strndup(pTemplate[i].pValue, pTemplate[i].ulValueLen); + } + else if (CKA_CLASS == pTemplate[i].type) + { + if (sizeof(CK_ULONG) != pTemplate[i].ulValueLen) + return CKR_ATTRIBUTE_VALUE_INVALID; + + cka_class_value = (CK_ULONG_PTR) pTemplate[i].pValue; + + switch (*cka_class_value) + { + case CKO_DATA: + mock_session->find_op.find_result = PKCS11_MOCK_CK_OBJECT_HANDLE_DATA; + mock_session->find_op.remaining_data = 2; + break; + case CKO_SECRET_KEY: + mock_session->find_op.find_result = PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY; + mock_session->find_op.remaining_data = 1; + break; + case CKO_CERTIFICATE: + mock_session->find_op.find_result = PKCS11_MOCK_CK_OBJECT_HANDLE_CERTIFICATE; + mock_session->find_op.remaining_data = 1; + break; + case CKO_PUBLIC_KEY: + mock_session->find_op.find_result = PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY; + mock_session->find_op.remaining_data = 1; + break; + case CKO_PRIVATE_KEY: + mock_session->find_op.find_result = PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY; + mock_session->find_op.remaining_data = 1; + break; + case CKO_X_CERTIFICATE_EXTENSION: + mock_session->find_op.find_result = PKCS11_MOCK_CK_OBJECT_HANDLE_CERTIFICATE_EXTENSION; + mock_session->find_op.remaining_data = 2; + break; + } + } + } + + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_FIND; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount) +{ + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_FIND != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if ((NULL == phObject) && (0 < ulMaxObjectCount)) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulObjectCount) + return CKR_ARGUMENTS_BAD; + + if (mock_session->find_op.remaining_data <= 0) { + *pulObjectCount = 0; + return CKR_OK; + } + + switch (mock_session->find_op.find_result) + { + case PKCS11_MOCK_CK_OBJECT_HANDLE_DATA: + + if (ulMaxObjectCount >= 2) + { + phObject[0] = mock_session->find_op.find_result; + phObject[1] = mock_session->find_op.find_result; + } + + *pulObjectCount = 2; + mock_session->find_op.remaining_data -= 2; + + break; + + case CK_INVALID_HANDLE: + + *pulObjectCount = 0; + + break; + + default: + + if (ulMaxObjectCount >= 1) + { + phObject[0] = mock_session->find_op.find_result; + } + + *pulObjectCount = 1; + mock_session->find_op.remaining_data --; + + break; + } + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsFinal)(CK_SESSION_HANDLE hSession) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_FIND != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_EncryptInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_DIGEST != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_SIGN != mock_session->find_op.active_operation)) + return CKR_OPERATION_ACTIVE; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pMechanism) + return CKR_ARGUMENTS_BAD; + + switch (pMechanism->mechanism) + { + case CKM_RSA_PKCS: + + if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hKey) + return CKR_KEY_TYPE_INCONSISTENT; + + break; + +#if 0 + case CKM_RSA_PKCS_OAEP: + + if ((NULL == pMechanism->pParameter) || (sizeof(CK_RSA_PKCS_OAEP_PARAMS) != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hKey) + return CKR_KEY_TYPE_INCONSISTENT; + + break; +#endif + case CKM_DES3_CBC: + + if ((NULL == pMechanism->pParameter) || (8 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hKey) + return CKR_KEY_TYPE_INCONSISTENT; + + break; + + case CKM_AES_CBC: + + if ((NULL == pMechanism->pParameter) || (16 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hKey) + return CKR_KEY_TYPE_INCONSISTENT; + + break; + + default: + + return CKR_MECHANISM_INVALID; + } + + switch (mock_session->find_op.active_operation) + { + case PKCS11_MOCK_CK_OPERATION_NONE: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_ENCRYPT; + break; + case PKCS11_MOCK_CK_OPERATION_DIGEST: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT; + break; + case PKCS11_MOCK_CK_OPERATION_SIGN: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT; + break; + default: + return CKR_FUNCTION_FAILED; + } + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_Encrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_ENCRYPT != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pData) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulDataLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulEncryptedDataLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pEncryptedData) + { + if (ulDataLen > *pulEncryptedDataLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + for (i = 0; i < ulDataLen; i++) + pEncryptedData[i] = pData[i] ^ 0xAB; + + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + } + } + + *pulEncryptedDataLen = ulDataLen; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_EncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_ENCRYPT != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pPart) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulEncryptedPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pEncryptedPart) + { + if (ulPartLen > *pulEncryptedPartLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + for (i = 0; i < ulPartLen; i++) + pEncryptedPart[i] = pPart[i] ^ 0xAB; + } + } + + *pulEncryptedPartLen = ulPartLen; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_EncryptFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((PKCS11_MOCK_CK_OPERATION_ENCRYPT != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT != mock_session->find_op.active_operation)) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pulLastEncryptedPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pLastEncryptedPart) + { + switch (mock_session->find_op.active_operation) + { + case PKCS11_MOCK_CK_OPERATION_ENCRYPT: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + break; + case PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_DIGEST; + break; + case PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_SIGN; + break; + default: + return CKR_FUNCTION_FAILED; + } + } + + *pulLastEncryptedPartLen = 0; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_DecryptInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if ((PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_DIGEST != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_VERIFY != mock_session->find_op.active_operation)) + return CKR_OPERATION_ACTIVE; + + if (pkcs11_mock_flags & MOCK_FLAG_ALWAYS_AUTH || pkcs11_mock_flags & MOCK_FLAG_SAFENET_ALWAYS_AUTH) { + mock_session->state = CKS_RO_PUBLIC_SESSION; + pkcs11_mock_session_reauth = 0; + } + + if (NULL == pMechanism) + return CKR_ARGUMENTS_BAD; + + switch (pMechanism->mechanism) + { + case CKM_RSA_PKCS: + + if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hKey) + return CKR_KEY_TYPE_INCONSISTENT; + + break; +#if 0 + case CKM_RSA_PKCS_OAEP: + + if ((NULL == pMechanism->pParameter) || (sizeof(CK_RSA_PKCS_OAEP_PARAMS) != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hKey) + return CKR_KEY_TYPE_INCONSISTENT; + + break; +#endif + case CKM_DES3_CBC: + + if ((NULL == pMechanism->pParameter) || (8 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hKey) + return CKR_KEY_TYPE_INCONSISTENT; + + break; + + case CKM_AES_CBC: + + if ((NULL == pMechanism->pParameter) || (16 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hKey) + return CKR_KEY_TYPE_INCONSISTENT; + + break; + + default: + + return CKR_MECHANISM_INVALID; + } + + switch (mock_session->find_op.active_operation) + { + case PKCS11_MOCK_CK_OPERATION_NONE: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT; + break; + case PKCS11_MOCK_CK_OPERATION_DIGEST: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST; + break; + case PKCS11_MOCK_CK_OPERATION_VERIFY: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY; + break; + default: + return CKR_FUNCTION_FAILED; + } + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_Decrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (PKCS11_MOCK_CK_OPERATION_DECRYPT != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if (pkcs11_mock_flags & MOCK_FLAG_ALWAYS_AUTH || pkcs11_mock_flags & MOCK_FLAG_SAFENET_ALWAYS_AUTH) { + if (!pkcs11_mock_session_reauth) { + return CKR_USER_NOT_LOGGED_IN; + } + if ((pkcs11_mock_flags & MOCK_FLAG_ALWAYS_AUTH) && pData != NULL) { + pkcs11_mock_session_reauth = 0; + } + } + + if (NULL == pEncryptedData) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulEncryptedDataLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulDataLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pData) + { + if (ulEncryptedDataLen > *pulDataLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + for (i = 0; i < ulEncryptedDataLen; i++) + pData[i] = pEncryptedData[i] ^ 0xAB; + + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + } + } + + *pulDataLen = ulEncryptedDataLen; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_DecryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (PKCS11_MOCK_CK_OPERATION_DECRYPT != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if (NULL == pEncryptedPart) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulEncryptedPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pPart) + { + if (ulEncryptedPartLen > *pulPartLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + for (i = 0; i < ulEncryptedPartLen; i++) + pPart[i] = pEncryptedPart[i] ^ 0xAB; + } + } + + *pulPartLen = ulEncryptedPartLen; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_DecryptFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if ((PKCS11_MOCK_CK_OPERATION_DECRYPT != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY != mock_session->find_op.active_operation)) + return CKR_OPERATION_NOT_INITIALIZED; + + if (NULL == pulLastPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pLastPart) + { + switch (mock_session->find_op.active_operation) + { + case PKCS11_MOCK_CK_OPERATION_DECRYPT: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + break; + case PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_DIGEST; + break; + case PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_VERIFY; + break; + default: + return CKR_FUNCTION_FAILED; + } + } + + *pulLastPartLen = 0; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_DigestInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_ENCRYPT != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_DECRYPT != mock_session->find_op.active_operation)) + return CKR_OPERATION_ACTIVE; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pMechanism) + return CKR_ARGUMENTS_BAD; + + if (CKM_SHA_1 != pMechanism->mechanism) + return CKR_MECHANISM_INVALID; + + if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + switch (mock_session->find_op.active_operation) + { + case PKCS11_MOCK_CK_OPERATION_NONE: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_DIGEST; + break; + case PKCS11_MOCK_CK_OPERATION_ENCRYPT: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT; + break; + case PKCS11_MOCK_CK_OPERATION_DECRYPT: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST; + break; + default: + return CKR_FUNCTION_FAILED; + } + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_Digest)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen) +{ + CK_BYTE hash[20] = { 0x7B, 0x50, 0x2C, 0x3A, 0x1F, 0x48, 0xC8, 0x60, 0x9A, 0xE2, 0x12, 0xCD, 0xFB, 0x63, 0x9D, 0xEE, 0x39, 0x67, 0x3F, 0x5E }; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_DIGEST != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pData) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulDataLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulDigestLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pDigest) + { + if (sizeof(hash) > *pulDigestLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + memcpy(pDigest, hash, sizeof(hash)); + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + } + } + + *pulDigestLen = sizeof(hash); + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_DigestUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_DIGEST != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pPart) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulPartLen) + return CKR_ARGUMENTS_BAD; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_DigestKey)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_DIGEST != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hKey) + return CKR_OBJECT_HANDLE_INVALID; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_DigestFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen) +{ + CK_BYTE hash[20] = { 0x7B, 0x50, 0x2C, 0x3A, 0x1F, 0x48, 0xC8, 0x60, 0x9A, 0xE2, 0x12, 0xCD, 0xFB, 0x63, 0x9D, 0xEE, 0x39, 0x67, 0x3F, 0x5E }; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((PKCS11_MOCK_CK_OPERATION_DIGEST != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST != mock_session->find_op.active_operation)) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pulDigestLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pDigest) + { + if (sizeof(hash) > *pulDigestLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + memcpy(pDigest, hash, sizeof(hash)); + + switch (mock_session->find_op.active_operation) + { + case PKCS11_MOCK_CK_OPERATION_DIGEST: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + break; + case PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_ENCRYPT; + break; + case PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST: + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT; + break; + default: + return CKR_FUNCTION_FAILED; + } + } + } + + *pulDigestLen = sizeof(hash); + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if ((PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_ENCRYPT != mock_session->find_op.active_operation)) + return CKR_OPERATION_ACTIVE; + + if (pkcs11_mock_flags & MOCK_FLAG_ALWAYS_AUTH || pkcs11_mock_flags & MOCK_FLAG_SAFENET_ALWAYS_AUTH) { + mock_session->state = CKS_RO_PUBLIC_SESSION; + pkcs11_mock_session_reauth = 0; + } + + if (NULL == pMechanism) + return CKR_ARGUMENTS_BAD; + + if ((CKM_RSA_PKCS == pMechanism->mechanism) || (CKM_SHA1_RSA_PKCS == pMechanism->mechanism)) + { + if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hKey) + return CKR_KEY_TYPE_INCONSISTENT; + } + else + { + return CKR_MECHANISM_INVALID; + } + + if (PKCS11_MOCK_CK_OPERATION_NONE == mock_session->find_op.active_operation) + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_SIGN; + else + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_Sign)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) +{ + CK_BYTE signature[10] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 }; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_SIGN != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (pkcs11_mock_flags & MOCK_FLAG_ALWAYS_AUTH || pkcs11_mock_flags & MOCK_FLAG_SAFENET_ALWAYS_AUTH) { + if (!pkcs11_mock_session_reauth) { + return CKR_USER_NOT_LOGGED_IN; + } + + if ((pkcs11_mock_flags & MOCK_FLAG_ALWAYS_AUTH) && pSignature != NULL) { + pkcs11_mock_session_reauth = 0; + } + } + + if (NULL == pData) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulDataLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulSignatureLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pSignature) + { + if (sizeof(signature) > *pulSignatureLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + memcpy(pSignature, signature, sizeof(signature)); + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + } + } + + *pulSignatureLen = sizeof(signature); + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_SignUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_SIGN != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pPart) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulPartLen) + return CKR_ARGUMENTS_BAD; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) +{ + CK_BYTE signature[10] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 }; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((PKCS11_MOCK_CK_OPERATION_SIGN != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT != mock_session->find_op.active_operation)) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pulSignatureLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pSignature) + { + if (sizeof(signature) > *pulSignatureLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + memcpy(pSignature, signature, sizeof(signature)); + + if (PKCS11_MOCK_CK_OPERATION_SIGN == mock_session->find_op.active_operation) + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + else + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_ENCRYPT; + } + } + + *pulSignatureLen = sizeof(signature); + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_SignRecoverInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation) + return CKR_OPERATION_ACTIVE; + + if (NULL == pMechanism) + return CKR_ARGUMENTS_BAD; + + if (CKM_RSA_PKCS == pMechanism->mechanism) + { + if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hKey) + return CKR_KEY_TYPE_INCONSISTENT; + } + else + { + return CKR_MECHANISM_INVALID; + } + + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_SIGN_RECOVER; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_SignRecover)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_SIGN_RECOVER != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pData) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulDataLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulSignatureLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pSignature) + { + if (ulDataLen > *pulSignatureLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + for (i = 0; i < ulDataLen; i++) + pSignature[i] = pData[i] ^ 0xAB; + + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + } + } + + *pulSignatureLen = ulDataLen; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_VerifyInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if ((PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_DECRYPT != mock_session->find_op.active_operation)) + return CKR_OPERATION_ACTIVE; + + if (NULL == pMechanism) + return CKR_ARGUMENTS_BAD; + + if ((CKM_RSA_PKCS == pMechanism->mechanism) || (CKM_SHA1_RSA_PKCS == pMechanism->mechanism)) + { + if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hKey) + return CKR_KEY_TYPE_INCONSISTENT; + } + else + { + return CKR_MECHANISM_INVALID; + } + + if (PKCS11_MOCK_CK_OPERATION_NONE == mock_session->find_op.active_operation) + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_VERIFY; + else + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_Verify)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen) +{ + CK_BYTE signature[10] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 }; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_VERIFY != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pData) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulDataLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pSignature) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulSignatureLen) + return CKR_ARGUMENTS_BAD; + + if (sizeof(signature) != ulSignatureLen) + return CKR_SIGNATURE_LEN_RANGE; + + if (0 != memcmp(pSignature, signature, sizeof(signature))) + return CKR_SIGNATURE_INVALID; + + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_VerifyUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_VERIFY != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pPart) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulPartLen) + return CKR_ARGUMENTS_BAD; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_VerifyFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen) +{ + CK_BYTE signature[10] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 }; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((PKCS11_MOCK_CK_OPERATION_VERIFY != mock_session->find_op.active_operation) && + (PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY != mock_session->find_op.active_operation)) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pSignature) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulSignatureLen) + return CKR_ARGUMENTS_BAD; + + if (sizeof(signature) != ulSignatureLen) + return CKR_SIGNATURE_LEN_RANGE; + + if (0 != memcmp(pSignature, signature, sizeof(signature))) + return CKR_SIGNATURE_INVALID; + + if (PKCS11_MOCK_CK_OPERATION_VERIFY == mock_session->find_op.active_operation) + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + else + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_DECRYPT; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_VerifyRecoverInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (PKCS11_MOCK_CK_OPERATION_NONE != mock_session->find_op.active_operation) + return CKR_OPERATION_ACTIVE; + + if (NULL == pMechanism) + return CKR_ARGUMENTS_BAD; + + if (CKM_RSA_PKCS == pMechanism->mechanism) + { + if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hKey) + return CKR_KEY_TYPE_INCONSISTENT; + } + else + { + return CKR_MECHANISM_INVALID; + } + + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_VERIFY_RECOVER; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_VerifyRecover)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_VERIFY_RECOVER != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pSignature) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulSignatureLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulDataLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pData) + { + if (ulSignatureLen > *pulDataLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + for (i = 0; i < ulSignatureLen; i++) + pData[i] = pSignature[i] ^ 0xAB; + + mock_session->find_op.active_operation = PKCS11_MOCK_CK_OPERATION_NONE; + } + } + + *pulDataLen = ulSignatureLen; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_DigestEncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if (PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pPart) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulEncryptedPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pEncryptedPart) + { + if (ulPartLen > *pulEncryptedPartLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + for (i = 0; i < ulPartLen; i++) + pEncryptedPart[i] = pPart[i] ^ 0xAB; + } + } + + *pulEncryptedPartLen = ulPartLen; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_DecryptDigestUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if (NULL == pEncryptedPart) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulEncryptedPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pPart) + { + if (ulEncryptedPartLen > *pulPartLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + for (i = 0; i < ulEncryptedPartLen; i++) + pPart[i] = pEncryptedPart[i] ^ 0xAB; + } + } + + *pulPartLen = ulEncryptedPartLen; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_SignEncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if (NULL == pPart) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulEncryptedPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pEncryptedPart) + { + if (ulPartLen > *pulEncryptedPartLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + for (i = 0; i < ulPartLen; i++) + pEncryptedPart[i] = pPart[i] ^ 0xAB; + } + } + + *pulEncryptedPartLen = ulPartLen; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_DecryptVerifyUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY != mock_session->find_op.active_operation) + return CKR_OPERATION_NOT_INITIALIZED; + + if (NULL == pEncryptedPart) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulEncryptedPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pulPartLen) + return CKR_ARGUMENTS_BAD; + + if (NULL != pPart) + { + if (ulEncryptedPartLen > *pulPartLen) + { + return CKR_BUFFER_TOO_SMALL; + } + else + { + for (i = 0; i < ulEncryptedPartLen; i++) + pPart[i] = pEncryptedPart[i] ^ 0xAB; + } + } + + *pulPartLen = ulEncryptedPartLen; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GenerateKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pMechanism) + return CKR_ARGUMENTS_BAD; + + if (CKM_DES3_KEY_GEN != pMechanism->mechanism) + return CKR_MECHANISM_INVALID; + + if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (NULL == pTemplate) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulCount) + return CKR_ARGUMENTS_BAD; + + if (NULL == phKey) + return CKR_ARGUMENTS_BAD; + + for (i = 0; i < ulCount; i++) + { + if (NULL == pTemplate[i].pValue) + return CKR_ATTRIBUTE_VALUE_INVALID; + + if (0 >= pTemplate[i].ulValueLen) + return CKR_ATTRIBUTE_VALUE_INVALID; + } + + *phKey = PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate, CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate, CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey, CK_OBJECT_HANDLE_PTR phPrivateKey) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pMechanism) + return CKR_ARGUMENTS_BAD; + + if (CKM_RSA_PKCS_KEY_PAIR_GEN != pMechanism->mechanism) + return CKR_MECHANISM_INVALID; + + if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (NULL == pPublicKeyTemplate) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulPublicKeyAttributeCount) + return CKR_ARGUMENTS_BAD; + + if (NULL == pPrivateKeyTemplate) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulPrivateKeyAttributeCount) + return CKR_ARGUMENTS_BAD; + + if (NULL == phPublicKey) + return CKR_ARGUMENTS_BAD; + + if (NULL == phPrivateKey) + return CKR_ARGUMENTS_BAD; + + for (i = 0; i < ulPublicKeyAttributeCount; i++) + { + if (NULL == pPublicKeyTemplate[i].pValue) + return CKR_ATTRIBUTE_VALUE_INVALID; + + if (0 >= pPublicKeyTemplate[i].ulValueLen) + return CKR_ATTRIBUTE_VALUE_INVALID; + } + + for (i = 0; i < ulPrivateKeyAttributeCount; i++) + { + if (NULL == pPrivateKeyTemplate[i].pValue) + return CKR_ATTRIBUTE_VALUE_INVALID; + + if (0 >= pPrivateKeyTemplate[i].ulValueLen) + return CKR_ATTRIBUTE_VALUE_INVALID; + } + + *phPublicKey = PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY; + *phPrivateKey = PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_WrapKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen) +{ + CK_BYTE wrappedKey[10] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 }; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pMechanism) + return CKR_ARGUMENTS_BAD; + + if (CKM_RSA_PKCS != pMechanism->mechanism) + return CKR_MECHANISM_INVALID; + + if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY != hWrappingKey) + return CKR_KEY_HANDLE_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY != hKey) + return CKR_KEY_HANDLE_INVALID; + + if (NULL != pWrappedKey) + { + if (sizeof(wrappedKey) > *pulWrappedKeyLen) + return CKR_BUFFER_TOO_SMALL; + else + memcpy(pWrappedKey, wrappedKey, sizeof(wrappedKey)); + } + + *pulWrappedKeyLen = sizeof(wrappedKey); + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_UnwrapKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey) +{ + CK_ULONG i = 0; + + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pMechanism) + return CKR_ARGUMENTS_BAD; + + if (CKM_RSA_PKCS != pMechanism->mechanism) + return CKR_MECHANISM_INVALID; + + if ((NULL != pMechanism->pParameter) || (0 != pMechanism->ulParameterLen)) + return CKR_MECHANISM_PARAM_INVALID; + + if (PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY != hUnwrappingKey) + return CKR_KEY_HANDLE_INVALID; + + if (NULL == pWrappedKey) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulWrappedKeyLen) + return CKR_ARGUMENTS_BAD; + + if (NULL == pTemplate) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulAttributeCount) + return CKR_ARGUMENTS_BAD; + + if (NULL == phKey) + return CKR_ARGUMENTS_BAD; + + for (i = 0; i < ulAttributeCount; i++) + { + if (NULL == pTemplate[i].pValue) + return CKR_ATTRIBUTE_VALUE_INVALID; + + if (0 >= pTemplate[i].ulValueLen) + return CKR_ATTRIBUTE_VALUE_INVALID; + } + + *phKey = PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_DeriveKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey) +{ + return CKR_GENERAL_ERROR; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_SeedRandom)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == pSeed) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulSeedLen) + return CKR_ARGUMENTS_BAD; + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GenerateRandom)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR RandomData, CK_ULONG ulRandomLen) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + if (NULL == RandomData) + return CKR_ARGUMENTS_BAD; + + if (0 >= ulRandomLen) + return CKR_ARGUMENTS_BAD; + + memset(RandomData, 1, ulRandomLen); + + return CKR_OK; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_GetFunctionStatus)(CK_SESSION_HANDLE hSession) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + return CKR_FUNCTION_NOT_PARALLEL; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_CancelFunction)(CK_SESSION_HANDLE hSession) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((CK_FALSE == pkcs11_mock_session_opened) || (PKCS11_MOCK_CK_SESSION_ID != hSession)) + return CKR_SESSION_HANDLE_INVALID; + + return CKR_FUNCTION_NOT_PARALLEL; +} + + +CK_DEFINE_FUNCTION(CK_RV, C_WaitForSlotEvent)(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved) +{ + if (CK_FALSE == pkcs11_mock_initialized) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + if ((0 != flags) && (CKF_DONT_BLOCK != flags)) + return CKR_ARGUMENTS_BAD; + + if (NULL == pSlot) + return CKR_ARGUMENTS_BAD; + + if (NULL != pReserved) + return CKR_ARGUMENTS_BAD; + + return CKR_NO_EVENT; +} + diff --git a/tests/pkcs11/pkcs11-mock.h b/tests/pkcs11/pkcs11-mock.h new file mode 100644 index 0000000..6764c02 --- /dev/null +++ b/tests/pkcs11/pkcs11-mock.h @@ -0,0 +1,99 @@ +/* + * Copyright 2011-2016 The Pkcs11Interop Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * Written originally for the Pkcs11Interop project by: + * Jaroslav IMRICH + */ + +#define _POSIX_C_SOURCE 200809 +#include +#include +#include + +// PKCS#11 related stuff +#define CK_PTR * +#define CK_DEFINE_FUNCTION(returnType, name) returnType name +#define CK_DECLARE_FUNCTION(returnType, name) returnType name +#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name) +#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name) + +#include +#include + +#ifndef NULL_PTR +#define NULL_PTR 0 +#endif + +#define IGNORE(P) (void)(P) + +#define PKCS11_MOCK_CK_INFO_MANUFACTURER_ID "Pkcs11Interop Project" +#define PKCS11_MOCK_CK_INFO_LIBRARY_DESCRIPTION "Mock module" + +#define PKCS11_MOCK_CK_SLOT_ID 1 +#define PKCS11_MOCK_CK_SLOT_INFO_SLOT_DESCRIPTION "Mock slot" +#define PKCS11_MOCK_CK_SLOT_INFO_MANUFACTURER_ID "Pkcs11Interop Project" + +#define PKCS11_MOCK_CK_TOKEN_INFO_LABEL "Pkcs11Interop" +#define PKCS11_MOCK_CK_TOKEN_INFO_MANUFACTURER_ID "Pkcs11Interop Project" +#define PKCS11_MOCK_CK_TOKEN_INFO_MODEL "Mock token" +#define PKCS11_MOCK_CK_TOKEN_INFO_SERIAL_NUMBER "0123456789A" +#define PKCS11_MOCK_CK_TOKEN_INFO_MAX_PIN_LEN 256 +#define PKCS11_MOCK_CK_TOKEN_INFO_MIN_PIN_LEN 4 + +#define PKCS11_MOCK_CK_SESSION_ID 1 + +#define PKCS11_MOCK_CK_OBJECT_CKA_LABEL "Pkcs11Interop" +#define PKCS11_MOCK_CK_OBJECT_CKA_VALUE "Hello world!" +#define PKCS11_MOCK_CK_OBJECT_SIZE 256 +#define PKCS11_MOCK_CK_OBJECT_HANDLE_DATA 1 +#define PKCS11_MOCK_CK_OBJECT_HANDLE_SECRET_KEY 2 +#define PKCS11_MOCK_CK_OBJECT_HANDLE_PUBLIC_KEY 3 +#define PKCS11_MOCK_CK_OBJECT_HANDLE_PRIVATE_KEY 4 +#define PKCS11_MOCK_CK_OBJECT_HANDLE_CERTIFICATE_EXTENSION 5 +#define PKCS11_MOCK_CK_OBJECT_HANDLE_CERTIFICATE 6 + +typedef enum +{ + PKCS11_MOCK_CK_OPERATION_NONE, + PKCS11_MOCK_CK_OPERATION_FIND, + PKCS11_MOCK_CK_OPERATION_ENCRYPT, + PKCS11_MOCK_CK_OPERATION_DECRYPT, + PKCS11_MOCK_CK_OPERATION_DIGEST, + PKCS11_MOCK_CK_OPERATION_SIGN, + PKCS11_MOCK_CK_OPERATION_SIGN_RECOVER, + PKCS11_MOCK_CK_OPERATION_VERIFY, + PKCS11_MOCK_CK_OPERATION_VERIFY_RECOVER, + PKCS11_MOCK_CK_OPERATION_DIGEST_ENCRYPT, + PKCS11_MOCK_CK_OPERATION_DECRYPT_DIGEST, + PKCS11_MOCK_CK_OPERATION_SIGN_ENCRYPT, + PKCS11_MOCK_CK_OPERATION_DECRYPT_VERIFY +} +PKCS11_MOCK_CK_OPERATION; + +struct find_ptr_st { + int remaining_data; + PKCS11_MOCK_CK_OPERATION active_operation; + CK_OBJECT_HANDLE find_result; +}; + +typedef struct session_ptr_st { + char *find_label; + CK_ULONG state; + + struct find_ptr_st find_op; +} session_ptr_st; + diff --git a/tests/pkcs11/pkcs11-mock2.c b/tests/pkcs11/pkcs11-mock2.c new file mode 100644 index 0000000..44bf517 --- /dev/null +++ b/tests/pkcs11/pkcs11-mock2.c @@ -0,0 +1,108 @@ +/* + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "softhsm.h" + +/* This provides a mock PKCS #11 module that delegates all the + * operations to SoftHSM except that it filters out CKM_RSA_PKCS_PSS + * mechanism. + */ + +static void *dl; +static CK_C_GetMechanismInfo base_C_GetMechanismInfo; +static CK_FUNCTION_LIST override_funcs; + +#ifdef __sun +# pragma fini(mock_deinit) +# pragma init(mock_init) +# define _CONSTRUCTOR +# define _DESTRUCTOR +#else +# define _CONSTRUCTOR __attribute__((constructor)) +# define _DESTRUCTOR __attribute__((destructor)) +#endif + +static CK_RV +override_C_GetMechanismInfo(CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO *info) +{ + if (type == CKM_RSA_PKCS_PSS) + return CKR_MECHANISM_INVALID; + + return base_C_GetMechanismInfo(slot_id, type, info); +} + +CK_RV +C_GetFunctionList(CK_FUNCTION_LIST **function_list) +{ + CK_C_GetFunctionList func; + CK_FUNCTION_LIST *funcs; + + assert(dl); + + func = dlsym(dl, "C_GetFunctionList"); + if (func == NULL) { + return CKR_GENERAL_ERROR; + } + + func(&funcs); + base_C_GetMechanismInfo = funcs->C_GetMechanismInfo; + + memcpy(&override_funcs, funcs, sizeof(CK_FUNCTION_LIST)); + override_funcs.C_GetMechanismInfo = override_C_GetMechanismInfo; + *function_list = &override_funcs; + + return CKR_OK; +} + +static _CONSTRUCTOR void +mock_init(void) +{ + const char *lib; + + /* suppress compiler warning */ + (void) set_softhsm_conf; + + lib = softhsm_lib(); + + dl = dlopen(lib, RTLD_NOW); + if (dl == NULL) + exit(77); +} + +static _DESTRUCTOR void +mock_deinit(void) +{ + dlclose(dl); +} diff --git a/tests/pkcs11/pkcs11-obj-import.c b/tests/pkcs11/pkcs11-obj-import.c new file mode 100644 index 0000000..17c75a7 --- /dev/null +++ b/tests/pkcs11/pkcs11-obj-import.c @@ -0,0 +1,254 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#define CONFIG_NAME "softhsm-obj-import" +#define CONFIG CONFIG_NAME".config" + +#include "../utils.h" +#include "softhsm.h" + +/* Tests whether gnutls_pubkey_import_privkey works well for + * RSA keys under PKCS #11 */ + + +#include "../cert-common.h" + +#define PIN "1234" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +void doit(void) +{ + static char buf[1024]; + int ret; + const char *lib, *bin; + gnutls_x509_crt_t crt; + gnutls_pkcs11_obj_t obj; + char *url; + gnutls_datum_t tmp, tmp2; + size_t buf_size; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_crt_import(crt, &server_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (debug) { + gnutls_x509_crt_print(crt, + GNUTLS_CRT_PRINT_ONELINE, + &tmp); + + printf("\tCertificate: %.*s\n", + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, GNUTLS_PIN_USER); + if (ret < 0) { + fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, crt, "cert", + GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(NULL, NULL); + + assert(gnutls_pkcs11_obj_init(&obj) >= 0); + + ret = gnutls_pkcs11_obj_import_url(obj, SOFTHSM_URL";object=cert", 0); + if (ret < 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_pkcs11_obj_export_url(obj, GNUTLS_PKCS11_URL_GENERIC, &url) >= 0); + assert(url != NULL); + + gnutls_free(url); + + assert(gnutls_pkcs11_obj_export3(obj, GNUTLS_X509_FMT_DER, &tmp) >= 0); + assert(gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &tmp2) >= 0); + + assert(tmp2.size == tmp.size); + assert(memcmp(tmp.data, tmp2.data, tmp.size) == 0); + gnutls_free(tmp2.data); + + /* check gnutls_pkcs11_obj_export */ + buf_size = 4; + assert(gnutls_pkcs11_obj_export(obj, buf, &buf_size) == GNUTLS_E_SHORT_MEMORY_BUFFER); + + buf_size = sizeof(buf); + assert(gnutls_pkcs11_obj_export(obj, buf, &buf_size)>=0); + assert(buf_size == tmp.size); + assert(memcmp(buf, tmp.data, tmp.size) == 0); + + gnutls_free(tmp.data); + + /* The ID is constant and copied from the certificate */ + buf_size = sizeof(buf); + assert(gnutls_pkcs11_obj_get_info(obj, GNUTLS_PKCS11_OBJ_ID_HEX, buf, &buf_size) >= 0); + assert(buf_size == 60); + assert(memcmp(buf, "95:d1:ad:a4:52:e4:c5:61:12:a6:91:13:8d:80:dd:2d:81:22:3e:d4", 60) == 0); + + /* label */ + buf_size = sizeof(buf); + assert(gnutls_pkcs11_obj_get_info(obj, GNUTLS_PKCS11_OBJ_LABEL, buf, &buf_size) >= 0); + assert(buf_size == 4); + assert(memcmp(buf, "cert", 4) == 0); + + /* token-label */ + buf_size = sizeof(buf); + assert(gnutls_pkcs11_obj_get_info(obj, GNUTLS_PKCS11_OBJ_TOKEN_LABEL, buf, &buf_size) >= 0); + assert(buf_size == 4); + assert(memcmp(buf, "test", 4) == 0); + + /* token-serial */ + buf_size = sizeof(buf); + assert(gnutls_pkcs11_obj_get_info(obj, GNUTLS_PKCS11_OBJ_TOKEN_SERIAL, buf, &buf_size) >= 0); + assert(buf_size != 0); + assert(strlen(buf) != 0); + + /* token-model */ + buf_size = sizeof(buf); + assert(gnutls_pkcs11_obj_get_info(obj, GNUTLS_PKCS11_OBJ_TOKEN_MODEL, buf, &buf_size) >= 0); + assert(buf_size != 0); + assert(strlen(buf) != 0); + + /* token-manufacturer */ + buf_size = sizeof(buf); + assert(gnutls_pkcs11_obj_get_info(obj, GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER, buf, &buf_size) >= 0); + assert(buf_size != 0); + assert(strlen(buf) != 0); + + /* token-ID */ + buf_size = sizeof(buf); + assert(gnutls_pkcs11_obj_get_info(obj, GNUTLS_PKCS11_OBJ_ID, buf, &buf_size) >= 0); + assert(buf_size != 0); + + /* library description */ + buf_size = sizeof(buf); + assert(gnutls_pkcs11_obj_get_info(obj, GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION, buf, &buf_size) >= 0); + assert(buf_size != 0); + assert(strlen(buf) != 0); + + /* library manufacturer */ + buf_size = sizeof(buf); + assert(gnutls_pkcs11_obj_get_info(obj, GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER, buf, &buf_size) >= 0); + assert(buf_size != 0); + assert(strlen(buf) != 0); + + /* library version */ + buf_size = sizeof(buf); + assert(gnutls_pkcs11_obj_get_info(obj, GNUTLS_PKCS11_OBJ_LIBRARY_VERSION, buf, &buf_size) >= 0); + assert(buf_size != 0); + assert(strlen(buf) != 0); + + gnutls_pkcs11_obj_deinit(obj); + gnutls_x509_crt_deinit(crt); + + gnutls_global_deinit(); + + remove(CONFIG); +} + diff --git a/tests/pkcs11/pkcs11-obj-raw.c b/tests/pkcs11/pkcs11-obj-raw.c new file mode 100644 index 0000000..a955272 --- /dev/null +++ b/tests/pkcs11/pkcs11-obj-raw.c @@ -0,0 +1,188 @@ +/* + * Copyright (C) 2016-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#ifndef CRYPTOKI_GNU +# define CRYPTOKI_GNU +#endif +#include + +#include "utils.h" + +/* Tests whether a gnutls_pkcs11_obj_get_ptr returns valid handles. */ + +#if defined(HAVE___REGISTER_ATFORK) + +#ifdef _WIN32 +# define P11LIB "libpkcs11mock1.dll" +#else +# include +# define P11LIB "libpkcs11mock1.so" +#endif + + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +#define PIN "1234" + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +void doit(void) +{ + int ret; + const char *lib; + unsigned long slot_id; + unsigned char sig[256]; + unsigned long len; + struct ck_function_list *mod; + struct ck_info info; + struct ck_token_info tinfo; + ck_session_handle_t session; + ck_object_handle_t ohandle; + gnutls_pkcs11_obj_t obj; + struct ck_mechanism mech; + ck_rv_t rv; + gnutls_datum_t data; + + data.data = (void*)"\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\x34\xb6\xf6\x08\x29\x4c\x50\x31\x2b\xbb"; + data.size = 20; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_pkcs11_obj_init(&obj)>=0); + + gnutls_pkcs11_obj_set_pin_function(obj, pin_func, NULL); + + /* unknown object */ + ret = gnutls_pkcs11_obj_import_url(obj, "pkcs11:token=unknown;object=invalid;type=private", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + assert(ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + ret = gnutls_pkcs11_obj_import_url(obj, "pkcs11:object=test;type=private", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + assert(ret >= 0); + + ret = gnutls_pkcs11_obj_get_ptr(obj, (void**)&mod, (void*)&session, + (void*)&ohandle, + &slot_id, GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_obj_deinit(obj); + + rv = mod->C_GetInfo(&info); + if (rv != CKR_OK) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(info.cryptoki_version.major == 0x02); + assert(info.cryptoki_version.minor == 0x14); + assert(info.flags == 0); + assert(info.library_version.major == 0x01); + assert(info.library_version.minor == 0x00); + + rv = mod->C_GetTokenInfo(slot_id, &tinfo); + if (rv != CKR_OK) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(tinfo.hardware_version.major == 0x01); + assert(tinfo.firmware_version.major == 0x01); + + mech.mechanism = CKM_RSA_PKCS; + mech.parameter = NULL; + mech.parameter_len = 0; + + rv = mod->C_SignInit(session, &mech, ohandle); + if (rv != CKR_OK) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + len = sizeof(sig); + rv = mod->C_Sign(session, data.data, data.size, sig, &len); + if (rv != CKR_OK) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + mod->C_CloseSession(session); + + gnutls_pkcs11_deinit(); + gnutls_global_deinit(); +} +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/pkcs11/pkcs11-pin-func.c b/tests/pkcs11/pkcs11-pin-func.c new file mode 100644 index 0000000..b6d707e --- /dev/null +++ b/tests/pkcs11/pkcs11-pin-func.c @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2017 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, "xxx"); + return 0; + } + return -1; +} + +int main(int argc, char **argv) +{ + void *u; + gnutls_pin_callback_t cb; + + gnutls_pkcs11_set_pin_function(pin_func, (void*)-1); + + cb = gnutls_pkcs11_get_pin_function(&u); + + assert(u==(void*)-1); + assert(cb == pin_func); + + return 0; +} diff --git a/tests/pkcs11/pkcs11-privkey-always-auth.c b/tests/pkcs11/pkcs11-privkey-always-auth.c new file mode 100644 index 0000000..441f637 --- /dev/null +++ b/tests/pkcs11/pkcs11-privkey-always-auth.c @@ -0,0 +1,200 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#ifdef _WIN32 + +void doit(void) +{ + exit(77); +} + +#else + +# include "utils.h" +# include "pkcs11-mock-ext.h" + +/* Tests whether a gnutls_privkey_t will work properly with a key marked + * as always authenticate */ + +static unsigned pin_called = 0; +static const char *_pin = "1234"; + +# include +# define P11LIB "libpkcs11mock1.so" + + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (_pin == NULL) + return -1; + + strcpy(pin, _pin); + pin_called++; + return 0; +} + +void doit(void) +{ + int ret; + const char *lib; + gnutls_privkey_t key; + gnutls_pkcs11_obj_t obj; + gnutls_datum_t sig = {NULL, 0}, data; + unsigned flags = 0; + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + { + void *dl; + unsigned int *pflags; + + dl = dlopen(lib, RTLD_NOW); + if (dl == NULL) { + fail("could not dlopen %s\n", lib); + exit(1); + } + + pflags = dlsym(dl, "pkcs11_mock_flags"); + if (pflags == NULL) { + fail("could find pkcs11_mock_flags\n"); + exit(1); + } + + *pflags = MOCK_FLAG_ALWAYS_AUTH; + } + + data.data = (void*)"\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\x34\xb6\xf6\x08\x29\x4c\x50\x31\x2b\xbb"; + data.size = 20; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_obj_init(&obj); + assert(ret>=0); + + gnutls_pkcs11_obj_set_pin_function(obj, pin_func, NULL); + + ret = gnutls_pkcs11_obj_import_url(obj, "pkcs11:object=test;type=private", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + assert(ret>=0); + + ret = gnutls_pkcs11_obj_get_flags(obj, &flags); + assert(ret>=0); + + if (!(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH)) { + fail("key object doesn't have the always authenticate flag\n"); + } + gnutls_pkcs11_obj_deinit(obj); + + + ret = gnutls_privkey_init(&key); + assert(ret>=0); + + gnutls_privkey_set_pin_function(key, pin_func, NULL); + + ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + pin_called = 0; + + ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + if (pin_called == 0) { + fail("PIN function wasn't called!\n"); + } + pin_called = 0; + + gnutls_free(sig.data); + + /* call again - should re-authenticate */ + ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + if (pin_called == 0) { + fail("PIN function wasn't called twice!\n"); + } + pin_called = 0; + + gnutls_free(sig.data); + + if (debug) + printf("done\n\n\n"); + + gnutls_privkey_deinit(key); + gnutls_pkcs11_deinit(); + gnutls_global_deinit(); +} +#endif diff --git a/tests/pkcs11/pkcs11-privkey-export.c b/tests/pkcs11/pkcs11-privkey-export.c new file mode 100644 index 0000000..ce22ea7 --- /dev/null +++ b/tests/pkcs11/pkcs11-privkey-export.c @@ -0,0 +1,157 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" + +/* This checks whether the public parts of RSA private and public keys + * can be properly extracted from a PKCS#11 module. */ + +#define PIN "1234" +#ifdef _WIN32 +# define P11LIB "libpkcs11mock1.dll" +#else +# include +# define P11LIB "libpkcs11mock1.so" +#endif + + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +void doit(void) +{ + int ret; + const char *lib; + gnutls_privkey_t key; + gnutls_pubkey_t pub; + gnutls_datum_t m1, e1; + gnutls_datum_t m2, e2; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_privkey_init(&key); + assert(ret>=0); + ret = gnutls_pubkey_init(&pub); + assert(ret>=0); + + gnutls_privkey_set_pin_function(key, pin_func, NULL); + + ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pubkey_import_privkey(pub, key, 0, 0); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pubkey_export_rsa_raw(pub, &m1, &e1); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pubkey_deinit(pub); + gnutls_privkey_deinit(key); + + /* try again using gnutls_pubkey_import_url */ + ret = gnutls_pubkey_init(&pub); + assert(ret>=0); + + ret = gnutls_pubkey_import_url(pub, "pkcs11:object=test;type=public", 0); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pubkey_export_rsa_raw(pub, &m2, &e2); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(m1.size == m2.size); + assert(e1.size == e2.size); + assert(memcmp(e1.data, e2.data, e2.size)==0); + assert(memcmp(m1.data, m2.data, m2.size)==0); + + gnutls_pubkey_deinit(pub); + gnutls_free(m1.data); + gnutls_free(e1.data); + gnutls_free(m2.data); + gnutls_free(e2.data); + gnutls_pkcs11_deinit(); + gnutls_global_deinit(); +} diff --git a/tests/pkcs11/pkcs11-privkey-fork-reinit.c b/tests/pkcs11/pkcs11-privkey-fork-reinit.c new file mode 100644 index 0000000..a725842 --- /dev/null +++ b/tests/pkcs11/pkcs11-privkey-fork-reinit.c @@ -0,0 +1,166 @@ +/* + * Copyright (C) 2016-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" + +/* Tests whether a gnutls_privkey_t will continue to work after + * a fork(), when gnutls_pkcs11_reinit() is manually called. */ + +#if defined(HAVE___REGISTER_ATFORK) + +#define PIN "1234" +#ifdef _WIN32 +# define P11LIB "libpkcs11mock1.dll" +#else +# include +# define P11LIB "libpkcs11mock1.so" +#endif + + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +void doit(void) +{ + int ret; + const char *lib; + gnutls_privkey_t key; + gnutls_datum_t sig = {NULL, 0}, data; + pid_t pid; + + data.data = (void*)"\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\x34\xb6\xf6\x08\x29\x4c\x50\x31\x2b\xbb"; + data.size = 20; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_privkey_init(&key); + assert(ret>=0); + + gnutls_privkey_set_pin_function(key, pin_func, NULL); + + ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_free(sig.data); + + pid = fork(); + if (pid != 0) { + int status; + assert(waitpid(pid, &status, 0) >= 0); + + if (WEXITSTATUS(status) != 0) { + fail("child return status was unexpected: %d\n", WEXITSTATUS(status)); + exit(1); + } + } else { /* child */ + + ret = gnutls_pkcs11_reinit(); + assert(ret == 0); + + ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_free(sig.data); + gnutls_privkey_deinit(key); + gnutls_pkcs11_deinit(); + gnutls_global_deinit(); + exit(0); + } + + if (debug) + printf("done\n\n\n"); + + gnutls_privkey_deinit(key); + gnutls_pkcs11_deinit(); + gnutls_global_deinit(); +} +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/pkcs11/pkcs11-privkey-fork.c b/tests/pkcs11/pkcs11-privkey-fork.c new file mode 100644 index 0000000..b99755c --- /dev/null +++ b/tests/pkcs11/pkcs11-privkey-fork.c @@ -0,0 +1,162 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" + +/* Tests whether a gnutls_privkey_t will continue to work after + * a fork(). */ + +#if defined(HAVE___REGISTER_ATFORK) + +#define PIN "1234" +#ifdef _WIN32 +# define P11LIB "libpkcs11mock1.dll" +#else +# include +# define P11LIB "libpkcs11mock1.so" +#endif + + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +void doit(void) +{ + int ret; + const char *lib; + gnutls_privkey_t key; + gnutls_datum_t sig = {NULL, 0}, data; + pid_t pid; + + data.data = (void*)"\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\x34\xb6\xf6\x08\x29\x4c\x50\x31\x2b\xbb"; + data.size = 20; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_privkey_init(&key); + assert(ret>=0); + + gnutls_privkey_set_pin_function(key, pin_func, NULL); + + ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_free(sig.data); + + pid = fork(); + if (pid != 0) { + int status; + assert(waitpid(pid, &status, 0) >= 0); + + if (WEXITSTATUS(status) != 0) { + fail("child return status was unexpected: %d\n", WEXITSTATUS(status)); + exit(1); + } + } else { /* child */ + ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_free(sig.data); + gnutls_privkey_deinit(key); + gnutls_pkcs11_deinit(); + gnutls_global_deinit(); + exit(0); + } + + if (debug) + printf("done\n\n\n"); + + gnutls_privkey_deinit(key); + gnutls_pkcs11_deinit(); + gnutls_global_deinit(); +} +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/pkcs11/pkcs11-privkey-generate.c b/tests/pkcs11/pkcs11-privkey-generate.c new file mode 100644 index 0000000..102cf4b --- /dev/null +++ b/tests/pkcs11/pkcs11-privkey-generate.c @@ -0,0 +1,173 @@ +/* + * Copyright (C) 2018 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#ifdef _WIN32 + +void doit(void) +{ + exit(77); +} + +#else + +#include "../utils.h" +#include "softhsm.h" +#include + +#define CONFIG_NAME "softhsm-generate" +#define CONFIG CONFIG_NAME".config" +#define PIN "1234" +/* Tests whether a gnutls_privkey_generate3 will work generate a key + * which is marked as sensitive. + */ + +static unsigned pin_called = 0; +static const char *_pin = PIN; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (_pin == NULL) + return -1; + + strcpy(pin, _pin); + pin_called++; + return 0; +} + +void doit(void) +{ + char buf[128]; + int ret; + const char *lib, *bin; + gnutls_datum_t out; + unsigned flags; + gnutls_pkcs11_obj_t obj; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + bin = softhsm_bin(); + + lib = softhsm_lib(); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); + system(buf); + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + + /* generate sensitive */ + ret = gnutls_pkcs11_privkey_generate3("pkcs11:token=test", GNUTLS_PK_RSA, 2048, + "testkey", NULL, GNUTLS_X509_FMT_DER, + &out, 0, GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_pkcs11_obj_init(&obj) >= 0); + assert(out.size > 0); + + gnutls_pkcs11_obj_set_pin_function(obj, pin_func, NULL); + assert(gnutls_pkcs11_obj_import_url(obj, "pkcs11:token=test;object=testkey;type=private", GNUTLS_PKCS11_OBJ_FLAG_LOGIN) >= 0); + + assert(gnutls_pkcs11_obj_get_flags(obj, &flags) >= 0); + + assert(!(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE)); + assert(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); + + gnutls_free(out.data); + gnutls_pkcs11_obj_deinit(obj); + + /* generate non-sensitive */ + ret = gnutls_pkcs11_privkey_generate3("pkcs11:token=test", GNUTLS_PK_RSA, 2048, + "testkey2", NULL, GNUTLS_X509_FMT_DER, + &out, 0, GNUTLS_PKCS11_OBJ_FLAG_LOGIN|GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_pkcs11_obj_init(&obj) >= 0); + assert(out.size > 0); + + gnutls_pkcs11_obj_set_pin_function(obj, pin_func, NULL); + assert(gnutls_pkcs11_obj_import_url(obj, "pkcs11:token=test;object=testkey2;type=private", GNUTLS_PKCS11_OBJ_FLAG_LOGIN) >= 0); + + assert(gnutls_pkcs11_obj_get_flags(obj, &flags) >= 0); + + assert(!(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)); + assert(flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE); + + gnutls_free(out.data); + gnutls_pkcs11_obj_deinit(obj); + + gnutls_pkcs11_deinit(); + gnutls_global_deinit(); + remove(CONFIG); +} +#endif diff --git a/tests/pkcs11/pkcs11-privkey-pthread.c b/tests/pkcs11/pkcs11-privkey-pthread.c new file mode 100644 index 0000000..8b23759 --- /dev/null +++ b/tests/pkcs11/pkcs11-privkey-pthread.c @@ -0,0 +1,195 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +# include +# include +#endif +#include "utils.h" + +#if !defined(HAVE___REGISTER_ATFORK) + +void doit(void) +{ + exit(77); +} + +#else + +#ifdef _WIN32 +# define P11LIB "libpkcs11mock1.dll" +#else +# include +# define P11LIB "libpkcs11mock1.so" +#endif + +/* Tests whether we can use gnutls_privkey_sign() under multiple threads + * with the same key when PKCS#11 is in use. + */ + +#include "../cert-common.h" + +#define PIN "1234" + +static const gnutls_datum_t testdata = {(void*)"test test", 9}; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +typedef struct thread_data_st { + gnutls_privkey_t pkey; + pthread_t id; +} thread_data_st; + +static void *start_thread(void *arg) +{ + thread_data_st *data = arg; + int ret; + gnutls_datum_t sig; + + ret = gnutls_privkey_sign_data(data->pkey, GNUTLS_DIG_SHA256, 0, &testdata, &sig); + if (ret < 0) + pthread_exit((void*)-2); + + gnutls_free(sig.data); + + pthread_exit(0); +} + +#define MAX_THREADS 48 + +static +void do_thread_stuff(gnutls_privkey_t pkey) +{ + int ret; + thread_data_st *data; + unsigned i; + void *retval; + + data = calloc(1, sizeof(thread_data_st)*MAX_THREADS); + if (data == NULL) + abort(); + + for (i=0;i +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#ifdef _WIN32 + +void doit(void) +{ + exit(77); +} + +#else + +# include "utils.h" +# include "pkcs11-mock-ext.h" + +/* Tests whether a gnutls_privkey_t will work properly with a key marked + * as always authenticate, but on the safenet HSMs where CKA_ALWAYS_AUTHENTICATE + * is not supported */ + +static unsigned pin_called = 0; +static const char *_pin = "1234"; + +# include +# define P11LIB "libpkcs11mock1.so" + + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (_pin == NULL) + return -1; + + strcpy(pin, _pin); + pin_called++; + return 0; +} + +void doit(void) +{ + int ret; + const char *lib; + gnutls_privkey_t key; + gnutls_datum_t sig = {NULL, 0}, data; + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + { + void *dl; + unsigned int *pflags; + + dl = dlopen(lib, RTLD_NOW); + if (dl == NULL) { + fail("could not dlopen %s\n", lib); + exit(1); + } + + pflags = dlsym(dl, "pkcs11_mock_flags"); + if (pflags == NULL) { + fail("could find pkcs11_mock_flags\n"); + exit(1); + } + + *pflags = MOCK_FLAG_SAFENET_ALWAYS_AUTH; + } + + data.data = (void*)"\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\x34\xb6\xf6\x08\x29\x4c\x50\x31\x2b\xbb"; + data.size = 20; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_privkey_init(&key); + assert(ret>=0); + + gnutls_privkey_set_pin_function(key, pin_func, NULL); + + ret = gnutls_privkey_import_url(key, "pkcs11:object=test", GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + pin_called = 0; + + ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + if (pin_called == 0) { + fail("PIN function wasn't called!\n"); + } + pin_called = 0; + + gnutls_free(sig.data); + + /* call again - should re-authenticate */ + ret = gnutls_privkey_sign_hash(key, GNUTLS_DIG_SHA1, 0, &data, &sig); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + if (pin_called == 0) { + fail("PIN function wasn't called twice!\n"); + } + pin_called = 0; + + gnutls_free(sig.data); + + if (debug) + printf("done\n\n\n"); + + gnutls_privkey_deinit(key); + gnutls_pkcs11_deinit(); + gnutls_global_deinit(); +} +#endif diff --git a/tests/pkcs11/pkcs11-privkey.c b/tests/pkcs11/pkcs11-privkey.c new file mode 100644 index 0000000..a4217d4 --- /dev/null +++ b/tests/pkcs11/pkcs11-privkey.c @@ -0,0 +1,269 @@ +/* + * Copyright (C) 2014 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include +#include +#include + +#include "../utils.h" +#include "softhsm.h" + +/* Tests whether gnutls_certificate_set_x509_key_file2() will utilize + * the provided password as PIN when PKCS #11 keys are imported */ + +#define CONFIG_NAME "softhsm-privkey" +#define CONFIG CONFIG_NAME".config" + +static unsigned char server_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIICdDCCAd2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAaMQswCQYDVQQDEwJDQTEL\n" +"MAkGA1UEBhMCQ1owIhgPMjAxMzExMTAwODI1MjdaGA8yMDIwMTIxMzA4MjUyN1ow\n" +"HjEPMA0GA1UEAxMGQ2xpZW50MQswCQYDVQQGEwJDWjCBnzANBgkqhkiG9w0BAQEF\n" +"AAOBjQAwgYkCgYEAvQRIzvKyhr3tqmB4Pe+91DWSFayaNtcrDIT597bhxugVYW8o\n" +"jB206kx5aknAMA3PQGYcGqkLrt+nsJcmOIXDZsC6P4zeOSsF1PPhDAoX3bkUr2lF\n" +"MEt374eKdg1yvyhRxt4DOR6aD4gkC7fVtaYdgV6yXpJGMHV05LBIgQ7QtykCAwEA\n" +"AaOBwTCBvjAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMBgGA1Ud\n" +"EQQRMA+BDW5vbmVAbm9uZS5vcmcwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQU\n" +"Dbinh11GaaJcTyOpmxPYuttsiGowHwYDVR0jBBgwFoAUEg7aURJAVq70HG3MobA9\n" +"KGF+MwEwLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dl\n" +"dGNybC8wDQYJKoZIhvcNAQELBQADgYEAN/Henso+5zzuFQWTpJXlUsWtRQAFhRY3\n" +"WVt3xtnyPs4pF/LKBp3Ov0GLGBkz5YlyJGFNESSyUviMsH7g7rJM8i7Bph6BQTE9\n" +"XdqbZPc0opfms4EHjmlXj5HQ0f0yoxHnLk43CR+vmbn0JPuurnEKAwjznAJR8GxI\n" +"R2MRyMxdGqs=\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = +"-----BEGIN RSA PRIVATE KEY-----\n" +"MIICXQIBAAKBgQC9BEjO8rKGve2qYHg9773UNZIVrJo21ysMhPn3tuHG6BVhbyiM\n" +"HbTqTHlqScAwDc9AZhwaqQuu36ewlyY4hcNmwLo/jN45KwXU8+EMChfduRSvaUUw\n" +"S3fvh4p2DXK/KFHG3gM5HpoPiCQLt9W1ph2BXrJekkYwdXTksEiBDtC3KQIDAQAB\n" +"AoGBAKXrseIAB5jh9lPeNQ7heXhjwiXGiuTjAkYOIMNDRXPuXH5YLna4yQv3L4mO\n" +"zecg6DI2sCrzA29xoukP9ZweR4RUK2cS4/QggH9UgWP0QUpvj4nogyRkh7UrWyVV\n" +"xbboHcmgqWgNLR8GrEZqlpOWFiT+f+QAx783/khvP5QLNp6BAkEA3YvvqfPpepdv\n" +"UC/Uk/8LbVK0LGTSu2ynyl1fMbos9lkJNFdfPM31K6DHeqziIGSoWCSjAsN/e8V7\n" +"MU7egWtI+QJBANppSlO+PTYHWKeOWE7NkM1yVHxAiav9Oott0JywAH8RarfyTuCB\n" +"iyMJP8Rv920GsciDY4dyx0MBJF0tiH+5G7ECQQDQbU5UPbxyMPXwIo+DjHZbq2sG\n" +"OPRoj5hrsdxVFCoouSsHqwtWUQ1Otjv1FaDHiOs3wX/6oaHV97wmb2S1rRFBAkAq\n" +"prELFXVinaCkZ9m62c3TMOZqtTetTHAoVjOMxZnzNnV+omTg1qtTFjVLqQnKUqpZ\n" +"G79N7g4XeZueTov/VSihAkAwGeDXvQ8NlrBlZACCKp1sUqaJptuJ438Qwztbl3Pq\n" +"E6/8TD5yXtrLt9S2LNAFw1i7LVksUB8IbQNTuuwV7LYI\n" +"-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + + +/* GnuTLS internally calls time() to find out the current time when + verifying certificates. To avoid a time bomb, we hard code the + current time. This should work fine on systems where the library + call to time is resolved at run-time. */ +static time_t mytime(time_t * t) +{ + time_t then = 1412850586; + + if (t) + *t = then; + + return then; +} + +#define PIN "1234" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +void doit(void) +{ + char buf[128]; + int exit_val = 0; + int ret; + const char *lib, *bin; + gnutls_x509_crt_t crt; + gnutls_x509_privkey_t key; + gnutls_certificate_credentials_t cred; + gnutls_datum_t tmp; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + /* The overloading of time() seems to work in linux (ELF?) + * systems only. Disable it on windows. + */ +#ifdef _WIN32 + exit(77); +#endif + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, "trusted"); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_crt_import(crt, &server_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (debug) { + gnutls_x509_crt_print(crt, + GNUTLS_CRT_PRINT_ONELINE, + &tmp); + + printf("\tCertificate: %.*s\n", + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_privkey_import(key, &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, GNUTLS_PIN_USER); + if (ret < 0) { + fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, crt, "cert", + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, key, "cert", GNUTLS_KEY_DIGITAL_SIGNATURE|GNUTLS_KEY_KEY_ENCIPHERMENT, + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_privkey: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_deinit(crt); + gnutls_x509_privkey_deinit(key); + gnutls_pkcs11_set_pin_function(NULL, NULL); + + /* Test whether gnutls_certificate_set_x509_key_file2() would import the keys + * when the PIN is provided as parameter */ + + ret = gnutls_certificate_allocate_credentials(&cred); + if (ret < 0) { + fail("gnutls_certificate_allocate_credentials: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_certificate_set_x509_key_file2(cred, SOFTHSM_URL";object=cert;object-type=cert", SOFTHSM_URL";object=cert;object-type=private", 0, PIN, 0); + if (ret < 0) { + fail("gnutls_certificate_set_x509_key_file2: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_certificate_free_credentials(cred); + + gnutls_global_deinit(); + + if (debug) + printf("Exit status...%d\n", exit_val); + remove(CONFIG); + + exit(exit_val); +} diff --git a/tests/pkcs11/pkcs11-pubkey-import-ecdsa.c b/tests/pkcs11/pkcs11-pubkey-import-ecdsa.c new file mode 100644 index 0000000..6ee42e8 --- /dev/null +++ b/tests/pkcs11/pkcs11-pubkey-import-ecdsa.c @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include "softhsm.h" + +#define CONFIG_NAME "softhsm-pubkey-import-ecdsa" +#define CONFIG CONFIG_NAME".config" + +#include "pkcs11-pubkey-import.c" + +void doit(void) +{ +#ifdef SOFTHSM_V1 + exit(77); +#else + success("Testing ECDSA key\n"); + return try(0); +#endif +} diff --git a/tests/pkcs11/pkcs11-pubkey-import-rsa.c b/tests/pkcs11/pkcs11-pubkey-import-rsa.c new file mode 100644 index 0000000..f0d64ab --- /dev/null +++ b/tests/pkcs11/pkcs11-pubkey-import-rsa.c @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#define CONFIG_NAME "softhsm-pubkey-import-rsa" +#define CONFIG CONFIG_NAME".config" + +#include "pkcs11-pubkey-import.c" + +void doit(void) +{ + success("Testing RSA key\n"); + return try(1); +} diff --git a/tests/pkcs11/pkcs11-pubkey-import.c b/tests/pkcs11/pkcs11-pubkey-import.c new file mode 100644 index 0000000..57d0d59 --- /dev/null +++ b/tests/pkcs11/pkcs11-pubkey-import.c @@ -0,0 +1,219 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "../utils.h" +#include "softhsm.h" + +/* Tests whether gnutls_pubkey_import_privkey works well for + * RSA keys under PKCS #11 */ + + +#include "../cert-common.h" + +#define PIN "1234" + +static const gnutls_datum_t testdata = {(void*)"test test", 9}; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +static void try(int rsa) +{ + char buf[128]; + int ret, pk; + const char *lib, *bin; + gnutls_x509_crt_t crt; + gnutls_x509_privkey_t key; + gnutls_datum_t tmp, sig; + gnutls_privkey_t pkey; + gnutls_pubkey_t pubkey; + gnutls_pubkey_t pubkey2; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, "trusted"); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_crt_import(crt, rsa?&server_cert:&server_ecc_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (debug) { + gnutls_x509_crt_print(crt, + GNUTLS_CRT_PRINT_ONELINE, + &tmp); + + printf("\tCertificate: %.*s\n", + tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_privkey_import(key, rsa?&server_key:&server_ecc_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, GNUTLS_PIN_USER); + if (ret < 0) { + fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, crt, "cert", + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, key, "cert", GNUTLS_KEY_DIGITAL_SIGNATURE|GNUTLS_KEY_KEY_ENCIPHERMENT, + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_privkey: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_deinit(crt); + gnutls_x509_privkey_deinit(key); + gnutls_pkcs11_set_pin_function(NULL, NULL); + + assert(gnutls_privkey_init(&pkey) == 0); + + ret = gnutls_privkey_import_pkcs11_url(pkey, SOFTHSM_URL";object=cert;object-type=private;pin-value="PIN); + if (ret < 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_pubkey_init(&pubkey) == 0); + assert(gnutls_pubkey_import_privkey(pubkey, pkey, 0, 0) == 0); + + pk = gnutls_pubkey_get_pk_algorithm(pubkey, NULL); + + /* check whether privkey and pubkey are operational + * by signing and verifying */ + assert(gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA256, 0, &testdata, &sig) == 0); + + /* verify against the raw pubkey */ + assert(gnutls_pubkey_init(&pubkey2) == 0); + assert(gnutls_pubkey_import_x509_raw(pubkey2, rsa?&server_cert:&server_ecc_cert, GNUTLS_X509_FMT_PEM, 0) == 0); + assert(gnutls_pubkey_verify_data2(pubkey2, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA256), 0, &testdata, &sig) == 0); + + /* verify against the pubkey in PKCS #11 */ + assert(gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(pk, GNUTLS_DIG_SHA256), 0, &testdata, &sig) == 0); + + gnutls_free(sig.data); + + gnutls_pubkey_deinit(pubkey2); + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(pkey); + + gnutls_global_deinit(); + + remove(CONFIG); +} + diff --git a/tests/pkcs11/pkcs11-rsa-pss-privkey-test.c b/tests/pkcs11/pkcs11-rsa-pss-privkey-test.c new file mode 100644 index 0000000..2d1d093 --- /dev/null +++ b/tests/pkcs11/pkcs11-rsa-pss-privkey-test.c @@ -0,0 +1,274 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "../utils.h" +#include "softhsm.h" + +#define CONFIG_NAME "softhsm-privkey-rsa-pss-test" +#define CONFIG CONFIG_NAME".config" + +/* Tests whether signing with PKCS#11 and RSA-PSS would + * generate valid signatures */ + +#include "../cert-common.h" + +#define PIN "1234" + +static const gnutls_datum_t testdata = { (void *)"test test", 9 }; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static +int pin_func(void *userdata, int attempt, const char *url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +#define myfail(fmt, ...) \ + fail("%s (iter %d): "fmt, gnutls_sign_get_name(sigalgo), i, ##__VA_ARGS__) + +static unsigned verify_rsa_pss_presence(void) +{ + unsigned i; + unsigned long mechanism; + int ret; + + i = 0; + do { + ret = gnutls_pkcs11_token_get_mechanism("pkcs11:", i++, &mechanism); + if (ret >= 0 && mechanism == 0xd /* CKM_RSA_PKCS_PSS*/) + return 1; + } while(ret>=0); + + return 0; +} + +void doit(void) +{ + char buf[128]; + int ret; + const char *lib, *bin; + gnutls_x509_crt_t crt; + gnutls_x509_privkey_t key; + gnutls_datum_t tmp, sig; + gnutls_privkey_t pkey; + gnutls_pubkey_t pubkey; + gnutls_pubkey_t pubkey2; + unsigned i, sigalgo; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + bin = softhsm_bin(); + + lib = softhsm_lib(); + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), + "%s --init-token --slot 0 --label test --so-pin " PIN " --pin " + PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret < 0) { + fprintf(stderr, "gnutls_x509_crt_init: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (verify_rsa_pss_presence() == 0) { + fprintf(stderr, "Skipping test as no RSA-PSS mech is supported\n"); + exit(77); + } + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_crt_import(crt, &cli_ca3_rsa_pss_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (debug) { + gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &tmp); + + printf("\tCertificate: %.*s\n", tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_privkey_import(key, &cli_ca3_rsa_pss_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, + GNUTLS_PIN_USER); + if (ret < 0) { + fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, crt, "cert", + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE | + GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, key, "cert", + GNUTLS_KEY_DIGITAL_SIGNATURE | + GNUTLS_KEY_KEY_ENCIPHERMENT, + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE + | + GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE + | GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_privkey: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_deinit(crt); + gnutls_x509_privkey_deinit(key); + gnutls_pkcs11_set_pin_function(NULL, NULL); + + assert(gnutls_privkey_init(&pkey) == 0); + + ret = + gnutls_privkey_import_pkcs11_url(pkey, + SOFTHSM_URL + ";object=cert;object-type=private;pin-value=" + PIN); + if (ret < 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, + gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_pubkey_init(&pubkey) == 0); + assert(gnutls_pubkey_import_privkey(pubkey, pkey, 0, 0) == 0); + + assert(gnutls_pubkey_init(&pubkey2) == 0); + assert(gnutls_pubkey_import_x509_raw + (pubkey2, &cli_ca3_rsa_pss_cert, GNUTLS_X509_FMT_PEM, 0) == 0); + + /* this is the algorithm supported by the certificate */ + sigalgo = GNUTLS_SIGN_RSA_PSS_SHA256; + + for (i = 0; i < 20; i++) { + /* check whether privkey and pubkey are operational + * by signing and verifying */ + ret = + gnutls_privkey_sign_data2(pkey, sigalgo, 0, + &testdata, &sig); + if (ret < 0) + myfail("Error signing data %s\n", gnutls_strerror(ret)); + + /* verify against the pubkey in PKCS #11 */ + ret = + gnutls_pubkey_verify_data2(pubkey, sigalgo, 0, + &testdata, &sig); + if (ret < 0) + myfail("Error verifying data1: %s\n", + gnutls_strerror(ret)); + + /* verify against the raw pubkey */ + ret = + gnutls_pubkey_verify_data2(pubkey2, sigalgo, 0, + &testdata, &sig); + if (ret < 0) + myfail("Error verifying data2: %s\n", + gnutls_strerror(ret)); + + gnutls_free(sig.data); + } + + gnutls_pubkey_deinit(pubkey2); + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(pkey); + + gnutls_global_deinit(); + + remove(CONFIG); +} diff --git a/tests/pkcs11/pkcs11-token-raw.c b/tests/pkcs11/pkcs11-token-raw.c new file mode 100644 index 0000000..04ff12d --- /dev/null +++ b/tests/pkcs11/pkcs11-token-raw.c @@ -0,0 +1,175 @@ +/* + * Copyright (C) 2016-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#ifndef CRYPTOKI_GNU +# define CRYPTOKI_GNU +#endif +#include + +#include "utils.h" + +/* Tests whether a gnutls_pkcs11_token_get_ptr returns valid handles. */ + +#if defined(HAVE___REGISTER_ATFORK) + +#ifdef _WIN32 +# define P11LIB "libpkcs11mock1.dll" +#else +# include +# define P11LIB "libpkcs11mock1.so" +#endif + + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +#define TOKEN_NAME "whatever" +void doit(void) +{ + int ret; + const char *lib; + unsigned long slot_id; + struct ck_function_list *mod; + struct ck_info info; + struct ck_token_info tinfo; + ck_rv_t rv; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + lib = getenv("P11MOCKLIB1"); + if (lib == NULL) + lib = P11LIB; + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + { + static const char url[] = "pkcs11:token="TOKEN_NAME; + + /* Testing a too small buffer */ + size_t size = 1; + char *buf = gnutls_malloc(size); + assert(buf != NULL); + ret = gnutls_pkcs11_token_get_info(url, + GNUTLS_PKCS11_TOKEN_LABEL, + buf, &size); + assert(ret == GNUTLS_E_SHORT_MEMORY_BUFFER); + assert(size == strlen(TOKEN_NAME)+1); + + /* Testing a too small buffer by one */ + size -= 1; + buf = gnutls_realloc(buf, size); + assert(buf != NULL); + ret = gnutls_pkcs11_token_get_info(url, + GNUTLS_PKCS11_TOKEN_LABEL, + buf, &size); + assert(ret == GNUTLS_E_SHORT_MEMORY_BUFFER); + assert(size == strlen(TOKEN_NAME)+1); + + /* Testing an exactly fitting buffer */ + buf = gnutls_realloc(buf, size); + assert(buf != NULL); + ret = gnutls_pkcs11_token_get_info(url, + GNUTLS_PKCS11_TOKEN_LABEL, + buf, &size); + assert(ret == 0); + assert(strcmp(buf, TOKEN_NAME) == 0); + assert(size == strlen(TOKEN_NAME)); + + gnutls_free(buf); + } + + ret = gnutls_pkcs11_token_get_ptr("pkcs11:token=invalid", (void**)&mod, &slot_id, 0); + assert(ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + ret = gnutls_pkcs11_token_get_ptr("pkcs11:", (void**)&mod, &slot_id, 0); + if (ret < 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + rv = mod->C_GetInfo(&info); + if (rv != CKR_OK) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(info.cryptoki_version.major == 0x02); + assert(info.cryptoki_version.minor == 0x14); + assert(info.flags == 0); + assert(info.library_version.major == 0x01); + assert(info.library_version.minor == 0x00); + + rv = mod->C_GetTokenInfo(slot_id, &tinfo); + if (rv != CKR_OK) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(tinfo.session_count == 0); + assert(tinfo.hardware_version.major == 0x01); + assert(tinfo.firmware_version.major == 0x01); + + if (debug) + printf("done\n\n\n"); + + gnutls_pkcs11_deinit(); + gnutls_global_deinit(); +} +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/pkcs11/softhsm.h b/tests/pkcs11/softhsm.h new file mode 100644 index 0000000..725d29e --- /dev/null +++ b/tests/pkcs11/softhsm.h @@ -0,0 +1,125 @@ +/* + * Copyright (C) 2014 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef SOFTHSM_H +# define SOFTHSM_H + +#include + +#define SOFTHSM_V2 + +#ifdef SOFTHSM_V1 +# define SOFTHSM_URL "pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=test" +# define LIB1 "/usr/lib64/pkcs11/libsofthsm.so" +# define LIB2 "/usr/lib/pkcs11/libsofthsm.so" +# define LIB3 "/usr/lib/softhsm/libsofthsm.so" +# define LIB4 "/usr/local/lib/softhsm/libsofthsm.so" +# define SOFTHSM_BIN1 "/usr/bin/softhsm" +# define SOFTHSM_BIN2 "/usr/local/bin/softhsm" +# define SOFTHSM_ENV "SOFTHSM_CONF" +#else +# define SOFTHSM_URL "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;token=test" +# define LIB1 "/usr/lib64/pkcs11/libsofthsm2.so" +# define LIB2 "/usr/lib/pkcs11/libsofthsm2.so" +# define LIB3 "/usr/lib/softhsm/libsofthsm2.so" +# define LIB4 "/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so" +# define SOFTHSM_BIN1 "/usr/bin/softhsm2-util" +# define SOFTHSM_BIN2 "/usr/local/bin/softhsm2-util" +# define SOFTHSM_ENV "SOFTHSM2_CONF" +#endif + + +inline static const char *softhsm_lib(void) +{ + const char *lib; + + if (sizeof(long) == 8 && access(LIB1, R_OK) == 0) { + lib = LIB1; + } else if (access(LIB2, R_OK) == 0) { + lib = LIB2; + } else if (access(LIB3, R_OK) == 0) { + lib = LIB3; + } else if (sizeof(long) == 8 && access(LIB4, R_OK) == 0) { + lib = LIB4; + } else { + fprintf(stderr, "cannot find softhsm module\n"); + exit(77); + } + + return lib; +} + +inline static const char *softhsm_bin(void) +{ + const char *bin; + + if (access(SOFTHSM_BIN1, X_OK) == 0) { + bin = SOFTHSM_BIN1; + } else if (access(SOFTHSM_BIN2, X_OK) == 0) { + bin = SOFTHSM_BIN2; + } else { + fprintf(stderr, "cannot find softhsm bin\n"); + exit(77); + } + + return bin; +} + +static +void set_softhsm_conf(const char *config) +{ + char buf[128]; + char db_dir[128]; + FILE *fp; + + snprintf(db_dir, sizeof(db_dir), "%s.db", config); + + unsetenv(SOFTHSM_ENV); + remove(config); + fp = fopen(config, "w"); + if (fp == NULL) { + fprintf(stderr, "error writing %s\n", config); + exit(1); + } + +#ifdef SOFTHSM_V1 + remove(db_dir); + snprintf(buf, sizeof(buf), "0:./%s\n", db_dir); + fputs(buf, fp); +#else + fputs("directories.tokendir = ", fp); + fputs(db_dir, fp); + fputs("\n", fp); + fputs("objectstore.backend = file\n", fp); + + if (strlen(db_dir) < 6) { + fprintf(stderr, "too short name for db: %s\n", db_dir); + exit(1); + } + snprintf(buf, sizeof(buf), "rm -rf %s\n", db_dir); + system(buf); + mkdir(db_dir, 0755); +#endif + fclose(fp); + + setenv(SOFTHSM_ENV, config, 0); +} + +#endif diff --git a/tests/pkcs11/tls-neg-pkcs11-key.c b/tests/pkcs11/tls-neg-pkcs11-key.c new file mode 100644 index 0000000..25f08ac --- /dev/null +++ b/tests/pkcs11/tls-neg-pkcs11-key.c @@ -0,0 +1,488 @@ +/* + * Copyright (C) 2017 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This tests TLS negotiation using the gnutls_privkey_import_ext2() APIs */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "eagain-common.h" +#include "utils.h" +#include "softhsm.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +#define CONFIG_NAME "softhsm-neg" +#define CONFIG CONFIG_NAME".config" +#define PIN "1234" + +#define testfail(fmt, ...) \ + fail("%s: "fmt, name, ##__VA_ARGS__) + +static unsigned verify_eddsa_presence(void) +{ + unsigned i; + unsigned long mechanism; + int ret; + + i = 0; + do { + ret = gnutls_pkcs11_token_get_mechanism("pkcs11:", i++, &mechanism); + if (ret >= 0 && mechanism == 0x1057 /* CKM_EDDSA */) + return 1; + } while(ret>=0); + + return 0; +} + +static gnutls_privkey_t load_virt_privkey(const char *name, const gnutls_datum_t *txtkey, + int exp_key_err, unsigned needs_decryption) +{ + unsigned flags; + gnutls_privkey_t privkey; + gnutls_x509_privkey_t tmp; + int ret; + + ret = gnutls_x509_privkey_init(&tmp); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = gnutls_x509_privkey_import(tmp, txtkey, GNUTLS_X509_FMT_PEM); + if (ret < 0) + testfail("gnutls_privkey_import: %s\n", gnutls_strerror(ret)); + + if (needs_decryption) + flags = GNUTLS_KEY_KEY_ENCIPHERMENT; + else + flags = GNUTLS_KEY_DIGITAL_SIGNATURE; + + ret = gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, tmp, "key", flags, + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE|GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE|GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + gnutls_x509_privkey_deinit(tmp); + + if (ret < 0) { + if (ret == exp_key_err) { + return NULL; + } + fail("gnutls_pkcs11_copy_x509_privkey: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = + gnutls_privkey_import_url(privkey, SOFTHSM_URL";object=key", 0); + if (ret < 0) { + if (ret == exp_key_err) { + gnutls_privkey_deinit(privkey); + return NULL; + } + testfail("gnutls_privkey_import: %s\n", gnutls_strerror(ret)); + } + + if (exp_key_err) { + testfail("did not fail in key import, although expected\n"); + } + + return privkey; +} + +static +void try_with_key(const char *name, const char *client_prio, + gnutls_kx_algorithm_t client_kx, + gnutls_sign_algorithm_t server_sign_algo, + gnutls_sign_algorithm_t client_sign_algo, + const gnutls_datum_t *serv_cert, + gnutls_privkey_t key, + int exp_serv_err) +{ + int ret; + gnutls_pcert_st pcert_list[4]; + unsigned pcert_list_size; + /* Server stuff. */ + gnutls_certificate_credentials_t s_xcred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t c_xcred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN, version; + const char *err; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + reset_buffers(); + /* Init server */ + gnutls_certificate_allocate_credentials(&s_xcred); + + pcert_list_size = sizeof(pcert_list)/sizeof(pcert_list[0]); + ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, + serv_cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + testfail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(s_xcred, NULL, 0, pcert_list, + pcert_list_size, key); + if (ret < 0) { + testfail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + } + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + s_xcred); + + assert(gnutls_priority_set_direct(server, + "NORMAL:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519", + NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&c_xcred); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + c_xcred); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Error in %s\n", err); + exit(1); + } + if (exp_serv_err) { + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, exp_serv_err); + goto cleanup; + } else { + HANDSHAKE(client, server); + } + + if (gnutls_kx_get(client) != client_kx) { + testfail("%s: got unexpected key exchange algorithm: %s (expected %s)\n", name, gnutls_kx_get_name(gnutls_kx_get(client)), + gnutls_kx_get_name(client_kx)); + exit(1); + } + + /* test signature algorithm match */ + version = gnutls_protocol_get_version(client); + if (version >= GNUTLS_TLS1_2) { + ret = gnutls_sign_algorithm_get(server); + if (ret != (int)server_sign_algo && server_sign_algo != 0) { + testfail("%s: got unexpected server signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get_client(server); + if (ret != (int)client_sign_algo && client_sign_algo != 0) { + testfail("%s: got unexpected client signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get(client); + if (ret != (int)server_sign_algo && server_sign_algo != 0) { + testfail("%s: cl: got unexpected server signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get_client(client); + if (ret != (int)client_sign_algo && client_sign_algo != 0) { + testfail("%s: cl: got unexpected client signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + cleanup: + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(s_xcred); + gnutls_certificate_free_credentials(c_xcred); +} + +typedef struct test_st { + const char *name; + gnutls_pk_algorithm_t pk; + const char *prio; + const gnutls_datum_t *cert; + const gnutls_datum_t *key; + gnutls_kx_algorithm_t exp_kx; + int exp_key_err; + int exp_serv_err; + int needs_eddsa; + int needs_decryption; + int nofips; + unsigned requires_pkcs11_pss; +} test_st; + +static const test_st tests[] = { + {.name = "tls1.2: rsa-decryption key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:-KX-ALL:+RSA:-VERS-TLS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_localhost_rsa_decrypt_cert, + .key = &server_ca3_key, + .exp_kx = GNUTLS_KX_RSA, + .needs_decryption = 1 + }, + {.name = "tls1.2: rsa-decryption key, signatures prioritized", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+RSA:-VERS-TLS-ALL:+VERS-TLS1.2:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .exp_kx = GNUTLS_KX_RSA, + .needs_decryption = 1 + }, + {.name = "tls1.2: ecc key", + .pk = GNUTLS_PK_ECDSA, + .prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_localhost_ecc_cert, + .key = &server_ca3_ecc_key, + .exp_kx = GNUTLS_KX_ECDHE_ECDSA + }, + {.name = "tls1.2: rsa-sign key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "tls1.2: rsa-sign key with rsa-pss sigs prioritized", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:-VERS-TLS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "tls1.2: rsa-pss-sign key", + .pk = GNUTLS_PK_RSA_PSS, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_rsa_pss2_cert, + .key = &server_ca3_rsa_pss2_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .requires_pkcs11_pss = 1, + }, + {.name = "tls1.2: rsa-pss cert, rsa-sign key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_rsa_pss_cert, + .key = &server_ca3_rsa_pss_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .requires_pkcs11_pss = 1, + }, + {.name = "tls1.2: rsa-pss cert, rsa-sign key no PSS signatures", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2:-SIGN-RSA-PSS-SHA256:-SIGN-RSA-PSS-SHA384:-SIGN-RSA-PSS-SHA512:-SIGN-RSA-PSS-RSAE-SHA256:-SIGN-RSA-PSS-RSAE-SHA384:-SIGN-RSA-PSS-RSAE-SHA512", + .cert = &server_ca3_rsa_pss_cert, + .key = &server_ca3_rsa_pss_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .exp_serv_err = GNUTLS_E_NO_CIPHER_SUITES + }, + {.name = "tls1.2: ed25519 cert, ed25519 key", + .pk = GNUTLS_PK_EDDSA_ED25519, + .needs_eddsa = 1, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA", + .cert = &server_ca3_eddsa_cert, + .key = &server_ca3_eddsa_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .nofips = 1 + }, + {.name = "tls1.3: ecc key", + .pk = GNUTLS_PK_ECDSA, + .prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3", + .cert = &server_ca3_localhost_ecc_cert, + .key = &server_ca3_ecc_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "tls1.3: rsa-sign key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "tls1.3: rsa-sign key with rsa-pss sigs prioritized", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-PSS-RSAE-SHA256:+SIGN-RSA-PSS-RSAE-SHA384:+SIGN-RSA-PSS-RSAE-SHA512:-VERS-TLS-ALL:+VERS-TLS1.3", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "tls1.3: rsa-pss-sign key", + .pk = GNUTLS_PK_RSA_PSS, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3", + .cert = &server_ca3_rsa_pss2_cert, + .key = &server_ca3_rsa_pss2_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .requires_pkcs11_pss = 1, + }, + {.name = "tls1.3: rsa-pss cert, rsa-sign key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3", + .cert = &server_ca3_rsa_pss_cert, + .key = &server_ca3_rsa_pss_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .requires_pkcs11_pss = 1, + }, + {.name = "tls1.3: rsa-pss cert, rsa-sign key no PSS signatures", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3:-SIGN-RSA-PSS-SHA256:-SIGN-RSA-PSS-SHA384:-SIGN-RSA-PSS-SHA512:-SIGN-RSA-PSS-RSAE-SHA256:-SIGN-RSA-PSS-RSAE-SHA384:-SIGN-RSA-PSS-RSAE-SHA512", + .cert = &server_ca3_rsa_pss_cert, + .key = &server_ca3_rsa_pss_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .exp_serv_err = GNUTLS_E_NO_CIPHER_SUITES + }, + {.name = "tls1.3: ed25519 cert, ed25519 key", + .needs_eddsa = 1, + .pk = GNUTLS_PK_EDDSA_ED25519, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA", + .cert = &server_ca3_eddsa_cert, + .key = &server_ca3_eddsa_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .nofips = 1 + } +}; + +static +int pin_func(void* userdata, int attempt, const char* url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +#ifndef CKM_RSA_PKCS_PSS +# define CKM_RSA_PKCS_PSS (0xdUL) +#endif + +void doit(void) +{ + gnutls_privkey_t privkey; + const char *bin, *lib; + char buf[512]; + unsigned int i, have_eddsa; + int ret; + + if (gnutls_fips140_mode_enabled()) + exit(77); + +#ifdef _WIN32 + exit(77); +#endif + bin = softhsm_bin(); + + lib = softhsm_lib(); + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + + /* initialize token */ + gnutls_pkcs11_set_pin_function(pin_func, NULL); + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), "%s --init-token --slot 0 --label test --so-pin "PIN" --pin "PIN, bin); + system(buf); + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret < 0) { + fail("gnutls_pkcs11_add_provider: %s\n", + gnutls_strerror(ret)); + } + + have_eddsa = verify_eddsa_presence(); + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "tls13/ext-parse.h" +#include "pkcs11/softhsm.h" +#include "utils.h" + +/* This program tests that TLS 1.3 is disabled as expected. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define P11LIB "libpkcs11mock2.so" + +#define PIN "1234" + +#define CONFIG_NAME "softhsm-neg-no-key" +#define CONFIG CONFIG_NAME".config" + +static +int pin_func(void *userdata, int attempt, const char *url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +static void client(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + ret = gnutls_certificate_allocate_credentials(&x509_cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(x509_cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + /* Initialize TLS session + */ + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + if (ret < 0) + fail("cannot set credentials\n"); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2", NULL); + if (ret < 0) + fail("cannot set priorities\n"); + + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (debug) + success("client handshake completed\n"); + + if (gnutls_protocol_get_version(session) == GNUTLS_TLS1_2) { + if (debug) + success("session is downgraded to TLS 1.2\n"); + } else + fail("session is NOT downgraded to TLS 1.2\n"); + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_WR); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + close(fd); + + gnutls_deinit(session); + + gnutls_global_deinit(); +} + +static void server(int fd) +{ + int ret; + const char *lib; + gnutls_x509_crt_t crt; + gnutls_x509_privkey_t key; + gnutls_datum_t tmp; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + /* point to SoftHSM token that libpkcs11mock2.so internally uses */ + setenv(SOFTHSM_ENV, CONFIG, 1); + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + + lib = getenv("P11MOCKLIB2"); + if (lib == NULL) + lib = P11LIB; + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_import(crt, &server_ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (debug) { + gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &tmp); + + printf("\tCertificate: %.*s\n", tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_import(key, &server_ca3_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, + GNUTLS_PIN_USER); + if (ret < 0) { + fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, crt, "cert", + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE | + GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, key, "cert", + GNUTLS_KEY_DIGITAL_SIGNATURE | + GNUTLS_KEY_KEY_ENCIPHERMENT, + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE + | + GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE + | GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_privkey: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_deinit(crt); + gnutls_x509_privkey_deinit(key); + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_certificate_set_x509_key_file(x509_cred, + SOFTHSM_URL + ";object=cert;object-type=cert", + SOFTHSM_URL + ";object=cert;object-type=private;pin-value=" + PIN, + GNUTLS_X509_FMT_DER)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2", NULL); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (debug) + success("server handshake completed\n"); + + if (gnutls_protocol_get_version(session) == GNUTLS_TLS1_2) { + if (debug) + success("session is downgraded to TLS 1.2\n"); + } else + fail("session is NOT downgraded to TLS 1.2\n"); + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +void doit(void) +{ + const char *bin; + char buf[128]; + int fd[2]; + int ret; + pid_t child; + int status = 0; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + /* check if softhsm module is loadable */ + (void) softhsm_lib(); + + /* initialize SoftHSM token that libpkcs11mock2.so internally uses */ + bin = softhsm_bin(); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), + "%s --init-token --slot 0 --label test --so-pin " PIN " --pin " + PIN, bin); + system(buf); + + signal(SIGCHLD, SIG_IGN); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0]); + kill(child, SIGTERM); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } + +} +#endif /* _WIN32 */ diff --git a/tests/pkcs12_encode.c b/tests/pkcs12_encode.c new file mode 100644 index 0000000..ea39f3d --- /dev/null +++ b/tests/pkcs12_encode.c @@ -0,0 +1,331 @@ +/* + * Copyright (C) 2009-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include "utils.h" + +#include +#include + +static char client_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" + "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" + "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" + "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" + "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" + "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" + "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" + "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" + "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" + "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t client_dat = + { (void *) client_pem, sizeof(client_pem) }; + +static char ca_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n" + "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n" + "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n" + "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n" + "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n" + "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n" + "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n" + "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n" + "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n" + "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t ca_dat = { (void *) ca_pem, sizeof(ca_pem) }; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +#define FIPS_PUSH_CONTEXT() do { \ + if (gnutls_fips140_mode_enabled()) { \ + ret = gnutls_fips140_push_context(fips_context); \ + if (ret < 0) { \ + fail("gnutls_fips140_push_context failed\n"); \ + } \ + } \ +} while (0) + +#define FIPS_POP_CONTEXT(state) do { \ + if (gnutls_fips140_mode_enabled()) { \ + ret = gnutls_fips140_pop_context(); \ + if (ret < 0) { \ + fail("gnutls_fips140_context_pop failed\n"); \ + } \ + fips_state = gnutls_fips140_get_operation_state(fips_context); \ + if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \ + fail("operation state is not " # state " (%d)\n", \ + fips_state); \ + } \ + } \ +} while (0) + +void doit(void) +{ + gnutls_pkcs12_t pkcs12; + gnutls_x509_crt_t client; + gnutls_x509_crt_t ca; + gnutls_pkcs12_bag_t bag; + unsigned char key_id_buf[20]; + gnutls_datum_t key_id; + int ret, indx; + char outbuf[10240]; + size_t size; + unsigned i; + gnutls_fips140_context_t fips_context; + gnutls_fips140_operation_state_t fips_state; + size_t n_tests = 0; + struct tests { + const char *name; + gnutls_x509_crt_t crt; + const char *friendly_name; + unsigned bag_encrypt_flags; + int bag_encrypt_expected; + } tests[2]; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + ret = global_init(); + if (ret < 0) { + fprintf(stderr, "global_init %d", ret); + exit(1); + } + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = gnutls_fips140_context_init(&fips_context); + if (ret < 0) { + fail("Cannot initialize FIPS context\n"); + } + + /* Read certs. */ + ret = gnutls_x509_crt_init(&client); + if (ret < 0) { + fprintf(stderr, "crt_init: %d", ret); + exit(1); + } + + ret = + gnutls_x509_crt_import(client, &client_dat, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "crt_import: %d", ret); + exit(1); + } + + ret = gnutls_x509_crt_init(&ca); + if (ret < 0) { + fprintf(stderr, "ca_init: %d", ret); + exit(1); + } + + ret = gnutls_x509_crt_import(ca, &ca_dat, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, "ca_import: %d", ret); + exit(1); + } + + /* Create PKCS#12 structure. */ + ret = gnutls_pkcs12_init(&pkcs12); + if (ret < 0) { + fprintf(stderr, "pkcs12_init: %d", ret); + exit(1); + } + + tests[n_tests].name = "3DES"; + tests[n_tests].crt = client; + tests[n_tests].friendly_name = "client"; + tests[n_tests].bag_encrypt_flags = GNUTLS_PKCS8_USE_PKCS12_3DES; + tests[n_tests].bag_encrypt_expected = 0; + n_tests++; + + tests[n_tests].name = "RC2-40"; + tests[n_tests].crt = ca; + tests[n_tests].friendly_name = "ca"; + tests[n_tests].bag_encrypt_flags = GNUTLS_PKCS_USE_PKCS12_RC2_40; + if (gnutls_fips140_mode_enabled()) { + tests[n_tests].bag_encrypt_expected = + GNUTLS_E_UNWANTED_ALGORITHM; + } else { + tests[n_tests].bag_encrypt_expected = 0; + } + n_tests++; + + /* Generate and add PKCS#12 cert bags. */ + for (i = 0; i < n_tests; i++) { + ret = gnutls_pkcs12_bag_init(&bag); + if (ret < 0) { + fprintf(stderr, "bag_init: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + ret = gnutls_pkcs12_bag_set_crt(bag, tests[i].crt); + if (ret < 0) { + fprintf(stderr, "set_crt: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + indx = ret; + + ret = gnutls_pkcs12_bag_set_friendly_name(bag, indx, + tests[i].friendly_name); + if (ret < 0) { + fprintf(stderr, "set_friendly_name: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + size = sizeof(key_id_buf); + ret = gnutls_x509_crt_get_key_id(tests[i].crt, 0, + key_id_buf, &size); + if (ret < 0) { + fprintf(stderr, "get_key_id: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + key_id.data = key_id_buf; + key_id.size = size; + + ret = gnutls_pkcs12_bag_set_key_id(bag, indx, &key_id); + if (ret < 0) { + fprintf(stderr, "bag_set_key_id: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + ret = gnutls_pkcs12_bag_encrypt(bag, "pass", + tests[i].bag_encrypt_flags); + if (ret != tests[i].bag_encrypt_expected) { + fprintf(stderr, "bag_encrypt: returned %d, expected %d: %s", ret, + tests[i].bag_encrypt_expected, + tests[i].name); + exit(1); + } + + ret = gnutls_pkcs12_set_bag(pkcs12, bag); + if (ret < 0) { + fprintf(stderr, "set_bag: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + gnutls_pkcs12_bag_deinit(bag); + } + + FIPS_PUSH_CONTEXT(); + + /* MAC the structure, export and print. */ + ret = gnutls_pkcs12_generate_mac2(pkcs12, GNUTLS_MAC_SHA1, "pass"); + if (ret < 0) { + fprintf(stderr, "generate_mac: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + FIPS_POP_CONTEXT(NOT_APPROVED); + + FIPS_PUSH_CONTEXT(); + + ret = gnutls_pkcs12_verify_mac(pkcs12, "pass"); + if (ret < 0) { + fprintf(stderr, "verify_mac: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + FIPS_POP_CONTEXT(NOT_APPROVED); + + FIPS_PUSH_CONTEXT(); + + ret = gnutls_pkcs12_generate_mac2(pkcs12, GNUTLS_MAC_SHA256, "passwd"); + if (ret < 0) { + fprintf(stderr, "generate_mac2: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + FIPS_POP_CONTEXT(NOT_APPROVED); + + FIPS_PUSH_CONTEXT(); + + ret = gnutls_pkcs12_verify_mac(pkcs12, "passwd"); + if (ret < 0) { + fprintf(stderr, "verify_mac2: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + FIPS_POP_CONTEXT(NOT_APPROVED); + + FIPS_PUSH_CONTEXT(); + + ret = gnutls_pkcs12_generate_mac2(pkcs12, GNUTLS_MAC_SHA512, "passwd1"); + if (ret < 0) { + fprintf(stderr, "generate_mac2: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + FIPS_POP_CONTEXT(NOT_APPROVED); + + FIPS_PUSH_CONTEXT(); + + ret = gnutls_pkcs12_verify_mac(pkcs12, "passwd1"); + if (ret < 0) { + fprintf(stderr, "verify_mac2: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + FIPS_POP_CONTEXT(NOT_APPROVED); + + FIPS_PUSH_CONTEXT(); + + size = sizeof(outbuf); + ret = + gnutls_pkcs12_export(pkcs12, GNUTLS_X509_FMT_PEM, outbuf, + &size); + if (ret < 0) { + fprintf(stderr, "pkcs12_export: %s (%d)\n", gnutls_strerror(ret), ret); + exit(1); + } + + FIPS_POP_CONTEXT(NOT_APPROVED); + + if (debug) + fwrite(outbuf, size, 1, stdout); + + /* Cleanup. */ + gnutls_fips140_context_deinit(fips_context); + gnutls_pkcs12_deinit(pkcs12); + gnutls_x509_crt_deinit(client); + gnutls_x509_crt_deinit(ca); + gnutls_global_deinit(); +} diff --git a/tests/pkcs12_s2k.c b/tests/pkcs12_s2k.c new file mode 100644 index 0000000..1516afb --- /dev/null +++ b/tests/pkcs12_s2k.c @@ -0,0 +1,175 @@ +/* + * Copyright (C) 2007-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#include "../lib/gnutls_int.h" +#include "../lib/x509/x509_int.h" +#include "../lib/debug.h" + +/* utils.h must be loaded after gnutls_int.h, as it redefines some + * macros from gnulib */ +#include + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static const unsigned char *salt[3] = + { (void *) "salt1", (void *) "ltsa22", (void *) "balt33" }; +static const char *pw[3] = { "secret1", "verysecret2", "veryverysecret3" }; + +static const char *values[] = { +/* 1.0 */ + "85a3c676a66f0960f4807144a28c8d61a0001b81846f301a1ac164289879972f", +/* 1.2 */ + "e659da7d5989733a3d268e0bf7752c35c116e5c75919449a98f6812f82a15b16", +/* 1.2 */ + "878b8a88bf6166ce803b7498822205b1ac82870d3aec20807148779375a61f1e", +/* 2.0 */ + "1c845be764371d633c7fd1056967a9940385e110e85b58f826d39ae8561a0019", +/* 2.1 */ + "de8dd3ffd59b65d3d5f59a1f71d7add582741f7752a786c045953e727e4465c0", +/* 2.2 */ +#ifndef PKCS12_BROKEN_KEYGEN + "9dd7f19e5e6aee5c5008b5deefd35889ab75193594ed49a605df4e93e7c2a155", +#else + "9dd7f19e5e6aee5c5008b5deefd35889ab7519356f13478ecdee593c5ed689b1", +#endif + /* 3.0 */ + "1c165e5a291a1539f3dbcf82a3e6ed566eb9d50ad4b0b3b57b599b08f0531236", +/* 3.1 */ + "5c9abee3cde31656eedfc131b7c2f8061032a3c705961ee2306a826c8b4b1a76", +/* 3.2 */ + "a9c94e0acdaeaea54d1b1b681c3b64916396a352dea7ffe635fb2c11d8502e98" +}; + +/* Values derived from + http://www.drh-consultancy.demon.co.uk/test.txt */ +static struct { + int id; + const char *password; + const unsigned char *salt; + size_t iter; + size_t keylen; + const char *key; +} tv[] = { + { + 1, "smeg", (void *) "\x0A\x58\xCF\x64\x53\x0D\x82\x3F", 1, + 24, + "8aaae6297b6cb04642ab5b077851284eb7128f1a2a7fbca3"}, { + 2, "smeg", (void *) "\x0A\x58\xCF\x64\x53\x0D\x82\x3F", 1, + 8, "79993dfe048d3b76"}, { + 1, "smeg", (void *) "\x64\x2B\x99\xAB\x44\xFB\x4B\x1F", 1, + 24, + "f3a95fec48d7711e985cfe67908c5ab79fa3d7c5caa5d966"}, { + 2, "smeg", (void *) "\x64\x2B\x99\xAB\x44\xFB\x4B\x1F", 1, + 8, "c0a38d64a79bea1d"}, { + 3, "smeg", (void *) "\x3D\x83\xC0\xE4\x54\x6A\xC1\x40", 1, + 20, "8d967d88f6caa9d714800ab3d48051d63f73a312"}, { + 1, "queeg", (void *) "\x05\xDE\xC9\x59\xAC\xFF\x72\xF7", + 1000, 24, + "ed2034e36328830ff09df1e1a07dd357185dac0d4f9eb3d4"}, { + 2, "queeg", (void *) "\x05\xDE\xC9\x59\xAC\xFF\x72\xF7", + 1000, 8, "11dedad7758d4860"}, { + 1, "queeg", (void *) "\x16\x82\xC0\xFC\x5B\x3F\x7E\xC5", + 1000, 24, + "483dd6e919d7de2e8e648ba8f862f3fbfbdc2bcb2c02957f"}, { + 2, "queeg", (void *) "\x16\x82\xC0\xFC\x5B\x3F\x7E\xC5", + 1000, 8, "9d461d1b00355c50"}, { + 3, "queeg", (void *) "\x26\x32\x16\xFC\xC2\xFA\xB3\x1C", + 1000, 20, "5ec4c7a80df652294c3925b6489a7ab857c83476"} +}; + +void doit(void) +{ + int rc; + unsigned int i, j, x; + unsigned char key[32]; + char tmp[1024]; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(99); + + x = 0; + for (i = 1; i < 4; i++) { + for (j = 0; j < 3; j++) { + rc = _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), i, salt[j], + strlen((char *) + salt[j]), + j + i + 15, + pw[j], + sizeof(key), + key); + if (rc < 0) + fail("_gnutls_pkcs12_string_to_key failed[0]: %d\n", rc); + + if (strcmp(_gnutls_bin2hex(key, sizeof(key), + tmp, sizeof(tmp), NULL), + values[x]) != 0) + fail("_gnutls_pkcs12_string_to_key failed[1]\n"); + + if (debug) + printf("ij: %d.%d: %s\n", i, j, + _gnutls_bin2hex(key, sizeof(key), + tmp, sizeof(tmp), + NULL)); + x++; + } + } + if (debug) + printf("\n"); + + for (i = 0; i < sizeof(tv) / sizeof(tv[0]); i++) { + rc = _gnutls_pkcs12_string_to_key(mac_to_entry(GNUTLS_MAC_SHA1), tv[i].id, tv[i].salt, 8, + tv[i].iter, + tv[i].password, + tv[i].keylen, key); + if (rc < 0) + fail("_gnutls_pkcs12_string_to_key failed[2]: %d\n", rc); + + if (memcmp(_gnutls_bin2hex(key, tv[i].keylen, + tmp, sizeof(tmp), NULL), + tv[i].key, tv[i].keylen) != 0) + fail("_gnutls_pkcs12_string_to_key failed[3]\n"); + + if (debug) + printf("tv[%d]: %s\n", i, + _gnutls_bin2hex(key, tv[i].keylen, tmp, + sizeof(tmp), NULL)); + } + if (debug) + printf("\n"); + + gnutls_global_deinit(); + + if (debug) + success("_gnutls_pkcs12_string_to_key ok\n"); +} diff --git a/tests/pkcs12_s2k_pem.c b/tests/pkcs12_s2k_pem.c new file mode 100644 index 0000000..49715a1 --- /dev/null +++ b/tests/pkcs12_s2k_pem.c @@ -0,0 +1,289 @@ +/* + * Copyright (C) 2009-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* + * Regression check for buggy PKCS#12 string to key problem reported + * in . + * + */ + +#include +#include +#include +#include +#include + +#include +#include + +#define X_9607 \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \ + "MIICojAcBgoqhkiG9w0BDAEDMA4ECL9rjpW835n6AgIIAASCAoAjs558e/tWq5ho\n" \ + "X3uYORURfasssTfqyZoSaTmEWJGbW7T+QK+ebZ8CyMVbR1ORD3rd6r7cWLsX3Ju0\n" \ + "hGncPFVpwCtwApZKnWCunj4KcsRuWdm1vAauRV2CDkykMzNlsJzAw+BPFKi2B7HL\n" \ + "xn5JymtqrGZF6zRDWW1x1WD3HYlq4FoNuSmNFu4fV0EyalIopIyNmZAY40lQ/FTM\n" \ + "LkTsnH2brIYHV1Bnzd/lXpXLli29OE/4WsPBTvhJLZGbJXp8ExwGuxfDnTFCPS9G\n" \ + "9uOjaBgerl2zjsdPNXBfn8hDNrs7MDqR9aC6rZR0yE1maEPv0YnnzDGRYZl6+j2K\n" \ + "FfWDMGET6SSimYCcZJwr0/xZAdw5e323k1xniCNVfbQhCQ09Cl6XoDI8IK23O8g+\n" \ + "R9o8gCikl98fJlpKjHaKfnscSE0hMzOjyAbYjFxWAlzjffzR5o+P6955dhREpCWy\n" \ + "kL2EOL2VmYfzGG4J62p9U88MXhCLuFOuHL/wtGzXwGnyqZyeZ5p2fYloGPEMVsX7\n" \ + "zHupLUpVZFe4kOBGI/IPWbc2iQTvzDtx9Jvxo5vWmyEwL8C7P/f9+zsIaXiM3Onz\n" \ + "F5qwQfCojesuelGPAfXJxJRLaHicva90+IyRFBSMKxgt3EdHER/R7huA//jzzQp9\n" \ + "eItmiv2UwAafeiPEDT74n6yBCTMPc++cJsMWL0SNIX4jYep55bgzbgGB8t/nQ0Ho\n" \ + "7/1KF1sAO3klAkrcTwL4pX2vLMa//W/H/AAQ2FL/Q+CAP7K5X2rlZxdkFlMuL3Dr\n" \ + "I0UqiStjznkoOeWjj6YT3jOvKGLWHPXqxTkW9Ln4fDvAoI9eq6UWHjf7gLYXxe/q\n" \ + "tTpNnYdy\n" \ + "-----END ENCRYPTED PRIVATE KEY-----\n" + +#define X_9671 \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \ + "MIICojAcBgoqhkiG9w0BDAEDMA4ECA7RZbNgWxdHAgIIAASCAoAq1B5klspIe7B/\n" \ + "R1pKifO1/29OsAQn9blIbaJ9fg62ivA3QGL0uApZ6eNFz6JEZyiRITJYhgLaWwov\n" \ + "mqKT9NiQ6iiemgxWLSSdvEXVOMRZB17F9PncpEiIBpnrisdD7h9MpS63LuJdEtiK\n" \ + "jpPwFwV3orFJceurq/R3ql2aKYc9MZSzkKd71QImgHYWv+IPCctl40/PZV08yKMn\n" \ + "RCMVFb/YYUrzaWSerroyjz4Kr8V0nEyKpk4YLv7o7WPGn4x8X30z0BRCA9CBwzHY\n" \ + "JMxu1FhOGXr6nx1XeaoCOt9JV8GWb+VzkATABPzFG915ULz0ma1petQyb18QyBsl\n" \ + "K9NZETrGzDYiNxkjqILhY6IRneB97C4kCH55qhXHFk5fjiWndpQ6+BFKqlCqm6Up\n" \ + "d1EF3uuKN+vY6xQbGCgFE4FHL46nb2YaoaqhPp4dj4qnRSllgBvmZbGTd243lAbT\n" \ + "J4dh/gzRwQYdIwbvcNVi9GGSOy/fezAwwXu3ZD9BqqqoCQJajrILuovbcPThy71k\n" \ + "H5EaegQ1rB+0/sn91JUb6w4pwN/54gzZGaz2F0/2xB9u57+PIMC9R8dU7uW/xWfA\n" \ + "WN7YTzPDNfevbx/LIa6VR5gsiRqCnthSsGvWFquRatMv1JrDfFUywFU9zk9W+iA2\n" \ + "rtNpXV140+/BDfHbYYrUIaklJsNP0FRXKpPw9wPHHmbOjHfFK+o8PrtOp3HUsCJm\n" \ + "2VpQtbNl66+rPLZLsbXhuJ5eY/BpRvrj6rDFPs19OAvYyrIsuQY8IdbZyGSKsq4u\n" \ + "UBsHZgPBh718EtWFFrsTNxMlRKoh5MwUSqkLXeDduAFG4N7nhQpDHQ5/KRPrYOMK\n" \ + "ixB1lLUK\n" \ + "-----END ENCRYPTED PRIVATE KEY-----\n" + +#define X_9925 \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \ + "MIICojAcBgoqhkiG9w0BDAEDMA4ECDnNkmSKl37mAgIIAASCAoAwttidBRLnnjti\n" \ + "b5BEsc8cO2vzImhJbYCrVDjkTpmS6IYD4FsC8KFDdQJrEYIptrwXn4uDWDUu6bxB\n" \ + "pb02Pj70gZiWBDU+ki1kIbsNc67rNpJfUlIU+po3UovSmrazqcHoW2IftvZo9hDF\n" \ + "FWVjc0D2fSWeaNwS7dimWxoLy1udof6n0c8UxvfnOgfSLg3qwWzc0+iMrbkvRFX5\n" \ + "9+vDCnetQ7ythKldnC5xQxShxaNF4O26D0VXdR9VYbQLslSHAzQi2wJ7Hh1fi62J\n" \ + "VUHvRNOcwhSadwNfQEtvIWoi6LfsUadvvhFAAbeSfQpSfD4iXgfcr3U2WIvjtOcL\n" \ + "cZg9HqRhGzgEuC7FLoov1re7xq3uifw+04qu8i9/fk7hUrldZCrCSKTc6GqsiY8x\n" \ + "JGOcNUgklzy6kbgIWp9O2C5Bxp1WmfnbNSMM9Z9UFTdbEa4Kz7SYd+1a8j1OWlq1\n" \ + "93AcEpD0+fpKuEs+S1RF7RRAs/Ais0VcOmgye0TLvKkhockxl4KT0SbOTeKnmxJ3\n" \ + "RSnPcHUb62EZuhHqpoHi+zjHH56sVy3RhcYsDKIh1Xh7JPGTysflOIno7ABK8Tu7\n" \ + "IcnAOCoBVTjXC5eSSeC3irvZSILHC1tBG8r1C1aSLFmxpOTCqRUwhtbw/FSqEngl\n" \ + "5pvwTz4gquyjCPjIAWlCscAbeqpBxNsmnJ0AGlaesd9/uxrWUScTnAIc+NUB9o8w\n" \ + "i+zXbOqhbKxWGfrQAo+qZtAchQ6EGxXuIxnSRlAEZtsrJt6/FXJaOIb5MvcXA/sQ\n" \ + "O2p1r9W2OZM8Jco2ftALygUFPDiIuELaiTQ8HE1heUZWy+M9gXV6wCGhIVtRYyCg\n" \ + "SSQ62gp7\n" \ + "-----END ENCRYPTED PRIVATE KEY-----\n" + +#define X_9926 \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \ + "MIICojAcBgoqhkiG9w0BDAEDMA4ECE8YpbN3dz05AgIIAASCAoC1wuyUEZs/FSTB\n" \ + "llt567hf1L+wiQ24L49ZvLutwb0nkilLHNXUo95mpLfzjnr7ZBbsIPV0RTdxjIKX\n" \ + "IdRD9SzMxeMUJ82obmgE2tTeOi7PqONX838Lmj3ocUR+aFBFTR1V7G2gMpQEapPX\n" \ + "gjv3kgwG5DCSj15NG8ybT4ZHWURyc/57dn0JWXc9/XUbm/+lvwwsuu9YvQ5Z76jE\n" \ + "ufiS8OCHNo1nPMCsUIw6herr2OfC5pj2H1/6bC7L/NPZJ7OM/IQoQOcNxiwx8rBS\n" \ + "zChy7dvPbJYmd5N+066mZiyFGxQwjPziXmqJztnB34P0Yp9dsiE1M+fo//f+QkFW\n" \ + "3HDMJmb+becnUAjiWuQCT/YqNjC4iHn35Jb2COPsV5KPsSaQ+6IaN4vWx7ifvHGD\n" \ + "KzkFcKQ1Be1EiOnUGBqhW4r7ASFKMtqGlTRBoc8PVMdFIpadejGW31Csz5gussa2\n" \ + "OcOLO8kULsT9QsuWyayG4SuTweClCaJ/nGJ/nDnocVPbucqRQBFn9ZRQ0VSLhDLe\n" \ + "B3HYRx3sJ9U+Xay9cgR09hMQ2ZaR/NxYlRshKEt+iiYOS42eMyMXVKfBwQwxl9Lf\n" \ + "ESBz7GF2nOT5VSSgJlAf3nbfhUABgq2zzoybKlFVpnq49Z79rB4b+lkP8jIhV5GA\n" \ + "/aUXssvs68FsqbG+T1nBnFWkJL49XENOrwDApzGllVbtaruoIe9t+qBF6rXVSjWQ\n" \ + "ZATZaSD3gOaM4Oyv+lso4GuONXkaXQRdpBmPLChdLMkcopQOQZtlKU2+rzi4Nm4X\n" \ + "lAAsR4sXmIGYJ3EgQrTDE+igMNr8o2qHIh81zqP7nWtkfTEfFqud6zoGK5aiZ4ma\n" \ + "0StcnRpp\n" \ + "-----END ENCRYPTED PRIVATE KEY-----\n" + +#define X_9927 \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \ + "MIICojAcBgoqhkiG9w0BDAEDMA4ECC6HV5s66uQrAgIIAASCAoAgQMR7E4EoMQSq\n" \ + "kFslHKebFtjtrCqEPW5lADxpJg8+FNOT6GCCnu8yslrmMa4l/MIs8jfkoKhP9O8W\n" \ + "IjQpwG5IGr0ZyfxYPZFTatrQ7+MvtMoQMBTxVt20oW4kT3tTF4KDf0BUsB9JCoET\n" \ + "DehlFSPTjDJav8fGbdEMhfbY6+6iBodnW7a3Ibil+7CQGeRIGDO7mEu5rBbI1fJb\n" \ + "tGEHkCd6Gvv20r/EIi6Fol9Fwc5eKxgFioIuZo3Tmqrr/9g09sv+qwkzoNFmpqby\n" \ + "AqCbgOOsckc3AXm4xZ7AX7zNSFXbfhiX1EyVvhwfJ6jiqHr32K8o5I4Cb/lzpB+q\n" \ + "WPMU/rF5bsTj0+/eySx8zkIUF/Jst9E+XtzlTFtMVzNpFYfzg3E+0qnT8KJtZJGr\n" \ + "Azz9aCNidjkjRVHUubrZ5qbjrv1eAYnFkgyw+UTyIJBeec6CRH5zob22ZMb5jKFz\n" \ + "d9reY1LZ38cQIoKThPdv9vKRVEd1I7T5MKv656+QegfqA7Kefwa0uK+TvvqBLTd1\n" \ + "mxgtkDvrID3PLZK9tVsOLMJcY1PFCNHB6T2EghMVEmMnROVLCqIN+MeraLhHemUe\n" \ + "rf6HFlOcYPV+5V8gI/DM2Fw/V+YgCzv380Z6HouZ4K1nwvEf53renettQmKxK/Fd\n" \ + "X74KqRSs6FtANdVUziGkrvNfssRjjLHxD08VfLAcpijRfNslxDIXQIASWqn3TPFY\n" \ + "uDs32vonOVrj2Zy8fIBRmENmGe5b/jnp055NLo6MWCFR3hmmeFBuXk6o1K6io3Le\n" \ + "oaeWr7BJFIxXZZ8zNUlBLGZinY50oM09DFOpiAUTQtkm8NuAThLcqmWvbw8LWmL4\n" \ + "ed6Pdtej\n" \ + "-----END ENCRYPTED PRIVATE KEY-----\n" + +#define X_9928 \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \ + "MIICojAcBgoqhkiG9w0BDAEDMA4ECC1OO648bIPcAgIIAASCAoDiQoIuNdleFu2V\n" \ + "I8MUwZ6I0Om2+2yHSrk7Jxd0mbIYnT832dVsWg53SkcBYggnN1bByej0qtf2pdBx\n" \ + "EKsOjU9T6XmOZyFjJKX6MK6syqFYI4Y67OzdiDS8FVMCYX8NhhsYlE1aqvBjvnjq\n" \ + "tgpR0pJg8uJ3FmUu1N/6ayjGtI9JbZFt+BkqbZxIfdaZhlXx1vgU2MtuxDultlJu\n" \ + "rjvzcCGG0z0GcVEmXUwVccvLqwnL6UnYkVAmhCzj4UvxYsMt6Dp8FPSQi54jmZKx\n" \ + "4LAOGGGZcKoOTJYCrUkW2RAV/GzbhT1kOJR2/Pw21Yw/WkVKyNE8LHghu6xr3pXy\n" \ + "MPmCn0fE751Vjefb6NOYIjvmMexaZVzBCZ6kuxEQBlGDi15lohnpZLcFilS7l5IY\n" \ + "nWZJ9qPX19O0RG9NgQ4xpxoPBdrxqP5HuieKgvAZ7RXDXeKlW/4z/Fo2dBjPc0YJ\n" \ + "Y5QPOK+i2Zux9VtMbxkXBeO7KsiosNQthFP+HitlIs72MHUsBZucEnZ9ny0S+blG\n" \ + "gKYK9xuuAPGscqaI6fcicFOc0ZmphMn5YP6D0nN9esqo44s9JX7SyLRPuHW+dH0/\n" \ + "Bdg9LikS8ROBs3Yuy9ksGHMbMsguum3mOwiY8f2NXQwVs3b7VfkIDMbYAjMGcriE\n" \ + "CsW1Z4EzQP2qCFVJYz6S3xSsKtgg3QeWKCtvGRJDbzCnaQGCrrHzyBlGZzr5NJkr\n" \ + "4x7MxbWppvVTMySJ+Y3V2DR+Q1nW5P7qzWaY9tE9d8unCym5C/S2CE/39jQ9zMmL\n" \ + "56qvh2swSrCEKInhQyqV+4msSYVElrQY0DGbg/N6TsKvN37zCqKKBIxhyb/5b2Kv\n" \ + "QvN7D2Ch\n" \ + "-----END ENCRYPTED PRIVATE KEY-----\n" + +#define X_9929 \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \ + "MIICojAcBgoqhkiG9w0BDAEDMA4ECAPza28YOfuMAgIIAASCAoBg+t7v3fo4gOZX\n" \ + "+/IY3xln+5pVj6LKXXgHWydK25TLD3oxlrecVKmnWWZuQIcPVosItr+KfwRMfkY5\n" \ + "BKUQZyu02ZO/u9cXe3XsmZLpiWAXVCaRfHhXkZ24PxQGIVikDc8KyHEAhX/P+e9m\n" \ + "jJEneTP+hdQvZmJGKKqOG95HkqlnH5KJhM8W7BjDgPBeCjaBcc9AzCWX+WdY4Nbn\n" \ + "LONjhe0nXPuVArLayru67q62LUf/NZOM6j7gbYe0ki94rXddabpOIGBhf9qP1pWc\n" \ + "m5RBntEOtlbuosUYhlOpse91SBM2nHnOzM1fIxX6J9p/AlctvtB+Zoqx4OEwbRxT\n" \ + "hNpCUo+3rwmAAOz6CntGHpmfFKrzc0r37aoSjnlQJKTxDRJHN43+eqbdtNpaQfDH\n" \ + "0pS4o84oO3/CgnJ45Bx3HJXNlg3YvKhHWav8wtHX085URoc8h/OJ3PiKBi7+5AYR\n" \ + "CLAaJjtTC0ReaOXjyGfhzzuux7UDl+MW0D69vaz2t7HSR2tQ4tYnA4fciqirSKdL\n" \ + "wFgewXRNxNkQKo149YfE2weMGXW/DYGRXl8RMUwGsur10nesfUBZfLPYW014rDm+\n" \ + "QjGa2bcYJMUnAtUz1ctaQNV8T4HM3SwXABSbuczDGM4FpFCd51tjJDh8vxdmZpGJ\n" \ + "KEhWsvXcrlzBpVyW5CX/TixVYzautBdOM2cN+yniLjHAkHBWCF39LoAQatbHNFSq\n" \ + "FpADIpMiGFyGMxf029s2JgdNvkgR2aUL0ed2hGP9kKyLio+RNF5HD7mbbBM4d06P\n" \ + "t79aRgHvQAOeHJPfz9LleOoRUpg1gb8jmLDtKkWe+JGtsEDCPeb0HTvlL4ttGrZ4\n" \ + "LoIPCVbz\n" \ + "-----END ENCRYPTED PRIVATE KEY-----\n" + +#define X_9930 \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \ + "MIICojAcBgoqhkiG9w0BDAEDMA4ECM70GUHLNxJ7AgIIAASCAoBSzIR/pzL/Kz0k\n" \ + "QYJburqvHquGAa/xevMdelJdqAKPfqMuaOOhbZUkpp1Yf/jswyrzImgOnkb2stO8\n" \ + "hsa3gTZLk3j1LA5JXb89Pm+dqv1gXWJco7dnq8JJEhTt7Mr6rm/P1uV9UBXlgv+E\n" \ + "2F+b8GBDikMw38zqRGtg3GPjFaZKcL7tqwRm390t57cWSbqLLaNmRIxcf5TARHEs\n" \ + "TZEU+BHF2JoFE7rXPdUJAJwsw35C5JS4DXwEUBVoEeI3jXl3yDOqu20uekbrndL5\n" \ + "seACup8mQp5nHUBNk6RMg7/8/hqeRU9IFyCstvFqjtvbPvJLEML8jSyd+XoZU1tm\n" \ + "VpnU7KcN3bSN/BK4QzChGr5sD/2rteceBIJjDsHR7FjHJQIKlTxMok3taM84knnw\n" \ + "QcO0T0vbsmUqbs1MltGcUgm3p6Jp/NyeHZGfDqu4TEZcHE+mrNVVReRHL3O55UpC\n" \ + "AyZeJDu9nQKe62Y6oGcOUOuZkoodfh9M1V44f9guOv5b+2VIFgUIZTOVHLkmb3Nx\n" \ + "r6rUn2++N02II7zkvR1aHILZw/JnqHQC5bpK6qlTNUN3kNy5DHg4iAHGuKUxksK0\n" \ + "qziPL/VYfos0/81O4mNI3yo3D2WA6usgy+MZyDY0u4uAbcz4irE1ACHj3cgBHx2j\n" \ + "RemyLdgPX+kPXr5wKHKk4U93nIgZXbshuuG5CrwtJqXslx6dG6FYChaUJsc/kCga\n" \ + "JFkHnOZk3tMxxyVBaBKUnyFxbxFBORgYGGAEKJ4RYT0ge8sSkVo4NNsNjLw74+d6\n" \ + "zlt7NLEhDn+IuaocYejf4Do5W+jIfkpZXF/w6DRHyJ3l2CHV/c9AN/lltTQYIg4Y\n" \ + "twhxefdG\n" \ + "-----END ENCRYPTED PRIVATE KEY-----\n" + +#define X_9931 \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \ + "MIICojAcBgoqhkiG9w0BDAEDMA4ECO6DyRswVDToAgIIAASCAoB3xqmr0evfZnxk\n" \ + "Gq/DsbmwGVpO1BQnv+50u8+roflrmHp+TdX/gkPdXDQCqqpK/2J/oaGMCtKEiO8R\n" \ + "/pxSKcCX3+7leF01FF4z3rEcTVRej0mR6IAzk5QZR4Y0jXzay7Quj2zFJQTASdRy\n" \ + "6o9HQt5YuDyMFY30yjungmg6sYLBLZ2XypCJYH3eUQx9BjwsbGqVnXRQ6oezL5tD\n" \ + "K+tRH41OK2pzFqhnpRvbfPtNDmUnMLUnahGBubRzNQgHE0iNGIYpOawpVabj15H2\n" \ + "4lQ9KBREaqLqiV/VMPFYcRd8tBjE2pRs3yhJ9bjl73gdh6qVvcXIqBBQcRtNbpQ/\n" \ + "WKFzVz5dMCEzS+LhMT2m0GtTYqn8IqRuDgF7P8+347k4wKvrA2XgwP0bvh+IBb4e\n" \ + "nMQuJaKsnMZZPgAPqfIqWsn3cw27iEb5ros+My4KMlMbKBvH2HTXx5YkYJfbRLJ1\n" \ + "oe0mUxshTSOJeOjsfkStsP7QCSIvVb76t2Jo6HKIXEylXFAzj39lea6aysx6KX4c\n" \ + "aC/9XDlhqs0GGcJE3ILbiePTWWiASWjS08ggQasMZsT4VYUaIl3ti1N1cK9xwkaD\n" \ + "BE12JvWEtPd7MtGouPGijXycAtNgPw17vWg/3O11vTKDAHse90dOOpqYpXFN9Cfi\n" \ + "wa72WOkxFEZDuzV/dmjXX1WN82MoXs7pkHLvTgCmdydQ0ZJABYZj1+ZnF5eR6zLo\n" \ + "LAJnV3gOY0DGLORuoifEWMRlzDyYQOBN9smK9xKDtA6CHUuB9jRHKBevQrFy4+Ed\n" \ + "trCmsp9qXPzGvmJOA1YEgnZZPvXjAB7TCv2VrftKgebzbQE2mOoF1YcT1PIB7dFL\n" \ + "AopQ9gdD\n" \ + "-----END ENCRYPTED PRIVATE KEY-----\n" + +#define X_9932 \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \ + "MIICojAcBgoqhkiG9w0BDAEDMA4ECEKkETmhIXPkAgIIAASCAoBzNPQiMSQC6RSk\n" \ + "5Lk5cAbP1r//rE3IA0MNVy2ZwM4UZAQYHCxHkMpParGXwKt3/me064RXRwKOg9UT\n" \ + "nGx5/2A/AI2061A5M0KPVFE41IWQWoVGaiCaAzUDSF2Y+SL9yuLVqEES0gDQgUv5\n" \ + "uVnGyrbSo7sT8MSdvBuzdgmVluiaEVQhfwWJ9f8Q+ebQ1WVkeftzCe9yp1PLj8Yl\n" \ + "VCQ6X5qXqsApJ34Y62wXGqNbEvBkRyKbSqfqMI837tAVdMCdbsEE7wavzxGW6F9h\n" \ + "+igbPZO1NSzY0FZX1eQYqKZxfbkQmyDPLFT2S7BVv2wmihnC/SeZTcOoM+QoWG9j\n" \ + "XNLr1oqbeNxOnELmOXSrOekzbI7GhUcphYEIOBG/4B7ZP3cZ6TEw1EygXUan09XZ\n" \ + "Uz/CFbBTfX1uXHkMSzWwowXpx12vjH78KrRn69WBMGn/YjUheDLjwCDhJQK2CRDH\n" \ + "LbNBvZ7ezy1qHX90jrIdQnQzAoynu1OCfbd+84U2VifAszTcRvPMdiLlJh9MeyFY\n" \ + "8xDmmeNYGTVuDvAuzTlqbGablgQJu80VZ8CgQSW/0x7+oPozichza9tOd19aMDJ4\n" \ + "f8REy/9DAn1jRq/Cy/JFQoTpq3NtcWf9+NPHCwOMjaL63m6fIPXw6s9hnq8WMVIS\n" \ + "mtf5Jkvf402+8jhw1IqTVJasOMTRn62KsRt9a4JcWtorECA42wZGXjge3K9HYk4T\n" \ + "IVXq39VmeRP/9WveDwjkIThMl+0v5fl6Baaz/krXOIRfL6LV3RpkqPF4j/wneXgZ\n" \ + "7cMySs/FL96y6A+yJv281IQadYCqj7nPy92IYESQIcYjA8nd8hvsOxpnaMjXZjui\n" \ + "UWl07o3w\n" \ + "-----END ENCRYPTED PRIVATE KEY-----\n" + +static struct { + const char *name; + const char *password; + const char *pkcs12key; + int expected_result; +} keys[] = { + { + "x_9607", "123456", X_9607, 0}, { + "x_9671", "123456", X_9671, 0}, { + "x_9925", "123456", X_9925, 0}, { + "x_9926", "123456", X_9926, 0}, { + "x_9927", "123456", X_9927, 0}, { + "x_9928", "123456", X_9928, 0}, { + "x_9929", "123456", X_9929, 0}, { + "x_9930", "123456", X_9930, 0}, { + "x_9931", "123456", X_9931, 0}, { + "x_9932", "123456", X_9932, 0} +}; + +int main(void) +{ + gnutls_x509_privkey_t key; + size_t i; + int ret; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + global_init(); + + for (i = 0; i < sizeof(keys) / sizeof(keys[0]); i++) { + gnutls_datum_t tmp; + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + return 1; + + tmp.data = (unsigned char *) keys[i].pkcs12key; + tmp.size = strlen((char *) tmp.data); + + ret = gnutls_x509_privkey_import_pkcs8(key, &tmp, + GNUTLS_X509_FMT_PEM, + keys[i].password, + 0); + gnutls_x509_privkey_deinit(key); + + if (ret != keys[i].expected_result) { + printf("fail[%d]: %d: %s\n", (int) i, ret, + gnutls_strerror(ret)); + return 1; + } + + } + + gnutls_global_deinit(); + + return 0; +} diff --git a/tests/pkcs12_simple.c b/tests/pkcs12_simple.c new file mode 100644 index 0000000..7c5a6a3 --- /dev/null +++ b/tests/pkcs12_simple.c @@ -0,0 +1,153 @@ +/* + * Copyright (C) 2005-2012 Free Software Foundation, Inc. + * Copyright (C) 2012 Nikos Mavrogiannopoulos + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include "utils.h" + +#ifdef ENABLE_NON_SUITEB_CURVES +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} +#endif + +void doit(void) +{ +#ifdef ENABLE_NON_SUITEB_CURVES + const char *filename, *password = "1234"; + gnutls_pkcs12_t pkcs12; + gnutls_datum_t data; + gnutls_x509_crt_t *chain, *extras; + unsigned int chain_size = 0, extras_size = 0, i; + gnutls_x509_privkey_t pkey; + int ret; + + ret = global_init(); + if (ret < 0) + fail("global_init failed %d\n", ret); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + ret = gnutls_pkcs12_init(&pkcs12); + if (ret < 0) + fail("initialization failed: %s\n", gnutls_strerror(ret)); + + filename = getenv("PKCS12_MANY_CERTS_FILE"); + + if (!filename) + filename = "pkcs12-decode/pkcs12_5certs.p12"; + + if (debug) + success + ("Reading PKCS#12 blob from `%s' using password `%s'.\n", + filename, password); + + ret = gnutls_load_file(filename, &data); + if (ret < 0) + fail("cannot open file"); + + ret = gnutls_pkcs12_import(pkcs12, &data, GNUTLS_X509_FMT_DER, 0); + if (ret < 0) + fail("pkcs12_import failed %d: %s\n", ret, + gnutls_strerror(ret)); + + if (debug) + success("Read file OK\n"); + + ret = + gnutls_pkcs12_simple_parse(pkcs12, password, &pkey, &chain, + &chain_size, &extras, &extras_size, + NULL, 0); + if (ret < 0) + fail("pkcs12_simple_parse failed %d: %s\n", ret, + gnutls_strerror(ret)); + + if (chain_size != 1) + fail("chain size (%u) should have been 1\n", chain_size); + + if (extras_size != 4) + fail("extras size (%u) should have been 4\n", extras_size); + + if (debug) { + char dn[512]; + size_t dn_size; + + dn_size = sizeof(dn); + ret = gnutls_x509_crt_get_dn(chain[0], dn, &dn_size); + if (ret < 0) + fail("crt_get_dn failed %d: %s\n", ret, + gnutls_strerror(ret)); + + success("dn: %s\n", dn); + + dn_size = sizeof(dn); + ret = + gnutls_x509_crt_get_issuer_dn(chain[0], dn, &dn_size); + if (ret < 0) + fail("crt_get_dn failed %d: %s\n", ret, + gnutls_strerror(ret)); + + success("issuer dn: %s\n", dn); + } + + gnutls_pkcs12_deinit(pkcs12); + gnutls_x509_privkey_deinit(pkey); + + for (i = 0; i < chain_size; i++) + gnutls_x509_crt_deinit(chain[i]); + gnutls_free(chain); + + for (i = 0; i < extras_size; i++) + gnutls_x509_crt_deinit(extras[i]); + gnutls_free(extras); + + /* Try gnutls_x509_privkey_import2() */ + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) + fail("gnutls_x509_privkey_init failed %d: %s\n", ret, + gnutls_strerror(ret)); + + ret = + gnutls_x509_privkey_import2(pkey, &data, GNUTLS_X509_FMT_DER, + password, 0); + if (ret < 0) + fail("gnutls_x509_privkey_import2 failed %d: %s\n", ret, + gnutls_strerror(ret)); + gnutls_x509_privkey_deinit(pkey); + + free(data.data); + + gnutls_global_deinit(); +#else + exit(77); +#endif +} diff --git a/tests/pkcs7-cat-parse.c b/tests/pkcs7-cat-parse.c new file mode 100644 index 0000000..eb3b55f --- /dev/null +++ b/tests/pkcs7-cat-parse.c @@ -0,0 +1,133 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +const char pkcs7_data[] = + "-----BEGIN PKCS7-----\n" + "MIIHSwYJKoZIhvcNAQcCoIIHPDCCBzgCAQExCzAJBgUrDgMCGgUAMIICNwYJKwYB\n" + "BAGCNwoBoIICKDCCAiQwDAYKKwYBBAGCNwwBAQQQu/ZNvyszUkS6h2Pwl4hELRcN\n" + "MTYxMDExMTcxMzAyWjAOBgorBgEEAYI3DAECBQAwggGVMIIBkQRSRQA1ADIAMgAx\n" + "ADUANAAwAEQAQwA0AEIAOQA3ADQARgA1ADQARABCADQARQAzADkAMABCAEYARgA0\n" + "ADEAMwAyADMAOQA5AEMAOAAwADMANwAAADGCATkwQAYKKwYBBAGCNwwCATEyMDAe\n" + "CABGAGkAbABlAgQQAQABBB5zAGEAbQBiAGEAcAAxADAAMAAwAC4AaQBuAGYAAAAw\n" + "RQYKKwYBBAGCNwIBBDE3MDUwEAYKKwYBBAGCNwIBGaICgAAwITAJBgUrDgMCGgUA\n" + "BBTlIhVA3EuXT1TbTjkL/0EyOZyANzBKBgorBgEEAYI3DAIBMTwwOh4MAE8AUwBB\n" + "AHQAdAByAgQQAQABBCQyADoANgAuADAALAAyADoANgAuADEALAAyADoANgAuADQA\n" + "AAAwYgYKKwYBBAGCNwwCAjFUMFIeTAB7AEQARQAzADUAMQBBADQAMgAtADgARQA1\n" + "ADkALQAxADEARAAwAC0AOABDADQANwAtADAAMABDADAANABGAEMAMgA5ADUARQBF\n" + "AH0CAgIAoEowSDBGBgorBgEEAYI3DAIBBDgwNh4EAE8AUwIEEAEAAQQoVgBpAHMA\n" + "dABhAFgAOAA2ACwANwBYADgANgAsADEAMABYADgANgAAAKCCAwwwggMIMIIB8KAD\n" + "AgECAhAWVsiyv5uzsk5vNBHNz/C1MA0GCSqGSIb3DQEBBQUAMC0xKzApBgNVBAMT\n" + "IldES1Rlc3RDZXJ0IGFzbiwxMzEyMDY3OTU0ODA0ODM0NTMwHhcNMTYxMDExMTcx\n" + "MjI4WhcNMjYxMDExMDAwMDAwWjAtMSswKQYDVQQDEyJXREtUZXN0Q2VydCBhc24s\n" + "MTMxMjA2Nzk1NDgwNDgzNDUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\n" + "AQEApD6uPRvnduA8nsL3gd/OdTZzk+p0P9vAQ9kVbRFG39/UuSIIm7nyNO47Tu7h\n" + "CBuK8q5zwY31naKaOkLJMwTpUonI/rwFEhrt7EwFNi2aRVeyEbqLlwCzFK5rJGzP\n" + "wDp4vcKpWPsqD5mOKBOXOIbQt5l8MiKM91iRqvwEEg1Eba8hKF3P/MHT2ZaxMy4O\n" + "QdJdgjovSQfqihA5qG1wwXXTQvWeQHvt1TO+vUNTcnbO0YnIuG+c0WDljn4UVLYo\n" + "2HFk1c7MkTfYX3OzdUbxXpMsHbbQun2XU2v+yQRgViHUDe4G6pGz4ur/aN52DEFk\n" + "qIUCAeJWBhG4pQvMCl20L/19DwIDAQABoyQwIjALBgNVHQ8EBAMCBDAwEwYDVR0l\n" + "BAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQEFBQADggEBAE5t7t5lXUYJGh8xu412\n" + "yREBlUxQT4Uid9Kc/GmmwiQvinKMWwjdowxtfnRR/ZzrbD5AVVQIaM6JSgzLEH3x\n" + "0geN9FqMxcaJVksnUcx9iqWm94bznoPz9FXlgQ+e6lx9vCEP1butyUhj7m8yi0pk\n" + "D8nXwf8cszaPY2tjqMa8o77/W6pDUjIGJHNIsZJwIN/qJT3Sxs9Nb8qwLfjKB7Fp\n" + "aLgC9BAb73rWdW2uQSGtWO9Bvf7/fcgOk2Su1CFZTf/ZoqFbtTQ+Qwl92buUFmTl\n" + "yo9gVmPHXZWfeYaIDwTen2FI43WmLEsge8Xlfv+TpFLTby2BWnKgtxBsHA6L9Fem\n" + "xrwxggHZMIIB1QIBATBBMC0xKzApBgNVBAMTIldES1Rlc3RDZXJ0IGFzbiwxMzEy\n" + "MDY3OTU0ODA0ODM0NTMCEBZWyLK/m7OyTm80Ec3P8LUwCQYFKw4DAhoFAKBvMBAG\n" + "CisGAQQBgjcCAQwxAjAAMBgGCSqGSIb3DQEJAzELBgkrBgEEAYI3CgEwHAYKKwYB\n" + "BAGCNwIBCzEOMAwGCisGAQQBgjcCARUwIwYJKoZIhvcNAQkEMRYEFJBgjwiqs2u+\n" + "74y1Cb725gOFBYr6MA0GCSqGSIb3DQEBAQUABIIBAI4vlVYFKOLdIfs/7kx9ADl5\n" + "zaniHZMgjKiLAljglGCzkfO46IMdOP9/KfmTTTwWBtaP9s7fv9O0XGyOl2qH8Ufg\n" + "2d+0iS7CI8CqwF1Q8NLPYrSl2peKAPNibfIVbLR2+RUJ7zHxevdVou9Dt36A59mW\n" + "BZ78THyix0mVJ1ZivfzFwarChq5S4YI2fpbugTFftlr8YkRB78ki5J2sXICkcWtU\n" + "JRBZqhvsFlsghRWbUKyp20YyPNTgaGelumFj57OLGCVGAejxme/iF8EkmrUV8zs/\n" + "FKuAqJdZ8QPdLD5sKyOL8a19md0tYpCV2ThOWD8okm8PrSMfz4fWlIKpTOi/KE0=\n" + "-----END PKCS7-----\n"; + +const unsigned char der_content[] = "\x30\x82\x02\x24\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x0c\x01\x01\x04\x10\xbb\xf6\x4d\xbf\x2b\x33\x52\x44\xba\x87\x63\xf0\x97\x88\x44\x2d\x17\x0d\x31\x36\x31\x30\x31\x31\x31\x37\x31\x33\x30\x32\x5a\x30\x0e\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x0c\x01\x02\x05\x00\x30\x82\x01\x95\x30\x82\x01\x91\x04\x52\x45\x00\x35\x00\x32\x00\x32\x00\x31\x00\x35\x00\x34\x00\x30\x00\x44\x00\x43\x00\x34\x00\x42\x00\x39\x00\x37\x00\x34\x00\x46\x00\x35\x00\x34\x00\x44\x00\x42\x00\x34\x00\x45\x00\x33\x00\x39\x00\x30\x00\x42\x00\x46\x00\x46\x00\x34\x00\x31\x00\x33\x00\x32\x00\x33\x00\x39\x00\x39\x00\x43\x00\x38\x00\x30\x00\x33\x00\x37\x00\x00\x00\x31\x82\x01\x39\x30\x40\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x0c\x02\x01\x31\x32\x30\x30\x1e\x08\x00\x46\x00\x69\x00\x6c\x00\x65\x02\x04\x10\x01\x00\x01\x04\x1e\x73\x00\x61\x00\x6d\x00\x62\x00\x61\x00\x70\x00\x31\x00\x30\x00\x30\x00\x30\x00\x2e\x00\x69\x00\x6e\x00\x66\x00\x00\x00\x30\x45\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x01\x04\x31\x37\x30\x35\x30\x10\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x01\x19\xa2\x02\x80\x00\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14\xe5\x22\x15\x40\xdc\x4b\x97\x4f\x54\xdb\x4e\x39\x0b\xff\x41\x32\x39\x9c\x80\x37\x30\x4a\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x0c\x02\x01\x31\x3c\x30\x3a\x1e\x0c\x00\x4f\x00\x53\x00\x41\x00\x74\x00\x74\x00\x72\x02\x04\x10\x01\x00\x01\x04\x24\x32\x00\x3a\x00\x36\x00\x2e\x00\x30\x00\x2c\x00\x32\x00\x3a\x00\x36\x00\x2e\x00\x31\x00\x2c\x00\x32\x00\x3a\x00\x36\x00\x2e\x00\x34\x00\x00\x00\x30\x62\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x0c\x02\x02\x31\x54\x30\x52\x1e\x4c\x00\x7b\x00\x44\x00\x45\x00\x33\x00\x35\x00\x31\x00\x41\x00\x34\x00\x32\x00\x2d\x00\x38\x00\x45\x00\x35\x00\x39\x00\x2d\x00\x31\x00\x31\x00\x44\x00\x30\x00\x2d\x00\x38\x00\x43\x00\x34\x00\x37\x00\x2d\x00\x30\x00\x30\x00\x43\x00\x30\x00\x34\x00\x46\x00\x43\x00\x32\x00\x39\x00\x35\x00\x45\x00\x45\x00\x7d\x02\x02\x02\x00\xa0\x4a\x30\x48\x30\x46\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x0c\x02\x01\x04\x38\x30\x36\x1e\x04\x00\x4f\x00\x53\x02\x04\x10\x01\x00\x01\x04\x28\x56\x00\x69\x00\x73\x00\x74\x00\x61\x00\x58\x00\x38\x00\x36\x00\x2c\x00\x37\x00\x58\x00\x38\x00\x36\x00\x2c\x00\x31\x00\x30\x00\x58\x00\x38\x00\x36\x00\x00\x00"; +#define der_content_size (sizeof(der_content)-1) +const gnutls_datum_t pkcs7_pem = {(void *) pkcs7_data, sizeof(pkcs7_data)-1}; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", "err", level, str); +} + +void doit(void) +{ + gnutls_pkcs7_t pkcs7; + const char *oid; + gnutls_datum_t data; + int ret; + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* generate a PKCS #7 structure */ + ret = gnutls_pkcs7_init(&pkcs7); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + + ret = gnutls_pkcs7_import(pkcs7, &pkcs7_pem, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + oid = gnutls_pkcs7_get_embedded_data_oid(pkcs7); + if (oid == NULL) { + fail("error in gnutls_pkcs7_get_embedded_data_oid\n"); + exit(1); + } + + assert(strcmp(oid, "1.3.6.1.4.1.311.10.1") == 0); + + ret = gnutls_pkcs7_get_embedded_data(pkcs7, GNUTLS_PKCS7_EDATA_GET_RAW, &data); + if (ret < 0) { + fail("error in gnutls_pkcs7_get_embedded_data: %s\n", gnutls_strerror(ret)); + exit(1); + } + + assert(data.size == der_content_size); + assert(memcmp(data.data, der_content, data.size) == 0); + + gnutls_pkcs7_deinit(pkcs7); + gnutls_free(data.data); +} diff --git a/tests/pkcs7-cat.sh b/tests/pkcs7-cat.sh new file mode 100755 index 0000000..86b1c6a --- /dev/null +++ b/tests/pkcs7-cat.sh @@ -0,0 +1,98 @@ +#!/bin/sh + +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +#set -e + +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi +OUTFILE=out-pkcs7.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +. ${srcdir}/scripts/common.sh + +skip_if_no_datefudge + +#try verification +datefudge -s "2010-10-10" \ +${VALGRIND} "${CERTTOOL}" --verify-allow-broken --inder --p7-verify --infile "${srcdir}/data/test1.cat" --load-certificate "${srcdir}/data/pkcs7-cat-ca.pem" +rc=$? + +if test "${rc}" = "0"; then + echo "PKCS7 verification succeeded with invalid date" + exit 1 +fi + +datefudge -s "2016-10-10" \ +${VALGRIND} "${CERTTOOL}" --verify-allow-broken --inder --p7-verify --infile "${srcdir}/data/test1.cat" --load-certificate "${srcdir}/data/pkcs7-cat-ca.pem" +rc=$? + +if test "${rc}" != "0"; then + echo "PKCS7 verification failed" + exit ${rc} +fi + +# try parsing +for FILE in test1.cat test2.cat; do +${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/data/${FILE}" > "${OUTFILE}" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 decoding failed" + exit ${rc} +fi + +${DIFF} "${OUTFILE}" "${srcdir}/data/${FILE}.out" #>/dev/null +if test "$?" != "0"; then + echo "${FILE}: PKCS7 decoding didn't produce the correct file" + exit 1 +fi +done + +rm -f "${OUTFILE}" +#test output files + +for FILE in test1.cat test2.cat; do +${VALGRIND} "${CERTTOOL}" --inder --p7-info --p7-show-data --infile "${srcdir}/data/${FILE}" --outfile "${OUTFILE}" +rc=$? + +# We're done. +if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 decoding failed" + exit ${rc} +fi + +${DIFF} "${OUTFILE}" "${srcdir}/data/${FILE}.data" >/dev/null +if test "$?" != "0"; then + echo "${FILE}: PKCS7 decoding data didn't produce the correct file" + exit 1 +fi +done + +rm -f "${OUTFILE}" + +exit 0 diff --git a/tests/pkcs7-gen.c b/tests/pkcs7-gen.c new file mode 100644 index 0000000..a96cef7 --- /dev/null +++ b/tests/pkcs7-gen.c @@ -0,0 +1,251 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static char pem1_cert[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" + "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" + "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" + "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" + "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" + "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" + "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" + "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" + "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" + "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; + +static char pem1_key[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t cert = {(void *) pem1_cert, sizeof(pem1_cert)-1}; +const gnutls_datum_t key = {(void *) pem1_key, sizeof(pem1_key)-1}; + +static time_t mytime(time_t * t) +{ + time_t then = 1199142000; + + if (t) + *t = then; + + return then; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", "err", level, str); +} + +void doit(void) +{ + gnutls_privkey_t pkey; + gnutls_x509_crt_t crt; + gnutls_pkcs7_t pkcs7; + int ret; + gnutls_pkcs7_attrs_t list1 = NULL; + gnutls_pkcs7_attrs_t list2 = NULL; + gnutls_datum_t out; + gnutls_datum_t data1 = {(unsigned char*)"xxx", 3}; + gnutls_datum_t data2 = {(unsigned char*)"yyyy", 4}; + gnutls_datum_t data3 = {(unsigned char*)"aaaaa", 5}; + gnutls_pkcs7_signature_info_st info; + char *oid; + gnutls_datum_t data; + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + ret = gnutls_privkey_init(&pkey); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_privkey_import_x509_raw(pkey, &key, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_import(crt, &cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + /* generate a PKCS #7 structure */ + ret = gnutls_pkcs7_init(&pkcs7); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs7_add_attr(&list1, "1.2.3.4", &data1, GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs7_add_attr(&list1, "2.3.4", &data2, GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs7_add_attr(&list2, "2.3.4", &data3, GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs7_sign(pkcs7, crt, pkey, &data3, list1, list2, GNUTLS_DIG_SHA256, 0); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs7_export2(pkcs7, GNUTLS_X509_FMT_PEM, &out); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + gnutls_pkcs7_deinit(pkcs7); + + /* Import and verify */ + ret = gnutls_pkcs7_init(&pkcs7); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs7_import(pkcs7, &out, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs7_get_signature_info(pkcs7, 0, &info); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs7_get_attr(info.signed_attrs, 1, &oid, &data, 0); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + if (strcmp(oid, "1.2.840.113549.1.9.3") != 0) { + fail("error in %d: %s\n", __LINE__, oid); + exit(1); + } + gnutls_free(data.data); + + ret = gnutls_pkcs7_get_attr(info.signed_attrs, 2, &oid, &data, GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + if (strcmp(oid, "1.2.3.4") != 0 || data.size != data1.size || memcmp(data.data, data1.data, data.size) != 0) { + fail("error in %d: %s\n", __LINE__, oid); + exit(1); + } + gnutls_free(data.data); + + ret = gnutls_pkcs7_get_attr(info.signed_attrs, 3, &oid, &data, GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + if (strcmp(oid, "2.3.4") != 0 || data.size != data2.size || memcmp(data.data, data2.data, data.size) != 0) { + fail("error in %d: %s\n", __LINE__, oid); + exit(1); + } + gnutls_free(data.data); + + ret = gnutls_pkcs7_get_attr(info.unsigned_attrs, 0, &oid, &data, GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + if (strcmp(oid, "2.3.4") != 0 || data.size != data3.size || memcmp(data.data, data3.data, data.size) != 0) { + fail("error in %d: %s\n", __LINE__, oid); + exit(1); + } + gnutls_free(data.data); + + gnutls_pkcs7_signature_info_deinit(&info); + + ret = gnutls_pkcs7_verify_direct(pkcs7, crt, 0, &data3, 0); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + gnutls_free(out.data); + gnutls_pkcs7_attrs_deinit(list1); + gnutls_pkcs7_attrs_deinit(list2); + gnutls_pkcs7_deinit(pkcs7); + gnutls_privkey_deinit(pkey); + gnutls_x509_crt_deinit(crt); +} diff --git a/tests/pkcs7-verify-double-free.c b/tests/pkcs7-verify-double-free.c new file mode 100644 index 0000000..fadf307 --- /dev/null +++ b/tests/pkcs7-verify-double-free.c @@ -0,0 +1,215 @@ +/* + * Copyright (C) 2022 Red Hat, Inc. + * + * Author: Zoltan Fridrich + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS. If not, see . + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include "utils.h" + +static char rca_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n" + "cGxlIENBMCAXDTE3MDcyMTE0NDMzNloYDzIyMjIwNzIxMTQ0MzM2WjAVMRMwEQYD\n" + "VQQKDApFeGFtcGxlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n" + "v8hnKPJ/IA0SQB/A/a0Uh+npZ67vsgIMrtTQo0r0kJkmkBz5323xO3DVuJfB3QmX\n" + "v9zvoeCQLuDvWar5Aixfxgm6s5Q+yPvJj9t3NebDrU+Y4+qyewBIJUF8EF/5iBPC\n" + "ZHONmzbfIRWvQWGGgb2CRcOHp2J7AY/QLB6LsWPaLjs/DHva28Q13JaTTHIpdu8v\n" + "t6vHr0nXf66DN4MvtoF3N+o+v3snJCMsfXOqASi4tbWR7gtOfCfiz9uBjh0W2Dut\n" + "/jclBQkJkLe6esNSM+f4YiOpctVDjmfj8yoHCp394vt0wFqhG38wsTFAyVP6qIcf\n" + "5zoSu9ovEt2cTkhnZHjiiwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\n" + "DwEB/wQEAwIBBjAdBgNVHQ4EFgQUhjeO6Uc5imbjOl2I2ltVA27Hu9YwHwYDVR0j\n" + "BBgwFoAUhjeO6Uc5imbjOl2I2ltVA27Hu9YwDQYJKoZIhvcNAQELBQADggEBAD+r\n" + "i/7FsbG0OFKGF2+JOnth6NjJQcMfM8LiglqAuBUijrv7vltoZ0Z3FJH1Vi4OeMXn\n" + "l7X/9tWUve0uFl75MfjDrf0+lCEdYRY1LCba2BrUgpbbkLywVUdnbsvndehegCgS\n" + "jss2/zys3Hlo3ZaHlTMQ/NQ4nrxcxkjOvkZSEOqgxJTLpzm6pr7YUts4k6c6lNiB\n" + "FSiJiDzsJCmWR9C3fBbUlfDfTJYGN3JwqX270KchXDElo8gNoDnF7jBMpLFFSEKm\n" + "MyfbNLX/srh+CEfZaN/OZV4A3MQ0L8vQEp6M4CJhvRLIuMVabZ2coJ0AzystrOMU\n" + "LirBWjg89RoAjFQ7bTE=\n" + "-----END CERTIFICATE-----\n"; + +static char ca_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n" + "cGxlIENBMCAXDTE3MDcyMTE0NDQzNFoYDzIyMjIwNzIxMTQ0NDM0WjAiMSAwHgYD\n" + "VQQKDBdFeGFtcGxlIGludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD\n" + "ggEPADCCAQoCggEBAKb9ACB8u//sP6MfNU1OsVw68xz3eTPLgKxS0vpqexm6iGVg\n" + "ug/o9uYRLzqiEukv/eyz9WzHmY7sqlOJjOFdv92+SaNg79Jc51WHPFXgea4/qyfr\n" + "4y14PGs0SNxm6T44sXurUs7cXydQVUgnq2VCaWFOTUdxXoAWkV8r8GaUoPD/klVz\n" + "RqxSZVETmX1XBKhsMnnov41kRwVph2C+VfUspsbaUZaz/o/S1/nokhXRACzKsMBr\n" + "obqiGxbY35uVzsmbAW5ErhQz98AWJL3Bub1fsEMXg6OEMmPH4AtX888dTIYZNw0E\n" + "bUIESspz1kjJQTtVQDHTprhwz16YiSVeUonlLgMCAwEAAaNjMGEwDwYDVR0TAQH/\n" + "BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPBjxDWjMhjXERirKF9O\n" + "o/5Cllc5MB8GA1UdIwQYMBaAFIY3julHOYpm4zpdiNpbVQNux7vWMA0GCSqGSIb3\n" + "DQEBCwUAA4IBAQCTm+vv3hBa6lL5IT+Fw8aTxQ2Ne7mZ5oyazhvXYwwfKNMX3SML\n" + "W2JdPaL64ZwbxxxYvW401o5Z0CEgru3YFrsqB/hEdl0Uf8UWWJmE1rRa+miTmbjt\n" + "lrLNCWdrs6CiwvsPITTHg7jevB4KyZYsTSxQFcyr3N3xF+6EmOTC4IkhPPnXYXcp\n" + "248ih+WOavSYoRvzgB/Dip1WnPYU2mfIV3O8JReRryngA0TzWCLPLUoWR3R4jwtC\n" + "+1uSLoqaenz3qv3F1WEbke37az9YJuXx/5D8CqFQiZ62TUUtI6fYd8mkMBM4Qfh6\n" + "NW9XrCkI9wlpL5K9HllhuW0BhKeJkuPpyQ2p\n" + "-----END CERTIFICATE-----\n"; + +static char ee_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdFeGFt\n" + "cGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzdaGA8yMjIyMDcyMTE0\n" + "NDUzN1owFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEBBQAD\n" + "ggEPADCCAQoCggEBAMb1uuxppBFY+WVD45iyHUq7DkIJNNOI/JRaybVJfPktWq2E\n" + "eNe7XhV05KKnqZTbDO2iYqNHqGhZ8pz/IstDRTZP3z/q1vXTG0P9Gx28rEy5TaUY\n" + "QjtD+ZoFUQm0ORMDBjd8jikqtJ87hKeuOPMH4rzdydotMaPQSm7KLzHBGBr6gg7z\n" + "g1IxPWkhMyHapoMqqrhjwjzoTY97UIXpZTEoIA+KpEC8f9CciBtL0i1MPBjWozB6\n" + "Jma9q5iEwZXuRr3cnPYeIPlK2drgDZCMuSFcYiT8ApLw5OhKqY1m2EvfZ2ox2s9R\n" + "68/HzYdPi3kZwiNEtlBvMlpt5yKBJAflp76d7DkCAwEAAaNuMGwwCwYDVR0PBAQD\n" + "AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUc+Mi\n" + "kr8WMCk00SQo+P2iggp/oQkwHwYDVR0jBBgwFoAU8GPENaMyGNcRGKsoX06j/kKW\n" + "VzkwDQYJKoZIhvcNAQELBQADggEBAKU9+CUR0Jcfybd1+8Aqgh1RH96yQygnVuyt\n" + "Na9rFz4fM3ij9tGXDHXrkZw8bW1dWLU9quu8zeTxKxc3aiDIw739Alz0tukttDo7\n" + "dW7YqIb77zsIsWB9p7G9dlxT6ieUy+5IKk69BbeK8KR0vAciAG4KVQxPhuPy/LGX\n" + "PzqlJIJ4h61s3UOroReHPB1keLZgpORqrvtpClOmABH9TLFRJA/WFg8Q2XYB/p0x\n" + "l/pWiaoBC+8wK9cDoMUK5yOwXeuCLffCb+UlAD0+z/qxJ2pisE8E9X8rRKRrWI+i\n" + "G7LtJCEn86EQK8KuRlJxKgj8lClZhoULB0oL4jbblBuNow9WRmM=\n" + "-----END CERTIFICATE-----\n"; + +static char msg_pem[] = + "-----BEGIN PKCS7-----\n" + "MIIK2QYJKoZIhvcNAQcCoIIKyjCCCsYCAQExDTALBglghkgBZQMEAgEwCwYJKoZI\n" + "hvcNAQcBoIIJTzCCAwowggHyoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwFTETMBEG\n" + "A1UECgwKRXhhbXBsZSBDQTAgFw0xNzA3MjExNDQzMjFaGA8yMjIyMDcyMTE0NDMy\n" + "MVowFTETMBEGA1UECgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" + "ADCCAQoCggEBAL51eyE4j8wAKQKMGlO9HEY2iaGvsdPSJmidSdmCi1jnNK39Lx4Y\n" + "31h279hSHF5wtI6VM91HHfeLf1mjEZHlKrXXJQzBPLpbHWapD778drHBitOP8e56\n" + "fDMIfofLV4tkMk8690vPe4cJH1UHGspMyz6EQF9kPRaW80XtMV/6dalgL/9Esmaw\n" + "XBNPJAS1VutDuXQkJ/3/rWFLmkpYHHtGPjX782YRmT1s+VOVTsLqmKx0TEL8A381\n" + "bbElHPUAMjPcyWR5qqA8KWnS5Dwqk3LwI0AvuhQytCq0S7Xl4DXauvxwTRXv0UU7\n" + "W8r3MLAw9DnlnJiD/RFjw5rbGO3wMePk/qUCAwEAAaNjMGEwDwYDVR0TAQH/BAUw\n" + "AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIh2KRoKJoe2VtpOwWMkRAkR\n" + "mLWKMB8GA1UdIwQYMBaAFIh2KRoKJoe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEB\n" + "CwUAA4IBAQBovvlOjoy0MCT5U0eWfcPQQjY4Ssrn3IiPNlVkqSNo+FHX+2baTLVQ\n" + "5QTHxwXwzdIJiwtjFWDdGEQXqmuIvnFG+u/whGbeg6oQygfnQ5Y+q6epOxCsPgLQ\n" + "mKKEaF7mvh8DauUx4QSbYCNGCctOZuB1vlN9bJ3/5QbH+2pFPOfCr5CAyPDwHo6S\n" + "qO3yPcutRwT9xS7gXEHM9HhLp+DmdCGh4eVBPiFilyZm1d92lWxU8oxoSfXgzDT/\n" + "GCzlMykNZNs4JD9QmiRClP/3U0dQbOhah/Fda+N+L90xaqEgGcvwKKZa3pzo59pl\n" + "BbkcIP4YPyHeinwkgAn5UVJg9DOxNCS0MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG\n" + "9w0BAQsFADAVMRMwEQYDVQQKDApFeGFtcGxlIENBMCAXDTE3MDcyMTE0NDQxM1oY\n" + "DzIyMjIwNzIxMTQ0NDEzWjAiMSAwHgYDVQQKDBdFeGFtcGxlIGludGVybWVkaWF0\n" + "ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPFDEvDANwvhviu\n" + "pwXTvaKyxyX94jVu1wgAhIRyQBVRiMbrn8MEufLG8oA0vKd8s92gv/lWe1jFb2rn\n" + "91jMkZWsjWjiJFD6SzqFfBo+XxOGikEqO1MAf92UqavmSGlXVRG1Vy7T7dWibZP0\n" + "WODhHYWayR0Y6owSz5IqNfrHXzDME+lSJxHgRFI7pK+b0OgiVmvyXDKFPvyU6GrP\n" + "lxXDi/XbjyPvC5gpiwtTgm+s8KERwmdlfZUNjkh2PpHx1g1joijHT3wIvO/Pek1E\n" + "C+Xs6w3XxGgL6TTL7FDuv4AjZVX9KK66/yBhX3aN8bkqAg+hs9XNk3zzWC0XEFOS\n" + "Qoh2va0CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\n" + "HQYDVR0OBBYEFHwi/7dUWGjkMWJctOm7MCjjQj1cMB8GA1UdIwQYMBaAFIh2KRoK\n" + "Joe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEBCwUAA4IBAQCF6sHCBdYRwBwvfCve\n" + "og9cPnmPqZrG4AtmSvtoSsMvgvKb/4z3/gG8oPtTBkeRcAHoMoEp/oA+B2ylwIAc\n" + "S5U7jx+lYH/Pqih0X/OcOLbaMv8uzGSGQxk+L9LuuIT6E/THfRRIPEvkDkzC+/uk\n" + "7vUbG17bSEWeF0o/6sjzAY2aH1jnbCDyu0UC78GXkc6bZ5QlH98uLMDMrOmqcZjS\n" + "JFfvuRDQyKV5yBdBkYaobsIWSQDsgYxJzf/2y8c3r+HXqT+jhrXPWJ3btgMPxpu7\n" + "E8KmoFgp9EM+48oYlXJ66rk08/KjaVmgN7R+Hm3e2+MFT2kme4fBKalLjcazTe3x\n" + "0FisMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdF\n" + "eGFtcGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzBaGA8yMjIyMDcy\n" + "MTE0NDUzMVowFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEB\n" + "BQADggEPADCCAQoCggEBAMjhSqhdD5RjmOm6W3hG7zkgKBP9whRN/SipcdEMlkgc\n" + "F/U3QMu66qIfKwheNdWalC1JLtruLDWP92ysa6Vw+CCG8aSax1AgB//RKQB7kgPA\n" + "9js9hi/oCdBmCv2HJxhWSLz+MVoxgzW4C7S9FenI+btxe/99Uw4nOw7kwjsYDLKr\n" + "tMw8myv7aCW/63CuBYGtohiZupM3RI3kKFcZots+KRPLlZpjv+I2h9xSln8VxKNb\n" + "XiMrYwGfHB7iX7ghe1TvFjKatEUhsqa7AvIq7nfe/cyq97f0ODQO814njgZtk5iQ\n" + "JVavXHdhTVaypt1HdAFMuHX5UATylHxx9tRCgSIijUsCAwEAAaNuMGwwCwYDVR0P\n" + "BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU\n" + "31+vHl4E/2Jpnwinbzf+d7usshcwHwYDVR0jBBgwFoAUfCL/t1RYaOQxYly06bsw\n" + "KONCPVwwDQYJKoZIhvcNAQELBQADggEBAAWe63DcNwmleQ3INFGDJZ/m2I/R/cBa\n" + "nnrxgR5Ey1ljHdA/x1z1JLTGmGVwqGExs5DNG9Q//Pmc9pZ1yPa8J4Xf8AvFcmkY\n" + "mWoH1HvW0xu/RF1UN5SAoD2PRQ+Vq4OSPD58IlEu/u4o1wZV7Wl91Cv6VNpiAb63\n" + "j9PA1YacOpOtcRqG59Vuj9HFm9f30ejHVo2+KJcpo290cR3Zg4fOm8mtjeMdt/QS\n" + "Atq+RqPAQ7yxqvEEv8zPIZj2kAOQm3mh/yYqBrR68lQUD/dBTP7ApIZkhUK3XK6U\n" + "nf9JvoF6Fn2+Cnqb//FLBgHSnoeqeQNwDLUXTsD02iYxHzJrhokSY4YxggFQMIIB\n" + "TAIBATAnMCIxIDAeBgNVBAoMF0V4YW1wbGUgaW50ZXJtZWRpYXRlIENBAgEBMAsG\n" + "CWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQATHg6wNsBcs/Ub1GQfKwTpKCk5\n" + "8QXuNnZ0u7b6mKgrSY2Gf47fpL2aRgaR+BAQncbctu5EH/IL38pWjaGtOhFAj/5q\n" + "7luVQW11kuyJN3Bd/dtLqawWOwMmAIEigw6X50l5ZHnEVzFfxt+RKTNhk4XWVtbi\n" + "2iIlITOplW0rnvxYAwCxKL9ocaB7etK8au7ixMxbFp75Ts4iLX8dhlAFdCuFCk8k\n" + "B8mi9HHuwr3QYRqMPW61hu1wBL3yB8eoZNOwPXb0gkIh6ZvgptxgQzm/cc+Iw9fP\n" + "QkR0fTM7ElJ5QZmSV98AUbZDHmDvpmcjcUxfSPMc3IoT8T300usRu7QHqKJi\n" + "-----END PKCS7-----\n"; + +const gnutls_datum_t rca_datum = { (void *)rca_pem, sizeof(rca_pem) - 1 }; +const gnutls_datum_t ca_datum = { (void *)ca_pem, sizeof(ca_pem) - 1 }; +const gnutls_datum_t ee_datum = { (void *)ee_pem, sizeof(ee_pem) - 1 }; +const gnutls_datum_t msg_datum = { (void *)msg_pem, sizeof(msg_pem) - 1 }; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", "err", level, str); +} + +#define CHECK(X)\ +{\ + r = X;\ + if (r < 0)\ + fail("error in %d: %s\n", __LINE__, gnutls_strerror(r));\ +}\ + +void doit(void) +{ + int r; + gnutls_x509_crt_t rca_cert = NULL; + gnutls_x509_crt_t ca_cert = NULL; + gnutls_x509_crt_t ee_cert = NULL; + gnutls_x509_trust_list_t tlist = NULL; + gnutls_pkcs7_t pkcs7 = NULL; + gnutls_datum_t data = { (unsigned char *)"xxx", 3 }; + + if (debug) { + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4711); + } + + // Import certificates + CHECK(gnutls_x509_crt_init(&rca_cert)); + CHECK(gnutls_x509_crt_import(rca_cert, &rca_datum, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_x509_crt_init(&ca_cert)); + CHECK(gnutls_x509_crt_import(ca_cert, &ca_datum, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_x509_crt_init(&ee_cert)); + CHECK(gnutls_x509_crt_import(ee_cert, &ee_datum, GNUTLS_X509_FMT_PEM)); + + // Setup trust store + CHECK(gnutls_x509_trust_list_init(&tlist, 0)); + CHECK(gnutls_x509_trust_list_add_named_crt(tlist, rca_cert, "rca", 3, 0)); + CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ca_cert, "ca", 2, 0)); + CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ee_cert, "ee", 2, 0)); + + // Setup pkcs7 structure + CHECK(gnutls_pkcs7_init(&pkcs7)); + CHECK(gnutls_pkcs7_import(pkcs7, &msg_datum, GNUTLS_X509_FMT_PEM)); + + // Signature verification + gnutls_pkcs7_verify(pkcs7, tlist, NULL, 0, 0, &data, 0); + + gnutls_x509_crt_deinit(rca_cert); + gnutls_x509_crt_deinit(ca_cert); + gnutls_x509_crt_deinit(ee_cert); + gnutls_x509_trust_list_deinit(tlist, 0); + gnutls_pkcs7_deinit(pkcs7); +} diff --git a/tests/pkcs7.c b/tests/pkcs7.c new file mode 100644 index 0000000..2d5a554 --- /dev/null +++ b/tests/pkcs7.c @@ -0,0 +1,141 @@ +/* + * Copyright (C) 2006-2012 Free Software Foundation, Inc. + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* This program will load certificates from CERT_DIR and try to print + * them. If CERT_DIR/certname.err is available, it should contain the + * error code that gnutls_x509_crt_import() should return. + */ + +#define CERT_DIR "pkcs7-interesting" + +static int getnextfile(DIR **dirp, gnutls_datum_t *der, int *exp_ret) +{ + struct dirent *d; + char path[256]; + char cert_dir[256]; + const char *src; + int ret; + gnutls_datum_t local; + + src = getenv("srcdir"); + if (src == NULL) + src = "."; + + snprintf(cert_dir, sizeof(cert_dir), "%s/%s", src, CERT_DIR); + + if (*dirp == NULL) { + *dirp = opendir(cert_dir); + if (*dirp == NULL) + return -1; + } + + do { + d = readdir(*dirp); + if (d != NULL +#ifdef _DIRENT_HAVE_D_TYPE + && d->d_type == DT_REG +#endif + ) { + if (strstr(d->d_name, ".der") == 0) + continue; + if (strstr(d->d_name, ".err") != 0) + continue; + snprintf(path, sizeof(path), "%s/%s", cert_dir, d->d_name); + + success("Loading %s\n", path); + ret = gnutls_load_file(path, der); + if (ret < 0) { + return -1; + } + + snprintf(path, sizeof(path), "%s/%s.err", cert_dir, d->d_name); + success("Loading errfile %s\n", path); + ret = gnutls_load_file(path, &local); + if (ret < 0) { /* not found assume success */ + *exp_ret = 0; + } else { + *exp_ret = atoi((char*)local.data); + success("expecting error code %d\n", *exp_ret); + gnutls_free(local.data); + } + + return 0; + } + } while(d != NULL); + + closedir(*dirp); + return -1; /* finished */ +} + +void doit(void) +{ + int ret, exp_ret; + gnutls_pkcs7_t cert; + gnutls_datum_t der; + DIR *dirp = NULL; + + ret = global_init(); + if (ret < 0) + fail("init %d\n", ret); + + while (getnextfile(&dirp, &der, &exp_ret)==0) { + ret = gnutls_pkcs7_init(&cert); + if (ret < 0) + fail("crt_init %d\n", ret); + + ret = gnutls_pkcs7_import(cert, &der, GNUTLS_X509_FMT_DER); + if (ret != exp_ret) { + fail("crt_import %s\n", gnutls_strerror(ret)); + } + + if (ret == 0) { + /* attempt to fully decode */ + gnutls_datum_t out; + ret = gnutls_pkcs7_print(cert, GNUTLS_CRT_PRINT_FULL, &out); + if (ret < 0) { + fail("print: %s\n", gnutls_strerror(ret)); + } + gnutls_free(out.data); + } + + gnutls_pkcs7_deinit(cert); + gnutls_free(der.data); + der.size = 0; + exp_ret = -1; + } + + gnutls_global_deinit(); +} diff --git a/tests/pkcs8-key-decode-encrypted.c b/tests/pkcs8-key-decode-encrypted.c new file mode 100644 index 0000000..48ab9b6 --- /dev/null +++ b/tests/pkcs8-key-decode-encrypted.c @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Daniel Berrange + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include + +#include "utils.h" + +#define PRIVATE_KEY \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" \ + "MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAiebBrnqPv4owICCAAw\n" \ + "HQYJYIZIAWUDBAEqBBBykFR6i1My/DYFBYrz1lmABIGQ3XGpp3+v/ENC1S+X7Ay6\n" \ + "JoquYKuMw6yUmWoGFvPIPA9UWqMve2Uj4l2l96Sywd6iNFP63ow6pIq4wUP6REuY\n" \ + "ZhCgoAOQomeFqhAhkw6QJCygp5vw2rh9OZ5tiP/Ko6IDTA2rSas91nepHpQOb247\n" \ + "zta5XzXb5TRkBsVU8tAPADP+wS/vBCS05ne1wmhdD6c6\n" \ + "-----END ENCRYPTED PRIVATE KEY-----\n" + + +static int test_decode(void) +{ + gnutls_x509_privkey_t key; + const gnutls_datum_t data = { + (unsigned char *)PRIVATE_KEY, + strlen(PRIVATE_KEY) + }; + int err; + + if ((err = gnutls_x509_privkey_init(&key)) < 0) { + fail("Failed to init key %s\n", gnutls_strerror(err)); + } + + err = gnutls_x509_privkey_import_pkcs8(key, &data, + GNUTLS_X509_FMT_PEM, "", 0); + if (err != GNUTLS_E_DECRYPTION_FAILED) { + fail("Unexpected error code: %s/%d\n", gnutls_strerror(err), err); + } + + err = gnutls_x509_privkey_import_pkcs8(key, &data, + GNUTLS_X509_FMT_PEM, "password", 0); + if (err != 0) { + fail("Unexpected error code: %s\n", gnutls_strerror(err)); + } + + success("Loaded key\n%s", PRIVATE_KEY); + + gnutls_x509_privkey_deinit(key); + return 0; +} + +void doit(void) +{ + test_decode(); +} diff --git a/tests/pkcs8-key-decode.c b/tests/pkcs8-key-decode.c new file mode 100644 index 0000000..0f570ac --- /dev/null +++ b/tests/pkcs8-key-decode.c @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Daniel Berrange + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include + +#include "utils.h" + +# define PRIVATE_KEY \ + "-----BEGIN PRIVATE KEY-----\n" \ + "MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALVcr\n" \ + "BL40Tm6yq88FBhJNw1aaoCjmtg0l4dWQZ/e9Fimx4ARxFpT+ji4FE\n" \ + "Cgl9s/SGqC+1nvlkm9ViSo0j7MKDbnDB+VRHDvMAzQhA2X7e8M0n9\n" \ + "rPolUY2lIVC83q0BBaOBkCj2RSmT2xTEbbC2xLukSrg2WP/ihVOxc\n" \ + "kXRuyFtzAgMBAAECgYB7slBexDwXrtItAMIH6m/U+LUpNe0Xx48OL\n" \ + "IOn4a4whNgO/o84uIwygUK27ZGFZT0kAGAk8CdF9hA6ArcbQ62s1H\n" \ + "myxrUbF9/mrLsQw1NEqpuUk9Ay2Tx5U/wPx35S3W/X2AvR/ZpTnCn\n" \ + "2q/7ym9fyiSoj86drD7BTvmKXlOnOwQJBAPOFMp4mMa9NGpGuEssO\n" \ + "m3Uwbp6lhcP0cA9MK+iOmeANpoKWfBdk5O34VbmeXnGYWEkrnX+9J\n" \ + "bM4wVhnnBWtgBMCQQC+qAEmvwcfhauERKYznMVUVksyeuhxhCe7EK\n" \ + "mPh+U2+g0WwdKvGDgO0PPt1gq0ILEjspMDeMHVdTwkaVBo/uMhAkA\n" \ + "Z5SsZyCP2aTOPFDypXRdI4eqRcjaEPOUBq27r3uYb/jeboVb2weLa\n" \ + "L1MmVuHiIHoa5clswPdWVI2y0em2IGoDAkBPSp/v9VKJEZabk9Frd\n" \ + "a+7u4fanrM9QrEjY3KhduslSilXZZSxrWjjAJPyPiqFb3M8XXA26W\n" \ + "nz1KYGnqYKhLcBAkB7dt57n9xfrhDpuyVEv+Uv1D3VVAhZlsaZ5Pp\n" \ + "dcrhrkJn2sa/+O8OKvdrPSeeu/N5WwYhJf61+CPoenMp7IFci\n" \ + "-----END PRIVATE KEY-----\n" + +static int test_load(void) +{ + gnutls_x509_privkey_t key; + const gnutls_datum_t data = { + (unsigned char *)PRIVATE_KEY, + strlen(PRIVATE_KEY) + }; + int err; + + if ((err = gnutls_x509_privkey_init(&key)) < 0) { + fail("Failed to init key %s\n", gnutls_strerror(err)); + exit(1); + } + + if ((err = gnutls_x509_privkey_import(key, &data, + GNUTLS_X509_FMT_PEM)) < 0) { + fail("Failed to import key %s\n", gnutls_strerror(err)); + exit(1); + } + + success("Loaded key\n%s", PRIVATE_KEY); + + gnutls_x509_privkey_deinit(key); + return 0; +} + +void doit(void) +{ + test_load(); +} diff --git a/tests/pkgconfig.sh b/tests/pkgconfig.sh new file mode 100755 index 0000000..b06ffa5 --- /dev/null +++ b/tests/pkgconfig.sh @@ -0,0 +1,84 @@ +#!/bin/sh + +# Copyright (C) 2017 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${top_builddir=..} +: ${PKG_CONFIG=pkg-config} +: ${CC=cc} +unset RETCODE +TMPFILE=c.$$.tmp.c +TMPFILE_O=c.$$.tmp.o + +echo "$CFLAGS"|grep sanitize && exit 77 + +${PKG_CONFIG} --version >/dev/null || exit 77 + +${PKG_CONFIG} --libs nettle +if test $? != 0;then + echo "Nettle was not found in pkg-config" + exit 77 +fi + +for lib in libidn2 p11-kit-1 +do + OTHER=$(${PKG_CONFIG} --libs --static $lib) + if test -n "${OTHER}" && test "${OTHER#*-R}" != "$OTHER";then + echo "Found invalid string in $lib flags: ${OTHER}" + exit 77 + fi +done + +if ! test -r ${top_builddir}/lib/gnutls.pc ;then + echo "gnutls.pc not present at ${top_builddir}/lib" + exit 1 +fi + +PKG_CONFIG_PATH=${top_builddir}/lib:$PKG_CONFIG_PATH +export PKG_CONFIG_PATH + +set -e + +cat >$TMPFILE <<__EOF__ +#include + +int main() +{ +gnutls_global_init(); +} +__EOF__ + +COMMON="-I${top_builddir}/lib/includes -L${top_builddir}/lib/.libs -I${srcdir}/../lib/includes" +echo "Trying dynamic linking with:" +echo " * flags: $(${PKG_CONFIG} --libs gnutls)" +echo " * common: ${COMMON}" +echo " * lib: ${CFLAGS}" +echo cc ${TMPFILE} -o ${TMPFILE_O} $(${PKG_CONFIG} --libs gnutls) $(${PKG_CONFIG} --cflags gnutls) ${COMMON} +${CC} ${TMPFILE} -o ${TMPFILE_O} $(${PKG_CONFIG} --libs gnutls) $(${PKG_CONFIG} --cflags gnutls) ${COMMON} + +echo "" +echo "Trying static linking with $(${PKG_CONFIG} --libs --static gnutls)" +echo cc ${TMPFILE} -o ${TMPFILE_O} $(${PKG_CONFIG} --static --libs gnutls) $(${PKG_CONFIG} --cflags gnutls) ${COMMON} +${CC} ${TMPFILE} -o ${TMPFILE_O} $(${PKG_CONFIG} --static --libs gnutls) $(${PKG_CONFIG} --cflags gnutls) ${COMMON} + +rm -f ${TMPFILE} ${TMPFILE_O} + +exit 0 diff --git a/tests/post-client-hello-change-prio.c b/tests/post-client-hello-change-prio.c new file mode 100644 index 0000000..e87becc --- /dev/null +++ b/tests/post-client-hello-change-prio.c @@ -0,0 +1,149 @@ +/* + * Copyright (C) 2018 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* Tests whether the post_client_hello callback can modify + * the available priorities. This is used by apache's mod_gnutls. + */ + +const char *side; +static int pch_ok = 0; +const char *override_prio = NULL; + +static int post_client_hello_callback(gnutls_session_t session) +{ + if (override_prio) { + assert(gnutls_priority_set_direct(session, override_prio, NULL) >= 0); + } + pch_ok = 1; + return 0; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static +void start(const char *name, const char *client_prio, const char *server_prio, int expected) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + success("trying %s\n", name); + + pch_ok = 0; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM)>=0); + assert(gnutls_init(&server, GNUTLS_SERVER)>=0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert(gnutls_priority_set_direct(server, server_prio, NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_handshake_set_post_client_hello_function(server, + post_client_hello_callback); + + assert(gnutls_certificate_allocate_credentials(&clientx509cred)>=0); + assert(gnutls_init(&client, GNUTLS_CLIENT)>=0); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + assert(gnutls_priority_set_direct(client, client_prio, NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + if (expected > 0) { + int ret; + + HANDSHAKE(client, server); + + ret = gnutls_protocol_get_version(client); + assert(expected == ret); + + ret = gnutls_protocol_get_version(server); + assert(expected == ret); + } else { + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + if (pch_ok == 0) + fail("Post client hello callback wasn't called\n"); + + reset_buffers(); +} + +void doit(void) +{ + override_prio = "NORMAL"; + start("tls1.2-only", "NORMAL:-VERS-ALL:+VERS-TLS1.2", "NORMAL:-VERS-ALL:+VERS-TLS1.2", GNUTLS_TLS1_2); + start("tls1.3-only", "NORMAL:-VERS-ALL:+VERS-TLS1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_TLS1_3); + start("default", "NORMAL", "NORMAL", GNUTLS_TLS1_3); + override_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2"; + start("default overridden to TLS1.2-only", "NORMAL", "NORMAL", GNUTLS_TLS1_2); + override_prio = NULL; + start("client tls1.2-only, server tls1.2-disabled", + "NORMAL:-VERS-ALL:+VERS-TLS1.2", "NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:-VERS-SSL3.0", -1); + override_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2"; + start("client tls1.2-only, server tls1.2-disabled initially, but allow it afterwards", + "NORMAL:-VERS-ALL:+VERS-TLS1.2", "NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:-VERS-SSL3.0", GNUTLS_TLS1_2); +} diff --git a/tests/prf.c b/tests/prf.c new file mode 100644 index 0000000..02a174d --- /dev/null +++ b/tests/prf.c @@ -0,0 +1,477 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(ENABLE_ALPN) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests whether the gnutls_prf() works as + * expected. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +static unsigned char server_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIDIzCCAgugAwIBAgIMUz8PCR2sdRK56V6OMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" +"BgNVBAMTBENBLTEwIhgPMjAxNDA0MDQxOTU5MDVaGA85OTk5MTIzMTIzNTk1OVow\n" +"EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" +"AoIBAQDZ3dCzh9gOTOiOb2dtrPu91fYYgC/ey0ACYjQxaru7FZwnuXPhQK9KHsIV\n" +"YRIyo49wjKZddkHet2sbpFAAeETZh8UUWLRb/mupyaSJMycaYCNjLZCUJTztvXxJ\n" +"CCNfbtgvKC+Vu1mu94KBPatslgvnsamH7AiL5wmwRRqdH/Z93XaEvuRG6Zk0Sh9q\n" +"ZMdCboGfjtmGEJ1V+z5CR+IyH4sckzd8WJW6wBSEwgliGaXnc75xKtFWBZV2njNr\n" +"8V1TOYOdLEbiF4wduVExL5TKq2ywNkRpUfK2I1BcWS5D9Te/QT7aSdE08rL6ztmZ\n" +"IhILSrMOfoLnJ4lzXspz3XLlEuhnAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYD\n" +"VR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJXR\n" +"raRS5MVhEqaRE42A3S2BIj7UMB8GA1UdIwQYMBaAFP6S7AyMRO2RfkANgo8YsCl8\n" +"JfJkMA0GCSqGSIb3DQEBCwUAA4IBAQCQ62+skMVZYrGbpab8RI9IG6xH8kEndvFj\n" +"J7wBBZCOlcjOj+HQ7a2buF5zGKRwAOSznKcmvZ7l5DPdsd0t5/VT9LKSbQ6+CfGr\n" +"Xs5qPaDJnRhZkOILCvXJ9qyO+79WNMsg9pWnxkTK7aWR5OYE+1Qw1jG681HMkWTm\n" +"nt7et9bdiNNpvA+L55569XKbdtJLs3hn5gEQFgS7EaEj59aC4vzSTFcidowCoa43\n" +"7JmfSfC9YaAIFH2vriyU0QNf2y7cG5Hpkge+U7uMzQrsT77Q3SDB9WkyPAFNSB4Q\n" +"B/r+OtZXOnQhLlMV7h4XGlWruFEaOBVjFHSdMGUh+DtaLvd1bVXI\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIIDATCCAemgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwNDA0MTk1OTA1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvhyQfsUm3T0xK\n" +"jiBXO3H6Y27b7lmCRYZQCmXCl2sUsGDL7V9biavTt3+sorWtH542/cTGDh5n8591\n" +"7rVxAB/VASmN55O3fjZyFGrjusjhXBla0Yxe5rZ/7/Pjrq84T7gc/IXiX9Sums/c\n" +"o9AeoykfhsjV2ubhh4h+8uPsHDTcAFTxq3mQaoldwnW2nmjDFzaKLtQdnyFf41o6\n" +"nsJCK/J9PtpdCID5Zb+eQfu5Yhk1iUHe8a9TOstCHtgBq61YzufDHUQk3zsT+VZM\n" +"20lDvSBnHdWLjxoea587JbkvtH8xRR8ThwABSb98qPnhJ8+A7mpO89QO1wxZM85A\n" +"xEweQlMHAgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQU/pLsDIxE7ZF+QA2CjxiwKXwl8mQwHwYDVR0jBBgwFoAUGD0R\n" +"Yr2H7kfjQUcBMxSTCDQnhu0wDQYJKoZIhvcNAQELBQADggEBANEXLUV+Z1PGTn7M\n" +"3rPT/m/EamcrZJ3vFWrnfN91ws5llyRUKNhx6222HECh3xRSxH9YJONsbv2zY6sd\n" +"ztY7lvckL4xOgWAjoCVTx3hqbZjDxpLRsvraw1PlqBHlRQVWLKlEQ55+tId2zgMX\n" +"Z+wxM7FlU/6yWVPODIxrqYQd2KqaEp4aLIklw6Hi4HD6DnQJikjsJ6Noe0qyX1Tx\n" +"uZ8mgP/G47Fe2d2H29kJ1iJ6hp1XOqyWrVIh/jONcnTvWS8aMqS3MU0EJH2Pb1Qa\n" +"KGIvbd/3H9LykFTP/b7Imdv2fZxXIK8jC+jbF1w6rdBCVNA0p30X/jonoC3vynEK\n" +"5cK0cgs=\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = +"-----BEGIN RSA PRIVATE KEY-----\n" +"MIIEpQIBAAKCAQEA2d3Qs4fYDkzojm9nbaz7vdX2GIAv3stAAmI0MWq7uxWcJ7lz\n" +"4UCvSh7CFWESMqOPcIymXXZB3rdrG6RQAHhE2YfFFFi0W/5rqcmkiTMnGmAjYy2Q\n" +"lCU87b18SQgjX27YLygvlbtZrveCgT2rbJYL57Gph+wIi+cJsEUanR/2fd12hL7k\n" +"RumZNEofamTHQm6Bn47ZhhCdVfs+QkfiMh+LHJM3fFiVusAUhMIJYhml53O+cSrR\n" +"VgWVdp4za/FdUzmDnSxG4heMHblRMS+UyqtssDZEaVHytiNQXFkuQ/U3v0E+2knR\n" +"NPKy+s7ZmSISC0qzDn6C5yeJc17Kc91y5RLoZwIDAQABAoIBAQCRXAu5HPOsZufq\n" +"0K2DYZz9BdqSckR+M8HbVUZZiksDAeIUJwoHyi6qF2eK+B86JiK4Bz+gsBw2ys3t\n" +"vW2bQqM9N/boIl8D2fZfbCgZWkXGtUonC+mgzk+el4Rq/cEMFVqr6/YDwuKNeJpc\n" +"PJc5dcsvpTvlcjgpj9bJAvJEz2SYiIUpvtG4WNMGGapVZZPDvWn4/isY+75T5oDf\n" +"1X5jG0lN9uoUjcuGuThN7gxjwlRkcvEOPHjXc6rxfrWIDdiz/91V46PwpqVDpRrg\n" +"ig6U7+ckS0Oy2v32x0DaDhwAfDJ2RNc9az6Z+11lmY3LPkjG/p8Klcmgvt4/lwkD\n" +"OYRC5QGRAoGBAPFdud6nmVt9h1DL0o4R6snm6P3K81Ds765VWVmpzJkK3+bwe4PQ\n" +"GQQ0I0zN4hXkDMwHETS+EVWllqkK/d4dsE3volYtyTti8zthIATlgSEJ81x/ChAQ\n" +"vvXxgx+zPUnb1mUwy+X+6urTHe4bxN2ypg6ROIUmT+Hx1ITG40LRRiPTAoGBAOcT\n" +"WR8DTrj42xbxAUpz9vxJ15ZMwuIpk3ShE6+CWqvaXHF22Ju4WFwRNlW2zVLH6UMt\n" +"nNfOzyDoryoiu0+0mg0wSmgdJbtCSHoI2GeiAnjGn5i8flQlPQ8bdwwmU6g6I/EU\n" +"QRbGK/2XLmlrGN52gVy9UX0NsAA5fEOsAJiFj1CdAoGBAN9i3nbq6O2bNVSa/8mL\n" +"XaD1vGe/oQgh8gaIaYSpuXlfbjCAG+C4BZ81XgJkfj3CbfGbDNqimsqI0fKsAJ/F\n" +"HHpVMgrOn3L+Np2bW5YMj0Fzwy+1SCvsQ8C+gJwjOLMV6syGp/+6udMSB55rRv3k\n" +"rPnIf+YDumUke4tTw9wAcgkPAoGASHMkiji7QfuklbjSsslRMyDj21gN8mMevH6U\n" +"cX7pduBsA5dDqu9NpPAwnQdHsSDE3i868d8BykuqQAfLut3hPylY6vPYlLHfj4Oe\n" +"dj+xjrSX7YeMBE34qvfth32s1R4FjtzO25keyc/Q2XSew4FcZftlxVO5Txi3AXC4\n" +"bxnRKXECgYEAva+og7/rK+ZjboJVNxhFrwHp9bXhz4tzrUaWNvJD2vKJ5ZcThHcX\n" +"zCig8W7eXHLPLDhi9aWZ3kUZ1RLhrFc/6dujtVtU9z2w1tmn1I+4Zi6D6L4DzKdg\n" +"nMRLFoXufs/qoaJTqa8sQvKa+ceJAF04+gGtw617cuaZdZ3SYRLR2dk=\n" +"-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static const +gnutls_datum_t hrnd = {(void*)"\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}; +static const +gnutls_datum_t hsrnd = {(void*)"\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}; + +static void dump(const char *name, const uint8_t *data, unsigned data_size) +{ + unsigned i; + + fprintf(stderr, "%s", name); + for (i=0;i +#endif + +#include +#include +#include +#include + +#include "utils.h" + +static void +try_prio(const char *prio, unsigned group_size, const unsigned int *group_list, + unsigned curve_size, const unsigned int *curve_list) +{ + int ret; + gnutls_priority_t p; + const char *err; + unsigned i; + const unsigned int *list; + + ret = gnutls_priority_init(&p, prio, &err); + if (ret < 0) { + fprintf(stderr, "error: %s: %s\n", gnutls_strerror(ret), + err); + exit(1); + } + + ret = gnutls_priority_group_list(p, &list); + if ((unsigned)ret != group_size) { + fail("%s: group size (%d) doesn't match expected (%d)\n", prio, ret, group_size); + } + + for (i=0;i +#endif + +#include +#include +#include +#include + +#include "utils.h" + +static void +try_prio(const char *prio, unsigned expected_cs, unsigned expected_ciphers, unsigned line) +{ + int ret; + gnutls_priority_t p; + const char *err; + const unsigned int *t; + unsigned i, si, count = 0; + + /* this must be called once in the program + */ + global_init(); + + ret = gnutls_priority_init(&p, prio, &err); + if (ret < 0) { + fprintf(stderr, "error: %s: %s\n", gnutls_strerror(ret), + err); + exit(1); + } + + for (i = 0;; i++) { + ret = gnutls_priority_get_cipher_suite_index(p, i, &si); + if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) + continue; + else if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + else if (ret == 0) { + count++; + /* fprintf(stderr, "%s\n", gnutls_cipher_suite_info(si, NULL, NULL, NULL, NULL, NULL)); */ + } + + } + + ret = gnutls_priority_cipher_list(p, &t); + if ((unsigned) ret != expected_ciphers) { +#if 0 + for (i = 0; i < ret; i++) + fprintf(stderr, "%s\n", + gnutls_cipher_get_name(t[i])); +#endif + fail("%s:%d: expected %d ciphers, found %d\n", prio, line, expected_ciphers, + ret); + exit(1); + } + + gnutls_priority_deinit(p); + + /* fprintf(stderr, "count: %d\n", count); */ + + if (debug) + success("finished: %s\n", prio); + + if (count != expected_cs) { + fail("%s:%d: expected %d ciphersuites, found %d\n", prio, line, expected_cs, + count); + exit(1); + } +} + +static void +try_prio_err(const char *prio, int err) +{ + int ret; + gnutls_priority_t p; + + ret = gnutls_priority_init(&p, prio, NULL); + if (ret < 0 && ret != err) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (ret >= 0) + gnutls_priority_deinit(p); + + if (debug) + success("finished: %s\n", prio); +} + + +void doit(void) +{ + const int null = 3; + int sec128_cs = 29; + int sec256_cs = 12; + int normal_cs = 29; + int pfs_cs = 23; + int null_normal_cs = 28; /* disables TLS1.3 CS */ + int normal_ciphers = 7; + + if (gnutls_fips140_mode_enabled()) { + normal_cs = 25; + normal_ciphers = 6; + pfs_cs = 25; + sec256_cs = 8; + sec128_cs = 25; + } + + try_prio("NORMAL", normal_cs, normal_ciphers, __LINE__); + try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal_cs, normal_ciphers, __LINE__); + + if (!gnutls_fips140_mode_enabled()) { + try_prio("PFS", pfs_cs, normal_ciphers, __LINE__); + try_prio("NORMAL:+CIPHER-ALL", normal_cs, 7, __LINE__); /* all (except null) */ + try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1, __LINE__); /* null */ + try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", null_normal_cs, 8, __LINE__); /* should be null + all */ + try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 4, 1, __LINE__); /* should be null + all */ +#ifdef ENABLE_GOST + try_prio("NONE:+VERS-TLS1.2:+GOST", 1, 1, __LINE__); +#endif + } + + try_prio("PERFORMANCE", normal_cs, normal_ciphers, __LINE__); + try_prio("SECURE256", sec256_cs, 4, __LINE__); + try_prio("SECURE128", sec128_cs, 7, __LINE__); + try_prio("SECURE128:+SECURE256", sec128_cs, 7, __LINE__); /* should be the same as SECURE128 */ + try_prio("SECURE128:+SECURE256:+NORMAL", normal_cs, 7, __LINE__); /* should be the same as NORMAL */ + try_prio("SUITEB192", 1, 1, __LINE__); + try_prio("SUITEB128", 2, 2, __LINE__); + /* check legacy strings */ + try_prio("NORMAL:+RSA-EXPORT:+ARCFOUR-40", normal_cs, normal_ciphers, __LINE__); + + try_prio_err("NORMAL:-VERS-ALL:+VERS-TLS1.2:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256", GNUTLS_E_NO_PRIORITIES_WERE_SET); + try_prio_err("NORMAL:-VERS-ALL:+VERS-TLS1.2:-SIGN-ALL", GNUTLS_E_NO_PRIORITIES_WERE_SET); + try_prio_err("NORMAL:-VERS-ALL:+VERS-DTLS1.2:-SIGN-ALL", GNUTLS_E_NO_PRIORITIES_WERE_SET); +} diff --git a/tests/priority-init2.c b/tests/priority-init2.c new file mode 100644 index 0000000..25919f1 --- /dev/null +++ b/tests/priority-init2.c @@ -0,0 +1,298 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +const char *side; +extern const char *_gnutls_default_priority_string; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +struct test_st { + const char *name; + const char *add_prio; + const char *def_prio; + int exp_err; + int exp_etm; + unsigned err_pos; + unsigned exp_vers; +}; + +static void start(struct test_st *test) +{ + int ret; + /* Server stuff. */ + gnutls_priority_t cache; + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + const char *ep; + int cret = GNUTLS_E_AGAIN; + + if (test == NULL) + success("running gnutls_set_default_priority test\n"); + else + success("running %s\n", test->name); + + if (test && test->def_prio) + _gnutls_default_priority_string = test->def_prio; + else + _gnutls_default_priority_string = "NORMAL"; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + if (test == NULL) { + ret = gnutls_priority_init(&cache, NULL, NULL); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + } else { + ret = gnutls_priority_init2(&cache, test->add_prio, &ep, GNUTLS_PRIORITY_INIT_DEF_APPEND); + if (ret < 0) { + if (test->exp_err == ret) { + if (strchr(_gnutls_default_priority_string, '@') != 0) { + if (ep != test->add_prio) { + fail("error expected error on start of string[%d]: %s\n", + test->err_pos, test->add_prio); + } + } else { + if (ep-test->add_prio != test->err_pos) { + fprintf(stderr, "diff: %d\n", (int)(ep-test->add_prio)); + fail("error expected error on different position[%d]: %s\n", + test->err_pos, test->add_prio); + } + } + goto cleanup; + } + fail("error: %s\n", gnutls_strerror(ret)); + } + } + gnutls_priority_set(server, cache); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_set_default_priority(client); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + /* check gnutls_certificate_get_ours() - client side */ + { + const gnutls_datum_t *mcert; + + mcert = gnutls_certificate_get_ours(client); + if (mcert != NULL) { + fail("gnutls_certificate_get_ours(): failed\n"); + exit(1); + } + } + + if (test && test->exp_vers != 0) { + if (test->exp_vers != gnutls_protocol_get_version(server)) { + fail("expected version %s, got %s\n", + gnutls_protocol_get_name(test->exp_vers), + gnutls_protocol_get_name(gnutls_protocol_get_version(server))); + } + } + + /* check the number of certificates received */ + { + unsigned cert_list_size = 0; + gnutls_typed_vdata_st data[2]; + unsigned status; + + memset(data, 0, sizeof(data)); + + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)"localhost1"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + gnutls_certificate_get_peers(client, &cert_list_size); + if (cert_list_size < 2) { + fprintf(stderr, "received a certificate list of %d!\n", cert_list_size); + exit(1); + } + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fprintf(stderr, "should not have accepted!\n"); + exit(1); + } + + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)"localhost"; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + fprintf(stderr, "could not verify certificate: %.4x\n", status); + exit(1); + } + } + + if (test && test->exp_etm) { + ret = gnutls_session_ext_master_secret_status(client); + if (ret != 1) { + fprintf(stderr, "Extended master secret wasn't negotiated by default (client ret: %d)\n", ret); + exit(1); + } + + ret = gnutls_session_ext_master_secret_status(server); + if (ret != 1) { + fprintf(stderr, "Extended master secret wasn't negotiated by default (server ret: %d)\n", ret); + exit(1); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_certificate_free_credentials(clientx509cred); + cleanup: + gnutls_priority_deinit(cache); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + + gnutls_global_deinit(); + reset_buffers(); +} + +struct test_st tests[] = { + { + .name = "additional flag", + .def_prio = "NORMAL", + .add_prio = "%FORCE_ETM", + .exp_err = 0 + }, + { + .name = "additional flag typo1", + .def_prio = "NORMAL", + .add_prio = ":%FORCE_ETM", + .exp_err = GNUTLS_E_INVALID_REQUEST, + .err_pos = 0 + }, + { + .name = "additional flag typo2", + .def_prio = "NORMAL", + .add_prio = "%FORCE_ETM::%NO_TICKETS", + .exp_err = GNUTLS_E_INVALID_REQUEST, + .err_pos = 11 + }, + { + .name = "additional flag typo3", + .def_prio = "NORMAL", + .add_prio = "%FORCE_ETM:%%NO_TICKETS", + .exp_err = GNUTLS_E_INVALID_REQUEST, + .err_pos = 11 + }, + { + .name = "additional flag typo3 (with resolved def prio)", + .def_prio = "@HELLO", + .add_prio = "%FORCE_ETM:%%NO_TICKETS", + .exp_err = GNUTLS_E_INVALID_REQUEST, + .err_pos = 0 + }, + { + .name = "additional flag for version (functional)", + .def_prio = "NORMAL", + .add_prio = "-VERS-ALL:+VERS-TLS1.1", + .exp_etm = 1, + .exp_err = 0, + .exp_vers = GNUTLS_TLS1_1 + } +}; + + +void doit(void) +{ + start(NULL); + for (unsigned i=0;i +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1461671166; + + if (t) + *t = then; + + return then; +} + +/* Tests whether multiple calls to gnutls_priority_set_direct() would work + * as intended. */ + +void doit(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_global_set_time_function(mytime); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert(gnutls_priority_set_direct(server, + "SECURE256", + NULL) >= 0); + assert(gnutls_priority_set_direct(server, + "NORMAL", + NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + assert(gnutls_priority_set_direct(client, + "PFS:%PROFILE_ULTRA", + NULL) >= 0); + assert(gnutls_priority_set_direct(client, + "NORMAL", + NULL) >= 0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + /* check gnutls_certificate_get_ours() - client side */ + { + const gnutls_datum_t *mcert; + + mcert = gnutls_certificate_get_ours(client); + if (mcert != NULL) { + fail("gnutls_certificate_get_ours(): failed\n"); + exit(1); + } + } + + /* check the number of certificates received and verify */ + { + unsigned status; + + ret = gnutls_certificate_verify_peers3(client, "localhost", &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + fail("could not verify certificate: %.4x\n", status); + exit(1); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} diff --git a/tests/priority-set.c b/tests/priority-set.c new file mode 100644 index 0000000..dcb21d8 --- /dev/null +++ b/tests/priority-set.c @@ -0,0 +1,127 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This tests whether a priority which is used by multiple sessions, + * will be properly deinitialized. + */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1461671166; + + if (t) + *t = then; + + return then; +} + +void doit(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + gnutls_priority_t cache; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_global_set_time_function(mytime); + + assert(gnutls_priority_init(&cache, "NORMAL", NULL) >= 0); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set(server, cache); + gnutls_priority_deinit(cache); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + assert(gnutls_priority_set_direct(client, "NORMAL", NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + gnutls_deinit(server); + gnutls_deinit(client); + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} diff --git a/tests/priority-set2.c b/tests/priority-set2.c new file mode 100644 index 0000000..df99e17 --- /dev/null +++ b/tests/priority-set2.c @@ -0,0 +1,128 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This tests whether a priority which is deinitialized after set + * will continue working in a session. + */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1461671166; + + if (t) + *t = then; + + return then; +} + +void doit(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + gnutls_priority_t cache; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_global_set_time_function(mytime); + + assert(gnutls_priority_init(&cache, "NORMAL", NULL) >= 0); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set(server, cache); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_priority_set(client, cache); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + gnutls_deinit(server); + gnutls_deinit(client); + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + gnutls_priority_deinit(cache); + + gnutls_global_deinit(); +} diff --git a/tests/privkey-keygen.c b/tests/privkey-keygen.c new file mode 100644 index 0000000..2766afe --- /dev/null +++ b/tests/privkey-keygen.c @@ -0,0 +1,256 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: David Marín Carreño + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +#define MAX_TRIES 2 + +/* This tests the key generation, as well as the sign/verification + * functionality of the supported public key algorithms. + */ + +static int sec_param[MAX_TRIES] = +#ifdef ENABLE_FIPS140 + { GNUTLS_SEC_PARAM_MEDIUM, GNUTLS_SEC_PARAM_HIGH }; +#else + { GNUTLS_SEC_PARAM_LOW, GNUTLS_SEC_PARAM_MEDIUM }; +#endif + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", "privkey-keygen", level, str); +} + +const gnutls_datum_t raw_data = { + (void *) "hello there", + 11 +}; + +static void sign_verify_data(gnutls_pk_algorithm_t algorithm, gnutls_x509_privkey_t pkey) +{ + int ret; + gnutls_privkey_t privkey; + gnutls_pubkey_t pubkey; + gnutls_datum_t signature; + gnutls_digest_algorithm_t digest; + unsigned vflags = 0; + + assert(gnutls_privkey_init(&privkey) >= 0); + + ret = gnutls_privkey_import_x509(privkey, pkey, 0); + if (ret < 0) + fail("gnutls_privkey_import_x509\n"); + + assert(gnutls_pubkey_init(&pubkey) >= 0); + + ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0); + if (ret < 0) + fail("gnutls_pubkey_import_privkey\n"); + + ret = gnutls_pubkey_get_preferred_hash_algorithm (pubkey, &digest, NULL); + if (ret < 0) + fail("gnutls_pubkey_get_preferred_hash_algorithm\n"); + + if (digest == GNUTLS_DIG_GOSTR_94) + vflags |= GNUTLS_VERIFY_ALLOW_BROKEN; + + /* sign arbitrary data */ + ret = gnutls_privkey_sign_data(privkey, digest, 0, + &raw_data, &signature); + if (ret < 0) + fail("gnutls_privkey_sign_data\n"); + + /* verify data */ + ret = gnutls_pubkey_verify_data2(pubkey, gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm(pubkey, NULL),digest), + vflags, &raw_data, &signature); + if (ret < 0) + fail("gnutls_pubkey_verify_data2\n"); + + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(privkey); + gnutls_free(signature.data); +} + +static unsigned int +is_approved_pk_algo(gnutls_pk_algorithm_t algo) { + switch (algo) { + case GNUTLS_PK_RSA: + case GNUTLS_PK_RSA_PSS: + case GNUTLS_PK_EC: + return 1; + default: + return 0; + } +} + +void doit(void) +{ + gnutls_x509_privkey_t pkey, dst; + int ret, algorithm, i; + gnutls_fips140_context_t fips_context; + gnutls_fips140_operation_state_t fips_state; + +#define FIPS_PUSH_CONTEXT() do { \ + if (gnutls_fips140_mode_enabled()) { \ + ret = gnutls_fips140_push_context(fips_context); \ + if (ret < 0) { \ + fail("gnutls_fips140_push_context failed\n"); \ + } \ + } \ +} while (0) + +#define FIPS_POP_CONTEXT(state) do { \ + if (gnutls_fips140_mode_enabled()) { \ + ret = gnutls_fips140_pop_context(); \ + if (ret < 0) { \ + fail("gnutls_fips140_context_pop failed\n"); \ + } \ + fips_state = gnutls_fips140_get_operation_state(fips_context); \ + if (fips_state != GNUTLS_FIPS140_OP_ ## state) { \ + fail("operation state is not " # state " (%d)\n", \ + fips_state); \ + } \ + } \ +} while (0) + + ret = global_init(); + if (ret < 0) + fail("global_init: %d\n", ret); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = gnutls_fips140_context_init(&fips_context); + if (ret < 0) { + fail("Cannot initialize FIPS context\n"); + } + + for (i = 0; i < MAX_TRIES; i++) { + for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_MAX; + algorithm++) { + if (algorithm == GNUTLS_PK_DH || + algorithm == GNUTLS_PK_ECDH_X25519 || + algorithm == GNUTLS_PK_ECDH_X448) + continue; + + if (algorithm == GNUTLS_PK_GOST_01 || + algorithm == GNUTLS_PK_GOST_12_256 || + algorithm == GNUTLS_PK_GOST_12_512) { + /* Skip GOST algorithms: + * - If they are disabled by ./configure option + * - Or in FIPS140 mode + */ +#ifdef ENABLE_GOST + if (gnutls_fips140_mode_enabled()) + continue; +#else + continue; +#endif + } + + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) { + fail("gnutls_x509_privkey_init: %d\n", + ret); + } + + ret = gnutls_x509_privkey_init(&dst); + if (ret < 0) { + fail("gnutls_x509_privkey_init: %d\n", + ret); + } + + FIPS_PUSH_CONTEXT(); + ret = + gnutls_x509_privkey_generate(pkey, algorithm, + gnutls_sec_param_to_pk_bits + (algorithm, + sec_param[i]), + 0); + if (ret < 0) { + fail("gnutls_x509_privkey_generate (%s-%d): %s (%d)\n", gnutls_pk_algorithm_get_name(algorithm), + gnutls_sec_param_to_pk_bits(algorithm,sec_param[i]), gnutls_strerror(ret), ret); + } else if (debug) { + success("Key[%s] generation ok: %d\n", + gnutls_pk_algorithm_get_name + (algorithm), ret); + } + if (is_approved_pk_algo(algorithm)) { + FIPS_POP_CONTEXT(APPROVED); + } else { + FIPS_POP_CONTEXT(NOT_APPROVED); + } + + ret = gnutls_x509_privkey_verify_params(pkey); + if (ret < 0) { + fail("gnutls_x509_privkey_generate (%s): %s (%d)\n", gnutls_pk_algorithm_get_name(algorithm), gnutls_strerror(ret), ret); + } + + /* include test of cpy */ + ret = gnutls_x509_privkey_cpy(dst, pkey); + if (ret < 0) { + fail("gnutls_x509_privkey_cpy (%s): %s (%d)\n", gnutls_pk_algorithm_get_name(algorithm), gnutls_strerror(ret), ret); + } + + ret = gnutls_x509_privkey_verify_params(pkey); + if (ret < 0) { + fail("gnutls_x509_privkey_generate after cpy (%s): %s (%d)\n", gnutls_pk_algorithm_get_name(algorithm), gnutls_strerror(ret), ret); + } + + FIPS_PUSH_CONTEXT(); + sign_verify_data(algorithm, pkey); + if (is_approved_pk_algo(algorithm)) { + FIPS_POP_CONTEXT(APPROVED); + } else { + FIPS_POP_CONTEXT(NOT_APPROVED); + } + + FIPS_PUSH_CONTEXT(); + sign_verify_data(algorithm, dst); + if (is_approved_pk_algo(algorithm)) { + FIPS_POP_CONTEXT(APPROVED); + } else { + FIPS_POP_CONTEXT(NOT_APPROVED); + } + + gnutls_x509_privkey_deinit(pkey); + gnutls_x509_privkey_deinit(dst); + success("Generated key with %s-%d\n", gnutls_pk_algorithm_get_name(algorithm), gnutls_sec_param_to_pk_bits(algorithm,sec_param[i])); + } + } + + gnutls_fips140_context_deinit(fips_context); + gnutls_global_deinit(); +} diff --git a/tests/privkey-verify-broken.c b/tests/privkey-verify-broken.c new file mode 100644 index 0000000..276fcda --- /dev/null +++ b/tests/privkey-verify-broken.c @@ -0,0 +1,154 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +const gnutls_datum_t raw_data = { + (void *) "hello there", + 11 +}; + +static int sign_verify_data(gnutls_x509_privkey_t pkey, gnutls_sign_algorithm_t algo, unsigned vflags) +{ + int ret; + gnutls_privkey_t privkey; + gnutls_pubkey_t pubkey = NULL; + gnutls_datum_t signature; + gnutls_pk_algorithm_t pk; + gnutls_digest_algorithm_t dig; + unsigned sflags = 0; + + /* sign arbitrary data */ + assert(gnutls_privkey_init(&privkey) >= 0); + + pk = gnutls_sign_get_pk_algorithm(algo); + dig = gnutls_sign_get_hash_algorithm(algo); + + if (pk == GNUTLS_PK_RSA_PSS) + sflags |= GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS; + + ret = gnutls_privkey_import_x509(privkey, pkey, 0); + if (ret < 0) + fail("gnutls_pubkey_import_x509\n"); + + ret = gnutls_privkey_sign_data(privkey, dig, sflags, + &raw_data, &signature); + if (ret < 0) { + ret = -1; + goto cleanup; + } + + /* verify data */ + assert(gnutls_pubkey_init(&pubkey) >= 0); + + ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0); + if (ret < 0) + fail("gnutls_pubkey_import_privkey\n"); + + ret = gnutls_pubkey_verify_data2(pubkey, algo, + vflags, &raw_data, &signature); + if (ret < 0) { + ret = -1; + goto cleanup; + } + + ret = 0; + cleanup: + if (pubkey) + gnutls_pubkey_deinit(pubkey); + gnutls_privkey_deinit(privkey); + gnutls_free(signature.data); + + return ret; +} + +void doit(void) +{ + gnutls_x509_privkey_t pkey; + int ret; + + ret = global_init(); + if (ret < 0) + fail("global_init: %d\n", ret); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) { + fail("gnutls_x509_privkey_init: %d\n", ret); + } + + ret = gnutls_x509_privkey_import(pkey, &key_dat, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_privkey_generate: %s\n", gnutls_strerror(ret)); + } + + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA1, 0) < 0) + fail("failed verification with SHA1!\n"); + + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_MD5, 0) >= 0) + fail("succeeded verification with MD5!\n"); + + if (!gnutls_fips140_mode_enabled()) { + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_MD5, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5) < 0) + fail("failed verification with MD5 and override flags!\n"); + + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_MD5, GNUTLS_VERIFY_ALLOW_BROKEN) < 0) + fail("failed verification with MD5 and override flags2!\n"); + } + + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA256, 0) < 0) + fail("failed verification with SHA256!\n"); + + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA512, 0) < 0) + fail("failed verification with SHA512!\n"); + + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_SHA3_256, 0) < 0) + fail("failed verification with SHA3-256!\n"); + + if (sign_verify_data(pkey, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, 0) < 0) + fail("failed verification with SHA256 with PSS!\n"); + + gnutls_x509_privkey_deinit(pkey); + + gnutls_global_deinit(); +} diff --git a/tests/profile-tests.sh b/tests/profile-tests.sh new file mode 100755 index 0000000..42ac25c --- /dev/null +++ b/tests/profile-tests.sh @@ -0,0 +1,243 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see +# + +# This program tests whether the profile keywords work as expected + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +TMPFILE=config.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +CAFILE="./profile-ca.$$.tmp" +CERT="./profile-cert.$$.tmp" + + +echo "Testing with a 256 bit ECDSA key" + +cat >${CAFILE} <<_EOF_ +-----BEGIN CERTIFICATE----- +MIIBZjCCAQugAwIBAgIUT/9x+s6cBhBHWoZH5fBi9c0aBPswCgYIKoZIzj0EAwIw +DzENMAsGA1UEAxMEQ0EtMDAgFw0xOTA1MjAxMzAxNTdaGA85OTk5MTIzMTIzNTk1 +OVowDzENMAsGA1UEAxMEQ0EtMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABI7d +qggkXNbYfXi5rMqdvvX26GJ02A63B5sueaS0w1LITLeMb0mhx4trpXMkJ3lr05lY +JCfr6sUTAlYLMBLZJ+ajQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUD +AwcGADAdBgNVHQ4EFgQUUkk7xPS5Uf53q8YLEhz5KGqeZH0wCgYIKoZIzj0EAwID +SQAwRgIhAKL/lPu6hOTwA/FfB+dMkkVeeZA+6CeXgbnxeA6HXy3bAiEAvO3+1VhR +RIHc3JBuIsLlrwaovXAZHgXNGV2WalixDHI= +-----END CERTIFICATE----- +_EOF_ +cat >${CERT} <<_EOF_ +-----BEGIN CERTIFICATE----- +MIIBnTCCAUOgAwIBAgIUUoqE4mD73XmLCryaMad6AXl6TjAwCgYIKoZIzj0EAwIw +DzENMAsGA1UEAxMEQ0EtMDAgFw0xOTA1MjAxMzAxNTdaGA85OTk5MTIzMTIzNTk1 +OVowEzERMA8GA1UEAxMIc2VydmVyLTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC +AAScHgQMZCm5GLjGs64tN8hmK+KmDOTBU0fyqc9Tle6WjgFFBzPeHv8vLcrp5HTI +mNtKFNCaLN73r9h8xk3qG2pno3cwdTAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuC +CWxvY2FsaG9zdDAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBRpzYoZdeLYgscj +yokMBbda3FnghzAfBgNVHSMEGDAWgBRSSTvE9LlR/nerxgsSHPkoap5kfTAKBggq +hkjOPQQDAgNIADBFAiATJTdJ176UocB1BGDTTwJAuNKurPFZzlEaeYHS3tetXAIh +AP/RStdc8DV/AtHZOF1/FF3fB/tS3d+vb2f0QsTbcl5f +-----END CERTIFICATE----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIG5Gt+KTDxw5cevzwL0Sfo2AJZNeVtu3GHSnpICvsSiBoAoGCCqGSM49 +AwEHoUQDQgAEnB4EDGQpuRi4xrOuLTfIZivipgzkwVNH8qnPU5Xulo4BRQcz3h7/ +Ly3K6eR0yJjbShTQmize96/YfMZN6htqZw== +-----END EC PRIVATE KEY----- +_EOF_ +KEY="${CERT}" + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} +PID=$! +wait_server ${PID} + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_VERY_WEAK --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (1)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (2)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LEGACY --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (3)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_HIGH --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (4)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_ULTRA --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null && + fail ${PID} "expected connection to fail (1)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_FUTURE --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null && + fail ${PID} "expected connection to fail (2)" + +kill ${PID} +wait + + +echo "Testing with a 384 bit ECDSA key" + +cat >${CAFILE} <<_EOF_ +-----BEGIN CERTIFICATE----- +MIIBojCCASigAwIBAgIUFMelLI8WwXyoyKjZGXXXcLb4N1EwCgYIKoZIzj0EAwMw +DzENMAsGA1UEAxMEQ0EtMDAgFw0xOTA1MjAxMzA2MDNaGA85OTk5MTIzMTIzNTk1 +OVowDzENMAsGA1UEAxMEQ0EtMDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNxXKt1I +dpBTxQ5oefACUoUgdEwLNkbrjMeEYbB1Wz9d5Uk9nJPjQOGx85ct3FysauMxzBGy +BKnBEYViamZiffXu3zzNlIZY+tCbc3MUqs6q60CuNIw4UjakKhgD6II2MKNDMEEw +DwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBQJ9QXM +rPF8/z2VviCfhSp2ezf1AjAKBggqhkjOPQQDAwNoADBlAjEA5nmuJqRQFLgHYnN5 +MRmMfT+TvkLL+MPBo9lK8cbFzweV/PdySLRKNylOH4y70UyzAjBk3kFH7KC1AGMz ++A87+Rx+7BHOIdKIp91wx8LhMIdbeX9yi3w6YRsjHoLxKtJ8FYE= +-----END CERTIFICATE----- +_EOF_ +cat >${CERT} <<_EOF_ +-----BEGIN CERTIFICATE----- +MIIB2DCCAWCgAwIBAgIUJiHZy9J/MQzCJPjaP3Zy+JTXHgowCgYIKoZIzj0EAwMw +DzENMAsGA1UEAxMEQ0EtMDAgFw0xOTA1MjAxMzA2MDNaGA85OTk5MTIzMTIzNTk1 +OVowEzERMA8GA1UEAxMIc2VydmVyLTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATP +agsLKT6MLGFsxWyBjDmyrfcAreBZtGDe9tS8jYItbM8y/ulvjCnwW/dwmVBe6UKX +n7WIJ7nxvp/j0k59TwpMxfpSn51NhiaViMQ4ZxA34qm+H3gUl8r1GC9I/EPTYe2j +dzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB +/wQFAwMHgAAwHQYDVR0OBBYEFO2V2sn+n3Kj0sA2leiLp/RQDmt/MB8GA1UdIwQY +MBaAFAn1Bcys8Xz/PZW+IJ+FKnZ7N/UCMAoGCCqGSM49BAMDA2YAMGMCL37ZZOM0 +fKI8jzlZRF64IOB/hVbvMD5WOMqFN/M8BjbPSywuRy9/JIq0KiFw3IKUAjAJZSsJ +fd8/9po81LJwyfUF/fTwPa7CNExb4BoDRtDDc7s/ciXI/13rxwkJnlAytwI= +-----END CERTIFICATE----- +-----BEGIN EC PRIVATE KEY----- +MIGlAgEBBDEAtrbWqGFyxd+qLlU0VHGvS5CpuAg0fPvODXzu8qHGREvxMYJL5d0I +YfU7emquAuq/oAcGBSuBBAAioWQDYgAEz2oLCyk+jCxhbMVsgYw5sq33AK3gWbRg +3vbUvI2CLWzPMv7pb4wp8Fv3cJlQXulCl5+1iCe58b6f49JOfU8KTMX6Up+dTYYm +lYjEOGcQN+Kpvh94FJfK9RgvSPxD02Ht +-----END EC PRIVATE KEY----- +_EOF_ +KEY="${CERT}" + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} +PID=$! +wait_server ${PID} + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_VERY_WEAK --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (1)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (2)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LEGACY --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (3)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_HIGH --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (4)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_ULTRA --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (5)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_FUTURE --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null && + fail ${PID} "expected connection to fail (1)" + +kill ${PID} +wait + +echo "Testing with a 521 bit ECDSA key" + +cat >${CAFILE} <<_EOF_ +-----BEGIN CERTIFICATE----- +MIIB7TCCAU6gAwIBAgIUW9MXlkeIARoHEeP+DmgMfSOh9xkwCgYIKoZIzj0EAwQw +DzENMAsGA1UEAxMEQ0EtMDAgFw0xOTA1MjAxMzE4MDVaGA85OTk5MTIzMTIzNTk1 +OVowDzENMAsGA1UEAxMEQ0EtMDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEASRD +p6ArQF3bkC7rMzUo6RGle3LCDVkrVrcS0vMRKz6D436g/yO0+om5Xbny/z3Weo4x +E8dat+dQp2sHurso6ByhAbm08MqxKUqaU4G69xvTYTOSMljDtx/3upsF955J5/CT +/F8czPBR9jebQZOCXWI0clpFSTGTYFnqHVlyTTwCgd87o0MwQTAPBgNVHRMBAf8E +BTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFI2SeRAmyVkAAEabKWfy +SREfJqJfMAoGCCqGSM49BAMEA4GMADCBiAJCAc8sUwRR5Q5u52YSdaEiHgnWlNTJ +nP7ckTAiSCEmhp2L8wdvG2274oTjvw3gbUHLc310AAoIvUcZfaXB6zooIpl9AkIB +NK1JHzm60+USUDxJoQngtl8KdM9jR9UmjZ5hVhd/k5FeNYbb6Z+kuIasE4SlnJnd +VIEgdnjXtlI3n052VLjDKg4= +-----END CERTIFICATE----- +_EOF_ +cat >${CERT} <<_EOF_ +-----BEGIN CERTIFICATE----- +MIICJDCCAYagAwIBAgIUTNrzhsX4+TV92p8tYrrUclDsYsUwCgYIKoZIzj0EAwQw +DzENMAsGA1UEAxMEQ0EtMDAgFw0xOTA1MjAxMzE4MDVaGA85OTk5MTIzMTIzNTk1 +OVowEzERMA8GA1UEAxMIc2VydmVyLTEwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA +BAGAb9ToCqbQ8wImyiIN3Zf3T8WrwB/R28f0w8wq0W5a71FGayY0VU5exSBV7nnj +X8xFwUb+BpIVRQ4ZsryQCDDANACxXE3hwae59mqO9JhrTUQL7KyDaZ8W6KbACn8h +fYsOay/3ub0wdNdG8aJIcZzmrX1DNM0Jt/rW1d2nzuv6lZqCfqN3MHUwDAYDVR0T +AQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwDwYDVR0PAQH/BAUDAweAADAd +BgNVHQ4EFgQUv46ZnyF9oFn6yVCPl8WJ2InprhowHwYDVR0jBBgwFoAUjZJ5ECbJ +WQAARpspZ/JJER8mol8wCgYIKoZIzj0EAwQDgYsAMIGHAkIAh0/UdYPTSWmtTRNZ +d1VGCBW+Pw9aMkSTd8byWgle8+z1aQdZYQF46MHDuRC3zkooAYXPjbYCbLba5W/x +K1MVvfoCQThH3TCLj/Qci1788SNJ2bvN4bGe9m71cRhJWOXx5GRUHjvRJ5dttllq +dPzh992Fym1fGoyKne2xm172IG2LvTI0 +-----END CERTIFICATE----- +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIBZEu+h1ouDy17i0vGtm39PIrwWCGmjiQkCp1HnPSGod6SM2O3j4Mf +PH5pp8dPYx0LmHXTe+/P/oiIf128sSlsIGCgBwYFK4EEACOhgYkDgYYABAGAb9To +CqbQ8wImyiIN3Zf3T8WrwB/R28f0w8wq0W5a71FGayY0VU5exSBV7nnjX8xFwUb+ +BpIVRQ4ZsryQCDDANACxXE3hwae59mqO9JhrTUQL7KyDaZ8W6KbACn8hfYsOay/3 +ub0wdNdG8aJIcZzmrX1DNM0Jt/rW1d2nzuv6lZqCfg== +-----END EC PRIVATE KEY----- +_EOF_ +KEY="${CERT}" + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} +PID=$! +wait_server ${PID} + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_VERY_WEAK --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (1)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (2)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LEGACY --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (3)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_HIGH --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (4)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_ULTRA --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (5)" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_FUTURE --verify-hostname localhost --x509cafile "${CAFILE}" /dev/null || + fail ${PID} "expected connection to succeed (6)" + +kill ${PID} +wait + +rm -f ${TMPFILE} ${CAFILE} ${CERT} + +exit 0 diff --git a/tests/protocol-set-allowlist.c b/tests/protocol-set-allowlist.c new file mode 100644 index 0000000..744d70b --- /dev/null +++ b/tests/protocol-set-allowlist.c @@ -0,0 +1,255 @@ +/* + * Copyright (C) 2021 Red Hat, Inc. + * + * Author: Alexander Sosedkin + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "utils.h" + +/* + * This is not a test by itself. + * This is a helper for the real test in protocol-set-allowlist.sh. + * It executes sequences of commands like: + * > protocol_set_disabled TLS1.2 + * > protocol_set_enabled TLS1.1 + * > connect + * > protocol_set_enabled TLS1.2 + * > protocol_set_disabled TLS1.1 + * > connect -> connection established + * where `connect` connects to $TEST_SERVER_PORT using $TEST_SERVER_CA, + * and gnutls_protocol_set_enabled simply call the underlying API. + * leaving the outer test to check return code and output: + * protocol_set_disabled TLS1.2 -> OK + * protocol_set_enabled TLS1.1 -> OK + * connect -> connection established: (TLS1.1)-(RSA)-(AES-128-CBC)-(SHA1) + * protocol_set_enabled TLS1.2 -> INVALID_REQUEST + * protocol_set_disabled TLS1.1 -> INVALID_REQUEST + * connect -> connection established: (TLS1.1)-(RSA)-(AES-128-CBC)-(SHA1) + */ + +#define _assert(cond, format, ...) if (!(cond)) \ + _fail("Assertion `" #cond "` failed: " format "\n", ##__VA_ARGS__) +#define _check(cond) if (!(cond)) _fail("Assertion `" #cond "` failed.") + +unsigned parse_port(const char* port_str); +gnutls_protocol_t parse_protocol(const char* name); +void test_echo_server(gnutls_session_t session); +void cmd_connect(const char* ca_file, unsigned port); +void cmd_protocol_set_disabled(const char* name); +void cmd_protocol_set_enabled(const char* name); +void cmd_reinit(void); +const char* unprefix(const char* s, const char* prefix); + + +unsigned parse_port(const char* port_str) +{ + unsigned port; + errno = 0; + port = strtoul(port_str, NULL, 10); + _assert(!errno, "Could not parse port value '%s'\n", port_str); + _assert(0 < port && port < (1UL << 16), "Invalid port %u\n", port); + return port; +} + + +gnutls_protocol_t parse_protocol(const char* name) +{ + gnutls_protocol_t p; + p = gnutls_protocol_get_id(name); + _assert(p != GNUTLS_VERSION_UNKNOWN, "Unknown protocol `%s`", name); + return p; +} + + +void test_echo_server(gnutls_session_t session) +{ + const char buf_out[] = "1234567\n"; + char buf_in[sizeof(buf_out) - 1]; + unsigned rd = 0, wr = 0; + unsigned LEN = sizeof(buf_out) - 1; + int r; + + do { + r = gnutls_record_send(session, buf_out + wr, LEN - wr); + if (r == GNUTLS_E_AGAIN || r == GNUTLS_E_INTERRUPTED) + continue; + _assert(r > 0, "error in send: %s\n", gnutls_strerror(r)); + wr += r; + } while(r > 0 && wr < LEN); + _assert(wr == LEN, "error sending all data (%u/%u)\n", wr, LEN); + + do { + r = gnutls_record_recv(session, buf_in + rd, LEN - rd); + if (r == GNUTLS_E_AGAIN || r == GNUTLS_E_INTERRUPTED) + continue; + _assert(r > 0, "error in recv: %s\n", gnutls_strerror(r)); + rd += r; + } while(r > 0 && rd < LEN); + _assert(rd == LEN, "error receiving all data (%u/%u)\n", rd, LEN); + _assert(!gnutls_record_check_pending(session), "data left unreceived"); + + _assert(!memcmp(buf_in, buf_out, LEN), "send/recv data mismatch\n"); +} + +void cmd_connect(const char* ca_file, unsigned port) +{ + char* desc; + int sock, r; + gnutls_session_t session; + gnutls_certificate_credentials_t cred; + int sock_flags = 1; + + _check(gnutls_init(&session, GNUTLS_CLIENT) >= 0); + r = gnutls_set_default_priority(session); + if (r < 0) { + printf("connect -> bad priority: %s\n", gnutls_strerror(r)); + gnutls_deinit(session); + return; + } + + _check(gnutls_server_name_set(session, GNUTLS_NAME_DNS, + "example.com", strlen("example.com")) >= 0); + gnutls_session_set_verify_cert(session, "example.com", 0); + + _check(gnutls_certificate_allocate_credentials(&cred) >= 0); + _check(gnutls_certificate_set_x509_trust_file(cred, + ca_file, GNUTLS_X509_FMT_PEM) == 1); + _check(gnutls_credentials_set(session, + GNUTLS_CRD_CERTIFICATE, cred) >= 0); + + sock = tcp_connect("127.0.0.1", port); + _assert(sock != -1, "Connection to 127.0.0.1:%u has failed!", port); + _assert(setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, + &sock_flags, sizeof(int)) == 0, "setsockopt failed"); + + gnutls_transport_set_int(session, sock); + gnutls_handshake_set_timeout(session, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + do { + r = gnutls_handshake(session); + } while (r < 0 && !gnutls_error_is_fatal(r)); + + if (r >= 0) { + desc = gnutls_session_get_desc(session); + _check(desc); + printf("connect -> connection established: %s\n", desc); + gnutls_free(desc); + } else { + printf("connect -> handshake failed: %s\n", gnutls_strerror(r)); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + shutdown(sock, SHUT_RDWR); + close(sock); + gnutls_certificate_free_credentials(cred); + gnutls_deinit(session); +} + + +void cmd_protocol_set_disabled(const char* name) +{ + int ret; + ret = gnutls_protocol_set_enabled(parse_protocol(name), 0); + printf("protocol_set_disabled %s -> %s\n", name, + ret == 0 ? "OK" : + ret == GNUTLS_E_INVALID_REQUEST ? "INVALID_REQUEST" : + gnutls_strerror(ret)); +} + + +void cmd_protocol_set_enabled(const char* name) +{ + int ret; + ret = gnutls_protocol_set_enabled(parse_protocol(name), 1); + printf("protocol_set_enabled %s -> %s\n", name, + ret == 0 ? "OK" : + ret == GNUTLS_E_INVALID_REQUEST ? "INVALID_REQUEST" : + gnutls_strerror(ret)); +} + + +void cmd_reinit(void) +{ + int ret; + gnutls_global_deinit(); + ret = gnutls_global_init(); + printf("reinit -> %s\n", ret == 0 ? "OK" : gnutls_strerror(ret)); +} + + +// Returns 0 if `s` doesn't start with `prefix`, pointer past prefix otherwise. +const char* unprefix(const char* s, const char* prefix) +{ + while (*s && *prefix && *s == *prefix) + s++, prefix++; + return *prefix ? NULL : s; +} + + +#define MAX_CMD_LEN 127 +void doit(void) +{ + unsigned port; + const char* port_str; + const char* ca_file; + const char* p; + char cmd_buf[MAX_CMD_LEN + 1]; + char* e; + + ca_file = getenv("TEST_SERVER_CA"); + _assert(ca_file, "TEST_SERVER_CA is not set"); + port_str = getenv("TEST_SERVER_PORT"); + _assert(port_str, "TEST_SERVER_PORT is not set"); + port = parse_port(port_str); + + while (!feof(stdin)) { + memset(cmd_buf, '\0', MAX_CMD_LEN + 1); + fgets(cmd_buf, MAX_CMD_LEN, stdin); + e = strchr(cmd_buf, '\n'); + if (e) + *e = '\0'; + if (!*cmd_buf) + continue; + else if (!strcmp(cmd_buf, "> connect")) + cmd_connect(ca_file, port); + else if ((p = unprefix(cmd_buf, "> protocol_set_disabled "))) + cmd_protocol_set_disabled(p); + else if ((p = unprefix(cmd_buf, "> protocol_set_enabled "))) + cmd_protocol_set_enabled(p); + else if (!strcmp(cmd_buf, "> reinit")) + cmd_reinit(); + else if ((p = unprefix(cmd_buf, "> "))) + _fail("Unknown command `%s`\n", p); + else + _fail("Invalid line `%s`, does not start with `> `\n", + cmd_buf); + } + + exit(0); +} diff --git a/tests/protocol-set-allowlist.sh b/tests/protocol-set-allowlist.sh new file mode 100755 index 0000000..ee2fe64 --- /dev/null +++ b/tests/protocol-set-allowlist.sh @@ -0,0 +1,435 @@ +#!/bin/sh + +# Copyright (C) 2021 Red Hat, Inc. +# +# Author: Alexander Sosedkin +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# The test verifies that gnutls_protocol_set_enabled behaves sensibly. +# The test requires allowlisting and is to be executed +# from within the shell wrapper protocol-set-allowlist.sh +# The shell part of it feeds commands into a C helper +# and compares its output to the reference output. +# Commands are derived from the reference output. + +: ${srcdir=.} +: ${builddir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${GREP=grep} +: ${DIFF=diff} +: ${SED=sed} +: ${CAT=cat} +. "${srcdir}/scripts/common.sh" + +for tool in "${CERTTOOL}" "${SERV}" "${CLI}"; do + if ! test -x "$tool"; then + exit 77 + fi +done + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +TMPFILE_TEMPLATE=template.$$.tmpl.tmp +TMPFILE_CERT=cert.$$.pem.tmp +TMPFILE_KEY=key.$$.pem.tmp +TMPFILE_CONFIG=cfg.$$.tmp +TMPFILE_LIST=lst.$$.tmp +TMPFILE_INPUT_SCRIPT=input.$$.script.tmp +TMPFILE_OBSERVED_LOG=observed.$$.log.tmp +TMPFILE_EXPECTED_LOG=expected.$$.log.tmp + +# Set up cleanup + +SERVER_PID="" +cleanup() { + test -z "${SERVER_PID}" || kill "${SERVER_PID}" + rm -f "${TMPFILE_CERT}" "${TMPFILE_KEY}" + rm -f "${TMPFILE_CONFIG}" "${TMPFILE_LIST}" + rm -f "${TMPFILE_INPUT_SCRIPT}" + rm -f "${TMPFILE_OBSERVED_LOG}" "${TMPFILE_EXPECTED_LOG}" +} +trap cleanup 1 15 2 EXIT + +# Generate server keys + +${CAT} > "$TMPFILE_TEMPLATE" << EOF +organization = test +cn = example.com +ca +tls_www_server +dns_name = example.com +EOF +"${CERTTOOL}" --generate-privkey --key-type=rsa --hash sha256 \ + --outfile "${TMPFILE_KEY}" +"${CERTTOOL}" --generate-self-signed --load-privkey "${TMPFILE_KEY}" \ + --template "${TMPFILE_TEMPLATE}" --outfile "${TMPFILE_CERT}" + +# Set up a configuration file using allowlisting allowing for TLS 1.2 only, +# but also allowing to enable 1.1 and 1.3. + +${CAT} <<_EOF_ > "${TMPFILE_CONFIG}" +# this following is listed to allow +# 1.3's TLS_AES_128_GCM_SHA256, but not allowlist 1.3 itself +# 1.2's TLS_RSA_AES_128_GCM_SHA256 +# 1.1's TLS_RSA_AES_128_CBC_SHA1, but not allowlist 1.1 itself + +[global] +override-mode = allowlist + +[overrides] +secure-hash = SHA256 +tls-enabled-mac = AEAD # for 1.2, 1.3 +tls-enabled-mac = SHA1 # for 1.1 +tls-enabled-group = GROUP-FFDHE3072 +secure-sig = RSA-PSS-RSAE-SHA256 # for 1.3 +secure-sig = RSA-SHA256 # for 1.2, 1.1 +tls-enabled-cipher = AES-128-GCM # for 1.2, 1.3 +tls-enabled-cipher = AES-128-CBC # for 1.1 +tls-enabled-kx = RSA +# enabled-version = TLS1.3 # intentional, to be tested for reenablement +enabled-version = TLS1.2 # to be tested for disabling later +# enabled-version = TLS1.1 # intentional, to be tested for reenablement +_EOF_ +with_config_file() { + GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE_CONFIG}" \ + GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 \ + "$@" # preserve $?, callers rely on it +} + +# Smoke --list, @SYSTEM + +with_config_file "${CLI}" --list -d 4 --priority @SYSTEM > "${TMPFILE_LIST}" 2>&1 +if test $? != 0; then + ${CAT} "${TMPFILE_LIST}" + echo 'fails with just @SYSTEM' + exit 1 +fi +if ! ${GREP} -Fqx 'Protocols: VERS-TLS1.2' "${TMPFILE_LIST}"; then + ${CAT} "${TMPFILE_LIST}" + echo 'unexpected protocol list with @SYSTEM, must be just VERS-TLS1.2' + exit 1 +fi + +# Smoke-test that TLS 1.3 is enableable with these algorithms + +with_config_file \ + "${CLI}" --list -d 4 --priority @SYSTEM:+VERS-TLS1.3 > "${TMPFILE_LIST}" 2>&1 +if test $? != 0; then + ${CAT} "${TMPFILE_LIST}" + echo 'listing algorithms fails with @SYSTEM:+VERS-TLS1.3' + exit 1 +fi +if ! ${GREP} -Fqx 'Protocols: VERS-TLS1.2, VERS-TLS1.3' "${TMPFILE_LIST}"; then + ${CAT} "${TMPFILE_LIST}" + echo 'could not enable TLS 1.3 with a @SYSTEM:+VERS-TLS1.3' + exit 1 +fi + +# Smoke-test that TLS 1.1 is enableable with these algorithms + +with_config_file \ + "${CLI}" --list -d 4 --priority @SYSTEM:+VERS-TLS1.1 > "${TMPFILE_LIST}" 2>&1 +if test $? != 0; then + ${CAT} "${TMPFILE_LIST}" + echo 'listing algorithms fails with @SYSTEM:+VERS-TLS1.1' + exit 1 +fi +if ! ${GREP} -Fqx 'Protocols: VERS-TLS1.2, VERS-TLS1.1' "${TMPFILE_LIST}"; then + ${CAT} "${TMPFILE_LIST}" + echo 'could not enable TLS 1.1 with a @SYSTEM:+VERS-TLS1.1' + exit 1 +fi + +### Harness for the actual tests + +test_with_helper() { + echo '#' + echo "# $1" + echo '#' + ${CAT} > "$TMPFILE_EXPECTED_LOG" + ${SED} 's/\(.*\) -> .*/> \1/' "${TMPFILE_EXPECTED_LOG}" \ + > "${TMPFILE_INPUT_SCRIPT}" + with_config_file env \ + TEST_SERVER_PORT=$PORT \ + TEST_SERVER_CA="$TMPFILE_CERT" \ + GNUTLS_DEBUG_LEVEL=9 \ + "${builddir}/protocol-set-allowlist" \ + < "${TMPFILE_INPUT_SCRIPT}" > "${TMPFILE_OBSERVED_LOG}" + RETCODE=$? + ${DIFF} -u "${TMPFILE_EXPECTED_LOG}" "${TMPFILE_OBSERVED_LOG}" + DIFF_RETCODE=$? + if [ $DIFF_RETCODE != 0 ]; then + echo + echo 'protocol-set-allowlist(.c) output is unexpected' + echo '--- expected ---' + ${CAT} "${TMPFILE_EXPECTED_LOG}" + echo '--- observed ---' + ${CAT} "${TMPFILE_OBSERVED_LOG}" + exit 1 + fi + if [ $RETCODE != 0 ]; then + echo "protocol-set-allowlist(.c) failed with $RETCODE" + exit 1 + fi +} + +### Tests against a TLS 1.2 -only server + +eval "${GETPORT}" +# server is launched without allowlisting config file in effect +launch_server --echo --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" \ + --x509keyfile "${TMPFILE_KEY}" --x509certfile "${TMPFILE_CERT}" +SERVER_PID=$! +wait_server ${SERVER_PID} + +test_with_helper 'connects by default with 1.2' < connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +EOF + +test_with_helper 'connecting prevents new API from working' < connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +protocol_set_disabled TLS1.2 -> INVALID_REQUEST +connect -> connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +EOF + +test_with_helper 'disabling TLS 1.2 leaves us with no versions' < OK +connect -> bad priority: No or insufficient priorities were set. +protocol_set_enabled TLS1.2 -> INVALID_REQUEST +connect -> bad priority: No or insufficient priorities were set. +EOF + +test_with_helper \ + 'disabling is revertible if done before the first gnutls_init' << EOF +protocol_set_disabled TLS1.2 -> OK +protocol_set_enabled TLS1.2 -> OK +connect -> connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +protocol_set_disabled TLS1.2 -> INVALID_REQUEST +protocol_set_enabled TLS1.2 -> INVALID_REQUEST +connect -> connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +EOF + +# Reinit after restricting algorithms has problems with FIPS self-tests +#test_with_helper 'library reinitialization resets changes' < OK +#connect -> bad priority: No or insufficient priorities were set. +#reinit -> OK +#connect -> connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +#EOF + +# Reinit after restricting algorithms has problems with FIPS self-tests +#test_with_helper \ +# 'library reinitialization allows new API again, but resets changes' \ +# < OK +#connect -> bad priority: No or insufficient priorities were set. +#protocol_set_enabled TLS1.2 -> INVALID_REQUEST +#connect -> bad priority: No or insufficient priorities were set. +#reinit -> OK +#connect -> connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +#protocol_set_disabled TLS1.2 -> INVALID_REQUEST +#connect -> connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +#reinit -> OK +#protocol_set_disabled TLS1.2 -> OK +#protocol_set_enabled TLS1.2 -> OK +#connect -> connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +#protocol_set_disabled TLS1.2 -> INVALID_REQUEST +#EOF + +test_with_helper 'Insufficient priority vs handshake failed: 1/2' < OK +connect -> bad priority: No or insufficient priorities were set. +EOF + +test_with_helper 'Insufficient priority vs handshake failed: 2/2' < OK +protocol_set_enabled TLS1.3 -> OK +connect -> handshake failed: A TLS fatal alert has been received. +EOF +# TLS 1.3 does some masquerading as TLS 1.2, I guess, so it's not +# handshake failed: A packet with illegal or unsupported version was received. + +terminate_proc ${SERVER_PID} + +### Tests against a NORMAL server (all three TLS versions enabled) + +eval "${GETPORT}" +# server is launched without allowlisting config file in effect +launch_server --echo --priority NORMAL \ + --x509keyfile "${TMPFILE_KEY}" --x509certfile "${TMPFILE_CERT}" +SERVER_PID=$! +wait_server ${SERVER_PID} + +# sanity-test +test_with_helper 'sanity test against liberal server' < connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +EOF + +test_with_helper 'smoke-test enabling' < OK +connect -> connection established: (TLS1.3)-(DHE-FFDHE3072)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) +EOF + +test_with_helper 'going down to TLS1.1' < OK +protocol_set_disabled TLS1.2 -> OK +connect -> connection established: (TLS1.1)-(RSA)-(AES-128-CBC)-(SHA1) +EOF + +test_with_helper 'going up to TLS 1.3' < OK +connect -> connection established: (TLS1.3)-(DHE-FFDHE3072)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) +EOF + +test_with_helper 'useless toggles' < OK +protocol_set_disabled TLS1.2 -> OK +protocol_set_enabled TLS1.2 -> OK +protocol_set_enabled TLS1.1 -> OK +protocol_set_enabled TLS1.1 -> OK +protocol_set_enabled TLS1.3 -> OK +protocol_set_disabled TLS1.1 -> OK +protocol_set_disabled TLS1.3 -> OK +connect -> connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +EOF + +test_with_helper 'disable does not overdisable: 1/2' < OK +protocol_set_enabled TLS1.2 -> OK +protocol_set_enabled TLS1.1 -> OK +protocol_set_disabled TLS1.3 -> OK +protocol_set_disabled TLS1.1 -> OK +connect -> connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +EOF + +test_with_helper 'disable does not overdisable: 2/2' < OK +protocol_set_enabled TLS1.2 -> OK +protocol_set_enabled TLS1.1 -> OK +protocol_set_disabled TLS1.3 -> OK +protocol_set_disabled TLS1.2 -> OK +connect -> connection established: (TLS1.1)-(RSA)-(AES-128-CBC)-(SHA1) +EOF + +terminate_proc ${SERVER_PID} + +#### Tests against a TLS 1.3 server +# +eval "${GETPORT}" +# server is launched without allowlisting config file in effect +launch_server --echo \ + --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3" \ + --x509keyfile "${TMPFILE_KEY}" --x509certfile "${TMPFILE_CERT}" +SERVER_PID=$! +wait_server ${SERVER_PID} + +test_with_helper 'sanity negative' < handshake failed: A TLS fatal alert has been received. +protocol_set_enabled TLS1.3 -> INVALID_REQUEST +protocol_set_enabled TLS1.1 -> INVALID_REQUEST +protocol_set_disabled TLS1.2 -> INVALID_REQUEST +connect -> handshake failed: A TLS fatal alert has been received. +EOF + +test_with_helper 'enable 1.3' < OK +connect -> connection established: (TLS1.3)-(DHE-FFDHE3072)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) +EOF + +test_with_helper 'enable 1.3 only' < OK +protocol_set_enabled TLS1.3 -> OK +connect -> connection established: (TLS1.3)-(DHE-FFDHE3072)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) +EOF + +test_with_helper 'enable 1.1' < OK +connect -> handshake failed: A TLS fatal alert has been received. +EOF + +# A special case according to a comment in set_ciphersuite_list: +# > we require TLS1.2 to be enabled if TLS1.3 is asked for, and +# > a pre-TLS1.2 protocol is there; that is because servers which +# > do not support TLS1.3 will negotiate TLS1.2 if seen a TLS1.3 handshake +test_with_helper 'enable 1.1 and 1.3 only - does not work as you expect' < OK +protocol_set_disabled TLS1.2 -> OK +protocol_set_enabled TLS1.1 -> OK +connect -> handshake failed: A packet with illegal or unsupported version was received. +EOF + +test_with_helper 'enable 1.1 and 1.3' < OK +protocol_set_enabled TLS1.1 -> OK +connect -> connection established: (TLS1.3)-(DHE-FFDHE3072)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) +EOF + +test_with_helper 'enable 1.1 and 1.3, different order' < OK +protocol_set_enabled TLS1.3 -> OK +connect -> connection established: (TLS1.3)-(DHE-FFDHE3072)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM) +EOF + +terminate_proc ${SERVER_PID} + +#### Tests against a TLS 1.1 + TLS 1.2 server +# +eval "${GETPORT}" +# server is launched without allowlisting config file in effect +launch_server --echo \ + --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2" \ + --x509keyfile "${TMPFILE_KEY}" --x509certfile "${TMPFILE_CERT}" +SERVER_PID=$! +wait_server ${SERVER_PID} + +test_with_helper 'sanity 1.2' < connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +EOF + +test_with_helper 'enable 1.1' < OK +connect -> connection established: (TLS1.2)-(RSA)-(AES-128-GCM) +EOF + +test_with_helper 'enable 1.1 only' < OK +protocol_set_disabled TLS1.2 -> OK +connect -> connection established: (TLS1.1)-(RSA)-(AES-128-CBC)-(SHA1) +EOF + +test_with_helper 'enable 1.1 and 1.3 only' < OK +protocol_set_disabled TLS1.2 -> OK +protocol_set_enabled TLS1.1 -> OK +connect -> connection established: (TLS1.1)-(RSA)-(AES-128-CBC)-(SHA1) +EOF + +test_with_helper 'enable 1.1 and 1.3 only, different order' < OK +protocol_set_disabled TLS1.2 -> OK +protocol_set_enabled TLS1.3 -> OK +connect -> connection established: (TLS1.1)-(RSA)-(AES-128-CBC)-(SHA1) +EOF + +terminate_proc ${SERVER_PID} + +exit 0 diff --git a/tests/psk-file.c b/tests/psk-file.c new file mode 100644 index 0000000..703043e --- /dev/null +++ b/tests/psk-file.c @@ -0,0 +1,554 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include +#include +#include + +#include "utils.h" + +static char hexchar(unsigned int val) +{ + if (val < 10) + return '0' + val; + if (val < 16) + return 'a' + val - 10; + abort(); +} + +static bool hex_encode(const void *buf, size_t bufsize, char *dest, size_t destsize) +{ + size_t used = 0; + + if (destsize < 1) + return false; + + while (used < bufsize) { + unsigned int c = ((const unsigned char *)buf)[used]; + if (destsize < 3) + return false; + *(dest++) = hexchar(c >> 4); + *(dest++) = hexchar(c & 0xF); + used++; + destsize -= 2; + } + *dest = '\0'; + + return used + 1; +} + +/* A very basic TLS client, with PSK authentication. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +static void client(int sd, const char *prio, const gnutls_datum_t *user, const gnutls_datum_t *key, + unsigned expect_hint, int expect_fail, int exp_kx, unsigned binary_user) +{ + int ret, ii, kx; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_psk_client_credentials_t pskcred; + const char *hint; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "client"; + + gnutls_psk_allocate_client_credentials(&pskcred); + + if (binary_user) { + gnutls_psk_set_client_credentials2(pskcred, user, key, GNUTLS_PSK_KEY_HEX); + } else { + gnutls_psk_set_client_credentials(pskcred, (const char *) user->data, key, + GNUTLS_PSK_KEY_HEX); + } + + assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_KEY_SHARE_TOP)>=0); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + if (!expect_fail) + fail("client: Handshake failed\n"); + if (ret != expect_fail) { + fail("expected cli error %d (%s), got %d (%s)\n", expect_fail, gnutls_strerror(expect_fail), + ret, gnutls_strerror(ret)); + } + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + /* check the hint */ + if (expect_hint) { + hint = gnutls_psk_client_get_hint(session); + if (hint == NULL || strcmp(hint, "hint") != 0) { + fail("client: hint is not the expected: %s\n", gnutls_psk_client_get_hint(session)); + goto end; + } + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + kx = gnutls_kx_get(session); + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + if (expect_fail) + fail("client: expected failure but connection succeeded!\n"); + + if (exp_kx && kx != exp_kx) { + fail("client: expected key exchange %s, but got %s\n", + gnutls_kx_get_name(exp_kx), + gnutls_kx_get_name(kx)); + } + + end: + + close(sd); + + gnutls_deinit(session); + + gnutls_psk_free_client_credentials(pskcred); + + gnutls_global_deinit(); +} + +/* This is a sample TLS 1.0 echo server, for PSK authentication. + */ + +#define MAX_BUF 1024 + +static void server(int sd, const char *prio, const gnutls_datum_t *user, bool no_cred, + int expect_fail, int exp_kx, unsigned binary_user) +{ + gnutls_psk_server_credentials_t server_pskcred; + int ret, kx; + gnutls_session_t session; + const char *pskid; + gnutls_datum_t pskid_binary; + char buffer[MAX_BUF + 1]; + char *psk_file = getenv("PSK_FILE"); + char *desc; + + /* this must be called once in the program + */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "server"; + + if (psk_file == NULL) + psk_file = (char*)"psk.passwd"; + + gnutls_psk_allocate_server_credentials(&server_pskcred); + gnutls_psk_set_server_credentials_hint(server_pskcred, "hint"); + ret = gnutls_psk_set_server_credentials_file(server_pskcred, psk_file); + if (ret < 0) { + fail("server: gnutls_psk_set_server_credentials_file failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + + gnutls_init(&session, GNUTLS_SERVER); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + if (!no_cred) + gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + unsigned char seq[8], buf[16]; + gnutls_alert_send_appropriate(session, ret); + + /* We have to make sure that we do not close connection till + * test client reads our fatal alert, otherwise it might exit + * with GNUTLS_E_PUSH_ERROR instead */ + gnutls_session_force_valid(session); + while ((gnutls_record_recv_seq(session, buf, sizeof(buf), seq)) >= 0) + ; + + if (expect_fail) { + if (ret != expect_fail) { + fail("expected error %d (%s), got %d (%s)\n", expect_fail, + gnutls_strerror(expect_fail), + ret, gnutls_strerror(ret)); + } + + if (debug) + success("server: Handshake has failed - expected (%s)\n\n", + gnutls_strerror(ret)); + } else { + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + } + goto end; + } + if (debug) + success("server: Handshake was completed\n"); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + gnutls_record_set_timeout(session, 10000); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + + kx = gnutls_kx_get(session); + + desc = gnutls_session_get_desc(session); + success(" - connected with: %s\n", desc); + gnutls_free(desc); + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + if (expect_fail) + fail("server: expected failure but connection succeeded!\n"); + + if (!no_cred) { + if (binary_user) { + char pskid_bin[1024], userdata_bin[1024]; + + if (gnutls_psk_server_get_username2(session, &pskid_binary)) + fail("server: Could not get binary pskid\n"); + + if (memcmp(pskid_binary.data, user->data, user->size) != 0) { + hex_encode(user->data, user->size, userdata_bin, sizeof(userdata_bin)); + hex_encode(pskid_binary.data, pskid_binary.size, pskid_bin, sizeof(pskid_bin)); + fail("server: binary username (%s) does not match expected (%s)\n", + pskid_bin, userdata_bin); + } + } else { + pskid = gnutls_psk_server_get_username(session); + if (pskid == NULL || strcmp(pskid, (const char *) user->data) != 0) { + fail("server: username (%s), does not match expected (%s)\n", + pskid, (const char *) user->data); + } + } + } + + if (exp_kx && kx != exp_kx) { + fail("server: expected key exchange %s, but got %s\n", + gnutls_kx_get_name(exp_kx), + gnutls_kx_get_name(kx)); + } + + end: + close(sd); + gnutls_deinit(session); + + gnutls_psk_free_server_credentials(server_pskcred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void print_user(const char *caption, const char *prio, const gnutls_datum_t *user, unsigned binary_user) +{ + char hexuser[100]; + + if (binary_user) { + hex_encode(user->data, user->size, hexuser, sizeof(hexuser)); + success("%s %s (user:%s)\n", caption, prio, hexuser); + } else + success("%s %s (user:%s)\n", caption, prio, (const char *) user->data); +} + +static +void run_test3(const char *prio, const char *sprio, const gnutls_datum_t *user, const gnutls_datum_t *key, bool no_cred, + unsigned expect_hint, int exp_kx, int expect_fail_cli, int expect_fail_serv, unsigned binary_user) +{ + pid_t child; + int err; + int sockets[2]; + + signal(SIGPIPE, SIG_IGN); + + if (expect_fail_serv || expect_fail_cli) + print_user("ntest", prio, user, binary_user); + else + print_user("test", prio, user, binary_user); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + close(sockets[1]); + int status; + /* parent */ + server(sockets[0], sprio?sprio:prio, user, no_cred, expect_fail_serv, exp_kx, binary_user); + wait(&status); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1], prio, user, key, expect_hint, expect_fail_cli, exp_kx, binary_user); + exit(0); + } +} + +static +void run_test2(const char *prio, const char *sprio, const gnutls_datum_t *user, const gnutls_datum_t *key, + unsigned expect_hint, int exp_kx, int expect_fail_cli, int expect_fail_serv, unsigned binary_user) +{ + run_test3(prio, sprio, user, key, 0, expect_hint, exp_kx, expect_fail_cli, expect_fail_serv, binary_user); +} + +static +void run_test_ok(const char *prio, const gnutls_datum_t *user, const gnutls_datum_t *key, unsigned expect_hint, int expect_fail, unsigned binary_user) +{ + run_test2(prio, NULL, user, key, expect_hint, GNUTLS_KX_PSK, expect_fail, expect_fail, binary_user); +} + +static +void run_ectest_ok(const char *prio, const gnutls_datum_t *user, const gnutls_datum_t *key, unsigned expect_hint, int expect_fail, unsigned binary_user) +{ + run_test2(prio, NULL, user, key, expect_hint, GNUTLS_KX_ECDHE_PSK, expect_fail, expect_fail, binary_user); +} + +static +void run_dhtest_ok(const char *prio, const gnutls_datum_t *user, const gnutls_datum_t *key, unsigned expect_hint, int expect_fail, unsigned binary_user) +{ + run_test2(prio, NULL, user, key, expect_hint, GNUTLS_KX_DHE_PSK, expect_fail, expect_fail, binary_user); +} + +void doit(void) +{ + char hexuser[] = { 0xde, 0xad, 0xbe, 0xef }, + nulluser1[] = { 0 }, + nulluser2[] = { 0, 0, 0xaa, 0 }; + const gnutls_datum_t user_jas = { (void *) "jas", strlen("jas") }; + const gnutls_datum_t user_unknown = { (void *) "unknown", strlen("unknown") }; + const gnutls_datum_t user_nonhex = { (void *) "non-hex", strlen("non-hex") }; + const gnutls_datum_t user_hex = { (void *) hexuser, sizeof(hexuser) }; + const gnutls_datum_t user_null_1 = { (void *) nulluser1, sizeof(nulluser1) }; + const gnutls_datum_t user_null_2 = { (void *) nulluser2, sizeof(nulluser2) }; + const gnutls_datum_t key = { (void *) "9e32cf7786321a828ef7668f09fb35db", 32 }; + const gnutls_datum_t wrong_key = { (void *) "9e31cf7786321a828ef7668f09fb35db", 32 }; + + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", &user_jas, &key, 1, 0, 0); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", &user_hex, &key, 1, 0, 1); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", &user_null_1, &key, 1, 0, 1); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", &user_null_2, &key, 1, 0, 1); + run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-PSK", &user_jas, &key, 1, 0, 0); + run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-PSK", &user_hex, &key, 1, 0, 1); + run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-PSK", &user_null_1, &key, 1, 0, 1); + run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-PSK", &user_null_2, &key, 1, 0, 1); + run_ectest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-PSK", &user_jas, &key, 1, 0, 0); + run_ectest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-PSK", &user_hex, &key, 1, 0, 1); + run_ectest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-PSK", &user_null_1, &key, 1, 0, 1); + run_ectest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-PSK", &user_null_2, &key, 1, 0, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", NULL, &user_unknown, &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_DECRYPTION_FAILED, 0); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", NULL, &user_jas, &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_DECRYPTION_FAILED, 0); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", NULL, &user_nonhex, &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_KEYFILE_ERROR, 0); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", NULL, &user_hex, &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_DECRYPTION_FAILED, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", NULL, &user_null_1, &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_DECRYPTION_FAILED, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", NULL, &user_null_2, &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_DECRYPTION_FAILED, 1); + + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", &user_jas, &key, 1, 0, 0); + run_test_ok("NORMAL:-KX-ALL:+PSK", &user_jas, &key, 0, 0, 0); + run_test_ok("NORMAL:-KX-ALL:+PSK", &user_hex, &key, 0, 0, 1); + run_test_ok("NORMAL:-KX-ALL:+PSK", &user_null_1, &key, 0, 0, 1); + run_test_ok("NORMAL:-KX-ALL:+PSK", &user_null_2, &key, 0, 0, 1); + run_test2("NORMAL:+PSK", NULL, &user_unknown, &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 0); + run_test2("NORMAL:+PSK", NULL, &user_jas, &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 0); + run_test2("NORMAL:+PSK", NULL, &user_hex, &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1); + run_test2("NORMAL:+PSK", NULL, &user_null_1, &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1); + run_test2("NORMAL:+PSK", NULL, &user_null_2, &wrong_key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1); + run_test2("NORMAL:-KX-ALL:+PSK", NULL, &user_nonhex, &key, 1, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_KEYFILE_ERROR, 0); + + run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-EC-ALL", &user_jas, &key, 0, 0, 0); + run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-EC-ALL", &user_hex, &key, 0, 0, 1); + run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-EC-ALL", &user_null_1, &key, 0, 0, 1); + run_dhtest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-EC-ALL", &user_null_2, &key, 0, 0, 1); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK", &user_jas, &key, 0, 0, 0); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK", &user_hex, &key, 0, 0, 1); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK", &user_null_1, &key, 0, 0, 1); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK", &user_null_2, &key, 0, 0, 1); + + /* test priorities of DHE-PSK and PSK */ + run_ectest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+DHE-PSK:+PSK:-GROUP-DH-ALL", &user_jas, &key, 0, 0, 0); + run_ectest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+DHE-PSK:+PSK:-GROUP-DH-ALL", &user_hex, &key, 0, 0, 1); + run_ectest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+DHE-PSK:+PSK:-GROUP-DH-ALL", &user_null_1, &key, 0, 0, 1); + run_ectest_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+DHE-PSK:+PSK:-GROUP-DH-ALL", &user_null_2, &key, 0, 0, 1); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+PSK:+DHE-PSK:-GROUP-DH-ALL", &user_jas, &key, 0, 0, 0); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+PSK:+DHE-PSK:-GROUP-DH-ALL", &user_hex, &key, 0, 0, 1); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+PSK:+DHE-PSK:-GROUP-DH-ALL", &user_null_1, &key, 0, 0, 1); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+PSK:+DHE-PSK:-GROUP-DH-ALL", &user_null_2, &key, 0, 0, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+DHE-PSK:+PSK:-GROUP-DH-ALL", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+PSK:+DHE-PSK:%SERVER_PRECEDENCE:-GROUP-DH-ALL", + &user_jas, &key, 0, GNUTLS_KX_PSK, 0, 0, 0); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+DHE-PSK:+PSK:-GROUP-DH-ALL", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+PSK:+DHE-PSK:%SERVER_PRECEDENCE:-GROUP-DH-ALL", + &user_hex, &key, 0, GNUTLS_KX_PSK, 0, 0, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+DHE-PSK:+PSK:-GROUP-DH-ALL", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+PSK:+DHE-PSK:%SERVER_PRECEDENCE:-GROUP-DH-ALL", + &user_null_1, &key, 0, GNUTLS_KX_PSK, 0, 0, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+DHE-PSK:+PSK:-GROUP-DH-ALL", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+PSK:+DHE-PSK:%SERVER_PRECEDENCE:-GROUP-DH-ALL", + &user_null_2, &key, 0, GNUTLS_KX_PSK, 0, 0, 1); + /* try with PRF that doesn't match binder (SHA256) */ + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM:+PSK:+DHE-PSK", NULL, &user_jas, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_CIPHER_SUITES, 0); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM:+PSK:+DHE-PSK", NULL, &user_hex, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_CIPHER_SUITES, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM:+PSK:+DHE-PSK", NULL, &user_null_1, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_CIPHER_SUITES, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM:+PSK:+DHE-PSK", NULL, &user_null_2, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_CIPHER_SUITES, 1); + /* try with no groups and PSK */ + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:-GROUP-ALL", &user_jas, &key, 0, 0, 0); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:-GROUP-ALL", &user_hex, &key, 0, 0, 1); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:-GROUP-ALL", &user_null_1, &key, 0, 0, 1); + run_test_ok("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:-GROUP-ALL", &user_null_2, &key, 0, 0, 1); + /* try without any groups but DHE-PSK */ + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:+PSK", &user_jas, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_COMMON_KEY_SHARE, 0); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:+PSK:-GROUP-ALL", &user_jas, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_COMMON_KEY_SHARE, 0); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:+PSK", &user_hex, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_COMMON_KEY_SHARE, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:+PSK:-GROUP-ALL", &user_hex, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_COMMON_KEY_SHARE, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:+PSK", &user_null_1, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_COMMON_KEY_SHARE, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:+PSK:-GROUP-ALL", &user_null_1, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_COMMON_KEY_SHARE, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:+PSK", &user_null_2, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_COMMON_KEY_SHARE, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:+PSK:-GROUP-ALL", &user_null_2, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_NO_COMMON_KEY_SHARE, 1); + + /* if user invalid we continue without PSK */ + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_nonhex, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_KEYFILE_ERROR, 0); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_unknown, &key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 0); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_jas, &wrong_key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 0); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_hex, &wrong_key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_null_1, &wrong_key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_null_2, &wrong_key, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1); + + /* try with HelloRetryRequest and PSK */ + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE4096", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE4096", &user_jas, &key, 0, GNUTLS_KX_DHE_PSK, 0, 0, 0); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE4096", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE4096", &user_hex, &key, 0, GNUTLS_KX_DHE_PSK, 0, 0, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE4096", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE4096", &user_null_1, &key, 0, GNUTLS_KX_DHE_PSK, 0, 0, 1); + run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE4096", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE4096", &user_null_2, &key, 0, GNUTLS_KX_DHE_PSK, 0, 0, 1); + + /* try without server credentials */ + run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_jas, &key, 1, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_INSUFFICIENT_CREDENTIALS, 0); + run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_hex, &key, 1, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1); + run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_null_1, &key, 1, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1); + run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, &user_null_2, &key, 1, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1); +} + +#endif /* _WIN32 */ diff --git a/tests/psk.passwd b/tests/psk.passwd new file mode 100644 index 0000000..db1edbd --- /dev/null +++ b/tests/psk.passwd @@ -0,0 +1,5 @@ +jas:9e32cf7786321a828ef7668f09fb35db +non-hex:9e32cf7786321a828ef7668f09fb35dbxx +#deadbeef:9e32cf7786321a828ef7668f09fb35db +#00:9e32cf7786321a828ef7668f09fb35db +#0000aa00:9e32cf7786321a828ef7668f09fb35db diff --git a/tests/pskself.c b/tests/pskself.c new file mode 100644 index 0000000..f3cc882 --- /dev/null +++ b/tests/pskself.c @@ -0,0 +1,336 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include + +#include "utils.h" + +/* A very basic TLS client, with PSK authentication. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +static void client(int sd, const char *prio, unsigned exp_hint) +{ + int ret, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_psk_client_credentials_t pskcred; + /* Need to enable anonymous KX specifically. */ + const gnutls_datum_t key = { (void *) "DEADBEEF", 8 }; + const char *hint; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "client"; + + gnutls_psk_allocate_client_credentials(&pskcred); + gnutls_psk_set_client_credentials(pskcred, "test", &key, + GNUTLS_PSK_KEY_HEX); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, prio, NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + /* check the hint */ + if (exp_hint) { + hint = gnutls_psk_client_get_hint(session); + if (hint == NULL || strcmp(hint, "hint") != 0) { + fail("client: hint is not the expected: %s\n", gnutls_psk_client_get_hint(session)); + goto end; + } + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + close(sd); + + gnutls_deinit(session); + + gnutls_psk_free_client_credentials(pskcred); + + gnutls_global_deinit(); +} + +/* This is a sample TLS 1.0 echo server, for PSK authentication. + */ + +#define MAX_BUF 1024 + +/* These are global */ + +static int +pskfunc(gnutls_session_t session, const char *username, + gnutls_datum_t * key) +{ + if (debug) + printf("psk: username %s\n", username); + key->data = gnutls_malloc(4); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; +} + +static gnutls_dh_params_t dh_params; + +static int generate_dh_params(void) +{ + const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; + /* Generate Diffie-Hellman parameters - for use with DHE + * kx algorithms. These should be discarded and regenerated + * once a day, once a week or once a month. Depending on the + * security requirements. + */ + gnutls_dh_params_init(&dh_params); + return gnutls_dh_params_import_pkcs3(dh_params, &p3, + GNUTLS_X509_FMT_PEM); +} + + +static void server(int sd, const char *prio) +{ +gnutls_psk_server_credentials_t server_pskcred; +int ret; +gnutls_session_t session; +char buffer[MAX_BUF + 1]; + + /* this must be called once in the program + */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "server"; + + + gnutls_psk_allocate_server_credentials(&server_pskcred); + gnutls_psk_set_server_credentials_hint(server_pskcred, "hint"); + gnutls_psk_set_server_credentials_function(server_pskcred, + pskfunc); + + gnutls_psk_set_server_dh_params(server_pskcred, dh_params); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + gnutls_record_set_timeout(session, 10000); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_psk_free_server_credentials(server_pskcred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void run_test(const char *prio, unsigned exp_hint) +{ + pid_t child; + int err; + int sockets[2]; + + success("trying with %s\n", prio); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + close(sockets[1]); + server(sockets[0], prio); + wait(&status); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1], prio, exp_hint); + exit(0); + } +} + +void doit(void) +{ + generate_dh_params(); + + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", 1); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-PSK", 1); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-PSK", 1); + + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK", 0); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+DHE-PSK", 0); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+ECDHE-PSK", 0); + /* the following should work once we support PSK without DH */ + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+PSK", 0); + + run_test("NORMAL:-KX-ALL:+PSK", 0); + run_test("NORMAL:-KX-ALL:+ECDHE-PSK", 0); + run_test("NORMAL:-KX-ALL:+DHE-PSK", 0); + + gnutls_dh_params_deinit(dh_params); +} + +#endif /* _WIN32 */ diff --git a/tests/pskself2.c b/tests/pskself2.c new file mode 100644 index 0000000..81286a0 --- /dev/null +++ b/tests/pskself2.c @@ -0,0 +1,347 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * Copyright (C) 2019 Free Software Foundation, Inc. + * + * Author: Simon Josefsson, Ander Juaristi + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from pskself.c. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include + +#include "utils.h" +#include "extras/hex.h" + +/* A very basic TLS client, with PSK authentication. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +static void client(int sd, const char *prio, unsigned exp_hint) +{ + int ret, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_psk_client_credentials_t pskcred; + /* Need to enable anonymous KX specifically. */ + const gnutls_datum_t key = { (void *) "DEADBEEF", 8 }; + gnutls_datum_t user; + const char *hint; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "client"; + + user.data = gnutls_malloc(4); + user.data[0] = 0xCA; + user.data[1] = 0xFE; + user.data[2] = 0xCA; + user.data[3] = 0xFE; + user.size = 4; + + gnutls_psk_allocate_client_credentials(&pskcred); + ret = gnutls_psk_set_client_credentials2(pskcred, &user, &key, + GNUTLS_PSK_KEY_HEX); + if (ret < 0) { + fail("client: Could not set PSK\n"); + gnutls_perror(ret); + goto end; + } + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, prio, NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + /* check the hint */ + if (exp_hint) { + hint = gnutls_psk_client_get_hint(session); + if (hint == NULL || strcmp(hint, "hint") != 0) { + fail("client: hint is not the expected: %s\n", gnutls_psk_client_get_hint(session)); + goto end; + } + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + close(sd); + + gnutls_deinit(session); + + gnutls_free(user.data); + gnutls_psk_free_client_credentials(pskcred); + + gnutls_global_deinit(); +} + +/* This is a sample TLS 1.0 echo server, for PSK authentication. + */ + +#define MAX_BUF 1024 + +/* These are global */ + +static int +pskfunc(gnutls_session_t session, const gnutls_datum_t *username, + gnutls_datum_t * key) +{ + if (debug) + printf("psk: Got username with length %d\n", username->size); + + key->data = gnutls_malloc(4); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + + return 0; +} + + +static void server(int sd, const char *prio) +{ + gnutls_psk_server_credentials_t server_pskcred; + int ret; + gnutls_session_t session; + gnutls_datum_t psk_username; + char buffer[MAX_BUF + 1], expected_psk_username[] = { 0xDE, 0xAD, 0xBE, 0xEF }; + + /* this must be called once in the program + */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "server"; + + + gnutls_psk_allocate_server_credentials(&server_pskcred); + gnutls_psk_set_server_credentials_hint(server_pskcred, "hint"); + gnutls_psk_set_server_credentials_function2(server_pskcred, pskfunc); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + + if (debug) { + success("server: Handshake was completed\n"); + + if (gnutls_psk_server_get_username(session)) + fail("server: gnutls_psk_server_get_username() should have returned NULL\n"); + if (gnutls_psk_server_get_username2(session, &psk_username) < 0) + fail("server: Could not get PSK username\n"); + + if (psk_username.size != 4 || memcmp(psk_username.data, expected_psk_username, 4)) + fail("server: Unexpected PSK username\n"); + + success("server: PSK username length: %d\n", psk_username.size); + } + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + gnutls_record_set_timeout(session, 10000); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_psk_free_server_credentials(server_pskcred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void run_test(const char *prio, unsigned exp_hint) +{ + pid_t child; + int err; + int sockets[2]; + + success("trying with %s\n", prio); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + close(sockets[1]); + server(sockets[0], prio); + wait(&status); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1], prio, exp_hint); + exit(0); + } +} + +void doit(void) +{ + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", 1); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-PSK", 1); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-PSK", 1); + + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:+PSK", 0); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE2048:+DHE-PSK", 0); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-SECP256R1:+ECDHE-PSK", 0); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK", 0); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+DHE-PSK", 0); + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+ECDHE-PSK", 0); + /* the following should work once we support PSK without DH */ + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+PSK", 0); + + run_test("NORMAL:-KX-ALL:+PSK", 0); + run_test("NORMAL:-KX-ALL:+ECDHE-PSK", 0); + run_test("NORMAL:-KX-ALL:+DHE-PSK", 0); +} + +#endif /* _WIN32 */ diff --git a/tests/psktool.sh b/tests/psktool.sh new file mode 100755 index 0000000..9d0e081 --- /dev/null +++ b/tests/psktool.sh @@ -0,0 +1,114 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${srcdir=.} +: ${PSKTOOL=../src/psktool${EXEEXT}} +TMPFILE=psktool.$$.tmp + +if ! test -x "${PSKTOOL}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + + +. "${srcdir}/scripts/common.sh" + +echo "Checking PSK tool basic operations" + +# echo create a user and check whether a key is available +${VALGRIND} "${PSKTOOL}" -p ${TMPFILE} -u test +if test $? != 0;then + echo "password generation failed..." + exit 1 +fi + +grep 'test:' ${TMPFILE} >/dev/null 2>&1 +if test $? != 0;then + echo "could not find generated user..." + exit 1 +fi + +KEY=$(cat ${TMPFILE} |cut -d ':' -f 2) + +if test "${#KEY}" != 64;then + echo "the generated key is not 256-bits" + exit 1 +fi + + +# Create second user and check whether both exist + +${VALGRIND} "${PSKTOOL}" -p ${TMPFILE} -u user2 +if test $? != 0;then + echo "password generation failed..." + exit 1 +fi + +grep 'test:' ${TMPFILE} >/dev/null 2>&1 +if test $? != 0;then + echo "could not find first generated user..." + exit 1 +fi + +grep 'user2:' ${TMPFILE} >/dev/null 2>&1 +if test $? != 0;then + echo "could not find second generated user..." + exit 1 +fi + +# Create third user with a special character in username + +${VALGRIND} "${PSKTOOL}" -p ${TMPFILE} -u user:3 +if test $? != 0;then + echo "password generation failed..." + exit 1 +fi + +grep '#757365723a33:' ${TMPFILE} >/dev/null 2>&1 +if test $? != 0;then + echo "could not find third generated user..." + exit 1 +fi + +# Modify the third user password + +${VALGRIND} "${PSKTOOL}" -p ${TMPFILE} -u user:3 +if test $? != 0;then + echo "password generation failed..." + exit 1 +fi + +matches=`grep '#757365723a33:' ${TMPFILE} 2>/dev/null | wc -l` +if test $matches != 1;then + echo "duplicate entry for third generated user..." + exit 1 +fi + +rm -f $TMPFILE + +exit 0 diff --git a/tests/pubkey-import-export.c b/tests/pubkey-import-export.c new file mode 100644 index 0000000..b11ce56 --- /dev/null +++ b/tests/pubkey-import-export.c @@ -0,0 +1,333 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "cert-common.h" + +static char rsa_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t rsa_key = { (void*)rsa_key_pem, + sizeof(rsa_key_pem) +}; + +static void dump(const char *name, unsigned char *buf, int buf_size) +{ + int i; + fprintf(stderr, "%s: ", name); + for (i = 0; i < buf_size; i++) + fprintf(stderr, "\\x%.2x", buf[i]); + fprintf(stderr, "\n"); +} + +unsigned char dsa_p[] = "\x00\xb9\x84\xf5\x5a\x81\xbe\x1a\x0d\xc5\x8a\x73\x8f\x0c\x9b\x2f\x9b\xb6\x0e\x4b\xc3\x74\x1a\x7f\x64\xad\x9d\xf3\x28\xc5\xa0\x47\xbc\x9b\x57\x56\xf1\x97\xd5\x7e\x37\x03\xe9\xf2\x4c\xf4\xe3\x8b\x7f\x30\xa3\x5d\x2f\xbb\xa1\xa2\x37\xc2\xea\x35\x8f\x1f\xb1\x5f\xa6\xa2\x5f\x01\xf1\x23\x36\x2b\xe4\x4f\x2f\x2d\xdd\x9d\xd5\x3a\xa6\x39\xaf\x7a\x51\x7c\xd2\x25\x8e\x97\x74\xcf\x1e\xc5\x7b\x4b\x76\x43\x81\x07\x1f\x06\x14\xb8\x6e\x58\x12\xe1\x90\xe2\x37\x6f\xd2\x1b\xec\x68\xc5\x58\xe2\xe6\x30\xe0\x6a\x5e\x2c\x63\x78\xec\x07"; +unsigned char dsa_q[] = "\x00\x9f\x56\x8c\x48\x64\x2f\xfe\x8d\xaa\x7a\x6d\x96\xdb\x04\x5d\x16\xef\x08\xa5\x71"; +unsigned char dsa_g[] = "\x62\x06\x7e\xe4\x5c\x76\x08\xb7\x46\x1a\x5d\xd7\x97\xd4\x2a\x21\xfb\x1f\x31\xc9\xd2\xf4\xfa\x39\xd8\x27\xd1\x9b\xfc\x27\x5d\xa7\x0a\xa7\x1a\xfc\x53\xc1\x2f\x43\xc2\x37\xc8\x85\x7f\x3d\x4c\xab\x5d\x81\x32\xfb\x1d\x5e\x1e\x54\x11\x16\x20\xc6\x80\x5a\xd9\x8c\x9b\x43\xf0\xdd\x6b\xa0\xf4\xc3\xf2\x8a\x9c\x39\xd2\x1c\x7b\x0f\xef\xfa\x28\x93\x8f\xd2\xa1\x22\xeb\xdc\xe0\x8a\x8b\xad\x28\x0e\xcf\xef\x09\x85\xe9\x36\xbd\x8b\x7a\x50\xd5\x7b\xf7\x25\x0d\x6c\x60\x11\xc4\xef\x70\x90\xcf\xd6\x1b\xeb\xbb\x8e\xc6\x3e\x3a\x97"; +unsigned char dsa_y[] = "\x0f\x8a\x87\x57\xf2\xd1\xc2\xdc\xac\xdf\x4b\x8b\x0f\x8b\xba\x29\xf7\xe1\x03\xe4\x55\xfa\xb2\x98\x07\xd6\xfd\x12\xb1\x80\xbc\xf5\xba\xb4\x50\xd4\x7f\xa0\x0e\x43\xe7\x9f\xc9\x78\x11\x5f\xe5\xe4\x0c\x2c\x6b\x6a\xa4\x35\xdc\xbd\x54\xe5\x60\x36\x9a\x31\xd1\x8a\x59\x6e\x6b\x1c\xba\xbd\x2e\xba\xeb\x7c\x87\xef\xda\xc8\xdd\xa1\xeb\xa4\x83\xe6\x8b\xad\xfa\xfa\x8e\x5b\xd7\x37\xc8\x32\x3e\x96\xc2\x3e\xf4\x43\xda\x7d\x91\x02\x0f\xb7\xbc\xf8\xef\x8f\xf7\x41\x00\x5e\x96\xdf\x0f\x08\x96\xdc\xea\xb2\xe9\x06\x82\xaf\xd2\x2f"; +unsigned char dsa_x[] = "\x4b\x9f\xeb\xff\x6c\x9a\x02\x83\x41\x5e\x37\x81\x8e\x00\x86\x31\xe8\xb6\x9b\xc1"; + +unsigned char rsa_m[] = "\x00\xbb\x66\x43\xf5\xf2\xc5\xd7\xb6\x8c\xcc\xc5\xdf\xf5\x88\x3b\xb1\xc9\x4b\x6a\x0e\xa1\xad\x20\x50\x40\x08\x80\xa1\x4f\x5c\xa3\xd0\xf8\x6c\xcf\xe6\x3c\xf7\xec\x04\x76\x13\x17\x8b\x64\x89\x22\x5b\xc0\xdd\x53\x7c\x3b\xed\x7c\x04\xbb\x80\xb9\x28\xbe\x8e\x9b\xc6\x8e\xa0\xa5\x12\xcb\xf5\x57\x1e\xa2\xe7\xbb\xb7\x33\x49\x9f\xe3\xbb\x4a\xae\x6a\x4d\x68\xff\xc9\x11\xe2\x32\x8d\xce\x3d\x80\x0b\x8d\x75\xef\xd8\x00\x81\x8f\x28\x04\x03\xa0\x22\x8d\x61\x04\x07\xfa\xb6\x37\x7d\x21\x07\x49\xd2\x09\x61\x69\x98\x90\xa3\x58\xa9"; +unsigned char rsa_e[] = "\x01\x00\x01"; +unsigned char rsa_d[] = "\x0e\x99\x80\x44\x6e\x42\x43\x14\xbe\x01\xeb\x0d\x90\x69\xa9\x6a\xe7\xa9\x88\x2c\xf5\x24\x11\x7f\x27\x09\xf2\x89\x7e\xaf\x13\x35\x21\xd1\x8a\x5d\xdf\xd4\x99\xce\xdc\x2b\x0f\x1b\xc5\x3c\x98\xd0\x68\xa5\x65\x8e\x69\x75\xce\x42\x69\x20\x35\x6c\xaa\xf1\xdd\xc9\x57\x6c\x7b\xc3\x3e\x42\x7e\xa1\xc3\x8c\x76\xa7\x9a\xe8\x81\xdb\xe1\x84\x82\xf5\x99\xd5\xa8\xee\x35\x9e\x54\x94\xc5\x44\xa0\x7b\xcc\xb7\x4c\x3e\xcd\xf2\x49\xdb\x5c\x21\x06\x85\xf6\x75\x00\x43\x62\x89\x12\xf9\x5d\x90\xed\xe6\xfd\xb4\x49\x14\x4a\x79\xe2\x4d"; +unsigned char rsa_p[] = "\x00\xd8\xcb\xe4\x65\x4e\x6c\x11\x0f\xa8\x72\xed\x4b\x4c\x8d\x1d\x07\xdc\x24\x99\x25\xe4\x3c\xb2\xf3\x02\xc4\x72\xe6\x3a\x5b\x86\xf4\x7d\x54\x2a\x4e\x79\x64\x16\x1f\x45\x3b\x17\x9e\x2a\x94\x90\x90\x59\xe7\x0b\x95\xd4\xbf\xa9\x47\xd1\x0a\x71\xaf\x3d\x6b\xed\x55"; +unsigned char rsa_q[] = "\x00\xdd\x49\x81\x7a\x5c\x04\xbf\x6b\xbd\x70\x05\x35\x42\x32\xa3\x9b\x08\xee\xd4\x98\x17\x6e\xb8\xc4\xa2\x12\xbe\xdc\x1e\x72\xd0\x44\x84\x5c\xf0\x30\x35\x04\xfd\x4e\xb0\xcc\xd6\x6f\x40\xcb\x16\x13\x58\xbc\x57\xf7\x77\x48\xe5\x0c\x0d\x14\x9b\x66\x6e\xd8\xde\x05"; +unsigned char rsa_u[] = "\x4a\x74\x5c\x95\x83\x54\xa3\xb0\x71\x35\xba\x02\x3a\x7d\x4a\x8c\x2d\x9a\x26\x77\x60\x36\x28\xd4\xb1\x7d\x8a\x06\xf8\x89\xa2\xef\xb1\x66\x46\x7d\xb9\xd4\xde\xbc\xa3\xbe\x46\xfa\x62\xe1\x63\x82\xdc\xdb\x64\x36\x47\x59\x00\xa8\xf3\xf7\x0e\xb4\xe0\x66\x3d\xd9"; +unsigned char rsa_e1[] = "\x45\x20\x96\x5e\x1b\x28\x68\x34\x46\xf1\x06\x6b\x09\x28\xc1\xc5\xfc\xd3\x0a\xa6\x43\x65\x7b\x65\xf3\x4e\xf2\x98\x28\xa9\x80\x99\xba\xd0\xb8\x80\xb7\x42\x4b\xaf\x82\xe2\xb9\xc0\x2c\x31\x9c\xfa\xfa\x3f\xaa\xb9\x06\xd2\x6a\x46\xc5\x08\x00\x81\xf1\x22\xd5\xd5"; +unsigned char rsa_e2[] = "\x00\xa6\x50\x60\xa7\xfe\x10\xf3\x6d\x9e\x6b\x5a\xfe\xb4\x4a\x2a\xfc\x92\xb2\x2d\xc6\x41\x96\x4d\xf8\x3b\x77\xab\x4a\xf4\xf7\x85\xe0\x79\x3b\x00\xaa\xba\xae\x8d\x53\x5f\x3e\x14\xcc\x78\xfe\x2a\x11\x50\x57\xfe\x25\x57\xd9\xc9\x8c\x4d\x28\x77\xc3\x7c\xfc\x31\xa1"; + +unsigned char ecc_x[] = "\x3c\x15\x6f\x1d\x48\x3e\x64\x59\x13\x2c\x6d\x04\x1a\x38\x0d\x30\x5c\xe4\x3f\x55\xcb\xd9\x17\x15\x46\x72\x71\x92\xc1\xf8\xc6\x33"; +unsigned char ecc_y[] = "\x3d\x04\x2e\xc8\xc1\x0f\xc0\x50\x04\x7b\x9f\xc9\x48\xb5\x40\xfa\x6f\x93\x82\x59\x61\x5e\x72\x57\xcb\x83\x06\xbd\xcc\x82\x94\xc1"; +unsigned char ecc_k[] = "\x00\xfd\x2b\x00\x80\xf3\x36\x5f\x11\x32\x65\xe3\x8d\x30\x33\x3b\x47\xf5\xce\xf8\x13\xe5\x4c\xc2\xcf\xfd\xe8\x05\x6a\xca\xc9\x41\xb1"; + +unsigned char false_ed25519_x[] = "\xac\xac\x9a\xb3\xc3\x41\x8d\x41\x22\x21\xc1\x84\xa7\xb8\x70\xfb\x44\x6e\xc7\x7e\x20\x87\x7b\xd9\x22\xa4\x5d\xd2\x97\x09\xd5\x48"; +unsigned char ed25519_x[] = "\xab\xaf\x98\xb3\xc3\x41\x8d\x41\x22\x21\xc1\x86\xa7\xb8\x70\xfb\x44\x6e\xc7\x7e\x20\x87\x7b\xd9\x22\xa4\x5d\xd2\x97\x09\xd5\x48"; +unsigned char ed25519_k[] = "\x1c\xa9\x23\xdc\x35\xa8\xfd\xd6\x2d\xa8\x98\xb9\x60\x7b\xce\x10\x3d\xf4\x64\xc6\xe5\x4b\x0a\x65\x56\x6a\x3c\x73\x65\x51\xa2\x2f"; + +gnutls_datum_t _dsa_p = {dsa_p, sizeof(dsa_p)-1}; +gnutls_datum_t _dsa_q = {dsa_q, sizeof(dsa_q)-1}; +gnutls_datum_t _dsa_g = {dsa_g, sizeof(dsa_g)-1}; +gnutls_datum_t _dsa_y = {dsa_y, sizeof(dsa_y)-1}; +gnutls_datum_t _dsa_x = {dsa_x, sizeof(dsa_x)-1}; + +gnutls_datum_t _rsa_m = {rsa_m, sizeof(rsa_m)-1}; +gnutls_datum_t _rsa_e = {rsa_e, sizeof(rsa_e)-1}; +gnutls_datum_t _rsa_d = {rsa_d, sizeof(rsa_d)-1}; +gnutls_datum_t _rsa_p = {rsa_p, sizeof(rsa_p)-1}; +gnutls_datum_t _rsa_q = {rsa_q, sizeof(rsa_q)-1}; +gnutls_datum_t _rsa_u = {rsa_u, sizeof(rsa_u)-1}; +gnutls_datum_t _rsa_e1 = {rsa_e1, sizeof(rsa_e1)-1}; +gnutls_datum_t _rsa_e2 = {rsa_e2, sizeof(rsa_e2)-1}; + +gnutls_datum_t _ecc_x = {ecc_x, sizeof(ecc_x)-1}; +gnutls_datum_t _ecc_y = {ecc_y, sizeof(ecc_y)-1}; +gnutls_datum_t _ecc_k = {ecc_k, sizeof(ecc_k)-1}; + +gnutls_datum_t _false_ed25519_x = {false_ed25519_x, sizeof(false_ed25519_x)-1}; +gnutls_datum_t _ed25519_x = {ed25519_x, sizeof(ed25519_x)-1}; +gnutls_datum_t _ed25519_k = {ed25519_k, sizeof(ed25519_k)-1}; + +unsigned char ecc_params[] = "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"; +unsigned char ecc_point[] = "\x04\x41\x04\x3c\x15\x6f\x1d\x48\x3e\x64\x59\x13\x2c\x6d\x04\x1a\x38\x0d\x30\x5c\xe4\x3f\x55\xcb\xd9\x17\x15\x46\x72\x71\x92\xc1\xf8\xc6\x33\x3d\x04\x2e\xc8\xc1\x0f\xc0\x50\x04\x7b\x9f\xc9\x48\xb5\x40\xfa\x6f\x93\x82\x59\x61\x5e\x72\x57\xcb\x83\x06\xbd\xcc\x82\x94\xc1"; + +#define CMP(name, dat, v) cmp(name, __LINE__, dat, v, sizeof(v)-1) +static int cmp(const char *name, int line, gnutls_datum_t *v1, unsigned char *v2, unsigned size) +{ + if (size != v1->size) { + fprintf(stderr, "error in %s:%d size\n", name, line); + dump("expected", v2, size); + dump("got", v1->data, v1->size); + exit(1); + } + + if (memcmp(v1->data, v2, size) != 0) { + fprintf(stderr, "error in %s:%d\n", name, line); + dump("expected", v2, size); + dump("got", v1->data, v1->size); + exit(1); + } + return 0; +} + +/* leading zero on v2 is ignored */ +#define CMP_NO_LZ(name, dat, v) cmp_no_lz(name, __LINE__, dat, v, sizeof(v)-1) +static int cmp_no_lz(const char *name, int line, gnutls_datum_t *v1, unsigned char *i2, unsigned size) +{ + gnutls_datum_t v2; + if (size > 0 && i2[0] == 0) { + v2.data = &i2[1]; + v2.size = size-1; + } else { + v2.data = i2; + v2.size = size; + } + + if (v2.size != v1->size) { + fprintf(stderr, "error in %s:%d size\n", name, line); + dump("expected", v2.data, v2.size); + dump("got", v1->data, v1->size); + exit(1); + } + + if (memcmp(v1->data, v2.data, v2.size) != 0) { + fprintf(stderr, "error in %s:%d\n", name, line); + dump("expected", v2.data, v2.size); + dump("got", v1->data, v1->size); + exit(1); + } + return 0; +} + +static +int check_pubkey_import_export(void) +{ + gnutls_pubkey_t key; + gnutls_datum_t p, q, g, y, x; + gnutls_datum_t m, e; + gnutls_ecc_curve_t curve; + unsigned bits; + int ret; + + global_init(); + + ret = gnutls_pubkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_import_dsa_raw(key, &_dsa_p, &_dsa_q, &_dsa_g, &_dsa_y); + if (ret < 0) + fail("error\n"); + + bits = 0; + ret = gnutls_pubkey_get_pk_algorithm(key, &bits); + if (ret <= 0 || bits == 0) + fail("error: %s [%u]\n", gnutls_strerror(ret), bits); + + ret = gnutls_pubkey_export_dsa_raw2(key, &p, &q, &g, &y, 0); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + CMP("p", &p, dsa_p); + CMP("q", &q, dsa_q); + CMP("g", &g, dsa_g); + CMP("y", &y, dsa_y); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + + ret = gnutls_pubkey_export_dsa_raw2(key, &p, &q, &g, &y, GNUTLS_EXPORT_FLAG_NO_LZ); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + CMP_NO_LZ("p", &p, dsa_p); + CMP_NO_LZ("q", &q, dsa_q); + CMP_NO_LZ("g", &g, dsa_g); + CMP_NO_LZ("y", &y, dsa_y); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + gnutls_pubkey_deinit(key); + + /* RSA */ + ret = gnutls_pubkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_import_rsa_raw(key, &_rsa_m, &_rsa_e); + if (ret < 0) + fail("error\n"); + + bits = 0; + ret = gnutls_pubkey_get_pk_algorithm(key, &bits); + if (ret <= 0 || bits == 0) + fail("error: %s [%u]\n", gnutls_strerror(ret), bits); + + ret = gnutls_pubkey_export_rsa_raw2(key, &m, &e, 0); + if (ret < 0) + fail("error\n"); + + CMP("m", &m, rsa_m); + CMP("e", &e, rsa_e); + gnutls_free(m.data); + gnutls_free(e.data); + + ret = gnutls_pubkey_export_rsa_raw2(key, &m, &e, GNUTLS_EXPORT_FLAG_NO_LZ); + if (ret < 0) + fail("error\n"); + + CMP_NO_LZ("m", &m, rsa_m); + CMP_NO_LZ("e", &e, rsa_e); + gnutls_free(m.data); + gnutls_free(e.data); + gnutls_pubkey_deinit(key); + + /* ECC */ + ret = gnutls_pubkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_pubkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_SECP256R1, &_ecc_x, &_ecc_y); + if (ret < 0) + fail("error\n"); + + bits = 0; + ret = gnutls_pubkey_get_pk_algorithm(key, &bits); + if (ret <= 0 || bits == 0) + fail("error: %s [%u]\n", gnutls_strerror(ret), bits); + + ret = gnutls_pubkey_export_ecc_raw2(key, &curve, &x, &y, 0); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_SECP256R1) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + CMP("x", &x, ecc_x); + CMP("y", &y, ecc_y); + gnutls_free(x.data); + gnutls_free(y.data); + + ret = gnutls_pubkey_export_ecc_raw2(key, &curve, &x, &y, GNUTLS_EXPORT_FLAG_NO_LZ); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_SECP256R1) { + fprintf(stderr, "unexpected curve value: %d\n", (int)curve); + exit(1); + } + CMP_NO_LZ("x", &x, ecc_x); + CMP_NO_LZ("y", &y, ecc_y); + gnutls_free(x.data); + gnutls_free(y.data); + gnutls_pubkey_deinit(key); + + /* Ed25519 */ + ret = gnutls_pubkey_init(&key); + if (ret < 0) + fail("error\n"); + + /* test whether an invalid size would fail */ + ret = gnutls_pubkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_rsa_m, NULL); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("error\n"); + + ret = gnutls_pubkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_ed25519_x, NULL); + if (ret < 0) + fail("error\n"); + + bits = 0; + ret = gnutls_pubkey_get_pk_algorithm(key, &bits); + if (ret <= 0 || bits == 0) + fail("error: %s [%u]\n", gnutls_strerror(ret), bits); + + ret = gnutls_pubkey_verify_params(key); + if (ret != 0) + fail("error: %s\n", gnutls_strerror(ret)); + + ret = gnutls_pubkey_export_ecc_raw(key, &curve, &x, NULL); + if (ret < 0) + fail("error\n"); + + if (curve != GNUTLS_ECC_CURVE_ED25519) { + fail("unexpected curve value: %d\n", (int)curve); + } + CMP("x", &x, ed25519_x); + gnutls_free(x.data); + gnutls_pubkey_deinit(key); + + return 0; +} + +void doit(void) +{ + if (check_pubkey_import_export() != 0) { + fail("error in pubkey import/export check\n"); + exit(1); + } +} diff --git a/tests/random-art.c b/tests/random-art.c new file mode 100644 index 0000000..0520669 --- /dev/null +++ b/tests/random-art.c @@ -0,0 +1,141 @@ +/* + * Copyright (C) 2016, 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include +#include + +#include "utils.h" + +/* This checks random art encoding */ + +static void encode(const char *test_name, const char *type, unsigned key_size, unsigned char *input, unsigned input_size, const char *expected) +{ + int ret; + gnutls_datum_t out; + + ret = gnutls_random_art(GNUTLS_RANDOM_ART_OPENSSH, type, key_size, input, input_size, &out); + if (ret < 0) { + fail("%s: gnutls_random_art: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (strlen(expected)!=out.size) { + fail("%s: gnutls_random_art: output has incorrect size (%d, expected %d)\n%s\n", test_name, (int)out.size, (int)strlen(expected), out.data); + exit(1); + } + + if (strncasecmp(expected, (char*)out.data, out.size) != 0) { + fail("%s: gnutls_random_art: output does not match the expected:\n%s\n", test_name, out.data); + exit(1); + } + + gnutls_free(out.data); + + return; +} + + +struct encode_tests_st { + const char *name; + unsigned char *raw; + unsigned raw_size; + const char *key_type; + unsigned key_size; + const char *art; +}; + +struct encode_tests_st encode_tests[] = { + { + .name = "key1", + .raw = (void*)"\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\x34\xb6\xf6\x08\x29\x4c\x50\x31\x2b\xbb", + .raw_size = 20, + .key_type = "RSA", + .key_size = 2048, + .art = "+--[ RSA 2048]----+\n" + "|.o*++==o |\n" + "| + *.===. |\n" + "|. * + +.o |\n" + "| o . o + . |\n" + "|. + S |\n" + "| . o |\n" + "|E |\n" + "| |\n" + "| |\n" + "+-----------------+" + }, + { + .name = "key2", + .raw = (void*)"\xf8\xa7\x1c\x08\x76\x47\x2c\x08\x38\x17\x0c\x08\x38\x17\x0c\x08\xcb\x45\x8f\xd4\x87\x9c\xa4\xb6\xf6\xf8\x29\xfc\x50\x3f\x2b\xbb", + .raw_size = 32, + .key_type = "RSA", + .key_size = 3072, + .art = "+--[ RSA 3072]----+\n" + "|@*=*+.o |\n" + "|O.B.+* o |\n" + "|.* +..o o |\n" + "| . . + |\n" + "| oo.o S |\n" + "| ..+o.+ |\n" + "| .o ..oo . |\n" + "| oo...o+ |\n" + "| oE+.o |\n" + "+-----------------+" + }, + { + .name = "key3", + .raw = (void*)"\x38\xf7\x0c\x08\xcb\x34\x8a\xd4\xb7\x9c\x34\xb4\xf6\x08\x29\x4c\x50\x3f\x2b\xbb", + .raw_size = 20, + .key_type = "ECDSA", + .key_size = 256, + .art = "+--[ECDSA 256]---+\n" + "|oo. . |\n" + "|o ..o . |\n" + "| + +** |\n" + "|...+***o |\n" + "|. o +=+.S |\n" + "| o o + |\n" + "| . o |\n" + "| . |\n" + "| E |\n" + "+-----------------+" + } +}; + +void doit(void) +{ + unsigned i; + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include +#include "cert-common.h" + +/* Here we test the raw public-key API */ + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t cred = NULL; + gnutls_pcert_st* pcert; + gnutls_pubkey_t pubkey; + const char *src; + char rawpk_pub_path[256]; + char rawpk_priv_path[256]; + + // Get current src dir + src = getenv("srcdir"); + if (src == NULL) + src = "."; + + // Set file paths for pem files + snprintf(rawpk_pub_path, sizeof(rawpk_pub_path), "%s/%s", src, "certs/rawpk_pub.pem"); + snprintf(rawpk_priv_path, sizeof(rawpk_priv_path), "%s/%s", src, "certs/rawpk_priv.pem"); + + + global_init(); + + // Initialize creds + assert(gnutls_certificate_allocate_credentials(&cred) >= 0); + assert((pcert = gnutls_calloc(1, sizeof(*pcert))) != NULL); + assert(gnutls_pubkey_init(&pubkey) >= 0); + assert(gnutls_pubkey_import(pubkey, &rawpk_public_key1, GNUTLS_X509_FMT_PEM) >= 0); + + + /* Tests for gnutls_certificate_set_rawpk_key_mem() */ + success("Testing gnutls_certificate_set_rawpk_key_mem()...\n"); + // Positive tests + ret = gnutls_certificate_set_rawpk_key_mem(cred, + &rawpk_public_key2, &rawpk_private_key2, GNUTLS_X509_FMT_PEM, + NULL, 0, NULL, 0, 0); + if (ret < 0) { + fail("Failed to load credentials with error: %d\n", ret); + } + // Negative tests + ret = gnutls_certificate_set_rawpk_key_mem(cred, + NULL, &rawpk_private_key2, GNUTLS_X509_FMT_PEM, + NULL, 0, NULL, 0, 0); + if (ret != GNUTLS_E_INSUFFICIENT_CREDENTIALS) { + fail("Failed to detect falsy input. Expected error: %d\n", GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + ret = gnutls_certificate_set_rawpk_key_mem(cred, + &rawpk_public_key2, NULL, GNUTLS_X509_FMT_PEM, + NULL, 0, NULL, 0, 0); + if (ret != GNUTLS_E_INSUFFICIENT_CREDENTIALS) { + fail("Failed to detect falsy input. Expected error: %d\n", GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + + + /* Tests for gnutls_certificate_set_rawpk_key_file() */ + success("Testing gnutls_certificate_set_rawpk_key_file()...\n"); + // Positive tests + ret = gnutls_certificate_set_rawpk_key_file(cred, rawpk_pub_path, rawpk_priv_path, GNUTLS_X509_FMT_PEM, NULL, 0, NULL, 0, 0, 0); + if (ret < 0) { + fail("Failed to load credentials with error: %d\n", ret); + } + // Negative tests + ret = gnutls_certificate_set_rawpk_key_file(cred, NULL, rawpk_priv_path, GNUTLS_X509_FMT_PEM, NULL, 0, NULL, 0, 0, 0); + if (ret != GNUTLS_E_INSUFFICIENT_CREDENTIALS) { + fail("Failed to detect falsy input. Expected error: %d\n", GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + ret = gnutls_certificate_set_rawpk_key_file(cred, rawpk_pub_path, NULL, GNUTLS_X509_FMT_PEM, NULL, 0, NULL, 0, 0, 0); + if (ret != GNUTLS_E_INSUFFICIENT_CREDENTIALS) { + fail("Failed to detect falsy input. Expected error: %d\n", GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + + + /* Tests for gnutls_pcert_import_rawpk() */ + success("Testing gnutls_pcert_import_rawpk()...\n"); + // Positive tests + ret = gnutls_pcert_import_rawpk(pcert, pubkey, 0); + if (ret < 0) { + fail("Failed to import raw public-key into pcert with error: %d\n", ret); + } + // Negative tests + ret = gnutls_pcert_import_rawpk(pcert, NULL, 0); + if (ret != GNUTLS_E_INSUFFICIENT_CREDENTIALS) { + fail("Failed to detect falsy input. Expected error: %d\n", GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + // Cleanup to prevent subsequent API calls to produce memory leaks + gnutls_pcert_deinit(pcert); + + + /* Tests for gnutls_pcert_import_rawpk_raw() */ + success("Testing gnutls_pcert_import_rawpk_raw()...\n"); + // Positive tests + ret = gnutls_pcert_import_rawpk_raw(pcert, &rawpk_public_key1, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret < 0) { + fail("Failed to import raw public-key into pcert with error: %d\n", ret); + } + // Negative tests + ret = gnutls_pcert_import_rawpk_raw(pcert, NULL, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret != GNUTLS_E_INSUFFICIENT_CREDENTIALS) { + fail("Failed to detect falsy input. Expected error: %d\n", GNUTLS_E_INSUFFICIENT_CREDENTIALS); + } + // Cleanup to prevent subsequent API calls to produce memory leaks + gnutls_pcert_deinit(pcert); + + + // Generic cleanup + gnutls_free(pcert); + gnutls_certificate_free_credentials(cred); + + gnutls_global_deinit(); +} + diff --git a/tests/record-pad.c b/tests/record-pad.c new file mode 100644 index 0000000..f625163 --- /dev/null +++ b/tests/record-pad.c @@ -0,0 +1,415 @@ +/* + * Copyright (C) 2012-2018 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main(void) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +#define MAX_BUF 1024 +#define HIGH(x) (3*x) +static void terminate(void); +static size_t total; + +/* This program tests the robustness of record sending with padding. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + + +/* A very basic TLS client, with anonymous authentication. + */ + + + +static ssize_t +push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + int fd = (long int) tr; + + total += len; + return send(fd, data, len, 0); +} + +struct test_st { + const char *name; + size_t pad; + size_t data; + const char *prio; + unsigned flags; + int sret; +}; + +static void client(int fd, struct test_st *test) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + assert(gnutls_init(&session, GNUTLS_CLIENT|test->flags)>=0); + assert(gnutls_priority_set_direct(session, test->prio, NULL)>=0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, struct test_st *test) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + size_t expected; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + assert(gnutls_init(&session, GNUTLS_SERVER|test->flags)>=0); + + assert(gnutls_priority_set_direct(session, test->prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_transport_set_push_function(session, push); + + assert(test->data <= sizeof(buffer)); + + total = 0; + do { + ret = + gnutls_record_send2(session, buffer, + test->data, + test->pad, 0); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (test->sret < 0) { + if (ret >= 0) + fail("server: expected failure got success!\n"); + if (ret != test->sret) + fail("server: expected different failure: '%s', got: '%s'\n", + gnutls_strerror(test->sret), gnutls_strerror(ret)); + goto finish; + } + + if (ret < 0) { + fail("Error sending packet: %s\n", + gnutls_strerror(ret)); + terminate(); + } + + expected = test->data + test->pad + gnutls_record_overhead_size(session); + if (total != expected) { + fail("Sent data (%u) are lower than expected (%u)\n", + (unsigned) total, (unsigned) expected); + terminate(); + } + + finish: + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(struct test_st *test) +{ + int fd[2]; + int ret; + + success("running %s\n", test->name); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], test); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], test); + exit(0); + } +} + +#define AES_GCM "NONE:+VERS-TLS1.3:+AES-256-GCM:+AEAD:+SIGN-ALL:+GROUP-ALL" + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +struct test_st tests[] = +{ + { + .name = "AES-GCM with max pad", + .pad = HIGH(MAX_BUF+1)-(MAX_BUF+1), + .data = MAX_BUF, + .prio = AES_GCM, + .flags = 0 + }, + { + .name = "AES-GCM with zero pad", + .pad = 0, + .data = MAX_BUF, + .prio = AES_GCM, + .flags = 0 + }, + { + .name = "AES-GCM with 1-byte pad", + .pad = 1, + .data = MAX_BUF, + .prio = AES_GCM, + .flags = 0 + }, + { + .name = "AES-GCM with pad, but no data", + .pad = 16, + .data = 0, + .prio = AES_GCM, + .flags = 0 + }, + { + .name = "AES-GCM with max pad and safe padding check", + .pad = HIGH(MAX_BUF+1)-(MAX_BUF+1), + .data = MAX_BUF, + .prio = AES_GCM, + .flags = GNUTLS_SAFE_PADDING_CHECK + }, + { + .name = "AES-GCM with zero pad and safe padding check", + .pad = 0, + .data = MAX_BUF, + .prio = AES_GCM, + .flags = GNUTLS_SAFE_PADDING_CHECK + }, + { + .name = "AES-GCM with 1-byte pad and safe padding check", + .pad = 1, + .data = MAX_BUF, + .prio = AES_GCM, + .flags = GNUTLS_SAFE_PADDING_CHECK + }, + { + .name = "AES-GCM with pad, but no data and safe padding check", + .pad = 16, + .data = 0, + .prio = AES_GCM, + .flags = GNUTLS_SAFE_PADDING_CHECK + }, + { + .name = "AES-GCM with pad, but no data and no pad", + .pad = 0, + .data = 0, + .prio = AES_GCM, + .flags = GNUTLS_SAFE_PADDING_CHECK, + .sret = GNUTLS_E_INVALID_REQUEST + }, +}; + +void doit(void) +{ + unsigned i; + signal(SIGCHLD, ch_handler); + + for (i=0;i +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests the correctness of the return + * values of the record functions. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + + +/* A very basic TLS client, with anonymous authentication. + */ + +#define MAX_BUF 24*1024 + +static void client(int fd, const char *prio, int ign) +{ + int ret; + unsigned i; + char buffer[MAX_BUF + 1]; + const char* err; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + memset(buffer, 2, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + ret = gnutls_priority_set_direct(session, prio, &err); + if (ret < 0) { + fail("error setting priority: %s\n", err); + exit(1); + } + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client (%s): Handshake has failed (%s)\n\n", prio, + gnutls_strerror(ret)); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* Test sending */ + for (i = 1; i < 16384; i++) { + do { + ret = gnutls_record_send(session, buffer, i); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("server (%s): Error sending %d byte packet: %s\n", prio, i, gnutls_strerror(ret)); + exit(1); + } + + if (ret > 0 && ret != (int)i) { + fail("server (%s): Error sending %d byte packet: sent: %d\n", prio, i, ret); + exit(1); + } + } + + /* Try sending a bit more */ + i = 21056; + do { + ret = gnutls_record_send(session, buffer, i); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("server (%s): Error sending %d byte packet: %s\n", + prio, i, gnutls_strerror(ret)); + exit(1); + } else if (ign == 0 && ret != 16384) { + fail("server (%s): Error sending %d byte packet; sent %d bytes instead of 16384\n", prio, i, ret); + exit(1); + } + + memset(buffer, 0xff, sizeof(buffer)); + ret = gnutls_record_send(session, buffer, 4); + if (ret < 0) { + fail("server (%s): Error sending 4 byte packet: %s\n", + prio, gnutls_strerror(ret)); + exit(1); + } + + memset(buffer, 0x02, sizeof(buffer)); + gnutls_record_set_timeout(session, 10000); + + /* Test receiving */ + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio, int ign) +{ + int ret; + unsigned i; + const char* err; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + ret = gnutls_priority_set_direct(session, prio, &err); + if (ret < 0) { + fail("error setting priority: %s\n", err); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server (%s): Handshake has failed (%s)\n\n", prio, + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* Here we do both a receive and a send test because if valgrind + * detects an error on the peer, the main process will never know. + */ + + /* Test receiving */ + i = 1; + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + if (ret > 0 && ret != (int)i) { + if (ret == 4 && (uint8_t)buffer[0] == 0xff) { + break; + } else { + fail("error receiving message[%d]: ret: %d\n", i, ret); + } + } + i++; + } while (ret > 0); + + if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* Test sending */ + for (i = 1; i < 16384; i++) { + do { + ret = gnutls_record_send(session, buffer, i); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("server (%s): Error sending %d byte packet: %s\n", prio, i, gnutls_strerror(ret)); + terminate(); + } + } + + /* Try sending a bit more */ + i = 21056; + do { + ret = gnutls_record_send(session, buffer, i); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("server (%s): Error sending %d byte packet: %s\n", + prio, i, gnutls_strerror(ret)); + terminate(); + } else if (ign == 0 && ret != 16384) { + fail("server (%s): Error sending %d byte packet; sent %d bytes instead of 16384\n", prio, i, ret); + terminate(); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *prio, int ign) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio, ign); + } else { + close(fd[0]); + client(fd[1], prio, ign); + exit(0); + } +} + +#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define TLS13_AES_GCM "NONE:+VERS-TLS1.3:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+CURVE-ALL" + +#define ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +#define ARCFOUR_MD5 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:+RSA" + +#define NULL_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+NULL:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+RSA:+CURVE-ALL" + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + + start(AES_CBC, 0); + start(AES_CBC_SHA256, 0); + start(AES_GCM, 0); + start(TLS13_AES_GCM, 0); + + if (!gnutls_fips140_mode_enabled()) { + start(NULL_SHA1, 0); + + start(ARCFOUR_SHA1, 0); + start(ARCFOUR_MD5, 0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/record-sendfile.c b/tests/record-sendfile.c new file mode 100644 index 0000000..87953c7 --- /dev/null +++ b/tests/record-sendfile.c @@ -0,0 +1,279 @@ +/* + * Copyright (C) 2022 Free Software Foundation, Inc. + * + * Author: FratniÅ¡ek Krenželok + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello world!" +#define OFFSET 2 + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_handshake_set_timeout(session, 0); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + goto end; + } + if (debug) + success("client: Handshake was completed\n"); + + memset(buffer, 0, sizeof(buffer)); + do{ + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } + while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if(strncmp(buffer, MSG + OFFSET, ret)){ + fail("client: Message doesn't match\n"); + goto end; + } + + if (debug) + success ("client: messages received\n"); + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) { + fail("client: error in closing session: %s\n", gnutls_strerror(ret)); + } + + ret = 0; + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (ret != 0) + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + gnutls_init(&session, GNUTLS_SERVER); + gnutls_handshake_set_timeout(session, 0); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + goto end; + } + + if (debug) + success("server: Handshake was completed\n"); + + FILE *fp = tmpfile(); + if (fp == NULL){ + fail("temporary file for testing couldn't be created"); + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + goto end; + } + + fputs(MSG, fp); + rewind(fp); + + off_t offset = OFFSET; + if (fp == NULL) { + fail("server: couldn't open file for testing ...send_file() function"); + goto end; + } + + do { + ret = gnutls_record_send_file(session, fileno(fp), &offset, 512); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("server: sending file has failed (%s)\n\n", + gnutls_strerror(ret)); + goto end; + } + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + + ret = 0; +end: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void run(const char *prio) +{ + int fd[2]; + int ret; + pid_t child; + + success("testing with %s\n", prio); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } + +} + +void doit(void) +{ + run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-GCM"); + run("NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-GCM"); + run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM"); + run("NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM"); +} +#endif /* _WIN32 */ diff --git a/tests/record-sizes-range.c b/tests/record-sizes-range.c new file mode 100644 index 0000000..56e1b6c --- /dev/null +++ b/tests/record-sizes-range.c @@ -0,0 +1,171 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "eagain-common.h" + +#include "utils.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +/* This test attempts to transfer various sizes using AES-128-CBC. + */ + +#define MAX_BUF 32*1024 +#define MAX_SEND 16384 +static char buffer1[MAX_BUF + 1]; +static char buffer[MAX_BUF + 1]; + +static void try_send(gnutls_session_t client, gnutls_session_t server, + void *b1, ssize_t b1_size, void *b2, ssize_t b2_size, + gnutls_range_st * range) +{ + int ret, recvd; + + /* Try sending various other sizes */ + ret = gnutls_record_send_range(client, b1, b1_size, range); + if (ret < 0) { + fprintf(stderr, "Error sending %d bytes: %s\n", + (int) b1_size, gnutls_strerror(ret)); + exit(1); + } + + if (ret != b1_size) { + fprintf(stderr, "Couldn't send %d bytes\n", (int) b1_size); + exit(1); + } + + recvd = 0; + do { + ret = gnutls_record_recv(server, b2, b2_size); + if (ret < 0) { + fprintf(stderr, "Error receiving %d bytes: %s\n", + (int) b2_size, gnutls_strerror(ret)); + exit(1); + } + recvd += ret; + } + while (recvd < b1_size); + + if (recvd != b1_size) { + fprintf(stderr, "Couldn't receive %d bytes, received %d\n", + (int) b1_size, recvd); + exit(1); + } + +} + +void doit(void) +{ + /* Server stuff. */ + gnutls_anon_server_credentials_t s_anoncred; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + static gnutls_dh_params_t dh_params; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_anon_client_credentials_t c_anoncred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + /* Need to enable anonymous KX specifically. */ + gnutls_range_st range; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + /* Init server */ + gnutls_anon_allocate_server_credentials(&s_anoncred); + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_anon_set_server_dh_params(s_anoncred, dh_params); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_priority_set_direct(server, + "NONE:+VERS-TLS1.2:+AES-128-CBC:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-DH", + NULL); + gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_anon_allocate_client_credentials(&c_anoncred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_priority_set_direct(client, + "NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-DH", + NULL); + gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + memset(buffer1, 0, sizeof(buffer1)); + HANDSHAKE(client, server); + + if (debug) + success("Handshake established\n"); + + memset(buffer1, 1, MAX_BUF); + + range.low = 1024; + range.high = MAX_SEND; + + + try_send(client, server, buffer1, MAX_SEND, buffer, MAX_BUF, &range); + try_send(client, server, buffer1, 1024, buffer, MAX_BUF, &range); + try_send(client, server, buffer1, 4096, buffer, MAX_BUF, &range); + /*try_send(client, server, buffer1, 128, buffer, MAX_BUF, &range) */ ; + + + if (debug) + fputs("\n", stdout); + + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_anon_free_client_credentials(c_anoncred); + gnutls_anon_free_server_credentials(s_anoncred); + + gnutls_dh_params_deinit(dh_params); + + gnutls_global_deinit(); +} diff --git a/tests/record-sizes.c b/tests/record-sizes.c new file mode 100644 index 0000000..be5b20a --- /dev/null +++ b/tests/record-sizes.c @@ -0,0 +1,162 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "eagain-common.h" + +#include "utils.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +/* This test attempts to transfer various sizes using ARCFOUR-128. + */ + +#define MAX_BUF 16384 +static char b1[MAX_BUF + 1]; +static char buffer[MAX_BUF + 1]; + +void doit(void) +{ + /* Server stuff. */ + gnutls_anon_server_credentials_t s_anoncred; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + static gnutls_dh_params_t dh_params; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_anon_client_credentials_t c_anoncred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN, i; + /* Need to enable anonymous KX specifically. */ + int ret, transferred = 0; + + if (gnutls_fips140_mode_enabled()) { + exit(77); + } + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + /* Init server */ + gnutls_anon_allocate_server_credentials(&s_anoncred); + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_anon_set_server_dh_params(s_anoncred, dh_params); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_priority_set_direct(server, + "NONE:+VERS-TLS1.2:+ARCFOUR-128:+MD5:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-DH", + NULL); + gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_anon_allocate_client_credentials(&c_anoncred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_priority_set_direct(client, + "NONE:+VERS-TLS1.2:+CIPHER-ALL:+ARCFOUR-128:+MD5:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-DH", + NULL); + gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + memset(b1, 0, sizeof(b1)); + HANDSHAKE(client, server); + + if (debug) + success("Handshake established\n"); + + memset(b1, 1, MAX_BUF); + + /* try the maximum allowed */ + ret = gnutls_record_send(client, b1, MAX_BUF); + if (ret < 0) { + fprintf(stderr, "Error sending %d bytes: %s\n", + (int) MAX_BUF, gnutls_strerror(ret)); + exit(1); + } + + if (ret != MAX_BUF) { + fprintf(stderr, "Couldn't send %d bytes\n", (int) MAX_BUF); + exit(1); + } + + ret = gnutls_record_recv(server, buffer, MAX_BUF); + if (ret < 0) { + fprintf(stderr, "Error receiving %d bytes: %s\n", + (int) MAX_BUF, gnutls_strerror(ret)); + exit(1); + } + + if (ret != MAX_BUF) { + fprintf(stderr, "Couldn't receive %d bytes, received %d\n", + (int) MAX_BUF, ret); + exit(1); + } + + if (memcmp(b1, buffer, MAX_BUF) != 0) { + fprintf(stderr, "Buffers do not match!\n"); + exit(1); + } + + /* Try sending various other sizes */ + for (i = 1; i < 128; i++) { + TRANSFER(client, server, b1, i, buffer, MAX_BUF); + } + if (debug) + fputs("\n", stdout); + + + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_anon_free_client_credentials(c_anoncred); + gnutls_anon_free_server_credentials(s_anoncred); + + gnutls_dh_params_deinit(dh_params); + + gnutls_global_deinit(); +} + diff --git a/tests/record-timeouts.c b/tests/record-timeouts.c new file mode 100644 index 0000000..fd9a999 --- /dev/null +++ b/tests/record-timeouts.c @@ -0,0 +1,162 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "eagain-common.h" +#include "cert-common.h" + +#include "utils.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +/* This tests gnutls_record_set_timeout() operation + */ + +#define MAX_BUF 16384 +static char b1[MAX_BUF + 1]; +static char buffer[MAX_BUF + 1]; +static unsigned int expected_val = -1; +static unsigned int called = 1; + +static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms) +{ + called = 1; + if (ms == 0 && expected_val != 0) { + fail("Expected timeout value: %u, got %u\n", expected_val, ms); + exit(1); + } else if (ms != expected_val && ms == GNUTLS_INDEFINITE_TIMEOUT) { + fail("Expected timeout value: %u, got %u\n", expected_val, ms); + exit(1); + } + return 1; +} + +#define MAX_VALS 4 +static const int vals[MAX_VALS] = {0, 1000, 5000, GNUTLS_INDEFINITE_TIMEOUT}; + +static void start(const char *prio) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN, i; + /* Need to enable anonymous KX specifically. */ + int transferred = 0; + + success("trying %s\n", prio); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert(gnutls_priority_set_direct(server, prio, NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + assert(gnutls_certificate_allocate_credentials(&clientx509cred)>=0); + gnutls_init(&client, GNUTLS_CLIENT); + assert(gnutls_priority_set_direct(client, prio, NULL) >= 0); + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, pull_timeout_func); + gnutls_transport_set_ptr(client, client); + + memset(b1, 0, sizeof(b1)); + HANDSHAKE(client, server); + + if (debug) + success("Handshake established\n"); + + memset(b1, 1, MAX_BUF); + + /* Try sending various other sizes */ + for (i = 1; i < 128; i++) { + called = 0; + gnutls_record_set_timeout(client, vals[i%MAX_VALS]); + expected_val = vals[i%MAX_VALS]; + + TRANSFER(client, server, b1, i, buffer, MAX_BUF); + + if (called == 0 && expected_val != 0) { + fail("pull timeout callback was not called for %d!\n", vals[i%MAX_VALS]); + exit(1); + } else if (called != 0 && expected_val == 0) { + fail("pull timeout callback was called for %d!\n", vals[i%MAX_VALS]); + exit(1); + } + } + if (debug) + fputs("\n", stdout); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} diff --git a/tests/recv-data-before-handshake.c b/tests/recv-data-before-handshake.c new file mode 100644 index 0000000..98a5645 --- /dev/null +++ b/tests/recv-data-before-handshake.c @@ -0,0 +1,308 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "utils.h" + +static void terminate(void); + +/* This program tests that a client cannot send any unencrypted data + * during the handshake process. That is to ensure we protect buggy clients + * from receiving unauthenticated data over the wire. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + int ret; + char c = 0; + + if (htype == GNUTLS_HANDSHAKE_FINISHED) + return 0; + + gnutls_record_set_timeout(session, 10*1000); + + /* sending */ + ret = gnutls_record_recv(session, &c, 1); + if (ret != GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE) { + fail("gnutls_record_recv returned %s/%d at %s\n", gnutls_strerror(ret), ret, gnutls_handshake_description_get_name(htype)); + } else { + success("expected behavior after %s\n", gnutls_handshake_description_get_name(htype)); + } + + gnutls_record_set_timeout(session, 0); + + return 0; +} + + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_PRE, + handshake_callback); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) { + /* success */ + goto end; + } + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + terminate(); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + terminate(); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + assert(gnutls_init(&session, GNUTLS_SERVER)>=0); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + /* failure is expected here */ + goto end; + } + + if (debug) { + success("server: Handshake was completed\n"); + } + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static +void start(const char *prio) +{ + int fd[2]; + int ret, status = 0; + + success("trying %s\n", prio); + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + client(fd[0], prio); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1], prio); + exit(0); + } +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} + +#endif /* _WIN32 */ diff --git a/tests/rehandshake-ext-secret.c b/tests/rehandshake-ext-secret.c new file mode 100644 index 0000000..94279f0 --- /dev/null +++ b/tests/rehandshake-ext-secret.c @@ -0,0 +1,148 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This program tests whether rehandshake without ext master secret works + * even if ext master secret was used initially. + * + * Note that we do not fail gracefully and we simply continue as if + * the extension is still valid. This violates the letter of RFC7627. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static void try(unsigned onclient) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(7); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_session_ext_master_secret_status(server) == 0) { + fail("%d: ext master secret was not detected by server\n", onclient); + } + + if (gnutls_session_ext_master_secret_status(client) == 0) { + fail("%d: ext master secret was not detected by client\n", onclient); + } + + if ((gnutls_session_get_flags(server) & GNUTLS_SFLAGS_EXT_MASTER_SECRET) == 0) { + fail("%d: ext master secret was not detected by server\n", onclient); + } + + if ((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_EXT_MASTER_SECRET) == 0) { + fail("%d: ext master secret was not detected by client\n", onclient); + } + + if (onclient) + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_SESSION_HASH", NULL); + else + gnutls_priority_set_direct(server, "NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_SESSION_HASH", NULL); + + sret = gnutls_rehandshake(server); + if (debug) { + tls_log_func(0, "gnutls_rehandshake (server)...\n"); + tls_log_func(0, gnutls_strerror(sret)); + tls_log_func(0, "\n"); + } + + { + ssize_t n; + char b[1]; + n = gnutls_record_recv(client, b, 1); + if (n != GNUTLS_E_REHANDSHAKE) + abort(); + } + + if (onclient) { + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_DECRYPTION_FAILED); + } else { + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_DECRYPTION_FAILED); + } + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +void doit(void) +{ + try(0); + reset_buffers(); + try(1); +} diff --git a/tests/rehandshake-switch-cert-allow.c b/tests/rehandshake-switch-cert-allow.c new file mode 100644 index 0000000..c657078 --- /dev/null +++ b/tests/rehandshake-switch-cert-allow.c @@ -0,0 +1,148 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +/* This test checks whether the server switching certificates is detected + * by the client */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#include "cert-common.h" + +static void try(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_certificate_credentials_t serverx509cred2; + gnutls_dh_params_t dh_params; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_allocate_credentials(&serverx509cred2); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_x509_key_mem(serverx509cred2, + &server2_cert, &server2_key, + GNUTLS_X509_FMT_PEM); + + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params(serverx509cred, dh_params); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_priority_set_direct(server, + "NORMAL:-VERS-ALL:+VERS-TLS1.2", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_ALLOW_ID_CHANGE); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_kx_get(client) != GNUTLS_KX_RSA) { + fail("got unexpected key exchange algorithm: %s (expected RSA)\n", gnutls_kx_get_name(gnutls_kx_get(client))); + exit(1); + } + + /* switch server's certificate and rehandshake */ + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred2); + + HANDSHAKE(client, server); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(serverx509cred2); + gnutls_certificate_free_credentials(clientx509cred); + gnutls_dh_params_deinit(dh_params); +} + +void doit(void) +{ + global_init(); + + try(); + gnutls_global_deinit(); +} diff --git a/tests/rehandshake-switch-cert-client-allow.c b/tests/rehandshake-switch-cert-client-allow.c new file mode 100644 index 0000000..a95be20 --- /dev/null +++ b/tests/rehandshake-switch-cert-client-allow.c @@ -0,0 +1,161 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +/* This test checks whether the client switching certificates is detected + * by the server */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#include "cert-common.h" + +static void try(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_dh_params_t dh_params; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_certificate_credentials_t clientx509cred2; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params(serverx509cred, dh_params); + + gnutls_init(&server, GNUTLS_SERVER|GNUTLS_ALLOW_ID_CHANGE); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_priority_set_direct(server, + "NORMAL:-VERS-ALL:+VERS-TLS1.2", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_key_mem(clientx509cred, &cli_cert, &cli_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_allocate_credentials(&clientx509cred2); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_key_mem(clientx509cred2, &server2_cert, &server2_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred2, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_kx_get(client) != GNUTLS_KX_RSA) { + fail("got unexpected key exchange algorithm: %s (expected RSA)\n", gnutls_kx_get_name(gnutls_kx_get(client))); + exit(1); + } + + /* switch server's certificate and rehandshake */ + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred2); + + HANDSHAKE(client, server); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + gnutls_certificate_free_credentials(clientx509cred2); + gnutls_dh_params_deinit(dh_params); +} + +void doit(void) +{ + global_init(); + + try(); + gnutls_global_deinit(); +} diff --git a/tests/rehandshake-switch-cert-client.c b/tests/rehandshake-switch-cert-client.c new file mode 100644 index 0000000..b6e17bc --- /dev/null +++ b/tests/rehandshake-switch-cert-client.c @@ -0,0 +1,161 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +/* This test checks whether the client switching certificates is detected + * by the server */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#include "cert-common.h" + +static void try(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_dh_params_t dh_params; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_certificate_credentials_t clientx509cred2; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params(serverx509cred, dh_params); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_priority_set_direct(server, + "NORMAL:-VERS-ALL:+VERS-TLS1.2", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_key_mem(clientx509cred, &cli_cert, &cli_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_allocate_credentials(&clientx509cred2); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_key_mem(clientx509cred2, &server2_cert, &server2_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred2, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_kx_get(client) != GNUTLS_KX_RSA) { + fail("got unexpected key exchange algorithm: %s (expected RSA)\n", gnutls_kx_get_name(gnutls_kx_get(client))); + exit(1); + } + + /* switch server's certificate and rehandshake */ + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred2); + + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_SESSION_USER_ID_CHANGED); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + gnutls_certificate_free_credentials(clientx509cred2); + gnutls_dh_params_deinit(dh_params); +} + +void doit(void) +{ + global_init(); + + try(); + gnutls_global_deinit(); +} diff --git a/tests/rehandshake-switch-cert.c b/tests/rehandshake-switch-cert.c new file mode 100644 index 0000000..c4c2c6c --- /dev/null +++ b/tests/rehandshake-switch-cert.c @@ -0,0 +1,148 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +/* This test checks whether the server switching certificates is detected + * by the client */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#include "cert-common.h" + +static void try(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_certificate_credentials_t serverx509cred2; + gnutls_dh_params_t dh_params; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_allocate_credentials(&serverx509cred2); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_x509_key_mem(serverx509cred2, + &server2_cert, &server2_key, + GNUTLS_X509_FMT_PEM); + + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params(serverx509cred, dh_params); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_priority_set_direct(server, + "NORMAL:-VERS-ALL:+VERS-TLS1.2", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_kx_get(client) != GNUTLS_KX_RSA) { + fail("got unexpected key exchange algorithm: %s (expected RSA)\n", gnutls_kx_get_name(gnutls_kx_get(client))); + exit(1); + } + + /* switch server's certificate and rehandshake */ + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred2); + + HANDSHAKE_EXPECT(client, server, GNUTLS_E_SESSION_USER_ID_CHANGED, GNUTLS_E_AGAIN); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(serverx509cred2); + gnutls_certificate_free_credentials(clientx509cred); + gnutls_dh_params_deinit(dh_params); +} + +void doit(void) +{ + global_init(); + + try(); + gnutls_global_deinit(); +} diff --git a/tests/rehandshake-switch-psk-id.c b/tests/rehandshake-switch-psk-id.c new file mode 100644 index 0000000..c8beec1 --- /dev/null +++ b/tests/rehandshake-switch-psk-id.c @@ -0,0 +1,191 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +/* This test checks whether the server switching certificates is detected + * by the client */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#include "cert-common.h" + +static int +pskfunc(gnutls_session_t session, const char *username, + gnutls_datum_t * key) +{ + if (debug) + printf("psk: username %s\n", username); + key->data = gnutls_malloc(4); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; +} + +static void try(const char *prio, gnutls_kx_algorithm_t kx, unsigned allow_change) +{ + int ret; + /* Server stuff. */ + gnutls_psk_server_credentials_t serverpskcred; + gnutls_dh_params_t dh_params; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_psk_client_credentials_t clientpskcred; + gnutls_psk_client_credentials_t clientpskcred2; + gnutls_session_t client; + const gnutls_datum_t key = { (void *) "DEADBEEF", 8 }; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_psk_allocate_server_credentials(&serverpskcred); + + gnutls_psk_set_server_credentials_function(serverpskcred, + pskfunc); + + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_psk_set_server_dh_params(serverpskcred, dh_params); + + if (allow_change) + gnutls_init(&server, GNUTLS_SERVER|GNUTLS_ALLOW_ID_CHANGE); + else + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_PSK, + serverpskcred); + + gnutls_priority_set_direct(server, + prio, + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_psk_allocate_client_credentials(&clientpskcred); + if (ret < 0) + exit(1); + + gnutls_psk_set_client_credentials(clientpskcred, "test1", &key, + GNUTLS_PSK_KEY_HEX); + + ret = gnutls_psk_allocate_client_credentials(&clientpskcred2); + if (ret < 0) + exit(1); + + gnutls_psk_set_client_credentials(clientpskcred2, "test2", &key, + GNUTLS_PSK_KEY_HEX); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_PSK, + clientpskcred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, prio, NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_kx_get(client) != kx) { + fail("got unexpected key exchange algorithm: %s (expected %s)\n", + gnutls_kx_get_name(gnutls_kx_get(client)), + gnutls_kx_get_name(kx)); + exit(1); + } + + /* switch client's username and rehandshake */ + ret = gnutls_credentials_set(client, GNUTLS_CRD_PSK, + clientpskcred2); + if (ret < 0) + exit(1); + + if (allow_change) { + HANDSHAKE(client, server); + } else { + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_SESSION_USER_ID_CHANGED); + } + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_psk_free_server_credentials(serverpskcred); + gnutls_psk_free_client_credentials(clientpskcred); + gnutls_psk_free_client_credentials(clientpskcred2); + gnutls_dh_params_deinit(dh_params); +} + +void doit(void) +{ + global_init(); + + /* Allow change of ID */ + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", GNUTLS_KX_PSK, 0); + reset_buffers(); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-PSK", GNUTLS_KX_DHE_PSK, 0); + reset_buffers(); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, 0); + reset_buffers(); + + /* Prohibit (default) change of ID */ + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+PSK", GNUTLS_KX_PSK, 1); + reset_buffers(); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-PSK", GNUTLS_KX_DHE_PSK, 1); + reset_buffers(); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, 1); + reset_buffers(); + gnutls_global_deinit(); +} diff --git a/tests/rehandshake-switch-srp-id.c b/tests/rehandshake-switch-srp-id.c new file mode 100644 index 0000000..0b56085 --- /dev/null +++ b/tests/rehandshake-switch-srp-id.c @@ -0,0 +1,273 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +#ifndef ENABLE_SRP + +void doit(void) +{ + exit(77); +} + +#else + +/* This test checks whether the server switching certificates is detected + * by the client */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#include "cert-common.h" + + +#define VERIF_TEST1 "CEqjUZBlkQCocfOR0E4AsPZKOFYPGjKFMHW7KDcnpE4sH4.iGMbkygb/bViRNjskF9/TQdD46Mvlt6pLs5MZoTn8mO3G.RGyXdWuIrhnVn29p41Cpc5RhTLaeUm3asW6LF60VTKnGERC0eB37xZUsaTpzmaTNdD4mOoYCN3bD9Y" +#define VERIF_TEST2 "EEbMk8afwXz/0oV5Yo9To7V6c6xkYid8meqEByxM33XjM4xeKUjeN7Ft2.xvjo4S6Js7mEs9Ov.uZtBp3ugCAbvl6G7bdfYF6z.tAD4mNYhH7iI7SwQy.ntmbJ3uJ1qB5MHW7ajSdWvA7l3SSsyyAVMe9HVQcxZKJRf4mzwm06s" + +#define SALT_TEST1 "3a3xX3Myzb9YJn5X0R7sbx" +#define SALT_TEST2 "25J9FArvl1ZDrTSFsvZ4Jb" + +#define PRIME "Ewl2hcjiutMd3Fu2lgFnUXWSc67TVyy2vwYCKoS9MLsrdJVT9RgWTCuEqWJrfB6uE3LsE9GkOlaZabS7M29sj5TnzUqOLJMjiwEzArfiLr9WbMRANlF68N5AVLcPWvNx6Zjl3m5Scp0BzJBz9TkgfhzKJZ.WtP3Mv/67I/0wmRZ" +gnutls_datum_t tprime = +{ + .data = (void*)PRIME, + .size = sizeof(PRIME)-1 +}; + +gnutls_datum_t test1_verif = +{ + .data = (void*)VERIF_TEST1, + .size = sizeof(VERIF_TEST1)-1 +}; + +gnutls_datum_t test2_verif = +{ + .data = (void*)VERIF_TEST2, + .size = sizeof(VERIF_TEST2)-1 +}; + +gnutls_datum_t test1_salt = +{ + .data = (void*)SALT_TEST1, + .size = sizeof(SALT_TEST1)-1 +}; + +gnutls_datum_t test2_salt = +{ + .data = (void*)SALT_TEST2, + .size = sizeof(SALT_TEST2)-1 +}; + +static int +srpfunc(gnutls_session_t session, const char *username, + gnutls_datum_t *salt, gnutls_datum_t *verifier, gnutls_datum_t *generator, gnutls_datum_t *prime) +{ + int ret; + if (debug) + printf("srp: username %s\n", username); + + generator->data = gnutls_malloc(1); + generator->data[0] = 2; + generator->size = 1; + + ret = gnutls_srp_base64_decode2(&tprime, prime); + if (ret < 0) + fail("error in gnutls_srp_base64_decode2 -prime\n"); + + if (strcmp(username, "test1") == 0) { + ret = gnutls_srp_base64_decode2(&test1_verif, verifier); + if (ret < 0) + fail("error in gnutls_srp_base64_decode2 -verif\n"); + + + ret = gnutls_srp_base64_decode2(&test1_salt, salt); + if (ret < 0) + fail("error in gnutls_srp_base64_decode2 -salt\n"); + } else if (strcmp(username, "test2") == 0) { + ret = gnutls_srp_base64_decode2(&test2_verif, verifier); + if (ret < 0) + fail("error in gnutls_srp_base64_decode2 -verif\n"); + + ret = gnutls_srp_base64_decode2(&test2_salt, salt); + if (ret < 0) + fail("error in gnutls_srp_base64_decode2 -salt\n"); + } else { + fail("Unknown username %s\n", username); + } + + return 0; +} + +static void try(const char *prio, gnutls_kx_algorithm_t kx, unsigned allow_change) +{ + int ret; + /* Server stuff. */ + gnutls_srp_server_credentials_t server_srp_cred; + gnutls_certificate_credentials_t server_x509_cred; + gnutls_dh_params_t dh_params; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t client_x509_cred; + gnutls_srp_client_credentials_t client_srp_cred; + gnutls_srp_client_credentials_t client_srp_cred2; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_srp_allocate_server_credentials(&server_srp_cred); + + gnutls_certificate_allocate_credentials(&server_x509_cred); + gnutls_certificate_set_x509_key_mem(server_x509_cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params(server_x509_cred, dh_params); + + gnutls_srp_set_server_credentials_function(server_srp_cred, srpfunc); + + if (allow_change) + gnutls_init(&server, GNUTLS_SERVER|GNUTLS_ALLOW_ID_CHANGE); + else + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_SRP, + server_srp_cred); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + server_x509_cred); + + gnutls_priority_set_direct(server, + prio, + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + gnutls_srp_allocate_client_credentials(&client_srp_cred); + gnutls_srp_allocate_client_credentials(&client_srp_cred2); + + gnutls_srp_set_client_credentials(client_srp_cred, "test1", "test"); + gnutls_srp_set_client_credentials(client_srp_cred2, "test2", "test"); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_SRP, client_srp_cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_allocate_credentials(&client_x509_cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(client_x509_cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + client_x509_cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, prio, NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_kx_get(client) != kx) { + fail("got unexpected key exchange algorithm: %s (expected %s)\n", + gnutls_kx_get_name(gnutls_kx_get(client)), + gnutls_kx_get_name(kx)); + exit(1); + } + + /* switch client's username and rehandshake */ + ret = gnutls_credentials_set(client, GNUTLS_CRD_SRP, client_srp_cred2); + if (ret < 0) + exit(1); + + if (allow_change) { + HANDSHAKE(client, server); + } else { + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_SESSION_USER_ID_CHANGED); + } + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(server_x509_cred); + gnutls_srp_free_server_credentials(server_srp_cred); + + gnutls_certificate_free_credentials(client_x509_cred); + gnutls_srp_free_client_credentials(client_srp_cred); + gnutls_srp_free_client_credentials(client_srp_cred2); + gnutls_dh_params_deinit(dh_params); +} + +void doit(void) +{ + global_init(); + /* Allow change of ID */ + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", GNUTLS_KX_SRP, 0); + reset_buffers(); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP-RSA", GNUTLS_KX_SRP_RSA, 0); + reset_buffers(); + + /* Prohibit (default) change of ID */ + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", GNUTLS_KX_SRP, 1); + reset_buffers(); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP-RSA", GNUTLS_KX_SRP_RSA, 1); + reset_buffers(); + gnutls_global_deinit(); +} + +#endif diff --git a/tests/resume-dtls.c b/tests/resume-dtls.c new file mode 100644 index 0000000..7232af2 --- /dev/null +++ b/tests/resume-dtls.c @@ -0,0 +1,587 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include +#include +#include +#include + +#include "utils.h" + +static void wrap_db_init(void); +static void wrap_db_deinit(void); +static int wrap_db_store(void *dbf, gnutls_datum_t key, + gnutls_datum_t data); +static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key); +static int wrap_db_delete(void *dbf, gnutls_datum_t key); + +#define TLS_SESSION_CACHE 50 + +struct params_res { + const char *desc; + int enable_db; + int enable_session_ticket_server; + int enable_session_ticket_client; + int expect_resume; +}; + +pid_t child; + +struct params_res resume_tests[] = { + {"try to resume from db", 50, 0, 0, 1}, + {"try to resume from session ticket", 0, 1, 1, 1}, + {"try to resume from session ticket (server only)", 0, 1, 0, 0}, + {"try to resume from session ticket (client only)", 0, 0, 1, 0}, + {NULL, -1} +}; + +/* A very basic TLS client, with anonymous authentication. + */ + +#define SESSIONS 2 +#define MAX_BUF 5*1024 +#define MSG "Hello TLS" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, + str); +} + +static void client(int sds[], struct params_res *params) +{ + int ret, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + /* Need to enable anonymous KX specifically. */ + + /* variables used in session resuming + */ + int t; + gnutls_datum_t session_data; + + if (debug) { + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(3); + } + global_init(); + + gnutls_anon_allocate_client_credentials(&anoncred); + + for (t = 0; t < SESSIONS; t++) { + int sd = sds[t]; + + /* Initialize TLS session + */ + gnutls_init(&session, + GNUTLS_CLIENT | GNUTLS_DATAGRAM); + + /* Use default priorities */ + if (params->enable_session_ticket_client) + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", + NULL); + else + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH:%NO_TICKETS", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + if (t > 0) { + /* if this is not the first time we connect */ + gnutls_session_set_data(session, session_data.data, + session_data.size); + gnutls_free(session_data.data); + } + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + gnutls_dtls_set_timeouts(session, get_dtls_retransmit_timeout(), get_timeout()); + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + gnutls_perror(ret); + fail("client: Handshake failed\n"); + goto end; + } else { + if (debug) + success + ("client: Handshake was completed\n"); + } + + if (t == 0) { /* the first time we connect */ + /* get the session data size */ + ret = + gnutls_session_get_data2(session, + &session_data); + if (ret < 0) + fail("Getting resume data failed\n"); + } else { /* the second time we connect */ + + /* check if we actually resumed the previous session */ + if (gnutls_session_is_resumed(session) != 0) { + if (params->expect_resume) { + if (debug) + success + ("- Previous session was resumed\n"); + } else + fail("- Previous session was resumed\n"); + } else { + if (params->expect_resume) { + fail("*** Previous session was NOT resumed\n"); + } else { + if (debug) + success + ("*** Previous session was NOT resumed (expected)\n"); + } + } + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + close(sd); + + gnutls_deinit(session); + } + + end: + gnutls_anon_free_client_credentials(anoncred); +} + +/* This is a sample TLS 1.0 echo server, for anonymous authentication only. + */ + +#define DH_BITS 1024 + +/* These are global */ + +static gnutls_dh_params_t dh_params; + +static int generate_dh_params(void) +{ + const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; + /* Generate Diffie-Hellman parameters - for use with DHE + * kx algorithms. These should be discarded and regenerated + * once a day, once a week or once a month. Depending on the + * security requirements. + */ + gnutls_dh_params_init(&dh_params); + return gnutls_dh_params_import_pkcs3(dh_params, &p3, + GNUTLS_X509_FMT_PEM); +} + +static char buffer[MAX_BUF + 1]; + +static void global_stop(void) +{ + if (debug) + success("global stop\n"); + + gnutls_dh_params_deinit(dh_params); + + gnutls_global_deinit(); +} + +static void server(int sds[], struct params_res *params) +{ + gnutls_anon_server_credentials_t anoncred; + static gnutls_datum_t session_ticket_key = { NULL, 0 }; + int ret; + size_t t; + gnutls_session_t session; + + /* this must be called once in the program, it is mostly for the server. + */ + if (debug) { + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(3); + } + + global_init(); + gnutls_anon_allocate_server_credentials(&anoncred); + + if (debug) + success("Launched, generating DH parameters...\n"); + + gnutls_anon_set_server_dh_params(anoncred, dh_params); + + if (params->enable_db) { + wrap_db_init(); + } + + if (params->enable_session_ticket_server) + gnutls_session_ticket_key_generate(&session_ticket_key); + + for (t = 0; t < SESSIONS; t++) { + int sd = sds[t]; + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_dh_set_prime_bits(session, DH_BITS); + + if (params->enable_db) { + gnutls_db_set_retrieve_function(session, wrap_db_fetch); + gnutls_db_set_remove_function(session, wrap_db_delete); + gnutls_db_set_store_function(session, wrap_db_store); + gnutls_db_set_ptr(session, NULL); + } + + if (params->enable_session_ticket_server) + gnutls_session_ticket_enable_server(session, + &session_ticket_key); + + gnutls_transport_set_int(session, sd); + gnutls_dtls_set_timeouts(session, get_dtls_retransmit_timeout(), get_timeout()); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && (ret == GNUTLS_E_INTERRUPTED||ret == GNUTLS_E_AGAIN)); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + kill(child, SIGTERM); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + kill(child, SIGTERM); + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + + gnutls_deinit(session); + } + + if (params->enable_db) { + wrap_db_deinit(); + } + + gnutls_free(session_ticket_key.data); + gnutls_anon_free_server_credentials(anoncred); + + if (debug) + success("server: finished\n"); +} + +void doit(void) +{ + int i, err; + + signal(SIGCHLD, SIG_IGN); + signal(SIGPIPE, SIG_IGN); + + generate_dh_params(); + + for (i = 0; resume_tests[i].desc; i++) { + int client_sds[SESSIONS], server_sds[SESSIONS]; + int j; + + printf("%s\n", resume_tests[i].desc); + + for (j = 0; j < SESSIONS; j++) { + int sockets[2]; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + server_sds[j] = sockets[0]; + client_sds[j] = sockets[1]; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status = 0; + /* parent */ + for (j = 0; j < SESSIONS; j++) + close(client_sds[j]); + server(server_sds, &resume_tests[i]); + wait(&status); + check_wait_status(status); + } else { + for (j = 0; j < SESSIONS; j++) + close(server_sds[j]); + client(client_sds, &resume_tests[i]); + gnutls_global_deinit(); + exit(0); + } + } + global_stop(); +} + +/* Functions and other stuff needed for session resuming. + * This is done using a very simple list which holds session ids + * and session data. + */ + +#define MAX_SESSION_ID_SIZE 32 +#define MAX_SESSION_DATA_SIZE 1024 + +typedef struct { + unsigned char session_id[MAX_SESSION_ID_SIZE]; + unsigned int session_id_size; + + char session_data[MAX_SESSION_DATA_SIZE]; + int session_data_size; +} CACHE; + +static CACHE *cache_db; +static int cache_db_ptr = 0; + +static void wrap_db_init(void) +{ + + /* allocate cache_db */ + cache_db = calloc(1, TLS_SESSION_CACHE * sizeof(CACHE)); +} + +static void wrap_db_deinit(void) +{ + free(cache_db); + cache_db = NULL; + return; +} + +static int +wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data) +{ + if (debug) + success("resume db storing... (%d-%d)\n", key.size, + data.size); + + if (debug) { + unsigned int i; + printf("key:\n"); + for (i = 0; i < key.size; i++) { + printf("%02x ", key.data[i] & 0xFF); + if ((i + 1) % 16 == 0) + printf("\n"); + } + printf("\n"); + printf("data:\n"); + for (i = 0; i < data.size; i++) { + printf("%02x ", data.data[i] & 0xFF); + if ((i + 1) % 16 == 0) + printf("\n"); + } + printf("\n"); + } + + if (cache_db == NULL) + return -1; + + if (key.size > MAX_SESSION_ID_SIZE) + return -1; + + if (data.size > MAX_SESSION_DATA_SIZE) + return -1; + + memcpy(cache_db[cache_db_ptr].session_id, key.data, key.size); + cache_db[cache_db_ptr].session_id_size = key.size; + + memcpy(cache_db[cache_db_ptr].session_data, data.data, data.size); + cache_db[cache_db_ptr].session_data_size = data.size; + + cache_db_ptr++; + cache_db_ptr %= TLS_SESSION_CACHE; + + return 0; +} + +static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key) +{ + gnutls_datum_t res = { NULL, 0 }; + unsigned i; + + if (debug) + success("resume db fetch... (%d)\n", key.size); + if (debug) { + printf("key:\n"); + for (i = 0; i < key.size; i++) { + printf("%02x ", key.data[i] & 0xFF); + if ((i + 1) % 16 == 0) + printf("\n"); + } + printf("\n"); + } + + if (cache_db == NULL) + return res; + + for (i = 0; i < TLS_SESSION_CACHE; i++) { + if (key.size == cache_db[i].session_id_size && + memcmp(key.data, cache_db[i].session_id, + key.size) == 0) { + if (debug) + success + ("resume db fetch... return info\n"); + + res.size = cache_db[i].session_data_size; + + res.data = gnutls_malloc(res.size); + if (res.data == NULL) + return res; + + memcpy(res.data, cache_db[i].session_data, + res.size); + + if (debug) { + unsigned j; + printf("data:\n"); + for (j = 0; j < res.size; j++) { + printf("%02x ", + res.data[j] & 0xFF); + if ((j + 1) % 16 == 0) + printf("\n"); + } + printf("\n"); + } + + return res; + } + } + + if (debug) + success("resume db fetch... NOT FOUND\n"); + return res; +} + +static int wrap_db_delete(void *dbf, gnutls_datum_t key) +{ + int i; + + if (cache_db == NULL) + return -1; + + for (i = 0; i < TLS_SESSION_CACHE; i++) { + if (key.size == cache_db[i].session_id_size && + memcmp(key.data, cache_db[i].session_id, + key.size) == 0) { + + cache_db[i].session_id_size = 0; + cache_db[i].session_data_size = 0; + + return 0; + } + } + + return -1; + +} + +#endif /* _WIN32 */ diff --git a/tests/resume-lifetime.c b/tests/resume-lifetime.c new file mode 100644 index 0000000..3e72039 --- /dev/null +++ b/tests/resume-lifetime.c @@ -0,0 +1,282 @@ +/* + * Copyright (C) 2016-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "virt-time.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This test checks whether the lifetime of a resumed session can + * be extended past the designated one */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +struct hsk_st { + unsigned sent_nst; /* whether the new session ticket was sent */ + unsigned sent_psk; /* whether the PSK extension was sent */ + unsigned sleep_at_finished; /* how long to wait at finished message reception */ + +}; + +static int ext_hook_func(void *ctx, unsigned tls_id, + const unsigned char *data, unsigned size) +{ + if (tls_id == 41) { + struct hsk_st *h = ctx; + h->sent_psk = 1; + } + return 0; +} + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + struct hsk_st *h = gnutls_session_get_ptr(session); + + if (htype == GNUTLS_HANDSHAKE_FINISHED && !incoming) { + if (h->sleep_at_finished) + virt_sec_sleep(h->sleep_at_finished); + return 0; + } else if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) { + gnutls_ext_raw_parse(h, ext_hook_func, msg, + GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO); + } + + if (htype != GNUTLS_HANDSHAKE_NEW_SESSION_TICKET) + return 0; + + if (h) + h->sent_nst = 1; + return 0; +} + +/* Returns true if resumed */ +static unsigned handshake(const char *prio, unsigned t, const gnutls_datum_t *sdata, + gnutls_datum_t *ndata, + gnutls_datum_t *skey, + struct hsk_st *h) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + char buf[128]; + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&server, GNUTLS_SERVER)>=0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_session_set_ptr(server, h); + + gnutls_db_set_cache_expiration(server, t); + assert(gnutls_session_ticket_enable_server(server, skey) >= 0); + + gnutls_handshake_set_hook_function(server, -1, + GNUTLS_HOOK_POST, + handshake_callback); + + assert(gnutls_certificate_allocate_credentials(&clientx509cred)>=0); + assert(gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM)>=0); + assert(gnutls_init(&client, GNUTLS_CLIENT)>=0); + + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred)>=0); + + assert(gnutls_priority_set_direct(client, prio, NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + if (sdata) { + assert(gnutls_session_set_data(client, sdata->data, sdata->size)>=0); + } + + memset(buf, 0, sizeof(buf)); + ret = gnutls_session_set_data(client, buf, sizeof(buf)); + if (ret != GNUTLS_E_DB_ERROR) { + fail("unexpected error: %s\n", gnutls_strerror(ret)); + } + + HANDSHAKE(client, server); + + gnutls_record_recv(client, buf, sizeof(buf)); + + if (ndata) { + ret = gnutls_session_get_data2(client, ndata); + if (ret < 0) { + fail("unexpected error: %s\n", gnutls_strerror(ret)); + } + } + + ret = gnutls_session_is_resumed(client); + + gnutls_deinit(server); + gnutls_deinit(client); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + reset_buffers(); + return ret; +} + +/* @t is the lifetime of the first ticket, @s is the + * time to wait before asking for a ticket the last try */ +static void start(const char *name, const char *prio, unsigned t, unsigned s) +{ + gnutls_datum_t sdata, ndata, skey; + unsigned ret; + struct hsk_st h; + memset(&h, 0, sizeof(h)); + + success("trying %s\n", name); + + assert(gnutls_session_ticket_key_generate(&skey)>=0); + + /* step1: get a fresh ticket */ + ret = handshake(prio, t, NULL, &sdata, &skey, &h); + assert(ret == 0); + assert(h.sent_nst != 0); + memset(&h, 0, sizeof(h)); + + if (debug) + success("completed first handshake\n"); + + if (s) + virt_sec_sleep(s); + + /* step2: get a ticket from the resumed session of the first */ + ret = handshake(prio, t, &sdata, &ndata, &skey, &h); + assert(ret != 0); + assert(h.sent_nst != 0); + memset(&h, 0, sizeof(h)); + + /* wait until the ticket we got in step1 is invalid, although + * the ticket we got in step2 is valid */ + + if (debug) + success("completed second handshake\n"); + + if (s) + virt_sec_sleep(s); + + ret = handshake(prio, t, &ndata, NULL, &skey, &h); + + if (s) { + if (ret != 0) + fail("server resumed session even if ticket expired!\n"); + + /* we shouldn't have sent the PSK extension as the ticket was expired */ + assert(h.sent_psk == 0); + } + + gnutls_free(ndata.data); + gnutls_free(sdata.data); + gnutls_free(skey.data); +} + +/* @t is the lifetime of the first ticket, @s is the + * time to wait before asking for a ticket the last try + * + * This makes the ticket to expire during handshake (after resumtion), + * but before the client receives the new session ticket. In that + * case the server shouldn't send a session ticket. + */ +static void start2(const char *name, const char *prio, unsigned t, unsigned s) +{ + gnutls_datum_t sdata, ndata, skey; + unsigned ret; + struct hsk_st h; + memset(&h, 0, sizeof(h)); + + success("trying %s\n", name); + + assert(gnutls_session_ticket_key_generate(&skey)>=0); + + /* step1: get a fresh ticket */ + ret = handshake(prio, t, NULL, &sdata, &skey, &h); + assert(ret == 0); + assert(h.sent_nst != 0); + memset(&h, 0, sizeof(h)); + + /* step2: get a ticket from the resumed session of the first */ + ret = handshake(prio, t, &sdata, &ndata, &skey, &h); + assert(ret != 0); + assert(h.sent_nst != 0); + memset(&h, 0, sizeof(h)); + + /* wait until the ticket we got in step1 is invalid, although + * the ticket we got in step2 is valid */ + + if (s) + h.sleep_at_finished = s; + + ret = handshake(prio, t, &ndata, NULL, &skey, &h); + + assert(ret != 0); + if (h.sent_nst != 0) + fail("server sent session ticket even if ticket expired!\n"); + + gnutls_free(ndata.data); + gnutls_free(sdata.data); + gnutls_free(skey.data); +} + +void doit(void) +{ + virt_time_init(); + + start("TLS1.3 sanity", "NORMAL:-VERS-ALL:+VERS-TLS1.3", 64, 0); + start("TLS1.3 ticket extension", "NORMAL:-VERS-ALL:+VERS-TLS1.3", 5, 3); + start2("TLS1.3 ticket extension - expires at handshake", "NORMAL:-VERS-ALL:+VERS-TLS1.3", 2, 3); +} diff --git a/tests/resume-with-false-start.c b/tests/resume-with-false-start.c new file mode 100644 index 0000000..69307eb --- /dev/null +++ b/tests/resume-with-false-start.c @@ -0,0 +1,149 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1461671166; + + if (t) + *t = then; + + return then; +} + +void doit(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + gnutls_datum_t data; + char buf[128]; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_global_set_time_function(mytime); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_set_default_priority(server); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT|GNUTLS_ENABLE_FALSE_START); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + assert(gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + memset(buf, 0, sizeof(buf)); + ret = gnutls_session_set_data(client, buf, sizeof(buf)); + if (ret != GNUTLS_E_DB_ERROR) { + fail("unexpected error: %s\n", gnutls_strerror(ret)); + } + + HANDSHAKE(client, server); + + /* try obtaining the resumption data. This should fail because + * the handshake is not yet complete (due to false start) */ + ret = gnutls_session_get_data2(client, &data); + if (ret != GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE) { + fail("unexpected error: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_record_recv(client, buf, sizeof(buf)); + if (ret < 0 && ret != GNUTLS_E_AGAIN) { + fail("unexpected error: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_session_get_data2(client, &data); + if (ret != 0) { + fail("unexpected error: %s\n", gnutls_strerror(ret)); + } + gnutls_free(data.data); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} diff --git a/tests/resume-with-previous-stek.c b/tests/resume-with-previous-stek.c new file mode 100644 index 0000000..94f1656 --- /dev/null +++ b/tests/resume-with-previous-stek.c @@ -0,0 +1,257 @@ +/* + * Copyright (C) 2018 Free Software Foundation, Inc. + * + * Author: Ander Juaristi + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) +int main(int argc, char **argv) +{ + exit(77); +} +#else + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "virt-time.h" + +#define TICKET_EXPIRATION 1 /* seconds */ +#define TICKET_ROTATION_PERIOD 3 /* seconds */ + +unsigned num_stek_rotations; + +static void stek_rotation_callback(const gnutls_datum_t *prev_key, + const gnutls_datum_t *new_key, + uint64_t t) +{ + num_stek_rotations++; + success("STEK was rotated!\n"); +} + +static int client_handshake(gnutls_session_t session, gnutls_datum_t *session_data, + int resume) +{ + int ret; + + if (resume) { + if ((ret = gnutls_session_set_data(session, + session_data->data, + session_data->size)) < 0) { + fail("client: Could not get session data\n"); + } + } + + do { + ret = gnutls_handshake(session); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("client: Handshake failed\n"); + } else { + success("client: Handshake was completed\n"); + } + + if (gnutls_session_is_resumed(session)) + fail("client: Session was resumed (but should not)\n"); + else + success("client: Success: Session was NOT resumed\n"); + + if (!resume) { + if ((ret = gnutls_session_get_data2(session, session_data)) < 0) { + fail("client: Could not get session data\n"); + } + } + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + return 0; +} + +static void client(int fd, int *resume, unsigned rounds, const char *prio) +{ + gnutls_session_t session; + gnutls_datum_t session_data = { NULL, 0 }; + gnutls_certificate_credentials_t clientx509cred = NULL; + + for (unsigned i = 0; i < rounds; i++) { + assert(gnutls_certificate_allocate_credentials(&clientx509cred)>=0); + + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_transport_set_int(session, fd); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Perform TLS handshake and obtain session ticket */ + if (client_handshake(session, &session_data, + resume[i]) < 0) + return; + + if (clientx509cred) { + gnutls_certificate_free_credentials(clientx509cred); + clientx509cred = NULL; + } + + gnutls_deinit(session); + } +} + +typedef void (* gnutls_stek_rotation_callback_t) (const gnutls_datum_t *prev_key, + const gnutls_datum_t *new_key, + uint64_t t); +void _gnutls_set_session_ticket_key_rotation_callback(gnutls_session_t session, + gnutls_stek_rotation_callback_t cb); + +static void server(int fd, unsigned rounds, const char *prio) +{ + int retval; + gnutls_session_t session; + gnutls_datum_t session_ticket_key = { NULL, 0 }; + gnutls_certificate_credentials_t serverx509cred = NULL; + + virt_time_init(); + + if (gnutls_session_ticket_key_generate(&session_ticket_key) < 0) { + fail("server: Could not generate session ticket key\n"); + } + + for (unsigned i = 0; i < rounds; i++) { + assert(gnutls_init(&session, GNUTLS_SERVER)>=0); + + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + retval = gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + if (retval < 0) + fail("error setting key: %s\n", gnutls_strerror(retval)); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, serverx509cred); + + gnutls_db_set_cache_expiration(session, TICKET_EXPIRATION); + _gnutls_set_session_ticket_key_rotation_callback(session, stek_rotation_callback); + + retval = gnutls_session_ticket_enable_server(session, + &session_ticket_key); + if (retval != GNUTLS_E_SUCCESS) { + fail("server: Could not enable session tickets: %s\n", gnutls_strerror(retval)); + } + + gnutls_transport_set_int(session, fd); + gnutls_handshake_set_timeout(session, get_timeout()); + + virt_sec_sleep(TICKET_ROTATION_PERIOD-1); + + do { + retval = gnutls_handshake(session); + } while (retval == GNUTLS_E_AGAIN || retval == GNUTLS_E_INTERRUPTED); + + if (retval < 0) { + fail("server: Handshake failed: %s\n", gnutls_strerror(retval)); + } else { + success("server: Handshake was completed\n"); + } + + if (gnutls_session_is_resumed(session)) + fail("server: Session was resumed (but should not)\n"); + else + success("server: Success: Session was NOT resumed\n"); + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + gnutls_deinit(session); + gnutls_certificate_free_credentials(serverx509cred); + serverx509cred = NULL; + } + + if (num_stek_rotations != 3) + fail("STEK should be rotated exactly three times (%d)!\n", num_stek_rotations); + + if (serverx509cred) + gnutls_certificate_free_credentials(serverx509cred); + gnutls_free(session_ticket_key.data); +} + +static void run(const char *name, const char *prio, int resume[], int rounds) +{ + pid_t child; + int retval, sockets[2], status = 0; + + success("\ntesting %s\n\n", name); + + retval = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (retval == -1) { + perror("socketpair"); + fail("socketpair failed"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork failed"); + return; + } + + if (child) { + /* We are the parent */ + close(sockets[1]); + server(sockets[0], rounds, prio); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + /* We are the child */ + close(sockets[0]); + client(sockets[1], resume, rounds, prio); + exit(0); + } +} + +void doit(void) +{ + int resume[] = { 0, 1, 0 }; + + signal(SIGCHLD, SIG_IGN); + signal(SIGPIPE, SIG_IGN); + + num_stek_rotations = 0; + run("tls1.2 resumption", "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0", resume, 3); + + num_stek_rotations = 0; + run("tls1.3 resumption", "NORMAL:-VERS-ALL:+VERS-TLS1.3", resume, 3); +} + +#endif + diff --git a/tests/resume-with-record-size-limit.c b/tests/resume-with-record-size-limit.c new file mode 100644 index 0000000..d805db4 --- /dev/null +++ b/tests/resume-with-record-size-limit.c @@ -0,0 +1,424 @@ +/* + * Copyright (C) 2004-2016 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * Copyright (C) 2016-2019 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "virt-time.h" + +#define SKIP8(pos, total) { \ + uint8_t _s; \ + if (pos+1 > total) fail("error\n"); \ + _s = msg->data[pos]; \ + if ((size_t)(pos+1+_s) > total) fail("error\n"); \ + pos += 1+_s; \ + } + +pid_t child; + +/* A very basic TLS client, with anonymous authentication. + */ + +#define SESSIONS 2 +#define MAX_BUF 5*1024 +#define MSG "Hello TLS" + +/* 2^13, which is not supported by max_fragment_length */ +#define MAX_DATA_SIZE 8192 + +#define HANDSHAKE_SESSION_ID_POS (2+32) + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, + str); +} + +static int ext_callback(void *ctx, unsigned tls_id, const unsigned char *data, unsigned size) +{ + if (tls_id == 28) { /* record size limit */ + uint16_t max_data_size; + + assert(size == 2); + max_data_size = (data[0] << 8) | data[1]; + if (max_data_size == MAX_DATA_SIZE) + fail("record_size_limit is not reset: %u == %u\n", + max_data_size, MAX_DATA_SIZE); + } + return 0; +} + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + int ret; + unsigned pos; + gnutls_datum_t mmsg; + + if (!post) + return 0; + + switch (htype) { + case GNUTLS_HANDSHAKE_ENCRYPTED_EXTENSIONS: + ret = gnutls_ext_raw_parse(NULL, ext_callback, msg, 0); + assert(ret >= 0); + break; + case GNUTLS_HANDSHAKE_SERVER_HELLO: + assert(msg->size >= HANDSHAKE_SESSION_ID_POS); + pos = HANDSHAKE_SESSION_ID_POS; + SKIP8(pos, msg->size); + pos += 3; + + mmsg.data = &msg->data[pos]; + mmsg.size = msg->size - pos; + ret = gnutls_ext_raw_parse(NULL, ext_callback, &mmsg, 0); + assert(ret >= 0); + break; + default: + break; + } + return 0; +} + +static void client(int sds[], const char *prio) +{ + int ret, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t clientx509cred; + + /* variables used in session resuming + */ + int t; + gnutls_datum_t session_data = {NULL, 0}; + + if (debug) { + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4); + } + + gnutls_certificate_allocate_credentials(&clientx509cred); + + assert(gnutls_certificate_set_x509_key_mem(clientx509cred, + &cli_cert, &cli_key, + GNUTLS_X509_FMT_PEM) >= 0); + + for (t = 0; t < SESSIONS; t++) { + int sd = sds[t]; + + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + + ret = gnutls_priority_set_direct(session, prio, NULL); + if (ret < 0) { + fail("prio: %s\n", gnutls_strerror(ret)); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, clientx509cred); + + if (t == 0) { + ret = gnutls_record_set_max_size(session, MAX_DATA_SIZE); + if (ret < 0) + fail("gnutls_set_max_size: %s\n", gnutls_strerror(ret)); + } + + if (t > 0) { + /* if this is not the first time we connect */ + gnutls_session_set_data(session, session_data.data, + session_data.size); + + gnutls_handshake_set_hook_function(session, + GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_POST, + handshake_callback); + } + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + gnutls_handshake_set_timeout(session, get_timeout()); + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + break; + } else { + if (debug) + success + ("client: Handshake was completed\n"); + } + + if (t == 0) { + /* get the session data size */ + ret = + gnutls_session_get_data2(session, + &session_data); + if (ret < 0) + fail("Getting resume data failed\n"); + + } else { /* the second time we connect */ + /* check if we actually resumed the previous session */ + if (gnutls_session_is_resumed(session) == 0) { + fail("- Previous session was resumed but NOT expected\n"); + } + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + break; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + close(sd); + + gnutls_deinit(session); + } + gnutls_free(session_data.data); + + gnutls_certificate_free_credentials(clientx509cred); +} + +/* These are global */ +static gnutls_datum_t session_ticket_key = { NULL, 0 }; + + +gnutls_certificate_credentials_t serverx509cred; + +static void global_stop(void) +{ + if (debug) + success("global stop\n"); + + gnutls_certificate_free_credentials(serverx509cred); +} + +static void server(int sds[], const char *prio) +{ + int t; + int ret; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + unsigned iflags = GNUTLS_SERVER; + + virt_time_init(); + + /* this must be called once in the program, it is mostly for the server. + */ + if (debug) { + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4); + } + + gnutls_certificate_allocate_credentials(&serverx509cred); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_session_ticket_key_generate(&session_ticket_key); + + for (t = 0; t < SESSIONS; t++) { + int sd = sds[t]; + + assert(gnutls_init(&session, iflags) >= 0); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + + gnutls_session_ticket_enable_server(session, + &session_ticket_key); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, serverx509cred); + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + kill(child, SIGTERM); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + if (t > 0) { + ret = gnutls_session_is_resumed(session); + if (ret == 0) { + fail("server: session_is_resumed error (%d)\n", t); + } + } + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + kill(child, SIGTERM); + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + + gnutls_deinit(session); + } + + gnutls_free(session_ticket_key.data); + session_ticket_key.data = NULL; + + if (debug) + success("server: finished\n"); +} + +static void run(const char *prio) +{ + int client_sds[SESSIONS], server_sds[SESSIONS]; + int j; + int err; + + signal(SIGCHLD, SIG_IGN); + signal(SIGPIPE, SIG_IGN); + + for (j = 0; j < SESSIONS; j++) { + int sockets[2]; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + server_sds[j] = sockets[0]; + client_sds[j] = sockets[1]; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork\n"); + return; + } + + if (child) { + int status = 0; + /* parent */ + for (j = 0; j < SESSIONS; j++) + close(client_sds[j]); + server(server_sds, prio); + + waitpid(child, &status, 0); + check_wait_status(status); + global_stop(); + } else { + for (j = 0; j < SESSIONS; j++) + close(server_sds[j]); + client(client_sds, prio); + exit(0); + } +} + +void doit(void) +{ + run("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + run("NORMAL:-VERS-ALL:+VERS-TLS1.3"); +} + +#endif /* _WIN32 */ diff --git a/tests/resume-with-stek-expiration.c b/tests/resume-with-stek-expiration.c new file mode 100644 index 0000000..d913151 --- /dev/null +++ b/tests/resume-with-stek-expiration.c @@ -0,0 +1,328 @@ +/* + * Copyright (C) 2018 Free Software Foundation, Inc. + * + * Author: Ander Juaristi + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) +int main(int argc, char **argv) +{ + exit(77); +} +#else + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "virt-time.h" + +/* + * This will set the following values: + * + * - Ticket key expiration: 1 second. + * - Session ticket key rotation period: 3 seconds. + */ +#define TICKET_EXPIRATION 1 /* seconds */ + +unsigned num_stek_rotations; + +static void stek_rotation_callback(const gnutls_datum_t *prev_key, + const gnutls_datum_t *new_key, + uint64_t t) +{ + num_stek_rotations++; + success("STEK was rotated!\n"); +} + +typedef void (* gnutls_stek_rotation_callback_t) (const gnutls_datum_t *prev_key, + const gnutls_datum_t *new_key, + uint64_t t); +void _gnutls_set_session_ticket_key_rotation_callback(gnutls_session_t session, + gnutls_stek_rotation_callback_t cb); + +static int handshake(gnutls_session_t session, gnutls_datum_t *session_data, + int resumption_should_succeed) +{ + int ret; + + do { + ret = gnutls_handshake(session); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + gnutls_perror(ret); + fail("client: Handshake failed\n"); + } else { + success("client: Handshake was completed\n"); + } + + if (gnutls_session_is_resumed(session)) { + if (!resumption_should_succeed) + fail("client: Session was resumed (but should not)\n"); + else + success("client: Success: Session was resumed\n"); + } else { + if (resumption_should_succeed) + fail("client: Session was not resumed (but should)\n"); + else + success("client: Success: Session was NOT resumed\n"); + } + + ret = gnutls_session_get_data2(session, session_data); + if (ret < 0) { + gnutls_perror(ret); + fail("client: Could not get session data\n"); + } + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + return 0; +} + +static int resume_and_close(gnutls_session_t session, gnutls_datum_t *session_data, + int resumption_should_succeed) +{ + int ret; + + ret = gnutls_session_set_data(session, session_data->data, session_data->size); + if (ret < 0) { + gnutls_perror(ret); + fail("client: Could not get session data\n"); + } + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && !gnutls_error_is_fatal(ret)); + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + success("client: Handshake was completed\n"); + } + + if (gnutls_session_is_resumed(session)) { + if (!resumption_should_succeed) + fail("client: Session was resumed (but should not)\n"); + else + success("client: Success: Session was resumed\n"); + } else { + if (resumption_should_succeed) + fail("client: Session was not resumed (but should)\n"); + else + success("client: Success: Session was NOT resumed\n"); + } + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + return 0; +} + +static void client(int fd, int *resumption_should_succeed, unsigned num_sessions, const char *prio) +{ + gnutls_session_t session; + gnutls_datum_t session_data; + gnutls_certificate_credentials_t clientx509cred = NULL; + + gnutls_certificate_allocate_credentials(&clientx509cred); + + /* Initialize TLS layer */ + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_priority_set_direct(session, prio, NULL); + + /* put the anonymous credentials to the current session */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_transport_set_int(session, fd); + gnutls_handshake_set_timeout(session, get_timeout()); + + if (handshake(session, &session_data, resumption_should_succeed[0]) < 0) + return; + + if (clientx509cred) + gnutls_certificate_free_credentials(clientx509cred); + gnutls_deinit(session); + + for (unsigned i = 1; i < num_sessions; i++) { + assert(gnutls_certificate_allocate_credentials(&clientx509cred)>=0); + + /* Initialize TLS layer */ + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + /* put the anonymous credentials to the current session */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_transport_set_int(session, fd); + + if (resume_and_close(session, &session_data, resumption_should_succeed[i]) < 0) + return; + + if (clientx509cred) + gnutls_certificate_free_credentials(clientx509cred); + gnutls_deinit(session); + } +} + +static void server(int fd, int *resumption_should_succeed, unsigned num_sessions, const char *prio) +{ + int retval; + gnutls_session_t session; + gnutls_certificate_credentials_t serverx509cred; + gnutls_datum_t session_ticket_key = { NULL, 0 }; + + virt_time_init(); + + if (gnutls_session_ticket_key_generate(&session_ticket_key) < 0) + fail("server: Could not generate session ticket key\n"); + + for (unsigned i = 0; i < num_sessions; i++) { + if ((retval = gnutls_init(&session, GNUTLS_SERVER)) < 0) { + gnutls_perror(retval); + fail("gnutls_init() failed\n"); + } + + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, serverx509cred); + + retval = gnutls_session_ticket_enable_server(session, &session_ticket_key); + if (retval != GNUTLS_E_SUCCESS) { + gnutls_perror(retval); + fail("server: Could not enable session tickets\n"); + } + + + gnutls_db_set_cache_expiration(session, TICKET_EXPIRATION); + + _gnutls_set_session_ticket_key_rotation_callback(session, stek_rotation_callback); + + gnutls_transport_set_int(session, fd); + gnutls_handshake_set_timeout(session, get_timeout()); + + do { + retval = gnutls_handshake(session); + } while(retval == GNUTLS_E_AGAIN || retval == GNUTLS_E_INTERRUPTED); + + if (retval < 0) { + fail("server: Handshake failed: %s\n", gnutls_strerror(retval)); + } else { + success("server: Handshake was completed\n"); + } + + if (gnutls_session_is_resumed(session)) { + if (!resumption_should_succeed[i]) + fail("server: Session was resumed (but should not)\n"); + else + success("server: Success: Session was resumed\n"); + } else { + if (resumption_should_succeed[i]) + fail("server: Session was not resumed (but should)\n"); + else + success("server: Success: Session was NOT resumed\n"); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + gnutls_deinit(session); + gnutls_certificate_free_credentials(serverx509cred); + serverx509cred = NULL; + + if (i != 0) + virt_sec_sleep(TICKET_EXPIRATION); + } + + if (num_stek_rotations != 4) + fail("STEK should be rotated exactly 4 times!\n"); + + if (serverx509cred) + gnutls_certificate_free_credentials(serverx509cred); + gnutls_free(session_ticket_key.data); +} + +static void run(const char *name, const char *prio, int resumption_should_succeed[], int rounds) +{ + pid_t child; + int retval, sockets[2], status = 0; + + success("\ntesting %s\n\n", name); + + retval = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (retval == -1) { + perror("socketpair"); + fail("socketpair failed"); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork failed"); + } + + if (child) { + /* We are the parent */ + close(sockets[1]); + server(sockets[0], resumption_should_succeed, rounds, prio); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + /* We are the child */ + close(sockets[0]); + client(sockets[1], resumption_should_succeed, rounds, prio); + exit(0); + } +} + +void doit(void) +{ + int resumption_should_succeed[] = { 0, 1, 1, 0 }; + + signal(SIGCHLD, SIG_IGN); + signal(SIGPIPE, SIG_IGN); + + num_stek_rotations = 0; + run("tls1.2 resumption", "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0", + resumption_should_succeed, 4); + + num_stek_rotations = 0; + run("tls1.3 resumption", "NORMAL:-VERS-ALL:+VERS-TLS1.3", + resumption_should_succeed, 4); +} + +#endif diff --git a/tests/resume.c b/tests/resume.c new file mode 100644 index 0000000..93838c0 --- /dev/null +++ b/tests/resume.c @@ -0,0 +1,1159 @@ +/* + * Copyright (C) 2004-2016 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * Copyright (C) 2016-2018 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "virt-time.h" + +static void wrap_db_init(void); +static void wrap_db_deinit(void); +static int wrap_db_store(void *dbf, gnutls_datum_t key, + gnutls_datum_t data); +static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key); +static int wrap_db_delete(void *dbf, gnutls_datum_t key); + +#define TLS_SESSION_CACHE 50 + +enum session_ticket_enablement { + ST_NONE = 0, + ST_ALL, + ST_TLS13_ONLY +}; + +struct params_res { + const char *desc; + int enable_db; + enum session_ticket_enablement enable_session_ticket_server; + enum session_ticket_enablement enable_session_ticket_client; + int expect_resume; + int call_post_client_hello; + int client_cert; + int first_no_ext_master; + int second_no_ext_master; + int try_alpn; + int try_resumed_data; + int try_diff_sni; + int try_sni; + int expire_ticket; + int change_ciphersuite; + int early_start; + int no_early_start; +}; + +pid_t child; + +struct params_res resume_tests[] = { +#ifndef TLS13 + {.desc = "try to resume from db", + .enable_db = 1, + .enable_session_ticket_server = ST_NONE, + .enable_session_ticket_client = ST_NONE, + .expect_resume = 1}, + {.desc = "try to resume from db with post_client_hello", + .enable_db = 1, + .enable_session_ticket_server = ST_NONE, + .enable_session_ticket_client = ST_NONE, + .call_post_client_hello = 1, + .expect_resume = 1}, + {.desc = "try to resume from db using resumed session's data", + .enable_db = 1, + .enable_session_ticket_server = ST_NONE, + .enable_session_ticket_client = ST_NONE, + .try_resumed_data = 1, + .expect_resume = 1}, + {.desc = "try to resume from db and check ALPN", + .enable_db = 1, + .enable_session_ticket_server = ST_NONE, + .enable_session_ticket_client = ST_NONE, + .try_alpn = 1, + .expect_resume = 1}, + {.desc = "try to resume from db (ext master secret -> none)", + .enable_db = 1, + .enable_session_ticket_server = ST_NONE, + .enable_session_ticket_client = ST_NONE, + .expect_resume = 0, + .first_no_ext_master = 0, + .second_no_ext_master = 1}, + {.desc = "try to resume from db (none -> ext master secret)", + .enable_db = 1, + .enable_session_ticket_server = ST_NONE, + .enable_session_ticket_client = ST_NONE, + .expect_resume = 0, + .first_no_ext_master = 1, + .second_no_ext_master = 0}, +#endif +#if defined(TLS13) + /* only makes sense under TLS1.3 as negotiation involves a new + * handshake with different parameters */ + {.desc = "try to resume from session ticket (different cipher order)", + .enable_db = 0, + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .change_ciphersuite = 1, + .expect_resume = 1}, + {.desc = "try to resume from session ticket with post_client_hello", + .enable_db = 0, + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .call_post_client_hello = 1, + .expect_resume = 1}, +#endif +#if defined(TLS13) && !defined(USE_PSK) + {.desc = "try to resume from session ticket (early start)", + .enable_db = 0, + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .early_start = 1, + .expect_resume = 1}, +#endif +#if defined(TLS13) && defined(USE_PSK) + /* early start should no happen on PSK. */ + {.desc = "try to resume from session ticket (early start)", + .enable_db = 0, + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .no_early_start = 1, + .expect_resume = 1}, +#endif + {.desc = "try to resume from session ticket", + .enable_db = 0, + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .expect_resume = 1}, +#ifdef TLS13 + {.desc = "try to resume from session ticket (session ticket disabled for TLS 1.2)", + .enable_db = 0, + .enable_session_ticket_server = ST_TLS13_ONLY, + .enable_session_ticket_client = ST_TLS13_ONLY, + .expect_resume = 1}, +#else + {.desc = "try to resume from session ticket (session ticket disabled for TLS 1.2)", + .enable_db = 0, + .enable_session_ticket_server = ST_TLS13_ONLY, + .enable_session_ticket_client = ST_TLS13_ONLY, + .expect_resume = 0}, +#endif + {.desc = "try to resume from session ticket (client cert)", + .enable_db = 0, + .client_cert = 1, + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .expect_resume = 1}, + {.desc = "try to resume from session ticket (expired)", + .enable_db = 0, + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .expire_ticket = 1, + .expect_resume = 0}, + {.desc = "try to resume from session ticket using resumed session's data", + .enable_db = 0, + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .try_resumed_data = 1, + .expect_resume = 1}, +#ifndef TLS13 + {.desc = "try to resume from session ticket (ext master secret -> none)", + .enable_db = 0, + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .expect_resume = 0, + .first_no_ext_master = 0, + .second_no_ext_master = 1}, + {.desc = "try to resume from session ticket (none -> ext master secret)", + .enable_db = 0, + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .expect_resume = 0, + .first_no_ext_master = 1, + .second_no_ext_master = 0}, + {.desc = "try to resume from session ticket (server only)", + .enable_db = 0, + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_NONE, + .expect_resume = 0}, + {.desc = "try to resume from session ticket (client only)", + .enable_db = 0, + .enable_session_ticket_server = ST_NONE, + .enable_session_ticket_client = ST_ALL, + .expect_resume = 0}, + {.desc = "try to resume from db and ticket", + .enable_db = 1, + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .expect_resume = 1}, + {.desc = "try to resume from db and different SNI", + .enable_db = 1, + .try_sni = 1, + .try_diff_sni = 1, + .expect_resume = 0}, + {.desc = "try to resume with ticket and different SNI", + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .try_sni = 1, + .try_diff_sni = 1, + .expect_resume = 0}, + {.desc = "try to resume from db and same SNI", + .enable_db = 1, + .try_sni = 1, + .expect_resume = 1}, +#endif + {.desc = "try to resume with ticket and same SNI", + .enable_session_ticket_server = ST_ALL, + .enable_session_ticket_client = ST_ALL, + .try_sni = 1, + .expect_resume = 1}, + {NULL, -1} +}; + +/* A very basic TLS client, with anonymous authentication. + */ + +#define SESSIONS 3 +#define MAX_BUF 5*1024 +#define MSG "Hello TLS" + +#define HANDSHAKE_SESSION_ID_POS (2+32) + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, + str); +} + +static int post_client_hello_callback(gnutls_session_t session) +{ + /* switches the supported ciphersuites to something compatible */ + assert(gnutls_priority_set_direct(session, gnutls_session_get_ptr(session), NULL) >= 0); + return 0; +} + +static int hsk_hook_cb(gnutls_session_t session, unsigned int htype, unsigned post, + unsigned int incoming, const gnutls_datum_t *_msg) +{ + unsigned size; + gnutls_datum_t msg = {_msg->data, _msg->size}; + + /* skip up to session ID */ + if (msg.size <= HANDSHAKE_SESSION_ID_POS+6) { + fail("Cannot parse server hello\n"); + return -1; + } + + msg.data += HANDSHAKE_SESSION_ID_POS; + msg.size -= HANDSHAKE_SESSION_ID_POS; + size = msg.data[0]; + + if (msg.size <= size) { + fail("Cannot parse server hello 2\n"); + return -1; + } + + msg.data += size; + msg.size -= size; + + if (memmem(msg.data, msg.size, "\x00\x17\x00\x00", 4) == 0) { + fail("Extended master secret extension was not found in resumed session hello\n"); + exit(1); + } + return 0; +} + +static void append_alpn(gnutls_session_t session, struct params_res *params, unsigned alpn_counter) +{ + gnutls_datum_t protocol; + int ret; + char str[64]; + + if (!params->try_alpn) + return; + + snprintf(str, sizeof(str), "myproto-%d", alpn_counter); + + protocol.data = (void*)str; + protocol.size = strlen(str); + + ret = gnutls_alpn_set_protocols(session, &protocol, 1, 0); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } +} + +static void verify_alpn(gnutls_session_t session, struct params_res *params, unsigned alpn_counter) +{ + int ret; + gnutls_datum_t selected; + char str[64]; + + if (!params->try_alpn) + return; + + snprintf(str, sizeof(str), "myproto-%d", alpn_counter); + + ret = gnutls_alpn_get_selected_protocol(session, &selected); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + + if (strlen(str) != selected.size || memcmp(str, selected.data, selected.size) != 0) { + fail("expected protocol %s, got %.*s\n", str, selected.size, selected.data); + exit(1); + } + + if (debug) + success("ALPN got: %s\n", str); +} + +static void verify_group(gnutls_session_t session, gnutls_group_t *group, unsigned counter) +{ + if (counter == 0) { + *group = gnutls_group_get(session); + return; + } + + if (gnutls_group_get(session) != *group) { + fail("expected group %s, got group %s\n", gnutls_group_get_name(*group), + gnutls_group_get_name(gnutls_group_get(session))); + } +} + +static void verify_server_params(gnutls_session_t session, unsigned counter, struct params_res *params) +{ + static char id[GNUTLS_MAX_SESSION_ID]; + static size_t id_size = 0; +#if defined(USE_PSK) + const char *username; + username = gnutls_psk_server_get_username(session); + if (counter != 0) { + if (username == NULL) + fail("no username was returned on server side resumption\n"); + + if (strcmp(username, "test") != 0) + fail("wrong username was returned on server side resumption\n"); + } +#endif + + if (counter == 0 && params->early_start) { + if (!(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_EARLY_START)) { + fail("early start did not happen on %d!\n", counter); + } + } + + if (counter > 0) { + if (gnutls_session_resumption_requested(session) == 0) { + fail("client did not request resumption!\n"); + } + } + + if (params->no_early_start) { + if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_EARLY_START) { + fail("early start did happen on %d but was not expected!\n", counter); + } + } + +#if defined(USE_X509) + unsigned int l; + + if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) + fail("did not find the expected X509 certificate type! (%d)\n", gnutls_certificate_type_get(session)); + + if (counter == 0 && gnutls_certificate_get_ours(session) == NULL) + fail("no certificate returned on server side (%s)\n", counter ? "resumed session" : "first session"); + else if (counter != 0 && gnutls_certificate_get_ours(session) != NULL) + fail("certificate was returned on server side (%s)\n", counter ? "resumed session" : "first session"); + + if (params->client_cert) { + if (gnutls_certificate_get_peers(session, &l) == NULL || l < 1) + fail("no client certificate returned on server side (%s)\n", counter ? "resumed session" : "first session"); + } +#endif + + /* verify whether the session ID remains the same between sessions */ + if (counter == 0) { + id_size = sizeof(id); + assert(gnutls_session_get_id(session, id, &id_size) >= 0); + } else { + char id2[GNUTLS_MAX_SESSION_ID]; + size_t id2_size = sizeof(id2); + + if (id_size == 0) + fail("no session ID was set\n"); + + assert(gnutls_session_get_id(session, id2, &id2_size) >= 0); + + if (id_size != id2_size || memcmp(id, id2, id_size) != 0) { + hexprint(id, id_size); + printf("\n"); + hexprint(id2, id2_size); + fail("resumed session ID does not match original\n"); + } + } + + return; +} + +static void verify_client_params(gnutls_session_t session, unsigned counter) +{ +#if defined(USE_X509) + unsigned int l; + if (gnutls_certificate_get_peers(session, &l) == NULL || l < 1) + fail("no server certificate returned on client side (%s)\n", counter ? "resumed session" : "first session"); +#else + return; +#endif +} + +#ifdef TLS12 +# define VERS_STR "+VERS-TLS1.2" +#endif +#ifdef TLS13 +# define VERS_STR "-VERS-ALL:+VERS-TLS1.3" +#endif + +static void client(int sds[], struct params_res *params) +{ + int ret, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + unsigned int ext_master_secret_check = 0; + gnutls_group_t pgroup; + char prio_str[256]; + const char *dns_name1 = "example.com"; + const char *dns_name2 = "www.example.com"; +#ifdef USE_PSK +# define PRIO_STR "NONE:"VERS_STR":+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+PSK:+CURVE-ALL" + const gnutls_datum_t pskkey = { (void *) "DEADBEEF", 8 }; + gnutls_psk_client_credentials_t pskcred; +#elif defined(USE_ANON) +# define PRIO_STR "NONE:"VERS_STR":+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+ANON-DH:+CURVE-ALL" + gnutls_anon_client_credentials_t anoncred; +#elif defined(USE_X509) +# define PRIO_STR "NONE:"VERS_STR":+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ECDHE-RSA:+RSA:+CURVE-ALL" + gnutls_certificate_credentials_t clientx509cred; +#endif + + /* Need to enable anonymous KX specifically. */ + + /* variables used in session resuming + */ + int t; + gnutls_datum_t session_data = {NULL, 0}; + + if (debug) { + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4); + } + +#ifdef USE_PSK + gnutls_psk_allocate_client_credentials(&pskcred); + gnutls_psk_set_client_credentials(pskcred, "test", &pskkey, GNUTLS_PSK_KEY_HEX); +#elif defined(USE_ANON) + gnutls_anon_allocate_client_credentials(&anoncred); +#elif defined(USE_X509) + gnutls_certificate_allocate_credentials(&clientx509cred); + + if (params->client_cert) { + assert(gnutls_certificate_set_x509_key_mem(clientx509cred, + &cli_cert, &cli_key, + GNUTLS_X509_FMT_PEM) >= 0); + } +#endif + + for (t = 0; t < SESSIONS; t++) { + int sd = sds[t]; + + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + + snprintf(prio_str, sizeof(prio_str), "%s", PRIO_STR); + + /* Use default priorities */ + switch (params->enable_session_ticket_client) { + case ST_NONE: + strcat(prio_str, ":%NO_TICKETS"); + break; + case ST_TLS13_ONLY: + strcat(prio_str, ":%NO_TICKETS_TLS12"); + break; + default: + break; + } + + if (params->first_no_ext_master && t == 0) { + strcat(prio_str, ":%NO_SESSION_HASH"); + ext_master_secret_check = 0; + } + + if (params->second_no_ext_master && t > 0) { + strcat(prio_str, ":%NO_SESSION_HASH"); + ext_master_secret_check = 0; + } + + if (params->change_ciphersuite) { + if (t > 0) + strcat(prio_str, ":-CIPHER-ALL:+AES-256-GCM:+AES-128-GCM"); + else + strcat(prio_str, ":-CIPHER-ALL:+AES-128-GCM"); + } + + append_alpn(session, params, t); + + ret = gnutls_priority_set_direct(session, prio_str, NULL); + if (ret < 0) { + fail("prio: %s\n", gnutls_strerror(ret)); + } + + /* put the anonymous credentials to the current session + */ +#ifdef USE_PSK + gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred); +#elif defined(USE_ANON) + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); +#elif defined(USE_X509) + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, clientx509cred); +#endif + + if (t > 0) { + /* if this is not the first time we connect */ + gnutls_session_set_data(session, session_data.data, + session_data.size); + if (params->try_diff_sni) + gnutls_server_name_set(session, GNUTLS_NAME_DNS, dns_name1, strlen(dns_name1)); + else if (params->try_sni) + gnutls_server_name_set(session, GNUTLS_NAME_DNS, dns_name2, strlen(dns_name2)); + + } else { + if (params->try_sni) + gnutls_server_name_set(session, GNUTLS_NAME_DNS, dns_name2, strlen(dns_name2)); + } + + if (ext_master_secret_check) + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_SERVER_HELLO, GNUTLS_HOOK_PRE, hsk_hook_cb); + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + gnutls_handshake_set_timeout(session, get_timeout()); + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success + ("client: Handshake was completed\n"); + } + + ext_master_secret_check = 0; + if (t == 0) { + ext_master_secret_check = gnutls_session_ext_master_secret_status(session); + + /* get the session data size */ + ret = + gnutls_session_get_data2(session, + &session_data); + if (ret < 0) + fail("Getting resume data failed\n"); + + } else { /* the second time we connect */ + if (params->try_resumed_data) { + gnutls_free(session_data.data); + ret = + gnutls_session_get_data2(session, + &session_data); + if (ret < 0) + fail("Getting resume data failed\n"); + } + + /* check if we actually resumed the previous session */ + if (gnutls_session_is_resumed(session) != 0) { + if (params->expect_resume) { + if (debug) + success + ("- Previous session was resumed\n"); + } else + fail("- Previous session was resumed but NOT expected\n"); + } else { + if (params->expect_resume) { + fail("*** Previous session was NOT resumed\n"); + } else { + if (debug) + success + ("*** Previous session was NOT resumed (expected)\n"); + } + } + + if (params->change_ciphersuite) { + /* check if the expected cipher was negotiated */ + if (gnutls_cipher_get(session) != GNUTLS_CIPHER_AES_128_GCM) { + fail("negotiated different cipher: %s\n", + gnutls_cipher_get_name(gnutls_cipher_get(session))); + } + } + } + + verify_alpn(session, params, t); + verify_group(session, &pgroup, t); + + if (params->expect_resume) + verify_client_params(session, t); + + gnutls_record_send(session, MSG, strlen(MSG)); + + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + close(sd); + + gnutls_deinit(session); + } + gnutls_free(session_data.data); + + end: +#ifdef USE_PSK + gnutls_psk_free_client_credentials(pskcred); +#elif defined(USE_ANON) + gnutls_anon_free_client_credentials(anoncred); +#elif defined(USE_X509) + gnutls_certificate_free_credentials(clientx509cred); +#endif +} + +#define DH_BITS 1024 + +/* These are global */ +static gnutls_datum_t session_ticket_key = { NULL, 0 }; + + +static gnutls_dh_params_t dh_params; + +#ifdef USE_PSK +gnutls_psk_server_credentials_t pskcred; +#elif defined(USE_ANON) +gnutls_anon_server_credentials_t anoncred; +#elif defined(USE_X509) +gnutls_certificate_credentials_t serverx509cred; +#endif + +static int generate_dh_params(void) +{ + const gnutls_datum_t p3 = { (void *) pkcs3, strlen(pkcs3) }; + /* Generate Diffie-Hellman parameters - for use with DHE + * kx algorithms. These should be discarded and regenerated + * once a day, once a week or once a month. Depending on the + * security requirements. + */ + gnutls_dh_params_init(&dh_params); + return gnutls_dh_params_import_pkcs3(dh_params, &p3, + GNUTLS_X509_FMT_PEM); +} + + +static void global_stop(void) +{ + if (debug) + success("global stop\n"); + +#ifdef USE_PSK + gnutls_psk_free_server_credentials(pskcred); +#elif defined(USE_ANON) + gnutls_anon_free_server_credentials(anoncred); +#elif defined(USE_X509) + gnutls_certificate_free_credentials(serverx509cred); +#endif + gnutls_dh_params_deinit(dh_params); +} + +#ifdef USE_PSK +static int +pskfunc(gnutls_session_t session, const char *username, + gnutls_datum_t * key) +{ + if (debug) + printf("psk: username %s\n", username); + key->data = gnutls_malloc(4); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; +} +#endif + +static void server(int sds[], struct params_res *params) +{ + int t; + int ret; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_group_t pgroup; + unsigned iflags = GNUTLS_SERVER; + + virt_time_init(); + + if (params->early_start || params->no_early_start) + iflags |= GNUTLS_ENABLE_EARLY_START; + + /* this must be called once in the program, it is mostly for the server. + */ + if (debug) { + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4); + } + +#ifdef USE_PSK + gnutls_psk_allocate_server_credentials(&pskcred); + gnutls_psk_set_server_credentials_function(pskcred, pskfunc); +#elif defined(USE_ANON) + gnutls_anon_allocate_server_credentials(&anoncred); +#elif defined(USE_X509) + gnutls_certificate_allocate_credentials(&serverx509cred); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, GNUTLS_X509_FMT_PEM) >= 0); +#endif + + if (debug) + success("Launched, generating DH parameters...\n"); + + generate_dh_params(); + +#if USE_ANON + gnutls_anon_set_server_dh_params(anoncred, dh_params); +#endif + + if (params->enable_db) { + wrap_db_init(); + } + + if (params->enable_session_ticket_server) + gnutls_session_ticket_key_generate(&session_ticket_key); + + for (t = 0; t < SESSIONS; t++) { + int sd = sds[t]; + + assert(gnutls_init(&session, iflags) >= 0); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, + PRIO_STR, + NULL) >= 0); + + +#if defined(USE_X509) + if (params->client_cert) { + gnutls_certificate_server_set_request(session, + GNUTLS_CERT_REQUIRE); + } +#endif + + gnutls_dh_set_prime_bits(session, DH_BITS); + + if (params->enable_db) { + gnutls_db_set_retrieve_function(session, wrap_db_fetch); + gnutls_db_set_remove_function(session, wrap_db_delete); + gnutls_db_set_store_function(session, wrap_db_store); + gnutls_db_set_ptr(session, NULL); + } + + if (params->enable_session_ticket_server) + gnutls_session_ticket_enable_server(session, + &session_ticket_key); + + append_alpn(session, params, t); + + if (params->expire_ticket) { + gnutls_db_set_cache_expiration(session, 45); + virt_sec_sleep(60); + } +#ifdef USE_PSK + gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred); +#elif defined(USE_ANON) + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); +#elif defined(USE_X509) + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, serverx509cred); +#endif + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + if (params->call_post_client_hello) { + gnutls_session_set_ptr(session, PRIO_STR); + gnutls_handshake_set_post_client_hello_function(session, + post_client_hello_callback); + } + + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + kill(child, SIGTERM); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + if (t > 0 && params->expect_resume) { + ret = gnutls_session_is_resumed(session); + if (ret == 0) { + fail("server: session_is_resumed error (%d)\n", t); + } + } + + verify_alpn(session, params, t); + verify_group(session, &pgroup, t); + + if (params->expect_resume) + verify_server_params(session, t, params); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + kill(child, SIGTERM); + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + + gnutls_deinit(session); + } + + if (params->enable_db) { + wrap_db_deinit(); + } + + gnutls_free(session_ticket_key.data); + + if (debug) + success("server: finished\n"); +} + +void doit(void) +{ + int i, err; + + signal(SIGCHLD, SIG_IGN); + signal(SIGPIPE, SIG_IGN); + + for (i = 0; resume_tests[i].desc; i++) { + int client_sds[SESSIONS], server_sds[SESSIONS]; + int j; + + printf("%s\n", resume_tests[i].desc); + + for (j = 0; j < SESSIONS; j++) { + int sockets[2]; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + server_sds[j] = sockets[0]; + client_sds[j] = sockets[1]; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status = 0; + /* parent */ + for (j = 0; j < SESSIONS; j++) + close(client_sds[j]); + server(server_sds, &resume_tests[i]); + + waitpid(child, &status, 0); + check_wait_status(status); + global_stop(); + } else { + for (j = 0; j < SESSIONS; j++) + close(server_sds[j]); + client(client_sds, &resume_tests[i]); + exit(0); + } + } +} + +/* Functions and other stuff needed for session resuming. + * This is done using a very simple list which holds session ids + * and session data. + */ + +#define MAX_SESSION_ID_SIZE 32 +#define MAX_SESSION_DATA_SIZE 1024 + +typedef struct { + unsigned char session_id[MAX_SESSION_ID_SIZE]; + unsigned int session_id_size; + + char session_data[MAX_SESSION_DATA_SIZE]; + int session_data_size; +} CACHE; + +static CACHE *cache_db; +static int cache_db_ptr = 0; + +static void wrap_db_init(void) +{ + + /* allocate cache_db */ + cache_db = calloc(1, TLS_SESSION_CACHE * sizeof(CACHE)); +} + +static void wrap_db_deinit(void) +{ + free(cache_db); + cache_db = NULL; + return; +} + +static int +wrap_db_store(void *dbf, gnutls_datum_t key, gnutls_datum_t data) +{ + time_t t, e, now = time(0); + +#ifdef DEBUG_CACHE + if (debug) { + unsigned int i; + fprintf(stderr, "resume db storing (%d-%d): ", key.size, + data.size); + for (i = 0; i < key.size; i++) { + fprintf(stderr, "%02x", key.data[i] & 0xFF); + } + fprintf(stderr, "\n"); + fprintf(stderr, "data: "); + for (i = 0; i < data.size; i++) { + fprintf(stderr, "%02x", data.data[i] & 0xFF); + } + fprintf(stderr, "\n"); + } +#endif + + /* check the correctness of gnutls_db_check_entry_time() */ + t = gnutls_db_check_entry_time(&data); + if (t < now - 10 || t > now + 10) { + fail("Time returned by gnutls_db_check_entry_time is bogus\n"); + exit(1); + } + + /* check the correctness of gnutls_db_check_entry_expire_time() */ + e = gnutls_db_check_entry_expire_time(&data); + if (e < t) { + fail("Time returned by gnutls_db_check_entry_expire_time is bogus\n"); + exit(1); + } + + if (cache_db == NULL) + return -1; + + if (key.size > MAX_SESSION_ID_SIZE) { + fail("Key size is too large\n"); + return -1; + } + + if (data.size > MAX_SESSION_DATA_SIZE) { + fail("Data size is too large\n"); + return -1; + } + + memcpy(cache_db[cache_db_ptr].session_id, key.data, key.size); + cache_db[cache_db_ptr].session_id_size = key.size; + + memcpy(cache_db[cache_db_ptr].session_data, data.data, data.size); + cache_db[cache_db_ptr].session_data_size = data.size; + + cache_db_ptr++; + cache_db_ptr %= TLS_SESSION_CACHE; + + return 0; +} + +static gnutls_datum_t wrap_db_fetch(void *dbf, gnutls_datum_t key) +{ + gnutls_datum_t res = { NULL, 0 }; + unsigned i; + + if (debug) { + fprintf(stderr, "resume db looking for (%d): ", key.size); + for (i = 0; i < key.size; i++) { + fprintf(stderr, "%02x", key.data[i] & 0xFF); + } + fprintf(stderr, "\n"); + } + + if (cache_db == NULL) + return res; + + for (i = 0; i < TLS_SESSION_CACHE; i++) { + if (key.size == cache_db[i].session_id_size && + memcmp(key.data, cache_db[i].session_id, + key.size) == 0) { + if (debug) + success + ("resume db fetch... return info\n"); + + res.size = cache_db[i].session_data_size; + + res.data = gnutls_malloc(res.size); + if (res.data == NULL) + return res; + + memcpy(res.data, cache_db[i].session_data, + res.size); + +#ifdef DEBUG_CACHE + if (debug) { + unsigned int j; + printf("data:\n"); + for (j = 0; j < res.size; j++) { + printf("%02x ", + res.data[j] & 0xFF); + if ((j + 1) % 16 == 0) + printf("\n"); + } + printf("\n"); + } +#endif + return res; + } + } + + if (debug) + success("resume db fetch... NOT FOUND\n"); + return res; +} + +static int wrap_db_delete(void *dbf, gnutls_datum_t key) +{ + int i; + + if (cache_db == NULL) + return -1; + + for (i = 0; i < TLS_SESSION_CACHE; i++) { + if (key.size == cache_db[i].session_id_size && + memcmp(key.data, cache_db[i].session_id, + key.size) == 0) { + + cache_db[i].session_id_size = 0; + cache_db[i].session_data_size = 0; + + return 0; + } + } + + return -1; + +} + +#endif /* _WIN32 */ diff --git a/tests/rfc2253-escape-test.sh b/tests/rfc2253-escape-test.sh new file mode 100755 index 0000000..2d71b83 --- /dev/null +++ b/tests/rfc2253-escape-test.sh @@ -0,0 +1,60 @@ +#!/bin/sh + +# Copyright (C) 2009-2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -e + +: ${CERTTOOL=../src/certtool${EXEEXT}} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + +if cat< /dev/null +-----BEGIN CERTIFICATE----- +MIICETCCAXygAwIBAgIESnlIMTALBgkqhkiG9w0BAQUwODEdMBsGA1UEChMUUkZD +IDIyNTMgZXNjYXBlIHRlc3QxFzAVBgNVBAsTDlBsdXMgKyBDb21tYSAsMB4XDTA5 +MDgwNTA4NTIwMVoXDTM2MTIyMTA4NTIwNFowODEdMBsGA1UEChMUUkZDIDIyNTMg +ZXNjYXBlIHRlc3QxFzAVBgNVBAsTDlBsdXMgKyBDb21tYSAsMIGcMAsGCSqGSIb3 +DQEBAQOBjAAwgYgCgYC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phs +z+Y89+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tK +rmpNaP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQID +AQABoy8wLTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRMuQqb+h00437ey9IHFf6h +2stokTALBgkqhkiG9w0BAQUDgYEAmvr55otCWJx8ReDt5jFKd8aDk3jm6RSogV/P ++fBYR69w25NxgSWVsQeoSi2Jklpqa20koynCya087TM8ODl3lO0XbmG1YGksnM6R +RMCUzqiqC2be1s2N+Bml4cIWTHzPZfnF/qXfbbkouepfbdscprXu07Z317kdAG8+ +iptEYYo= +-----END CERTIFICATE----- +EOF +then + : +else + echo "RFC 2253 escaping not working?" + exit 1 +fi + +exit 0 diff --git a/tests/rfc7633-missing.c b/tests/rfc7633-missing.c new file mode 100644 index 0000000..0101c17 --- /dev/null +++ b/tests/rfc7633-missing.c @@ -0,0 +1,342 @@ +/* + * Copyright (C) 2016 Tim Kosse + * + * Author: Tim Kosse + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* This program tests that handshakes fail if the server does not include the + * requested certificate status with the server certificate having + * TLS feature 5 (status request). + * + * See RFC 7633 section 4.2.3.1 paragraph 1 + * + * Remark: Doesn't the MUST in section 4.3.3 para. 1 overrule the SHOULD of 4.2.3.1 para. 1? + */ + +static time_t mytime(time_t * t) +{ + time_t then = 1464610242; + if (t) + *t = then; + + return then; +} + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICBzCCAXCgAwIBAgIMVpjt8TL5Io/frpvkMA0GCSqGSIb3DQEBCwUAMCIxIDAe\n" + "BgNVBAMTF0dudVRMUyB0ZXN0IGNlcnRpZmljYXRlMB4XDTE2MDExNTEzMDI0MVoX\n" + "DTMyMDYxOTEzMDI0MVowIjEgMB4GA1UEAxMXR251VExTIHRlc3QgY2VydGlmaWNh\n" + "dGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANe6XK+jDPAuqSdWqlOOqOt/\n" + "gXVMa5i+Suq3HvhLw2rE2g0AuOpMEx82FpPecu/GpF6ybrbKCohVdZCW7aZXvAw7\n" + "dg2XHr3p7H/Tqez7hWSga6BIznd+c5wxE/89yK6lYG7Ztoxamm+2vp9qvafwoDMn\n" + "9bcdkuWWnHNS1p/WyI6xAgMBAAGjQjBAMBEGCCsGAQUFBwEYBAUwAwIBBTAMBgNV\n" + "HRMBAf8EAjAAMB0GA1UdDgQWBBRTSzvcXshETAIgvzlIb0z+zSVSEDANBgkqhkiG\n" + "9w0BAQsFAAOBgQB+VcJuLPL2PMog0HZ8RRbqVvLU5d209ROg3s1oXUBFW8+AV+71\n" + "CsHg9Xx7vqKVwyKGI9ghds1B44lNPxGH2Sk1v2czjKbzwujo9+kLnDS6i0jyrDdn\n" + "um4ivpkwmlUFSQVXvENLwe9gTlIgN4+0I9WLcMTCDtHWkcxMRwCm2BMsXw==\n" + "-----END CERTIFICATE-----\n"; + + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static int received = 0; + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + fail("received status request\n"); + received = 1; + return 0; +} + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio) +{ + int ret; + unsigned int status; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + gnutls_global_set_time_function(mytime); + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CERTIFICATE_STATUS, + GNUTLS_HOOK_POST, + handshake_callback); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) { + /* success */ + goto end; + } + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (received == 1) { + fail("client: received certificate status when we shouldn't.\n"); + } + + ret = gnutls_certificate_verify_peers2(session, &status); + if (ret != GNUTLS_E_SUCCESS) { + fail("client: Peer certificate validation failed: %s\n", gnutls_strerror(ret)); + } + else { + if (status & GNUTLS_CERT_MISSING_OCSP_STATUS) { + success("client: Validation failed with GNUTLS_CERT_MISSING_OCSP_STATUS\n"); + } + else { + fail("client: Validation status does not include GNUTLS_CERT_MISSING_OCSP_STATUS. Status is %d\n", status); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + /* failure is expected here */ + goto end; + } + + if (debug) { + success("server: Handshake was completed\n"); + } + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static void start(const char *name, const char *prio) +{ + pid_t child; + int fd[2]; + int ret, status = 0; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + received = 0; + success("running: %s\n", name); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + client(fd[0], prio); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1], prio); + exit(0); + } + + return; +} + +void doit(void) +{ + start("tls1.2", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); + start("tls1.3", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); + start("default", "NORMAL"); +} + +#endif /* _WIN32 */ diff --git a/tests/rfc7633-ok.c b/tests/rfc7633-ok.c new file mode 100644 index 0000000..5959065 --- /dev/null +++ b/tests/rfc7633-ok.c @@ -0,0 +1,347 @@ +/* + * Copyright (C) 2016-2019 Tim Kosse + * Copyright (C) 2019 Nikos Mavrogiannopoulos + * + * Author: Tim Kosse, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* This program tests that handshakes succeed if the server includes the + * requested certificate status with the server certificate having + * TLS feature 5 (status request). + * + * See RFC 7633 + */ + +static time_t mytime(time_t * t) +{ + time_t then = 1559941819; + if (t) + *t = then; + + return then; +} + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +const unsigned char ocsp_resp[] = { + 0x30, 0x82, 0x02, 0x3f, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x02, 0x38, 0x30, + 0x82, 0x02, 0x34, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x02, 0x25, 0x30, 0x82, 0x02, 0x21, 0x30, 0x81, + 0x8a, 0xa1, 0x11, 0x30, 0x0f, 0x31, 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x13, 0x04, 0x43, 0x41, 0x2d, 0x33, 0x18, 0x0f, 0x32, 0x30, + 0x31, 0x39, 0x30, 0x36, 0x30, 0x37, 0x32, 0x31, 0x31, 0x35, 0x32, 0x32, + 0x5a, 0x30, 0x64, 0x30, 0x62, 0x30, 0x4d, 0x30, 0x09, 0x06, 0x05, 0x2b, + 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0xb7, 0xca, 0x0f, 0xab, + 0xdc, 0x6f, 0xb8, 0xb0, 0x96, 0x7a, 0x15, 0xac, 0x98, 0x0a, 0x0f, 0x19, + 0xfe, 0xa4, 0x12, 0xde, 0x04, 0x14, 0x1e, 0x85, 0xed, 0x7f, 0x9e, 0x71, + 0xfa, 0x08, 0x9d, 0x37, 0x48, 0x43, 0xa0, 0x12, 0xef, 0xe5, 0xaa, 0xe1, + 0xe3, 0x8a, 0x02, 0x14, 0x60, 0x14, 0x5f, 0x01, 0xcb, 0xe0, 0x05, 0x45, + 0x38, 0x8c, 0x26, 0xfc, 0x5b, 0xcf, 0x6c, 0x41, 0xc3, 0xcb, 0xaa, 0xcc, + 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x31, 0x39, 0x30, 0x36, 0x30, 0x37, + 0x32, 0x31, 0x31, 0x35, 0x32, 0x32, 0x5a, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x81, 0x00, 0x44, 0xc4, 0x59, 0xab, 0x7b, 0x6e, 0x35, 0x4e, 0x18, + 0x83, 0x02, 0xbd, 0x94, 0x26, 0x50, 0x01, 0xe2, 0xb1, 0x50, 0xdd, 0xca, + 0x61, 0x30, 0xb0, 0x93, 0x18, 0x56, 0xfe, 0x8d, 0x4f, 0xcc, 0x33, 0xc8, + 0x01, 0x1e, 0xac, 0xa1, 0x8e, 0xb0, 0x76, 0x0f, 0x41, 0x38, 0x7d, 0x06, + 0x9b, 0xfe, 0x09, 0x50, 0x6d, 0x86, 0x07, 0x2a, 0x48, 0x6e, 0x6a, 0xb1, + 0x13, 0xf4, 0xc0, 0x0f, 0x7c, 0x7d, 0x89, 0xb9, 0x69, 0xe7, 0x04, 0x2e, + 0xa4, 0x3d, 0xf6, 0xbd, 0x51, 0xbf, 0x52, 0x7d, 0xfb, 0x38, 0x7a, 0xbf, + 0xe6, 0xd7, 0x32, 0x57, 0x36, 0x87, 0xec, 0x91, 0x07, 0x0c, 0xac, 0xb9, + 0x79, 0xe7, 0x79, 0x4e, 0x49, 0x72, 0x1d, 0x16, 0xb6, 0x94, 0xbf, 0xc4, + 0x9f, 0x4e, 0x8b, 0x51, 0x54, 0x73, 0xb4, 0x4d, 0xe7, 0x01, 0x91, 0xcd, + 0x7c, 0xb2, 0x91, 0x4a, 0xc3, 0x4d, 0xc4, 0x4f, 0xa3, 0x42, 0xf1, 0x89, + 0xc7, 0xab, 0x36, 0x11, 0xf0, 0x7c, 0xc6, 0x8f, 0x03, 0x53, 0x85, 0x0c, + 0xfb, 0x30, 0x6b, 0xdd, 0x9e, 0x72, 0xd7, 0x77, 0xe5, 0xea, 0xd3, 0x39, + 0xb5, 0xb8, 0xdd, 0x61, 0xb9, 0xe7, 0x24, 0x9c, 0x85, 0x42, 0xd7, 0x2b, + 0x2e, 0x99, 0xdf, 0xe5, 0x8b, 0x79, 0xe3, 0x6e, 0x56, 0x6e, 0xd6, 0xed, + 0x5f, 0x9b, 0x5f, 0x40, 0x89, 0x17, 0x1a, 0x76, 0xbb, 0x3c, 0x9f, 0x33, + 0x71, 0xc1, 0xc5, 0x2f, 0xf4, 0x69, 0xe5, 0x5f, 0x83, 0xd4, 0x3a, 0x3d, + 0xd7, 0x44, 0xaa, 0xc0, 0x9d, 0xd9, 0xd9, 0x99, 0xec, 0x80, 0x4c, 0x46, + 0x5f, 0x91, 0xf4, 0x09, 0x06, 0xef, 0x37, 0x7c, 0x32, 0x64, 0x67, 0x85, + 0x99, 0xde, 0x9c, 0xce, 0x3e, 0x58, 0x1a, 0x6c, 0x59, 0xc9, 0x60, 0x26, + 0x02, 0xeb, 0x95, 0x52, 0x3e, 0x4f, 0xdd, 0x5f, 0x6c, 0x2d, 0x37, 0xc2, + 0x3b, 0x72, 0x70, 0xab, 0x1d, 0xf5, 0x2a, 0xbe, 0x8c, 0x70, 0x8e, 0xf0, + 0x25, 0x18, 0x68, 0xe5, 0xe9, 0xd1, 0xcf, 0xd8, 0x1f, 0x6c, 0x8e, 0xcf, + 0x18, 0x46, 0x51, 0xb4, 0x69, 0xbb, 0x6f, 0x4f, 0x1e, 0x2a, 0x61, 0x3f, + 0x64, 0x8b, 0x07, 0x7f, 0xc5, 0x80, 0xb9, 0x06, 0xd6, 0xb1, 0x8d, 0x47, + 0x4a, 0x61, 0xd2, 0x3e, 0xb4, 0xa6, 0xab, 0x12, 0xc6, 0x5c, 0x90, 0x9e, + 0x2e, 0x16, 0x2e, 0xd4, 0xfc, 0x4b, 0x08, 0x41, 0x94, 0xaf, 0x1d, 0x6e, + 0x6c, 0x11, 0x5c, 0x88, 0x3d, 0xd9, 0x30, 0x9d, 0x69, 0xf7, 0x45, 0xbe, + 0x5d, 0x1e, 0xd5, 0xe2, 0xf6, 0x38, 0xfa, 0xe1, 0xbf, 0xae, 0x9f, 0x2f, + 0xc6, 0x7b, 0x7b, 0x98, 0x89, 0x05, 0x8d, 0x4c, 0x01, 0xad, 0x61, 0x14, + 0x00, 0xca, 0xa3, 0xed, 0xd0, 0x2c, 0xfe, 0x1b, 0x7e, 0x1d, 0x70, 0x5b, + 0x2e, 0xc2, 0x54, 0xcf, 0x4c, 0x0a, 0xb3, 0x21, 0x58, 0xed, 0x51, 0xe7, + 0xeb, 0x8d, 0xb7 }; + +static int received = 0; + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, + const gnutls_datum_t * msg) +{ + received = 1; + return 0; +} + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio) +{ + int ret; + unsigned int status; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + gnutls_global_set_time_function(mytime); + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + assert(gnutls_certificate_allocate_credentials(&x509_cred) >= 0); + assert(gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&session, GNUTLS_CLIENT) >= 0); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_handshake_set_hook_function(session, + GNUTLS_HANDSHAKE_CERTIFICATE_STATUS, + GNUTLS_HOOK_POST, + handshake_callback); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (received == 0 + && gnutls_protocol_get_version(session) == GNUTLS_TLS1_2) { + fail("client: did not receive certificate status when we should.\n"); + } + + ret = gnutls_certificate_verify_peers2(session, &status); + if (ret != GNUTLS_E_SUCCESS) { + fail("client: Peer certificate validation failed: %s\n", + gnutls_strerror(ret)); + } else { + if (status) { + gnutls_datum_t tmp; + assert(gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, &tmp, 0)>=0); + fail("client: Validation status is not success (%x: %s)\n", + status, (char*)tmp.data); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +static int status_func(gnutls_session_t session, void *ptr, gnutls_datum_t *resp) +{ + resp->data = gnutls_malloc(sizeof(ocsp_resp)); + if (resp->data == NULL) + return -1; + + memcpy(resp->data, ocsp_resp, sizeof(ocsp_resp)); + resp->size = sizeof(ocsp_resp); + return 0; +} + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_tlsfeat_cert, + &server_ca3_key, GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&session, GNUTLS_SERVER) >= 0); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_certificate_set_ocsp_status_request_function(x509_cred, status_func, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("server: Handshake failed: %s\n", gnutls_strerror(ret)); + } + + if (debug) { + success("server: Handshake was completed\n"); + } + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static void start(const char *name, const char *prio) +{ + pid_t child; + int fd[2]; + int ret, status = 0; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + received = 0; + success("running: %s\n", name); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + client(fd[0], prio); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1], prio); + exit(0); + } + + return; +} + +void doit(void) +{ + start("tls1.2", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); + start("tls1.3", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); + start("default", "NORMAL"); +} + +#endif /* _WIN32 */ diff --git a/tests/rng-fork.c b/tests/rng-fork.c new file mode 100644 index 0000000..e4a374a --- /dev/null +++ b/tests/rng-fork.c @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS. If not, see . + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#endif + +#include "utils.h" +#include +#include + +#if !defined(_WIN32) +static void dump(const char *name, unsigned char *buf, int buf_size) +{ + int i; + printf("%s: ", name); + for (i = 0; i < buf_size; i++) + printf("%.2x:", buf[i]); + printf("\n"); +} + +#define FILENAME "./rng-test" + +void doit(void) +{ + unsigned char buf1[64]; + unsigned char buf2[64]; + pid_t pid; + int ret; + FILE *fp; + unsigned i; + + global_init(); + + for (i = GNUTLS_RND_NONCE; i <= GNUTLS_RND_KEY; i++) { + pid = fork(); + if (pid == 0) { + fp = fopen(FILENAME, "w"); + if (fp == NULL) + fail("cannot open file"); + + assert(gnutls_rnd(i, buf1, sizeof(buf1)) >= 0); + if (debug) + dump("buf1", buf1, sizeof(buf1)); + + fwrite(buf1, 1, sizeof(buf1), fp); + fclose(fp); + gnutls_global_deinit(); + exit(0); + } else { + /* daddy */ + assert(gnutls_rnd(i, buf2, sizeof(buf2)) >= 0); + if (debug) + dump("buf2", buf2, sizeof(buf2)); + waitpid(pid, NULL, 0); + + fp = fopen(FILENAME, "r"); + if (fp == NULL) + fail("cannot open file"); + + ret = fread(buf1, 1, sizeof(buf1), fp); + + fclose(fp); + remove(FILENAME); + + if (ret != sizeof(buf1)) { + fail("error testing the random generator (%u).\n", i); + return; + } + + if (memcmp(buf1, buf2, sizeof(buf1)) == 0) { + fail("error in the random generator (%u). Produces same valus after fork()\n", i); + return; + } + if (debug) + success("success\n"); + } + } + + gnutls_global_deinit(); +} +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/rng-no-onload.c b/tests/rng-no-onload.c new file mode 100644 index 0000000..ac01be2 --- /dev/null +++ b/tests/rng-no-onload.c @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" + +#if !defined(__linux__) || !defined(__GNUC__) + +void doit(void) +{ + exit(77); +} + +#else + +static int _rnd_called = 0; + +/* Tests whether gnutls_rnd() is called during gnutls library initialization. + * Normally it shouldn't be called to prevent any blocking due to getrandom() + * calls. + */ +int __attribute__ ((visibility ("protected"))) +gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) +{ + _rnd_called = 1; + + memset(data, 0xff, len); + return 0; +} + +void doit(void) +{ + if (gnutls_fips140_mode_enabled()) { + exit(77); + } + + global_init(); + + if (_rnd_called != 0) + fail("gnutls_rnd was called during gnutls_global_init()!\n"); + + gnutls_global_deinit(); +} +#endif /* _WIN32 */ diff --git a/tests/rng-op-key.c b/tests/rng-op-key.c new file mode 100644 index 0000000..28e7f71 --- /dev/null +++ b/tests/rng-op-key.c @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS. If not, see . + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#endif + +#include "utils.h" +#include +#include + +#include "rng-op.c" + +/* This tests the operation of the GNUTLS_RND_KEY generator. + * see rng-op.c for the specific tests. + */ + +void doit(void) +{ + try(GNUTLS_RND_KEY); +} diff --git a/tests/rng-op-nonce.c b/tests/rng-op-nonce.c new file mode 100644 index 0000000..6602fd1 --- /dev/null +++ b/tests/rng-op-nonce.c @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS. If not, see . + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#endif + +#include "utils.h" +#include +#include + +#include "rng-op.c" + +/* This tests the operation of the GNUTLS_RND_NONCE generator. + * see rng-op.c for the specific tests. + */ + +void doit(void) +{ + try(GNUTLS_RND_NONCE); +} diff --git a/tests/rng-op-random.c b/tests/rng-op-random.c new file mode 100644 index 0000000..b2c7d79 --- /dev/null +++ b/tests/rng-op-random.c @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS. If not, see . + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#endif + +#include "utils.h" +#include +#include + +#include "rng-op.c" + +/* This tests the operation of the GNUTLS_RND_RANDOM generator. + * see rng-op.c for the specific tests. + */ + +void doit(void) +{ + try(GNUTLS_RND_RANDOM); +} diff --git a/tests/rng-op.c b/tests/rng-op.c new file mode 100644 index 0000000..f9fd7dc --- /dev/null +++ b/tests/rng-op.c @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS. If not, see . + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#endif + +#include "utils.h" +#include +#include + +/* This tests the operation of the provided random generator + * to try() function. It will check whether it can perform more than + * 16k iterations, and provide a substantial amount of data. + */ + +static void try(int rnd) +{ + unsigned char buf1[64]; + unsigned char *tmp; + int ret; + unsigned i; + + global_init(); + + for (i = 0; i <= 65539; i++) { + ret = gnutls_rnd(rnd, buf1, sizeof(buf1)); + if (ret < 0) { + fail("Error iterating RNG-%d more than %u times\n", rnd, i); + exit(1); + } + } + +#define TMP_SIZE (65*1024) + tmp = malloc(TMP_SIZE); + if (tmp == NULL) { + fail("memory error\n"); + exit(1); + } + + for (i = 0; i <= 65539; i++) { + ret = gnutls_rnd(rnd, tmp, TMP_SIZE); + if (ret < 0) { + fail("Error iterating RNG-%d more than %u times for %d data\n", rnd, i, TMP_SIZE); + exit(1); + } + } + free(tmp); + + gnutls_global_deinit(); +} diff --git a/tests/rng-pthread.c b/tests/rng-pthread.c new file mode 100644 index 0000000..a2f4e66 --- /dev/null +++ b/tests/rng-pthread.c @@ -0,0 +1,126 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +# include +# include +#endif +#include "utils.h" + +#ifdef _WIN32 + +void doit(void) +{ + exit(77); +} + +#else + +/* Tests whether we can use gnutls_rnd() under multiple threads. + * We do a basic checking of random data match when gnutls_rnd() + * is called in parallel. + */ + +typedef struct thread_data_st { + unsigned level; + pthread_t id; + char buf[32]; +} thread_data_st; + +static void *start_thread(void *arg) +{ + thread_data_st *data = arg; + int ret; + + ret = gnutls_rnd(data->level, data->buf, sizeof(data->buf)); + if (ret < 0) { + fail("gnutls_rnd: wrong size returned (%d)\n", ret); + } + if (debug) + hexprint(data->buf, sizeof(data->buf)); + + pthread_exit(0); +} + +#define MAX_THREADS 48 + +static +void do_thread_stuff(unsigned level) +{ + int ret; + thread_data_st *data; + unsigned i, j; + + data = calloc(1, sizeof(thread_data_st)*MAX_THREADS); + if (data == NULL) + abort(); + + for (i=0;i. + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +/* This program verifies whether the low-level random functions can operate + * properly, even if interrupted by signals */ + +#if defined(HAVE_SETITIMER) && (defined(HAVE_LINUX_GETRANDOM) || defined(__linux__)) + +#include +#include +#include +#include +#include +#include +#include "utils.h" + +#define _gnutls_debug_log printf +#define gnutls_assert() +#define gnutls_assert_val(val) val + +int _rnd_system_entropy_init(void); +void _rnd_system_entropy_deinit(void); + +typedef int (*get_entropy_func)(void* rnd, size_t size); +get_entropy_func _rnd_get_system_entropy; + +#define RND_NO_INCLUDES +#include "../lib/nettle/sysrng-linux.c" + +static volatile int stop_loop = 0; + +static void sig_handler(int signo) +{ + stop_loop++; +} + +void doit(void) +{ + char buf[512]; + char empty[32]; + int ret; + struct itimerval ival; + struct sigaction sa; + + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = sig_handler; + sigemptyset (&sa.sa_mask); + sigaction(SIGALRM, &sa, NULL); + + memset(&ival, 0, sizeof(ival)); + ival.it_interval.tv_usec = 5000; + ival.it_value.tv_usec = 5000; + + _rnd_system_entropy_init(); + + ret = setitimer(ITIMER_REAL, &ival, NULL); + if (ret < 0) { + fail("error in setitimer: %s\n", strerror(errno)); + } + + memset(empty, 0, sizeof(empty)); + for (;stop_loop<1024;) { + memset(buf, 0, sizeof(buf)); + ret = _rnd_get_system_entropy(buf, sizeof(buf)); + if (ret < 0) { + fail("error obtaining entropy: %s\n", gnutls_strerror(ret)); + } + + if (memcmp(empty, buf+sizeof(buf)-sizeof(empty)-1, sizeof(empty)) == 0) { + fail("_rnd_get_system_entropy: did not fill buffer\n"); + } + } + + _rnd_system_entropy_deinit(); +} +#else +void doit(void); /* prototype to avoid warning with -Wmissing-prototypes */ + +void doit(void) +{ + exit(77); +} + +#endif diff --git a/tests/rsa-encrypt-decrypt.c b/tests/rsa-encrypt-decrypt.c new file mode 100644 index 0000000..95fdc64 --- /dev/null +++ b/tests/rsa-encrypt-decrypt.c @@ -0,0 +1,216 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos, Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include +#include +#include +#include + +#include "utils.h" + +/* sha1 hash of "hello" string */ +const gnutls_datum_t hash_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t raw_data = { + (void *) "hello there", + 11 +}; + +static char pem1_cert[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" + "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" + "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" + "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" + "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" + "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" + "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" + "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" + "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" + "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; + +static char pem1_key[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t cert_dat[] = { + {(void *) pem1_cert, sizeof(pem1_cert)} +}; + +const gnutls_datum_t key_dat[] = { + {(void *) pem1_key, sizeof(pem1_key)} +}; + +void doit(void) +{ + gnutls_x509_privkey_t key; + gnutls_x509_crt_t crt; + gnutls_pubkey_t pubkey; + gnutls_privkey_t privkey; + gnutls_datum_t out, out2; + int ret; + size_t i; + + global_init(); + + for (i = 0; i < sizeof(key_dat) / sizeof(key_dat[0]); i++) { + if (debug) + success("loop %d\n", (int) i); + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + fail("gnutls_x509_privkey_init\n"); + + ret = + gnutls_x509_privkey_import(key, &key_dat[i], + GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("gnutls_x509_privkey_import\n"); + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + fail("gnutls_privkey_init\n"); + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + fail("gnutls_pubkey_init\n"); + + ret = gnutls_privkey_import_x509(privkey, key, 0); + if (ret < 0) + fail("gnutls_privkey_import_x509\n"); + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) + fail("gnutls_x509_crt_init\n"); + + ret = + gnutls_x509_crt_import(crt, &cert_dat[i], + GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("gnutls_x509_crt_import\n"); + + ret = gnutls_pubkey_import_x509(pubkey, crt, 0); + if (ret < 0) + fail("gnutls_x509_pubkey_import\n"); + + + ret = + gnutls_pubkey_encrypt_data(pubkey, 0, &hash_data, + &out); + if (ret < 0) + fail("gnutls_pubkey_encrypt_data\n"); + + + ret = gnutls_privkey_decrypt_data(privkey, 0, &out, &out2); + if (ret < 0) + fail("gnutls_privkey_decrypt_data\n"); + + if (out2.size != hash_data.size) + fail("Decrypted data don't match original (1)\n"); + + if (memcmp(out2.data, hash_data.data, hash_data.size) != 0) + fail("Decrypted data don't match original (2)\n"); + + /* try again with fixed length API */ + memset(out2.data, 'A', out2.size); + ret = gnutls_privkey_decrypt_data2(privkey, 0, &out, out2.data, out2.size); + if (ret < 0) + fail("gnutls_privkey_decrypt_data\n"); + + if (memcmp(out2.data, hash_data.data, hash_data.size) != 0) + fail("Decrypted data don't match original (2b)\n"); + + gnutls_free(out.data); + gnutls_free(out2.data); + + ret = + gnutls_pubkey_encrypt_data(pubkey, 0, &raw_data, &out); + if (ret < 0) + fail("gnutls_pubkey_encrypt_data\n"); + + ret = gnutls_privkey_decrypt_data(privkey, 0, &out, &out2); + if (ret < 0) + fail("gnutls_privkey_decrypt_data\n"); + + if (out2.size != raw_data.size) + fail("Decrypted data don't match original (3)\n"); + + if (memcmp(out2.data, raw_data.data, raw_data.size) != 0) + fail("Decrypted data don't match original (4)\n"); + + /* try again with fixed length API */ + memset(out2.data, 'A', out2.size); + ret = gnutls_privkey_decrypt_data2(privkey, 0, &out, out2.data, out2.size); + if (ret < 0) + fail("gnutls_privkey_decrypt_data\n"); + + if (memcmp(out2.data, raw_data.data, raw_data.size) != 0) + fail("Decrypted data don't match original (4b)\n"); + + if (debug) + success("ok\n"); + + gnutls_free(out.data); + gnutls_free(out2.data); + gnutls_x509_privkey_deinit(key); + gnutls_x509_crt_deinit(crt); + gnutls_privkey_deinit(privkey); + gnutls_pubkey_deinit(pubkey); + } + + gnutls_global_deinit(); +} diff --git a/tests/rsa-illegal-import.c b/tests/rsa-illegal-import.c new file mode 100644 index 0000000..dd38aea --- /dev/null +++ b/tests/rsa-illegal-import.c @@ -0,0 +1,170 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +/* Checks whether the output of the import functions is the expected one, + * on illegal key input */ + +static unsigned char rsa_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXQIBAAKBgQCpTrErF6KeHfaSBfQXLkw2AkrteEFca/jbWk2S0df5cRrsuC+R\n" + "nrpHnk4prJISVQZzF+s5qgzulvRaMD0vnlCDKPjDgRLkFyiT3pW5JZJqTKiILQBw\n" + "z6rqlQO7UWWqetc/gl9SHTq/vX5CDbA5Nxc9HJLkPX5Xl3wA12PAYmraugIDAQAB\n" + "AoGABMjQgOM+GTHHkgDREQah6LTP4T4QusfiVHCM2KVNcSMdG6tozLirkvKKSusx\n" + "hYsZj48ReqOvkd56MUJDuGDE7aQqhsrDnTgTnoYH7dFSY6acUucj5F6yeircFth4\n" + "lRko09HKZ5Fd1ngstPU35GsekUMq8vaHDrRzleydp+Z5lMECQQDP/cy68Jt7tMZT\n" + "oQQLhsddyoQG+2JiWz3PT9P9d5WdkMqzOYt6ADZ2m8HpmMcv32LQHtriSxy7JqXW\n" + "3uSnowkEAkEA0GMOXvV/8QnWKU2/byp3HVDQP57Vq/M37BhMbxoZDAHCaIz7v8k2\n" + "D7UBQdTeiUsm6gFJ1+E6YCnmTxdPRVuN6QJBALLLOQAGL5Jy/v4K7yA9dwpgOYiK\n" + "9rMYPhUFSXWdI+cz/Zt9vzFcF3V0RYhaRfgYLqg7retTqFoVSgBg0OxuUSMCQBtF\n" + "q37QAGOKVwXmz/P7icVDa024OtybIyl58J7luntwy4GlWdk6uyGJHdYAxvMO69Pa\n" + "QVDIgDxPn32gXlaEaekCQQCVhXc3zc+VX3nM4iCpXhlET2N75ULzsR+r6CdvtwSB\n" + "vXMBcuCE1aJHZDxqRx8XFZDZl+Ij/jrBMmtI15ebDuzH\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t rsa_key = { rsa_key_pem, + sizeof(rsa_key_pem)-1 +}; + +static unsigned char p8_rsa_pem[] = + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" + "MIICojAcBgoqhkiG9w0BDAEDMA4ECDxZ1/EW+8XWAgIUYASCAoBR6R3Z341vSRvs\n" + "/LMErKcKkAQ3THTZBpmYgR2mrJUjJBivzOuRTCRpgtjuQ4ht2Q7KV943mJXsqAFI\n" + "Jly5fuVQ5YmRGLW+LE5sv+AGwmsii/PvGfGa9al56tHLDSeXV2VH4fly45bQ7ipr\n" + "PZBiEgBToF/jqDFWleH2GTCnSLpc4B2cKkMO2c5RYrCCGNRK/jr1xVUDVzeiXZwE\n" + "dbdDaV2UG/Oeo7F48UmvuWgS9YSFSUJ4fKG1KLlAQMKtAQKX+B4oL6Jbeb1jwSCX\n" + "Q1H9hHXHTXbPGaIncPugotZNArwwrhesTszFE4NFMbg3QNKL1fabJJFIcOYIktwL\n" + "7HG3pSiU2rqUZgS59OMJgL4jJm1lipo8ruNIl/YCpZTombOAV2Wbvq/I0SbRRXbX\n" + "12lco8bQO1dgSkhhe58Vrs+ChaNajtNi8SjLS+Pi1tYYAVQjcQdxCGh4q8aZUhDv\n" + "5yRp/TUOMaZqkY6YzRAlERb9jzVeh97EsOURzLu8pQgVjcNDOUAZF67KSqlSGMh7\n" + "PdqknM/j8KaWmVMAUn4+PuWohkyjd1/1QhCnEtFZ1lbIfWrKXV76U7zyy0OTvFKw\n" + "qemHUbryOJu0dQHziWmdtJpS7abSuhoMnrByZD+jDfQoSX7BzmdmCQGinltITYY1\n" + "3iChqWC7jY02CiKZqTcdwkImvmDtDYOBr0uQSgBa4eh7nYmmcpdY4I6V5qAdo30w\n" + "oXNEMqM53Syx36Fp70/Vmy0KmK8+2T4UgxGVJEgTDsEhiwJtTXxdzgxc5npbTePa\n" + "abhFyIXIpqoUYZ9GPU8UjNEuF//wPY6klBp6VP0ixO6RqQKzbwr85EXbzoceBrLo\n" + "eng1/Czj\n" + "-----END ENCRYPTED PRIVATE KEY-----\n"; + +const gnutls_datum_t p8_rsa_key = { p8_rsa_pem, + sizeof(p8_rsa_pem)-1 +}; + +static +int check_x509_privkey(void) +{ + gnutls_x509_privkey_t key; + int ret; + + global_init(); + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + ret = gnutls_x509_privkey_import(key, &rsa_key, GNUTLS_X509_FMT_PEM); + if (ret != GNUTLS_E_PK_INVALID_PRIVKEY) + fail("error: %s\n", gnutls_strerror(ret)); + + gnutls_x509_privkey_deinit(key); + + return 0; +} + +static +int check_pkcs8_privkey1(void) +{ + gnutls_x509_privkey_t key; + int ret; + + global_init(); + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + ret = gnutls_x509_privkey_import_pkcs8(key, &p8_rsa_key, GNUTLS_X509_FMT_PEM, "1234", 0); + if (ret != GNUTLS_E_PK_INVALID_PRIVKEY) + fail("error: %s\n", gnutls_strerror(ret)); + + gnutls_x509_privkey_deinit(key); + + return 0; +} + +static +int check_pkcs8_privkey2(void) +{ + gnutls_privkey_t key; + int ret; + + global_init(); + + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + ret = gnutls_privkey_import_x509_raw(key, &p8_rsa_key, GNUTLS_X509_FMT_PEM, "1234", 0); + if (ret != GNUTLS_E_PK_INVALID_PRIVKEY) + fail("error: %s\n", gnutls_strerror(ret)); + + gnutls_privkey_deinit(key); + + return 0; +} + +void doit(void) +{ + if (gnutls_fips140_mode_enabled()) + exit(77); + +#if NETTLE_VERSION_MAJOR < 3 || (NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR <= 2) + /* These checks are enforced only on new versions of nettle */ + exit(77); +#else + if (check_x509_privkey() != 0) { + fail("error in privkey check\n"); + exit(1); + } + + if (check_pkcs8_privkey1() != 0) { + fail("error in pkcs8 privkey check 1\n"); + exit(1); + } + + if (check_pkcs8_privkey2() != 0) { + fail("error in pkcs8 privkey check 2\n"); + exit(1); + } +#endif +} diff --git a/tests/rsa-md5-collision/README b/tests/rsa-md5-collision/README new file mode 100644 index 0000000..fa5a199 --- /dev/null +++ b/tests/rsa-md5-collision/README @@ -0,0 +1,622 @@ +rsa-md5-collision README -- Information about rsa-md5-collision self tests. +Copyright (C) 2006-2012 Free Software Foundation, Inc. +See the end for copying conditions. + +This directory contains colliding X.509 certificates for different +identities, from: + +http://www.win.tue.nl/hashclash/TargetCollidingCertificates/ + +The certificates are used by a simple self-test script, +rsa-md5-collision, that check to make sure that GnuTLS reject both +certificate chains. + +Below is the e-mail exchanges with the authors where they agree to +release the certificates under a permissive license, that allow the +files to be included here. + +X-Hashcash: 1:22:061024:m.m.j.stevens@student.tue.nl::NIoLZwQj6TTZ4YZK:BUuA +X-Hashcash: 1:22:061024:arjen.lenstra@epfl.ch::NgTq8sJW1QBlX/rv:g9Z +From: Simon Josefsson +To: "Weger\, B.M.M. de" , m.m.j.stevens@student.tue.nl, arjen.lenstra@epfl.ch +Subject: Re: target collisions and colliding certificates with different identities +References: +OpenPGP: id=B565716F; url=http://josefsson.org/key.txt +X-Draft-From: ("gmane.ietf.irtf.cfrg" 784) +X-Hashcash: 1:22:061024:b.m.m.d.weger@tue.nl::aYYmnRc08nJKaUMk:6ddD +Date: Tue, 24 Oct 2006 08:28:07 +0200 +In-Reply-To: + (B. M. M. de Weger's message of "Mon\, 23 Oct 2006 23\:58\:21 +0200") +Message-ID: <87ods2grd4.fsf@latte.josefsson.org> +User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain; charset=us-ascii +Lines: 48 +Xref: localhost.localdomain rsa-md5:1 + +Great work, thanks! + +I'd like to include your certificates in GnuTLS, a TLS implementation +that supports X.509, as self-tests of the certificate verification +logic. Is this OK with you? + +Btw, Gnutls rejected the certificates, we already disable MD5 for +verification purposes. :) + +For our legal department, I'd like a clarification of the license on +the data, would you agree to release the certificates under the +following license? + + Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra, Benne de Weger + + Copying and distribution of this file, with or without modification, + are permitted in any medium without royalty provided the copyright + notice and this notice are preserved. + +Also, if any other authors contributed, they would have to agree to +this license as well. Are there other authors? + +Best regards, and thanks in advance, +Simon + +"Weger, B.M.M. de" writes: + +> Hi all, +> +> We announce: +> - an example of a target collision for MD5; this means: +> for two chosen messages m1 and m2 we have constructed +> appendages b1 and b2 to make the messages collide +> under MD5, i.e. MD5(m1||b1) = MD5(m2||b2); +> said differently: we can cause an MD5 collision for +> any pair of distinct IHVs; +> - an example of a pair of valid, unsuspicious X.509 +> certificates with distinct Distinguished Name fields, +> but identical CA signatures; this example makes use +> of the target collision. +> +> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/, +> where the certificates and a more detailed announcement +> can be found. +> +> Marc Stevens +> Arjen Lenstra +> Benne de Weger +Return-Path: +Received: from yxa.extundo.com ([unix socket]) + by yxa-iv (Cyrus v2.1.18-IPv6-Debian-2.1.18-1+sarge2) with LMTP; Tue, 24 Oct 2006 08:32:12 +0200 +X-Sieve: CMU Sieve 2.2 +Received: from smtp1.epfl.ch (smtp1.epfl.ch [128.178.50.22]) + by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with SMTP id k9O6VvPx016489 + for ; Tue, 24 Oct 2006 08:31:57 +0200 +Received: (qmail 16665 invoked by uid 107); 24 Oct 2006 06:31:51 -0000 +Received: from mailav1.epfl.ch (128.178.50.190) + by smtp1.epfl.ch with SMTP; 24 Oct 2006 06:31:51 -0000 +Received: from (smtp2.epfl.ch [128.178.50.133]) by MAILAV1.epfl.ch with smtp + id 3c76_55596730_6329_11db_9dfc_001143d18479; + Tue, 24 Oct 2006 08:31:51 +0200 +Received: from rex1.epfl.ch (128.178.50.178) + by smtp2.epfl.ch (AngelmatoPhylax SMTP proxy); Tue, 24 Oct 2006 08:31:51 +0200 +X-MimeOLE: Produced By Microsoft Exchange V6.5 +Content-class: urn:content-classes:message +MIME-Version: 1.0 +Content-Type: text/plain; + charset="iso-8859-1" +Content-Transfer-Encoding: quoted-printable +Subject: RE: target collisions and colliding certificates with different identities +Date: Tue, 24 Oct 2006 08:31:42 +0200 +Message-ID: +In-Reply-To: <87ods2grd4.fsf@latte.josefsson.org> +X-MS-Has-Attach: +X-MS-TNEF-Correlator: +Thread-Topic: target collisions and colliding certificates with different identities +Thread-Index: Acb3NZO8kzaCp7NPSV29z2Ydtt/p5gAAEyEg +From: "Arjen Lenstra" +To: "Simon Josefsson" , + "Weger, B.M.M. de" , + +X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham + version=3.1.1 +X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv +X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com +X-Virus-Status: Clean +Lines: 75 +Xref: localhost.localdomain rsa-md5:2 + +Hi, +Thanks! +I can't speak for my coauthors, but it's all fine with me, though I find = +the year in your proposed copyright statement a bit odd (I would have = +expected 2006). There are no more authros involved. + +best regards, Arjen Lenstra + +---------------- +Arjen K. Lenstra a k l @ e p f l . c h +EPFL IC LACAL +INJ 330 (B=E2timent INJ) +Station 14 +CH-1015 Lausanne, Switzerland +T=E9l: + 41 21 693 8101 +Fax: + 41 21 693 7550 +=20 +=20 + +-----Original Message----- +From: Simon Josefsson [mailto:jas@extundo.com]=20 +Sent: Tuesday, October 24, 2006 8:28 AM +To: Weger, B.M.M. de; m.m.j.stevens@student.tue.nl; Arjen Lenstra +Subject: Re: target collisions and colliding certificates with different = +identities + +Great work, thanks! + +I'd like to include your certificates in GnuTLS, a TLS implementation +that supports X.509, as self-tests of the certificate verification +logic. Is this OK with you? + +Btw, Gnutls rejected the certificates, we already disable MD5 for +verification purposes. :) + +For our legal department, I'd like a clarification of the license on +the data, would you agree to release the certificates under the +following license? + + Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra, Benne de Weger + + Copying and distribution of this file, with or without = +modification, + are permitted in any medium without royalty provided the copyright + notice and this notice are preserved. + +Also, if any other authors contributed, they would have to agree to +this license as well. Are there other authors? + +Best regards, and thanks in advance, +Simon + +"Weger, B.M.M. de" writes: + +> Hi all, +> +> We announce: +> - an example of a target collision for MD5; this means:=20 +> for two chosen messages m1 and m2 we have constructed=20 +> appendages b1 and b2 to make the messages collide=20 +> under MD5, i.e. MD5(m1||b1) =3D MD5(m2||b2); +> said differently: we can cause an MD5 collision for=20 +> any pair of distinct IHVs; +> - an example of a pair of valid, unsuspicious X.509=20 +> certificates with distinct Distinguished Name fields,=20 +> but identical CA signatures; this example makes use=20 +> of the target collision. +> +> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/, +> where the certificates and a more detailed announcement=20 +> can be found. +> +> Marc Stevens +> Arjen Lenstra +> Benne de Weger +From: Simon Josefsson +To: "Arjen Lenstra" +Cc: "Weger\, B.M.M. de" , +Subject: Re: target collisions and colliding certificates with different identities +References: +OpenPGP: id=B565716F; url=http://josefsson.org/key.txt +X-Draft-From: ("nnimap+yxa:INBOX.private.2006.10" 623) +X-Hashcash: 1:22:061024:b.m.m.d.weger@tue.nl::pMR7JuXUTTt/Zjut:0aGD +X-Hashcash: 1:22:061024:arjen.lenstra@epfl.ch::juw1iXMSKV62mZGj:CBbu +X-Hashcash: 1:22:061024:m.m.j.stevens@student.tue.nl::SJdQwxRXP39Dw2C4:n6ia +Date: Tue, 24 Oct 2006 08:43:59 +0200 +In-Reply-To: + (Arjen Lenstra's message of "Tue\, 24 Oct 2006 08\:31\:42 +0200") +Message-ID: <87d58igqmo.fsf@latte.josefsson.org> +User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain; charset=iso-8859-1 +Content-Transfer-Encoding: 8bit +Lines: 80 +Xref: localhost.localdomain rsa-md5:3 + +"Arjen Lenstra" writes: + +> Hi, +> Thanks! +> I can't speak for my coauthors, but it's all fine with me, though I +> find the year in your proposed copyright statement a bit odd (I +> would have expected 2006). There are no more authros involved. + +Thanks. Duh, I meant 2006, of course. I'd appreciate if Marc and +Benne also replied. + +/Simon + +> best regards, Arjen Lenstra +> +> ---------------- +> Arjen K. Lenstra a k l @ e p f l . c h +> EPFL IC LACAL +> INJ 330 (Bâtiment INJ) +> Station 14 +> CH-1015 Lausanne, Switzerland +> Tél: + 41 21 693 8101 +> Fax: + 41 21 693 7550 +> +> +> +> -----Original Message----- +> From: Simon Josefsson [mailto:jas@extundo.com] +> Sent: Tuesday, October 24, 2006 8:28 AM +> To: Weger, B.M.M. de; m.m.j.stevens@student.tue.nl; Arjen Lenstra +> Subject: Re: target collisions and colliding certificates with different identities +> +> Great work, thanks! +> +> I'd like to include your certificates in GnuTLS, a TLS implementation +> that supports X.509, as self-tests of the certificate verification +> logic. Is this OK with you? +> +> Btw, Gnutls rejected the certificates, we already disable MD5 for +> verification purposes. :) +> +> For our legal department, I'd like a clarification of the license on +> the data, would you agree to release the certificates under the +> following license? +> +> Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra, Benne de Weger +> +> Copying and distribution of this file, with or without modification, +> are permitted in any medium without royalty provided the copyright +> notice and this notice are preserved. +> +> Also, if any other authors contributed, they would have to agree to +> this license as well. Are there other authors? +> +> Best regards, and thanks in advance, +> Simon +> +> "Weger, B.M.M. de" writes: +> +>> Hi all, +>> +>> We announce: +>> - an example of a target collision for MD5; this means: +>> for two chosen messages m1 and m2 we have constructed +>> appendages b1 and b2 to make the messages collide +>> under MD5, i.e. MD5(m1||b1) = MD5(m2||b2); +>> said differently: we can cause an MD5 collision for +>> any pair of distinct IHVs; +>> - an example of a pair of valid, unsuspicious X.509 +>> certificates with distinct Distinguished Name fields, +>> but identical CA signatures; this example makes use +>> of the target collision. +>> +>> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/, +>> where the certificates and a more detailed announcement +>> can be found. +>> +>> Marc Stevens +>> Arjen Lenstra +>> Benne de Weger +Return-Path: +Received: from yxa.extundo.com ([unix socket]) + by yxa-iv (Cyrus v2.1.18-IPv6-Debian-2.1.18-1+sarge2) with LMTP; Tue, 24 Oct 2006 09:23:28 +0200 +X-Sieve: CMU Sieve 2.2 +Received: from ipact2.infopact.nl (ipact2.infopact.nl [212.29.160.71]) + by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id k9O7NIbh023920 + (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) + for ; Tue, 24 Oct 2006 09:23:22 +0200 +Received: from ipact2.infopact.nl (localhost.localdomain [127.0.0.1]) + by ipact2.infopact.nl (8.13.7/8.13.7) with ESMTP id k9O7NAZd008636 + for ; Tue, 24 Oct 2006 09:23:11 +0200 +Received: (from defang@localhost) + by ipact2.infopact.nl (8.13.7/8.13.7/Submit) id k9O7J939006762 + for ; Tue, 24 Oct 2006 09:19:09 +0200 +Received: from smtp.banaan.org (72-130-ftth.onsnet.nu [88.159.130.72]) + by ipact2.infopact.nl (envelope-sender ) (MIMEDefang) with ESMTP id k9O7J72W006742; Tue, 24 Oct 2006 09:19:09 +0200 (CEST) +Received: by smtp.banaan.org (Postfix, from userid 1018) + id DE1B689D80; Tue, 24 Oct 2006 09:19:06 +0200 (CEST) +X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv +X-Spam-Level: +X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,FORGED_RCVD_HELO + autolearn=ham version=3.1.1 +Received: from s478591 (cp688553-a.tilbu1.nb.home.nl [84.24.55.50]) + by smtp.banaan.org (Postfix) with ESMTP id 5EE4889EF9; + Tue, 24 Oct 2006 09:18:57 +0200 (CEST) +Message-ID: <03cf01c6f73c$a8923390$8702a8c0@s478591> +From: "Marc Stevens" +To: "Simon Josefsson" , + "Arjen Lenstra" +Cc: "Weger, B.M.M. de" +References: <87d58igqmo.fsf@latte.josefsson.org> +Subject: Re: target collisions and colliding certificates with different identities +Date: Tue, 24 Oct 2006 09:18:50 +0200 +MIME-Version: 1.0 +Content-Type: text/plain; + format=flowed; + charset="iso-8859-1"; + reply-type=original +Content-Transfer-Encoding: 8bit +X-Priority: 3 +X-MSMail-Priority: Normal +X-Mailer: Microsoft Outlook Express 6.00.2900.2869 +X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 +X-Scanned-By: MIMEDefang - SpamAssassin on 212.29.160.71 +X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com +X-Virus-Status: Clean +Lines: 101 +Xref: localhost.localdomain rsa-md5:4 + +Hi Simon, + +Thanks! +I am also okay with the proposed license. + +Kind regards, + Marc + +----- Original Message ----- +From: "Simon Josefsson" +To: "Arjen Lenstra" +Cc: "Weger, B.M.M. de" ; + +Sent: Tuesday, October 24, 2006 8:43 AM +Subject: Re: target collisions and colliding certificates with different +identities + + +> "Arjen Lenstra" writes: +> +>> Hi, +>> Thanks! +>> I can't speak for my coauthors, but it's all fine with me, though I +>> find the year in your proposed copyright statement a bit odd (I +>> would have expected 2006). There are no more authros involved. +> +> Thanks. Duh, I meant 2006, of course. I'd appreciate if Marc and +> Benne also replied. +> +> /Simon +> +>> best regards, Arjen Lenstra +>> +>> ---------------- +>> Arjen K. Lenstra a k l @ e p f l . c h +>> EPFL IC LACAL +>> INJ 330 (Bâtiment INJ) +>> Station 14 +>> CH-1015 Lausanne, Switzerland +>> Tél: + 41 21 693 8101 +>> Fax: + 41 21 693 7550 +>> +>> +>> +>> -----Original Message----- +>> From: Simon Josefsson [mailto:jas@extundo.com] +>> Sent: Tuesday, October 24, 2006 8:28 AM +>> To: Weger, B.M.M. de; m.m.j.stevens@student.tue.nl; Arjen Lenstra +>> Subject: Re: target collisions and colliding certificates with different +>> identities +>> +>> Great work, thanks! +>> +>> I'd like to include your certificates in GnuTLS, a TLS implementation +>> that supports X.509, as self-tests of the certificate verification +>> logic. Is this OK with you? +>> +>> Btw, Gnutls rejected the certificates, we already disable MD5 for +>> verification purposes. :) +>> +>> For our legal department, I'd like a clarification of the license on +>> the data, would you agree to release the certificates under the +>> following license? +>> +>> Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra, Benne de Weger +>> +>> Copying and distribution of this file, with or without modification, +>> are permitted in any medium without royalty provided the copyright +>> notice and this notice are preserved. +>> +>> Also, if any other authors contributed, they would have to agree to +>> this license as well. Are there other authors? +>> +>> Best regards, and thanks in advance, +>> Simon +>> +>> "Weger, B.M.M. de" writes: +>> +>>> Hi all, +>>> +>>> We announce: +>>> - an example of a target collision for MD5; this means: +>>> for two chosen messages m1 and m2 we have constructed +>>> appendages b1 and b2 to make the messages collide +>>> under MD5, i.e. MD5(m1||b1) = MD5(m2||b2); +>>> said differently: we can cause an MD5 collision for +>>> any pair of distinct IHVs; +>>> - an example of a pair of valid, unsuspicious X.509 +>>> certificates with distinct Distinguished Name fields, +>>> but identical CA signatures; this example makes use +>>> of the target collision. +>>> +>>> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/, +>>> where the certificates and a more detailed announcement +>>> can be found. +>>> +>>> Marc Stevens +>>> Arjen Lenstra +>>> Benne de Weger +> + +Return-Path: +Received: from yxa.extundo.com ([unix socket]) + by yxa-iv (Cyrus v2.1.18-IPv6-Debian-2.1.18-1+sarge2) with LMTP; Tue, 24 Oct 2006 10:55:48 +0200 +X-Sieve: CMU Sieve 2.2 +Received: from mailhost.tue.nl (mailhost.tue.nl [131.155.2.19]) + by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id k9O8te8O005696 + for ; Tue, 24 Oct 2006 10:55:40 +0200 +Received: from localhost (localhost [127.0.0.1]) + by mailhost.tue.nl (Postfix) with ESMTP id B6C745C297; + Tue, 24 Oct 2006 10:55:39 +0200 (CEST) +X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com +X-Virus-Scanned: amavisd-new at tue.nl +Received: from mailhost.tue.nl ([131.155.2.19]) + by localhost (pastinakel.tue.nl [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id 84pZYnFvD8HO; Tue, 24 Oct 2006 10:55:39 +0200 (CEST) +Received: from EXCHANGE3.campus.tue.nl (xserver3.campus.tue.nl [131.155.6.6]) + by mailhost.tue.nl (Postfix) with ESMTP id 1CFE55C293; + Tue, 24 Oct 2006 10:55:39 +0200 (CEST) +X-MimeOLE: Produced By Microsoft Exchange V6.5 +Content-class: urn:content-classes:message +MIME-Version: 1.0 +Content-Type: text/plain; + charset="iso-8859-1" +Content-Transfer-Encoding: quoted-printable +Subject: RE: target collisions and colliding certificates with different identities +Date: Tue, 24 Oct 2006 10:55:38 +0200 +Message-ID: +In-Reply-To: <87d58igqmo.fsf@latte.josefsson.org> +X-MS-Has-Attach: +X-MS-TNEF-Correlator: +Thread-Topic: target collisions and colliding certificates with different identities +Thread-Index: Acb3N816trM39dt6Tmef1RZSgSRhMQAEdpog +From: "Weger, B.M.M. de" +To: "Simon Josefsson" +Cc: "Stevens, M.M.J." , + "Arjen Lenstra" +X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham + version=3.1.1 +X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on yxa-iv +X-Virus-Status: Clean +Lines: 123 +Xref: localhost.localdomain rsa-md5:5 + +Hi Simon, + +When your software rejects any MD5 certificate I don't see why +you would use our colliding ones, doesn't it mean that you'll=20 +have more explaining to do? +But when you want it this way, it's fine with me too. + +Grtz, +Benne + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +Technische Universiteit Eindhoven +Coding & Crypto Groep +Faculteit Wiskunde en Informatica +Den Dolech 2 +Postbus 513 +5600 MB Eindhoven +kamer: HG 9.84 +tel.: (040) 247 2704, bgg 5141 +e-mail: b.m.m.d.weger@tue.nl +www: http://www.win.tue.nl/~bdeweger +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + + + =20 + +> -----Original Message----- +> From: Simon Josefsson [mailto:jas@extundo.com]=20 +> Sent: dinsdag 24 oktober 2006 8:44 +> To: Arjen Lenstra +> Cc: Weger, B.M.M. de; Stevens, M.M.J. +> Subject: Re: target collisions and colliding certificates=20 +> with different identities +>=20 +> "Arjen Lenstra" writes: +>=20 +> > Hi, +> > Thanks! +> > I can't speak for my coauthors, but it's all fine with me, though I +> > find the year in your proposed copyright statement a bit odd (I +> > would have expected 2006). There are no more authros involved. +>=20 +> Thanks. Duh, I meant 2006, of course. I'd appreciate if Marc and +> Benne also replied. +>=20 +> /Simon +>=20 +> > best regards, Arjen Lenstra +> > +> > ---------------- +> > Arjen K. Lenstra a k l @ e p f l . c h +> > EPFL IC LACAL +> > INJ 330 (B=E2timent INJ) +> > Station 14 +> > CH-1015 Lausanne, Switzerland +> > T=E9l: + 41 21 693 8101 +> > Fax: + 41 21 693 7550 +> > =20 +> > =20 +> > +> > -----Original Message----- +> > From: Simon Josefsson [mailto:jas@extundo.com]=20 +> > Sent: Tuesday, October 24, 2006 8:28 AM +> > To: Weger, B.M.M. de; m.m.j.stevens@student.tue.nl; Arjen Lenstra +> > Subject: Re: target collisions and colliding certificates=20 +> with different identities +> > +> > Great work, thanks! +> > +> > I'd like to include your certificates in GnuTLS, a TLS=20 +> implementation +> > that supports X.509, as self-tests of the certificate=20 +> verification +> > logic. Is this OK with you? +> > +> > Btw, Gnutls rejected the certificates, we already disable MD5 for +> > verification purposes. :) +> > +> > For our legal department, I'd like a clarification of the license on +> > the data, would you agree to release the certificates under the +> > following license? +> > +> > Copyright (c) 1996 Marc Stevens, Arjen K. Lenstra,=20 +> Benne de Weger +> > +> > Copying and distribution of this file, with or without=20 +> modification, +> > are permitted in any medium without royalty provided=20 +> the copyright +> > notice and this notice are preserved. +> > +> > Also, if any other authors contributed, they would have to agree to +> > this license as well. Are there other authors? +> > +> > Best regards, and thanks in advance, +> > Simon +> > +> > "Weger, B.M.M. de" writes: +> > +> >> Hi all, +> >> +> >> We announce: +> >> - an example of a target collision for MD5; this means:=20 +> >> for two chosen messages m1 and m2 we have constructed=20 +> >> appendages b1 and b2 to make the messages collide=20 +> >> under MD5, i.e. MD5(m1||b1) =3D MD5(m2||b2); +> >> said differently: we can cause an MD5 collision for=20 +> >> any pair of distinct IHVs; +> >> - an example of a pair of valid, unsuspicious X.509=20 +> >> certificates with distinct Distinguished Name fields,=20 +> >> but identical CA signatures; this example makes use=20 +> >> of the target collision. +> >> +> >> See http://www.win.tue.nl/hashclash/TargetCollidingCertificates/, +> >> where the certificates and a more detailed announcement=20 +> >> can be found. +> >> +> >> Marc Stevens +> >> Arjen Lenstra +> >> Benne de Weger +>=20 + +---------------------------------------------------------------------- +Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. diff --git a/tests/rsa-md5-collision/colliding-chain-md5-1.pem b/tests/rsa-md5-collision/colliding-chain-md5-1.pem new file mode 100644 index 0000000..07fa85d --- /dev/null +++ b/tests/rsa-md5-collision/colliding-chain-md5-1.pem @@ -0,0 +1,253 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 010c0001 + Issuer: C=NL,L=Eindhoven,CN=Hash Collision CA + Validity: + Not Before: Sun Jan 01 00:00:01 UTC 2006 + Not After: Mon Dec 31 23:59:59 UTC 2007 + Subject: C=NL,L=Eindhoven,O=Collisionairs,CN=Arjen K. Lenstra + Subject Public Key Algorithm: RSA + Algorithm Security Level: Ultra (8192 bits) + Modulus (bits 8192): + 00:ee:73:e7:d6:b3:b3:4f:ba:a1:39:3d:02:a4:74:25 + 81:8d:c8:4f:86:73:6e:90:72:28:bb:e8:77:02:03:85 + 8d:8c:f1:83:7a:ff:5e:6c:22:13:03:6a:f3:d9:5c:77 + e9:c2:23:7d:60:8c:c4:a9:fb:97:30:8b:bf:98:28:61 + 2f:15:99:e2:61:5b:cc:de:da:59:30:53:2f:b3:dd:11 + 72:78:e4:94:40:14:33:63:0e:74:61:c1:dc:9b:80:1b + 2e:55:20:15:a5:13:ff:7a:e7:97:3e:f4:4b:83:52:e4 + e0:49:79:b3:1e:b6:00:65:4d:51:f4:a3:81:ce:be:3f + 0b:d0:99:d1:30:d1:45:6f:ab:e0:4a:3e:98:85:c8:c4 + fb:29:7b:86:b5:77:52:cd:64:19:80:9f:e3:7e:62:86 + f0:77:32:d1:e0:69:a5:b4:e5:66:70:b8:bb:ba:e5:c2 + 11:74:2a:13:1d:05:71:1c:f1:fe:32:af:93:3f:1e:ef + 22:47:62:e3:aa:da:c1:7c:40:e4:48:ca:41:a8:79:a0 + 3d:3c:f6:65:f2:39:c7:f3:fe:82:b3:84:e8:35:e7:c9 + e8:bd:ee:30:c2:68:a2:12:12:84:78:9d:f4:2f:44:90 + 6f:19:b7:90:26:46:44:36:e1:da:65:fa:0c:53:a3:77 + fa:0d:2b:01:2b:7d:dc:28:55:da:e5:b5:51:51:e2:80 + 34:11:21:20:b5:e7:9e:c5:f2:6a:9f:69:da:85:d7:4e + f6:a9:7a:0b:11:64:ef:a2:5f:b1:ae:26:ba:45:1c:cd + a7:a2:e7:84:33:9c:44:7d:56:05:49:a6:0b:f0:67:62 + 94:bf:58:0c:91:9e:c4:57:02:5d:3c:78:60:b9:82:96 + c0:ab:9f:e5:b1:d3:53:88:2e:26:c1:f7:21:b4:18:99 + d9:72:b5:a1:d5:05:0b:68:45:36:44:80:10:af:8c:7a + ff:7c:e8:ea:cc:b9:b1:fb:bd:d1:29:d4:f5:d4:99:fb + 81:29:24:df:30:2c:b3:c4:50:23:38:62:97:93:96:b3 + a4:6c:d0:ff:7f:14:26:71:1c:45:92:97:b6:5d:1c:ef + 66:c1:87:51:e0:94:bf:08:f3:b2:98:1c:5c:ce:52:d9 + 63:d5:a4:25:9a:64:55:7e:4d:1b:9e:fe:2d:9a:51:6d + 1e:6e:c8:bb:37:06:68:25:ae:a6:36:16:60:2b:d7:d1 + 16:25:a0:6a:90:73:9b:4d:0a:06:ea:87:2a:3a:f9:eb + a1:26:29:be:d6:79:40:56:1b:d9:37:4a:89:d6:0f:0d + 72:2c:9f:eb:68:33:ec:53:f0:b0:fd:76:aa:04:7b:66 + c9:0f:ce:b1:d2:e2:2c:c0:99:b9:a4:b9:3e:00:00:00 + 0f:54:a8:95:17:6e:4c:29:5a:40:5f:af:54:ce:e8:2d + 04:3a:45:ce:40:b1:55:be:34:eb:de:78:47:85:a2:5b + 7f:89:4d:42:4f:a1:27:b1:57:a8:a1:20:f9:9f:e5:31 + 02:c8:1f:a9:0e:0b:9b:da:1b:a7:75:df:75:d9:15:2a + 80:25:7a:1e:d3:52:dd:49:e5:7e:06:8f:f3:f0:2c:ab + d4:ac:97:db:bc:3f:a0:20:5a:74:30:2f:65:c7:f4:9a + 41:9e:08:fd:54:bf:af:c1:4d:78:ab:aa:b3:0d:db:3f + c8:48:e3:df:02:c5:a4:0e:da:24:8c:9f:f4:74:82:85 + 0c:fd:fb:dd:9b:c5:55:47:b7:40:4f:58:03:c1:bb:81 + 63:21:73:12:7e:1a:93:b2:4a:fb:6e:7a:80:45:08:65 + db:37:46:76:d5:76:ba:52:96:cc:c6:c1:30:82:d1:ab + 36:52:1f:1a:8a:d9:45:46:6b:9e:f0:6a:f4:3a:02:d7 + 0b:7f:b8:b7:dc:6d:26:8c:3d:ba:68:98:f6:55:2f:a3 + fb:b3:3d:cb:fa:da:7b:33:fa:75:d9:3a:fe:26:2b:d3 + 7a:ff:75:99:5f:d0:e9:77:4b:a5:a2:6a:7c:44:3f:f3 + 4e:46:15:02:a2:cb:77:7e:98:2d:00:73:75:14:b8:8e + d2:8d:61:f4:28:e8:83:87:df:2b:f0:22:30:ad:17:a9 + d4:4f:f3:64:85:0a:07:db:42:a7:82:6a:c2:ee:38:99 + ca:c3:ec:27:47:21:d4:76:d9:66:58:f5:37:16:67:65 + 87:f8:ff:14:db:8d:e6:74:1a:fa:22:06:db:a3:b1:18 + 28:ba:87:c6:e1:e8:8a:02:2f:1a:a8:dd:d0:37:ea:b0 + 49:b5:c7:d3:05:3d:0a:63:d7:86:1d:ea:07:b3:d8:b7 + 20:de:06:8c:f4:7e:65:7b:b4:44:50:b8:5d:52:f7:49 + d5:95:72:df:0c:0e:34:33:b4:7c:9a:a1:9a:85:6f:1d + c3:cd:ad:ba:fb:14:30:35:c8:5a:53:af:57:22:03:8f + 76:5c:0d:62:1b:66:b6:9f:ff:fd:09:1d:4a:66:1a:45 + 3b:f1:da:ed:1a:3a:23:41:b3:7d:7f:62:3b:15:8f:6e + c0:2b:49:a2:53:64:43:0f:cb:58:61:48:3e:1e:95:43 + ed:2e:e7:e5:4a:4c:10:8a:6e:64:19:40:98:0e:e6:0d + 14:ae:e5:59:af:30:03:7e:75:b2:30:9c:e0:21:ff:e3 + 10:9b:f2:05:38:92:ab:0a:e4:03:51:6e:2a:b5:80:67 + f7 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (not critical): + Certificate Authority (CA): FALSE + Key Usage (not critical): + Digital signature. + Non repudiation. + Key encipherment. + Signature Algorithm: RSA-MD5 +warning: signed using a broken signature algorithm that can be forged. + Signature: + 86:c0:87:6d:20:68:2d:c8:97:44:3f:97:69:0d:df:b2 + 90:74:cb:25:c3:58:f0:9f:81:23:4c:e2:65:a4:43:33 + cb:6a:78:b2:32:73:29:17:00:dc:d6:ba:df:55:08:8a + 19:a3:17:a5:1d:60:92:ac:3f:6f:c6:24:36:01:36:7a + 6a:2f:c0:96:9b:4e:89:13:bf:c2:31:5f:5a:f3:5d:83 + fb:d0:3c:95:78:39:24:22:17:be:b9:ad:88:73:d4:42 + f3:a3:62:00:ca:19:8f:63:45:bc:b7:6c:cb:27:fc:f2 + db:ea:23:9e:50:fd:dd:3c:d6:93:04:c9:50:e7:09:4a + ff:0a:96:59:02:b7:22:06:d0:4e:37:59:ba:ed:05:ae + 05:92:2d:8b:e9:35:56:c8:ca:cd:c3:60:6c:56:ee:37 + 89:c3:77:5f:76:7a:89:09:ab:44:4b:c1:d7:ee:4a:41 + 67:73:02:ef:df:33:7b:4c:ee:08:2d:92:18:fe:44:aa + 5d:68:d3:4e:fb:79:6a:c4:32:19:dc:f8:dd:4c:2e:6e + c4:58:ef:a4:82:da:7e:18:1c:08:64:17:71:24:f0:cf + 21:4b:0c:5a:28:ef:ec:a4:0e:c5:32:bb:76:73:ff:ea + 9b:9b:d0:a0:b1:ef:e6:db:97:c5:18:c4:db:17:b9:a5 +Other Information: + SHA1 fingerprint: + bc7510b271456cffd765d0c9ce7a8154215b7b37 + SHA256 fingerprint: + fb1b071cdc055092f973d90675f8b4df709796e64d5d9ac8a01485dfa18d3e2c + Public Key ID: + e4542a434d9a4e310a54b6e3fe5f9ad3b9f1b552 + Public key's random art: + +--[ RSA 8192]----+ + | .o.o +o. . | + | o + =.o | + | + * + | + | . + * | + | . . S | + | . E | + | . .o. .. | + | . .+oo.. . | + | ..+...... | + +-----------------+ + +-----BEGIN CERTIFICATE----- +MIIGKTCCBRGgAwIBAgIEAQwAATANBgkqhkiG9w0BAQQFADA9MRowGAYDVQQDExFI +YXNoIENvbGxpc2lvbiBDQTESMBAGA1UEBxMJRWluZGhvdmVuMQswCQYDVQQGEwJO +TDAeFw0wNjAxMDEwMDAwMDFaFw0wNzEyMzEyMzU5NTlaMFQxGTAXBgNVBAMTEEFy +amVuIEsuIExlbnN0cmExFjAUBgNVBAoTDUNvbGxpc2lvbmFpcnMxEjAQBgNVBAcT +CUVpbmRob3ZlbjELMAkGA1UEBhMCTkwwggQiMA0GCSqGSIb3DQEBAQUAA4IEDwAw +ggQKAoIEAQDuc+fWs7NPuqE5PQKkdCWBjchPhnNukHIou+h3AgOFjYzxg3r/Xmwi +EwNq89lcd+nCI31gjMSp+5cwi7+YKGEvFZniYVvM3tpZMFMvs90RcnjklEAUM2MO +dGHB3JuAGy5VIBWlE/9655c+9EuDUuTgSXmzHrYAZU1R9KOBzr4/C9CZ0TDRRW+r +4Eo+mIXIxPspe4a1d1LNZBmAn+N+YobwdzLR4GmltOVmcLi7uuXCEXQqEx0FcRzx +/jKvkz8e7yJHYuOq2sF8QORIykGoeaA9PPZl8jnH8/6Cs4ToNefJ6L3uMMJoohIS +hHid9C9EkG8Zt5AmRkQ24dpl+gxTo3f6DSsBK33cKFXa5bVRUeKANBEhILXnnsXy +ap9p2oXXTvapegsRZO+iX7GuJrpFHM2noueEM5xEfVYFSaYL8GdilL9YDJGexFcC +XTx4YLmClsCrn+Wx01OILibB9yG0GJnZcrWh1QULaEU2RIAQr4x6/3zo6sy5sfu9 +0SnU9dSZ+4EpJN8wLLPEUCM4YpeTlrOkbND/fxQmcRxFkpe2XRzvZsGHUeCUvwjz +spgcXM5S2WPVpCWaZFV+TRue/i2aUW0ebsi7NwZoJa6mNhZgK9fRFiWgapBzm00K +BuqHKjr566EmKb7WeUBWG9k3SonWDw1yLJ/raDPsU/Cw/XaqBHtmyQ/OsdLiLMCZ +uaS5PgAAAA9UqJUXbkwpWkBfr1TO6C0EOkXOQLFVvjTr3nhHhaJbf4lNQk+hJ7FX +qKEg+Z/lMQLIH6kOC5vaG6d133XZFSqAJXoe01LdSeV+Bo/z8Cyr1KyX27w/oCBa +dDAvZcf0mkGeCP1Uv6/BTXirqrMN2z/ISOPfAsWkDtokjJ/0dIKFDP373ZvFVUe3 +QE9YA8G7gWMhcxJ+GpOySvtueoBFCGXbN0Z21Xa6UpbMxsEwgtGrNlIfGorZRUZr +nvBq9DoC1wt/uLfcbSaMPbpomPZVL6P7sz3L+tp7M/p12Tr+JivTev91mV/Q6XdL +paJqfEQ/805GFQKiy3d+mC0Ac3UUuI7SjWH0KOiDh98r8CIwrRep1E/zZIUKB9tC +p4Jqwu44mcrD7CdHIdR22WZY9TcWZ2WH+P8U243mdBr6Igbbo7EYKLqHxuHoigIv +Gqjd0DfqsEm1x9MFPQpj14Yd6gez2Lcg3gaM9H5le7REULhdUvdJ1ZVy3wwONDO0 +fJqhmoVvHcPNrbr7FDA1yFpTr1ciA492XA1iG2a2n//9CR1KZhpFO/Ha7Ro6I0Gz +fX9iOxWPbsArSaJTZEMPy1hhSD4elUPtLuflSkwQim5kGUCYDuYNFK7lWa8wA351 +sjCc4CH/4xCb8gU4kqsK5ANRbiq1gGf3AgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYD +VR0PBAQDAgXgMA0GCSqGSIb3DQEBBAUAA4IBAQCGwIdtIGgtyJdEP5dpDd+ykHTL +JcNY8J+BI0ziZaRDM8tqeLIycykXANzWut9VCIoZoxelHWCSrD9vxiQ2ATZ6ai/A +lptOiRO/wjFfWvNdg/vQPJV4OSQiF765rYhz1ELzo2IAyhmPY0W8t2zLJ/zy2+oj +nlD93TzWkwTJUOcJSv8KllkCtyIG0E43WbrtBa4Fki2L6TVWyMrNw2BsVu43icN3 +X3Z6iQmrREvB1+5KQWdzAu/fM3tM7ggtkhj+RKpdaNNO+3lqxDIZ3PjdTC5uxFjv +pILafhgcCGQXcSTwzyFLDFoo7+ykDsUyu3Zz/+qbm9Cgse/m25fFGMTbF7ml +-----END CERTIFICATE----- +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 02181144 + Issuer: C=NL,L=Eindhoven,CN=Hash Collision CA + Validity: + Not Before: Sat Jan 01 00:00:01 UTC 2005 + Not After: Thu Jan 01 00:00:01 UTC 2015 + Subject: C=NL,L=Eindhoven,CN=Hash Collision CA + Subject Public Key Algorithm: RSA + Algorithm Security Level: Medium (2048 bits) + Modulus (bits 2048): + 00:ca:70:fa:c4:40:06:fb:b4:1a:8e:e4:19:5a:a9:77 + 1f:75:91:74:59:d2:68:b9:30:46:03:5b:a1:dc:b5:4a + 28:2a:1e:28:48:b7:78:ba:e0:67:70:0a:cd:64:2c:b0 + 8d:57:0d:bb:0f:89:56:df:23:a0:a3:c6:e5:df:ae:ef + 53:d8:bd:c1:64:f4:cb:e5:2e:47:aa:58:6e:ff:f3:b2 + 9f:0c:bd:42:39:4c:64:63:77:ef:3d:e2:f7:be:9b:62 + 99:37:45:12:68:b9:51:6a:32:f1:7b:d4:a4:ea:3b:a4 + 72:3d:2f:a1:a0:f2:34:42:0a:f9:50:40:d3:ce:0c:ed + 5f:60:db:0a:26:46:9f:07:17:9d:2b:c2:9f:62:3a:61 + 80:33:96:9f:f7:ac:6b:92:a4:94:c1:27:a6:13:79:b3 + 17:ab:b7:21:48:64:37:54:2d:c6:d0:5d:a7:14:b6:d0 + 59:ce:47:0c:b3:90:84:13:49:37:48:59:95:a1:e8:f3 + 34:9d:cf:ca:31:d6:18:a4:fc:a4:87:57:3c:9a:42:6a + 50:83:6f:95:59:ba:4d:b7:6a:68:60:95:b9:b8:64:de + d6:bd:ed:53:45:db:ec:38:40:db:ac:4b:0c:ba:cc:a0 + 14:c5:75:3c:28:05:85:f4:53:fd:52:0f:27:40:43:a0 + 51 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (not critical): + Certificate Authority (CA): TRUE + Path Length Constraint: 0 + Key Usage (not critical): + Certificate signing. + Signature Algorithm: RSA-MD5 +warning: signed using a broken signature algorithm that can be forged. + Signature: + 3e:90:33:aa:13:63:8b:3d:6a:f1:d5:36:34:40:8a:c1 + 12:53:e4:ed:8a:49:0e:af:c9:0d:2c:cf:be:7b:d7:f4 + 44:46:35:1a:4b:b9:b9:b0:8c:62:6d:5b:0c:72:14:fc + 6d:e5:78:81:9a:db:a1:d0:bd:d9:bf:81:24:f3:db:22 + 60:1d:a6:0c:79:42:7f:56:86:1d:a5:5c:91:8f:18:3d + 6e:47:cf:fe:5c:91:08:15:da:84:54:28:0e:64:11:53 + 2a:3b:15:58:df:1c:52:9a:ae:26:af:29:10:8d:5d:6d + e7:1e:fa:22:a4:58:fb:3f:2f:88:39:10:8c:f8:49:64 + b7:0d:21:d0:df:5c:eb:51:b6:ec:bb:1f:a1:63:6d:2d + 6f:a2:78:ed:3d:64:6d:f0:93:de:b6:a1:e0:11:85:db + 45:28:ac:b3:e1:fa:44:4f:43:f1:15:01:c7:d6:e9:74 + c1:00:5f:81:45:91:9c:82:c2:a1:ee:cf:bd:f3:a2:30 + 12:74:b0:d3:44:43:18:60:b0:aa:e1:39:25:3c:fa:4c + d7:ee:9d:c5:24:9f:6f:a6:0c:01:83:f5:3a:21:d6:b7 + 51:3b:9e:0c:2e:b0:f5:c9:a6:00:08:e9:27:d4:c3:ab + 85:c7:4e:70:67:7a:95:12:6b:03:89:ca:33:9e:d7:99 +Other Information: + SHA1 fingerprint: + 89bbb66f8639663af859ff7a0c43a9f011655aba + SHA256 fingerprint: + ddc11a3f3660d30e15af5f44ed6f59e800257a44b0201e49b452790e09a5fac7 + Public Key ID: + 5ead859fb9320a7d4bf78e644bd15153c5b3a16b + Public key's random art: + +--[ RSA 2048]----+ + | o*| + | +o| + | o +| + | o o o | + | S o + o | + | o . + E | + | . o + X | + | . oo* = | + | ...o+.o | + +-----------------+ + +-----BEGIN CERTIFICATE----- +MIIDGDCCAgCgAwIBAgIEAhgRRDANBgkqhkiG9w0BAQQFADA9MRowGAYDVQQDExFI +YXNoIENvbGxpc2lvbiBDQTESMBAGA1UEBxMJRWluZGhvdmVuMQswCQYDVQQGEwJO +TDAeFw0wNTAxMDEwMDAwMDFaFw0xNTAxMDEwMDAwMDFaMD0xGjAYBgNVBAMTEUhh +c2ggQ29sbGlzaW9uIENBMRIwEAYDVQQHEwlFaW5kaG92ZW4xCzAJBgNVBAYTAk5M +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynD6xEAG+7QajuQZWql3 +H3WRdFnSaLkwRgNbody1SigqHihIt3i64GdwCs1kLLCNVw27D4lW3yOgo8bl367v +U9i9wWT0y+UuR6pYbv/zsp8MvUI5TGRjd+894ve+m2KZN0USaLlRajLxe9Sk6juk +cj0voaDyNEIK+VBA084M7V9g2womRp8HF50rwp9iOmGAM5af96xrkqSUwSemE3mz +F6u3IUhkN1QtxtBdpxS20FnORwyzkIQTSTdIWZWh6PM0nc/KMdYYpPykh1c8mkJq +UINvlVm6TbdqaGCVubhk3ta97VNF2+w4QNusSwy6zKAUxXU8KAWF9FP9Ug8nQEOg +UQIDAQABoyAwHjAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQEAwICBDANBgkqhkiG +9w0BAQQFAAOCAQEAPpAzqhNjiz1q8dU2NECKwRJT5O2KSQ6vyQ0sz7571/RERjUa +S7m5sIxibVsMchT8beV4gZrbodC92b+BJPPbImAdpgx5Qn9Whh2lXJGPGD1uR8/+ +XJEIFdqEVCgOZBFTKjsVWN8cUpquJq8pEI1dbece+iKkWPs/L4g5EIz4SWS3DSHQ +31zrUbbsux+hY20tb6J47T1kbfCT3rah4BGF20UorLPh+kRPQ/EVAcfW6XTBAF+B +RZGcgsKh7s+986IwEnSw00RDGGCwquE5JTz6TNfuncUkn2+mDAGD9Toh1rdRO54M +LrD1yaYACOkn1MOrhcdOcGd6lRJrA4nKM57XmQ== +-----END CERTIFICATE----- diff --git a/tests/rsa-md5-collision/colliding-chain-md5-2.pem b/tests/rsa-md5-collision/colliding-chain-md5-2.pem new file mode 100644 index 0000000..e2fc083 --- /dev/null +++ b/tests/rsa-md5-collision/colliding-chain-md5-2.pem @@ -0,0 +1,252 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 020c0001 + Issuer: C=NL,L=Eindhoven,CN=Hash Collision CA + Validity: + Not Before: Sun Jan 01 00:00:01 UTC 2006 + Not After: Mon Dec 31 23:59:59 UTC 2007 + Subject: C=NL,L=Eindhoven,O=Collision Factory,CN=Marc Stevens + Subject Public Key Algorithm: RSA + Algorithm Security Level: High (8189 bits) + Modulus (bits 8189): + 1a:09:b4:cb:40:c7:26:7a:af:01:7f:9b:a4:74:25:81 + 8d:c8:4f:86:73:6e:90:72:28:bb:e8:77:02:03:85:8d + 8c:f1:83:7a:ff:5e:6c:22:13:03:6a:f3:d9:5c:77:e9 + c2:23:7d:60:8c:c4:a9:fb:97:30:7b:bf:98:28:61:2f + 15:99:e2:61:5b:cc:de:da:59:30:53:2f:b3:dd:11:72 + 78:e4:94:40:14:33:63:0e:74:61:c1:dc:9b:80:1b:2e + 55:20:15:a5:13:ff:7a:e7:97:3e:f4:4b:83:52:e4:e0 + 49:79:b3:1e:b6:00:65:4d:51:f4:a4:81:ce:be:3f:0b + d0:99:d1:30:d1:45:6f:ab:e0:4a:3e:98:85:c8:c4:fb + 29:7b:86:b5:77:52:cd:64:19:80:9f:e3:7e:62:86:f0 + 77:32:d1:e0:69:a5:b4:e5:66:70:b8:bb:ba:e5:c2:11 + 74:2a:13:1d:05:71:1c:f1:fe:22:af:93:3f:1e:ef:22 + 47:62:e3:aa:da:c1:7c:40:e4:48:ca:41:a8:79:a0:3d + 3c:f6:65:f2:39:c7:f3:fe:82:b3:84:e8:35:e7:c9:e8 + bd:ee:30:c2:68:a2:12:12:84:78:9d:f4:2f:44:90:6f + 19:b7:90:26:46:44:36:e1:da:64:fa:0c:53:a3:77:fa + 0d:2b:01:2b:7d:dc:28:55:da:e5:b5:51:51:e2:80:34 + 11:21:20:b5:e7:9e:c5:f2:6a:9f:69:da:85:d7:4e:f6 + a9:7a:0b:11:64:ef:a2:5f:b1:ae:26:ba:45:1c:cd:a7 + a2:e7:84:33:9c:44:7d:56:25:49:a6:0b:f0:67:62:94 + bf:58:0c:91:9e:c4:57:02:5d:3c:78:60:b9:82:96:c0 + ab:9f:e5:b1:d3:53:88:2e:26:c1:f7:21:b4:18:99:d9 + 72:b5:a1:d5:05:0b:68:45:36:44:80:10:af:8c:7a:ff + 7c:e8:ea:cc:b9:b1:fb:bd:c9:29:d4:f5:d4:99:fb:81 + 29:24:df:30:2c:b3:c4:50:23:38:62:97:93:96:b3:a4 + 6c:d0:ff:7f:14:26:71:1c:45:92:97:b6:5d:1c:ef:66 + c1:87:51:e0:94:bf:08:f3:b2:98:1c:5c:ce:52:d9:63 + d5:a4:25:9a:64:55:7e:4d:1b:9e:fe:0d:9a:51:6d:1e + 6e:c8:bb:37:06:68:25:ae:a6:36:16:60:2b:d7:d1:16 + 25:a0:6a:90:73:9b:4d:0a:06:ea:87:2a:3a:f9:eb:a1 + 26:29:be:d6:79:40:56:1b:d9:37:4a:89:d6:0f:0d:72 + 2c:9f:eb:68:33:ec:53:f0:b0:fd:76:a2:04:7b:66:c9 + 0f:ce:b1:d2:e2:2c:c0:99:b9:a4:b9:3e:00:00:00:0f + 54:a8:95:17:6e:4c:29:5a:40:5f:af:54:ce:e8:2d:04 + 3a:45:ce:40:b1:55:be:34:eb:de:78:47:85:a2:5b:7f + 89:4d:42:4f:a1:27:b1:57:a8:a1:20:f9:9f:e5:31:02 + c8:1f:a9:0e:0b:9b:da:1b:a7:75:df:75:d9:15:2a:80 + 25:7a:1e:d3:52:dd:49:e5:7e:06:8f:f3:f0:2c:ab:d4 + ac:97:db:bc:3f:a0:20:5a:74:30:2f:65:c7:f4:9a:41 + 9e:08:fd:54:bf:af:c1:4d:78:ab:aa:b3:0d:db:3f:c8 + 48:e3:df:02:c5:a4:0e:da:24:8c:9f:f4:74:82:85:0c + fd:fb:dd:9b:c5:55:47:b7:40:4f:58:03:c1:bb:81:63 + 21:73:12:7e:1a:93:b2:4a:fb:6e:7a:80:45:08:65:db + 37:46:76:d5:76:ba:52:96:cc:c6:c1:30:82:d1:ab:36 + 52:1f:1a:8a:d9:45:46:6b:9e:f0:6a:f4:3a:02:d7:0b + 7f:b8:b7:dc:6d:26:8c:3d:ba:68:98:f6:55:2f:a3:fb + b3:3d:cb:fa:da:7b:33:fa:75:d9:3a:fe:26:2b:d3:7a + ff:75:99:5f:d0:e9:77:4b:a5:a2:6a:7c:44:3f:f3:4e + 46:15:02:a2:cb:77:7e:98:2d:00:73:75:14:b8:8e:d2 + 8d:61:f4:28:e8:83:87:df:2b:f0:22:30:ad:17:a9:d4 + 4f:f3:64:85:0a:07:db:42:a7:82:6a:c2:ee:38:99:ca + c3:ec:27:47:21:d4:76:d9:66:58:f5:37:16:67:65:87 + f8:ff:14:db:8d:e6:74:1a:fa:22:06:db:a3:b1:18:28 + ba:87:c6:e1:e8:8a:02:2f:1a:a8:dd:d0:37:ea:b0:49 + b5:c7:d3:05:3d:0a:63:d7:86:1d:ea:07:b3:d8:b7:20 + de:06:8c:f4:7e:65:7b:b4:44:50:b8:5d:52:f7:49:d5 + 95:72:df:0c:0e:34:33:b4:7c:9a:a1:9a:85:6f:1d:c3 + cd:ad:ba:fb:14:30:35:c8:5a:53:af:57:22:03:8f:76 + 5c:0d:62:1b:66:b6:9f:ff:fd:09:1d:4a:66:1a:45:3b + f1:da:ed:1a:3a:23:41:b3:7d:7f:62:3b:15:8f:6e:c0 + 2b:49:a2:53:64:43:0f:cb:58:61:48:3e:1e:95:43:ed + 2e:e7:e5:4a:4c:10:8a:6e:64:19:40:98:0e:e6:0d:14 + ae:e5:59:af:30:03:7e:75:b2:30:9c:e0:21:ff:e3:10 + 9b:f2:05:38:92:ab:0a:e4:03:51:6e:2a:b5:80:67:f7 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (not critical): + Certificate Authority (CA): FALSE + Key Usage (not critical): + Digital signature. + Non repudiation. + Key encipherment. + Signature Algorithm: RSA-MD5 +warning: signed using a broken signature algorithm that can be forged. + Signature: + 86:c0:87:6d:20:68:2d:c8:97:44:3f:97:69:0d:df:b2 + 90:74:cb:25:c3:58:f0:9f:81:23:4c:e2:65:a4:43:33 + cb:6a:78:b2:32:73:29:17:00:dc:d6:ba:df:55:08:8a + 19:a3:17:a5:1d:60:92:ac:3f:6f:c6:24:36:01:36:7a + 6a:2f:c0:96:9b:4e:89:13:bf:c2:31:5f:5a:f3:5d:83 + fb:d0:3c:95:78:39:24:22:17:be:b9:ad:88:73:d4:42 + f3:a3:62:00:ca:19:8f:63:45:bc:b7:6c:cb:27:fc:f2 + db:ea:23:9e:50:fd:dd:3c:d6:93:04:c9:50:e7:09:4a + ff:0a:96:59:02:b7:22:06:d0:4e:37:59:ba:ed:05:ae + 05:92:2d:8b:e9:35:56:c8:ca:cd:c3:60:6c:56:ee:37 + 89:c3:77:5f:76:7a:89:09:ab:44:4b:c1:d7:ee:4a:41 + 67:73:02:ef:df:33:7b:4c:ee:08:2d:92:18:fe:44:aa + 5d:68:d3:4e:fb:79:6a:c4:32:19:dc:f8:dd:4c:2e:6e + c4:58:ef:a4:82:da:7e:18:1c:08:64:17:71:24:f0:cf + 21:4b:0c:5a:28:ef:ec:a4:0e:c5:32:bb:76:73:ff:ea + 9b:9b:d0:a0:b1:ef:e6:db:97:c5:18:c4:db:17:b9:a5 +Other Information: + SHA1 fingerprint: + 6fea1157b6edc59d28bf96590ceab3cc32366a51 + SHA256 fingerprint: + 387fa1529fa8e3fa7b8a5ecdbea0301275144c02d5ee93d0bea9726bdc98e5ef + Public Key ID: + 85d9ae67a92fccea10f681a683109658d91e788d + Public key's random art: + +--[ RSA 8189]----+ + | .+ o | + |..+ E . + | + |oo o . o o | + |.. .. o | + |. = . S . | + |.. + o . . . | + |. o . .o. + | + | . . ++ | + | .o..o. | + +-----------------+ + +-----BEGIN CERTIFICATE----- +MIIGKTCCBRGgAwIBAgIEAgwAATANBgkqhkiG9w0BAQQFADA9MRowGAYDVQQDExFI +YXNoIENvbGxpc2lvbiBDQTESMBAGA1UEBxMJRWluZGhvdmVuMQswCQYDVQQGEwJO +TDAeFw0wNjAxMDEwMDAwMDFaFw0wNzEyMzEyMzU5NTlaMFQxFTATBgNVBAMTDE1h +cmMgU3RldmVuczEaMBgGA1UEChMRQ29sbGlzaW9uIEZhY3RvcnkxEjAQBgNVBAcT +CUVpbmRob3ZlbjELMAkGA1UEBhMCTkwwggQiMA0GCSqGSIb3DQEBAQUAA4IEDwAw +ggQKAoIEAQAaCbTLQMcmeq8Bf5ukdCWBjchPhnNukHIou+h3AgOFjYzxg3r/Xmwi +EwNq89lcd+nCI31gjMSp+5cwe7+YKGEvFZniYVvM3tpZMFMvs90RcnjklEAUM2MO +dGHB3JuAGy5VIBWlE/9655c+9EuDUuTgSXmzHrYAZU1R9KSBzr4/C9CZ0TDRRW+r +4Eo+mIXIxPspe4a1d1LNZBmAn+N+YobwdzLR4GmltOVmcLi7uuXCEXQqEx0FcRzx +/iKvkz8e7yJHYuOq2sF8QORIykGoeaA9PPZl8jnH8/6Cs4ToNefJ6L3uMMJoohIS +hHid9C9EkG8Zt5AmRkQ24dpk+gxTo3f6DSsBK33cKFXa5bVRUeKANBEhILXnnsXy +ap9p2oXXTvapegsRZO+iX7GuJrpFHM2noueEM5xEfVYlSaYL8GdilL9YDJGexFcC +XTx4YLmClsCrn+Wx01OILibB9yG0GJnZcrWh1QULaEU2RIAQr4x6/3zo6sy5sfu9 +ySnU9dSZ+4EpJN8wLLPEUCM4YpeTlrOkbND/fxQmcRxFkpe2XRzvZsGHUeCUvwjz +spgcXM5S2WPVpCWaZFV+TRue/g2aUW0ebsi7NwZoJa6mNhZgK9fRFiWgapBzm00K +BuqHKjr566EmKb7WeUBWG9k3SonWDw1yLJ/raDPsU/Cw/XaiBHtmyQ/OsdLiLMCZ +uaS5PgAAAA9UqJUXbkwpWkBfr1TO6C0EOkXOQLFVvjTr3nhHhaJbf4lNQk+hJ7FX +qKEg+Z/lMQLIH6kOC5vaG6d133XZFSqAJXoe01LdSeV+Bo/z8Cyr1KyX27w/oCBa +dDAvZcf0mkGeCP1Uv6/BTXirqrMN2z/ISOPfAsWkDtokjJ/0dIKFDP373ZvFVUe3 +QE9YA8G7gWMhcxJ+GpOySvtueoBFCGXbN0Z21Xa6UpbMxsEwgtGrNlIfGorZRUZr +nvBq9DoC1wt/uLfcbSaMPbpomPZVL6P7sz3L+tp7M/p12Tr+JivTev91mV/Q6XdL +paJqfEQ/805GFQKiy3d+mC0Ac3UUuI7SjWH0KOiDh98r8CIwrRep1E/zZIUKB9tC +p4Jqwu44mcrD7CdHIdR22WZY9TcWZ2WH+P8U243mdBr6Igbbo7EYKLqHxuHoigIv +Gqjd0DfqsEm1x9MFPQpj14Yd6gez2Lcg3gaM9H5le7REULhdUvdJ1ZVy3wwONDO0 +fJqhmoVvHcPNrbr7FDA1yFpTr1ciA492XA1iG2a2n//9CR1KZhpFO/Ha7Ro6I0Gz +fX9iOxWPbsArSaJTZEMPy1hhSD4elUPtLuflSkwQim5kGUCYDuYNFK7lWa8wA351 +sjCc4CH/4xCb8gU4kqsK5ANRbiq1gGf3AgMBAAGjGjAYMAkGA1UdEwQCMAAwCwYD +VR0PBAQDAgXgMA0GCSqGSIb3DQEBBAUAA4IBAQCGwIdtIGgtyJdEP5dpDd+ykHTL +JcNY8J+BI0ziZaRDM8tqeLIycykXANzWut9VCIoZoxelHWCSrD9vxiQ2ATZ6ai/A +lptOiRO/wjFfWvNdg/vQPJV4OSQiF765rYhz1ELzo2IAyhmPY0W8t2zLJ/zy2+oj +nlD93TzWkwTJUOcJSv8KllkCtyIG0E43WbrtBa4Fki2L6TVWyMrNw2BsVu43icN3 +X3Z6iQmrREvB1+5KQWdzAu/fM3tM7ggtkhj+RKpdaNNO+3lqxDIZ3PjdTC5uxFjv +pILafhgcCGQXcSTwzyFLDFoo7+ykDsUyu3Zz/+qbm9Cgse/m25fFGMTbF7ml +-----END CERTIFICATE----- +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 02181144 + Issuer: C=NL,L=Eindhoven,CN=Hash Collision CA + Validity: + Not Before: Sat Jan 01 00:00:01 UTC 2005 + Not After: Thu Jan 01 00:00:01 UTC 2015 + Subject: C=NL,L=Eindhoven,CN=Hash Collision CA + Subject Public Key Algorithm: RSA + Algorithm Security Level: Medium (2048 bits) + Modulus (bits 2048): + 00:ca:70:fa:c4:40:06:fb:b4:1a:8e:e4:19:5a:a9:77 + 1f:75:91:74:59:d2:68:b9:30:46:03:5b:a1:dc:b5:4a + 28:2a:1e:28:48:b7:78:ba:e0:67:70:0a:cd:64:2c:b0 + 8d:57:0d:bb:0f:89:56:df:23:a0:a3:c6:e5:df:ae:ef + 53:d8:bd:c1:64:f4:cb:e5:2e:47:aa:58:6e:ff:f3:b2 + 9f:0c:bd:42:39:4c:64:63:77:ef:3d:e2:f7:be:9b:62 + 99:37:45:12:68:b9:51:6a:32:f1:7b:d4:a4:ea:3b:a4 + 72:3d:2f:a1:a0:f2:34:42:0a:f9:50:40:d3:ce:0c:ed + 5f:60:db:0a:26:46:9f:07:17:9d:2b:c2:9f:62:3a:61 + 80:33:96:9f:f7:ac:6b:92:a4:94:c1:27:a6:13:79:b3 + 17:ab:b7:21:48:64:37:54:2d:c6:d0:5d:a7:14:b6:d0 + 59:ce:47:0c:b3:90:84:13:49:37:48:59:95:a1:e8:f3 + 34:9d:cf:ca:31:d6:18:a4:fc:a4:87:57:3c:9a:42:6a + 50:83:6f:95:59:ba:4d:b7:6a:68:60:95:b9:b8:64:de + d6:bd:ed:53:45:db:ec:38:40:db:ac:4b:0c:ba:cc:a0 + 14:c5:75:3c:28:05:85:f4:53:fd:52:0f:27:40:43:a0 + 51 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (not critical): + Certificate Authority (CA): TRUE + Path Length Constraint: 0 + Key Usage (not critical): + Certificate signing. + Signature Algorithm: RSA-MD5 +warning: signed using a broken signature algorithm that can be forged. + Signature: + 3e:90:33:aa:13:63:8b:3d:6a:f1:d5:36:34:40:8a:c1 + 12:53:e4:ed:8a:49:0e:af:c9:0d:2c:cf:be:7b:d7:f4 + 44:46:35:1a:4b:b9:b9:b0:8c:62:6d:5b:0c:72:14:fc + 6d:e5:78:81:9a:db:a1:d0:bd:d9:bf:81:24:f3:db:22 + 60:1d:a6:0c:79:42:7f:56:86:1d:a5:5c:91:8f:18:3d + 6e:47:cf:fe:5c:91:08:15:da:84:54:28:0e:64:11:53 + 2a:3b:15:58:df:1c:52:9a:ae:26:af:29:10:8d:5d:6d + e7:1e:fa:22:a4:58:fb:3f:2f:88:39:10:8c:f8:49:64 + b7:0d:21:d0:df:5c:eb:51:b6:ec:bb:1f:a1:63:6d:2d + 6f:a2:78:ed:3d:64:6d:f0:93:de:b6:a1:e0:11:85:db + 45:28:ac:b3:e1:fa:44:4f:43:f1:15:01:c7:d6:e9:74 + c1:00:5f:81:45:91:9c:82:c2:a1:ee:cf:bd:f3:a2:30 + 12:74:b0:d3:44:43:18:60:b0:aa:e1:39:25:3c:fa:4c + d7:ee:9d:c5:24:9f:6f:a6:0c:01:83:f5:3a:21:d6:b7 + 51:3b:9e:0c:2e:b0:f5:c9:a6:00:08:e9:27:d4:c3:ab + 85:c7:4e:70:67:7a:95:12:6b:03:89:ca:33:9e:d7:99 +Other Information: + SHA1 fingerprint: + 89bbb66f8639663af859ff7a0c43a9f011655aba + SHA256 fingerprint: + ddc11a3f3660d30e15af5f44ed6f59e800257a44b0201e49b452790e09a5fac7 + Public Key ID: + 5ead859fb9320a7d4bf78e644bd15153c5b3a16b + Public key's random art: + +--[ RSA 2048]----+ + | o*| + | +o| + | o +| + | o o o | + | S o + o | + | o . + E | + | . o + X | + | . oo* = | + | ...o+.o | + +-----------------+ + +-----BEGIN CERTIFICATE----- +MIIDGDCCAgCgAwIBAgIEAhgRRDANBgkqhkiG9w0BAQQFADA9MRowGAYDVQQDExFI +YXNoIENvbGxpc2lvbiBDQTESMBAGA1UEBxMJRWluZGhvdmVuMQswCQYDVQQGEwJO +TDAeFw0wNTAxMDEwMDAwMDFaFw0xNTAxMDEwMDAwMDFaMD0xGjAYBgNVBAMTEUhh +c2ggQ29sbGlzaW9uIENBMRIwEAYDVQQHEwlFaW5kaG92ZW4xCzAJBgNVBAYTAk5M +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynD6xEAG+7QajuQZWql3 +H3WRdFnSaLkwRgNbody1SigqHihIt3i64GdwCs1kLLCNVw27D4lW3yOgo8bl367v +U9i9wWT0y+UuR6pYbv/zsp8MvUI5TGRjd+894ve+m2KZN0USaLlRajLxe9Sk6juk +cj0voaDyNEIK+VBA084M7V9g2womRp8HF50rwp9iOmGAM5af96xrkqSUwSemE3mz +F6u3IUhkN1QtxtBdpxS20FnORwyzkIQTSTdIWZWh6PM0nc/KMdYYpPykh1c8mkJq +UINvlVm6TbdqaGCVubhk3ta97VNF2+w4QNusSwy6zKAUxXU8KAWF9FP9Ug8nQEOg +UQIDAQABoyAwHjAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQEAwICBDANBgkqhkiG +9w0BAQQFAAOCAQEAPpAzqhNjiz1q8dU2NECKwRJT5O2KSQ6vyQ0sz7571/RERjUa +S7m5sIxibVsMchT8beV4gZrbodC92b+BJPPbImAdpgx5Qn9Whh2lXJGPGD1uR8/+ +XJEIFdqEVCgOZBFTKjsVWN8cUpquJq8pEI1dbece+iKkWPs/L4g5EIz4SWS3DSHQ +31zrUbbsux+hY20tb6J47T1kbfCT3rah4BGF20UorLPh+kRPQ/EVAcfW6XTBAF+B +RZGcgsKh7s+986IwEnSw00RDGGCwquE5JTz6TNfuncUkn2+mDAGD9Toh1rdRO54M +LrD1yaYACOkn1MOrhcdOcGd6lRJrA4nKM57XmQ== +-----END CERTIFICATE----- diff --git a/tests/rsa-md5-collision/rsa-md5-collision.sh b/tests/rsa-md5-collision/rsa-md5-collision.sh new file mode 100755 index 0000000..85f8e82 --- /dev/null +++ b/tests/rsa-md5-collision/rsa-md5-collision.sh @@ -0,0 +1,70 @@ +#!/bin/sh + +# Copyright (C) 2006, 2008, 2010, 2012 Free Software Foundation, Inc. +# Copyright (C) 2016, Red Hat, Inc. +# +# Author: Simon Josefsson, Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +TMPFILE1=rsa-md5.$$.tmp +TMPFILE2=rsa-md5-2.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +. ${srcdir}/scripts/common.sh +skip_if_no_datefudge + +# Disable leak detection +ASAN_OPTIONS="detect_leaks=0" +export ASAN_OPTIONS + +datefudge -s "2006-10-1" \ +"${CERTTOOL}" --verify-chain --outfile "$TMPFILE1" --infile "${srcdir}/rsa-md5-collision/colliding-chain-md5-1.pem" +if test $? = 0;then + echo "Verification on chain1 succeeded" + exit 1 +fi + +grep 'Not verified.' $TMPFILE1| grep 'insecure algorithm' +if test $? != 0;then + echo "Output on chain1 doesn't match the expected" + exit 1 +fi + + +datefudge -s "2006-10-1" \ +"${CERTTOOL}" --verify-chain --outfile "$TMPFILE2" --infile "${srcdir}/rsa-md5-collision/colliding-chain-md5-2.pem" +if test $? = 0;then + echo "Verification on chain2 succeeded" + exit 1 +fi + +grep 'Not verified.' $TMPFILE2| grep 'insecure algorithm' +if test $? != 0;then + echo "Output on chain2 doesn't match the expected" + exit 1 +fi + +rm -f $TMPFILE1 $TMPFILE2 + +# We're done. +exit 0 diff --git a/tests/rsa-psk-cb.c b/tests/rsa-psk-cb.c new file mode 100644 index 0000000..6036c18 --- /dev/null +++ b/tests/rsa-psk-cb.c @@ -0,0 +1,323 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * Copyright (C) 2013-2017 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Tests the RSA-PSK ciphersuites under TLS1.2 */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "utils.h" + +/* A very basic TLS client, with PSK authentication. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static +int psk_cli_func(gnutls_session_t session, char **username, gnutls_datum_t *key) +{ + *username = gnutls_malloc(5); + assert(*username != NULL); + strcpy(*username, "test"); + + key->data = gnutls_malloc(4); + assert(key->data != NULL); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + + return 0; +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +static void client(int sd) +{ + int ret, ii; + gnutls_session_t session; + gnutls_certificate_credentials_t clientx509cred; + char buffer[MAX_BUF + 1]; + gnutls_psk_client_credentials_t pskcred; + /* Need to enable anonymous KX specifically. */ + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "client"; + + gnutls_certificate_allocate_credentials(&clientx509cred); + + gnutls_psk_allocate_client_credentials(&pskcred); + gnutls_psk_set_client_credentials_function(pskcred, psk_cli_func); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA-PSK", + NULL)>=0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + close(sd); + + gnutls_deinit(session); + + gnutls_psk_free_client_credentials(pskcred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +/* This is a sample TLS 1.0 echo server, for PSK authentication. + */ + +#define MAX_BUF 1024 + +static int +psk_server_func(gnutls_session_t session, const char *username, + gnutls_datum_t * key) +{ + if (debug) + printf("psk: username %s\n", username); + + if (strcmp(username, "test") != 0) { + fail("error in received username: '%s'\n", username); + } + + key->data = gnutls_malloc(4); + assert(key->data != NULL); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; +} + +int err, ret; +char topbuf[512]; +gnutls_session_t session; +char buffer[MAX_BUF + 1]; +int optval = 1; + +static void server(int sd) +{ + gnutls_certificate_credentials_t serverx509cred; + gnutls_psk_server_credentials_t server_pskcred; + + /* this must be called once in the program + */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "server"; + + gnutls_psk_allocate_server_credentials(&server_pskcred); + gnutls_psk_set_server_credentials_function(server_pskcred, + psk_server_func); + gnutls_psk_set_server_credentials_hint(server_pskcred, "hint"); + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA-PSK", + NULL)>=0); + + + gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_psk_free_server_credentials(server_pskcred); + gnutls_certificate_free_credentials(serverx509cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +void doit(void) +{ + pid_t child; + int sockets[2]; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + close(sockets[1]); + server(sockets[0]); + wait(&status); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/rsa-psk.c b/tests/rsa-psk.c new file mode 100644 index 0000000..a0c8602 --- /dev/null +++ b/tests/rsa-psk.c @@ -0,0 +1,307 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * Copyright (C) 2013-2017 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Tests the RSA-PSK ciphersuites under TLS1.2 */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "utils.h" + +/* A very basic TLS client, with PSK authentication. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +static void client(int sd) +{ + int ret, ii; + gnutls_session_t session; + gnutls_certificate_credentials_t clientx509cred; + char buffer[MAX_BUF + 1]; + gnutls_psk_client_credentials_t pskcred; + /* Need to enable anonymous KX specifically. */ + const gnutls_datum_t key = { (void *) "DEADBEEF", 8 }; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "client"; + + gnutls_certificate_allocate_credentials(&clientx509cred); + + gnutls_psk_allocate_client_credentials(&pskcred); + gnutls_psk_set_client_credentials(pskcred, "test", &key, + GNUTLS_PSK_KEY_HEX); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA-PSK", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + close(sd); + + gnutls_deinit(session); + + gnutls_psk_free_client_credentials(pskcred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +/* This is a sample TLS 1.0 echo server, for PSK authentication. + */ + +#define MAX_BUF 1024 + +static int +psk_server_func(gnutls_session_t session, const char *username, + gnutls_datum_t * key) +{ + if (debug) + printf("psk: username %s\n", username); + + if (strcmp(username, "test") != 0) { + fail("error in received username: '%s'\n", username); + } + + key->data = gnutls_malloc(4); + assert(key->data != NULL); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; +} + +int err, ret; +char topbuf[512]; +gnutls_session_t session; +char buffer[MAX_BUF + 1]; +int optval = 1; + +static void server(int sd) +{ + gnutls_certificate_credentials_t serverx509cred; + gnutls_psk_server_credentials_t server_pskcred; + + /* this must be called once in the program + */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "server"; + + gnutls_psk_allocate_server_credentials(&server_pskcred); + gnutls_psk_set_server_credentials_function(server_pskcred, + psk_server_func); + gnutls_psk_set_server_credentials_hint(server_pskcred, "hint"); + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA-PSK", + NULL); + + + gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_psk_free_server_credentials(server_pskcred); + gnutls_certificate_free_credentials(serverx509cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +void doit(void) +{ + pid_t child; + int sockets[2]; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + close(sockets[1]); + server(sockets[0]); + wait(&status); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/rsa-rsa-pss.c b/tests/rsa-rsa-pss.c new file mode 100644 index 0000000..19a175b --- /dev/null +++ b/tests/rsa-rsa-pss.c @@ -0,0 +1,253 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* This tests the key conversion from basic RSA to RSA-PSS. + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +const gnutls_datum_t raw_data = { + (void *) "hello there", + 11 +}; + +static void inv_sign_check(unsigned sigalgo, + gnutls_privkey_t privkey, int exp_error) +{ + int ret; + gnutls_datum_t signature; + + ret = gnutls_privkey_sign_data2(privkey, sigalgo, 0, + &raw_data, &signature); + if (ret != exp_error) + fail("gnutls_privkey_sign_data succeeded with %s and %s: %s\n", gnutls_pk_get_name(gnutls_privkey_get_pk_algorithm(privkey, NULL)), + gnutls_sign_get_name(sigalgo), gnutls_strerror(ret)); + + if (ret == 0) + gnutls_free(signature.data); +} + +static void inv_encryption_check(gnutls_pk_algorithm_t algorithm, + gnutls_privkey_t privkey, int exp_error) +{ + int ret; + gnutls_datum_t ct; + gnutls_pubkey_t pubkey; + + assert(gnutls_pubkey_init(&pubkey) >= 0); + + ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0); + if (ret < 0) + fail("gnutls_pubkey_import_privkey\n"); + + ret = gnutls_pubkey_encrypt_data(pubkey, 0, &raw_data, &ct); + if (ret != exp_error) + fail("gnutls_pubkey_encrypt_data succeeded with %s: %s\n", gnutls_pk_get_name(algorithm), + gnutls_strerror(ret)); + + gnutls_pubkey_deinit(pubkey); + +} + +static void sign_verify_data(unsigned sigalgo, gnutls_privkey_t privkey, + unsigned int sign_flags, unsigned int verify_flags, + int sign_exp_error, int verify_exp_error) +{ + int ret; + gnutls_datum_t signature = { NULL, 0 }; + + ret = gnutls_privkey_sign_data2(privkey, sigalgo, sign_flags, + &raw_data, &signature); + if (ret != sign_exp_error) + fail("gnutls_x509_privkey_sign_data returned unexpected error: %s\n", + gnutls_strerror(ret)); + + if (ret < 0) { + success("skipping verification as signing is expected to fail\n"); + } else { + gnutls_pubkey_t pubkey; + + /* verify data */ + assert(gnutls_pubkey_init(&pubkey) >= 0); + + ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0); + if (ret < 0) + fail("gnutls_pubkey_import_privkey\n"); + + ret = gnutls_pubkey_verify_data2(pubkey, sigalgo, + verify_flags, &raw_data, &signature); + if (ret != verify_exp_error) + fail("gnutls_pubkey_verify_data2 returned unexpected error: %s\n", + gnutls_strerror(ret)); + + gnutls_pubkey_deinit(pubkey); + } + + gnutls_free(signature.data); +} + +static void +prepare_keys(gnutls_privkey_t *pkey_rsa_pss, gnutls_privkey_t *pkey_rsa, + gnutls_digest_algorithm_t dig, size_t salt_size) +{ + gnutls_privkey_t pkey; + gnutls_x509_privkey_t tkey; + int ret; + gnutls_x509_spki_t spki; + gnutls_datum_t tmp; + + assert(gnutls_x509_spki_init(&spki)>=0); + + assert(gnutls_privkey_init(&pkey) >=0); + + gnutls_x509_spki_set_rsa_pss_params(spki, dig, salt_size); + + ret = + gnutls_privkey_generate(pkey, GNUTLS_PK_RSA, 2048, 0); + if (ret < 0) { + fail("gnutls_privkey_generate: %s\n", gnutls_strerror(ret)); + } + + assert(gnutls_privkey_set_spki(pkey, spki, 0)>=0); + assert(gnutls_privkey_export_x509(pkey, &tkey) >=0); + gnutls_x509_spki_deinit(spki); + + gnutls_x509_privkey_export2_pkcs8(tkey, GNUTLS_X509_FMT_PEM, NULL, 0, &tmp); + + /* import RSA-PSS version of key */ + assert(gnutls_privkey_init(pkey_rsa_pss) >=0); + assert(gnutls_privkey_import_x509_raw(*pkey_rsa_pss, &tmp, GNUTLS_X509_FMT_PEM, NULL, 0) >= 0); + + gnutls_free(tmp.data); + + /* import RSA version of key */ + gnutls_x509_privkey_export2(tkey, GNUTLS_X509_FMT_PEM, &tmp); + assert(gnutls_privkey_init(pkey_rsa) >=0); + assert(gnutls_privkey_import_x509_raw(*pkey_rsa, &tmp, GNUTLS_X509_FMT_PEM, NULL, 0) >= 0); + + gnutls_x509_privkey_deinit(tkey); + gnutls_free(tmp.data); + gnutls_privkey_deinit(pkey); +} + +void doit(void) +{ + gnutls_privkey_t pkey_rsa_pss; + gnutls_privkey_t pkey_rsa; + gnutls_x509_spki_t spki; + int ret; + + ret = global_init(); + if (ret < 0) + fail("global_init: %d\n", ret); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + prepare_keys(&pkey_rsa_pss, &pkey_rsa, GNUTLS_DIG_SHA256, 32); + + sign_verify_data(GNUTLS_SIGN_RSA_PSS_SHA256, pkey_rsa_pss, 0, 0, 0, 0); + sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa, 0, 0, 0, 0); + sign_verify_data(GNUTLS_SIGN_RSA_PSS_SHA256, pkey_rsa, 0, 0, 0, 0); + + if (debug) + success("success signing with RSA-PSS-SHA256\n"); + + /* check whether the RSA-PSS key restrictions are being followed */ + inv_encryption_check(GNUTLS_PK_RSA_PSS, pkey_rsa_pss, GNUTLS_E_INVALID_REQUEST); + inv_sign_check(GNUTLS_SIGN_RSA_SHA512, pkey_rsa_pss, GNUTLS_E_CONSTRAINT_ERROR); + inv_sign_check(GNUTLS_SIGN_RSA_SHA256, pkey_rsa_pss, GNUTLS_E_CONSTRAINT_ERROR); + inv_sign_check(GNUTLS_SIGN_RSA_PSS_SHA384, pkey_rsa_pss, GNUTLS_E_CONSTRAINT_ERROR); + inv_sign_check(GNUTLS_SIGN_RSA_PSS_SHA512, pkey_rsa_pss, GNUTLS_E_CONSTRAINT_ERROR); + inv_sign_check(GNUTLS_SIGN_RSA_PSS_RSAE_SHA384, pkey_rsa_pss, GNUTLS_E_CONSTRAINT_ERROR); + inv_sign_check(GNUTLS_SIGN_RSA_PSS_RSAE_SHA512, pkey_rsa_pss, GNUTLS_E_CONSTRAINT_ERROR); + + /* check whether the RSA key is not being restricted */ + inv_sign_check(GNUTLS_SIGN_RSA_SHA512, pkey_rsa, 0); + inv_sign_check(GNUTLS_SIGN_RSA_SHA256, pkey_rsa, 0); + inv_sign_check(GNUTLS_SIGN_RSA_PSS_RSAE_SHA384, pkey_rsa, 0); + inv_sign_check(GNUTLS_SIGN_RSA_PSS_RSAE_SHA512, pkey_rsa, 0); + /* an RSA key can also generate "pure" for TLS RSA-PSS signatures + * as they are essentially the same thing, and we cannot always + * know whether a key is RSA-PSS only, or not (e.g., in PKCS#11 + * keys). */ + inv_sign_check(GNUTLS_SIGN_RSA_PSS_SHA384, pkey_rsa, 0); + inv_sign_check(GNUTLS_SIGN_RSA_PSS_SHA512, pkey_rsa, 0); + + gnutls_privkey_deinit(pkey_rsa_pss); + gnutls_privkey_deinit(pkey_rsa); + + /* Use the mismatched salt length with the digest length */ + prepare_keys(&pkey_rsa_pss, &pkey_rsa, GNUTLS_DIG_SHA256, 48); + + sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa_pss, + 0, 0, 0, 0); + sign_verify_data(GNUTLS_SIGN_RSA_PSS_SHA256, pkey_rsa_pss, + GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH, + 0, + GNUTLS_E_CONSTRAINT_ERROR, + 0); + sign_verify_data(GNUTLS_SIGN_RSA_PSS_SHA256, pkey_rsa_pss, + 0, + GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH, + 0, + GNUTLS_E_PK_SIG_VERIFY_FAILED); + + assert(gnutls_x509_spki_init(&spki)>=0); + gnutls_x509_spki_set_rsa_pss_params(spki, GNUTLS_DIG_SHA256, 48); + assert(gnutls_privkey_set_spki(pkey_rsa, spki, 0)>=0); + + sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa, 0, 0, 0, 0); + sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa, + GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH, + 0, + GNUTLS_E_CONSTRAINT_ERROR, + 0); + sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa, + 0, + GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH, + 0, + GNUTLS_E_PK_SIG_VERIFY_FAILED); + + gnutls_privkey_deinit(pkey_rsa_pss); + gnutls_privkey_deinit(pkey_rsa); + gnutls_x509_spki_deinit(spki); + + gnutls_global_deinit(); +} diff --git a/tests/safe-renegotiation/README b/tests/safe-renegotiation/README new file mode 100644 index 0000000..fee27e3 --- /dev/null +++ b/tests/safe-renegotiation/README @@ -0,0 +1,21 @@ +Testing safe renegotiation is relatively complex, here is a summary of +what we test and what how we believe it should work. + +srn0.c: + + This tests that the safe renegotiation extension is negotiated + properly by default on initial connections and on rehandshaked + connections. Consequently, it also verifies that rehandshaked + connections work with the extension enabled. + +srn4.c: + + This tests that clients without support for safe renegotiation is + able to handshake properly against a default GnuTLS server, but + that rehandshake will be refused by the server. + +srn5.c: + This tests that clients with support for safe renegotiation is able + to handshake properly against a server with no support for safe + renegotiation, but that the client will not be able to complete a + rehandshake. diff --git a/tests/safe-renegotiation/srn0.c b/tests/safe-renegotiation/srn0.c new file mode 100644 index 0000000..c583cd0 --- /dev/null +++ b/tests/safe-renegotiation/srn0.c @@ -0,0 +1,192 @@ +/* + * Copyright (C) 2008, 2010, 2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Code based on ../mini-x509-rehandshake.c. + * + * This tests that the safe renegotiation extension is negotiated + * properly by default on initial connections and on rehandshaked + * connections. Consequently, it also verifies that rehandshaked + * connections work with the extension enabled. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "../eagain-common.h" +#include "../utils.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +void doit(void) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (!gnutls_safe_renegotiation_status(client) || + !gnutls_safe_renegotiation_status(server)) { + tls_log_func(0, "Session not using safe renegotiation!\n"); + exit(1); + } + + if (!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION) || + !(gnutls_session_get_flags(server) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION)) { + tls_log_func(0, "Session not using safe renegotiation!\n"); + exit(1); + } + + sret = gnutls_rehandshake(server); + if (debug) { + tls_log_func(0, "gnutls_rehandshake (server)...\n"); + tls_log_func(0, gnutls_strerror(sret)); + tls_log_func(0, "\n"); + } + + { + ssize_t n; + char b[1]; + n = gnutls_record_recv(client, b, 1); + if (n != GNUTLS_E_REHANDSHAKE) + abort(); + } + + HANDSHAKE(client, server); + + if (!gnutls_safe_renegotiation_status(client) || + !gnutls_safe_renegotiation_status(server)) { + tls_log_func(0, + "Rehandshaked session not using safe renegotiation!\n"); + exit(1); + } + + if (!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION) || + !(gnutls_session_get_flags(server) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION)) { + tls_log_func(0, + "Rehandshaked session not using safe renegotiation!\n"); + exit(1); + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + if (debug) { + puts("Self-test successful"); + } + + return; +} diff --git a/tests/safe-renegotiation/srn1.c b/tests/safe-renegotiation/srn1.c new file mode 100644 index 0000000..3ace5bb --- /dev/null +++ b/tests/safe-renegotiation/srn1.c @@ -0,0 +1,165 @@ +/* + * Copyright (C) 2008, 2010, 2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Code based on ../mini-x509.c. + * + * This tests that a %INITIAL_SAFE_RENEGOTIATION server will reject + * handshakes against clients that do not support the extension. This + * is sort of the inverse of what srn3.c is testing. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "../eagain-common.h" +#include "../utils.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +void doit(void) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(5); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, "NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, + "NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION", + NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + /* Check that initially no session use the extension. */ + if (gnutls_safe_renegotiation_status(server) + || gnutls_safe_renegotiation_status(client)) { + puts("Client or server using extension before handshake?"); + abort(); + } + + if ((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION) || + (gnutls_session_get_flags(server) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION)) { + puts("Client or server using extension before handshake?"); + abort(); + } + + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, + GNUTLS_E_SAFE_RENEGOTIATION_FAILED); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + if (debug) { + puts("Self-test successful"); + } + + return; +} diff --git a/tests/safe-renegotiation/srn2.c b/tests/safe-renegotiation/srn2.c new file mode 100644 index 0000000..2757ddf --- /dev/null +++ b/tests/safe-renegotiation/srn2.c @@ -0,0 +1,243 @@ +/* + * Copyright (C) 2008, 2010, 2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Code based on ../mini-x509-rehandshake.c. + * + * Check that new APIs are behaving properly. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "../eagain-common.h" +#include "../utils.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +void doit(void) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + /* Check that initially no session use the extension. */ + if (gnutls_safe_renegotiation_status(server) + || gnutls_safe_renegotiation_status(client)) { + puts("Client or server using extension before handshake?"); + abort(); + } + + if ((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION) || + (gnutls_session_get_flags(server) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION)) { + puts("Client or server using extension before handshake?"); + abort(); + } + + HANDSHAKE(client, server); + + /* Check that both sessions use the extension. */ + if (!gnutls_safe_renegotiation_status(server) + || !gnutls_safe_renegotiation_status(client)) { + puts("Client or server not using safe renegotiation extension?"); + abort(); + } + + if (!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION) || + !(gnutls_session_get_flags(server) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION)) { + puts("Client or server not using safe renegotiation extension?"); + abort(); + } + + sret = gnutls_rehandshake(server); + if (debug) { + tls_log_func(0, "gnutls_rehandshake (server)...\n"); + tls_log_func(0, gnutls_strerror(sret)); + tls_log_func(0, "\n"); + } + + { + ssize_t n; + char b[1]; + n = gnutls_record_recv(client, b, 1); + if (n != GNUTLS_E_REHANDSHAKE) + abort(); + } + + HANDSHAKE(client, server); + + /* Check that session still use the extension. */ + if (!gnutls_safe_renegotiation_status(server) + || !gnutls_safe_renegotiation_status(client)) { + puts("Client or server not using safe renegotiation extension?"); + abort(); + } + + if (!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION) || + !(gnutls_session_get_flags(server) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION)) { + puts("Client or server not using safe renegotiation extension?"); + abort(); + } + + /* Check that this API does not affect anything after first + handshake. + gnutls_safe_negotiation_set_initial (server, 0); */ + + sret = gnutls_rehandshake(server); + if (debug) { + tls_log_func(0, "gnutls_rehandshake (server)...\n"); + tls_log_func(0, gnutls_strerror(sret)); + tls_log_func(0, "\n"); + } + + { + ssize_t n; + char b[1]; + n = gnutls_record_recv(client, b, 1); + if (n != GNUTLS_E_REHANDSHAKE) + abort(); + } + + HANDSHAKE(client, server); + + /* Check that disabling the extension will break rehandshakes. + gnutls_safe_renegotiation_set (client, 0); */ + + sret = gnutls_rehandshake(server); + if (debug) { + tls_log_func(0, "gnutls_rehandshake (server)...\n"); + tls_log_func(0, gnutls_strerror(sret)); + tls_log_func(0, "\n"); + } + + { + ssize_t n; + char b[1]; + n = gnutls_record_recv(client, b, 1); + if (n != GNUTLS_E_REHANDSHAKE) + abort(); + } + + HANDSHAKE(client, server); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + if (debug) { + puts("Self-test successful"); + } + + return; +} diff --git a/tests/safe-renegotiation/srn3.c b/tests/safe-renegotiation/srn3.c new file mode 100644 index 0000000..715f16c --- /dev/null +++ b/tests/safe-renegotiation/srn3.c @@ -0,0 +1,166 @@ +/* + * Copyright (C) 2008, 2010, 2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Code based on ../mini-x509.c. + * + * This tests that a %SAFE_RENEGOTIATION client will reject handshakes + * against servers that do not support the extension. This is sort of + * the inverse of what srn1.c is testing. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "../eagain-common.h" +#include "../utils.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +void doit(void) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, + "NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION", + NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + /* Check that initially no session use the extension. */ + if (gnutls_safe_renegotiation_status(server) + || gnutls_safe_renegotiation_status(client)) { + puts("Client or server using extension before handshake?"); + abort(); + } + + if ((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION) || + (gnutls_session_get_flags(server) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION)) { + puts("Client or server using extension before handshake?"); + abort(); + } + + HANDSHAKE_EXPECT(client, server, + GNUTLS_E_SAFE_RENEGOTIATION_FAILED, + GNUTLS_E_AGAIN); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + if (debug) { + puts("Self-test successful"); + } + + return; +} diff --git a/tests/safe-renegotiation/srn4.c b/tests/safe-renegotiation/srn4.c new file mode 100644 index 0000000..cbb20a0 --- /dev/null +++ b/tests/safe-renegotiation/srn4.c @@ -0,0 +1,196 @@ +/* + * Copyright (C) 2008, 2010, 2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Code based on srn0.c. + * + * This tests that clients without support for safe renegotiation is + * able to handshake properly against a default GnuTLS server, but + * that rehandshake will be refused by the server. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "../eagain-common.h" +#include "../utils.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +void doit(void) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, + "NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION", + NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_safe_renegotiation_status(client) || + gnutls_safe_renegotiation_status(server)) { + tls_log_func(0, + "Session using safe renegotiation but shouldn't!\n"); + exit(1); + } + + if ((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION) || + (gnutls_session_get_flags(server) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION)) { + tls_log_func(0, + "Session using safe renegotiation but shouldn't!\n"); + exit(1); + } + + sret = gnutls_rehandshake(server); + if (debug) { + tls_log_func(0, "gnutls_rehandshake (server)...\n"); + tls_log_func(0, gnutls_strerror(sret)); + tls_log_func(0, "\n"); + } + + { + ssize_t n; + char b[1]; + n = gnutls_record_recv(client, b, 1); + if (n != GNUTLS_E_REHANDSHAKE) + abort(); + } + + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, + GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED); + + if (gnutls_safe_renegotiation_status(client) || + gnutls_safe_renegotiation_status(server)) { + tls_log_func(0, + "Rehandshaked session using safe renegotiation!\n"); + exit(1); + } + + if ((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION) || + (gnutls_session_get_flags(server) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION)) { + tls_log_func(0, + "Rehandshaked session using safe renegotiation!\n"); + exit(1); + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + if (debug) { + puts("Self-test successful"); + } + + return; +} diff --git a/tests/safe-renegotiation/srn5.c b/tests/safe-renegotiation/srn5.c new file mode 100644 index 0000000..0528bac --- /dev/null +++ b/tests/safe-renegotiation/srn5.c @@ -0,0 +1,203 @@ +/* + * Copyright (C) 2008, 2010, 2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Code based on srn0.c. + * + * This tests that clients with support for safe renegotiation is able + * to handshake properly against a server with no support for safe + * renegotiation, but that the client will not be able to complete a + * rehandshake. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "../eagain-common.h" +#include "../utils.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +void doit(void) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, + "NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_safe_renegotiation_status(client)) { + tls_log_func(0, + "Client thinks it is using safe renegotiation!\n"); + exit(1); + } + + if (gnutls_safe_renegotiation_status(server)) { + tls_log_func(0, + "Server thinks it is using safe renegotiation!\n"); + exit(1); + } + + if ((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION) || + (gnutls_session_get_flags(server) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION)) { + tls_log_func(0, + "Server or client thinks it is using safe renegotiation!\n"); + exit(1); + } + + sret = gnutls_rehandshake(server); + if (debug) { + tls_log_func(0, "gnutls_rehandshake (server)...\n"); + tls_log_func(0, gnutls_strerror(sret)); + tls_log_func(0, "\n"); + } + + { + ssize_t n; + char b[1]; + n = gnutls_record_recv(client, b, 1); + if (n != GNUTLS_E_REHANDSHAKE) + abort(); + } + + HANDSHAKE_EXPECT(client, server, + GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, + GNUTLS_E_AGAIN); + + if (gnutls_safe_renegotiation_status(client) || + gnutls_safe_renegotiation_status(server)) { + tls_log_func(0, + "Rehandshaked session using safe renegotiation!\n"); + exit(1); + } + + if ((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION) || + (gnutls_session_get_flags(server) & GNUTLS_SFLAGS_SAFE_RENEGOTIATION)) { + tls_log_func(0, + "Rehandshaked session using safe renegotiation!\n"); + exit(1); + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + if (debug) { + puts("Self-test successful"); + } + + return; +} diff --git a/tests/sanity-cpp.cpp b/tests/sanity-cpp.cpp new file mode 100644 index 0000000..4526893 --- /dev/null +++ b/tests/sanity-cpp.cpp @@ -0,0 +1,246 @@ +/* + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +extern "C" { +#include +#include +#include +#include +#include +#include "cert-common.h" +#include +#include +#include +} + +/* This is a basic test for C++ API */ +static void tls_log_func(int level, const char *str) +{ + std::cerr << level << "| " << str << "\n"; +} + +static char to_server[64 * 1024]; +static size_t to_server_len = 0; + +static char to_client[64 * 1024]; +static size_t to_client_len = 0; + +static ssize_t +client_push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + size_t newlen; + + len = MIN(len, sizeof(to_server) - to_server_len); + + newlen = to_server_len + len; + memcpy(to_server + to_server_len, data, len); + to_server_len = newlen; + + return len; +} + +static ssize_t +client_pull(gnutls_transport_ptr_t tr, void *data, size_t len) +{ + if (to_client_len == 0) { + gnutls_transport_set_errno ((gnutls_session_t)tr, EAGAIN); + return -1; + } + + len = MIN(len, to_client_len); + + memcpy(data, to_client, len); + + memmove(to_client, to_client + len, to_client_len - len); + to_client_len -= len; + return len; +} + +static ssize_t +server_pull(gnutls_transport_ptr_t tr, void *data, size_t len) +{ + if (to_server_len == 0) { + gnutls_transport_set_errno ((gnutls_session_t)tr, EAGAIN); + return -1; + } + + len = MIN(len, to_server_len); + memcpy(data, to_server, len); + + memmove(to_server, to_server + len, to_server_len - len); + to_server_len -= len; + + return len; +} + +static ssize_t +server_push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + size_t newlen; + + len = MIN(len, sizeof(to_client) - to_client_len); + + newlen = to_client_len + len; + memcpy(to_client + to_client_len, data, len); + to_client_len = newlen; + + return len; +} + +inline static void reset_buffers(void) +{ + to_server_len = 0; + to_client_len = 0; +} + +#define MSG "test message" +static void test_handshake(void **glob_state, const char *prio, + gnutls::server_session& server, gnutls::client_session& client) +{ + gnutls::certificate_credentials serverx509cred; + int sret, cret; + gnutls::certificate_credentials clientx509cred; + char buffer[64]; + int ret; + + /* General init. */ + reset_buffers(); + gnutls_global_set_log_function(tls_log_func); + + try { + serverx509cred.set_x509_key(server_cert, server_key, GNUTLS_X509_FMT_PEM); + server.set_credentials(serverx509cred); + + server.set_priority(prio, NULL); + + server.set_transport_push_function(server_push); + server.set_transport_pull_function(server_pull); + server.set_transport_ptr(server.ptr()); + + client.set_priority(prio, NULL); + client.set_credentials(clientx509cred); + + client.set_transport_push_function(client_push); + client.set_transport_pull_function(client_pull); + client.set_transport_ptr(client.ptr()); + } + catch (std::exception &ex) { + std::cerr << "Exception caught: " << ex.what() << std::endl; + fail(); + } + + sret = cret = GNUTLS_E_AGAIN; + + do { + if (cret == GNUTLS_E_AGAIN) { + try { + cret = client.handshake(); + } catch(gnutls::exception &ex) { + cret = ex.get_code(); + if (cret == GNUTLS_E_INTERRUPTED || cret == GNUTLS_E_AGAIN) + cret = GNUTLS_E_AGAIN; + } + } + if (sret == GNUTLS_E_AGAIN) { + try { + sret = server.handshake(); + } catch(gnutls::exception &ex) { + sret = ex.get_code(); + if (sret == GNUTLS_E_INTERRUPTED || sret == GNUTLS_E_AGAIN) + sret = GNUTLS_E_AGAIN; + } + } + } + while ((cret == GNUTLS_E_AGAIN || (cret == 0 && sret == GNUTLS_E_AGAIN)) && + (sret == GNUTLS_E_AGAIN || (sret == 0 && cret == GNUTLS_E_AGAIN))); + + if (sret < 0 || cret < 0) { + fail(); + } + + try { + client.send(MSG, sizeof(MSG)-1); + ret = server.recv(buffer, sizeof(buffer)); + + assert(ret == sizeof(MSG)-1); + assert(memcmp(buffer, MSG, sizeof(MSG)-1) == 0); + + client.bye(GNUTLS_SHUT_WR); + server.bye(GNUTLS_SHUT_WR); + } + catch (std::exception &ex) { + std::cerr << "Exception caught: " << ex.what() << std::endl; + fail(); + } + + return; +} + +static void tls_handshake(void **glob_state) +{ + gnutls::server_session server; + gnutls::client_session client; + + test_handshake(glob_state, "NORMAL", server, client); +} + +static void tls_handshake_alt(void **glob_state) +{ + gnutls::server_session server(0); + gnutls::client_session client(0); + + test_handshake(glob_state, "NORMAL", server, client); +} + +static void tls12_handshake(void **glob_state) +{ + gnutls::server_session server; + gnutls::client_session client; + + test_handshake(glob_state, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2", server, client); +} + +static void tls13_handshake(void **glob_state) +{ + gnutls::server_session server; + gnutls::client_session client; + + test_handshake(glob_state, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", server, client); +} + +int main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(tls_handshake), + cmocka_unit_test(tls_handshake_alt), + cmocka_unit_test(tls13_handshake), + cmocka_unit_test(tls12_handshake) + }; + return cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/tests/sanity-lib.sh b/tests/sanity-lib.sh new file mode 100644 index 0000000..1e36127 --- /dev/null +++ b/tests/sanity-lib.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +# Copyright (C) 2022 Red Hat, Inc. +# +# Author: Daiki Ueno +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${top_builddir=..} +: ${CLI_DEBUG=../src/gnutls-cli-debug${EXEEXT}} +: ${LDD=ldd} +: ${LIBTOOL=libtool} + +if ! test -x "${CLI_DEBUG}"; then + exit 77 +fi + +# ldd.sh doesn't check recursive dependencies +${LDD} --version >/dev/null || exit 77 + +# We use gnutls-cli-debug, as it has the fewest dependencies among our +# commands (e.g., gnutls-cli pulls in OpenSSL through libunbound). +if ${LIBTOOL} --mode=execute ${LDD} ${CLI_DEBUG} | \ + grep '^[[:space:]]*\(libcrypto\.\|libssl\.\|libgcrypt\.\)'; then + echo "gnutls-cli-debug links to other crypto library" + exit 1 +fi diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh new file mode 100644 index 0000000..bac8102 --- /dev/null +++ b/tests/scripts/common.sh @@ -0,0 +1,284 @@ +# Copyright (C) 2011-2016 Free Software Foundation, Inc. +# Copyright (C) 2015-2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# The launch_server() function was contributed by Cedric Arbogast. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +export TZ="UTC" + +# Check for a utility to list ports. Both ss and netstat will list +# ports for normal users, and have similar semantics, so put the +# command in the caller's PFCMD, or exit, indicating an unsupported +# test. Prefer ss from iproute2 over the older netstat. +have_port_finder() { + # Prefer PFCMD if set + if test "${PFCMD+set}" = set; then + return + fi + + if (ss --version) > /dev/null 2>&1; then + PFCMD=ss + return + fi + + # 'ss' might be installed in /sbin + for dir in /sbin /usr/sbin /usr/local/sbin; do + if ($dir/ss --version) > /dev/null 2>&1; then + PFCMD=$dir/ss + return + fi + done + + # We can't assume netstat --version for portability reasons + if (type netstat) > /dev/null 2>&1; then + PFCMD=netstat + return + fi + + echo "neither ss nor netstat found" 1>&2 + exit 77 +} + +reserve_port() { + local PORT=$1 + mkdir "$abs_top_builddir/tests/port.lock.d.$PORT" > /dev/null 2>&1 || return 1 + echo "reserved port $PORT" + trap "unreserve_port $PORT" 0 1 15 2 +} + +unreserve_port() { + local PORT=$1 + echo "unreserved port $PORT" + rmdir "$abs_top_builddir/tests/port.lock.d.$PORT" > /dev/null 2>&1 || : +} + +check_if_port_in_use() { + local PORT=$1 + reserve_port $PORT + have_port_finder + if ! $PFCMD -an|grep "[\:\.]$PORT" >/dev/null 2>&1; then + return 1 + fi + unreserve_port $PORT +} + +check_if_port_listening() { + local PORT=$1 + have_port_finder + $PFCMD -anl|grep "[\:\.]$PORT"|grep LISTEN >/dev/null 2>&1 +} + +# Find a port number not currently in use. +GETPORT=' + rc=0 + while test $rc = 0; do + unset myrandom + if test -n "$RANDOM"; then myrandom=$(($RANDOM + $RANDOM)); fi + if test -z "$myrandom"; then myrandom=$(date +%N | sed s/^0*//); fi + if test -z "$myrandom"; then myrandom=0; fi + PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))" + check_if_port_in_use $PORT;rc=$? + done +' + +check_for_datefudge() { + # On certain platforms running datefudge date fails (e.g., x86 datefudge + # with x86-64 date app). + if test "${SKIP_DATEFUDGE_CHECK}" = 1;then + return + fi + + TSTAMP=`datefudge -s "2006-09-23" "${top_builddir}/tests/datefudge-check" || true` + if test "$TSTAMP" != "1158969600" || test "$WINDOWS" = 1; then + return 1 + fi +} + +skip_if_no_datefudge() { + if ! check_for_datefudge; then + echo "You need datefudge to run this test" + exit 77 + fi +} + +fail() { + PID="$1" + shift + echo "Failure: $1" >&2 + [ -n "${PID}" ] && kill ${PID} + exit 1 +} + +exit_if_non_x86() +{ + if (lscpu --version) >/dev/null 2>&1 && \ + ! lscpu 2>/dev/null | grep 'Architecture:[ ]*x86' >/dev/null; then + echo "non-x86 CPU detected" + exit + fi +} + +exit_if_non_padlock() +{ + if (lscpu --version) >/dev/null 2>&1 && \ + ! lscpu 2>/dev/null | grep 'Flags:[ ]*phe' >/dev/null; then + echo "non-Via padlock CPU detected" + exit + fi +} + +wait_for_port() +{ + local ret + local PORT="$1" + sleep 1 + + local i=0 + while test $i -lt 90; do + check_if_port_listening ${PORT} + ret=$? + if test $ret = 0;then + break + fi + i=`expr $i + 1` + check_if_port_in_use ${PORT} + echo "try $i: waiting for port" + sleep 2 + done + return $ret +} + +wait_for_free_port() +{ + local ret + local PORT="$1" + + for i in 1 2 3 4 5 6;do + check_if_port_in_use ${PORT} + ret=$? + if test $ret != 0;then + break + else + sleep 2 + fi + done + return $ret +} + +launch_bare_server() { + wait_for_free_port "$PORT" + "$@" >${LOGFILE-/dev/null} & +} + +launch_server() { + launch_bare_server $VALGRIND $SERV $DEBUG -p "$PORT" "$@" +} + +wait_server() { + local PID=$1 + trap "test -n \"${PID}\" && kill ${PID}; exit 1" 1 15 2 + wait_for_port $PORT + if test $? != 0;then + echo "Server $PORT did not come up" + kill $PID + exit 1 + fi +} + +wait_udp_server() { + local PID=$1 + trap "test -n \"${PID}\" && kill ${PID};exit 1" 1 15 2 + sleep 4 +} + +create_testdir() { + local PREFIX=$1 + d=`mktemp -d -t ${PREFIX}.XXXXXX` + if test $? -ne 0; then + d=${TMPDIR}/${PREFIX}.$$ + mkdir "$d" || exit 1 + fi + trap "test -e \"$d\" && rm -rf \"$d\"" 1 15 2 + echo "$d" +} + +wait_for_file() { + local filename="$1" + local timeout="$2" + + local loops=$((timeout * 10)) loop=0 + + while test $loop -lt $loops; do + [ -f "$filename" ] && { + #allow file to be written to + sleep 0.2 + return 1 + } + sleep 0.1 + loop=$((loop+1)) + done + return 0 +} + +# Kill a process quietly +# @1: signal, e.g. -9 +# @2: pid +kill_quiet() { + local sig="$1" + local pid="$2" + + sh -c "kill $sig $pid 2>/dev/null" + return $? +} + +# Terminate a process first using SIGTERM, wait 1s and if still avive use +# SIGKILL +# @1: pid +terminate_proc() { + local pid="$1" + + local ctr=0 + + kill_quiet -15 $pid + while [ $ctr -lt 10 ]; do + sleep 0.1 + kill -0 $pid 2>/dev/null + [ $? -ne 0 ] && return + ctr=$((ctr + 1)) + done + kill_quiet -9 $pid + sleep 0.1 +} + +# $1, $2: the two files to check for equality +# $3: Strings to be ignored, separated by | +check_if_equal() { + if test -n "$3"; then + local tmp1=`basename "$1"`"1.tmp" + local tmp2=`basename "$2"`"2.tmp" + egrep -v "$3" "$1" | tr -d '\r' >"$tmp1" + egrep -v "$3" "$2" | tr -d '\r' >"$tmp2" + diff -b -B "$tmp1" "$tmp2" + local rc=$? + rm -f "$tmp1" "$tmp2" + return $rc + fi + + diff -b -B "$1" "$2" + return $? +} diff --git a/tests/scripts/starttls-common.sh b/tests/scripts/starttls-common.sh new file mode 100755 index 0000000..0fa13f1 --- /dev/null +++ b/tests/scripts/starttls-common.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +if test ! -x /usr/bin/socat;then + exit 77 +fi + +for file in `which chat` /sbin/chat /usr/sbin/chat /usr/local/sbin/chat +do + if test -x "$file" + then + CHAT="$file" + break + fi +done + +if test -z "$CHAT" +then + echo "chat not found" + exit 77 +fi + diff --git a/tests/sec-params.c b/tests/sec-params.c new file mode 100644 index 0000000..69c39aa --- /dev/null +++ b/tests/sec-params.c @@ -0,0 +1,110 @@ +/* + * Copyright (C) 2014 Red Hat + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include + +int main(int argc, char *argv[]) +{ +int ret; +gnutls_sec_param_t p; + + ret = global_init(); + if (ret != 0) { + printf("%d: %s\n", ret, gnutls_strerror(ret)); + return EXIT_FAILURE; + } + + p = gnutls_pk_bits_to_sec_param(GNUTLS_PK_EC, 160); + if (p != GNUTLS_SEC_PARAM_LOW) { + fprintf(stderr, "%d: error in sec param, p:%u\n", __LINE__, (unsigned)p); + return 1; + } + + p = gnutls_pk_bits_to_sec_param(GNUTLS_PK_EC, 192); + if (p != GNUTLS_SEC_PARAM_LEGACY) { + fprintf(stderr, "%d: error in sec param, p:%u\n", __LINE__, (unsigned)p); + return 1; + } + + p = gnutls_pk_bits_to_sec_param(GNUTLS_PK_EC, 256); + if (p != GNUTLS_SEC_PARAM_HIGH) { + fprintf(stderr, "%d: error in sec param, p:%u\n", __LINE__, (unsigned)p); + return 1; + } + + p = gnutls_pk_bits_to_sec_param(GNUTLS_PK_EC, 384); + if (p != GNUTLS_SEC_PARAM_ULTRA) { + fprintf(stderr, "%d: error in sec param, p:%u\n", __LINE__, (unsigned)p); + return 1; + } + + p = gnutls_pk_bits_to_sec_param(GNUTLS_PK_RSA, 1024); +#ifdef ENABLE_FIPS140 + if (p != GNUTLS_SEC_PARAM_LEGACY) { +#else + if (p != GNUTLS_SEC_PARAM_LOW) { +#endif + fprintf(stderr, "%d: error in sec param, p:%u\n", __LINE__, (unsigned)p); + return 1; + } + + p = gnutls_pk_bits_to_sec_param(GNUTLS_PK_RSA, 2048); + if (p != GNUTLS_SEC_PARAM_MEDIUM) { + fprintf(stderr, "%d: error in sec param, p:%u\n", __LINE__, (unsigned)p); + return 1; + } + + p = gnutls_pk_bits_to_sec_param(GNUTLS_PK_RSA, 3072); + if (p != GNUTLS_SEC_PARAM_HIGH) { + fprintf(stderr, "%d: error in sec param, p:%u\n", __LINE__, (unsigned)p); + return 1; + } + + p = gnutls_pk_bits_to_sec_param(GNUTLS_PK_DH, 1024); +#ifdef ENABLE_FIPS140 + if (p != GNUTLS_SEC_PARAM_LEGACY) { +#else + if (p != GNUTLS_SEC_PARAM_LOW) { +#endif + fprintf(stderr, "%d: error in sec param, p:%u\n", __LINE__, (unsigned)p); + return 1; + } + + p = gnutls_pk_bits_to_sec_param(GNUTLS_PK_DH, 2048); + if (p != GNUTLS_SEC_PARAM_MEDIUM) { + fprintf(stderr, "%d: error in sec param, p:%u\n", __LINE__, (unsigned)p); + return 1; + } + + gnutls_global_deinit(); + + return 0; +} diff --git a/tests/seccomp.c b/tests/seccomp.c new file mode 100644 index 0000000..210fc9f --- /dev/null +++ b/tests/seccomp.c @@ -0,0 +1,122 @@ +/* + * Copyright (C) 2013 Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS test suite. + * + * ocserv is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 2 of the License, or + * (at your option) any later version. + * + * ocserv is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include "utils.h" + +#ifdef HAVE_LIBSECCOMP + +#include +#include +#include +#if defined(__linux__) +# include +#endif + +int disable_system_calls(void) +{ + int ret; + scmp_filter_ctx ctx; + + /*ctx = seccomp_init(SCMP_ACT_ERRNO(EPERM));*/ + ctx = seccomp_init(SCMP_ACT_TRAP); + if (ctx == NULL) { + fprintf(stderr, "could not initialize seccomp"); + return -1; + } + +#define ADD_SYSCALL(name, ...) \ + ret = seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(name), __VA_ARGS__); \ + /* libseccomp returns EDOM for pseudo-syscalls due to a bug */ \ + if (ret < 0 && ret != -EDOM) { \ + fprintf(stderr, "could not add " #name " to seccomp filter: %s", strerror(-ret)); \ + ret = -1; \ + goto fail; \ + } + + ADD_SYSCALL(nanosleep, 0); + ADD_SYSCALL(clock_nanosleep, 0); + ADD_SYSCALL(time, 0); + ADD_SYSCALL(getpid, 0); + ADD_SYSCALL(gettimeofday, 0); +#if defined(HAVE_CLOCK_GETTIME) + ADD_SYSCALL(clock_gettime, 0); +#endif + + ADD_SYSCALL(getrusage, 0); + + /* recv/send for the default pull/push functions. It is unknown + * which syscall is used by libc and varies from system to system + * so we enable all */ + ADD_SYSCALL(recvmsg, 0); + ADD_SYSCALL(sendmsg, 0); + ADD_SYSCALL(send, 0); + ADD_SYSCALL(recv, 0); + ADD_SYSCALL(sendto, 0); + ADD_SYSCALL(recvfrom, 0); + + /* to read from /dev/urandom */ + ADD_SYSCALL(read, 0); +#ifdef SYS_getrandom + ADD_SYSCALL(getrandom, 0); +#endif + + /* we use it in select */ + ADD_SYSCALL(sigprocmask, 0); + ADD_SYSCALL(rt_sigprocmask, 0); + + /* used in to detect reading timeouts */ + ADD_SYSCALL(poll, 0); + + /* for memory allocation */ + ADD_SYSCALL(brk, 0); + + /* the following are for generic operations, not specific to + * gnutls. */ + ADD_SYSCALL(close, 0); + ADD_SYSCALL(exit, 0); + ADD_SYSCALL(exit_group, 0); + + /* allow returning from signal handlers */ + ADD_SYSCALL(sigreturn, 0); + ADD_SYSCALL(rt_sigreturn, 0); + + /* used by gl_once_t implementation with pthread */ + ADD_SYSCALL(futex, 0); + + ret = seccomp_load(ctx); + if (ret < 0) { + fprintf(stderr, "could not load seccomp filter"); + ret = -1; + goto fail; + } + + ret = 0; + +fail: + seccomp_release(ctx); + return ret; +} +#else +int disable_system_calls(void) +{ + return 0; +} +#endif diff --git a/tests/send-client-cert.c b/tests/send-client-cert.c new file mode 100644 index 0000000..34f8f0b --- /dev/null +++ b/tests/send-client-cert.c @@ -0,0 +1,194 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +/* This test checks whether the client switching certificates is detected + * by the server */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#include "cert-common.h" + +#define SENT 0 +#define NOT_SENT 1 + +enum { + INCORRECT_CA_FORCE = 0, + INCORRECT_CA = 1, + CORRECT_CA = 2, + NO_CA = 3 +}; + +static void try(const char *prio, unsigned expect, unsigned ca_type) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_dh_params_t dh_params; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + unsigned flags = 0; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_ca3_cert_chain, &server_ca3_key, + GNUTLS_X509_FMT_PEM); + + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params(serverx509cred, dh_params); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + if (ca_type == CORRECT_CA) { + ret = gnutls_certificate_set_x509_trust_mem(serverx509cred, &ca3_cert, GNUTLS_X509_FMT_PEM); + } else if (ca_type == INCORRECT_CA || ca_type == INCORRECT_CA_FORCE) { + ret = gnutls_certificate_set_x509_trust_mem(serverx509cred, &unknown_ca_cert, GNUTLS_X509_FMT_PEM); + } else if (ca_type == NO_CA) { + ret = 0; + } else { + abort(); + } + ret = 0; + if (ret < 0) + exit(1); + + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + assert(gnutls_priority_set_direct(server, prio, NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_key_mem(clientx509cred, + &cli_ca3_cert_chain, &cli_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + if (ca_type == INCORRECT_CA_FORCE) { + flags |= GNUTLS_FORCE_CLIENT_CERT; + } + + ret = gnutls_init(&client, GNUTLS_CLIENT|flags); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, prio, NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + success("Testing CA type %d, expecting %s\n", ca_type, expect==SENT?"sent":"not sent"); + + HANDSHAKE(client, server); + + if (expect == SENT) { + if (gnutls_certificate_get_ours(client) == NULL) { + fail("Test %d: client didn't send any certificate\n", ca_type); + exit(1); + } + } else { + if (gnutls_certificate_get_ours(client) != NULL) { + fail("Test %d: client sent a certificate, although not expected\n", ca_type); + exit(1); + } + } + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + gnutls_dh_params_deinit(dh_params); +} + +static void start(const char *prio) +{ + global_init(); + + success("trying %s\n", prio); + + try(prio, SENT, NO_CA); + try(prio, SENT, CORRECT_CA); + try(prio, NOT_SENT, INCORRECT_CA); + try(prio, SENT, INCORRECT_CA_FORCE); + gnutls_global_deinit(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} diff --git a/tests/send-data-before-handshake.c b/tests/send-data-before-handshake.c new file mode 100644 index 0000000..b2ab6aa --- /dev/null +++ b/tests/send-data-before-handshake.c @@ -0,0 +1,293 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "utils.h" + +/* This program tests that a client cannot send any unencrypted data + * during the handshake process. That is to ensure we protect buggy clients + * from transmitting sensitive data over the wire. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + int ret; + char c = 0; + + if (htype == GNUTLS_HANDSHAKE_FINISHED) + return 0; + + /* sending */ + ret = gnutls_record_send(session, &c, 1); + if (ret != GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE) { + fail("gnutls_record_send returned %s/%d at %s\n", gnutls_strerror(ret), ret, gnutls_handshake_description_get_name(htype)); + } else { + success("expected behavior after %s\n", gnutls_handshake_description_get_name(htype)); + } + + return 0; +} + + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_PRE, + handshake_callback); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) { + /* success */ + goto end; + } + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + /* failure is expected here */ + goto end; + } + + if (debug) { + success("server: Handshake was completed\n"); + } + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static +void start(const char *prio) +{ + int fd[2]; + int ret, status = 0; + + success("trying %s\n", prio); + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + client(fd[0], prio); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1], prio); + exit(0); + } +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} + +#endif /* _WIN32 */ diff --git a/tests/serv-udp.sh b/tests/serv-udp.sh new file mode 100755 index 0000000..bccc34c --- /dev/null +++ b/tests/serv-udp.sh @@ -0,0 +1,71 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +echo "Checking whether UDP server works" + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +eval "${GETPORT}" +launch_server --x509keyfile ${KEY1} --x509certfile ${CERT1} --udp -d 2 +PID=$! + +wait_udp_server $PID + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --insecure --udp /dev/null || \ + fail ${PID} "1. handshake should have succeeded!" + +#retry +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --insecure --udp /dev/null || \ + fail ${PID} "2. handshake should have succeeded!" + + +kill ${PID} +wait + +exit 0 diff --git a/tests/server-kx-neg-common.c b/tests/server-kx-neg-common.c new file mode 100644 index 0000000..961d160 --- /dev/null +++ b/tests/server-kx-neg-common.c @@ -0,0 +1,278 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ +#include + +typedef struct test_case_st { + const char *name; + int server_ret; + int client_ret; + unsigned have_anon_cred; + unsigned have_anon_dh_params; + unsigned have_anon_exp_dh_params; + unsigned have_srp_cred; + unsigned have_psk_cred; + unsigned have_psk_dh_params; + unsigned have_psk_exp_dh_params; + unsigned have_cert_cred; + unsigned have_cert_dh_params; + unsigned have_cert_exp_dh_params; + unsigned have_rsa_sign_cert; + unsigned have_ecc_sign_cert; + unsigned have_ed25519_sign_cert; + unsigned have_rsa_decrypt_cert; + unsigned have_gost12_256_cert; + unsigned have_gost12_512_cert; + unsigned not_on_fips; + unsigned exp_version; + const char *client_prio; + const char *server_prio; +} test_case_st; + +static int +serv_psk_func(gnutls_session_t session, const char *username, + gnutls_datum_t * key) { + key->data = gnutls_malloc(4); + assert(key->data != NULL); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; +} + +#define SALT_TEST1 "3a3xX3Myzb9YJn5X0R7sbx" +#define VERIF_TEST1 "CEqjUZBlkQCocfOR0E4AsPZKOFYPGjKFMHW7KDcnpE4sH4.iGMbkygb/bViRNjskF9/TQdD46Mvlt6pLs5MZoTn8mO3G.RGyXdWuIrhnVn29p41Cpc5RhTLaeUm3asW6LF60VTKnGERC0eB37xZUsaTpzmaTNdD4mOoYCN3bD9Y" +#define PRIME "Ewl2hcjiutMd3Fu2lgFnUXWSc67TVyy2vwYCKoS9MLsrdJVT9RgWTCuEqWJrfB6uE3LsE9GkOlaZabS7M29sj5TnzUqOLJMjiwEzArfiLr9WbMRANlF68N5AVLcPWvNx6Zjl3m5Scp0BzJBz9TkgfhzKJZ.WtP3Mv/67I/0wmRZ" +gnutls_datum_t tprime = +{ + .data = (void*)PRIME, + .size = sizeof(PRIME)-1 +}; + +gnutls_datum_t test1_verif = +{ + .data = (void*)VERIF_TEST1, + .size = sizeof(VERIF_TEST1)-1 +}; + +gnutls_datum_t test1_salt = +{ + .data = (void*)SALT_TEST1, + .size = sizeof(SALT_TEST1)-1 +}; + +const char *side; +#define switch_side(str) side = str + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static int +serv_srp_func(gnutls_session_t session, const char *username, + gnutls_datum_t *salt, gnutls_datum_t *verifier, gnutls_datum_t *generator, + gnutls_datum_t *prime) +{ + int ret; + if (debug) + printf("srp: username %s\n", username); + + generator->data = gnutls_malloc(1); + generator->data[0] = 2; + generator->size = 1; + + ret = gnutls_srp_base64_decode2(&tprime, prime); + if (ret < 0) + fail("error in gnutls_srp_base64_decode2 -prime\n"); + + if (strcmp(username, "test1") == 0) { + ret = gnutls_srp_base64_decode2(&test1_verif, verifier); + if (ret < 0) + fail("error in gnutls_srp_base64_decode2 -verif\n"); + + + ret = gnutls_srp_base64_decode2(&test1_salt, salt); + if (ret < 0) + fail("error in gnutls_srp_base64_decode2 -salt\n"); + } else { + fail("Unknown username %s\n", username); + } + + return 0; +} + +static void try(test_case_st *test) +{ + int sret, cret, ret; + gnutls_anon_client_credentials_t c_anon_cred; + gnutls_anon_server_credentials_t s_anon_cred; + gnutls_psk_client_credentials_t c_psk_cred; + gnutls_psk_server_credentials_t s_psk_cred; + gnutls_certificate_credentials_t s_cert_cred; + gnutls_certificate_credentials_t c_cert_cred; + gnutls_srp_server_credentials_t s_srp_cred; + gnutls_srp_client_credentials_t c_srp_cred; + const gnutls_datum_t p3_2048 = + { (void *)pkcs3_2048, strlen(pkcs3_2048) }; + gnutls_dh_params_t dh_params = NULL; + + gnutls_session_t server, client; + const gnutls_datum_t pskkey = { (void *) "DEADBEEF", 8 }; + + if (test->not_on_fips && gnutls_fips140_mode_enabled()) { + success("Skipping %s...\n", test->name); + return; + } + + success("Running %s...\n", test->name); + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_anon_allocate_client_credentials(&c_anon_cred) >= 0); + assert(gnutls_anon_allocate_server_credentials(&s_anon_cred) >= 0); + assert(gnutls_psk_allocate_client_credentials(&c_psk_cred) >= 0); + assert(gnutls_psk_allocate_server_credentials(&s_psk_cred) >= 0); + assert(gnutls_srp_allocate_client_credentials(&c_srp_cred) >= 0); + assert(gnutls_srp_allocate_server_credentials(&s_srp_cred) >= 0); + assert(gnutls_certificate_allocate_credentials(&s_cert_cred) >= 0); + assert(gnutls_certificate_allocate_credentials(&c_cert_cred) >= 0); + assert(gnutls_dh_params_init(&dh_params) >= 0); + + assert(gnutls_init(&server, GNUTLS_SERVER)>=0); + assert(gnutls_init(&client, GNUTLS_CLIENT)>=0); + + if (test->have_anon_cred) { + gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anon_cred); + if (test->have_anon_dh_params) + gnutls_anon_set_server_known_dh_params(s_anon_cred, GNUTLS_SEC_PARAM_MEDIUM); + else if (test->have_anon_exp_dh_params) { + ret = gnutls_dh_params_import_pkcs3(dh_params, &p3_2048, + GNUTLS_X509_FMT_PEM); + assert(ret>=0); + gnutls_anon_set_server_dh_params(s_anon_cred, dh_params); + } + } + + if (test->have_cert_cred) { + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_cert_cred); + if (test->have_cert_dh_params) + gnutls_certificate_set_known_dh_params(s_cert_cred, GNUTLS_SEC_PARAM_MEDIUM); + else if (test->have_cert_exp_dh_params) { + ret = gnutls_dh_params_import_pkcs3(dh_params, &p3_2048, + GNUTLS_X509_FMT_PEM); + assert(ret>=0); + gnutls_certificate_set_dh_params(s_cert_cred, dh_params); + } + } + + if (test->have_psk_cred) { + gnutls_credentials_set(server, GNUTLS_CRD_PSK, s_psk_cred); + if (test->have_psk_dh_params) + gnutls_psk_set_server_known_dh_params(s_psk_cred, GNUTLS_SEC_PARAM_MEDIUM); + else if (test->have_psk_exp_dh_params) { + ret = gnutls_dh_params_import_pkcs3(dh_params, &p3_2048, + GNUTLS_X509_FMT_PEM); + assert(ret>=0); + gnutls_psk_set_server_dh_params(s_psk_cred, dh_params); + } + + gnutls_psk_set_server_credentials_function(s_psk_cred, serv_psk_func); + } + + if (test->have_srp_cred) { + gnutls_credentials_set(server, GNUTLS_CRD_SRP, s_srp_cred); + + gnutls_srp_set_server_credentials_function(s_srp_cred, serv_srp_func); + } + + if (test->have_rsa_decrypt_cert) { + assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key, GNUTLS_X509_FMT_PEM) >= 0); + } + + if (test->have_ecc_sign_cert) { + assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, GNUTLS_X509_FMT_PEM) >= 0); + } + + if (test->have_ed25519_sign_cert) { + assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_eddsa_cert, &server_ca3_eddsa_key, GNUTLS_X509_FMT_PEM) >= 0); + } + + if (test->have_rsa_sign_cert) { + assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_localhost_rsa_sign_cert, &server_ca3_key, GNUTLS_X509_FMT_PEM) >= 0); + } + + if (test->have_gost12_256_cert) { + assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_gost12_256_cert, &server_ca3_gost12_256_key, GNUTLS_X509_FMT_PEM) >= 0); + } + + if (test->have_gost12_512_cert) { + assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_gost12_512_cert, &server_ca3_gost12_512_key, GNUTLS_X509_FMT_PEM) >= 0); + } + + /* client does everything */ + gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anon_cred); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_cert_cred); + gnutls_credentials_set(client, GNUTLS_CRD_PSK, c_psk_cred); + gnutls_credentials_set(client, GNUTLS_CRD_SRP, c_srp_cred); + + assert(gnutls_psk_set_client_credentials(c_psk_cred, "psk", &pskkey, GNUTLS_PSK_KEY_HEX) >= 0); + + assert(gnutls_srp_set_client_credentials(c_srp_cred, "test1", "test") >= 0); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + assert(gnutls_priority_set_direct(server, test->server_prio, 0) >= 0); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + assert(gnutls_priority_set_direct(client, test->client_prio, 0) >= 0); + + HANDSHAKE_EXPECT(client, server, test->client_ret, test->server_ret); + + if (test->client_ret == 0 && test->server_ret == 0 && test->exp_version) { + if (gnutls_protocol_get_version(client) != test->exp_version) + fail("expected version (%s) does not match %s\n", + gnutls_protocol_get_name(test->exp_version), + gnutls_protocol_get_name(gnutls_protocol_get_version(client))); + } + + gnutls_deinit(server); + gnutls_deinit(client); + gnutls_anon_free_client_credentials(c_anon_cred); + gnutls_anon_free_server_credentials(s_anon_cred); + gnutls_psk_free_client_credentials(c_psk_cred); + gnutls_psk_free_server_credentials(s_psk_cred); + gnutls_srp_free_client_credentials(c_srp_cred); + gnutls_srp_free_server_credentials(s_srp_cred); + gnutls_certificate_free_credentials(s_cert_cred); + gnutls_certificate_free_credentials(c_cert_cred); + if (dh_params) + gnutls_dh_params_deinit(dh_params); + + reset_buffers(); +} diff --git a/tests/server-multi-keys.sh b/tests/server-multi-keys.sh new file mode 100755 index 0000000..26ebee0 --- /dev/null +++ b/tests/server-multi-keys.sh @@ -0,0 +1,103 @@ +#!/bin/sh + +# Copyright (C) 2017 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +echo "Checking whether server can utilize multiple keys" + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem +KEY2=${srcdir}/../doc/credentials/x509/key-ecc.pem +CERT2=${srcdir}/../doc/credentials/x509/cert-ecc.pem +KEY3=${srcdir}/../doc/credentials/x509/key-rsa-pss.pem +CERT3=${srcdir}/../doc/credentials/x509/cert-rsa-pss.pem +CAFILE=${srcdir}/../doc/credentials/x509/ca.pem +TMPFILE=outcert.$$.tmp + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ + --x509keyfile ${KEY2} --x509ecccertfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} +PID=$! +wait_server ${PID} + +timeout 1800 datefudge "2017-08-9" \ +"${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA" + */ + +/* This file is autogenerated with tls13-early-data.c. + * To reproduce, see the comments in that file. + */ + +#ifndef GNUTLS_TESTS_SERVER_SECRETS_H +#define GNUTLS_TESTS_SERVER_SECRETS_H + +static const struct secret server_normal_0[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\x24\x24\xaf\xad\xa8\x0e\x40\xc6\xa1\xc3\x05\xff\x5a\xe5\x04\xb9\xc4\xc2\xff\xd6\x2b\x9a\xb8\x43\x85\x78\x92\x1e\x69\x44\x3d\xe2", + (const uint8_t *)"\xdc\x47\xf1\x8b\x33\xd6\x08\x26\xa1\xad\xd9\xb0\x81\xee\x32\x01\xb6\xfc\xce\x9a\xa0\x35\xd1\x30\x61\x85\x2d\xff\x3d\xb1\xe5\x49", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + NULL, + (const uint8_t *)"\x03\x38\xcf\x43\x68\x90\x01\x7a\xdb\x06\x7d\x92\x08\xcf\x67\x22\x41\xa7\xd3\xe7\x7e\x3a\xaf\x50\xd6\x5c\xaa\xfe\x90\xa4\x87\xa2", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x5c\x6f\xe8\x8b\xac\x0a\x7b\x04\x76\x9f\xe8\x2a\x7c\x06\x19\x4c\xa7\x51\x5c\xfe\xb9\x31\x25\x0d\x3b\x07\x78\xa9\xdd\x2d\x27\x72", + NULL, + }, +}; + +static const struct secret server_normal_1[] = { + { + GNUTLS_ENCRYPTION_LEVEL_EARLY, + 32, + (const uint8_t *)"\x6f\x16\x97\x8e\x90\x94\x77\x40\x0f\x00\xff\x79\x1c\x15\x20\x19\xeb\xc6\x10\x59\x8f\x92\xac\xab\xe6\xc8\x3c\x12\x30\x94\x91\x12", + NULL, + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + NULL, + (const uint8_t *)"\xf0\x91\x46\x67\xe1\x36\xb5\xd2\x30\x71\xc9\x1d\xcc\x56\xc3\x9d\xee\xfa\x26\xdb\xe4\xe2\x17\xb7\x3d\xb9\x27\x6a\x7c\xa5\xe7\xa9", + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xe7\xf5\x57\x48\x54\x71\xae\xc0\xba\x8d\x12\x90\xc5\x25\xef\xe3\xc7\xea\x39\x09\x24\xe8\x20\x6d\x03\x8d\x80\x1e\xdd\x24\xbb\x5a", + NULL, + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + NULL, + (const uint8_t *)"\xf8\xa9\xd5\xe6\x18\xbb\xb7\x07\x1d\xb3\x8f\x78\x61\x30\x63\x01\xa5\x49\xc6\x05\x92\x7f\x67\x98\x72\x76\x75\xb1\x31\x1f\x14\xf9", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\xab\xa3\xf5\x4f\xcc\x3f\xd7\xb7\x23\x73\x51\x6e\x64\xc1\xaa\x6b\xa9\x77\x30\x58\xe6\xd4\xf5\xe9\xa5\xd2\x0d\x35\x42\x65\xda\xf1", + NULL, + }, +}; + +static const struct secret server_normal_2[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xe7\xf5\x57\x48\x54\x71\xae\xc0\xba\x8d\x12\x90\xc5\x25\xef\xe3\xc7\xea\x39\x09\x24\xe8\x20\x6d\x03\x8d\x80\x1e\xdd\x24\xbb\x5a", + (const uint8_t *)"\xf0\x91\x46\x67\xe1\x36\xb5\xd2\x30\x71\xc9\x1d\xcc\x56\xc3\x9d\xee\xfa\x26\xdb\xe4\xe2\x17\xb7\x3d\xb9\x27\x6a\x7c\xa5\xe7\xa9", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + NULL, + (const uint8_t *)"\xd8\xdf\x24\xd6\xe1\xdc\x86\x3b\x88\x3d\x2b\xad\x56\xec\x22\xd4\x5c\xaf\xa9\x24\xa3\x90\x20\xa1\xae\x77\x5c\x7d\xef\x3d\xcc\x5b", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x8d\x02\xe0\xe8\x5f\x9a\xcc\xc7\x8c\x81\x3b\x58\x5f\xa9\xdb\xfd\x98\xb1\x1f\xcc\x3e\x7b\xca\xe7\xef\x05\x4c\x84\x6c\xe1\x11\x25", + NULL, + }, +}; + +static const struct secret server_small_0[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\x24\x24\xaf\xad\xa8\x0e\x40\xc6\xa1\xc3\x05\xff\x5a\xe5\x04\xb9\xc4\xc2\xff\xd6\x2b\x9a\xb8\x43\x85\x78\x92\x1e\x69\x44\x3d\xe2", + (const uint8_t *)"\xdc\x47\xf1\x8b\x33\xd6\x08\x26\xa1\xad\xd9\xb0\x81\xee\x32\x01\xb6\xfc\xce\x9a\xa0\x35\xd1\x30\x61\x85\x2d\xff\x3d\xb1\xe5\x49", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + NULL, + (const uint8_t *)"\x03\x38\xcf\x43\x68\x90\x01\x7a\xdb\x06\x7d\x92\x08\xcf\x67\x22\x41\xa7\xd3\xe7\x7e\x3a\xaf\x50\xd6\x5c\xaa\xfe\x90\xa4\x87\xa2", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x5c\x6f\xe8\x8b\xac\x0a\x7b\x04\x76\x9f\xe8\x2a\x7c\x06\x19\x4c\xa7\x51\x5c\xfe\xb9\x31\x25\x0d\x3b\x07\x78\xa9\xdd\x2d\x27\x72", + NULL, + }, +}; + +static const struct secret server_small_1[] = { + { + GNUTLS_ENCRYPTION_LEVEL_EARLY, + 32, + (const uint8_t *)"\x6f\x16\x97\x8e\x90\x94\x77\x40\x0f\x00\xff\x79\x1c\x15\x20\x19\xeb\xc6\x10\x59\x8f\x92\xac\xab\xe6\xc8\x3c\x12\x30\x94\x91\x12", + NULL, + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + NULL, + (const uint8_t *)"\xf0\x91\x46\x67\xe1\x36\xb5\xd2\x30\x71\xc9\x1d\xcc\x56\xc3\x9d\xee\xfa\x26\xdb\xe4\xe2\x17\xb7\x3d\xb9\x27\x6a\x7c\xa5\xe7\xa9", + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xe7\xf5\x57\x48\x54\x71\xae\xc0\xba\x8d\x12\x90\xc5\x25\xef\xe3\xc7\xea\x39\x09\x24\xe8\x20\x6d\x03\x8d\x80\x1e\xdd\x24\xbb\x5a", + NULL, + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + NULL, + (const uint8_t *)"\xf8\xa9\xd5\xe6\x18\xbb\xb7\x07\x1d\xb3\x8f\x78\x61\x30\x63\x01\xa5\x49\xc6\x05\x92\x7f\x67\x98\x72\x76\x75\xb1\x31\x1f\x14\xf9", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\xab\xa3\xf5\x4f\xcc\x3f\xd7\xb7\x23\x73\x51\x6e\x64\xc1\xaa\x6b\xa9\x77\x30\x58\xe6\xd4\xf5\xe9\xa5\xd2\x0d\x35\x42\x65\xda\xf1", + NULL, + }, +}; + +static const struct secret server_small_2[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xe7\xf5\x57\x48\x54\x71\xae\xc0\xba\x8d\x12\x90\xc5\x25\xef\xe3\xc7\xea\x39\x09\x24\xe8\x20\x6d\x03\x8d\x80\x1e\xdd\x24\xbb\x5a", + (const uint8_t *)"\xf0\x91\x46\x67\xe1\x36\xb5\xd2\x30\x71\xc9\x1d\xcc\x56\xc3\x9d\xee\xfa\x26\xdb\xe4\xe2\x17\xb7\x3d\xb9\x27\x6a\x7c\xa5\xe7\xa9", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + NULL, + (const uint8_t *)"\xd8\xdf\x24\xd6\xe1\xdc\x86\x3b\x88\x3d\x2b\xad\x56\xec\x22\xd4\x5c\xaf\xa9\x24\xa3\x90\x20\xa1\xae\x77\x5c\x7d\xef\x3d\xcc\x5b", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x8d\x02\xe0\xe8\x5f\x9a\xcc\xc7\x8c\x81\x3b\x58\x5f\xa9\xdb\xfd\x98\xb1\x1f\xcc\x3e\x7b\xca\xe7\xef\x05\x4c\x84\x6c\xe1\x11\x25", + NULL, + }, +}; + +static const struct secret server_empty_0[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\x24\x24\xaf\xad\xa8\x0e\x40\xc6\xa1\xc3\x05\xff\x5a\xe5\x04\xb9\xc4\xc2\xff\xd6\x2b\x9a\xb8\x43\x85\x78\x92\x1e\x69\x44\x3d\xe2", + (const uint8_t *)"\xdc\x47\xf1\x8b\x33\xd6\x08\x26\xa1\xad\xd9\xb0\x81\xee\x32\x01\xb6\xfc\xce\x9a\xa0\x35\xd1\x30\x61\x85\x2d\xff\x3d\xb1\xe5\x49", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + NULL, + (const uint8_t *)"\x03\x38\xcf\x43\x68\x90\x01\x7a\xdb\x06\x7d\x92\x08\xcf\x67\x22\x41\xa7\xd3\xe7\x7e\x3a\xaf\x50\xd6\x5c\xaa\xfe\x90\xa4\x87\xa2", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x5c\x6f\xe8\x8b\xac\x0a\x7b\x04\x76\x9f\xe8\x2a\x7c\x06\x19\x4c\xa7\x51\x5c\xfe\xb9\x31\x25\x0d\x3b\x07\x78\xa9\xdd\x2d\x27\x72", + NULL, + }, +}; + +static const struct secret server_empty_1[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\x87\x07\x01\xdc\x13\xdc\xb7\x93\x26\x53\xff\xa4\x2d\x28\xed\xca\xef\x5b\xa7\x94\x17\x26\xdf\x1f\x8c\x7b\x79\x32\x55\x5e\xcb\x79", + (const uint8_t *)"\xac\xc2\x07\x48\xba\x3d\x59\x2f\x5f\xce\x79\xda\xa6\x04\x4b\x55\x06\x2c\x9f\x0e\xdf\xda\x42\x51\x9d\x0b\xd9\x39\x4b\x8c\xb2\x7e", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + NULL, + (const uint8_t *)"\x73\x16\xe6\x0a\x66\xe1\x81\xd8\x74\xfa\x25\xe3\xf3\x1a\xf2\x4d\x84\xd6\xc6\x7a\x1b\x27\x79\x0a\x09\x9e\xd2\xd4\x1d\xdf\x0f\x53", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x5f\x8e\xfe\x3e\xa0\x41\x27\x9e\xbb\xba\xf2\xa9\x22\xc6\x06\x58\xb5\xbf\x6e\x29\x3d\x84\x10\x4e\x3f\xe3\xc0\x1f\x7a\x2c\xf5\x21", + NULL, + }, +}; + +static const struct secret server_empty_2[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\x87\x07\x01\xdc\x13\xdc\xb7\x93\x26\x53\xff\xa4\x2d\x28\xed\xca\xef\x5b\xa7\x94\x17\x26\xdf\x1f\x8c\x7b\x79\x32\x55\x5e\xcb\x79", + (const uint8_t *)"\xac\xc2\x07\x48\xba\x3d\x59\x2f\x5f\xce\x79\xda\xa6\x04\x4b\x55\x06\x2c\x9f\x0e\xdf\xda\x42\x51\x9d\x0b\xd9\x39\x4b\x8c\xb2\x7e", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + NULL, + (const uint8_t *)"\x73\x16\xe6\x0a\x66\xe1\x81\xd8\x74\xfa\x25\xe3\xf3\x1a\xf2\x4d\x84\xd6\xc6\x7a\x1b\x27\x79\x0a\x09\x9e\xd2\xd4\x1d\xdf\x0f\x53", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x5f\x8e\xfe\x3e\xa0\x41\x27\x9e\xbb\xba\xf2\xa9\x22\xc6\x06\x58\xb5\xbf\x6e\x29\x3d\x84\x10\x4e\x3f\xe3\xc0\x1f\x7a\x2c\xf5\x21", + NULL, + }, +}; + +static const struct secret server_explicit_0[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\x24\x24\xaf\xad\xa8\x0e\x40\xc6\xa1\xc3\x05\xff\x5a\xe5\x04\xb9\xc4\xc2\xff\xd6\x2b\x9a\xb8\x43\x85\x78\x92\x1e\x69\x44\x3d\xe2", + (const uint8_t *)"\xdc\x47\xf1\x8b\x33\xd6\x08\x26\xa1\xad\xd9\xb0\x81\xee\x32\x01\xb6\xfc\xce\x9a\xa0\x35\xd1\x30\x61\x85\x2d\xff\x3d\xb1\xe5\x49", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + NULL, + (const uint8_t *)"\x03\x38\xcf\x43\x68\x90\x01\x7a\xdb\x06\x7d\x92\x08\xcf\x67\x22\x41\xa7\xd3\xe7\x7e\x3a\xaf\x50\xd6\x5c\xaa\xfe\x90\xa4\x87\xa2", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x5c\x6f\xe8\x8b\xac\x0a\x7b\x04\x76\x9f\xe8\x2a\x7c\x06\x19\x4c\xa7\x51\x5c\xfe\xb9\x31\x25\x0d\x3b\x07\x78\xa9\xdd\x2d\x27\x72", + NULL, + }, +}; + +static const struct secret server_explicit_1[] = { + { + GNUTLS_ENCRYPTION_LEVEL_EARLY, + 32, + (const uint8_t *)"\x6f\x16\x97\x8e\x90\x94\x77\x40\x0f\x00\xff\x79\x1c\x15\x20\x19\xeb\xc6\x10\x59\x8f\x92\xac\xab\xe6\xc8\x3c\x12\x30\x94\x91\x12", + NULL, + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + NULL, + (const uint8_t *)"\xf0\x91\x46\x67\xe1\x36\xb5\xd2\x30\x71\xc9\x1d\xcc\x56\xc3\x9d\xee\xfa\x26\xdb\xe4\xe2\x17\xb7\x3d\xb9\x27\x6a\x7c\xa5\xe7\xa9", + }, + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xe7\xf5\x57\x48\x54\x71\xae\xc0\xba\x8d\x12\x90\xc5\x25\xef\xe3\xc7\xea\x39\x09\x24\xe8\x20\x6d\x03\x8d\x80\x1e\xdd\x24\xbb\x5a", + NULL, + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + NULL, + (const uint8_t *)"\xf8\xa9\xd5\xe6\x18\xbb\xb7\x07\x1d\xb3\x8f\x78\x61\x30\x63\x01\xa5\x49\xc6\x05\x92\x7f\x67\x98\x72\x76\x75\xb1\x31\x1f\x14\xf9", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\xab\xa3\xf5\x4f\xcc\x3f\xd7\xb7\x23\x73\x51\x6e\x64\xc1\xaa\x6b\xa9\x77\x30\x58\xe6\xd4\xf5\xe9\xa5\xd2\x0d\x35\x42\x65\xda\xf1", + NULL, + }, +}; + +static const struct secret server_explicit_2[] = { + { + GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE, + 32, + (const uint8_t *)"\xe7\xf5\x57\x48\x54\x71\xae\xc0\xba\x8d\x12\x90\xc5\x25\xef\xe3\xc7\xea\x39\x09\x24\xe8\x20\x6d\x03\x8d\x80\x1e\xdd\x24\xbb\x5a", + (const uint8_t *)"\xf0\x91\x46\x67\xe1\x36\xb5\xd2\x30\x71\xc9\x1d\xcc\x56\xc3\x9d\xee\xfa\x26\xdb\xe4\xe2\x17\xb7\x3d\xb9\x27\x6a\x7c\xa5\xe7\xa9", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + NULL, + (const uint8_t *)"\xd8\xdf\x24\xd6\xe1\xdc\x86\x3b\x88\x3d\x2b\xad\x56\xec\x22\xd4\x5c\xaf\xa9\x24\xa3\x90\x20\xa1\xae\x77\x5c\x7d\xef\x3d\xcc\x5b", + }, + { + GNUTLS_ENCRYPTION_LEVEL_APPLICATION, + 32, + (const uint8_t *)"\x8d\x02\xe0\xe8\x5f\x9a\xcc\xc7\x8c\x81\x3b\x58\x5f\xa9\xdb\xfd\x98\xb1\x1f\xcc\x3e\x7b\xca\xe7\xef\x05\x4c\x84\x6c\xe1\x11\x25", + NULL, + }, +}; + +#endif /* GNUTLS_TESTS_SERVER_SECRETS_H */ diff --git a/tests/server-sign-md5-rep.c b/tests/server-sign-md5-rep.c new file mode 100644 index 0000000..3a44e08 --- /dev/null +++ b/tests/server-sign-md5-rep.c @@ -0,0 +1,227 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +/* This tests whether a server will reject a client advertising + * MD5 signature algorithms only */ + +#if defined(_WIN32) || !defined(ENABLE_SSL2) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +pid_t child; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, + str); +} + + +static unsigned char tls1_hello[] = { +0x16, 0x03, 0x01, 0x01, 0x5E, 0x01, 0x00, 0x01, 0x5A, 0x03, 0x03, 0x59, 0x52, 0x41, 0x54, 0xD5, +0x52, 0x62, 0x63, 0x69, 0x1B, 0x46, 0xBE, 0x33, 0xCC, 0xC4, 0xC3, 0xB3, 0x6C, 0xCD, 0xEC, 0x96, +0xF7, 0x7A, 0xCA, 0xE9, 0xFB, 0x85, 0x95, 0x83, 0x51, 0xE4, 0x69, 0x00, 0x00, 0xD4, 0xC0, 0x30, +0xCC, 0xA8, 0xC0, 0x8B, 0xC0, 0x14, 0xC0, 0x28, 0xC0, 0x77, 0xC0, 0x2F, 0xC0, 0x8A, 0xC0, 0x13, +0xC0, 0x27, 0xC0, 0x76, 0xC0, 0x12, 0xC0, 0x2C, 0xC0, 0xAD, 0xCC, 0xA9, 0xC0, 0x87, 0xC0, 0x0A, +0xC0, 0x24, 0xC0, 0x73, 0xC0, 0x2B, 0xC0, 0xAC, 0xC0, 0x86, 0xC0, 0x09, 0xC0, 0x23, 0xC0, 0x72, +0xC0, 0x08, 0x00, 0x9D, 0xC0, 0x9D, 0xC0, 0x7B, 0x00, 0x35, 0x00, 0x3D, 0x00, 0x84, 0x00, 0xC0, +0x00, 0x9C, 0xC0, 0x9C, 0xC0, 0x7A, 0x00, 0x2F, 0x00, 0x3C, 0x00, 0x41, 0x00, 0xBA, 0x00, 0x0A, +0x00, 0x9F, 0xC0, 0x9F, 0xCC, 0xAA, 0xC0, 0x7D, 0x00, 0x39, 0x00, 0x6B, 0x00, 0x88, 0x00, 0xC4, +0x00, 0x9E, 0xC0, 0x9E, 0xC0, 0x7C, 0x00, 0x33, 0x00, 0x67, 0x00, 0x45, 0x00, 0xBE, 0x00, 0x16, +0x00, 0xA3, 0xC0, 0x81, 0x00, 0x38, 0x00, 0x6A, 0x00, 0x87, 0x00, 0xC3, 0x00, 0xA2, 0xC0, 0x80, +0x00, 0x32, 0x00, 0x40, 0x00, 0x44, 0x00, 0xBD, 0x00, 0x13, 0x00, 0xA9, 0xC0, 0xA5, 0xCC, 0xAB, +0xC0, 0x8F, 0x00, 0x8D, 0x00, 0xAF, 0xC0, 0x95, 0x00, 0xA8, 0xC0, 0xA4, 0xC0, 0x8E, 0x00, 0x8C, +0x00, 0xAE, 0xC0, 0x94, 0x00, 0x8B, 0x00, 0xAB, 0xC0, 0xA7, 0xCC, 0xAD, 0xC0, 0x91, 0x00, 0x91, +0x00, 0xB3, 0xC0, 0x97, 0x00, 0xAA, 0xC0, 0xA6, 0xC0, 0x90, 0x00, 0x90, 0x00, 0xB2, 0xC0, 0x96, +0x00, 0x8F, 0xCC, 0xAC, 0xC0, 0x36, 0xC0, 0x38, 0xC0, 0x9B, 0xC0, 0x35, 0xC0, 0x37, 0xC0, 0x9A, +0xC0, 0x34, 0x01, 0x00, 0x00, 0x5D, 0x00, 0x17, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, 0x05, +0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0E, +0x77, 0x77, 0x77, 0x2E, 0x67, 0x6F, 0x6F, 0x67, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0xFF, 0x01, +0x00, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, +0x18, 0x00, 0x19, 0x00, 0x0B, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0D, 0x00, 0x16, 0x00, 0x14, 0x01, +0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, +0x01, 0x01, 0x01}; + +static void client(int sd) +{ + char buf[1024]; + int ret; + struct pollfd pfd; + unsigned int timeout; + + /* send a TLS 1.x hello advertising RSA-MD5 */ + + ret = send(sd, tls1_hello, sizeof(tls1_hello), 0); + if (ret < 0) + fail("error sending hello\n"); + + pfd.fd = sd; + pfd.events = POLLIN; + pfd.revents = 0; + + timeout = get_timeout(); + if (timeout > INT_MAX) + fail("invalid timeout value\n"); + + do { + ret = poll(&pfd, 1, (int)timeout); + } while (ret == -1 && errno == EINTR); + + if (ret == -1 || ret == 0) { + fail("timeout waiting for reply\n"); + } + + success("sent hello\n"); + ret = recv(sd, buf, sizeof(buf), 0); + if (ret < 0) + fail("error receiving alert\n"); + + success("received reply\n"); + + if (ret < 7) + fail("error in size of received alert\n"); + + if (buf[0] != 0x15 || buf[1] != 0x03) + fail("error in received alert data\n"); + + success("all ok\n"); + + close(sd); +} + +static void server(int sd) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-RSA", NULL)>=0); + gnutls_handshake_set_timeout(session, get_timeout()); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, sd); + do { + ret = gnutls_handshake(session); + } while(ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); + + if (ret != GNUTLS_E_NO_CIPHER_SUITES) { + fail("server: Handshake succeeded unexpectedly: %s\n", gnutls_strerror(ret)); + } + + gnutls_alert_send_appropriate(session, ret); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + + +void doit(void) +{ + int sockets[2]; + int err; + + signal(SIGPIPE, SIG_IGN); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + + client(sockets[1]); + wait(&status); + check_wait_status(status); + } else { + server(sockets[0]); + _exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/server-weak-keys.sh b/tests/server-weak-keys.sh new file mode 100755 index 0000000..89b134c --- /dev/null +++ b/tests/server-weak-keys.sh @@ -0,0 +1,72 @@ +#!/bin/sh + +# Copyright (C) 2017 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +echo "Checking whether a client will refuse weak but trusted keys" + +KEY1=${srcdir}/certs/rsa-512.pem +CERT1=${srcdir}/certs/rsa-512.pem + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +timeout 1800 datefudge "2019-12-20" \ +"${CLI}" -d 4 -p "${PORT}" localhost --x509cafile ${CERT1} --priority NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* Test for correct operation when a server uses an ECDSA key when the + * client has ECDSA signatures disabled. + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +void doit(void) +{ + gnutls_certificate_credentials_t serv_cred; + gnutls_certificate_credentials_t cli_cred; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&cli_cred) >= 0); + + ret = gnutls_certificate_set_x509_trust_mem(cli_cred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + + /* test gnutls_certificate_flags() */ + gnutls_certificate_allocate_credentials(&serv_cred); + + ret = gnutls_certificate_set_x509_trust_mem(serv_cred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_x509_key_mem(serv_cred, &server_ca3_localhost_ecc_cert, + &server_ca3_ecc_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in error code\n"); + exit(1); + } + + test_cli_serv_expect(serv_cred, cli_cred, "NORMAL", "NORMAL:-VERS-TLS1.1:+VERS-TLS1.2:-SIGN-ALL", NULL, 0, 0); + test_cli_serv_expect(serv_cred, cli_cred, "NORMAL", "NORMAL:-SIGN-ECDSA-SHA224:-SIGN-ECDSA-SHA1:-SIGN-ECDSA-SHA256:-SIGN-ECDSA-SHA384:-SIGN-ECDSA-SHA512:-SIGN-ECDSA-SECP256R1-SHA256:-SIGN-ECDSA-SECP384R1-SHA384:-SIGN-ECDSA-SECP521R1-SHA512", NULL, GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN); + + gnutls_certificate_free_credentials(serv_cred); + gnutls_certificate_free_credentials(cli_cred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/session-export-funcs.c b/tests/session-export-funcs.c new file mode 100644 index 0000000..579c9d6 --- /dev/null +++ b/tests/session-export-funcs.c @@ -0,0 +1,194 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +#include "cert-common.h" + +/* This tests whether the max-record extension is respected on TLS. + */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static +void start(const char *prio) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + gnutls_datum_t v1, v2; + char client_random[32]; + char server_random[32]; + + global_init(); + + success("trying %s\n", prio); + + memset(client_random, 1, sizeof(client_random)); + memset(server_random, 2, sizeof(server_random)); + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server2_cert, &server2_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + assert(gnutls_priority_set_direct(server, prio, NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, + server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca2_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, prio, NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, + client_pull_timeout_func); + gnutls_transport_set_ptr(client, client); + + v1.data = (void*)client_random; + v1.size = sizeof(client_random); + gnutls_handshake_set_random(client, &v1); + + v1.data = (void*)server_random; + v1.size = sizeof(server_random); + gnutls_handshake_set_random(server, &v1); + + memset(&v1, 0, sizeof(v1)); + memset(&v2, 0, sizeof(v2)); + + HANDSHAKE(client, server); + + gnutls_session_get_random(client, &v1, &v2); + if (v1.size != 32 || memcmp(v1.data, client_random, 32) != 0) { + fail("error in client's random view 1\n"); + } + + if (v2.size != 32 || memcmp(v2.data, server_random, 32) != 0) { + fail("error in client's random view 2\n"); + } + + memset(&v1, 0, sizeof(v1)); + memset(&v2, 0, sizeof(v2)); + + gnutls_session_get_random(server, &v1, &v2); + if (v1.size != 32 || memcmp(v1.data, client_random, 32) != 0) { + fail("error in server's random view 1\n"); + } + + if (v2.size != 32 || memcmp(v2.data, server_random, 32) != 0) { + fail("error in server's random view 2\n"); + } + + memset(&v1, 0, sizeof(v1)); + memset(&v2, 0, sizeof(v2)); + + if (gnutls_protocol_get_version(client) != GNUTLS_TLS1_3) { + /* check master secret */ + gnutls_session_get_master_secret(server, &v1); + if (v1.size <= 0) { + fail("error in server's master secret\n"); + } + + gnutls_session_get_master_secret(client, &v2); + if (v2.size <= 0) { + fail("error in client's master secret\n"); + } + + if (v1.size != v2.size || memcmp(v1.data, v2.data, v1.size) != 0) { + fail("master secret don't match!\n"); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} diff --git a/tests/session-rdn-read.c b/tests/session-rdn-read.c new file mode 100644 index 0000000..8ca88ea --- /dev/null +++ b/tests/session-rdn-read.c @@ -0,0 +1,187 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This tests whether the certificate callback receives the + * corresponding to server certificates relative distinguished names. + */ + +const char *side; + +#define TOTAL_CAS 2 + +#define CA1_PTR &ca3_cert +#define CA2_PTR &ca_cert +gnutls_datum_t ca_dn[TOTAL_CAS]; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static int +cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * pk_algos, + int pk_algos_length, gnutls_pcert_st ** pcert, + unsigned int *pcert_length, gnutls_privkey_t * pkey) +{ + unsigned i; + + if (nreqs != TOTAL_CAS) { + fail("cert_callback: found only %d RDNs\n", nreqs); + } + + for (i = 0;i < TOTAL_CAS;i++) { + if (req_ca_rdn[i].size != ca_dn[i].size) { + fail("CA[%d] size mismatch\n", i); + } + + if (memcmp(req_ca_rdn[i].data, ca_dn[i].data, ca_dn[i].size) != 0) { + fail("CA[%d] data mismatch\n", i); + } + } + + success(" - Both (%d) CAs match\n\n", TOTAL_CAS); + + *pcert_length = 0; + *pkey = NULL; + *pcert = NULL; + + return 0; +} + +static void start(const char *prio) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + success("testing %s\n", prio); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, &server_cert, &server_key, GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_certificate_set_x509_trust_mem(serverx509cred, CA1_PTR, GNUTLS_X509_FMT_PEM) >= 0); + assert(gnutls_certificate_set_x509_trust_mem(serverx509cred, CA2_PTR, GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); + assert(gnutls_priority_set_direct(server, + prio, NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + /* Init client */ + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = + gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + gnutls_certificate_set_retrieve_function2(clientx509cred, + cert_callback); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + assert(gnutls_priority_set_direct(client, prio, NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); +} + +static void find_dn(const gnutls_datum_t *cert, gnutls_datum_t *dn) +{ + gnutls_x509_crt_t crt; + + assert(gnutls_x509_crt_init(&crt)>=0); + assert(gnutls_x509_crt_import(crt, cert, GNUTLS_X509_FMT_PEM) >= 0); + assert(gnutls_x509_crt_get_raw_dn(crt, dn) >= 0); + gnutls_x509_crt_deinit(crt); +} + +void doit(void) +{ + find_dn(CA1_PTR, &ca_dn[0]); + find_dn(CA2_PTR, &ca_dn[1]); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); + gnutls_free(ca_dn[0].data); + gnutls_free(ca_dn[1].data); +} diff --git a/tests/session-tickets-missing.c b/tests/session-tickets-missing.c new file mode 100644 index 0000000..aaa1cae --- /dev/null +++ b/tests/session-tickets-missing.c @@ -0,0 +1,314 @@ +/* + * Copyright (C) 2016-2018 Red Hat, Inc + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* This program tests that handshakes do not include a session ticket + * if the flag GNUTLS_NO_TICKETS is specified under TLS 1.2. + * + * Under TLS 1.3 it verifies that not enabling session tickets doesn't + * result in a ticket being sent. + */ + +static time_t mytime(time_t * t) +{ + time_t then = 1464610242; + if (t) + *t = then; + + return then; +} + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static int sent = 0; + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + if (htype != GNUTLS_HANDSHAKE_NEW_SESSION_TICKET) + return 0; + fail("sent session ticket\n"); + sent = 1; + return 0; +} + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio, unsigned int flags) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + flags |= GNUTLS_CLIENT; + + gnutls_global_set_time_function(mytime); + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, flags); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) { + /* success */ + goto end; + } + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void server(int fd, const char *prio, unsigned int flags) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_datum_t skey = {NULL, 0}; + + flags |= GNUTLS_SERVER; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&session, flags)>=0); + + if (!(flags & GNUTLS_NO_TICKETS)) { + assert(gnutls_session_ticket_key_generate(&skey)>=0); + assert(gnutls_session_ticket_enable_server(session, &skey) >= 0); + } + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, + GNUTLS_HOOK_POST, + handshake_callback); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + /* failure is expected here */ + goto end; + } + + if (debug) { + success("server: Handshake was completed\n"); + } + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (sent != 0) { + fail("new session ticket was sent\n"); + exit(1); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + close(fd); + gnutls_deinit(session); + gnutls_free(skey.data); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static +void start2(const char *prio, const char *sprio, unsigned int flags, unsigned int sflags) +{ + int fd[2]; + int ret, status = 0; + + success("trying %s\n", prio); + + sent = 0; + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], sprio, sflags); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], prio, flags); + exit(0); + } + + return; +} + +static +void start(const char *prio, unsigned int flags) +{ + start2(prio, prio, GNUTLS_NO_TICKETS, flags); +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2", 0); + /* Under TLS 1.3 session tickets are not negotiated; they are + * always sent unless server sets GNUTLS_NO_TICKETS... */ + start("NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_NO_TICKETS); + /* ...or there is no overlap between PSK key exchange modes */ + start2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:-DHE-PSK", "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0, 0); + start("NORMAL", GNUTLS_NO_TICKETS); +} + +#endif /* _WIN32 */ diff --git a/tests/session-tickets-ok.c b/tests/session-tickets-ok.c new file mode 100644 index 0000000..ce06b22 --- /dev/null +++ b/tests/session-tickets-ok.c @@ -0,0 +1,279 @@ +/* + * Copyright (C) 2016 Red Hat, Inc + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static void terminate(void); + +/* This program tests that handshakes include a session ticket. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static int sent = 0; + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + if (htype != GNUTLS_HANDSHAKE_NEW_SESSION_TICKET) + return 0; + + if (debug) + success("sent session ticket\n"); + sent = 1; + return 0; +} + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_datum_t skey; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&session, GNUTLS_SERVER)>=0); + + assert(gnutls_session_ticket_key_generate(&skey)>=0); + assert(gnutls_session_ticket_enable_server(session, &skey) >= 0); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, + GNUTLS_HOOK_POST, + handshake_callback); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + /* failure is expected here */ + goto end; + } + + if (debug) { + success("server: Handshake was completed\n"); + } + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (sent == 0) { + fail("client: didn't send new sessiont ticket\n"); + terminate(); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + close(fd); + gnutls_deinit(session); + gnutls_free(skey.data); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static +void start(const char *prio) +{ + int fd[2]; + int ret, status = 0; + + sent = 0; + success("trying %s\n", prio); + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } + + return; +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} + +#endif /* _WIN32 */ diff --git a/tests/set-default-prio.c b/tests/set-default-prio.c new file mode 100644 index 0000000..59b3d87 --- /dev/null +++ b/tests/set-default-prio.c @@ -0,0 +1,297 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +const char *side; +extern const char *_gnutls_default_priority_string; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +struct test_st { + const char *name; + const char *add_prio; + const char *def_prio; + int exp_err; + unsigned err_pos; + unsigned exp_vers; + int exp_etm; +}; + +static void start(struct test_st *test) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + const char *ep; + int cret = GNUTLS_E_AGAIN; + + if (test == NULL) + success("running gnutls_set_default_priority test\n"); + else + success("running %s\n", test->name); + + if (test && test->def_prio) + _gnutls_default_priority_string = test->def_prio; + else + _gnutls_default_priority_string = "NORMAL"; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + if (test == NULL) { + ret = gnutls_set_default_priority(server); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + } else { + ret = gnutls_set_default_priority_append(server, test->add_prio, &ep, 0); + if (ret < 0) { + if (test->exp_err == ret) { + /* the &ep value is only accurate when the default priorities are not overridden; + * otherwise it should be a pointer to the start of the string */ + if (strchr(_gnutls_default_priority_string, '@') != 0) { + if (ep != test->add_prio) { + fail("error expected error on start of string[%d]: %s\n", + test->err_pos, test->add_prio); + } + } else { + if (ep-test->add_prio != test->err_pos) { + fprintf(stderr, "diff: %d\n", (int)(ep-test->add_prio)); + fail("error expected error on different position[%d]: %s\n", + test->err_pos, test->add_prio); + } + } + goto cleanup; + } + fail("error: %s\n", gnutls_strerror(ret)); + } + } + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_set_default_priority(client); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + /* check gnutls_certificate_get_ours() - client side */ + { + const gnutls_datum_t *mcert; + + mcert = gnutls_certificate_get_ours(client); + if (mcert != NULL) { + fail("gnutls_certificate_get_ours(): failed\n"); + exit(1); + } + } + + if (test && test->exp_vers != 0) { + if (test->exp_vers != gnutls_protocol_get_version(server)) { + fail("expected version %s, got %s\n", + gnutls_protocol_get_name(test->exp_vers), + gnutls_protocol_get_name(gnutls_protocol_get_version(server))); + } + } + + /* check the number of certificates received */ + { + unsigned cert_list_size = 0; + gnutls_typed_vdata_st data[2]; + unsigned status; + + memset(data, 0, sizeof(data)); + + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)"localhost1"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + gnutls_certificate_get_peers(client, &cert_list_size); + if (cert_list_size < 2) { + fprintf(stderr, "received a certificate list of %d!\n", cert_list_size); + exit(1); + } + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fprintf(stderr, "should not have accepted!\n"); + exit(1); + } + + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)"localhost"; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + fprintf(stderr, "could not verify certificate: %.4x\n", status); + exit(1); + } + } + + if (test && test->exp_etm) { + ret = gnutls_session_ext_master_secret_status(client); + if (ret != 1) { + fprintf(stderr, "Extended master secret wasn't negotiated by default (client ret: %d)\n", ret); + exit(1); + } + + ret = gnutls_session_ext_master_secret_status(server); + if (ret != 1) { + fprintf(stderr, "Extended master secret wasn't negotiated by default (server ret: %d)\n", ret); + exit(1); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_certificate_free_credentials(clientx509cred); + cleanup: + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + + gnutls_global_deinit(); + reset_buffers(); +} + +struct test_st tests[] = { + { + .name = "additional flag", + .def_prio = "NORMAL", + .add_prio = "%FORCE_ETM", + .exp_err = 0 + }, + { + .name = "additional flag typo1", + .def_prio = "NORMAL", + .add_prio = ":%FORCE_ETM", + .exp_err = GNUTLS_E_INVALID_REQUEST, + .err_pos = 0 + }, + { + .name = "additional flag typo2", + .def_prio = "NORMAL", + .add_prio = "%FORCE_ETM::%NO_TICKETS", + .exp_err = GNUTLS_E_INVALID_REQUEST, + .err_pos = 11 + }, + { + .name = "additional flag typo3", + .def_prio = "NORMAL", + .add_prio = "%FORCE_ETM:%%NO_TICKETS", + .exp_err = GNUTLS_E_INVALID_REQUEST, + .err_pos = 11 + }, + { + .name = "additional flag typo3 (with resolved def prio)", + .def_prio = "@HELLO", + .add_prio = "%FORCE_ETM:%%NO_TICKETS", + .exp_err = GNUTLS_E_INVALID_REQUEST, + .err_pos = 0 + }, + { + .name = "additional flag for version (functional)", + .def_prio = "NORMAL", + .add_prio = "-VERS-ALL:+VERS-TLS1.1", + .exp_err = 0, + .exp_etm = 1, + .exp_vers = GNUTLS_TLS1_1 + } +}; + + +void doit(void) +{ + start(NULL); + for (unsigned i=0;i +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* Test for gnutls_certificate_set_key() + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1473673819; + if (t) + *t = then; + + return then; +} + +static unsigned import_key(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *skey, const gnutls_datum_t *cert) +{ + gnutls_pcert_st pcert_list[16]; + gnutls_privkey_t key; + unsigned pcert_list_size, idx, i; + gnutls_datum_t tcert; + const char *names[] = {"localhost", "localhost2"}; + int ret; + + assert(gnutls_privkey_init(&key)>=0); + + pcert_list_size = sizeof(pcert_list)/sizeof(pcert_list[0]); + ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, + cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_privkey_import_x509_raw(key, skey, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(xcred, names, 2, pcert_list, + pcert_list_size, key); + if (ret < 0) { + fail("error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* return index */ + idx = ret; + + /* verify whether the stored certificate match the ones we have */ + for (i=0;i= 0); + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_API_V2); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + idx = import_key(x509_cred, &server_key, &server_cert); + assert(idx == 0); + + test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); + + /* verify that we can add certs, and that their index will change */ + for (i=0;i<16;i++) { + idx = import_key(x509_cred, &server_ecc_key, &server_ecc_cert); + assert(idx == 1+i); + } + + gnutls_certificate_free_credentials(x509_cred); + gnutls_certificate_free_credentials(clicred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} + +static void failure_mode(void) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_pcert_st pcert_list[16]; + gnutls_privkey_t key; + unsigned pcert_list_size; + const char *names[] = {"localhost", "localhost2"}; + int ret; + unsigned i; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_privkey_init(&key)>=0); + + pcert_list_size = sizeof(pcert_list)/sizeof(pcert_list[0]); + ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, + &server_cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_privkey_import_x509_raw(key, &server_ecc_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(x509_cred, names, 2, pcert_list, + pcert_list_size, key); + if (ret < 0) { + success("expected error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret)); + goto cleanup; + } + + fail("gnutls_certificate_set_key succeeded unexpectedly\n"); + + cleanup: + for (i=0;i=0); + assert(gnutls_privkey_init(&key)>=0); + + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + pcert_list_size = sizeof(pcert_list)/sizeof(pcert_list[0]); + ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, + &server_ca3_localhost_cert_chain, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_privkey_import_x509_raw(key, &server_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(x509_cred, NULL, 0, pcert_list, + pcert_list_size, key); + if (ret < 0) { + fail("error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* set the ECC key */ + assert(gnutls_privkey_init(&second_key)>=0); + + pcert_list_size = 2; + ret = gnutls_pcert_list_import_x509_raw(second_pcert, &pcert_list_size, + &server_ca3_localhost6_cert_chain, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_privkey_import_x509_raw(second_key, &server_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(x509_cred, NULL, 0, second_pcert, + 2, second_key); + if (ret < 0) { + fail("error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret)); + exit(1); + } + + test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); /* the DNS name of the first cert */ + test_cli_serv(x509_cred, clicred, "NORMAL", "localhost6", NULL, NULL, NULL); /* the DNS name of ECC cert */ + test_cli_serv(x509_cred, clicred, "NORMAL", "www.none.org", NULL, NULL, NULL); /* the DNS name of ECC cert */ + + gnutls_certificate_free_credentials(x509_cred); + gnutls_certificate_free_credentials(clicred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} + +void doit(void) +{ + basic(); + failure_mode(); + auto_parse(); +} diff --git a/tests/set_key_utf8.c b/tests/set_key_utf8.c new file mode 100644 index 0000000..81d5ef2 --- /dev/null +++ b/tests/set_key_utf8.c @@ -0,0 +1,160 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* Test for gnutls_certificate_set_key() + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1473674242; + if (t) + *t = then; + + return then; +} + +static void auto_parse(void) +{ + gnutls_certificate_credentials_t x509_cred, clicred; + gnutls_pcert_st pcert_list[16]; + gnutls_privkey_t key; + gnutls_pcert_st second_pcert[2]; + gnutls_privkey_t second_key; + unsigned pcert_list_size; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_privkey_init(&key)>=0); + + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + pcert_list_size = sizeof(pcert_list)/sizeof(pcert_list[0]); + ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, + &server_ca3_localhost_cert_chain, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_privkey_import_x509_raw(key, &server_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(x509_cred, NULL, 0, pcert_list, + pcert_list_size, key); + if (ret < 0) { + fail("error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret)); + exit(1); + } + + /* set the key with UTF8 names */ + assert(gnutls_privkey_init(&second_key)>=0); + + pcert_list_size = 2; + ret = gnutls_pcert_list_import_x509_raw(second_pcert, &pcert_list_size, + &server_ca3_localhost_utf8_cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_privkey_import_x509_raw(second_key, &server_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(x509_cred, NULL, 0, second_pcert, + 1, second_key); + if (ret < 0) { + fail("error in gnutls_certificate_set_key: %s\n", gnutls_strerror(ret)); + exit(1); + } + + test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); /* the DNS name of the first cert */ + test_cli_serv(x509_cred, clicred, "NORMAL", "简体中文.εξτÏα.com", NULL, NULL, NULL); /* the second DNS name of cert */ + test_cli_serv(x509_cred, clicred, "NORMAL", "xn--fiqu1az03c18t.xn--mxah1amo.com", NULL, NULL, NULL); /* its IDNA equivalent */ + + /* the raw DNS should result to verification failure as the advertized name should + * not be considered and the first cert should be provided */ + test_cli_serv_expect(x509_cred, clicred, "NORMAL", "NORMAL", "raw:简体中文.εξτÏα.com", GNUTLS_E_RECEIVED_DISALLOWED_NAME, GNUTLS_E_AGAIN); + + gnutls_certificate_free_credentials(x509_cred); + gnutls_certificate_free_credentials(clicred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} + +void doit(void) +{ +#if !defined(HAVE_LIBIDN2) + exit(77); +#endif + auto_parse(); +} diff --git a/tests/set_known_dh_params_anon.c b/tests/set_known_dh_params_anon.c new file mode 100644 index 0000000..3ea8a15 --- /dev/null +++ b/tests/set_known_dh_params_anon.c @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2016 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* Test for gnutls_certificate_set_known_dh_params() + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +void doit(void) +{ + gnutls_anon_client_credentials_t clicred; + gnutls_anon_server_credentials_t servcred; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_anon_allocate_client_credentials(&clicred) >= 0); + assert(gnutls_anon_allocate_server_credentials(&servcred) >= 0); + + assert(gnutls_anon_set_server_known_dh_params(servcred, GNUTLS_SEC_PARAM_LEGACY) >= 0); + assert(test_cli_serv_anon(servcred, clicred, "NORMAL:-KX-ALL:+ANON-DH") >= 0); + + assert(gnutls_anon_set_server_known_dh_params(servcred, GNUTLS_SEC_PARAM_NORMAL) >= 0); + assert(test_cli_serv_anon(servcred, clicred, "NORMAL:-KX-ALL:+ANON-DH") >= 0); + + assert(gnutls_anon_set_server_known_dh_params(servcred, GNUTLS_SEC_PARAM_HIGH) >= 0); + assert(test_cli_serv_anon(servcred, clicred, "NORMAL:-KX-ALL:+ANON-DH") >= 0); + + assert(gnutls_anon_set_server_known_dh_params(servcred, GNUTLS_SEC_PARAM_ULTRA) >= 0); + assert(test_cli_serv_anon(servcred, clicred, "NORMAL:-KX-ALL:+ANON-DH") >= 0); + + gnutls_anon_free_server_credentials(servcred); + gnutls_anon_free_client_credentials(clicred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/set_known_dh_params_psk.c b/tests/set_known_dh_params_psk.c new file mode 100644 index 0000000..c84d36e --- /dev/null +++ b/tests/set_known_dh_params_psk.c @@ -0,0 +1,112 @@ +/* + * Copyright (C) 2016 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* Test for gnutls_certificate_set_known_dh_params() + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +static int +pskfunc(gnutls_session_t session, const char *username, + gnutls_datum_t * key) +{ + if (debug) + printf("psk callback to get %s's password\n", username); + key->data = gnutls_malloc(4); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; +} + +void doit(void) +{ + gnutls_psk_client_credentials_t clicred; + gnutls_psk_server_credentials_t servcred; + const gnutls_datum_t key = { (void *) "DEADBEEF", 8 }; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_psk_allocate_client_credentials(&clicred) >= 0); + assert(gnutls_psk_allocate_server_credentials(&servcred) >= 0); + + gnutls_psk_set_server_credentials_function(servcred, pskfunc); + + assert(gnutls_psk_set_client_credentials(clicred, "test", &key, + GNUTLS_PSK_KEY_HEX)>=0); + + assert(gnutls_psk_set_server_known_dh_params(servcred, GNUTLS_SEC_PARAM_LEGACY) >= 0); + assert(test_cli_serv_psk(servcred, clicred, "NORMAL:-KX-ALL:+DHE-PSK") >= 0); + + assert(gnutls_psk_set_server_known_dh_params(servcred, GNUTLS_SEC_PARAM_NORMAL) >= 0); + assert(test_cli_serv_psk(servcred, clicred, "NORMAL:-KX-ALL:+DHE-PSK") >= 0); + + assert(gnutls_psk_set_server_known_dh_params(servcred, GNUTLS_SEC_PARAM_HIGH) >= 0); + assert(test_cli_serv_psk(servcred, clicred, "NORMAL:-KX-ALL:+DHE-PSK") >= 0); + + assert(gnutls_psk_set_server_known_dh_params(servcred, GNUTLS_SEC_PARAM_ULTRA) >= 0); + assert(test_cli_serv_psk(servcred, clicred, "NORMAL:-KX-ALL:+DHE-PSK") >= 0); + + gnutls_psk_free_server_credentials(servcred); + gnutls_psk_free_client_credentials(clicred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/set_known_dh_params_x509.c b/tests/set_known_dh_params_x509.c new file mode 100644 index 0000000..11d0892 --- /dev/null +++ b/tests/set_known_dh_params_x509.c @@ -0,0 +1,104 @@ +/* + * Copyright (C) 2016 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* Test for gnutls_certificate_set_known_dh_params() + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +void doit(void) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_certificate_credentials_t clicred; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + assert(gnutls_certificate_allocate_credentials(&x509_cred) >= 0); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert_chain, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in error code\n"); + exit(1); + } + + assert(gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_LEGACY) >= 0); + test_cli_serv(x509_cred, clicred, "NORMAL:-KX-ALL:+DHE-RSA", "localhost", NULL, NULL, NULL); + + assert(gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_NORMAL) >= 0); + test_cli_serv(x509_cred, clicred, "NORMAL:-KX-ALL:+DHE-RSA", "localhost", NULL, NULL, NULL); + + assert(gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_HIGH) >= 0); + test_cli_serv(x509_cred, clicred, "NORMAL:-KX-ALL:+DHE-RSA", "localhost", NULL, NULL, NULL); + + assert(gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_ULTRA) >= 0); + test_cli_serv(x509_cred, clicred, "NORMAL:-KX-ALL:+DHE-RSA", "localhost", NULL, NULL, NULL); + + gnutls_certificate_free_credentials(x509_cred); + gnutls_certificate_free_credentials(clicred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/set_pkcs12_cred.c b/tests/set_pkcs12_cred.c new file mode 100644 index 0000000..7f324bb --- /dev/null +++ b/tests/set_pkcs12_cred.c @@ -0,0 +1,102 @@ +/* + * Copyright (C) 2005-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +typedef struct { + const char *file; + const char *pass; +} files_st; + +files_st files[] = { + {"client.p12", "foobar"}, + {"cert-ca.p12", "1234"}, /* 2 certs, one is a CA */ + {"pkcs12_2certs.p12", ""}, /* 2 certs, on is unrelated */ + {NULL, NULL} +}; + +void doit(void) +{ + gnutls_certificate_credentials_t x509cred; + const char *path; + unsigned int i; + char file[512]; + int ret; + + if (gnutls_fips140_mode_enabled()) { + exit(77); + } + + ret = global_init(); + if (ret < 0) + fail("global_init failed %d\n", ret); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + for (i = 0; files[i].file != NULL; i++) { + + ret = gnutls_certificate_allocate_credentials(&x509cred); + if (ret < 0) + fail("gnutls_certificate_allocate_credentials failed %d\n", ret); + + path = getenv("PKCS12PATH"); + if (!path) + path = "cert-tests/data/"; + + snprintf(file, sizeof(file), "%s/%s", path, files[i].file); + + if (debug) + success + ("Reading PKCS#12 blob from `%s' using password `%s'.\n", + file, files[i].pass); + ret = + gnutls_certificate_set_x509_simple_pkcs12_file(x509cred, + file, + GNUTLS_X509_FMT_DER, + files[i]. + pass); + if (ret < 0) + fail("x509_pkcs12 failed %d: %s\n", ret, + gnutls_strerror(ret)); + + if (debug) + success("Read file OK\n"); + + gnutls_certificate_free_credentials(x509cred); + } + + gnutls_global_deinit(); +} diff --git a/tests/set_x509_key.c b/tests/set_x509_key.c new file mode 100644 index 0000000..6a18954 --- /dev/null +++ b/tests/set_x509_key.c @@ -0,0 +1,219 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" +#define MIN(x,y) (((x)<(y))?(x):(y)) + +/* Test for gnutls_certificate_set_x509_key() + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1461671166; + if (t) + *t = then; + + return then; +} + +static void compare(const gnutls_datum_t *der, const void *ipem) +{ + gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)}; + gnutls_datum_t new_der; + int ret; + + ret = gnutls_pem_base64_decode2("CERTIFICATE", &pem, &new_der); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + if (der->size != new_der.size || memcmp(der->data, new_der.data, der->size) != 0) { + fail("error in %d: %s\n", __LINE__, "cert don't match"); + exit(1); + } + gnutls_free(new_der.data); + return; +} + +static int import_key(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *skey, const gnutls_datum_t *cert) +{ + gnutls_x509_privkey_t key; + gnutls_x509_crt_t *crt_list; + unsigned crt_list_size, idx, i; + gnutls_datum_t tcert; + int ret; + + assert(gnutls_x509_privkey_init(&key)>=0); + + ret = gnutls_x509_crt_list_import2(&crt_list, &crt_list_size, cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_x509_crt_list_import2: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_x509_privkey_import(key, skey, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_x509_key(xcred, crt_list, + crt_list_size, key); + if (ret < 0) { + success("error in gnutls_certificate_set_x509_key: %s\n", gnutls_strerror(ret)); + idx = ret; + goto cleanup; + } + + /* return index */ + idx = ret; + + /* verify whether the stored certificate match the ones we have */ + for (i=0;idata+i); + } + + cleanup: + gnutls_x509_privkey_deinit(key); + for (i=0;i= 0); + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_API_V2); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + idx = import_key(x509_cred, &server_key, &server_cert); + assert(idx == 0); + + test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); + + /* verify that we can add certs, and that their index will change */ + for (i=0;i<16;i++) { + idx = import_key(x509_cred, &server_ecc_key, &server_ecc_cert); + assert(idx == 1+i); + } + + gnutls_certificate_free_credentials(x509_cred); + gnutls_certificate_free_credentials(clicred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} + +static void failure_mode(void) +{ + gnutls_certificate_credentials_t x509_cred; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + ret = import_key(x509_cred, &server_key, &server_ecc_cert); + if (ret >= 0) { + fail("gnutls_certificate_set_x509_key: succeeded!\n"); + } + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} + +void doit(void) +{ + basic(); + failure_mode(); +} diff --git a/tests/set_x509_key_file-late.c b/tests/set_x509_key_file-late.c new file mode 100644 index 0000000..9a7259f --- /dev/null +++ b/tests/set_x509_key_file-late.c @@ -0,0 +1,146 @@ +/* + * Copyright (C) 2014-2018 Nikos Mavrogiannopoulos + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This test checks the behavior of handshake process if credentials + * are set prior to client hello being received but after gnutls_handshake() + * is called */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "eagain-common.h" +#include "cert-common.h" +#include "utils.h" + +static unsigned set_cert(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *key, const gnutls_datum_t *cert) +{ + const char *certfile; + FILE *fp; + int ret; + + certfile = get_tmpname(NULL); + + fp = fopen(certfile, "w"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(cert->data, 1, cert->size, fp)>0); + assert(fwrite(key->data, 1, key->size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, certfile, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + + /* return index */ + return ret; +} + +static +int handshake_hook_func(gnutls_session_t session, unsigned int htype, + unsigned when, unsigned int incoming, const gnutls_datum_t *msg) +{ + gnutls_certificate_credentials_t xcred; + int idx; + + assert(htype == GNUTLS_HANDSHAKE_CLIENT_HELLO); + assert(when == GNUTLS_HOOK_PRE); + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + + gnutls_certificate_set_flags(xcred, GNUTLS_CERTIFICATE_API_V2); + idx = set_cert(xcred, &server_ca3_key, &server_ca3_localhost6_cert_chain); + assert(idx == 0); + + idx = set_cert(xcred, &server_ca3_key, &server_ca3_localhost_cert); + assert(idx == 1); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + xcred); + + return 0; +} + +static void start(const char *prio) +{ + int ret, sret, cret; + gnutls_certificate_credentials_t xcred, clicred; + gnutls_session_t server, client; + + global_init(); + track_temp_files(); + + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &subca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + + success("Testing late set of credentials: %s\n", prio); + + assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HOOK_PRE, handshake_hook_func); + assert(gnutls_priority_set_direct(server, prio, NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + assert(gnutls_init(&client, GNUTLS_CLIENT)>=0); + + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clicred) >= 0); + if (ret < 0) + exit(1); + + assert(gnutls_priority_set_direct(client, prio, NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + assert(gnutls_credentials_get(server, GNUTLS_CRD_CERTIFICATE, (void*)&xcred) >= 0); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); + delete_temp_files(); +} + +void doit(void) +{ + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} diff --git a/tests/set_x509_key_file.c b/tests/set_x509_key_file.c new file mode 100644 index 0000000..504e6dc --- /dev/null +++ b/tests/set_x509_key_file.c @@ -0,0 +1,181 @@ +/* + * Copyright (C) 2014-2016 Nikos Mavrogiannopoulos + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This test checks the behavior of gnutls_certificate_set_x509_key_file2() + * when the GNUTLS_CERTIFICATE_API_V2 is set */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static time_t mytime(time_t * t) +{ + time_t then = 1470002400; + if (t) + *t = then; + + return then; +} + +static void compare(const gnutls_datum_t *der, const void *ipem) +{ + gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)}; + gnutls_datum_t new_der; + int ret; + + ret = gnutls_pem_base64_decode2("CERTIFICATE", &pem, &new_der); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + if (der->size != new_der.size || memcmp(der->data, new_der.data, der->size) != 0) { + fail("error in %d: %s\n", __LINE__, "cert don't match"); + exit(1); + } + gnutls_free(new_der.data); + return; +} + +static unsigned set_cert(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *key, const gnutls_datum_t *cert) +{ + const char *certfile; + FILE *fp; + int ret; + + certfile = get_tmpname(NULL); + + fp = fopen(certfile, "w"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(cert->data, 1, cert->size, fp)>0); + assert(fwrite(key->data, 1, key->size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, certfile, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + + /* return index */ + return ret; +} + +static void verify_written_cert(gnutls_certificate_credentials_t xcred, unsigned idx, const gnutls_datum_t *cert, unsigned ncerts) +{ + int ret; + gnutls_datum_t tcert = {NULL, 0}; + + /* verify whether the stored certificate match the ones we have */ + ret = gnutls_certificate_get_crt_raw(xcred, idx, 0, &tcert); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + compare(&tcert, cert->data); + + if (ncerts > 1) { + ret = gnutls_certificate_get_crt_raw(xcred, idx, 1, &tcert); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + /* skip headers of first cert */ + compare(&tcert, cert->data+2); + } +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred, clicred; + const char *keyfile = "./certs/ecc256.pem"; + const char *certfile = "does-not-exist.pem"; + unsigned idx, i; + + global_init(); + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + gnutls_global_set_time_function(mytime); + track_temp_files(); + + /* this will fail */ + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, keyfile, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret != GNUTLS_E_FILE_ERROR) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + + gnutls_certificate_free_credentials(xcred); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + gnutls_certificate_set_flags(xcred, GNUTLS_CERTIFICATE_API_V2); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &subca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + success("Testing store of certificates\n"); + + idx = set_cert(xcred, &server_ca3_key, &server_ca3_localhost6_cert_chain); + verify_written_cert(xcred, idx, &server_ca3_localhost6_cert_chain, 2); + assert(idx == 0); + + success("Tested store of %d\n", idx); + + idx = set_cert(xcred, &server_ca3_key, &server_ca3_localhost_cert); + verify_written_cert(xcred, idx, &server_ca3_localhost_cert, 1); + assert(idx == 1); + + success("Tested store of %d\n", idx); + + test_cli_serv(xcred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); /* the DNS name of the first cert */ + + idx = set_cert(xcred, &server_key, &server_cert); + verify_written_cert(xcred, idx, &server_cert, 2); + assert(idx == 2); + + success("Tested store of %d\n", idx); + + for (i=0;i<16;i++) { + idx = set_cert(xcred, &server_ecc_key, &server_ecc_cert); + verify_written_cert(xcred, idx, &server_ecc_cert, 1); + assert(idx == 3+i); + success("Tested store of %d\n", idx); + } + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); + delete_temp_files(); +} diff --git a/tests/set_x509_key_file_der.c b/tests/set_x509_key_file_der.c new file mode 100644 index 0000000..1628b39 --- /dev/null +++ b/tests/set_x509_key_file_der.c @@ -0,0 +1,127 @@ +/* + * Copyright (C) 2014-2016 Nikos Mavrogiannopoulos + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static void compare(const gnutls_datum_t *der, const void *ipem) +{ + gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)}; + gnutls_datum_t new_der; + int ret; + + ret = gnutls_pem_base64_decode2("CERTIFICATE", &pem, &new_der); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + if (der->size != new_der.size || memcmp(der->data, new_der.data, der->size) != 0) { + fail("error in %d: %s\n", __LINE__, "cert don't match"); + exit(1); + } + gnutls_free(new_der.data); + return; +} + +static void write_der(const char *file, const char *header, const char *ipem) +{ + gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)}; + gnutls_datum_t der; + FILE *fp; + int ret; + + ret = gnutls_pem_base64_decode2(header, &pem, &der); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + fp = fopen(file, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + + assert(fwrite(der.data, 1, der.size, fp)>0); + fclose(fp); + gnutls_free(der.data); +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred, clicred; + char keyfile[TMPNAME_SIZE]; + char certfile[TMPNAME_SIZE]; + gnutls_datum_t tcert; + + global_init(); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + + if (TMP_MAX < 2) + exit(77); + + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca2_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + assert(get_tmpname(certfile)!=NULL); + assert(get_tmpname(keyfile)!=NULL); + + write_der(certfile, "CERTIFICATE", (char*)server2_cert_pem); + write_der(keyfile, "RSA PRIVATE KEY", (char*)server2_key_pem); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, keyfile, + GNUTLS_X509_FMT_DER, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + + /* verify whether the stored certificate match the ones we have */ + ret = gnutls_certificate_get_crt_raw(xcred, 0, 0, &tcert); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + compare(&tcert, server2_cert_pem); + + remove(certfile); + remove(keyfile); + + test_cli_serv(xcred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); /* the DNS name of the first cert */ + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); +} + diff --git a/tests/set_x509_key_file_legacy.c b/tests/set_x509_key_file_legacy.c new file mode 100644 index 0000000..143b912 --- /dev/null +++ b/tests/set_x509_key_file_legacy.c @@ -0,0 +1,176 @@ +/* + * Copyright (C) 2014-2016 Nikos Mavrogiannopoulos + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This test checks the behavior of gnutls_certificate_set_x509_key_file2() + * when the GNUTLS_CERTIFICATE_API_V2 is not set */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static time_t mytime(time_t * t) +{ + time_t then = 1470002400; + if (t) + *t = then; + + return then; +} + +static void compare(const gnutls_datum_t *der, const void *ipem) +{ + gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)}; + gnutls_datum_t new_der; + int ret; + + ret = gnutls_pem_base64_decode2("CERTIFICATE", &pem, &new_der); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + if (der->size != new_der.size || memcmp(der->data, new_der.data, der->size) != 0) { + fail("error in %d: %s\n", __LINE__, "cert don't match"); + exit(1); + } + gnutls_free(new_der.data); + return; +} + +static unsigned set_cert(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *key, const gnutls_datum_t *cert) +{ + const char *certfile; + FILE *fp; + int ret; + + certfile = get_tmpname(NULL); + + fp = fopen(certfile, "w"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(cert->data, 1, cert->size, fp)>0); + assert(fwrite(key->data, 1, key->size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, certfile, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + + /* return index */ + return ret; +} + +static void verify_written_cert(gnutls_certificate_credentials_t xcred, unsigned idx, const gnutls_datum_t *cert, unsigned ncerts) +{ + int ret; + gnutls_datum_t tcert = {NULL, 0}; + + /* verify whether the stored certificate match the ones we have */ + ret = gnutls_certificate_get_crt_raw(xcred, idx, 0, &tcert); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + compare(&tcert, cert->data); + + if (ncerts > 1) { + ret = gnutls_certificate_get_crt_raw(xcred, idx, 1, &tcert); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + /* skip headers of first cert */ + compare(&tcert, cert->data+2); + } +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred, clicred; + const char *keyfile = "./certs/ecc256.pem"; + const char *certfile = "does-not-exist.pem"; + unsigned idx, i; + + global_init(); + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + gnutls_global_set_time_function(mytime); + track_temp_files(); + + /* this will fail */ + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, keyfile, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret != GNUTLS_E_FILE_ERROR) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + + gnutls_certificate_free_credentials(xcred); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &subca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + success("Testing store of certificates\n"); + + idx = set_cert(xcred, &server_ca3_key, &server_ca3_localhost6_cert_chain); + verify_written_cert(xcred, idx, &server_ca3_localhost6_cert_chain, 2); + assert(idx == 0); + + success("Tested store of %d\n", idx); + + idx = set_cert(xcred, &server_ca3_key, &server_ca3_localhost_cert); + assert(idx == 0); + + success("Tested store of %d\n", idx); + + test_cli_serv(xcred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); /* the DNS name of the first cert */ + + idx = set_cert(xcred, &server_key, &server_cert); + assert(idx == 0); + + success("Tested store of %d\n", idx); + + for (i=0;i<16;i++) { + idx = set_cert(xcred, &server_ecc_key, &server_ecc_cert); + assert(idx == 0); + success("Tested store of %d\n", idx); + } + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); + delete_temp_files(); +} diff --git a/tests/set_x509_key_file_ocsp.c b/tests/set_x509_key_file_ocsp.c new file mode 100644 index 0000000..9cb4001 --- /dev/null +++ b/tests/set_x509_key_file_ocsp.c @@ -0,0 +1,383 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#ifdef ENABLE_OCSP + +#include "cert-common.h" +#include "utils.h" + +/* Tests whether setting an OCSP response to a server + * is working as expected */ + +static time_t mytime(time_t * t) +{ + time_t then = 1469186559; + if (t) + *t = then; + + return then; +} + +static const unsigned char _resp[] = { +0x30, 0x82, 0x06, 0x45, 0x0A, 0x01, 0x00, 0xA0, +0x82, 0x06, 0x3E, 0x30, 0x82, 0x06, 0x3A, 0x06, +0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, +0x01, 0x01, 0x04, 0x82, 0x06, 0x2B, 0x30, 0x82, +0x06, 0x27, 0x30, 0x81, 0x9E, 0xA2, 0x16, 0x04, +0x14, 0x1E, 0xA5, 0xBD, 0xCA, 0x59, 0x64, 0x55, +0x85, 0xAC, 0xDA, 0x54, 0x34, 0x23, 0x40, 0xD1, +0xF6, 0xBD, 0xC3, 0xB0, 0xF6, 0x18, 0x0F, 0x32, +0x30, 0x31, 0x37, 0x31, 0x31, 0x31, 0x39, 0x30, +0x39, 0x34, 0x33, 0x34, 0x37, 0x5A, 0x30, 0x73, +0x30, 0x71, 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, +0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, +0x14, 0xD1, 0xB1, 0x64, 0x8B, 0x8C, 0x9F, 0x0D, +0xD1, 0x6B, 0xA3, 0x8A, 0xCD, 0x2B, 0x50, 0x17, +0xD5, 0xF9, 0xCF, 0xC0, 0x64, 0x04, 0x14, 0x5F, +0x60, 0xCF, 0x61, 0x90, 0x55, 0xDF, 0x84, 0x43, +0x14, 0x8A, 0x60, 0x2A, 0xB2, 0xF5, 0x7A, 0xF4, +0x43, 0x18, 0xEF, 0x02, 0x10, 0x28, 0x2E, 0x96, +0xB3, 0x6B, 0x76, 0xD6, 0xD8, 0x52, 0x46, 0xED, +0xBB, 0x31, 0xB2, 0x0C, 0x98, 0x80, 0x00, 0x18, +0x0F, 0x32, 0x30, 0x31, 0x37, 0x31, 0x31, 0x31, +0x39, 0x30, 0x39, 0x34, 0x33, 0x34, 0x37, 0x5A, +0xA0, 0x11, 0x18, 0x0F, 0x32, 0x30, 0x31, 0x37, +0x31, 0x31, 0x32, 0x36, 0x30, 0x39, 0x34, 0x33, +0x34, 0x37, 0x5A, 0x30, 0x0D, 0x06, 0x09, 0x2A, +0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, +0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x54, +0x66, 0x9D, 0x96, 0x6B, 0x9D, 0x71, 0x18, 0x86, +0x90, 0x5D, 0xD9, 0x54, 0x9C, 0xC4, 0x7F, 0x18, +0x51, 0xE9, 0xFE, 0xF3, 0xE6, 0x48, 0x60, 0x89, +0x74, 0xFD, 0xF1, 0x6D, 0xDB, 0x1F, 0x5A, 0x28, +0x3D, 0x16, 0xEA, 0xA6, 0xD6, 0xE0, 0xAA, 0x42, +0xF9, 0x5B, 0x76, 0xA1, 0x59, 0xDA, 0x30, 0x8D, +0x08, 0x18, 0xDD, 0x60, 0x39, 0x0B, 0x90, 0x64, +0x11, 0x1E, 0x9D, 0xA2, 0x70, 0x18, 0xAD, 0xC6, +0x27, 0xD3, 0xF1, 0xBA, 0x11, 0x4E, 0xF6, 0x9D, +0x6C, 0xC5, 0xEB, 0xD6, 0xB7, 0x43, 0x9D, 0x32, +0x31, 0xC9, 0x24, 0x19, 0xB9, 0x47, 0x1C, 0x61, +0x09, 0x8F, 0xAA, 0x42, 0x5B, 0xAF, 0x66, 0x0F, +0x23, 0xAA, 0x80, 0xC0, 0x85, 0x7F, 0x00, 0x08, +0xCA, 0x30, 0xE4, 0xC8, 0xDA, 0x2F, 0xC4, 0xD2, +0x7E, 0x86, 0xCC, 0xDA, 0x6D, 0xD4, 0x7E, 0x40, +0x66, 0xD8, 0x5C, 0x27, 0x83, 0xDA, 0x10, 0x8F, +0x91, 0xA8, 0xE6, 0x9D, 0x44, 0x13, 0xF1, 0x04, +0x4E, 0xC9, 0xF9, 0xC8, 0xA2, 0xED, 0x9C, 0x9F, +0x05, 0xDA, 0xFA, 0x4A, 0xEA, 0xD2, 0x72, 0xF9, +0xF1, 0xF6, 0xDB, 0xFF, 0xF8, 0x55, 0x0E, 0x92, +0x75, 0xD6, 0x83, 0xBC, 0x7A, 0x95, 0xBE, 0xBF, +0x8D, 0xD5, 0xA3, 0x23, 0x02, 0x32, 0xF8, 0x60, +0xF7, 0x7C, 0x46, 0xC6, 0x69, 0x7E, 0xB7, 0x23, +0xE1, 0x36, 0xC2, 0xEE, 0xBD, 0xFF, 0x3C, 0x05, +0x5E, 0x07, 0x0C, 0xA6, 0x64, 0x65, 0x82, 0x46, +0xC9, 0x67, 0x73, 0xC9, 0x15, 0xC8, 0xFA, 0x0F, +0x73, 0xB5, 0x48, 0x0F, 0x0E, 0x6F, 0x43, 0xE8, +0x8D, 0x7A, 0x21, 0x88, 0x12, 0x08, 0x37, 0x18, +0x67, 0x66, 0x05, 0xD1, 0x2C, 0x4D, 0xE8, 0xA6, +0x1B, 0x4D, 0x29, 0xD4, 0xEF, 0x79, 0x83, 0xDB, +0xCA, 0x6E, 0xBC, 0xE4, 0xCA, 0x50, 0xB0, 0x73, +0xEF, 0xD6, 0xC7, 0x69, 0xF6, 0x16, 0x1E, 0xA0, +0x82, 0x04, 0x6E, 0x30, 0x82, 0x04, 0x6A, 0x30, +0x82, 0x04, 0x66, 0x30, 0x82, 0x03, 0x4E, 0xA0, +0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x6F, 0x93, +0x87, 0x5C, 0x4B, 0x9E, 0x94, 0x93, 0xF8, 0x5F, +0x16, 0xA7, 0x05, 0x86, 0x82, 0x8C, 0x30, 0x0D, +0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, +0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x7E, 0x31, +0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, +0x13, 0x02, 0x55, 0x53, 0x31, 0x1D, 0x30, 0x1B, +0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x14, 0x53, +0x79, 0x6D, 0x61, 0x6E, 0x74, 0x65, 0x63, 0x20, +0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, +0x69, 0x6F, 0x6E, 0x31, 0x1F, 0x30, 0x1D, 0x06, +0x03, 0x55, 0x04, 0x0B, 0x13, 0x16, 0x53, 0x79, +0x6D, 0x61, 0x6E, 0x74, 0x65, 0x63, 0x20, 0x54, +0x72, 0x75, 0x73, 0x74, 0x20, 0x4E, 0x65, 0x74, +0x77, 0x6F, 0x72, 0x6B, 0x31, 0x2F, 0x30, 0x2D, +0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x26, 0x53, +0x79, 0x6D, 0x61, 0x6E, 0x74, 0x65, 0x63, 0x20, +0x43, 0x6C, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, +0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, +0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41, +0x20, 0x2D, 0x20, 0x47, 0x34, 0x30, 0x1E, 0x17, +0x0D, 0x31, 0x37, 0x31, 0x30, 0x31, 0x30, 0x30, +0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x17, 0x0D, +0x31, 0x38, 0x30, 0x31, 0x30, 0x38, 0x32, 0x33, +0x35, 0x39, 0x35, 0x39, 0x5A, 0x30, 0x40, 0x31, +0x3E, 0x30, 0x3C, 0x06, 0x03, 0x55, 0x04, 0x03, +0x13, 0x35, 0x53, 0x79, 0x6D, 0x61, 0x6E, 0x74, +0x65, 0x63, 0x20, 0x43, 0x6C, 0x61, 0x73, 0x73, +0x20, 0x33, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, +0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, +0x20, 0x43, 0x41, 0x20, 0x2D, 0x20, 0x47, 0x34, +0x20, 0x4F, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, +0x73, 0x70, 0x6F, 0x6E, 0x64, 0x65, 0x72, 0x30, +0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, +0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, +0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, +0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, +0xBA, 0xB1, 0x3E, 0xBD, 0xF0, 0x1E, 0x19, 0x16, +0xEA, 0x20, 0x44, 0x73, 0x1F, 0xD8, 0x85, 0x17, +0xC4, 0xBF, 0x86, 0xF0, 0x75, 0x46, 0x02, 0xA8, +0x5B, 0x7F, 0xA8, 0xF8, 0xB2, 0x08, 0x08, 0x55, +0x01, 0xDD, 0x5B, 0xA4, 0x0B, 0xBD, 0x8A, 0x0A, +0x87, 0x90, 0x62, 0x21, 0x59, 0x67, 0x33, 0x36, +0x77, 0x49, 0xAB, 0x69, 0x4B, 0xDB, 0xB8, 0xFC, +0x27, 0xA9, 0x81, 0x4A, 0x1F, 0x5F, 0x7D, 0x5C, +0xC2, 0xE6, 0x54, 0x12, 0xFB, 0xA7, 0xEB, 0x9F, +0xB5, 0xAC, 0x05, 0xBE, 0xA9, 0x58, 0xAA, 0x49, +0x32, 0xEE, 0x73, 0xE8, 0x2F, 0xB1, 0xD3, 0x2E, +0x13, 0xBC, 0x26, 0x23, 0xA0, 0x82, 0xD4, 0x25, +0x20, 0x34, 0xAE, 0x16, 0x48, 0xFB, 0x55, 0x2B, +0x58, 0xC9, 0xC4, 0x84, 0xAC, 0xF7, 0xC4, 0x78, +0x62, 0xB7, 0xBF, 0xA2, 0x32, 0xC7, 0x34, 0x1C, +0xDF, 0x9E, 0xFE, 0xA8, 0x04, 0x85, 0xAF, 0xCB, +0x5A, 0xD6, 0xC6, 0x68, 0x9F, 0x28, 0x03, 0xB7, +0x98, 0x8E, 0xD4, 0xA5, 0xE1, 0x18, 0xD1, 0x64, +0x79, 0x67, 0x04, 0x33, 0x6C, 0x4B, 0xE0, 0xCF, +0x34, 0xFC, 0x81, 0x27, 0x98, 0x16, 0xBB, 0xA3, +0x9F, 0xE1, 0x4D, 0x2B, 0x71, 0x21, 0x41, 0x90, +0xFF, 0x20, 0xB8, 0x4A, 0xCF, 0xB2, 0x2D, 0xB1, +0xF8, 0x89, 0x40, 0xBC, 0xB3, 0x9F, 0x94, 0x1C, +0xF4, 0x68, 0xEA, 0x7B, 0x31, 0x29, 0xDA, 0x71, +0xCC, 0x37, 0x9A, 0xF9, 0x36, 0x0B, 0x58, 0x11, +0x6F, 0x28, 0x14, 0x6F, 0xAF, 0x57, 0x6B, 0xD7, +0xBD, 0x36, 0x98, 0xF4, 0x6C, 0x84, 0xF8, 0x48, +0xF1, 0xBF, 0x88, 0xEB, 0x5C, 0x06, 0x8B, 0x02, +0xF1, 0xDF, 0x6A, 0xFD, 0x61, 0xCF, 0x05, 0x5E, +0xB5, 0x99, 0x85, 0x31, 0x41, 0x1D, 0xE5, 0x67, +0x5C, 0x83, 0xA2, 0xBA, 0x9C, 0x9C, 0x37, 0x44, +0xEF, 0xBC, 0x0E, 0xDE, 0xBF, 0x91, 0x5B, 0x1F, +0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, +0x1C, 0x30, 0x82, 0x01, 0x18, 0x30, 0x0F, 0x06, +0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, +0x01, 0x05, 0x04, 0x02, 0x05, 0x00, 0x30, 0x22, +0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x1B, 0x30, +0x19, 0xA4, 0x17, 0x30, 0x15, 0x31, 0x13, 0x30, +0x11, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0A, +0x54, 0x47, 0x56, 0x2D, 0x45, 0x2D, 0x33, 0x32, +0x35, 0x36, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, +0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x5F, +0x60, 0xCF, 0x61, 0x90, 0x55, 0xDF, 0x84, 0x43, +0x14, 0x8A, 0x60, 0x2A, 0xB2, 0xF5, 0x7A, 0xF4, +0x43, 0x18, 0xEF, 0x30, 0x1D, 0x06, 0x03, 0x55, +0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x1E, 0xA5, +0xBD, 0xCA, 0x59, 0x64, 0x55, 0x85, 0xAC, 0xDA, +0x54, 0x34, 0x23, 0x40, 0xD1, 0xF6, 0xBD, 0xC3, +0xB0, 0xF6, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, +0x13, 0x01, 0x01, 0xFF, 0x04, 0x02, 0x30, 0x00, +0x30, 0x6E, 0x06, 0x03, 0x55, 0x1D, 0x20, 0x04, +0x67, 0x30, 0x65, 0x30, 0x63, 0x06, 0x0B, 0x60, +0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x07, +0x17, 0x03, 0x30, 0x54, 0x30, 0x26, 0x06, 0x08, +0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, +0x16, 0x1A, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, +0x2F, 0x77, 0x77, 0x77, 0x2E, 0x73, 0x79, 0x6D, +0x61, 0x75, 0x74, 0x68, 0x2E, 0x63, 0x6F, 0x6D, +0x2F, 0x63, 0x70, 0x73, 0x30, 0x2A, 0x06, 0x08, +0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, +0x30, 0x1E, 0x1A, 0x1C, 0x20, 0x20, 0x68, 0x74, +0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x77, 0x77, 0x77, +0x2E, 0x73, 0x79, 0x6D, 0x61, 0x75, 0x74, 0x68, +0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x72, 0x70, 0x61, +0x30, 0x13, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, +0x0C, 0x30, 0x0A, 0x06, 0x08, 0x2B, 0x06, 0x01, +0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0E, 0x06, +0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, +0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x0D, 0x06, +0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, +0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, +0x00, 0x45, 0xFF, 0xCA, 0xD2, 0xAC, 0x71, 0xBE, +0xA5, 0x62, 0x86, 0x93, 0x30, 0xD0, 0xE5, 0xE5, +0x87, 0xFC, 0xAA, 0x29, 0x73, 0x36, 0xD6, 0x66, +0x33, 0xC4, 0xCB, 0xC5, 0x6E, 0xC6, 0x2C, 0x8C, +0x8E, 0xEE, 0x4D, 0xC2, 0xFA, 0xB3, 0xC0, 0xE7, +0x11, 0x02, 0x69, 0x7A, 0xC5, 0x89, 0x28, 0x86, +0x31, 0xD5, 0x14, 0x43, 0x5A, 0x20, 0xB7, 0xBD, +0x1C, 0x0B, 0x1C, 0x3C, 0x84, 0x58, 0xBA, 0x56, +0x14, 0x5B, 0xB8, 0x38, 0x97, 0x18, 0x66, 0xD6, +0x12, 0x51, 0x4B, 0x5A, 0x2D, 0x0D, 0x00, 0xA7, +0xBA, 0x5A, 0xC9, 0x0C, 0x4B, 0x10, 0xDE, 0xF5, +0xAE, 0x56, 0xA5, 0x24, 0xC6, 0x3E, 0x5E, 0xD9, +0xF1, 0x39, 0x76, 0x0C, 0xD7, 0x4A, 0xBF, 0x19, +0x1F, 0x14, 0xA4, 0x18, 0xEC, 0x0F, 0x5D, 0x47, +0x00, 0x75, 0xF0, 0x4E, 0xB3, 0xA1, 0xB4, 0x81, +0x7B, 0x97, 0xAC, 0x0A, 0xA8, 0x5E, 0x92, 0xCC, +0xB0, 0x80, 0x53, 0x66, 0xFF, 0xC6, 0x1B, 0x71, +0xAF, 0xE3, 0x46, 0x55, 0x9D, 0x26, 0x51, 0x97, +0xB0, 0x66, 0x9D, 0x06, 0x70, 0xC5, 0x04, 0x78, +0xBC, 0x99, 0x42, 0xBA, 0x77, 0x82, 0x0E, 0xE8, +0x92, 0x18, 0x4A, 0x72, 0x92, 0x13, 0x25, 0x7F, +0x40, 0x15, 0xF7, 0xA8, 0x07, 0xA2, 0xAD, 0x03, +0xBA, 0x1C, 0xF2, 0x93, 0xBE, 0x14, 0x72, 0x69, +0x2B, 0x85, 0xAC, 0x2E, 0x2C, 0xBF, 0x1C, 0xC6, +0x6C, 0x91, 0xF3, 0x2F, 0xF0, 0xB0, 0x8A, 0xC3, +0xB8, 0xAC, 0x9B, 0xD1, 0xA1, 0x4C, 0xB7, 0x34, +0xCA, 0xC6, 0x90, 0x15, 0xA7, 0x39, 0xB4, 0xF1, +0xED, 0x54, 0x53, 0x5C, 0x29, 0x6F, 0xCE, 0x97, +0x3E, 0x72, 0x79, 0x24, 0xEA, 0xC8, 0x87, 0x21, +0x5F, 0x40, 0xBF, 0x53, 0x37, 0x8E, 0xCA, 0x0B, +0x44, 0xD0, 0x4B, 0x6E, 0xAD, 0x94, 0xFB, 0x0F, +0x33, 0xFE, 0x86, 0xDF, 0x4C, 0xE9, 0x94, 0xBB, +0x3F }; + +static gnutls_datum_t ocsp_resp1 = + { (unsigned char *) _resp, sizeof(_resp) }; + +static void check_response(gnutls_session_t session, void *priv) +{ + int ret; + gnutls_datum_t resp; + gnutls_datum_t *exp_resp = priv; + + ret = gnutls_ocsp_status_request_get(session, &resp); + if (ret < 0) { + if (priv == NULL) + return; + fail("no response was received\n"); + } + + if (priv == NULL) { + fail("not expected response, but received one\n"); + } + + if (resp.size != exp_resp->size || memcmp(resp.data, exp_resp->data, resp.size) != 0) { + fail("did not receive the expected response\n"); + } + + /* we provide a response, but an invalid one */ + ret = gnutls_ocsp_status_request_is_checked(session, 0); + if (ret != 0) { + fail("did not receive the expected value (%d)\n", ret); + } + + ret = gnutls_ocsp_status_request_is_checked(session, GNUTLS_OCSP_SR_IS_AVAIL); + if (ret == 0) { + fail("did not receive the expected value (%d)\n", ret); + } +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred; + gnutls_certificate_credentials_t clicred; + const char *certfile; + const char *ocspfile1; + char certname[TMPNAME_SIZE], ocspname1[TMPNAME_SIZE]; + time_t t; + FILE *fp; + + global_init(); + gnutls_global_set_time_function(mytime); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + certfile = get_tmpname(certname); + + fp = fopen(certfile, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost_ca3_cert_chain_pem, 1, strlen(server_localhost_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + /* set cert with localhost name */ + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile, certfile, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + + fp = fopen(certfile, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost6_ca3_cert_chain_pem, 1, strlen(server_localhost6_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + gnutls_certificate_set_flags(xcred, GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK); + + /* set OCSP response */ + ocspfile1 = get_tmpname(ocspname1); + fp = fopen(ocspfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_resp1.data, 1, ocsp_resp1.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile1, 0); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + t = gnutls_certificate_get_ocsp_expiration(xcred, 0, 0, 0); + if (t != 1511689427) + fail("error in OCSP validity time: %ld\n", (long int)t); + + t = gnutls_certificate_get_ocsp_expiration(xcred, 0, 1, 0); + if (t != -1) + fail("error in OCSP validity time: %ld\n", (long int)t); + + t = gnutls_certificate_get_ocsp_expiration(xcred, 0, -1, 0); + if (t != 1511689427) + fail("error in OCSP validity time: %ld\n", (long int)t); + + + /* make sure that our invalid OCSP responses are not considered in verification + */ + gnutls_certificate_set_verify_flags(clicred, GNUTLS_VERIFY_DISABLE_CRL_CHECKS); + if (gnutls_certificate_get_verify_flags(clicred) != GNUTLS_VERIFY_DISABLE_CRL_CHECKS) + fail("error in gnutls_certificate_set_verify_flags\n"); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in setting trust cert: %s\n", gnutls_strerror(ret)); + } + + test_cli_serv(xcred, clicred, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2", "localhost", &ocsp_resp1, check_response, NULL); /* the DNS name of the first cert */ + + test_cli_serv(xcred, clicred, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", "localhost", &ocsp_resp1, check_response, NULL); /* the DNS name of the first cert */ + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); + remove(ocspfile1); + remove(certfile); +} + +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/set_x509_key_file_ocsp_multi2.c b/tests/set_x509_key_file_ocsp_multi2.c new file mode 100644 index 0000000..b8dd927 --- /dev/null +++ b/tests/set_x509_key_file_ocsp_multi2.c @@ -0,0 +1,249 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#ifdef ENABLE_OCSP + +#include "cert-common.h" +#include "utils.h" + +/* Tests whether setting an OCSP response to a server with multiple + * certificate sets, is working as expected. It tests + * gnutls_certificate_set_ocsp_status_request_function2 */ + +static time_t mytime(time_t * t) +{ + time_t then = 1469186559; + if (t) + *t = then; + + return then; +} + +#define RESP1 "\x30\x82\x06\x8C\x0A\x01\x00\xA0\x82\x06\x85\x30\x82\x06\x81\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\x72\x30\x82\x06\x6E\x30\x82\x01\x07\xA1\x69\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\x30\x64\x30\x62\x30\x3A\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x13\x9D\xA0\x9E\xF4\x32\xAB\x8F\xE2\x89\x56\x67\xFA\xD0\xD4\xE3\x35\x86\x71\xB9\x04\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\x02\x01\x1D\x80\x00\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\xA0\x11\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x39\x32\x38\x5A\xA1\x23\x30\x21\x30\x1F\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x16\x89\x7D\x91\x3A\xB5\x25\xA4\x45\xFE\xC9\xFD\xC2\xE5\x08\xA4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\xAD\x6B\x2B\xF7\xF2\xBF\xA9\x23\x1E\x3A\x0B\x06\xDB\x55\x53\x2B\x64\x54\x11\x32\xBF\x60\xF7\x4F\xE0\x8E\x9B\xA0\xA2\x4C\x79\xC3\x2A\xE0\x43\xF7\x40\x1A\xDC\xB9\xB4\x25\xEF\x48\x01\x97\x8C\xF5\x1E\xDB\xD1\x30\x37\x73\x69\xD6\xA7\x7A\x2D\x8E\xDE\x5C\xAA\xEA\x39\xB9\x52\xAA\x25\x1E\x74\x7D\xF9\x78\x95\x8A\x92\x1F\x98\x21\xF4\x60\x7F\xD3\x28\xEE\x47\x9C\xBF\xE2\x5D\xF6\x3F\x68\x0A\xD6\xFF\x08\xC1\xDC\x95\x1E\x29\xD7\x3E\x85\xD5\x65\xA4\x4B\xC0\xAF\xC3\x78\xAB\x06\x98\x88\x19\x8A\x64\xA6\x83\x91\x87\x13\xDB\x17\xCC\x46\xBD\xAB\x4E\xC7\x16\xD1\xF8\x35\xFD\x27\xC8\xF6\x6B\xEB\x37\xB8\x08\x6F\xE2\x6F\xB4\x7E\xD5\x68\xDB\x7F\x5D\x5E\x36\x38\xF2\x77\x59\x13\xE7\x3E\x4D\x67\x5F\xDB\xA2\xF5\x5D\x7C\xBF\xBD\xB5\x37\x33\x51\x36\x63\xF8\x21\x1E\xFC\x73\x8F\x32\x69\xBB\x97\xA7\xBD\xF1\xB6\xE0\x40\x09\x68\xEA\xD5\x93\xB8\xBB\x39\x8D\xA8\x16\x1B\xBF\x04\x7A\xBC\x18\x43\x01\xE9\x3C\x19\x5C\x4D\x4B\x98\xD8\x23\x37\x39\xA4\xC4\xDD\xED\x9C\xEC\x37\xAB\x66\x44\x9B\xE7\x5B\x5D\x32\xA2\xDB\xA6\x0B\x3B\x8C\xE1\xF5\xDB\xCB\x7D\x58\xA0\x82\x04\x4B\x30\x82\x04\x47\x30\x82\x04\x43\x30\x82\x03\x2B\xA0\x03\x02\x01\x02\x02\x01\x1E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x39\x31\x31\x32\x34\x31\x32\x35\x31\x35\x33\x5A\x17\x0D\x31\x34\x31\x31\x32\x33\x31\x32\x35\x31\x35\x33\x5A\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBC\x05\x3E\x4B\xBE\xC6\xB1\x33\x48\x0E\xC3\xD4\x0C\xEF\x83\x0B\xBD\xBC\x57\x5F\x14\xEF\xF5\x6D\x0B\xFF\xFA\x01\x9C\xFA\x21\x6D\x5C\xAE\x79\x29\x74\xFE\xBD\xAB\x70\x87\x98\x6B\x48\x35\x79\xE3\xE0\xC1\x14\x41\x1F\x0A\xF7\xE7\xA3\xA6\xDA\x6B\xFF\xCD\x74\xE9\x95\x00\x38\xAA\xD6\x3A\x60\xC6\x64\xA1\xE6\x02\x39\x58\x4E\xFD\xF2\x78\x08\x63\xB6\xD7\x7A\x96\x79\x62\x18\x39\xEE\x27\x8D\x3B\xA2\x3D\x48\x88\xDB\x43\xD6\x6A\x77\x20\x6A\x27\x39\x50\xE0\x02\x50\x19\xF2\x7A\xCF\x78\x23\x99\x01\xD4\xE5\xB1\xD1\x31\xE6\x6B\x84\xAF\xD0\x77\x41\x46\x85\xB0\x3B\xE6\x6A\x00\x0F\x3B\x7E\x95\x7F\x59\xA8\x22\xE8\x49\x49\x05\xC8\xCB\x6C\xEE\x47\xA7\x2D\xC9\x74\x5B\xEB\x8C\xD5\x99\xC2\xE2\x70\xDB\xEA\x87\x43\x84\x0E\x4F\x83\x1C\xA6\xEB\x1F\x22\x38\x17\x69\x9B\x72\x12\x95\x48\x71\xB2\x7B\x92\x73\x52\xAB\xE3\x1A\xA5\xD3\xF4\x44\x14\xBA\xC3\x35\xDA\x91\x6C\x7D\xB4\xC2\x00\x07\xD8\x0A\x51\xF1\x0D\x4C\xD9\x7A\xD1\x99\xE6\xA8\x8D\x0A\x80\xA8\x91\xDD\x8A\xA2\x6B\xF6\xDB\xB0\x3E\xC9\x71\xA9\xE0\x39\xC3\xA3\x58\x0D\x87\xD0\xB2\xA7\x9C\xB7\x69\x02\x03\x01\x00\x01\xA3\x82\x01\x1A\x30\x82\x01\x16\x30\x09\x06\x03\x55\x1D\x13\x04\x02\x30\x00\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x03\xA8\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x34\x91\x6E\x91\x32\xBF\x35\x25\x43\xCC\x28\x74\xEF\x82\xC2\x57\x92\x79\x13\x73\x30\x6D\x06\x03\x55\x1D\x23\x04\x66\x30\x64\x80\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\xA1\x49\xA4\x47\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x82\x01\x00\x30\x1E\x06\x03\x55\x1D\x11\x04\x17\x30\x15\x82\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x13\x06\x03\x55\x1D\x25\x04\x0C\x30\x0A\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x39\x06\x03\x55\x1D\x1F\x04\x32\x30\x30\x30\x2E\xA0\x2C\xA0\x2A\x86\x28\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x2F\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x6D\x78\xD7\x66\x90\xA6\xEB\xDD\xB5\x09\x48\xA4\xDA\x27\xFA\xAC\xB1\xBC\x8F\x8C\xBE\xCC\x8C\x09\xA2\x40\x0D\x6C\x4A\xAE\x72\x22\x1E\xC8\xAF\x6D\xF1\x12\xAF\xD7\x40\x51\x79\xD4\xDD\xB2\x0C\xDB\x97\x84\xB6\x24\xD5\xF5\xA8\xBB\xC0\x4B\xF9\x7F\x71\xF7\xB0\x65\x42\x4A\x7D\xFE\x76\x7E\x05\xD2\x46\xB8\x7D\xB3\x39\x4C\x5C\xB1\xFA\xB9\xEE\x3B\x70\x33\x39\x57\x1A\xB9\x95\x51\x33\x00\x25\x1B\x4C\xAA\xB4\xA7\x55\xAF\x63\x6D\x6F\x88\x17\x6A\x7F\xB0\x97\xDE\x49\x14\x6A\x27\x6A\xB0\x42\x80\xD6\xA6\x9B\xEF\x04\x5E\x11\x7D\xD5\x8E\x54\x20\xA2\x76\xD4\x66\x58\xAC\x9C\x12\xD3\xF5\xCA\x54\x98\xCA\x21\xEC\xC1\x55\xA1\x2F\x68\x0B\x5D\x04\x50\xD2\x5E\x70\x25\xD8\x13\xD9\x44\x51\x0E\x8A\x42\x08\x18\x84\xE6\x61\xCE\x5A\x7D\x7B\x81\x35\x90\xC3\xD4\x9D\x19\xB6\x37\xEE\x8F\x63\x5C\xDA\xD8\xF0\x64\x60\x39\xEB\x9B\x1C\x54\x66\x75\x76\xB5\x0A\x58\xB9\x3F\x91\xE1\x21\x9C\xA0\x50\x15\x97\xB6\x7E\x41\xBC\xD0\xC4\x21\x4C\xF5\xD7\xF0\x13\xF8\x77\xE9\x74\xC4\x8A\x0E\x20\x17\x32\xAE\x38\xC2\xA5\xA8\x62\x85\x17\xB1\xA2\xD3\x22\x9F\x95\xB7\xA3\x4C" + +static gnutls_datum_t ocsp_resp1 = + { (unsigned char *) RESP1, sizeof(RESP1) - 1 }; + +#define RESP2 "\x30\x82\x06\x8C\x0A\x01\x00\xA0\x82\x06\x85\x30\x82\x06\x81\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\x72\x30\x82\x06\x6E\x30\x82\x01\x07\xA1\x69\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\x30\x64\x30\x62\x30\x3A\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x13\x9D\xA0\x9E\xF4\x32\xAB\x8F\xE2\x89\x56\x67\xFA\xD0\xD4\xE3\x35\x86\x71\xB9\x04\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\x02\x01\x1D\x80\x00\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\xA0\x11\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x39\x32\x38\x5A\xA1\x23\x30\x21\x30\x1F\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x16\x89\x7D\x91\x3A\xB5\x25\xA4\x45\xFE\xC9\xFD\xC2\xE5\x08\xA4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\xAD\x6B\x2B\xF7\xF2\xBF\xA9\x23\x1E\x3A\x0B\x06\xDB\x55\x53\x2B\x64\x54\x11\x32\xBF\x60\xF7\x4F\xE0\x8E\x9B\xA0\xA2\x4C\x79\xC3\x2A\xE0\x43\xF7\x40\x1A\xDC\xB9\xB4\x25\xEF\x48\x01\x97\x8C\xF5\x1E\xDB\xD1\x30\x37\x73\x69\xD6\xA7\x7A\x2D\x8E\xDE\x5C\xAA\xEA\x39\xB9\x52\xAA\x25\x1E\x74\x7D\xF9\x78\x95\x8A\x92\x1F\x98\x21\xF4\x60\x7F\xD3\x28\xEE\x47\x9C\xBF\xE2\x5D\xF6\x3F\x68\x0A\xD6\xFF\x08\xC1\xDC\x95\x1E\x29\xD7\x3E\x85\xD5\x65\xA4\x4B\xC0\xAF\xC3\x78\xAB\x06\x98\x88\x19\x8A\x64\xA6\x83\x91\x87\x13\xDB\x17\xCC\x46\xBD\xAB\x4E\xC7\x16\xD1\xF8\x35\xFD\x27\xC8\xF6\x6B\xEB\x37\xB8\x08\x6F\xE2\x6F\xB4\x7E\xD5\x68\xDB\x7F\x5D\x5E\x36\x38\xF2\x77\x59\x13\xE7\x3E\x4D\x67\x5F\xDB\xA2\xF5\x5D\x7C\xBF\xBD\xB5\x37\x33\x51\x36\x63\xF8\x21\x1E\xFC\x73\x8F\x32\x69\xBB\x97\xA7\xBD\xF1\xB6\xE0\x40\x09\x68\xEA\xD5\x93\xB8\xBB\x39\x8D\xA8\x16\x1B\xBF\x04\x7A\xBC\x18\x43\x01\xE9\x3C\x19\x5C\x4D\x4B\x98\xD8\x23\x37\x39\xA4\xC4\xDD\xED\x9C\xEC\x37\xAB\x66\x44\x9B\xE7\x5B\x5D\x32\xA2\xDB\xA6\x0B\x3B\x8C\xE1\xF5\xDB\xCB\x7D\x58\xA0\x82\x04\x4B\x30\x82\x04\x47\x30\x82\x04\x43\x30\x82\x03\x2B\xA0\x03\x02\x01\x02\x02\x01\x1E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x39\x31\x31\x32\x34\x31\x32\x35\x31\x35\x33\x5A\x17\x0D\x31\x34\x31\x31\x32\x33\x31\x32\x35\x31\x35\x33\x5A\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBC\x05\x3E\x4B\xBE\xC6\xB1\x33\x48\x0E\xC3\xD4\x0C\xEF\x83\x0B\xBD\xBC\x57\x5F\x14\xEF\xF5\x6D\x0B\xFF\xFA\x01\x9C\xFA\x21\x6D\x5C\xAE\x79\x29\x74\xFE\xBD\xAB\x70\x87\x98\x6B\x48\x35\x79\xE3\xE0\xC1\x14\x41\x1F\x0A\xF7\xE7\xA3\xA6\xDA\x6B\xFF\xCD\x74\xE9\x95\x00\x38\xAA\xD6\x3A\x60\xC6\x64\xA1\xE6\x02\x39\x58\x4E\xFD\xF2\x78\x08\x63\xB6\xD7\x7A\x96\x79\x62\x18\x39\xEE\x27\x8D\x3B\xA2\x3D\x48\x88\xDB\x43\xD6\x6A\x77\x20\x6A\x27\x39\x50\xE0\x02\x50\x19\xF2\x7A\xCF\x78\x23\x99\x01\xD4\xE5\xB1\xD1\x31\xE6\x6B\x84\xAF\xD0\x77\x41\x46\x85\xB0\x3B\xE6\x6A\x00\x0F\x3B\x7E\x95\x7F\x59\xA8\x22\xE8\x49\x49\x05\xC8\xCB\x6C\xEE\x47\xA7\x2D\xC9\x74\x5B\xEB\x8C\xD5\x99\xC2\xE2\x70\xDB\xEA\x87\x43\x84\x0E\x4F\x83\x1C\xA6\xEB\x1F\x22\x38\x17\x69\x9B\x72\x12\x95\x48\x71\xB2\x7B\x92\x73\x52\xAB\xE3\x1A\xA5\xD3\xF4\x44\x14\xBA\xC3\x35\xDA\x91\x6C\x7D\xB4\xC2\x00\x07\xD8\x0A\x51\xF1\x0D\x4C\xD9\x7A\xD1\x99\xE6\xA8\x8D\x0A\x80\xA8\x91\xDD\x8A\xA2\x6B\xF6\xDB\xB0\x3E\xC9\x71\xA9\xE0\x39\xC3\xA3\x58\x0D\x87\xD0\xB2\xA7\x9C\xB7\x69\x02\x03\x01\x00\x01\xA3\x82\x01\x1A\x30\x82\x01\x16\x30\x09\x06\x03\x55\x1D\x13\x04\x02\x30\x00\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x03\xA8\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x34\x91\x6E\x91\x32\xBF\x35\x25\x43\xCC\x28\x74\xEF\x82\xC2\x57\x92\x79\x13\x73\x30\x6D\x06\x03\x55\x1D\x23\x04\x66\x30\x64\x80\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\xA1\x49\xA4\x47\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x82\x01\x00\x30\x1E\x06\x03\x55\x1D\x11\x04\x17\x30\x15\x82\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x13\x06\x03\x55\x1D\x25\x04\x0C\x30\x0A\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x39\x06\x03\x55\x1D\x1F\x04\x32\x30\x30\x30\x2E\xA0\x2C\xA0\x2A\x86\x28\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x2F\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x6D\x78\xD7\x66\x90\xA6\xEB\xDD\xB5\x09\x48\xA4\xDA\x27\xFA\xAC\xB1\xBC\x8F\x8C\xBE\xCC\x8C\x09\xA2\x40\x0D\x6C\x4A\xAE\x72\x22\x1E\xC8\xAF\x6D\xF1\x12\xAF\xD7\x40\x51\x79\xD4\xDD\xB2\x0C\xDB\x97\x84\xB6\x24\xD5\xF5\xA8\xBB\xC0\x4B\xF9\x7F\x71\xF7\xB0\x65\x42\x4A\x7D\xFE\x76\x7E\x05\xD2\x46\xB8\x7D\xB3\x39\x4C\x5C\xB1\xFA\xB9\xEE\x3B\x70\x33\x39\x57\x1A\xB9\x95\x51\x33\x00\x25\x1B\x4C\xAA\xB4\xA7\x55\xAF\x63\x6D\x6F\x88\x17\x6A\x7F\xB0\x97\xDE\x49\x14\x6A\x27\x6A\xB0\x42\x80\xD6\xA6\x9B\xEF\x04\x5E\x11\x7D\xD5\x8E\x54\x20\xA2\x76\xD4\x66\x58\xAC\x9C\x12\xD3\xF5\xCA\x54\x98\xCA\x21\xEC\xC1\x55\xA1\x2F\x68\x0B\x5D\x04\x50\xD2\x5E\x70\x25\xD8\x13\xD9\x44\x51\x0E\x8A\x42\x08\x18\x84\xE6\x61\xCE\x5A\x7D\x7B\x81\x35\x90\xC3\xD4\x9D\x19\xB6\x37\xEE\x8F\x63\x5C\xDA\xD8\xF0\x64\x60\x39\xEB\x9B\x1C\x54\x66\x75\x76\xB5\x0A\x58\xB9\x3F\x91\xE1\x21\x9C\xA0\x50\x15\x97\xB6\x7E\x41\xBC\xD0\xC4\x21\x4C\xF5\xD7\xF0\x13\xF8\x77\xE9\x74\xC4\x8A\x0E\x20\x17\x32\xAE\x38\xC2\xA5\xA8\x62\x85\x17\xB1\xA2\xD3\x22\x9F\x95\xB7\xA3\x4C" + +static gnutls_datum_t ocsp_resp2 = + { (unsigned char *) RESP2, sizeof(RESP2) - 1 }; + +#define RESP3 "\x30\x82\x01\xd3\x0a\x01\x00\xa0\x82\x01\xcc\x30\x82\x01\xc8\x06\x09\x2b\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x01\xb9\x30\x82\x01\xb5\x30\x81\x9e\xa2\x16\x04\x14\x50\xea\x73\x89\xdb\x29\xfb\x10\x8f\x9e\xe5\x01\x20\xd4\xde\x79\x99\x48\x83\xf7\x18\x0f\x32\x30\x31\x34\x30\x39\x30\x34\x30\x35\x34\x39\x30\x30\x5a\x30\x73\x30\x71\x30\x49\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14\xed\x48\xad\xdd\xcb\x7b\x00\xe2\x0e\x84\x2a\xa9\xb4\x09\xf1\xac\x30\x34\xcf\x96\x04\x14\x50\xea\x73\x89\xdb\x29\xfb\x10\x8f\x9e\xe5\x01\x20\xd4\xde\x79\x99\x48\x83\xf7\x02\x10\x02\x01\x48\x91\x5d\xfd\x5e\xb6\xe0\x02\x90\xa9\x67\xb0\xe4\x64\x80\x00\x18\x0f\x32\x30\x31\x34\x30\x39\x30\x34\x30\x35\x34\x39\x30\x30\x5a\xa0\x11\x18\x0f\x32\x30\x31\x34\x30\x39\x31\x31\x30\x36\x30\x34\x30\x30\x5a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x6e\x5e\x5e\x81\xff\x3f\x4d\xc7\x53\xc7\x1b\xf3\xd3\x1d\xdc\x9a\xc7\xce\x77\x2c\x67\x56\x13\x98\x91\x02\x01\x76\xdc\x48\xb2\x1f\x9b\x17\xea\xbf\x2c\x0a\xf5\x1d\x98\x90\x3c\x5f\x55\xc2\xff\x4b\x9a\xbc\xa6\x83\x9e\xab\x2b\xeb\x9d\x01\xea\x3b\x5f\xbe\x03\x29\x70\x63\x2a\xa4\x1d\xa8\xab\x69\xb2\x64\xba\x5d\x73\x91\x5c\x92\xf3\x69\xd4\xc9\x39\x9c\x7c\x7d\xa2\x47\x92\xc2\x56\xfe\xa1\x0d\x4a\x69\xff\xda\x48\xc5\x5e\xd8\xab\x39\x88\x6a\x06\xfa\x07\x57\xd6\x48\xb5\xce\xc9\x5f\xa5\x96\xfe\x37\x18\x5e\x7f\x35\x51\xc1\x9e\x79\x5a\x26\xba\x67\x67\x38\x2a\x80\x75\x42\x99\x68\x3e\xec\x2f\x7e\x2d\xa1\xa6\xbe\x9f\x01\x51\x22\x88\x3a\xc9\x9c\xed\x51\xef\x21\x66\x7e\xa9\xd0\x3f\x13\x9c\xbb\xd2\x94\x14\x6f\x4b\xd9\xc4\xf5\x2c\xf5\x7d\x07\x68\xf3\x51\xac\xda\xc2\x09\x66\xa9\x3d\xed\xad\x02\x4d\x9c\x11\x29\x1a\x54\xfb\x1e\x7e\x36\xf4\xbb\x0d\x08\x8c\x6a\x42\x08\x10\x29\x08\x7c\x56\x0b\x18\x47\xff\x87\x11\xfd\xb2\xfb\xc9\x22\x7f\xe3\x1f\x7b\xf9\x98\xaa\x3a\x32\xb6\x2f\x02\xba\xb6\xc1\xdc\xc3\x5d\xb5\x4b\xae\x5d\x29\x6a\x31\xde\xcd" +static gnutls_datum_t ocsp_resp3 = + { (unsigned char *) RESP3, sizeof(RESP3) - 1 }; + +static void check_response(gnutls_session_t session, void *priv) +{ + int ret; + gnutls_datum_t resp; + gnutls_datum_t *exp_resp = priv; + + ret = gnutls_ocsp_status_request_get(session, &resp); + if (ret < 0) { + if (priv == NULL) + return; + fail("no response was received\n"); + } + + if (priv == NULL) { + fail("not expected response, but received one\n"); + } + + if (resp.size != exp_resp->size || memcmp(resp.data, exp_resp->data, resp.size) != 0) { + fail("did not receive the expected response\n"); + } +} + +static int ocsp_func(gnutls_session_t session, void *ptr, gnutls_datum_t *ocsp_response) +{ + gnutls_datum_t *c = ptr; + ocsp_response->data = gnutls_malloc(c->size); + assert(ocsp_response->data != NULL); + + memcpy(ocsp_response->data, c->data, c->size); + ocsp_response->size = c->size; + + return 0; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred; + gnutls_certificate_credentials_t clicred; + const char *certfile1; + const char *certfile2; + const char *certfile3; + char certname1[TMPNAME_SIZE]; + char certname2[TMPNAME_SIZE]; + char certname3[TMPNAME_SIZE]; + FILE *fp; + unsigned index1, index2, index3; /* indexes of certs */ + + global_init(); + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + gnutls_certificate_set_flags(xcred, GNUTLS_CERTIFICATE_API_V2); + + certfile1 = get_tmpname(certname1); + + /* set cert with localhost name */ + fp = fopen(certfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost_ca3_cert_chain_pem, 1, strlen(server_localhost_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile1, certfile1, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index1 = ret; + + /* set cert with localhost6 name */ + certfile2 = get_tmpname(certname2); + + fp = fopen(certfile2, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost6_ca3_cert_chain_pem, 1, strlen(server_localhost6_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile2, certfile2, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index2 = ret; + + fp = fopen(certfile2, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost6_ca3_cert_chain_pem, 1, strlen(server_localhost6_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + /* set ECC cert */ + certfile3 = get_tmpname(certname3); + + fp = fopen(certfile3, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ecc_cert, 1, strlen(ecc_cert), fp)>0); + assert(fwrite(ecc_key, 1, strlen(ecc_key), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile3, certfile3, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index3 = ret; + + fp = fopen(certfile3, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost6_ca3_cert_chain_pem, 1, strlen(server_localhost6_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + /* set OCSP response1 */ + ret = gnutls_certificate_set_ocsp_status_request_function2(xcred, index1, ocsp_func, &ocsp_resp1); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set OCSP response2 */ + ret = gnutls_certificate_set_ocsp_status_request_function2(xcred, index2, ocsp_func, &ocsp_resp2); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set OCSP response3 */ + ret = gnutls_certificate_set_ocsp_status_request_function2(xcred, index3, ocsp_func, &ocsp_resp3); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set an OCSP response outside the bounds */ + assert(gnutls_certificate_set_ocsp_status_request_function2(xcred, 34, ocsp_func, NULL) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + /* make sure that our invalid OCSP responses are not considered in verification + */ + gnutls_certificate_set_verify_flags(clicred, GNUTLS_VERIFY_DISABLE_CRL_CHECKS); + if (gnutls_certificate_get_verify_flags(clicred) != GNUTLS_VERIFY_DISABLE_CRL_CHECKS) + fail("error in gnutls_certificate_set_verify_flags\n"); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in setting trust cert: %s\n", gnutls_strerror(ret)); + } + + success("TLS1.2 + resp1\n"); + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", "localhost", &ocsp_resp1, check_response, NULL); + success("TLS1.2 + resp2\n"); + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", "localhost6", &ocsp_resp2, check_response, NULL); + success("TLS1.2 + resp3\n"); + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-RSA:-RSA:-DHE-RSA:-VERS-TLS-ALL:+VERS-TLS1.2", NULL, &ocsp_resp3, check_response, NULL); + + success("TLS1.3 + resp1\n"); + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3", "localhost", &ocsp_resp1, check_response, NULL); + success("TLS1.3 + resp2\n"); + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3", "localhost6", &ocsp_resp2, check_response, NULL); + success("TLS1.3 + resp3\n"); + test_cli_serv(xcred, clicred, "NORMAL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:-ECDHE-RSA:-RSA:-DHE-RSA:-VERS-TLS-ALL:+VERS-TLS1.3", NULL, &ocsp_resp3, check_response, NULL); + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); + remove(certfile1); + remove(certfile2); + remove(certfile3); +} + +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/set_x509_key_mem.c b/tests/set_x509_key_mem.c new file mode 100644 index 0000000..5bb1145 --- /dev/null +++ b/tests/set_x509_key_mem.c @@ -0,0 +1,118 @@ +/* + * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* Test for memory allocations in a non-matching key-cert pair loading. + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +void doit(void) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_certificate_credentials_t clicred; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + gnutls_certificate_allocate_credentials(&x509_cred); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &cli_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + if (ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { + fail("error in error code\n"); + exit(1); + } + + gnutls_certificate_free_credentials(x509_cred); + + /* test gnutls_certificate_flags() */ + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH); + + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost6_cert_chain, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in error code\n"); + exit(1); + } + + ret = gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert_chain, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in error code\n"); + exit(1); + } + + test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); + test_cli_serv(x509_cred, clicred, "NORMAL", "localhost6", NULL, NULL, NULL); + + gnutls_certificate_free_credentials(x509_cred); + gnutls_certificate_free_credentials(clicred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/set_x509_key_utf8.c b/tests/set_x509_key_utf8.c new file mode 100644 index 0000000..7753c7f --- /dev/null +++ b/tests/set_x509_key_utf8.c @@ -0,0 +1,190 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" +#define MIN(x,y) (((x)<(y))?(x):(y)) + +/* Test for gnutls_certificate_set_x509_key() + * + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1473674242; + if (t) + *t = then; + + return then; +} + +static void compare(const gnutls_datum_t *der, const void *ipem) +{ + gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)}; + gnutls_datum_t new_der; + int ret; + + ret = gnutls_pem_base64_decode2("CERTIFICATE", &pem, &new_der); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + if (der->size != new_der.size || memcmp(der->data, new_der.data, der->size) != 0) { + fail("error in %d: %s\n", __LINE__, "cert don't match"); + exit(1); + } + gnutls_free(new_der.data); + return; +} + +static int import_key(gnutls_certificate_credentials_t xcred, const gnutls_datum_t *skey, const gnutls_datum_t *cert) +{ + gnutls_x509_privkey_t key; + gnutls_x509_crt_t *crt_list; + unsigned crt_list_size, idx, i; + gnutls_datum_t tcert; + int ret; + + assert(gnutls_x509_privkey_init(&key)>=0); + + ret = gnutls_x509_crt_list_import2(&crt_list, &crt_list_size, cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fail("error in gnutls_x509_crt_list_import2: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_x509_privkey_import(key, skey, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in key import: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_x509_key(xcred, crt_list, + crt_list_size, key); + if (ret < 0) { + success("error in gnutls_certificate_set_x509_key: %s\n", gnutls_strerror(ret)); + idx = ret; + goto cleanup; + } + + /* return index */ + idx = ret; + + /* verify whether the stored certificate match the ones we have */ + for (i=0;idata+i); + } + + cleanup: + gnutls_x509_privkey_deinit(key); + for (i=0;i= 0); + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + gnutls_certificate_set_flags(x509_cred, GNUTLS_CERTIFICATE_API_V2); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + idx = import_key(x509_cred, &server_ca3_key, &server_ca3_localhost_cert_chain); + assert(idx == 0); + + idx = import_key(x509_cred, &server_ca3_key, &server_ca3_localhost_utf8_cert); + assert(idx == 1); + + test_cli_serv(x509_cred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); + test_cli_serv(x509_cred, clicred, "NORMAL", "www.xn--kxawhku.com", NULL, NULL, NULL); /* the previous name in IDNA format */ + test_cli_serv(x509_cred, clicred, "NORMAL", "简体中文.εξτÏα.com", NULL, NULL, NULL); /* the second DNS name of cert */ + test_cli_serv(x509_cred, clicred, "NORMAL", "xn--fiqu1az03c18t.xn--mxah1amo.com", NULL, NULL, NULL); /* its IDNA equivalent */ + + test_cli_serv_expect(x509_cred, clicred, "NORMAL", "NORMAL", "raw:简体中文.εξτÏα.com", GNUTLS_E_RECEIVED_DISALLOWED_NAME, GNUTLS_E_AGAIN); + + gnutls_certificate_free_credentials(x509_cred); + gnutls_certificate_free_credentials(clicred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} + diff --git a/tests/set_x509_ocsp_multi_cli.c b/tests/set_x509_ocsp_multi_cli.c new file mode 100644 index 0000000..ae80ca3 --- /dev/null +++ b/tests/set_x509_ocsp_multi_cli.c @@ -0,0 +1,218 @@ +/* + * Copyright (C) 2020 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#ifdef ENABLE_OCSP + +#include "cert-common.h" +#include "ocsp-common.h" +#include "utils.h" + +/* Tests whether setting an OCSP response to a client + * is working as expected */ + +static time_t mytime(time_t * t) +{ + time_t then = OCSP_RESP_DATE; + if (t) + *t = then; + + return then; +} + +static void check_cli(gnutls_session_t session, void *priv) +{ + assert((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SERV_REQUESTED_OCSP) != 0); +} + +static void check_serv(gnutls_session_t session, void *priv) +{ + int ret; + unsigned int status; + gnutls_datum_t resp; + gnutls_datum_t *exp_resp = priv; + + assert((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_SERV_REQUESTED_OCSP) != 0); + + ret = gnutls_ocsp_status_request_get(session, &resp); + if (ret < 0) { + if (priv == NULL) + return; + fail("no response was received\n"); + } + + if (priv == NULL) { + fail("not expected response, but received one\n"); + } + + if (resp.size != exp_resp->size || memcmp(resp.data, exp_resp->data, resp.size) != 0) { + fail("did not receive the expected response\n"); + } + + /* Check intermediate response */ + if (gnutls_protocol_get_version(session) == GNUTLS_TLS1_3) { + ret = gnutls_ocsp_status_request_get2(session, 1, &resp); + if (ret < 0) { + fail("no intermediate response was received\n"); + } + + if (resp.size != ocsp_subca3_unknown.size || memcmp(resp.data, ocsp_subca3_unknown.data, resp.size) != 0) { + fail("did not receive the expected intermediate response\n"); + } + } + + ret = gnutls_certificate_verify_peers2(session, &status); + if (ret != 0) + fail("error in verification (%s)\n", gnutls_strerror(ret)); + + ret = gnutls_ocsp_status_request_is_checked(session, GNUTLS_OCSP_SR_IS_AVAIL); + if (ret == 0) { + fail("did not receive the expected value (%d)\n", ret); + } + + ret = gnutls_ocsp_status_request_is_checked(session, 0); + if (ret == 0) { + fail("did not receive the expected value (%d)\n", ret); + } +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred; + gnutls_certificate_credentials_t clicred; + const char *certfile1; + const char *ocspfile1; + char certname1[TMPNAME_SIZE], ocspname1[TMPNAME_SIZE]; + FILE *fp; + unsigned index1; + time_t t; + + global_init(); + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + gnutls_certificate_set_flags(xcred, GNUTLS_CERTIFICATE_API_V2); + + certfile1 = get_tmpname(certname1); + + /* set cert with localhost name */ + fp = fopen(certfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost_ca3_cert_chain_pem, 1, strlen(server_localhost_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile1, certfile1, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_x509_key_file2(clicred, certfile1, certfile1, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index1 = ret; + + /* set OCSP response1, include an unrelated OCSP response */ + ocspfile1 = get_tmpname(ocspname1); + fp = fopen(ocspfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_subca3_unknown_pem.data, 1, ocsp_subca3_unknown_pem.size, fp)>0); + assert(fwrite(ocsp_ca3_localhost_unknown_pem.data, 1, ocsp_ca3_localhost_unknown_pem.size, fp)>0); + assert(fwrite(ocsp_ca3_localhost6_unknown_pem.data, 1, ocsp_ca3_localhost6_unknown_pem.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file2(clicred, ocspfile1, index1, + GNUTLS_X509_FMT_PEM); + if (ret != GNUTLS_E_OCSP_MISMATCH_WITH_CERTS) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set OCSP response1, include correct responses */ + remove(ocspfile1); + fp = fopen(ocspfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_subca3_unknown_pem.data, 1, ocsp_subca3_unknown_pem.size, fp)>0); + assert(fwrite(ocsp_ca3_localhost_unknown_pem.data, 1, ocsp_ca3_localhost_unknown_pem.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file2(clicred, ocspfile1, index1, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in setting trust cert: %s\n", gnutls_strerror(ret)); + } + + t = gnutls_certificate_get_ocsp_expiration(clicred, 0, 0, 0); + if (t != 1509625639) + fail("error in OCSP validity time: %ld\n", (long int)t); + + t = gnutls_certificate_get_ocsp_expiration(clicred, 0, 1, 0); + if (t != 1509625639) + fail("error in OCSP validity time: %ld\n", (long int)t); + + t = gnutls_certificate_get_ocsp_expiration(clicred, 0, -1, 0); + if (t != 1509625639) + fail("error in OCSP validity time: %ld\n", (long int)t); + +#define PRIO "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3" + _test_cli_serv(xcred, clicred, PRIO, PRIO, "localhost", &ocsp_ca3_localhost_unknown, check_cli, + check_serv, 0, 1, 0, 0); + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); + remove(ocspfile1); + remove(certfile1); +} + +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/set_x509_ocsp_multi_invalid.c b/tests/set_x509_ocsp_multi_invalid.c new file mode 100644 index 0000000..515578c --- /dev/null +++ b/tests/set_x509_ocsp_multi_invalid.c @@ -0,0 +1,261 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#ifdef ENABLE_OCSP + +#include "cert-common.h" +#include "utils.h" + +/* Tests whether setting an OCSP response to a server with multiple + * certificate sets, is working as expected */ + +static time_t mytime(time_t * t) +{ + time_t then = 1469186559; + if (t) + *t = then; + + return then; +} + +#define RESP1 "\x30\x82\x06\x8C\x0A\x01\x00\xA0\x82\x06\x85\x30\x82\x06\x81\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\x72\x30\x82\x06\x6E\x30\x82\x01\x07\xA1\x69\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\x30\x64\x30\x62\x30\x3A\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x13\x9D\xA0\x9E\xF4\x32\xAB\x8F\xE2\x89\x56\x67\xFA\xD0\xD4\xE3\x35\x86\x71\xB9\x04\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\x02\x01\x1D\x80\x00\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\xA0\x11\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x39\x32\x38\x5A\xA1\x23\x30\x21\x30\x1F\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x16\x89\x7D\x91\x3A\xB5\x25\xA4\x45\xFE\xC9\xFD\xC2\xE5\x08\xA4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\xAD\x6B\x2B\xF7\xF2\xBF\xA9\x23\x1E\x3A\x0B\x06\xDB\x55\x53\x2B\x64\x54\x11\x32\xBF\x60\xF7\x4F\xE0\x8E\x9B\xA0\xA2\x4C\x79\xC3\x2A\xE0\x43\xF7\x40\x1A\xDC\xB9\xB4\x25\xEF\x48\x01\x97\x8C\xF5\x1E\xDB\xD1\x30\x37\x73\x69\xD6\xA7\x7A\x2D\x8E\xDE\x5C\xAA\xEA\x39\xB9\x52\xAA\x25\x1E\x74\x7D\xF9\x78\x95\x8A\x92\x1F\x98\x21\xF4\x60\x7F\xD3\x28\xEE\x47\x9C\xBF\xE2\x5D\xF6\x3F\x68\x0A\xD6\xFF\x08\xC1\xDC\x95\x1E\x29\xD7\x3E\x85\xD5\x65\xA4\x4B\xC0\xAF\xC3\x78\xAB\x06\x98\x88\x19\x8A\x64\xA6\x83\x91\x87\x13\xDB\x17\xCC\x46\xBD\xAB\x4E\xC7\x16\xD1\xF8\x35\xFD\x27\xC8\xF6\x6B\xEB\x37\xB8\x08\x6F\xE2\x6F\xB4\x7E\xD5\x68\xDB\x7F\x5D\x5E\x36\x38\xF2\x77\x59\x13\xE7\x3E\x4D\x67\x5F\xDB\xA2\xF5\x5D\x7C\xBF\xBD\xB5\x37\x33\x51\x36\x63\xF8\x21\x1E\xFC\x73\x8F\x32\x69\xBB\x97\xA7\xBD\xF1\xB6\xE0\x40\x09\x68\xEA\xD5\x93\xB8\xBB\x39\x8D\xA8\x16\x1B\xBF\x04\x7A\xBC\x18\x43\x01\xE9\x3C\x19\x5C\x4D\x4B\x98\xD8\x23\x37\x39\xA4\xC4\xDD\xED\x9C\xEC\x37\xAB\x66\x44\x9B\xE7\x5B\x5D\x32\xA2\xDB\xA6\x0B\x3B\x8C\xE1\xF5\xDB\xCB\x7D\x58\xA0\x82\x04\x4B\x30\x82\x04\x47\x30\x82\x04\x43\x30\x82\x03\x2B\xA0\x03\x02\x01\x02\x02\x01\x1E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x39\x31\x31\x32\x34\x31\x32\x35\x31\x35\x33\x5A\x17\x0D\x31\x34\x31\x31\x32\x33\x31\x32\x35\x31\x35\x33\x5A\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBC\x05\x3E\x4B\xBE\xC6\xB1\x33\x48\x0E\xC3\xD4\x0C\xEF\x83\x0B\xBD\xBC\x57\x5F\x14\xEF\xF5\x6D\x0B\xFF\xFA\x01\x9C\xFA\x21\x6D\x5C\xAE\x79\x29\x74\xFE\xBD\xAB\x70\x87\x98\x6B\x48\x35\x79\xE3\xE0\xC1\x14\x41\x1F\x0A\xF7\xE7\xA3\xA6\xDA\x6B\xFF\xCD\x74\xE9\x95\x00\x38\xAA\xD6\x3A\x60\xC6\x64\xA1\xE6\x02\x39\x58\x4E\xFD\xF2\x78\x08\x63\xB6\xD7\x7A\x96\x79\x62\x18\x39\xEE\x27\x8D\x3B\xA2\x3D\x48\x88\xDB\x43\xD6\x6A\x77\x20\x6A\x27\x39\x50\xE0\x02\x50\x19\xF2\x7A\xCF\x78\x23\x99\x01\xD4\xE5\xB1\xD1\x31\xE6\x6B\x84\xAF\xD0\x77\x41\x46\x85\xB0\x3B\xE6\x6A\x00\x0F\x3B\x7E\x95\x7F\x59\xA8\x22\xE8\x49\x49\x05\xC8\xCB\x6C\xEE\x47\xA7\x2D\xC9\x74\x5B\xEB\x8C\xD5\x99\xC2\xE2\x70\xDB\xEA\x87\x43\x84\x0E\x4F\x83\x1C\xA6\xEB\x1F\x22\x38\x17\x69\x9B\x72\x12\x95\x48\x71\xB2\x7B\x92\x73\x52\xAB\xE3\x1A\xA5\xD3\xF4\x44\x14\xBA\xC3\x35\xDA\x91\x6C\x7D\xB4\xC2\x00\x07\xD8\x0A\x51\xF1\x0D\x4C\xD9\x7A\xD1\x99\xE6\xA8\x8D\x0A\x80\xA8\x91\xDD\x8A\xA2\x6B\xF6\xDB\xB0\x3E\xC9\x71\xA9\xE0\x39\xC3\xA3\x58\x0D\x87\xD0\xB2\xA7\x9C\xB7\x69\x02\x03\x01\x00\x01\xA3\x82\x01\x1A\x30\x82\x01\x16\x30\x09\x06\x03\x55\x1D\x13\x04\x02\x30\x00\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x03\xA8\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x34\x91\x6E\x91\x32\xBF\x35\x25\x43\xCC\x28\x74\xEF\x82\xC2\x57\x92\x79\x13\x73\x30\x6D\x06\x03\x55\x1D\x23\x04\x66\x30\x64\x80\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\xA1\x49\xA4\x47\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x82\x01\x00\x30\x1E\x06\x03\x55\x1D\x11\x04\x17\x30\x15\x82\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x13\x06\x03\x55\x1D\x25\x04\x0C\x30\x0A\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x39\x06\x03\x55\x1D\x1F\x04\x32\x30\x30\x30\x2E\xA0\x2C\xA0\x2A\x86\x28\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x2F\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x6D\x78\xD7\x66\x90\xA6\xEB\xDD\xB5\x09\x48\xA4\xDA\x27\xFA\xAC\xB1\xBC\x8F\x8C\xBE\xCC\x8C\x09\xA2\x40\x0D\x6C\x4A\xAE\x72\x22\x1E\xC8\xAF\x6D\xF1\x12\xAF\xD7\x40\x51\x79\xD4\xDD\xB2\x0C\xDB\x97\x84\xB6\x24\xD5\xF5\xA8\xBB\xC0\x4B\xF9\x7F\x71\xF7\xB0\x65\x42\x4A\x7D\xFE\x76\x7E\x05\xD2\x46\xB8\x7D\xB3\x39\x4C\x5C\xB1\xFA\xB9\xEE\x3B\x70\x33\x39\x57\x1A\xB9\x95\x51\x33\x00\x25\x1B\x4C\xAA\xB4\xA7\x55\xAF\x63\x6D\x6F\x88\x17\x6A\x7F\xB0\x97\xDE\x49\x14\x6A\x27\x6A\xB0\x42\x80\xD6\xA6\x9B\xEF\x04\x5E\x11\x7D\xD5\x8E\x54\x20\xA2\x76\xD4\x66\x58\xAC\x9C\x12\xD3\xF5\xCA\x54\x98\xCA\x21\xEC\xC1\x55\xA1\x2F\x68\x0B\x5D\x04\x50\xD2\x5E\x70\x25\xD8\x13\xD9\x44\x51\x0E\x8A\x42\x08\x18\x84\xE6\x61\xCE\x5A\x7D\x7B\x81\x35\x90\xC3\xD4\x9D\x19\xB6\x37\xEE\x8F\x63\x5C\xDA\xD8\xF0\x64\x60\x39\xEB\x9B\x1C\x54\x66\x75\x76\xB5\x0A\x58\xB9\x3F\x91\xE1\x21\x9C\xA0\x50\x15\x97\xB6\x7E\x41\xBC\xD0\xC4\x21\x4C\xF5\xD7\xF0\x13\xF8\x77\xE9\x74\xC4\x8A\x0E\x20\x17\x32\xAE\x38\xC2\xA5\xA8\x62\x85\x17\xB1\xA2\xD3\x22\x9F\x95\xB7\xA3\x4C" + +static gnutls_datum_t ocsp_resp1 = + { (unsigned char *) RESP1, sizeof(RESP1) - 1 }; + +#define RESP2 "\x30\x82\x06\x8C\x0A\x01\x00\xA0\x82\x06\x85\x30\x82\x06\x81\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\x72\x30\x82\x06\x6E\x30\x82\x01\x07\xA1\x69\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\x30\x64\x30\x62\x30\x3A\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x13\x9D\xA0\x9E\xF4\x32\xAB\x8F\xE2\x89\x56\x67\xFA\xD0\xD4\xE3\x35\x86\x71\xB9\x04\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\x02\x01\x1D\x80\x00\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\xA0\x11\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x39\x32\x38\x5A\xA1\x23\x30\x21\x30\x1F\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x16\x89\x7D\x91\x3A\xB5\x25\xA4\x45\xFE\xC9\xFD\xC2\xE5\x08\xA4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\xAD\x6B\x2B\xF7\xF2\xBF\xA9\x23\x1E\x3A\x0B\x06\xDB\x55\x53\x2B\x64\x54\x11\x32\xBF\x60\xF7\x4F\xE0\x8E\x9B\xA0\xA2\x4C\x79\xC3\x2A\xE0\x43\xF7\x40\x1A\xDC\xB9\xB4\x25\xEF\x48\x01\x97\x8C\xF5\x1E\xDB\xD1\x30\x37\x73\x69\xD6\xA7\x7A\x2D\x8E\xDE\x5C\xAA\xEA\x39\xB9\x52\xAA\x25\x1E\x74\x7D\xF9\x78\x95\x8A\x92\x1F\x98\x21\xF4\x60\x7F\xD3\x28\xEE\x47\x9C\xBF\xE2\x5D\xF6\x3F\x68\x0A\xD6\xFF\x08\xC1\xDC\x95\x1E\x29\xD7\x3E\x85\xD5\x65\xA4\x4B\xC0\xAF\xC3\x78\xAB\x06\x98\x88\x19\x8A\x64\xA6\x83\x91\x87\x13\xDB\x17\xCC\x46\xBD\xAB\x4E\xC7\x16\xD1\xF8\x35\xFD\x27\xC8\xF6\x6B\xEB\x37\xB8\x08\x6F\xE2\x6F\xB4\x7E\xD5\x68\xDB\x7F\x5D\x5E\x36\x38\xF2\x77\x59\x13\xE7\x3E\x4D\x67\x5F\xDB\xA2\xF5\x5D\x7C\xBF\xBD\xB5\x37\x33\x51\x36\x63\xF8\x21\x1E\xFC\x73\x8F\x32\x69\xBB\x97\xA7\xBD\xF1\xB6\xE0\x40\x09\x68\xEA\xD5\x93\xB8\xBB\x39\x8D\xA8\x16\x1B\xBF\x04\x7A\xBC\x18\x43\x01\xE9\x3C\x19\x5C\x4D\x4B\x98\xD8\x23\x37\x39\xA4\xC4\xDD\xED\x9C\xEC\x37\xAB\x66\x44\x9B\xE7\x5B\x5D\x32\xA2\xDB\xA6\x0B\x3B\x8C\xE1\xF5\xDB\xCB\x7D\x58\xA0\x82\x04\x4B\x30\x82\x04\x47\x30\x82\x04\x43\x30\x82\x03\x2B\xA0\x03\x02\x01\x02\x02\x01\x1E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x39\x31\x31\x32\x34\x31\x32\x35\x31\x35\x33\x5A\x17\x0D\x31\x34\x31\x31\x32\x33\x31\x32\x35\x31\x35\x33\x5A\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBC\x05\x3E\x4B\xBE\xC6\xB1\x33\x48\x0E\xC3\xD4\x0C\xEF\x83\x0B\xBD\xBC\x57\x5F\x14\xEF\xF5\x6D\x0B\xFF\xFA\x01\x9C\xFA\x21\x6D\x5C\xAE\x79\x29\x74\xFE\xBD\xAB\x70\x87\x98\x6B\x48\x35\x79\xE3\xE0\xC1\x14\x41\x1F\x0A\xF7\xE7\xA3\xA6\xDA\x6B\xFF\xCD\x74\xE9\x95\x00\x38\xAA\xD6\x3A\x60\xC6\x64\xA1\xE6\x02\x39\x58\x4E\xFD\xF2\x78\x08\x63\xB6\xD7\x7A\x96\x79\x62\x18\x39\xEE\x27\x8D\x3B\xA2\x3D\x48\x88\xDB\x43\xD6\x6A\x77\x20\x6A\x27\x39\x50\xE0\x02\x50\x19\xF2\x7A\xCF\x78\x23\x99\x01\xD4\xE5\xB1\xD1\x31\xE6\x6B\x84\xAF\xD0\x77\x41\x46\x85\xB0\x3B\xE6\x6A\x00\x0F\x3B\x7E\x95\x7F\x59\xA8\x22\xE8\x49\x49\x05\xC8\xCB\x6C\xEE\x47\xA7\x2D\xC9\x74\x5B\xEB\x8C\xD5\x99\xC2\xE2\x70\xDB\xEA\x87\x43\x84\x0E\x4F\x83\x1C\xA6\xEB\x1F\x22\x38\x17\x69\x9B\x72\x12\x95\x48\x71\xB2\x7B\x92\x73\x52\xAB\xE3\x1A\xA5\xD3\xF4\x44\x14\xBA\xC3\x35\xDA\x91\x6C\x7D\xB4\xC2\x00\x07\xD8\x0A\x51\xF1\x0D\x4C\xD9\x7A\xD1\x99\xE6\xA8\x8D\x0A\x80\xA8\x91\xDD\x8A\xA2\x6B\xF6\xDB\xB0\x3E\xC9\x71\xA9\xE0\x39\xC3\xA3\x58\x0D\x87\xD0\xB2\xA7\x9C\xB7\x69\x02\x03\x01\x00\x01\xA3\x82\x01\x1A\x30\x82\x01\x16\x30\x09\x06\x03\x55\x1D\x13\x04\x02\x30\x00\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x03\xA8\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x34\x91\x6E\x91\x32\xBF\x35\x25\x43\xCC\x28\x74\xEF\x82\xC2\x57\x92\x79\x13\x73\x30\x6D\x06\x03\x55\x1D\x23\x04\x66\x30\x64\x80\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\xA1\x49\xA4\x47\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x82\x01\x00\x30\x1E\x06\x03\x55\x1D\x11\x04\x17\x30\x15\x82\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x13\x06\x03\x55\x1D\x25\x04\x0C\x30\x0A\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x39\x06\x03\x55\x1D\x1F\x04\x32\x30\x30\x30\x2E\xA0\x2C\xA0\x2A\x86\x28\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x2F\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x6D\x78\xD7\x66\x90\xA6\xEB\xDD\xB5\x09\x48\xA4\xDA\x27\xFA\xAC\xB1\xBC\x8F\x8C\xBE\xCC\x8C\x09\xA2\x40\x0D\x6C\x4A\xAE\x72\x22\x1E\xC8\xAF\x6D\xF1\x12\xAF\xD7\x40\x51\x79\xD4\xDD\xB2\x0C\xDB\x97\x84\xB6\x24\xD5\xF5\xA8\xBB\xC0\x4B\xF9\x7F\x71\xF7\xB0\x65\x42\x4A\x7D\xFE\x76\x7E\x05\xD2\x46\xB8\x7D\xB3\x39\x4C\x5C\xB1\xFA\xB9\xEE\x3B\x70\x33\x39\x57\x1A\xB9\x95\x51\x33\x00\x25\x1B\x4C\xAA\xB4\xA7\x55\xAF\x63\x6D\x6F\x88\x17\x6A\x7F\xB0\x97\xDE\x49\x14\x6A\x27\x6A\xB0\x42\x80\xD6\xA6\x9B\xEF\x04\x5E\x11\x7D\xD5\x8E\x54\x20\xA2\x76\xD4\x66\x58\xAC\x9C\x12\xD3\xF5\xCA\x54\x98\xCA\x21\xEC\xC1\x55\xA1\x2F\x68\x0B\x5D\x04\x50\xD2\x5E\x70\x25\xD8\x13\xD9\x44\x51\x0E\x8A\x42\x08\x18\x84\xE6\x61\xCE\x5A\x7D\x7B\x81\x35\x90\xC3\xD4\x9D\x19\xB6\x37\xEE\x8F\x63\x5C\xDA\xD8\xF0\x64\x60\x39\xEB\x9B\x1C\x54\x66\x75\x76\xB5\x0A\x58\xB9\x3F\x91\xE1\x21\x9C\xA0\x50\x15\x97\xB6\x7E\x41\xBC\xD0\xC4\x21\x4C\xF5\xD7\xF0\x13\xF8\x77\xE9\x74\xC4\x8A\x0E\x20\x17\x32\xAE\x38\xC2\xA5\xA8\x62\x85\x17\xB1\xA2\xD3\x22\x9F\x95\xB7\xA3\x4C" + +static gnutls_datum_t ocsp_resp2 = + { (unsigned char *) RESP2, sizeof(RESP2) - 1 }; + +#define RESP3 "\x30\x82\x01\xd3\x0a\x01\x00\xa0\x82\x01\xcc\x30\x82\x01\xc8\x06\x09\x2b\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x01\xb9\x30\x82\x01\xb5\x30\x81\x9e\xa2\x16\x04\x14\x50\xea\x73\x89\xdb\x29\xfb\x10\x8f\x9e\xe5\x01\x20\xd4\xde\x79\x99\x48\x83\xf7\x18\x0f\x32\x30\x31\x34\x30\x39\x30\x34\x30\x35\x34\x39\x30\x30\x5a\x30\x73\x30\x71\x30\x49\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14\xed\x48\xad\xdd\xcb\x7b\x00\xe2\x0e\x84\x2a\xa9\xb4\x09\xf1\xac\x30\x34\xcf\x96\x04\x14\x50\xea\x73\x89\xdb\x29\xfb\x10\x8f\x9e\xe5\x01\x20\xd4\xde\x79\x99\x48\x83\xf7\x02\x10\x02\x01\x48\x91\x5d\xfd\x5e\xb6\xe0\x02\x90\xa9\x67\xb0\xe4\x64\x80\x00\x18\x0f\x32\x30\x31\x34\x30\x39\x30\x34\x30\x35\x34\x39\x30\x30\x5a\xa0\x11\x18\x0f\x32\x30\x31\x34\x30\x39\x31\x31\x30\x36\x30\x34\x30\x30\x5a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x6e\x5e\x5e\x81\xff\x3f\x4d\xc7\x53\xc7\x1b\xf3\xd3\x1d\xdc\x9a\xc7\xce\x77\x2c\x67\x56\x13\x98\x91\x02\x01\x76\xdc\x48\xb2\x1f\x9b\x17\xea\xbf\x2c\x0a\xf5\x1d\x98\x90\x3c\x5f\x55\xc2\xff\x4b\x9a\xbc\xa6\x83\x9e\xab\x2b\xeb\x9d\x01\xea\x3b\x5f\xbe\x03\x29\x70\x63\x2a\xa4\x1d\xa8\xab\x69\xb2\x64\xba\x5d\x73\x91\x5c\x92\xf3\x69\xd4\xc9\x39\x9c\x7c\x7d\xa2\x47\x92\xc2\x56\xfe\xa1\x0d\x4a\x69\xff\xda\x48\xc5\x5e\xd8\xab\x39\x88\x6a\x06\xfa\x07\x57\xd6\x48\xb5\xce\xc9\x5f\xa5\x96\xfe\x37\x18\x5e\x7f\x35\x51\xc1\x9e\x79\x5a\x26\xba\x67\x67\x38\x2a\x80\x75\x42\x99\x68\x3e\xec\x2f\x7e\x2d\xa1\xa6\xbe\x9f\x01\x51\x22\x88\x3a\xc9\x9c\xed\x51\xef\x21\x66\x7e\xa9\xd0\x3f\x13\x9c\xbb\xd2\x94\x14\x6f\x4b\xd9\xc4\xf5\x2c\xf5\x7d\x07\x68\xf3\x51\xac\xda\xc2\x09\x66\xa9\x3d\xed\xad\x02\x4d\x9c\x11\x29\x1a\x54\xfb\x1e\x7e\x36\xf4\xbb\x0d\x08\x8c\x6a\x42\x08\x10\x29\x08\x7c\x56\x0b\x18\x47\xff\x87\x11\xfd\xb2\xfb\xc9\x22\x7f\xe3\x1f\x7b\xf9\x98\xaa\x3a\x32\xb6\x2f\x02\xba\xb6\xc1\xdc\xc3\x5d\xb5\x4b\xae\x5d\x29\x6a\x31\xde\xcd" +static gnutls_datum_t ocsp_resp3 = + { (unsigned char *) RESP3, sizeof(RESP3) - 1 }; + +static void check_response(gnutls_session_t session, void *priv) +{ + int ret; + gnutls_datum_t resp; + gnutls_datum_t *exp_resp = priv; + + ret = gnutls_ocsp_status_request_get(session, &resp); + if (ret < 0) { + if (priv == NULL) + return; + fail("no response was received\n"); + } + + if (priv == NULL) { + fail("not expected response, but received one\n"); + } + + if (resp.size != exp_resp->size || memcmp(resp.data, exp_resp->data, resp.size) != 0) { + fail("did not receive the expected response\n"); + } +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred; + gnutls_certificate_credentials_t clicred; + const char *certfile1; + const char *certfile2; + const char *certfile3; + const char *ocspfile1; + const char *ocspfile2; + const char *ocspfile3; + char certname1[TMPNAME_SIZE], ocspname1[TMPNAME_SIZE]; + char certname2[TMPNAME_SIZE], ocspname2[TMPNAME_SIZE]; + char certname3[TMPNAME_SIZE], ocspname3[TMPNAME_SIZE]; + FILE *fp; + unsigned index1, index2, index3; /* indexes of certs */ + + global_init(); + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + gnutls_certificate_set_flags(xcred, GNUTLS_CERTIFICATE_API_V2); + + certfile1 = get_tmpname(certname1); + + /* set cert with localhost name */ + fp = fopen(certfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost_ca3_cert_chain_pem, 1, strlen(server_localhost_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile1, certfile1, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index1 = ret; + + /* set cert with localhost6 name */ + certfile2 = get_tmpname(certname2); + + fp = fopen(certfile2, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost6_ca3_cert_chain_pem, 1, strlen(server_localhost6_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile2, certfile2, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index2 = ret; + + fp = fopen(certfile2, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost6_ca3_cert_chain_pem, 1, strlen(server_localhost6_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + /* set ECC cert */ + certfile3 = get_tmpname(certname3); + + fp = fopen(certfile3, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ecc_cert, 1, strlen(ecc_cert), fp)>0); + assert(fwrite(ecc_key, 1, strlen(ecc_key), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile3, certfile3, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index3 = ret; + + fp = fopen(certfile3, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost6_ca3_cert_chain_pem, 1, strlen(server_localhost6_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + /* set OCSP response1 */ + ocspfile1 = get_tmpname(ocspname1); + fp = fopen(ocspfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_resp1.data, 1, ocsp_resp1.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile1, index1); + if (ret != GNUTLS_E_OCSP_MISMATCH_WITH_CERTS) + fail("unexpected error in setting invalid ocsp file: %s\n", gnutls_strerror(ret)); + + gnutls_certificate_set_flags(xcred, GNUTLS_CERTIFICATE_API_V2|GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK); + + ret = gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile1, index1); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set OCSP response2 */ + ocspfile2 = get_tmpname(ocspname2); + fp = fopen(ocspfile2, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_resp2.data, 1, ocsp_resp2.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile2, index2); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set OCSP response3 */ + ocspfile3 = get_tmpname(ocspname3); + fp = fopen(ocspfile3, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_resp3.data, 1, ocsp_resp3.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile3, index3); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set an OCSP response outside the bounds */ + assert(gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile3, 34) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + /* make sure that our invalid OCSP responses are not considered in verification + */ + gnutls_certificate_set_verify_flags(clicred, GNUTLS_VERIFY_DISABLE_CRL_CHECKS); + if (gnutls_certificate_get_verify_flags(clicred) != GNUTLS_VERIFY_DISABLE_CRL_CHECKS) + fail("error in gnutls_certificate_set_verify_flags\n"); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in setting trust cert: %s\n", gnutls_strerror(ret)); + } + + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", "localhost", &ocsp_resp1, check_response, NULL); + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", "localhost6", &ocsp_resp2, check_response, NULL); + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-RSA:-RSA:-DHE-RSA:-VERS-TLS-ALL:+VERS-TLS1.2", NULL, &ocsp_resp3, check_response, NULL); + + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3", "localhost", &ocsp_resp1, check_response, NULL); + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3", "localhost6", &ocsp_resp2, check_response, NULL); + test_cli_serv(xcred, clicred, "NORMAL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:-ECDHE-RSA:-DHE-RSA:-RSA:-VERS-TLS-ALL:+VERS-TLS1.3", NULL, &ocsp_resp3, check_response, NULL); + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); + remove(ocspfile1); + remove(ocspfile2); + remove(ocspfile3); + remove(certfile1); + remove(certfile2); + remove(certfile3); +} + +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/set_x509_ocsp_multi_pem.c b/tests/set_x509_ocsp_multi_pem.c new file mode 100644 index 0000000..834ee46 --- /dev/null +++ b/tests/set_x509_ocsp_multi_pem.c @@ -0,0 +1,200 @@ +/* + * Copyright (C) 2016-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#ifdef ENABLE_OCSP + +#include "cert-common.h" +#include "ocsp-common.h" +#include "utils.h" + +/* Tests whether setting an OCSP response to a server with multiple + * certificate sets, is working as expected */ + +static time_t mytime(time_t * t) +{ + time_t then = OCSP_RESP_DATE; + if (t) + *t = then; + + return then; +} + +static void check_response(gnutls_session_t session, void *priv) +{ + int ret; + gnutls_datum_t resp; + gnutls_datum_t *exp_resp = priv; + + ret = gnutls_ocsp_status_request_get(session, &resp); + if (ret < 0) { + if (priv == NULL) + return; + fail("no response was received\n"); + } + + if (priv == NULL) { + fail("not expected response, but received one\n"); + } + + if (resp.size != exp_resp->size || memcmp(resp.data, exp_resp->data, resp.size) != 0) { + fail("did not receive the expected response\n"); + } + + /* Check intermediate response */ + if (gnutls_protocol_get_version(session) == GNUTLS_TLS1_3) { + ret = gnutls_ocsp_status_request_get2(session, 1, &resp); + if (ret < 0) { + fail("no intermediate response was received\n"); + } + + if (resp.size != ocsp_subca3_unknown.size || memcmp(resp.data, ocsp_subca3_unknown.data, resp.size) != 0) { + fail("did not receive the expected intermediate response\n"); + } + } + + ret = gnutls_ocsp_status_request_is_checked(session, 0); + if (ret == 0) { + fail("did not receive the expected value (%d)\n", ret); + } + + ret = gnutls_ocsp_status_request_is_checked(session, GNUTLS_OCSP_SR_IS_AVAIL); + if (ret == 0) { + fail("did not receive the expected value (%d)\n", ret); + } +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred; + gnutls_certificate_credentials_t clicred; + const char *certfile1; + const char *ocspfile1; + char certname1[TMPNAME_SIZE], ocspname1[TMPNAME_SIZE]; + FILE *fp; + unsigned index1; + time_t t; + + global_init(); + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + gnutls_certificate_set_flags(xcred, GNUTLS_CERTIFICATE_API_V2); + + certfile1 = get_tmpname(certname1); + + /* set cert with localhost name */ + fp = fopen(certfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost_ca3_cert_chain_pem, 1, strlen(server_localhost_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile1, certfile1, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index1 = ret; + + /* set OCSP response1, include an unrelated OCSP response */ + ocspfile1 = get_tmpname(ocspname1); + fp = fopen(ocspfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_subca3_unknown_pem.data, 1, ocsp_subca3_unknown_pem.size, fp)>0); + assert(fwrite(ocsp_ca3_localhost_unknown_pem.data, 1, ocsp_ca3_localhost_unknown_pem.size, fp)>0); + assert(fwrite(ocsp_ca3_localhost6_unknown_pem.data, 1, ocsp_ca3_localhost6_unknown_pem.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file2(xcred, ocspfile1, index1, + GNUTLS_X509_FMT_PEM); + if (ret != GNUTLS_E_OCSP_MISMATCH_WITH_CERTS) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set OCSP response1, include correct responses */ + remove(ocspfile1); + fp = fopen(ocspfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_subca3_unknown_pem.data, 1, ocsp_subca3_unknown_pem.size, fp)>0); + assert(fwrite(ocsp_ca3_localhost_unknown_pem.data, 1, ocsp_ca3_localhost_unknown_pem.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file2(xcred, ocspfile1, index1, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in setting trust cert: %s\n", gnutls_strerror(ret)); + } + + t = gnutls_certificate_get_ocsp_expiration(xcred, 0, 0, 0); + if (t != 1509625639) + fail("error in OCSP validity time: %ld\n", (long int)t); + + t = gnutls_certificate_get_ocsp_expiration(xcred, 0, 1, 0); + if (t != 1509625639) + fail("error in OCSP validity time: %ld\n", (long int)t); + + t = gnutls_certificate_get_ocsp_expiration(xcred, 0, -1, 0); + if (t != 1509625639) + fail("error in OCSP validity time: %ld\n", (long int)t); + + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", "localhost", &ocsp_ca3_localhost_unknown, check_response, NULL); + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3", "localhost", &ocsp_ca3_localhost_unknown, check_response, NULL); + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); + remove(ocspfile1); + remove(certfile1); +} + +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/set_x509_ocsp_multi_unknown.c b/tests/set_x509_ocsp_multi_unknown.c new file mode 100644 index 0000000..882edf1 --- /dev/null +++ b/tests/set_x509_ocsp_multi_unknown.c @@ -0,0 +1,237 @@ +/* + * Copyright (C) 2016-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#ifdef ENABLE_OCSP + +#include "cert-common.h" +#include "ocsp-common.h" +#include "utils.h" + +/* Tests whether setting an OCSP response to a server with multiple + * certificate sets, is working as expected */ + +static time_t mytime(time_t * t) +{ + time_t then = OCSP_RESP_DATE; + if (t) + *t = then; + + return then; +} + +static void check_response(gnutls_session_t session, void *priv) +{ + int ret; + gnutls_datum_t resp; + gnutls_datum_t *exp_resp = priv; + + ret = gnutls_ocsp_status_request_get(session, &resp); + if (ret < 0) { + if (priv == NULL) + return; + fail("no response was received\n"); + } + + if (priv == NULL) { + fail("not expected response, but received one\n"); + } + + if (resp.size != exp_resp->size || memcmp(resp.data, exp_resp->data, resp.size) != 0) { + fail("did not receive the expected response\n"); + } + + /* Check intermediate response */ + if (gnutls_protocol_get_version(session) == GNUTLS_TLS1_3) { + ret = gnutls_ocsp_status_request_get2(session, 1, &resp); + if (ret < 0) { + fail("no intermediate response was received\n"); + } + + if (resp.size != ocsp_subca3_unknown.size || memcmp(resp.data, ocsp_subca3_unknown.data, resp.size) != 0) { + fail("did not receive the expected intermediate response\n"); + } + } +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred; + gnutls_certificate_credentials_t clicred; + const char *certfile1; + const char *certfile2; + const char *ocspfile1; + const char *ocspfile2; + const char *ocspfile3; + char certname1[TMPNAME_SIZE], ocspname1[TMPNAME_SIZE]; + char certname2[TMPNAME_SIZE], ocspname2[TMPNAME_SIZE]; + char ocspname3[TMPNAME_SIZE]; + FILE *fp; + unsigned index1, index2; /* indexes of certs */ + + global_init(); + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + gnutls_certificate_set_flags(xcred, GNUTLS_CERTIFICATE_API_V2); + + /* set cert with localhost name */ + certfile1 = get_tmpname(certname1); + + fp = fopen(certfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost_ca3_cert_chain_pem, 1, strlen(server_localhost_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile1, certfile1, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index1 = ret; + + /* set cert with localhost6 name */ + certfile2 = get_tmpname(certname2); + + fp = fopen(certfile2, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost6_ca3_cert_chain_pem, 1, strlen(server_localhost6_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile2, certfile2, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index2 = ret; + + + /* set OCSP response1 */ + ocspfile1 = get_tmpname(ocspname1); + fp = fopen(ocspfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_ca3_localhost_unknown.data, 1, ocsp_ca3_localhost_unknown.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile1, index1); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set OCSP response2 */ + ocspfile2 = get_tmpname(ocspname2); + fp = fopen(ocspfile2, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_ca3_localhost6_unknown.data, 1, ocsp_ca3_localhost6_unknown.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile2, index2); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* try to set a duplicate OCSP response */ + ocspfile3 = get_tmpname(ocspname3); + fp = fopen(ocspfile3, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_ca3_localhost_unknown_sha1.data, 1, ocsp_ca3_localhost_unknown_sha1.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile3, index1); + if (ret != 0) + fail("setting duplicate didn't succeed as expected: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile3, index2); + if (ret != GNUTLS_E_OCSP_MISMATCH_WITH_CERTS) + fail("setting invalid didn't fail as expected: %s\n", gnutls_strerror(ret)); + + /* re-set the previous duplicate set for index1 to the expected*/ + ret = gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile1, index1); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set an intermediate CA OCSP response */ + fp = fopen(ocspfile3, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(ocsp_subca3_unknown.data, 1, ocsp_subca3_unknown.size, fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile3, index1); + if (ret < 0) + fail("setting subCA failed: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_ocsp_status_request_file(xcred, ocspfile3, index2); + if (ret < 0) + fail("setting subCA failed: %s\n", gnutls_strerror(ret)); + + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in setting trust cert: %s\n", gnutls_strerror(ret)); + } + + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", "localhost", &ocsp_ca3_localhost_unknown, check_response, NULL); + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.2", "localhost6", &ocsp_ca3_localhost6_unknown, check_response, NULL); + + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3", "localhost", &ocsp_ca3_localhost_unknown, check_response, NULL); + test_cli_serv(xcred, clicred, "NORMAL:-ECDHE-ECDSA:-VERS-TLS-ALL:+VERS-TLS1.3", "localhost6", &ocsp_ca3_localhost6_unknown, check_response, NULL); + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); + remove(ocspfile1); + remove(ocspfile2); + remove(ocspfile3); + remove(certfile1); + remove(certfile2); +} + +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/set_x509_pkcs12_key.c b/tests/set_x509_pkcs12_key.c new file mode 100644 index 0000000..486ed59 --- /dev/null +++ b/tests/set_x509_pkcs12_key.c @@ -0,0 +1,118 @@ +/* + * Copyright (C) 2014-2016 Nikos Mavrogiannopoulos + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static void compare(const gnutls_datum_t *der, const void *ipem) +{ + gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)}; + gnutls_datum_t new_der; + int ret; + + ret = gnutls_pem_base64_decode2("CERTIFICATE", &pem, &new_der); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + if (der->size != new_der.size || memcmp(der->data, new_der.data, der->size) != 0) { + fail("error in %d: %s\n", __LINE__, "cert don't match"); + exit(1); + } + gnutls_free(new_der.data); + return; +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred; + gnutls_certificate_credentials_t clicred; + const char *certfile = "does-not-exist.pem"; + gnutls_datum_t tcert; + FILE *fp; + + if (gnutls_fips140_mode_enabled()) { + exit(77); + } + + global_init(); + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + + /* this will fail */ + ret = gnutls_certificate_set_x509_simple_pkcs12_file(xcred, certfile, + GNUTLS_X509_FMT_PEM, "1234"); + if (ret != GNUTLS_E_FILE_ERROR) + fail("gnutls_certificate_set_x509_simple_pkcs12_file failed: %s\n", gnutls_strerror(ret)); + + gnutls_certificate_free_credentials(xcred); + + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("set_x509_trust_file failed: %s\n", gnutls_strerror(ret)); + + certfile = get_tmpname(NULL); + + fp = fopen(certfile, "w"); + if (fp == NULL) + fail("error in fopen\n"); + + assert(fwrite(server_ca3_pkcs12_pem, 1, strlen((char*)server_ca3_pkcs12_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_simple_pkcs12_file(xcred, certfile, + GNUTLS_X509_FMT_PEM, "1234"); + if (ret < 0) + fail("gnutls_certificate_set_x509_simple_pkcs12_file failed: %s\n", gnutls_strerror(ret)); + + /* verify whether the stored certificate match the ones we have */ + ret = gnutls_certificate_get_crt_raw(xcred, 0, 0, &tcert); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + compare(&tcert, server_localhost_ca3_cert_pem); + + remove(certfile); + + test_cli_serv(xcred, clicred, "NORMAL", "localhost", NULL, NULL, NULL); /* the DNS name of the first cert */ + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); +} + diff --git a/tests/setcredcrash.c b/tests/setcredcrash.c new file mode 100644 index 0000000..02ac0bf --- /dev/null +++ b/tests/setcredcrash.c @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +int main(int argc, char *argv[]) +{ + gnutls_anon_client_credentials_t c_anoncred; + gnutls_session_t client; + + global_init(); + + gnutls_anon_allocate_client_credentials(&c_anoncred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + + /* Test setting the same credential type twice. Earlier GnuTLS had + a bug that crashed when this happened. */ + gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); + gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); + + gnutls_deinit(client); + gnutls_anon_free_client_credentials(c_anoncred); + + gnutls_global_deinit(); + + return 0; +} diff --git a/tests/sign-is-secure.c b/tests/sign-is-secure.c new file mode 100644 index 0000000..64e0836 --- /dev/null +++ b/tests/sign-is-secure.c @@ -0,0 +1,102 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +#define CHECK_SECURE_SIG(sig) \ + ret = gnutls_sign_is_secure2(sig, 0); \ + if (ret == 0) { \ + fail("error testing %d/%s\n", sig, gnutls_sign_get_name(sig)); \ + } \ + ret = gnutls_sign_is_secure(sig); \ + if (ret == 0) { \ + fail("error testing %d/%s\n", sig, gnutls_sign_get_name(sig)); \ + } + +#define CHECK_INSECURE_SIG(sig) \ + ret = gnutls_sign_is_secure2(sig, 0); \ + if (ret != 0) { \ + fail("error testing %d/%s\n", sig, gnutls_sign_get_name(sig)); \ + } \ + ret = gnutls_sign_is_secure2(sig, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS); \ + if (ret != 0) { \ + fail("error testing %d/%s\n", sig, gnutls_sign_get_name(sig)); \ + } \ + ret = gnutls_sign_is_secure(sig); \ + if (ret != 0) { \ + fail("error testing %d/%s\n", sig, gnutls_sign_get_name(sig)); \ + } + +#ifndef ALLOW_SHA1 +#define CHECK_INSECURE_FOR_CERTS_SIG(sig) \ + ret = gnutls_sign_is_secure2(sig, 0); \ + if (ret == 0) { \ + fail("error testing %d/%s\n", sig, gnutls_sign_get_name(sig)); \ + } \ + ret = gnutls_sign_is_secure2(sig, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS); \ + if (ret != 0) { \ + fail("error testing %d/%s\n", sig, gnutls_sign_get_name(sig)); \ + } \ + ret = gnutls_sign_is_secure(sig); \ + if (ret == 0) { \ + fail("error testing %d/%s\n", sig, gnutls_sign_get_name(sig)); \ + } +#else +#define CHECK_INSECURE_FOR_CERTS_SIG(sig) +#endif + +void doit(void) +{ + int ret; + unsigned i; + + CHECK_INSECURE_FOR_CERTS_SIG(GNUTLS_SIGN_RSA_SHA1); + CHECK_INSECURE_FOR_CERTS_SIG(GNUTLS_SIGN_DSA_SHA1); + CHECK_INSECURE_FOR_CERTS_SIG(GNUTLS_SIGN_ECDSA_SHA1); + + CHECK_INSECURE_SIG(GNUTLS_SIGN_RSA_MD5); + CHECK_INSECURE_SIG(GNUTLS_SIGN_RSA_MD2); + CHECK_INSECURE_SIG(GNUTLS_SIGN_GOST_94); + + for (i=1;i<=GNUTLS_SIGN_MAX;i++) { +#ifndef ALLOW_SHA1 + if (i==GNUTLS_SIGN_RSA_SHA1||i==GNUTLS_SIGN_DSA_SHA1||i==GNUTLS_SIGN_ECDSA_SHA1) + continue; +#endif + if (i==GNUTLS_SIGN_GOST_94||i==GNUTLS_SIGN_RSA_MD5||i==GNUTLS_SIGN_RSA_MD2||i==GNUTLS_SIGN_UNKNOWN) + continue; + /* skip any unused elements */ + if (gnutls_sign_algorithm_get_name(i)==NULL) + continue; + CHECK_SECURE_SIG(i); + } +} diff --git a/tests/sign-pk-api.c b/tests/sign-pk-api.c new file mode 100644 index 0000000..e07bc50 --- /dev/null +++ b/tests/sign-pk-api.c @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +#define ALGO_MATCHES(sig, pk, val) \ + ret = gnutls_sign_supports_pk_algorithm(sig, pk); \ + if (ret != val) { \ + fail("error testing %s with %s\n", gnutls_sign_get_name(sig), gnutls_pk_get_name(pk)); \ + } + +void doit(void) +{ + int ret; + + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA3_256, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA3_384, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA3_512, GNUTLS_PK_RSA, 1); + + /* TLS 1.3 allows RSA-PSS signatures to be generated by RSA keys */ + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA, 1); + + ALGO_MATCHES(GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_PK_RSA_PSS, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_PSS_SHA384, GNUTLS_PK_RSA_PSS, 1); + ALGO_MATCHES(GNUTLS_SIGN_RSA_PSS_SHA512, GNUTLS_PK_RSA_PSS, 1); + + /* rsa-pss keys shouldn't generate plain signatures */ + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA_PSS, 0); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA_PSS, 0); + ALGO_MATCHES(GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA_PSS, 0); + +} diff --git a/tests/sign-verify-data-newapi.c b/tests/sign-verify-data-newapi.c new file mode 100644 index 0000000..eca1897 --- /dev/null +++ b/tests/sign-verify-data-newapi.c @@ -0,0 +1,172 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include +#include +#include +#include +#include "common-key-tests.h" +#include "utils.h" + +/* verifies whether the sign-data and verify-data APIs + * operate as expected */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +/* sha1 hash of "hello" string */ +const gnutls_datum_t raw_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t invalid_raw_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x3c\xd9\xae\xa9\x43\x4d", + 20 +}; + +#define tests common_key_tests +#define testfail(fmt, ...) \ + fail("%s: "fmt, tests[i].name, ##__VA_ARGS__) + +void doit(void) +{ + gnutls_x509_crt_t crt; + gnutls_pubkey_t pubkey; + gnutls_privkey_t privkey; + gnutls_sign_algorithm_t sign_algo; + gnutls_datum_t signature; + int ret; + size_t i; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + if (tests[i].pk == GNUTLS_PK_DSA) + continue; + + success("testing: %s - %s\n", tests[i].name, gnutls_sign_algorithm_get_name(tests[i].sigalgo)); + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + testfail("gnutls_pubkey_init\n"); + + ret = gnutls_privkey_import_x509_raw(privkey, &tests[i].key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + testfail("gnutls_privkey_import_x509\n"); + + ret = gnutls_privkey_sign_data2(privkey, tests[i].sigalgo, 0, + &raw_data, &signature); + if (ret < 0) + testfail("gnutls_x509_privkey_sign_hash\n"); + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) + testfail("gnutls_x509_crt_init\n"); + + ret = + gnutls_x509_crt_import(crt, &tests[i].cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + testfail("gnutls_x509_crt_import\n"); + + ret = gnutls_pubkey_import_x509(pubkey, crt, 0); + if (ret < 0) + testfail("gnutls_x509_pubkey_import\n"); + + ret = + gnutls_pubkey_verify_data2(pubkey, tests[i].sigalgo, 0, &raw_data, + &signature); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_data2\n"); + + /* Test functionality of GNUTLS_VERIFY_DISABLE_CA_SIGN flag (see issue #754) */ + ret = + gnutls_pubkey_verify_data2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_DISABLE_CA_SIGN, &raw_data, + &signature); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_data2\n"); + + /* should fail */ + ret = + gnutls_pubkey_verify_data2(pubkey, tests[i].sigalgo, 0, + &invalid_raw_data, + &signature); + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) + testfail("gnutls_x509_pubkey_verify_data2-2 (hashed data)\n"); + + sign_algo = + gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm + (pubkey, NULL), tests[i].digest); + ret = + gnutls_pubkey_verify_data2(pubkey, sign_algo, 0, + &raw_data, &signature); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_data2-1 (hashed data)\n"); + + /* should fail */ + ret = + gnutls_pubkey_verify_data2(pubkey, sign_algo, 0, + &invalid_raw_data, + &signature); + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) + testfail("gnutls_x509_pubkey_verify_data2-2 (hashed data)\n"); + + /* test the raw interface */ + gnutls_free(signature.data); + signature.data = NULL; + + gnutls_free(signature.data); + gnutls_x509_crt_deinit(crt); + gnutls_privkey_deinit(privkey); + gnutls_pubkey_deinit(pubkey); + } + + gnutls_global_deinit(); +} diff --git a/tests/sign-verify-data.c b/tests/sign-verify-data.c new file mode 100644 index 0000000..558ad22 --- /dev/null +++ b/tests/sign-verify-data.c @@ -0,0 +1,164 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include +#include +#include +#include +#include "common-key-tests.h" +#include "utils.h" + +/* verifies whether the sign-data and verify-data APIs + * operate as expected */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +/* sha1 hash of "hello" string */ +const gnutls_datum_t raw_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t invalid_raw_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x3c\xd9\xae\xa9\x43\x4d", + 20 +}; + +#define tests common_key_tests +#define testfail(fmt, ...) \ + fail("%s: "fmt, tests[i].name, ##__VA_ARGS__) + +void doit(void) +{ + gnutls_x509_crt_t crt; + gnutls_pubkey_t pubkey; + gnutls_privkey_t privkey; + gnutls_sign_algorithm_t sign_algo; + gnutls_datum_t signature; + int ret; + size_t i; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + if (tests[i].pk == GNUTLS_PK_DSA) + continue; + + success("testing: %s - %s\n", tests[i].name, gnutls_sign_algorithm_get_name(tests[i].sigalgo)); + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + testfail("gnutls_pubkey_init\n"); + + ret = gnutls_privkey_import_x509_raw(privkey, &tests[i].key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + testfail("gnutls_privkey_import_x509\n"); + + ret = gnutls_privkey_sign_data(privkey, tests[i].digest, tests[i].sign_flags, + &raw_data, &signature); + if (ret < 0) + testfail("gnutls_x509_privkey_sign_hash\n"); + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) + testfail("gnutls_x509_crt_init\n"); + + ret = + gnutls_x509_crt_import(crt, &tests[i].cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + testfail("gnutls_x509_crt_import\n"); + + ret = gnutls_pubkey_import_x509(pubkey, crt, 0); + if (ret < 0) + testfail("gnutls_x509_pubkey_import\n"); + + ret = + gnutls_pubkey_verify_data2(pubkey, tests[i].sigalgo, 0, &raw_data, + &signature); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_data2\n"); + + /* should fail */ + ret = + gnutls_pubkey_verify_data2(pubkey, tests[i].sigalgo, 0, + &invalid_raw_data, + &signature); + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) + testfail("gnutls_x509_pubkey_verify_data2-2 (hashed data)\n"); + + sign_algo = + gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm + (pubkey, NULL), tests[i].digest); + ret = + gnutls_pubkey_verify_data2(pubkey, sign_algo, 0, + &raw_data, &signature); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_data2-1 (hashed data)\n"); + + /* should fail */ + ret = + gnutls_pubkey_verify_data2(pubkey, sign_algo, 0, + &invalid_raw_data, + &signature); + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) + testfail("gnutls_x509_pubkey_verify_data2-2 (hashed data)\n"); + + /* test the raw interface */ + gnutls_free(signature.data); + + gnutls_free(signature.data); + gnutls_x509_crt_deinit(crt); + gnutls_privkey_deinit(privkey); + gnutls_pubkey_deinit(pubkey); + } + + gnutls_global_deinit(); +} diff --git a/tests/sign-verify-deterministic.c b/tests/sign-verify-deterministic.c new file mode 100644 index 0000000..6e90728 --- /dev/null +++ b/tests/sign-verify-deterministic.c @@ -0,0 +1,209 @@ +/* + * Copyright (C) 2017-2019 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include +#include +#include +#include +#include "utils.h" + +/* verifies whether the sign-data and verify-data APIs + * operate as expected with deterministic ECDSA/DSA (RFC 6979) */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +struct _key_tests_st { + const char *name; + gnutls_datum_t key; + gnutls_datum_t msg; + gnutls_datum_t sig; + gnutls_pk_algorithm_t pk; + gnutls_digest_algorithm_t digest; + gnutls_sign_algorithm_t sigalgo; + unsigned int sign_flags; +}; + +/* Test vectors from RFC 6979 */ +static const char dsa_privkey_rfc6979[] = + "-----BEGIN DSA PRIVATE KEY-----\n" + "MIIBugIBAAKBgQCG9coD3P6yJQY/+DCgx2m53Z1hU62R184n94fEMni0R+ZTO4ax\n" + "i+1uiki3hKFMJSxb4Nv2C4bWOFvS8S+3Y+2Ic6v9P1ui4KjApZCC6sBWk15Sna98\n" + "YQRniZx3re38hGyIGHC3sZsrWPm+BSGhcALjvda4ZoXukLPZobAreCsXeQIVAJlv\n" + "ln9sjjiNnijQHiBfupV6VpixAoGAB7D5JUYVC2JRS7dx4qDAzjh/A72mxWtQUgn/\n" + "Jf08Ez2Ju82X6QTgkRTZp9796t/JB46lRNLkAa7sxAu5+794/YeZWhChwny3eJtZ\n" + "S6fvtcQyap/lmgcOE223cXVGStykF75dzi9A0QpGo6OUPyarf9nAOY/4x27gpWgm\n" + "qKiPHb0CgYBd9eAd7THQKX4nThaRwZL+WGj++eGahHdkVLEAzxb2U5IZWji5BSPi\n" + "VC7mGHHARAy4fDIvxLTS7F4efsdm4b6NTOk1Q33BHDyP1CYziTPr/nOcs0ZfTTZo\n" + "xeRzUIJTseaC9ly9xPrpPC6iEjkOVJBahuIiMXC0Tqp9pd2f/Pt/OwIUQRYCyxmm\n" + "zMNElNedmO8eftWvJfc=\n" + "-----END DSA PRIVATE KEY-----\n"; + +static const char ecdsa_secp256r1_privkey_rfc6979[] = + "-----BEGIN EC PRIVATE KEY-----\n" + "MHgCAQEEIQDJr6nYRbp1FmtcIVdnsdaTTlDD2zbomxJ7imIrEg9nIaAKBggqhkjO\n" + "PQMBB6FEA0IABGD+1LolWp0xyWHrdMY1bWjASbiSO2H6bOZpYi5g8p+2eQP+EAi4\n" + "vJmkGunpVii8ZPLxsgwtfp9Rd6PClNRGIpk=\n" + "-----END EC PRIVATE KEY-----\n"; + +static const char sample[] = "sample"; + +static const +struct _key_tests_st tests[] = { + { + .name = "dsa key", + .key = {(void *) dsa_privkey_rfc6979, sizeof(dsa_privkey_rfc6979)-1}, + .msg = {(void *) sample, sizeof(sample)-1}, + .sig = {(void *) "\x30\x2d\x02\x15\x00\x81\xf2\xf5\x85\x0b\xe5\xbc\x12\x3c\x43\xf7\x1a\x30\x33\xe9\x38\x46\x11\xc5\x45\x02\x14\x4c\xdd\x91\x4b\x65\xeb\x6c\x66\xa8\xaa\xad\x27\x29\x9b\xee\x6b\x03\x5f\x5e\x89", 47}, + .pk = GNUTLS_PK_DSA, + .digest = GNUTLS_DIG_SHA256, + .sigalgo = GNUTLS_SIGN_DSA_SHA256, + .sign_flags = GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE + }, + { + .name = "ecdsa key", + .key = {(void *) ecdsa_secp256r1_privkey_rfc6979, sizeof(ecdsa_secp256r1_privkey_rfc6979)-1}, + .msg = {(void *) sample, sizeof(sample)-1}, + .sig = {(void *) "\x30\x46\x02\x21\x00\xef\xd4\x8b\x2a\xac\xb6\xa8\xfd\x11\x40\xdd\x9c\xd4\x5e\x81\xd6\x9d\x2c\x87\x7b\x56\xaa\xf9\x91\xc3\x4d\x0e\xa8\x4e\xaf\x37\x16\x02\x21\x00\xf7\xcb\x1c\x94\x2d\x65\x7c\x41\xd4\x36\xc7\xa1\xb6\xe2\x9f\x65\xf3\xe9\x00\xdb\xb9\xaf\xf4\x06\x4d\xc4\xab\x2f\x84\x3a\xcd\xa8", 72}, + .pk = GNUTLS_PK_ECDSA, + .digest = GNUTLS_DIG_SHA256, + .sigalgo = GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, + .sign_flags = GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE + }, + { + .name = "ecdsa key", + .key = {(void *) ecdsa_secp256r1_privkey_rfc6979, sizeof(ecdsa_secp256r1_privkey_rfc6979)-1}, + .msg = {(void *) sample, sizeof(sample)-1}, + .sig = {(void *) "\x30\x46\x02\x21\x00\xef\xd4\x8b\x2a\xac\xb6\xa8\xfd\x11\x40\xdd\x9c\xd4\x5e\x81\xd6\x9d\x2c\x87\x7b\x56\xaa\xf9\x91\xc3\x4d\x0e\xa8\x4e\xaf\x37\x16\x02\x21\x00\xf7\xcb\x1c\x94\x2d\x65\x7c\x41\xd4\x36\xc7\xa1\xb6\xe2\x9f\x65\xf3\xe9\x00\xdb\xb9\xaf\xf4\x06\x4d\xc4\xab\x2f\x84\x3a\xcd\xa8", 72}, + .pk = GNUTLS_PK_ECDSA, + .digest = GNUTLS_DIG_SHA256, + .sigalgo = GNUTLS_SIGN_ECDSA_SHA256, + .sign_flags = GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE + }, + { + .name = "ecdsa key (q bits < h bits)", + .key = {(void *) ecdsa_secp256r1_privkey_rfc6979, sizeof(ecdsa_secp256r1_privkey_rfc6979)-1}, + .msg = {(void *) sample, sizeof(sample)-1}, + .sig = {(void *) "\x30\x44\x02\x20\x0e\xaf\xea\x03\x9b\x20\xe9\xb4\x23\x09\xfb\x1d\x89\xe2\x13\x05\x7c\xbf\x97\x3d\xc0\xcf\xc8\xf1\x29\xed\xdd\xc8\x00\xef\x77\x19\x02\x20\x48\x61\xf0\x49\x1e\x69\x98\xb9\x45\x51\x93\xe3\x4e\x7b\x0d\x28\x4d\xdd\x71\x49\xa7\x4b\x95\xb9\x26\x1f\x13\xab\xde\x94\x09\x54", 70}, + .pk = GNUTLS_PK_ECDSA, + .digest = GNUTLS_DIG_SHA384, + .sigalgo = GNUTLS_SIGN_ECDSA_SHA384, + .sign_flags = GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE + }, + { + .name = "ecdsa key (q bits > h bits)", + .key = {(void *) ecdsa_secp256r1_privkey_rfc6979, sizeof(ecdsa_secp256r1_privkey_rfc6979)-1}, + .msg = {(void *) sample, sizeof(sample)-1}, + .sig = {(void *) "\x30\x45\x02\x20\x53\xb2\xff\xf5\xd1\x75\x2b\x2c\x68\x9d\xf2\x57\xc0\x4c\x40\xa5\x87\xfa\xba\xbb\x3f\x6f\xc2\x70\x2f\x13\x43\xaf\x7c\xa9\xaa\x3f\x02\x21\x00\xb9\xaf\xb6\x4f\xdc\x03\xdc\x1a\x13\x1c\x7d\x23\x86\xd1\x1e\x34\x9f\x07\x0a\xa4\x32\xa4\xac\xc9\x18\xbe\xa9\x88\xbf\x75\xc7\x4c", 71}, + .pk = GNUTLS_PK_ECDSA, + .digest = GNUTLS_DIG_SHA224, + .sigalgo = GNUTLS_SIGN_ECDSA_SHA224, + .sign_flags = GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE + } +}; + +#define testfail(fmt, ...) \ + fail("%s: "fmt, tests[i].name, ##__VA_ARGS__) + +void doit(void) +{ + gnutls_pubkey_t pubkey; + gnutls_privkey_t privkey; + gnutls_datum_t signature; + int ret; + size_t i; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + success("testing: %s - %s", tests[i].name, gnutls_sign_algorithm_get_name(tests[i].sigalgo)); + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + testfail("gnutls_pubkey_init\n"); + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + signature.data = NULL; + signature.size = 0; + + ret = gnutls_privkey_import_x509_raw(privkey, &tests[i].key, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + testfail("gnutls_privkey_import_x509_raw\n"); + + ret = gnutls_privkey_sign_data(privkey, tests[i].digest, tests[i].sign_flags, + &tests[i].msg, &signature); + if (gnutls_fips140_mode_enabled()) { + /* deterministic ECDSA/DSA is prohibited under FIPS */ + if (ret != GNUTLS_E_INVALID_REQUEST) + testfail("gnutls_privkey_sign_data unexpectedly succeeds\n"); + success(" - skipping\n"); + goto next; + } else { + if (ret < 0) + testfail("gnutls_privkey_sign_data\n"); + } + + if (signature.size != tests[i].sig.size || + memcmp(signature.data, tests[i].sig.data, signature.size) != 0) + testfail("signature does not match"); + + ret = gnutls_pubkey_import_privkey(pubkey, privkey, 0, 0); + if (ret < 0) + testfail("gnutls_pubkey_import_privkey\n"); + + ret = + gnutls_pubkey_verify_data2(pubkey, tests[i].sigalgo, 0, &tests[i].msg, + &signature); + if (ret < 0) + testfail("gnutls_pubkey_verify_data2\n"); + success(" - pass"); + + next: + gnutls_free(signature.data); + gnutls_privkey_deinit(privkey); + gnutls_pubkey_deinit(pubkey); + } + + gnutls_global_deinit(); +} diff --git a/tests/sign-verify-ed25519-rfc8080.c b/tests/sign-verify-ed25519-rfc8080.c new file mode 100644 index 0000000..75585b9 --- /dev/null +++ b/tests/sign-verify-ed25519-rfc8080.c @@ -0,0 +1,144 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +#include +#include +#include +#endif +#include +#include +#include +#include +#include "utils.h" + +/* verifies whether the sign-data and verify-data APIs + * operate as expected */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +/* Values from RFC8080 */ +static unsigned char ed25519_x[] = + "\x97\x4d\x96\xa2\x2d\x22\x4b\xc0\x1a\xdb\x91\x50\x91\x47\x7d\x44\xcc\xd9\x1c\x9a\x41\xa1\x14\x30\x01\x01\x17\xd5\x2c\x59\x24\x0e"; +static unsigned char ed25519_k[] = + "\x38\x32\x32\x36\x30\x33\x38\x34\x36\x32\x38\x30\x38\x30\x31\x32\x32\x36\x34\x35\x31\x39\x30\x32\x30\x34\x31\x34\x32\x32\x36\x32"; + +static gnutls_datum_t _ed25519_x = { ed25519_x, sizeof(ed25519_x) - 1 }; +static gnutls_datum_t _ed25519_k = { ed25519_k, sizeof(ed25519_k) - 1 }; + +/* sha1 hash of "hello" string */ +const gnutls_datum_t raw_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t invalid_raw_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x3c\xd9\xae\xa9\x43\x4d", + 20 +}; + +void doit(void) +{ + gnutls_pubkey_t pubkey; + gnutls_privkey_t key; + gnutls_datum_t signature; + int ret; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = + gnutls_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, + &_ed25519_x, NULL, &_ed25519_k); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_verify_params(key); + if (ret != 0) + fail("error: %s\n", gnutls_strerror(ret)); + + ret = gnutls_privkey_sign_data(key, GNUTLS_DIG_SHA512, 0, + &raw_data, &signature); + if (ret < 0) + fail("gnutls_x509_privkey_sign_hash\n"); + + /* verification */ + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + fail("gnutls_privkey_init\n"); + + ret = gnutls_pubkey_import_privkey(pubkey, key, 0, 0); + if (ret < 0) + fail("gnutls_x509_pubkey_import\n"); + + ret = + gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_EDDSA_ED25519, 0, + &raw_data, &signature); + if (ret < 0) + fail("gnutls_x509_pubkey_verify_data2\n"); + + gnutls_pubkey_deinit(pubkey); + + /* try importing the pubkey directly */ + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + fail("gnutls_privkey_init\n"); + + ret = gnutls_pubkey_import_ecc_raw(pubkey, GNUTLS_ECC_CURVE_ED25519, &_ed25519_x, NULL); + if (ret < 0) + fail("gnutls_x509_pubkey_import_ecc_raw\n"); + + ret = + gnutls_pubkey_verify_data2(pubkey, GNUTLS_SIGN_EDDSA_ED25519, 0, + &raw_data, &signature); + if (ret < 0) + fail("gnutls_x509_pubkey_verify_data2\n"); + + gnutls_pubkey_deinit(pubkey); + + gnutls_privkey_deinit(key); + gnutls_free(signature.data); + + gnutls_global_deinit(); +} diff --git a/tests/sign-verify-ext.c b/tests/sign-verify-ext.c new file mode 100644 index 0000000..cc80bf9 --- /dev/null +++ b/tests/sign-verify-ext.c @@ -0,0 +1,242 @@ +/* + * Copyright (C) 2017 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This tests the gnutls_privkey_import_ext2() APIs */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include +#include +#include +#include +#include "common-key-tests.h" +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +/* sha1 hash of "hello" string */ +const gnutls_datum_t sha1_hash_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t sha256_hash_data = { + (void *) + "\x2c\xf2\x4d\xba\x5f\xb0\xa3\x0e\x26\xe8\x3b\x2a\xc5\xb9\xe2\x9e" + "\x1b\x16\x1e\x5c\x1f\xa7\x42\x5e\x73\x04\x33\x62\x93\x8b\x98\x24", + 32 +}; + +const gnutls_datum_t raw_data = { + (void *) "hello", + 5 +}; + + +struct key_cb_data { + gnutls_privkey_t rkey; /* the real thing */ +}; + +static +int key_cb_sign_func (gnutls_privkey_t key, void* userdata, const gnutls_datum_t * data, + gnutls_datum_t * signature) +{ + struct key_cb_data *p = userdata; + + return gnutls_privkey_sign_hash(p->rkey, 0, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, data, signature); +} + +static void key_cb_deinit_func(gnutls_privkey_t key, void* userdata) +{ + struct key_cb_data *p = userdata; + gnutls_privkey_deinit(p->rkey); + free(userdata); +} + +static gnutls_privkey_t load_virt_privkey(const gnutls_datum_t *txtkey, gnutls_pk_algorithm_t pk) +{ + gnutls_privkey_t privkey; + struct key_cb_data *userdata; + int ret; + + userdata = calloc(1, sizeof(struct key_cb_data)); + if (userdata == NULL) { + fail("memory error\n"); + } + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + fail("gnutls_privkey_init\n"); + + ret = gnutls_privkey_init(&userdata->rkey); + if (ret < 0) + fail("gnutls_privkey_init\n"); + + ret = + gnutls_privkey_import_x509_raw(userdata->rkey, txtkey, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("gnutls_privkey_import\n"); + + ret = gnutls_privkey_import_ext2(privkey, pk, userdata, key_cb_sign_func, NULL, key_cb_deinit_func, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + if (ret < 0) + fail("gnutls_privkey_import_ext2\n"); + + return privkey; +} + +#define tests common_key_tests +#define testfail(fmt, ...) \ + fail("%s: "fmt, tests[i].name, ##__VA_ARGS__) + +void doit(void) +{ + gnutls_pubkey_t pubkey; + gnutls_privkey_t privkey; + gnutls_sign_algorithm_t sign_algo; + gnutls_datum_t signature; + gnutls_datum_t signature2; + int ret; + size_t i; + const gnutls_datum_t *hash_data; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + if (tests[i].pk == GNUTLS_PK_RSA_PSS || tests[i].pk == GNUTLS_PK_EDDSA_ED25519) + continue; + + success("testing: %s - %s\n", tests[i].name, gnutls_sign_algorithm_get_name(tests[i].sigalgo)); + + if (tests[i].digest == GNUTLS_DIG_SHA1) { + hash_data = &sha1_hash_data; + } else { + hash_data = &sha256_hash_data; + } + + privkey = load_virt_privkey(&tests[i].key, tests[i].pk); + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = gnutls_privkey_sign_hash(privkey, tests[i].digest, tests[i].sign_flags, + hash_data, &signature2); + if (ret < 0) + testfail("gnutls_privkey_sign_hash\n"); + + ret = gnutls_privkey_sign_data(privkey, tests[i].digest, tests[i].sign_flags, + &raw_data, &signature); + if (ret < 0) + testfail("gnutls_x509_privkey_sign_hash\n"); + + ret = gnutls_pubkey_import_x509_raw(pubkey, &tests[i].cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) + testfail("gnutls_x509_pubkey_import\n"); + + ret = + gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, hash_data, + &signature); + if (ret < 0) + testfail("gnutls_pubkey_verify_hash2\n"); + + ret = + gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, hash_data, + &signature2); + if (ret < 0) + testfail("gnutls_pubkey_verify_hash2-1 (hashed data)\n"); + + /* test the raw interface */ + gnutls_free(signature.data); + gnutls_free(signature2.data); + + if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) == + GNUTLS_PK_RSA) { + + ret = + gnutls_privkey_sign_hash(privkey, + tests[i].digest, + GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_privkey_sign_hash: %s\n", + gnutls_strerror(ret)); + + sign_algo = + gnutls_pk_to_sign + (gnutls_pubkey_get_pk_algorithm(pubkey, NULL), + tests[i].digest); + + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_pubkey_verify_hash-3 (raw hashed data)\n"); + + gnutls_free(signature.data); + /* test the legacy API */ + ret = + gnutls_privkey_sign_raw_data(privkey, 0, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_privkey_sign_raw_data: %s\n", + gnutls_strerror(ret)); + + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_pubkey_verify_hash-4 (legacy raw hashed data)\n"); + } + gnutls_free(signature.data); + gnutls_free(signature2.data); + gnutls_privkey_deinit(privkey); + gnutls_pubkey_deinit(pubkey); + } + + gnutls_global_deinit(); +} diff --git a/tests/sign-verify-ext4.c b/tests/sign-verify-ext4.c new file mode 100644 index 0000000..c01beff --- /dev/null +++ b/tests/sign-verify-ext4.c @@ -0,0 +1,298 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This tests the gnutls_privkey_import_ext4() APIs */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include +#include +#include +#include +#include "common-key-tests.h" +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +/* sha1 hash of "hello" string */ +const gnutls_datum_t sha1_hash_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t sha256_hash_data = { + (void *) + "\x2c\xf2\x4d\xba\x5f\xb0\xa3\x0e\x26\xe8\x3b\x2a\xc5\xb9\xe2\x9e" + "\x1b\x16\x1e\x5c\x1f\xa7\x42\x5e\x73\x04\x33\x62\x93\x8b\x98\x24", + 32 +}; + +const gnutls_datum_t raw_data = { + (void *) "hello", + 5 +}; + + +struct key_cb_data { + gnutls_privkey_t rkey; /* the real thing */ + unsigned pk; + unsigned sig; + unsigned bits; +}; + +static int key_cb_info_func(gnutls_privkey_t key, unsigned int flags, void *userdata) +{ + struct key_cb_data *p = userdata; + + if (flags & GNUTLS_PRIVKEY_INFO_PK_ALGO) + return p->pk; + else if (flags & GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS) + return p->bits; + else if (flags & GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO) { + unsigned sig = GNUTLS_FLAGS_TO_SIGN_ALGO(flags); + + if (sig == p->sig) + return 1; + + return 0; + } + + return -1; +} + +static +int key_cb_sign_data_func (gnutls_privkey_t key, gnutls_sign_algorithm_t sig, + void* userdata, unsigned int flags, const gnutls_datum_t *data, + gnutls_datum_t *signature) +{ + struct key_cb_data *p = userdata; + + if (debug) + fprintf(stderr, "signing data with: %s\n", gnutls_sign_get_name(sig)); + return gnutls_privkey_sign_data2(p->rkey, sig, 0, data, signature); +} + +static +int key_cb_sign_hash_func (gnutls_privkey_t key, gnutls_sign_algorithm_t sig, + void* userdata, unsigned int flags, const gnutls_datum_t *data, + gnutls_datum_t *signature) +{ + struct key_cb_data *p = userdata; + + if (sig == GNUTLS_SIGN_RSA_RAW) { + if (debug) + fprintf(stderr, "signing digestinfo with: raw RSA\n"); + return gnutls_privkey_sign_hash(p->rkey, 0, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, data, signature); + } else { + if (debug) + fprintf(stderr, "signing hash with: %s\n", gnutls_sign_get_name(sig)); + return gnutls_privkey_sign_hash2(p->rkey, sig, 0, data, signature); + } +} + +static void key_cb_deinit_func(gnutls_privkey_t key, void* userdata) +{ + struct key_cb_data *p = userdata; + gnutls_privkey_deinit(p->rkey); + free(userdata); +} + +static gnutls_privkey_t load_virt_privkey(const gnutls_datum_t *txtkey, gnutls_pk_algorithm_t pk, + gnutls_sign_algorithm_t sig) +{ + gnutls_privkey_t privkey; + struct key_cb_data *userdata; + int ret; + + userdata = calloc(1, sizeof(struct key_cb_data)); + if (userdata == NULL) { + fail("memory error\n"); + } + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + fail("gnutls_privkey_init\n"); + + ret = gnutls_privkey_init(&userdata->rkey); + if (ret < 0) + fail("gnutls_privkey_init\n"); + + ret = + gnutls_privkey_import_x509_raw(userdata->rkey, txtkey, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("gnutls_privkey_import\n"); + + gnutls_privkey_get_pk_algorithm(userdata->rkey, &userdata->bits); + + userdata->pk = pk; + userdata->sig = sig; + + ret = gnutls_privkey_import_ext4(privkey, userdata, + key_cb_sign_data_func, + key_cb_sign_hash_func, + NULL, + key_cb_deinit_func, key_cb_info_func, + GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + if (ret < 0) + fail("gnutls_privkey_import_ext4\n"); + + return privkey; +} + +#define tests common_key_tests +#define testfail(fmt, ...) \ + fail("%s: "fmt, tests[i].name, ##__VA_ARGS__) + +void doit(void) +{ + gnutls_pubkey_t pubkey; + gnutls_privkey_t privkey; + gnutls_sign_algorithm_t sign_algo; + gnutls_datum_t signature; + gnutls_datum_t signature2; + int ret; + size_t i; + const gnutls_datum_t *hash_data; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + if (debug) + success("loop %d: %s\n", (int) i, tests[i].name); + + if (tests[i].digest == GNUTLS_DIG_SHA1) { + hash_data = &sha1_hash_data; + } else { + hash_data = &sha256_hash_data; + } + + privkey = load_virt_privkey(&tests[i].key, tests[i].pk, tests[i].sigalgo); + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + + ret = gnutls_privkey_sign_data2(privkey, tests[i].sigalgo, tests[i].sign_flags, + &raw_data, &signature); + if (ret < 0) + testfail("gnutls_x509_privkey_sign_hash\n"); + + ret = gnutls_pubkey_import_x509_raw(pubkey, &tests[i].cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) + testfail("gnutls_x509_pubkey_import\n"); + + ret = + gnutls_pubkey_verify_data2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, &raw_data, + &signature); + if (ret < 0) + testfail("gnutls_pubkey_verify_data2\n"); + + gnutls_free(signature.data); + + + if (!tests[i].data_only) { + ret = gnutls_privkey_sign_hash(privkey, tests[i].digest, tests[i].sign_flags, + hash_data, &signature2); + if (ret < 0) + testfail("gnutls_privkey_sign_hash\n"); + + ret = + gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, hash_data, + &signature2); + if (ret < 0) + testfail("gnutls_pubkey_verify_hash2-1 (hashed data)\n"); + + gnutls_free(signature2.data); + } + + if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) == + GNUTLS_PK_RSA) { + + ret = + gnutls_privkey_sign_hash(privkey, + tests[i].digest, + GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_privkey_sign_hash: %s\n", + gnutls_strerror(ret)); + + sign_algo = + gnutls_pk_to_sign + (gnutls_pubkey_get_pk_algorithm(pubkey, NULL), + tests[i].digest); + + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_pubkey_verify_hash-3 (raw hashed data)\n"); + + gnutls_free(signature.data); + /* test the legacy API */ + ret = + gnutls_privkey_sign_raw_data(privkey, 0, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_privkey_sign_raw_data: %s\n", + gnutls_strerror(ret)); + + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_pubkey_verify_hash-4 (legacy raw hashed data)\n"); + } + gnutls_free(signature.data); + gnutls_free(signature2.data); + gnutls_privkey_deinit(privkey); + gnutls_pubkey_deinit(pubkey); + } + + gnutls_global_deinit(); +} diff --git a/tests/sign-verify-newapi.c b/tests/sign-verify-newapi.c new file mode 100644 index 0000000..7dae1b1 --- /dev/null +++ b/tests/sign-verify-newapi.c @@ -0,0 +1,264 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2017-2019 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos, Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include +#include +#include +#include +#include "common-key-tests.h" +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +/* sha1 hash of "hello" string */ +const gnutls_datum_t sha1_hash_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t sha256_hash_data = { + (void *) + "\x2c\xf2\x4d\xba\x5f\xb0\xa3\x0e\x26\xe8\x3b\x2a\xc5\xb9\xe2\x9e" + "\x1b\x16\x1e\x5c\x1f\xa7\x42\x5e\x73\x04\x33\x62\x93\x8b\x98\x24", + 32 +}; + +const gnutls_datum_t sha256_invalid_hash_data = { + (void *) + "\x2c\xf2\x4d\xba\x5f\xb1\xa3\x0e\x26\xe8\x3b\x2a\xc5\xb9\xe2\x9e" + "\x1b\x16\x1e\x5c\x1f\xa3\x42\x5e\x73\x04\x33\x62\x93\x8b\x98\x24", + 32 +}; + +const gnutls_datum_t sha1_invalid_hash_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xca\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xb9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t raw_data = { + (void *) "hello", + 5 +}; + +#define tests common_key_tests +#define testfail(fmt, ...) \ + fail("%s: "fmt, tests[i].name, ##__VA_ARGS__) + +void doit(void) +{ + gnutls_x509_privkey_t key; + gnutls_x509_crt_t crt; + gnutls_pubkey_t pubkey; + gnutls_privkey_t privkey; + gnutls_sign_algorithm_t sign_algo; + gnutls_datum_t signature; + gnutls_datum_t signature2; + int ret; + size_t i; + const gnutls_datum_t *hash_data; + const gnutls_datum_t *invalid_hash_data; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + if (tests[i].pk == GNUTLS_PK_EDDSA_ED25519) + continue; + + success("testing: %s - %s\n", tests[i].name, gnutls_sign_algorithm_get_name(tests[i].sigalgo)); + + if (tests[i].digest == GNUTLS_DIG_SHA1) { + hash_data = &sha1_hash_data; + invalid_hash_data = &sha1_invalid_hash_data; + } else { + hash_data = &sha256_hash_data; + invalid_hash_data = &sha256_invalid_hash_data; + } + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + testfail("gnutls_x509_privkey_init\n"); + + ret = + gnutls_x509_privkey_import(key, &tests[i].key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + testfail("gnutls_x509_privkey_import\n"); + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + testfail("gnutls_pubkey_init\n"); + + ret = gnutls_privkey_import_x509(privkey, key, 0); + if (ret < 0) + testfail("gnutls_privkey_import_x509\n"); + + ret = gnutls_privkey_sign_hash2(privkey, tests[i].sigalgo, 0, + hash_data, &signature2); + if (ret < 0) + testfail("gnutls_privkey_sign_hash\n"); + + ret = gnutls_privkey_sign_data2(privkey, tests[i].sigalgo, 0, + &raw_data, &signature); + if (ret < 0) + testfail("gnutls_x509_privkey_sign_hash\n"); + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) + testfail("gnutls_x509_crt_init\n"); + + ret = + gnutls_x509_crt_import(crt, &tests[i].cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + testfail("gnutls_x509_crt_import\n"); + + ret = gnutls_pubkey_import_x509(pubkey, crt, 0); + if (ret < 0) + testfail("gnutls_x509_pubkey_import\n"); + + ret = + gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, hash_data, + &signature); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_hash2\n"); + + /* Test functionality of GNUTLS_VERIFY_DISABLE_CA_SIGN (see issue #754) */ + ret = + gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_DISABLE_CA_SIGN, hash_data, + &signature); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_hash2 with GNUTLS_VERIFY_DISABLE_CA_SIGN\n"); + + ret = + gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, hash_data, + &signature2); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_hash-1 (hashed data)\n"); + + /* should fail */ + ret = + gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, + GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, + invalid_hash_data, + &signature2); + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) + testfail("gnutls_x509_pubkey_verify_hash-2 (hashed data)\n"); + + sign_algo = + gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm + (pubkey, NULL), tests[i].digest); + + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, + hash_data, &signature2); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_hash2-1 (hashed data)\n"); + + /* should fail */ + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, + invalid_hash_data, + &signature2); + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) + testfail("gnutls_x509_pubkey_verify_hash2-2 (hashed data)\n"); + + /* test the raw interface */ + gnutls_free(signature.data); + signature.data = NULL; + + if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) == + GNUTLS_PK_RSA) { + + ret = + gnutls_privkey_sign_hash2(privkey, + tests[i].sigalgo, + GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_privkey_sign_hash: %s\n", + gnutls_strerror(ret)); + + ret = + gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_pubkey_verify_hash-3 (raw hashed data)\n"); + gnutls_free(signature.data); + /* test the legacy API */ + ret = + gnutls_privkey_sign_raw_data(privkey, 0, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_privkey_sign_raw_data: %s\n", + gnutls_strerror(ret)); + + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_pubkey_verify_hash-4 (legacy raw hashed data)\n"); + } + gnutls_free(signature.data); + gnutls_free(signature2.data); + gnutls_x509_privkey_deinit(key); + gnutls_x509_crt_deinit(crt); + gnutls_privkey_deinit(privkey); + gnutls_pubkey_deinit(pubkey); + } + + gnutls_global_deinit(); +} diff --git a/tests/sign-verify.c b/tests/sign-verify.c new file mode 100644 index 0000000..5a14741 --- /dev/null +++ b/tests/sign-verify.c @@ -0,0 +1,263 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos, Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include +#include +#include +#include +#include "common-key-tests.h" +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +/* sha1 hash of "hello" string */ +const gnutls_datum_t sha1_hash_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t sha256_hash_data = { + (void *) + "\x2c\xf2\x4d\xba\x5f\xb0\xa3\x0e\x26\xe8\x3b\x2a\xc5\xb9\xe2\x9e" + "\x1b\x16\x1e\x5c\x1f\xa7\x42\x5e\x73\x04\x33\x62\x93\x8b\x98\x24", + 32 +}; + +const gnutls_datum_t sha256_invalid_hash_data = { + (void *) + "\x2c\xf2\x4d\xba\x5f\xb1\xa3\x0e\x26\xe8\x3b\x2a\xc5\xb9\xe2\x9e" + "\x1b\x16\x1e\x5c\x1f\xa3\x42\x5e\x73\x04\x33\x62\x93\x8b\x98\x24", + 32 +}; + +const gnutls_datum_t sha1_invalid_hash_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xca\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xb9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t raw_data = { + (void *) "hello", + 5 +}; + +#define tests common_key_tests +#define testfail(fmt, ...) \ + fail("%s: "fmt, tests[i].name, ##__VA_ARGS__) + +void doit(void) +{ + gnutls_x509_privkey_t key; + gnutls_x509_crt_t crt; + gnutls_pubkey_t pubkey; + gnutls_privkey_t privkey; + gnutls_sign_algorithm_t sign_algo; + gnutls_datum_t signature; + gnutls_datum_t signature2; + int ret; + size_t i; + const gnutls_datum_t *hash_data; + const gnutls_datum_t *invalid_hash_data; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + if (tests[i].pk == GNUTLS_PK_EDDSA_ED25519) + continue; + + success("testing: %s - %s\n", tests[i].name, gnutls_sign_algorithm_get_name(tests[i].sigalgo)); + + if (tests[i].digest == GNUTLS_DIG_SHA1) { + hash_data = &sha1_hash_data; + invalid_hash_data = &sha1_invalid_hash_data; + } else { + hash_data = &sha256_hash_data; + invalid_hash_data = &sha256_invalid_hash_data; + } + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) + testfail("gnutls_x509_privkey_init\n"); + + ret = + gnutls_x509_privkey_import(key, &tests[i].key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + testfail("gnutls_x509_privkey_import\n"); + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + testfail("gnutls_pubkey_init\n"); + + ret = gnutls_privkey_import_x509(privkey, key, 0); + if (ret < 0) + testfail("gnutls_privkey_import_x509\n"); + + ret = gnutls_privkey_sign_hash(privkey, tests[i].digest, tests[i].sign_flags, + hash_data, &signature2); + if (ret < 0) + testfail("gnutls_privkey_sign_hash\n"); + + ret = gnutls_privkey_sign_data(privkey, tests[i].digest, tests[i].sign_flags, + &raw_data, &signature); + if (ret < 0) + testfail("gnutls_x509_privkey_sign_hash\n"); + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) + testfail("gnutls_x509_crt_init\n"); + + ret = + gnutls_x509_crt_import(crt, &tests[i].cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + testfail("gnutls_x509_crt_import\n"); + + ret = gnutls_pubkey_import_x509(pubkey, crt, 0); + if (ret < 0) + testfail("gnutls_x509_pubkey_import\n"); + + ret = + gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, hash_data, + &signature); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_hash2\n"); + + ret = + gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, hash_data, + &signature2); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_hash-1 (hashed data)\n"); + + /* should fail */ + ret = + gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, + GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, + invalid_hash_data, + &signature2); + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) + testfail("gnutls_x509_pubkey_verify_hash-2 (hashed data)\n"); + + sign_algo = + gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm + (pubkey, NULL), tests[i].digest); + + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, + hash_data, &signature2); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_hash2-1 (hashed data)\n"); + + /* should fail */ + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, + invalid_hash_data, + &signature2); + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) + testfail("gnutls_x509_pubkey_verify_hash2-2 (hashed data)\n"); + + /* test the raw interface */ + gnutls_free(signature.data); + + if (gnutls_pubkey_get_pk_algorithm(pubkey, NULL) == + GNUTLS_PK_RSA) { + + ret = + gnutls_privkey_sign_hash(privkey, + tests[i].digest, + GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_privkey_sign_hash: %s\n", + gnutls_strerror(ret)); + + sign_algo = + gnutls_pk_to_sign + (gnutls_pubkey_get_pk_algorithm(pubkey, NULL), + tests[i].digest); + + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_pubkey_verify_hash-3 (raw hashed data)\n"); + + gnutls_free(signature.data); + /* test the legacy API */ + ret = + gnutls_privkey_sign_raw_data(privkey, 0, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_privkey_sign_raw_data: %s\n", + gnutls_strerror(ret)); + + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + testfail("gnutls_pubkey_verify_hash-4 (legacy raw hashed data)\n"); + } + gnutls_free(signature.data); + gnutls_free(signature2.data); + gnutls_x509_privkey_deinit(key); + gnutls_x509_crt_deinit(crt); + gnutls_privkey_deinit(privkey); + gnutls_pubkey_deinit(pubkey); + } + + gnutls_global_deinit(); +} diff --git a/tests/simple.c b/tests/simple.c new file mode 100644 index 0000000..b2d53d8 --- /dev/null +++ b/tests/simple.c @@ -0,0 +1,150 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include "utils.h" + +#define CHECK_OK(x,y,z) \ + if (x >= 0 && y >= 0 && z >= 0) { \ + if (!gnutls_check_version_numeric(x, y, z)) { \ + fail("error in gnutls_check_version_numeric %d.%d.%d: %d\n", x, y, z, __LINE__); \ + exit(1); \ + } \ + } + +#define CHECK_FAIL(x,y,z) \ + if (gnutls_check_version_numeric(x, y, z)) { \ + fail("error in neg gnutls_check_version_numeric %d.%d.%d: %d\n", x, y, z, __LINE__); \ + exit(1); \ + } + +void doit(void) +{ + if (debug) { + printf("GnuTLS header version %s.\n", GNUTLS_VERSION); + printf("GnuTLS library version %s.\n", + gnutls_check_version(NULL)); + } + + if (!gnutls_check_version_numeric(GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH)) { + fail("error in gnutls_check_version_numeric 1\n"); + exit(1); + } + + CHECK_FAIL(99, 9, 9) + CHECK_FAIL(90, 1, 0) + CHECK_FAIL(90, 0, 0) + + CHECK_OK(2, 0, 0) + CHECK_OK(2, 99, 99) + CHECK_OK(3, 0, 0) + + if (!gnutls_check_version(GNUTLS_VERSION)) + fail("gnutls_check_version ERROR\n"); + + { + const gnutls_pk_algorithm_t *algs; + size_t i; + int pk; + + algs = gnutls_pk_list(); + if (!algs) + fail("gnutls_pk_list return NULL\n"); + + for (i = 0; algs[i]; i++) { + if (debug) + printf("pk_list[%d] = %d = %s = %d\n", + (int) i, algs[i], + gnutls_pk_algorithm_get_name(algs + [i]), + gnutls_pk_get_id + (gnutls_pk_algorithm_get_name + (algs[i]))); + if (gnutls_pk_get_id + (gnutls_pk_algorithm_get_name(algs[i])) + != algs[i]) + fail("gnutls_pk id doesn't match\n"); + } + + pk = gnutls_pk_get_id("foo"); + if (pk != GNUTLS_PK_UNKNOWN) + fail("gnutls_pk unknown test failed (%d)\n", pk); + + if (debug) + success("gnutls_pk_list ok\n"); + } + + { + const gnutls_sign_algorithm_t *algs; + size_t i; + int pk; + + algs = gnutls_sign_list(); + if (!algs) + fail("gnutls_sign_list return NULL\n"); + + for (i = 0; algs[i]; i++) { + gnutls_digest_algorithm_t hash; + + if (debug) + printf("sign_list[%d] = %d = %s = %d\n", + (int) i, algs[i], + gnutls_sign_algorithm_get_name(algs + [i]), + gnutls_sign_get_id + (gnutls_sign_algorithm_get_name + (algs[i]))); + if (gnutls_sign_get_id + (gnutls_sign_algorithm_get_name(algs[i])) != + algs[i]) + fail("gnutls_sign id for %s doesn't match\n", + gnutls_sign_algorithm_get_name(algs[i])); + + hash = gnutls_sign_get_hash_algorithm(algs[i]); + if (hash != GNUTLS_DIG_UNKNOWN) { + const char *name = gnutls_digest_get_name(hash); + gnutls_digest_algorithm_t hash2 = gnutls_digest_get_id(name); + /* gnutls_digest_get_id returns + * GNUTLS_DIG_UNKNOWN if the algorithm is not + * compiled in. + */ + if (hash2 != GNUTLS_DIG_UNKNOWN && hash2 != hash) + fail("gnutls_digest id for %s doesn't match %s\n", + gnutls_sign_algorithm_get_name(algs[i]), + name); + } + } + + pk = gnutls_sign_get_id("foo"); + if (pk != GNUTLS_PK_UNKNOWN) + fail("gnutls_sign unknown test failed (%d)\n", pk); + + if (debug) + success("gnutls_sign_list ok\n"); + } +} diff --git a/tests/slow/Makefile.am b/tests/slow/Makefile.am new file mode 100644 index 0000000..82d58e5 --- /dev/null +++ b/tests/slow/Makefile.am @@ -0,0 +1,69 @@ +## Process this file with automake to produce Makefile.in +# Copyright (C) 2010, 2012 Free Software Foundation, Inc. +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) +AM_CPPFLAGS = -I$(top_srcdir)/lib/includes \ + -I$(top_builddir)/lib/includes \ + -I$(top_srcdir)/tests/ \ + -I$(top_srcdir)/lib \ + -I$(top_builddir)/gl \ + -I$(top_srcdir)/gl + +if ENABLE_MINITASN1 +AM_CPPFLAGS += -I$(top_builddir)/lib/minitasn1 +endif + +AM_LDFLAGS = -no-install +LDADD = ../libutils.la \ + ../../gl/libgnu.la \ + $(top_builddir)/lib/libgnutls.la $(LIBSOCKET) + +cipher_test_CPPFLAGS = $(AM_CPPFLAGS) + +ctests = gendh + + +dist_check_SCRIPTS = test-ciphers.sh test-hash-large.sh test-ciphers-common.sh \ + test-ciphers-api.sh +check_PROGRAMS = $(ctests) cipher-test cipher-api-test hash-large crypto +TESTS = $(ctests) test-ciphers.sh test-hash-large.sh crypto test-ciphers-api.sh + +if HAVE_LIBCRYPTO +cipher_openssl_compat_LDADD = $(LDADD) $(LIBCRYPTO) + +dist_check_SCRIPTS += test-ciphers-openssl.sh +check_PROGRAMS += cipher-openssl-compat +TESTS += test-ciphers-openssl.sh +endif + +EXTRA_DIST = README gnutls-asan.supp + +TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ + LC_ALL="C" \ + LSAN_OPTIONS=suppressions=$(srcdir)/gnutls-asan.supp \ + GNUTLS_TEST_SUITE_RUN=1 \ + OPENSSL_ia32cap=0x00000000 \ + GNUTLS_SYSTEM_PRIORITY_FILE=$(abs_top_srcdir)/tests/system.prio \ + top_builddir="$(top_builddir)" \ + abs_top_builddir="$(abs_top_builddir)" \ + srcdir="$(srcdir)" + +if WINDOWS +TESTS_ENVIRONMENT += WINDOWS=1 +endif diff --git a/tests/slow/Makefile.in b/tests/slow/Makefile.in new file mode 100644 index 0000000..8b13f04 --- /dev/null +++ b/tests/slow/Makefile.in @@ -0,0 +1,2901 @@ +# Makefile.in generated by automake 1.16.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2021 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Copyright (C) 2010, 2012 Free Software Foundation, Inc. +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@ENABLE_MINITASN1_TRUE@am__append_1 = -I$(top_builddir)/lib/minitasn1 +check_PROGRAMS = $(am__EXEEXT_1) cipher-test$(EXEEXT) \ + cipher-api-test$(EXEEXT) hash-large$(EXEEXT) crypto$(EXEEXT) \ + $(am__EXEEXT_2) +TESTS = $(am__EXEEXT_1) test-ciphers.sh test-hash-large.sh \ + crypto$(EXEEXT) test-ciphers-api.sh $(am__append_4) +@HAVE_LIBCRYPTO_TRUE@am__append_2 = test-ciphers-openssl.sh +@HAVE_LIBCRYPTO_TRUE@am__append_3 = cipher-openssl-compat +@HAVE_LIBCRYPTO_TRUE@am__append_4 = test-ciphers-openssl.sh +@WINDOWS_TRUE@am__append_5 = WINDOWS=1 +subdir = tests/slow +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \ + $(top_srcdir)/lib/unistring/m4/inline.m4 \ + $(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \ + $(top_srcdir)/src/gl/m4/atoll.m4 \ + $(top_srcdir)/src/gl/m4/bison.m4 \ + $(top_srcdir)/src/gl/m4/calloc.m4 \ + $(top_srcdir)/src/gl/m4/clock_time.m4 \ + $(top_srcdir)/src/gl/m4/codeset.m4 \ + $(top_srcdir)/src/gl/m4/ctype_h.m4 \ + $(top_srcdir)/src/gl/m4/environ.m4 \ + $(top_srcdir)/src/gl/m4/error.m4 \ + $(top_srcdir)/src/gl/m4/fdopen.m4 \ + $(top_srcdir)/src/gl/m4/flexmember.m4 \ + $(top_srcdir)/src/gl/m4/fpending.m4 \ + $(top_srcdir)/src/gl/m4/fpieee.m4 \ + $(top_srcdir)/src/gl/m4/fseek.m4 \ + $(top_srcdir)/src/gl/m4/ftruncate.m4 \ + $(top_srcdir)/src/gl/m4/getaddrinfo.m4 \ + $(top_srcdir)/src/gl/m4/getcwd.m4 \ + $(top_srcdir)/src/gl/m4/getpagesize.m4 \ + $(top_srcdir)/src/gl/m4/getpass.m4 \ + $(top_srcdir)/src/gl/m4/getprogname.m4 \ + $(top_srcdir)/src/gl/m4/gettime.m4 \ + $(top_srcdir)/src/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/src/gl/m4/hostent.m4 \ + $(top_srcdir)/src/gl/m4/intl-thread-locale.m4 \ + $(top_srcdir)/src/gl/m4/inttostr.m4 \ + $(top_srcdir)/src/gl/m4/ioctl.m4 \ + $(top_srcdir)/src/gl/m4/isblank.m4 \ + $(top_srcdir)/src/gl/m4/langinfo_h.m4 \ + $(top_srcdir)/src/gl/m4/lcmessage.m4 \ + $(top_srcdir)/src/gl/m4/locale-fr.m4 \ + $(top_srcdir)/src/gl/m4/locale-ja.m4 \ + $(top_srcdir)/src/gl/m4/locale-tr.m4 \ + $(top_srcdir)/src/gl/m4/locale-zh.m4 \ + $(top_srcdir)/src/gl/m4/locale_h.m4 \ + $(top_srcdir)/src/gl/m4/localename.m4 \ + $(top_srcdir)/src/gl/m4/lstat.m4 \ + $(top_srcdir)/src/gl/m4/mktime.m4 \ + $(top_srcdir)/src/gl/m4/nanosleep.m4 \ + $(top_srcdir)/src/gl/m4/nstrftime.m4 \ + $(top_srcdir)/src/gl/m4/parse-datetime.m4 \ + $(top_srcdir)/src/gl/m4/perror.m4 \ + $(top_srcdir)/src/gl/m4/pipe.m4 \ + $(top_srcdir)/src/gl/m4/pthread-thread.m4 \ + $(top_srcdir)/src/gl/m4/pthread_h.m4 \ + $(top_srcdir)/src/gl/m4/pthread_sigmask.m4 \ + $(top_srcdir)/src/gl/m4/putenv.m4 \ + $(top_srcdir)/src/gl/m4/raise.m4 \ + $(top_srcdir)/src/gl/m4/reallocarray.m4 \ + $(top_srcdir)/src/gl/m4/sched_h.m4 \ + $(top_srcdir)/src/gl/m4/sched_yield.m4 \ + $(top_srcdir)/src/gl/m4/select.m4 \ + $(top_srcdir)/src/gl/m4/semaphore.m4 \ + $(top_srcdir)/src/gl/m4/servent.m4 \ + $(top_srcdir)/src/gl/m4/setenv.m4 \ + $(top_srcdir)/src/gl/m4/setlocale.m4 \ + $(top_srcdir)/src/gl/m4/setlocale_null.m4 \ + $(top_srcdir)/src/gl/m4/sigaction.m4 \ + $(top_srcdir)/src/gl/m4/signal_h.m4 \ + $(top_srcdir)/src/gl/m4/signalblocking.m4 \ + $(top_srcdir)/src/gl/m4/sleep.m4 \ + $(top_srcdir)/src/gl/m4/sockets.m4 \ + $(top_srcdir)/src/gl/m4/strerror.m4 \ + $(top_srcdir)/src/gl/m4/strerror_r.m4 \ + $(top_srcdir)/src/gl/m4/strtoll.m4 \ + $(top_srcdir)/src/gl/m4/symlink.m4 \ + $(top_srcdir)/src/gl/m4/sys_ioctl_h.m4 \ + $(top_srcdir)/src/gl/m4/sys_select_h.m4 \ + $(top_srcdir)/src/gl/m4/thread.m4 \ + $(top_srcdir)/src/gl/m4/time_rz.m4 \ + $(top_srcdir)/src/gl/m4/timegm.m4 \ + $(top_srcdir)/src/gl/m4/timespec.m4 \ + $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ + $(top_srcdir)/src/gl/m4/tzset.m4 \ + $(top_srcdir)/src/gl/m4/usleep.m4 \ + $(top_srcdir)/src/gl/m4/visibility.m4 \ + $(top_srcdir)/src/gl/m4/xalloc.m4 \ + $(top_srcdir)/src/gl/m4/yield.m4 $(top_srcdir)/m4/00gnulib.m4 \ + $(top_srcdir)/m4/__inline.m4 \ + $(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \ + $(top_srcdir)/m4/arpa_inet_h.m4 \ + $(top_srcdir)/m4/ax_ac_append_to_file.m4 \ + $(top_srcdir)/m4/ax_ac_print_to_file.m4 \ + $(top_srcdir)/m4/ax_add_am_macro_static.m4 \ + $(top_srcdir)/m4/ax_am_macros_static.m4 \ + $(top_srcdir)/m4/ax_check_gnu_make.m4 \ + $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/ax_file_escapes.m4 \ + $(top_srcdir)/m4/builtin-expect.m4 \ + $(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \ + $(top_srcdir)/m4/double-slash-root.m4 $(top_srcdir)/m4/dup2.m4 \ + $(top_srcdir)/m4/eealloc.m4 $(top_srcdir)/m4/errno_h.m4 \ + $(top_srcdir)/m4/explicit_bzero.m4 \ + $(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \ + $(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \ + $(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \ + $(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fopen.m4 \ + $(top_srcdir)/m4/free.m4 $(top_srcdir)/m4/fseeko.m4 \ + $(top_srcdir)/m4/fstat.m4 $(top_srcdir)/m4/ftell.m4 \ + $(top_srcdir)/m4/ftello.m4 $(top_srcdir)/m4/func.m4 \ + $(top_srcdir)/m4/getdelim.m4 $(top_srcdir)/m4/getdtablesize.m4 \ + $(top_srcdir)/m4/getline.m4 $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/gettimeofday.m4 \ + $(top_srcdir)/m4/gnulib-common.m4 \ + $(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \ + $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \ + $(top_srcdir)/m4/host-cpu-c-abi.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \ + $(top_srcdir)/m4/inet_pton.m4 $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/intmax_t.m4 $(top_srcdir)/m4/inttypes.m4 \ + $(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/largefile.m4 \ + $(top_srcdir)/m4/ld-output-def.m4 \ + $(top_srcdir)/m4/ld-version-script.m4 $(top_srcdir)/m4/ldd.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/lock.m4 \ + $(top_srcdir)/m4/lseek.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \ + $(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \ + $(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \ + $(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \ + $(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \ + $(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \ + $(top_srcdir)/m4/netdb_h.m4 $(top_srcdir)/m4/netinet_in_h.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/off_t.m4 \ + $(top_srcdir)/m4/open-cloexec.m4 \ + $(top_srcdir)/m4/open-slash.m4 $(top_srcdir)/m4/open.m4 \ + $(top_srcdir)/m4/pathmax.m4 $(top_srcdir)/m4/pkg.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/printf.m4 \ + $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \ + $(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \ + $(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/size_max.m4 \ + $(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \ + $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sockpfaf.m4 \ + $(top_srcdir)/m4/ssize_t.m4 $(top_srcdir)/m4/stat-time.m4 \ + $(top_srcdir)/m4/stat.m4 $(top_srcdir)/m4/stdalign.m4 \ + $(top_srcdir)/m4/stdbool.m4 $(top_srcdir)/m4/stddef_h.m4 \ + $(top_srcdir)/m4/stdint.m4 $(top_srcdir)/m4/stdint_h.m4 \ + $(top_srcdir)/m4/stdio_h.m4 $(top_srcdir)/m4/stdlib_h.m4 \ + $(top_srcdir)/m4/stpcpy.m4 $(top_srcdir)/m4/strcase.m4 \ + $(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/string_h.m4 \ + $(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \ + $(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \ + $(top_srcdir)/m4/strverscmp.m4 \ + $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \ + $(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \ + $(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \ + $(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \ + $(top_srcdir)/m4/unistd_h.m4 \ + $(top_srcdir)/m4/valgrind-tests.m4 \ + $(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \ + $(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/m4/wchar_h.m4 \ + $(top_srcdir)/m4/wchar_t.m4 $(top_srcdir)/m4/wint_t.m4 \ + $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/m4/zzgnulib.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__dist_check_SCRIPTS_DIST) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__EXEEXT_1 = gendh$(EXEEXT) +@HAVE_LIBCRYPTO_TRUE@am__EXEEXT_2 = cipher-openssl-compat$(EXEEXT) +cipher_api_test_SOURCES = cipher-api-test.c +cipher_api_test_OBJECTS = cipher-api-test.$(OBJEXT) +cipher_api_test_LDADD = $(LDADD) +am__DEPENDENCIES_1 = +cipher_api_test_DEPENDENCIES = ../libutils.la ../../gl/libgnu.la \ + $(top_builddir)/lib/libgnutls.la $(am__DEPENDENCIES_1) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +cipher_openssl_compat_SOURCES = cipher-openssl-compat.c +cipher_openssl_compat_OBJECTS = cipher-openssl-compat.$(OBJEXT) +am__DEPENDENCIES_2 = ../libutils.la ../../gl/libgnu.la \ + $(top_builddir)/lib/libgnutls.la $(am__DEPENDENCIES_1) +@HAVE_LIBCRYPTO_TRUE@cipher_openssl_compat_DEPENDENCIES = \ +@HAVE_LIBCRYPTO_TRUE@ $(am__DEPENDENCIES_2) \ +@HAVE_LIBCRYPTO_TRUE@ $(am__DEPENDENCIES_1) +cipher_test_SOURCES = cipher-test.c +cipher_test_OBJECTS = cipher_test-cipher-test.$(OBJEXT) +cipher_test_LDADD = $(LDADD) +cipher_test_DEPENDENCIES = ../libutils.la ../../gl/libgnu.la \ + $(top_builddir)/lib/libgnutls.la $(am__DEPENDENCIES_1) +crypto_SOURCES = crypto.c +crypto_OBJECTS = crypto.$(OBJEXT) +crypto_LDADD = $(LDADD) +crypto_DEPENDENCIES = ../libutils.la ../../gl/libgnu.la \ + $(top_builddir)/lib/libgnutls.la $(am__DEPENDENCIES_1) +gendh_SOURCES = gendh.c +gendh_OBJECTS = gendh.$(OBJEXT) +gendh_LDADD = $(LDADD) +gendh_DEPENDENCIES = ../libutils.la ../../gl/libgnu.la \ + $(top_builddir)/lib/libgnutls.la $(am__DEPENDENCIES_1) +hash_large_SOURCES = hash-large.c +hash_large_OBJECTS = hash-large.$(OBJEXT) +hash_large_LDADD = $(LDADD) +hash_large_DEPENDENCIES = ../libutils.la ../../gl/libgnu.la \ + $(top_builddir)/lib/libgnutls.la $(am__DEPENDENCIES_1) +am__dist_check_SCRIPTS_DIST = test-ciphers.sh test-hash-large.sh \ + test-ciphers-common.sh test-ciphers-api.sh \ + test-ciphers-openssl.sh +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/cipher-api-test.Po \ + ./$(DEPDIR)/cipher-openssl-compat.Po \ + ./$(DEPDIR)/cipher_test-cipher-test.Po ./$(DEPDIR)/crypto.Po \ + ./$(DEPDIR)/gendh.Po ./$(DEPDIR)/hash-large.Po +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = cipher-api-test.c cipher-openssl-compat.c cipher-test.c \ + crypto.c gendh.c hash-large.c +DIST_SOURCES = cipher-api-test.c cipher-openssl-compat.c cipher-test.c \ + crypto.c gendh.c hash-large.c +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red=''; \ + grn=''; \ + lgn=''; \ + blu=''; \ + mgn=''; \ + brg=''; \ + std=''; \ + fi; \ +} +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__recheck_rx = ^[ ]*:recheck:[ ]* +am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* +am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* +# A command that, given a newline-separated list of test names on the +# standard input, print the name of the tests that are to be re-run +# upon "make recheck". +am__list_recheck_tests = $(AWK) '{ \ + recheck = 1; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + { \ + if ((getline line2 < ($$0 ".log")) < 0) \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ + { \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ + { \ + break; \ + } \ + }; \ + if (recheck) \ + print $$0; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# A command that, given a newline-separated list of test names on the +# standard input, create the global log from their .trs and .log files. +am__create_global_log = $(AWK) ' \ +function fatal(msg) \ +{ \ + print "fatal: making $@: " msg | "cat >&2"; \ + exit 1; \ +} \ +function rst_section(header) \ +{ \ + print header; \ + len = length(header); \ + for (i = 1; i <= len; i = i + 1) \ + printf "="; \ + printf "\n\n"; \ +} \ +{ \ + copy_in_global_log = 1; \ + global_test_result = "RUN"; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".trs"); \ + if (line ~ /$(am__global_test_result_rx)/) \ + { \ + sub("$(am__global_test_result_rx)", "", line); \ + sub("[ ]*$$", "", line); \ + global_test_result = line; \ + } \ + else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ + copy_in_global_log = 0; \ + }; \ + if (copy_in_global_log) \ + { \ + rst_section(global_test_result ": " $$0); \ + while ((rc = (getline line < ($$0 ".log"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".log"); \ + print line; \ + }; \ + printf "\n"; \ + }; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# Restructured Text title. +am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } +# Solaris 10 'make', and several other traditional 'make' implementations, +# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it +# by disabling -e (using the XSI extension "set +e") if it's set. +am__sh_e_setup = case $$- in *e*) set +e;; esac +# Default flags passed to test drivers. +am__common_driver_flags = \ + --color-tests "$$am__color_tests" \ + --enable-hard-errors "$$am__enable_hard_errors" \ + --expect-failure "$$am__expect_failure" +# To be inserted before the command running the test. Creates the +# directory for the log if needed. Stores in $dir the directory +# containing $f, in $tst the test, in $log the log. Executes the +# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and +# passes TESTS_ENVIRONMENT. Set up options for the wrapper that +# will run the test scripts (or their associated LOG_COMPILER, if +# thy have one). +am__check_pre = \ +$(am__sh_e_setup); \ +$(am__vpath_adj_setup) $(am__vpath_adj) \ +$(am__tty_colors); \ +srcdir=$(srcdir); export srcdir; \ +case "$@" in \ + */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ + *) am__odir=.;; \ +esac; \ +test "x$$am__odir" = x"." || test -d "$$am__odir" \ + || $(MKDIR_P) "$$am__odir" || exit $$?; \ +if test -f "./$$f"; then dir=./; \ +elif test -f "$$f"; then dir=; \ +else dir="$(srcdir)/"; fi; \ +tst=$$dir$$f; log='$@'; \ +if test -n '$(DISABLE_HARD_ERRORS)'; then \ + am__enable_hard_errors=no; \ +else \ + am__enable_hard_errors=yes; \ +fi; \ +case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ + am__expect_failure=yes;; \ + *) \ + am__expect_failure=no;; \ +esac; \ +$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) +# A shell command to get the names of the tests scripts with any registered +# extension removed (i.e., equivalently, the names of the test logs, with +# the '.log' extension removed). The result is saved in the shell variable +# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, +# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", +# since that might cause problem with VPATH rewrites for suffix-less tests. +# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. +am__set_TESTS_bases = \ + bases='$(TEST_LOGS)'; \ + bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ + bases=`echo $$bases` +AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' +RECHECK_LOGS = $(TEST_LOGS) +AM_RECURSIVE_TARGETS = check recheck +TEST_SUITE_LOG = test-suite.log +TEST_EXTENSIONS = @EXEEXT@ .test +LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver +LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) +am__set_b = \ + case '$@' in \ + */*) \ + case '$*' in \ + */*) b='$*';; \ + *) b=`echo '$@' | sed 's/\.log$$//'`; \ + esac;; \ + *) \ + b='$*';; \ + esac +am__test_logs1 = $(TESTS:=.log) +am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) +TEST_LOGS = $(am__test_logs2:.test.log=.log) +TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver +TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ + $(TEST_LOG_FLAGS) +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp \ + $(top_srcdir)/build-aux/test-driver README +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +AARCH64_CCASFLAGS = @AARCH64_CCASFLAGS@ +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AM_VALGRINDFLAGS = @AM_VALGRINDFLAGS@ +APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +ASN1PARSER = @ASN1PARSER@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ +BYTESWAP_H = @BYTESWAP_H@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CFLAG_VISIBILITY = @CFLAG_VISIBILITY@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ +CONFIG_INCLUDE = @CONFIG_INCLUDE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CXX_LT_AGE = @CXX_LT_AGE@ +CXX_LT_CURRENT = @CXX_LT_CURRENT@ +CXX_LT_REVISION = @CXX_LT_REVISION@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_VALGRINDFLAGS = @DEFAULT_VALGRINDFLAGS@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DLL_SSL_VERSION = @DLL_SSL_VERSION@ +DLL_VERSION = @DLL_VERSION@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ +EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ +ENABLE_PADLOCK = @ENABLE_PADLOCK@ +ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ +ENOLINK_VALUE = @ENOLINK_VALUE@ +EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ +EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ +ERRNO_H = @ERRNO_H@ +ETAGS = @ETAGS@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FILECMD = @FILECMD@ +FIPS140_LIBS = @FIPS140_LIBS@ +FLOAT_H = @FLOAT_H@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETADDRINFO_LIB = @GETADDRINFO_LIB@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GL_GGL_GNULIB_ACCEPT = @GL_GGL_GNULIB_ACCEPT@ +GL_GGL_GNULIB_ACCEPT4 = @GL_GGL_GNULIB_ACCEPT4@ +GL_GGL_GNULIB_ACCESS = @GL_GGL_GNULIB_ACCESS@ +GL_GGL_GNULIB_ALIGNED_ALLOC = @GL_GGL_GNULIB_ALIGNED_ALLOC@ +GL_GGL_GNULIB_ATOLL = @GL_GGL_GNULIB_ATOLL@ +GL_GGL_GNULIB_BIND = @GL_GGL_GNULIB_BIND@ +GL_GGL_GNULIB_BTOWC = @GL_GGL_GNULIB_BTOWC@ +GL_GGL_GNULIB_CALLOC_POSIX = @GL_GGL_GNULIB_CALLOC_POSIX@ +GL_GGL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GGL_GNULIB_CANONICALIZE_FILE_NAME@ +GL_GGL_GNULIB_CHDIR = @GL_GGL_GNULIB_CHDIR@ +GL_GGL_GNULIB_CHOWN = @GL_GGL_GNULIB_CHOWN@ +GL_GGL_GNULIB_CLOSE = @GL_GGL_GNULIB_CLOSE@ +GL_GGL_GNULIB_CONNECT = @GL_GGL_GNULIB_CONNECT@ +GL_GGL_GNULIB_COPY_FILE_RANGE = @GL_GGL_GNULIB_COPY_FILE_RANGE@ +GL_GGL_GNULIB_CREAT = @GL_GGL_GNULIB_CREAT@ +GL_GGL_GNULIB_CTIME = @GL_GGL_GNULIB_CTIME@ +GL_GGL_GNULIB_DPRINTF = @GL_GGL_GNULIB_DPRINTF@ +GL_GGL_GNULIB_DUP = @GL_GGL_GNULIB_DUP@ +GL_GGL_GNULIB_DUP2 = @GL_GGL_GNULIB_DUP2@ +GL_GGL_GNULIB_DUP3 = @GL_GGL_GNULIB_DUP3@ +GL_GGL_GNULIB_DUPLOCALE = @GL_GGL_GNULIB_DUPLOCALE@ +GL_GGL_GNULIB_ENVIRON = @GL_GGL_GNULIB_ENVIRON@ +GL_GGL_GNULIB_EUIDACCESS = @GL_GGL_GNULIB_EUIDACCESS@ +GL_GGL_GNULIB_EXECL = @GL_GGL_GNULIB_EXECL@ +GL_GGL_GNULIB_EXECLE = @GL_GGL_GNULIB_EXECLE@ +GL_GGL_GNULIB_EXECLP = @GL_GGL_GNULIB_EXECLP@ +GL_GGL_GNULIB_EXECV = @GL_GGL_GNULIB_EXECV@ +GL_GGL_GNULIB_EXECVE = @GL_GGL_GNULIB_EXECVE@ +GL_GGL_GNULIB_EXECVP = @GL_GGL_GNULIB_EXECVP@ +GL_GGL_GNULIB_EXECVPE = @GL_GGL_GNULIB_EXECVPE@ +GL_GGL_GNULIB_EXPLICIT_BZERO = @GL_GGL_GNULIB_EXPLICIT_BZERO@ +GL_GGL_GNULIB_FACCESSAT = @GL_GGL_GNULIB_FACCESSAT@ +GL_GGL_GNULIB_FCHDIR = @GL_GGL_GNULIB_FCHDIR@ +GL_GGL_GNULIB_FCHMODAT = @GL_GGL_GNULIB_FCHMODAT@ +GL_GGL_GNULIB_FCHOWNAT = @GL_GGL_GNULIB_FCHOWNAT@ +GL_GGL_GNULIB_FCLOSE = @GL_GGL_GNULIB_FCLOSE@ +GL_GGL_GNULIB_FCNTL = @GL_GGL_GNULIB_FCNTL@ +GL_GGL_GNULIB_FDATASYNC = @GL_GGL_GNULIB_FDATASYNC@ +GL_GGL_GNULIB_FDOPEN = @GL_GGL_GNULIB_FDOPEN@ +GL_GGL_GNULIB_FFLUSH = @GL_GGL_GNULIB_FFLUSH@ +GL_GGL_GNULIB_FFS = @GL_GGL_GNULIB_FFS@ +GL_GGL_GNULIB_FFSL = @GL_GGL_GNULIB_FFSL@ +GL_GGL_GNULIB_FFSLL = @GL_GGL_GNULIB_FFSLL@ +GL_GGL_GNULIB_FGETC = @GL_GGL_GNULIB_FGETC@ +GL_GGL_GNULIB_FGETS = @GL_GGL_GNULIB_FGETS@ +GL_GGL_GNULIB_FOPEN = @GL_GGL_GNULIB_FOPEN@ +GL_GGL_GNULIB_FPRINTF = @GL_GGL_GNULIB_FPRINTF@ +GL_GGL_GNULIB_FPRINTF_POSIX = @GL_GGL_GNULIB_FPRINTF_POSIX@ +GL_GGL_GNULIB_FPURGE = @GL_GGL_GNULIB_FPURGE@ +GL_GGL_GNULIB_FPUTC = @GL_GGL_GNULIB_FPUTC@ +GL_GGL_GNULIB_FPUTS = @GL_GGL_GNULIB_FPUTS@ +GL_GGL_GNULIB_FREAD = @GL_GGL_GNULIB_FREAD@ +GL_GGL_GNULIB_FREE_POSIX = @GL_GGL_GNULIB_FREE_POSIX@ +GL_GGL_GNULIB_FREOPEN = @GL_GGL_GNULIB_FREOPEN@ +GL_GGL_GNULIB_FSCANF = @GL_GGL_GNULIB_FSCANF@ +GL_GGL_GNULIB_FSEEK = @GL_GGL_GNULIB_FSEEK@ +GL_GGL_GNULIB_FSEEKO = @GL_GGL_GNULIB_FSEEKO@ +GL_GGL_GNULIB_FSTAT = @GL_GGL_GNULIB_FSTAT@ +GL_GGL_GNULIB_FSTATAT = @GL_GGL_GNULIB_FSTATAT@ +GL_GGL_GNULIB_FSYNC = @GL_GGL_GNULIB_FSYNC@ +GL_GGL_GNULIB_FTELL = @GL_GGL_GNULIB_FTELL@ +GL_GGL_GNULIB_FTELLO = @GL_GGL_GNULIB_FTELLO@ +GL_GGL_GNULIB_FTRUNCATE = @GL_GGL_GNULIB_FTRUNCATE@ +GL_GGL_GNULIB_FUTIMENS = @GL_GGL_GNULIB_FUTIMENS@ +GL_GGL_GNULIB_FWRITE = @GL_GGL_GNULIB_FWRITE@ +GL_GGL_GNULIB_GETADDRINFO = @GL_GGL_GNULIB_GETADDRINFO@ +GL_GGL_GNULIB_GETC = @GL_GGL_GNULIB_GETC@ +GL_GGL_GNULIB_GETCHAR = @GL_GGL_GNULIB_GETCHAR@ +GL_GGL_GNULIB_GETCWD = @GL_GGL_GNULIB_GETCWD@ +GL_GGL_GNULIB_GETDELIM = @GL_GGL_GNULIB_GETDELIM@ +GL_GGL_GNULIB_GETDOMAINNAME = @GL_GGL_GNULIB_GETDOMAINNAME@ +GL_GGL_GNULIB_GETDTABLESIZE = @GL_GGL_GNULIB_GETDTABLESIZE@ +GL_GGL_GNULIB_GETENTROPY = @GL_GGL_GNULIB_GETENTROPY@ +GL_GGL_GNULIB_GETGROUPS = @GL_GGL_GNULIB_GETGROUPS@ +GL_GGL_GNULIB_GETHOSTNAME = @GL_GGL_GNULIB_GETHOSTNAME@ +GL_GGL_GNULIB_GETLINE = @GL_GGL_GNULIB_GETLINE@ +GL_GGL_GNULIB_GETLOADAVG = @GL_GGL_GNULIB_GETLOADAVG@ +GL_GGL_GNULIB_GETLOGIN = @GL_GGL_GNULIB_GETLOGIN@ +GL_GGL_GNULIB_GETLOGIN_R = @GL_GGL_GNULIB_GETLOGIN_R@ +GL_GGL_GNULIB_GETOPT_POSIX = @GL_GGL_GNULIB_GETOPT_POSIX@ +GL_GGL_GNULIB_GETPAGESIZE = @GL_GGL_GNULIB_GETPAGESIZE@ +GL_GGL_GNULIB_GETPASS = @GL_GGL_GNULIB_GETPASS@ +GL_GGL_GNULIB_GETPEERNAME = @GL_GGL_GNULIB_GETPEERNAME@ +GL_GGL_GNULIB_GETSOCKNAME = @GL_GGL_GNULIB_GETSOCKNAME@ +GL_GGL_GNULIB_GETSOCKOPT = @GL_GGL_GNULIB_GETSOCKOPT@ +GL_GGL_GNULIB_GETSUBOPT = @GL_GGL_GNULIB_GETSUBOPT@ +GL_GGL_GNULIB_GETTIMEOFDAY = @GL_GGL_GNULIB_GETTIMEOFDAY@ +GL_GGL_GNULIB_GETUMASK = @GL_GGL_GNULIB_GETUMASK@ +GL_GGL_GNULIB_GETUSERSHELL = @GL_GGL_GNULIB_GETUSERSHELL@ +GL_GGL_GNULIB_GRANTPT = @GL_GGL_GNULIB_GRANTPT@ +GL_GGL_GNULIB_GROUP_MEMBER = @GL_GGL_GNULIB_GROUP_MEMBER@ +GL_GGL_GNULIB_IMAXABS = @GL_GGL_GNULIB_IMAXABS@ +GL_GGL_GNULIB_IMAXDIV = @GL_GGL_GNULIB_IMAXDIV@ +GL_GGL_GNULIB_INET_NTOP = @GL_GGL_GNULIB_INET_NTOP@ +GL_GGL_GNULIB_INET_PTON = @GL_GGL_GNULIB_INET_PTON@ +GL_GGL_GNULIB_IOCTL = @GL_GGL_GNULIB_IOCTL@ +GL_GGL_GNULIB_ISATTY = @GL_GGL_GNULIB_ISATTY@ +GL_GGL_GNULIB_ISBLANK = @GL_GGL_GNULIB_ISBLANK@ +GL_GGL_GNULIB_LCHMOD = @GL_GGL_GNULIB_LCHMOD@ +GL_GGL_GNULIB_LCHOWN = @GL_GGL_GNULIB_LCHOWN@ +GL_GGL_GNULIB_LINK = @GL_GGL_GNULIB_LINK@ +GL_GGL_GNULIB_LINKAT = @GL_GGL_GNULIB_LINKAT@ +GL_GGL_GNULIB_LISTEN = @GL_GGL_GNULIB_LISTEN@ +GL_GGL_GNULIB_LOCALECONV = @GL_GGL_GNULIB_LOCALECONV@ +GL_GGL_GNULIB_LOCALENAME = @GL_GGL_GNULIB_LOCALENAME@ +GL_GGL_GNULIB_LOCALTIME = @GL_GGL_GNULIB_LOCALTIME@ +GL_GGL_GNULIB_LSEEK = @GL_GGL_GNULIB_LSEEK@ +GL_GGL_GNULIB_LSTAT = @GL_GGL_GNULIB_LSTAT@ +GL_GGL_GNULIB_MALLOC_POSIX = @GL_GGL_GNULIB_MALLOC_POSIX@ +GL_GGL_GNULIB_MBRLEN = @GL_GGL_GNULIB_MBRLEN@ +GL_GGL_GNULIB_MBRTOWC = @GL_GGL_GNULIB_MBRTOWC@ +GL_GGL_GNULIB_MBSCASECMP = @GL_GGL_GNULIB_MBSCASECMP@ +GL_GGL_GNULIB_MBSCASESTR = @GL_GGL_GNULIB_MBSCASESTR@ +GL_GGL_GNULIB_MBSCHR = @GL_GGL_GNULIB_MBSCHR@ +GL_GGL_GNULIB_MBSCSPN = @GL_GGL_GNULIB_MBSCSPN@ +GL_GGL_GNULIB_MBSINIT = @GL_GGL_GNULIB_MBSINIT@ +GL_GGL_GNULIB_MBSLEN = @GL_GGL_GNULIB_MBSLEN@ +GL_GGL_GNULIB_MBSNCASECMP = @GL_GGL_GNULIB_MBSNCASECMP@ +GL_GGL_GNULIB_MBSNLEN = @GL_GGL_GNULIB_MBSNLEN@ +GL_GGL_GNULIB_MBSNRTOWCS = @GL_GGL_GNULIB_MBSNRTOWCS@ +GL_GGL_GNULIB_MBSPBRK = @GL_GGL_GNULIB_MBSPBRK@ +GL_GGL_GNULIB_MBSPCASECMP = @GL_GGL_GNULIB_MBSPCASECMP@ +GL_GGL_GNULIB_MBSRCHR = @GL_GGL_GNULIB_MBSRCHR@ +GL_GGL_GNULIB_MBSRTOWCS = @GL_GGL_GNULIB_MBSRTOWCS@ +GL_GGL_GNULIB_MBSSEP = @GL_GGL_GNULIB_MBSSEP@ +GL_GGL_GNULIB_MBSSPN = @GL_GGL_GNULIB_MBSSPN@ +GL_GGL_GNULIB_MBSSTR = @GL_GGL_GNULIB_MBSSTR@ +GL_GGL_GNULIB_MBSTOK_R = @GL_GGL_GNULIB_MBSTOK_R@ +GL_GGL_GNULIB_MBTOWC = @GL_GGL_GNULIB_MBTOWC@ +GL_GGL_GNULIB_MDA_ACCESS = @GL_GGL_GNULIB_MDA_ACCESS@ +GL_GGL_GNULIB_MDA_CHDIR = @GL_GGL_GNULIB_MDA_CHDIR@ +GL_GGL_GNULIB_MDA_CHMOD = @GL_GGL_GNULIB_MDA_CHMOD@ +GL_GGL_GNULIB_MDA_CLOSE = @GL_GGL_GNULIB_MDA_CLOSE@ +GL_GGL_GNULIB_MDA_CREAT = @GL_GGL_GNULIB_MDA_CREAT@ +GL_GGL_GNULIB_MDA_DUP = @GL_GGL_GNULIB_MDA_DUP@ +GL_GGL_GNULIB_MDA_DUP2 = @GL_GGL_GNULIB_MDA_DUP2@ +GL_GGL_GNULIB_MDA_ECVT = @GL_GGL_GNULIB_MDA_ECVT@ +GL_GGL_GNULIB_MDA_EXECL = @GL_GGL_GNULIB_MDA_EXECL@ +GL_GGL_GNULIB_MDA_EXECLE = @GL_GGL_GNULIB_MDA_EXECLE@ +GL_GGL_GNULIB_MDA_EXECLP = @GL_GGL_GNULIB_MDA_EXECLP@ +GL_GGL_GNULIB_MDA_EXECV = @GL_GGL_GNULIB_MDA_EXECV@ +GL_GGL_GNULIB_MDA_EXECVE = @GL_GGL_GNULIB_MDA_EXECVE@ +GL_GGL_GNULIB_MDA_EXECVP = @GL_GGL_GNULIB_MDA_EXECVP@ +GL_GGL_GNULIB_MDA_EXECVPE = @GL_GGL_GNULIB_MDA_EXECVPE@ +GL_GGL_GNULIB_MDA_FCLOSEALL = @GL_GGL_GNULIB_MDA_FCLOSEALL@ +GL_GGL_GNULIB_MDA_FCVT = @GL_GGL_GNULIB_MDA_FCVT@ +GL_GGL_GNULIB_MDA_FDOPEN = @GL_GGL_GNULIB_MDA_FDOPEN@ +GL_GGL_GNULIB_MDA_FILENO = @GL_GGL_GNULIB_MDA_FILENO@ +GL_GGL_GNULIB_MDA_GCVT = @GL_GGL_GNULIB_MDA_GCVT@ +GL_GGL_GNULIB_MDA_GETCWD = @GL_GGL_GNULIB_MDA_GETCWD@ +GL_GGL_GNULIB_MDA_GETPID = @GL_GGL_GNULIB_MDA_GETPID@ +GL_GGL_GNULIB_MDA_GETW = @GL_GGL_GNULIB_MDA_GETW@ +GL_GGL_GNULIB_MDA_ISATTY = @GL_GGL_GNULIB_MDA_ISATTY@ +GL_GGL_GNULIB_MDA_LSEEK = @GL_GGL_GNULIB_MDA_LSEEK@ +GL_GGL_GNULIB_MDA_MEMCCPY = @GL_GGL_GNULIB_MDA_MEMCCPY@ +GL_GGL_GNULIB_MDA_MKDIR = @GL_GGL_GNULIB_MDA_MKDIR@ +GL_GGL_GNULIB_MDA_MKTEMP = @GL_GGL_GNULIB_MDA_MKTEMP@ +GL_GGL_GNULIB_MDA_OPEN = @GL_GGL_GNULIB_MDA_OPEN@ +GL_GGL_GNULIB_MDA_PUTENV = @GL_GGL_GNULIB_MDA_PUTENV@ +GL_GGL_GNULIB_MDA_PUTW = @GL_GGL_GNULIB_MDA_PUTW@ +GL_GGL_GNULIB_MDA_READ = @GL_GGL_GNULIB_MDA_READ@ +GL_GGL_GNULIB_MDA_RMDIR = @GL_GGL_GNULIB_MDA_RMDIR@ +GL_GGL_GNULIB_MDA_STRDUP = @GL_GGL_GNULIB_MDA_STRDUP@ +GL_GGL_GNULIB_MDA_SWAB = @GL_GGL_GNULIB_MDA_SWAB@ +GL_GGL_GNULIB_MDA_TEMPNAM = @GL_GGL_GNULIB_MDA_TEMPNAM@ +GL_GGL_GNULIB_MDA_TZSET = @GL_GGL_GNULIB_MDA_TZSET@ +GL_GGL_GNULIB_MDA_UMASK = @GL_GGL_GNULIB_MDA_UMASK@ +GL_GGL_GNULIB_MDA_UNLINK = @GL_GGL_GNULIB_MDA_UNLINK@ +GL_GGL_GNULIB_MDA_WCSDUP = @GL_GGL_GNULIB_MDA_WCSDUP@ +GL_GGL_GNULIB_MDA_WRITE = @GL_GGL_GNULIB_MDA_WRITE@ +GL_GGL_GNULIB_MEMCHR = @GL_GGL_GNULIB_MEMCHR@ +GL_GGL_GNULIB_MEMMEM = @GL_GGL_GNULIB_MEMMEM@ +GL_GGL_GNULIB_MEMPCPY = @GL_GGL_GNULIB_MEMPCPY@ +GL_GGL_GNULIB_MEMRCHR = @GL_GGL_GNULIB_MEMRCHR@ +GL_GGL_GNULIB_MKDIR = @GL_GGL_GNULIB_MKDIR@ +GL_GGL_GNULIB_MKDIRAT = @GL_GGL_GNULIB_MKDIRAT@ +GL_GGL_GNULIB_MKDTEMP = @GL_GGL_GNULIB_MKDTEMP@ +GL_GGL_GNULIB_MKFIFO = @GL_GGL_GNULIB_MKFIFO@ +GL_GGL_GNULIB_MKFIFOAT = @GL_GGL_GNULIB_MKFIFOAT@ +GL_GGL_GNULIB_MKNOD = @GL_GGL_GNULIB_MKNOD@ +GL_GGL_GNULIB_MKNODAT = @GL_GGL_GNULIB_MKNODAT@ +GL_GGL_GNULIB_MKOSTEMP = @GL_GGL_GNULIB_MKOSTEMP@ +GL_GGL_GNULIB_MKOSTEMPS = @GL_GGL_GNULIB_MKOSTEMPS@ +GL_GGL_GNULIB_MKSTEMP = @GL_GGL_GNULIB_MKSTEMP@ +GL_GGL_GNULIB_MKSTEMPS = @GL_GGL_GNULIB_MKSTEMPS@ +GL_GGL_GNULIB_MKTIME = @GL_GGL_GNULIB_MKTIME@ +GL_GGL_GNULIB_NANOSLEEP = @GL_GGL_GNULIB_NANOSLEEP@ +GL_GGL_GNULIB_NL_LANGINFO = @GL_GGL_GNULIB_NL_LANGINFO@ +GL_GGL_GNULIB_NONBLOCKING = @GL_GGL_GNULIB_NONBLOCKING@ +GL_GGL_GNULIB_OBSTACK_PRINTF = @GL_GGL_GNULIB_OBSTACK_PRINTF@ +GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX@ +GL_GGL_GNULIB_OPEN = @GL_GGL_GNULIB_OPEN@ +GL_GGL_GNULIB_OPENAT = @GL_GGL_GNULIB_OPENAT@ +GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT@ +GL_GGL_GNULIB_PCLOSE = @GL_GGL_GNULIB_PCLOSE@ +GL_GGL_GNULIB_PERROR = @GL_GGL_GNULIB_PERROR@ +GL_GGL_GNULIB_PIPE = @GL_GGL_GNULIB_PIPE@ +GL_GGL_GNULIB_PIPE2 = @GL_GGL_GNULIB_PIPE2@ +GL_GGL_GNULIB_POPEN = @GL_GGL_GNULIB_POPEN@ +GL_GGL_GNULIB_POSIX_MEMALIGN = @GL_GGL_GNULIB_POSIX_MEMALIGN@ +GL_GGL_GNULIB_POSIX_OPENPT = @GL_GGL_GNULIB_POSIX_OPENPT@ +GL_GGL_GNULIB_PREAD = @GL_GGL_GNULIB_PREAD@ +GL_GGL_GNULIB_PRINTF = @GL_GGL_GNULIB_PRINTF@ +GL_GGL_GNULIB_PRINTF_POSIX = @GL_GGL_GNULIB_PRINTF_POSIX@ +GL_GGL_GNULIB_PSELECT = @GL_GGL_GNULIB_PSELECT@ +GL_GGL_GNULIB_PTHREAD_COND = @GL_GGL_GNULIB_PTHREAD_COND@ +GL_GGL_GNULIB_PTHREAD_MUTEX = @GL_GGL_GNULIB_PTHREAD_MUTEX@ +GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK = @GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK@ +GL_GGL_GNULIB_PTHREAD_ONCE = @GL_GGL_GNULIB_PTHREAD_ONCE@ +GL_GGL_GNULIB_PTHREAD_RWLOCK = @GL_GGL_GNULIB_PTHREAD_RWLOCK@ +GL_GGL_GNULIB_PTHREAD_SIGMASK = @GL_GGL_GNULIB_PTHREAD_SIGMASK@ +GL_GGL_GNULIB_PTHREAD_SPIN = @GL_GGL_GNULIB_PTHREAD_SPIN@ +GL_GGL_GNULIB_PTHREAD_THREAD = @GL_GGL_GNULIB_PTHREAD_THREAD@ +GL_GGL_GNULIB_PTHREAD_TSS = @GL_GGL_GNULIB_PTHREAD_TSS@ +GL_GGL_GNULIB_PTSNAME = @GL_GGL_GNULIB_PTSNAME@ +GL_GGL_GNULIB_PTSNAME_R = @GL_GGL_GNULIB_PTSNAME_R@ +GL_GGL_GNULIB_PUTC = @GL_GGL_GNULIB_PUTC@ +GL_GGL_GNULIB_PUTCHAR = @GL_GGL_GNULIB_PUTCHAR@ +GL_GGL_GNULIB_PUTENV = @GL_GGL_GNULIB_PUTENV@ +GL_GGL_GNULIB_PUTS = @GL_GGL_GNULIB_PUTS@ +GL_GGL_GNULIB_PWRITE = @GL_GGL_GNULIB_PWRITE@ +GL_GGL_GNULIB_QSORT_R = @GL_GGL_GNULIB_QSORT_R@ +GL_GGL_GNULIB_RAISE = @GL_GGL_GNULIB_RAISE@ +GL_GGL_GNULIB_RANDOM = @GL_GGL_GNULIB_RANDOM@ +GL_GGL_GNULIB_RANDOM_R = @GL_GGL_GNULIB_RANDOM_R@ +GL_GGL_GNULIB_RAWMEMCHR = @GL_GGL_GNULIB_RAWMEMCHR@ +GL_GGL_GNULIB_READ = @GL_GGL_GNULIB_READ@ +GL_GGL_GNULIB_READLINK = @GL_GGL_GNULIB_READLINK@ +GL_GGL_GNULIB_READLINKAT = @GL_GGL_GNULIB_READLINKAT@ +GL_GGL_GNULIB_REALLOCARRAY = @GL_GGL_GNULIB_REALLOCARRAY@ +GL_GGL_GNULIB_REALLOC_POSIX = @GL_GGL_GNULIB_REALLOC_POSIX@ +GL_GGL_GNULIB_REALPATH = @GL_GGL_GNULIB_REALPATH@ +GL_GGL_GNULIB_RECV = @GL_GGL_GNULIB_RECV@ +GL_GGL_GNULIB_RECVFROM = @GL_GGL_GNULIB_RECVFROM@ +GL_GGL_GNULIB_REMOVE = @GL_GGL_GNULIB_REMOVE@ +GL_GGL_GNULIB_RENAME = @GL_GGL_GNULIB_RENAME@ +GL_GGL_GNULIB_RENAMEAT = @GL_GGL_GNULIB_RENAMEAT@ +GL_GGL_GNULIB_RMDIR = @GL_GGL_GNULIB_RMDIR@ +GL_GGL_GNULIB_RPMATCH = @GL_GGL_GNULIB_RPMATCH@ +GL_GGL_GNULIB_SCANF = @GL_GGL_GNULIB_SCANF@ +GL_GGL_GNULIB_SCHED_YIELD = @GL_GGL_GNULIB_SCHED_YIELD@ +GL_GGL_GNULIB_SECURE_GETENV = @GL_GGL_GNULIB_SECURE_GETENV@ +GL_GGL_GNULIB_SELECT = @GL_GGL_GNULIB_SELECT@ +GL_GGL_GNULIB_SEND = @GL_GGL_GNULIB_SEND@ +GL_GGL_GNULIB_SENDTO = @GL_GGL_GNULIB_SENDTO@ +GL_GGL_GNULIB_SETENV = @GL_GGL_GNULIB_SETENV@ +GL_GGL_GNULIB_SETHOSTNAME = @GL_GGL_GNULIB_SETHOSTNAME@ +GL_GGL_GNULIB_SETLOCALE = @GL_GGL_GNULIB_SETLOCALE@ +GL_GGL_GNULIB_SETLOCALE_NULL = @GL_GGL_GNULIB_SETLOCALE_NULL@ +GL_GGL_GNULIB_SETSOCKOPT = @GL_GGL_GNULIB_SETSOCKOPT@ +GL_GGL_GNULIB_SHUTDOWN = @GL_GGL_GNULIB_SHUTDOWN@ +GL_GGL_GNULIB_SIGABBREV_NP = @GL_GGL_GNULIB_SIGABBREV_NP@ +GL_GGL_GNULIB_SIGACTION = @GL_GGL_GNULIB_SIGACTION@ +GL_GGL_GNULIB_SIGDESCR_NP = @GL_GGL_GNULIB_SIGDESCR_NP@ +GL_GGL_GNULIB_SIGNAL_H_SIGPIPE = @GL_GGL_GNULIB_SIGNAL_H_SIGPIPE@ +GL_GGL_GNULIB_SIGPROCMASK = @GL_GGL_GNULIB_SIGPROCMASK@ +GL_GGL_GNULIB_SLEEP = @GL_GGL_GNULIB_SLEEP@ +GL_GGL_GNULIB_SNPRINTF = @GL_GGL_GNULIB_SNPRINTF@ +GL_GGL_GNULIB_SOCKET = @GL_GGL_GNULIB_SOCKET@ +GL_GGL_GNULIB_SPRINTF_POSIX = @GL_GGL_GNULIB_SPRINTF_POSIX@ +GL_GGL_GNULIB_STAT = @GL_GGL_GNULIB_STAT@ +GL_GGL_GNULIB_STDIO_H_NONBLOCKING = @GL_GGL_GNULIB_STDIO_H_NONBLOCKING@ +GL_GGL_GNULIB_STDIO_H_SIGPIPE = @GL_GGL_GNULIB_STDIO_H_SIGPIPE@ +GL_GGL_GNULIB_STPCPY = @GL_GGL_GNULIB_STPCPY@ +GL_GGL_GNULIB_STPNCPY = @GL_GGL_GNULIB_STPNCPY@ +GL_GGL_GNULIB_STRCASESTR = @GL_GGL_GNULIB_STRCASESTR@ +GL_GGL_GNULIB_STRCHRNUL = @GL_GGL_GNULIB_STRCHRNUL@ +GL_GGL_GNULIB_STRDUP = @GL_GGL_GNULIB_STRDUP@ +GL_GGL_GNULIB_STRERROR = @GL_GGL_GNULIB_STRERROR@ +GL_GGL_GNULIB_STRERRORNAME_NP = @GL_GGL_GNULIB_STRERRORNAME_NP@ +GL_GGL_GNULIB_STRERROR_R = @GL_GGL_GNULIB_STRERROR_R@ +GL_GGL_GNULIB_STRFTIME = @GL_GGL_GNULIB_STRFTIME@ +GL_GGL_GNULIB_STRNCAT = @GL_GGL_GNULIB_STRNCAT@ +GL_GGL_GNULIB_STRNDUP = @GL_GGL_GNULIB_STRNDUP@ +GL_GGL_GNULIB_STRNLEN = @GL_GGL_GNULIB_STRNLEN@ +GL_GGL_GNULIB_STRPBRK = @GL_GGL_GNULIB_STRPBRK@ +GL_GGL_GNULIB_STRPTIME = @GL_GGL_GNULIB_STRPTIME@ +GL_GGL_GNULIB_STRSEP = @GL_GGL_GNULIB_STRSEP@ +GL_GGL_GNULIB_STRSIGNAL = @GL_GGL_GNULIB_STRSIGNAL@ +GL_GGL_GNULIB_STRSTR = @GL_GGL_GNULIB_STRSTR@ +GL_GGL_GNULIB_STRTOD = @GL_GGL_GNULIB_STRTOD@ +GL_GGL_GNULIB_STRTOIMAX = @GL_GGL_GNULIB_STRTOIMAX@ +GL_GGL_GNULIB_STRTOK_R = @GL_GGL_GNULIB_STRTOK_R@ +GL_GGL_GNULIB_STRTOL = @GL_GGL_GNULIB_STRTOL@ +GL_GGL_GNULIB_STRTOLD = @GL_GGL_GNULIB_STRTOLD@ +GL_GGL_GNULIB_STRTOLL = @GL_GGL_GNULIB_STRTOLL@ +GL_GGL_GNULIB_STRTOUL = @GL_GGL_GNULIB_STRTOUL@ +GL_GGL_GNULIB_STRTOULL = @GL_GGL_GNULIB_STRTOULL@ +GL_GGL_GNULIB_STRTOUMAX = @GL_GGL_GNULIB_STRTOUMAX@ +GL_GGL_GNULIB_STRVERSCMP = @GL_GGL_GNULIB_STRVERSCMP@ +GL_GGL_GNULIB_SYMLINK = @GL_GGL_GNULIB_SYMLINK@ +GL_GGL_GNULIB_SYMLINKAT = @GL_GGL_GNULIB_SYMLINKAT@ +GL_GGL_GNULIB_SYSTEM_POSIX = @GL_GGL_GNULIB_SYSTEM_POSIX@ +GL_GGL_GNULIB_TIMEGM = @GL_GGL_GNULIB_TIMEGM@ +GL_GGL_GNULIB_TIMESPEC_GET = @GL_GGL_GNULIB_TIMESPEC_GET@ +GL_GGL_GNULIB_TIME_R = @GL_GGL_GNULIB_TIME_R@ +GL_GGL_GNULIB_TIME_RZ = @GL_GGL_GNULIB_TIME_RZ@ +GL_GGL_GNULIB_TMPFILE = @GL_GGL_GNULIB_TMPFILE@ +GL_GGL_GNULIB_TRUNCATE = @GL_GGL_GNULIB_TRUNCATE@ +GL_GGL_GNULIB_TTYNAME_R = @GL_GGL_GNULIB_TTYNAME_R@ +GL_GGL_GNULIB_TZSET = @GL_GGL_GNULIB_TZSET@ +GL_GGL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GGL_GNULIB_UNISTD_H_NONBLOCKING@ +GL_GGL_GNULIB_UNISTD_H_SIGPIPE = @GL_GGL_GNULIB_UNISTD_H_SIGPIPE@ +GL_GGL_GNULIB_UNLINK = @GL_GGL_GNULIB_UNLINK@ +GL_GGL_GNULIB_UNLINKAT = @GL_GGL_GNULIB_UNLINKAT@ +GL_GGL_GNULIB_UNLOCKPT = @GL_GGL_GNULIB_UNLOCKPT@ +GL_GGL_GNULIB_UNSETENV = @GL_GGL_GNULIB_UNSETENV@ +GL_GGL_GNULIB_USLEEP = @GL_GGL_GNULIB_USLEEP@ +GL_GGL_GNULIB_UTIMENSAT = @GL_GGL_GNULIB_UTIMENSAT@ +GL_GGL_GNULIB_VASPRINTF = @GL_GGL_GNULIB_VASPRINTF@ +GL_GGL_GNULIB_VDPRINTF = @GL_GGL_GNULIB_VDPRINTF@ +GL_GGL_GNULIB_VFPRINTF = @GL_GGL_GNULIB_VFPRINTF@ +GL_GGL_GNULIB_VFPRINTF_POSIX = @GL_GGL_GNULIB_VFPRINTF_POSIX@ +GL_GGL_GNULIB_VFSCANF = @GL_GGL_GNULIB_VFSCANF@ +GL_GGL_GNULIB_VPRINTF = @GL_GGL_GNULIB_VPRINTF@ +GL_GGL_GNULIB_VPRINTF_POSIX = @GL_GGL_GNULIB_VPRINTF_POSIX@ +GL_GGL_GNULIB_VSCANF = @GL_GGL_GNULIB_VSCANF@ +GL_GGL_GNULIB_VSNPRINTF = @GL_GGL_GNULIB_VSNPRINTF@ +GL_GGL_GNULIB_VSPRINTF_POSIX = @GL_GGL_GNULIB_VSPRINTF_POSIX@ +GL_GGL_GNULIB_WCPCPY = @GL_GGL_GNULIB_WCPCPY@ +GL_GGL_GNULIB_WCPNCPY = @GL_GGL_GNULIB_WCPNCPY@ +GL_GGL_GNULIB_WCRTOMB = @GL_GGL_GNULIB_WCRTOMB@ +GL_GGL_GNULIB_WCSCASECMP = @GL_GGL_GNULIB_WCSCASECMP@ +GL_GGL_GNULIB_WCSCAT = @GL_GGL_GNULIB_WCSCAT@ +GL_GGL_GNULIB_WCSCHR = @GL_GGL_GNULIB_WCSCHR@ +GL_GGL_GNULIB_WCSCMP = @GL_GGL_GNULIB_WCSCMP@ +GL_GGL_GNULIB_WCSCOLL = @GL_GGL_GNULIB_WCSCOLL@ +GL_GGL_GNULIB_WCSCPY = @GL_GGL_GNULIB_WCSCPY@ +GL_GGL_GNULIB_WCSCSPN = @GL_GGL_GNULIB_WCSCSPN@ +GL_GGL_GNULIB_WCSDUP = @GL_GGL_GNULIB_WCSDUP@ +GL_GGL_GNULIB_WCSFTIME = @GL_GGL_GNULIB_WCSFTIME@ +GL_GGL_GNULIB_WCSLEN = @GL_GGL_GNULIB_WCSLEN@ +GL_GGL_GNULIB_WCSNCASECMP = @GL_GGL_GNULIB_WCSNCASECMP@ +GL_GGL_GNULIB_WCSNCAT = @GL_GGL_GNULIB_WCSNCAT@ +GL_GGL_GNULIB_WCSNCMP = @GL_GGL_GNULIB_WCSNCMP@ +GL_GGL_GNULIB_WCSNCPY = @GL_GGL_GNULIB_WCSNCPY@ +GL_GGL_GNULIB_WCSNLEN = @GL_GGL_GNULIB_WCSNLEN@ +GL_GGL_GNULIB_WCSNRTOMBS = @GL_GGL_GNULIB_WCSNRTOMBS@ +GL_GGL_GNULIB_WCSPBRK = @GL_GGL_GNULIB_WCSPBRK@ +GL_GGL_GNULIB_WCSRCHR = @GL_GGL_GNULIB_WCSRCHR@ +GL_GGL_GNULIB_WCSRTOMBS = @GL_GGL_GNULIB_WCSRTOMBS@ +GL_GGL_GNULIB_WCSSPN = @GL_GGL_GNULIB_WCSSPN@ +GL_GGL_GNULIB_WCSSTR = @GL_GGL_GNULIB_WCSSTR@ +GL_GGL_GNULIB_WCSTOK = @GL_GGL_GNULIB_WCSTOK@ +GL_GGL_GNULIB_WCSWIDTH = @GL_GGL_GNULIB_WCSWIDTH@ +GL_GGL_GNULIB_WCSXFRM = @GL_GGL_GNULIB_WCSXFRM@ +GL_GGL_GNULIB_WCTOB = @GL_GGL_GNULIB_WCTOB@ +GL_GGL_GNULIB_WCTOMB = @GL_GGL_GNULIB_WCTOMB@ +GL_GGL_GNULIB_WCWIDTH = @GL_GGL_GNULIB_WCWIDTH@ +GL_GGL_GNULIB_WMEMCHR = @GL_GGL_GNULIB_WMEMCHR@ +GL_GGL_GNULIB_WMEMCMP = @GL_GGL_GNULIB_WMEMCMP@ +GL_GGL_GNULIB_WMEMCPY = @GL_GGL_GNULIB_WMEMCPY@ +GL_GGL_GNULIB_WMEMMOVE = @GL_GGL_GNULIB_WMEMMOVE@ +GL_GGL_GNULIB_WMEMPCPY = @GL_GGL_GNULIB_WMEMPCPY@ +GL_GGL_GNULIB_WMEMSET = @GL_GGL_GNULIB_WMEMSET@ +GL_GGL_GNULIB_WRITE = @GL_GGL_GNULIB_WRITE@ +GL_GGL_GNULIB__EXIT = @GL_GGL_GNULIB__EXIT@ +GL_GNULIB_ACCEPT = @GL_GNULIB_ACCEPT@ +GL_GNULIB_ACCEPT4 = @GL_GNULIB_ACCEPT4@ +GL_GNULIB_ACCESS = @GL_GNULIB_ACCESS@ +GL_GNULIB_ALIGNED_ALLOC = @GL_GNULIB_ALIGNED_ALLOC@ +GL_GNULIB_ATOLL = @GL_GNULIB_ATOLL@ +GL_GNULIB_BIND = @GL_GNULIB_BIND@ +GL_GNULIB_BTOWC = @GL_GNULIB_BTOWC@ +GL_GNULIB_CALLOC_POSIX = @GL_GNULIB_CALLOC_POSIX@ +GL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GNULIB_CANONICALIZE_FILE_NAME@ +GL_GNULIB_CHDIR = @GL_GNULIB_CHDIR@ +GL_GNULIB_CHOWN = @GL_GNULIB_CHOWN@ +GL_GNULIB_CLOSE = @GL_GNULIB_CLOSE@ +GL_GNULIB_CONNECT = @GL_GNULIB_CONNECT@ +GL_GNULIB_COPY_FILE_RANGE = @GL_GNULIB_COPY_FILE_RANGE@ +GL_GNULIB_CREAT = @GL_GNULIB_CREAT@ +GL_GNULIB_CTIME = @GL_GNULIB_CTIME@ +GL_GNULIB_DPRINTF = @GL_GNULIB_DPRINTF@ +GL_GNULIB_DUP = @GL_GNULIB_DUP@ +GL_GNULIB_DUP2 = @GL_GNULIB_DUP2@ +GL_GNULIB_DUP3 = @GL_GNULIB_DUP3@ +GL_GNULIB_ENVIRON = @GL_GNULIB_ENVIRON@ +GL_GNULIB_EUIDACCESS = @GL_GNULIB_EUIDACCESS@ +GL_GNULIB_EXECL = @GL_GNULIB_EXECL@ +GL_GNULIB_EXECLE = @GL_GNULIB_EXECLE@ +GL_GNULIB_EXECLP = @GL_GNULIB_EXECLP@ +GL_GNULIB_EXECV = @GL_GNULIB_EXECV@ +GL_GNULIB_EXECVE = @GL_GNULIB_EXECVE@ +GL_GNULIB_EXECVP = @GL_GNULIB_EXECVP@ +GL_GNULIB_EXECVPE = @GL_GNULIB_EXECVPE@ +GL_GNULIB_EXPLICIT_BZERO = @GL_GNULIB_EXPLICIT_BZERO@ +GL_GNULIB_FACCESSAT = @GL_GNULIB_FACCESSAT@ +GL_GNULIB_FCHDIR = @GL_GNULIB_FCHDIR@ +GL_GNULIB_FCHMODAT = @GL_GNULIB_FCHMODAT@ +GL_GNULIB_FCHOWNAT = @GL_GNULIB_FCHOWNAT@ +GL_GNULIB_FCLOSE = @GL_GNULIB_FCLOSE@ +GL_GNULIB_FCNTL = @GL_GNULIB_FCNTL@ +GL_GNULIB_FDATASYNC = @GL_GNULIB_FDATASYNC@ +GL_GNULIB_FDOPEN = @GL_GNULIB_FDOPEN@ +GL_GNULIB_FFLUSH = @GL_GNULIB_FFLUSH@ +GL_GNULIB_FFS = @GL_GNULIB_FFS@ +GL_GNULIB_FFSL = @GL_GNULIB_FFSL@ +GL_GNULIB_FFSLL = @GL_GNULIB_FFSLL@ +GL_GNULIB_FGETC = @GL_GNULIB_FGETC@ +GL_GNULIB_FGETS = @GL_GNULIB_FGETS@ +GL_GNULIB_FOPEN = @GL_GNULIB_FOPEN@ +GL_GNULIB_FPRINTF = @GL_GNULIB_FPRINTF@ +GL_GNULIB_FPRINTF_POSIX = @GL_GNULIB_FPRINTF_POSIX@ +GL_GNULIB_FPURGE = @GL_GNULIB_FPURGE@ +GL_GNULIB_FPUTC = @GL_GNULIB_FPUTC@ +GL_GNULIB_FPUTS = @GL_GNULIB_FPUTS@ +GL_GNULIB_FREAD = @GL_GNULIB_FREAD@ +GL_GNULIB_FREE_POSIX = @GL_GNULIB_FREE_POSIX@ +GL_GNULIB_FREOPEN = @GL_GNULIB_FREOPEN@ +GL_GNULIB_FSCANF = @GL_GNULIB_FSCANF@ +GL_GNULIB_FSEEK = @GL_GNULIB_FSEEK@ +GL_GNULIB_FSEEKO = @GL_GNULIB_FSEEKO@ +GL_GNULIB_FSTAT = @GL_GNULIB_FSTAT@ +GL_GNULIB_FSTATAT = @GL_GNULIB_FSTATAT@ +GL_GNULIB_FSYNC = @GL_GNULIB_FSYNC@ +GL_GNULIB_FTELL = @GL_GNULIB_FTELL@ +GL_GNULIB_FTELLO = @GL_GNULIB_FTELLO@ +GL_GNULIB_FTRUNCATE = @GL_GNULIB_FTRUNCATE@ +GL_GNULIB_FUTIMENS = @GL_GNULIB_FUTIMENS@ +GL_GNULIB_FWRITE = @GL_GNULIB_FWRITE@ +GL_GNULIB_GETADDRINFO = @GL_GNULIB_GETADDRINFO@ +GL_GNULIB_GETC = @GL_GNULIB_GETC@ +GL_GNULIB_GETCHAR = @GL_GNULIB_GETCHAR@ +GL_GNULIB_GETCWD = @GL_GNULIB_GETCWD@ +GL_GNULIB_GETDELIM = @GL_GNULIB_GETDELIM@ +GL_GNULIB_GETDOMAINNAME = @GL_GNULIB_GETDOMAINNAME@ +GL_GNULIB_GETDTABLESIZE = @GL_GNULIB_GETDTABLESIZE@ +GL_GNULIB_GETENTROPY = @GL_GNULIB_GETENTROPY@ +GL_GNULIB_GETGROUPS = @GL_GNULIB_GETGROUPS@ +GL_GNULIB_GETHOSTNAME = @GL_GNULIB_GETHOSTNAME@ +GL_GNULIB_GETLINE = @GL_GNULIB_GETLINE@ +GL_GNULIB_GETLOADAVG = @GL_GNULIB_GETLOADAVG@ +GL_GNULIB_GETLOGIN = @GL_GNULIB_GETLOGIN@ +GL_GNULIB_GETLOGIN_R = @GL_GNULIB_GETLOGIN_R@ +GL_GNULIB_GETOPT_POSIX = @GL_GNULIB_GETOPT_POSIX@ +GL_GNULIB_GETPAGESIZE = @GL_GNULIB_GETPAGESIZE@ +GL_GNULIB_GETPASS = @GL_GNULIB_GETPASS@ +GL_GNULIB_GETPEERNAME = @GL_GNULIB_GETPEERNAME@ +GL_GNULIB_GETSOCKNAME = @GL_GNULIB_GETSOCKNAME@ +GL_GNULIB_GETSOCKOPT = @GL_GNULIB_GETSOCKOPT@ +GL_GNULIB_GETSUBOPT = @GL_GNULIB_GETSUBOPT@ +GL_GNULIB_GETTIMEOFDAY = @GL_GNULIB_GETTIMEOFDAY@ +GL_GNULIB_GETUMASK = @GL_GNULIB_GETUMASK@ +GL_GNULIB_GETUSERSHELL = @GL_GNULIB_GETUSERSHELL@ +GL_GNULIB_GRANTPT = @GL_GNULIB_GRANTPT@ +GL_GNULIB_GROUP_MEMBER = @GL_GNULIB_GROUP_MEMBER@ +GL_GNULIB_IMAXABS = @GL_GNULIB_IMAXABS@ +GL_GNULIB_IMAXDIV = @GL_GNULIB_IMAXDIV@ +GL_GNULIB_INET_NTOP = @GL_GNULIB_INET_NTOP@ +GL_GNULIB_INET_PTON = @GL_GNULIB_INET_PTON@ +GL_GNULIB_ISATTY = @GL_GNULIB_ISATTY@ +GL_GNULIB_LCHMOD = @GL_GNULIB_LCHMOD@ +GL_GNULIB_LCHOWN = @GL_GNULIB_LCHOWN@ +GL_GNULIB_LINK = @GL_GNULIB_LINK@ +GL_GNULIB_LINKAT = @GL_GNULIB_LINKAT@ +GL_GNULIB_LISTEN = @GL_GNULIB_LISTEN@ +GL_GNULIB_LOCALTIME = @GL_GNULIB_LOCALTIME@ +GL_GNULIB_LSEEK = @GL_GNULIB_LSEEK@ +GL_GNULIB_LSTAT = @GL_GNULIB_LSTAT@ +GL_GNULIB_MALLOC_POSIX = @GL_GNULIB_MALLOC_POSIX@ +GL_GNULIB_MBRLEN = @GL_GNULIB_MBRLEN@ +GL_GNULIB_MBRTOWC = @GL_GNULIB_MBRTOWC@ +GL_GNULIB_MBSCASECMP = @GL_GNULIB_MBSCASECMP@ +GL_GNULIB_MBSCASESTR = @GL_GNULIB_MBSCASESTR@ +GL_GNULIB_MBSCHR = @GL_GNULIB_MBSCHR@ +GL_GNULIB_MBSCSPN = @GL_GNULIB_MBSCSPN@ +GL_GNULIB_MBSINIT = @GL_GNULIB_MBSINIT@ +GL_GNULIB_MBSLEN = @GL_GNULIB_MBSLEN@ +GL_GNULIB_MBSNCASECMP = @GL_GNULIB_MBSNCASECMP@ +GL_GNULIB_MBSNLEN = @GL_GNULIB_MBSNLEN@ +GL_GNULIB_MBSNRTOWCS = @GL_GNULIB_MBSNRTOWCS@ +GL_GNULIB_MBSPBRK = @GL_GNULIB_MBSPBRK@ +GL_GNULIB_MBSPCASECMP = @GL_GNULIB_MBSPCASECMP@ +GL_GNULIB_MBSRCHR = @GL_GNULIB_MBSRCHR@ +GL_GNULIB_MBSRTOWCS = @GL_GNULIB_MBSRTOWCS@ +GL_GNULIB_MBSSEP = @GL_GNULIB_MBSSEP@ +GL_GNULIB_MBSSPN = @GL_GNULIB_MBSSPN@ +GL_GNULIB_MBSSTR = @GL_GNULIB_MBSSTR@ +GL_GNULIB_MBSTOK_R = @GL_GNULIB_MBSTOK_R@ +GL_GNULIB_MBTOWC = @GL_GNULIB_MBTOWC@ +GL_GNULIB_MDA_ACCESS = @GL_GNULIB_MDA_ACCESS@ +GL_GNULIB_MDA_CHDIR = @GL_GNULIB_MDA_CHDIR@ +GL_GNULIB_MDA_CHMOD = @GL_GNULIB_MDA_CHMOD@ +GL_GNULIB_MDA_CLOSE = @GL_GNULIB_MDA_CLOSE@ +GL_GNULIB_MDA_CREAT = @GL_GNULIB_MDA_CREAT@ +GL_GNULIB_MDA_DUP = @GL_GNULIB_MDA_DUP@ +GL_GNULIB_MDA_DUP2 = @GL_GNULIB_MDA_DUP2@ +GL_GNULIB_MDA_ECVT = @GL_GNULIB_MDA_ECVT@ +GL_GNULIB_MDA_EXECL = @GL_GNULIB_MDA_EXECL@ +GL_GNULIB_MDA_EXECLE = @GL_GNULIB_MDA_EXECLE@ +GL_GNULIB_MDA_EXECLP = @GL_GNULIB_MDA_EXECLP@ +GL_GNULIB_MDA_EXECV = @GL_GNULIB_MDA_EXECV@ +GL_GNULIB_MDA_EXECVE = @GL_GNULIB_MDA_EXECVE@ +GL_GNULIB_MDA_EXECVP = @GL_GNULIB_MDA_EXECVP@ +GL_GNULIB_MDA_EXECVPE = @GL_GNULIB_MDA_EXECVPE@ +GL_GNULIB_MDA_FCLOSEALL = @GL_GNULIB_MDA_FCLOSEALL@ +GL_GNULIB_MDA_FCVT = @GL_GNULIB_MDA_FCVT@ +GL_GNULIB_MDA_FDOPEN = @GL_GNULIB_MDA_FDOPEN@ +GL_GNULIB_MDA_FILENO = @GL_GNULIB_MDA_FILENO@ +GL_GNULIB_MDA_GCVT = @GL_GNULIB_MDA_GCVT@ +GL_GNULIB_MDA_GETCWD = @GL_GNULIB_MDA_GETCWD@ +GL_GNULIB_MDA_GETPID = @GL_GNULIB_MDA_GETPID@ +GL_GNULIB_MDA_GETW = @GL_GNULIB_MDA_GETW@ +GL_GNULIB_MDA_ISATTY = @GL_GNULIB_MDA_ISATTY@ +GL_GNULIB_MDA_LSEEK = @GL_GNULIB_MDA_LSEEK@ +GL_GNULIB_MDA_MEMCCPY = @GL_GNULIB_MDA_MEMCCPY@ +GL_GNULIB_MDA_MKDIR = @GL_GNULIB_MDA_MKDIR@ +GL_GNULIB_MDA_MKTEMP = @GL_GNULIB_MDA_MKTEMP@ +GL_GNULIB_MDA_OPEN = @GL_GNULIB_MDA_OPEN@ +GL_GNULIB_MDA_PUTENV = @GL_GNULIB_MDA_PUTENV@ +GL_GNULIB_MDA_PUTW = @GL_GNULIB_MDA_PUTW@ +GL_GNULIB_MDA_READ = @GL_GNULIB_MDA_READ@ +GL_GNULIB_MDA_RMDIR = @GL_GNULIB_MDA_RMDIR@ +GL_GNULIB_MDA_STRDUP = @GL_GNULIB_MDA_STRDUP@ +GL_GNULIB_MDA_SWAB = @GL_GNULIB_MDA_SWAB@ +GL_GNULIB_MDA_TEMPNAM = @GL_GNULIB_MDA_TEMPNAM@ +GL_GNULIB_MDA_TZSET = @GL_GNULIB_MDA_TZSET@ +GL_GNULIB_MDA_UMASK = @GL_GNULIB_MDA_UMASK@ +GL_GNULIB_MDA_UNLINK = @GL_GNULIB_MDA_UNLINK@ +GL_GNULIB_MDA_WCSDUP = @GL_GNULIB_MDA_WCSDUP@ +GL_GNULIB_MDA_WRITE = @GL_GNULIB_MDA_WRITE@ +GL_GNULIB_MEMCHR = @GL_GNULIB_MEMCHR@ +GL_GNULIB_MEMMEM = @GL_GNULIB_MEMMEM@ +GL_GNULIB_MEMPCPY = @GL_GNULIB_MEMPCPY@ +GL_GNULIB_MEMRCHR = @GL_GNULIB_MEMRCHR@ +GL_GNULIB_MKDIR = @GL_GNULIB_MKDIR@ +GL_GNULIB_MKDIRAT = @GL_GNULIB_MKDIRAT@ +GL_GNULIB_MKDTEMP = @GL_GNULIB_MKDTEMP@ +GL_GNULIB_MKFIFO = @GL_GNULIB_MKFIFO@ +GL_GNULIB_MKFIFOAT = @GL_GNULIB_MKFIFOAT@ +GL_GNULIB_MKNOD = @GL_GNULIB_MKNOD@ +GL_GNULIB_MKNODAT = @GL_GNULIB_MKNODAT@ +GL_GNULIB_MKOSTEMP = @GL_GNULIB_MKOSTEMP@ +GL_GNULIB_MKOSTEMPS = @GL_GNULIB_MKOSTEMPS@ +GL_GNULIB_MKSTEMP = @GL_GNULIB_MKSTEMP@ +GL_GNULIB_MKSTEMPS = @GL_GNULIB_MKSTEMPS@ +GL_GNULIB_MKTIME = @GL_GNULIB_MKTIME@ +GL_GNULIB_NANOSLEEP = @GL_GNULIB_NANOSLEEP@ +GL_GNULIB_NONBLOCKING = @GL_GNULIB_NONBLOCKING@ +GL_GNULIB_OBSTACK_PRINTF = @GL_GNULIB_OBSTACK_PRINTF@ +GL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GNULIB_OBSTACK_PRINTF_POSIX@ +GL_GNULIB_OPEN = @GL_GNULIB_OPEN@ +GL_GNULIB_OPENAT = @GL_GNULIB_OPENAT@ +GL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GNULIB_OVERRIDES_STRUCT_STAT@ +GL_GNULIB_PCLOSE = @GL_GNULIB_PCLOSE@ +GL_GNULIB_PERROR = @GL_GNULIB_PERROR@ +GL_GNULIB_PIPE = @GL_GNULIB_PIPE@ +GL_GNULIB_PIPE2 = @GL_GNULIB_PIPE2@ +GL_GNULIB_POPEN = @GL_GNULIB_POPEN@ +GL_GNULIB_POSIX_MEMALIGN = @GL_GNULIB_POSIX_MEMALIGN@ +GL_GNULIB_POSIX_OPENPT = @GL_GNULIB_POSIX_OPENPT@ +GL_GNULIB_PREAD = @GL_GNULIB_PREAD@ +GL_GNULIB_PRINTF = @GL_GNULIB_PRINTF@ +GL_GNULIB_PRINTF_POSIX = @GL_GNULIB_PRINTF_POSIX@ +GL_GNULIB_PTSNAME = @GL_GNULIB_PTSNAME@ +GL_GNULIB_PTSNAME_R = @GL_GNULIB_PTSNAME_R@ +GL_GNULIB_PUTC = @GL_GNULIB_PUTC@ +GL_GNULIB_PUTCHAR = @GL_GNULIB_PUTCHAR@ +GL_GNULIB_PUTENV = @GL_GNULIB_PUTENV@ +GL_GNULIB_PUTS = @GL_GNULIB_PUTS@ +GL_GNULIB_PWRITE = @GL_GNULIB_PWRITE@ +GL_GNULIB_QSORT_R = @GL_GNULIB_QSORT_R@ +GL_GNULIB_RANDOM = @GL_GNULIB_RANDOM@ +GL_GNULIB_RANDOM_R = @GL_GNULIB_RANDOM_R@ +GL_GNULIB_RAWMEMCHR = @GL_GNULIB_RAWMEMCHR@ +GL_GNULIB_READ = @GL_GNULIB_READ@ +GL_GNULIB_READLINK = @GL_GNULIB_READLINK@ +GL_GNULIB_READLINKAT = @GL_GNULIB_READLINKAT@ +GL_GNULIB_REALLOCARRAY = @GL_GNULIB_REALLOCARRAY@ +GL_GNULIB_REALLOC_POSIX = @GL_GNULIB_REALLOC_POSIX@ +GL_GNULIB_REALPATH = @GL_GNULIB_REALPATH@ +GL_GNULIB_RECV = @GL_GNULIB_RECV@ +GL_GNULIB_RECVFROM = @GL_GNULIB_RECVFROM@ +GL_GNULIB_REMOVE = @GL_GNULIB_REMOVE@ +GL_GNULIB_RENAME = @GL_GNULIB_RENAME@ +GL_GNULIB_RENAMEAT = @GL_GNULIB_RENAMEAT@ +GL_GNULIB_RMDIR = @GL_GNULIB_RMDIR@ +GL_GNULIB_RPMATCH = @GL_GNULIB_RPMATCH@ +GL_GNULIB_SCANF = @GL_GNULIB_SCANF@ +GL_GNULIB_SECURE_GETENV = @GL_GNULIB_SECURE_GETENV@ +GL_GNULIB_SEND = @GL_GNULIB_SEND@ +GL_GNULIB_SENDTO = @GL_GNULIB_SENDTO@ +GL_GNULIB_SETENV = @GL_GNULIB_SETENV@ +GL_GNULIB_SETHOSTNAME = @GL_GNULIB_SETHOSTNAME@ +GL_GNULIB_SETSOCKOPT = @GL_GNULIB_SETSOCKOPT@ +GL_GNULIB_SHUTDOWN = @GL_GNULIB_SHUTDOWN@ +GL_GNULIB_SIGABBREV_NP = @GL_GNULIB_SIGABBREV_NP@ +GL_GNULIB_SIGDESCR_NP = @GL_GNULIB_SIGDESCR_NP@ +GL_GNULIB_SLEEP = @GL_GNULIB_SLEEP@ +GL_GNULIB_SNPRINTF = @GL_GNULIB_SNPRINTF@ +GL_GNULIB_SOCKET = @GL_GNULIB_SOCKET@ +GL_GNULIB_SPRINTF_POSIX = @GL_GNULIB_SPRINTF_POSIX@ +GL_GNULIB_STAT = @GL_GNULIB_STAT@ +GL_GNULIB_STDIO_H_NONBLOCKING = @GL_GNULIB_STDIO_H_NONBLOCKING@ +GL_GNULIB_STDIO_H_SIGPIPE = @GL_GNULIB_STDIO_H_SIGPIPE@ +GL_GNULIB_STPCPY = @GL_GNULIB_STPCPY@ +GL_GNULIB_STPNCPY = @GL_GNULIB_STPNCPY@ +GL_GNULIB_STRCASESTR = @GL_GNULIB_STRCASESTR@ +GL_GNULIB_STRCHRNUL = @GL_GNULIB_STRCHRNUL@ +GL_GNULIB_STRDUP = @GL_GNULIB_STRDUP@ +GL_GNULIB_STRERROR = @GL_GNULIB_STRERROR@ +GL_GNULIB_STRERRORNAME_NP = @GL_GNULIB_STRERRORNAME_NP@ +GL_GNULIB_STRERROR_R = @GL_GNULIB_STRERROR_R@ +GL_GNULIB_STRFTIME = @GL_GNULIB_STRFTIME@ +GL_GNULIB_STRNCAT = @GL_GNULIB_STRNCAT@ +GL_GNULIB_STRNDUP = @GL_GNULIB_STRNDUP@ +GL_GNULIB_STRNLEN = @GL_GNULIB_STRNLEN@ +GL_GNULIB_STRPBRK = @GL_GNULIB_STRPBRK@ +GL_GNULIB_STRPTIME = @GL_GNULIB_STRPTIME@ +GL_GNULIB_STRSEP = @GL_GNULIB_STRSEP@ +GL_GNULIB_STRSIGNAL = @GL_GNULIB_STRSIGNAL@ +GL_GNULIB_STRSTR = @GL_GNULIB_STRSTR@ +GL_GNULIB_STRTOD = @GL_GNULIB_STRTOD@ +GL_GNULIB_STRTOIMAX = @GL_GNULIB_STRTOIMAX@ +GL_GNULIB_STRTOK_R = @GL_GNULIB_STRTOK_R@ +GL_GNULIB_STRTOL = @GL_GNULIB_STRTOL@ +GL_GNULIB_STRTOLD = @GL_GNULIB_STRTOLD@ +GL_GNULIB_STRTOLL = @GL_GNULIB_STRTOLL@ +GL_GNULIB_STRTOUL = @GL_GNULIB_STRTOUL@ +GL_GNULIB_STRTOULL = @GL_GNULIB_STRTOULL@ +GL_GNULIB_STRTOUMAX = @GL_GNULIB_STRTOUMAX@ +GL_GNULIB_STRVERSCMP = @GL_GNULIB_STRVERSCMP@ +GL_GNULIB_SYMLINK = @GL_GNULIB_SYMLINK@ +GL_GNULIB_SYMLINKAT = @GL_GNULIB_SYMLINKAT@ +GL_GNULIB_SYSTEM_POSIX = @GL_GNULIB_SYSTEM_POSIX@ +GL_GNULIB_TIMEGM = @GL_GNULIB_TIMEGM@ +GL_GNULIB_TIMESPEC_GET = @GL_GNULIB_TIMESPEC_GET@ +GL_GNULIB_TIME_R = @GL_GNULIB_TIME_R@ +GL_GNULIB_TIME_RZ = @GL_GNULIB_TIME_RZ@ +GL_GNULIB_TMPFILE = @GL_GNULIB_TMPFILE@ +GL_GNULIB_TRUNCATE = @GL_GNULIB_TRUNCATE@ +GL_GNULIB_TTYNAME_R = @GL_GNULIB_TTYNAME_R@ +GL_GNULIB_TZSET = @GL_GNULIB_TZSET@ +GL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GNULIB_UNISTD_H_NONBLOCKING@ +GL_GNULIB_UNISTD_H_SIGPIPE = @GL_GNULIB_UNISTD_H_SIGPIPE@ +GL_GNULIB_UNLINK = @GL_GNULIB_UNLINK@ +GL_GNULIB_UNLINKAT = @GL_GNULIB_UNLINKAT@ +GL_GNULIB_UNLOCKPT = @GL_GNULIB_UNLOCKPT@ +GL_GNULIB_UNSETENV = @GL_GNULIB_UNSETENV@ +GL_GNULIB_USLEEP = @GL_GNULIB_USLEEP@ +GL_GNULIB_UTIMENSAT = @GL_GNULIB_UTIMENSAT@ +GL_GNULIB_VASPRINTF = @GL_GNULIB_VASPRINTF@ +GL_GNULIB_VDPRINTF = @GL_GNULIB_VDPRINTF@ +GL_GNULIB_VFPRINTF = @GL_GNULIB_VFPRINTF@ +GL_GNULIB_VFPRINTF_POSIX = @GL_GNULIB_VFPRINTF_POSIX@ +GL_GNULIB_VFSCANF = @GL_GNULIB_VFSCANF@ +GL_GNULIB_VPRINTF = @GL_GNULIB_VPRINTF@ +GL_GNULIB_VPRINTF_POSIX = @GL_GNULIB_VPRINTF_POSIX@ +GL_GNULIB_VSCANF = @GL_GNULIB_VSCANF@ +GL_GNULIB_VSNPRINTF = @GL_GNULIB_VSNPRINTF@ +GL_GNULIB_VSPRINTF_POSIX = @GL_GNULIB_VSPRINTF_POSIX@ +GL_GNULIB_WCPCPY = @GL_GNULIB_WCPCPY@ +GL_GNULIB_WCPNCPY = @GL_GNULIB_WCPNCPY@ +GL_GNULIB_WCRTOMB = @GL_GNULIB_WCRTOMB@ +GL_GNULIB_WCSCASECMP = @GL_GNULIB_WCSCASECMP@ +GL_GNULIB_WCSCAT = @GL_GNULIB_WCSCAT@ +GL_GNULIB_WCSCHR = @GL_GNULIB_WCSCHR@ +GL_GNULIB_WCSCMP = @GL_GNULIB_WCSCMP@ +GL_GNULIB_WCSCOLL = @GL_GNULIB_WCSCOLL@ +GL_GNULIB_WCSCPY = @GL_GNULIB_WCSCPY@ +GL_GNULIB_WCSCSPN = @GL_GNULIB_WCSCSPN@ +GL_GNULIB_WCSDUP = @GL_GNULIB_WCSDUP@ +GL_GNULIB_WCSFTIME = @GL_GNULIB_WCSFTIME@ +GL_GNULIB_WCSLEN = @GL_GNULIB_WCSLEN@ +GL_GNULIB_WCSNCASECMP = @GL_GNULIB_WCSNCASECMP@ +GL_GNULIB_WCSNCAT = @GL_GNULIB_WCSNCAT@ +GL_GNULIB_WCSNCMP = @GL_GNULIB_WCSNCMP@ +GL_GNULIB_WCSNCPY = @GL_GNULIB_WCSNCPY@ +GL_GNULIB_WCSNLEN = @GL_GNULIB_WCSNLEN@ +GL_GNULIB_WCSNRTOMBS = @GL_GNULIB_WCSNRTOMBS@ +GL_GNULIB_WCSPBRK = @GL_GNULIB_WCSPBRK@ +GL_GNULIB_WCSRCHR = @GL_GNULIB_WCSRCHR@ +GL_GNULIB_WCSRTOMBS = @GL_GNULIB_WCSRTOMBS@ +GL_GNULIB_WCSSPN = @GL_GNULIB_WCSSPN@ +GL_GNULIB_WCSSTR = @GL_GNULIB_WCSSTR@ +GL_GNULIB_WCSTOK = @GL_GNULIB_WCSTOK@ +GL_GNULIB_WCSWIDTH = @GL_GNULIB_WCSWIDTH@ +GL_GNULIB_WCSXFRM = @GL_GNULIB_WCSXFRM@ +GL_GNULIB_WCTOB = @GL_GNULIB_WCTOB@ +GL_GNULIB_WCTOMB = @GL_GNULIB_WCTOMB@ +GL_GNULIB_WCWIDTH = @GL_GNULIB_WCWIDTH@ +GL_GNULIB_WMEMCHR = @GL_GNULIB_WMEMCHR@ +GL_GNULIB_WMEMCMP = @GL_GNULIB_WMEMCMP@ +GL_GNULIB_WMEMCPY = @GL_GNULIB_WMEMCPY@ +GL_GNULIB_WMEMMOVE = @GL_GNULIB_WMEMMOVE@ +GL_GNULIB_WMEMPCPY = @GL_GNULIB_WMEMPCPY@ +GL_GNULIB_WMEMSET = @GL_GNULIB_WMEMSET@ +GL_GNULIB_WRITE = @GL_GNULIB_WRITE@ +GL_GNULIB__EXIT = @GL_GNULIB__EXIT@ +GMP_CFLAGS = @GMP_CFLAGS@ +GMP_LIBS = @GMP_LIBS@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNULIBHEADERS_OVERRIDE_WINT_T = @GNULIBHEADERS_OVERRIDE_WINT_T@ +GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@ +GNUTLS_LIBS_PRIVATE = @GNUTLS_LIBS_PRIVATE@ +GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@ +GPERF = @GPERF@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GUILD = @GUILD@ +GUILE = @GUILE@ +GUILE_CFLAGS = @GUILE_CFLAGS@ +GUILE_CONFIG = @GUILE_CONFIG@ +GUILE_EFFECTIVE_VERSION = @GUILE_EFFECTIVE_VERSION@ +GUILE_EXTENSION = @GUILE_EXTENSION@ +GUILE_LDFLAGS = @GUILE_LDFLAGS@ +GUILE_LIBS = @GUILE_LIBS@ +GUILE_LTLIBS = @GUILE_LTLIBS@ +GUILE_SITE = @GUILE_SITE@ +GUILE_SITE_CCACHE = @GUILE_SITE_CCACHE@ +GUILE_TOOLS = @GUILE_TOOLS@ +HAVE_ACCEPT4 = @HAVE_ACCEPT4@ +HAVE_ALIGNED_ALLOC = @HAVE_ALIGNED_ALLOC@ +HAVE_ALLOCA_H = @HAVE_ALLOCA_H@ +HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@ +HAVE_ATOLL = @HAVE_ATOLL@ +HAVE_BTOWC = @HAVE_BTOWC@ +HAVE_C99_STDINT_H = @HAVE_C99_STDINT_H@ +HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@ +HAVE_CHOWN = @HAVE_CHOWN@ +HAVE_COPY_FILE_RANGE = @HAVE_COPY_FILE_RANGE@ +HAVE_CRTDEFS_H = @HAVE_CRTDEFS_H@ +HAVE_DECL_ECVT = @HAVE_DECL_ECVT@ +HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@ +HAVE_DECL_EXECVPE = @HAVE_DECL_EXECVPE@ +HAVE_DECL_FCHDIR = @HAVE_DECL_FCHDIR@ +HAVE_DECL_FCLOSEALL = @HAVE_DECL_FCLOSEALL@ +HAVE_DECL_FCVT = @HAVE_DECL_FCVT@ +HAVE_DECL_FDATASYNC = @HAVE_DECL_FDATASYNC@ +HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@ +HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@ +HAVE_DECL_FSEEKO = @HAVE_DECL_FSEEKO@ +HAVE_DECL_FTELLO = @HAVE_DECL_FTELLO@ +HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@ +HAVE_DECL_GCVT = @HAVE_DECL_GCVT@ +HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@ +HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@ +HAVE_DECL_GETDOMAINNAME = @HAVE_DECL_GETDOMAINNAME@ +HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@ +HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@ +HAVE_DECL_GETLOGIN = @HAVE_DECL_GETLOGIN@ +HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@ +HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@ +HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@ +HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@ +HAVE_DECL_IMAXABS = @HAVE_DECL_IMAXABS@ +HAVE_DECL_IMAXDIV = @HAVE_DECL_IMAXDIV@ +HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@ +HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@ +HAVE_DECL_INITSTATE = @HAVE_DECL_INITSTATE@ +HAVE_DECL_LOCALTIME_R = @HAVE_DECL_LOCALTIME_R@ +HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@ +HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@ +HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@ +HAVE_DECL_SETENV = @HAVE_DECL_SETENV@ +HAVE_DECL_SETHOSTNAME = @HAVE_DECL_SETHOSTNAME@ +HAVE_DECL_SETSTATE = @HAVE_DECL_SETSTATE@ +HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@ +HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@ +HAVE_DECL_STRERROR_R = @HAVE_DECL_STRERROR_R@ +HAVE_DECL_STRNCASECMP = @HAVE_DECL_STRNCASECMP@ +HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@ +HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@ +HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@ +HAVE_DECL_STRTOIMAX = @HAVE_DECL_STRTOIMAX@ +HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@ +HAVE_DECL_STRTOUMAX = @HAVE_DECL_STRTOUMAX@ +HAVE_DECL_TRUNCATE = @HAVE_DECL_TRUNCATE@ +HAVE_DECL_TTYNAME_R = @HAVE_DECL_TTYNAME_R@ +HAVE_DECL_UNSETENV = @HAVE_DECL_UNSETENV@ +HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@ +HAVE_DECL_WCSDUP = @HAVE_DECL_WCSDUP@ +HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@ +HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@ +HAVE_DPRINTF = @HAVE_DPRINTF@ +HAVE_DUP3 = @HAVE_DUP3@ +HAVE_DUPLOCALE = @HAVE_DUPLOCALE@ +HAVE_EUIDACCESS = @HAVE_EUIDACCESS@ +HAVE_EXECVPE = @HAVE_EXECVPE@ +HAVE_EXPLICIT_BZERO = @HAVE_EXPLICIT_BZERO@ +HAVE_FACCESSAT = @HAVE_FACCESSAT@ +HAVE_FCHDIR = @HAVE_FCHDIR@ +HAVE_FCHMODAT = @HAVE_FCHMODAT@ +HAVE_FCHOWNAT = @HAVE_FCHOWNAT@ +HAVE_FCNTL = @HAVE_FCNTL@ +HAVE_FDATASYNC = @HAVE_FDATASYNC@ +HAVE_FEATURES_H = @HAVE_FEATURES_H@ +HAVE_FFS = @HAVE_FFS@ +HAVE_FFSL = @HAVE_FFSL@ +HAVE_FFSLL = @HAVE_FFSLL@ +HAVE_FREELOCALE = @HAVE_FREELOCALE@ +HAVE_FSEEKO = @HAVE_FSEEKO@ +HAVE_FSTATAT = @HAVE_FSTATAT@ +HAVE_FSYNC = @HAVE_FSYNC@ +HAVE_FTELLO = @HAVE_FTELLO@ +HAVE_FTRUNCATE = @HAVE_FTRUNCATE@ +HAVE_FUTIMENS = @HAVE_FUTIMENS@ +HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@ +HAVE_GETENTROPY = @HAVE_GETENTROPY@ +HAVE_GETGROUPS = @HAVE_GETGROUPS@ +HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@ +HAVE_GETLOGIN = @HAVE_GETLOGIN@ +HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@ +HAVE_GETPASS = @HAVE_GETPASS@ +HAVE_GETSUBOPT = @HAVE_GETSUBOPT@ +HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@ +HAVE_GETUMASK = @HAVE_GETUMASK@ +HAVE_GRANTPT = @HAVE_GRANTPT@ +HAVE_GROUP_MEMBER = @HAVE_GROUP_MEMBER@ +HAVE_IMAXDIV_T = @HAVE_IMAXDIV_T@ +HAVE_INITSTATE = @HAVE_INITSTATE@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_ISBLANK = @HAVE_ISBLANK@ +HAVE_LANGINFO_ALTMON = @HAVE_LANGINFO_ALTMON@ +HAVE_LANGINFO_CODESET = @HAVE_LANGINFO_CODESET@ +HAVE_LANGINFO_ERA = @HAVE_LANGINFO_ERA@ +HAVE_LANGINFO_H = @HAVE_LANGINFO_H@ +HAVE_LANGINFO_T_FMT_AMPM = @HAVE_LANGINFO_T_FMT_AMPM@ +HAVE_LANGINFO_YESEXPR = @HAVE_LANGINFO_YESEXPR@ +HAVE_LCHMOD = @HAVE_LCHMOD@ +HAVE_LCHOWN = @HAVE_LCHOWN@ +HAVE_LIBCRYPTO = @HAVE_LIBCRYPTO@ +HAVE_LIBDL = @HAVE_LIBDL@ +HAVE_LIBEV = @HAVE_LIBEV@ +HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ +HAVE_LIBRT = @HAVE_LIBRT@ +HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@ +HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_LINK = @HAVE_LINK@ +HAVE_LINKAT = @HAVE_LINKAT@ +HAVE_LSTAT = @HAVE_LSTAT@ +HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ +HAVE_MBRLEN = @HAVE_MBRLEN@ +HAVE_MBRTOWC = @HAVE_MBRTOWC@ +HAVE_MBSINIT = @HAVE_MBSINIT@ +HAVE_MBSLEN = @HAVE_MBSLEN@ +HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@ +HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@ +HAVE_MBTOWC = @HAVE_MBTOWC@ +HAVE_MEMPCPY = @HAVE_MEMPCPY@ +HAVE_MKDIRAT = @HAVE_MKDIRAT@ +HAVE_MKDTEMP = @HAVE_MKDTEMP@ +HAVE_MKFIFO = @HAVE_MKFIFO@ +HAVE_MKFIFOAT = @HAVE_MKFIFOAT@ +HAVE_MKNOD = @HAVE_MKNOD@ +HAVE_MKNODAT = @HAVE_MKNODAT@ +HAVE_MKOSTEMP = @HAVE_MKOSTEMP@ +HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@ +HAVE_MKSTEMP = @HAVE_MKSTEMP@ +HAVE_MKSTEMPS = @HAVE_MKSTEMPS@ +HAVE_MSVC_INVALID_PARAMETER_HANDLER = @HAVE_MSVC_INVALID_PARAMETER_HANDLER@ +HAVE_NANOSLEEP = @HAVE_NANOSLEEP@ +HAVE_NETDB_H = @HAVE_NETDB_H@ +HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@ +HAVE_NEWLOCALE = @HAVE_NEWLOCALE@ +HAVE_NL_LANGINFO = @HAVE_NL_LANGINFO@ +HAVE_OPENAT = @HAVE_OPENAT@ +HAVE_OS_H = @HAVE_OS_H@ +HAVE_PCLOSE = @HAVE_PCLOSE@ +HAVE_PIPE = @HAVE_PIPE@ +HAVE_PIPE2 = @HAVE_PIPE2@ +HAVE_POPEN = @HAVE_POPEN@ +HAVE_POSIX_MEMALIGN = @HAVE_POSIX_MEMALIGN@ +HAVE_POSIX_OPENPT = @HAVE_POSIX_OPENPT@ +HAVE_POSIX_SIGNALBLOCKING = @HAVE_POSIX_SIGNALBLOCKING@ +HAVE_PREAD = @HAVE_PREAD@ +HAVE_PSELECT = @HAVE_PSELECT@ +HAVE_PTHREAD_ATTR_DESTROY = @HAVE_PTHREAD_ATTR_DESTROY@ +HAVE_PTHREAD_ATTR_GETDETACHSTATE = @HAVE_PTHREAD_ATTR_GETDETACHSTATE@ +HAVE_PTHREAD_ATTR_INIT = @HAVE_PTHREAD_ATTR_INIT@ +HAVE_PTHREAD_ATTR_SETDETACHSTATE = @HAVE_PTHREAD_ATTR_SETDETACHSTATE@ +HAVE_PTHREAD_CONDATTR_DESTROY = @HAVE_PTHREAD_CONDATTR_DESTROY@ +HAVE_PTHREAD_CONDATTR_INIT = @HAVE_PTHREAD_CONDATTR_INIT@ +HAVE_PTHREAD_COND_BROADCAST = @HAVE_PTHREAD_COND_BROADCAST@ +HAVE_PTHREAD_COND_DESTROY = @HAVE_PTHREAD_COND_DESTROY@ +HAVE_PTHREAD_COND_INIT = @HAVE_PTHREAD_COND_INIT@ +HAVE_PTHREAD_COND_SIGNAL = @HAVE_PTHREAD_COND_SIGNAL@ +HAVE_PTHREAD_COND_TIMEDWAIT = @HAVE_PTHREAD_COND_TIMEDWAIT@ +HAVE_PTHREAD_COND_WAIT = @HAVE_PTHREAD_COND_WAIT@ +HAVE_PTHREAD_CREATE = @HAVE_PTHREAD_CREATE@ +HAVE_PTHREAD_CREATE_DETACHED = @HAVE_PTHREAD_CREATE_DETACHED@ +HAVE_PTHREAD_DETACH = @HAVE_PTHREAD_DETACH@ +HAVE_PTHREAD_EQUAL = @HAVE_PTHREAD_EQUAL@ +HAVE_PTHREAD_EXIT = @HAVE_PTHREAD_EXIT@ +HAVE_PTHREAD_GETSPECIFIC = @HAVE_PTHREAD_GETSPECIFIC@ +HAVE_PTHREAD_H = @HAVE_PTHREAD_H@ +HAVE_PTHREAD_JOIN = @HAVE_PTHREAD_JOIN@ +HAVE_PTHREAD_KEY_CREATE = @HAVE_PTHREAD_KEY_CREATE@ +HAVE_PTHREAD_KEY_DELETE = @HAVE_PTHREAD_KEY_DELETE@ +HAVE_PTHREAD_MUTEXATTR_DESTROY = @HAVE_PTHREAD_MUTEXATTR_DESTROY@ +HAVE_PTHREAD_MUTEXATTR_GETROBUST = @HAVE_PTHREAD_MUTEXATTR_GETROBUST@ +HAVE_PTHREAD_MUTEXATTR_GETTYPE = @HAVE_PTHREAD_MUTEXATTR_GETTYPE@ +HAVE_PTHREAD_MUTEXATTR_INIT = @HAVE_PTHREAD_MUTEXATTR_INIT@ +HAVE_PTHREAD_MUTEXATTR_SETROBUST = @HAVE_PTHREAD_MUTEXATTR_SETROBUST@ +HAVE_PTHREAD_MUTEXATTR_SETTYPE = @HAVE_PTHREAD_MUTEXATTR_SETTYPE@ +HAVE_PTHREAD_MUTEX_DESTROY = @HAVE_PTHREAD_MUTEX_DESTROY@ +HAVE_PTHREAD_MUTEX_INIT = @HAVE_PTHREAD_MUTEX_INIT@ +HAVE_PTHREAD_MUTEX_LOCK = @HAVE_PTHREAD_MUTEX_LOCK@ +HAVE_PTHREAD_MUTEX_RECURSIVE = @HAVE_PTHREAD_MUTEX_RECURSIVE@ +HAVE_PTHREAD_MUTEX_ROBUST = @HAVE_PTHREAD_MUTEX_ROBUST@ +HAVE_PTHREAD_MUTEX_TIMEDLOCK = @HAVE_PTHREAD_MUTEX_TIMEDLOCK@ +HAVE_PTHREAD_MUTEX_TRYLOCK = @HAVE_PTHREAD_MUTEX_TRYLOCK@ +HAVE_PTHREAD_MUTEX_UNLOCK = @HAVE_PTHREAD_MUTEX_UNLOCK@ +HAVE_PTHREAD_ONCE = @HAVE_PTHREAD_ONCE@ +HAVE_PTHREAD_PROCESS_SHARED = @HAVE_PTHREAD_PROCESS_SHARED@ +HAVE_PTHREAD_RWLOCKATTR_DESTROY = @HAVE_PTHREAD_RWLOCKATTR_DESTROY@ +HAVE_PTHREAD_RWLOCKATTR_INIT = @HAVE_PTHREAD_RWLOCKATTR_INIT@ +HAVE_PTHREAD_RWLOCK_DESTROY = @HAVE_PTHREAD_RWLOCK_DESTROY@ +HAVE_PTHREAD_RWLOCK_INIT = @HAVE_PTHREAD_RWLOCK_INIT@ +HAVE_PTHREAD_RWLOCK_RDLOCK = @HAVE_PTHREAD_RWLOCK_RDLOCK@ +HAVE_PTHREAD_RWLOCK_TIMEDRDLOCK = @HAVE_PTHREAD_RWLOCK_TIMEDRDLOCK@ +HAVE_PTHREAD_RWLOCK_TIMEDWRLOCK = @HAVE_PTHREAD_RWLOCK_TIMEDWRLOCK@ +HAVE_PTHREAD_RWLOCK_TRYRDLOCK = @HAVE_PTHREAD_RWLOCK_TRYRDLOCK@ +HAVE_PTHREAD_RWLOCK_TRYWRLOCK = @HAVE_PTHREAD_RWLOCK_TRYWRLOCK@ +HAVE_PTHREAD_RWLOCK_UNLOCK = @HAVE_PTHREAD_RWLOCK_UNLOCK@ +HAVE_PTHREAD_RWLOCK_WRLOCK = @HAVE_PTHREAD_RWLOCK_WRLOCK@ +HAVE_PTHREAD_SELF = @HAVE_PTHREAD_SELF@ +HAVE_PTHREAD_SETSPECIFIC = @HAVE_PTHREAD_SETSPECIFIC@ +HAVE_PTHREAD_SIGMASK = @HAVE_PTHREAD_SIGMASK@ +HAVE_PTHREAD_SPINLOCK_T = @HAVE_PTHREAD_SPINLOCK_T@ +HAVE_PTHREAD_SPIN_DESTROY = @HAVE_PTHREAD_SPIN_DESTROY@ +HAVE_PTHREAD_SPIN_INIT = @HAVE_PTHREAD_SPIN_INIT@ +HAVE_PTHREAD_SPIN_LOCK = @HAVE_PTHREAD_SPIN_LOCK@ +HAVE_PTHREAD_SPIN_TRYLOCK = @HAVE_PTHREAD_SPIN_TRYLOCK@ +HAVE_PTHREAD_SPIN_UNLOCK = @HAVE_PTHREAD_SPIN_UNLOCK@ +HAVE_PTHREAD_T = @HAVE_PTHREAD_T@ +HAVE_PTSNAME = @HAVE_PTSNAME@ +HAVE_PTSNAME_R = @HAVE_PTSNAME_R@ +HAVE_PWRITE = @HAVE_PWRITE@ +HAVE_QSORT_R = @HAVE_QSORT_R@ +HAVE_RAISE = @HAVE_RAISE@ +HAVE_RANDOM = @HAVE_RANDOM@ +HAVE_RANDOM_H = @HAVE_RANDOM_H@ +HAVE_RANDOM_R = @HAVE_RANDOM_R@ +HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@ +HAVE_READLINK = @HAVE_READLINK@ +HAVE_READLINKAT = @HAVE_READLINKAT@ +HAVE_REALLOCARRAY = @HAVE_REALLOCARRAY@ +HAVE_REALPATH = @HAVE_REALPATH@ +HAVE_RENAMEAT = @HAVE_RENAMEAT@ +HAVE_RPMATCH = @HAVE_RPMATCH@ +HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@ +HAVE_SCHED_H = @HAVE_SCHED_H@ +HAVE_SCHED_YIELD = @HAVE_SCHED_YIELD@ +HAVE_SECURE_GETENV = @HAVE_SECURE_GETENV@ +HAVE_SETENV = @HAVE_SETENV@ +HAVE_SETHOSTNAME = @HAVE_SETHOSTNAME@ +HAVE_SETSTATE = @HAVE_SETSTATE@ +HAVE_SIGABBREV_NP = @HAVE_SIGABBREV_NP@ +HAVE_SIGACTION = @HAVE_SIGACTION@ +HAVE_SIGDESCR_NP = @HAVE_SIGDESCR_NP@ +HAVE_SIGHANDLER_T = @HAVE_SIGHANDLER_T@ +HAVE_SIGINFO_T = @HAVE_SIGINFO_T@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_SIGSET_T = @HAVE_SIGSET_T@ +HAVE_SLEEP = @HAVE_SLEEP@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_STPCPY = @HAVE_STPCPY@ +HAVE_STPNCPY = @HAVE_STPNCPY@ +HAVE_STRCASECMP = @HAVE_STRCASECMP@ +HAVE_STRCASESTR = @HAVE_STRCASESTR@ +HAVE_STRCHRNUL = @HAVE_STRCHRNUL@ +HAVE_STRERRORNAME_NP = @HAVE_STRERRORNAME_NP@ +HAVE_STRINGS_H = @HAVE_STRINGS_H@ +HAVE_STRPBRK = @HAVE_STRPBRK@ +HAVE_STRPTIME = @HAVE_STRPTIME@ +HAVE_STRSEP = @HAVE_STRSEP@ +HAVE_STRTOD = @HAVE_STRTOD@ +HAVE_STRTOL = @HAVE_STRTOL@ +HAVE_STRTOLD = @HAVE_STRTOLD@ +HAVE_STRTOLL = @HAVE_STRTOLL@ +HAVE_STRTOUL = @HAVE_STRTOUL@ +HAVE_STRTOULL = @HAVE_STRTOULL@ +HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@ +HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@ +HAVE_STRUCT_SCHED_PARAM = @HAVE_STRUCT_SCHED_PARAM@ +HAVE_STRUCT_SIGACTION_SA_SIGACTION = @HAVE_STRUCT_SIGACTION_SA_SIGACTION@ +HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@ +HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = @HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@ +HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@ +HAVE_STRVERSCMP = @HAVE_STRVERSCMP@ +HAVE_SYMLINK = @HAVE_SYMLINK@ +HAVE_SYMLINKAT = @HAVE_SYMLINKAT@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_CDEFS_H = @HAVE_SYS_CDEFS_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@ +HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@ +HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@ +HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@ +HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@ +HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ +HAVE_TIMEGM = @HAVE_TIMEGM@ +HAVE_TIMESPEC_GET = @HAVE_TIMESPEC_GET@ +HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ +HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ +HAVE_UNISTD_H = @HAVE_UNISTD_H@ +HAVE_UNLINKAT = @HAVE_UNLINKAT@ +HAVE_UNLOCKPT = @HAVE_UNLOCKPT@ +HAVE_USLEEP = @HAVE_USLEEP@ +HAVE_UTIMENSAT = @HAVE_UTIMENSAT@ +HAVE_VASPRINTF = @HAVE_VASPRINTF@ +HAVE_VDPRINTF = @HAVE_VDPRINTF@ +HAVE_VISIBILITY = @HAVE_VISIBILITY@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ +HAVE_WCHAR_T = @HAVE_WCHAR_T@ +HAVE_WCPCPY = @HAVE_WCPCPY@ +HAVE_WCPNCPY = @HAVE_WCPNCPY@ +HAVE_WCRTOMB = @HAVE_WCRTOMB@ +HAVE_WCSCASECMP = @HAVE_WCSCASECMP@ +HAVE_WCSCAT = @HAVE_WCSCAT@ +HAVE_WCSCHR = @HAVE_WCSCHR@ +HAVE_WCSCMP = @HAVE_WCSCMP@ +HAVE_WCSCOLL = @HAVE_WCSCOLL@ +HAVE_WCSCPY = @HAVE_WCSCPY@ +HAVE_WCSCSPN = @HAVE_WCSCSPN@ +HAVE_WCSDUP = @HAVE_WCSDUP@ +HAVE_WCSFTIME = @HAVE_WCSFTIME@ +HAVE_WCSLEN = @HAVE_WCSLEN@ +HAVE_WCSNCASECMP = @HAVE_WCSNCASECMP@ +HAVE_WCSNCAT = @HAVE_WCSNCAT@ +HAVE_WCSNCMP = @HAVE_WCSNCMP@ +HAVE_WCSNCPY = @HAVE_WCSNCPY@ +HAVE_WCSNLEN = @HAVE_WCSNLEN@ +HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@ +HAVE_WCSPBRK = @HAVE_WCSPBRK@ +HAVE_WCSRCHR = @HAVE_WCSRCHR@ +HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@ +HAVE_WCSSPN = @HAVE_WCSSPN@ +HAVE_WCSSTR = @HAVE_WCSSTR@ +HAVE_WCSTOK = @HAVE_WCSTOK@ +HAVE_WCSWIDTH = @HAVE_WCSWIDTH@ +HAVE_WCSXFRM = @HAVE_WCSXFRM@ +HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@ +HAVE_WINT_T = @HAVE_WINT_T@ +HAVE_WMEMCHR = @HAVE_WMEMCHR@ +HAVE_WMEMCMP = @HAVE_WMEMCMP@ +HAVE_WMEMCPY = @HAVE_WMEMCPY@ +HAVE_WMEMMOVE = @HAVE_WMEMMOVE@ +HAVE_WMEMPCPY = @HAVE_WMEMPCPY@ +HAVE_WMEMSET = @HAVE_WMEMSET@ +HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@ +HAVE_XLOCALE_H = @HAVE_XLOCALE_H@ +HAVE__BOOL = @HAVE__BOOL@ +HAVE__EXIT = @HAVE__EXIT@ +HOGWEED_CFLAGS = @HOGWEED_CFLAGS@ +HOGWEED_LIBS = @HOGWEED_LIBS@ +HOSTENT_LIB = @HOSTENT_LIB@ +HTML_DIR = @HTML_DIR@ +INCLUDE_NEXT = @INCLUDE_NEXT@ +INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@ +INET_NTOP_LIB = @INET_NTOP_LIB@ +INET_PTON_LIB = @INET_PTON_LIB@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INT32_MAX_LT_INTMAX_MAX = @INT32_MAX_LT_INTMAX_MAX@ +INT64_MAX_EQ_LONG_MAX = @INT64_MAX_EQ_LONG_MAX@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDDPOSTPROC = @LDDPOSTPROC@ +LDDPROG = @LDDPROG@ +LDFLAGS = @LDFLAGS@ +LIBATOMIC_LIBS = @LIBATOMIC_LIBS@ +LIBBROTLIDEC_CFLAGS = @LIBBROTLIDEC_CFLAGS@ +LIBBROTLIDEC_LIBS = @LIBBROTLIDEC_LIBS@ +LIBBROTLIENC_CFLAGS = @LIBBROTLIENC_CFLAGS@ +LIBBROTLIENC_LIBS = @LIBBROTLIENC_LIBS@ +LIBCRYPTO = @LIBCRYPTO@ +LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@ +LIBDL = @LIBDL@ +LIBDL_PREFIX = @LIBDL_PREFIX@ +LIBEV = @LIBEV@ +LIBEV_LIBS = @LIBEV_LIBS@ +LIBEV_PREFIX = @LIBEV_PREFIX@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBICONV = @LIBICONV@ +LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@ +LIBIDN2_LIBS = @LIBIDN2_LIBS@ +LIBINTL = @LIBINTL@ +LIBKCAPI_CFLAGS = @LIBKCAPI_CFLAGS@ +LIBKCAPI_LIBS = @LIBKCAPI_LIBS@ +LIBMULTITHREAD = @LIBMULTITHREAD@ +LIBOBJS = @LIBOBJS@ +LIBPMULTITHREAD = @LIBPMULTITHREAD@ +LIBPTHREAD = @LIBPTHREAD@ +LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@ +LIBRT = @LIBRT@ +LIBRT_PREFIX = @LIBRT_PREFIX@ +LIBS = @LIBS@ +LIBSECCOMP = @LIBSECCOMP@ +LIBSECCOMP_PREFIX = @LIBSECCOMP_PREFIX@ +LIBSOCKET = @LIBSOCKET@ +LIBSTDTHREAD = @LIBSTDTHREAD@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@ +LIBTHREAD = @LIBTHREAD@ +LIBTOOL = @LIBTOOL@ +LIBUNISTRING = @LIBUNISTRING@ +LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@ +LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@ +LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@ +LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@ +LIBZ = @LIBZ@ +LIBZSTD_CFLAGS = @LIBZSTD_CFLAGS@ +LIBZSTD_LIBS = @LIBZSTD_LIBS@ +LIBZ_PC = @LIBZ_PC@ +LIBZ_PREFIX = @LIBZ_PREFIX@ +LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ +LIB_NANOSLEEP = @LIB_NANOSLEEP@ +LIB_PTHREAD = @LIB_PTHREAD@ +LIB_PTHREAD_SIGMASK = @LIB_PTHREAD_SIGMASK@ +LIB_SCHED_YIELD = @LIB_SCHED_YIELD@ +LIB_SELECT = @LIB_SELECT@ +LIB_SEMAPHORE = @LIB_SEMAPHORE@ +LIB_SETLOCALE = @LIB_SETLOCALE@ +LIB_SETLOCALE_NULL = @LIB_SETLOCALE_NULL@ +LIMITS_H = @LIMITS_H@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LOCALENAME_ENHANCE_LOCALE_FUNCS = @LOCALENAME_ENHANCE_LOCALE_FUNCS@ +LOCALE_FR = @LOCALE_FR@ +LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@ +LOCALE_JA = @LOCALE_JA@ +LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@ +LOCALE_ZH_CN = @LOCALE_ZH_CN@ +LOG_VALGRIND = @LOG_VALGRIND@ +LTALLOCA = @LTALLOCA@ +LTLIBCRYPTO = @LTLIBCRYPTO@ +LTLIBDL = @LTLIBDL@ +LTLIBEV = @LTLIBEV@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBMULTITHREAD = @LTLIBMULTITHREAD@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIBPTHREAD = @LTLIBPTHREAD@ +LTLIBRT = @LTLIBRT@ +LTLIBSECCOMP = @LTLIBSECCOMP@ +LTLIBTHREAD = @LTLIBTHREAD@ +LTLIBZ = @LTLIBZ@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_DANE_AGE = @LT_DANE_AGE@ +LT_DANE_CURRENT = @LT_DANE_CURRENT@ +LT_DANE_REVISION = @LT_DANE_REVISION@ +LT_REVISION = @LT_REVISION@ +LT_SSL_AGE = @LT_SSL_AGE@ +LT_SSL_CURRENT = @LT_SSL_CURRENT@ +LT_SSL_REVISION = @LT_SSL_REVISION@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LT_XSSL_AGE = @LT_XSSL_AGE@ +LT_XSSL_CURRENT = @LT_XSSL_CURRENT@ +LT_XSSL_REVISION = @LT_XSSL_REVISION@ +MAINT = @MAINT@ +MAJOR_VERSION = @MAJOR_VERSION@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MINOR_VERSION = @MINOR_VERSION@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGMERGE = @MSGMERGE@ +MSGMERGE_FOR_MSGFMT_OPTION = @MSGMERGE_FOR_MSGFMT_OPTION@ +NETINET_IN_H = @NETINET_IN_H@ +NETTLE_CFLAGS = @NETTLE_CFLAGS@ +NETTLE_LIBS = @NETTLE_LIBS@ +NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_CTYPE_H = @NEXT_AS_FIRST_DIRECTIVE_CTYPE_H@ +NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@ +NEXT_AS_FIRST_DIRECTIVE_FCNTL_H = @NEXT_AS_FIRST_DIRECTIVE_FCNTL_H@ +NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@ +NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H = @NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H = @NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H@ +NEXT_AS_FIRST_DIRECTIVE_LIMITS_H = @NEXT_AS_FIRST_DIRECTIVE_LIMITS_H@ +NEXT_AS_FIRST_DIRECTIVE_LOCALE_H = @NEXT_AS_FIRST_DIRECTIVE_LOCALE_H@ +NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@ +NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@ +NEXT_AS_FIRST_DIRECTIVE_PTHREAD_H = @NEXT_AS_FIRST_DIRECTIVE_PTHREAD_H@ +NEXT_AS_FIRST_DIRECTIVE_SCHED_H = @NEXT_AS_FIRST_DIRECTIVE_SCHED_H@ +NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H = @NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H@ +NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@ +NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@ +NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@ +NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@ +NEXT_AS_FIRST_DIRECTIVE_STRINGS_H = @NEXT_AS_FIRST_DIRECTIVE_STRINGS_H@ +NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H@ +NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@ +NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@ +NEXT_CTYPE_H = @NEXT_CTYPE_H@ +NEXT_ERRNO_H = @NEXT_ERRNO_H@ +NEXT_FCNTL_H = @NEXT_FCNTL_H@ +NEXT_FLOAT_H = @NEXT_FLOAT_H@ +NEXT_INTTYPES_H = @NEXT_INTTYPES_H@ +NEXT_LANGINFO_H = @NEXT_LANGINFO_H@ +NEXT_LIMITS_H = @NEXT_LIMITS_H@ +NEXT_LOCALE_H = @NEXT_LOCALE_H@ +NEXT_NETDB_H = @NEXT_NETDB_H@ +NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@ +NEXT_PTHREAD_H = @NEXT_PTHREAD_H@ +NEXT_SCHED_H = @NEXT_SCHED_H@ +NEXT_SIGNAL_H = @NEXT_SIGNAL_H@ +NEXT_STDDEF_H = @NEXT_STDDEF_H@ +NEXT_STDINT_H = @NEXT_STDINT_H@ +NEXT_STDIO_H = @NEXT_STDIO_H@ +NEXT_STDLIB_H = @NEXT_STDLIB_H@ +NEXT_STRINGS_H = @NEXT_STRINGS_H@ +NEXT_STRING_H = @NEXT_STRING_H@ +NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@ +NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@ +NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@ +NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@ +NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@ +NEXT_SYS_TYPES_H = @NEXT_SYS_TYPES_H@ +NEXT_SYS_UIO_H = @NEXT_SYS_UIO_H@ +NEXT_TIME_H = @NEXT_TIME_H@ +NEXT_UNISTD_H = @NEXT_UNISTD_H@ +NEXT_WCHAR_H = @NEXT_WCHAR_H@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NUMBER_VERSION = @NUMBER_VERSION@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PARSE_DATETIME_BISON = @PARSE_DATETIME_BISON@ +PATCH_VERSION = @PATCH_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKCS12_ITER_COUNT = @PKCS12_ITER_COUNT@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PMCCABE = @PMCCABE@ +POSUB = @POSUB@ +PRAGMA_COLUMNS = @PRAGMA_COLUMNS@ +PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@ +PRIPTR_PREFIX = @PRIPTR_PREFIX@ +PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +REPLACE_ACCESS = @REPLACE_ACCESS@ +REPLACE_ALIGNED_ALLOC = @REPLACE_ALIGNED_ALLOC@ +REPLACE_BTOWC = @REPLACE_BTOWC@ +REPLACE_CALLOC = @REPLACE_CALLOC@ +REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@ +REPLACE_CHOWN = @REPLACE_CHOWN@ +REPLACE_CLOSE = @REPLACE_CLOSE@ +REPLACE_CREAT = @REPLACE_CREAT@ +REPLACE_CTIME = @REPLACE_CTIME@ +REPLACE_DPRINTF = @REPLACE_DPRINTF@ +REPLACE_DUP = @REPLACE_DUP@ +REPLACE_DUP2 = @REPLACE_DUP2@ +REPLACE_DUPLOCALE = @REPLACE_DUPLOCALE@ +REPLACE_EXECL = @REPLACE_EXECL@ +REPLACE_EXECLE = @REPLACE_EXECLE@ +REPLACE_EXECLP = @REPLACE_EXECLP@ +REPLACE_EXECV = @REPLACE_EXECV@ +REPLACE_EXECVE = @REPLACE_EXECVE@ +REPLACE_EXECVP = @REPLACE_EXECVP@ +REPLACE_EXECVPE = @REPLACE_EXECVPE@ +REPLACE_FACCESSAT = @REPLACE_FACCESSAT@ +REPLACE_FCHMODAT = @REPLACE_FCHMODAT@ +REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@ +REPLACE_FCLOSE = @REPLACE_FCLOSE@ +REPLACE_FCNTL = @REPLACE_FCNTL@ +REPLACE_FDOPEN = @REPLACE_FDOPEN@ +REPLACE_FFLUSH = @REPLACE_FFLUSH@ +REPLACE_FFSLL = @REPLACE_FFSLL@ +REPLACE_FOPEN = @REPLACE_FOPEN@ +REPLACE_FPRINTF = @REPLACE_FPRINTF@ +REPLACE_FPURGE = @REPLACE_FPURGE@ +REPLACE_FREE = @REPLACE_FREE@ +REPLACE_FREELOCALE = @REPLACE_FREELOCALE@ +REPLACE_FREOPEN = @REPLACE_FREOPEN@ +REPLACE_FSEEK = @REPLACE_FSEEK@ +REPLACE_FSEEKO = @REPLACE_FSEEKO@ +REPLACE_FSTAT = @REPLACE_FSTAT@ +REPLACE_FSTATAT = @REPLACE_FSTATAT@ +REPLACE_FTELL = @REPLACE_FTELL@ +REPLACE_FTELLO = @REPLACE_FTELLO@ +REPLACE_FTRUNCATE = @REPLACE_FTRUNCATE@ +REPLACE_FUTIMENS = @REPLACE_FUTIMENS@ +REPLACE_GAI_STRERROR = @REPLACE_GAI_STRERROR@ +REPLACE_GETADDRINFO = @REPLACE_GETADDRINFO@ +REPLACE_GETCWD = @REPLACE_GETCWD@ +REPLACE_GETDELIM = @REPLACE_GETDELIM@ +REPLACE_GETDOMAINNAME = @REPLACE_GETDOMAINNAME@ +REPLACE_GETDTABLESIZE = @REPLACE_GETDTABLESIZE@ +REPLACE_GETGROUPS = @REPLACE_GETGROUPS@ +REPLACE_GETLINE = @REPLACE_GETLINE@ +REPLACE_GETLOGIN_R = @REPLACE_GETLOGIN_R@ +REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@ +REPLACE_GETPASS = @REPLACE_GETPASS@ +REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@ +REPLACE_GMTIME = @REPLACE_GMTIME@ +REPLACE_INET_NTOP = @REPLACE_INET_NTOP@ +REPLACE_INET_PTON = @REPLACE_INET_PTON@ +REPLACE_INITSTATE = @REPLACE_INITSTATE@ +REPLACE_IOCTL = @REPLACE_IOCTL@ +REPLACE_ISATTY = @REPLACE_ISATTY@ +REPLACE_ITOLD = @REPLACE_ITOLD@ +REPLACE_LCHOWN = @REPLACE_LCHOWN@ +REPLACE_LINK = @REPLACE_LINK@ +REPLACE_LINKAT = @REPLACE_LINKAT@ +REPLACE_LOCALECONV = @REPLACE_LOCALECONV@ +REPLACE_LOCALTIME = @REPLACE_LOCALTIME@ +REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@ +REPLACE_LSEEK = @REPLACE_LSEEK@ +REPLACE_LSTAT = @REPLACE_LSTAT@ +REPLACE_MALLOC = @REPLACE_MALLOC@ +REPLACE_MBRLEN = @REPLACE_MBRLEN@ +REPLACE_MBRTOWC = @REPLACE_MBRTOWC@ +REPLACE_MBSINIT = @REPLACE_MBSINIT@ +REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@ +REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@ +REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@ +REPLACE_MBTOWC = @REPLACE_MBTOWC@ +REPLACE_MEMCHR = @REPLACE_MEMCHR@ +REPLACE_MEMMEM = @REPLACE_MEMMEM@ +REPLACE_MKDIR = @REPLACE_MKDIR@ +REPLACE_MKFIFO = @REPLACE_MKFIFO@ +REPLACE_MKFIFOAT = @REPLACE_MKFIFOAT@ +REPLACE_MKNOD = @REPLACE_MKNOD@ +REPLACE_MKNODAT = @REPLACE_MKNODAT@ +REPLACE_MKSTEMP = @REPLACE_MKSTEMP@ +REPLACE_MKTIME = @REPLACE_MKTIME@ +REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@ +REPLACE_NEWLOCALE = @REPLACE_NEWLOCALE@ +REPLACE_NL_LANGINFO = @REPLACE_NL_LANGINFO@ +REPLACE_NULL = @REPLACE_NULL@ +REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@ +REPLACE_OPEN = @REPLACE_OPEN@ +REPLACE_OPENAT = @REPLACE_OPENAT@ +REPLACE_PERROR = @REPLACE_PERROR@ +REPLACE_POPEN = @REPLACE_POPEN@ +REPLACE_POSIX_MEMALIGN = @REPLACE_POSIX_MEMALIGN@ +REPLACE_PREAD = @REPLACE_PREAD@ +REPLACE_PRINTF = @REPLACE_PRINTF@ +REPLACE_PSELECT = @REPLACE_PSELECT@ +REPLACE_PTHREAD_ATTR_DESTROY = @REPLACE_PTHREAD_ATTR_DESTROY@ +REPLACE_PTHREAD_ATTR_GETDETACHSTATE = @REPLACE_PTHREAD_ATTR_GETDETACHSTATE@ +REPLACE_PTHREAD_ATTR_INIT = @REPLACE_PTHREAD_ATTR_INIT@ +REPLACE_PTHREAD_ATTR_SETDETACHSTATE = @REPLACE_PTHREAD_ATTR_SETDETACHSTATE@ +REPLACE_PTHREAD_CONDATTR_DESTROY = @REPLACE_PTHREAD_CONDATTR_DESTROY@ +REPLACE_PTHREAD_CONDATTR_INIT = @REPLACE_PTHREAD_CONDATTR_INIT@ +REPLACE_PTHREAD_COND_BROADCAST = @REPLACE_PTHREAD_COND_BROADCAST@ +REPLACE_PTHREAD_COND_DESTROY = @REPLACE_PTHREAD_COND_DESTROY@ +REPLACE_PTHREAD_COND_INIT = @REPLACE_PTHREAD_COND_INIT@ +REPLACE_PTHREAD_COND_SIGNAL = @REPLACE_PTHREAD_COND_SIGNAL@ +REPLACE_PTHREAD_COND_TIMEDWAIT = @REPLACE_PTHREAD_COND_TIMEDWAIT@ +REPLACE_PTHREAD_COND_WAIT = @REPLACE_PTHREAD_COND_WAIT@ +REPLACE_PTHREAD_CREATE = @REPLACE_PTHREAD_CREATE@ +REPLACE_PTHREAD_DETACH = @REPLACE_PTHREAD_DETACH@ +REPLACE_PTHREAD_EQUAL = @REPLACE_PTHREAD_EQUAL@ +REPLACE_PTHREAD_EXIT = @REPLACE_PTHREAD_EXIT@ +REPLACE_PTHREAD_GETSPECIFIC = @REPLACE_PTHREAD_GETSPECIFIC@ +REPLACE_PTHREAD_JOIN = @REPLACE_PTHREAD_JOIN@ +REPLACE_PTHREAD_KEY_CREATE = @REPLACE_PTHREAD_KEY_CREATE@ +REPLACE_PTHREAD_KEY_DELETE = @REPLACE_PTHREAD_KEY_DELETE@ +REPLACE_PTHREAD_MUTEXATTR_DESTROY = @REPLACE_PTHREAD_MUTEXATTR_DESTROY@ +REPLACE_PTHREAD_MUTEXATTR_GETROBUST = @REPLACE_PTHREAD_MUTEXATTR_GETROBUST@ +REPLACE_PTHREAD_MUTEXATTR_GETTYPE = @REPLACE_PTHREAD_MUTEXATTR_GETTYPE@ +REPLACE_PTHREAD_MUTEXATTR_INIT = @REPLACE_PTHREAD_MUTEXATTR_INIT@ +REPLACE_PTHREAD_MUTEXATTR_SETROBUST = @REPLACE_PTHREAD_MUTEXATTR_SETROBUST@ +REPLACE_PTHREAD_MUTEXATTR_SETTYPE = @REPLACE_PTHREAD_MUTEXATTR_SETTYPE@ +REPLACE_PTHREAD_MUTEX_DESTROY = @REPLACE_PTHREAD_MUTEX_DESTROY@ +REPLACE_PTHREAD_MUTEX_INIT = @REPLACE_PTHREAD_MUTEX_INIT@ +REPLACE_PTHREAD_MUTEX_LOCK = @REPLACE_PTHREAD_MUTEX_LOCK@ +REPLACE_PTHREAD_MUTEX_TIMEDLOCK = @REPLACE_PTHREAD_MUTEX_TIMEDLOCK@ +REPLACE_PTHREAD_MUTEX_TRYLOCK = @REPLACE_PTHREAD_MUTEX_TRYLOCK@ +REPLACE_PTHREAD_MUTEX_UNLOCK = @REPLACE_PTHREAD_MUTEX_UNLOCK@ +REPLACE_PTHREAD_ONCE = @REPLACE_PTHREAD_ONCE@ +REPLACE_PTHREAD_RWLOCKATTR_DESTROY = @REPLACE_PTHREAD_RWLOCKATTR_DESTROY@ +REPLACE_PTHREAD_RWLOCKATTR_INIT = @REPLACE_PTHREAD_RWLOCKATTR_INIT@ +REPLACE_PTHREAD_RWLOCK_DESTROY = @REPLACE_PTHREAD_RWLOCK_DESTROY@ +REPLACE_PTHREAD_RWLOCK_INIT = @REPLACE_PTHREAD_RWLOCK_INIT@ +REPLACE_PTHREAD_RWLOCK_RDLOCK = @REPLACE_PTHREAD_RWLOCK_RDLOCK@ +REPLACE_PTHREAD_RWLOCK_TIMEDRDLOCK = @REPLACE_PTHREAD_RWLOCK_TIMEDRDLOCK@ +REPLACE_PTHREAD_RWLOCK_TIMEDWRLOCK = @REPLACE_PTHREAD_RWLOCK_TIMEDWRLOCK@ +REPLACE_PTHREAD_RWLOCK_TRYRDLOCK = @REPLACE_PTHREAD_RWLOCK_TRYRDLOCK@ +REPLACE_PTHREAD_RWLOCK_TRYWRLOCK = @REPLACE_PTHREAD_RWLOCK_TRYWRLOCK@ +REPLACE_PTHREAD_RWLOCK_UNLOCK = @REPLACE_PTHREAD_RWLOCK_UNLOCK@ +REPLACE_PTHREAD_RWLOCK_WRLOCK = @REPLACE_PTHREAD_RWLOCK_WRLOCK@ +REPLACE_PTHREAD_SELF = @REPLACE_PTHREAD_SELF@ +REPLACE_PTHREAD_SETSPECIFIC = @REPLACE_PTHREAD_SETSPECIFIC@ +REPLACE_PTHREAD_SIGMASK = @REPLACE_PTHREAD_SIGMASK@ +REPLACE_PTHREAD_SPIN_DESTROY = @REPLACE_PTHREAD_SPIN_DESTROY@ +REPLACE_PTHREAD_SPIN_INIT = @REPLACE_PTHREAD_SPIN_INIT@ +REPLACE_PTHREAD_SPIN_LOCK = @REPLACE_PTHREAD_SPIN_LOCK@ +REPLACE_PTHREAD_SPIN_TRYLOCK = @REPLACE_PTHREAD_SPIN_TRYLOCK@ +REPLACE_PTHREAD_SPIN_UNLOCK = @REPLACE_PTHREAD_SPIN_UNLOCK@ +REPLACE_PTSNAME = @REPLACE_PTSNAME@ +REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ +REPLACE_PUTENV = @REPLACE_PUTENV@ +REPLACE_PWRITE = @REPLACE_PWRITE@ +REPLACE_QSORT_R = @REPLACE_QSORT_R@ +REPLACE_RAISE = @REPLACE_RAISE@ +REPLACE_RANDOM = @REPLACE_RANDOM@ +REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ +REPLACE_READ = @REPLACE_READ@ +REPLACE_READLINK = @REPLACE_READLINK@ +REPLACE_READLINKAT = @REPLACE_READLINKAT@ +REPLACE_REALLOC = @REPLACE_REALLOC@ +REPLACE_REALLOCARRAY = @REPLACE_REALLOCARRAY@ +REPLACE_REALPATH = @REPLACE_REALPATH@ +REPLACE_REMOVE = @REPLACE_REMOVE@ +REPLACE_RENAME = @REPLACE_RENAME@ +REPLACE_RENAMEAT = @REPLACE_RENAMEAT@ +REPLACE_RMDIR = @REPLACE_RMDIR@ +REPLACE_SCHED_YIELD = @REPLACE_SCHED_YIELD@ +REPLACE_SELECT = @REPLACE_SELECT@ +REPLACE_SETENV = @REPLACE_SETENV@ +REPLACE_SETLOCALE = @REPLACE_SETLOCALE@ +REPLACE_SETSTATE = @REPLACE_SETSTATE@ +REPLACE_SLEEP = @REPLACE_SLEEP@ +REPLACE_SNPRINTF = @REPLACE_SNPRINTF@ +REPLACE_SPRINTF = @REPLACE_SPRINTF@ +REPLACE_STAT = @REPLACE_STAT@ +REPLACE_STDIO_READ_FUNCS = @REPLACE_STDIO_READ_FUNCS@ +REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@ +REPLACE_STPNCPY = @REPLACE_STPNCPY@ +REPLACE_STRCASESTR = @REPLACE_STRCASESTR@ +REPLACE_STRCHRNUL = @REPLACE_STRCHRNUL@ +REPLACE_STRDUP = @REPLACE_STRDUP@ +REPLACE_STRERROR = @REPLACE_STRERROR@ +REPLACE_STRERRORNAME_NP = @REPLACE_STRERRORNAME_NP@ +REPLACE_STRERROR_R = @REPLACE_STRERROR_R@ +REPLACE_STRFTIME = @REPLACE_STRFTIME@ +REPLACE_STRNCAT = @REPLACE_STRNCAT@ +REPLACE_STRNDUP = @REPLACE_STRNDUP@ +REPLACE_STRNLEN = @REPLACE_STRNLEN@ +REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@ +REPLACE_STRSTR = @REPLACE_STRSTR@ +REPLACE_STRTOD = @REPLACE_STRTOD@ +REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@ +REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ +REPLACE_STRTOL = @REPLACE_STRTOL@ +REPLACE_STRTOLD = @REPLACE_STRTOLD@ +REPLACE_STRTOLL = @REPLACE_STRTOLL@ +REPLACE_STRTOUL = @REPLACE_STRTOUL@ +REPLACE_STRTOULL = @REPLACE_STRTOULL@ +REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ +REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@ +REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ +REPLACE_SYMLINK = @REPLACE_SYMLINK@ +REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ +REPLACE_TIMEGM = @REPLACE_TIMEGM@ +REPLACE_TMPFILE = @REPLACE_TMPFILE@ +REPLACE_TRUNCATE = @REPLACE_TRUNCATE@ +REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ +REPLACE_TZSET = @REPLACE_TZSET@ +REPLACE_UNLINK = @REPLACE_UNLINK@ +REPLACE_UNLINKAT = @REPLACE_UNLINKAT@ +REPLACE_UNSETENV = @REPLACE_UNSETENV@ +REPLACE_USLEEP = @REPLACE_USLEEP@ +REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@ +REPLACE_VASPRINTF = @REPLACE_VASPRINTF@ +REPLACE_VDPRINTF = @REPLACE_VDPRINTF@ +REPLACE_VFPRINTF = @REPLACE_VFPRINTF@ +REPLACE_VPRINTF = @REPLACE_VPRINTF@ +REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@ +REPLACE_VSPRINTF = @REPLACE_VSPRINTF@ +REPLACE_WCRTOMB = @REPLACE_WCRTOMB@ +REPLACE_WCSFTIME = @REPLACE_WCSFTIME@ +REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@ +REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@ +REPLACE_WCSTOK = @REPLACE_WCSTOK@ +REPLACE_WCSWIDTH = @REPLACE_WCSWIDTH@ +REPLACE_WCTOB = @REPLACE_WCTOB@ +REPLACE_WCTOMB = @REPLACE_WCTOMB@ +REPLACE_WCWIDTH = @REPLACE_WCWIDTH@ +REPLACE_WRITE = @REPLACE_WRITE@ +SED = @SED@ +SERVENT_LIB = @SERVENT_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDALIGN_H = @STDALIGN_H@ +STDBOOL_H = @STDBOOL_H@ +STDDEF_H = @STDDEF_H@ +STDINT_H = @STDINT_H@ +STRIP = @STRIP@ +SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@ +SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_TIME_UTC = @TIME_H_DEFINES_TIME_UTC@ +TROUSERS_LIB = @TROUSERS_LIB@ +TSS2_CFLAGS = @TSS2_CFLAGS@ +TSS2_LIBS = @TSS2_LIBS@ +TSS_CFLAGS = @TSS_CFLAGS@ +TSS_LIBS = @TSS_LIBS@ +UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ +UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ +UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ +UNBOUND_LIBS = @UNBOUND_LIBS@ +UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ +UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ +UNISTD_H_HAVE_SYS_RANDOM_H = @UNISTD_H_HAVE_SYS_RANDOM_H@ +UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ +UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +USE_NLS = @USE_NLS@ +VALGRIND = @VALGRIND@ +VALGRINDFLAGS = @VALGRINDFLAGS@ +VALGRIND_PROGRAM = @VALGRIND_PROGRAM@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ +WERROR_CFLAGS = @WERROR_CFLAGS@ +WINDOWS_64_BIT_OFF_T = @WINDOWS_64_BIT_OFF_T@ +WINDOWS_64_BIT_ST_SIZE = @WINDOWS_64_BIT_ST_SIZE@ +WINDOWS_STAT_INODES = @WINDOWS_STAT_INODES@ +WINDOWS_STAT_TIMESPEC = @WINDOWS_STAT_TIMESPEC@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ +WSTACK_CFLAGS = @WSTACK_CFLAGS@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +YIELD_LIB = @YIELD_LIB@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +ac_cv_sizeof_time_t = @ac_cv_sizeof_time_t@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +ggl_LIBOBJS = @ggl_LIBOBJS@ +ggl_LTLIBOBJS = @ggl_LTLIBOBJS@ +ggltests_LIBOBJS = @ggltests_LIBOBJS@ +ggltests_LTLIBOBJS = @ggltests_LTLIBOBJS@ +ggltests_WITNESS = @ggltests_WITNESS@ +gl_LIBOBJS = @gl_LIBOBJS@ +gl_LTLIBOBJS = @gl_LTLIBOBJS@ +gltests_LIBOBJS = @gltests_LIBOBJS@ +gltests_LTLIBOBJS = @gltests_LTLIBOBJS@ +gltests_WITNESS = @gltests_WITNESS@ +gnutls_so = @gnutls_so@ +guile_snarf = @guile_snarf@ +guileextensiondir = @guileextensiondir@ +guilesiteccachedir = @guilesiteccachedir@ +guilesitedir = @guilesitedir@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +ifGNUmake = @ifGNUmake@ +ifnGNUmake = @ifnGNUmake@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +maybe_guileextensiondir = @maybe_guileextensiondir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +unistring_LIBOBJS = @unistring_LIBOBJS@ +unistring_LTLIBOBJS = @unistring_LTLIBOBJS@ +unistringtests_LIBOBJS = @unistringtests_LIBOBJS@ +unistringtests_LTLIBOBJS = @unistringtests_LTLIBOBJS@ +unistringtests_WITNESS = @unistringtests_WITNESS@ +AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) +AM_CPPFLAGS = -I$(top_srcdir)/lib/includes \ + -I$(top_builddir)/lib/includes -I$(top_srcdir)/tests/ \ + -I$(top_srcdir)/lib -I$(top_builddir)/gl -I$(top_srcdir)/gl \ + $(am__append_1) +AM_LDFLAGS = -no-install +LDADD = ../libutils.la \ + ../../gl/libgnu.la \ + $(top_builddir)/lib/libgnutls.la $(LIBSOCKET) + +cipher_test_CPPFLAGS = $(AM_CPPFLAGS) +ctests = gendh +dist_check_SCRIPTS = test-ciphers.sh test-hash-large.sh \ + test-ciphers-common.sh test-ciphers-api.sh $(am__append_2) +@HAVE_LIBCRYPTO_TRUE@cipher_openssl_compat_LDADD = $(LDADD) $(LIBCRYPTO) +EXTRA_DIST = README gnutls-asan.supp +TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) LC_ALL="C" \ + LSAN_OPTIONS=suppressions=$(srcdir)/gnutls-asan.supp \ + GNUTLS_TEST_SUITE_RUN=1 OPENSSL_ia32cap=0x00000000 \ + GNUTLS_SYSTEM_PRIORITY_FILE=$(abs_top_srcdir)/tests/system.prio \ + top_builddir="$(top_builddir)" \ + abs_top_builddir="$(abs_top_builddir)" srcdir="$(srcdir)" \ + $(am__append_5) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/slow/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign tests/slow/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +cipher-api-test$(EXEEXT): $(cipher_api_test_OBJECTS) $(cipher_api_test_DEPENDENCIES) $(EXTRA_cipher_api_test_DEPENDENCIES) + @rm -f cipher-api-test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cipher_api_test_OBJECTS) $(cipher_api_test_LDADD) $(LIBS) + +cipher-openssl-compat$(EXEEXT): $(cipher_openssl_compat_OBJECTS) $(cipher_openssl_compat_DEPENDENCIES) $(EXTRA_cipher_openssl_compat_DEPENDENCIES) + @rm -f cipher-openssl-compat$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cipher_openssl_compat_OBJECTS) $(cipher_openssl_compat_LDADD) $(LIBS) + +cipher-test$(EXEEXT): $(cipher_test_OBJECTS) $(cipher_test_DEPENDENCIES) $(EXTRA_cipher_test_DEPENDENCIES) + @rm -f cipher-test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cipher_test_OBJECTS) $(cipher_test_LDADD) $(LIBS) + +crypto$(EXEEXT): $(crypto_OBJECTS) $(crypto_DEPENDENCIES) $(EXTRA_crypto_DEPENDENCIES) + @rm -f crypto$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(crypto_OBJECTS) $(crypto_LDADD) $(LIBS) + +gendh$(EXEEXT): $(gendh_OBJECTS) $(gendh_DEPENDENCIES) $(EXTRA_gendh_DEPENDENCIES) + @rm -f gendh$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(gendh_OBJECTS) $(gendh_LDADD) $(LIBS) + +hash-large$(EXEEXT): $(hash_large_OBJECTS) $(hash_large_DEPENDENCIES) $(EXTRA_hash_large_DEPENDENCIES) + @rm -f hash-large$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(hash_large_OBJECTS) $(hash_large_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher-api-test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher-openssl-compat.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher_test-cipher-test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gendh.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hash-large.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +cipher_test-cipher-test.o: cipher-test.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(cipher_test_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cipher_test-cipher-test.o -MD -MP -MF $(DEPDIR)/cipher_test-cipher-test.Tpo -c -o cipher_test-cipher-test.o `test -f 'cipher-test.c' || echo '$(srcdir)/'`cipher-test.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cipher_test-cipher-test.Tpo $(DEPDIR)/cipher_test-cipher-test.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cipher-test.c' object='cipher_test-cipher-test.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(cipher_test_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cipher_test-cipher-test.o `test -f 'cipher-test.c' || echo '$(srcdir)/'`cipher-test.c + +cipher_test-cipher-test.obj: cipher-test.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(cipher_test_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cipher_test-cipher-test.obj -MD -MP -MF $(DEPDIR)/cipher_test-cipher-test.Tpo -c -o cipher_test-cipher-test.obj `if test -f 'cipher-test.c'; then $(CYGPATH_W) 'cipher-test.c'; else $(CYGPATH_W) '$(srcdir)/cipher-test.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cipher_test-cipher-test.Tpo $(DEPDIR)/cipher_test-cipher-test.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cipher-test.c' object='cipher_test-cipher-test.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(cipher_test_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cipher_test-cipher-test.obj `if test -f 'cipher-test.c'; then $(CYGPATH_W) 'cipher-test.c'; else $(CYGPATH_W) '$(srcdir)/cipher-test.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +# Recover from deleted '.trs' file; this should ensure that +# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create +# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells +# to avoid problems with "make -n". +.log.trs: + rm -f $< $@ + $(MAKE) $(AM_MAKEFLAGS) $< + +# Leading 'am--fnord' is there to ensure the list of targets does not +# expand to empty, as could happen e.g. with make check TESTS=''. +am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) +am--force-recheck: + @: + +$(TEST_SUITE_LOG): $(TEST_LOGS) + @$(am__set_TESTS_bases); \ + am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ + redo_bases=`for i in $$bases; do \ + am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ + done`; \ + if test -n "$$redo_bases"; then \ + redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ + redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ + if $(am__make_dryrun); then :; else \ + rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ + fi; \ + if test -n "$$am__remaking_logs"; then \ + echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ + "recursion detected" >&2; \ + elif test -n "$$redo_logs"; then \ + am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ + fi; \ + if $(am__make_dryrun); then :; else \ + st=0; \ + errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ + for i in $$redo_bases; do \ + test -f $$i.trs && test -r $$i.trs \ + || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ + test -f $$i.log && test -r $$i.log \ + || { echo "$$errmsg $$i.log" >&2; st=1; }; \ + done; \ + test $$st -eq 0 || exit 1; \ + fi + @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ + ws='[ ]'; \ + results=`for b in $$bases; do echo $$b.trs; done`; \ + test -n "$$results" || results=/dev/null; \ + all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ + pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ + fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ + skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ + xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ + xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ + error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ + if test `expr $$fail + $$xpass + $$error` -eq 0; then \ + success=true; \ + else \ + success=false; \ + fi; \ + br='==================='; br=$$br$$br$$br$$br; \ + result_count () \ + { \ + if test x"$$1" = x"--maybe-color"; then \ + maybe_colorize=yes; \ + elif test x"$$1" = x"--no-color"; then \ + maybe_colorize=no; \ + else \ + echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ + shift; \ + desc=$$1 count=$$2; \ + if test $$maybe_colorize = yes && test $$count -gt 0; then \ + color_start=$$3 color_end=$$std; \ + else \ + color_start= color_end=; \ + fi; \ + echo "$${color_start}# $$desc $$count$${color_end}"; \ + }; \ + create_testsuite_report () \ + { \ + result_count $$1 "TOTAL:" $$all "$$brg"; \ + result_count $$1 "PASS: " $$pass "$$grn"; \ + result_count $$1 "SKIP: " $$skip "$$blu"; \ + result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ + result_count $$1 "FAIL: " $$fail "$$red"; \ + result_count $$1 "XPASS:" $$xpass "$$red"; \ + result_count $$1 "ERROR:" $$error "$$mgn"; \ + }; \ + { \ + echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ + $(am__rst_title); \ + create_testsuite_report --no-color; \ + echo; \ + echo ".. contents:: :depth: 2"; \ + echo; \ + for b in $$bases; do echo $$b; done \ + | $(am__create_global_log); \ + } >$(TEST_SUITE_LOG).tmp || exit 1; \ + mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ + if $$success; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ + fi; \ + echo "$${col}$$br$${std}"; \ + echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ + echo "$${col}$$br$${std}"; \ + create_testsuite_report --maybe-color; \ + echo "$$col$$br$$std"; \ + if $$success; then :; else \ + echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ + if test -n "$(PACKAGE_BUGREPORT)"; then \ + echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ + fi; \ + echo "$$col$$br$$std"; \ + fi; \ + $$success || exit 1 + +check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS) + @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list + @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + trs_list=`for i in $$bases; do echo $$i.trs; done`; \ + log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ + exit $$?; +recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS) + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + bases=`for i in $$bases; do echo $$i; done \ + | $(am__list_recheck_tests)` || exit 1; \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + log_list=`echo $$log_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ + am__force_recheck=am--force-recheck \ + TEST_LOGS="$$log_list"; \ + exit $$? +gendh.log: gendh$(EXEEXT) + @p='gendh$(EXEEXT)'; \ + b='gendh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-ciphers.sh.log: test-ciphers.sh + @p='test-ciphers.sh'; \ + b='test-ciphers.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-hash-large.sh.log: test-hash-large.sh + @p='test-hash-large.sh'; \ + b='test-hash-large.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +crypto.log: crypto$(EXEEXT) + @p='crypto$(EXEEXT)'; \ + b='crypto'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-ciphers-api.sh.log: test-ciphers-api.sh + @p='test-ciphers-api.sh'; \ + b='test-ciphers-api.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-ciphers-openssl.sh.log: test-ciphers-openssl.sh + @p='test-ciphers-openssl.sh'; \ + b='test-ciphers-openssl.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +.test.log: + @p='$<'; \ + $(am__set_b); \ + $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +@am__EXEEXT_TRUE@.test$(EXEEXT).log: +@am__EXEEXT_TRUE@ @p='$<'; \ +@am__EXEEXT_TRUE@ $(am__set_b); \ +@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ +@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ +@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ +@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \ + $(dist_check_SCRIPTS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) + -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) + -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -f ./$(DEPDIR)/cipher-api-test.Po + -rm -f ./$(DEPDIR)/cipher-openssl-compat.Po + -rm -f ./$(DEPDIR)/cipher_test-cipher-test.Po + -rm -f ./$(DEPDIR)/crypto.Po + -rm -f ./$(DEPDIR)/gendh.Po + -rm -f ./$(DEPDIR)/hash-large.Po + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f ./$(DEPDIR)/cipher-api-test.Po + -rm -f ./$(DEPDIR)/cipher-openssl-compat.Po + -rm -f ./$(DEPDIR)/cipher_test-cipher-test.Po + -rm -f ./$(DEPDIR)/crypto.Po + -rm -f ./$(DEPDIR)/gendh.Po + -rm -f ./$(DEPDIR)/hash-large.Po + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: check-am install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \ + check-am clean clean-checkPROGRAMS clean-generic clean-libtool \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + recheck tags tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tests/slow/README b/tests/slow/README new file mode 100644 index 0000000..0f1982c --- /dev/null +++ b/tests/slow/README @@ -0,0 +1 @@ +Those tests are here because they are very slow when run under valgrind. diff --git a/tests/slow/cipher-api-test.c b/tests/slow/cipher-api-test.c new file mode 100644 index 0000000..1d267ce --- /dev/null +++ b/tests/slow/cipher-api-test.c @@ -0,0 +1,565 @@ +/* + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* Test legal and illegal use of gnutls_cipher_* and gnutls_aead_cipher_* + * API. This test is written using fork, because some of the test + * cases may hit assertion failure in Nettle and crash the process. + */ + +#if defined(WIN32) +int main(int argc, char **argv) +{ + exit(77); +} +#else + +#include +#include +#include +#include +#include + +#define AES_GCM_ENCRYPT_PLAINTEXT_MAX ((1ULL << 36) - 32) +#if SIZE_MAX >= AES_GCM_ENCRYPT_PLAINTEXT_MAX +#define TEST_AES_GCM_ENCRYPT_PLAINTEXT_SIZE 1 +#endif + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +/* (Non-AEAD) Test a happy path where everything works */ +static void test_cipher_happy(int algo) +{ + int ret; + gnutls_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t data[128]; + gnutls_datum_t key, iv; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(data, 0xfa, sizeof(data)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); + } + + ret = gnutls_cipher_init(&ch, algo, &key, &iv); + if (ret < 0) + fail("gnutls_cipher_init failed\n"); + + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)); + if (ret < 0) + fail("gnutls_cipher_encrypt failed\n"); + + gnutls_cipher_deinit(ch); + + gnutls_global_deinit(); +} + +/* Test whether an invalid call to gnutls_cipher_encrypt() is caught */ +static void test_cipher_invalid_partial(int algo) +{ + int ret; + gnutls_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t data[128]; + gnutls_datum_t key, iv; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(data, 0xfa, sizeof(data)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); /*errcode 1 */ + } + + ret = gnutls_cipher_init(&ch, algo, &key, &iv); + if (ret < 0) + fail("gnutls_cipher_init failed\n"); /*errcode 1 */ + + /* try encrypting in a way that violates nettle's block conventions */ + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); + if (ret >= 0) + fail("succeeded in encrypting partial data on block cipher\n"); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("wrong kind of error on decrypting onto a short buffer," + "%s instead of GNUTLS_E_INVALID_REQUEST\n", + gnutls_strerror_name(ret)); + + gnutls_cipher_deinit(ch); + + gnutls_global_deinit(); +} + +/* Test AEAD encryption/decryption */ +static void test_aead_happy(int algo) +{ + int ret; + gnutls_aead_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t auth[32]; + uint8_t ctext[128+32]; + size_t ctext_len; + uint8_t ptext[128]; + uint8_t otext[128]; + size_t ptext_len; + gnutls_datum_t key, iv; + size_t tag_len; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + ptext_len = sizeof(ptext); + tag_len = gnutls_cipher_get_tag_size(algo); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(ptext, 0xfa, sizeof(ptext)); + memset(otext, 0xfc, sizeof(otext)); + memset(ctext, 0xfa, sizeof(ctext)); + memset(auth, 0xfb, sizeof(auth)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) + fail("Cannot initialize library\n"); + + ret = gnutls_aead_cipher_init(&ch, algo, &key); + if (ret < 0) + fail("gnutls_aead_cipher_init failed\n"); + + ctext_len = sizeof(ctext); + ret = gnutls_aead_cipher_encrypt(ch, iv.data, iv.size, + auth, sizeof(auth), tag_len, + ptext, sizeof(ptext), + ctext, &ctext_len); + if (ret < 0) + fail("could not encrypt data\n"); + + if (ctext_len != sizeof(ptext) + tag_len) + fail("output ciphertext length mismatch\n"); + + ret = gnutls_aead_cipher_decrypt(ch, iv.data, iv.size, + auth, sizeof(auth), tag_len, + ctext, ctext_len, + ptext, &ptext_len); + if (ret < 0) + fail("could not decrypt data: %s\n", gnutls_strerror(ret)); + + if (!memcmp(ptext, otext, sizeof(ptext))) + fail("mismatch of decrypted data\n"); + + gnutls_aead_cipher_deinit(ch); + + gnutls_global_deinit(); + return; +} + +/* Test whether an invalid gnutls_cipher_add_auth() is caught */ +static void test_aead_invalid_add_auth(int algo) +{ + int ret; + gnutls_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t data[128]; + gnutls_datum_t key, iv; + + if (algo == GNUTLS_CIPHER_CHACHA20_POLY1305) + return; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(data, 0xfa, sizeof(data)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); /*errcode 1 */ + } + + ret = gnutls_cipher_init(&ch, algo, &key, &iv); + if (ret < 0) + fail("gnutls_cipher_init failed\n"); /*errcode 1 */ + + ret = gnutls_cipher_add_auth(ch, data, sizeof(data)-1); + if (ret < 0) + fail("could not add auth data\n"); + + ret = gnutls_cipher_add_auth(ch, data, 16); + if (ret >= 0) + fail("succeeded in adding auth data after partial data were given\n"); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("wrong kind of error on decrypting onto a short buffer," + "%s instead of GNUTLS_E_INVALID_REQUEST\n", + gnutls_strerror_name(ret)); + + gnutls_cipher_deinit(ch); + + gnutls_global_deinit(); + return; +} + +/* Test whether an invalid call to gnutls_cipher_encrypt() is caught */ +static void test_aead_invalid_partial_encrypt(int algo) +{ + int ret; + gnutls_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t data[128]; + gnutls_datum_t key, iv; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(data, 0xfa, sizeof(data)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); /*errcode 1 */ + } + + ret = gnutls_cipher_init(&ch, algo, &key, &iv); + if (ret < 0) + fail("gnutls_cipher_init failed\n"); /*errcode 1 */ + + /* try encrypting in a way that violates nettle's AEAD conventions */ + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); + if (ret < 0) + fail("could not encrypt data\n"); + + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)); + if (ret >= 0) + fail("succeeded in encrypting partial data after partial data were given\n"); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("wrong kind of error on decrypting onto a short buffer," + "%s instead of GNUTLS_E_INVALID_REQUEST\n", + gnutls_strerror_name(ret)); + + gnutls_cipher_deinit(ch); + + gnutls_global_deinit(); + return; +} + +/* Test whether an invalid call to gnutls_aead_cipher_decrypt() is caught */ +static void test_aead_invalid_short_decrypt(int algo) +{ + int ret; + gnutls_aead_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t auth[32]; + uint8_t ctext[128+32]; + size_t ctext_len; + uint8_t ptext[128]; + size_t ptext_len; + gnutls_datum_t key, iv; + size_t tag_len; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + tag_len = gnutls_cipher_get_tag_size(algo); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(ptext, 0xfa, sizeof(ptext)); + memset(ctext, 0xfa, sizeof(ctext)); + memset(auth, 0xfb, sizeof(auth)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) + fail("Cannot initialize library\n"); + + ret = gnutls_aead_cipher_init(&ch, algo, &key); + if (ret < 0) + fail("gnutls_aead_cipher_init failed\n"); + + ctext_len = sizeof(ctext); + ret = gnutls_aead_cipher_encrypt(ch, iv.data, iv.size, + auth, sizeof(auth), tag_len, + ptext, sizeof(ptext), + ctext, &ctext_len); + if (ret < 0) + fail("could not encrypt data\n"); + + if (ctext_len != sizeof(ptext) + tag_len) + fail("output ciphertext length mismatch\n"); + + ptext_len = 0; + ret = gnutls_aead_cipher_decrypt(ch, iv.data, iv.size, + auth, sizeof(auth), tag_len, + ctext, ctext_len, + ptext, &ptext_len); + if (ret >= 0) + fail("succeeded in decrypting data onto a short buffer\n"); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + fail("wrong kind of error on decrypting onto a short buffer," + "%s instead of GNUTLS_E_SHORT_MEMORY_BUFFER\n", + gnutls_strerror_name(ret)); + + gnutls_aead_cipher_deinit(ch); + + gnutls_global_deinit(); + return; +} + +#ifdef TEST_AES_GCM_ENCRYPT_PLAINTEXT_SIZE +/* Test whether an invalid call to gnutls_cipher_encrypt() with too + * long message is caught */ +static void test_aead_invalid_too_long_encrypt(int algo) +{ + int ret; + gnutls_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t data[128]; + gnutls_datum_t key, iv; + + if (algo != GNUTLS_CIPHER_AES_128_GCM && + algo != GNUTLS_CIPHER_AES_192_GCM && + algo != GNUTLS_CIPHER_AES_256_GCM) { + return; + } + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(data, 0xfa, sizeof(data)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); /*errcode 1 */ + } + + ret = gnutls_cipher_init(&ch, algo, &key, &iv); + if (ret < 0) + fail("gnutls_cipher_init failed\n"); /*errcode 1 */ + + /* Test exceeding AES-GCM plaintext limit */ + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)); + if (ret < 0) + fail("could not encrypt data\n"); + + /* A few blocks larger than AES_GCM_ENCRYPT_PLAINTEXT_MAX combined with + * the previous call. Use NULL for PLAINTEXT so the access to the first + * block always results in page fault (in case the limit is not + * enforced). + */ + ret = gnutls_cipher_encrypt(ch, NULL, AES_GCM_ENCRYPT_PLAINTEXT_MAX); + if (ret >= 0) + fail("succeeded in encrypting too long data\n"); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("wrong kind of error on encrypting too long data," + "%s instead of GNUTLS_E_INVALID_REQUEST\n", + gnutls_strerror_name(ret)); + + gnutls_cipher_deinit(ch); + + gnutls_global_deinit(); + return; +} +#endif + +static void check_status(int status) +{ + if (WEXITSTATUS(status) != 0 || + (WIFSIGNALED(status) && WTERMSIG(status) != SIGABRT)) { + if (WIFSIGNALED(status)) { + fail("Child died with signal %d\n", WTERMSIG(status)); + } else { + fail("Child died with status %d\n", + WEXITSTATUS(status)); + } + } +} + +typedef void subtest(int algo); + +static void fork_subtest(subtest func, int algo) { + pid_t child; + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + wait(&status); + check_status(status); + } else { + func(algo); + exit(0); + } +}; + +static +void start(const char *name, int algo, unsigned aead) +{ + success("trying %s\n", name); + + signal(SIGPIPE, SIG_IGN); + + success("trying %s: test_cipher_happy\n", name); + fork_subtest(test_cipher_happy, algo); + + if (!aead) { + success("trying %s: test_cipher_invalid_partial\n", name); + fork_subtest(test_cipher_invalid_partial, algo); + } + + if (aead) { + success("trying %s: test_aead_happy\n", name); + fork_subtest(test_aead_happy, algo); + + success("trying %s: test_aead_invalid_add_auth\n", name); + fork_subtest(test_aead_invalid_add_auth, algo); + + success("trying %s: test_aead_invalid_partial_encrypt\n", name); + fork_subtest(test_aead_invalid_partial_encrypt, algo); + + success("trying %s: test_aead_invalid_short_decrypt\n", name); + fork_subtest(test_aead_invalid_short_decrypt, algo); + +#if TEST_AES_GCM_ENCRYPT_PLAINTEXT_SIZE + success("trying %s: test_aead_invalid_too_long_encrypt\n", name); + fork_subtest(test_aead_invalid_too_long_encrypt, algo); +#endif + } +} + +void doit(void) +{ + start("aes128-gcm", GNUTLS_CIPHER_AES_128_GCM, 1); + start("aes192-gcm", GNUTLS_CIPHER_AES_192_GCM, 1); + start("aes256-gcm", GNUTLS_CIPHER_AES_256_GCM, 1); + start("aes128-cbc", GNUTLS_CIPHER_AES_128_CBC, 0); + start("aes192-cbc", GNUTLS_CIPHER_AES_192_CBC, 0); + start("aes256-cbc", GNUTLS_CIPHER_AES_256_CBC, 0); + if (!gnutls_fips140_mode_enabled()) { + start("3des-cbc", GNUTLS_CIPHER_3DES_CBC, 0); + start("camellia128-gcm", GNUTLS_CIPHER_CAMELLIA_128_GCM, 1); + start("camellia256-gcm", GNUTLS_CIPHER_CAMELLIA_256_GCM, 1); + start("chacha20-poly1305", GNUTLS_CIPHER_CHACHA20_POLY1305, 1); + } +} + +#endif diff --git a/tests/slow/cipher-openssl-compat.c b/tests/slow/cipher-openssl-compat.c new file mode 100644 index 0000000..3d55131 --- /dev/null +++ b/tests/slow/cipher-openssl-compat.c @@ -0,0 +1,210 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* This does check the AES and CHACHA20 implementations for compatibility + * with openssl. + */ + +#define BSIZE (64*1024+12) +#define B2SIZE (1024+7) +static unsigned char buffer_auth[B2SIZE]; +static unsigned char orig_plain_data[BSIZE]; +static unsigned char enc_data[BSIZE + 32]; /* allow for tag */ +static unsigned char dec_data[BSIZE]; + +static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher, + unsigned tag_size) +{ + int ret; + gnutls_aead_cipher_hd_t hd; + gnutls_datum_t dkey, dnonce; + unsigned char key[32]; + unsigned char nonce[32]; + size_t enc_data_size, dec_data_size; + int dec_data_size2; + EVP_CIPHER_CTX *ctx; + const EVP_CIPHER *evp_cipher; + unsigned char tag[64]; + unsigned i; + + success("cipher: %s\n", ocipher); + + /* decrypt with openssl */ + evp_cipher = EVP_get_cipherbyname(ocipher); + if (!evp_cipher) { + /* XXX: fix version check later when LibreSSL fixes support for aes-ccm and chacha20-poly1305 */ +#ifdef LIBRESSL_VERSION_NUMBER + fprintf(stderr, "EVP_get_cipherbyname failed for %s\n", ocipher); + return -1; +#else + /* OpenSSL should always work! */ + fail("EVP_get_cipherbyname failed for %s\n", ocipher); +#endif + } + + for (i = 0; i < 32; i++) { /* try with multiple keys and nonces */ + assert(gnutls_rnd + (GNUTLS_RND_NONCE, orig_plain_data, + sizeof(orig_plain_data)) >= 0); + assert(gnutls_rnd + (GNUTLS_RND_NONCE, buffer_auth, + sizeof(buffer_auth)) >= 0); + assert(gnutls_rnd(GNUTLS_RND_NONCE, key, sizeof(key)) >= 0); + assert(gnutls_rnd(GNUTLS_RND_NONCE, nonce, sizeof(nonce)) >= 0); + + dkey.data = (void *)key; + dkey.size = gnutls_cipher_get_key_size(gcipher); + assert(gnutls_aead_cipher_init(&hd, gcipher, &dkey) >= 0); + + dnonce.data = (void *)nonce; + dnonce.size = gnutls_cipher_get_iv_size(gcipher); + + enc_data_size = sizeof(enc_data); + assert(gnutls_aead_cipher_encrypt(hd, dnonce.data, dnonce.size, + buffer_auth, + sizeof(buffer_auth), tag_size, + orig_plain_data, + sizeof(orig_plain_data), + enc_data, + &enc_data_size) >= 0); + + if (debug) + success("encrypted %d bytes, to %d\n", + (int)sizeof(orig_plain_data), + (int)enc_data_size); + + dec_data_size = sizeof(dec_data); + ret = gnutls_aead_cipher_decrypt(hd, dnonce.data, dnonce.size, + buffer_auth, + sizeof(buffer_auth), tag_size, + enc_data, enc_data_size, + dec_data, &dec_data_size); + if (ret < 0) { + fail("error in gnutls_aead_cipher_decrypt for %s: %s\n", + ocipher, gnutls_strerror(ret)); + } + + if (dec_data_size != sizeof(orig_plain_data) + || memcmp(dec_data, orig_plain_data, + sizeof(orig_plain_data)) != 0) { + fail("gnutls encrypt-decrypt failed (got: %d, expected: %d)\n", (int)dec_data_size, (int)sizeof(orig_plain_data)); + } + + gnutls_aead_cipher_deinit(hd); + + ctx = EVP_CIPHER_CTX_new(); + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + if (gcipher == GNUTLS_CIPHER_AES_128_CCM + || gcipher == GNUTLS_CIPHER_AES_256_CCM) { + assert(EVP_CipherInit_ex(ctx, evp_cipher, 0, 0, 0, 0) > + 0); + + assert(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, dnonce.size, 0)==1); + assert(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, tag_size, + enc_data + enc_data_size - tag_size) == 1); + + assert(EVP_CipherInit_ex(ctx, 0, 0, key, nonce, 0) > + 0); + + dec_data_size2 = sizeof(dec_data); + /* Add plain size */ + assert(EVP_CipherUpdate + (ctx, NULL, &dec_data_size2, NULL, + enc_data_size - tag_size) > 0); + + /* Add AAD */ + assert(EVP_CipherUpdate + (ctx, NULL, &dec_data_size2, buffer_auth, + sizeof(buffer_auth)) > 0); + + /* Decrypt */ + assert(EVP_CipherUpdate + (ctx, dec_data, &dec_data_size2, enc_data, + enc_data_size - tag_size) > 0); + + dec_data_size = dec_data_size2; + dec_data_size2 = tag_size; + + if (dec_data_size != sizeof(orig_plain_data) + || memcmp(dec_data, orig_plain_data, + sizeof(orig_plain_data)) != 0) { + fail("openssl decrypt failed for %s\n", ocipher); + } + } else +#endif + { + assert(EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, nonce, 0) > + 0); + + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, tag_size, + enc_data + enc_data_size - tag_size); + + dec_data_size2 = sizeof(dec_data); + + /* Add AAD */ + assert(EVP_CipherUpdate + (ctx, NULL, &dec_data_size2, buffer_auth, + sizeof(buffer_auth)) > 0); + + /* Decrypt */ + assert(EVP_CipherUpdate + (ctx, dec_data, &dec_data_size2, enc_data, + enc_data_size - tag_size) > 0); + + dec_data_size = dec_data_size2; + dec_data_size2 = tag_size; + assert(EVP_CipherFinal_ex(ctx, tag, &dec_data_size2) > 0); + + if (dec_data_size != sizeof(orig_plain_data) + || memcmp(dec_data, orig_plain_data, + sizeof(orig_plain_data)) != 0) { + fail("openssl decrypt failed for %s\n", ocipher); + } + + } + EVP_CIPHER_CTX_free(ctx); + + } + + return 0; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +void doit(void) +{ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + global_init(); + OpenSSL_add_all_algorithms(); + + /* ciphers */ + cipher_test("aes-128-gcm", GNUTLS_CIPHER_AES_128_GCM, 16); + cipher_test("aes-192-gcm", GNUTLS_CIPHER_AES_192_GCM, 16); + cipher_test("aes-256-gcm", GNUTLS_CIPHER_AES_256_GCM, 16); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + if (!gnutls_fips140_mode_enabled()) { + cipher_test("chacha20-poly1305", GNUTLS_CIPHER_CHACHA20_POLY1305, 16); + } + cipher_test("aes-128-ccm", GNUTLS_CIPHER_AES_128_CCM, 16); + cipher_test("aes-256-ccm", GNUTLS_CIPHER_AES_256_CCM, 16); +#endif + + gnutls_global_deinit(); + return; +} diff --git a/tests/slow/cipher-test.c b/tests/slow/cipher-test.c new file mode 100644 index 0000000..da7e7e7 --- /dev/null +++ b/tests/slow/cipher-test.c @@ -0,0 +1,64 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* This does check the AES and SHA implementation against test vectors. + * This should not run under valgrind in order to use the native + * cpu instructions (AES-NI or padlock). + */ + +#if defined(WIN32) +int main(int argc, char **argv) +{ + exit(77); +} +#else +# include + +static void handle_sigill(int sig) +{ + _exit(0); +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +int main(int argc, char **argv) +{ + gnutls_global_set_log_function(tls_log_func); + if (argc > 1) + gnutls_global_set_log_level(4711); + + global_init(); + signal(SIGILL, handle_sigill); + + /* ciphers */ + if (gnutls_cipher_self_test(1, 0) < 0) + return 1; + + /* message digests */ + if (gnutls_digest_self_test(1, 0) < 0) + return 1; + + /* MAC */ + if (gnutls_mac_self_test(1, 0) < 0) + return 1; + + /* PK */ + if (gnutls_pk_self_test(1, 0) < 0) + return 1; + + gnutls_global_deinit(); + return 0; +} + +#endif diff --git a/tests/slow/crypto.c b/tests/slow/crypto.c new file mode 100644 index 0000000..eedaf3f --- /dev/null +++ b/tests/slow/crypto.c @@ -0,0 +1,17 @@ +#include +#include +#include +#include +#include +#include +#include + +/* this tests whether including crypto.h is sufficient to use + * its functionality */ + +int main(int argc, char **argv) +{ + char output[64]; + assert(gnutls_hash_fast(GNUTLS_DIG_SHA256, "abc", 3, output) >= 0); + return 0; +} diff --git a/tests/slow/gendh.c b/tests/slow/gendh.c new file mode 100644 index 0000000..0e68141 --- /dev/null +++ b/tests/slow/gendh.c @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2010, 2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#include "utils.h" + +void doit(void) +{ + gnutls_dh_params_t dh_params = NULL; + int rc; + + rc = global_init(); + if (rc) + fail("global_init\n"); + + if (gnutls_dh_params_init(&dh_params) < 0) + fail("Error in dh parameter initialization\n"); + + if (gnutls_dh_params_generate2(dh_params, 2048) < 0) + fail("Error in prime generation\n"); + + gnutls_dh_params_deinit(dh_params); + + gnutls_global_deinit(); + + if (debug) + success("generated DH params OK\n"); +} diff --git a/tests/slow/gnutls-asan.supp b/tests/slow/gnutls-asan.supp new file mode 100644 index 0000000..ea0f24e --- /dev/null +++ b/tests/slow/gnutls-asan.supp @@ -0,0 +1 @@ +leak:libcrypto diff --git a/tests/slow/hash-large.c b/tests/slow/hash-large.c new file mode 100644 index 0000000..71312ef --- /dev/null +++ b/tests/slow/hash-large.c @@ -0,0 +1,176 @@ +/* + * Copyright (C) 2016 Nikos Mavrogiannopoulos + * Copyright (C) 2017 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" + +#if defined(__FreeBSD__) || !defined(HAVE_MMAP) +void doit(void) +{ + exit(77); +} + +#else /* working test */ + +/* Test hashing on very large buffers >= 2^31 */ + +#if !defined(_WIN32) +# include +# include + +static void exit_77(int signo) +{ + _exit(77); +} +#endif + +#define MIN(x,y) ((x)<(y))?(x):(y) + +#include + +static size_t _mmap_size; +static void *get_mem(size_t size) +{ + void *p; + _mmap_size = size; + p = mmap(NULL, size, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (p == MAP_FAILED) + return NULL; + return p; +} + +static void put_mem(void *mem) +{ + munmap(mem, _mmap_size); +} + +void doit(void) +{ + unsigned char digest[32]; + int err; + char *buf, *p; + ssize_t size, left, size2; + gnutls_hash_hd_t td; + + if (sizeof(size) <= 4) + exit(77); + +#if !defined(_WIN32) + signal(SIGSEGV, exit_77); + signal(SIGBUS, exit_77); +#endif + + global_init(); + + size = (ssize_t)UINT_MAX + (ssize_t)64*1024; + buf = get_mem(size); + if (buf == NULL) + exit(77); + + if (size < (ssize_t)UINT_MAX) + exit(77); + + + err = + gnutls_hash_fast(GNUTLS_DIG_SHA256, buf, size, + digest); + if (err < 0) + fail("gnutls_hash_fast(SHA256) failed: %d\n", err); + else { +#define SHA256_HASH "\x80\x92\xd9\xbe\x54\xa0\xe9\xd7\x7c\xb8\xe4\x2d\xd3\x7c\x19\xfe\x4e\x68\x84\x33\x71\xef\x1c\x81\xd6\x44\x36\x52\x06\xd8\x4b\x8a" + if (memcmp(digest, SHA256_HASH, 32) == 0) { + if (debug) + success("gnutls_hash_fast(SHA256) %lu OK\n", (unsigned long)size); + } else { + hexprint(digest, 32); + fail("gnutls_hash_fast(SHA256) failure\n"); + } + } + + err = gnutls_hash_init(&td, GNUTLS_DIG_SHA256); + if (err < 0) { + fail("failed in %d\n", __LINE__); + } + + size2 = size; + p = buf; + while(size2 > 0) { + left = MIN(64*1024, size2); + gnutls_hash(td, p, left); + size2 -= left; + p += left; + } + + gnutls_hash_output(td, digest); + gnutls_hash_deinit(td, NULL); + if (memcmp(digest, SHA256_HASH, 32) == 0) { + if (debug) + success("gnutls_hash_fast(SHA256) %lu OK\n", (unsigned long)size); + } else { + hexprint(digest, 32); + fail("gnutls_hash(SHA256) failure\n"); + } + + /* SHA1 */ + + err = + gnutls_hash_fast(GNUTLS_DIG_SHA1, buf, size, + digest); + if (err < 0) + fail("gnutls_hash_fast(SHA1) failed: %d\n", err); + else { +#define SHA1_HASH "\x75\xd2\x67\x3f\xec\x73\xe4\x57\xb8\x40\xb3\xb5\xf1\xc7\xa8\x1a\x2d\x11\x7e\xd9" + if (memcmp(digest, SHA1_HASH, 20) == 0) { + if (debug) + success("gnutls_hash_fast(SHA1) OK\n"); + } else { + hexprint(digest, 20); + fail("gnutls_hash_fast(SHA1) failure\n"); + } + } + + err = + gnutls_hmac_fast(GNUTLS_MAC_SHA1, "keykeykey", 9, buf, size, + digest); + if (err < 0) + fail("gnutls_hmac_fast(SHA1) failed: %d\n", err); + else { +#define SHA1_MAC "\xe2\xe9\x84\x48\x53\xe3\x0b\xfe\x45\x04\xf6\x6b\x5b\x6d\x4d\x2c\xa3\x0f\xcf\x23" + if (memcmp(digest, SHA1_MAC, 20) == 0) { + if (debug) + success("gnutls_hmac_fast(SHA1) OK\n"); + } else { + hexprint(digest, 20); + fail("gnutls_hmac_fast(SHA1) failure\n"); + } + } + + put_mem(buf); + gnutls_global_deinit(); +} +#endif diff --git a/tests/slow/test-ciphers-api.sh b/tests/slow/test-ciphers-api.sh new file mode 100755 index 0000000..814f5cc --- /dev/null +++ b/tests/slow/test-ciphers-api.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +# Copyright (C) 2014 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${srcdir=.} +PROG=./cipher-api-test${EXEEXT} + +. "${srcdir}/test-ciphers-common.sh" + diff --git a/tests/slow/test-ciphers-common.sh b/tests/slow/test-ciphers-common.sh new file mode 100644 index 0000000..7a7bf0c --- /dev/null +++ b/tests/slow/test-ciphers-common.sh @@ -0,0 +1,114 @@ +# Copyright (C) 2014 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +unset RETCODE +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +: ${srcdir=.} +. "${srcdir}/../scripts/common.sh" + +echo default cipher tests +${PROG} +ret=$? +if test $ret != 0; then + echo "default cipher tests failed" + exit $ret +fi + +echo all optimizations disabled +GNUTLS_CPUID_OVERRIDE=0x1 ${PROG} +ret=$? +if test $ret != 0; then + echo "included cipher tests failed" + exit $ret +fi + +exit_if_non_x86 + +echo AESNI +GNUTLS_CPUID_OVERRIDE=0x2 ${PROG} +ret=$? +if test $ret != 0; then + echo "AESNI cipher tests failed" + exit $ret +fi + +echo SSEE3 +GNUTLS_CPUID_OVERRIDE=0x4 ${PROG} +ret=$? +if test $ret != 0; then + echo "SSSE3 cipher tests failed" + exit $ret +fi + +echo AESNI+PCLMUL +GNUTLS_CPUID_OVERRIDE=0xA ${PROG} +ret=$? +if test $ret != 0; then + echo "PCLMUL cipher tests failed" + exit $ret +fi + +echo AESNI+PCLMUL+AVX +GNUTLS_CPUID_OVERRIDE=0x1A ${PROG} +ret=$? +if test $ret != 0; then + echo "PCLMUL-AVX cipher tests failed" + exit $ret +fi + +echo SHANI +if (lscpu --version) >/dev/null 2>&1 && \ + lscpu 2>/dev/null | grep 'Flags:[ ]*sha_ni' >/dev/null; then + GNUTLS_CPUID_OVERRIDE=0x20 ${PROG} + ret=$? + if test $ret != 0; then + echo "SHANI cipher tests failed" + exit $ret + fi +fi + +echo padlock +GNUTLS_CPUID_OVERRIDE=0x100000 ${PROG} +ret=$? +if test $ret != 0; then + echo "padlock cipher tests failed" + exit $ret +fi + +echo padlock PHE +GNUTLS_CPUID_OVERRIDE=0x200000 ${PROG} +ret=$? +if test $ret != 0; then + echo "padlock PHE cipher tests failed" + exit $ret +fi + +echo padlock PHE SHA512 +GNUTLS_CPUID_OVERRIDE=0x400000 ${PROG} +ret=$? +if test $ret != 0; then + echo "padlock PHE SHA512 cipher tests failed" + exit $ret +fi + +exit 0 diff --git a/tests/slow/test-ciphers-openssl.sh b/tests/slow/test-ciphers-openssl.sh new file mode 100755 index 0000000..dc8fb60 --- /dev/null +++ b/tests/slow/test-ciphers-openssl.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# Copyright (C) 2016 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +PROG=./cipher-openssl-compat${EXEEXT} + +. "${srcdir}/test-ciphers-common.sh" + diff --git a/tests/slow/test-ciphers.sh b/tests/slow/test-ciphers.sh new file mode 100755 index 0000000..b4bc411 --- /dev/null +++ b/tests/slow/test-ciphers.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# Copyright (C) 2014 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +PROG=./cipher-test${EXEEXT} + +. "${srcdir}/test-ciphers-common.sh" + diff --git a/tests/slow/test-hash-large.sh b/tests/slow/test-hash-large.sh new file mode 100755 index 0000000..7a052bd --- /dev/null +++ b/tests/slow/test-hash-large.sh @@ -0,0 +1,87 @@ +#!/bin/sh + +# Copyright (C) 2016 Nikos Mavrogiannopoulos +# Copyright (C) 2017 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see +# + +PROG=./hash-large${EXEEXT} +unset RETCODE +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}" +fi + +: ${srcdir=.} +. "${srcdir}/../scripts/common.sh" + +run_test() { + GNUTLS_CPUID_OVERRIDE=$1 ${PROG} + ret=$? + if test $ret != 0; then + echo "tests failed for flags $1" + exit $ret + fi +} + +#0x20: SHA_NI +#0x4: SSSE3 +#0x1: no optimizations +#"": default optimizations + +FLAGS="" +if (lscpu --version) >/dev/null 2>&1; then + if lscpu 2>/dev/null | grep 'Flags:[ ]*ssse3' >/dev/null; then + FLAGS="$FLAGS 0x4" + fi + + if lscpu 2>/dev/null | grep 'Flags:[ ]*sha_ni' >/dev/null; then + FLAGS="$FLAGS 0x20" + fi +fi + +WAITPID="" +for flags in "" "0x1" ${FLAGS};do + run_test ${flags} & + WAITPID="${WAITPID} $!" +done + +for i in "$WAITPID";do + wait $i + ret=$? + test ${ret} != 0 && exit ${ret} +done + +exit_if_non_padlock + +#0x200000: Padlock PHE +#0x400000: Padlock PHE SHA512 + +WAITPID="" +for flags in "0x200000" "0x400000";do + run_test ${flags} & + WAITPID="${WAITPID} $!" +done + +for i in "$WAITPID";do + wait $i + ret=$? + test ${ret} != 0 && exit ${ret} +done + +exit 0 diff --git a/tests/sni-hostname.sh b/tests/sni-hostname.sh new file mode 100755 index 0000000..b8100d9 --- /dev/null +++ b/tests/sni-hostname.sh @@ -0,0 +1,83 @@ +#!/bin/sh + +# Copyright (C) 2017 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +KEY1=${srcdir}/../doc/credentials/x509/example.com-key.pem +CERT1=${srcdir}/../doc/credentials/x509/example.com-cert.pem +CA1=${srcdir}/../doc/credentials/x509/ca.pem + +echo "Checking SNI hostname in gnutls-cli" + +OPTS="--sni-hostname example.com --verify-hostname example.com" +NOOPTS="--sni-hostname noexample.com --verify-hostname example.com" + +eval "${GETPORT}" +launch_server --echo --sni-hostname-fatal --sni-hostname example.com --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 ${OPTS} --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509cafile ${CA1} /dev/null || \ + fail ${PID} "1. handshake should have succeeded!" + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 ${NOOPTS} --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509cafile ${CA1} /dev/null && \ + fail ${PID} "2. handshake should have failed!" + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 ${OPTS} --priority "NORMAL" --x509cafile ${CA1} /dev/null || \ + fail ${PID} "3. handshake should have succeeded!" + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 ${NOOPTS} --priority "NORMAL" --x509cafile ${CA1} /dev/null && \ + fail ${PID} "4. handshake should have failed!" + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --sni-hostname example.com --priority "NORMAL" --x509cafile ${CA1} /dev/null && \ + fail ${PID} "5. handshake should have failed!" + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --sni-hostname example.com. --verify-hostname example.com. --priority "NORMAL" --x509cafile ${CA1} /dev/null || \ + fail ${PID} "6. handshake should have succeeded!" + +kill ${PID} +wait + +exit 0 diff --git a/tests/sni-resume.sh b/tests/sni-resume.sh new file mode 100755 index 0000000..7f2fd01 --- /dev/null +++ b/tests/sni-resume.sh @@ -0,0 +1,80 @@ +#!/bin/sh + +# Copyright (C) 2017 Thomas Klute +# +# Author: Thomas Klute +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +SERV="${SERV} -q" + +. "${srcdir}/scripts/common.sh" + +PRIORITY="NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+ANON-ECDH" + +echo "Checking if the SNI extension is parsed in gnutls-serv during" \ + "cache-based session resumption" + +TMPFILE="servoutput.$$.tmp" + +eval "${GETPORT}" +launch_server --echo --priority ${PRIORITY} --sni-hostname-fatal \ + --sni-hostname server.example.com --noticket 2>${TMPFILE} +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --sni-hostname server.example.com \ + --priority ${PRIORITY} /dev/null \ + --resume \ + || fail ${PID} "connection and resumption should have succeeded!" + +kill ${PID} +wait + +ret=0 +cat "${TMPFILE}" +# The --sni-hostname-fatal option rejects only clients which send a +# server name that does not match the expected one, not clients that +# do not send an SNI extension at all. Check if the server logged a +# missing extension. +if grep "client did not include SNI extension" "${TMPFILE}" >/dev/null; then + ret=1 + echo "SNI data missing unexpectedly!" +fi +rm "${TMPFILE}" + +exit ${ret} diff --git a/tests/spki-abstract.c b/tests/spki-abstract.c new file mode 100644 index 0000000..d912172 --- /dev/null +++ b/tests/spki-abstract.c @@ -0,0 +1,145 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +static void pubkey_check(void) +{ + int ret; + gnutls_pubkey_t pubkey; + gnutls_x509_spki_t spki; + unsigned salt_size; + gnutls_digest_algorithm_t dig; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_spki_init(&spki); + assert(ret>=0); + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) { + fprintf(stderr, + "gnutls_pubkey_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_pubkey_import_x509_raw(pubkey, &server_ca3_rsa_pss2_cert, + GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + fprintf(stderr, + "gnutls_pubkey_import: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pubkey_get_spki(pubkey, spki, 0); + assert(ret >= 0); + + assert(gnutls_x509_spki_get_rsa_pss_params(spki, &dig, &salt_size) >= 0); + assert(salt_size == 32); + assert(dig == GNUTLS_DIG_SHA256); + + gnutls_pubkey_deinit(pubkey); + gnutls_x509_spki_deinit(spki); + gnutls_global_deinit(); +} + +static void key_check(void) +{ + int ret; + gnutls_privkey_t key; + gnutls_x509_spki_t spki; + unsigned salt_size; + gnutls_digest_algorithm_t dig; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_spki_init(&spki); + assert(ret>=0); + + ret = gnutls_privkey_init(&key); + if (ret < 0) { + fprintf(stderr, + "gnutls_privkey_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_privkey_import_x509_raw(key, &server_ca3_rsa_pss2_key, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) { + fprintf(stderr, + "gnutls_privkey_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_privkey_get_spki(key, spki, 0); + assert(ret >= 0); + + assert(gnutls_x509_spki_get_rsa_pss_params(spki, &dig, &salt_size) >= 0); + assert(salt_size == 32); + assert(dig == GNUTLS_DIG_SHA256); + + /* set and get */ + gnutls_x509_spki_set_rsa_pss_params(spki, GNUTLS_DIG_SHA1, 64); + assert(gnutls_x509_spki_get_rsa_pss_params(spki, &dig, &salt_size) >= 0); + assert(salt_size == 64); + assert(dig == GNUTLS_DIG_SHA1); + + /* read one at a time */ + assert(gnutls_x509_spki_get_rsa_pss_params(spki, NULL, &salt_size) >= 0); + assert(salt_size == 64); + assert(gnutls_x509_spki_get_rsa_pss_params(spki, &dig, NULL) >= 0); + assert(dig == GNUTLS_DIG_SHA1); + + gnutls_privkey_deinit(key); + gnutls_x509_spki_deinit(spki); +} + +void doit(void) +{ + pubkey_check(); + key_check(); +} diff --git a/tests/spki.c b/tests/spki.c new file mode 100644 index 0000000..e5f88e1 --- /dev/null +++ b/tests/spki.c @@ -0,0 +1,227 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +static void crq_check(void) +{ + int ret; + gnutls_x509_crq_t crq; + gnutls_x509_spki_t spki; + gnutls_datum_t tmp; + gnutls_x509_privkey_t privkey; + unsigned salt_size; + gnutls_digest_algorithm_t dig; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_x509_privkey_init(&privkey)>=0); + + ret = + gnutls_x509_privkey_generate(privkey, GNUTLS_PK_RSA, 2048, 0); + assert(ret>=0); + + assert(gnutls_x509_spki_init(&spki)>=0); + + gnutls_x509_spki_set_rsa_pss_params(spki, GNUTLS_DIG_SHA256, 32); + + ret = gnutls_x509_crq_init(&crq); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crq_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + assert(gnutls_x509_crq_set_version(crq, 1)>=0); + assert(gnutls_x509_crq_set_key(crq, privkey)>=0); + assert(gnutls_x509_crq_set_spki(crq, spki, 0)>=0); + + assert(gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME, + 0, "CN-Test", 7)>=0); + gnutls_x509_spki_deinit(spki); + + assert(gnutls_x509_crq_sign2(crq, privkey, GNUTLS_DIG_SHA256, 0)>=0); + + if (debug) { + gnutls_x509_crq_print(crq, GNUTLS_CRT_PRINT_ONELINE, &tmp); + + printf("\tCertificate: %.*s\n", tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + /* read SPKI */ + assert(gnutls_x509_spki_init(&spki)>=0); + + ret = gnutls_x509_crq_get_spki(crq, spki, 0); + assert(ret >= 0); + + assert(gnutls_x509_spki_get_rsa_pss_params(spki, &dig, &salt_size) >= 0); + assert(salt_size == 32); + assert(dig == GNUTLS_DIG_SHA256); + + /* set invalid */ + gnutls_x509_spki_set_rsa_pss_params(spki, GNUTLS_DIG_SHA256, 1024); + assert(gnutls_x509_crq_set_spki(crq, spki, 0) == GNUTLS_E_PK_INVALID_PUBKEY_PARAMS); + + gnutls_x509_crq_deinit(crq); + gnutls_x509_spki_deinit(spki); + gnutls_x509_privkey_deinit(privkey); + gnutls_global_deinit(); +} + + +static void cert_check(void) +{ + int ret; + gnutls_x509_crt_t crt; + gnutls_x509_spki_t spki; + gnutls_datum_t tmp; + unsigned salt_size; + gnutls_digest_algorithm_t dig; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_spki_init(&spki); + assert(ret>=0); + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_crt_import(crt, &server_ca3_rsa_pss2_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (debug) { + gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &tmp); + + printf("\tCertificate: %.*s\n", tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + ret = gnutls_x509_crt_get_spki(crt, spki, 0); + assert(ret >= 0); + + assert(gnutls_x509_spki_get_rsa_pss_params(spki, &dig, &salt_size) >= 0); + assert(salt_size == 32); + assert(dig == GNUTLS_DIG_SHA256); + + /* set invalid */ + gnutls_x509_spki_set_rsa_pss_params(spki, GNUTLS_DIG_SHA256, 1024); + assert(gnutls_x509_crt_set_spki(crt, spki, 0) == GNUTLS_E_PK_INVALID_PUBKEY_PARAMS); + + gnutls_x509_crt_deinit(crt); + gnutls_x509_spki_deinit(spki); + gnutls_global_deinit(); +} + +static void key_check(void) +{ + int ret; + gnutls_x509_privkey_t key; + gnutls_x509_spki_t spki; + unsigned salt_size; + gnutls_digest_algorithm_t dig; + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_spki_init(&spki); + assert(ret>=0); + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_privkey_import(key, &server_ca3_rsa_pss2_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_get_spki(key, spki, 0); + assert(ret >= 0); + + assert(gnutls_x509_spki_get_rsa_pss_params(spki, &dig, &salt_size) >= 0); + assert(salt_size == 32); + assert(dig == GNUTLS_DIG_SHA256); + + /* set and get */ + gnutls_x509_spki_set_rsa_pss_params(spki, GNUTLS_DIG_SHA1, 64); + assert(gnutls_x509_spki_get_rsa_pss_params(spki, &dig, &salt_size) >= 0); + assert(salt_size == 64); + assert(dig == GNUTLS_DIG_SHA1); + + /* set invalid */ + gnutls_x509_spki_set_rsa_pss_params(spki, GNUTLS_DIG_SHA1, 1024); + assert(gnutls_x509_privkey_set_spki(key, spki, 0) == GNUTLS_E_PK_INVALID_PUBKEY_PARAMS); + + gnutls_x509_privkey_deinit(key); + gnutls_x509_spki_deinit(spki); +} + +void doit(void) +{ + cert_check(); + key_check(); + crq_check(); +} diff --git a/tests/srp.c b/tests/srp.c new file mode 100644 index 0000000..6fb0f02 --- /dev/null +++ b/tests/srp.c @@ -0,0 +1,368 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(ENABLE_SRP) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); + +/* This program tests the SRP and SRP-RSA ciphersuites. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + + +static void client(int fd, const char *prio, const char *user, const char *pass, int exp_err) +{ + int ret; + gnutls_session_t session; + gnutls_srp_client_credentials_t srp_cred; + gnutls_certificate_credentials_t x509_cred; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_srp_allocate_client_credentials(&srp_cred); + gnutls_certificate_allocate_credentials(&x509_cred); + + gnutls_srp_set_client_credentials(srp_cred, user, pass); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0 && ret == exp_err) { + if (debug) + success("client: handshake failed as expected\n"); + goto end; + } + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_bye(session, GNUTLS_SHUT_WR); + end: + close(fd); + + gnutls_deinit(session); + + gnutls_srp_free_client_credentials(srp_cred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret, kx; + gnutls_session_t session; + gnutls_srp_server_credentials_t s_srp_cred; + gnutls_certificate_credentials_t s_x509_cred; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_srp_allocate_server_credentials(&s_srp_cred); + gnutls_srp_set_server_credentials_file(s_srp_cred, "tpasswd", + "tpasswd.conf"); + + gnutls_certificate_allocate_credentials(&s_x509_cred); + gnutls_certificate_set_x509_key_mem(s_x509_cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + assert(gnutls_init(&session, GNUTLS_SERVER)>=0); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_SRP, s_srp_cred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + s_x509_cred); + + gnutls_transport_set_int(session, fd); + gnutls_handshake_set_timeout(session, get_timeout()); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + kx = gnutls_kx_get(session); + if (kx != GNUTLS_KX_SRP && kx != GNUTLS_KX_SRP_RSA && + kx != GNUTLS_KX_SRP_DSS) + fail("server: unexpected key exchange: %s\n", gnutls_kx_get_name(kx)); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_srp_free_server_credentials(s_srp_cred); + gnutls_certificate_free_credentials(s_x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *name, const char *prio, const char *user, const char *pass, int exp_err) +{ + int fd[2]; + int ret; + + success("testing: %s\n", name); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + client(fd[1], prio, user, pass, exp_err); + if (exp_err < 0) { + kill(child, SIGTERM); + wait(&status); + } else { + wait(&status); + check_wait_status(status); + } + } else { + server(fd[0], prio); + exit(0); + } +} + +/* test1-7 are valid users, test9 uses parameter 9 which is disallowed by the RFC5054 spec */ +const char *tpasswd_file = + "test:CsrY0PxYlYCAa8UuWUrcjpqBvG6ImlAdGwEUh3tN2DSDBbMWTvnUl7A8Hw7l0zFHwyLH5rh0llrmu/v.Df2FjDEGy0s0rYR5ARE2XlXPl66xhevHj5vitD0Qvq/J0x1v0zMWJSgq/Ah2MoOrw9aBEsQUgf9MddiHQKjE3Vetoq3:3h3cfS0WrBgPUsldDASSK0:1\n" + "test2:1J14yVX4iBa97cySs2/SduwnSbHxiz7WieE761psJQDxkc5flpumEwXbAgK5PrSZ0aZ6q7zyrAN1apJR1QQPAdyScJ6Jw4zjDP7AnezUVGbUNMJXhsI0NPwSc0c/415XfrnM1139yjWCr1qkcYMoN4bALppMMLB8glJkxy7t.3cmH9MkRRAjXXdUgAvHw2ZFLmB/8TlZDhnDS78xCSgLQs.oubZEEIgOWl7BT2.aW76fW3yKWdVrrHQDYPtR4hKx:11rUG9wSMLHe2Cu2p7dmFY:2\n" + "test3:LVJZDDuElMHuRt5/fcx64AhJ4erhFvbIhv/XCtD0tJI3OC6yEBzthZ1FSqblri9qtsvboPApbFHwP9WEluGtCOuzOON4LS8sSeQDBO.PaqjTnsmXKPYMKa.SuLXFuRTtdiFRwX2ZRy3GIWoCvxJtPDWCEYGBWfnjjGEYmQWvo534JVtVDyMaFItYlMTOtBSgsg488oJ5hIAU6jVyIQZGPVv8OHsPCpEt2UlTixzI9nAgQ0WL5ShKaAq0dksF/AY7UMKm0oHbtZeqAx6YcBzLbBhNvcEqYzH95ONpr.cUh91iRhVzdVscsFweSCtWsQrVT4zmSRwdsljeFQPqFbdeK:iWkELSVg3JxmyEq.XbjAW:3\n" + "test4:YziHBXMYwzekToUa6xL1Iq/4AXwpJWO9.Z6.Y6HHGt4eUcZEvVEw4eKEzPmj.K7US59u.X29F9D7xU62yiomPk5t8/3MzDCywlrAvcCVDhXwC3YpZEFl8OgAlp9izNrDErYY33cReBwH8ILHgFBJ2zo3xZqlWjWMrR50fW2J.MMitnx5GoR9dotZWLj9Zti0kODt5bUUeMcJmK/CJorwEtXz6OvuqGIdjrAZDp.5379KFO2smEVb7Qx6JiIDhEqODMMgXJZMSYSbKMgxXC9D.xN/IOn1/TnD.rNHN6LTrGChmbtKpCpuSJb2Bq2dwLFVxE/2UH4/ubYs/s5w9OcN60ypogvmtIWBqW2GyyfbLzHXiNDpJwV.tOktYEvRUG/fF59GF9hISbOIZ.7BhOK.z.iX4T7dEnHhDW16V.QScdOofcrhihb3Fi3Ym8ZpAqBlmlgLGsaGX23idkdF8xHZxJF1cuPosQ1jHjlrhcZotvChJdV3DZdl3m3isKK.bwF8:3QcZGdH5RkBBbB9R/cyNL4:4\n" + "test5:Ei8lv19Vi3.zrgd2DT6hHNVdd1FS2rTOg5N.ZHfIe6tsquMOQdP5JNVDqHaZL/Hr.ecaH5Y0fYCrdRby4iYWOvXvRadXBGP7noJl5II9qF84J8KUWGpdWOkKyIqXmRsdvafX2wB90JfMar7SyV0whR7taEV3fAWzQXVS7sHBA6Iyuj6qW1AIg/ObwYBR94xJuI8uKX4vGB0ptl90IS1nkI68OK.1PIt47IDdmJRxDxtbq3smZevPH9HxGCbWyPa7wp9GXmt7jjY/KhRnehLCaCWR3qpfTzqqYaohLFQ5KpkhCv0V5hFASioi1d5iVUsmJCCwWvHWf8fLKLSQ16D.yUNp6jH9AnrzBzybT5jdK647RxKpvogU67rDo4GQCMEjqoHfxExHz/LTN1mtDbX.MkphO71zGpE.bBMopQZvOzUJfpOjJwWADenalLvD6MXu4/.Hwf.cNH/cv/ueTRkXD8Fmsj0cmNkdLCel2qi3COWJxNP/B5ICQ5MnHg.S7qDSloYRcTvbU/FKGyoar8nhUdrl6w5sBwn1DKg3yijBucqEnOAPyLOmpAku8kTsbgoGVdQbEXdb7sUliLv9OnAARddRjIvAbO1mnWxHxFekBCmD5EtMVfGUUGM/ubQzjvH7PjsCCgBjo3nTPoCNGxzREich8/ChRdUvkzEuBvZXIc2:1nhQGuJI7yz9b0xtvpI87B:5\n" + "test7:6aCMlT0VUuuEnX.pn/K7cfQN1.EefEE9UiwzkBT2a4gdT4OY04pcl7kuKLEwvbb9bSfJWjAF8i8vMT.gg1ZSQTBAcWiBzAwHnnnKv4IgtsT0RAoAjYNjVxe26IMeE/XEdcS9OnOzSdEh2uy6.c9wqgzk0pph.KsQaMV4ivjeoUTdY8ccIiGGrLZcLaScCDeLMH.Ow7HFqMCIa07erJ7W2Xe/i7.0lm1p.oiTFbjNLv.6KXXihivldmz.ca9Dg2mqtp2SMCHul4wMDS3UFXka5/H/BwDFgT72OZpyy.wv9yL2ThHHiQtmc4.jkVutZUFH4gMxdln/3UyZDaXyj.UELFbRsA5VTrOcyqpg3nMqRLnBESC//fQjQPDzsIUG4TYeufCxfX6OK3BQq/KSYCIq08lIRRa1qoLE9FAcsnRO6PQXNtjatPJzgwW9mHZy32Bcy0dAu0mlR.35VGt9B72uAo3H8C6fzgLZHAQmAYvcz2b/LV4bT.FUeZz.D5XDIhxHDzLZOFgpZuYXivgf6B.1MgDd227L6AzVl.tfLF6Tr03Sfa5.FNoZLO.WHyHCje1GWGphLjg/C22QjBvV7NBwW50BkJBDO6HARaR/eZCE5qzmwAqrLbhd3DXYBD/0JSWysm3MO8u2Yhq47Vs8ZbcD835lIObjGOfzQL8iFQerO0H.pPQbwVewUg7fyP/TzSXsSQf0.7Otx6fUObWGEAJyY4Zk3YjBj0lwfQGDYuXjKnHxLgpWzWPtRvUbUxrPJMSFyJwGo8lJC5jZdfk/g/zShzgbib0LrYxwYoD1GvEcrLg/ylqEwDQh4/q7brzkpKUu.i4815rvCbPsqe7qFb6t4keDcNboSsFpRAiDttj8b8mcs/aq1YmPv/RKDO1DEu.QIabsJvdw7hw7sKz4m3OGdQEiFtktvihG0HDhY9UyfVTYm4WysZTx4Lf6WdwIFdkGLZJmhk8KdGPsHfSIo4fyIZieLkWa40e0ez5VevkcPN4C2AjXhVKUM5/9Cx09T38I8ZGIxGC.gF8JnXFarLcFjytuaNA7AlzuiEKlYKNf5AGNBXPoeScMJ.AghZLA0ZbsfbDbHUCSljnIuBhAFs8fL6ML/IqX59sORDYEiGKZnybedKYPgdZSRyy1T/qCDcDy6K/9sA4/gDzJ9ZdhUeasmn4GyXgJoHZ5VvT.ctilLkA36cAD8mHI1f8rcKAcsc5XtdQ5Mqqq6VkeXFAD37lnIc3/oVzBUKpHkyO.k0ibhKHkkmldQVpn1d/qUfhQxKq2S5FaOvqDUohERPoKLfEpsO8cd6NOUnwpGAx8wonNlNNIPaW2rJnRJc67zpznrzyXtTbbURl6eJJ/1nLtQy3xw:2Wva3rbYQapchVRUFxMTxT:7\n" + "test9:1UVtxG4aVjfnc6dPKMq6Cqin3rfrSoqOsGuD0Y6m4CnKqk190gb60JggCPwYbTgISssluub1TjmKlJeEfO18rXxyZgdn3KGJ3mBFLJ5x2t.kOyNRRpMGTK//7FMGiVQeJ12Mlh5p0faixLlHggR3P5e6LjpEZxsTTmU5d8pmACijdkOkuI8uDWKa4Aw.djIoAfUBhmgYGXCzx8axafeRJlZ/QYlx7tAAqdbIVrW2ES3cYTPCT/Yo8Le3IvjPH7Emw5TpIiQa/mcbEO043ewsUCEU9pSwQEyPj0ieXC5fGnTEk2KQ4ZzStgyUBDT4LgB8XGWT/DIQu13pIhwHy6yCuQ:3QFKSzbKxgN9qsll55ZlDu:9"; + +/* 1-7 are from SRP RFC5054 spec, and 9 is the FFDHE 2048-bit prime */ +const char *tpasswd_conf_file = + "1:Ewl2hcjiutMd3Fu2lgFnUXWSc67TVyy2vwYCKoS9MLsrdJVT9RgWTCuEqWJrfB6uE3LsE9GkOlaZabS7M29sj5TnzUqOLJMjiwEzArfiLr9WbMRANlF68N5AVLcPWvNx6Zjl3m5Scp0BzJBz9TkgfhzKJZ.WtP3Mv/67I/0wmRZ:2\n" + "2:dUyyhxav9tgnyIg65wHxkzkb7VIPh4o0lkwfOKiPp4rVJrzLRYVBtb76gKlaO7ef5LYGEw3G.4E0jbMxcYBetDy2YdpiP/3GWJInoBbvYHIRO9uBuxgsFKTKWu7RnR7yTau/IrFTdQ4LY/q.AvoCzMxV0PKvD9Odso/LFIItn8PbTov3VMn/ZEH2SqhtpBUkWtmcIkEflhX/YY/fkBKfBbe27/zUaKUUZEUYZ2H2nlCL60.JIPeZJSzsu/xHDVcx:2\n" + "3:2iQzj1CagQc/5ctbuJYLWlhtAsPHc7xWVyCPAKFRLWKADpASkqe9djWPFWTNTdeJtL8nAhImCn3Sr/IAdQ1FrGw0WvQUstPx3FO9KNcXOwisOQ1VlL.gheAHYfbYyBaxXL.NcJx9TUwgWDT0hRzFzqSrdGGTN3FgSTA1v4QnHtEygNj3eZ.u0MThqWUaDiP87nqha7XnT66bkTCkQ8.7T8L4KZjIImrNrUftedTTBi.WCi.zlrBxDuOM0da0JbUkQlXqvp0yvJAPpC11nxmmZOAbQOywZGmu9nhZNuwTlxjfIro0FOdthaDTuZRL9VL7MRPUDo/DQEyW.d4H.UIlzp:2\n" + "4:///////////93zgY8MZ2DCJ6Oek0t1pHAG9E28fdp7G22xwcEnER8b5A27cED0JTxvKPiyqwGnimAmfjybyKDq/XDMrjKS95v8MrTc9UViRqJ4BffZVjQml/NBRq1hVjxZXh.rg9dwMkdoGHV4iVvaaePb7iv5izmW1ykA5ZlmMOsaWs75NJccaMFwZz9CzVWsLT8zoZhPOSOlDM88LIkvxLAGTmbfPjPmmrJagyc0JnT6m8oXWXV3AGNaOkDiuxuvvtB1WEXWER9uEYx0UYZxN5NV1lJ5B9tYlBzfLO5nWvbKbywfLgvHNI9XYO.WKG5NAEMeggn2sjCnSD151wCwXL8QlV7BfaxFk515ZRxmgAwd5NNGOCVREN3uMcuUJ7g/MkZDi9CzSUZ9JWIYLXdSxZqYOQqkvhyI/w1jcA26JOTW9pFiXgP58VAnWNUo0Ck.4NLtfXNMnt2OZ0kjb6uWZYJw1qvQinGzjR/E3z48vBWj4WgJhIol//////////:5\n" + "5:F//////////oG/QeY5emZJ4ncABWDmSqIa2JWYAPynq0Wk.fZiJco9HIWXvZZG4tU.L6RFDEaCRC2iARV9V53TFuJLjRL72HUI5jNPYNdx6z4n2wQOtxMiB/rosz0QtxUuuQ/jQYP.bhfya4NnB7.P9A6PHxEHRFS80VBYXOxy5cDf8DXnLqvff5Z.e/IJFNuDbNIFSewsM76BpLY25KhkUrIa7S9QMRMSCDKvAl9W4yNHi2CeO8Nmoa5v6BZREE.EUTomO3eO3coU3ekm7ee.rnLtmRqnIoTuho/QLM1SOEPL9VEgLQkKLqYOOcFe541LoZbgAgiGjhJCN3GHGUZEeLI6htnowPEpxXGHOs.yAYkfnLrq637spbm.5fk7anwlrhepR2JFN7eoKu4ebOPtEuz8c6jBkQ/4l.WRPYWXas7O2Spx8QcHI7oiO5tiW3BlX5rTwOLriTmc8mBhPHk88ua.WTEMhCKFRM/pW/H2EIuBH8AaX204QSZmIfuVcruXncX2zkbiccSCd66hquZmQb6WqjXKBsYM3wSegr4pesxl2smJUZlakZlmK7xxAfYXyMKTEQy1TcRAMJw2Gmw8ZEw66KLldxHzXAN3EujUlk1lTTY5mI1pG1f4drR1QgPEqwfYDZzt1Xl.tt92cm8zDz3N9D0OncV//////////:5\n" + "7:3//////////yaFsg8XQC8qnCPYYu3S7D4f0au8YcVCT08BlgOx4viYKKe8UOuq1DtlbHcppJf36p0h2ctoNnGtJ.4rRMrHmaNaXRLsObv.nlHCGkccD.rh2/zSjlG6j.tkE6lxMecVfQwV915yIn/cIIXcKUpaMpt207oueME/1PZQI3OSLTEQQHO/gFqapr.3PLqZtAEjbXnYyrOWXLAxdjKf1t2Mbcrd33LEIhoO1F5qR0ZA625yCf1UHYuspZlZddSi60w60vidWwBi1wAFjSLTy6zCKidUAylsbLWN63cLINpgbMhb5T8c69Zw1H0LSevQYgh4BQqp5mq4K7epg5KXgzySkcJi.uK4MDll2ehgSLTT1WnzivSFXQRXvCUhzQwCsmaprnwCbE1A9M6TpkFI9XhIxclnB/e6sOe8PDXs0dC.o6faKXyh61Tx80oxuHTNUc5TR7S9YC2wsKRY2E9Fe7Jbgp53srlyuFqGZak2qI2f8GW16d8y4gU7vjU8SPeGlRfR9fd39nXgzE8y6fHeDBOL2zebW.dAAjHCwDkxmji4texvBexy51..ogOeV5b7Jcl0NPcoba.WaCEY8pkXXb5Rv.qVOIbmpkBNhxWRtNOXS4WSq0QH9zMmMgcJjEgOZO/TmOR/jzoGfi2FJVGroJG2X98sm/gqqdnm9i7KtB9W9aRUoNKUTZswDxtu/vG6hPvJ3kNRE2z1C06ki6fJxP0ds34NboUmXbg96De.s.lFcnJjHCvikixKknlRVnH7vimbIpCWKL4hrwz2RxZq0JUCqhzPWye1nakIxF0owXNHSXq3z8BNpcvq/lRLNd0lHfWCWhMeG36G2noUMUV9Vxx7wFCZgNf.Dio8lWyTHRV/M5h5IzG7iYj1LAhCZsr.lqZXs1JCNj8FW3VWfvSLxlARuoW6eTMBjyNQTlLGgZsA7x/mwndCiQCJrLpQLidiBlAMCZX/wDTkF0He13wFPZz8OEuIlorR2tHqrkQK.HvjlX5PTAEIRnB.vUGuTtosgJBVZDY.nD1pkJ6wEyWojesTqm1q7wU/Yln7xILszfDhf2HcEgjZd5hazMWq8xHqA/79U2EF5ilZdMKju/sullo4YjaY8Yu4f0Dy1nFhLwWQ8/37D7FyP6pgC6jBoyY6BuE5tVgTIt.Ym8VeUMWp0.rRtJe6Appriw9ufcqg4/W/HFWjtp4Eu7IhQZP5b.YPe2LTmMJp7CK8HeKT.Qj86LtjVg6nrH2zVkTDS/hpQyCUpw9eDP16zEk7dv902KEBI1niruYQ02xLxZWhoHaDflm2RaULMEH7LdVfgfumKE9sLfJVo1zMw82vRd5WoO3TcEtJt///////////:J\n" + "9:3//////////wtuL5YYkqgQhznM82SzFF7OkSM3pYqsbQdXDa4KP3Fxp9ETpYIRFlbzB.DZOmnrsFQ1iWAkn65wqzyUrTNzPM4aC/KVNmPkq8LZPLKzxHhpjLSJNdzNoJMOJmnmuEQBT.AcYThpx.Xo7V5OeJQjvpKmhCfFI3fvUhmAiOAp9FjXqGYfIxB8u/kvQjgtODVqQ1rFGgFUEKtqhbRjvsDoknaB1wV8xWfjS9u2/E7Dz.Bim3G4pIWqBs6HSlwSwOM3/uvF4ZBkye63m/ux6qnlhNCxjVoyBi8W1SMEyODz5eEonlDA9i6ox/g8Qq8uOIXSb///////////:2\n"; + +void doit(void) +{ + FILE *fp; + + fp = fopen("tpasswd.conf", "w"); + if (fp == NULL) + exit(1); + + fwrite(tpasswd_conf_file, 1, strlen(tpasswd_conf_file), fp); + fclose(fp); + + fp = fopen("tpasswd", "w"); + if (fp == NULL) + exit(1); + + fwrite(tpasswd_file, 1, strlen(tpasswd_file), fp); + fclose(fp); + + start("tls1.2 srp-1024", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test", "test", 0); + start("tls1.2 srp-1536", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test2", "test2", 0); + start("tls1.2 srp-2048", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test3", "test3", 0); + start("tls1.2 srp-3072", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test4", "test4", 0); + start("tls1.2 srp-4096", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test5", "test5", 0); + start("tls1.2 srp-8192", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test7", "test7", 0); + start("tls1.2 srp-other", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test9", "test9", GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + + start("tls1.2 srp-rsa", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP-RSA", "test", "test", 0); + + /* check whether SRP works with TLS1.3 being prioritized */ + start("tls1.3 and srp-1024", "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1", "test", "test", 0); + + /* check whether SRP works with the default protocol set */ + start("default srp-1024", "NORMAL:-KX-ALL:+SRP", "test", "test", 0); + + remove("tpasswd"); + remove("tpasswd.conf"); +} + +#endif /* _WIN32 */ diff --git a/tests/srpbase64.c b/tests/srpbase64.c new file mode 100644 index 0000000..cb26e8b --- /dev/null +++ b/tests/srpbase64.c @@ -0,0 +1,186 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include +#include + +#include "utils.h" + +#ifdef ENABLE_SRP + +static void encode(const char *test_name, const gnutls_datum_t *raw, const char *expected) +{ + int ret; + gnutls_datum_t out, in; + + ret = gnutls_srp_base64_encode2(raw, &out); + if (ret < 0) { + fail("%s: gnutls_srp_base64_encode2: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (strlen(expected)!=out.size) { + fail("%s: gnutls_srp_base64_encode2: output has incorrect size (%d, expected %d)\n", test_name, (int)out.size, (int)strlen(expected)); + exit(1); + } + + if (strncasecmp(expected, (char*)out.data, out.size) != 0) { + fail("%s: gnutls_srp_base64_encode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + in.data = (void*)expected; + in.size = strlen(expected); + ret = gnutls_srp_base64_decode2(&in, &out); + if (ret < 0) { + fail("%s: gnutls_srp_base64_decode2: %s\n", test_name, gnutls_strerror(ret)); + exit(1); + } + + if (raw->size!=out.size) { + fail("%s: gnutls_srp_base64_decode2: output has incorrect size (%d, expected %d)\n", test_name, out.size, raw->size); + exit(1); + } + + if (memcmp(raw->data, out.data, out.size) != 0) { + fail("%s: gnutls_srp_base64_decode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + return; +} + +static void decode(const char *test_name, const gnutls_datum_t *raw, const char *hex, int res) +{ + int ret; + gnutls_datum_t out, in; + + in.data = (void*)hex; + in.size = strlen(hex); + ret = gnutls_srp_base64_decode2(&in, &out); + if (ret < 0) { + if (res == ret) /* expected */ + return; + fail("%s: gnutls_srp_base64_decode2: %d/%s\n", test_name, ret, gnutls_strerror(ret)); + exit(1); + } + + if (res != 0) { + fail("%s: gnutls_srp_base64_decode2: expected failure, but succeeded!\n", test_name); + exit(1); + } + + if (raw->size!=out.size) { + fail("%s: gnutls_srp_base64_decode2: output has incorrect size (%d, expected %d)\n", test_name, out.size, raw->size); + exit(1); + } + + if (memcmp(raw->data, out.data, out.size) != 0) { + fail("%s: gnutls_srp_base64_decode2: output does not match the expected\n", test_name); + exit(1); + } + + gnutls_free(out.data); + + return; +} + +struct encode_tests_st { + const char *name; + gnutls_datum_t raw; + const char *sb64; +}; + +struct encode_tests_st encode_tests[] = { + { + .name = "rnd1", + .sb64 = "3scaQAX6bwA8FQKirWBpbu", + .raw = {(void*)"\xf6\x9a\x46\x8a\x84\x69\x7a\x28\x83\xda\x52\xcd\x60\x2f\x39\x78", 16} + }, + { + .name = "rnd2", + .sb64 = "id/k5HdTEqyZFPsLpdvYyGjxv", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19} + } +}; + +struct decode_tests_st { + const char *name; + gnutls_datum_t raw; + const char *sb64; + int res; +}; + +struct decode_tests_st decode_tests[] = { + { + .name = "dec-rnd1", + .sb64 = "3scaQAX6bwA8FQKirWBpbu", + .raw = {(void*)"\xf6\x9a\x46\x8a\x84\x69\x7a\x28\x83\xda\x52\xcd\x60\x2f\x39\x78", 16}, + .res = 0 + }, + { + .name = "dec-rnd2", + .sb64 = "id/k5HdTEqyZFPsLpdvYyGjxv", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = 0 + }, + { + .name = "dec-extra-chars", + .sb64 = " id/k5HdTEqyZFPsLpdvYyGjxv ", + .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19}, + .res = GNUTLS_E_BASE64_DECODING_ERROR + } +}; + +void doit(void) +{ + unsigned i; + + for (i=0;i +#endif + +#include +#include + +/* In this test we check the parsing of SSL 2.0 client hellos under + * the default protocols. + * As we can only read but not generate we use a fixed hello message + * followed by an alert. That way we detect whether the handshake + * completed hello parsing and reached the alert message. + */ + +#if defined(_WIN32) || !defined(ENABLE_SSL2) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include + +#include "utils.h" +#include "cert-common.h" + +pid_t child; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, + str); +} + +/* A very basic TLS client, with anonymous authentication. + */ + + +static unsigned char ssl2_hello[] = + "\x80\x59\x01\x03\x01\x00\x30\x00\x00\x00\x20\x00\x00\x39\x00\x00" + "\x38\x00\x00\x35\x00\x00\x16\x00\x00\x13\x00\x00\x0a\x00\x00\x33" + "\x00\x00\x32\x00\x00\x2f\x00\x00\x07\x00\x00\x05\x00\x00\x04\x00" + "\x00\x15\x00\x00\x12\x00\x00\x09\x00\x00\xff\xb1\xc9\x95\x1a\x02" + "\x6c\xd6\x42\x11\x6e\x99\xe2\x84\x97\xc9\x17\x53\xaf\x53\xf7\xfc" + "\x8d\x1e\x72\x87\x18\x53\xee\xa6\x7d\x18\xc6"; + +static unsigned char tls_alert[] = + "\x15\x03\x01\x00\x02\x02\x5A"; + +static void client(int sd) +{ + char buf[1024]; + int ret; + + /* send an SSL 2.0 hello, and then an alert */ + + ret = send(sd, ssl2_hello, sizeof(ssl2_hello)-1, 0); + if (ret < 0) + fail("error sending hello\n"); + + ret = recv(sd, buf, sizeof(buf), 0); + if (ret < 0) + fail("error receiving hello\n"); + + ret = send(sd, tls_alert, sizeof(tls_alert)-1, 0); + if (ret < 0) + fail("error sending hello\n"); + + close(sd); +} + +static void server(int sd) +{ + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + int ret; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + + if (debug) + success("Launched, generating DH parameters...\n"); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret != GNUTLS_E_FATAL_ALERT_RECEIVED || gnutls_alert_get(session) != GNUTLS_A_USER_CANCELED) { + fail("server: Handshake failed unexpectedly (%s)\n\n", + gnutls_strerror(ret)); + return; + } + + if (debug) { + success("server: Handshake parsed the SSL2.0 client hello\n"); + } + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + + +void doit(void) +{ + int sockets[2]; + int err; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + + close(sockets[1]); + server(sockets[0]); + wait(&status); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/ssl30-cert-key-exchange.c b/tests/ssl30-cert-key-exchange.c new file mode 100644 index 0000000..662721a --- /dev/null +++ b/tests/ssl30-cert-key-exchange.c @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2015-2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the various certificate key exchange methods supported + * in gnutls */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "common-cert-key-exchange.h" +#include "cert-common.h" + +void doit(void) +{ +#ifdef ENABLE_SSL3 + global_init(); + try_x509("SSL 3.0 with anon-dh", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("SSL 3.0 with dhe-rsa no cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + + try_x509("SSL 3.0 with rsa no cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509_cli("SSL 3.0 with dhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509_cli("SSL 3.0 with rsa cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + + try_x509_cli("SSL 3.0 with dhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("SSL 3.0 with rsa ask cert", "NORMAL:-VERS-ALL:+VERS-SSL3.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + gnutls_global_deinit(); +#else + exit(77); +#endif +} diff --git a/tests/ssl30-cipher-neg.c b/tests/ssl30-cipher-neg.c new file mode 100644 index 0000000..745be43 --- /dev/null +++ b/tests/ssl30-cipher-neg.c @@ -0,0 +1,135 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the ciphersuite negotiation for various key exchange + * methods and options. */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" + +#include "cipher-neg-common.c" + +test_case_st tests[] = { + { + .name = "server SSL 3.0: AES-128-CBC (server)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-SSL3.0:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+VERS-SSL3.0:+AES-128-CBC" + }, + { + .name = "both SSL 3.0: AES-128-CBC (server)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-SSL3.0:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-CBC:+VERS-SSL3.0" + }, + { + .name = "client SSL 3.0: AES-128-CBC (client)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:+VERS-SSL3.0:+AES-128-CBC", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "both SSL 3.0: AES-128-CBC (client)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:+AES-128-CBC:+VERS-SSL3.0", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "server SSL 3.0: 3DES-CBC (server)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-SSL3.0:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+VERS-SSL3.0:+3DES-CBC" + }, + { + .name = "both SSL 3.0: 3DES-CBC (server)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-SSL3.0:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+3DES-CBC:+VERS-SSL3.0" + }, + { + .name = "client SSL 3.0: 3DES-CBC (client)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .server_prio = "NORMAL:+VERS-SSL3.0:+3DES-CBC", + .client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "both SSL 3.0: 3DES-CBC (client)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .server_prio = "NORMAL:+3DES-CBC:+VERS-SSL3.0", + .client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "server SSL 3.0: ARCFOUR-128 (server)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-SSL3.0:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+VERS-SSL3.0:+ARCFOUR-128" + }, + { + .name = "both SSL 3.0: ARCFOUR-128 (server)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-SSL3.0:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+ARCFOUR-128:+VERS-SSL3.0" + }, + { + .name = "client SSL 3.0: ARCFOUR-128 (client)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:+VERS-SSL3.0:+ARCFOUR-128", + .client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "both SSL 3.0: ARCFOUR-128 (client)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:+ARCFOUR-128:+VERS-SSL3.0", + .client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-SSL3.0" + } +}; + +void doit(void) +{ + (void) try; + +#ifdef ENABLE_SSL3 + unsigned i; + global_init(); + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the ciphersuite negotiation for various key exchange + * methods and options. */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" + +#include "server-kx-neg-common.c" + +test_case_st tests[] = { + { + .name = "SSL 3.0 ANON-DH without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "SSL 3.0 ANON-DH with cred but no DH params", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_anon_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "SSL 3.0 ANON-DH with cred and DH params", + .server_ret = 0, + .client_ret = 0, + .have_anon_cred = 1, + .have_anon_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "SSL 3.0 DHE-RSA without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "SSL 3.0 DHE-RSA with cred but no DH params or cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "SSL 3.0 DHE-RSA with cred and cert but no DH params", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "SSL 3.0 DHE-RSA with cred and DH params but no cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "SSL 3.0 DHE-RSA with cred and incompatible cert and DH params", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .have_ecc_sign_cert = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "SSL 3.0 DHE-RSA with cred and cert and DH params", + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "SSL 3.0 DHE-RSA with cred and multiple certs and DH params", + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "SSL 3.0 DHE-PSK without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "SSL 3.0 DHE-PSK with cred but no DH params", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-SSL3.0" + }, + { + .name = "SSL 3.0 DHE-PSK with cred DH params", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .have_psk_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-SSL3.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-SSL3.0" + } +}; + +void doit(void) +{ + (void) try; + +#ifdef ENABLE_SSL3 + unsigned i; + global_init(); + + for (i=0;i/dev/null +if test $? != 1;then + fail ${PID} "connect should have failed with error code 1" +fi + +kill ${PID} +wait + +exit 0 diff --git a/tests/starttls-ftp.txt b/tests/starttls-ftp.txt new file mode 100644 index 0000000..d32c3d9 --- /dev/null +++ b/tests/starttls-ftp.txt @@ -0,0 +1,3 @@ +TIMEOUT 120 +FEAT '211-Extended features supported:\r\n LANG EN*\r\n AUTH TLS;TLS-C;SSL;TLS-P;\r\n211 END\r\n' +AUTH '234 AUTH command ok. Expecting TLS Negotiation.\r\n' diff --git a/tests/starttls-lmtp.sh b/tests/starttls-lmtp.sh new file mode 100755 index 0000000..a1b6d6b --- /dev/null +++ b/tests/starttls-lmtp.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +. "${srcdir}/scripts/common.sh" +. "${srcdir}/scripts/starttls-common.sh" + +SERV="${SERV} -q" + +echo "Checking STARTTLS over LMTP" + +eval "${GETPORT}" +socat TCP-LISTEN:${PORT} EXEC:"$CHAT -e -S -v -f ${srcdir}/starttls-lmtp.txt",pty & +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-ECDH --insecure --starttls-proto lmtp --verbose /dev/null +if test $? != 1;then + fail ${PID} "connect should have failed with error code 1" +fi + +kill ${PID} +wait + +exit 0 diff --git a/tests/starttls-lmtp.txt b/tests/starttls-lmtp.txt new file mode 100644 index 0000000..c6425a9 --- /dev/null +++ b/tests/starttls-lmtp.txt @@ -0,0 +1,4 @@ +TIMEOUT 120 +'' '220 mail.example.net Dovecot ready.\r\n' +LHLO '250-mail.example.net\r\n250-8BITMIME\r\n250-ENHANCEDSTATUSCODES\r\n250-STARTTLS\r\n250 PIPELINING\r\n' +STARTTLS '220 2.0.0 Ready to start TLS\r\n' diff --git a/tests/starttls-nntp.sh b/tests/starttls-nntp.sh new file mode 100755 index 0000000..6cd834d --- /dev/null +++ b/tests/starttls-nntp.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +. "${srcdir}/scripts/common.sh" +. "${srcdir}/scripts/starttls-common.sh" + +SERV="${SERV} -q" + +echo "Checking STARTTLS over NNTP" + +eval "${GETPORT}" +socat TCP-LISTEN:${PORT} EXEC:"$CHAT -e -S -v -f ${srcdir}/starttls-nntp.txt",pty & +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-ECDH --insecure --starttls-proto nntp --verbose /dev/null +if test $? != 1;then + fail ${PID} "connect should have failed with error code 1" +fi + +kill ${PID} +wait + +exit 0 diff --git a/tests/starttls-nntp.txt b/tests/starttls-nntp.txt new file mode 100644 index 0000000..0bb123c --- /dev/null +++ b/tests/starttls-nntp.txt @@ -0,0 +1,3 @@ +TIMEOUT 120 +'' '200 nntp.example.net InterNetNews NNRP server INN 2.5.4 ready (posting ok)\r\n' +STARTTLS '382 Begin TLS negotiation now\r\n' diff --git a/tests/starttls-pop3.sh b/tests/starttls-pop3.sh new file mode 100755 index 0000000..37e5263 --- /dev/null +++ b/tests/starttls-pop3.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +. "${srcdir}/scripts/common.sh" +. "${srcdir}/scripts/starttls-common.sh" + +SERV="${SERV} -q" + +echo "Checking STARTTLS over POP3" + +eval "${GETPORT}" +socat TCP-LISTEN:${PORT} EXEC:"$CHAT -e -S -v -f ${srcdir}/starttls-pop3.txt",pty & +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-ECDH --insecure --starttls-proto pop3 --verbose /dev/null +if test $? != 1;then + fail ${PID} "connect should have failed with error code 1" +fi + +kill ${PID} +wait + +exit 0 diff --git a/tests/starttls-pop3.txt b/tests/starttls-pop3.txt new file mode 100644 index 0000000..1a99ebb --- /dev/null +++ b/tests/starttls-pop3.txt @@ -0,0 +1,3 @@ +TIMEOUT 120 +'' '+OK Dovecot ready.\r\n' +STLS '+OK Begin TLS negotiation now.\r\n' diff --git a/tests/starttls-sieve.sh b/tests/starttls-sieve.sh new file mode 100755 index 0000000..dc395ba --- /dev/null +++ b/tests/starttls-sieve.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +. "${srcdir}/scripts/common.sh" +. "${srcdir}/scripts/starttls-common.sh" + +SERV="${SERV} -q" + +echo "Checking STARTTLS over SIEVE" + +eval "${GETPORT}" +socat TCP-LISTEN:${PORT} EXEC:"$CHAT -e -S -v -f ${srcdir}/starttls-sieve.txt",pty & +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-ECDH --insecure --starttls-proto sieve --verbose /dev/null +if test $? != 1;then + fail ${PID} "connect should have failed with error code 1" +fi + +kill ${PID} +wait + +exit 0 diff --git a/tests/starttls-sieve.txt b/tests/starttls-sieve.txt new file mode 100644 index 0000000..eaae93c --- /dev/null +++ b/tests/starttls-sieve.txt @@ -0,0 +1,3 @@ +TIMEOUT 120 +'' '"IMPLEMENTATION" "Dovecot Pigeonhole"\r\n"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date"\r\n"NOTIFY" "mailto"\r\n"SASL" "PLAIN LOGIN"\r\n"STARTTLS"\r\n"VERSION" "1.0"r\nOK "Dovecot ready."\r\n' +STARTTLS 'OK "Begin TLS negotiation now."\r\n' diff --git a/tests/starttls-smtp.sh b/tests/starttls-smtp.sh new file mode 100755 index 0000000..6633e1c --- /dev/null +++ b/tests/starttls-smtp.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +. "${srcdir}/scripts/common.sh" +. "${srcdir}/scripts/starttls-common.sh" + +SERV="${SERV} -q" + +echo "Checking STARTTLS over SMTP" + +eval "${GETPORT}" +socat TCP-LISTEN:${PORT} EXEC:"$CHAT -e -S -v -f ${srcdir}/starttls-smtp.txt",pty & +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-ECDH --insecure --starttls-proto smtp --verbose /dev/null +if test $? != 1;then + fail ${PID} "connect should have failed with error code 1" +fi + +kill ${PID} +wait + +exit 0 diff --git a/tests/starttls-smtp.txt b/tests/starttls-smtp.txt new file mode 100644 index 0000000..049e4e3 --- /dev/null +++ b/tests/starttls-smtp.txt @@ -0,0 +1,3 @@ +'' '220 int.example.com ESMTP Sendmail 8.14.4/8.14.4; Mon, 22 Aug 2016 03:08:09-0400\r\n' +TIMEOUT 120 +EHLO '250-int-example.com Hello [10.40.3.7], pleased to meet you\r\n250-ENHANCEDSTATUSCODES\r\n250-STARTTLS\r\n250 HELP\r\n' STARTTLS '220 2.0.0 Ready to start TLS\r\n' diff --git a/tests/starttls-xmpp.sh b/tests/starttls-xmpp.sh new file mode 100755 index 0000000..82d0db7 --- /dev/null +++ b/tests/starttls-xmpp.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +. "${srcdir}/scripts/common.sh" +. "${srcdir}/scripts/starttls-common.sh" + +echo "Checking STARTTLS over XMPP" + +eval "${GETPORT}" +socat TCP-LISTEN:${PORT} EXEC:"$CHAT -e -S -v -f ${srcdir}/starttls-xmpp.txt",pty & +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:+ANON-ECDH --insecure --starttls-proto xmpp --verbose /dev/null +if test $? != 1;then + fail ${PID} "connect should have failed with error code 1" +fi + +kill ${PID} +wait + +exit 0 diff --git a/tests/starttls-xmpp.txt b/tests/starttls-xmpp.txt new file mode 100644 index 0000000..94e86d4 --- /dev/null +++ b/tests/starttls-xmpp.txt @@ -0,0 +1,3 @@ +TIMEOUT 10 +'' +'' '' diff --git a/tests/starttls.sh b/tests/starttls.sh new file mode 100755 index 0000000..ed9be41 --- /dev/null +++ b/tests/starttls.sh @@ -0,0 +1,47 @@ +#!/bin/sh + +# Copyright (C) 2010-2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +unset RETCODE + +. "${srcdir}/scripts/common.sh" +. "${srcdir}/scripts/starttls-common.sh" + +SERV="${SERV} -q" + +echo "Checking STARTTLS" + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:+ANON-ECDH" +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+ANON-ECDH --insecure --starttls -d 6 /dev/null || \ + fail ${PID} "starttls connect should have succeeded!" + + +kill ${PID} +wait + +exit 0 diff --git a/tests/status-request-ext.c b/tests/status-request-ext.c new file mode 100644 index 0000000..495e08a --- /dev/null +++ b/tests/status-request-ext.c @@ -0,0 +1,344 @@ +/* + * Copyright (C) 2016 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "utils.h" + +/* This program tests that the server does not send the + * status request extension if no status response exists. That + * is to provide compatibility with gnutls 3.3.x which requires + * that behavior. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define SKIP16(pos, total) { \ + uint16_t _s; \ + if (pos+2 > total) fail("error\n"); \ + _s = (msg->data[pos] << 8) | msg->data[pos+1]; \ + if ((size_t)(pos+2+_s) > total) fail("error\n"); \ + pos += 2+_s; \ + } + +#define SKIP8(pos, total) { \ + uint8_t _s; \ + if (pos+1 > total) fail("error\n"); \ + _s = msg->data[pos]; \ + if ((size_t)(pos+1+_s) > total) fail("error\n"); \ + pos += 1+_s; \ + } + +#define TLS_EXT_STATUS_REQUEST 5 +#define HANDSHAKE_SESSION_ID_POS 34 + +/* This returns either the application-specific ID extension contents, + * or the session ID contents. The former is used on the new protocol, + * while the latter on the legacy protocol. + * + * Extension ID: 48018 + * opaque ApplicationID<1..2^8-1>; + * + * struct { + * ExtensionType extension_type; + * opaque extension_data<0..2^16-1>; + * } Extension; + * + * struct { + * ProtocolVersion server_version; + * Random random; + * SessionID session_id; + * CipherSuite cipher_suite; + * CompressionMethod compression_method; + * Extension server_hello_extension_list<0..2^16-1>; + * } ServerHello; + */ +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + size_t pos = 0; + /* A client hello packet. We can get the session ID and figure + * the associated connection. */ + if (msg->size < HANDSHAKE_SESSION_ID_POS+GNUTLS_MAX_SESSION_ID+2) { + fail("invalid client hello\n"); + } + + /* try to read the extension data */ + pos = HANDSHAKE_SESSION_ID_POS; + + /* session id */ + SKIP8(pos, msg->size); + + /* CipherSuite */ + pos+=2; + + /* CompressionMethod */ + SKIP8(pos, msg->size); + + if (pos+2 > msg->size) + fail("invalid client hello\n"); + pos+=2; + + /* Extension(s) */ + while (pos < msg->size) { + uint16_t type; + + if (pos+4 > msg->size) + fail("invalid client hello\n"); + + type = (msg->data[pos] << 8) | msg->data[pos+1]; + pos+=2; + if (type != TLS_EXT_STATUS_REQUEST) { + SKIP16(pos, msg->size); + } else { /* found */ + fail("found extension, although no status response\n"); + break; + } + } + + return 0; +} + + + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, prio, NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) { + /* success */ + goto end; + } + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_SERVER_HELLO, + GNUTLS_HOOK_POST, + handshake_callback); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + /* failure is expected here */ + goto end; + } + + if (debug) { + success("server: Handshake was completed\n"); + } + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static void start(const char *name, const char *prio) +{ + pid_t child; + int fd[2]; + int ret, status = 0; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + success("running: %s\n", name); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } +} + +void doit(void) +{ + start("tls1.2", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); + start("tls1.3", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); + start("default", "NORMAL"); +} + +#endif /* _WIN32 */ diff --git a/tests/status-request-ok.c b/tests/status-request-ok.c new file mode 100644 index 0000000..fe1818e --- /dev/null +++ b/tests/status-request-ok.c @@ -0,0 +1,325 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* This program tests the status request extension and that receiving the + * certificate status works. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static int sent = 0; +static int received = 0; + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + success("received status request\n"); + received = 1; + return 0; +} + +#define RESP "\x30\x82\x06\x8C\x0A\x01\x00\xA0\x82\x06\x85\x30\x82\x06\x81\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\x72\x30\x82\x06\x6E\x30\x82\x01\x07\xA1\x69\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\x30\x64\x30\x62\x30\x3A\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x13\x9D\xA0\x9E\xF4\x32\xAB\x8F\xE2\x89\x56\x67\xFA\xD0\xD4\xE3\x35\x86\x71\xB9\x04\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\x02\x01\x1D\x80\x00\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\xA0\x11\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x39\x32\x38\x5A\xA1\x23\x30\x21\x30\x1F\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x16\x89\x7D\x91\x3A\xB5\x25\xA4\x45\xFE\xC9\xFD\xC2\xE5\x08\xA4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\xAD\x6B\x2B\xF7\xF2\xBF\xA9\x23\x1E\x3A\x0B\x06\xDB\x55\x53\x2B\x64\x54\x11\x32\xBF\x60\xF7\x4F\xE0\x8E\x9B\xA0\xA2\x4C\x79\xC3\x2A\xE0\x43\xF7\x40\x1A\xDC\xB9\xB4\x25\xEF\x48\x01\x97\x8C\xF5\x1E\xDB\xD1\x30\x37\x73\x69\xD6\xA7\x7A\x2D\x8E\xDE\x5C\xAA\xEA\x39\xB9\x52\xAA\x25\x1E\x74\x7D\xF9\x78\x95\x8A\x92\x1F\x98\x21\xF4\x60\x7F\xD3\x28\xEE\x47\x9C\xBF\xE2\x5D\xF6\x3F\x68\x0A\xD6\xFF\x08\xC1\xDC\x95\x1E\x29\xD7\x3E\x85\xD5\x65\xA4\x4B\xC0\xAF\xC3\x78\xAB\x06\x98\x88\x19\x8A\x64\xA6\x83\x91\x87\x13\xDB\x17\xCC\x46\xBD\xAB\x4E\xC7\x16\xD1\xF8\x35\xFD\x27\xC8\xF6\x6B\xEB\x37\xB8\x08\x6F\xE2\x6F\xB4\x7E\xD5\x68\xDB\x7F\x5D\x5E\x36\x38\xF2\x77\x59\x13\xE7\x3E\x4D\x67\x5F\xDB\xA2\xF5\x5D\x7C\xBF\xBD\xB5\x37\x33\x51\x36\x63\xF8\x21\x1E\xFC\x73\x8F\x32\x69\xBB\x97\xA7\xBD\xF1\xB6\xE0\x40\x09\x68\xEA\xD5\x93\xB8\xBB\x39\x8D\xA8\x16\x1B\xBF\x04\x7A\xBC\x18\x43\x01\xE9\x3C\x19\x5C\x4D\x4B\x98\xD8\x23\x37\x39\xA4\xC4\xDD\xED\x9C\xEC\x37\xAB\x66\x44\x9B\xE7\x5B\x5D\x32\xA2\xDB\xA6\x0B\x3B\x8C\xE1\xF5\xDB\xCB\x7D\x58\xA0\x82\x04\x4B\x30\x82\x04\x47\x30\x82\x04\x43\x30\x82\x03\x2B\xA0\x03\x02\x01\x02\x02\x01\x1E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x39\x31\x31\x32\x34\x31\x32\x35\x31\x35\x33\x5A\x17\x0D\x31\x34\x31\x31\x32\x33\x31\x32\x35\x31\x35\x33\x5A\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBC\x05\x3E\x4B\xBE\xC6\xB1\x33\x48\x0E\xC3\xD4\x0C\xEF\x83\x0B\xBD\xBC\x57\x5F\x14\xEF\xF5\x6D\x0B\xFF\xFA\x01\x9C\xFA\x21\x6D\x5C\xAE\x79\x29\x74\xFE\xBD\xAB\x70\x87\x98\x6B\x48\x35\x79\xE3\xE0\xC1\x14\x41\x1F\x0A\xF7\xE7\xA3\xA6\xDA\x6B\xFF\xCD\x74\xE9\x95\x00\x38\xAA\xD6\x3A\x60\xC6\x64\xA1\xE6\x02\x39\x58\x4E\xFD\xF2\x78\x08\x63\xB6\xD7\x7A\x96\x79\x62\x18\x39\xEE\x27\x8D\x3B\xA2\x3D\x48\x88\xDB\x43\xD6\x6A\x77\x20\x6A\x27\x39\x50\xE0\x02\x50\x19\xF2\x7A\xCF\x78\x23\x99\x01\xD4\xE5\xB1\xD1\x31\xE6\x6B\x84\xAF\xD0\x77\x41\x46\x85\xB0\x3B\xE6\x6A\x00\x0F\x3B\x7E\x95\x7F\x59\xA8\x22\xE8\x49\x49\x05\xC8\xCB\x6C\xEE\x47\xA7\x2D\xC9\x74\x5B\xEB\x8C\xD5\x99\xC2\xE2\x70\xDB\xEA\x87\x43\x84\x0E\x4F\x83\x1C\xA6\xEB\x1F\x22\x38\x17\x69\x9B\x72\x12\x95\x48\x71\xB2\x7B\x92\x73\x52\xAB\xE3\x1A\xA5\xD3\xF4\x44\x14\xBA\xC3\x35\xDA\x91\x6C\x7D\xB4\xC2\x00\x07\xD8\x0A\x51\xF1\x0D\x4C\xD9\x7A\xD1\x99\xE6\xA8\x8D\x0A\x80\xA8\x91\xDD\x8A\xA2\x6B\xF6\xDB\xB0\x3E\xC9\x71\xA9\xE0\x39\xC3\xA3\x58\x0D\x87\xD0\xB2\xA7\x9C\xB7\x69\x02\x03\x01\x00\x01\xA3\x82\x01\x1A\x30\x82\x01\x16\x30\x09\x06\x03\x55\x1D\x13\x04\x02\x30\x00\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x03\xA8\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x34\x91\x6E\x91\x32\xBF\x35\x25\x43\xCC\x28\x74\xEF\x82\xC2\x57\x92\x79\x13\x73\x30\x6D\x06\x03\x55\x1D\x23\x04\x66\x30\x64\x80\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\xA1\x49\xA4\x47\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x82\x01\x00\x30\x1E\x06\x03\x55\x1D\x11\x04\x17\x30\x15\x82\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x13\x06\x03\x55\x1D\x25\x04\x0C\x30\x0A\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x39\x06\x03\x55\x1D\x1F\x04\x32\x30\x30\x30\x2E\xA0\x2C\xA0\x2A\x86\x28\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x2F\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x6D\x78\xD7\x66\x90\xA6\xEB\xDD\xB5\x09\x48\xA4\xDA\x27\xFA\xAC\xB1\xBC\x8F\x8C\xBE\xCC\x8C\x09\xA2\x40\x0D\x6C\x4A\xAE\x72\x22\x1E\xC8\xAF\x6D\xF1\x12\xAF\xD7\x40\x51\x79\xD4\xDD\xB2\x0C\xDB\x97\x84\xB6\x24\xD5\xF5\xA8\xBB\xC0\x4B\xF9\x7F\x71\xF7\xB0\x65\x42\x4A\x7D\xFE\x76\x7E\x05\xD2\x46\xB8\x7D\xB3\x39\x4C\x5C\xB1\xFA\xB9\xEE\x3B\x70\x33\x39\x57\x1A\xB9\x95\x51\x33\x00\x25\x1B\x4C\xAA\xB4\xA7\x55\xAF\x63\x6D\x6F\x88\x17\x6A\x7F\xB0\x97\xDE\x49\x14\x6A\x27\x6A\xB0\x42\x80\xD6\xA6\x9B\xEF\x04\x5E\x11\x7D\xD5\x8E\x54\x20\xA2\x76\xD4\x66\x58\xAC\x9C\x12\xD3\xF5\xCA\x54\x98\xCA\x21\xEC\xC1\x55\xA1\x2F\x68\x0B\x5D\x04\x50\xD2\x5E\x70\x25\xD8\x13\xD9\x44\x51\x0E\x8A\x42\x08\x18\x84\xE6\x61\xCE\x5A\x7D\x7B\x81\x35\x90\xC3\xD4\x9D\x19\xB6\x37\xEE\x8F\x63\x5C\xDA\xD8\xF0\x64\x60\x39\xEB\x9B\x1C\x54\x66\x75\x76\xB5\x0A\x58\xB9\x3F\x91\xE1\x21\x9C\xA0\x50\x15\x97\xB6\x7E\x41\xBC\xD0\xC4\x21\x4C\xF5\xD7\xF0\x13\xF8\x77\xE9\x74\xC4\x8A\x0E\x20\x17\x32\xAE\x38\xC2\xA5\xA8\x62\x85\x17\xB1\xA2\xD3\x22\x9F\x95\xB7\xA3\x4C" +#define RESP_SIZE (sizeof(RESP)-1) + +static int status_func(gnutls_session_t session, void *ptr, gnutls_datum_t *resp) +{ + resp->data = gnutls_malloc(RESP_SIZE); + if (resp->data == NULL) + return -1; + + memcpy(resp->data, RESP, RESP_SIZE); + resp->size = RESP_SIZE; + sent = 1; + return 0; +} + +#define MAX_BUF 1024 + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA", NULL); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CERTIFICATE_STATUS, + GNUTLS_HOOK_POST, + handshake_callback); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) { + /* success */ + goto end; + } + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (received == 0) { + fail("client: didn't receive status request\n"); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +static void server(int fd) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_ocsp_status_request_function(x509_cred, status_func, NULL); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + /* failure is expected here */ + goto end; + } + + if (debug) { + success("server: Handshake was completed\n"); + } + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (sent == 0) { + fail("status request was sent\n"); + exit(1); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +void doit(void) +{ + pid_t child; + int fd[2]; + int ret, status = 0; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + client(fd[0]); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1]); + exit(0); + } + + return; +} + +#endif /* _WIN32 */ diff --git a/tests/status-request-revoked.c b/tests/status-request-revoked.c new file mode 100644 index 0000000..0268934 --- /dev/null +++ b/tests/status-request-revoked.c @@ -0,0 +1,472 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * Copyright (C) 2020 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* This program tests that the client does not send the + * status request extension if GNUTLS_NO_EXTENSIONS is set. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1586000000; + + if (t) + *t = then; + + return then; +} + +static unsigned char server_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIEKjCCAhKgAwIBAgIIRiBQA6KFBj0wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE\n" +"AxMEaWNhMTAeFw0xOTEwMjQxNDA1MDBaFw0yMDEwMjQxNDAzMDBaMBoxGDAWBgNV\n" +"BAMTD3Rlc3Quc2VydmVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\n" +"ggEBAKgBiCBLx9eqe2tcCdkyDvQb3UZMR/Gs1mHaiW9zUbqnHkMD/N+0B+JRcfW2\n" +"P5WnQRTlSrWM/gFJh+va0Wtnu0VZWdBHhyR8Vq62DskNRSXUSTsQVqktaMmA/yPY\n" +"iYtY5069WUBoa1GD23BRaeoinLtmBEaUIvsAdCPQ5bCdaVSFOLlnuDxF6/bOAQAC\n" +"5EJ3UDAdqqGmHCQAJcKiCim2ttCIquLqAsgalHMKKBAdEm01o+LO6FOHK1OkwA1W\n" +"GiDNaojEojMS87x9VjmdiamvPuAALLAMMQ3fh8DxqAWA4pfkYWJKehnlPHdjPfkO\n" +"GjUvpezsWev5PBJKp5x6ce9vlgMCAwEAAaN/MH0wCQYDVR0TBAIwADALBgNVHQ8E\n" +"BAMCA4gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGgYDVR0RBBMwEYIPdGVzdC5zZXJ2\n" +"ZXIuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovLzEwLjEu\n" +"Mi4yNDI6ODg4ODANBgkqhkiG9w0BAQsFAAOCAgEAK9Bo7i8Mj7t8l+nZqQ6ezG6d\n" +"sq5FYkr2h+T5C0Pt2RscMYAKRdBjAXmCTy1jhaojUVIupm/pK1YQAOgSQF5PMhLl\n" +"3W1SiLl2aU1A0HjHpHvN81YP5VeceHgoJrA5VYGYQohIyH9zfSJNb5TyhQcIHiqZ\n" +"aSC64c7sSywHC4vEHYyYu0LVMic4y7EWM2Y5Vh3xhB28jq5ixChCxG/i6rHt1fC+\n" +"1YsKQaE+sAY4QVjMYE8g4SldqMDpnSCiHDFBfWMGD5hGvp4WMfNXpuiDG9M8wAcT\n" +"A93NxnZqmUdksK/waGS7/uj/eY1hMU2Z/TVhaCDk146hH+lOUf6CnwM3MXLOALaz\n" +"eHyfbm/P8XniWhzBQIiY+5wYVath9YlOkRZhAMKRglRNpwXoTKZiJNkqrwaz6RnB\n" +"S19QByi+L6tFP7AxLFd7DKv4FbI2FWh5GyCrqa8rNc3Bh/oxDR0iAUetEFQUjkxN\n" +"x5A0mOnKds0UoTq3nI5t6obgzAjFkiMgVMXyXo4HqfzpAtqIgZd+PJn5snFoJ6Xh\n" +"NPjCYbfBb9LQFlfodWVg0W4mjfp0HypFaBIudgw0ANdQUUOosWFi0H2msj7CJf4G\n" +"crMZmsCvD+xKfwKqph+tH0/e/xFeFmVOSVI78ESJhpRcQ9ODiOA98FTR4W1Nv9gd\n" +"2GOAQzJDUd051fcRBXQ=\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIIEvzCCAqegAwIBAgIIV9UmBssMHTUwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UE\n" +"AxMGcm9vdGNhMB4XDTE5MTAyNDE0MDQwMFoXDTIwMTAyNDE0MDMwMFowDzENMAsG\n" +"A1UEAxMEaWNhMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALY5o80n\n" +"QOQWNJnWOEL6Vg/UH84r9TP4ZWKlWmC4K+pi0S+8x7uFBUyxFffS/SaWeoxI2wBm\n" +"ezMjAl1gFQTCxsojxfgS9Ky9fbxdaADeLKW7B8UHRzrKO8I9Khhe82oU87vAYUFX\n" +"cC0ALIE4zpcdezmr53ACloYfTwDy4onl6VKVjwhfZ6PglwZRkOLjSRMbmSScJPGF\n" +"pMx29dhXEFeCyAdqU+H9Bhu0cIwHUeFp4BM1j8NsW6GHLIzioc5f70EX76M9FyRA\n" +"EB/csmEGX37vNjPmmyki6SJ2nFoa7C9o3ty7IzoUdrU8Cfj9o6WdEfCRlIuxLWra\n" +"LFQrduuhk3sZYU2adZa3hJJ3Y+jx0lUBO4TxtO1Maf39Rfp4BzK1WybjCpDnO/Xg\n" +"kU5hDjQX9zRWYPcwPMGEv3wJAezTsp/mx8UGtIlWVpd0z/oVoKvOrGaxx0RYq5SP\n" +"mutaKDCvQ0j6t9wc69fyG5d9iNA3INXLhkFiZqEKpwZsi7RaSjD615EX2GqdIoZ0\n" +"Ib4NEtpMv12/7ti1VFVxNNMaDNiOKRg7/Ha5SrRnCabyEuykSUnxjttNjBEazn1M\n" +"VWIel0scvDtRFDFGklFuABOJmoYGkAPnIpN+H/l17/VtSWBsPy1rnlfgK2ftm773\n" +"5kiEQJn42uh+jbgWaBdt9Q1B+VeV51pnjjc7AgMBAAGjHTAbMAwGA1UdEwQFMAMB\n" +"Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQBgm8eEsLeGo5eI4plQ\n" +"WtqvyKrrvpa9YachqmQfoARbMBJg4J0Eq3u3yjL1kUHZ5f0IkXeiaw/w5u2oxZTe\n" +"SHHJCCd54NhLzBeTV/GQuDnWqU+GZP3ay+SkzjAMbfkHibVlRZLkeVnDZLRGd5jb\n" +"RMXRj1LMVagI1xVM3Y4PEcDw+Bhp4XFHBUcxtcqFrjJQBbJJYE9A2QiPwoDQlYoy\n" +"gSvVffbb04bDM01pbYOfPL9t1IIiq7KHHOq0vWzvoU+hnAx+U30wNSaeshKuixNa\n" +"PpWKZ1hoejkhddeiypFqhS54oOxaCxArXPFIl/mLPJlztf/s1Xumi0W4fkIACtoY\n" +"SFilawtsf/vC/WesFsQ502IkFpjYCeUavk8nAfZPZg1BwQ+ZLcwZXBuCtqyn9Mk9\n" +"3UgHAiwMLDqeSQShjHWkBeLr5IOYMubT6SuLpd13rz2WOj6ETq7zizUanV8yAeaT\n" +"x/pn1/rVpbzrbEAL5RkYlUK0ZbwpKjTLygiHUXFqpiID4L1OXoJbtbgSQlXFTEXV\n" +"AnG40QNerXjQ8b+BlmFmCY2nxtNFgtVLUHb4vyG1mUcNIYafH+9TD5tUdzDVZP90\n" +"NnU+8i3Ah3qk9B4Cv9wdHY4Mq/m2jTZd060oGb5l5381Ju5tr2BE+xPXCzSk7TsL\n" +"tdq43/hGqq4D2YGCc9E0WnOVxw==\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIIEwTCCAqmgAwIBAgIIFv+PS+AkgjowDQYJKoZIhvcNAQELBQAwETEPMA0GA1UE\n" +"AxMGcm9vdGNhMB4XDTE5MTAyNDE0MDMwMFoXDTIwMTAyNDE0MDMwMFowETEPMA0G\n" +"A1UEAxMGcm9vdGNhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtjmj\n" +"zSdA5BY0mdY4QvpWD9Qfziv1M/hlYqVaYLgr6mLRL7zHu4UFTLEV99L9JpZ6jEjb\n" +"AGZ7MyMCXWAVBMLGyiPF+BL0rL19vF1oAN4spbsHxQdHOso7wj0qGF7zahTzu8Bh\n" +"QVdwLQAsgTjOlx17OavncAKWhh9PAPLiieXpUpWPCF9no+CXBlGQ4uNJExuZJJwk\n" +"8YWkzHb12FcQV4LIB2pT4f0GG7RwjAdR4WngEzWPw2xboYcsjOKhzl/vQRfvoz0X\n" +"JEAQH9yyYQZffu82M+abKSLpInacWhrsL2je3LsjOhR2tTwJ+P2jpZ0R8JGUi7Et\n" +"atosVCt266GTexlhTZp1lreEkndj6PHSVQE7hPG07Uxp/f1F+ngHMrVbJuMKkOc7\n" +"9eCRTmEONBf3NFZg9zA8wYS/fAkB7NOyn+bHxQa0iVZWl3TP+hWgq86sZrHHRFir\n" +"lI+a61ooMK9DSPq33Bzr1/Ibl32I0Dcg1cuGQWJmoQqnBmyLtFpKMPrXkRfYap0i\n" +"hnQhvg0S2ky/Xb/u2LVUVXE00xoM2I4pGDv8drlKtGcJpvIS7KRJSfGO202MERrO\n" +"fUxVYh6XSxy8O1EUMUaSUW4AE4mahgaQA+cik34f+XXv9W1JYGw/LWueV+ArZ+2b\n" +"vvfmSIRAmfja6H6NuBZoF231DUH5V5XnWmeONzsCAwEAAaMdMBswDAYDVR0TBAUw\n" +"AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAAk7UHoAWMRlcCtH\n" +"qPH4YOuqqhMEqrJ3nRrRffDmRNCy/R2OpYRmI37HItaWmAB/aGK6H3nQG5fHY1/e\n" +"Ypn/uwpYyvpMtYZgeNNFHckXcWQo3C7wOlCwQzWzI9po0zRp3EqTNBneKa4cZoe0\n" +"FxcMfLbHL4SRKE08PZ3NBRW4n01fjjSs3o4cXvhD6puMTwjL581tWhgmfTrYGMvH\n" +"i7/XSUuFKzj74dA1LioEvbi5qy4kCvy1zxLMySXRd8ZtdnlS/tP3dTx+f1qCZaH6\n" +"E3jE7pi24yRmQaiNaO8Ap4uKcPaMXCsqg+TNTID3QJx6hDgQYsD7P64cUJXXhT/S\n" +"bmdawUaWhwZXVCm2VIpYI3GYhnEVpovyqHOsopNfrabCzvuVB/d4wJBO9MJUk/0l\n" +"BBCTJx3DluvkjKlDWxVDgpofElbU+77mEKLLki4G0f12biJLXOoS+jYayHSKbNlT\n" +"5qzXO3swPMNyS1iBdJtmsh3d5JxHa96UlBgKa5pZY2vk+rHUP0j5aLPMqqCixOpE\n" +"rYX6hvg898wlR2enXY//dgnvgprDW9Fs1x/PdaFx6p1EFpGuJX/td7CK633MsRbu\n" +"dirhB+L70skZjiGGR/kY0i6edHFiMoqmyXm3ML9ID3ZWfQV9gDCCIKvz9SqpW08q\n" +"dZHbP85IPw8a3Lzour7HV3acvaKA\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem)-1 +}; + +static unsigned char ca_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIEwTCCAqmgAwIBAgIIFv+PS+AkgjowDQYJKoZIhvcNAQELBQAwETEPMA0GA1UE\n" +"AxMGcm9vdGNhMB4XDTE5MTAyNDE0MDMwMFoXDTIwMTAyNDE0MDMwMFowETEPMA0G\n" +"A1UEAxMGcm9vdGNhMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtjmj\n" +"zSdA5BY0mdY4QvpWD9Qfziv1M/hlYqVaYLgr6mLRL7zHu4UFTLEV99L9JpZ6jEjb\n" +"AGZ7MyMCXWAVBMLGyiPF+BL0rL19vF1oAN4spbsHxQdHOso7wj0qGF7zahTzu8Bh\n" +"QVdwLQAsgTjOlx17OavncAKWhh9PAPLiieXpUpWPCF9no+CXBlGQ4uNJExuZJJwk\n" +"8YWkzHb12FcQV4LIB2pT4f0GG7RwjAdR4WngEzWPw2xboYcsjOKhzl/vQRfvoz0X\n" +"JEAQH9yyYQZffu82M+abKSLpInacWhrsL2je3LsjOhR2tTwJ+P2jpZ0R8JGUi7Et\n" +"atosVCt266GTexlhTZp1lreEkndj6PHSVQE7hPG07Uxp/f1F+ngHMrVbJuMKkOc7\n" +"9eCRTmEONBf3NFZg9zA8wYS/fAkB7NOyn+bHxQa0iVZWl3TP+hWgq86sZrHHRFir\n" +"lI+a61ooMK9DSPq33Bzr1/Ibl32I0Dcg1cuGQWJmoQqnBmyLtFpKMPrXkRfYap0i\n" +"hnQhvg0S2ky/Xb/u2LVUVXE00xoM2I4pGDv8drlKtGcJpvIS7KRJSfGO202MERrO\n" +"fUxVYh6XSxy8O1EUMUaSUW4AE4mahgaQA+cik34f+XXv9W1JYGw/LWueV+ArZ+2b\n" +"vvfmSIRAmfja6H6NuBZoF231DUH5V5XnWmeONzsCAwEAAaMdMBswDAYDVR0TBAUw\n" +"AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAAk7UHoAWMRlcCtH\n" +"qPH4YOuqqhMEqrJ3nRrRffDmRNCy/R2OpYRmI37HItaWmAB/aGK6H3nQG5fHY1/e\n" +"Ypn/uwpYyvpMtYZgeNNFHckXcWQo3C7wOlCwQzWzI9po0zRp3EqTNBneKa4cZoe0\n" +"FxcMfLbHL4SRKE08PZ3NBRW4n01fjjSs3o4cXvhD6puMTwjL581tWhgmfTrYGMvH\n" +"i7/XSUuFKzj74dA1LioEvbi5qy4kCvy1zxLMySXRd8ZtdnlS/tP3dTx+f1qCZaH6\n" +"E3jE7pi24yRmQaiNaO8Ap4uKcPaMXCsqg+TNTID3QJx6hDgQYsD7P64cUJXXhT/S\n" +"bmdawUaWhwZXVCm2VIpYI3GYhnEVpovyqHOsopNfrabCzvuVB/d4wJBO9MJUk/0l\n" +"BBCTJx3DluvkjKlDWxVDgpofElbU+77mEKLLki4G0f12biJLXOoS+jYayHSKbNlT\n" +"5qzXO3swPMNyS1iBdJtmsh3d5JxHa96UlBgKa5pZY2vk+rHUP0j5aLPMqqCixOpE\n" +"rYX6hvg898wlR2enXY//dgnvgprDW9Fs1x/PdaFx6p1EFpGuJX/td7CK633MsRbu\n" +"dirhB+L70skZjiGGR/kY0i6edHFiMoqmyXm3ML9ID3ZWfQV9gDCCIKvz9SqpW08q\n" +"dZHbP85IPw8a3Lzour7HV3acvaKA\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t ca_cert = { ca_cert_pem, + sizeof(ca_cert_pem) +}; + +static unsigned char server_key_pem[] = +"-----BEGIN RSA PRIVATE KEY-----\n" +"MIIEogIBAAKCAQEAqAGIIEvH16p7a1wJ2TIO9BvdRkxH8azWYdqJb3NRuqceQwP8\n" +"37QH4lFx9bY/ladBFOVKtYz+AUmH69rRa2e7RVlZ0EeHJHxWrrYOyQ1FJdRJOxBW\n" +"qS1oyYD/I9iJi1jnTr1ZQGhrUYPbcFFp6iKcu2YERpQi+wB0I9DlsJ1pVIU4uWe4\n" +"PEXr9s4BAALkQndQMB2qoaYcJAAlwqIKKba20Iiq4uoCyBqUcwooEB0SbTWj4s7o\n" +"U4crU6TADVYaIM1qiMSiMxLzvH1WOZ2Jqa8+4AAssAwxDd+HwPGoBYDil+RhYkp6\n" +"GeU8d2M9+Q4aNS+l7OxZ6/k8EkqnnHpx72+WAwIDAQABAoIBAEw4Ba3BM3SgH0Xh\n" +"h4ZFs4sDaSuPR8RYiRnzrw4k3xsy3gPBN2O1pS4DjRPQDqCyNFBqha4/vKyQ010o\n" +"9IEpmkgn9RsMmD7xOdIhPivwHULAQEjPbMFrnHJuV1HH1v6k4qtSM7+In8dnbpJS\n" +"HR7ffQN3kNEEO6pr1kS5bLrnbvWsjpKcqELOMJfJY+uMS/GhITfrhWtm0PagZ1ze\n" +"w/WYHTkgzGOgBeJuOjb6jCfLOuNDsP/RKALnq7eGeHce8w1tRFkpnxHrCquisgaQ\n" +"ZpFIwG8r8VgwRgd/ydjD1+jMgIwx1NW2GBnX91uLCe6/hTMDAub6TPYZkqiHIlDZ\n" +"UcMg5eECgYEA0kdGFO4XjlpLg5y5FmZSNH0UhEYbn67PTb9DMi3ecDPH5zSjbiYa\n" +"0JCFYQqRTPBl6D/cRIIIaWJOBIg7DgzELFTqnZlpWuenSef9sHNIQp/6XhT75aLD\n" +"EUJgcP3oyV0MOhGp48ZnYgmbnBZuoQKpuWV39IqqgSlAUKjTcFQAV9UCgYEAzIk/\n" +"eTkd1tOh+K22pGBaz8hHi5+YJ/YpHKSjryI2I0PgtmrWL8S284pySkGU+oFV4N8Z\n" +"Ajh5+26DVWxQK8LAqRYlgrooF/+85FJuGx47BhnTCVxmypOZILJ0jeJk8StBrAUk\n" +"TvcEVcQr8kFSvUPyz1codEFTECsMYbKP37aeuncCgYBnOa3hoG/X5eOkHE+P+3Ln\n" +"aW+k73WoEfyaQgYOoA3OLt03VtPTwsjvEcMoPDPP/UNJm+/Zgav3b9a0ytuSrhmv\n" +"WZBDBYh+o7Gvyj7zW+RhMH+Lp+lwdVIlKtyFG2AnWZIi/4DS3BbsPaMyIKD2UYRY\n" +"CsO0PE4vUbzM29PQFKyGcQKBgG3hrf/p92XZ/EIk0OIuAZtu9UDFVHDjheKlcGo9\n" +"7uezJ53Yd4jiHYdo8U2DPg32PbS5Ji5TOPUiwdu6fLeFwQsVosFAURnTgh8HSa+3\n" +"5e25Ie79fRuHf9RZCtTOs3v8ySMpAACMJAAPi6xx+4lCX8eUA1+xWHZvKg+yZijB\n" +"azSxAoGABIvXwUi1NaRDF/fMDiwiwnlJf8FdfY3RBbM1X3ZJbhzqxGL3Hfc4vRcB\n" +"zl7xUnP5Ot9trof6AjHsYCRW+FFjrbUs0x56KoIDCTsd8uArmquyKnSrQb+Zu4FK\n" +"b9M8/NMq3h3Ub+yO/YBm1HOSWeJs8pNSMU72j3QhorNIjAsLGyE=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem)-1 +}; + +static int sent = 0; +static int received = 0; + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + success("received status request\n"); + received = 1; + return 0; +} + +#define RESP "\x30\x82\x05\xa3\x0a\x01\x00\xa0\x82\x05\x9c\x30\x82\x05\x98\x06\x09\x2b\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x05\x89\x30\x82\x05\x85\x30\x81\x80\xa1\x02\x30\x00\x18\x0f\x32\x30\x31\x39\x31\x32\x30\x35\x31\x38\x30\x31\x30\x34\x5a\x30\x69\x30\x67\x30\x41\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14\x46\x2c\x91\xc8\xd2\x57\xe2\xb8\xb1\xd3\xd0\x99\xc1\xfe\x38\x51\x0e\x17\xa9\x50\x04\x14\x11\x92\x6c\xe3\xa7\x50\x77\x21\xfe\x95\xfa\xca\x6d\x3f\xc7\xa9\xaf\xa4\x9e\x82\x02\x08\x46\x20\x50\x03\xa2\x85\x06\x3d\xa1\x11\x18\x0f\x32\x30\x31\x39\x31\x32\x30\x35\x31\x35\x32\x37\x35\x35\x5a\x18\x0f\x32\x30\x31\x39\x31\x32\x30\x35\x31\x38\x30\x31\x30\x34\x5a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x05\x88\x2c\x3d\x57\xf4\x75\xbf\x7f\xbe\x9e\x0f\xdf\x8f\x6c\x5f\x08\x56\xc4\x04\xc6\xd6\x3c\xfa\x33\x54\x3e\x42\x1c\x77\xda\x3a\x2a\x48\xcf\xfd\xf1\x6e\xb5\x1d\x94\x06\xfa\xfd\xf8\xba\xec\x66\xc3\x22\x7c\x43\xaa\x48\xaa\x58\x3a\xdc\x2a\x55\x44\x78\xc5\x6e\x0d\x1e\x66\xff\x79\x33\xb3\x26\x22\x86\xa0\x0a\xc0\x59\xb1\xdf\x6d\x07\x2d\x86\x2d\x5b\x0b\x29\x0f\xf3\xc1\x39\x21\x05\xf9\xdb\xdd\x47\x11\x6b\x83\xa0\xc7\x24\xbc\xaa\x42\x43\x9e\x20\x1f\x63\x10\x6c\xeb\x94\x7a\x9c\x44\xaa\x24\xfb\xde\x8f\x49\x92\x1c\xc7\x45\x21\xca\xf9\x1a\x11\x54\x4f\x68\xab\xf0\xce\xd3\x0a\xdc\x9f\xc3\x5d\x8d\x7e\xd4\x96\x30\x74\x31\x95\x04\x55\x8d\xf5\xdf\x3f\x34\x8b\x32\xfc\xf0\x4d\x10\xc6\xc4\x46\xfc\x6a\xb1\xa3\x5c\x9a\xde\xf2\x22\xc3\x5f\x08\x8a\x70\x65\xff\xaa\xf5\xc0\x14\x8b\x13\x47\xff\x0c\x72\x6a\x09\x51\xeb\xec\x92\xc5\xfd\x41\x37\x11\x12\x57\x7b\x47\x9e\x25\xd5\xf2\x10\xc2\xf7\xae\x0e\x72\xfb\x2d\x4f\x8d\x54\xe6\x5a\x71\x2b\xfa\x2b\x9c\xd7\x59\xe5\x31\x30\x21\x3f\x7f\xa7\x85\x07\x31\x93\x9d\x6d\x54\xb2\x40\xa9\x78\xef\x24\xc7\xa0\x82\x03\xea\x30\x82\x03\xe6\x30\x82\x03\xe2\x30\x82\x01\xca\xa0\x03\x02\x01\x02\x02\x08\x68\xfe\x28\x8e\x92\xfb\xa8\x37\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x11\x31\x0f\x30\x0d\x06\x03\x55\x04\x03\x13\x06\x72\x6f\x6f\x74\x63\x61\x30\x1e\x17\x0d\x31\x39\x31\x31\x32\x30\x31\x36\x32\x34\x30\x30\x5a\x17\x0d\x32\x30\x31\x30\x32\x34\x31\x34\x30\x33\x30\x30\x5a\x30\x00\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa8\x01\x88\x20\x4b\xc7\xd7\xaa\x7b\x6b\x5c\x09\xd9\x32\x0e\xf4\x1b\xdd\x46\x4c\x47\xf1\xac\xd6\x61\xda\x89\x6f\x73\x51\xba\xa7\x1e\x43\x03\xfc\xdf\xb4\x07\xe2\x51\x71\xf5\xb6\x3f\x95\xa7\x41\x14\xe5\x4a\xb5\x8c\xfe\x01\x49\x87\xeb\xda\xd1\x6b\x67\xbb\x45\x59\x59\xd0\x47\x87\x24\x7c\x56\xae\xb6\x0e\xc9\x0d\x45\x25\xd4\x49\x3b\x10\x56\xa9\x2d\x68\xc9\x80\xff\x23\xd8\x89\x8b\x58\xe7\x4e\xbd\x59\x40\x68\x6b\x51\x83\xdb\x70\x51\x69\xea\x22\x9c\xbb\x66\x04\x46\x94\x22\xfb\x00\x74\x23\xd0\xe5\xb0\x9d\x69\x54\x85\x38\xb9\x67\xb8\x3c\x45\xeb\xf6\xce\x01\x00\x02\xe4\x42\x77\x50\x30\x1d\xaa\xa1\xa6\x1c\x24\x00\x25\xc2\xa2\x0a\x29\xb6\xb6\xd0\x88\xaa\xe2\xea\x02\xc8\x1a\x94\x73\x0a\x28\x10\x1d\x12\x6d\x35\xa3\xe2\xce\xe8\x53\x87\x2b\x53\xa4\xc0\x0d\x56\x1a\x20\xcd\x6a\x88\xc4\xa2\x33\x12\xf3\xbc\x7d\x56\x39\x9d\x89\xa9\xaf\x3e\xe0\x00\x2c\xb0\x0c\x31\x0d\xdf\x87\xc0\xf1\xa8\x05\x80\xe2\x97\xe4\x61\x62\x4a\x7a\x19\xe5\x3c\x77\x63\x3d\xf9\x0e\x1a\x35\x2f\xa5\xec\xec\x59\xeb\xf9\x3c\x12\x4a\xa7\x9c\x7a\x71\xef\x6f\x96\x03\x02\x03\x01\x00\x01\xa3\x4f\x30\x4d\x30\x09\x06\x03\x55\x1d\x13\x04\x02\x30\x00\x30\x0b\x06\x03\x55\x1d\x0f\x04\x04\x03\x02\x07\x80\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x09\x30\x1e\x06\x09\x60\x86\x48\x01\x86\xf8\x42\x01\x0d\x04\x11\x16\x0f\x78\x63\x61\x20\x63\x65\x72\x74\x69\x66\x69\x63\x61\x74\x65\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x03\x82\x02\x01\x00\x82\x9d\x8f\xa1\x17\x9b\x3b\xee\x86\x1c\xee\x33\xeb\x80\x71\xb5\x7e\x6b\xd7\xcf\x7d\x9a\x8b\x80\x2b\x3c\x65\xde\xe1\x65\x00\x3b\x4a\x27\x7a\x5d\x63\x19\x4e\x59\xde\xfa\x38\x01\x2b\x09\x91\xc1\x70\x81\x8c\x87\x9b\x17\x68\x22\x88\xf2\x57\x8f\x15\x52\x12\x0f\x1d\x43\x2b\xff\x83\x00\x2f\xd0\xf5\xc7\x93\xd4\xf2\x14\xfd\x94\xcc\x9f\x72\x75\x99\x44\x54\xdc\x6a\x39\x75\x80\xd7\x07\x9c\xb9\x67\xe3\xac\x4b\x72\x9f\xe0\x5d\x00\x6e\x60\xc5\x26\xaf\x9f\xf7\x94\xaa\xb1\xa2\x6f\xa0\xe4\xe8\x0d\x1c\x4e\x34\xe8\xa5\x06\x5c\x31\x64\x09\xf3\x67\xea\xe8\x45\x68\xc1\x13\x21\x41\x38\x9c\x2c\xf9\x6c\xb8\x79\xf4\xae\x8c\x27\x12\xa3\x0a\x0f\x12\x56\xbc\xda\x77\x23\xf0\xe2\xa2\x81\xf9\xdd\x0d\x69\x77\xc3\x3d\x08\x9d\xfe\xac\x18\x14\x83\x49\x67\xde\x85\x3a\x09\xd4\x4f\xec\x85\x85\xbc\xab\xd1\xc8\x01\x83\x74\x34\xc0\x03\x4e\x52\x3c\xb2\xed\x3b\xc0\x66\xa7\x41\xbf\x77\x3b\xcc\x12\xee\xf9\x2f\xd8\x50\x6d\x54\xc5\xf8\x5e\x14\x61\x81\x24\xdb\xcb\xf3\xb4\x25\x84\xc6\x3b\x99\x35\x07\x2e\xd0\xb3\x05\x38\xdf\x64\x21\x71\x9e\xe2\xf2\xce\xbc\x27\x80\x4e\x53\x97\xd3\xe1\xc1\x15\x46\x24\x0c\xc5\x86\x0e\x5b\xdf\x22\xb9\xfe\x35\xd6\xf0\x53\xda\x8f\x9b\x9c\x77\x7e\x9e\x41\x6f\x8e\xbc\x7b\xd4\xf0\x6c\x4f\xac\xe2\x91\x69\x8f\x67\x48\xb0\xc8\x80\x06\x10\xb1\x33\xf9\x8b\xf0\x01\x5d\x49\x9a\x5a\x59\xec\xc6\xb4\xad\x79\x9a\x32\x87\x81\x18\xce\x77\xf6\xc6\xa5\xce\x8b\x36\xee\xc6\xcc\x6b\xd7\x76\xbb\x99\xc1\x34\x2c\xda\x6a\x5f\x1d\x47\xc6\x9e\x98\xa0\x1d\xf0\xd4\x8b\x27\x8a\xa4\x7b\x56\xd8\x7c\x12\xa2\x51\x6e\xd1\x52\xa9\xa5\x31\x77\x9f\xf5\x06\xb4\xba\xb4\x60\x24\x55\xa2\x9d\x4b\x02\xcb\xa7\x62\xa5\x3d\x74\x9e\x47\x9e\x14\x84\x0b\x24\xe0\x01\x13\x9c\xf1\x62\xbd\x78\x18\x9b\xa5\xdf\xd8\x77\x7c\xa9\xc7\x09\x94\x61\x79\x41\x60\x2f\xcc\xe1\x15\x28\x3c\x17\x1d\xb6\x95\x78\x28\x91\x9e\xd1\xbc\xd6\x71\xff\x29\x2f\x22\xed\x24\x26\x81\xb8\xb6\x14\x80\x04\x00\x95\xdf\x50\x46\xe6\xa1\xff\x56\x94\xbc\x11\x48\x5c\xbf\xca\xb7\x4f\xac\xa1\x34\x40\x80\x0d\x88\x27\x73\x76\x24\x1a\xa9\x86\x36\x56\x3c\x84\xb8\x97\x38\xa8\x0e\x14\xab\x83\xca\x6b\x64\x7f\xa7\xfb\x86\x63\xc2\x40\xfc" +#define RESP_SIZE (sizeof(RESP)-1) + +static int status_func(gnutls_session_t session, void *ptr, gnutls_datum_t *resp) +{ + resp->data = gnutls_malloc(RESP_SIZE); + if (resp->data == NULL) + return -1; + + memcpy(resp->data, RESP, RESP_SIZE); + resp->size = RESP_SIZE; + sent = 1; + return 0; +} + +#define MAX_BUF 1024 + +static int cert_verify_callback(gnutls_session_t session) +{ + unsigned int status; + int ret; + + gnutls_global_set_time_function(mytime); + ret = gnutls_certificate_verify_peers2(session, &status); + if (ret < 0) + return -1; + if (status == (GNUTLS_CERT_INVALID | GNUTLS_CERT_REVOKED)) { + if (debug) + success("certificate verify status %x\n", status); + } else + fail("certificate verify status doesn't match: %x != %x", + status, GNUTLS_CERT_INVALID | GNUTLS_CERT_REVOKED); + return 0; +} + +static void client(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CERTIFICATE_STATUS, + GNUTLS_HOOK_POST, + handshake_callback); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_certificate_set_verify_function(x509_cred, + cert_verify_callback); + + gnutls_certificate_set_x509_trust_mem(x509_cred, &ca_cert, GNUTLS_X509_FMT_PEM); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (received == 0) { + fail("client: didn't receive status request\n"); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_ocsp_status_request_function(x509_cred, status_func, NULL); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CERTIFICATE_STATUS, + GNUTLS_HOOK_PRE, + handshake_callback); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + /* failure is expected here */ + goto end; + } + + if (debug) { + success("server: Handshake was completed\n"); + } + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (sent == 0) { + fail("status request was sent\n"); + exit(1); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static +void start(const char *prio) +{ + pid_t child; + int fd[2]; + int ret, status = 0; + + success("trying %s\n", prio); + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + client(fd[0], prio); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1], prio); + exit(0); + } +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} +#endif /* _WIN32 */ diff --git a/tests/status-request.c b/tests/status-request.c new file mode 100644 index 0000000..07c7918 --- /dev/null +++ b/tests/status-request.c @@ -0,0 +1,296 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* This program tests that the client does not send the + * status request extension if GNUTLS_NO_EXTENSIONS is set. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + fail("received status request\n"); + exit(1); +} + + +#define RESP "\x30\x82\x06\x8C\x0A\x01\x00\xA0\x82\x06\x85\x30\x82\x06\x81\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\x72\x30\x82\x06\x6E\x30\x82\x01\x07\xA1\x69\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\x30\x64\x30\x62\x30\x3A\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x13\x9D\xA0\x9E\xF4\x32\xAB\x8F\xE2\x89\x56\x67\xFA\xD0\xD4\xE3\x35\x86\x71\xB9\x04\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\x02\x01\x1D\x80\x00\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\xA0\x11\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x39\x32\x38\x5A\xA1\x23\x30\x21\x30\x1F\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x16\x89\x7D\x91\x3A\xB5\x25\xA4\x45\xFE\xC9\xFD\xC2\xE5\x08\xA4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\xAD\x6B\x2B\xF7\xF2\xBF\xA9\x23\x1E\x3A\x0B\x06\xDB\x55\x53\x2B\x64\x54\x11\x32\xBF\x60\xF7\x4F\xE0\x8E\x9B\xA0\xA2\x4C\x79\xC3\x2A\xE0\x43\xF7\x40\x1A\xDC\xB9\xB4\x25\xEF\x48\x01\x97\x8C\xF5\x1E\xDB\xD1\x30\x37\x73\x69\xD6\xA7\x7A\x2D\x8E\xDE\x5C\xAA\xEA\x39\xB9\x52\xAA\x25\x1E\x74\x7D\xF9\x78\x95\x8A\x92\x1F\x98\x21\xF4\x60\x7F\xD3\x28\xEE\x47\x9C\xBF\xE2\x5D\xF6\x3F\x68\x0A\xD6\xFF\x08\xC1\xDC\x95\x1E\x29\xD7\x3E\x85\xD5\x65\xA4\x4B\xC0\xAF\xC3\x78\xAB\x06\x98\x88\x19\x8A\x64\xA6\x83\x91\x87\x13\xDB\x17\xCC\x46\xBD\xAB\x4E\xC7\x16\xD1\xF8\x35\xFD\x27\xC8\xF6\x6B\xEB\x37\xB8\x08\x6F\xE2\x6F\xB4\x7E\xD5\x68\xDB\x7F\x5D\x5E\x36\x38\xF2\x77\x59\x13\xE7\x3E\x4D\x67\x5F\xDB\xA2\xF5\x5D\x7C\xBF\xBD\xB5\x37\x33\x51\x36\x63\xF8\x21\x1E\xFC\x73\x8F\x32\x69\xBB\x97\xA7\xBD\xF1\xB6\xE0\x40\x09\x68\xEA\xD5\x93\xB8\xBB\x39\x8D\xA8\x16\x1B\xBF\x04\x7A\xBC\x18\x43\x01\xE9\x3C\x19\x5C\x4D\x4B\x98\xD8\x23\x37\x39\xA4\xC4\xDD\xED\x9C\xEC\x37\xAB\x66\x44\x9B\xE7\x5B\x5D\x32\xA2\xDB\xA6\x0B\x3B\x8C\xE1\xF5\xDB\xCB\x7D\x58\xA0\x82\x04\x4B\x30\x82\x04\x47\x30\x82\x04\x43\x30\x82\x03\x2B\xA0\x03\x02\x01\x02\x02\x01\x1E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x39\x31\x31\x32\x34\x31\x32\x35\x31\x35\x33\x5A\x17\x0D\x31\x34\x31\x31\x32\x33\x31\x32\x35\x31\x35\x33\x5A\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBC\x05\x3E\x4B\xBE\xC6\xB1\x33\x48\x0E\xC3\xD4\x0C\xEF\x83\x0B\xBD\xBC\x57\x5F\x14\xEF\xF5\x6D\x0B\xFF\xFA\x01\x9C\xFA\x21\x6D\x5C\xAE\x79\x29\x74\xFE\xBD\xAB\x70\x87\x98\x6B\x48\x35\x79\xE3\xE0\xC1\x14\x41\x1F\x0A\xF7\xE7\xA3\xA6\xDA\x6B\xFF\xCD\x74\xE9\x95\x00\x38\xAA\xD6\x3A\x60\xC6\x64\xA1\xE6\x02\x39\x58\x4E\xFD\xF2\x78\x08\x63\xB6\xD7\x7A\x96\x79\x62\x18\x39\xEE\x27\x8D\x3B\xA2\x3D\x48\x88\xDB\x43\xD6\x6A\x77\x20\x6A\x27\x39\x50\xE0\x02\x50\x19\xF2\x7A\xCF\x78\x23\x99\x01\xD4\xE5\xB1\xD1\x31\xE6\x6B\x84\xAF\xD0\x77\x41\x46\x85\xB0\x3B\xE6\x6A\x00\x0F\x3B\x7E\x95\x7F\x59\xA8\x22\xE8\x49\x49\x05\xC8\xCB\x6C\xEE\x47\xA7\x2D\xC9\x74\x5B\xEB\x8C\xD5\x99\xC2\xE2\x70\xDB\xEA\x87\x43\x84\x0E\x4F\x83\x1C\xA6\xEB\x1F\x22\x38\x17\x69\x9B\x72\x12\x95\x48\x71\xB2\x7B\x92\x73\x52\xAB\xE3\x1A\xA5\xD3\xF4\x44\x14\xBA\xC3\x35\xDA\x91\x6C\x7D\xB4\xC2\x00\x07\xD8\x0A\x51\xF1\x0D\x4C\xD9\x7A\xD1\x99\xE6\xA8\x8D\x0A\x80\xA8\x91\xDD\x8A\xA2\x6B\xF6\xDB\xB0\x3E\xC9\x71\xA9\xE0\x39\xC3\xA3\x58\x0D\x87\xD0\xB2\xA7\x9C\xB7\x69\x02\x03\x01\x00\x01\xA3\x82\x01\x1A\x30\x82\x01\x16\x30\x09\x06\x03\x55\x1D\x13\x04\x02\x30\x00\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x03\xA8\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x34\x91\x6E\x91\x32\xBF\x35\x25\x43\xCC\x28\x74\xEF\x82\xC2\x57\x92\x79\x13\x73\x30\x6D\x06\x03\x55\x1D\x23\x04\x66\x30\x64\x80\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\xA1\x49\xA4\x47\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x82\x01\x00\x30\x1E\x06\x03\x55\x1D\x11\x04\x17\x30\x15\x82\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x13\x06\x03\x55\x1D\x25\x04\x0C\x30\x0A\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x39\x06\x03\x55\x1D\x1F\x04\x32\x30\x30\x30\x2E\xA0\x2C\xA0\x2A\x86\x28\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x2F\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x6D\x78\xD7\x66\x90\xA6\xEB\xDD\xB5\x09\x48\xA4\xDA\x27\xFA\xAC\xB1\xBC\x8F\x8C\xBE\xCC\x8C\x09\xA2\x40\x0D\x6C\x4A\xAE\x72\x22\x1E\xC8\xAF\x6D\xF1\x12\xAF\xD7\x40\x51\x79\xD4\xDD\xB2\x0C\xDB\x97\x84\xB6\x24\xD5\xF5\xA8\xBB\xC0\x4B\xF9\x7F\x71\xF7\xB0\x65\x42\x4A\x7D\xFE\x76\x7E\x05\xD2\x46\xB8\x7D\xB3\x39\x4C\x5C\xB1\xFA\xB9\xEE\x3B\x70\x33\x39\x57\x1A\xB9\x95\x51\x33\x00\x25\x1B\x4C\xAA\xB4\xA7\x55\xAF\x63\x6D\x6F\x88\x17\x6A\x7F\xB0\x97\xDE\x49\x14\x6A\x27\x6A\xB0\x42\x80\xD6\xA6\x9B\xEF\x04\x5E\x11\x7D\xD5\x8E\x54\x20\xA2\x76\xD4\x66\x58\xAC\x9C\x12\xD3\xF5\xCA\x54\x98\xCA\x21\xEC\xC1\x55\xA1\x2F\x68\x0B\x5D\x04\x50\xD2\x5E\x70\x25\xD8\x13\xD9\x44\x51\x0E\x8A\x42\x08\x18\x84\xE6\x61\xCE\x5A\x7D\x7B\x81\x35\x90\xC3\xD4\x9D\x19\xB6\x37\xEE\x8F\x63\x5C\xDA\xD8\xF0\x64\x60\x39\xEB\x9B\x1C\x54\x66\x75\x76\xB5\x0A\x58\xB9\x3F\x91\xE1\x21\x9C\xA0\x50\x15\x97\xB6\x7E\x41\xBC\xD0\xC4\x21\x4C\xF5\xD7\xF0\x13\xF8\x77\xE9\x74\xC4\x8A\x0E\x20\x17\x32\xAE\x38\xC2\xA5\xA8\x62\x85\x17\xB1\xA2\xD3\x22\x9F\x95\xB7\xA3\x4C" +#define RESP_SIZE (sizeof(RESP)-1) + +static int status_func(gnutls_session_t session, void *ptr, gnutls_datum_t *resp) +{ + resp->data = gnutls_malloc(RESP_SIZE); + if (resp->data == NULL) + return -1; + + memcpy(resp->data, RESP, RESP_SIZE); + resp->size = RESP_SIZE; + return 0; +} + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_NO_EXTENSIONS)>=0); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) { + /* success */ + goto end; + } + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + assert((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_CLI_REQUESTED_OCSP) == 0); + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_ocsp_status_request_function(x509_cred, status_func, NULL); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CERTIFICATE_STATUS, + GNUTLS_HOOK_PRE, + handshake_callback); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + /* failure is expected here */ + goto end; + } + + assert((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_CLI_REQUESTED_OCSP) == 0); + + if (debug) { + success("server: Handshake was completed\n"); + } + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + return; +} + +static +void start(const char *prio) +{ + pid_t child; + int fd[2]; + int ret, status = 0; + + success("trying %s\n", prio); + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + client(fd[0], prio); + waitpid(child, &status, 0); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1], prio); + exit(0); + } +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} +#endif /* _WIN32 */ diff --git a/tests/str-idna.c b/tests/str-idna.c new file mode 100644 index 0000000..19a29da --- /dev/null +++ b/tests/str-idna.c @@ -0,0 +1,151 @@ +/* + * Copyright (C) 2016, 2017 Red Hat, Inc. + * + * Authors: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +# define GLOBAL_FLAGS 0 + +#define MATCH_FUNC(fname, str, normalized) \ +static void fname(void **glob_state) \ +{ \ + gnutls_datum_t out; \ + int ret = gnutls_idna_map(str, strlen(str), &out, GLOBAL_FLAGS); \ + if (normalized == NULL) { /* expect failure */ \ + assert_int_not_equal(ret, 0); \ + return; \ + } else { \ + assert_int_equal(ret, 0); \ + } \ + assert_int_equal(strcmp((char*)out.data, (char*)normalized), 0); \ + gnutls_free(out.data); \ +} + +#define MATCH_FUNC_TWO_WAY(fname, str, normalized) \ +static void fname##_reverse(void **glob_state) \ +{ \ + gnutls_datum_t out; \ + int ret; \ + if (normalized == NULL) \ + return; \ + ret = gnutls_idna_reverse_map(normalized, strlen(normalized), &out, 0); \ + assert_int_equal(ret, 0); \ + \ + assert_int_equal(strcmp((char*)out.data, (char*)str), 0); \ + gnutls_free(out.data); \ +} \ +MATCH_FUNC(fname, str, normalized) + +#define EMPTY_FUNC(name) static void name(void **glob_state) { \ + return; } + +/* some vectors taken from: + * http://www.unicode.org/Public/idna/9.0.0/IdnaTest.txt + */ + +MATCH_FUNC_TWO_WAY(test_ascii, "localhost", "localhost"); +MATCH_FUNC_TWO_WAY(test_ascii_caps, "LOCALHOST", "LOCALHOST"); +MATCH_FUNC_TWO_WAY(test_greek1, "βόλοσ.com", "xn--nxasmq6b.com"); +MATCH_FUNC_TWO_WAY(test_mix, "简体中文.εξτÏα.com", "xn--fiqu1az03c18t.xn--mxah1amo.com"); +MATCH_FUNC_TWO_WAY(test_german4, "bücher.de", "xn--bcher-kva.de"); +MATCH_FUNC_TWO_WAY(test_u1, "夡夞夜夙", "xn--bssffl"); +MATCH_FUNC_TWO_WAY(test_jp2, "日本語.jp", "xn--wgv71a119e.jp"); +/* invalid (✌ï¸) symbol in IDNA2008 but valid in IDNA2003. Browsers + * fallback to IDNA2003, and we do too, so that should work */ +#if IDN2_VERSION_NUMBER >= 0x02000002 +MATCH_FUNC_TWO_WAY(test_valid_idna2003, "\xe2\x9c\x8c\xef\xb8\x8f.com", "xn--7bi.com"); +#else +EMPTY_FUNC(test_valid_idna2003); +#endif + +MATCH_FUNC_TWO_WAY(test_greek2, "βόλος.com", "xn--nxasmm1c.com"); +MATCH_FUNC_TWO_WAY(test_german1, "faß.de", "xn--fa-hia.de"); +# if IDN2_VERSION_NUMBER >= 0x00140000 +MATCH_FUNC(test_caps_greek, "ΒΌΛΟΣ.com", "xn--nxasmq6b.com"); +MATCH_FUNC(test_caps_german1, "Ãœ.ü", "xn--tda.xn--tda"); +MATCH_FUNC(test_caps_german2, "Bücher.de", "xn--bcher-kva.de"); +MATCH_FUNC(test_caps_german3, "Faß.de", "xn--fa-hia.de"); +MATCH_FUNC(test_dots, "a.b.c。d。", "a.b.c.d."); + +/* without STD3 ASCII rules, the result is: evil.ca/c..example.com */ +MATCH_FUNC(test_evil, "evil.c\u2100.example.com", "evil.c.example.com"); +# else +EMPTY_FUNC(test_caps_german1); +EMPTY_FUNC(test_caps_german2); +EMPTY_FUNC(test_caps_german3); +EMPTY_FUNC(test_caps_greek); +EMPTY_FUNC(test_dots); +EMPTY_FUNC(test_evil); +# endif + +int main(void) +{ + gnutls_datum_t tmp; + int ret; + const struct CMUnitTest tests[] = { + cmocka_unit_test(test_greek2_reverse), + cmocka_unit_test(test_german1_reverse), + cmocka_unit_test(test_ascii), + cmocka_unit_test(test_ascii_reverse), + cmocka_unit_test(test_ascii_caps), + cmocka_unit_test(test_ascii_caps_reverse), + cmocka_unit_test(test_greek1), + cmocka_unit_test(test_greek1_reverse), + cmocka_unit_test(test_greek2), + cmocka_unit_test(test_caps_greek), + cmocka_unit_test(test_mix), + cmocka_unit_test(test_mix_reverse), + cmocka_unit_test(test_german1), + cmocka_unit_test(test_caps_german1), + cmocka_unit_test(test_caps_german2), + cmocka_unit_test(test_caps_german3), + cmocka_unit_test(test_german4), + cmocka_unit_test(test_german4_reverse), + cmocka_unit_test(test_u1), + cmocka_unit_test(test_u1_reverse), + cmocka_unit_test(test_jp2), + cmocka_unit_test(test_jp2_reverse), + cmocka_unit_test(test_dots), + cmocka_unit_test(test_evil), + cmocka_unit_test(test_valid_idna2003) + }; + + ret = gnutls_idna_map("β", strlen("β"), &tmp, GLOBAL_FLAGS); + if (ret == GNUTLS_E_UNIMPLEMENTED_FEATURE) + exit(77); + else if (ret < 0) { + fprintf(stderr, "error: %s\n", gnutls_strerror(ret)); + exit(1); + } + gnutls_free(tmp.data); + + return cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/tests/str-unicode.c b/tests/str-unicode.c new file mode 100644 index 0000000..d9cc37c --- /dev/null +++ b/tests/str-unicode.c @@ -0,0 +1,123 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Authors: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define MATCH_FUNC(fname, password, normalized) \ +static void fname(void **glob_state) \ +{ \ + const char *pwd_normalized = normalized; \ + gnutls_datum_t out; \ + int ret = gnutls_utf8_password_normalize((uint8_t*)password, strlen(password), &out, 0); \ + if (pwd_normalized == NULL) { /* expect failure */ \ + assert_int_not_equal(ret, 0); \ + } else { \ + assert_int_equal(ret, 0); \ + assert_int_equal(strcmp((char*)out.data, (char*)pwd_normalized), 0); \ + gnutls_free(out.data); \ + } \ +} + +#define INVALID_MATCH_FUNC(fname, password, normalized) \ +static void inv_##fname(void **glob_state) \ +{ \ + const char *pwd_normalized = normalized; \ + gnutls_datum_t out; \ + int ret = gnutls_utf8_password_normalize((uint8_t*)password, strlen(password), &out, GNUTLS_UTF8_IGNORE_ERRS); \ + if (pwd_normalized == NULL) { \ + assert_int_not_equal(ret, 0); \ + } else { \ + assert_int_equal(ret, 0); \ + assert_int_equal(strcmp((char*)out.data, (char*)pwd_normalized), 0); \ + gnutls_free(out.data); \ + } \ +} + +MATCH_FUNC(test_ascii, "correct horse battery staple", "correct horse battery staple"); +MATCH_FUNC(test_capitals, "Correct Horse Battery Staple", "Correct Horse Battery Staple"); +MATCH_FUNC(test_multilang, "\xCF\x80\xC3\x9F\xC3\xA5", "πßå"); +MATCH_FUNC(test_special_char, "\x4A\x61\x63\x6B\x20\x6F\x66\x20\xE2\x99\xA6\x73", "Jack of ♦s"); +MATCH_FUNC(test_space_replacement, "foo bar", "foo bar"); +MATCH_FUNC(test_invalid, "my cat is a \x09 by", NULL); +MATCH_FUNC(test_normalization1, "char \x49\xCC\x87", "char \xC4\xB0"); +MATCH_FUNC(test_other_chars, "char \xc2\xbc", "char \xC2\xbc"); +MATCH_FUNC(test_spaces, "char \xe2\x80\x89\xe2\x80\x88 ", "char "); +MATCH_FUNC(test_symbols, "char \xe2\x98\xa3 \xe2\x99\xa3", "char \xe2\x98\xa3 \xe2\x99\xa3"); +MATCH_FUNC(test_compatibility, "char \xcf\x90\xe2\x84\xb5", "char \xcf\x90\xe2\x84\xb5"); +MATCH_FUNC(test_invalid_ignorable1, "my ignorable char is \xe2\x80\x8f", NULL); +MATCH_FUNC(test_invalid_ignorable2, "my ignorable char is \xe1\x85\x9f", NULL); +MATCH_FUNC(test_invalid_ignorable3, "my ignorable char is \xef\xbf\xbf", NULL); +MATCH_FUNC(test_invalid_exception1, "my exception is \xc2\xb7", NULL); /* CONTEXTO - disallowed */ +MATCH_FUNC(test_invalid_exception2, "my exception is \xcf\x82", "my exception is Ï‚"); /* PVALID */ +MATCH_FUNC(test_invalid_exception3, "my exception is \xd9\xa2", NULL); /* CONTEXT0/PVALID */ +MATCH_FUNC(test_invalid_exception4, "my exception is \xe3\x80\xae", NULL); /* CONTEXT0/DISALLOWED */ +MATCH_FUNC(test_invalid_join_control, "my exception is \xe2\x80\x8d", NULL); + +INVALID_MATCH_FUNC(test_ascii, "correct horse battery staple", "correct horse battery staple"); +INVALID_MATCH_FUNC(test_special_char, "\x4A\x61\x63\x6B\x20\x6F\x66\x20\xE2\x99\xA6\x73", "Jack of ♦s"); +INVALID_MATCH_FUNC(test_invalid, "my cat is a \x09 by", "my cat is a \x09 by"); +INVALID_MATCH_FUNC(test_invalid_exception1, "my exception is \xc2\xb7", "my exception is ·"); +INVALID_MATCH_FUNC(test_invalid_exception3, "my exception is \xd9\xa2", "my exception is \xd9\xa2"); +INVALID_MATCH_FUNC(test_invalid_exception4, "my exception is \xe3\x80\xae", "my exception is \xe3\x80\xae"); /* CONTEXT0/DISALLOWED */ +INVALID_MATCH_FUNC(test_invalid_join_control, "my exception is \xe2\x80\x8d", "my exception is \xe2\x80\x8d"); + +int main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(test_ascii), + cmocka_unit_test(test_capitals), + cmocka_unit_test(test_multilang), + cmocka_unit_test(test_special_char), + cmocka_unit_test(test_space_replacement), + cmocka_unit_test(test_invalid), + cmocka_unit_test(test_normalization1), + cmocka_unit_test(inv_test_ascii), + cmocka_unit_test(inv_test_special_char), + cmocka_unit_test(inv_test_invalid), + cmocka_unit_test(test_other_chars), + cmocka_unit_test(test_spaces), + cmocka_unit_test(test_compatibility), + cmocka_unit_test(test_symbols), + cmocka_unit_test(test_invalid_ignorable1), + cmocka_unit_test(test_invalid_ignorable2), + cmocka_unit_test(test_invalid_ignorable3), + cmocka_unit_test(test_invalid_exception1), + cmocka_unit_test(test_invalid_exception2), + cmocka_unit_test(test_invalid_exception3), + cmocka_unit_test(test_invalid_exception4), + cmocka_unit_test(test_invalid_join_control), + cmocka_unit_test(inv_test_invalid_exception1), + cmocka_unit_test(inv_test_invalid_exception3), + cmocka_unit_test(inv_test_invalid_exception4), + cmocka_unit_test(inv_test_invalid_join_control) + }; + return cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/tests/strict-der.c b/tests/strict-der.c new file mode 100644 index 0000000..8854c74 --- /dev/null +++ b/tests/strict-der.c @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include + +#include "utils.h" + +/* Test for gnutls_certificate_get_issuer() and implicitly for + * gnutls_trust_list_get_issuer(). + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +/* This certificate is modified to contain invalid DER. In older + * gnutls versions that would still be parsed and the wrong DER was + * "corrected" but now we should reject these */ +static unsigned char cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIFXzCCBEegAwIBAgIQHYWDpKNVUzEFx4Pq8yjxbTANBgkqhkiG9w0BAQUFADCBtTELMAkGA1UE\n" + "BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO\n" + "ZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t\n" + "L3JwYSAoYykxMDEvMC0GA1UEAxMmVmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0g\n" + "RzMwHxcOMTQwMjI3MDAwMDAwWgAXDTE1MDIyODIzNTk1OVowZzELMAkGA1UEBhMCVVMxEzARBgNV\n" + "BAgTCldhc2hpbmd0b24xEDAOBgNVBAcUB1NlYXR0bGUxGDAWBgNVBAoUD0FtYXpvbi5jb20gSW5j\n" + "LjEXMBUGA1UEAxQOd3d3LmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" + "AQCXX4njj63+AK39SJXnf4ove+NO2Z46WgeccZuPUOD89/ucZg9C2K3uwo59QO1t2ZR5IucxVWaV\n" + "vSW/9z30hA2ObJco5Cw9o3ZdoFXn0rYUmbWMW+XmL+/bSBDdFPQGfP1WhsFKJJfJ9TIrXBAsTSzH\n" + "uC6qFZktvZ1yE0081+bdyOHVHjAQzSPsYFaSUqccMwPvy/sMaI+Um+GCf2PolJJwpI1+j6WmTEVg\n" + "RBNHarxtNqpcV3rAFdJ5imL427agMqFur4Iz/OYeoCRBEiKk02ctRzoBaTvF09OQqRg3I4T9bE71\n" + "xe1cdWo/sQ4nRiy1tfPBt+aBSiIRMh0Fdle780QFAgMBAAGjggG1MIIBsTBQBgNVHREESTBHghF1\n" + "ZWRhdGEuYW1hem9uLmNvbYIKYW1hem9uLmNvbYIIYW16bi5jb22CDHd3dy5hbXpuLmNvbYIOd3d3\n" + "LmFtYXpvbi5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH\n" + "AwEGCCsGAQUFBwMCMEMGA1UdIAQ8MDowOAYKYIZIAYb4RQEHNjAqMCgGCCsGAQUFBwIBFhxodHRw\n" + "czovL3d3dy52ZXJpc2lnbi5jb20vY3BzMB8GA1UdIwQYMBaAFA1EXBZTRMGCfh0gqyX0AWPYvnml\n" + "MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9TVlJTZWN1cmUtRzMtY3JsLnZlcmlzaWduLmNvbS9T\n" + "VlJTZWN1cmVHMy5jcmwwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52\n" + "ZXJpc2lnbi5jb20wQAYIKwYBBQUHMAKGNGh0dHA6Ly9TVlJTZWN1cmUtRzMtYWlhLnZlcmlzaWdu\n" + "LmNvbS9TVlJTZWN1cmVHMy5jZXIwDQYJKoZIhvcNAQEFBQADggEBADnmX45CNMkf57rQjB6ef7gf\n" + "3r5AfKiGMYdSim4TwU5qcpJicYiyqwQXAQbvZFuZTGzT0jXJROLAsjdHcQiR8D5u7mzVMbJg0kz0\n" + "yTsdDM5dFmVWme3l958NZI/I0qCtH+Z/O0cyivOTMARbBJ+92dqQ78U3He9gRNE9VCS3FNgObhwC\n" + "cr5tkKTlgSESpSRyBwnLucY4+ci5xjvYndHIzoxII/X9TKOIc2sC+b0H5KP8RcQLAO9G5Nra7+eJ\n" + "IC74ZgFvgejqTd2f8QeJljTsNxvG4P7vqQi73fCkTuVfCk5YDtTU2joGAujgBd1EjTIbjWYeoebV\n" + "gN5gPKxa/GbGsoQ=\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) - 1}; + +void doit(void) +{ + int ret; + gnutls_x509_crt_t crt; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_x509_crt_init(&crt); + + ret = + gnutls_x509_crt_import(crt, &cert, GNUTLS_X509_FMT_PEM); + if (ret >= 0) { + fail("gnutls_x509_crt_import allowed loading a cert with invalid DER\n"); + exit(1); + } + gnutls_x509_crt_deinit(crt); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/suite/Makefile.am b/tests/suite/Makefile.am new file mode 100644 index 0000000..aaac8c0 --- /dev/null +++ b/tests/suite/Makefile.am @@ -0,0 +1,122 @@ +## Process this file with automake to produce Makefile.in +# Copyright (C) 2004-2012 Free Software Foundation, Inc. +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +AM_CFLAGS = $(WARN_CFLAGS) +AM_CPPFLAGS = \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl \ + -I$(top_srcdir)/lib/includes \ + -I$(top_builddir)/lib/includes \ + -I$(top_srcdir)/extra/includes \ + -I$(top_builddir)/extra/includes \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/tests \ + -I$(top_srcdir)/doc/examples + +check_PROGRAMS = rng prime-check +AM_LDFLAGS = -no-install +LDADD = ../../lib/libgnutls.la \ + ../../gl/libgnu.la \ + ../libutils.la \ + $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB) + +prime_check_LDADD = $(LDADD) -lhogweed -lgmp + +scripts_to_test = chain.sh \ + testrng.sh \ + testcompat-polarssl-serv.sh \ + testcompat-polarssl-serv-compat.sh \ + testcompat-polarssl-serv-no-etm.sh \ + testcompat-openssl-cli.sh \ + testcompat-openssl-cli-compat.sh \ + testcompat-openssl-cli-no-etm.sh \ + testcompat-openssl-serv.sh \ + testcompat-openssl-serv-compat.sh \ + testcompat-openssl-serv-no-etm.sh \ + testcompat-openssl-serv-no-tickets.sh \ + testcompat-openssl-serv-no-safe-renegotiation.sh \ + testcompat-openssl-serv-safe-renegotiation.sh \ + testrandom.sh tls-fuzzer/tls-fuzzer-nocert.sh \ + tls-fuzzer/tls-fuzzer-cert.sh tls-fuzzer/tls-fuzzer-alpn.sh \ + tls-fuzzer/tls-fuzzer-nocert-tls13.sh tls-fuzzer/tls-fuzzer-psk.sh \ + tls-fuzzer/tls-fuzzer-nolimit.sh tls-fuzzer/tls-fuzzer-nolimit-tls13.sh \ + multi-ticket-reception.sh + +TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) \ + LC_ALL="C" \ + PYTHON="$(PYTHON)" \ + VALGRIND='$(LOG_VALGRIND)' \ + top_builddir="$(top_builddir)" \ + abs_top_builddir="$(abs_top_builddir)" \ + srcdir="$(srcdir)" \ + ASAN_OPTIONS="detect_leaks=0" \ + GNUTLS_TEST_SUITE_RUN=1 \ + GNUTLS_SYSTEM_PRIORITY_FILE=$(abs_top_srcdir)/tests/system.prio \ + OPENSSL_ia32cap=0x00000000 + +if ENABLE_NON_SUITEB_CURVES +TESTS_ENVIRONMENT += ENABLE_NON_SUITEB_CURVES=1 +endif + +if ENABLE_SSL3 +scripts_to_test += tls-fuzzer/tls-fuzzer-nocert-ssl3.sh +TESTS_ENVIRONMENT += ENABLE_SSL3=1 +endif + +if ENABLE_TLS13_INTEROP +scripts_to_test += \ + testcompat-openssl-tls13-cli.sh \ + testcompat-openssl-tls13-serv.sh +endif + +if ENABLE_OLDGNUTLS_INTEROP +scripts_to_test += testcompat-oldgnutls.sh +endif + +if ENABLE_DANE +scripts_to_test += testdane.sh +endif + +if !MACOSX +if !WINDOWS +mini_record_timing_LDADD = -lrt $(LDADD) +nodist_mini_record_timing_SOURCES = mini-record-timing.c +eagain_cli_LDADD = $(LIBEV_LIBS) -lrt -lm $(LIBDL) -lpthread $(LDADD) +nodist_eagain_cli_SOURCES = eagain-cli.c + +noinst_PROGRAMS = eagain-cli mini-record-timing + +scripts_to_test += eagain.sh +endif +endif + +nodist_prime_check_SOURCES = prime-check.c +nodist_rng_SOURCES = rng.c + +nodist_check_SCRIPTS = $(scripts_to_test) + +TESTS = $(scripts_to_test) prime-check + +prime_check_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) + +TEST_EXTENSIONS = .sh +SH_LOG_COMPILER = $(SHELL) + +AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind +LOG_COMPILER = $(LOG_VALGRIND) diff --git a/tests/suite/Makefile.in b/tests/suite/Makefile.in new file mode 100644 index 0000000..a907310 --- /dev/null +++ b/tests/suite/Makefile.in @@ -0,0 +1,2881 @@ +# Makefile.in generated by automake 1.16.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2021 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Copyright (C) 2004-2012 Free Software Foundation, Inc. +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +check_PROGRAMS = rng$(EXEEXT) prime-check$(EXEEXT) +@ENABLE_NON_SUITEB_CURVES_TRUE@am__append_1 = ENABLE_NON_SUITEB_CURVES=1 +@ENABLE_SSL3_TRUE@am__append_2 = tls-fuzzer/tls-fuzzer-nocert-ssl3.sh +@ENABLE_SSL3_TRUE@am__append_3 = ENABLE_SSL3=1 +@ENABLE_TLS13_INTEROP_TRUE@am__append_4 = \ +@ENABLE_TLS13_INTEROP_TRUE@ testcompat-openssl-tls13-cli.sh \ +@ENABLE_TLS13_INTEROP_TRUE@ testcompat-openssl-tls13-serv.sh + +@ENABLE_OLDGNUTLS_INTEROP_TRUE@am__append_5 = testcompat-oldgnutls.sh +@ENABLE_DANE_TRUE@am__append_6 = testdane.sh +@MACOSX_FALSE@@WINDOWS_FALSE@noinst_PROGRAMS = eagain-cli$(EXEEXT) \ +@MACOSX_FALSE@@WINDOWS_FALSE@ mini-record-timing$(EXEEXT) +@MACOSX_FALSE@@WINDOWS_FALSE@am__append_7 = eagain.sh +TESTS = $(scripts_to_test) prime-check$(EXEEXT) +subdir = tests/suite +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \ + $(top_srcdir)/lib/unistring/m4/inline.m4 \ + $(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \ + $(top_srcdir)/src/gl/m4/atoll.m4 \ + $(top_srcdir)/src/gl/m4/bison.m4 \ + $(top_srcdir)/src/gl/m4/calloc.m4 \ + $(top_srcdir)/src/gl/m4/clock_time.m4 \ + $(top_srcdir)/src/gl/m4/codeset.m4 \ + $(top_srcdir)/src/gl/m4/ctype_h.m4 \ + $(top_srcdir)/src/gl/m4/environ.m4 \ + $(top_srcdir)/src/gl/m4/error.m4 \ + $(top_srcdir)/src/gl/m4/fdopen.m4 \ + $(top_srcdir)/src/gl/m4/flexmember.m4 \ + $(top_srcdir)/src/gl/m4/fpending.m4 \ + $(top_srcdir)/src/gl/m4/fpieee.m4 \ + $(top_srcdir)/src/gl/m4/fseek.m4 \ + $(top_srcdir)/src/gl/m4/ftruncate.m4 \ + $(top_srcdir)/src/gl/m4/getaddrinfo.m4 \ + $(top_srcdir)/src/gl/m4/getcwd.m4 \ + $(top_srcdir)/src/gl/m4/getpagesize.m4 \ + $(top_srcdir)/src/gl/m4/getpass.m4 \ + $(top_srcdir)/src/gl/m4/getprogname.m4 \ + $(top_srcdir)/src/gl/m4/gettime.m4 \ + $(top_srcdir)/src/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/src/gl/m4/hostent.m4 \ + $(top_srcdir)/src/gl/m4/intl-thread-locale.m4 \ + $(top_srcdir)/src/gl/m4/inttostr.m4 \ + $(top_srcdir)/src/gl/m4/ioctl.m4 \ + $(top_srcdir)/src/gl/m4/isblank.m4 \ + $(top_srcdir)/src/gl/m4/langinfo_h.m4 \ + $(top_srcdir)/src/gl/m4/lcmessage.m4 \ + $(top_srcdir)/src/gl/m4/locale-fr.m4 \ + $(top_srcdir)/src/gl/m4/locale-ja.m4 \ + $(top_srcdir)/src/gl/m4/locale-tr.m4 \ + $(top_srcdir)/src/gl/m4/locale-zh.m4 \ + $(top_srcdir)/src/gl/m4/locale_h.m4 \ + $(top_srcdir)/src/gl/m4/localename.m4 \ + $(top_srcdir)/src/gl/m4/lstat.m4 \ + $(top_srcdir)/src/gl/m4/mktime.m4 \ + $(top_srcdir)/src/gl/m4/nanosleep.m4 \ + $(top_srcdir)/src/gl/m4/nstrftime.m4 \ + $(top_srcdir)/src/gl/m4/parse-datetime.m4 \ + $(top_srcdir)/src/gl/m4/perror.m4 \ + $(top_srcdir)/src/gl/m4/pipe.m4 \ + $(top_srcdir)/src/gl/m4/pthread-thread.m4 \ + $(top_srcdir)/src/gl/m4/pthread_h.m4 \ + $(top_srcdir)/src/gl/m4/pthread_sigmask.m4 \ + $(top_srcdir)/src/gl/m4/putenv.m4 \ + $(top_srcdir)/src/gl/m4/raise.m4 \ + $(top_srcdir)/src/gl/m4/reallocarray.m4 \ + $(top_srcdir)/src/gl/m4/sched_h.m4 \ + $(top_srcdir)/src/gl/m4/sched_yield.m4 \ + $(top_srcdir)/src/gl/m4/select.m4 \ + $(top_srcdir)/src/gl/m4/semaphore.m4 \ + $(top_srcdir)/src/gl/m4/servent.m4 \ + $(top_srcdir)/src/gl/m4/setenv.m4 \ + $(top_srcdir)/src/gl/m4/setlocale.m4 \ + $(top_srcdir)/src/gl/m4/setlocale_null.m4 \ + $(top_srcdir)/src/gl/m4/sigaction.m4 \ + $(top_srcdir)/src/gl/m4/signal_h.m4 \ + $(top_srcdir)/src/gl/m4/signalblocking.m4 \ + $(top_srcdir)/src/gl/m4/sleep.m4 \ + $(top_srcdir)/src/gl/m4/sockets.m4 \ + $(top_srcdir)/src/gl/m4/strerror.m4 \ + $(top_srcdir)/src/gl/m4/strerror_r.m4 \ + $(top_srcdir)/src/gl/m4/strtoll.m4 \ + $(top_srcdir)/src/gl/m4/symlink.m4 \ + $(top_srcdir)/src/gl/m4/sys_ioctl_h.m4 \ + $(top_srcdir)/src/gl/m4/sys_select_h.m4 \ + $(top_srcdir)/src/gl/m4/thread.m4 \ + $(top_srcdir)/src/gl/m4/time_rz.m4 \ + $(top_srcdir)/src/gl/m4/timegm.m4 \ + $(top_srcdir)/src/gl/m4/timespec.m4 \ + $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ + $(top_srcdir)/src/gl/m4/tzset.m4 \ + $(top_srcdir)/src/gl/m4/usleep.m4 \ + $(top_srcdir)/src/gl/m4/visibility.m4 \ + $(top_srcdir)/src/gl/m4/xalloc.m4 \ + $(top_srcdir)/src/gl/m4/yield.m4 $(top_srcdir)/m4/00gnulib.m4 \ + $(top_srcdir)/m4/__inline.m4 \ + $(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \ + $(top_srcdir)/m4/arpa_inet_h.m4 \ + $(top_srcdir)/m4/ax_ac_append_to_file.m4 \ + $(top_srcdir)/m4/ax_ac_print_to_file.m4 \ + $(top_srcdir)/m4/ax_add_am_macro_static.m4 \ + $(top_srcdir)/m4/ax_am_macros_static.m4 \ + $(top_srcdir)/m4/ax_check_gnu_make.m4 \ + $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/ax_file_escapes.m4 \ + $(top_srcdir)/m4/builtin-expect.m4 \ + $(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \ + $(top_srcdir)/m4/double-slash-root.m4 $(top_srcdir)/m4/dup2.m4 \ + $(top_srcdir)/m4/eealloc.m4 $(top_srcdir)/m4/errno_h.m4 \ + $(top_srcdir)/m4/explicit_bzero.m4 \ + $(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \ + $(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \ + $(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \ + $(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fopen.m4 \ + $(top_srcdir)/m4/free.m4 $(top_srcdir)/m4/fseeko.m4 \ + $(top_srcdir)/m4/fstat.m4 $(top_srcdir)/m4/ftell.m4 \ + $(top_srcdir)/m4/ftello.m4 $(top_srcdir)/m4/func.m4 \ + $(top_srcdir)/m4/getdelim.m4 $(top_srcdir)/m4/getdtablesize.m4 \ + $(top_srcdir)/m4/getline.m4 $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/gettimeofday.m4 \ + $(top_srcdir)/m4/gnulib-common.m4 \ + $(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \ + $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \ + $(top_srcdir)/m4/host-cpu-c-abi.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \ + $(top_srcdir)/m4/inet_pton.m4 $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/intmax_t.m4 $(top_srcdir)/m4/inttypes.m4 \ + $(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/largefile.m4 \ + $(top_srcdir)/m4/ld-output-def.m4 \ + $(top_srcdir)/m4/ld-version-script.m4 $(top_srcdir)/m4/ldd.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/lock.m4 \ + $(top_srcdir)/m4/lseek.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \ + $(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \ + $(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \ + $(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \ + $(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \ + $(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \ + $(top_srcdir)/m4/netdb_h.m4 $(top_srcdir)/m4/netinet_in_h.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/off_t.m4 \ + $(top_srcdir)/m4/open-cloexec.m4 \ + $(top_srcdir)/m4/open-slash.m4 $(top_srcdir)/m4/open.m4 \ + $(top_srcdir)/m4/pathmax.m4 $(top_srcdir)/m4/pkg.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/printf.m4 \ + $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \ + $(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \ + $(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/size_max.m4 \ + $(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \ + $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sockpfaf.m4 \ + $(top_srcdir)/m4/ssize_t.m4 $(top_srcdir)/m4/stat-time.m4 \ + $(top_srcdir)/m4/stat.m4 $(top_srcdir)/m4/stdalign.m4 \ + $(top_srcdir)/m4/stdbool.m4 $(top_srcdir)/m4/stddef_h.m4 \ + $(top_srcdir)/m4/stdint.m4 $(top_srcdir)/m4/stdint_h.m4 \ + $(top_srcdir)/m4/stdio_h.m4 $(top_srcdir)/m4/stdlib_h.m4 \ + $(top_srcdir)/m4/stpcpy.m4 $(top_srcdir)/m4/strcase.m4 \ + $(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/string_h.m4 \ + $(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \ + $(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \ + $(top_srcdir)/m4/strverscmp.m4 \ + $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \ + $(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \ + $(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \ + $(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \ + $(top_srcdir)/m4/unistd_h.m4 \ + $(top_srcdir)/m4/valgrind-tests.m4 \ + $(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \ + $(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/m4/wchar_h.m4 \ + $(top_srcdir)/m4/wchar_t.m4 $(top_srcdir)/m4/wint_t.m4 \ + $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/m4/zzgnulib.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +PROGRAMS = $(noinst_PROGRAMS) +@MACOSX_FALSE@@WINDOWS_FALSE@nodist_eagain_cli_OBJECTS = \ +@MACOSX_FALSE@@WINDOWS_FALSE@ eagain-cli.$(OBJEXT) +eagain_cli_OBJECTS = $(nodist_eagain_cli_OBJECTS) +am__DEPENDENCIES_1 = +am__DEPENDENCIES_2 = ../../lib/libgnutls.la ../../gl/libgnu.la \ + ../libutils.la $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +@MACOSX_FALSE@@WINDOWS_FALSE@eagain_cli_DEPENDENCIES = \ +@MACOSX_FALSE@@WINDOWS_FALSE@ $(am__DEPENDENCIES_1) \ +@MACOSX_FALSE@@WINDOWS_FALSE@ $(am__DEPENDENCIES_1) \ +@MACOSX_FALSE@@WINDOWS_FALSE@ $(am__DEPENDENCIES_2) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +@MACOSX_FALSE@@WINDOWS_FALSE@nodist_mini_record_timing_OBJECTS = \ +@MACOSX_FALSE@@WINDOWS_FALSE@ mini-record-timing.$(OBJEXT) +mini_record_timing_OBJECTS = $(nodist_mini_record_timing_OBJECTS) +@MACOSX_FALSE@@WINDOWS_FALSE@mini_record_timing_DEPENDENCIES = \ +@MACOSX_FALSE@@WINDOWS_FALSE@ $(am__DEPENDENCIES_2) +nodist_prime_check_OBJECTS = prime_check-prime-check.$(OBJEXT) +prime_check_OBJECTS = $(nodist_prime_check_OBJECTS) +prime_check_DEPENDENCIES = $(am__DEPENDENCIES_2) +nodist_rng_OBJECTS = rng.$(OBJEXT) +rng_OBJECTS = $(nodist_rng_OBJECTS) +rng_LDADD = $(LDADD) +rng_DEPENDENCIES = ../../lib/libgnutls.la ../../gl/libgnu.la \ + ../libutils.la $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/eagain-cli.Po \ + ./$(DEPDIR)/mini-record-timing.Po \ + ./$(DEPDIR)/prime_check-prime-check.Po ./$(DEPDIR)/rng.Po +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(nodist_eagain_cli_SOURCES) \ + $(nodist_mini_record_timing_SOURCES) \ + $(nodist_prime_check_SOURCES) $(nodist_rng_SOURCES) +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red=''; \ + grn=''; \ + lgn=''; \ + blu=''; \ + mgn=''; \ + brg=''; \ + std=''; \ + fi; \ +} +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__recheck_rx = ^[ ]*:recheck:[ ]* +am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* +am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* +# A command that, given a newline-separated list of test names on the +# standard input, print the name of the tests that are to be re-run +# upon "make recheck". +am__list_recheck_tests = $(AWK) '{ \ + recheck = 1; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + { \ + if ((getline line2 < ($$0 ".log")) < 0) \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ + { \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ + { \ + break; \ + } \ + }; \ + if (recheck) \ + print $$0; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# A command that, given a newline-separated list of test names on the +# standard input, create the global log from their .trs and .log files. +am__create_global_log = $(AWK) ' \ +function fatal(msg) \ +{ \ + print "fatal: making $@: " msg | "cat >&2"; \ + exit 1; \ +} \ +function rst_section(header) \ +{ \ + print header; \ + len = length(header); \ + for (i = 1; i <= len; i = i + 1) \ + printf "="; \ + printf "\n\n"; \ +} \ +{ \ + copy_in_global_log = 1; \ + global_test_result = "RUN"; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".trs"); \ + if (line ~ /$(am__global_test_result_rx)/) \ + { \ + sub("$(am__global_test_result_rx)", "", line); \ + sub("[ ]*$$", "", line); \ + global_test_result = line; \ + } \ + else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ + copy_in_global_log = 0; \ + }; \ + if (copy_in_global_log) \ + { \ + rst_section(global_test_result ": " $$0); \ + while ((rc = (getline line < ($$0 ".log"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".log"); \ + print line; \ + }; \ + printf "\n"; \ + }; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# Restructured Text title. +am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } +# Solaris 10 'make', and several other traditional 'make' implementations, +# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it +# by disabling -e (using the XSI extension "set +e") if it's set. +am__sh_e_setup = case $$- in *e*) set +e;; esac +# Default flags passed to test drivers. +am__common_driver_flags = \ + --color-tests "$$am__color_tests" \ + --enable-hard-errors "$$am__enable_hard_errors" \ + --expect-failure "$$am__expect_failure" +# To be inserted before the command running the test. Creates the +# directory for the log if needed. Stores in $dir the directory +# containing $f, in $tst the test, in $log the log. Executes the +# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and +# passes TESTS_ENVIRONMENT. Set up options for the wrapper that +# will run the test scripts (or their associated LOG_COMPILER, if +# thy have one). +am__check_pre = \ +$(am__sh_e_setup); \ +$(am__vpath_adj_setup) $(am__vpath_adj) \ +$(am__tty_colors); \ +srcdir=$(srcdir); export srcdir; \ +case "$@" in \ + */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ + *) am__odir=.;; \ +esac; \ +test "x$$am__odir" = x"." || test -d "$$am__odir" \ + || $(MKDIR_P) "$$am__odir" || exit $$?; \ +if test -f "./$$f"; then dir=./; \ +elif test -f "$$f"; then dir=; \ +else dir="$(srcdir)/"; fi; \ +tst=$$dir$$f; log='$@'; \ +if test -n '$(DISABLE_HARD_ERRORS)'; then \ + am__enable_hard_errors=no; \ +else \ + am__enable_hard_errors=yes; \ +fi; \ +case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ + am__expect_failure=yes;; \ + *) \ + am__expect_failure=no;; \ +esac; \ +$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) +# A shell command to get the names of the tests scripts with any registered +# extension removed (i.e., equivalently, the names of the test logs, with +# the '.log' extension removed). The result is saved in the shell variable +# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, +# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", +# since that might cause problem with VPATH rewrites for suffix-less tests. +# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. +am__set_TESTS_bases = \ + bases='$(TEST_LOGS)'; \ + bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ + bases=`echo $$bases` +AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' +RECHECK_LOGS = $(TEST_LOGS) +AM_RECURSIVE_TARGETS = check recheck +TEST_SUITE_LOG = test-suite.log +LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver +LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) +am__set_b = \ + case '$@' in \ + */*) \ + case '$*' in \ + */*) b='$*';; \ + *) b=`echo '$@' | sed 's/\.log$$//'`; \ + esac;; \ + *) \ + b='$*';; \ + esac +am__test_logs1 = $(TESTS:=.log) +am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) +TEST_LOGS = $(am__test_logs2:.sh.log=.log) +SH_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver +SH_LOG_COMPILE = $(SH_LOG_COMPILER) $(AM_SH_LOG_FLAGS) $(SH_LOG_FLAGS) +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp \ + $(top_srcdir)/build-aux/test-driver README +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +AARCH64_CCASFLAGS = @AARCH64_CCASFLAGS@ +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AM_VALGRINDFLAGS = --suppressions=$(srcdir)/suppressions.valgrind +APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +ASN1PARSER = @ASN1PARSER@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ +BYTESWAP_H = @BYTESWAP_H@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CFLAG_VISIBILITY = @CFLAG_VISIBILITY@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ +CONFIG_INCLUDE = @CONFIG_INCLUDE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CXX_LT_AGE = @CXX_LT_AGE@ +CXX_LT_CURRENT = @CXX_LT_CURRENT@ +CXX_LT_REVISION = @CXX_LT_REVISION@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_VALGRINDFLAGS = @DEFAULT_VALGRINDFLAGS@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DLL_SSL_VERSION = @DLL_SSL_VERSION@ +DLL_VERSION = @DLL_VERSION@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ +EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ +ENABLE_PADLOCK = @ENABLE_PADLOCK@ +ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ +ENOLINK_VALUE = @ENOLINK_VALUE@ +EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ +EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ +ERRNO_H = @ERRNO_H@ +ETAGS = @ETAGS@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FILECMD = @FILECMD@ +FIPS140_LIBS = @FIPS140_LIBS@ +FLOAT_H = @FLOAT_H@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETADDRINFO_LIB = @GETADDRINFO_LIB@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GL_GGL_GNULIB_ACCEPT = @GL_GGL_GNULIB_ACCEPT@ +GL_GGL_GNULIB_ACCEPT4 = @GL_GGL_GNULIB_ACCEPT4@ +GL_GGL_GNULIB_ACCESS = @GL_GGL_GNULIB_ACCESS@ +GL_GGL_GNULIB_ALIGNED_ALLOC = @GL_GGL_GNULIB_ALIGNED_ALLOC@ +GL_GGL_GNULIB_ATOLL = @GL_GGL_GNULIB_ATOLL@ +GL_GGL_GNULIB_BIND = @GL_GGL_GNULIB_BIND@ +GL_GGL_GNULIB_BTOWC = @GL_GGL_GNULIB_BTOWC@ +GL_GGL_GNULIB_CALLOC_POSIX = @GL_GGL_GNULIB_CALLOC_POSIX@ +GL_GGL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GGL_GNULIB_CANONICALIZE_FILE_NAME@ +GL_GGL_GNULIB_CHDIR = @GL_GGL_GNULIB_CHDIR@ +GL_GGL_GNULIB_CHOWN = @GL_GGL_GNULIB_CHOWN@ +GL_GGL_GNULIB_CLOSE = @GL_GGL_GNULIB_CLOSE@ +GL_GGL_GNULIB_CONNECT = @GL_GGL_GNULIB_CONNECT@ +GL_GGL_GNULIB_COPY_FILE_RANGE = @GL_GGL_GNULIB_COPY_FILE_RANGE@ +GL_GGL_GNULIB_CREAT = @GL_GGL_GNULIB_CREAT@ +GL_GGL_GNULIB_CTIME = @GL_GGL_GNULIB_CTIME@ +GL_GGL_GNULIB_DPRINTF = @GL_GGL_GNULIB_DPRINTF@ +GL_GGL_GNULIB_DUP = @GL_GGL_GNULIB_DUP@ +GL_GGL_GNULIB_DUP2 = @GL_GGL_GNULIB_DUP2@ +GL_GGL_GNULIB_DUP3 = @GL_GGL_GNULIB_DUP3@ +GL_GGL_GNULIB_DUPLOCALE = @GL_GGL_GNULIB_DUPLOCALE@ +GL_GGL_GNULIB_ENVIRON = @GL_GGL_GNULIB_ENVIRON@ +GL_GGL_GNULIB_EUIDACCESS = @GL_GGL_GNULIB_EUIDACCESS@ +GL_GGL_GNULIB_EXECL = @GL_GGL_GNULIB_EXECL@ +GL_GGL_GNULIB_EXECLE = @GL_GGL_GNULIB_EXECLE@ +GL_GGL_GNULIB_EXECLP = @GL_GGL_GNULIB_EXECLP@ +GL_GGL_GNULIB_EXECV = @GL_GGL_GNULIB_EXECV@ +GL_GGL_GNULIB_EXECVE = @GL_GGL_GNULIB_EXECVE@ +GL_GGL_GNULIB_EXECVP = @GL_GGL_GNULIB_EXECVP@ +GL_GGL_GNULIB_EXECVPE = @GL_GGL_GNULIB_EXECVPE@ +GL_GGL_GNULIB_EXPLICIT_BZERO = @GL_GGL_GNULIB_EXPLICIT_BZERO@ +GL_GGL_GNULIB_FACCESSAT = @GL_GGL_GNULIB_FACCESSAT@ +GL_GGL_GNULIB_FCHDIR = @GL_GGL_GNULIB_FCHDIR@ +GL_GGL_GNULIB_FCHMODAT = @GL_GGL_GNULIB_FCHMODAT@ +GL_GGL_GNULIB_FCHOWNAT = @GL_GGL_GNULIB_FCHOWNAT@ +GL_GGL_GNULIB_FCLOSE = @GL_GGL_GNULIB_FCLOSE@ +GL_GGL_GNULIB_FCNTL = @GL_GGL_GNULIB_FCNTL@ +GL_GGL_GNULIB_FDATASYNC = @GL_GGL_GNULIB_FDATASYNC@ +GL_GGL_GNULIB_FDOPEN = @GL_GGL_GNULIB_FDOPEN@ +GL_GGL_GNULIB_FFLUSH = @GL_GGL_GNULIB_FFLUSH@ +GL_GGL_GNULIB_FFS = @GL_GGL_GNULIB_FFS@ +GL_GGL_GNULIB_FFSL = @GL_GGL_GNULIB_FFSL@ +GL_GGL_GNULIB_FFSLL = @GL_GGL_GNULIB_FFSLL@ +GL_GGL_GNULIB_FGETC = @GL_GGL_GNULIB_FGETC@ +GL_GGL_GNULIB_FGETS = @GL_GGL_GNULIB_FGETS@ +GL_GGL_GNULIB_FOPEN = @GL_GGL_GNULIB_FOPEN@ +GL_GGL_GNULIB_FPRINTF = @GL_GGL_GNULIB_FPRINTF@ +GL_GGL_GNULIB_FPRINTF_POSIX = @GL_GGL_GNULIB_FPRINTF_POSIX@ +GL_GGL_GNULIB_FPURGE = @GL_GGL_GNULIB_FPURGE@ +GL_GGL_GNULIB_FPUTC = @GL_GGL_GNULIB_FPUTC@ +GL_GGL_GNULIB_FPUTS = @GL_GGL_GNULIB_FPUTS@ +GL_GGL_GNULIB_FREAD = @GL_GGL_GNULIB_FREAD@ +GL_GGL_GNULIB_FREE_POSIX = @GL_GGL_GNULIB_FREE_POSIX@ +GL_GGL_GNULIB_FREOPEN = @GL_GGL_GNULIB_FREOPEN@ +GL_GGL_GNULIB_FSCANF = @GL_GGL_GNULIB_FSCANF@ +GL_GGL_GNULIB_FSEEK = @GL_GGL_GNULIB_FSEEK@ +GL_GGL_GNULIB_FSEEKO = @GL_GGL_GNULIB_FSEEKO@ +GL_GGL_GNULIB_FSTAT = @GL_GGL_GNULIB_FSTAT@ +GL_GGL_GNULIB_FSTATAT = @GL_GGL_GNULIB_FSTATAT@ +GL_GGL_GNULIB_FSYNC = @GL_GGL_GNULIB_FSYNC@ +GL_GGL_GNULIB_FTELL = @GL_GGL_GNULIB_FTELL@ +GL_GGL_GNULIB_FTELLO = @GL_GGL_GNULIB_FTELLO@ +GL_GGL_GNULIB_FTRUNCATE = @GL_GGL_GNULIB_FTRUNCATE@ +GL_GGL_GNULIB_FUTIMENS = @GL_GGL_GNULIB_FUTIMENS@ +GL_GGL_GNULIB_FWRITE = @GL_GGL_GNULIB_FWRITE@ +GL_GGL_GNULIB_GETADDRINFO = @GL_GGL_GNULIB_GETADDRINFO@ +GL_GGL_GNULIB_GETC = @GL_GGL_GNULIB_GETC@ +GL_GGL_GNULIB_GETCHAR = @GL_GGL_GNULIB_GETCHAR@ +GL_GGL_GNULIB_GETCWD = @GL_GGL_GNULIB_GETCWD@ +GL_GGL_GNULIB_GETDELIM = @GL_GGL_GNULIB_GETDELIM@ +GL_GGL_GNULIB_GETDOMAINNAME = @GL_GGL_GNULIB_GETDOMAINNAME@ +GL_GGL_GNULIB_GETDTABLESIZE = @GL_GGL_GNULIB_GETDTABLESIZE@ +GL_GGL_GNULIB_GETENTROPY = @GL_GGL_GNULIB_GETENTROPY@ +GL_GGL_GNULIB_GETGROUPS = @GL_GGL_GNULIB_GETGROUPS@ +GL_GGL_GNULIB_GETHOSTNAME = @GL_GGL_GNULIB_GETHOSTNAME@ +GL_GGL_GNULIB_GETLINE = @GL_GGL_GNULIB_GETLINE@ +GL_GGL_GNULIB_GETLOADAVG = @GL_GGL_GNULIB_GETLOADAVG@ +GL_GGL_GNULIB_GETLOGIN = @GL_GGL_GNULIB_GETLOGIN@ +GL_GGL_GNULIB_GETLOGIN_R = @GL_GGL_GNULIB_GETLOGIN_R@ +GL_GGL_GNULIB_GETOPT_POSIX = @GL_GGL_GNULIB_GETOPT_POSIX@ +GL_GGL_GNULIB_GETPAGESIZE = @GL_GGL_GNULIB_GETPAGESIZE@ +GL_GGL_GNULIB_GETPASS = @GL_GGL_GNULIB_GETPASS@ +GL_GGL_GNULIB_GETPEERNAME = @GL_GGL_GNULIB_GETPEERNAME@ +GL_GGL_GNULIB_GETSOCKNAME = @GL_GGL_GNULIB_GETSOCKNAME@ +GL_GGL_GNULIB_GETSOCKOPT = @GL_GGL_GNULIB_GETSOCKOPT@ +GL_GGL_GNULIB_GETSUBOPT = @GL_GGL_GNULIB_GETSUBOPT@ +GL_GGL_GNULIB_GETTIMEOFDAY = @GL_GGL_GNULIB_GETTIMEOFDAY@ +GL_GGL_GNULIB_GETUMASK = @GL_GGL_GNULIB_GETUMASK@ +GL_GGL_GNULIB_GETUSERSHELL = @GL_GGL_GNULIB_GETUSERSHELL@ +GL_GGL_GNULIB_GRANTPT = @GL_GGL_GNULIB_GRANTPT@ +GL_GGL_GNULIB_GROUP_MEMBER = @GL_GGL_GNULIB_GROUP_MEMBER@ +GL_GGL_GNULIB_IMAXABS = @GL_GGL_GNULIB_IMAXABS@ +GL_GGL_GNULIB_IMAXDIV = @GL_GGL_GNULIB_IMAXDIV@ +GL_GGL_GNULIB_INET_NTOP = @GL_GGL_GNULIB_INET_NTOP@ +GL_GGL_GNULIB_INET_PTON = @GL_GGL_GNULIB_INET_PTON@ +GL_GGL_GNULIB_IOCTL = @GL_GGL_GNULIB_IOCTL@ +GL_GGL_GNULIB_ISATTY = @GL_GGL_GNULIB_ISATTY@ +GL_GGL_GNULIB_ISBLANK = @GL_GGL_GNULIB_ISBLANK@ +GL_GGL_GNULIB_LCHMOD = @GL_GGL_GNULIB_LCHMOD@ +GL_GGL_GNULIB_LCHOWN = @GL_GGL_GNULIB_LCHOWN@ +GL_GGL_GNULIB_LINK = @GL_GGL_GNULIB_LINK@ +GL_GGL_GNULIB_LINKAT = @GL_GGL_GNULIB_LINKAT@ +GL_GGL_GNULIB_LISTEN = @GL_GGL_GNULIB_LISTEN@ +GL_GGL_GNULIB_LOCALECONV = @GL_GGL_GNULIB_LOCALECONV@ +GL_GGL_GNULIB_LOCALENAME = @GL_GGL_GNULIB_LOCALENAME@ +GL_GGL_GNULIB_LOCALTIME = @GL_GGL_GNULIB_LOCALTIME@ +GL_GGL_GNULIB_LSEEK = @GL_GGL_GNULIB_LSEEK@ +GL_GGL_GNULIB_LSTAT = @GL_GGL_GNULIB_LSTAT@ +GL_GGL_GNULIB_MALLOC_POSIX = @GL_GGL_GNULIB_MALLOC_POSIX@ +GL_GGL_GNULIB_MBRLEN = @GL_GGL_GNULIB_MBRLEN@ +GL_GGL_GNULIB_MBRTOWC = @GL_GGL_GNULIB_MBRTOWC@ +GL_GGL_GNULIB_MBSCASECMP = @GL_GGL_GNULIB_MBSCASECMP@ +GL_GGL_GNULIB_MBSCASESTR = @GL_GGL_GNULIB_MBSCASESTR@ +GL_GGL_GNULIB_MBSCHR = @GL_GGL_GNULIB_MBSCHR@ +GL_GGL_GNULIB_MBSCSPN = @GL_GGL_GNULIB_MBSCSPN@ +GL_GGL_GNULIB_MBSINIT = @GL_GGL_GNULIB_MBSINIT@ +GL_GGL_GNULIB_MBSLEN = @GL_GGL_GNULIB_MBSLEN@ +GL_GGL_GNULIB_MBSNCASECMP = @GL_GGL_GNULIB_MBSNCASECMP@ +GL_GGL_GNULIB_MBSNLEN = @GL_GGL_GNULIB_MBSNLEN@ +GL_GGL_GNULIB_MBSNRTOWCS = @GL_GGL_GNULIB_MBSNRTOWCS@ +GL_GGL_GNULIB_MBSPBRK = @GL_GGL_GNULIB_MBSPBRK@ +GL_GGL_GNULIB_MBSPCASECMP = @GL_GGL_GNULIB_MBSPCASECMP@ +GL_GGL_GNULIB_MBSRCHR = @GL_GGL_GNULIB_MBSRCHR@ +GL_GGL_GNULIB_MBSRTOWCS = @GL_GGL_GNULIB_MBSRTOWCS@ +GL_GGL_GNULIB_MBSSEP = @GL_GGL_GNULIB_MBSSEP@ +GL_GGL_GNULIB_MBSSPN = @GL_GGL_GNULIB_MBSSPN@ +GL_GGL_GNULIB_MBSSTR = @GL_GGL_GNULIB_MBSSTR@ +GL_GGL_GNULIB_MBSTOK_R = @GL_GGL_GNULIB_MBSTOK_R@ +GL_GGL_GNULIB_MBTOWC = @GL_GGL_GNULIB_MBTOWC@ +GL_GGL_GNULIB_MDA_ACCESS = @GL_GGL_GNULIB_MDA_ACCESS@ +GL_GGL_GNULIB_MDA_CHDIR = @GL_GGL_GNULIB_MDA_CHDIR@ +GL_GGL_GNULIB_MDA_CHMOD = @GL_GGL_GNULIB_MDA_CHMOD@ +GL_GGL_GNULIB_MDA_CLOSE = @GL_GGL_GNULIB_MDA_CLOSE@ +GL_GGL_GNULIB_MDA_CREAT = @GL_GGL_GNULIB_MDA_CREAT@ +GL_GGL_GNULIB_MDA_DUP = @GL_GGL_GNULIB_MDA_DUP@ +GL_GGL_GNULIB_MDA_DUP2 = @GL_GGL_GNULIB_MDA_DUP2@ +GL_GGL_GNULIB_MDA_ECVT = @GL_GGL_GNULIB_MDA_ECVT@ +GL_GGL_GNULIB_MDA_EXECL = @GL_GGL_GNULIB_MDA_EXECL@ +GL_GGL_GNULIB_MDA_EXECLE = @GL_GGL_GNULIB_MDA_EXECLE@ +GL_GGL_GNULIB_MDA_EXECLP = @GL_GGL_GNULIB_MDA_EXECLP@ +GL_GGL_GNULIB_MDA_EXECV = @GL_GGL_GNULIB_MDA_EXECV@ +GL_GGL_GNULIB_MDA_EXECVE = @GL_GGL_GNULIB_MDA_EXECVE@ +GL_GGL_GNULIB_MDA_EXECVP = @GL_GGL_GNULIB_MDA_EXECVP@ +GL_GGL_GNULIB_MDA_EXECVPE = @GL_GGL_GNULIB_MDA_EXECVPE@ +GL_GGL_GNULIB_MDA_FCLOSEALL = @GL_GGL_GNULIB_MDA_FCLOSEALL@ +GL_GGL_GNULIB_MDA_FCVT = @GL_GGL_GNULIB_MDA_FCVT@ +GL_GGL_GNULIB_MDA_FDOPEN = @GL_GGL_GNULIB_MDA_FDOPEN@ +GL_GGL_GNULIB_MDA_FILENO = @GL_GGL_GNULIB_MDA_FILENO@ +GL_GGL_GNULIB_MDA_GCVT = @GL_GGL_GNULIB_MDA_GCVT@ +GL_GGL_GNULIB_MDA_GETCWD = @GL_GGL_GNULIB_MDA_GETCWD@ +GL_GGL_GNULIB_MDA_GETPID = @GL_GGL_GNULIB_MDA_GETPID@ +GL_GGL_GNULIB_MDA_GETW = @GL_GGL_GNULIB_MDA_GETW@ +GL_GGL_GNULIB_MDA_ISATTY = @GL_GGL_GNULIB_MDA_ISATTY@ +GL_GGL_GNULIB_MDA_LSEEK = @GL_GGL_GNULIB_MDA_LSEEK@ +GL_GGL_GNULIB_MDA_MEMCCPY = @GL_GGL_GNULIB_MDA_MEMCCPY@ +GL_GGL_GNULIB_MDA_MKDIR = @GL_GGL_GNULIB_MDA_MKDIR@ +GL_GGL_GNULIB_MDA_MKTEMP = @GL_GGL_GNULIB_MDA_MKTEMP@ +GL_GGL_GNULIB_MDA_OPEN = @GL_GGL_GNULIB_MDA_OPEN@ +GL_GGL_GNULIB_MDA_PUTENV = @GL_GGL_GNULIB_MDA_PUTENV@ +GL_GGL_GNULIB_MDA_PUTW = @GL_GGL_GNULIB_MDA_PUTW@ +GL_GGL_GNULIB_MDA_READ = @GL_GGL_GNULIB_MDA_READ@ +GL_GGL_GNULIB_MDA_RMDIR = @GL_GGL_GNULIB_MDA_RMDIR@ +GL_GGL_GNULIB_MDA_STRDUP = @GL_GGL_GNULIB_MDA_STRDUP@ +GL_GGL_GNULIB_MDA_SWAB = @GL_GGL_GNULIB_MDA_SWAB@ +GL_GGL_GNULIB_MDA_TEMPNAM = @GL_GGL_GNULIB_MDA_TEMPNAM@ +GL_GGL_GNULIB_MDA_TZSET = @GL_GGL_GNULIB_MDA_TZSET@ +GL_GGL_GNULIB_MDA_UMASK = @GL_GGL_GNULIB_MDA_UMASK@ +GL_GGL_GNULIB_MDA_UNLINK = @GL_GGL_GNULIB_MDA_UNLINK@ +GL_GGL_GNULIB_MDA_WCSDUP = @GL_GGL_GNULIB_MDA_WCSDUP@ +GL_GGL_GNULIB_MDA_WRITE = @GL_GGL_GNULIB_MDA_WRITE@ +GL_GGL_GNULIB_MEMCHR = @GL_GGL_GNULIB_MEMCHR@ +GL_GGL_GNULIB_MEMMEM = @GL_GGL_GNULIB_MEMMEM@ +GL_GGL_GNULIB_MEMPCPY = @GL_GGL_GNULIB_MEMPCPY@ +GL_GGL_GNULIB_MEMRCHR = @GL_GGL_GNULIB_MEMRCHR@ +GL_GGL_GNULIB_MKDIR = @GL_GGL_GNULIB_MKDIR@ +GL_GGL_GNULIB_MKDIRAT = @GL_GGL_GNULIB_MKDIRAT@ +GL_GGL_GNULIB_MKDTEMP = @GL_GGL_GNULIB_MKDTEMP@ +GL_GGL_GNULIB_MKFIFO = @GL_GGL_GNULIB_MKFIFO@ +GL_GGL_GNULIB_MKFIFOAT = @GL_GGL_GNULIB_MKFIFOAT@ +GL_GGL_GNULIB_MKNOD = @GL_GGL_GNULIB_MKNOD@ +GL_GGL_GNULIB_MKNODAT = @GL_GGL_GNULIB_MKNODAT@ +GL_GGL_GNULIB_MKOSTEMP = @GL_GGL_GNULIB_MKOSTEMP@ +GL_GGL_GNULIB_MKOSTEMPS = @GL_GGL_GNULIB_MKOSTEMPS@ +GL_GGL_GNULIB_MKSTEMP = @GL_GGL_GNULIB_MKSTEMP@ +GL_GGL_GNULIB_MKSTEMPS = @GL_GGL_GNULIB_MKSTEMPS@ +GL_GGL_GNULIB_MKTIME = @GL_GGL_GNULIB_MKTIME@ +GL_GGL_GNULIB_NANOSLEEP = @GL_GGL_GNULIB_NANOSLEEP@ +GL_GGL_GNULIB_NL_LANGINFO = @GL_GGL_GNULIB_NL_LANGINFO@ +GL_GGL_GNULIB_NONBLOCKING = @GL_GGL_GNULIB_NONBLOCKING@ +GL_GGL_GNULIB_OBSTACK_PRINTF = @GL_GGL_GNULIB_OBSTACK_PRINTF@ +GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX@ +GL_GGL_GNULIB_OPEN = @GL_GGL_GNULIB_OPEN@ +GL_GGL_GNULIB_OPENAT = @GL_GGL_GNULIB_OPENAT@ +GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT@ +GL_GGL_GNULIB_PCLOSE = @GL_GGL_GNULIB_PCLOSE@ +GL_GGL_GNULIB_PERROR = @GL_GGL_GNULIB_PERROR@ +GL_GGL_GNULIB_PIPE = @GL_GGL_GNULIB_PIPE@ +GL_GGL_GNULIB_PIPE2 = @GL_GGL_GNULIB_PIPE2@ +GL_GGL_GNULIB_POPEN = @GL_GGL_GNULIB_POPEN@ +GL_GGL_GNULIB_POSIX_MEMALIGN = @GL_GGL_GNULIB_POSIX_MEMALIGN@ +GL_GGL_GNULIB_POSIX_OPENPT = @GL_GGL_GNULIB_POSIX_OPENPT@ +GL_GGL_GNULIB_PREAD = @GL_GGL_GNULIB_PREAD@ +GL_GGL_GNULIB_PRINTF = @GL_GGL_GNULIB_PRINTF@ +GL_GGL_GNULIB_PRINTF_POSIX = @GL_GGL_GNULIB_PRINTF_POSIX@ +GL_GGL_GNULIB_PSELECT = @GL_GGL_GNULIB_PSELECT@ +GL_GGL_GNULIB_PTHREAD_COND = @GL_GGL_GNULIB_PTHREAD_COND@ +GL_GGL_GNULIB_PTHREAD_MUTEX = @GL_GGL_GNULIB_PTHREAD_MUTEX@ +GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK = @GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK@ +GL_GGL_GNULIB_PTHREAD_ONCE = @GL_GGL_GNULIB_PTHREAD_ONCE@ +GL_GGL_GNULIB_PTHREAD_RWLOCK = @GL_GGL_GNULIB_PTHREAD_RWLOCK@ +GL_GGL_GNULIB_PTHREAD_SIGMASK = @GL_GGL_GNULIB_PTHREAD_SIGMASK@ +GL_GGL_GNULIB_PTHREAD_SPIN = @GL_GGL_GNULIB_PTHREAD_SPIN@ +GL_GGL_GNULIB_PTHREAD_THREAD = @GL_GGL_GNULIB_PTHREAD_THREAD@ +GL_GGL_GNULIB_PTHREAD_TSS = @GL_GGL_GNULIB_PTHREAD_TSS@ +GL_GGL_GNULIB_PTSNAME = @GL_GGL_GNULIB_PTSNAME@ +GL_GGL_GNULIB_PTSNAME_R = @GL_GGL_GNULIB_PTSNAME_R@ +GL_GGL_GNULIB_PUTC = @GL_GGL_GNULIB_PUTC@ +GL_GGL_GNULIB_PUTCHAR = @GL_GGL_GNULIB_PUTCHAR@ +GL_GGL_GNULIB_PUTENV = @GL_GGL_GNULIB_PUTENV@ +GL_GGL_GNULIB_PUTS = @GL_GGL_GNULIB_PUTS@ +GL_GGL_GNULIB_PWRITE = @GL_GGL_GNULIB_PWRITE@ +GL_GGL_GNULIB_QSORT_R = @GL_GGL_GNULIB_QSORT_R@ +GL_GGL_GNULIB_RAISE = @GL_GGL_GNULIB_RAISE@ +GL_GGL_GNULIB_RANDOM = @GL_GGL_GNULIB_RANDOM@ +GL_GGL_GNULIB_RANDOM_R = @GL_GGL_GNULIB_RANDOM_R@ +GL_GGL_GNULIB_RAWMEMCHR = @GL_GGL_GNULIB_RAWMEMCHR@ +GL_GGL_GNULIB_READ = @GL_GGL_GNULIB_READ@ +GL_GGL_GNULIB_READLINK = @GL_GGL_GNULIB_READLINK@ +GL_GGL_GNULIB_READLINKAT = @GL_GGL_GNULIB_READLINKAT@ +GL_GGL_GNULIB_REALLOCARRAY = @GL_GGL_GNULIB_REALLOCARRAY@ +GL_GGL_GNULIB_REALLOC_POSIX = @GL_GGL_GNULIB_REALLOC_POSIX@ +GL_GGL_GNULIB_REALPATH = @GL_GGL_GNULIB_REALPATH@ +GL_GGL_GNULIB_RECV = @GL_GGL_GNULIB_RECV@ +GL_GGL_GNULIB_RECVFROM = @GL_GGL_GNULIB_RECVFROM@ +GL_GGL_GNULIB_REMOVE = @GL_GGL_GNULIB_REMOVE@ +GL_GGL_GNULIB_RENAME = @GL_GGL_GNULIB_RENAME@ +GL_GGL_GNULIB_RENAMEAT = @GL_GGL_GNULIB_RENAMEAT@ +GL_GGL_GNULIB_RMDIR = @GL_GGL_GNULIB_RMDIR@ +GL_GGL_GNULIB_RPMATCH = @GL_GGL_GNULIB_RPMATCH@ +GL_GGL_GNULIB_SCANF = @GL_GGL_GNULIB_SCANF@ +GL_GGL_GNULIB_SCHED_YIELD = @GL_GGL_GNULIB_SCHED_YIELD@ +GL_GGL_GNULIB_SECURE_GETENV = @GL_GGL_GNULIB_SECURE_GETENV@ +GL_GGL_GNULIB_SELECT = @GL_GGL_GNULIB_SELECT@ +GL_GGL_GNULIB_SEND = @GL_GGL_GNULIB_SEND@ +GL_GGL_GNULIB_SENDTO = @GL_GGL_GNULIB_SENDTO@ +GL_GGL_GNULIB_SETENV = @GL_GGL_GNULIB_SETENV@ +GL_GGL_GNULIB_SETHOSTNAME = @GL_GGL_GNULIB_SETHOSTNAME@ +GL_GGL_GNULIB_SETLOCALE = @GL_GGL_GNULIB_SETLOCALE@ +GL_GGL_GNULIB_SETLOCALE_NULL = @GL_GGL_GNULIB_SETLOCALE_NULL@ +GL_GGL_GNULIB_SETSOCKOPT = @GL_GGL_GNULIB_SETSOCKOPT@ +GL_GGL_GNULIB_SHUTDOWN = @GL_GGL_GNULIB_SHUTDOWN@ +GL_GGL_GNULIB_SIGABBREV_NP = @GL_GGL_GNULIB_SIGABBREV_NP@ +GL_GGL_GNULIB_SIGACTION = @GL_GGL_GNULIB_SIGACTION@ +GL_GGL_GNULIB_SIGDESCR_NP = @GL_GGL_GNULIB_SIGDESCR_NP@ +GL_GGL_GNULIB_SIGNAL_H_SIGPIPE = @GL_GGL_GNULIB_SIGNAL_H_SIGPIPE@ +GL_GGL_GNULIB_SIGPROCMASK = @GL_GGL_GNULIB_SIGPROCMASK@ +GL_GGL_GNULIB_SLEEP = @GL_GGL_GNULIB_SLEEP@ +GL_GGL_GNULIB_SNPRINTF = @GL_GGL_GNULIB_SNPRINTF@ +GL_GGL_GNULIB_SOCKET = @GL_GGL_GNULIB_SOCKET@ +GL_GGL_GNULIB_SPRINTF_POSIX = @GL_GGL_GNULIB_SPRINTF_POSIX@ +GL_GGL_GNULIB_STAT = @GL_GGL_GNULIB_STAT@ +GL_GGL_GNULIB_STDIO_H_NONBLOCKING = @GL_GGL_GNULIB_STDIO_H_NONBLOCKING@ +GL_GGL_GNULIB_STDIO_H_SIGPIPE = @GL_GGL_GNULIB_STDIO_H_SIGPIPE@ +GL_GGL_GNULIB_STPCPY = @GL_GGL_GNULIB_STPCPY@ +GL_GGL_GNULIB_STPNCPY = @GL_GGL_GNULIB_STPNCPY@ +GL_GGL_GNULIB_STRCASESTR = @GL_GGL_GNULIB_STRCASESTR@ +GL_GGL_GNULIB_STRCHRNUL = @GL_GGL_GNULIB_STRCHRNUL@ +GL_GGL_GNULIB_STRDUP = @GL_GGL_GNULIB_STRDUP@ +GL_GGL_GNULIB_STRERROR = @GL_GGL_GNULIB_STRERROR@ +GL_GGL_GNULIB_STRERRORNAME_NP = @GL_GGL_GNULIB_STRERRORNAME_NP@ +GL_GGL_GNULIB_STRERROR_R = @GL_GGL_GNULIB_STRERROR_R@ +GL_GGL_GNULIB_STRFTIME = @GL_GGL_GNULIB_STRFTIME@ +GL_GGL_GNULIB_STRNCAT = @GL_GGL_GNULIB_STRNCAT@ +GL_GGL_GNULIB_STRNDUP = @GL_GGL_GNULIB_STRNDUP@ +GL_GGL_GNULIB_STRNLEN = @GL_GGL_GNULIB_STRNLEN@ +GL_GGL_GNULIB_STRPBRK = @GL_GGL_GNULIB_STRPBRK@ +GL_GGL_GNULIB_STRPTIME = @GL_GGL_GNULIB_STRPTIME@ +GL_GGL_GNULIB_STRSEP = @GL_GGL_GNULIB_STRSEP@ +GL_GGL_GNULIB_STRSIGNAL = @GL_GGL_GNULIB_STRSIGNAL@ +GL_GGL_GNULIB_STRSTR = @GL_GGL_GNULIB_STRSTR@ +GL_GGL_GNULIB_STRTOD = @GL_GGL_GNULIB_STRTOD@ +GL_GGL_GNULIB_STRTOIMAX = @GL_GGL_GNULIB_STRTOIMAX@ +GL_GGL_GNULIB_STRTOK_R = @GL_GGL_GNULIB_STRTOK_R@ +GL_GGL_GNULIB_STRTOL = @GL_GGL_GNULIB_STRTOL@ +GL_GGL_GNULIB_STRTOLD = @GL_GGL_GNULIB_STRTOLD@ +GL_GGL_GNULIB_STRTOLL = @GL_GGL_GNULIB_STRTOLL@ +GL_GGL_GNULIB_STRTOUL = @GL_GGL_GNULIB_STRTOUL@ +GL_GGL_GNULIB_STRTOULL = @GL_GGL_GNULIB_STRTOULL@ +GL_GGL_GNULIB_STRTOUMAX = @GL_GGL_GNULIB_STRTOUMAX@ +GL_GGL_GNULIB_STRVERSCMP = @GL_GGL_GNULIB_STRVERSCMP@ +GL_GGL_GNULIB_SYMLINK = @GL_GGL_GNULIB_SYMLINK@ +GL_GGL_GNULIB_SYMLINKAT = @GL_GGL_GNULIB_SYMLINKAT@ +GL_GGL_GNULIB_SYSTEM_POSIX = @GL_GGL_GNULIB_SYSTEM_POSIX@ +GL_GGL_GNULIB_TIMEGM = @GL_GGL_GNULIB_TIMEGM@ +GL_GGL_GNULIB_TIMESPEC_GET = @GL_GGL_GNULIB_TIMESPEC_GET@ +GL_GGL_GNULIB_TIME_R = @GL_GGL_GNULIB_TIME_R@ +GL_GGL_GNULIB_TIME_RZ = @GL_GGL_GNULIB_TIME_RZ@ +GL_GGL_GNULIB_TMPFILE = @GL_GGL_GNULIB_TMPFILE@ +GL_GGL_GNULIB_TRUNCATE = @GL_GGL_GNULIB_TRUNCATE@ +GL_GGL_GNULIB_TTYNAME_R = @GL_GGL_GNULIB_TTYNAME_R@ +GL_GGL_GNULIB_TZSET = @GL_GGL_GNULIB_TZSET@ +GL_GGL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GGL_GNULIB_UNISTD_H_NONBLOCKING@ +GL_GGL_GNULIB_UNISTD_H_SIGPIPE = @GL_GGL_GNULIB_UNISTD_H_SIGPIPE@ +GL_GGL_GNULIB_UNLINK = @GL_GGL_GNULIB_UNLINK@ +GL_GGL_GNULIB_UNLINKAT = @GL_GGL_GNULIB_UNLINKAT@ +GL_GGL_GNULIB_UNLOCKPT = @GL_GGL_GNULIB_UNLOCKPT@ +GL_GGL_GNULIB_UNSETENV = @GL_GGL_GNULIB_UNSETENV@ +GL_GGL_GNULIB_USLEEP = @GL_GGL_GNULIB_USLEEP@ +GL_GGL_GNULIB_UTIMENSAT = @GL_GGL_GNULIB_UTIMENSAT@ +GL_GGL_GNULIB_VASPRINTF = @GL_GGL_GNULIB_VASPRINTF@ +GL_GGL_GNULIB_VDPRINTF = @GL_GGL_GNULIB_VDPRINTF@ +GL_GGL_GNULIB_VFPRINTF = @GL_GGL_GNULIB_VFPRINTF@ +GL_GGL_GNULIB_VFPRINTF_POSIX = @GL_GGL_GNULIB_VFPRINTF_POSIX@ +GL_GGL_GNULIB_VFSCANF = @GL_GGL_GNULIB_VFSCANF@ +GL_GGL_GNULIB_VPRINTF = @GL_GGL_GNULIB_VPRINTF@ +GL_GGL_GNULIB_VPRINTF_POSIX = @GL_GGL_GNULIB_VPRINTF_POSIX@ +GL_GGL_GNULIB_VSCANF = @GL_GGL_GNULIB_VSCANF@ +GL_GGL_GNULIB_VSNPRINTF = @GL_GGL_GNULIB_VSNPRINTF@ +GL_GGL_GNULIB_VSPRINTF_POSIX = @GL_GGL_GNULIB_VSPRINTF_POSIX@ +GL_GGL_GNULIB_WCPCPY = @GL_GGL_GNULIB_WCPCPY@ +GL_GGL_GNULIB_WCPNCPY = @GL_GGL_GNULIB_WCPNCPY@ +GL_GGL_GNULIB_WCRTOMB = @GL_GGL_GNULIB_WCRTOMB@ +GL_GGL_GNULIB_WCSCASECMP = @GL_GGL_GNULIB_WCSCASECMP@ +GL_GGL_GNULIB_WCSCAT = @GL_GGL_GNULIB_WCSCAT@ +GL_GGL_GNULIB_WCSCHR = @GL_GGL_GNULIB_WCSCHR@ +GL_GGL_GNULIB_WCSCMP = @GL_GGL_GNULIB_WCSCMP@ +GL_GGL_GNULIB_WCSCOLL = @GL_GGL_GNULIB_WCSCOLL@ +GL_GGL_GNULIB_WCSCPY = @GL_GGL_GNULIB_WCSCPY@ +GL_GGL_GNULIB_WCSCSPN = @GL_GGL_GNULIB_WCSCSPN@ +GL_GGL_GNULIB_WCSDUP = @GL_GGL_GNULIB_WCSDUP@ +GL_GGL_GNULIB_WCSFTIME = @GL_GGL_GNULIB_WCSFTIME@ +GL_GGL_GNULIB_WCSLEN = @GL_GGL_GNULIB_WCSLEN@ +GL_GGL_GNULIB_WCSNCASECMP = @GL_GGL_GNULIB_WCSNCASECMP@ +GL_GGL_GNULIB_WCSNCAT = @GL_GGL_GNULIB_WCSNCAT@ +GL_GGL_GNULIB_WCSNCMP = @GL_GGL_GNULIB_WCSNCMP@ +GL_GGL_GNULIB_WCSNCPY = @GL_GGL_GNULIB_WCSNCPY@ +GL_GGL_GNULIB_WCSNLEN = @GL_GGL_GNULIB_WCSNLEN@ +GL_GGL_GNULIB_WCSNRTOMBS = @GL_GGL_GNULIB_WCSNRTOMBS@ +GL_GGL_GNULIB_WCSPBRK = @GL_GGL_GNULIB_WCSPBRK@ +GL_GGL_GNULIB_WCSRCHR = @GL_GGL_GNULIB_WCSRCHR@ +GL_GGL_GNULIB_WCSRTOMBS = @GL_GGL_GNULIB_WCSRTOMBS@ +GL_GGL_GNULIB_WCSSPN = @GL_GGL_GNULIB_WCSSPN@ +GL_GGL_GNULIB_WCSSTR = @GL_GGL_GNULIB_WCSSTR@ +GL_GGL_GNULIB_WCSTOK = @GL_GGL_GNULIB_WCSTOK@ +GL_GGL_GNULIB_WCSWIDTH = @GL_GGL_GNULIB_WCSWIDTH@ +GL_GGL_GNULIB_WCSXFRM = @GL_GGL_GNULIB_WCSXFRM@ +GL_GGL_GNULIB_WCTOB = @GL_GGL_GNULIB_WCTOB@ +GL_GGL_GNULIB_WCTOMB = @GL_GGL_GNULIB_WCTOMB@ +GL_GGL_GNULIB_WCWIDTH = @GL_GGL_GNULIB_WCWIDTH@ +GL_GGL_GNULIB_WMEMCHR = @GL_GGL_GNULIB_WMEMCHR@ +GL_GGL_GNULIB_WMEMCMP = @GL_GGL_GNULIB_WMEMCMP@ +GL_GGL_GNULIB_WMEMCPY = @GL_GGL_GNULIB_WMEMCPY@ +GL_GGL_GNULIB_WMEMMOVE = @GL_GGL_GNULIB_WMEMMOVE@ +GL_GGL_GNULIB_WMEMPCPY = @GL_GGL_GNULIB_WMEMPCPY@ +GL_GGL_GNULIB_WMEMSET = @GL_GGL_GNULIB_WMEMSET@ +GL_GGL_GNULIB_WRITE = @GL_GGL_GNULIB_WRITE@ +GL_GGL_GNULIB__EXIT = @GL_GGL_GNULIB__EXIT@ +GL_GNULIB_ACCEPT = @GL_GNULIB_ACCEPT@ +GL_GNULIB_ACCEPT4 = @GL_GNULIB_ACCEPT4@ +GL_GNULIB_ACCESS = @GL_GNULIB_ACCESS@ +GL_GNULIB_ALIGNED_ALLOC = @GL_GNULIB_ALIGNED_ALLOC@ +GL_GNULIB_ATOLL = @GL_GNULIB_ATOLL@ +GL_GNULIB_BIND = @GL_GNULIB_BIND@ +GL_GNULIB_BTOWC = @GL_GNULIB_BTOWC@ +GL_GNULIB_CALLOC_POSIX = @GL_GNULIB_CALLOC_POSIX@ +GL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GNULIB_CANONICALIZE_FILE_NAME@ +GL_GNULIB_CHDIR = @GL_GNULIB_CHDIR@ +GL_GNULIB_CHOWN = @GL_GNULIB_CHOWN@ +GL_GNULIB_CLOSE = @GL_GNULIB_CLOSE@ +GL_GNULIB_CONNECT = @GL_GNULIB_CONNECT@ +GL_GNULIB_COPY_FILE_RANGE = @GL_GNULIB_COPY_FILE_RANGE@ +GL_GNULIB_CREAT = @GL_GNULIB_CREAT@ +GL_GNULIB_CTIME = @GL_GNULIB_CTIME@ +GL_GNULIB_DPRINTF = @GL_GNULIB_DPRINTF@ +GL_GNULIB_DUP = @GL_GNULIB_DUP@ +GL_GNULIB_DUP2 = @GL_GNULIB_DUP2@ +GL_GNULIB_DUP3 = @GL_GNULIB_DUP3@ +GL_GNULIB_ENVIRON = @GL_GNULIB_ENVIRON@ +GL_GNULIB_EUIDACCESS = @GL_GNULIB_EUIDACCESS@ +GL_GNULIB_EXECL = @GL_GNULIB_EXECL@ +GL_GNULIB_EXECLE = @GL_GNULIB_EXECLE@ +GL_GNULIB_EXECLP = @GL_GNULIB_EXECLP@ +GL_GNULIB_EXECV = @GL_GNULIB_EXECV@ +GL_GNULIB_EXECVE = @GL_GNULIB_EXECVE@ +GL_GNULIB_EXECVP = @GL_GNULIB_EXECVP@ +GL_GNULIB_EXECVPE = @GL_GNULIB_EXECVPE@ +GL_GNULIB_EXPLICIT_BZERO = @GL_GNULIB_EXPLICIT_BZERO@ +GL_GNULIB_FACCESSAT = @GL_GNULIB_FACCESSAT@ +GL_GNULIB_FCHDIR = @GL_GNULIB_FCHDIR@ +GL_GNULIB_FCHMODAT = @GL_GNULIB_FCHMODAT@ +GL_GNULIB_FCHOWNAT = @GL_GNULIB_FCHOWNAT@ +GL_GNULIB_FCLOSE = @GL_GNULIB_FCLOSE@ +GL_GNULIB_FCNTL = @GL_GNULIB_FCNTL@ +GL_GNULIB_FDATASYNC = @GL_GNULIB_FDATASYNC@ +GL_GNULIB_FDOPEN = @GL_GNULIB_FDOPEN@ +GL_GNULIB_FFLUSH = @GL_GNULIB_FFLUSH@ +GL_GNULIB_FFS = @GL_GNULIB_FFS@ +GL_GNULIB_FFSL = @GL_GNULIB_FFSL@ +GL_GNULIB_FFSLL = @GL_GNULIB_FFSLL@ +GL_GNULIB_FGETC = @GL_GNULIB_FGETC@ +GL_GNULIB_FGETS = @GL_GNULIB_FGETS@ +GL_GNULIB_FOPEN = @GL_GNULIB_FOPEN@ +GL_GNULIB_FPRINTF = @GL_GNULIB_FPRINTF@ +GL_GNULIB_FPRINTF_POSIX = @GL_GNULIB_FPRINTF_POSIX@ +GL_GNULIB_FPURGE = @GL_GNULIB_FPURGE@ +GL_GNULIB_FPUTC = @GL_GNULIB_FPUTC@ +GL_GNULIB_FPUTS = @GL_GNULIB_FPUTS@ +GL_GNULIB_FREAD = @GL_GNULIB_FREAD@ +GL_GNULIB_FREE_POSIX = @GL_GNULIB_FREE_POSIX@ +GL_GNULIB_FREOPEN = @GL_GNULIB_FREOPEN@ +GL_GNULIB_FSCANF = @GL_GNULIB_FSCANF@ +GL_GNULIB_FSEEK = @GL_GNULIB_FSEEK@ +GL_GNULIB_FSEEKO = @GL_GNULIB_FSEEKO@ +GL_GNULIB_FSTAT = @GL_GNULIB_FSTAT@ +GL_GNULIB_FSTATAT = @GL_GNULIB_FSTATAT@ +GL_GNULIB_FSYNC = @GL_GNULIB_FSYNC@ +GL_GNULIB_FTELL = @GL_GNULIB_FTELL@ +GL_GNULIB_FTELLO = @GL_GNULIB_FTELLO@ +GL_GNULIB_FTRUNCATE = @GL_GNULIB_FTRUNCATE@ +GL_GNULIB_FUTIMENS = @GL_GNULIB_FUTIMENS@ +GL_GNULIB_FWRITE = @GL_GNULIB_FWRITE@ +GL_GNULIB_GETADDRINFO = @GL_GNULIB_GETADDRINFO@ +GL_GNULIB_GETC = @GL_GNULIB_GETC@ +GL_GNULIB_GETCHAR = @GL_GNULIB_GETCHAR@ +GL_GNULIB_GETCWD = @GL_GNULIB_GETCWD@ +GL_GNULIB_GETDELIM = @GL_GNULIB_GETDELIM@ +GL_GNULIB_GETDOMAINNAME = @GL_GNULIB_GETDOMAINNAME@ +GL_GNULIB_GETDTABLESIZE = @GL_GNULIB_GETDTABLESIZE@ +GL_GNULIB_GETENTROPY = @GL_GNULIB_GETENTROPY@ +GL_GNULIB_GETGROUPS = @GL_GNULIB_GETGROUPS@ +GL_GNULIB_GETHOSTNAME = @GL_GNULIB_GETHOSTNAME@ +GL_GNULIB_GETLINE = @GL_GNULIB_GETLINE@ +GL_GNULIB_GETLOADAVG = @GL_GNULIB_GETLOADAVG@ +GL_GNULIB_GETLOGIN = @GL_GNULIB_GETLOGIN@ +GL_GNULIB_GETLOGIN_R = @GL_GNULIB_GETLOGIN_R@ +GL_GNULIB_GETOPT_POSIX = @GL_GNULIB_GETOPT_POSIX@ +GL_GNULIB_GETPAGESIZE = @GL_GNULIB_GETPAGESIZE@ +GL_GNULIB_GETPASS = @GL_GNULIB_GETPASS@ +GL_GNULIB_GETPEERNAME = @GL_GNULIB_GETPEERNAME@ +GL_GNULIB_GETSOCKNAME = @GL_GNULIB_GETSOCKNAME@ +GL_GNULIB_GETSOCKOPT = @GL_GNULIB_GETSOCKOPT@ +GL_GNULIB_GETSUBOPT = @GL_GNULIB_GETSUBOPT@ +GL_GNULIB_GETTIMEOFDAY = @GL_GNULIB_GETTIMEOFDAY@ +GL_GNULIB_GETUMASK = @GL_GNULIB_GETUMASK@ +GL_GNULIB_GETUSERSHELL = @GL_GNULIB_GETUSERSHELL@ +GL_GNULIB_GRANTPT = @GL_GNULIB_GRANTPT@ +GL_GNULIB_GROUP_MEMBER = @GL_GNULIB_GROUP_MEMBER@ +GL_GNULIB_IMAXABS = @GL_GNULIB_IMAXABS@ +GL_GNULIB_IMAXDIV = @GL_GNULIB_IMAXDIV@ +GL_GNULIB_INET_NTOP = @GL_GNULIB_INET_NTOP@ +GL_GNULIB_INET_PTON = @GL_GNULIB_INET_PTON@ +GL_GNULIB_ISATTY = @GL_GNULIB_ISATTY@ +GL_GNULIB_LCHMOD = @GL_GNULIB_LCHMOD@ +GL_GNULIB_LCHOWN = @GL_GNULIB_LCHOWN@ +GL_GNULIB_LINK = @GL_GNULIB_LINK@ +GL_GNULIB_LINKAT = @GL_GNULIB_LINKAT@ +GL_GNULIB_LISTEN = @GL_GNULIB_LISTEN@ +GL_GNULIB_LOCALTIME = @GL_GNULIB_LOCALTIME@ +GL_GNULIB_LSEEK = @GL_GNULIB_LSEEK@ +GL_GNULIB_LSTAT = @GL_GNULIB_LSTAT@ +GL_GNULIB_MALLOC_POSIX = @GL_GNULIB_MALLOC_POSIX@ +GL_GNULIB_MBRLEN = @GL_GNULIB_MBRLEN@ +GL_GNULIB_MBRTOWC = @GL_GNULIB_MBRTOWC@ +GL_GNULIB_MBSCASECMP = @GL_GNULIB_MBSCASECMP@ +GL_GNULIB_MBSCASESTR = @GL_GNULIB_MBSCASESTR@ +GL_GNULIB_MBSCHR = @GL_GNULIB_MBSCHR@ +GL_GNULIB_MBSCSPN = @GL_GNULIB_MBSCSPN@ +GL_GNULIB_MBSINIT = @GL_GNULIB_MBSINIT@ +GL_GNULIB_MBSLEN = @GL_GNULIB_MBSLEN@ +GL_GNULIB_MBSNCASECMP = @GL_GNULIB_MBSNCASECMP@ +GL_GNULIB_MBSNLEN = @GL_GNULIB_MBSNLEN@ +GL_GNULIB_MBSNRTOWCS = @GL_GNULIB_MBSNRTOWCS@ +GL_GNULIB_MBSPBRK = @GL_GNULIB_MBSPBRK@ +GL_GNULIB_MBSPCASECMP = @GL_GNULIB_MBSPCASECMP@ +GL_GNULIB_MBSRCHR = @GL_GNULIB_MBSRCHR@ +GL_GNULIB_MBSRTOWCS = @GL_GNULIB_MBSRTOWCS@ +GL_GNULIB_MBSSEP = @GL_GNULIB_MBSSEP@ +GL_GNULIB_MBSSPN = @GL_GNULIB_MBSSPN@ +GL_GNULIB_MBSSTR = @GL_GNULIB_MBSSTR@ +GL_GNULIB_MBSTOK_R = @GL_GNULIB_MBSTOK_R@ +GL_GNULIB_MBTOWC = @GL_GNULIB_MBTOWC@ +GL_GNULIB_MDA_ACCESS = @GL_GNULIB_MDA_ACCESS@ +GL_GNULIB_MDA_CHDIR = @GL_GNULIB_MDA_CHDIR@ +GL_GNULIB_MDA_CHMOD = @GL_GNULIB_MDA_CHMOD@ +GL_GNULIB_MDA_CLOSE = @GL_GNULIB_MDA_CLOSE@ +GL_GNULIB_MDA_CREAT = @GL_GNULIB_MDA_CREAT@ +GL_GNULIB_MDA_DUP = @GL_GNULIB_MDA_DUP@ +GL_GNULIB_MDA_DUP2 = @GL_GNULIB_MDA_DUP2@ +GL_GNULIB_MDA_ECVT = @GL_GNULIB_MDA_ECVT@ +GL_GNULIB_MDA_EXECL = @GL_GNULIB_MDA_EXECL@ +GL_GNULIB_MDA_EXECLE = @GL_GNULIB_MDA_EXECLE@ +GL_GNULIB_MDA_EXECLP = @GL_GNULIB_MDA_EXECLP@ +GL_GNULIB_MDA_EXECV = @GL_GNULIB_MDA_EXECV@ +GL_GNULIB_MDA_EXECVE = @GL_GNULIB_MDA_EXECVE@ +GL_GNULIB_MDA_EXECVP = @GL_GNULIB_MDA_EXECVP@ +GL_GNULIB_MDA_EXECVPE = @GL_GNULIB_MDA_EXECVPE@ +GL_GNULIB_MDA_FCLOSEALL = @GL_GNULIB_MDA_FCLOSEALL@ +GL_GNULIB_MDA_FCVT = @GL_GNULIB_MDA_FCVT@ +GL_GNULIB_MDA_FDOPEN = @GL_GNULIB_MDA_FDOPEN@ +GL_GNULIB_MDA_FILENO = @GL_GNULIB_MDA_FILENO@ +GL_GNULIB_MDA_GCVT = @GL_GNULIB_MDA_GCVT@ +GL_GNULIB_MDA_GETCWD = @GL_GNULIB_MDA_GETCWD@ +GL_GNULIB_MDA_GETPID = @GL_GNULIB_MDA_GETPID@ +GL_GNULIB_MDA_GETW = @GL_GNULIB_MDA_GETW@ +GL_GNULIB_MDA_ISATTY = @GL_GNULIB_MDA_ISATTY@ +GL_GNULIB_MDA_LSEEK = @GL_GNULIB_MDA_LSEEK@ +GL_GNULIB_MDA_MEMCCPY = @GL_GNULIB_MDA_MEMCCPY@ +GL_GNULIB_MDA_MKDIR = @GL_GNULIB_MDA_MKDIR@ +GL_GNULIB_MDA_MKTEMP = @GL_GNULIB_MDA_MKTEMP@ +GL_GNULIB_MDA_OPEN = @GL_GNULIB_MDA_OPEN@ +GL_GNULIB_MDA_PUTENV = @GL_GNULIB_MDA_PUTENV@ +GL_GNULIB_MDA_PUTW = @GL_GNULIB_MDA_PUTW@ +GL_GNULIB_MDA_READ = @GL_GNULIB_MDA_READ@ +GL_GNULIB_MDA_RMDIR = @GL_GNULIB_MDA_RMDIR@ +GL_GNULIB_MDA_STRDUP = @GL_GNULIB_MDA_STRDUP@ +GL_GNULIB_MDA_SWAB = @GL_GNULIB_MDA_SWAB@ +GL_GNULIB_MDA_TEMPNAM = @GL_GNULIB_MDA_TEMPNAM@ +GL_GNULIB_MDA_TZSET = @GL_GNULIB_MDA_TZSET@ +GL_GNULIB_MDA_UMASK = @GL_GNULIB_MDA_UMASK@ +GL_GNULIB_MDA_UNLINK = @GL_GNULIB_MDA_UNLINK@ +GL_GNULIB_MDA_WCSDUP = @GL_GNULIB_MDA_WCSDUP@ +GL_GNULIB_MDA_WRITE = @GL_GNULIB_MDA_WRITE@ +GL_GNULIB_MEMCHR = @GL_GNULIB_MEMCHR@ +GL_GNULIB_MEMMEM = @GL_GNULIB_MEMMEM@ +GL_GNULIB_MEMPCPY = @GL_GNULIB_MEMPCPY@ +GL_GNULIB_MEMRCHR = @GL_GNULIB_MEMRCHR@ +GL_GNULIB_MKDIR = @GL_GNULIB_MKDIR@ +GL_GNULIB_MKDIRAT = @GL_GNULIB_MKDIRAT@ +GL_GNULIB_MKDTEMP = @GL_GNULIB_MKDTEMP@ +GL_GNULIB_MKFIFO = @GL_GNULIB_MKFIFO@ +GL_GNULIB_MKFIFOAT = @GL_GNULIB_MKFIFOAT@ +GL_GNULIB_MKNOD = @GL_GNULIB_MKNOD@ +GL_GNULIB_MKNODAT = @GL_GNULIB_MKNODAT@ +GL_GNULIB_MKOSTEMP = @GL_GNULIB_MKOSTEMP@ +GL_GNULIB_MKOSTEMPS = @GL_GNULIB_MKOSTEMPS@ +GL_GNULIB_MKSTEMP = @GL_GNULIB_MKSTEMP@ +GL_GNULIB_MKSTEMPS = @GL_GNULIB_MKSTEMPS@ +GL_GNULIB_MKTIME = @GL_GNULIB_MKTIME@ +GL_GNULIB_NANOSLEEP = @GL_GNULIB_NANOSLEEP@ +GL_GNULIB_NONBLOCKING = @GL_GNULIB_NONBLOCKING@ +GL_GNULIB_OBSTACK_PRINTF = @GL_GNULIB_OBSTACK_PRINTF@ +GL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GNULIB_OBSTACK_PRINTF_POSIX@ +GL_GNULIB_OPEN = @GL_GNULIB_OPEN@ +GL_GNULIB_OPENAT = @GL_GNULIB_OPENAT@ +GL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GNULIB_OVERRIDES_STRUCT_STAT@ +GL_GNULIB_PCLOSE = @GL_GNULIB_PCLOSE@ +GL_GNULIB_PERROR = @GL_GNULIB_PERROR@ +GL_GNULIB_PIPE = @GL_GNULIB_PIPE@ +GL_GNULIB_PIPE2 = @GL_GNULIB_PIPE2@ +GL_GNULIB_POPEN = @GL_GNULIB_POPEN@ +GL_GNULIB_POSIX_MEMALIGN = @GL_GNULIB_POSIX_MEMALIGN@ +GL_GNULIB_POSIX_OPENPT = @GL_GNULIB_POSIX_OPENPT@ +GL_GNULIB_PREAD = @GL_GNULIB_PREAD@ +GL_GNULIB_PRINTF = @GL_GNULIB_PRINTF@ +GL_GNULIB_PRINTF_POSIX = @GL_GNULIB_PRINTF_POSIX@ +GL_GNULIB_PTSNAME = @GL_GNULIB_PTSNAME@ +GL_GNULIB_PTSNAME_R = @GL_GNULIB_PTSNAME_R@ +GL_GNULIB_PUTC = @GL_GNULIB_PUTC@ +GL_GNULIB_PUTCHAR = @GL_GNULIB_PUTCHAR@ +GL_GNULIB_PUTENV = @GL_GNULIB_PUTENV@ +GL_GNULIB_PUTS = @GL_GNULIB_PUTS@ +GL_GNULIB_PWRITE = @GL_GNULIB_PWRITE@ +GL_GNULIB_QSORT_R = @GL_GNULIB_QSORT_R@ +GL_GNULIB_RANDOM = @GL_GNULIB_RANDOM@ +GL_GNULIB_RANDOM_R = @GL_GNULIB_RANDOM_R@ +GL_GNULIB_RAWMEMCHR = @GL_GNULIB_RAWMEMCHR@ +GL_GNULIB_READ = @GL_GNULIB_READ@ +GL_GNULIB_READLINK = @GL_GNULIB_READLINK@ +GL_GNULIB_READLINKAT = @GL_GNULIB_READLINKAT@ +GL_GNULIB_REALLOCARRAY = @GL_GNULIB_REALLOCARRAY@ +GL_GNULIB_REALLOC_POSIX = @GL_GNULIB_REALLOC_POSIX@ +GL_GNULIB_REALPATH = @GL_GNULIB_REALPATH@ +GL_GNULIB_RECV = @GL_GNULIB_RECV@ +GL_GNULIB_RECVFROM = @GL_GNULIB_RECVFROM@ +GL_GNULIB_REMOVE = @GL_GNULIB_REMOVE@ +GL_GNULIB_RENAME = @GL_GNULIB_RENAME@ +GL_GNULIB_RENAMEAT = @GL_GNULIB_RENAMEAT@ +GL_GNULIB_RMDIR = @GL_GNULIB_RMDIR@ +GL_GNULIB_RPMATCH = @GL_GNULIB_RPMATCH@ +GL_GNULIB_SCANF = @GL_GNULIB_SCANF@ +GL_GNULIB_SECURE_GETENV = @GL_GNULIB_SECURE_GETENV@ +GL_GNULIB_SEND = @GL_GNULIB_SEND@ +GL_GNULIB_SENDTO = @GL_GNULIB_SENDTO@ +GL_GNULIB_SETENV = @GL_GNULIB_SETENV@ +GL_GNULIB_SETHOSTNAME = @GL_GNULIB_SETHOSTNAME@ +GL_GNULIB_SETSOCKOPT = @GL_GNULIB_SETSOCKOPT@ +GL_GNULIB_SHUTDOWN = @GL_GNULIB_SHUTDOWN@ +GL_GNULIB_SIGABBREV_NP = @GL_GNULIB_SIGABBREV_NP@ +GL_GNULIB_SIGDESCR_NP = @GL_GNULIB_SIGDESCR_NP@ +GL_GNULIB_SLEEP = @GL_GNULIB_SLEEP@ +GL_GNULIB_SNPRINTF = @GL_GNULIB_SNPRINTF@ +GL_GNULIB_SOCKET = @GL_GNULIB_SOCKET@ +GL_GNULIB_SPRINTF_POSIX = @GL_GNULIB_SPRINTF_POSIX@ +GL_GNULIB_STAT = @GL_GNULIB_STAT@ +GL_GNULIB_STDIO_H_NONBLOCKING = @GL_GNULIB_STDIO_H_NONBLOCKING@ +GL_GNULIB_STDIO_H_SIGPIPE = @GL_GNULIB_STDIO_H_SIGPIPE@ +GL_GNULIB_STPCPY = @GL_GNULIB_STPCPY@ +GL_GNULIB_STPNCPY = @GL_GNULIB_STPNCPY@ +GL_GNULIB_STRCASESTR = @GL_GNULIB_STRCASESTR@ +GL_GNULIB_STRCHRNUL = @GL_GNULIB_STRCHRNUL@ +GL_GNULIB_STRDUP = @GL_GNULIB_STRDUP@ +GL_GNULIB_STRERROR = @GL_GNULIB_STRERROR@ +GL_GNULIB_STRERRORNAME_NP = @GL_GNULIB_STRERRORNAME_NP@ +GL_GNULIB_STRERROR_R = @GL_GNULIB_STRERROR_R@ +GL_GNULIB_STRFTIME = @GL_GNULIB_STRFTIME@ +GL_GNULIB_STRNCAT = @GL_GNULIB_STRNCAT@ +GL_GNULIB_STRNDUP = @GL_GNULIB_STRNDUP@ +GL_GNULIB_STRNLEN = @GL_GNULIB_STRNLEN@ +GL_GNULIB_STRPBRK = @GL_GNULIB_STRPBRK@ +GL_GNULIB_STRPTIME = @GL_GNULIB_STRPTIME@ +GL_GNULIB_STRSEP = @GL_GNULIB_STRSEP@ +GL_GNULIB_STRSIGNAL = @GL_GNULIB_STRSIGNAL@ +GL_GNULIB_STRSTR = @GL_GNULIB_STRSTR@ +GL_GNULIB_STRTOD = @GL_GNULIB_STRTOD@ +GL_GNULIB_STRTOIMAX = @GL_GNULIB_STRTOIMAX@ +GL_GNULIB_STRTOK_R = @GL_GNULIB_STRTOK_R@ +GL_GNULIB_STRTOL = @GL_GNULIB_STRTOL@ +GL_GNULIB_STRTOLD = @GL_GNULIB_STRTOLD@ +GL_GNULIB_STRTOLL = @GL_GNULIB_STRTOLL@ +GL_GNULIB_STRTOUL = @GL_GNULIB_STRTOUL@ +GL_GNULIB_STRTOULL = @GL_GNULIB_STRTOULL@ +GL_GNULIB_STRTOUMAX = @GL_GNULIB_STRTOUMAX@ +GL_GNULIB_STRVERSCMP = @GL_GNULIB_STRVERSCMP@ +GL_GNULIB_SYMLINK = @GL_GNULIB_SYMLINK@ +GL_GNULIB_SYMLINKAT = @GL_GNULIB_SYMLINKAT@ +GL_GNULIB_SYSTEM_POSIX = @GL_GNULIB_SYSTEM_POSIX@ +GL_GNULIB_TIMEGM = @GL_GNULIB_TIMEGM@ +GL_GNULIB_TIMESPEC_GET = @GL_GNULIB_TIMESPEC_GET@ +GL_GNULIB_TIME_R = @GL_GNULIB_TIME_R@ +GL_GNULIB_TIME_RZ = @GL_GNULIB_TIME_RZ@ +GL_GNULIB_TMPFILE = @GL_GNULIB_TMPFILE@ +GL_GNULIB_TRUNCATE = @GL_GNULIB_TRUNCATE@ +GL_GNULIB_TTYNAME_R = @GL_GNULIB_TTYNAME_R@ +GL_GNULIB_TZSET = @GL_GNULIB_TZSET@ +GL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GNULIB_UNISTD_H_NONBLOCKING@ +GL_GNULIB_UNISTD_H_SIGPIPE = @GL_GNULIB_UNISTD_H_SIGPIPE@ +GL_GNULIB_UNLINK = @GL_GNULIB_UNLINK@ +GL_GNULIB_UNLINKAT = @GL_GNULIB_UNLINKAT@ +GL_GNULIB_UNLOCKPT = @GL_GNULIB_UNLOCKPT@ +GL_GNULIB_UNSETENV = @GL_GNULIB_UNSETENV@ +GL_GNULIB_USLEEP = @GL_GNULIB_USLEEP@ +GL_GNULIB_UTIMENSAT = @GL_GNULIB_UTIMENSAT@ +GL_GNULIB_VASPRINTF = @GL_GNULIB_VASPRINTF@ +GL_GNULIB_VDPRINTF = @GL_GNULIB_VDPRINTF@ +GL_GNULIB_VFPRINTF = @GL_GNULIB_VFPRINTF@ +GL_GNULIB_VFPRINTF_POSIX = @GL_GNULIB_VFPRINTF_POSIX@ +GL_GNULIB_VFSCANF = @GL_GNULIB_VFSCANF@ +GL_GNULIB_VPRINTF = @GL_GNULIB_VPRINTF@ +GL_GNULIB_VPRINTF_POSIX = @GL_GNULIB_VPRINTF_POSIX@ +GL_GNULIB_VSCANF = @GL_GNULIB_VSCANF@ +GL_GNULIB_VSNPRINTF = @GL_GNULIB_VSNPRINTF@ +GL_GNULIB_VSPRINTF_POSIX = @GL_GNULIB_VSPRINTF_POSIX@ +GL_GNULIB_WCPCPY = @GL_GNULIB_WCPCPY@ +GL_GNULIB_WCPNCPY = @GL_GNULIB_WCPNCPY@ +GL_GNULIB_WCRTOMB = @GL_GNULIB_WCRTOMB@ +GL_GNULIB_WCSCASECMP = @GL_GNULIB_WCSCASECMP@ +GL_GNULIB_WCSCAT = @GL_GNULIB_WCSCAT@ +GL_GNULIB_WCSCHR = @GL_GNULIB_WCSCHR@ +GL_GNULIB_WCSCMP = @GL_GNULIB_WCSCMP@ +GL_GNULIB_WCSCOLL = @GL_GNULIB_WCSCOLL@ +GL_GNULIB_WCSCPY = @GL_GNULIB_WCSCPY@ +GL_GNULIB_WCSCSPN = @GL_GNULIB_WCSCSPN@ +GL_GNULIB_WCSDUP = @GL_GNULIB_WCSDUP@ +GL_GNULIB_WCSFTIME = @GL_GNULIB_WCSFTIME@ +GL_GNULIB_WCSLEN = @GL_GNULIB_WCSLEN@ +GL_GNULIB_WCSNCASECMP = @GL_GNULIB_WCSNCASECMP@ +GL_GNULIB_WCSNCAT = @GL_GNULIB_WCSNCAT@ +GL_GNULIB_WCSNCMP = @GL_GNULIB_WCSNCMP@ +GL_GNULIB_WCSNCPY = @GL_GNULIB_WCSNCPY@ +GL_GNULIB_WCSNLEN = @GL_GNULIB_WCSNLEN@ +GL_GNULIB_WCSNRTOMBS = @GL_GNULIB_WCSNRTOMBS@ +GL_GNULIB_WCSPBRK = @GL_GNULIB_WCSPBRK@ +GL_GNULIB_WCSRCHR = @GL_GNULIB_WCSRCHR@ +GL_GNULIB_WCSRTOMBS = @GL_GNULIB_WCSRTOMBS@ +GL_GNULIB_WCSSPN = @GL_GNULIB_WCSSPN@ +GL_GNULIB_WCSSTR = @GL_GNULIB_WCSSTR@ +GL_GNULIB_WCSTOK = @GL_GNULIB_WCSTOK@ +GL_GNULIB_WCSWIDTH = @GL_GNULIB_WCSWIDTH@ +GL_GNULIB_WCSXFRM = @GL_GNULIB_WCSXFRM@ +GL_GNULIB_WCTOB = @GL_GNULIB_WCTOB@ +GL_GNULIB_WCTOMB = @GL_GNULIB_WCTOMB@ +GL_GNULIB_WCWIDTH = @GL_GNULIB_WCWIDTH@ +GL_GNULIB_WMEMCHR = @GL_GNULIB_WMEMCHR@ +GL_GNULIB_WMEMCMP = @GL_GNULIB_WMEMCMP@ +GL_GNULIB_WMEMCPY = @GL_GNULIB_WMEMCPY@ +GL_GNULIB_WMEMMOVE = @GL_GNULIB_WMEMMOVE@ +GL_GNULIB_WMEMPCPY = @GL_GNULIB_WMEMPCPY@ +GL_GNULIB_WMEMSET = @GL_GNULIB_WMEMSET@ +GL_GNULIB_WRITE = @GL_GNULIB_WRITE@ +GL_GNULIB__EXIT = @GL_GNULIB__EXIT@ +GMP_CFLAGS = @GMP_CFLAGS@ +GMP_LIBS = @GMP_LIBS@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNULIBHEADERS_OVERRIDE_WINT_T = @GNULIBHEADERS_OVERRIDE_WINT_T@ +GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@ +GNUTLS_LIBS_PRIVATE = @GNUTLS_LIBS_PRIVATE@ +GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@ +GPERF = @GPERF@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GUILD = @GUILD@ +GUILE = @GUILE@ +GUILE_CFLAGS = @GUILE_CFLAGS@ +GUILE_CONFIG = @GUILE_CONFIG@ +GUILE_EFFECTIVE_VERSION = @GUILE_EFFECTIVE_VERSION@ +GUILE_EXTENSION = @GUILE_EXTENSION@ +GUILE_LDFLAGS = @GUILE_LDFLAGS@ +GUILE_LIBS = @GUILE_LIBS@ +GUILE_LTLIBS = @GUILE_LTLIBS@ +GUILE_SITE = @GUILE_SITE@ +GUILE_SITE_CCACHE = @GUILE_SITE_CCACHE@ +GUILE_TOOLS = @GUILE_TOOLS@ +HAVE_ACCEPT4 = @HAVE_ACCEPT4@ +HAVE_ALIGNED_ALLOC = @HAVE_ALIGNED_ALLOC@ +HAVE_ALLOCA_H = @HAVE_ALLOCA_H@ +HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@ +HAVE_ATOLL = @HAVE_ATOLL@ +HAVE_BTOWC = @HAVE_BTOWC@ +HAVE_C99_STDINT_H = @HAVE_C99_STDINT_H@ +HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@ +HAVE_CHOWN = @HAVE_CHOWN@ +HAVE_COPY_FILE_RANGE = @HAVE_COPY_FILE_RANGE@ +HAVE_CRTDEFS_H = @HAVE_CRTDEFS_H@ +HAVE_DECL_ECVT = @HAVE_DECL_ECVT@ +HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@ +HAVE_DECL_EXECVPE = @HAVE_DECL_EXECVPE@ +HAVE_DECL_FCHDIR = @HAVE_DECL_FCHDIR@ +HAVE_DECL_FCLOSEALL = @HAVE_DECL_FCLOSEALL@ +HAVE_DECL_FCVT = @HAVE_DECL_FCVT@ +HAVE_DECL_FDATASYNC = @HAVE_DECL_FDATASYNC@ +HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@ +HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@ +HAVE_DECL_FSEEKO = @HAVE_DECL_FSEEKO@ +HAVE_DECL_FTELLO = @HAVE_DECL_FTELLO@ +HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@ +HAVE_DECL_GCVT = @HAVE_DECL_GCVT@ +HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@ +HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@ +HAVE_DECL_GETDOMAINNAME = @HAVE_DECL_GETDOMAINNAME@ +HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@ +HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@ +HAVE_DECL_GETLOGIN = @HAVE_DECL_GETLOGIN@ +HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@ +HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@ +HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@ +HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@ +HAVE_DECL_IMAXABS = @HAVE_DECL_IMAXABS@ +HAVE_DECL_IMAXDIV = @HAVE_DECL_IMAXDIV@ +HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@ +HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@ +HAVE_DECL_INITSTATE = @HAVE_DECL_INITSTATE@ +HAVE_DECL_LOCALTIME_R = @HAVE_DECL_LOCALTIME_R@ +HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@ +HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@ +HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@ +HAVE_DECL_SETENV = @HAVE_DECL_SETENV@ +HAVE_DECL_SETHOSTNAME = @HAVE_DECL_SETHOSTNAME@ +HAVE_DECL_SETSTATE = @HAVE_DECL_SETSTATE@ +HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@ +HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@ +HAVE_DECL_STRERROR_R = @HAVE_DECL_STRERROR_R@ +HAVE_DECL_STRNCASECMP = @HAVE_DECL_STRNCASECMP@ +HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@ +HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@ +HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@ +HAVE_DECL_STRTOIMAX = @HAVE_DECL_STRTOIMAX@ +HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@ +HAVE_DECL_STRTOUMAX = @HAVE_DECL_STRTOUMAX@ +HAVE_DECL_TRUNCATE = @HAVE_DECL_TRUNCATE@ +HAVE_DECL_TTYNAME_R = @HAVE_DECL_TTYNAME_R@ +HAVE_DECL_UNSETENV = @HAVE_DECL_UNSETENV@ +HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@ +HAVE_DECL_WCSDUP = @HAVE_DECL_WCSDUP@ +HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@ +HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@ +HAVE_DPRINTF = @HAVE_DPRINTF@ +HAVE_DUP3 = @HAVE_DUP3@ +HAVE_DUPLOCALE = @HAVE_DUPLOCALE@ +HAVE_EUIDACCESS = @HAVE_EUIDACCESS@ +HAVE_EXECVPE = @HAVE_EXECVPE@ +HAVE_EXPLICIT_BZERO = @HAVE_EXPLICIT_BZERO@ +HAVE_FACCESSAT = @HAVE_FACCESSAT@ +HAVE_FCHDIR = @HAVE_FCHDIR@ +HAVE_FCHMODAT = @HAVE_FCHMODAT@ +HAVE_FCHOWNAT = @HAVE_FCHOWNAT@ +HAVE_FCNTL = @HAVE_FCNTL@ +HAVE_FDATASYNC = @HAVE_FDATASYNC@ +HAVE_FEATURES_H = @HAVE_FEATURES_H@ +HAVE_FFS = @HAVE_FFS@ +HAVE_FFSL = @HAVE_FFSL@ +HAVE_FFSLL = @HAVE_FFSLL@ +HAVE_FREELOCALE = @HAVE_FREELOCALE@ +HAVE_FSEEKO = @HAVE_FSEEKO@ +HAVE_FSTATAT = @HAVE_FSTATAT@ +HAVE_FSYNC = @HAVE_FSYNC@ +HAVE_FTELLO = @HAVE_FTELLO@ +HAVE_FTRUNCATE = @HAVE_FTRUNCATE@ +HAVE_FUTIMENS = @HAVE_FUTIMENS@ +HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@ +HAVE_GETENTROPY = @HAVE_GETENTROPY@ +HAVE_GETGROUPS = @HAVE_GETGROUPS@ +HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@ +HAVE_GETLOGIN = @HAVE_GETLOGIN@ +HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@ +HAVE_GETPASS = @HAVE_GETPASS@ +HAVE_GETSUBOPT = @HAVE_GETSUBOPT@ +HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@ +HAVE_GETUMASK = @HAVE_GETUMASK@ +HAVE_GRANTPT = @HAVE_GRANTPT@ +HAVE_GROUP_MEMBER = @HAVE_GROUP_MEMBER@ +HAVE_IMAXDIV_T = @HAVE_IMAXDIV_T@ +HAVE_INITSTATE = @HAVE_INITSTATE@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_ISBLANK = @HAVE_ISBLANK@ +HAVE_LANGINFO_ALTMON = @HAVE_LANGINFO_ALTMON@ +HAVE_LANGINFO_CODESET = @HAVE_LANGINFO_CODESET@ +HAVE_LANGINFO_ERA = @HAVE_LANGINFO_ERA@ +HAVE_LANGINFO_H = @HAVE_LANGINFO_H@ +HAVE_LANGINFO_T_FMT_AMPM = @HAVE_LANGINFO_T_FMT_AMPM@ +HAVE_LANGINFO_YESEXPR = @HAVE_LANGINFO_YESEXPR@ +HAVE_LCHMOD = @HAVE_LCHMOD@ +HAVE_LCHOWN = @HAVE_LCHOWN@ +HAVE_LIBCRYPTO = @HAVE_LIBCRYPTO@ +HAVE_LIBDL = @HAVE_LIBDL@ +HAVE_LIBEV = @HAVE_LIBEV@ +HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ +HAVE_LIBRT = @HAVE_LIBRT@ +HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@ +HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_LINK = @HAVE_LINK@ +HAVE_LINKAT = @HAVE_LINKAT@ +HAVE_LSTAT = @HAVE_LSTAT@ +HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ +HAVE_MBRLEN = @HAVE_MBRLEN@ +HAVE_MBRTOWC = @HAVE_MBRTOWC@ +HAVE_MBSINIT = @HAVE_MBSINIT@ +HAVE_MBSLEN = @HAVE_MBSLEN@ +HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@ +HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@ +HAVE_MBTOWC = @HAVE_MBTOWC@ +HAVE_MEMPCPY = @HAVE_MEMPCPY@ +HAVE_MKDIRAT = @HAVE_MKDIRAT@ +HAVE_MKDTEMP = @HAVE_MKDTEMP@ +HAVE_MKFIFO = @HAVE_MKFIFO@ +HAVE_MKFIFOAT = @HAVE_MKFIFOAT@ +HAVE_MKNOD = @HAVE_MKNOD@ +HAVE_MKNODAT = @HAVE_MKNODAT@ +HAVE_MKOSTEMP = @HAVE_MKOSTEMP@ +HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@ +HAVE_MKSTEMP = @HAVE_MKSTEMP@ +HAVE_MKSTEMPS = @HAVE_MKSTEMPS@ +HAVE_MSVC_INVALID_PARAMETER_HANDLER = @HAVE_MSVC_INVALID_PARAMETER_HANDLER@ +HAVE_NANOSLEEP = @HAVE_NANOSLEEP@ +HAVE_NETDB_H = @HAVE_NETDB_H@ +HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@ +HAVE_NEWLOCALE = @HAVE_NEWLOCALE@ +HAVE_NL_LANGINFO = @HAVE_NL_LANGINFO@ +HAVE_OPENAT = @HAVE_OPENAT@ +HAVE_OS_H = @HAVE_OS_H@ +HAVE_PCLOSE = @HAVE_PCLOSE@ +HAVE_PIPE = @HAVE_PIPE@ +HAVE_PIPE2 = @HAVE_PIPE2@ +HAVE_POPEN = @HAVE_POPEN@ +HAVE_POSIX_MEMALIGN = @HAVE_POSIX_MEMALIGN@ +HAVE_POSIX_OPENPT = @HAVE_POSIX_OPENPT@ +HAVE_POSIX_SIGNALBLOCKING = @HAVE_POSIX_SIGNALBLOCKING@ +HAVE_PREAD = @HAVE_PREAD@ +HAVE_PSELECT = @HAVE_PSELECT@ +HAVE_PTHREAD_ATTR_DESTROY = @HAVE_PTHREAD_ATTR_DESTROY@ +HAVE_PTHREAD_ATTR_GETDETACHSTATE = @HAVE_PTHREAD_ATTR_GETDETACHSTATE@ +HAVE_PTHREAD_ATTR_INIT = @HAVE_PTHREAD_ATTR_INIT@ +HAVE_PTHREAD_ATTR_SETDETACHSTATE = @HAVE_PTHREAD_ATTR_SETDETACHSTATE@ +HAVE_PTHREAD_CONDATTR_DESTROY = @HAVE_PTHREAD_CONDATTR_DESTROY@ +HAVE_PTHREAD_CONDATTR_INIT = @HAVE_PTHREAD_CONDATTR_INIT@ +HAVE_PTHREAD_COND_BROADCAST = @HAVE_PTHREAD_COND_BROADCAST@ +HAVE_PTHREAD_COND_DESTROY = @HAVE_PTHREAD_COND_DESTROY@ +HAVE_PTHREAD_COND_INIT = @HAVE_PTHREAD_COND_INIT@ +HAVE_PTHREAD_COND_SIGNAL = @HAVE_PTHREAD_COND_SIGNAL@ +HAVE_PTHREAD_COND_TIMEDWAIT = @HAVE_PTHREAD_COND_TIMEDWAIT@ +HAVE_PTHREAD_COND_WAIT = @HAVE_PTHREAD_COND_WAIT@ +HAVE_PTHREAD_CREATE = @HAVE_PTHREAD_CREATE@ +HAVE_PTHREAD_CREATE_DETACHED = @HAVE_PTHREAD_CREATE_DETACHED@ +HAVE_PTHREAD_DETACH = @HAVE_PTHREAD_DETACH@ +HAVE_PTHREAD_EQUAL = @HAVE_PTHREAD_EQUAL@ +HAVE_PTHREAD_EXIT = @HAVE_PTHREAD_EXIT@ +HAVE_PTHREAD_GETSPECIFIC = @HAVE_PTHREAD_GETSPECIFIC@ +HAVE_PTHREAD_H = @HAVE_PTHREAD_H@ +HAVE_PTHREAD_JOIN = @HAVE_PTHREAD_JOIN@ +HAVE_PTHREAD_KEY_CREATE = @HAVE_PTHREAD_KEY_CREATE@ +HAVE_PTHREAD_KEY_DELETE = @HAVE_PTHREAD_KEY_DELETE@ +HAVE_PTHREAD_MUTEXATTR_DESTROY = @HAVE_PTHREAD_MUTEXATTR_DESTROY@ +HAVE_PTHREAD_MUTEXATTR_GETROBUST = @HAVE_PTHREAD_MUTEXATTR_GETROBUST@ +HAVE_PTHREAD_MUTEXATTR_GETTYPE = @HAVE_PTHREAD_MUTEXATTR_GETTYPE@ +HAVE_PTHREAD_MUTEXATTR_INIT = @HAVE_PTHREAD_MUTEXATTR_INIT@ +HAVE_PTHREAD_MUTEXATTR_SETROBUST = @HAVE_PTHREAD_MUTEXATTR_SETROBUST@ +HAVE_PTHREAD_MUTEXATTR_SETTYPE = @HAVE_PTHREAD_MUTEXATTR_SETTYPE@ +HAVE_PTHREAD_MUTEX_DESTROY = @HAVE_PTHREAD_MUTEX_DESTROY@ +HAVE_PTHREAD_MUTEX_INIT = @HAVE_PTHREAD_MUTEX_INIT@ +HAVE_PTHREAD_MUTEX_LOCK = @HAVE_PTHREAD_MUTEX_LOCK@ +HAVE_PTHREAD_MUTEX_RECURSIVE = @HAVE_PTHREAD_MUTEX_RECURSIVE@ +HAVE_PTHREAD_MUTEX_ROBUST = @HAVE_PTHREAD_MUTEX_ROBUST@ +HAVE_PTHREAD_MUTEX_TIMEDLOCK = @HAVE_PTHREAD_MUTEX_TIMEDLOCK@ +HAVE_PTHREAD_MUTEX_TRYLOCK = @HAVE_PTHREAD_MUTEX_TRYLOCK@ +HAVE_PTHREAD_MUTEX_UNLOCK = @HAVE_PTHREAD_MUTEX_UNLOCK@ +HAVE_PTHREAD_ONCE = @HAVE_PTHREAD_ONCE@ +HAVE_PTHREAD_PROCESS_SHARED = @HAVE_PTHREAD_PROCESS_SHARED@ +HAVE_PTHREAD_RWLOCKATTR_DESTROY = @HAVE_PTHREAD_RWLOCKATTR_DESTROY@ +HAVE_PTHREAD_RWLOCKATTR_INIT = @HAVE_PTHREAD_RWLOCKATTR_INIT@ +HAVE_PTHREAD_RWLOCK_DESTROY = @HAVE_PTHREAD_RWLOCK_DESTROY@ +HAVE_PTHREAD_RWLOCK_INIT = @HAVE_PTHREAD_RWLOCK_INIT@ +HAVE_PTHREAD_RWLOCK_RDLOCK = @HAVE_PTHREAD_RWLOCK_RDLOCK@ +HAVE_PTHREAD_RWLOCK_TIMEDRDLOCK = @HAVE_PTHREAD_RWLOCK_TIMEDRDLOCK@ +HAVE_PTHREAD_RWLOCK_TIMEDWRLOCK = @HAVE_PTHREAD_RWLOCK_TIMEDWRLOCK@ +HAVE_PTHREAD_RWLOCK_TRYRDLOCK = @HAVE_PTHREAD_RWLOCK_TRYRDLOCK@ +HAVE_PTHREAD_RWLOCK_TRYWRLOCK = @HAVE_PTHREAD_RWLOCK_TRYWRLOCK@ +HAVE_PTHREAD_RWLOCK_UNLOCK = @HAVE_PTHREAD_RWLOCK_UNLOCK@ +HAVE_PTHREAD_RWLOCK_WRLOCK = @HAVE_PTHREAD_RWLOCK_WRLOCK@ +HAVE_PTHREAD_SELF = @HAVE_PTHREAD_SELF@ +HAVE_PTHREAD_SETSPECIFIC = @HAVE_PTHREAD_SETSPECIFIC@ +HAVE_PTHREAD_SIGMASK = @HAVE_PTHREAD_SIGMASK@ +HAVE_PTHREAD_SPINLOCK_T = @HAVE_PTHREAD_SPINLOCK_T@ +HAVE_PTHREAD_SPIN_DESTROY = @HAVE_PTHREAD_SPIN_DESTROY@ +HAVE_PTHREAD_SPIN_INIT = @HAVE_PTHREAD_SPIN_INIT@ +HAVE_PTHREAD_SPIN_LOCK = @HAVE_PTHREAD_SPIN_LOCK@ +HAVE_PTHREAD_SPIN_TRYLOCK = @HAVE_PTHREAD_SPIN_TRYLOCK@ +HAVE_PTHREAD_SPIN_UNLOCK = @HAVE_PTHREAD_SPIN_UNLOCK@ +HAVE_PTHREAD_T = @HAVE_PTHREAD_T@ +HAVE_PTSNAME = @HAVE_PTSNAME@ +HAVE_PTSNAME_R = @HAVE_PTSNAME_R@ +HAVE_PWRITE = @HAVE_PWRITE@ +HAVE_QSORT_R = @HAVE_QSORT_R@ +HAVE_RAISE = @HAVE_RAISE@ +HAVE_RANDOM = @HAVE_RANDOM@ +HAVE_RANDOM_H = @HAVE_RANDOM_H@ +HAVE_RANDOM_R = @HAVE_RANDOM_R@ +HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@ +HAVE_READLINK = @HAVE_READLINK@ +HAVE_READLINKAT = @HAVE_READLINKAT@ +HAVE_REALLOCARRAY = @HAVE_REALLOCARRAY@ +HAVE_REALPATH = @HAVE_REALPATH@ +HAVE_RENAMEAT = @HAVE_RENAMEAT@ +HAVE_RPMATCH = @HAVE_RPMATCH@ +HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@ +HAVE_SCHED_H = @HAVE_SCHED_H@ +HAVE_SCHED_YIELD = @HAVE_SCHED_YIELD@ +HAVE_SECURE_GETENV = @HAVE_SECURE_GETENV@ +HAVE_SETENV = @HAVE_SETENV@ +HAVE_SETHOSTNAME = @HAVE_SETHOSTNAME@ +HAVE_SETSTATE = @HAVE_SETSTATE@ +HAVE_SIGABBREV_NP = @HAVE_SIGABBREV_NP@ +HAVE_SIGACTION = @HAVE_SIGACTION@ +HAVE_SIGDESCR_NP = @HAVE_SIGDESCR_NP@ +HAVE_SIGHANDLER_T = @HAVE_SIGHANDLER_T@ +HAVE_SIGINFO_T = @HAVE_SIGINFO_T@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_SIGSET_T = @HAVE_SIGSET_T@ +HAVE_SLEEP = @HAVE_SLEEP@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_STPCPY = @HAVE_STPCPY@ +HAVE_STPNCPY = @HAVE_STPNCPY@ +HAVE_STRCASECMP = @HAVE_STRCASECMP@ +HAVE_STRCASESTR = @HAVE_STRCASESTR@ +HAVE_STRCHRNUL = @HAVE_STRCHRNUL@ +HAVE_STRERRORNAME_NP = @HAVE_STRERRORNAME_NP@ +HAVE_STRINGS_H = @HAVE_STRINGS_H@ +HAVE_STRPBRK = @HAVE_STRPBRK@ +HAVE_STRPTIME = @HAVE_STRPTIME@ +HAVE_STRSEP = @HAVE_STRSEP@ +HAVE_STRTOD = @HAVE_STRTOD@ +HAVE_STRTOL = @HAVE_STRTOL@ +HAVE_STRTOLD = @HAVE_STRTOLD@ +HAVE_STRTOLL = @HAVE_STRTOLL@ +HAVE_STRTOUL = @HAVE_STRTOUL@ +HAVE_STRTOULL = @HAVE_STRTOULL@ +HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@ +HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@ +HAVE_STRUCT_SCHED_PARAM = @HAVE_STRUCT_SCHED_PARAM@ +HAVE_STRUCT_SIGACTION_SA_SIGACTION = @HAVE_STRUCT_SIGACTION_SA_SIGACTION@ +HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@ +HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = @HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@ +HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@ +HAVE_STRVERSCMP = @HAVE_STRVERSCMP@ +HAVE_SYMLINK = @HAVE_SYMLINK@ +HAVE_SYMLINKAT = @HAVE_SYMLINKAT@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_CDEFS_H = @HAVE_SYS_CDEFS_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@ +HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@ +HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@ +HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@ +HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@ +HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ +HAVE_TIMEGM = @HAVE_TIMEGM@ +HAVE_TIMESPEC_GET = @HAVE_TIMESPEC_GET@ +HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ +HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ +HAVE_UNISTD_H = @HAVE_UNISTD_H@ +HAVE_UNLINKAT = @HAVE_UNLINKAT@ +HAVE_UNLOCKPT = @HAVE_UNLOCKPT@ +HAVE_USLEEP = @HAVE_USLEEP@ +HAVE_UTIMENSAT = @HAVE_UTIMENSAT@ +HAVE_VASPRINTF = @HAVE_VASPRINTF@ +HAVE_VDPRINTF = @HAVE_VDPRINTF@ +HAVE_VISIBILITY = @HAVE_VISIBILITY@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ +HAVE_WCHAR_T = @HAVE_WCHAR_T@ +HAVE_WCPCPY = @HAVE_WCPCPY@ +HAVE_WCPNCPY = @HAVE_WCPNCPY@ +HAVE_WCRTOMB = @HAVE_WCRTOMB@ +HAVE_WCSCASECMP = @HAVE_WCSCASECMP@ +HAVE_WCSCAT = @HAVE_WCSCAT@ +HAVE_WCSCHR = @HAVE_WCSCHR@ +HAVE_WCSCMP = @HAVE_WCSCMP@ +HAVE_WCSCOLL = @HAVE_WCSCOLL@ +HAVE_WCSCPY = @HAVE_WCSCPY@ +HAVE_WCSCSPN = @HAVE_WCSCSPN@ +HAVE_WCSDUP = @HAVE_WCSDUP@ +HAVE_WCSFTIME = @HAVE_WCSFTIME@ +HAVE_WCSLEN = @HAVE_WCSLEN@ +HAVE_WCSNCASECMP = @HAVE_WCSNCASECMP@ +HAVE_WCSNCAT = @HAVE_WCSNCAT@ +HAVE_WCSNCMP = @HAVE_WCSNCMP@ +HAVE_WCSNCPY = @HAVE_WCSNCPY@ +HAVE_WCSNLEN = @HAVE_WCSNLEN@ +HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@ +HAVE_WCSPBRK = @HAVE_WCSPBRK@ +HAVE_WCSRCHR = @HAVE_WCSRCHR@ +HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@ +HAVE_WCSSPN = @HAVE_WCSSPN@ +HAVE_WCSSTR = @HAVE_WCSSTR@ +HAVE_WCSTOK = @HAVE_WCSTOK@ +HAVE_WCSWIDTH = @HAVE_WCSWIDTH@ +HAVE_WCSXFRM = @HAVE_WCSXFRM@ +HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@ +HAVE_WINT_T = @HAVE_WINT_T@ +HAVE_WMEMCHR = @HAVE_WMEMCHR@ +HAVE_WMEMCMP = @HAVE_WMEMCMP@ +HAVE_WMEMCPY = @HAVE_WMEMCPY@ +HAVE_WMEMMOVE = @HAVE_WMEMMOVE@ +HAVE_WMEMPCPY = @HAVE_WMEMPCPY@ +HAVE_WMEMSET = @HAVE_WMEMSET@ +HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@ +HAVE_XLOCALE_H = @HAVE_XLOCALE_H@ +HAVE__BOOL = @HAVE__BOOL@ +HAVE__EXIT = @HAVE__EXIT@ +HOGWEED_CFLAGS = @HOGWEED_CFLAGS@ +HOGWEED_LIBS = @HOGWEED_LIBS@ +HOSTENT_LIB = @HOSTENT_LIB@ +HTML_DIR = @HTML_DIR@ +INCLUDE_NEXT = @INCLUDE_NEXT@ +INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@ +INET_NTOP_LIB = @INET_NTOP_LIB@ +INET_PTON_LIB = @INET_PTON_LIB@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INT32_MAX_LT_INTMAX_MAX = @INT32_MAX_LT_INTMAX_MAX@ +INT64_MAX_EQ_LONG_MAX = @INT64_MAX_EQ_LONG_MAX@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDDPOSTPROC = @LDDPOSTPROC@ +LDDPROG = @LDDPROG@ +LDFLAGS = @LDFLAGS@ +LIBATOMIC_LIBS = @LIBATOMIC_LIBS@ +LIBBROTLIDEC_CFLAGS = @LIBBROTLIDEC_CFLAGS@ +LIBBROTLIDEC_LIBS = @LIBBROTLIDEC_LIBS@ +LIBBROTLIENC_CFLAGS = @LIBBROTLIENC_CFLAGS@ +LIBBROTLIENC_LIBS = @LIBBROTLIENC_LIBS@ +LIBCRYPTO = @LIBCRYPTO@ +LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@ +LIBDL = @LIBDL@ +LIBDL_PREFIX = @LIBDL_PREFIX@ +LIBEV = @LIBEV@ +LIBEV_LIBS = @LIBEV_LIBS@ +LIBEV_PREFIX = @LIBEV_PREFIX@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBICONV = @LIBICONV@ +LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@ +LIBIDN2_LIBS = @LIBIDN2_LIBS@ +LIBINTL = @LIBINTL@ +LIBKCAPI_CFLAGS = @LIBKCAPI_CFLAGS@ +LIBKCAPI_LIBS = @LIBKCAPI_LIBS@ +LIBMULTITHREAD = @LIBMULTITHREAD@ +LIBOBJS = @LIBOBJS@ +LIBPMULTITHREAD = @LIBPMULTITHREAD@ +LIBPTHREAD = @LIBPTHREAD@ +LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@ +LIBRT = @LIBRT@ +LIBRT_PREFIX = @LIBRT_PREFIX@ +LIBS = @LIBS@ +LIBSECCOMP = @LIBSECCOMP@ +LIBSECCOMP_PREFIX = @LIBSECCOMP_PREFIX@ +LIBSOCKET = @LIBSOCKET@ +LIBSTDTHREAD = @LIBSTDTHREAD@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@ +LIBTHREAD = @LIBTHREAD@ +LIBTOOL = @LIBTOOL@ +LIBUNISTRING = @LIBUNISTRING@ +LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@ +LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@ +LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@ +LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@ +LIBZ = @LIBZ@ +LIBZSTD_CFLAGS = @LIBZSTD_CFLAGS@ +LIBZSTD_LIBS = @LIBZSTD_LIBS@ +LIBZ_PC = @LIBZ_PC@ +LIBZ_PREFIX = @LIBZ_PREFIX@ +LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ +LIB_NANOSLEEP = @LIB_NANOSLEEP@ +LIB_PTHREAD = @LIB_PTHREAD@ +LIB_PTHREAD_SIGMASK = @LIB_PTHREAD_SIGMASK@ +LIB_SCHED_YIELD = @LIB_SCHED_YIELD@ +LIB_SELECT = @LIB_SELECT@ +LIB_SEMAPHORE = @LIB_SEMAPHORE@ +LIB_SETLOCALE = @LIB_SETLOCALE@ +LIB_SETLOCALE_NULL = @LIB_SETLOCALE_NULL@ +LIMITS_H = @LIMITS_H@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LOCALENAME_ENHANCE_LOCALE_FUNCS = @LOCALENAME_ENHANCE_LOCALE_FUNCS@ +LOCALE_FR = @LOCALE_FR@ +LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@ +LOCALE_JA = @LOCALE_JA@ +LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@ +LOCALE_ZH_CN = @LOCALE_ZH_CN@ +LOG_VALGRIND = @LOG_VALGRIND@ +LTALLOCA = @LTALLOCA@ +LTLIBCRYPTO = @LTLIBCRYPTO@ +LTLIBDL = @LTLIBDL@ +LTLIBEV = @LTLIBEV@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBMULTITHREAD = @LTLIBMULTITHREAD@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIBPTHREAD = @LTLIBPTHREAD@ +LTLIBRT = @LTLIBRT@ +LTLIBSECCOMP = @LTLIBSECCOMP@ +LTLIBTHREAD = @LTLIBTHREAD@ +LTLIBZ = @LTLIBZ@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_DANE_AGE = @LT_DANE_AGE@ +LT_DANE_CURRENT = @LT_DANE_CURRENT@ +LT_DANE_REVISION = @LT_DANE_REVISION@ +LT_REVISION = @LT_REVISION@ +LT_SSL_AGE = @LT_SSL_AGE@ +LT_SSL_CURRENT = @LT_SSL_CURRENT@ +LT_SSL_REVISION = @LT_SSL_REVISION@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LT_XSSL_AGE = @LT_XSSL_AGE@ +LT_XSSL_CURRENT = @LT_XSSL_CURRENT@ +LT_XSSL_REVISION = @LT_XSSL_REVISION@ +MAINT = @MAINT@ +MAJOR_VERSION = @MAJOR_VERSION@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MINOR_VERSION = @MINOR_VERSION@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGMERGE = @MSGMERGE@ +MSGMERGE_FOR_MSGFMT_OPTION = @MSGMERGE_FOR_MSGFMT_OPTION@ +NETINET_IN_H = @NETINET_IN_H@ +NETTLE_CFLAGS = @NETTLE_CFLAGS@ +NETTLE_LIBS = @NETTLE_LIBS@ +NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_CTYPE_H = @NEXT_AS_FIRST_DIRECTIVE_CTYPE_H@ +NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@ +NEXT_AS_FIRST_DIRECTIVE_FCNTL_H = @NEXT_AS_FIRST_DIRECTIVE_FCNTL_H@ +NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@ +NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H = @NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H = @NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H@ +NEXT_AS_FIRST_DIRECTIVE_LIMITS_H = @NEXT_AS_FIRST_DIRECTIVE_LIMITS_H@ +NEXT_AS_FIRST_DIRECTIVE_LOCALE_H = @NEXT_AS_FIRST_DIRECTIVE_LOCALE_H@ +NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@ +NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@ +NEXT_AS_FIRST_DIRECTIVE_PTHREAD_H = @NEXT_AS_FIRST_DIRECTIVE_PTHREAD_H@ +NEXT_AS_FIRST_DIRECTIVE_SCHED_H = @NEXT_AS_FIRST_DIRECTIVE_SCHED_H@ +NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H = @NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H@ +NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@ +NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@ +NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@ +NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@ +NEXT_AS_FIRST_DIRECTIVE_STRINGS_H = @NEXT_AS_FIRST_DIRECTIVE_STRINGS_H@ +NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H@ +NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@ +NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@ +NEXT_CTYPE_H = @NEXT_CTYPE_H@ +NEXT_ERRNO_H = @NEXT_ERRNO_H@ +NEXT_FCNTL_H = @NEXT_FCNTL_H@ +NEXT_FLOAT_H = @NEXT_FLOAT_H@ +NEXT_INTTYPES_H = @NEXT_INTTYPES_H@ +NEXT_LANGINFO_H = @NEXT_LANGINFO_H@ +NEXT_LIMITS_H = @NEXT_LIMITS_H@ +NEXT_LOCALE_H = @NEXT_LOCALE_H@ +NEXT_NETDB_H = @NEXT_NETDB_H@ +NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@ +NEXT_PTHREAD_H = @NEXT_PTHREAD_H@ +NEXT_SCHED_H = @NEXT_SCHED_H@ +NEXT_SIGNAL_H = @NEXT_SIGNAL_H@ +NEXT_STDDEF_H = @NEXT_STDDEF_H@ +NEXT_STDINT_H = @NEXT_STDINT_H@ +NEXT_STDIO_H = @NEXT_STDIO_H@ +NEXT_STDLIB_H = @NEXT_STDLIB_H@ +NEXT_STRINGS_H = @NEXT_STRINGS_H@ +NEXT_STRING_H = @NEXT_STRING_H@ +NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@ +NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@ +NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@ +NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@ +NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@ +NEXT_SYS_TYPES_H = @NEXT_SYS_TYPES_H@ +NEXT_SYS_UIO_H = @NEXT_SYS_UIO_H@ +NEXT_TIME_H = @NEXT_TIME_H@ +NEXT_UNISTD_H = @NEXT_UNISTD_H@ +NEXT_WCHAR_H = @NEXT_WCHAR_H@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NUMBER_VERSION = @NUMBER_VERSION@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PARSE_DATETIME_BISON = @PARSE_DATETIME_BISON@ +PATCH_VERSION = @PATCH_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKCS12_ITER_COUNT = @PKCS12_ITER_COUNT@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PMCCABE = @PMCCABE@ +POSUB = @POSUB@ +PRAGMA_COLUMNS = @PRAGMA_COLUMNS@ +PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@ +PRIPTR_PREFIX = @PRIPTR_PREFIX@ +PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +REPLACE_ACCESS = @REPLACE_ACCESS@ +REPLACE_ALIGNED_ALLOC = @REPLACE_ALIGNED_ALLOC@ +REPLACE_BTOWC = @REPLACE_BTOWC@ +REPLACE_CALLOC = @REPLACE_CALLOC@ +REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@ +REPLACE_CHOWN = @REPLACE_CHOWN@ +REPLACE_CLOSE = @REPLACE_CLOSE@ +REPLACE_CREAT = @REPLACE_CREAT@ +REPLACE_CTIME = @REPLACE_CTIME@ +REPLACE_DPRINTF = @REPLACE_DPRINTF@ +REPLACE_DUP = @REPLACE_DUP@ +REPLACE_DUP2 = @REPLACE_DUP2@ +REPLACE_DUPLOCALE = @REPLACE_DUPLOCALE@ +REPLACE_EXECL = @REPLACE_EXECL@ +REPLACE_EXECLE = @REPLACE_EXECLE@ +REPLACE_EXECLP = @REPLACE_EXECLP@ +REPLACE_EXECV = @REPLACE_EXECV@ +REPLACE_EXECVE = @REPLACE_EXECVE@ +REPLACE_EXECVP = @REPLACE_EXECVP@ +REPLACE_EXECVPE = @REPLACE_EXECVPE@ +REPLACE_FACCESSAT = @REPLACE_FACCESSAT@ +REPLACE_FCHMODAT = @REPLACE_FCHMODAT@ +REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@ +REPLACE_FCLOSE = @REPLACE_FCLOSE@ +REPLACE_FCNTL = @REPLACE_FCNTL@ +REPLACE_FDOPEN = @REPLACE_FDOPEN@ +REPLACE_FFLUSH = @REPLACE_FFLUSH@ +REPLACE_FFSLL = @REPLACE_FFSLL@ +REPLACE_FOPEN = @REPLACE_FOPEN@ +REPLACE_FPRINTF = @REPLACE_FPRINTF@ +REPLACE_FPURGE = @REPLACE_FPURGE@ +REPLACE_FREE = @REPLACE_FREE@ +REPLACE_FREELOCALE = @REPLACE_FREELOCALE@ +REPLACE_FREOPEN = @REPLACE_FREOPEN@ +REPLACE_FSEEK = @REPLACE_FSEEK@ +REPLACE_FSEEKO = @REPLACE_FSEEKO@ +REPLACE_FSTAT = @REPLACE_FSTAT@ +REPLACE_FSTATAT = @REPLACE_FSTATAT@ +REPLACE_FTELL = @REPLACE_FTELL@ +REPLACE_FTELLO = @REPLACE_FTELLO@ +REPLACE_FTRUNCATE = @REPLACE_FTRUNCATE@ +REPLACE_FUTIMENS = @REPLACE_FUTIMENS@ +REPLACE_GAI_STRERROR = @REPLACE_GAI_STRERROR@ +REPLACE_GETADDRINFO = @REPLACE_GETADDRINFO@ +REPLACE_GETCWD = @REPLACE_GETCWD@ +REPLACE_GETDELIM = @REPLACE_GETDELIM@ +REPLACE_GETDOMAINNAME = @REPLACE_GETDOMAINNAME@ +REPLACE_GETDTABLESIZE = @REPLACE_GETDTABLESIZE@ +REPLACE_GETGROUPS = @REPLACE_GETGROUPS@ +REPLACE_GETLINE = @REPLACE_GETLINE@ +REPLACE_GETLOGIN_R = @REPLACE_GETLOGIN_R@ +REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@ +REPLACE_GETPASS = @REPLACE_GETPASS@ +REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@ +REPLACE_GMTIME = @REPLACE_GMTIME@ +REPLACE_INET_NTOP = @REPLACE_INET_NTOP@ +REPLACE_INET_PTON = @REPLACE_INET_PTON@ +REPLACE_INITSTATE = @REPLACE_INITSTATE@ +REPLACE_IOCTL = @REPLACE_IOCTL@ +REPLACE_ISATTY = @REPLACE_ISATTY@ +REPLACE_ITOLD = @REPLACE_ITOLD@ +REPLACE_LCHOWN = @REPLACE_LCHOWN@ +REPLACE_LINK = @REPLACE_LINK@ +REPLACE_LINKAT = @REPLACE_LINKAT@ +REPLACE_LOCALECONV = @REPLACE_LOCALECONV@ +REPLACE_LOCALTIME = @REPLACE_LOCALTIME@ +REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@ +REPLACE_LSEEK = @REPLACE_LSEEK@ +REPLACE_LSTAT = @REPLACE_LSTAT@ +REPLACE_MALLOC = @REPLACE_MALLOC@ +REPLACE_MBRLEN = @REPLACE_MBRLEN@ +REPLACE_MBRTOWC = @REPLACE_MBRTOWC@ +REPLACE_MBSINIT = @REPLACE_MBSINIT@ +REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@ +REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@ +REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@ +REPLACE_MBTOWC = @REPLACE_MBTOWC@ +REPLACE_MEMCHR = @REPLACE_MEMCHR@ +REPLACE_MEMMEM = @REPLACE_MEMMEM@ +REPLACE_MKDIR = @REPLACE_MKDIR@ +REPLACE_MKFIFO = @REPLACE_MKFIFO@ +REPLACE_MKFIFOAT = @REPLACE_MKFIFOAT@ +REPLACE_MKNOD = @REPLACE_MKNOD@ +REPLACE_MKNODAT = @REPLACE_MKNODAT@ +REPLACE_MKSTEMP = @REPLACE_MKSTEMP@ +REPLACE_MKTIME = @REPLACE_MKTIME@ +REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@ +REPLACE_NEWLOCALE = @REPLACE_NEWLOCALE@ +REPLACE_NL_LANGINFO = @REPLACE_NL_LANGINFO@ +REPLACE_NULL = @REPLACE_NULL@ +REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@ +REPLACE_OPEN = @REPLACE_OPEN@ +REPLACE_OPENAT = @REPLACE_OPENAT@ +REPLACE_PERROR = @REPLACE_PERROR@ +REPLACE_POPEN = @REPLACE_POPEN@ +REPLACE_POSIX_MEMALIGN = @REPLACE_POSIX_MEMALIGN@ +REPLACE_PREAD = @REPLACE_PREAD@ +REPLACE_PRINTF = @REPLACE_PRINTF@ +REPLACE_PSELECT = @REPLACE_PSELECT@ +REPLACE_PTHREAD_ATTR_DESTROY = @REPLACE_PTHREAD_ATTR_DESTROY@ +REPLACE_PTHREAD_ATTR_GETDETACHSTATE = @REPLACE_PTHREAD_ATTR_GETDETACHSTATE@ +REPLACE_PTHREAD_ATTR_INIT = @REPLACE_PTHREAD_ATTR_INIT@ +REPLACE_PTHREAD_ATTR_SETDETACHSTATE = @REPLACE_PTHREAD_ATTR_SETDETACHSTATE@ +REPLACE_PTHREAD_CONDATTR_DESTROY = @REPLACE_PTHREAD_CONDATTR_DESTROY@ +REPLACE_PTHREAD_CONDATTR_INIT = @REPLACE_PTHREAD_CONDATTR_INIT@ +REPLACE_PTHREAD_COND_BROADCAST = @REPLACE_PTHREAD_COND_BROADCAST@ +REPLACE_PTHREAD_COND_DESTROY = @REPLACE_PTHREAD_COND_DESTROY@ +REPLACE_PTHREAD_COND_INIT = @REPLACE_PTHREAD_COND_INIT@ +REPLACE_PTHREAD_COND_SIGNAL = @REPLACE_PTHREAD_COND_SIGNAL@ +REPLACE_PTHREAD_COND_TIMEDWAIT = @REPLACE_PTHREAD_COND_TIMEDWAIT@ +REPLACE_PTHREAD_COND_WAIT = @REPLACE_PTHREAD_COND_WAIT@ +REPLACE_PTHREAD_CREATE = @REPLACE_PTHREAD_CREATE@ +REPLACE_PTHREAD_DETACH = @REPLACE_PTHREAD_DETACH@ +REPLACE_PTHREAD_EQUAL = @REPLACE_PTHREAD_EQUAL@ +REPLACE_PTHREAD_EXIT = @REPLACE_PTHREAD_EXIT@ +REPLACE_PTHREAD_GETSPECIFIC = @REPLACE_PTHREAD_GETSPECIFIC@ +REPLACE_PTHREAD_JOIN = @REPLACE_PTHREAD_JOIN@ +REPLACE_PTHREAD_KEY_CREATE = @REPLACE_PTHREAD_KEY_CREATE@ +REPLACE_PTHREAD_KEY_DELETE = @REPLACE_PTHREAD_KEY_DELETE@ +REPLACE_PTHREAD_MUTEXATTR_DESTROY = @REPLACE_PTHREAD_MUTEXATTR_DESTROY@ +REPLACE_PTHREAD_MUTEXATTR_GETROBUST = @REPLACE_PTHREAD_MUTEXATTR_GETROBUST@ +REPLACE_PTHREAD_MUTEXATTR_GETTYPE = @REPLACE_PTHREAD_MUTEXATTR_GETTYPE@ +REPLACE_PTHREAD_MUTEXATTR_INIT = @REPLACE_PTHREAD_MUTEXATTR_INIT@ +REPLACE_PTHREAD_MUTEXATTR_SETROBUST = @REPLACE_PTHREAD_MUTEXATTR_SETROBUST@ +REPLACE_PTHREAD_MUTEXATTR_SETTYPE = @REPLACE_PTHREAD_MUTEXATTR_SETTYPE@ +REPLACE_PTHREAD_MUTEX_DESTROY = @REPLACE_PTHREAD_MUTEX_DESTROY@ +REPLACE_PTHREAD_MUTEX_INIT = @REPLACE_PTHREAD_MUTEX_INIT@ +REPLACE_PTHREAD_MUTEX_LOCK = @REPLACE_PTHREAD_MUTEX_LOCK@ +REPLACE_PTHREAD_MUTEX_TIMEDLOCK = @REPLACE_PTHREAD_MUTEX_TIMEDLOCK@ +REPLACE_PTHREAD_MUTEX_TRYLOCK = @REPLACE_PTHREAD_MUTEX_TRYLOCK@ +REPLACE_PTHREAD_MUTEX_UNLOCK = @REPLACE_PTHREAD_MUTEX_UNLOCK@ +REPLACE_PTHREAD_ONCE = @REPLACE_PTHREAD_ONCE@ +REPLACE_PTHREAD_RWLOCKATTR_DESTROY = @REPLACE_PTHREAD_RWLOCKATTR_DESTROY@ +REPLACE_PTHREAD_RWLOCKATTR_INIT = @REPLACE_PTHREAD_RWLOCKATTR_INIT@ +REPLACE_PTHREAD_RWLOCK_DESTROY = @REPLACE_PTHREAD_RWLOCK_DESTROY@ +REPLACE_PTHREAD_RWLOCK_INIT = @REPLACE_PTHREAD_RWLOCK_INIT@ +REPLACE_PTHREAD_RWLOCK_RDLOCK = @REPLACE_PTHREAD_RWLOCK_RDLOCK@ +REPLACE_PTHREAD_RWLOCK_TIMEDRDLOCK = @REPLACE_PTHREAD_RWLOCK_TIMEDRDLOCK@ +REPLACE_PTHREAD_RWLOCK_TIMEDWRLOCK = @REPLACE_PTHREAD_RWLOCK_TIMEDWRLOCK@ +REPLACE_PTHREAD_RWLOCK_TRYRDLOCK = @REPLACE_PTHREAD_RWLOCK_TRYRDLOCK@ +REPLACE_PTHREAD_RWLOCK_TRYWRLOCK = @REPLACE_PTHREAD_RWLOCK_TRYWRLOCK@ +REPLACE_PTHREAD_RWLOCK_UNLOCK = @REPLACE_PTHREAD_RWLOCK_UNLOCK@ +REPLACE_PTHREAD_RWLOCK_WRLOCK = @REPLACE_PTHREAD_RWLOCK_WRLOCK@ +REPLACE_PTHREAD_SELF = @REPLACE_PTHREAD_SELF@ +REPLACE_PTHREAD_SETSPECIFIC = @REPLACE_PTHREAD_SETSPECIFIC@ +REPLACE_PTHREAD_SIGMASK = @REPLACE_PTHREAD_SIGMASK@ +REPLACE_PTHREAD_SPIN_DESTROY = @REPLACE_PTHREAD_SPIN_DESTROY@ +REPLACE_PTHREAD_SPIN_INIT = @REPLACE_PTHREAD_SPIN_INIT@ +REPLACE_PTHREAD_SPIN_LOCK = @REPLACE_PTHREAD_SPIN_LOCK@ +REPLACE_PTHREAD_SPIN_TRYLOCK = @REPLACE_PTHREAD_SPIN_TRYLOCK@ +REPLACE_PTHREAD_SPIN_UNLOCK = @REPLACE_PTHREAD_SPIN_UNLOCK@ +REPLACE_PTSNAME = @REPLACE_PTSNAME@ +REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ +REPLACE_PUTENV = @REPLACE_PUTENV@ +REPLACE_PWRITE = @REPLACE_PWRITE@ +REPLACE_QSORT_R = @REPLACE_QSORT_R@ +REPLACE_RAISE = @REPLACE_RAISE@ +REPLACE_RANDOM = @REPLACE_RANDOM@ +REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ +REPLACE_READ = @REPLACE_READ@ +REPLACE_READLINK = @REPLACE_READLINK@ +REPLACE_READLINKAT = @REPLACE_READLINKAT@ +REPLACE_REALLOC = @REPLACE_REALLOC@ +REPLACE_REALLOCARRAY = @REPLACE_REALLOCARRAY@ +REPLACE_REALPATH = @REPLACE_REALPATH@ +REPLACE_REMOVE = @REPLACE_REMOVE@ +REPLACE_RENAME = @REPLACE_RENAME@ +REPLACE_RENAMEAT = @REPLACE_RENAMEAT@ +REPLACE_RMDIR = @REPLACE_RMDIR@ +REPLACE_SCHED_YIELD = @REPLACE_SCHED_YIELD@ +REPLACE_SELECT = @REPLACE_SELECT@ +REPLACE_SETENV = @REPLACE_SETENV@ +REPLACE_SETLOCALE = @REPLACE_SETLOCALE@ +REPLACE_SETSTATE = @REPLACE_SETSTATE@ +REPLACE_SLEEP = @REPLACE_SLEEP@ +REPLACE_SNPRINTF = @REPLACE_SNPRINTF@ +REPLACE_SPRINTF = @REPLACE_SPRINTF@ +REPLACE_STAT = @REPLACE_STAT@ +REPLACE_STDIO_READ_FUNCS = @REPLACE_STDIO_READ_FUNCS@ +REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@ +REPLACE_STPNCPY = @REPLACE_STPNCPY@ +REPLACE_STRCASESTR = @REPLACE_STRCASESTR@ +REPLACE_STRCHRNUL = @REPLACE_STRCHRNUL@ +REPLACE_STRDUP = @REPLACE_STRDUP@ +REPLACE_STRERROR = @REPLACE_STRERROR@ +REPLACE_STRERRORNAME_NP = @REPLACE_STRERRORNAME_NP@ +REPLACE_STRERROR_R = @REPLACE_STRERROR_R@ +REPLACE_STRFTIME = @REPLACE_STRFTIME@ +REPLACE_STRNCAT = @REPLACE_STRNCAT@ +REPLACE_STRNDUP = @REPLACE_STRNDUP@ +REPLACE_STRNLEN = @REPLACE_STRNLEN@ +REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@ +REPLACE_STRSTR = @REPLACE_STRSTR@ +REPLACE_STRTOD = @REPLACE_STRTOD@ +REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@ +REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ +REPLACE_STRTOL = @REPLACE_STRTOL@ +REPLACE_STRTOLD = @REPLACE_STRTOLD@ +REPLACE_STRTOLL = @REPLACE_STRTOLL@ +REPLACE_STRTOUL = @REPLACE_STRTOUL@ +REPLACE_STRTOULL = @REPLACE_STRTOULL@ +REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ +REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@ +REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ +REPLACE_SYMLINK = @REPLACE_SYMLINK@ +REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ +REPLACE_TIMEGM = @REPLACE_TIMEGM@ +REPLACE_TMPFILE = @REPLACE_TMPFILE@ +REPLACE_TRUNCATE = @REPLACE_TRUNCATE@ +REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ +REPLACE_TZSET = @REPLACE_TZSET@ +REPLACE_UNLINK = @REPLACE_UNLINK@ +REPLACE_UNLINKAT = @REPLACE_UNLINKAT@ +REPLACE_UNSETENV = @REPLACE_UNSETENV@ +REPLACE_USLEEP = @REPLACE_USLEEP@ +REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@ +REPLACE_VASPRINTF = @REPLACE_VASPRINTF@ +REPLACE_VDPRINTF = @REPLACE_VDPRINTF@ +REPLACE_VFPRINTF = @REPLACE_VFPRINTF@ +REPLACE_VPRINTF = @REPLACE_VPRINTF@ +REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@ +REPLACE_VSPRINTF = @REPLACE_VSPRINTF@ +REPLACE_WCRTOMB = @REPLACE_WCRTOMB@ +REPLACE_WCSFTIME = @REPLACE_WCSFTIME@ +REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@ +REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@ +REPLACE_WCSTOK = @REPLACE_WCSTOK@ +REPLACE_WCSWIDTH = @REPLACE_WCSWIDTH@ +REPLACE_WCTOB = @REPLACE_WCTOB@ +REPLACE_WCTOMB = @REPLACE_WCTOMB@ +REPLACE_WCWIDTH = @REPLACE_WCWIDTH@ +REPLACE_WRITE = @REPLACE_WRITE@ +SED = @SED@ +SERVENT_LIB = @SERVENT_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDALIGN_H = @STDALIGN_H@ +STDBOOL_H = @STDBOOL_H@ +STDDEF_H = @STDDEF_H@ +STDINT_H = @STDINT_H@ +STRIP = @STRIP@ +SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@ +SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_TIME_UTC = @TIME_H_DEFINES_TIME_UTC@ +TROUSERS_LIB = @TROUSERS_LIB@ +TSS2_CFLAGS = @TSS2_CFLAGS@ +TSS2_LIBS = @TSS2_LIBS@ +TSS_CFLAGS = @TSS_CFLAGS@ +TSS_LIBS = @TSS_LIBS@ +UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ +UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ +UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ +UNBOUND_LIBS = @UNBOUND_LIBS@ +UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ +UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ +UNISTD_H_HAVE_SYS_RANDOM_H = @UNISTD_H_HAVE_SYS_RANDOM_H@ +UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ +UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +USE_NLS = @USE_NLS@ +VALGRIND = @VALGRIND@ +VALGRINDFLAGS = @VALGRINDFLAGS@ +VALGRIND_PROGRAM = @VALGRIND_PROGRAM@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ +WERROR_CFLAGS = @WERROR_CFLAGS@ +WINDOWS_64_BIT_OFF_T = @WINDOWS_64_BIT_OFF_T@ +WINDOWS_64_BIT_ST_SIZE = @WINDOWS_64_BIT_ST_SIZE@ +WINDOWS_STAT_INODES = @WINDOWS_STAT_INODES@ +WINDOWS_STAT_TIMESPEC = @WINDOWS_STAT_TIMESPEC@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ +WSTACK_CFLAGS = @WSTACK_CFLAGS@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +YIELD_LIB = @YIELD_LIB@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +ac_cv_sizeof_time_t = @ac_cv_sizeof_time_t@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +ggl_LIBOBJS = @ggl_LIBOBJS@ +ggl_LTLIBOBJS = @ggl_LTLIBOBJS@ +ggltests_LIBOBJS = @ggltests_LIBOBJS@ +ggltests_LTLIBOBJS = @ggltests_LTLIBOBJS@ +ggltests_WITNESS = @ggltests_WITNESS@ +gl_LIBOBJS = @gl_LIBOBJS@ +gl_LTLIBOBJS = @gl_LTLIBOBJS@ +gltests_LIBOBJS = @gltests_LIBOBJS@ +gltests_LTLIBOBJS = @gltests_LTLIBOBJS@ +gltests_WITNESS = @gltests_WITNESS@ +gnutls_so = @gnutls_so@ +guile_snarf = @guile_snarf@ +guileextensiondir = @guileextensiondir@ +guilesiteccachedir = @guilesiteccachedir@ +guilesitedir = @guilesitedir@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +ifGNUmake = @ifGNUmake@ +ifnGNUmake = @ifnGNUmake@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +maybe_guileextensiondir = @maybe_guileextensiondir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +unistring_LIBOBJS = @unistring_LIBOBJS@ +unistring_LTLIBOBJS = @unistring_LTLIBOBJS@ +unistringtests_LIBOBJS = @unistringtests_LIBOBJS@ +unistringtests_LTLIBOBJS = @unistringtests_LTLIBOBJS@ +unistringtests_WITNESS = @unistringtests_WITNESS@ +AM_CFLAGS = $(WARN_CFLAGS) +AM_CPPFLAGS = \ + -I$(top_srcdir)/gl \ + -I$(top_builddir)/gl \ + -I$(top_srcdir)/lib/includes \ + -I$(top_builddir)/lib/includes \ + -I$(top_srcdir)/extra/includes \ + -I$(top_builddir)/extra/includes \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/tests \ + -I$(top_srcdir)/doc/examples + +AM_LDFLAGS = -no-install +LDADD = ../../lib/libgnutls.la \ + ../../gl/libgnu.la \ + ../libutils.la \ + $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB) + +prime_check_LDADD = $(LDADD) -lhogweed -lgmp +scripts_to_test = chain.sh testrng.sh testcompat-polarssl-serv.sh \ + testcompat-polarssl-serv-compat.sh \ + testcompat-polarssl-serv-no-etm.sh testcompat-openssl-cli.sh \ + testcompat-openssl-cli-compat.sh \ + testcompat-openssl-cli-no-etm.sh testcompat-openssl-serv.sh \ + testcompat-openssl-serv-compat.sh \ + testcompat-openssl-serv-no-etm.sh \ + testcompat-openssl-serv-no-tickets.sh \ + testcompat-openssl-serv-no-safe-renegotiation.sh \ + testcompat-openssl-serv-safe-renegotiation.sh testrandom.sh \ + tls-fuzzer/tls-fuzzer-nocert.sh tls-fuzzer/tls-fuzzer-cert.sh \ + tls-fuzzer/tls-fuzzer-alpn.sh \ + tls-fuzzer/tls-fuzzer-nocert-tls13.sh \ + tls-fuzzer/tls-fuzzer-psk.sh tls-fuzzer/tls-fuzzer-nolimit.sh \ + tls-fuzzer/tls-fuzzer-nolimit-tls13.sh \ + multi-ticket-reception.sh $(am__append_2) $(am__append_4) \ + $(am__append_5) $(am__append_6) $(am__append_7) +TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT) LC_ALL="C" PYTHON="$(PYTHON)" \ + VALGRIND='$(LOG_VALGRIND)' top_builddir="$(top_builddir)" \ + abs_top_builddir="$(abs_top_builddir)" srcdir="$(srcdir)" \ + ASAN_OPTIONS="detect_leaks=0" GNUTLS_TEST_SUITE_RUN=1 \ + GNUTLS_SYSTEM_PRIORITY_FILE=$(abs_top_srcdir)/tests/system.prio \ + OPENSSL_ia32cap=0x00000000 $(am__append_1) $(am__append_3) +@MACOSX_FALSE@@WINDOWS_FALSE@mini_record_timing_LDADD = -lrt $(LDADD) +@MACOSX_FALSE@@WINDOWS_FALSE@nodist_mini_record_timing_SOURCES = mini-record-timing.c +@MACOSX_FALSE@@WINDOWS_FALSE@eagain_cli_LDADD = $(LIBEV_LIBS) -lrt -lm $(LIBDL) -lpthread $(LDADD) +@MACOSX_FALSE@@WINDOWS_FALSE@nodist_eagain_cli_SOURCES = eagain-cli.c +nodist_prime_check_SOURCES = prime-check.c +nodist_rng_SOURCES = rng.c +nodist_check_SCRIPTS = $(scripts_to_test) +prime_check_CPPFLAGS = $(AM_CPPFLAGS) $(NETTLE_CFLAGS) +TEST_EXTENSIONS = .sh +SH_LOG_COMPILER = $(SHELL) +LOG_COMPILER = $(LOG_VALGRIND) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .log .o .obj .sh .sh$(EXEEXT) .trs +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/suite/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign tests/suite/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +eagain-cli$(EXEEXT): $(eagain_cli_OBJECTS) $(eagain_cli_DEPENDENCIES) $(EXTRA_eagain_cli_DEPENDENCIES) + @rm -f eagain-cli$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(eagain_cli_OBJECTS) $(eagain_cli_LDADD) $(LIBS) + +mini-record-timing$(EXEEXT): $(mini_record_timing_OBJECTS) $(mini_record_timing_DEPENDENCIES) $(EXTRA_mini_record_timing_DEPENDENCIES) + @rm -f mini-record-timing$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(mini_record_timing_OBJECTS) $(mini_record_timing_LDADD) $(LIBS) + +prime-check$(EXEEXT): $(prime_check_OBJECTS) $(prime_check_DEPENDENCIES) $(EXTRA_prime_check_DEPENDENCIES) + @rm -f prime-check$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(prime_check_OBJECTS) $(prime_check_LDADD) $(LIBS) + +rng$(EXEEXT): $(rng_OBJECTS) $(rng_DEPENDENCIES) $(EXTRA_rng_DEPENDENCIES) + @rm -f rng$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rng_OBJECTS) $(rng_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eagain-cli.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mini-record-timing.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prime_check-prime-check.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rng.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +prime_check-prime-check.o: prime-check.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(prime_check_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT prime_check-prime-check.o -MD -MP -MF $(DEPDIR)/prime_check-prime-check.Tpo -c -o prime_check-prime-check.o `test -f 'prime-check.c' || echo '$(srcdir)/'`prime-check.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/prime_check-prime-check.Tpo $(DEPDIR)/prime_check-prime-check.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='prime-check.c' object='prime_check-prime-check.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(prime_check_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o prime_check-prime-check.o `test -f 'prime-check.c' || echo '$(srcdir)/'`prime-check.c + +prime_check-prime-check.obj: prime-check.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(prime_check_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT prime_check-prime-check.obj -MD -MP -MF $(DEPDIR)/prime_check-prime-check.Tpo -c -o prime_check-prime-check.obj `if test -f 'prime-check.c'; then $(CYGPATH_W) 'prime-check.c'; else $(CYGPATH_W) '$(srcdir)/prime-check.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/prime_check-prime-check.Tpo $(DEPDIR)/prime_check-prime-check.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='prime-check.c' object='prime_check-prime-check.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(prime_check_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o prime_check-prime-check.obj `if test -f 'prime-check.c'; then $(CYGPATH_W) 'prime-check.c'; else $(CYGPATH_W) '$(srcdir)/prime-check.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +# Recover from deleted '.trs' file; this should ensure that +# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create +# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells +# to avoid problems with "make -n". +.log.trs: + rm -f $< $@ + $(MAKE) $(AM_MAKEFLAGS) $< + +# Leading 'am--fnord' is there to ensure the list of targets does not +# expand to empty, as could happen e.g. with make check TESTS=''. +am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) +am--force-recheck: + @: + +$(TEST_SUITE_LOG): $(TEST_LOGS) + @$(am__set_TESTS_bases); \ + am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ + redo_bases=`for i in $$bases; do \ + am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ + done`; \ + if test -n "$$redo_bases"; then \ + redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ + redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ + if $(am__make_dryrun); then :; else \ + rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ + fi; \ + if test -n "$$am__remaking_logs"; then \ + echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ + "recursion detected" >&2; \ + elif test -n "$$redo_logs"; then \ + am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ + fi; \ + if $(am__make_dryrun); then :; else \ + st=0; \ + errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ + for i in $$redo_bases; do \ + test -f $$i.trs && test -r $$i.trs \ + || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ + test -f $$i.log && test -r $$i.log \ + || { echo "$$errmsg $$i.log" >&2; st=1; }; \ + done; \ + test $$st -eq 0 || exit 1; \ + fi + @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ + ws='[ ]'; \ + results=`for b in $$bases; do echo $$b.trs; done`; \ + test -n "$$results" || results=/dev/null; \ + all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ + pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ + fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ + skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ + xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ + xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ + error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ + if test `expr $$fail + $$xpass + $$error` -eq 0; then \ + success=true; \ + else \ + success=false; \ + fi; \ + br='==================='; br=$$br$$br$$br$$br; \ + result_count () \ + { \ + if test x"$$1" = x"--maybe-color"; then \ + maybe_colorize=yes; \ + elif test x"$$1" = x"--no-color"; then \ + maybe_colorize=no; \ + else \ + echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ + shift; \ + desc=$$1 count=$$2; \ + if test $$maybe_colorize = yes && test $$count -gt 0; then \ + color_start=$$3 color_end=$$std; \ + else \ + color_start= color_end=; \ + fi; \ + echo "$${color_start}# $$desc $$count$${color_end}"; \ + }; \ + create_testsuite_report () \ + { \ + result_count $$1 "TOTAL:" $$all "$$brg"; \ + result_count $$1 "PASS: " $$pass "$$grn"; \ + result_count $$1 "SKIP: " $$skip "$$blu"; \ + result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ + result_count $$1 "FAIL: " $$fail "$$red"; \ + result_count $$1 "XPASS:" $$xpass "$$red"; \ + result_count $$1 "ERROR:" $$error "$$mgn"; \ + }; \ + { \ + echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ + $(am__rst_title); \ + create_testsuite_report --no-color; \ + echo; \ + echo ".. contents:: :depth: 2"; \ + echo; \ + for b in $$bases; do echo $$b; done \ + | $(am__create_global_log); \ + } >$(TEST_SUITE_LOG).tmp || exit 1; \ + mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ + if $$success; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ + fi; \ + echo "$${col}$$br$${std}"; \ + echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ + echo "$${col}$$br$${std}"; \ + create_testsuite_report --maybe-color; \ + echo "$$col$$br$$std"; \ + if $$success; then :; else \ + echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ + if test -n "$(PACKAGE_BUGREPORT)"; then \ + echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ + fi; \ + echo "$$col$$br$$std"; \ + fi; \ + $$success || exit 1 + +check-TESTS: $(check_PROGRAMS) $(nodist_check_SCRIPTS) + @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list + @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + trs_list=`for i in $$bases; do echo $$i.trs; done`; \ + log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ + exit $$?; +recheck: all $(check_PROGRAMS) $(nodist_check_SCRIPTS) + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + bases=`for i in $$bases; do echo $$i; done \ + | $(am__list_recheck_tests)` || exit 1; \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + log_list=`echo $$log_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ + am__force_recheck=am--force-recheck \ + TEST_LOGS="$$log_list"; \ + exit $$? +prime-check.log: prime-check$(EXEEXT) + @p='prime-check$(EXEEXT)'; \ + b='prime-check'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +.sh.log: + @p='$<'; \ + $(am__set_b); \ + $(am__check_pre) $(SH_LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_SH_LOG_DRIVER_FLAGS) $(SH_LOG_DRIVER_FLAGS) -- $(SH_LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +@am__EXEEXT_TRUE@.sh$(EXEEXT).log: +@am__EXEEXT_TRUE@ @p='$<'; \ +@am__EXEEXT_TRUE@ $(am__set_b); \ +@am__EXEEXT_TRUE@ $(am__check_pre) $(SH_LOG_DRIVER) --test-name "$$f" \ +@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ +@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_SH_LOG_DRIVER_FLAGS) $(SH_LOG_DRIVER_FLAGS) -- $(SH_LOG_COMPILE) \ +@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \ + $(nodist_check_SCRIPTS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) + -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) + -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ + clean-noinstPROGRAMS mostlyclean-am + +distclean: distclean-am + -rm -f ./$(DEPDIR)/eagain-cli.Po + -rm -f ./$(DEPDIR)/mini-record-timing.Po + -rm -f ./$(DEPDIR)/prime_check-prime-check.Po + -rm -f ./$(DEPDIR)/rng.Po + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f ./$(DEPDIR)/eagain-cli.Po + -rm -f ./$(DEPDIR)/mini-record-timing.Po + -rm -f ./$(DEPDIR)/prime_check-prime-check.Po + -rm -f ./$(DEPDIR)/rng.Po + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: check-am install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \ + check-am clean clean-checkPROGRAMS clean-generic clean-libtool \ + clean-noinstPROGRAMS cscopelist-am ctags ctags-am distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am recheck tags tags-am uninstall \ + uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tests/suite/README b/tests/suite/README new file mode 100644 index 0000000..ece7004 --- /dev/null +++ b/tests/suite/README @@ -0,0 +1,2 @@ +Here are tests that will not be distributed with a release. Only +done during development. diff --git a/tests/suppressions.valgrind b/tests/suppressions.valgrind new file mode 100644 index 0000000..1dc5454 --- /dev/null +++ b/tests/suppressions.valgrind @@ -0,0 +1,298 @@ +# suppressions -- Valgrind suppresion file for libgcrypt + +# Copyright (C) 2008-2012 Free Software Foundation, Inc. + +# Copying and distribution of this file, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. + +{ + zlib inflateInit + Memcheck:Cond + fun:inflateReset2 + fun:inflateInit2_ + fun:_gnutls_comp_init + fun:_gnutls_init_record_state + fun:_gnutls_epoch_set_keys + fun:_gnutls_write_connection_state_init + fun:_gnutls_send_handshake_final +} + +{ + libgcrypt1 + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_module_add + fun:gcry_pk_register_default + fun:_gcry_pk_init + fun:global_init + fun:_gcry_check_version + fun:gcry_check_version + fun:gnutls_global_init +} + +{ + libgcrypt1-new + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_module_add + fun:pk_register_default + fun:_gcry_pk_init + fun:global_init + fun:_gcry_check_version + fun:gcry_check_version + fun:gnutls_global_init +} + +{ + libgcrypt2 + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_module_add + fun:gcry_md_register_default + fun:_gcry_md_init + fun:global_init + fun:_gcry_check_version + fun:gcry_check_version + fun:gnutls_global_init +} + +{ + libgcrypt2-new + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_module_add + fun:md_register_default + fun:_gcry_md_init + fun:global_init + fun:_gcry_check_version + fun:gcry_check_version + fun:gnutls_global_init +} + +{ + libgcrypt3 + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_module_add + fun:gcry_cipher_register_default + fun:_gcry_cipher_init + fun:global_init + fun:_gcry_check_version + fun:gcry_check_version + fun:gnutls_global_init +} + +{ + libgcrypt3-new + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_module_add + fun:cipher_register_default + fun:_gcry_cipher_init + fun:global_init + fun:_gcry_check_version + fun:gcry_check_version + fun:gnutls_global_init +} + +{ + libgcrypt4 + Memcheck:Leak + fun:malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_xmalloc + fun:_gcry_xcalloc + fun:initialize + fun:_gcry_randomize + fun:gcry_randomize + fun:gc_pseudo_random + fun:_gnutls_rnd_init + fun:gnutls_global_init +} + +{ + libgcrypt5 + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_xmalloc + fun:_gcry_xcalloc + fun:initialize + fun:_gcry_randomize + fun:gcry_randomize + fun:gc_pseudo_random + fun:_gnutls_rnd_init + fun:gnutls_global_init +} + +{ + libgcrypt6 + Memcheck:Leak + fun:malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_xmalloc + fun:_gcry_xcalloc + fun:initialize + fun:_gcry_create_nonce + fun:gcry_create_nonce + fun:wrap_gcry_rnd_init + fun:_gnutls_rnd_init + fun:gnutls_global_init +} + +{ + libgcrypt7 + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_xmalloc + fun:_gcry_xcalloc + fun:initialize + fun:_gcry_create_nonce + fun:gcry_create_nonce + fun:wrap_gcry_rnd_init + fun:_gnutls_rnd_init + fun:gnutls_global_init +} + +{ + libgcrypt7-new + Memcheck:Leak + fun:malloc + fun:_gcry_private_malloc + fun:do_malloc + fun:_gcry_malloc + fun:_gcry_xmalloc + fun:_gcry_xcalloc + fun:initialize + fun:_gcry_rngcsprng_create_nonce + fun:_gcry_create_nonce + fun:gcry_create_nonce + fun:wrap_gcry_rnd_init + fun:_gnutls_rnd_init + fun:gnutls_global_init +} + +{ + ignore p11 leaks + Memcheck:Leak + fun:calloc + obj:* + obj:* + obj:* + obj:* + fun:p11_kit_initialize_registered + fun:gnutls_pkcs11_init + fun:gnutls_global_init +} + +{ + ignore p11 leaks2 + Memcheck:Leak + fun:malloc + obj:* + obj:* + obj:* + obj:* + obj:* + fun:p11_kit_module_initialize + fun:gnutls_pkcs11_add_provider +} + +{ + nettle memxor3 + Memcheck:Addr8 + fun:memxor3 + obj:* +} + +{ + nettle memxor + Memcheck:Addr8 + fun:memxor + obj:* +} + +{ + memxor_different_alignment + Memcheck:Addr8 + fun:memxor_different_alignment + obj:* +} + +{ + libidn-strlen + Memcheck:Addr4 + fun:idna_to_ascii_4z + fun:idna_to_ascii_8z + fun:gnutls_x509_crt_check_hostname2 + ... +} + +{ + libidn-strlen2 + Memcheck:Addr4 + fun:idna_to_ascii_4z + fun:idna_to_ascii_8z + fun:gnutls_server_name_set + ... +} + +{ + libidn-strlen2 + Memcheck:Addr4 + fun:idna_to_ascii_4z + fun:idna_to_ascii_8z + fun:gnutls_server_name_get + ... +} + +{ + bash leak + Memcheck:Leak + match-leak-kinds: definite + fun:malloc + fun:xmalloc + fun:set_default_locale + fun:main +} +{ + ld-uncond-jump + Memcheck:Cond + fun:index + fun:expand_dynamic_string_token + fun:fillin_rpath + ... +} +{ + gnutls-false-positive + Memcheck:Cond + fun:decode_complex_string.isra.0 + fun:_gnutls_x509_dn_to_string + ... +} diff --git a/tests/system-override-curves-allowlist.c b/tests/system-override-curves-allowlist.c new file mode 100644 index 0000000..2313c0d --- /dev/null +++ b/tests/system-override-curves-allowlist.c @@ -0,0 +1,165 @@ +/* + * Copyright (C) 2021 Red Hat, Inc. + * + * Author: Alexander Sosedkin + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* + * This test isn't meant for direct execution. + * It is the significant part of the test + * invoked from system-override-curves-allowlist.sh that covers: + * - generating a key using the curve enabled in the config succeeds + * - disabling the previously enabled curve results in blocking it + * - reenabling it back is also possible after disabling + * - enabling a different curve unblocks key generation using it + * - disabling the originally enabled curve results in blocking it + * - redisabling it back is also possible after enabling + * Inputs (passed through environment variables): + * - INITIALLY_ENABLED_CURVES - space-separated string + * - INITIALLY_DISABLED_CURVES - space-separated string + */ + +#include +#include +#include +#include +#include + +#include +#include + +#include "utils.h" + +#define _assert(cond, format, ...) if (!(cond)) \ + _fail("Assertion `" #cond "` failed: " format "\n", ##__VA_ARGS__) +#define _check(cond) if (!(cond)) _fail("Assertion `" #cond "` failed.\n") + +gnutls_ecc_curve_t unlocked_ecc_curve_get_id(const char* curve); +gnutls_pk_algorithm_t curve_name_to_pk(const char* curve); +void assert_unblocked(const char* curve); +void assert_blocked(const char* curve); +char* envvarcpy(const char* envvar); + + +gnutls_ecc_curve_t unlocked_ecc_curve_get_id(const char* curve) { + if (!strcasecmp(curve, "SECP192R1")) return GNUTLS_ECC_CURVE_SECP192R1; + if (!strcasecmp(curve, "SECP256R1")) return GNUTLS_ECC_CURVE_SECP256R1; + if (!strcasecmp(curve, "SECP384R1")) return GNUTLS_ECC_CURVE_SECP384R1; + if (!strcasecmp(curve, "SECP521R1")) return GNUTLS_ECC_CURVE_SECP521R1; + if (!strcasecmp(curve, "X448")) return GNUTLS_ECC_CURVE_X448; + if (!strcasecmp(curve, "X25519")) return GNUTLS_ECC_CURVE_X25519; + fprintf(stderr, "unknown curve %s\n", curve); + return GNUTLS_ECC_CURVE_INVALID; +} + + +gnutls_pk_algorithm_t curve_name_to_pk(const char* curve) { + if (!strcasecmp(curve, "X448")) return GNUTLS_PK_ECDH_X448; + if (!strcasecmp(curve, "X25519")) return GNUTLS_PK_ECDH_X25519; + return GNUTLS_PK_ECDSA; +} + + +void assert_unblocked(const char* curve_name) { + gnutls_privkey_t priv; + gnutls_ecc_curve_t curve; + gnutls_pk_algorithm_t pk; + + unsigned int bits; + + fprintf(stderr, "generating a key using non-blocked %s curve...\n", + curve_name); + _check(curve = gnutls_ecc_curve_get_id(curve_name)); + _check(curve == unlocked_ecc_curve_get_id(curve_name)); + _check(gnutls_privkey_init(&priv) == GNUTLS_E_SUCCESS); + bits = GNUTLS_CURVE_TO_BITS(curve); + pk = curve_name_to_pk(curve_name); + _check(gnutls_privkey_generate(priv, pk, bits, 0) == GNUTLS_E_SUCCESS); + gnutls_privkey_deinit(priv); + fprintf(stderr, "%s succeeds as expected\n", curve_name); +} + + +void assert_blocked(const char* curve_name) { + gnutls_privkey_t priv; + gnutls_ecc_curve_t curve; + unsigned int bits; + gnutls_pk_algorithm_t pk; + + fprintf(stderr, "generating a key using blocked %s curve...\n", + curve_name); + _check(gnutls_ecc_curve_get_id(curve_name) == GNUTLS_ECC_CURVE_INVALID); + _check((curve = unlocked_ecc_curve_get_id(curve_name)) != + GNUTLS_ECC_CURVE_INVALID); + _check(!strcasecmp(curve_name, gnutls_ecc_curve_get_name(curve))); + _check(gnutls_privkey_init(&priv) == GNUTLS_E_SUCCESS); + bits = GNUTLS_CURVE_TO_BITS(curve); + pk = curve_name_to_pk(curve_name); + _check(gnutls_privkey_generate(priv, pk, bits, 0) < 0); + gnutls_privkey_deinit(priv); + fprintf(stderr, "%s is blocked as expected\n", curve_name); +} + + +char* envvarcpy(const char* envvar) { + char* s; + _assert(s = getenv(envvar), "variable %s is not set", envvar); + return gnutls_strdup(s); +} + + +void doit(void) { + char* curves; + const char* curve; + gnutls_ecc_curve_t curve_id; + + curves = envvarcpy("INITIALLY_ENABLED_CURVES"); + for (curve = strtok(curves, " "); curve; curve = strtok(NULL, " ")) { + curve_id = unlocked_ecc_curve_get_id(curve); + + assert_unblocked(curve); + + gnutls_ecc_curve_set_enabled(curve_id, 0); + assert_blocked(curve); + + gnutls_ecc_curve_set_enabled(curve_id, 1); + assert_unblocked(curve); + + printf("disableable: %s\n", curve); + } + free(curves); + + curves = envvarcpy("INITIALLY_DISABLED_CURVES"); + for (curve = strtok(curves, " "); curve; curve = strtok(NULL, " ")) { + curve_id = unlocked_ecc_curve_get_id(curve); + + assert_blocked(curve); + + gnutls_ecc_curve_set_enabled(curve_id, 1); + assert_unblocked(curve); + + gnutls_ecc_curve_set_enabled(curve_id, 0); + assert_blocked(curve); + + printf("reenableable: %s\n", curve); + } + free(curves); + + exit(0); +} diff --git a/tests/system-override-curves-allowlist.sh b/tests/system-override-curves-allowlist.sh new file mode 100755 index 0000000..8c273aa --- /dev/null +++ b/tests/system-override-curves-allowlist.sh @@ -0,0 +1,211 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${srcdir=.} +: ${builddir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${GREP=grep} +: ${DIFF=diff} +: ${SED=sed} +: ${CAT=cat} +TMPFILE_KEY=key.$$.pem.tmp +TMPFILE_CONFIG=config.$$.pem.tmp +TMPFILE_INPUT_SCRIPT=input.$$.script.tmp +TMPFILE_OBSERVED_LOG=observed.$$.log.tmp +TMPFILE_EXPECTED_LOG=expected.$$.log.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +for tool in "${CERTTOOL}" "${SERV}" "${CLI}"; do + if ! test -x "$tool"; then + exit 77 + fi +done + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15" +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +# This test doesn't work in FIPS mode +if test -n "${GNUTLS_FORCE_FIPS_MODE}" && test "${GNUTLS_FORCE_FIPS_MODE}" != 0; then + exit 77 +fi + +cleanup() { + rm -f "${TMPFILE_KEY}" "${TMPFILE_INPUT_SCRIPT}" + rm -f "${TMPFILE_OBSERVED_LOG}" "${TMPFILE_EXPECTED_LOG}" +} +trap cleanup 1 15 2 EXIT + +# Set up a reasonable but minimal configuration file using allowlisting +# allowing just a few curves. +# We intentionally add stray spaces and tabs to check our parser +cat <<_EOF_ > ${TMPFILE_CONFIG} +[global] +override-mode = allowlist + +[overrides] + enabled-curve= seCp384r1 +enabled-curve =X448 +_EOF_ +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE_CONFIG}" +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 +export INITIALLY_ENABLED_CURVES="SECP384R1 X448" +export INITIALLY_DISABLED_CURVES="SECP256R1 SECP521R1 X25519" +EXAMPLE_DISABLED_PRIORITY=NORMAL:-CURVE-ALL:+CURVE-SECP256R1:+CURVE-SECP521R1:+CURVE-X25519 + +export GNUTLS_DEBUG_LEVEL=3 + + +# --list output + +"${CLI}" --list|grep ^Groups >"${TMPFILE_OBSERVED_LOG}" +cat "${TMPFILE_OBSERVED_LOG}" +for curve in ${INITIALLY_DISABLED_CURVES}; do + if grep -i "$curve" "${TMPFILE_OBSERVED_LOG}"; then + echo "Found disabled curve $curve within --list output" + exit 1 + fi +done + +for curve in ${INITIALLY_ENABLED_CURVES}; do + if ! grep -i "$curve" ${TMPFILE_OBSERVED_LOG};then + echo "Could not found $curve within --list output" + exit 1 + fi +done + + +# TLS: try whether a client connection with a disabled curve will succeed + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority ${EXAMPLE_DISABLED_PRIORITY} --insecure --logfile ${TMPFILE_OBSERVED_LOG} /dev/null || + fail "expected connection to succeed (1)" + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE_CONFIG}" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority ${EXAMPLE_DISABLED_PRIORITY} --insecure --logfile ${TMPFILE_OBSERVED_LOG} /dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +# TLS: try whether a server connection with a disabled curve will succeed + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --priority ${EXAMPLE_DISABLED_PRIORITY} --insecure --logfile ${TMPFILE_OBSERVED_LOG} /dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE_CONFIG}" + + +# Key generation using certtool + +for curve in ${INITIALLY_ENABLED_CURVES}; do + key_type=ecdsa + test $curve = X448 && key_type=x448 + test $curve = X25519 && key_type=x25519 + ${VALGRIND} ${CERTTOOL} \ + --generate-privkey --key-type=$key_type --curve=$curve \ + --outfile "${TMPFILE_KEY}" + EX=$? + if test $EX != 0; then + echo "key generation using $curve has failed ($EX)" + exit $EX + fi +done + +for curve in ${INITIALLY_DISABLED_CURVES}; do + key_type=ecdsa + test $curve = X448 && key_type=x448 + test $curve = X25519 && key_type=x25519 + ${VALGRIND} ${CERTTOOL} \ + --generate-privkey --key-type=$key_type --curve=$curve \ + --outfile "${TMPFILE_KEY}" > ${TMPFILE_OBSERVED_LOG} 2>&1 + EX=$? + if test $EX != 1; then + echo "key generation using $curve has succeeded unexpectedly" + exit $EX + fi + if ! ${GREP} -Fqx "Unsupported curve: $curve" "${TMPFILE_OBSERVED_LOG}" + then + ${CAT} "${TMPFILE_OBSERVED_LOG}" + echo "'Unsupported curve: $curve' not found in the output" + exit 1 + fi +done + + +# Test key generation and gnutls_ecc_curve_set_enabled +# using system-override-curves-allowlist.c + +${CAT} > "${TMPFILE_EXPECTED_LOG}" < ${TMPFILE_OBSERVED_LOG} +EX=$? +if test $EX != 0; then + ${CAT} ${TMPFILE_OBSERVED_LOG} + echo "system-override-curves-allowlist(.c) failed with $EX" + exit $EX +fi +${DIFF} "${TMPFILE_EXPECTED_LOG}" "${TMPFILE_OBSERVED_LOG}" +EX=$? +if test $EX != 0; then + echo "system-override-curves-allowlist(.c) produced unexpected output" + exit 1 +fi + +exit 0 diff --git a/tests/system-override-curves.sh b/tests/system-override-curves.sh new file mode 100755 index 0000000..b4bcb25 --- /dev/null +++ b/tests/system-override-curves.sh @@ -0,0 +1,112 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +TMPFILE=config.$$.tmp +TMPFILE2=log.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +# This test doesn't work in FIPS mode +if test -n "${GNUTLS_FORCE_FIPS_MODE}" && test "${GNUTLS_FORCE_FIPS_MODE}" != 0; then + exit 77 +fi + +# We intentionally add stray spaces and tabs to check our parser +cat <<_EOF_ > ${TMPFILE} +[overrides] + +disabled-curve = secp256r1 +disabled-curve = secp521r1 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" +export GNUTLS_DEBUG_LEVEL=3 + +"${CLI}" --list|grep ^Groups >${TMPFILE2} +cat ${TMPFILE2} +if grep -i "SECP256R1" ${TMPFILE2} || grep -i "SECP521R1" ${TMPFILE2};then + echo "Found disabled curve with --list" + exit 1 +fi + +if ! grep -i "SECP384R1" ${TMPFILE2};then + echo "Could not found secp384r1" + exit 1 +fi + +# Try whether a client connection with a disabled curve will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CURVE-ALL:+CURVE-SECP256R1:+CURVE-SECP521R1 --insecure --logfile ${TMPFILE2} /dev/null || + fail "expected connection to succeed (1)" + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CURVE-ALL:+CURVE-SECP256R1:+CURVE-SECP521R1 --insecure --logfile ${TMPFILE2} /dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +# Try whether a server connection with a disabled curve will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority "NORMAL:-CURVE-ALL:+CURVE-SECP256R1:+CURVE-SECP521R1" --insecure --logfile ${TMPFILE2} /dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +exit 0 diff --git a/tests/system-override-default-priority-string.bad.config b/tests/system-override-default-priority-string.bad.config new file mode 100644 index 0000000..ca88d71 --- /dev/null +++ b/tests/system-override-default-priority-string.bad.config @@ -0,0 +1,3 @@ +SYSTEM=NORMAL +[overrides] +default-priority-string = diff --git a/tests/system-override-default-priority-string.none.config b/tests/system-override-default-priority-string.none.config new file mode 100644 index 0000000..0a42c3a --- /dev/null +++ b/tests/system-override-default-priority-string.none.config @@ -0,0 +1,2 @@ +[overrides] +default-priority-string = NONE diff --git a/tests/system-override-default-priority-string.only-tls13.config b/tests/system-override-default-priority-string.only-tls13.config new file mode 100644 index 0000000..c4614a1 --- /dev/null +++ b/tests/system-override-default-priority-string.only-tls13.config @@ -0,0 +1,2 @@ +[overrides] +default-priority-string = NORMAL:-VERS-ALL:+VERS-TLS1.3 diff --git a/tests/system-override-default-priority-string.sh b/tests/system-override-default-priority-string.sh new file mode 100755 index 0000000..da262c8 --- /dev/null +++ b/tests/system-override-default-priority-string.sh @@ -0,0 +1,93 @@ +#!/bin/sh +# Copyright (C) 2019 Canonical, Ltd. +# +# Author: Dimitri John Ledkov +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +TMPFILE=config.$$.tmp +TMPFILE2=log.$$.tmp +STOCK_PRIORITY="${GNUTLS_SYSTEM_PRIORITY_FILE-./system.prio}" +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +export GNUTLS_DEBUG_LEVEL=3 +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +# Try whether a client connection with priority string None succeeds +export GNUTLS_SYSTEM_PRIORITY_FILE="${srcdir}/system-override-default-priority-string.none.config" +eval "${GETPORT}" +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +export GNUTLS_SYSTEM_PRIORITY_FILE="${STOCK_PRIORITY}" +"${CLI}" -p "${PORT}" 127.0.0.1 --insecure --logfile ${TMPFILE2} /dev/null && + fail "expected connection to fail (1)" +kill ${PID} +wait + +# Try whether a client connection to an tls1.3 only server succeeds +export GNUTLS_SYSTEM_PRIORITY_FILE="${srcdir}/system-override-default-priority-string.only-tls13.config" +eval "${GETPORT}" +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +export GNUTLS_SYSTEM_PRIORITY_FILE="${STOCK_PRIORITY}" +"${CLI}" -p "${PORT}" 127.0.0.1 --priority "NORMAL:-VERS-TLS1.3" --insecure --logfile ${TMPFILE2} /dev/null && + fail "expected connection to fail (2)" + +export GNUTLS_SYSTEM_PRIORITY_FILE="${STOCK_PRIORITY}" +"${CLI}" -p "${PORT}" 127.0.0.1 --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3" --insecure --logfile ${TMPFILE2} /dev/null || + fail "expected connection to succeed (1)" + +kill ${PID} +wait + +# Check that a bad (empty) default-priority-string results in an built-one being used, when non-strict +export GNUTLS_SYSTEM_PRIORITY_FILE="${srcdir}/system-override-default-priority-string.bad.config" +unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID +eval "${GETPORT}" +launch_server --echo --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +"${CLI}" -p "${PORT}" 127.0.0.1 --insecure --logfile ${TMPFILE2} /dev/null || + fail "expected connection to succeed (2)" + +kill ${PID} +wait + +exit 0 diff --git a/tests/system-override-hash-allowlist.sh b/tests/system-override-hash-allowlist.sh new file mode 100755 index 0000000..651a596 --- /dev/null +++ b/tests/system-override-hash-allowlist.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${builddir=.} +TMPFILE=c.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +cat <<_EOF_ > ${TMPFILE} +[global] +override-mode = allowlist + +[overrides] +secure-hash = sha384 +secure-sig = rsa-pss-sha384 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${builddir}/system-override-hash" +rc=$? +rm ${TMPFILE} +exit $rc diff --git a/tests/system-override-hash-filters-prf.sh b/tests/system-override-hash-filters-prf.sh new file mode 100755 index 0000000..b09a78e --- /dev/null +++ b/tests/system-override-hash-filters-prf.sh @@ -0,0 +1,89 @@ +#!/bin/sh + +# Copyright (C) 2021 Red Hat, Inc. +# +# Author: Alexander Sosedkin +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${GREP=grep} + +if ! test -x "${CLI}"; then + exit 77 +fi + +TMPCFGFILE=cfg.$$.tmp +TMPOUTFILE=out.$$.tmp + +# Sanity + +${CLI} --list -d 4 --priority NORMAL > "${TMPOUTFILE}" 2>&1 +if test $? != 0; then + cat "${TMPOUTFILE}" + echo 'fails just listing ciphersuites for NORMAL' + exit 1 +fi +if ! ${GREP} -Fq TLS_AES_256_GCM_SHA384 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'no TLS_AES_256_GCM_SHA384 (TLS 1.3) with NORMAL' + exit 1 +fi +if ! ${GREP} -Fq TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'no TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 (TLS 1.2) with NORMAL' + exit 1 +fi +if ! ${GREP} -q TLS_RSA_AES_128_GCM_SHA256 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'no TLS_RSA_AES_128_GCM_SHA256 (non-SHA384 example) with NORMAL' + exit 1 +fi + +# insecure-hash = SHA384 disables TLS_AES_256_GCM_SHA384 and friends + +cat <<_EOF_ > ${TMPCFGFILE} +[overrides] +insecure-hash = SHA384 +_EOF_ +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPCFGFILE}" +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +${CLI} --list -d 4 --priority NORMAL > "${TMPOUTFILE}" 2>&1 +if ${GREP} -Fq TLS_AES_256_GCM_SHA384 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'TLS_AES_256_GCM_SHA384 (TLS 1.3) has not disappeared' + exit 1 +fi +if ${GREP} -Fq TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 (TLS 1.2) has not disappeared' + exit 1 +fi +if ! ${GREP} -q TLS_RSA_AES_128_GCM_SHA256 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'TLS_RSA_AES_128_GCM_SHA256 (non-SHA384 example) has disappeared' + exit 1 +fi +if ${GREP} -Fq SHA.*384 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'SHA384 is still mentioned' + exit 1 +fi + +rm "${TMPCFGFILE}" "${TMPOUTFILE}" diff --git a/tests/system-override-hash.c b/tests/system-override-hash.c new file mode 100644 index 0000000..e964819 --- /dev/null +++ b/tests/system-override-hash.c @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include "utils.h" +#include + +/* This test verifies whether a system-wide configuration which disables SHA256 + * and SHA512 is seen from the library side. + */ + +void doit(void) +{ + /* sanity */ + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_PSS_SHA384) != 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_MD5) == 0); + + /* check whether the values set by the calling script are the expected */ + assert(gnutls_sign_is_secure(GNUTLS_SIGN_DSA_SHA256) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_SHA256) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_SHA512) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_ECDSA_SHA256) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_ECDSA_SHA512) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_PSS_SHA256) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_PSS_SHA512) == 0); +} diff --git a/tests/system-override-hash.sh b/tests/system-override-hash.sh new file mode 100755 index 0000000..cb027c2 --- /dev/null +++ b/tests/system-override-hash.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${builddir=.} +TMPFILE=c.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +insecure-hash = sha256 +insecure-hash = sha512 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${builddir}/system-override-hash" +rc=$? +rm ${TMPFILE} +exit $rc diff --git a/tests/system-override-invalid.sh b/tests/system-override-invalid.sh new file mode 100755 index 0000000..8b8f673 --- /dev/null +++ b/tests/system-override-invalid.sh @@ -0,0 +1,64 @@ +#!/bin/sh + +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CLI=../src/gnutls-cli${EXEEXT}} +TMPFILE=c.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +insecure-something = md5 +insecure-hash = sha256 +insecure-hash= sha512 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" +${CLI} --list -d 4 >/dev/null 2>&1 +if test $? = 0;then + echo "unknown option was not caught" + exit 1 +fi + + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +insecure-sig-for-cert = rsa-sha256 +insecure-sig = rsa-sha512 +insecure-sig = rsa-sha1 + +[unknown-section] +insecure-sig = rsa-sha512 +insecure-sig = rsa-sha1 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +${CLI} --list >/dev/null 2>&1 +if test $? = 0;then + echo "unknown section was not caught" + exit 1 +fi + +exit 0 diff --git a/tests/system-override-kx.sh b/tests/system-override-kx.sh new file mode 100755 index 0000000..642ff0b --- /dev/null +++ b/tests/system-override-kx.sh @@ -0,0 +1,104 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +TMPFILE=config.$$.tmp +TMPFILE2=log.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +# We intentionally add stray spaces and tabs to check our parser +cat <<_EOF_ > ${TMPFILE} +[overrides] + +tls-disabled-kx = dhe-dss +tls-disabled-kx = dhe-rsa +tls-disabled-kx = unknown +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" +export GNUTLS_DEBUG_LEVEL=3 + +# Try whether a client connection with a disabled KX algorithm will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-KX-ALL:+DHE-RSA --insecure --logfile ${TMPFILE2} /dev/null || + fail "expected connection to succeed (1)" + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-KX-ALL:+DHE-RSA --insecure --logfile ${TMPFILE2} /dev/null && + fail "expected connection to fail (2)" + +# test whether the unknown KX will be caught +GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --insecure --logfile ${TMPFILE2} /dev/null && + fail "expected connection to succeed (3)" + +unset GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID + +kill ${PID} +wait + +# Try whether a server connection with a disabled KX will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority "NORMAL:-KX-ALL:+DHE-RSA" --insecure --logfile ${TMPFILE2} /dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +exit 0 diff --git a/tests/system-override-profiles.sh b/tests/system-override-profiles.sh new file mode 100755 index 0000000..1b03bdb --- /dev/null +++ b/tests/system-override-profiles.sh @@ -0,0 +1,105 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see +# + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +TMPFILE=config.$$.tmp +TMPFILE2=log.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +CERT="${srcdir}/certs/cert-ecc256.pem" +KEY="${srcdir}/certs/ecc256.pem" + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY} --x509certfile ${CERT} +PID=$! +wait_server ${PID} + +# successful case, 224 bit min-profile, 256 bit key +cat <<_EOF_ > ${TMPFILE} +[overrides] + +# 224 bits +min-verification-profile=medium +_EOF_ + +export GNUTLS_DEBUG_LEVEL=3 +unset GNUTLS_SYSTEM_PRIORITY_FILE + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} /dev/null || + fail "expected connection to succeed (1)" + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} /dev/null || + fail "expected connection to succeed (2)" + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_MEDIUM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} /dev/null || + fail "expected connection to succeed (3)" + +# failure case, 384 bit min-profile, 256 bit key +cat <<_EOF_ > ${TMPFILE} +[overrides] + +min-verification-profile=ultra +_EOF_ + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} /dev/null || + fail "expected connection to succeed (1)" + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} /dev/null && + fail "expected connection to fail (1)" + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_MEDIUM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} /dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +exit 0 diff --git a/tests/system-override-sig-allowlist.sh b/tests/system-override-sig-allowlist.sh new file mode 100755 index 0000000..70b02f1 --- /dev/null +++ b/tests/system-override-sig-allowlist.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${builddir=.} +TMPFILE=c.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +cat <<_EOF_ > ${TMPFILE} +[global] +override-mode = allowlist + +[overrides] +secure-hash = sha256 +secure-sig = rsa-sha256 +secure-hash = sha384 +secure-sig = rsa-pss-sha384 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${builddir}/system-override-sig" +rc=$? +rm ${TMPFILE} +exit $rc diff --git a/tests/system-override-sig-tls.c b/tests/system-override-sig-tls.c new file mode 100644 index 0000000..7258808 --- /dev/null +++ b/tests/system-override-sig-tls.c @@ -0,0 +1,200 @@ +/* + * Copyright (C) 2015-2021 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" + +#define SKIP16(pos, total) { \ + uint16_t _s; \ + if (pos+2 > total) fail("error\n"); \ + _s = (msg->data[pos] << 8) | msg->data[pos+1]; \ + if ((size_t)(pos+2+_s) > total) fail("error\n"); \ + pos += 2+_s; \ + } + +#define SKIP8(pos, total) { \ + uint8_t _s; \ + if (pos+1 > total) fail("error\n"); \ + _s = msg->data[pos]; \ + if ((size_t)(pos+1+_s) > total) fail("error\n"); \ + pos += 1+_s; \ + } + +#define HANDSHAKE_SESSION_ID_POS 34 + +#include "eagain-common.h" +#include "cert-common.h" + +/* This tests whether the client omits signature algorithms marked as insecure, + * from the signature_algorithms extension. + */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define PRIO "NORMAL:-VERS-ALL:+VERS-TLS1.3:-SIGN-ALL:" \ + "+SIGN-RSA-PSS-RSAE-SHA256:+SIGN-RSA-PSS-RSAE-SHA384" +/* rsa_pss_rsae_sha384 */ +#define SIGALGS_EXP "\x00\x02\x08\x05" + +static int +ext_callback(void *ctx, unsigned tls_id, + const unsigned char *data, unsigned size) +{ + if (tls_id == 13) { /* signature algorithms */ + if (size != sizeof(SIGALGS_EXP) - 1) { + fail("invalid signature_algorithms length: %u != 4\n", + size); + } + if (memcmp(data, SIGALGS_EXP, sizeof(SIGALGS_EXP) - 1) != 0) { + fail("invalid signature_algorithms\n"); + } + } + return 0; +} + +static int +handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, + const gnutls_datum_t *msg) +{ + assert(post); + + if (!incoming && htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) { + int ret; + unsigned pos; + gnutls_datum_t mmsg; + + assert(msg->size >= HANDSHAKE_SESSION_ID_POS); + pos = HANDSHAKE_SESSION_ID_POS; + SKIP8(pos, msg->size); + SKIP16(pos, msg->size); + SKIP8(pos, msg->size); + + mmsg.data = &msg->data[pos]; + mmsg.size = msg->size - pos; + ret = gnutls_ext_raw_parse(NULL, ext_callback, &mmsg, 0); + assert(ret >= 0); + } + return 0; +} + +void doit(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + global_init(); + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server2_cert, &server2_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_priority_set_direct(server, PRIO, NULL); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, + server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca2_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, PRIO, NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, + client_pull_timeout_func); + gnutls_transport_set_ptr(client, client); + + gnutls_handshake_set_hook_function(client, + GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_POST, + handshake_callback); + + HANDSHAKE(client, server); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); +} diff --git a/tests/system-override-sig-tls.sh b/tests/system-override-sig-tls.sh new file mode 100755 index 0000000..649374d --- /dev/null +++ b/tests/system-override-sig-tls.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# Copyright (C) 2021 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos, Daiki Ueno +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${builddir=.} +TMPFILE=c.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +insecure-sig = rsa-pss-rsae-sha256 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${builddir}/system-override-sig-tls" +rc=$? +rm ${TMPFILE} +exit $rc diff --git a/tests/system-override-sig.c b/tests/system-override-sig.c new file mode 100644 index 0000000..9e6171c --- /dev/null +++ b/tests/system-override-sig.c @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include "utils.h" +#include + +/* This test verifies whether a system-wide configuration which disables RSA-SHA256, + * RSA-SHA1 and RSA-SHA512 is seen from the library side. + */ + +void doit(void) +{ + /* sanity */ + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_PSS_SHA384) != 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_MD5) == 0); + + /* check whether the values set by the calling script are the expected */ + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_SHA256) != 0); + assert(gnutls_sign_is_secure2(GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_SHA1) == 0); + assert(gnutls_sign_is_secure2(GNUTLS_SIGN_RSA_SHA1, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_SHA512) == 0); + assert(gnutls_sign_is_secure2(GNUTLS_SIGN_RSA_SHA512, GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS) == 0); + assert(gnutls_sign_is_secure(GNUTLS_SIGN_RSA_MD5) == 0); +} diff --git a/tests/system-override-sig.sh b/tests/system-override-sig.sh new file mode 100755 index 0000000..68bf759 --- /dev/null +++ b/tests/system-override-sig.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +# Copyright (C) 2019 Nikos Mavrogiannopoulos +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${builddir=.} +TMPFILE=c.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +insecure-sig-for-cert = rsa-sha256 +insecure-sig = rsa-sha512 +insecure-sig = rsa-sha1 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${builddir}/system-override-sig" +rc=$? +rm ${TMPFILE} +exit $rc diff --git a/tests/system-override-special-allowlist.sh b/tests/system-override-special-allowlist.sh new file mode 100755 index 0000000..a0017c8 --- /dev/null +++ b/tests/system-override-special-allowlist.sh @@ -0,0 +1,177 @@ +#!/bin/sh + +# Copyright (C) 2021 Red Hat, Inc. +# +# Author: Alexander Sosedkin +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CLI=../src/gnutls-cli${EXEEXT}} +: ${GREP=grep} +: ${DIFF=diff} +: ${SED=sed} + +if ! test -x "${CLI}"; then + exit 77 +fi + +TMPCFGFILE=cfg.$$.tmp +TMPREFFILE=ref.$$.tmp +TMPCMPFILE=cmp.$$.tmp +TMPOUTFILE=out.$$.tmp +TMPSPECIAL=spc.$$.tmp + +# extract the list of %SPECIALs from the sources + +< ${srcdir}/../lib/priority_options.gperf \ + ${SED} -ne '/\([A-Z_0-9]\{1,\}\), .*/p' | \ + ${SED} -e 's/\([A-Z_0-9]\{1,\}\), .*/\1/' > "${TMPSPECIAL}" + +if ! ${GREP} -Fqx STATELESS_COMPRESSION "${TMPSPECIAL}"; then + cat "${TMPSPECIAL}" + echo 'source-extracted list of %SPECIALs has no %STATELESS_COMPRESSION' + exit 1 +fi + +# Set up a configuration file using allowlisting +# allowing for both TLS 1.2 and TLS 1.3 +# (so that %NO_EXTENSIONS later caps that just TLS 1.2) + +cat <<_EOF_ > ${TMPCFGFILE} +[global] +override-mode = allowlist + +[overrides] +secure-hash = SHA256 +tls-enabled-mac = AEAD +tls-enabled-group = GROUP-FFDHE3072 +secure-sig = RSA-SHA256 +tls-enabled-cipher = AES-128-GCM +tls-enabled-kx = RSA +enabled-version = TLS1.3 +enabled-version = TLS1.2 +_EOF_ +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPCFGFILE}" +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +# Smoke --list, @SYSTEM + +${CLI} --list -d 4 --priority @SYSTEM > "${TMPOUTFILE}" 2>&1 +if test $? != 0; then + cat "${TMPOUTFILE}" + echo 'fails with just @SYSTEM' + exit 1 +fi +if ! ${GREP} -Fqx 'Protocols: VERS-TLS1.3, VERS-TLS1.2' \ + "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'unexpected protocol list with @SYSTEM' + exit 1 +fi +if ! ${GREP} -Fq TLS_AES_128_GCM_SHA256 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'no TLS_AES_128_GCM_SHA256 with just @SYSTEM' + exit 1 +fi +if ! ${GREP} -q TLS_RSA_AES_128_GCM_SHA256 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'no TLS_RSA_AES_128_GCM_SHA256 with just @SYSTEM' + exit 1 +fi +${SED} 's/for @SYSTEM/for ---PRIORITY---/' "${TMPOUTFILE}" > "${TMPREFFILE}" + +# Smoke-test a no-op %STATELESS_COMPRESSION, expect --list to stay the same + +${CLI} --list -d 4 --priority @SYSTEM:%STATELESS_COMPRESSION > "${TMPOUTFILE}" 2>&1 +if test $? != 0; then + cat "${TMPOUTFILE}" + echo 'fails with %STATELESS_COMPRESSION' + exit 1 +fi +${SED} 's/for @SYSTEM:%STATELESS_COMPRESSION/for ---PRIORITY---/' \ + "${TMPOUTFILE}" > "${TMPCMPFILE}" +if ! ${DIFF} "${TMPCMPFILE}" "${TMPREFFILE}"; then + echo '%STATELESS_COMPRESSION has changed the output' + exit 1 +fi + +# Smoke-test %NONEXISTING_OPTION, expect a syntax error + +${CLI} --list -d 4 --priority @SYSTEM:%NONEXISTING_OPTION > "${TMPOUTFILE}" 2>&1 +if test $? = 0; then + cat "${TMPOUTFILE}" + echo 'unknown option was not caught' + exit 1 +fi +if ! ${GREP} -Fq 'Syntax error at: @SYSTEM:%NONEXISTING_OPTION' "${TMPOUTFILE}" +then + cat "${TMPOUTFILE}" + echo 'unknown option was not errored upon' + exit 1 +fi + +# Test impact-less %SPECIALs, expect --list to stay the same + +while read special; do + if test "$special" = NO_EXTENSIONS; then + continue # see below + fi + prio="@SYSTEM:%$special" + ${CLI} --list -d 4 --priority "$prio" > "${TMPOUTFILE}" 2>&1 + if test $? != 0; then + cat "${TMPOUTFILE}" + echo "fails with $prio" + exit 1 + fi + ${SED} "s/for $prio/for ---PRIORITY---/" "${TMPOUTFILE}" \ + > "${TMPCMPFILE}" + if ! ${DIFF} "${TMPCMPFILE}" "${TMPREFFILE}"; then + echo "$special has changed the output" + exit 1 + fi +done < "${TMPSPECIAL}" + +# Check that %NO_EXTENSIONS changes the output, capping it to TLS 1.2 + +${CLI} --list -d 4 --priority @SYSTEM:%NO_EXTENSIONS > "${TMPOUTFILE}" 2>&1 +if test $? != 0; then + cat "${TMPOUTFILE}" + echo 'fails with just @SYSTEM' + exit 1 +fi +if ! ${GREP} -Fqx 'Protocols: VERS-TLS1.2' \ + "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'unexpected protocol list with @SYSTEM:%NO_EXTENSIONS' + exit 1 +fi +if ${GREP} -Fq TLS_AES_128_GCM_SHA256 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'TLS_AES_128_GCM_SHA256 present with @SYSTEM:%NO_EXTENSIONS' + exit 1 +fi +if ! ${GREP} -q TLS_RSA_AES_128_GCM_SHA256 "${TMPOUTFILE}"; then + cat "${TMPOUTFILE}" + echo 'no TLS_RSA_AES_128_GCM_SHA256 with @SYSTEM:%NO_EXTENSIONS' + exit 1 +fi + +rm "${TMPCFGFILE}" "${TMPREFFILE}" "${TMPCMPFILE}" "${TMPOUTFILE}" +rm "${TMPSPECIAL}" + +exit 0 diff --git a/tests/system-override-tls.sh b/tests/system-override-tls.sh new file mode 100755 index 0000000..a0ad3d0 --- /dev/null +++ b/tests/system-override-tls.sh @@ -0,0 +1,125 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see +# + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +TMPFILE=config.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +skip_if_no_datefudge + +CERT="${srcdir}/certs/cert-ecc256.pem" +KEY="${srcdir}/certs/ecc256.pem" + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:+SHA256" --x509keyfile ${KEY} --x509certfile ${CERT} +PID=$! +wait_server ${PID} + +#successful case, test whether the ciphers we disable below work +echo "Sanity testing" + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" /dev/null || + fail ${PID} "stage1: expected connection to succeed (1)" + +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC:+AES-256-CBC:-MAC-ALL:+SHA1 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" /dev/null || + fail ${PID} "stage1: expected connection to succeed (2)" + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +tls-disabled-cipher = aes-128-gcm +tls-disabled-cipher = aes-128-cbc +tls-disabled-mac = sha1 +tls-disabled-group = group-ffdhe2048 +_EOF_ + +GNUTLS_SYSTEM_PRIORITY_FILE=${TMPFILE} +export GNUTLS_DEBUG_LEVEL=3 +export GNUTLS_SYSTEM_PRIORITY_FILE + +echo "Testing TLS1.3" +echo " * sanity" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" /dev/null || + fail ${PID} "stage2: expected connection to succeed (1)" + +echo " * fallback to good options" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" /dev/null || + fail ${PID} "stage2: expected connection to succeed (2)" + +echo " * disabled cipher" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" /dev/null && + fail ${PID} "stage2: expected connection to fail (1)" + +echo " * disabled group" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-GROUP-ALL:+GROUP-FFDHE2048 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" /dev/null && + fail ${PID} "stage2: expected connection to fail (2)" + +echo "Testing TLS1.2" +echo " * sanity" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" /dev/null || + fail ${PID} "stage3: expected connection to succeed (1)" + +echo " * fallback to good options" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC:+AES-256-CBC:+AES-256-GCM:-MAC-ALL:+SHA1:+AEAD --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" /dev/null || + fail ${PID} "stage3: expected connection to succeed (2)" + +echo " * disabled cipher" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" /dev/null && + fail ${PID} "stage3: expected connection to fail (1)" + +echo " * disabled MAC" +datefudge "2017-11-22" \ +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-MAC-ALL:+SHA1 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" /dev/null && + fail ${PID} "stage3: expected connection to fail (2)" + + +kill ${PID} +wait + +rm -f ${TMPFILE} + +exit 0 diff --git a/tests/system-override-versions-allowlist.sh b/tests/system-override-versions-allowlist.sh new file mode 100755 index 0000000..b708c8c --- /dev/null +++ b/tests/system-override-versions-allowlist.sh @@ -0,0 +1,109 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +TMPFILE=config.$$.tmp +TMPFILE2=log.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +cat <<_EOF_ > ${TMPFILE} +[global] +override-mode = allowlist + +[overrides] +enabled-version = tls1.1 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" +export GNUTLS_DEBUG_LEVEL=3 + +"${CLI}" --list --priority=@SYSTEM | grep Protocols >${TMPFILE2} +cat ${TMPFILE2} +if grep 'VERS-TLS1\.[23]' ${TMPFILE2}; then + echo "Found disabled protocol with --list" + exit 1 +fi + +PRIO=@SYSTEM:+CIPHER-ALL:+MAC-ALL:+GROUP-ALL + +"${CLI}" --priority "$PRIO" --list | grep Protocols >${TMPFILE2} +cat ${TMPFILE2} +if grep 'VERS-TLS1\.[23]' ${TMPFILE2}; then + echo "Found disabled protocol with --list --priority $PRIO" + exit 1 +fi + +# Try whether a client connection with these protocols will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority "$PRIO" --insecure --logfile ${TMPFILE2} /dev/null && + fail "expected connection to fail (1)" + +kill ${PID} +wait + +# Try whether a server connection with these protocols will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +eval "${GETPORT}" +launch_server --echo --priority "$PRIO" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --insecure --logfile ${TMPFILE2} /dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +exit 0 diff --git a/tests/system-override-versions.sh b/tests/system-override-versions.sh new file mode 100755 index 0000000..a9999cc --- /dev/null +++ b/tests/system-override-versions.sh @@ -0,0 +1,106 @@ +#!/bin/sh + +# Copyright (C) 2019 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +TMPFILE=config.$$.tmp +TMPFILE2=log.$$.tmp +export GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if test "${WINDIR}" != ""; then + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +disabled-version = tls1.2 +disabled-version = tls1.3 +_EOF_ + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" +export GNUTLS_DEBUG_LEVEL=3 + +"${CLI}" --list|grep Protocols >${TMPFILE2} +cat ${TMPFILE2} +if grep "VERS-TLS1.2" ${TMPFILE2} || grep "VERS-TLS1.3" ${TMPFILE2};then + echo "Found disabled protocol with --list" + exit 1 +fi + +"${CLI}" --priority NORMAL --list|grep Protocols >${TMPFILE2} +cat ${TMPFILE2} +if grep "VERS-TLS1.2" ${TMPFILE2} || grep "VERS-TLS1.3" ${TMPFILE2};then + echo "Found disabled protocol with --list --priority NORMAL" + exit 1 +fi + +# Try whether a client connection with these protocols will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --insecure --logfile ${TMPFILE2} /dev/null && + fail "expected connection to fail (1)" + +kill ${PID} +wait + +# Try whether a server connection with these protocols will succeed. + +KEY1=${srcdir}/../doc/credentials/x509/key-rsa.pem +CERT1=${srcdir}/../doc/credentials/x509/cert-rsa.pem + +eval "${GETPORT}" +launch_server --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${CERT1} +PID=$! +wait_server ${PID} + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +"${CLI}" -p "${PORT}" 127.0.0.1 --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" --insecure --logfile ${TMPFILE2} /dev/null && + fail "expected connection to fail (2)" + +kill ${PID} +wait + +exit 0 diff --git a/tests/system-prio-file.c b/tests/system-prio-file.c new file mode 100644 index 0000000..fbe7d0a --- /dev/null +++ b/tests/system-prio-file.c @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "utils.h" + +/* This test verifies the correct operation of system-wide priority + * strings. The test suite sets the GNUTLS_SYSTEM_PRIORITY_FILE environment + * variable to specify the test file (system.prio). + */ + +char *_gnutls_resolve_priorities(const char* priorities); + +static void +try_prio(const char *prio, const char *expected_str) +{ + char *p; + + /* this must be called once in the program + */ + global_init(); + + p = _gnutls_resolve_priorities(prio); + if (p == NULL && expected_str == NULL) + goto ok; + + assert(strstr(gnutls_get_system_config_file(), "system.prio") != NULL); + + if (p == NULL || expected_str == NULL || strcmp(p, expected_str) != 0) { + fail("test: %s: error; got: %s, expected: %s\n", prio, p, expected_str); + exit(1); + } + + ok: + gnutls_free(p); + gnutls_global_deinit(); +} + +void doit(void) +{ + try_prio("NORMAL", "NORMAL"); + try_prio("SUITEB192", "SUITEB192"); + try_prio("@HELLO1", "NORMAL"); + try_prio("@HELLO1:+AES-256-CBC:+AEAD", "NORMAL:+AES-256-CBC:+AEAD"); + try_prio("@HELLO2", "NORMAL:+AES-128-CBC"); + try_prio("@HELLO3", "NONE:+VERS-TLS-ALL:-VERS-SSL3.0:+AEAD:+SHA1:+SHA256:+SHA384:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+AES-256-GCM:+AES-256-CBC:+CAMELLIA-256-GCM:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CBC:+CAMELLIA-128-GCM:+CAMELLIA-128-CBC:+3DES-CBC:+SIGN-ALL:-SIGN-RSA-MD5:+CURVE-ALL:+COMP-NULL:%PROFILE_LOW"); + try_prio("@HELLO1,HELLO2", "NORMAL"); + try_prio("@HELLO1,HELLO2:+AES-128-CBC", "NORMAL:+AES-128-CBC"); + try_prio("@HELLO1,HELLO1", "NORMAL"); + try_prio("@HELLO1,", "NORMAL"); + try_prio("@HELLO2,HELLO1", "NORMAL:+AES-128-CBC"); + try_prio("@HELLO2,HELLO1,@HELLONO", "NORMAL:+AES-128-CBC"); + try_prio("@HELLO2,HELLO1,@HELLO3", "NORMAL:+AES-128-CBC"); + try_prio("@HELLONO,HELLO1", "NORMAL"); + try_prio("@HELLONO,HELLONO2,HELLO1", "NORMAL"); + try_prio("@HELLONO,HELLONO2,HELLO1:+AES-128-CBC", "NORMAL:+AES-128-CBC"); + try_prio("@HELLONO", NULL); + try_prio("@HELLONO,", NULL); + try_prio("@HELLONO:+AES-128-CBC", NULL); + try_prio("@HELLONO,:+AES-128-CBC", NULL); +} diff --git a/tests/system.prio b/tests/system.prio new file mode 100644 index 0000000..ef69f6a --- /dev/null +++ b/tests/system.prio @@ -0,0 +1,3 @@ +HELLO1=NORMAL +HELLO2=NORMAL:+AES-128-CBC +HELLO3=NONE:+VERS-TLS-ALL:-VERS-SSL3.0:+AEAD:+SHA1:+SHA256:+SHA384:+ECDHE-RSA:+ECDHE-ECDSA:+RSA:+DHE-RSA:+DHE-DSS:+AES-256-GCM:+AES-256-CBC:+CAMELLIA-256-GCM:+CAMELLIA-256-CBC:+AES-128-GCM:+AES-128-CBC:+CAMELLIA-128-GCM:+CAMELLIA-128-CBC:+3DES-CBC:+SIGN-ALL:-SIGN-RSA-MD5:+CURVE-ALL:+COMP-NULL:%PROFILE_LOW diff --git a/tests/systemkey.sh b/tests/systemkey.sh new file mode 100755 index 0000000..4e55991 --- /dev/null +++ b/tests/systemkey.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +# Copyright (C) 2017 Red Hat, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${SYSTEMKEY=../src/systemkey${EXEEXT}} +unset RETCODE + +. "${srcdir}/scripts/common.sh" + +if ! test -x $SYSTEMKEY;then + exit 77 +fi + +# Basic check for system key support. This is a superficial +# check ensuring that at least the listing works. + +${SYSTEMKEY} --list +rc=$? +if test $rc != 0 && test $rc != 1;then + echo "There was an issue listing system keys" + exit 1 +fi + +exit 0 diff --git a/tests/test-chains-issuer-aia.h b/tests/test-chains-issuer-aia.h new file mode 100644 index 0000000..1377bb0 --- /dev/null +++ b/tests/test-chains-issuer-aia.h @@ -0,0 +1,137 @@ +/* + * Copyright (C) 2008-2014 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + * + * Authors: Simon Josefsson, Nikos Mavrogiannopoulos, Martin Ukrop + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifndef GNUTLS_TESTS_TEST_CHAINS_ISSUER_AIA_H +#define GNUTLS_TESTS_TEST_CHAINS_ISSUER_AIA_H + +/* *INDENT-OFF* */ + +#define MAX_CHAIN 1 + +static const char *missing_cert_aia[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIGqDCCBZCgAwIBAgIQCvBs2jemC2QTQvCh6x1Z/TANBgkqhkiG9w0BAQsFADBN\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E\n" + "aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMzIzMDAwMDAwWhcN\n" + "MjIwNTE3MTIwMDAwWjBuMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p\n" + "YTEVMBMGA1UEBxMMV2FsbnV0IENyZWVrMRwwGgYDVQQKExNMdWNhcyBHYXJyb24g\n" + "VG9ycmVzMRUwEwYDVQQDDAwqLmJhZHNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA\n" + "A4IBDwAwggEKAoIBAQDCBOz4jO4EwrPYUNVwWMyTGOtcqGhJsCK1+ZWesSssdj5s\n" + "wEtgTEzqsrTAD4C2sPlyyYYC+VxBXRMrf3HES7zplC5QN6ZnHGGM9kFCxUbTFocn\n" + "n3TrCp0RUiYhc2yETHlV5NFr6AY9SBVSrbMo26r/bv9glUp3aznxJNExtt1NwMT8\n" + "U7ltQq21fP6u9RXSM0jnInHHwhR6bCjqN0rf6my1crR+WqIW3GmxV0TbChKr3sMP\n" + "R3RcQSLhmvkbk+atIgYpLrG6SRwMJ56j+4v3QHIArJII2YxXhFOBBcvm/mtUmEAn\n" + "hccQu3Nw72kYQQdFVXz5ZD89LMOpfOuTGkyG0cqFAgMBAAGjggNhMIIDXTAfBgNV\n" + "HSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUne7Be4ELOkdp\n" + "cRh9ETeTvKUbP/swIwYDVR0RBBwwGoIMKi5iYWRzc2wuY29tggpiYWRzc2wuY29t\n" + "MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" + "awYDVR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Et\n" + "c2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2Nh\n" + "LXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUH\n" + "AgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIDMHwGCCsG\n" + "AQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t\n" + "MEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl\n" + "cnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwggF+BgorBgEE\n" + "AdZ5AgQCBIIBbgSCAWoBaAB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaO\n" + "HtGFAAABcQhGXioAAAQDAEcwRQIgDfWVBXEuUZC2YP4Si3AQDidHC4U9e5XTGyG7\n" + "SFNDlRkCIQCzikrA1nf7boAdhvaGu2Vkct3VaI+0y8p3gmonU5d9DwB2ACJFRQdZ\n" + "VSRWlj+hL/H3bYbgIyZjrcBLf13Gg1xu4g8CAAABcQhGXlsAAAQDAEcwRQIhAMWi\n" + "Vsi2vYdxRCRsu/DMmCyhY0iJPKHE2c6ejPycIbgqAiAs3kSSS0NiUFiHBw7QaQ/s\n" + "GO+/lNYvjExlzVUWJbgNLwB2AFGjsPX9AXmcVm24N3iPDKR6zBsny/eeiEKaDf7U\n" + "iwXlAAABcQhGXnoAAAQDAEcwRQIgKsntiBqt8Au8DAABFkxISELhP3U/wb5lb76p\n" + "vfenWL0CIQDr2kLhCWP/QUNxXqGmvr1GaG9EuokTOLEnGPhGv1cMkDANBgkqhkiG\n" + "9w0BAQsFAAOCAQEA0RGxlwy3Tl0lhrUAn2mIi8LcZ9nBUyfAcCXCtYyCdEbjIP64\n" + "xgX6pzTt0WJoxzlT+MiK6fc0hECZXqpkTNVTARYtGkJoljlTK2vAdHZ0SOpm9OT4\n" + "RLfjGnImY0hiFbZ/LtsvS2Zg7cVJecqnrZe/za/nbDdljnnrll7C8O5naQuKr4te\n" + "uice3e8a4TtviFwS/wdDnJ3RrE83b1IljILbU5SV0X1NajyYkUWS7AnOmrFUUByz\n" + "MwdGrM6kt0lfJy/gvGVsgIKZocHdedPeECqAtq7FAJYanOsjNN9RbBOGhbwq0/FP\n" + "CC01zojqS10nGowxzOiqyB4m6wytmzf0QwjpMw==\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *missing_cert_aia_insert = { + "-----BEGIN CERTIFICATE-----\n" + "MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n" + "QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT\n" + "MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg\n" + "U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" + "ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83\n" + "nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd\n" + "KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f\n" + "/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX\n" + "kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\n" + "/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C\n" + "AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY\n" + "aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6\n" + "Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1\n" + "oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD\n" + "QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\n" + "d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh\n" + "xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB\n" + "CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl\n" + "5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA\n" + "8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC\n" + "2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit\n" + "c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0\n" + "j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *missing_cert_aia_ca[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh\n" + "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + "d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n" + "QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT\n" + "MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg\n" + "U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n" + "ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83\n" + "nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd\n" + "KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f\n" + "/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX\n" + "kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\n" + "/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C\n" + "AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY\n" + "aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6\n" + "Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1\n" + "oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD\n" + "QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\n" + "d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh\n" + "xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB\n" + "CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl\n" + "5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA\n" + "8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC\n" + "2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit\n" + "c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0\n" + "j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz\n" + "-----END CERTIFICATE-----\n", +}; + +#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) +# pragma GCC diagnostic pop +#endif + +/* *INDENT-ON* */ + +#endif /* GNUTLS_TESTS_TEST_CHAINS_ISSUER_AIA_H */ diff --git a/tests/test-chains-issuer.h b/tests/test-chains-issuer.h new file mode 100644 index 0000000..bf1e65c --- /dev/null +++ b/tests/test-chains-issuer.h @@ -0,0 +1,482 @@ +/* + * Copyright (C) 2008-2014 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + * + * Authors: Simon Josefsson, Nikos Mavrogiannopoulos, Martin Ukrop, + * Sahana Prasad, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifndef GNUTLS_TESTS_TEST_CHAINS_ISSUER_H +#define GNUTLS_TESTS_TEST_CHAINS_ISSUER_H + +#define MAX_CHAIN 15 + +#define SERVER_CERT "-----BEGIN CERTIFICATE-----\n" \ + "MIIDATCCAbmgAwIBAgIUQdvdegP8JFszFHLfV4+lrEdafzAwPQYJKoZIhvcNAQEK\n" \ + "MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC\n" \ + "AUAwDzENMAsGA1UEAxMEQ0EtNTAgFw0yMDA0MjAxMTI2NDFaGA85OTk5MTIzMTIz\n" \ + "NTk1OVowEzERMA8GA1UEAxMIc2VydmVyLTYwgZswEAYHKoZIzj0CAQYFK4EEACMD\n" \ + "gYYABAHZ3W5jpYq15WI7tVZxWCT3YtYMEj4xJSdO/ubHV0NnrlQ7+Q95R32qcA2w\n" \ + "4gyPif+M/Au4Towr/RA+b+qgMvD0fQFmNeWkNB/TSW2RNm7uHQU7N66tbrNWvjyS\n" \ + "BZeLB/V03ZWe+rO4cfrPiqtBv9N08k9uMNNCeMlatJNqj0BoFRxhBaN3MHUwDAYD\n" \ + "VR0TAQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwDwYDVR0PAQH/BAUDAweA\n" \ + "ADAdBgNVHQ4EFgQUMnSJQI2iHiVoxE1XSByQ9QFrG0owHwYDVR0jBBgwFoAUu9ao\n" \ + "G/58Y/+czHPyWo3C+vs9pFkwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGh\n" \ + "GjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEBAAfhLT1jQsc9yk4k\n" \ + "myAAMIXYD1THMkasGZiIv2TLJSLeKc4Rvzvrb/iywwrMdaBHs5sJoyk7amMwemc7\n" \ + "WA2+A2uTeLeDG3ev4r5stNRLyL0HSOr7da+BshUiHJgeihp1Qglm0AUqV5X69i5t\n" \ + "5woB5KENnYfoAWaYmXa1EPRh2xb2XDI0uCHg1bPljg61/T2cJZ4VfkOvsKgFAI4p\n" \ + "lAKQCZSKbEY1oWDdDhVcSipYu2E88RXczvcnEQV3C3p6CGcf8xclZdZIwMAyXYAK\n" \ + "oNccbSIfDlN4iD+2bztCRWHD6hWL1NJsFqmv3Ts8eYU8z8J8NdhtCXr76lFkFmDx\n" \ + "+lfZEv4=\n" \ + "-----END CERTIFICATE-----\n" + +#define CA_CERT_5 "-----BEGIN CERTIFICATE-----\n" \ + "MIIDojCCAlqgAwIBAgIUHRb3xJ2ZGqqgdC/pBq/sDtAwvtowPQYJKoZIhvcNAQEK\n" \ + "MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC\n" \ + "AUAwDzENMAsGA1UEAxMEQ0EtNDAgFw0yMDA0MjAxMTI2NDFaGA85OTk5MTIzMTIz\n" \ + "NTk1OVowDzENMAsGA1UEAxMEQ0EtNTCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg\n" \ + "hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCC\n" \ + "AQoCggEBAMZqQ7I1HAxkxuwGQBch/jZTWLXRUtWBjlpREnp0wFt+quJOZkKNYrlL\n" \ + "9sngiRknsbEIfJMB2XfoK6m9SwRN/qoxewOrnK9YONG9dj0p30qiseshXIs6ZoMl\n" \ + "v9fZA77UraCtTbX6Xwk/+Or6SuSK2lyz0R5O14xBa5ubpm2Q8XTE9A1SAGx61ofC\n" \ + "Dzfvefp+m3QCy+3K+Yn05VKPxswznuVwM/oJDGzJJhD6/uNPpm5CZoPtcW14Eitu\n" \ + "ip51Ej1VE4lJRBHAtUSOrd3Hks6YasK7Uvu0HjpqW7PqaIhJIR7ofzbXX2vBwVj2\n" \ + "Qlwozk4cVCP7XO3VrVu/GCdSL+G3RAUCAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB\n" \ + "/zAPBgNVHQ8BAf8EBQMDB4QAMB0GA1UdDgQWBBS71qgb/nxj/5zMc/JajcL6+z2k\n" \ + "WTAfBgNVHSMEGDAWgBQPB7C8f3nco30et23Lhw7QMTaLYzA9BgkqhkiG9w0BAQow\n" \ + "MKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIB\n" \ + "QAOCAQEAl90uQvD0lne4jseHNfu8XCIZmCSxaNhF3SD73TwlGERbRjtIKz34Y6hC\n" \ + "z5bZ4tCGnkKAtdHLIGwOnaLSXDvzmUSkQmJmG0QMaDGsVpVXEZD/7+yyIxOcV1iK\n" \ + "XveeQysCKsDEfdrfn1mACQj8eC4lL9KJcHptHdTSLfa58MV2Qe5smCIByXxendO5\n" \ + "UQHZy5UrzWAdtO7y75vXeXynsXAqcE4TTNjdFiCnn6Q5/pVyW14kepfjaOzQFP7H\n" \ + "QlnHtgQDRAlQuB1aGseb6jn2Joy33itpBthvtgBosZIqsMyPoX5YzjqZUSjfPZOP\n" \ + "/aOd/5HR4ZPDWfHdIWbXogYX0ndhNg==\n" \ + "-----END CERTIFICATE-----\n" + +#define CA_CERT_4 "-----BEGIN CERTIFICATE-----\n" \ + "MIIDojCCAlqgAwIBAgIUGybZZ1e/iFUKafPdh8xUbh7YVnwwPQYJKoZIhvcNAQEK\n" \ + "MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC\n" \ + "AUAwDzENMAsGA1UEAxMEQ0EtMzAgFw0yMDA0MjAxMTI2NDFaGA85OTk5MTIzMTIz\n" \ + "NTk1OVowDzENMAsGA1UEAxMEQ0EtNDCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg\n" \ + "hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCC\n" \ + "AQoCggEBAM0vsCM3XxZVHmxOdY2ndCoUHnrlLameRZcEupa77oAXBw9J2ysTIY1v\n" \ + "uP7GbBru4JnBhdem1xL37z0/a5O9+5Rw4SNHNw8Z2jPtWSJd+XwfBshQnX66IvSv\n" \ + "M0etutgO/lZwFq7E4yGI7LS1sGWvVhmjMLT1Yb3j/b8SXeSHyp9J0NdJ1spjjekg\n" \ + "bdiMUOo6Tt1gnZsgLdH6Cbmw4sm/+EGjsPOYdBI0kHW5qqLnIzW/io0NMnRsDBEk\n" \ + "HgXNEMhXZL/qEQfrcSCxjlqB126aALHIvN5TKBrssfE6zn9m96A9qCRJuKGP9NPm\n" \ + "4AFkV1yylCUTUkIRkbqPlI4i1vf8jfcCAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB\n" \ + "/zAPBgNVHQ8BAf8EBQMDB4QAMB0GA1UdDgQWBBQPB7C8f3nco30et23Lhw7QMTaL\n" \ + "YzAfBgNVHSMEGDAWgBRjNOT1/2J+aAVCl/aO+EQke/8oETA9BgkqhkiG9w0BAQow\n" \ + "MKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIB\n" \ + "QAOCAQEAsKDivFD4DflylFdG4zijGrtq/zfSKTiNWxZsLKbMwLoG+Km3dy0HWfUq\n" \ + "TUETPEfQlpXc2Tg1tGxFepAPavVeMIy/MV3SsmjRA3f+PNWjaZUxa9+Jd1y6ONwK\n" \ + "wQ7s/JNNk/SZt4bKjX9GrTscZmOVtrwpZ6uQBHITScsr4V431G6wojZ09iEG0yFQ\n" \ + "ZD8ECn2ZOPVQXIswa75NelcGKup838HoDIjQ3vIvrx8rqf5HRg4t9mXzjECzXHVy\n" \ + "8wDamoE3fLAZZX2RxOWnHfjI8qB83qYyR5kN002EFJ/e060SPia1rTHyLqLngRtq\n" \ + "xgR9bRjZf++h/dg6L87b26J5KdDafw==\n" \ + "-----END CERTIFICATE-----\n" + +#define CA_CERT_3 "-----BEGIN CERTIFICATE-----\n" \ + "MIIDojCCAlqgAwIBAgIUHRkWa8ZOaRrqjxigoEhxJHMLM2UwPQYJKoZIhvcNAQEK\n" \ + "MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC\n" \ + "AUAwDzENMAsGA1UEAxMEQ0EtMjAgFw0yMDA0MjAxMTI2NDFaGA85OTk5MTIzMTIz\n" \ + "NTk1OVowDzENMAsGA1UEAxMEQ0EtMzCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg\n" \ + "hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCC\n" \ + "AQoCggEBAMNSjDqpdcx+02E2vKRB78Z6rYRTuYHeXZGIsVz3LXHxplNYtSlM0MN4\n" \ + "cj0mHj2Rctxk7o6vsQm37ayvO4mquvgPiwtivq+qPv98ZTIuVYkPE4NEPru7Uec+\n" \ + "HQO3faRym4VAzpH+CllMraeaSjQLfAKqXw60UHF+b+ovJXKWbb+keahXT6lWxuxY\n" \ + "pm5vbcDg0Ez++9TJcA0MiPKtk4SMgnmr+2vXAE0tE5PRX9NS7AWPyEg82q+ph2kj\n" \ + "zu5VWoqZp/EwMI6VfLJeemY726LyyOpIqBGWwsUXPn5NdxLla58zHDFggd7/Z/l9\n" \ + "aBfozSdrqW3sWeYzgGxeZmnc5Vm/r6ECAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB\n" \ + "/zAPBgNVHQ8BAf8EBQMDB4QAMB0GA1UdDgQWBBRjNOT1/2J+aAVCl/aO+EQke/8o\n" \ + "ETAfBgNVHSMEGDAWgBTVuTCwy3TqMVX2Bvdj/wcoYSTG/zA9BgkqhkiG9w0BAQow\n" \ + "MKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIB\n" \ + "QAOCAQEAbIw3qtl/QAMJ7OmBPqSMtZv9TaLxfUh7FrqfsKjXBQGVX6/7heO+wCwJ\n" \ + "/1vi2yFUc7uoB3ivEKzUQvtP7Nu6WMM64pAfYadGIk4TYV+tgXF4FJ8FHjTek+Lv\n" \ + "jTu7jvLbRSHkBQFimWorPfgf15nlXSCBtejEwvDLXlptLbKEa3q7VFXDzCyeiKGb\n" \ + "IHRozrAP5qiyIjYFJevXrZ/7bWDwMcJrB0uSQN9TD2mJjNXTCHu3GYnEmnu7KRpb\n" \ + "M3OdswIyjIFYvwlYGe2+GbigSaMZY9KCHR7vkJ1JGdxfh+CADcbL4fwj3kOpyEoe\n" \ + "TTqtWQ93AfQnd2Vm3/SAr/+jSuMbSA==\n" \ + "-----END CERTIFICATE-----\n" + +#define CA_CERT_2 "-----BEGIN CERTIFICATE-----\n" \ + "MIIDojCCAlqgAwIBAgIUVd3TT33d1fy/8INiIKhudYmRE5swPQYJKoZIhvcNAQEK\n" \ + "MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC\n" \ + "AUAwDzENMAsGA1UEAxMEQ0EtMTAgFw0yMDA0MjAxMTI2NDFaGA85OTk5MTIzMTIz\n" \ + "NTk1OVowDzENMAsGA1UEAxMEQ0EtMjCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg\n" \ + "hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCC\n" \ + "AQoCggEBANN3n02MYdl70xAq39SUtcMcNR9Zpe6m4SkHcL/1T4YEpWxqqez1tDW3\n" \ + "1My9Std/sE1e63Q+XJdZhKz1v2KM48iMMeEtJRtriSMxp3KyHQwOxV5L/C5yudYG\n" \ + "3DW0XwrIFL5uXn0z27vYTJ+63RFD4K6Np3ROa2EnHuTcb1pAlrGK1erUzuD8gg7m\n" \ + "mIwxfS7KSeUSmZiXVACNVGmAekClRIf1kMjMqNL6eQ2laNcg7W7RCaIghk58E4Ej\n" \ + "/dyNWTgUUoHla8X4Za/JNXDVHdj5VKIfK8xQkc6aN8Ip5rm9J94yLay27QZdHPQn\n" \ + "AlHEW6IAyRgj/lo+yk1RUigjko62t+0CAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB\n" \ + "/zAPBgNVHQ8BAf8EBQMDB4QAMB0GA1UdDgQWBBTVuTCwy3TqMVX2Bvdj/wcoYSTG\n" \ + "/zAfBgNVHSMEGDAWgBS/OulsZ80Bb9MpqM/M1lCC8bO2AzA9BgkqhkiG9w0BAQow\n" \ + "MKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIB\n" \ + "QAOCAQEAfi/KKbJUsdvS/XDqR6T8VHNhX8lMOGdzHltjBdXdxsWlr2mRolILhyZf\n" \ + "1/wf58b1OE4AlxbwH+S/vWrQ2KVwBfWxtTJXqAMSvHIF3Tq8bIghvhK8CmZG/I49\n" \ + "FTYE+42MFBr6f5SNp9Q+ZUcjSK5DO7yNiyKDFfNffFGxHmnmGj2LhgyrvYA/aNyB\n" \ + "2ichlfihcKkExGBN44ODoK+8/W8oiMt541AvPyJxTJjxWjeJ42EBXO+J5k8wRuCu\n" \ + "nXCW5OjnEIExXGKZLlieH4t8kUyHlrTlHO7spiqA/QM7GUtBQfJTLdPFmvHU3Jtw\n" \ + "qGN2PrhXyLoaUfIpNbWO9Jmj2GYaWg==\n" \ + "-----END CERTIFICATE-----\n" + +#define CA_CERT_1 "-----BEGIN CERTIFICATE-----\n" \ + "MIICxjCCAiegAwIBAgIUKnsCQlR0jpxEnpzqxbi+Y2rqwpMwCgYIKoZIzj0EAwQw\n" \ + "DzENMAsGA1UEAxMEQ0EtMDAgFw0yMDA0MjAxMTI2NDFaGA85OTk5MTIzMTIzNTk1\n" \ + "OVowDzENMAsGA1UEAxMEQ0EtMTCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglghkgB\n" \ + "ZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEPADCCAQoC\n" \ + "ggEBAOqrWIctrZ7mabfoFuMsT/B2kK4vWAGX32SGQdoDKdy+O0jGJN8/vGnbaOWN\n" \ + "k6sR/eNx+13LahbiLl3dzyecdJ6BeDBokjiRXtDzZN3IdrR6KZ5NjqcMiVBgztoq\n" \ + "gkOglhcixU2cMlSFYCozfvf3i4YElJzSP4XdJbLaPcsHmywny52s06vf64SbNhQy\n" \ + "GucRYO0VqRUVCNpvPyyGlkODlDQuzNsd5nIQZ5WR1bQLTYsVoHVfpLx+Su7BAV05\n" \ + "D5XiGQVGw7kkp4VKHrMhQ0VY+34xmahQvnoqfPEBG9jjfy6psI0oa52JS3FBWF8u\n" \ + "psUiFD2iqQy+efQX44gAdrrnkt0CAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAP\n" \ + "BgNVHQ8BAf8EBQMDB4QAMB0GA1UdDgQWBBS/OulsZ80Bb9MpqM/M1lCC8bO2AzAf\n" \ + "BgNVHSMEGDAWgBRBWngghShY2X+P7m45LPH1V4p5czAKBggqhkjOPQQDBAOBjAAw\n" \ + "gYgCQgHnvF1Dq32xBBEME4UlVsVeOflvGw5Sr/hVhbUZ1KfAQIV2ZuBuvJNMBrj8\n" \ + "Pzi/nhRuV8vH5xabyQb9RYVcJ8oilQJCAdduIVVvL6DmUBOJfz1znsxPA5JCBBY2\n" \ + "pAOhFZBrNXE2zZrgttgR6TG4Obst1fQzL3RsmqAYAuWSpKPNz6Hdq+kl\n" \ + "-----END CERTIFICATE-----\n" + +#define CA_CERT_0 "-----BEGIN CERTIFICATE-----\n" \ + "MIIB7TCCAU6gAwIBAgIUWmldb3tGP48wFh5P/cmVytYv5JcwCgYIKoZIzj0EAwQw\n" \ + "DzENMAsGA1UEAxMEQ0EtMDAgFw0yMDA0MjAxMTI2NDFaGA85OTk5MTIzMTIzNTk1\n" \ + "OVowDzENMAsGA1UEAxMEQ0EtMDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAarU\n" \ + "aZXDJBYLdRdjV43Nq+slYxPPn877UBJ63K6GQF1poMaSFFJ7qSXi4lJngh7ueCVq\n" \ + "mJvNH54KbqkPryfCKjUbAZnIQa/8zpPbrZ4iAP6d+Mb6qIkX8j3BP1f6Ap0WTmQk\n" \ + "s5QHCkJFGNqqljut/RQgnbTUbQcGHCNmUx4g0BZv03+Qo0MwQTAPBgNVHRMBAf8E\n" \ + "BTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFEFaeCCFKFjZf4/ubjks\n" \ + "8fVXinlzMAoGCCqGSM49BAMEA4GMADCBiAJCAcmtP2IVnOTF2wHhfUn13qsUpqyc\n" \ + "3kCI1ueg75NgR7xgpL9JQ1CnPaUbCp+5ROKf5IHn8f1jjZIu45WpiWhnZDkkAkIA\n" \ + "pCTZn7t7memhMJUqrHGywx2gR9fgID/REZUZdVe9KcTzWvwSrbffDMCcf10SpM6C\n" \ + "/YXiDLiWNiK+WV8Z557eWKI=\n" \ + "-----END CERTIFICATE-----\n" + +#define UNRELATED "-----BEGIN CERTIFICATE-----\n" \ + "MIIEaDCCAqCgAwIBAgIMWXi5rBKSNwkPo4olMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" \ + "YIZIAWUDBAIDoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCA6IDAgFAMA8xDTAL\n" \ + "BgNVBAMTBENBLTAwIBcNMTcwNzI2MTU0NzU2WhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" \ + "DTALBgNVBAMTBENBLTEwggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIBigKCAYEA8Afg\n" \ + "aY9tKN/1UwFdqmDTbxcxiGDQFTDKDFt4zLEy8HoqsiTLEycydVJeAEuw1WNrph1x\n" \ + "nphDETOsiG429CEkIj4rpNaPSevQmfkUP+NFqKgf3egUInmXzSMnKuc3eiDXzSC9\n" \ + "mcYzcs3O6kDruoTBcmujSQxdcPYdj08BkM2uD1PlHVeE1h66axt82I74q8ntT1Zx\n" \ + "IM4TaLSao/Xdn1i5AYHwJj3DzjKlYDuLqkAiyQDI/NrRS007MYRLN4Ebu6bvkuzN\n" \ + "6m7eXYPugV+lSkGSLTi0cbG0wkUqcR1X5JzBqHyXU0epoz3/PpVBwMUNHMun3s7z\n" \ + "TQt5OJY97BeY6l/Wj259iBYj41UvEghT67smaM8zvwFb51+fCPLKPUXG4A2Ksx0k\n" \ + "H+HIP2TIIQbuM4KAS3VmyFNoxzOXs89BdxJCQ+D83RZHSYn4t+76fiSzV+I4baGi\n" \ + "DbPVU7cM5CrOcfTohP83jpOgM/LbPyptGu6S6GKMx93HVLP6LtnZE736dO5XAgMB\n" \ + "AAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4E\n" \ + "FgQUNYOAzOqpk/LibJBsXlFFEiD3t4kwHwYDVR0jBBgwFoAULmo+wdwsHxfVzvUw\n" \ + "NyVK9++NokUwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgOhGjAYBgkqhkiG\n" \ + "9w0BAQgwCwYJYIZIAWUDBAIDogMCAUADggGBAIXyJ4S/dWmkPV3kBUENfIXaLV57\n" \ + "mGJjnR/EnUX4gVVxDfKDTNGq2Y1ksCeY1JmvjSHZVkX/D4p3BCHF8bHpLvS7Edts\n" \ + "4NpoL3A4MBdupwDFtF/0Fo4VdZM4ztLL4gBCq2pnukCkbyELCPpe3d/yVujsJNrQ\n" \ + "4faiJMwCjep+3q0ZiytlsN8M3bdGy8ocbzPAi2rMTvQ8I+2e5kLTJmatJ4Qbut25\n" \ + "d1rfJ4ruMt2QOrSlYSENKkA3zjRAg4a2xvVPyOVZBEj48366b1uuji/sOQRckZ/w\n" \ + "3eoeffRfWQXO2y0/K9TUqZM+6n10N32ZkR45I+XSQ13qS73l4QS4djay9z/bAMeb\n" \ + "/zgaf6J790LULzDBEvhPZLNn4bBu/t7WVj2NI+frQvAHyQ9ZhBYkow84qF+//zK9\n" \ + "d/VzQbBQOJFX9TWdWgUxklrWnXE0gmxzGBdq+cMQyHulVVbgShftCRJ8jn8e0Cl1\n" \ + "dl+Cpj08yyLpT9/ZmL8ytgD3Iobw0wPHppb/jQ==\n" \ + "-----END CERTIFICATE-----\n" + +static const char *missing_middle_single[] = { + SERVER_CERT, + CA_CERT_5, + CA_CERT_4, + CA_CERT_2, + CA_CERT_1, + NULL, +}; + +static const char *missing_middle_single_insert[] = { + CA_CERT_3, + NULL, +}; + +static const char *missing_middle_multiple[] = { + SERVER_CERT, + CA_CERT_5, + CA_CERT_4, + CA_CERT_1, + NULL, +}; + +static const char *missing_middle_multiple_insert[] = { + CA_CERT_3 CA_CERT_2, + NULL, +}; + +static const char *missing_last_single[] = { + SERVER_CERT, + CA_CERT_5, + CA_CERT_4, + CA_CERT_3, + CA_CERT_2, + NULL, +}; + +static const char *missing_last_single_insert[] = { + CA_CERT_1, + NULL, +}; + +static const char *missing_last_multiple[] = { + SERVER_CERT, + CA_CERT_5, + CA_CERT_4, + CA_CERT_3, + NULL, +}; + +static const char *missing_last_multiple_insert[] = { + CA_CERT_2 CA_CERT_1, + NULL, +}; + +static const char *missing_skip_single[] = { + SERVER_CERT, + CA_CERT_5, + CA_CERT_3, + CA_CERT_1, + NULL, +}; + +static const char *missing_skip_single_insert[] = { + CA_CERT_4, + CA_CERT_2, + NULL, +}; + +static const char *missing_skip_multiple[] = { + SERVER_CERT, + CA_CERT_5, + CA_CERT_3, + NULL, +}; + +static const char *missing_skip_multiple_insert[] = { + CA_CERT_4, + CA_CERT_2 CA_CERT_1, + NULL, +}; + +static const char *missing_middle_single_unsorted[] = { + SERVER_CERT, + CA_CERT_1, + CA_CERT_2, + CA_CERT_4, + CA_CERT_5, + NULL, +}; + +static const char *missing_middle_multiple_unsorted[] = { + SERVER_CERT, + CA_CERT_1, + CA_CERT_4, + CA_CERT_5, + NULL, +}; + +static const char *missing_last_single_unsorted[] = { + SERVER_CERT, + CA_CERT_2, + CA_CERT_3, + CA_CERT_4, + CA_CERT_5, + NULL, +}; + +static const char *missing_last_multiple_unsorted[] = { + SERVER_CERT, + CA_CERT_3, + CA_CERT_4, + CA_CERT_5, + NULL, +}; + +static const char *missing_skip_single_unsorted[] = { + SERVER_CERT, + CA_CERT_1, + CA_CERT_3, + CA_CERT_5, + NULL, +}; + +static const char *missing_skip_multiple_unsorted[] = { + SERVER_CERT, + CA_CERT_3, + CA_CERT_5, + NULL, +}; + +static const char *missing_middle_unrelated_insert[] = { + UNRELATED, + NULL, +}; + +static const char *missing_middle_unrelated_extra_insert[] = { + /* valid CA certificate followed by an unrelated CA: should be accepted */ + CA_CERT_3 UNRELATED, + NULL, +}; + +static const char *missing_middle_single_duplicate[] = { + SERVER_CERT, + SERVER_CERT, + CA_CERT_5, + CA_CERT_5, + CA_CERT_4, + CA_CERT_4, + CA_CERT_2, + CA_CERT_2, + CA_CERT_1, + CA_CERT_1, + NULL, +}; + +static const char *missing_middle_multiple_duplicate[] = { + SERVER_CERT, + SERVER_CERT, + CA_CERT_5, + CA_CERT_5, + CA_CERT_4, + CA_CERT_4, + CA_CERT_1, + CA_CERT_1, + NULL, +}; + +static const char *missing_last_single_duplicate[] = { + SERVER_CERT, + SERVER_CERT, + CA_CERT_5, + CA_CERT_5, + CA_CERT_4, + CA_CERT_4, + CA_CERT_3, + CA_CERT_3, + CA_CERT_2, + CA_CERT_2, + NULL, +}; + +static const char *missing_last_multiple_duplicate[] = { + SERVER_CERT, + SERVER_CERT, + CA_CERT_5, + CA_CERT_5, + CA_CERT_4, + CA_CERT_4, + CA_CERT_3, + CA_CERT_3, + NULL, +}; + +static const char *missing_skip_single_duplicate[] = { + SERVER_CERT, + SERVER_CERT, + CA_CERT_5, + CA_CERT_5, + CA_CERT_3, + CA_CERT_3, + CA_CERT_1, + CA_CERT_1, + NULL, +}; + +static const char *missing_skip_multiple_duplicate[] = { + SERVER_CERT, + SERVER_CERT, + CA_CERT_5, + CA_CERT_5, + CA_CERT_3, + CA_CERT_3, + NULL, +}; + +static const char *missing_ca[] = { + CA_CERT_0, + NULL, +}; + +static const char *middle_single_duplicate_ca[] = { + SERVER_CERT, + CA_CERT_5, + CA_CERT_0, + CA_CERT_4, + CA_CERT_0, + CA_CERT_2, + CA_CERT_0, + CA_CERT_1, + NULL, +}; + +static const char *missing_middle_single_duplicate_ca_unrelated_insert[] = { + CA_CERT_0, + NULL, +}; + +static struct chains { + const char *name; + const char **chain; + const char **insert; + const char **ca; + unsigned int verify_flags; + unsigned int expected_verify_result; +} chains[] = { + { "middle single - no sort", missing_middle_single, missing_middle_single_insert, missing_ca, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN, 0 }, + { "middle multiple - no sort", missing_middle_multiple, missing_middle_multiple_insert, missing_ca, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN, 0 }, + { "last single - no sort", missing_last_single, missing_last_single_insert, missing_ca, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN, 0 }, + { "last multiple - no sort", missing_last_multiple, missing_last_multiple_insert, missing_ca, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN, 0 }, + { "skip single - no sort", missing_skip_single, missing_skip_single_insert, missing_ca, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN, 0 }, + { "skip multiple - no sort", missing_skip_multiple, missing_skip_multiple_insert, missing_ca, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN, 0 }, + { "middle single unsorted - no sort", missing_middle_single_unsorted, missing_middle_single_insert, missing_ca, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND }, + { "middle multiple unsorted - no sort", missing_middle_multiple_unsorted, missing_middle_multiple_insert, missing_ca, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND }, + { "last single unsorted - no sort", missing_last_single_unsorted, missing_last_single_insert, missing_ca, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND }, + { "last multiple unsorted - no sort", missing_last_multiple_unsorted, missing_last_multiple_insert, missing_ca, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND }, + { "skip single unsorted - no sort", missing_skip_single_unsorted, missing_skip_single_insert, missing_ca, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND }, + { "skip multiple unsorted - no sort", missing_skip_multiple_unsorted, missing_skip_multiple_insert, missing_ca, GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND }, + { "middle single", missing_middle_single, missing_middle_single_insert, missing_ca, 0, 0 }, + { "middle multiple", missing_middle_multiple, missing_middle_multiple_insert, missing_ca, 0, 0 }, + { "last single", missing_last_single, missing_last_single_insert, missing_ca, 0, 0 }, + { "last multiple", missing_last_multiple, missing_last_multiple_insert, missing_ca, 0, 0 }, + { "skip single", missing_skip_single, missing_skip_single_insert, missing_ca, 0, 0 }, + { "skip multiple", missing_skip_multiple, missing_skip_multiple_insert, missing_ca, 0, 0 }, + { "middle single unsorted", missing_middle_single_unsorted, missing_middle_single_insert, missing_ca, 0, 0 }, + { "middle multiple unsorted", missing_middle_multiple_unsorted, missing_middle_multiple_insert, missing_ca, 0, 0 }, + { "last single unsorted", missing_last_single_unsorted, missing_last_single_insert, missing_ca, 0, 0 }, + { "last multiple unsorted", missing_last_multiple_unsorted, missing_last_multiple_insert, missing_ca, 0, 0 }, + { "skip single unsorted", missing_skip_single_unsorted, missing_skip_single_insert, missing_ca, 0, 0 }, + { "skip multiple unsorted", missing_skip_multiple_unsorted, missing_skip_multiple_insert, missing_ca, 0, 0 }, + { "unrelated", missing_middle_single, missing_middle_unrelated_insert, missing_ca, 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND }, + { "unrelated extra", missing_middle_single, missing_middle_unrelated_extra_insert, missing_ca, 0, 0 }, + { "middle single duplicate", missing_middle_single_duplicate, missing_middle_single_insert, missing_ca, 0, 0 }, + { "middle multiple duplicate", missing_middle_multiple_duplicate, missing_middle_multiple_insert, missing_ca, 0, 0 }, + { "last single duplicate", missing_last_single_duplicate, missing_last_single_insert, missing_ca, 0, 0 }, + { "last multiple duplicate", missing_last_multiple_duplicate, missing_last_multiple_insert, missing_ca, 0, 0 }, + { "skip single duplicate", missing_skip_single_duplicate, missing_skip_single_insert, missing_ca, 0, 0 }, + { "skip multiple duplicate", missing_skip_multiple_duplicate, missing_skip_multiple_insert, missing_ca, 0, 0 }, + { "middle single duplicate ca", middle_single_duplicate_ca, missing_middle_single_insert, missing_ca, 0, 0 }, + { "middle single duplicate ca - insert unrelated", middle_single_duplicate_ca, missing_middle_single_duplicate_ca_unrelated_insert, missing_ca, 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_NOT_FOUND }, + { NULL, NULL, NULL, NULL }, +}; + +#endif /* GNUTLS_TESTS_TEST_CHAINS_ISSUER_H */ diff --git a/tests/test-chains.h b/tests/test-chains.h new file mode 100644 index 0000000..dd7ccf0 --- /dev/null +++ b/tests/test-chains.h @@ -0,0 +1,4454 @@ +/* + * Copyright (C) 2008-2014 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + * + * Authors: Simon Josefsson, Nikos Mavrogiannopoulos, Martin Ukrop + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifndef GNUTLS_TESTS_TEST_CHAINS_H +#define GNUTLS_TESTS_TEST_CHAINS_H + +/* *INDENT-OFF* */ + +#define MAX_CHAIN 10 + +static const char *chain_with_no_subject_id_in_ca_ok[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIFVDCCBDygAwIBAgIQR+AAAAAAXtwVoBdbGUjUQDANBgkqhkiG9w0BAQsFADBv\n" + "MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRowGAYDVQQLExFTZWN1\n" + "cmUgU1NMIFN1Yi1DQTEwMC4GA1UEAxMnVFdDQSBTZWN1cmUgU1NMIENlcnRpZmlj\n" + "YXRpb24gQXV0aG9yaXR5MB4XDTE2MDcyNjAyMTY1NloXDTE5MDcyNjE1NTk1OVow\n" + "gaAxCzAJBgNVBAYTAlRXMQ8wDQYDVQQIEwZUYWl3YW4xDzANBgNVBAcTBlRhaXBl\n" + "aTEjMCEGA1UEChMaTmF0aW9uYWwgVGFpd2FuIFVuaXZlcnNpdHkxMzAxBgNVBAsT\n" + "KkNvbXB1dGVyIGFuZCBJbmZvcm1hdGlvbiBOZXR3b3JraW5nIENlbnRlcjEVMBMG\n" + "A1UEAwwMKi5udHUuZWR1LnR3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\n" + "AQEAxs5vKRdaicZTmxC+vY6ZZ/wCJNxFJGsRTlyRmDHr/fXD6mTcZSjsRY+LpAbF\n" + "RqPKj5zuQtXdk9j4UGieajWSqmDNZy4+5gEqmjgU+vrYCK+uWHwAzdDCSWgGv29/\n" + "2/QOyl22OkpdiFv0wf00Rz86l9Oua3Zml8LW/LB8JO5w15yhlo+VgMy7mFFaBItG\n" + "sV5IEq8CFfaz0+T7/Bf17u2Ckl1jLKIJHp5Qm0FrPA4a0KEVg9RNYeo5evieI9et\n" + "UpAXO2EEHsakg+8yBrm4llRt7onb32hiZvAstak2FaHPRHdZtDQY1QrmTBYgPdzx\n" + "sOV5bE+NTeE04eEA22g7HbQsRwIDAQABo4IBuDCCAbQwHwYDVR0jBBgwFoAU+AfC\n" + "aCT/hZXL2x7jM5wqT5cgVnswKQYDVR0OBCIEIGjmBQmIw+x+peJLZ3wJMHsAsbyN\n" + "kz5qkj/ZA5UH0pu2MFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9zc2xzZXJ2ZXIu\n" + "dHdjYS5jb20udHcvc3Nsc2VydmVyL1NlY3VyZXNzbF9yZXZva2Vfc2hhMl8yMDE0\n" + "LmNybDAXBgNVHREEEDAOggwqLm50dS5lZHUudHcwgYEGCCsGAQUFBwEBBHUwczBE\n" + "BggrBgEFBQcwAoY4aHR0cDovL3NzbHNlcnZlci50d2NhLmNvbS50dy9jYWNlcnQv\n" + "c2VjdXJlX3NoYTJfMjAxNC5jcnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly90d2Nhc3Ns\n" + "b2NzcC50d2NhLmNvbS50dy8wNwYDVR0gBDAwLjAsBgsrBgEEAYK/JQEBGTAdMBsG\n" + "CCsGAQUFBwIBFg93d3cudHdjYS5jb20udHcwCQYDVR0TBAIwADAOBgNVHQ8BAf8E\n" + "BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEB\n" + "CwUAA4IBAQC7AMzY2nvycER/Kh5gZltVcWhOYotMJoLcsdw5Vl1drauE4eK6hc/E\n" + "vB6YeSRHVr5+XTksSHRj4HXgaUBYb/llOstOwF5sygwOneMj8TF7KP8Lz1OMbUao\n" + "iiitO5MOgfx5bQeWrUAwQerbZDp0ApDQcJfHG8HfUhJhYiXLWoXlb41SFwSSUtk5\n" + "VRqAIdjlg9wxhxP+0qz6llhL2ycJfrgX+eZyceoeoeaLTEpiev2jWfcTwmuz7CMn\n" + "ggIDPuvJ5cZ5Sh9hvzfNP7Vp2s+dV4idydwUTzZv0oC60/UQs7HUpjThno0S9h2u\n" + "s42h0Usx0Dxa7Mr8ddLLort1k2hlHHko\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIFsTCCA5mgAwIBAgIQQAEzU+QAAAAAAAAMw26IjTANBgkqhkiG9w0BAQsFADBR\n" + "MQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290\n" + "IENBMRwwGgYDVQQDExNUV0NBIEdsb2JhbCBSb290IENBMB4XDTE0MTAyODA3Mjc1\n" + "NloXDTI0MTAyODE1NTk1OVowbzELMAkGA1UEBhMCVFcxEjAQBgNVBAoTCVRBSVdB\n" + "Ti1DQTEaMBgGA1UECxMRU2VjdXJlIFNTTCBTdWItQ0ExMDAuBgNVBAMTJ1RXQ0Eg\n" + "U2VjdXJlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN\n" + "AQEBBQADggEPADCCAQoCggEBANvg/lFTogGmz2qOXalRCWoWfkoUErMRSiYoGy8j\n" + "UovBDasYVeOmXPLtGvVjLvqxaiKGYWbO0hzXj4RFaLwTM7gOJw5GaleMNj+PL4To\n" + "1N2VKQxVAJ29LvpSJGvip4Vp0aRTMb3/xliIssln4fpVaA59AlwuAyN5Rrii6HZ4\n" + "5kFT2defRirNpt2cBFDUkGkjfgP7htybTtwBFr8UfUQLsxtgd7QmC0ufAZVqkIaD\n" + "NS6bgtLWxAUxUJooaBhNMryTC/YJgT16aA+n0/F0+NEeLjZk4R4v05XOm8lGeLKH\n" + "aVZKrbCrC/bRD5Kr6QbhVQ4OHrmxk1muJ/1v5VGn57wFJEUCAwEAAaOCAWUwggFh\n" + "MB8GA1UdIwQYMBaAFEjbzd6O6UlyWojosdg9B7O5a2ZQMB0GA1UdDgQWBBT4B8Jo\n" + "JP+FlcvbHuMznCpPlyBWezAOBgNVHQ8BAf8EBAMCAQYwOAYDVR0gBDEwLzAtBgRV\n" + "HSAAMCUwIwYIKwYBBQUHAgEWF2h0dHA6Ly93d3cudHdjYS5jb20udHcvMEkGA1Ud\n" + "HwRCMEAwPqA8oDqGOGh0dHA6Ly9Sb290Q0EudHdjYS5jb20udHcvVFdDQVJDQS9n\n" + "bG9iYWxfcmV2b2tlXzQwOTYuY3JsMBIGA1UdEwEB/wQIMAYBAf8CAQAwdgYIKwYB\n" + "BQUHAQEEajBoMDwGCCsGAQUFBzAChjBodHRwOi8vc3Nsc2VydmVyLnR3Y2EuY29t\n" + "LnR3L2NhY2VydC9yb290NDA5Ni5jcnQwKAYIKwYBBQUHMAGGHGh0dHA6Ly9yb290\n" + "b2NzcC50d2NhLmNvbS50dy8wDQYJKoZIhvcNAQELBQADggIBAJ6AKBrUBHfH5JfL\n" + "O38QwmyVYu3L36QsEdpkGhQaeHbpK/xLfr+amO4ZoxNolgwhm/vVWHFh2kjK+TXN\n" + "/81YQljx8hjOx6Uy2JGEkVEKisW/QSl0bcRh4L4D62sZShnd8BplfMhTRwEJXZW3\n" + "bR5yvy/DLrNuHRGPfrPb0v37L7nwdu+WMOUvv15KwV+2VlI+cnrREYWWAYixDm2N\n" + "jK2yMCoUjEvwCcylnnwsg4CR8Il41eA7G1HZgC3qY4/Udgzu1igZcxRH46Hg4Hrq\n" + "c8NRPuCsYRMoo2jh6sGz93BFaKY+DQbEvl/cH5qyKtzZvz7tLEsFkKRNkmcOfCQP\n" + "77fMm8/aTpzzyjOvxNJ00XMDoxY7I+tSd/6Xxy7/vJ3VZQX4mFSg8NTlIp2ytoTv\n" + "V1fus99V2NpLt93AX8ywDcOCma/rLqlT8Qu7nb5a+5r6sKMd81wfVWJYwncl5Ge1\n" + "3L2goay+21EaFTgd0xp6B4BMRZ3TtAH/ZU133+78Pmt9ImasaJlPAh8UTBFwktbC\n" + "CmKmiGvrZkLcvHXL0R18quyHY+6oZbKa1eZZsUcjDoErj8stId+W8QK7xpCbMYni\n" + "w76NH/gy+5aJmxcQxMcyE3BkgMnMa4+TsIr2LSknvDmObW/mhMMAKHBfAQvMttLB\n" + "iuqgTqRkGf4Y7kSH4hF/BbsO+9xn\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIFWTCCBEGgAwIBAgIQQAEzU+QAAAAAAAAMyl0baTANBgkqhkiG9w0BAQsFADBf\n" + "MQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290\n" + "IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" + "HhcNMTQxMDI4MDczODMxWhcNMzAxMDI4MTU1OTU5WjBRMQswCQYDVQQGEwJUVzES\n" + "MBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290IENBMRwwGgYDVQQDExNU\n" + "V0NBIEdsb2JhbCBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC\n" + "AgEAsAXbyOuMxG6KIe+OTZxxCh9ScO1tgpyXxddMTkVJy0BCtRI0bBnCdKQxX4UC\n" + "l+xDMwpT0pyMjre4edsr1WryjmbE7isBB5LUs9AC31D2Va9mDsvgR2AvKzI5NVI6\n" + "KIP4exbGGLhi1kclkc7wGRJNrWP10z91XynwoTAcKqCYphW97v0ZNvDikUOP+srW\n" + "ECdJTO/dwfGFcJvK6qhaQ/xthm9z6TdFqfA2x8yIdR67bAb/m2s+F+xhqnF8xh2i\n" + "90npFbU81qFh9RH3BW8d/RG+0DAHwimwCU4m3OOiqJFqH8KRRYhc5Zi4caUVGcl8\n" + "dRHMcHRPLZsdkUT9Viig/ruGasj6XAtY3MZLdsirItlzD6X0WgKJP0+eIoLuonRT\n" + "Kj1TJ2kdbI4yLGQAJmNhNk6jRrc/fbMtrG2QopWizs/agucHNBmW6bghqil+pji+\n" + "jilKIWZ5H7PDtQln3tbUB0bzKtrmIjdgy4G2D6AP6ciVf79VkQV6zz0VwG/eCZQB\n" + "g9c0G8xApfC4m2fVmJE7p4R4lSakWgj4K3S0AAQ837gUjujfqY1sZ5IzHcC30uyS\n" + "yL4JvywpBW8Ca57vvL8qvFvAUI9BcHGHsk23BKmEozKvru5rF4uysf5s4ZCMiKiX\n" + "SM7ITcvzBs9fagpCsR4edy+OoOaSDgb8BSLSJuExUX0y3A8CAwEAAaOCAR0wggEZ\n" + "MB8GA1UdIwQYMBaAFGo4WyaN3ota8k96VIMZGOMINaa6MB0GA1UdDgQWBBRI283e\n" + "julJclqI6LHYPQezuWtmUDAOBgNVHQ8BAf8EBAMCAQYwOAYDVR0gBDEwLzAtBgRV\n" + "HSAAMCUwIwYIKwYBBQUHAgEWF2h0dHA6Ly93d3cudHdjYS5jb20udHcvMEIGA1Ud\n" + "HwQ7MDkwN6A1oDOGMWh0dHA6Ly9Sb290Q0EudHdjYS5jb20udHcvVFdDQVJDQS9y\n" + "ZXZva2VfMjA0OC5jcmwwDwYDVR0TAQH/BAUwAwEB/zA4BggrBgEFBQcBAQQsMCow\n" + "KAYIKwYBBQUHMAGGHGh0dHA6Ly9yb290b2NzcC50d2NhLmNvbS50dy8wDQYJKoZI\n" + "hvcNAQELBQADggEBACkLbsSU3GJZk3paTF3cmT6OqPv5oI8b2SdwbfguXkhpYRdA\n" + "EImqA7gcy9+8bChUH8Uh9UuWv/xMR8oLd8PMZntvuTYIafnBke2P1p6iIuiCt4nI\n" + "qtAg50qsIysvT/ZPFGvxekWhh8hx56ekuYBryc7NiiWczdMJpTL6JNFRfzwxmUfq\n" + "H6dvboTNrtiuNWrWy+C+E8GiMcvuH+km37cGxg1FCuerRVcetwGbMfXyBUBFhtgC\n" + "G9BLIdsgguMi6U/jXSvEORIXKMa5Z7F94bJ8duU2hNp0Xqw4tmv47qEDxLDEXBJM\n" + "bwbaOkRltjaXDBh50EaXMx+rUqjO3le0KBM4t6w=\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx\n" + "EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT\n" + "VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5\n" + "NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT\n" + "B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG\n" + "SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF\n" + "10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz\n" + "0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh\n" + "MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH\n" + "zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc\n" + "46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2\n" + "yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi\n" + "laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP\n" + "oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA\n" + "BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE\n" + "qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm\n" + "4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB\n" + "/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL\n" + "1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn\n" + "LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF\n" + "H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo\n" + "RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+\n" + "nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh\n" + "15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW\n" + "6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW\n" + "nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j\n" + "wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz\n" + "aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy\n" + "KwbQBM0=\n" + "-----END CERTIFICATE-----\n" +}; + +/* This chain was generated by a modified gnutls lib. The script tests/suite/certs/create-chain.sh + * was used after modifying it to generate RSA-PSS certificates and set 64 byte salt in intermediate + * CA, and 48-byte otherwise. Then _gnutls_x509_write_sign_params() was modified to set a 32-byte salt + * when it would have set a 64-byte one. That way signatures from the intermediate certificate restricted + * to 64-byte salts will be incorrectly set to 32-bytes. */ +static const char *rsa_pss_chain_smaller_salt_in_sig_fail[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDiTCCAkGgAwIBAgIUMquMu6/Azo9N40rNZ1z7hkotqC0wPQYJKoZIhvcNAQEK\n" + "MDCgDTALBglghkgBZQMEAgKhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogMC\n" + "ASAwDzENMAsGA1UEAxMEQ0EtMTAgFw0xOTAyMTIyMDU0NTlaGA85OTk5MTIzMTIz\n" + "NTk1OVowEzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" + "DwAwggEKAoIBAQDrEJ5ONj7OYNjDZ3johFKItvX6BFJ7ejLfNELvT7I9hsiGJBr5\n" + "Q/NgeQolSXLKHYG0L5Lxu1fbHINzC43NEivY3KMKKl0+MdXWwAr0yW/cTeuDc/+e\n" + "YqGT3TpCcxa/0dJ+Y3zAS1DqsHjNOxyYBvyKATyvFKo+oAwOqtR/OLflUvoXvYZV\n" + "YByseOLhE70Vfuk8yppRcKwokwk/3S6dZjoxK1K3PBQGARJNaUChtx5iM1qMrluK\n" + "uDj7yV9DYhtyhSmYvcZ1gb3t0aAxGoGbfdOHa7XMovzfRDUPbwvkKUJqcNfGkeGn\n" + "pZRzbA8D/YrjFtm7QVgf6yD20DbZChzoxRWzAgMBAAGjdzB1MAwGA1UdEwEB/wQC\n" + "MAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0O\n" + "BBYEFM/CHpfVzdNRBMYfqBXUieW9m9oFMB8GA1UdIwQYMBaAFDBBFsyy+oqRFlRx\n" + "MH5qlHt7guXUMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAICoRowGAYJKoZI\n" + "hvcNAQEIMAsGCWCGSAFlAwQCAqIDAgEgA4IBAQADuShUlCXrs5K6Yu7mKvoyZztJ\n" + "dQFuxv4WDvbhoZ19GEEg6icRUoaA3tWKf7tNRnqQklMLhWIZParXtt+xz7q5K6ic\n" + "kX5oGzzUNryAx5DJkZCCffdA1FaQjCEI6Cy5cEnGifXyacwA7BViUwMnWvJRSKYi\n" + "gvBVKc1TBwA+vPIzlSb3COo1zhshxM+C7mhzspDFkceXV7qapFDMj7M/GbgqH7h0\n" + "yuJv2bymytjXadR43LuG6yqqsFvIPHYBcyPq3Uzu+57UJbHhAlkTXaAXfZkc1Ut7\n" + "Xz8pOEzcxZHl4SEgsO6KeT2uQUE1Zx5AgwaNfuMmg0aFJep8vKcQ1jvdzxS2\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIDojCCAlqgAwIBAgIUYIZPL5Kf86B0XYSKAdI8dv4HJY8wPQYJKoZIhvcNAQEK\n" + "MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC\n" + "ATAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTAyMTIyMDU0NTlaGA85OTk5MTIzMTIz\n" + "NTk1OVowDzENMAsGA1UEAxMEQ0EtMTCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg\n" + "hkgBZQMEAgKhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogMCAUADggEPADCC\n" + "AQoCggEBANCQ6fUJYYI3OTDYIcyshBdnVBQq0uGjHg/04niCpoAZi/nlfP3tCRZS\n" + "k44kMt6hla9cEkdj5mzeGFlG5AYG9C5MimyYwTJ5Sho6t8ct4wPESeypuDbcvMRX\n" + "MTLM/9+ZECkDgKA238z4sNX0T0ppsCXy8IK0Jmn7bky6lqNmaMTjYWy7Tu4kQOMX\n" + "7RE4tv/WlaH95d7zHYuaAf5dNY5GJ/cGrkYLrL1KpN/UU/4KKxvWs3EbsnDvrTcs\n" + "mzLrTOIaedrrNXY6FsGE3+XKDCo+Z80LsrySpCozAECrEFCENMfS3ptOwI+Vblb1\n" + "Kar8+4+7uMxbGY/RJ/gGIKGYibkpzicCAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB\n" + "/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQwQRbMsvqKkRZUcTB+apR7e4Ll\n" + "1DAfBgNVHSMEGDAWgBR1lWzS3rLSrmdPPgma8JL4j1PJgzA9BgkqhkiG9w0BAQow\n" + "MKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIB\n" + "MAOCAQEAnYZf5bo7ZtysyLO/3QjAM+o1IWXinH97XANEbs5oZOK/rQNLBIpOLaYp\n" + "YcnziJTEIqvy+7/KNwdjLcKZ4f5PBlDHBsr70XeJmMc+9/ZadY14BHZUEWNfBPx5\n" + "dZR55/g62CdermdCJEoY6XdIMqdTHrdwmBIS/7g/dciQt0+lrjanX14VLAVRUAIu\n" + "HMn5C4ZGeBDd8av3P+VIqdkFfpAYlZ5BsYqshel4pnAyhpUO5wTmY7cm78fqctyX\n" + "qmQ0PRLQXmlqrL2oJtlGcSWlT0u1bS0gJPpvszataCZhnX/O9x6yzzgeUpP4I/AR\n" + "KS4ZXRehFmQH4xS1eq5fmWiTzbvWHA==\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIDgTCCAjmgAwIBAgIUUVxp7I/ecuDCjWdn2Rng+TBNidUwPQYJKoZIhvcNAQEK\n" + "MDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMC\n" + "ATAwDzENMAsGA1UEAxMEQ0EtMDAgFw0xOTAyMTIyMDU0NTlaGA85OTk5MTIzMTIz\n" + "NTk1OVowDzENMAsGA1UEAxMEQ0EtMDCCAVIwPQYJKoZIhvcNAQEKMDCgDTALBglg\n" + "hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCATADggEPADCC\n" + "AQoCggEBAMcPAwX89KK6Nz39xdQRbSy9Ax7XzKAqtmmIczRVTKqsdQh4bm/gDuD6\n" + "Edxjl02cISBLczWV13brINSBI+QX/eLPyBmGGzI4ryyJuP+1qc0NMjDAlfYw+kXF\n" + "NZz02W6svxvrrt26mKJ1F+K/bZE+s9XHN0DW+hifQBBr8HX3BWJ9g6yj6YPd55pm\n" + "kQQcVgRG3BG1EMkJGK4LNesGdJGTHy+uqgtcykrMjh25uhr0oTOG6UjVYjXalZ5o\n" + "rOqo6CV+uGPmJYW2pBOlAOmblMMXSHXhIAhRBY8+h01BCsCU5wlEfPIsvclP2gSG\n" + "RVbM/9XgS/+4yN0fD+oXgi5Jh6TCYz8CAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB\n" + "/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBR1lWzS3rLSrmdPPgma8JL4j1PJ\n" + "gzA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDAL\n" + "BglghkgBZQMEAgGiAwIBMAOCAQEAqudvb92hfo7iAS63u902onL2XwhfS9IZtu3D\n" + "Lum78Q8nzhWf+YSls4/o8ln/Erv8LfrrhxoPEVpxQTPCbj/mmHez3hh+xrb0ZUVQ\n" + "pi5gE6kkkzzvL1VEMce85RLbm4AyVDl4onU2gaFXTxpMpKwBTZoKRbLcG2TsQgyW\n" + "Kgq+XnyT/1AC2vp4Ou8G1MIh5bkfetTeo2KJ3lmEVGoUh0k0diayDwaBgBDeX7hl\n" + "XvKrG/hhhWPVWNDXdQsiYYKVty76yM3vJiK9No1+jPZzNTv+pZaRqJiQ/ZaCICvC\n" + "uK/63Yrle+W/W1Jdj23/kSSL94ugw7PFwbqo2gPkECbG2Mk8pw==\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *rsa_pss_chain_with_sha1_fail[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDbzCCAi+gAwIBAgIMWXnYiAFPuZgAfKycMDUGCSqGSIb3DQEBCjAooAkwBwYF\n" + "Kw4DAhqhFjAUBgkqhkiG9w0BAQgwBwYFKw4DAhqiAwIBIDAPMQ0wCwYDVQQDEwRD\n" + "QS0xMCAXDTE3MDcyNzEyMTE1MloYDzk5OTkxMjMxMjM1OTU5WjATMREwDwYDVQQD\n" + "EwhzZXJ2ZXItMjCCASAwCwYJKoZIhvcNAQEKA4IBDwAwggEKAoIBAQDF+5tQbOKq\n" + "cH51hLYVtBFObTC6FdIdS5bS/7TEZnVR8y19RPJ5QFCVIQ4zs477x6MyDd6WeyRz\n" + "3jjbkEBXZ0DxCIDCXN1SFxPC+x8REJF2BR0Q72ayap9SC1DvLvlKiSoWXgUi7nKV\n" + "uYIMcC7bJyvKFk7b7j0YHccHb0Xe8I4unKMnvB+hYSVqqLGRENoIFYDDW90r4Evd\n" + "pZv35/+Q3K053FMuRIndn0kZ3qH3eQUtIssbQS9n3HucTpiR7K+0HcxiEDX3N+DA\n" + "91slhmk7jV4gt5ae7e5K162N7W8MQBmZhY8urxySQHFeHLW/JFQ9OJ9+Z106ISX1\n" + "+i5n8XizBBdVAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9j\n" + "YWxob3N0MA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFJ2ub+hyk2QafGrbuKlN\n" + "wYh91vRIMB8GA1UdIwQYMBaAFKOCzV4ao1MVHrBy+M1ib/5nd2p3MDUGCSqGSIb3\n" + "DQEBCjAooAkwBwYFKw4DAhqhFjAUBgkqhkiG9w0BAQgwBwYFKw4DAhqiAwIBIAOC\n" + "AQEAd6oXlHPD739T+attYU+gqERx0KHGZfYx09GcEFCTsECAlMY3hpG0uCD8HVsN\n" + "bKwYb1R/F/nwMBcJD0xteL8FO4qB9FNpnuFzmTeRcVdf+vpLgzHEZFi+twzEJip9\n" + "gfQg4xXY/F3bh1ARG3l5TDmvLQSv/cidse5HQ7mFSsjAgCJpKnCaqt+6pNzWvofq\n" + "yHI+COJ8rMUTrgp2fhpxBz1pGMmhX7HwJciI5jLPy5Q1WEYpgfrJcMb6q6pAKvlQ\n" + "Jevy9IdKhauADb3S/vPDy0xY0SJW14mBVtI6+EizUcx6XuirU5pbYyyeOxb9Y6Wv\n" + "7CfpUMRomkMpPhkfYWChnjm1BA==\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIDkjCCAkqgAwIBAgIMWXnYhzaP/YD+JqXpMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MTIxMTUxWhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTEwggFKMDUGCSqGSIb3DQEBCjAooAkwBwYFKw4DAhqhFjAU\n" + "BgkqhkiG9w0BAQgwBwYFKw4DAhqiAwIBIAOCAQ8AMIIBCgKCAQEAp3zhvSFFwRFU\n" + "HhrpxBSkoKnMz+D/RoA12Onl4q3dv6FAnZd33lCXAaEgdOqGzK/gb1QUnw1f/fgG\n" + "7GBXCW2EvfasMVV3lQQAJjlCXNjgUavZ8uDUihsJ49ORHZ7s6eMNfAeI8m02sj2a\n" + "lV2TQAYa1PETbVr4K58QHvLQaaBXN6oA7G1hZobt78W40wBKkMzTkwvYh1vRXSGb\n" + "+/Qszs07fhim32nBE/42OJ8TwxPGLfNkx027u8eD4Ebl8zCubOGHPko56s/ip/3A\n" + "UiTMY2jR9dcHisfW8CKOjvKlmTf8CXSw7uxTHqhx7PFTAMBsStMnUpx9JVR9wyKg\n" + "Y7QYlBpfoQIDAQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMH\n" + "BAAwHQYDVR0OBBYEFKOCzV4ao1MVHrBy+M1ib/5nd2p3MB8GA1UdIwQYMBaAFNUc\n" + "loHmlMVV0q6firCdA/RFcfsxMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIB\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAA4IBAQAM/BlBEyKGyydb\n" + "nF24GI0mKJnWYMWgOIk6Bc1jdh9khPe0MfDKZLFHZqNBWLEHByTDBL9Z8LGACXYd\n" + "L1JAlA5BNgp1p489qz/SCOdriqLV7tAAND9uBzEALYLckHhra+4dlLurFhioEIqP\n" + "dcZC3ocEqBd9L1SMPOCUniGtALXeEwJkv5TnXMfP0vaIzGVt4x7+KeCF4x3HhJN7\n" + "3SwCpN/mhpATMQYY3Fen0UBeRWTUbRjsjRwZzO+J7BtEUNl7eMyum5pOFhhltYXZ\n" + "De7kx7bEX+qbVg1F26PsNsBlSJgbCglr8fMlEuHBpG7viWkt1nqJW9rhcYb0bhre\n" + "NjSVlh5j\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIDeTCCAjGgAwIBAgIMWXnYhy/+QNZimT/9MD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MTIxMTUxWhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTAwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIB\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAA4IBDwAwggEKAoIBAQDJ\n" + "vn4RQAG2vcJiv0ZstD5d27Fp5Lhw/BjpArUsYeVTyqaVy+y+juSc0DZJU6RBSdKi\n" + "g38iAtdpVVKyV1R3HE+jgLpPULtFsp9Fziz2bDUXFvJLaktbqPtwKBEUFGcHTeiD\n" + "RgyKBvlwpP94A4FDYBDQQgHAbZKUIfkQrPiObsQU72+P2TtuTUTl9PIwFS0faNKX\n" + "r8dRN14Tvt/JhpOF0qhrOLBoxVVATBArJflAT3ZfiWW9QQj5DoMogS9PCWBQKmhD\n" + "K0xWp4RCeiKKZHQH9jCsJSJ3vBcEiql/TrW+h9kb7ZkHJsrpKYzcDGCJFyjWmxjD\n" + "3QV7bRdjoVh4Hr/tW783AgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0P\n" + "AQH/BAUDAwcGADAdBgNVHQ4EFgQU1RyWgeaUxVXSrp+KsJ0D9EVx+zEwPQYJKoZI\n" + "hvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUD\n" + "BAIBogMCAUADggEBALFp6rRbdfbJgxZ82VtIFDipowjEiuIgCaZAym1JNyBuyy9a\n" + "OHLz+dMpLvmZm8U1EGlRafCYyY2HL6NTQvn95iaFLpsccMV0jo/jZWWd5GH8lU0+\n" + "LAkatUfK28Ue7F38i84zWJpXKobEEZKT2CxBJ30jxaUezA4AGLifF4Wsj1UyHhuR\n" + "q+U51DjJ+MvZEEcGEQ+kbUwbBKbSFJrZ4BRCqJvCU5HjtAuzJu1QYQ0qjTmd+n63\n" + "cyr37omknmF0LMPH4+q7G7scPS42dNIvPmJ8v3QuGm95WnUI1cPaci7BEozkV7ik\n" + "8Cqz1BnOnAx84GjQ16B2QeRFicuqKHGPGPB/qEg=\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *rsa_pss_chain_with_diff_mgf_oid_fail[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDgTCCAjmgAwIBAgIMWXndVCXFljE2JCDNMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCSqGSIb3DQEBCKIDAgEwMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwNzI3MTIzMjIwWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\n" + "AQEAsuqXehkktDwKeniqCvZJGSO65fOgB0xAnOCuvl7Ijtjgv4NwjfQP5nYGyb+Y\n" + "oNX0BgXTo9pIcFWIDptOlHs5bKKo8XgzffgILMk307B9DGBx7xpVINVj+WoI3DFT\n" + "fJSaO8jcwxRAXr3hhVY/hQ60/cKD0Cecejlo7LJbZ4wAnjsYhF5G49o7IVuIqZzJ\n" + "26lzCPQvrNAY+Pwc7zxN2RitvrC2UUueT8S56NxnRLAgghWDTXTi+02pZakuojli\n" + "YikV8xs5YZIUdk/y69i4U7hwfGFR5sv6M+o0KK9kZb7KlELXpO/BOs80itIeEi8c\n" + "60xCL7w/jM6Ecvp8f2QBDPRWFQIDAQABo3cwdTAMBgNVHRMBAf8EAjAAMBQGA1Ud\n" + "EQQNMAuCCWxvY2FsaG9zdDAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBTDlByu\n" + "iQUCjywT/rAp9FyNmYEFTzAfBgNVHSMEGDAWgBSvAud7TcW4ObAj/q6BHxW1ij9E\n" + "5TA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDAL\n" + "BgkqhkiG9w0BAQiiAwIBMAOCAQEAPBxwYHtQVqHew1LAxEH7knPJNataUvpdxroI\n" + "E1kR7PUgj6ODazEEq3Cv+5evhF5fhkmAA0+k5hEJzfnbRnSsVvBzIkkF+G1hfDwm\n" + "WWEM0EQYFiUNO1aJuAMxZi6M6dZbEr8ZfJUd3ySrc9iFN8RGgh7mhtQKPkhw2ZYv\n" + "WyaYkLOBwyeGm6Kybozi+6l8IveZmzF8YXph0XAaGCdjVjMYarEyI6u0BltR1Wne\n" + "rvt7CioAMWUbYauEc7/2ffCYleLn83f4puVQyx0/f6uuJ3LD1tUh0aXYhGl7fJRc\n" + "G6I5gSmWui8cRxPzX9/d8a4Jw8bKfTYJnLM0p0O8NSLzP47nYw==\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIDmjCCAlKgAwIBAgIMWXndVB4vBSZAonB1MD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MTIzMjIwWhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTEwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIC\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIDAgEwA4IBDwAwggEKAoIBAQDf\n" + "ha9h+Z0v5sLF+9yJPasc9dpi1cT2+BsDqYucfKEa9Pwgrs3OKCk7jFrIqiG5h0C4\n" + "womDzUHxhuyJ6XOMjN1r1VCaZKNN0CBihWzEDHt1sxmY/xPkVYPtJOvstRmHiUSu\n" + "w/iuV8UdvRrcNvcmfgwhxCvTee0UG4e/K15z7G5N5x1t5PwK3upM3rCIGVVeLfXw\n" + "CACj+JXS4l2sPNW3sZ9aayEe0BwGuym33SyGYl8R8aTFk9ss2jfB6se4NFH0B2QY\n" + "pNZHWwYJWVHRH0c5251kw412tYR2tILnrkUs43cWc5dY/mhcHXaIec2gPURes2bB\n" + "CIJRAkXxfvuaPZpMfvmDAgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0P\n" + "AQH/BAUDAwcEADAdBgNVHQ4EFgQUrwLne03FuDmwI/6ugR8VtYo/ROUwHwYDVR0j\n" + "BBgwFoAUGQ4GFn446XTVG8jGCz3ok6tf3SswPQYJKoZIhvcNAQEKMDCgDTALBglg\n" + "hkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCAUADggEBADNS\n" + "zFchDH+tULFXxrJPAnDV1KMjYskMYzwMdUFHwjQ3A/4uLodhvqH2b62HWQIPG37a\n" + "3FOmFSQTxx5qd5fVN9LgcPc0gMowjlq+M7lJjlKfzDPceN2XyvxNCf97NqYJTHya\n" + "RFNFm5Of9dN9YDQ7kdu2FIcFEczIbkIQDFcizTrdPgZ3QkVEnrDSldtUEdgUxIf5\n" + "aSmGtPhhG8+x/uqcFKF3Ese8pNkCvL8pPkLSgtTEGmV/eFtKNb0VArdQfQ4g3BKO\n" + "6DyWE/hasa0r/b8WK5LwIMQnItkQvlwIBEPU/XS8STL9GySCBag+Pt6DtIzaJVcs\n" + "oHpzmj1Pz6hk2R21u5Y=\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIDeTCCAjGgAwIBAgIMWXndVBE6CEbh8MIQMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MTIzMjIwWhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTAwggFSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIB\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAA4IBDwAwggEKAoIBAQDq\n" + "Fk/MQ+4AVJPMYobr2MJSKJQ5DDLdBmmhv6pjvCO/v21oakGlz73XhtlA7lm9uLRP\n" + "9gCXyIZCBHk9uofl3f7g9sBxdZrAvcDlonqekW0yUtzFcnm0gcqUmJZe8uXkpIDP\n" + "GBcSegQXhsE6pFrQXVRuR2RVtz7U9a4ItYZwvVSqTRQtPOlsdzgNGPiFzY/3Qawp\n" + "4ssrQyDl03Up0pTlws68kUnrONkGGcxXIEiqSZJhrCpRdN2BvDSSY7mzxTvG5MR3\n" + "RhTJz/PJn7C/QvqcrlJJKvJ1GZzdiRMczlKAOASu7bJppjLhHmuNMDOxPt5dgLqI\n" + "tH9Rfl+s7yMDa6var+NTAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0P\n" + "AQH/BAUDAwcGADAdBgNVHQ4EFgQUGQ4GFn446XTVG8jGCz3ok6tf3SswPQYJKoZI\n" + "hvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUD\n" + "BAIBogMCAUADggEBAIMiwgKxkpfnDsQvsdVvxKQgoQR7QXnGZTRNx66YGjHqFT3T\n" + "VkOJWMa7IvPvfQegi9C2xEwOGPOR13fJlroxya+xKmzgebWhD4tKxMjPbMWYFrCh\n" + "qTJWJz9+MyST9/3YXu7Ao0+kIDJfQVipCvRWah4WKqi2HUhNnxLz2yrAc0f4zsbN\n" + "FHfsFK5bKnahSlXlGV+ZrALqieQGjKh66IqB8P2vfmIjpbTh+srGuyG/QxxlUk+/\n" + "XDk8S4T+fnV+41K3INmG7wkjP54dIwrv6YjhJKo4nCaO+GB0oLA8SCI1doClSCyK\n" + "zWdV+iY4TwA8+UEEeQCu7mGo71XOTg9/YaiOc6U=\n" + "-----END CERTIFICATE-----\n" +}; + + +static const char *rsa_pss_chain_increasing_salt_size_ok[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEsTCCAumgAwIBAgIMWXnOxy72g1dtZFCEMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwNzI3MTEzMDE1WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIB0jA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFl\n" + "AwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBYAOCAY8AMIIBigKC\n" + "AYEAuXu6rL2zC75jxQIc8DVdVITJQGXztZ4rTJgYBvncFm0rSKDAa7vKyIaro8Mz\n" + "8F/vhTYb108sjv4TnY4/Nc7toV91plmLdhXhMj/ZqPckAVvPUayHSe9AF2I8HJTH\n" + "s3IFZIkEi0Q+2uAvkfpZCTBq4Frsl3ZXPYtRr5RkWNqzN35DpUnHm83q+TPuA+K9\n" + "TvWZjeP+xWIkk+41hRInB74qLiz1AMzrZX/DnFkYHPCi+uoeV8AVBbUZ12uO4KG4\n" + "IWDhs9irWtxiMNZiDIvRnKiEgUGgYOIto44KuyesxMPOdz7A9ATcQAIdUq1EqAHq\n" + "b+Xm9n4nmekwYxCmBH4IH6eSbQAfgewuFWfqjjBWjF13N0xj0iBwkdDzx/ThN4Yf\n" + "ejAJRw+L8SURYY3FbQYhg6B+emws7RE0bSFRwu6Au8O/XiA+qLTwivr0Joqry6d5\n" + "GV0wdBK4h+ulRScR6YBJdnYJBGPF3A7QnyPfnBWUfkNk+zpqOIXuy35lO5qGOZLv\n" + "yfGHAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0\n" + "MA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFARQW59hEnCVOewEitaEuYxbZb40\n" + "MB8GA1UdIwQYMBaAFB9SkyW6Or/XyMyRdrHiC5w5MbNXMD0GCSqGSIb3DQEBCjAw\n" + "oA0wCwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFA\n" + "A4IBgQALdAXW0tx6B+7nuGA7/F3ed/pXj2oG+Gu5otbQHda6gnvGp/JAGr2p45Mt\n" + "55F30e6YolhCVWPaSaPSxAjQSg1vy80/QTey5aPZ0jZEKklzyid7+q1s3mOeIDA2\n" + "ajaN9Tq7uW+YxuMD5V9CSpTu28Fdqy3g8K8579hr14ch30IjDWhxngJLxH5vRnAT\n" + "1WAd6xLU+tBehMozcenW5lkRzmnD8SeXIZa+TOcQa1IzzU/VwrGKaLs9dNFOoi/b\n" + "9wZkVBA0vp7jRA0gnJFQkldLetlB0h5JB9Kpcw/lsqKF5Oe+DBXPlaNcpx7PVZhL\n" + "zFmH590jgEogaVvUJ1TxeUsNwUltsaXNvlkFcxmMUdziEXLwKkdfxog94owojuu4\n" + "2xn+wsntn+02G0r9w6FVW54cXpxwvC3BbuIMAI9Xn57GKgr+SzazubimtHLw1o7x\n" + "Xzs3EIn08vZDvjHXcRKmKAkhtDP6m5ni10tajfAIKBzjwv+YPJOBN2Qk8mnE6gBY\n" + "dwiMNUs=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEmjCCAtKgAwIBAgIMWXnOxx7hUkOmAFYAMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MTEzMDE1WhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTEwggHSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIB\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgFAA4IBjwAwggGKAoIBgQCt\n" + "QbjYb0pxJjIRpfGTD0oo2JrUDHOaOt/ON5BGdH6YnN0O4SBuYMzYI0WwX4CWUoeH\n" + "qYCnQqOhoZv3FoIU1dTIv7YUHW47drn9DywSIfYWoLI0snDu/QhB23SN11Xgcmux\n" + "pWiyp2PXE/WEFgvzN9/Y9Dx+xapyckl3M3ydF0fNgXVtnvgEzPgtsR/H/6Trzad4\n" + "0ev6Yvj+ZmoOwgYr3UQgQew7uCfbw1EavG6135mwW2QsDxBDpWiG2hKXeb5zDftg\n" + "+uZbb5q+TyRdLwDtwmtcjX6nlNIxssRJaNMej8MfG6D/U68MMclvwVHe+QhC59bE\n" + "1rft3TVajNKTfWNgWgIrtt1XBXzOAH7a4ZSsSLScfrASEbJPIsWTgefObTw3xZjw\n" + "cGmCTZu6sgpXYIvk6oUwWhI52SaulhApbUkB1yUUnYUJ24YmI62YA/LNmA3w3avw\n" + "YvVIBhNV49sCUCDi78TUCc7QLn1jJ8Y+LuEZ7MIRW7yyj4zZ/Q/ket9mS97JMjsC\n" + "AwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1Ud\n" + "DgQWBBQfUpMlujq/18jMkXax4gucOTGzVzAfBgNVHSMEGDAWgBRCDm/4nfcRVSZx\n" + "8GuAUop0AzlBwDA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqG\n" + "SIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAYEACNo6j6f2JLpwbbQ/7vE6gRqC\n" + "4sx0dxAiAb+W44dIETB4XR6rhRTr/rFApMAnf7zZ6YlzKIT7DqyeSUmal1iz93rD\n" + "pNo1AW0Th7P548jm+wtjEH2/+BTJeNzxh+ruqCpocMMfMqmiPxUDwpdKtZaGTnV/\n" + "rcxbfwFS3F27U3WlJo+FW/fq2/+m1kh/9wAyiogd1HC/FO+TSoprw9kvr1dn+OzU\n" + "FCVrq+BVN8QrFj6SVSiaxn3/eWYnwlj5mj7WLw3XXNcImXT6uIkHWLyI4uEO0qnD\n" + "sV9/lf4ApqTvaQR8qWPpN1pWK+fWOH+LbWHbrcuLUhGfZReIrky5onhIZJiIbOGm\n" + "sLJfiYxtdfo7r4RvtrnPwcKSEJvNdVTeU0psmEbGbatnrVpGezNu5zGp+PvgddVu\n" + "KQ7UREY31lu7x/PFT7dDDkWWv0cI5ny9bpci/Ua0FF5RF3ovgOyo0uEWrfUPNyvG\n" + "0BAkOtUmY+HilBtj0qAadFcbV2hHfdk1nHG6YlBh\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIEeTCCArGgAwIBAgIMWXnOxxfLoQ2OARFgMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MTEzMDE1WhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTAwggHSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIB\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBjwAwggGKAoIBgQDL\n" + "qyZ+7NdkwHddKKozoo740ywb0L/ntRkqvtcevRgTJQiwKwEIac74m7x7o3d0LXj7\n" + "TyKqcR96RtlLhgppsCiQ8ByWNTh77zG0+phZ7oUuYJRY5HhHKo+mjEJ2DBEhsKmg\n" + "aoyliZ9GYaPni6aJFyb2xasEyDugllcFpJlVteebcg8MwGZ0sQOR8GBjldtDIFrt\n" + "snPiwHScvIbDMy87xOTsvUpr/I1VHX8JEiPa6baWTiDuR/uX3izcXniBUZV7anik\n" + "UjOjpUcw8DohnYeqIXO+MiC+2gLsyqsQD5cWhRkurLFDS3/5RSvYL5C8EPvYdJxz\n" + "xd9ayWwSGLj4cAS94CWJaifmMnmkq9cYPZkmILe2sikvq7LpkUENxDxklSPeQXRc\n" + "Cb+JC8btqlJWNjuZOvv9nU4Cp7K++27Rzkdw0fp0fiiRxSqPAQqpba2LyRvIgsd5\n" + "raqOK8gC6Dibpe6hoJzEctBtuiENXyiAmxS+A0TE2LrEBbwc0OZQ3rymY/7OlHMC\n" + "AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud\n" + "DgQWBBRCDm/4nfcRVSZx8GuAUop0AzlBwDA9BgkqhkiG9w0BAQowMKANMAsGCWCG\n" + "SAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAYEAcFw0\n" + "2OUUobSl5zfhxl/e3DVLICiq5CPdbv6ZArAKpCGWNoUaHIqeecJIfJAUsw6USrRJ\n" + "+TxL/VD6FvvtBm7ZPjjbuVvXfu+3KWTbD9aEWmblbSH6C2V8t1XIROTy+kIjIWv9\n" + "Ihb+iFEuffqeVnoLW04BERQ22bXfubvzGsf/cidtDhRv6/wQVHWzZxImKQcGCxSX\n" + "XjehwnOcYLhakd5O9rcn1YwzljETLCpGbd3jhrDFO+yBlq+IQ9UnNLqT44hY1wAK\n" + "QoXLuiEmkuTaYXRs3t6J1u9HSUIfu072fAoI9GxvLSQ9YErzc06nmJxCAcra0lH+\n" + "5AiEd4WjtHDeRqLoOKOGVc9FO3BueBrrVJCU/CxIEMFPeCXu6WfaR1KxqQFCWi49\n" + "bCwAGwgYpSNMrOB/v2ybiJHCW+xcZ6/+DSrKKjWIRRb+GwpOYN92WcFG8Cq2PwA1\n" + "ku2e9OkNgsFKxhj8uWFv+3Pr1nrBFzCQ1Q4BjbopB8zR7vivYm70XqsGZxsa\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *rsa_pss_chain_pkcs11_pss_pkcs1_ok[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEgTCCArmgAwIBAgIMWXnPNhh4NAScQCZHMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwNzI3MTEzMjA2WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEAryX+DLdg6z21lpupqpL2oracNWNtHFtRvHo3P+RLXYVl2twWAcbNB9Zs4jpC\n" + "uzhOMqrmcWlfstGtBoDA4YjWqk4T0nvlRIGLVP74AayGiggr46FwVon5XRTyCIkV\n" + "4GL550e7wkpNfafb/wYSZ1YxyqcMSzWw9ynWK1O737zIdMoVafht9CpJnPq6NI3Y\n" + "P14sJtQqWY9gV5lEpsNeXulOcOFdB2s6D9Qke8IqijSpTj3bpMBvJ8xkUPHxBoyN\n" + "hYvPBvpRSIB3hBr85PCZaGHOJOUljm2iV6Xdj1sVe+bo4MG1CnVhCFt9L99oOwg3\n" + "j3jTrvTfs496wBkz8EzdpeWRX97rVLHWhIjsLX73daJHfpI6ZnLTv2CIAuK0w48r\n" + "AT9XVW74z7DEPniUdB6Nku9R7yNfiULbX/4LMEA4TpTJVPRE1YcmRcTVuw4Cauxu\n" + "hkqw584YCWwPc4r7vhEKPZPMsrR/YOZPXTDSHAhVVCJCOruvYWn88uWIj+GnEzLG\n" + "MCcpAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0\n" + "MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFM39DeRiwBay6YrB4tohGli+Ucy6\n" + "MB8GA1UdIwQYMBaAFEXZSb6vYdOsgU2XjleiZ5ifrnwbMD0GCSqGSIb3DQEBCjAw\n" + "oA0wCwYJYIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEg\n" + "A4IBgQA1fBiRmGUDDjdr6M/5kwECqebfefncXH6lvBT0aCfdPcMMS2O0b5aY9eFO\n" + "B74cNbou0AEIZMWb7tUPfG+Q0LgO5+A15n1bZZ2RAuwQp4uX7zwkfpE4fA1NR3wZ\n" + "PuMkKlLEaCXYdRFlCjJktOVRu0UGTSSuW7EZYlx8xJm7SeqfYg5lTs6SndMxSXAX\n" + "35iJ3Di9OOtEr+Qd3M9qjYIov9GYvf/QRfKfqWdPYhxW8uGkj88kcJc3F1TnV6vA\n" + "jqeCvGRbL+cFCIwsKmF6s1wMatuNTrKbqeskZhoNg8geRidY9IBZb+GxkwLTokiJ\n" + "JFLkiF5PGVaRbS8rwQ4nfy4ZPJzXAapXSpdhu5sdQINQvdYfJTkuM6SvkbfoTl0n\n" + "v0NnHRYZfIkAftdr8C01RaM09Gc4f92yQsQvwroBQlmbJ+vNJZYtarU0dBu1CHdV\n" + "ndQflknAQjt+kIRbrYM+I/Kh3IbZ10vKV5nr/p3RBj7Nu8NiyfkiiwJaibpxZz2U\n" + "t56r8oM=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEOjCCAqKgAwIBAgIMWXnPNg/J0oxWLPnLMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MTEzMjA2WhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTEwggHSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIB\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBjwAwggGKAoIBgQC1\n" + "v36Xtc881eB+V3rg7XkhFy87Qc9g7OnCDczZ7cde3zSa337PZ6lUqpj4PfLwEBWr\n" + "3rQWR7axb3LuNj40IPcBpZsmhk+twc8LnidqqIt17hza7pHfovSrBBupanaqVcpr\n" + "PrbIoaiONdqYa54pVbW/FXTY7fiWHeAxxLAS/QvqLwCdhFfMSawNblU6FDAPyNbE\n" + "aAGGY9VgN63fHdxW085J+vdd6lvDk7BG/pWUd0VpB6ltJwsX/NtgVPWcyiHm+uAF\n" + "diN171SucT++e9H1OvkgVFnDG1Mccy6fJJ1dEkMparu7bn5Uji25cquVz1aYplty\n" + "LUxgMdpMrg3qvaz4B0C7hdHFGLYmlKCzaljJ1tA3P83+Fkwa5WlA5r4rS4fDsLJJ\n" + "tQJDLawTvtgatplXJHepEV1YAqiOAi+2iA86hI6jTIHpgqoerlEvRvzT1krX3yaB\n" + "eIwFjYgztBUBdIZ7UXIIryWztb9LKtpFIPVDGAes8oBPJH4/8ti+AIwDjlWOevsC\n" + "AwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1Ud\n" + "DgQWBBRF2Um+r2HTrIFNl45XomeYn658GzAfBgNVHSMEGDAWgBQM0WnAYYMNuJPW\n" + "D0SVZOQJJanMrTANBgkqhkiG9w0BAQsFAAOCAYEAtjXmbN8Nj0F42Gz6XFEsdOtB\n" + "vPyj1k7zRFIp1roH8IQqqOjtEkAj6XuP0INvIUpy5/J1PIJafU0O27pjg37IdmVt\n" + "H8fhZUmPbrSDNE8+VHwcWsQtUFK/rw40lnNL7ymaRXQNM5HNKfYdt7T3WAGQw1MU\n" + "kbW3efAAUa5iVZKp9W9RX128bB4vjW9q/9xUbn+tGujZXb6lZ+uK3iPthtteAy0p\n" + "XNQZw5BMiMSOV1apuU+uIcXOCgbgiU0ix3CwHB5C3yd+hkK7dd8GwD0dz2WreL81\n" + "0m8Ym2rhrVhmnya262QVE3sufNt0yi7VjLCNrvcdeDLypypYlz2l0xCcl0bAHqL5\n" + "KhcVsqXNQ0Pp8V2oaPVQRIGuS+yo+eJSe24U27KShBO/0AGY9AGcNALrl6P6n6ZS\n" + "HMecIKkS5EQdlTxAuohO9cVd4167sVE/+I3iY8GmwQ8Lq422hEY3zQdZFJBtJ7zs\n" + "ti9MSSipLUVJgD7t9r9nPHklupVm4atvYjxlxMC+\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIID6TCCAlGgAwIBAgIMWXnPNSlMcWT4IBgMMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MTEzMjA1WhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQC4\n" + "VdQEElPvqHTn7BS7asLCvk56B0pkd34wDWELzifq0mVVNb1KlKzllm320EpQ3t1C\n" + "ak9vYm4NogSwujcXaR1ZnMeOyEoXay2qCWD75kjUTo3yTesb7YIU2cHF7dftH69J\n" + "oCeQC1+oiv+JrVMluVMpGuNB6TQiKvOFlKtmYXuIhXS9L3x6JQbvPdBWzr43iJv3\n" + "vq83z7B+yU9EtURD/ub9vzHsZrQD3gDf9tJqg/laBvsRDqDP7U2vzgh9RV9UBUOD\n" + "8yBN4n1TJyL3b0SqxLEXDdf843VXUSm1a8saO/bvmH6IRZyzy7BZ3Vdz8e2GWMBJ\n" + "uHr8jiwD+Fohhygc0l3eS25h/cdVhs36b+QM4BCVJE/BpzznfBx8Orn4qWCQenw2\n" + "d3GA19Kya4ilDKjkLEkuevDM3FM2G4bu4SHkEMcMgbMjuR8+QjgTU0oJyTSxFikg\n" + "0aTr3NNfXeu3RQ3E324Xa4W/z87hQ08rO1lQYdzQ5qHHsF1iTv0N3mfTKtVhXdsC\n" + "AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud\n" + "DgQWBBQM0WnAYYMNuJPWD0SVZOQJJanMrTANBgkqhkiG9w0BAQsFAAOCAYEAFxHR\n" + "t6sFU7LLkGzu8LQxOijtghiF81do7LuydlBGI0fr/Y7KIkknpYWMxv6VZh3s1WV6\n" + "/ll/0f9pK4+G0i7r1H5+i4HvfV5zu3ApyK8GBgxZvrnbCIkGUpocXOsdnAtxJSC1\n" + "WvQrqCAZKixQDWwyt9YmWm51KEm1JJtWviE10ShaqVj35Z489tKUd2fGfepodP0d\n" + "Vr5RLlV+e8r/ib8ZP8ORs+2wqLEADXFk1Ve6qkvoExt+zhcgcgzAQH6gzi33BKof\n" + "uU7REvZ9A9sL9uj62Pk/Pj6LE6I2xA6nvVrSkT1waZ3c1iufoR7vUrxKz7pI9tGX\n" + "h2sNiR1M3sKEeppgXG2Y/RWn4rK7OVnIwr4DKU8AtPi7KG8ERLriaHlU5nN2XAsB\n" + "tas625DwjY7W6H3FAeD+9nTx0lNUffh3udRrzgCLobu2My5srY51orxS4GQJZldd\n" + "PoIw3F5XljrbtW7UtE1Lh9uuQhUXw/QXTBGYa4WXKQSJy4W3KpDRbHWsISGL\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *rsa_pss_chain_sha512_sha384_sha256_ok[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEsTCCAumgAwIBAgIMWXnNyRuyw21uHTizMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIDAgEwMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwNzI3MTEyNjAxWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIB0jA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFl\n" + "AwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAY8AMIIBigKC\n" + "AYEAycDE2FpGA7tkLcxcnUqA6BVw2xsyl4IB4K+fRHkAF/4lAozRAmIFMlcuPM+b\n" + "YZ4qRhrsvaMKFXxgCIuSz965Vvw6twm+E2XM3oBnkgohUSI++j7E+/5cyrp40jGA\n" + "QUhzg83VoeJN1FIVJiWiZt5zTalQ1khRm2asVJiA22dqQdQZiGBy55jUQ7aGEv0Q\n" + "MkQwTbfbhCGbpGyYz4Qx21IWp+AhXXePQ1j3NH9LCLJK90EIdq68XIVUmNtYi8t9\n" + "devj5+nEAs68uSidEWp9bIB7y9ndL1TSfQ6svLmwLB1Rl5D3rM9ZmmB9/92rECKp\n" + "PdoyxkBf7BU3zTPP5Q9qlMqfL1fnVAcXGsVhhiUcWNPPTMarLcwtKgN2pvNQT7nG\n" + "QhnmIl1kNSYSZTPamahF9GOcTL6rVjadu2UBd5+3XRS/MXYlPYWy9YQeau3cDrn7\n" + "03pXT8qFbc25IWsex//hV/7rk79HbDdwnoUg6rPaHBMRl51QFaVVAi8m2CjHa/f3\n" + "5FjjAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0\n" + "MA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFDG/Tlzzm+E/1Z1rDlDQfq+KoAZm\n" + "MB8GA1UdIwQYMBaAFJKBxhYjx+AnDvsqgUqc1TK82POAMD0GCSqGSIb3DQEBCjAw\n" + "oA0wCwYJYIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIDAgEw\n" + "A4IBgQBYrsdt/jkyeoH3JeXWqIBLyK6uZFC5Lh7FuK82Mv7iinwtPVL5VQtGAJml\n" + "jquuQ51S1UmZ6NUDW+wcA5hro1KAAb1wDOd5BmvUGLSUIPImT8YX/npLGtKINBBw\n" + "N56xsHgSKuptU3/Nbe8Yxgxk4xwzeJa+O40zWxuYryZHs8jBO3I1QLVV/iQqrpjG\n" + "dbxOEdOGyyU21CbpiCOuiHRraVq2IOgWohS5Y1+9AkHm0ir5QWFfxQrFnNA5WODx\n" + "XIBr5gG1mRj+bwo2kNxSFW20DTgJRL3KpINNa5JJxemzXcv37rFeYyKrCQnGe3bw\n" + "DQZwA1gDCA7zAo5QGm4I72cwRN7CoLxChdJvCGcDeYmkEBnKr3KJ4qYOLbqcGWQf\n" + "ErC7NEDprI0OytJkyMXX3CN9yLkfLqF9uiKhrO8oRrIfeN6Re195ORJDZxyj6Txq\n" + "eGrvjT5cmOs5c2Lx8MIsa1ItX0iVdZQlTkgu3/Pe4MT/dUfTpPaExSMBGUVh8YRy\n" + "bN522fM=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEmjCCAtKgAwIBAgIMWXnNyQ1BARJPavyUMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIDoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCA6IDAgFAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MTEyNjAxWhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTEwggHSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIC\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIDAgEwA4IBjwAwggGKAoIBgQDL\n" + "TmQzgdiY75JQHpi5ZDkblnTj5k4utI5jV6HNWomMcGyj5Ofy/F7xRe1r/bQB/G70\n" + "fnuy5v4iVooEgDOs7GSs/7yqagqkvGUeIDskmjmNznlveBAEqfuDkiFWgfe/2SZ6\n" + "iami7UzWDC5VObQY2isPPwfWllGTvq1eacfPdcZO8D5McaMVAlTmnqwZ1plRy93t\n" + "n0FoikDr7nX2OXmeSpUVPYXhK/SMTYCXlNKY3sAkZGsg+YLslyR6xkLMPK7ZYZQY\n" + "UNynwSeC2KJD5d+8f4g/eBlYq6F93f0/oN0t2C3D1NGWEapCUwt2uk2U6H954quQ\n" + "QWBz6RzTPP+DhNlqNy2F1OqFmfyz2CqcthnjSvX+wYmDGQ1i3dOJv2RuZggKoqdD\n" + "T++OIO18ui5pxJJY4rXbXW6Q20Q1r7L9ekth9xPQMfzQrvmNiSYGIin1Dg/sIx/S\n" + "jcWpVUfoKhWodVKFqqCTh2BQIrhjMp58HsDnweqZplmol+TIYmisDOPKkJeUfTMC\n" + "AwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1Ud\n" + "DgQWBBSSgcYWI8fgJw77KoFKnNUyvNjzgDAfBgNVHSMEGDAWgBQHMqYj24DquhwW\n" + "ZWWW+RYVmFdhODA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCA6EaMBgGCSqG\n" + "SIb3DQEBCDALBglghkgBZQMEAgOiAwIBQAOCAYEAq2O55VSNICePERXCHlsi25cl\n" + "u4PPwy+U/MO2A6RPbJV034O28FWGe4riQ90QFHteHS1Sv+taItyob8xs+jk2rFY0\n" + "TlwoH6Q2zMWzpW0Z7ccnpSE98YzSNwf0Qx3xSGmCvJB1NDFdSbYrpU856nGanwyQ\n" + "PbSpJHcnIBgXK04FwgBGhgJ0emm1jPQ5NkXhz/LG9I8tyeC+9AauLGfYd/mt/Iwi\n" + "HNzZy3lo46SKFGY7rC8yk0O9zXo5+SDEPbgv4MiDBsQLJfjxED8J2eWW8W6N22K0\n" + "nUyQzQyfN26D/Vrpy4Zb5RvxwVCTeUyy5w4FFUfvSxWLDkTHaBMdNTyADmTNEDt5\n" + "zzVec9wSWk57TXExyG8k/ViA0UI242KzcG536N6Q4axrrRN87vEHQPmK40j6eC+e\n" + "NtLeOw/tINMxSj3xFWA2LaMpJmMUQSK39oPP6ct6rIe1gG8J2dmdYzTSGrmtBtJQ\n" + "9qmDO0u0Fv5MbEWYMkULtTQg4/jyJlQD4S+/C2Nk\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIEeTCCArGgAwIBAgIMWXnNyDCiIyBT0gz/MD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIDoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCA6IDAgFAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MTEyNjAwWhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTAwggHSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAID\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCA6IDAgFAA4IBjwAwggGKAoIBgQDE\n" + "9H7sCj+cbftdBLcDr+u/YR4RKZkjBRk7BSV+uy8ROrk0HRzPDdxK2z4apoIFwqhP\n" + "kAWgaAVItniryu8TqDpYUMWjqQd2wRPtNBGkwQPBCHNQwehDd+tf0ru/4hRL5pcx\n" + "A14594DS+oJBQHVfbZPCweITYIrpcx6tKzvMnIlc37pr4KsTftRrCOTl9CZiTenR\n" + "vFYkAXucR6l9zHoiFABK13IpeLB3+1wlSe+hiClaEoG31XCbXq7hLK1Uf2i1y2il\n" + "6/fty3BfGqoBQ2BZ9AjmVMCD8dkN6v/+0mXED3nJY/3QReDcxIxiWpxA/8k5Gzox\n" + "S9mgCCewfWCKKgJt37eZvm4JwZ/yP6ZALrM9uy3ZhCYd4snImy6E0qg1VC3OJFZp\n" + "4wJgpDLbAKXliMQN0ppswDRiqwlpZW1gUCpybf5vlVN0Eyw6jQ2/6CeTmNb95a2b\n" + "5H30q5ZPt4NiyepfgA+IRqHexwgAr00/MMbxdtuW/2Y8WQizv7LdE/h6AmXkC2UC\n" + "AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud\n" + "DgQWBBQHMqYj24DquhwWZWWW+RYVmFdhODA9BgkqhkiG9w0BAQowMKANMAsGCWCG\n" + "SAFlAwQCA6EaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiAwIBQAOCAYEAdCu7\n" + "QA/Bx9HFjc9794p+Kw6UBrtMdtp46XIyUfYasp6j7Ta6BV4y20OW5DCdldtuqjEy\n" + "S+nFfUdKI6a/YRLibl8N7VFK8Fqhrh5ltJN7J+Y5eSiku9SHG94iTY6tFCNa5n20\n" + "DUZ9QxIBi1fMVwCf1yyt9VGx4U7CG0XS9QGkLg/GtFEgyr/4IALw4W2BeluKAQvN\n" + "Pulyogq4u/Jwh1uEJEMufLXFIDftGxWixmD5aSu1ReDl18svG05ycLyn5KlYuqJp\n" + "Hve/VX2yegD4clMK+yUtZ+x9ODzVfJ/j1HeBpnLrVzxBNL0HyPuhfb9CNf6kHwdF\n" + "1lqXopRcidYrqyJp7NHoEhWSszg4RJNE5WOjymbu+swRCJV1ISi9tTxXrIQnbdqD\n" + "+2FewNFyLsnxfMSnNlF9sIY4o2tnu/8ktWC/sx5lAxLfsp+ZMr2jfT1IalnlK8LZ\n" + "8YLslBiZkbG03zyadTegADLN4c1u+FHqKtkPnuLm+Eez2V76kYkLfGGbof5X\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *rsa_pss_chain_sha384_ok[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEfzCCAregAwIBAgIMWXi5ih/ITJ/QWOoqMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwNzI2MTU0NzIyWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoCggGB\n" + "AMWYGBwas+HiF+8VbtcNMJeJydmHi4GyXFlqmrIkKheVdcag590oNPi/XlLL8a/F\n" + "ZY6rZkofMJmghpUy8UNfboh2J/orwtvcGHWz63FIdWU/XyOK7+kTeYzrZTZWpFSb\n" + "6m/SCl2r62IDZoCGBHVY4+c3lWj3VNO5ZoLqB4YihKsrGEnQwuu3hxVjl4dnuktr\n" + "PJHukt8i9JKtEL2snh87QaiN1jfhSAPverDGNKIJvuAvd5RilbGDSPDT0Unp6Ckq\n" + "dgXgX6UOZ12Kk1DYWinnvAgIjMQme45nvLrwHVGpt1GfvzLteXNeg0+K+QBldviI\n" + "vppxvtahwDrPmsjwWP977zPNntOhU3apS01P9HvPe4xNgFlYYaTMPRTVXkOZSYEu\n" + "RyzQIM03YpB4sOJFMyFFH91VghKOiN4zIHPtz2z0k9gUJwUKN+DZMhWbbtDxwpW5\n" + "FYi2QEVQohrZSehh6jrh81dVVBgvMCt9SCWXkt82eA79PLJxYTLlG/tn7oALxLdm\n" + "NwIDAQABo3cwdTAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAP\n" + "BgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBROq/95r17hi5grwFWV+sYKZ75+iTAf\n" + "BgNVHSMEGDAWgBTt5tc//kUHWmueMbpe11tTHkNo4jA9BgkqhkiG9w0BAQowMKAN\n" + "MAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOC\n" + "AYEAtZTjZJBvVRW2DCY93yLVwBCJJDmeRf1qzR9+js9Ws+pu6ZL5qIdidYpNpB/5\n" + "CGnjEdohq3Nd8vgItjLmP6p/JCSVEV8nc9W4IcnUCiZYzggq8CKDK4VSwZPKrdyX\n" + "dW62d9GWnQ4VqvLF/h8hedrxujKVEZhVJDoHV4BFWacQra81Rp0PzT2d4RzoA/qc\n" + "H0wOZQxcyazDPXc5JI7rN3P7uFaOwdnYsB5cDC4/XOygv/ULEd5J4OD7PM3T3+nw\n" + "VnwyaqMPtMJNsnO6j2qPhFj2q8DxOpxsyV+o3DxG8s7SfdcRdMKOPH2T7x1lcXm8\n" + "l5QWd99kHEFUqwB+4R+2TKH3C8AsDnJq1x/OmfpyC0l3ZSSS64MdzyrSQKn56NWr\n" + "kQjVOpMMvGrdFkofZhNe4Dw+XApzFtsKaNbwZqGwlzvoPASlJxEmLHbwGQQQtMaY\n" + "JfNRuUtZSf2dQdFJXKpt6vClMbFhp9t00G5+XgU2jNi8KyaNQ49VVM5SDUmMxOo3\n" + "zPQF\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEaDCCAqCgAwIBAgIMWXi5igaqxw34FqT6MD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIDAgEwMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI2MTU0NzIyWhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTEwggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIBigKCAYEAzlBF\n" + "LH8Y+QjFNrlqALm29hRiIcjqecggFN/4RzhJ3HmfZ0pAx+WGbv/55hW1e2Chh+E2\n" + "TCfaX6pOy4Brtu95+mcySteQPG7h64HYr2c0Ts1c8HhSJy8g/5Y8PhTiQjp2ai84\n" + "pDJ9lgnzbjX/YtES0A0m+sbin86lScO2m567/0HG8DexwwOJMOM+DguTViK6C2KJ\n" + "OAqLuavjDZnNr146rLU7xbRqYDe0mKiINJdw2f4qif2QP0gmKmAoprogKaCm/94q\n" + "XFzwUDkgsYKQf8swiDIvgVT10UEvn492MtE3uo1s6VaCW3gDKRB7yaMmrcPu2ZkY\n" + "Emt3LN8mMt0w19e/ce8BoP8qokNRCv+bbPzFeP467IwdC4oX80C6zmEG0cDP4BeR\n" + "Mt6fAWPg14p2yE1DP3wtp++iGUrdNj+N6bkZbRc5Z4KjZIKcQC/BFWXqvY8wQkOi\n" + "R6dirCm+wycvILjectNNwA1c4BQ3ZYbqQu1g0M1ytcthtwfmk+TJ2qQibUfpAgMB\n" + "AAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4E\n" + "FgQU7ebXP/5FB1prnjG6XtdbUx5DaOIwHwYDVR0jBBgwFoAU0YmZVorhECgBkUd2\n" + "fU8+DltCWHswPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgKhGjAYBgkqhkiG\n" + "9w0BAQgwCwYJYIZIAWUDBAICogMCATADggGBADh6vayMUYWLPnIRezxYzOIEST/H\n" + "IQiCcYobFpaecyMnt47wndTmRw5bWJljwcH+lY5VLAGK3CegSQnANSngbnrraR04\n" + "D7031eQgZtYuzQPsqiGp4k+Z8cXz9b/3xgUThBmET9Iu5k8IZvhmIkCIbARMPA05\n" + "kP0ouTNevmkpCZWCggbXPe5H9O9gZ7MC4z1WVwklte1p6+BUuiCLnp+hpLsMAl6f\n" + "DI22SgdRiOfNtretrW+U5sNvsbvbHb18+iBfB/6ESQ4zJprkWUSLSK9nfB++j5LC\n" + "GLoMsDaWFAtvq5hBVOLfcBJgVpZPmqynTeHysjeF/H1j4mws/7//85MAGRmnHdQe\n" + "nFJ8xtj4k9RaKWtlUnsF4LSo/i+34cU8+ETxjNZU+UrupXz4KmHIho+DhYpJtW4A\n" + "yYasAvX9fTuStHJdLfpMGVN0lkOd2kuDhsLpsmdsMOZrQw9PPxlfw9NCdWxYFmp6\n" + "8g7df51DKxx/CDrLXQLzqp1gc8kgM2eIZ18z0g==\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIEeTCCArGgAwIBAgIMWXi5iTjjcE3NZtmRMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIDAgEwMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI2MTU0NzIxWhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTAwggHSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIC\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIDAgEwA4IBjwAwggGKAoIBgQDD\n" + "7BbETCcU6Y6htR4lbDPrdS7XzDZ3m7gjjsgmZxZqPll9STNrqeWdOe27bdn5t2yQ\n" + "vOxv7JN08hV8JJ8BzlCOVY04RX5whVypdtjgolvbpNmNdG4lpoBN6ZfV9AojrQx5\n" + "JS2gGZcA8tPpPk29anX6N7QxNcIfbaHUK4IiVBMR/fpAq56DzBVP/gTPC7FiQ1kr\n" + "iiLVQZriqnoBDf96igaEtDnz1cbIluaEH/lKtTgjlA7Dx8AOfS2VfkKHEJceerAO\n" + "97hz/i02Jwtmn7JHHCujHKYjuwy8Ieqk5gGk/Lny+sdtNWLkNhWQIzyJXSQWUeiB\n" + "mh6MpCYUr5x+3RVl9xDaR2ltV9DF5hL2yE3ZYzbhpU6LLLn82DK1PARc8CinIZyW\n" + "coo46BFc7NfXUnOnMZsCBZnBiR9ZIpnZLBHeAxMIIsl4PiyJrw0JC0NS8Bd2Bgbo\n" + "JdpGV+nx4hDVsrkINpBaYJJUXbxgD3noEKZhamtiYO4UTRk1w74ceHwJKAH0hWsC\n" + "AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud\n" + "DgQWBBTRiZlWiuEQKAGRR3Z9Tz4OW0JYezA9BgkqhkiG9w0BAQowMKANMAsGCWCG\n" + "SAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAYEAvuww\n" + "C9ndJly8/Cp6WHu8Wt45a+o6Zup2mMiLX5Rg9Y0i2ZgrbXvY4tbQIsexQWNXuKBk\n" + "U/p2ReBB6gletZgtyNKeCHTqpGyHemGinP+Yqw88j2Z3S8xOHN/zR+uK+iUZEKZk\n" + "/atCDW4BdocaYOGJjTwXI72qsBeyJSDF3qCrAgYcynzd3wmNdl97OdL+/COgIy46\n" + "pYf8skbqAd6hOymTqGD4wI+TNPfjXmstjC6leeUvmAX2HuCOJWkwVp0r0JGs1qK2\n" + "8meesblAVeW2XqL0ScN511ME42rxt6wwSelTepaKlMAsysN58L/JRgC+VqD2S4yS\n" + "2fe6OfuWItbOWDfvCRgufUzHzgGnslf5U0Ejze8xLhryBXz17Mnx8PGXss3xRqva\n" + "Urgy49T8eth03GV8mTnEbW4ixH/5LRq6Te5ttSeuHVtdpnDAbB8MKZQtiNk5mDNd\n" + "PXNZOty0RPQ5q2L1Q1ANd/zsY3bCoCOu7ErJBXYMyXCBxFtTUWOHvxnDt3cZ\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *rsa_pss_chain_sha512_ok[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEfzCCAregAwIBAgIMWXi5rCrgP3sDVAJlMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwNzI2MTU0NzU2WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoCggGB\n" + "AJxfUNbtAMdj9L8j8H5MVFC4WUATVth6BleRmS8B5L6SlTaMofYBXUAPsWuLm1UX\n" + "NnrPzkLmpt1QaHl8lwgdISiP+Ka/81H9fs6gdEZigadMO+y0/YT8/E1CVIhmmuGQ\n" + "2Luo6cdYZ15i7OirtPqm7TPzHeE2xhL8JX/4iuTUphM6f1yLhC9pnv+4FCtODkcT\n" + "bl2IpKuTImfmxkymJeUUkwpR0CvUi0PFuafwLVvGMo1qyx8wkvz2bqq68l2VzqPP\n" + "fvbGWjOX+dpHnPH0wUtKI6pvO2v9SwwuKBywRU11ahgovBGG/6n+HubwVGp6S+V/\n" + "UShmILq0LSOyVdbYqF9nlKp9UYTDf266gUoDoSZjFw1Mfx3ntGh7uS6vLNvGdSEl\n" + "1JWe3VDEanyYzgKBrFPOKOL5leKRFQtNFjPTIzYxakhtu4wFGw8yqrDACsNYloZo\n" + "VPys7B69OTvvkrkNRHLZYHFgveUFAq1JDHMPtFHO680najV1R0kyaYurVXmm6MS5\n" + "qwIDAQABo3cwdTAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAP\n" + "BgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBTkNsRnUzHbTJkw8PC5cGXFKwsIyzAf\n" + "BgNVHSMEGDAWgBQ1g4DM6qmT8uJskGxeUUUSIPe3iTA9BgkqhkiG9w0BAQowMKAN\n" + "MAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOC\n" + "AYEAIPSvyEoh5C7wP7M5hqJnfzlV0rs1jeLNNgfc8GCbxKYepCZysD6JufFDBnYu\n" + "qE4/RrZs0kDJ1RB2sMqTcwUEuZBIBLZtaRj6Y9dsBrPkC3+1DuMVT4+AoeQZMKTh\n" + "lLsMWba7Cm/lV1SG+cxKv8Kj7mrsrFNrv77td12rofIpYt1gxhgz0k5GrsNtRpyX\n" + "jpTk8PgiJQyGDeEG6HrG0F4VvFzvy6XeIOjwuiXTbpzC4PwpUt8WHkp/Xm8Loiv1\n" + "5P++mByZtXSCd87BIADD0YapQaXDV0a8NWM2QUTcZJw/p2LrY5QOkO0VepWkifbN\n" + "1jIbc8kilMNH5yQh2JWrDRz81ntpcIlFLwYQVzJguZ5Tr6lHnv6d2mnBUzbbv/bs\n" + "scMlxv+55LPviiHIkidIxfBENMbU2dB1u3hu+aEOQJ5W1w7RSuRJHi281HathkIo\n" + "jbo0ZCxUzXIB41YIoESYDOg6FGkoT2I2vCHyW7lLzPnPa7a3PolGeLn64dmmn3mr\n" + "Nr7V\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEaDCCAqCgAwIBAgIMWXi5rBKSNwkPo4olMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIDoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCA6IDAgFAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI2MTU0NzU2WhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTEwggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIBigKCAYEA8Afg\n" + "aY9tKN/1UwFdqmDTbxcxiGDQFTDKDFt4zLEy8HoqsiTLEycydVJeAEuw1WNrph1x\n" + "nphDETOsiG429CEkIj4rpNaPSevQmfkUP+NFqKgf3egUInmXzSMnKuc3eiDXzSC9\n" + "mcYzcs3O6kDruoTBcmujSQxdcPYdj08BkM2uD1PlHVeE1h66axt82I74q8ntT1Zx\n" + "IM4TaLSao/Xdn1i5AYHwJj3DzjKlYDuLqkAiyQDI/NrRS007MYRLN4Ebu6bvkuzN\n" + "6m7eXYPugV+lSkGSLTi0cbG0wkUqcR1X5JzBqHyXU0epoz3/PpVBwMUNHMun3s7z\n" + "TQt5OJY97BeY6l/Wj259iBYj41UvEghT67smaM8zvwFb51+fCPLKPUXG4A2Ksx0k\n" + "H+HIP2TIIQbuM4KAS3VmyFNoxzOXs89BdxJCQ+D83RZHSYn4t+76fiSzV+I4baGi\n" + "DbPVU7cM5CrOcfTohP83jpOgM/LbPyptGu6S6GKMx93HVLP6LtnZE736dO5XAgMB\n" + "AAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4E\n" + "FgQUNYOAzOqpk/LibJBsXlFFEiD3t4kwHwYDVR0jBBgwFoAULmo+wdwsHxfVzvUw\n" + "NyVK9++NokUwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgOhGjAYBgkqhkiG\n" + "9w0BAQgwCwYJYIZIAWUDBAIDogMCAUADggGBAIXyJ4S/dWmkPV3kBUENfIXaLV57\n" + "mGJjnR/EnUX4gVVxDfKDTNGq2Y1ksCeY1JmvjSHZVkX/D4p3BCHF8bHpLvS7Edts\n" + "4NpoL3A4MBdupwDFtF/0Fo4VdZM4ztLL4gBCq2pnukCkbyELCPpe3d/yVujsJNrQ\n" + "4faiJMwCjep+3q0ZiytlsN8M3bdGy8ocbzPAi2rMTvQ8I+2e5kLTJmatJ4Qbut25\n" + "d1rfJ4ruMt2QOrSlYSENKkA3zjRAg4a2xvVPyOVZBEj48366b1uuji/sOQRckZ/w\n" + "3eoeffRfWQXO2y0/K9TUqZM+6n10N32ZkR45I+XSQ13qS73l4QS4djay9z/bAMeb\n" + "/zgaf6J790LULzDBEvhPZLNn4bBu/t7WVj2NI+frQvAHyQ9ZhBYkow84qF+//zK9\n" + "d/VzQbBQOJFX9TWdWgUxklrWnXE0gmxzGBdq+cMQyHulVVbgShftCRJ8jn8e0Cl1\n" + "dl+Cpj08yyLpT9/ZmL8ytgD3Iobw0wPHppb/jQ==\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIEeTCCArGgAwIBAgIMWXi5rAVAVYZtSJyOMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIDoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCA6IDAgFAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI2MTU0NzU2WhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTAwggHSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAID\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCA6IDAgFAA4IBjwAwggGKAoIBgQDA\n" + "DS6aZqSaUEDHL+1DTQtaYK8IO4GgdfI33+C2VdIe3LGjUJMsOjpKjodrSe46gTyW\n" + "fBAZSPHntcbckOJovv6fXKDPWgvh0s3AWZjVGtGVidXbEFzpps+YKOLnrVMbvsJn\n" + "yKIZed1RvJhpGs3pH8hvI0dV5udpypGmtiGUQe/6qC0kUfVix1luN+8A/SyI9tIS\n" + "vzgDORlHI6/2w/HlVX7lMIjpf880rx2BX5XKDpYmpMqj5yOOK15gKyZLUGjC7OWs\n" + "cuMGZz697fkmdRjFDLALQYkIvhFKiPPJJttV6ZB+wQ9daCgKihFl1cVD9w3AznY8\n" + "lcspJvGcFp3wtIvAvQ84P4F6g8nhs79Rdng5F2Qkr8NRoeGKfGLJT4HFOTwIG8Xa\n" + "Ily+i38KTpLIJklb+qzd5hURONxiaFTfG+FDcrySSaUC7+OD4ZitDLkfCidcfMmW\n" + "pSvld03gmw6C58zpaNZdztQy5rs5Cw3nI7RFNU9ADEySg7i6aUe52tvmgJkaIMkC\n" + "AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud\n" + "DgQWBBQuaj7B3CwfF9XO9TA3JUr3742iRTA9BgkqhkiG9w0BAQowMKANMAsGCWCG\n" + "SAFlAwQCA6EaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiAwIBQAOCAYEAS2F3\n" + "Tg2gTIXkyg8vV9OCfH2YgYQpTFLXyfLOLiuQrSXgHUOCO1RV1Jkjb8+Q5hMrPOMZ\n" + "Dygb3LYlF6fEWW76Z3QUqlshIfCbWE7+MAQSbjHN7Awbq9c44edvm0JuAavVsk7M\n" + "Nxx8ISNqlO1BRlaX0PscNyiRBhrPrUzAfPaiiguKXMMhFnp0V/aRor47ZePhRrRT\n" + "NKX5aSBrVl02gQldK5uKbywa2k4SDG9OuxtHfBwjshHoWbvxg3S9lvhgzR4yaXWh\n" + "944QjceIEelUz7czweTUdFc5SSheUg78SGnXWOsR0CljXl+r+Laq/Fg69VZffjJJ\n" + "8A4J6eUf/2Y3h+sJ88/Le80bG7NUREfhjYfC7VAqPiHcGTYQUjw+Ti1yWmWt1rS1\n" + "khg529kYVRone3UN1/Fs3hquwjZfL5ZqUR67pyMI+QTVvVeSBCthSafrhCCr8xpO\n" + "OpQuLLx9v/QXqtg8IhdVoDxsQmdLU7aeM/KfuTujcqFeacs8ng2g2hEGGFa0\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *rsa_pss_chain_sha256_ok[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEfzCCAregAwIBAgIMWXi5YhOIRWm7jtzAMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwNzI2MTU0NjQyWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoCggGB\n" + "AKrMNcBiv53Gc/nZlcHxl5DVW7kqKzpfcy4ghZXEM57/7FztPaYU5waGbAcci/yh\n" + "m06lFD0kAyN6FzMZ87+o4PK6Ov7EwAg6WtQ5eMvvK7NXMnX1tSGlhQYY+a+30n5g\n" + "gO4c6TXB4mwAWeWCk8RH28apwPnQVUDhxpmtzP/XAKkrdp1oTVUKQaSrkRrzBYY7\n" + "66x0ea1Rqx25piSkN41FxGVYLgKY4UbAmVJTGWTM9MPLwCCjq4DZO9QaHT/dGpG1\n" + "FPEtmfw4ttSqJfGPT5ikEfVRw/h7WaPfrf+oHVktd4/TMHXGIbVvEqueTuVXm7CK\n" + "k8bKvMOpS2FFFtPJbbatUJMfenN+i9epgiquuMdkp23ZCutDmdNMHmy0M6RSF3vd\n" + "6bg55Ghd71OJNyFZ3o1QoeokrL8qmFER23L6q87iCed0Vtw7Sqd+84HETZ71RI7r\n" + "Qg0kKd+sQBA7vKy+XpmHOiBsmLEffGHTL/pP6Hl7EtP72NdY3Oayh3QqAuPIoxYP\n" + "NwIDAQABo3cwdTAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAP\n" + "BgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQuRFAWSS9Dn8SzG6lK1E82fyDDVjAf\n" + "BgNVHSMEGDAWgBR0nX+9KcaAS/Dvj0qxpYFUZWXFRDA9BgkqhkiG9w0BAQowMKAN\n" + "MAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOC\n" + "AYEApluSi9xK1Tzgvrw8bob4yhNthQeD5E4d9kDCqiI1EPooyuj4M8FlzWUyYgk5\n" + "IQ6wZcylosGzJSVJp1LcFKpVzRAxqJk49M7fr6XwqKjn9bezjbqt+VjHEmG9imeo\n" + "sG6tKQ3fnOlP1+RgmWuq8ZDM1gkv6h3WPQHuqYrcyGxvgh2JYp6TDzGriTLEj/MX\n" + "PX7zJr8qSM4YJzt47LQ2k4zDay9G9SLem+tcmjc70Gd1eULCl0YAJ+e35QkhKmHO\n" + "aEs4nXXR6S7kVTIojF64e45JhqySOZailZIoCTxYGV8fqIJc9iBDmKeruGfgUzM+\n" + "0+FAprmhcqFOv+GN5b9oPbcWuQPwzCqMNWd0nBI+w5M0oktfdVvtsUw8Dak1xJIb\n" + "mCuTlvj35a2i5fA3j7BYT//Mj/hTNJXTvIPUVhQ72xIZ9MjkiAQM49wz1xZtQQII\n" + "ugHEN5LS4QUdjM0/2ZhAFUUpbgPg5Gg3dqMw4tuYYDoLe0+SO3ZH5jIN+5HrbQAJ\n" + "pKuA\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEaDCCAqCgAwIBAgIMWXi5YTrysOexHvTRMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI2MTU0NjQxWhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTEwggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIBigKCAYEAvhHk\n" + "wO9njQ/tVzWKDXgTAcP2cxSAbYNmjgflCkhdrF+Bn2BKR4e0q9wbY2sgK52rCTqg\n" + "gVB+1Aem/C7U8b81X1JlsKuh9jarmJwPVK/oRFW+L8qbmHRKktgNYIbS4qgyQUqR\n" + "vh2hF48Rrr5HudtvvL5oqSrqNvpZkUzPzIkV61C14+ujeZiMuycYG8qT6UL2fRTC\n" + "/qGwQWUvaJWSCEQhibMTeE8G6zO+O6hSxNZJVYdM6HT/AutEE+hvkfY3sy2PAAmr\n" + "2ea96Tt3KJiifDvdwH3iGhfHShBY66pvKF7BFpyOhrxCZaDxb5XqfiQWLZAM688G\n" + "sYqOLLaMgsL7KMUh2c9OA3bHiPed5nLap4cFBYEDT3j010waJIYLykRcRYV8ijc1\n" + "jLmy0JDW+Gvy7JvuVMLisvqmafQIapAyFjvxOnw/H/TD7HRaXmkDAK/0XwPDObXl\n" + "VsTrHH4MxRpmyuHTMrns7usuQiZABwmqk++Hx60YiepwDepAyyhBBXqyecD9AgMB\n" + "AAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4E\n" + "FgQUdJ1/vSnGgEvw749KsaWBVGVlxUQwHwYDVR0jBBgwFoAU+BBJLVPFaMA3pFQ8\n" + "ePgsaRye/NEwPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG\n" + "9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggGBAJCZIQzChHgacm23b6shZucxQOUz\n" + "k5AQRSQYTc9RIKvp70fupjFY13wpX7EIyJut+x4UAbXWKm558siMWz1Bgz0zF831\n" + "2F2aQMLoZzQ+85IjXbgSFLmjOZggBhQbb16LfXX+YNs2zeGkmpGyLDNbID3FlteY\n" + "Qig4ELp3XARl4gzbc6R+t78AidkyGxjFVfYzI75hA7Y4GC4kWqoa+Wn1MLlrnZRB\n" + "r/J3ECyB+Kg+izdrDlPtvfcoiAFXcQjoiB3+BG6WrT5fEBzNJXr8rdo5rSxpxKjz\n" + "ilEnHQrcQqWIH/BeeLTmjMYEhYVamCqxc/bxxHhCMly6dOQmtcJdc8EufssqUAno\n" + "qPU18vBYTAoKSpS2euAlOY4SYGaLUtAKqdHV7sx+hglRW3jZfmKN/RJD4kOM36vB\n" + "fbQ6KjVn4GbFgJF12xB/fW3C2eabTIcG0tTl9+JiOW7YQrQqIkmFNA8PSA/a9Avm\n" + "/258r4j2gke3u2P2wWbZBaF+DoukvkJsCHBH5w==\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIEeTCCArGgAwIBAgIMWXi5YS3G4a8ITSrbMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI2MTU0NjQxWhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTAwggHSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIB\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgA4IBjwAwggGKAoIBgQCd\n" + "NTGy7akZ+d66CnQ/g3usM8mr+qonNxTmQXvjPslvXYz62OFpa0lMDfO4Cj2ylt/U\n" + "XMjIhXzfJ9/btovlXSQMi4jAByXesl+Pn3uklcy4W9gaQYqAyxZtFriy7VTpolkb\n" + "0lr+gVBc6Qr9Rko/HpmlMJcGJTSbm/oVjvAnLpC6MEuBtR0uWoPb4JNOS7Ycwq4g\n" + "KpoGOeZchqnFLx4LUl7m83UQsAoeMeilHV7xhbgDNI3x2vmVTYs2MNU7H1VS2VRU\n" + "f26IUtp+m8k4KAS8uZBXOeycYkXll6vONhcFlr5m5ZHH++/nxu3HjjisdW7rrSst\n" + "NGYHR7E6/2jSG7PnKfxb59/PTfV8NETIG+ZpFeWeWmJn6DnOIsQ3MQyaLGqmRCae\n" + "OIRcljx65gN8nRxHN+H35d1+GIfAUQ5v4UZgRUIpmMPpwUi3+zX1nweaS1Orjqdl\n" + "pEHIxCWB0CGc+/TmTL7qiJdujspeos54iZLJOchvxmI8/HR7kzH5xgwzqCDUAEkC\n" + "AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud\n" + "DgQWBBT4EEktU8VowDekVDx4+CxpHJ780TA9BgkqhkiG9w0BAQowMKANMAsGCWCG\n" + "SAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOCAYEAH1xu\n" + "N7vSt3LLfjZ/0Cby3xtZNi1+m1FCh6Vn3NLofFYRVmHIItK9PszRaUN21UKc+PnG\n" + "XkvVU6GePfMHMdLOY8AR2We9OgIAxE2aYva5TyG1EjrfmCth/Qj9VMYLuIu02QZT\n" + "WTNBKCAv69EokxeGgk2zHrhwMvdHIcngTnLT2P41Pi8IIaYy9O8cIpmOAmbXh183\n" + "Vk30ik/6V4jc/Vc+QWRGj2DBTSGuXvg9UpKX5TZKp7li3w0oczL4BPLEyyFbZwGV\n" + "9ZIi9G0Viqch/7sTT82extpXgtWAbDf25QCBPKuOS2t7uRjacEpFDQVa+97haTK6\n" + "JpxZ1Wi99SXrasKkqS3AQTzUWAuzfQ8BU/s1XC1mMaZo107XXIc3tWyv4QhQV9Wk\n" + "1R8QhPE7bozAkyU8USWnaT433stfmkceu1ZwjX1kts6oAxk7xQUFZ+MVNYlyehyM\n" + "n42VNJ1m0aKvz9LPUWbgcd7dFBTBuHM0YnVaGhY3h/dvrmubxylxbG9xCp4M\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *rsa_pss_invalid_self_sig[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIID5zCCAk+gAwIBAgIMWXl72CvN5943shfAMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MDUzNjI0WhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTAwggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIBigKCAYEA73m5\n" + "jEDnwLR5SoJJQ5yjJO09+ngRY4WwxN2RMX3g75JtBSyTjIC6OKvXwgJDGVuUnl/q\n" + "yU9bNvM0PKoRLeylqTAESfv5tjNS8ievydgaO8tJBMhSGyzHZvHQOc6VkOJAIIcm\n" + "WyduEyAm7oqNSDD5cDfXtvTCIW9FsjBgL0sG9h8j1Dyl3ZPM0UkFkmaXJSkIkVPa\n" + "2Cl619MnzVTngsUpJmIpKzl/uomM+Aj3QnzT7V6XtImaC2T5/rH896Jr5hVTImiL\n" + "5V8YjTVb7XWt93GLmhFBykCJFXCNAbWyax8TBy9JRUAsgouSA9q/dJ6GbRLOcWXb\n" + "Rr+MvuZYuODY8p076GWItrd0LVabJbr3CKwE/RBqxY5rvBb/wSYNYcG0yt3Oo5hQ\n" + "t01WqgmOdlUXIEBQ2Xx/kwPvSatWd9f0WyhlXv6eCugEJzYpK+75xpAysAIbLHZv\n" + "33Tr+eArgNVoaJGYNpZlwW6ZmkRjuTKYe6iHYs72uh5H7lNaALyfXw/gaBwRAgMB\n" + "AAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4E\n" + "FgQUhi5JW/4DoCk5RGaJdF7DUsbXKUwwDQYJKoZIhvcNAQELBQADggGBALdQ3Xeu\n" + "4b1lZq+w2G6e6MTpAljGtyCN2hdc2xaKYOSH7AIuW8Ahiuo1rhUskYzBGqQ/rmuu\n" + "p/uo744ve6wbrIt+DyUZJGxGKOxZab+Hg/9rW/fx119kk3tCQMxSE6yI0YeuXT6B\n" + "hPL4LtoeZvncQcuueEIUmrMfPRYBuWfQsmhAXE0R3o4lx2DfnPtjSwUo9A+4AVtO\n" + "4sp29n2qfGsOIKrfMPrXZGQ5XWhAw0Ra0CIlFHhRxoov28rssiUIqLKS0ZrmOMvV\n" + "R5LuJWaLEb5W5E8LwU2Yxu3+0BFtRSy57HedebmOeDkmVuG4C8Km50ymdonafFQV\n" + "rfW9Ni1eqUMBD4BXQD0HDIEmQiBEBE7/K3rS9ezEIxpQWgK6dlYoaxGkybuHEos5\n" + "r0rLvi9CmmJRdV6+4jeuY3sUBRva1v8FYXHNZ/USgxRdUfpomElwu2C/af7X/ov4\n" + "NUWJzE9Efdc4rtkD8BJ0iwq4tfRx9Smp2hqsChVuRu8mkQooNdB4wS7MpA==\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *rsa_pss_invalid_chain_with_pkcs1_sig[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIC1jCCAT6gAwIBAgIMWXl85RG4QFslQjj5MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MDU0MDUzWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyi7p\n" + "7NiEAL4EjBrqbN0jULt4cHYYezi+iaJngGgJMeltsiNuPCjFRyBvvfdvQu6Va09j\n" + "CBYE8F4dyUUDOdB7TqN3MHUwDAYDVR0TAQH/BAIwADAUBgNVHREEDTALgglsb2Nh\n" + "bGhvc3QwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUicpVAAomaffbIpb7diFW\n" + "RyPMN6EwHwYDVR0jBBgwFoAU877t3BygfVZ2TIFitsZClUs6rX0wDQYJKoZIhvcN\n" + "AQELBQADggGBAGW5Mu/NO0CFExmnw0f0G9jlOl/NDiVhLXDdZjlSLqi3T2Q+/an2\n" + "DCCeEVnsDdAFC/+Xnmd2e5hm1aj4PdA7Ua935MCDEzd4fqkdGTgGBqk8eEjWaJT4\n" + "cJidvPE+lVQEfAoVYA7MRzgtoa69MCJY82mdvK3ojJdezb3Is7eqg/FCItbhNQUc\n" + "NSCHCe0kuZt2w35KMxtEbAPsdaquB9IpIyyIYDOUhOI2n8NBGdYTWk4ESQWYcy6S\n" + "5aaKy5uut4PWvAOUjPzJBiiAaDZj4Ajn7rZiODxkMZE+1TIk+S4qM5H0Dt6JyksY\n" + "GN+0SnyXB0/6y3qM6ZDXRMjkUdPADnz0mwotfigZ5TMOdaxo9zgr6hFrIolGB3ot\n" + "KCL0ISS2l9eB64uebYbGyMOpSMOoGfypR7bwr8XFBxl0TbBosmZTMJkbM4CjsJLA\n" + "WPLHhT4lmVinzcbdOdycTFOKwECNHo4mTBjiUrrhndSjlshUZJe99XJuT6FXnyUE\n" + "XbkbJWt5LqAlxQ==\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIERzCCAn+gAwIBAgIMWXl85Q6kSh5LQoCEMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI3MDU0MDUzWhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTAwggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIBigKCAYEAyQQD\n" + "sSFXjTnXQaa57GLvSU6C5p4U6xQL7eE+Eia7A4lNMyRnkhYtGADCD5052gijhdXe\n" + "L8R5D59sQeCti4JGkeYF4uwKb7uyGgQGyaDD9sdwJBkZoZ5mcyPJq8uG/93CFf7o\n" + "ygo0rnFktHE+Hs4EUbJAdf/kxFij8PxJJFSeyz9GrmZgkUMFavJZcDsgclfp0xkE\n" + "fA9NkoERDalxutViqjS9OtcqdEfl2Wj1/kVXYb9uYHMM4lCeGppz8s5c4CzXbz0F\n" + "E1OXGGPpvw9IPPesMrBByD8Oijx/5aadBgTfhQ6Qd07bmJahn0S+jhZXoUru5tT2\n" + "TvrAhJ/6lDJfFZ3rygT5P8vpC+J5O82zVY2sAMq5cfUb33FteXLDy2/RqSktRhHm\n" + "/8bnQqPtw/2QeL6oUYPN21uWrLmvIc5pJVdz6yW2vhWkhxEVCIrh0zPGvuUpYQEN\n" + "MN5ePj7rfzEsvRsKLZo+DbmKMa0AFLNBzwmz+0Ei7H8NqQjw4wlrbcjmi5GzAgMB\n" + "AAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4E\n" + "FgQU877t3BygfVZ2TIFitsZClUs6rX0wPQYJKoZIhvcNAQEKMDCgDTALBglghkgB\n" + "ZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogMCASADggGBAJSw9jj3\n" + "jbO31cViLd2k82vxE5o/SBgxru+HZZDvsBmSxNetSFGSymn+um7g8T/t8fEjxDvV\n" + "jXDKVnHoj+xuYR3tS+qV58MZ5F9oFrcKiw5QWLicT/DTG/mKwEsKysdibbbtXcQQ\n" + "zIbVHJI5IH/6e9qw+U4f5J7MzFYWjzo5TavvOo2ZL+kzFuxC61X81a+0XQjP4bgQ\n" + "r5CFauTvay6zOevvafOBlMQ3V77UouFshbIdTXJHRAcdKUGrTwONq4tDoOVSa5E1\n" + "AjGZop71IXNncNAcyx9fivxrYfFAozKum4GH1S0lywD+wDCSbC6nkfaB/C12F/gR\n" + "tEb7+DwZbiYroERhE/zOMUKcGFw0+3Jo4jyAOicmSetknhvmhIoNycaR9KfA5xB+\n" + "Avw4VnNI5M8TVmjgyu0rq52gH21d1mc3alhOh5syNtLdBq62ookxkSwhaebXgpsJ\n" + "/0oI+7Bmh6f8ySWcjUFLW+3bPKhuRh6WmkDHQZbECOkp9N3BPBQsdbfqTA==\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *rsa_pss_invalid_chain_with_wrong_hash[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEfzCCAregAwIBAgIMWXi1MgbpHZw/A0zTMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEgMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwNzI2MTUyODUwWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBoDALBgkqhkiG9w0BAQoDggGPADCCAYoCggGB\n" + "AM0Hb+o5YO1we4mN3Z9X11+6i4EwmSYoXkaq4/UAJweoyi6xyDw1wA23jJUHTxpF\n" + "9dLv/30Qo3bo7fdakJt4fV8tGBlNrm2nPkE9LmQl+dIjtBdmNO/X2qHHVt0WyxqH\n" + "XEejb6oDNPtF30/dfe1qeuIGAB5cSdmm3Zrkk5/JmfNBuALqHuKol8hympvxXWMs\n" + "WjCnCd3QGLGIx4nxx1tYKoDVM5xgVq2QLa5h0o5eMb4BYI8KY4dXGzYr6quJtF3g\n" + "Uw0fX9fo+OclSqx+2TaCnJfWhKFHbS++s/RvOBdDaGJZJcMIs9Kmb1HI4Dmb9ZDL\n" + "g7B9kraw/hPOgKzGpbCgwJYhxC93L7fNrO7X99b2wIyM5+/Q9at6qa3hm0DEcYTC\n" + "MZfyLNBfJSQOQBV6NZGwRv7KGqaZRvsiWU5za+dL5wKIwDIxaNX4HIyFoatzLf9R\n" + "skjyogRE7bXBVk+/UGS3aof2RWl39sOCVbqfauRtFXVKoAmht2kMne+nSrkYi5vR\n" + "jwIDAQABo3cwdTAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAP\n" + "BgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBRJUF1FDf/yxGw2btyh9Ps4cNgZWjAf\n" + "BgNVHSMEGDAWgBRuLwzcgNymMpZ87aXHIYLe25ggYTA9BgkqhkiG9w0BAQowMKAN\n" + "MAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiAwIBIAOC\n" + "AYEAAowi/Rj1T32pah3Zwo7FVeADn6lKf2SZwAdfMLN2xOYlSgNz+F9Z9Mz4x123\n" + "GRIoYRmTun2BnwtBVPxtwqaeD88NaftXM2fPyA+q/gYDwmiMzLf3cDC98ngj38xa\n" + "9YS9k3Mc5CsV5lJ1yiUmpdVwP/dzk4mcvL5+3rb5E0lyv8eEx0r3+rPXnoICkSAO\n" + "uD0ZYg8AXdsRqToQwutwP02azKEaecjklEkSG81kxlEw6xALkm2qgn7ZogfRYjQK\n" + "TS5UZldErnWOyw85cTCUYpNs+uy1Lpug91CEI1uXK6pBpb+5HsenKlg6UwBgfG12\n" + "EQnqbFzOZ1fQ5OgFofLkh/vvNByMmanltqKCV/pz824zi7Va6JoAz9EF35U674gX\n" + "NB8wf7zMF6mEPAsUR8RIgvkjFTwOxrIfggx6LVs+b1eYTQFzJJF4/zQg17NIlYu6\n" + "4iOev2OAU65F5P0FJY3IWPWhIl/1ki3drgo/CjZtjYhcZf6EZzS5lY5VxlE0KlwU\n" + "y8mX\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEaDCCAqCgAwIBAgIMWXi1MTL9A06S6xisMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIDAgEwMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI2MTUyODQ5WhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTEwggGgMAsGCSqGSIb3DQEBCgOCAY8AMIIBigKCAYEApvFV\n" + "pkvVLfaMySlvBx/erBif/1eW6E2K1i5mBE6CUf22rswc9obFxzJvEE2+HSgtvXzY\n" + "2q7e+OV9HAi3isQFs3aU1mJGhdweSeill+QiX2KH/MlfxVlZiGAztoswKwNn4ei0\n" + "Q+B4ixBqRRptpGhvdIMuo4+MxOGqMB4ylhCmW9vp4bjDfbvfatknVLlRxFiNY3vn\n" + "egD2WbJem4xZfhxWLvJXyvxw1APpDjz9ba9QKNBsmRCWwmXfONJu1M/IMlekqCS5\n" + "qT+KT9/5E4sMAsBpPAC7St2BBre+OpjpKbhMS6+QJ0td78Rw+ao1yDJKoErXIF5a\n" + "UuK1uf1nX2CJpBXAdePBP3GWY8yicVYDJojRk5y52GSYslGGKQFw+Sa3M3M038dB\n" + "0ItPUVPc6KqgMH/WoYNuAosxObSPMXWKTMCLLG4+Ay8kf2LQeNqExFBof5VMOvjx\n" + "pyf0JsRWxuibFyIsKBPJOQfqavj+yDYUpHjH3KgQWxwFS2zHvh9hSFdVmudPAgMB\n" + "AAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4E\n" + "FgQUbi8M3IDcpjKWfO2lxyGC3tuYIGEwHwYDVR0jBBgwFoAUC5eGQfaYKQYzk7b9\n" + "ZjLg2BcNVT0wPQYJKoZIhvcNAQEKMDCgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG\n" + "9w0BAQgwCwYJYIZIAWUDBAIBogMCATADggGBACCc/elZRc5w7KFiDtrfiOAQ3m/M\n" + "uvBabVUyWSdHVq/48n84APdKqUZdi/9qc9vXoV6hu6tE3HEv5oppzHoRUNtuO0WG\n" + "uPiuA6diyvwO5JZrnAzCevKB+5j5bdfdXh62ScgTGsXyIOBTbW2R4gQkMe+yo3Xb\n" + "U03hf0PDzpmJL9DcekjNOFphvYyh25jW2sWdlym8pj/Q58Zhx8uDfsMV2yAFzNlX\n" + "a4K6rXeS1V7zw6qHon0/sZgSc8nSHUNYzXk9BoteZUT3n9T9mDB3tR0fHJx4VlOq\n" + "EywY0pPylGHfDcKEAJoWR2YuGsLrHS+ZEPwiqkbjEn4O8CijT0dVYC5M8poUwYmC\n" + "kZDIKeiHMPoUjhRNGQ+W2sXvbsseFDm68R+fqbxP+GHbqThdCaxtqzCK/BNUYF0d\n" + "e2dvHPdydbqyL9EhfBwvR7blIfvkn6UF0OK7rs+ch+OZUW71+SI70mETVp8N3JXr\n" + "wCwxtVkyM+5nB+iTDFs7uYw05+QLg7cSnZL5zw==\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIEeTCCArGgAwIBAgIMWXi1MSBUNuk9dyXbMD0GCSqGSIb3DQEBCjAwoA0wCwYJ\n" + "YIZIAWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIDAgEwMA8xDTAL\n" + "BgNVBAMTBENBLTAwIBcNMTcwNzI2MTUyODQ5WhgPOTk5OTEyMzEyMzU5NTlaMA8x\n" + "DTALBgNVBAMTBENBLTAwggHSMD0GCSqGSIb3DQEBCjAwoA0wCwYJYIZIAWUDBAIC\n" + "oRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIDAgEwA4IBjwAwggGKAoIBgQCg\n" + "V/fvWuWb1hyqlrWXKgz8L/xyi1j6/2Mc0EOxB1tSDilrYB7EjnR+WIsXmLc5qi4u\n" + "4/30ddw1JJLPSE/IuzbxRBKMOdLAodycx/XzYCfZbCEbeBJ3F0Avoc2rPdwd4Jxh\n" + "aCI3aw3KSopPgTpihJXqfmeo9bjwjuppaewdIoM007XoV6TGRfSMJL4KZK5gvW5G\n" + "5hrHF/nPCI3nNFH+ocFn0yHRRmbq4IxIfkHku5AxX4PW18c7bJ7AA37o61YzDXgf\n" + "jY22rLVSEVeAfQL8HmPY/yLTY5r6stJKWQDRrXGPxtLWwtbkGx6AGAry+o/0eGo9\n" + "o3X+h3YYL2lX8jhCG75p0ZKIRoRAVRD67WM5HmGcv9m5YbfHwLZ+SSqAfclS2UL9\n" + "Czrss5lAqEcatoxSC+L3iee6kVDk7OPtv6KLYA1OoAJIgWapWcJpBNgo4PU8Ps+e\n" + "yN3BPjBZu1O1j8RnIeprLSlP9X4I4i2WPWAWHOi2S20pHdvC6/+qZqSqVJn65QUC\n" + "AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud\n" + "DgQWBBQLl4ZB9pgpBjOTtv1mMuDYFw1VPTA9BgkqhkiG9w0BAQowMKANMAsGCWCG\n" + "SAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAYEAD9JR\n" + "Wjsn3Vb/eiLqMmy1YZyCBBUePifHFOjK9edxzcef2+eds5fbfZKE9HwebFydbaCl\n" + "2vfylBRhHiPx35pk2m7dwt07WAjVyLyoF/XWAbJPhzj9nEUxP15uZz0L2YR4PFK7\n" + "w6PFSgAbnqcNW+Eva95t0sSaClMfOQUZizwJUXJHaF1+NML//oG/zar07QSbIC4V\n" + "WU00anUDHxikhj7FGndhquV3bAICW+LlFiVASK73wvhcWNjBQ/fIOHH61kl9XOGR\n" + "4t3/YgC4DnaRX2eFknQqTVKt5GTMRRLPVrSzcPQVMkHkA9q3qMRZ1OcJ4jeIF0Ur\n" + "PYhowVrqif6tb8jWe635nFBnaXiwtOAGBQfGTbbbT6z0Rm6t+QunKxDfb8CTwZvq\n" + "6VQGMBrYbu1xHowWVtP9c7WAVtIIbXn4pUWND3tq4kCxyr8EKOO+AxSxPqRKRHUa\n" + "OInT1o1n73r11Arm1dmlup5cJjJ4SrJoqxGemdNVrLYR6x8//2ZjiS/N93gC\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *unknown_critical_extension_on_endcert[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIENDCCApygAwIBAgIMWLRKXgVfpidUGiL3MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwMjI3MTU0ODQ2WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEArLFdJ0t8aIAEwXk0+BaXSCWtCrHyotXZxxOImQk48khIB4zQZjdbsbIrE7BK\n" + "RW9h8WpUNUTCMRLrIiAL072YbnCyf/aHoaumOGYpHdqo+nD05RH81x67L82v8o+q\n" + "vw5VeWOfEU+HnAJxazXe3WqvjDvxDLxlvRG7WBECfdmdzdexot9VgLNv1hD3Cam5\n" + "/FBOGwKLkU+cK57BAUcgRqFLFcXZdq/6Joy99O/WVMkYXfDUExRog6EJuzLsQqLZ\n" + "symssmps56OdGNeSwACcRUXYQRI2Fp6kWpQ1kynroSDms4q6hz/oIre47UtmYNsu\n" + "LnUYLNRAbpRuCLs2uKHjXJoQHV5HCGAq9Whtk7vuNDoD28VO9T0CBn1GbXATDmro\n" + "UldPZSFvsW8MUFQcuRbScxrLekbR94GwD8sPdw1siDmI4M1SshS5IyXctK5rfxF3\n" + "9qJ8DxwWI3ZSp/N/2HbAa7KA9RsGe548cjfxMbHBv15vZbW490Jrypbl5zTzHwWB\n" + "W/nRAgMBAAGjgYkwgYYwDwYDzgcIAQH/BAUaqwGs/jAMBgNVHRMBAf8EAjAAMBQG\n" + "A1UdEQQNMAuCCWxvY2FsaG9zdDAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBTc\n" + "dq+IHuXY6ZiVq2QRqYMjCWC/wzAfBgNVHSMEGDAWgBT705Z3PM2jlhgsbpzfeFfd\n" + "uTqdMDANBgkqhkiG9w0BAQsFAAOCAYEAiPZuXN7FdUo22v1IKyNmGZ0GOzv9N43X\n" + "OnJkfDAbMjtO6KxCtqACSFh2cJ4NqUV+GqSo0fNgZIBvXVaL5GOGEvStTs8xw8oH\n" + "GIJXQcY3o+6S5/u/6OU8CYnsIqQGGjIhuUzIsrdcFrRrX4nY9v8zr1o8B7MbN0pG\n" + "seh8bLU5ih41OH7wjqx3/nuQLs7aui5sRiS+Ug7lF8N9VeOlDCdCeiWo7jNSbTkV\n" + "Gt5lcAI6W1paOrNaqwDQ0WeNSM+QLyOXWXR9b4Ck7T4Kcx+5ZSYCKul3msyyA4rV\n" + "cAqvaKs/M6IqFHaQGSwgrZFIBcBrViuAWZbdlpaCUNV2bBsxf/ro4Fe5Z3hJz4/r\n" + "4RhJffrzMN1aaINi5rFYgMSSHGSy3O5L1yYMdOa6FiJSzYMmtJDFejNLU+e5vM8V\n" + "wEBzUaG8UCrOaOumcQcdb2J7sjAoQ+Ghn24/4jmW+A2mFCmAvKfBHRH89BUzEKt5\n" + "5IHTMGbPWEe483Nyh3Sx1pXcoQDVgD3l\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIID/zCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE3MDIyNzE1NDg0NVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArw8KL4omF9ALedLd\n" + "qAgnh+mTAQr1XlAy/1DiwA8yCFIPMucSHyMCJlvmRs/gtgemuU4Bn8NsCu9CcXUI\n" + "s9mMhrmE098HLn/2McNW5wGNVfK3/8+8N0cok01MuWBjCcZ70k0aYEkFVivVdo4z\n" + "CScmZrQYqqtmiTpsJOft+EU479mDaHK0F2caEZqWdyAmpgQ81eMtI/1kFzRbjYCE\n" + "Pgati1YrcbS8QLd6NRA6Lk3WxSZpIFQ5gyhvdR3z3onWZM6Mcqj47ZsVK/nvXUSM\n" + "2I6JACx2AfDWnbO1c2agZlxRvjlcPkrOiIg9KQs13IAAQ/VeB9KI9PrTgLwNhLtw\n" + "gsc8fgn/y4GL2VWolPuNVG0cIP4b4EnPH3ppRfvGe3lkm1zRUkTDht1QRgYMMel0\n" + "HSosbt6zXxMKRF+5tsI2ntnXz1xMVMsE8MEgK58BBOTuJevPLLTnkh9WOih6IfDN\n" + "t99yFt86x7KbRyddivRP60OftilhUaBcKz/vpKpE0xyB/QPDAgMBAAGjZDBiMA8G\n" + "A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU+9OWdzzN\n" + "o5YYLG6c33hX3bk6nTAwHwYDVR0jBBgwFoAUJolqIJH3QVRxmq4o/abMSF3P4REw\n" + "DQYJKoZIhvcNAQELBQADggGBADpJZ6ydM6+kUcoDGgZnycH2+73A7OuIM8nhVnMg\n" + "9+SsiLrjD9rL3gMhlxgvsCGG3So0AeZTJwAQWW/B0vTIoScX1LQ9YuB1vv2l8kkF\n" + "Sr/m9TZcP2KiLCcyzkUQ+NvssL5oVXP4/yZDfPasBR5tTLgKaHEhENKLx+1OW9/j\n" + "SAGtyP1vxnAd/4kPeuS+2L9ehKTQLUhztE9ezguMOEnBmOcn4QujHvOAAJVh2HgU\n" + "MWcIo4MFhpEYo5CobIDJ2+amRW3ywnIGOQfFQOWUfT4XlgoKvirEqWIOKiqmzEZu\n" + "sYKbFPhTrFwZmpEwLEw+8B3iz/hW4c7Dp1/oOdrPSr28iQYfJWMyJTm/F67/wzGZ\n" + "eWYs6Kxc644gtBckJLGjVPHcu4dwpWpKnzK1cwzN8GY16/m/7eA1XsFWThQOR+KH\n" + "tF34Cs3xbu2DBtbMecpeWAOYR1lQg4IRHrCVrB2hxve+/bXrocs7EDlw4rTfqkz6\n" + "WqtmyLapzQDNj/NWymF1+X4c7g==\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIID3jCCAkagAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE3MDIyNzE1NDg0NVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2Y2wvebbAVPqOsDr\n" + "1D5yGc7B/TlTvuzwAX6RrR6zwuwr3NkeP172A/S1JMqZgl/MnV+PLaCGQxKgMg3V\n" + "7pIe9qenytKs6QqGTWt3z3C1HerGT9LQ052JclCStmC1jPMwOUXFiUNunvpMPMMB\n" + "97KegAnoYhViQ/IS0iDmHbdEWaFRFcvqVXyaxZP9eW3bkEZ+0pF2yaYZE2NqwEgi\n" + "aSWpG6VStRC86GJCTswnpIEaS3gTGZzqmAw7eHEqz0lhZB6o//Pyl2TvUexwu52X\n" + "McxWflgCTdbZmjnuyA5LZp8GnsQ3TbOzkP6J+BeZDPjSKvNtgZEz7Bt+NXQGxm4k\n" + "9/5813WkA29QEyVHZOQUvxTCyr3B3lgxxvZzXQYcmqpWdDZyZr2jxJaizp5BVKRc\n" + "OxhExiEhOUnwwwwNMj0Wyxz894QFrRqy947+lMWrH/snQ/owZX2IZ918Bm23IpJl\n" + "bUb5Dnyfr3PIa3XfAkJWRCM5xqKb+xOZJaR+1lEbYYqOuQDDAgMBAAGjQzBBMA8G\n" + "A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUJolqIJH3\n" + "QVRxmq4o/abMSF3P4REwDQYJKoZIhvcNAQELBQADggGBAKnD4dpow4u9YpnVZ4tL\n" + "cOrkB/TuSIGbuTG1K3CWvjDNoPwe0AXvhexorVuYMWVtTGz1EY4ugopP7qvMf4Yp\n" + "lcZNamtTDi4Y6zTrcKHe6ckedETi5TD6d7pNIe5wgn2p8hptfcyPwlpPjx01XqFm\n" + "Zg7OcoBwhe6UYsM6C0UpUQTqv80aOhAzB5zHHUAoIVSGQBGgTip5QxTq6cE4OX1I\n" + "eobqAjL/J+1Wnc5tN6ctDaO0HbXxTnPt3FkJlkFmnx46o5n6R3KmyfWs7QSks0PN\n" + "/V3hQ4uV0PagQ+z76As4AsNHNGIKCiZevqOUWoU46PlFOR3W65i6dw2iRLW/qmCQ\n" + "Mn8OIzqvcPOwYS4a9vDAX5TR23gPkUixlPnxo5sTPgpTT3PRhJekIoCgL3ncBs8I\n" + "p4/TbPht4m0L2eCodGkCm1QCbvbhE1JA8ZpSjxjICODHEeD5w0RXT0FWprCMvrO3\n" + "uExu6AxfNhtLsV8E/HXAGTguetUysJgqqXdCUDXTQbrIHw==\n" + "-----END CERTIFICATE-----" +}; + +static const char *unknown_critical_extension_on_intermediate[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEITCCAomgAwIBAgIMWLRKghUUPjZQy+hWMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwMjI3MTU0OTIyWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEA2WRm/jJ2Ul4TynGmCamCsUv2qLvQmFknfg5HEjPGpx/sKnzkkavke3IdltLS\n" + "/UZVw1ZwoMKBh/5C4tG1Y7mKHdmHmuISyfzB/vHBNx212UZJpOiwuHHhV94Nmdbd\n" + "X5sD6aFluJOWRAL8PB2vPJF8q+X1PNDxilDEevar/ULNR4+rHMlqRUtbnpqHXVmd\n" + "eYgUAYRmJatzyqhlGJ3mFZPiOwCxvR4b1RKzFx5zgz1vy+B+0a+h+wRgDZ3iCwMO\n" + "mtAgYQ7z/jBNzdbkVZVMhCQm8UF4Pt2ITtLSfuZ0lDzntfC504TQABaFooAorBMF\n" + "y4+OpIyrAXGAVct90Rtkq2F0sVfGtz81xMUw8iVteURalUM/XH4Owz71BJcOKIDO\n" + "PbWyGTMXzWcdCgEhL3P4QG0HMjyhjyv+BAND7Q0e2KGjfnGmO2tRuR6h6nBUkjiZ\n" + "UicMEAyCxJAuMMBItJTIoXeNFsttlYIuAMHFV6A8ekjWhhZsg7LhlLH+k5/uz3rB\n" + "UPGXAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0\n" + "MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFMBahZT/Z4RDB4CkB5lAxAGSCUcd\n" + "MB8GA1UdIwQYMBaAFAMeecLjN1JGgju+TsSezQDYARdtMA0GCSqGSIb3DQEBCwUA\n" + "A4IBgQBV35WByM7cfucUIIaYgAE7RWI1mVz9QGacEzMX0jtJB3pI78KQ+4i4XRHM\n" + "DqES71RbHUTsrIUUEMvzVcpGSak0cvx+9QC6wkNn8w/SDqkJnF4/72MRGXigHGcI\n" + "L9/dSj0yKUHMzjo621cVlG8AgmCG8MYInTXY5pvqQ59mvD1A0HLUfJmwoCwcLpx0\n" + "JIM7/f9CfK2kHVBIvdhV7cHr+pDPHZ5wjVIqF2WE9TnC05caxm/yR5aauGptM8YN\n" + "nfoOnsqFGK5nmD94tAPzCbPjQQqyRQQALm9/oJPMG0blJPkch/hsJixujM1hcENX\n" + "ylV5Odw2LYGy2qFi1Ku85F/cJFvsF6b215ziQKlXBdwEa9Nno0jjxa+g8zFktUa1\n" + "6Y/W06RqQKKVdn6bfhYmOi5PL+faiA9yrGnBy3i/32Glxs19sSUODa9babAFKTlM\n" + "099jOSh6YDQWOa/z/eQ8ueaL7nfwe9cWBOsjwUUO0BJwx3uNQ70ijf3FBbLe1PKz\n" + "yQNcZEI=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEEDCCAnigAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE3MDIyNzE1NDkyMloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA4osbQlC5tHJGl+kD\n" + "Of7n3E3DfyF1g1XK7XyYpbjmguAVuxz9K2qVMVYc+GUWUN7CQeCONFBV7+49pDFm\n" + "47jw26fQ/x6tj9Omq0pHqTSEmNpsZTh622PqHulThK1R7R1p2T9vnfXUd/AnqWYa\n" + "ECBp6BSW6WKScL36rqVcKc8I62s4z330rrIEOksWFVSOo52FwSaM2lEH2nj9MGPv\n" + "P387c+J5fG22g6Ho6k/A9YJZgs6bjq+XXgqBAVxYjY++YgjTwmcFq9tMQqmxEOCL\n" + "jF0yGCUnV+oz1J5+WTfhkm+yyq9hDOaf6GoCYVMiIpcpnTtZegMTL06Bd4nawODT\n" + "QCuzg2FOmHzSP6XehGPtHzRTsKDJNjl6Q9xTnoUPOcoECYI1xMHy4lbKH236BY4G\n" + "wjyFpfiplr8p4ZOdlgat/+d/eR0gxJ+A6ZbdUsrjNrMo3Jec9y8ZHKR5OLsQxe4+\n" + "UIYlA8iGce0BVGjLlXyE9jE1i8ku0s8QQo523GB8Va8ljSQJAgMBAAGjdTBzMA8G\n" + "A84HCAEB/wQFGqsBrP4wDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA\n" + "MB0GA1UdDgQWBBQDHnnC4zdSRoI7vk7Ens0A2AEXbTAfBgNVHSMEGDAWgBQghKJA\n" + "xiymxB9WDU44awpl6BIZ8TANBgkqhkiG9w0BAQsFAAOCAYEABOkLX1UW8oDD7TnZ\n" + "9jtpkkW6CrSBI5aIVcKLNVMrXUGiZ9s0rONFXHLEugIgkjP++zUBnflc4KpwlNnK\n" + "NXp0KtCDhQkIXCWn7RYZ633v0XOrop5VuYV+qtpd2oNDsbCIrkph3llnPjRbhIC9\n" + "FdkPW5ZvfnJuW5WOwVBZKe192XJXBHQNPLuA6GbE1ouyaHKrs71W0UAi3ij//tAk\n" + "okwYcK6Y7fIuVZqsSCK9U1/p40zdLwdoeJz1/3U2lTuZwDlh3f12DTFGBaDYamS8\n" + "4utiRfZPQ0U9t8J8HDj9o+ShX0VMXw116zwiJqw+B86hslT0jAocrJtfGyANsP7h\n" + "p1OtDVfgisJVK4JaPUoVsIkl8+TBV3sy3jFdc1jpqRg7127Z3Q8nHSHX1mHdI/Ra\n" + "M3DUhUuTJpk7/vQgfQ+NsfwdvNHWyb4+zhqJyUuEQS0yQ7SfGznzHQhPYks1RmP3\n" + "afa4/D152QSDszhHvTrXyPiFVRuAGk9lh0h8nw1mwygoL1OI\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIID3jCCAkagAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE3MDIyNzE1NDkyMloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA8QUnCRcC8HlaTt+z\n" + "+ui60g8eRO/NqaJFZ4Q/GL65v8dZKRqH10aWZavLXhryCGr2tH2GX0by7pkZqpoD\n" + "FEuARVoiNuXOVntn+HPlsiRyPCpgisN8tS3cCugvzNrVOlPlfvihX9M3oAYFImc7\n" + "Lpk2K+FW4s8ThJr7YOSg1BmuQiY9vyZ3fgaOBMmMqOke8MEkXc0xoZ4M14ZgbcXA\n" + "FpnPHLQK8HZHq4K1NVzF23gKhtB8lrQBf5O8tpqzIFjyiCYiGLhZi9v3Rv4bMBUS\n" + "1bje2PiZ7QIuA5KzTEG45NDiCv6gl1u+uIuWc2VJpRDyMECgKOwhmQs+lnqt3wdq\n" + "wgtVABAakxPjBRoXv27wNo5nhuQruuESiWQHbly33mMnT9MFkEoeRxJWJpCrgzOY\n" + "wtT2eXJPzd61HQmr99JygQR/roB4B0AAHOUxeSgsjrH8ptzQSeE7Uk2HSyz8YG3a\n" + "NfBvYMCCXZLW422ZG4G1wEjan9to+pDj/a4O51ClCT5B7of7AgMBAAGjQzBBMA8G\n" + "A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUIISiQMYs\n" + "psQfVg1OOGsKZegSGfEwDQYJKoZIhvcNAQELBQADggGBAEO9TkE/bgMkFm37usHr\n" + "d03a67vZahubHweidEDsZwWf9h8PiaAIUth3r0TLR5HFGj5zh73hOWCggMmxJv+V\n" + "8UL1oq2jYAXeDkA7MbjADIP3Yl9C1fS+Bq2Dgqht3pGWq5Uej0wClu75bHEKLZWl\n" + "miKvuFscponO9L68ARPBsZ2woQ9F0+2buV7PizylIZv8BnYAxoHAEHcq2RIqj06L\n" + "si/plPx6UzbfWrfW6H9OqjB5TDJ8hSwLEzUg+RFYH34RZ1D2Thl8GKB62lIpmP9K\n" + "7f2wSE9X6gWivyObhmQyAHiL9rQPQsXrpp7paqeknxEtPITxugOunYLPfuqddkso\n" + "33BGnJ6qVjJ6sTBziQmPcwNInm2/91Iw0BSZP0/mCBot+9rSHD38i/sdHbJWh9WT\n" + "mOVu3yT5v+39mC8Yd0ykgpO1/47jdPr5FyVz7yAfwb3/MHgjx20UQV0fn2R37LAk\n" + "AsKMxlHYGz6LYjxK06ZOT3GbBny23aGoooAPqBZenFWXgA==\n" + "-----END CERTIFICATE-----\n" +}; + +static const char *unknown_critical_extension_on_root[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEITCCAomgAwIBAgIMWLRKjwNqHC0gaxzuMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTcwMjI3MTU0OTM1WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEAqaopWnZqPqFMWM4p62PIxlBCidmiUgefxCphPqq3HX0C5IaHB+xC1a/p51h2\n" + "C6hTzChKpVWCJ2obxt4/EqgJRVA5ujYA5F7Cw65oy3GecHgMzprFiTksRIA/n5SM\n" + "whYQBFy939T2UDCyK5bfQGzDTDXoy4ZKoano5cmD8uuVODLlyyj2cv/XYsDGwAZb\n" + "h4+UGJzld1YYzrKaKb/9kCczsDLR51F40ZbLtWtQ9dvKXcIfhKEaFuWI8MjmJYzJ\n" + "WyKhMVEA3Eat+GnrKTWka5nFPqFha3XbVGb1ASJjdjvUFl6v8RlJ+wqsIni1WaIp\n" + "TZY6BCQmEc83PtvahjImoquFt4cHofrbQPK4A1Kaiw5SJMWJvmaZpiAlDnb8Wl88\n" + "TZBtkg1s/XVdD5GbY7r5FZRh52/9e4L43ZThZAGW91EYoNrVr9713OBfwiDpyGRw\n" + "bba5jmHtpzKU4xYANizc1A+ioaCnMbJM8iq68EUkcP0F/enH+TMRxQRMUQEKd4gx\n" + "mYUHAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0\n" + "MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFAxBxXFjDnXrtfECorTP1cf/us6s\n" + "MB8GA1UdIwQYMBaAFGGzwr5dJM/noimXvK/tlXJzNCQZMA0GCSqGSIb3DQEBCwUA\n" + "A4IBgQCIij2aGijFZxVV2kdzSbEWWVV9hAFHF0azEHTQwmSQ0nO/zVWJV7pTjMMi\n" + "qC2zAyfR/zc8BtxGBF1bh4U3Ke5Jy9cr8CYuS2/mvMERopwiQkUtVTABpvKebGqE\n" + "fkbbDs2Qu87u0RxPVUZqyiPNDtVq6+MM70/QP4FRM5uwOp3nSMDiaajlX8jfnZe4\n" + "A1Wa8yduEygiEAbiu0xn2rwjbfW8430Ep4e0lEIBZfWarL61vQaBBv4UmOcIWfaF\n" + "CVOhJGwuf7DYThUrkcs2mLO84ip7O5HLBpvrqDaymHEZAnidrfoayyRjJaQLvg7y\n" + "4s65ivmTyRpQnXLw/tAbWE6lwN1xKp3Z5ahcCN9wwMmv0kcSDi33rwAJl4l6h/Le\n" + "K5c/qyrGxnQ4AL2s98WUL7NaZyv9kuFsQ90ECjVfwhfUEmFqnWPPusKo+LvK4Un5\n" + "6+uniip3wX/8GCDV+cLQywuDIdo755ZKMaf3UjSfsknWJmpJYl5u0K18uLAzIod0\n" + "PVow3ek=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIID/zCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE3MDIyNzE1NDkzNFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxIF0pvly30S//JQK\n" + "HGVka0CNqz2KC9oDoy90YBpIxlwdO2qiQyBlEytGXU4omVFGZZdpAwQ0XaMaEVDK\n" + "pmdhYPJAcdCPUVkae/qPNS3FWEdSnFlu2qWhiFLgGOUNYn05zA68otm5ahFeD8oB\n" + "lVv8I/NEU7rQmEHZy4Bg2xTSl/hVVgqbzPtLdAiOzAutWWiQwq4zoVYJVCu6Ut8P\n" + "hzpSYKAO8W81/tAiyfcZeoARA/QF8NGcSuWBto1hCb43GkZGFp5cKxSJklX06D8g\n" + "HkUFWkIavOaetywFv1dnUnVKJ2QEyh+40iwnnw2+HpBO3eVo/qArayBWNb/baNm/\n" + "kYZyIqzFZs2Mf38Uu4MGIJMB9RkcMUuw3o3u1HNMeFIqPeTpvQ8r888uxQTgZcfw\n" + "l1tGijdnNBNzdvIMTTAOZyLpdDxx/WoGA8lz1Ks3auZ+d0dzO/2q2b0fiYBAY58h\n" + "Ou1uRjmFX4YpVGcC9+2zmJGGMlkEu/iiJT8dmZc5ydPujY9BAgMBAAGjZDBiMA8G\n" + "A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUYbPCvl0k\n" + "z+eiKZe8r+2VcnM0JBkwHwYDVR0jBBgwFoAUjdMy0N5jaoCQ6Ucqd269BlwiH/Mw\n" + "DQYJKoZIhvcNAQELBQADggGBABUXMEKzD93AwIJZ0R2n2gJzlc7lnKF8BP70ZP5h\n" + "JTYz+tHymc+Nw6eW7yQ5o9tnJue3Z+ueOzN/+UP7dWH7NRnaJ/BOJuKXcwGrH6tD\n" + "prP2+HR2tPIuEGmOoe9bnFAiX7evTC3wt+AeIGgYSZgPwR7gF69Pudk8ISrMg0oh\n" + "Q4pM9YUj5cIWiBBD20vQj6wJCvzi5tyJjEhjT6fJVlcKFZBveOG5RaPB91GiuJ6s\n" + "JW6z1Q2cCMtvsRZnj7jFDH/m4ZlmK/h9oD1HxCP1rcEmHykOh4RnyyrlT+Vuzw+u\n" + "jtNaz0Fr9y20a39ENrmMI719/vuZxx2eExko/ta0EbirJw2u+Ygjdn6c6Bc+BR/C\n" + "IisDCHVO1U+nk8zLo0Rd1JInJH+3jYzn9OAClqBoKxp4bSIo5z419t2jZTAWUNcQ\n" + "Rj+7s8XN/z7pfNfecZJ/n9KTfqbowqfZaMR/UdmVQZTmN3Xk9CnQsGpotbNDqQfH\n" + "jz5Y36//zejV2aJeOMWZeAw/QA==\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIID7zCCAlegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE3MDIyNzE1NDkzNFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArr1s4R3Fq1St6vdT\n" + "ZLTWWZ40bG72Ue/Z94c+m0dujKk+SnXEOe8sEzZLzizaoBiA8IDc1sFpLHDruWsD\n" + "jLACBOPDahfIGIfeJ1R8L23HEgbg7RXdJ8Bx1YsfaASr8L7AihDBM6BTPfGipf6u\n" + "Ul2oI0vyo8WxW+0BdJ/qTMJwT/vFqn1XBisuvwa23SVAe0UU66kYXmSxUDZv3YWv\n" + "P3vqVBGdbussChIYn5xyfCaaLgC3VQNkhmswSfyFQBJ7VO/nHI1a35E705WSKGys\n" + "IZdg3mA08jLOReCsgAO4vnhubA3jk9/LFFIbJulNQ0j3jcqOyfCtsXEmvgbq2b6D\n" + "ksBg/x1riV/FAW/nRwW/vqaKDtDTx6XcjFnMjfvBzkON8F+M76qTl4lVbv9fUgEE\n" + "hBppfHlvu3sQ7ysVYgTDdCM0neTZ0Gm7dOd/9qnrA7ZzQBLRBQD7+en23jyuX/PT\n" + "TEL2pO3kGo9H9zgTC8TcGyNxhJ9APIu531xkHJyse5IkORYJAgMBAAGjVDBSMA8G\n" + "A84HCAEB/wQFGqsBrP4wDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYA\n" + "MB0GA1UdDgQWBBSN0zLQ3mNqgJDpRyp3br0GXCIf8zANBgkqhkiG9w0BAQsFAAOC\n" + "AYEAjPW9Y5HZpXnSpjKPryxWNtQSZVRh1b/dGgKOOqjvlXajU/FbMjXTnpm3wdSO\n" + "PCXGyUkBonuoWlbxcRLsShH8O8LUH50drYnTYiNYqYq3e23u2LrQHbB1YlQnRvdR\n" + "JP2AOl/d8mP9c3GBhu0dxzTiH5zyiCMxOWChdPbpKCTNGD2aZIUoXsUwLv2ICsue\n" + "qQIr4f+pBztpNAJdwfMFtqdB1Aeg0UW3+aCjD4XEjISYd9VfXnPg0OaBqddy/MA3\n" + "Itef4+O7XNQi7w6FWmuZWdEJC2juygybA0jv6fvFKV5HUxxsdMaUwy/Ibt/MOhUd\n" + "e4857GRICFKq8Q8FUbDiuw868aTkKSVqXoZFoTLQsXn53GbSGvNqwpqQXK9JMPCn\n" + "c6XIbeF9zgGWbswgdNhs3u8J9tkIxd03cIqaCjzmsl9TByjg5hGEw4+hXbt9PDFa\n" + "M5avPfGI7g0CdoSKSzAishaYtBn+HCRHyZTpxATrv7/fo0fTSs32EIHmro0Xk5b9\n" + "qFGX\n" + "-----END CERTIFICATE-----\n" +}; + +/* the key purpose in the intermediate certificate is not the expected one */ +static const char *kp_fail1[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDOjCCAiKgAwIBAgIMVB/VrzLxJphTIbssMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIhgPMjAxNDA5MjIwNzU0MjNaGA85OTk5MTIzMTIzNTk1OVow\n" + "EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQCjtW076msqq69wke2Nc8NMD6UpxVQ1oteCh91lhIgGS+KBunt+C1Hfnipr\n" + "iTEC0A7/DWGynWZBcK8LHbVyG32fP45S7BcR1SimbE0HD1aWFSboQegghrF+NISG\n" + "HJgUTvTvUKn8pEUxowHfU3eGM3er4QZ7hyerijOb8/W2PFqkDjEZse6uPzKOoawL\n" + "Trm88cCuzSwKuE3Fftvc6tfzorXVKiFIGlbNBw+bpCVUMpjx4w5Ug4BbJpD/e7Hf\n" + "U+BCkjfKzWMDJ54rUQLbYUTh4QknHUoZ0W+RMKpeEM4esHt7HdJtZYKh/Lzi5GjB\n" + "VRAfAA+5khCRwC2uJv1cpzqVjDOHAgMBAAGjgY0wgYowDAYDVR0TAQH/BAIwADAU\n" + "BgNVHREEDTALgglsb2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0P\n" + "AQH/BAUDAwegADAdBgNVHQ4EFgQU7Vhq5oDQ/UgzdS+yRZGbBuD5GxcwHwYDVR0j\n" + "BBgwFoAUWXJAO7Nmy8yMdi66LZQGgaO+plkwDQYJKoZIhvcNAQELBQADggEBABSD\n" + "xzc5ZeUpD+6dvIwptMYLLL5qMI5/GmhSHRuI7pPkf7JMOrfOfPaDRKJY2HIoHRB+\n" + "68iUeE+C3I17lpuXcTGU4OvLrqBQ19orSfWvaQMl8yOR0Uzjn98jc4wuA2nMOnBu\n" + "nV8Yx/rJvBK/uJYBjDaMdKtddBvdUoaOco8tflOLDBz7aBKTO31qynKGWgtPDasG\n" + "DsshOcDgstMwhcBXbIrliDvDhBeWZnjG6E+9yf1ppUoVMp8UU6H12lA3en1GzI3v\n" + "E9NHhkJkFk6uUIp09sWLfw/MGiU/rIb9Kj7qjOoE0RAirOJdqSnb+XRwtD5U8u2Y\n" + "JcxB7MEBdJsNPbxRVtc=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIDFjCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCIYDzIwMTQwOTIyMDc1NDIzWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" + "BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyxSDH68ZW2CHV\n" + "6aozE8LMXnOZXDOuli49867VsS7SLr49jxL6jzLx/oJN3JfITcn+ohYNifnA7TBa\n" + "VeDSXMTG9tJrU8FlOTCk2Vsc939YiJ9tKNX4rPD+OeSbWgxOnVlkI5zZYnq/+i1E\n" + "UvahCHyP93GXl0zR9hsSptJPD27mX653clPqPoTNBA+qSDTb/GK0Yvgfioaqk0PO\n" + "q8pcKjZ2N+qg7st+y5Rj/92g9E6vpdHt9DBfL1THkeaJ0VKfvsea8fj1y1AwwWvT\n" + "9TWIYCLCiYYtMv2Oqsf3lMMU+Zs5DO1FqHglXrnwjGMN6tf57OYol72Pih3enejM\n" + "Syb2U2z3AgMBAAGjeTB3MA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n" + "BQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUWXJAO7Nmy8yMdi66LZQG\n" + "gaO+plkwHwYDVR0jBBgwFoAU8DKVyOiO2uYcwEgw+8kRGgRXCPYwDQYJKoZIhvcN\n" + "AQELBQADggEBAHudcSXdtTdRoMkxRZUxPu3RaJFaFJr+y0SU+3gBBjbMuYIUD5b5\n" + "neTl5NDwtgPQS41ldf7oMVWaFGdV6OZzkfPqWgNCsDPy7xSGHXLQ11SSNsw+J9mW\n" + "zVdiM+BQOWvd4WJ0FKJ+pO1WVyTiIaqnSmETzgviX93YueV53h7Z02sGifp4X2Xh\n" + "aauF8xrG62ELNBC5kYFkAWrnNtSMuykbpfZT+l4nFI9ytxHLRFMaH2jpbfdL0pmQ\n" + "oktFJ1fln6N0S71doSUTvfy2iPcvVqjIKW6YD/Pyrr6ThEbVSGzY4FogzUMQf3fN\n" + "J2Q6Eb+S3ZB28Sm377QU5XKQ1ANpOa4ozHk=\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIC9TCCAd2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCIYDzIwMTQwOTIyMDc1NDIzWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" + "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYp4Ek815xc7wy\n" + "5AEJ2AzJSyTnVWR4HTsaWBOVGCpE7Jrz3hHPUzE/9gRM1Oq5ROWJ7DUVFoD9pP8A\n" + "if2hRYwSqCNaMswMj3ReDLm2iKROrFhYR9Rr6kcucmRDcrN1SqmmIvZT80uxPXhT\n" + "TRVWYHc9kjGvgC3U16O+265d44mgxGw2UMwMirh5X5u6JFrfTShBXj08UJoNsj+1\n" + "6Tp/x6+vO8iaGWcRPetAWzwMGNSH4CanWuHZBdL7jLV/OamfvKhBHhEGF/JN1KDn\n" + "MSLrQJib8T2WVfVdmLWM6FbDiw2i1KeleCij354MNuI+Azr8aTJma5cI1BWU5Ndq\n" + "tbHShdCxAgMBAAGjWDBWMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n" + "BQUHAwEwDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQU8DKVyOiO2uYcwEgw+8kR\n" + "GgRXCPYwDQYJKoZIhvcNAQELBQADggEBAD4RUNg3EQ5yJ1LfXWKFTXIhSg6B92Y8\n" + "QTSq+1RWEDP51J7i60A0yTDZi0XZUrfNIv+0gzw8F9l/QEWM+IXXnHUhhluZW/xf\n" + "PiQPtz3Tv5uMIxs24vMIZYeMzXJ+N1rY2JbYsEWhkfSsJA8LD08gw0azlPKx/wXy\n" + "aBlknDfeCcrpXhnJdpMxj/N7nLPTQuPe7/VmZjYc8VkopjKMrZS+3KcEoXbr5Zjr\n" + "zm2mY/IHu6AZgtsWMhakONbH6I9rsZt5VlTPO72VmkjYtHhFfvjs2fPH1Gdu52y7\n" + "P4gcTXWeMficO8uzeHv17J0+qBBYxRe5Fkri1i1JRjJcBqVaK3JPUzQ=\n" + "-----END CERTIFICATE-----\n"}; + +/* the key purpose in the anchor certificate is not the expected one */ +static const char *kp_fail2[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDIzCCAgugAwIBAgIMVB/V7wN6fXUuqVU3MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIhgPMjAxNDA5MjIwNzU1MjdaGA85OTk5MTIzMTIzNTk1OVow\n" + "EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQDlUn8aFZ8w0fXI0ewO8+UQ0KKw1hUbH9A7DLJKj/bEyFepKh7JKnBTugs8\n" + "LEE0BKxMjC2smx5sbIKPGRljva6qST6j52HjWQfVMjL4u3M8eH9y+t/ltatMUZ6a\n" + "GFpchgNNp66/PW5F2aar73H+KpIBT+Lz0mfpjY48LS+c/ZaLfufbbJ49eNPIZPgk\n" + "nsrX+41YCC3axlUCXeBxdAkCaE3ff5G/pWBPKg+Mx7iS4bjvOAPgjX8cM/ZqLfP5\n" + "5o+AQqocXw1/uouvpO7rsww+0PgVQnZxoVX2QK3i8l2kIoIBLNaSLTx617tlKZgL\n" + "6KW+6B4BJePzNN5UsOgWMo4ZIq9pAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYD\n" + "VR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJBE\n" + "Ci49lpyQRB7rCapUONuivibPMB8GA1UdIwQYMBaAFOjA+VXcj2Ujv5sKm7aczyNr\n" + "bTvOMA0GCSqGSIb3DQEBCwUAA4IBAQAUnlwhZzSUkD4IZ3g4HgfGD0Tlf7ZMZbUw\n" + "wtdM9sGzYS9n4r2Wn1pVHEzlzqyI1UCnZq2cqYcDfLUncIBYTOveGyrkzq791Mnx\n" + "1HbmcsjQbEWr/ywCEX55ZWGiDrLkK85TRS+BYNVA4sZnAzvzKwwKOMOGfiKcj7rq\n" + "XBWpUSbRua29uQOk+P1US10bxiD777OZtp+woJlAUPaB3U4XZsbCCbl/ln2BgpoP\n" + "61Qn3BdnfSrl+BsjlpDBUItnyVICCRRH109XpHmvXC0SnceGnl0S0rZhFXMZ5uhK\n" + "icfV5FLumEOPw+pmFIY9z1B/e/EQfbWuhycQT2J5R1RfrwMbRI8D\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIDFjCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCIYDzIwMTQwOTIyMDc1NTI2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" + "BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvp14uRd38IoFu\n" + "CW+O/T5k4eLDbll8hZkoJkV6fm7oGQ0LcZRvhvQaHRxO50QzzNYoLMpDVw9cMMJr\n" + "cyy0C7jehOOLX4JVTWPyoynOycHTmqs9BZmjx5H/cFZRxYg9MQFmIDVj7jjaLf6u\n" + "vqDR02ab+tHesT9Zc/r/0THAqPoFio3rVXNyQpMQbsywxFRqhG0X0JkQ63xBKJQ/\n" + "ZvlfNyLnM6D1cG2Kjq1hbjyTNdofGUHY+CGuuoEAqIRnKR80rpUw5cdxy2bAjBgN\n" + "ubCD7QQlxMUmARjwAgM6lhWB+EXhbcMqZ+dmL0elmST8E8Y5sY/UkEorzigIHjr2\n" + "Tyl0/LSzAgMBAAGjeTB3MA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n" + "BQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU6MD5VdyPZSO/mwqbtpzP\n" + "I2ttO84wHwYDVR0jBBgwFoAUEjFgu7hCgPDa1wiPd0d1kW33LNIwDQYJKoZIhvcN\n" + "AQELBQADggEBALB1rjTwAzC0ZFSTyGg6wYo0S/zo+RKFbezHQf+TVQ6mUjbAs6Zs\n" + "KdTm5rvWXd669RqN9pVWZhlP4gBHAe/0koIjZQ92LOkqosEGsfWbzKfy0Ey3+MWs\n" + "2d5Qwunzm7D/PnsrYCtZoNIIr0KiAMjyfW3cBB/n1vcaZDAnHnkoUWLUfsgoBFxq\n" + "yGHJU966soKKl6yMAz8+pn8SDkXFjGXNCJSEcLFq2mwSVTJO2bLDKsnknAdkJr2A\n" + "1n3vudMERHj4IjXo798Qj/qGozYECDgKLBzBN6+8HUA2r+qelNl04EI+neFaQ5bb\n" + "nU6OfwULZEc+I9iucS+6I1hXmqqI/jcBIRM=\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIC9TCCAd2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCIYDzIwMTQwOTIyMDc1NTI2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" + "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW9zXIvd+4Qf7Q\n" + "dzGbDAR+tc8rOac7FE+YJkWTx+fcIjtaiXaPRA5r7xCUawBAPaH4DvRqmqxwG+Js\n" + "CD3YMERMh184XHkPWX/s8P14lwmzm/k65GF7PLTcGEwQN67PgRkvV9l9iXq2Krgk\n" + "syfAd+7mTqkx63PPJgVqIa8Sk9Ljdp/GBlvAaFRpm8fvsKmRwDO+AjLTLw7Ou4kN\n" + "XQwPejnoreUb19dK5naA5ODrliv7mPc082g9o8NGULMcidGndBry5D/hYSY2zvUJ\n" + "lxy8M0LHQxdx1d3UIAY5i+sT5OUQBRvoXETZup7Ve6aoKfBc63PWiNAe7wuyGpWR\n" + "4dLskuZjAgMBAAGjWDBWMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n" + "BQUHAwEwDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUEjFgu7hCgPDa1wiPd0d1\n" + "kW33LNIwDQYJKoZIhvcNAQELBQADggEBAFePqEhyTZeZhm+1l10cre94O/0awOTk\n" + "mDLhJJY2AI9zqAgnaWXg7YAf7nz3Z1Jez02fu7F8c9r7E010YE1W+2kECuM4uN6r\n" + "9X7VnUW9VRXgiLFIi7mLFtqh+VnwR3xvnKYRFM12pXDFoWhyYfFWVUeNnXdKSN6E\n" + "4sMPBoyuSB47yit4BUkEanbnGbZG74G7ldRg9HXJqmkOJl+1HALpAstBE/MCM7TF\n" + "lXgkj8eCaQwOKcK6bl+BM7dExwmYbOY/ILsDHx3/AB/eT7K8kKwE+pAzmHPobX4A\n" + "np3FeZ2muHFtNx32NuatbIk1VI2pbskc0iQLwBl06SLDR/5Hq848MDM=\n" + "-----END CERTIFICATE-----\n"}; + +/* the key purposes in all certificates match */ +static const char *kp_ok[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDIzCCAgugAwIBAgIMVB/WCA0b8cgGIwgHMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIhgPMjAxNDA5MjIwNzU1NTJaGA85OTk5MTIzMTIzNTk1OVow\n" + "EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQDACAXnEalw36OPk35Kv8Goj7xRaeaAz4W4w1vUZ6IJCiNIzIknvlnU5vi8\n" + "MigzloHYXmhHRyfHGggoPZyGtDNiKIeZLRE81CVS9UzM4Uu5naKmU4zBMmmqEvvh\n" + "/IHHDXd+Ky89WXcI4rTFjzGzvViQinN+1E7BViFplOBvGHB0qa/v2saqyoD9HRJL\n" + "RKYbSGG85T1u8B7M7mdnBuQyk12r6lsxsNfScnkNH04jUtgL1i+Susd7zo1waqi+\n" + "lXvvW5P8gB9cfa32cXsBNGReOZoVk7G60JjLDmB+fWetVn7o42wG0gZ6TsSTsrqn\n" + "WLNMOxw3W8WLapR4vwU2BzjTZfRjAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYD\n" + "VR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFDL9\n" + "2DAwMqU6DnAE8/MOefs0AFO8MB8GA1UdIwQYMBaAFO47x5DoYJnwbtfPj/PIxKmH\n" + "JZQqMA0GCSqGSIb3DQEBCwUAA4IBAQBv3kR0R0VIu4mJ7oERxCPosJafnJPOGRMz\n" + "7F4zk3j7kwaP6OGHRJwcvxNLRAr+YIXheFDEJTwkEtA5pbir9wIG0fb+FT/o4ggs\n" + "4r2DqEZo9rZNatPMTKswbA3kmeKxRUe/AVsqeSz5Na5HNrHAGFZplUpyGMHT09f1\n" + "rHfOTlsq8dorGtE14UyJc9CY1GhHZVNFSPgyaKxSTVBr4qsD1WVKPcARWjL9Qp7E\n" + "0Gnh/O+eLdC4V7izmAfaS7kwyYiyJoWSvce4hMweEfWytOaBJMDg4pFDLabhfJpo\n" + "IZXCSc3/qHmf03lU+ntppPOXdl5niZ0YnwRmf8uYJb13EAepaiyQ\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIDFjCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCIYDzIwMTQwOTIyMDc1NTUyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" + "BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp39LwuWEO/TO7\n" + "0X9G8P3+EoWL8TDyGmAGST3+qM9pSunLkIeYnY9RtiT8/W5Tt1G7GD7RaU1J+IoL\n" + "UsEOpT/Apx2Pl3AcXLQlhrtSSZj+yBBWSvY2C+Affhr34sIEYXlE85DseSvotJb/\n" + "ebHoOFPziji95gR+l9L7aQe7RKaebTfNGbSuTzn1e1YYmnJqtNmfLcrgALblCYBm\n" + "XMlJRy5NCiWk1D/BNIGsp7Qqtx5yE/h+92bY7js7s/Vzmbhs3LmFYoKMvBOWqbrc\n" + "OQCFZxLX4jaNg64OEVOX+OqbAy+bssoMWiXAZfBz3018Xnf88lrsYVL1ZH6QDQL7\n" + "sEIZ/IBPAgMBAAGjeTB3MA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n" + "BQUHAwkwDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU7jvHkOhgmfBu18+P88jE\n" + "qYcllCowHwYDVR0jBBgwFoAU1fwQDT/4ciYUpHQqev0LK+2shjswDQYJKoZIhvcN\n" + "AQELBQADggEBABjGLC1H8oL/TjwBBbrFSwRtmbY1ElLO6lZvniWnfsOk7R/DdoBb\n" + "rzNcdUOcXoH6RbuZ4XA2ROqLb9RAor/V+A4CWHLLfToHKTYFE4vH7iN99gk+OEy6\n" + "G7CR2jYNHVikrX3eEUqdMby9+mY1K9GAz8+MojBUTPllc7Gzp0TsLzWXxvhSR84Z\n" + "zVJAS7bE605pKeABTD3b4aSskn0yt4UYEgVfw2hOnXDaZMfQLgp46z2PBuKXo+Xq\n" + "JpqbTJMuWA96J4A51RloNWBESzYhBCppeGIlGOhryqMDreVJ+MxZiuqgcbvm/7qc\n" + "QTLpHAc7dU1/X8/QgqKZIVnpWbmGRNsnTuU=\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIC9TCCAd2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCIYDzIwMTQwOTIyMDc1NTUyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" + "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoyMH9n/NaDPOx\n" + "+LFRDvrIPyCpc1cCfq/CLjdcUYll6IYCDn/p2XTSFFCzeLY37yyAX7VuHcbfAQWD\n" + "0Ax8IL5EUBdQ0BVEkw5ck5pOsqbnLU991zAvUpN1C+u7ogB92atTaeDR9TUE4bMX\n" + "EW+k6us9WQQe9A/w5rnOr9baR+lvndQW6Mun+7bhhX0KdezUosTd6xfW9tOXSOso\n" + "jkk9wW+PKdRCmfmqENNLMAIkQ6RES5LTO9KFGlbaCfJjxPVmT7V53nRsY4j+v1rT\n" + "nNMK6JshtbjQCaVM3nvXXQCJ0nRtUGUcS2JeRpc1C6h+TsHPDo7kNPKGYLDi5Zps\n" + "9WOArkLVAgMBAAGjWDBWMA8GA1UdEwEB/wQFMAMBAf8wEwYDVR0lBAwwCgYIKwYB\n" + "BQUHAwkwDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQU1fwQDT/4ciYUpHQqev0L\n" + "K+2shjswDQYJKoZIhvcNAQELBQADggEBABoD6Zl+A3DU4KTa4n+002J4ddl85O4+\n" + "Qj1NOFfGZ8qP8S5SuzlUIUzRMvIacCSXOwcBFer4UtKe5x/O5i9F1G4eKt09vGGF\n" + "+XZNjhBOOqqEVUEcwCMecdU5aDaFWx3g7ixrzOlA17Ida/j/QtJZVyhJJBm9wxfW\n" + "peFcl/aR3/PPn3eULbTTMK+mUe96PwW2FrEA7ecNBxhCkcIvt42IWqkqTD/1Mg6B\n" + "BukSgD3VAQumnglSuu+G+F+KJ0zFPdmu6IaudpQ92hM6NeK1vJiiP1Mv0ALsk04C\n" + "Byazcl/VWffXsBIE8OI3k25rFXGn5IAVxzLNGpRFhWfKXbREXICC868=\n" + "-----END CERTIFICATE-----\n"}; + +/* This is the same chain as modified1 but with no modification */ +static const char *modified2[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIFXjCCBEagAwIBAgIQHYWDpKNVUzEFx4Pq8yjxbTANBgkqhkiG9w0BAQUFADCB\n" + "tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n" + "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm\n" + "VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTQwMjI3\n" + "MDAwMDAwWhcNMTUwMjI4MjM1OTU5WjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMK\n" + "V2FzaGluZ3RvbjEQMA4GA1UEBxQHU2VhdHRsZTEYMBYGA1UEChQPQW1hem9uLmNv\n" + "bSBJbmMuMRcwFQYDVQQDFA53d3cuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEB\n" + "BQADggEPADCCAQoCggEBAJdfieOPrf4Arf1Iled/ii97407ZnjpaB5xxm49Q4Pz3\n" + "+5xmD0LYre7Cjn1A7W3ZlHki5zFVZpW9Jb/3PfSEDY5slyjkLD2jdl2gVefSthSZ\n" + "tYxb5eYv79tIEN0U9AZ8/VaGwUokl8n1MitcECxNLMe4LqoVmS29nXITTTzX5t3I\n" + "4dUeMBDNI+xgVpJSpxwzA+/L+wxoj5Sb4YJ/Y+iUknCkjX6PpaZMRWBEE0dqvG02\n" + "qlxXesAV0nmKYvjbtqAyoW6vgjP85h6gJEESIqTTZy1HOgFpO8XT05CpGDcjhP1s\n" + "TvXF7Vx1aj+xDidGLLW188G35oFKIhEyHQV2V7vzRAUCAwEAAaOCAbUwggGxMFAG\n" + "A1UdEQRJMEeCEXVlZGF0YS5hbWF6b24uY29tggphbWF6b24uY29tgghhbXpuLmNv\n" + "bYIMd3d3LmFtem4uY29tgg53d3cuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1Ud\n" + "DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0g\n" + "BDwwOjA4BgpghkgBhvhFAQc2MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZl\n" + "cmlzaWduLmNvbS9jcHMwHwYDVR0jBBgwFoAUDURcFlNEwYJ+HSCrJfQBY9i+eaUw\n" + "RQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwudmVyaXNp\n" + "Z24uY29tL1NWUlNlY3VyZUczLmNybDB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUH\n" + "MAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTBABggrBgEFBQcwAoY0aHR0cDov\n" + "L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN\n" + "BgkqhkiG9w0BAQUFAAOCAQEAOeZfjkI0yR/nutCMHp5/uB/evkB8qIYxh1KKbhPB\n" + "TmpykmJxiLKrBBcBBu9kW5lMbNPSNclE4sCyN0dxCJHwPm7ubNUxsmDSTPTJOx0M\n" + "zl0WZVaZ7eX3nw1kj8jSoK0f5n87RzKK85MwBFsEn73Z2pDvxTcd72BE0T1UJLcU\n" + "2A5uHAJyvm2QpOWBIRKlJHIHCcu5xjj5yLnGO9id0cjOjEgj9f1Mo4hzawL5vQfk\n" + "o/xFxAsA70bk2trv54kgLvhmAW+B6OpN3Z/xB4mWNOw3G8bg/u+pCLvd8KRO5V8K\n" + "TlgO1NTaOgYC6OAF3USNMhuNZh6h5tWA3mA8rFr8ZsayhA==\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIF7DCCBNSgAwIBAgIQbsx6pacDIAm4zrz06VLUkTANBgkqhkiG9w0BAQUFADCB\n" + "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" + "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" + "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" + "aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtTEL\n" + "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n" + "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVy\n" + "aVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3\n" + "DQEBAQUAA4IBDwAwggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG\n" + "5btljkRPTc5v7QlK1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8\n" + "f0MmV1gzgzszChew0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDK\n" + "tpo9yus3nABINYYpUHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAbo\n" + "GLSa6Dxugf3kzTU2s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RV\n" + "M5l/JJs/U0V/hhrzPPptf4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggHfMIIB\n" + "2zA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlz\n" + "aWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4\n" + "RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nw\n" + "czAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQG\n" + "A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUu\n" + "Y3JsMA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglp\n" + "bWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNo\n" + "dHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAoBgNVHREEITAfpB0w\n" + "GzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+\n" + "HSCrJfQBY9i+eaUwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJ\n" + "KoZIhvcNAQEFBQADggEBAAyDJO/dwwzZWJz+NrbrioBL0aP3nfPMU++CnqOh5pfB\n" + "WJ11bOAdG0z60cEtBcDqbrIicFXZIDNAMwfCZYP6j0M3m+oOmmxw7vacgDvZN/R6\n" + "bezQGH1JSsqZxxkoor7YdyT3hSaGbYcFQEFn0Sc67dxIHSLNCwuLvPSxe/20majp\n" + "dirhGi2HbnTTiN0eIsbfFrYrghQKlFzyUOyvzv9iNw2tZdMGQVPtAhTItVgooazg\n" + "W+yzf5VK+wPIrSbb5mZ4EkrZn0L74ZjmQoObj49nJOhhGbXdzbULJgWOw27EyHW4\n" + "Rs/iGAZeqa6ogZpHFt4MKGwlJ7net4RYxh84HqTEy2Y=\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIExjCCBC+gAwIBAgIQNZcxh/OHOgcyfs5YDJt+2jANBgkqhkiG9w0BAQUFADBf\n" + "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n" + "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" + "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n" + "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n" + "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n" + "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n" + "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n" + "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n" + "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n" + "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n" + "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n" + "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n" + "AAGjggGRMIIBjTAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n" + "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9\n" + "BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy\n" + "aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwNAYD\n" + "VR0lBC0wKwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBBggrBgEFBQcDAQYIKwYBBQUH\n" + "AwIwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUr\n" + "DgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNp\n" + "Z24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhho\n" + "dHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEADyWuSO0b\n" + "M4VMDLXC1/5N1oMoTEFlYAALd0hxgv5/21oOIMzS6ke8ZEJhRDR0MIGBJopK90Rd\n" + "fjSAqLiD4gnXbSPdie0oCL1jWhFXCMSe2uJoKK/dUDzsgiHYAMJVRFBwQa2DF3m6\n" + "CPMr3u00HUSe0gST9MsFFy0JLS1j7/YmC3s=\n" + "-----END CERTIFICATE-----\n" +}; + +/* Empty intersection of 2 permitted DNS names, + * non-intuitive constraints order (more specific higher) */ +static const char *nc_bad0[] = { + /* Alternative DNSname: two.example.org */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEJzCCAo+gAwIBAgIMV4T0BxqceieCt/KBMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTIwIBcNMTYwNzEyMTM0MzM1WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0zMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEAm1IOBuzu9Pya9O3FKhQKus22xPlm+fVex8EV+p3IymnZGZUlDeTX5OcxCOm4\n" + "G87KNl/UQjgCB6n2FPiIYFbH9skxyvW8ZlG+M4so5yg7mwRjB8QPe0yEOLyxaLaa\n" + "uNp9icjtPJgPpIrEgppevfiP4iXrRGakzpjayazVCDTp9+XAhdWEi43mN6fgpM8V\n" + "Yc5sstkEueCjIfhApBzReMTvEUs3jCtmpqIvm07zVLpCh3sWh5MPSZtcw6UiKZdb\n" + "rRoaypznSkQDGQXCTZ92gSnkg0m86OIOHNQcxLXqfbrNJ7QZBf1wpi04s4DHNHSC\n" + "k9TpKe/dbDO4vgMgBNrcZ/9B7y95Pe+XJawG3klGhz2zGG7DmvWNygtUcM9nqk/P\n" + "f7TQhwsU4McmyxvVb09OVwk/2zEaPswv6MFvoxOskcQ5aYhJZs6wLDG3hh8yE4fr\n" + "BBvJb53flMnuSIWLfzeGUg4eeS8xP7ORApwLM0K0VGLaT4V9lpmWFLot0hv7XAcH\n" + "jeTVAgMBAAGjfTB7MAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPdHdvLmV4YW1w\n" + "bGUub3JnMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFERr13TeLMJ3q5QS2W4O\n" + "HiqwpM0RMB8GA1UdIwQYMBaAFDTfJRBdiC6+QinO/HA/E7TWxeHrMA0GCSqGSIb3\n" + "DQEBCwUAA4IBgQAiOgI7RgzjDBHgliXb2Q9iuCq/o/08Fz2he8AzTJ0fw+Xd+g40\n" + "HWnhZZxlnSq/XFircrHwLuMyG2B6HJ9gXWg7SI/5PG9fVz0USC0tcxKzA87iB2sx\n" + "KWzdfmzBM32ioTFEisH9YQqCVXc3Umol15r3dAZsKGRKQzYjVG8APJS4LYZTX918\n" + "Yg06jCmp+ZhyRHVhQ1NbrX9geOK8tuZoTQ/10iI1+eIF50a43qA0H8YDuyQbrZA3\n" + "ECdVIQVCUQTVlTx+JMl7DoZnm+m+BrisAAuq/4TeJwm2Es3IF4SPB/pwaZyx8YnK\n" + "xqne/auI6Rq7nfsi3owxBjjX1YamlmM6UWdvIsejsy92im2G0+J5s55yw+fCGXE5\n" + "5mItHVWOiviaPa95NU3NeD8RkUUFI568GM8GnIcSfJi1yxed8UApbCiZMbIIN8fl\n" + "5mMgyZv2QJXbJxhIiCQixn8nYsj2iaJu9Ns6zd5cFaQSmQxIEUfCiNZ9kO0xwpor\n" + "tHWgZdawxv2CfGg=\n" + "-----END CERTIFICATE-----\n", + /* Name Constraints (critical): + Permitted: DNSname: example.org */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEIDCCAoigAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0x\n" + "MCAXDTE2MDcxMjEzNDMzNVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAtpx8p5POIgdnDbBr\n" + "fH1kByvm2PP+iN4UJhJYY1V7EMiucC/CU5HoYhi/KpBwoY+28oaISEMr0KEf/3rv\n" + "CTZRBxuqxCboK6+u/dDOlyYeM0dU57jpKmgCrETLMq92QaIEhNzv88cTaWP0OGzv\n" + "2klLqim5AJC2J/XWqHGprfdhf9GCWurMT+km7LPIClDHfwnmrPHuNhelfPCVzKpO\n" + "9S9+Lq5KpaV45DRQtMve5NjUju1q9LotEeEdlu5bnomIK3SyfS+n5AZnLNVAqmMg\n" + "kSB1ymtWqn4wiw3hCBz8biSlkeowdh37cm3j0za27R3IjFnIQLD44Ena3pTU8v+P\n" + "4/k1OML8UWXpigP5QuTSASx0fXiShHf3baY1HnEqULfYvi+IUb6wMs/3f13NVVBE\n" + "z+LsjiWlwqB0fK5lefO32cEDvtSMlIxgt3FUDCo3/rLAh4ZorURONh4MUWiODTSl\n" + "417JOLB/miH37jodViv6zfbtTvw/+GbZM9TnvHlzqvZj5nLFAgMBAAGjgYQwgYEw\n" + "DwYDVR0TAQH/BAUwAwEB/zAdBgNVHR4BAf8EEzARoA8wDYILZXhhbXBsZS5vcmcw\n" + "DwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUNN8lEF2ILr5CKc78cD8TtNbF4esw\n" + "HwYDVR0jBBgwFoAU4SfGxDtCWqGQsk7xBIooEZNCoMYwDQYJKoZIhvcNAQELBQAD\n" + "ggGBABJZw4MHkE+8Fg+r/ET/kJ0n0NtsB57O3ogPpe/0/EWpsEJsjnRzimfu5NjS\n" + "PIcEKk/l2Ij8vbmDxb1uNsZmeYphdjb+w/D44OnxahxeLELwZPHWpJLvuf5S8bsz\n" + "Z0bZFNkDUXYbKDX8kWr1gNCKURBS344fRfe8HzZsG68stouvCuOh5pvre7mGGMJI\n" + "5/OMISmQiKIGLpUi1YOSRM25VMZ6GnzgYiN/bcZU1ph+R0lQv7/RRZ7oiaYmFBTi\n" + "FfWIE2hsJla3mbhCnUUp18MpRu4+gPirCVhNQ+ii9FPklcIhXxOrq6cqfX/YAcWO\n" + "uF70tZK/+Z7UXqGYJeQ8pdmlzjNGSH7Q6D+QKNAjZ+Ovb7zEh3NmyTT2XEykMR6+\n" + "bQYaGGcRu8Uvz4wHDaqeUuF/vgTiFaJ8kwNGX8Xb1x+ok5QrJAKZzvy59kojz8L0\n" + "ukQ6SqsvZ6SkJRbHHEh39YPNdC66O58KTiayjKgxQmVHsMOhraI1+YmPntCNBqNN\n" + "AvhLDg==\n" + "-----END CERTIFICATE-----\n", + /* Name Constraints (critical): + Permitted: DNSname: one.example.com */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEJDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDcxMjEzNDMzNFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAt7EPrrm4e4JEPXVI\n" + "3s6eNQCyQv24LU9HD+7hDMEOFf//DoHeb8QqSDJdiCk+Hax5ydKZR2h4HZRmj5HO\n" + "s6nxh0AWL645fKcvfk9Oj3r1roLWxH9Kk/UR246s7FcujhDzEz3LEOZUedeMY2CS\n" + "tyjPLsKoP0jiDslRk0Yt4m7OfayB71B26qq92SzRr2YlMvf6AWHEiZhCRqVNidDV\n" + "LxdMwqIkO8s93DN8Kw74X8U5o5vTjmmDiW1HVrqsxOuImnjQ4qTUiDv0JbzTQbTp\n" + "uPOlJ5u/qMTK1jsGDcgfnojHLrsyuuTPR4v6Rmebpi0HHrT2PkxLeGtQEUxM7TeS\n" + "Ccq+eva9zm4UngonS2/nkfYawLDkP3XQ7cJQueNKLC5etDr9NqhFaD624InblWGy\n" + "V7jtEJRwRPH9FeMG7HyWb4BHYz36dCsMLbsCrCLIH8H7r/1nswVxlL5SRwiL06fK\n" + "11pwae1uyNgQuvjno4zHKM5V+mJe1Tz//2X3bfb7crFPQgsxAgMBAAGjgYgwgYUw\n" + "DwYDVR0TAQH/BAUwAwEB/zAhBgNVHR4BAf8EFzAVoBMwEYIPb25lLmV4YW1wbGUu\n" + "Y29tMA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYEFOEnxsQ7QlqhkLJO8QSKKBGT\n" + "QqDGMB8GA1UdIwQYMBaAFJm3gYrByx1mGmb4CnWXtNzxwGapMA0GCSqGSIb3DQEB\n" + "CwUAA4IBgQAU53SjH5nO+ah/pAQaIDuxaJ6yaFWt1ZuW8riu/dTqn9vI0R4K6WCh\n" + "EZ/rf4Z4YWMLm0+wI/+1CbFHtuZ9savA4qx7rtXQw5mF1JTEBsBM/chiXZ50euKW\n" + "DRE2e8egOESxDQWk5cnaAxtbiRYXu/KYGqFcGeRvSoy85gIwfjBtweYn+rOwM9Yi\n" + "9JsrKwsdFlzvzB6+ozDMCHncqtkU3DqI9QD80oP033z45EJxWxOhd6YhnrZN9SKp\n" + "E/lnc/XuY3NflVE5PGT5efrfGkAfbp2fWPfvc2PP0Lh172zoPy3mBwcXpWdij+H2\n" + "JCzwEqzxQzLpACtFy0kwq9HhzfgcdbbFmUbNweIf30eVG0XQ35myZy9Q1LQINhaj\n" + "UN0Ao7qtLUtC8z5DlUFMuEHQBLhFkmuRHJHCkFRqLO0nHFYmKxtQ2nNmbHt1909s\n" + "I20OEegNTFV8luCbFahoILckFlsbep9P4d0wOMjZuJkLyModK7Yx+CdOpq6/Cegg\n" + "gt+aIvJzHEY=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIID3jCCAkagAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDcxMjEzNDMzM1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAmmrn3nN2bIFYipZN\n" + "ED4nbWSc0ZYDbo8VzqjCKNVhMbYJlu07tV0qDK/1IDHf9awo5AladB4NEH3oJi9c\n" + "sCtiBtJ9UnqD+gxsJFNtpOfNRfelOE8R7suXAxDxJto7YLtXnLCcMx+UMkhlDfVi\n" + "Yy5Hqua//+EFyffokOPJ0/JCxFvTd9ldbNnxgLL27yDJBL1e4SMSw03/wKoLS0nW\n" + "Sjzcu1+Y2sdj6CNVDtZjGmDLMNtyykX4BDz71PrlR1euktkuHS1HMthQdj3rSWjU\n" + "Rehe7LxjYG548SpnIVA93EOfDyqLhjpKUL8+rA0cKBIsaJK+TyUNQ8XYa98djBAj\n" + "gjRYRsPkZt/FH2BTg+4XSHWMrmfEbxyxqAf6euUkY4Z+Y2xkUHQl5GdYk44Rb/+4\n" + "NxSBBKSj+6SqK2f0o3WTHXwJTeX+B0rV2x507hFqf6lRGzwzffrXKqH3yxfqbycl\n" + "XlahOiBJ1xKNrR0XGeq9yPcrWv/RYvYt4JJp9OV1U2Mz3DRRAgMBAAGjQzBBMA8G\n" + "A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUmbeBisHL\n" + "HWYaZvgKdZe03PHAZqkwDQYJKoZIhvcNAQELBQADggGBABaf05+i07lJI74gv87t\n" + "87BuaYEvySlQuUqycCvEs31RXFxJQhpHS7RvqPw6vqDv418SZwd/hNaC7a1JU0gL\n" + "Zuha61y9u6/HbmeCBSgXYcd+4M/2oPz6WcJ9uoOZk8D2NxafubVtyXH26O6tMEnK\n" + "0JJuV6q7fsqvIHf+tvRs/fTD7gKtyAsj1OoO3EjkRRQPnHOR4anXr1jxDFvldHEs\n" + "qhlibWotfyvS4BvSk8nEo+/hrXs86cQDqCg1bbbz04sTQVHW1/kCKYl7c/HQGnTT\n" + "I3Yc7pFq7n5sNP31XN1a8VaGiKseNXmxjhS9XlIvQ1qB5ObE+Dm0tWQbrDo73udb\n" + "dW+I2/Pcij0tGBi8Cxe/PZKv5wio4NpWGTNiF6PMSaUp+lqX2iLYfjjl7osr3Hph\n" + "gnwxlST3q0Av0+91jCfj6IZ9YRHLakceaRxcj8zLoVGpQqTdJjuH4Sy7nKoL58G1\n" + "96Asqk2NsUztvRfw5pYFoe7ZUgsa4M+0/nZxOPd2UeodMA==\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* Name constraints: Empty excluded DNSname, empty Common name */ +static const char *nc_bad1[] = { +/* DNSname: localhost + DNSname: www.example.com + Common name: (empty) */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDSzCCAjOgAwIBAgIMU/xqxDpxZ3J5cUcrMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" +"BgNVBAMTBENBLTEwIhgPMjAxNDA4MjYxMTA4NTJaGA85OTk5MTIzMTIzNTk1OVow\n" +"EzERMA8GA1UEChMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" +"AoIBAQDP3GV/JSLCCmx09hJINJZC8fSUBE1IVbZsY/q00rZOw5KwPioLiMOIup7W\n" +"na8YJ2ama0GJjU86PlJDhBH6soaY24ZCW5kKhvfnSw2TkpW6umL7psvuBslRoMxA\n" +"t12MpapZDFZixZjV44Bstuyt9sI1ze3au+5C7E4+z40o/3uvbIiN2iz4bPgwPIMu\n" +"5V/bVTei6uAcu4fNHh/AGnAUJa201QsUhM4+VRFc0XmanjSulySD3obwERDneqab\n" +"77gnIP6zwuFXxHgucbmzU8DIgVhes2k4v6AB1nPxlpUL5+E+W4XDg4ckGGkfxgcn\n" +"dGYvuv3pwIyHvb7Z0A8D6bE435cnAgMBAAGjgZ4wgZswDAYDVR0TAQH/BAIwADAl\n" +"BgNVHREEHjAcgglsb2NhbGhvc3SCD3d3dy5leGFtcGxlLmNvbTATBgNVHSUEDDAK\n" +"BggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBS5dbTqiPbhe7Fg\n" +"e/Bs92qsNgWSzjAfBgNVHSMEGDAWgBSgAJcc9Q5KDpAhkrMORPJSboq3vzANBgkq\n" +"hkiG9w0BAQsFAAOCAQEAdkVCQQ5mCuV5WTqCeH7AtXxYM7IV7q6O7uqirKwDUzGD\n" +"wB5shurAPMn9IG46O68P+BPLMfwszFDgszNrjuMsKb7hLT5+pVsd6XRQeimPJ5rN\n" +"/szMfALLAcw8Yxt+1YbxlgUgybFsiK2zdBpAshU+FzMRvFfq9rnqW/VXM0J6ghz3\n" +"VqLbviOY5KpCLzfG0yM+CTcKXVFau9QZK962AfXzUwaCymw1cRHzQlpdMQtTtcIp\n" +"nci6MKXViEdeHbPLcZe9+vzSSpFh5u/l47w+2B1oz7mndFFpxkw37zDaVH5yAFxK\n" +"+5VijiKxH6nmniLUX8Zsv82YBaO0liNb2fOZopxQGQ==\n" +"-----END CERTIFICATE-----\n", +/* Name Constraints (critical): + * Excluded DNSname: (empty) */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwODI2MTEwODUyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+iPUnEs+qmj2U\n" +"Rz8plNAE/CpeUxUfNNVonluu4DzulsxAJMN78g+Oqx+ggdkECZxHLISkzErMgiuv\n" +"bG+nr9yxjyHH2YoOAgzgknar5JkOBkKp1bIvyA950ZSygMFEHX1qoaM+F/1/DKjG\n" +"NmMCNUpR0c4m+K22s72LnrpMLMmCZU0fnqngb1+F+iZE6emhcX5Z5D0QTJTAeiYK\n" +"ArnO0rpVEvU0o3nwe3dDrT0YyoCYrzCsCOKUa2wFtkOzLZKJbMBRMflL+fBmtj/Q\n" +"7xUe7ox62ZEqSD7W+Po48/mIuSOhx7u+yToBZ60wKGz9OkQ/JwykkK5ZgI+nPWGT\n" +"1au1K4V7AgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8wEgYDVR0eAQH/BAgwBqEE\n" +"MAKCADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBSgAJcc9Q5KDpAhkrMORPJS\n" +"boq3vzAfBgNVHSMEGDAWgBQ/lKQpHoyEFz7J+Wn6eT5qxgYQpjANBgkqhkiG9w0B\n" +"AQsFAAOCAQEAoMeZ0cnHes8bWRHLvrGc6wpwVnxYx2CBF9Xd3k4YMNunwBF9oM+T\n" +"ZYSMo4k7C1XZ154avBIyiCne3eU7/oHG1nkqY9ndN5LMyL8KFOniETBY3BdKtlGA\n" +"N+pDiQsrWG6mtqQ+kHFJICnGEDDByGB2eH+oAS+8gNtSfamLuTWYMI6ANjA9OWan\n" +"rkIA7ta97UiH2flvKRctqvZ0n6Vp3n3aUc53FkAbTnxOCBNCBx/veCgD/r74WbcY\n" +"jiwh2RE//3D3Oo7zhUlwQEWQSa/7poG5e6bl7oj4JYjpwSmESCYokT83Iqeb9lwO\n" +"D+dr9zs1tCudW9xz3sUg6IBXhZ4UvegTNg==\n" +"-----END CERTIFICATE-----\n", +"-----BEGIN CERTIFICATE-----\n" +"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwODI2MTEwODUyWhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2cd2vlg/9nuzi\n" +"6S6/qyJRnaUoFutajTwGqfQKZpbqXI7TcFZwKidzAZlZiU+sAvkY8d/9cadlbrde\n" +"S9HGv31QmexWjgWAMGNpeyiPlXIN8xGzIbZRM3FCih0bnIyibdwgAuU14dUrChGD\n" +"sQ4SAmRUpThkB8anvC10PIsxfnifBwJI6dGQZb1KOxVOIWg7Gb5tNFkZILBGv8wk\n" +"cbycIBYC3lRX8svUj9mMiro53f+4ZGbi4DcSLIdw4ebAczfBd+uHM2jkHFZUNuAY\n" +"7rGZAAuqEh5IE0QHS9CV6mg6Pf9+sLGMBZUbix2sxRntAEyz8+kO7W2zgmKPla4+\n" +"y54cIUmBAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQUP5SkKR6MhBc+yflp+nk+asYGEKYwDQYJKoZIhvcNAQELBQAD\n" +"ggEBAC4N4dUoGDTGf93DtjEcZzqGoAd6TsCYy6k5zeYMZFwogfArg0IMurcFDLeN\n" +"PXe3xl9RiUjbiZMaHWju81kIO34z0NLd705XR9QFEc+xiuZOMmm4SxciAF5xo+Hh\n" +"Fhc9cVa8Icm2ju86Q4yhJziYrElH8VwHTBE0k+RE1cK65F5PQFGGBlpGm9EMcYTv\n" +"EQQATPLuWwKRAFNJBx2t3DAeMseo/Iq6Snd/UfdqgLkV61YtbzqL8bu+a8rgMAYz\n" +"ovgORsI48TlbU4H7YI+vzPO33tRV2m4dOxppMHzv8Ie2LIIfqYn0HRd87c06djEA\n" +"EpXfXGqxjX5vAtNPO5fGGzghol4=\n" +"-----END CERTIFICATE-----", +NULL +}; + +/* Name constraints: Multiple-level constraints, intersection empty */ +static const char *nc_bad2[] = { +/* DNSname: www.example.com */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDQDCCAiigAwIBAgIMU/x5DBI1pGSO2eYZMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" +"BgNVBAMTBENBLTMwIhgPMjAxNDA4MjYxMjA5NDhaGA85OTk5MTIzMTIzNTk1OVow\n" +"EzERMA8GA1UEChMIc2VydmVyLTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" +"AoIBAQDL/hbj+RVDQ5sA4VR2FZ+P+/jju7jkUFUovwhCrWpGXFs0WDokcOkcXc3f\n" +"0yturFWazVEKaaZECiDpGf6iXmNoJA6fPT+G0gPlIL6wh4wKQG+vwVYsX5ZkXOMR\n" +"sl7BqCpeCChkth54mClEwOYW3WohdXqiJfxoFVdgnisbqkxYtz9aXzYE71cZIFAx\n" +"nL7V/gY+G/m0iZCdfh7YEDlT+qtLkGyHsyyTxwUH4yyqcsFl4WWG6wAdKF5U69yw\n" +"uo61J5wpE+yDyS0u4Cjw67d29OIHsT7GAq+fP69vMoEHPvPUM/aA68AycybV2OYt\n" +"8OJAyZqf/6zvnlrbLuk08kWf1TD3AgMBAAGjgZMwgZAwDAYDVR0TAQH/BAIwADAa\n" +"BgNVHREEEzARgg93d3cuZXhhbXBsZS5jb20wEwYDVR0lBAwwCgYIKwYBBQUHAwEw\n" +"DwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUz+XUeM8bwvK3BD7NVRRYSeZSlA0w\n" +"HwYDVR0jBBgwFoAU/n2NeCCnwHQwFpKwi42A3H+w9W8wDQYJKoZIhvcNAQELBQAD\n" +"ggEBAPJZO19PhmxQ1ZRDLQWZWxuQgD2Wwy8sS+wnlUo/TZM7+pT5ICjLdEKgETPd\n" +"HOqgAMQFaUpp5vx1jUBmmKdPOmwEnV/2zbw3GrYwAQjxunXD66iHjYbodl9zBumM\n" +"NXDGsHnKYNu9sPdQSMLC7OEOrKvEhH2afOvYDORQbSGXh7+3js7Mzggy0NoYtxnK\n" +"4wqt6g73SFkV82mTQpUBK218ROjuWVBUmWxq2JU+qvsAKbhz+Tjr9+kmFcNBRgmA\n" +"Zga26uoQhd6YP9DKbCvf3sK4bi6A5NROeLf9BzJHWkGani4F9wOjRmLVnLlB3BPi\n" +"tHZaLDU9fUnf6I6p3nu6LPTH3JU=\n" +"-----END CERTIFICATE-----\n", +/* Name Constraints (critical): + Permitted: DNSname: example.com */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDIjCCAgqgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0y\n" +"MCIYDzIwMTQwODI2MTIwOTQ4WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6kCE6KmDCkagX\n" +"fvq0rx73h7zn23phJYBmugfp5fPQYIJ1463dGmlFK4Lfkz2V4StgM2mbFFEkcyVC\n" +"pz+PyeSDgyWJJ/RwG690lLfu5JfNLvwxj/rFNK6rS7EpADew6RgURCpEMt6z1uEk\n" +"+IQsxKoXQmAcdtc/ubPFWInotg7Avoid0sG69s/+hq/nlGE9A8JMFnsLh/n01d+F\n" +"9dWsjrNiZ+mfTE8w0MVTq4+8mvmPmnjKsiu0rgqaVTmYpZW5chz9gGrZCr/Wr5CL\n" +"zPsAYaWie+wo8cR5qMEoX+JPHqM8eP9K1v+uYc03aD3u1/QYdxY73OLn31+jYAqq\n" +"tRJjgSERAgMBAAGjgYQwgYEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHR4BAf8EEzAR\n" +"oA8wDYILZXhhbXBsZS5jb20wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU/n2N\n" +"eCCnwHQwFpKwi42A3H+w9W8wHwYDVR0jBBgwFoAUJ2ngSf1CqeYVG3eUNcH7Lt6/\n" +"ECUwDQYJKoZIhvcNAQELBQADggEBAIQruSBUyQ268Js61XT3nlr1Y9HxmKA2DIuM\n" +"WcAicE1XIpuxDpZ/VmKH0/o2JVR1A7uwSMEnHdShHixMbpYrHRDnZITxs2lsJijE\n" +"r7YdqadH7EbjDIXv1DJcPnNaeqFPbyXEWqLYoQf6UPBLVRWeKISPN0hMaIZv4Y/X\n" +"OcBceajAr0XGxASRFDky26M01AVPZoYjgT7vLp835yk9BY5+q0GxlSJl6HbQ5ESA\n" +"IoC3Limt72niobmvEryQDq7qUUoR7hB1SMKfyX/qktxT3UCBLKXHsp80ECJ2A7Sd\n" +"YrHjFE6LnWHwGJFYZ1eYKiOjglVRGv3+bNX07bQBWKzRbLWYM+0=\n" +"-----END CERTIFICATE-----\n", +/* Name Constraints (critical): + Excluded: DNSname: example.com */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDIjCCAgqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0x\n" +"MCIYDzIwMTQwODI2MTIwOTQ4WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUbGpRRMdnTzbG\n" +"R7J9qYJoHOhgRp3lEa9sBP7/pNNIsEhXmvzBu5J0buJpAfRPmWcoZauKsVrKnE69\n" +"CFlTDVCIahQ5gtJkGdjrDrQDFFCMnKC04Lhq+EmbASBTn5GRQwJqEUi9xRpj0yOL\n" +"0XGlMp4JS44eAL4giywzPtOAZaJlr4kdOnSPK2SHFVwQGfQiNmzD5ajmsjM3k4o3\n" +"R2gXAsudyasQzRAjFyeo2ry7klPUPS5RHJ6B2n87e9kLGrYb8+O9I9FNc/w4J49W\n" +"AovVr5vcs9Km25jLUn43KDprDhpXddEraz6WyZJRMTZVRRUizET3gmojZFFD4zOQ\n" +"mneVYerpAgMBAAGjgYQwgYEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHR4BAf8EEzAR\n" +"oQ8wDYILZXhhbXBsZS5jb20wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUJ2ng\n" +"Sf1CqeYVG3eUNcH7Lt6/ECUwHwYDVR0jBBgwFoAUyFGHFFLCWYOQTLmh8jJpGyxS\n" +"bSUwDQYJKoZIhvcNAQELBQADggEBALGFCZXC1KPBBPMtLJNfhNBtBBC4i5q+1Qeo\n" +"aJL7dKVuBn79WAuND8rvJvrPKpGTmyxkcnqRXSBVH3c+Xi+v5ykLrtHJ2x4TOrmg\n" +"RBAaBqDuecQ9Ec0dCc5ODKwjdI/wEOGAS4sfrMXzQCv+UJqi2lE0fo/xDmS/azCc\n" +"WUjFSQOuWnCJIIAIyWlF2bPtdtiaydHKkTcG7c/zwrxRaWE2Q2G+dm+itpJ7sCtx\n" +"ZFfGMLUl7mDadhiYrxq1SnwrObMwbngPNZyUBi2G7jnXlyFc9X/w6fVIULLxN+bn\n" +"IzHWcRrBZ/ShdvCStmgbTlKNtvg0LWAk7QWzy2ibaXS5jp2r+Fc=\n" +"-----END CERTIFICATE-----\n", +/* Name Constraints (critical): + Excluded: DNSname: example.net + Excluded: DNSname: example.org */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwODI2MTIwOTQ3WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsnSNH0g4bvAXx\n" +"zJAfs+XFWpNIpJtD/1H3Ei0ezfH5Ug7GNpHKlYKLCIShqCFj9WSwzSyKNGCHafdt\n" +"PPhKo9uAo2bSaBZjmzxfqSOGDEXZ+4LlRgSPX2Arc0i97ZsPf0nkWLfrxlTOAQIm\n" +"DxDNrWlGrCl1dfPiB+EyMzo+++MCdTGEsdEdRFm85QNjOOTiaTeUpUh5G27+hbuk\n" +"PaRlZ1GHJYlrLHK/2qw9/Mw+gNnfn/Efw+lNeYuQ3tco8IAMN0jB8x1hDfOxTx93\n" +"mrFzAdGTfsYZc31YapATk2re8IJGeKSCY4XP2HvYZEE1fYdw8ZcqZ/Gv1RdXyxvc\n" +"6oT5r/PNAgMBAAGjgZMwgZAwDwYDVR0TAQH/BAUwAwEB/zAsBgNVHR4BAf8EIjAg\n" +"oR4wDYILZXhhbXBsZS5uZXQwDYILZXhhbXBsZS5vcmcwDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQUyFGHFFLCWYOQTLmh8jJpGyxSbSUwHwYDVR0jBBgwFoAUTBVq\n" +"WCSLkLZte75Q9bgKeM851qowDQYJKoZIhvcNAQELBQADggEBAGKVEQfAzrWj8wmQ\n" +"l4sm+i/pgK0I07jNMvgUDsvAmjlkndWxoX1ROe0Nd2I3d5te0+G9MR6CTOByr8VE\n" +"NLyXEsrk++BsfLk/0UNFHwq97QLTzzyEXQYQnDza8R1jdlr7XpGZOoWczi08yMAk\n" +"UiJyq2xaqerTlIYp01T9a3Nb5tWFyUVekJeyJQakj2VLaKkl4hCfK3h/HFBNJ3yf\n" +"AvBu77wQeh6n8osNDCpW9e1KRAGisDCFrTMUlyxQIK/OXhjLzu7qDKShdNnfNRmc\n" +"H4W9ODLIm8AX1S0udg9OebPhNWfM2bDFzI/dIX+yHp6q0oepbT11rKG8G+5M25uU\n" +"AUhTFC4=\n" +"-----END CERTIFICATE-----\n", +"-----BEGIN CERTIFICATE-----\n" +"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwODI2MTIwOTQ3WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZSS6SaBALkN4W\n" +"Tao6pqaDmi1edtBskNHdO/lYomElQtIkw6wQHlJjIdjF3vnhEWU9+HOIZrWKth4X\n" +"u+naDZquOb4GWPq/X6/KBoQ4hq/XZJaFEDPeciNcVeylWVlHi1OeGm8uHZxAK/6d\n" +"wpGoe/0K+QaLFdbm/srw1LGvCwbLwNDKePX9TgOfVKdZtGZUdDDo6TXUmhNG+QeP\n" +"7Fv1n2PjQFkXiRwVLgJj06DvR+ft81x2gjEVS+vxWg0+cbJvBI2ItpNGnIWvbwl7\n" +"BTyNRjvsi7ljFn+SfaRBLXE4aygQFQ9UCHNNYtkBO73BXv/SgcFXzSDDN5ZMfpg9\n" +"SSWkEApFAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQUTBVqWCSLkLZte75Q9bgKeM851qowDQYJKoZIhvcNAQELBQAD\n" +"ggEBAH3bezfaVpnyqZRJsZ8sHAIpJWa03mHl/mqRpT0qg45Agzwo7yb5dubiHUBJ\n" +"BK/kAMhICjHAH+6E5XubGVSFvbzBX1FeKQQgzghN4niosOCLZPUtl8gJGZlsOoCy\n" +"6HldkxXa26GBZR0NvJb/p83VA7w5Zlp5j7Rp2VkWwRniaPex39dogDX3IwnoZKzL\n" +"ogyeNQPG2qLDBdZRAVng0eJK1Ml5PHxoEkcFwFsxd4B1cJV0VCMk7X7oEc9qBtUB\n" +"Ye/bst72puWDK1lBhT6EFhDDbY9xKm7pvUkGx80gWm9JZ0xGCaoM4tyEAaCd9tYZ\n" +"JFvnIEGJGeGjlRLJZGS4mZ/Q5mI=\n" +"-----END CERTIFICATE-----\n", +NULL +}; + +/* Name constraints: DNSname in excluded range */ +static const char *nc_bad3[] = { +/* CN=www.example.com */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDPDCCAiSgAwIBAgIMU/xvqR+qZTQTaWIIMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" +"BgNVBAMTBENBLTEwIhgPMjAxNDA4MjYxMTI5NDVaGA85OTk5MTIzMTIzNTk1OVow\n" +"LTEYMBYGA1UEAxMPd3d3LmV4YW1wbGUuY29tMREwDwYDVQQKEwhzZXJ2ZXItMjCC\n" +"ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ46qo4PFrBfYlQXSgtbk/rO\n" +"0aO8/Gh/bIh4c/JX0RfqC55bnfbkO9SwwR+eU76INyVb1exmd7qsl4R2EgS8V3Gf\n" +"3K5k4tNecMfxT98MWiuSSp8Q8+affUF5t9TSLujL1dckMlPfH9hdxCYhJGH51mkf\n" +"wr3oEmwNXsA9OQ8oxq2i8WxQTJGUXkwx/k2L2NRF3L8vjRnXRfKSISkkDXeKYMvo\n" +"V5ElQwlKo0sonttUIGOVav8Cf4GnFQzSJW+RfANTniGIq16jE+flKz1kQYRLLoeA\n" +"fgH/1vI1v5xqMURNW/BQlawAE0HGj4MAyfebhsWmhqmcNqGBf1OfHMNdB1vamGkC\n" +"AwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNV\n" +"HQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRiCra2BJERmr2/+Klot32criLTbTAfBgNV\n" +"HSMEGDAWgBToCEW507CZ42L/fn7H+DLcx+zW/DANBgkqhkiG9w0BAQsFAAOCAQEA\n" +"fsG45/VuJzw5DRbrE6o67T3EgFfPCzr+xc0JmTJSCHvWIx+2O1VspmJiArNTwQ5O\n" +"l8Hq2Sag9Wi0cyRC8lVKPbC7Im2fZ4m4endOhiEmaOHBCru5bIFRwDvtG3u+yEYI\n" +"rzRU+6PdwmLYwc+ks8qEqACw772nElJxOWXmYEMtFpYh8eujfzjmUGIJyTotrm72\n" +"WX8phKA/xogZaSLD21t8u77PE/JEcJ2LXAa9dq6pGYru1vyuRqq8ZeWiVAAqD6hZ\n" +"cglKk8dLi6esywQMGEGqhRx9y1A0mPZO+M599GOgWTbShUB3pUyaLLLLnD9Dciwq\n" +"4E4iP9rdfgStOfz12BsKOw==\n" +"-----END CERTIFICATE-----\n", +/* Name Constraints (critical): + Excluded: DNSname: example.com */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwODI2MTEyOTQ1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW2Z64Ax+MNj1j\n" +"2QM9hjP4ybs+mz51vfDAlDVVdh2bzJOHyjTIlzI71QloH9aPuv5d92tTxe7/7afY\n" +"fWC61AF0WKj7x8h570IW0Zye4ITEnDLlqk5Bn46IP9fWDq5xYVEGMaYT4l409Fyw\n" +"JUZjfXqMefAXhj55wZoz+WMM0AB5LABlojLkV+iPMVJgfYWhcVijd92Yebp8R2/+\n" +"z1nF0vQtV01tatWTEiJajPRHZCwVe71rXEf02nYiqCw5RwLZrsug5LZ+K8LoBbeE\n" +"ezcJT5y8uf4mpTmTj2Po7Kby22yl1wkVV925a2Of7ufDL3d56SIM1foNXAAmlFar\n" +"M5Y9hIZLAgMBAAGjgYQwgYEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHR4BAf8EEzAR\n" +"oQ8wDYILZXhhbXBsZS5jb20wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU6AhF\n" +"udOwmeNi/35+x/gy3Mfs1vwwHwYDVR0jBBgwFoAUWU1t/YrnYJGhEfuoDj42A4ui\n" +"j0gwDQYJKoZIhvcNAQELBQADggEBAMj2jjHmYLWxGMkLOIQ/MGtvchZ+v6vmEl7m\n" +"GaoHkz0sxFeJqs7mwcybvwG4tlHB/PhaLTH4HfN6PLNbRA4oamr3gFsEtd/JRihw\n" +"X/5CvdJdu/d7uN36yrD5ZTJmt5v1sAXqzkVYXHUSQLOLTIVfwQfUv8IrxTWgbhNI\n" +"mIi55bjCyOWYzZsZ5kTDNFcBkoYiMks2fVuUdP8xrxoweedVswUdkwg1TyWLikG3\n" +"47VuQP3eA7+zEkFUeywG89DTOpDURAlvBzaVTjKn++3RgH/A4Wa+MX6HTHXjxBIU\n" +"1uGcMjhPjc99F81RaYdIlFsQiQ74b5RwdSvGo0e67ssgar0XKgw=\n" +"-----END CERTIFICATE-----\n", +"-----BEGIN CERTIFICATE-----\n" +"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwODI2MTEyOTQ1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYTAYDM0lZ+RMg\n" +"M1M3q4n6H/VebQ1CG1ztkinGzj7eH+fNyi9Wq5EqB/0S7jVPEuD0o5jBrwI6XFoS\n" +"MQiWtqWHGh47qijX8y/oc75Sn/2b1gGF3zDWM9LygZZW2+QOIrvK5TcU+rAmXKsA\n" +"765z0nTIbL3vNr9n0yEM3E13tk3Qjqx+OLhJ/ZyLKW+w+BuhLp79LcVtjNnlVfvC\n" +"nVgLvo69YGdJxhPUjjVqKwTlvptyzELQSSQMenPmvhz2kRXjQ/6jog4tb1qkzfpP\n" +"eYB0MVgSLeWBgNF3VLTSH06RHvXEQcdP2e3AR67sJxd6UJ4vOo1widQs0yWTZpCB\n" +"ZJawOPqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQUWU1t/YrnYJGhEfuoDj42A4uij0gwDQYJKoZIhvcNAQELBQAD\n" +"ggEBACUbydVQKZi5ulzn/lQK5x/DZySJflrevZ1plV7BVBhZhlvBO0VARGNn+NW5\n" +"G9RqY+itmyBbW/Fl43gWiHQynYneK9tYBub7WeJqr9iTX4zvI7V8fk/vbyfVRODX\n" +"cJ8JzeLYqi6Hm1PK7Q9dz0rgyulXeuCyDeQ4jzoGIm2l7atUoGZB0f9YCJyeV2ew\n" +"t8jMZr2sSVMgvT87S/EHMe5q5YAJQzDBAadH64icaxW3e03UeH6JYblohsZVQTIE\n" +"wl60jozIStml73oyocfytsErDdKArrSSHxHaygAqoVu+9O5U90vwK6VDuGF0YzZj\n" +"ZKOAu2HuFHpCMbYzUYi3FMOUU5k=\n" +"-----END CERTIFICATE-----\n", +NULL +}; + +/* Name constraints: Multiple-level constraints, different subdomains */ +static const char *nc_bad4[] = { +/* DNSname: sub2.example.org */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDMjCCAhqgAwIBAgIBBzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0y\n" +"MCAXDTA0MDIyOTA3MjE0MloYDzk5OTkxMjMxMjM1OTU5WjARMQ8wDQYDVQQDEwZz\n" +"ZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtq4QWPb53ClQL\n" +"hpCyCf2oX/WnrX2FaPv8m4J29fpkSTn7uuasEjLzwKvltXPJp5fE9jJnX2JyrS5z\n" +"tBGcH7/OnxEOGtZN19gLQLRPqCjzGkez7moQEbpnO/M8xeUuil4CbuhcnTA93vjf\n" +"i2mxQMgjS/Ffblbbv5QR6R97Eu01w2gbar7S0nj3ctl2lYiBWFIcBVbunVgtlC8L\n" +"JgW6tv6jay/GZSUBTw8ijh0o0S1ZEVqoOBszDdLHFwO6m3XpMNocYKh2Eva9LcA+\n" +"NmVWywaAk84RiMttMjlc+Y3Q3UhEemgh0RTE5oEIFjV9Am4uBM8LcwvmIat2oYtM\n" +"rbhczTG9AgMBAAGjgZQwgZEwDAYDVR0TAQH/BAIwADAbBgNVHREEFDASghBzdWIy\n" +"LmV4YW1wbGUub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH\n" +"oAAwHQYDVR0OBBYEFM2roPUnRWzJSXG+5jGoBJDX5ZshMB8GA1UdIwQYMBaAFM2r\n" +"oPUnRWzJSXG+5jGoBJDX5ZshMA0GCSqGSIb3DQEBCwUAA4IBAQARXEGjiewd62mb\n" +"kiJ5ezzxgsnfLBlhBdrt6bTEWS1Ehnnx1HMfnerFuSmjk8SGsVXgHsqmzY5cg3Sy\n" +"449+VqkMESOiQRmj4DmNNLu25ShLWlcfDPXBFZavPtNKUrBEWfthI7ZvHBeNe18O\n" +"kkgYJGKLmMm5+Bz2uDOTBTPUmZkX98sUZgdcFyN8OI2q22MLWed0a+ZNZFRUN/Iw\n" +"9gg6fzSmMBShAIxei04CZE2Wx32a9tr+mNqHa+Puch2s2EqlYJBlDGa2QgMWA8IP\n" +"09CHQRxeICqV+cX6zJP4znQFqySX5rWWeD4FKkdQr8T1IX1bCcGKCkj1ulEntOjK\n" +"8ZOkdWuv\n" +"-----END CERTIFICATE-----\n", +/* Name Constraints (critical): + Permitted: DNSname: sub1.example.org */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDQjCCAiqgAwIBAgIBBzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0x\n" +"MCAXDTA0MDIyOTA3MjE0MloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArauEFj2+dwpUC4aQ\n" +"sgn9qF/1p619hWj7/JuCdvX6ZEk5+7rmrBIy88Cr5bVzyaeXxPYyZ19icq0uc7QR\n" +"nB+/zp8RDhrWTdfYC0C0T6go8xpHs+5qEBG6ZzvzPMXlLopeAm7oXJ0wPd7434tp\n" +"sUDII0vxX25W27+UEekfexLtNcNoG2q+0tJ493LZdpWIgVhSHAVW7p1YLZQvCyYF\n" +"urb+o2svxmUlAU8PIo4dKNEtWRFaqDgbMw3SxxcDupt16TDaHGCodhL2vS3APjZl\n" +"VssGgJPOEYjLbTI5XPmN0N1IRHpoIdEUxOaBCBY1fQJuLgTPC3ML5iGrdqGLTK24\n" +"XM0xvQIDAQABo4GmMIGjMA8GA1UdEwEB/wQFMAMBAf8wGwYDVR0RBBQwEoIQc3Vi\n" +"MS5leGFtcGxlLm9yZzAiBgNVHR4BAf8EGDAWoBQwEoIQc3ViMS5leGFtcGxlLm9y\n" +"ZzAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTNq6D1J0VsyUlxvuYxqASQ1+Wb\n" +"ITAfBgNVHSMEGDAWgBTNq6D1J0VsyUlxvuYxqASQ1+WbITANBgkqhkiG9w0BAQsF\n" +"AAOCAQEAR8wKnufviUhLtx0og+P/F52BcdQGgVoBdIpix57DeBQTn9PXuF70hPjg\n" +"a/ZeSR2b65JnyO49i9bBX8ctg/FR+LBHdxMRcIN+VxyKFBtyFc2cxW5a4BWaD9SG\n" +"hW6gzWviV3XwTfTKuY8h710cEP73Yyu1FOuejI34Jiz0sNXqhPc+08k9maFicjfk\n" +"Ftpft0y0YM1DJmUMDMQkpShb4kojLwsSYTxU8DTRHXvBHrAdH4Np50tm6FYIXUNS\n" +"iXlrg/c4VPwEsf5/sR+Ga60LPejZsrvhtvimUsGdNNVVWRtsgcT2jHXxyR1N1vJx\n" +"qPlLDNLLWp9nfCk/55QqSf34dcKomg==\n" +"-----END CERTIFICATE-----\n", +/* Name Constraints (critical): + Permitted: DNSname: example.org */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDIDCCAgigAwIBAgIBBzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCAXDTA0MDIyOTA3MjE0MloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArauEFj2+dwpUC4aQ\n" +"sgn9qF/1p619hWj7/JuCdvX6ZEk5+7rmrBIy88Cr5bVzyaeXxPYyZ19icq0uc7QR\n" +"nB+/zp8RDhrWTdfYC0C0T6go8xpHs+5qEBG6ZzvzPMXlLopeAm7oXJ0wPd7434tp\n" +"sUDII0vxX25W27+UEekfexLtNcNoG2q+0tJ493LZdpWIgVhSHAVW7p1YLZQvCyYF\n" +"urb+o2svxmUlAU8PIo4dKNEtWRFaqDgbMw3SxxcDupt16TDaHGCodhL2vS3APjZl\n" +"VssGgJPOEYjLbTI5XPmN0N1IRHpoIdEUxOaBCBY1fQJuLgTPC3ML5iGrdqGLTK24\n" +"XM0xvQIDAQABo4GEMIGBMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0eAQH/BBMwEaAP\n" +"MA2CC2V4YW1wbGUub3JnMA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYEFM2roPUn\n" +"RWzJSXG+5jGoBJDX5ZshMB8GA1UdIwQYMBaAFM2roPUnRWzJSXG+5jGoBJDX5Zsh\n" +"MA0GCSqGSIb3DQEBCwUAA4IBAQBr5K+BzFT2skeVkZ0fR8g6KcevlvAP7sOm8Ktm\n" +"nINBFi9ercrD4XAqkRTCYxDZ/6D9s10lf+CW4QLw2GOQer1D+znBzZZCqFfZ2+uL\n" +"ibQ+pth5IgsSxkxctowv7x3Y4C95TNAcWs9bWIHKgLqXhotk6mccEvxkyaPIL5yX\n" +"U2bs+tNpaqiwdCNjTJCo1+xdQwWZfk/oOMBn6Fihuc6eGP6L6Zj2J7TqO2hafrs4\n" +"lg1rYDU+cTtDy/eVt2UoYXLDnIm2EPcnTAaR6K3cLlh1HbeaUTDU2nE04riE8ntA\n" +"Mpu+t5TUUq+Zcx17zn54/W5oLC0wCGzzyLhh3/mLh6RLDYub\n" +"-----END CERTIFICATE-----\n", +"-----BEGIN CERTIFICATE-----\n" +"MIIC3jCCAcagAwIBAgIBBzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCAXDTA0MDIyOTA3MjE0MloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" +"QS0wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArauEFj2+dwpUC4aQ\n" +"sgn9qF/1p619hWj7/JuCdvX6ZEk5+7rmrBIy88Cr5bVzyaeXxPYyZ19icq0uc7QR\n" +"nB+/zp8RDhrWTdfYC0C0T6go8xpHs+5qEBG6ZzvzPMXlLopeAm7oXJ0wPd7434tp\n" +"sUDII0vxX25W27+UEekfexLtNcNoG2q+0tJ493LZdpWIgVhSHAVW7p1YLZQvCyYF\n" +"urb+o2svxmUlAU8PIo4dKNEtWRFaqDgbMw3SxxcDupt16TDaHGCodhL2vS3APjZl\n" +"VssGgJPOEYjLbTI5XPmN0N1IRHpoIdEUxOaBCBY1fQJuLgTPC3ML5iGrdqGLTK24\n" +"XM0xvQIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAw\n" +"HQYDVR0OBBYEFM2roPUnRWzJSXG+5jGoBJDX5ZshMA0GCSqGSIb3DQEBCwUAA4IB\n" +"AQBtm548YFAtyKUyUyfz/iDPwgFq3PtxN0gfA2ZgrHG0vXDq49eDv7sQueTjY21T\n" +"GGkgyEEOlcbPzDC7hMrfaYSEGwrwbTkrWnrqk0rorFjjkjlKkx/9EuDQ/gjyQGrn\n" +"EvnFWwmxq+vambeRGxPWFRR9r+ugbL/xciZfT6OyoU8SZY4EpFu3e4ydmskdkt7R\n" +"qRPOpaHBuKygw4Uq5mhNaZDMy3FjtP+wt84UOOZbjqFQ8K8AZdAaDp3TDBtzoHED\n" +"lgv+PQMzYNnSsPVdvBC2fkgIWzZlyjeGMMtkUp3E7FeyFU1302g3xINRBmUcoO0c\n" +"jo6K7k6FZy3n6DsJ0q/os2wA\n" +"-----END CERTIFICATE-----\n", +NULL +}; + +/* Name constraints: IPAddress_v4 in excluded range */ +static const char *nc_bad5[] = { + /* IPAddress: 203.0.113.10 */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEHDCCAoSgAwIBAgIMV3OYdiegYYrQTBXhMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTYwNjI5MDk0NDIyWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEA3Gp+KHwqvpNlEVkKyW1etHhOCXJPde/OJ7INv5RAd2xH5pQJI/mY7ET8RAz3\n" + "oh4t9Ev65yljuhE1Q5qDGkjZrAhSpY8OwIQ7ZKtxH6zdKTsegAr60cfShgk2bDef\n" + "wxbz92UBccyqzTQqWdi0Xvt9nVOkNL6EJWJ9eOW7s5fQgeEBlHYIzZyZs8ndiYqw\n" + "Hpy6gg4XG777A0pgq96o8ybNBIHALV9aq1UGLWXGvEbi+yc6pQMYCg7OMcZq9aVO\n" + "KBlR6HIxEohhFIWctmQDwd6ey73YV5XrDTRB7Qpe66/pqygQZNqMSaa4KL4z9KcL\n" + "YNUtIFC39ivNBGT1gM5V3c69mkR38kYwRy0UU7C84/8t45+e6ZmSqe63RKKioaJU\n" + "LlTCgHXwI1oeYlt7Pnm0kaWgArDJxBk5n1YxEoqkVXJ+lFy/qIF67Dosv3bNh2PU\n" + "iPpLmbuFmdqq+E9DENeqji21CcPkvY1ekdib4JLolNJCVaRLnXPc5o0UEZrhCqfq\n" + "UYfBAgMBAAGjcjBwMAwGA1UdEwEB/wQCMAAwDwYDVR0RBAgwBocEywBxCjAPBgNV\n" + "HQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRcj6YutTxQa7DfoqMSjPPQgv+p0TAfBgNV\n" + "HSMEGDAWgBSSabOPqlecJ2jDyxpE3oaYyIBWBDANBgkqhkiG9w0BAQsFAAOCAYEA\n" + "OyCT0ywwikYVSKEK2npyzAx7mkbkfrAHmkcCnVEgRonXKIWOL8lbRQp0m85ynVea\n" + "aTfAVc0SNc7DMPR4tw+1gCpgsqhGEuip2Ltol9bhUovzfIpveUdJgeCI/NHBPAHH\n" + "kwYgua8dcOwjb2SDCieXvWlE5DZUHWHNYxgTKQVB/WfAjmQbuF5olusFc2UtSk3z\n" + "cnpBDb0+jUHfqCo8On+Wk5cc76mCvrcl9DLRFvPWN6T5IhisGVA93M1lIMQ9J9jN\n" + "Q8SxZ7OeNaOXhBX2j27KzV7IXy0vqajdQDui1XV3Cos+EUFAt4Es8gUg5I8gNETl\n" + "DqGglGUz2fVnLAQLClnVkZ0ExF3kDao7JwU2nl2XbzPcwwGGqLf06s5sEWinAZ2x\n" + "k4L6YBjhauxndIkk0567/+GVeUaJxtruYA9rn/vJO6kEZXUy9eY0BF3GXQ4CKYG/\n" + "FmFqfCwQ71LshpMsKncFp66QESAwmq9qaUqXoWSYtRABJKb9gYH42Fx0EY7QFjhq\n" + "-----END CERTIFICATE-----\n", + /* Name Constraints (critical): + Permitted: IPAddress: 203.0.113.0/24 + Excluded: IPAddress: 203.0.113.0/26 */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEKzCCApOgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyOTA5NDQyMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA33/Xbt7c8Y+UxoU3\n" + "4O0f+OTJF59lqe4UJK9owqXpiyt4d4hWwZV9EkPT9ZaysPaL05+AXdfXsfUz3ClE\n" + "RPvK1zjR7WBqhu7dQ8RGNomaP0gY7eVqa0/OcDe1Z4ogmf27WbAUVR4xDZP18Qqy\n" + "HB9BDStOJ24wbVfYgbJq3djb886yHDch5/mtdI4/C6aZqayaLjmoNs7UovuRlQV/\n" + "Tdid3rleUeoH9xFD3CeI+PZMIbhyQww66qMiCkrTtUN3EOtrsvWwuxUTH1dedEI3\n" + "tboI8UO+e2VJsDjbdzGIV0+HnvwoPQHYRlrog4RW9pNSTst+DeA4XY8+/FVnfhdT\n" + "vDdbcmit4BxdtZf9npP5iaIQTOHNntdAAPOFCoALiCMF0parEKNwNFHa98hXr+Nj\n" + "u4/oQM57fMcOC1z4y1pt6HK0zzFNhwHUrZUlAgcnXJ9bW510m6vu2LEFgJb7mM3L\n" + "ku+ddujNOoL0BxsaaUJCh2IP2xC0rXGi6tNwR1Bv5RBnenDxAgMBAAGjgY8wgYww\n" + "DwYDVR0TAQH/BAUwAwEB/zAoBgNVHR4BAf8EHjAcoAwwCocIywBxAP///wChDDAK\n" + "hwjLAHEA////wDAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBSSabOPqlecJ2jD\n" + "yxpE3oaYyIBWBDAfBgNVHSMEGDAWgBTAJHQ/p0WPW1fW+sKB5zbefu6HDTANBgkq\n" + "hkiG9w0BAQsFAAOCAYEAbPahfACWMab9ccrS+pBdz+4hiy+LmvOP4FRFDz/zOCsG\n" + "iZc61cYPWmRYWGsyWz2CksTg+Ktx/85PPvKTmEctK9NSehUgKESur3CPTp32k8YZ\n" + "4NMXYXtwNYLPe5F6uehdPst5h7lg3Rz2pPqKopQ8lfv2qYTjtNCJFZ9wCtijqWwJ\n" + "gZA9kFfPlHeY7kdnTY/Uhw1UVC0ty6daWXkKq4fhiiCXqcIO81GQHwOYySQSJef+\n" + "KQ3m7QHascLKSzAISbK9Ncy/C/fIcM7pQmODKPwY/K3V1CQky6jmoZQ5LUbpXEW3\n" + "qOjCElV2WMnkj5WuxDUeoVEKtnFGXI0UY5EY1z89GP7BatbNKLyodfp9qgjuXgr9\n" + "DacHAUWOH6sH/wg4d5pgySVJeos5l6DzwgkyECaAGFM2t08waO2Xk9SgpmfMCxCM\n" + "Gop4d5bIEMC8qScQmA4S1wfuoQQRRZiy2A4QckXoJ1OxLj1XVgossO21h8f9uNFJ\n" + "nfnYYSRbIp+X0mo7JjHO\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIID3jCCAkagAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyOTA5NDQyMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAs4uT4SEkVU0hdD6p\n" + "aAkXBPeVl2y37jNB88rwam6kbHKfTQ/JpTpiXULo/dCmw0fr8np/FfoMZTUk8DMm\n" + "zIsPjgx0yDx/PeUeA1Jw+KA60rApvxhtHhw2XLkF9hkU3YVwdcKfe1Cy3ZUT+3Xr\n" + "rfoLLyRTR8qhj2wS/ARTx989cGbOpMGgFQxOrFZhm8N2/ORYDYJQYNTeqjEmHsuu\n" + "wR0lvKj81hVe3mu6OsK4THbVpfeNW52zWW1FXwE3xbEXuckhzs2ZAc7t7SWzqD0u\n" + "8lVWb6vXI7LGv217EpIRwtqa9zUHXLt4UqV+kqiUxLUOjxfitJI8CPYGPhc7aocC\n" + "popaFqZJcLYvSJJY6Ya2ihZ4VyXQoXD+N8nQsFIm6dernNYQH2rB8plknAWbQqUG\n" + "bhjTKX/oF2LCk8ow0KumqQre1UgcPLNiLQRAhyVdXgCMQ1bd0mFrwXUT2m2X+0sn\n" + "DmW1by2bH2cevKtVaVMHq1Y6K7mcMb7pyQak7gFYAdu3D1u5AgMBAAGjQzBBMA8G\n" + "A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUwCR0P6dF\n" + "j1tX1vrCgec23n7uhw0wDQYJKoZIhvcNAQELBQADggGBABfMsNqRJrgIsQdneT1B\n" + "s6fXdAlPkvbRvnScn+i/OOQxolgDQwge9A+0JxqTMtvxs+X5ahi79pPzqqzH1iYV\n" + "2eBY1JpmYbdOYBVoLUQG7GG6ZRJWcDtAjGhnxgoc+lxVePpSsiZWpXFzAYbV7jQa\n" + "2BXvzAk+uuBCUqKhrkmGZ+ZdQ8SlDjrQyblhKLy3vPi2LhfeNwTWAv2Qx8V2XRyB\n" + "BQSchuMBq19mSppzjN+e5ixiRoNx02fH8dfZ0bu4ONUZcoECwuCmKW6UchQTL8Yf\n" + "GJH9beqEAHevvE8Qn5aZcpX/BPBpx5jzOFXAD4Oqg+tY9T/vfgdElD2fQOI0gJQV\n" + "bzC83bbAkqrjeZXyn0srzegPRyVczuv26SYGjhBsLVk5pAt6Msfnu5g3MC3BjKgc\n" + "/gYV2bFtj3NMu8bAPYkKE9G/+0PT/a3/B5k3iw9FMxuZD/vjYIdSo/oloM+Ht9WG\n" + "EYaTPDOTm4sXdqMVlPIyhwxADNrPnlAke68rKN7H5ChozQ==\n" + "-----END CERTIFICATE-----\n", + NULL +}; + + +/* Different name constraint types (testing symmetry of merging) */ +static const char *nc_bad6[] = { + /* Subject alternative name (not critical): + DNSname: ddd.com */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEHzCCAoegAwIBAgIMV5diNwZSNyHAsK8oMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTIwIBcNMTYwNzI2MTMxNDMxWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0zMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEAv27tPNVuhJu/74JaGtQH4s4ZWnIsvEiqVCUveI3YCZYNTeE0FC5fzyqcsx3Z\n" + "K9R8WVlF7SCadNY8E7aTjFiO7x3vcHvwW6eWY7kb0ZwUlzrvaqXp8BlpwpWUP0wq\n" + "da8TZ5S2qrYC/itHHr8Xwo3Ec3rwj8ZO/96JjDKUgbkQVGoXR85+oWdABTSZcpbL\n" + "T4UwCkBeYbkOD2jejMlaOHy+128mYeqW8Nh+bhF9EFVWFWr9XBSpfpCguD4JvsAf\n" + "1zFWmgZOIosLWoLg5O4Po2i4rZCQLGxSKanvHR7npfpqbUgGKHHIGVQNHeLWz4f6\n" + "D/VwRyxiZ1+VhR9kRvcQ3SD86QAInoEPQf1F1QnFqq76mfSobjKhQC5utg6DdMvH\n" + "GU+smT24nRtx0Q7nILWzDPr/DdvpVPpFOP58thPLB3PJnc/dobwadsi6IslvdZ+/\n" + "K/e2Ec4G9sOTMN++0+WM60wPula7t5GTr6SAmxZbrYXZlQH0jy75DBxThO1fMDn5\n" + "pMa3AgMBAAGjdTBzMAwGA1UdEwEB/wQCMAAwEgYDVR0RBAswCYIHZGRkLmNvbTAP\n" + "BgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBQyjEcacSHAUrf91hhII8DfODB1ozAf\n" + "BgNVHSMEGDAWgBR0larTRnVL1RZtrqpleTpk+hEkqzANBgkqhkiG9w0BAQsFAAOC\n" + "AYEADwaR444xUTrdl/WYBrPF69SXw7Plw7d4fh/65417wiEr4mjX3pfH6owVKGgq\n" + "dzBjtkq8+MKV5W11L/S4tpVtUJt3AVrOCQKUiQiHuB4LSKX99YBBlZ9GYSeRgp2n\n" + "iPqaAlREizXBJyPAH6tpuEyUp0rwP5qFjDj+Ks32jJUmoiJ/rnBMFBIdlWHpan0a\n" + "7lIQi1uKIzQBELHmb13Yk/K99ilYaT5V/hPFRI02Q6/nLCTyuL7jLBijB8o8nwzp\n" + "crXGwROBXKdn8NE+SrLPALM1/Hms/KANzLI6CjjZrO88YyNvWjCs8K8/sags8XiJ\n" + "bxEIM/sEMV0I28E3T7kDywdf8OUvADYQIJidsrwv+n+UcI3MTZjax/295afjgBYF\n" + "Zn1wEB/N2t22XlXvkbefYRaYvv1rCb7WaSvvzUaNsq2CL0uG353roiuti++MM1Cf\n" + "wraL3SaauiI5gIjF03wElMyuAnKctk5cig7YVrhWAUx6fP5IOQdczRhP5SeUQBNX\n" + "sEnr\n" + "-----END CERTIFICATE-----\n", + /* Name Constraints (critical): + Permitted: DNSname: ccc.com */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEGjCCAoKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0x\n" + "MCAXDTE2MDcyNjEzMTQzMFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAo48gh92ygu5fGfzP\n" + "nVwd8wLN8+1+k2WKOWupimwHdNG34KGKABlnjEjTZWuzZD05xf4V879YO8fiEWCT\n" + "Nty70MmFyGXp9iCQpjIyTHhPVIIXfHKH1FbMvTiCicTtgFlcxFS5XnlhfN9H3Js1\n" + "o0IA7Zyoq28s/Jkv6+b2YEr9OyNc4tMu6vLmEEnaDYwa0uLr7Tut6bTt+46bP1//\n" + "d75xRsidnAM2tbYrhJ7MgTVTPYt9ewr8JcL0LDb4wH26fitddGAKQUE3VCQ/anyi\n" + "PeOjoKryRaAsMtzDTfBRAx9eKIkKSYdA9c/dQmPO33Gxp2XctllVwPav5PDRSCdO\n" + "F0dUJ0fqSNm95rpwCHw1B/MfSug1ye2AG3F8L+NX8SAqOgFgeZmukscrty3mwqOH\n" + "sQRnSuu1+x6jUypwGoNifWuAZjdUiNflC6JfXwuZ8lS8xdvEkFSyK52xkcrWdvFu\n" + "FNh8WsnpWkbBwaY1Y0nD1RY1thgMcbcJWtOiUTDOJKtNbQP5AgMBAAGjfzB9MA8G\n" + "A1UdEwEB/wQFMAMBAf8wGQYDVR0eAQH/BA8wDaALMAmCB2NjYy5jb20wDwYDVR0P\n" + "AQH/BAUDAwcEADAdBgNVHQ4EFgQUdJWq00Z1S9UWba6qZXk6ZPoRJKswHwYDVR0j\n" + "BBgwFoAUjuF/dTI8YtA8wD+BlmP2MTUZNTwwDQYJKoZIhvcNAQELBQADggGBAIe7\n" + "7o7DdYEj1mj5HU38fJ+8Dbugya98LODWSXXDpyxmFdn/A/poARj4DovFwXJ/0K+I\n" + "BQ3jDvoJu6sV3/V2WKL613euX7vIK1sahbzlVHtBWxUAvCyg05ZOFp59ZxahHLO7\n" + "6BF1QQK/PKtABTijCtcsoEGU7Smntn1mu5pMXoUHb8Sm+kkR7Wwm/z93lnHASG5B\n" + "uGPQaXnZ4cMFa7+4tBe8Dz4huSQObye+iHVnkizQmEighHVK+4qKExMOTwJB5ba0\n" + "6K8mKY7YAGDGUgjJzXVmGJPp7mb74AEJiyGobYB+Om9kPkWyAZW09EYl9GnCDl7u\n" + "kiI8IqfoA6yvxHerQTsjS55TXTPmOl9dvYpnF07QxK8UwtZvf55zniKHjsP7TBoe\n" + "9IJt7xxMeYbv6eDbxIpUp8HiljTTxKPKFZaFEOCFBjk4G/yUQNNiNUYdvsRdhvq2\n" + "v7o3zwatl2i87lXGD7C78o2jqZDHoZI49XKN6ZW6dw3tpnjrEJeom8MwJfjHww==\n" + "-----END CERTIFICATE-----\n", + /* Name Constraints (critical): + Permitted: RFC822Name: eee.com */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEGjCCAoKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDcyNjEzMTQyOVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwoXjtDX6uN+SF7qF\n" + "dEWvxYb9Q3gu0PT0N7a17FaystBIGmw5lT9PnMUJKHPxNwrn+QdD1ReEmf6K4D8q\n" + "vQzIzbCSBIV8bBZLA1/iH/hRaYvCvQLIaSnDEiDkkswkOyu/k7RDdB5H8q8Ey5x+\n" + "udlqQGDsjHVQCKeWfAHXl+NRQ7ONj69cVbI1qz4r1KhnVt9BsxSmXw5n2BBul3Ns\n" + "BY6yD8WD7js2sGxSMuv8hjFozc1t2u6APmkEJwiGx0fe+0Wu2HHNOUu+oyeiuPLq\n" + "6G/Nz1B15E15iY+Fi6g7Qa9k97UuLPiIzjqD4JtnSerBxhkossWa7KrOw7no5Ws+\n" + "d1lpZ92zGt8kTpi7KxQIV/zxvaXVBKv3br/FmKYxswFrbkXoYaFXrdsPs49B9OyX\n" + "WY1zMWhbU4uddPG964yxDz2oTehRjvvxF+1oSAaoLn4chlPpx8p3unj5Y/h8xr/+\n" + "Ciwblu3LE/1boa1zS/wM89UwysakVsaAxO3XjZyJPAJsTndTAgMBAAGjfzB9MA8G\n" + "A1UdEwEB/wQFMAMBAf8wGQYDVR0eAQH/BA8wDaALMAmBB2VlZS5jb20wDwYDVR0P\n" + "AQH/BAUDAwcEADAdBgNVHQ4EFgQUjuF/dTI8YtA8wD+BlmP2MTUZNTwwHwYDVR0j\n" + "BBgwFoAU12oooOGTdVttQK9BdMpkS9Ch5Y0wDQYJKoZIhvcNAQELBQADggGBAEN8\n" + "7Uou6LgI5RKyRL8UB4pLs53+mkUPoXCkCbv9mdFAqoi9OP89ALrF11tlME9PQZFj\n" + "90sxnK4S7ZTDBeS12AUlEEQLCTIrqTMVTyiiklS4bSck4TOGFCaQhrsh7ZliEqkm\n" + "oVsxYs0DYW66lVam/+K+5i6mO7Z4HGo5GDbU8nhMNHlighURfmzJ10xh6Z5s6uSA\n" + "K16OzIOiSqUXp+nT7/NmWSzVgegCqScXLHZ6VDHDzfjURHrqnNTGg4ByMJo1R9DF\n" + "Ne6khju2qP5j71Fwxz3RyZwwdhrPN3QSmMGyuFK3GS5WOYTeg35/Fa54UGVCKSM9\n" + "Dsdg2lHS4+Bxkcj6fSj++5RE2CILOP2vV08VdV5IVFNWSNXhNM4JPOaSjKzIXNuq\n" + "VdXTXxYBn90WA4/WNvUiUaVSioLvf/8Fv57/5JVwTsqM/I5TKZm/sbVePdX/3G/O\n" + "7AmDbp8t5zInW1EUev7ThIRWlr2Jr4NivzeHcjRwdQW0HT0kwJfJSTzH/4RzAg==\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIID3jCCAkagAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDcyNjEzMTQyOVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzipouUl1Uqxd0TpN\n" + "JO8syBj5zG5Rasydf5ucdnu5P1gjRvoHulrlYy5/NUA+7N3QLN6fo4cjRZ890p18\n" + "7xqp/EdPUaFhv8bgyiaB8pXuQWTldqcuPSwUzXBHAmqhQ5lE7oomyGA4nqEJreas\n" + "ishVn8v1M3FS6woAiJAxP5vbUOMkoxmoGZy6KkHNGZI+GUSDkoZBWTod8fFSMDYg\n" + "kQk8QAGctCAG6Ms9NWKQpNHbTmz9478AC4phZR5QzvstzD6WpEvnXTI7K3ByoSN2\n" + "0OeQzl5u3HbNJYDydOZbYuSnbADGL/QpBqirmcMUi28lXuSJ6c6jdvnOODqbahvr\n" + "zvJDw6FQtn3OMdZnnSvWhkg6SxvImi99ABpS7SLNHDxm6CWrvbuZVFR21Tl/uxZl\n" + "4je2QW6WaFQRO2J7iVWY2YJtDHLAGA7esfofnvRNSHEh1e5n8G67X5xGGFIIvBu9\n" + "YSFmwTYZcu+DOa5DOU4tAQtftuWcK3XdcRJBn0X0NbBG13YxAgMBAAGjQzBBMA8G\n" + "A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU12oooOGT\n" + "dVttQK9BdMpkS9Ch5Y0wDQYJKoZIhvcNAQELBQADggGBABVza/dPn0VSs8frs2nw\n" + "Pd3QoclMKNJ+myDtn5P4q4X0MNKVUQqz7HZ2RPa4UH5PDRp1PbYP45z56wIoYfJb\n" + "i/sdDax0Nd0w6rmpl+koP0m24p8asxt0KenGQiBYfeEy2pxFn5aEKoDnyNAdhZRQ\n" + "2Ug+pp9OMJoTqAPcDGbooHs5j5wHcIfO0bRhl7/QnDc5HK6ll4SmOrfJ8LpkO0BY\n" + "vQK9zWC5Y3zck5uz8tNSCiGgt6y8MZQisC3JYWkzXE9xOjNfUBN+KhdF8ETgaBMZ\n" + "QxguU5VbKtzqG8cpl+6tgW/Otrarirov4EVGhn2B9gwy8cIBe5Q6hXhnzYCpJjVq\n" + "NWGSJ8T0gD+KZt/zxIAWWaYdMUXR7nQ5S+gY3Kn/OoTBZMrKJ3LSEQW42USrQwAl\n" + "p6YA+vX9EI4B1r5uGDoxklkxAAOrO4sddw7MuncjeQzahqbI4IQmxj+GfjTXZ5Df\n" + "gmQvlqt9tOTE0uIbWQT+iaXo28yZ+D0ymU8QazjG7UX9dg==\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* This chain has name constraints on the CA but the end certificate + * has no name on CN or subjectAltname. */ +static const char *nc_good0[] = { + /* empty CN, empty SAN */ + "-----BEGIN CERTIFICATE-----\n" + "MIIDIjCCAgqgAwIBAgIMVRJquRMxIN9nRLG4MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIhgPMjAxNTAzMjUwNzU4NDlaGA85OTk5MTIzMTIzNTk1OVow\n" + "EzERMA8GA1UEChMIc2VydmVyLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQDEiLbqiSgPhAlwQXdn6Z7EoYMRiNHX+6cnlI195lv5LPdupiZ7EPF6y8rs\n" + "H/PyRwLhOuhfyAbBibBTWKt1n100UqAcr0Z/l2+zBorc/APhKrysDlWyYUjs/Ly1\n" + "pNQ4V9POpuCqEcPsGWcSr3ULqdRH2PoguWoF0el59fOyioUV+PbKAHPxs342fqu0\n" + "Plk3Bru4kf4R0U3L1r0DogFUYmjhGyhxKAezEikQGgrwlo30LD/31uuzJWs5x1+l\n" + "sGOKHIfxiWlBS8781QKuIWHT8Z+qsnPXobQ4ss2jF4qHjwIesJr8vq0OP2mQ/Ilh\n" + "WwcNJJtWwHE6O6Vj1kWUQ9kDuWQ3AgMBAAGjdjB0MAwGA1UdEwEB/wQCMAAwEwYD\n" + "VR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQU8U1K\n" + "y6Tq/tczkOCK7CZhUAiuUcwwHwYDVR0jBBgwFoAUvSbAZPs2w5eQBjoLYPh+uKyj\n" + "ZzswDQYJKoZIhvcNAQELBQADggEBAG2H5HeItTKZVgNd2hFPfi0QUvheX8mjMniV\n" + "uaS/1zDSvAJOJue2GEpiYeTLvjd4WA5J09ZRSAuVWR9hg44m17TF2pod3YFBfGwx\n" + "8RkEp5W8LBdwPzcgbLVxkWmwZTo1v4Xv679uyVTeB306vfkTrsa0C82S5zJd1Wyt\n" + "/bFaNnxxb6KzVhFEctaVPVZdwrj7Q6XASH1oCfe/l50UcUkK853cXhV3CNJ8OUOY\n" + "h8O7FN/s5oZ23R9eX2D9mHJ/ccucv46ofAmQ9TjLZIACp89IfoMf61MOUG51BIlt\n" + "t494m704KMI2Y4hci5fHZ4UbcykjNpwkAMnCuk0K8K4gAFT6SZ8=\n" + "-----END CERTIFICATE-----\n", + NULL, + /* Name constraints (critical): + Permitted: DNSname: example.com */ + "-----BEGIN CERTIFICATE-----\n" + "MIIC/zCCAeegAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCIYDzIwMTUwMzI1MDc1ODQ5WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" + "BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUEBLGhjEj8pLO\n" + "cU3UVmC+FcN3OKXH5lqm4pdxP6rbk0C9WKgavGV9MfEali767BaLHaEzxdCpcbxr\n" + "YdBKFcij7ucF9YqpoDD5HnMLhOEHKnQD0nk5wWYw7Q9ULy0wqEy15nfDdunDbYK5\n" + "TG7K2nsKcyPkEs637bJPBSOVSpn7mT49OnpSNpZcD361SqRh+OY8Iorr1m9DsrfW\n" + "8J9JCf4VlaL821PzoA/EEReabPI9TM10QYpN4J0JQsQnmuU/0WdaEJtq4pFZIZfJ\n" + "WtGGS6GX5faOkyMj5SuunZIjLal/+GRSVk1m3vfmDUp4MVKAqfqQ068Ix/aLEipX\n" + "8mNnyp95AgMBAAGjYjBgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0eAQH/BBMwEaAP\n" + "MA2CC2V4YW1wbGUuY29tMA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYEFL0mwGT7\n" + "NsOXkAY6C2D4friso2c7MA0GCSqGSIb3DQEBCwUAA4IBAQBSfcTha0878cAy3Peg\n" + "V9z+5rNr7/3Awf5HRTRr2VAATloXJ7iyvuvWmPlIKek40W+Xh4aHjZLjdfuPWyeV\n" + "EXAcEEwhxY4t8NRATzgBy8WyP64LRQnFsmo4p5VbT0ddcqUqwDDYgbNPdLmfLUwV\n" + "JS5DNFSsDco5Ng1DoQCLoIkuLMwD7g7YfMyUq8HupEI9TuhcXC5FUZbt0KjkQk9c\n" + "fbBiEvZcxlmLQRiC0sWFmuBteMyrnw3Y68jpl12ORyB/oVpCvXlYm4ViCCh5uyx3\n" + "Ml+FbR8ws+dEvGKmer50Lfw6/WSyEb/zWlLUUqClbJChLVnGMjgvwUqrLSKUcUw6\n" + "DsYI\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* Name constraints: DNSname in permitted range, intermediate certs without constraints */ +static const char *nc_good1[] = { +/* DNSname: www.example.com */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDQDCCAiigAwIBAgIMU/xyoxPcYVSaqH7/MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" +"BgNVBAMTBENBLTMwIhgPMjAxNDA4MjYxMTQyMjdaGA85OTk5MTIzMTIzNTk1OVow\n" +"EzERMA8GA1UEChMIc2VydmVyLTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" +"AoIBAQDkemVOFdbhBX1qwjxQHr3LmPktNEVBmXjrIvyp++dN7gCYzubnpiLcBE+B\n" +"S2b+ppxBYm9ynKijhGrO+lZPCQRXWmqUg4YDfvnEqM4n04dCE98jN4IhwvWZyP3p\n" +"+U8Ra9mVIBAY2MReo1dcJQHNmo560xzxioHsGNQHAfYgVRHiE5hIXchYbWCkBrKt\n" +"XOoSSTmfgCF3L22p6S1q143VoKUr/C9zqinZo6feGAiTprj6YH0tHswjGBbxTFLb\n" +"q3ThbGDR5FNYL5q0FvQRNbjoF4oFitZ3P1Qkrzq7VIJd9k8J1C3g/16U2dDTKqRX\n" +"ejX7maFZ6oRZJASsRSowEs4wTfRpAgMBAAGjgZMwgZAwDAYDVR0TAQH/BAIwADAa\n" +"BgNVHREEEzARgg93d3cuZXhhbXBsZS5jb20wEwYDVR0lBAwwCgYIKwYBBQUHAwEw\n" +"DwYDVR0PAQH/BAUDAwegADAdBgNVHQ4EFgQUAEYPmcA7S/KChiet+Z6+RRmogiww\n" +"HwYDVR0jBBgwFoAUjxZogHO3y4VdOLuibQHsQYdsGgwwDQYJKoZIhvcNAQELBQAD\n" +"ggEBABlA3npOWwl3eBycaLVOsmdPS+fUwhLnF8hxoyKpHe/33k1nIxd7iiqNZ3iw\n" +"6pAjnuRUCjajU+mlx6ekrmga8mpmeD6JH0I3lq+mrPeCeFXm8gc1yJpcFJ/C2l4o\n" +"+3HNY7RJKcfoQxIbiKOtZ6x9E0aYuk3s1Um3Pf8GLwENoou7Stg5qHsLbkN/GBuP\n" +"n3p/4iqik2k7VblldDe3oCob5vMp0qrAEhlNl2Fn65rcB4+bp1EiC1Z+y6X8DpRb\n" +"NomKUsOiGcbFjQ4ptT6fePmPHX1mgDCx+5/22cyBUYElefYP7Xzr+C8tqqO3JFKe\n" +"hqEmQRsll9bkqpu2dh83c3i9u4g=\n" +"-----END CERTIFICATE-----\n", +/* - */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDATCCAemgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0y\n" +"MCIYDzIwMTQwODI2MTE0MjI3WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/4ofaL+ilmmM+\n" +"bGaFRy5GYQXtkD8sA3+/GWsunR928fQS68Zh6iWU+gPm52i7Gfbh7piKWA5Tb63w\n" +"unbS6dPsfPSvgRMZGKJpzxqVcBQAnTS4MuDPlXNg3K3HMyVtbxekII8jFeGEJuCL\n" +"mBMT4dI48IZRzj+2mir38w2cQPfomaKtjg2jMokG8Z9/4+SU9VJCcY1/yZk8fCbS\n" +"dBbwhnDq10yvhPCHgX6KMYmoJr28CYgH29Q9sDP1XN3VvAx5X+PtW/6pyF0U5E2e\n" +"gRzVv7Hr3FJKvytbNxRMCoy2YOyvsTP0fIhiXdtkulTKXyiq4cxA+aYByOu1FjU4\n" +"NicWbiZ/AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQUjxZogHO3y4VdOLuibQHsQYdsGgwwHwYDVR0jBBgwFoAUwAx0\n" +"aL2SrsoSZcZUuFlq0O17BSgwDQYJKoZIhvcNAQELBQADggEBAGQvj8SquT31w8JK\n" +"tHDL4hWOU0EwVwWl4aYsvP17WspiFIIHKApPFfQOD0/Wg9zB48ble5ZSwKA3Vc3B\n" +"DJgd77HgVAd/Nu1TS5TFDKhpuvFPJVpJ3cqt3pTsVGMzf6GRz5kG3Ly/pBgkqiMG\n" +"gv6vTlEvzNe4FcnhNBEaRKpK5Hc5+GnxtfVoki3tjG5u+oa9/OwzAT+7IOyiIKHw\n" +"7F4Cm56QAWMJgVNm329AjZrJLeNuKoQWGueNew4dOe/zlYEaVMG4So74twXQwIAB\n" +"Zko7+wk6eI4CkI4Zair36s1jLkCF8xnL8FExTT3sg6B6KBHaNUuwc67WPILVuFuc\n" +"VfVBOd8=\n" +"-----END CERTIFICATE-----\n", +/* Name Constraints (critical): + Permitted: DNSname: example.com + Excluded: DNSname: example.org + */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDMzCCAhugAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0x\n" +"MCIYDzIwMTQwODI2MTE0MjI3WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIf3as4EONSgWu\n" +"Mbm9w3DbKd/su1UWlrYrcpVqmU3MKD5jXBxyoThSBWxmq1+wcNDmE1on6pHY1aad\n" +"k3188JKMC83wEcyQXaiH3DlTYFXXkkI+JJNUGlfAMSoXG248SpoCIOhCETUG03iP\n" +"Z3AZludaHYsv4akAh1Kl6qn66+bKM53l/YhoQDxhoGaYvO8ZSwKnx5DEiq447jpW\n" +"M+sUFe38RPaMjHpyc1GRctvQDzJGm+8ZRujYDH+fGNzVDDlRyRnsVanFGNdyfhmy\n" +"BN2D2+2VEvzAWlaGg2wQN8gF3+luavIVEgETXODZPa5FF7ulmQmhqGrZcw6WtDmY\n" +"hUbNmbL7AgMBAAGjgZUwgZIwDwYDVR0TAQH/BAUwAwEB/zAuBgNVHR4BAf8EJDAi\n" +"oA8wDYILZXhhbXBsZS5jb22hDzANggtleGFtcGxlLm9yZzAPBgNVHQ8BAf8EBQMD\n" +"BwQAMB0GA1UdDgQWBBTADHRovZKuyhJlxlS4WWrQ7XsFKDAfBgNVHSMEGDAWgBTg\n" +"+khaP8UOjcwSKVxgT+zhh0aWPDANBgkqhkiG9w0BAQsFAAOCAQEASq5yBiib8FPk\n" +"oRONZ4COgGqjXvigeOBRgbHf9AfagpoYDbOKDQS8Iwt9VHZfJxdcJ1OuM1aQqXlN\n" +"dUyf+JdR/24Nv1yrhL+dEfRGka6Db96YuPsbetVhNIiMm2teXDIPgGzAKuTm4xPA\n" +"6zyNVy5AwfDQ5hIZ+EUsfOoerIElNyAbh66law4MWuiv4oyX4u49m5lxLuL6mFpR\n" +"CIZYWjZMa0MJvWMKGm/AhpfEOkbT58Fg5YmxhnKMk6ps1eR6mh3NgH1IbUqvEYNC\n" +"eS42X3kAMxEDseBOMths0gxeLL+IHdQpXnAjZppW8zEIcN3yfknul35r8R6Qt9aK\n" +"q5+/m1ADBw==\n" +"-----END CERTIFICATE-----\n", +"-----BEGIN CERTIFICATE-----\n" +"MIIDATCCAemgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwODI2MTE0MjI2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIe0eOnLaV750K\n" +"4+mVaAftRrJp8t68KJivcRFpkl0ucQs6gwNf9EsVkHineOR3RXypjJ7Hsv+4PIKp\n" +"BhEOTprYUKcBaxHK/NIezV6NrO1AwuD6MtJDQF9jGpSy0F3eRUoBCjVYhTl+JxcZ\n" +"hGHPJd8WMeanQWY4xG4gTwtpjF3tPU5+JGQwLk5SbcLicM2QMG3CapZinOGK3/XC\n" +"Fjsvf5ZhxnixayhfiX/n9BmeP1yxz7YORNYPlL8z1CcLZqJsyjZnNkVwNvl4ft9I\n" +"FOKBLoOTSGocHFIFXh5b50GG6QHgvN+TiAwdpfRTUskWVg8VVIh7ymgDoI2jQhk4\n" +"EeMaZHd/AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQU4PpIWj/FDo3MEilcYE/s4YdGljwwHwYDVR0jBBgwFoAU6XJK\n" +"EOUYTuioWHG+1YBuz0yPFmowDQYJKoZIhvcNAQELBQADggEBAJOCrGvbeRqPj+uL\n" +"2FIfbkYZAx2nGl3RVv5ZK2YeDpU1udxLihc6Sr67OZbiA4QMKxwgI7pupuwXmyql\n" +"vs9dWnNpjzgfc0OqqzVdOFlfw8ew2DQb2sUXCcIkwqXb/pBQ9BvcgdDASu+rm74j\n" +"JWDZlhcqeVhZROKfpsjsl+lHgZ7kANwHtUJg/WvK8J971hgElqeBO1O97cGkw/in\n" +"e8ooK9Lxk3Td+WdI8C7juCYiwsGqFEKuj7b6937uzvpFmm1fYDdOHhTMcHTHIVTr\n" +"uxSSurQ4XSDF6Iuel3+IdpLL79UYJ7Cf4IhBWj0EloF6xWTA6nUYl3gzKpx1Tg1U\n" +"x2+26YY=\n" +"-----END CERTIFICATE-----\n", +"-----BEGIN CERTIFICATE-----\n" +"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwODI2MTE0MjI2WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqLuVrTyiqz+Zs\n" +"9Qw5V2Z1y1YSWU6aRDMs+34rP2gwT41C69HBh2LLRS04iJUVQydwnEJukwKlTNRn\n" +"1lEpvWgtYmySWA2SyI4xkVzCXgwv0k7WyLwa39hfNY1rXAqhDTL8VO0nXxi8hCMW\n" +"ohaXcvsieglhN5uwu6voEdY3Gwtx4V8ysDJ2P9EBo49ZHdpBOv+3YLDxbWZuL/tI\n" +"nYkBUHHfWGhUHsRsu0EGob3SFnfiooCbE/vtmn9rUuBEQDqOjOg3el/aTPJzcMi/\n" +"RTz+8ho17ZrQRKHZGKWq9Skank+2X9FZoYKFCUlBm6RVud1R54QYZEIj7W9ujQLN\n" +"LJrcIwBDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQU6XJKEOUYTuioWHG+1YBuz0yPFmowDQYJKoZIhvcNAQELBQAD\n" +"ggEBAEeXYGhZ8fWDpCGfSGEDX8FTqLwfDXxw18ZJjQJwus7bsJ9K/hAXnasXrn0f\n" +"TJ+uJi8muqzP1V376mSUzlwXIzLZCtbwRdDhJJYRrLvf5zfHxHeDgvDALn+1AduF\n" +"G/GzCVIFsYNSMdKGwNRp6Ucgl43BPZs6Swn2DXrxxW7Gng+8dvUS2XGLLdH6q1O3\n" +"U1EgJilng+VXx9Rg3yCs5xDiehASySsM6MN/+v+Ouf9lkoQCEgrtlW5Lb/neOBlA\n" +"aS8PPQuKkIEggNd8hW88YWQOJXMiCAgFppVp5B1Vbghn9IDJQISx/AXAoDXQvQfE\n" +"bdOzcKFyDuklHl2IQPnYTFxm/G8=\n" +"-----END CERTIFICATE-----\n", +NULL +}; + +/* Name constraints: IPAddress_v6 in permitted range, intermediate certs without constraints */ +static const char *nc_good2[] = { + /* IPAddress: 2001:db8:4000:: */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEKDCCApCgAwIBAgIMV3OWtCJqV9nu6MtYMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTMwIBcNMTYwNjI5MDkzNjUyWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci00MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEA34kB6fm9NLwz3CGzya+pVo6qWXVxkaXiKnKYk7nzcT5nozZYERR8gd3FWmAX\n" + "T1lzNC92Yxbz7zvonD8cxmRqMNGXqNrHrGmO9u0pr8eFnIRhSEscSWv3gwoMKH+C\n" + "+FajvWM9XK7+ndiXLL4ReFtrPcryrN3B0duMX+l2vgIBlBsIoj6m/n6ExQ8uyE3a\n" + "VyzM2gZgvjX3hw3ieLcOURRVRSsINlNcDZeUB/oGNkWKECUAEbmarutqeoYDZOyI\n" + "LBxcFhZ3/l2khMHuU5G/uQlBVuR45LqEk2LkRtG3MiidmFOnvHbFwFucT1JexwAs\n" + "5YAeBVfIkO/ZaHTnfL4d/z2GKniNyCmbwQ6kBqG8kK/EGWkpPwIHu8KRap8LmrrS\n" + "YY2pRT7L5UCmsFsWyTm3N4n6QYImCnn8h9IY4zKtQfzfbh10wWgd4tqtJZELQjgL\n" + "DvxNsv443bqJ1vWvwmV9X8O0G4nSjcMsgQQCPYWTfnNpcVVOa80n2p23xyG58hdl\n" + "hQ0HAgMBAAGjfjB8MAwGA1UdEwEB/wQCMAAwGwYDVR0RBBQwEocQIAENuEAAAAAA\n" + "AAAAAAAAADAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBSRsZYeRAUgOYrmLOR7\n" + "W7JTQVTJ5TAfBgNVHSMEGDAWgBQVna/6ANq7at0JSC476WWFVlOauzANBgkqhkiG\n" + "9w0BAQsFAAOCAYEAZ/NaFq9GGqsXyIB8Lgmf8GqmHCq5EC3qPijOf34McVtAfZU8\n" + "0q2ZNkBlV+P14n4DUdNKoLwjZ9jL33IiyRWPNdz2SgqOgu0rdN2xXc/Hq5Wu/bBw\n" + "ZtASxQBV1crYvtoRCTBmei8j+WJ1Qfh+1QNar1mgofCR99Sqx+x0HWC9nAF6aAMd\n" + "6t4GS+E3Cmpu/MzgCHHr7yT0XkltJ7m/oLjSwR4RFepNAc5zMOD2ujxwB+5t+mnE\n" + "fO5i3SF8OZEnq0c8LtiZvn0bbVtRMcRFpi5kLzV+5b4J4y2BocR8cSvbp/GOvyYi\n" + "AYKfwboXK9nJmaxsYdT9zKSp5sPETMMXD7ZDtaM0jKunb9sUF98FsK1j1I416cQI\n" + "ChBUCeANDhHTAmaxPKpyjnHsEtbA27z5l5bQmUXSTc5vVYEj4HhNAE89T/4AbMbH\n" + "6hvlsD0t9cq9nWly0CC7UIoI1Llv7TVgIKVieLQ5DIZHGL/VuPFHNqfFZDzPByjf\n" + "kU9hILqMbOM6P182\n" + "-----END CERTIFICATE-----\n", + /* (no name constraints set) */ + "-----BEGIN CERTIFICATE-----\n" + "MIID/zCCAmegAwIBAgIBAzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0y\n" + "MCAXDTE2MDYyOTA5MzY1MloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0zMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxCKO/30Vk2JmTvrV\n" + "j/yi2Bi2rx+SQbIwJRmpGXedQfO90q9EXXZ7INQzo+xhk3dsuzkgTxeVnf7ONJwh\n" + "r6KoEgoUXSH+R2MaX1+LjrD2MU3zDO11DE+nAv8hgOZJqYawmgve9RMsVREUcnCu\n" + "85pT7bIsNqtuaXG7/mkMib1YfHwiMCl3u0jwhTWf0FuSRqe9ozqHo8DR89vHyrjl\n" + "t7FsrUnECJLZtDlf0VUG0lekZIY+WL7w54j4C9z+e8ZnKPpGIJyTgS4W/yXslyNR\n" + "VECiQHKW/gwSJBDMLODesJsSpgwh2NZ7VmreWTGSoFgS84Hteogj8jY0C7Ky6DHo\n" + "kYLpHcWo3FBIZ6oSiWR49zcJ1r26+JnHQEE1Kxt9Rpn6m6E2k4yW6hBFIZcWnFSQ\n" + "LKPtHMQS+soqC/qj4fFNqm7/OJof33LAG6T3cC8wtgtom7n9Jd1RZvkGtlAbNzzm\n" + "Wwh4SUyMyq9/dQ3WkJ1RVzVLhqYi9+QiHuVrqVSFO8dmL1/zAgMBAAGjZDBiMA8G\n" + "A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUFZ2v+gDa\n" + "u2rdCUguO+llhVZTmrswHwYDVR0jBBgwFoAU2X5m+TBOqGUVhmhVmzQagc4mEqEw\n" + "DQYJKoZIhvcNAQELBQADggGBAHbh1c2UYg23aHZN/cVkAD6fqOykWqF9ZeqI9r0c\n" + "BGpvnhcVMOdGitpIYk3cW5a2UYmo6SkfOHos6yB3fZKHz525YhS7Tg96t+c4es8D\n" + "GlbJdr/O2vwPVsBseyvk+AHPBrcJDooiqD1rXeJWUiIREVBC1hICYaEDTSdPKxRX\n" + "93sRnfEFpZMcWd2dsqOUwwwN6VIeZAxoeysM2O6qkqDIjIVOK613oMYUEKBSyZ+w\n" + "d9Ds5sStkaLXxNJ06q3Mst5rE+IgpznpYvJBtpp6HQQeqiTXI9lIoU2oZda8UChA\n" + "Tc6iNFl+oQVvaMMUo2YlbEKbQ4UPbxT6wx5LfF3imbReMtRQCbs7uvCkTNTkY2mf\n" + "LFTMPMBjbLaY5ogx3vRZQd3833vC9iUcgBewyJc81BcEzI6F9rcg9quzkAnXdUsV\n" + "zcMfadJlDrnPm/n3mNiHZs70MQ/dXQtbaD5H6T9BME5sRwAmW7VJ/ySeytkoUw8z\n" + "leNeFV8T+J9lz0g5hWY78QJaTQ==\n" + "-----END CERTIFICATE-----\n", + /* Name Constraints (critical): + Permitted: IPAddress: 2001:db8::/32 + Excluded: IPAddress: 2001:db8::/34 */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEWzCCAsOgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0x\n" + "MCAXDTE2MDYyOTA5MzY1MVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAq03TF1WvguiqwoZG\n" + "XbM/lSligqO1tCd8dhAsa1lZmuHqcZRsQLs4Dq4Ffh00AVWDnn734hGzyvBA2LNj\n" + "tSH+slECZ55lVWKvJ0D8ip481YFP4CTWcJbM4cvkZdM82+ygYERy/WfR9cJqyrLX\n" + "tYvvs1b15fb7s0alE0gJK4j0RbzDjp1DsHFKzG2bNJxJ39xnfa6h4zwDJ+NgJAQN\n" + "z84OEw5ECZlKp2HbZZdTx0rXFYiyucao/Ugs1rZ3SPzcPg+EJJMSTdxypD8qWaGg\n" + "xP0UrmYxl0D9+m+pV8YftD3h9yFDB0DC0eaXyST224mJDUYR4E6tBSFetWgLkc6l\n" + "+1os8Ys6SvrlKvtxr0xQFxV1LhMX/gZgntyflljj/DWYpo+uaA74bkhOzIxEpa1Z\n" + "BXMLauKJ7dzm2aHYIgFlYxu1TIjib0D/UaEp3wmoZ6pDUpxjoiqjfDc6WxV5b2Gj\n" + "TIZ6qwLcADF90estBeLEtkcf8xk71JzFe0FGL4bDkPPKax0jAgMBAAGjgb8wgbww\n" + "DwYDVR0TAQH/BAUwAwEB/zBYBgNVHR4BAf8ETjBMoCQwIocgIAENuAAAAAAAAAAA\n" + "AAAAAP////8AAAAAAAAAAAAAAAChJDAihyAgAQ24AAAAAAAAAAAAAAAA/////8AA\n" + "AAAAAAAAAAAAADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTZfmb5ME6oZRWG\n" + "aFWbNBqBziYSoTAfBgNVHSMEGDAWgBQZXWHEGPF89Ep5BX76GGJZxvxVQDANBgkq\n" + "hkiG9w0BAQsFAAOCAYEAl5x0spmwJ0kKiVOLu8WRRtHb6DK6pSu+jGxGh4GNwCFw\n" + "bvX8u6QBlCu9xW4afd6/a1PduPtoRQltWeZaB2SDWnnjclKpaG8A9736YV9XKHdL\n" + "QX6GZcKSa2r81aAaHSZqxo60HfMPbCLWiWwWDX6O284kLumq7m2Z+pTKmb/Fmdqc\n" + "i292pyamXuj8eMsYNGvxzknwe3jr4HZhNfdjRvsLTI6ovEGsa6tdIgszSOrLT/kh\n" + "yu8zt9gljas6aBJ2rzT1OECaHQ74IkVZkhA6C4tSf2grH4yDZ4oZrcgJFHF/saC6\n" + "5uj5niAxmJrlaBeb+dwl+c5aNFo51zZRYktoQuvCGykWwqc8XwZBKu8MGNsEjEo7\n" + "wtfgu/bzXrLUJluXnzVBNCcXwDzsgIxlpJcFZ5aqaVhfYrl8cd5Wa3FrkHvkGyBP\n" + "aXS1nd/tvl96i6p60w/VkX6FlSknXh8IdkjcChckJv3AukUrV0U1ViTaVkWpVhQL\n" + "JKM8n9POeVPK4pUlaXAd\n" + "-----END CERTIFICATE-----\n", + /* (no name constraints set) */ + "-----BEGIN CERTIFICATE-----\n" + "MIID/zCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyOTA5MzY1MVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAnf+axUDkYDVQNCvR\n" + "hvLcW2nWKZo3g2JciS/h+V2gKWjDDNWxg6luyxlCFsDCaNx+t3j2YJECRZvNMLDP\n" + "QiE7U8+GKtJgR3FhHnA5xu/IbBWbNYUO08Q1s+w82dfy6QxRRDOXXh0fjAbd153J\n" + "K/9FDpyCuJ/RC9RKphwOz5YsSlMbUpYCCm0pten44HzyT/F2hwVLEEnLn1uuM8x2\n" + "HggBYH6WHFiGJLZH6h9ajt04JjyvcTDIaGw4ttET1doBnnRU+6CDiFYeYFqzUDkG\n" + "4lKKPxyXsqC0B20vV/N03c5DnODkMnTGPQ696HuhNtf4+i6PRhTieX2iu8uDOPcF\n" + "aOfokwfuUx3Ws4dShfvSMN/jFpdpOVn41dceY1Dbqy3tMF0YVFY6SSvRtvUQAvmz\n" + "KYmaYwKKpe/yMDqICAdE3fjkHHkQeQri6FP7RrLfbsprLtQlS/1ZclT9CnIz3uES\n" + "7C4a9OVvxIz+RZoIps/q94PB5fqvzXsmDIukV9VFKpAjrXWVAgMBAAGjZDBiMA8G\n" + "A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUGV1hxBjx\n" + "fPRKeQV++hhiWcb8VUAwHwYDVR0jBBgwFoAU5xR9/WMP7pTmHW6KSB7HSeK6exkw\n" + "DQYJKoZIhvcNAQELBQADggGBABBXBE8psujTJ83QlsnyQYUk2MPfvm5CuJGuC4rr\n" + "uc3FFNi1A9h1XR44J5iDf84SZcaNZgYag79SHaQ0OdHHYPdJ6Yc+59IIf8PncoGd\n" + "wgeU61u8uIZL53yfDSE7o0t0UrJpBNb7oGF2adRJs7ZqyUZyN6A9+74jcrxllpjI\n" + "oha9WgugzP9CUqWYgv/MDNuwAtv+1znNFgv8C8mkhbr8wmf737XsQzfrYFK1ibhw\n" + "8rBGJLnLT+Xh+CgaDYeZrnS/oSMXCJETTbnPWfJGacX6FtB829fYhO6VMDqTy74p\n" + "k04UcXRxH7ZnRXbCImqnGTfNZtXYLu1oCDC/Ubi08ev2r8Lxrg8B/F6ME0hihiHh\n" + "8X1ggr2fDll2mUwBnalRgRYfYc3MRfQv1oy/lQDp0A2rpbKQiX8ji8r1y9xDcu/B\n" + "ERwaNiUxyK+Tx3BiMIN4EP7+yGh/f71PDvlZYBkXNYrQBaCpW8fj2hr6N/B4kCPr\n" + "/AJhLcEQybcD4IKiqywx8kx3Ig==\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIID3jCCAkagAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyOTA5MzY1MFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEApAgApH8PdlQKWr+K\n" + "ja6KYXYYNxdhs4JoiOBxr3OQuS/ocqp1HU5vVRXKiu0XpqkB631wmC1tTk7N4LYZ\n" + "+4ffM82JhkK0y1FwV4soqeuwYraF//8ekgmCxi7tqie0WDmXc+aO2O8pruFHTjCV\n" + "TCMAer+wspFEQgHVsbFRAr+zyZpz8bn3Ywy801aM+807sEyNeeIMR0UnM5uELKvF\n" + "iHXJwdPdXM48sGe6DHJtSw4OLx3+xqRMlhVBAb0/yYLv1HDFwul0IRBfjj96rXgc\n" + "bWLiKIjZCl64+Y+UbbHp71pT09T/tzu15tvjHoIGLudWIaZHCnU10fQS1ySL/Xjm\n" + "n0xxze2AVSzoYoiw3ldkTvik9gqESC+uu+QXhzhxKe+GKEd6oGE+8KOxAkTJT6BO\n" + "vXKa6R7XDgI4AXeNlTgOZXDAqmhPFjARaLS8jdUIKJLHSaqlzX0+XLilgTGMNaXA\n" + "4Sm5pKnJcoCpL4OisgiJnuIRshO10IKgM5YqeytbkjeJzqX9AgMBAAGjQzBBMA8G\n" + "A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU5xR9/WMP\n" + "7pTmHW6KSB7HSeK6exkwDQYJKoZIhvcNAQELBQADggGBAARJRZIqmdoMRq3iYxh9\n" + "vApIvuQ8cImjusmIaYzZpAvjcOiX5RGuN/69e7Os6QxnN+H6TAj3IX+a0Msu+P/c\n" + "NrrQWttd+uR2xZic+dNXzhsEI5+o4G7W9srnDLU01FmlytvH1CSgLYm8uv3Q8G3/\n" + "RVEYmOphvHUUDYJeFIUDyaC88k52tyZ1SeSkveLRy+vf7GkHicVVMAOuyiQV3aQD\n" + "M8o3QFyrncw5i608d8JArJZ7LXhx+S+37rMsBGHnXAyKjv8zNt/YW3IjAA4ifr+m\n" + "rbTurPyCNxKFdhTBQaF1ofQaKVNEIdSjNCB+5RXUXmoAELsiRQS4LGN6NhMfBlbu\n" + "YAMUmDjwu/LkDGLbZHX0cGiDuLc/qefVc1QBAQZ2zoCAnYZU6itnzqlayOijNj8n\n" + "0aHMa8P8rb9gzOKcNOz147lLK5oHjYgeYOy3hpUDT/k7wyELWb20GKaaWLgGqWS0\n" + "W5U6UgHQoBLyOvHIOkbCRVyIPLh9ijufA0LpUdk2Lf1Sww==\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *v1_intermed_check[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDGzCCAgOgAwIBAgIIUvuL4ymDgpEwDQYJKoZIhvcNAQELBQAwDjEMMAoGA1UE\n" + "AxMDQ0ExMCIYDzIwMTQwMjEyMTQ1NzQwWhgPOTk5OTEyMzEyMzU5NTlaMBExDzAN\n" + "BgNVBAMTBnNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkh\n" + "OTKvbV/OQcP9fn02UGzWNLGwS06248rOo+fHqCngf3nl/IefzktuI4Al5Qq9pq42\n" + "X2oLn/zr8kaO3L0rDcc54nVRuipfsw5nxAmwmjpfwnDgyla4Y88n57dhia/tmFlL\n" + "rpspg4YJ8Jt4/tGaNVS0OZ57LEoW7/OrqoGM7U3Xxa2QbzaNYMGcSt2ePvccCg13\n" + "+CJcXxOQcr/cUxyuk9neATJoulFtO8ycpmkLFUdi0WoThBjNCCJ8s7ZuvnGpF4vD\n" + "3fuvyM2ftiS08B2c5cv6FH9+4I7Elrb++TdVf43F0Awc2pLhm8L1fAuTtMjtbd9w\n" + "pxs0yaWR8IvQYbWM/XUCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAK\n" + "BggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBTlqmq9/mceVMMP\n" + "Z0HtoWZvHDc/tTAfBgNVHSMEGDAWgBRq1Eg1exmWS45j+lFklVwTQe5NsjANBgkq\n" + "hkiG9w0BAQsFAAOCAQEAAWX2f1XE/bR+DYCMaNAFpTjOFZ54eCBdazUqfVamPRoP\n" + "/8qyEYpMaA+IpHkJ5tXsx/rdKLgg1kNv/6bXyCwVgVcNBxpt05WUxqFG9xxLLz1K\n" + "UkbOZUA0/P9GqjRt9HeodP0Hqog1c1d4jgU3Ng7FIn5JXmLNVfl5qXfXCJ2S9WKu\n" + "pHw0M9TLOKUD2DD2T5K/iZAU0AXGRVUH39e+xsFIoawPWflfN5eNz8uikMQc+kxt\n" + "DdEMfPZidecToAcMolle53F7zZvqQswfla/3esb/bnndFAqIsnXRpi6Oj06ajzwE\n" + "TKP745KouHnNPZ3Hz1mPeusn4EJkLfTb5aBT3nJ+Kw==\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIICmzCCAYMCCFL7i7wg78R3MA0GCSqGSIb3DQEBCwUAMA4xDDAKBgNVBAMTA0NB\n" + "MjAiGA8yMDE0MDIxMjE0NTcwMloYDzk5OTkxMjMxMjM1OTU5WjAOMQwwCgYDVQQD\n" + "EwNDQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDS0OoKnGy/0Ju\n" + "U/Q+T3b5RR53oe24OoISkKE4Sia50aHeQZbYitIsQUEvMq06kdjaSA2p8qT29p9n\n" + "feDYsrhgZkWm4stp2EMkbbkB6k0hBobo4YQiQRa4ttYIsOWLMk/xR0z5ST+UoUv6\n" + "L/5IOxxJzdpUEbMJpM0Zp8AUZRKnXTc88a/zpPbYiO+LicdhlIKiUvIlnVTlvHOz\n" + "yN9y5o0Dry9i3IlDSTK8Ls54Nm6v7Z+1F1UwIXkYJCX0WxJ6w/4jHmbiRSitbH9s\n" + "UqSUm9sHCUakBJA3Y9/9K2SVWNJrG/G4LmZ+Zwr8NdZN3RrxQnWnudL4bTtM0WgY\n" + "QynV12XDAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGJbRVVxERtx5Li15n1bdAzW\n" + "HaDNKt/TkUcZvnfdtggvZLkKhPiNWksQ+9jk1RS71dSZHT9Kb9bIVhaYzaHdI+hG\n" + "7coftkY66wjD9xLv2DyqnwvuR0S8Uhj9jas5xf/P9S79ZDk61Afg7yX8aLBJpJIH\n" + "citi1c65C8rYwB8zsF1Zbbh2/6Enty+eFhS1JOuEgUFP1oO2Nj2vh4IqR3yEGdGt\n" + "Tr57CD/C97fcaeRE4LlHJIMQ9toeZ5Fc9avnOzNIxJd7BPqWWvOnu3TWufj7uaq+\n" + "CcHTlq9h0NKf9dI1GsxbscJbO3+I+hzOwYfFcNrQ+8BFGbcwx9ZcS2xO3Rx9dbc=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIC3jCCAcagAwIBAgIBATANBgkqhkiG9w0BAQsFADAOMQwwCgYDVQQDEwNDQTIw\n" + "IhgPMjAxNDAyMTIxNDU0NTJaGA85OTk5MTIzMTIzNTk1OVowDjEMMAoGA1UEAxMD\n" + "Q0EyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZPztwmz136OBSTT\n" + "t4pXys9dTfaOBajrO2s4JcPa0C+7D2wfWD941q1q01TV5+QgLDTF7OO5VSXt2W3p\n" + "cKlXS/Ll2N8sxTaULcVCodFrHOdfHV1V65VlWhJOnPdpboBtM2V8Iory+d2mNXZT\n" + "wkcNJ/Z8YBUZCTeR1zaLjq0GAITyJoMiI4+x9Djc+iBDGJarRW7A/JyDN4EFjDzw\n" + "svdWpHg710I+qtKnlMO/whEmw9r3L486JTSlrrrruUSVGY9UWJpv62az1jbu63d8\n" + "6/PBp0xbBpiv1xA0qSSquN/THurTZ0Y0MS0vbpnAYkws8YxnFAV1TU4B7AZ0IQId\n" + "Zjo6HQIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAw\n" + "HQYDVR0OBBYEFNVrkTf8WoQKImozc6dBqx8J8tvhMA0GCSqGSIb3DQEBCwUAA4IB\n" + "AQBpX+j6Fd5aLnMs55qqbFBTWU9bH4/fGh6OVcJztZyvRTOQMLoha9Lsa2C1c1u0\n" + "kjj3coRWIq8YH8FbOhu0x3pij5dcnn1FQCKcwEmjdDf6ltxplkZXpR86yW2ZyR2W\n" + "WmIPUrMPJNFkBbgVKFyYoj+9QUyoWHAWNSLJhqBI5v5CRNYIIat1Nt5SuTDm3ggw\n" + "GUfMH/snytxVq23tj+02pBCdahTqN1w83W1yFX39URChPpl9RZ6HcIg3DFrXhXte\n" + "lA+/t8l+o7w7POJ4xMyRtbTuGpGHQac+VJBWKFkduY3sbXN2GdQPL6/VvKH115Tr\n" + "Bos85afmGYPR/gUP0hVSlFzj\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *v1_root_check[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDAjCCAeqgAwIBAgIMVDP8wwGyCHAlXREsMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTAwIhgPMjAxNDEwMDcxNDQ2MjdaGA85OTk5MTIzMTIzNTk1OVow\n" + "EzERMA8GA1UEAxMIc2VydmVyLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQCp7I46Ga7QxXCq6SegwcKCbnMeIG2P5IaJXknjBy4rq7P3dqEdEmm/UdwS\n" + "Wp2jH+k+OFvzFe2FR1fY7UBSFdpLTaMz8YIQ1ESPu2afAxWCE1drJnphVCZyMskp\n" + "d9P9p+TXE4Y7ppxPRTvp2D/chfIcByIKPKwsjU37hrgFehb7Jolq3Er0pOPitSPj\n" + "KFVKNAktu8Z411S1hQdO7+jjr8pbFoROm2VDbYRpowCHw9ZhlC51SFKeqPTslUdv\n" + "53pmq1p02d3WMvKWuFRAIMs1UPba5prN9UI7jZztR0o7xnHm3KtWk+o4+YSDCM5R\n" + "EoiGvyhKgDoM3B/KQG+1rin2/uMdAgMBAAGjVjBUMAwGA1UdEwEB/wQCMAAwFAYD\n" + "VR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFDoL\n" + "zL5Pd48Psh5oe9VGrkmXclumMA0GCSqGSIb3DQEBCwUAA4IBAQA21lKw/Vr7P4hl\n" + "VBY27GOGIh7Tw0dFN8HiYX0jFRlyn7zgoRYfJMuLxtC+jJl02s+iljl9gdTlcAgt\n" + "dWs74QdKUIMHfoT12WOcIwAIMZLBspbUjn6+eoVPE6zCOfrChRCv4dM4BCz/kg6w\n" + "MqxM/UE+OS+AgO8hHN1boMbBWMcMR/ylpJE2P3nHGgTg6xsZrEn9aH8y+uqUuScn\n" + "P13H74zV1f1tTi2QT7Y/lpNKuB8vvqJgcUdxGaVQhz3q+YooSwmkDaWTz9HIAqpr\n" + "77BBxvr5eok6o528h4qJ5nA3NgLw8nIgyBP2vN/N4CsmRAZ/vHVbGEOeWRkH0rGE\n" + "SemQfe/B\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIICljCCAX4CAQAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAxMEQ0EtMDAiGA8y\n" + "MDE0MTAwNzE0NDYyNloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRDQS0w\n" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTMg33+4Q3ULz+//A9Wn\n" + "m0DCq9X1ne0q8TfCriOo4Zc2VuFsR3Bm90btX9KqVEfByD8Ba4fb/oF0F6+sb4Ej\n" + "imPI6PSwHXEX0BPSHcmv6lb+iXHRwpqsx+r9GIuPS+0vuTu07sj1yjszlx7aNXOx\n" + "hsDAFaedzO8/9nCjbrQ79cLcGusPETjGFAD9vDfBTUNtebPiW9CCNsmRUVWOm6/s\n" + "5kfy1AfcH6FZCoqvmoELz55JWzYHrWSQhgIopJ0DLfYoF8fg3XeIMUNLk+Lrcoe6\n" + "ZDCxDxGwXReNfIWnf1l1OnZAdMAt/egr9jeQR+l9y4jBhcssW7Wb8M6+wvinsMOG\n" + "MQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBosiz3l31++ZErMs09bnGe+DEQfL+t\n" + "iWRmhzLC7kF64+O4Eu+IkWvEUv+LEhHm2GLrqaKu7FAlWUMWRX3GHHxAOtNeLR7U\n" + "qXBZtq56wHA+fMv8+lqLQuT6eKLNbbuxVWZ/E1qaMax7rlQrtEpAC9ruuafcPlC5\n" + "U4YbJ4VOhfBnJzQ6KlFtbqOkGr7v/l2d9NRxorAWawPVhIteZv1Ahiu++5g+dn/R\n" + "z8ehN9SEm+c6C5mWrqHiQka3yi060gO8kBcumM/cE6BxffiOUxy2gsPC2ZrI8xkB\n" + "ghrpQ87AmWXsvVk03U1l0vHpiE3kXb5FIAbWW7In1mfULqLKgeqllMhD\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *pathlen_check[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDGzCCAgOgAwIBAgIIUvuL4ymDgpEwDQYJKoZIhvcNAQELBQAwDjEMMAoGA1UE\n" + "AxMDQ0ExMCIYDzIwMTQwMjEyMTQ1NzQwWhgPOTk5OTEyMzEyMzU5NTlaMBExDzAN\n" + "BgNVBAMTBnNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkh\n" + "OTKvbV/OQcP9fn02UGzWNLGwS06248rOo+fHqCngf3nl/IefzktuI4Al5Qq9pq42\n" + "X2oLn/zr8kaO3L0rDcc54nVRuipfsw5nxAmwmjpfwnDgyla4Y88n57dhia/tmFlL\n" + "rpspg4YJ8Jt4/tGaNVS0OZ57LEoW7/OrqoGM7U3Xxa2QbzaNYMGcSt2ePvccCg13\n" + "+CJcXxOQcr/cUxyuk9neATJoulFtO8ycpmkLFUdi0WoThBjNCCJ8s7ZuvnGpF4vD\n" + "3fuvyM2ftiS08B2c5cv6FH9+4I7Elrb++TdVf43F0Awc2pLhm8L1fAuTtMjtbd9w\n" + "pxs0yaWR8IvQYbWM/XUCAwEAAaN2MHQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAK\n" + "BggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBTlqmq9/mceVMMP\n" + "Z0HtoWZvHDc/tTAfBgNVHSMEGDAWgBRq1Eg1exmWS45j+lFklVwTQe5NsjANBgkq\n" + "hkiG9w0BAQsFAAOCAQEAAWX2f1XE/bR+DYCMaNAFpTjOFZ54eCBdazUqfVamPRoP\n" + "/8qyEYpMaA+IpHkJ5tXsx/rdKLgg1kNv/6bXyCwVgVcNBxpt05WUxqFG9xxLLz1K\n" + "UkbOZUA0/P9GqjRt9HeodP0Hqog1c1d4jgU3Ng7FIn5JXmLNVfl5qXfXCJ2S9WKu\n" + "pHw0M9TLOKUD2DD2T5K/iZAU0AXGRVUH39e+xsFIoawPWflfN5eNz8uikMQc+kxt\n" + "DdEMfPZidecToAcMolle53F7zZvqQswfla/3esb/bnndFAqIsnXRpi6Oj06ajzwE\n" + "TKP745KouHnNPZ3Hz1mPeusn4EJkLfTb5aBT3nJ+Kw==\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIICmzCCAYMCCFL7i7wg78R3MA0GCSqGSIb3DQEBCwUAMA4xDDAKBgNVBAMTA0NB\n" + "MjAiGA8yMDE0MDIxMjE0NTcwMloYDzk5OTkxMjMxMjM1OTU5WjAOMQwwCgYDVQQD\n" + "EwNDQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDS0OoKnGy/0Ju\n" + "U/Q+T3b5RR53oe24OoISkKE4Sia50aHeQZbYitIsQUEvMq06kdjaSA2p8qT29p9n\n" + "feDYsrhgZkWm4stp2EMkbbkB6k0hBobo4YQiQRa4ttYIsOWLMk/xR0z5ST+UoUv6\n" + "L/5IOxxJzdpUEbMJpM0Zp8AUZRKnXTc88a/zpPbYiO+LicdhlIKiUvIlnVTlvHOz\n" + "yN9y5o0Dry9i3IlDSTK8Ls54Nm6v7Z+1F1UwIXkYJCX0WxJ6w/4jHmbiRSitbH9s\n" + "UqSUm9sHCUakBJA3Y9/9K2SVWNJrG/G4LmZ+Zwr8NdZN3RrxQnWnudL4bTtM0WgY\n" + "QynV12XDAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGJbRVVxERtx5Li15n1bdAzW\n" + "HaDNKt/TkUcZvnfdtggvZLkKhPiNWksQ+9jk1RS71dSZHT9Kb9bIVhaYzaHdI+hG\n" + "7coftkY66wjD9xLv2DyqnwvuR0S8Uhj9jas5xf/P9S79ZDk61Afg7yX8aLBJpJIH\n" + "citi1c65C8rYwB8zsF1Zbbh2/6Enty+eFhS1JOuEgUFP1oO2Nj2vh4IqR3yEGdGt\n" + "Tr57CD/C97fcaeRE4LlHJIMQ9toeZ5Fc9avnOzNIxJd7BPqWWvOnu3TWufj7uaq+\n" + "CcHTlq9h0NKf9dI1GsxbscJbO3+I+hzOwYfFcNrQ+8BFGbcwx9ZcS2xO3Rx9dbc=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIC6DCCAdCgAwIBAgIIUvuTdCOiZ3IwDQYJKoZIhvcNAQELBQAwDjEMMAoGA1UE\n" + "AxMDQ0EyMCIYDzIwMTQwMjEyMTUyOTU3WhgPOTk5OTEyMzEyMzU5NTlaMA4xDDAK\n" + "BgNVBAMTA0NBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGT87cJ\n" + "s9d+jgUk07eKV8rPXU32jgWo6ztrOCXD2tAvuw9sH1g/eNatatNU1efkICw0xezj\n" + "uVUl7dlt6XCpV0vy5djfLMU2lC3FQqHRaxznXx1dVeuVZVoSTpz3aW6AbTNlfCKK\n" + "8vndpjV2U8JHDSf2fGAVGQk3kdc2i46tBgCE8iaDIiOPsfQ43PogQxiWq0VuwPyc\n" + "gzeBBYw88LL3VqR4O9dCPqrSp5TDv8IRJsPa9y+POiU0pa6667lElRmPVFiab+tm\n" + "s9Y27ut3fOvzwadMWwaYr9cQNKkkqrjf0x7q02dGNDEtL26ZwGJMLPGMZxQFdU1O\n" + "AewGdCECHWY6Oh0CAwEAAaNGMEQwEgYDVR0TAQH/BAgwBgEB/wIBADAPBgNVHQ8B\n" + "Af8EBQMDBwQAMB0GA1UdDgQWBBTVa5E3/FqECiJqM3OnQasfCfLb4TANBgkqhkiG\n" + "9w0BAQsFAAOCAQEAtQudk32tQ30ldwLy5QyNzwpxTq1izycXGMkh3LvNUQrxmwzl\n" + "8EPi1d4bxdAi3ghwppImJPZ1aWOrSl9cxl7kH4clq/QdG6bKhhr/40ImZctV35fA\n" + "Kd1/aDlUUNQIv7cD/T8fb8rMmZ7RPoLsgLcVfodKwafY+X/y4ZacA2uF2L2dX37T\n" + "etQprA+hjeKu6rej9eb+ERZqYChDvp7FNbJ5fOnIZ9iG1Z714fUeuRDzvosJl6n8\n" + "aVIRHXdZbhCgKdJTR4bvFPGVFL86xLMkV7jhCImNBN9rmd59wD6g79nTUUoPDM3r\n" + "rpNkoLGmlBhUorRWbx0YAz9UojNdd4GWMefwZw==\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *cve_2014_0092_check[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H\n" + "bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x\n" + "LTArBgNVBAMTJEdudUFBQSBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC\n" + "AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D\n" + "hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh\n" + "ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq\n" + "58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB\n" + "VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03\n" + "U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L\n" + "xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC\n" + "AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT\n" + "BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2\n" + "B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T\n" + "AQPvzzANBgkqhkiG9w0BAQsFAAOCATEBdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH\n" + "gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3\n" + "LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE\n" + "/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD\n" + "5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h\n" + "h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc\n" + "w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg==\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU\n" + "TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV\n" + "BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB\n" + "OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL\n" + "dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb\n" + "HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08\n" + "WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3\n" + "F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3\n" + "a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe\n" + "oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/\n" + "MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P\n" + "MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH\n" + "VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc\n" + "4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s\n" + "V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK\n" + "VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u\n" + "f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv\n" + "ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* Triggers incorrect verification success on older versions */ +static const char *cve_2008_4989_chain[] = { + /* chain[0] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIB6zCCAVQCCQCgwnB/k0WZrDANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJE\n" + "RTEXMBUGA1UEChMOR05VIFRMUyBBdHRhY2sxFTATBgNVBAMTDGludGVybWVkaWF0\n" + "ZTAeFw0wODExMDMxMjA1MDRaFw0wODEyMDMxMjA1MDRaMDcxCzAJBgNVBAYTAkRF\n" + "MRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazEPMA0GA1UEAxMGc2VydmVyMIGfMA0G\n" + "CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKdL9g5ErMLOLRCjiomZlNLhy0moWGaKIW\n" + "aX6vyUIfh8d6FcArHoKoqhmX7ckvod50sOYPojQesDpl7gVaQNA6Ntr1VCcuNPef\n" + "UKWtEwL0Qu9JbPnUoIYd7mAaqVQgFp6W6yzV/dp63LH4XSdzBMhpZ/EU6vZoE8Sv\n" + "VLdqj5r6jwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAH4QRR7sZEbjW00tXYk/3O/Z\n" + "96AxJNg0F78W5B68gaJrLJ7DTE2RTglscuEq1+2Jyb4AIziwXpYqxgwcP91QpH97\n" + "XfwdXIcyjYvVLHiKmkQj2zJTY7MeyiEQQ2it8VstZG2fYmi2EiMZIEnyJ2JJ7bA7\n" + "bF7pG7Cg3oEHUM0H5KUU\n" + "-----END CERTIFICATE-----\n", + /* chain[1] (not signed by next cert) */ + "-----BEGIN CERTIFICATE-----\n" + "MIICADCCAWmgAwIBAgIJAIZ4nkHQAqTFMA0GCSqGSIb3DQEBBQUAMDUxCzAJBgNV\n" + "BAYTAkRFMRcwFQYDVQQKEw5HTlUgVExTIEF0dGFjazENMAsGA1UEAxMEcm9vdDAe\n" + "Fw0wODExMDMxMjA0NDVaFw0wODEyMDMxMjA0NDVaMD0xCzAJBgNVBAYTAkRFMRcw\n" + "FQYDVQQKEw5HTlUgVExTIEF0dGFjazEVMBMGA1UEAxMMaW50ZXJtZWRpYXRlMIGf\n" + "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvBpW8sAhIuUmNvcBE6wv/q7MtM1Z9\n" + "2I1SDL8eJ8I2nPg6BlCX+OIqNruynj8J7uPEQ04ZLwLxNXoyZa8057YFyrKLOvoj\n" + "5IfBtidsLWYv6PO3qqHJXVvwGdS7PKMuUlsjucCRyXVgQ07ODF7piqoVFi9KD99w\n" + "AU5+9plGrZNP/wIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA\n" + "A4GBAGPg+M+8MsB6zHN2o+jAtyqovrTTwmzVWEgfEH/aHC9+imGZRQ5lFNc2vdny\n" + "AgaJ9/izO5S6Ibb5zUowN2WhoUJOVipuQa2m9AviOgheoU7tmANC9ylm/pRkKy/0\n" + "n5UVzlKxDhRp/xBb7MWOw3KEQjiAf2Z3wCLcCPUqcJUdJC4v\n" + "-----END CERTIFICATE-----\n", + /* chain[2] (trusted CA cert) */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUF\n" + "ADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYG\n" + "A1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UE\n" + "CxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl\n" + "IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYx\n" + "MTE3MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTAT\n" + "BgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT\n" + "ZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJ\n" + "bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0\n" + "ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" + "AoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQ\n" + "LZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29\n" + "dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk6KHYcWUNo1F7\n" + "7rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/KaAcd\n" + "HJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR3\n" + "2HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA\n" + "MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7\n" + "W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7OR\n" + "tvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE\n" + "uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQ\n" + "aEfZYGDm/Ac9IiAXxPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqd\n" + "E8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+\n" + "MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+\n" + "fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* Chain length 3 ends with trusted v1 RSA-MD2 chain */ +static const char *verisign_com_chain[] = { + /* chain[0] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIGCDCCBPCgAwIBAgIQakrDGzEQ5utI8PxRo5oXHzANBgkqhkiG9w0BAQUFADCB\n" + "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n" + "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n" + "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n" + "HhcNMDcwNTA5MDAwMDAwWhcNMDkwNTA4MjM1OTU5WjCCAUAxEDAOBgNVBAUTBzI0\n" + "OTc4ODYxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVs\n" + "YXdhcmUxCzAJBgNVBAYTAlVTMQ4wDAYDVQQRFAU5NDA0MzETMBEGA1UECBMKQ2Fs\n" + "aWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzEiMCAGA1UECRQZNDg3IEVh\n" + "c3QgTWlkZGxlZmllbGQgUm9hZDEXMBUGA1UEChQOVmVyaVNpZ24sIEluYy4xJTAj\n" + "BgNVBAsUHFByb2R1Y3Rpb24gU2VjdXJpdHkgU2VydmljZXMxMzAxBgNVBAsUKlRl\n" + "cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjEZMBcGA1UE\n" + "AxQQd3d3LnZlcmlzaWduLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA\n" + "xxA35ev879drgQCpENGRQ3ARaCPz/WneT9dtMe3qGNvzXQJs6cjm1Bx8XegyW1gB\n" + "jJX5Zl4WWbr9wpAWZ1YyJ0bEyShIGmkU8fPfbcXYwSyWoWwvE5NRaUB2ztmfAVdv\n" + "OaGMUKxny2Dnj3tAdaQ+FOeRDJJYg6K1hzczq/otOfsCAwEAAaOCAf8wggH7MAkG\n" + "A1UdEwQCMAAwHQYDVR0OBBYEFPFaiZNVR0u6UfVO4MsWVfTXzDhnMAsGA1UdDwQE\n" + "AwIFoDA+BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vRVZJbnRsLWNybC52ZXJpc2ln\n" + "bi5jb20vRVZJbnRsMjAwNi5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAq\n" + "MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud\n" + "JQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgorBgEEAYI3CgMD\n" + "MB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMHYGCCsGAQUFBwEBBGow\n" + "aDArBggrBgEFBQcwAYYfaHR0cDovL0VWSW50bC1vY3NwLnZlcmlzaWduLmNvbTA5\n" + "BggrBgEFBQcwAoYtaHR0cDovL0VWSW50bC1haWEudmVyaXNpZ24uY29tL0VWSW50\n" + "bDIwMDYuY2VyMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAh\n" + "MB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dv\n" + "LnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQBEueAg\n" + "xZJrjGPKAZk1NT8VtTn0yi87i9XUnSOnkFkAuI3THDd+cWbNSUzc5uFJg42GhMK7\n" + "S1Rojm8FHxESovLvimH/w111BKF9wNU2XSOb9KohfYq3GRiQG8O7v9JwIjjLepkc\n" + "iyITx7sYiJ+kwZlrNBwN6TwVHrONg6NzyzSnxCg+XgKRbJu2PqEQb6uQVkYhb+Oq\n" + "Vi9d4by9YqpnuXImSffQ0OZ/6s3Rl6vY08zIPqa6OVfjGs/H45ETblzezcUKpX0L\n" + "cqnOwUB9dVuPhtlX3X/hgz/ROxz96NBwwzha58HUgfEfkVtm+piI6TTI7XxS/7Av\n" + "nKMfhbyFQYPQ6J9g\n" + "-----END CERTIFICATE-----\n", + /* chain[1] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIGCjCCBPKgAwIBAgIQESoAbTflEG/WynzD77rMGDANBgkqhkiG9w0BAQUFADCB\n" + "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" + "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" + "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" + "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMTYxMTA3MjM1OTU5WjCBvjEL\n" + "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n" + "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMvVmVy\n" + "aVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0EwggEi\n" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Voi6iDRkZM/NyrDu5xlzxXLZ\n" + "u0W8taj/g74cA9vtibcuEBolvFXKQaGfC88ZXnC5XjlLnjEcX4euKqqoK6IbOxAj\n" + "XxOx3QiMThTag4HjtYzjaO0kZ85Wtqybc5ZE24qMs9bwcZOO23FUSutzWWqPcFEs\n" + "A5+X0cwRerxiDZUqyRx1V+n1x+q6hDXLx4VafuRN4RGXfQ4gNEXb8aIJ6+s9nriW\n" + "Q140SwglHkMaotm3igE0PcP45a9PjP/NZfAjTsWXs1zakByChQ0GDcEitnsopAPD\n" + "TFPRWLxyvAg5/KB2qKjpS26IPeOzMSWMcylIDjJ5Bu09Q/T25On8fb6OCNUfAgMB\n" + "AAGjggH0MIIB8DAdBgNVHQ4EFgQUTkPIHXbvN1N6T/JYb5TzOOLVvd8wEgYDVR0T\n" + "AQH/BAgwBgEB/wIBADA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczA9BgNVHR8ENjA0MDKgMKAuhixo\n" + "dHRwOi8vRVZTZWN1cmUtY3JsLnZlcmlzaWduLmNvbS9wY2EzLWc1LmNybDAgBgNV\n" + "HSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDgYDVR0PAQH/BAQDAgEGMBEG\n" + "CWCGSAGG+EIBAQQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFn\n" + "ZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRw\n" + "Oi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjApBgNVHREEIjAgpB4wHDEa\n" + "MBgGA1UEAxMRQ2xhc3MzQ0EyMDQ4LTEtNDgwPQYIKwYBBQUHAQEEMTAvMC0GCCsG\n" + "AQUFBzABhiFodHRwOi8vRVZTZWN1cmUtb2NzcC52ZXJpc2lnbi5jb20wHwYDVR0j\n" + "BBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBAFqi\n" + "sb/rjdQ4qIBywtw4Lqyncfkro7tHu21pbxA2mIzHVi67vKtKm3rW8oKT4BT+is6D\n" + "t4Pbk4errGV5Sf1XqbHOCR+6EBXECQ5i4/kKJdVkmPDyqA92Mn6R5hjuvOfa0E6N\n" + "eLvincBZK8DOlQ0kDHLKNF5wIokrSrDxaIfz7kSNKEB3OW5IckUxXWs5DoYC6maZ\n" + "kzEP32fepp+MnUzOcW86Ifa5ND/5btia9z7a84Ffelxtj3z2mXS3/+QXXe1hXqtI\n" + "u5aNZkU5tBIK9nDpnHYiS2DpKhs0Sfei1GfAsSatE7rZhAHBq+GObXAWO3eskZq7\n" + "Gh/aWKfkT8Fhrryi/ks=\n" + "-----END CERTIFICATE-----\n", + /* chain[2] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIE/zCCBGigAwIBAgIQY5Jrio9Agv2swDvTeCmmwDANBgkqhkiG9w0BAQUFADBf\n" + "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n" + "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" + "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n" + "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n" + "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n" + "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n" + "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n" + "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n" + "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n" + "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n" + "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n" + "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n" + "AAGjggHKMIIBxjAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n" + "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjBt\n" + "BggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIa\n" + "BBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5j\n" + "b20vdnNsb2dvLmdpZjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7Lvw\n" + "MAnzQzn6Aq8zMTMwgYAGA1UdIwR5MHehY6RhMF8xCzAJBgNVBAYTAlVTMRcwFQYD\n" + "VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp\n" + "bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eYIQcLrkHRDZKTS2OMp7A8y6vzAg\n" + "BgNVHSUEGTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQAD\n" + "gYEAUNfnArcMK6xK11/59ADJdeNqKOck4skH3qw6WCAYQxfrcn4eobTInOn5G3Gu\n" + "39g6DapSHmBex2UtZSxvKnJVlWYQgE4P4wGoXdzV69YdCNssXNVVc59DYhDH05dZ\n" + "P4sJH99fucYDkJjUgRUYw35ww0OFwKgUp3CxiizbXxCqEQc=\n" + "-----END CERTIFICATE-----\n", + /* chain[3] (CA) */ + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* Chain length 2 ends with trusted v1 RSA-MD2 cert */ +static const char *citibank_com_chain[] = { + /* chain[0] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIENDCCA52gAwIBAgIQauOJMlH5Ob2tFZ6rJMBdjjANBgkqhkiG9w0BAQUFADCB\n" + "ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy\n" + "aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy\n" + "dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg\n" + "SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w\n" + "ODA4MjkwMDAwMDBaFw0xMDA4MjkyMzU5NTlaMHgxCzAJBgNVBAYTAlVTMRMwEQYD\n" + "VQQIEwpOZXcgSmVyc2V5MRIwEAYDVQQHFAlXZWVoYXdrZW4xEjAQBgNVBAoUCUNp\n" + "dGlncm91cDERMA8GA1UECxQId2hnLW9hazYxGTAXBgNVBAMUEHd3dy5jaXRpYmFu\n" + "ay5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALQJbSYtbndsIlslFveP\n" + "IlVNE38HnUD56BHcwfvcb8rQItXeHzYmgOf/RgHPTKG3LEZOxKqM0QpcZtEJ6xwV\n" + "cTG7Wjw/FrMisN8aO4JWaxe8dFGajstlEMxz43G5zlprb9jzjnbIvvcnz0ILikOQ\n" + "qmcThopBTs1+d4j7w/yEJo1zAgMBAAGjggF6MIIBdjAJBgNVHRMEAjAAMAsGA1Ud\n" + "DwQEAwIFoDBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8vY3JsLnZlcmlzaWduLmNv\n" + "bS9DbGFzczNJbnRlcm5hdGlvbmFsU2VydmVyLmNybDBEBgNVHSAEPTA7MDkGC2CG\n" + "SAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNv\n" + "bS9ycGEwKAYDVR0lBCEwHwYJYIZIAYb4QgQBBggrBgEFBQcDAQYIKwYBBQUHAwIw\n" + "NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2ln\n" + "bi5jb20wbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAH\n" + "BgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udmVy\n" + "aXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4GBAFDXKsxtWkoo\n" + "HBkNjcCvcnjNAo3Pe+eOtLHb39e5qhkNQLPGA/1/7AofY9KmEtSV2LVGeuuJI4Pi\n" + "Lg7fPl9Q0OE/oHJpj5JkObBP9Wo1vbrDR2nGWUlCRWm20rH81dTn7OcDxarwGWsR\n" + "ewTCNmpKYaMx8Q1dyMYunHJApu+fbrHu\n" + "-----END CERTIFICATE-----\n", + /* chain[1] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIDgzCCAuygAwIBAgIQJUuKhThCzONY+MXdriJupDANBgkqhkiG9w0BAQUFADBf\n" + "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n" + "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" + "HhcNOTcwNDE3MDAwMDAwWhcNMTExMDI0MjM1OTU5WjCBujEfMB0GA1UEChMWVmVy\n" + "aVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAx\n" + "BgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3Mg\n" + "MzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4g\n" + "TElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOB\n" + "jQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx\n" + "veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01O\n" + "OfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOB\n" + "4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw\n" + "KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNV\n" + "HSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEI\n" + "ATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAk\n" + "oCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEB\n" + "BQUAA4GBAAgB7ORolANC8XPxI6I63unx2sZUxCM+hurPajozq+qcBBQHNgYL+Yhv\n" + "1RPuKSvD5HKNRO3RrCAJLeH24RkFOLA9D59/+J4C3IYChmFOJl9en5IeDCSk9dBw\n" + "E88mw0M9SR2egi5SX7w+xmYpAY5Okiy8RnUDgqxz6dl+C2fvVFIa\n" + "-----END CERTIFICATE-----\n", + /* chain[2] (CA) */ + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* Self-signed certificate */ +static const char *pem_self_cert[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDgjCCAmygAwIBAgIBADALBgkqhkiG9w0BAQUwSzELMAkGA1UEBhMCQlIxFDAS\n" + "BgNVBAoTC01pbmFzIExpdnJlMSYwJAYDVQQDEx1UaGFkZXUgTGltYSBkZSBTb3V6\n" + "YSBDYXNjYXJkbzAeFw0wODA1MzAxOTUzNDNaFw0wODExMjYxOTUzNDNaMEsxCzAJ\n" + "BgNVBAYTAkJSMRQwEgYDVQQKEwtNaW5hcyBMaXZyZTEmMCQGA1UEAxMdVGhhZGV1\n" + "IExpbWEgZGUgU291emEgQ2FzY2FyZG8wggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIB\n" + "CQKCAQC4D934O6wrXJbMyu1w8gu6nN0aNUDGqrX9UgaB/4xVuYhPlhjH0z9Dqic9\n" + "0pEZmyNCjQmzDSg/hnlY3fBG0i9Iel2oYn1UB4SdcJ2qGkLS87y2ZbMTS1oyMR7/\n" + "y9l3WGEWqwgjIvOjGstcZo0rCIF8Qr21QGX22KWg2HXlMaZyA9bGtJ+L+x6f2hoo\n" + "yIPCA30VMvIgHjOSPQJF3iJFE4Uxq1PQ65W91NyI6/bRKFOmFdCUJW8tqqvntYP8\n" + "hEE08wGlKimFNv7CqZuRI8QuOnhZ7pBXkyvQpW8yHrORlOHxSjkNQKjddt92TCJb\n" + "1q6eKv2CtCuDLgCuIy0Onr4U9n+hAgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8w\n" + "HgYDVR0RBBcwFYITbWFpbC5taW5hc2xpdnJlLm9yZzATBgNVHSUEDDAKBggrBgEF\n" + "BQcDATAPBgNVHQ8BAf8EBQMDB6QAMB0GA1UdDgQWBBQ/5v42y0jBHUKEfqpPmr5a\n" + "WsjCGjALBgkqhkiG9w0BAQUDggEBAC/WfO2yK3vM9bG0qFEj8sd0cWiapMhf5PtH\n" + "jigcPb/OKqSFQVXpAdNiUclPRP79Ih3CuWiXfZ/CW0+k2Z8tyy6AnEQItWvoVh/b\n" + "8lS7Ph/f9JUYHp2DtgsQWcNQbrUZOPFBu8J4MD6cDWG5Uxwl3YASg30ZdmMDNT8B\n" + "HshYz0HUOAhYwVSI3J/f7LFhD5OpjSroHgE7wA9UJrerAp9f7e3e9D7kNQ8DlvLP\n" + "kz6Jh+5M/xD3JO1yl+evaCp3LA+z4M2xiNvtzkAEgj3t6RaJ81Sh5XGiooDYZ14R\n" + "DgEBYLTUfBYBPzoaahPEdG/f0kUjUBJ34fkBUSjJKURPTHJfDfA=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* Chain length 2, CA constraint FALSE in v3 CA cert)*/ +static const char *thea_chain[] = { + /* chain[0] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIC7DCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJERTEM\n" + "MAoGA1UECBMDUkxQMSAwHgYDVQQKExdUZWNobmlzY2hlIFVuaXZlcnNpdGFldDEb\n" + "MBkGA1UECxMSRmFjaGJlcmVpY2ggUGh5c2lrMQswCQYDVQQDEwJDQTAeFw0wODA5\n" + "MTExMDUyMDdaFw0xODA5MDkxMDUyMDdaMIGTMQswCQYDVQQGEwJERTEMMAoGA1UE\n" + "CBMDUkxQMRcwFQYDVQQHEw5LYWlzZXJzbGF1dGVybjEgMB4GA1UEChMXVGVjaG5p\n" + "c2NoZSBVbml2ZXJzaXRhZXQxGzAZBgNVBAsTEkZhY2hiZXJlaWNoIFBoeXNpazEe\n" + "MBwGA1UEAxMVdGhlYS5waHlzaWsudW5pLWtsLmRlMIGfMA0GCSqGSIb3DQEBAQUA\n" + "A4GNADCBiQKBgQC/gTUrXSeNvuRH+ibdR7zvlCGs+66C6tDaq14SpEDiY/FEw/S4\n" + "mkhsHohiQkmqpcPJ0FONok7bvJryKZwwhGFHeESvvWjFVNIdxFgf6Jx2McKsRzBD\n" + "nbgVNeK6bywh2L5WgOeckRm0vUxCwX+jWtETorNHSYnZI9smmBtJ1FIPkQIDAQAB\n" + "o3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl\n" + "ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUS0IiRshnnlH2bneYeCn6OkY9nZAwHwYD\n" + "VR0jBBgwFoAU+rCwSUUzK53X9W5otZG4okyY/rswDQYJKoZIhvcNAQEFBQADgYEA\n" + "g0f6XFxpUL2hncpQcnKorNYdOkZkZHiKqu2SINtla+IbLZFO4nVVO+LKt+RCo2o7\n" + "tZIMLEU3aCeH5dgSEKQeyL5MPMg3MbA6ezjOBTkT/YgngzM4CMLOKcvAMLncfH/z\n" + "GYBW1DXijIy1r/SxO0k9zy8OEtKeOOUO0GqQTWuTOOg=\n" + "-----END CERTIFICATE-----\n", + /* chain[1] (CA) */ + "-----BEGIN CERTIFICATE-----\n" + "MIICvzCCAiigAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJERTEM\n" + "MAoGA1UECBMDUkxQMSAwHgYDVQQKExdUZWNobmlzY2hlIFVuaXZlcnNpdGFldDEb\n" + "MBkGA1UECxMSRmFjaGJlcmVpY2ggUGh5c2lrMQswCQYDVQQDEwJDQTAeFw0wODA5\n" + "MTExMDQ3NDRaFw0xODA5MDkxMDQ3NDRaMGcxCzAJBgNVBAYTAkRFMQwwCgYDVQQI\n" + "EwNSTFAxIDAeBgNVBAoTF1RlY2huaXNjaGUgVW5pdmVyc2l0YWV0MRswGQYDVQQL\n" + "ExJGYWNoYmVyZWljaCBQaHlzaWsxCzAJBgNVBAMTAkNBMIGfMA0GCSqGSIb3DQEB\n" + "AQUAA4GNADCBiQKBgQC76RbqsB5J+VvU1KbBCrkIL3lgY8BxgFvYF3HiHgxtCdqq\n" + "BmRpAaDBcVAuEb1ihhP68181sYQ1UPMY+zwBwXVNSVvjeBba1JjGmagwPnJXOCay\n" + "7Cw5orY8KB7U33neEOGrlz1EKQGVaPsr993wGD/7AmntuVuxrRVpzoDP5s0PIwID\n" + "AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy\n" + "YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+rCwSUUzK53X9W5otZG4okyY/rsw\n" + "HwYDVR0jBBgwFoAU+rCwSUUzK53X9W5otZG4okyY/rswDQYJKoZIhvcNAQEFBQAD\n" + "gYEAUT+LmosiDHGuLAZmY40obam0eexJzn/g++mDy3FMh3WmMBKSsfwFsFsQ4k7N\n" + "lv1SCfTYeh2hpw/DQzkiYZUkcQI4mBR4hG5Zv56AfYQLGeLtN4VOOCMxguftvzv0\n" + "kziQa2QW+VzVJqV1gpRCRT30Jaa9s4u6ipO9DT5N03F4CcI=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* Chain length 3 ends with trusted v1 RSA-MD2 cert, similar to + verisign_com_chain above */ +static const char *hbci_chain[] = { + /* chain[0] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEczCCA9ygAwIBAgIQeODCPg2RbK2r7/1KoWjWZzANBgkqhkiG9w0BAQUFADCB\n" + "ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy\n" + "aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy\n" + "dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg\n" + "SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w\n" + "ODA2MTAwMDAwMDBaFw0wOTA3MzAyMzU5NTlaMIG2MQswCQYDVQQGEwJERTEPMA0G\n" + "A1UECBMGSGVzc2VuMRowGAYDVQQHFBFGcmFua2Z1cnQgYW0gTWFpbjEsMCoGA1UE\n" + "ChQjU3Bhcmthc3NlbiBJbmZvcm1hdGlrIEdtYkggJiBDby4gS0cxKTAnBgNVBAsU\n" + "IFRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tMSEwHwYDVQQDFBhoYmNp\n" + "LXBpbnRhbi1ycC5zLWhiY2kuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\n" + "AK1CdQ9lqmChZWaRAInimuK7I36VImTuAVU0N6BIS4a2BbblkiekbVf15GVHGb6e\n" + "QV06ANN6Nd8XIdfoxi3LoAs8sa+Ku7eoEsRFi/XIU96GgtFlxf3EsVA9RbGdtfer\n" + "9iJGIBae2mJTlk+5LVg2EQr50PJlBuTgiYFc41xs9O2RAgMBAAGjggF6MIIBdjAJ\n" + "BgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBGBgNVHR8EPzA9MDugOaA3hjVodHRwOi8v\n" + "Y3JsLnZlcmlzaWduLmNvbS9DbGFzczNJbnRlcm5hdGlvbmFsU2VydmVyLmNybDBE\n" + "BgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v\n" + "d3d3LnZlcmlzaWduLmNvbS9ycGEwKAYDVR0lBCEwHwYJYIZIAYb4QgQBBggrBgEF\n" + "BQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw\n" + "Oi8vb2NzcC52ZXJpc2lnbi5jb20wbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJ\n" + "aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYk\n" + "aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEB\n" + "BQUAA4GBAJ03R0YAjYzlWm54gMSn6MqJi0mHdLCO2lk3CARwjbg7TEYAZvDsKqTd\n" + "cRuhNk079BqrQ3QapffeN55SAVrc3mzHO54Nla4n5y6x3XIQXVvRjbJGwmWXsdvr\n" + "W899F/pBEN30Tgdbmn7JR/iZlGhIJpY9Us1i7rwQhKYir9ZQBdj3\n" + "-----END CERTIFICATE-----\n", + /* chain[1] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIDgzCCAuygAwIBAgIQJUuKhThCzONY+MXdriJupDANBgkqhkiG9w0BAQUFADBf\n" + "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n" + "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" + "HhcNOTcwNDE3MDAwMDAwWhcNMTExMDI0MjM1OTU5WjCBujEfMB0GA1UEChMWVmVy\n" + "aVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAx\n" + "BgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3Mg\n" + "MzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4g\n" + "TElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOB\n" + "jQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx\n" + "veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01O\n" + "OfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOB\n" + "4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw\n" + "KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNV\n" + "HSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEI\n" + "ATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAk\n" + "oCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEB\n" + "BQUAA4GBAAgB7ORolANC8XPxI6I63unx2sZUxCM+hurPajozq+qcBBQHNgYL+Yhv\n" + "1RPuKSvD5HKNRO3RrCAJLeH24RkFOLA9D59/+J4C3IYChmFOJl9en5IeDCSk9dBw\n" + "E88mw0M9SR2egi5SX7w+xmYpAY5Okiy8RnUDgqxz6dl+C2fvVFIa\n" + "-----END CERTIFICATE-----\n", + /* chain[2] */ + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* End-entity cert signed using RSA-MD5. */ +static const char *mayfirst_chain[] = { + /* chain[0] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIDVTCCAr6gAwIBAgIDCHp1MA0GCSqGSIb3DQEBBAUAMFoxCzAJBgNVBAYTAlVT\n" + "MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4\n" + "IFNlY3VyZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwHhcNMDgwNTE5MDUyOTE5WhcN\n" + "MDkxMDE5MDUyOTE5WjCBxDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFHN1cHBvcnQu\n" + "bWF5Zmlyc3Qub3JnMRMwEQYDVQQLEwpHVDY5MDc5ODgwMTEwLwYDVQQLEyhTZWUg\n" + "d3d3LnJhcGlkc3NsLmNvbS9yZXNvdXJjZXMvY3BzIChjKTA3MS8wLQYDVQQLEyZE\n" + "b21haW4gQ29udHJvbCBWYWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEdMBsGA1UEAxMU\n" + "c3VwcG9ydC5tYXlmaXJzdC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB\n" + "AN0TWIZwJ/hIfMHc08/bBMlzZ5WucJqEvxU/ZnxPo/H6V/m4v1iLpM2hip2c5cg0\n" + "BcEMc/TBHQ1UEV8sb0Lh91kWfiMB1Sp+L2Fpz/wnhsivXC5j6jq9IcPqmOZOXBYX\n" + "k04W1B6FKTvk9KrZJ0at2J44hp4SsAfWQI0eCKuas+R1AgMBAAGjgb0wgbowDgYD\n" + "VR0PAQH/BAQDAgTwMB0GA1UdDgQWBBS0D4iuCxp35TLADTkINq2AhgTYVTA7BgNV\n" + "HR8ENDAyMDCgLqAshipodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL2dsb2Jh\n" + "bGNhMS5jcmwwHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1draGwwHQYDVR0l\n" + "BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcN\n" + "AQEEBQADgYEAXNWYnrO1mZgBSCwPlWhVa2aOKGCFmehLIcAPEBN+8xhXuOeigYBm\n" + "ic5ShCO583ttgHNCV3Y5dW9sNhv1US4vSb6soKjgUlG11fJKUqU8mwFKvbs7TUSq\n" + "j6h+1uvlfFI34WzODjJloY4QSM7FmbnW+HCiFKYyvra3iUqjcl9AeR4=\n" + "-----END CERTIFICATE-----\n", + /* chain[1] (CA) */ + "-----BEGIN CERTIFICATE-----\n" + "MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJV\n" + "UzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1\n" + "aWZheCBTZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0\n" + "MDAwMFoXDTIwMDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoT\n" + "E0VxdWlmYXggU2VjdXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJl\n" + "IEdsb2JhbCBlQnVzaW5lc3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw\n" + "gYkCgYEAuucXkAJlsTRVPEnCUdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQy\n" + "td4zjTov2/KaelpzmKNc6fuKcxtc58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORR\n" + "OhI8bIpaVIRw28HFkM9yRcuoWcDNM50/o5brhTMhHD4ePmBudpxnhcXIw2EC\n" + "AwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAHMA8GA1UdEwEB/wQFMAMBAf8w\n" + "HwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1draGwwHQYDVR0OBBYEFL6o\n" + "oHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUAA4GBADDiAVGqx+pf\n" + "2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkAZ70Br83gcfxa\n" + "z2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv8qIYNMR1\n" + "pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* Test V1 CA without basicConstraint. */ +static const char *v1ca[] = { + /* chain[0] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIE/zCCA+egAwIBAgIQBSsgZODO6vk6ayagofBQJDANBgkqhkiG9w0BAQUFADCB\n" + "sDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n" + "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMh\n" + "VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBMB4XDTA4MDUwNTAwMDAw\n" + "MFoXDTA5MDUyMjIzNTk1OVowczELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlu\n" + "b2lzMRAwDgYDVQQHFAdEdSBQYWdlMSQwIgYDVQQKFBtBcmdvbm5lIE5hdGlvbmFs\n" + "IExhYm9yYXRvcnkxGTAXBgNVBAMUEGF1dGgyLml0LmFubC5nb3YwgZ8wDQYJKoZI\n" + "hvcNAQEBBQADgY0AMIGJAoGBAMg6YPOXsPQedkLUug3RoMjv/OB+SfuDgGXxtef5\n" + "iE0SjCcsKT5v+bfxt2+ccs7IN7kWn1luJ5NTb0ZrdE6LQoYp9oLsaX/ukOnxKUMY\n" + "YhJJyHgutPtwyPvfZTZPpATWycJnZGIehY1S6thwxeofUyE3ykec2lalULzwXgel\n" + "iC97AgMBAAGjggHTMIIBzzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBEBgNVHR8E\n" + "PTA7MDmgN6A1hjNodHRwOi8vU1ZSU2VjdXJlLWNybC52ZXJpc2lnbi5jb20vU1ZS\n" + "U2VjdXJlMjAwNS5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAqMCgGCCsG\n" + "AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMB0GA1UdJQQWMBQG\n" + "CCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBRv7K+g3Yqk7/UqEGctP1WC\n" + "vNfvJTB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZl\n" + "cmlzaWduLmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL1NWUlNlY3VyZS1haWEudmVy\n" + "aXNpZ24uY29tL1NWUlNlY3VyZTIwMDUtYWlhLmNlcjBuBggrBgEFBQcBDARiMGCh\n" + "XqBcMFowWDBWFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBRLa7kolgYMu9BSOJsp\n" + "rEsHiyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYw\n" + "DQYJKoZIhvcNAQEFBQADggEBAEAKzE4gXeyjRDBSgAgWIaCozbWK+b1ct4aZhWZt\n" + "ihAyASxsNgDjDJzkInINjXoO5FWuJHDuoyyWHBQBb7t96+KgFu/4ye90VUDNTuin\n" + "mmqdOKeLSHVnlhfvGLCdrhWSWg/jZmAjYrXYRwkvxehl9IcHmOgNrHV3INdrSTdZ\n" + "ZCVLL74tuMqhMMm/NJ0tdEmWgpJe+/0dky2F2gAB+mFXlyzFvCLoyS2Vl0PW/BxM\n" + "Ly5t+scmAbgni9gzmFTNhbKHd0s2UE395z4ra6fUdZ0BClFgMDvUnb6kJ/uyKRSa\n" + "h7uQbWFJbA8aNgGLvfTf6o9n+GwbZkcgtBgIVENt8wzqg2I=\n" + "-----END CERTIFICATE-----\n", + /* chain[1] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIEnDCCBAWgAwIBAgIQdTN9mrDhIzuuLX3kRpFi1DANBgkqhkiG9w0BAQUFADBf\n" + "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n" + "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" + "HhcNMDUwMTE5MDAwMDAwWhcNMTUwMTE4MjM1OTU5WjCBsDELMAkGA1UEBhMCVVMx\n" + "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n" + "dCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cu\n" + "dmVyaXNpZ24uY29tL3JwYSAoYykwNTEqMCgGA1UEAxMhVmVyaVNpZ24gQ2xhc3Mg\n" + "MyBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\n" + "AQEAlcMhEo5AxQ0BX3ZeZpTZcyxYGSK4yfx6OZAqd3J8HT732FXjr0LLhzAC3Fus\n" + "cOa4RLQrNeuT0hcFfstG1lxToDJRnXRkWPkMmgDqXkRJZHL0zRDihQr5NO6ziGap\n" + "paRa0A6Yf1gNK1K7hql+LvqySHyN2y1fAXWijQY7i7RhB8m+Ipn4G9G1V2YETTX0\n" + "kXGWtZkIJZuXyDrzILHdnpgMSmO3ps6wAc74k2rzDG6fsemEe4GYQeaB3D0s57Rr\n" + "4578CBbXs9W5ZhKZfG1xyE2+xw/j+zet1XWHIWuG0EQUWlR5OZZpVsm5Mc2JYVjh\n" + "2XYFBa33uQKvp/1HkaIiNFox0QIDAQABo4IBgTCCAX0wEgYDVR0TAQH/BAgwBgEB\n" + "/wIBADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0\n" + "dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwMQYDVR0fBCowKDAmoCSgIoYgaHR0\n" + "cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH/BAQDAgEGMBEG\n" + "CWCGSAGG+EIBAQQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRQ2xhc3Mz\n" + "Q0EyMDQ4LTEtNDUwHQYDVR0OBBYEFG/sr6DdiqTv9SoQZy0/VYK81+8lMIGABgNV\n" + "HSMEeTB3oWOkYTBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIElu\n" + "Yy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlv\n" + "biBBdXRob3JpdHmCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQEFBQADgYEA\n" + "w34IRl2RNs9n3Nenr6+4IsOLBHTTsWC85v63RBKBWzFzFGNWxnIu0RoDQ1w4ClBK\n" + "Tc3athmo9JkNr+P32PF1KGX2av6b9L1S2T/L2hbLpZ4ujmZSeD0m+v6UNohKlV4q\n" + "TBnvbvqCPy0D79YoszcYz0KyNCFkR9MgazpM3OYDkAw=\n" + "-----END CERTIFICATE-----\n", + /* chain[2] (CA) */ + "-----BEGIN CERTIFICATE-----\n" + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzEL\n" + "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQL\n" + "Ey5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y\n" + "aXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UE\n" + "BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGf\n" + "MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69q\n" + "RUCPhAwL0TPZ2RHP7gJYHyX3KqhEBarsAx94f56TuZoAqiN91qyFomNFx3In\n" + "zPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/isI19wKTakyYbnsZogy1Olhec9vn2a\n" + "/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0GCSqGSIb3DQEBAgUAA4GBALtM\n" + "EivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Dolbwdj2wsqFHMc9ikwFPw\n" + "TtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNycAA9WjQKZ7aKQRUzk\n" + "uxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* Test CACert chain with RSA-MD5 signature. */ +static const char *cacertrsamd5[] = { + /* chain[0] (EE cert) */ + "-----BEGIN CERTIFICATE-----\n" + "MIIE3zCCAsegAwIBAgICbmgwDQYJKoZIhvcNAQEFBQAwVDEUMBIGA1UEChMLQ0Fj\n" + "ZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZzEcMBoGA1UE\n" + "AxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDAeFw0wOTAxMTYyMjI5NDdaFw0xMTAxMTYy\n" + "MjI5NDdaMBsxGTAXBgNVBAMTEGZyeS5zZXJ2ZXJhbWEuZGUwgZ8wDQYJKoZIhvcN\n" + "AQEBBQADgY0AMIGJAoGBAMh3WSR8Dxw/zDAZpHMjA1To0HJIaoyR9TqzQfLgn7Yr\n" + "sQFrRMefVMWYHiEFAVJTRcO5GuUtkw3IxALLlyNMl7xJbZESzRKw3Tz3NtM3DopB\n" + "8L7rI8ANy7Hh6P5QRMWJ9OJyiLhSpAi0TuJeGr+kKovHRj64V2/NtoPgDsytHMt9\n" + "AgMBAAGjggF2MIIBcjAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMC\n" + "BggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAz\n" + "BggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5v\n" + "cmcvMIHpBgNVHREEgeEwgd6CEGZyeS5zZXJ2ZXJhbWEuZGWgHgYIKwYBBQUHCAWg\n" + "EgwQZnJ5LnNlcnZlcmFtYS5kZYIQZnJ5LnNlcnZlcmFtYS5kZaAeBggrBgEFBQcI\n" + "BaASDBBmcnkuc2VydmVyYW1hLmRlghIqLmZyeS5zZXJ2ZXJhbWEuZGWgIAYIKwYB\n" + "BQUHCAWgFAwSKi5mcnkuc2VydmVyYW1hLmRlggd6cHViLmRloBUGCCsGAQUFBwgF\n" + "oAkMB3pwdWIuZGWCCSouenB1Yi5kZaAXBggrBgEFBQcIBaALDAkqLnpwdWIuZGUw\n" + "DQYJKoZIhvcNAQEFBQADggIBAEWSsOlLbjdRjijMmOnDc2RcLQ5PQC9pjUW+bzGR\n" + "KTJbf8Hf/wSdmHAam+UsIM6HzdQVi058dGyb8/NJQJD+9Dgv1m57x1prLerkt6xq\n" + "UQCYmOpMxCJOykLqzEUnou9WtL5FaD+wBlOuqWFy0Cy2O3LHXkSkaMR+gdxC4pkI\n" + "wSkI2SDdC0juvnoVI7iBaaIhYI/1FwV56hc6lxsAslf0NbtiiwhneVbHm5XRK1d4\n" + "tabVKwOHnEuDyAnZd1yM1EqXKz+NwBlhoKWhC0fVUByID5A2WGEejBJcW/lVrYft\n" + "4+sJpnwS+/VDS5yrDXMqMdYGE8TVMy7RsaoUdaeFQYv4Go48BBGDJB5uEkBJiSq8\n" + "ViZA4iEKujBa5zKJ+CZXy3D/eHLBKUL+ayc9dLeeFTPZU0jYb83kE1wtlnWwF4J1\n" + "8lUQI10nLFg+ALoZoAmFZej19XgbyG6im+ZRFuwrpV6F3HJRP+AMNInsLoQTuD9I\n" + "l2gftVaIU1MqUmVMBcUeeNXG1BZ9vRonKzAC4Otfk1B6aW4Lz0E+sZ+HfCMicD3j\n" + "N01KAeNZ64j8emgnLffurb7qUWbanTpMEzxrelBRufxJkXcn6BcFcxPBVgFnsMgF\n" + "tP7e7N/cm55pI8Et+Gjp+ORJetSio118yu9bf7etSAJWOS6tQ2Ac7JeKP+a8jsvq\n" + "Uyx7\n" + "-----END CERTIFICATE-----\n", + /* chain[1] (Class 3 CA) */ + "-----BEGIN CERTIFICATE-----\n" + "MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n" + "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n" + "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n" + "Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS\n" + "BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v\n" + "cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB\n" + "AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9\n" + "4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB\n" + "Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J\n" + "0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ\n" + "FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx\n" + "bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q\n" + "SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb\n" + "6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV\n" + "m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g\n" + "eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG\n" + "kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7\n" + "6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG\n" + "CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc\n" + "aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB\n" + "gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w\n" + "aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6\n" + "tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0\n" + "nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M\n" + "77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV\n" + "Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L\n" + "ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM\n" + "zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU\n" + "rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF\n" + "YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT\n" + "oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu\n" + "FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB\n" + "0m6lG5kngOcLqagA\n" + "-----END CERTIFICATE-----\n", + /* chain[2] (Root CA) */ + "-----BEGIN CERTIFICATE-----\n" + "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n" + "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n" + "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n" + "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n" + "BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi\n" + "MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ\n" + "ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC\n" + "CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ\n" + "8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6\n" + "zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y\n" + "fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7\n" + "w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc\n" + "G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k\n" + "epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q\n" + "laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ\n" + "QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU\n" + "fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826\n" + "YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w\n" + "ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY\n" + "gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe\n" + "MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0\n" + "IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy\n" + "dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw\n" + "czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0\n" + "dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl\n" + "aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC\n" + "AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg\n" + "b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB\n" + "ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc\n" + "nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg\n" + "18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c\n" + "gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl\n" + "Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY\n" + "sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T\n" + "SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF\n" + "CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum\n" + "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n" + "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n" + "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* Test Certicom cert with ECC-SHA256 signature. */ +static const char *ecc_cert[] = { + /* chain[0] (ECC cert) */ +"-----BEGIN CERTIFICATE-----\n" +"MIICbzCCAhSgAwIBAgIIZLkW6EZO5PQwCgYIKoZIzj0EAwIwgZsxFDASBgNVBAsT\n" +"C1NBTVBMRSBPTkxZMRcwFQYDVQQKEw5DZXJ0aWNvbSBDb3JwLjEQMA4GA1UEBxMH\n" +"VG9yb250bzEQMA4GA1UEBBMHT250YXJpbzE5MDcGA1UEAxMwdGxzLnNlY2cub3Jn\n" +"IEVDQyBzZWNwMjU2cjEgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQswCQYDVQQGEwJD\n" +"QTAeFw0wOTA1MDcwMDAwMDBaFw0xNTA1MDEwMDAwMDBaMIGYMRQwEgYDVQQLEwtT\n" +"QU1QTEUgT05MWTEXMBUGA1UEChMOQ2VydGljb20gQ29ycC4xEDAOBgNVBAcTB1Rv\n" +"cm9udG8xEDAOBgNVBAgTB09udGFyaW8xNjA0BgNVBAMTLXRscy5zZWNnLm9yZyBF\n" +"Q0Mgc2VjcDI1NnIxIFNlcnZlciBDZXJ0aWZpY2F0ZTELMAkGA1UEBhMCQ0EwWTAT\n" +"BgcqhkjOPQIBBggqhkjOPQMBBwNCAATf63kPhr3D6a2scrHWVr0oOXQMnBDT6Jv/\n" +"ifqzt4/xTbXsZNEyD96nyh82sk0tM+FVfBlsIwGc7vqBfyq0mC/Io0MwQTAOBgNV\n" +"HQ8BAf8EBAMCA4gwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwFwYDVR0RBBAwDoIM\n" +"dGxzLnNlY2cub3JnMAoGCCqGSM49BAMCA0kAMEYCIQDfacZHsdsj6SXQ2hyJS4Do\n" +"SMclqGLo2Sop7hfAeEJA+wIhAOMo7eLya44SIcuzrLBpg29g5ZzYOeuEzRcg9mch\n" +"AB1w\n" +"-----END CERTIFICATE-----\n", +"-----BEGIN CERTIFICATE-----\n" +"MIICTjCCAfagAwIBAgIICvq6Bj3Av6EwCQYHKoZIzj0EATCBmzEUMBIGA1UECxML\n" +"U0FNUExFIE9OTFkxFzAVBgNVBAoTDkNlcnRpY29tIENvcnAuMRAwDgYDVQQHEwdU\n" +"b3JvbnRvMRAwDgYDVQQEEwdPbnRhcmlvMTkwNwYDVQQDEzB0bHMuc2VjZy5vcmcg\n" +"RUNDIHNlY3AyNTZyMSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAkNB\n" +"MB4XDTA2MDUwMTAwMDAwMFoXDTE1MDUwMTAwMDAwMFowgZsxFDASBgNVBAsTC1NB\n" +"TVBMRSBPTkxZMRcwFQYDVQQKEw5DZXJ0aWNvbSBDb3JwLjEQMA4GA1UEBxMHVG9y\n" +"b250bzEQMA4GA1UEBBMHT250YXJpbzE5MDcGA1UEAxMwdGxzLnNlY2cub3JnIEVD\n" +"QyBzZWNwMjU2cjEgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQswCQYDVQQGEwJDQTBZ\n" +"MBMGByqGSM49AgEGCCqGSM49AwEHA0IABB2oofFVa6akTK6hpaJLs+6skdhn0sQp\n" +"uJwVwG99T0VZY8v7q6NMIWrpYQFmOxQyVVNlxWWyr2cLYJTyqx/zuDejIzAhMA4G\n" +"A1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAkGByqGSM49BAEDRwAwRAIg\n" +"W2KAhfAKWFoh47A7muk8K10cGqOKRtb9lCgdOltj19oCIG+ZJQv5m+RnL4X2Ti0y\n" +"ZJzOOuzBQVGiUFwZdn1dLv4X\n" +"-----END CERTIFICATE-----\n", + NULL +}; + +static const char *verisign_com_chain_g5[] = { + /* chain[0] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIFXjCCBEagAwIBAgIQHYWDpKNVUzEFx4Pq8yjxbTANBgkqhkiG9w0BAQUFADCB\n" + "tTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n" + "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMm\n" + "VmVyaVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwHhcNMTQwMjI3\n" + "MDAwMDAwWhcNMTUwMjI4MjM1OTU5WjBnMQswCQYDVQQGEwJVUzETMBEGA1UECBMK\n" + "V2FzaGluZ3RvbjEQMA4GA1UEBxQHU2VhdHRsZTEYMBYGA1UEChQPQW1hem9uLmNv\n" + "bSBJbmMuMRcwFQYDVQQDFA53d3cuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEB\n" + "BQADggEPADCCAQoCggEBAJdfieOPrf4Arf1Iled/ii97407ZnjpaB5xxm49Q4Pz3\n" + "+5xmD0LYre7Cjn1A7W3ZlHki5zFVZpW9Jb/3PfSEDY5slyjkLD2jdl2gVefSthSZ\n" + "tYxb5eYv79tIEN0U9AZ8/VaGwUokl8n1MitcECxNLMe4LqoVmS29nXITTTzX5t3I\n" + "4dUeMBDNI+xgVpJSpxwzA+/L+wxoj5Sb4YJ/Y+iUknCkjX6PpaZMRWBEE0dqvG02\n" + "qlxXesAV0nmKYvjbtqAyoW6vgjP85h6gJEESIqTTZy1HOgFpO8XT05CpGDcjhP1s\n" + "TvXF7Vx1aj+xDidGLLW188G35oFKIhEyHQV2V7vzRAUCAwEAAaOCAbUwggGxMFAG\n" + "A1UdEQRJMEeCEXVlZGF0YS5hbWF6b24uY29tggphbWF6b24uY29tgghhbXpuLmNv\n" + "bYIMd3d3LmFtem4uY29tgg53d3cuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1Ud\n" + "DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0g\n" + "BDwwOjA4BgpghkgBhvhFAQc2MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZl\n" + "cmlzaWduLmNvbS9jcHMwHwYDVR0jBBgwFoAUDURcFlNEwYJ+HSCrJfQBY9i+eaUw\n" + "RQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL1NWUlNlY3VyZS1HMy1jcmwudmVyaXNp\n" + "Z24uY29tL1NWUlNlY3VyZUczLmNybDB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUH\n" + "MAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTBABggrBgEFBQcwAoY0aHR0cDov\n" + "L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN\n" + "BgkqhkiG9w0BAQUFAAOCAQEAOeZfjkI0yR/nutCMHp5/uB/evkB8qIYxh1KKbhPB\n" + "TmpykmJxiLKrBBcBBu9kW5lMbNPSNclE4sCyN0dxCJHwPm7ubNUxsmDSTPTJOx0M\n" + "zl0WZVaZ7eX3nw1kj8jSoK0f5n87RzKK85MwBFsEn73Z2pDvxTcd72BE0T1UJLcU\n" + "2A5uHAJyvm2QpOWBIRKlJHIHCcu5xjj5yLnGO9id0cjOjEgj9f1Mo4hzawL5vQfk\n" + "o/xFxAsA70bk2trv54kgLvhmAW+B6OpN3Z/xB4mWNOw3G8bg/u+pCLvd8KRO5V8K\n" + "TlgO1NTaOgYC6OAF3USNMhuNZh6h5tWA3mA8rFr8ZsayhA==\n" + "-----END CERTIFICATE-----\n", + /* chain[1] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIF7DCCBNSgAwIBAgIQbsx6pacDIAm4zrz06VLUkTANBgkqhkiG9w0BAQUFADCB\n" + "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" + "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" + "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" + "aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtTEL\n" + "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n" + "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg\n" + "aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEvMC0GA1UEAxMmVmVy\n" + "aVNpZ24gQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzMwggEiMA0GCSqGSIb3\n" + "DQEBAQUAA4IBDwAwggEKAoIBAQCxh4QfwgxF9byrJZenraI+nLr2wTm4i8rCrFbG\n" + "5btljkRPTc5v7QlK1K9OEJxoiy6Ve4mbE8riNDTB81vzSXtig0iBdNGIeGwCU/m8\n" + "f0MmV1gzgzszChew0E6RJK2GfWQS3HRKNKEdCuqWHQsV/KNLO85jiND4LQyUhhDK\n" + "tpo9yus3nABINYYpUHjoRWPNGUFP9ZXse5jUxHGzUL4os4+guVOc9cosI6n9FAbo\n" + "GLSa6Dxugf3kzTU2s1HTaewSulZub5tXxYsU5w7HnO1KVGrJTcW/EbGuHGeBy0RV\n" + "M5l/JJs/U0V/hhrzPPptf4H1uErT9YU3HLWm0AnkGHs4TvoPAgMBAAGjggHfMIIB\n" + "2zA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlz\n" + "aWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcwZQYLYIZIAYb4\n" + "RQEHFwMwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nw\n" + "czAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQG\n" + "A1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMtZzUu\n" + "Y3JsMA4GA1UdDwEB/wQEAwIBBjBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglp\n" + "bWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNo\n" + "dHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjAoBgNVHREEITAfpB0w\n" + "GzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItNjAdBgNVHQ4EFgQUDURcFlNEwYJ+\n" + "HSCrJfQBY9i+eaUwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJ\n" + "KoZIhvcNAQEFBQADggEBAAyDJO/dwwzZWJz+NrbrioBL0aP3nfPMU++CnqOh5pfB\n" + "WJ11bOAdG0z60cEtBcDqbrIicFXZIDNAMwfCZYP6j0M3m+oOmmxw7vacgDvZN/R6\n" + "bezQGH1JSsqZxxkoor7YdyT3hSaGbYcFQEFn0Sc67dxIHSLNCwuLvPSxe/20majp\n" + "dirhGi2HbnTTiN0eIsbfFrYrghQKlFzyUOyvzv9iNw2tZdMGQVPtAhTItVgooazg\n" + "W+yzf5VK+wPIrSbb5mZ4EkrZn0L74ZjmQoObj49nJOhhGbXdzbULJgWOw27EyHW4\n" + "Rs/iGAZeqa6ogZpHFt4MKGwlJ7net4RYxh84HqTEy2Y=\n" + "-----END CERTIFICATE-----\n", + /* chain[2] */ + "-----BEGIN CERTIFICATE-----\n" + "MIIExjCCBC+gAwIBAgIQNZcxh/OHOgcyfs5YDJt+2jANBgkqhkiG9w0BAQUFADBf\n" + "MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n" + "LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n" + "HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n" + "FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n" + "dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n" + "ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n" + "IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n" + "MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n" + "RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n" + "ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n" + "TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n" + "Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n" + "iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n" + "AAGjggGRMIIBjTAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n" + "dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9\n" + "BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy\n" + "aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwNAYD\n" + "VR0lBC0wKwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBBggrBgEFBQcDAQYIKwYBBQUH\n" + "AwIwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUr\n" + "DgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNp\n" + "Z24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhho\n" + "dHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEADyWuSO0b\n" + "M4VMDLXC1/5N1oMoTEFlYAALd0hxgv5/21oOIMzS6ke8ZEJhRDR0MIGBJopK90Rd\n" + "fjSAqLiD4gnXbSPdie0oCL1jWhFXCMSe2uJoKK/dUDzsgiHYAMJVRFBwQa2DF3m6\n" + "CPMr3u00HUSe0gST9MsFFy0JLS1j7/YmC3s=\n" + "-----END CERTIFICATE-----\n", + NULL, + /* chain[4] - alt CA */ + "-----BEGIN CERTIFICATE-----\n" + "MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB\n" + "yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n" + "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n" + "U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n" + "ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n" + "aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL\n" + "MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW\n" + "ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln\n" + "biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp\n" + "U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y\n" + "aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1\n" + "nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex\n" + "t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz\n" + "SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG\n" + "BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+\n" + "rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/\n" + "NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E\n" + "BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH\n" + "BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy\n" + "aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv\n" + "MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE\n" + "p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y\n" + "5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK\n" + "WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ\n" + "4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N\n" + "hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* TLS feature extension chains */ + +/* intermediate has no TLS feature extension */ +static const char *tls_feat_inter_no_ext[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEPzCCAqegAwIBAgIMV2qxjR6UmcYfmTkvMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTYwNjIyMTU0MTAxWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEAvRR62ekBwabwe49K5Yhj4EGFVapmZvQbZy/lh+OIDjysGRbqDEOk02lh5gvU\n" + "8LByMvLu2/3adrpnmU0wRlw0wF63efyzFQgEvHew5dTEOXXksxLtcNQUz4CgdUmt\n" + "ckpp3w1kO7zaK9glGLKWG9QstgJIPv0ggoeFBaPPKPbhTIqdDDdWLEXzFwboOLYL\n" + "QdaVWtSgGPQnVvDdGaKhpkvZndzF1pwRCu0szt7jktW31kOJq3sCNjt5AwjkGjKV\n" + "n4rNSz9PfxQ6npzt+fQ4w6VTJyqGZQjopxPkFkXieCL8ls6XqDJeqFXENpdpRgmb\n" + "hWiCWBhHxSon2yUefjcV7w1b3r/r5B9P111GfpIaaFkzlF2HG1qDadCwD9A5Egjb\n" + "KWoxyzVsYcnu+ODP/zJ3DHUq/tWby8B5ZQ0HtuvHoMJ+/S6vEA3QKKwU8kr+QX7S\n" + "tmrAo9mWgHlkinLEqfuYApmSlYoSEEG0l+p/sSnvwq8N7doxRbcvhUng/Uiq1OIp\n" + "FprBAgMBAAGjgZQwgZEwGgYIKwYBBQUHARgEDjAMAgEFAgEGAgEHAgEIMAwGA1Ud\n" + "EwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAw\n" + "HQYDVR0OBBYEFBJiXEt+XVJWrIPFtet3wyFI/OE5MB8GA1UdIwQYMBaAFJRCUeHF\n" + "92wGbuofUbyXXlm2fqzgMA0GCSqGSIb3DQEBCwUAA4IBgQC1HZ3QO4OCMgVFUVFT\n" + "+lLArzr1ZNqYxbYLDW8j77YYv4HNe822DtoH118yEpXmOsUvJbAZrEqaLpfRUDI6\n" + "wTd/755sm7mqP0bpG3J5x+WdE00iTQW9mChQ5NGNqqB1eXwn+dEtEvsSDOtVMuxd\n" + "0jbiR6YQINFsCCUdLJ3uFfwj23084BBC2RqBb3JEU6VaD5CZfTo6q/kn6ZjE057e\n" + "kIoVqhLDTZvuHQTj2LpNiEcVd1z9mjy3AWuvN38NLUQZJb75Rnpd8GQG6lFQW/Qq\n" + "ykbzt3OF1tX5SWCUux1yYXA5ng4X85kWArkOjJL6IOKlVAK96fN4v2uymDI5D+p+\n" + "ynbyhescPkmbdNG5cJCxu2gArEBcfbxkTqQpOgAhNq5P2Bphd+40HTFa/x3O3uDs\n" + "PCPlf4tpGBJ2hXWnRheHIqyGX0hanekb1fSN2aMdat5V4w9bAx0oSd3pohmysuf8\n" + "uboqRVcJ1itfSb/uJyTt6l+6VpDKw4M3sg9GQqx2jiLBU4k=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIID/zCCAmegAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyMjE1NDEwMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2vvT8gYwa/7P0JSC\n" + "fDk7nliapNHj5yFDuf3zj8Pqm1et+CbFeoF6r46cb5+xWa9IBdiZzQMgf7ehrNyB\n" + "98s8ynYf0pR3uW8J1hEKc06alJwlZwxYywRU+83ROB2Es6rkGKUhjCVdi7p6ddlu\n" + "IfjbQe2vZgb8b1Naa9pjs2/jLhbnlkaZSdMKHIcc9+vFS/99pQvCJR0gDiMNaYTm\n" + "p+tiZ81t5XFhSjD75z0S2NNBLwA4IIG/i17UoecatYzjDOt+B9hH/1oB+O10Orhk\n" + "B1ktekP89wFq89tc7tGx885lzcv6WlQqt75KxZfgZyxWfhrWB8G/atelzZg+7nQe\n" + "NYqhgYz+9fiOkoc/93jLoWssQPOTDzCFZ96qHCKrrs/P3WNLirXDR9Q+cAoxhDW0\n" + "V3p8Ar9WaJimx7+oeG0rxmX4Zp5awa5x6EJEBBpCmje8xPuFRuLZsU+W7M4nNMSu\n" + "9vS4V2fb0Tx68wz5v3n3ifMHKk3Xtdt60IJT8/blKhghFi4HAgMBAAGjZDBiMA8G\n" + "A1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUlEJR4cX3\n" + "bAZu6h9RvJdeWbZ+rOAwHwYDVR0jBBgwFoAUwsbfrUyVADCii3gYFBMkBr4eMo8w\n" + "DQYJKoZIhvcNAQELBQADggGBAIHldlbqpj1me0d2oHtvmLeqeiWV/RRPGRnNJQc5\n" + "Iz7R9K+K3P2Mk9pHSNnTx1ewT6dvv5luZK8rSTHW1wf829iXHR1O7ivkGC/wUldc\n" + "LCFDs8s+n9RW7jrE6Cp20cE7HQruBn4gk4JdRUTwkq/fwmwhdMsZId+79wRr0otj\n" + "L+n3Vu/0DtGuXHlQvzppihmCkILWS3Uy9iKq205s/2zPO595aA0n49y40pyPdsNr\n" + "BhDsMf5xmZjVerzurL9S/YHTPmCvNCsX0RwCRQvVFicwyngD4dUW57gGkeUrSmaL\n" + "zwP+s6YdWYs1itByL7afDULcOwIs84GZ6BBWwN65FBBZTgIjuDwcVFMMt5VGwiOl\n" + "4G11HAkDOPxlmgzReHw4M4/ynR1/NWEAdMksQqgjj5aUhfZBF9pgO2L9CFzFz/sY\n" + "uY59mki+wuMYh15j/MQnSnGrd4peA3duikH1mpwuBzehIqh51kfGYsjpajy9qNtB\n" + "Z4CohSJdLVYUHrq/QIYscunEmg==\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIID+jCCAmKgAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyMjE1NDEwMVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAk5rI3effp+0REqgO\n" + "Vhzb0LoqWBikxW87r3vKHssDA7ZuhuPoVj/tnhYVtTPYN4a6OAsl2UQc82nplKS7\n" + "m8zsIiAc+SX5leMFJ0WKIZER1MJIr7mK3/iSxFLMoJ57n048beIKJCzEAzMyS/+i\n" + "RFGq5VsDC2O8hPCrE9Ncen6WzR0mmcmFqhtYd+F2jgvGaNqyv27SrVjI2qIAISSQ\n" + "8z00k0dwgW7eAs8BYOXzZLKlKMVFRGRWoIlOWBmDpqreZIcid0K4N5Ga4b+owU1t\n" + "bw9F4q3wPvFqFX7MZK+dpARwNT/jo5ylxYAjz9k1elfCkdf+RqDmFcXEXRDVBIEI\n" + "IHGJoeiMBMcYY6vpvs1H9Yeo929GFQtPW+yKMM5EvpSoJII/NgoBy4hXxnRvZD6E\n" + "K1Yo3EfxM2P3CCCUd+Pqq0xmlNODpMcUYmjWRzboK5BmbM9fLoG/POpNm9lUf4Nd\n" + "C2mCsEvyjmZ9JiETtaiI2FE8SmsGhDyjGOkg5/EnKnOhSis5AgMBAAGjXzBdMBoG\n" + "CCsGAQUFBwEYBA4wDAIBBQIBBgIBBwIBCDAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" + "DwEB/wQFAwMHBgAwHQYDVR0OBBYEFMLG361MlQAwoot4GBQTJAa+HjKPMA0GCSqG\n" + "SIb3DQEBCwUAA4IBgQAJHqCuEWfHglPs6HMaQB/n+SpXGdX6ql3Hw0PjfVwneZaa\n" + "C/DVVyeCoYn7V1WjGm1PvoDfn5edkMdB8JbfcnSjIG/TCJMnQ3ST9rIT35TEz7yO\n" + "ptTNRaMkLEJVyScS+ifGvOwIe4T/mERnC6qyskrdOFQVAY2KnYH20cF1sRn7tnnk\n" + "OJ0uSvzCHghdPIYpQMbGHRKIrFYyLmmbZO02uTnuS5AI0h5R94FBQXtLfVIvBKBW\n" + "LmLi3A7s0YITOqv3I8nBZNKgQj2aXHGqI7lN8cGDjeHgo5L5Yf0qKTmP+KkauujT\n" + "4mHc69fmdv4cwKQjoz5rYWW6FwPGGyIE97bKNC52K35G/4M6V40bu3PCLx4kyE5e\n" + "WtJvoYQox2J/Ht6gwNIfoGHBbHM99rRxYbbxaSkPSdiRUq8TdZ2W4ZJf02Fzbmhe\n" + "639r3BNCZuYn1Orut5hEe+h5ABbuQYW8ruD55LgNEUMqhvmfxQjabxB4vh1XGyXL\n" + "zQ778SGDR2hiRF1W4+c=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* end certificate has no extension */ +static const char *tls_feat_no_ext[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEITCCAomgAwIBAgIMV2qzJyxXCwS84av4MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTYwNjIyMTU0NzUxWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEAxAcB54ZehtTEHjz/HaU0lhN/vs5VbUmF//rkkpUx7ApPvJBzHaD4DnALE+8A\n" + "6G3TDzlwDR7dJw9PPZAbrIs8EsW+W09raL+mp6t2klfCVRJimZCa+4k/vVPqzyZr\n" + "SOiUYFqhE7q2RfPDzkzJGxj7SEr+7Y7+TaE233lAb0sIZqayq+KUjnYw03nGGHqF\n" + "qg9fqdrdHild/uW8VhHovpoeYJU381Vv0w71s7Oeq6touq0Qgw7GlX94TctcXUvP\n" + "wq4VXXToy2s1kr9w9tcvMuXrX360WebhujY22Mkkp98KL8gYrK3N1PJ5adGESYIb\n" + "XPYROZClmp+nL88rM5xV58CZ2VWkqZkzOSrwIaQ/X5EHq7Cj4oXpM5eq9398JB3H\n" + "dw7fg0ODyaj0AZXuyg1OK5qbh0KXAUwmpSbSEYqOXJEhO8CSaOC1bMIXLW5s6axv\n" + "7tkNuH6LHvS7GInZYEKiOlgBRlNH37D4A0JqcSGO3itNVlZb2WqS0zwl+80UwraX\n" + "9dzhAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0\n" + "MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFGcXQmzK5g6/NC//Mwc6qN9/jPrD\n" + "MB8GA1UdIwQYMBaAFDnIakD2t4t0UWvGolQEkhIYF9mdMA0GCSqGSIb3DQEBCwUA\n" + "A4IBgQB+G/D477nbbY/gxRznLbFi7xMC0arwpuYdWa8BvkPwSACSlJI1heCnDPZk\n" + "S4jt6SPcSzZzrKtALUxS0MoEAOL9p6pXI9cJRKGmnC5clrtw5rHWqAe2DfvzJCsP\n" + "yAHcY2g3jnC01knLYy1G0y7phxXAlqiN9MofQuE5j5919wYvPrYfbG+DwKQgbC9l\n" + "FhTBs7FwSD6hnzd2JK5ldXnAA14Ekh0NLa3fLgd/THiihRIil4VTISYdgwpUfcH1\n" + "mo+HO6Fc1l7U8HKlzRLoF7BtM/AOLYWLMtf3RiHkoIz1eLK9SPrGxANc/zKDksRy\n" + "QpZxQj1n3a9m4JRJnbnAxcRGQzB4oe6BroFG3pJH9KhyNaSehDob3ckebt8w/W1Z\n" + "WqWmPr8lLPO9y2DNYqfuSqMNd9gdUzGc6PB10yyBDnviLjY6JioUxKR5y1FcuvQ3\n" + "CufS1HyfbF9ITW8peLXryMFen+VwQgtoP5aHISLOMh2+DLEpe6+MHo8HOpELFGsW\n" + "z/CW3fw=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEHDCCAoSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyMjE1NDc1MVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAoJ/AHuj/w4qJQqWh\n" + "WGIcYCGz/Kshs0/zqWHvOfuJZk9rN9laZ13LKSf8uh79jydrGmEyzPWSVsjXDWBy\n" + "EdPplNsc9PWx9vOfwsusYOypLWztJF9sMc/fpEMNT7qZTs2XFfAjkMek9U39d5Dc\n" + "X8isUGmK5QyjstuSQ9lRR0usonv6tF2g356oW6C7D6vFI03/1gj7MljT4pmeiavz\n" + "BkP5ztNYso1De35Z9c8pQoHkxbPySMBVvDPzEirz28cgF8CJgx3PmXsHMHkfhBwV\n" + "3HsptSryU3FICTlxmwUBEDm6BecDWtJJrP/GP2xHtbQnfQEVg2uOIKgdIO7Ibr5G\n" + "zlDJu5dO6NBKSRzjc+w1y20FkVPnocYOvYuV2a1HKOA5d5YnhLvSY7iU3ArNwk4a\n" + "FHKQNGRmEF4uN6lTYEYwTM46Zib0skVHu/oUlERW/bho43/0b/MzVphiMa0UmMZ3\n" + "fdOYmvgNrJCWd2Sa3XzSWaWXuRey3L8Pa6QQSv9TQk6tGVjPAgMBAAGjgYAwfjAa\n" + "BggrBgEFBQcBGAQOMAwCAQUCAQYCAQcCAQgwDwYDVR0TAQH/BAUwAwEB/zAPBgNV\n" + "HQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQ5yGpA9reLdFFrxqJUBJISGBfZnTAfBgNV\n" + "HSMEGDAWgBRbRGd/MX25P8RaPZb9sBLHfi4hQDANBgkqhkiG9w0BAQsFAAOCAYEA\n" + "srvZMaXdDvUx7jmlVp0VsH1ftHJyvcfU3tv98pPQPRWN/yeBgxKP7aSYmUevKAk+\n" + "bWig7aXfjt/JEEJkbxoOeNtSpJnsosaQpRnzGqRe0YDfvaiolXf/GjGpbaUX21qW\n" + "WYW4ND3jE+x38xYYK2LIvmbga0q+D8gIVIXmFJfuPkzeliH72FjgMDXgJ3jHUhCb\n" + "7ngpToboxWJPNuNBbSCXt2IZgvEimvUCQo5kSGdqVwkUq7KCWuDdE/RtUuQhhruY\n" + "eNWkIE/H5koJOi+UnxpDI2jrFchAMgH4x88bmfSaUxvEtSKrL/b/aDuuRfrURMP8\n" + "y8rYCEFigO3e1Y5JF651nw0R5FcdijvD/8nWzP+BBmt+OMY5lQ1Fcmrtiv/YLKlF\n" + "Ofj2k5rZo+9cjx9xlit2xOOQqPdnNyw4BgkG4rDPzTPiJr5ExBJB7roGKKSmxcJk\n" + "7goFMr3qx2qiACZCcqIGY2NBCEeGh9y4KySXGI2WO0NLD530+lJb74C9lCukSDrx\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIID+jCCAmKgAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyMjE1NDc1MFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA3OI4hcWn3Sbs4RaA\n" + "VB6N9KHBNExW1d7c51Plx7pbwUGFfCR2gmRTvIOOVyN4K6l+fx7ZIwSLDQuETR2t\n" + "ETL2rA4qANIKdoVIDkoQci1tdR9HWYE9o4y1pMhLWO19ZSR525BzAH59ToAC6OKP\n" + "w3m36hdYd2QaVA6uDknVQBmLwhE8sq+ufTtOjcClnfdfNb2NIGpao77/UQvhKrOF\n" + "pfvMLaEhlTF365N4aulP5ln7FmSaUHHwQY52TT8hz3x29r4pZKXqV2VnP1rkXUCr\n" + "ifzd9r57FxkHxpsWq9eXXtFGJmHKmCFP0MHanHNIEpoWbsA1h3C6/ml6FjxfOSDc\n" + "CagADxW3L+iGUMFXOYAWFTtZZQK/QHw7AcWyLZZQyF6OkttzCLsMBXQ5MOEPsMbY\n" + "JEONdcr2MjZxeYesaL2fO1SQJrfRJgeOWO4RtBDiVSHKrjBwtKiF7B0fZah2k0jN\n" + "oxjhxkqyWraoYMHuAXYsi05U2Lz89JhL6YKflM2isFOBirRNAgMBAAGjXzBdMBoG\n" + "CCsGAQUFBwEYBA4wDAIBBQIBBgIBBwIBCDAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" + "DwEB/wQFAwMHBgAwHQYDVR0OBBYEFFtEZ38xfbk/xFo9lv2wEsd+LiFAMA0GCSqG\n" + "SIb3DQEBCwUAA4IBgQBpYKqR4iZnt6Igx/kNDhCE+QDMJjCEe4gp1kZjwatK+9Ke\n" + "Qpeakq46KkiPrWICsfpqesfLRFMIuF/5M/Rq4wV5ilAX4PQUnUC7di7ehZKZBECW\n" + "nZ9xzFRY8xZj1K0Em/Re2vAzipuo1UaBhCfAFz82axyLBSr4qACBGjrOXBAeCkzf\n" + "SfYhi470oKA7AmD6HIVJB1s6kIqpLJGvsFo8mUWhjyYQ++aTRWyL1NvDieGuYIAg\n" + "1fpUqVRX8YBEkh97QtG7RU8esb0NKhsT0c5NGi8ETAE+gleJJEw92vl1sU7/lYCd\n" + "sg9F5zeByMphomTENX7AyAm5eSal+BYgiSMuPKRzG9Y1iFzpCP20fcCfQAExPLx4\n" + "WLILYo6wMuVL4ivz2H/dhwmMKLbccpkI+OI7MTrSHrWRpG2QZvkONCV87ePC5yQ9\n" + "N6YgtFdHVccxoAN1WQp2kUfduN13p1L/xVubudG9sF33hzF8hkaBCecs6qExfZDY\n" + "o0JpbiaXRk7Uo3Wm9IU=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + + +/* Intermediate has a subset of the CA's list */ +static const char *tls_feat_inter_subset_fail[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEPzCCAqegAwIBAgIMV2qzzBH0Lg+EVI9YMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTYwNjIyMTU1MDM2WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEAv4MqFiAHJqcSstTIdr/C0bD5EWO8Zu3dcmLtFykb0/AjgBAUj942otkhQv4W\n" + "Wd5Qq5inBoUE8vgek6zShDws7Q5UiiW853vDwXBVvZwNc/4D1VpvOn7pMX/ILjQ2\n" + "zcTIntInWmw+yGWDwYwA1C2aMNzFSTxFVhXYqgdzbf4EbpsFNlF0qKL3qeDlKGd1\n" + "RKBopWg3D/+S8pv0glbLWIkgkNDwBNN0QwEeUsOgP2ice0yNmM+tZI8xNnQJ8Xrk\n" + "GbLznXmGQW4mYoDYyFUG6yPi2ZAjwLuj6eY83q1Qv3RBatASKrxo10SfZiLDoiul\n" + "0yhL6b33kFxkVAmefZKTCidKZG0tYronvadwy+wu2jNlZ85npT5qNbH1A4R5ooEK\n" + "cWPc+AFXezHYp4k3OYboT0FyZOMM5bfo4prRjV6+OwXFzWaXpZR6WhjQgKgN/SeY\n" + "jop7QJE16Umd/Wd0s7q0rpUFUfPxaAV1/EFIT8BvRxAseLYzHkHiNFODkicVAMxM\n" + "E26FAgMBAAGjgZQwgZEwGgYIKwYBBQUHARgEDjAMAgEFAgEGAgEHAgEIMAwGA1Ud\n" + "EwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAw\n" + "HQYDVR0OBBYEFE37gAQSIYi41ewmh+rDfLM4y4smMB8GA1UdIwQYMBaAFJrg4B8X\n" + "tXcN8n7yyTZ6kKCWkYK5MA0GCSqGSIb3DQEBCwUAA4IBgQCSE4ClejSjGLyhWwMS\n" + "SDTihndqC3eNygAbYVFe0Xp1B7wzjDJsAvAMQvdCUheIryIcNIm8IiMOp2tM0M/U\n" + "Iy9AY9+VWcRXxpqQwURBGXM9/ly1Gr48SlhHUK7fg6/2GLdloM21Cvqmmo+eCnRB\n" + "WAhdFr33ADKexqop4GJVY+bVNSDSaknwUx3Xoa5NpOHihYMbA524UEyBIG5msuY+\n" + "KKMZjfm7dNYIjH12D5HzSwdwrQWvlmkbLBAgAtlOrOfOAs9hmxTaQDKkAEBIbdCI\n" + "OYUT5GAsNXaOlcb8ImvP7OQfRln0MoS+6yXiYkJ5IfcDotmZkq+Jc6VvPVnbh+EN\n" + "nnlQxaOYVSo4Bl8UjwdRjuCfPEVFcr7pmRlij8duxoXD6PJ3B30ONEPrqTp6NCPi\n" + "VL7bbkvsWGMLrtBWJHH5cGzBmHdm5TWSi8/5YMOFzwEAouwjQ1ux+2LhUWBpFikT\n" + "8SSHjIY97PZZn8mwiZECt7TfiTuj0x4R1cOKpyt6ey2KPvs=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEFTCCAn2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyMjE1NTAzNVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvIcLRN8LHydTAhOA\n" + "akrJ3w6CB9wN07XpVHbv4VFgfHuNGBS2ZRkdEg6/LsSZAeZ0doQMJUzSvcNyp/+e\n" + "CPHfSMWuZX+C9mE9oCzEl+5bjrjphXp1AUutQ9I9zcI8TAQmFKQjC4lm0tj5tQp2\n" + "ApClJbgLCnP6/5vb2y6GypMZnGeG+/4kC/zOoOef1zCSoeeqoiH3bbdW9xZhO6W2\n" + "aYGiC8vP9M0e5rnMTiZ8cPVsWWgzumgZRpvfwWb5yjVqZ/wMe8uvwiU2Db/iDmKi\n" + "HN2VctR+qAI8+Tw6Ax1nA4P9fSFP+wDZ2gwY2cCtM4/o5KyfK5KBfYtYcVa1vLd0\n" + "wYg9Vf91uMdXoYfdCbQy/auGcTSiV0lf3HtnJvh2DJPkYt+CwKzrpbK3sYs3Z/81\n" + "8LoDRwkKB1F5XDl0TIxyXxTgvCgx0u2nP1dQCUseNhG5ZUL3699McbgV36+Tgv5o\n" + "3xenBhq3dgV456HZZo12mx4HBbjiKhq2XDRDcMjT1grEBV4/AgMBAAGjejB4MBQG\n" + "CCsGAQUFBwEYBAgwBgIBBQIBBjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQF\n" + "AwMHBAAwHQYDVR0OBBYEFJrg4B8XtXcN8n7yyTZ6kKCWkYK5MB8GA1UdIwQYMBaA\n" + "FHv4+czgWyHRnQHCkDoag3Q4SGZ9MA0GCSqGSIb3DQEBCwUAA4IBgQAFwVvLQaQl\n" + "tshFLPAKTq71sdS/8pANVUqV3D6ypmeOFqr9X4p9joZl4WDDhTgVIBi4AP7PJEYC\n" + "KO3Hh1h+zsGDj9jZKr7Np/IjIA9/Bqzd1Yw8DHLsHCZ+Jb49kQNnXm3azbwpGp8j\n" + "jbyE1PNCca3cccXvoPlD/P+PMxxz9OORsln09kpIFTZMrO82KeQF+rUyGDKzVnjL\n" + "2z8tq6pKLl6fDzDP7x0bwAMyFmWjheb2Q0SvMYrXgspP9oFmpYRdvxUcMmYkyvNA\n" + "Zcfjh4tkLvmTSnI0mfy7GiekWaeKOLsS+7PTq+A4oirQ0bQo0hS5RHhXYUGoI5ZD\n" + "b6/SvS5xoiw2L7VRuzd77kxH3YkczPEKv3Hgi14YxLF5UCbCxjSi6Dg6HxphM/KU\n" + "baKV+jnSNK9PF6dCvv7U+Qm4DHZxUBplUVaVCLZizW8HT52I9eVN5Xjt1cWRIDHl\n" + "n9F7dMY0np7Q6s9+nemgt5+i1JdDixTpC0cHZraUWHqkY7Bzczl+Kyw=\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIID+jCCAmKgAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyMjE1NTAzNVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA5iScbMCdDf26x3JQ\n" + "uv3U7vkj+nP1YGRQ+RS/Z0C8sdnC00SqK0jRBRk+//12DLWlLIWaFpoLPSd5cFXM\n" + "AGukWaUiex6hYsIvs+Q2ocdckI2R8LbBOhH5pwFnMQ8lLFNHFXMjAvOaQV1oj/PY\n" + "4nbwRRs2pY12jPz8HMyYIIS0VM4wA1/jg9WhdNRVBe5+ZvCVPDhzRuOLiikZVrEZ\n" + "kKdpPugQNBqt2U2LO8sYjr9lmsG2u+mmjJJNrc6p9fOds4B3vPLq8W2dfaYS4GEc\n" + "qkEuKhdqeP41uEUAbj1jSUZh16tyu75dHIpJcI6ZscNP8zyZ+CP/8jxfRl1G9OVu\n" + "qUvDrE+3krq+ntZmaINjf7c9sWKD+m2lx3kVMHHUlXNCH0nn1V4P3svQnlg1W3za\n" + "eEs88+pYq2VIJhNvYnP3rsCF8LgupHTdGALe47uW+7vdjrNBBmms9+hYOmvdFKfC\n" + "dbeblk08wkVkW9BkMZVJ1iJVUVfZwebwWL96NSOLJnPhA8W1AgMBAAGjXzBdMBoG\n" + "CCsGAQUFBwEYBA4wDAIBBQIBBgIBBwIBCDAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" + "DwEB/wQFAwMHBgAwHQYDVR0OBBYEFHv4+czgWyHRnQHCkDoag3Q4SGZ9MA0GCSqG\n" + "SIb3DQEBCwUAA4IBgQBLeaUX61VidXpsoa4zNZZWeqobd6chwn8mOJduQhFwc9M6\n" + "UpYTx2w9EazWbNLru+kvuvAI/D77YMF1vzhksR+yC9Rw/Ljfj3abIA71z04vYYnu\n" + "eLu3uLEXORJtxbDiY5QImp40gT/cAOcyDvGvVkcMJIKsGwoXS+DAlmQcJUWGh9Cc\n" + "hJLGYJKPoFL/f5rn4pTmupE3sDnAo7wXVLicCOqBd48NbSFF4q2y1uDke9WcpiJT\n" + "encWcZMdmDLFjVNUzPTehou7PdtGc+2+fC/c29wwTVPwrcV/UvWHbdSWdKnx+d83\n" + "op4Zk0CZwP2I3XzRP3+oxPwdWr+N4cP4Fc4sQ0DFPH0duIXI9cMBaUQ7y4q4z5AM\n" + "laK7POGUBEqPxEQAEh+5YRw/7g3/f+UT5vD9x0keFV7/NpuEkPGTZDynEV6uw1bj\n" + "Gt1QEcLQGKvBq9Fac3kf7CZXXPNws23mXkfulg0StmXGG+jasiWY5gnqAB05JxPe\n" + "CUouZrHY/Ww2QjP4vug=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + + +/* Intermediate has unrelated values to the CA's */ +static const char *tls_feat_inter_unrelated_fail[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEPzCCAqegAwIBAgIMV2q0ZAC3KVYGK9LYMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTYwNjIyMTU1MzA4WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEAoc2zmiJS0B7jfKnMPqJzK0yp24xIiM0TWFIHsEDtjA9wLmwtvclUovIQIh0H\n" + "wf7ZZt4jce9ZILc+EL9ELakRi8w8C9jDQiV/sfaGECBYh21hJoncyt1ZJXKm4909\n" + "b9BmJg5n7d4cqgaJ8ELZ957zMSJWA0oDRGje9aTigQcSvWNfkfvZNyJXFHKhkqVd\n" + "qz4aEq4FjptD9bjZ47uXYp96gCkjZgizbfhvIbLCHdHwxauCwO24Bl+JsVdMmlLJ\n" + "ps/EzRH7OU3Jyxpn0bp2ap5FvAE7wFuSQZg/QfHSzlZQuTQnDrMuU7iBGhvCDfUg\n" + "zOYISvcN9Uxp1M+a4pptJPlDyP2A5FqinIp42bgRSneBCoFKGOyHbn4JE/RK+WCB\n" + "9JNNmimurprZXVSnzw1DReRCFiwuGx3HR/pVRI5txPQItiMVTyD8cG5j6ON5tX9P\n" + "noYsZOJrj0iwGhct3E9mfUYJqguxW9eVjxEiZXmkxTjhR2BjIkedPVPwjEPKOFSh\n" + "vf1nAgMBAAGjgZQwgZEwGgYIKwYBBQUHARgEDjAMAgEFAgEGAgEHAgEIMAwGA1Ud\n" + "EwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAw\n" + "HQYDVR0OBBYEFGmo5CTySqacfiOTM1/tqLZ72vqYMB8GA1UdIwQYMBaAFLM/Oolj\n" + "mHMjh3gOiOJ3M0BRuD0jMA0GCSqGSIb3DQEBCwUAA4IBgQDaSD8K3JvGIvW+8exW\n" + "XUo4R085hppxH12+nEwqvjtTmx8Re00ihm7taDpFaNHm5/hdPDF7jRqwJlsck22S\n" + "bCHi9mSv416Ts2/KjaQlyKXQbWiO5yxCFrODcC6JFU8wy3XdtfUoRU6VUiWXuOiz\n" + "JgxpwxWmPkakSEzUpr7VvZL/UVYkiLIIuvZ2AXsHCwJY6H9Dprct/iCFYIo8w7t/\n" + "vHSmZLE6DLuES/EmXhwP/vMowummaKFWvj95E57g5nNAnFGysbH5QgXz0XlvDwC9\n" + "iLK5fSrnDG0qcuVOkEPNRyml3ecs+uYgVAtZf71sr3+20+eYUBcllPy6DrQNUA8Y\n" + "UiMAWQJxKIxnh2NP7AXbSJnb3/Gbo2SThuqihRs70+1RPOeVJjme8lNshYVjF7OR\n" + "PY8srNWTOumzpb10HIMyMI5fTGQIkvW05D2qNKGu59ZQJomaE0ZV417ZwI11uVHI\n" + "BwmpSliw959g176DBjFS6AEf7BFXImzTvuMcBzZFkXLZo54=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEGDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyMjE1NTMwN1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA+uCPJluPaCX6+PkI\n" + "EWCpsgEeMlLXdilST/x2IgWtTb6Hv5jpBTJzVzRfnVodo3d9AC4JFpv8r3fOYsnI\n" + "so9yVJzID4JAsmrFRLm8wk0KSKA7jGDT1HcNAmTSdb6GzpAJtEFZbOfFbOoOJhJR\n" + "bBYyDwLkGx1Ghugjco2tGeCz6ztpPx3vQPj0Naqib0U28rwWu6a3N+hFxeRl3pgu\n" + "NleLnkp3sizF31YCbo5A+Hmq67e3y0OIqzfn2AW7LI9L3eQUFpmGUEQz3zhpcH0S\n" + "eJ4Ft4qMjblPR+zdMHDBKLIlCHIc36cMqcj7YMKknFO13IZprMA686V7MJ4z5z0z\n" + "7IiWRCkbZ3FJw2F5lwJXViBJLq5rHH6r43qnv3i6aBYXHgiM9JtELnQnHgbcRBOX\n" + "ZjCdaVZJiNbXuWT1WbKGtnovPqmOLftVSXvTnJN5UnnHITHCz1OUUWYwxq+cDFZ9\n" + "nSHI2mJV0v1ZoUhe+qhz/qqQvZLC74YEnLFQGooFWu07y41PAgMBAAGjfTB7MBcG\n" + "CCsGAQUFBwEYBAswCQIBBAIBAwIBAjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB\n" + "/wQFAwMHBAAwHQYDVR0OBBYEFLM/OoljmHMjh3gOiOJ3M0BRuD0jMB8GA1UdIwQY\n" + "MBaAFLAH7D01maBP1WxFfYBm/vCl1mhBMA0GCSqGSIb3DQEBCwUAA4IBgQB8dBgc\n" + "zJGEEhNEe2myi2CdeajcfJpZFrJYsBaH3lvgree4qohYDz9ojEFj4SWuBe2VqI2E\n" + "EshNzJ5bOY7xEc5dZmuV9tAGUNY8dKWUFSBK7g+ReGFgGFGHP/Rvf5d/hnin5yqb\n" + "q2TdD+XH3PEnsM+FbI5W2TPTiOp1DKIf5vqgXUrNuKQbDxTMzA8rdlB6tyaAEin0\n" + "bivEFfwSQSpOvxyYvw9SHnAd67hpl9yvVv+polOsLXdA/p7wD0gqJ1GTta4VpPXb\n" + "cJSf98OSML5f0MJuHcT3VjBEoiqT4KCZo2YBr6oAgpDFWd2SVvzUB5OPiVnryWVH\n" + "o8rIFXCkRYKN37t9fVgejz07/0IEHPvp4Cdzf4LVAFIdjD7jOClXZzQvtc5tOOx4\n" + "idO1sU9NXiksUmi8KF4fPrjZb5THX5/J4oFkfKCzrL/GZumSVYzzdrWkbM936wFq\n" + "QXgvUPN/ZHICeseK/zJnlzNh7lVKU1aANnsaQgXwKp697u/VCEIQ0OBKpgY=\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIID+jCCAmKgAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyMjE1NTMwN1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvGvJCizqUP+R/Ytx\n" + "SxyW/jSWy+i2mU5DgQJbeJ6UTxFcbB7LLOgwdmEpm/g7Wv4evm73G1CIR0ujCuor\n" + "Rm8HvxnbfoHO8Czm0uOORp0UlqQ/1c03L6wDj00mdmiWGaC6ViLBvgiNhw3NUnwc\n" + "eDyo61f5ujYpnK1Wj9oFHljqkjoSneaYl4YkJtCdbTb5lgKlg6burYFDNiF5EaKK\n" + "5mzY8M9GYVwIu0t7GK8WbzrDjgH/Evqg53C/1NBnyh+qmt1FylLELNaYzq5fLiwI\n" + "bh7UylPCgRzLDlaOMknVfOP70rapIBCYH7CzUUgQhJGlmlxowZfc9PgHnw8VLaOR\n" + "dJjtSugLSXbMv3YwEiUwGWvyudHIj08DV+ul1p04hvl3pYd25yd1x2xHPg8VAEX3\n" + "ycN08Uu6D6UfpZdvs+i7VZKKSrl49MR0UIDOj2jK989OrGb4nVFD+zTzcFPJZRew\n" + "Ebf7nvwmBnu+6gbFt4QXl9ErhQrKEtJdJ+IVJgmj/HwVhseBAgMBAAGjXzBdMBoG\n" + "CCsGAQUFBwEYBA4wDAIBBQIBBgIBBwIBCDAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" + "DwEB/wQFAwMHBgAwHQYDVR0OBBYEFLAH7D01maBP1WxFfYBm/vCl1mhBMA0GCSqG\n" + "SIb3DQEBCwUAA4IBgQAqMU/vm1cK6iCUSJFvi0DpykkVAtC7vo3ZQGeaiEsSaz5U\n" + "svphDbWlHVN3EdAv7jNmt/R30bEtU5J8xmMU9JtBs2NlYl+65txAAuJUaTmL+ndk\n" + "Cr/mCKx7gnQi8mYmCmoA3FbtjHik8aufwGKCZ4arP5a3pSUEh4Hi7bydWaDEnmRi\n" + "p+ngyb9KwYiU0yvz1mF6pmYK62lHX4M5ONM2hw90DvAqMcAWzKI3oBcFgufkWNxE\n" + "jqQnx31FaQ2uhsPEfMOz1AcYy0axuuK/NxIQyLKLHLYLCF8Ybb9FJNKWYvEAmIAh\n" + "YwkzvzUfIgez04tNS6OPc2Zn+EZlXIotmK1pBddGUPEnwWCCkzIt331Sip/25Qri\n" + "2Fij6cxtVmH4EJR4c93NC89P7kcNL/TAKtRRfaPuD/XdVchH3jTmZiR0AlPD+RG9\n" + "83tWk8f3gfMWOhS3ulWYUvvw5ahhcxlXPyEIGL/LKyjcloSoPre6nOu/hMOhH4QH\n" + "YFBWeRM4C9FZEqT1a7g=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + + /* All feat extensions ok */ +static const char *tls_feat_ok[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEPzCCAqegAwIBAgIMV2q1gxhOXfKDif2GMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTYwNjIyMTU1NzU1WhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEA1ATMiShXx/9z9HzfHeTDWSOWKs1CPosoj/axIdPUk82q0Y052z3a+iDDp//s\n" + "BquPxSKt4B4fKjIWSD6gfdVhBaHB3MbHMLLZ+6qqIxezFzGclCAyPBBCPfuOPw7y\n" + "c0FMQAUXVI8r5JBe2Y7AWckNcMRu/rjJ/4UUT+I8NFG4YLZhDlDf2ZzgsuFG9ye+\n" + "IdgNynZPUeC+0RphRAyg6BnHax3F7Ti9CwIeFl5bKpmiKH3X43pqbFhQUM3gNF66\n" + "a0rtK/ljkXBvJ+7L9ACyupPxji1y+VmS0lDGZApZB23qVzM9iKxIi7LfmsJ8EwI3\n" + "hNVvWQkRJVxT6MOrZ1cKXlJ6sz994N0BfZg7oraXn2ojI8I5Dfjly0U7BMJG6kd3\n" + "RSjy1L5YuAYSbhMWgz6fUT5Jt3hoXMYTiNxJGSXEC0evh6iF7GgqXNHaMd5qh9TT\n" + "X4eyejCQNDWRQg5y5hNwFT/C18eTtjhD4/QRGDWYVn2tvhsKI/wowmQ6F+2LKhUO\n" + "u2TxAgMBAAGjgZQwgZEwGgYIKwYBBQUHARgEDjAMAgEFAgEGAgEHAgEIMAwGA1Ud\n" + "EwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAw\n" + "HQYDVR0OBBYEFJ1NcokmOpoc1vU98iCH9Qw37tavMB8GA1UdIwQYMBaAFN2L1dSv\n" + "fFt5IWg1sunSrAMiavK5MA0GCSqGSIb3DQEBCwUAA4IBgQBtzUgsge65IMTf6lB/\n" + "bJCO67OTXpaIzrFjmnPxc/u4SOg7pfbCH7Usdee4VhGBCRBkqE49Pyvu6Cf+p/MC\n" + "3jvM+wm1Q3TRYvjeXuJoaoEefwsiMUK0K7eynsuPT76jFdcxMEsWUvexScbJIOX3\n" + "I7EPF/Cvom/39Ssz46NHSkJKqdlbY1AUfTbT+fH5qP3crfYNiA8eTusWIK8iwWGE\n" + "PVln8uIiZMHuagy4y2vdEz3Ha5z+Nn9vP0dAfzULSQpVePNwwPVAv4qhd1mtv/Rc\n" + "uObCM+3o7ejUmvBn4nNCe8k57Hznztb5AGiiynmbGb03lNXHbS70MvCxilAmncqc\n" + "z/Z8x/N7uLExAEwfed4APEBPWdoQm4wuwLgrLs5mVTPHNfTcyZLOip9zE5pntlGH\n" + "0i5BWiPb/n7V7wJtG/ZWreGnJk5hh1+u7wEwnPr9MQ0suxGYrWoBb+Rm/QKv4LKE\n" + "teG7IlYYAvrfsz0vWbxb11G0ROln6UckRrXgDXfYB9PTEoY=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEHDCCAoSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyMjE1NTc1NVoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAso72loNaZh/8xNBj\n" + "xxNXRg8sc4KER9ufI/Fg+nDN4ddnI6ztuGGyUt+NdPHCSydV6mWzcTRrvYIZKwl7\n" + "H5/lUmgKpNdhiOq9tAlmEYaHeWHl5JuewVgOnpSITwqZv0K9EUoklAtnJ9CQsVqg\n" + "Om4lmGJDFIC+YnahbI4glt/I6WabsZvEuVtZKbJ6wk0avLqYHdb2w3oZBEs0+VSb\n" + "/BH8gHYitqK2YMxAJY5rWPIjYEzILOB9k6B6tqG5KLyXXiWLfOYBpxjlFA7cAz5C\n" + "R0jaQd7b9WU9GPkPExKQ7VQ8IHPDyU9awk32Kmr3pY21eAd/0LPmi8LMug8r+M5B\n" + "tsqmTwB8wkqj8PdFc1InaKRrcc7BJJj0Befa9yBj4/qsjfNtI893r3h7/WnhqAfw\n" + "trmzI3DwBHcgFhwTtEeJwXza8wZaGKWgjYd3d+M3hpqgp2DCmWP9IFlrkgITpzEJ\n" + "FEHcGwVaIM9uyyMbcTExgPeFEm2vtASJ+rOAjg9OAYPKETGbAgMBAAGjgYAwfjAa\n" + "BggrBgEFBQcBGAQOMAwCAQUCAQYCAQcCAQgwDwYDVR0TAQH/BAUwAwEB/zAPBgNV\n" + "HQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTdi9XUr3xbeSFoNbLp0qwDImryuTAfBgNV\n" + "HSMEGDAWgBQ3S2pCBcQ8ZcCsf3iECpq9I3JC3zANBgkqhkiG9w0BAQsFAAOCAYEA\n" + "klVFaDyQ9n3P9W2mb/8pWBH+PgQjllTKS3poqkNbPx88DaZMd/Pi63I4gjVoHAVa\n" + "9uShnrM4E6Z/2Va+XV2vASdV3SaKlw/nnbz7vpJrhjsrdfSgDEV/vh61MOyiQDNw\n" + "8tqutLy8nnNocj54jXVsta/hWxvvPcbGyhMEFvRLdZjCpQre4ACeZG+p/hDCZlm9\n" + "MAx3EWVjOAkxOwR6CGcg39Q8HcJZbFd8XjJK9Y1z+ALKTSmeZ5ppPTEeHIjOJOtq\n" + "w9S0I3+wroV2wVK3+tbzCdJopdMwivYfVH/XCVq9HniJFqtBVwXi1gUqjpbL+AQT\n" + "weB1mF1bwQNpS9fk5UJOOZ2bNaJ81l+eEgSM9X2g6rEoe6z5BynNGp4cpnHrUP3O\n" + "HPFd6O6/u/nGeYuHOZxPu0BJz8RnBH/8oyc4+6I5PVx8hfCB57EVtW2yrlDcFWt7\n" + "QCycdysz5mds93rlsTnCUTpzule4Qiwsq8HIcdN9JIuDa1G9q4Jc5C3/Rz7C2eRd\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIID+jCCAmKgAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyMjE1NTc1NFoYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2I0BfGo6rT8j5EN5\n" + "EI6lXlmkczZKU7NcoQUbmi1Dss5f54TIzrSGQ4w0Qi2HEo00HPX2NaXz2K3bC+ZC\n" + "q1MYMnEi6CBNhsD8FS1RocP60kM6dziH6mdHHhmWZvNZocup6SMzNkLPSQSo07H+\n" + "/24YJTEhN56uWfGAf/7gmFGAhiZJLAzS0uyWimoQk0p4GMroLN9oavgpVOgpTbFO\n" + "eCA8ruFq8kO/dKlnVgq/I+Y4ObQWsaF6cyoX7OCXSXXF0ebNCNQnHzKIekGKH3zU\n" + "z9aVFxlPBNlin2xZsM4Bs3xhJay7VimxZfXFgIFr5anGyIZp1hlC6ppJKiRGDErP\n" + "lCzHATCSy9xrUxZ66b7IEwq3vjaPc86nXBVLNRDeGAkzaORLEu1MenOF9FTFVUcl\n" + "h8cd1jNqPFLwkM0CZEFbxelSWzILBJjRJykJwydcye9HK866gRCNAraKQ4gC8Umd\n" + "RvtejTtQ9oyvn6sDe9G3hdYZ/6M7dpxPvDM6+X6CacDtM+8DAgMBAAGjXzBdMBoG\n" + "CCsGAQUFBwEYBA4wDAIBBQIBBgIBBwIBCDAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" + "DwEB/wQFAwMHBgAwHQYDVR0OBBYEFDdLakIFxDxlwKx/eIQKmr0jckLfMA0GCSqG\n" + "SIb3DQEBCwUAA4IBgQANnHNp2P4GcvZz4KKxkKzcvCxUEwT4Wy2DS3GgMy9C3dMR\n" + "UGy/gpJ2HqepB8xr2NWP6MuB4gGzA37LflvEAz7/MFMinP5mTbpP+G8yuRh2H+vD\n" + "reRf9LnUvwwnjN1H1+YBoSOdOQNzfrChRo24jjsnQ2PyXz1RYRQ0wVdaMFX32pYq\n" + "k36zhD+XV8zaj9zXkFkT/WValxzbZkGJVcDrl/4KIcTAi5lq5VdlAp2E3CN2sua4\n" + "I5HRjZAarefMRxcddX8PPVI1ZNEwrB2jM1uOwrodjhbYbfLPrkOsCQTQh6ETDEYi\n" + "3Y9nCx+DgIGZ8KyycIlvIjJwyiFOC+YB/BfX0M/dOJ+tl7FU1b8J/qNQTG82rgDH\n" + "fNRD2DR1+jNb+IQiV/HdJJLyissqYkWVaIeG+6RXXy8d0rfSIWpT8YysgJmWqT4Q\n" + "QKarLoyzHleMN1fGMXT8P6a6Z4AKl1lr3ev9rHjGr88crXQDGtzQmM6YCi7FKegJ\n" + "T4pCBf5TMfFHfyuGlF4=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *tls_feat_superset[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIERTCCAq2gAwIBAgIMV2q0/wgRypWYPJf5MA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" + "BgNVBAMTBENBLTEwIBcNMTYwNjIyMTU1NTQzWhgPOTk5OTEyMzEyMzU5NTlaMBMx\n" + "ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC\n" + "AYEAwBrZ+hFGdXX0cZmlBruD6ciZMUwVxCRuYP9fK3iTAEMGEI60tjsMfuLVOVHi\n" + "OXME1Y2UO/VpH5jcLZElyqb6MfekxdNwa5XW3KbGSJYczBEicHDaF2sMkpE8TM35\n" + "bVu4lvsvhp9m4AmeS9zM7jXIfuF6YOtfrwhRCNjI6CJxo+ZzHz7yBEDJ25iWZdzN\n" + "zRPapY+MwPrgR2GCZV+yN+F4eoizLfX0aQ7MGAtjGfcNFwGeQrRzpBcTXe1dqr2G\n" + "3jtreKFO+vseS7zZvqJVsnurnzFwN2dCqpeEbiNisKihrbpOPV5C6KBFRyBmJUKr\n" + "PCAtaJZgsPQQ0oQRCqopeAeThnRNTkHqK/t/r9HketUXc+6dU5D4Okc+NV0ULBMM\n" + "xR+H6K8AJJoTAxZR/t2Gsaao83fcYvFenu+T6IPsyKftrVAmICHkPlRY/ir0O5OJ\n" + "7s5NXCygDJKf94Hqc3nU6EU4VBrehvKDf17sOMigmOlFA64mFSn+GyoI5OqBwnr9\n" + "614VAgMBAAGjgZowgZcwIAYIKwYBBQUHARgEFDASAgEEAgEFAgEGAgEHAgEIAgEJ\n" + "MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQF\n" + "AwMHoAAwHQYDVR0OBBYEFC7as/AaudiD7/rYG+pu00XJhLECMB8GA1UdIwQYMBaA\n" + "FCJrjNrs/mt/frUxJ+fPkDBA720HMA0GCSqGSIb3DQEBCwUAA4IBgQBXNFbgFC0e\n" + "YKsmEwOdLLpIedi6k0kdd3Mo42CX3y8lv1JbZokUFUDd7fgJgbtlG2t5Tp+iYRAM\n" + "6V5NoXOc0eWDYn/K0TQJSWsHnwnAn0SG2ZJt/2A6grqoMa2BJSY6pKfBOOkepJKF\n" + "Yd8EOFJNnwOMjwzRPoccsx6LBTrOZVAoDgR01RUPDXBoyDOBnq0A2gEpMnJQjjw6\n" + "w8oBnU/ySKhs6iXNY9xiA+3J/rT8jF5WOCAk78MLewcoEqWYR0QgtkmoHqhY9BzO\n" + "VyJ5sMzCAnv1Zwi8UerBpg97In44POun9u/qEBSjIZj0Mba6MIWXTN5GzoxJTej+\n" + "XWJoNxR9J4gTlHnFTxi3s5EcS1lsk6S2rVUCy2mHhSTmrwoXGz8AyDUn3hjfgHx5\n" + "cmW+nzaDERO3pLZ0MFQEwv9Wdq9pcGnpDtOzimI+AsrGsuYqeY69ZDH1AvKfposU\n" + "0kblXBxkedBddb1HlvLzU45j9RqV/TfYBJA30FAI451vwoANX6oLl1E=\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIIEHDCCAoSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyMjE1NTU0M1oYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0xMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2z5di/R9W/uEwa1a\n" + "Oo2+POgZSuzGnikpH78cCsV0u70ieaOolj/X7tJ+9MAfYLfMY1lRl7OboYAshTn6\n" + "ZfLQa7QkysXsR/EySq5sEVCz/Btw60dZb3UrJEyskR9wZ4L49hUrKiECAIEWykXh\n" + "F0bi0KAOMziV18bOlgrhmm/AD0mXqLnhIRD/CBZtYiDD1/mClgYtOxJLqyUdj1GH\n" + "+XKN9BdIlZ7zl4UEuMuGxTkqpmxeYvtQKxoGd2Mf+Y+FK0CiMVTZ0PxHxA/rQ7b4\n" + "s0evs9a10oXmVnNuYtDtCIMiOY2zJvo38oWAvDJsJH/zmzyPqWoCyDqm4zuxT14I\n" + "BFlVxN7CAgvrdJgRonmy0yr6vLlXCK/PdzhD0LS8RcfjeDYhTsDY61rfArsB2eWv\n" + "Y2uyJAOhjYzCDAAPxh87co3WlQyiVS5bFP5SI++y1qgBHPuXmkoPIft8H2HxY6sn\n" + "XAHdqKgrB78j5Asc6FWfzp3MpatgLuspOmx/fLERxoIWVxo3AgMBAAGjgYAwfjAa\n" + "BggrBgEFBQcBGAQOMAwCAQUCAQYCAQcCAQgwDwYDVR0TAQH/BAUwAwEB/zAPBgNV\n" + "HQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQia4za7P5rf361MSfnz5AwQO9tBzAfBgNV\n" + "HSMEGDAWgBQHiC/xbZtw756ibmRddGjDpv5VzzANBgkqhkiG9w0BAQsFAAOCAYEA\n" + "NykGM82KLfZPVpkw/wZSWmBdblYrdSPTyGNm7RAqLodFIW1re5Xtkk6xPJYGWNZO\n" + "Ac0Oz9IDsGlaEVsXOyyIV6ZmzG4hr9HQh5jvt3nHdXMJMjNz9qJLM4mq/+3yF0Dx\n" + "B3/HUne8A8k+Rp+F/c/544Rt8zH3pHGKH0ytc1a8Q79q9SUhH3Cc/d0qvmUcuCBG\n" + "tix6wnfCpRma/6nugFXM2HbR/3C9U9EpNG2nS6mdpuYlm3SKFY6VJd6gpLGc/akr\n" + "/557JFsC6UrgHgI1c2sSqSWJuhLBRVeFkyvGOH3PSz+F/sUO4UXxf0LcoUsr9Zo0\n" + "9F6muAj5M7FIVOnBaOIpYVf3pezUUfY0aHaB0GFDJViRNuSxJJBrJEejBKEIXfEp\n" + "AoBVepgwdvM9V+BTxHYYetpUDZLa9PeQcuehyzN2dNLOwYPeYX1Ax9c/b+WbZRdw\n" + "JG9uD/Zre0xmdIvlHFIGVh3pZsgdbEWe6jrBRgwcQ7snSMPVvOQxONiLQnTKy8+g\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIID+jCCAmKgAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" + "MCAXDTE2MDYyMjE1NTU0MloYDzk5OTkxMjMxMjM1OTU5WjAPMQ0wCwYDVQQDEwRD\n" + "QS0wMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA2MAgfmjKkZ3MlXu1\n" + "aFurNhmGREguCb3fqpHkOXaqCk04rxG/ZSMJkNX3v3IaZXPBM/YinjLrB2hl0Vaj\n" + "tA+EQgXsPekRZKX9UjvIC1U+8Lutv8rJ15d8ZBgo6fGzj0rkLX5o3gFrweNXuBYh\n" + "Bz1N0TvD+SWPfauG4UlZcMLnH2Mk0T/oNPsb2xC8F60OH/brgnT3OVGjQmouV8wh\n" + "eYVutV+GLjeOlcNWLTQNUWPaeq3fiUA+MPXsszW+yEe5KkMpETDtluwGVcyLZMAo\n" + "k9YXhe/MU47PIXYiE1bH7/vInGf0PZ6ljoRrBMyEEsG1DuysmNBoP5GjpaKS3+4K\n" + "21R9rr6ylMb7Tx2PlMYzfpWyB/y7naGPBuIF4ExI+h6SzwblPzpKNKqcsAO+T3/G\n" + "FLkRMzpFfxW8PiyzsUZnBFUDeeFMV1NMMKUhOumQGTJ35vxaPAtqMxqJRHfpsP85\n" + "GXnJ72ubCekSEgmsIzhcSpevcH4Kreyu03rtkwzFm8gal8EXAgMBAAGjXzBdMBoG\n" + "CCsGAQUFBwEYBA4wDAIBBQIBBgIBBwIBCDAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud\n" + "DwEB/wQFAwMHBgAwHQYDVR0OBBYEFAeIL/Ftm3DvnqJuZF10aMOm/lXPMA0GCSqG\n" + "SIb3DQEBCwUAA4IBgQDFINpl39BzYyziYAh1t8YVvcTgAs/ALikaTPnSPoDEJgJ8\n" + "QDt1omDPaaOuprcZNIN/23q5I9fNLgcUyDS9dCAqZmtxK8fXorS07U9XuQwN3b8J\n" + "1P+NOJfzn7oUFVdGZ/0wWkySQVGmIkweTNJ3JCIRBM2FMIeCdZKt8NHcU1F7xPmo\n" + "IAk4MiM4Mp3m4GZoRxo/VDL5MBKUlw62Er6wpRguGvJvCeoKANwIMgwU3r+kBjR2\n" + "IvB0ysr/xxVTuOzs41Y9Cnp+5Q+McLKvHXkJKyAsyZU+i0SKf2OvwGnzhkzk21Yt\n" + "z8jKzog2AmeIqWS3rlu0Hbqo+0QORgIeASU2J86YXo2c0UQfpb3kI7gkQG6jbCLt\n" + "JgstnWQIZ/NgZ8kI+IsEgCkwlZWcwvvzLN0rU5nuO2psOvHTasPJrY0yTpx6uBVO\n" + "MhwmNs8vu/29rvWY3pY3X3j+MQcAlb6KpNyJCUaV0Rhi4F385Wy15VJ+FQdykZ28\n" + "GMGU26jKIvQm0NDWbB4=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +#ifdef ENABLE_GOST +static const char *gost01[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIBfTCCASqgAwIBAgICASIwCgYGKoUDAgIDBQAwNzELMAkGA1UEBhMCUlUxKDAm\n" + "BgNVBAMMH0NBIGNlcnRpZmljYXRlIChQS0NTMTIgZXhhbXBsZSkwHhcNMTIwNjE0\n" + "MTkzMDE5WhcNMTcwNjE0MTkzMDE5WjA5MQswCQYDVQQGEwJSVTEqMCgGA1UEAwwh\n" + "VGVzdCBjZXJ0aWZpY2F0ZSAoUEtDUzEyIGV4YW1wbGUpMGMwHAYGKoUDAgITMBIG\n" + "ByqFAwICIwEGByqFAwICHgEDQwAEQHlSMCMAJZgoHUCIFmn+eqOgYlQy8h7SfjZ2\n" + "kMkJ4xTae8jtZYxHLq3P+qJeismsHdmqdqSBbOGGdOaJNNPbAZKjGjAYMAkGA1Ud\n" + "EwQCMAAwCwYDVR0PBAQDAgWgMAoGBiqFAwICAwUAA0EArslfUeqhW9eFkspn89+C\n" + "OQEJX6JoghiOjFYlky0XmaaDl3D6EcbID+B6cBEmcXF21xxIEeYJIAqGzOEnMXdT\n" + "cg==\n" + "-----END CERTIFICATE-----\n", + NULL, + "-----BEGIN CERTIFICATE-----\n" + "MIIBfTCCASqgAwIBAgIBADAKBgYqhQMCAgMFADA3MQswCQYDVQQGEwJSVTEoMCYG\n" + "A1UEAwwfQ0EgY2VydGlmaWNhdGUgKFBLQ1MxMiBleGFtcGxlKTAeFw0xMjA2MTQx\n" + "MzEyMzFaFw0xNzA2MTQxMzEyMzFaMDcxCzAJBgNVBAYTAlJVMSgwJgYDVQQDDB9D\n" + "QSBjZXJ0aWZpY2F0ZSAoUEtDUzEyIGV4YW1wbGUpMGMwHAYGKoUDAgITMBIGByqF\n" + "AwICIwEGByqFAwICHgEDQwAEQHxF7QOkGNDlnKWiBwdD80gToowegPcHR1Y1r2ZR\n" + "RQqB610f3uEWN/EikI7exYVRR0dmCyILLMmgRxX+KU4qmgejHTAbMAwGA1UdEwQF\n" + "MAMBAf8wCwYDVR0PBAQDAgEGMAoGBiqFAwICAwUAA0EAFnvKPRo2tQkI/iqu/CkP\n" + "YQJPW43KnRMqkmB/NnGOC5+wdivIA5yJaGbT2sQ1r+n6qyJnG32yV44DrSe7b2DV\n" + "OA==\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *gost12_256[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIICYjCCAg+gAwIBAgIBATAKBggqhQMHAQEDAjBWMSkwJwYJKoZIhvcNAQkBFhpH\n" + "b3N0UjM0MTAtMjAxMkBleGFtcGxlLmNvbTEpMCcGA1UEAxMgR29zdFIzNDEwLTIw\n" + "MTIgKDI1NiBiaXQpIGV4YW1wbGUwHhcNMTMxMTA1MTQwMjM3WhcNMzAxMTAxMTQw\n" + "MjM3WjBWMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAxMkBleGFtcGxlLmNv\n" + "bTEpMCcGA1UEAxMgR29zdFIzNDEwLTIwMTIgKDI1NiBiaXQpIGV4YW1wbGUwZjAf\n" + "BggqhQMHAQEBATATBgcqhQMCAiQABggqhQMHAQECAgNDAARAut/Qw1MUq9KPqkdH\n" + "C2xAF3K7TugHfo9n525D2s5mFZdD5pwf90/i4vF0mFmr9nfRwMYP4o0Pg1mOn5Rl\n" + "aXNYraOBwDCBvTAdBgNVHQ4EFgQU1fIeN1HaPbw+XWUzbkJ+kHJUT0AwCwYDVR0P\n" + "BAQDAgHGMA8GA1UdEwQIMAYBAf8CAQEwfgYDVR0BBHcwdYAU1fIeN1HaPbw+XWUz\n" + "bkJ+kHJUT0ChWqRYMFYxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDEyQGV4\n" + "YW1wbGUuY29tMSkwJwYDVQQDEyBHb3N0UjM0MTAtMjAxMiAoMjU2IGJpdCkgZXhh\n" + "bXBsZYIBATAKBggqhQMHAQEDAgNBAF5bm4BbARR6hJLEoWJkOsYV3Hd7kXQQjz3C\n" + "dqQfmHrz6TI6Xojdh/t8ckODv/587NS5/6KsM77vc6Wh90NAT2s=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *gost12_512[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIC6DCCAlSgAwIBAgIBATAKBggqhQMHAQEDAzBWMSkwJwYJKoZIhvcNAQkBFhpH\n" + "b3N0UjM0MTAtMjAxMkBleGFtcGxlLmNvbTEpMCcGA1UEAxMgR29zdFIzNDEwLTIw\n" + "MTIgKDUxMiBiaXQpIGV4YW1wbGUwHhcNMTMxMDA0MDczNjA0WhcNMzAxMDAxMDcz\n" + "NjA0WjBWMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAxMkBleGFtcGxlLmNv\n" + "bTEpMCcGA1UEAxMgR29zdFIzNDEwLTIwMTIgKDUxMiBiaXQpIGV4YW1wbGUwgaow\n" + "IQYIKoUDBwEBAQIwFQYJKoUDBwECAQICBggqhQMHAQECAwOBhAAEgYATGQ9VCiM5\n" + "FRGCQ8MEz2F1dANqhaEuywa8CbxOnTvaGJpFQVXQwkwvLFAKh7hk542vOEtxpKtT\n" + "CXfGf84nRhMH/Q9bZeAc2eO/yhxrsQhTBufa1Fuou2oe/jUOaG6RAtUUvRzhNTpp\n" + "RGGl1+EIY2vzzUua9j9Ol/gAoy/LNKQIfqOBwDCBvTAdBgNVHQ4EFgQUPcbTRXJZ\n" + "nHtjj+eBP7b5lcTMekIwCwYDVR0PBAQDAgHGMA8GA1UdEwQIMAYBAf8CAQEwfgYD\n" + "VR0BBHcwdYAUPcbTRXJZnHtjj+eBP7b5lcTMekKhWqRYMFYxKTAnBgkqhkiG9w0B\n" + "CQEWGkdvc3RSMzQxMC0yMDEyQGV4YW1wbGUuY29tMSkwJwYDVQQDEyBHb3N0UjM0\n" + "MTAtMjAxMiAoNTEyIGJpdCkgZXhhbXBsZYIBATAKBggqhQMHAQEDAwOBgQBObS7o\n" + "ppPTXzHyVR1DtPa8b57nudJzI4czhsfeX5HDntOq45t9B/qSs8dC6eGxbhHZ9zCO\n" + "SFtxWYdmg0au8XI9Xb8vTC1qdwWID7FFjMWDNQZb6lYh/J+8F2xKylvB5nIlRZqO\n" + "o3eUNFkNyHJwQCk2WoOlO16zwGk2tdKH4KmD5w==\n" + "-----END CERTIFICATE-----\n", + NULL +}; +#endif + +static const char *rsa_512[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIBTjCB+aADAgECAhQcc65I8jSxWRjcS1czw4MRLIc8qDANBgkqhkiG9w0BAQsF\n" + "ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTkxMjE1MDI1NTU4WhcNMjkxMjEy\n" + "MDI1NTU4WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwXDANBgkqhkiG9w0BAQEFAANL\n" + "ADBIAkEAwZFO/Vz94lR3/TKz76qRCV2skqthX7PB6YxeLHH3ifWSYR2qCYTBikaA\n" + "Sm6PGDvAliviIjGjKTkdDdqZX2S94QIDAQABoyMwITAJBgNVHRMEAjAAMBQGA1Ud\n" + "EQQNMAuCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQsFAANBAHslvfVxod5p+Gt7l4LV\n" + "M2HBxOt4YM8mRCtyNSmJEGAe+aIzXaiSiRnVkVvjQvdxacu2D4yP52BUo1vzNnCq\n" + "2UI=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *ed448[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIBhDCCAQSgAwIBAgIUIWKQV5hisum31Z2Fw+PeZ80wqnkwBQYDK2VxMBkxFzAV\n" + "BgNVBAMTDkdudVRMUyB0ZXN0IENBMCAXDTIwMDMxNjA5MTY1M1oYDzk5OTkxMjMx\n" + "MjM1OTU5WjAZMRcwFQYDVQQDEw5HbnVUTFMgdGVzdCBDQTBDMAUGAytlcQM6AFsM\n" + "fQUL5TonNaVrBB7H4UtwnVlolZatMXceHZiWnzMKXOZXlIabi0nTGkvSFu9ed6JJ\n" + "L7EWarjRAKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0G\n" + "A1UdDgQWBBRMwtFQ9T9Ndw63UP2QGAuIFoYb6TAFBgMrZXEDcwB8hbYLw7KMlb3a\n" + "Q2YAXiugWt2WcAMtvKgqzjXzUt2jilaDA72d3MCAWQQsMmQfRNSthDIao5CksoDk\n" + "Xc8qFzckmdBiF7W+UNT3OMisE9yIxF4iA1Sxsji3C0WDUq2jen5Uv9E99H+r47L8\n" + "U955wKxWJAA=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +/* This contains an expired intermediate CA, which should be superseded. */ +static const char *superseding[] = { + "-----BEGIN CERTIFICATE-----" + "MIIDrzCCAmegAwIBAgIUcozIBhMJvM/rd1PVI7LOq7Kscs8wDQYJKoZIhvcNAQEL" + "BQAwJjEkMCIGA1UEAxMbR251VExTIHRlc3QgaW50ZXJtZWRpYXRlIENBMCAXDTIw" + "MDUzMTEyMTczN1oYDzk5OTkxMjMxMjM1OTU5WjA3MRgwFgYDVQQDEw90ZXN0Lmdu" + "dXRscy5vcmcxGzAZBgNVBAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCASAwCwYJKoZI" + "hvcNAQEKA4IBDwAwggEKAoIBAQCd2PBnWn+b0FsIMbG+f/K+og2iK/BoLCsJD3j9" + "yRNSHD6wTifYwNTbe1LF/8BzxcwVRCD0zpbpFQawbjxbmBSzrXqQlUFFG11DvNBa" + "w58rgHGo3TYCrtFIBfLbziyB1w/vWeX0xHvv8MMJ1iRSdY+7Y36a2cV+s85PdO4B" + "TpZlLfy8LPP6p6+dgVoC+9tTu2H1wARYOVog+jt9A3Hx0L1xxVWTedFoiK2sVouz" + "fLRjfp5cOwuRHSD2qbpGOAeNVVaOE88Bv3pIGPguMw0qAdEDo20hRYH23LIyvBwB" + "oCnyFNnAViMtLa2QlXSliV9a9BKOXYjWzAeso2SF4pdHcvd5AgMBAAGjgZMwgZAw" + "DAYDVR0TAQH/BAIwADAaBgNVHREEEzARgg90ZXN0LmdudXRscy5vcmcwEwYDVR0l" + "BAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUan6mlccq" + "Uy1Z64wvRv3xxg4h2ykwHwYDVR0jBBgwFoAUSCM0UwqJMThKWurKttKm3s4dKxgw" + "DQYJKoZIhvcNAQELBQADggExAKAOMyMLpk0u2UTwwFWtr1hfx7evo2J7dgco410I" + "DN/QWoe2Xlcxcp1h5R9rX1I3KU2WGFtdXqiMsllCLnrDEKZmlks0uz76bCpKmM99" + "/1MDlY7mGCr/2PPx53USK5J5JTiqgp6r7qAcDAnpYvrPH45kk7iqwh02DhAxRnGR" + "CW7KWK8h7uu0Az9iBT2YfV372g4fRDK3fqYzJofQwbhSiUuJ7wyZCRhGOoxMMmDb" + "KBbc1wAYXW+tlv2cSbfzRvSxMR+CzkyH2tGDxeN//aZUfGmQ8IzWUQ7UtK5z+Q0E" + "fL6fZtm2SdGabGpV1UYoGpwOtOngK+m0i9SqrMD7g5+SMhc1VuvVuTtxjr5Cha8l" + "X0HEZtxgFrkdfMD4yLAqiguaCBngtbRmELF5VpebmJbiLVU=" + "-----END CERTIFICATE-----", + "-----BEGIN CERTIFICATE-----" + "MIIDkTCCAkmgAwIBAgIUY9cJ4NLNFEaojJHdP1I4Q7OHNJwwDQYJKoZIhvcNAQEL" + "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMTgxMjMxMjMwMDAwWhcN" + "MjAwNTMwMjIwMDAwWjAmMSQwIgYDVQQDExtHbnVUTFMgdGVzdCBpbnRlcm1lZGlh" + "dGUgQ0EwggFSMA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQC0ayeYJa/B/x7K" + "sH702LztQ4ZnVF3atB7CkF+DPAIR/BNyhbKIpGVBC3ZfI76Kn/55S3M7LsdLPL8W" + "yZdVNRfzoXJLMMLgJ5QS81YA5s6CSxFdpB6b+vq5GypNGLW6peYMx6iooW2qiITc" + "lg6ybBw1qufHlD351cfCog1Ls2569whfxQnNFZMa95jfKkxmiSTtH9AWY4FlpVg7" + "oc0lYpuZgVQIFxjsfC8IojsoVzKdF0cKhvtisUGZ5vveqOogfvMb7rrqmiFkKZLy" + "rXPlGQWdN1PiEZ8YXyK64osNAIyeL6eHPUC+SqKlkggMLmHAWHyameHWrIM5Jc8+" + "G+3ro22dy8U43sHHbps0FL4wPoKQHrlKmnbk7zMMRqIxcvbDYQv4qmeJ9KXldjeh" + "KZ+Aeap1AgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE" + "ADAdBgNVHQ4EFgQUSCM0UwqJMThKWurKttKm3s4dKxgwHwYDVR0jBBgwFoAUHncj" + "bWcxH5EHm5Yv7PzIRv6M4QMwDQYJKoZIhvcNAQELBQADggExAHP1UAQ/nvuQtRZF" + "Q4b96yxVwCjMjn7knLyLNtyYGE3466xvE/ofvx5lgaR06ez/G17XP+Ok5SLJNUVc" + "mplTERCv5CgnX7R5VdGJkkD1repaYxaTtwyJz0AfYEMRUj3jfaeLaiUKJvEW5RRs" + "I3solY18sy/m/xGrH2X0GTNfKM9BURENABsppt07jxH719nF9m9SynV/Z2hE5hlv" + "5e5vyPt4wyRPIJLUI3TKAlvb1s40zz3ua7ZTgQL/cOxfY4f9pRKW9CMB3uF69OP9" + "COAxrmHVZsImmDZ6qO1qQrbY1KN/cX5kG4pKg7Ium723aOlwcWzEDXKumD960fN1" + "5g+HrjNs6kW+r9Q5QS8qV5s8maZNcxTrMvQ1fF2AKBNI3Z3U7vmtrSeqxIXp3rGH" + "iJwOKIk=" + "-----END CERTIFICATE-----", + NULL +}; + +static const char *superseding_ca[] = { + "-----BEGIN CERTIFICATE-----" + "MIIDkzCCAkugAwIBAgIUIs7jB4Q4sFcdCmzWVHbJLESC3T4wDQYJKoZIhvcNAQEL" + "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjAwNTMxMTIxMzEwWhgP" + "OTk5OTEyMzEyMzU5NTlaMCYxJDAiBgNVBAMTG0dudVRMUyB0ZXN0IGludGVybWVk" + "aWF0ZSBDQTCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/" + "HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8" + "vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqI" + "hNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWl" + "WDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQp" + "kvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzkl" + "zz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2" + "N6Epn4B5qnUCAwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMD" + "BwQAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0rGDAfBgNVHSMEGDAWgBQe" + "dyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsFAAOCATEAcF9R9VGQxTwW" + "aOjeIeQ9ZJxybaj0BaXC8xR4b9uZloS9d/RBFTjgRbQ82yqaj7f80mgUtabKRfTA" + "ltV2MgTbJdOjwGzEDtKGhClBbovnEGrYTbPBT9rgfYPt0q7SMBr6AzGAPt+ltwI7" + "9yntV81qvTxvW5MEEo0j2MuA3NT3oqe+w1rUKNQCWhnN2TUhJGkTlaaMozcgNFaE" + "Dplop4dtvCGtupxOjC3Nf6FWq1k7iZQxX70AFBYVMpuF7qGh6qDp+T1hmTCSVzxP" + "SfDQIBjhKgy4clhkuR5SRxhN74RX+/5eiQyVLxzr+eIhqzJhPqUCmVnCLcqYdNRi" + "hpHic4uJm0wGOKYTI7EG8rb4ZP4Jz6k4iN9CnL/+kiiW5otSl3YyCAuao5VKdDq9" + "izchzb9eow==" + "-----END CERTIFICATE-----", + "-----BEGIN CERTIFICATE-----" + "MIIDZTCCAh2gAwIBAgIULcrECQOBgPaePBfBHXcyZiU0IiYwDQYJKoZIhvcNAQEL" + "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwIBcNMjAwNTMxMTIxMTQzWhgP" + "OTk5OTEyMzEyMzU5NTlaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIBUjAN" + "BgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduIg/3C" + "qVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJ" + "U95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8" + "vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwW" + "PJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vG" + "VYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7" + "FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQAB" + "o0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYE" + "FB53I21nMR+RB5uWL+z8yEb+jOEDMA0GCSqGSIb3DQEBCwUAA4IBMQAeMSzMyuTy" + "FjXTjxAUv010bsr6e6fI9txq/S1tXmWWJV/8aeARthuOFZO5Jjy3C5aMbac2HDV4" + "Otu0+JLaoEMSXvorAhValVuq06i5cmaPzvJBcxMWzlEAXfavSwHv5Q+kqNU3z81S" + "WnjEpMHcl9OyER7o9IhF55Xom2BXY5XL83QOzQ4C3bpKrNevZC7i7zS8NoYRGP+8" + "w21JseXkWQW4o2hkFqbCcRE1dlMW02iJE28RZ5aBFDIm2Y6zuLaXZIkaO7E41CAw" + "IUyhowm/S1HcmQnhruAGKJvQtB6jvnhZb7pgnuSkhIvAQgw93CLE985KEua1ifY2" + "p1d/6ho2TWotHHqDnDkB8pC0Wzai8R+63z18Kt0gROX2QItCyFksjNJqYPbgwZgt" + "eh1COrLsOJo+" + "-----END CERTIFICATE-----", + NULL +}; + +static const char *rsa_sha1_in_trusted[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIID0jCCAoqgAwIBAgIUezaBB7f4TW75oc3UV57oJvXmbBYwDQYJKoZIhvcNAQEL\n" + "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyNzIxWhcN\n" + "MjIwNTAzMTQyNzIxWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n" + "BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n" + "AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n" + "dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n" + "Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n" + "mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n" + "+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n" + "CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n" + "ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n" + "MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n" + "ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n" + "GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n" + "AAOCATEAXs8lOV231HQerhSGEjZJz0vBuA3biKYlu3cwCTKvF6EOyYMSWOnfqqD0\n" + "eDhpo1pzGtUa2zYLHagb+sU2NSTe0sqP+PK1giUg8X8/tRtWKk1p/m76yK/3iaty\n" + "flgz+eMai4xQu2FvAJzIASFjM9R+Pgpcf/zdvkiUPv8Rdm9FieyAZnJSo9hJHLxN\n" + "x60tfC5yyswdbGGW0GbJ2kr+xMfVZvxgO/x6AXlOaUGQ+jZAu9eJwFQMDW5h5/S1\n" + "PJkIt7f7jkU33cG+BawcjhT0GzxuvDnnCG0L7/z7bR+Sw2kNKqHbHorzv91R20Oh\n" + "CIISJPkiiP+mYcglTp1d9gw09GwSkGbldb9ibfc0hKyxiImFfIiTqDbXJcpKH98o\n" + "W8hWkb20QURlY+QM5MD49znfhPKMTQ==\n" + "-----END CERTIFICATE-----\n", + "-----BEGIN CERTIFICATE-----\n" + "MIID2TCCAkGgAwIBAgIUWsb4DATcefXbo0WrBfgqVMvPGawwDQYJKoZIhvcNAQEL\n" + "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI2\n" + "MzVaFw0yMjA1MDMxNDI2MzVaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n" + "UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n" + "g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n" + "EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n" + "cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n" + "sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n" + "67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n" + "CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n" + "AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n" + "BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n" + "GctysPWxl+SfMA0GCSqGSIb3DQEBCwUAA4IBgQBbboeDr/rLT1tZWrdHq8FvflGm\n" + "EpxZIRU4DdDD/SUCWSPQvjBq0MvuKxs5FfJCKrDf2kS2qlZ1rO0AuWwREoDeTOEc\n" + "arjFoCry+JQ+USqS5F4gsp4XlYvli27iMp3dlnhFXEQQy7/y+gM5c9wnMi8v/LUz\n" + "AV6QHX0fkb4XeazeJ+Nq0EkjqiYxylN6mP+5LAEMBG/wGviAoviQ5tN9zdoQs/nT\n" + "3jTw3cOauuPjdcOTfo71+/MtBzhPchgNIyQo4aB40XVWsLAoruL/3CFFlTniihtd\n" + "zA2zA7JvbuuKx6BOv2IbWOUweb732ZpYbDgEcXp/6Cj/SIUGxidpEgdCJGqyqdC7\n" + "b58ujxclC6QTcicw+SX5LBox8WGLfj+x+V3uVBz9+EK608xphTj4kLh9peII9v3n\n" + "vBUoZRTiUTCvH4AJJgAfa3mYrSxzueuqBOwXcvZ+8OJ0J1CP21pmK5nxR7f1nm9Q\n" + "sYA1VHfC2dtyAYlByeF5iHl5hFR6vy1jJyzxg2M=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *rsa_sha1_in_trusted_ca[] = { + /* This CA is generated with the same key as rsa_sha1_in_trusted[1], but + * self-signed using SHA-1. + */ + "-----BEGIN CERTIFICATE-----\n" + "MIIDYzCCAhugAwIBAgIUahO8CvYPHTAltKCC2rAIcXUiLlAwDQYJKoZIhvcNAQEF\n" + "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTAzMTQyMDM1WhcN\n" + "MjIwNTAzMTQyMDM1WjAZMRcwFQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCCAVIwDQYJ\n" + "KoZIhvcNAQEBBQADggE/ADCCAToCggExAJzkQrF9bp5f/38tnddOeF3biIP9wqlQ\n" + "Wk9x3GuuUhKA8IdCoj7UKDoGS3SmNnKGxrP6I2LTo3LNCp5T2HZrYxIelhIbiVPe\n" + "b+E0HQuDizIhOeniBqtudoWQGx6Ey/OENeA8UFhrs0CvN9Ippe328NlnCHEUPLxR\n" + "rPEs318Ot/jCOhauojAECKj9PFsxpkUcy+cLwoj4QlZKz5sG16AAbm+gALGMFjyQ\n" + "fdTPf5ceYBR+ZPf4j34t7NioNxfDDnKaahWI8Q0p7H4s+njIdfm2FSAKN+u7xlWB\n" + "4oFzBGQthXs5cCB2mc6RKBZWN2uyxSdNMq40PddK/FBPghDE2MxONA9KJQjKOxQP\n" + "UQo3jt21CKGGiHVU1BlhBh1knqMRnovRpJurvgEo/H/otI8XQ9ql7HsCAwEAAaND\n" + "MEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQe\n" + "dyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQUFAAOCATEAYLm/4DfUp+mA\n" + "S/23a2bwybJoPCMzKZpi+veXkqoq/a/BCUkFpqnjpVjz0ujVKK121oeOPBAa/mG1\n" + "Y3fJYP+b3PloL/6xj/8680TveGirCr0Rp/8XWa8lt+Ge8DM3mfTGWFTWHa0lD9VK\n" + "gjV1oNZNLe5SKA6dJLAp/NjCxc/vuOkThQPeaoO5Iy/Z6m7CpTLO7T4syJFtDmSn\n" + "Pa/yFUDTgJYFlGVM+KC1r8bhZ6Ao1CAXTcT5Lcbe/aCcyk6B3J2AnYsqPMVNEVhb\n" + "9eMGO/WG24hMLy6eb1r/yL8uQ/uGi2rRlNJN8GTg09YR7l5fHrHxuHc/sme0jsnJ\n" + "wtqGLCJsrh7Ae1fKVUueO00Yx9BGuzLswMvnT5f0oYs0jrXgMrTbIWS/DjOcYIHb\n" + "w3SV1ZRcNg==\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *rsa_sha1_not_in_trusted[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIID0jCCAoqgAwIBAgIUNCvPV9OvyuVMtnkC3ZAvh959h4MwDQYJKoZIhvcNAQEL\n" + "BQAwGTEXMBUGA1UEAxMOR251VExTIHRlc3QgQ0EwHhcNMjEwNTA0MDg0NzAzWhcN\n" + "MjIwNTA0MDg0NzAzWjA3MRgwFgYDVQQDEw90ZXN0LmdudXRscy5vcmcxGzAZBgNV\n" + "BAoTEkdudVRMUyB0ZXN0IHNlcnZlcjCCAVIwDQYJKoZIhvcNAQEBBQADggE/ADCC\n" + "AToCggExALRrJ5glr8H/HsqwfvTYvO1DhmdUXdq0HsKQX4M8AhH8E3KFsoikZUEL\n" + "dl8jvoqf/nlLczsux0s8vxbJl1U1F/OhckswwuAnlBLzVgDmzoJLEV2kHpv6+rkb\n" + "Kk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3\n" + "mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mBVAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm\n" + "+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWS\n" + "CAwuYcBYfJqZ4dasgzklzz4b7eujbZ3LxTjewcdumzQUvjA+gpAeuUqaduTvMwxG\n" + "ojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUCAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAA\n" + "MBoGA1UdEQQTMBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcD\n" + "ATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBRIIzRTCokxOEpa6sq20qbezh0r\n" + "GDAfBgNVHSMEGDAWgBQedyNtZzEfkQebli/s/MhG/ozhAzANBgkqhkiG9w0BAQsF\n" + "AAOCATEAWs/Qa1Ebydwo4Ke2KEdy5cUTSZjnoz93XpbrP9W60MJ4d2DIQPcYUcLF\n" + "+glez+mRtVXDRtH5V/4yZX1EdgrPVQGeVlO5HbNiYyYw/Yj3H6kzWtUbBxdOAOE/\n" + "/ul8RCKKMfvYBHCBgjBMW0aFm31Q1Z8m8nanBusyJ0DG1scBHu4/3vTCZthZAxc5\n" + "3l3t/jjsNRS+k5t6Ay8nEY1tAZSGVqN8qufzO2NBO06sQagp09FTfDh581OBcVtF\n" + "X7O0cffAWHk3JoywzEWFEAhVPqFlk07wG2O+k+fYZfavsJko5q+yWkxu8RDh4wAx\n" + "7UzKudGOQ+NhfYJ7N7V1/RFg1z75gE3GTUX7qmGZEVDOsMyiuUeYg8znyYpBV55Q\n" + "4BNr0ukwmwOdvUf+ksCu6PdOGaqThA==\n" + "-----END CERTIFICATE-----\n", + /* ICA with SHA1 signature */ + "-----BEGIN CERTIFICATE-----\n" + "MIID2TCCAkGgAwIBAgIUYaKJkQft87M1TF+Jd30py3yIq4swDQYJKoZIhvcNAQEF\n" + "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDQwODQ1\n" + "NDdaFw0yMjA1MDQwODQ1NDdaMBkxFzAVBgNVBAMTDkdudVRMUyB0ZXN0IENBMIIB\n" + "UjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEAnORCsX1unl//fy2d1054XduI\n" + "g/3CqVBaT3Hca65SEoDwh0KiPtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6W\n" + "EhuJU95v4TQdC4OLMiE56eIGq252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcI\n" + "cRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AA\n" + "sYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo3\n" + "67vGVYHigXMEZC2FezlwIHaZzpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0ol\n" + "CMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewID\n" + "AQABo2QwYjAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0O\n" + "BBYEFB53I21nMR+RB5uWL+z8yEb+jOEDMB8GA1UdIwQYMBaAFCApU0Q1pxZL+AW3\n" + "GctysPWxl+SfMA0GCSqGSIb3DQEBBQUAA4IBgQAewBcAGUGX28I5PDtuJkxoHonD\n" + "muHdXpYnrz1YXN4b7odNXockz++Xovgj126fo+PeWgmaaCic98ZcGnyVTi9+3oqN\n" + "2Bf4NNfyzSccgZZTphzbwjMcnc983HLQgsLSAOVivPHj5GEN58EWWamc9yA0VjGn\n" + "cuYmFN2dlFA8/ClEbVGu3UXBe6OljR5zUr+6oiSp2J+Rl7SerVSHlst07iU2tkeB\n" + "dlfOD5CquUGSka3SKvEfvu5SwYrCQVfYB6eMLInm7A0/ca0Jn3Oh4fMf2rIg/E3K\n" + "qsopxsu8BXrLoGK4MxbxPA65JpczhZgilQQi3e3RIvxrvyD2qamjaNbyG5cr8mW4\n" + "VOLf3vUORbkTi5sE7uRMu2B3z3N7ajsuQM8RHB17hOCB2FO/8rermq/oeJNtx57L\n" + "5s5NxCHYTksQ4gkpR4gfTIO/zwXJSwGa/Zi2y2wIi/1qr7lppBsKV2rDWX7QiIeA\n" + "PxOxyJA2eSeqCorz9vk3aHXleSpxsWGgKiJVmV0=\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +static const char *rsa_sha1_not_in_trusted_ca[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEDTCCAnWgAwIBAgIUd5X8NZput+aNPEd9h92r4KAu16MwDQYJKoZIhvcNAQEL\n" + "BQAwHjEcMBoGA1UEAxMTR251VExTIHRlc3Qgcm9vdCBDQTAeFw0yMTA1MDMxNDI1\n" + "MDNaFw0yMjA1MDMxNDI1MDNaMB4xHDAaBgNVBAMTE0dudVRMUyB0ZXN0IHJvb3Qg\n" + "Q0EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCsFAaMb/iRN+OFqQNh\n" + "OkkXGZlb+eLerLuB9ELnYwyLIh4MTXh0RjFZdCQLsQHfY/YFv0C50rmoXTA/d3Ef\n" + "K/P243KjX0XBWjO9TBuN0zth50eq94zf69yxA/a+kmT+O5YLfhi2ELM5F3IjOUoZ\n" + "lL0IGlFJwauAkaNylp/Evd5nW7g5DUJvMm4A3RXNfZt9gAD4lPRwryQq9jxT48Xu\n" + "fB0kAPEG/l/Izbz2rYin5+nySL+a0CSNuEbITxidtMhveB747oR0QS2sMQKji1ur\n" + "pRJ945SHiYJIgVuFAJc9StikSyIrxZgK45kAzcQAyRWWKiMNH5PprGFYJp+ypwhm\n" + "1t8Bphj2RFJAG3XRRZF/9uJIYc5mEHCsZFZ/IFRaKqyN30kAUijgNt+lW5mZXVFU\n" + "aqzV2zHjSG8jsGdia3cfBP46Z1q2eAh5jOCucTq1F7qZdVhOFmP9jFE6Uy5Kbwgc\n" + "kNAnsEllQeJQL2odVa7woKkZZ4M/c72X5tpBU38Rs3krn3sCAwEAAaNDMEEwDwYD\n" + "VR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBQgKVNENacW\n" + "S/gFtxnLcrD1sZfknzANBgkqhkiG9w0BAQsFAAOCAYEAaZMV71mZ9FYoVdpho61h\n" + "WWPs5GppQLJ1w70DNtGZ+lFrk/KopeDvOu1i61QLWRzcZCZMl+npiX1KH5kjVo3v\n" + "C9G8kdMW6EVRk5p6qCJMPFN2U+grMMp50aY5kmw+/v+Lhk5T/VG93l63P91FkUre\n" + "o8qhOudJExoUnR1uB9M6HMAxVn8Lm/N1LGPiP6A6Pboo716H7mg/A7pv9zoZ6jUp\n" + "7x693mA/b3I/QpDx/nJcmcdqxgEuW+aRlFXgnYZRFAawxi+5M9EwCWbkSTO4OMHP\n" + "Qlvak3tJO+wb92b0cICOOtzIPgQ+caiLg9d0FvesALmQzDmNmtqynoO85+Ia2Ywh\n" + "nxKPlpeImhLN9nGl9sOeW2m4mnA5r0h1vgML4v/MWL4TQhXallc31uFNj5HyFaTh\n" + "6Mr0g3GeQgN0jpT+aIOiKuW9fLts54+Ntj1NN40slqi3Y+/Yd6xhj+NgmbRvybZu\n" + "tnYFXKC0Q+QUf38horqG2Mc3/uh8MOm0eYUXwGJOdXYD\n" + "-----END CERTIFICATE-----\n", + NULL +}; + +#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) +# pragma GCC diagnostic push +# pragma GCC diagnostic ignored "-Wunused-variable" +#endif + +static struct +{ + const char *name; + const char **chain; + const char **ca; + unsigned int verify_flags; + unsigned int expected_verify_result; + const char *purpose; + time_t expected_time; + unsigned notfips; +} chains[] = +{ + { "CVE-2014-0092", cve_2014_0092_check, &cve_2014_0092_check[1], + 0, + GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL, 1412850586}, + { "CVE-2008-4989", cve_2008_4989_chain, &cve_2008_4989_chain[2], + GNUTLS_VERIFY_ALLOW_BROKEN, + GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL}, + { "amazon.com ok", verisign_com_chain_g5, &verisign_com_chain_g5[4], + GNUTLS_VERIFY_ALLOW_BROKEN | GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LOW), + 0, NULL}, + { "verisign.com v1 fail", verisign_com_chain, &verisign_com_chain[3], + GNUTLS_VERIFY_ALLOW_BROKEN, + GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL}, + { "verisign.com v1 ok", verisign_com_chain, &verisign_com_chain[3], + GNUTLS_VERIFY_ALLOW_BROKEN | GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LOW), + 0, NULL}, + { "verisign.com v1 not ok due to profile", verisign_com_chain, &verisign_com_chain[3], + GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LEGACY), + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL}, + { "verisign.com v1 not ok due to profile", verisign_com_chain, &verisign_com_chain[3], + GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_HIGH), + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL}, + { "citibank.com v1 fail", citibank_com_chain, &citibank_com_chain[2], + GNUTLS_VERIFY_ALLOW_BROKEN | GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL}, + { "expired self signed", pem_self_cert, &pem_self_cert[0], + 0, GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL}, + { "self signed", pem_self_cert, &pem_self_cert[0], + GNUTLS_VERIFY_DISABLE_TIME_CHECKS, 0, NULL}, + { "ca=false", thea_chain, &thea_chain[1], + GNUTLS_VERIFY_ALLOW_BROKEN, + GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL}, + { "ca=false2", thea_chain, &thea_chain[1], + GNUTLS_VERIFY_ALLOW_BROKEN, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL}, + { "hbci v1 fail", hbci_chain, &hbci_chain[2], + GNUTLS_VERIFY_ALLOW_BROKEN | GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL}, + { "hbci v1 ok expired", hbci_chain, &hbci_chain[2], + GNUTLS_VERIFY_ALLOW_BROKEN, + GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL}, + { "hbci v1 ok", hbci_chain, &hbci_chain[2], + GNUTLS_VERIFY_ALLOW_BROKEN|GNUTLS_VERIFY_DISABLE_TIME_CHECKS, + 0, NULL}, + { "rsa-md5 fail", mayfirst_chain, &mayfirst_chain[1], + GNUTLS_VERIFY_DISABLE_TIME_CHECKS, + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL}, + { "rsa-md5 not ok", mayfirst_chain, &mayfirst_chain[1], + GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2, + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL}, + { "rsa-md5 not ok2", mayfirst_chain, &mayfirst_chain[1], + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5, + GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL}, + { "rsa-md5 ok", mayfirst_chain, &mayfirst_chain[1], + GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5, 0, NULL}, + { "rsa-md5 ok - allow broken", mayfirst_chain, &mayfirst_chain[1], + GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_BROKEN, 0, NULL}, + { "v1ca fail", v1ca, &v1ca[2], + GNUTLS_VERIFY_ALLOW_BROKEN|GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL}, + + { "pathlen fail", pathlen_check, &pathlen_check[2], + GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT | GNUTLS_VERIFY_DISABLE_TIME_CHECKS, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, NULL}, + + /* Test whether a V1 root certificate is correctly accepted */ + { "v1root fail", v1_root_check, &v1_root_check[1], + GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT | GNUTLS_VERIFY_DISABLE_TIME_CHECKS, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL}, + { "v1root ok", v1_root_check, &v1_root_check[1], + GNUTLS_VERIFY_DISABLE_TIME_CHECKS, 0, NULL}, + + /* test whether a v1 intermediate certificate is rejected */ + { "v1invalid fail", v1_intermed_check, &v1_intermed_check[2], + GNUTLS_VERIFY_DISABLE_TIME_CHECKS, GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID, NULL}, + { "v1 leaf ok", &v1_intermed_check[1], &v1_intermed_check[2], + GNUTLS_VERIFY_DISABLE_TIME_CHECKS, 0, NULL}, + + { "v1ca expired", v1ca, &v1ca[2], + GNUTLS_VERIFY_ALLOW_BROKEN, + GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID , NULL}, + { "v1ca (sha1) ok - allow broken", v1ca, &v1ca[2], /* check GNUTLS_VERIFY_ALLOW_BROKEN */ + GNUTLS_VERIFY_ALLOW_BROKEN|GNUTLS_VERIFY_DISABLE_TIME_CHECKS, + 0, NULL}, + { "v1ca (sha1) ok - allow sha1", v1ca, &v1ca[2], /* check GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 */ + GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1|GNUTLS_VERIFY_DISABLE_TIME_CHECKS, + 0, NULL}, + { "v1ca2 expired", v1ca, &v1ca[2], + GNUTLS_VERIFY_ALLOW_BROKEN|GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, + GNUTLS_CERT_EXPIRED | GNUTLS_CERT_INVALID, NULL}, + { "v1ca2 ok", v1ca, &v1ca[2], + GNUTLS_VERIFY_ALLOW_BROKEN|GNUTLS_VERIFY_DISABLE_TIME_CHECKS | GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, + 0, NULL}, + { "cacertrsamd5 fail", cacertrsamd5, &cacertrsamd5[2], + 0, GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL}, + { "cacertrsamd5 ok", cacertrsamd5, &cacertrsamd5[2], + GNUTLS_VERIFY_ALLOW_BROKEN, 0, NULL}, + { "cacertrsamd5 short-cut not ok", cacertrsamd5, &cacertrsamd5[0], + GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, + GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL}, + { "cacertrsamd5 short-cut ok", cacertrsamd5, &cacertrsamd5[1], + GNUTLS_VERIFY_ALLOW_BROKEN, 0, NULL}, + { "ecc cert ok", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_HIGH), 0, NULL}, + { "ecc cert ok", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB128), 0, NULL}, + { "ecc cert not ok (due to profile)", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA), + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL}, + { "ecc cert not ok (due to profile)", ecc_cert, &ecc_cert[1], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB192), + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL}, + { "name constraints: empty CN, empty SAN, permitted dns range", nc_good0, &nc_good0[2], 0, 0, 0, 1427270515}, + { "name constraints: dns in permitted range", nc_good1, &nc_good1[4], 0, 0, NULL, 1412850586}, + { "name constraints: ipv6 in permitted range", nc_good2, &nc_good2[4], 0, 0, NULL, 1467193927}, + { "name constraints: 2 constraints (dns, dns), non-intuitive order", nc_bad0, &nc_bad0[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, NULL, 1468920734}, + { "name constraints: empty CN, empty excluded dns", nc_bad1, &nc_bad1[2], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, NULL, 1412850586}, + { "name constraints: multiple dns constraints, empty intersection", nc_bad2, &nc_bad2[4], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, NULL, 1412850586}, + { "name constraints: dns excluded range", nc_bad3, &nc_bad3[2], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, NULL, 1412850586}, + { "name constraints: basic dns intersection", nc_bad4, &nc_bad4[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, NULL, 1412850586}, + { "name constraints: IP in excluded range", nc_bad5, &nc_bad5[2], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, NULL, 1469540953}, + { "name constraints: 2 constraints (dns, email), non-intuitive order", nc_bad6, &nc_bad6[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, NULL, 1469540953}, + { "not-modified", modified2, &modified2[3], GNUTLS_VERIFY_ALLOW_BROKEN, 0, NULL, 1412850586}, + { "kp-interm", kp_fail1, &kp_fail1[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_PURPOSE_MISMATCH, GNUTLS_KP_TLS_WWW_SERVER, 1412850586}, + { "kp-fin", kp_fail2, &kp_fail2[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_PURPOSE_MISMATCH, GNUTLS_KP_TLS_WWW_SERVER, 1412850586}, + { "kp-ok", kp_ok, &kp_ok[3], 0, 0, GNUTLS_KP_OCSP_SIGNING, 1412850586}, + { "tls features - intermediate no ext", tls_feat_inter_no_ext, &tls_feat_inter_no_ext[3], 0, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE|GNUTLS_CERT_INVALID, 0, 1466612070}, + { "tls features - end no ext", tls_feat_no_ext, &tls_feat_no_ext[3], 0, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE|GNUTLS_CERT_INVALID, 0, 1466612070}, + { "tls features - intermediate is subset", tls_feat_inter_subset_fail, &tls_feat_inter_subset_fail[3], 0, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE|GNUTLS_CERT_INVALID, 0, 1466612070}, + { "tls features - intermediate has unrelated vals", tls_feat_inter_unrelated_fail, &tls_feat_inter_unrelated_fail[3], 0, GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE|GNUTLS_CERT_INVALID, 0, 1466612070}, + { "tls features - end is superset", tls_feat_superset, &tls_feat_superset[3], 0, 0, 0, 1466612070}, + { "tls features - ok", tls_feat_ok, &tls_feat_ok[3], 0, 0, 0, 1466612070}, + { "unknown crit extension on root - fail", unknown_critical_extension_on_root, &unknown_critical_extension_on_root[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS, GNUTLS_KP_TLS_WWW_SERVER, 1488365541}, + { "unknown crit extension on root - success", unknown_critical_extension_on_root, &unknown_critical_extension_on_root[3], GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS, 0, GNUTLS_KP_TLS_WWW_SERVER, 1488365541}, + { "unknown crit extension on intermediate - fail", unknown_critical_extension_on_intermediate, &unknown_critical_extension_on_intermediate[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS, GNUTLS_KP_TLS_WWW_SERVER, 1488365541}, + { "unknown crit extension on intermediate - success", unknown_critical_extension_on_intermediate, &unknown_critical_extension_on_intermediate[3], GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS, 0, GNUTLS_KP_TLS_WWW_SERVER, 1488365541}, + { "unknown crit extension on endcert - fail", unknown_critical_extension_on_endcert, &unknown_critical_extension_on_endcert[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS, GNUTLS_KP_TLS_WWW_SERVER, 1488365541}, + { "unknown crit extension on endcert - success", unknown_critical_extension_on_endcert, &unknown_critical_extension_on_endcert[3], GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS, 0, GNUTLS_KP_TLS_WWW_SERVER, 1488365541}, + { "rsa pss: invalid self sig - fail", rsa_pss_invalid_self_sig, &rsa_pss_invalid_self_sig[0], GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, 0, 1501138253}, + { "rsa pss: invalid chain with pkcs#1 1.5 sig - fail", rsa_pss_invalid_chain_with_pkcs1_sig, &rsa_pss_invalid_chain_with_pkcs1_sig[2], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, 0, 1501138253}, + { "rsa pss: invalid chain with wrong hash (sha384-sha256) - fail", rsa_pss_invalid_chain_with_wrong_hash, &rsa_pss_invalid_chain_with_wrong_hash[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, 0, 1501138253}, + { "rsa pss: smaller salt in sig than spki - fail", rsa_pss_chain_smaller_salt_in_sig_fail, &rsa_pss_chain_smaller_salt_in_sig_fail[3], 0, GNUTLS_CERT_INVALID | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE, 0, 1550005473}, + { "rsa pss: chain with sha1 hash - fail", rsa_pss_chain_with_sha1_fail, &rsa_pss_chain_with_sha1_fail[3], 0, GNUTLS_CERT_INVALID, 0, 1501159136}, + { "rsa pss: chain with different mgf hash - fail", rsa_pss_chain_with_diff_mgf_oid_fail, &rsa_pss_chain_with_diff_mgf_oid_fail[3], 0, GNUTLS_CERT_INVALID, 0, 1501159136}, + { "rsa pss: chain with sha256 - ok", rsa_pss_chain_sha256_ok, &rsa_pss_chain_sha256_ok[3], 0, 0, 0, 1501138253}, + { "rsa pss: chain with sha384 - ok", rsa_pss_chain_sha384_ok, &rsa_pss_chain_sha384_ok[3], 0, 0, 0, 1501138253}, + { "rsa pss: chain with sha512 - ok", rsa_pss_chain_sha512_ok, &rsa_pss_chain_sha512_ok[3], 0, 0, 0, 1501138253}, + { "rsa pss: chain with increasing salt size - ok", rsa_pss_chain_increasing_salt_size_ok, &rsa_pss_chain_increasing_salt_size_ok[3], 0, 0, 0, 1501159136}, + { "rsa pss: chain with alternating signatures - ok", rsa_pss_chain_pkcs11_pss_pkcs1_ok, &rsa_pss_chain_pkcs11_pss_pkcs1_ok[3], 0, 0, 0, 1501159136}, + { "rsa pss: chain with changing hashes - ok", rsa_pss_chain_sha512_sha384_sha256_ok, &rsa_pss_chain_sha512_sha384_sha256_ok[3], 0, 0, 0, 1501159136}, + { "no subject id: chain with missing subject id, but valid auth id - ok", chain_with_no_subject_id_in_ca_ok, &chain_with_no_subject_id_in_ca_ok[4], 0, 0, 0, 1537518468}, +#ifdef ENABLE_GOST + { "gost 34.10-01 - ok", gost01, &gost01[2], GNUTLS_VERIFY_ALLOW_BROKEN, 0, 0, 1466612070, 1}, + { "gost 34.10-01 - not ok (due to gostr94)", gost01, &gost01[2], 0, + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1466612070, 1}, + { "gost 34.10-01 - not ok (due to profile)", gost01, &gost01[2], GNUTLS_VERIFY_ALLOW_BROKEN|GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA), + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1466612070, 1}, + { "gost 34.10-12-256 - ok", gost12_256, &gost12_256[0], 0, 0, 0, 1466612070, 1}, + { "gost 34.10-12-512 - ok", gost12_512, &gost12_512[0], 0, 0, 0, 1466612070, 1}, +#endif + { "rsa-512 - not ok (due to profile)", rsa_512, &rsa_512[0], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM), + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1576759855, 1}, + { "ed448 - ok", ed448, &ed448[0], GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA), + 0, NULL, 1584352960, 1}, + { "superseding - ok", superseding, superseding_ca, 0, 0, 0, 1590928011 }, + { "rsa-sha1 in trusted - ok", + rsa_sha1_in_trusted, rsa_sha1_in_trusted_ca, + GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM), + 0, NULL, 1620052390, 1}, + { "rsa-sha1 not in trusted - not ok", + rsa_sha1_not_in_trusted, rsa_sha1_not_in_trusted_ca, + GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM), + GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID, NULL, 1620118136, 1}, + { NULL, NULL, NULL, 0, 0} +}; + +#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) +# pragma GCC diagnostic pop +#endif + +/* *INDENT-ON* */ + +#endif /* GNUTLS_TESTS_TEST_CHAINS_H */ diff --git a/tests/testpkcs11-certs/ca-tmpl b/tests/testpkcs11-certs/ca-tmpl new file mode 100644 index 0000000..5bf462d --- /dev/null +++ b/tests/testpkcs11-certs/ca-tmpl @@ -0,0 +1,67 @@ +# X.509 Certificate options +# +# DN options + +dn = "cn=CA,C=CZ" + +# The serial number of the certificate +serial = 1 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +#dns_name = "localhost" +#dns_name = "www.morethanone.org" + +# An IP address in case of a server. +#ip_address = "192.168.1.1" + +#dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl/" + +#email = "where@none.org" + +# Whether this is a CA certificate or not +ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/testpkcs11-certs/ca.crt b/tests/testpkcs11-certs/ca.crt new file mode 100644 index 0000000..e39ee41 --- /dev/null +++ b/tests/testpkcs11-certs/ca.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAbugAwIBAgIBATANBgkqhkiG9w0BAQsFADAaMQswCQYDVQQDEwJDQTEL +MAkGA1UEBhMCQ1owIhgPMjAxMzExMTAwODI0NTRaGA8yMDIwMTIxMzA4MjQ1NFow +GjELMAkGA1UEAxMCQ0ExCzAJBgNVBAYTAkNaMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQCoomr+kiRtx+/doF2FRSOxqBuuLbcpK5KwxtYk82L8MQzzJijfjS88 +4kCijlR6dqD0oDS70ngNogg2uIgn1SfLTTgXw/v6w/nMnMIYZ+ePrF5WD1qGeOAu +R+qts4Y4rfb9Yb8sXIPdui7HelqimJaVeMxAYJsqRBSixDSpYbkEhwIDAQABo4Gj +MIGgMA8GA1UdEwEB/wQFMAMBAf8wGAYDVR0RBBEwD4ENbm9uZUBub25lLm9yZzAT +BgNVHSUEDDAKBggrBgEFBQcDCTAPBgNVHQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBQS +DtpREkBWrvQcbcyhsD0oYX4zATAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vd3d3 +LmdldGNybC5jcmwvZ2V0Y3JsLzANBgkqhkiG9w0BAQsFAAOBgQBzRzkYVGhl0ltc +iVvXModMh9cb1TcUrc2nhfEh63u5ZF1/8MJPaMMLw3FZmGc5B8lNYOoWiSqK/Ark +iO9chPwqRKWY8n52USgGDcUNRxbwCa2vOQg9cdSWIcdt18W5mtJ3hz+CDaT8ZH8t +sVW/i5eG6O7o3rZGSwbcC1pgIWZqCw== +-----END CERTIFICATE----- diff --git a/tests/testpkcs11-certs/ca.key b/tests/testpkcs11-certs/ca.key new file mode 100644 index 0000000..62f5bfa --- /dev/null +++ b/tests/testpkcs11-certs/ca.key @@ -0,0 +1,94 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Weak (1024 bits) + +modulus: + 00:a8:a2:6a:fe:92:24:6d:c7:ef:dd:a0:5d:85:45: + 23:b1:a8:1b:ae:2d:b7:29:2b:92:b0:c6:d6:24:f3: + 62:fc:31:0c:f3:26:28:df:8d:2f:3c:e2:40:a2:8e: + 54:7a:76:a0:f4:a0:34:bb:d2:78:0d:a2:08:36:b8: + 88:27:d5:27:cb:4d:38:17:c3:fb:fa:c3:f9:cc:9c: + c2:18:67:e7:8f:ac:5e:56:0f:5a:86:78:e0:2e:47: + ea:ad:b3:86:38:ad:f6:fd:61:bf:2c:5c:83:dd:ba: + 2e:c7:7a:5a:a2:98:96:95:78:cc:40:60:9b:2a:44: + 14:a2:c4:34:a9:61:b9:04:87: + +public exponent: + 01:00:01: + +private exponent: + 08:f8:4a:b4:ab:d5:60:39:88:5a:c3:92:f5:e9:cd: + 92:3f:9c:e9:50:e9:33:39:6c:1e:17:15:80:f5:a9: + 48:3c:db:b1:7b:50:25:43:ff:45:3f:cb:ac:59:e1: + c8:79:d2:e9:f0:33:9d:e1:fe:1c:cb:87:a0:51:84: + 7c:89:ec:09:e0:3d:c9:df:ca:43:d9:c1:79:3c:47: + f7:8e:71:bf:a5:6e:11:87:0d:d9:2e:5a:5d:a0:d3: + ba:5b:9c:23:db:33:54:5f:a2:2f:db:28:05:9d:07: + a4:d4:76:0e:ef:d1:f9:c3:f9:21:01:ad:06:4c:9d: + 59:14:09:37:91:df:86:01: + +prime1: + 00:d6:e8:07:49:7f:a6:6a:d7:f3:76:84:4b:a9:cb: + 91:66:8a:c8:07:54:29:25:1d:e4:70:dd:2c:fd:ff: + dc:c6:0c:24:75:4f:a0:ca:82:e2:b6:3b:8b:f0:7b: + 37:c3:97:be:6c:b3:5f:91:a6:c0:56:48:aa:aa:3a: + d9:12:24:b7:81: + +prime2: + 00:c8:e1:50:40:9b:7e:34:9c:44:88:1e:16:4b:bf: + 04:0f:a6:b0:2b:9d:2f:a2:84:29:96:54:35:69:68: + 6f:a2:a7:2b:8a:de:e9:9e:0e:6f:b3:cf:d8:af:68: + 33:52:a6:e4:b5:d1:21:d0:6b:d2:d2:a6:af:97:62: + 44:fe:b8:00:07: + +coefficient: + 75:16:b8:48:0b:61:9a:a9:78:b1:72:93:94:51:54: + c1:07:69:b8:b1:dc:61:4a:f5:ef:b7:9c:f5:07:74: + 0d:8e:1a:a2:51:ea:00:91:ef:05:75:42:53:4d:6a: + e3:f5:de:07:a5:55:5f:8b:37:58:55:2b:43:ef:b2: + d0:38:a8:89: + +exp1: + 00:c9:b9:60:e5:b7:e1:b1:56:e5:dc:70:d0:49:20: + a1:6a:3c:89:08:80:12:63:19:cd:0d:b8:3e:fc:69: + 48:85:ca:6e:0a:83:e5:2d:52:70:96:98:0c:82:7e: + 56:d8:cd:3e:5c:f0:7e:9b:cc:87:ac:36:67:a4:84: + ba:af:92:31:81: + +exp2: + 65:0a:d8:78:36:fe:8b:6e:13:16:b8:b3:94:54:37: + b1:bb:b1:9f:ae:88:18:62:0c:1d:1e:ac:63:21:f2: + 0d:49:b3:20:3e:32:1a:9b:be:5a:1e:f1:2a:81:ea: + 56:e7:b5:e1:32:99:a4:a1:a7:c0:e7:b1:29:1f:77: + fe:fc:04:9f: + + +Public Key ID: 12:0E:DA:51:12:40:56:AE:F4:1C:6D:CC:A1:B0:3D:28:61:7E:33:01 +Public key's random art: ++--[ RSA 1024]----+ +|.E*++.o | +|oo *.B . | +|..++O * | +| o.*oB . | +| o + o S | +| . | +| | +| | +| | ++-----------------+ + +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCoomr+kiRtx+/doF2FRSOxqBuuLbcpK5KwxtYk82L8MQzzJijf +jS884kCijlR6dqD0oDS70ngNogg2uIgn1SfLTTgXw/v6w/nMnMIYZ+ePrF5WD1qG +eOAuR+qts4Y4rfb9Yb8sXIPdui7HelqimJaVeMxAYJsqRBSixDSpYbkEhwIDAQAB +AoGACPhKtKvVYDmIWsOS9enNkj+c6VDpMzlsHhcVgPWpSDzbsXtQJUP/RT/LrFnh +yHnS6fAzneH+HMuHoFGEfInsCeA9yd/KQ9nBeTxH945xv6VuEYcN2S5aXaDTuluc +I9szVF+iL9soBZ0HpNR2Du/R+cP5IQGtBkydWRQJN5HfhgECQQDW6AdJf6Zq1/N2 +hEupy5FmisgHVCklHeRw3Sz9/9zGDCR1T6DKguK2O4vwezfDl75ss1+RpsBWSKqq +OtkSJLeBAkEAyOFQQJt+NJxEiB4WS78ED6awK50vooQpllQ1aWhvoqcrit7png5v +s8/Yr2gzUqbktdEh0GvS0qavl2JE/rgABwJBAMm5YOW34bFW5dxw0EkgoWo8iQiA +EmMZzQ24PvxpSIXKbgqD5S1ScJaYDIJ+VtjNPlzwfpvMh6w2Z6SEuq+SMYECQGUK +2Hg2/otuExa4s5RUN7G7sZ+uiBhiDB0erGMh8g1JsyA+Mhqbvloe8SqB6lbnteEy +maShp8DnsSkfd/78BJ8CQHUWuEgLYZqpeLFyk5RRVMEHabix3GFK9e+3nPUHdA2O +GqJR6gCR7wV1QlNNauP13gelVV+LN1hVK0PvstA4qIk= +-----END RSA PRIVATE KEY----- diff --git a/tests/testpkcs11-certs/client-tmpl b/tests/testpkcs11-certs/client-tmpl new file mode 100644 index 0000000..a22eef8 --- /dev/null +++ b/tests/testpkcs11-certs/client-tmpl @@ -0,0 +1,67 @@ +# X.509 Certificate options +# +# DN options + +dn = "cn=Client,C=CZ" + +# The serial number of the certificate +serial = 3 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +#dns_name = "localhost" +#dns_name = "www.morethanone.org" + +# An IP address in case of a server. +#ip_address = "192.168.1.1" + +#dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +#crl_dist_points = "http://www.getcrl.crl/getcrl/" + +#email = "where@none.org" + +# Whether this is a CA certificate or not +#ca + +# Whether this certificate will be used for a TLS client +tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +#cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +#ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/testpkcs11-certs/client.crt b/tests/testpkcs11-certs/client.crt new file mode 100644 index 0000000..6f75590 --- /dev/null +++ b/tests/testpkcs11-certs/client.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICdDCCAd2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAaMQswCQYDVQQDEwJDQTEL +MAkGA1UEBhMCQ1owIhgPMjAxMzExMTAwODI1MjdaGA8yMDIwMTIxMzA4MjUyN1ow +HjEPMA0GA1UEAxMGQ2xpZW50MQswCQYDVQQGEwJDWjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAvQRIzvKyhr3tqmB4Pe+91DWSFayaNtcrDIT597bhxugVYW8o +jB206kx5aknAMA3PQGYcGqkLrt+nsJcmOIXDZsC6P4zeOSsF1PPhDAoX3bkUr2lF +MEt374eKdg1yvyhRxt4DOR6aD4gkC7fVtaYdgV6yXpJGMHV05LBIgQ7QtykCAwEA +AaOBwTCBvjAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMBgGA1Ud +EQQRMA+BDW5vbmVAbm9uZS5vcmcwDwYDVR0PAQH/BAUDAweAADAdBgNVHQ4EFgQU +Dbinh11GaaJcTyOpmxPYuttsiGowHwYDVR0jBBgwFoAUEg7aURJAVq70HG3MobA9 +KGF+MwEwLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dl +dGNybC8wDQYJKoZIhvcNAQELBQADgYEAN/Henso+5zzuFQWTpJXlUsWtRQAFhRY3 +WVt3xtnyPs4pF/LKBp3Ov0GLGBkz5YlyJGFNESSyUviMsH7g7rJM8i7Bph6BQTE9 +XdqbZPc0opfms4EHjmlXj5HQ0f0yoxHnLk43CR+vmbn0JPuurnEKAwjznAJR8GxI +R2MRyMxdGqs= +-----END CERTIFICATE----- diff --git a/tests/testpkcs11-certs/client.key b/tests/testpkcs11-certs/client.key new file mode 100644 index 0000000..9277bdf --- /dev/null +++ b/tests/testpkcs11-certs/client.key @@ -0,0 +1,94 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Weak (1024 bits) + +modulus: + 00:bd:04:48:ce:f2:b2:86:bd:ed:aa:60:78:3d:ef: + bd:d4:35:92:15:ac:9a:36:d7:2b:0c:84:f9:f7:b6: + e1:c6:e8:15:61:6f:28:8c:1d:b4:ea:4c:79:6a:49: + c0:30:0d:cf:40:66:1c:1a:a9:0b:ae:df:a7:b0:97: + 26:38:85:c3:66:c0:ba:3f:8c:de:39:2b:05:d4:f3: + e1:0c:0a:17:dd:b9:14:af:69:45:30:4b:77:ef:87: + 8a:76:0d:72:bf:28:51:c6:de:03:39:1e:9a:0f:88: + 24:0b:b7:d5:b5:a6:1d:81:5e:b2:5e:92:46:30:75: + 74:e4:b0:48:81:0e:d0:b7:29: + +public exponent: + 01:00:01: + +private exponent: + 00:a5:eb:b1:e2:00:07:98:e1:f6:53:de:35:0e:e1: + 79:78:63:c2:25:c6:8a:e4:e3:02:46:0e:20:c3:43: + 45:73:ee:5c:7e:58:2e:76:b8:c9:0b:f7:2f:89:8e: + cd:e7:20:e8:32:36:b0:2a:f3:03:6f:71:a2:e9:0f: + f5:9c:1e:47:84:54:2b:67:12:e3:f4:20:80:7f:54: + 81:63:f4:41:4a:6f:8f:89:e8:83:24:64:87:b5:2b: + 5b:25:55:c5:b6:e8:1d:c9:a0:a9:68:0d:2d:1f:06: + ac:46:6a:96:93:96:16:24:fe:7f:e4:00:c7:bf:37: + fe:48:6f:3f:94:0b:36:9e:81: + +prime1: + 00:dd:8b:ef:a9:f3:e9:7a:97:6f:50:2f:d4:93:ff: + 0b:6d:52:b4:2c:64:d2:bb:6c:a7:ca:5d:5f:31:ba: + 2c:f6:59:09:34:57:5f:3c:cd:f5:2b:a0:c7:7a:ac: + e2:20:64:a8:58:24:a3:02:c3:7f:7b:c5:7b:31:4e: + de:81:6b:48:f9: + +prime2: + 00:da:69:4a:53:be:3d:36:07:58:a7:8e:58:4e:cd: + 90:cd:72:54:7c:40:89:ab:fd:3a:8b:6d:d0:9c:b0: + 00:7f:11:6a:b7:f2:4e:e0:81:8b:23:09:3f:c4:6f: + f7:6d:06:b1:c8:83:63:87:72:c7:43:01:24:5d:2d: + 88:7f:b9:1b:b1: + +coefficient: + 30:19:e0:d7:bd:0f:0d:96:b0:65:64:00:82:2a:9d: + 6c:52:a6:89:a6:db:89:e3:7f:10:c3:3b:5b:97:73: + ea:13:af:fc:4c:3e:72:5e:da:cb:b7:d4:b6:2c:d0: + 05:c3:58:bb:2d:59:2c:50:1f:08:6d:03:53:ba:ec: + 15:ec:b6:08: + +exp1: + 00:d0:6d:4e:54:3d:bc:72:30:f5:f0:22:8f:83:8c: + 76:5b:ab:6b:06:38:f4:68:8f:98:6b:b1:dc:55:14: + 2a:28:b9:2b:07:ab:0b:56:51:0d:4e:b6:3b:f5:15: + a0:c7:88:eb:37:c1:7f:fa:a1:a1:d5:f7:bc:26:6f: + 64:b5:ad:11:41: + +exp2: + 2a:a6:b1:0b:15:75:62:9d:a0:a4:67:d9:ba:d9:cd: + d3:30:e6:6a:b5:37:ad:4c:70:28:56:33:8c:c5:99: + f3:36:75:7e:a2:64:e0:d6:ab:53:16:35:4b:a9:09: + ca:52:aa:59:1b:bf:4d:ee:0e:17:79:9b:9e:4e:8b: + ff:55:28:a1: + + +Public Key ID: 0D:B8:A7:87:5D:46:69:A2:5C:4F:23:A9:9B:13:D8:BA:DB:6C:88:6A +Public key's random art: ++--[ RSA 1024]----+ +| | +| . . . | +| . * * | +| + = X . | +| . B S = | +| . O o | +| ...* o | +| E. .+.o | +|o. ooo | ++-----------------+ + +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQC9BEjO8rKGve2qYHg9773UNZIVrJo21ysMhPn3tuHG6BVhbyiM +HbTqTHlqScAwDc9AZhwaqQuu36ewlyY4hcNmwLo/jN45KwXU8+EMChfduRSvaUUw +S3fvh4p2DXK/KFHG3gM5HpoPiCQLt9W1ph2BXrJekkYwdXTksEiBDtC3KQIDAQAB +AoGBAKXrseIAB5jh9lPeNQ7heXhjwiXGiuTjAkYOIMNDRXPuXH5YLna4yQv3L4mO +zecg6DI2sCrzA29xoukP9ZweR4RUK2cS4/QggH9UgWP0QUpvj4nogyRkh7UrWyVV +xbboHcmgqWgNLR8GrEZqlpOWFiT+f+QAx783/khvP5QLNp6BAkEA3YvvqfPpepdv +UC/Uk/8LbVK0LGTSu2ynyl1fMbos9lkJNFdfPM31K6DHeqziIGSoWCSjAsN/e8V7 +MU7egWtI+QJBANppSlO+PTYHWKeOWE7NkM1yVHxAiav9Oott0JywAH8RarfyTuCB +iyMJP8Rv920GsciDY4dyx0MBJF0tiH+5G7ECQQDQbU5UPbxyMPXwIo+DjHZbq2sG +OPRoj5hrsdxVFCoouSsHqwtWUQ1Otjv1FaDHiOs3wX/6oaHV97wmb2S1rRFBAkAq +prELFXVinaCkZ9m62c3TMOZqtTetTHAoVjOMxZnzNnV+omTg1qtTFjVLqQnKUqpZ +G79N7g4XeZueTov/VSihAkAwGeDXvQ8NlrBlZACCKp1sUqaJptuJ438Qwztbl3Pq +E6/8TD5yXtrLt9S2LNAFw1i7LVksUB8IbQNTuuwV7LYI +-----END RSA PRIVATE KEY----- diff --git a/tests/testpkcs11-certs/server-tmpl b/tests/testpkcs11-certs/server-tmpl new file mode 100644 index 0000000..23103b4 --- /dev/null +++ b/tests/testpkcs11-certs/server-tmpl @@ -0,0 +1,67 @@ +# X.509 Certificate options +# +# DN options + +dn = "cn=Server,C=CZ" + +# The serial number of the certificate +serial = 2 + +# In how many days, counting from today, this certificate will expire. +expiration_days = 2590 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "localhost" +#dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "127.0.0.1" + +#dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +#crl_dist_points = "http://www.getcrl.crl/getcrl/" + +#email = "where@none.org" + +# Whether this is a CA certificate or not +#ca + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +encryption_key + +# Whether this key will be used to sign other certificates. +#cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +#ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key diff --git a/tests/testpkcs11-certs/server.crt b/tests/testpkcs11-certs/server.crt new file mode 100644 index 0000000..694a010 --- /dev/null +++ b/tests/testpkcs11-certs/server.crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICdjCCAd+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAaMQswCQYDVQQDEwJDQTEL +MAkGA1UEBhMCQ1owIhgPMjAxMzExMTAwODI1MDJaGA8yMDIwMTIxMzA4MjUwMlow +HjEPMA0GA1UEAxMGU2VydmVyMQswCQYDVQQGEwJDWjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEApf9FBAZadRuU0AGrH4xgNh5V5tFDErTba2bF8b7USLRUzETm ++qBW87I6QXWDFsZlvyyzrpINmpbG3UNr3cVLgT7DLC2ct5nZFT4j25BYswcr0V5C +00BAz6NUcuTzY0e0iN+H80H/mUr3Xu5r9wJca1LGTspBF1NOTNoAunlSm3cCAwEA +AaOBwzCBwDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAA +ATATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQW +BBSsHXo5y3IXlGZsdERzQJFEwKBDfTAfBgNVHSMEGDAWgBQSDtpREkBWrvQcbcyh +sD0oYX4zATAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vd3d3LmdldGNybC5jcmwv +Z2V0Y3JsLzANBgkqhkiG9w0BAQsFAAOBgQBG1omwPssQQPTLd4WeCQyuM/Yj1kOO +VwFOATVs2+XELAGg6GVrSS302+JKdW51j+11NpIMgJfgaeRdZkgBNR4uOi1okOQh +Asm8TC3ex3v1rxZdunp0wBQ/H/ox4zMM5Ds8ITtQNeUwXqUj3tPorTWFEsNegTnY +WmV1jslH8fZ4Fg== +-----END CERTIFICATE----- diff --git a/tests/testpkcs11-certs/server.key b/tests/testpkcs11-certs/server.key new file mode 100644 index 0000000..56e4873 --- /dev/null +++ b/tests/testpkcs11-certs/server.key @@ -0,0 +1,94 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Weak (1024 bits) + +modulus: + 00:a5:ff:45:04:06:5a:75:1b:94:d0:01:ab:1f:8c: + 60:36:1e:55:e6:d1:43:12:b4:db:6b:66:c5:f1:be: + d4:48:b4:54:cc:44:e6:fa:a0:56:f3:b2:3a:41:75: + 83:16:c6:65:bf:2c:b3:ae:92:0d:9a:96:c6:dd:43: + 6b:dd:c5:4b:81:3e:c3:2c:2d:9c:b7:99:d9:15:3e: + 23:db:90:58:b3:07:2b:d1:5e:42:d3:40:40:cf:a3: + 54:72:e4:f3:63:47:b4:88:df:87:f3:41:ff:99:4a: + f7:5e:ee:6b:f7:02:5c:6b:52:c6:4e:ca:41:17:53: + 4e:4c:da:00:ba:79:52:9b:77: + +public exponent: + 01:00:01: + +private exponent: + 55:76:38:45:1b:34:45:28:9f:13:fc:57:ea:d5:2d: + cf:8f:0c:b0:da:3a:0b:0e:7c:0d:2e:8b:68:ab:d3: + c5:5e:ba:6d:b4:67:aa:cf:14:15:41:44:46:e1:46: + 4d:5a:75:95:d8:60:e5:d6:a2:14:5d:de:22:9a:8c: + 95:4f:f7:4f:cd:eb:65:a0:29:35:b1:16:b7:c2:74: + f1:a4:45:43:6c:77:59:37:b3:cb:43:60:80:29:5e: + b6:99:60:9a:12:4d:2b:54:2e:c3:3a:76:96:7d:72: + b1:72:24:f1:2a:2d:ff:99:92:1e:bb:55:f1:58:6e: + 64:08:36:26:4b:b2:c6:99: + +prime1: + 00:c7:65:44:0f:4e:6b:51:cd:d4:0b:84:9c:a9:30: + 1b:7b:6d:9a:ca:f7:27:8d:8f:b5:05:81:b8:0d:d2: + a2:b3:e3:ab:bb:04:a1:8d:ec:dc:65:38:99:e9:e1: + 4f:70:47:79:8d:e6:3a:f0:9f:7b:3b:aa:bd:80:1d: + 4d:0d:2a:00:7d: + +prime2: + 00:d5:1e:d4:82:40:de:a6:ce:1a:59:93:b8:51:c6: + 55:15:7f:83:d0:11:ac:a1:44:0a:95:f0:e5:96:03: + 53:5e:2c:27:eb:63:5f:b7:1c:06:64:fb:35:c9:a3: + a1:1a:fb:f2:3c:31:a1:51:58:40:5e:24:28:dd:ba: + dc:c4:14:22:03: + +coefficient: + 00:9c:b5:66:d6:6d:93:93:da:0f:15:96:48:07:c6: + 4a:eb:ae:da:2a:fc:d8:b3:03:cb:5e:5e:10:9e:7f: + e8:49:96:db:70:6b:ef:d7:5a:4a:a4:f5:2a:da:89: + 39:b4:51:09:64:4c:75:92:57:ee:4f:9e:4d:55:f9: + d0:34:0e:6f:43: + +exp1: + 2a:3c:5f:10:46:f2:20:9f:d2:bc:a5:d8:71:56:09: + 5c:39:b9:42:28:dc:2d:f6:34:c7:f7:d4:3e:c9:51: + 41:7d:86:50:d5:08:4b:81:d2:a5:76:39:d3:fa:af: + d2:fe:b0:d6:c7:df:d0:3c:57:e4:29:a4:7e:50:b6: + 93:85:44:19: + +exp2: + 1a:1b:38:b4:eb:f5:5a:41:8d:00:c4:13:a4:10:c3: + 83:6a:a7:5e:e9:8b:58:05:d9:b6:1c:58:43:54:0c: + f6:50:3a:63:9f:3c:ae:55:84:83:02:32:c8:8c:7e: + c3:ab:71:34:e6:6f:78:63:73:1f:15:16:dc:72:73: + 70:a1:76:b9: + + +Public Key ID: AC:1D:7A:39:CB:72:17:94:66:6C:74:44:73:40:91:44:C0:A0:43:7D +Public key's random art: ++--[ RSA 1024]----+ +| ...o.BX+. | +| . .. E oo | +| o + o | +| o B | +| S= | +| + o. | +| o = . | +| .o.o. | +| oo. | ++-----------------+ + +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCl/0UEBlp1G5TQAasfjGA2HlXm0UMStNtrZsXxvtRItFTMROb6 +oFbzsjpBdYMWxmW/LLOukg2alsbdQ2vdxUuBPsMsLZy3mdkVPiPbkFizByvRXkLT +QEDPo1Ry5PNjR7SI34fzQf+ZSvde7mv3AlxrUsZOykEXU05M2gC6eVKbdwIDAQAB +AoGAVXY4RRs0RSifE/xX6tUtz48MsNo6Cw58DS6LaKvTxV66bbRnqs8UFUFERuFG +TVp1ldhg5daiFF3eIpqMlU/3T83rZaApNbEWt8J08aRFQ2x3WTezy0NggCletplg +mhJNK1Quwzp2ln1ysXIk8Sot/5mSHrtV8VhuZAg2JkuyxpkCQQDHZUQPTmtRzdQL +hJypMBt7bZrK9yeNj7UFgbgN0qKz46u7BKGN7NxlOJnp4U9wR3mN5jrwn3s7qr2A +HU0NKgB9AkEA1R7UgkDeps4aWZO4UcZVFX+D0BGsoUQKlfDllgNTXiwn62NftxwG +ZPs1yaOhGvvyPDGhUVhAXiQo3brcxBQiAwJAKjxfEEbyIJ/SvKXYcVYJXDm5Qijc +LfY0x/fUPslRQX2GUNUIS4HSpXY50/qv0v6w1sff0DxX5CmkflC2k4VEGQJAGhs4 +tOv1WkGNAMQTpBDDg2qnXumLWAXZthxYQ1QM9lA6Y588rlWEgwIyyIx+w6txNOZv +eGNzHxUW3HJzcKF2uQJBAJy1ZtZtk5PaDxWWSAfGSuuu2ir82LMDy15eEJ5/6EmW +23Br79daSqT1KtqJObRRCWRMdZJX7k+eTVX50DQOb0M= +-----END RSA PRIVATE KEY----- diff --git a/tests/testpkcs11.pkcs15 b/tests/testpkcs11.pkcs15 new file mode 100644 index 0000000..565282a --- /dev/null +++ b/tests/testpkcs11.pkcs15 @@ -0,0 +1,45 @@ +#!/bin/sh + +# Copyright (C) 2013 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + +init_card () { + PIN="$1" + PUK="$2" + + echo -n "* Erasing smart card... " + pkcs15-init -E >"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + cat "${TMPFILE}" + exit_error + fi + + echo -n "* Initializing smart card... " + pkcs15-init --create-pkcs15 --profile pkcs15+onepin --use-default-transport-key --so-pin "${PIN}" --pin "${PIN}" --puk "${PUK}" --label "GnuTLS-Test" >"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + cat "${TMPFILE}" + exit_error + fi +} diff --git a/tests/testpkcs11.sc-hsm b/tests/testpkcs11.sc-hsm new file mode 100644 index 0000000..f3eab68 --- /dev/null +++ b/tests/testpkcs11.sc-hsm @@ -0,0 +1,50 @@ +#!/bin/sh + +# Copyright (C) 2013 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + +init_card () { + PIN="$1" + PUK=3537363231383830 + export GNUTLS_SO_PIN="${PUK}" + + echo -n "* Erasing smart card... " + sc-hsm-tool --initialize --so-pin "${PUK}" --pin "${PIN}" --label=GnuTLS-Test >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Initializing smart card... " + TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` + if test -z "${TOKEN}"; then + echo "Could not find initialized card" + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --initialize "${TOKEN}" --set-so-pin "${PUK}" --set-pin "${PIN}" --label "GnuTLS-Test" >>"${TMPFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi +} diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh new file mode 100755 index 0000000..c268913 --- /dev/null +++ b/tests/testpkcs11.sh @@ -0,0 +1,1234 @@ +#!/bin/sh + +# Copyright (C) 2013 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${P11TOOL=../src/p11tool${EXEEXT}} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${DIFF=diff -b -B} +: ${SERV=../src/gnutls-serv${EXEEXT}} +: ${CLI=../src/gnutls-cli${EXEEXT}} +RETCODE=0 + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +if ! test -x "${P11TOOL}"; then + exit 77 +fi + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -x "${SERV}"; then + exit 77 +fi + +if ! test -x "${CLI}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute valgrind --leak-check=full" +fi + +TMPFILE="testpkcs11.$$.tmp" +LOGFILE="testpkcs11.debug.log" +CERTTOOL_PARAM="--stdout-info" + +if test "${WINDIR}" != ""; then + exit 77 +fi + +ASAN_OPTIONS="detect_leaks=0" +export ASAN_OPTIONS + +have_ed25519=0 + +P11TOOL="${VALGRIND} ${P11TOOL} --batch" +SERV="${SERV} -q" + +TESTDATE=2020-12-01 + +. ${srcdir}/scripts/common.sh + +rm -f "${LOGFILE}" + +exit_error () { + echo "check ${LOGFILE} for additional debugging information" + echo "" + echo "" + tail "${LOGFILE}" + exit 1 +} + +skip_if_no_datefudge + +# $1: token +# $2: PIN +# $3: filename +# ${srcdir}/testpkcs11-certs/client.key +write_privkey () { + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing a client private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" "${token}" >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Checking whether object was marked private... " + ${P11TOOL} ${ADDITIONAL_PARAM} --list-privkeys "${token};object=gnutls-client2" 2>/dev/null | grep 'Label\:' >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo "private object was public" + exit_error + fi + echo ok + + echo -n "* Checking whether object was marked sensitive... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client2" | grep "CKA_SENSITIVE" >/dev/null 2>&1 + if test $? != 0; then + echo "private object was not sensitive" + exit_error + fi + echo ok + + echo -n "* Checking whether object was not marked always authenticate... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client2" | grep "CKA_ALWAYS_AUTH" >/dev/null 2>&1 + if test $? != 1; then + echo "private object was always authenticate" + exit_error + fi + echo ok +} + +# $1: token +# $2: PIN +# $3: filename +# ${srcdir}/testpkcs11-certs/client.key +write_privkey_always_auth () { + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing a client private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label gnutls-client2 --load-privkey "${filename}" --mark-always-authenticate "${token}" >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Checking whether object was marked always authenticate... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client2" | grep "CKA_ALWAYS_AUTH" >/dev/null 2>&1 + if test $? != 0; then + echo "private object was not always authenticate" + exit_error + fi + echo ok +} + +# $1: token +# $2: PIN +# $3: filename +write_serv_privkey () { + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing the server private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-key --load-privkey "${filename}" "${token}" >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + +} + +# $1: token +# $2: PIN +# $3: filename +write_serv_pubkey () { + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing the server public key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label serv-pubkey --load-pubkey "${filename}" "${token}" >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + #verify it being written + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all "${token};object=serv-pubkey;type=public" >>"${LOGFILE}" 2>&1 + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all "${token};object=serv-pubkey;type=public"|grep "Public key" >/dev/null 2>&1 + if test $? != 0;then + echo "Cannot verify the existence of the written pubkey" + exit_error + fi +} + +# $1: token +# $2: PIN +# $3: filename +write_serv_cert () { + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Writing the server certificate... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --no-mark-private --label serv-cert --load-certificate "${filename}" "${token}" >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + +} + +# $1: token +# $2: PIN +test_delete_cert () { + export GNUTLS_PIN="$2" + filename="$3" + token="$1" + + echo -n "* Deleting the server certificate... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=serv-cert;object-type=cert" >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi +} + +# $1: token +# $2: PIN +# $3: bits +generate_rsa_privkey () { + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating RSA private key ("${bits}")... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --id 000102030405 --label gnutls-client --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit 1 + fi + + echo -n "* Checking whether generated private key was marked private... " + ${P11TOOL} ${ADDITIONAL_PARAM} --list-privkeys "${token};object=gnutls-client" 2>/dev/null | grep 'Label\:' >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo "private object was public" + exit_error + fi + echo ok + + echo -n "* Checking whether private key was marked sensitive... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client" | grep "CKA_SENSITIVE" >/dev/null 2>&1 + if test $? != 0; then + echo "private object was not sensitive" + exit_error + fi + echo ok +} + +# $1: token +# $2: PIN +# $3: bits +generate_temp_rsa_privkey () { + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating RSA private key ("${bits}")... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-rsa-"${bits}" --generate-rsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit 1 + fi + +# if test ${RETCODE} = 0; then +# echo -n "* Testing private key flags... " +# ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-keys "${token};object=gnutls-client2;object-type=private" >tmp-client-2.pub 2>>"${LOGFILE}" +# if test $? != 0; then +# echo failed +# exit_error +# fi +# +# grep CKA_WRAP tmp-client-2.pub >>"${LOGFILE}" 2>&1 +# if test $? != 0; then +# echo "failed (no CKA_WRAP)" +# exit_error +# else +# echo ok +# fi +# fi +} + +generate_temp_dsa_privkey () { + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating DSA private key ("${bits}")... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --label temp-dsa-"${bits}" --generate-dsa --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit 1 + fi +} + +generate_temp_ed25519_privkey () { + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating ed25519 private key ("${bits}")... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login -d 3 --label temp-ed25519 --generate-privkey ed25519 "${token}" --outfile tmp-client.pub >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit 1 + fi +} + +# $1: token +# $2: PIN +delete_temp_privkey () { + export GNUTLS_PIN="$2" + token="$1" + type="$3" + + test "${RETCODE}" = "0" || return + + echo -n "* Deleting private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --delete "${token};object=temp-${type};object-type=private" >>"${LOGFILE}" 2>&1 + + if test $? != 0; then + echo failed + RETCODE=1 + return + fi + + RETCODE=0 + echo ok +} + +# $1: token +# $2: PIN +export_pubkey_of_privkey () { + export GNUTLS_PIN="$2" + token="$1" + + echo -n "* Exporting public key of generated private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-pubkey "${token};object=gnutls-client;object-type=private" --outfile tmp-client-2.pub >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit 1 + fi + + ${DIFF} tmp-client.pub tmp-client-2.pub + if test $? != 0; then + echo keys differ + exit 1 + fi + + echo ok +} + +# $1: token +# $2: SO PIN +list_pubkey_as_so () { + export GNUTLS_SO_PIN="$2" + token="$1" + + echo -n "* Exporting public key as SO... " + ${P11TOOL} ${ADDITIONAL_PARAM} --so-login --list-all "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit 1 + fi + + echo ok +} + +# $1: token +# $2: PIN +list_privkey_without_pin_env () { + token="$1" + pin="$2" + + echo -n "* List private key without GNUTLS_PIN... " + unset GNUTLS_PIN + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-privkeys "${token}?pin-value=${pin}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit 1 + fi + + echo ok +} + +# $1: token +# $2: PIN +change_id_of_privkey () { + export GNUTLS_PIN="$2" + token="$1" + + echo -n "* Change the CKA_ID of generated private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-id "01a1b103" "${token};object=gnutls-client;id=%00%01%02%03%04%05;object-type=private" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo "ID didn't change" + exit_error + fi + + echo ok +} + +# $1: token +# $2: PIN +change_label_of_privkey () { + export GNUTLS_PIN="$2" + token="$1" + + echo -n "* Change the CKA_LABEL of generated private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "new-label" "${token};object=gnutls-client;object-type=private" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-privkeys "${token};object=new-label;object-type=private" 2>&1 |grep 'Label: new-label' >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo "label didn't change" + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-label "gnutls-client" "${token};object=new-label;object-type=private" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + echo ok +} + +# $1: token +# $2: PIN +# $3: bits +generate_temp_ecc_privkey () { + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating ECC private key (${bits})... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --label "temp-ecc-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit 1 + fi +} + +# $1: token +# $2: PIN +# $3: bits +# The same as generate_temp_ecc_privkey but no explicit login is performed. +# p11tool should detect that login is required for the operation. +generate_temp_ecc_privkey_no_login () { + export GNUTLS_PIN="$2" + token="$1" + bits="$3" + + echo -n "* Generating ECC private key without --login (${bits})... " + ${P11TOOL} ${ADDITIONAL_PARAM} --label "temp-ecc-no-${bits}" --generate-ecc --bits "${bits}" "${token}" --outfile tmp-client.pub >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit 1 + fi +} + +# $1: name +# $2: label prefix +# $3: generate option +# $4: token +# $5: PIN +# $6: bits +import_privkey () { + export GNUTLS_PIN="$5" + name="$1" + prefix="$2" + gen_option="$3" + token="$4" + bits="$6" + + outfile="tmp-${prefix}-${bits}.pem" + + echo -n "* Importing ${name} private key (${bits})... " + + "${CERTTOOL}" ${CERTTOOL_PARAM} --generate-privkey "${gen_option}" --pkcs8 --password= --outfile "${outfile}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit 1 + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label "${prefix}-${bits}" --load-privkey "${outfile}" "${token}" >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit 1 + fi +} + +import_temp_rsa_privkey () { + import_privkey RSA temp-rsa --rsa $@ +} + +import_temp_ecc_privkey () { + import_privkey ECC temp-ecc --ecc $@ +} + +import_temp_ed25519_privkey () { + import_privkey ed25519 temp-ed25519 --key-type ed25519 $@ +} + +import_temp_dsa_privkey () { + import_privkey DSA temp-dsa --dsa $@ +} + +# $1: token +# $2: PIN +# $3: cakey: ${srcdir}/testpkcs11-certs/ca.key +# $4: cacert: ${srcdir}/testpkcs11-certs/ca.crt +# +# Tests writing a certificate which corresponds to the given key, +# as well as the CA certificate, and tries to export them. +write_certificate_test () { + export GNUTLS_PIN="$2" + token="$1" + cakey="$3" + cacert="$4" + pubkey="$5" + + echo -n "* Generating client certificate... " + datefudge -s "$TESTDATE" \ + "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ + --template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \ + --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1 + + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Writing client certificate... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --id "01a1b103" --label gnutls-client --load-certificate tmp-client.crt "${token}" >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Checking whether ID was correctly set... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=gnutls-client;object-type=private;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo "ID was not set on copy" + exit_error + fi + echo ok + + if test -n "${BROKEN_SOFTHSM2}";then + return + fi + + echo -n "* Checking whether object was public... " + ${P11TOOL} ${ADDITIONAL_PARAM} --list-all-certs "${token};object=gnutls-client;id=%01%a1%b1%03" 2>&1 | grep 'ID: 01:a1:b1:03' >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo "certificate object was not public" + exit_error + fi + echo ok + + if test -n "${BROKEN_SOFTHSM2}";then + return + fi + + echo -n "* Writing certificate of client's CA... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --mark-trusted --mark-ca --write --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${LOGFILE}" 2>&1 + ret=$? + if test ${ret} != 0; then + echo "Failed with PIN, trying to write with so PIN" >>"${LOGFILE}" + ${P11TOOL} ${ADDITIONAL_PARAM} --so-login --mark-ca --write --mark-trusted --label gnutls-ca --load-certificate "${cacert}" "${token}" >>"${LOGFILE}" 2>&1 + ret=$? + fi + + if test ${ret} = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Testing certificate flags... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all-certs "${token};object=gnutls-ca;object-type=cert" >${TMPFILE} 2>&1 + grep Flags ${TMPFILE}|head -n 1 >tmp-client-2.pub 2>>"${LOGFILE}" + if test $? != 0; then + echo failed + exit_error + fi + + grep CKA_TRUSTED tmp-client-2.pub >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo "failed (no CKA_TRUSTED)" + #exit_error + fi + + grep "CKA_CERTIFICATE_CATEGORY=CA" tmp-client-2.pub >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo "failed (no CKA_CERTIFICATE_CATEGORY=CA)" + #exit_error + fi + + echo ok + + echo -n "* Checking output of certificate" + grep "Expires: Sun Dec 13 08:24:54 2020" ${TMPFILE} >/dev/null + if test $? != 0;then + echo "failed. Expiration time not found" + exit_error + fi + + grep "X.509 Certificate (RSA-1024)" ${TMPFILE} >/dev/null + if test $? != 0;then + echo "failed. Certificate type and size not found." + exit_error + fi + + grep "Label: gnutls-ca" ${TMPFILE} >/dev/null + if test $? != 0;then + echo "failed. Certificate label not found." + exit_error + fi + + grep "Flags: CKA_CERTIFICATE_CATEGORY=CA; CKA_TRUSTED;" ${TMPFILE} >/dev/null + if test $? != 0;then + echo "failed. Object flags were not found." + exit_error + fi + + echo ok + rm -f ${TMPFILE} + + echo -n "* Trying to obtain back the cert... " + ${P11TOOL} ${ADDITIONAL_PARAM} --export "${token};object=gnutls-ca;object-type=cert" --outfile crt1.tmp >>"${LOGFILE}" 2>&1 + ${DIFF} crt1.tmp "${srcdir}/testpkcs11-certs/ca.crt" + if test $? != 0; then + echo "failed. Exported certificate differs (crt1.tmp)!" + exit_error + fi + rm -f crt1.tmp + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi + + echo -n "* Trying to obtain the full chain... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --export-chain "${token};object=gnutls-client;object-type=cert"|"${CERTTOOL}" ${CERTTOOL_PARAM} -i --outfile crt1.tmp >>"${LOGFILE}" 2>&1 + + cat tmp-client.crt ${srcdir}/testpkcs11-certs/ca.crt|"${CERTTOOL}" ${CERTTOOL_PARAM} -i >crt2.tmp + ${DIFF} crt1.tmp crt2.tmp + if test $? != 0; then + echo "failed. Exported certificate chain differs!" + exit_error + fi + rm -f crt1.tmp crt2.tmp + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi +} + +# $1: token +# $2: PIN +# $3: cakey: ${srcdir}/testpkcs11-certs/ca.key +# $4: cacert: ${srcdir}/testpkcs11-certs/ca.crt +# +# Tests writing a certificate which corresponds to the given key, +# and verifies whether the ID is the same. Should utilize the +# ID of the public key. +write_certificate_id_test_rsa () { + export GNUTLS_PIN="$2" + token="$1" + cakey="$3" + cacert="$4" + + echo -n "* Generating RSA private key on HSM... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --label xxx1-rsa --generate-rsa --bits 1024 "${token}" >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit 1 + fi + + echo -n "* Checking whether right ID is set on copy... " + "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ + --template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=xxx1-rsa;object-type=private" \ + --outfile tmp-client.crt >>"${LOGFILE}" 2>&1 + + if test $? != 0; then + echo failed + exit_error + fi + + id=$(${P11TOOL} ${ADDITIONAL_PARAM} --list-all "${token};object=xxx1-rsa;object-type=public" 2>&1 | grep 'ID: '|sed -e 's/ID://' -e 's/^[ \t]*//' -e 's/[ \t]*$//') + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label tmp-xxx1-rsa --load-certificate tmp-client.crt "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=tmp-xxx1-rsa;object-type=cert" 2>&1 | grep "ID: ${id}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo "ID '$id' was not set on copy" + exit_error + fi + echo ok +} + +# $1: token +# $2: PIN +# $3: cakey: ${srcdir}/testpkcs11-certs/ca.key +# $4: cacert: ${srcdir}/testpkcs11-certs/ca.crt +# +# Tests writing a certificate which corresponds to the given key, +# and verifies whether the ID is the same. Should utilize the +# ID of the private key. +write_certificate_id_test_rsa2 () { + export GNUTLS_PIN="$2" + token="$1" + cakey="$3" + cacert="$4" + tmpkey="key.$$.tmp" + + echo -n "* Generating RSA private key... " + ${CERTTOOL} ${ADDITIONAL_PARAM} --generate-privkey --bits 1024 --outfile ${tmpkey} >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit 1 + fi + + echo -n "* Checking whether right ID is set on copy... " + "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ + --template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey ${tmpkey} \ + --outfile tmp-client.crt >>"${LOGFILE}" 2>&1 + + if test $? != 0; then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label xxx2-rsa --load-privkey ${tmpkey} "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + id=$(${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all "${token};object=xxx2-rsa;object-type=private" 2>&1 | grep 'ID: '|sed -e 's/ID://' -e 's/^[ \t]*//' -e 's/[ \t]*$//') + + rm -f ${tmpkey} + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label tmp-xxx2-rsa --load-certificate tmp-client.crt "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=tmp-xxx2-rsa;object-type=cert" 2>&1 | grep "ID: ${id}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo "ID '$id' was not set on copy" + exit_error + fi + echo ok +} + +# $1: token +# $2: PIN +# $3: cakey: ${srcdir}/testpkcs11-certs/ca.key +# $4: cacert: ${srcdir}/testpkcs11-certs/ca.crt +# +# Tests writing a certificate which corresponds to the given key, +# and verifies whether the ID is the same. Should utilize the +# ID of the private key. +write_certificate_id_test_ecdsa () { + export GNUTLS_PIN="$2" + token="$1" + cakey="$3" + cacert="$4" + tmpkey="key.$$.tmp" + + echo -n "* Generating ECDSA private key... " + ${CERTTOOL} ${ADDITIONAL_PARAM} --generate-privkey --ecdsa --outfile ${tmpkey} >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit 1 + fi + + echo -n "* Checking whether right ID is set on copy... " + "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ + --template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey ${tmpkey} \ + --outfile tmp-client.crt >>"${LOGFILE}" 2>&1 + + if test $? != 0; then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label xxx-ecdsa --load-privkey ${tmpkey} "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + id=$(${P11TOOL} ${ADDITIONAL_PARAM} --login --list-all "${token};object=xxx-ecdsa;object-type=private" 2>&1 | grep 'ID: '|sed -e 's/ID://' -e 's/^[ \t]*//' -e 's/[ \t]*$//') + + rm -f ${tmpkey} + ${P11TOOL} ${ADDITIONAL_PARAM} --login --write --label tmp-xxx-ecdsa --load-certificate tmp-client.crt "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + + ${P11TOOL} ${ADDITIONAL_PARAM} --login --list-certs "${token};object=tmp-xxx-ecdsa;object-type=cert" 2>&1 | grep "ID: ${id}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo "ID '$id' was not set on copy" + exit_error + fi + echo ok +} + +test_sign () { + export GNUTLS_PIN="$2" + token="$1" + + echo -n "* Testing signatures using the private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --test-sign "${token};object=serv-key" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo "failed. Cannot test signatures." + exit_error + fi + echo ok + + echo -n "* Testing RSA-PSS signatures using the private key... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --sign-params rsa-pss --test-sign "${token};object=serv-key" >>"${LOGFILE}" 2>&1 + rc=$? + if test $rc != 0; then + if test $rc = 2; then + echo "failed. RSA-PSS not supported." + else + echo "failed. Cannot test signatures." + exit_error + fi + else + echo ok + fi + + echo -n "* Testing signatures using the private key (with ID)... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --test-sign "${token};id=%ac%1d%7a%39%cb%72%17%94%66%6c%74%44%73%40%91%44%c0%a0%43%7d" >>"${LOGFILE}" 2>&1 + ${P11TOOL} ${ADDITIONAL_PARAM} --login --test-sign "${token};id=%ac%1d%7a%39%cb%72%17%94%66%6c%74%44%73%40%91%44%c0%a0%43%7d" 2>&1|grep "Verifying against public key in the token..."|grep ok >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo "failed. Cannot test signatures with ID." + exit_error + fi + echo ok +} + +# This tests the signing operation as well as the usage of --set-pin +test_sign_set_pin () { + pin="$2" + token="$1" + + unset GNUTLS_PIN + + echo -n "* Testing signatures using the private key and --set-pin... " + ${P11TOOL} ${ADDITIONAL_PARAM} --login --set-pin ${pin} --test-sign "${token};object=serv-key" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo "failed. Cannot test signatures." + exit_error + fi + echo ok + + export GNUTLS_PIN=${pin} +} + +# $1: token +# $2: PIN +# $3: certfile +# $4: keyfile +# $5: cafile +# +# Tests using a certificate and key pair using gnutls-serv and gnutls-cli. +use_certificate_test () { + export GNUTLS_PIN="$2" + token="$1" + certfile="$3" + keyfile="$4" + cafile="$5" + txt="$6" + + echo -n "* Using PKCS #11 with gnutls-cli (${txt})... " + # start server + eval "${GETPORT}" + launch_bare_server datefudge -s "$TESTDATE" \ + $VALGRIND $SERV $DEBUG -p "$PORT" \ + ${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \ + --x509keyfile="$keyfile" --x509cafile="${cafile}" \ + --verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1 + + PID=$! + wait_server ${PID} + + # connect to server using SC + datefudge -s "$TESTDATE" \ + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" >"${LOGFILE}" 2>&1 && \ + fail ${PID} "Connection should have failed!" + + datefudge -s "$TESTDATE" \ + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \ + --x509keyfile="$keyfile" --x509cafile="${cafile}" >"${LOGFILE}" 2>&1 || \ + fail ${PID} "Connection (with files) should have succeeded!" + + datefudge -s "$TESTDATE" \ + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \ + --x509keyfile="${token};object=gnutls-client;object-type=private" \ + --x509cafile="${cafile}" >"${LOGFILE}" 2>&1 || \ + fail ${PID} "Connection (with SC) should have succeeded!" + + kill ${PID} + wait + + echo ok +} + +reset_pins () { + token="$1" + UPIN="$2" + SOPIN="$3" + NEWPIN=88654321 + # 255 chars + LARGE_NEWPIN="\ +1234123412341234123412341234123412341234123412341234123412341234\ +1234123412341234123412341234123412341234123412341234123412341234\ +1234123412341234123412341234123412341234123412341234123412341234\ +123412341234123412341234123412341234123412341234123412341234123\ +" + # 256 chars + TOO_LARGE_NEWPIN="$LARGE_NEWPIN"4 + + echo -n "* Setting SO PIN... " + # Test admin PIN + GNUTLS_NEW_SO_PIN="${NEWPIN}" \ + GNUTLS_SO_PIN="${SOPIN}" \ + ${P11TOOL} ${ADDITIONAL_PARAM} --login --initialize-so-pin "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + echo ok + + # reset back + echo -n "* Re-setting SO PIN... " + TMP="${NEWPIN}" + GNUTLS_SO_PIN="${TMP}" \ + GNUTLS_NEW_SO_PIN="${SOPIN}" \ + ${P11TOOL} ${ADDITIONAL_PARAM} --login --initialize-so-pin "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + echo ok + + echo -n "* Setting too large SO PIN... " + GNUTLS_NEW_SO_PIN="${TOO_LARGE_NEWPIN}" \ + GNUTLS_SO_PIN="${SOPIN}" \ + ${P11TOOL} ${ADDITIONAL_PARAM} --login --initialize-so-pin "${token}" >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo failed + exit_error + fi + echo ok + + echo -n "* Setting large SO PIN... " + GNUTLS_NEW_SO_PIN="${LARGE_NEWPIN}" \ + GNUTLS_SO_PIN="${SOPIN}" \ + ${P11TOOL} ${ADDITIONAL_PARAM} --login --initialize-so-pin "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + echo ok + + # reset back + echo -n "* Re-setting SO PIN... " + TMP="${LARGE_NEWPIN}" + GNUTLS_SO_PIN="${TMP}" \ + GNUTLS_NEW_SO_PIN="${SOPIN}" \ + ${P11TOOL} ${ADDITIONAL_PARAM} --login --initialize-so-pin "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + echo ok + + NEWPIN=977654321 + # Test user PIN + echo -n "* Setting user PIN... " + export GNUTLS_SO_PIN="${SOPIN}" + export GNUTLS_PIN="${NEWPIN}" + ${P11TOOL} ${ADDITIONAL_PARAM} --login --initialize-pin "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + echo ok + + echo -n "* Re-setting user PIN... " + export GNUTLS_PIN="${UPIN}" + ${P11TOOL} ${ADDITIONAL_PARAM} --login --initialize-pin "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + echo ok + + echo -n "* Setting too large user PIN... " + export GNUTLS_SO_PIN="${SOPIN}" + export GNUTLS_PIN="${TOO_LARGE_NEWPIN}" + ${P11TOOL} ${ADDITIONAL_PARAM} --login --initialize-pin "${token}" >>"${LOGFILE}" 2>&1 + if test $? = 0; then + echo failed + exit_error + fi + echo ok + + echo -n "* Setting large user PIN... " + export GNUTLS_SO_PIN="${SOPIN}" + export GNUTLS_PIN="${LARGE_NEWPIN}" + ${P11TOOL} ${ADDITIONAL_PARAM} --login --initialize-pin "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + echo ok + + echo -n "* Re-setting user PIN... " + export GNUTLS_PIN="${UPIN}" + ${P11TOOL} ${ADDITIONAL_PARAM} --login --initialize-pin "${token}" >>"${LOGFILE}" 2>&1 + if test $? != 0; then + echo failed + exit_error + fi + echo ok +} + + + +echo "Testing PKCS11 support" + +# erase SC + +type="$1" + +if test -z "${type}"; then + echo "usage: $0: [pkcs15|softhsm|sc-hsm]" + if test -x "/usr/bin/softhsm" || test -x "/usr/bin/softhsm2-util"; then + echo "assuming 'softhsm'" + echo "" + type=softhsm + else + exit 77 + fi + +fi + +. "${srcdir}/testpkcs11.${type}" + +export TEST_PIN=12345678 +export TEST_SO_PIN=00000001 + +init_card "${TEST_PIN}" "${TEST_SO_PIN}" + + +# find token name +TOKEN=`${P11TOOL} ${ADDITIONAL_PARAM} --list-tokens pkcs11:token=Nikos|grep URL|grep token=GnuTLS-Test|sed 's/\s*URL\: //g'` + +echo "* Token: ${TOKEN}" +if test "x${TOKEN}" = x; then + echo "Could not find generated token" + exit_error +fi + +${P11TOOL} ${ADDITIONAL_PARAM} --list-mechanisms ${TOKEN}|grep 25519 >/dev/null +if test $? = 0;then + have_ed25519=1 +fi + +${P11TOOL} ${ADDITIONAL_PARAM} --list-mechanisms ${TOKEN} > ${TMPFILE} + +# Verify that we output flags correctly +if grep AES_CTR ${TMPFILE} | grep -v "keysize range (16, 32)" ; then + echo "Keysize range error" + exit_error +fi + +if grep AES_CTR ${TMPFILE} | grep -v "encrypt decrypt" ; then + echo "Error with encrypt/decrypt flags" + exit_error +fi + +if grep KEY_WRAP ${TMPFILE} | grep -v "wrap.unwrap" ; then + echo "Error with wrap/unwrap flags" + exit_error +fi + +if grep AES_CMAC ${TMPFILE} | grep -v "sign verify" ; then + echo "Error with sign/verify flags" + exit_error +fi + +if grep "CKM_SHA256 " ${TMPFILE} | grep -v "digest" ; then + echo "Error with digest flags" + exit_error +fi + +reset_pins "${TOKEN}" "${TEST_PIN}" "${TEST_SO_PIN}" + +#write a given privkey +write_privkey "${TOKEN}" "${TEST_PIN}" "${srcdir}/testpkcs11-certs/client.key" +write_privkey_always_auth "${TOKEN}" "${TEST_PIN}" "${srcdir}/testpkcs11-certs/client.key" + +generate_temp_ecc_privkey "${TOKEN}" "${TEST_PIN}" 256 +delete_temp_privkey "${TOKEN}" "${TEST_PIN}" ecc-256 + +generate_temp_ecc_privkey_no_login "${TOKEN}" "${TEST_PIN}" 256 +delete_temp_privkey "${TOKEN}" "${TEST_PIN}" ecc-no-256 + +generate_temp_ecc_privkey "${TOKEN}" "${TEST_PIN}" 384 +delete_temp_privkey "${TOKEN}" "${TEST_PIN}" ecc-384 + +if test $have_ed25519 != 0;then + generate_temp_ed25519_privkey "${TOKEN}" "${TEST_PIN}" ed25519 + delete_temp_privkey "${TOKEN}" "${TEST_PIN}" ed25519 +fi + +generate_temp_rsa_privkey "${TOKEN}" "${TEST_PIN}" 2048 +delete_temp_privkey "${TOKEN}" "${TEST_PIN}" rsa-2048 + +generate_temp_dsa_privkey "${TOKEN}" "${TEST_PIN}" 3072 +delete_temp_privkey "${TOKEN}" "${TEST_PIN}" dsa-3072 + +import_temp_rsa_privkey "${TOKEN}" "${TEST_PIN}" 1024 +delete_temp_privkey "${TOKEN}" "${TEST_PIN}" rsa-1024 +import_temp_ecc_privkey "${TOKEN}" "${TEST_PIN}" 256 +delete_temp_privkey "${TOKEN}" "${TEST_PIN}" ecc-256 +import_temp_dsa_privkey "${TOKEN}" "${TEST_PIN}" 2048 +delete_temp_privkey "${TOKEN}" "${TEST_PIN}" dsa-2048 + +if test $have_ed25519 != 0;then + import_temp_ed25519_privkey "${TOKEN}" "${TEST_PIN}" ed25519 + delete_temp_privkey "${TOKEN}" "${TEST_PIN}" ed25519 +fi + +generate_rsa_privkey "${TOKEN}" "${TEST_PIN}" 1024 +change_id_of_privkey "${TOKEN}" "${TEST_PIN}" +export_pubkey_of_privkey "${TOKEN}" "${TEST_PIN}" +change_label_of_privkey "${TOKEN}" "${TEST_PIN}" +list_pubkey_as_so "${TOKEN}" "${TEST_SO_PIN}" +list_privkey_without_pin_env "${TOKEN}" "${TEST_PIN}" + +write_certificate_test "${TOKEN}" "${TEST_PIN}" "${srcdir}/testpkcs11-certs/ca.key" "${srcdir}/testpkcs11-certs/ca.crt" tmp-client.pub +write_serv_privkey "${TOKEN}" "${TEST_PIN}" "${srcdir}/testpkcs11-certs/server.key" +write_serv_cert "${TOKEN}" "${TEST_PIN}" "${srcdir}/testpkcs11-certs/server.crt" + +write_serv_pubkey "${TOKEN}" "${TEST_PIN}" "${srcdir}/testpkcs11-certs/server.crt" +test_sign "${TOKEN}" "${TEST_PIN}" + +use_certificate_test "${TOKEN}" "${TEST_PIN}" "${TOKEN};object=serv-cert;object-type=cert" "${TOKEN};object=serv-key;object-type=private" "${srcdir}/testpkcs11-certs/ca.crt" "full URLs" + +use_certificate_test "${TOKEN}" "${TEST_PIN}" "${TOKEN};object=serv-cert" "${TOKEN};object=serv-key" "${srcdir}/testpkcs11-certs/ca.crt" "abbrv URLs" + +write_certificate_id_test_rsa "${TOKEN}" "${TEST_PIN}" "${srcdir}/testpkcs11-certs/ca.key" "${srcdir}/testpkcs11-certs/ca.crt" +write_certificate_id_test_rsa2 "${TOKEN}" "${TEST_PIN}" "${srcdir}/testpkcs11-certs/ca.key" "${srcdir}/testpkcs11-certs/ca.crt" +write_certificate_id_test_ecdsa "${TOKEN}" "${TEST_PIN}" "${srcdir}/testpkcs11-certs/ca.key" "${srcdir}/testpkcs11-certs/ca.crt" + +test_delete_cert "${TOKEN}" "${TEST_PIN}" + +test_sign_set_pin "${TOKEN}" "${TEST_PIN}" + +if test ${RETCODE} = 0; then + echo "* All smart cards tests succeeded" +fi +rm -f tmp-client.crt tmp-client.pub tmp-client-2.pub "${LOGFILE}" "${TMPFILE}" + +exit 0 diff --git a/tests/testpkcs11.softhsm b/tests/testpkcs11.softhsm new file mode 100755 index 0000000..d79a852 --- /dev/null +++ b/tests/testpkcs11.softhsm @@ -0,0 +1,77 @@ +#!/bin/sh + +# Copyright (C) 2013 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +for i in /usr/lib64/pkcs11 /usr/lib/softhsm /usr/lib/x86_64-linux-gnu/softhsm /usr/lib /usr/lib64/softhsm;do + if test -f "$i/libsofthsm2.so"; then + ADDITIONAL_PARAM="--provider $i/libsofthsm2.so" + break + else + if test -f "$i/libsofthsm.so";then + ADDITIONAL_PARAM="--provider $i/libsofthsm.so" + break + fi + fi +done + +init_card () { + PIN="$1" + PUK="$2" + + if test -x "/usr/bin/softhsm2-util"; then + export SOFTHSM2_CONF="softhsm-testpkcs11.$$.config.tmp" + SOFTHSM_TOOL="/usr/bin/softhsm2-util" + ${SOFTHSM_TOOL} --version|grep "2.0.0" >/dev/null 2>&1 + if test $? = 0; then + echo "softhsm2-util 2.0.0 is broken" + export BROKEN_SOFTHSM2=1 + fi + fi + + if test -x "/usr/bin/softhsm"; then + export SOFTHSM_CONF="softhsm-testpkcs11.$$.config.tmp" + SOFTHSM_TOOL="/usr/bin/softhsm" + fi + + if test -z "${SOFTHSM_TOOL}"; then + echo "Could not find softhsm(2) tool" + exit 77 + fi + + if test -z "${SOFTHSM_CONF}"; then + rm -rf ./softhsm-testpkcs11.$$.tmp + mkdir -p ./softhsm-testpkcs11.$$.tmp + echo "objectstore.backend = file" > "${SOFTHSM2_CONF}" + echo "directories.tokendir = ./softhsm-testpkcs11.$$.tmp" >> "${SOFTHSM2_CONF}" + + else + rm -rf ./softhsm-testpkcs11.$$.tmp + echo "0:./softhsm-testpkcs11.$$.tmp" > "${SOFTHSM_CONF}" + fi + + + echo -n "* Initializing smart card... " + ${SOFTHSM_TOOL} --init-token --slot 0 --label "GnuTLS-Test" --so-pin "${PUK}" --pin "${PIN}" >/dev/null #2>&1 + if test $? = 0; then + echo ok + else + echo failed + exit_error + fi +} diff --git a/tests/time.c b/tests/time.c new file mode 100644 index 0000000..7f5240d --- /dev/null +++ b/tests/time.c @@ -0,0 +1,94 @@ +/* + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +/* That's a unit test of _gnutls_utcTime2gtime() and _gnutls_x509_generalTime2gtime() + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include +#include + +#include "utils.h" + +time_t _gnutls_utcTime2gtime(const char *ttime); +time_t _gnutls_x509_generalTime2gtime(const char *ttime); + +struct time_tests_st { + const char *time_str; + time_t utime; +}; + +struct time_tests_st general_time_tests[] = { + { + .time_str = "20190520133237Z", + .utime = 1558359157 + }, + { + .time_str = "20170101000000Z", + .utime = 1483228800 + }, + { + .time_str = "19700101000000Z", + .utime = 0 + }, +}; + +struct time_tests_st utc_time_tests[] = { + { + .time_str = "190520133237", + .utime = 1558359157 + }, + { + .time_str = "170101000000Z", + .utime = 1483228800 + }, +}; + + +void doit(void) +{ + time_t t; + unsigned i; + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This program tests tls channel binding API under TLS 1.3. + * tls-unique is expected to fail while server-end-point and + * exporter should succeed and provide same binding data on + * both ends. Except that server-end-point is only valid for + * X.509 certificates, thus fails for other types. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static int +check_binding_data(gnutls_session_t client, gnutls_session_t server, + int cbtype, const char *cbname, int negative) +{ + gnutls_datum_t client_cb = {0}; + gnutls_datum_t server_cb = {0}; + + if (gnutls_session_channel_binding(client, cbtype, &client_cb) + != GNUTLS_E_SUCCESS) { + if (negative == 0) { + fail("Cannot get client binding %s\n", cbname); + return 1; + } + } else if(negative) { + fail("Client retrieval of %s was supposed to fail\n", cbname); + return 1; + } + if (gnutls_session_channel_binding(server, cbtype, &server_cb) + != GNUTLS_E_SUCCESS) { + if (negative == 0) { + fail("Cannot get server binding %s\n", cbname); + return -1; + } + } else if(negative) { + fail("Server retrieval of %s was supposed to fail\n", cbname); + return -1; + } + /* If we are here with negative 1 - we're done for now */ + if (negative == 1) + return 0; + + if (server_cb.size != client_cb.size && client_cb.size > 0) { + fail("%s wrong binding data length: %d:%d\n", + cbname, client_cb.size, server_cb.size); + return 2; + } + if (gnutls_memcmp(client_cb.data, server_cb.data, client_cb.size) != 0) { + fail("%s wrong binding data content\n", cbname); + return -2; + } + gnutls_free (client_cb.data); + gnutls_free (server_cb.data); + return 0; +} + +static int +serv_psk_func(gnutls_session_t session, const char *user, gnutls_datum_t *pass) +{ + pass->size = 4; + pass->data = gnutls_malloc(pass->size); + pass->data[0] = 0xDE; + pass->data[1] = 0xAD; + pass->data[2] = 0xBE; + pass->data[3] = 0xEF; + return 0; +} + +static void +tls_setup_peers(gnutls_session_t *client, gnutls_session_t *server, + const char *cprio, const char *sprio, int raw) +{ + gnutls_certificate_credentials_t clientx509cred; + gnutls_certificate_credentials_t serverx509cred; + gnutls_anon_client_credentials_t c_anoncred; + gnutls_anon_server_credentials_t s_anoncred; + gnutls_psk_client_credentials_t c_psk_cred; + gnutls_psk_server_credentials_t s_psk_cred; + const gnutls_datum_t pskkey = { (void *) "DEADBEEF", 8 }; + int cret = GNUTLS_E_AGAIN; + int sret = GNUTLS_E_AGAIN; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + if (raw) + gnutls_certificate_set_rawpk_key_mem(serverx509cred, + &rawpk_public_key1, &rawpk_private_key1, + GNUTLS_X509_FMT_PEM, + NULL, 0, NULL, 0, 0); + else + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_anon_allocate_server_credentials(&s_anoncred); + gnutls_psk_allocate_server_credentials(&s_psk_cred); + gnutls_psk_set_server_credentials_function(s_psk_cred, serv_psk_func); + gnutls_init(server, GNUTLS_SERVER | GNUTLS_ENABLE_RAWPK); + gnutls_credentials_set(*server, GNUTLS_CRD_CERTIFICATE, serverx509cred); + gnutls_credentials_set(*server, GNUTLS_CRD_ANON, s_anoncred); + gnutls_credentials_set(*server, GNUTLS_CRD_PSK, s_psk_cred); + gnutls_priority_set_direct(*server, sprio, NULL); + gnutls_transport_set_push_function(*server, server_push); + gnutls_transport_set_pull_function(*server, server_pull); + gnutls_transport_set_ptr(*server, *server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_anon_allocate_client_credentials(&c_anoncred); + gnutls_psk_allocate_client_credentials(&c_psk_cred); + gnutls_psk_set_client_credentials(c_psk_cred, "psk", &pskkey, + GNUTLS_PSK_KEY_HEX); + gnutls_init(client, GNUTLS_CLIENT | GNUTLS_ENABLE_RAWPK); + gnutls_credentials_set(*client, GNUTLS_CRD_CERTIFICATE, clientx509cred); + gnutls_credentials_set(*client, GNUTLS_CRD_ANON, c_anoncred); + gnutls_credentials_set(*client, GNUTLS_CRD_PSK, c_psk_cred); + gnutls_priority_set_direct(*client, cprio, NULL); + gnutls_transport_set_push_function(*client, client_push); + gnutls_transport_set_pull_function(*client, client_pull); + gnutls_transport_set_ptr(*client, *client); + + HANDSHAKE(*client, *server); +} + +static void +tls_clear_peers(gnutls_session_t client, gnutls_session_t server) +{ + void *cred; + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + if(gnutls_credentials_get(client, GNUTLS_CRD_CERTIFICATE, &cred) == 0) + gnutls_certificate_free_credentials(cred); + + if(gnutls_credentials_get(server, GNUTLS_CRD_CERTIFICATE, &cred) == 0) + gnutls_certificate_free_credentials(cred); + + if(gnutls_credentials_get(client, GNUTLS_CRD_ANON, &cred) == 0) + gnutls_anon_free_client_credentials(cred); + + if(gnutls_credentials_get(server, GNUTLS_CRD_ANON, &cred) == 0) + gnutls_anon_free_server_credentials(cred); + + if(gnutls_credentials_get(client, GNUTLS_CRD_PSK, &cred) == 0) + gnutls_psk_free_client_credentials(cred); + + if(gnutls_credentials_get(server, GNUTLS_CRD_PSK, &cred) == 0) + gnutls_psk_free_server_credentials(cred); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_global_deinit(); + + reset_buffers(); +} + +static void +tlsv13_binding(void) +{ + gnutls_session_t client = NULL; + gnutls_session_t server = NULL; + unsigned char buffer[64]; + size_t transferred = 0; + + success("testing TLSv1.3 x509 channel binding\n"); + + tls_setup_peers(&client, &server, + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", + "NORMAL:+VERS-TLS1.3", 0); + + if (gnutls_protocol_get_version(client) != GNUTLS_TLS1_3) + fail("TLS1.3 was not negotiated\n"); + + TRANSFER(client, server, "xxxx", 4, buffer, sizeof(buffer)); + + /* tls-unique testing - must fail under 1.3 */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_UNIQUE, + "tls-unique", 1) == 0) + success("binding fail: tls-unique not supported for TLSv1.3\n"); + + /* bogus biding type */ + if (check_binding_data(client, server, 666, "tls-fake", 1) == 0) + success("binding fail: fake tls binding type not supported\n"); + + /* tls-server-end-point testing, take both sides and compare */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_SERVER_END_POINT, + "tls-server-end-point", 0) == 0) + success("binding match: tls-server-end-point\n"); + + /* tls-exporter testing, take both sides and compare */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_EXPORTER, + "tls-exporter", 0) == 0) + success("binding match: tls-exporter\n"); + + tls_clear_peers(client, server); +} + +static void +rawv13_binding(void) +{ + gnutls_session_t client = NULL; + gnutls_session_t server = NULL; + unsigned char buffer[64]; + size_t transferred = 0; + + success("testing TLSv1.3 RAWPK channel binding\n"); + + tls_setup_peers(&client, &server, + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+CTYPE-ALL", + "NORMAL:+VERS-TLS1.3:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519:+CTYPE-ALL", + 1); + + if (gnutls_protocol_get_version(client) != GNUTLS_TLS1_3) + fail("TLS1.3 was not negotiated\n"); + + TRANSFER(client, server, "xxxx", 4, buffer, sizeof(buffer)); + + /* tls-unique testing - must fail under 1.3 */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_UNIQUE, + "tls-unique", 1) == 0) + success("binding fail: tls-unique not supported for TLSv1.3\n"); + + /* bogus biding type */ + if (check_binding_data(client, server, 666, "tls-fake", 1) == 0) + success("binding fail: fake tls binding type not supported\n"); + + /* tls-server-end-point testing, undefined for anon and psk */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_SERVER_END_POINT, + "tls-server-end-point", 1) == 0) + success("binding fail: tls-server-end-point invalid for rawpk\n"); + + /* tls-exporter testing, take both sides and compare */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_EXPORTER, + "tls-exporter", 0) == 0) + success("binding match: tls-exporter\n"); + + tls_clear_peers(client, server); +} + +static void +pskv13_binding(void) +{ + gnutls_session_t client = NULL; + gnutls_session_t server = NULL; + unsigned char buffer[64]; + size_t transferred = 0; + + success("testing TLSv1.3 PSK channel binding\n"); + + tls_setup_peers(&client, &server, + "NORMAL:-KX-ALL:+DHE-PSK:-VERS-TLS-ALL:+VERS-TLS1.3", + "NORMAL:-KX-ALL:+DHE-PSK:+VERS-TLS1.3", 0); + + if (gnutls_protocol_get_version(client) != GNUTLS_TLS1_3) + fail("TLS1.3 was not negotiated\n"); + + TRANSFER(client, server, "xxxx", 4, buffer, sizeof(buffer)); + + /* tls-unique testing - must fail under 1.3 */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_UNIQUE, + "tls-unique", 1) == 0) + success("binding fail: tls-unique not supported for TLSv1.3\n"); + + /* bogus biding type */ + if (check_binding_data(client, server, 666, "tls-fake", 1) == 0) + success("binding fail: fake tls binding type not supported\n"); + + /* tls-server-end-point testing, undefined for anon and psk */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_SERVER_END_POINT, + "tls-server-end-point", 1) == 0) + success("binding fail: tls-server-end-point invalid for anon\n"); + + /* tls-exporter testing, take both sides and compare */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_EXPORTER, + "tls-exporter", 0) == 0) + success("binding match: tls-exporter\n"); + + tls_clear_peers(client, server); +} + +static void +tlsv12_binding(void) +{ + gnutls_session_t client = NULL; + gnutls_session_t server = NULL; + unsigned char buffer[64]; + size_t transferred = 0; + + success("testing TLSv1.2 x509 channel binding\n"); + + tls_setup_peers(&client, &server, + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", 0); + + if (gnutls_protocol_get_version(client) != GNUTLS_TLS1_2) + fail("TLS1.2 was not negotiated\n"); + + TRANSFER(client, server, "xxxx", 4, buffer, sizeof(buffer)); + + /* tls-unique testing - must succeed under 1.2 */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_UNIQUE, + "tls-unique", 0) == 0) + success("binding match: tls-unique\n"); + + /* bogus biding type */ + if (check_binding_data(client, server, 666, "tls-fake", 1) == 0) + success("binding fail: fake binding type not supported\n"); + + /* tls-server-end-point testing, take both sides and compare */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_SERVER_END_POINT, + "tls-server-end-point", 0) == 0) + success("binding match: tls-server-end-point\n"); + + /* tls-exporter testing, take both sides and compare */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_EXPORTER, + "tls-exporter", 0) == 0) + success("binding match: tls-exporter\n"); + + tls_clear_peers(client, server); +} + +static void +anon12_binding(void) +{ + gnutls_session_t client = NULL; + gnutls_session_t server = NULL; + unsigned char buffer[64]; + size_t transferred = 0; + + success("testing TLSv1.2 ANON channel binding\n"); + + tls_setup_peers(&client, &server, + "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2", + "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2", 0); + + if (gnutls_protocol_get_version(client) != GNUTLS_TLS1_2) + fail("TLS1.2 was not negotiated\n"); + + TRANSFER(client, server, "xxxx", 4, buffer, sizeof(buffer)); + + /* tls-unique testing - must succeed under 1.2 */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_UNIQUE, + "tls-unique", 0) == 0) + success("binding match: tls-unique\n"); + + /* bogus biding type */ + if (check_binding_data(client, server, 666, "tls-fake", 1) == 0) + success("binding fail: fake binding type not supported\n"); + + /* tls-server-end-point testing, undefined for anon and psk */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_SERVER_END_POINT, + "tls-server-end-point", 1) == 0) + success("binding fail: tls-server-end-point invalid for anon\n"); + + /* tls-exporter testing, take both sides and compare */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_EXPORTER, + "tls-exporter", 0) == 0) + success("binding match: tls-exporter\n"); + + tls_clear_peers(client, server); +} + +static void +pskv12_binding(void) +{ + gnutls_session_t client = NULL; + gnutls_session_t server = NULL; + unsigned char buffer[64]; + size_t transferred = 0; + + success("testing TLSv1.2 PSK channel binding\n"); + + tls_setup_peers(&client, &server, + "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2", + "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2", 0); + + if (gnutls_protocol_get_version(client) != GNUTLS_TLS1_2) + fail("TLS1.2 was not negotiated\n"); + + TRANSFER(client, server, "xxxx", 4, buffer, sizeof(buffer)); + + /* tls-unique testing - must succeed under 1.2 */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_UNIQUE, + "tls-unique", 0) == 0) + success("binding match: tls-unique\n"); + + /* bogus biding type */ + if (check_binding_data(client, server, 666, "tls-fake", 1) == 0) + success("binding fail: fake binding type not supported\n"); + + /* tls-server-end-point testing, undefined for anon and psk */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_SERVER_END_POINT, + "tls-server-end-point", 1) == 0) + success("binding fail: tls-server-end-point invalid for anon\n"); + + /* tls-exporter testing, take both sides and compare */ + if (check_binding_data(client, server, GNUTLS_CB_TLS_EXPORTER, + "tls-exporter", 0) == 0) + success("binding match: tls-exporter\n"); + + tls_clear_peers(client, server); +} + +void doit(void) +{ + tlsv13_binding(); + tlsv12_binding(); + rawv13_binding(); + anon12_binding(); + pskv13_binding(); + pskv12_binding(); +} diff --git a/tests/tls-client-with-seccomp.c b/tests/tls-client-with-seccomp.c new file mode 100644 index 0000000..dc78737 --- /dev/null +++ b/tests/tls-client-with-seccomp.c @@ -0,0 +1,299 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "utils.h" + +static void terminate(void); + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + ret = disable_system_calls(); + if (ret < 0) { + fprintf(stderr, "could not enable seccomp\n"); + exit(2); + } + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, + prio, + NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) { + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + } + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t xcred; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + ret = gnutls_certificate_set_x509_key_mem(xcred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + gnutls_init(&session, GNUTLS_SERVER); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, + prio, + NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + memset(buffer, 1, sizeof(buffer)); + do { + ret = gnutls_record_send(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: data sending has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) { + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + } + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void run(const char *name, const char *prio) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + close(fd[1]); + server(fd[0], prio); + + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], prio); + exit(0); + } +} + +void doit(void) +{ + run("tls1.2", "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2"); + run("tls1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3"); + run("default", "NORMAL"); +} +#endif /* _WIN32 */ diff --git a/tests/tls-crt_type-neg.c b/tests/tls-crt_type-neg.c new file mode 100644 index 0000000..dacb854 --- /dev/null +++ b/tests/tls-crt_type-neg.c @@ -0,0 +1,442 @@ +/* + * Copyright (C) 2017 - 2018 ARPA2 project + * + * Author: Tom Vrancken (dev@tomvrancken.nl) + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the certificate type negotiation mechanism for + * the handshake as specified in RFC7250 */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" +#include "crt_type-neg-common.c" + +test_case_st tests[] = { + /* Tests with only a single credential set for client/server. + * Tests for X.509 cases. + */ + { + /* Default case A + * + * Priority cli: NORMAL + * Priority srv: NORMAL + * Cli creds: None + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: cert types should default to X.509 + */ + .name = "Default case A. Creds set (CLI/SRV): None/X509.", + .client_prio = "NORMAL", + .server_prio = "NORMAL", + .set_cli_creds = CRED_EMPTY, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_X509}, + { + /* Default case B + * + * Priority: NORMAL + * Cli creds: X.509 + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: cert types should default to X.509 + */ + .name = "Default case B. Creds set (CLI/SRV): X509/X509. No cli cert asked.", + .client_prio = "NORMAL", + .server_prio = "NORMAL", + .set_cli_creds = CRED_X509, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_X509}, + { + /* Default case C + * + * Priority: NORMAL + * Cli creds: X.509 + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: cert types should default to X.509 + */ + .name = "Default case C. Creds set (CLI/SRV): X509/X509. Cli cert asked.", + .client_prio = "NORMAL", + .server_prio = "NORMAL", + .set_cli_creds = CRED_X509, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_X509, + .request_cli_crt = true}, + { + /* No server credentials + * + * Priority: NORMAL + * Cli creds: None + * Srv creds: None + * Handshake: results in errors + * Negotiation: cert types are not evaluated + */ + .name = "No server creds. Creds set (CLI/SRV): None/None.", + .client_prio = "NORMAL", + .server_prio = "NORMAL", + .set_cli_creds = CRED_EMPTY, + .set_srv_creds = CRED_EMPTY, + .client_err = GNUTLS_E_AGAIN, + .server_err = GNUTLS_E_NO_CIPHER_SUITES}, + { + /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509 + * + * Priority: NORMAL + request x509 for cli and srv + * Cli creds: X.509 + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: Fallback to default cli X.509, srv X.509 because + * we advertise with only the cert type defaults. Extensions + * will therefore not be activated. + */ + .name = "Negotiate CLI X.509 + SRV X.509. Creds set (CLI/SRV): X.509/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509", + .server_prio = "NORMAL:+CTYPE-CLI-X509:+CTYPE-SRV-X509", + .set_cli_creds = CRED_X509, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_X509}, + { + /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509, no cli cert asked + * + * Priority: NORMAL + request x509 for cli + * Cli creds: X.509 + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: Fallback to default cli X.509, srv X.509 because + * we advertise with only the cert type defaults. Extensions + * will therefore not be activated. + */ + .name = "Negotiate CLI X.509. Creds set (CLI/SRV): X.509/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-X509", + .server_prio = "NORMAL:+CTYPE-CLI-X509", + .set_cli_creds = CRED_X509, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_X509}, + { + /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509, cli cert asked + * + * Priority: NORMAL + request x509 for cli + * Cli creds: X.509 + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: Fallback to default cli X.509, srv X.509 because + * we advertise with only the cert type defaults. Extensions + * will therefore not be activated. + */ + .name = "Negotiate CLI X.509. Creds set (CLI/SRV): X.509/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-X509", + .server_prio = "NORMAL:+CTYPE-CLI-X509", + .set_cli_creds = CRED_X509, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_X509, + .request_cli_crt = true}, + { + /* Explicit cli/srv ctype negotiation, cli creds x509, srv creds x509 + * + * Priority: NORMAL + request x509 for srv + * Cli creds: X.509 + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: Fallback to default cli X.509, srv X.509 because + * we advertise with only the cert type defaults. Extensions + * will therefore not be activated. + */ + .name = "Negotiate SRV X.509. Creds set (CLI/SRV): X.509/X.509.", + .client_prio = "NORMAL:+CTYPE-SRV-X509", + .server_prio = "NORMAL:+CTYPE-SRV-X509", + .set_cli_creds = CRED_X509, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_X509}, + { + /* Explicit cli/srv ctype negotiation, all types allowed for CLI, cli creds x509, srv creds x509 + * + * Priority: NORMAL + allow all client cert types + * Cli creds: X.509 + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: cli X.509 and srv X.509 because + * we only have X.509 credentials set. + */ + .name = "Negotiate CLI all. Creds set (CLI/SRV): X.509/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-ALL", + .server_prio = "NORMAL:+CTYPE-CLI-ALL", + .set_cli_creds = CRED_X509, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_X509}, + { + /* Explicit cli/srv ctype negotiation, all types allowed for SRV, cli creds x509, srv creds x509 + * + * Priority: NORMAL + allow all server cert types + * Cli creds: X.509 + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: cli X.509 and srv X.509 because + * we only have X.509 credentials set. + */ + .name = "Negotiate SRV all. Creds set (CLI/SRV): X.509/X.509.", + .client_prio = "NORMAL:+CTYPE-SRV-ALL", + .server_prio = "NORMAL:+CTYPE-SRV-ALL", + .set_cli_creds = CRED_X509, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_X509}, + { + /* Explicit cli/srv ctype negotiation, all types allowed for CLI/SRV, cli creds x509, srv creds x509 + * + * Priority: NORMAL + allow all client and server cert types + * Cli creds: X.509 + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: cli X.509 and srv X.509 because + * we only have X.509 credentials set. + */ + .name = "Negotiate CLI/SRV all. Creds set (CLI/SRV): X.509/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL", + .server_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL", + .set_cli_creds = CRED_X509, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_X509}, + + /* Tests with only a single credential set for client/server. + * Tests for Raw public-key cases. + */ + { + /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds Raw PK, Req. cli cert. + * + * Priority: NORMAL + request rawpk for cli and srv + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: yes + * Handshake: should complete without errors + * Negotiation: both parties should have a Raw PK cert negotiated + */ + .name = "Negotiate CLI Raw PK + SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK. Cert req.", + .client_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* Explicit cli/srv ctype negotiation (TLS 1.2), cli creds Raw PK, srv creds Raw PK + * + * Priority: NORMAL + request rawpk for cli and srv + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: no + * Handshake: should complete without errors + * Negotiation: a Raw PK server cert. A diverged state for the client + * cert type. The server picks Raw PK but does not send a response + * to the client (under TLS 1.2). The client therefore falls back to default (X.509). + */ + .name = "Negotiate CLI Raw PK + SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK.", + .client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_cli_srv_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = false, + .cli_srv_may_diverge = true}, + { + /* Explicit cli/srv ctype negotiation (TLS 1.3), cli creds Raw PK, srv creds Raw PK + * + * Priority: NORMAL + request rawpk for cli and srv + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: no + * Handshake: should complete without errors + * Negotiation: a Raw PK server cert and client cert. Under TLS 1.3 + * a response is always sent by the server also when no client + * cert is requested. This is necessary for post-handshake authentication + * to work. + */ + .name = "Negotiate CLI Raw PK + SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK.", + .client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_cli_srv_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = false, + .cli_srv_may_diverge = true}, + { + /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds Raw PK + * + * Priority: NORMAL + request rawpk for cli + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: no + * Handshake: fails because no valid cred (X.509) can be found for the server. + * Negotiation: - + */ + .name = "Negotiate CLI Raw PK. Creds set (CLI/SRV): RawPK/RawPK.", + .client_prio = "NORMAL:+CTYPE-CLI-RAWPK", + .server_prio = "NORMAL:+CTYPE-CLI-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .client_err = GNUTLS_E_AGAIN, + .server_err = GNUTLS_E_NO_CIPHER_SUITES}, + { + /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds Raw PK, request cli cert. + * + * Priority: NORMAL + request rawpk for srv + * Cli creds: Raw PK + * Srv creds: Raw PK + * Request client cert: yes + * Handshake: should complete without errors + * Negotiation: Raw PK will be negotiated for server. Client will + * default to X.509. + */ + .name = "Negotiate SRV Raw PK. Creds set (CLI/SRV): RawPK/RawPK.", + .client_prio = "NORMAL:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* Explicit cli/srv ctype negotiation, cli creds Raw PK, srv creds X.509, Request cli cert. + * + * Priority: NORMAL + request rawpk for cli and srv + * Cli creds: Raw PK + * Srv creds: X.509 + * Request client cert: yes + * Handshake: should complete without errors + * Negotiation: Raw PK will be negotiated for client. Server will + * default to X.509. + */ + .name = "Negotiate CLI and SRV Raw PK. Creds set (CLI/SRV): RawPK/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .server_prio = "NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_ctype = GNUTLS_CRT_X509, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* All types allowed for CLI, cli creds Raw PK, srv creds X.509 + * + * Priority: NORMAL + allow all client cert types + * Cli creds: Raw PK + * Srv creds: X.509 + * Handshake: should complete without errors + * Negotiation: cli Raw PK and srv X.509 because + * that are the only credentials set. + */ + .name = "Negotiate CLI all. Creds set (CLI/SRV): Raw PK/X.509.", + .client_prio = "NORMAL:+CTYPE-CLI-ALL", + .server_prio = "NORMAL:+CTYPE-CLI-ALL", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_X509, + .expected_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_ctype = GNUTLS_CRT_X509, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* All types allowed for SRV, cli creds x509, srv creds Raw PK + * + * Priority: NORMAL + allow all server cert types + * Cli creds: X.509 + * Srv creds: Raw PK + * Handshake: should complete without errors + * Negotiation: cli X.509 and srv Raw PK because + * that are the only credentials set. + */ + .name = "Negotiate SRV all. Creds set (CLI/SRV): X.509/Raw PK.", + .client_prio = "NORMAL:+CTYPE-SRV-ALL", + .server_prio = "NORMAL:+CTYPE-SRV-ALL", + .set_cli_creds = CRED_X509, + .set_srv_creds = CRED_RAWPK, + .expected_cli_ctype = GNUTLS_CRT_X509, + .expected_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + { + /* All types allowed for CLI/SRV, cli creds Raw PK, srv creds Raw PK + * + * Priority: NORMAL + allow all client and server cert types + * Cli creds: Raw PK + * Srv creds: Raw PK + * Handshake: should complete without errors + * Negotiation: cli Raw PK and srv Raw PK because + * that are the only credentials set. + */ + .name = "Negotiate CLI/SRV all. Creds set (CLI/SRV): Raw PK/Raw PK.", + .client_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL", + .server_prio = "NORMAL:+CTYPE-CLI-ALL:+CTYPE-SRV-ALL", + .set_cli_creds = CRED_RAWPK, + .set_srv_creds = CRED_RAWPK, + .expected_cli_ctype = GNUTLS_CRT_RAWPK, + .expected_srv_ctype = GNUTLS_CRT_RAWPK, + .init_flags_cli = GNUTLS_ENABLE_RAWPK, + .init_flags_srv = GNUTLS_ENABLE_RAWPK, + .request_cli_crt = true}, + +}; + +void doit(void) +{ + unsigned i; + global_init(); + + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + try(&tests[i]); + } + + gnutls_global_deinit(); +} diff --git a/tests/tls-etm.c b/tests/tls-etm.c new file mode 100644 index 0000000..17da1e2 --- /dev/null +++ b/tests/tls-etm.c @@ -0,0 +1,346 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +static void terminate(void); + +/* This program tests whether EtM is negotiated as expected. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* A very basic TLS client, with anonymous authentication. + */ + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio, unsigned etm) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (etm != 0 && gnutls_session_etm_status(session) == 0) { + fail("client: EtM was not negotiated with %s!\n", prio); + exit(1); + } else if (etm == 0 && gnutls_session_etm_status(session) != 0) { + fail("client: EtM was negotiated with %s!\n", prio); + exit(1); + } + + if (etm != 0 && ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_ETM) == 0)) { + fail("client: EtM was not negotiated with %s!\n", prio); + exit(1); + } else if (etm == 0 && ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_ETM) != 0)) { + fail("client: EtM was negotiated with %s!\n", prio); + exit(1); + } + + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio, unsigned etm) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + unsigned to_send = sizeof(buffer)/4; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + if (etm != 0 && gnutls_session_etm_status(session) == 0) { + fail("server: EtM was not negotiated with %s!\n", prio); + exit(1); + } else if (etm == 0 && gnutls_session_etm_status(session) != 0) { + fail("server: EtM was negotiated with %s!\n", prio); + exit(1); + } + + if (etm != 0 && ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_ETM) == 0)) { + fail("server: EtM was not negotiated with %s!\n", prio); + exit(1); + } else if (etm == 0 && ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_ETM) != 0)) { + fail("server: EtM was negotiated with %s!\n", prio); + exit(1); + } + + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + do { + ret = + gnutls_record_send(session, buffer, + sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("Error sending %d byte packet: %s\n", to_send, + gnutls_strerror(ret)); + terminate(); + } + to_send++; + } + while (to_send < 64); + + to_send = -1; + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *prio, unsigned etm) +{ + int fd[2]; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], prio, etm); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], prio, etm); + exit(0); + } +} + +#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + + start(AES_CBC, 1); + start(AES_CBC_SHA256, 1); + start(AES_GCM, 0); +} + +#endif /* _WIN32 */ diff --git a/tests/tls-ext-not-in-dtls.c b/tests/tls-ext-not-in-dtls.c new file mode 100644 index 0000000..b754d03 --- /dev/null +++ b/tests/tls-ext-not-in-dtls.c @@ -0,0 +1,288 @@ +/* + * Copyright (C) 2017-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +enum { +TEST_DEF_HANDHAKE, +TEST_CUSTOM_EXT +}; + +/* This program tests whether the Post Handshake Auth extension is + * present in the client hello, and whether it is missing from server + * hello. In addition it contains basic functionality test for + * post handshake authentication. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static int ext_send(gnutls_session_t session, gnutls_buffer_t extdata) +{ + gnutls_buffer_append_data(extdata, "\xff", 1); + return 0; +} + +static int ext_recv(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + return 0; +} + +#define TLS_EXT_IMPL_DTLS 0xfeee +#define TLS_EXT_EXPL_TLS 0xfeea + +static void client(int fd, int type) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + assert(gnutls_global_init() >= 0); + + gnutls_global_set_log_function(client_log_func); + + assert(gnutls_certificate_allocate_credentials(&x509_cred) >= 0); + + assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_DATAGRAM) >= 0); + + if (type == TEST_CUSTOM_EXT) { + assert(gnutls_session_ext_register(session, "implicit-dtls", TLS_EXT_IMPL_DTLS, GNUTLS_EXT_TLS, ext_recv, ext_send, NULL, NULL, NULL, GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO|GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO)>=0); + assert(gnutls_session_ext_register(session, "explicit-tls", TLS_EXT_EXPL_TLS, GNUTLS_EXT_TLS, ext_recv, ext_send, NULL, NULL, NULL, GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO|GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO|GNUTLS_EXT_FLAG_TLS)>=0); + } + + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.0", NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) + fail("handshake: %s\n", gnutls_strerror(ret)); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +#define TLS_EXT_KEY_SHARE 51 +#define TLS_EXT_POST_HANDSHAKE 49 + +struct ext_ctx_st { + int extno; + int found; +}; + +static int parse_ext(void *ctx, unsigned tls_id, const unsigned char *data, unsigned data_size) +{ + struct ext_ctx_st *s = ctx; + + if (s->extno == (int)tls_id) + s->found = 1; + + return 0; +} + +static unsigned find_client_extension(const gnutls_datum_t *msg, int extno) +{ + int ret; + struct ext_ctx_st s; + + memset(&s, 0, sizeof(s)); + s.extno = extno; + + ret = gnutls_ext_raw_parse(&s, parse_ext, msg, GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO); + assert(ret>=0); + + if (s.found) + return 1; + + return 0; +} + +static int hellos_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + int *type; + + if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || post != GNUTLS_HOOK_PRE) + return 0; + + type = gnutls_session_get_ptr(session); + + if (find_client_extension(msg, TLS_EXT_KEY_SHARE)) + fail("Key share extension seen in client hello!\n"); + + if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE)) + fail("Key share extension seen in client hello!\n"); + + if (*type == TEST_CUSTOM_EXT) { + if (!find_client_extension(msg, TLS_EXT_IMPL_DTLS)) + fail("Implicit DTLS extension not seen in client hello!\n"); + + if (find_client_extension(msg, TLS_EXT_EXPL_TLS)) + fail("Explicit TLS extension seen in client hello!\n"); + } + + return 0; +} + +static void server(int fd, int type) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + assert(gnutls_global_init() >= 0); + + gnutls_global_set_log_function(server_log_func); + + assert(gnutls_certificate_allocate_credentials(&x509_cred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_init(&session, GNUTLS_SERVER|GNUTLS_POST_HANDSHAKE_AUTH|GNUTLS_DATAGRAM) >= 0); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + hellos_callback); + + gnutls_session_set_ptr(session, &type); + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:+VERS-TLS1.2", NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +static +void start(const char *name, int type) +{ + int fd[2]; + int ret; + pid_t child; + + signal(SIGCHLD, ch_handler); + success("%s\n", name); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], type); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], type); + exit(0); + } + +} + +void doit(void) { + start("check default extensions", TEST_DEF_HANDHAKE); + start("check registered extensions", TEST_CUSTOM_EXT); +} + +#endif /* _WIN32 */ diff --git a/tests/tls-ext-register.c b/tests/tls-ext-register.c new file mode 100644 index 0000000..cc548d5 --- /dev/null +++ b/tests/tls-ext-register.c @@ -0,0 +1,366 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * + * Author: Thierry Quemerais + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#endif +#include +#include +#include + +#include "utils.h" + +/* A very basic TLS client, with extension + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define TLSEXT_TYPE_SAMPLE 0xF1 + +static int TLSEXT_TYPE_client_sent = 0; +static int TLSEXT_TYPE_client_received = 0; +static int TLSEXT_TYPE_server_sent = 0; +static int TLSEXT_TYPE_server_received = 0; + +static const unsigned char ext_data[] = +{ + 0xFE, + 0xED +}; + +static int ext_recv_client_params(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + if (buflen != sizeof(ext_data)) + fail("ext_recv_client_params: Invalid input buffer length\n"); + + if (memcmp(buf, ext_data, sizeof(ext_data)) != 0) + fail("ext_recv_client_params: Invalid input buffer data\n"); + + TLSEXT_TYPE_client_received = 1; + + gnutls_ext_set_data(session, TLSEXT_TYPE_SAMPLE, session); + + return 0; //Success +} + +static int ext_send_client_params(gnutls_session_t session, gnutls_buffer_t extdata) +{ + TLSEXT_TYPE_client_sent = 1; + gnutls_buffer_append_data(extdata, ext_data, sizeof(ext_data)); + return sizeof(ext_data); +} + +static int ext_recv_server_params(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + if (buflen != sizeof(ext_data)) + fail("ext_recv_server_params: Invalid input buffer length\n"); + + if (memcmp(buf, ext_data, sizeof(ext_data)) != 0) + fail("ext_recv_server_params: Invalid input buffer data\n"); + + TLSEXT_TYPE_server_received = 1; + + return 0; //Success +} + +static int ext_send_server_params(gnutls_session_t session, gnutls_buffer_t extdata) +{ + TLSEXT_TYPE_server_sent = 1; + gnutls_buffer_append_data(extdata, ext_data, sizeof(ext_data)); + return sizeof(ext_data); +} + +static void client(int sd, const char *prio) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t clientx509cred; + void *p; + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "client"; + + /* extensions are registered globally */ + ret = gnutls_ext_register("ext_client", TLSEXT_TYPE_SAMPLE, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL); + assert(ret >= 0); + + gnutls_certificate_allocate_credentials(&clientx509cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (TLSEXT_TYPE_client_sent != 1 || TLSEXT_TYPE_client_received != 1) + fail("client: extension not properly sent/received\n"); + + ret = gnutls_ext_get_data(session, TLSEXT_TYPE_SAMPLE, &p); + if (ret < 0) { + fail("gnutls_ext_get_data: %s\n", gnutls_strerror(ret)); + } + + if (p != session) { + fail("client: gnutls_ext_get_data failed\n"); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + +end: + close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(clientx509cred); +} + +/* This is a sample TLS 1.0 server, for extension + */ + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + + +static void server(int sd, const char *prio) +{ + gnutls_certificate_credentials_t serverx509cred; + int ret; + gnutls_session_t session; + + /* this must be called once in the program + */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "server"; + + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + assert(gnutls_ext_register("ext_server", TLSEXT_TYPE_SAMPLE, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL)>=0); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + if (TLSEXT_TYPE_server_sent != 1 || TLSEXT_TYPE_server_received != 1) + fail("server: extension not properly sent/received\n"); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(serverx509cred); + + if (debug) + success("server: finished\n"); +} + +static +void start(const char *prio) +{ + pid_t child1, child2; + int sockets[2]; + int err; + + success("trying %s\n", prio); + + signal(SIGPIPE, SIG_IGN); + TLSEXT_TYPE_client_sent = 0; + TLSEXT_TYPE_client_received = 0; + TLSEXT_TYPE_server_sent = 0; + TLSEXT_TYPE_server_received = 0; + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child1 = fork(); + if (child1 < 0) { + perror("fork"); + fail("fork"); + } + + if (child1) { + int status; + /* parent */ + close(sockets[1]); + + child2 = fork(); + if (child2 < 0) { + perror("fork"); + fail("fork"); + } + + if (child2) { + waitpid(child1, &status, 0); + check_wait_status(status); + + waitpid(child2, &status, 0); + check_wait_status(status); + } else { + server(sockets[0], prio); + exit(0); + } + } else { + close(sockets[0]); + client(sockets[1], prio); + exit(0); + } +} + +void doit(void) +{ + int ret; + unsigned i; + + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); + + /* check whether we can crash the library by adding many extensions */ + for (i=0;i<64;i++) { + ret = gnutls_ext_register("ext_serverxx", TLSEXT_TYPE_SAMPLE+i+1, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL); + if (ret < 0) { + success("failed registering extension no %d (expected)\n", i+1); + break; + } + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls-force-etm.c b/tests/tls-force-etm.c new file mode 100644 index 0000000..f30be1d --- /dev/null +++ b/tests/tls-force-etm.c @@ -0,0 +1,396 @@ +/* + * Copyright (C) 2015-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* This program tests whether forced EtM is negotiated as expected. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio, unsigned etm, int eret) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (eret < 0) { + if (eret != ret) { + fail("client: Handshake failed with unexpected error: %s\n", gnutls_strerror(ret)); + } + goto end; + } + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (etm != 0 && gnutls_session_etm_status(session) == 0) { + fail("client: EtM was not negotiated with %s!\n", prio); + exit(1); + } else if (etm == 0 && gnutls_session_etm_status(session) != 0) { + fail("client: EtM was negotiated with %s!\n", prio); + exit(1); + } + + if (etm != 0 && ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_ETM) == 0)) { + fail("client: EtM was not negotiated with %s!\n", prio); + exit(1); + } else if (etm == 0 && ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_ETM) != 0)) { + fail("client: EtM was negotiated with %s!\n", prio); + exit(1); + } + + do { + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +static void server(int fd, const char *prio, unsigned etm, int eret) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + unsigned to_send = sizeof(buffer)/4; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + assert(gnutls_init(&session, GNUTLS_SERVER)>=0); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (eret < 0) { + if (eret != -1 && eret != ret) { + fail("server: Handshake failed with unexpected error: %s\n", gnutls_strerror(ret)); + } + goto end; + } + + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + } + + if (etm != 0 && gnutls_session_etm_status(session) == 0) { + fail("server: EtM was not negotiated with %s!\n", prio); + exit(1); + } else if (etm == 0 && gnutls_session_etm_status(session) != 0) { + fail("server: EtM was negotiated with %s!\n", prio); + exit(1); + } + + if (etm != 0 && ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_ETM) == 0)) { + fail("server: EtM was not negotiated with %s!\n", prio); + exit(1); + } else if (etm == 0 && ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_ETM) != 0)) { + fail("server: EtM was negotiated with %s!\n", prio); + exit(1); + } + + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + do { + ret = + gnutls_record_send(session, buffer, + sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("Error sending %d byte packet: %s\n", to_send, + gnutls_strerror(ret)); + } + to_send++; + } + while (to_send < 64); + + to_send = -1; + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + end: + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +struct test_st { + const char *name; + const char *server_prio; + const char *client_prio; + unsigned etm; + int client_err; + int server_err; +}; + +static void start(struct test_st *test) +{ + int fd[2]; + int ret, status; + pid_t child; + + + success("trying: %s\n", test->name); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], test->server_prio, test->etm, test->server_err); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], test->client_prio, test->etm, test->client_err); + exit(0); + } +} + +#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" + +#define AES_CBC_TLS12 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" + +static void ch_handler(int sig) +{ + return; +} + +static struct test_st tests[] = { + { + .name = "aes-cbc-hmac-sha1 with force etm", + .server_prio = AES_CBC":%FORCE_ETM", + .client_prio = AES_CBC":%FORCE_ETM", + .etm = 1 + }, + { + .name = "aes-cbc-hmac-sha256 with force etm", + .server_prio = AES_CBC_SHA256":%FORCE_ETM", + .client_prio = AES_CBC_SHA256":%FORCE_ETM", + .etm = 1 + }, + { + .name = "server aes-cbc-hmac-sha1 with force etm, gcm fallback", + .server_prio = AES_CBC_TLS12":+AES-128-GCM:%FORCE_ETM", + .client_prio = AES_CBC_TLS12":+AES-128-GCM:%NO_ETM", + .etm = 0 + }, + { + .name = "aes-gcm with force etm", + .server_prio = AES_GCM":%FORCE_ETM", + .client_prio = AES_GCM":%FORCE_ETM", + .etm = 0 + }, + { + .name = "server aes-cbc-hmac-sha1 with force etm failure", + .server_prio = AES_CBC":%FORCE_ETM", + .client_prio = AES_CBC":%NO_ETM", + .etm = 0, + .client_err = GNUTLS_E_PREMATURE_TERMINATION, + .server_err = GNUTLS_E_NO_CIPHER_SUITES + }, + { + .name = "client aes-cbc-hmac-sha1 with force etm failure", + .server_prio = AES_CBC":%NO_ETM", + .client_prio = AES_CBC":%FORCE_ETM", + .etm = 0, + .client_err = GNUTLS_E_UNWANTED_ALGORITHM, + .server_err = -1 + } +}; + +void doit(void) +{ + unsigned i; + signal(SIGCHLD, ch_handler); + + for (i=0;i + */ + +/* This tests TLS negotiation using the gnutls_privkey_import_ext2() APIs */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "eagain-common.h" +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +/* sha1 hash of "hello" string */ +const gnutls_datum_t sha1_hash_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t sha256_hash_data = { + (void *) + "\x2c\xf2\x4d\xba\x5f\xb0\xa3\x0e\x26\xe8\x3b\x2a\xc5\xb9\xe2\x9e" + "\x1b\x16\x1e\x5c\x1f\xa7\x42\x5e\x73\x04\x33\x62\x93\x8b\x98\x24", + 32 +}; + +const gnutls_datum_t raw_data = { + (void *) "hello", + 5 +}; + + +struct key_cb_data { + gnutls_privkey_t rkey; /* the real thing */ +}; + +static +int key_cb_sign_func (gnutls_privkey_t key, void* userdata, const gnutls_datum_t * data, + gnutls_datum_t * signature) +{ + struct key_cb_data *p = userdata; + + return gnutls_privkey_sign_hash(p->rkey, 0, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, data, signature); +} + +static void key_cb_deinit_func(gnutls_privkey_t key, void* userdata) +{ + struct key_cb_data *p = userdata; + gnutls_privkey_deinit(p->rkey); + free(userdata); +} + +#define testfail(fmt, ...) \ + fail("%s: "fmt, name, ##__VA_ARGS__) + +static gnutls_privkey_t load_virt_privkey(const char *name, const gnutls_datum_t *txtkey, gnutls_pk_algorithm_t pk, int exp_ret) +{ + gnutls_privkey_t privkey; + struct key_cb_data *userdata; + int ret; + + userdata = calloc(1, sizeof(struct key_cb_data)); + if (userdata == NULL) { + testfail("memory error\n"); + } + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = gnutls_privkey_init(&userdata->rkey); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = + gnutls_privkey_import_x509_raw(userdata->rkey, txtkey, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + testfail("gnutls_privkey_import\n"); + + ret = gnutls_privkey_import_ext2(privkey, pk, userdata, key_cb_sign_func, NULL, key_cb_deinit_func, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + if (ret < 0) { + if (ret == exp_ret) { + gnutls_privkey_deinit(userdata->rkey); + gnutls_privkey_deinit(privkey); + free(userdata); + return NULL; + } + testfail("gnutls_privkey_import_ext2: %s\n", gnutls_strerror(ret)); + } + + return privkey; +} + +static +void try_with_key(const char *name, const char *client_prio, + gnutls_kx_algorithm_t client_kx, + gnutls_sign_algorithm_t server_sign_algo, + gnutls_sign_algorithm_t client_sign_algo, + const gnutls_datum_t *serv_cert, + gnutls_privkey_t key, + int exp_serv_err) +{ + int ret; + gnutls_pcert_st pcert_list[4]; + unsigned pcert_list_size; + /* Server stuff. */ + gnutls_certificate_credentials_t s_xcred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t c_xcred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN, version; + const char *err; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + reset_buffers(); + /* Init server */ + gnutls_certificate_allocate_credentials(&s_xcred); + + pcert_list_size = sizeof(pcert_list)/sizeof(pcert_list[0]); + ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, + serv_cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + testfail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(s_xcred, NULL, 0, pcert_list, + pcert_list_size, key); + if (ret < 0) { + testfail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + } + + assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + s_xcred); + + assert(gnutls_priority_set_direct(server, + "NORMAL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:+ANON-ECDH:+ANON-DH:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519", + NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&c_xcred); + if (ret < 0) + exit(1); + +#if 0 + ret = gnutls_certificate_set_x509_trust_mem(c_xcred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); +#endif + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + c_xcred); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Error in %s\n", err); + exit(1); + } + if (exp_serv_err) { + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, exp_serv_err); + goto cleanup; + } else { + HANDSHAKE(client, server); + } + + if (gnutls_kx_get(client) != client_kx) { + testfail("%s: got unexpected key exchange algorithm: %s (expected %s)\n", name, gnutls_kx_get_name(gnutls_kx_get(client)), + gnutls_kx_get_name(client_kx)); + exit(1); + } + + /* test signature algorithm match */ + version = gnutls_protocol_get_version(client); + if (version >= GNUTLS_TLS1_2) { + ret = gnutls_sign_algorithm_get(server); + if (ret != (int)server_sign_algo && server_sign_algo != 0) { + testfail("%s: got unexpected server signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get_client(server); + if (ret != (int)client_sign_algo && client_sign_algo != 0) { + testfail("%s: got unexpected client signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get(client); + if (ret != (int)server_sign_algo && server_sign_algo != 0) { + testfail("%s: cl: got unexpected server signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get_client(client); + if (ret != (int)client_sign_algo && client_sign_algo != 0) { + testfail("%s: cl: got unexpected client signature algorithm: %d/%s\n", name, ret, gnutls_sign_get_name(ret)); + exit(1); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + cleanup: + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(s_xcred); + gnutls_certificate_free_credentials(c_xcred); +} + +typedef struct test_st { + const char *name; + gnutls_pk_algorithm_t pk; + const char *prio; + const gnutls_datum_t *cert; + const gnutls_datum_t *key; + gnutls_kx_algorithm_t exp_kx; + int exp_key_err; + int exp_serv_err; +} test_st; + +static const test_st tests[] = { + {.name = "TLS1.2 ecc key", + .pk = GNUTLS_PK_ECDSA, + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:+ECDHE-ECDSA", + .cert = &server_ca3_localhost_ecc_cert, + .key = &server_ca3_ecc_key, + .exp_kx = GNUTLS_KX_ECDHE_ECDSA + }, + {.name = "TLS1.3 ecc key", + .pk = GNUTLS_PK_ECDSA, + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .cert = &server_ca3_localhost_ecc_cert, + .key = &server_ca3_ecc_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "rsa-sign key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1:+ECDHE-RSA:+ECDHE-ECDSA", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "rsa-sign key with rsa-pss sigs prioritized", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1:+ECDHE-RSA:+ECDHE-ECDSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256:+SIGN-RSA-PSS-RSAE-SHA384:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "TLS 1.2 rsa-pss-sign key", + .pk = GNUTLS_PK_RSA_PSS, + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1:+ECDHE-RSA:+ECDHE-ECDSA", + .cert = &server_ca3_rsa_pss2_cert, + .key = &server_ca3_rsa_pss2_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .exp_key_err = GNUTLS_E_INVALID_REQUEST + }, + {.name = "TLS 1.3 rsa-pss-sign key", + .pk = GNUTLS_PK_RSA_PSS, + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+ECDHE-RSA:+ECDHE-ECDSA", + .cert = &server_ca3_rsa_pss2_cert, + .key = &server_ca3_rsa_pss2_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .exp_key_err = GNUTLS_E_INVALID_REQUEST + }, + {.name = "rsa-pss cert, rsa-sign key, no rsa-pss-rsae sigs", /* we expect the server to refuse negotiating */ + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512", + .cert = &server_ca3_rsa_pss_cert, + .key = &server_ca3_rsa_pss_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .exp_serv_err = GNUTLS_E_NO_CIPHER_SUITES + }, + {.name = "ed25519 cert, ed25519 key", /* we expect the server to refuse negotiating */ + .pk = GNUTLS_PK_EDDSA_ED25519, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA", + .cert = &server_ca3_eddsa_cert, + .key = &server_ca3_eddsa_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .exp_key_err = GNUTLS_E_INVALID_REQUEST + } +}; + +void doit(void) +{ + gnutls_privkey_t privkey; + unsigned int i; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + for (i=0;i + */ + +/* This tests TLS negotiation using the gnutls_privkey_import_ext2() APIs */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "eagain-common.h" +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +const gnutls_datum_t raw_data = { + (void *) "hello", + 5 +}; + + +struct key_cb_data { + gnutls_privkey_t rkey; /* the real thing */ + unsigned pk; + unsigned sig; + unsigned bits; +}; + +static int key_cb_info_func(gnutls_privkey_t key, unsigned int flags, void *userdata) +{ + struct key_cb_data *p = userdata; + + if (flags & GNUTLS_PRIVKEY_INFO_PK_ALGO) + return p->pk; + else if (flags & GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS) + return p->bits; + else if (flags & GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO) { + unsigned sig = GNUTLS_FLAGS_TO_SIGN_ALGO(flags); + + if (sig == p->sig) + return 1; + + return 0; + } + + return -1; +} + +static +int key_cb_sign_data_func(gnutls_privkey_t key, gnutls_sign_algorithm_t sig, + void* userdata, unsigned int flags, const gnutls_datum_t *data, + gnutls_datum_t *signature) +{ + struct key_cb_data *p = userdata; + + if (debug) + fprintf(stderr, "signing data with: %s\n", gnutls_sign_get_name(sig)); + return gnutls_privkey_sign_data2(p->rkey, sig, 0, data, signature); +} + +static +int key_cb_sign_hash_func(gnutls_privkey_t key, gnutls_sign_algorithm_t sig, + void* userdata, unsigned int flags, const gnutls_datum_t *data, + gnutls_datum_t *signature) +{ + struct key_cb_data *p = userdata; + + if (sig == GNUTLS_SIGN_RSA_RAW) { + if (debug) + fprintf(stderr, "signing digestinfo with: raw RSA\n"); + return gnutls_privkey_sign_hash(p->rkey, 0, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, data, signature); + } else { + if (debug) + fprintf(stderr, "signing hash with: %s\n", gnutls_sign_get_name(sig)); + return gnutls_privkey_sign_hash2(p->rkey, sig, 0, data, signature); + } +} + +static +int key_cb_decrypt_func(gnutls_privkey_t key, void *userdata, const gnutls_datum_t *ciphertext, + gnutls_datum_t *plaintext) +{ + struct key_cb_data *p = userdata; + + return gnutls_privkey_decrypt_data(p->rkey, 0, ciphertext, plaintext); +} + +static void key_cb_deinit_func(gnutls_privkey_t key, void* userdata) +{ + struct key_cb_data *p = userdata; + gnutls_privkey_deinit(p->rkey); + free(userdata); +} + +#define testfail(fmt, ...) \ + fail("%s: "fmt, name, ##__VA_ARGS__) + +static gnutls_privkey_t load_virt_privkey(const char *name, const gnutls_datum_t *txtkey, + gnutls_pk_algorithm_t pk, gnutls_sign_algorithm_t sig, + int exp_ret) +{ + gnutls_privkey_t privkey; + struct key_cb_data *userdata; + int ret; + + userdata = calloc(1, sizeof(struct key_cb_data)); + if (userdata == NULL) { + testfail("memory error\n"); + } + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = gnutls_privkey_init(&userdata->rkey); + if (ret < 0) + testfail("gnutls_privkey_init\n"); + + ret = + gnutls_privkey_import_x509_raw(userdata->rkey, txtkey, GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + testfail("gnutls_privkey_import\n"); + + gnutls_privkey_get_pk_algorithm(userdata->rkey, &userdata->bits); + + userdata->pk = pk; + userdata->sig = sig; + + ret = gnutls_privkey_import_ext4(privkey, userdata, key_cb_sign_data_func, + key_cb_sign_hash_func, key_cb_decrypt_func, + key_cb_deinit_func, key_cb_info_func, + GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + if (ret < 0) { + if (ret == exp_ret) { + gnutls_privkey_deinit(userdata->rkey); + gnutls_privkey_deinit(privkey); + free(userdata); + return NULL; + } + testfail("gnutls_privkey_import_ext2: %s\n", gnutls_strerror(ret)); + } + + return privkey; +} + +static +void try_with_key(const char *name, const char *client_prio, + gnutls_kx_algorithm_t client_kx, + gnutls_sign_algorithm_t server_sign_algo, + gnutls_sign_algorithm_t client_sign_algo, + const gnutls_datum_t *serv_cert, + gnutls_privkey_t key, + int exp_serv_err) +{ + int ret; + gnutls_pcert_st pcert_list[4]; + unsigned pcert_list_size; + /* Server stuff. */ + gnutls_certificate_credentials_t s_xcred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t c_xcred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN, version; + const char *err; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + reset_buffers(); + /* Init server */ + gnutls_certificate_allocate_credentials(&s_xcred); + + pcert_list_size = sizeof(pcert_list)/sizeof(pcert_list[0]); + ret = gnutls_pcert_list_import_x509_raw(pcert_list, &pcert_list_size, + serv_cert, GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) { + testfail("error in gnutls_pcert_list_import_x509_raw: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_key(s_xcred, NULL, 0, pcert_list, + pcert_list_size, key); + if (ret < 0) { + testfail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + } + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + s_xcred); + + assert(gnutls_priority_set_direct(server, "NORMAL", NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&c_xcred); + if (ret < 0) + exit(1); + +#if 0 + ret = gnutls_certificate_set_x509_trust_mem(c_xcred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); +#endif + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + c_xcred); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Error in %s\n", err); + exit(1); + } + if (exp_serv_err) { + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, exp_serv_err); + goto cleanup; + } else { + HANDSHAKE(client, server); + } + + if (gnutls_kx_get(client) != client_kx) { + testfail("got unexpected key exchange algorithm: %s (expected %s)\n", gnutls_kx_get_name(gnutls_kx_get(client)), + gnutls_kx_get_name(client_kx)); + exit(1); + } + + /* test signature algorithm match */ + version = gnutls_protocol_get_version(client); + if (version >= GNUTLS_TLS1_2) { + ret = gnutls_sign_algorithm_get(server); + if (ret != (int)server_sign_algo && server_sign_algo != 0) { + testfail("got unexpected server signature algorithm: %d/%s\n", ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get_client(server); + if (ret != (int)client_sign_algo && client_sign_algo != 0) { + testfail("got unexpected client signature algorithm: %d/%s\n", ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get(client); + if (ret != (int)server_sign_algo && server_sign_algo != 0) { + testfail("cl: got unexpected server signature algorithm: %d/%s\n", ret, gnutls_sign_get_name(ret)); + exit(1); + } + + ret = gnutls_sign_algorithm_get_client(client); + if (ret != (int)client_sign_algo && client_sign_algo != 0) { + testfail("cl: got unexpected client signature algorithm: %d/%s\n", ret, gnutls_sign_get_name(ret)); + exit(1); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + cleanup: + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(s_xcred); + gnutls_certificate_free_credentials(c_xcred); +} + +typedef struct test_st { + const char *name; + gnutls_pk_algorithm_t pk; + const char *prio; + const gnutls_datum_t *cert; + const gnutls_datum_t *key; + gnutls_kx_algorithm_t exp_kx; + unsigned sig; + int exp_key_err; + int exp_serv_err; +} test_st; + +static const test_st tests[] = { + {.name = "tls1.2 ecc key", + .pk = GNUTLS_PK_ECDSA, + .prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_localhost_ecc_cert, + .key = &server_ca3_ecc_key, + .sig = GNUTLS_SIGN_ECDSA_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_ECDSA + }, + {.name = "tls1.0 ecc key", + .pk = GNUTLS_PK_ECDSA, + .prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0", + .cert = &server_ca3_localhost_ecc_cert, + .key = &server_ca3_ecc_key, + .sig = GNUTLS_SIGN_ECDSA_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_ECDSA + }, + {.name = "tls1.1 ecc key", + .pk = GNUTLS_PK_ECDSA, + .prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1", + .cert = &server_ca3_localhost_ecc_cert, + .key = &server_ca3_ecc_key, + .sig = GNUTLS_SIGN_ECDSA_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_ECDSA + }, + {.name = "tls1.2 rsa-sign key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .sig = GNUTLS_SIGN_RSA_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "tls1.0 rsa-sign key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .sig = GNUTLS_SIGN_RSA_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "tls1.0 rsa-decrypt key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:-KX-ALL:+RSA:-VERS-ALL:+VERS-TLS1.0", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .exp_kx = GNUTLS_KX_RSA + }, + {.name = "tls1.1 rsa-sign key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .sig = GNUTLS_SIGN_RSA_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "tls1.2 rsa-sign key with rsa-pss sigs prioritized", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:-VERS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .sig = GNUTLS_SIGN_RSA_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "tls1.2 rsa-pss-sign key", + .pk = GNUTLS_PK_RSA_PSS, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_rsa_pss2_cert, + .key = &server_ca3_rsa_pss2_key, + .sig = GNUTLS_SIGN_RSA_PSS_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + }, + {.name = "tls1.2 rsa-pss cert, rsa-sign key", /* we expect the server to refuse negotiating */ + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_rsa_pss_cert, + .key = &server_ca3_rsa_pss_key, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .exp_serv_err = GNUTLS_E_NO_CIPHER_SUITES + }, + {.name = "tls1.2 ed25519 cert, ed25519 key", + .pk = GNUTLS_PK_EDDSA_ED25519, + .prio = "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_eddsa_cert, + .key = &server_ca3_eddsa_key, + .sig = GNUTLS_SIGN_EDDSA_ED25519, + .exp_kx = GNUTLS_KX_ECDHE_ECDSA, + }, + {.name = "tls1.2 rsa-decrypt key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:-KX-ALL:+RSA:-VERS-ALL:+VERS-TLS1.2", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .exp_kx = GNUTLS_KX_RSA + }, + {.name = "tls1.3 ecc key", + .pk = GNUTLS_PK_ECDSA, + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .cert = &server_ca3_localhost_ecc_cert, + .key = &server_ca3_ecc_key, + .sig = GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "tls1.3 rsa-sign key", + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .cert = &server_ca3_localhost_cert, + .key = &server_ca3_key, + .sig = GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_RSA + }, + {.name = "tls1.3 rsa-pss-sign key", + .pk = GNUTLS_PK_RSA_PSS, + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .cert = &server_ca3_rsa_pss2_cert, + .key = &server_ca3_rsa_pss2_key, + .sig = GNUTLS_SIGN_RSA_PSS_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + }, + {.name = "tls1.3 rsa-pss cert, rsa-sign key", /* we expect the server to attempt to downgrade to TLS 1.2, but it is not possible because it is not enabled */ + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .cert = &server_ca3_rsa_pss_cert, + .key = &server_ca3_rsa_pss_key, + .sig = GNUTLS_SIGN_RSA_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .exp_serv_err = GNUTLS_E_NO_CIPHER_SUITES + }, + {.name = "tls1.3 rsa-pss cert, rsa-sign key, downgrade to tls1.2", /* we expect the server to downgrade to TLS 1.2 and refuse negotiating */ + .pk = GNUTLS_PK_RSA, + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2", + .cert = &server_ca3_rsa_pss_cert, + .key = &server_ca3_rsa_pss_key, + .sig = GNUTLS_SIGN_RSA_SHA256, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + .exp_serv_err = GNUTLS_E_NO_CIPHER_SUITES + }, + {.name = "tls1.3 ed25519 cert, ed25519 key", + .pk = GNUTLS_PK_EDDSA_ED25519, + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .cert = &server_ca3_eddsa_cert, + .key = &server_ca3_eddsa_key, + .sig = GNUTLS_SIGN_EDDSA_ED25519, + .exp_kx = GNUTLS_KX_ECDHE_RSA, + } +}; + +void doit(void) +{ + gnutls_privkey_t privkey; + unsigned int i; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + for (i=0;i +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +# include +# include +#endif +#include +#include "utils.h" +#include "cert-common.h" + +#define FLAG_CLI_DO_THREADS 1 +#define FLAG_FALSE_START 2 +#define FLAG_EARLY_START 4 + +#ifdef _WIN32 + +void doit(void) +{ + exit(77); +} + +#else + +/* Tests whether we can send and receive from different threads + * using DTLS, either as server or client. DTLS is a superset of + * TLS, so correct behavior under fork means TLS would operate too. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define MSG "hello1111" +#define MSG2 "xxxxxxxxxxxx" + +#define NO_MSGS 128 + +static void *recv_thread(void *arg) +{ + gnutls_session_t session = arg; + int ret; + unsigned i; + char buf[64]; + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + for (i=0;i=0); + + if (flags & FLAG_FALSE_START) + init_flags |= GNUTLS_ENABLE_FALSE_START; + + assert(gnutls_init(&session, init_flags) >= 0); + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + assert(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred)>=0); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (flags & FLAG_CLI_DO_THREADS) + do_thread_stuff(session); + else + do_reflect_stuff(session); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +static void server(int fd, const char *prio, unsigned flags) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + unsigned init_flags = GNUTLS_SERVER; + + /* this must be called once in the program + */ + global_init(); + +#if 0 + if (debug) { + side = "server"; + gnutls_global_set_log_function(tls_log_func); + gnutls_global_set_log_level(4711); + } +#endif + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM)>=0); + + if (flags & FLAG_EARLY_START) + init_flags |= GNUTLS_ENABLE_EARLY_START; + + assert(gnutls_init(&session, init_flags)>=0); + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (flags & FLAG_CLI_DO_THREADS) + do_reflect_stuff(session); + else + do_thread_stuff(session); + + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void run(const char *str, const char *prio, unsigned flags) +{ + int fd[2]; + int ret; + pid_t child; + + if (str) + success("running %s\n", str); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + } + + if (child) { + int status; + /* parent */ + + close(fd[1]); + client(fd[0], prio, flags); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + server(fd[1], prio, flags); + exit(0); + } +} + +void doit(void) +{ + signal(SIGPIPE, SIG_IGN); + run("default, threaded client", "NORMAL", FLAG_CLI_DO_THREADS); + run("default, threaded server", "NORMAL", 0); + run("tls1.2, threaded client", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2", FLAG_CLI_DO_THREADS); + run("tls1.2, threaded server", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2", 0); + run("tls1.2 false start, threaded client", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2", FLAG_CLI_DO_THREADS|FLAG_FALSE_START); + run("tls1.2 false start, threaded server", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2", FLAG_FALSE_START); + run("tls1.3 early start, threaded client", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", FLAG_CLI_DO_THREADS|FLAG_EARLY_START); + run("tls1.3 early start, threaded server", "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", FLAG_EARLY_START); +} +#endif /* _WIN32 */ diff --git a/tests/tls-record-size-limit-asym.c b/tests/tls-record-size-limit-asym.c new file mode 100644 index 0000000..1fd8289 --- /dev/null +++ b/tests/tls-record-size-limit-asym.c @@ -0,0 +1,277 @@ +/* + * Copyright (C) 2015, 2019 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" + +#include "eagain-common.h" + +#include "cert-common.h" + +/* This tests whether the max-record extension is respected on TLS. + */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define MAX_BUF 16384 +static char buffer[MAX_BUF]; + +struct test_exp_st { + int error; + size_t size; +}; + +struct test_st { + const char *prio; + size_t server_max_size; + size_t client_max_size; + + struct test_exp_st server_exp; + struct test_exp_st client_exp; +}; + +static void start(const struct test_st *test) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + printf("testing server limit %d and client limit %d in %s\n", + (int)test->server_max_size, (int)test->client_max_size, + test->prio); + + global_init(); + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&serverx509cred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server2_cert, &server2_key, + GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); + assert(gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred) >= 0); + + assert(gnutls_priority_set_direct(server, test->prio, NULL) >= 0); + + ret = gnutls_record_set_max_recv_size(server, test->server_max_size); + if (ret != test->server_exp.error) + fail("server: unexpected error from gnutls_record_set_max_recv_size()"); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, + server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + + + /* Init client */ + assert(gnutls_certificate_allocate_credentials(&clientx509cred) >= 0); + + assert(gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca2_cert, GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_init(&client, GNUTLS_CLIENT) >= 0); + + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred) >= 0); + + assert(gnutls_priority_set_direct(client, test->prio, NULL) >= 0); + + ret = gnutls_record_set_max_recv_size(client, test->client_max_size); + if (ret != test->client_exp.error) + fail("client: unexpected error from gnutls_record_set_max_recv_size()"); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, + client_pull_timeout_func); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + memset(buffer, 1, sizeof(buffer)); + ret = gnutls_record_send(server, buffer, test->client_max_size + 1); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + if (ret != (int)test->server_exp.size) + fail("server: unexpected record size sent: %d (%d)\n", + ret, (int)test->server_exp.size); + success("server: did not send a %d-byte packet\n", + (int)test->server_exp.size); + + ret = gnutls_record_send(server, buffer, test->client_max_size); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + success("server: did send a %d-byte packet\n", + (int)test->client_max_size); + + ret = gnutls_record_send(client, buffer, test->server_max_size + 1); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + if (ret != (int)test->client_exp.size) + fail("client: unexpected record size sent: %d (%d)\n", + ret, (int)test->client_exp.size); + success("client: did not send a %d-byte packet\n", + (int)test->server_max_size + 1); + + ret = gnutls_record_send(client, buffer, test->server_max_size); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + success("client: did send a %d-byte packet\n", + (int)test->server_max_size); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); +} + +static const struct test_st tests[] = { + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2", + .server_max_size = 512, + .client_max_size = 16384, + .server_exp = { + .error = 0, + .size = 16384, + }, + .client_exp = { + .error = 0, + .size = 512, + } + }, + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2", + .server_max_size = 16384, + .client_max_size = 512, + .server_exp = { + .error = 0, + .size = 512, + }, + .client_exp = { + .error = 0, + .size = 16384, + } + }, + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .server_max_size = 512, + .client_max_size = 16384, + .server_exp = { + .error = 0, + .size = 16384, + }, + .client_exp = { + .error = 0, + .size = 512, + } + }, + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .server_max_size = 16384, + .client_max_size = 512, + .server_exp = { + .error = 0, + .size = 512, + }, + .client_exp = { + .error = 0, + .size = 16384, + } + }, + { + .prio = "NORMAL", + .server_max_size = 512, + .client_max_size = 16384, + .server_exp = { + .error = 0, + .size = 16384, + }, + .client_exp = { + .error = 0, + .size = 512, + } + }, + { + .prio = "NORMAL", + .server_max_size = 16384, + .client_max_size = 512, + .server_exp = { + .error = 0, + .size = 512, + }, + .client_exp = { + .error = 0, + .size = 16384, + } + } +}; + +void doit(void) +{ + size_t i; + for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) + start(&tests[i]); +} diff --git a/tests/tls-record-size-limit.c b/tests/tls-record-size-limit.c new file mode 100644 index 0000000..8346ee5 --- /dev/null +++ b/tests/tls-record-size-limit.c @@ -0,0 +1,519 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" + +#define SKIP16(pos, total) { \ + uint16_t _s; \ + if (pos+2 > total) fail("error\n"); \ + _s = (msg->data[pos] << 8) | msg->data[pos+1]; \ + if ((size_t)(pos+2+_s) > total) fail("error\n"); \ + pos += 2+_s; \ + } + +#define SKIP8(pos, total) { \ + uint8_t _s; \ + if (pos+1 > total) fail("error\n"); \ + _s = msg->data[pos]; \ + if ((size_t)(pos+1+_s) > total) fail("error\n"); \ + pos += 1+_s; \ + } + +#define HANDSHAKE_SESSION_ID_POS 34 + +static size_t server_max_send_size; +static size_t client_max_send_size; + +#define SERVER_PUSH_ADD if (len > server_max_send_size + 5+32) fail("max record set to %d, len: %d\n", (int)server_max_send_size, (int)len); +#include "eagain-common.h" + +#include "cert-common.h" + +/* This tests whether the max-record extension is respected on TLS. + */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +struct handshake_cb_data_st { + gnutls_session_t session; + bool found_max_record_size; + bool found_record_size_limit; +}; + +static struct handshake_cb_data_st server_handshake_cb_data; +static struct handshake_cb_data_st client_handshake_cb_data; + +static int ext_callback(void *ctx, unsigned tls_id, const unsigned char *data, unsigned size) +{ + struct handshake_cb_data_st *cb_data = ctx; + if (tls_id == 1) { /* max record size */ + cb_data->found_max_record_size = 1; + } else if (tls_id == 28) { /* record size limit */ + cb_data->found_record_size_limit = 1; + } + return 0; +} + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + int ret; + unsigned pos; + gnutls_datum_t mmsg; + + if (!post) + return 0; + + switch (htype) { + case GNUTLS_HANDSHAKE_CLIENT_HELLO: + assert(msg->size >= HANDSHAKE_SESSION_ID_POS); + pos = HANDSHAKE_SESSION_ID_POS; + SKIP8(pos, msg->size); + SKIP16(pos, msg->size); + SKIP8(pos, msg->size); + + mmsg.data = &msg->data[pos]; + mmsg.size = msg->size - pos; + ret = gnutls_ext_raw_parse(&server_handshake_cb_data, ext_callback, &mmsg, 0); + assert(ret >= 0); + break; + case GNUTLS_HANDSHAKE_ENCRYPTED_EXTENSIONS: + ret = gnutls_ext_raw_parse(&client_handshake_cb_data, ext_callback, msg, 0); + assert(ret >= 0); + break; + case GNUTLS_HANDSHAKE_SERVER_HELLO: + assert(msg->size >= HANDSHAKE_SESSION_ID_POS); + pos = HANDSHAKE_SESSION_ID_POS; + SKIP8(pos, msg->size); + pos += 3; + + mmsg.data = &msg->data[pos]; + mmsg.size = msg->size - pos; + ret = gnutls_ext_raw_parse(&client_handshake_cb_data, ext_callback, &mmsg, 0); + assert(ret >= 0); + break; + default: + break; + } + return 0; +} + +#define MAX_BUF 16384 +static char buffer[MAX_BUF]; + +struct test_exp_st { + int error; + size_t size; + bool max_record_size; + bool record_size_limit; +}; + +struct test_st { + const char *prio; + size_t server_max_size; + size_t client_max_size; + + struct test_exp_st server_exp; + struct test_exp_st client_exp; +}; + +static void check_exts(const struct test_exp_st *exp, + struct handshake_cb_data_st *data) +{ + if (exp->max_record_size && !data->found_max_record_size) + fail("%s: didn't see max_record_size\n", side); + if (!exp->max_record_size && data->found_max_record_size) + fail("%s: did see max_record_size\n", side); + + if (exp->record_size_limit && !data->found_record_size_limit) + fail("%s: didn't see record_size_limit\n", side); + if (!exp->record_size_limit && data->found_record_size_limit) + fail("%s: did see record_size_limit\n", side); +} + +static void start(const struct test_st *test) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + memset(&server_handshake_cb_data, 0, sizeof(server_handshake_cb_data)); + memset(&client_handshake_cb_data, 0, sizeof(client_handshake_cb_data)); + + global_init(); + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server2_cert, &server2_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_priority_set_direct(server, test->prio, NULL); + + ret = gnutls_record_set_max_size(server, test->server_max_size); + if (ret != test->server_exp.error) + fail("server: unexpected error from gnutls_record_set_max_size()"); + if (ret == 0) + server_max_send_size = test->server_max_size; + else + server_max_send_size = MAX_BUF; + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, + server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + + server_handshake_cb_data.session = server; + gnutls_handshake_set_hook_function(server, + GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HOOK_POST, + handshake_callback); + + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca2_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, test->prio, NULL); + if (ret < 0) + exit(1); + + ret = gnutls_record_set_max_size(client, test->client_max_size); + if (ret != test->client_exp.error) + fail("client: unexpected error from gnutls_record_set_max_size()"); + if (ret == 0) + client_max_send_size = test->client_max_size; + else + client_max_send_size = MAX_BUF; + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, + client_pull_timeout_func); + gnutls_transport_set_ptr(client, client); + + client_handshake_cb_data.session = client; + gnutls_handshake_set_hook_function(client, + GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_POST, + handshake_callback); + + HANDSHAKE(client, server); + + memset(buffer, 1, sizeof(buffer)); + ret = gnutls_record_send(server, buffer, server_max_send_size + 1); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + if (ret != (int)test->server_exp.size) + fail("server: unexpected record size sent: %d (%d)\n", + ret, (int)test->server_exp.size); + success("server: did not send a %d-byte packet\n", (int)server_max_send_size + 1); + + ret = gnutls_record_send(server, buffer, server_max_send_size); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + success("server: did send a %d-byte packet\n", (int)server_max_send_size); + + ret = gnutls_record_send(client, buffer, client_max_send_size + 1); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + if (ret != (int)test->client_exp.size) + fail("client: unexpected record size sent: %d (%d)\n", + ret, (int)test->client_exp.size); + success("client: did not send a %d-byte packet\n", (int)client_max_send_size + 1); + + ret = gnutls_record_send(client, buffer, client_max_send_size); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + success("client: did send a %d-byte packet\n", (int)client_max_send_size); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); + + check_exts(&test->server_exp, + &server_handshake_cb_data); + check_exts(&test->client_exp, + &client_handshake_cb_data); +} + +static const struct test_st tests[] = { + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2", + .server_max_size = 511, + .client_max_size = 511, + .server_exp = { + .error = GNUTLS_E_INVALID_REQUEST, + .size = 16384, + .max_record_size = 0, + .record_size_limit = 1 + }, + .client_exp = { + .error = GNUTLS_E_INVALID_REQUEST, + .size = 16384, + .max_record_size = 0, + .record_size_limit = 1 + } + }, + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2", + .server_max_size = 512, + .client_max_size = 512, + .server_exp = { + .error = 0, + .size = 512, + .max_record_size = 1, + .record_size_limit = 1 + }, + .client_exp = { + .error = 0, + .size = 512, + .max_record_size = 0, + .record_size_limit = 1 + } + }, + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2", + .server_max_size = 8192, + .client_max_size = 8192, + .server_exp = { + .error = 0, + .size = 8192, + .max_record_size = 0, + .record_size_limit = 1 + }, + .client_exp = { + .error = 0, + .size = 8192, + .max_record_size = 0, + .record_size_limit = 1 + } + }, + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2", + .server_max_size = 16384, + .client_max_size = 16384, + .server_exp = { + .error = 0, + .size = 16384, + .max_record_size = 0, + .record_size_limit = 1 + }, + .client_exp = { + .error = 0, + .size = 16384, + .max_record_size = 0, + .record_size_limit = 1 + } + }, + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2", + .server_max_size = 16385, + .client_max_size = 16385, + .server_exp = { + .error = GNUTLS_E_INVALID_REQUEST, + .size = 16384, + .max_record_size = 0, + .record_size_limit = 1 + }, + .client_exp = { + .error = GNUTLS_E_INVALID_REQUEST, + .size = 16384, + .max_record_size = 0, + .record_size_limit = 1 + } + }, + + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .server_max_size = 511, + .client_max_size = 511, + .server_exp = { + .error = GNUTLS_E_INVALID_REQUEST, + .size = 16384, + .max_record_size = 0, + .record_size_limit = 1 + }, + .client_exp = { + .error = GNUTLS_E_INVALID_REQUEST, + .size = 16384, + .max_record_size = 0, + .record_size_limit = 1 + } + }, + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .server_max_size = 512, + .client_max_size = 512, + .server_exp = { + .error = 0, + .size = 512, + .max_record_size = 1, + .record_size_limit = 1 + }, + .client_exp = { + .error = 0, + .size = 512, + .max_record_size = 0, + .record_size_limit = 1 + } + }, + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .server_max_size = 8192, + .client_max_size = 8192, + .server_exp = { + .error = 0, + .size = 8192, + .max_record_size = 0, + .record_size_limit = 1 + }, + .client_exp = { + .error = 0, + .size = 8192, + .max_record_size = 0, + .record_size_limit = 1 + } + }, + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .server_max_size = 16384, + .client_max_size = 16384, + .server_exp = { + .error = 0, + .size = 16384, + .max_record_size = 0, + .record_size_limit = 1 + }, + .client_exp = { + .error = 0, + .size = 16384, + .max_record_size = 0, + .record_size_limit = 1 + } + }, + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .server_max_size = 16383, + .client_max_size = 16384, + .server_exp = { + .error = 0, + .size = 16383, + .max_record_size = 0, + .record_size_limit = 1 + }, + .client_exp = { + .error = 0, + .size = 16383, + .max_record_size = 0, + .record_size_limit = 1 + } + }, + { + .prio = "NORMAL:-VERS-ALL:+VERS-TLS1.3", + .server_max_size = 16385, + .client_max_size = 16385, + .server_exp = { + .error = GNUTLS_E_INVALID_REQUEST, + .size = 16384, + .max_record_size = 0, + .record_size_limit = 1 + }, + .client_exp = { + .error = GNUTLS_E_INVALID_REQUEST, + .size = 16384, + .max_record_size = 0, + .record_size_limit = 1 + } + } +}; + +void doit(void) +{ + size_t i; + for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) + start(&tests[i]); +} diff --git a/tests/tls-session-ext-override.c b/tests/tls-session-ext-override.c new file mode 100644 index 0000000..699e9a3 --- /dev/null +++ b/tests/tls-session-ext-override.c @@ -0,0 +1,317 @@ +/* + * Copyright (C) 2004-2016 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Thierry Quemerais, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This program tests whether an extension is exchanged when registered + * at the session level */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#endif +#include +#include + +#include "utils.h" +#include "cert-common.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static int TLSEXT_TYPE_client_sent = 0; +static int TLSEXT_TYPE_client_received = 0; +static int TLSEXT_TYPE_server_sent = 0; +static int TLSEXT_TYPE_server_received = 0; +static int overridden_extension = -1; + +static const unsigned char ext_data[] = +{ + 0xFE, + 0xED +}; + +static int ext_recv_client_params(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + if (buflen != sizeof(ext_data)) + fail("ext_recv_client_params: Invalid input buffer length\n"); + + if (memcmp(buf, ext_data, sizeof(ext_data)) != 0) + fail("ext_recv_client_params: Invalid input buffer data\n"); + + TLSEXT_TYPE_client_received = 1; + + gnutls_ext_set_data(session, overridden_extension, session); + + return 0; //Success +} + +static int ext_send_client_params(gnutls_session_t session, gnutls_buffer_t extdata) +{ + TLSEXT_TYPE_client_sent = 1; + gnutls_buffer_append_data(extdata, ext_data, sizeof(ext_data)); + return sizeof(ext_data); +} + +static int ext_recv_server_params(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + if (buflen != sizeof(ext_data)) + fail("ext_recv_server_params: Invalid input buffer length\n"); + + if (memcmp(buf, ext_data, sizeof(ext_data)) != 0) + fail("ext_recv_server_params: Invalid input buffer data\n"); + + TLSEXT_TYPE_server_received = 1; + + return 0; //Success +} + +static int ext_send_server_params(gnutls_session_t session, gnutls_buffer_t extdata) +{ + TLSEXT_TYPE_server_sent = 1; + gnutls_buffer_append_data(extdata, ext_data, sizeof(ext_data)); + return sizeof(ext_data); +} + +static void client(int sd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t clientx509cred; + void *p; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "client"; + + gnutls_certificate_allocate_credentials(&clientx509cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, "PERFORMANCE:+ANON-ECDH:+ANON-DH", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_session_ext_register(session, "ext_client", overridden_extension, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, 0); + if (ret != GNUTLS_E_ALREADY_REGISTERED) + fail("client: register existing extension (%d)\n", overridden_extension); + + ret = gnutls_session_ext_register(session, "ext_client", 0, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL); + if (ret != GNUTLS_E_ALREADY_REGISTERED) + fail("client: register extension %d\n", 0); + + ret = gnutls_session_ext_register(session, "ext_client", overridden_extension, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL); + if (ret < 0) + fail("client: register extension (%d)\n", overridden_extension); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("[%d]: client: Handshake failed\n", overridden_extension); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (TLSEXT_TYPE_client_sent != 1 || TLSEXT_TYPE_client_received != 1) + fail("client: extension not properly sent/received\n"); + + ret = gnutls_ext_get_data(session, overridden_extension, &p); + if (ret < 0) { + fail("gnutls_ext_get_data: %s\n", gnutls_strerror(ret)); + } + + if (p != session) { + fail("client: gnutls_ext_get_data failed\n"); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + +end: + close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +static void server(int sd) +{ + gnutls_certificate_credentials_t serverx509cred; + int ret; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "server"; + + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "PERFORMANCE:+ANON-ECDH:+ANON-DH", + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + ret = gnutls_session_ext_register(session, "ext_server", overridden_extension, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, 0); + if (ret != GNUTLS_E_ALREADY_REGISTERED) + fail("client: register existing extension\n"); + + ret = gnutls_session_ext_register(session, "ext_server", overridden_extension, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL); + if (ret < 0) + fail("client: register extension\n"); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("[%d]: server: Handshake has failed (%s)\n\n", + overridden_extension, gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + if (TLSEXT_TYPE_server_sent != 1 || TLSEXT_TYPE_server_received != 1) + fail("server: extension not properly sent/received\n"); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(serverx509cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void override_ext(unsigned extension) +{ + pid_t child; + int sockets[2]; + int err; + + signal(SIGPIPE, SIG_IGN); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + TLSEXT_TYPE_client_sent = 0; + TLSEXT_TYPE_client_received = 0; + TLSEXT_TYPE_server_sent = 0; + TLSEXT_TYPE_server_received = 0; + overridden_extension = extension; + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + close(sockets[1]); + server(sockets[0]); + wait(&status); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1]); + exit(0); + } +} + +void doit(void) +{ + override_ext(1); + override_ext(21); +} + +#endif /* _WIN32 */ diff --git a/tests/tls-session-ext-register.c b/tests/tls-session-ext-register.c new file mode 100644 index 0000000..cac94cc --- /dev/null +++ b/tests/tls-session-ext-register.c @@ -0,0 +1,397 @@ +/* + * Copyright (C) 2004-2016 Free Software Foundation, Inc. + * + * Author: Thierry Quemerais, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This program tests whether an extension is exchanged when registered + * at the session level */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#endif +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define TLSEXT_TYPE_SAMPLE 0xF1 +#define TLSEXT_TYPE_IGN 0xF2 + +static int TLSEXT_TYPE_client_sent = 0; +static int TLSEXT_TYPE_client_received = 0; +static int TLSEXT_TYPE_server_sent = 0; +static int TLSEXT_TYPE_server_received = 0; +static int ign_extension_called = 0; + +static void reset_vars(void) +{ + TLSEXT_TYPE_client_sent = 0; + TLSEXT_TYPE_client_received = 0; + TLSEXT_TYPE_server_sent = 0; + TLSEXT_TYPE_server_received = 0; + ign_extension_called = 0; +} + +static const unsigned char ext_data[] = +{ + 0xFE, + 0xED +}; + +#define myfail(fmt, ...) \ + fail("%s: "fmt, name, ##__VA_ARGS__) + +static int ext_recv_client_params(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + const char *name; + name = gnutls_session_get_ptr(session); + + if (buflen != sizeof(ext_data)) + myfail("ext_recv_client_params: Invalid input buffer length\n"); + + if (memcmp(buf, ext_data, sizeof(ext_data)) != 0) + myfail("ext_recv_client_params: Invalid input buffer data\n"); + + TLSEXT_TYPE_client_received = 1; + + gnutls_ext_set_data(session, TLSEXT_TYPE_SAMPLE, session); + + return 0; //Success +} + +static int ext_send_client_params(gnutls_session_t session, gnutls_buffer_t extdata) +{ + TLSEXT_TYPE_client_sent = 1; + gnutls_buffer_append_data(extdata, ext_data, sizeof(ext_data)); + return sizeof(ext_data); +} + +static int ext_recv_client_ign_params(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + return 0; +} + +static int ext_send_client_ign_params(gnutls_session_t session, gnutls_buffer_t extdata) +{ + ign_extension_called = 1; + return 0; +} + +static int ext_recv_server_params(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + const char *name; + + name = gnutls_session_get_ptr(session); + + if (buflen != sizeof(ext_data)) + myfail("ext_recv_server_params: Invalid input buffer length\n"); + + if (memcmp(buf, ext_data, sizeof(ext_data)) != 0) + myfail("ext_recv_server_params: Invalid input buffer data\n"); + + TLSEXT_TYPE_server_received = 1; + + return 0; //Success +} + +static int ext_send_server_params(gnutls_session_t session, gnutls_buffer_t extdata) +{ + TLSEXT_TYPE_server_sent = 1; + gnutls_buffer_append_data(extdata, ext_data, sizeof(ext_data)); + return sizeof(ext_data); +} + +static void client(int sd, const char *name, const char *prio, unsigned flags, unsigned expected_ok) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t clientx509cred; + const char *ext_name; + void *p; + + side = "client"; + + assert(gnutls_certificate_allocate_credentials(&clientx509cred) >= 0); + + /* Initialize TLS session + */ + assert(gnutls_init(&session, GNUTLS_CLIENT) >= 0); + gnutls_session_set_ptr(session, (void*)name); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, prio, + NULL)>=0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_session_ext_register(session, "ext_ign", TLSEXT_TYPE_IGN, GNUTLS_EXT_TLS, ext_recv_client_ign_params, ext_send_client_ign_params, NULL, NULL, NULL, flags); + if (ret < 0) + myfail("client: register extension\n"); + + ext_name = gnutls_ext_get_name2(session, TLSEXT_TYPE_IGN, GNUTLS_EXT_ANY); + if (ext_name == NULL || strcmp(ext_name, "ext_ign")) + myfail("client: retrieve name of extension %u\n", TLSEXT_TYPE_IGN); + + ext_name = gnutls_ext_get_name2(session, TLSEXT_TYPE_IGN, GNUTLS_EXT_APPLICATION); + if (ext_name) + myfail("client: retrieve name of extension %u (expected none)\n", TLSEXT_TYPE_IGN); + + ret = gnutls_session_ext_register(session, "ext_client", TLSEXT_TYPE_SAMPLE, GNUTLS_EXT_TLS, ext_recv_client_params, ext_send_client_params, NULL, NULL, NULL, flags); + if (ret < 0) + myfail("client: register extension\n"); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + if (!expected_ok) { + if (debug) + success("client: handshake failed as expected: %s\n", gnutls_strerror(ret)); + } else { + myfail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + } + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (TLSEXT_TYPE_client_sent != 1 || TLSEXT_TYPE_client_received != 1) { + if (expected_ok) { + myfail("client: extension not properly sent/received\n"); + } else { + goto end; + } + } + + ret = gnutls_ext_get_data(session, TLSEXT_TYPE_SAMPLE, &p); + if (ret < 0) { + myfail("gnutls_ext_get_data: %s\n", gnutls_strerror(ret)); + } + + if (p != session) { + myfail("client: gnutls_ext_get_data failed\n"); + } + + if (ign_extension_called == 0) { + myfail("registered ign extension was not called\n"); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + if (!expected_ok) + myfail("client: expected failure but succeeded!\n"); + +end: + close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(clientx509cred); +} + +static void server(int sd, const char *name, const char *prio, unsigned flags, unsigned expected_ok) +{ + gnutls_certificate_credentials_t serverx509cred; + int ret; + gnutls_session_t session; + + side = "server"; + + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_init(&session, GNUTLS_SERVER) >= 0); + gnutls_session_set_ptr(session, (void*)name); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, + NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + assert(gnutls_session_ext_register(session, "ext_server", TLSEXT_TYPE_SAMPLE, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL, flags) >= 0); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_handshake(session); + if (ret < 0) { + if (!expected_ok) { + if (debug) + success("server: handshake failed as expected: %s\n", gnutls_strerror(ret)); + goto cleanup; + } else { + close(sd); + gnutls_deinit(session); + myfail("server: Handshake has failed (%s)\n", + gnutls_strerror(ret)); + } + return; + } + if (debug) + success("server: Handshake was completed\n"); + + + if (TLSEXT_TYPE_server_sent != 1 || TLSEXT_TYPE_server_received != 1) { + if (expected_ok) + myfail("server: extension not properly sent/received\n"); + else + goto cleanup; + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + if (!expected_ok) + myfail("server: expected failure but succeeded!\n"); + + cleanup: + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(serverx509cred); + + if (debug) + success("server: finished\n"); +} + +#define try_common(name, prio, flags, sok, cok) \ + try(name, prio, flags, flags, sok, cok) + +static void try(const char *name, const char *prio, unsigned server_flags, + unsigned client_flags, unsigned server_ok, unsigned client_ok) +{ + pid_t child; + int sockets[2]; + int err; + + success("Testing: %s: ", name); + reset_vars(); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + myfail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + myfail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + close(sockets[1]); + server(sockets[0], name, prio, server_flags, server_ok); + wait(&status); + check_wait_status(status); + success("ok"); + } else { + close(sockets[0]); + client(sockets[1], name, prio, client_flags, client_ok); + _exit(0); + } + + success("\n"); +} + +void doit(void) +{ + unsigned i; + int ret; + + signal(SIGPIPE, SIG_IGN); + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(5); + + try_common("TLS1.2 both ways (default)", "NORMAL:+ANON-ECDH:-VERS-TLS-ALL:+VERS-TLS1.2", 0, 1, 1); + try_common("TLS1.2 both ways", "NORMAL:+ANON-ECDH:-VERS-TLS-ALL:+VERS-TLS1.2", GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO, 1, 1); + + try_common("TLS1.2 client only", "NORMAL:+ANON-ECDH:-VERS-TLS-ALL:+VERS-TLS1.2", GNUTLS_EXT_FLAG_CLIENT_HELLO, 0, 0); + try_common("TLS1.2 client and TLS 1.3 server", "NORMAL:+ANON-ECDH:-VERS-TLS-ALL:+VERS-TLS1.2", GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO, 0, 0); + try_common("TLS1.2 server only", "NORMAL:+ANON-ECDH:-VERS-TLS-ALL:+VERS-TLS1.2", GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO, 0, 0); + + try("TLS1.2 client rejects", "NORMAL:+ANON-ECDH:-VERS-TLS-ALL:+VERS-TLS1.2", GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO, GNUTLS_EXT_FLAG_CLIENT_HELLO, 0, 0); + try("TLS1.2 never on client hello", "NORMAL:+ANON-ECDH:-VERS-TLS-ALL:+VERS-TLS1.2", GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO, GNUTLS_EXT_FLAG_CLIENT_HELLO, 0, 0); + + /* check whether we can crash the library by adding many extensions */ + success("Testing: register many global extensions\n"); + for (i=0;i<64;i++) { + ret = gnutls_ext_register("ext_serverxx", TLSEXT_TYPE_SAMPLE+i+1, GNUTLS_EXT_TLS, ext_recv_server_params, ext_send_server_params, NULL, NULL, NULL); + if (ret < 0) { + success("failed registering extension no %d (expected)\n", i+1); + break; + } + } + + gnutls_global_deinit(); +} + +#endif /* _WIN32 */ diff --git a/tests/tls-session-supplemental.c b/tests/tls-session-supplemental.c new file mode 100644 index 0000000..9431346 --- /dev/null +++ b/tests/tls-session-supplemental.c @@ -0,0 +1,305 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * + * Author: Thierry Quemerais + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This tests the supplemental data extension under TLS1.2 */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include + +#include "cert-common.h" +#include "utils.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define TLS_SUPPLEMENTALDATATYPE_SAMPLE 0xBABE + +static int TLS_SUPPLEMENTALDATA_client_sent = 0; +static int TLS_SUPPLEMENTALDATA_client_received = 0; +static int TLS_SUPPLEMENTALDATA_server_sent = 0; +static int TLS_SUPPLEMENTALDATA_server_received = 0; + +static const unsigned char supp_data[] = +{ + 0xFE, + 0xED +}; + +static +int supp_client_recv_func(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + TLS_SUPPLEMENTALDATA_client_received = 1; + + if (buflen != sizeof(supp_data)) + fail("supp_client_recv_func: Invalid input buffer len\n"); + + if (memcmp(buf, supp_data, sizeof(supp_data)) != 0) + fail("supp_client_recv_func: Invalid input buffer data\n"); + + return GNUTLS_E_SUCCESS; +} + +static +int supp_client_send_func(gnutls_session_t session, gnutls_buffer_t buf) +{ + TLS_SUPPLEMENTALDATA_client_sent = 1; + gnutls_buffer_append_data(buf, supp_data, sizeof(supp_data)); + return GNUTLS_E_SUCCESS; +} + +static +int supp_server_recv_func(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + TLS_SUPPLEMENTALDATA_server_received = 1; + + if (buflen != sizeof(supp_data)) + fail("supp_server_recv_func: Invalid input buffer len\n"); + + if (memcmp(buf, supp_data, sizeof(supp_data)) != 0) + fail("supp_server_recv_func: Invalid input buffer data\n"); + + return GNUTLS_E_SUCCESS; +} + +static +int supp_server_send_func(gnutls_session_t session, gnutls_buffer_t buf) +{ + TLS_SUPPLEMENTALDATA_server_sent = 1; + gnutls_buffer_append_data(buf, supp_data, sizeof(supp_data)); + return GNUTLS_E_SUCCESS; +} + +static void client(int sd, const char *prio, unsigned server_only) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t clientx509cred; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "client"; + + gnutls_certificate_allocate_credentials(&clientx509cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_transport_set_int(session, sd); + + if (!server_only) { + gnutls_supplemental_recv(session, 1); + gnutls_supplemental_send(session, 1); + + gnutls_session_supplemental_register(session, "supplemental_client", TLS_SUPPLEMENTALDATATYPE_SAMPLE, supp_client_recv_func, supp_client_send_func, 0); + } + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (!server_only) { + if (TLS_SUPPLEMENTALDATA_client_sent != 1 || TLS_SUPPLEMENTALDATA_client_received != 1) + fail("client: extension not properly sent/received\n"); + } else { + /* we expect TLS1.2 handshake as TLS1.3 is not (yet) defined + * with supplemental data */ + assert(gnutls_protocol_get_version(session) == GNUTLS_TLS1_2); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + +end: + close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +static void server(int sd, const char *prio, unsigned server_only) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t serverx509cred; + + /* this must be called once in the program + */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "server"; + + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + if (!server_only) { + gnutls_supplemental_recv(session, 1); + gnutls_supplemental_send(session, 1); + } + + gnutls_session_supplemental_register(session, "supplemental_server", TLS_SUPPLEMENTALDATATYPE_SAMPLE, supp_server_recv_func, supp_server_send_func, 0); + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + if (!server_only) { + if (TLS_SUPPLEMENTALDATA_server_sent != 1 || TLS_SUPPLEMENTALDATA_server_received != 1) + fail("server: extension not properly sent/received\n"); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(serverx509cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void start(const char *prio, unsigned server_only) +{ + pid_t child; + int sockets[2], err; + + signal(SIGPIPE, SIG_IGN); + TLS_SUPPLEMENTALDATA_client_sent = 0; + TLS_SUPPLEMENTALDATA_client_received = 0; + TLS_SUPPLEMENTALDATA_server_sent = 0; + TLS_SUPPLEMENTALDATA_server_received = 0; + + success("trying: %s\n", prio); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + server(sockets[0], prio, server_only); + wait(&status); + check_wait_status(status); + } else { + client(sockets[1], prio, server_only); + exit(0); + } +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2", 0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2", 0); + start("NORMAL", 0); + /* try setting supplemental only in server side, it should + * lead to normal authentication */ + start("NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2", 1); + start("NORMAL", 1); +} +#endif /* _WIN32 */ diff --git a/tests/tls-supplemental.c b/tests/tls-supplemental.c new file mode 100644 index 0000000..2dfbd0c --- /dev/null +++ b/tests/tls-supplemental.c @@ -0,0 +1,305 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * + * Author: Thierry Quemerais + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* A very basic TLS client, with supplemental data + */ + +extern void _gnutls_supplemental_deinit(void); + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define TLS_SUPPLEMENTALDATATYPE_SAMPLE 0xBABE + +static int TLS_SUPPLEMENTALDATA_client_sent = 0; +static int TLS_SUPPLEMENTALDATA_client_received = 0; +static int TLS_SUPPLEMENTALDATA_server_sent = 0; +static int TLS_SUPPLEMENTALDATA_server_received = 0; + +static const unsigned char supp_data[] = +{ + 0xFE, + 0xED +}; + +static +int supp_client_recv_func(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + TLS_SUPPLEMENTALDATA_client_received = 1; + + if (buflen != sizeof(supp_data)) + fail("supp_client_recv_func: Invalid input buffer len\n"); + + if (memcmp(buf, supp_data, sizeof(supp_data)) != 0) + fail("supp_client_recv_func: Invalid input buffer data\n"); + + return GNUTLS_E_SUCCESS; +} + +static +int supp_client_send_func(gnutls_session_t session, gnutls_buffer_t buf) +{ + TLS_SUPPLEMENTALDATA_client_sent = 1; + gnutls_buffer_append_data(buf, supp_data, sizeof(supp_data)); + return GNUTLS_E_SUCCESS; +} + +static +int supp_server_recv_func(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + TLS_SUPPLEMENTALDATA_server_received = 1; + + if (buflen != sizeof(supp_data)) + fail("supp_server_recv_func: Invalid input buffer len\n"); + + if (memcmp(buf, supp_data, sizeof(supp_data)) != 0) + fail("supp_server_recv_func: Invalid input buffer data\n"); + + return GNUTLS_E_SUCCESS; +} + +static +int supp_server_send_func(gnutls_session_t session, gnutls_buffer_t buf) +{ + TLS_SUPPLEMENTALDATA_server_sent = 1; + gnutls_buffer_append_data(buf, supp_data, sizeof(supp_data)); + return GNUTLS_E_SUCCESS; +} + +static void client(int sd, const char *prio, unsigned server_only) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t clientx509cred; + + if (!server_only) { + assert(gnutls_supplemental_register("supplemental_client", TLS_SUPPLEMENTALDATATYPE_SAMPLE, supp_client_recv_func, supp_client_send_func)>=0); + } + + side = "client"; + + gnutls_certificate_allocate_credentials(&clientx509cred); + + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + + /* Use default priorities */ + gnutls_priority_set_direct(session, prio, NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_transport_set_int(session, sd); + + if (!server_only) { + gnutls_supplemental_recv(session, 1); + gnutls_supplemental_send(session, 1); + } + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (!server_only) { + if (TLS_SUPPLEMENTALDATA_client_sent != 1 || TLS_SUPPLEMENTALDATA_client_received != 1) + fail("client: extension not properly sent/received (%d.%d)\n", + TLS_SUPPLEMENTALDATA_client_sent, TLS_SUPPLEMENTALDATA_client_received); + } else { + /* we expect TLS1.2 handshake as TLS1.3 is not (yet) defined + * with supplemental data */ + assert(gnutls_protocol_get_version(session) == GNUTLS_TLS1_2); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + +end: + close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(clientx509cred); +} + +static void server(int sd, const char *prio, unsigned server_only) +{ + gnutls_certificate_credentials_t serverx509cred; + int ret; + gnutls_session_t session; + static unsigned registered = 0; + + side = "server"; + + if (!registered) { + assert(gnutls_supplemental_register("supplemental_server", TLS_SUPPLEMENTALDATATYPE_SAMPLE, supp_server_recv_func, supp_server_send_func)>=0); + registered = 0; + } + + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + if (!server_only) { + gnutls_supplemental_recv(session, 1); + gnutls_supplemental_send(session, 1); + } + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + if (!server_only) { + if (TLS_SUPPLEMENTALDATA_server_sent != 1 || TLS_SUPPLEMENTALDATA_server_received != 1) + fail("server: extension not properly sent/received\n"); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(serverx509cred); + + if (debug) + success("server: finished\n"); + + _gnutls_supplemental_deinit(); +} + +static +void start(const char *prio, unsigned server_only) +{ + pid_t child; + int sockets[2], err; + + TLS_SUPPLEMENTALDATA_client_sent = 0; + TLS_SUPPLEMENTALDATA_client_received = 0; + TLS_SUPPLEMENTALDATA_server_sent = 0; + TLS_SUPPLEMENTALDATA_server_received = 0; + + success("running with %s\n", prio); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + close(sockets[1]); + server(sockets[0], prio, server_only); + wait(&status); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1], prio, server_only); + exit(0); + } +} + +void doit(void) +{ + signal(SIGPIPE, SIG_IGN); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + + start("NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2", 0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2", 0); + start("NORMAL", 0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2", 1); + start("NORMAL", 1); +} + +#endif /* _WIN32 */ diff --git a/tests/tls-with-seccomp.c b/tests/tls-with-seccomp.c new file mode 100644 index 0000000..21340fd --- /dev/null +++ b/tests/tls-with-seccomp.c @@ -0,0 +1,294 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(HAVE_LIBSECCOMP) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static void terminate(void); + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) { + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + } + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t xcred; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + ret = gnutls_certificate_set_x509_key_mem(xcred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = disable_system_calls(); + if (ret < 0) { + fprintf(stderr, "could not enable seccomp\n"); + exit(2); + } + + gnutls_init(&session, GNUTLS_SERVER); + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + memset(buffer, 1, sizeof(buffer)); + do { + ret = gnutls_record_send(session, buffer, sizeof(buffer)-1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: data sending has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + if (ret < 0) { + fail("server: error in closing session: %s\n", gnutls_strerror(ret)); + } + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void run(const char *name, const char *prio) +{ + int fd[2]; + int ret; + + success("trying: %s\n", name); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + close(fd[0]); + client(fd[1], prio); + + wait(&status); + check_wait_status(status); + } else { + close(fd[1]); + server(fd[0], prio); + exit(0); + } +} + +void doit(void) +{ + run("tls1.2", "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2"); + run("tls1.3", "NORMAL:-VERS-ALL:+VERS-TLS1.3"); + run("default", "NORMAL"); +} + +#endif /* _WIN32 */ diff --git a/tests/tls10-cert-key-exchange.c b/tests/tls10-cert-key-exchange.c new file mode 100644 index 0000000..1b976c3 --- /dev/null +++ b/tests/tls10-cert-key-exchange.c @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2015-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the various certificate key exchange methods supported + * in gnutls */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "common-cert-key-exchange.h" +#include "cert-common.h" + +void doit(void) +{ + global_init(); + + try_x509("TLS 1.0 with anon-ecdh", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ANON-ECDH", GNUTLS_KX_ANON_ECDH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.0 with anon-dh", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.0 with dhe-rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.0 with ecdhe x25519 rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.0 with ecdhe rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_with_key("TLS 1.0 with ecdhe ecdsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + + try_x509("TLS 1.0 with rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509_cli("TLS 1.0 with dhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509_cli("TLS 1.0 with ecdhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509_cli("TLS 1.0 with rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_with_key("TLS 1.0 with ecdhe ecdsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + + try_x509_cli("TLS 1.0 with dhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.0 with ecdhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.0 with rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_with_key("TLS 1.0 with ecdhe ecdsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.0:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, ASK_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + + gnutls_global_deinit(); +} diff --git a/tests/tls10-cipher-neg.c b/tests/tls10-cipher-neg.c new file mode 100644 index 0000000..c146130 --- /dev/null +++ b/tests/tls10-cipher-neg.c @@ -0,0 +1,133 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the ciphersuite negotiation for various key exchange + * methods and options. */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" + +#include "cipher-neg-common.c" + +test_case_st tests[] = { + { + .name = "server TLS 1.0: AES-128-CBC (server)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.0:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-CBC" + }, + { + .name = "both TLS 1.0: AES-128-CBC (server)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.0:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-CBC:+VERS-TLS1.0" + }, + { + .name = "client TLS 1.0: AES-128-CBC (client)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:+AES-128-CBC", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "both TLS 1.0: AES-128-CBC (client)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:+AES-128-CBC:+VERS-TLS1.0", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "server TLS 1.0: 3DES-CBC (server)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.0:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+3DES-CBC" + }, + { + .name = "both TLS 1.0: 3DES-CBC (server)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.0:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+3DES-CBC:+VERS-TLS1.0" + }, + { + .name = "client TLS 1.0: 3DES-CBC (client)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .not_on_fips = 1, + .server_prio = "NORMAL:+3DES-CBC", + .client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "both TLS 1.0: 3DES-CBC (client)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .not_on_fips = 1, + .server_prio = "NORMAL:+3DES-CBC:+VERS-TLS1.0", + .client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "server TLS 1.0: ARCFOUR-128 (server)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.0:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+ARCFOUR-128" + }, + { + .name = "both TLS 1.0: ARCFOUR-128 (server)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.0:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+ARCFOUR-128:+VERS-TLS1.0" + }, + { + .name = "client TLS 1.0: ARCFOUR-128 (client)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:+ARCFOUR-128", + .client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "both TLS 1.0: ARCFOUR-128 (client)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:+ARCFOUR-128:+VERS-TLS1.0", + .client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.0" + } +}; + +void doit(void) +{ + unsigned i; + global_init(); + + for (i=0;i + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "hex.h" + +int +_gnutls_prf_raw(gnutls_mac_algorithm_t mac, + size_t master_size, const void *master, + size_t label_size, const char *label, + size_t seed_size, const uint8_t *seed, size_t outsize, + char *out); + +#define MATCH_FUNC(fname, dsecret, dseed, dlabel, doutput) \ +static void fname(void **glob_state) \ +{ \ + char tmp[512]; \ + gnutls_datum_t secret = dsecret; \ + gnutls_datum_t seed = dseed; \ + gnutls_datum_t label = dlabel; \ + gnutls_datum_t output = doutput; \ + int _rval; \ + _rval = _gnutls_prf_raw(GNUTLS_MAC_MD5_SHA1, secret.size, secret.data, \ + label.size, (char*)label.data, seed.size, seed.data, output.size, tmp); \ + assert_int_equal(_rval, 0); \ + assert_int_equal(memcmp(tmp, output.data, output.size), 0); \ + gnutls_free(secret.data); \ + gnutls_free(label.data); \ + gnutls_free(seed.data); \ + gnutls_free(output.data); \ +} + + +MATCH_FUNC(test1, SHEX("263bdbbb6f6d4c664e058d0aa9d321be"), SHEX("b920573b199601024f04d6dc61966e65"), + SDATA("test label"), SHEX("6617993765fa6ca703d19ec70dd5dd160ffcc07725fafb714a9f815a2a30bfb7e3bbfb7eee574b3b613eb7fe80eec9691d8c1b0e2d9b3c8b4b02b6b6d6db88e2094623ef6240607eda7abe3c846e82a3")); +MATCH_FUNC(test2, SHEX("bf31fe6c78ebf0ff9ce8bb5dd9d1f83d"), SHEX("7fc4583d19871d962760f358a18696c8"), + SDATA("test label"), SHEX("8318f382c49fd5af7d6fdb4cbb31dfef")); +MATCH_FUNC(test3, SHEX("0addfc84435b9ac1ef523ef44791a784bf55757dea17837c1a72beec1bdb1850"), + SHEX("74e849d11ad8a98d9bc2291dbceec26ff9"), + SDATA("test label"), SHEX("3c221520c48bcb3a0eb3734a")); +MATCH_FUNC(test4, SHEX("4074939b440a08a285bc7208485c531f0bbd4c101d71bdba33ec066791e4678c"), + SHEX("8aff0c770c1d60455ee48f220c9adb471e5fee27c88c1f33"), + SDATA("test label"), SHEX("3a9aee040bbf3cf7009210e64bbdad1775ccf1b46b3a965d5f15168e9ddaa7cc6a7c0c117848")); + +int main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(test1), + cmocka_unit_test(test2), + cmocka_unit_test(test3), + cmocka_unit_test(test4), + }; + return cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/tests/tls10-server-kx-neg.c b/tests/tls10-server-kx-neg.c new file mode 100644 index 0000000..8034b80 --- /dev/null +++ b/tests/tls10-server-kx-neg.c @@ -0,0 +1,432 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the ciphersuite negotiation for various key exchange + * methods and options. */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" + +#include "server-kx-neg-common.c" + +test_case_st tests[] = { + { + .name = "TLS 1.0 ANON-DH without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 ANON-DH with cred but no DH params", + .client_ret = 0, + .server_ret = 0, + .have_anon_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 ANON-DH with cred and DH params", + .server_ret = 0, + .client_ret = 0, + .have_anon_cred = 1, + .have_anon_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 DHE-RSA without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 DHE-RSA with cred but no DH params or cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 DHE-RSA with cred and cert but no DH params", + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 DHE-RSA with cred and DH params but no cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 DHE-RSA with cred and incompatible cert and DH params", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .have_ecc_sign_cert = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 DHE-RSA with cred and cert and DH params", + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 DHE-RSA with cred and multiple certs and DH params", + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 DHE-PSK without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 DHE-PSK with cred but no DH params", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 DHE-PSK with cred DH params", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .have_psk_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 ECDHE-RSA without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 ECDHE-RSA with cred but no common curve or cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.0 ECDHE-RSA with cred and cert but no common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.0 ECDHE-RSA with cred and common curve but no cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 ECDHE-RSA with cred and incompatible cert and common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 ECDHE-RSA with cred and cert and common curve", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 ECDHE-RSA with cred and multiple certs and common curve", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + + { + .name = "TLS 1.0 ECDHE-ECDSA without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 ECDHE-ECDSA with cred but no common curve or cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.0 ECDHE-ECDSA with cred and cert but no common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.0 ECDHE-ECDSA with cred and common curve but no ECDSA cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 ECDHE-ECDSA with cred and common curve but no cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 ECDHE-ECDSA with cred and cert and common curve", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 ECDHE-ECDSA with cred and multiple certs and common curve", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_ecc_sign_cert = 1, + .have_rsa_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.0" + }, + + { + .name = "TLS 1.0 ECDHE-PSK without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 ECDHE-PSK with cred but no common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.0:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.0:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.0 ECDHE-PSK with cred and common curve", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 RSA-PSK without cert cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 RSA-PSK without psk cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_psk_cred = 0, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 RSA-PSK with cred but invalid cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_psk_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 RSA-PSK with cred", + .server_ret = 0, + .client_ret = 0, + .have_psk_cred = 1, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 RSA-PSK with cred and multiple certs", + .server_ret = 0, + .client_ret = 0, + .have_psk_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 SRP-RSA without cert cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .have_srp_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 SRP-RSA without srp cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_srp_cred = 0, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 SRP-RSA with cred but invalid cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_srp_cred = 1, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 SRP-RSA with cred", + .server_ret = 0, + .client_ret = 0, + .have_srp_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 SRP-RSA with cred and multiple certs", + .server_ret = 0, + .client_ret = 0, + .have_srp_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 SRP without srp cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .have_srp_cred = 0, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.0" + }, + { + .name = "TLS 1.0 SRP with cred", + .server_ret = 0, + .client_ret = 0, + .have_srp_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.0", + .client_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.0" + } +}; + +void doit(void) +{ + unsigned i; + global_init(); + + for (i=0;i +#endif + +/* This program tests the various certificate key exchange methods supported + * in gnutls */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "common-cert-key-exchange.h" +#include "cert-common.h" + +void doit(void) +{ + global_init(); + + try_x509("TLS 1.1 with anon-ecdh", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ANON-ECDH", GNUTLS_KX_ANON_ECDH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.1 with anon-dh", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.1 with dhe-rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.1 with ecdhe x25519 rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.1 with ecdhe rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_with_key("TLS 1.1 with ecdhe ecdsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + + try_x509("TLS 1.1 with rsa no cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + + try_x509_cli("TLS 1.1 with dhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509_cli("TLS 1.1 with ecdhe-rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_x509_cli("TLS 1.1 with rsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, USE_CERT); + try_with_key("TLS 1.1 with ecdhe ecdsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + + try_x509_cli("TLS 1.1 with dhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.1 with ecdhe-rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.1 with rsa ask cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_with_key("TLS 1.1 with ecdhe ecdsa cert", "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, ASK_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + + /* illegal setups */ + server_priority = NULL; + try_with_key_fail("TLS 1.1 with rsa-pss cert and no cli cert", + "NORMAL:-VERS-ALL:+VERS-TLS1.1:-KX-ALL:+DHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", + GNUTLS_E_UNWANTED_ALGORITHM, GNUTLS_E_AGAIN, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, NULL, NULL); + + gnutls_global_deinit(); +} diff --git a/tests/tls11-cipher-neg.c b/tests/tls11-cipher-neg.c new file mode 100644 index 0000000..b0698da --- /dev/null +++ b/tests/tls11-cipher-neg.c @@ -0,0 +1,133 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the ciphersuite negotiation for various key exchange + * methods and options. */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" + +#include "cipher-neg-common.c" + +test_case_st tests[] = { + { + .name = "server TLS 1.1: AES-128-CBC (server)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-CBC" + }, + { + .name = "both TLS 1.1: AES-128-CBC (server)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-CBC:+VERS-TLS1.1" + }, + { + .name = "client TLS 1.1: AES-128-CBC (client)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:+AES-128-CBC", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "both TLS 1.1: AES-128-CBC (client)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:+AES-128-CBC:+VERS-TLS1.1", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "server TLS 1.1: 3DES-CBC (server)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+3DES-CBC" + }, + { + .name = "both TLS 1.1: 3DES-CBC (server)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+3DES-CBC:+VERS-TLS1.1" + }, + { + .name = "client TLS 1.1: 3DES-CBC (client)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .not_on_fips = 1, + .server_prio = "NORMAL:+3DES-CBC", + .client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "both TLS 1.1: 3DES-CBC (client)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .not_on_fips = 1, + .server_prio = "NORMAL:+3DES-CBC:+VERS-TLS1.1", + .client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "server TLS 1.1: ARCFOUR-128 (server)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+ARCFOUR-128" + }, + { + .name = "both TLS 1.1: ARCFOUR-128 (server)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+ARCFOUR-128:+VERS-TLS1.1" + }, + { + .name = "client TLS 1.1: ARCFOUR-128 (client)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:+ARCFOUR-128", + .client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "both TLS 1.1: ARCFOUR-128 (client)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:+ARCFOUR-128:+VERS-TLS1.1", + .client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.1" + } +}; + +void doit(void) +{ + unsigned i; + global_init(); + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the ciphersuite negotiation for various key exchange + * methods and options. */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" + +#include "server-kx-neg-common.c" + +test_case_st tests[] = { + { + .name = "TLS 1.1 ANON-DH without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 ANON-DH with cred but no DH params", + .server_ret = 0, + .client_ret = 0, + .have_anon_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 ANON-DH with cred and DH params", + .server_ret = 0, + .client_ret = 0, + .have_anon_cred = 1, + .have_anon_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 DHE-RSA without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 DHE-RSA with cred but no DH params or cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 DHE-RSA with cred and cert but no DH params", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 DHE-RSA with cred and DH params but no cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 DHE-RSA with cred and incompatible cert and DH params", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .have_ecc_sign_cert = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 DHE-RSA with cred and cert and DH params", + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 DHE-RSA with cred and multiple certs and DH params", + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 DHE-PSK without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 DHE-PSK with cred but no DH params", + .server_ret = 0, + .client_ret = 0, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 DHE-PSK with cred DH params", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .have_psk_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 ECDHE-RSA without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 ECDHE-RSA with cred but no common curve or cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.1 ECDHE-RSA with cred and cert but no common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.1 ECDHE-RSA with cred and common curve but no cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 ECDHE-RSA with cred and incompatible cert and common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 ECDHE-RSA with cred and cert and common curve", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 ECDHE-RSA with cred and multiple certs and common curve", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + + { + .name = "TLS 1.1 ECDHE-ECDSA without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 ECDHE-ECDSA with cred but no common curve or cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.1 ECDHE-ECDSA with cred and cert but no common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.1 ECDHE-ECDSA with cred and common curve but no ECDSA cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 ECDHE-ECDSA with cred and common curve but no cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 ECDHE-ECDSA with cred and cert and common curve", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 ECDHE-ECDSA with cred and multiple certs and common curve", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_ecc_sign_cert = 1, + .have_rsa_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.1" + }, + + { + .name = "TLS 1.1 ECDHE-PSK without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 ECDHE-PSK with cred but no common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.1:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.1:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.1 ECDHE-PSK with cred and common curve", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 RSA-PSK without cert cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 RSA-PSK without psk cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_psk_cred = 0, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 RSA-PSK with cred but invalid cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_psk_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 RSA-PSK with cred", + .server_ret = 0, + .client_ret = 0, + .have_psk_cred = 1, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 RSA-PSK with cred and multiple certs", + .server_ret = 0, + .client_ret = 0, + .have_psk_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 SRP-RSA without cert cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .have_srp_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 SRP-RSA without srp cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_srp_cred = 0, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 SRP-RSA with cred but invalid cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_srp_cred = 1, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 SRP-RSA with cred", + .server_ret = 0, + .client_ret = 0, + .have_srp_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 SRP-RSA with cred and multiple certs", + .server_ret = 0, + .client_ret = 0, + .have_srp_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 SRP without srp cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .have_srp_cred = 0, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.1" + }, + { + .name = "TLS 1.1 SRP with cred", + .server_ret = 0, + .client_ret = 0, + .have_srp_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.1", + .client_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.1" + } +}; + +void doit(void) +{ + unsigned i; + global_init(); + + for (i=0;i +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +/* This tests the upgrade from anonymous ciphersuites to certificates + * under TLS1.2 */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static unsigned char ca_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIC4DCCAcigAwIBAgIBADANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwNDA0MTk1OTA1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD46JAPKrTsNTHl\n" +"zD06eIYBF/8Z+TR0wukp9Cdh8Sw77dODLjy/QrVKiDgDZZdyUc8Agsdr86i95O0p\n" +"w19Np3a0wja0VC9uwppZrpuHsrWukwxIBXoViyBc20Y6Ce8j0scCbR10SP565qXC\n" +"i8vr86S4xmQMRZMtwohP/GWQzt45jqkHPYHjdKzwo2b2XI7joDq0dvbr3MSONkGs\n" +"z7A/1Bl3iH5keDTWjqpJRWqXE79IhGOhELy+gG4VLJDGHWCr2mq24b9Kirp+TTxl\n" +"lUwJRbchqUqerlFdt1NgDoGaJyd73Sh0qcZzmEiOI2hGvBtG86tdQ6veC9dl05et\n" +"pM+6RMABAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQUGD0RYr2H7kfjQUcBMxSTCDQnhu0wDQYJKoZIhvcNAQELBQAD\n" +"ggEBALnHMubZ6WJ/XOFyDuo0imwg2onrPas3MuKT4+y0aHY943BgAOEc3jKitRjc\n" +"qhb0IUD+NS7itRwNtCgI3v5Ym5nnQoVk+aOD/D724TjJ9XaPQJzOnuGaZX99VN2F\n" +"sgwAtDXedlDQ+I6KLzLd6VW+UyWTG4qiRjOGDnG2kM1wAEOM27TzHV/YWleGjhtA\n" +"bRHxkioOni5goNlTzazxF4v9VD2uinWrIFyZmF6vQuMm6rKFgq6higAU8uesFo7+\n" +"3qpeRjNrPC4fNJUBvv+PC0WnP0PLnD/rY/ZcTYjLb/vJp1fiMJ5fU7jJklBhX2TE\n" +"tstcP7FUV5HA/s9BxgAh0Z2wyyY=\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t ca_cert = { ca_cert_pem, + sizeof(ca_cert_pem) +}; + +static unsigned char server_cert_pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIDIzCCAgugAwIBAgIMUz8PCR2sdRK56V6OMA0GCSqGSIb3DQEBCwUAMA8xDTAL\n" +"BgNVBAMTBENBLTEwIhgPMjAxNDA0MDQxOTU5MDVaGA85OTk5MTIzMTIzNTk1OVow\n" +"EzERMA8GA1UEAxMIc2VydmVyLTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n" +"AoIBAQDZ3dCzh9gOTOiOb2dtrPu91fYYgC/ey0ACYjQxaru7FZwnuXPhQK9KHsIV\n" +"YRIyo49wjKZddkHet2sbpFAAeETZh8UUWLRb/mupyaSJMycaYCNjLZCUJTztvXxJ\n" +"CCNfbtgvKC+Vu1mu94KBPatslgvnsamH7AiL5wmwRRqdH/Z93XaEvuRG6Zk0Sh9q\n" +"ZMdCboGfjtmGEJ1V+z5CR+IyH4sckzd8WJW6wBSEwgliGaXnc75xKtFWBZV2njNr\n" +"8V1TOYOdLEbiF4wduVExL5TKq2ywNkRpUfK2I1BcWS5D9Te/QT7aSdE08rL6ztmZ\n" +"IhILSrMOfoLnJ4lzXspz3XLlEuhnAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYD\n" +"VR0RBA0wC4IJbG9jYWxob3N0MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJXR\n" +"raRS5MVhEqaRE42A3S2BIj7UMB8GA1UdIwQYMBaAFP6S7AyMRO2RfkANgo8YsCl8\n" +"JfJkMA0GCSqGSIb3DQEBCwUAA4IBAQCQ62+skMVZYrGbpab8RI9IG6xH8kEndvFj\n" +"J7wBBZCOlcjOj+HQ7a2buF5zGKRwAOSznKcmvZ7l5DPdsd0t5/VT9LKSbQ6+CfGr\n" +"Xs5qPaDJnRhZkOILCvXJ9qyO+79WNMsg9pWnxkTK7aWR5OYE+1Qw1jG681HMkWTm\n" +"nt7et9bdiNNpvA+L55569XKbdtJLs3hn5gEQFgS7EaEj59aC4vzSTFcidowCoa43\n" +"7JmfSfC9YaAIFH2vriyU0QNf2y7cG5Hpkge+U7uMzQrsT77Q3SDB9WkyPAFNSB4Q\n" +"B/r+OtZXOnQhLlMV7h4XGlWruFEaOBVjFHSdMGUh+DtaLvd1bVXI\n" +"-----END CERTIFICATE-----\n" +"-----BEGIN CERTIFICATE-----\n" +"MIIDATCCAemgAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRDQS0w\n" +"MCIYDzIwMTQwNDA0MTk1OTA1WhgPOTk5OTEyMzEyMzU5NTlaMA8xDTALBgNVBAMT\n" +"BENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvhyQfsUm3T0xK\n" +"jiBXO3H6Y27b7lmCRYZQCmXCl2sUsGDL7V9biavTt3+sorWtH542/cTGDh5n8591\n" +"7rVxAB/VASmN55O3fjZyFGrjusjhXBla0Yxe5rZ/7/Pjrq84T7gc/IXiX9Sums/c\n" +"o9AeoykfhsjV2ubhh4h+8uPsHDTcAFTxq3mQaoldwnW2nmjDFzaKLtQdnyFf41o6\n" +"nsJCK/J9PtpdCID5Zb+eQfu5Yhk1iUHe8a9TOstCHtgBq61YzufDHUQk3zsT+VZM\n" +"20lDvSBnHdWLjxoea587JbkvtH8xRR8ThwABSb98qPnhJ8+A7mpO89QO1wxZM85A\n" +"xEweQlMHAgMBAAGjZDBiMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcE\n" +"ADAdBgNVHQ4EFgQU/pLsDIxE7ZF+QA2CjxiwKXwl8mQwHwYDVR0jBBgwFoAUGD0R\n" +"Yr2H7kfjQUcBMxSTCDQnhu0wDQYJKoZIhvcNAQELBQADggEBANEXLUV+Z1PGTn7M\n" +"3rPT/m/EamcrZJ3vFWrnfN91ws5llyRUKNhx6222HECh3xRSxH9YJONsbv2zY6sd\n" +"ztY7lvckL4xOgWAjoCVTx3hqbZjDxpLRsvraw1PlqBHlRQVWLKlEQ55+tId2zgMX\n" +"Z+wxM7FlU/6yWVPODIxrqYQd2KqaEp4aLIklw6Hi4HD6DnQJikjsJ6Noe0qyX1Tx\n" +"uZ8mgP/G47Fe2d2H29kJ1iJ6hp1XOqyWrVIh/jONcnTvWS8aMqS3MU0EJH2Pb1Qa\n" +"KGIvbd/3H9LykFTP/b7Imdv2fZxXIK8jC+jbF1w6rdBCVNA0p30X/jonoC3vynEK\n" +"5cK0cgs=\n" +"-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = +"-----BEGIN RSA PRIVATE KEY-----\n" +"MIIEpQIBAAKCAQEA2d3Qs4fYDkzojm9nbaz7vdX2GIAv3stAAmI0MWq7uxWcJ7lz\n" +"4UCvSh7CFWESMqOPcIymXXZB3rdrG6RQAHhE2YfFFFi0W/5rqcmkiTMnGmAjYy2Q\n" +"lCU87b18SQgjX27YLygvlbtZrveCgT2rbJYL57Gph+wIi+cJsEUanR/2fd12hL7k\n" +"RumZNEofamTHQm6Bn47ZhhCdVfs+QkfiMh+LHJM3fFiVusAUhMIJYhml53O+cSrR\n" +"VgWVdp4za/FdUzmDnSxG4heMHblRMS+UyqtssDZEaVHytiNQXFkuQ/U3v0E+2knR\n" +"NPKy+s7ZmSISC0qzDn6C5yeJc17Kc91y5RLoZwIDAQABAoIBAQCRXAu5HPOsZufq\n" +"0K2DYZz9BdqSckR+M8HbVUZZiksDAeIUJwoHyi6qF2eK+B86JiK4Bz+gsBw2ys3t\n" +"vW2bQqM9N/boIl8D2fZfbCgZWkXGtUonC+mgzk+el4Rq/cEMFVqr6/YDwuKNeJpc\n" +"PJc5dcsvpTvlcjgpj9bJAvJEz2SYiIUpvtG4WNMGGapVZZPDvWn4/isY+75T5oDf\n" +"1X5jG0lN9uoUjcuGuThN7gxjwlRkcvEOPHjXc6rxfrWIDdiz/91V46PwpqVDpRrg\n" +"ig6U7+ckS0Oy2v32x0DaDhwAfDJ2RNc9az6Z+11lmY3LPkjG/p8Klcmgvt4/lwkD\n" +"OYRC5QGRAoGBAPFdud6nmVt9h1DL0o4R6snm6P3K81Ds765VWVmpzJkK3+bwe4PQ\n" +"GQQ0I0zN4hXkDMwHETS+EVWllqkK/d4dsE3volYtyTti8zthIATlgSEJ81x/ChAQ\n" +"vvXxgx+zPUnb1mUwy+X+6urTHe4bxN2ypg6ROIUmT+Hx1ITG40LRRiPTAoGBAOcT\n" +"WR8DTrj42xbxAUpz9vxJ15ZMwuIpk3ShE6+CWqvaXHF22Ju4WFwRNlW2zVLH6UMt\n" +"nNfOzyDoryoiu0+0mg0wSmgdJbtCSHoI2GeiAnjGn5i8flQlPQ8bdwwmU6g6I/EU\n" +"QRbGK/2XLmlrGN52gVy9UX0NsAA5fEOsAJiFj1CdAoGBAN9i3nbq6O2bNVSa/8mL\n" +"XaD1vGe/oQgh8gaIaYSpuXlfbjCAG+C4BZ81XgJkfj3CbfGbDNqimsqI0fKsAJ/F\n" +"HHpVMgrOn3L+Np2bW5YMj0Fzwy+1SCvsQ8C+gJwjOLMV6syGp/+6udMSB55rRv3k\n" +"rPnIf+YDumUke4tTw9wAcgkPAoGASHMkiji7QfuklbjSsslRMyDj21gN8mMevH6U\n" +"cX7pduBsA5dDqu9NpPAwnQdHsSDE3i868d8BykuqQAfLut3hPylY6vPYlLHfj4Oe\n" +"dj+xjrSX7YeMBE34qvfth32s1R4FjtzO25keyc/Q2XSew4FcZftlxVO5Txi3AXC4\n" +"bxnRKXECgYEAva+og7/rK+ZjboJVNxhFrwHp9bXhz4tzrUaWNvJD2vKJ5ZcThHcX\n" +"zCig8W7eXHLPLDhi9aWZ3kUZ1RLhrFc/6dujtVtU9z2w1tmn1I+4Zi6D6L4DzKdg\n" +"nMRLFoXufs/qoaJTqa8sQvKa+ceJAF04+gGtw617cuaZdZ3SYRLR2dk=\n" +"-----END RSA PRIVATE KEY-----\n"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +#define MSG "hello there ppl" + +static void try(const char *client_prio, gnutls_kx_algorithm_t client_kx) +{ + int ret; + char buffer[256]; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_anon_server_credentials_t s_anoncred; + gnutls_dh_params_t dh_params; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_anon_client_credentials_t c_anoncred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_anon_allocate_server_credentials(&s_anoncred); + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params(serverx509cred, dh_params); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); + + gnutls_priority_set_direct(server, + "NORMAL:-VERS-ALL:+VERS-TLS1.2:+ANON-ECDH:+ECDHE-RSA:+DHE-RSA", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + gnutls_anon_allocate_client_credentials(&c_anoncred); + gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ARCFOUR-128:+ANON-ECDH", NULL); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_kx_get(client) != GNUTLS_KX_ANON_ECDH) { + fail("got unexpected key exchange algorithm: %s (expected ANON-ECDH)\n", gnutls_kx_get_name(gnutls_kx_get(client))); + exit(1); + } + + /* rehandshake using certificate auth */ + ret = gnutls_priority_set_direct(client, client_prio, NULL); + if (ret < 0) { + exit(1); + } + HANDSHAKE(client, server); + + if (gnutls_kx_get(client) != client_kx) { + fail("got unexpected key exchange algorithm: %s (expected %s)\n", gnutls_kx_get_name(gnutls_kx_get(client)), + gnutls_kx_get_name(client_kx)); + exit(1); + } + + /* check gnutls_certificate_get_ours() - client side */ + { + const gnutls_datum_t *mcert; + + mcert = gnutls_certificate_get_ours(client); + if (mcert != NULL) { + fail("gnutls_certificate_get_ours(): failed\n"); + exit(1); + } + } + + /* check the number of certificates received */ + { + unsigned cert_list_size = 0; + + gnutls_certificate_get_peers(client, &cert_list_size); + if (cert_list_size < 2) { + fprintf(stderr, "received a certificate list of %d!\n", cert_list_size); + exit(1); + } + } + + gnutls_record_send(server, MSG, strlen(MSG)); + + ret = gnutls_record_recv(client, buffer, sizeof(buffer)); + if (ret == 0) { + fail("client: Peer has closed the TLS connection\n"); + exit(1); + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) { + fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret); + exit(1); + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + gnutls_anon_free_server_credentials(s_anoncred); + gnutls_anon_free_client_credentials(c_anoncred); + gnutls_dh_params_deinit(dh_params); +} + +void doit(void) +{ + global_init(); + + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+ARCFOUR-128", GNUTLS_KX_DHE_RSA); + reset_buffers(); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:+ARCFOUR-128", GNUTLS_KX_ECDHE_RSA); + reset_buffers(); + try("NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:+ARCFOUR-128", GNUTLS_KX_RSA); + gnutls_global_deinit(); +} diff --git a/tests/tls12-cert-key-exchange.c b/tests/tls12-cert-key-exchange.c new file mode 100644 index 0000000..862fe85 --- /dev/null +++ b/tests/tls12-cert-key-exchange.c @@ -0,0 +1,181 @@ +/* + * Copyright (C) 2015-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the various certificate key exchange methods supported + * in gnutls */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "common-cert-key-exchange.h" +#include "cert-common.h" + +void doit(void) +{ + global_init(); + + /** X.509 tests **/ + try_x509("TLS 1.2 with anon-ecdh", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ANON-ECDH", GNUTLS_KX_ANON_ECDH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.2 with anon-dh", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ANON-DH", GNUTLS_KX_ANON_DH, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.2 with dhe-rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.2 with ecdhe x25519 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.2 with ecdhe rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_with_key("TLS 1.2 with ecdhe ecdsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_x509("TLS 1.2 with ecdhe rsa-pss sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + + /* Test RSA-PSS cert/key combo issues */ + try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key and 1 sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key and rsa-pss-sha384 first sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key("TLS 1.2 with ecdhe with rsa-pss-sha256 key and rsa-pss-sha512 first sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + + try_x509("TLS 1.2 with ecdhe rsa-pss no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_with_key("TLS 1.2 with ecdhe rsa-pss/rsa-pss no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_x509("TLS 1.2 with rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + try_with_key("TLS 1.2 with ecdhe x25519 ed25519 no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_UNKNOWN, + &server_ca3_eddsa_cert, &server_ca3_eddsa_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + + try_x509_cli("TLS 1.2 with dhe-rsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + try_x509_cli("TLS 1.2 with ecdhe-rsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + try_x509_cli("TLS 1.2 with rsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + try_with_key("TLS 1.2 with ecdhe ecdsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_RSA_SHA256, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_x509_cli("TLS 1.2 with ecdhe-rsa-pss cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, USE_CERT); + try_with_key("TLS 1.2 with ecdhe-rsa-pss/rsa-pss cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_RSA_PSS_SHA256, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &cli_ca3_rsa_pss_cert, &cli_ca3_rsa_pss_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + + try_with_key("TLS 1.2 with ecdhe x25519 ed25519 cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_EDDSA_ED25519, + &server_ca3_eddsa_cert, &server_ca3_eddsa_key, &server_ca3_eddsa_cert, &server_ca3_eddsa_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + + try_x509_cli("TLS 1.2 with dhe-rsa ask cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.2 with ecdhe-rsa ask cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_x509_cli("TLS 1.2 with rsa ask cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_with_key("TLS 1.2 with ecdhe ecdsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, ASK_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + + /** Raw public-key tests **/ + try_rawpk("TLS 1.2 with dhe-rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+CTYPE-ALL", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.2 with ecdhe x25519 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.2 with ecdhe rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.2 with ecdhe rsa-pss sig no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.2 with ecdhe rsa-pss no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.2 with rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:+CTYPE-ALL", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN); + + try_rawpk_cli("TLS 1.2 with dhe-rsa cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+CTYPE-ALL", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + try_rawpk_cli("TLS 1.2 with ecdhe-rsa cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + try_rawpk_cli("TLS 1.2 with rsa cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:+CTYPE-ALL", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_RSA_SHA256, USE_CERT); + try_rawpk_cli("TLS 1.2 with ecdhe-rsa-pss cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, USE_CERT); + try_rawpk_cli("TLS 1.2 with dhe-rsa ask cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:+CTYPE-ALL", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_rawpk_cli("TLS 1.2 with ecdhe-rsa ask cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + try_rawpk_cli("TLS 1.2 with rsa ask cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+RSA:+CTYPE-ALL", GNUTLS_KX_RSA, GNUTLS_SIGN_UNKNOWN, GNUTLS_SIGN_UNKNOWN, ASK_CERT); + + + /** Illegal setups **/ + server_priority = "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA"; + try_with_key_fail("TLS 1.2 with rsa cert and only RSA-PSS sig algos in client", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", + GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, + &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL); + + server_priority = NULL; + try_with_key_fail("TLS 1.2 with rsa cert and only RSA-PSS sig algos", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", + GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, + &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL); + + try_with_key_fail("TLS 1.2 with rsa-pss cert and rsa cli cert with only RSA-PSS sig algos", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", + GNUTLS_E_AGAIN, GNUTLS_E_UNWANTED_ALGORITHM, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &cli_ca3_cert, &cli_ca3_key); + + try_with_key_fail("TLS 1.2 with rsa encryption cert without RSA", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:-RSA", + GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, + &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key, NULL, NULL); + + try_with_key_fail("TLS 1.2 with (forced) rsa encryption cert and no RSA - client should detect", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:-RSA:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS", + GNUTLS_E_AGAIN, GNUTLS_E_KEY_USAGE_VIOLATION, + &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key, NULL, NULL); + + try_with_key_fail("TLS 1.2 with client rsa encryption cert", + "NORMAL:-VERS-ALL:+VERS-TLS1.2", + GNUTLS_E_AGAIN, GNUTLS_E_KEY_USAGE_VIOLATION, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key); + + try_with_key_fail("TLS 1.2 with (forced) client rsa encryption cert - server should detect", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS", + GNUTLS_E_KEY_USAGE_VIOLATION, GNUTLS_E_AGAIN, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key); + + try_with_rawpk_key_fail("rawpk TLS 1.2 with rsa encryption cert without KX-RSA", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-RAWPK:-RSA", + GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, + &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT, NULL, NULL, 0); + + try_with_rawpk_key_fail("rawpk TLS 1.2 with client rsa encryption cert without KX-RSA", + "NORMAL:-VERS-ALL:+VERS-TLS1.2:+CTYPE-RAWPK:-RSA", + GNUTLS_E_AGAIN, GNUTLS_E_KEY_USAGE_VIOLATION, + &rawpk_public_key2, &rawpk_private_key2, 0, &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT); + +#ifdef ENABLE_GOST + if (!gnutls_fips140_mode_enabled()) { + server_priority = "NORMAL:+CTYPE-ALL" + ":+VKO-GOST-12" + ":+GROUP-GOST-ALL" + ":+CIPHER-GOST-ALL" + ":+MAC-GOST-ALL" + ":+SIGN-GOST-ALL"; + const char *gost_client_prio = "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL"; + try_with_key("TLS 1.2 with gost12 256 no-cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_gost12_256_cert, &server_ca3_gost12_256_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key("TLS 1.2 with gost12 256 ask cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_gost12_256_cert, &server_ca3_gost12_256_key, NULL, NULL, ASK_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.2 with gost12 256 use cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_256, GNUTLS_SIGN_GOST_256, + &server_ca3_gost12_256_cert, &server_ca3_gost12_256_key, &cligost12_256_ca3_cert, &cligost12_256_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.2 with gost12 512 no-cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_512, GNUTLS_SIGN_UNKNOWN, + &server_ca3_gost12_512_cert, &server_ca3_gost12_512_key, NULL, NULL, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key("TLS 1.2 with gost12 512 ask cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_512, GNUTLS_SIGN_UNKNOWN, + &server_ca3_gost12_512_cert, &server_ca3_gost12_512_key, NULL, NULL, ASK_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.2 with gost12 512 use cli-cert (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_512, GNUTLS_SIGN_GOST_512, + &server_ca3_gost12_512_cert, &server_ca3_gost12_512_key, &cligost12_512_ca3_cert, &cligost12_512_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.2 with gost12 512 use cli-cert gost12 256 (ctype X.509)", gost_client_prio, GNUTLS_KX_VKO_GOST_12, GNUTLS_SIGN_GOST_512, GNUTLS_SIGN_GOST_256, + &server_ca3_gost12_512_cert, &server_ca3_gost12_512_key, &cligost12_256_ca3_cert, &cligost12_256_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + server_priority = NULL; + } +#endif + + gnutls_global_deinit(); +} diff --git a/tests/tls12-cipher-neg.c b/tests/tls12-cipher-neg.c new file mode 100644 index 0000000..f437be3 --- /dev/null +++ b/tests/tls12-cipher-neg.c @@ -0,0 +1,249 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the ciphersuite negotiation for various key exchange + * methods and options. */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" + +#include "cipher-neg-common.c" + +test_case_st tests[] = { + { + .name = "server TLS 1.2: NULL (server)", + .not_on_fips = 1, + .cipher = GNUTLS_CIPHER_NULL, + .server_prio = "NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+NULL", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(NULL)-(SHA1)", + }, + { + .name = "client TLS 1.2: NULL (client)", + .not_on_fips = 1, + .cipher = GNUTLS_CIPHER_NULL, + .server_prio = "NORMAL:+NULL", + .client_prio = "NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(NULL)-(SHA1)", + }, + { + .name = "server TLS 1.2: AES-128-GCM (server)", + .cipher = GNUTLS_CIPHER_AES_128_GCM, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-GCM", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-GCM)" + }, + { + .name = "both TLS 1.2: AES-128-GCM (server)", + .cipher = GNUTLS_CIPHER_AES_128_GCM, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-GCM:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-GCM)" + }, + { + .name = "client TLS 1.2: AES-128-GCM (client)", + .cipher = GNUTLS_CIPHER_AES_128_GCM, + .server_prio = "NORMAL:+AES-128-GCM", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-GCM)" + }, + { + .name = "both TLS 1.2: AES-128-GCM (client)", + .cipher = GNUTLS_CIPHER_AES_128_GCM, + .server_prio = "NORMAL:+AES-128-GCM:+VERS-TLS1.2", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-GCM)" + }, + { + .name = "server TLS 1.2: AES-128-CCM (server)", + .cipher = GNUTLS_CIPHER_AES_128_CCM, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-CCM", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CCM)" + }, + { + .name = "both TLS 1.2: AES-128-CCM (server)", + .cipher = GNUTLS_CIPHER_AES_128_CCM, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-CCM:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CCM)" + }, + { + .name = "client TLS 1.2: AES-128-CCM (client)", + .cipher = GNUTLS_CIPHER_AES_128_CCM, + .server_prio = "NORMAL:+AES-128-CCM", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CCM)" + }, + { + .name = "both TLS 1.2: AES-128-CCM (client)", + .cipher = GNUTLS_CIPHER_AES_128_CCM, + .server_prio = "NORMAL:+AES-128-CCM:+VERS-TLS1.2", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CCM)" + }, + { + .name = "server TLS 1.2: CHACHA20-POLY (server)", + .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+CHACHA20-POLY1305", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(CHACHA20-POLY1305)" + }, + { + .name = "both TLS 1.2: CHACHA20-POLY (server)", + .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+CHACHA20-POLY1305:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(CHACHA20-POLY1305)" + }, + { + .name = "client TLS 1.2: CHACHA20-POLY (client)", + .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305, + .not_on_fips = 1, + .server_prio = "NORMAL:+CHACHA20-POLY1305", + .client_prio = "NORMAL:-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(CHACHA20-POLY1305)" + }, + { + .name = "both TLS 1.2: CHACHA20-POLY (client)", + .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305, + .not_on_fips = 1, + .server_prio = "NORMAL:+CHACHA20-POLY1305:+VERS-TLS1.2", + .client_prio = "NORMAL:-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(CHACHA20-POLY1305)" + }, + { + .name = "server TLS 1.2: AES-128-CBC (server)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-CBC", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CBC)-(SHA1)" + }, + { + .name = "both TLS 1.2: AES-128-CBC (server)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+AES-128-CBC:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CBC)-(SHA1)" + }, + { + .name = "client TLS 1.2: AES-128-CBC (client)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:+AES-128-CBC", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CBC)-(SHA1)" + }, + { + .name = "both TLS 1.2: AES-128-CBC (client)", + .cipher = GNUTLS_CIPHER_AES_128_CBC, + .server_prio = "NORMAL:+AES-128-CBC:+VERS-TLS1.2", + .client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CBC)-(SHA1)" + }, + { + .name = "server TLS 1.2: 3DES-CBC (server)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+3DES-CBC", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(3DES-CBC)-(SHA1)" + }, + { + .name = "both TLS 1.2: 3DES-CBC (server)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+3DES-CBC:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(3DES-CBC)-(SHA1)" + }, + { + .name = "client TLS 1.2: 3DES-CBC (client)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .not_on_fips = 1, + .server_prio = "NORMAL:+3DES-CBC", + .client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(3DES-CBC)-(SHA1)" + }, + { + .name = "both TLS 1.2: 3DES-CBC (client)", + .cipher = GNUTLS_CIPHER_3DES_CBC, + .not_on_fips = 1, + .server_prio = "NORMAL:+3DES-CBC:+VERS-TLS1.2", + .client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(3DES-CBC)-(SHA1)" + }, + { + .name = "server TLS 1.2: ARCFOUR-128 (server)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+ARCFOUR-128", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(ARCFOUR-128)-(SHA1)" + }, + { + .name = "both TLS 1.2: ARCFOUR-128 (server)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE", + .client_prio = "NORMAL:+ARCFOUR-128:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(ARCFOUR-128)-(SHA1)" + }, + { + .name = "client TLS 1.2: ARCFOUR-128 (client)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:+ARCFOUR-128", + .client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(ARCFOUR-128)-(SHA1)" + }, + { + .name = "both TLS 1.2: ARCFOUR-128 (client)", + .cipher = GNUTLS_CIPHER_ARCFOUR_128, + .not_on_fips = 1, + .server_prio = "NORMAL:+ARCFOUR-128:+VERS-TLS1.2", + .client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(ARCFOUR-128)-(SHA1)" + } +}; + +void doit(void) +{ + unsigned i; + global_init(); + + for (i=0;i +#endif + +/* This program tests the various certificate key exchange methods supported + * in gnutls */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" + +#include + +typedef struct test_case_st { + const char *name; + int server_ret; + int client_ret; + unsigned have_anon_cred; + unsigned have_psk_cred; + unsigned have_cert_cred; + unsigned have_rsa_sign_cert; + unsigned have_ecc_sign_cert; + unsigned have_rsa_decrypt_cert; + unsigned not_on_fips; + unsigned group; /* expected */ + const char *client_prio; + const char *server_prio; +} test_case_st; + +static int +serv_psk_func(gnutls_session_t session, const char *username, + gnutls_datum_t * key) { + key->data = gnutls_malloc(4); + assert(key->data != NULL); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; +} + +static void try(test_case_st *test) +{ + int sret, cret; + gnutls_anon_client_credentials_t c_anon_cred; + gnutls_anon_server_credentials_t s_anon_cred; + gnutls_psk_client_credentials_t c_psk_cred; + gnutls_psk_server_credentials_t s_psk_cred; + gnutls_certificate_credentials_t s_cert_cred; + gnutls_certificate_credentials_t c_cert_cred; + + gnutls_session_t server, client; + const gnutls_datum_t pskkey = { (void *) "DEADBEEF", 8 }; + + if (test->not_on_fips && gnutls_fips140_mode_enabled()) { + success("Skipping %s...\n", test->name); + return; + } + + success("Running %s...\n", test->name); + + assert(gnutls_anon_allocate_client_credentials(&c_anon_cred) >= 0); + assert(gnutls_anon_allocate_server_credentials(&s_anon_cred) >= 0); + assert(gnutls_psk_allocate_client_credentials(&c_psk_cred) >= 0); + assert(gnutls_psk_allocate_server_credentials(&s_psk_cred) >= 0); + assert(gnutls_certificate_allocate_credentials(&s_cert_cred) >= 0); + assert(gnutls_certificate_allocate_credentials(&c_cert_cred) >= 0); + + assert(gnutls_init(&server, GNUTLS_SERVER)>=0); + assert(gnutls_init(&client, GNUTLS_CLIENT)>=0); + + if (test->have_anon_cred) { + gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anon_cred); + } + + if (test->have_cert_cred) { + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, s_cert_cred); + } + + if (test->have_psk_cred) { + gnutls_credentials_set(server, GNUTLS_CRD_PSK, s_psk_cred); + + gnutls_psk_set_server_credentials_function(s_psk_cred, serv_psk_func); + } + + if (test->have_rsa_decrypt_cert) { + assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key, GNUTLS_X509_FMT_PEM) >= 0); + } + + if (test->have_ecc_sign_cert) { + assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, GNUTLS_X509_FMT_PEM) >= 0); + } + + if (test->have_rsa_sign_cert) { + assert(gnutls_certificate_set_x509_key_mem(s_cert_cred, &server_ca3_localhost_rsa_sign_cert, &server_ca3_key, GNUTLS_X509_FMT_PEM) >= 0); + } + + /* client does everything */ + gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anon_cred); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, c_cert_cred); + gnutls_credentials_set(client, GNUTLS_CRD_PSK, c_psk_cred); + + assert(gnutls_psk_set_client_credentials(c_psk_cred, "psk", &pskkey, GNUTLS_PSK_KEY_HEX) >= 0); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + assert(gnutls_priority_set_direct(server, test->server_prio, 0) >= 0); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + assert(gnutls_priority_set_direct(client, test->client_prio, 0) >= 0); + + HANDSHAKE_EXPECT(client, server, test->client_ret, test->server_ret); + + if (gnutls_group_get(client) != gnutls_group_get(server)) { + fail("%s: server's group doesn't match client's\n", test->name); + } + + if (test->group != 0 && gnutls_group_get(client) != test->group) { + fail("%s: group doesn't match the expected\n", test->name); + } + + if (test->group) { + if (test->group == GNUTLS_GROUP_FFDHE2048 || test->group == GNUTLS_GROUP_FFDHE3072 || + test->group == GNUTLS_GROUP_FFDHE4096 || test->group == GNUTLS_GROUP_FFDHE6144 || + test->group == GNUTLS_GROUP_FFDHE8192) { + if (!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_RFC7919)) { + fail("%s: gnutls_session_get_flags(client) reports that no RFC7919 negotiation was performed!\n", test->name); + } + + if (!(gnutls_session_get_flags(server) & GNUTLS_SFLAGS_RFC7919)) { + fail("%s: gnutls_session_get_flags(server) reports that no RFC7919 negotiation was performed!\n", test->name); + } + } + } + gnutls_deinit(server); + gnutls_deinit(client); + gnutls_anon_free_client_credentials(c_anon_cred); + gnutls_anon_free_server_credentials(s_anon_cred); + gnutls_psk_free_client_credentials(c_psk_cred); + gnutls_psk_free_server_credentials(s_psk_cred); + gnutls_certificate_free_credentials(s_cert_cred); + gnutls_certificate_free_credentials(c_cert_cred); + + reset_buffers(); +} + +test_case_st tests[] = { + { + .name = "TLS 1.2 ANON-DH (defaults)", + .client_ret = 0, + .server_ret = 0, + .have_anon_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ANON-DH (FFDHE2048)", + .group = GNUTLS_GROUP_FFDHE2048, + .client_ret = 0, + .server_ret = 0, + .have_anon_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE2048", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE2048" + }, + { + .name = "TLS 1.2 ANON-DH (FFDHE3072)", + .group = GNUTLS_GROUP_FFDHE3072, + .client_ret = 0, + .server_ret = 0, + .have_anon_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE3072", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE3072" + }, + { + .name = "TLS 1.2 ANON-DH (FFDHE4096)", + .group = GNUTLS_GROUP_FFDHE4096, + .client_ret = 0, + .server_ret = 0, + .have_anon_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE4096", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE4096" + }, + { + .name = "TLS 1.2 ANON-DH (FFDHE6144)", + .group = GNUTLS_GROUP_FFDHE6144, + .client_ret = 0, + .server_ret = 0, + .have_anon_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE6144", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE6144" + }, + { + .name = "TLS 1.2 ANON-DH (FFDHE8192)", + .group = GNUTLS_GROUP_FFDHE8192, + .client_ret = 0, + .server_ret = 0, + .have_anon_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE8192", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE8192" + }, + { + .name = "TLS 1.2 DHE-PSK (defaults)", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-PSK (FFDHE2048)", + .client_ret = 0, + .server_ret = 0, + .group = GNUTLS_GROUP_FFDHE2048, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE2048", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE2048" + }, + { + .name = "TLS 1.2 DHE-PSK (FFDHE3072)", + .group = GNUTLS_GROUP_FFDHE3072, + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE3072", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE3072" + }, + { + .name = "TLS 1.2 DHE-PSK (FFDHE4096)", + .group = GNUTLS_GROUP_FFDHE4096, + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE4096", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE4096" + }, + { + .name = "TLS 1.2 DHE-PSK (FFDHE6144)", + .client_ret = 0, + .server_ret = 0, + .group = GNUTLS_GROUP_FFDHE6144, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE6144", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE6144" + }, + { + .name = "TLS 1.2 DHE-PSK (FFDHE8192)", + .group = GNUTLS_GROUP_FFDHE8192, + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE8192", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE8192" + }, + { + .name = "TLS 1.2 DHE-RSA (defaults)", + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-RSA (FFDHE2048)", + .group = GNUTLS_GROUP_FFDHE2048, + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE2048", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE2048" + }, + { + .name = "TLS 1.2 DHE-RSA (FFDHE3072)", + .group = GNUTLS_GROUP_FFDHE3072, + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE3072", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE3072" + }, + { + .name = "TLS 1.2 DHE-RSA (FFDHE4096)", + .group = GNUTLS_GROUP_FFDHE4096, + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE4096", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE4096" + }, + { + .name = "TLS 1.2 DHE-RSA (FFDHE6144)", + .group = GNUTLS_GROUP_FFDHE6144, + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE6144", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE6144" + }, + { + .name = "TLS 1.2 DHE-RSA (FFDHE8192)", + .group = GNUTLS_GROUP_FFDHE8192, + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE8192", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE8192" + }, + { + .name = "TLS 1.2 DHE-RSA (incompatible options)", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE8192", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE3072" + }, + { + .name = "TLS 1.2 DHE-RSA (complex neg)", + .group = GNUTLS_GROUP_FFDHE3072, + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE8192:+GROUP-FFDHE2048:+GROUP-FFDHE3072", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE3072" + }, + { + .name = "TLS 1.2 DHE-RSA (negotiation over ECDHE)", + .group = GNUTLS_GROUP_FFDHE3072, + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-FFDHE8192:+GROUP-FFDHE2048:+GROUP-FFDHE3072", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-FFDHE3072" + }, + { + .name = "TLS 1.2 DHE-RSA (negotiation over ECDHE - prio on ECDHE)", + .group = GNUTLS_GROUP_SECP256R1, + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE8192:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-FFDHE3072:+GROUP-SECP256R1" + } +}; + +void doit(void) +{ + unsigned i; + global_init(); + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the various certificate key exchange methods supported + * in gnutls */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +#define USE_CERT 1 +#define ASK_CERT 2 + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static +void try_with_key(const char *name, + const char *server_prio, + const char *client_prio, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + const gnutls_datum_t *client_cert, + const gnutls_datum_t *client_key, + unsigned cert_flags, + int exp_error_server, + int exp_error_client) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_anon_server_credentials_t s_anoncred; + gnutls_dh_params_t dh_params; + const gnutls_datum_t p3 = + { (unsigned char *) pkcs3, strlen(pkcs3) }; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_anon_client_credentials_t c_anoncred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + const char *err; + + reset_buffers(); + /* Init server */ + gnutls_anon_allocate_server_credentials(&s_anoncred); + gnutls_certificate_allocate_credentials(&serverx509cred); + + ret = gnutls_certificate_set_x509_key_mem(serverx509cred, + serv_cert, serv_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + } + + gnutls_dh_params_init(&dh_params); + gnutls_dh_params_import_pkcs3(dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_dh_params(serverx509cred, dh_params); + gnutls_anon_set_server_dh_params(s_anoncred, dh_params); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_credentials_set(server, GNUTLS_CRD_ANON, s_anoncred); + + ret = gnutls_priority_set_direct(server, server_prio, &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Error in server: %s\n", err); + exit(1); + } + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + if (cert_flags == USE_CERT) { + gnutls_certificate_set_x509_key_mem(clientx509cred, + client_cert, client_key, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE); + } else if (cert_flags == ASK_CERT) { + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + } + +#if 0 + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); +#endif + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + gnutls_anon_allocate_client_credentials(&c_anoncred); + gnutls_credentials_set(client, GNUTLS_CRD_ANON, c_anoncred); + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Error in %s\n", err); + exit(1); + } + success("negotiating %s\n", name); + HANDSHAKE_EXPECT(client, server, exp_error_client, exp_error_server); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + gnutls_anon_free_server_credentials(s_anoncred); + gnutls_anon_free_client_credentials(c_anoncred); + gnutls_dh_params_deinit(dh_params); +} + +void doit(void) +{ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* check compatibility and handling of SIGN-ECDSA-SECP256R1-SHA256 which + * is available under TLS1.3 but not TLS1.2 */ + try_with_key("TLS 1.2 with ecdhe ecdsa with ECDSA-SECP256R1-SHA256", + NULL, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:+SIGN-ECDSA-SECP384R1-SHA384:+SIGN-ECDSA-SECP521R1-SHA512:+SIGN-RSA-SHA256", + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN); + + try_with_key("TLS 1.2 with ecdhe ecdsa with ECDSA-SHA256", + NULL, "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA:-SIGN-ALL:+SIGN-ECDSA-SHA256:+SIGN-RSA-SHA256", + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, 0, 0); + + gnutls_global_deinit(); +} diff --git a/tests/tls12-max-record.c b/tests/tls12-max-record.c new file mode 100644 index 0000000..61ff1c4 --- /dev/null +++ b/tests/tls12-max-record.c @@ -0,0 +1,145 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" + +#define SERVER_PUSH_ADD if (len > 512 + 5+32) fail("max record set to 512, len: %d\n", (int)len); +#include "eagain-common.h" + +#include "cert-common.h" + +/* This tests whether the max-record extension is respected on TLS. + */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +void doit(void) +{ + global_init(); + + int ret; + char buf[1024]; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server2_cert, &server2_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_priority_set_direct(server, + "NORMAL:-VERS-ALL:+VERS-TLS1.2", + NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, + server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca2_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); + if (ret < 0) + exit(1); + + gnutls_record_set_max_size(client, 512); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, + client_pull_timeout_func); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + memset(buf, 1, sizeof(buf)); + ret = gnutls_record_send(server, buf, 513); + if (ret != 512 || ret < 0) { + gnutls_perror(ret); + exit(1); + } + success("did not send a 513-byte packet\n"); + + ret = gnutls_record_send(server, buf, 512); + if (ret < 0) { + gnutls_perror(ret); + exit(1); + } + success("did send a 512-byte packet\n"); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} diff --git a/tests/tls12-prf.c b/tests/tls12-prf.c new file mode 100644 index 0000000..c3412e2 --- /dev/null +++ b/tests/tls12-prf.c @@ -0,0 +1,113 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Authors: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "hex.h" + +int +_gnutls_prf_raw(gnutls_mac_algorithm_t mac, + size_t master_size, const void *master, + size_t label_size, const char *label, + size_t seed_size, const uint8_t *seed, size_t outsize, + char *out); + +#define MATCH_FUNC(fname, mac, dsecret, dseed, dlabel, doutput) \ +static void fname(void **glob_state) \ +{ \ + char tmp[512]; \ + gnutls_datum_t secret = dsecret; \ + gnutls_datum_t seed = dseed; \ + gnutls_datum_t label = dlabel; \ + gnutls_datum_t output = doutput; \ + int _rval; \ + _rval = _gnutls_prf_raw(mac, secret.size, secret.data, \ + label.size, (char*)label.data, seed.size, seed.data, output.size, tmp); \ + assert_int_equal(_rval, 0); \ + assert_int_equal(memcmp(tmp, output.data, output.size), 0); \ + gnutls_free(secret.data); \ + gnutls_free(label.data); \ + gnutls_free(seed.data); \ + gnutls_free(output.data); \ +} + +MATCH_FUNC(sha256_test1, GNUTLS_MAC_SHA256, + SHEX("0450b0ea9ecd3602ee0d76c5c3c86f4a"), + SHEX("207acc0254b867f5b925b45a33601d8b"), + SDATA("test label"), SHEX("ae679e0e714f5975763768b166979e1d")); + +MATCH_FUNC(sha256_test2, GNUTLS_MAC_SHA256, + SHEX("34204a9df0be6eb4e925a8027cf6c602"), + SHEX("98b2c40bcd664c83bb920c18201a6395"), + SDATA("test label"), SHEX("afa9312453c22fa83d2b511b372d73a402a2a62873239a51fade45082faf3fd2bb7ffb3e9bf36e28b3141aaba484005332a9f9e388a4d329f1587a4b317da07708ea1ba95a53f8786724bd83ce4b03af")); + +MATCH_FUNC(sha256_test3, GNUTLS_MAC_SHA256, + SHEX("a3691aa1f6814b80592bf1cf2acf1697"), + SHEX("5523d41e320e694d0c1ff5734d830b933e46927071c92621"), + SDATA("test label"), SHEX("6ad0984fa06f78fe161bd46d7c261de43340d728dddc3d0ff0dd7e0d")); + +MATCH_FUNC(sha256_test4, GNUTLS_MAC_SHA256, + SHEX("210ec937069707e5465bc46bf779e104108b18fdb793be7b218dbf145c8641f3"), + SHEX("1e351a0baf35c79945924394b881cfe31dae8f1c1ed54d3b"), + SDATA("test label"), SHEX("7653fa809cde3b553c4a17e2cdbcc918f36527f22219a7d7f95d97243ff2d5dee8265ef0af03")); + +/* https://www.ietf.org/mail-archive/web/tls/current/msg03416.html */ +MATCH_FUNC(sha384_test1, GNUTLS_MAC_SHA384, + SHEX("b80b733d6ceefcdc71566ea48e5567df"), + SHEX("cd665cf6a8447dd6ff8b27555edb7465"), + SDATA("test label"), SHEX("7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f")); + +#if ENABLE_GOST +/*https://tools.ietf.org/html/rfc7836 */ +MATCH_FUNC(streebog256_test1, GNUTLS_MAC_STREEBOG_256, + SHEX("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"), + SHEX("18471d622dc655c4d2d2269691ca4a560b50aba663553af241f1ada882c9f29a"), + SHEX("1122334455"), SHEX("ff09664a44745865944f839ebb48965f1544ff1cc8e8f16f247ee5f8a9ebe97fc4e3c7900e46cad3db6a01643063040ec67fc0fd5cd9f90465235237bdff2c02")); + +MATCH_FUNC(streebog512_test1, GNUTLS_MAC_STREEBOG_512, + SHEX("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"), + SHEX("18471d622dc655c4d2d2269691ca4a560b50aba663553af241f1ada882c9f29a"), + SHEX("1122334455"), SHEX("f35187a3dc9655113a0e84d06fd7526c5fc1fbdec1a0e4673dd6d79d0b920e65ad1bc47bb083b3851cb7cd8e7e6a911a626cf02b29e9e4a58ed766a449a7296de61a7a26c4d1caeecfd80cca65c71f0f88c1f822c0e8c0ad949d03fee139579f72ba0c3d32c5f954f1cccd54081fc7440278cba1fe7b7a17a986fdff5bd15d1f")); +#endif + +int main(void) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test(sha256_test1), + cmocka_unit_test(sha256_test2), + cmocka_unit_test(sha256_test3), + cmocka_unit_test(sha256_test4), + cmocka_unit_test(sha384_test1), +#if ENABLE_GOST + cmocka_unit_test(streebog256_test1), + cmocka_unit_test(streebog512_test1), +#endif + }; + return cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/tests/tls12-rehandshake-cert-2.c b/tests/tls12-rehandshake-cert-2.c new file mode 100644 index 0000000..3a96f5b --- /dev/null +++ b/tests/tls12-rehandshake-cert-2.c @@ -0,0 +1,404 @@ +/* + * Copyright (C) 2014 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +static void terminate(void); + +/* This program tests client and server initiated rehandshake + * behavior when they are refused by the peer. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + + +#define MAX_BUF 1024 + +static void client(int fd, unsigned test) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + memset(buffer, 2, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(3); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (debug) + success("client: test %d\n", test); + + if (test != 0) { + ret = gnutls_handshake(session); + if (ret != GNUTLS_E_GOT_APPLICATION_DATA) { + fail("client: error in code after rehandshake: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + do { + do { + ret = + gnutls_record_recv(session, buffer, + MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + } else { + do { + do { + ret = + gnutls_record_recv(session, buffer, + MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret != GNUTLS_E_REHANDSHAKE) { + fail("client: Error receiving rehandshake: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + do { + ret = + gnutls_record_send(session, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("Error sending %d byte packet: %s\n", + (int)sizeof(buffer), gnutls_strerror(ret)); + exit(1); + } + + do { + ret = + gnutls_record_send(session, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("Error sending %d byte packet: %s\n", + (int)sizeof(buffer), gnutls_strerror(ret)); + exit(1); + } + + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, unsigned test) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(3); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (debug) + success("server: test %d\n", test); + + if (test != 0) { + + do { + do { + ret = + gnutls_record_recv(session, buffer, + MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret != GNUTLS_E_REHANDSHAKE) { + fail("server: Error receiving client handshake request: %s\n", gnutls_strerror(ret)); + terminate(); + } + + do { + ret = + gnutls_record_send(session, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("Error sending %d byte packet: %s\n", + (int)sizeof(buffer), gnutls_strerror(ret)); + terminate(); + } + + } else { + if (debug) + success("server: sending rehandshake request\n"); + + ret = gnutls_rehandshake(session); + if (ret < 0) { + fail("Error sending %d byte packet: %s\n", + (int)sizeof(buffer), gnutls_strerror(ret)); + terminate(); + } + + if (debug) + success("server: starting handshake\n"); + + ret = gnutls_handshake(session); + + if (ret != GNUTLS_E_GOT_APPLICATION_DATA) { + fail("server: didn't receive GNUTLS_E_GOT_APPLICATION_DATA: %s\n", gnutls_strerror(ret)); + terminate(); + } + + if (debug) + success("server: got application data error code: %s\n", + gnutls_strerror(ret)); + + do { + do { + ret = + gnutls_record_recv(session, buffer, + MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (debug) + success("server: final ret: %s\n", + gnutls_strerror(ret)); + + if (ret < 0) { + fail("Error receiving final packet: %s\n", + gnutls_strerror(ret)); + terminate(); + } + + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(unsigned test) +{ + int fd[2]; + int ret; + int status = 0; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], test); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], test); + exit(0); + } +} + +static void ch_handler(int sig) +{ + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start(0); + start(1); +} + +#endif /* _WIN32 */ diff --git a/tests/tls12-rehandshake-cert-3.c b/tests/tls12-rehandshake-cert-3.c new file mode 100644 index 0000000..4fcbc6c --- /dev/null +++ b/tests/tls12-rehandshake-cert-3.c @@ -0,0 +1,334 @@ +/* + * Copyright (C) 2014 Nikos Mavrogiannopoulos + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +static void terminate(void); + +/* This program tests client initiated rehandshake. + * On the initial handshake a certificate is requested from the + * client, while on the following up not. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 +#define MAX_REHANDSHAKES 16 + +static void client(int fd) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + unsigned i; + + global_init(); + memset(buffer, 2, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(3); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &cli_cert, + &cli_key, GNUTLS_X509_FMT_PEM); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.1", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + for (i=0;i 0); + + if (ret != 0) { + fail("client: Error receiving: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + unsigned tries = 0; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.1", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUIRE); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + gnutls_certificate_server_set_request(session, GNUTLS_CERT_IGNORE); + + do { + tries++; + + do { + do { + ret = + gnutls_record_recv(session, buffer, + MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + } while (ret > 0); + + if (ret == 0) + break; + + if (ret != GNUTLS_E_REHANDSHAKE) { + fail("server: Error receiving client handshake request: %s\n", gnutls_strerror(ret)); + terminate(); + } + + if (debug) + success("server: starting handshake\n"); + + ret = gnutls_handshake(session); + if (ret != 0) { + fail("server: unexpected error: %s\n", gnutls_strerror(ret)); + terminate(); + } + + if (debug) + success("server: handshake %d\n", tries); + } while(tries < MAX_REHANDSHAKES); + + if (tries < MAX_REHANDSHAKES) + fail("server: only did %d rehandshakes\n", tries); + + ret = gnutls_record_send(session, "hello", 4); + if (ret < 0) { + fail("Error sending data: %s\n", + gnutls_strerror(ret)); + terminate(); + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(void) +{ + int fd[2]; + int ret; + int status = 0; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0]); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +static void ch_handler(int sig) +{ + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start(); +} + +#endif /* _WIN32 */ diff --git a/tests/tls12-rehandshake-cert-auto.c b/tests/tls12-rehandshake-cert-auto.c new file mode 100644 index 0000000..f2c2b27 --- /dev/null +++ b/tests/tls12-rehandshake-cert-auto.c @@ -0,0 +1,278 @@ +/* + * Copyright (C) 2014 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* This program tests server initiated rehandshake when + * handled transparently by the client. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + + +#define MAX_BUF 1024 + +static void client(int fd) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + /* Need to enable anonymous KX specifically. */ + + global_init(); + memset(buffer, 2, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4); + } + + gnutls_anon_allocate_client_credentials(&anoncred); + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_AUTO_REAUTH); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Use default priorities */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + do { + ret = + gnutls_record_recv(session, buffer, + MAX_BUF); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + assert(ret == 0); + + gnutls_bye(session, GNUTLS_SHUT_WR); + close(fd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +/* These are global */ +pid_t child; + +static void server(int fd) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, GNUTLS_X509_FMT_PEM); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_init(&session, GNUTLS_SERVER); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (debug) + success("server: sending rehandshake request\n"); + + do { + ret = gnutls_rehandshake(session); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) { + fail("Error sending %d byte packet: %s\n", + (int)sizeof(buffer), gnutls_strerror(ret)); + } + + if (debug) + success("server: starting handshake\n"); + + ret = gnutls_handshake(session); + if (ret < 0) { + fail("server: didn't complete handshake: %s\n", gnutls_strerror(ret)); + } + + if (debug) + success("server: re-handshake is complete\n"); + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + close(fd); + gnutls_deinit(session); + + gnutls_anon_free_server_credentials(anoncred); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +void doit(void) +{ + signal(SIGCHLD, SIG_IGN); + signal(SIGPIPE, SIG_IGN); + + int fd[2]; + int ret; + int status = 0; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0]); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls12-rehandshake-cert.c b/tests/tls12-rehandshake-cert.c new file mode 100644 index 0000000..dc4937d --- /dev/null +++ b/tests/tls12-rehandshake-cert.c @@ -0,0 +1,182 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "cmocka-common.h" + +/* This program tests server initiated rehandshake */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +#define MAX_REHANDSHAKES 16 + +static void test_rehandshake(void **glob_state, unsigned appdata) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + char buffer[64]; + int ret; + unsigned i; + + /* General init. */ + reset_buffers(); + ret = gnutls_global_init(); + assert_return_code(ret, 0); + + gnutls_global_set_log_function(tls_log_func); + + /* Init server */ + ret = gnutls_certificate_allocate_credentials(&serverx509cred); + assert_return_code(ret, 0); + + ret = gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + assert_return_code(ret, 0); + + ret = gnutls_init(&server, GNUTLS_SERVER); + assert_return_code(ret, 0); + + ret = gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert_return_code(ret, 0); + + ret = gnutls_priority_set_direct(server, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + assert_return_code(ret, 0); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + assert_return_code(ret, 0); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + assert_return_code(ret, 0); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + assert_return_code(ret, 0); + + ret = gnutls_priority_set_direct(client, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL); + assert_return_code(ret, 0); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (appdata) { + /* send application data prior to handshake */ + ssize_t n; + char b[1]; + + do { + sret = gnutls_rehandshake(server); + } while (sret == GNUTLS_E_AGAIN); + + do { + n = gnutls_record_recv(client, b, 1); + } while(n == GNUTLS_E_AGAIN); + + assert_int_equal(n, GNUTLS_E_REHANDSHAKE); + + /* client sends app data and the server ignores them */ + do { + cret = gnutls_record_send(client, "x", 1); + } while (cret == GNUTLS_E_AGAIN); + + do { + sret = gnutls_handshake(server); + } while (sret == GNUTLS_E_AGAIN); + assert_int_equal(sret, GNUTLS_E_GOT_APPLICATION_DATA); + + do { + n = gnutls_record_recv(server, buffer, sizeof(buffer)); + } while(n == GNUTLS_E_AGAIN); + + HANDSHAKE(client, server); + } else { + ssize_t n; + char b[1]; + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" +#include "eagain-common.h" + +/* This program tests whether setting a new priority string + * with TLS1.3 enabled on a running TLS1.2 session will + * not prohibit or affect a following rehandshake. + * + * Seen in https://bugzilla.redhat.com/show_bug.cgi?id=1634736 + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +#define MAX_REHANDSHAKES 16 + +static void test_rehandshake(void) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + unsigned i; + + reset_buffers(); + assert(gnutls_global_init()>=0); + + gnutls_global_set_log_function(tls_log_func); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&server, GNUTLS_SERVER)>=0); + + assert(gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred)>=0); + + assert(gnutls_priority_set_direct(server, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL)>=0); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + assert(gnutls_certificate_allocate_credentials(&clientx509cred)>=0); + + assert(gnutls_init(&client, GNUTLS_CLIENT)>=0); + + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred)>=0); + + assert(gnutls_priority_set_direct(client, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.2", NULL)>=0); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + { + ssize_t n; + char b[1]; + + for (i=0;i=0); + + HANDSHAKE(client, server); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +void doit(void) +{ + test_rehandshake(); +} diff --git a/tests/tls12-server-kx-neg.c b/tests/tls12-server-kx-neg.c new file mode 100644 index 0000000..e3a2de3 --- /dev/null +++ b/tests/tls12-server-kx-neg.c @@ -0,0 +1,562 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the ciphersuite negotiation for various key exchange + * methods and options. */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" + +#include "server-kx-neg-common.c" + +test_case_st tests[] = { + { + .name = "TLS 1.2 ANON-DH without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ANON-DH with cred but no DH params", + .client_ret = 0, + .server_ret = 0, + .have_anon_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ANON-DH with cred and DH params (level)", + .server_ret = 0, + .client_ret = 0, + .have_anon_cred = 1, + .have_anon_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ANON-DH with cred and DH params (explicit)", + .server_ret = 0, + .client_ret = 0, + .have_anon_cred = 1, + .have_anon_exp_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ANON-DH:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-RSA without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-RSA with cred but no DH params or cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-RSA with cred and cert but no DH params", + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-RSA with cred and DH params but no cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-RSA with cred and incompatible cert and DH params", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .have_ecc_sign_cert = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-RSA with cred and cert and DH params (level)", + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-RSA with cred and cert and DH params (explicit)", + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_cert_exp_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-RSA with cred and multiple certs and DH params", + .client_ret = 0, + .server_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .have_cert_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-PSK without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-PSK with cred but no DH params", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-PSK with cred and DH params (level)", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .have_psk_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 DHE-PSK with cred and DH params (explicit)", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .have_psk_exp_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ECDHE-RSA without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ECDHE-RSA with cred but no common curve or cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.2 ECDHE-RSA with cred and cert but no common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.2 ECDHE-RSA with cred and common curve but no cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ECDHE-RSA with cred and incompatible cert and common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ECDHE-RSA with cred and cert and common curve", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ECDHE-RSA with cred and multiple certs and common curve", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + + { + .name = "TLS 1.2 ECDHE-ECDSA without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ECDHE-ECDSA with cred but no common curve or cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.2 ECDHE-ECDSA with cred and cert but no common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.2 ECDHE-ECDSA with cred and common curve but no ECDSA cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ECDHE-ECDSA with cred and common curve but no cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ECDHE-ECDSA with cred and cert and common curve", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ECDHE-ECDSA with cred and multiple certs and common curve", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_ecc_sign_cert = 1, + .have_rsa_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ECDHE-ECDSA with cred and ed25519 cert", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_ed25519_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ECDHE-ECDSA with cred and cert but incompatible (ed25519) curves", + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .client_ret = GNUTLS_E_AGAIN, + .have_cert_cred = 1, + .have_ed25519_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-ECDSA:-VERS-ALL:+VERS-TLS1.2:-CURVE-ED25519:-SIGN-EDDSA-ED25519" + }, + { + .name = "TLS 1.2 ECDHE-PSK without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 ECDHE-PSK with cred but no common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.2:-CURVE-ALL:+CURVE-SECP256R1", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.2:-CURVE-ALL:+CURVE-SECP384R1" + }, + { + .name = "TLS 1.2 ECDHE-PSK with cred and common curve", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 RSA-PSK without cert cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 RSA-PSK without psk cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_psk_cred = 0, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 RSA-PSK with cred but invalid cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_psk_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 RSA-PSK with cred", + .server_ret = 0, + .client_ret = 0, + .have_psk_cred = 1, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 RSA-PSK with cred and multiple certs", + .server_ret = 0, + .client_ret = 0, + .have_psk_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 SRP-RSA without cert cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .have_srp_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 SRP-RSA without srp cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_srp_cred = 0, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 SRP-RSA with cred but invalid cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_srp_cred = 1, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 SRP-RSA with cred", + .server_ret = 0, + .client_ret = 0, + .have_srp_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 SRP-RSA with cred and multiple certs", + .server_ret = 0, + .client_ret = 0, + .have_srp_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 SRP without srp cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .have_srp_cred = 0, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 SRP with cred", + .server_ret = 0, + .client_ret = 0, + .have_srp_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+SRP:-VERS-ALL:+VERS-TLS1.2" + }, + +#ifdef ENABLE_GOST + { + .name = "TLS 1.2 VKO-GOST-12 without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 VKO-GOST-12 with cred but no cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 VKO-GOST-12 with cred but no GOST cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-256 cert", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_gost12_256_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-512 cert", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_gost12_512_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 VKO-GOST-12 with cred and multiple certs", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_ecc_sign_cert = 1, + .have_rsa_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .have_gost12_256_cert = 1, + .have_gost12_512_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2" + }, + { + .name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-256 cert client lacking signature algs (like SChannel)", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_gost12_256_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NONE:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+VERS-TLS1.2:+SIGN-RSA-SHA256" + }, + { + .name = "TLS 1.2 VKO-GOST-12 with cred and GOST12-512 cert client lacking signature algs (like SChannel)", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_gost12_512_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NONE:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+VERS-TLS1.2:+SIGN-RSA-SHA256" + }, +#endif +}; + +void doit(void) +{ + unsigned i; + global_init(); + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the various certificate key exchange methods supported + * in gnutls */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "common-cert-key-exchange.h" +#include "cert-common.h" + +void doit(void) +{ + global_init(); + + server_priority = "NORMAL:+ANON-DH:+ANON-ECDH:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519"; + try_x509("TLS 1.3 with ffdhe2048 rsa no-cli-cert / anon on server", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + + /** X.509 tests **/ + server_priority = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519"; + + /* TLS 1.3 no client cert */ + try_x509("TLS 1.3 with ffdhe2048 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with ffdhe3072 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with ffdhe4096 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE4096", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with secp256r1 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with secp384r1 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with secp521r1 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.3 with x25519 rsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + + try_with_key_ks("TLS 1.3 with secp256r1 ecdsa no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_GROUP_SECP256R1, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + + /* Test RSA-PSS cert/key combo issues */ + try_with_key_ks("TLS 1.3 with x25519 with rsa-pss-sha256 key no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_GROUP_X25519, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key_ks("TLS 1.3 with x25519 with rsa-pss-sha256 key and 1 sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_GROUP_X25519, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key_ks("TLS 1.3 with x25519 with rsa-pss-sha256 key and rsa-pss-sha384 first sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_GROUP_X25519, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key_ks("TLS 1.3 with x25519 with rsa-pss-sha256 key and rsa-pss-sha512 first sig no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-SHA512:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL, 0, GNUTLS_GROUP_X25519, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + + try_with_key_ks("TLS 1.3 with x25519 rsa-pss/rsa-pss no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-SHA256", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_SHA256, GNUTLS_SIGN_UNKNOWN, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, NULL, NULL, 0, GNUTLS_GROUP_X25519, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_with_key_ks("TLS 1.3 with x25519 ed25519 no-cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-ECDSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_UNKNOWN, + &server_ca3_eddsa_cert, &server_ca3_eddsa_key, NULL, NULL, 0, GNUTLS_GROUP_X25519, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + + /* client authentication */ + try_with_key("TLS 1.3 with rsa-pss cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_RSA_PSS_SHA256, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_rsa_pss_cert, &cli_ca3_rsa_pss_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.3 with rsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.3 with ecdsa cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + try_with_key("TLS 1.3 with x25519 ed25519 cli-cert (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_EDDSA_ED25519, + &server_ca3_eddsa_cert, &server_ca3_eddsa_key, &server_ca3_eddsa_cert, &server_ca3_eddsa_key, USE_CERT, GNUTLS_CRT_X509, GNUTLS_CRT_X509); + + /* TLS 1.3 mis-matching groups */ + /* Our policy is to send a key share for the first of each type of groups, so make sure + * the server doesn't support them */ + server_priority = "NORMAL:-GROUP-ALL:-VERS-TLS-ALL:+VERS-TLS1.3:+GROUP-FFDHE3072:+GROUP-SECP521R1", + + try_x509_ks("TLS 1.3 with default key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_GROUP_FFDHE3072); + try_x509_ks("TLS 1.3 with ffdhe2048 key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_GROUP_FFDHE3072); + try_x509_ks("TLS 1.3 with ffdhe4096 key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE4096:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_GROUP_FFDHE3072); + try_x509_ks("TLS 1.3 with secp256r1 key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_GROUP_SECP521R1); + try_x509_ks("TLS 1.3 with secp384r1 key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_GROUP_SECP521R1); + try_x509_ks("TLS 1.3 with secp521r1 key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_GROUP_SECP521R1); + try_x509_ks("TLS 1.3 with x25519 -> ffdhe3072 key share (ctype X.509)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP384R1:+GROUP-FFDHE3072", GNUTLS_KX_DHE_RSA, GNUTLS_GROUP_FFDHE3072); + + /* TLS 1.2 fallback */ + server_priority = "NORMAL:-VERS-ALL:+VERS-TLS1.2:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519", + + try_with_key_ks("TLS 1.2 fallback with x25519 ed25519 no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-KX-ALL:+ECDHE-ECDSA:-CURVE-ALL:+CURVE-X25519:-SIGN-ALL:+SIGN-EDDSA-ED25519", GNUTLS_KX_ECDHE_ECDSA, GNUTLS_SIGN_EDDSA_ED25519, GNUTLS_SIGN_UNKNOWN, + &server_ca3_eddsa_cert, &server_ca3_eddsa_key, NULL, NULL, 0, 0, GNUTLS_CRT_X509, GNUTLS_CRT_UNKNOWN); + try_x509("TLS 1.2 fallback with secp521r1 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-GROUP-ALL:+GROUP-SECP521R1", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + try_x509("TLS 1.2 fallback with ffdhe2048 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-KX-ALL:+DHE-RSA:-GROUP-ALL:+GROUP-FFDHE2048", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_SHA256, GNUTLS_SIGN_UNKNOWN); + + /** Raw public-key tests **/ + server_priority = "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+ECDHE-RSA:+DHE-RSA:+RSA:+ECDHE-ECDSA:+CURVE-X25519:+SIGN-EDDSA-ED25519:+CTYPE-ALL"; + + try_rawpk("TLS 1.3 with ffdhe2048 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+CTYPE-ALL", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.3 with ffdhe3072 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE3072:+CTYPE-ALL", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.3 with ffdhe4096 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE4096:+CTYPE-ALL", GNUTLS_KX_DHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.3 with secp256r1 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.3 with secp384r1 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP384R1:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.3 with secp521r1 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP521R1:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + try_rawpk("TLS 1.3 with x25519 rsa no-cli-cert (ctype Raw PK)", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+CTYPE-ALL", GNUTLS_KX_ECDHE_RSA, GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, GNUTLS_SIGN_UNKNOWN); + + + /** Illegal setups **/ + server_priority = "NORMAL:-VERS-ALL:+VERS-TLS1.3"; + try_with_key_fail("TLS 1.3 with rsa cert and only RSA-PSS sig algos in client", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", + GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, + &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL); + + try_with_key_fail("TLS 1.3 with x25519 with rsa-pss cert and RSAE signatures", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA256:+SIGN-RSA-PSS-RSAE-SHA384", + GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, + &server_ca3_rsa_pss2_cert, &server_ca3_rsa_pss2_key, NULL, NULL); + + server_priority = NULL; + try_with_key_fail("TLS 1.3 with rsa cert and only RSA-PSS sig algos", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", + GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, + &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL); + + try_with_key_fail("TLS 1.3 with rsa-pss cert and rsa cli cert with only RSA-PSS sig algos", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:-SIGN-ALL:+SIGN-RSA-PSS-SHA256:+SIGN-RSA-PSS-SHA384:+SIGN-RSA-PSS-SHA512", + GNUTLS_E_CERTIFICATE_REQUIRED, GNUTLS_E_SUCCESS, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &cli_ca3_cert, &cli_ca3_key); + + try_with_key_fail("TLS 1.3 with rsa encryption cert", + "NORMAL:-VERS-ALL:+VERS-TLS1.3", + GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, + &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key, NULL, NULL); + + try_with_key_fail("TLS 1.3 and TLS 1.2 with rsa encryption cert", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2", + GNUTLS_E_SUCCESS, GNUTLS_E_SUCCESS, + &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key, NULL, NULL); + + try_with_key_fail("TLS 1.3 with (forced) rsa encryption cert - client should detect", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS", + GNUTLS_E_AGAIN, GNUTLS_E_KEY_USAGE_VIOLATION, + &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key, NULL, NULL); + + try_with_key_fail("TLS 1.3 with client rsa encryption cert", + "NORMAL:-VERS-ALL:+VERS-TLS1.3", + GNUTLS_E_AGAIN, GNUTLS_E_INSUFFICIENT_CREDENTIALS, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key); + + try_with_key_fail("TLS 1.3 with (forced) client rsa encryption cert - server should detect", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:%DEBUG_ALLOW_KEY_USAGE_VIOLATIONS", + GNUTLS_E_KEY_USAGE_VIOLATION, GNUTLS_E_SUCCESS, + &server_ca3_rsa_pss_cert, &server_ca3_rsa_pss_key, &server_ca3_localhost_rsa_decrypt_cert, &server_ca3_key); + + try_with_rawpk_key_fail("rawpk TLS 1.3 with rsa encryption cert", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-RAWPK", + GNUTLS_E_NO_CIPHER_SUITES, GNUTLS_E_AGAIN, + &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT, NULL, NULL, 0); + + try_with_rawpk_key_fail("rawpk TLS 1.3 and TLS 1.2 with rsa encryption cert", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+CTYPE-RAWPK", + GNUTLS_E_SUCCESS, GNUTLS_E_SUCCESS, + &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT, NULL, NULL, 0); + + try_with_rawpk_key_fail("rawpk TLS 1.3 with client rsa encryption cert", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:+CTYPE-RAWPK", + GNUTLS_E_AGAIN, GNUTLS_E_INSUFFICIENT_CREDENTIALS, + &rawpk_public_key2, &rawpk_private_key2, 0, &rawpk_public_key1, &rawpk_private_key1, GNUTLS_KEY_KEY_ENCIPHERMENT); + + /* we do not test TLS 1.3 with (forced) rsa encryption cert - client should detect, because + * there is no way under raw public keys for the client or server to know the intended type. */ + + gnutls_global_deinit(); +} diff --git a/tests/tls13-cipher-neg.c b/tests/tls13-cipher-neg.c new file mode 100644 index 0000000..16a8883 --- /dev/null +++ b/tests/tls13-cipher-neg.c @@ -0,0 +1,171 @@ +/* + * Copyright (C) 2017-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the ciphersuite negotiation for various key exchange + * methods and options under TLS1.3. */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" + +#include "cipher-neg-common.c" + +/* We remove the ECDHE and DHE key exchanges as they impose additional + * rules in the sorting of groups. + */ +#define SPRIO "NORMAL:-VERS-ALL:+VERS-TLS1.3" +#define CPRIO "NORMAL:-VERS-ALL:+VERS-TLS1.3" + +test_case_st tests[] = { + { + .name = "server TLS 1.3: NULL (server - exp fallback)", + .not_on_fips = 1, + .cipher = GNUTLS_CIPHER_NULL, + .server_prio = SPRIO":+VERS-TLS1.2:-CIPHER-ALL:+NULL:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL", + .client_prio = CPRIO":+VERS-TLS1.2:+NULL:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(NULL)-(SHA1)", + }, + { + .name = "client TLS 1.3: NULL (client)", + .not_on_fips = 1, + .cipher = GNUTLS_CIPHER_NULL, + .server_prio = SPRIO":+VERS-TLS1.2:+NULL:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1", + .client_prio = CPRIO":-CIPHER-ALL:+NULL:+CIPHER-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL", + .desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(NULL)-(SHA1)", + }, + { + .name = "server TLS 1.3: AES-128-GCM with SECP256R1 (server)", + .cipher = GNUTLS_CIPHER_AES_128_GCM, + .group = GNUTLS_GROUP_SECP256R1, + .server_prio = SPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL", + .client_prio = CPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1", + .desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)", + }, + { + .name = "both TLS 1.3: AES-128-GCM with X25519 (server)", + .cipher = GNUTLS_CIPHER_AES_128_GCM, + .group = GNUTLS_GROUP_X25519, + .server_prio = SPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-X25519:+GROUP-ALL", + .client_prio = CPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1:+GROUP-ALL", + .desc = "(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)", + }, + { + .name = "client TLS 1.3: AES-128-GCM with SECP256R1 (client)", + .cipher = GNUTLS_CIPHER_AES_128_GCM, + .group = GNUTLS_GROUP_SECP256R1, + .server_prio = SPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1", + .client_prio = CPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL", + .desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)", + }, + { + .name = "both TLS 1.3: AES-128-GCM with X25519 (client)", + .cipher = GNUTLS_CIPHER_AES_128_GCM, + .group = GNUTLS_GROUP_X25519, + .server_prio = SPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1:+GROUP-ALL", + .client_prio = CPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-ALL", + .desc = "(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)", + }, + { + .name = "server TLS 1.3: AES-128-CCM and FFDHE2048 (server)", + .cipher = GNUTLS_CIPHER_AES_128_CCM, + .group = GNUTLS_GROUP_FFDHE2048, + .server_prio = SPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL", + .client_prio = CPRIO":+AES-128-CCM", + .desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)", + }, + { + .name = "both TLS 1.3: AES-128-CCM and FFDHE 2048 (server)", + .cipher = GNUTLS_CIPHER_AES_128_CCM, + .group = GNUTLS_GROUP_FFDHE2048, + .server_prio = SPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL", + .client_prio = CPRIO":+AES-128-CCM:+VERS-TLS1.3", + .desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)", + }, + { + .name = "client TLS 1.3: AES-128-CCM and FFDHE 2048 (client)", + .cipher = GNUTLS_CIPHER_AES_128_CCM, + .group = GNUTLS_GROUP_FFDHE2048, + .server_prio = SPRIO":+AES-128-CCM", + .client_prio = CPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL", + .desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)", + }, + { + .name = "both TLS 1.3: AES-128-CCM and FFDHE 2048 (client)", + .cipher = GNUTLS_CIPHER_AES_128_CCM, + .group = GNUTLS_GROUP_FFDHE2048, + .server_prio = SPRIO":+AES-128-CCM:+VERS-TLS1.3", + .client_prio = CPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL", + .desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)", + }, + { + .name = "server TLS 1.3: CHACHA20-POLY (server)", + .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305, + .not_on_fips = 1, + .server_prio = SPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:%SERVER_PRECEDENCE", + .client_prio = CPRIO":+CHACHA20-POLY1305", + .desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)", + }, + { + .name = "both TLS 1.3: CHACHA20-POLY (server)", + .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305, + .not_on_fips = 1, + .server_prio = SPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:%SERVER_PRECEDENCE", + .client_prio = CPRIO":+CHACHA20-POLY1305:+VERS-TLS1.3", + .desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)", + }, + { + .name = "client TLS 1.3: CHACHA20-POLY (client)", + .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305, + .not_on_fips = 1, + .server_prio = SPRIO":+CHACHA20-POLY1305", + .client_prio = CPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL", + .desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)", + }, + { + .name = "both TLS 1.3: CHACHA20-POLY (client)", + .cipher = GNUTLS_CIPHER_CHACHA20_POLY1305, + .not_on_fips = 1, + .server_prio = SPRIO":+CHACHA20-POLY1305", + .client_prio = CPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL", + .desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)", + } +}; + +void doit(void) +{ + unsigned i; + global_init(); + + for (i=0;i. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "cert-common.h" +#include "eagain-common.h" +#include "utils.h" + +/* This tests TLS 1.3 middlebox compatibility mode. */ + +#define COMPAT_PRIO "NORMAL:-VERS-ALL:+VERS-TLS1.3" +#define NO_COMPAT_PRIO COMPAT_PRIO ":%DISABLE_TLS13_COMPAT_MODE" + +#define HANDSHAKE_SESSION_ID_POS 34 + +struct data { + bool compat; +}; + +static int +handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, + const gnutls_datum_t *msg) +{ + unsigned pos; + struct data *data; + uint8_t s; + + assert(htype == GNUTLS_HANDSHAKE_CLIENT_HELLO); + assert(msg->size >= HANDSHAKE_SESSION_ID_POS); + + data = gnutls_session_get_ptr(session); + + pos = HANDSHAKE_SESSION_ID_POS; + if (pos + 1 > msg->size) + fail("error\n"); + s = msg->data[pos]; + + if (data->compat && s == 0) { + fail("empty session ID while compat mode is enabled\n"); + } else if (!data->compat && s > 0) { + fail("non-empty session ID while compat mode is disabled\n"); + } + + return 0; +} + +static void +test(const char *name, bool client_compat, bool server_compat) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + struct data data; + int cret = GNUTLS_E_AGAIN; + + success("%s\n", name); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&serverx509cred) >= 0); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); + assert(gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred) >= 0); + assert(gnutls_priority_set_direct(server, + server_compat ? + COMPAT_PRIO : NO_COMPAT_PRIO, + NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + assert(gnutls_certificate_allocate_credentials(&clientx509cred) >= 0); + assert(gnutls_init(&client, GNUTLS_CLIENT) >= 0); + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred) >= 0); + + assert(gnutls_priority_set_direct(client, + client_compat ? + COMPAT_PRIO : NO_COMPAT_PRIO, + NULL) >= 0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + data.compat = client_compat; + gnutls_session_set_ptr(client, &data); + gnutls_handshake_set_hook_function(client, GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HOOK_POST, + handshake_callback); + + HANDSHAKE(client, server); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); +} + +void doit(void) +{ + test("client compat, server compat", true, true); + test("client compat, server non-compat", true, false); + test("client non-compat, server compat", false, true); + test("client non-compat, server non-compat", false, false); +} diff --git a/tests/tls13-early-data-neg.c b/tests/tls13-early-data-neg.c new file mode 100644 index 0000000..075c21f --- /dev/null +++ b/tests/tls13-early-data-neg.c @@ -0,0 +1,479 @@ +/* + * Copyright (C) 2012-2018 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main(void) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" +#include "virt-time.h" + +/* This program tests the robustness of record sending with padding. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + + +#define SESSIONS 3 +#define MAX_BUF 1024 +#define MSG "Hello TLS" +#define EARLY_MSG "Hello TLS, it's early" +#define PRIORITY "NORMAL:-VERS-ALL:+VERS-TLS1.3" + +static const +gnutls_datum_t hrnd = {(void*)"\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}; + +static int gnutls_rnd_works; + +int __attribute__ ((visibility ("protected"))) +gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) +{ + gnutls_rnd_works = 1; + + memset(data, 0xff, len); + + /* Flip the first byte to avoid infinite loop in the RSA + * blinding code of Nettle */ + if (len > 0) + memset(data, 0x0, 1); + return 0; +} + +gnutls_datum_t client_hello_msg = {NULL, 0}; + +static int handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + assert(client_hello_msg.data == NULL); + + client_hello_msg.data = gnutls_malloc(msg->size+9); + assert(client_hello_msg.data != NULL); + client_hello_msg.size = msg->size+9; + memcpy(client_hello_msg.data+9, msg->data, msg->size); + /* reconstruct record header */ + client_hello_msg.data[0] = 22; + client_hello_msg.data[1] = 3; + client_hello_msg.data[2] = 3; + client_hello_msg.data[3] = (msg->size+4) >> 8; + client_hello_msg.data[4] = (msg->size+4); + + client_hello_msg.data[5] = GNUTLS_HANDSHAKE_CLIENT_HELLO; + client_hello_msg.data[6] = 0; + client_hello_msg.data[7] = msg->size >> 8; + client_hello_msg.data[8] = msg->size; + + return 0; +} + +static void client(int sds[]) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + int t; + gnutls_datum_t session_data = {NULL, 0}; + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + /* Generate the same ob_ticket_age value, which affects the + * binder calculation. + */ + virt_time_init(); + + gnutls_certificate_allocate_credentials(&x509_cred); + + for (t = 0; t < SESSIONS-1; t++) { + int sd = sds[t]; + + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + assert(gnutls_priority_set_direct(session, PRIORITY, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, sd); + + if (t > 0) { + assert(gnutls_session_set_data(session, session_data.data, session_data.size) >= 0); + assert(gnutls_record_send_early_data(session, EARLY_MSG, sizeof(EARLY_MSG)) >= 0); + assert(gnutls_handshake_set_random(session, &hrnd) >= 0); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HOOK_POST, + handshake_callback); + } + + /* Perform the TLS handshake + */ + gnutls_handshake_set_timeout(session, get_timeout()); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (t == 0) { + /* get the session data size */ + ret = + gnutls_session_get_data2(session, + &session_data); + if (ret < 0) + fail("client: Getting resume data failed\n"); + } + + if (t > 0) { + if (!gnutls_session_is_resumed(session)) { + fail("client: session_is_resumed error (%d)\n", t); + } + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + + gnutls_deinit(session); + } + + assert(client_hello_msg.data != NULL); + + ret = send(sds[SESSIONS-1], client_hello_msg.data, client_hello_msg.size, 0); + assert(ret == (int)client_hello_msg.size); + + end: + gnutls_free(client_hello_msg.data); + gnutls_free(session_data.data); + gnutls_certificate_free_credentials(x509_cred); +} + + +static pid_t child; + +#define MAX_CLIENT_HELLO_RECORDED 10 + +struct storage_st { + gnutls_datum_t entries[MAX_CLIENT_HELLO_RECORDED]; + size_t num_entries; +}; + +static int +storage_add(void *ptr, time_t expires, const gnutls_datum_t *key, const gnutls_datum_t *value) +{ + struct storage_st *storage = ptr; + gnutls_datum_t *datum; + size_t i; + + for (i = 0; i < storage->num_entries; i++) { + if (key->size == storage->entries[i].size && + memcmp(storage->entries[i].data, key->data, key->size) == 0) { + return GNUTLS_E_DB_ENTRY_EXISTS; + } + } + + /* If the maximum number of ClientHello exceeded, reject early + * data until next time. + */ + if (storage->num_entries == MAX_CLIENT_HELLO_RECORDED) + return GNUTLS_E_DB_ERROR; + + datum = &storage->entries[storage->num_entries]; + datum->data = gnutls_malloc(key->size); + if (!datum->data) + return GNUTLS_E_MEMORY_ERROR; + memcpy(datum->data, key->data, key->size); + datum->size = key->size; + + storage->num_entries++; + + return 0; +} + +static void +storage_clear(struct storage_st *storage) +{ + size_t i; + + for (i = 0; i < storage->num_entries; i++) + gnutls_free(storage->entries[i].data); + storage->num_entries = 0; +} + +static void server(int sds[]) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_datum_t session_ticket_key = { NULL, 0 }; + struct storage_st storage; + gnutls_anti_replay_t anti_replay; + int t; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + memset(&storage, 0, sizeof(storage)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_session_ticket_key_generate(&session_ticket_key); + + ret = gnutls_anti_replay_init(&anti_replay); + if (ret < 0) + fail("server: failed to initialize anti-replay\n"); + gnutls_anti_replay_set_add_function(anti_replay, storage_add); + gnutls_anti_replay_set_ptr(anti_replay, &storage); + + for (t = 0; t < SESSIONS; t++) { + int sd = sds[t]; + + success("=== session %d ===\n", t); + + assert(gnutls_init(&session, GNUTLS_SERVER|GNUTLS_ENABLE_EARLY_DATA)>=0); + + assert(gnutls_priority_set_direct(session, PRIORITY, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_session_ticket_enable_server(session, + &session_ticket_key); + + gnutls_anti_replay_enable(session, anti_replay); + + gnutls_transport_set_int(session, sd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (t == SESSIONS-1) { + /* duplicate data expected */ + if (ret < 0 && !(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_EARLY_DATA)) { + success("we detected the duplicate data!\n"); + close(sd); + gnutls_deinit(session); + goto cleanup; + } else { + fail("server: duplicate early data was not detected (%d)\n", t); + } + } + + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server[%d]: Handshake has failed (%s)\n\n", + t, gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + if (t > 0) { + if (!gnutls_session_is_resumed(session)) { + fail("server: session_is_resumed error (%d)\n", t); + } + + /* as we reuse the same ticket twice, expect + * early data only on the first resumption */ + if (t == 1) { + if (gnutls_rnd_works) { + if (!(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_EARLY_DATA)) { + fail("server: early data is not received (%d)\n", t); + } + } else { + success("server: gnutls_rnd() could not be overridden, skip checking replay (%d)\n", t); + } + + ret = gnutls_record_recv_early_data(session, buffer, sizeof(buffer)); + if (ret < 0) { + fail("server: failed to retrieve early data: %s\n", + gnutls_strerror(ret)); + } + + if (ret != sizeof(EARLY_MSG) || memcmp(buffer, EARLY_MSG, ret)) + fail("server: early data mismatch\n"); + } else { + if (gnutls_rnd_works) { + if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_EARLY_DATA) { + fail("server: early data is not rejected (%d)\n", t); + } + } else { + success("server: gnutls_rnd() could not be overridden, skip checking replay (%d)\n", t); + } + } + } + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + kill(child, SIGTERM); + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + + gnutls_deinit(session); + } + + cleanup: + gnutls_anti_replay_deinit(anti_replay); + + storage_clear(&storage); + + gnutls_free(session_ticket_key.data); + + gnutls_certificate_free_credentials(x509_cred); + + if (debug) + success("server: finished\n"); +} + +void doit(void) +{ + int client_sds[SESSIONS], server_sds[SESSIONS]; + int i, status = 0; + int ret; + + signal(SIGCHLD, SIG_IGN); + signal(SIGPIPE, SIG_IGN); + + for (i = 0; i < SESSIONS; i++) { + int sockets[2]; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + server_sds[i] = sockets[0]; + client_sds[i] = sockets[1]; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + for (i = 0; i < SESSIONS; i++) + close(client_sds[i]); + server(server_sds); + wait(&status); + check_wait_status(status); + } else { + for (i = 0; i < SESSIONS; i++) + close(server_sds[i]); + client(client_sds); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13-early-data-neg2.c b/tests/tls13-early-data-neg2.c new file mode 100644 index 0000000..37b6c3e --- /dev/null +++ b/tests/tls13-early-data-neg2.c @@ -0,0 +1,378 @@ +/* + * Copyright (C) 2012-2018 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main(void) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" +#include "virt-time.h" + +/* This program checks that early data is refused upon resumption failure. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + + +#define SESSIONS 2 +#define MAX_BUF 1024 +#define MSG "Hello TLS" +#define EARLY_MSG "Hello TLS, it's early" +#define PRIORITY "NORMAL:-VERS-ALL:+VERS-TLS1.3" + +static void client(int sds[]) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + int t; + gnutls_datum_t session_data = {NULL, 0}; + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + /* Generate the same ob_ticket_age value, which affects the + * binder calculation. + */ + virt_time_init(); + + gnutls_certificate_allocate_credentials(&x509_cred); + + for (t = 0; t < SESSIONS; t++) { + int sd = sds[t]; + + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + assert(gnutls_priority_set_direct(session, PRIORITY, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, sd); + + if (t > 0) { + assert(gnutls_session_set_data(session, session_data.data, session_data.size) >= 0); + assert(gnutls_record_send_early_data(session, EARLY_MSG, sizeof(EARLY_MSG)) >= 0); + } + + /* Perform the TLS handshake + */ + gnutls_handshake_set_timeout(session, get_timeout()); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed: %s\n", + gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (t == 0) { + /* get the session data size */ + ret = + gnutls_session_get_data2(session, + &session_data); + if (ret < 0) + fail("client: Getting resume data failed\n"); + } + + if (gnutls_session_is_resumed(session)) { + fail("client: Session unexpectedly resumed (%d)\n", t); + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + + gnutls_deinit(session); + } + + end: + gnutls_free(session_data.data); + gnutls_certificate_free_credentials(x509_cred); +} + + +static pid_t child; + +#define MAX_CLIENT_HELLO_RECORDED 10 + +struct storage_st { + gnutls_datum_t entries[MAX_CLIENT_HELLO_RECORDED]; + size_t num_entries; +}; + +static int +storage_add(void *ptr, time_t expires, const gnutls_datum_t *key, const gnutls_datum_t *value) +{ + struct storage_st *storage = ptr; + gnutls_datum_t *datum; + size_t i; + + for (i = 0; i < storage->num_entries; i++) { + if (key->size == storage->entries[i].size && + memcmp(storage->entries[i].data, key->data, key->size) == 0) { + return GNUTLS_E_DB_ENTRY_EXISTS; + } + } + + /* If the maximum number of ClientHello exceeded, reject early + * data until next time. + */ + if (storage->num_entries == MAX_CLIENT_HELLO_RECORDED) + return GNUTLS_E_DB_ERROR; + + datum = &storage->entries[storage->num_entries]; + datum->data = gnutls_malloc(key->size); + if (!datum->data) + return GNUTLS_E_MEMORY_ERROR; + memcpy(datum->data, key->data, key->size); + datum->size = key->size; + + storage->num_entries++; + + return 0; +} + +static void +storage_clear(struct storage_st *storage) +{ + size_t i; + + for (i = 0; i < storage->num_entries; i++) + gnutls_free(storage->entries[i].data); + storage->num_entries = 0; +} + +static void server(int sds[]) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_datum_t session_ticket_key = { NULL, 0 }; + struct storage_st storage; + gnutls_anti_replay_t anti_replay; + int t; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + memset(&storage, 0, sizeof(storage)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + ret = gnutls_anti_replay_init(&anti_replay); + if (ret < 0) + fail("server: failed to initialize anti-replay\n"); + gnutls_anti_replay_set_add_function(anti_replay, storage_add); + gnutls_anti_replay_set_ptr(anti_replay, &storage); + + for (t = 0; t < SESSIONS; t++) { + int sd = sds[t]; + + success("=== session %d ===\n", t); + + assert(gnutls_init(&session, GNUTLS_SERVER|GNUTLS_ENABLE_EARLY_DATA)>=0); + + assert(gnutls_priority_set_direct(session, PRIORITY, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + /* Intentionally overwrite the previous key to cause resumption + * failure. */ + gnutls_session_ticket_key_generate(&session_ticket_key); + + gnutls_session_ticket_enable_server(session, + &session_ticket_key); + + gnutls_anti_replay_enable(session, anti_replay); + + gnutls_transport_set_int(session, sd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + gnutls_deinit(session); + fail("server[%d]: Handshake has failed (%s)\n\n", + t, gnutls_strerror(ret)); + } + if (debug) + success("server: Handshake was completed\n"); + + if (gnutls_session_is_resumed(session)) { + fail("server: Session unexpectedly resumed (%d)\n", t); + } + + if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_EARLY_DATA) { + fail("server: Unexpected early data received (%d)\n", t); + } + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + kill(child, SIGTERM); + fail("server: Received corrupted data(%d). Closing...\n", ret); + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + + gnutls_deinit(session); + + gnutls_free(session_ticket_key.data); + } + + gnutls_anti_replay_deinit(anti_replay); + + storage_clear(&storage); + + gnutls_certificate_free_credentials(x509_cred); + + if (debug) + success("server: finished\n"); +} + +void doit(void) +{ + int client_sds[SESSIONS], server_sds[SESSIONS]; + int i, status = 0; + int ret; + + signal(SIGCHLD, SIG_IGN); + signal(SIGPIPE, SIG_IGN); + + for (i = 0; i < SESSIONS; i++) { + int sockets[2]; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + server_sds[i] = sockets[0]; + client_sds[i] = sockets[1]; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + for (i = 0; i < SESSIONS; i++) + close(client_sds[i]); + server(server_sds); + wait(&status); + check_wait_status(status); + } else { + for (i = 0; i < SESSIONS; i++) + close(server_sds[i]); + client(client_sds); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13-early-data.c b/tests/tls13-early-data.c new file mode 100644 index 0000000..381ecbd --- /dev/null +++ b/tests/tls13-early-data.c @@ -0,0 +1,856 @@ +/* + * Copyright (C) 2012-2018 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#if defined(_WIN32) + +int main(void) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" +#include "virt-time.h" +#define MIN(x,y) (((x)<(y))?(x):(y)) + +#define TRACE_CLIENT 1 +#define TRACE_SERVER 2 + +/* To reproduce the entries in {client,server}-secrets.h, set this to + * either TRACE_CLIENT or TRACE_SERVER. + */ +#define TRACE 0 + +/* This program tests the robustness of record sending with padding. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + + +/* A very basic TLS client. + */ + +#define MAX_BUF 1024 +#define MSG "Hello TLS" +#define EARLY_MSG "Hello TLS, it's early" + +extern unsigned int _gnutls_global_version; + +/* This test makes connection 3 times with different ciphersuites: + * first with TLS_AES_128_GCM_SHA256, then + * TLS_CHACHA20_POLY1305_SHA256 two times. The reason for doing this + * is to check that the early data is encrypted with the ciphersuite + * selected during the initial handshake, not the resuming handshakes. + */ +#define SESSIONS 3 +#define TLS13_AES_128_GCM "NONE:+VERS-TLS1.3:+AES-128-GCM:+AEAD:+SIGN-RSA-PSS-RSAE-SHA384:+GROUP-SECP256R1" +#define TLS13_CHACHA20_POLY1305 "NONE:+VERS-TLS1.3:+CHACHA20-POLY1305:+AEAD:+SIGN-RSA-PSS-RSAE-SHA384:+GROUP-SECP256R1" + +static const +gnutls_datum_t hrnd = {(void*)"\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}; +static const +gnutls_datum_t hsrnd = {(void*)"\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}; + +static int gnutls_rnd_works; + +int __attribute__ ((visibility ("protected"))) +gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) +{ + gnutls_rnd_works = 1; + + memset(data, 0xff, len); + + /* Flip the first byte to avoid infinite loop in the RSA + * blinding code of Nettle */ + if (len > 0) + memset(data, 0x0, 1); + return 0; +} + +#define MAX_SECRET_SIZE 64 +#define MAX_SECRET_COUNT 10 + +struct secret { + gnutls_record_encryption_level_t level; + size_t secret_size; + const uint8_t *secret_read; + const uint8_t *secret_write; + uint8_t secret_read_buf[MAX_SECRET_SIZE]; + uint8_t secret_write_buf[MAX_SECRET_SIZE]; +}; + +#include "client-secrets.h" +#include "server-secrets.h" + +struct secrets_expected { + const struct secret *secrets; + size_t count; +}; + +#define SIZEOF(array) (sizeof(array) / sizeof(array[0])) + +static const struct secrets_expected client_normal[SESSIONS] = { + { client_normal_0, SIZEOF(client_normal_0) }, + { client_normal_1, SIZEOF(client_normal_1) }, + { client_normal_2, SIZEOF(client_normal_2) }, +}; + +static const struct secrets_expected client_small[SESSIONS] = { + { client_small_0, SIZEOF(client_small_0) }, + { client_small_1, SIZEOF(client_small_1) }, + { client_small_2, SIZEOF(client_small_2) }, +}; + +static const struct secrets_expected client_empty[SESSIONS] = { + { client_empty_0, SIZEOF(client_empty_0) }, + { client_empty_1, SIZEOF(client_empty_1) }, + { client_empty_2, SIZEOF(client_empty_2) }, +}; + +static const struct secrets_expected client_explicit[SESSIONS] = { + { client_explicit_0, SIZEOF(client_explicit_0) }, + { client_explicit_1, SIZEOF(client_explicit_1) }, + { client_explicit_2, SIZEOF(client_explicit_2) }, +}; + +static const struct secrets_expected server_normal[SESSIONS] = { + { server_normal_0, SIZEOF(server_normal_0) }, + { server_normal_1, SIZEOF(server_normal_1) }, + { server_normal_2, SIZEOF(server_normal_2) }, +}; + +static const struct secrets_expected server_small[SESSIONS] = { + { server_small_0, SIZEOF(server_small_0) }, + { server_small_1, SIZEOF(server_small_1) }, + { server_small_2, SIZEOF(server_small_2) }, +}; + +static const struct secrets_expected server_empty[SESSIONS] = { + { server_empty_0, SIZEOF(server_empty_0) }, + { server_empty_1, SIZEOF(server_empty_1) }, + { server_empty_2, SIZEOF(server_empty_2) }, +}; + +static const struct secrets_expected server_explicit[SESSIONS] = { + { server_explicit_0, SIZEOF(server_explicit_0) }, + { server_explicit_1, SIZEOF(server_explicit_1) }, + { server_explicit_2, SIZEOF(server_explicit_2) }, +}; + +struct fixture { + const char *name; + unsigned int cflags; + unsigned int sflags; + gnutls_datum_t early_data; + size_t max_early_data_size; + bool expect_early_data; + const struct secrets_expected *client_secrets; + const struct secrets_expected *server_secrets; +}; + +static const struct fixture fixtures[] = { + { + .name = "normal", + .cflags = 0, + .sflags = 0, + .early_data = { (uint8_t *)EARLY_MSG, sizeof(EARLY_MSG) }, + .max_early_data_size = MAX_BUF, + .expect_early_data = true, + .client_secrets = client_normal, + .server_secrets = server_normal, + }, + { + .name = "small", + .cflags = 0, + .sflags = 0, + .early_data = { (uint8_t *)EARLY_MSG, sizeof(EARLY_MSG) }, + .max_early_data_size = 10, + .expect_early_data = true, + .client_secrets = client_small, + .server_secrets = server_small, + }, + { + .name = "empty", + .cflags = 0, + .sflags = 0, + .early_data = { NULL, 0 }, + .max_early_data_size = MAX_BUF, + .expect_early_data = false, + .client_secrets = client_empty, + .server_secrets = server_empty, + }, + { + .name = "explicit", + .cflags = GNUTLS_ENABLE_EARLY_DATA, + .sflags = 0, + .early_data = { NULL, 0 }, + .max_early_data_size = MAX_BUF, + .expect_early_data = false, + .client_secrets = client_explicit, + .server_secrets = server_explicit, + }, +}; + +#if TRACE +static void +print_secret(FILE *out, struct secret *secret) +{ + const char *level; + + switch (secret->level) { + case GNUTLS_ENCRYPTION_LEVEL_INITIAL: + level = "GNUTLS_ENCRYPTION_LEVEL_INITIAL"; + break; + case GNUTLS_ENCRYPTION_LEVEL_EARLY: + level = "GNUTLS_ENCRYPTION_LEVEL_EARLY"; + break; + case GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE: + level = "GNUTLS_ENCRYPTION_LEVEL_HANDSHAKE"; + break; + case GNUTLS_ENCRYPTION_LEVEL_APPLICATION: + level = "GNUTLS_ENCRYPTION_LEVEL_APPLICATION"; + break; + } + + fprintf(out, "\t\t%s,\n\t\t%zu,\n", level, secret->secret_size); + if (secret->secret_read) { + size_t i; + + fputs("\t\t(const uint8_t *)\"", out); + for (i = 0; i < secret->secret_size; i++) { + fprintf(out, "\\x%.2x", secret->secret_read[i]); + } + fputs("\",\n", out); + } else { + fputs("\t\tNULL,\n", out); + } + if (secret->secret_write) { + size_t i; + + fputs("\t\t(const uint8_t *)\"", out); + for (i = 0; i < secret->secret_size; i++) { + fprintf(out, "\\x%.2x", secret->secret_write[i]); + } + fputs("\",\n", out); + } else { + fputs("\t\tNULL,\n", out); + } +} + +static void +print_secrets(FILE *out, const char *side, const char *name, int t, + struct secret *secrets, size_t count) +{ + size_t i; + + fprintf(out, "static const struct secret %s_%s_%d[] = {\n", + side, name, t); + for (i = 0; i < count; i++) { + fputs("\t{\n", out); + print_secret(out, &secrets[i]); + fputs("\t},\n", out); + } + fputs("};\n\n", out); +} +#endif + +static void +check_secrets(const struct secret *secrets, size_t count, + const struct secrets_expected *expected) +{ + size_t i; + + if (count != expected->count) { + fail("unexpected number of secrets: %zu != %zu\n", + count, expected->count); + } + + for (i = 0; i < count; i++) { + if (secrets[i].level != expected->secrets[i].level) { + fail("unexpected secret level: %d != %d\n", + secrets[i].level, expected->secrets[i].level); + } + if (secrets[i].secret_size != expected->secrets[i].secret_size) { + fail("unexpected secret size: %zu != %zu\n", + secrets[i].secret_size, expected->secrets[i].secret_size); + } + if ((secrets[i].secret_read == NULL) != + (expected->secrets[i].secret_read == NULL)) { + fail("unexpected secret for read: %p != %p\n", + secrets[i].secret_read, expected->secrets[i].secret_read); + } + if (expected->secrets[i].secret_read && + memcmp(secrets[i].secret_read, + expected->secrets[i].secret_read, + secrets[i].secret_size) != 0) { + fail("unexpected secret for read\n"); + } + if ((secrets[i].secret_write == NULL) != + (expected->secrets[i].secret_write == NULL)) { + fail("unexpected secret for write: %p != %p\n", + secrets[i].secret_write, expected->secrets[i].secret_write); + } + if (expected->secrets[i].secret_write && + memcmp(secrets[i].secret_write, + expected->secrets[i].secret_write, + secrets[i].secret_size) != 0) { + fail("unexpected secret for write\n"); + } + } +} + +struct callback_data { + int t; + size_t secret_callback_called; + struct secret secrets[MAX_SECRET_COUNT]; +}; + +static int +secret_callback(gnutls_session_t session, + gnutls_record_encryption_level_t level, + const void *secret_read, + const void *secret_write, + size_t secret_size) +{ + struct callback_data *data = gnutls_session_get_ptr(session); + struct secret *secret = &data->secrets[data->secret_callback_called]; + + if (data->t == 0) { + if (level == GNUTLS_ENCRYPTION_LEVEL_EARLY) { + fail("early secret is set on initial connection\n"); + } + } else { + if (level == GNUTLS_ENCRYPTION_LEVEL_EARLY) { + gnutls_cipher_algorithm_t cipher_algo; + gnutls_digest_algorithm_t digest_algo; + + cipher_algo = gnutls_early_cipher_get(session); + if (cipher_algo != GNUTLS_CIPHER_AES_128_GCM) { + fail("unexpected cipher used for early data: %s != %s\n", + gnutls_cipher_get_name(cipher_algo), + gnutls_cipher_get_name(GNUTLS_CIPHER_AES_128_GCM)); + } + + digest_algo = gnutls_early_prf_hash_get(session); + if (digest_algo != GNUTLS_DIG_SHA256) { + fail("unexpected PRF hash used for early data: %s != %s\n", + gnutls_digest_get_name(digest_algo), + gnutls_digest_get_name(GNUTLS_DIG_SHA256)); + } + } + } + + if (secret_size > MAX_SECRET_SIZE) { + fail("secret is too long\n"); + } + + secret->secret_size = secret_size; + secret->level = level; + if (secret_read) { + memcpy(secret->secret_read_buf, secret_read, secret_size); + secret->secret_read = secret->secret_read_buf; + } + if (secret_write) { + memcpy(secret->secret_write_buf, secret_write, secret_size); + secret->secret_write = secret->secret_write_buf; + } + + data->secret_callback_called++; + if (data->secret_callback_called > MAX_SECRET_COUNT) { + fail("secret func called too many times"); + } + + return 0; +} + +static void +client(int sds[], const struct fixture *fixture) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + int t; + gnutls_datum_t session_data = {NULL, 0}; + + global_init(); + + /* date --date='TZ="UTC" 2021-04-29' +%s */ + virt_time_init_at(1619654400); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + for (t = 0; t < SESSIONS; t++) { + int sd = sds[t]; + struct callback_data callback_data; + + assert(gnutls_init(&session, GNUTLS_CLIENT|fixture->cflags)>=0); + assert(gnutls_priority_set_direct(session, t == 0 ? TLS13_AES_128_GCM : TLS13_CHACHA20_POLY1305, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, sd); + assert(gnutls_handshake_set_random(session, &hrnd) >= 0); + + memset(&callback_data, 0, sizeof(callback_data)); + callback_data.t = t; + gnutls_session_set_ptr(session, &callback_data); + gnutls_handshake_set_secret_function(session, secret_callback); + + if (t > 0) { + assert(gnutls_session_set_data(session, session_data.data, session_data.size) >= 0); + /* The server should have advertised the same maximum. */ + if (gnutls_record_get_max_early_data_size(session) != + fixture->max_early_data_size) + fail("client: max_early_data_size mismatch %d != %d\n", + (int) gnutls_record_get_max_early_data_size(session), + (int) fixture->max_early_data_size); + assert(gnutls_record_send_early_data(session, + fixture->early_data.data, + MIN(fixture->early_data.size, + fixture->max_early_data_size)) >= 0); + } + + /* Perform the TLS handshake + */ + gnutls_handshake_set_timeout(session, get_timeout()); + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed: %s\n", + gnutls_strerror(ret)); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (!gnutls_rnd_works) { + success("client: gnutls_rnd() could not be overridden\n"); + } else { +#if TRACE == TRACE_CLIENT + print_secrets(stderr, "client", fixture->name, t, + callback_data.secrets, + callback_data.secret_callback_called); +#endif + check_secrets(callback_data.secrets, + callback_data.secret_callback_called, + &fixture->client_secrets[t]); + } + + ret = gnutls_cipher_get(session); + if ((t == 0 && ret != GNUTLS_CIPHER_AES_128_GCM) || + (t > 0 && ret != GNUTLS_CIPHER_CHACHA20_POLY1305)) { + fail("negotiated unexpected cipher: %s\n", + gnutls_cipher_get_name(ret)); + } + + if (t == 0) { + /* get the session data size */ + ret = + gnutls_session_get_data2(session, + &session_data); + if (ret < 0) + fail("client: Getting resume data failed\n"); + } + + if (t > 0) { + if (!gnutls_session_is_resumed(session)) { + fail("client: session_is_resumed error (%d)\n", t); + } + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + + gnutls_deinit(session); + } + + end: + gnutls_free(session_data.data); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +static pid_t child; + +#define MAX_CLIENT_HELLO_RECORDED 10 + +struct storage_st { + gnutls_datum_t entries[MAX_CLIENT_HELLO_RECORDED]; + size_t num_entries; +}; + +static int +storage_add(void *ptr, time_t expires, const gnutls_datum_t *key, const gnutls_datum_t *value) +{ + struct storage_st *storage = ptr; + gnutls_datum_t *datum; + size_t i; + + for (i = 0; i < storage->num_entries; i++) { + if (key->size == storage->entries[i].size && + memcmp(storage->entries[i].data, key->data, key->size) == 0) { + return GNUTLS_E_DB_ENTRY_EXISTS; + } + } + + /* If the maximum number of ClientHello exceeded, reject early + * data until next time. + */ + if (storage->num_entries == MAX_CLIENT_HELLO_RECORDED) + return GNUTLS_E_DB_ERROR; + + datum = &storage->entries[storage->num_entries]; + datum->data = gnutls_malloc(key->size); + if (!datum->data) + return GNUTLS_E_MEMORY_ERROR; + memcpy(datum->data, key->data, key->size); + datum->size = key->size; + + storage->num_entries++; + + return 0; +} + +static void +storage_clear(struct storage_st *storage) +{ + size_t i; + + for (i = 0; i < storage->num_entries; i++) + gnutls_free(storage->entries[i].data); + storage->num_entries = 0; +} + +static void +server(int sds[], const struct fixture *fixture) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_datum_t session_ticket_key = { NULL, 0 }; + struct storage_st storage; + gnutls_anti_replay_t anti_replay; + int t; + + /* this must be called once in the program + */ + global_init(); + + /* date --date='TZ="UTC" 2021-04-29' +%s */ + virt_time_init_at(1619654400); + + memset(buffer, 0, sizeof(buffer)); + memset(&storage, 0, sizeof(storage)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_session_ticket_key_generate(&session_ticket_key); + + ret = gnutls_anti_replay_init(&anti_replay); + if (ret < 0) + fail("server: failed to initialize anti-replay\n"); + + gnutls_anti_replay_set_add_function(anti_replay, storage_add); + gnutls_anti_replay_set_ptr(anti_replay, &storage); + + for (t = 0; t < SESSIONS; t++) { + int sd = sds[t]; + struct callback_data callback_data; + + assert(gnutls_init(&session, GNUTLS_SERVER|GNUTLS_ENABLE_EARLY_DATA)>=0); + + assert(gnutls_priority_set_direct(session, t == 0 ? TLS13_AES_128_GCM : TLS13_CHACHA20_POLY1305, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_session_ticket_enable_server(session, + &session_ticket_key); + + gnutls_anti_replay_enable(session, anti_replay); + + /* on the replay connection, early data is skipped + * until max_early_data_size without decryption + */ + if (t < 2) + (void) gnutls_record_set_max_early_data_size(session, fixture->max_early_data_size); + + assert(gnutls_handshake_set_random(session, &hsrnd) >= 0); + gnutls_transport_set_int(session, sd); + + memset(&callback_data, 0, sizeof(callback_data)); + callback_data.t = t; + gnutls_session_set_ptr(session, &callback_data); + gnutls_handshake_set_secret_function(session, secret_callback); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + } + if (debug) + success("server: Handshake was completed\n"); + + if (t > 0) { + if (!gnutls_session_is_resumed(session)) { + fail("server: session_is_resumed error (%d)\n", t); + } + } + + if (!gnutls_rnd_works) { + success("server: gnutls_rnd() could not be overridden\n"); + goto skip_early_data; + } + + ret = gnutls_cipher_get(session); + if ((t == 0 && ret != GNUTLS_CIPHER_AES_128_GCM) || + (t > 0 && ret != GNUTLS_CIPHER_CHACHA20_POLY1305)) { + fail("negotiated unexpected cipher: %s\n", + gnutls_cipher_get_name(ret)); + } + +#if TRACE == TRACE_SERVER + print_secrets(stderr, "server", fixture->name, t, + callback_data.secrets, + callback_data.secret_callback_called); +#endif + check_secrets(callback_data.secrets, + callback_data.secret_callback_called, + &fixture->server_secrets[t]); + + /* as we reuse the same ticket twice, expect + * early data only on the first resumption */ + if (t == 1) { + if (fixture->expect_early_data && + !(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_EARLY_DATA)) { + fail("server: early data is not received (%d)\n", + t); + } + + ret = gnutls_record_recv_early_data(session, buffer, sizeof(buffer)); + if (ret < 0) { + if (fixture->early_data.size == 0 || + fixture->max_early_data_size == 0) { + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fail("server: unexpected error code when retrieving empty early data: %s\n", + gnutls_strerror(ret)); + } + } else { + fail("server: failed to retrieve early data: %s\n", + gnutls_strerror(ret)); + } + } else { + if (fixture->early_data.size == 0 || + fixture->max_early_data_size == 0) { + fail("server: unexpected early data received: %d\n", + ret); + } else if ((size_t) ret != MIN(fixture->early_data.size, + fixture->max_early_data_size) || + memcmp(buffer, fixture->early_data.data, ret)) { + fail("server: early data mismatch\n"); + } + } + } else if (t == 2) { + if (fixture->expect_early_data && + gnutls_session_get_flags(session) & GNUTLS_SFLAGS_EARLY_DATA) { + fail("server: early data is not rejected (%d)\n", t); + } + } + + skip_early_data: + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + kill(child, SIGTERM); + fail("server: Error: %s\n", gnutls_strerror(ret)); + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + + gnutls_deinit(session); + } + + gnutls_anti_replay_deinit(anti_replay); + + storage_clear(&storage); + + gnutls_free(session_ticket_key.data); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void +start(const struct fixture *fixture) +{ + int client_sds[SESSIONS], server_sds[SESSIONS]; + int i; + int ret; + + _gnutls_global_version = 0x030607; + signal(SIGCHLD, SIG_IGN); + signal(SIGPIPE, SIG_IGN); + + for (i = 0; i < SESSIONS; i++) { + int sockets[2]; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + server_sds[i] = sockets[0]; + client_sds[i] = sockets[1]; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + } + + if (child) { + /* parent */ + for (i = 0; i < SESSIONS; i++) + close(client_sds[i]); + server(server_sds, fixture); + kill(child, SIGTERM); + } else { + for (i = 0; i < SESSIONS; i++) + close(server_sds[i]); + client(client_sds, fixture); + exit(0); + } +} + +void doit(void) +{ + size_t i; + + /* TLS_CHACHA20_POLY1305_SHA256 is needed for this test */ + if (gnutls_fips140_mode_enabled()) { + exit(77); + } + + for (i = 0; i < SIZEOF(fixtures); i++) { + start(&fixtures[i]); + } + + if (!gnutls_rnd_works) { + exit(77); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13-early-start.c b/tests/tls13-early-start.c new file mode 100644 index 0000000..3c79dba --- /dev/null +++ b/tests/tls13-early-start.c @@ -0,0 +1,346 @@ +/* + * Copyright (C) 2015-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests support for early start in TLS1.3 handshake */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include + +#define USE_CERT 1 +#define ASK_CERT 2 + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define try_ok(name, client_prio) \ + try_with_key(name, client_prio, \ + &server_ca3_localhost_cert, &server_ca3_key, NULL, NULL, 0) + +#define MSG "hello there ppl" + +static +void try_with_key_fail(const char *name, const char *client_prio, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + const gnutls_datum_t *cli_cert, + const gnutls_datum_t *cli_key, + unsigned init_flags) +{ + int ret; + char buffer[256]; + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN, version; + const char *err; + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + reset_buffers(); + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + + ret = gnutls_certificate_set_x509_key_mem(serverx509cred, + serv_cert, serv_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + + assert(gnutls_init(&server, GNUTLS_SERVER|init_flags)>=0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + assert(gnutls_priority_set_direct(server, client_prio, NULL) >= 0); + + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + if (cli_cert) { + gnutls_certificate_set_x509_key_mem(clientx509cred, + cli_cert, cli_key, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE); + } + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Error in %s\n", err); + exit(1); + } + + success("negotiating %s\n", name); + HANDSHAKE(client, server); + + assert(!(gnutls_session_get_flags(server) & GNUTLS_SFLAGS_EARLY_START)); + assert(!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_EARLY_START)); + + version = gnutls_protocol_get_version(client); + assert(version == GNUTLS_TLS1_3); + + memset(buffer, 0, sizeof(buffer)); + assert(gnutls_record_send(server, MSG, strlen(MSG))>=0); + + ret = gnutls_record_recv(client, buffer, sizeof(buffer)); + if (ret == 0) { + fail("client: Peer has closed the TLS connection\n"); + exit(1); + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) { + fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret); + exit(1); + } + + memset(buffer, 0, sizeof(buffer)); + assert(gnutls_record_send(client, MSG, strlen(MSG))>=0); + + ret = gnutls_record_recv(server, buffer, sizeof(buffer)); + if (ret == 0) { + fail("server: Peer has closed the TLS connection\n"); + } else if (ret < 0) { + fail("server: Error: %s\n", gnutls_strerror(ret)); + } + + if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) { + fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret); + exit(1); + } + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); +} + +static +void try_with_key_ks(const char *name, const char *client_prio, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + const gnutls_datum_t *client_cert, + const gnutls_datum_t *client_key, + unsigned cert_flags, + unsigned init_flags) +{ + int ret; + char buffer[256]; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN, version; + const char *err; + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + reset_buffers(); + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + + ret = gnutls_certificate_set_x509_key_mem(serverx509cred, + serv_cert, serv_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("Could not set key/cert: %s\n", gnutls_strerror(ret)); + } + + assert(gnutls_init(&server, GNUTLS_SERVER|init_flags)>=0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + + assert(gnutls_priority_set_direct(server, + "NORMAL:-VERS-ALL:+VERS-TLS1.3", + NULL)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + if (cert_flags == USE_CERT) { + gnutls_certificate_set_x509_key_mem(clientx509cred, + client_cert, client_key, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE); + } else if (cert_flags == ASK_CERT) { + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + } + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) + fprintf(stderr, "Error in %s\n", err); + exit(1); + } + success("negotiating %s\n", name); + HANDSHAKE(client, server); + + assert(gnutls_session_get_flags(server) & GNUTLS_SFLAGS_EARLY_START); + assert(!(gnutls_session_get_flags(client) & GNUTLS_SFLAGS_EARLY_START)); + + version = gnutls_protocol_get_version(client); + assert(version == GNUTLS_TLS1_3); + + memset(buffer, 0, sizeof(buffer)); + assert(gnutls_record_send(server, MSG, strlen(MSG))>=0); + + ret = gnutls_record_recv(client, buffer, sizeof(buffer)); + if (ret == 0) { + fail("client: Peer has closed the TLS connection\n"); + exit(1); + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) { + fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret); + exit(1); + } + + memset(buffer, 0, sizeof(buffer)); + assert(gnutls_record_send(client, MSG, strlen(MSG))>=0); + + ret = gnutls_record_recv(server, buffer, sizeof(buffer)); + if (ret == 0) { + fail("server: Peer has closed the TLS connection\n"); + } else if (ret < 0) { + fail("server: Error: %s\n", gnutls_strerror(ret)); + } + + if (ret != strlen(MSG) || memcmp(MSG, buffer, ret) != 0) { + fail("client: Error in data received. Expected %d, got %d\n", (int)strlen(MSG), ret); + exit(1); + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); +} + +static +void try_with_key(const char *name, const char *client_prio, + const gnutls_datum_t *serv_cert, + const gnutls_datum_t *serv_key, + const gnutls_datum_t *cli_cert, + const gnutls_datum_t *cli_key, + unsigned cert_flags) +{ + return try_with_key_ks(name, client_prio, + serv_cert, serv_key, cli_cert, cli_key, cert_flags, GNUTLS_ENABLE_EARLY_START); +} + +#include "cert-common.h" + +void doit(void) +{ + /* TLS 1.3 no client cert: early start expected */ + try_ok("TLS 1.3 with ffdhe2048 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048"); + try_ok("TLS 1.3 with secp256r1 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1"); + try_ok("TLS 1.3 with x25519 rsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519"); + + try_with_key_ks("TLS 1.3 with secp256r1 ecdsa no-cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1", + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0, GNUTLS_ENABLE_EARLY_START); + + /* client authentication: no early start possible */ + try_with_key_fail("TLS 1.3 with rsa-pss cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_rsa_pss_cert, &cli_ca3_rsa_pss_key, GNUTLS_ENABLE_EARLY_START); + try_with_key_fail("TLS 1.3 with rsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &cli_ca3_cert, &cli_ca3_key, GNUTLS_ENABLE_EARLY_START); + try_with_key_fail("TLS 1.3 with ecdsa cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, GNUTLS_ENABLE_EARLY_START); + + /* TLS 1.3 no client cert: no early start flag specified */ + try_with_key_fail("TLS 1.3 with rsa-pss cli-cert", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-RSA", + &server_ca3_localhost_ecc_cert, &server_ca3_ecc_key, NULL, NULL, 0); +} diff --git a/tests/tls13-rehandshake-cert.c b/tests/tls13-rehandshake-cert.c new file mode 100644 index 0000000..9a2c889 --- /dev/null +++ b/tests/tls13-rehandshake-cert.c @@ -0,0 +1,202 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This program tests server initiated rehandshake under TLS 1.3. + * Although rehandshake doesn't happen under TLS1.3 this tests + * whether the old APIs would still work. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static +void server_initiated_handshake(void) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + unsigned char buffer[64]; + int cret = GNUTLS_E_AGAIN; + size_t transferred = 0; + + success("testing server initiated re-handshake\n"); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, "NORMAL:+VERS-TLS1.3", NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_protocol_get_version(client) != GNUTLS_TLS1_3) + fail("TLS1.3 was not negotiated\n"); + + sret = gnutls_rehandshake(server); + if (debug) { + tls_log_func(0, "gnutls_rehandshake (server)...\n"); + tls_log_func(0, gnutls_strerror(sret)); + tls_log_func(0, "\n"); + } + + { + ssize_t n; + char b[1]; + n = gnutls_record_recv(client, b, 1); + /* in TLS1.2 we get REHANDSHAKE error, here nothing */ + if (n != GNUTLS_E_AGAIN) { + fail("error msg: %s\n", gnutls_strerror(n)); + } + } + + TRANSFER(client, server, "xxxx", 4, buffer, sizeof(buffer)); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); +} + +static +void client_initiated_handshake(void) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + unsigned char buffer[64]; + int cret = GNUTLS_E_AGAIN; + size_t transferred = 0; + + success("testing client initiated re-handshake\n"); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + gnutls_priority_set_direct(server, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&clientx509cred); + gnutls_init(&client, GNUTLS_CLIENT); + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + gnutls_priority_set_direct(client, "NORMAL:+VERS-TLS1.3", NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_protocol_get_version(client) != GNUTLS_TLS1_3) + fail("TLS1.3 was not negotiated\n"); + + HANDSHAKE(client, server); + + TRANSFER(client, server, "xxxx", 4, buffer, sizeof(buffer)); + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); +} + +void doit(void) +{ + server_initiated_handshake(); + client_initiated_handshake(); +} diff --git a/tests/tls13-server-kx-neg.c b/tests/tls13-server-kx-neg.c new file mode 100644 index 0000000..a4cca3f --- /dev/null +++ b/tests/tls13-server-kx-neg.c @@ -0,0 +1,309 @@ +/* + * Copyright (C) 2017-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +/* This program tests the negotiation for various key exchange + * methods and options which are considered legacy in TLS1.3. */ + +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" +#include "eagain-common.h" + +#include "server-kx-neg-common.c" + +#define PVERSION "-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" + +test_case_st tests[] = { + { + .name = "TLS 1.3 DHE-PSK without cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:"PVERSION, + .exp_version = GNUTLS_TLS1_3, + }, + { + .name = "TLS 1.3 DHE-PSK with cred but no DH params", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:"PVERSION, + .exp_version = GNUTLS_TLS1_3, + }, + { + .name = "TLS 1.3 DHE-PSK with cred and DH params (level)", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .have_psk_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:"PVERSION, + .exp_version = GNUTLS_TLS1_3, + }, + { + .name = "TLS 1.3 DHE-PSK with cred and DH params (explicit)", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .have_psk_exp_dh_params = 1, + .server_prio = "NORMAL:-KX-ALL:+DHE-PSK:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+DHE-PSK:"PVERSION, + .exp_version = GNUTLS_TLS1_3, + }, + { + .name = "TLS 1.3 ECDHE-PSK with cred but no common curve", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_COMMON_KEY_SHARE, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-CURVE-ALL:+CURVE-SECP256R1:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:-CURVE-ALL:+CURVE-SECP384R1:"PVERSION, + .exp_version = GNUTLS_TLS1_3, + }, + { + .name = "TLS 1.3 ECDHE-PSK with cred and common curve", + .client_ret = 0, + .server_ret = 0, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+ECDHE-PSK:"PVERSION, + .exp_version = GNUTLS_TLS1_3, + }, + { + .name = "TLS 1.3 RSA-PSK without cert cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .have_psk_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 RSA-PSK without psk cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_psk_cred = 0, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 RSA-PSK with cred but invalid cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_psk_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 RSA-PSK with cred", + .server_ret = 0, + .client_ret = 0, + .have_psk_cred = 1, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 RSA-PSK with cred and multiple certs", + .server_ret = 0, + .client_ret = 0, + .have_psk_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+RSA-PSK:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+RSA-PSK:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 SRP-RSA without cert cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .have_srp_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 SRP-RSA without srp cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_srp_cred = 0, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 SRP-RSA with cred but invalid cert", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .have_srp_cred = 1, + .have_cert_cred = 1, + .have_rsa_decrypt_cert = 1, + .have_ecc_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 SRP-RSA with cred", + .server_ret = 0, + .client_ret = 0, + .have_srp_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 SRP-RSA with cred and multiple certs", + .server_ret = 0, + .client_ret = 0, + .have_srp_cred = 1, + .have_cert_cred = 1, + .have_rsa_sign_cert = 1, + .have_ecc_sign_cert = 1, + .have_rsa_decrypt_cert = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP-RSA:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+SRP-RSA:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 SRP without srp cred", + .client_ret = GNUTLS_E_AGAIN, + .server_ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS, + .have_srp_cred = 0, + .have_cert_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+SRP:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 SRP with cred", + .server_ret = 0, + .client_ret = 0, + .have_srp_cred = 1, + .server_prio = "NORMAL:-KX-ALL:+SRP:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+SRP:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, +#ifdef ENABLE_GOST + { + .name = "TLS 1.3 server, TLS 1.2 client VKO-GOST-12 with cred and GOST-256 cert", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_gost12_256_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2", + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 server, TLS 1.2 client VKO-GOST-12 with cred and GOST-512 cert", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_gost12_512_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2", + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.2 server TLS 1.3 client VKO-GOST-12 with cred and GOST-256 cert", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_gost12_256_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.2 server TLS 1.3 client with cred and GOST-512 cert", + .server_ret = 0, + .client_ret = 0, + .have_cert_cred = 1, + .have_gost12_512_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:" "-VERS-ALL:+VERS-TLS1.2", + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + /* Ideally for the next two test cases we should fallback to TLS 1.2 + GOST + * but this is unsuppored for now */ + { + .name = "TLS 1.3 server and client VKO-GOST-12 with cred and GOST-256 cert", + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .client_ret = GNUTLS_E_AGAIN, + .have_cert_cred = 1, + .have_gost12_256_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, + { + .name = "TLS 1.3 server and client VKO-GOST-12 with cred and GOST-512 cert", + .server_ret = GNUTLS_E_NO_CIPHER_SUITES, + .client_ret = GNUTLS_E_AGAIN, + .have_cert_cred = 1, + .have_gost12_512_cert = 1, + .not_on_fips = 1, + .server_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, + .client_prio = "NORMAL:-KX-ALL:+VKO-GOST-12:+GROUP-GOST-ALL:+CIPHER-GOST-ALL:+MAC-GOST-ALL:+SIGN-GOST-ALL:"PVERSION, + .exp_version = GNUTLS_TLS1_2, + }, +#endif +}; + +void doit(void) +{ + unsigned i; + global_init(); + + for (i=0;i + * + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This tests TLS1.3 and gnutls_session_get_data2() when no + * callback with gnutls_transport_set_pull_timeout_function() + * is set */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static time_t mytime(time_t * t) +{ + time_t then = 1461671166; + + if (t) + *t = then; + + return then; +} + +static ssize_t +server_pull_fail(gnutls_transport_ptr_t tr, void *data, size_t len) +{ + fail("unexpected call to pull callback detected\n"); + return -1; +} + +void doit(void) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + gnutls_datum_t data; + char buf[128]; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_global_set_time_function(mytime); + + assert(gnutls_certificate_allocate_credentials(&serverx509cred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + assert(gnutls_set_default_priority(server)>=0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + assert(gnutls_certificate_allocate_credentials(&clientx509cred)>=0); + + assert(gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM)>=0); + + assert(gnutls_init(&client, GNUTLS_CLIENT)>=0); + + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred)>=0); + + assert(gnutls_priority_set_direct(client, "NORMAL:-VERS-ALL:+VERS-TLS1.3", NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + ret = gnutls_record_recv(client, buf, sizeof(buf)); + if (ret < 0 && ret != GNUTLS_E_AGAIN) { + fail("unexpected error: %s\n", gnutls_strerror(ret)); + } + + gnutls_transport_set_pull_function(server, server_pull_fail); + + ret = gnutls_session_get_data2(client, &data); + if (ret != 0) { + fail("unexpected error: %s\n", gnutls_strerror(ret)); + } + gnutls_free(data.data); + gnutls_transport_set_pull_function(server, server_pull); + + ret = gnutls_record_recv(client, buf, sizeof(buf)); + if (ret < 0 && ret != GNUTLS_E_AGAIN) { + fail("unexpected error: %s\n", gnutls_strerror(ret)); + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} diff --git a/tests/tls13/anti_replay.c b/tests/tls13/anti_replay.c new file mode 100644 index 0000000..506c115 --- /dev/null +++ b/tests/tls13/anti_replay.c @@ -0,0 +1,138 @@ +/* + * Copyright (C) 2015-2018 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include "virt-time.h" +#include "../../lib/tls13/anti_replay.h" +#include "../../lib/system.h" + +/* utils.h must be loaded after gnutls_int.h, as it redefines some + * macros from gnulib */ +#include "utils.h" + +#define MAX_CLIENT_HELLO_RECORDED 10 + +struct storage_st { + gnutls_datum_t entries[MAX_CLIENT_HELLO_RECORDED]; + size_t num_entries; +}; + +static int +storage_add(void *ptr, time_t expires, const gnutls_datum_t *key, const gnutls_datum_t *value) +{ + struct storage_st *storage = ptr; + gnutls_datum_t *datum; + size_t i; + + for (i = 0; i < storage->num_entries; i++) { + if (key->size == storage->entries[i].size && + memcmp(storage->entries[i].data, key->data, key->size) == 0) { + return GNUTLS_E_DB_ENTRY_EXISTS; + } + } + + /* If the maximum number of ClientHello exceeded, reject early + * data until next time. + */ + if (storage->num_entries == MAX_CLIENT_HELLO_RECORDED) + return GNUTLS_E_DB_ERROR; + + datum = &storage->entries[storage->num_entries]; + datum->data = gnutls_malloc(key->size); + if (!datum->data) + return GNUTLS_E_MEMORY_ERROR; + memcpy(datum->data, key->data, key->size); + datum->size = key->size; + + storage->num_entries++; + + return 0; +} + +static void +storage_clear(struct storage_st *storage) +{ + size_t i; + + for (i = 0; i < storage->num_entries; i++) + gnutls_free(storage->entries[i].data); + storage->num_entries = 0; +} + +void doit(void) +{ + gnutls_anti_replay_t anti_replay; + gnutls_datum_t key = { (unsigned char *) "\xFF\xFF\xFF\xFF", 4 }; + struct timespec creation_time; + struct storage_st storage; + int ret; + + virt_time_init(); + memset(&storage, 0, sizeof(storage)); + + /* server_ticket_age < client_ticket_age */ + ret = gnutls_anti_replay_init(&anti_replay); + assert(ret == 0); + gnutls_anti_replay_set_window(anti_replay, 10000); + gnutls_anti_replay_set_add_function(anti_replay, storage_add); + gnutls_anti_replay_set_ptr(anti_replay, &storage); + mygettime(&creation_time); + ret = _gnutls_anti_replay_check(anti_replay, 10000, &creation_time, &key); + if (ret != GNUTLS_E_ILLEGAL_PARAMETER) + fail("error is not returned, while server_ticket_age < client_ticket_age\n"); + gnutls_anti_replay_deinit(anti_replay); + storage_clear(&storage); + + /* server_ticket_age - client_ticket_age > window */ + ret = gnutls_anti_replay_init(&anti_replay); + assert(ret == 0); + gnutls_anti_replay_set_add_function(anti_replay, storage_add); + gnutls_anti_replay_set_ptr(anti_replay, &storage); + gnutls_anti_replay_set_window(anti_replay, 10000); + mygettime(&creation_time); + virt_sec_sleep(30); + ret = _gnutls_anti_replay_check(anti_replay, 10000, &creation_time, &key); + if (ret != GNUTLS_E_EARLY_DATA_REJECTED) + fail("early data is NOT rejected, while freshness check fails\n"); + gnutls_anti_replay_deinit(anti_replay); + storage_clear(&storage); + + /* server_ticket_age - client_ticket_age < window */ + ret = gnutls_anti_replay_init(&anti_replay); + assert(ret == 0); + gnutls_anti_replay_set_add_function(anti_replay, storage_add); + gnutls_anti_replay_set_ptr(anti_replay, &storage); + gnutls_anti_replay_set_window(anti_replay, 10000); + mygettime(&creation_time); + virt_sec_sleep(15); + ret = _gnutls_anti_replay_check(anti_replay, 10000, &creation_time, &key); + if (ret != 0) + fail("early data is rejected, while freshness check succeeds\n"); + ret = _gnutls_anti_replay_check(anti_replay, 10000, &creation_time, &key); + if (ret != GNUTLS_E_EARLY_DATA_REJECTED) + fail("early data is NOT rejected for a duplicate key\n"); + gnutls_anti_replay_deinit(anti_replay); + storage_clear(&storage); +} diff --git a/tests/tls13/change_cipher_spec.c b/tests/tls13/change_cipher_spec.c new file mode 100644 index 0000000..81baa76 --- /dev/null +++ b/tests/tls13/change_cipher_spec.c @@ -0,0 +1,360 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* This program tests whether the ChangeCipherSpec message + * is ignored during handshake. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned client_sent_ccs = 0; +static unsigned server_sent_ccs = 0; + +static int cli_hsk_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg); + +static void client(int fd, unsigned ccs_check) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + char buf[64]; + + global_init(); + client_sent_ccs = 0; + server_sent_ccs = 0; + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_POST_HANDSHAKE_AUTH); + + gnutls_session_set_ptr(session, &ccs_check); + gnutls_handshake_set_timeout(session, get_timeout()); + if (ccs_check) { + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_PRE, + cli_hsk_callback); + } + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.0", NULL); + if (ret < 0) + fail("cannot set TLS 1.3 priorities\n"); + + + gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert, + &cli_ca3_key, + GNUTLS_X509_FMT_PEM); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + success("client handshake completed\n"); + + do { + ret = gnutls_record_recv(session, buf, sizeof(buf)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) + fail("client: recv did not succeed as expected: %s\n", gnutls_strerror(ret)); + + /* send change cipher spec, this should fail in the server */ + do { + ret = send(fd, "\x14\x03\x03\x00\x01\x01", 6, 0); + } while(ret == -1 && (errno == EINTR || errno == EAGAIN)); + + close(fd); + + gnutls_deinit(session); + + if (ccs_check) { + if (client_sent_ccs != 1) { + fail("client: did not sent CCS\n"); + } + } + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +static int cli_hsk_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + unsigned *p; + unsigned ccs_check; + static unsigned hello_received = 0; + + p = gnutls_session_get_ptr(session); + ccs_check = *p; + + assert(ccs_check != 0); + assert(post == GNUTLS_HOOK_PRE); + + if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && !incoming) { + hello_received = 1; + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC, + GNUTLS_HOOK_PRE, + cli_hsk_callback); + } + + if (htype == GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC && !incoming && hello_received) { + client_sent_ccs++; + assert(msg->size == 1 && msg->data[0] == 0x01); + } + + + return 0; +} + +static int hsk_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + int ret; + int fd; + unsigned *p; + unsigned ccs_check; + + p = gnutls_session_get_ptr(session); + ccs_check = *p; + + assert(post == GNUTLS_HOOK_PRE); + + if (!ccs_check) { + if (!incoming || htype == GNUTLS_HANDSHAKE_CLIENT_HELLO || + htype == GNUTLS_HANDSHAKE_FINISHED) + return 0; + + fd = gnutls_transport_get_int(session); + + /* send change cipher spec */ + do { + ret = send(fd, "\x14\x03\x03\x00\x01\x01", 6, 0); + } while(ret == -1 && (errno == EINTR || errno == EAGAIN)); + } else { /* checking whether server received it */ + if (htype == GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC && !incoming) { + server_sent_ccs++; + assert(msg->size == 1 && msg->data[0] == 0x01); + } + } + return 0; +} + +static void server(int fd, unsigned ccs_check) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + char buf[64]; + + /* this must be called once in the program + */ + global_init(); + + client_sent_ccs = 0; + server_sent_ccs = 0; + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_timeout(session, get_timeout()); + + if (ccs_check) + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC, + GNUTLS_HOOK_PRE, + hsk_callback); + else + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_PRE, + hsk_callback); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL) >= 0); + gnutls_session_set_ptr(session, &ccs_check); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + success("server handshake completed\n"); + + gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUIRE); + /* ask peer for re-authentication */ + do { + ret = gnutls_record_send(session, "\x00", 1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) + fail("server: gnutls_record_send did not succeed as expected: %s\n", gnutls_strerror(ret)); + + /* receive CCS and fail */ + do { + ret = gnutls_record_recv(session, buf, sizeof(buf)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret != GNUTLS_E_UNEXPECTED_PACKET) + fail("server: incorrect alert sent: %d != %d\n", + ret, GNUTLS_E_UNEXPECTED_PACKET); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + if (ccs_check) { + if (server_sent_ccs != 1) { + fail("server: did not sent CCS\n"); + } + } + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +static void ch_handler(int sig) +{ + int status; + wait(&status); + check_wait_status(status); + return; +} + +static +void start(unsigned ccs_check) +{ + int fd[2]; + int ret; + pid_t child; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], ccs_check); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], ccs_check); + exit(0); + } +} + +void doit(void) +{ + start(0); + start(1); +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/compress-cert-cli.c b/tests/tls13/compress-cert-cli.c new file mode 100644 index 0000000..f4e66bf --- /dev/null +++ b/tests/tls13/compress-cert-cli.c @@ -0,0 +1,246 @@ +/* + * Copyright (C) 2022 Red Hat, Inc. + * + * Author: Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" + +#include "utils.h" +#include "eagain-common.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +struct handshake_cb_data_st { + bool is_server; + bool found_compress_certificate; + bool found_compressed_certificate; + bool found_certificate; +}; + +static int ext_callback(void *ctx, unsigned tls_id, const unsigned char *data, unsigned size) +{ + struct handshake_cb_data_st *cb_data = ctx; + if (tls_id == 27) { /* compress_certificate */ + cb_data->found_compress_certificate = 1; + } + return 0; +} + +#define SKIP8(pos, total) { \ + uint8_t _s; \ + if (pos+1 > total) fail("error\n"); \ + _s = msg->data[pos]; \ + if ((size_t)(pos+1+_s) > total) fail("error\n"); \ + pos += 1+_s; \ + } + +static int +handshake_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, + const gnutls_datum_t *msg) +{ + struct handshake_cb_data_st *data = gnutls_session_get_ptr(session); + unsigned pos = 0; + gnutls_datum_t mmsg; + int ret; + + if ((data->is_server && incoming) || + (!data->is_server && !incoming)) { + return 0; + } + + switch (htype) { + case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: + SKIP8(pos, msg->size); + + mmsg.data = &msg->data[pos]; + mmsg.size = msg->size - pos; + ret = gnutls_ext_raw_parse(data, ext_callback, &mmsg, 0); + assert(ret >= 0); + break; + case GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT: + data->found_compressed_certificate = true; + break; + case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: + data->found_certificate = true; + break; + default: + break; + } + + return 0; +} + +static void run(void) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t scred; + gnutls_session_t server; + gnutls_compression_method_t smethods[] = { + GNUTLS_COMP_ZSTD, GNUTLS_COMP_BROTLI, GNUTLS_COMP_ZLIB + }; + struct handshake_cb_data_st sdata = { 0, false, false, false }; + int sret; + /* Client stuff. */ + gnutls_certificate_credentials_t ccred; + gnutls_session_t client; + gnutls_compression_method_t cmethods[] = { + GNUTLS_COMP_ZLIB, GNUTLS_COMP_BROTLI + }; + struct handshake_cb_data_st cdata = { 0, false, false, false }; + int cret; + /* Need to enable anonymous KX specifically. */ + int ret; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(9); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&scred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(scred, + &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM) >= 0); + assert(gnutls_certificate_set_x509_trust_mem(scred, + &ca3_cert, + GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + ret = + gnutls_priority_set_direct(server, + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", + NULL); + if (ret < 0) + exit(1); + + ret = gnutls_compress_certificate_set_methods(server, smethods, sizeof(smethods)/sizeof(*smethods)); + if (ret < 0) { + fail("server: setting compression method failed (%s)\n", + gnutls_strerror(ret)); + } + sdata.is_server = true; + gnutls_session_set_ptr(server, &sdata); + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_POST, + handshake_callback); + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + assert(gnutls_certificate_allocate_credentials(&ccred) >= 0); + assert(gnutls_certificate_set_x509_key_mem + (ccred, &cli_ca3_cert_chain, &cli_ca3_key, GNUTLS_X509_FMT_PEM) >= 0); + assert(gnutls_certificate_set_x509_trust_mem + (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&client, GNUTLS_CLIENT); + ret = + gnutls_priority_set_direct(client, + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", + NULL); + assert(ret >= 0); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred); + if (ret < 0) + exit(1); + + ret = gnutls_compress_certificate_set_methods(client, cmethods, sizeof(cmethods)/sizeof(*cmethods)); + if (ret < 0) { + fail("client: setting compression method failed (%s)\n", + gnutls_strerror(ret)); + } + cdata.is_server = false; + gnutls_session_set_ptr(client, &cdata); + gnutls_handshake_set_hook_function(client, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_POST, + handshake_callback); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + + HANDSHAKE(client, server); + if (debug) + success("Handshake established\n"); + + if (!sdata.found_compress_certificate) { + fail("server: compress_certificate extension not sent\n"); + } + if (!sdata.found_compressed_certificate) { + fail("server: CompressedCertificate not sent\n"); + } + if (sdata.found_certificate) { + fail("server: Certificate sent\n"); + } + if (!cdata.found_compress_certificate) { + fail("client: compress_certificate extension not received\n"); + } + if (!cdata.found_compressed_certificate) { + fail("client: CompressedCertificate not received\n"); + } + if (cdata.found_certificate) { + fail("client: Certificate not received\n"); + } + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(scred); + gnutls_certificate_free_credentials(ccred); + + gnutls_global_deinit(); + reset_buffers(); +} + +void doit(void) +{ +#if !defined(HAVE_LIBZ) || !defined(HAVE_LIBBROTLI) || !defined(HAVE_LIBZSTD) + exit(77); +#endif + run(); +} diff --git a/tests/tls13/compress-cert-neg.c b/tests/tls13/compress-cert-neg.c new file mode 100644 index 0000000..5364e88 --- /dev/null +++ b/tests/tls13/compress-cert-neg.c @@ -0,0 +1,275 @@ +/* + * Copyright (C) 2022 Red Hat, Inc. + * + * Author: Zoltan Fridrich + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(HAVE_LIBZ) || \ + !defined(HAVE_LIBBROTLI) || !defined(HAVE_LIBZSTD) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* This program tests whether the compress_certificate extensions is disabled + * when client and server have incompatible compression methods set */ + +#define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3" +#define CHECK(X) assert((X)>=0) + +static pid_t child; +int client_bad; +int server_bad; + +static void terminate(void) +{ + int status = 0; + + if (child) { + kill(child, SIGTERM); + wait(&status); + } + exit(1); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static int client_callback(gnutls_session_t session, unsigned htype, + unsigned post, unsigned incoming, const gnutls_datum_t *msg) +{ + client_bad = 1; + return 0; +} + +static int server_callback(gnutls_session_t session, unsigned htype, + unsigned post, unsigned incoming, const gnutls_datum_t *msg) +{ + server_bad = 1; + return 0; +} + +static void client(int fd) +{ + int ret; + unsigned status; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_compression_method_t method; + gnutls_compression_method_t methods[] = { GNUTLS_COMP_BROTLI, GNUTLS_COMP_ZSTD }; + size_t methods_len = sizeof(methods) / sizeof(gnutls_compression_method_t); + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + CHECK(gnutls_certificate_allocate_credentials(&x509_cred)); + CHECK(gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert_chain, + &cli_ca3_key, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred)); + CHECK(gnutls_priority_set_direct(session, PRIO, NULL)); + + ret = gnutls_compress_certificate_set_methods(session, methods, methods_len); + if (ret < 0) { + fail("client: setting compression method failed (%s)\n\n", gnutls_strerror(ret)); + terminate(); + } + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT, + GNUTLS_HOOK_PRE, client_callback); + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + fail("client: Handshake failed: %s\n", strerror(ret)); + goto cleanup; + } + if (debug) + success("client: Handshake was completed\n"); + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + method = gnutls_compress_certificate_get_selected_method(session); + if (method != GNUTLS_COMP_UNKNOWN) + fail("client: compression method should should not be set\n"); + + if (client_bad) + fail("client: certificate should not be compressed\n"); + + ret = gnutls_certificate_verify_peers2(session, &status); + if (ret < 0) + fail("client: could not verify server certificate: %s\n", gnutls_strerror(ret)); + if (status) + fail("client: certificate verification failed\n"); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + if (debug) + success("client: finished\n"); + +cleanup: + close(fd); + gnutls_deinit(session); + gnutls_certificate_free_credentials(x509_cred); + gnutls_global_deinit(); +} + +static void server(int fd) +{ + int ret; + unsigned status; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_compression_method_t method; + gnutls_compression_method_t methods[] = { GNUTLS_COMP_ZLIB }; + size_t methods_len = sizeof(methods) / sizeof(gnutls_compression_method_t); + + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + CHECK(gnutls_certificate_allocate_credentials(&x509_cred)); + CHECK(gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert_chain, + &server_ca3_key, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_init(&session, GNUTLS_SERVER)); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred)); + CHECK(gnutls_priority_set_direct(session, PRIO, NULL)); + + ret = gnutls_compress_certificate_set_methods(session, methods, methods_len); + if (ret < 0) { + fail("server: setting compression method failed (%s)\n\n", gnutls_strerror(ret)); + terminate(); + } + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT, + GNUTLS_HOOK_PRE, server_callback); + gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUEST); + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + fail("server: Handshake has failed (%s)\n\n", gnutls_strerror(ret)); + goto cleanup; + } + if (debug) + success("server: Handshake was completed\n"); + if (debug) + success("server: TLS version is: %s\n", gnutls_protocol_get_name( + gnutls_protocol_get_version(session))); + + method = gnutls_compress_certificate_get_selected_method(session); + if (method != GNUTLS_COMP_UNKNOWN) + fail("server: compression method should not be set\n"); + + if (server_bad) + fail("server: certificate should not be compressed\n"); + + ret = gnutls_certificate_verify_peers2(session, &status); + if (ret < 0) + fail("server: could not verify client certificate: %s\n", gnutls_strerror(ret)); + if (status) + fail("server: certificate verification failed\n"); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + if (debug) + success("server: finished\n"); + +cleanup: + close(fd); + gnutls_deinit(session); + gnutls_certificate_free_credentials(x509_cred); + gnutls_global_deinit(); +} + +void doit(void) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status = 0; + + server(fd[0]); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/compress-cert-neg2.c b/tests/tls13/compress-cert-neg2.c new file mode 100644 index 0000000..b083e38 --- /dev/null +++ b/tests/tls13/compress-cert-neg2.c @@ -0,0 +1,216 @@ +/* + * Copyright (C) 2022 Red Hat, Inc. + * + * Author: Zoltan Fridrich + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(HAVE_LIBZ) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* This program tests whether the compress_certificate extension correctly fails + * in the case of compression/decompression failure */ + +#define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3" +#define CHECK(X) assert((X)>=0) + +static pid_t child; + +static void terminate(void) +{ + int status = 0; + + if (child) { + kill(child, SIGTERM); + wait(&status); + } + exit(1); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static int client_callback(gnutls_session_t session, unsigned htype, + unsigned post, unsigned incoming, const gnutls_datum_t *msg) +{ + /* change compression method to BROTLI */ + msg->data[1] = 0x02; + return 0; +} + +static void client(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_compression_method_t methods[] = { GNUTLS_COMP_ZLIB }; + size_t methods_len = sizeof(methods) / sizeof(gnutls_compression_method_t); + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + CHECK(gnutls_certificate_allocate_credentials(&x509_cred)); + CHECK(gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert_chain, + &cli_ca3_key, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred)); + CHECK(gnutls_priority_set_direct(session, PRIO, NULL)); + + ret = gnutls_compress_certificate_set_methods(session, methods, methods_len); + if (ret < 0) { + fail("client: setting compression method failed (%s)\n\n", gnutls_strerror(ret)); + terminate(); + } + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT, + GNUTLS_HOOK_PRE, client_callback); + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret >= 0) + fail("client: handshake should have failed\n"); + + gnutls_bye(session, GNUTLS_SHUT_WR); + close(fd); + gnutls_deinit(session); + gnutls_certificate_free_credentials(x509_cred); + gnutls_global_deinit(); +} + +static void server(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_compression_method_t method; + gnutls_compression_method_t methods[] = { GNUTLS_COMP_ZLIB }; + size_t methods_len = sizeof(methods) / sizeof(gnutls_compression_method_t); + + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + CHECK(gnutls_certificate_allocate_credentials(&x509_cred)); + CHECK(gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert_chain, + &server_ca3_key, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_init(&session, GNUTLS_SERVER)); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred)); + CHECK(gnutls_priority_set_direct(session, PRIO, NULL)); + + ret = gnutls_compress_certificate_set_methods(session, methods, methods_len); + if (ret < 0) { + fail("server: setting compression method failed (%s)\n\n", gnutls_strerror(ret)); + terminate(); + } + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret >= 0) + fail("server: handshake should have failed\n"); + + if (gnutls_alert_get(session) != GNUTLS_A_BAD_CERTIFICATE) + fail("server: didn't receive BAD CERTIFICATE alert\n"); + + method = gnutls_compress_certificate_get_selected_method(session); + if (method != GNUTLS_COMP_ZLIB) + fail("server: compression method should be set to ZLIB\n"); + + gnutls_bye(session, GNUTLS_SHUT_WR); + close(fd); + gnutls_deinit(session); + gnutls_certificate_free_credentials(x509_cred); + gnutls_global_deinit(); +} + +void doit(void) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status = 0; + + server(fd[0]); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/compress-cert.c b/tests/tls13/compress-cert.c new file mode 100644 index 0000000..6b867ca --- /dev/null +++ b/tests/tls13/compress-cert.c @@ -0,0 +1,286 @@ +/* + * Copyright (C) 2022 Red Hat, Inc. + * + * Author: Zoltan Fridrich + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) || !defined(HAVE_LIBZ) || \ + !defined(HAVE_LIBBROTLI) || !defined(HAVE_LIBZSTD) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* This program tests whether the compress_certificate extensions works as expected */ + +#define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3" +#define CHECK(X) assert((X)>=0) + +static pid_t child; +int client_ok; +int server_ok; + +static void terminate(void) +{ + int status = 0; + + if (child) { + kill(child, SIGTERM); + wait(&status); + } + exit(1); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static int client_callback(gnutls_session_t session, unsigned htype, + unsigned post, unsigned incoming, const gnutls_datum_t *msg) +{ + if (incoming == 0) + return 0; + + /* check ZLIB number */ + if (msg->data[0] == 0x00 && msg->data[1] == 0x01) + client_ok = 1; + + return 0; +} + +static int server_callback(gnutls_session_t session, unsigned htype, + unsigned post, unsigned incoming, const gnutls_datum_t *msg) +{ + if (incoming == 0) + return 0; + + /* check BROTLI number */ + if (msg->data[0] == 0x00 && msg->data[1] == 0x02) + server_ok = 1; + + return 0; +} + +static void client(int fd) +{ + int ret; + unsigned status; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_compression_method_t method; + gnutls_compression_method_t methods[] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_BROTLI }; + size_t methods_len = sizeof(methods) / sizeof(gnutls_compression_method_t); + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + CHECK(gnutls_certificate_allocate_credentials(&x509_cred)); + CHECK(gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert_chain, + &cli_ca3_key, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred)); + CHECK(gnutls_priority_set_direct(session, PRIO, NULL)); + + ret = gnutls_compress_certificate_set_methods(session, methods, methods_len); + if (ret < 0) { + fail("client: setting compression method failed (%s)\n\n", gnutls_strerror(ret)); + terminate(); + } + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT, + GNUTLS_HOOK_PRE, client_callback); + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + fail("client: Handshake failed: %s\n", strerror(ret)); + goto cleanup; + } + if (debug) + success("client: Handshake was completed\n"); + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + method = gnutls_compress_certificate_get_selected_method(session); + if (method != GNUTLS_COMP_BROTLI) + fail("client: compression method should be set to BROTLI\n"); + + if (!client_ok) + fail("client: didn't receive cert compressed with ZLIB\n"); + + ret = gnutls_certificate_verify_peers2(session, &status); + if (ret < 0) + fail("client: could not verify server certificate: %s\n", gnutls_strerror(ret)); + if (status) + fail("client: certificate verification failed\n"); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + if (debug) + success("client: finished\n"); + +cleanup: + close(fd); + gnutls_deinit(session); + gnutls_certificate_free_credentials(x509_cred); + gnutls_global_deinit(); +} + +static void server(int fd) +{ + int ret; + unsigned status; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_compression_method_t method; + gnutls_compression_method_t methods[] = { GNUTLS_COMP_ZSTD, GNUTLS_COMP_BROTLI, GNUTLS_COMP_ZLIB }; + size_t methods_len = sizeof(methods) / sizeof(gnutls_compression_method_t); + + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + CHECK(gnutls_certificate_allocate_credentials(&x509_cred)); + CHECK(gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_localhost_cert_chain, + &server_ca3_key, GNUTLS_X509_FMT_PEM)); + CHECK(gnutls_init(&session, GNUTLS_SERVER)); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred)); + CHECK(gnutls_priority_set_direct(session, PRIO, NULL)); + + ret = gnutls_compress_certificate_set_methods(session, methods, methods_len); + if (ret < 0) { + fail("server: setting compression method failed (%s)\n\n", gnutls_strerror(ret)); + terminate(); + } + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_COMPRESSED_CERTIFICATE_PKT, + GNUTLS_HOOK_PRE, server_callback); + gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUEST); + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + fail("server: Handshake has failed (%s)\n\n", gnutls_strerror(ret)); + goto cleanup; + } + if (debug) + success("server: Handshake was completed\n"); + if (debug) + success("server: TLS version is: %s\n", gnutls_protocol_get_name( + gnutls_protocol_get_version(session))); + + method = gnutls_compress_certificate_get_selected_method(session); + if (method != GNUTLS_COMP_ZLIB) + fail("server: compression method should be set to ZLIB\n"); + + if (!server_ok) + fail("server: didn't receive cert compressed with BROTLI\n"); + + ret = gnutls_certificate_verify_peers2(session, &status); + if (ret < 0) + fail("server: could not verify client certificate: %s\n", gnutls_strerror(ret)); + if (status) + fail("server: certificate verification failed\n"); + + gnutls_bye(session, GNUTLS_SHUT_WR); + + if (debug) + success("server: finished\n"); + +cleanup: + close(fd); + gnutls_deinit(session); + gnutls_certificate_free_credentials(x509_cred); + gnutls_global_deinit(); +} + +void doit(void) +{ + int fd[2]; + int ret; + + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status = 0; + + server(fd[0]); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/cookie.c b/tests/tls13/cookie.c new file mode 100644 index 0000000..dde00af --- /dev/null +++ b/tests/tls13/cookie.c @@ -0,0 +1,265 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Thierry Quemerais, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +/* This program tests whether a cookie sent by the server is repeated + * by the gnutls client. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#endif +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static int TLSEXT_TYPE_server_sent = 0; +static int TLSEXT_TYPE_server_received = 0; + +static const unsigned char ext_data[] = +{ + 0x00, + 0x03, + 0xFE, + 0xED, + 0xFF +}; + +static int ext_recv_server_cookie(gnutls_session_t session, const unsigned char *buf, size_t buflen) +{ + if (buflen != sizeof(ext_data)) + fail("ext_recv_server_params: Invalid input buffer length\n"); + + if (memcmp(buf, ext_data, sizeof(ext_data)) != 0) + fail("ext_recv_server_params: Invalid input buffer data\n"); + + TLSEXT_TYPE_server_received = 1; + + return 0; //Success +} + +static int ext_send_server_cookie(gnutls_session_t session, gnutls_buffer_t extdata) +{ + if (gnutls_ext_get_current_msg(session) == GNUTLS_EXT_FLAG_HRR) { + TLSEXT_TYPE_server_sent = 1; + + gnutls_buffer_append_data(extdata, ext_data, sizeof(ext_data)); + return sizeof(ext_data); + } + return 0; +} + +static void client(int sd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t clientx509cred; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "client"; + + gnutls_certificate_allocate_credentials(&clientx509cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3", + NULL)>=0); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed: %s\n", gnutls_strerror(ret)); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + +end: + close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +static void server(int sd) +{ + gnutls_certificate_credentials_t serverx509cred; + int ret; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + side = "server"; + + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + + /* force a hello retry request by disabling all the groups that are + * enabled by default. */ + assert(gnutls_priority_set_direct(session, + "NORMAL:-VERS-ALL:+VERS-TLS1.3:" + "-GROUP-SECP256R1:-GROUP-X25519:-GROUP-FFDHE2048", + NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + ret = gnutls_session_ext_register(session, "cookie_server", 44, GNUTLS_EXT_TLS, ext_recv_server_cookie, ext_send_server_cookie, + NULL, NULL, NULL, + GNUTLS_EXT_FLAG_CLIENT_HELLO|GNUTLS_EXT_FLAG_HRR|GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL|GNUTLS_EXT_FLAG_IGNORE_CLIENT_REQUEST); + if (ret != 0) + fail("server: cannot register: %s", gnutls_strerror(ret)); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_handshake(session); + if (ret < 0) { + fail("server: Handshake has failed: %s\n\n", + gnutls_strerror(ret)); + goto end; + } + if (debug) + success("server: Handshake was completed\n"); + + if (TLSEXT_TYPE_server_sent != 1) + fail("server: extension not properly sent\n"); + + if (TLSEXT_TYPE_server_received != 1) + fail("server: extension not properly received\n"); + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + +end: + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(serverx509cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +void doit(void) +{ + pid_t child; + int sockets[2]; + int err; + + signal(SIGPIPE, SIG_IGN); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + TLSEXT_TYPE_server_sent = 0; + TLSEXT_TYPE_server_received = 0; + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status = 0; + /* parent */ + close(sockets[1]); + server(sockets[0]); + wait(&status); + } else { + close(sockets[0]); + client(sockets[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/ext-parse.h b/tests/tls13/ext-parse.h new file mode 100644 index 0000000..9a22de5 --- /dev/null +++ b/tests/tls13/ext-parse.h @@ -0,0 +1,229 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#include "utils.h" + +#define TLS_EXT_SUPPORTED_VERSIONS 43 +#define TLS_EXT_POST_HANDSHAKE 49 + +#define SKIP16(pos, _total) { \ + uint16_t _s; \ + if ((size_t)pos+2 > (size_t)_total) fail("error0: at %d total: %d\n", pos+2, _total); \ + _s = (msg->data[pos] << 8) | msg->data[pos+1]; \ + if ((size_t)(pos+2+_s) > (size_t)_total) fail("error1: at %d field: %d, total: %d\n", pos+2, (int)_s, _total); \ + pos += 2+_s; \ + } + +#define SKIP8(pos, _total) { \ + uint8_t _s; \ + if ((size_t)pos+1 > (size_t)_total) fail("error\n"); \ + _s = msg->data[pos]; \ + if ((size_t)(pos+1+_s) > (size_t)_total) fail("error\n"); \ + pos += 1+_s; \ + } + +typedef void (*ext_parse_func)(void *priv, gnutls_datum_t *extdata); + +#define HANDSHAKE_SESSION_ID_POS 34 + +#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) +# pragma GCC diagnostic push +# pragma GCC diagnostic ignored "-Wunused-function" +#endif + +/* Returns 0 if the extension was not found, 1 otherwise. + */ +static unsigned find_client_extension(const gnutls_datum_t *msg, unsigned extnr, void *priv, ext_parse_func cb) +{ + unsigned pos; + + if (msg->size < HANDSHAKE_SESSION_ID_POS) + fail("invalid client hello\n"); + + /* we expect the legacy version to be present */ + /* ProtocolVersion legacy_version = 0x0303 */ + if (msg->data[0] != 0x03) { + fail("ProtocolVersion contains %d.%d\n", (int)msg->data[0], (int)msg->data[1]); + } + + pos = HANDSHAKE_SESSION_ID_POS; + /* legacy_session_id */ + SKIP8(pos, msg->size); + + /* CipherSuites */ + SKIP16(pos, msg->size); + + /* legacy_compression_methods */ + SKIP8(pos, msg->size); + + pos += 2; + + while (pos < msg->size) { + uint16_t type; + + if (pos+4 > msg->size) + fail("invalid client hello\n"); + + type = (msg->data[pos] << 8) | msg->data[pos+1]; + pos+=2; + + if (debug) + success("Found client extension %d\n", (int)type); + + if (type != extnr) { + SKIP16(pos, msg->size); + } else { /* found */ + ssize_t size = (msg->data[pos] << 8) | msg->data[pos+1]; + gnutls_datum_t data; + + pos+=2; + if (pos + size > msg->size) { + fail("error in extension length (pos: %d, ext: %d, total: %d)\n", pos, (int)size, msg->size); + } + data.data = &msg->data[pos]; + data.size = size; + if (cb) + cb(priv, &data); + return 1; + } + } + return 0; +} + +static unsigned is_client_extension_last(const gnutls_datum_t *msg, unsigned extnr) +{ + unsigned pos, found = 0; + + if (msg->size < HANDSHAKE_SESSION_ID_POS) + fail("invalid client hello\n"); + + /* we expect the legacy version to be present */ + /* ProtocolVersion legacy_version = 0x0303 */ + if (msg->data[0] != 0x03) { + fail("ProtocolVersion contains %d.%d\n", (int)msg->data[0], (int)msg->data[1]); + } + + pos = HANDSHAKE_SESSION_ID_POS; + /* legacy_session_id */ + SKIP8(pos, msg->size); + + /* CipherSuites */ + SKIP16(pos, msg->size); + + /* legacy_compression_methods */ + SKIP8(pos, msg->size); + + pos += 2; + + while (pos < msg->size) { + uint16_t type; + + if (pos+4 > msg->size) + fail("invalid client hello\n"); + + type = (msg->data[pos] << 8) | msg->data[pos+1]; + pos+=2; + + if (debug) + success("Found client extension %d\n", (int)type); + + if (type != extnr) { + if (found) { + success("found extension %d after %d\n", type, extnr); + return 0; + } + SKIP16(pos, msg->size); + } else { /* found */ + found = 1; + SKIP16(pos, msg->size); + } + } + + if (found) + return 1; + return 0; +} + +#define TLS_RANDOM_SIZE 32 + +static unsigned find_server_extension(const gnutls_datum_t *msg, unsigned extnr, void *priv, ext_parse_func cb) +{ + unsigned pos = 0; + + success("server hello of %d bytes\n", msg->size); + /* we expect the legacy version to be present */ + /* ProtocolVersion legacy_version = 0x0303 */ + if (msg->data[0] != 0x03 || msg->data[1] != 0x03) { + fail("ProtocolVersion contains %d.%d\n", (int)msg->data[0], (int)msg->data[1]); + } + + if (msg->data[1] >= 0x04) { + success("assuming TLS 1.3 or better hello format (seen %d.%d)\n", (int)msg->data[0], (int)msg->data[1]); + } + + pos += 2+TLS_RANDOM_SIZE; + + /* legacy_session_id */ + SKIP8(pos, msg->size); + + /* CipherSuite */ + pos += 2; + + /* legacy_compression_methods */ + SKIP8(pos, msg->size); + + pos += 2; + + while (pos < msg->size) { + uint16_t type; + + if (pos+4 > msg->size) + fail("invalid server hello\n"); + + type = (msg->data[pos] << 8) | msg->data[pos+1]; + pos+=2; + + success("Found server extension %d\n", (int)type); + + if (type != extnr) { + SKIP16(pos, msg->size); + } else { /* found */ + ssize_t size = (msg->data[pos] << 8) | msg->data[pos+1]; + gnutls_datum_t data; + + pos+=2; + if (pos + size < msg->size) { + fail("error in server extension length (pos: %d, total: %d)\n", pos, msg->size); + } + data.data = &msg->data[pos]; + data.size = size; + if (cb) + cb(priv, &data); + return 1; + } + } + + return 0; +} + +#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) +# pragma GCC diagnostic pop +#endif diff --git a/tests/tls13/hello_retry_request.c b/tests/tls13/hello_retry_request.c new file mode 100644 index 0000000..dd4506b --- /dev/null +++ b/tests/tls13/hello_retry_request.c @@ -0,0 +1,255 @@ +/* + * Copyright (C) 2017-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" +#include "tls13/ext-parse.h" + +/* This program tests whether the version in Hello Retry Request message + * is the expected */ + +const char *testname = ""; + +#define myfail(fmt, ...) \ + fail("%s: "fmt, testname, ##__VA_ARGS__) + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define HANDSHAKE_SESSION_ID_POS 34 + +struct ctx_st { + unsigned hrr_seen; + unsigned hello_counter; + uint8_t session_id[32]; + size_t session_id_len; +}; + +static int hello_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + struct ctx_st *ctx = gnutls_session_get_ptr(session); + assert(ctx != NULL); + + if (htype == GNUTLS_HANDSHAKE_HELLO_RETRY_REQUEST) + ctx->hrr_seen = 1; + + if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && post == GNUTLS_HOOK_POST) { + size_t session_id_len; + uint8_t *session_id; + + assert(msg->size > HANDSHAKE_SESSION_ID_POS + 1); + session_id_len = msg->data[HANDSHAKE_SESSION_ID_POS]; + session_id = &msg->data[HANDSHAKE_SESSION_ID_POS + 1]; + + if (ctx->hello_counter > 0) { + assert(msg->size > 4); + if (msg->data[0] != 0x03 || msg->data[1] != 0x03) { + fail("version is %d.%d expected 3,3\n", (int)msg->data[0], (int)msg->data[1]); + } + + if (session_id_len != ctx->session_id_len || + memcmp(session_id, ctx->session_id, session_id_len) != 0) { + fail("different legacy_session_id is sent after HRR\n"); + } + } + + ctx->session_id_len = session_id_len; + memcpy(ctx->session_id, session_id, session_id_len); + + ctx->hello_counter++; + } + + return 0; +} + + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + struct ctx_st ctx; + + memset(&ctx, 0, sizeof(ctx)); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_KEY_SHARE_TOP)>=0); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_session_set_ptr(session, &ctx); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-X25519", NULL); + if (ret < 0) + myfail("cannot set TLS 1.3 priorities\n"); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + hello_callback); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + assert(ctx.hrr_seen != 0); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); +} + +static void server(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM)>=0); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_timeout(session, get_timeout()); + + /* server only supports x25519, client advertises secp256r1 */ + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + if (ret == GNUTLS_E_INTERRUPTED) { /* expected */ + break; + } + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) + myfail("handshake error: %s\n", gnutls_strerror(ret)); + + if (gnutls_group_get(session) != GNUTLS_GROUP_X25519) + myfail("group doesn't match the expected: %s\n", gnutls_group_get_name(gnutls_group_get(session))); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + int fd[2]; + int ret; + pid_t child; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + client(fd[0]); + kill(child, SIGTERM); + } else { + close(fd[0]); + server(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/hello_retry_request_resume.c b/tests/tls13/hello_retry_request_resume.c new file mode 100644 index 0000000..f75ea53 --- /dev/null +++ b/tests/tls13/hello_retry_request_resume.c @@ -0,0 +1,318 @@ +/* + * Copyright (C) 2017-2020 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../lib/handshake-defs.h" +#include "cert-common.h" +#include "utils.h" + +/* This program tests whether the certificate seen in Post Handshake Auth + * is found in a resumed session under TLS 1.3. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static int ticket_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + gnutls_datum *d; + int ret; + + assert(htype == GNUTLS_HANDSHAKE_NEW_SESSION_TICKET); + + d = gnutls_session_get_ptr(session); + + if (post == GNUTLS_HOOK_POST) { + if (d->data) + gnutls_free(d->data); + ret = gnutls_session_get_data2(session, d); + assert(ret >= 0); + assert(d->size > 4); + + return 0; + } + + return 0; +} + +static void client(int fd) +{ + int ret; + gnutls_session_t session; + unsigned try = 0; + gnutls_datum_t session_data = {NULL, 0}; + gnutls_certificate_credentials_t x509_cred; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + retry: + /* Initialize TLS session + */ + assert(gnutls_init(&session, GNUTLS_CLIENT)>=0); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-X25519", NULL); + if (ret < 0) + fail("cannot set TLS 1.3 priorities\n"); + + + if (try == 0) { + gnutls_session_set_ptr(session, &session_data); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, + GNUTLS_HOOK_BOTH, + ticket_callback); + } else { + assert(gnutls_session_set_data(session, session_data.data, session_data.size) >= 0); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret != 0) { + fail("error in recv: %s\n", gnutls_strerror(ret)); + } + + gnutls_deinit(session); + + if (try == 0) { + try++; + goto retry; + } + + gnutls_free(session_data.data); + close(fd); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +#define HANDSHAKE_SESSION_ID_POS 34 + +static int client_hello_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, + const gnutls_datum_t *msg) +{ + gnutls_datum *d; + + assert(post == GNUTLS_HOOK_POST); + assert(msg->size >= HANDSHAKE_SESSION_ID_POS + 1); + + d = gnutls_session_get_ptr(session); + d->size = msg->data[HANDSHAKE_SESSION_ID_POS]; + d->data = gnutls_malloc(d->size); + memcpy(d->data, &msg->data[HANDSHAKE_SESSION_ID_POS], d->size); + + return 0; +} + +static void server(int fd) +{ + int ret; + gnutls_session_t session; + unsigned try = 0; + gnutls_certificate_credentials_t x509_cred; + gnutls_datum_t skey; + gnutls_datum_t session_id = {NULL, 0}; + gnutls_datum_t retry_session_id = {NULL, 0}; + + /* this must be called once in the program + */ + global_init(); + + assert(gnutls_session_ticket_key_generate(&skey)>=0); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + retry: + assert(gnutls_init(&session, GNUTLS_SERVER)>=0); + + assert(gnutls_session_ticket_enable_server(session, &skey) >= 0); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* server only supports x25519, client advertises secp256r1 */ + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + if (try == 0) { + gnutls_session_set_ptr(session, &session_id); + } else { + gnutls_session_set_ptr(session, &retry_session_id); + } + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HOOK_POST, + client_hello_callback); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (try > 0) { + assert(gnutls_session_is_resumed(session) != 0); + + /* Check that the same (non-empty) session ID is used in both + * initial and resumption handshakes. This assumes + * TLS13_APPENDIX_D4 is set to 1 in lib/handshake-defs.h. Once + * it's turned off, both session IDs should be empty. */ + if (session_id.size == 0 || + session_id.size != retry_session_id.size || + memcmp(session_id.data, retry_session_id.data, session_id.size)) { + fail("session ids are different after resumption: %u, %u\n", + session_id.size, retry_session_id.size); + } + } + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + gnutls_deinit(session); + + if (try == 0) { + try++; + goto retry; + } + + gnutls_free(skey.data); + close(fd); + gnutls_certificate_free_credentials(x509_cred); + gnutls_free(session_id.data); + gnutls_free(retry_session_id.data); + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + int fd[2]; + int ret; + pid_t child; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0]); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } + +} +#endif /* _WIN32 */ diff --git a/tests/tls13/key_limits.c b/tests/tls13/key_limits.c new file mode 100644 index 0000000..e2e533a --- /dev/null +++ b/tests/tls13/key_limits.c @@ -0,0 +1,341 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +static void terminate(void); + +/* This program tests whether re-key occurs at the expected + * time. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static void client(int fd, const char *prio, unsigned expect_update) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + unsigned char seq[8]; + unsigned update_happened = 0; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + ret = gnutls_priority_set_direct(session, prio, NULL); + if (ret < 0) { + fail("error in priority '%s': %s\n", prio, gnutls_strerror(ret)); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* make sure we are not blocked forever */ + gnutls_record_set_timeout(session, 10000); + + assert(gnutls_record_get_state(session, 1, NULL, NULL, NULL, seq) >= 0); + assert(gnutls_record_set_state(session, 1, (void*)"\x00\x00\x00\x00\x00\xff\xff\xfa") >= 0); + + do { + do { + ret = gnutls_record_recv_seq(session, buffer, MAX_BUF, seq); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (memcmp(seq, "\x00\x00\x00\x00\x00\x00\x00\x01", 8) == 0) { + update_happened = 1; + } + } while (ret > 0); + + if (ret == 0 || ret == GNUTLS_E_TIMEDOUT) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + if (ret != 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + exit(1); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + end: + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (expect_update && update_happened == 0) { + fail("no update occurred!\n"); + exit(1); + } else if (!expect_update && update_happened) { + fail("update occurred unexpectedly!\n"); + exit(1); + } else { + if (debug) + success("detected update!\n"); + } +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + assert(child); + kill(child, SIGTERM); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + unsigned i; + unsigned char seq[8]; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + ret = gnutls_priority_set_direct(session, prio, NULL); + if (ret < 0) { + fail("error in priority '%s': %s\n", prio, gnutls_strerror(ret)); + exit(1); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + assert(gnutls_record_get_state(session, 0, NULL, NULL, NULL, seq) >= 0); + assert(gnutls_record_set_state(session, 0, (void*)"\x00\x00\x00\x00\x00\xff\xff\xfa") >= 0); + + memset(buffer, 1, sizeof(buffer)); + for (i = 0; i<32; i++) { + usleep(10000); /* some systems like FreeBSD have their buffers full during this send */ + do { + ret = + gnutls_record_send(session, buffer, + sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) { + fail("Error sending %d byte packet: %s\n", (int)sizeof(buffer), + gnutls_strerror(ret)); + terminate(); + } + + if (ret != sizeof(buffer)) { + fail("Error sending %d byte packet: sent: %d\n", (int)sizeof(buffer), + ret); + terminate(); + } + } + + + /* wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void start(const char *name, const char *prio, unsigned exp_update) +{ + int fd[2]; + int ret, status = 0; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + success("trying: %s\n", name); + close(fd[0]); + server(fd[1], prio); + wait(&status); + check_wait_status(status); + } else { + close(fd[1]); + client(fd[0], prio, exp_update); + exit(0); + } +} + +#define AES_GCM "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM" +#define CHACHA_POLY1305 "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+CHACHA20-POLY1305" + +static void ch_handler(int sig) +{ + return; +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start("aes-gcm", AES_GCM, 1); + if (!gnutls_fips140_mode_enabled()) { + start("chacha20", CHACHA_POLY1305, 0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/key_share.c b/tests/tls13/key_share.c new file mode 100644 index 0000000..fa785a5 --- /dev/null +++ b/tests/tls13/key_share.c @@ -0,0 +1,233 @@ +/* + * Copyright (C) 2017-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" +#include "tls13/ext-parse.h" +#include "eagain-common.h" + +/* This program tests the Key Share behavior in Client Hello, + * and whether the flags to gnutls_init for key share are followed. + */ + +const char *testname = ""; + +#define myfail(fmt, ...) \ + fail("%s: "fmt, testname, ##__VA_ARGS__) + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +unsigned int tls_id_to_group[] = { + [23] = GNUTLS_GROUP_SECP256R1, + [24] = GNUTLS_GROUP_SECP384R1, + [29] = GNUTLS_GROUP_X25519, + [30] = GNUTLS_GROUP_X448, + [0x100] = GNUTLS_GROUP_FFDHE2048, + [0x101] = GNUTLS_GROUP_FFDHE3072 +}; + + +#define TLS_EXT_KEY_SHARE 51 + +typedef struct ctx_st { + gnutls_group_t group; + unsigned ngroups; +} ctx_st; + +static +void check_ks_contents(void *priv, gnutls_datum_t *msg) +{ + ctx_st *ctx; + int len; + gnutls_session_t session = priv; + int pos; + unsigned total = 0, id; + unsigned found = 0; + + ctx = gnutls_session_get_ptr(session); + + len = (msg->data[0] << 8) | msg->data[1]; + if (len+2 != (int)msg->size) + myfail("mismatch in length (%d vs %d)!\n", len, (int)msg->size); + + pos = 2; + + while((unsigned)pos < msg->size) { + id = (msg->data[pos] << 8) | msg->data[pos+1]; + pos += 2; + len -= 2; + + if (debug) + success("found group: %u\n", id); + if (id < sizeof(tls_id_to_group)/sizeof(tls_id_to_group[0])) { + if (tls_id_to_group[id] == ctx->group) + found = 1; + } + total++; + + SKIP16(pos, msg->size); + } + + if (total != ctx->ngroups) { + myfail("found %d groups, expected %d\n", total, ctx->ngroups); + } + + if (found == 0) { + myfail("did not find group %s\n", gnutls_group_get_name(ctx->group)); + } +} + +static int client_hello_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && post == GNUTLS_HOOK_POST) { + if (find_client_extension(msg, TLS_EXT_KEY_SHARE, session, check_ks_contents) == 0) + fail("Could not find key share extension!\n"); + } + + return 0; +} + +static void start(const char *name, const char *prio, unsigned flag, + gnutls_group_t group, unsigned ngroups) +{ + int sret, cret; + gnutls_certificate_credentials_t scred, ccred; + gnutls_session_t server, client; + ctx_st ctx; + + testname = name; + success("== test %s ==\n", testname); + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(9); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&scred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(scred, + &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&server, GNUTLS_SERVER); + + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + client_hello_callback); + ctx.group = group; + ctx.ngroups = ngroups; + gnutls_session_set_ptr(server, &ctx); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(server, "NORMAL:+VERS-TLS1.3", NULL); + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&ccred); + assert(gnutls_certificate_set_x509_trust_mem + (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&client, GNUTLS_CLIENT|flag); + + cret = gnutls_priority_set_direct(client, prio, NULL); + if (cret < 0) + myfail("cannot set TLS 1.3 priorities\n"); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + if (debug) + success("Handshake established\n"); + + if (gnutls_group_get(server) != group) + myfail("group doesn't match the expected: %s\n", gnutls_group_get_name(gnutls_group_get(server))); + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(scred); + gnutls_certificate_free_credentials(ccred); + + gnutls_global_deinit(); + reset_buffers(); +} + +void doit(void) +{ + start("single group: default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_KEY_SHARE_TOP, GNUTLS_GROUP_SECP256R1, 1); + start("single group: secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP, GNUTLS_GROUP_SECP256R1, 1); + start("single group: x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP, GNUTLS_GROUP_X25519, 1); + + /* unfortunately we strictly follow the rfc7919 RFC and we prioritize groups + * based on ciphersuite listing as well. To prioritize the FFDHE groups we need + * to prioritize the non-EC ciphersuites first. */ + start("single group: ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", GNUTLS_KEY_SHARE_TOP, GNUTLS_GROUP_FFDHE2048, 1); + + start("two groups: default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_SECP256R1, 2); + start("two groups: secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_SECP256R1, 2); + start("two groups: x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_X25519, 2); + start("two groups: x448", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_X448, 2); + start("two groups: ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", GNUTLS_KEY_SHARE_TOP2, GNUTLS_GROUP_FFDHE2048, 2); + + start("three groups: default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_SECP256R1, 3); + start("three groups: secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_SECP256R1, 3); + start("three groups: x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_X25519, 3); + start("three groups: x448", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X448:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_X448, 3); + start("three groups: ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", GNUTLS_KEY_SHARE_TOP3, GNUTLS_GROUP_FFDHE2048, 3); + + /* test default behavior */ + start("default groups(2): default secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3", 0, GNUTLS_GROUP_SECP256R1, 2); + start("default groups(2): secp256r1", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE2048", 0, GNUTLS_GROUP_SECP256R1, 2); + start("default groups(2): x25519", "NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-FFDHE2048", 0, GNUTLS_GROUP_X25519, 2); + start("default groups(2): ffdhe2048", "NORMAL:-KX-ALL:+DHE-RSA:+ECDHE-RSA:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-X25519:+GROUP-FFDHE3072", 0, GNUTLS_GROUP_FFDHE2048, 2); +} diff --git a/tests/tls13/key_update.c b/tests/tls13/key_update.c new file mode 100644 index 0000000..e9fae86 --- /dev/null +++ b/tests/tls13/key_update.c @@ -0,0 +1,276 @@ +/* + * Copyright (C) 2017-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" + +#include "utils.h" +#define RANDOMIZE +#include "eagain-common.h" + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..." + +static unsigned key_update_msg_inc = 0; +static unsigned key_update_msg_out = 0; + +static int hsk_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + assert(post == GNUTLS_HOOK_PRE); + + assert(msg->size == 1); + + if (htype == GNUTLS_HANDSHAKE_KEY_UPDATE) { + if (incoming) + key_update_msg_inc++; + else + key_update_msg_out++; + } + + return 0; +} + +static void run(const char *name, unsigned test) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t ccred; + gnutls_certificate_credentials_t scred; + gnutls_session_t server; + int sret, cret; + /* Client stuff. */ + gnutls_session_t client; + /* Need to enable anonymous KX specifically. */ + char buffer[MAX_BUF + 1]; + int ret, transferred = 0; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(9); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&scred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(scred, + &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); + ret = + gnutls_priority_set_direct(server, + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", + NULL); + if (ret < 0) + exit(1); + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + assert(gnutls_certificate_allocate_credentials(&ccred) >= 0); + assert(gnutls_certificate_set_x509_trust_mem + (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&client, GNUTLS_CLIENT); + ret = + gnutls_priority_set_direct(client, + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", + NULL); + assert(ret >= 0); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + + HANDSHAKE(client, server); + if (debug) + success("Handshake established\n"); + + switch (test) { + case 0: + case 1: + success("%s: updating client's key\n", name); + do { + ret = gnutls_session_key_update(client, 0); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + /* server receives the client key update and sends data */ + TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); + TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); + EMPTY_BUF(server, client, buffer, MAX_BUF); + if (test != 0) + break; + sec_sleep(2); + FALLTHROUGH; + case 2: + success("%s: updating server's key\n", name); + + do { + ret = gnutls_session_key_update(server, 0); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) + fail("error in key update: %s\n", gnutls_strerror(ret)); + + /* client receives the key update and sends data */ + TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); + TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); + EMPTY_BUF(server, client, buffer, MAX_BUF); + if (test != 0) + break; + sec_sleep(2); + FALLTHROUGH; + case 3: + success("%s: updating client's key and asking server\n", name); + do { + ret = gnutls_session_key_update(client, GNUTLS_KU_PEER); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) + fail("error in key update: %s\n", gnutls_strerror(ret)); + + /* server receives the client key update and sends data */ + TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); + TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); + EMPTY_BUF(server, client, buffer, MAX_BUF); + if (test != 0) + break; + sec_sleep(2); + FALLTHROUGH; + case 4: + success("%s: updating server's key and asking client\n", name); + do { + ret = gnutls_session_key_update(server, GNUTLS_KU_PEER); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) + fail("error in key update: %s\n", gnutls_strerror(ret)); + + TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); + TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); + EMPTY_BUF(server, client, buffer, MAX_BUF); + + sec_sleep(2); + break; + case 5: + success("%s: client cork\n", name); + gnutls_record_cork(client); + + /* server sends key update */ + do { + ret = gnutls_session_key_update(server, GNUTLS_KU_PEER); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) + fail("error in key update: %s\n", gnutls_strerror(ret)); + + /* client has data in the corked buffer */ + do { + ret = gnutls_record_send(client, MSG, strlen(MSG)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) + fail("cannot send: %s\n", gnutls_strerror(ret)); + + /* client receives key update */ + EMPTY_BUF(server, client, buffer, MAX_BUF); + + /* client uncorks and sends key update */ + do { + ret = gnutls_record_uncork(client, GNUTLS_RECORD_WAIT); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) + fail("cannot send: %s\n", gnutls_strerror(ret)); + + EMPTY_BUF(server, client, buffer, MAX_BUF); + + sec_sleep(2); + break; + case 6: + key_update_msg_inc = 0; + key_update_msg_out = 0; + + success("%s: callbacks are called\n", name); + + gnutls_handshake_set_hook_function(client, -1, GNUTLS_HOOK_PRE, hsk_callback); + gnutls_handshake_set_hook_function(server, -1, GNUTLS_HOOK_PRE, hsk_callback); + + do { + ret = gnutls_session_key_update(client, GNUTLS_KU_PEER); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) + fail("error in key update: %s\n", gnutls_strerror(ret)); + + /* server receives the client key update and sends data */ + TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); + TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); + EMPTY_BUF(server, client, buffer, MAX_BUF); + + assert(key_update_msg_inc == 2); + assert(key_update_msg_out == 2); + break; + } + + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(scred); + gnutls_certificate_free_credentials(ccred); + + gnutls_global_deinit(); + reset_buffers(); +} + +void doit(void) +{ + run("single", 1); + run("single", 2); + run("single", 3); + run("single", 4); + run("single", 5); + run("single", 6); + run("all", 0); /* all one after each other */ +} diff --git a/tests/tls13/key_update_multiple.c b/tests/tls13/key_update_multiple.c new file mode 100644 index 0000000..8b2c2db --- /dev/null +++ b/tests/tls13/key_update_multiple.c @@ -0,0 +1,232 @@ +/* + * Copyright (C) 2017-2019 Red Hat, Inc. + * + * Author: Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include "cert-common.h" + +#include "utils.h" +#include "virt-time.h" +#define RANDOMIZE +#include "eagain-common.h" + +const char *side = ""; + +/* This program tests whether multiple key update messages are handled + * properly with rate-limit. */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..." + +/* These must match the definitions in lib/tls13/key_update.c. */ +#define KEY_UPDATES_WINDOW 1000 +#define KEY_UPDATES_PER_WINDOW 8 + +static unsigned key_update_msg_inc = 0; +static unsigned key_update_msg_out = 0; + +static int hsk_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + assert(post == GNUTLS_HOOK_PRE); + + assert(msg->size == 1); + + if (htype == GNUTLS_HANDSHAKE_KEY_UPDATE) { + if (incoming) + key_update_msg_inc++; + else + key_update_msg_out++; + } + + return 0; +} + +static void run(const char *name, bool exceed_limit) +{ + /* Server stuff. */ + gnutls_certificate_credentials_t ccred; + gnutls_certificate_credentials_t scred; + gnutls_session_t server; + int sret, cret; + /* Client stuff. */ + gnutls_session_t client; + /* Need to enable anonymous KX specifically. */ + char buffer[MAX_BUF + 1]; + int ret, transferred = 0; + size_t i; + + success("%s\n", name); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(9); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&scred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(scred, + &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_init(&server, GNUTLS_SERVER) >= 0); + ret = + gnutls_priority_set_direct(server, + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", + NULL); + if (ret < 0) + exit(1); + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + assert(gnutls_certificate_allocate_credentials(&ccred) >= 0); + assert(gnutls_certificate_set_x509_trust_mem + (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&client, GNUTLS_CLIENT); + ret = + gnutls_priority_set_direct(client, + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", + NULL); + assert(ret >= 0); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + + HANDSHAKE(client, server); + if (debug) + success("Handshake established\n"); + + key_update_msg_inc = 0; + key_update_msg_out = 0; + + gnutls_handshake_set_hook_function(client, -1, GNUTLS_HOOK_PRE, hsk_callback); + + /* schedule multiple key updates */ + for (i = 0; i < KEY_UPDATES_PER_WINDOW; i++) { + do { + ret = gnutls_session_key_update(client, 1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) + fail("error in key update: %s\n", gnutls_strerror(ret)); + } + + /* server receives the client key update and sends data */ + TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); + TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); + EMPTY_BUF(server, client, buffer, MAX_BUF); + + if (key_update_msg_out != KEY_UPDATES_PER_WINDOW) + fail("unexpected number of key updates are sent: %d\n", + key_update_msg_out); + else { + if (debug) + success("successfully sent %d key updates\n", + KEY_UPDATES_PER_WINDOW); + } + if (key_update_msg_inc != 1) + fail("unexpected number of key updates received: %d\n", + key_update_msg_inc); + else { + if (debug) + success("successfully received 1 key update\n"); + } + + if (exceed_limit) { + /* excessive key update in the same time window should + * be rejected by the peer */ + do { + ret = gnutls_session_key_update(client, 1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + /* server receives the client key update and sends data */ + ret = record_send_loop(client, MSG, strlen(MSG), 0); + assert(ret == strlen(MSG)); + ret = gnutls_record_recv(server, buffer, MAX_BUF); + if (ret != GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS) + fail("server didn't reject excessive number of key updates\n"); + else { + if (debug) + success("server rejected excessive number of key updates\n"); + } + } else { + virt_sec_sleep(KEY_UPDATES_WINDOW / 1000 + 1); + + /* the time window should be rolled over now */ + do { + ret = gnutls_session_key_update(client, 1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + if (ret < 0) + fail("error in key update: %s\n", gnutls_strerror(ret)); + + /* server receives the client key update and sends data */ + TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); + TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); + EMPTY_BUF(server, client, buffer, MAX_BUF); + } + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(scred); + gnutls_certificate_free_credentials(ccred); + + gnutls_global_deinit(); + reset_buffers(); +} + +void doit(void) +{ + virt_time_init(); + + run("not exceeding limit", 0); + run("exceeding limit", 1); +} diff --git a/tests/tls13/multi-ocsp.c b/tests/tls13/multi-ocsp.c new file mode 100644 index 0000000..e7a52e1 --- /dev/null +++ b/tests/tls13/multi-ocsp.c @@ -0,0 +1,212 @@ +/* + * Copyright (C) 2016-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#ifdef ENABLE_OCSP + +#include "ocsp-common.h" +#include "cert-common.h" +#include "utils.h" + +/* Tests whether we can send and receive multiple OCSP responses + * one for each certificate in a chain under TLS 1.3. + */ + +static time_t mytime(time_t * t) +{ + time_t then = 1469186559; + if (t) + *t = then; + + return then; +} + +static const gnutls_datum_t ocsp_resp_localhost[] = { + { (void*)_ocsp_ca3_localhost_unknown, sizeof(_ocsp_ca3_localhost_unknown) }, + { NULL, 0}}; + +static const gnutls_datum_t ocsp_resp_localhost6[] = { + { (void*)_ocsp_ca3_localhost6_unknown, sizeof(_ocsp_ca3_localhost6_unknown) }, + { (void*)_ocsp_subca3_unknown, sizeof(_ocsp_subca3_unknown) }}; + +typedef struct ctx_st { + const char *name; + const gnutls_datum_t *ocsp; + unsigned nocsp; +} ctx_st; + +static ctx_st test_localhost = {"single response", ocsp_resp_localhost, 1}; +static ctx_st test_localhost6 = {"two responses", ocsp_resp_localhost6, 2}; + +#define myfail(fmt, ...) \ + fail("%s: "fmt, test->name, ##__VA_ARGS__) + +static void check_response(gnutls_session_t session, void *priv) +{ + int ret; + gnutls_datum_t resp; + ctx_st *test = priv; + unsigned i; + + assert(test != NULL); + + for (i=0;;i++) { + ret = gnutls_ocsp_status_request_get2(session, i, &resp); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + if (ret < 0) { + if (test->ocsp[i].size == 0) + return; + myfail("no response was received\n"); + } + + if (test->ocsp[i].size == 0) { + myfail("not expected response, but received one\n"); + } + + if (resp.size != test->ocsp[i].size) { + myfail("did not receive the expected response size for %d\n", i); + } + + if (memcmp(resp.data, test->ocsp[i].data, resp.size) != 0) { + myfail("did not receive the expected response for %d\n", i); + } + } + + if (i != test->nocsp) { + myfail("The number of OCSP responses received (%d) does not match the expected (%d)\n", i, test->nocsp); + } + +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred; + gnutls_certificate_credentials_t clicred; + const char *certfile1; + const char *certfile2; + char certname1[TMPNAME_SIZE]; + char certname2[TMPNAME_SIZE]; + FILE *fp; + unsigned index1, index2; /* indexes of certs */ + + global_init(); + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + gnutls_certificate_set_flags(xcred, GNUTLS_CERTIFICATE_API_V2); + + /* set cert with localhost name */ + certfile1 = get_tmpname(certname1); + + fp = fopen(certfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost_ca3_cert_chain_pem, 1, strlen(server_localhost_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile1, certfile1, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index1 = ret; + + /* set cert with localhost6 name */ + certfile2 = get_tmpname(certname2); + + fp = fopen(certfile2, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost6_ca3_cert_chain_pem, 1, strlen(server_localhost6_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile2, certfile2, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index2 = ret; + + + /* set OCSP response1 */ + ret = gnutls_certificate_set_ocsp_status_request_mem(xcred, &test_localhost.ocsp[0], index1, GNUTLS_X509_FMT_DER); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set OCSP response2 */ + ret = gnutls_certificate_set_ocsp_status_request_mem(xcred, &test_localhost6.ocsp[0], index2, GNUTLS_X509_FMT_DER); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + ret = gnutls_certificate_set_ocsp_status_request_mem(xcred, &test_localhost6.ocsp[1], index2, GNUTLS_X509_FMT_DER); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* make sure that our invalid OCSP responses are not considered in verification + */ + gnutls_certificate_set_verify_flags(clicred, GNUTLS_VERIFY_DISABLE_CRL_CHECKS); + if (gnutls_certificate_get_verify_flags(clicred) != GNUTLS_VERIFY_DISABLE_CRL_CHECKS) + fail("error in gnutls_certificate_set_verify_flags\n"); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in setting trust cert: %s\n", gnutls_strerror(ret)); + } + + test_cli_serv(xcred, clicred, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", "localhost", &test_localhost, check_response, NULL); + test_cli_serv(xcred, clicred, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", "localhost6", &test_localhost6, check_response, NULL); + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); + remove(certfile1); + remove(certfile2); +} + +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/tls13/no-auto-send-ticket.c b/tests/tls13/no-auto-send-ticket.c new file mode 100644 index 0000000..64facf7 --- /dev/null +++ b/tests/tls13/no-auto-send-ticket.c @@ -0,0 +1,315 @@ +/* + * Copyright (C) 2017-2020 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos, Daiki Ueno + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../lib/handshake-defs.h" +#include "cert-common.h" +#include "utils.h" + +/* This program tests whether the certificate seen in Post Handshake Auth + * is found in a resumed session under TLS 1.3. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned tickets_seen = 0; +static int ticket_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + gnutls_datum *d; + int ret; + + assert(htype == GNUTLS_HANDSHAKE_NEW_SESSION_TICKET); + + d = gnutls_session_get_ptr(session); + + if (post == GNUTLS_HOOK_POST) { + tickets_seen++; + if (d->data) + gnutls_free(d->data); + ret = gnutls_session_get_data2(session, d); + assert(ret >= 0); + assert(d->size > 4); + + return 0; + } + + return 0; +} + +static void client(int fd, unsigned flags, unsigned tickets) +{ + int ret; + gnutls_session_t session; + unsigned try = 0; + gnutls_datum_t session_data = {NULL, 0}; + gnutls_certificate_credentials_t x509_cred; + + global_init(); + tickets_seen = 0; + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + retry: + /* Initialize TLS session + */ + assert(gnutls_init(&session, GNUTLS_CLIENT|flags)>=0); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.0", NULL); + if (ret < 0) + fail("cannot set TLS 1.3 priorities\n"); + + + if (try == 0) { + gnutls_session_set_ptr(session, &session_data); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, + GNUTLS_HOOK_BOTH, + ticket_callback); + } else { + assert(gnutls_session_set_data(session, session_data.data, session_data.size) >= 0); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret != 0) { + fail("error in recv: %s\n", gnutls_strerror(ret)); + } + + if (tickets_seen != tickets) + fail("unexpected number of tickets received: %u != %u", + tickets_seen, tickets); + + gnutls_deinit(session); + + if (tickets > 0 && try == 0) { + try++; + goto retry; + } + + close(fd); + gnutls_certificate_free_credentials(x509_cred); + gnutls_free(session_data.data); + + gnutls_global_deinit(); +} + +static void server(int fd, unsigned flags, + unsigned tickets_sent, unsigned tickets_expected) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_datum_t skey; + + /* this must be called once in the program + */ + global_init(); + + assert(gnutls_session_ticket_key_generate(&skey)>=0); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + assert(gnutls_init(&session, GNUTLS_SERVER|flags)>=0); + + assert(gnutls_session_ticket_enable_server(session, &skey) >= 0); + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (tickets_sent > 0) { + do { + ret = gnutls_session_ticket_send(session, tickets_sent, 0); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + } + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + gnutls_deinit(session); + + if (tickets_expected > 0) { + /* resume session + */ + assert(gnutls_init(&session, GNUTLS_SERVER|flags)>=0); + + assert(gnutls_session_ticket_enable_server(session, &skey) >= 0); + gnutls_handshake_set_timeout(session, get_timeout()); + assert(gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + assert(gnutls_session_is_resumed(session) != 0); + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + gnutls_deinit(session); + } + + gnutls_free(skey.data); + close(fd); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +static void start(const char *name, + unsigned flags, + unsigned tickets_sent, + unsigned tickets_expected) +{ + int fd[2]; + int ret; + pid_t child; + + success("testing: %s\n", name); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], flags, tickets_sent, tickets_expected); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], flags, tickets_expected); + exit(0); + } + +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start("auto send ticket 0", 0, 0, TLS13_TICKETS_TO_SEND); + start("auto send ticket 1", 0, 1, TLS13_TICKETS_TO_SEND + 1); + start("no auto send ticket 0", GNUTLS_NO_AUTO_SEND_TICKET, 0, 0); + start("no auto send ticket 1", GNUTLS_NO_AUTO_SEND_TICKET, 1, 1); +} +#endif /* _WIN32 */ diff --git a/tests/tls13/no-psk-exts.c b/tests/tls13/no-psk-exts.c new file mode 100644 index 0000000..f11d15e --- /dev/null +++ b/tests/tls13/no-psk-exts.c @@ -0,0 +1,259 @@ +/* + * Copyright (C) 2017-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "tls13/ext-parse.h" +#include "utils.h" + +/* This program tests whether a connection without the PSK priority + * options, will contain PSK extensions */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_psk_client_credentials_t psk_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_psk_allocate_client_credentials(&psk_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_NO_TICKETS); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.0", NULL); + if (ret < 0) + fail("cannot set TLS 1.3 priorities\n"); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + gnutls_credentials_set(session, GNUTLS_CRD_PSK, psk_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + /* try if gnutls_reauth() would fail as expected */ + ret = gnutls_reauth(session, 0); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("server: gnutls_reauth did not fail as expected: %s", gnutls_strerror(ret)); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + gnutls_psk_free_client_credentials(psk_cred); + + gnutls_global_deinit(); +} + +static unsigned server_hello_ok = 0; + +#define TLS_EXT_PSK 41 +#define TLS_EXT_PSK_KE 45 + +static int hellos_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + if (htype == GNUTLS_HANDSHAKE_SERVER_HELLO && post == GNUTLS_HOOK_POST) { + if (find_server_extension(msg, TLS_EXT_PSK_KE, NULL, NULL)) { + fail("PSK KE extension seen on server (illegal)!\n"); + } + if (find_server_extension(msg, TLS_EXT_PSK, NULL, NULL)) { + fail("PSK extension seen on server (illegal)!\n"); + } + server_hello_ok = 1; + + return GNUTLS_E_INTERRUPTED; + } + + if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || post != GNUTLS_HOOK_PRE) + return 0; + + if (find_client_extension(msg, TLS_EXT_PSK, NULL, NULL)) + fail("PSK extension seen in client hello with no PSK!\n"); + + if (find_client_extension(msg, TLS_EXT_PSK_KE, NULL, NULL)) + fail("PSK KE extension seen in client hello with no PSK!\n"); + + return 0; +} + +static void server(int fd) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + hellos_callback); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + if (ret == GNUTLS_E_INTERRUPTED) { /* expected */ + break; + } + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + + if (server_hello_ok == 0) { + fail("server: did not verify the server hello contents\n"); + } + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + int fd[2]; + int ret; + pid_t child; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0]); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/ocsp-client.c b/tests/tls13/ocsp-client.c new file mode 100644 index 0000000..a98dfdc --- /dev/null +++ b/tests/tls13/ocsp-client.c @@ -0,0 +1,223 @@ +/* + * Copyright (C) 2016-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#ifdef ENABLE_OCSP + +#include "cert-common.h" +#include "utils.h" + +/* Tests whether we can send and receive multiple OCSP responses + * one for each certificate in a chain under TLS 1.3, but unrelated + * to these certificate (using the GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK + * flag). + */ + +static time_t mytime(time_t * t) +{ + time_t then = 1469186559; + if (t) + *t = then; + + return then; +} + +#define RESP1 "\x30\x82\x06\x8C\x0A\x01\x00\xA0\x82\x06\x85\x30\x82\x06\x81\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x06\x72\x30\x82\x06\x6E\x30\x82\x01\x07\xA1\x69\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\x30\x64\x30\x62\x30\x3A\x30\x09\x06\x05\x2B\x0E\x03\x02\x1A\x05\x00\x04\x14\x13\x9D\xA0\x9E\xF4\x32\xAB\x8F\xE2\x89\x56\x67\xFA\xD0\xD4\xE3\x35\x86\x71\xB9\x04\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\x02\x01\x1D\x80\x00\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x34\x32\x38\x5A\xA0\x11\x18\x0F\x32\x30\x31\x31\x30\x39\x32\x37\x30\x39\x35\x39\x32\x38\x5A\xA1\x23\x30\x21\x30\x1F\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x02\x04\x12\x04\x10\x16\x89\x7D\x91\x3A\xB5\x25\xA4\x45\xFE\xC9\xFD\xC2\xE5\x08\xA4\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x4E\xAD\x6B\x2B\xF7\xF2\xBF\xA9\x23\x1E\x3A\x0B\x06\xDB\x55\x53\x2B\x64\x54\x11\x32\xBF\x60\xF7\x4F\xE0\x8E\x9B\xA0\xA2\x4C\x79\xC3\x2A\xE0\x43\xF7\x40\x1A\xDC\xB9\xB4\x25\xEF\x48\x01\x97\x8C\xF5\x1E\xDB\xD1\x30\x37\x73\x69\xD6\xA7\x7A\x2D\x8E\xDE\x5C\xAA\xEA\x39\xB9\x52\xAA\x25\x1E\x74\x7D\xF9\x78\x95\x8A\x92\x1F\x98\x21\xF4\x60\x7F\xD3\x28\xEE\x47\x9C\xBF\xE2\x5D\xF6\x3F\x68\x0A\xD6\xFF\x08\xC1\xDC\x95\x1E\x29\xD7\x3E\x85\xD5\x65\xA4\x4B\xC0\xAF\xC3\x78\xAB\x06\x98\x88\x19\x8A\x64\xA6\x83\x91\x87\x13\xDB\x17\xCC\x46\xBD\xAB\x4E\xC7\x16\xD1\xF8\x35\xFD\x27\xC8\xF6\x6B\xEB\x37\xB8\x08\x6F\xE2\x6F\xB4\x7E\xD5\x68\xDB\x7F\x5D\x5E\x36\x38\xF2\x77\x59\x13\xE7\x3E\x4D\x67\x5F\xDB\xA2\xF5\x5D\x7C\xBF\xBD\xB5\x37\x33\x51\x36\x63\xF8\x21\x1E\xFC\x73\x8F\x32\x69\xBB\x97\xA7\xBD\xF1\xB6\xE0\x40\x09\x68\xEA\xD5\x93\xB8\xBB\x39\x8D\xA8\x16\x1B\xBF\x04\x7A\xBC\x18\x43\x01\xE9\x3C\x19\x5C\x4D\x4B\x98\xD8\x23\x37\x39\xA4\xC4\xDD\xED\x9C\xEC\x37\xAB\x66\x44\x9B\xE7\x5B\x5D\x32\xA2\xDB\xA6\x0B\x3B\x8C\xE1\xF5\xDB\xCB\x7D\x58\xA0\x82\x04\x4B\x30\x82\x04\x47\x30\x82\x04\x43\x30\x82\x03\x2B\xA0\x03\x02\x01\x02\x02\x01\x1E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x30\x39\x31\x31\x32\x34\x31\x32\x35\x31\x35\x33\x5A\x17\x0D\x31\x34\x31\x31\x32\x33\x31\x32\x35\x31\x35\x33\x5A\x30\x67\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1F\x30\x1D\x06\x03\x55\x04\x0B\x13\x16\x4F\x43\x53\x50\x20\x53\x69\x67\x6E\x69\x6E\x67\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x31\x1C\x30\x1A\x06\x03\x55\x04\x03\x13\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xBC\x05\x3E\x4B\xBE\xC6\xB1\x33\x48\x0E\xC3\xD4\x0C\xEF\x83\x0B\xBD\xBC\x57\x5F\x14\xEF\xF5\x6D\x0B\xFF\xFA\x01\x9C\xFA\x21\x6D\x5C\xAE\x79\x29\x74\xFE\xBD\xAB\x70\x87\x98\x6B\x48\x35\x79\xE3\xE0\xC1\x14\x41\x1F\x0A\xF7\xE7\xA3\xA6\xDA\x6B\xFF\xCD\x74\xE9\x95\x00\x38\xAA\xD6\x3A\x60\xC6\x64\xA1\xE6\x02\x39\x58\x4E\xFD\xF2\x78\x08\x63\xB6\xD7\x7A\x96\x79\x62\x18\x39\xEE\x27\x8D\x3B\xA2\x3D\x48\x88\xDB\x43\xD6\x6A\x77\x20\x6A\x27\x39\x50\xE0\x02\x50\x19\xF2\x7A\xCF\x78\x23\x99\x01\xD4\xE5\xB1\xD1\x31\xE6\x6B\x84\xAF\xD0\x77\x41\x46\x85\xB0\x3B\xE6\x6A\x00\x0F\x3B\x7E\x95\x7F\x59\xA8\x22\xE8\x49\x49\x05\xC8\xCB\x6C\xEE\x47\xA7\x2D\xC9\x74\x5B\xEB\x8C\xD5\x99\xC2\xE2\x70\xDB\xEA\x87\x43\x84\x0E\x4F\x83\x1C\xA6\xEB\x1F\x22\x38\x17\x69\x9B\x72\x12\x95\x48\x71\xB2\x7B\x92\x73\x52\xAB\xE3\x1A\xA5\xD3\xF4\x44\x14\xBA\xC3\x35\xDA\x91\x6C\x7D\xB4\xC2\x00\x07\xD8\x0A\x51\xF1\x0D\x4C\xD9\x7A\xD1\x99\xE6\xA8\x8D\x0A\x80\xA8\x91\xDD\x8A\xA2\x6B\xF6\xDB\xB0\x3E\xC9\x71\xA9\xE0\x39\xC3\xA3\x58\x0D\x87\xD0\xB2\xA7\x9C\xB7\x69\x02\x03\x01\x00\x01\xA3\x82\x01\x1A\x30\x82\x01\x16\x30\x09\x06\x03\x55\x1D\x13\x04\x02\x30\x00\x30\x0B\x06\x03\x55\x1D\x0F\x04\x04\x03\x02\x03\xA8\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x34\x91\x6E\x91\x32\xBF\x35\x25\x43\xCC\x28\x74\xEF\x82\xC2\x57\x92\x79\x13\x73\x30\x6D\x06\x03\x55\x1D\x23\x04\x66\x30\x64\x80\x14\x5D\xA7\xDD\x70\x06\x51\x32\x7E\xE7\xB6\x6D\xB3\xB5\xE5\xE0\x60\xEA\x2E\x4D\xEF\xA1\x49\xA4\x47\x30\x45\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x48\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x4C\x69\x6E\x75\x78\x20\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x73\x74\x72\x6F\x6E\x67\x53\x77\x61\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x82\x01\x00\x30\x1E\x06\x03\x55\x1D\x11\x04\x17\x30\x15\x82\x13\x6F\x63\x73\x70\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x30\x13\x06\x03\x55\x1D\x25\x04\x0C\x30\x0A\x06\x08\x2B\x06\x01\x05\x05\x07\x03\x09\x30\x39\x06\x03\x55\x1D\x1F\x04\x32\x30\x30\x30\x2E\xA0\x2C\xA0\x2A\x86\x28\x68\x74\x74\x70\x3A\x2F\x2F\x63\x72\x6C\x2E\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x6F\x72\x67\x2F\x73\x74\x72\x6F\x6E\x67\x73\x77\x61\x6E\x2E\x63\x72\x6C\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x0B\x05\x00\x03\x82\x01\x01\x00\x6D\x78\xD7\x66\x90\xA6\xEB\xDD\xB5\x09\x48\xA4\xDA\x27\xFA\xAC\xB1\xBC\x8F\x8C\xBE\xCC\x8C\x09\xA2\x40\x0D\x6C\x4A\xAE\x72\x22\x1E\xC8\xAF\x6D\xF1\x12\xAF\xD7\x40\x51\x79\xD4\xDD\xB2\x0C\xDB\x97\x84\xB6\x24\xD5\xF5\xA8\xBB\xC0\x4B\xF9\x7F\x71\xF7\xB0\x65\x42\x4A\x7D\xFE\x76\x7E\x05\xD2\x46\xB8\x7D\xB3\x39\x4C\x5C\xB1\xFA\xB9\xEE\x3B\x70\x33\x39\x57\x1A\xB9\x95\x51\x33\x00\x25\x1B\x4C\xAA\xB4\xA7\x55\xAF\x63\x6D\x6F\x88\x17\x6A\x7F\xB0\x97\xDE\x49\x14\x6A\x27\x6A\xB0\x42\x80\xD6\xA6\x9B\xEF\x04\x5E\x11\x7D\xD5\x8E\x54\x20\xA2\x76\xD4\x66\x58\xAC\x9C\x12\xD3\xF5\xCA\x54\x98\xCA\x21\xEC\xC1\x55\xA1\x2F\x68\x0B\x5D\x04\x50\xD2\x5E\x70\x25\xD8\x13\xD9\x44\x51\x0E\x8A\x42\x08\x18\x84\xE6\x61\xCE\x5A\x7D\x7B\x81\x35\x90\xC3\xD4\x9D\x19\xB6\x37\xEE\x8F\x63\x5C\xDA\xD8\xF0\x64\x60\x39\xEB\x9B\x1C\x54\x66\x75\x76\xB5\x0A\x58\xB9\x3F\x91\xE1\x21\x9C\xA0\x50\x15\x97\xB6\x7E\x41\xBC\xD0\xC4\x21\x4C\xF5\xD7\xF0\x13\xF8\x77\xE9\x74\xC4\x8A\x0E\x20\x17\x32\xAE\x38\xC2\xA5\xA8\x62\x85\x17\xB1\xA2\xD3\x22\x9F\x95\xB7\xA3\x4C" + +static gnutls_datum_t ocsp_resp1 = + { (unsigned char *) RESP1, sizeof(RESP1) - 1 }; + +#define RESP3 "\x30\x82\x01\xd3\x0a\x01\x00\xa0\x82\x01\xcc\x30\x82\x01\xc8\x06\x09\x2b\x06\x01\x05\x05\x07\x30\x01\x01\x04\x82\x01\xb9\x30\x82\x01\xb5\x30\x81\x9e\xa2\x16\x04\x14\x50\xea\x73\x89\xdb\x29\xfb\x10\x8f\x9e\xe5\x01\x20\xd4\xde\x79\x99\x48\x83\xf7\x18\x0f\x32\x30\x31\x34\x30\x39\x30\x34\x30\x35\x34\x39\x30\x30\x5a\x30\x73\x30\x71\x30\x49\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14\xed\x48\xad\xdd\xcb\x7b\x00\xe2\x0e\x84\x2a\xa9\xb4\x09\xf1\xac\x30\x34\xcf\x96\x04\x14\x50\xea\x73\x89\xdb\x29\xfb\x10\x8f\x9e\xe5\x01\x20\xd4\xde\x79\x99\x48\x83\xf7\x02\x10\x02\x01\x48\x91\x5d\xfd\x5e\xb6\xe0\x02\x90\xa9\x67\xb0\xe4\x64\x80\x00\x18\x0f\x32\x30\x31\x34\x30\x39\x30\x34\x30\x35\x34\x39\x30\x30\x5a\xa0\x11\x18\x0f\x32\x30\x31\x34\x30\x39\x31\x31\x30\x36\x30\x34\x30\x30\x5a\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\x6e\x5e\x5e\x81\xff\x3f\x4d\xc7\x53\xc7\x1b\xf3\xd3\x1d\xdc\x9a\xc7\xce\x77\x2c\x67\x56\x13\x98\x91\x02\x01\x76\xdc\x48\xb2\x1f\x9b\x17\xea\xbf\x2c\x0a\xf5\x1d\x98\x90\x3c\x5f\x55\xc2\xff\x4b\x9a\xbc\xa6\x83\x9e\xab\x2b\xeb\x9d\x01\xea\x3b\x5f\xbe\x03\x29\x70\x63\x2a\xa4\x1d\xa8\xab\x69\xb2\x64\xba\x5d\x73\x91\x5c\x92\xf3\x69\xd4\xc9\x39\x9c\x7c\x7d\xa2\x47\x92\xc2\x56\xfe\xa1\x0d\x4a\x69\xff\xda\x48\xc5\x5e\xd8\xab\x39\x88\x6a\x06\xfa\x07\x57\xd6\x48\xb5\xce\xc9\x5f\xa5\x96\xfe\x37\x18\x5e\x7f\x35\x51\xc1\x9e\x79\x5a\x26\xba\x67\x67\x38\x2a\x80\x75\x42\x99\x68\x3e\xec\x2f\x7e\x2d\xa1\xa6\xbe\x9f\x01\x51\x22\x88\x3a\xc9\x9c\xed\x51\xef\x21\x66\x7e\xa9\xd0\x3f\x13\x9c\xbb\xd2\x94\x14\x6f\x4b\xd9\xc4\xf5\x2c\xf5\x7d\x07\x68\xf3\x51\xac\xda\xc2\x09\x66\xa9\x3d\xed\xad\x02\x4d\x9c\x11\x29\x1a\x54\xfb\x1e\x7e\x36\xf4\xbb\x0d\x08\x8c\x6a\x42\x08\x10\x29\x08\x7c\x56\x0b\x18\x47\xff\x87\x11\xfd\xb2\xfb\xc9\x22\x7f\xe3\x1f\x7b\xf9\x98\xaa\x3a\x32\xb6\x2f\x02\xba\xb6\xc1\xdc\xc3\x5d\xb5\x4b\xae\x5d\x29\x6a\x31\xde\xcd" +static gnutls_datum_t ocsp_resp2 = + { (unsigned char *) RESP3, sizeof(RESP3) - 1 }; + + +static void check_response(gnutls_session_t session, void *priv) +{ + int ret; + gnutls_datum_t resp; + gnutls_datum_t *ocsp = priv; + unsigned i; + + assert(ocsp != NULL); + + for (i=0;;i++) { + ret = gnutls_ocsp_status_request_get2(session, i, &resp); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + if (ret < 0) { + if (ocsp->size == 0) + return; + fail("no response was received: %s\n", gnutls_strerror(ret)); + } + + if (ocsp->size == 0) { + fail("not expected response, but received one\n"); + } + + if (resp.size != ocsp->size) { + fail("did not receive the expected response size for %d\n", i); + } + + if (memcmp(resp.data, ocsp->data, resp.size) != 0) { + fail("did not receive the expected response for %d\n", i); + } + } + + if (i != 1) { + fail("The number of OCSP responses received (%d) does not match the expected (%d)\n", i, 1); + } +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int ret; + gnutls_certificate_credentials_t xcred; + gnutls_certificate_credentials_t clicred; + const char *certfile1; + const char *certfile2; + const char *certfile3; + char certname1[TMPNAME_SIZE]; + char certname2[TMPNAME_SIZE]; + char certname3[TMPNAME_SIZE]; + FILE *fp; + unsigned index1, index2; /* indexes of certs */ + + global_init(); + gnutls_global_set_time_function(mytime); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + assert(gnutls_certificate_allocate_credentials(&xcred) >= 0); + assert(gnutls_certificate_allocate_credentials(&clicred) >= 0); + + gnutls_certificate_set_flags(clicred, GNUTLS_CERTIFICATE_API_V2); + + certfile1 = get_tmpname(certname1); + + /* set cert with localhost name */ + fp = fopen(certfile1, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(server_localhost_ca3_cert_chain_pem, 1, strlen(server_localhost_ca3_cert_chain_pem), fp)>0); + assert(fwrite(server_ca3_key_pem, 1, strlen((char*)server_ca3_key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(xcred, certfile1, certfile1, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + + /* load client certificates */ + certfile2 = get_tmpname(certname2); + + fp = fopen(certfile2, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(cli_ca3_cert_pem, 1, strlen(cli_ca3_cert_pem), fp)>0); + assert(fwrite(cli_ca3_key_pem, 1, strlen(cli_ca3_key_pem), fp)>0); + fclose(fp); + ret = gnutls_certificate_set_x509_key_file2(clicred, certfile2, certfile2, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index1 = ret; + + + certfile3 = get_tmpname(certname3); + fp = fopen(certfile3, "wb"); + if (fp == NULL) + fail("error in fopen\n"); + assert(fwrite(cert_pem, 1, strlen((char*)cert_pem), fp)>0); + assert(fwrite(key_pem, 1, strlen((char*)key_pem), fp)>0); + fclose(fp); + + ret = gnutls_certificate_set_x509_key_file2(clicred, certfile3, certfile3, + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("set_x509_key_file failed: %s\n", gnutls_strerror(ret)); + index2 = ret; + + + gnutls_certificate_set_flags(clicred, GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK); + /* set OCSP response1 */ + ret = gnutls_certificate_set_ocsp_status_request_mem(clicred, &ocsp_resp2, index2, GNUTLS_X509_FMT_DER); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* set OCSP response2 */ + ret = gnutls_certificate_set_ocsp_status_request_mem(clicred, &ocsp_resp1, index1, GNUTLS_X509_FMT_DER); + if (ret < 0) + fail("ocsp file set failed: %s\n", gnutls_strerror(ret)); + + /* make sure that our invalid OCSP responses are not considered in verification + */ + gnutls_certificate_set_verify_flags(clicred, GNUTLS_VERIFY_DISABLE_CRL_CHECKS); + if (gnutls_certificate_get_verify_flags(clicred) != GNUTLS_VERIFY_DISABLE_CRL_CHECKS) + fail("error in gnutls_certificate_set_verify_flags\n"); + + ret = gnutls_certificate_set_x509_trust_mem(clicred, &ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in setting trust cert: %s\n", gnutls_strerror(ret)); + } + + ret = gnutls_certificate_set_x509_trust_mem(xcred, &subca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in setting trust cert: %s\n", gnutls_strerror(ret)); + } + + _test_cli_serv(xcred, clicred, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", + "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", + "localhost", + &ocsp_resp1, NULL, check_response, + 0, 1, 0, 0); + + gnutls_certificate_free_credentials(xcred); + gnutls_certificate_free_credentials(clicred); + gnutls_global_deinit(); + remove(certfile1); + remove(certfile2); + remove(certfile3); +} + +#else +void doit(void) +{ + exit(77); +} +#endif diff --git a/tests/tls13/post-handshake-with-cert-auto.c b/tests/tls13/post-handshake-with-cert-auto.c new file mode 100644 index 0000000..8d3c4e8 --- /dev/null +++ b/tests/tls13/post-handshake-with-cert-auto.c @@ -0,0 +1,366 @@ +/* + * Copyright (C) 2017-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "tls13/ext-parse.h" +#include "utils.h" + +#define MAX_AUTHS 4 + +/* This program tests whether the Post Handshake Auth extension is + * present in the client hello, and whether it is missing from server + * hello. In addition it contains basic functionality test for + * post handshake authentication. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 +#define MAX_APP_DATA 3 + +static void client(int fd, unsigned send_cert, unsigned max_auths) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + char buf[64]; + unsigned i; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + /* Initialize TLS session + */ + assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_POST_HANDSHAKE_AUTH|GNUTLS_AUTO_REAUTH)>=0); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.0", NULL); + if (ret < 0) + fail("cannot set TLS 1.3 priorities\n"); + + + if (send_cert) { + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert, + &cli_ca3_key, + GNUTLS_X509_FMT_PEM)>=0); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (debug) + success("client handshake completed\n"); + + gnutls_record_set_timeout(session, 20 * 1000); + + for (i=0;isize != 0) { + fail("error in extension length: %d\n", (int)msg->size); + } +} + +static int hellos_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + if (htype == GNUTLS_HANDSHAKE_SERVER_HELLO && post == GNUTLS_HOOK_POST) { + if (find_server_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, NULL)) { + fail("Post handshake extension seen in server hello!\n"); + } + server_hello_ok = 1; + + return GNUTLS_E_INTERRUPTED; + } + + if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || post != GNUTLS_HOOK_PRE) + return 0; + + if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, parse_ext)) + client_hello_ok = 1; + else + fail("Post handshake extension NOT seen in client hello!\n"); + + return 0; +} + +static void server(int fd, int err, int type, unsigned max_auths) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + unsigned i, retries; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(6); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER|GNUTLS_POST_HANDSHAKE_AUTH); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + hellos_callback); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (!(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH)) { + fail("server: session flags did not contain GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH\n"); + } + + + if (client_hello_ok == 0) { + fail("server: did not verify the client hello\n"); + } + + if (server_hello_ok == 0) { + fail("server: did not verify the server hello contents\n"); + } + + if (debug) + success("server handshake completed\n"); + + gnutls_certificate_server_set_request(session, type); + + /* i = 0 */ + /* ask peer for re-authentication */ + retries = 0; + do { + do { + ret = gnutls_reauth(session, 0); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == GNUTLS_E_GOT_APPLICATION_DATA) { + int ret2; + do { + ret2 = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while (ret2 == GNUTLS_E_AGAIN || ret2 == GNUTLS_E_INTERRUPTED); + + if (ret2 < 0) + fail("error receiving app data: %s\n", gnutls_strerror(ret2)); + + /* sender memsets the message with the retry attempt */ + assert((uint8_t)buffer[0] == retries); + assert(retries < MAX_APP_DATA); + } + + retries++; + } while (ret == GNUTLS_E_GOT_APPLICATION_DATA); + + if (err) { + if (ret != err) + fail("server: expected error %s, got: %s\n", gnutls_strerror(err), + gnutls_strerror(ret)); + } else if (ret != 0) + fail("server: gnutls_reauth did not succeed as expected: %s\n", gnutls_strerror(ret)); + + + for (i=1;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "tls13/ext-parse.h" +#include "pkcs11/softhsm.h" +#include "utils.h" + +/* This program tests whether the Post Handshake Auth extension is + * present in the client hello, and whether it is missing from server + * hello. In addition it contains basic functionality test for + * post handshake authentication. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +#define P11LIB "libpkcs11mock2.so" + +#define PIN "1234" + +#define CONFIG_NAME "softhsm-post-handshake-with-cert-pkcs11" +#define CONFIG CONFIG_NAME".config" + +static +int pin_func(void *userdata, int attempt, const char *url, const char *label, + unsigned flags, char *pin, size_t pin_max) +{ + if (attempt == 0) { + strcpy(pin, PIN); + return 0; + } + return -1; +} + +static void client(int fd, int err) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + gnutls_x509_crt_t crt; + gnutls_x509_privkey_t key; + gnutls_datum_t tmp; + const char *lib; + char buffer[MAX_BUF + 1]; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + /* point to SoftHSM token that libpkcs11mock2.so internally uses */ + setenv(SOFTHSM_ENV, CONFIG, 1); + + gnutls_pkcs11_set_pin_function(pin_func, NULL); + + lib = getenv("P11MOCKLIB2"); + if (lib == NULL) + lib = P11LIB; + + ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_add_provider(lib, NULL); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_import(crt, &cli_ca3_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_crt_import: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (debug) { + gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &tmp); + + printf("\tCertificate: %.*s\n", tmp.size, tmp.data); + gnutls_free(tmp.data); + } + + ret = gnutls_x509_privkey_init(&key); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_import(key, &cli_ca3_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fprintf(stderr, + "gnutls_x509_privkey_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + /* initialize softhsm token */ + ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test"); + if (ret < 0) { + fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN, + GNUTLS_PIN_USER); + if (ret < 0) { + fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, crt, "cert", + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE | + GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_crt: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_pkcs11_copy_x509_privkey(SOFTHSM_URL, key, "cert", + GNUTLS_KEY_DIGITAL_SIGNATURE | + GNUTLS_KEY_KEY_ENCIPHERMENT, + GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE + | + GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE + | GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + if (ret < 0) { + fail("gnutls_pkcs11_copy_x509_privkey: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_crt_deinit(crt); + gnutls_x509_privkey_deinit(key); + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + /* Initialize TLS session + */ + assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_POST_HANDSHAKE_AUTH|GNUTLS_AUTO_REAUTH)>=0); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:-SIGN-RSA-SHA256", NULL); + if (ret < 0) + fail("cannot set TLS 1.3 priorities\n"); + + + assert(gnutls_certificate_set_x509_key_file(x509_cred, + SOFTHSM_URL + ";object=cert;object-type=cert", + SOFTHSM_URL + ";object=cert;object-type=private;pin-value=" + PIN, + GNUTLS_X509_FMT_DER)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (debug) + success("client handshake completed\n"); + + gnutls_record_set_timeout(session, 20 * 1000); + + if (debug) + success("waiting for auth\n"); + + do { + ret = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (err) { + if (ret != err) + fail("client: expected error %s, got: %s\n", gnutls_strerror(err), + gnutls_strerror(ret)); + } else if (ret < 0) + fail("client: gnutls_record_recv did not succeed as expected: %s\n", gnutls_strerror(ret)); + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_WR); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +static unsigned client_hello_ok = 0; +static unsigned server_hello_ok = 0; + +#define TLS_EXT_POST_HANDSHAKE 49 + +static void parse_ext(void *priv, gnutls_datum_t *msg) +{ + if (msg->size != 0) { + fail("error in extension length: %d\n", (int)msg->size); + } +} + +static int hellos_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + if (htype == GNUTLS_HANDSHAKE_SERVER_HELLO && post == GNUTLS_HOOK_POST) { + if (find_server_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, NULL)) { + fail("Post handshake extension seen in server hello!\n"); + } + server_hello_ok = 1; + + return GNUTLS_E_INTERRUPTED; + } + + if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || post != GNUTLS_HOOK_PRE) + return 0; + + if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, parse_ext)) + client_hello_ok = 1; + else + fail("Post handshake extension NOT seen in client hello!\n"); + + return 0; +} + +static void server(int fd, int err, int type) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(6); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER|GNUTLS_POST_HANDSHAKE_AUTH); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + hellos_callback); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (!(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH)) { + fail("server: session flags did not contain GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH\n"); + } + + + if (client_hello_ok == 0) { + fail("server: did not verify the client hello\n"); + } + + if (server_hello_ok == 0) { + fail("server: did not verify the server hello contents\n"); + } + + if (debug) + success("server handshake completed\n"); + + gnutls_certificate_server_set_request(session, type); + + /* ask peer for re-authentication */ + do { + ret = gnutls_reauth(session, 0); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (err) { + if (ret != err) + fail("server: expected error %s, got: %s\n", gnutls_strerror(err), + gnutls_strerror(ret)); + } else if (ret != 0) + fail("server: gnutls_reauth did not succeed as expected: %s\n", gnutls_strerror(ret)); + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +static +void start(const char *name, int err, int cli_err, int type) +{ + int fd[2]; + int ret; + pid_t child; + int status = 0; + + success("testing %s\n", name); + + client_hello_ok = 0; + server_hello_ok = 0; + + signal(SIGCHLD, SIG_IGN); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], err, type); + kill(child, SIGTERM); + wait(&status); + check_wait_status(status); + } else { + close(fd[0]); + client(fd[1], cli_err); + exit(0); + } + +} + +void doit(void) +{ + const char *bin; + char buf[128]; + + if (gnutls_fips140_mode_enabled()) + exit(77); + + /* check if softhsm module is loadable */ + (void) softhsm_lib(); + + /* initialize SoftHSM token that libpkcs11mock2.so internally uses */ + bin = softhsm_bin(); + + set_softhsm_conf(CONFIG); + snprintf(buf, sizeof(buf), + "%s --init-token --slot 0 --label test --so-pin " PIN " --pin " + PIN, bin); + system(buf); + + start("reauth-require", GNUTLS_E_CERTIFICATE_REQUIRED, GNUTLS_E_SUCCESS, GNUTLS_CERT_REQUIRE); + start("reauth-request", 0, GNUTLS_E_SUCCESS, GNUTLS_CERT_REQUEST); +} +#endif /* _WIN32 */ diff --git a/tests/tls13/post-handshake-with-cert-ticket.c b/tests/tls13/post-handshake-with-cert-ticket.c new file mode 100644 index 0000000..b19720f --- /dev/null +++ b/tests/tls13/post-handshake-with-cert-ticket.c @@ -0,0 +1,385 @@ +/* + * Copyright (C) 2017-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../lib/handshake-defs.h" +#include "cert-common.h" +#include "utils.h" + +/* This program tests whether the certificate seen in Post Handshake Auth + * is found in a resumed session under TLS 1.3. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +static unsigned tickets_seen = 0; +static int ticket_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + gnutls_datum *d; + static int counter = 0; + int ret; + + assert(htype == GNUTLS_HANDSHAKE_NEW_SESSION_TICKET); + + counter++; + if (counter <= TLS13_TICKETS_TO_SEND) /* ignore the default tickets sent */ + return 0; + + d = gnutls_session_get_ptr(session); + + if (post == GNUTLS_HOOK_POST) { + tickets_seen++; + if (d->data) + gnutls_free(d->data); + ret = gnutls_session_get_data2(session, d); + assert(ret >= 0); + assert(d->size > 4); + + return 0; + } + + return 0; +} + +static void client(int fd, unsigned tickets) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + char buf[64]; + unsigned try = 0; + gnutls_datum_t session_data = {NULL, 0}; + + global_init(); + tickets_seen = 0; + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + retry: + /* Initialize TLS session + */ + assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_POST_HANDSHAKE_AUTH)>=0); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.0", NULL); + if (ret < 0) + fail("cannot set TLS 1.3 priorities\n"); + + + if (try == 0) { + gnutls_session_set_ptr(session, &session_data); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, + GNUTLS_HOOK_BOTH, + ticket_callback); + } else { + assert(gnutls_session_set_data(session, session_data.data, session_data.size) >= 0); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (try == 0) { + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert, + &cli_ca3_key, + GNUTLS_X509_FMT_PEM)>=0); + + do { + ret = gnutls_record_recv(session, buf, sizeof(buf)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret != GNUTLS_E_REAUTH_REQUEST) { + fail("recv: unexpected error: %s\n", gnutls_strerror(ret)); + } + + if (debug) + success("received reauth request\n"); + do { + ret = gnutls_reauth(session, 0); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret != 0) + fail("client: gnutls_reauth did not succeed as expected: %s\n", gnutls_strerror(ret)); + } else { + assert(gnutls_session_is_resumed(session) != 0); + } + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret != 0) { + fail("error in recv: %s\n", gnutls_strerror(ret)); + } + + assert(tickets_seen == tickets+1); + + gnutls_deinit(session); + + if (try == 0) { + try++; + goto retry; + } + + close(fd); + gnutls_free(session_data.data); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +static void compare(const gnutls_datum_t *der, const void *ipem) +{ + gnutls_datum_t pem = {(void*)ipem, strlen((char*)ipem)}; + gnutls_datum_t new_der; + int ret; + + ret = gnutls_pem_base64_decode2("CERTIFICATE", &pem, &new_der); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + } + + if (der->size != new_der.size || memcmp(der->data, new_der.data, der->size) != 0) { + fail("error in %d: %s\n", __LINE__, "cert don't match"); + exit(1); + } + gnutls_free(new_der.data); + return; +} + +static void server(int fd, unsigned tickets) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + unsigned clist_size; + gnutls_datum_t skey; + const gnutls_datum_t *clist; + + /* this must be called once in the program + */ + global_init(); + + assert(gnutls_session_ticket_key_generate(&skey)>=0); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + assert(gnutls_init(&session, GNUTLS_SERVER|GNUTLS_POST_HANDSHAKE_AUTH)>=0); + + assert(gnutls_session_ticket_enable_server(session, &skey) >= 0); + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + gnutls_certificate_server_set_request(session, GNUTLS_CERT_REQUIRE); + + /* ask peer for re-authentication */ + do { + ret = gnutls_reauth(session, 0); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret != 0) + fail("server: gnutls_reauth did not succeed as expected: %s\n", gnutls_strerror(ret)); + + if (tickets == 0) { + /* test whether the expected error code would be returned */ + ret = gnutls_session_ticket_send(session, 0, 0); + assert(ret == GNUTLS_E_INVALID_REQUEST); + } else { + /* send tickets after re-auth */ + do { + ret = gnutls_session_ticket_send(session, tickets, 0); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + } + + do { + ret = gnutls_bye(session, GNUTLS_SHUT_RDWR); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + gnutls_deinit(session); + + /* resume session + */ + assert(gnutls_init(&session, GNUTLS_SERVER|GNUTLS_POST_HANDSHAKE_AUTH)>=0); + + assert(gnutls_session_ticket_enable_server(session, &skey) >= 0); + gnutls_handshake_set_timeout(session, get_timeout()); + assert(gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + assert(gnutls_session_is_resumed(session) != 0); + + /* check if cert is visible */ + if (tickets > 0) { + clist = gnutls_certificate_get_peers(session, &clist_size); + assert(clist != NULL); + assert(clist_size > 0); + + compare(&clist[0], cli_ca3_cert.data); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + gnutls_deinit(session); + + gnutls_free(skey.data); + close(fd); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +static void start(const char *name, unsigned tickets) +{ + int fd[2]; + int ret; + pid_t child; + + success("testing: %s\n", name); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0], tickets); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1], tickets); + exit(0); + } + +} + +void doit(void) +{ + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + start("no ticket", 0); + start("single ticket", 1); + start("8 tickets", 8); + start("16 tickets", 16); +} +#endif /* _WIN32 */ diff --git a/tests/tls13/post-handshake-with-cert.c b/tests/tls13/post-handshake-with-cert.c new file mode 100644 index 0000000..d5912fe --- /dev/null +++ b/tests/tls13/post-handshake-with-cert.c @@ -0,0 +1,384 @@ +/* + * Copyright (C) 2017-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "tls13/ext-parse.h" +#include "utils.h" + +#define MAX_AUTHS 4 + +/* This program tests whether the Post Handshake Auth extension is + * present in the client hello, and whether it is missing from server + * hello. In addition it contains basic functionality test for + * post handshake authentication. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 +#define MAX_APP_DATA 3 + +static void client(int fd, unsigned send_cert, unsigned max_auths) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + char buf[64]; + unsigned i, j; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + /* Initialize TLS session + */ + assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_POST_HANDSHAKE_AUTH)>=0); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.0", NULL); + if (ret < 0) + fail("cannot set TLS 1.3 priorities\n"); + + + if (send_cert) { + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert, + &cli_ca3_key, + GNUTLS_X509_FMT_PEM)>=0); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (debug) + success("client handshake completed\n"); + + gnutls_record_set_timeout(session, 20 * 1000); + + for (i=0;i=0); + } + } + + if (debug) + success("received reauth request\n"); + do { + ret = gnutls_reauth(session, 0); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret != 0) + fail("client: gnutls_reauth %d did not succeed as expected: %s\n", i, gnutls_strerror(ret)); + } + + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +static unsigned client_hello_ok = 0; +static unsigned server_hello_ok = 0; + +#define TLS_EXT_POST_HANDSHAKE 49 + +static void parse_ext(void *priv, gnutls_datum_t *msg) +{ + if (msg->size != 0) { + fail("error in extension length: %d\n", (int)msg->size); + } +} + +static int hellos_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + if (htype == GNUTLS_HANDSHAKE_SERVER_HELLO && post == GNUTLS_HOOK_POST) { + if (find_server_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, NULL)) { + fail("Post handshake extension seen in server hello!\n"); + } + server_hello_ok = 1; + + return GNUTLS_E_INTERRUPTED; + } + + if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || post != GNUTLS_HOOK_PRE) + return 0; + + if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, parse_ext)) + client_hello_ok = 1; + else + fail("Post handshake extension NOT seen in client hello!\n"); + + return 0; +} + +static void server(int fd, int err, int type, unsigned max_auths, int child) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + unsigned i, retries; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(6); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER|GNUTLS_POST_HANDSHAKE_AUTH); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + hellos_callback); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (!(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH)) { + fail("server: session flags did not contain GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH\n"); + } + + + if (client_hello_ok == 0) { + fail("server: did not verify the client hello\n"); + } + + if (server_hello_ok == 0) { + fail("server: did not verify the server hello contents\n"); + } + + if (debug) + success("server handshake completed\n"); + + gnutls_certificate_server_set_request(session, type); + + /* i = 0 */ + /* ask peer for re-authentication */ + retries = 0; + do { + do { + ret = gnutls_reauth(session, 0); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == GNUTLS_E_GOT_APPLICATION_DATA) { + int ret2; + do { + ret2 = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while (ret2 == GNUTLS_E_AGAIN || ret2 == GNUTLS_E_INTERRUPTED); + + if (ret2 < 0) + fail("error receiving app data: %s\n", gnutls_strerror(ret2)); + + /* sender memsets the message with the retry attempt */ + assert((uint8_t)buffer[0] == retries); + assert(retries < MAX_APP_DATA); + } + + retries++; + } while (ret == GNUTLS_E_GOT_APPLICATION_DATA); + + if (err) { + if (ret != err) + fail("server: expected error %s, got: %s\n", gnutls_strerror(err), + gnutls_strerror(ret)); + } else if (ret != 0) + fail("server: gnutls_reauth did not succeed as expected: %s\n", gnutls_strerror(ret)); + + + for (i=1;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "tls13/ext-parse.h" +#include "utils.h" + +#define MAX_AUTHS 4 + +/* This program tests whether the Post Handshake Auth would work + * under PSK authentication. */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static void client(int fd, unsigned send_cert, unsigned max_auths) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_psk_client_credentials_t pskcred; + const gnutls_datum_t key = { (void *) "DEADBEEF", 8 }; + gnutls_session_t session; + char buf[64]; + unsigned i; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + assert(gnutls_psk_allocate_client_credentials(&pskcred)>=0); + assert(gnutls_psk_set_client_credentials(pskcred, "test", &key, + GNUTLS_PSK_KEY_HEX)>=0); + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + + /* Initialize TLS session + */ + assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_POST_HANDSHAKE_AUTH)>=0); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.0:+ECDHE-PSK:+PSK", NULL); + if (ret < 0) + fail("cannot set TLS 1.3 priorities\n"); + + + if (send_cert) { + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert, + &cli_ca3_key, + GNUTLS_X509_FMT_PEM)>=0); + } + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (debug) + success("client handshake completed\n"); + + assert(gnutls_kx_get(session) == GNUTLS_KX_ECDHE_PSK); + + gnutls_record_set_timeout(session, 20 * 1000); + + for (i=0;isize != 0) { + fail("error in extension length: %d\n", (int)msg->size); + } +} + +static int hellos_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + if (htype == GNUTLS_HANDSHAKE_SERVER_HELLO && post == GNUTLS_HOOK_POST) { + if (find_server_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, NULL)) { + fail("Post handshake extension seen in server hello!\n"); + } + server_hello_ok = 1; + + return GNUTLS_E_INTERRUPTED; + } + + if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || post != GNUTLS_HOOK_PRE) + return 0; + + if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, parse_ext)) + client_hello_ok = 1; + else + fail("Post handshake extension NOT seen in client hello!\n"); + + return 0; +} + +static int +pskfunc(gnutls_session_t session, const char *username, + gnutls_datum_t * key) +{ + if (debug) + printf("psk: username %s\n", username); + key->data = gnutls_malloc(4); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; +} + +static void server(int fd, int err, int type, unsigned max_auths) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_psk_server_credentials_t server_pskcred; + unsigned i; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(6); + } + + assert(gnutls_psk_allocate_server_credentials(&server_pskcred)>=0); + gnutls_psk_set_server_credentials_function(server_pskcred, + pskfunc); + + assert(gnutls_certificate_allocate_credentials(&x509_cred)>=0); + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM) >= 0); + + assert(gnutls_init(&session, GNUTLS_SERVER|GNUTLS_POST_HANDSHAKE_AUTH)>=0); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + hellos_callback); + + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+ECDHE-PSK", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != 0) + fail("handshake failed: %s\n", gnutls_strerror(ret)); + + if (!(gnutls_session_get_flags(session) & GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH)) { + fail("server: session flags did not contain GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH\n"); + } + + + if (client_hello_ok == 0) { + fail("server: did not verify the client hello\n"); + } + + if (server_hello_ok == 0) { + fail("server: did not verify the server hello contents\n"); + } + + if (debug) + success("server handshake completed\n"); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + gnutls_certificate_server_set_request(session, type); + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "tls13/ext-parse.h" +#include "utils.h" + +/* This program tests whether the Post Handshake Auth extension is missing + * from both hellos, when not enabled by client. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define MAX_BUF 1024 + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + assert(gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert, + &cli_ca3_key, + GNUTLS_X509_FMT_PEM) >= 0); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.0", NULL); + if (ret < 0) + fail("cannot set TLS 1.3 priorities\n"); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + /* try if gnutls_reauth() would fail as expected */ + ret = gnutls_reauth(session, 0); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("server: gnutls_reauth did not fail as expected: %s", gnutls_strerror(ret)); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +static unsigned server_hello_ok = 0; + +#define TLS_EXT_POST_HANDSHAKE 49 + +static int hellos_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + if (htype == GNUTLS_HANDSHAKE_SERVER_HELLO && post == GNUTLS_HOOK_POST) { + if (find_server_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, NULL)) { + fail("Post handshake extension seen in server hello!\n"); + } + server_hello_ok = 1; + + return GNUTLS_E_INTERRUPTED; + } + + if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || post != GNUTLS_HOOK_PRE) + return 0; + + if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, NULL)) + fail("Post handshake extension seen in client hello with no cert!\n"); + + return 0; +} + +static void server(int fd) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + hellos_callback); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + if (ret == GNUTLS_E_INTERRUPTED) { /* expected */ + break; + } + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if ((gnutls_session_get_flags(session) & GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH)) { + fail("server: session flags did contain GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH\n"); + } + + if (server_hello_ok == 0) { + fail("server: did not verify the server hello contents\n"); + } + + /* try if gnutls_reauth() would fail as expected */ + ret = gnutls_reauth(session, 0); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("server: gnutls_reauth did not fail as expected: %s", gnutls_strerror(ret)); + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + int fd[2]; + int ret; + pid_t child; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0]); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/prf-early.c b/tests/tls13/prf-early.c new file mode 100644 index 0000000..b97dc24 --- /dev/null +++ b/tests/tls13/prf-early.c @@ -0,0 +1,471 @@ +/* + * Copyright (C) 2015-2019 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#if !defined(__linux__) || !defined(__GNUC__) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" +#include "virt-time.h" + +static void terminate(void); + +#define SESSIONS 2 +#define MAX_BUF 5*1024 +#define MSG "Hello TLS" + +extern unsigned int _gnutls_global_version; + +/* This program tests whether the gnutls_prf() works as + * expected. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +static const +gnutls_datum_t hrnd = {(void*)"\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}; +static const +gnutls_datum_t hsrnd = {(void*)"\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}; + +static int gnutls_rnd_works; + +int __attribute__ ((visibility ("protected"))) +gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) +{ + gnutls_rnd_works = 1; + + memset(data, 0xff, len); + + /* Flip the first byte to avoid infinite loop in the RSA + * blinding code of Nettle */ + if (len > 0) + memset(data, 0x0, 1); + return 0; +} + +static gnutls_datum_t session_ticket_key = { NULL, 0 }; + +static void dump(const char *name, const uint8_t *data, unsigned data_size) +{ + unsigned i; + + fprintf(stderr, "%s", name); + for (i=0;i 0) { + gnutls_session_set_data(session, session_data.data, + session_data.size); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HOOK_POST, + handshake_callback); + } + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("client: Handshake failed: %s\n", strerror(ret)); + exit(1); + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + ret = gnutls_cipher_get(session); + if (ret != GNUTLS_CIPHER_AES_256_GCM) { + fprintf(stderr, "negotiated unexpected cipher: %s\n", gnutls_cipher_get_name(ret)); + exit(1); + } + + ret = gnutls_mac_get(session); + if (ret != GNUTLS_MAC_AEAD) { + fprintf(stderr, "negotiated unexpected mac: %s\n", gnutls_mac_get_name(ret)); + exit(1); + } + + if (t == 0) { + /* get the session data size */ + ret = + gnutls_session_get_data2(session, + &session_data); + if (ret < 0) + fail("Getting resume data failed\n"); + + if (handshake_callback_called != 0) + fail("client: handshake callback is called\n"); + } else { + if (handshake_callback_called != t) + fail("client: handshake callback is not called\n"); + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while (ret == GNUTLS_E_AGAIN); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sds[t]); + + gnutls_deinit(session); + } + + gnutls_free(session_data.data); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); +} + +static void terminate(void) +{ + int status = 0; + + if (child) { + kill(child, SIGTERM); + wait(&status); + } + exit(1); +} + +static void server(int sds[]) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t serverx509cred; + int t; + char buffer[MAX_BUF + 1]; + + /* this must be called once in the program + */ + global_init(); + + /* date --date='TZ="UTC" 2019-04-12' +%s */ + virt_time_init_at(1555027200); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&serverx509cred); + + gnutls_session_ticket_key_generate(&session_ticket_key); + + for (t = 0; t < SESSIONS; t++) { + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_session_ticket_enable_server(session, + &session_ticket_key); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + ret = gnutls_priority_set_direct(session, + "NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:-SIGN-ALL:+SIGN-RSA-PSS-RSAE-SHA384:-GROUP-ALL:+GROUP-SECP256R1", NULL); + if (ret < 0) { + fail("server: priority set failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + gnutls_handshake_set_random(session, &hsrnd); + gnutls_transport_set_int(session, sds[t]); + + if (t > 0) { + if (!gnutls_rnd_works) { + fprintf(stderr, "gnutls_rnd() could not be overridden, skipping prf checks see #584\n"); + exit(77); + } else { + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HOOK_POST, + handshake_callback); + } + } + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + close(sds[t]); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + if (t == 0) { + if (handshake_callback_called != 0) + fail("server: handshake callback is called\n"); + } else { + if (handshake_callback_called != t) + fail("server: handshake callback is not called\n"); + } + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + kill(child, SIGTERM); + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sds[t]); + gnutls_deinit(session); + } + + gnutls_certificate_free_credentials(serverx509cred); + + gnutls_free(session_ticket_key.data); + session_ticket_key.data = NULL; + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +void doit(void) +{ + int client_sds[SESSIONS], server_sds[SESSIONS]; + int i; + int ret; + + _gnutls_global_version = 0x030607; + signal(SIGPIPE, SIG_IGN); + + for (i = 0; i < SESSIONS; i++) { + int sockets[2]; + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (ret == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + server_sds[i] = sockets[0]; + client_sds[i] = sockets[1]; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status = 0; + /* parent */ + + for (i = 0; i < SESSIONS; i++) + close(client_sds[i]); + server(server_sds); + wait(&status); + check_wait_status(status); + } else { + for (i = 0; i < SESSIONS; i++) + close(server_sds[i]); + client(client_sds); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/prf.c b/tests/tls13/prf.c new file mode 100644 index 0000000..a83fda5 --- /dev/null +++ b/tests/tls13/prf.c @@ -0,0 +1,376 @@ +/* + * Copyright (C) 2015-2018 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if !defined(__linux__) || !defined(__GNUC__) + +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +static void terminate(void); + +/* This program tests whether the gnutls_prf() works as + * expected. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +/* These are global */ +static pid_t child; + +static const +gnutls_datum_t hrnd = {(void*)"\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}; +static const +gnutls_datum_t hsrnd = {(void*)"\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}; + +static int gnutls_rnd_works; + +int __attribute__ ((visibility ("protected"))) +gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) +{ + gnutls_rnd_works = 1; + + memset(data, 0xff, len); + + /* Flip the first byte to avoid infinite loop in the RSA + * blinding code of Nettle */ + if (len > 0) + memset(data, 0x0, 1); + return 0; +} + +static void dump(const char *name, const uint8_t *data, unsigned data_size) +{ + unsigned i; + + fprintf(stderr, "%s", name); + for (i=0;i + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include +#include +#include + +#include "tls13/ext-parse.h" + +#include "utils.h" + +/* Tests whether the pre-shared key extension will always be last + * even if the dumbfw extension is present. + */ + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +static void client(int sd, const char *prio) +{ + int ret, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_psk_client_credentials_t pskcred; + /* Need to enable anonymous KX specifically. */ + const gnutls_datum_t key = { (void *) "DEADBEEF", 8 }; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + side = "client"; + + gnutls_psk_allocate_client_credentials(&pskcred); + gnutls_psk_set_client_credentials(pskcred, "test", &key, + GNUTLS_PSK_KEY_HEX); + + assert(gnutls_init(&session, GNUTLS_CLIENT|GNUTLS_KEY_SHARE_TOP)>=0); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + assert(gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred)>=0); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + assert(gnutls_record_send(session, MSG, strlen(MSG))>=0); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + close(sd); + + gnutls_deinit(session); + + gnutls_psk_free_client_credentials(pskcred); + + gnutls_global_deinit(); +} + +static int +pskfunc(gnutls_session_t session, const char *username, + gnutls_datum_t * key) +{ + if (debug) + printf("psk: username %s\n", username); + key->data = gnutls_malloc(4); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; +} + +#define EXT_CLIENTHELLO_PADDING 21 +#define EXT_PRE_SHARED_KEY 41 + +struct ctx_st { + unsigned long pos; + void *base; +}; + +static +void check_ext_pos(void *priv, gnutls_datum_t *msg) +{ + struct ctx_st *ctx = priv; + + ctx->pos = (ptrdiff_t)((ptrdiff_t)msg->data - (ptrdiff_t)ctx->base); +} + +static int client_hello_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + unsigned long pos_psk; + unsigned long pos_pad; + + if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && post == GNUTLS_HOOK_POST) { + struct ctx_st ctx; + + ctx.base = msg->data; + if (find_client_extension(msg, EXT_CLIENTHELLO_PADDING, &ctx, check_ext_pos) == 0) + fail("Could not find dumbfw/client hello padding extension!\n"); + pos_pad = ctx.pos; + + ctx.base = msg->data; + if (find_client_extension(msg, EXT_PRE_SHARED_KEY, &ctx, check_ext_pos) == 0) + fail("Could not find psk extension!\n"); + pos_psk = ctx.pos; + + if (pos_psk < pos_pad) { + fail("The dumbfw extension was sent after pre-shared key!\n"); + } + + /* check if we are the last extension in general */ + if (!is_client_extension_last(msg, EXT_PRE_SHARED_KEY)) { + fail("pre-shared key extension wasn't the last one!\n"); + } + } + + return 0; +} + + +static void server(int sd, const char *prio) +{ + gnutls_psk_server_credentials_t server_pskcred; + int ret; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + side = "server"; + + + assert(gnutls_psk_allocate_server_credentials(&server_pskcred)>=0); + gnutls_psk_set_server_credentials_function(server_pskcred, + pskfunc); + + assert(gnutls_init(&session, GNUTLS_SERVER)>=0); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + gnutls_credentials_set(session, GNUTLS_CRD_PSK, server_pskcred); + + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + client_hello_callback); + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + gnutls_record_set_timeout(session, 10000); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_psk_free_server_credentials(server_pskcred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + + +static +void run_test(const char *prio) +{ + pid_t child; + int err; + int sockets[2]; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + success("trying with %s\n", prio); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status = 0; + /* parent */ + close(sockets[1]); + server(sockets[0], prio); + wait(&status); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1], prio); + exit(0); + } +} + +void doit(void) +{ + run_test("NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+PSK:%DUMBFW:-GROUP-ALL:+GROUP-FFDHE2048"); +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/psk-ext.c b/tests/tls13/psk-ext.c new file mode 100644 index 0000000..370a8e1 --- /dev/null +++ b/tests/tls13/psk-ext.c @@ -0,0 +1,205 @@ +/* + * Copyright (C) 2016, 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include +#include +#include +#include "../lib/tls13/psk_ext_parser.h" + +#include "utils.h" + +/* Tests the PSK-extension decoding part */ + +static void decode(const char *test_name, const gnutls_datum_t *raw, const gnutls_datum_t *id, + const gnutls_datum_t *b, unsigned idx, int res) +{ + int ret; + psk_ext_parser_st p; + psk_ext_iter_st iter; + struct psk_st psk; + gnutls_datum_t binder; + unsigned found = 0; + unsigned i, j; + + ret = _gnutls13_psk_ext_parser_init(&p, raw->data, raw->size); + if (ret < 0) { + if (res == ret) /* expected */ + return; + fail("%s: _gnutls13_psk_ext_parser_init: %d/%s\n", test_name, ret, gnutls_strerror(ret)); + exit(1); + } + + _gnutls13_psk_ext_iter_init(&iter, &p); + for (i = 0; ; i++) { + ret = _gnutls13_psk_ext_iter_next_identity(&iter, &psk); + if (ret < 0) { + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + if (res == ret) /* expected */ + return; + } + if (i == idx) { + if (psk.identity.size == id->size && memcmp(psk.identity.data, id->data, id->size) == 0) { + if (debug) + success("%s: found id\n", test_name); + found = 1; + break; + } else { + fail("%s: did not found identity on index %d\n", test_name, idx); + } + } + } + + if (found == 0) + fail("%s: did not found identity!\n", test_name); + + _gnutls13_psk_ext_iter_init(&iter, &p); + for (j = 0; j <= i; j++) { + ret = _gnutls13_psk_ext_iter_next_binder(&iter, &binder); + if (ret < 0) { + if (res == ret) /* expected */ + return; + fail("%s: could not extract binder: %s\n", + test_name, gnutls_strerror(ret)); + } + } + + if (debug) + success("%s: found binder\n", test_name); + + if (binder.size != b->size || memcmp(binder.data, b->data, b->size) != 0) { + hexprint(binder.data, binder.size); + fail("%s: did not match binder on index %d\n", test_name, idx); + } + + return; +} + +struct decode_tests_st { + const char *name; + gnutls_datum_t psk; + unsigned idx; /* the ID index */ + gnutls_datum_t id; + gnutls_datum_t binder; + int res; +}; + +struct decode_tests_st decode_tests[] = { + { + .name = "single PSK", + .psk = { (unsigned char*)"\x00\x0a\x00\x04\x6e\x6d\x61\x76\x00\x00\x00\x00\x00\x21\x20\xc4\xda\xe5\x7e\x05\x59\xf7\xae\x9b\xba\x90\xd2\x6e\x12\x68\xf6\xc1\xc7\xb9\x7e\xdc\xed\x9e\x67\x4e\xa5\x91\x2d\x7c\xb4\xf0\xab", 47}, + .id = { (unsigned char*)"nmav", 4 }, + .binder = { (unsigned char*)"\xc4\xda\xe5\x7e\x05\x59\xf7\xae\x9b\xba\x90\xd2\x6e\x12\x68\xf6\xc1\xc7\xb9\x7e\xdc\xed\x9e\x67\x4e\xa5\x91\x2d\x7c\xb4\xf0\xab", 32 }, + .idx = 0, + .res = 0 + }, + { + .name = "multiple psks id0", + .psk = { (unsigned char*)"\x00\x20\x00\x04\x70\x73\x6b\x31\x00\x00\x00\x00" + "\x00\x06\x70\x73\x6b\x69\x64\x00\x00\x00\x00\x00" + "\x00\x04\x74\x65\x73\x74\x00\x00\x00\x00\x00\x63" + "\x20\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x01\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x20\x71\x83\x89\x3d\xcc" + "\x46\xad\x83\x18\x98\x59\x46\x0b\xb2\x51\x24\x53" + "\x41\xb4\x35\x04\x22\x90\x02\xac\x5e\xc1\xe7\xbc" + "\xca\x52\x16", 135}, + .id = { (unsigned char*)"psk1", 4 }, + .binder = { (unsigned char*)"\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}, + .idx = 0, + .res = 0 + }, + { + .name = "multiple psks id1", + .psk = { (unsigned char*)"\x00\x20\x00\x04\x70\x73\x6b\x31\x00\x00\x00\x00" + "\x00\x06\x70\x73\x6b\x69\x64\x00\x00\x00\x00\x00" + "\x00\x04\x74\x65\x73\x74\x00\x00\x00\x00\x00\x63" + "\x20\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x01\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x20\x71\x83\x89\x3d\xcc" + "\x46\xad\x83\x18\x98\x59\x46\x0b\xb2\x51\x24\x53" + "\x41\xb4\x35\x04\x22\x90\x02\xac\x5e\xc1\xe7\xbc" + "\xca\x52\x16", 135}, + .id = { (unsigned char*)"pskid", 6 }, + .binder = { (unsigned char*)"\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32}, + .idx = 1, + .res = 0 + }, + { + .name = "multiple psks id2", + .psk = { (unsigned char*)"\x00\x20\x00\x04\x70\x73\x6b\x31\x00\x00\x00\x00" + "\x00\x06\x70\x73\x6b\x69\x64\x00\x00\x00\x00\x00" + "\x00\x04\x74\x65\x73\x74\x00\x00\x00\x00\x00\x63" + "\x20\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x01\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x20\x71\x83\x89\x3d\xcc" + "\x46\xad\x83\x18\x98\x59\x46\x0b\xb2\x51\x24\x53" + "\x41\xb4\x35\x04\x22\x90\x02\xac\x5e\xc1\xe7\xbc" + "\xca\x52\x16", 135}, + .id = { (unsigned char*)"test", 4 }, + .binder = { (unsigned char*)"\x71\x83\x89\x3d\xcc\x46\xad\x83\x18\x98\x59\x46\x0b\xb2\x51\x24\x53\x41\xb4\x35\x04\x22\x90\x02\xac\x5e\xc1\xe7\xbc\xca\x52\x16", 32}, + .idx = 2, + .res = 0 + }, + { + .name = "multiple psks id3", + .psk = { (unsigned char*)"\x00\x20\x00\x04\x70\x73\x6b\x31\x00\x00\x00\x00" + "\x00\x06\x70\x73\x6b\x69\x64\x00\x00\x00\x00\x00" + "\x00\x04\x74\x65\x73\x74\x00\x00\x00\x00\x00\x42" + "\x20\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x01\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00", 102}, + .id = { (unsigned char*)"test", 4 }, + .binder = { NULL, 0 }, + .idx = 2, + .res = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE + } +}; + +void doit(void) +{ + unsigned i; + + for (i=0;i + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" +#include "tls13/ext-parse.h" +#include "eagain-common.h" + +/* This program tests the scenario described at: + * https://gitlab.com/gnutls/gnutls/-/issues/1303 + * + * - the server only supports one mode + * - the client follows server's preference with %SERVER_PRECEDENCE + * - the client provides two modes, but the first one is not the one the server + * supports + * + * Previously the server was not able to enable PSK (and thus session + * resumption) at all in this case and didn't send NewSessionTicket. + */ + +const char *testname = ""; + +#define myfail(fmt, ...) \ + fail("%s: "fmt, testname, ##__VA_ARGS__) + +const char *side = ""; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static int +new_session_ticket_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, + const gnutls_datum_t *msg) +{ + bool *new_session_ticket_sent = + gnutls_session_get_ptr(session); + *new_session_ticket_sent = true; + return 0; +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS, and hi and how are you and more data here... and more... and even more and even more more data..." + +static void start(const char *name, const char *prio, const char *sprio) +{ + int sret, cret; + gnutls_certificate_credentials_t scred, ccred; + gnutls_session_t server, client; + gnutls_datum_t skey; + char buffer[MAX_BUF + 1]; + int transferred = 0; + bool new_session_ticket_sent = false; + + testname = name; + success("== test %s ==\n", testname); + + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(9); + + /* Init server */ + assert(gnutls_certificate_allocate_credentials(&scred) >= 0); + assert(gnutls_certificate_set_x509_key_mem(scred, + &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&server, GNUTLS_SERVER); + + gnutls_handshake_set_hook_function(server, + GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, + GNUTLS_HOOK_POST, + new_session_ticket_callback); + gnutls_session_set_ptr(server, &new_session_ticket_sent); + + gnutls_priority_set_direct(server, sprio, NULL); + + assert(gnutls_session_ticket_key_generate(&skey)>=0); + assert(gnutls_session_ticket_enable_server(server, &skey) >= 0); + + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + gnutls_certificate_allocate_credentials(&ccred); + assert(gnutls_certificate_set_x509_trust_mem + (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0); + + gnutls_init(&client, GNUTLS_CLIENT); + + cret = gnutls_priority_set_direct(client, prio, NULL); + if (cret < 0) + myfail("cannot set TLS 1.3 priorities\n"); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + if (debug) + success("Handshake established\n"); + + TRANSFER(client, server, MSG, strlen(MSG), buffer, MAX_BUF); + TRANSFER(server, client, MSG, strlen(MSG), buffer, MAX_BUF); + EMPTY_BUF(server, client, buffer, MAX_BUF); + + if (!new_session_ticket_sent) { + fail("NewSessionTicket is not sent\n"); + } + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(scred); + gnutls_certificate_free_credentials(ccred); + + gnutls_free(skey.data); + + gnutls_global_deinit(); + reset_buffers(); +} + +void doit(void) +{ + start("server only supports PSK, client advertises ECDHE-PSK first", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:+ECDHE-PSK:+PSK:%SERVER_PRECEDENCE", + "NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK"); +} diff --git a/tests/tls13/rnd-check-rollback-val.c b/tests/tls13/rnd-check-rollback-val.c new file mode 100644 index 0000000..ea61728 --- /dev/null +++ b/tests/tls13/rnd-check-rollback-val.c @@ -0,0 +1,305 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* This program checks whether a TLS 1.3 client will detect + * a TLS 1.2 rollback attempt via the server random value. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#ifdef TLS12 +# define name "TLS1.2" +# define RND tls12_rnd +# define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" +#elif TLS11 +# define name "TLS1.1" +# define RND tls11_rnd +# define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.0" +#else +# error unknown version to test +#endif + +gnutls_datum_t tls12_rnd = {(void*)"\x44\x4F\x57\x4E\x47\x52\x44\x01", + 8}; + +gnutls_datum_t tls11_rnd = {(void*)"\x44\x4F\x57\x4E\x47\x52\x44\x00", + 8}; + + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + gnutls_datum_t srandom; + unsigned try = 0; + gnutls_datum_t session_data = { NULL, 0 }; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert, + &cli_ca3_key, + GNUTLS_X509_FMT_PEM); + + retry: + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, PRIO, NULL); + if (ret < 0) + fail("cannot set TLS priorities\n"); + + if (try > 0) + gnutls_session_set_data(session, session_data.data, session_data.size); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fail("error in handshake: %s\n", gnutls_strerror(ret)); + } + + if (try > 0) + assert(gnutls_session_is_resumed(session)); + + gnutls_session_get_random(session, NULL, &srandom); + + if (srandom.size != 32) + fail("unexpected random size\n"); + + if (memcmp(&srandom.data[32-8], RND.data, 8) != 0) { + unsigned i; + printf("expected: "); + for (i=0;i<8;i++) + printf("%.2x", (unsigned)RND.data[i]); + printf("\n"); + printf("got: "); + for (i=0;i<8;i++) + printf("%.2x", (unsigned)srandom.data[32-8+i]); + printf("\n"); + fail("unexpected random data for %s\n", name); + } + + do { + ret = gnutls_record_send(session, "\x00", 1); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (try == 0) { + ret = gnutls_session_get_data2(session, &session_data); + if (ret < 0) + fail("couldn't retrieve session data: %s\n", + gnutls_strerror(ret)); + } + + gnutls_deinit(session); + + if (try == 0) { + try++; + goto retry; + } + + close(fd); + + gnutls_free(session_data.data); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + + +static void server(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_datum_t skey; + unsigned try = 0; + unsigned char buf[16]; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + assert(gnutls_session_ticket_key_generate(&skey) >= 0); + + retry: + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0", NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + assert(gnutls_session_ticket_enable_server(session, &skey) >= 0); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + if (ret == GNUTLS_E_INTERRUPTED) { /* expected */ + break; + } + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) + fail("error in handshake: %s\n", gnutls_strerror(ret)); + + if (try > 0) + assert(gnutls_session_is_resumed(session)); + + do { + ret = gnutls_record_recv(session, buf, sizeof(buf)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret < 0) + fail("server: recv did not succeed as expected: %s\n", gnutls_strerror(ret)); + + gnutls_deinit(session); + + if (try == 0) { + try++; + goto retry; + } + + close(fd); + + gnutls_free(skey.data); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + int fd[2]; + int ret; + pid_t child; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + client(fd[0]); + kill(child, SIGTERM); + } else { + close(fd[0]); + server(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/rnd-rollback-detection.c b/tests/tls13/rnd-rollback-detection.c new file mode 100644 index 0000000..d64daa0 --- /dev/null +++ b/tests/tls13/rnd-rollback-detection.c @@ -0,0 +1,237 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* This program checks whether a TLS 1.3 client will detect + * a TLS 1.2 rollback attempt via the server random value. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + + + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert, + &cli_ca3_key, + GNUTLS_X509_FMT_PEM); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0", NULL); + if (ret < 0) + fail("cannot set TLS 1.2 priorities\n"); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER) { + fail("unexpected error during rollback: %s\n", gnutls_strerror(ret)); + } + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +#ifdef TLS12 +# define RND tls12_rnd +# define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" +#elif TLS11 +# define RND tls11_rnd +# define PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1:+VERS-TLS1.0" +#else +# error unknown version to test +#endif + +gnutls_datum_t tls12_rnd = {(void*)"\x00\x00\x00\x04\x00\x00\x00\x04" + "\x00\x00\x00\x04\x00\x00\x00\x04" + "\x00\x00\x00\x04\x00\x00\x00\x04" + "\x44\x4F\x57\x4E\x47\x52\x44\x01", + 32}; + +gnutls_datum_t tls11_rnd = {(void*)"\x00\x00\x00\x04\x00\x00\x00\x04" + "\x00\x00\x00\x04\x00\x00\x00\x04" + "\x00\x00\x00\x04\x00\x00\x00\x04" + "\x44\x4F\x57\x4E\x47\x52\x44\x00", + 32}; + +static void server(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_handshake_set_random(session, &RND); + + assert(gnutls_priority_set_direct(session, PRIO, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + if (ret == GNUTLS_E_INTERRUPTED) { /* expected */ + break; + } + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + int fd[2]; + int ret; + pid_t child; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + client(fd[0]); + kill(child, SIGTERM); + } else { + close(fd[0]); + server(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/supported_versions.c b/tests/tls13/supported_versions.c new file mode 100644 index 0000000..7d14eeb --- /dev/null +++ b/tests/tls13/supported_versions.c @@ -0,0 +1,353 @@ +/* + * Copyright (C) 2017-2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "utils.h" + +/* This program tests the ProtocolVersion of Client Hello + * and whether the supported_versions extension is present and + * contains 0x0304 (TLS 1.3). + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + + + +#define MAX_BUF 1024 + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:+VERS-TLS1.0", NULL); + if (ret < 0) + fail("cannot set TLS 1.3 priorities\n"); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +static unsigned client_hello_ok = 0; +static unsigned server_hello_ok = 0; + +#define HANDSHAKE_SESSION_ID_POS 34 +#define TLS_EXT_SUPPORTED_VERSIONS 43 + +#define SKIP16(pos, total) { \ + uint16_t _s; \ + if (pos+2 > total) fail("error\n"); \ + _s = (msg->data[pos] << 8) | msg->data[pos+1]; \ + if ((size_t)(pos+2+_s) > total) fail("error\n"); \ + pos += 2+_s; \ + } + +#define SKIP8(pos, total) { \ + uint8_t _s; \ + if (pos+1 > total) fail("error\n"); \ + _s = msg->data[pos]; \ + if ((size_t)(pos+1+_s) > total) fail("error\n"); \ + pos += 1+_s; \ + } + +static int client_hello_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + ssize_t pos; + + if (htype == GNUTLS_HANDSHAKE_SERVER_HELLO && post == GNUTLS_HOOK_POST) { + /* check whether TLS 1.3 is negotiated */ + pos = 0; + if (msg->size < 2) { + fail("error in server hello size\n"); + } + + success("server hello:\n\t%d.%d\n", + (int)msg->data[pos], (int)msg->data[pos+1]); + + if (msg->data[pos] != 0x03 || msg->data[pos+1] != 0x03) { + fail("fail expected TLS 1.2 in server hello, got %d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]); + } + + server_hello_ok = 1; + return GNUTLS_E_INTERRUPTED; + } + + if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || post != GNUTLS_HOOK_PRE) + return 0; + + if (msg->size < HANDSHAKE_SESSION_ID_POS) + return -1; + + /* we expect the legacy version to be present */ + /* ProtocolVersion legacy_version = 0x0303 */ + if (msg->data[0] != 0x03 || msg->data[1] != 0x03) { + fail("ProtocolVersion contains %d.%d\n", (int)msg->data[0], (int)msg->data[1]); + } + + pos = HANDSHAKE_SESSION_ID_POS; + /* legacy_session_id */ + SKIP8(pos, msg->size); + + /* CipherSuites */ + SKIP16(pos, msg->size); + + /* legacy_compression_methods */ + SKIP8(pos, msg->size); + + pos += 2; + + while (pos < msg->size) { + uint16_t type; + + if (pos+4 > msg->size) + fail("invalid client hello\n"); + + type = (msg->data[pos] << 8) | msg->data[pos+1]; + pos+=2; + + success("Found extension %d\n", (int)type); + + if (type != TLS_EXT_SUPPORTED_VERSIONS) { + SKIP16(pos, msg->size); + } else { /* found */ + ssize_t size = (msg->data[pos] << 8) | msg->data[pos+1]; + pos+=2; + + size = msg->data[pos]; + + if (size > msg->size+pos) { + fail("error in extension length\n"); + } + + if (size % 2 == 1) { + fail("extension length is odd!\n"); + } + + if (size != 6) { + fail("expected three versions only (%d)!\n", (int)size); + } + pos++; + + success("client hello:\n\t%d.%d\n\t%d.%d\n\t%d.%d\n", + (int)msg->data[pos], (int)msg->data[pos+1], + (int)msg->data[pos+2], (int)msg->data[pos+3], + (int)msg->data[pos+4], (int)msg->data[pos+5]); + + if (msg->data[pos] != 0x03 || msg->data[pos+1] != 0x04) { + fail("fail expected TLS 1.3, got %d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]); + } + pos+=2; + + if (msg->data[pos] != 0x03 || msg->data[pos+1] != 0x03) { + fail("fail expected TLS 1.2, got %d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]); + } + pos+=2; + + if (msg->data[pos] != 0x03 || msg->data[pos+1] != 0x01) { + fail("fail expected TLS 1.0, got %d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]); + } + pos+=2; + client_hello_ok = 1; + break; + } + } + + return 0; +} + +static void server(int fd) +{ + int ret; + char buffer[MAX_BUF + 1]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + memset(buffer, 0, sizeof(buffer)); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + client_hello_callback); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL:+VERS-TLS1.3", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + if (ret == GNUTLS_E_INTERRUPTED) { /* expected */ + break; + } + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + + if (client_hello_ok == 0) { + fail("server: did not verify the client hello\n"); + } + + if (server_hello_ok == 0) { + fail("server: did not verify the server hello contents\n"); + } + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + int fd[2]; + int ret; + pid_t child; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0]); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tls13/tls12-no-tls13-exts.c b/tests/tls13/tls12-no-tls13-exts.c new file mode 100644 index 0000000..03d3271 --- /dev/null +++ b/tests/tls13/tls12-no-tls13-exts.c @@ -0,0 +1,242 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "cert-common.h" +#include "tls13/ext-parse.h" +#include "utils.h" + +/* This program checks whether any TLS 1.3 extensions are + * present when TLS 1.2 is the only protocol supported by + * client. + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + + + +static void client(int fd) +{ + int ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(7); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &cli_ca3_cert, + &cli_ca3_key, + GNUTLS_X509_FMT_PEM); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_priority_set_direct(session, "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.0", NULL); + if (ret < 0) + fail("cannot set TLS 1.2 priorities\n"); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); +} + +static unsigned client_hello_ok = 0; + +static int client_hello_callback(gnutls_session_t session, unsigned int htype, + unsigned post, unsigned int incoming, const gnutls_datum_t *msg) +{ + if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO || post != GNUTLS_HOOK_PRE) + return 0; + + if (find_client_extension(msg, TLS_EXT_SUPPORTED_VERSIONS, NULL, NULL)) { + fail("Found TLS 1.3 supported versions extension in TLS 1.2!\n"); + } + + if (find_client_extension(msg, TLS_EXT_POST_HANDSHAKE, NULL, NULL)) { + fail("Found TLS 1.3 supported versions extension in TLS 1.2!\n"); + } + + client_hello_ok = 1; + + return 0; +} + +static void server(int fd) +{ + int ret; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert, + &server_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + gnutls_handshake_set_timeout(session, get_timeout()); + gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_ANY, + GNUTLS_HOOK_BOTH, + client_hello_callback); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + gnutls_priority_set_direct(session, "NORMAL", NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + if (ret == GNUTLS_E_INTERRUPTED) { /* expected */ + break; + } + } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + + if (client_hello_ok == 0) { + fail("server: did not verify the client hello\n"); + } + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: client/server hello were verified\n"); +} + +static void ch_handler(int sig) +{ + int status = 0; + wait(&status); + check_wait_status(status); + return; +} + +void doit(void) +{ + int fd[2]; + int ret; + pid_t child; + + signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + /* parent */ + close(fd[1]); + server(fd[0]); + kill(child, SIGTERM); + } else { + close(fd[0]); + client(fd[1]); + exit(0); + } +} + +#endif /* _WIN32 */ diff --git a/tests/tlsext-decoding.c b/tests/tlsext-decoding.c new file mode 100644 index 0000000..2794d2c --- /dev/null +++ b/tests/tlsext-decoding.c @@ -0,0 +1,293 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include "cert-common.h" + +/* This test checks whether an invalid extensions field will lead + * to a GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH. */ + +#if defined(_WIN32) + +int main() +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void terminate(void); +static unsigned reduce = 0; + +/* This program tests the client hello verify in DTLS + */ + +static void server_log_func(int level, const char *str) +{ + fprintf(stderr, "server|<%d>| %s", level, str); +} + +static void client_log_func(int level, const char *str) +{ + fprintf(stderr, "client|<%d>| %s", level, str); +} + +#define RECORD_PAYLOAD_POS 5 +#define HANDSHAKE_ID_POS (38) +static ssize_t odd_push(gnutls_transport_ptr_t tr, const void *data, size_t len) +{ + uint8_t *d = (void*)data; + int fd = (long)tr; + uint16_t csize, osize; + int pos; + + if (d[0] == 22 && d[5] == GNUTLS_HANDSHAKE_CLIENT_HELLO) { + uint8_t isize; + + /* skip session ID (this can be non-empty in TLS 1.3) */ + isize = d[RECORD_PAYLOAD_POS+HANDSHAKE_ID_POS]; + isize += 1; + + /* skip ciphersuites */ + csize = d[RECORD_PAYLOAD_POS+HANDSHAKE_ID_POS+isize+1] + (d[RECORD_PAYLOAD_POS+HANDSHAKE_ID_POS+isize] << 8); + csize += 2; + + /* skip compression methods */ + osize = d[RECORD_PAYLOAD_POS+HANDSHAKE_ID_POS+isize+csize]; + osize += 1; + + pos = RECORD_PAYLOAD_POS+HANDSHAKE_ID_POS+isize+csize+osize; + + if (reduce) { + if (d[pos+1] != 0x00) { + d[pos+1] = d[pos+1] - 1; + } else { + d[pos] = d[pos] - 1; + d[pos+1] = 0xff; + } + } else { + if (d[pos+1] != 0xff) { + d[pos+1] = d[pos+1] + 1; + } else { + d[pos] = d[pos] + 1; + d[pos+1] = 0x00; + } + + } + } + + return send(fd, data, len, 0); +} + +/* A very basic DTLS client handling DTLS 0.9 which sets premaster secret. + */ + +static void client(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t xcred; + gnutls_session_t session; + + global_init(); + + if (debug) { + gnutls_global_set_log_function(client_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + gnutls_handshake_set_timeout(session, get_timeout()); + + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + gnutls_transport_set_push_function(session, odd_push); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret >= 0) { + fail("client: Handshake succeeded!\n"); + exit(1); + } + + close(fd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); +} + + +/* These are global */ +pid_t child; + +static void terminate(void) +{ + int status; + assert(child); + kill(child, SIGTERM); + wait(&status); + exit(1); +} + +static void server(int fd, const char *prio) +{ + int ret; + gnutls_certificate_credentials_t xcred; + gnutls_session_t session; + + /* this must be called once in the program + */ + global_init(); + + if (debug) { + gnutls_global_set_log_function(server_log_func); + gnutls_global_set_log_level(4711); + } + + gnutls_certificate_allocate_credentials(&xcred); + + ret = gnutls_certificate_set_x509_key_mem(xcred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + gnutls_init(&session, GNUTLS_SERVER); + gnutls_handshake_set_timeout(session, get_timeout()); + + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ + assert(gnutls_priority_set_direct(session, prio, NULL) >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, fd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret != GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH) { + close(fd); + gnutls_deinit(session); + fail("server: Handshake did not fail with GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH (%s)\n\n", + gnutls_strerror(ret)); + terminate(); + } + + close(fd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + if (debug) + success("server: Handshake failed as expected\n"); +} + +static void start(const char *prio) +{ + int fd[2]; + int ret; + + success("trying %s\n", prio); + signal(SIGPIPE, SIG_IGN); + + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); + if (ret < 0) { + perror("socketpair"); + exit(1); + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + exit(1); + } + + if (child) { + int status; + /* parent */ + + close(fd[0]); + server(fd[1], prio); + + wait(&status); + check_wait_status(status); + close(fd[1]); + } else { + close(fd[1]); + client(fd[0], prio); + exit(0); + } +} + +void doit(void) +{ + success("checking overflow\n"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); + + success("checking underflow\n"); + reduce = 1; + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} +#endif /* _WIN32 */ diff --git a/tests/tlsfeature-crt.c b/tests/tlsfeature-crt.c new file mode 100644 index 0000000..fa68816 --- /dev/null +++ b/tests/tlsfeature-crt.c @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include +#include +#include +#include +#include "utils.h" + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICBzCCAXCgAwIBAgIMVpjt8TL5Io/frpvkMA0GCSqGSIb3DQEBCwUAMCIxIDAe\n" + "BgNVBAMTF0dudVRMUyB0ZXN0IGNlcnRpZmljYXRlMB4XDTE2MDExNTEzMDI0MVoX\n" + "DTMyMDYxOTEzMDI0MVowIjEgMB4GA1UEAxMXR251VExTIHRlc3QgY2VydGlmaWNh\n" + "dGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANe6XK+jDPAuqSdWqlOOqOt/\n" + "gXVMa5i+Suq3HvhLw2rE2g0AuOpMEx82FpPecu/GpF6ybrbKCohVdZCW7aZXvAw7\n" + "dg2XHr3p7H/Tqez7hWSga6BIznd+c5wxE/89yK6lYG7Ztoxamm+2vp9qvafwoDMn\n" + "9bcdkuWWnHNS1p/WyI6xAgMBAAGjQjBAMBEGCCsGAQUFBwEYBAUwAwIBBTAMBgNV\n" + "HRMBAf8EAjAAMB0GA1UdDgQWBBRTSzvcXshETAIgvzlIb0z+zSVSEDANBgkqhkiG\n" + "9w0BAQsFAAOBgQB+VcJuLPL2PMog0HZ8RRbqVvLU5d209ROg3s1oXUBFW8+AV+71\n" + "CsHg9Xx7vqKVwyKGI9ghds1B44lNPxGH2Sk1v2czjKbzwujo9+kLnDS6i0jyrDdn\n" + "um4ivpkwmlUFSQVXvENLwe9gTlIgN4+0I9WLcMTCDtHWkcxMRwCm2BMsXw==\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +void doit(void) +{ + int ret; + gnutls_x509_tlsfeatures_t feat; + unsigned int out; + gnutls_x509_crt_t crt; + unsigned critical = 5; + + ret = global_init(); + if (ret < 0) + fail("init %d\n", ret); + + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + assert(gnutls_x509_crt_init(&crt) >= 0); + + assert(gnutls_x509_crt_import(crt, &server_cert, GNUTLS_X509_FMT_PEM) >= 0); + + + assert(gnutls_x509_crt_get_tlsfeatures(crt, feat, 0, &critical) >= 0); + assert(critical == 0); + + assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0); + assert(out == 5); + + assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) != 0); + + /* append more features */ + assert(gnutls_x509_tlsfeatures_add(feat, 6) >= 0); + assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0); + + assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0); + assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0); + + gnutls_x509_tlsfeatures_deinit(feat); + + /* check whether a single TLSFeat with another value will fail verification */ + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + + assert(gnutls_x509_tlsfeatures_add(feat, 8) >= 0); + assert(gnutls_x509_tlsfeatures_check_crt(feat, crt) == 0); + + gnutls_x509_tlsfeatures_deinit(feat); + gnutls_x509_crt_deinit(crt); + gnutls_global_deinit(); +} + diff --git a/tests/tlsfeature-ext.c b/tests/tlsfeature-ext.c new file mode 100644 index 0000000..ce028cd --- /dev/null +++ b/tests/tlsfeature-ext.c @@ -0,0 +1,151 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include +#include +#include +#include +#include "utils.h" + +unsigned char der_feat_long[] = + "\x30\x82\x01\x80\x02\x01\x00\x02\x01\x01\x02\x01\x02\x02\x01\x03" + "\x02\x01\x04\x02\x01\x05\x02\x01\x06\x02\x01\x07\x02\x01\x08\x02" + "\x01\x09\x02\x01\x0A\x02\x01\x0B\x02\x01\x0C\x02\x01\x0D\x02\x01" + "\x0E\x02\x01\x0F\x02\x01\x10\x02\x01\x11\x02\x01\x12\x02\x01\x13" + "\x02\x01\x14\x02\x01\x15\x02\x01\x16\x02\x01\x17\x02\x01\x18\x02" + "\x01\x19\x02\x01\x1A\x02\x01\x1B\x02\x01\x1C\x02\x01\x1D\x02\x01" + "\x1E\x02\x01\x1F\x02\x01\x20\x02\x01\x21\x02\x01\x22\x02\x01\x23" + "\x02\x01\x24\x02\x01\x25\x02\x01\x26\x02\x01\x27\x02\x01\x28\x02" + "\x01\x29\x02\x01\x2A\x02\x01\x2B\x02\x01\x2C\x02\x01\x2D\x02\x01" + "\x2E\x02\x01\x2F\x02\x01\x30\x02\x01\x31\x02\x01\x32\x02\x01\x33" + "\x02\x01\x34\x02\x01\x35\x02\x01\x36\x02\x01\x37\x02\x01\x38\x02" + "\x01\x39\x02\x01\x3A\x02\x01\x3B\x02\x01\x3C\x02\x01\x3D\x02\x01" + "\x3E\x02\x01\x3F\x02\x01\x40\x02\x01\x41\x02\x01\x42\x02\x01\x43" + "\x02\x01\x44\x02\x01\x45\x02\x01\x46\x02\x01\x47\x02\x01\x48\x02" + "\x01\x49\x02\x01\x4A\x02\x01\x4B\x02\x01\x4C\x02\x01\x4D\x02\x01" + "\x4E\x02\x01\x4F\x02\x01\x50\x02\x01\x51\x02\x01\x52\x02\x01\x53" + "\x02\x01\x54\x02\x01\x55\x02\x01\x56\x02\x01\x57\x02\x01\x58\x02" + "\x01\x59\x02\x01\x5A\x02\x01\x5B\x02\x01\x5C\x02\x01\x5D\x02\x01" + "\x5E\x02\x01\x5F\x02\x01\x60\x02\x01\x61\x02\x01\x62\x02\x01\x63" + "\x02\x01\x64\x02\x01\x65\x02\x01\x66\x02\x01\x67\x02\x01\x68\x02" + "\x01\x69\x02\x01\x6A\x02\x01\x6B\x02\x01\x6C\x02\x01\x6D\x02\x01" + "\x6E\x02\x01\x6F\x02\x01\x70\x02\x01\x71\x02\x01\x72\x02\x01\x73" + "\x02\x01\x74\x02\x01\x75\x02\x01\x76\x02\x01\x77\x02\x01\x78\x02" + "\x01\x79\x02\x01\x7A\x02\x01\x7B\x02\x01\x7C\x02\x01\x7D\x02\x01" + "\x7E\x02\x01\x7F"; + +static gnutls_datum_t der_long = { der_feat_long, sizeof(der_feat_long)-1}; + +void doit(void) +{ + int ret; + gnutls_x509_tlsfeatures_t feat; + unsigned int out; + gnutls_datum_t der; + unsigned i; + + ret = global_init(); + if (ret < 0) + fail("init %d\n", ret); + + /* init and write >1 features + */ + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + + assert(gnutls_x509_tlsfeatures_add(feat, 2) >= 0); + assert(gnutls_x509_tlsfeatures_add(feat, 3) >= 0); + assert(gnutls_x509_tlsfeatures_add(feat, 5) >= 0); + assert(gnutls_x509_tlsfeatures_add(feat, 7) >= 0); + assert(gnutls_x509_tlsfeatures_add(feat, 11) >= 0); + + assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0); + + gnutls_x509_tlsfeatures_deinit(feat); + + /* re-load and read + */ + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + + assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0); + + assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) >= 0); + assert(out == 2); + + assert(gnutls_x509_tlsfeatures_get(feat, 1, &out) >= 0); + assert(out == 3); + + assert(gnutls_x509_tlsfeatures_get(feat, 2, &out) >= 0); + assert(out == 5); + + assert(gnutls_x509_tlsfeatures_get(feat, 3, &out) >= 0); + assert(out == 7); + + assert(gnutls_x509_tlsfeatures_get(feat, 4, &out) >= 0); + assert(out == 11); + + gnutls_x509_tlsfeatures_deinit(feat); + gnutls_free(der.data); + + /* check whether no feature is acceptable */ + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + + assert(gnutls_x509_ext_export_tlsfeatures(feat, &der) >= 0); + + gnutls_x509_tlsfeatures_deinit(feat); + + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + + assert(gnutls_x509_ext_import_tlsfeatures(&der, feat, 0) >= 0); + + assert(gnutls_x509_tlsfeatures_get(feat, 0, &out) == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + + gnutls_x509_tlsfeatures_deinit(feat); + + gnutls_free(der.data); + + /* check whether we can add a reasonable number of features */ + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + + for (i=0;i<128;i++) { + ret = gnutls_x509_tlsfeatures_add(feat, i); + if (ret < 0) { + assert(i>=32); + assert(ret == GNUTLS_E_INTERNAL_ERROR); + } + } + + gnutls_x509_tlsfeatures_deinit(feat); + + /* check whether we can import a very long list */ + assert(gnutls_x509_tlsfeatures_init(&feat) >= 0); + + assert(gnutls_x509_ext_import_tlsfeatures(&der_long, feat, 0) == GNUTLS_E_INTERNAL_ERROR); + + gnutls_x509_tlsfeatures_deinit(feat); + + gnutls_global_deinit(); +} + diff --git a/tests/tpm2.sh b/tests/tpm2.sh new file mode 100755 index 0000000..6f8e44c --- /dev/null +++ b/tests/tpm2.sh @@ -0,0 +1,231 @@ +#!/bin/sh + +# Copyright (C) 2018-2019 IBM Corporation +# Copyright (C) 2019,2021 Red Hat, Inc. +# +# Author: Stefan Berger, Nikos Mavrogiannopoulos, Daiki Ueno +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +KEYPEMFILE=tpmkey.$$.key.pem +CTXFILE=tpmkey.$$.ctx + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if [ -z "$(which swtpm 2>/dev/null)" ]; then + echo "Need swtpm package to run this test." + exit 77 +fi + +if [ -z "$(which ncat 2>/dev/null)" ]; then + echo "Need ncat from nmap-ncat package to run this test." + exit 77 +fi + +if [ -z "$(which tpm2_startup 2>/dev/null)" ]; then + echo "Need tpm2_startup from tpm2-tools package to run this test." + exit 77 +fi + +if [ -z "$(which base64 2>/dev/null)" ]; then + echo "Need the base64 tool to run this test." + exit 77 +fi + +if [ -z "$(which tpm2tss-genkey 2>/dev/null)" ]; then + echo "Need tpm2tss-genkey from tpm2-tss-engine package to run this test." + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +workdir=$(mktemp -d) + +PORT=2321 +SWTPM_SERVER_PORT=$PORT +echo "Server port: $PORT" +SWTPM_CTRL_PORT=$((SWTPM_SERVER_PORT + 1)) # fake port used by ncat only +echo "Ncat port: $SWTPM_CTRL_PORT" +echo "Directory: $workdir" + +SWTPM_PIDFILE=${workdir}/swtpm.pid + +eval "${GETPORT}" + +TCSD_LISTEN_PORT=$PORT +export TSS_TCSD_PORT=$TCSD_LISTEN_PORT +echo "TCSD port: $PORT" + +export TPM2TOOLS_TCTI="mssim:host=127.0.0.1,port=${SWTPM_SERVER_PORT}" +export TPM2TSSENGINE_TCTI="$TPM2TOOLS_TCTI" +export TPM20TEST_TCTI_NAME="socket" +export TPM20TEST_SOCKET_PORT=${SWTPM_SERVER_PORT} +export TPM20TEST_SOCKET_ADDRESS="127.0.0.1" + +cleanup() +{ + echo "Cleaning up" + stop_swtpm + rm -f ${KEYPEMFILE} + if [ -n "$workdir" ]; then + rm -rf $workdir + fi +} + +start_swtpm() +{ + local workdir="$1" + + local res + + echo "" + echo " - Starting swtpm" + + swtpm socket \ + --tpm2 \ + --flags not-need-init \ + --pid file=$SWTPM_PIDFILE \ + --tpmstate dir=$workdir \ + --server type=tcp,bindaddr=127.0.0.1,port=$SWTPM_SERVER_PORT & + + if wait_for_file $SWTPM_PIDFILE 3; then + echo "Starting the swtpm failed" + return 1 + fi + + echo " - Starting ncat" + + SWTPM_PID=$(cat $SWTPM_PIDFILE) + kill -0 ${SWTPM_PID} + if [ $? -ne 0 ]; then + echo "swtpm must have terminated" + return 1 + fi + + ncat -l ${SWTPM_CTRL_PORT} \ + -k -c "xargs --null -n1 printf '\x00\x00\x00\x00'" &>/dev/null & + if [ $? -ne 0 ]; then + echo "Could not start ncat" + stop_swtpm + return 1 + fi + NCAT_PID=$! + sleep 1 + kill -0 ${NCAT_PID} + if [ $? -ne 0 ]; then + echo "ncat must have been terminated" + stop_swtpm + return 1 + fi + + echo " - Running tpm2_startup" + msg=$(tpm2_startup -V -c 2>&1) + if [ $? -ne 0 ]; then + echo "TPM2_Startup() failed" + echo "${msg}" + stop_swtpm + return 1 + fi + + echo " - Startup completed" + sleep 1 + + return 0 +} + +stop_swtpm() +{ + if [ -n "${SWTPM_PID}" ]; then + echo terminate_proc ${SWTPM_PID} + terminate_proc ${SWTPM_PID} + unset SWTPM_PID + fi + + if [ -n "${NCAT_PID}" ]; then + terminate_proc ${NCAT_PID} + unset NCAT_PID + fi +} + +run_tests() +{ + local workdir="$1" + local OPASS=12345678 + local EPASS=23456789 + local LPASS=34567890 +# local OBJPASS=012345 + local kalg=$2 + + [ -z "$workdir" ] && { + echo "No workdir" + return 1 + } + + start_swtpm $workdir + + echo " - Set owner authorization" + tpm2_changeauth -c owner ${OPASS} + echo " - Set endorsement authorization" + tpm2_changeauth -c endorsement ${EPASS} + echo " - Set lockout authorization" + tpm2_changeauth -c lockout ${LPASS} + + echo " - Generating ${KEYPEMFILE}" + tpm2tss-genkey -a ${kalg} -o ${OPASS} ${KEYPEMFILE} + if [ $? -ne 0 ]; then + echo "unable to generate key" + return 1 + fi + cat ${KEYPEMFILE} + + echo " - Generating certificate based on key" + + export GNUTLS_PIN=${OPASS} + "${CERTTOOL}" --generate-self-signed -d 3 \ + --load-privkey "${KEYPEMFILE}" \ + --template "${srcdir}/cert-tests/templates/template-test.tmpl" + if [ $? -ne 0 ]; then + echo "unable to generate certificate" + return 1 + fi + + if test "${kalg}" = "rsa";then + echo " - Generating RSA-PSS certificate based on key" + "${CERTTOOL}" --generate-self-signed -d 3 \ + --load-privkey "${KEYPEMFILE}" \ + --sign-params rsa-pss \ + --template "${srcdir}/cert-tests/templates/template-test.tmpl" + if [ $? -ne 0 ]; then + echo "unable to generate certificate" + return 1 + fi + fi + + stop_swtpm + echo "Ok" + + return 0 +} + +trap "cleanup" EXIT QUIT + +run_tests "$workdir" ecdsa +run_tests "$workdir" rsa diff --git a/tests/tpmtool_test.sh b/tests/tpmtool_test.sh new file mode 100755 index 0000000..77fe17e --- /dev/null +++ b/tests/tpmtool_test.sh @@ -0,0 +1,444 @@ +#!/bin/sh + +# Copyright (C) 2018 IBM Corporation +# +# Author: Stefan Berger +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../src/certtool${EXEEXT}} +: ${TPMTOOL=../src/tpmtool${EXEEXT}} + +if [ "$(id -u)" -ne 0 ]; then + echo "Need to be root to run this test." + exit 77 +fi + +if [ -z "$(which swtpm 2>/dev/null)" ]; then + echo "Need swtpm package to run this test." + exit 77 +fi + +if [ -z "$(which tcsd 2>/dev/null)" ]; then + echo "Need tcsd (TrouSerS) package to run this test." + exit 77 +fi + +if [ -z "$(which tpm_createek 2>/dev/null)" ]; then + echo "Need tpm_createek from tpm-tools package to run this test." + exit 77 +fi + +if [ -z "$(which ncat 2>/dev/null)" ]; then + echo "Need ncat from nmap-ncat package to run this test." + exit 77 +fi + +if [ -z "$(which expect 2>/dev/null)" ]; then + echo "Need expect from expect package to run this test." + exit 77 +fi + +$TPMTOOL --help >/dev/null +if [ $? -ne 0 ]; then + echo "tpmtool cannot show help screen (TPMTOOL=$TPMTOOL)." + exit 77 +fi + +$CERTTOOL --help >/dev/null +if [ $? -ne 0 ]; then + echo "certtool cannot show help screen (CERTTOOL=$CERTTOOL)." + exit 77 +fi + +. "${srcdir}/scripts/common.sh" + +workdir=$(mktemp -d) + +SWTPM_SERVER_PORT=12345 +SWTPM_CTRL_PORT=$((SWTPM_SERVER_PORT + 1)) +SWTPM_PIDFILE=${workdir}/swtpm.pid +TCSD_LISTEN_PORT=12347 +export TSS_TCSD_PORT=$TCSD_LISTEN_PORT + +cleanup() +{ + stop_tcsd + if [ -n "$workdir" ]; then + rm -rf $workdir + fi +} + +start_swtpm() +{ + local workdir="$1" + + local res + + swtpm socket \ + --flags not-need-init \ + --pid file=$SWTPM_PIDFILE \ + --tpmstate dir=$workdir \ + --server type=tcp,port=$SWTPM_SERVER_PORT,disconnect \ + --ctrl type=tcp,port=$SWTPM_CTRL_PORT & + + if wait_for_file $SWTPM_PIDFILE 3; then + echo "Starting the swtpm failed" + return 1 + fi + + SWTPM_PID=$(cat $SWTPM_PIDFILE) + kill -0 ${SWTPM_PID} + if [ $? -ne 0 ]; then + echo "swtpm must have terminated" + return 1 + fi + + # Send TPM_Startup to TPM + res="$(/bin/echo -en '\x00\xC1\x00\x00\x00\x0C\x00\x00\x00\x99\x00\x01' | + ncat localhost ${SWTPM_SERVER_PORT} | od -tx1 -An)" + exp=' 00 c4 00 00 00 0a 00 00 00 00' + if [ "$res" != "$exp" ]; then + echo "Did not get expected response from TPM_Startup(ST_CLEAR)" + echo "expected: $exp" + echo "received: $res" + return 1 + fi + + return 0 +} + +stop_swtpm() +{ + if [ -n "$SWTPM_PID" ]; then + terminate_proc $SWTPM_PID + unset SWTPM_PID + fi +} + +start_tcsd() +{ + local workdir="$1" + + local tcsd_conf=$workdir/tcsd.conf + local tcsd_system_ps_file=$workdir/system_ps_file + local tcsd_pidfile=$workdir/tcsd.pid + local owner + + start_swtpm "$workdir" + [ $? -ne 0 ] && return 1 + + cat <<_EOF_ > $tcsd_conf +port = $TCSD_LISTEN_PORT +system_ps_file = $tcsd_system_ps_file +_EOF_ + # older versions of trousers require tss:tss ownership of the + # config file, later ones root:tss + for owner in tss root; do + if [ "$owner" = "tss" ]; then + chmod 0600 $tcsd_conf + else + chmod 0640 $tcsd_conf + fi + chown $owner:tss $tcsd_conf + + bash -c "TCSD_USE_TCP_DEVICE=1 TCSD_TCP_DEVICE_PORT=$SWTPM_SERVER_PORT tcsd -c $tcsd_conf -e -f &>/dev/null & echo \$! > $tcsd_pidfile; wait" & + BASH_PID=$! + + if wait_for_file $tcsd_pidfile 3; then + echo "Could not get TCSD's PID file" + return 1 + fi + + sleep 0.5 + TCSD_PID=$(cat $tcsd_pidfile) + kill -0 "${TCSD_PID}" + if [ $? -ne 0 ]; then + # Try again with other owner + continue + fi + return 0 + done + + echo "TCSD could not be started" + return 1 +} + +stop_tcsd() +{ + if [ -n "$TCSD_PID" ]; then + terminate_proc $TCSD_PID + unset TCSD_PID + fi + stop_swtpm +} + +run_tpm_takeownership() +{ + local owner_password="$1" + local srk_password="$2" + + local prg out rc + local parm_z="" + + if [ -z "$srk_password" ]; then + parm_z="--srk-well-known" + fi + + prg="set parm_z \"$parm_z\" + spawn tpm_takeownership \$parm_z + expect { + \"Enter owner password:\" + { send \"$owner_password\n\" } + } + expect { + \"Confirm password:\" + { send \"$owner_password\n\" } + } + if { \$parm_z == \"\" } { + expect { + \"Enter SRK password:\" + { send \"$srk_password\n\" } + } + expect { + \"Confirm password:\" + { send \"$srk_password\n\" } + } + } + expect { + eof + } + catch wait result + exit [lindex \$result 3] + " + out=$(expect -c "$prg") + rc=$? + echo "$out" + return $rc +} + +setup_tcsd() +{ + local workdir="$1" + local owner_password="$2" + local srk_password="$3" + + local msg + + start_tcsd "$workdir" + [ $? -ne 0 ] && return 1 + + tpm_createek + [ $? -ne 0 ] && { + echo "Could not create EK" + return 1 + } + msg="$(run_tpm_takeownership "$owner_password" "$srk_password")" + [ $? -ne 0 ] && { + echo "Could not take ownership of TPM" + echo "$msg" + return 1 + } + return 0 +} + +run_tpmtool() +{ + local srk_password="$1" + local key_password="$2" + + shift 2 + + local prg out rc + + prg="spawn $TPMTOOL $@ + expect { + \"Enter SRK password:\" { + send \"$srk_password\n\" + exp_continue + } + \"Enter key password:\" { + send \"$key_password\n\" + exp_continue + } + \"tpmkey:\" { + exp_continue + } + eof + } + catch wait result + exit [lindex \$result 3] + " + out=$(expect -c "$prg") + rc=$? + echo "$out" + return $rc +} + +tpmtool_test() +{ + local workdir="$1" + local owner_password="$2" + local srk_password="$3" + local key_password="$4" + local register=$5 # whether to --register the key + + local params msg tpmkeyurl + local tpmpubkey=${workdir}/tpmpubkey.pem + local tpmca=${workdir}/tpmca.pem + local template=${workdir}/template + local tpmkey=${workdir}/tpmkey.pem # if --register is not used + + setup_tcsd "$workdir" "$owner_password" "$srk_password" + [ $? -ne 0 ] && return 1 + + if [ -z "$srk_password" ]; then + params="--srk-well-known" + unset GNUTLS_PIN + else + export GNUTLS_PIN="$srk_password" + fi + + if [ $register -ne 0 ]; then + # --register key + msg="$(run_tpmtool "$srk_password" "$key_password" \ + $params --register --generate-rsa --signing)" + [ $? -ne 0 ] && { + echo "Could not create TPM signing key" + echo "$msg" + return 1 + } + tpmkeyurl=$(echo "$msg" | sed -n 's/\(tpmkey:uuid=[^;]*\);.*/\1/p') + [ -z "$tpmkeyurl" ] && { + echo "Could not get TPM key URL" + return 1 + } + else + msg="$(run_tpmtool "$srk_password" "$key_password" \ + $params --generate-rsa --signing --outfile ${tpmkey})" + [ $? -ne 0 ] && { + echo "Could not create TPM signing key" + echo "$msg" + return 1 + } + tpmkeyurl="tpmkey:file=${tpmkey}" + fi + + if [ $register -ne 0 ]; then + msg=$(run_tpmtool "$srk_password" "$key_password" \ + $params --test-sign $tpmkeyurl) + [ $? -ne 0 ] && { + echo "Could not test sign with key $tpmkeyurl" + echo "$msg" + return 1 + } + fi + + msg=$(run_tpmtool "$srk_password" "$key_password" \ + $params --pubkey "$tpmkeyurl" --outfile "$tpmpubkey") + [ $? -ne 0 ] && { + echo "Could not get TPM key's public key" + echo "$msg" + return 1 + } + + cat <<_EOF_ >${template} +cn = test +ca +cert_signing_key +expiration_days = 1 +_EOF_ + + msg=$($CERTTOOL \ + --generate-self-signed \ + --template ${template} \ + --outfile ${tpmca} \ + --load-privkey ${tpmkeyurl} \ + --load-pubkey ${tpmpubkey} 2>&1) + [ $? -ne 0 ] && { + echo "Could not create self-signed certificate" + echo "$msg" + return 1 + } + + echo "Successfully created TPM root CA cert using key $tpmkeyurl" + + if [ $register -ne 0 ]; then + if [ -z "$($TPMTOOL --list | grep "${tpmkeyurl}")" ]; then + echo "TPM key '${tpmkeyurl}' was not found in list of TPM keys" + return 1 + fi + + msg=$(run_tpmtool "$srk_password" "$key_password" \ + $params --delete $tpmkeyurl) + [ $? -ne 0 ] && { + echo "Could not delete TPM key ${tpmkeyurl}" + echo "$msg" + return 1 + } + + if [ -n "$($TPMTOOL --list | grep "$tpmkeyurl")" ]; then + echo "TPM key '$tpmkeyurl' was not properly deleted" + return 1 + fi + fi + + stop_tcsd +} + +run_tests() +{ + local workdir="$1" + + [ -z "$workdir" ] && { + echo "No workdir" + return 1 + } + local srk_password key_password + local owner_password="owner" + local register + + register=1 + # Test with --register; key password is not needed + for srk_password in "" "s"; do + tpmtool_test "$workdir" "$owner_password" "$srk_password" "" "$register" + [ $? -ne 0 ] && return 1 + stop_tcsd + rm ${workdir}/* + done + + # Test without --register; the key needs a password, but it has to be the same as the + # srk_password due to a bug in TrouSerS + register=0 + for srk_password in "s"; do + key_password=$srk_password + tpmtool_test "$workdir" "$owner_password" "$srk_password" "$key_password" "$register" + [ $? -ne 0 ] && return 1 + stop_tcsd + rm ${workdir}/* + done + + echo "Ok" + + return 0 +} + +trap "cleanup" EXIT QUIT + +run_tests "$workdir" +exit $? diff --git a/tests/trust-store.c b/tests/trust-store.c new file mode 100644 index 0000000..83f9dda --- /dev/null +++ b/tests/trust-store.c @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2017 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* Test for gnutls_certificate_set_x509_system_trust() + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + + +void doit(void) +{ + gnutls_certificate_credentials_t x509_cred; + int ret; + + gnutls_global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + assert(gnutls_certificate_allocate_credentials(&x509_cred) >= 0); + + ret = gnutls_certificate_set_x509_system_trust(x509_cred); + if (ret == GNUTLS_E_UNIMPLEMENTED_FEATURE) { + exit(77); + } else if (ret < 0) { + fail("error loading system trust store: %s\n", gnutls_strerror(ret)); + } else if (ret == 0) { + fail("no certificates were found in system trust store!\n"); + } + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/trustdb-tofu.c b/tests/trustdb-tofu.c new file mode 100644 index 0000000..5917fad --- /dev/null +++ b/tests/trustdb-tofu.c @@ -0,0 +1,290 @@ +/* + * Copyright (C) 2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "cert-common.h" + + +/* This will test whether the default public key storage backend + * is operating properly */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +static unsigned char tofu_server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t tofu_server_cert = { tofu_server_cert_pem, + sizeof(tofu_server_cert_pem) +}; + +static char client_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" + "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" + "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" + "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" + "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" + "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" + "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" + "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" + "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" + "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t client_cert = + { (void *) client_pem, sizeof(client_pem) }; + +#define TMP_FILE "mini-tdb.tmp" +#define HOSTS_DIR ".gnutls/" +#define HOSTS_FILE HOSTS_DIR"known_hosts" + +#define SHA1_HASH "\x53\x4b\x3b\xdc\x5e\xc8\x44\x4c\x02\x20\xbf\x39\x48\x6f\x4c\xfe\xcd\x25\x52\x10" + +void doit(void) +{ + gnutls_datum_t der_cert, der_cert2; + gnutls_datum_t der_rawpk, der_rawpk2; + int ret; + gnutls_datum_t hash; + char path[512]; + + /* the sha1 hash of the server's pubkey */ + hash.data = (void *) SHA1_HASH; + hash.size = sizeof(SHA1_HASH) - 1; + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + // X.509 certificates + ret = + gnutls_pem_base64_decode_alloc("CERTIFICATE", &tofu_server_cert, + &der_cert); + if (ret < 0) { + fail("base64 decoding\n"); + goto fail; + } + + ret = + gnutls_pem_base64_decode_alloc("CERTIFICATE", &client_cert, + &der_cert2); + if (ret < 0) { + fail("base64 decoding\n"); + goto fail; + } + + // Raw public keys + ret = + gnutls_pem_base64_decode_alloc("PUBLIC KEY", &rawpk_public_key1, + &der_rawpk); + if (ret < 0) { + fail("base64 decoding\n"); + goto fail; + } + + ret = + gnutls_pem_base64_decode_alloc("PUBLIC KEY", &rawpk_public_key2, + &der_rawpk2); + if (ret < 0) { + fail("base64 decoding\n"); + goto fail; + } + + remove(HOSTS_FILE); + remove(TMP_FILE); + + /* verify whether the stored hash verification succeeds */ + ret = gnutls_store_commitment(TMP_FILE, NULL, "localhost", "https", + GNUTLS_DIG_SHA1, &hash, 0, GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN); + if (ret != 0) { + fail("commitment storage: %s\n", gnutls_strerror(ret)); + goto fail; + } + + if (debug) + success("Commitment storage: passed\n"); + + ret = + gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost", + "https", GNUTLS_CRT_X509, + &der_cert, 0); + remove(TMP_FILE); + + if (ret != 0) { + fail("commitment verification: %s\n", + gnutls_strerror(ret)); + goto fail; + } + + if (debug) + success("Commitment verification: passed\n"); + + /* Verify access to home dir */ +#ifndef _WIN32 + setenv("HOME", getcwd(path, sizeof(path)), 1); + + /* verify whether the stored hash verification succeeeds */ + ret = gnutls_store_commitment(NULL, NULL, "localhost", "https", + GNUTLS_DIG_SHA1, &hash, 0, GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN); + if (ret != 0) { + fail("commitment storage: %s\n", gnutls_strerror(ret)); + goto fail; + } + + if (debug) + success("Commitment storage: passed\n"); + + ret = + gnutls_verify_stored_pubkey(NULL, NULL, "localhost", + "https", GNUTLS_CRT_X509, + &der_cert, 0); + + if (ret != 0) { + fail("commitment verification: %s\n", + gnutls_strerror(ret)); + goto fail; + } + + if (debug) + success("Commitment from homedir verification: passed\n"); +#endif + + /* verify whether the stored pubkey verification succeeds */ + // First we test regular X.509 certs + ret = gnutls_store_pubkey(TMP_FILE, NULL, "localhost", "https", + GNUTLS_CRT_X509, &der_cert, 0, 0); + if (ret != 0) { + fail("storage: %s\n", gnutls_strerror(ret)); + goto fail; + } + + if (debug) + success("Public key storage (from cert): passed\n"); + + ret = + gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost", + "https", GNUTLS_CRT_X509, + &der_cert, 0); + if (ret != 0) { + fail("pubkey verification (from cert): %s\n", gnutls_strerror(ret)); + goto fail; + } + + ret = + gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost", + "https", GNUTLS_CRT_X509, + &der_cert2, 0); + if (ret == 0) { + fail("verification succeeded when shouldn't!\n"); + goto fail; + } + if (ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { + fail("Wrong error code returned: %s!\n", + gnutls_strerror(ret)); + goto fail; + } + + if (debug) + success("Public key verification (from cert): passed\n"); + + // Secondly we test raw public keys + ret = gnutls_store_pubkey(TMP_FILE, NULL, "localhost", "https", + GNUTLS_CRT_RAWPK, &der_rawpk, 0, 0); + if (ret != 0) { + fail("storage: %s\n", gnutls_strerror(ret)); + goto fail; + } + + if (debug) + success("Public key storage (from raw pk): passed\n"); + + ret = + gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost", + "https", GNUTLS_CRT_RAWPK, + &der_rawpk, 0); + if (ret != 0) { + fail("pubkey verification (from raw pk): %s\n", gnutls_strerror(ret)); + goto fail; + } + + ret = + gnutls_verify_stored_pubkey(TMP_FILE, NULL, "localhost", + "https", GNUTLS_CRT_RAWPK, + &der_rawpk2, 0); + if (ret == 0) { + fail("verification succeeded when shouldn't!\n"); + goto fail; + } + if (ret != GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { + fail("Wrong error code returned: %s!\n", + gnutls_strerror(ret)); + goto fail; + } + + if (debug) + success("Public key verification (from raw pk): passed\n"); + + remove(HOSTS_FILE); + remove(TMP_FILE); + rmdir(HOSTS_DIR); + + gnutls_global_deinit(); + gnutls_free(der_cert.data); + gnutls_free(der_cert2.data); + gnutls_free(der_rawpk.data); + gnutls_free(der_rawpk2.data); + + return; + fail: + remove(HOSTS_FILE); + remove(TMP_FILE); + rmdir(HOSTS_DIR); + exit(1); +} diff --git a/tests/urls.c b/tests/urls.c new file mode 100644 index 0000000..6487f0a --- /dev/null +++ b/tests/urls.c @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +void doit(void) +{ + global_init(); + +#ifdef ENABLE_PKCS11 + assert(gnutls_url_is_supported("pkcs11:xxx") > 0); +#endif + +#ifdef HAVE_TROUSERS + assert(gnutls_url_is_supported("tpmkey:xxx") > 0); +#endif + + assert(gnutls_url_is_supported("unknown-url:xxx") == 0); + + gnutls_global_deinit(); +} diff --git a/tests/utils-adv.c b/tests/utils-adv.c new file mode 100644 index 0000000..8291e18 --- /dev/null +++ b/tests/utils-adv.c @@ -0,0 +1,375 @@ +/* + * Copyright (C) 2008-2016 Free Software Foundation, Inc. + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" + +/* internal function */ +int _gnutls_server_name_set_raw(gnutls_session_t session, + gnutls_server_name_type_t type, + const void *name, size_t name_length); + +const char *side = NULL; + +/* if @host is NULL certificate check is skipped */ +int +_test_cli_serv(gnutls_certificate_credentials_t server_cred, + gnutls_certificate_credentials_t client_cred, + const char *serv_prio, const char *cli_prio, + const char *host, + void *priv, callback_func *client_cb, callback_func *server_cb, + unsigned expect_verification_failure, + unsigned require_cert, + int serv_err, + int cli_err) +{ + int ret; + /* Server stuff. */ + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + reset_buffers(); + + /* Init server */ + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + server_cred); + ret = gnutls_priority_set_direct(server, serv_prio, NULL); + if (ret < 0) { + fail("error in server priority: %s\n", serv_prio); + } + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + if (require_cert) + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUIRE); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + if (host) { + if (strncmp(host, "raw:", 4) == 0) { + assert(_gnutls_server_name_set_raw(client, GNUTLS_NAME_DNS, host+4, strlen(host+4))>=0); + host += 4; + } else { + assert(gnutls_server_name_set(client, GNUTLS_NAME_DNS, host, strlen(host))>=0); + } + } + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + client_cred); + if (ret < 0) + exit(1); + + ret = gnutls_priority_set_direct(client, cli_prio, NULL); + if (ret < 0) { + fail("error in client priority: %s\n", cli_prio); + } + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + if (cli_err == 0 && serv_err == 0) { + HANDSHAKE(client, server); + } else { + HANDSHAKE_EXPECT(client, server, cli_err, serv_err); + goto cleanup; + } + + /* check the number of certificates received and verify */ + if (host) { + gnutls_typed_vdata_st data[2]; + unsigned status; + + memset(data, 0, sizeof(data)); + + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)host; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (expect_verification_failure && status != 0) { + ret = status; + goto cleanup; + } else if (expect_verification_failure && status == 0) { + fail("expected verification failure but verification succeeded!\n"); + } + + if (status != 0) { + gnutls_datum_t t; + assert(gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, &t, 0)>=0); + fail("could not verify certificate for '%s': %.4x: %s\n", host, status, t.data); + gnutls_free(t.data); + exit(1); + } + + /* check gnutls_certificate_verify_peers3 */ + ret = gnutls_certificate_verify_peers3(client, host, &status); + if (ret < 0) { + fail("could not verify certificate: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + gnutls_datum_t t; + assert(gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, &t, 0)>=0); + fail("could not verify certificate3: %.4x: %s\n", status, t.data); + gnutls_free(t.data); + exit(1); + } + } + + if (cret >= 0) + gnutls_bye(client, GNUTLS_SHUT_RDWR); + if (sret >= 0) + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + ret = 0; + cleanup: + if (client_cb) + client_cb(client, priv); + if (server_cb) + server_cb(server, priv); + + gnutls_deinit(client); + gnutls_deinit(server); + + return ret; +} + +/* An expected to succeed run */ +void +test_cli_serv(gnutls_certificate_credentials_t server_cred, + gnutls_certificate_credentials_t client_cred, + const char *prio, const char *host, + void *priv, callback_func *client_cb, callback_func *server_cb) +{ + _test_cli_serv(server_cred, client_cred, prio, prio, host, priv, client_cb, server_cb, 0, 0, 0, 0); +} + +int +test_cli_serv_anon(gnutls_anon_server_credentials_t server_cred, + gnutls_anon_client_credentials_t client_cred, + const char *prio) +{ + int ret; + /* Server stuff. */ + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + reset_buffers(); + + /* Init server */ + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_ANON, + server_cred); + gnutls_priority_set_direct(server, prio, NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_ANON, + client_cred); + if (ret < 0) + exit(1); + + gnutls_priority_set_direct(client, prio, NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + ret = 0; + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + return ret; +} + +int +test_cli_serv_psk(gnutls_psk_server_credentials_t server_cred, + gnutls_psk_client_credentials_t client_cred, + const char *prio) +{ + int ret; + /* Server stuff. */ + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + /* General init. */ + reset_buffers(); + + /* Init server */ + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_PSK, + server_cred); + gnutls_priority_set_direct(server, prio, NULL); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_PSK, + client_cred); + if (ret < 0) + exit(1); + + gnutls_priority_set_direct(client, prio, NULL); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + ret = 0; + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + return ret; +} + +void +test_cli_serv_cert(gnutls_certificate_credentials_t server_cred, + gnutls_certificate_credentials_t client_cred, + const char *serv_prio, const char *cli_prio, const char *host) +{ + _test_cli_serv(server_cred, client_cred, serv_prio, cli_prio, host, NULL, NULL, NULL, 0, 1, 0, 0); +} + +void +test_cli_serv_expect(gnutls_certificate_credentials_t server_cred, + gnutls_certificate_credentials_t client_cred, + const char *serv_prio, const char *cli_prio, const char *host, + int serv_err, int cli_err) +{ + _test_cli_serv(server_cred, client_cred, serv_prio, cli_prio, host, NULL, NULL, NULL, 0, 0, serv_err, cli_err); +} + +/* An expected to fail verification run. Returns verification status */ +unsigned +test_cli_serv_vf(gnutls_certificate_credentials_t server_cred, + gnutls_certificate_credentials_t client_cred, + const char *prio, const char *host) +{ + return _test_cli_serv(server_cred, client_cred, prio, prio, host, NULL, NULL, NULL, 1, 0, 0, 0); +} + +void print_dh_params_info(gnutls_session_t session) +{ + unsigned i; + int ret; + gnutls_datum_t pubkey, gen, prime; + + ret = gnutls_dh_get_prime_bits(session); + if (ret < 512) { + fail("client: too small prime size: %d\n", ret); + } + + ret = gnutls_dh_get_secret_bits(session); + if (ret < 225) { + fail("client: too small secret key size: %d\n", ret); + } + + ret = gnutls_dh_get_pubkey(session, &pubkey); + if (ret < 0) { + fail("error retrieving the public key\n"); + } + + if (pubkey.size == 0) { + fail("retrieved pubkey is empty!\n"); + } + + printf("pubkey: \n"); + for (i=0;i +#endif + +#include +#include +#include +#include +#include +#include +#include +#ifndef _WIN32 +#include +#include +#include +#else +#include /* for Sleep */ +#include +#endif + +#include +#include + +#include + +#include "utils.h" + +int debug = 0; +int error_count = 0; +int break_on_error = 0; + +/* doc/credentials/dhparams/rfc3526-group-14-2048.pem */ +const char *pkcs3 = + "-----BEGIN DH PARAMETERS-----\n" + "MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n" + "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft\n" + "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n" + "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n" + "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n" + "5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==\n" + "-----END DH PARAMETERS-----\n"; + +/* doc/credentials/dhparams/rfc7919-ffdhe2048.pem */ +const char *pkcs3_2048 = + "-----BEGIN DH PARAMETERS-----\n" + "MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" + "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" + "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" + "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" + "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" + "ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==\n" + "-----END DH PARAMETERS-----\n"; + +/* doc/credentials/dhparams/rfc7919-ffdhe3072.pem */ +const char *pkcs3_3072 = + "-----BEGIN DH PARAMETERS-----\n" + "MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz\n" + "+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a\n" + "87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7\n" + "YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi\n" + "7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD\n" + "ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3\n" + "7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32\n" + "nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu\n" + "N///////////AgEC\n" + "-----END DH PARAMETERS-----\n"; + +void _fail(const char *format, ...) +{ + va_list arg_ptr; + + va_start(arg_ptr, format); +#ifdef HAVE_VASPRINTF + char *str = NULL; + vasprintf(&str, format, arg_ptr); + + if (str) + fputs(str, stderr); +#else + { + char str[1024]; + + vsnprintf(str, sizeof(str), format, arg_ptr); + fputs(str, stderr); + } +#endif + va_end(arg_ptr); + error_count++; + exit(1); +} + +void fail_ignore(const char *format, ...) +{ + char str[1024]; + va_list arg_ptr; + + va_start(arg_ptr, format); + vsnprintf(str, sizeof(str), format, arg_ptr); + va_end(arg_ptr); + fputs(str, stderr); + error_count++; + exit(77); +} + +void sec_sleep(int sec) +{ + int ret; +#ifdef HAVE_NANOSLEEP + struct timespec ts; + + ts.tv_sec = sec; + ts.tv_nsec = 0; + do { + ret = nanosleep(&ts, NULL); + } while (ret == -1 && errno == EINTR); + if (ret == -1) + abort(); +#else + do { + ret = sleep(sec); + } while (ret == -1 && errno == EINTR); +#endif +} + +void success(const char *format, ...) +{ + char str[1024]; + va_list arg_ptr; + + va_start(arg_ptr, format); + vsnprintf(str, sizeof(str), format, arg_ptr); + va_end(arg_ptr); + fputs(str, stderr); +} + +void escapeprint(const char *str, size_t len) +{ + size_t i; + + printf(" (length %d bytes):\n\t'", (int)len); + for (i = 0; i < len; i++) { + if (((str[i] & 0xFF) >= 'A' && (str[i] & 0xFF) <= 'Z') || + ((str[i] & 0xFF) >= 'a' && (str[i] & 0xFF) <= 'z') || + ((str[i] & 0xFF) >= '0' && (str[i] & 0xFF) <= '9') + || (str[i] & 0xFF) == ' ' || (str[i] & 0xFF) == '.') + printf("%c", (str[i] & 0xFF)); + else + printf("\\x%02X", (str[i] & 0xFF)); + if ((i + 1) % 16 == 0 && (i + 1) < len) + printf("'\n\t'"); + } + printf("\n"); +} + +void c_print(const unsigned char *str, size_t len) +{ + size_t i; + + printf(" (length %d bytes):\n\t\"", (int)len); + for (i = 0; i < len; i++) { + printf("\\x%02X", (str[i] & 0xFF)); + if ((i + 1) % 16 == 0 && (i + 1) < len) + printf("\"\n\t\""); + } + printf("\"\n"); +} + +void hexprint(const void *_str, size_t len) +{ + size_t i; + const char *str = _str; + + printf("\t;; "); + for (i = 0; i < len; i++) { + printf("%02x ", (str[i] & 0xFF)); + if ((i + 1) % 8 == 0) + printf(" "); + if ((i + 1) % 16 == 0 && i + 1 < len) + printf("\n\t;; "); + } + printf("\n"); +} + +void binprint(const void *_str, size_t len) +{ + size_t i; + const char *str = _str; + + printf("\t;; "); + for (i = 0; i < len; i++) { + printf("%d%d%d%d%d%d%d%d ", + (str[i] & 0xFF) & 0x80 ? 1 : 0, + (str[i] & 0xFF) & 0x40 ? 1 : 0, + (str[i] & 0xFF) & 0x20 ? 1 : 0, + (str[i] & 0xFF) & 0x10 ? 1 : 0, + (str[i] & 0xFF) & 0x08 ? 1 : 0, + (str[i] & 0xFF) & 0x04 ? 1 : 0, + (str[i] & 0xFF) & 0x02 ? 1 : 0, + (str[i] & 0xFF) & 0x01 ? 1 : 0); + if ((i + 1) % 3 == 0) + printf(" "); + if ((i + 1) % 6 == 0 && i + 1 < len) + printf("\n\t;; "); + } + printf("\n"); +} + +int main(int argc, char *argv[]) +{ + do + if (strcmp(argv[argc - 1], "-v") == 0 || + strcmp(argv[argc - 1], "--verbose") == 0) + debug = 1; + else if (strcmp(argv[argc - 1], "-b") == 0 || + strcmp(argv[argc - 1], "--break-on-error") == 0) + break_on_error = 1; + else if (strcmp(argv[argc - 1], "-h") == 0 || + strcmp(argv[argc - 1], "-?") == 0 || + strcmp(argv[argc - 1], "--help") == 0) { + printf + ("Usage: %s [-vbh?] [--verbose] [--break-on-error] [--help]\n", + argv[0]); + return 1; + } + while (argc-- > 1) ; + + doit(); + + if (debug || error_count > 0) + printf("Self test `%s' finished with %d errors\n", argv[0], + error_count); + + return error_count ? 1 : 0; +} + +struct tmp_file_st { + char file[TMPNAME_SIZE]; + struct tmp_file_st *next; +}; + +static struct tmp_file_st *temp_files = (void*)-1; + +static void append(const char *file) +{ + struct tmp_file_st *p; + + if (temp_files == (void*)-1) + return; + + p = calloc(1, sizeof(*p)); + + assert(p != NULL); + snprintf(p->file, sizeof(p->file), "%s", file); + p->next = temp_files; + temp_files = p; +} + +char *get_tmpname(char s[TMPNAME_SIZE]) +{ + unsigned char rnd[6]; + static char _s[TMPNAME_SIZE]; + int ret; + char *p; + const char *path; + + ret = gnutls_rnd(GNUTLS_RND_NONCE, rnd, sizeof(rnd)); + if (ret < 0) + return NULL; + + path = getenv("builddir"); + if (path == NULL) + path = "."; + + if (s == NULL) + p = _s; + else + p = s; + + snprintf(p, TMPNAME_SIZE, "%s/tmpfile-%02x%02x%02x%02x%02x%02x.tmp", path, (unsigned)rnd[0], (unsigned)rnd[1], + (unsigned)rnd[2], (unsigned)rnd[3], (unsigned)rnd[4], (unsigned)rnd[5]); + + append(p); + + return p; +} + +void track_temp_files(void) +{ + temp_files = NULL; +} + +void delete_temp_files(void) +{ + struct tmp_file_st *p = temp_files; + struct tmp_file_st *next; + + if (p == (void*)-1) + return; + + while(p != NULL) { + remove(p->file); + next = p->next; + free(p); + p = next; + } +} + + +#ifndef _WIN32 +int tcp_connect(const char* addr, unsigned port) +{ + int sock; + struct sockaddr_in sa; + memset(&sa, 0, sizeof(sa)); + sock = socket(AF_INET, SOCK_STREAM, 0); + if (sock == -1) { + return -1; + } + sa.sin_family = AF_INET; + sa.sin_port = htons(port); + if (inet_pton(AF_INET, addr, &sa.sin_addr) != 1) { + close(sock); + return -1; + } + if (connect(sock, (struct sockaddr*) &sa, sizeof(sa)) != 0) { + close(sock); + return -1; + } + return sock; +} +#endif diff --git a/tests/utils.h b/tests/utils.h new file mode 100644 index 0000000..d3a2ba8 --- /dev/null +++ b/tests/utils.h @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2004-2016 Free Software Foundation, Inc. + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifndef GNUTLS_TESTS_UTILS_H +#define GNUTLS_TESTS_UTILS_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef __attribute__ +#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) +#define __attribute__(Spec) /* empty */ +#endif +#endif + +#ifdef NDEBUG +# error tests cannot be compiled with NDEBUG defined +#endif + +#ifndef FALLTHROUGH +#if _GNUTLS_GCC_VERSION >= 70100 +# define FALLTHROUGH __attribute__ ((fallthrough)) +#else +# define FALLTHROUGH +#endif +#endif + +/* number of elements within an array */ +#define countof(a) (sizeof(a)/sizeof(*(a))) + +inline static int global_init(void) +{ +#ifdef ENABLE_PKCS11 + gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); +#endif + return gnutls_global_init(); +} + +extern int debug; +extern int error_count; +extern int break_on_error; + +extern const char *pkcs3; +extern const char *pkcs3_2048; +extern const char *pkcs3_3072; + +#define fail(format, ...) \ + _fail("%s:%d: "format, __func__, __LINE__, ##__VA_ARGS__) + +extern void _fail(const char *format, ...) + __attribute__ ((format(printf, 1, 2))) __attribute__((__noreturn__)); +extern void fail_ignore(const char *format, ...) + __attribute__ ((format(printf, 1, 2))) __attribute__((__noreturn__)); +extern void success(const char *format, ...) + __attribute__ ((format(printf, 1, 2))); + +/* assumes test_name is defined */ +#define test_fail(fmt, ...) \ + fail("%s: "fmt, test_name, ##__VA_ARGS__) + +#define test_success(fmt, ...) \ + success("%s: "fmt, test_name, ##__VA_ARGS__) + +extern void c_print(const unsigned char *str, size_t len); +extern void escapeprint(const char *str, size_t len); +extern void hexprint(const void *str, size_t len); +extern void binprint(const void *str, size_t len); +int disable_system_calls(void); +void sec_sleep(int sec); + +int +test_cli_serv_anon(gnutls_anon_server_credentials_t server_cred, + gnutls_anon_client_credentials_t client_cred, + const char *prio); + +int +test_cli_serv_psk(gnutls_psk_server_credentials_t server_cred, + gnutls_psk_client_credentials_t client_cred, + const char *prio); + +typedef void callback_func(gnutls_session_t, void *priv); +void test_cli_serv(gnutls_certificate_credentials_t server_cred, + gnutls_certificate_credentials_t client_cred, + const char *prio, const char *host, + void *priv, + callback_func * client_cb, callback_func * server_cb); + +int +_test_cli_serv(gnutls_certificate_credentials_t server_cred, + gnutls_certificate_credentials_t client_cred, + const char *serv_prio, const char *cli_prio, + const char *host, + void *priv, callback_func *client_cb, callback_func *server_cb, + unsigned expect_verification_failure, + unsigned require_cert, + int serv_err, + int cli_err); + +void print_dh_params_info(gnutls_session_t); + +void +test_cli_serv_cert(gnutls_certificate_credentials_t server_cred, + gnutls_certificate_credentials_t client_cred, + const char *serv_prio, const char *cli_prio, const char *host); + +void +test_cli_serv_expect(gnutls_certificate_credentials_t server_cred, + gnutls_certificate_credentials_t client_cred, + const char *serv_prio, const char *cli_prio, const char *host, + int serv_err, int cli_err); + +/* verification failed */ +unsigned +test_cli_serv_vf(gnutls_certificate_credentials_t server_cred, + gnutls_certificate_credentials_t client_cred, + const char *prio, const char *host); + +#define TMPNAME_SIZE 128 +char *get_tmpname(char s[TMPNAME_SIZE]); +void track_temp_files(void); +void delete_temp_files(void); + +int tcp_connect(const char* addr, unsigned port); + +/* This must be implemented elsewhere. */ +extern void doit(void); + +/* calls fail() if status indicates an error */ +inline static void _check_wait_status(int status, unsigned sigonly) +{ +#if defined WEXITSTATUS && defined WIFSIGNALED + if (WEXITSTATUS(status) != 0 || + (WIFSIGNALED(status) && WTERMSIG(status) != SIGTERM)) { + if (WIFSIGNALED(status)) { + fail("Child died with signal %d\n", WTERMSIG(status)); + } else { + if (!sigonly) { + if (WEXITSTATUS(status) == 77) + _exit(77); + fail("Child died with status %d\n", + WEXITSTATUS(status)); + } + } + } +#endif +} + +inline static void check_wait_status(int status) +{ + _check_wait_status(status, 0); +} + +inline static void check_wait_status_for_sig(int status) +{ + _check_wait_status(status, 1); +} + +inline static unsigned int get_timeout(void) { + const char *envvar; + unsigned long int ul; + + envvar = getenv("GNUTLS_TEST_TIMEOUT"); + if (!envvar || *envvar == '\0') + return 20 * 1000; + + ul = strtoul(envvar, NULL, 10); + assert(ul <= UINT_MAX); + + return (unsigned int) ul; +} + +inline static unsigned int get_dtls_retransmit_timeout(void) { + const char *envvar; + unsigned long int ul; + + envvar = getenv("GNUTLS_TEST_DTLS_RETRANSMIT_TIMEOUT"); + if (!envvar || *envvar == '\0') + return get_timeout() / 10; + + ul = strtoul(envvar, NULL, 10); + assert(ul <= UINT_MAX); + + return (unsigned int) ul; +} + +#endif /* GNUTLS_TESTS_UTILS_H */ diff --git a/tests/version-checks.c b/tests/version-checks.c new file mode 100644 index 0000000..2b6badf --- /dev/null +++ b/tests/version-checks.c @@ -0,0 +1,194 @@ +/* + * Copyright (C) 2016 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* + * That test verifies whether all the supported versions are negotiated + * with the NORMAL priority string. + */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static void try(const char *client_prio, int expected) +{ + int ret; + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + unsigned flags = 0; + unsigned dtls = 0; + const char *server_prio = "NORMAL:+VERS-TLS-ALL"; + + if (expected >= GNUTLS_DTLS_VERSION_MIN && expected <= GNUTLS_DTLS_VERSION_MAX) { + dtls = 1; + /* we do not really do negotiation in that version */ + if (expected == GNUTLS_DTLS0_9) + server_prio = client_prio; + } + + /* General init. */ + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + gnutls_certificate_set_x509_key_mem(serverx509cred, + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); + + if (dtls) + flags |= (GNUTLS_DATAGRAM | GNUTLS_NONBLOCK); + + gnutls_init(&server, GNUTLS_SERVER|flags); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, + serverx509cred); + + assert(gnutls_priority_set_direct(server, + server_prio, + NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_pull_timeout_function(server, server_pull_timeout_func); + gnutls_transport_set_ptr(server, server); + + /* Init client */ + + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT|flags); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_pull_timeout_function(client, client_pull_timeout_func); + gnutls_transport_set_ptr(client, client); + + ret = gnutls_priority_set_direct(client, client_prio, NULL); + if (ret < 0) { + fprintf(stderr, "error in %s\n", client_prio); + exit(1); + } + + if (expected > 0) { + success("handshake with %s\n", client_prio); + if (dtls) { + HANDSHAKE_DTLS(client, server); + } else { + HANDSHAKE(client, server); + } + + ret = gnutls_protocol_get_version(client); + if (ret != expected) { + fail("unexpected negotiated protocol %s (expected %s)\n", gnutls_protocol_get_name(ret), + gnutls_protocol_get_name(expected)); + exit(1); + } + } else { + HANDSHAKE_EXPECT(client, server, GNUTLS_E_AGAIN, GNUTLS_E_UNSUPPORTED_VERSION_PACKET); + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); +} + +void doit(void) +{ + global_init(); + + try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0", GNUTLS_TLS1_0); + reset_buffers(); + try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1", GNUTLS_TLS1_1); + reset_buffers(); + try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2", GNUTLS_TLS1_2); + reset_buffers(); + try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", GNUTLS_TLS1_3); + reset_buffers(); + try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:+VERS-TLS1.0", GNUTLS_TLS1_0); + reset_buffers(); + /* similar to above test, but checks a different syntax */ + try("NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.1", GNUTLS_TLS1_1); + reset_buffers(); + try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:+VERS-TLS1.2", GNUTLS_TLS1_3); + reset_buffers(); + /* If TLS 1.3 is enabled in the server, prefer the latest + * possible version regardless of the client's precedence. + * See https://gitlab.com/gnutls/gnutls/issues/837 for the + * rationale. + */ + try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.3", GNUTLS_TLS1_3); + reset_buffers(); +#ifdef ENABLE_SSL3 + try("NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0", -1); + reset_buffers(); +#endif + try("NORMAL:-VERS-ALL:+VERS-DTLS1.0", GNUTLS_DTLS1_0); + reset_buffers(); + try("NORMAL:-VERS-DTLS-ALL:+VERS-DTLS1.2", GNUTLS_DTLS1_2); + reset_buffers(); + + /* special test for this legacy crap */ + try("NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-128-CBC:+SHA1:+RSA:%COMPAT", GNUTLS_DTLS0_9); + reset_buffers(); + gnutls_global_deinit(); +} diff --git a/tests/virt-time.h b/tests/virt-time.h new file mode 100644 index 0000000..7f7c374 --- /dev/null +++ b/tests/virt-time.h @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2018 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifndef GNUTLS_TESTS_VIRT_TIME_H +#define GNUTLS_TESTS_VIRT_TIME_H + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +/* copied from ../lib/system.h so not to include that header from + * every test program */ +typedef void (*gnutls_gettime_func) (struct timespec *); +extern void _gnutls_global_set_gettime_function(gnutls_gettime_func gettime_func); + +/* virtualize time in a test. This freezes the time in the test, except for + * the advances due to calls to virt_sleep_sec(). This makes the test + * independent of the test system load, and avoids any long delays. */ +static time_t _now; +static struct timespec _now_ts; + +#define virt_sec_sleep(s) { \ + _now += s; \ + _now_ts.tv_sec += s; \ + } + +#define virt_time_init_at(d) { \ + _now = (d); \ + gnutls_global_set_time_function(mytime); \ + _now_ts.tv_sec = _now; \ + _now_ts.tv_nsec = 0; \ + _gnutls_global_set_gettime_function(mygettime); \ + } + +#define virt_time_init() virt_time_init_at(time(0)) + + +static time_t mytime(time_t * t) +{ + if (t) + *t = _now; + + return _now; +} + +static void mygettime(struct timespec * t) +{ + if (t) + *t = _now_ts; +} + +#endif /* GNUTLS_TESTS_VIRT_TIME_H */ diff --git a/tests/win-certopenstore.c b/tests/win-certopenstore.c new file mode 100644 index 0000000..162defa --- /dev/null +++ b/tests/win-certopenstore.c @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2018 Hugo Beauzée-Luyssen + * + * Author: Hugo Beauzée-Luyssen + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* + * This test verifies the assumptions about CertOpenStore and + * CertOpenSystemStore to be equivalent when passed some specific flags + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifndef _WIN32 +#error "This test shouldn't have been included" +#endif + +#include +#include +#include + +void doit(void) +{ + HCERTSTORE hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER , L"ROOT"); + assert(hStore != NULL); + HCERTSTORE hSystemStore = CertOpenSystemStore(0, "ROOT"); + assert(hSystemStore != NULL); + + PCCERT_CONTEXT prevCtx = NULL; + PCCERT_CONTEXT ctx = NULL; + PCCERT_CONTEXT sysPrevCtx = NULL; + PCCERT_CONTEXT sysCtx = NULL; + + while (1) + { + ctx = CertEnumCertificatesInStore(hStore, prevCtx); + sysCtx = CertEnumCertificatesInStore(hSystemStore, sysPrevCtx); + if (ctx == NULL || sysCtx == NULL) + break; + if (CertCompareIntegerBlob(&ctx->pCertInfo->SerialNumber, + &sysCtx->pCertInfo->SerialNumber) != TRUE) + assert(0); + + prevCtx = ctx; + sysPrevCtx = sysCtx; + } + assert(ctx == NULL && sysCtx == NULL); + + CertCloseStore(hStore, 0); + CertCloseStore(hSystemStore, 0); +} + diff --git a/tests/windows/Makefile.am b/tests/windows/Makefile.am new file mode 100644 index 0000000..34e5112 --- /dev/null +++ b/tests/windows/Makefile.am @@ -0,0 +1,77 @@ +## Process this file with automake to produce Makefile.in +# Copyright (C) 2015 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) +AM_CPPFLAGS = -I$(top_srcdir)/lib/includes \ + -I$(top_builddir)/lib/includes \ + -I$(top_srcdir)/tests/ \ + -I$(top_srcdir)/lib \ + -I$(top_builddir)/gl \ + -I$(top_srcdir)/gl \ + -I. + +if ENABLE_MINITASN1 +AM_CPPFLAGS += -I$(top_builddir)/lib/minitasn1 +endif + +EXTRA_DIST = ncrypt-int.h check-output + +AM_LDFLAGS = -no-install +LDADD = $(top_builddir)/tests/libutils.la \ + $(top_builddir)/gl/libgnu.la \ + $(top_builddir)/lib/libgnutls.la $(LIBSOCKET) + +ctests = + +if WINDOWS +check_LTLIBRARIES = ncrypt.la crypt32.la + +ncrypt_la_SOURCES = ncrypt.c +crypt32_la_SOURCES = crypt32.c + +ncrypt_la_LIBADD = ../../gl/libgnu.la ../../lib/libgnutls.la -lmsvcrt -lkernel32 -luser32 +crypt32_la_LIBADD = ../../gl/libgnu.la ../../lib/libgnutls.la -lmsvcrt -lkernel32 -luser32 +ncrypt_la_LDFLAGS = -module -no-undefined -avoid-version -Wl,--add-stdcall-alias +crypt32_la_LDFLAGS = -module -no-undefined -avoid-version -Wl,--add-stdcall-alias + + +cng_windows_DEPENDENCIES = ncrypt.la crypt32.la +cng_windows_CPPFLAGS = $(AM_CPPFLAGS) + +LOG_COMPILER = $(srcdir)/check-output + +endif + +ctests += cng-windows + +check_PROGRAMS = $(ctests) +dist_check_SCRIPTS = + + +TESTS = $(ctests) $(dist_check_SCRIPTS) + +TESTS_ENVIRONMENT = \ + WINEDLLOVERRIDES="crypt32=n,ncrypt=n" \ + LC_ALL="C" \ + GNUTLS_TEST_SUITE_RUN=1 \ + EXEEXT=$(EXEEXT) \ + GNUTLS_SYSTEM_PRIORITY_FILE=$(abs_top_srcdir)/tests/system.prio \ + top_builddir="$(top_builddir)" \ + abs_top_builddir="$(abs_top_builddir)" \ + srcdir="$(srcdir)" diff --git a/tests/windows/Makefile.in b/tests/windows/Makefile.in new file mode 100644 index 0000000..e326324 --- /dev/null +++ b/tests/windows/Makefile.in @@ -0,0 +1,2846 @@ +# Makefile.in generated by automake 1.16.5 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2021 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Copyright (C) 2015 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@ENABLE_MINITASN1_TRUE@am__append_1 = -I$(top_builddir)/lib/minitasn1 +@WINDOWS_FALSE@cng_windows_DEPENDENCIES = \ +@WINDOWS_FALSE@ $(top_builddir)/tests/libutils.la \ +@WINDOWS_FALSE@ $(top_builddir)/gl/libgnu.la \ +@WINDOWS_FALSE@ $(top_builddir)/lib/libgnutls.la \ +@WINDOWS_FALSE@ $(am__DEPENDENCIES_1) +check_PROGRAMS = $(am__EXEEXT_1) +TESTS = $(am__EXEEXT_1) $(am__EXEEXT_2) +subdir = tests/windows +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \ + $(top_srcdir)/lib/unistring/m4/inline.m4 \ + $(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \ + $(top_srcdir)/src/gl/m4/atoll.m4 \ + $(top_srcdir)/src/gl/m4/bison.m4 \ + $(top_srcdir)/src/gl/m4/calloc.m4 \ + $(top_srcdir)/src/gl/m4/clock_time.m4 \ + $(top_srcdir)/src/gl/m4/codeset.m4 \ + $(top_srcdir)/src/gl/m4/ctype_h.m4 \ + $(top_srcdir)/src/gl/m4/environ.m4 \ + $(top_srcdir)/src/gl/m4/error.m4 \ + $(top_srcdir)/src/gl/m4/fdopen.m4 \ + $(top_srcdir)/src/gl/m4/flexmember.m4 \ + $(top_srcdir)/src/gl/m4/fpending.m4 \ + $(top_srcdir)/src/gl/m4/fpieee.m4 \ + $(top_srcdir)/src/gl/m4/fseek.m4 \ + $(top_srcdir)/src/gl/m4/ftruncate.m4 \ + $(top_srcdir)/src/gl/m4/getaddrinfo.m4 \ + $(top_srcdir)/src/gl/m4/getcwd.m4 \ + $(top_srcdir)/src/gl/m4/getpagesize.m4 \ + $(top_srcdir)/src/gl/m4/getpass.m4 \ + $(top_srcdir)/src/gl/m4/getprogname.m4 \ + $(top_srcdir)/src/gl/m4/gettime.m4 \ + $(top_srcdir)/src/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/src/gl/m4/hostent.m4 \ + $(top_srcdir)/src/gl/m4/intl-thread-locale.m4 \ + $(top_srcdir)/src/gl/m4/inttostr.m4 \ + $(top_srcdir)/src/gl/m4/ioctl.m4 \ + $(top_srcdir)/src/gl/m4/isblank.m4 \ + $(top_srcdir)/src/gl/m4/langinfo_h.m4 \ + $(top_srcdir)/src/gl/m4/lcmessage.m4 \ + $(top_srcdir)/src/gl/m4/locale-fr.m4 \ + $(top_srcdir)/src/gl/m4/locale-ja.m4 \ + $(top_srcdir)/src/gl/m4/locale-tr.m4 \ + $(top_srcdir)/src/gl/m4/locale-zh.m4 \ + $(top_srcdir)/src/gl/m4/locale_h.m4 \ + $(top_srcdir)/src/gl/m4/localename.m4 \ + $(top_srcdir)/src/gl/m4/lstat.m4 \ + $(top_srcdir)/src/gl/m4/mktime.m4 \ + $(top_srcdir)/src/gl/m4/nanosleep.m4 \ + $(top_srcdir)/src/gl/m4/nstrftime.m4 \ + $(top_srcdir)/src/gl/m4/parse-datetime.m4 \ + $(top_srcdir)/src/gl/m4/perror.m4 \ + $(top_srcdir)/src/gl/m4/pipe.m4 \ + $(top_srcdir)/src/gl/m4/pthread-thread.m4 \ + $(top_srcdir)/src/gl/m4/pthread_h.m4 \ + $(top_srcdir)/src/gl/m4/pthread_sigmask.m4 \ + $(top_srcdir)/src/gl/m4/putenv.m4 \ + $(top_srcdir)/src/gl/m4/raise.m4 \ + $(top_srcdir)/src/gl/m4/reallocarray.m4 \ + $(top_srcdir)/src/gl/m4/sched_h.m4 \ + $(top_srcdir)/src/gl/m4/sched_yield.m4 \ + $(top_srcdir)/src/gl/m4/select.m4 \ + $(top_srcdir)/src/gl/m4/semaphore.m4 \ + $(top_srcdir)/src/gl/m4/servent.m4 \ + $(top_srcdir)/src/gl/m4/setenv.m4 \ + $(top_srcdir)/src/gl/m4/setlocale.m4 \ + $(top_srcdir)/src/gl/m4/setlocale_null.m4 \ + $(top_srcdir)/src/gl/m4/sigaction.m4 \ + $(top_srcdir)/src/gl/m4/signal_h.m4 \ + $(top_srcdir)/src/gl/m4/signalblocking.m4 \ + $(top_srcdir)/src/gl/m4/sleep.m4 \ + $(top_srcdir)/src/gl/m4/sockets.m4 \ + $(top_srcdir)/src/gl/m4/strerror.m4 \ + $(top_srcdir)/src/gl/m4/strerror_r.m4 \ + $(top_srcdir)/src/gl/m4/strtoll.m4 \ + $(top_srcdir)/src/gl/m4/symlink.m4 \ + $(top_srcdir)/src/gl/m4/sys_ioctl_h.m4 \ + $(top_srcdir)/src/gl/m4/sys_select_h.m4 \ + $(top_srcdir)/src/gl/m4/thread.m4 \ + $(top_srcdir)/src/gl/m4/time_rz.m4 \ + $(top_srcdir)/src/gl/m4/timegm.m4 \ + $(top_srcdir)/src/gl/m4/timespec.m4 \ + $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ + $(top_srcdir)/src/gl/m4/tzset.m4 \ + $(top_srcdir)/src/gl/m4/usleep.m4 \ + $(top_srcdir)/src/gl/m4/visibility.m4 \ + $(top_srcdir)/src/gl/m4/xalloc.m4 \ + $(top_srcdir)/src/gl/m4/yield.m4 $(top_srcdir)/m4/00gnulib.m4 \ + $(top_srcdir)/m4/__inline.m4 \ + $(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \ + $(top_srcdir)/m4/arpa_inet_h.m4 \ + $(top_srcdir)/m4/ax_ac_append_to_file.m4 \ + $(top_srcdir)/m4/ax_ac_print_to_file.m4 \ + $(top_srcdir)/m4/ax_add_am_macro_static.m4 \ + $(top_srcdir)/m4/ax_am_macros_static.m4 \ + $(top_srcdir)/m4/ax_check_gnu_make.m4 \ + $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/ax_file_escapes.m4 \ + $(top_srcdir)/m4/builtin-expect.m4 \ + $(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \ + $(top_srcdir)/m4/double-slash-root.m4 $(top_srcdir)/m4/dup2.m4 \ + $(top_srcdir)/m4/eealloc.m4 $(top_srcdir)/m4/errno_h.m4 \ + $(top_srcdir)/m4/explicit_bzero.m4 \ + $(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \ + $(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \ + $(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \ + $(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fopen.m4 \ + $(top_srcdir)/m4/free.m4 $(top_srcdir)/m4/fseeko.m4 \ + $(top_srcdir)/m4/fstat.m4 $(top_srcdir)/m4/ftell.m4 \ + $(top_srcdir)/m4/ftello.m4 $(top_srcdir)/m4/func.m4 \ + $(top_srcdir)/m4/getdelim.m4 $(top_srcdir)/m4/getdtablesize.m4 \ + $(top_srcdir)/m4/getline.m4 $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/gettimeofday.m4 \ + $(top_srcdir)/m4/gnulib-common.m4 \ + $(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \ + $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \ + $(top_srcdir)/m4/host-cpu-c-abi.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \ + $(top_srcdir)/m4/inet_pton.m4 $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/intmax_t.m4 $(top_srcdir)/m4/inttypes.m4 \ + $(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/largefile.m4 \ + $(top_srcdir)/m4/ld-output-def.m4 \ + $(top_srcdir)/m4/ld-version-script.m4 $(top_srcdir)/m4/ldd.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/lock.m4 \ + $(top_srcdir)/m4/lseek.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \ + $(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \ + $(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \ + $(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \ + $(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \ + $(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \ + $(top_srcdir)/m4/netdb_h.m4 $(top_srcdir)/m4/netinet_in_h.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/off_t.m4 \ + $(top_srcdir)/m4/open-cloexec.m4 \ + $(top_srcdir)/m4/open-slash.m4 $(top_srcdir)/m4/open.m4 \ + $(top_srcdir)/m4/pathmax.m4 $(top_srcdir)/m4/pkg.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/printf.m4 \ + $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \ + $(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \ + $(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/size_max.m4 \ + $(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \ + $(top_srcdir)/m4/socklen.m4 $(top_srcdir)/m4/sockpfaf.m4 \ + $(top_srcdir)/m4/ssize_t.m4 $(top_srcdir)/m4/stat-time.m4 \ + $(top_srcdir)/m4/stat.m4 $(top_srcdir)/m4/stdalign.m4 \ + $(top_srcdir)/m4/stdbool.m4 $(top_srcdir)/m4/stddef_h.m4 \ + $(top_srcdir)/m4/stdint.m4 $(top_srcdir)/m4/stdint_h.m4 \ + $(top_srcdir)/m4/stdio_h.m4 $(top_srcdir)/m4/stdlib_h.m4 \ + $(top_srcdir)/m4/stpcpy.m4 $(top_srcdir)/m4/strcase.m4 \ + $(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/string_h.m4 \ + $(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \ + $(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \ + $(top_srcdir)/m4/strverscmp.m4 \ + $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \ + $(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \ + $(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \ + $(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \ + $(top_srcdir)/m4/unistd_h.m4 \ + $(top_srcdir)/m4/valgrind-tests.m4 \ + $(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \ + $(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/m4/wchar_h.m4 \ + $(top_srcdir)/m4/wchar_t.m4 $(top_srcdir)/m4/wint_t.m4 \ + $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/m4/zzgnulib.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \ + $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__EXEEXT_1 = cng-windows$(EXEEXT) +@WINDOWS_TRUE@crypt32_la_DEPENDENCIES = ../../gl/libgnu.la \ +@WINDOWS_TRUE@ ../../lib/libgnutls.la +am__crypt32_la_SOURCES_DIST = crypt32.c +@WINDOWS_TRUE@am_crypt32_la_OBJECTS = crypt32.lo +crypt32_la_OBJECTS = $(am_crypt32_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +crypt32_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(crypt32_la_LDFLAGS) $(LDFLAGS) -o $@ +@WINDOWS_TRUE@am_crypt32_la_rpath = +@WINDOWS_TRUE@ncrypt_la_DEPENDENCIES = ../../gl/libgnu.la \ +@WINDOWS_TRUE@ ../../lib/libgnutls.la +am__ncrypt_la_SOURCES_DIST = ncrypt.c +@WINDOWS_TRUE@am_ncrypt_la_OBJECTS = ncrypt.lo +ncrypt_la_OBJECTS = $(am_ncrypt_la_OBJECTS) +ncrypt_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(ncrypt_la_LDFLAGS) $(LDFLAGS) -o $@ +@WINDOWS_TRUE@am_ncrypt_la_rpath = +cng_windows_SOURCES = cng-windows.c +cng_windows_OBJECTS = cng_windows-cng-windows.$(OBJEXT) +cng_windows_LDADD = $(LDADD) +am__DEPENDENCIES_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/cng_windows-cng-windows.Po \ + ./$(DEPDIR)/crypt32.Plo ./$(DEPDIR)/ncrypt.Plo +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(crypt32_la_SOURCES) $(ncrypt_la_SOURCES) cng-windows.c +DIST_SOURCES = $(am__crypt32_la_SOURCES_DIST) \ + $(am__ncrypt_la_SOURCES_DIST) cng-windows.c +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red=''; \ + grn=''; \ + lgn=''; \ + blu=''; \ + mgn=''; \ + brg=''; \ + std=''; \ + fi; \ +} +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__recheck_rx = ^[ ]*:recheck:[ ]* +am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* +am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* +# A command that, given a newline-separated list of test names on the +# standard input, print the name of the tests that are to be re-run +# upon "make recheck". +am__list_recheck_tests = $(AWK) '{ \ + recheck = 1; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + { \ + if ((getline line2 < ($$0 ".log")) < 0) \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ + { \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ + { \ + break; \ + } \ + }; \ + if (recheck) \ + print $$0; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# A command that, given a newline-separated list of test names on the +# standard input, create the global log from their .trs and .log files. +am__create_global_log = $(AWK) ' \ +function fatal(msg) \ +{ \ + print "fatal: making $@: " msg | "cat >&2"; \ + exit 1; \ +} \ +function rst_section(header) \ +{ \ + print header; \ + len = length(header); \ + for (i = 1; i <= len; i = i + 1) \ + printf "="; \ + printf "\n\n"; \ +} \ +{ \ + copy_in_global_log = 1; \ + global_test_result = "RUN"; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".trs"); \ + if (line ~ /$(am__global_test_result_rx)/) \ + { \ + sub("$(am__global_test_result_rx)", "", line); \ + sub("[ ]*$$", "", line); \ + global_test_result = line; \ + } \ + else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ + copy_in_global_log = 0; \ + }; \ + if (copy_in_global_log) \ + { \ + rst_section(global_test_result ": " $$0); \ + while ((rc = (getline line < ($$0 ".log"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".log"); \ + print line; \ + }; \ + printf "\n"; \ + }; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# Restructured Text title. +am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } +# Solaris 10 'make', and several other traditional 'make' implementations, +# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it +# by disabling -e (using the XSI extension "set +e") if it's set. +am__sh_e_setup = case $$- in *e*) set +e;; esac +# Default flags passed to test drivers. +am__common_driver_flags = \ + --color-tests "$$am__color_tests" \ + --enable-hard-errors "$$am__enable_hard_errors" \ + --expect-failure "$$am__expect_failure" +# To be inserted before the command running the test. Creates the +# directory for the log if needed. Stores in $dir the directory +# containing $f, in $tst the test, in $log the log. Executes the +# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and +# passes TESTS_ENVIRONMENT. Set up options for the wrapper that +# will run the test scripts (or their associated LOG_COMPILER, if +# thy have one). +am__check_pre = \ +$(am__sh_e_setup); \ +$(am__vpath_adj_setup) $(am__vpath_adj) \ +$(am__tty_colors); \ +srcdir=$(srcdir); export srcdir; \ +case "$@" in \ + */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ + *) am__odir=.;; \ +esac; \ +test "x$$am__odir" = x"." || test -d "$$am__odir" \ + || $(MKDIR_P) "$$am__odir" || exit $$?; \ +if test -f "./$$f"; then dir=./; \ +elif test -f "$$f"; then dir=; \ +else dir="$(srcdir)/"; fi; \ +tst=$$dir$$f; log='$@'; \ +if test -n '$(DISABLE_HARD_ERRORS)'; then \ + am__enable_hard_errors=no; \ +else \ + am__enable_hard_errors=yes; \ +fi; \ +case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ + am__expect_failure=yes;; \ + *) \ + am__expect_failure=no;; \ +esac; \ +$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) +# A shell command to get the names of the tests scripts with any registered +# extension removed (i.e., equivalently, the names of the test logs, with +# the '.log' extension removed). The result is saved in the shell variable +# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, +# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", +# since that might cause problem with VPATH rewrites for suffix-less tests. +# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. +am__set_TESTS_bases = \ + bases='$(TEST_LOGS)'; \ + bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ + bases=`echo $$bases` +AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' +RECHECK_LOGS = $(TEST_LOGS) +AM_RECURSIVE_TARGETS = check recheck +am__EXEEXT_2 = +TEST_SUITE_LOG = test-suite.log +TEST_EXTENSIONS = @EXEEXT@ .test +LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver +LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) +am__set_b = \ + case '$@' in \ + */*) \ + case '$*' in \ + */*) b='$*';; \ + *) b=`echo '$@' | sed 's/\.log$$//'`; \ + esac;; \ + *) \ + b='$*';; \ + esac +am__test_logs1 = $(TESTS:=.log) +am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) +TEST_LOGS = $(am__test_logs2:.test.log=.log) +TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver +TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ + $(TEST_LOG_FLAGS) +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp \ + $(top_srcdir)/build-aux/test-driver +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +AARCH64_CCASFLAGS = @AARCH64_CCASFLAGS@ +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AM_VALGRINDFLAGS = @AM_VALGRINDFLAGS@ +APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +ASN1PARSER = @ASN1PARSER@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ +BYTESWAP_H = @BYTESWAP_H@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CFLAG_VISIBILITY = @CFLAG_VISIBILITY@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ +CONFIG_INCLUDE = @CONFIG_INCLUDE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@ +CSCOPE = @CSCOPE@ +CTAGS = @CTAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CXX_LT_AGE = @CXX_LT_AGE@ +CXX_LT_CURRENT = @CXX_LT_CURRENT@ +CXX_LT_REVISION = @CXX_LT_REVISION@ +CYGPATH_W = @CYGPATH_W@ +DEFAULT_VALGRINDFLAGS = @DEFAULT_VALGRINDFLAGS@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DLL_SSL_VERSION = @DLL_SSL_VERSION@ +DLL_VERSION = @DLL_VERSION@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ +EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ +ENABLE_PADLOCK = @ENABLE_PADLOCK@ +ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ +ENOLINK_VALUE = @ENOLINK_VALUE@ +EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ +EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ +ERRNO_H = @ERRNO_H@ +ETAGS = @ETAGS@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FILECMD = @FILECMD@ +FIPS140_LIBS = @FIPS140_LIBS@ +FLOAT_H = @FLOAT_H@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETADDRINFO_LIB = @GETADDRINFO_LIB@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GL_GGL_GNULIB_ACCEPT = @GL_GGL_GNULIB_ACCEPT@ +GL_GGL_GNULIB_ACCEPT4 = @GL_GGL_GNULIB_ACCEPT4@ +GL_GGL_GNULIB_ACCESS = @GL_GGL_GNULIB_ACCESS@ +GL_GGL_GNULIB_ALIGNED_ALLOC = @GL_GGL_GNULIB_ALIGNED_ALLOC@ +GL_GGL_GNULIB_ATOLL = @GL_GGL_GNULIB_ATOLL@ +GL_GGL_GNULIB_BIND = @GL_GGL_GNULIB_BIND@ +GL_GGL_GNULIB_BTOWC = @GL_GGL_GNULIB_BTOWC@ +GL_GGL_GNULIB_CALLOC_POSIX = @GL_GGL_GNULIB_CALLOC_POSIX@ +GL_GGL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GGL_GNULIB_CANONICALIZE_FILE_NAME@ +GL_GGL_GNULIB_CHDIR = @GL_GGL_GNULIB_CHDIR@ +GL_GGL_GNULIB_CHOWN = @GL_GGL_GNULIB_CHOWN@ +GL_GGL_GNULIB_CLOSE = @GL_GGL_GNULIB_CLOSE@ +GL_GGL_GNULIB_CONNECT = @GL_GGL_GNULIB_CONNECT@ +GL_GGL_GNULIB_COPY_FILE_RANGE = @GL_GGL_GNULIB_COPY_FILE_RANGE@ +GL_GGL_GNULIB_CREAT = @GL_GGL_GNULIB_CREAT@ +GL_GGL_GNULIB_CTIME = @GL_GGL_GNULIB_CTIME@ +GL_GGL_GNULIB_DPRINTF = @GL_GGL_GNULIB_DPRINTF@ +GL_GGL_GNULIB_DUP = @GL_GGL_GNULIB_DUP@ +GL_GGL_GNULIB_DUP2 = @GL_GGL_GNULIB_DUP2@ +GL_GGL_GNULIB_DUP3 = @GL_GGL_GNULIB_DUP3@ +GL_GGL_GNULIB_DUPLOCALE = @GL_GGL_GNULIB_DUPLOCALE@ +GL_GGL_GNULIB_ENVIRON = @GL_GGL_GNULIB_ENVIRON@ +GL_GGL_GNULIB_EUIDACCESS = @GL_GGL_GNULIB_EUIDACCESS@ +GL_GGL_GNULIB_EXECL = @GL_GGL_GNULIB_EXECL@ +GL_GGL_GNULIB_EXECLE = @GL_GGL_GNULIB_EXECLE@ +GL_GGL_GNULIB_EXECLP = @GL_GGL_GNULIB_EXECLP@ +GL_GGL_GNULIB_EXECV = @GL_GGL_GNULIB_EXECV@ +GL_GGL_GNULIB_EXECVE = @GL_GGL_GNULIB_EXECVE@ +GL_GGL_GNULIB_EXECVP = @GL_GGL_GNULIB_EXECVP@ +GL_GGL_GNULIB_EXECVPE = @GL_GGL_GNULIB_EXECVPE@ +GL_GGL_GNULIB_EXPLICIT_BZERO = @GL_GGL_GNULIB_EXPLICIT_BZERO@ +GL_GGL_GNULIB_FACCESSAT = @GL_GGL_GNULIB_FACCESSAT@ +GL_GGL_GNULIB_FCHDIR = @GL_GGL_GNULIB_FCHDIR@ +GL_GGL_GNULIB_FCHMODAT = @GL_GGL_GNULIB_FCHMODAT@ +GL_GGL_GNULIB_FCHOWNAT = @GL_GGL_GNULIB_FCHOWNAT@ +GL_GGL_GNULIB_FCLOSE = @GL_GGL_GNULIB_FCLOSE@ +GL_GGL_GNULIB_FCNTL = @GL_GGL_GNULIB_FCNTL@ +GL_GGL_GNULIB_FDATASYNC = @GL_GGL_GNULIB_FDATASYNC@ +GL_GGL_GNULIB_FDOPEN = @GL_GGL_GNULIB_FDOPEN@ +GL_GGL_GNULIB_FFLUSH = @GL_GGL_GNULIB_FFLUSH@ +GL_GGL_GNULIB_FFS = @GL_GGL_GNULIB_FFS@ +GL_GGL_GNULIB_FFSL = @GL_GGL_GNULIB_FFSL@ +GL_GGL_GNULIB_FFSLL = @GL_GGL_GNULIB_FFSLL@ +GL_GGL_GNULIB_FGETC = @GL_GGL_GNULIB_FGETC@ +GL_GGL_GNULIB_FGETS = @GL_GGL_GNULIB_FGETS@ +GL_GGL_GNULIB_FOPEN = @GL_GGL_GNULIB_FOPEN@ +GL_GGL_GNULIB_FPRINTF = @GL_GGL_GNULIB_FPRINTF@ +GL_GGL_GNULIB_FPRINTF_POSIX = @GL_GGL_GNULIB_FPRINTF_POSIX@ +GL_GGL_GNULIB_FPURGE = @GL_GGL_GNULIB_FPURGE@ +GL_GGL_GNULIB_FPUTC = @GL_GGL_GNULIB_FPUTC@ +GL_GGL_GNULIB_FPUTS = @GL_GGL_GNULIB_FPUTS@ +GL_GGL_GNULIB_FREAD = @GL_GGL_GNULIB_FREAD@ +GL_GGL_GNULIB_FREE_POSIX = @GL_GGL_GNULIB_FREE_POSIX@ +GL_GGL_GNULIB_FREOPEN = @GL_GGL_GNULIB_FREOPEN@ +GL_GGL_GNULIB_FSCANF = @GL_GGL_GNULIB_FSCANF@ +GL_GGL_GNULIB_FSEEK = @GL_GGL_GNULIB_FSEEK@ +GL_GGL_GNULIB_FSEEKO = @GL_GGL_GNULIB_FSEEKO@ +GL_GGL_GNULIB_FSTAT = @GL_GGL_GNULIB_FSTAT@ +GL_GGL_GNULIB_FSTATAT = @GL_GGL_GNULIB_FSTATAT@ +GL_GGL_GNULIB_FSYNC = @GL_GGL_GNULIB_FSYNC@ +GL_GGL_GNULIB_FTELL = @GL_GGL_GNULIB_FTELL@ +GL_GGL_GNULIB_FTELLO = @GL_GGL_GNULIB_FTELLO@ +GL_GGL_GNULIB_FTRUNCATE = @GL_GGL_GNULIB_FTRUNCATE@ +GL_GGL_GNULIB_FUTIMENS = @GL_GGL_GNULIB_FUTIMENS@ +GL_GGL_GNULIB_FWRITE = @GL_GGL_GNULIB_FWRITE@ +GL_GGL_GNULIB_GETADDRINFO = @GL_GGL_GNULIB_GETADDRINFO@ +GL_GGL_GNULIB_GETC = @GL_GGL_GNULIB_GETC@ +GL_GGL_GNULIB_GETCHAR = @GL_GGL_GNULIB_GETCHAR@ +GL_GGL_GNULIB_GETCWD = @GL_GGL_GNULIB_GETCWD@ +GL_GGL_GNULIB_GETDELIM = @GL_GGL_GNULIB_GETDELIM@ +GL_GGL_GNULIB_GETDOMAINNAME = @GL_GGL_GNULIB_GETDOMAINNAME@ +GL_GGL_GNULIB_GETDTABLESIZE = @GL_GGL_GNULIB_GETDTABLESIZE@ +GL_GGL_GNULIB_GETENTROPY = @GL_GGL_GNULIB_GETENTROPY@ +GL_GGL_GNULIB_GETGROUPS = @GL_GGL_GNULIB_GETGROUPS@ +GL_GGL_GNULIB_GETHOSTNAME = @GL_GGL_GNULIB_GETHOSTNAME@ +GL_GGL_GNULIB_GETLINE = @GL_GGL_GNULIB_GETLINE@ +GL_GGL_GNULIB_GETLOADAVG = @GL_GGL_GNULIB_GETLOADAVG@ +GL_GGL_GNULIB_GETLOGIN = @GL_GGL_GNULIB_GETLOGIN@ +GL_GGL_GNULIB_GETLOGIN_R = @GL_GGL_GNULIB_GETLOGIN_R@ +GL_GGL_GNULIB_GETOPT_POSIX = @GL_GGL_GNULIB_GETOPT_POSIX@ +GL_GGL_GNULIB_GETPAGESIZE = @GL_GGL_GNULIB_GETPAGESIZE@ +GL_GGL_GNULIB_GETPASS = @GL_GGL_GNULIB_GETPASS@ +GL_GGL_GNULIB_GETPEERNAME = @GL_GGL_GNULIB_GETPEERNAME@ +GL_GGL_GNULIB_GETSOCKNAME = @GL_GGL_GNULIB_GETSOCKNAME@ +GL_GGL_GNULIB_GETSOCKOPT = @GL_GGL_GNULIB_GETSOCKOPT@ +GL_GGL_GNULIB_GETSUBOPT = @GL_GGL_GNULIB_GETSUBOPT@ +GL_GGL_GNULIB_GETTIMEOFDAY = @GL_GGL_GNULIB_GETTIMEOFDAY@ +GL_GGL_GNULIB_GETUMASK = @GL_GGL_GNULIB_GETUMASK@ +GL_GGL_GNULIB_GETUSERSHELL = @GL_GGL_GNULIB_GETUSERSHELL@ +GL_GGL_GNULIB_GRANTPT = @GL_GGL_GNULIB_GRANTPT@ +GL_GGL_GNULIB_GROUP_MEMBER = @GL_GGL_GNULIB_GROUP_MEMBER@ +GL_GGL_GNULIB_IMAXABS = @GL_GGL_GNULIB_IMAXABS@ +GL_GGL_GNULIB_IMAXDIV = @GL_GGL_GNULIB_IMAXDIV@ +GL_GGL_GNULIB_INET_NTOP = @GL_GGL_GNULIB_INET_NTOP@ +GL_GGL_GNULIB_INET_PTON = @GL_GGL_GNULIB_INET_PTON@ +GL_GGL_GNULIB_IOCTL = @GL_GGL_GNULIB_IOCTL@ +GL_GGL_GNULIB_ISATTY = @GL_GGL_GNULIB_ISATTY@ +GL_GGL_GNULIB_ISBLANK = @GL_GGL_GNULIB_ISBLANK@ +GL_GGL_GNULIB_LCHMOD = @GL_GGL_GNULIB_LCHMOD@ +GL_GGL_GNULIB_LCHOWN = @GL_GGL_GNULIB_LCHOWN@ +GL_GGL_GNULIB_LINK = @GL_GGL_GNULIB_LINK@ +GL_GGL_GNULIB_LINKAT = @GL_GGL_GNULIB_LINKAT@ +GL_GGL_GNULIB_LISTEN = @GL_GGL_GNULIB_LISTEN@ +GL_GGL_GNULIB_LOCALECONV = @GL_GGL_GNULIB_LOCALECONV@ +GL_GGL_GNULIB_LOCALENAME = @GL_GGL_GNULIB_LOCALENAME@ +GL_GGL_GNULIB_LOCALTIME = @GL_GGL_GNULIB_LOCALTIME@ +GL_GGL_GNULIB_LSEEK = @GL_GGL_GNULIB_LSEEK@ +GL_GGL_GNULIB_LSTAT = @GL_GGL_GNULIB_LSTAT@ +GL_GGL_GNULIB_MALLOC_POSIX = @GL_GGL_GNULIB_MALLOC_POSIX@ +GL_GGL_GNULIB_MBRLEN = @GL_GGL_GNULIB_MBRLEN@ +GL_GGL_GNULIB_MBRTOWC = @GL_GGL_GNULIB_MBRTOWC@ +GL_GGL_GNULIB_MBSCASECMP = @GL_GGL_GNULIB_MBSCASECMP@ +GL_GGL_GNULIB_MBSCASESTR = @GL_GGL_GNULIB_MBSCASESTR@ +GL_GGL_GNULIB_MBSCHR = @GL_GGL_GNULIB_MBSCHR@ +GL_GGL_GNULIB_MBSCSPN = @GL_GGL_GNULIB_MBSCSPN@ +GL_GGL_GNULIB_MBSINIT = @GL_GGL_GNULIB_MBSINIT@ +GL_GGL_GNULIB_MBSLEN = @GL_GGL_GNULIB_MBSLEN@ +GL_GGL_GNULIB_MBSNCASECMP = @GL_GGL_GNULIB_MBSNCASECMP@ +GL_GGL_GNULIB_MBSNLEN = @GL_GGL_GNULIB_MBSNLEN@ +GL_GGL_GNULIB_MBSNRTOWCS = @GL_GGL_GNULIB_MBSNRTOWCS@ +GL_GGL_GNULIB_MBSPBRK = @GL_GGL_GNULIB_MBSPBRK@ +GL_GGL_GNULIB_MBSPCASECMP = @GL_GGL_GNULIB_MBSPCASECMP@ +GL_GGL_GNULIB_MBSRCHR = @GL_GGL_GNULIB_MBSRCHR@ +GL_GGL_GNULIB_MBSRTOWCS = @GL_GGL_GNULIB_MBSRTOWCS@ +GL_GGL_GNULIB_MBSSEP = @GL_GGL_GNULIB_MBSSEP@ +GL_GGL_GNULIB_MBSSPN = @GL_GGL_GNULIB_MBSSPN@ +GL_GGL_GNULIB_MBSSTR = @GL_GGL_GNULIB_MBSSTR@ +GL_GGL_GNULIB_MBSTOK_R = @GL_GGL_GNULIB_MBSTOK_R@ +GL_GGL_GNULIB_MBTOWC = @GL_GGL_GNULIB_MBTOWC@ +GL_GGL_GNULIB_MDA_ACCESS = @GL_GGL_GNULIB_MDA_ACCESS@ +GL_GGL_GNULIB_MDA_CHDIR = @GL_GGL_GNULIB_MDA_CHDIR@ +GL_GGL_GNULIB_MDA_CHMOD = @GL_GGL_GNULIB_MDA_CHMOD@ +GL_GGL_GNULIB_MDA_CLOSE = @GL_GGL_GNULIB_MDA_CLOSE@ +GL_GGL_GNULIB_MDA_CREAT = @GL_GGL_GNULIB_MDA_CREAT@ +GL_GGL_GNULIB_MDA_DUP = @GL_GGL_GNULIB_MDA_DUP@ +GL_GGL_GNULIB_MDA_DUP2 = @GL_GGL_GNULIB_MDA_DUP2@ +GL_GGL_GNULIB_MDA_ECVT = @GL_GGL_GNULIB_MDA_ECVT@ +GL_GGL_GNULIB_MDA_EXECL = @GL_GGL_GNULIB_MDA_EXECL@ +GL_GGL_GNULIB_MDA_EXECLE = @GL_GGL_GNULIB_MDA_EXECLE@ +GL_GGL_GNULIB_MDA_EXECLP = @GL_GGL_GNULIB_MDA_EXECLP@ +GL_GGL_GNULIB_MDA_EXECV = @GL_GGL_GNULIB_MDA_EXECV@ +GL_GGL_GNULIB_MDA_EXECVE = @GL_GGL_GNULIB_MDA_EXECVE@ +GL_GGL_GNULIB_MDA_EXECVP = @GL_GGL_GNULIB_MDA_EXECVP@ +GL_GGL_GNULIB_MDA_EXECVPE = @GL_GGL_GNULIB_MDA_EXECVPE@ +GL_GGL_GNULIB_MDA_FCLOSEALL = @GL_GGL_GNULIB_MDA_FCLOSEALL@ +GL_GGL_GNULIB_MDA_FCVT = @GL_GGL_GNULIB_MDA_FCVT@ +GL_GGL_GNULIB_MDA_FDOPEN = @GL_GGL_GNULIB_MDA_FDOPEN@ +GL_GGL_GNULIB_MDA_FILENO = @GL_GGL_GNULIB_MDA_FILENO@ +GL_GGL_GNULIB_MDA_GCVT = @GL_GGL_GNULIB_MDA_GCVT@ +GL_GGL_GNULIB_MDA_GETCWD = @GL_GGL_GNULIB_MDA_GETCWD@ +GL_GGL_GNULIB_MDA_GETPID = @GL_GGL_GNULIB_MDA_GETPID@ +GL_GGL_GNULIB_MDA_GETW = @GL_GGL_GNULIB_MDA_GETW@ +GL_GGL_GNULIB_MDA_ISATTY = @GL_GGL_GNULIB_MDA_ISATTY@ +GL_GGL_GNULIB_MDA_LSEEK = @GL_GGL_GNULIB_MDA_LSEEK@ +GL_GGL_GNULIB_MDA_MEMCCPY = @GL_GGL_GNULIB_MDA_MEMCCPY@ +GL_GGL_GNULIB_MDA_MKDIR = @GL_GGL_GNULIB_MDA_MKDIR@ +GL_GGL_GNULIB_MDA_MKTEMP = @GL_GGL_GNULIB_MDA_MKTEMP@ +GL_GGL_GNULIB_MDA_OPEN = @GL_GGL_GNULIB_MDA_OPEN@ +GL_GGL_GNULIB_MDA_PUTENV = @GL_GGL_GNULIB_MDA_PUTENV@ +GL_GGL_GNULIB_MDA_PUTW = @GL_GGL_GNULIB_MDA_PUTW@ +GL_GGL_GNULIB_MDA_READ = @GL_GGL_GNULIB_MDA_READ@ +GL_GGL_GNULIB_MDA_RMDIR = @GL_GGL_GNULIB_MDA_RMDIR@ +GL_GGL_GNULIB_MDA_STRDUP = @GL_GGL_GNULIB_MDA_STRDUP@ +GL_GGL_GNULIB_MDA_SWAB = @GL_GGL_GNULIB_MDA_SWAB@ +GL_GGL_GNULIB_MDA_TEMPNAM = @GL_GGL_GNULIB_MDA_TEMPNAM@ +GL_GGL_GNULIB_MDA_TZSET = @GL_GGL_GNULIB_MDA_TZSET@ +GL_GGL_GNULIB_MDA_UMASK = @GL_GGL_GNULIB_MDA_UMASK@ +GL_GGL_GNULIB_MDA_UNLINK = @GL_GGL_GNULIB_MDA_UNLINK@ +GL_GGL_GNULIB_MDA_WCSDUP = @GL_GGL_GNULIB_MDA_WCSDUP@ +GL_GGL_GNULIB_MDA_WRITE = @GL_GGL_GNULIB_MDA_WRITE@ +GL_GGL_GNULIB_MEMCHR = @GL_GGL_GNULIB_MEMCHR@ +GL_GGL_GNULIB_MEMMEM = @GL_GGL_GNULIB_MEMMEM@ +GL_GGL_GNULIB_MEMPCPY = @GL_GGL_GNULIB_MEMPCPY@ +GL_GGL_GNULIB_MEMRCHR = @GL_GGL_GNULIB_MEMRCHR@ +GL_GGL_GNULIB_MKDIR = @GL_GGL_GNULIB_MKDIR@ +GL_GGL_GNULIB_MKDIRAT = @GL_GGL_GNULIB_MKDIRAT@ +GL_GGL_GNULIB_MKDTEMP = @GL_GGL_GNULIB_MKDTEMP@ +GL_GGL_GNULIB_MKFIFO = @GL_GGL_GNULIB_MKFIFO@ +GL_GGL_GNULIB_MKFIFOAT = @GL_GGL_GNULIB_MKFIFOAT@ +GL_GGL_GNULIB_MKNOD = @GL_GGL_GNULIB_MKNOD@ +GL_GGL_GNULIB_MKNODAT = @GL_GGL_GNULIB_MKNODAT@ +GL_GGL_GNULIB_MKOSTEMP = @GL_GGL_GNULIB_MKOSTEMP@ +GL_GGL_GNULIB_MKOSTEMPS = @GL_GGL_GNULIB_MKOSTEMPS@ +GL_GGL_GNULIB_MKSTEMP = @GL_GGL_GNULIB_MKSTEMP@ +GL_GGL_GNULIB_MKSTEMPS = @GL_GGL_GNULIB_MKSTEMPS@ +GL_GGL_GNULIB_MKTIME = @GL_GGL_GNULIB_MKTIME@ +GL_GGL_GNULIB_NANOSLEEP = @GL_GGL_GNULIB_NANOSLEEP@ +GL_GGL_GNULIB_NL_LANGINFO = @GL_GGL_GNULIB_NL_LANGINFO@ +GL_GGL_GNULIB_NONBLOCKING = @GL_GGL_GNULIB_NONBLOCKING@ +GL_GGL_GNULIB_OBSTACK_PRINTF = @GL_GGL_GNULIB_OBSTACK_PRINTF@ +GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GGL_GNULIB_OBSTACK_PRINTF_POSIX@ +GL_GGL_GNULIB_OPEN = @GL_GGL_GNULIB_OPEN@ +GL_GGL_GNULIB_OPENAT = @GL_GGL_GNULIB_OPENAT@ +GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GGL_GNULIB_OVERRIDES_STRUCT_STAT@ +GL_GGL_GNULIB_PCLOSE = @GL_GGL_GNULIB_PCLOSE@ +GL_GGL_GNULIB_PERROR = @GL_GGL_GNULIB_PERROR@ +GL_GGL_GNULIB_PIPE = @GL_GGL_GNULIB_PIPE@ +GL_GGL_GNULIB_PIPE2 = @GL_GGL_GNULIB_PIPE2@ +GL_GGL_GNULIB_POPEN = @GL_GGL_GNULIB_POPEN@ +GL_GGL_GNULIB_POSIX_MEMALIGN = @GL_GGL_GNULIB_POSIX_MEMALIGN@ +GL_GGL_GNULIB_POSIX_OPENPT = @GL_GGL_GNULIB_POSIX_OPENPT@ +GL_GGL_GNULIB_PREAD = @GL_GGL_GNULIB_PREAD@ +GL_GGL_GNULIB_PRINTF = @GL_GGL_GNULIB_PRINTF@ +GL_GGL_GNULIB_PRINTF_POSIX = @GL_GGL_GNULIB_PRINTF_POSIX@ +GL_GGL_GNULIB_PSELECT = @GL_GGL_GNULIB_PSELECT@ +GL_GGL_GNULIB_PTHREAD_COND = @GL_GGL_GNULIB_PTHREAD_COND@ +GL_GGL_GNULIB_PTHREAD_MUTEX = @GL_GGL_GNULIB_PTHREAD_MUTEX@ +GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK = @GL_GGL_GNULIB_PTHREAD_MUTEX_TIMEDLOCK@ +GL_GGL_GNULIB_PTHREAD_ONCE = @GL_GGL_GNULIB_PTHREAD_ONCE@ +GL_GGL_GNULIB_PTHREAD_RWLOCK = @GL_GGL_GNULIB_PTHREAD_RWLOCK@ +GL_GGL_GNULIB_PTHREAD_SIGMASK = @GL_GGL_GNULIB_PTHREAD_SIGMASK@ +GL_GGL_GNULIB_PTHREAD_SPIN = @GL_GGL_GNULIB_PTHREAD_SPIN@ +GL_GGL_GNULIB_PTHREAD_THREAD = @GL_GGL_GNULIB_PTHREAD_THREAD@ +GL_GGL_GNULIB_PTHREAD_TSS = @GL_GGL_GNULIB_PTHREAD_TSS@ +GL_GGL_GNULIB_PTSNAME = @GL_GGL_GNULIB_PTSNAME@ +GL_GGL_GNULIB_PTSNAME_R = @GL_GGL_GNULIB_PTSNAME_R@ +GL_GGL_GNULIB_PUTC = @GL_GGL_GNULIB_PUTC@ +GL_GGL_GNULIB_PUTCHAR = @GL_GGL_GNULIB_PUTCHAR@ +GL_GGL_GNULIB_PUTENV = @GL_GGL_GNULIB_PUTENV@ +GL_GGL_GNULIB_PUTS = @GL_GGL_GNULIB_PUTS@ +GL_GGL_GNULIB_PWRITE = @GL_GGL_GNULIB_PWRITE@ +GL_GGL_GNULIB_QSORT_R = @GL_GGL_GNULIB_QSORT_R@ +GL_GGL_GNULIB_RAISE = @GL_GGL_GNULIB_RAISE@ +GL_GGL_GNULIB_RANDOM = @GL_GGL_GNULIB_RANDOM@ +GL_GGL_GNULIB_RANDOM_R = @GL_GGL_GNULIB_RANDOM_R@ +GL_GGL_GNULIB_RAWMEMCHR = @GL_GGL_GNULIB_RAWMEMCHR@ +GL_GGL_GNULIB_READ = @GL_GGL_GNULIB_READ@ +GL_GGL_GNULIB_READLINK = @GL_GGL_GNULIB_READLINK@ +GL_GGL_GNULIB_READLINKAT = @GL_GGL_GNULIB_READLINKAT@ +GL_GGL_GNULIB_REALLOCARRAY = @GL_GGL_GNULIB_REALLOCARRAY@ +GL_GGL_GNULIB_REALLOC_POSIX = @GL_GGL_GNULIB_REALLOC_POSIX@ +GL_GGL_GNULIB_REALPATH = @GL_GGL_GNULIB_REALPATH@ +GL_GGL_GNULIB_RECV = @GL_GGL_GNULIB_RECV@ +GL_GGL_GNULIB_RECVFROM = @GL_GGL_GNULIB_RECVFROM@ +GL_GGL_GNULIB_REMOVE = @GL_GGL_GNULIB_REMOVE@ +GL_GGL_GNULIB_RENAME = @GL_GGL_GNULIB_RENAME@ +GL_GGL_GNULIB_RENAMEAT = @GL_GGL_GNULIB_RENAMEAT@ +GL_GGL_GNULIB_RMDIR = @GL_GGL_GNULIB_RMDIR@ +GL_GGL_GNULIB_RPMATCH = @GL_GGL_GNULIB_RPMATCH@ +GL_GGL_GNULIB_SCANF = @GL_GGL_GNULIB_SCANF@ +GL_GGL_GNULIB_SCHED_YIELD = @GL_GGL_GNULIB_SCHED_YIELD@ +GL_GGL_GNULIB_SECURE_GETENV = @GL_GGL_GNULIB_SECURE_GETENV@ +GL_GGL_GNULIB_SELECT = @GL_GGL_GNULIB_SELECT@ +GL_GGL_GNULIB_SEND = @GL_GGL_GNULIB_SEND@ +GL_GGL_GNULIB_SENDTO = @GL_GGL_GNULIB_SENDTO@ +GL_GGL_GNULIB_SETENV = @GL_GGL_GNULIB_SETENV@ +GL_GGL_GNULIB_SETHOSTNAME = @GL_GGL_GNULIB_SETHOSTNAME@ +GL_GGL_GNULIB_SETLOCALE = @GL_GGL_GNULIB_SETLOCALE@ +GL_GGL_GNULIB_SETLOCALE_NULL = @GL_GGL_GNULIB_SETLOCALE_NULL@ +GL_GGL_GNULIB_SETSOCKOPT = @GL_GGL_GNULIB_SETSOCKOPT@ +GL_GGL_GNULIB_SHUTDOWN = @GL_GGL_GNULIB_SHUTDOWN@ +GL_GGL_GNULIB_SIGABBREV_NP = @GL_GGL_GNULIB_SIGABBREV_NP@ +GL_GGL_GNULIB_SIGACTION = @GL_GGL_GNULIB_SIGACTION@ +GL_GGL_GNULIB_SIGDESCR_NP = @GL_GGL_GNULIB_SIGDESCR_NP@ +GL_GGL_GNULIB_SIGNAL_H_SIGPIPE = @GL_GGL_GNULIB_SIGNAL_H_SIGPIPE@ +GL_GGL_GNULIB_SIGPROCMASK = @GL_GGL_GNULIB_SIGPROCMASK@ +GL_GGL_GNULIB_SLEEP = @GL_GGL_GNULIB_SLEEP@ +GL_GGL_GNULIB_SNPRINTF = @GL_GGL_GNULIB_SNPRINTF@ +GL_GGL_GNULIB_SOCKET = @GL_GGL_GNULIB_SOCKET@ +GL_GGL_GNULIB_SPRINTF_POSIX = @GL_GGL_GNULIB_SPRINTF_POSIX@ +GL_GGL_GNULIB_STAT = @GL_GGL_GNULIB_STAT@ +GL_GGL_GNULIB_STDIO_H_NONBLOCKING = @GL_GGL_GNULIB_STDIO_H_NONBLOCKING@ +GL_GGL_GNULIB_STDIO_H_SIGPIPE = @GL_GGL_GNULIB_STDIO_H_SIGPIPE@ +GL_GGL_GNULIB_STPCPY = @GL_GGL_GNULIB_STPCPY@ +GL_GGL_GNULIB_STPNCPY = @GL_GGL_GNULIB_STPNCPY@ +GL_GGL_GNULIB_STRCASESTR = @GL_GGL_GNULIB_STRCASESTR@ +GL_GGL_GNULIB_STRCHRNUL = @GL_GGL_GNULIB_STRCHRNUL@ +GL_GGL_GNULIB_STRDUP = @GL_GGL_GNULIB_STRDUP@ +GL_GGL_GNULIB_STRERROR = @GL_GGL_GNULIB_STRERROR@ +GL_GGL_GNULIB_STRERRORNAME_NP = @GL_GGL_GNULIB_STRERRORNAME_NP@ +GL_GGL_GNULIB_STRERROR_R = @GL_GGL_GNULIB_STRERROR_R@ +GL_GGL_GNULIB_STRFTIME = @GL_GGL_GNULIB_STRFTIME@ +GL_GGL_GNULIB_STRNCAT = @GL_GGL_GNULIB_STRNCAT@ +GL_GGL_GNULIB_STRNDUP = @GL_GGL_GNULIB_STRNDUP@ +GL_GGL_GNULIB_STRNLEN = @GL_GGL_GNULIB_STRNLEN@ +GL_GGL_GNULIB_STRPBRK = @GL_GGL_GNULIB_STRPBRK@ +GL_GGL_GNULIB_STRPTIME = @GL_GGL_GNULIB_STRPTIME@ +GL_GGL_GNULIB_STRSEP = @GL_GGL_GNULIB_STRSEP@ +GL_GGL_GNULIB_STRSIGNAL = @GL_GGL_GNULIB_STRSIGNAL@ +GL_GGL_GNULIB_STRSTR = @GL_GGL_GNULIB_STRSTR@ +GL_GGL_GNULIB_STRTOD = @GL_GGL_GNULIB_STRTOD@ +GL_GGL_GNULIB_STRTOIMAX = @GL_GGL_GNULIB_STRTOIMAX@ +GL_GGL_GNULIB_STRTOK_R = @GL_GGL_GNULIB_STRTOK_R@ +GL_GGL_GNULIB_STRTOL = @GL_GGL_GNULIB_STRTOL@ +GL_GGL_GNULIB_STRTOLD = @GL_GGL_GNULIB_STRTOLD@ +GL_GGL_GNULIB_STRTOLL = @GL_GGL_GNULIB_STRTOLL@ +GL_GGL_GNULIB_STRTOUL = @GL_GGL_GNULIB_STRTOUL@ +GL_GGL_GNULIB_STRTOULL = @GL_GGL_GNULIB_STRTOULL@ +GL_GGL_GNULIB_STRTOUMAX = @GL_GGL_GNULIB_STRTOUMAX@ +GL_GGL_GNULIB_STRVERSCMP = @GL_GGL_GNULIB_STRVERSCMP@ +GL_GGL_GNULIB_SYMLINK = @GL_GGL_GNULIB_SYMLINK@ +GL_GGL_GNULIB_SYMLINKAT = @GL_GGL_GNULIB_SYMLINKAT@ +GL_GGL_GNULIB_SYSTEM_POSIX = @GL_GGL_GNULIB_SYSTEM_POSIX@ +GL_GGL_GNULIB_TIMEGM = @GL_GGL_GNULIB_TIMEGM@ +GL_GGL_GNULIB_TIMESPEC_GET = @GL_GGL_GNULIB_TIMESPEC_GET@ +GL_GGL_GNULIB_TIME_R = @GL_GGL_GNULIB_TIME_R@ +GL_GGL_GNULIB_TIME_RZ = @GL_GGL_GNULIB_TIME_RZ@ +GL_GGL_GNULIB_TMPFILE = @GL_GGL_GNULIB_TMPFILE@ +GL_GGL_GNULIB_TRUNCATE = @GL_GGL_GNULIB_TRUNCATE@ +GL_GGL_GNULIB_TTYNAME_R = @GL_GGL_GNULIB_TTYNAME_R@ +GL_GGL_GNULIB_TZSET = @GL_GGL_GNULIB_TZSET@ +GL_GGL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GGL_GNULIB_UNISTD_H_NONBLOCKING@ +GL_GGL_GNULIB_UNISTD_H_SIGPIPE = @GL_GGL_GNULIB_UNISTD_H_SIGPIPE@ +GL_GGL_GNULIB_UNLINK = @GL_GGL_GNULIB_UNLINK@ +GL_GGL_GNULIB_UNLINKAT = @GL_GGL_GNULIB_UNLINKAT@ +GL_GGL_GNULIB_UNLOCKPT = @GL_GGL_GNULIB_UNLOCKPT@ +GL_GGL_GNULIB_UNSETENV = @GL_GGL_GNULIB_UNSETENV@ +GL_GGL_GNULIB_USLEEP = @GL_GGL_GNULIB_USLEEP@ +GL_GGL_GNULIB_UTIMENSAT = @GL_GGL_GNULIB_UTIMENSAT@ +GL_GGL_GNULIB_VASPRINTF = @GL_GGL_GNULIB_VASPRINTF@ +GL_GGL_GNULIB_VDPRINTF = @GL_GGL_GNULIB_VDPRINTF@ +GL_GGL_GNULIB_VFPRINTF = @GL_GGL_GNULIB_VFPRINTF@ +GL_GGL_GNULIB_VFPRINTF_POSIX = @GL_GGL_GNULIB_VFPRINTF_POSIX@ +GL_GGL_GNULIB_VFSCANF = @GL_GGL_GNULIB_VFSCANF@ +GL_GGL_GNULIB_VPRINTF = @GL_GGL_GNULIB_VPRINTF@ +GL_GGL_GNULIB_VPRINTF_POSIX = @GL_GGL_GNULIB_VPRINTF_POSIX@ +GL_GGL_GNULIB_VSCANF = @GL_GGL_GNULIB_VSCANF@ +GL_GGL_GNULIB_VSNPRINTF = @GL_GGL_GNULIB_VSNPRINTF@ +GL_GGL_GNULIB_VSPRINTF_POSIX = @GL_GGL_GNULIB_VSPRINTF_POSIX@ +GL_GGL_GNULIB_WCPCPY = @GL_GGL_GNULIB_WCPCPY@ +GL_GGL_GNULIB_WCPNCPY = @GL_GGL_GNULIB_WCPNCPY@ +GL_GGL_GNULIB_WCRTOMB = @GL_GGL_GNULIB_WCRTOMB@ +GL_GGL_GNULIB_WCSCASECMP = @GL_GGL_GNULIB_WCSCASECMP@ +GL_GGL_GNULIB_WCSCAT = @GL_GGL_GNULIB_WCSCAT@ +GL_GGL_GNULIB_WCSCHR = @GL_GGL_GNULIB_WCSCHR@ +GL_GGL_GNULIB_WCSCMP = @GL_GGL_GNULIB_WCSCMP@ +GL_GGL_GNULIB_WCSCOLL = @GL_GGL_GNULIB_WCSCOLL@ +GL_GGL_GNULIB_WCSCPY = @GL_GGL_GNULIB_WCSCPY@ +GL_GGL_GNULIB_WCSCSPN = @GL_GGL_GNULIB_WCSCSPN@ +GL_GGL_GNULIB_WCSDUP = @GL_GGL_GNULIB_WCSDUP@ +GL_GGL_GNULIB_WCSFTIME = @GL_GGL_GNULIB_WCSFTIME@ +GL_GGL_GNULIB_WCSLEN = @GL_GGL_GNULIB_WCSLEN@ +GL_GGL_GNULIB_WCSNCASECMP = @GL_GGL_GNULIB_WCSNCASECMP@ +GL_GGL_GNULIB_WCSNCAT = @GL_GGL_GNULIB_WCSNCAT@ +GL_GGL_GNULIB_WCSNCMP = @GL_GGL_GNULIB_WCSNCMP@ +GL_GGL_GNULIB_WCSNCPY = @GL_GGL_GNULIB_WCSNCPY@ +GL_GGL_GNULIB_WCSNLEN = @GL_GGL_GNULIB_WCSNLEN@ +GL_GGL_GNULIB_WCSNRTOMBS = @GL_GGL_GNULIB_WCSNRTOMBS@ +GL_GGL_GNULIB_WCSPBRK = @GL_GGL_GNULIB_WCSPBRK@ +GL_GGL_GNULIB_WCSRCHR = @GL_GGL_GNULIB_WCSRCHR@ +GL_GGL_GNULIB_WCSRTOMBS = @GL_GGL_GNULIB_WCSRTOMBS@ +GL_GGL_GNULIB_WCSSPN = @GL_GGL_GNULIB_WCSSPN@ +GL_GGL_GNULIB_WCSSTR = @GL_GGL_GNULIB_WCSSTR@ +GL_GGL_GNULIB_WCSTOK = @GL_GGL_GNULIB_WCSTOK@ +GL_GGL_GNULIB_WCSWIDTH = @GL_GGL_GNULIB_WCSWIDTH@ +GL_GGL_GNULIB_WCSXFRM = @GL_GGL_GNULIB_WCSXFRM@ +GL_GGL_GNULIB_WCTOB = @GL_GGL_GNULIB_WCTOB@ +GL_GGL_GNULIB_WCTOMB = @GL_GGL_GNULIB_WCTOMB@ +GL_GGL_GNULIB_WCWIDTH = @GL_GGL_GNULIB_WCWIDTH@ +GL_GGL_GNULIB_WMEMCHR = @GL_GGL_GNULIB_WMEMCHR@ +GL_GGL_GNULIB_WMEMCMP = @GL_GGL_GNULIB_WMEMCMP@ +GL_GGL_GNULIB_WMEMCPY = @GL_GGL_GNULIB_WMEMCPY@ +GL_GGL_GNULIB_WMEMMOVE = @GL_GGL_GNULIB_WMEMMOVE@ +GL_GGL_GNULIB_WMEMPCPY = @GL_GGL_GNULIB_WMEMPCPY@ +GL_GGL_GNULIB_WMEMSET = @GL_GGL_GNULIB_WMEMSET@ +GL_GGL_GNULIB_WRITE = @GL_GGL_GNULIB_WRITE@ +GL_GGL_GNULIB__EXIT = @GL_GGL_GNULIB__EXIT@ +GL_GNULIB_ACCEPT = @GL_GNULIB_ACCEPT@ +GL_GNULIB_ACCEPT4 = @GL_GNULIB_ACCEPT4@ +GL_GNULIB_ACCESS = @GL_GNULIB_ACCESS@ +GL_GNULIB_ALIGNED_ALLOC = @GL_GNULIB_ALIGNED_ALLOC@ +GL_GNULIB_ATOLL = @GL_GNULIB_ATOLL@ +GL_GNULIB_BIND = @GL_GNULIB_BIND@ +GL_GNULIB_BTOWC = @GL_GNULIB_BTOWC@ +GL_GNULIB_CALLOC_POSIX = @GL_GNULIB_CALLOC_POSIX@ +GL_GNULIB_CANONICALIZE_FILE_NAME = @GL_GNULIB_CANONICALIZE_FILE_NAME@ +GL_GNULIB_CHDIR = @GL_GNULIB_CHDIR@ +GL_GNULIB_CHOWN = @GL_GNULIB_CHOWN@ +GL_GNULIB_CLOSE = @GL_GNULIB_CLOSE@ +GL_GNULIB_CONNECT = @GL_GNULIB_CONNECT@ +GL_GNULIB_COPY_FILE_RANGE = @GL_GNULIB_COPY_FILE_RANGE@ +GL_GNULIB_CREAT = @GL_GNULIB_CREAT@ +GL_GNULIB_CTIME = @GL_GNULIB_CTIME@ +GL_GNULIB_DPRINTF = @GL_GNULIB_DPRINTF@ +GL_GNULIB_DUP = @GL_GNULIB_DUP@ +GL_GNULIB_DUP2 = @GL_GNULIB_DUP2@ +GL_GNULIB_DUP3 = @GL_GNULIB_DUP3@ +GL_GNULIB_ENVIRON = @GL_GNULIB_ENVIRON@ +GL_GNULIB_EUIDACCESS = @GL_GNULIB_EUIDACCESS@ +GL_GNULIB_EXECL = @GL_GNULIB_EXECL@ +GL_GNULIB_EXECLE = @GL_GNULIB_EXECLE@ +GL_GNULIB_EXECLP = @GL_GNULIB_EXECLP@ +GL_GNULIB_EXECV = @GL_GNULIB_EXECV@ +GL_GNULIB_EXECVE = @GL_GNULIB_EXECVE@ +GL_GNULIB_EXECVP = @GL_GNULIB_EXECVP@ +GL_GNULIB_EXECVPE = @GL_GNULIB_EXECVPE@ +GL_GNULIB_EXPLICIT_BZERO = @GL_GNULIB_EXPLICIT_BZERO@ +GL_GNULIB_FACCESSAT = @GL_GNULIB_FACCESSAT@ +GL_GNULIB_FCHDIR = @GL_GNULIB_FCHDIR@ +GL_GNULIB_FCHMODAT = @GL_GNULIB_FCHMODAT@ +GL_GNULIB_FCHOWNAT = @GL_GNULIB_FCHOWNAT@ +GL_GNULIB_FCLOSE = @GL_GNULIB_FCLOSE@ +GL_GNULIB_FCNTL = @GL_GNULIB_FCNTL@ +GL_GNULIB_FDATASYNC = @GL_GNULIB_FDATASYNC@ +GL_GNULIB_FDOPEN = @GL_GNULIB_FDOPEN@ +GL_GNULIB_FFLUSH = @GL_GNULIB_FFLUSH@ +GL_GNULIB_FFS = @GL_GNULIB_FFS@ +GL_GNULIB_FFSL = @GL_GNULIB_FFSL@ +GL_GNULIB_FFSLL = @GL_GNULIB_FFSLL@ +GL_GNULIB_FGETC = @GL_GNULIB_FGETC@ +GL_GNULIB_FGETS = @GL_GNULIB_FGETS@ +GL_GNULIB_FOPEN = @GL_GNULIB_FOPEN@ +GL_GNULIB_FPRINTF = @GL_GNULIB_FPRINTF@ +GL_GNULIB_FPRINTF_POSIX = @GL_GNULIB_FPRINTF_POSIX@ +GL_GNULIB_FPURGE = @GL_GNULIB_FPURGE@ +GL_GNULIB_FPUTC = @GL_GNULIB_FPUTC@ +GL_GNULIB_FPUTS = @GL_GNULIB_FPUTS@ +GL_GNULIB_FREAD = @GL_GNULIB_FREAD@ +GL_GNULIB_FREE_POSIX = @GL_GNULIB_FREE_POSIX@ +GL_GNULIB_FREOPEN = @GL_GNULIB_FREOPEN@ +GL_GNULIB_FSCANF = @GL_GNULIB_FSCANF@ +GL_GNULIB_FSEEK = @GL_GNULIB_FSEEK@ +GL_GNULIB_FSEEKO = @GL_GNULIB_FSEEKO@ +GL_GNULIB_FSTAT = @GL_GNULIB_FSTAT@ +GL_GNULIB_FSTATAT = @GL_GNULIB_FSTATAT@ +GL_GNULIB_FSYNC = @GL_GNULIB_FSYNC@ +GL_GNULIB_FTELL = @GL_GNULIB_FTELL@ +GL_GNULIB_FTELLO = @GL_GNULIB_FTELLO@ +GL_GNULIB_FTRUNCATE = @GL_GNULIB_FTRUNCATE@ +GL_GNULIB_FUTIMENS = @GL_GNULIB_FUTIMENS@ +GL_GNULIB_FWRITE = @GL_GNULIB_FWRITE@ +GL_GNULIB_GETADDRINFO = @GL_GNULIB_GETADDRINFO@ +GL_GNULIB_GETC = @GL_GNULIB_GETC@ +GL_GNULIB_GETCHAR = @GL_GNULIB_GETCHAR@ +GL_GNULIB_GETCWD = @GL_GNULIB_GETCWD@ +GL_GNULIB_GETDELIM = @GL_GNULIB_GETDELIM@ +GL_GNULIB_GETDOMAINNAME = @GL_GNULIB_GETDOMAINNAME@ +GL_GNULIB_GETDTABLESIZE = @GL_GNULIB_GETDTABLESIZE@ +GL_GNULIB_GETENTROPY = @GL_GNULIB_GETENTROPY@ +GL_GNULIB_GETGROUPS = @GL_GNULIB_GETGROUPS@ +GL_GNULIB_GETHOSTNAME = @GL_GNULIB_GETHOSTNAME@ +GL_GNULIB_GETLINE = @GL_GNULIB_GETLINE@ +GL_GNULIB_GETLOADAVG = @GL_GNULIB_GETLOADAVG@ +GL_GNULIB_GETLOGIN = @GL_GNULIB_GETLOGIN@ +GL_GNULIB_GETLOGIN_R = @GL_GNULIB_GETLOGIN_R@ +GL_GNULIB_GETOPT_POSIX = @GL_GNULIB_GETOPT_POSIX@ +GL_GNULIB_GETPAGESIZE = @GL_GNULIB_GETPAGESIZE@ +GL_GNULIB_GETPASS = @GL_GNULIB_GETPASS@ +GL_GNULIB_GETPEERNAME = @GL_GNULIB_GETPEERNAME@ +GL_GNULIB_GETSOCKNAME = @GL_GNULIB_GETSOCKNAME@ +GL_GNULIB_GETSOCKOPT = @GL_GNULIB_GETSOCKOPT@ +GL_GNULIB_GETSUBOPT = @GL_GNULIB_GETSUBOPT@ +GL_GNULIB_GETTIMEOFDAY = @GL_GNULIB_GETTIMEOFDAY@ +GL_GNULIB_GETUMASK = @GL_GNULIB_GETUMASK@ +GL_GNULIB_GETUSERSHELL = @GL_GNULIB_GETUSERSHELL@ +GL_GNULIB_GRANTPT = @GL_GNULIB_GRANTPT@ +GL_GNULIB_GROUP_MEMBER = @GL_GNULIB_GROUP_MEMBER@ +GL_GNULIB_IMAXABS = @GL_GNULIB_IMAXABS@ +GL_GNULIB_IMAXDIV = @GL_GNULIB_IMAXDIV@ +GL_GNULIB_INET_NTOP = @GL_GNULIB_INET_NTOP@ +GL_GNULIB_INET_PTON = @GL_GNULIB_INET_PTON@ +GL_GNULIB_ISATTY = @GL_GNULIB_ISATTY@ +GL_GNULIB_LCHMOD = @GL_GNULIB_LCHMOD@ +GL_GNULIB_LCHOWN = @GL_GNULIB_LCHOWN@ +GL_GNULIB_LINK = @GL_GNULIB_LINK@ +GL_GNULIB_LINKAT = @GL_GNULIB_LINKAT@ +GL_GNULIB_LISTEN = @GL_GNULIB_LISTEN@ +GL_GNULIB_LOCALTIME = @GL_GNULIB_LOCALTIME@ +GL_GNULIB_LSEEK = @GL_GNULIB_LSEEK@ +GL_GNULIB_LSTAT = @GL_GNULIB_LSTAT@ +GL_GNULIB_MALLOC_POSIX = @GL_GNULIB_MALLOC_POSIX@ +GL_GNULIB_MBRLEN = @GL_GNULIB_MBRLEN@ +GL_GNULIB_MBRTOWC = @GL_GNULIB_MBRTOWC@ +GL_GNULIB_MBSCASECMP = @GL_GNULIB_MBSCASECMP@ +GL_GNULIB_MBSCASESTR = @GL_GNULIB_MBSCASESTR@ +GL_GNULIB_MBSCHR = @GL_GNULIB_MBSCHR@ +GL_GNULIB_MBSCSPN = @GL_GNULIB_MBSCSPN@ +GL_GNULIB_MBSINIT = @GL_GNULIB_MBSINIT@ +GL_GNULIB_MBSLEN = @GL_GNULIB_MBSLEN@ +GL_GNULIB_MBSNCASECMP = @GL_GNULIB_MBSNCASECMP@ +GL_GNULIB_MBSNLEN = @GL_GNULIB_MBSNLEN@ +GL_GNULIB_MBSNRTOWCS = @GL_GNULIB_MBSNRTOWCS@ +GL_GNULIB_MBSPBRK = @GL_GNULIB_MBSPBRK@ +GL_GNULIB_MBSPCASECMP = @GL_GNULIB_MBSPCASECMP@ +GL_GNULIB_MBSRCHR = @GL_GNULIB_MBSRCHR@ +GL_GNULIB_MBSRTOWCS = @GL_GNULIB_MBSRTOWCS@ +GL_GNULIB_MBSSEP = @GL_GNULIB_MBSSEP@ +GL_GNULIB_MBSSPN = @GL_GNULIB_MBSSPN@ +GL_GNULIB_MBSSTR = @GL_GNULIB_MBSSTR@ +GL_GNULIB_MBSTOK_R = @GL_GNULIB_MBSTOK_R@ +GL_GNULIB_MBTOWC = @GL_GNULIB_MBTOWC@ +GL_GNULIB_MDA_ACCESS = @GL_GNULIB_MDA_ACCESS@ +GL_GNULIB_MDA_CHDIR = @GL_GNULIB_MDA_CHDIR@ +GL_GNULIB_MDA_CHMOD = @GL_GNULIB_MDA_CHMOD@ +GL_GNULIB_MDA_CLOSE = @GL_GNULIB_MDA_CLOSE@ +GL_GNULIB_MDA_CREAT = @GL_GNULIB_MDA_CREAT@ +GL_GNULIB_MDA_DUP = @GL_GNULIB_MDA_DUP@ +GL_GNULIB_MDA_DUP2 = @GL_GNULIB_MDA_DUP2@ +GL_GNULIB_MDA_ECVT = @GL_GNULIB_MDA_ECVT@ +GL_GNULIB_MDA_EXECL = @GL_GNULIB_MDA_EXECL@ +GL_GNULIB_MDA_EXECLE = @GL_GNULIB_MDA_EXECLE@ +GL_GNULIB_MDA_EXECLP = @GL_GNULIB_MDA_EXECLP@ +GL_GNULIB_MDA_EXECV = @GL_GNULIB_MDA_EXECV@ +GL_GNULIB_MDA_EXECVE = @GL_GNULIB_MDA_EXECVE@ +GL_GNULIB_MDA_EXECVP = @GL_GNULIB_MDA_EXECVP@ +GL_GNULIB_MDA_EXECVPE = @GL_GNULIB_MDA_EXECVPE@ +GL_GNULIB_MDA_FCLOSEALL = @GL_GNULIB_MDA_FCLOSEALL@ +GL_GNULIB_MDA_FCVT = @GL_GNULIB_MDA_FCVT@ +GL_GNULIB_MDA_FDOPEN = @GL_GNULIB_MDA_FDOPEN@ +GL_GNULIB_MDA_FILENO = @GL_GNULIB_MDA_FILENO@ +GL_GNULIB_MDA_GCVT = @GL_GNULIB_MDA_GCVT@ +GL_GNULIB_MDA_GETCWD = @GL_GNULIB_MDA_GETCWD@ +GL_GNULIB_MDA_GETPID = @GL_GNULIB_MDA_GETPID@ +GL_GNULIB_MDA_GETW = @GL_GNULIB_MDA_GETW@ +GL_GNULIB_MDA_ISATTY = @GL_GNULIB_MDA_ISATTY@ +GL_GNULIB_MDA_LSEEK = @GL_GNULIB_MDA_LSEEK@ +GL_GNULIB_MDA_MEMCCPY = @GL_GNULIB_MDA_MEMCCPY@ +GL_GNULIB_MDA_MKDIR = @GL_GNULIB_MDA_MKDIR@ +GL_GNULIB_MDA_MKTEMP = @GL_GNULIB_MDA_MKTEMP@ +GL_GNULIB_MDA_OPEN = @GL_GNULIB_MDA_OPEN@ +GL_GNULIB_MDA_PUTENV = @GL_GNULIB_MDA_PUTENV@ +GL_GNULIB_MDA_PUTW = @GL_GNULIB_MDA_PUTW@ +GL_GNULIB_MDA_READ = @GL_GNULIB_MDA_READ@ +GL_GNULIB_MDA_RMDIR = @GL_GNULIB_MDA_RMDIR@ +GL_GNULIB_MDA_STRDUP = @GL_GNULIB_MDA_STRDUP@ +GL_GNULIB_MDA_SWAB = @GL_GNULIB_MDA_SWAB@ +GL_GNULIB_MDA_TEMPNAM = @GL_GNULIB_MDA_TEMPNAM@ +GL_GNULIB_MDA_TZSET = @GL_GNULIB_MDA_TZSET@ +GL_GNULIB_MDA_UMASK = @GL_GNULIB_MDA_UMASK@ +GL_GNULIB_MDA_UNLINK = @GL_GNULIB_MDA_UNLINK@ +GL_GNULIB_MDA_WCSDUP = @GL_GNULIB_MDA_WCSDUP@ +GL_GNULIB_MDA_WRITE = @GL_GNULIB_MDA_WRITE@ +GL_GNULIB_MEMCHR = @GL_GNULIB_MEMCHR@ +GL_GNULIB_MEMMEM = @GL_GNULIB_MEMMEM@ +GL_GNULIB_MEMPCPY = @GL_GNULIB_MEMPCPY@ +GL_GNULIB_MEMRCHR = @GL_GNULIB_MEMRCHR@ +GL_GNULIB_MKDIR = @GL_GNULIB_MKDIR@ +GL_GNULIB_MKDIRAT = @GL_GNULIB_MKDIRAT@ +GL_GNULIB_MKDTEMP = @GL_GNULIB_MKDTEMP@ +GL_GNULIB_MKFIFO = @GL_GNULIB_MKFIFO@ +GL_GNULIB_MKFIFOAT = @GL_GNULIB_MKFIFOAT@ +GL_GNULIB_MKNOD = @GL_GNULIB_MKNOD@ +GL_GNULIB_MKNODAT = @GL_GNULIB_MKNODAT@ +GL_GNULIB_MKOSTEMP = @GL_GNULIB_MKOSTEMP@ +GL_GNULIB_MKOSTEMPS = @GL_GNULIB_MKOSTEMPS@ +GL_GNULIB_MKSTEMP = @GL_GNULIB_MKSTEMP@ +GL_GNULIB_MKSTEMPS = @GL_GNULIB_MKSTEMPS@ +GL_GNULIB_MKTIME = @GL_GNULIB_MKTIME@ +GL_GNULIB_NANOSLEEP = @GL_GNULIB_NANOSLEEP@ +GL_GNULIB_NONBLOCKING = @GL_GNULIB_NONBLOCKING@ +GL_GNULIB_OBSTACK_PRINTF = @GL_GNULIB_OBSTACK_PRINTF@ +GL_GNULIB_OBSTACK_PRINTF_POSIX = @GL_GNULIB_OBSTACK_PRINTF_POSIX@ +GL_GNULIB_OPEN = @GL_GNULIB_OPEN@ +GL_GNULIB_OPENAT = @GL_GNULIB_OPENAT@ +GL_GNULIB_OVERRIDES_STRUCT_STAT = @GL_GNULIB_OVERRIDES_STRUCT_STAT@ +GL_GNULIB_PCLOSE = @GL_GNULIB_PCLOSE@ +GL_GNULIB_PERROR = @GL_GNULIB_PERROR@ +GL_GNULIB_PIPE = @GL_GNULIB_PIPE@ +GL_GNULIB_PIPE2 = @GL_GNULIB_PIPE2@ +GL_GNULIB_POPEN = @GL_GNULIB_POPEN@ +GL_GNULIB_POSIX_MEMALIGN = @GL_GNULIB_POSIX_MEMALIGN@ +GL_GNULIB_POSIX_OPENPT = @GL_GNULIB_POSIX_OPENPT@ +GL_GNULIB_PREAD = @GL_GNULIB_PREAD@ +GL_GNULIB_PRINTF = @GL_GNULIB_PRINTF@ +GL_GNULIB_PRINTF_POSIX = @GL_GNULIB_PRINTF_POSIX@ +GL_GNULIB_PTSNAME = @GL_GNULIB_PTSNAME@ +GL_GNULIB_PTSNAME_R = @GL_GNULIB_PTSNAME_R@ +GL_GNULIB_PUTC = @GL_GNULIB_PUTC@ +GL_GNULIB_PUTCHAR = @GL_GNULIB_PUTCHAR@ +GL_GNULIB_PUTENV = @GL_GNULIB_PUTENV@ +GL_GNULIB_PUTS = @GL_GNULIB_PUTS@ +GL_GNULIB_PWRITE = @GL_GNULIB_PWRITE@ +GL_GNULIB_QSORT_R = @GL_GNULIB_QSORT_R@ +GL_GNULIB_RANDOM = @GL_GNULIB_RANDOM@ +GL_GNULIB_RANDOM_R = @GL_GNULIB_RANDOM_R@ +GL_GNULIB_RAWMEMCHR = @GL_GNULIB_RAWMEMCHR@ +GL_GNULIB_READ = @GL_GNULIB_READ@ +GL_GNULIB_READLINK = @GL_GNULIB_READLINK@ +GL_GNULIB_READLINKAT = @GL_GNULIB_READLINKAT@ +GL_GNULIB_REALLOCARRAY = @GL_GNULIB_REALLOCARRAY@ +GL_GNULIB_REALLOC_POSIX = @GL_GNULIB_REALLOC_POSIX@ +GL_GNULIB_REALPATH = @GL_GNULIB_REALPATH@ +GL_GNULIB_RECV = @GL_GNULIB_RECV@ +GL_GNULIB_RECVFROM = @GL_GNULIB_RECVFROM@ +GL_GNULIB_REMOVE = @GL_GNULIB_REMOVE@ +GL_GNULIB_RENAME = @GL_GNULIB_RENAME@ +GL_GNULIB_RENAMEAT = @GL_GNULIB_RENAMEAT@ +GL_GNULIB_RMDIR = @GL_GNULIB_RMDIR@ +GL_GNULIB_RPMATCH = @GL_GNULIB_RPMATCH@ +GL_GNULIB_SCANF = @GL_GNULIB_SCANF@ +GL_GNULIB_SECURE_GETENV = @GL_GNULIB_SECURE_GETENV@ +GL_GNULIB_SEND = @GL_GNULIB_SEND@ +GL_GNULIB_SENDTO = @GL_GNULIB_SENDTO@ +GL_GNULIB_SETENV = @GL_GNULIB_SETENV@ +GL_GNULIB_SETHOSTNAME = @GL_GNULIB_SETHOSTNAME@ +GL_GNULIB_SETSOCKOPT = @GL_GNULIB_SETSOCKOPT@ +GL_GNULIB_SHUTDOWN = @GL_GNULIB_SHUTDOWN@ +GL_GNULIB_SIGABBREV_NP = @GL_GNULIB_SIGABBREV_NP@ +GL_GNULIB_SIGDESCR_NP = @GL_GNULIB_SIGDESCR_NP@ +GL_GNULIB_SLEEP = @GL_GNULIB_SLEEP@ +GL_GNULIB_SNPRINTF = @GL_GNULIB_SNPRINTF@ +GL_GNULIB_SOCKET = @GL_GNULIB_SOCKET@ +GL_GNULIB_SPRINTF_POSIX = @GL_GNULIB_SPRINTF_POSIX@ +GL_GNULIB_STAT = @GL_GNULIB_STAT@ +GL_GNULIB_STDIO_H_NONBLOCKING = @GL_GNULIB_STDIO_H_NONBLOCKING@ +GL_GNULIB_STDIO_H_SIGPIPE = @GL_GNULIB_STDIO_H_SIGPIPE@ +GL_GNULIB_STPCPY = @GL_GNULIB_STPCPY@ +GL_GNULIB_STPNCPY = @GL_GNULIB_STPNCPY@ +GL_GNULIB_STRCASESTR = @GL_GNULIB_STRCASESTR@ +GL_GNULIB_STRCHRNUL = @GL_GNULIB_STRCHRNUL@ +GL_GNULIB_STRDUP = @GL_GNULIB_STRDUP@ +GL_GNULIB_STRERROR = @GL_GNULIB_STRERROR@ +GL_GNULIB_STRERRORNAME_NP = @GL_GNULIB_STRERRORNAME_NP@ +GL_GNULIB_STRERROR_R = @GL_GNULIB_STRERROR_R@ +GL_GNULIB_STRFTIME = @GL_GNULIB_STRFTIME@ +GL_GNULIB_STRNCAT = @GL_GNULIB_STRNCAT@ +GL_GNULIB_STRNDUP = @GL_GNULIB_STRNDUP@ +GL_GNULIB_STRNLEN = @GL_GNULIB_STRNLEN@ +GL_GNULIB_STRPBRK = @GL_GNULIB_STRPBRK@ +GL_GNULIB_STRPTIME = @GL_GNULIB_STRPTIME@ +GL_GNULIB_STRSEP = @GL_GNULIB_STRSEP@ +GL_GNULIB_STRSIGNAL = @GL_GNULIB_STRSIGNAL@ +GL_GNULIB_STRSTR = @GL_GNULIB_STRSTR@ +GL_GNULIB_STRTOD = @GL_GNULIB_STRTOD@ +GL_GNULIB_STRTOIMAX = @GL_GNULIB_STRTOIMAX@ +GL_GNULIB_STRTOK_R = @GL_GNULIB_STRTOK_R@ +GL_GNULIB_STRTOL = @GL_GNULIB_STRTOL@ +GL_GNULIB_STRTOLD = @GL_GNULIB_STRTOLD@ +GL_GNULIB_STRTOLL = @GL_GNULIB_STRTOLL@ +GL_GNULIB_STRTOUL = @GL_GNULIB_STRTOUL@ +GL_GNULIB_STRTOULL = @GL_GNULIB_STRTOULL@ +GL_GNULIB_STRTOUMAX = @GL_GNULIB_STRTOUMAX@ +GL_GNULIB_STRVERSCMP = @GL_GNULIB_STRVERSCMP@ +GL_GNULIB_SYMLINK = @GL_GNULIB_SYMLINK@ +GL_GNULIB_SYMLINKAT = @GL_GNULIB_SYMLINKAT@ +GL_GNULIB_SYSTEM_POSIX = @GL_GNULIB_SYSTEM_POSIX@ +GL_GNULIB_TIMEGM = @GL_GNULIB_TIMEGM@ +GL_GNULIB_TIMESPEC_GET = @GL_GNULIB_TIMESPEC_GET@ +GL_GNULIB_TIME_R = @GL_GNULIB_TIME_R@ +GL_GNULIB_TIME_RZ = @GL_GNULIB_TIME_RZ@ +GL_GNULIB_TMPFILE = @GL_GNULIB_TMPFILE@ +GL_GNULIB_TRUNCATE = @GL_GNULIB_TRUNCATE@ +GL_GNULIB_TTYNAME_R = @GL_GNULIB_TTYNAME_R@ +GL_GNULIB_TZSET = @GL_GNULIB_TZSET@ +GL_GNULIB_UNISTD_H_NONBLOCKING = @GL_GNULIB_UNISTD_H_NONBLOCKING@ +GL_GNULIB_UNISTD_H_SIGPIPE = @GL_GNULIB_UNISTD_H_SIGPIPE@ +GL_GNULIB_UNLINK = @GL_GNULIB_UNLINK@ +GL_GNULIB_UNLINKAT = @GL_GNULIB_UNLINKAT@ +GL_GNULIB_UNLOCKPT = @GL_GNULIB_UNLOCKPT@ +GL_GNULIB_UNSETENV = @GL_GNULIB_UNSETENV@ +GL_GNULIB_USLEEP = @GL_GNULIB_USLEEP@ +GL_GNULIB_UTIMENSAT = @GL_GNULIB_UTIMENSAT@ +GL_GNULIB_VASPRINTF = @GL_GNULIB_VASPRINTF@ +GL_GNULIB_VDPRINTF = @GL_GNULIB_VDPRINTF@ +GL_GNULIB_VFPRINTF = @GL_GNULIB_VFPRINTF@ +GL_GNULIB_VFPRINTF_POSIX = @GL_GNULIB_VFPRINTF_POSIX@ +GL_GNULIB_VFSCANF = @GL_GNULIB_VFSCANF@ +GL_GNULIB_VPRINTF = @GL_GNULIB_VPRINTF@ +GL_GNULIB_VPRINTF_POSIX = @GL_GNULIB_VPRINTF_POSIX@ +GL_GNULIB_VSCANF = @GL_GNULIB_VSCANF@ +GL_GNULIB_VSNPRINTF = @GL_GNULIB_VSNPRINTF@ +GL_GNULIB_VSPRINTF_POSIX = @GL_GNULIB_VSPRINTF_POSIX@ +GL_GNULIB_WCPCPY = @GL_GNULIB_WCPCPY@ +GL_GNULIB_WCPNCPY = @GL_GNULIB_WCPNCPY@ +GL_GNULIB_WCRTOMB = @GL_GNULIB_WCRTOMB@ +GL_GNULIB_WCSCASECMP = @GL_GNULIB_WCSCASECMP@ +GL_GNULIB_WCSCAT = @GL_GNULIB_WCSCAT@ +GL_GNULIB_WCSCHR = @GL_GNULIB_WCSCHR@ +GL_GNULIB_WCSCMP = @GL_GNULIB_WCSCMP@ +GL_GNULIB_WCSCOLL = @GL_GNULIB_WCSCOLL@ +GL_GNULIB_WCSCPY = @GL_GNULIB_WCSCPY@ +GL_GNULIB_WCSCSPN = @GL_GNULIB_WCSCSPN@ +GL_GNULIB_WCSDUP = @GL_GNULIB_WCSDUP@ +GL_GNULIB_WCSFTIME = @GL_GNULIB_WCSFTIME@ +GL_GNULIB_WCSLEN = @GL_GNULIB_WCSLEN@ +GL_GNULIB_WCSNCASECMP = @GL_GNULIB_WCSNCASECMP@ +GL_GNULIB_WCSNCAT = @GL_GNULIB_WCSNCAT@ +GL_GNULIB_WCSNCMP = @GL_GNULIB_WCSNCMP@ +GL_GNULIB_WCSNCPY = @GL_GNULIB_WCSNCPY@ +GL_GNULIB_WCSNLEN = @GL_GNULIB_WCSNLEN@ +GL_GNULIB_WCSNRTOMBS = @GL_GNULIB_WCSNRTOMBS@ +GL_GNULIB_WCSPBRK = @GL_GNULIB_WCSPBRK@ +GL_GNULIB_WCSRCHR = @GL_GNULIB_WCSRCHR@ +GL_GNULIB_WCSRTOMBS = @GL_GNULIB_WCSRTOMBS@ +GL_GNULIB_WCSSPN = @GL_GNULIB_WCSSPN@ +GL_GNULIB_WCSSTR = @GL_GNULIB_WCSSTR@ +GL_GNULIB_WCSTOK = @GL_GNULIB_WCSTOK@ +GL_GNULIB_WCSWIDTH = @GL_GNULIB_WCSWIDTH@ +GL_GNULIB_WCSXFRM = @GL_GNULIB_WCSXFRM@ +GL_GNULIB_WCTOB = @GL_GNULIB_WCTOB@ +GL_GNULIB_WCTOMB = @GL_GNULIB_WCTOMB@ +GL_GNULIB_WCWIDTH = @GL_GNULIB_WCWIDTH@ +GL_GNULIB_WMEMCHR = @GL_GNULIB_WMEMCHR@ +GL_GNULIB_WMEMCMP = @GL_GNULIB_WMEMCMP@ +GL_GNULIB_WMEMCPY = @GL_GNULIB_WMEMCPY@ +GL_GNULIB_WMEMMOVE = @GL_GNULIB_WMEMMOVE@ +GL_GNULIB_WMEMPCPY = @GL_GNULIB_WMEMPCPY@ +GL_GNULIB_WMEMSET = @GL_GNULIB_WMEMSET@ +GL_GNULIB_WRITE = @GL_GNULIB_WRITE@ +GL_GNULIB__EXIT = @GL_GNULIB__EXIT@ +GMP_CFLAGS = @GMP_CFLAGS@ +GMP_LIBS = @GMP_LIBS@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNULIBHEADERS_OVERRIDE_WINT_T = @GNULIBHEADERS_OVERRIDE_WINT_T@ +GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@ +GNUTLS_LIBS_PRIVATE = @GNUTLS_LIBS_PRIVATE@ +GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@ +GPERF = @GPERF@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GUILD = @GUILD@ +GUILE = @GUILE@ +GUILE_CFLAGS = @GUILE_CFLAGS@ +GUILE_CONFIG = @GUILE_CONFIG@ +GUILE_EFFECTIVE_VERSION = @GUILE_EFFECTIVE_VERSION@ +GUILE_EXTENSION = @GUILE_EXTENSION@ +GUILE_LDFLAGS = @GUILE_LDFLAGS@ +GUILE_LIBS = @GUILE_LIBS@ +GUILE_LTLIBS = @GUILE_LTLIBS@ +GUILE_SITE = @GUILE_SITE@ +GUILE_SITE_CCACHE = @GUILE_SITE_CCACHE@ +GUILE_TOOLS = @GUILE_TOOLS@ +HAVE_ACCEPT4 = @HAVE_ACCEPT4@ +HAVE_ALIGNED_ALLOC = @HAVE_ALIGNED_ALLOC@ +HAVE_ALLOCA_H = @HAVE_ALLOCA_H@ +HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@ +HAVE_ATOLL = @HAVE_ATOLL@ +HAVE_BTOWC = @HAVE_BTOWC@ +HAVE_C99_STDINT_H = @HAVE_C99_STDINT_H@ +HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@ +HAVE_CHOWN = @HAVE_CHOWN@ +HAVE_COPY_FILE_RANGE = @HAVE_COPY_FILE_RANGE@ +HAVE_CRTDEFS_H = @HAVE_CRTDEFS_H@ +HAVE_DECL_ECVT = @HAVE_DECL_ECVT@ +HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@ +HAVE_DECL_EXECVPE = @HAVE_DECL_EXECVPE@ +HAVE_DECL_FCHDIR = @HAVE_DECL_FCHDIR@ +HAVE_DECL_FCLOSEALL = @HAVE_DECL_FCLOSEALL@ +HAVE_DECL_FCVT = @HAVE_DECL_FCVT@ +HAVE_DECL_FDATASYNC = @HAVE_DECL_FDATASYNC@ +HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@ +HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@ +HAVE_DECL_FSEEKO = @HAVE_DECL_FSEEKO@ +HAVE_DECL_FTELLO = @HAVE_DECL_FTELLO@ +HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@ +HAVE_DECL_GCVT = @HAVE_DECL_GCVT@ +HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@ +HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@ +HAVE_DECL_GETDOMAINNAME = @HAVE_DECL_GETDOMAINNAME@ +HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@ +HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@ +HAVE_DECL_GETLOGIN = @HAVE_DECL_GETLOGIN@ +HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@ +HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@ +HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@ +HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@ +HAVE_DECL_IMAXABS = @HAVE_DECL_IMAXABS@ +HAVE_DECL_IMAXDIV = @HAVE_DECL_IMAXDIV@ +HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@ +HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@ +HAVE_DECL_INITSTATE = @HAVE_DECL_INITSTATE@ +HAVE_DECL_LOCALTIME_R = @HAVE_DECL_LOCALTIME_R@ +HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@ +HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@ +HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@ +HAVE_DECL_SETENV = @HAVE_DECL_SETENV@ +HAVE_DECL_SETHOSTNAME = @HAVE_DECL_SETHOSTNAME@ +HAVE_DECL_SETSTATE = @HAVE_DECL_SETSTATE@ +HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@ +HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@ +HAVE_DECL_STRERROR_R = @HAVE_DECL_STRERROR_R@ +HAVE_DECL_STRNCASECMP = @HAVE_DECL_STRNCASECMP@ +HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@ +HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@ +HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@ +HAVE_DECL_STRTOIMAX = @HAVE_DECL_STRTOIMAX@ +HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@ +HAVE_DECL_STRTOUMAX = @HAVE_DECL_STRTOUMAX@ +HAVE_DECL_TRUNCATE = @HAVE_DECL_TRUNCATE@ +HAVE_DECL_TTYNAME_R = @HAVE_DECL_TTYNAME_R@ +HAVE_DECL_UNSETENV = @HAVE_DECL_UNSETENV@ +HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@ +HAVE_DECL_WCSDUP = @HAVE_DECL_WCSDUP@ +HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@ +HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@ +HAVE_DPRINTF = @HAVE_DPRINTF@ +HAVE_DUP3 = @HAVE_DUP3@ +HAVE_DUPLOCALE = @HAVE_DUPLOCALE@ +HAVE_EUIDACCESS = @HAVE_EUIDACCESS@ +HAVE_EXECVPE = @HAVE_EXECVPE@ +HAVE_EXPLICIT_BZERO = @HAVE_EXPLICIT_BZERO@ +HAVE_FACCESSAT = @HAVE_FACCESSAT@ +HAVE_FCHDIR = @HAVE_FCHDIR@ +HAVE_FCHMODAT = @HAVE_FCHMODAT@ +HAVE_FCHOWNAT = @HAVE_FCHOWNAT@ +HAVE_FCNTL = @HAVE_FCNTL@ +HAVE_FDATASYNC = @HAVE_FDATASYNC@ +HAVE_FEATURES_H = @HAVE_FEATURES_H@ +HAVE_FFS = @HAVE_FFS@ +HAVE_FFSL = @HAVE_FFSL@ +HAVE_FFSLL = @HAVE_FFSLL@ +HAVE_FREELOCALE = @HAVE_FREELOCALE@ +HAVE_FSEEKO = @HAVE_FSEEKO@ +HAVE_FSTATAT = @HAVE_FSTATAT@ +HAVE_FSYNC = @HAVE_FSYNC@ +HAVE_FTELLO = @HAVE_FTELLO@ +HAVE_FTRUNCATE = @HAVE_FTRUNCATE@ +HAVE_FUTIMENS = @HAVE_FUTIMENS@ +HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@ +HAVE_GETENTROPY = @HAVE_GETENTROPY@ +HAVE_GETGROUPS = @HAVE_GETGROUPS@ +HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@ +HAVE_GETLOGIN = @HAVE_GETLOGIN@ +HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@ +HAVE_GETPASS = @HAVE_GETPASS@ +HAVE_GETSUBOPT = @HAVE_GETSUBOPT@ +HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@ +HAVE_GETUMASK = @HAVE_GETUMASK@ +HAVE_GRANTPT = @HAVE_GRANTPT@ +HAVE_GROUP_MEMBER = @HAVE_GROUP_MEMBER@ +HAVE_IMAXDIV_T = @HAVE_IMAXDIV_T@ +HAVE_INITSTATE = @HAVE_INITSTATE@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_ISBLANK = @HAVE_ISBLANK@ +HAVE_LANGINFO_ALTMON = @HAVE_LANGINFO_ALTMON@ +HAVE_LANGINFO_CODESET = @HAVE_LANGINFO_CODESET@ +HAVE_LANGINFO_ERA = @HAVE_LANGINFO_ERA@ +HAVE_LANGINFO_H = @HAVE_LANGINFO_H@ +HAVE_LANGINFO_T_FMT_AMPM = @HAVE_LANGINFO_T_FMT_AMPM@ +HAVE_LANGINFO_YESEXPR = @HAVE_LANGINFO_YESEXPR@ +HAVE_LCHMOD = @HAVE_LCHMOD@ +HAVE_LCHOWN = @HAVE_LCHOWN@ +HAVE_LIBCRYPTO = @HAVE_LIBCRYPTO@ +HAVE_LIBDL = @HAVE_LIBDL@ +HAVE_LIBEV = @HAVE_LIBEV@ +HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ +HAVE_LIBRT = @HAVE_LIBRT@ +HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@ +HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_LINK = @HAVE_LINK@ +HAVE_LINKAT = @HAVE_LINKAT@ +HAVE_LSTAT = @HAVE_LSTAT@ +HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ +HAVE_MBRLEN = @HAVE_MBRLEN@ +HAVE_MBRTOWC = @HAVE_MBRTOWC@ +HAVE_MBSINIT = @HAVE_MBSINIT@ +HAVE_MBSLEN = @HAVE_MBSLEN@ +HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@ +HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@ +HAVE_MBTOWC = @HAVE_MBTOWC@ +HAVE_MEMPCPY = @HAVE_MEMPCPY@ +HAVE_MKDIRAT = @HAVE_MKDIRAT@ +HAVE_MKDTEMP = @HAVE_MKDTEMP@ +HAVE_MKFIFO = @HAVE_MKFIFO@ +HAVE_MKFIFOAT = @HAVE_MKFIFOAT@ +HAVE_MKNOD = @HAVE_MKNOD@ +HAVE_MKNODAT = @HAVE_MKNODAT@ +HAVE_MKOSTEMP = @HAVE_MKOSTEMP@ +HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@ +HAVE_MKSTEMP = @HAVE_MKSTEMP@ +HAVE_MKSTEMPS = @HAVE_MKSTEMPS@ +HAVE_MSVC_INVALID_PARAMETER_HANDLER = @HAVE_MSVC_INVALID_PARAMETER_HANDLER@ +HAVE_NANOSLEEP = @HAVE_NANOSLEEP@ +HAVE_NETDB_H = @HAVE_NETDB_H@ +HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@ +HAVE_NEWLOCALE = @HAVE_NEWLOCALE@ +HAVE_NL_LANGINFO = @HAVE_NL_LANGINFO@ +HAVE_OPENAT = @HAVE_OPENAT@ +HAVE_OS_H = @HAVE_OS_H@ +HAVE_PCLOSE = @HAVE_PCLOSE@ +HAVE_PIPE = @HAVE_PIPE@ +HAVE_PIPE2 = @HAVE_PIPE2@ +HAVE_POPEN = @HAVE_POPEN@ +HAVE_POSIX_MEMALIGN = @HAVE_POSIX_MEMALIGN@ +HAVE_POSIX_OPENPT = @HAVE_POSIX_OPENPT@ +HAVE_POSIX_SIGNALBLOCKING = @HAVE_POSIX_SIGNALBLOCKING@ +HAVE_PREAD = @HAVE_PREAD@ +HAVE_PSELECT = @HAVE_PSELECT@ +HAVE_PTHREAD_ATTR_DESTROY = @HAVE_PTHREAD_ATTR_DESTROY@ +HAVE_PTHREAD_ATTR_GETDETACHSTATE = @HAVE_PTHREAD_ATTR_GETDETACHSTATE@ +HAVE_PTHREAD_ATTR_INIT = @HAVE_PTHREAD_ATTR_INIT@ +HAVE_PTHREAD_ATTR_SETDETACHSTATE = @HAVE_PTHREAD_ATTR_SETDETACHSTATE@ +HAVE_PTHREAD_CONDATTR_DESTROY = @HAVE_PTHREAD_CONDATTR_DESTROY@ +HAVE_PTHREAD_CONDATTR_INIT = @HAVE_PTHREAD_CONDATTR_INIT@ +HAVE_PTHREAD_COND_BROADCAST = @HAVE_PTHREAD_COND_BROADCAST@ +HAVE_PTHREAD_COND_DESTROY = @HAVE_PTHREAD_COND_DESTROY@ +HAVE_PTHREAD_COND_INIT = @HAVE_PTHREAD_COND_INIT@ +HAVE_PTHREAD_COND_SIGNAL = @HAVE_PTHREAD_COND_SIGNAL@ +HAVE_PTHREAD_COND_TIMEDWAIT = @HAVE_PTHREAD_COND_TIMEDWAIT@ +HAVE_PTHREAD_COND_WAIT = @HAVE_PTHREAD_COND_WAIT@ +HAVE_PTHREAD_CREATE = @HAVE_PTHREAD_CREATE@ +HAVE_PTHREAD_CREATE_DETACHED = @HAVE_PTHREAD_CREATE_DETACHED@ +HAVE_PTHREAD_DETACH = @HAVE_PTHREAD_DETACH@ +HAVE_PTHREAD_EQUAL = @HAVE_PTHREAD_EQUAL@ +HAVE_PTHREAD_EXIT = @HAVE_PTHREAD_EXIT@ +HAVE_PTHREAD_GETSPECIFIC = @HAVE_PTHREAD_GETSPECIFIC@ +HAVE_PTHREAD_H = @HAVE_PTHREAD_H@ +HAVE_PTHREAD_JOIN = @HAVE_PTHREAD_JOIN@ +HAVE_PTHREAD_KEY_CREATE = @HAVE_PTHREAD_KEY_CREATE@ +HAVE_PTHREAD_KEY_DELETE = @HAVE_PTHREAD_KEY_DELETE@ +HAVE_PTHREAD_MUTEXATTR_DESTROY = @HAVE_PTHREAD_MUTEXATTR_DESTROY@ +HAVE_PTHREAD_MUTEXATTR_GETROBUST = @HAVE_PTHREAD_MUTEXATTR_GETROBUST@ +HAVE_PTHREAD_MUTEXATTR_GETTYPE = @HAVE_PTHREAD_MUTEXATTR_GETTYPE@ +HAVE_PTHREAD_MUTEXATTR_INIT = @HAVE_PTHREAD_MUTEXATTR_INIT@ +HAVE_PTHREAD_MUTEXATTR_SETROBUST = @HAVE_PTHREAD_MUTEXATTR_SETROBUST@ +HAVE_PTHREAD_MUTEXATTR_SETTYPE = @HAVE_PTHREAD_MUTEXATTR_SETTYPE@ +HAVE_PTHREAD_MUTEX_DESTROY = @HAVE_PTHREAD_MUTEX_DESTROY@ +HAVE_PTHREAD_MUTEX_INIT = @HAVE_PTHREAD_MUTEX_INIT@ +HAVE_PTHREAD_MUTEX_LOCK = @HAVE_PTHREAD_MUTEX_LOCK@ +HAVE_PTHREAD_MUTEX_RECURSIVE = @HAVE_PTHREAD_MUTEX_RECURSIVE@ +HAVE_PTHREAD_MUTEX_ROBUST = @HAVE_PTHREAD_MUTEX_ROBUST@ +HAVE_PTHREAD_MUTEX_TIMEDLOCK = @HAVE_PTHREAD_MUTEX_TIMEDLOCK@ +HAVE_PTHREAD_MUTEX_TRYLOCK = @HAVE_PTHREAD_MUTEX_TRYLOCK@ +HAVE_PTHREAD_MUTEX_UNLOCK = @HAVE_PTHREAD_MUTEX_UNLOCK@ +HAVE_PTHREAD_ONCE = @HAVE_PTHREAD_ONCE@ +HAVE_PTHREAD_PROCESS_SHARED = @HAVE_PTHREAD_PROCESS_SHARED@ +HAVE_PTHREAD_RWLOCKATTR_DESTROY = @HAVE_PTHREAD_RWLOCKATTR_DESTROY@ +HAVE_PTHREAD_RWLOCKATTR_INIT = @HAVE_PTHREAD_RWLOCKATTR_INIT@ +HAVE_PTHREAD_RWLOCK_DESTROY = @HAVE_PTHREAD_RWLOCK_DESTROY@ +HAVE_PTHREAD_RWLOCK_INIT = @HAVE_PTHREAD_RWLOCK_INIT@ +HAVE_PTHREAD_RWLOCK_RDLOCK = @HAVE_PTHREAD_RWLOCK_RDLOCK@ +HAVE_PTHREAD_RWLOCK_TIMEDRDLOCK = @HAVE_PTHREAD_RWLOCK_TIMEDRDLOCK@ +HAVE_PTHREAD_RWLOCK_TIMEDWRLOCK = @HAVE_PTHREAD_RWLOCK_TIMEDWRLOCK@ +HAVE_PTHREAD_RWLOCK_TRYRDLOCK = @HAVE_PTHREAD_RWLOCK_TRYRDLOCK@ +HAVE_PTHREAD_RWLOCK_TRYWRLOCK = @HAVE_PTHREAD_RWLOCK_TRYWRLOCK@ +HAVE_PTHREAD_RWLOCK_UNLOCK = @HAVE_PTHREAD_RWLOCK_UNLOCK@ +HAVE_PTHREAD_RWLOCK_WRLOCK = @HAVE_PTHREAD_RWLOCK_WRLOCK@ +HAVE_PTHREAD_SELF = @HAVE_PTHREAD_SELF@ +HAVE_PTHREAD_SETSPECIFIC = @HAVE_PTHREAD_SETSPECIFIC@ +HAVE_PTHREAD_SIGMASK = @HAVE_PTHREAD_SIGMASK@ +HAVE_PTHREAD_SPINLOCK_T = @HAVE_PTHREAD_SPINLOCK_T@ +HAVE_PTHREAD_SPIN_DESTROY = @HAVE_PTHREAD_SPIN_DESTROY@ +HAVE_PTHREAD_SPIN_INIT = @HAVE_PTHREAD_SPIN_INIT@ +HAVE_PTHREAD_SPIN_LOCK = @HAVE_PTHREAD_SPIN_LOCK@ +HAVE_PTHREAD_SPIN_TRYLOCK = @HAVE_PTHREAD_SPIN_TRYLOCK@ +HAVE_PTHREAD_SPIN_UNLOCK = @HAVE_PTHREAD_SPIN_UNLOCK@ +HAVE_PTHREAD_T = @HAVE_PTHREAD_T@ +HAVE_PTSNAME = @HAVE_PTSNAME@ +HAVE_PTSNAME_R = @HAVE_PTSNAME_R@ +HAVE_PWRITE = @HAVE_PWRITE@ +HAVE_QSORT_R = @HAVE_QSORT_R@ +HAVE_RAISE = @HAVE_RAISE@ +HAVE_RANDOM = @HAVE_RANDOM@ +HAVE_RANDOM_H = @HAVE_RANDOM_H@ +HAVE_RANDOM_R = @HAVE_RANDOM_R@ +HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@ +HAVE_READLINK = @HAVE_READLINK@ +HAVE_READLINKAT = @HAVE_READLINKAT@ +HAVE_REALLOCARRAY = @HAVE_REALLOCARRAY@ +HAVE_REALPATH = @HAVE_REALPATH@ +HAVE_RENAMEAT = @HAVE_RENAMEAT@ +HAVE_RPMATCH = @HAVE_RPMATCH@ +HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@ +HAVE_SCHED_H = @HAVE_SCHED_H@ +HAVE_SCHED_YIELD = @HAVE_SCHED_YIELD@ +HAVE_SECURE_GETENV = @HAVE_SECURE_GETENV@ +HAVE_SETENV = @HAVE_SETENV@ +HAVE_SETHOSTNAME = @HAVE_SETHOSTNAME@ +HAVE_SETSTATE = @HAVE_SETSTATE@ +HAVE_SIGABBREV_NP = @HAVE_SIGABBREV_NP@ +HAVE_SIGACTION = @HAVE_SIGACTION@ +HAVE_SIGDESCR_NP = @HAVE_SIGDESCR_NP@ +HAVE_SIGHANDLER_T = @HAVE_SIGHANDLER_T@ +HAVE_SIGINFO_T = @HAVE_SIGINFO_T@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_SIGSET_T = @HAVE_SIGSET_T@ +HAVE_SLEEP = @HAVE_SLEEP@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_STPCPY = @HAVE_STPCPY@ +HAVE_STPNCPY = @HAVE_STPNCPY@ +HAVE_STRCASECMP = @HAVE_STRCASECMP@ +HAVE_STRCASESTR = @HAVE_STRCASESTR@ +HAVE_STRCHRNUL = @HAVE_STRCHRNUL@ +HAVE_STRERRORNAME_NP = @HAVE_STRERRORNAME_NP@ +HAVE_STRINGS_H = @HAVE_STRINGS_H@ +HAVE_STRPBRK = @HAVE_STRPBRK@ +HAVE_STRPTIME = @HAVE_STRPTIME@ +HAVE_STRSEP = @HAVE_STRSEP@ +HAVE_STRTOD = @HAVE_STRTOD@ +HAVE_STRTOL = @HAVE_STRTOL@ +HAVE_STRTOLD = @HAVE_STRTOLD@ +HAVE_STRTOLL = @HAVE_STRTOLL@ +HAVE_STRTOUL = @HAVE_STRTOUL@ +HAVE_STRTOULL = @HAVE_STRTOULL@ +HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@ +HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@ +HAVE_STRUCT_SCHED_PARAM = @HAVE_STRUCT_SCHED_PARAM@ +HAVE_STRUCT_SIGACTION_SA_SIGACTION = @HAVE_STRUCT_SIGACTION_SA_SIGACTION@ +HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@ +HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = @HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@ +HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@ +HAVE_STRVERSCMP = @HAVE_STRVERSCMP@ +HAVE_SYMLINK = @HAVE_SYMLINK@ +HAVE_SYMLINKAT = @HAVE_SYMLINKAT@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_CDEFS_H = @HAVE_SYS_CDEFS_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@ +HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@ +HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@ +HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@ +HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@ +HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ +HAVE_TIMEGM = @HAVE_TIMEGM@ +HAVE_TIMESPEC_GET = @HAVE_TIMESPEC_GET@ +HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ +HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ +HAVE_UNISTD_H = @HAVE_UNISTD_H@ +HAVE_UNLINKAT = @HAVE_UNLINKAT@ +HAVE_UNLOCKPT = @HAVE_UNLOCKPT@ +HAVE_USLEEP = @HAVE_USLEEP@ +HAVE_UTIMENSAT = @HAVE_UTIMENSAT@ +HAVE_VASPRINTF = @HAVE_VASPRINTF@ +HAVE_VDPRINTF = @HAVE_VDPRINTF@ +HAVE_VISIBILITY = @HAVE_VISIBILITY@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ +HAVE_WCHAR_T = @HAVE_WCHAR_T@ +HAVE_WCPCPY = @HAVE_WCPCPY@ +HAVE_WCPNCPY = @HAVE_WCPNCPY@ +HAVE_WCRTOMB = @HAVE_WCRTOMB@ +HAVE_WCSCASECMP = @HAVE_WCSCASECMP@ +HAVE_WCSCAT = @HAVE_WCSCAT@ +HAVE_WCSCHR = @HAVE_WCSCHR@ +HAVE_WCSCMP = @HAVE_WCSCMP@ +HAVE_WCSCOLL = @HAVE_WCSCOLL@ +HAVE_WCSCPY = @HAVE_WCSCPY@ +HAVE_WCSCSPN = @HAVE_WCSCSPN@ +HAVE_WCSDUP = @HAVE_WCSDUP@ +HAVE_WCSFTIME = @HAVE_WCSFTIME@ +HAVE_WCSLEN = @HAVE_WCSLEN@ +HAVE_WCSNCASECMP = @HAVE_WCSNCASECMP@ +HAVE_WCSNCAT = @HAVE_WCSNCAT@ +HAVE_WCSNCMP = @HAVE_WCSNCMP@ +HAVE_WCSNCPY = @HAVE_WCSNCPY@ +HAVE_WCSNLEN = @HAVE_WCSNLEN@ +HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@ +HAVE_WCSPBRK = @HAVE_WCSPBRK@ +HAVE_WCSRCHR = @HAVE_WCSRCHR@ +HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@ +HAVE_WCSSPN = @HAVE_WCSSPN@ +HAVE_WCSSTR = @HAVE_WCSSTR@ +HAVE_WCSTOK = @HAVE_WCSTOK@ +HAVE_WCSWIDTH = @HAVE_WCSWIDTH@ +HAVE_WCSXFRM = @HAVE_WCSXFRM@ +HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@ +HAVE_WINT_T = @HAVE_WINT_T@ +HAVE_WMEMCHR = @HAVE_WMEMCHR@ +HAVE_WMEMCMP = @HAVE_WMEMCMP@ +HAVE_WMEMCPY = @HAVE_WMEMCPY@ +HAVE_WMEMMOVE = @HAVE_WMEMMOVE@ +HAVE_WMEMPCPY = @HAVE_WMEMPCPY@ +HAVE_WMEMSET = @HAVE_WMEMSET@ +HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@ +HAVE_XLOCALE_H = @HAVE_XLOCALE_H@ +HAVE__BOOL = @HAVE__BOOL@ +HAVE__EXIT = @HAVE__EXIT@ +HOGWEED_CFLAGS = @HOGWEED_CFLAGS@ +HOGWEED_LIBS = @HOGWEED_LIBS@ +HOSTENT_LIB = @HOSTENT_LIB@ +HTML_DIR = @HTML_DIR@ +INCLUDE_NEXT = @INCLUDE_NEXT@ +INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@ +INET_NTOP_LIB = @INET_NTOP_LIB@ +INET_PTON_LIB = @INET_PTON_LIB@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INT32_MAX_LT_INTMAX_MAX = @INT32_MAX_LT_INTMAX_MAX@ +INT64_MAX_EQ_LONG_MAX = @INT64_MAX_EQ_LONG_MAX@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDDPOSTPROC = @LDDPOSTPROC@ +LDDPROG = @LDDPROG@ +LDFLAGS = @LDFLAGS@ +LIBATOMIC_LIBS = @LIBATOMIC_LIBS@ +LIBBROTLIDEC_CFLAGS = @LIBBROTLIDEC_CFLAGS@ +LIBBROTLIDEC_LIBS = @LIBBROTLIDEC_LIBS@ +LIBBROTLIENC_CFLAGS = @LIBBROTLIENC_CFLAGS@ +LIBBROTLIENC_LIBS = @LIBBROTLIENC_LIBS@ +LIBCRYPTO = @LIBCRYPTO@ +LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@ +LIBDL = @LIBDL@ +LIBDL_PREFIX = @LIBDL_PREFIX@ +LIBEV = @LIBEV@ +LIBEV_LIBS = @LIBEV_LIBS@ +LIBEV_PREFIX = @LIBEV_PREFIX@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBICONV = @LIBICONV@ +LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@ +LIBIDN2_LIBS = @LIBIDN2_LIBS@ +LIBINTL = @LIBINTL@ +LIBKCAPI_CFLAGS = @LIBKCAPI_CFLAGS@ +LIBKCAPI_LIBS = @LIBKCAPI_LIBS@ +LIBMULTITHREAD = @LIBMULTITHREAD@ +LIBOBJS = @LIBOBJS@ +LIBPMULTITHREAD = @LIBPMULTITHREAD@ +LIBPTHREAD = @LIBPTHREAD@ +LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@ +LIBRT = @LIBRT@ +LIBRT_PREFIX = @LIBRT_PREFIX@ +LIBS = @LIBS@ +LIBSECCOMP = @LIBSECCOMP@ +LIBSECCOMP_PREFIX = @LIBSECCOMP_PREFIX@ +LIBSOCKET = @LIBSOCKET@ +LIBSTDTHREAD = @LIBSTDTHREAD@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@ +LIBTHREAD = @LIBTHREAD@ +LIBTOOL = @LIBTOOL@ +LIBUNISTRING = @LIBUNISTRING@ +LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@ +LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@ +LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@ +LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@ +LIBZ = @LIBZ@ +LIBZSTD_CFLAGS = @LIBZSTD_CFLAGS@ +LIBZSTD_LIBS = @LIBZSTD_LIBS@ +LIBZ_PC = @LIBZ_PC@ +LIBZ_PREFIX = @LIBZ_PREFIX@ +LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ +LIB_NANOSLEEP = @LIB_NANOSLEEP@ +LIB_PTHREAD = @LIB_PTHREAD@ +LIB_PTHREAD_SIGMASK = @LIB_PTHREAD_SIGMASK@ +LIB_SCHED_YIELD = @LIB_SCHED_YIELD@ +LIB_SELECT = @LIB_SELECT@ +LIB_SEMAPHORE = @LIB_SEMAPHORE@ +LIB_SETLOCALE = @LIB_SETLOCALE@ +LIB_SETLOCALE_NULL = @LIB_SETLOCALE_NULL@ +LIMITS_H = @LIMITS_H@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LOCALENAME_ENHANCE_LOCALE_FUNCS = @LOCALENAME_ENHANCE_LOCALE_FUNCS@ +LOCALE_FR = @LOCALE_FR@ +LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@ +LOCALE_JA = @LOCALE_JA@ +LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@ +LOCALE_ZH_CN = @LOCALE_ZH_CN@ +LOG_VALGRIND = @LOG_VALGRIND@ +LTALLOCA = @LTALLOCA@ +LTLIBCRYPTO = @LTLIBCRYPTO@ +LTLIBDL = @LTLIBDL@ +LTLIBEV = @LTLIBEV@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBMULTITHREAD = @LTLIBMULTITHREAD@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIBPTHREAD = @LTLIBPTHREAD@ +LTLIBRT = @LTLIBRT@ +LTLIBSECCOMP = @LTLIBSECCOMP@ +LTLIBTHREAD = @LTLIBTHREAD@ +LTLIBZ = @LTLIBZ@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_DANE_AGE = @LT_DANE_AGE@ +LT_DANE_CURRENT = @LT_DANE_CURRENT@ +LT_DANE_REVISION = @LT_DANE_REVISION@ +LT_REVISION = @LT_REVISION@ +LT_SSL_AGE = @LT_SSL_AGE@ +LT_SSL_CURRENT = @LT_SSL_CURRENT@ +LT_SSL_REVISION = @LT_SSL_REVISION@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LT_XSSL_AGE = @LT_XSSL_AGE@ +LT_XSSL_CURRENT = @LT_XSSL_CURRENT@ +LT_XSSL_REVISION = @LT_XSSL_REVISION@ +MAINT = @MAINT@ +MAJOR_VERSION = @MAJOR_VERSION@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MINOR_VERSION = @MINOR_VERSION@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGMERGE = @MSGMERGE@ +MSGMERGE_FOR_MSGFMT_OPTION = @MSGMERGE_FOR_MSGFMT_OPTION@ +NETINET_IN_H = @NETINET_IN_H@ +NETTLE_CFLAGS = @NETTLE_CFLAGS@ +NETTLE_LIBS = @NETTLE_LIBS@ +NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_CTYPE_H = @NEXT_AS_FIRST_DIRECTIVE_CTYPE_H@ +NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@ +NEXT_AS_FIRST_DIRECTIVE_FCNTL_H = @NEXT_AS_FIRST_DIRECTIVE_FCNTL_H@ +NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@ +NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H = @NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H = @NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H@ +NEXT_AS_FIRST_DIRECTIVE_LIMITS_H = @NEXT_AS_FIRST_DIRECTIVE_LIMITS_H@ +NEXT_AS_FIRST_DIRECTIVE_LOCALE_H = @NEXT_AS_FIRST_DIRECTIVE_LOCALE_H@ +NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@ +NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@ +NEXT_AS_FIRST_DIRECTIVE_PTHREAD_H = @NEXT_AS_FIRST_DIRECTIVE_PTHREAD_H@ +NEXT_AS_FIRST_DIRECTIVE_SCHED_H = @NEXT_AS_FIRST_DIRECTIVE_SCHED_H@ +NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H = @NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H@ +NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@ +NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@ +NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@ +NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@ +NEXT_AS_FIRST_DIRECTIVE_STRINGS_H = @NEXT_AS_FIRST_DIRECTIVE_STRINGS_H@ +NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H@ +NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@ +NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@ +NEXT_CTYPE_H = @NEXT_CTYPE_H@ +NEXT_ERRNO_H = @NEXT_ERRNO_H@ +NEXT_FCNTL_H = @NEXT_FCNTL_H@ +NEXT_FLOAT_H = @NEXT_FLOAT_H@ +NEXT_INTTYPES_H = @NEXT_INTTYPES_H@ +NEXT_LANGINFO_H = @NEXT_LANGINFO_H@ +NEXT_LIMITS_H = @NEXT_LIMITS_H@ +NEXT_LOCALE_H = @NEXT_LOCALE_H@ +NEXT_NETDB_H = @NEXT_NETDB_H@ +NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@ +NEXT_PTHREAD_H = @NEXT_PTHREAD_H@ +NEXT_SCHED_H = @NEXT_SCHED_H@ +NEXT_SIGNAL_H = @NEXT_SIGNAL_H@ +NEXT_STDDEF_H = @NEXT_STDDEF_H@ +NEXT_STDINT_H = @NEXT_STDINT_H@ +NEXT_STDIO_H = @NEXT_STDIO_H@ +NEXT_STDLIB_H = @NEXT_STDLIB_H@ +NEXT_STRINGS_H = @NEXT_STRINGS_H@ +NEXT_STRING_H = @NEXT_STRING_H@ +NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@ +NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@ +NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@ +NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@ +NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@ +NEXT_SYS_TYPES_H = @NEXT_SYS_TYPES_H@ +NEXT_SYS_UIO_H = @NEXT_SYS_UIO_H@ +NEXT_TIME_H = @NEXT_TIME_H@ +NEXT_UNISTD_H = @NEXT_UNISTD_H@ +NEXT_WCHAR_H = @NEXT_WCHAR_H@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NUMBER_VERSION = @NUMBER_VERSION@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PARSE_DATETIME_BISON = @PARSE_DATETIME_BISON@ +PATCH_VERSION = @PATCH_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKCS12_ITER_COUNT = @PKCS12_ITER_COUNT@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PMCCABE = @PMCCABE@ +POSUB = @POSUB@ +PRAGMA_COLUMNS = @PRAGMA_COLUMNS@ +PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@ +PRIPTR_PREFIX = @PRIPTR_PREFIX@ +PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +REPLACE_ACCESS = @REPLACE_ACCESS@ +REPLACE_ALIGNED_ALLOC = @REPLACE_ALIGNED_ALLOC@ +REPLACE_BTOWC = @REPLACE_BTOWC@ +REPLACE_CALLOC = @REPLACE_CALLOC@ +REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@ +REPLACE_CHOWN = @REPLACE_CHOWN@ +REPLACE_CLOSE = @REPLACE_CLOSE@ +REPLACE_CREAT = @REPLACE_CREAT@ +REPLACE_CTIME = @REPLACE_CTIME@ +REPLACE_DPRINTF = @REPLACE_DPRINTF@ +REPLACE_DUP = @REPLACE_DUP@ +REPLACE_DUP2 = @REPLACE_DUP2@ +REPLACE_DUPLOCALE = @REPLACE_DUPLOCALE@ +REPLACE_EXECL = @REPLACE_EXECL@ +REPLACE_EXECLE = @REPLACE_EXECLE@ +REPLACE_EXECLP = @REPLACE_EXECLP@ +REPLACE_EXECV = @REPLACE_EXECV@ +REPLACE_EXECVE = @REPLACE_EXECVE@ +REPLACE_EXECVP = @REPLACE_EXECVP@ +REPLACE_EXECVPE = @REPLACE_EXECVPE@ +REPLACE_FACCESSAT = @REPLACE_FACCESSAT@ +REPLACE_FCHMODAT = @REPLACE_FCHMODAT@ +REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@ +REPLACE_FCLOSE = @REPLACE_FCLOSE@ +REPLACE_FCNTL = @REPLACE_FCNTL@ +REPLACE_FDOPEN = @REPLACE_FDOPEN@ +REPLACE_FFLUSH = @REPLACE_FFLUSH@ +REPLACE_FFSLL = @REPLACE_FFSLL@ +REPLACE_FOPEN = @REPLACE_FOPEN@ +REPLACE_FPRINTF = @REPLACE_FPRINTF@ +REPLACE_FPURGE = @REPLACE_FPURGE@ +REPLACE_FREE = @REPLACE_FREE@ +REPLACE_FREELOCALE = @REPLACE_FREELOCALE@ +REPLACE_FREOPEN = @REPLACE_FREOPEN@ +REPLACE_FSEEK = @REPLACE_FSEEK@ +REPLACE_FSEEKO = @REPLACE_FSEEKO@ +REPLACE_FSTAT = @REPLACE_FSTAT@ +REPLACE_FSTATAT = @REPLACE_FSTATAT@ +REPLACE_FTELL = @REPLACE_FTELL@ +REPLACE_FTELLO = @REPLACE_FTELLO@ +REPLACE_FTRUNCATE = @REPLACE_FTRUNCATE@ +REPLACE_FUTIMENS = @REPLACE_FUTIMENS@ +REPLACE_GAI_STRERROR = @REPLACE_GAI_STRERROR@ +REPLACE_GETADDRINFO = @REPLACE_GETADDRINFO@ +REPLACE_GETCWD = @REPLACE_GETCWD@ +REPLACE_GETDELIM = @REPLACE_GETDELIM@ +REPLACE_GETDOMAINNAME = @REPLACE_GETDOMAINNAME@ +REPLACE_GETDTABLESIZE = @REPLACE_GETDTABLESIZE@ +REPLACE_GETGROUPS = @REPLACE_GETGROUPS@ +REPLACE_GETLINE = @REPLACE_GETLINE@ +REPLACE_GETLOGIN_R = @REPLACE_GETLOGIN_R@ +REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@ +REPLACE_GETPASS = @REPLACE_GETPASS@ +REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@ +REPLACE_GMTIME = @REPLACE_GMTIME@ +REPLACE_INET_NTOP = @REPLACE_INET_NTOP@ +REPLACE_INET_PTON = @REPLACE_INET_PTON@ +REPLACE_INITSTATE = @REPLACE_INITSTATE@ +REPLACE_IOCTL = @REPLACE_IOCTL@ +REPLACE_ISATTY = @REPLACE_ISATTY@ +REPLACE_ITOLD = @REPLACE_ITOLD@ +REPLACE_LCHOWN = @REPLACE_LCHOWN@ +REPLACE_LINK = @REPLACE_LINK@ +REPLACE_LINKAT = @REPLACE_LINKAT@ +REPLACE_LOCALECONV = @REPLACE_LOCALECONV@ +REPLACE_LOCALTIME = @REPLACE_LOCALTIME@ +REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@ +REPLACE_LSEEK = @REPLACE_LSEEK@ +REPLACE_LSTAT = @REPLACE_LSTAT@ +REPLACE_MALLOC = @REPLACE_MALLOC@ +REPLACE_MBRLEN = @REPLACE_MBRLEN@ +REPLACE_MBRTOWC = @REPLACE_MBRTOWC@ +REPLACE_MBSINIT = @REPLACE_MBSINIT@ +REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@ +REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@ +REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@ +REPLACE_MBTOWC = @REPLACE_MBTOWC@ +REPLACE_MEMCHR = @REPLACE_MEMCHR@ +REPLACE_MEMMEM = @REPLACE_MEMMEM@ +REPLACE_MKDIR = @REPLACE_MKDIR@ +REPLACE_MKFIFO = @REPLACE_MKFIFO@ +REPLACE_MKFIFOAT = @REPLACE_MKFIFOAT@ +REPLACE_MKNOD = @REPLACE_MKNOD@ +REPLACE_MKNODAT = @REPLACE_MKNODAT@ +REPLACE_MKSTEMP = @REPLACE_MKSTEMP@ +REPLACE_MKTIME = @REPLACE_MKTIME@ +REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@ +REPLACE_NEWLOCALE = @REPLACE_NEWLOCALE@ +REPLACE_NL_LANGINFO = @REPLACE_NL_LANGINFO@ +REPLACE_NULL = @REPLACE_NULL@ +REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@ +REPLACE_OPEN = @REPLACE_OPEN@ +REPLACE_OPENAT = @REPLACE_OPENAT@ +REPLACE_PERROR = @REPLACE_PERROR@ +REPLACE_POPEN = @REPLACE_POPEN@ +REPLACE_POSIX_MEMALIGN = @REPLACE_POSIX_MEMALIGN@ +REPLACE_PREAD = @REPLACE_PREAD@ +REPLACE_PRINTF = @REPLACE_PRINTF@ +REPLACE_PSELECT = @REPLACE_PSELECT@ +REPLACE_PTHREAD_ATTR_DESTROY = @REPLACE_PTHREAD_ATTR_DESTROY@ +REPLACE_PTHREAD_ATTR_GETDETACHSTATE = @REPLACE_PTHREAD_ATTR_GETDETACHSTATE@ +REPLACE_PTHREAD_ATTR_INIT = @REPLACE_PTHREAD_ATTR_INIT@ +REPLACE_PTHREAD_ATTR_SETDETACHSTATE = @REPLACE_PTHREAD_ATTR_SETDETACHSTATE@ +REPLACE_PTHREAD_CONDATTR_DESTROY = @REPLACE_PTHREAD_CONDATTR_DESTROY@ +REPLACE_PTHREAD_CONDATTR_INIT = @REPLACE_PTHREAD_CONDATTR_INIT@ +REPLACE_PTHREAD_COND_BROADCAST = @REPLACE_PTHREAD_COND_BROADCAST@ +REPLACE_PTHREAD_COND_DESTROY = @REPLACE_PTHREAD_COND_DESTROY@ +REPLACE_PTHREAD_COND_INIT = @REPLACE_PTHREAD_COND_INIT@ +REPLACE_PTHREAD_COND_SIGNAL = @REPLACE_PTHREAD_COND_SIGNAL@ +REPLACE_PTHREAD_COND_TIMEDWAIT = @REPLACE_PTHREAD_COND_TIMEDWAIT@ +REPLACE_PTHREAD_COND_WAIT = @REPLACE_PTHREAD_COND_WAIT@ +REPLACE_PTHREAD_CREATE = @REPLACE_PTHREAD_CREATE@ +REPLACE_PTHREAD_DETACH = @REPLACE_PTHREAD_DETACH@ +REPLACE_PTHREAD_EQUAL = @REPLACE_PTHREAD_EQUAL@ +REPLACE_PTHREAD_EXIT = @REPLACE_PTHREAD_EXIT@ +REPLACE_PTHREAD_GETSPECIFIC = @REPLACE_PTHREAD_GETSPECIFIC@ +REPLACE_PTHREAD_JOIN = @REPLACE_PTHREAD_JOIN@ +REPLACE_PTHREAD_KEY_CREATE = @REPLACE_PTHREAD_KEY_CREATE@ +REPLACE_PTHREAD_KEY_DELETE = @REPLACE_PTHREAD_KEY_DELETE@ +REPLACE_PTHREAD_MUTEXATTR_DESTROY = @REPLACE_PTHREAD_MUTEXATTR_DESTROY@ +REPLACE_PTHREAD_MUTEXATTR_GETROBUST = @REPLACE_PTHREAD_MUTEXATTR_GETROBUST@ +REPLACE_PTHREAD_MUTEXATTR_GETTYPE = @REPLACE_PTHREAD_MUTEXATTR_GETTYPE@ +REPLACE_PTHREAD_MUTEXATTR_INIT = @REPLACE_PTHREAD_MUTEXATTR_INIT@ +REPLACE_PTHREAD_MUTEXATTR_SETROBUST = @REPLACE_PTHREAD_MUTEXATTR_SETROBUST@ +REPLACE_PTHREAD_MUTEXATTR_SETTYPE = @REPLACE_PTHREAD_MUTEXATTR_SETTYPE@ +REPLACE_PTHREAD_MUTEX_DESTROY = @REPLACE_PTHREAD_MUTEX_DESTROY@ +REPLACE_PTHREAD_MUTEX_INIT = @REPLACE_PTHREAD_MUTEX_INIT@ +REPLACE_PTHREAD_MUTEX_LOCK = @REPLACE_PTHREAD_MUTEX_LOCK@ +REPLACE_PTHREAD_MUTEX_TIMEDLOCK = @REPLACE_PTHREAD_MUTEX_TIMEDLOCK@ +REPLACE_PTHREAD_MUTEX_TRYLOCK = @REPLACE_PTHREAD_MUTEX_TRYLOCK@ +REPLACE_PTHREAD_MUTEX_UNLOCK = @REPLACE_PTHREAD_MUTEX_UNLOCK@ +REPLACE_PTHREAD_ONCE = @REPLACE_PTHREAD_ONCE@ +REPLACE_PTHREAD_RWLOCKATTR_DESTROY = @REPLACE_PTHREAD_RWLOCKATTR_DESTROY@ +REPLACE_PTHREAD_RWLOCKATTR_INIT = @REPLACE_PTHREAD_RWLOCKATTR_INIT@ +REPLACE_PTHREAD_RWLOCK_DESTROY = @REPLACE_PTHREAD_RWLOCK_DESTROY@ +REPLACE_PTHREAD_RWLOCK_INIT = @REPLACE_PTHREAD_RWLOCK_INIT@ +REPLACE_PTHREAD_RWLOCK_RDLOCK = @REPLACE_PTHREAD_RWLOCK_RDLOCK@ +REPLACE_PTHREAD_RWLOCK_TIMEDRDLOCK = @REPLACE_PTHREAD_RWLOCK_TIMEDRDLOCK@ +REPLACE_PTHREAD_RWLOCK_TIMEDWRLOCK = @REPLACE_PTHREAD_RWLOCK_TIMEDWRLOCK@ +REPLACE_PTHREAD_RWLOCK_TRYRDLOCK = @REPLACE_PTHREAD_RWLOCK_TRYRDLOCK@ +REPLACE_PTHREAD_RWLOCK_TRYWRLOCK = @REPLACE_PTHREAD_RWLOCK_TRYWRLOCK@ +REPLACE_PTHREAD_RWLOCK_UNLOCK = @REPLACE_PTHREAD_RWLOCK_UNLOCK@ +REPLACE_PTHREAD_RWLOCK_WRLOCK = @REPLACE_PTHREAD_RWLOCK_WRLOCK@ +REPLACE_PTHREAD_SELF = @REPLACE_PTHREAD_SELF@ +REPLACE_PTHREAD_SETSPECIFIC = @REPLACE_PTHREAD_SETSPECIFIC@ +REPLACE_PTHREAD_SIGMASK = @REPLACE_PTHREAD_SIGMASK@ +REPLACE_PTHREAD_SPIN_DESTROY = @REPLACE_PTHREAD_SPIN_DESTROY@ +REPLACE_PTHREAD_SPIN_INIT = @REPLACE_PTHREAD_SPIN_INIT@ +REPLACE_PTHREAD_SPIN_LOCK = @REPLACE_PTHREAD_SPIN_LOCK@ +REPLACE_PTHREAD_SPIN_TRYLOCK = @REPLACE_PTHREAD_SPIN_TRYLOCK@ +REPLACE_PTHREAD_SPIN_UNLOCK = @REPLACE_PTHREAD_SPIN_UNLOCK@ +REPLACE_PTSNAME = @REPLACE_PTSNAME@ +REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ +REPLACE_PUTENV = @REPLACE_PUTENV@ +REPLACE_PWRITE = @REPLACE_PWRITE@ +REPLACE_QSORT_R = @REPLACE_QSORT_R@ +REPLACE_RAISE = @REPLACE_RAISE@ +REPLACE_RANDOM = @REPLACE_RANDOM@ +REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ +REPLACE_READ = @REPLACE_READ@ +REPLACE_READLINK = @REPLACE_READLINK@ +REPLACE_READLINKAT = @REPLACE_READLINKAT@ +REPLACE_REALLOC = @REPLACE_REALLOC@ +REPLACE_REALLOCARRAY = @REPLACE_REALLOCARRAY@ +REPLACE_REALPATH = @REPLACE_REALPATH@ +REPLACE_REMOVE = @REPLACE_REMOVE@ +REPLACE_RENAME = @REPLACE_RENAME@ +REPLACE_RENAMEAT = @REPLACE_RENAMEAT@ +REPLACE_RMDIR = @REPLACE_RMDIR@ +REPLACE_SCHED_YIELD = @REPLACE_SCHED_YIELD@ +REPLACE_SELECT = @REPLACE_SELECT@ +REPLACE_SETENV = @REPLACE_SETENV@ +REPLACE_SETLOCALE = @REPLACE_SETLOCALE@ +REPLACE_SETSTATE = @REPLACE_SETSTATE@ +REPLACE_SLEEP = @REPLACE_SLEEP@ +REPLACE_SNPRINTF = @REPLACE_SNPRINTF@ +REPLACE_SPRINTF = @REPLACE_SPRINTF@ +REPLACE_STAT = @REPLACE_STAT@ +REPLACE_STDIO_READ_FUNCS = @REPLACE_STDIO_READ_FUNCS@ +REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@ +REPLACE_STPNCPY = @REPLACE_STPNCPY@ +REPLACE_STRCASESTR = @REPLACE_STRCASESTR@ +REPLACE_STRCHRNUL = @REPLACE_STRCHRNUL@ +REPLACE_STRDUP = @REPLACE_STRDUP@ +REPLACE_STRERROR = @REPLACE_STRERROR@ +REPLACE_STRERRORNAME_NP = @REPLACE_STRERRORNAME_NP@ +REPLACE_STRERROR_R = @REPLACE_STRERROR_R@ +REPLACE_STRFTIME = @REPLACE_STRFTIME@ +REPLACE_STRNCAT = @REPLACE_STRNCAT@ +REPLACE_STRNDUP = @REPLACE_STRNDUP@ +REPLACE_STRNLEN = @REPLACE_STRNLEN@ +REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@ +REPLACE_STRSTR = @REPLACE_STRSTR@ +REPLACE_STRTOD = @REPLACE_STRTOD@ +REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@ +REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ +REPLACE_STRTOL = @REPLACE_STRTOL@ +REPLACE_STRTOLD = @REPLACE_STRTOLD@ +REPLACE_STRTOLL = @REPLACE_STRTOLL@ +REPLACE_STRTOUL = @REPLACE_STRTOUL@ +REPLACE_STRTOULL = @REPLACE_STRTOULL@ +REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ +REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@ +REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ +REPLACE_SYMLINK = @REPLACE_SYMLINK@ +REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ +REPLACE_TIMEGM = @REPLACE_TIMEGM@ +REPLACE_TMPFILE = @REPLACE_TMPFILE@ +REPLACE_TRUNCATE = @REPLACE_TRUNCATE@ +REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ +REPLACE_TZSET = @REPLACE_TZSET@ +REPLACE_UNLINK = @REPLACE_UNLINK@ +REPLACE_UNLINKAT = @REPLACE_UNLINKAT@ +REPLACE_UNSETENV = @REPLACE_UNSETENV@ +REPLACE_USLEEP = @REPLACE_USLEEP@ +REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@ +REPLACE_VASPRINTF = @REPLACE_VASPRINTF@ +REPLACE_VDPRINTF = @REPLACE_VDPRINTF@ +REPLACE_VFPRINTF = @REPLACE_VFPRINTF@ +REPLACE_VPRINTF = @REPLACE_VPRINTF@ +REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@ +REPLACE_VSPRINTF = @REPLACE_VSPRINTF@ +REPLACE_WCRTOMB = @REPLACE_WCRTOMB@ +REPLACE_WCSFTIME = @REPLACE_WCSFTIME@ +REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@ +REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@ +REPLACE_WCSTOK = @REPLACE_WCSTOK@ +REPLACE_WCSWIDTH = @REPLACE_WCSWIDTH@ +REPLACE_WCTOB = @REPLACE_WCTOB@ +REPLACE_WCTOMB = @REPLACE_WCTOMB@ +REPLACE_WCWIDTH = @REPLACE_WCWIDTH@ +REPLACE_WRITE = @REPLACE_WRITE@ +SED = @SED@ +SERVENT_LIB = @SERVENT_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDALIGN_H = @STDALIGN_H@ +STDBOOL_H = @STDBOOL_H@ +STDDEF_H = @STDDEF_H@ +STDINT_H = @STDINT_H@ +STRIP = @STRIP@ +SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@ +SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_TIME_UTC = @TIME_H_DEFINES_TIME_UTC@ +TROUSERS_LIB = @TROUSERS_LIB@ +TSS2_CFLAGS = @TSS2_CFLAGS@ +TSS2_LIBS = @TSS2_LIBS@ +TSS_CFLAGS = @TSS_CFLAGS@ +TSS_LIBS = @TSS_LIBS@ +UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ +UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ +UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ +UNBOUND_LIBS = @UNBOUND_LIBS@ +UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ +UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ +UNISTD_H_HAVE_SYS_RANDOM_H = @UNISTD_H_HAVE_SYS_RANDOM_H@ +UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ +UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +USE_NLS = @USE_NLS@ +VALGRIND = @VALGRIND@ +VALGRINDFLAGS = @VALGRINDFLAGS@ +VALGRIND_PROGRAM = @VALGRIND_PROGRAM@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ +WERROR_CFLAGS = @WERROR_CFLAGS@ +WINDOWS_64_BIT_OFF_T = @WINDOWS_64_BIT_OFF_T@ +WINDOWS_64_BIT_ST_SIZE = @WINDOWS_64_BIT_ST_SIZE@ +WINDOWS_STAT_INODES = @WINDOWS_STAT_INODES@ +WINDOWS_STAT_TIMESPEC = @WINDOWS_STAT_TIMESPEC@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ +WSTACK_CFLAGS = @WSTACK_CFLAGS@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +YIELD_LIB = @YIELD_LIB@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +ac_cv_sizeof_time_t = @ac_cv_sizeof_time_t@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +ggl_LIBOBJS = @ggl_LIBOBJS@ +ggl_LTLIBOBJS = @ggl_LTLIBOBJS@ +ggltests_LIBOBJS = @ggltests_LIBOBJS@ +ggltests_LTLIBOBJS = @ggltests_LTLIBOBJS@ +ggltests_WITNESS = @ggltests_WITNESS@ +gl_LIBOBJS = @gl_LIBOBJS@ +gl_LTLIBOBJS = @gl_LTLIBOBJS@ +gltests_LIBOBJS = @gltests_LIBOBJS@ +gltests_LTLIBOBJS = @gltests_LTLIBOBJS@ +gltests_WITNESS = @gltests_WITNESS@ +gnutls_so = @gnutls_so@ +guile_snarf = @guile_snarf@ +guileextensiondir = @guileextensiondir@ +guilesiteccachedir = @guilesiteccachedir@ +guilesitedir = @guilesitedir@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +ifGNUmake = @ifGNUmake@ +ifnGNUmake = @ifnGNUmake@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +maybe_guileextensiondir = @maybe_guileextensiondir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +unistring_LIBOBJS = @unistring_LIBOBJS@ +unistring_LTLIBOBJS = @unistring_LTLIBOBJS@ +unistringtests_LIBOBJS = @unistringtests_LIBOBJS@ +unistringtests_LTLIBOBJS = @unistringtests_LTLIBOBJS@ +unistringtests_WITNESS = @unistringtests_WITNESS@ +AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) +AM_CPPFLAGS = -I$(top_srcdir)/lib/includes \ + -I$(top_builddir)/lib/includes -I$(top_srcdir)/tests/ \ + -I$(top_srcdir)/lib -I$(top_builddir)/gl -I$(top_srcdir)/gl \ + -I. $(am__append_1) +EXTRA_DIST = ncrypt-int.h check-output +AM_LDFLAGS = -no-install +LDADD = $(top_builddir)/tests/libutils.la \ + $(top_builddir)/gl/libgnu.la \ + $(top_builddir)/lib/libgnutls.la $(LIBSOCKET) + +ctests = cng-windows +@WINDOWS_TRUE@check_LTLIBRARIES = ncrypt.la crypt32.la +@WINDOWS_TRUE@ncrypt_la_SOURCES = ncrypt.c +@WINDOWS_TRUE@crypt32_la_SOURCES = crypt32.c +@WINDOWS_TRUE@ncrypt_la_LIBADD = ../../gl/libgnu.la ../../lib/libgnutls.la -lmsvcrt -lkernel32 -luser32 +@WINDOWS_TRUE@crypt32_la_LIBADD = ../../gl/libgnu.la ../../lib/libgnutls.la -lmsvcrt -lkernel32 -luser32 +@WINDOWS_TRUE@ncrypt_la_LDFLAGS = -module -no-undefined -avoid-version -Wl,--add-stdcall-alias +@WINDOWS_TRUE@crypt32_la_LDFLAGS = -module -no-undefined -avoid-version -Wl,--add-stdcall-alias +@WINDOWS_TRUE@cng_windows_DEPENDENCIES = ncrypt.la crypt32.la +@WINDOWS_TRUE@cng_windows_CPPFLAGS = $(AM_CPPFLAGS) +@WINDOWS_TRUE@LOG_COMPILER = $(srcdir)/check-output +dist_check_SCRIPTS = +TESTS_ENVIRONMENT = \ + WINEDLLOVERRIDES="crypt32=n,ncrypt=n" \ + LC_ALL="C" \ + GNUTLS_TEST_SUITE_RUN=1 \ + EXEEXT=$(EXEEXT) \ + GNUTLS_SYSTEM_PRIORITY_FILE=$(abs_top_srcdir)/tests/system.prio \ + top_builddir="$(top_builddir)" \ + abs_top_builddir="$(abs_top_builddir)" \ + srcdir="$(srcdir)" + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/windows/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign tests/windows/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +clean-checkLTLIBRARIES: + -test -z "$(check_LTLIBRARIES)" || rm -f $(check_LTLIBRARIES) + @list='$(check_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +crypt32.la: $(crypt32_la_OBJECTS) $(crypt32_la_DEPENDENCIES) $(EXTRA_crypt32_la_DEPENDENCIES) + $(AM_V_CCLD)$(crypt32_la_LINK) $(am_crypt32_la_rpath) $(crypt32_la_OBJECTS) $(crypt32_la_LIBADD) $(LIBS) + +ncrypt.la: $(ncrypt_la_OBJECTS) $(ncrypt_la_DEPENDENCIES) $(EXTRA_ncrypt_la_DEPENDENCIES) + $(AM_V_CCLD)$(ncrypt_la_LINK) $(am_ncrypt_la_rpath) $(ncrypt_la_OBJECTS) $(ncrypt_la_LIBADD) $(LIBS) + +cng-windows$(EXEEXT): $(cng_windows_OBJECTS) $(cng_windows_DEPENDENCIES) $(EXTRA_cng_windows_DEPENDENCIES) + @rm -f cng-windows$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(cng_windows_OBJECTS) $(cng_windows_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cng_windows-cng-windows.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypt32.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ncrypt.Plo@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +cng_windows-cng-windows.o: cng-windows.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(cng_windows_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cng_windows-cng-windows.o -MD -MP -MF $(DEPDIR)/cng_windows-cng-windows.Tpo -c -o cng_windows-cng-windows.o `test -f 'cng-windows.c' || echo '$(srcdir)/'`cng-windows.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cng_windows-cng-windows.Tpo $(DEPDIR)/cng_windows-cng-windows.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cng-windows.c' object='cng_windows-cng-windows.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(cng_windows_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cng_windows-cng-windows.o `test -f 'cng-windows.c' || echo '$(srcdir)/'`cng-windows.c + +cng_windows-cng-windows.obj: cng-windows.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(cng_windows_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cng_windows-cng-windows.obj -MD -MP -MF $(DEPDIR)/cng_windows-cng-windows.Tpo -c -o cng_windows-cng-windows.obj `if test -f 'cng-windows.c'; then $(CYGPATH_W) 'cng-windows.c'; else $(CYGPATH_W) '$(srcdir)/cng-windows.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cng_windows-cng-windows.Tpo $(DEPDIR)/cng_windows-cng-windows.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cng-windows.c' object='cng_windows-cng-windows.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(cng_windows_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cng_windows-cng-windows.obj `if test -f 'cng-windows.c'; then $(CYGPATH_W) 'cng-windows.c'; else $(CYGPATH_W) '$(srcdir)/cng-windows.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +# Recover from deleted '.trs' file; this should ensure that +# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create +# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells +# to avoid problems with "make -n". +.log.trs: + rm -f $< $@ + $(MAKE) $(AM_MAKEFLAGS) $< + +# Leading 'am--fnord' is there to ensure the list of targets does not +# expand to empty, as could happen e.g. with make check TESTS=''. +am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) +am--force-recheck: + @: + +$(TEST_SUITE_LOG): $(TEST_LOGS) + @$(am__set_TESTS_bases); \ + am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ + redo_bases=`for i in $$bases; do \ + am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ + done`; \ + if test -n "$$redo_bases"; then \ + redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ + redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ + if $(am__make_dryrun); then :; else \ + rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ + fi; \ + if test -n "$$am__remaking_logs"; then \ + echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ + "recursion detected" >&2; \ + elif test -n "$$redo_logs"; then \ + am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ + fi; \ + if $(am__make_dryrun); then :; else \ + st=0; \ + errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ + for i in $$redo_bases; do \ + test -f $$i.trs && test -r $$i.trs \ + || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ + test -f $$i.log && test -r $$i.log \ + || { echo "$$errmsg $$i.log" >&2; st=1; }; \ + done; \ + test $$st -eq 0 || exit 1; \ + fi + @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ + ws='[ ]'; \ + results=`for b in $$bases; do echo $$b.trs; done`; \ + test -n "$$results" || results=/dev/null; \ + all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ + pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ + fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ + skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ + xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ + xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ + error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ + if test `expr $$fail + $$xpass + $$error` -eq 0; then \ + success=true; \ + else \ + success=false; \ + fi; \ + br='==================='; br=$$br$$br$$br$$br; \ + result_count () \ + { \ + if test x"$$1" = x"--maybe-color"; then \ + maybe_colorize=yes; \ + elif test x"$$1" = x"--no-color"; then \ + maybe_colorize=no; \ + else \ + echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ + shift; \ + desc=$$1 count=$$2; \ + if test $$maybe_colorize = yes && test $$count -gt 0; then \ + color_start=$$3 color_end=$$std; \ + else \ + color_start= color_end=; \ + fi; \ + echo "$${color_start}# $$desc $$count$${color_end}"; \ + }; \ + create_testsuite_report () \ + { \ + result_count $$1 "TOTAL:" $$all "$$brg"; \ + result_count $$1 "PASS: " $$pass "$$grn"; \ + result_count $$1 "SKIP: " $$skip "$$blu"; \ + result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ + result_count $$1 "FAIL: " $$fail "$$red"; \ + result_count $$1 "XPASS:" $$xpass "$$red"; \ + result_count $$1 "ERROR:" $$error "$$mgn"; \ + }; \ + { \ + echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ + $(am__rst_title); \ + create_testsuite_report --no-color; \ + echo; \ + echo ".. contents:: :depth: 2"; \ + echo; \ + for b in $$bases; do echo $$b; done \ + | $(am__create_global_log); \ + } >$(TEST_SUITE_LOG).tmp || exit 1; \ + mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ + if $$success; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ + fi; \ + echo "$${col}$$br$${std}"; \ + echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ + echo "$${col}$$br$${std}"; \ + create_testsuite_report --maybe-color; \ + echo "$$col$$br$$std"; \ + if $$success; then :; else \ + echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ + if test -n "$(PACKAGE_BUGREPORT)"; then \ + echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ + fi; \ + echo "$$col$$br$$std"; \ + fi; \ + $$success || exit 1 + +check-TESTS: $(check_PROGRAMS) $(check_LTLIBRARIES) $(dist_check_SCRIPTS) + @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list + @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + trs_list=`for i in $$bases; do echo $$i.trs; done`; \ + log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ + exit $$?; +recheck: all $(check_PROGRAMS) $(check_LTLIBRARIES) $(dist_check_SCRIPTS) + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + bases=`for i in $$bases; do echo $$i; done \ + | $(am__list_recheck_tests)` || exit 1; \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + log_list=`echo $$log_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ + am__force_recheck=am--force-recheck \ + TEST_LOGS="$$log_list"; \ + exit $$? +cng-windows.log: cng-windows$(EXEEXT) + @p='cng-windows$(EXEEXT)'; \ + b='cng-windows'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +.test.log: + @p='$<'; \ + $(am__set_b); \ + $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +@am__EXEEXT_TRUE@.test$(EXEEXT).log: +@am__EXEEXT_TRUE@ @p='$<'; \ +@am__EXEEXT_TRUE@ $(am__set_b); \ +@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ +@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ +@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ +@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(check_LTLIBRARIES) \ + $(dist_check_SCRIPTS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) + -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) + -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-checkLTLIBRARIES clean-checkPROGRAMS clean-generic \ + clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f ./$(DEPDIR)/cng_windows-cng-windows.Po + -rm -f ./$(DEPDIR)/crypt32.Plo + -rm -f ./$(DEPDIR)/ncrypt.Plo + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f ./$(DEPDIR)/cng_windows-cng-windows.Po + -rm -f ./$(DEPDIR)/crypt32.Plo + -rm -f ./$(DEPDIR)/ncrypt.Plo + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: check-am install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \ + check-am clean clean-checkLTLIBRARIES clean-checkPROGRAMS \ + clean-generic clean-libtool cscopelist-am ctags ctags-am \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + recheck tags tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/tests/windows/check-output b/tests/windows/check-output new file mode 100755 index 0000000..8516c07 --- /dev/null +++ b/tests/windows/check-output @@ -0,0 +1,17 @@ +#!/bin/sh + +TMPFILE=wine.$$.out + +wine $* >$TMPFILE + +grep -i "Unhandled exception" $TMPFILE +if test $? = 0;then + ret=1 +else + ret=0 +fi + +echo $TMPFILE +rm -f $TMPFILE + +exit $ret diff --git a/tests/windows/cng-windows.c b/tests/windows/cng-windows.c new file mode 100644 index 0000000..e804683 --- /dev/null +++ b/tests/windows/cng-windows.c @@ -0,0 +1,192 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This does some basic functionality testing for the system-keys in + * windows for CNG keys. + * It relies on the ncrypt, and crypt32 replacements found in the dir. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifndef _WIN32 + +#include + +void doit(void) +{ + exit(77); +} + +#else + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "../cert-common.h" +#include "ncrypt-int.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +/* sha1 hash of "hello" string */ +const gnutls_datum_t sha256_hash_data = { + (void *) + "\x2c\xf2\x4d\xba\x5f\xb0\xa3\x0e\x26\xe8" + "\x3b\x2a\xc5\xb9\xe2\x9e\x1b\x16\x1e\x5c" + "\x1f\xa7\x42\x5e\x73\x04\x33\x62\x93\x8b" + "\x98\x24", + 32 +}; + +const gnutls_datum_t md5sha1_hash_data = { + (void *) + "\x5d\x41\x40\x2a\xbc\x4b\x2a\x76\xb9\x71\x9d\x91\x10\x17\xc5\x92" + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 36 +}; + +const gnutls_datum_t invalid_hash_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xca\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xb9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t raw_data = { + (void *)"hello", + 5 +}; + +static +void test_sig(void) +{ + gnutls_pubkey_t pubkey; + gnutls_privkey_t privkey; + gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_RSA_SHA256; + gnutls_datum_t signature, digest_info; + int ret; + + assert_int_nequal(gnutls_pubkey_init(&pubkey), 0); + + assert_int_nequal(gnutls_privkey_init(&privkey), 0); + + assert_int_nequal(gnutls_privkey_import_url(privkey, "system:win:id=123456", 0), 0); + + assert_int_nequal(gnutls_pubkey_import_x509_raw(pubkey, &cert_dat, GNUTLS_X509_FMT_PEM, 0), 0); + + assert_int_nequal(gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA256, + 0, &sha256_hash_data, + &signature), 0); + + + ret = + gnutls_pubkey_verify_hash2(pubkey, + sign_algo, 0, + &sha256_hash_data, &signature); + assert(ret >= 0); + + /* should fail */ + ret = + gnutls_pubkey_verify_hash2(pubkey, + sign_algo, 0, + &invalid_hash_data, + &signature); + assert(ret == GNUTLS_E_PK_SIG_VERIFY_FAILED); + + gnutls_free(signature.data); + signature.data = NULL; + /* test the raw interface (MD5+SHA1) + */ + ret = + gnutls_privkey_sign_hash(privkey, + 0, + GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + &md5sha1_hash_data, + &signature); + assert(ret >= 0); + + ret = + gnutls_pubkey_verify_hash2(pubkey, + 0, + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + &md5sha1_hash_data, + &signature); + assert(ret >= 0); + + gnutls_free(signature.data); + signature.data = NULL; + + /* test the raw interface DigestInfo + */ + ret = gnutls_encode_ber_digest_info(GNUTLS_DIG_SHA256, &sha256_hash_data, &digest_info); + assert(ret >= 0); + + ret = + gnutls_privkey_sign_hash(privkey, + 0, + GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + &digest_info, + &signature); + assert(ret >= 0); + + ret = + gnutls_pubkey_verify_hash2(pubkey, + 0, + GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + &digest_info, + &signature); + assert(ret >= 0); + + gnutls_free(signature.data); + gnutls_free(digest_info.data); + gnutls_privkey_deinit(privkey); + gnutls_pubkey_deinit(pubkey); +} + +void doit(void) +{ + gnutls_global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + test_sig(); + + gnutls_global_deinit(); + return; +} + +#endif diff --git a/tests/windows/crypt32.c b/tests/windows/crypt32.c new file mode 100644 index 0000000..6987f1f --- /dev/null +++ b/tests/windows/crypt32.c @@ -0,0 +1,218 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#undef DECLSPEC_IMPORT +#define DECLSPEC_IMPORT +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "ncrypt-int.h" +#include + +#define VALID_PTR (void*)0x0001 + +/* This is dummy crypt32 replacement with stub functions. It pretends + * to load the key store and find a single certificate in the store + * of which it will return some arbitrary but valid values in CertGetCertificateContextProperty. + */ + +__declspec(dllexport) +HCERTSTORE WINAPI CertOpenSystemStore( + HCRYPTPROV_LEGACY hprov, LPCSTR szSubsystemProtocol) +{ + return VALID_PTR; +} + +__declspec(dllexport) +HCERTSTORE WINAPI CertOpenStore( + LPCSTR lpszStoreProvider, DWORD dwEncodingType, + HCRYPTPROV_LEGACY hCryptProv, DWORD dwFlags, + const void *pvPara) +{ + return VALID_PTR; +} + +__declspec(dllexport) +BOOL WINAPI CertCloseStore(HCERTSTORE hCertStore, DWORD dwFlags) +{ + assert_int_nequal(hCertStore, VALID_PTR); + return 1; +} + +__declspec(dllexport) +PCCERT_CONTEXT WINAPI CertFindCertificateInStore( + HCERTSTORE hCertStore, DWORD dwCertEncodingType, + DWORD dwFindFlags, DWORD dwFindType, + const void *pvFindPara, PCCERT_CONTEXT pPrevCertContext) +{ + //CRYPT_HASH_BLOB *blob = (void*)pvFindPara; + + assert_int_nequal(hCertStore, VALID_PTR); + + assert_int_nequal(dwCertEncodingType, X509_ASN_ENCODING); + assert_int_nequal(dwFindType, CERT_FIND_KEY_IDENTIFIER); + + return VALID_PTR; +} + +__declspec(dllexport) +BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT pCertContext, + DWORD dwPropId, void *pvData, DWORD *pcbData) +{ + if (dwPropId == CERT_FRIENDLY_NAME_PROP_ID) { + *pcbData = snprintf(pvData, *pcbData, "friendly"); + return 1; + } + + if (dwPropId == CERT_KEY_IDENTIFIER_PROP_ID) { + *pcbData = snprintf(pvData, *pcbData, "\xff\xff\x01\xff"); + return 1; + } + + if (dwPropId == CERT_NCRYPT_KEY_HANDLE_TRANSFER_PROP_ID) { + return 1; + } + + if (dwPropId == CERT_KEY_PROV_INFO_PROP_ID) { + if (pvData == NULL) { + *pcbData = sizeof(CRYPT_KEY_PROV_INFO); + return 1; + } + assert(*pcbData >= sizeof(CRYPT_KEY_PROV_INFO)); + + memset(pvData, 0, sizeof(CRYPT_KEY_PROV_INFO)); + *pcbData = sizeof(CRYPT_KEY_PROV_INFO); + + return 1; + } + + assert(0); + return 0; +} + +__declspec(dllexport) +PCCRL_CONTEXT WINAPI CertEnumCRLsInStore(HCERTSTORE hCertStore, PCCRL_CONTEXT pPrevCrlContext) +{ + return NULL; +} + +__declspec(dllexport) +BOOL WINAPI CertDeleteCertificateFromStore(PCCERT_CONTEXT pCertContext) +{ + return 1; +} + +__declspec(dllexport) +HCERTSTORE WINAPI PFXImportCertStore(CRYPT_DATA_BLOB *pPFX, LPCWSTR szPassword, DWORD dwFlags) +{ + return NULL; +} + +__declspec(dllexport) +PCCERT_CONTEXT WINAPI CertEnumCertificatesInStore(HCERTSTORE hCertStore, + PCCERT_CONTEXT pPrevCertContext) +{ + return NULL; +} + +__declspec(dllexport) +BOOL WINAPI CertFreeCertificateContext(PCCERT_CONTEXT pCertContext) +{ + return 1; +} + +/* These are for CAPI, and are placeholders */ +__declspec(dllexport) +BOOL WINAPI CryptGetProvParam(HCRYPTPROV hProv, DWORD dwParam, + BYTE *pbData, DWORD *pdwDataLen, + DWORD dwFlags) +{ + return 0; +} + +__declspec(dllexport) +BOOL WINAPI CryptAcquireContextW(HCRYPTPROV *phProv, LPCWSTR szContainer, + LPCWSTR szProvider, DWORD dwProvType, DWORD dwFlags) +{ + return 0; +} + +__declspec(dllexport) +BOOL WINAPI CryptDecrypt(HCRYPTKEY hKey, HCRYPTHASH hHash, BOOL Final, + DWORD dwFlags, BYTE *pbData, DWORD *pdwDataLen) +{ + return 0; +} + +__declspec(dllexport) +BOOL WINAPI CryptDestroyHash(HCRYPTHASH hHash) +{ + return 1; +} + +__declspec(dllexport) +BOOL WINAPI CryptSignHash( + HCRYPTHASH hHash, + DWORD dwKeySpec, + LPCTSTR sDescription, + DWORD dwFlags, + BYTE *pbSignature, + DWORD *pdwSigLen) +{ + return 0; +} + +__declspec(dllexport) +BOOL WINAPI CryptGetHashParam(HCRYPTHASH hHash, DWORD dwParam, + BYTE *pbData, DWORD *pdwDataLen, DWORD dwFlags) +{ + return 0; +} + +__declspec(dllexport) +BOOL WINAPI CryptSetHashParam(HCRYPTHASH hHash, DWORD dwParam, + const BYTE *pbData, DWORD dwFlags) +{ + return 0; +} + + +__declspec(dllexport) +BOOL WINAPI CryptCreateHash(HCRYPTPROV hProv, ALG_ID Algid, HCRYPTKEY hKey, + DWORD dwFlags, HCRYPTHASH *phHash) +{ + return 0; +} diff --git a/tests/windows/ncrypt-int.h b/tests/windows/ncrypt-int.h new file mode 100644 index 0000000..a4762bd --- /dev/null +++ b/tests/windows/ncrypt-int.h @@ -0,0 +1 @@ +#define assert_int_nequal(x,y) assert((x)==(y)) diff --git a/tests/windows/ncrypt.c b/tests/windows/ncrypt.c new file mode 100644 index 0000000..9e8057c --- /dev/null +++ b/tests/windows/ncrypt.c @@ -0,0 +1,189 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "../cert-common.h" +#include "ncrypt-int.h" +#include + +/* This is a dummy replacement of ncrypt. It will pretend to open a specified + * key by using a hardcoded one, and perform operations using that key. + */ + +#define debug_func() fprintf(stderr, "%s: %d\n", __func__, __LINE__); + +__declspec(dllexport) +SECURITY_STATUS WINAPI NCryptDeleteKey(NCRYPT_KEY_HANDLE hKey,DWORD dwFlags) +{ + debug_func(); + return 0; +} + +__declspec(dllexport) +SECURITY_STATUS WINAPI NCryptOpenStorageProvider( + NCRYPT_PROV_HANDLE *phProvider, LPCWSTR pszProviderName, + DWORD dwFlags) +{ + debug_func(); + *phProvider = 0; + return 0x0000ffff; +} + +__declspec(dllexport) +SECURITY_STATUS WINAPI NCryptOpenKey( + NCRYPT_PROV_HANDLE hProvider, NCRYPT_KEY_HANDLE *phKey, + LPCWSTR pszKeyName, DWORD dwLegacyKeySpec, + DWORD dwFlags) +{ + gnutls_privkey_t p; + + debug_func(); + assert_int_nequal(gnutls_privkey_init(&p), 0); + + assert_int_nequal(gnutls_privkey_import_x509_raw(p, &key_dat, GNUTLS_X509_FMT_PEM, NULL, 0), 0); + + *phKey = (NCRYPT_KEY_HANDLE)p; + return 1; +} + +__declspec(dllexport) +SECURITY_STATUS WINAPI NCryptGetProperty( + NCRYPT_HANDLE hObject, LPCWSTR pszProperty, + PBYTE pbOutput, DWORD cbOutput, + DWORD *pcbResult, DWORD dwFlags) +{ + debug_func(); + //assert_int_nequal(pszProperty, NCRYPT_ALGORITHM_PROPERTY); + assert(pbOutput!=NULL); + memcpy(pbOutput, BCRYPT_RSA_ALGORITHM, sizeof(BCRYPT_RSA_ALGORITHM)); + return 1; +} + +__declspec(dllexport) +SECURITY_STATUS WINAPI NCryptFreeObject( + NCRYPT_HANDLE hObject) +{ + debug_func(); + if (hObject != 0) + gnutls_privkey_deinit((gnutls_privkey_t)hObject); + return 1; +} + +__declspec(dllexport) +SECURITY_STATUS WINAPI NCryptDecrypt( + NCRYPT_KEY_HANDLE hKey, PBYTE pbInput, + DWORD cbInput, VOID *pPaddingInfo, + PBYTE pbOutput, DWORD cbOutput, + DWORD *pcbResult, DWORD dwFlags) +{ + gnutls_datum_t c, p; + assert_int_nequal(dwFlags, NCRYPT_PAD_PKCS1_FLAG); + c.data = pbInput; + c.size = cbInput; + + debug_func(); + if (pbOutput == NULL || cbOutput == 0) { + *pcbResult = 256; + return 1; + } + + assert_int_nequal(gnutls_privkey_decrypt_data((gnutls_privkey_t)hKey, 0, + &c, &p), 0); + + *pcbResult = p.size; + memcpy(pbOutput, p.data, p.size); + gnutls_free(p.data); + + return 1; +} + +static int StrCmpW(const WCHAR *str1, const WCHAR *str2 ) +{ + while (*str1 && (*str1 == *str2)) { str1++; str2++; } + return *str1 - *str2; +} + +__declspec(dllexport) +SECURITY_STATUS WINAPI NCryptSignHash( + NCRYPT_KEY_HANDLE hKey, VOID* pPaddingInfo, + PBYTE pbHashValue, DWORD cbHashValue, + PBYTE pbSignature, DWORD cbSignature, + DWORD* pcbResult, DWORD dwFlags) +{ + BCRYPT_PKCS1_PADDING_INFO *info; + int hash = 0; + gnutls_privkey_t p = (gnutls_privkey_t)hKey; + gnutls_datum_t v = {pbHashValue, cbHashValue}, s; + + debug_func(); + info = pPaddingInfo; + + if (info != NULL) { + if (info->pszAlgId && StrCmpW(info->pszAlgId, NCRYPT_SHA1_ALGORITHM) == 0) + hash = GNUTLS_DIG_SHA1; + else if (info->pszAlgId && StrCmpW(info->pszAlgId, NCRYPT_SHA256_ALGORITHM) == 0) + hash = GNUTLS_DIG_SHA256; + else if (info->pszAlgId != NULL) { + assert(0); + } + } + + if (pbSignature == NULL || cbSignature == 0) { + *pcbResult = 256; + return 1; + } + + assert(p!=NULL); + + if (info == NULL || info->pszAlgId == NULL) { + assert_int_nequal(gnutls_privkey_sign_hash(p, 0, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, &v, &s), 0); + } else if (info != NULL) { + assert_int_nequal(gnutls_privkey_sign_hash(p, hash, 0, &v, &s), 0); + } + + *pcbResult = s.size; + + if (pbSignature) { + assert(cbSignature >= s.size); + memcpy(pbSignature, s.data, s.size); + } + gnutls_free(s.data); + + return 1; +} + diff --git a/tests/x509-cert-callback-legacy.c b/tests/x509-cert-callback-legacy.c new file mode 100644 index 0000000..2f7912b --- /dev/null +++ b/tests/x509-cert-callback-legacy.c @@ -0,0 +1,389 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This tests gnutls_certificate_set_x509_key() */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static int +cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * pk_algos, + int pk_algos_length, + gnutls_retr2_st *st) +{ + int ret; + gnutls_x509_crt_t *crts; + unsigned int crts_size; + gnutls_x509_privkey_t pkey; + + if (gnutls_certificate_client_get_request_status(session) == 0) { + fail("gnutls_certificate_client_get_request_status failed\n"); + return -1; + } + + st->cert_type = GNUTLS_CRT_X509; + + ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &cli_ca3_cert_chain, GNUTLS_X509_FMT_PEM, + GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_import(pkey, &cli_ca3_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + st->cert.x509 = crts; + st->ncerts = crts_size; + + st->key.x509 = pkey; + st->deinit_all = 1; + + return 0; +} + +static int +server_cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * pk_algos, + int pk_algos_length, + gnutls_retr2_st *st) +{ + int ret; + gnutls_x509_crt_t *crts; + unsigned int crts_size; + gnutls_x509_privkey_t pkey; + + st->cert_type = GNUTLS_CRT_X509; + + ret = gnutls_x509_crt_list_import2(&crts, &crts_size, &server_ca3_cert_chain, GNUTLS_X509_FMT_PEM, + GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_privkey_import(pkey, &server_ca3_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error: %s\n", gnutls_strerror(ret)); + exit(1); + } + + st->cert.x509 = crts; + st->ncerts = crts_size; + + st->key.x509 = pkey; + st->deinit_all = 1; + + return 0; +} + +static void start(const char *prio) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + success("testing %s\n", prio); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + + gnutls_certificate_set_retrieve_function(serverx509cred, + server_cert_callback); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); + assert(gnutls_priority_set_direct(server, prio, NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + /* Init client */ + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = + gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + gnutls_certificate_set_retrieve_function(clientx509cred, + cert_callback); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + assert(gnutls_priority_set_direct(client, prio, NULL) >= 0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_certificate_get_ours(client) == NULL) { + fail("client certificate was not sent!\n"); + exit(1); + } + + /* check gnutls_certificate_get_ours() - server side */ + { + const gnutls_datum_t *mcert; + gnutls_datum_t scert; + gnutls_x509_crt_t crt; + + mcert = gnutls_certificate_get_ours(server); + if (mcert == NULL) { + fail("gnutls_certificate_get_ours(): failed\n"); + exit(1); + } + + gnutls_x509_crt_init(&crt); + ret = + gnutls_x509_crt_import(crt, &server_ca3_localhost_cert_chain, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &scert); + if (ret < 0) { + fail("gnutls_x509_crt_export2: %s\n", + gnutls_strerror(ret)); + exit(1); + } + gnutls_x509_crt_deinit(crt); + + if (scert.size != mcert->size + || memcmp(scert.data, mcert->data, mcert->size) != 0) { + fail("gnutls_certificate_get_ours output doesn't match cert\n"); + exit(1); + } + gnutls_free(scert.data); + } + + /* check gnutls_certificate_get_ours() - client side */ + { + const gnutls_datum_t *mcert; + gnutls_datum_t ccert; + gnutls_x509_crt_t crt; + + mcert = gnutls_certificate_get_ours(client); + if (mcert == NULL) { + fail("gnutls_certificate_get_ours(): failed\n"); + exit(1); + } + + gnutls_x509_crt_init(&crt); + ret = + gnutls_x509_crt_import(crt, &cli_ca3_cert_chain, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &ccert); + if (ret < 0) { + fail("gnutls_x509_crt_export2: %s\n", + gnutls_strerror(ret)); + exit(1); + } + gnutls_x509_crt_deinit(crt); + + if (ccert.size != mcert->size + || memcmp(ccert.data, mcert->data, mcert->size) != 0) { + fail("gnutls_certificate_get_ours output doesn't match cert\n"); + exit(1); + } + gnutls_free(ccert.data); + } + + /* check the number of certificates received */ + { + unsigned cert_list_size = 0; + gnutls_typed_vdata_st data[2]; + unsigned status; + + memset(data, 0, sizeof(data)); + + /* check with wrong hostname */ + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void *)"localhost1"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void *)GNUTLS_KP_TLS_WWW_SERVER; + + gnutls_certificate_get_peers(client, &cert_list_size); + if (cert_list_size != 2) { + fprintf(stderr, "received a certificate list of %d!\n", + cert_list_size); + exit(1); + } + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fprintf(stderr, "should not have accepted!\n"); + exit(1); + } + + /* check with wrong purpose */ + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void *)"localhost"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void *)GNUTLS_KP_TLS_WWW_CLIENT; + + gnutls_certificate_get_peers(client, &cert_list_size); + if (cert_list_size != 2) { + fprintf(stderr, "received a certificate list of %d!\n", + cert_list_size); + exit(1); + } + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fprintf(stderr, "should not have accepted!\n"); + exit(1); + } + + /* check with correct purpose */ + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void *)"localhost"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void *)GNUTLS_KP_TLS_WWW_SERVER; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + fprintf(stderr, "could not verify certificate: %.4x\n", + status); + exit(1); + } + } + + if (gnutls_certificate_client_get_request_status(client) == 0) { + fail("gnutls_certificate_client_get_request_status - 2 failed\n"); + exit(1); + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1"); + start("NORMAL"); +} diff --git a/tests/x509-cert-callback-ocsp.c b/tests/x509-cert-callback-ocsp.c new file mode 100644 index 0000000..b0a6c87 --- /dev/null +++ b/tests/x509-cert-callback-ocsp.c @@ -0,0 +1,234 @@ +/* + * Copyright (C) 2015-2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This tests gnutls_certificate_set_x509_key() */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static gnutls_privkey_t server_pkey = NULL; +static gnutls_pcert_st *server_pcert = NULL; +static gnutls_ocsp_data_st ocspdata[2]; + +#define OCSP_SIZE 16 +#define OCSP_DATA "\xff\xff\xf0\xf0\xff\xff\xf0\xf0\xff\xff\xf0\xf0\xff\xff\xf0\xf0" + +static int +server_cert_callback(gnutls_session_t session, + const struct gnutls_cert_retr_st *info, + gnutls_pcert_st **pcert, + unsigned int *pcert_length, + gnutls_ocsp_data_st **ocsp, + unsigned int *ocsp_length, + gnutls_privkey_t *pkey, + unsigned int *flags) +{ + int ret; + gnutls_pcert_st *p; + gnutls_privkey_t lkey; + gnutls_x509_crt_t *certs; + unsigned certs_size, i; + + if (server_pkey == NULL) { + p = gnutls_malloc(2 * sizeof(*p)); + if (p == NULL) + return -1; + + ocspdata[0].response.data = (void*)OCSP_DATA; + ocspdata[0].response.size = OCSP_SIZE; + ocspdata[0].exptime = 0; + + ocspdata[1].response.data = (void*)OCSP_DATA; + ocspdata[1].response.size = OCSP_SIZE; + ocspdata[1].exptime = 0; + + ret = gnutls_x509_crt_list_import2(&certs, &certs_size, + &server_ca3_localhost_cert_chain, + GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) + return -1; + ret = gnutls_pcert_import_x509_list(p, certs, &certs_size, 0); + if (ret < 0) + return -1; + for (i = 0; i < certs_size; i++) + gnutls_x509_crt_deinit(certs[i]); + gnutls_free(certs); + + ret = gnutls_privkey_init(&lkey); + if (ret < 0) + return -1; + + ret = + gnutls_privkey_import_x509_raw(lkey, &server_ca3_key, + GNUTLS_X509_FMT_PEM, NULL, + 0); + if (ret < 0) + return -1; + + server_pcert = p; + server_pkey = lkey; + + *pcert = p; + *pcert_length = 2; + *pkey = lkey; + *ocsp = ocspdata; + *ocsp_length = 2; + } else { + *pcert = server_pcert; + *pcert_length = 2; + *pkey = server_pkey; + *ocsp = ocspdata; + *ocsp_length = 2; + } + + return 0; +} + +static void start(const char *prio) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t scred; + gnutls_session_t server; + gnutls_datum_t response; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t ccred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + success("testing %s\n", prio); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4); + + /* Init server */ + gnutls_certificate_allocate_credentials(&scred); + + gnutls_certificate_set_retrieve_function3(scred, + server_cert_callback); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred); + assert(gnutls_priority_set_direct(server, + prio, NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&ccred); + if (ret < 0) + exit(1); + + gnutls_certificate_set_verify_flags(ccred, GNUTLS_VERIFY_DISABLE_CRL_CHECKS); + + ret = + gnutls_certificate_set_x509_trust_mem(ccred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + ccred); + if (ret < 0) + exit(1); + + assert(gnutls_priority_set_direct(client, prio, NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + assert((gnutls_session_get_flags(server) & GNUTLS_SFLAGS_CLI_REQUESTED_OCSP) != 0); + assert((gnutls_session_get_flags(client) & GNUTLS_SFLAGS_CLI_REQUESTED_OCSP) != 0); + + ret = gnutls_ocsp_status_request_get(client, &response); + if (ret != 0) + fail("no response was found: %s\n", gnutls_strerror(ret)); + + assert(response.size == OCSP_SIZE); + assert(memcmp(response.data, OCSP_DATA, OCSP_SIZE) == 0); + + if (gnutls_protocol_get_version(client) == GNUTLS_TLS1_3) { + ret = gnutls_ocsp_status_request_get2(client, 1, &response); + if (ret != 0) + fail("no response was found for 1: %s\n", gnutls_strerror(ret)); + + assert(response.size == OCSP_SIZE); + assert(memcmp(response.data, OCSP_DATA, OCSP_SIZE) == 0); + } + + ret = gnutls_ocsp_status_request_get2(client, 2, &response); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fail("found response in index 2: %s\n", gnutls_strerror(ret)); + } + + gnutls_bye(client, GNUTLS_SHUT_WR); + gnutls_bye(server, GNUTLS_SHUT_WR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(scred); + gnutls_certificate_free_credentials(ccred); + + gnutls_global_deinit(); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1"); + start("NORMAL"); +} diff --git a/tests/x509-cert-callback.c b/tests/x509-cert-callback.c new file mode 100644 index 0000000..4d68d93 --- /dev/null +++ b/tests/x509-cert-callback.c @@ -0,0 +1,427 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" + +/* This tests gnutls_certificate_set_x509_key() */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static gnutls_privkey_t g_pkey = NULL; +static gnutls_pcert_st *g_pcert = NULL; + +static int +cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_pcert_st ** pcert, + unsigned int *pcert_length, gnutls_privkey_t * pkey) +{ + int ret; + gnutls_pcert_st *p; + gnutls_privkey_t lkey; + gnutls_x509_crt_t *certs; + unsigned certs_size, i; + + if (gnutls_certificate_client_get_request_status(session) == 0) { + fail("gnutls_certificate_client_get_request_status failed\n"); + return -1; + } + + if (g_pkey == NULL) { + p = gnutls_malloc(2 * sizeof(*p)); + if (p == NULL) + return -1; + + ret = gnutls_x509_crt_list_import2(&certs, &certs_size, + &cli_ca3_cert_chain, + GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) + return -1; + ret = gnutls_pcert_import_x509_list(p, certs, &certs_size, 0); + if (ret < 0) + return -1; + for (i = 0; i < certs_size; i++) + gnutls_x509_crt_deinit(certs[i]); + gnutls_free(certs); + + ret = gnutls_privkey_init(&lkey); + if (ret < 0) + return -1; + + ret = + gnutls_privkey_import_x509_raw(lkey, &cli_ca3_key, + GNUTLS_X509_FMT_PEM, NULL, + 0); + if (ret < 0) + return -1; + + g_pcert = p; + g_pkey = lkey; + + *pcert = p; + *pcert_length = 2; + *pkey = lkey; + } else { + *pcert = g_pcert; + *pcert_length = 2; + if (gnutls_certificate_client_get_request_status(session) == 0) { + fail("gnutls_certificate_client_get_request_status failed\n"); + return -1; + } + *pkey = g_pkey; + } + + return 0; +} + +static gnutls_privkey_t server_pkey = NULL; +static gnutls_pcert_st *server_pcert = NULL; + +static int +server_cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_pcert_st ** pcert, + unsigned int *pcert_length, gnutls_privkey_t * pkey) +{ + int ret; + gnutls_pcert_st *p; + gnutls_privkey_t lkey; + gnutls_x509_crt_t *certs; + unsigned certs_size, i; + + if (server_pkey == NULL) { + p = gnutls_malloc(2 * sizeof(*p)); + if (p == NULL) + return -1; + + ret = gnutls_x509_crt_list_import2(&certs, &certs_size, + &server_ca3_localhost_cert_chain, + GNUTLS_X509_FMT_PEM, 0); + if (ret < 0) + return -1; + ret = gnutls_pcert_import_x509_list(p, certs, &certs_size, 0); + if (ret < 0) + return -1; + for (i = 0; i < certs_size; i++) + gnutls_x509_crt_deinit(certs[i]); + gnutls_free(certs); + + ret = gnutls_privkey_init(&lkey); + if (ret < 0) + return -1; + + ret = + gnutls_privkey_import_x509_raw(lkey, &server_ca3_key, + GNUTLS_X509_FMT_PEM, NULL, + 0); + if (ret < 0) + return -1; + + server_pcert = p; + server_pkey = lkey; + + *pcert = p; + *pcert_length = 2; + *pkey = lkey; + } else { + *pcert = server_pcert; + *pcert_length = 2; + *pkey = server_pkey; + } + + return 0; +} + +static void start(const char *prio) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + + success("testing %s\n", prio); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + /* Init server */ + gnutls_certificate_allocate_credentials(&serverx509cred); + + gnutls_certificate_set_retrieve_function2(serverx509cred, + server_cert_callback); + + gnutls_init(&server, GNUTLS_SERVER); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); + assert(gnutls_priority_set_direct(server, + prio, NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + /* Init client */ + /* Init client */ + ret = gnutls_certificate_allocate_credentials(&clientx509cred); + if (ret < 0) + exit(1); + + ret = + gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + exit(1); + + gnutls_certificate_set_retrieve_function2(clientx509cred, + cert_callback); + + ret = gnutls_init(&client, GNUTLS_CLIENT); + if (ret < 0) + exit(1); + + ret = gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred); + if (ret < 0) + exit(1); + + assert(gnutls_priority_set_direct(client, prio, NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + if (gnutls_certificate_get_ours(client) == NULL) { + fail("client certificate was not sent!\n"); + exit(1); + } + + /* check gnutls_certificate_get_ours() - server side */ + { + const gnutls_datum_t *mcert; + gnutls_datum_t scert; + gnutls_x509_crt_t crt; + + mcert = gnutls_certificate_get_ours(server); + if (mcert == NULL) { + fail("gnutls_certificate_get_ours(): failed\n"); + exit(1); + } + + gnutls_x509_crt_init(&crt); + ret = + gnutls_x509_crt_import(crt, &server_ca3_localhost_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &scert); + if (ret < 0) { + fail("gnutls_x509_crt_export2: %s\n", + gnutls_strerror(ret)); + exit(1); + } + gnutls_x509_crt_deinit(crt); + + if (scert.size != mcert->size + || memcmp(scert.data, mcert->data, mcert->size) != 0) { + fail("gnutls_certificate_get_ours output doesn't match cert\n"); + exit(1); + } + gnutls_free(scert.data); + } + + /* check gnutls_certificate_get_ours() - client side */ + { + const gnutls_datum_t *mcert; + gnutls_datum_t ccert; + gnutls_x509_crt_t crt; + + mcert = gnutls_certificate_get_ours(client); + if (mcert == NULL) { + fail("gnutls_certificate_get_ours(): failed\n"); + exit(1); + } + + gnutls_x509_crt_init(&crt); + ret = + gnutls_x509_crt_import(crt, &cli_ca3_cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("gnutls_x509_crt_import: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_export2(crt, GNUTLS_X509_FMT_DER, &ccert); + if (ret < 0) { + fail("gnutls_x509_crt_export2: %s\n", + gnutls_strerror(ret)); + exit(1); + } + gnutls_x509_crt_deinit(crt); + + if (ccert.size != mcert->size + || memcmp(ccert.data, mcert->data, mcert->size) != 0) { + fail("gnutls_certificate_get_ours output doesn't match cert\n"); + exit(1); + } + gnutls_free(ccert.data); + } + + /* check the number of certificates received */ + { + unsigned cert_list_size = 0; + gnutls_typed_vdata_st data[2]; + unsigned status; + + memset(data, 0, sizeof(data)); + + /* check with wrong hostname */ + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void *)"localhost1"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void *)GNUTLS_KP_TLS_WWW_SERVER; + + gnutls_certificate_get_peers(client, &cert_list_size); + if (cert_list_size != 2) { + fprintf(stderr, "received a certificate list of %d!\n", + cert_list_size); + exit(1); + } + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fprintf(stderr, "should not have accepted!\n"); + exit(1); + } + + /* check with wrong purpose */ + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void *)"localhost"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void *)GNUTLS_KP_TLS_WWW_CLIENT; + + gnutls_certificate_get_peers(client, &cert_list_size); + if (cert_list_size != 2) { + fprintf(stderr, "received a certificate list of %d!\n", + cert_list_size); + exit(1); + } + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (status == 0) { + fprintf(stderr, "should not have accepted!\n"); + exit(1); + } + + /* check with correct purpose */ + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void *)"localhost"; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void *)GNUTLS_KP_TLS_WWW_SERVER; + + ret = gnutls_certificate_verify_peers(client, data, 2, &status); + if (ret < 0) { + fprintf(stderr, "could not verify certificate: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + if (status != 0) { + fprintf(stderr, "could not verify certificate: %.4x\n", + status); + exit(1); + } + } + + if (gnutls_certificate_client_get_request_status(client) == 0) { + fail("gnutls_certificate_client_get_request_status - 2 failed\n"); + exit(1); + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1"); + start("NORMAL"); +} diff --git a/tests/x509-dn-decode-compat.c b/tests/x509-dn-decode-compat.c new file mode 100644 index 0000000..8f0c124 --- /dev/null +++ b/tests/x509-dn-decode-compat.c @@ -0,0 +1,151 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This checks the old low level DN encoding and decoding routines */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include + +#include +#include + +#include "utils.h" + +static char buf[32*1024]; + +static void decode(const char *test_name, const gnutls_datum_t *raw, const char *expected, const char *expected_compat) +{ + int ret; + gnutls_datum_t out; + size_t bsize; + + ret = gnutls_x509_rdn_get2(raw, &out, 0); + if (ret < 0) { + test_fail("%s\n", gnutls_strerror(ret)); + } + + if (out.size != strlen(expected)) { + test_fail("The length of the output (%d) doesn't match the expected (%d)\n", (int)out.size, (int)strlen(expected)); + } + + if (memcmp(out.data, expected, out.size) != 0) { + test_fail("The string output (%s) doesn't match the expected (%s)\n", (char*)out.data, expected); + } + + if (out.data[out.size] != 0) { + test_fail("The string output isn't null terminated\n"); + } + + gnutls_free(out.data); + + /* compat mode */ + ret = gnutls_x509_rdn_get2(raw, &out, GNUTLS_X509_DN_FLAG_COMPAT); + if (ret < 0) { + test_fail("%s\n", gnutls_strerror(ret)); + } + + if (out.size != strlen(expected_compat)) { + test_fail("The length of the output (%d) doesn't match the expected (%d)\n", (int)out.size, (int)strlen(expected_compat)); + } + + if (memcmp(out.data, expected_compat, out.size) != 0) { + test_fail("The string output (%s) doesn't match the expected (%s)\n", (char*)out.data, expected_compat); + } + + if (out.data[out.size] != 0) { + test_fail("The string output isn't null terminated\n"); + } + + gnutls_free(out.data); + + /* compat mode 2 */ + bsize = sizeof(buf); + ret = gnutls_x509_rdn_get(raw, buf, &bsize); + if (ret < 0) { + test_fail("%s\n", gnutls_strerror(ret)); + } + out.data = (void*)buf; + out.size = bsize; + + if (out.size != strlen(expected_compat)) { + test_fail("The length of the output (%d) doesn't match the expected (%d)\n", (int)out.size, (int)strlen(expected_compat)); + } + + if (memcmp(out.data, expected_compat, out.size) != 0) { + test_fail("The string output (%s) doesn't match the expected (%s)\n", (char*)out.data, expected_compat); + } + + if (out.data[out.size] != 0) { + test_fail("The string output isn't null terminated\n"); + } + + return; +} + +struct tests_st { + const char *name; + gnutls_datum_t raw; + const char *str; + const char *compat_str; /* GNUTLS_X509_DN_FLAG_COMPAT */ + unsigned can_encode; +}; + +struct tests_st tests[] = { + { + .name = "simple DN", + .str = "C=GR,ST=Attiki,O=Koko inc.,OU=sleeping dept.,UID=clauper,CN=Cindy Lauper", + .compat_str = "CN=Cindy Lauper,UID=clauper,OU=sleeping dept.,O=Koko inc.,ST=Attiki,C=GR", + .raw = {(void*)"\x30\x7b\x31\x15\x30\x13\x06\x03\x55\x04\x03\x13\x0c\x43\x69\x6e\x64\x79\x20\x4c\x61\x75\x70\x65\x72\x31\x17\x30\x15\x06\x0a\x09\x92\x26\x89\x93\xf2\x2c\x64\x01\x01\x13\x07\x63\x6c\x61\x75\x70\x65\x72\x31\x17\x30\x15\x06\x03\x55\x04\x0b\x13\x0e\x73\x6c\x65\x65\x70\x69\x6e\x67\x20\x64\x65\x70\x74\x2e\x31\x12\x30\x10\x06\x03\x55\x04\x0a\x13\x09\x4b\x6f\x6b\x6f\x20\x69\x6e\x63\x2e\x31\x0f\x30\x0d\x06\x03\x55\x04\x08\x13\x06\x41\x74\x74\x69\x6b\x69\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x52", 125}, + }, + { + .name = "UTF8 DN", + .str = "C=GR,ST=Αττική,O=Μεγάλη εταιÏία,CN=ðŸ¨", + .compat_str = "CN=ðŸ¨,O=Μεγάλη εταιÏία,ST=Αττική,C=GR", + .raw = {(void*)"\x30\x59\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x0c\x04\xf0\x9f\x90\xa8\x31\x24\x30\x22\x06\x03\x55\x04\x0a\x0c\x1b\xce\x9c\xce\xb5\xce\xb3\xce\xac\xce\xbb\xce\xb7\x20\xce\xb5\xcf\x84\xce\xb1\xce\xb9\xcf\x81\xce\xaf\xce\xb1\x31\x15\x30\x13\x06\x03\x55\x04\x08\x0c\x0c\xce\x91\xcf\x84\xcf\x84\xce\xb9\xce\xba\xce\xae\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x47\x52", 91}, + }, + { + .name = "combo DN", + .compat_str = "C=\\,\\ ,OU=\\ X\\ ,CN=\\#XXX", + .str = "CN=\\#XXX,OU=\\ X\\ ,C=\\,\\ ", + .raw = {(void*)"\x30\x2b\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x2c\x20\x31\x0d\x30\x0b\x06\x03\x55\x04\x0b\x13\x04\x20\x20\x58\x20\x31\x0d\x30\x0b\x06\x03\x55\x04\x03\x0c\x04\x23\x58\x58\x58", 45}, + }, + { + .name = "very long DN", + .compat_str = "C=ES,ST=CACERES,L=CACERES,O=DIPUTACION PROVINCIAL DE CACERES,OU=DIPUTACION PROVINCIAL DE CACERES,CN=www.dip-caceres.es,EMAIL=webmaster@dip-caceres.es,2.5.29.17=#1382304b444e532e313d6162616469612e65732c444e532e323d61626572747572612e65732c444e532e333d616365626f2e65732c444e532e343d61636568756368652e65732c444e532e353d6163656974756e612e65732c444e532e363d61686967616c2e65732c444e532e373d616c61676f6e64656c72696f2e65732c444e532e383d616c636f6c6c6172696e2e65732c444e532e393d6179746f616c62616c612e65732c444e532e31303d6179746f616c63616e746172612e65732c444e532e31313d616c637565736361722e65732c444e532e31323d616c64656163656e74656e6572612e65732c444e532e31333d616c64656164656c63616e6f2e65732c444e532e31343d6c61616c64656164656c6f626973706f2e65732c444e532e31353d616c6465616e7565766164656c61766572612e65732c444e532e31363d616c6465616e7565766164656c63616d696e6f2e65732c444e532e31373d616c64656875656c6164656c6a657274652e65732c444e532e31383d6179746f616c69612e65732c444e532e31393d616c69736564612e65732c444e532e32303d616c6d6172617a2e65732c444e532e32313d616c6d6f686172696e2e65732c444e532e32323d6179746f6172726f796f64656c616c757a2e65732c444e532e32333d6172726f796f6d6f6c696e6f732e65732c444e532e32343d6172726f796f6d6f6c696e6f7364656c61766572612e65732c444e532e32353d62616e6f7364656d6f6e74656d61796f722e65732c444e532e32363d6261727261646f2e65732c444e532e32373d62656c76697364656d6f6e726f792e65732c444e532e32383d62656e71756572656e6369612e65732c444e532e32393d626572726f63616c656a6f2e65732c444e532e33303d6265727a6f63616e612e65732c444e532e33313d626f686f6e616c646569626f722e65732c444e532e33323d626f74696a612e65732c444e532e33333d62726f7a61732e65732c444e532e33343d636162616e617364656c63617374696c6c6f2e65732c444e532e33353d636162657a6162656c6c6f73612e65732c444e532e33363d636162657a75656c6164656c76616c6c652e65732c444e532e33373d6361627265726f2e65732c444e532e33383d636163686f7272696c6c612e65732c444e532e33393d636164616c736f2e65732c444e532e34303d63616c7a6164696c6c612e65732c444e532e34313d63616d696e6f6d6f726973636f2e65732c444e532e34323d63616d70696c6c6f646564656c6569746f73612e65732c444e532e34333d63616d706f6c756761722e65732c444e532e34343d63616e616d65726f2e65732c444e532e34353d63616e61766572616c2e65732c444e532e34363d63617262616a6f2e65732c444e532e34373d6361726361626f736f2e65732c444e532e34383d63617272617363616c656a6f2e65732c444e532e34393d63617361726465636163657265732e65732c444e532e35303d6361736172646570616c6f6d65726f2e65732c444e532e35313d6361736172657364656c61736875726465732e65732c444e532e35323d63617361736465646f6e616e746f6e696f2e65732c444e532e35333d63617361736465646f6e676f6d657a2e65732c444e532e35343d636173617364656c63617374616e61722e65732c444e532e35353d636173617364656c6d6f6e74652e65732c444e532e35363d636173617364656d696c6c616e2e65732c444e532e35373d636173617364656d697261766574652e65732c444e532e35383d6361736174656a6164612e65732c444e532e35393d636173696c6c61736465636f7269612e65732c444e532e36303d63617374616e6172646569626f722e65732c444e532e36313d6365636c6176696e2e65732c444e532e36323d636564696c6c6f2e65732c444e532e36333d636572657a6f2e65732c444e532e36343d63696c6c65726f732e65732c444e532e36353d636f6c6c61646f2e65732c444e532e36363d636f6e71756973746164656c617369657272612e65732c444e532e36373d636f7269612e65732c444e532e36383d637561636f73646579757374652e65732c444e532e36393d6c6163756d6272652e65732c444e532e37303d64656c6569746f73612e65732c444e532e37313d64657363617267616d617269612e65732c444e532e37323d656c6a61732e65732c444e532e37333d657363757269616c2e65732c444e532e37343d667265736e65646f736f646569626f722e65732c444e532e37353d67616c697374656f2e65732c444e532e37363d6761726369617a2e65732c444e532e37373d6c6167617267616e74612e65732c444e532e37383d67617267616e74616c616f6c6c612e65732c444e532e37393d67617267616e74696c6c612e65732c444e532e38303d67617267756572612e65732c444e532e38313d676172726f76696c6c61736465616c636f6e657461722e65732c444e532e38323d67617276696e2e65732c444e532e38333d676174612e65732c444e532e38343d6179746f656c676f72646f2e65732c444e532e38353d6c616772616e6a612e65732c444e532e38363d6c616772616e6a6164656772616e6164696c6c612e65732c444e532e38373d6179756e74616d69656e746f646567756164616c7570652e65732c444e532e38383d6775696a6f6465636f7269612e65732c444e532e38393d6775696a6f646567616c697374656f2e65732c444e532e39303d6775696a6f64656772616e6164696c6c612e65732c444e532e39313d6775696a6f646573616e7461626172626172612e65732c444e532e39323d6865726775696a75656c612e65732c444e532e39333d6865726e616e706572657a2e65732c444e532e39343d686572726572616465616c63616e746172612e65732c444e532e39353d68657272657275656c612e65732c444e532e39363d6865727661732e65732c444e532e39373d686967756572612e65732c444e532e39383d68696e6f6a616c2e65732c444e532e39393d686f6c67756572612e65732c444e532e3130303d686f796f732e65732c444e532e3130313d6875656c6167612e65732c444e532e3130323d6962616865726e616e646f2e65732c444e532e3130333d6a6172616963656a6f2e65732c444e532e3130343d6a617261697a64656c61766572612e65732c444e532e3130353d6a6172616e64696c6c6164656c61766572612e65732c444e532e3130363d6a6172696c6c612e65732c444e532e3130373d6a657274652e65732c444e532e3130383d6c616472696c6c61722e65732c444e532e3130393d6c6f67726f73616e2e65732c444e532e3131303d6c6f73617264656c61766572612e65732c444e532e3131313d6d6164726967616c656a6f2e65732c444e532e3131323d6d6164726967616c64656c61766572612e65732c444e532e3131333d6d6164726f6e6572612e65732c444e532e3131343d6d616a616461732e65732c444e532e3131353d6d616c706172746964616465636163657265732e65732c444e532e3131363d6d616c706172746964616465706c6173656e6369612e65732c444e532e3131373d6d617263686167617a2e65732c444e532e3131383d6d6174616465616c63616e746172612e65732c444e532e3131393d6d656d6272696f2e65732c444e532e3132303d6d65736173646569626f722e65732c444e532e3132313d6d69616a616461732e65732c444e532e3132323d6d696c6c616e65732e65732c444e532e3132333d6d69726162656c2e65732c444e532e3132343d6d6f686564617364656772616e6164696c6c612e65732c444e532e3132353d6d6f6e726f792e65732c444e532e3132363d6d6f6e74616e6368657a2e65732c444e532e3132373d6d6f6e74656865726d6f736f2e65732c444e532e3132383d6d6f72616c656a612e65732c444e532e3132393d6d6f7263696c6c6f2e65732c444e532e3133303d6e617661636f6e63656a6f2e65732c444e532e3133313d6e6176616c76696c6c6172646569626f722e65732c444e532e3133323d6e6176616c6d6f72616c64656c616d6174612e65732c444e532e3133333d6e6176617364656c6d6164726f6e6f2e65732c444e532e3133343d6e6176617472617369657272612e65732c444e532e3133353d6e6176657a75656c61732e65732c444e532e3133363d6e756e6f6d6f72616c2e65732c444e532e3133373d6f6c6976616465706c6173656e6369612e65732c444e532e3133383d70616c6f6d65726f2e65732c444e532e3133393d70617361726f6e64656c61766572612e65732c444e532e3134303d706564726f736f64656163696d2e65732c444e532e3134313d706572616c65646164656c616d6174612e65732c444e532e3134323d706572616c656461646573616e726f6d616e2e65732c444e532e3134333d706572616c657364656c70756572746f2e65732c444e532e3134343d7065736375657a612e65732c444e532e3134353d6c6170657367612e65732c444e532e3134363d70696564726173616c6261732e65732c444e532e3134373d70696e6f6672616e71756561646f2e65732c444e532e3134383d70696f726e616c2e65732c444e532e3134393d706c6173656e7a75656c612e65732c444e532e3135303d706f7274616a652e65732c444e532e3135313d706f7274657a75656c6f2e65732c444e532e3135323d706f7a75656c6f64657a61727a6f6e2e65732c444e532e3135333d707565626c6f6e7565766f64656d6972616d6f6e7465732e65732c444e532e3135343d70756572746f646573616e74616372757a2e65732c444e532e3135353d7265626f6c6c61722e65732c444e532e3135363d72696f6c6f626f732e65732c444e532e3135373d726f626c6564696c6c6f6465676174612e65732c444e532e3135383d726f626c6564696c6c6f64656c61766572612e65732c444e532e3135393d726f626c6564696c6c6f64657472756a696c6c6f2c444e532e3136303d726f626c65646f6c6c616e6f2e65732c444e532e3136313d726f6d616e676f72646f2e65732c444e532e3136323d7275616e65732e65732c444e532e3136333d73616c6f72696e6f2e65732c444e532e3136343d73616c7661746965727261646573616e746961676f2e65732c444e532e3136353d73616e6d617274696e646574726576656a6f2e65732c444e532e3136363d6179746f73616e7461616e612e65732c444e532e3136373d73616e74616372757a64656c617369657272612e65732c444e532e3136383d73616e74616372757a646570616e69616775612e65732c444e532e3136393d73616e74616d6172746164656d6167617363612e65732c444e532e3137303d73616e746961676f64656c63616d706f2e65732c444e532e3137313d73616e746962616e657a656c616c746f2e65732c444e532e3137323d73616e746962616e657a656c62616a6f2e65732c444e532e3137333d736175636564696c6c612e65732c444e532e3137343d7365677572616465746f726f2e65732c444e532e3137353d736572726164696c6c612e65732c444e532e3137363d73657272656a6f6e2e65732c444e532e3137373d73696572726164656675656e7465732e65732c444e532e3137383d74616c6176616e2e65732c444e532e3137393d74616c6176657275656c6164656c61766572612e65732c444e532e3138303d74616c617975656c612e65732c444e532e3138313d74656a65646164657469657461722e65732c444e532e3138323d746f72696c2e65732c444e532e3138333d746f726e6176616361732e65732c444e532e3138343d6179746f656c746f726e6f2e65732c444e532e3138353d746f72726563696c6c6164656c6f73616e67656c65732e65732c444e532e3138363d746f72726563696c6c617364656c6174696573612e65732c444e532e3138373d746f7272656465646f6e6d696775656c2e65732c444e532e3138383d746f727265646573616e74616d617269612e65732c444e532e3138393d746f7272656a6f6e656c727562696f2e65732c444e532e3139303d746f7272656a6f6e63696c6c6f2e65732c444e532e3139313d746f7272656d656e67612e65732c444e532e3139323d746f7272656d6f6368612e65732c444e532e3139333d746f7272656f7267617a2e65732c444e532e3139343d746f7272657175656d6164612e65732c444e532e3139353d76616c64617374696c6c61732e65732c444e532e3139363d76616c646563616e6173646574616a6f2e65732c444e532e3139373d76616c64656675656e7465732e65732c444e532e3139383d76616c646568756e6361722e65732c444e532e3139393d76616c6465696e69676f732e65732c444e532e3230303d76616c64656c6163617361646574616a6f2e65732c444e532e3230313d76616c64656d6f72616c65732e65732c444e532e3230323d76616c64656f626973706f2e65732c444e532e3230333d76616c646573616c6f722e65732c444e532e3230343d76616c72696f2e65732c444e532e3230353d76616c656e6369616465616c63616e746172612e65732c444e532e3230363d76616c766572646564656c61766572612e65732c444e532e3230373d76616c766572646564656c667265736e6f2e65732c444e532e3230383d766567617669616e612e65732c444e532e3230393d7669616e64617264656c61766572612e65732c444e532e3231303d76696c6c6164656c63616d706f2e65732c444e532e3231313d76696c6c6164656c7265792e65732c444e532e3231323d76696c6c616d65736961732e65732c444e532e3231333d76696c6c616d69656c2e65732c444e532e3231343d76696c6c616e7565766164656c617369657272612e65732c444e532e3231353d76696c6c617264656c706564726f736f2e65732c444e532e3231363d76696c6c61726465706c6173656e6369612e65732c444e532e3231373d76696c6c61736275656e61736465676174612e65732c444e532e3231383d7a61727a6164656772616e6164696c6c612e65732c444e532e3231393d7a61727a6164656d6f6e74616e6368657a2e65732c444e532e3232303d7a61727a616c616d61796f722e65732c444e532e3232313d7a6f726974612e65732c444e532e3232323d726f73616c656a6f2e65732c444e532e3232333d766567617669616e612e65732c444e532e3232343d616c61676f6e64656c72696f2e65732c444e532e3232353d7469657461722e65732c444e532e3232363d76616c646573616c6f722e65732c444e532e3232373d6e6176617472617369657272612e65732c444e532e3232383d7269766572616465667265736e65646f73612e65732c444e532e3232393d656c6d73616e67696c2e65732c444e532e3233303d74616a6f73616c6f722e65732c444e532e3233313d76616c6c65616d62726f7a2e65732c444e532e3233323d6d616e636f6d756e6964616476616c6c6564656c616c61676f6e2e65732c444e532e3233333d6d616e636f6d756e6964616476616c6c6564656c6a657274652e65732c444e532e3233343d6d616e636f6d756e696461647665676173616c7461732e65732c444e532e3233353d6d616e636f6d756e6964616464656c61766572612e65732c444e532e3233363d6d616e636f6d756e696461647a6f6e6163656e74726f2e65732c444e532e3233373d76696c6c7565726361732d69626f7265732d6a6172612e65732c444e532e3233383d7777772e6162616469612e65732c444e532e3233393d7777772e61626572747572612e65732c444e532e3234303d7777772e616365626f2e65732c444e532e3234313d7777772e61636568756368652e65732c444e532e3234323d7777772e6163656974756e612e65732c444e532e3234333d7777772e61686967616c2e65732c444e532e3234343d7777772e616c61676f6e64656c72696f2e65732c444e532e3234353d7777772e616c636f6c6c6172696e2e65732c444e532e3234363d7777772e6179746f616c62616c612e65732c444e532e3234373d7777772e6179746f616c63616e746172612e65732c444e532e3234383d7777772e616c637565736361722e65732c444e532e3234393d7777772e616c64656163656e74656e6572612e65732c444e532e3235303d7777772e616c64656164656c63616e6f2e65732c444e532e3235313d7777772e6c61616c64656164656c6f626973706f2e65732c444e532e3235323d7777772e616c6465616e7565766164656c61766572612e65732c444e532e3235333d7777772e616c6465616e7565766164656c63616d696e6f2e65732c444e532e3235343d7777772e616c64656875656c6164656c6a657274652e65732c444e532e3235353d7777772e6179746f616c69612e65732c444e532e3235363d7777772e616c69736564612e65732c444e532e3235373d7777772e616c6d6172617a2e65732c444e532e3235383d7777772e616c6d6f686172696e2e65732c444e532e3235393d7777772e6179746f6172726f796f64656c616c757a2e65732c444e532e3236303d7777772e6172726f796f6d6f6c696e6f732e65732c444e532e3236313d7777772e6172726f796f6d6f6c696e6f7364656c61766572612e65732c444e532e3236323d7777772e62616e6f7364656d6f6e74656d61796f722e65732c444e532e3236333d7777772e6261727261646f2e65732c444e532e3236343d7777772e62656c76697364656d6f6e726f792e65732c444e532e3236353d7777772e62656e71756572656e6369612e65732c444e532e3236363d7777772e626572726f63616c656a6f2e65732c444e532e3236373d7777772e6265727a6f63616e612e65732c444e532e3236383d7777772e626f686f6e616c646569626f722e65732c444e532e3236393d7777772e626f74696a612e65732c444e532e3237303d7777772e62726f7a61732e65732c444e532e3237313d7777772e636162616e617364656c63617374696c6c6f2e65732c444e532e3237323d7777772e636162657a6162656c6c6f73612e65732c444e532e3237333d7777772e636162657a75656c6164656c76616c6c652e65732c444e532e3237343d7777772e6361627265726f2e65732c444e532e3237353d7777772e636163686f7272696c6c612e65732c444e532e3237363d7777772e636164616c736f2e65732c444e532e3237373d7777772e63616c7a6164696c6c612e65732c444e532e3237383d7777772e63616d696e6f6d6f726973636f2e65732c444e532e3237393d7777772e63616d70696c6c6f646564656c6569746f73612e65732c444e532e3238303d7777772e63616d706f6c756761722e65732c444e532e3238313d7777772e63616e616d65726f2e65732c444e532e3238323d7777772e63616e61766572616c2e65732c444e532e3238333d7777772e63617262616a6f2e65732c444e532e3238343d7777772e6361726361626f736f2e65732c444e532e3238353d7777772e63617272617363616c656a6f2e65732c444e532e3238363d7777772e63617361726465636163657265732e65732c444e532e3238373d7777772e6361736172646570616c6f6d65726f2e65732c444e532e3238383d7777772e6361736172657364656c61736875726465732e65732c444e532e3238393d7777772e63617361736465646f6e616e746f6e696f2e65732c444e532e3239303d7777772e63617361736465646f6e676f6d657a2e65732c444e532e3239313d7777772e636173617364656c63617374616e61722e65732c444e532e3239323d7777772e636173617364656c6d6f6e74652e65732c444e532e3239333d7777772e636173617364656d696c6c616e2e65732c444e532e3239343d7777772e636173617364656d697261766574652e65732c444e532e3239353d7777772e6361736174656a6164612e65732c444e532e3239363d7777772e636173696c6c61736465636f7269612e65732c444e532e3239373d7777772e63617374616e6172646569626f722e65732c444e532e3239383d7777772e6365636c6176696e2e65732c444e532e3239393d7777772e636564696c6c6f2e65732c444e532e3330303d7777772e636572657a6f2e65732c444e532e3330313d7777772e63696c6c65726f732e65732c444e532e3330323d7777772e636f6c6c61646f2e65732c444e532e3330333d7777772e636f6e71756973746164656c617369657272612e65732c444e532e3330343d7777772e636f7269612e65732c444e532e3330353d7777772e637561636f73646579757374652e65732c444e532e3330363d7777772e6c6163756d6272652e65732c444e532e3330373d7777772e64656c6569746f73612e65732c444e532e3330383d7777772e64657363617267616d617269612e65732c444e532e3330393d7777772e656c6a61732e65732c444e532e3331303d7777772e657363757269616c2e65732c444e532e3331313d7777772e667265736e65646f736f646569626f722e65732c444e532e3331323d7777772e67616c697374656f2e65732c444e532e3331333d7777772e6761726369617a2e65732c444e532e3331343d7777772e6c6167617267616e74612e65732c444e532e3331353d7777772e67617267616e74616c616f6c6c612e65732c444e532e3331363d7777772e67617267616e74696c6c612e65732c444e532e3331373d7777772e67617267756572612e65732c444e532e3331383d7777772e676172726f76696c6c61736465616c636f6e657461722e65732c444e532e3331393d7777772e67617276696e2e65732c444e532e3332303d7777772e676174612e65732c444e532e3332313d7777772e6179746f656c676f72646f2e65732c444e532e3332323d7777772e6c616772616e6a612e65732c444e532e3332333d7777772e6c616772616e6a6164656772616e6164696c6c612e65732c444e532e3332343d7777772e6179756e74616d69656e746f646567756164616c7570652e65732c444e532e3332353d7777772e6775696a6f6465636f7269612e65732c444e532e3332363d7777772e6775696a6f646567616c697374656f2e65732c444e532e3332373d7777772e6775696a6f64656772616e6164696c6c612e65732c444e532e3332383d7777772e6775696a6f646573616e7461626172626172612e65732c444e532e3332393d7777772e6865726775696a75656c612e65732c444e532e3333303d7777772e6865726e616e706572657a2e65732c444e532e3333313d7777772e686572726572616465616c63616e746172612e65732c444e532e3333323d7777772e68657272657275656c612e65732c444e532e3333333d7777772e6865727661732e65732c444e532e3333343d7777772e686967756572612e65732c444e532e3333353d7777772e68696e6f6a616c2e65732c444e532e3333363d7777772e686f6c67756572612e65732c444e532e3333373d7777772e686f796f732e65732c444e532e3333383d7777772e6875656c6167612e65732c444e532e3333393d7777772e6962616865726e616e646f2e65732c444e532e3334303d7777772e6a6172616963656a6f2e65732c444e532e3334313d7777772e6a617261697a64656c61766572612e65732c444e532e3334323d7777772e6a6172616e64696c6c6164656c61766572612e65732c444e532e3334333d7777772e6a6172696c6c612e65732c444e532e3334343d7777772e6a657274652e65732c444e532e3334353d7777772e6c616472696c6c61722e65732c444e532e3334363d7777772e6c6f67726f73616e2e65732c444e532e3334373d7777772e6c6f73617264656c61766572612e65732c444e532e3334383d7777772e6d6164726967616c656a6f2e65732c444e532e3334393d7777772e6d6164726967616c64656c61766572612e65732c444e532e3335303d7777772e6d6164726f6e6572612e65732c444e532e3335313d7777772e6d616a616461732e65732c444e532e3335323d7777772e6d616c706172746964616465636163657265732e65732c444e532e3335333d7777772e6d616c706172746964616465706c6173656e6369612e65732c444e532e3335343d7777772e6d617263686167617a2e65732c444e532e3335353d7777772e6d6174616465616c63616e746172612e65732c444e532e3335363d7777772e6d656d6272696f2e65732c444e532e3335373d7777772e6d65736173646569626f722e65732c444e532e3335383d7777772e6d69616a616461732e65732c444e532e3335393d7777772e6d696c6c616e65732e65732c444e532e3336303d7777772e6d69726162656c2e65732c444e532e3336313d7777772e6d6f686564617364656772616e6164696c6c612e65732c444e532e3336323d7777772e6d6f6e726f792e65732c444e532e3336333d7777772e6d6f6e74616e6368657a2e65732c444e532e3336343d7777772e6d6f6e74656865726d6f736f2e65732c444e532e3336353d7777772e6d6f72616c656a612e65732c444e532e3336363d7777772e6d6f7263696c6c6f2e65732c444e532e3336373d7777772e6e617661636f6e63656a6f2e65732c444e532e3336383d7777772e6e6176616c76696c6c6172646569626f722e65732c444e532e3336393d7777772e6e6176616c6d6f72616c64656c616d6174612e65732c444e532e3337303d7777772e6e6176617364656c6d6164726f6e6f2e65732c444e532e3337313d7777772e6e6176617472617369657272612e65732c444e532e3337323d7777772e6e6176657a75656c61732e65732c444e532e3337333d7777772e6e756e6f6d6f72616c2e65732c444e532e3337343d7777772e6f6c6976616465706c6173656e6369612e65732c444e532e3337353d7777772e70616c6f6d65726f2e65732c444e532e3337363d7777772e70617361726f6e64656c61766572612e65732c444e532e3337373d7777772e706564726f736f64656163696d2e65732c444e532e3337383d7777772e706572616c65646164656c616d6174612e65732c444e532e3337393d7777772e706572616c656461646573616e726f6d616e2e65732c444e532e3338303d7777772e706572616c657364656c70756572746f2e65732c444e532e3338313d7777772e7065736375657a612e65732c444e532e3338323d7777772e6c6170657367612e65732c444e532e3338333d7777772e70696564726173616c6261732e65732c444e532e3338343d7777772e70696e6f6672616e71756561646f2e65732c444e532e3338353d7777772e70696f726e616c2e65732c444e532e3338363d7777772e706c6173656e7a75656c612e65732c444e532e3338373d7777772e706f7274616a652e65732c444e532e3338383d7777772e706f7274657a75656c6f2e65732c444e532e3338393d7777772e706f7a75656c6f64657a61727a6f6e2e65732c444e532e3339303d7777772e707565626c6f6e7565766f64656d6972616d6f6e7465732e65732c444e532e3339313d7777772e70756572746f646573616e74616372757a2e65732c444e532e3339323d7777772e7265626f6c6c61722e65732c444e532e3339333d7777772e72696f6c6f626f732e65732c444e532e3339343d7777772e726f626c6564696c6c6f6465676174612e65732c444e532e3339353d7777772e726f626c6564696c6c6f64656c61766572612e65732c444e532e3339363d7777772e726f626c6564696c6c6f64657472756a696c6c6f2c444e532e3339373d7777772e726f626c65646f6c6c616e6f2e65732c444e532e3339383d7777772e726f6d616e676f72646f2e65732c444e532e3339393d7777772e7275616e65732e65732c444e532e3430303d7777772e73616c6f72696e6f2e65732c444e532e3430313d7777772e73616c7661746965727261646573616e746961676f2e65732c444e532e3430323d7777772e73616e6d617274696e646574726576656a6f2e65732c444e532e3430333d7777772e6179746f73616e7461616e612e65732c444e532e3430343d7777772e73616e74616372757a64656c617369657272612e65732c444e532e3430353d7777772e73616e74616372757a646570616e69616775612e65732c444e532e3430363d7777772e73616e74616d6172746164656d6167617363612e65732c444e532e3430373d7777772e73616e746961676f64656c63616d706f2e65732c444e532e3430383d7777772e73616e746962616e657a656c616c746f2e65732c444e532e3430393d7777772e73616e746962616e657a656c62616a6f2e65732c444e532e3431303d7777772e736175636564696c6c612e65732c444e532e3431313d7777772e7365677572616465746f726f2e65732c444e532e3431323d7777772e736572726164696c6c612e65732c444e532e3431333d7777772e73657272656a6f6e2e65732c444e532e3431343d7777772e73696572726164656675656e7465732e65732c444e532e3431353d7777772e74616c6176616e2e65732c444e532e3431363d7777772e74616c6176657275656c6164656c61766572612e65732c444e532e3431373d7777772e74616c617975656c612e65732c444e532e3431383d7777772e74656a65646164657469657461722e65732c444e532e3431393d7777772e746f72696c2e65732c444e532e3432303d7777772e746f726e6176616361732e65732c444e532e3432313d7777772e6179746f656c746f726e6f2e65732c444e532e3432323d7777772e746f72726563696c6c6164656c6f73616e67656c65732e65732c444e532e3432333d7777772e746f72726563696c6c617364656c6174696573612e65732c444e532e3432343d7777772e746f7272656465646f6e6d696775656c2e65732c444e532e3432353d7777772e746f727265646573616e74616d617269612e65732c444e532e3432363d7777772e746f7272656a6f6e656c727562696f2e65732c444e532e3432373d7777772e746f7272656a6f6e63696c6c6f2e65732c444e532e3432383d7777772e746f7272656d656e67612e65732c444e532e3432393d7777772e746f7272656d6f6368612e65732c444e532e3433303d7777772e746f7272656f7267617a2e65732c444e532e3433313d7777772e746f7272657175656d6164612e65732c444e532e3433323d7777772e76616c64617374696c6c61732e65732c444e532e3433333d7777772e76616c646563616e6173646574616a6f2e65732c444e532e3433343d7777772e76616c64656675656e7465732e65732c444e532e3433353d7777772e76616c646568756e6361722e65732c444e532e3433363d7777772e76616c6465696e69676f732e65732c444e532e3433373d7777772e76616c64656c6163617361646574616a6f2e65732c444e532e3433383d7777772e76616c64656d6f72616c65732e65732c444e532e3433393d7777772e76616c64656f626973706f2e65732c444e532e3434303d7777772e76616c646573616c6f722e65732c444e532e3434313d7777772e76616c72696f2e65732c444e532e3434323d7777772e76616c656e6369616465616c63616e746172612e65732c444e532e3434333d7777772e76616c766572646564656c61766572612e65732c444e532e3434343d7777772e76616c766572646564656c667265736e6f2e65732c444e532e3434353d7777772e766567617669616e612e65732c444e532e3434363d7777772e7669616e64617264656c61766572612e65732c444e532e3434373d7777772e76696c6c6164656c63616d706f2e65732c444e532e3434383d7777772e76696c6c6164656c7265792e65732c444e532e3434393d7777772e76696c6c616d65736961732e65732c444e532e3435303d7777772e76696c6c616d69656c2e65732c444e532e3435313d7777772e76696c6c616e7565766164656c617369657272612e65732c444e532e3435323d7777772e76696c6c617264656c706564726f736f2e65732c444e532e3435333d7777772e76696c6c61726465706c6173656e6369612e65732c444e532e3435343d7777772e76696c6c61736275656e61736465676174612e65732c444e532e3435353d7777772e7a61727a6164656772616e6164696c6c612e65732c444e532e3435363d7777772e7a61727a6164656d6f6e74616e6368657a2e65732c444e532e3435373d7777772e7a61727a616c616d61796f722e65732c444e532e3435383d7777772e7a6f726974612e65732c444e532e3435393d7777772e726f73616c656a6f2e65732c444e532e3436303d7777772e766567617669616e612e65732c444e532e3436313d7777772e616c61676f6e64656c72696f2e65732c444e532e3436323d7777772e7469657461722e65732c444e532e3436333d7777772e76616c646573616c6f722e65732c444e532e3436343d7777772e6e6176617472617369657272612e65732c444e532e3436353d7777772e7269766572616465667265736e65646f73612e65732c444e532e3436363d7777772e656c6d73616e67696c2e65732c444e532e3436373d7777772e74616a6f73616c6f722e65732c444e532e3436383d7777772e76616c6c65616d62726f7a2e65732c444e532e3436393d7777772e6d616e636f6d756e6964616476616c6c6564656c616c61676f6e2e65732c444e532e3437303d7777772e6d616e636f6d756e6964616476616c6c6564656c6a657274652e65732c444e532e3437313d7777772e6d616e636f6d756e696461647665676173616c7461732e65732c444e532e3437323d7777772e6d616e636f6d756e6964616464656c61766572612e65732c444e532e3437333d7777772e6d616e636f6d756e696461647a6f6e6163656e74726f2e65732c444e532e3437343d7777772e76696c6c7565726361732d69626f7265732d6a6172612e6573", + .str = "2.5.29.17=#1382304b444e532e313d6162616469612e65732c444e532e323d61626572747572612e65732c444e532e333d616365626f2e65732c444e532e343d61636568756368652e65732c444e532e353d6163656974756e612e65732c444e532e363d61686967616c2e65732c444e532e373d616c61676f6e64656c72696f2e65732c444e532e383d616c636f6c6c6172696e2e65732c444e532e393d6179746f616c62616c612e65732c444e532e31303d6179746f616c63616e746172612e65732c444e532e31313d616c637565736361722e65732c444e532e31323d616c64656163656e74656e6572612e65732c444e532e31333d616c64656164656c63616e6f2e65732c444e532e31343d6c61616c64656164656c6f626973706f2e65732c444e532e31353d616c6465616e7565766164656c61766572612e65732c444e532e31363d616c6465616e7565766164656c63616d696e6f2e65732c444e532e31373d616c64656875656c6164656c6a657274652e65732c444e532e31383d6179746f616c69612e65732c444e532e31393d616c69736564612e65732c444e532e32303d616c6d6172617a2e65732c444e532e32313d616c6d6f686172696e2e65732c444e532e32323d6179746f6172726f796f64656c616c757a2e65732c444e532e32333d6172726f796f6d6f6c696e6f732e65732c444e532e32343d6172726f796f6d6f6c696e6f7364656c61766572612e65732c444e532e32353d62616e6f7364656d6f6e74656d61796f722e65732c444e532e32363d6261727261646f2e65732c444e532e32373d62656c76697364656d6f6e726f792e65732c444e532e32383d62656e71756572656e6369612e65732c444e532e32393d626572726f63616c656a6f2e65732c444e532e33303d6265727a6f63616e612e65732c444e532e33313d626f686f6e616c646569626f722e65732c444e532e33323d626f74696a612e65732c444e532e33333d62726f7a61732e65732c444e532e33343d636162616e617364656c63617374696c6c6f2e65732c444e532e33353d636162657a6162656c6c6f73612e65732c444e532e33363d636162657a75656c6164656c76616c6c652e65732c444e532e33373d6361627265726f2e65732c444e532e33383d636163686f7272696c6c612e65732c444e532e33393d636164616c736f2e65732c444e532e34303d63616c7a6164696c6c612e65732c444e532e34313d63616d696e6f6d6f726973636f2e65732c444e532e34323d63616d70696c6c6f646564656c6569746f73612e65732c444e532e34333d63616d706f6c756761722e65732c444e532e34343d63616e616d65726f2e65732c444e532e34353d63616e61766572616c2e65732c444e532e34363d63617262616a6f2e65732c444e532e34373d6361726361626f736f2e65732c444e532e34383d63617272617363616c656a6f2e65732c444e532e34393d63617361726465636163657265732e65732c444e532e35303d6361736172646570616c6f6d65726f2e65732c444e532e35313d6361736172657364656c61736875726465732e65732c444e532e35323d63617361736465646f6e616e746f6e696f2e65732c444e532e35333d63617361736465646f6e676f6d657a2e65732c444e532e35343d636173617364656c63617374616e61722e65732c444e532e35353d636173617364656c6d6f6e74652e65732c444e532e35363d636173617364656d696c6c616e2e65732c444e532e35373d636173617364656d697261766574652e65732c444e532e35383d6361736174656a6164612e65732c444e532e35393d636173696c6c61736465636f7269612e65732c444e532e36303d63617374616e6172646569626f722e65732c444e532e36313d6365636c6176696e2e65732c444e532e36323d636564696c6c6f2e65732c444e532e36333d636572657a6f2e65732c444e532e36343d63696c6c65726f732e65732c444e532e36353d636f6c6c61646f2e65732c444e532e36363d636f6e71756973746164656c617369657272612e65732c444e532e36373d636f7269612e65732c444e532e36383d637561636f73646579757374652e65732c444e532e36393d6c6163756d6272652e65732c444e532e37303d64656c6569746f73612e65732c444e532e37313d64657363617267616d617269612e65732c444e532e37323d656c6a61732e65732c444e532e37333d657363757269616c2e65732c444e532e37343d667265736e65646f736f646569626f722e65732c444e532e37353d67616c697374656f2e65732c444e532e37363d6761726369617a2e65732c444e532e37373d6c6167617267616e74612e65732c444e532e37383d67617267616e74616c616f6c6c612e65732c444e532e37393d67617267616e74696c6c612e65732c444e532e38303d67617267756572612e65732c444e532e38313d676172726f76696c6c61736465616c636f6e657461722e65732c444e532e38323d67617276696e2e65732c444e532e38333d676174612e65732c444e532e38343d6179746f656c676f72646f2e65732c444e532e38353d6c616772616e6a612e65732c444e532e38363d6c616772616e6a6164656772616e6164696c6c612e65732c444e532e38373d6179756e74616d69656e746f646567756164616c7570652e65732c444e532e38383d6775696a6f6465636f7269612e65732c444e532e38393d6775696a6f646567616c697374656f2e65732c444e532e39303d6775696a6f64656772616e6164696c6c612e65732c444e532e39313d6775696a6f646573616e7461626172626172612e65732c444e532e39323d6865726775696a75656c612e65732c444e532e39333d6865726e616e706572657a2e65732c444e532e39343d686572726572616465616c63616e746172612e65732c444e532e39353d68657272657275656c612e65732c444e532e39363d6865727661732e65732c444e532e39373d686967756572612e65732c444e532e39383d68696e6f6a616c2e65732c444e532e39393d686f6c67756572612e65732c444e532e3130303d686f796f732e65732c444e532e3130313d6875656c6167612e65732c444e532e3130323d6962616865726e616e646f2e65732c444e532e3130333d6a6172616963656a6f2e65732c444e532e3130343d6a617261697a64656c61766572612e65732c444e532e3130353d6a6172616e64696c6c6164656c61766572612e65732c444e532e3130363d6a6172696c6c612e65732c444e532e3130373d6a657274652e65732c444e532e3130383d6c616472696c6c61722e65732c444e532e3130393d6c6f67726f73616e2e65732c444e532e3131303d6c6f73617264656c61766572612e65732c444e532e3131313d6d6164726967616c656a6f2e65732c444e532e3131323d6d6164726967616c64656c61766572612e65732c444e532e3131333d6d6164726f6e6572612e65732c444e532e3131343d6d616a616461732e65732c444e532e3131353d6d616c706172746964616465636163657265732e65732c444e532e3131363d6d616c706172746964616465706c6173656e6369612e65732c444e532e3131373d6d617263686167617a2e65732c444e532e3131383d6d6174616465616c63616e746172612e65732c444e532e3131393d6d656d6272696f2e65732c444e532e3132303d6d65736173646569626f722e65732c444e532e3132313d6d69616a616461732e65732c444e532e3132323d6d696c6c616e65732e65732c444e532e3132333d6d69726162656c2e65732c444e532e3132343d6d6f686564617364656772616e6164696c6c612e65732c444e532e3132353d6d6f6e726f792e65732c444e532e3132363d6d6f6e74616e6368657a2e65732c444e532e3132373d6d6f6e74656865726d6f736f2e65732c444e532e3132383d6d6f72616c656a612e65732c444e532e3132393d6d6f7263696c6c6f2e65732c444e532e3133303d6e617661636f6e63656a6f2e65732c444e532e3133313d6e6176616c76696c6c6172646569626f722e65732c444e532e3133323d6e6176616c6d6f72616c64656c616d6174612e65732c444e532e3133333d6e6176617364656c6d6164726f6e6f2e65732c444e532e3133343d6e6176617472617369657272612e65732c444e532e3133353d6e6176657a75656c61732e65732c444e532e3133363d6e756e6f6d6f72616c2e65732c444e532e3133373d6f6c6976616465706c6173656e6369612e65732c444e532e3133383d70616c6f6d65726f2e65732c444e532e3133393d70617361726f6e64656c61766572612e65732c444e532e3134303d706564726f736f64656163696d2e65732c444e532e3134313d706572616c65646164656c616d6174612e65732c444e532e3134323d706572616c656461646573616e726f6d616e2e65732c444e532e3134333d706572616c657364656c70756572746f2e65732c444e532e3134343d7065736375657a612e65732c444e532e3134353d6c6170657367612e65732c444e532e3134363d70696564726173616c6261732e65732c444e532e3134373d70696e6f6672616e71756561646f2e65732c444e532e3134383d70696f726e616c2e65732c444e532e3134393d706c6173656e7a75656c612e65732c444e532e3135303d706f7274616a652e65732c444e532e3135313d706f7274657a75656c6f2e65732c444e532e3135323d706f7a75656c6f64657a61727a6f6e2e65732c444e532e3135333d707565626c6f6e7565766f64656d6972616d6f6e7465732e65732c444e532e3135343d70756572746f646573616e74616372757a2e65732c444e532e3135353d7265626f6c6c61722e65732c444e532e3135363d72696f6c6f626f732e65732c444e532e3135373d726f626c6564696c6c6f6465676174612e65732c444e532e3135383d726f626c6564696c6c6f64656c61766572612e65732c444e532e3135393d726f626c6564696c6c6f64657472756a696c6c6f2c444e532e3136303d726f626c65646f6c6c616e6f2e65732c444e532e3136313d726f6d616e676f72646f2e65732c444e532e3136323d7275616e65732e65732c444e532e3136333d73616c6f72696e6f2e65732c444e532e3136343d73616c7661746965727261646573616e746961676f2e65732c444e532e3136353d73616e6d617274696e646574726576656a6f2e65732c444e532e3136363d6179746f73616e7461616e612e65732c444e532e3136373d73616e74616372757a64656c617369657272612e65732c444e532e3136383d73616e74616372757a646570616e69616775612e65732c444e532e3136393d73616e74616d6172746164656d6167617363612e65732c444e532e3137303d73616e746961676f64656c63616d706f2e65732c444e532e3137313d73616e746962616e657a656c616c746f2e65732c444e532e3137323d73616e746962616e657a656c62616a6f2e65732c444e532e3137333d736175636564696c6c612e65732c444e532e3137343d7365677572616465746f726f2e65732c444e532e3137353d736572726164696c6c612e65732c444e532e3137363d73657272656a6f6e2e65732c444e532e3137373d73696572726164656675656e7465732e65732c444e532e3137383d74616c6176616e2e65732c444e532e3137393d74616c6176657275656c6164656c61766572612e65732c444e532e3138303d74616c617975656c612e65732c444e532e3138313d74656a65646164657469657461722e65732c444e532e3138323d746f72696c2e65732c444e532e3138333d746f726e6176616361732e65732c444e532e3138343d6179746f656c746f726e6f2e65732c444e532e3138353d746f72726563696c6c6164656c6f73616e67656c65732e65732c444e532e3138363d746f72726563696c6c617364656c6174696573612e65732c444e532e3138373d746f7272656465646f6e6d696775656c2e65732c444e532e3138383d746f727265646573616e74616d617269612e65732c444e532e3138393d746f7272656a6f6e656c727562696f2e65732c444e532e3139303d746f7272656a6f6e63696c6c6f2e65732c444e532e3139313d746f7272656d656e67612e65732c444e532e3139323d746f7272656d6f6368612e65732c444e532e3139333d746f7272656f7267617a2e65732c444e532e3139343d746f7272657175656d6164612e65732c444e532e3139353d76616c64617374696c6c61732e65732c444e532e3139363d76616c646563616e6173646574616a6f2e65732c444e532e3139373d76616c64656675656e7465732e65732c444e532e3139383d76616c646568756e6361722e65732c444e532e3139393d76616c6465696e69676f732e65732c444e532e3230303d76616c64656c6163617361646574616a6f2e65732c444e532e3230313d76616c64656d6f72616c65732e65732c444e532e3230323d76616c64656f626973706f2e65732c444e532e3230333d76616c646573616c6f722e65732c444e532e3230343d76616c72696f2e65732c444e532e3230353d76616c656e6369616465616c63616e746172612e65732c444e532e3230363d76616c766572646564656c61766572612e65732c444e532e3230373d76616c766572646564656c667265736e6f2e65732c444e532e3230383d766567617669616e612e65732c444e532e3230393d7669616e64617264656c61766572612e65732c444e532e3231303d76696c6c6164656c63616d706f2e65732c444e532e3231313d76696c6c6164656c7265792e65732c444e532e3231323d76696c6c616d65736961732e65732c444e532e3231333d76696c6c616d69656c2e65732c444e532e3231343d76696c6c616e7565766164656c617369657272612e65732c444e532e3231353d76696c6c617264656c706564726f736f2e65732c444e532e3231363d76696c6c61726465706c6173656e6369612e65732c444e532e3231373d76696c6c61736275656e61736465676174612e65732c444e532e3231383d7a61727a6164656772616e6164696c6c612e65732c444e532e3231393d7a61727a6164656d6f6e74616e6368657a2e65732c444e532e3232303d7a61727a616c616d61796f722e65732c444e532e3232313d7a6f726974612e65732c444e532e3232323d726f73616c656a6f2e65732c444e532e3232333d766567617669616e612e65732c444e532e3232343d616c61676f6e64656c72696f2e65732c444e532e3232353d7469657461722e65732c444e532e3232363d76616c646573616c6f722e65732c444e532e3232373d6e6176617472617369657272612e65732c444e532e3232383d7269766572616465667265736e65646f73612e65732c444e532e3232393d656c6d73616e67696c2e65732c444e532e3233303d74616a6f73616c6f722e65732c444e532e3233313d76616c6c65616d62726f7a2e65732c444e532e3233323d6d616e636f6d756e6964616476616c6c6564656c616c61676f6e2e65732c444e532e3233333d6d616e636f6d756e6964616476616c6c6564656c6a657274652e65732c444e532e3233343d6d616e636f6d756e696461647665676173616c7461732e65732c444e532e3233353d6d616e636f6d756e6964616464656c61766572612e65732c444e532e3233363d6d616e636f6d756e696461647a6f6e6163656e74726f2e65732c444e532e3233373d76696c6c7565726361732d69626f7265732d6a6172612e65732c444e532e3233383d7777772e6162616469612e65732c444e532e3233393d7777772e61626572747572612e65732c444e532e3234303d7777772e616365626f2e65732c444e532e3234313d7777772e61636568756368652e65732c444e532e3234323d7777772e6163656974756e612e65732c444e532e3234333d7777772e61686967616c2e65732c444e532e3234343d7777772e616c61676f6e64656c72696f2e65732c444e532e3234353d7777772e616c636f6c6c6172696e2e65732c444e532e3234363d7777772e6179746f616c62616c612e65732c444e532e3234373d7777772e6179746f616c63616e746172612e65732c444e532e3234383d7777772e616c637565736361722e65732c444e532e3234393d7777772e616c64656163656e74656e6572612e65732c444e532e3235303d7777772e616c64656164656c63616e6f2e65732c444e532e3235313d7777772e6c61616c64656164656c6f626973706f2e65732c444e532e3235323d7777772e616c6465616e7565766164656c61766572612e65732c444e532e3235333d7777772e616c6465616e7565766164656c63616d696e6f2e65732c444e532e3235343d7777772e616c64656875656c6164656c6a657274652e65732c444e532e3235353d7777772e6179746f616c69612e65732c444e532e3235363d7777772e616c69736564612e65732c444e532e3235373d7777772e616c6d6172617a2e65732c444e532e3235383d7777772e616c6d6f686172696e2e65732c444e532e3235393d7777772e6179746f6172726f796f64656c616c757a2e65732c444e532e3236303d7777772e6172726f796f6d6f6c696e6f732e65732c444e532e3236313d7777772e6172726f796f6d6f6c696e6f7364656c61766572612e65732c444e532e3236323d7777772e62616e6f7364656d6f6e74656d61796f722e65732c444e532e3236333d7777772e6261727261646f2e65732c444e532e3236343d7777772e62656c76697364656d6f6e726f792e65732c444e532e3236353d7777772e62656e71756572656e6369612e65732c444e532e3236363d7777772e626572726f63616c656a6f2e65732c444e532e3236373d7777772e6265727a6f63616e612e65732c444e532e3236383d7777772e626f686f6e616c646569626f722e65732c444e532e3236393d7777772e626f74696a612e65732c444e532e3237303d7777772e62726f7a61732e65732c444e532e3237313d7777772e636162616e617364656c63617374696c6c6f2e65732c444e532e3237323d7777772e636162657a6162656c6c6f73612e65732c444e532e3237333d7777772e636162657a75656c6164656c76616c6c652e65732c444e532e3237343d7777772e6361627265726f2e65732c444e532e3237353d7777772e636163686f7272696c6c612e65732c444e532e3237363d7777772e636164616c736f2e65732c444e532e3237373d7777772e63616c7a6164696c6c612e65732c444e532e3237383d7777772e63616d696e6f6d6f726973636f2e65732c444e532e3237393d7777772e63616d70696c6c6f646564656c6569746f73612e65732c444e532e3238303d7777772e63616d706f6c756761722e65732c444e532e3238313d7777772e63616e616d65726f2e65732c444e532e3238323d7777772e63616e61766572616c2e65732c444e532e3238333d7777772e63617262616a6f2e65732c444e532e3238343d7777772e6361726361626f736f2e65732c444e532e3238353d7777772e63617272617363616c656a6f2e65732c444e532e3238363d7777772e63617361726465636163657265732e65732c444e532e3238373d7777772e6361736172646570616c6f6d65726f2e65732c444e532e3238383d7777772e6361736172657364656c61736875726465732e65732c444e532e3238393d7777772e63617361736465646f6e616e746f6e696f2e65732c444e532e3239303d7777772e63617361736465646f6e676f6d657a2e65732c444e532e3239313d7777772e636173617364656c63617374616e61722e65732c444e532e3239323d7777772e636173617364656c6d6f6e74652e65732c444e532e3239333d7777772e636173617364656d696c6c616e2e65732c444e532e3239343d7777772e636173617364656d697261766574652e65732c444e532e3239353d7777772e6361736174656a6164612e65732c444e532e3239363d7777772e636173696c6c61736465636f7269612e65732c444e532e3239373d7777772e63617374616e6172646569626f722e65732c444e532e3239383d7777772e6365636c6176696e2e65732c444e532e3239393d7777772e636564696c6c6f2e65732c444e532e3330303d7777772e636572657a6f2e65732c444e532e3330313d7777772e63696c6c65726f732e65732c444e532e3330323d7777772e636f6c6c61646f2e65732c444e532e3330333d7777772e636f6e71756973746164656c617369657272612e65732c444e532e3330343d7777772e636f7269612e65732c444e532e3330353d7777772e637561636f73646579757374652e65732c444e532e3330363d7777772e6c6163756d6272652e65732c444e532e3330373d7777772e64656c6569746f73612e65732c444e532e3330383d7777772e64657363617267616d617269612e65732c444e532e3330393d7777772e656c6a61732e65732c444e532e3331303d7777772e657363757269616c2e65732c444e532e3331313d7777772e667265736e65646f736f646569626f722e65732c444e532e3331323d7777772e67616c697374656f2e65732c444e532e3331333d7777772e6761726369617a2e65732c444e532e3331343d7777772e6c6167617267616e74612e65732c444e532e3331353d7777772e67617267616e74616c616f6c6c612e65732c444e532e3331363d7777772e67617267616e74696c6c612e65732c444e532e3331373d7777772e67617267756572612e65732c444e532e3331383d7777772e676172726f76696c6c61736465616c636f6e657461722e65732c444e532e3331393d7777772e67617276696e2e65732c444e532e3332303d7777772e676174612e65732c444e532e3332313d7777772e6179746f656c676f72646f2e65732c444e532e3332323d7777772e6c616772616e6a612e65732c444e532e3332333d7777772e6c616772616e6a6164656772616e6164696c6c612e65732c444e532e3332343d7777772e6179756e74616d69656e746f646567756164616c7570652e65732c444e532e3332353d7777772e6775696a6f6465636f7269612e65732c444e532e3332363d7777772e6775696a6f646567616c697374656f2e65732c444e532e3332373d7777772e6775696a6f64656772616e6164696c6c612e65732c444e532e3332383d7777772e6775696a6f646573616e7461626172626172612e65732c444e532e3332393d7777772e6865726775696a75656c612e65732c444e532e3333303d7777772e6865726e616e706572657a2e65732c444e532e3333313d7777772e686572726572616465616c63616e746172612e65732c444e532e3333323d7777772e68657272657275656c612e65732c444e532e3333333d7777772e6865727661732e65732c444e532e3333343d7777772e686967756572612e65732c444e532e3333353d7777772e68696e6f6a616c2e65732c444e532e3333363d7777772e686f6c67756572612e65732c444e532e3333373d7777772e686f796f732e65732c444e532e3333383d7777772e6875656c6167612e65732c444e532e3333393d7777772e6962616865726e616e646f2e65732c444e532e3334303d7777772e6a6172616963656a6f2e65732c444e532e3334313d7777772e6a617261697a64656c61766572612e65732c444e532e3334323d7777772e6a6172616e64696c6c6164656c61766572612e65732c444e532e3334333d7777772e6a6172696c6c612e65732c444e532e3334343d7777772e6a657274652e65732c444e532e3334353d7777772e6c616472696c6c61722e65732c444e532e3334363d7777772e6c6f67726f73616e2e65732c444e532e3334373d7777772e6c6f73617264656c61766572612e65732c444e532e3334383d7777772e6d6164726967616c656a6f2e65732c444e532e3334393d7777772e6d6164726967616c64656c61766572612e65732c444e532e3335303d7777772e6d6164726f6e6572612e65732c444e532e3335313d7777772e6d616a616461732e65732c444e532e3335323d7777772e6d616c706172746964616465636163657265732e65732c444e532e3335333d7777772e6d616c706172746964616465706c6173656e6369612e65732c444e532e3335343d7777772e6d617263686167617a2e65732c444e532e3335353d7777772e6d6174616465616c63616e746172612e65732c444e532e3335363d7777772e6d656d6272696f2e65732c444e532e3335373d7777772e6d65736173646569626f722e65732c444e532e3335383d7777772e6d69616a616461732e65732c444e532e3335393d7777772e6d696c6c616e65732e65732c444e532e3336303d7777772e6d69726162656c2e65732c444e532e3336313d7777772e6d6f686564617364656772616e6164696c6c612e65732c444e532e3336323d7777772e6d6f6e726f792e65732c444e532e3336333d7777772e6d6f6e74616e6368657a2e65732c444e532e3336343d7777772e6d6f6e74656865726d6f736f2e65732c444e532e3336353d7777772e6d6f72616c656a612e65732c444e532e3336363d7777772e6d6f7263696c6c6f2e65732c444e532e3336373d7777772e6e617661636f6e63656a6f2e65732c444e532e3336383d7777772e6e6176616c76696c6c6172646569626f722e65732c444e532e3336393d7777772e6e6176616c6d6f72616c64656c616d6174612e65732c444e532e3337303d7777772e6e6176617364656c6d6164726f6e6f2e65732c444e532e3337313d7777772e6e6176617472617369657272612e65732c444e532e3337323d7777772e6e6176657a75656c61732e65732c444e532e3337333d7777772e6e756e6f6d6f72616c2e65732c444e532e3337343d7777772e6f6c6976616465706c6173656e6369612e65732c444e532e3337353d7777772e70616c6f6d65726f2e65732c444e532e3337363d7777772e70617361726f6e64656c61766572612e65732c444e532e3337373d7777772e706564726f736f64656163696d2e65732c444e532e3337383d7777772e706572616c65646164656c616d6174612e65732c444e532e3337393d7777772e706572616c656461646573616e726f6d616e2e65732c444e532e3338303d7777772e706572616c657364656c70756572746f2e65732c444e532e3338313d7777772e7065736375657a612e65732c444e532e3338323d7777772e6c6170657367612e65732c444e532e3338333d7777772e70696564726173616c6261732e65732c444e532e3338343d7777772e70696e6f6672616e71756561646f2e65732c444e532e3338353d7777772e70696f726e616c2e65732c444e532e3338363d7777772e706c6173656e7a75656c612e65732c444e532e3338373d7777772e706f7274616a652e65732c444e532e3338383d7777772e706f7274657a75656c6f2e65732c444e532e3338393d7777772e706f7a75656c6f64657a61727a6f6e2e65732c444e532e3339303d7777772e707565626c6f6e7565766f64656d6972616d6f6e7465732e65732c444e532e3339313d7777772e70756572746f646573616e74616372757a2e65732c444e532e3339323d7777772e7265626f6c6c61722e65732c444e532e3339333d7777772e72696f6c6f626f732e65732c444e532e3339343d7777772e726f626c6564696c6c6f6465676174612e65732c444e532e3339353d7777772e726f626c6564696c6c6f64656c61766572612e65732c444e532e3339363d7777772e726f626c6564696c6c6f64657472756a696c6c6f2c444e532e3339373d7777772e726f626c65646f6c6c616e6f2e65732c444e532e3339383d7777772e726f6d616e676f72646f2e65732c444e532e3339393d7777772e7275616e65732e65732c444e532e3430303d7777772e73616c6f72696e6f2e65732c444e532e3430313d7777772e73616c7661746965727261646573616e746961676f2e65732c444e532e3430323d7777772e73616e6d617274696e646574726576656a6f2e65732c444e532e3430333d7777772e6179746f73616e7461616e612e65732c444e532e3430343d7777772e73616e74616372757a64656c617369657272612e65732c444e532e3430353d7777772e73616e74616372757a646570616e69616775612e65732c444e532e3430363d7777772e73616e74616d6172746164656d6167617363612e65732c444e532e3430373d7777772e73616e746961676f64656c63616d706f2e65732c444e532e3430383d7777772e73616e746962616e657a656c616c746f2e65732c444e532e3430393d7777772e73616e746962616e657a656c62616a6f2e65732c444e532e3431303d7777772e736175636564696c6c612e65732c444e532e3431313d7777772e7365677572616465746f726f2e65732c444e532e3431323d7777772e736572726164696c6c612e65732c444e532e3431333d7777772e73657272656a6f6e2e65732c444e532e3431343d7777772e73696572726164656675656e7465732e65732c444e532e3431353d7777772e74616c6176616e2e65732c444e532e3431363d7777772e74616c6176657275656c6164656c61766572612e65732c444e532e3431373d7777772e74616c617975656c612e65732c444e532e3431383d7777772e74656a65646164657469657461722e65732c444e532e3431393d7777772e746f72696c2e65732c444e532e3432303d7777772e746f726e6176616361732e65732c444e532e3432313d7777772e6179746f656c746f726e6f2e65732c444e532e3432323d7777772e746f72726563696c6c6164656c6f73616e67656c65732e65732c444e532e3432333d7777772e746f72726563696c6c617364656c6174696573612e65732c444e532e3432343d7777772e746f7272656465646f6e6d696775656c2e65732c444e532e3432353d7777772e746f727265646573616e74616d617269612e65732c444e532e3432363d7777772e746f7272656a6f6e656c727562696f2e65732c444e532e3432373d7777772e746f7272656a6f6e63696c6c6f2e65732c444e532e3432383d7777772e746f7272656d656e67612e65732c444e532e3432393d7777772e746f7272656d6f6368612e65732c444e532e3433303d7777772e746f7272656f7267617a2e65732c444e532e3433313d7777772e746f7272657175656d6164612e65732c444e532e3433323d7777772e76616c64617374696c6c61732e65732c444e532e3433333d7777772e76616c646563616e6173646574616a6f2e65732c444e532e3433343d7777772e76616c64656675656e7465732e65732c444e532e3433353d7777772e76616c646568756e6361722e65732c444e532e3433363d7777772e76616c6465696e69676f732e65732c444e532e3433373d7777772e76616c64656c6163617361646574616a6f2e65732c444e532e3433383d7777772e76616c64656d6f72616c65732e65732c444e532e3433393d7777772e76616c64656f626973706f2e65732c444e532e3434303d7777772e76616c646573616c6f722e65732c444e532e3434313d7777772e76616c72696f2e65732c444e532e3434323d7777772e76616c656e6369616465616c63616e746172612e65732c444e532e3434333d7777772e76616c766572646564656c61766572612e65732c444e532e3434343d7777772e76616c766572646564656c667265736e6f2e65732c444e532e3434353d7777772e766567617669616e612e65732c444e532e3434363d7777772e7669616e64617264656c61766572612e65732c444e532e3434373d7777772e76696c6c6164656c63616d706f2e65732c444e532e3434383d7777772e76696c6c6164656c7265792e65732c444e532e3434393d7777772e76696c6c616d65736961732e65732c444e532e3435303d7777772e76696c6c616d69656c2e65732c444e532e3435313d7777772e76696c6c616e7565766164656c617369657272612e65732c444e532e3435323d7777772e76696c6c617264656c706564726f736f2e65732c444e532e3435333d7777772e76696c6c61726465706c6173656e6369612e65732c444e532e3435343d7777772e76696c6c61736275656e61736465676174612e65732c444e532e3435353d7777772e7a61727a6164656772616e6164696c6c612e65732c444e532e3435363d7777772e7a61727a6164656d6f6e74616e6368657a2e65732c444e532e3435373d7777772e7a61727a616c616d61796f722e65732c444e532e3435383d7777772e7a6f726974612e65732c444e532e3435393d7777772e726f73616c656a6f2e65732c444e532e3436303d7777772e766567617669616e612e65732c444e532e3436313d7777772e616c61676f6e64656c72696f2e65732c444e532e3436323d7777772e7469657461722e65732c444e532e3436333d7777772e76616c646573616c6f722e65732c444e532e3436343d7777772e6e6176617472617369657272612e65732c444e532e3436353d7777772e7269766572616465667265736e65646f73612e65732c444e532e3436363d7777772e656c6d73616e67696c2e65732c444e532e3436373d7777772e74616a6f73616c6f722e65732c444e532e3436383d7777772e76616c6c65616d62726f7a2e65732c444e532e3436393d7777772e6d616e636f6d756e6964616476616c6c6564656c616c61676f6e2e65732c444e532e3437303d7777772e6d616e636f6d756e6964616476616c6c6564656c6a657274652e65732c444e532e3437313d7777772e6d616e636f6d756e696461647665676173616c7461732e65732c444e532e3437323d7777772e6d616e636f6d756e6964616464656c61766572612e65732c444e532e3437333d7777772e6d616e636f6d756e696461647a6f6e6163656e74726f2e65732c444e532e3437343d7777772e76696c6c7565726361732d69626f7265732d6a6172612e6573,EMAIL=webmaster@dip-caceres.es,CN=www.dip-caceres.es,OU=DIPUTACION PROVINCIAL DE CACERES,O=DIPUTACION PROVINCIAL DE CACERES,L=CACERES,ST=CACERES,C=ES", + .raw = {(void*)"\x30\x82\x31\x29\x31\x0b\x30\x09\x06\x03\x55\x04\x06\x13\x02\x45\x53\x31\x10\x30\x0e\x06\x03\x55\x04\x08\x13\x07\x43\x41\x43\x45\x52\x45\x53\x31\x10\x30\x0e\x06\x03\x55\x04\x07\x13\x07\x43\x41\x43\x45\x52\x45\x53\x31\x29\x30\x27\x06\x03\x55\x04\x0a\x13\x20\x44\x49\x50\x55\x54\x41\x43\x49\x4f\x4e\x20\x50\x52\x4f\x56\x49\x4e\x43\x49\x41\x4c\x20\x44\x45\x20\x43\x41\x43\x45\x52\x45\x53\x31\x29\x30\x27\x06\x03\x55\x04\x0b\x13\x20\x44\x49\x50\x55\x54\x41\x43\x49\x4f\x4e\x20\x50\x52\x4f\x56\x49\x4e\x43\x49\x41\x4c\x20\x44\x45\x20\x43\x41\x43\x45\x52\x45\x53\x31\x1b\x30\x19\x06\x03\x55\x04\x03\x13\x12\x77\x77\x77\x2e\x64\x69\x70\x2d\x63\x61\x63\x65\x72\x65\x73\x2e\x65\x73\x31\x27\x30\x25\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x09\x01\x16\x18\x77\x65\x62\x6d\x61\x73\x74\x65\x72\x40\x64\x69\x70\x2d\x63\x61\x63\x65\x72\x65\x73\x2e\x65\x73\x31\x82\x30\x58\x30\x82\x30\x54\x06\x03\x55\x1d\x11\x13\x82\x30\x4b\x44\x4e\x53\x2e\x31\x3d\x61\x62\x61\x64\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x3d\x61\x62\x65\x72\x74\x75\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x3d\x61\x63\x65\x62\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x3d\x61\x63\x65\x68\x75\x63\x68\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x35\x3d\x61\x63\x65\x69\x74\x75\x6e\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x36\x3d\x61\x68\x69\x67\x61\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x37\x3d\x61\x6c\x61\x67\x6f\x6e\x64\x65\x6c\x72\x69\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x38\x3d\x61\x6c\x63\x6f\x6c\x6c\x61\x72\x69\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x39\x3d\x61\x79\x74\x6f\x61\x6c\x62\x61\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x30\x3d\x61\x79\x74\x6f\x61\x6c\x63\x61\x6e\x74\x61\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x31\x3d\x61\x6c\x63\x75\x65\x73\x63\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x32\x3d\x61\x6c\x64\x65\x61\x63\x65\x6e\x74\x65\x6e\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x33\x3d\x61\x6c\x64\x65\x61\x64\x65\x6c\x63\x61\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x34\x3d\x6c\x61\x61\x6c\x64\x65\x61\x64\x65\x6c\x6f\x62\x69\x73\x70\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x35\x3d\x61\x6c\x64\x65\x61\x6e\x75\x65\x76\x61\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x36\x3d\x61\x6c\x64\x65\x61\x6e\x75\x65\x76\x61\x64\x65\x6c\x63\x61\x6d\x69\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x37\x3d\x61\x6c\x64\x65\x68\x75\x65\x6c\x61\x64\x65\x6c\x6a\x65\x72\x74\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x38\x3d\x61\x79\x74\x6f\x61\x6c\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x39\x3d\x61\x6c\x69\x73\x65\x64\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x30\x3d\x61\x6c\x6d\x61\x72\x61\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x31\x3d\x61\x6c\x6d\x6f\x68\x61\x72\x69\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x32\x3d\x61\x79\x74\x6f\x61\x72\x72\x6f\x79\x6f\x64\x65\x6c\x61\x6c\x75\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x33\x3d\x61\x72\x72\x6f\x79\x6f\x6d\x6f\x6c\x69\x6e\x6f\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x34\x3d\x61\x72\x72\x6f\x79\x6f\x6d\x6f\x6c\x69\x6e\x6f\x73\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x35\x3d\x62\x61\x6e\x6f\x73\x64\x65\x6d\x6f\x6e\x74\x65\x6d\x61\x79\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x36\x3d\x62\x61\x72\x72\x61\x64\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x37\x3d\x62\x65\x6c\x76\x69\x73\x64\x65\x6d\x6f\x6e\x72\x6f\x79\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x38\x3d\x62\x65\x6e\x71\x75\x65\x72\x65\x6e\x63\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x39\x3d\x62\x65\x72\x72\x6f\x63\x61\x6c\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x30\x3d\x62\x65\x72\x7a\x6f\x63\x61\x6e\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x31\x3d\x62\x6f\x68\x6f\x6e\x61\x6c\x64\x65\x69\x62\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x32\x3d\x62\x6f\x74\x69\x6a\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x33\x3d\x62\x72\x6f\x7a\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x34\x3d\x63\x61\x62\x61\x6e\x61\x73\x64\x65\x6c\x63\x61\x73\x74\x69\x6c\x6c\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x35\x3d\x63\x61\x62\x65\x7a\x61\x62\x65\x6c\x6c\x6f\x73\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x36\x3d\x63\x61\x62\x65\x7a\x75\x65\x6c\x61\x64\x65\x6c\x76\x61\x6c\x6c\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x37\x3d\x63\x61\x62\x72\x65\x72\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x38\x3d\x63\x61\x63\x68\x6f\x72\x72\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x39\x3d\x63\x61\x64\x61\x6c\x73\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x30\x3d\x63\x61\x6c\x7a\x61\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x31\x3d\x63\x61\x6d\x69\x6e\x6f\x6d\x6f\x72\x69\x73\x63\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x32\x3d\x63\x61\x6d\x70\x69\x6c\x6c\x6f\x64\x65\x64\x65\x6c\x65\x69\x74\x6f\x73\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x33\x3d\x63\x61\x6d\x70\x6f\x6c\x75\x67\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x34\x3d\x63\x61\x6e\x61\x6d\x65\x72\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x35\x3d\x63\x61\x6e\x61\x76\x65\x72\x61\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x36\x3d\x63\x61\x72\x62\x61\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x37\x3d\x63\x61\x72\x63\x61\x62\x6f\x73\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x38\x3d\x63\x61\x72\x72\x61\x73\x63\x61\x6c\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x39\x3d\x63\x61\x73\x61\x72\x64\x65\x63\x61\x63\x65\x72\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x35\x30\x3d\x63\x61\x73\x61\x72\x64\x65\x70\x61\x6c\x6f\x6d\x65\x72\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x35\x31\x3d\x63\x61\x73\x61\x72\x65\x73\x64\x65\x6c\x61\x73\x68\x75\x72\x64\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x35\x32\x3d\x63\x61\x73\x61\x73\x64\x65\x64\x6f\x6e\x61\x6e\x74\x6f\x6e\x69\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x35\x33\x3d\x63\x61\x73\x61\x73\x64\x65\x64\x6f\x6e\x67\x6f\x6d\x65\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x35\x34\x3d\x63\x61\x73\x61\x73\x64\x65\x6c\x63\x61\x73\x74\x61\x6e\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x35\x35\x3d\x63\x61\x73\x61\x73\x64\x65\x6c\x6d\x6f\x6e\x74\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x35\x36\x3d\x63\x61\x73\x61\x73\x64\x65\x6d\x69\x6c\x6c\x61\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x35\x37\x3d\x63\x61\x73\x61\x73\x64\x65\x6d\x69\x72\x61\x76\x65\x74\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x35\x38\x3d\x63\x61\x73\x61\x74\x65\x6a\x61\x64\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x35\x39\x3d\x63\x61\x73\x69\x6c\x6c\x61\x73\x64\x65\x63\x6f\x72\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x36\x30\x3d\x63\x61\x73\x74\x61\x6e\x61\x72\x64\x65\x69\x62\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x36\x31\x3d\x63\x65\x63\x6c\x61\x76\x69\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x36\x32\x3d\x63\x65\x64\x69\x6c\x6c\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x36\x33\x3d\x63\x65\x72\x65\x7a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x36\x34\x3d\x63\x69\x6c\x6c\x65\x72\x6f\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x36\x35\x3d\x63\x6f\x6c\x6c\x61\x64\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x36\x36\x3d\x63\x6f\x6e\x71\x75\x69\x73\x74\x61\x64\x65\x6c\x61\x73\x69\x65\x72\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x36\x37\x3d\x63\x6f\x72\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x36\x38\x3d\x63\x75\x61\x63\x6f\x73\x64\x65\x79\x75\x73\x74\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x36\x39\x3d\x6c\x61\x63\x75\x6d\x62\x72\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x37\x30\x3d\x64\x65\x6c\x65\x69\x74\x6f\x73\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x37\x31\x3d\x64\x65\x73\x63\x61\x72\x67\x61\x6d\x61\x72\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x37\x32\x3d\x65\x6c\x6a\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x37\x33\x3d\x65\x73\x63\x75\x72\x69\x61\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x37\x34\x3d\x66\x72\x65\x73\x6e\x65\x64\x6f\x73\x6f\x64\x65\x69\x62\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x37\x35\x3d\x67\x61\x6c\x69\x73\x74\x65\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x37\x36\x3d\x67\x61\x72\x63\x69\x61\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x37\x37\x3d\x6c\x61\x67\x61\x72\x67\x61\x6e\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x37\x38\x3d\x67\x61\x72\x67\x61\x6e\x74\x61\x6c\x61\x6f\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x37\x39\x3d\x67\x61\x72\x67\x61\x6e\x74\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x38\x30\x3d\x67\x61\x72\x67\x75\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x38\x31\x3d\x67\x61\x72\x72\x6f\x76\x69\x6c\x6c\x61\x73\x64\x65\x61\x6c\x63\x6f\x6e\x65\x74\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x38\x32\x3d\x67\x61\x72\x76\x69\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x38\x33\x3d\x67\x61\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x38\x34\x3d\x61\x79\x74\x6f\x65\x6c\x67\x6f\x72\x64\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x38\x35\x3d\x6c\x61\x67\x72\x61\x6e\x6a\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x38\x36\x3d\x6c\x61\x67\x72\x61\x6e\x6a\x61\x64\x65\x67\x72\x61\x6e\x61\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x38\x37\x3d\x61\x79\x75\x6e\x74\x61\x6d\x69\x65\x6e\x74\x6f\x64\x65\x67\x75\x61\x64\x61\x6c\x75\x70\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x38\x38\x3d\x67\x75\x69\x6a\x6f\x64\x65\x63\x6f\x72\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x38\x39\x3d\x67\x75\x69\x6a\x6f\x64\x65\x67\x61\x6c\x69\x73\x74\x65\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x39\x30\x3d\x67\x75\x69\x6a\x6f\x64\x65\x67\x72\x61\x6e\x61\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x39\x31\x3d\x67\x75\x69\x6a\x6f\x64\x65\x73\x61\x6e\x74\x61\x62\x61\x72\x62\x61\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x39\x32\x3d\x68\x65\x72\x67\x75\x69\x6a\x75\x65\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x39\x33\x3d\x68\x65\x72\x6e\x61\x6e\x70\x65\x72\x65\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x39\x34\x3d\x68\x65\x72\x72\x65\x72\x61\x64\x65\x61\x6c\x63\x61\x6e\x74\x61\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x39\x35\x3d\x68\x65\x72\x72\x65\x72\x75\x65\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x39\x36\x3d\x68\x65\x72\x76\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x39\x37\x3d\x68\x69\x67\x75\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x39\x38\x3d\x68\x69\x6e\x6f\x6a\x61\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x39\x39\x3d\x68\x6f\x6c\x67\x75\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x30\x30\x3d\x68\x6f\x79\x6f\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x30\x31\x3d\x68\x75\x65\x6c\x61\x67\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x30\x32\x3d\x69\x62\x61\x68\x65\x72\x6e\x61\x6e\x64\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x30\x33\x3d\x6a\x61\x72\x61\x69\x63\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x30\x34\x3d\x6a\x61\x72\x61\x69\x7a\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x30\x35\x3d\x6a\x61\x72\x61\x6e\x64\x69\x6c\x6c\x61\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x30\x36\x3d\x6a\x61\x72\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x30\x37\x3d\x6a\x65\x72\x74\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x30\x38\x3d\x6c\x61\x64\x72\x69\x6c\x6c\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x30\x39\x3d\x6c\x6f\x67\x72\x6f\x73\x61\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x31\x30\x3d\x6c\x6f\x73\x61\x72\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x31\x31\x3d\x6d\x61\x64\x72\x69\x67\x61\x6c\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x31\x32\x3d\x6d\x61\x64\x72\x69\x67\x61\x6c\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x31\x33\x3d\x6d\x61\x64\x72\x6f\x6e\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x31\x34\x3d\x6d\x61\x6a\x61\x64\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x31\x35\x3d\x6d\x61\x6c\x70\x61\x72\x74\x69\x64\x61\x64\x65\x63\x61\x63\x65\x72\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x31\x36\x3d\x6d\x61\x6c\x70\x61\x72\x74\x69\x64\x61\x64\x65\x70\x6c\x61\x73\x65\x6e\x63\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x31\x37\x3d\x6d\x61\x72\x63\x68\x61\x67\x61\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x31\x38\x3d\x6d\x61\x74\x61\x64\x65\x61\x6c\x63\x61\x6e\x74\x61\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x31\x39\x3d\x6d\x65\x6d\x62\x72\x69\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x32\x30\x3d\x6d\x65\x73\x61\x73\x64\x65\x69\x62\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x32\x31\x3d\x6d\x69\x61\x6a\x61\x64\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x32\x32\x3d\x6d\x69\x6c\x6c\x61\x6e\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x32\x33\x3d\x6d\x69\x72\x61\x62\x65\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x32\x34\x3d\x6d\x6f\x68\x65\x64\x61\x73\x64\x65\x67\x72\x61\x6e\x61\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x32\x35\x3d\x6d\x6f\x6e\x72\x6f\x79\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x32\x36\x3d\x6d\x6f\x6e\x74\x61\x6e\x63\x68\x65\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x32\x37\x3d\x6d\x6f\x6e\x74\x65\x68\x65\x72\x6d\x6f\x73\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x32\x38\x3d\x6d\x6f\x72\x61\x6c\x65\x6a\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x32\x39\x3d\x6d\x6f\x72\x63\x69\x6c\x6c\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x33\x30\x3d\x6e\x61\x76\x61\x63\x6f\x6e\x63\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x33\x31\x3d\x6e\x61\x76\x61\x6c\x76\x69\x6c\x6c\x61\x72\x64\x65\x69\x62\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x33\x32\x3d\x6e\x61\x76\x61\x6c\x6d\x6f\x72\x61\x6c\x64\x65\x6c\x61\x6d\x61\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x33\x33\x3d\x6e\x61\x76\x61\x73\x64\x65\x6c\x6d\x61\x64\x72\x6f\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x33\x34\x3d\x6e\x61\x76\x61\x74\x72\x61\x73\x69\x65\x72\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x33\x35\x3d\x6e\x61\x76\x65\x7a\x75\x65\x6c\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x33\x36\x3d\x6e\x75\x6e\x6f\x6d\x6f\x72\x61\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x33\x37\x3d\x6f\x6c\x69\x76\x61\x64\x65\x70\x6c\x61\x73\x65\x6e\x63\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x33\x38\x3d\x70\x61\x6c\x6f\x6d\x65\x72\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x33\x39\x3d\x70\x61\x73\x61\x72\x6f\x6e\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x34\x30\x3d\x70\x65\x64\x72\x6f\x73\x6f\x64\x65\x61\x63\x69\x6d\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x34\x31\x3d\x70\x65\x72\x61\x6c\x65\x64\x61\x64\x65\x6c\x61\x6d\x61\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x34\x32\x3d\x70\x65\x72\x61\x6c\x65\x64\x61\x64\x65\x73\x61\x6e\x72\x6f\x6d\x61\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x34\x33\x3d\x70\x65\x72\x61\x6c\x65\x73\x64\x65\x6c\x70\x75\x65\x72\x74\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x34\x34\x3d\x70\x65\x73\x63\x75\x65\x7a\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x34\x35\x3d\x6c\x61\x70\x65\x73\x67\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x34\x36\x3d\x70\x69\x65\x64\x72\x61\x73\x61\x6c\x62\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x34\x37\x3d\x70\x69\x6e\x6f\x66\x72\x61\x6e\x71\x75\x65\x61\x64\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x34\x38\x3d\x70\x69\x6f\x72\x6e\x61\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x34\x39\x3d\x70\x6c\x61\x73\x65\x6e\x7a\x75\x65\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x35\x30\x3d\x70\x6f\x72\x74\x61\x6a\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x35\x31\x3d\x70\x6f\x72\x74\x65\x7a\x75\x65\x6c\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x35\x32\x3d\x70\x6f\x7a\x75\x65\x6c\x6f\x64\x65\x7a\x61\x72\x7a\x6f\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x35\x33\x3d\x70\x75\x65\x62\x6c\x6f\x6e\x75\x65\x76\x6f\x64\x65\x6d\x69\x72\x61\x6d\x6f\x6e\x74\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x35\x34\x3d\x70\x75\x65\x72\x74\x6f\x64\x65\x73\x61\x6e\x74\x61\x63\x72\x75\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x35\x35\x3d\x72\x65\x62\x6f\x6c\x6c\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x35\x36\x3d\x72\x69\x6f\x6c\x6f\x62\x6f\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x35\x37\x3d\x72\x6f\x62\x6c\x65\x64\x69\x6c\x6c\x6f\x64\x65\x67\x61\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x35\x38\x3d\x72\x6f\x62\x6c\x65\x64\x69\x6c\x6c\x6f\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x35\x39\x3d\x72\x6f\x62\x6c\x65\x64\x69\x6c\x6c\x6f\x64\x65\x74\x72\x75\x6a\x69\x6c\x6c\x6f\x2c\x44\x4e\x53\x2e\x31\x36\x30\x3d\x72\x6f\x62\x6c\x65\x64\x6f\x6c\x6c\x61\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x36\x31\x3d\x72\x6f\x6d\x61\x6e\x67\x6f\x72\x64\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x36\x32\x3d\x72\x75\x61\x6e\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x36\x33\x3d\x73\x61\x6c\x6f\x72\x69\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x36\x34\x3d\x73\x61\x6c\x76\x61\x74\x69\x65\x72\x72\x61\x64\x65\x73\x61\x6e\x74\x69\x61\x67\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x36\x35\x3d\x73\x61\x6e\x6d\x61\x72\x74\x69\x6e\x64\x65\x74\x72\x65\x76\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x36\x36\x3d\x61\x79\x74\x6f\x73\x61\x6e\x74\x61\x61\x6e\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x36\x37\x3d\x73\x61\x6e\x74\x61\x63\x72\x75\x7a\x64\x65\x6c\x61\x73\x69\x65\x72\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x36\x38\x3d\x73\x61\x6e\x74\x61\x63\x72\x75\x7a\x64\x65\x70\x61\x6e\x69\x61\x67\x75\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x36\x39\x3d\x73\x61\x6e\x74\x61\x6d\x61\x72\x74\x61\x64\x65\x6d\x61\x67\x61\x73\x63\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x37\x30\x3d\x73\x61\x6e\x74\x69\x61\x67\x6f\x64\x65\x6c\x63\x61\x6d\x70\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x37\x31\x3d\x73\x61\x6e\x74\x69\x62\x61\x6e\x65\x7a\x65\x6c\x61\x6c\x74\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x37\x32\x3d\x73\x61\x6e\x74\x69\x62\x61\x6e\x65\x7a\x65\x6c\x62\x61\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x37\x33\x3d\x73\x61\x75\x63\x65\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x37\x34\x3d\x73\x65\x67\x75\x72\x61\x64\x65\x74\x6f\x72\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x37\x35\x3d\x73\x65\x72\x72\x61\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x37\x36\x3d\x73\x65\x72\x72\x65\x6a\x6f\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x37\x37\x3d\x73\x69\x65\x72\x72\x61\x64\x65\x66\x75\x65\x6e\x74\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x37\x38\x3d\x74\x61\x6c\x61\x76\x61\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x37\x39\x3d\x74\x61\x6c\x61\x76\x65\x72\x75\x65\x6c\x61\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x38\x30\x3d\x74\x61\x6c\x61\x79\x75\x65\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x38\x31\x3d\x74\x65\x6a\x65\x64\x61\x64\x65\x74\x69\x65\x74\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x38\x32\x3d\x74\x6f\x72\x69\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x38\x33\x3d\x74\x6f\x72\x6e\x61\x76\x61\x63\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x38\x34\x3d\x61\x79\x74\x6f\x65\x6c\x74\x6f\x72\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x38\x35\x3d\x74\x6f\x72\x72\x65\x63\x69\x6c\x6c\x61\x64\x65\x6c\x6f\x73\x61\x6e\x67\x65\x6c\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x38\x36\x3d\x74\x6f\x72\x72\x65\x63\x69\x6c\x6c\x61\x73\x64\x65\x6c\x61\x74\x69\x65\x73\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x38\x37\x3d\x74\x6f\x72\x72\x65\x64\x65\x64\x6f\x6e\x6d\x69\x67\x75\x65\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x38\x38\x3d\x74\x6f\x72\x72\x65\x64\x65\x73\x61\x6e\x74\x61\x6d\x61\x72\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x38\x39\x3d\x74\x6f\x72\x72\x65\x6a\x6f\x6e\x65\x6c\x72\x75\x62\x69\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x39\x30\x3d\x74\x6f\x72\x72\x65\x6a\x6f\x6e\x63\x69\x6c\x6c\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x39\x31\x3d\x74\x6f\x72\x72\x65\x6d\x65\x6e\x67\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x39\x32\x3d\x74\x6f\x72\x72\x65\x6d\x6f\x63\x68\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x39\x33\x3d\x74\x6f\x72\x72\x65\x6f\x72\x67\x61\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x39\x34\x3d\x74\x6f\x72\x72\x65\x71\x75\x65\x6d\x61\x64\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x39\x35\x3d\x76\x61\x6c\x64\x61\x73\x74\x69\x6c\x6c\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x39\x36\x3d\x76\x61\x6c\x64\x65\x63\x61\x6e\x61\x73\x64\x65\x74\x61\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x39\x37\x3d\x76\x61\x6c\x64\x65\x66\x75\x65\x6e\x74\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x39\x38\x3d\x76\x61\x6c\x64\x65\x68\x75\x6e\x63\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x31\x39\x39\x3d\x76\x61\x6c\x64\x65\x69\x6e\x69\x67\x6f\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x30\x30\x3d\x76\x61\x6c\x64\x65\x6c\x61\x63\x61\x73\x61\x64\x65\x74\x61\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x30\x31\x3d\x76\x61\x6c\x64\x65\x6d\x6f\x72\x61\x6c\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x30\x32\x3d\x76\x61\x6c\x64\x65\x6f\x62\x69\x73\x70\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x30\x33\x3d\x76\x61\x6c\x64\x65\x73\x61\x6c\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x30\x34\x3d\x76\x61\x6c\x72\x69\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x30\x35\x3d\x76\x61\x6c\x65\x6e\x63\x69\x61\x64\x65\x61\x6c\x63\x61\x6e\x74\x61\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x30\x36\x3d\x76\x61\x6c\x76\x65\x72\x64\x65\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x30\x37\x3d\x76\x61\x6c\x76\x65\x72\x64\x65\x64\x65\x6c\x66\x72\x65\x73\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x30\x38\x3d\x76\x65\x67\x61\x76\x69\x61\x6e\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x30\x39\x3d\x76\x69\x61\x6e\x64\x61\x72\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x31\x30\x3d\x76\x69\x6c\x6c\x61\x64\x65\x6c\x63\x61\x6d\x70\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x31\x31\x3d\x76\x69\x6c\x6c\x61\x64\x65\x6c\x72\x65\x79\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x31\x32\x3d\x76\x69\x6c\x6c\x61\x6d\x65\x73\x69\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x31\x33\x3d\x76\x69\x6c\x6c\x61\x6d\x69\x65\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x31\x34\x3d\x76\x69\x6c\x6c\x61\x6e\x75\x65\x76\x61\x64\x65\x6c\x61\x73\x69\x65\x72\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x31\x35\x3d\x76\x69\x6c\x6c\x61\x72\x64\x65\x6c\x70\x65\x64\x72\x6f\x73\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x31\x36\x3d\x76\x69\x6c\x6c\x61\x72\x64\x65\x70\x6c\x61\x73\x65\x6e\x63\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x31\x37\x3d\x76\x69\x6c\x6c\x61\x73\x62\x75\x65\x6e\x61\x73\x64\x65\x67\x61\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x31\x38\x3d\x7a\x61\x72\x7a\x61\x64\x65\x67\x72\x61\x6e\x61\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x31\x39\x3d\x7a\x61\x72\x7a\x61\x64\x65\x6d\x6f\x6e\x74\x61\x6e\x63\x68\x65\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x32\x30\x3d\x7a\x61\x72\x7a\x61\x6c\x61\x6d\x61\x79\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x32\x31\x3d\x7a\x6f\x72\x69\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x32\x32\x3d\x72\x6f\x73\x61\x6c\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x32\x33\x3d\x76\x65\x67\x61\x76\x69\x61\x6e\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x32\x34\x3d\x61\x6c\x61\x67\x6f\x6e\x64\x65\x6c\x72\x69\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x32\x35\x3d\x74\x69\x65\x74\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x32\x36\x3d\x76\x61\x6c\x64\x65\x73\x61\x6c\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x32\x37\x3d\x6e\x61\x76\x61\x74\x72\x61\x73\x69\x65\x72\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x32\x38\x3d\x72\x69\x76\x65\x72\x61\x64\x65\x66\x72\x65\x73\x6e\x65\x64\x6f\x73\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x32\x39\x3d\x65\x6c\x6d\x73\x61\x6e\x67\x69\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x33\x30\x3d\x74\x61\x6a\x6f\x73\x61\x6c\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x33\x31\x3d\x76\x61\x6c\x6c\x65\x61\x6d\x62\x72\x6f\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x33\x32\x3d\x6d\x61\x6e\x63\x6f\x6d\x75\x6e\x69\x64\x61\x64\x76\x61\x6c\x6c\x65\x64\x65\x6c\x61\x6c\x61\x67\x6f\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x33\x33\x3d\x6d\x61\x6e\x63\x6f\x6d\x75\x6e\x69\x64\x61\x64\x76\x61\x6c\x6c\x65\x64\x65\x6c\x6a\x65\x72\x74\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x33\x34\x3d\x6d\x61\x6e\x63\x6f\x6d\x75\x6e\x69\x64\x61\x64\x76\x65\x67\x61\x73\x61\x6c\x74\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x33\x35\x3d\x6d\x61\x6e\x63\x6f\x6d\x75\x6e\x69\x64\x61\x64\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x33\x36\x3d\x6d\x61\x6e\x63\x6f\x6d\x75\x6e\x69\x64\x61\x64\x7a\x6f\x6e\x61\x63\x65\x6e\x74\x72\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x33\x37\x3d\x76\x69\x6c\x6c\x75\x65\x72\x63\x61\x73\x2d\x69\x62\x6f\x72\x65\x73\x2d\x6a\x61\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x33\x38\x3d\x77\x77\x77\x2e\x61\x62\x61\x64\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x33\x39\x3d\x77\x77\x77\x2e\x61\x62\x65\x72\x74\x75\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x34\x30\x3d\x77\x77\x77\x2e\x61\x63\x65\x62\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x34\x31\x3d\x77\x77\x77\x2e\x61\x63\x65\x68\x75\x63\x68\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x34\x32\x3d\x77\x77\x77\x2e\x61\x63\x65\x69\x74\x75\x6e\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x34\x33\x3d\x77\x77\x77\x2e\x61\x68\x69\x67\x61\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x34\x34\x3d\x77\x77\x77\x2e\x61\x6c\x61\x67\x6f\x6e\x64\x65\x6c\x72\x69\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x34\x35\x3d\x77\x77\x77\x2e\x61\x6c\x63\x6f\x6c\x6c\x61\x72\x69\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x34\x36\x3d\x77\x77\x77\x2e\x61\x79\x74\x6f\x61\x6c\x62\x61\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x34\x37\x3d\x77\x77\x77\x2e\x61\x79\x74\x6f\x61\x6c\x63\x61\x6e\x74\x61\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x34\x38\x3d\x77\x77\x77\x2e\x61\x6c\x63\x75\x65\x73\x63\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x34\x39\x3d\x77\x77\x77\x2e\x61\x6c\x64\x65\x61\x63\x65\x6e\x74\x65\x6e\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x35\x30\x3d\x77\x77\x77\x2e\x61\x6c\x64\x65\x61\x64\x65\x6c\x63\x61\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x35\x31\x3d\x77\x77\x77\x2e\x6c\x61\x61\x6c\x64\x65\x61\x64\x65\x6c\x6f\x62\x69\x73\x70\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x35\x32\x3d\x77\x77\x77\x2e\x61\x6c\x64\x65\x61\x6e\x75\x65\x76\x61\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x35\x33\x3d\x77\x77\x77\x2e\x61\x6c\x64\x65\x61\x6e\x75\x65\x76\x61\x64\x65\x6c\x63\x61\x6d\x69\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x35\x34\x3d\x77\x77\x77\x2e\x61\x6c\x64\x65\x68\x75\x65\x6c\x61\x64\x65\x6c\x6a\x65\x72\x74\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x35\x35\x3d\x77\x77\x77\x2e\x61\x79\x74\x6f\x61\x6c\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x35\x36\x3d\x77\x77\x77\x2e\x61\x6c\x69\x73\x65\x64\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x35\x37\x3d\x77\x77\x77\x2e\x61\x6c\x6d\x61\x72\x61\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x35\x38\x3d\x77\x77\x77\x2e\x61\x6c\x6d\x6f\x68\x61\x72\x69\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x35\x39\x3d\x77\x77\x77\x2e\x61\x79\x74\x6f\x61\x72\x72\x6f\x79\x6f\x64\x65\x6c\x61\x6c\x75\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x36\x30\x3d\x77\x77\x77\x2e\x61\x72\x72\x6f\x79\x6f\x6d\x6f\x6c\x69\x6e\x6f\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x36\x31\x3d\x77\x77\x77\x2e\x61\x72\x72\x6f\x79\x6f\x6d\x6f\x6c\x69\x6e\x6f\x73\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x36\x32\x3d\x77\x77\x77\x2e\x62\x61\x6e\x6f\x73\x64\x65\x6d\x6f\x6e\x74\x65\x6d\x61\x79\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x36\x33\x3d\x77\x77\x77\x2e\x62\x61\x72\x72\x61\x64\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x36\x34\x3d\x77\x77\x77\x2e\x62\x65\x6c\x76\x69\x73\x64\x65\x6d\x6f\x6e\x72\x6f\x79\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x36\x35\x3d\x77\x77\x77\x2e\x62\x65\x6e\x71\x75\x65\x72\x65\x6e\x63\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x36\x36\x3d\x77\x77\x77\x2e\x62\x65\x72\x72\x6f\x63\x61\x6c\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x36\x37\x3d\x77\x77\x77\x2e\x62\x65\x72\x7a\x6f\x63\x61\x6e\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x36\x38\x3d\x77\x77\x77\x2e\x62\x6f\x68\x6f\x6e\x61\x6c\x64\x65\x69\x62\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x36\x39\x3d\x77\x77\x77\x2e\x62\x6f\x74\x69\x6a\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x37\x30\x3d\x77\x77\x77\x2e\x62\x72\x6f\x7a\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x37\x31\x3d\x77\x77\x77\x2e\x63\x61\x62\x61\x6e\x61\x73\x64\x65\x6c\x63\x61\x73\x74\x69\x6c\x6c\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x37\x32\x3d\x77\x77\x77\x2e\x63\x61\x62\x65\x7a\x61\x62\x65\x6c\x6c\x6f\x73\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x37\x33\x3d\x77\x77\x77\x2e\x63\x61\x62\x65\x7a\x75\x65\x6c\x61\x64\x65\x6c\x76\x61\x6c\x6c\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x37\x34\x3d\x77\x77\x77\x2e\x63\x61\x62\x72\x65\x72\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x37\x35\x3d\x77\x77\x77\x2e\x63\x61\x63\x68\x6f\x72\x72\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x37\x36\x3d\x77\x77\x77\x2e\x63\x61\x64\x61\x6c\x73\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x37\x37\x3d\x77\x77\x77\x2e\x63\x61\x6c\x7a\x61\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x37\x38\x3d\x77\x77\x77\x2e\x63\x61\x6d\x69\x6e\x6f\x6d\x6f\x72\x69\x73\x63\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x37\x39\x3d\x77\x77\x77\x2e\x63\x61\x6d\x70\x69\x6c\x6c\x6f\x64\x65\x64\x65\x6c\x65\x69\x74\x6f\x73\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x38\x30\x3d\x77\x77\x77\x2e\x63\x61\x6d\x70\x6f\x6c\x75\x67\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x38\x31\x3d\x77\x77\x77\x2e\x63\x61\x6e\x61\x6d\x65\x72\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x38\x32\x3d\x77\x77\x77\x2e\x63\x61\x6e\x61\x76\x65\x72\x61\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x38\x33\x3d\x77\x77\x77\x2e\x63\x61\x72\x62\x61\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x38\x34\x3d\x77\x77\x77\x2e\x63\x61\x72\x63\x61\x62\x6f\x73\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x38\x35\x3d\x77\x77\x77\x2e\x63\x61\x72\x72\x61\x73\x63\x61\x6c\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x38\x36\x3d\x77\x77\x77\x2e\x63\x61\x73\x61\x72\x64\x65\x63\x61\x63\x65\x72\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x38\x37\x3d\x77\x77\x77\x2e\x63\x61\x73\x61\x72\x64\x65\x70\x61\x6c\x6f\x6d\x65\x72\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x38\x38\x3d\x77\x77\x77\x2e\x63\x61\x73\x61\x72\x65\x73\x64\x65\x6c\x61\x73\x68\x75\x72\x64\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x38\x39\x3d\x77\x77\x77\x2e\x63\x61\x73\x61\x73\x64\x65\x64\x6f\x6e\x61\x6e\x74\x6f\x6e\x69\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x39\x30\x3d\x77\x77\x77\x2e\x63\x61\x73\x61\x73\x64\x65\x64\x6f\x6e\x67\x6f\x6d\x65\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x39\x31\x3d\x77\x77\x77\x2e\x63\x61\x73\x61\x73\x64\x65\x6c\x63\x61\x73\x74\x61\x6e\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x39\x32\x3d\x77\x77\x77\x2e\x63\x61\x73\x61\x73\x64\x65\x6c\x6d\x6f\x6e\x74\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x39\x33\x3d\x77\x77\x77\x2e\x63\x61\x73\x61\x73\x64\x65\x6d\x69\x6c\x6c\x61\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x39\x34\x3d\x77\x77\x77\x2e\x63\x61\x73\x61\x73\x64\x65\x6d\x69\x72\x61\x76\x65\x74\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x39\x35\x3d\x77\x77\x77\x2e\x63\x61\x73\x61\x74\x65\x6a\x61\x64\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x39\x36\x3d\x77\x77\x77\x2e\x63\x61\x73\x69\x6c\x6c\x61\x73\x64\x65\x63\x6f\x72\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x39\x37\x3d\x77\x77\x77\x2e\x63\x61\x73\x74\x61\x6e\x61\x72\x64\x65\x69\x62\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x39\x38\x3d\x77\x77\x77\x2e\x63\x65\x63\x6c\x61\x76\x69\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x32\x39\x39\x3d\x77\x77\x77\x2e\x63\x65\x64\x69\x6c\x6c\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x30\x30\x3d\x77\x77\x77\x2e\x63\x65\x72\x65\x7a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x30\x31\x3d\x77\x77\x77\x2e\x63\x69\x6c\x6c\x65\x72\x6f\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x30\x32\x3d\x77\x77\x77\x2e\x63\x6f\x6c\x6c\x61\x64\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x30\x33\x3d\x77\x77\x77\x2e\x63\x6f\x6e\x71\x75\x69\x73\x74\x61\x64\x65\x6c\x61\x73\x69\x65\x72\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x30\x34\x3d\x77\x77\x77\x2e\x63\x6f\x72\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x30\x35\x3d\x77\x77\x77\x2e\x63\x75\x61\x63\x6f\x73\x64\x65\x79\x75\x73\x74\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x30\x36\x3d\x77\x77\x77\x2e\x6c\x61\x63\x75\x6d\x62\x72\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x30\x37\x3d\x77\x77\x77\x2e\x64\x65\x6c\x65\x69\x74\x6f\x73\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x30\x38\x3d\x77\x77\x77\x2e\x64\x65\x73\x63\x61\x72\x67\x61\x6d\x61\x72\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x30\x39\x3d\x77\x77\x77\x2e\x65\x6c\x6a\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x31\x30\x3d\x77\x77\x77\x2e\x65\x73\x63\x75\x72\x69\x61\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x31\x31\x3d\x77\x77\x77\x2e\x66\x72\x65\x73\x6e\x65\x64\x6f\x73\x6f\x64\x65\x69\x62\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x31\x32\x3d\x77\x77\x77\x2e\x67\x61\x6c\x69\x73\x74\x65\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x31\x33\x3d\x77\x77\x77\x2e\x67\x61\x72\x63\x69\x61\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x31\x34\x3d\x77\x77\x77\x2e\x6c\x61\x67\x61\x72\x67\x61\x6e\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x31\x35\x3d\x77\x77\x77\x2e\x67\x61\x72\x67\x61\x6e\x74\x61\x6c\x61\x6f\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x31\x36\x3d\x77\x77\x77\x2e\x67\x61\x72\x67\x61\x6e\x74\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x31\x37\x3d\x77\x77\x77\x2e\x67\x61\x72\x67\x75\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x31\x38\x3d\x77\x77\x77\x2e\x67\x61\x72\x72\x6f\x76\x69\x6c\x6c\x61\x73\x64\x65\x61\x6c\x63\x6f\x6e\x65\x74\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x31\x39\x3d\x77\x77\x77\x2e\x67\x61\x72\x76\x69\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x32\x30\x3d\x77\x77\x77\x2e\x67\x61\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x32\x31\x3d\x77\x77\x77\x2e\x61\x79\x74\x6f\x65\x6c\x67\x6f\x72\x64\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x32\x32\x3d\x77\x77\x77\x2e\x6c\x61\x67\x72\x61\x6e\x6a\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x32\x33\x3d\x77\x77\x77\x2e\x6c\x61\x67\x72\x61\x6e\x6a\x61\x64\x65\x67\x72\x61\x6e\x61\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x32\x34\x3d\x77\x77\x77\x2e\x61\x79\x75\x6e\x74\x61\x6d\x69\x65\x6e\x74\x6f\x64\x65\x67\x75\x61\x64\x61\x6c\x75\x70\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x32\x35\x3d\x77\x77\x77\x2e\x67\x75\x69\x6a\x6f\x64\x65\x63\x6f\x72\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x32\x36\x3d\x77\x77\x77\x2e\x67\x75\x69\x6a\x6f\x64\x65\x67\x61\x6c\x69\x73\x74\x65\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x32\x37\x3d\x77\x77\x77\x2e\x67\x75\x69\x6a\x6f\x64\x65\x67\x72\x61\x6e\x61\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x32\x38\x3d\x77\x77\x77\x2e\x67\x75\x69\x6a\x6f\x64\x65\x73\x61\x6e\x74\x61\x62\x61\x72\x62\x61\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x32\x39\x3d\x77\x77\x77\x2e\x68\x65\x72\x67\x75\x69\x6a\x75\x65\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x33\x30\x3d\x77\x77\x77\x2e\x68\x65\x72\x6e\x61\x6e\x70\x65\x72\x65\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x33\x31\x3d\x77\x77\x77\x2e\x68\x65\x72\x72\x65\x72\x61\x64\x65\x61\x6c\x63\x61\x6e\x74\x61\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x33\x32\x3d\x77\x77\x77\x2e\x68\x65\x72\x72\x65\x72\x75\x65\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x33\x33\x3d\x77\x77\x77\x2e\x68\x65\x72\x76\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x33\x34\x3d\x77\x77\x77\x2e\x68\x69\x67\x75\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x33\x35\x3d\x77\x77\x77\x2e\x68\x69\x6e\x6f\x6a\x61\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x33\x36\x3d\x77\x77\x77\x2e\x68\x6f\x6c\x67\x75\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x33\x37\x3d\x77\x77\x77\x2e\x68\x6f\x79\x6f\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x33\x38\x3d\x77\x77\x77\x2e\x68\x75\x65\x6c\x61\x67\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x33\x39\x3d\x77\x77\x77\x2e\x69\x62\x61\x68\x65\x72\x6e\x61\x6e\x64\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x34\x30\x3d\x77\x77\x77\x2e\x6a\x61\x72\x61\x69\x63\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x34\x31\x3d\x77\x77\x77\x2e\x6a\x61\x72\x61\x69\x7a\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x34\x32\x3d\x77\x77\x77\x2e\x6a\x61\x72\x61\x6e\x64\x69\x6c\x6c\x61\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x34\x33\x3d\x77\x77\x77\x2e\x6a\x61\x72\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x34\x34\x3d\x77\x77\x77\x2e\x6a\x65\x72\x74\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x34\x35\x3d\x77\x77\x77\x2e\x6c\x61\x64\x72\x69\x6c\x6c\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x34\x36\x3d\x77\x77\x77\x2e\x6c\x6f\x67\x72\x6f\x73\x61\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x34\x37\x3d\x77\x77\x77\x2e\x6c\x6f\x73\x61\x72\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x34\x38\x3d\x77\x77\x77\x2e\x6d\x61\x64\x72\x69\x67\x61\x6c\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x34\x39\x3d\x77\x77\x77\x2e\x6d\x61\x64\x72\x69\x67\x61\x6c\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x35\x30\x3d\x77\x77\x77\x2e\x6d\x61\x64\x72\x6f\x6e\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x35\x31\x3d\x77\x77\x77\x2e\x6d\x61\x6a\x61\x64\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x35\x32\x3d\x77\x77\x77\x2e\x6d\x61\x6c\x70\x61\x72\x74\x69\x64\x61\x64\x65\x63\x61\x63\x65\x72\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x35\x33\x3d\x77\x77\x77\x2e\x6d\x61\x6c\x70\x61\x72\x74\x69\x64\x61\x64\x65\x70\x6c\x61\x73\x65\x6e\x63\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x35\x34\x3d\x77\x77\x77\x2e\x6d\x61\x72\x63\x68\x61\x67\x61\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x35\x35\x3d\x77\x77\x77\x2e\x6d\x61\x74\x61\x64\x65\x61\x6c\x63\x61\x6e\x74\x61\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x35\x36\x3d\x77\x77\x77\x2e\x6d\x65\x6d\x62\x72\x69\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x35\x37\x3d\x77\x77\x77\x2e\x6d\x65\x73\x61\x73\x64\x65\x69\x62\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x35\x38\x3d\x77\x77\x77\x2e\x6d\x69\x61\x6a\x61\x64\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x35\x39\x3d\x77\x77\x77\x2e\x6d\x69\x6c\x6c\x61\x6e\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x36\x30\x3d\x77\x77\x77\x2e\x6d\x69\x72\x61\x62\x65\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x36\x31\x3d\x77\x77\x77\x2e\x6d\x6f\x68\x65\x64\x61\x73\x64\x65\x67\x72\x61\x6e\x61\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x36\x32\x3d\x77\x77\x77\x2e\x6d\x6f\x6e\x72\x6f\x79\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x36\x33\x3d\x77\x77\x77\x2e\x6d\x6f\x6e\x74\x61\x6e\x63\x68\x65\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x36\x34\x3d\x77\x77\x77\x2e\x6d\x6f\x6e\x74\x65\x68\x65\x72\x6d\x6f\x73\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x36\x35\x3d\x77\x77\x77\x2e\x6d\x6f\x72\x61\x6c\x65\x6a\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x36\x36\x3d\x77\x77\x77\x2e\x6d\x6f\x72\x63\x69\x6c\x6c\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x36\x37\x3d\x77\x77\x77\x2e\x6e\x61\x76\x61\x63\x6f\x6e\x63\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x36\x38\x3d\x77\x77\x77\x2e\x6e\x61\x76\x61\x6c\x76\x69\x6c\x6c\x61\x72\x64\x65\x69\x62\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x36\x39\x3d\x77\x77\x77\x2e\x6e\x61\x76\x61\x6c\x6d\x6f\x72\x61\x6c\x64\x65\x6c\x61\x6d\x61\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x37\x30\x3d\x77\x77\x77\x2e\x6e\x61\x76\x61\x73\x64\x65\x6c\x6d\x61\x64\x72\x6f\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x37\x31\x3d\x77\x77\x77\x2e\x6e\x61\x76\x61\x74\x72\x61\x73\x69\x65\x72\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x37\x32\x3d\x77\x77\x77\x2e\x6e\x61\x76\x65\x7a\x75\x65\x6c\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x37\x33\x3d\x77\x77\x77\x2e\x6e\x75\x6e\x6f\x6d\x6f\x72\x61\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x37\x34\x3d\x77\x77\x77\x2e\x6f\x6c\x69\x76\x61\x64\x65\x70\x6c\x61\x73\x65\x6e\x63\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x37\x35\x3d\x77\x77\x77\x2e\x70\x61\x6c\x6f\x6d\x65\x72\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x37\x36\x3d\x77\x77\x77\x2e\x70\x61\x73\x61\x72\x6f\x6e\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x37\x37\x3d\x77\x77\x77\x2e\x70\x65\x64\x72\x6f\x73\x6f\x64\x65\x61\x63\x69\x6d\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x37\x38\x3d\x77\x77\x77\x2e\x70\x65\x72\x61\x6c\x65\x64\x61\x64\x65\x6c\x61\x6d\x61\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x37\x39\x3d\x77\x77\x77\x2e\x70\x65\x72\x61\x6c\x65\x64\x61\x64\x65\x73\x61\x6e\x72\x6f\x6d\x61\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x38\x30\x3d\x77\x77\x77\x2e\x70\x65\x72\x61\x6c\x65\x73\x64\x65\x6c\x70\x75\x65\x72\x74\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x38\x31\x3d\x77\x77\x77\x2e\x70\x65\x73\x63\x75\x65\x7a\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x38\x32\x3d\x77\x77\x77\x2e\x6c\x61\x70\x65\x73\x67\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x38\x33\x3d\x77\x77\x77\x2e\x70\x69\x65\x64\x72\x61\x73\x61\x6c\x62\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x38\x34\x3d\x77\x77\x77\x2e\x70\x69\x6e\x6f\x66\x72\x61\x6e\x71\x75\x65\x61\x64\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x38\x35\x3d\x77\x77\x77\x2e\x70\x69\x6f\x72\x6e\x61\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x38\x36\x3d\x77\x77\x77\x2e\x70\x6c\x61\x73\x65\x6e\x7a\x75\x65\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x38\x37\x3d\x77\x77\x77\x2e\x70\x6f\x72\x74\x61\x6a\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x38\x38\x3d\x77\x77\x77\x2e\x70\x6f\x72\x74\x65\x7a\x75\x65\x6c\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x38\x39\x3d\x77\x77\x77\x2e\x70\x6f\x7a\x75\x65\x6c\x6f\x64\x65\x7a\x61\x72\x7a\x6f\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x39\x30\x3d\x77\x77\x77\x2e\x70\x75\x65\x62\x6c\x6f\x6e\x75\x65\x76\x6f\x64\x65\x6d\x69\x72\x61\x6d\x6f\x6e\x74\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x39\x31\x3d\x77\x77\x77\x2e\x70\x75\x65\x72\x74\x6f\x64\x65\x73\x61\x6e\x74\x61\x63\x72\x75\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x39\x32\x3d\x77\x77\x77\x2e\x72\x65\x62\x6f\x6c\x6c\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x39\x33\x3d\x77\x77\x77\x2e\x72\x69\x6f\x6c\x6f\x62\x6f\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x39\x34\x3d\x77\x77\x77\x2e\x72\x6f\x62\x6c\x65\x64\x69\x6c\x6c\x6f\x64\x65\x67\x61\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x39\x35\x3d\x77\x77\x77\x2e\x72\x6f\x62\x6c\x65\x64\x69\x6c\x6c\x6f\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x39\x36\x3d\x77\x77\x77\x2e\x72\x6f\x62\x6c\x65\x64\x69\x6c\x6c\x6f\x64\x65\x74\x72\x75\x6a\x69\x6c\x6c\x6f\x2c\x44\x4e\x53\x2e\x33\x39\x37\x3d\x77\x77\x77\x2e\x72\x6f\x62\x6c\x65\x64\x6f\x6c\x6c\x61\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x39\x38\x3d\x77\x77\x77\x2e\x72\x6f\x6d\x61\x6e\x67\x6f\x72\x64\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x33\x39\x39\x3d\x77\x77\x77\x2e\x72\x75\x61\x6e\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x30\x30\x3d\x77\x77\x77\x2e\x73\x61\x6c\x6f\x72\x69\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x30\x31\x3d\x77\x77\x77\x2e\x73\x61\x6c\x76\x61\x74\x69\x65\x72\x72\x61\x64\x65\x73\x61\x6e\x74\x69\x61\x67\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x30\x32\x3d\x77\x77\x77\x2e\x73\x61\x6e\x6d\x61\x72\x74\x69\x6e\x64\x65\x74\x72\x65\x76\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x30\x33\x3d\x77\x77\x77\x2e\x61\x79\x74\x6f\x73\x61\x6e\x74\x61\x61\x6e\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x30\x34\x3d\x77\x77\x77\x2e\x73\x61\x6e\x74\x61\x63\x72\x75\x7a\x64\x65\x6c\x61\x73\x69\x65\x72\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x30\x35\x3d\x77\x77\x77\x2e\x73\x61\x6e\x74\x61\x63\x72\x75\x7a\x64\x65\x70\x61\x6e\x69\x61\x67\x75\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x30\x36\x3d\x77\x77\x77\x2e\x73\x61\x6e\x74\x61\x6d\x61\x72\x74\x61\x64\x65\x6d\x61\x67\x61\x73\x63\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x30\x37\x3d\x77\x77\x77\x2e\x73\x61\x6e\x74\x69\x61\x67\x6f\x64\x65\x6c\x63\x61\x6d\x70\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x30\x38\x3d\x77\x77\x77\x2e\x73\x61\x6e\x74\x69\x62\x61\x6e\x65\x7a\x65\x6c\x61\x6c\x74\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x30\x39\x3d\x77\x77\x77\x2e\x73\x61\x6e\x74\x69\x62\x61\x6e\x65\x7a\x65\x6c\x62\x61\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x31\x30\x3d\x77\x77\x77\x2e\x73\x61\x75\x63\x65\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x31\x31\x3d\x77\x77\x77\x2e\x73\x65\x67\x75\x72\x61\x64\x65\x74\x6f\x72\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x31\x32\x3d\x77\x77\x77\x2e\x73\x65\x72\x72\x61\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x31\x33\x3d\x77\x77\x77\x2e\x73\x65\x72\x72\x65\x6a\x6f\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x31\x34\x3d\x77\x77\x77\x2e\x73\x69\x65\x72\x72\x61\x64\x65\x66\x75\x65\x6e\x74\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x31\x35\x3d\x77\x77\x77\x2e\x74\x61\x6c\x61\x76\x61\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x31\x36\x3d\x77\x77\x77\x2e\x74\x61\x6c\x61\x76\x65\x72\x75\x65\x6c\x61\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x31\x37\x3d\x77\x77\x77\x2e\x74\x61\x6c\x61\x79\x75\x65\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x31\x38\x3d\x77\x77\x77\x2e\x74\x65\x6a\x65\x64\x61\x64\x65\x74\x69\x65\x74\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x31\x39\x3d\x77\x77\x77\x2e\x74\x6f\x72\x69\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x32\x30\x3d\x77\x77\x77\x2e\x74\x6f\x72\x6e\x61\x76\x61\x63\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x32\x31\x3d\x77\x77\x77\x2e\x61\x79\x74\x6f\x65\x6c\x74\x6f\x72\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x32\x32\x3d\x77\x77\x77\x2e\x74\x6f\x72\x72\x65\x63\x69\x6c\x6c\x61\x64\x65\x6c\x6f\x73\x61\x6e\x67\x65\x6c\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x32\x33\x3d\x77\x77\x77\x2e\x74\x6f\x72\x72\x65\x63\x69\x6c\x6c\x61\x73\x64\x65\x6c\x61\x74\x69\x65\x73\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x32\x34\x3d\x77\x77\x77\x2e\x74\x6f\x72\x72\x65\x64\x65\x64\x6f\x6e\x6d\x69\x67\x75\x65\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x32\x35\x3d\x77\x77\x77\x2e\x74\x6f\x72\x72\x65\x64\x65\x73\x61\x6e\x74\x61\x6d\x61\x72\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x32\x36\x3d\x77\x77\x77\x2e\x74\x6f\x72\x72\x65\x6a\x6f\x6e\x65\x6c\x72\x75\x62\x69\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x32\x37\x3d\x77\x77\x77\x2e\x74\x6f\x72\x72\x65\x6a\x6f\x6e\x63\x69\x6c\x6c\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x32\x38\x3d\x77\x77\x77\x2e\x74\x6f\x72\x72\x65\x6d\x65\x6e\x67\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x32\x39\x3d\x77\x77\x77\x2e\x74\x6f\x72\x72\x65\x6d\x6f\x63\x68\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x33\x30\x3d\x77\x77\x77\x2e\x74\x6f\x72\x72\x65\x6f\x72\x67\x61\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x33\x31\x3d\x77\x77\x77\x2e\x74\x6f\x72\x72\x65\x71\x75\x65\x6d\x61\x64\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x33\x32\x3d\x77\x77\x77\x2e\x76\x61\x6c\x64\x61\x73\x74\x69\x6c\x6c\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x33\x33\x3d\x77\x77\x77\x2e\x76\x61\x6c\x64\x65\x63\x61\x6e\x61\x73\x64\x65\x74\x61\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x33\x34\x3d\x77\x77\x77\x2e\x76\x61\x6c\x64\x65\x66\x75\x65\x6e\x74\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x33\x35\x3d\x77\x77\x77\x2e\x76\x61\x6c\x64\x65\x68\x75\x6e\x63\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x33\x36\x3d\x77\x77\x77\x2e\x76\x61\x6c\x64\x65\x69\x6e\x69\x67\x6f\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x33\x37\x3d\x77\x77\x77\x2e\x76\x61\x6c\x64\x65\x6c\x61\x63\x61\x73\x61\x64\x65\x74\x61\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x33\x38\x3d\x77\x77\x77\x2e\x76\x61\x6c\x64\x65\x6d\x6f\x72\x61\x6c\x65\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x33\x39\x3d\x77\x77\x77\x2e\x76\x61\x6c\x64\x65\x6f\x62\x69\x73\x70\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x34\x30\x3d\x77\x77\x77\x2e\x76\x61\x6c\x64\x65\x73\x61\x6c\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x34\x31\x3d\x77\x77\x77\x2e\x76\x61\x6c\x72\x69\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x34\x32\x3d\x77\x77\x77\x2e\x76\x61\x6c\x65\x6e\x63\x69\x61\x64\x65\x61\x6c\x63\x61\x6e\x74\x61\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x34\x33\x3d\x77\x77\x77\x2e\x76\x61\x6c\x76\x65\x72\x64\x65\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x34\x34\x3d\x77\x77\x77\x2e\x76\x61\x6c\x76\x65\x72\x64\x65\x64\x65\x6c\x66\x72\x65\x73\x6e\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x34\x35\x3d\x77\x77\x77\x2e\x76\x65\x67\x61\x76\x69\x61\x6e\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x34\x36\x3d\x77\x77\x77\x2e\x76\x69\x61\x6e\x64\x61\x72\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x34\x37\x3d\x77\x77\x77\x2e\x76\x69\x6c\x6c\x61\x64\x65\x6c\x63\x61\x6d\x70\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x34\x38\x3d\x77\x77\x77\x2e\x76\x69\x6c\x6c\x61\x64\x65\x6c\x72\x65\x79\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x34\x39\x3d\x77\x77\x77\x2e\x76\x69\x6c\x6c\x61\x6d\x65\x73\x69\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x35\x30\x3d\x77\x77\x77\x2e\x76\x69\x6c\x6c\x61\x6d\x69\x65\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x35\x31\x3d\x77\x77\x77\x2e\x76\x69\x6c\x6c\x61\x6e\x75\x65\x76\x61\x64\x65\x6c\x61\x73\x69\x65\x72\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x35\x32\x3d\x77\x77\x77\x2e\x76\x69\x6c\x6c\x61\x72\x64\x65\x6c\x70\x65\x64\x72\x6f\x73\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x35\x33\x3d\x77\x77\x77\x2e\x76\x69\x6c\x6c\x61\x72\x64\x65\x70\x6c\x61\x73\x65\x6e\x63\x69\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x35\x34\x3d\x77\x77\x77\x2e\x76\x69\x6c\x6c\x61\x73\x62\x75\x65\x6e\x61\x73\x64\x65\x67\x61\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x35\x35\x3d\x77\x77\x77\x2e\x7a\x61\x72\x7a\x61\x64\x65\x67\x72\x61\x6e\x61\x64\x69\x6c\x6c\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x35\x36\x3d\x77\x77\x77\x2e\x7a\x61\x72\x7a\x61\x64\x65\x6d\x6f\x6e\x74\x61\x6e\x63\x68\x65\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x35\x37\x3d\x77\x77\x77\x2e\x7a\x61\x72\x7a\x61\x6c\x61\x6d\x61\x79\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x35\x38\x3d\x77\x77\x77\x2e\x7a\x6f\x72\x69\x74\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x35\x39\x3d\x77\x77\x77\x2e\x72\x6f\x73\x61\x6c\x65\x6a\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x36\x30\x3d\x77\x77\x77\x2e\x76\x65\x67\x61\x76\x69\x61\x6e\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x36\x31\x3d\x77\x77\x77\x2e\x61\x6c\x61\x67\x6f\x6e\x64\x65\x6c\x72\x69\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x36\x32\x3d\x77\x77\x77\x2e\x74\x69\x65\x74\x61\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x36\x33\x3d\x77\x77\x77\x2e\x76\x61\x6c\x64\x65\x73\x61\x6c\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x36\x34\x3d\x77\x77\x77\x2e\x6e\x61\x76\x61\x74\x72\x61\x73\x69\x65\x72\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x36\x35\x3d\x77\x77\x77\x2e\x72\x69\x76\x65\x72\x61\x64\x65\x66\x72\x65\x73\x6e\x65\x64\x6f\x73\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x36\x36\x3d\x77\x77\x77\x2e\x65\x6c\x6d\x73\x61\x6e\x67\x69\x6c\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x36\x37\x3d\x77\x77\x77\x2e\x74\x61\x6a\x6f\x73\x61\x6c\x6f\x72\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x36\x38\x3d\x77\x77\x77\x2e\x76\x61\x6c\x6c\x65\x61\x6d\x62\x72\x6f\x7a\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x36\x39\x3d\x77\x77\x77\x2e\x6d\x61\x6e\x63\x6f\x6d\x75\x6e\x69\x64\x61\x64\x76\x61\x6c\x6c\x65\x64\x65\x6c\x61\x6c\x61\x67\x6f\x6e\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x37\x30\x3d\x77\x77\x77\x2e\x6d\x61\x6e\x63\x6f\x6d\x75\x6e\x69\x64\x61\x64\x76\x61\x6c\x6c\x65\x64\x65\x6c\x6a\x65\x72\x74\x65\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x37\x31\x3d\x77\x77\x77\x2e\x6d\x61\x6e\x63\x6f\x6d\x75\x6e\x69\x64\x61\x64\x76\x65\x67\x61\x73\x61\x6c\x74\x61\x73\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x37\x32\x3d\x77\x77\x77\x2e\x6d\x61\x6e\x63\x6f\x6d\x75\x6e\x69\x64\x61\x64\x64\x65\x6c\x61\x76\x65\x72\x61\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x37\x33\x3d\x77\x77\x77\x2e\x6d\x61\x6e\x63\x6f\x6d\x75\x6e\x69\x64\x61\x64\x7a\x6f\x6e\x61\x63\x65\x6e\x74\x72\x6f\x2e\x65\x73\x2c\x44\x4e\x53\x2e\x34\x37\x34\x3d\x77\x77\x77\x2e\x76\x69\x6c\x6c\x75\x65\x72\x63\x61\x73\x2d\x69\x62\x6f\x72\x65\x73\x2d\x6a\x61\x72\x61\x2e\x65\x73", 12589}, + } +}; + +void doit(void) +{ + unsigned i; + + for (i=0;i +#endif + +#include +#include + +#include +#include + +#include "utils.h" + +static void decode(const char *test_name, const gnutls_datum_t *raw, const char *expected, const char *expected_compat) +{ + int ret; + gnutls_datum_t out; + gnutls_x509_dn_t dn; + + ret = gnutls_x509_dn_init(&dn); + if (ret < 0) { + test_fail("%s\n", gnutls_strerror(ret)); + } + + ret = gnutls_x509_dn_import(dn, raw); + if (ret < 0) { + test_fail("%s\n", gnutls_strerror(ret)); + } + + ret = gnutls_x509_dn_get_str2(dn, &out, 0); + if (ret < 0) { + test_fail("%s\n", gnutls_strerror(ret)); + } + + if (out.size != strlen(expected)) { + test_fail("The length of the output (%d) doesn't match the expected (%d)\n", (int)out.size, (int)strlen(expected)); + } + + if (memcmp(out.data, expected, out.size) != 0) { + test_fail("The string output (%s) doesn't match the expected (%s)\n", (char*)out.data, expected); + } + + if (out.data[out.size] != 0) { + test_fail("The string output isn't null terminated\n"); + } + + gnutls_free(out.data); + + /* compat mode */ + ret = gnutls_x509_dn_get_str(dn, &out); + if (ret < 0) { + test_fail("%s\n", gnutls_strerror(ret)); + } + + if (out.size != strlen(expected_compat)) { + test_fail("The length of the output (%d) doesn't match the expected (%d)\n", (int)out.size, (int)strlen(expected_compat)); + } + + if (memcmp(out.data, expected_compat, out.size) != 0) { + test_fail("The string output (%s) doesn't match the expected (%s)\n", (char*)out.data, expected_compat); + } + + if (out.data[out.size] != 0) { + test_fail("The string output isn't null terminated\n"); + } + + gnutls_free(out.data); + gnutls_x509_dn_deinit(dn); + + return; +} + +static void encode(const char *test_name, const gnutls_datum_t *raw, const char *str, int exp_error) +{ + int ret; + gnutls_datum_t out; + gnutls_x509_dn_t dn; + const char *err; + + ret = gnutls_x509_dn_init(&dn); + if (ret < 0) { + test_fail("%s\n", gnutls_strerror(ret)); + } + + ret = gnutls_x509_dn_set_str(dn, str, &err); + + if (ret < 0) { + if (ret == exp_error) + goto cleanup; + + if (ret == GNUTLS_E_PARSING_ERROR) + test_fail("error: %s: %s\n", gnutls_strerror(ret), err); + else + test_fail("%s\n", gnutls_strerror(ret)); + } + + if (ret != exp_error) { + test_fail("unexpected success in encoding (got: %d, exp: %d)\n", ret, exp_error); + } + + ret = gnutls_x509_dn_export2(dn, GNUTLS_X509_FMT_DER, &out); + if (ret < 0) { + test_fail("%s\n", gnutls_strerror(ret)); + } + + if (out.size != raw->size) { + { + unsigned i; + fprintf(stderr, "got:\n"); + for (i=0;isize); + } + + if (memcmp(out.data, raw->data, out.size) != 0) { + { + unsigned i; + fprintf(stderr, "got:\n"); + for (i=0;i +#endif + +#include +#include +#include +#include +#include + +#include +#include + +#include "utils.h" + +static const char cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" + "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" + "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" + "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" + "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" + "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" + "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" + "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" + "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" + "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; +static const gnutls_datum_t cert_datum = { (unsigned char *) cert_pem, + sizeof(cert_pem) +}; + +void doit(void) +{ + gnutls_x509_crt_t cert; + gnutls_x509_dn_t sdn, dn2; + unsigned char buf[8192], buf2[8192]; + size_t buflen, buf2len; + gnutls_datum_t datum; + int rv; + + global_init(); + + if (gnutls_x509_crt_init(&cert) != 0) + fail("cert init failure\n"); + + if (gnutls_x509_crt_import(cert, &cert_datum, GNUTLS_X509_FMT_PEM) + != 0) + fail("FAIL: could not import PEM cert\n"); + + if (gnutls_x509_crt_get_subject(cert, &sdn) != 0) + fail("FAIL: could not get subject DN.\n"); + + buflen = sizeof buf; + rv = gnutls_x509_dn_export(sdn, GNUTLS_X509_FMT_DER, buf, &buflen); + if (rv != 0) + fail("FAIL: could not export subject DN: %s\n", + gnutls_strerror(rv)); + + if (gnutls_x509_dn_init(&dn2) != 0) + fail("FAIL: DN init.\n"); + + datum.data = buf; + datum.size = buflen; + + if (gnutls_x509_dn_import(dn2, &datum) != 0) + fail("FAIL: re-import subject DN.\n"); + + buf2len = sizeof buf2; + rv = gnutls_x509_dn_export(dn2, GNUTLS_X509_FMT_DER, buf2, + &buf2len); + if (rv != 0) + fail("FAIL: could not export subject DN: %s\n", + gnutls_strerror(rv)); + + if (buflen == buf2len && memcmp(buf, buf2, buflen) != 0) + fail("FAIL: export/import/export differ.\n"); + + gnutls_x509_dn_deinit(dn2); + + gnutls_x509_crt_deinit(cert); + + gnutls_global_deinit(); +} diff --git a/tests/x509-extensions.c b/tests/x509-extensions.c new file mode 100644 index 0000000..a062c1b --- /dev/null +++ b/tests/x509-extensions.c @@ -0,0 +1,893 @@ +/* + * Copyright (C) 2006-2012 Free Software Foundation, Inc. + * Author: Simon Josefsson, Howard Chu + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include +#include +#include +#include "utils.h" + +static char invalid_cert[] = /* v1 certificate with extensions */ +"-----BEGIN CERTIFICATE-----\n" +"MIIDHjCCAgYCDFQ7zlUDsihSxVF4mDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQD\n" +"EwRDQS0wMCIYDzIwMTQxMDEzMTMwNjI5WhgPOTk5OTEyMzEyMzU5NTlaMBMxETAP\n" +"BgNVBAMTCHNlcnZlci0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n" +"zoG3/1YtwGHh/5u3ex6xAmwO0/H4gdIy/yiYLxqWcy+HzyMBBZHNXuV7W0z7x+Qo\n" +"qCGtenWkzIQSgeYKyzdcpPDscZIYOgwHWUFczxgVGdLsBKPSczgqMHpSCLgMgnDM\n" +"RaN6SNQeTQdftkLt5wdBSzNaxhhPYsCEbopSeZ8250FCLS3gRpoMtYCBiy7cjSJB\n" +"zv6zmZStXNgTYr8pLwI0nyxPyRdB+TZyqAC6r9W154y51vsqUCGmC0I9hn1A5kkD\n" +"5057x+Ho1kDwPxOfObdOR+AJSAw/FeGuStzViJY0I68B90sEo/HD+h7mB+CwJ2Yf\n" +"64/xVdh+D8L65eYkM9z88wIDAQABo3cwdTAMBgNVHRMBAf8EAjAAMBQGA1UdEQQN\n" +"MAuCCWxvY2FsaG9zdDAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBT7Gk/u95zI\n" +"JTM89CXJ70IxxqhegDAfBgNVHSMEGDAWgBQ9X77/zddjG9ob2zrR/WuGmxwFGDAN\n" +"BgkqhkiG9w0BAQsFAAOCAQEAaTrAcTkQ7yqf6afoTkFXZuZ+jJXYNGkubxs8Jo/z\n" +"srJk/WWVGAKuxiBDumk88Gjm+WXGyIDA7Hq9fhGaklJV2PGRfNVx9No51HXeAToT\n" +"sHs2XKhk9SdKKR4UJkuX3U2malMlCpmFMtm3EieDVZLxeukhODJQtRa3vGg8QWoz\n" +"ODlewHSmQiXhnqq52fLCbdVUaBnaRGOIwNZ0FcBWv9n0ZCuhjg9908rUVH9/OjI3\n" +"AGVZcbN9Jac2ZO8NTxP5vS1hrG2wT9+sVRh1sD5ISZSM4gWdq9sK8d7j+SwOPBWY\n" +"3dcxQlfvWw2Dt876XYoyUZuKirmASVlMw+hkm1WXM7Svsw==\n" +"-----END CERTIFICATE-----\n"; + +static char pem[] = + "-----BEGIN CERTIFICATE-----" + "MIIFdDCCBN2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBkzEVMBMGA1UEAxMMQ2lu" + "ZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjERMA8GA1UECxMIQ0Eg" + "ZGVwdC4xEjAQBgNVBAoTCUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtpMQswCQYD" + "VQQGEwJHUjEcMBoGCSqGSIb3DQEJARYNbm9uZUBub25lLm9yZzAiGA8yMDA3MDQy" + "MTIyMDAwMFoYDzk5OTkxMjMxMjM1OTU5WjCBkzEVMBMGA1UEAxMMQ2luZHkgTGF1" + "cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjERMA8GA1UECxMIQ0EgZGVwdC4x" + "EjAQBgNVBAoTCUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtpMQswCQYDVQQGEwJH" + "UjEcMBoGCSqGSIb3DQEJARYNbm9uZUBub25lLm9yZzCBnzANBgkqhkiG9w0BAQEF" + "AAOBjQAwgYkCgYEApcbOdUOEv2SeAicT8QNZ93ktku18L1CkA/EtebmGiwV+OrtE" + "qq+EzxOYHhxKOPczLXqfctRrbSawMTdwEPtC6didGGV+GUn8BZYEaIMed4a/7fXl" + "EjsT/jMYnBp6HWmvRwJgeh+56M/byDQwUZY9jJZcALxh3ggPsTYhf6kA4wUCAwEA" + "AaOCAtAwggLMMBIGA1UdEwEB/wQIMAYBAf8CAQQwagYDVR0RBGMwYYIMd3d3Lm5v" + "bmUub3JnghN3d3cubW9yZXRoYW5vbmUub3Jnghd3d3cuZXZlbm1vcmV0aGFub25l" + "Lm9yZ4cEwKgBAYENbm9uZUBub25lLm9yZ4EOd2hlcmVAbm9uZS5vcmcwgfcGA1Ud" + "IASB7zCB7DB3BgwrBgEEAapsAQpjAQAwZzAwBggrBgEFBQcCAjAkDCJUaGlzIGlz" + "IGEgbG9uZyBwb2xpY3kgdG8gc3VtbWFyaXplMDMGCCsGAQUFBwIBFidodHRwOi8v" + "d3d3LmV4YW1wbGUuY29tL2EtcG9saWN5LXRvLXJlYWQwcQYMKwYBBAGqbAEKYwEB" + "MGEwJAYIKwYBBQUHAgIwGAwWVGhpcyBpcyBhIHNob3J0IHBvbGljeTA5BggrBgEF" + "BQcCARYtaHR0cDovL3d3dy5leGFtcGxlLmNvbS9hbm90aGVyLXBvbGljeS10by1y" + "ZWFkMB0GA1UdJQQWMBQGCCsGAQUFBwMDBggrBgEFBQcDCTBYBgNVHR4BAf8ETjBM" + "oCQwDYILZXhhbXBsZS5jb20wE4ERbm1hdkBAZXhhbXBsZS5uZXShJDASghB0ZXN0" + "LmV4YW1wbGUuY29tMA6BDC5leGFtcGxlLmNvbTA2BggrBgEFBQcBAQQqMCgwJgYI" + "KwYBBQUHMAGGGmh0dHA6Ly9teS5vY3NwLnNlcnZlci9vY3NwMA8GA1UdDwEB/wQF" + "AwMHBgAwHQYDVR0OBBYEFF1ArfDOlECVi36ZlB2SVCLKcjZfMG8GA1UdHwRoMGYw" + "ZKBioGCGHmh0dHA6Ly93d3cuZ2V0Y3JsLmNybC9nZXRjcmwxL4YeaHR0cDovL3d3" + "dy5nZXRjcmwuY3JsL2dldGNybDIvhh5odHRwOi8vd3d3LmdldGNybC5jcmwvZ2V0" + "Y3JsMy8wDQYJKoZIhvcNAQELBQADgYEAdacOt4/Vgc9Y3pSkik3HBifDeK2OtiW0" + "BZ7xOXqXtL8Uwx6wx/DybZsUbzuR55GLUROYAc3cio5M/0pTwjqmmQ8vuHIt2p8A" + "2fegFcBbNLX38XxACQh4TDAT/4ftPwOtEol4UR4ItZ1d7faDzDXNpmGE+sp5s6ii" + "3cIIpInMKE8=" "-----END CERTIFICATE-----"; + +#define MAX_DATA_SIZE 1024 + +typedef int (*ext_parse_func) (const gnutls_datum_t * der); + +struct ext_handler_st { + const char *oid; + ext_parse_func handler; + unsigned critical; +}; + +static int basic_constraints(const gnutls_datum_t * der) +{ + int ret, pathlen; + unsigned ca; + +/* + Basic Constraints (critical): + Certificate Authority (CA): TRUE + Path Length Constraint: 4 +*/ + ret = gnutls_x509_ext_import_basic_constraints(der, &ca, &pathlen); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (ca != 1) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + if (pathlen != 4) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + return 0; +} + +static int cmp_name(unsigned type, gnutls_datum_t * name, + unsigned expected_type, const char *expected_name) +{ + if (type != expected_type) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + if (name->size != strlen(expected_name)) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + if (strcmp((char *)name->data, expected_name) != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + return 0; +} + +static int subject_alt_name(const gnutls_datum_t * der) +{ + int ret; + gnutls_subject_alt_names_t san; + gnutls_datum_t name; + unsigned type; + unsigned i = 0; + + ret = gnutls_subject_alt_names_init(&san); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_x509_ext_import_subject_alt_names(der, san, 0); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_subject_alt_names_get(san, i++, &type, &name, NULL); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + +/* + Subject Alternative Name (not critical): + DNSname: www.none.org + DNSname: www.morethanone.org + DNSname: www.evenmorethanone.org + IPAddress: 192.168.1.1 + tRFC822Name: none@none.org + tRFC822Name: where@none.org +*/ + ret = cmp_name(type, &name, GNUTLS_SAN_DNSNAME, "www.none.org"); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_subject_alt_names_get(san, i++, &type, &name, NULL); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + ret = cmp_name(type, &name, GNUTLS_SAN_DNSNAME, "www.morethanone.org"); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_subject_alt_names_get(san, i++, &type, &name, NULL); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + ret = + cmp_name(type, &name, GNUTLS_SAN_DNSNAME, + "www.evenmorethanone.org"); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_subject_alt_names_get(san, i++, &type, &name, NULL); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + if (type != GNUTLS_SAN_IPADDRESS) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_subject_alt_names_get(san, i++, &type, &name, NULL); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + ret = cmp_name(type, &name, GNUTLS_SAN_RFC822NAME, "none@none.org"); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_subject_alt_names_get(san, i++, &type, &name, NULL); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + ret = cmp_name(type, &name, GNUTLS_SAN_RFC822NAME, "where@none.org"); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_subject_alt_names_get(san, i++, &type, &name, NULL); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + gnutls_subject_alt_names_deinit(san); + + return 0; +} + +static int ext_key_usage(const gnutls_datum_t * der) +{ +/* + Key Purpose (not critical): + OCSP signing. +*/ + int ret; + gnutls_x509_key_purposes_t p; + unsigned i = 0; + gnutls_datum_t oid; + + ret = gnutls_x509_key_purpose_init(&p); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_x509_ext_import_key_purposes(der, p, 0); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_x509_key_purpose_get(p, i++, &oid); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (strcmp((char *)oid.data, "1.3.6.1.5.5.7.3.3") != 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, + (char *)oid.data); + return -1; + } + + ret = gnutls_x509_key_purpose_get(p, i++, &oid); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (strcmp((char *)oid.data, "1.3.6.1.5.5.7.3.9") != 0) { + fprintf(stderr, "error in %d: %s\n", __LINE__, + (char *)oid.data); + return -1; + } + + ret = gnutls_x509_key_purpose_get(p, i++, &oid); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + gnutls_x509_key_purpose_deinit(p); + + return 0; +} + +static int crt_policies(const gnutls_datum_t * der) +{ + int ret; + gnutls_x509_policies_t policies; + struct gnutls_x509_policy_st policy; + unsigned i = 0; + + ret = gnutls_x509_policies_init(&policies); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_x509_ext_import_policies(der, policies, 0); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_x509_policies_get(policies, i++, &policy); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } +/* + Certificate Policies (not critical): + 1.3.6.1.4.1.5484.1.10.99.1.0 + Note: This is a long policy to summarize + URI: http://www.example.com/a-policy-to-read + 1.3.6.1.4.1.5484.1.10.99.1.1 + Note: This is a short policy + URI: http://www.example.com/another-policy-to-read +*/ + if (strcmp(policy.oid, "1.3.6.1.4.1.5484.1.10.99.1.0") != 0 + || policy.qualifiers != 2) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + if (policy.qualifier[0].type != GNUTLS_X509_QUALIFIER_NOTICE || + policy.qualifier[0].size != 34) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + if (policy.qualifier[1].type != GNUTLS_X509_QUALIFIER_URI || + policy.qualifier[1].size != + strlen("http://www.example.com/a-policy-to-read") + || strcmp("http://www.example.com/a-policy-to-read", + policy.qualifier[1].data) != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + /* second policy */ + ret = gnutls_x509_policies_get(policies, i++, &policy); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + if (strcmp(policy.oid, "1.3.6.1.4.1.5484.1.10.99.1.1") != 0 + || policy.qualifiers != 2) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + if (policy.qualifier[0].type != GNUTLS_X509_QUALIFIER_NOTICE || + policy.qualifier[0].size != 22) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + if (policy.qualifier[1].type != GNUTLS_X509_QUALIFIER_URI || + policy.qualifier[1].size != + strlen("http://www.example.com/another-policy-to-read") + || strcmp("http://www.example.com/another-policy-to-read", + policy.qualifier[1].data) != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + ret = gnutls_x509_policies_get(policies, i++, &policy); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + gnutls_x509_policies_deinit(policies); + + return 0; +} + +static int key_usage(const gnutls_datum_t * der) +{ +/* + Key Usage (critical): + Certificate signing. +*/ + int ret; + unsigned int usage = 0; + + ret = gnutls_x509_ext_import_key_usage(der, &usage); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (usage != (GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN)) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + return 0; +} + +static int subject_key_id(const gnutls_datum_t * der) +{ +/* + Subject Key Identifier (not critical): + 5d40adf0ce9440958b7e99941d925422ca72365f +*/ + int ret; + gnutls_datum_t id; + + ret = gnutls_x509_ext_import_subject_key_id(der, &id); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (id.size != 20 || + memcmp(id.data, + "\x5d\x40\xad\xf0\xce\x94\x40\x95\x8b\x7e\x99\x94\x1d\x92\x54\x22\xca\x72\x36\x5f", + 20) != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + gnutls_free(id.data); + + return 0; +} + +static int crl_dist_points(const gnutls_datum_t * der) +{ + int ret; + gnutls_x509_crl_dist_points_t dp = NULL; + unsigned i = 0; + unsigned flags; + gnutls_datum_t url; + unsigned type; + +/* + CRL Distribution points (not critical): + URI: http://www.getcrl.crl/getcrl1/ + URI: http://www.getcrl.crl/getcrl2/ + URI: http://www.getcrl.crl/getcrl3/ +*/ + + ret = gnutls_x509_crl_dist_points_init(&dp); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_x509_ext_import_crl_dist_points(der, dp, 0); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_x509_crl_dist_points_get(dp, i++, &type, &url, &flags); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (type != GNUTLS_SAN_URI || flags != 0 || + strcmp((char *)url.data, "http://www.getcrl.crl/getcrl1/") != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + ret = gnutls_x509_crl_dist_points_get(dp, i++, &type, &url, &flags); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (type != GNUTLS_SAN_URI || flags != 0 || + strcmp((char *)url.data, "http://www.getcrl.crl/getcrl2/") != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + ret = gnutls_x509_crl_dist_points_get(dp, i++, &type, &url, &flags); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (type != GNUTLS_SAN_URI || flags != 0 || + strcmp((char *)url.data, "http://www.getcrl.crl/getcrl3/") != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + ret = gnutls_x509_crl_dist_points_get(dp, i++, &type, &url, &flags); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + gnutls_x509_crl_dist_points_deinit(dp); + + return 0; +} + +static int name_constraints(const gnutls_datum_t * der) +{ + int ret; + gnutls_x509_name_constraints_t nc = NULL; + unsigned i = 0; + gnutls_datum_t name; + unsigned type; + +/* + Name Constraints (critical): + Permitted: + DNSname: example.com + tRFC822Name: nmav@@example.net + Excluded: + DNSname: test.example.com + tRFC822Name: .example.com +*/ + + ret = gnutls_x509_name_constraints_init(&nc); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_x509_ext_import_name_constraints(der, nc, 0); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_x509_name_constraints_get_permitted(nc, i++, &type, &name); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (type != GNUTLS_SAN_DNSNAME || name.size != 11 || + strcmp((char *)name.data, "example.com") != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + ret = gnutls_x509_name_constraints_get_permitted(nc, i++, &type, &name); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (type != GNUTLS_SAN_RFC822NAME || name.size != 17 || + strcmp((char *)name.data, "nmav@@example.net") != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + ret = gnutls_x509_name_constraints_get_permitted(nc, i++, &type, &name); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + i = 0; + ret = gnutls_x509_name_constraints_get_excluded(nc, i++, &type, &name); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (type != GNUTLS_SAN_DNSNAME || name.size != 16 || + strcmp((char *)name.data, "test.example.com") != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + ret = gnutls_x509_name_constraints_get_excluded(nc, i++, &type, &name); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (type != GNUTLS_SAN_RFC822NAME || name.size != 12 || + strcmp((char *)name.data, ".example.com") != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + ret = gnutls_x509_name_constraints_get_excluded(nc, i++, &type, &name); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + gnutls_x509_name_constraints_deinit(nc); + + return 0; +} + +static int ext_aia(const gnutls_datum_t * der) +{ + int ret; + gnutls_x509_aia_t aia = NULL; + unsigned i = 0; + gnutls_datum_t oid; + gnutls_datum_t name; + unsigned type; + +/* Authority Information Access (not critical): + Access Method: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp) + Access Location URI: http://my.ocsp.server/ocsp +*/ + ret = gnutls_x509_aia_init(&aia); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_x509_ext_import_aia(der, aia, 0); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + ret = gnutls_x509_aia_get(aia, i++, &oid, &type, &name); + if (ret < 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return ret; + } + + if (strcmp((char *)oid.data, "1.3.6.1.5.5.7.48.1") != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + if (type != GNUTLS_SAN_URI || name.size != 26 || + strcmp((char *)name.data, "http://my.ocsp.server/ocsp") != 0) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + ret = gnutls_x509_aia_get(aia, i++, &oid, &type, &name); + if (ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fprintf(stderr, "error in %d\n", __LINE__); + return -1; + } + + gnutls_x509_aia_deinit(aia); + + return 0; +} + +struct ext_handler_st handlers[] = { + {GNUTLS_X509EXT_OID_BASIC_CONSTRAINTS, basic_constraints, 1}, + {GNUTLS_X509EXT_OID_SAN, subject_alt_name, 0}, + {GNUTLS_X509EXT_OID_CRT_POLICY, crt_policies, 0}, + {GNUTLS_X509EXT_OID_EXTENDED_KEY_USAGE, ext_key_usage, 0}, + {GNUTLS_X509EXT_OID_KEY_USAGE, key_usage, 1}, + {GNUTLS_X509EXT_OID_SUBJECT_KEY_ID, subject_key_id, 0}, + {GNUTLS_X509EXT_OID_CRL_DIST_POINTS, crl_dist_points, 0}, + {GNUTLS_X509EXT_OID_NAME_CONSTRAINTS, name_constraints, 1}, + {GNUTLS_X509EXT_OID_AUTHORITY_INFO_ACCESS, ext_aia, 0}, + {NULL, NULL} +}; + +void doit(void) +{ + int ret; + gnutls_datum_t derCert = { (void *)pem, sizeof(pem)-1 }; + gnutls_datum_t v1Cert = { (void *)invalid_cert, sizeof(invalid_cert)-1 }; + gnutls_x509_crt_t cert; + size_t oid_len = MAX_DATA_SIZE; + gnutls_datum_t ext; + char oid[MAX_DATA_SIZE]; + unsigned int critical = 0; + unsigned i, j; + + ret = global_init(); + if (ret < 0) + fail("init %d\n", ret); + + ret = gnutls_x509_crt_init(&cert); + if (ret < 0) + fail("crt_init %d\n", ret); + + ret = gnutls_x509_crt_import(cert, &v1Cert, GNUTLS_X509_FMT_PEM); + if (ret >= 0) + fail("crt_import of v1 cert with extensions should have failed: %d\n", ret); + gnutls_x509_crt_deinit(cert); + + ret = gnutls_x509_crt_init(&cert); + if (ret < 0) + fail("crt_init %d\n", ret); + + ret = gnutls_x509_crt_import(cert, &derCert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("crt_import %d\n", ret); + + for (i = 0;; i++) { + oid_len = sizeof(oid); + ret = + gnutls_x509_crt_get_extension_info(cert, i, oid, &oid_len, + &critical); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + if (i != 9) { + fail("unexpected number of extensions: %d\n", + i); + } + break; + } + + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, + gnutls_strerror(ret)); + } + + ret = gnutls_x509_crt_get_extension_data2(cert, i, &ext); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, + gnutls_strerror(ret)); + } + + /* find the handler for this extension and run it */ + for (j = 0;; j++) { + if (handlers[j].oid == NULL) { + fail("could not find handler for extension %s\n", oid); + break; + } + + if (strcmp(handlers[j].oid, oid) == 0) { + if (critical != handlers[j].critical) { + fail("error in %d (%s)\n", __LINE__, + oid); + } + + ret = handlers[j].handler(&ext); + if (ret < 0) { + fail("error in %d (%s): %s\n", __LINE__, + oid, gnutls_strerror(ret)); + } + break; + } + } + gnutls_free(ext.data); + } + + if (debug) + success("done\n"); + + gnutls_x509_crt_deinit(cert); + gnutls_global_deinit(); +} + +/* The template used to generate the certificate */ + +/* +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "CA dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +uid = "clauper" + +# This is deprecated and should not be used in new +# certificates. +pkcs9_email = "none@none.org" + +# The serial number of the certificate +serial = 7 + +# In how many days, counting from today, this certificate will expire. +expiration_days = -1 + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +dns_name = "www.none.org" +dns_name = "www.morethanone.org" + +# An IP address in case of a server. +ip_address = "192.168.1.1" + +dns_name = "www.evenmorethanone.org" + +# An email in case of a person +email = "none@none.org" + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +crl_dist_points = "http://www.getcrl.crl/getcrl1/" +crl_dist_points = "http://www.getcrl.crl/getcrl2/" +crl_dist_points = "http://www.getcrl.crl/getcrl3/" + +email = "where@none.org" + +# Whether this is a CA certificate or not +ca +path_len = 4 + +nc_permit_dns = example.com +nc_exclude_dns = test.example.com +nc_permit_email = nmav@@example.net +nc_exclude_email = .example.com + +proxy_policy_language = 1.3.6.1.5.5.7.21.1 + +policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0 +policy1_txt = "This is a long policy to summarize" +policy1_url = http://www.example.com/a-policy-to-read + +policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1 +policy2_txt = "This is a short policy" +policy2_url = http://www.example.com/another-policy-to-read + +ocsp_uri = http://my.ocsp.server/ocsp + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +#encryption_key + +# Whether this key will be used to sign other certificates. +cert_signing_key + +# Whether this key will be used to sign CRLs. +crl_signing_key + +# Whether this key will be used to sign code. +code_signing_key + +# Whether this key will be used to sign OCSP data. +ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key + +*/ diff --git a/tests/x509-server-verify.c b/tests/x509-server-verify.c new file mode 100644 index 0000000..ee48d39 --- /dev/null +++ b/tests/x509-server-verify.c @@ -0,0 +1,180 @@ +/* + * Copyright (C) 2015 Red Hat, Inc. + * Copyright (C) 2019 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include "utils.h" +#include "eagain-common.h" +#include "cert-common.h" +#include "ocsp-common.h" + +/* This tests gnutls_certificate_verify_peers2() to verify a client certificate + * by server. */ + +const char *side; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s|<%d>| %s", side, level, str); +} + +static void start(const char *prio) +{ + int ret; + /* Server stuff. */ + gnutls_certificate_credentials_t serverx509cred; + gnutls_session_t server; + int sret = GNUTLS_E_AGAIN; + /* Client stuff. */ + gnutls_certificate_credentials_t clientx509cred; + gnutls_session_t client; + int cret = GNUTLS_E_AGAIN; + unsigned index1; + + success("testing %s\n", prio); + + /* General init. */ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(2); + + assert(gnutls_certificate_allocate_credentials(&serverx509cred)>=0); + ret = gnutls_certificate_set_x509_key_mem2(serverx509cred, &server_ca3_localhost6_cert, + &server_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0); + assert(ret>=0); + index1 = ret; + + ret = gnutls_certificate_set_ocsp_status_request_mem(serverx509cred, &ocsp_ca3_localhost6_unknown_pem, + index1, GNUTLS_X509_FMT_PEM); + assert(ret>=0); + + assert(gnutls_init(&server, GNUTLS_SERVER)>=0); + gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, serverx509cred); + assert(gnutls_priority_set_direct(server, + prio, NULL) >= 0); + gnutls_transport_set_push_function(server, server_push); + gnutls_transport_set_pull_function(server, server_pull); + gnutls_transport_set_ptr(server, server); + gnutls_certificate_server_set_request(server, GNUTLS_CERT_REQUEST); + + assert(gnutls_certificate_allocate_credentials(&clientx509cred) >= 0); + assert(gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca3_cert, + GNUTLS_X509_FMT_PEM) >= 0); + + ret = gnutls_certificate_set_x509_key_mem2(clientx509cred, &cli_ca3_cert_chain, + &cli_ca3_key, GNUTLS_X509_FMT_PEM, NULL, 0); + assert(ret>=0); + index1 = ret; + + ret = gnutls_certificate_set_ocsp_status_request_mem(clientx509cred, &ocsp_cli_ca3_good_pem, + index1, GNUTLS_X509_FMT_PEM); + assert(ret>=0); + + assert(gnutls_certificate_set_x509_trust_mem(clientx509cred, &ca3_cert, + GNUTLS_X509_FMT_PEM) >= 0); + + + assert(gnutls_init(&client, GNUTLS_CLIENT) >= 0); + + assert(gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, + clientx509cred) >= 0); + + assert(gnutls_priority_set_direct(client, prio, NULL)>=0); + gnutls_transport_set_push_function(client, client_push); + gnutls_transport_set_pull_function(client, client_pull); + gnutls_transport_set_ptr(client, client); + + HANDSHAKE(client, server); + + /* check verify peers in server side */ + { + unsigned status; + + ret = gnutls_certificate_verify_peers2(server, &status); + if (ret < 0) { + fail("could not verify client certificate: %s\n", + gnutls_strerror(ret)); + } + + if (status == 0) + fail("No CAs present but succeeded!\n"); + + assert(gnutls_certificate_set_x509_trust_mem(serverx509cred, &ca3_cert, + GNUTLS_X509_FMT_PEM) >= 0); + + ret = gnutls_certificate_verify_peers2(server, &status); + if (ret < 0) { + fail("could not verify client certificate: %s\n", + gnutls_strerror(ret)); + } + + if (status != 0) + fail("Verification should have succeeded!\n"); + + /* under TLS1.3 the client can send OCSP responses too */ + if (gnutls_protocol_get_version(server) == GNUTLS_TLS1_3) { + ret = gnutls_ocsp_status_request_is_checked(server, GNUTLS_OCSP_SR_IS_AVAIL); + assert(ret >= 0); + + ret = gnutls_ocsp_status_request_is_checked(server, 0); + assert(ret >= 0); + } else { + ret = gnutls_ocsp_status_request_is_checked(server, GNUTLS_OCSP_SR_IS_AVAIL); + assert(ret == 0); + + ret = gnutls_ocsp_status_request_is_checked(server, 0); + assert(ret == 0); + } + } + + gnutls_bye(client, GNUTLS_SHUT_RDWR); + gnutls_bye(server, GNUTLS_SHUT_RDWR); + + gnutls_deinit(client); + gnutls_deinit(server); + + gnutls_certificate_free_credentials(serverx509cred); + gnutls_certificate_free_credentials(clientx509cred); + + gnutls_global_deinit(); + + reset_buffers(); +} + +void doit(void) +{ + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1"); + start("NORMAL"); +} diff --git a/tests/x509-upnconstraint.c b/tests/x509-upnconstraint.c new file mode 100644 index 0000000..a25e06b --- /dev/null +++ b/tests/x509-upnconstraint.c @@ -0,0 +1,289 @@ +/* + * Copyright (C) 2022 Brian Wickman + * + * Author: Brian Wickman + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +#include "utils.h" +#include +#include +#include + +/* Test that UPN OTHERNAME constraints in a CA certificate + * are parsed correctly + * + * Test that a leaf certificate with a DNSName validates correctly + * when issued by a CA with UPN OTHERNAME constraints (Issue 1132) + * (UPN == User Principal Name - used in Active Directory + * environments using smartcards for authentication) + */ + +void verify_upn_constraints(gnutls_x509_name_constraints_t); +void verify_non_upn_leaf(gnutls_x509_name_constraints_t); + +static const char _domaincontroller[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIEqTCCA5GgAwIBAgITQAAAAAPX0eQxgcZpHAAAAAAAAzANBgkqhkiG9w0BAQsF\n" + "ADA0MRUwEwYDVQQKEwxFeGFtcGxlIEluYy4xGzAZBgNVBAMTEkV4YW1wbGUgQ29y\n" + "cCBBRCBDQTAeFw0yMjA0MTIxNjUzMTFaFw0yNzA0MTExNjUzMTFaMCIxIDAeBgNV\n" + "BAMTF2V4YW1wbGVkYzAxLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" + "AQ8AMIIBCgKCAQEAtnYFOqZas9U9GX87w2bvyQh6l3fWJ83JHEHAwP11j9dQu/sa\n" + "qgMYr/OqH+5tCvsDLt9sI35RCuF+6San3P1m56G+iYaawE46UrbHSYC4PyhinOXx\n" + "X3xXzaxjTDYhz46Fvfmoqa732zPYG3QQplPsjQbRx96iXOSkdWt8g4mbTJ/eyYdG\n" + "uXt1mlvL+USz5b39trOgSgTC60cdneBrQsBh7o80rHvaprvjTY5mHS7JNHcsr9Hs\n" + "xjOOq9t3LdWehXYshINZ6ChxaHipbBUF+0CTvwJW8wvQtSV6MYDl+cbS/47OwJG0\n" + "OXJxFVQofJWNi4/IrTC42d3fyEWA2ZnP898GeQIDAQABo4IBxDCCAcAwPQYJKwYB\n" + "BAGCNxUHBDAwLgYmKwYBBAGCNxUIg/iOToSq0GWEhZMhhZ3KIoKY1VocgufIbYTY\n" + "+3sCAWQCAQIwMgYDVR0lBCswKQYHKwYBBQIDBQYKKwYBBAGCNxQCAgYIKwYBBQUH\n" + "AwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDBABgkrBgEEAYI3FQoEMzAxMAkG\n" + "BysGAQUCAwUwDAYKKwYBBAGCNxQCAjAKBggrBgEFBQcDATAKBggrBgEFBQcDAjAd\n" + "BgNVHQ4EFgQUjaBu4CsVk5gng+ACWTSqsj1gmVQwNAYDVR0RBC0wK4IXZXhhbXBs\n" + "ZWRjMDEuZXhhbXBsZS5jb22CEGxkYXAuZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAU\n" + "aRL34OyTRJUSVVfxMiMjBFHk/WowOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL3Br\n" + "aS5leGFtcGxlLmNvbS9jZHAvRXhhbXBsZUFEQ0EuY3JsMEYGCCsGAQUFBwEBBDow\n" + "ODA2BggrBgEFBQcwAoYqaHR0cDovL3BraS5leGFtcGxlLmNvbS9haWEvRXhhbXBs\n" + "ZUFEQ0EuY2VyMA0GCSqGSIb3DQEBCwUAA4IBAQCKr0WQYujcyUOUZp63i27dMihf\n" + "z+WKd2G+dyGzmNTabFlZSfquFo+MWmSM04UOEYS45tyFZhWEXXaz4OfilelKy5XI\n" + "tiZRGDvzNzxfb7GQSWDO1mxLHW2yEH+1Cyu/Km0PRhDl1Vy0DFyrdGh/w7qTM7eG\n" + "BjD0bBtk9/M58IYlnzx7CM53CRGhPHUygontN1vbWf42gDdu+5d+tnls86gTzuRs\n" + "su4BReayHU9aFqorWhvxCQhgnLx98Ei2BsJe5nbSzjVA5ZhPcL9WDC76aDPEDaZg\n" + "GnNu9kZJV/UrCaulu0COhJfNocd/LWXZbUStUCenRX01GHCP+4mNmPLJkVh2\n" + "-----END CERTIFICATE-----" +}; + +static const char _issuingca[] = { +/* The intermediate CA with name constraints */ + "-----BEGIN CERTIFICATE-----\n" + "MIIE0jCCA7qgAwIBAgITLgAAAAK9f34egj9VJAAAAAAAAjANBgkqhkiG9w0BAQsF\n" + "ADA2MRUwEwYDVQQKEwxFeGFtcGxlIEluYy4xHTAbBgNVBAMTFEV4YW1wbGUgQ29y\n" + "cCBSb290IENBMCAXDTIyMDQxMjE2Mzk0M1oYDzIwNjcwNDEyMTY0OTQzWjA0MRUw\n" + "EwYDVQQKEwxFeGFtcGxlIEluYy4xGzAZBgNVBAMTEkV4YW1wbGUgQ29ycCBBRCBD\n" + "QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALs2TqehwJfMyrU77MRv\n" + "4jgwgnsruZMexMGwT6A5oxdjKNhyXnsdiYiH3nFEgrHSCOAxgoCDJYlDLn0jZYdS\n" + "3j7hMrhzAwHzwUgTrruHaTZ2tShxbfvUAGuuOroSVB4+XzS22RKdgh7g1cv3scWI\n" + "62M2vfV8iBpehD5xhmqfu2Z9ChNTR32HLHdFdsMFuS+t0Zktszk1qE9AClFa7ttr\n" + "VKgOyEmjgXlhX/Qld4zgCvxvI/jMPbEKrU2ZFeRV160vGaraAVjF0Oxe9TFH9fLZ\n" + "E+ERghmfdzzbNOXikgExrsveALNRsbTyIhKmEDRGMN/y12htghHvBamwGDt/gj9q\n" + "3fECAwEAAaOCAdcwggHTMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRpEvfg\n" + "7JNElRJVV/EyIyMEUeT9ajAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNV\n" + "HQ8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBQlQb5lkuye\n" + "IfoJIi/ctatOBUANSDA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vcGtpLmV4YW1w\n" + "bGUuY29tL2NkcC9FeGFtcGxlUm9vdC5jcmwwggEEBgNVHR4BAf8EgfkwgfagajAN\n" + "ggtleGFtcGxlLmNvbTAOggwuZXhhbXBsZS5jb20wCYIHRVhBTVBMRTAeoBwGCisG\n" + "AQQBgjcUAgOgDgwMQGV4YW1wbGUuY29tMB6gHAYKKwYBBAGCNxQCA6AODAwuZXhh\n" + "bXBsZS5jb22hgYcwF4IVc3ViZG9tYWluLmV4YW1wbGUuY29tMBiCFi5zdWJkb21h\n" + "aW4uZXhhbXBsZS5jb20wKKAmBgorBgEEAYI3FAIDoBgMFkBzdWJkb21haW4uZXhh\n" + "bXBsZS5jb20wKKAmBgorBgEEAYI3FAIDoBgMFi5zdWJkb21haW4uZXhhbXBsZS5j\n" + "b20wDQYJKoZIhvcNAQELBQADggEBAG+gD/ZNEaoukBt/U+7tGOwx5bTAdNChYZEU\n" + "Wzt5XoJ0ZgClfgtKk/hmDxPsUEVOzaYEtUrj8V0qJun5YwEzZsZbHAkbkTOcQ2tC\n" + "5Jv7czs0IYrSCJIgz7PdNSxTaXyCpipzUvSdZxQj3Bjj+MiYiReEwxhAb6bI/D8h\n" + "HXk9T5iHiw9f7P6ZTBvx5keUjAePO8sc0CtefOIH+tyRY1oEHAzMSDzqhpeZDAtM\n" + "N93KZkhnx/kmQhqLXhrck9Ubozw++e2iP83bTojTFSodRiKWPtUKOHAlPvIWQURc\n" + "YP0dQUsv1tMnNjJgA7COp1+mmqfEUVQqmBwRbJ26ve2iwS/SAgI=\n" + "-----END CERTIFICATE-----" +}; + +const unsigned char example3[] = "@example.com"; +const unsigned char example4[] = ".example.com"; +const unsigned char subdomain2[] = "@subdomain.example.com"; +const unsigned char subdomain3[] = ".subdomain.example.com"; + +void verify_upn_constraints(gnutls_x509_name_constraints_t name_constraints) +{ + int ret = 0; + unsigned int type = 0; + gnutls_datum_t constraint = { NULL, 0 }; + ret = gnutls_x509_name_constraints_get_permitted(name_constraints, 3, + &type, &constraint); + if (ret < 0) { + fail("Error getting permitted constraint line %d: %s\n", + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + if (type != GNUTLS_SAN_OTHERNAME_MSUSERPRINCIPAL) { + fail("Error permitted constraint 3 is not UPN line: %d Found: %u\n", __LINE__, type); + exit(1); + } + + if ((constraint.size != sizeof(example3) - 1) || + memcmp(constraint.data, example3, sizeof(example3) - 1) != 0) { + fail("Error permitted constraint 3 was %s expected %s line: %d\n", constraint.data, example3, __LINE__); + exit(1); + } + + ret = gnutls_x509_name_constraints_get_permitted(name_constraints, 4, + &type, &constraint); + if (ret < 0) { + fail("Error getting permitted constraint line %d: %s\n", + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + if (type != GNUTLS_SAN_OTHERNAME_MSUSERPRINCIPAL) { + fail("Error permitted constraint 4 is not UPN line: %d Found: %u\n", __LINE__, type); + exit(1); + } + + if ((constraint.size != sizeof(example4) - 1) || + memcmp(constraint.data, example4, sizeof(example4) - 1) != 0) { + fail("Error permitted constraint 4 was %s expected %s line: %d\n", constraint.data, example4, __LINE__); + exit(1); + } + + ret = gnutls_x509_name_constraints_get_excluded(name_constraints, 2, + &type, &constraint); + if (ret < 0) { + fail("Error getting excluded constraint line %d: %s\n", + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + if (type != GNUTLS_SAN_OTHERNAME_MSUSERPRINCIPAL) { + fail("Error excluded constraint 2 is not UPN line: %d Found %u\n", __LINE__, type); + exit(1); + } + + if ((constraint.size != sizeof(subdomain2) - 1) || + memcmp(constraint.data, subdomain2, sizeof(subdomain2) - 1) != 0) { + fail("Error excluded constraint 2 was %s expected %s line: %d\n", constraint.data, subdomain2, __LINE__); + exit(1); + } + + ret = gnutls_x509_name_constraints_get_excluded(name_constraints, 3, + &type, &constraint); + if (ret < 0) { + fail("Error getting excluded constraint line %d: %s\n", + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + if (type != GNUTLS_SAN_OTHERNAME_MSUSERPRINCIPAL) { + fail("Error excluded constraint 3 is not UPN line: %d Found %u\n", __LINE__, type); + exit(1); + } + + if ((constraint.size != sizeof(subdomain3) - 1) || + memcmp(constraint.data, subdomain3, sizeof(subdomain3) - 1) != 0) { + fail("Error excluded constraint 3 was %s expected %s line: %d\n", constraint.data, subdomain3, __LINE__); + exit(1); + } +} + +void verify_non_upn_leaf(gnutls_x509_name_constraints_t name_constraints) +{ + // This test specifically checks for resolution of issue 1132 + int ret = 0; + gnutls_x509_crt_t domaincontroller; + gnutls_datum_t domaincontroller_datum = { (void *)_domaincontroller, + sizeof(_domaincontroller) - 1 + }; + + gnutls_x509_crt_init(&domaincontroller); + + ret = gnutls_x509_crt_import(domaincontroller, &domaincontroller_datum, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("Error importing domain controller cert line %d: %s\n", + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_name_constraints_check_crt(name_constraints, + GNUTLS_SAN_DNSNAME, + domaincontroller); + if (ret < 0) { + fail("Error failed to verify leaf cert against constraints line: %d\n", __LINE__); + exit(1); + } + + gnutls_x509_crt_deinit(domaincontroller); +} + +void doit(void) +{ + int ret; + unsigned int critical = 0; + gnutls_x509_crt_t issuingca; + gnutls_datum_t issuingca_datum = + { (void *)_issuingca, sizeof(_issuingca) - 1 }; + + gnutls_x509_crt_init(&issuingca); + + ret = gnutls_x509_crt_import(issuingca, &issuingca_datum, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("Error importing issuing CA line %d: %s\n", __LINE__, + gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_name_constraints_t name_constraints = NULL; + + ret = gnutls_x509_name_constraints_init(&name_constraints); + if (ret < 0) { + fail("Error initializing constraints structure line %d: %s\n", + __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_crt_get_name_constraints(issuingca, name_constraints, 0, + &critical); + if (ret < 0) { + // Failure here is potentially a regression to issue 1132 behavior + fail("Error loading constraints line: %d\n", __LINE__); + exit(1); + } + + verify_upn_constraints(name_constraints); + + verify_non_upn_leaf(name_constraints); + + gnutls_x509_name_constraints_deinit(name_constraints); + gnutls_x509_crt_deinit(issuingca); + + success("UPN constraints tests completed succesfully\n"); +} + +/* The following cert is the root CA that signed the intermediate CA used in + * the tests up above. While it wasn't needed in these tests, it is included + * here in case it becomes useful in the future: + * +-----BEGIN CERTIFICATE----- +MIIDSTCCAjGgAwIBAgIQKpl3VjKWEKlMf9Nx+omsZDANBgkqhkiG9w0BAQsFADA2 +MRUwEwYDVQQKEwxFeGFtcGxlIEluYy4xHTAbBgNVBAMTFEV4YW1wbGUgQ29ycCBS +b290IENBMCAXDTIyMDQxMjE1NTkyMloYDzIwNzIwNDEyMTYwOTIyWjA2MRUwEwYD +VQQKEwxFeGFtcGxlIEluYy4xHTAbBgNVBAMTFEV4YW1wbGUgQ29ycCBSb290IENB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Stt+MibOCQO69wtINEM +9cdxjQyk2WMKzZflAOmi5lFNUmNsxGBQGcVk8dlyUwiWGUlGshUvBBcEGgnxKnO+ +S465gyS6fcFfrpX7B/CQWv2/m0n7rdJ65TnB2vRct2Ni/6AjgZLSJXxwjXiuH72Z +k37vpxY4B6mOCe2XjUu2J8DhG9K4FatzeqsUgpvbiXdO/hD1oWQbFRVOeHAdipBC ++KH6qOL4g7V3V1gW99DuR/ZyJqU9uRrBe8CyP1PxcSUySfFx9hhTB5hSufiCDuR3 +KRKTyaXZ/1l0e2MY3wKig/PujBhYdLTLoErnYN6ccP98jBZIHMacE43e4WUCI2Ld +WQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUJUG+ZZLsniH6CSIv3LWrTgVADUgwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI +hvcNAQELBQADggEBAGg86wjyMMGKZ0VSLko7AdNTqmD5jkamol7zPFbjuX8Cc3IQ +KyQkhkrA3v6bDbau8axLeqs40TLO12f3LNRGMcVNN1I8SbCEN3IvX6W0wLkiVxvV ++lVKCuCb2JedmXjOHHkkm4xhlsCZipA3Pz3cOXeIt2DLnoY7G6i7N5cZoAXgxQ3V +jjnsUINFWuwBDbjmLA+H9eGIyAQSXkWPBLI6K7jOV8V3FLv1ACkW3K9agJCcx2uO +kdBFhRm4kl2U5HB/qOZ685ouNQj6kz9xgykOxiabgellz846uUIfMBxsQaoU1dAX +vO7vJHxoQOJiTc9u+eOSFe+eFIeLlCHLz6k59tE= +-----END CERTIFICATE----- +*/ diff --git a/tests/x509-verify-with-crl.c b/tests/x509-verify-with-crl.c new file mode 100644 index 0000000..e8d6916 --- /dev/null +++ b/tests/x509-verify-with-crl.c @@ -0,0 +1,233 @@ +/* + * Copyright (C) 2008-2014 Free Software Foundation, Inc. + * + * Author: Simon Josefsson, Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include +#include + +#include "utils.h" + +/* Test for revocation in verification. + * In that test server2 is included in the CRL. + */ + + +static const char _ca[] = { +/* CRL */ + "-----BEGIN CERTIFICATE-----\n" + "MIIBfTCCASSgAwIBAgIBATAKBggqhkjOPQQDAjAkMQ8wDQYDVQQDEwZWUE4gQ0Ex\n" + "ETAPBgNVBAoTCEJpZyBDb3JwMCIYDzIwMTQxMTMwMjA1NDQ1WhgPOTk5OTEyMzEy\n" + "MzU5NTlaMCQxDzANBgNVBAMTBlZQTiBDQTERMA8GA1UEChMIQmlnIENvcnAwWTAT\n" + "BgcqhkjOPQIBBggqhkjOPQMBBwNCAASvDJl26Hzb47Xi+Wx6uJY0NUD+Bij+PJ9l\n" + "mmS2wbLaLNyga5aRvf+s7HKq9o+7+CE6E0t8fuCe0j8nLN64iAZlo0MwQTAPBgNV\n" + "HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFFJATAcyatKW\n" + "ionSww8obkh7JKCYMAoGCCqGSM49BAMCA0cAMEQCIDPmWRvQAUbnSrnh79DM46/l\n" + "My88UjFi2+ZhmIwufLP7AiBB9eeXKUmtWXuXAar0vHNH6edgEcggHgfOOHekukOr\n" + "hw==\n" + "-----END CERTIFICATE-----\n" +}; + +gnutls_datum_t ca = {(void*)_ca, sizeof(_ca)-1}; + +static const char _server1[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIBvzCCAWWgAwIBAgIMVHuEbjXPSvP+nSDXMAoGCCqGSM49BAMCMCQxDzANBgNV\n" + "BAMTBlZQTiBDQTERMA8GA1UEChMIQmlnIENvcnAwIhgPMjAxNDExMzAyMDU2MTRa\n" + "GA85OTk5MTIzMTIzNTk1OVowJzERMA8GA1UEAwwIc2VydmVyMQ0xEjAQBgNVBAoT\n" + "CU15Q29tcGFueTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLViTN5K7scNWH0u\n" + "wLvlDj6nJdZ76sP+oZoev+gYMyV42JqG/60S2VizrAIcmQA9QFfGlZz2GpE641Gd\n" + "HiH09dajdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYD\n" + "VR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUNWE8WZGVgvhyw/56sMSCuyXhBjMwHwYD\n" + "VR0jBBgwFoAUUkBMBzJq0paKidLDDyhuSHskoJgwCgYIKoZIzj0EAwIDSAAwRQIh\n" + "AKk+TA7XgvPwo6oDcAWUYgQbnKWEh5xO55nvNf6TVgMrAiAEI+w6IVJbXgtmskIJ\n" + "gedi4kA4sDjRKtTzfxlIdaZhuA==\n" + "-----END CERTIFICATE-----\n" +}; + +gnutls_datum_t server1 = {(void*)_server1, sizeof(_server1)-1}; + +static const char _server2[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIBvzCCAWWgAwIBAgIMVHuEfQn9F35YK44BMAoGCCqGSM49BAMCMCQxDzANBgNV\n" + "BAMTBlZQTiBDQTERMA8GA1UEChMIQmlnIENvcnAwIhgPMjAxNDExMzAyMDU2Mjla\n" + "GA85OTk5MTIzMTIzNTk1OVowJzERMA8GA1UEAwwIc2VydmVyMg0xEjAQBgNVBAoT\n" + "CU15Q29tcGFueTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBfy/l8rtthQYHRA\n" + "sWoY3E7HHM2eP0RyNrusfh6Okl4TN8D1jlmx3yc+9h4RqIvC6dHhSS/mio8fjZpU\n" + "aXzv7dujdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYD\n" + "VR0PAQH/BAUDAweAADAdBgNVHQ4EFgQUee5izg6T1FxiNtJbWBz90d20GVYwHwYD\n" + "VR0jBBgwFoAUUkBMBzJq0paKidLDDyhuSHskoJgwCgYIKoZIzj0EAwIDSAAwRQIh\n" + "AKMgl86d4ENyrpqkXR7pN8FN/Pd1Hji6Usnm536zuFjIAiA9RRxtPQXjrk3Sx8QR\n" + "c0NrnBYRCM24FXMHSWOL1YUb7w==\n" + "-----END CERTIFICATE-----\n" +}; + +gnutls_datum_t server2 = {(void*)_server2, sizeof(_server2)-1}; + +static const char _server3[] = { + "-----BEGIN CERTIFICATE-----\n" + "MIIBvjCCAWWgAwIBAgIMVHuEhyM4BCuvifY3MAoGCCqGSM49BAMCMCQxDzANBgNV\n" + "BAMTBlZQTiBDQTERMA8GA1UEChMIQmlnIENvcnAwIhgPMjAxNDExMzAyMDU2Mzla\n" + "GA85OTk5MTIzMTIzNTk1OVowJzERMA8GA1UEAwwIc2VydmVyMw0xEjAQBgNVBAoT\n" + "CU15Q29tcGFueTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLKjVDVHPM7sK8Gr\n" + "+eUTmT1sQSVhUr4znBEkiccPlGTN30m5KoaM1cflRxb+p/pYk6xFfAZW/33XmWON\n" + "IjwygACjdjB0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYD\n" + "VR0PAQH/BAUDAweAADAdBgNVHQ4EFgQU3TmVO7uyA1t4+tbbmTbKoXiHP1QwHwYD\n" + "VR0jBBgwFoAUUkBMBzJq0paKidLDDyhuSHskoJgwCgYIKoZIzj0EAwIDRwAwRAIg\n" + "RI1GVQ/ol9Es0niE3Ex/X+2a5tEVBOECLO3+Vr6rPs0CIHSxEksboGo8qJzESmjY\n" + "If7aJsOFgpBmGKWGf+dVDjjg\n" + "-----END CERTIFICATE-----\n" +}; + +gnutls_datum_t server3 = {(void*)_server3, sizeof(_server3)-1}; + +static const char _crl[] = { + "-----BEGIN X509 CRL-----\n" + "MIIBJTCBzAIBATAKBggqhkjOPQQDAjAkMQ8wDQYDVQQDEwZWUE4gQ0ExETAPBgNV\n" + "BAoTCEJpZyBDb3JwGA8yMDE0MTEzMDIxMTkwNFoYDzk5OTkxMjMxMjM1OTU5WjBC\n" + "MB8CDFR7hnMaGdABn3iWABgPMjAxNDExMzAyMTE5MDRaMB8CDFR7hH0J/Rd+WCuO\n" + "ARgPMjAxNDExMzAyMTE5MDRaoC8wLTAfBgNVHSMEGDAWgBRSQEwHMmrSloqJ0sMP\n" + "KG5IeySgmDAKBgNVHRQEAwIBATAKBggqhkjOPQQDAgNIADBFAiEAt3Ks2JNhxuuT\n" + "nzok7rYbi+p6dWiPj7mWNawba2+xjYwCIGpTiTU1ssn5Fa70j7S+PjmnN4fuyjXh\n" + "AuXYcsNpjsPz\n" + "-----END X509 CRL-----\n" +}; + +gnutls_datum_t crl = {(void*)_crl, sizeof(_crl)-1}; + +/* GnuTLS internally calls time() to find out the current time when + verifying certificates. To avoid a time bomb, we hard code the + current time. This should work fine on systems where the library + call to time is resolved at run-time. */ +static time_t mytime(time_t * t) +{ + time_t then = 1417381345; + + if (t) + *t = then; + + return then; +} + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "|<%d>| %s", level, str); +} + +void doit(void) +{ + int ret; + gnutls_x509_trust_list_t tl; + gnutls_x509_crt_t s1, s2, s3; + unsigned status; + + /* The overloading of time() seems to work in linux (ELF?) + * systems only. Disable it on windows. + */ +#ifdef _WIN32 + exit(77); +#endif + + ret = global_init(); + if (ret != 0) { + fail("%d: %s\n", ret, gnutls_strerror(ret)); + exit(1); + } + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + gnutls_x509_crt_init(&s1); + gnutls_x509_crt_init(&s2); + gnutls_x509_crt_init(&s3); + gnutls_x509_trust_list_init(&tl, 0); + + ret = gnutls_x509_crt_import(s1, &server1, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_import(s2, &server2, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_crt_import(s3, &server3, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + fail("error in %d: %s\n", __LINE__, gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_trust_list_add_trust_mem(tl, &ca, NULL, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret != 1) { + fail("error in %d: (%d) %s\n", __LINE__, ret, gnutls_strerror(ret)); + exit(1); + } + + ret = + gnutls_x509_trust_list_add_trust_mem(tl, NULL, &crl, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret < 0) { + fail("error in %d: (%d) %s\n", __LINE__, ret, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_trust_list_verify_crt2(tl, &s1, 1, NULL, 0, 0, &status, NULL); + if (ret < 0 || status != 0) { + fail("error in %d: (status: 0x%x) %s\n", __LINE__, status, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_trust_list_verify_crt2(tl, &s2, 1, NULL, 0, 0, &status, NULL); + if (ret < 0 || status != (GNUTLS_CERT_INVALID|GNUTLS_CERT_REVOKED)) { + fail("error in %d: (status: 0x%x) %s\n", __LINE__, status, gnutls_strerror(ret)); + exit(1); + } + + ret = gnutls_x509_trust_list_verify_crt2(tl, &s3, 1, NULL, 0, 0, &status, NULL); + if (ret < 0 || status != 0) { + fail("error in %d: (status: 0x%x) %s\n", __LINE__, status, gnutls_strerror(ret)); + exit(1); + } + + gnutls_x509_trust_list_deinit(tl, 1); + gnutls_x509_crt_deinit(s1); + gnutls_x509_crt_deinit(s2); + gnutls_x509_crt_deinit(s3); + + if (debug) + printf("done\n\n\n"); + + gnutls_global_deinit(); + + exit(0); +} diff --git a/tests/x509_altname.c b/tests/x509_altname.c new file mode 100644 index 0000000..bec6484 --- /dev/null +++ b/tests/x509_altname.c @@ -0,0 +1,123 @@ +/* + * Copyright (C) 2006-2012 Free Software Foundation, Inc. + * Author: Simon Josefsson, Howard Chu + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include +#include +#include "utils.h" + +static char pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIE6zCCA9OgAwIBAgIBdjANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJTRTEf\n" + "MB0GA1UEChMWU3RvY2tob2xtcyB1bml2ZXJzaXRldDEgMB4GA1UEAxMXU3RvY2to\n" + "b2xtIFVuaXZlcnNpdHkgQ0EwHhcNMDYwMzIyMDkxNTI4WhcNMDcwMzIyMDkxNTI4\n" + "WjBDMQswCQYDVQQGEwJTRTEfMB0GA1UEChMWU3RvY2tob2xtcyB1bml2ZXJzaXRl\n" + "dDETMBEGA1UEAxMKc2lwMS5zdS5zZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC\n" + "gYEArUzXTD36ZK7CwZJH/faUNTcdaqM7JyiZsfrO703d7cT/bJ3wKxT8trOOh/Ou\n" + "WwgGFX2+r7ykun3aIUXUuD13Yle/yHqH/4g9vWX7UeFCBlSI0tAxnlqt0QqlPgSd\n" + "GLHcoO4PPyjon9jj0A/zpJGZHiRUCooo63YqE9MYfr5HBfkCAwEAAaOCAl8wggJb\n" + "MAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYD\n" + "VR0OBBYEFDpcXNHMLJ7fc/c72BtZseq4MDXFMH8GA1UdIwR4MHaAFJ4uMLo32VFE\n" + "yZ2/GCHxvX7utYZIoVukWTBXMQswCQYDVQQGEwJTRTEYMBYGA1UEChMPVW1lYSBV\n" + "bml2ZXJzaXR5MRMwEQYDVQQLEwpTd1VQS0ktUENBMRkwFwYDVQQDExBTd1VQS0kg\n" + "UG9saWN5IENBggEQMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jYS5zdS5zZS8y\n" + "MDA1LTEvY3JsLXYyLmNybDB5BgNVHSAEcjBwMG4GCCqFcCsCAQEBMGIwHwYIKwYB\n" + "BQUHAgEWE2h0dHA6Ly9jYS5zdS5zZS9DUFMwPwYIKwYBBQUHAgIwMxoxTGltaXRl\n" + "ZCBMaWFiaWxpdHksIHNlZSBodHRwOi8vd3d3LnN3dXBraS5zdS5zZS9DUDAkBgNV\n" + "HRIEHTAbgQhjYUBzdS5zZYYPaHR0cDovL2NhLnN1LnNlMIG3BgNVHREEga8wgayC\n" + "F2luY29taW5ncHJveHkuc2lwLnN1LnNlghhpbmNvbWluZ3Byb3h5MS5zaXAuc3Uu\n" + "c2WCF291dGdvaW5ncHJveHkuc2lwLnN1LnNlghhvdXRnb2luZ3Byb3h5MS5zaXAu\n" + "c3Uuc2WCDW91dC5zaXAuc3Uuc2WCE2FwcHNlcnZlci5zaXAuc3Uuc2WCFGFwcHNl\n" + "cnZlcjEuc2lwLnN1LnNlggpzaXAxLnN1LnNlMA0GCSqGSIb3DQEBBQUAA4IBAQAR\n" + "FYg7ytcph0E7WmvM44AN/8qru7tRX6aSFWrjLyVr/1Wk4prCK4y5JpfNw5dh9Z8f\n" + "/gyFsr1iFsb6fS3nJTTd3fVlWRfcNCGIx5g8KuSb3u6f7VznkGOeiRMRESQc1G8B\n" + "eh0zbdZS7BYO2g9EKlbGST5PwQnc4g9K7pqPyKSNVkzb60Nujg/+qYje7MCcN+ZR\n" + "nUBo6U2NZ06/QEUFm+uUIhZ8IGM1gLehC7Q3G4+d4c38CDJxQnSPOgWiXuSvhhQm\n" + "KDsbrKzRaeBRh5eEJbTkA8Dp0Emb0UrkRVhixeg97stxUcATAjdGljJ9MLnuHXnI\n" + "7ihGdUfg5q/105vpsQpO\n" "-----END CERTIFICATE-----\n"; + +#define MAX_DATA_SIZE 1024 + +void doit(void) +{ + int ret; + gnutls_datum_t derCert = { (void *) pem, sizeof(pem) }; + gnutls_x509_crt_t cert; + size_t data_len = MAX_DATA_SIZE; + char data[MAX_DATA_SIZE]; + unsigned int critical = 0; + int alt_name_count = 0; + + ret = global_init(); + if (ret < 0) + fail("init %d\n", ret); + + ret = gnutls_x509_crt_init(&cert); + if (ret < 0) + fail("crt_init %d\n", ret); + + ret = gnutls_x509_crt_import(cert, &derCert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("crt_import %d\n", ret); + + for (alt_name_count = 0;; ++alt_name_count) { + ret = + gnutls_x509_crt_get_issuer_alt_name(cert, + alt_name_count, + data, &data_len, + &critical); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + + if (ret < 0) + fail("get_issuer_alt_name: %d\n", ret); + + // TODO: print out / check results + if (GNUTLS_SAN_URI == ret) { + if (strcmp(data, "http://ca.su.se") != 0) { + fail("unexpected issuer GNUTLS_SAN_URI: %s\n", data); + } + } else if (GNUTLS_SAN_RFC822NAME == ret) { + if (strcmp(data, "ca@su.se") != 0) { + fail("unexpected issuer GNUTLS_SAN_RFC822NAME: %s\n", data); + } + } else { + fail("unexpected alt name type: %d\n", ret); + } + data_len = MAX_DATA_SIZE; + } + + if (alt_name_count != 2) { + fail("unexpected number of alt names: %i\n", + alt_name_count); + } + + if (debug) + success("done\n"); + + gnutls_x509_crt_deinit(cert); + gnutls_global_deinit(); +} diff --git a/tests/x509cert-ct.c b/tests/x509cert-ct.c new file mode 100644 index 0000000..7d467b0 --- /dev/null +++ b/tests/x509cert-ct.c @@ -0,0 +1,311 @@ +/* + * Copyright (C) 2020 Free Software Foundation, Inc. + * + * Author: Ander Juaristi + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from other tests */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static char pem[] = +"-----BEGIN CERTIFICATE-----\n" +"MIIG+jCCBeKgAwIBAgIQPurql+NcbKQ/8rR9djN5DDANBgkqhkiG9w0BAQsFADCB\n" +"hDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w\n" +"HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTUwMwYDVQQDEyxTeW1hbnRl\n" +"YyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgU0hBMjU2IFNTTCBDQTAeFw0xNzAzMjAw\n" +"MDAwMDBaFw0yMDAzMjQyMzU5NTlaMHMxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhO\n" +"ZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxJzAlBgNVBAoMHkFtZXJpY2FuIENp\n" +"dmlsIExpYmVydGllcyBVbmlvbjEVMBMGA1UEAwwMd3d3LmFjbHUub3JnMIIBIjAN\n" +"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAui9XzdLmI2JH+05y4WAV7jHn2Vyk\n" +"k+92pm/mdQcfJDyNR6gotaLBvBy9n9SeDj03eGlYUKZ1lgBeHhM17FMWuWoazETl\n" +"EU2Iq1ugHn3V+Rr2IkQ8f00RcNXRlYCQOiL0WYrrXPHZUNh1aQ4kwFaFGT0iNsKS\n" +"kGwf56b1goJujqwtLIBzRdHOLzWGCq1Kn/VeDTi2QQyTVQLWsDZzZApUXMyoc1xv\n" +"go7r1lvHWbJ04up0YwXssC67lw4SKK+/2lZF0Fu0baooHQOlQ5jk0DQhQ6Hsgp/t\n" +"UYhrv56cVf9MWrBEbVBg79yiyWb+rrXhk9KeMbFFsxNEWiA5TREejEhVXwIDAQAB\n" +"o4IDdjCCA3IwMgYDVR0RBCswKYIPYWN0aW9uLmFjbHUub3Jnggx3d3cuYWNsdS5v\n" +"cmeCCGFjbHUub3JnMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMGEGA1UdIARa\n" +"MFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20v\n" +"Y3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMCsGA1Ud\n" +"HwQkMCIwIKAeoByGGmh0dHA6Ly9zZy5zeW1jYi5jb20vc2cuY3JsMB0GA1UdJQQW\n" +"MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTbYiD7fQKJfNI7b8fk\n" +"MmwFUh2tsTBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zZy5z\n" +"eW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zZy5zeW1jYi5jb20vc2cuY3J0\n" +"MIIB9gYKKwYBBAHWeQIEAgSCAeYEggHiAeAAdQDd6x0reg1PpiCLga2BaHB+Lo6d\n" +"AdVciI09EcTNtuy+zAAAAVrspLZKAAAEAwBGMEQCIEuVHq0xyXfN8XP0Ly8eTEJB\n" +"3XMAKhaercn0EqjtgNUPAiBN+/pUJ9EwF4yh2hRU1U3KkdzTI+KDerLZCl004ADF\n" +"cgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWuyktugAAAQD\n" +"AEgwRgIhAPoMU/iz0Ne4vgM4cQol7zLVS8xEc18natc9EgLpOqvvAiEAtyt6nMg7\n" +"18/axecg1fk2dcDKCP8EpEJWnabnDRwMb00AdgDuS723dc5guuFCaR+r4Z5mow9+\n" +"X7By2IMAxHuJeqj9ywAAAVrspLadAAAEAwBHMEUCIH8pZN5die2lOt6i2NS57xxd\n" +"uo12mGZ4Xt6cPARVZCipAiEAxOGXK63gCml0jZnlBAN/41YMCNF0cCl9rMIRmEOe\n" +"ffYAdgC8eOHfxfY8aEZJM02hD6FfCXlpIAnAgbTz9pF/Ptm4pQAAAVrspLdAAAAE\n" +"AwBHMEUCIDtHn+q93n/mGGzdFZb9PImevE3t8yi4FpEKQh3fN+HdAiEA618tN/lR\n" +"9m8dh0BVfHAJ9o3CAT53sWjO37sFhHPNOT4wDQYJKoZIhvcNAQELBQADggEBALEV\n" +"pKCM+njCWn74ThjbBEH23rWDYNU3Dl4O5J1U0wJdp4uTvZQbTHlvuAYnQr2WUBX5\n" +"OOvZdVLKDZJqZ/KJ2TLjBUQGWHylu6kE2PWuOTrJ6eC2UnR8zj0RavELHXuGUmQt\n" +"p5UESDjGI6IUDfI6IdxIKydnIStQLuKlaGsz3bsD1yc8XfCNjkmxf3DfC2qnnO6q\n" +"0i2o1SkjCesCqrgPQuVM95vF5I+dRcrk1nHOLCgDLYeoOSFpkPzk5EF7gDrfuLHn\n" +"a7MqZSlOcbf6XcGmsOPH0SCYLyNiJwuBX2W3fw2rP9adpWniGK5kyIEU6Nrkgc31\n" +"ESMyYNL3A9igh1jySzg=\n" +"-----END CERTIFICATE-----\n"; + +static unsigned char ct_extension_der[486] = { + 0x04, 0x82, 0x01, 0xe2, 0x01, 0xe0, 0x00, 0x75, 0x00, 0xdd, 0xeb, 0x1d, + 0x2b, 0x7a, 0x0d, 0x4f, 0xa6, 0x20, 0x8b, 0x81, 0xad, 0x81, 0x68, 0x70, + 0x7e, 0x2e, 0x8e, 0x9d, 0x01, 0xd5, 0x5c, 0x88, 0x8d, 0x3d, 0x11, 0xc4, + 0xcd, 0xb6, 0xec, 0xbe, 0xcc, 0x00, 0x00, 0x01, 0x5a, 0xec, 0xa4, 0xb6, + 0x4a, 0x00, 0x00, 0x04, 0x03, 0x00, 0x46, 0x30, 0x44, 0x02, 0x20, 0x4b, + 0x95, 0x1e, 0xad, 0x31, 0xc9, 0x77, 0xcd, 0xf1, 0x73, 0xf4, 0x2f, 0x2f, + 0x1e, 0x4c, 0x42, 0x41, 0xdd, 0x73, 0x00, 0x2a, 0x16, 0x9e, 0xad, 0xc9, + 0xf4, 0x12, 0xa8, 0xed, 0x80, 0xd5, 0x0f, 0x02, 0x20, 0x4d, 0xfb, 0xfa, + 0x54, 0x27, 0xd1, 0x30, 0x17, 0x8c, 0xa1, 0xda, 0x14, 0x54, 0xd5, 0x4d, + 0xca, 0x91, 0xdc, 0xd3, 0x23, 0xe2, 0x83, 0x7a, 0xb2, 0xd9, 0x0a, 0x5d, + 0x34, 0xe0, 0x00, 0xc5, 0x72, 0x00, 0x77, 0x00, 0xa4, 0xb9, 0x09, 0x90, + 0xb4, 0x18, 0x58, 0x14, 0x87, 0xbb, 0x13, 0xa2, 0xcc, 0x67, 0x70, 0x0a, + 0x3c, 0x35, 0x98, 0x04, 0xf9, 0x1b, 0xdf, 0xb8, 0xe3, 0x77, 0xcd, 0x0e, + 0xc8, 0x0d, 0xdc, 0x10, 0x00, 0x00, 0x01, 0x5a, 0xec, 0xa4, 0xb6, 0xe8, + 0x00, 0x00, 0x04, 0x03, 0x00, 0x48, 0x30, 0x46, 0x02, 0x21, 0x00, 0xfa, + 0x0c, 0x53, 0xf8, 0xb3, 0xd0, 0xd7, 0xb8, 0xbe, 0x03, 0x38, 0x71, 0x0a, + 0x25, 0xef, 0x32, 0xd5, 0x4b, 0xcc, 0x44, 0x73, 0x5f, 0x27, 0x6a, 0xd7, + 0x3d, 0x12, 0x02, 0xe9, 0x3a, 0xab, 0xef, 0x02, 0x21, 0x00, 0xb7, 0x2b, + 0x7a, 0x9c, 0xc8, 0x3b, 0xd7, 0xcf, 0xda, 0xc5, 0xe7, 0x20, 0xd5, 0xf9, + 0x36, 0x75, 0xc0, 0xca, 0x08, 0xff, 0x04, 0xa4, 0x42, 0x56, 0x9d, 0xa6, + 0xe7, 0x0d, 0x1c, 0x0c, 0x6f, 0x4d, 0x00, 0x76, 0x00, 0xee, 0x4b, 0xbd, + 0xb7, 0x75, 0xce, 0x60, 0xba, 0xe1, 0x42, 0x69, 0x1f, 0xab, 0xe1, 0x9e, + 0x66, 0xa3, 0x0f, 0x7e, 0x5f, 0xb0, 0x72, 0xd8, 0x83, 0x00, 0xc4, 0x7b, + 0x89, 0x7a, 0xa8, 0xfd, 0xcb, 0x00, 0x00, 0x01, 0x5a, 0xec, 0xa4, 0xb6, + 0x9d, 0x00, 0x00, 0x04, 0x03, 0x00, 0x47, 0x30, 0x45, 0x02, 0x20, 0x7f, + 0x29, 0x64, 0xde, 0x5d, 0x89, 0xed, 0xa5, 0x3a, 0xde, 0xa2, 0xd8, 0xd4, + 0xb9, 0xef, 0x1c, 0x5d, 0xba, 0x8d, 0x76, 0x98, 0x66, 0x78, 0x5e, 0xde, + 0x9c, 0x3c, 0x04, 0x55, 0x64, 0x28, 0xa9, 0x02, 0x21, 0x00, 0xc4, 0xe1, + 0x97, 0x2b, 0xad, 0xe0, 0x0a, 0x69, 0x74, 0x8d, 0x99, 0xe5, 0x04, 0x03, + 0x7f, 0xe3, 0x56, 0x0c, 0x08, 0xd1, 0x74, 0x70, 0x29, 0x7d, 0xac, 0xc2, + 0x11, 0x98, 0x43, 0x9e, 0x7d, 0xf6, 0x00, 0x76, 0x00, 0xbc, 0x78, 0xe1, + 0xdf, 0xc5, 0xf6, 0x3c, 0x68, 0x46, 0x49, 0x33, 0x4d, 0xa1, 0x0f, 0xa1, + 0x5f, 0x09, 0x79, 0x69, 0x20, 0x09, 0xc0, 0x81, 0xb4, 0xf3, 0xf6, 0x91, + 0x7f, 0x3e, 0xd9, 0xb8, 0xa5, 0x00, 0x00, 0x01, 0x5a, 0xec, 0xa4, 0xb7, + 0x40, 0x00, 0x00, 0x04, 0x03, 0x00, 0x47, 0x30, 0x45, 0x02, 0x20, 0x3b, + 0x47, 0x9f, 0xea, 0xbd, 0xde, 0x7f, 0xe6, 0x18, 0x6c, 0xdd, 0x15, 0x96, + 0xfd, 0x3c, 0x89, 0x9e, 0xbc, 0x4d, 0xed, 0xf3, 0x28, 0xb8, 0x16, 0x91, + 0x0a, 0x42, 0x1d, 0xdf, 0x37, 0xe1, 0xdd, 0x02, 0x21, 0x00, 0xeb, 0x5f, + 0x2d, 0x37, 0xf9, 0x51, 0xf6, 0x6f, 0x1d, 0x87, 0x40, 0x55, 0x7c, 0x70, + 0x09, 0xf6, 0x8d, 0xc2, 0x01, 0x3e, 0x77, 0xb1, 0x68, 0xce, 0xdf, 0xbb, + 0x05, 0x84, 0x73, 0xcd, 0x39, 0x3e +}; + +static void check_scts(const gnutls_datum_t *ext) +{ + int ret; + unsigned int i, version; + time_t timestamp; + gnutls_datum_t logid, sig, xder, ext_out; + gnutls_sign_algorithm_t sigalg; + gnutls_x509_ct_scts_t scts; +#define EXPECTED_LOGID_SIZE 32 +#define NUM_EXPECTED_SCTS 4 + struct sct_data { + unsigned char logid[EXPECTED_LOGID_SIZE]; + /* time_t timestamp; */ + gnutls_sign_algorithm_t sigalg; + gnutls_datum_t sig; + } expected_data[NUM_EXPECTED_SCTS] = { + { + .logid = + "\xdd\xeb\x1d\x2b\x7a\x0d\x4f\xa6\x20\x8b\x81\xad\x81\x68\x70\x7e" + "\x2e\x8e\x9d\x01\xd5\x5c\x88\x8d\x3d\x11\xc4\xcd\xb6\xec\xbe\xcc", + .sigalg = GNUTLS_SIGN_ECDSA_SHA256, + .sig = { + .size = 70, + .data = (unsigned char *) + "\x30\x44\x02\x20\x4b\x95\x1e\xad\x31\xc9\x77\xcd\xf1\x73\xf4\x2f" + "\x2f\x1e\x4c\x42\x41\xdd\x73\x00\x2a\x16\x9e\xad\xc9\xf4\x12\xa8" + "\xed\x80\xd5\x0f\x02\x20\x4d\xfb\xfa\x54\x27\xd1\x30\x17\x8c\xa1" + "\xda\x14\x54\xd5\x4d\xca\x91\xdc\xd3\x23\xe2\x83\x7a\xb2\xd9\x0a" + "\x5d\x34\xe0\x00\xc5\x72" + } + }, + { + .logid = + "\xa4\xb9\x09\x90\xb4\x18\x58\x14\x87\xbb\x13\xa2\xcc\x67\x70\x0a" + "\x3c\x35\x98\x04\xf9\x1b\xdf\xb8\xe3\x77\xcd\x0e\xc8\x0d\xdc\x10", + .sigalg = GNUTLS_SIGN_ECDSA_SHA256, + .sig = { + .size = 72, + .data = (unsigned char *) + "\x30\x46\x02\x21\x00\xfa\x0c\x53\xf8\xb3\xd0\xd7\xb8\xbe\x03\x38" + "\x71\x0a\x25\xef\x32\xd5\x4b\xcc\x44\x73\x5f\x27\x6a\xd7\x3d\x12" + "\x02\xe9\x3a\xab\xef\x02\x21\x00\xb7\x2b\x7a\x9c\xc8\x3b\xd7\xcf" + "\xda\xc5\xe7\x20\xd5\xf9\x36\x75\xc0\xca\x08\xff\x04\xa4\x42\x56" + "\x9d\xa6\xe7\x0d\x1c\x0c\x6f\x4d" + } + }, + { + .logid = + "\xee\x4b\xbd\xb7\x75\xce\x60\xba\xe1\x42\x69\x1f\xab\xe1\x9e\x66" + "\xa3\x0f\x7e\x5f\xb0\x72\xd8\x83\x00\xc4\x7b\x89\x7a\xa8\xfd\xcb", + .sigalg = GNUTLS_SIGN_ECDSA_SHA256, + .sig = { + .size = 71, + .data = (unsigned char *) + "\x30\x45\x02\x20\x7f\x29\x64\xde\x5d\x89\xed\xa5\x3a\xde\xa2\xd8" + "\xd4\xb9\xef\x1c\x5d\xba\x8d\x76\x98\x66\x78\x5e\xde\x9c\x3c\x04" + "\x55\x64\x28\xa9\x02\x21\x00\xc4\xe1\x97\x2b\xad\xe0\x0a\x69\x74" + "\x8d\x99\xe5\x04\x03\x7f\xe3\x56\x0c\x08\xd1\x74\x70\x29\x7d\xac" + "\xc2\x11\x98\x43\x9e\x7d\xf6" + } + }, + { + .logid = + "\xbc\x78\xe1\xdf\xc5\xf6\x3c\x68\x46\x49\x33\x4d\xa1\x0f\xa1\x5f" + "\x09\x79\x69\x20\x09\xc0\x81\xb4\xf3\xf6\x91\x7f\x3e\xd9\xb8\xa5", + .sigalg = GNUTLS_SIGN_ECDSA_SHA256, + .sig = { + .size = 71, + .data = (unsigned char *) + "\x30\x45\x02\x20\x3b\x47\x9f\xea\xbd\xde\x7f\xe6\x18\x6c\xdd\x15" + "\x96\xfd\x3c\x89\x9e\xbc\x4d\xed\xf3\x28\xb8\x16\x91\x0a\x42\x1d" + "\xdf\x37\xe1\xdd\x02\x21\x00\xeb\x5f\x2d\x37\xf9\x51\xf6\x6f\x1d" + "\x87\x40\x55\x7c\x70\x09\xf6\x8d\xc2\x01\x3e\x77\xb1\x68\xce\xdf" + "\xbb\x05\x84\x73\xcd\x39\x3e" + } + } + }; + + ret = gnutls_x509_ext_ct_scts_init(&scts); + if (ret < 0) + fail("gnutls_x509_ext_ct_scts_init"); + + ret = gnutls_x509_ext_ct_import_scts(ext, scts, 0); + if (ret < 0) + fail("gnutls_x509_ext_ct_import_scts"); + + for (i = 0; i < NUM_EXPECTED_SCTS; i++) { + ret = gnutls_x509_ct_sct_get_version(scts, i, &version); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + if (ret < 0) + fail("gnutls_x509_ct_sct_get_version"); + if (version != 1) + fail("invalid version"); + if (gnutls_x509_ct_sct_get(scts, i, + ×tamp, + &logid, + &sigalg, &sig) < 0) + fail("gnutls_x509_ct_sct_v1_get"); + if (logid.size != EXPECTED_LOGID_SIZE) + fail("Log ID sizes do not match for SCT %d", i); + if (memcmp(logid.data, expected_data[i].logid, EXPECTED_LOGID_SIZE) != 0) + fail("Log IDs do not match for SCT %d", i); + if (sigalg != expected_data[i].sigalg) + fail("Signature algorithms for SCT %d do not match", i); + if (sig.size != expected_data[i].sig.size) + fail("Signature sizes for SCT %d do not match", i); + if (memcmp(sig.data, expected_data[i].sig.data, sig.size) != 0) + fail("Signatures for SCT %d do not match", i); + + gnutls_free(logid.data); + gnutls_free(sig.data); + logid.size = 0; + sig.size = 0; + } + + if (i != NUM_EXPECTED_SCTS) + fail("Less than expected SCTs were seen"); + + /* Now export the whole SCT list as DER, and check if it matches + * our expected DER. */ + ret = gnutls_x509_ext_ct_export_scts(scts, &ext_out); + if (ret < 0) + fail("gnutls_x509_ext_ct_export_scts"); + + xder.data = ct_extension_der; + xder.size = sizeof(ct_extension_der); + if (ext_out.size != xder.size || + memcmp(ext_out.data, xder.data, xder.size) != 0) + fail("DERs do not match"); + + gnutls_free(ext_out.data); + + gnutls_x509_ext_ct_scts_deinit(scts); +} + +#define MAX_DATA_SIZE 1024 + +void doit(void) +{ + int ret; + bool scts_printed = 0; + size_t oidlen; + char oid[MAX_DATA_SIZE]; + gnutls_x509_crt_t cert; + gnutls_datum_t ext, xpem = { (void *) pem, sizeof(pem) - 1 }; + + global_init(); + if (debug) + gnutls_global_set_log_level(5); + + gnutls_x509_crt_init(&cert); + ret = gnutls_x509_crt_import(cert, &xpem, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("gnutls_x509_crt_import"); + + for (unsigned i = 0; ; i++) { + oidlen = MAX_DATA_SIZE; + + ret = gnutls_x509_crt_get_extension_oid(cert, i, oid, &oidlen); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + if (ret < 0) + fail("gnutls_x509_crt_get_extension_oid"); + + if (strcmp(oid, GNUTLS_X509EXT_OID_CT_SCT_V1) == 0) { + ret = gnutls_x509_crt_get_extension_data2(cert, i, &ext); + if (ret < 0) + fail("gnutls_x509_crt_get_extension_data2"); + check_scts(&ext); + scts_printed = 1; + gnutls_free(ext.data); + break; + } + } + + if (!scts_printed) + fail("SCT extension not found\n"); + + gnutls_x509_crt_deinit(cert); + + gnutls_global_deinit(); + if (debug) + success("success"); +} diff --git a/tests/x509cert-dir/ca.pem b/tests/x509cert-dir/ca.pem new file mode 100644 index 0000000..9bcfef2 --- /dev/null +++ b/tests/x509cert-dir/ca.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251 +VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw +FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA +vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T +7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi +kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T +AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak +Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy +njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW +KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+ +PfqUpIhz5Bbm7J4= +-----END CERTIFICATE----- diff --git a/tests/x509cert-dntypes.c b/tests/x509cert-dntypes.c new file mode 100644 index 0000000..10d7950 --- /dev/null +++ b/tests/x509cert-dntypes.c @@ -0,0 +1,134 @@ +/* + * Copyright (C) 2020 Pierre Ossman for Cendio AB + * + * Author: Pierre Ossman + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +/* the issuer/subject connection between the server cert and the CA + * cert uses different ASN.1 types, which is uncommon but allowed */ + +static unsigned char server_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDZTCCAc2gAwIBAgIUB7aVTQvtbBpOEtKELkBkLViM0eIwDQYJKoZIhvcNAQEL\n" + "BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yMDAzMjYxMDE4NTdaFw0yMTAzMjYx\n" + "MDE4NTdaMBYxFDASBgNVBAMMC1Rlc3QgY2xpZW50MIIBIjANBgkqhkiG9w0BAQEF\n" + "AAOCAQ8AMIIBCgKCAQEAviqj5S/xe39agbMnq/oPAQmdIhalB17Ewc3AZlD8n+zQ\n" + "scPDNvnk4gxSeSXePtXmh0OaGcBKbMAkjiyo2gPBmV3ay34LQuk97nJxE2TUAWMm\n" + "S8yFwP3yoE+GZ5eYjv+HGQxeAP9uHLjho/jHjVGgUOCVv1QjsKyRx8Tuvy9TH3ON\n" + "DuMPw3Jmnq0OhLy2+SjU0ug5jxfWJvnfeGoFzRgalmWGyoAQsH9bqha/D44QSen+\n" + "Zbbt/A4uNIILAENYuHXEfvpmBuZPpocOb6h2huGbp6iHZfdZUHso37UmWT6PXh+2\n" + "dASPaCpAr3bURBhnEsQM43njb8METZewMeoQxwZC0QIDAQABoy8wLTAMBgNVHRMB\n" + "Af8EAjAAMB0GA1UdDgQWBBSb3h7ZbajS/2RWx2a7hTVSkur0FDANBgkqhkiG9w0B\n" + "AQsFAAOCAYEAPfwyvOwNEjIvlifjBVhiWmrtZAS2YaY9jqFnaA2PvYY2FVyC3AMu\n" + "3BGAorau/4DL3P92/9SlygEmBQpqCq+AJnQRH6WKFT4avAOmw3yc0++st+DhGK0I\n" + "6Cr69WccVi0Kmxi1XP4dpPDWSuVCOP6rGc3ulgEH83xF4ZL+3qVA9Fihsie3ZZme\n" + "7mqWOznVO1MZHLDFIUEoRdOSin5bIkl7FPOCZqMsWRM41GuA1h4aX/X5dLeqRW1c\n" + "mJ5CNRWwPIPcwgqeldFnx07svCv9QseUDaIw+C9vZOlgfIgp0qeYoR6fsD38WcUC\n" + "eJPsOUwhdhMcw+/PM16iwzd89dI+PCecFY9FeLh9YeihZm0DnG8L0To1Y2ry+WRf\n" + "w5knR3FReHPcelymvSKZSEG0d/KKHXBeKWgcrCrdnn4ya71eblsNzO3vnxB5k0Zj\n" + "WcQ3wfeftQKDEIuaRHUP6B4zx2teJWMWvJLcXuavoqo0z3L5EN74RztCpnP9ykSH\n" + "ZsYWoJ3aelFv\n" + "-----END CERTIFICATE-----\n"; + +static unsigned char ca_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIID5DCCAkygAwIBAgIUB4lnLAeQ20wlYbqt5ykgvWOPNzgwDQYJKoZIhvcNAQEL\n" + "BQAwEjEQMA4GA1UEAxMHVGVzdCBDQTAeFw0yMDAzMjYxMDI0MjhaFw0yMDAzMjcx\n" + "MDI0MjhaMBIxEDAOBgNVBAMTB1Rlc3QgQ0EwggGiMA0GCSqGSIb3DQEBAQUAA4IB\n" + "jwAwggGKAoIBgQCt9z/noU7qCPquzzgwNvu/rwXyIvxmqdWhpfpBOmVq8wpgUDUU\n" + "cQ94F65UfTo3EcYXCoDs43E4Wo8KmF5YQM2xK+LrH28XmpL3z+NoQGaZoUVrMWp6\n" + "rbIeoGZvITaaGn2uEbGT7iRkBUdS4wOjUT13IxpG8cM4d0i0DIsqSlUPnQCfyMqf\n" + "jsVhO9IQsn7qMo0+2nNCI5JqblEXRvL39hHzJMOsq1NRqZO1Zjt9HCIB7m7Q42Jx\n" + "e8zm7RzTiBFVKecxb5h4mmt3tUZQ0Kjd94yE6ARSE0rULmO+6H7hgI6sU8vqfSFe\n" + "DimQ5mPReumBRDcErX+c7bRGPRul41kAB8XvPmAHG8xCepjH8xrgY/FeVBQT74xm\n" + "MEYQaxdGpa8Azx6MZCrZOI0rzu+zI0CBQGE1h1Xk8HBozrn/G2OOAZcXyzHzq56R\n" + "Z52zEQYFZmKH9tHTDI6fMfo8clr7esb/wmgEOt/lJYE9IMJrzUh+IwWuowdYaDVj\n" + "nMrboUBVepmBKSUCAwEAAaMyMDAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\n" + "rhkYiczAkbCcVfNr67VGGaqilbgwDQYJKoZIhvcNAQELBQADggGBAGYiUTKdYBXk\n" + "lZFIhZkCc33/lCgJw2mSrdAd+xJmJonRPy3qmYy3HniOmQdRVqResLALubz89VjJ\n" + "dSeokujFrlNtb4CygojseqTsxWgeZlKjLU3tJ/Xn+DFIiP7k9+WPW7KFIIW0fq61\n" + "MAI0lKjqpC8sJTlXoJemDw9MW/380nKr+K1YY3arRzsSHEIeA54xOggKEwvgz11A\n" + "47xT83WoLwFQ4e9LZfCsL/M51lsLHAlJzDKyTTeSxCi/C6kUIzx8QyxHKYgBuNxz\n" + "8vVLY/YzUv/l5ELYQ9gkAX0vZWdw7pqASUY8yvbzImrWqjFAHeN3zK687Ke9uppS\n" + "dmjvPwvTK+SKm++NR8YCwb3xqHQHMYHV3lxjlOhaN6rxBW0l4gtvb2FMlhcljiZ+\n" + "tF2ObVwEs6nqJSGrzubp0os+WmnbVSCaHz9jnRWb68C87mXCZkbA7FTSKJOVuqRM\n" + "vVTcHQ7jwGQ2/SvikndFQ53zi2j9o/jTOiFv29rEOeHu67UAiFSi2A==\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server = { server_pem, sizeof(server_pem)-1 }; +const gnutls_datum_t ca = { ca_pem, sizeof(ca_pem)-1 }; + +void doit(void) +{ + int ret; + gnutls_x509_crt_t server_crt, ca_crt; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_x509_crt_init(&server_crt); + + ret = + gnutls_x509_crt_import(server_crt, &server, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("gnutls_x509_crt_import"); + + gnutls_x509_crt_init(&ca_crt); + + ret = + gnutls_x509_crt_import(ca_crt, &ca, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("gnutls_x509_crt_import"); + + ret = gnutls_x509_crt_check_issuer(server_crt, ca_crt); + if (!ret) + fail("gnutls_x509_crt_check_issuer"); + + gnutls_x509_crt_deinit(ca_crt); + gnutls_x509_crt_deinit(server_crt); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/x509cert-invalid.c b/tests/x509cert-invalid.c new file mode 100644 index 0000000..e6f4010 --- /dev/null +++ b/tests/x509cert-invalid.c @@ -0,0 +1,137 @@ +/* + * Copyright (C) 2015 Nikos Mavrogiannopoulos + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* gnutls_trust_list_*(). + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +/* this has a different signature algorithm in tbsCertificate and signatureAlgorithm. + * the algorithm in signatureAlgorithm is wrong */ +static unsigned char inconsistent_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICwzCCAXugAwIBAgIIVOei+gI+zMYwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE\n" + "AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNTAyMjAyMTExMjJaGA85OTk5MTIzMTIz\n" + "NTk1OVowFzEVMBMGA1UEAxMMV3Jvbmcgc2lnYWxnMIGfMA0GCSqGSIb3DQEBAQUA\n" + "A4GNADCBiQKBgQDKivjLpeml2GINsAimC6xwTxj44mLcxS+u69yFXFg2Z/AepUU+\n" + "IvfqVOeRVgg1WHrh+DZLuoC6kwn7a2afUTzytrITKni+J14ENa/ZcF2MrhSM8WZ1\n" + "NWrmvUltjkbJQIwyVPuIweRH1ECqSFxVqBT8RwYZ27FzTL8WF1JnlSlKuQIDAQAB\n" + "o2EwXzAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFK9V\n" + "bbSoqbHWgZwkzN57nbmAyyTwMB8GA1UdIwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMB\n" + "A+/PMA0GCSqGSIb3DQEBBAUAA4IBMQCT2A88WEahnJgfXTjLbThqc/ICOg4dnk61\n" + "zhaTkgK3is7T8gQrTqEbaVF4qu5gOLN6Z+xluii+ApZKKpKSyYLXS6MS3nJ6xGTi\n" + "SOqixmPv7qfQnkUvUTagZymnWQ3GxRxjAv65YpmGyti+/TdkYWDQ9R/D/sWPJO8o\n" + "YrFNw1ZXAaNMg4EhhGZ4likMlww+e5NPfJsJ32AovveTFKqSrvabb4UtrUJTwsC4\n" + "Bd018g2MEhTkxeTQTqzIL98CoSBJjbbZD/YW13J/3xU590QpHTgni5hAni27IFLr\n" + "1V+UJAglBs8qYiUzv/GjwbRt8TDzYVjvc+5MvPaGpoTcmdQyi9/L+3s8J6dX3i93\n" + "TneIXeExwjTmXKL7NG+KQz9/F4FJChRXR6X1zsSB45DzoCoGMmzD\n" + "-----END CERTIFICATE-----\n"; + +/* this has a different signature algorithm in tbsCertificate and signatureAlgorithm. + * the algorithm in tbsCertificate is wrong */ +static unsigned char inconsistent2_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIC1DCCAYygAwIBAgIIVOem0AaBE/EwDQYJKoZIhvcNAQEEBQAwGTEXMBUGA1UE\n" + "AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNTAyMjAyMTI3NDRaGA85OTk5MTIzMTIz\n" + "NTk1OVowKDEmMCQGA1UEAxMdSW52YWxpZCB0YnNDZXJ0aWZpY2F0ZSBzaWdhbGcw\n" + "gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqK+Mul6aXYYg2wCKYLrHBPGPji\n" + "YtzFL67r3IVcWDZn8B6lRT4i9+pU55FWCDVYeuH4Nku6gLqTCftrZp9RPPK2shMq\n" + "eL4nXgQ1r9lwXYyuFIzxZnU1aua9SW2ORslAjDJU+4jB5EfUQKpIXFWoFPxHBhnb\n" + "sXNMvxYXUmeVKUq5AgMBAAGjYTBfMAwGA1UdEwEB/wQCMAAwDwYDVR0PAQH/BAUD\n" + "AwegADAdBgNVHQ4EFgQUr1VttKipsdaBnCTM3nuduYDLJPAwHwYDVR0jBBgwFoAU\n" + "TVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQADggExAEsjzyOB8ntk\n" + "1BW4UhHdDSOZNrR4Ep0y2B3tjoOlXmcQD50WQb7NF/vYGeZN/y+WHEF9OAnneEIi\n" + "5wRHLnm1jP/bXd5Po3EsaTLmpE7rW99DYlHaNRcF5z+a+qTdj7mRsnUtv6o2ItNT\n" + "m81yQr0Lw0D31agU9IAzeXZy+Dm6dQnO1GAaHlOJQR1PZIOzOtYxqodla0qxuvga\n" + "nL+quIR29t8nb7j+n8l1+2WxCUoxEO0wv37t3MQxjXUxzGfo5NDcXqH1364UBzdM\n" + "rOBPX50B4LUyV5gNdWMIGVSMX3fTE+j3b+60w6NALXDzGoSGLQH48hpi/Mxzqctt\n" + "gl58/RqS+nTNQ7c6QMhTj+dgaCE/DUGJJf0354dYp7p43nabr+ZtaMPUaGUQ/1UC\n" + "C5/QFweC23w=\n" + "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t inconsistent = { inconsistent_pem, sizeof(inconsistent_pem)-1 }; +const gnutls_datum_t inconsistent2 = { inconsistent2_pem, sizeof(inconsistent2_pem)-1 }; + +static time_t mytime(time_t * t) +{ + time_t then = 1424466893; + + if (t) + *t = then; + + return then; +} + +void doit(void) +{ + int ret; + gnutls_x509_crt_t crt; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_x509_crt_init(&crt); + + ret = + gnutls_x509_crt_import(crt, &inconsistent, GNUTLS_X509_FMT_PEM); + if (ret >= 0) + fail("1: gnutls_x509_crt_import"); + + gnutls_x509_crt_deinit(crt); + + gnutls_x509_crt_init(&crt); + + ret = + gnutls_x509_crt_import(crt, &inconsistent2, GNUTLS_X509_FMT_PEM); + if (ret >= 0) + fail("2: gnutls_x509_crt_import"); + + gnutls_x509_crt_deinit(crt); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/x509cert-tl.c b/tests/x509cert-tl.c new file mode 100644 index 0000000..c1a6295 --- /dev/null +++ b/tests/x509cert-tl.c @@ -0,0 +1,402 @@ +/* + * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* gnutls_trust_list_*(). + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +static unsigned char ca_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIB5zCCAVKgAwIBAgIERiYdJzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTExWhcNMDgwNDE3MTMyOTExWjAZMRcw\n" + "FQYDVQQDEw5HbnVUTFMgdGVzdCBDQTCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA\n" + "vuyYeh1vfmslnuggeEKgZAVmQ5ltSdUY7H25WGSygKMUYZ0KT74v8C780qtcNt9T\n" + "7EPH/N6RvB4BprdssgcQLsthR3XKA84jbjjxNCcaGs33lvOz8A1nf8p3hD+cKfRi\n" + "kfYSW2JazLrtCC4yRCas/SPOUxu78of+3HiTfFm/oXUCAwEAAaNDMEEwDwYDVR0T\n" + "AQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTpPBz7rZJu5gak\n" + "Viyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAiaIRqGfp1jPpNeVhABK60SU0KIAy\n" + "njuu7kHq5peUgYn8Jd9zNzExBOEp1VOipGsf6G66oQAhDFp2o8zkz7ZH71zR4HEW\n" + "KoX6n5Emn6DvcEH/9pAhnGxNHJAoS7czTKv/JDZJhkqHxyrE1fuLsg5Qv25DTw7+\n" + "PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t ca = { ca_pem, sizeof(ca_pem) }; + +static unsigned char cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" + "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" + "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" + "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" + "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" + "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" + "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" + "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" + "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" + "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; +const gnutls_datum_t cert = { cert_pem, sizeof(cert_pem) }; + +static unsigned char key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; +const gnutls_datum_t key = { key_pem, sizeof(key_pem) }; + +static unsigned char server_cert_pem[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" + "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" + "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" + "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" + "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" + "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" + "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" + "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" + "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" + "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; + +const gnutls_datum_t server_cert = { server_cert_pem, + sizeof(server_cert_pem) +}; + +static unsigned char server_key_pem[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" + "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" + "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" + "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" + "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" + "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" + "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" + "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" + "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" + "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" + "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" + "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" + "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" + "-----END RSA PRIVATE KEY-----\n"; + +static unsigned char cert_der[602] = + "\x30\x82\x02\x56\x30\x82\x01\xc1\xa0\x03\x02\x01\x02\x02\x04\x46" + "\x26\x1d\x31\x30\x0b\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05" + "\x30\x19\x31\x17\x30\x15\x06\x03\x55\x04\x03\x13\x0e\x47\x6e\x75" + "\x54\x4c\x53\x20\x74\x65\x73\x74\x20\x43\x41\x30\x1e\x17\x0d\x30" + "\x37\x30\x34\x31\x38\x31\x33\x32\x39\x32\x31\x5a\x17\x0d\x30\x38" + "\x30\x34\x31\x37\x31\x33\x32\x39\x32\x31\x5a\x30\x37\x31\x1b\x30" + "\x19\x06\x03\x55\x04\x0a\x13\x12\x47\x6e\x75\x54\x4c\x53\x20\x74" + "\x65\x73\x74\x20\x73\x65\x72\x76\x65\x72\x31\x18\x30\x16\x06\x03" + "\x55\x04\x03\x13\x0f\x74\x65\x73\x74\x2e\x67\x6e\x75\x74\x6c\x73" + "\x2e\x6f\x72\x67\x30\x81\x9c\x30\x0b\x06\x09\x2a\x86\x48\x86\xf7" + "\x0d\x01\x01\x01\x03\x81\x8c\x00\x30\x81\x88\x02\x81\x80\xd7\xba" + "\x5c\xaf\xa3\x0c\xf0\x2e\xa9\x27\x56\xaa\x53\x8e\xa8\xeb\x7f\x81" + "\x75\x4c\x6b\x98\xbe\x4a\xea\xb7\x1e\xf8\x4b\xc3\x6a\xc4\xda\x0d" + "\x00\xb8\xea\x4c\x13\x1f\x36\x16\x93\xde\x72\xef\xc6\xa4\x5e\xb2" + "\x6e\xb6\xca\x0a\x88\x55\x75\x90\x96\xed\xa6\x57\xbc\x0c\x3b\x76" + "\x0d\x97\x1e\xbd\xe9\xec\x7f\xd3\xa9\xec\xfb\x85\x64\xa0\x6b\xa0" + "\x48\xce\x77\x7e\x73\x9c\x31\x13\xff\x3d\xc8\xae\xa5\x60\x6e\xd9" + "\xb6\x8c\x5a\x9a\x6f\xb6\xbe\x9f\x6a\xbd\xa7\xf0\xa0\x33\x27\xf5" + "\xb7\x1d\x92\xe5\x96\x9c\x73\x52\xd6\x9f\xd6\xc8\x8e\xb1\x02\x03" + "\x01\x00\x01\xa3\x81\x93\x30\x81\x90\x30\x0c\x06\x03\x55\x1d\x13" + "\x01\x01\xff\x04\x02\x30\x00\x30\x1a\x06\x03\x55\x1d\x11\x04\x13" + "\x30\x11\x82\x0f\x74\x65\x73\x74\x2e\x67\x6e\x75\x74\x6c\x73\x2e" + "\x6f\x72\x67\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08" + "\x2b\x06\x01\x05\x05\x07\x03\x01\x30\x0f\x06\x03\x55\x1d\x0f\x01" + "\x01\xff\x04\x05\x03\x03\x07\xa0\x00\x30\x1d\x06\x03\x55\x1d\x0e" + "\x04\x16\x04\x14\xeb\xc7\x45\x6e\xe5\xf8\x25\xca\x8c\x8d\x83\x0d" + "\x74\xe9\x86\xd4\xdd\x55\xb4\x75\x30\x1f\x06\x03\x55\x1d\x23\x04" + "\x18\x30\x16\x80\x14\xe9\x3c\x1c\xfb\xad\x92\x6e\xe6\x06\xa4\x56" + "\x2c\xa2\xe1\xc0\x53\x27\xc8\xf2\x95\x30\x0b\x06\x09\x2a\x86\x48" + "\x86\xf7\x0d\x01\x01\x05\x03\x81\x81\x00\x68\x51\x0f\x4e\xdf\xbb" + "\x6f\x3b\xc1\xb8\xe7\xfb\xf9\x09\x9e\x41\xc9\xf6\xf6\x44\xfa\x06" + "\xcc\xa1\xd5\x11\xc9\x5d\xff\x0a\x4e\x4e\x50\x45\xfc\x29\xea\x88" + "\x1b\xa7\xde\x09\x41\x67\x0d\x43\xf4\xbb\x60\x31\x47\x82\x50\xf5" + "\x03\x05\x0d\x05\x15\xf0\x77\x7a\xe2\x52\xc3\x27\xb3\x18\x1e\x48" + "\x3c\x58\x05\xf2\x58\x6c\x32\xde\xa2\x13\x41\xb2\xa6\x8f\x0c\x96" + "\xfb\x5d\xa8\xa5\x59\xb3\x10\x29\xf0\x1b\x15\x0f\x1c\x9c\xec\x60" + "\xac\xe2\x8b\x51\x04\x56\x27\x42\xb7\x1f\x25\xd1\x32\x16\xea\x8d" + "\xd2\xc8\x69\x08\x82\xbd\x02\xee\x8b\x3a"; + +const gnutls_datum_t server_key = { server_key_pem, + sizeof(server_key_pem) +}; + +static time_t mytime(time_t * t) +{ + time_t then = 1207000800; + + if (t) + *t = then; + + return then; +} + +static void check_stored_algos(gnutls_x509_crt_t server_crt) +{ + int ret; + char oid[256]; + size_t oid_size; + + oid_size = sizeof(oid); + ret = gnutls_x509_crt_get_signature_oid(server_crt, oid, &oid_size); + if (ret < 0) { + fail("cannot get signature algorithm: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (strcmp(oid, "1.2.840.113549.1.1.5") != 0) { + fail("detected wrong algorithm OID: %s\n", oid); + exit(1); + } + + ret = gnutls_x509_crt_get_signature_algorithm(server_crt); + if (ret != GNUTLS_SIGN_RSA_SHA1) { + fail("detected wrong algorithm: %s\n", gnutls_sign_get_name(ret)); + exit(1); + } + + /* PK */ + oid_size = sizeof(oid); + ret = gnutls_x509_crt_get_pk_oid(server_crt, oid, &oid_size); + if (ret < 0) { + fail("cannot get PK algorithm: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (strcmp(oid, "1.2.840.113549.1.1.1") != 0) { + fail("detected wrong PK algorithm OID: %s\n", oid); + exit(1); + } + + ret = gnutls_x509_crt_get_pk_algorithm(server_crt, NULL); + if (ret != GNUTLS_PK_RSA) { + fail("detected wrong PK algorithm: %s\n", gnutls_pk_get_name(ret)); + exit(1); + } + +} + +#define NAME "localhost" +#define NAME_SIZE (sizeof(NAME)-1) +void doit(void) +{ + int ret; + const char *path; + gnutls_datum_t data; + gnutls_x509_crt_t server_crt, ca_crt2; + gnutls_x509_trust_list_t tl; + unsigned int status; + gnutls_typed_vdata_st vdata; + gnutls_digest_algorithm_t hash; + unsigned int mand; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_time_function(mytime); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + /* test for gnutls_certificate_get_issuer() */ + gnutls_x509_trust_list_init(&tl, 0); + + gnutls_x509_crt_init(&server_crt); + gnutls_x509_crt_init(&ca_crt2); + + path = getenv("X509CERTDIR"); + if (!path) + path = "./x509cert-dir"; + + ret = + gnutls_x509_crt_import(server_crt, &cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("gnutls_x509_crt_import"); + + check_stored_algos(server_crt); + + ret = gnutls_x509_crt_get_preferred_hash_algorithm(server_crt, &hash, &mand); + if (ret < 0) { + fail("error in gnutls_x509_crt_get_preferred_hash_algorithm: %s\n", gnutls_strerror(ret)); + exit(1); + } + + if (mand != 0 || hash != GNUTLS_DIG_SHA256) { + fail("gnutls_x509_crt_get_preferred_hash_algorithm returned: %s/%d\n", gnutls_digest_get_name(hash), mand); + exit(1); + } + + ret = gnutls_x509_crt_import(ca_crt2, &ca, GNUTLS_X509_FMT_PEM); + if (ret < 0) + fail("gnutls_x509_crt_import"); + + ret = + gnutls_x509_trust_list_add_named_crt(tl, server_crt, NAME, + NAME_SIZE, 0); + if (ret < 0) + fail("gnutls_x509_trust_list_add_named_crt"); + + ret = + gnutls_x509_trust_list_verify_named_crt(tl, server_crt, NAME, + NAME_SIZE, 0, &status, + NULL); + if (ret < 0 || status != 0) + fail("gnutls_x509_trust_list_verify_named_crt: %d\n", + __LINE__); + + ret = + gnutls_x509_trust_list_verify_named_crt(tl, server_crt, NAME, + NAME_SIZE - 1, 0, + &status, NULL); + if (ret < 0 || status == 0) + fail("gnutls_x509_trust_list_verify_named_crt: %d\n", + __LINE__); + + ret = + gnutls_x509_trust_list_verify_named_crt(tl, server_crt, + "other", 5, 0, &status, + NULL); + if (ret < 0 || status == 0) + fail("gnutls_x509_trust_list_verify_named_crt: %d\n", + __LINE__); + + /* check whether the name-only verification works */ + vdata.type = GNUTLS_DT_DNS_HOSTNAME; + vdata.data = (void*)NAME; + vdata.size = NAME_SIZE; + ret = + gnutls_x509_trust_list_verify_crt2(tl, &server_crt, 1, &vdata, 1, + GNUTLS_VERIFY_ALLOW_BROKEN, &status, NULL); + if (ret < 0 || status != 0) + fail("gnutls_x509_trust_list_verify_crt2 - 1: status: %x\n", status); + + vdata.type = GNUTLS_DT_DNS_HOSTNAME; + vdata.data = (void*)NAME; + vdata.size = NAME_SIZE-2; + ret = + gnutls_x509_trust_list_verify_crt2(tl, &server_crt, 1, &vdata, 1, + 0, &status, NULL); + if (ret < 0 || status == 0) + fail("gnutls_x509_trust_list_verify_crt2 - 2: status: %x\n", status); + + + /* check whether the key verification works */ + ret = gnutls_x509_trust_list_add_trust_dir(tl, path, NULL, GNUTLS_X509_FMT_PEM, 0, 0); + if (ret != 1) + fail("gnutls_x509_trust_list_add_trust_dir: %d\n", ret); + + ret = + gnutls_x509_trust_list_verify_crt(tl, &server_crt, 1, GNUTLS_VERIFY_ALLOW_BROKEN, + &status, NULL); + if (ret < 0 || status != 0) + fail("gnutls_x509_trust_list_verify_crt\n"); + + + + /* test convenience functions in verify-high2.c */ + data.data = cert_pem; + data.size = strlen((char *) cert_pem); + ret = + gnutls_x509_trust_list_add_trust_mem(tl, &data, NULL, + GNUTLS_X509_FMT_PEM, 0, + 0); + if (ret < 1) + fail("gnutls_x509_trust_list_add_trust_mem: %d (%s)\n", + __LINE__, gnutls_strerror(ret)); + + ret = + gnutls_x509_trust_list_remove_trust_mem(tl, &data, + GNUTLS_X509_FMT_PEM); + if (ret < 1) + fail("gnutls_x509_trust_list_add_trust_mem: %d (%s)\n", + __LINE__, gnutls_strerror(ret)); + + data.data = cert_der; + data.size = sizeof(cert_der); + ret = + gnutls_x509_trust_list_add_trust_mem(tl, &data, NULL, + GNUTLS_X509_FMT_DER, 0, + 0); + if (ret < 1) + fail("gnutls_x509_trust_list_add_trust_mem: %d (%s)\n", + __LINE__, gnutls_strerror(ret)); + + ret = + gnutls_x509_trust_list_remove_trust_mem(tl, &data, + GNUTLS_X509_FMT_DER); + if (ret < 1) + fail("gnutls_x509_trust_list_add_trust_mem: %d (%s)\n", + __LINE__, gnutls_strerror(ret)); + + ret = gnutls_x509_trust_list_remove_cas(tl, &ca_crt2, 1); + if (ret < 1) + fail("gnutls_x509_trust_list_add_cas"); + + ret = + gnutls_x509_trust_list_verify_crt(tl, &server_crt, 1, 0, + &status, NULL); + if (ret == 0 && status == 0) + fail("gnutls_x509_trust_list_verify_crt\n"); + + gnutls_x509_trust_list_deinit(tl, 1); + gnutls_x509_crt_deinit(ca_crt2); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/x509cert.c b/tests/x509cert.c new file mode 100644 index 0000000..fe38fc2 --- /dev/null +++ b/tests/x509cert.c @@ -0,0 +1,260 @@ +/* + * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#if !defined(_WIN32) +#include +#include +#include +#include +#endif +#include +#include +#include + +#include "utils.h" +#include "cert-common.h" + +/* Test for gnutls_certificate_get_issuer() and implicitly for + * gnutls_trust_list_get_issuer(). + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d>| %s", level, str); +} + +static char buf[16*1024]; + +#define LIST_SIZE 3 +void doit(void) +{ + gnutls_certificate_credentials_t x509_cred; + int ret; + unsigned int i; + gnutls_x509_crt_t issuer; + gnutls_x509_crt_t list[LIST_SIZE]; + char dn[128]; + size_t dn_size; + unsigned int list_size; + size_t buf_size; + + gnutls_x509_privkey_t get_key; + gnutls_x509_crt_t *get_crts; + unsigned n_get_crts; + gnutls_datum_t get_datum, chain_datum[2] = {server_ca3_cert, subca3_cert}; + gnutls_x509_trust_list_t trust_list; + gnutls_x509_trust_list_iter_t trust_iter; + gnutls_x509_crt_t get_ca_crt; + unsigned n_get_ca_crts; + + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_mem(x509_cred, &server_ca3_cert_chain, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + + /* test for gnutls_certificate_get_issuer() */ + + /* check whether gnutls_x509_crt_list_import will fail if given a single + * certificate */ + list_size = LIST_SIZE; + ret = + gnutls_x509_crt_list_import(list, &list_size, &ca3_cert, + GNUTLS_X509_FMT_PEM, + GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); + if (ret < 0) + fail("gnutls_x509_crt_list_import (failed with a single cert)"); + gnutls_x509_crt_deinit(list[0]); + + list_size = LIST_SIZE; + ret = + gnutls_x509_crt_list_import(list, &list_size, &cli_ca3_cert_chain, + GNUTLS_X509_FMT_PEM, + GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED); + if (ret < 0) + fail("gnutls_x509_crt_list_import"); + + ret = + gnutls_certificate_get_issuer(x509_cred, list[list_size-1], &issuer, 0); + if (ret < 0) + fail("gnutls_certificate_get_isser"); + + ret = + gnutls_certificate_get_issuer(x509_cred, list[list_size-1], &issuer, GNUTLS_TL_GET_COPY); + if (ret < 0) + fail("gnutls_certificate_get_isser"); + + dn_size = sizeof(dn); + ret = gnutls_x509_crt_get_dn(issuer, dn, &dn_size); + if (ret < 0) + fail("gnutls_certificate_get_dn"); + gnutls_x509_crt_deinit(issuer); + + if (dn_size != strlen(dn)) { + fail("gnutls_x509_crt_get_dn: lengths don't match\n"); + exit(1); + } + + if (debug) + fprintf(stderr, "Issuer's DN: %s\n", dn); + + /* test the getter functions of gnutls_certificate_credentials_t */ + + ret = + gnutls_certificate_get_x509_key(x509_cred, 0, &get_key); + if (ret < 0) + fail("gnutls_certificate_get_x509_key"); + + ret = + gnutls_x509_privkey_export2(get_key, + GNUTLS_X509_FMT_PEM, + &get_datum); + if (ret < 0) + fail("gnutls_x509_privkey_export2"); + + if (get_datum.size != server_ca3_key.size || + memcmp(get_datum.data, server_ca3_key.data, get_datum.size) != 0) { + fail( + "exported key %u vs. %u\n\n%s\n\nvs.\n\n%s", + get_datum.size, server_ca3_key.size, + get_datum.data, server_ca3_key.data); + } + + if (strlen((char*)get_datum.data) != get_datum.size) { + fail("exported key %u vs. %u\n\n%s\n", + get_datum.size, (unsigned)strlen((char*)get_datum.data), + get_datum.data); + } + + gnutls_free(get_datum.data); + + buf_size = sizeof(buf); + ret = + gnutls_x509_privkey_export(get_key, + GNUTLS_X509_FMT_PEM, + buf, &buf_size); + if (ret < 0) + fail("gnutls_x509_privkey_export"); + + if (buf_size != get_datum.size || + buf_size != strlen(buf) || + memcmp(buf, server_ca3_key.data, buf_size) != 0) { + fail( + "exported key %u vs. %u\n\n%s\n\nvs.\n\n%s", + (int)buf_size, server_ca3_key.size, + buf, server_ca3_key.data); + } + + ret = + gnutls_certificate_get_x509_crt(x509_cred, 0, &get_crts, &n_get_crts); + if (ret < 0) + fail("gnutls_certificate_get_x509_crt"); + if (n_get_crts != 2) + fail("gnutls_certificate_get_x509_crt: n_crts != 2"); + + for (i = 0; i < n_get_crts; i++) { + ret = + gnutls_x509_crt_export2(get_crts[i], + GNUTLS_X509_FMT_PEM, + &get_datum); + if (ret < 0) + fail("gnutls_x509_crt_export2"); + + if (get_datum.size != chain_datum[i].size || + memcmp(get_datum.data, chain_datum[i].data, get_datum.size) != 0) { + fail( + "exported certificate %u vs. %u\n\n%s\n\nvs.\n\n%s", + get_datum.size, chain_datum[i].size, + get_datum.data, chain_datum[i].data); + } + + gnutls_free(get_datum.data); + } + + gnutls_certificate_get_trust_list(x509_cred, &trust_list); + + n_get_ca_crts = 0; + trust_iter = NULL; + while (gnutls_x509_trust_list_iter_get_ca(trust_list, + &trust_iter, + &get_ca_crt) != + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + ret = + gnutls_x509_crt_export2(get_ca_crt, + GNUTLS_X509_FMT_PEM, + &get_datum); + if (ret < 0) + fail("gnutls_x509_crt_export2"); + + if (get_datum.size != ca3_cert.size || + memcmp(get_datum.data, ca3_cert.data, get_datum.size) != 0) { + fail( + "exported CA certificate %u vs. %u\n\n%s\n\nvs.\n\n%s", + get_datum.size, ca3_cert.size, + get_datum.data, ca3_cert.data); + } + + gnutls_x509_crt_deinit(get_ca_crt); + gnutls_free(get_datum.data); + + ++n_get_ca_crts; + } + + if (n_get_ca_crts != 1) + fail("gnutls_x509_trust_list_iter_get_ca: n_cas != 1"); + if (trust_iter != NULL) + fail("gnutls_x509_trust_list_iter_get_ca: iterator not NULL after iteration"); + + gnutls_x509_privkey_deinit(get_key); + for (i = 0; i < n_get_crts; i++) + gnutls_x509_crt_deinit(get_crts[i]); + gnutls_free(get_crts); + + for (i = 0; i < list_size; i++) + gnutls_x509_crt_deinit(list[i]); + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("success"); +} diff --git a/tests/x509dn.c b/tests/x509dn.c new file mode 100644 index 0000000..2ca592f --- /dev/null +++ b/tests/x509dn.c @@ -0,0 +1,374 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include "cert-common.h" + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include +#include +#include +#include + +#include "utils.h" + +#include "ex-session-info.c" +#include "ex-x509-info.c" + +pid_t child; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, + str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + +#define EXPECT_RDN0 "CA-3" + +static int +cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_pcert_st ** pcert, + unsigned int *pcert_length, gnutls_privkey_t * pkey) +{ + int result; + gnutls_x509_dn_t dn; + + if (nreqs != 1) { + fail("client: invoked to provide client cert, but %d CAs are requested by server.\n", + nreqs); + return -1; + } + + if (debug) + success("client: invoked to provide client cert.\n"); + + result = gnutls_x509_dn_init(&dn); + if (result < 0) { + fail("client: could not initialize DN.\n"); + return -1; + } + + result = gnutls_x509_dn_import(dn, req_ca_rdn); + if (result == 0) { + gnutls_x509_ava_st val; + + if (debug) + success("client: imported DN.\n"); + + if (gnutls_x509_dn_get_rdn_ava(dn, 0, 0, &val) == 0) { + if (debug) + success("client: got RDN 0.\n"); + + if (val.value.size == strlen(EXPECT_RDN0) + && strncmp((char *) val.value.data, + EXPECT_RDN0, val.value.size) == 0) { + if (debug) + success + ("client: RND 0 correct.\n"); + } else { + fail("client: RND 0 bad: %.*s\n", + val.value.size, val.value.data); + return -1; + } + } else { + fail("client: could not retrieve RDN 0.\n"); + return -1; + } + + gnutls_x509_dn_deinit(dn); + } else { + fail("client: failed to parse RDN: %s\n", + gnutls_strerror(result)); + } + + return 0; +} + + +static void client(int sd, const char *prio) +{ + int ret, ii; + gnutls_session_t session = NULL; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + gnutls_certificate_allocate_credentials(&xcred); + + /* sets the trusted cas file + */ + ret = gnutls_certificate_set_x509_trust_mem(xcred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + if (ret <= 0) { + fail("client: no CAs loaded!\n"); + goto end; + } + + gnutls_certificate_set_retrieve_function2(xcred, cert_callback); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + /* put the x509 credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + if (debug) + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + if (debug) + print_info(session); + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); +} + +/* This is a sample TLS 1.0 echo server, using X.509 authentication. + */ + +#define MAX_BUF 1024 + +static void server(int sd, const char *prio) +{ + gnutls_certificate_credentials_t x509_cred; + int ret; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + /* this must be called once in the program + */ + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + gnutls_certificate_allocate_credentials(&x509_cred); + ret = gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + if (ret == 0) { + fail("server: no CAs loaded\n"); + } + + gnutls_certificate_set_x509_key_mem(x509_cred, + &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + + gnutls_init(&session, GNUTLS_SERVER); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + /* request client certificate if any. + */ + gnutls_certificate_server_set_request(session, + GNUTLS_CERT_REQUEST); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, get_timeout()); + + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) + success("server: Handshake was completed\n"); + + if (debug) + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + if (debug) + print_info(session); + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + +static +void start(const char *prio) +{ + int sockets[2]; + int err; + + success("trying %s\n", prio); + + signal(SIGPIPE, SIG_IGN); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + close(sockets[1]); + server(sockets[0], prio); + wait(&status); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1], prio); + exit(0); + } +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL"); +} + +#endif /* _WIN32 */ diff --git a/tests/x509self.c b/tests/x509self.c new file mode 100644 index 0000000..b22dfea --- /dev/null +++ b/tests/x509self.c @@ -0,0 +1,370 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Copyright (C) 2013 Adam Sampson + * + * Author: Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include "cert-common.h" + +#if defined(_WIN32) + +/* socketpair isn't supported on Win32. */ +int main(int argc, char **argv) +{ + exit(77); +} + +#else + +#include +#include +#include +#if !defined(_WIN32) +#include +#endif +#include +#include + +#include "utils.h" + +#include "ex-session-info.c" +#include "ex-x509-info.c" + +pid_t child; + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "%s |<%d>| %s", child ? "server" : "client", level, + str); +} + +#define MAX_BUF 1024 +#define MSG "Hello TLS" + + +static void client(int sd, const char *prio) +{ + int ret, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + gnutls_certificate_credentials_t tst_cred; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&xcred); + + /* sets the trusted cas file + */ + gnutls_certificate_set_x509_trust_mem(xcred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_x509_key_mem(xcred, &cli_ca3_cert, &cli_ca3_key, + GNUTLS_X509_FMT_PEM); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + /* put the x509 credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fail("client: Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else if (debug) { + success("client: Handshake was completed\n"); + } + + if (debug) + success("client: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + + /* see the Getting peer's information example */ + if (debug) + print_info(session); + + ret = gnutls_credentials_get(session, GNUTLS_CRD_CERTIFICATE, (void**)&tst_cred); + if (ret < 0) { + fail("client: gnutls_credentials_get failed: %s\n", gnutls_strerror(ret)); + } + if (tst_cred != xcred) { + fail("client: gnutls_credentials_get returned invalid value\n"); + } + + ret = gnutls_record_send(session, MSG, strlen(MSG)); + + if (ret == strlen(MSG)) { + if (debug) + success("client: sent record.\n"); + } else { + fail("client: failed to send record.\n"); + gnutls_perror(ret); + goto end; + } + + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (debug) + success("client: recv returned %d.\n", ret); + + if (ret == GNUTLS_E_REHANDSHAKE) { + if (debug) + success("client: doing handshake!\n"); + ret = gnutls_handshake(session); + if (ret == 0) { + if (debug) + success + ("client: handshake complete, reading again.\n"); + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } else { + fail("client: handshake failed.\n"); + } + } + + if (ret == 0) { + if (debug) + success + ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fail("client: Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (debug) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); +} + +/* This is a sample TLS 1.0 echo server, using X.509 authentication. + */ + +#define MAX_BUF 1024 +#define DH_BITS 1024 + + +static void server(int sd, const char *prio) +{ + int ret; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t x509_cred; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_mem(x509_cred, &ca3_cert, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_mem(x509_cred, + &server_ca3_localhost_cert, + &server_ca3_key, + GNUTLS_X509_FMT_PEM); + + if (debug) + success("Launched, generating DH parameters...\n"); + + gnutls_init(&session, GNUTLS_SERVER); + + assert(gnutls_priority_set_direct(session, prio, NULL)>=0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); + + /* request client certificate if any. + Moved to later on to be able to test re-handshakes. + gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); + */ + + gnutls_dh_set_prime_bits(session, DH_BITS); + + + gnutls_transport_set_int(session, sd); + ret = gnutls_handshake(session); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fail("server: Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + return; + } + if (debug) { + success("server: Handshake was completed\n"); + success("server: TLS version is: %s\n", + gnutls_protocol_get_name + (gnutls_protocol_get_version(session))); + } + + /* see the Getting peer's information example */ + if (debug) + print_info(session); + + for (;;) { + memset(buffer, 0, MAX_BUF + 1); + do { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + } while(ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == 0) { + if (debug) + success + ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) { + fail("server: Received corrupted data(%s). Closing...\n", gnutls_strerror(ret)); + break; + } else if (ret > 0) { + gnutls_certificate_server_set_request(session, + GNUTLS_CERT_REQUEST); + + if (debug) + success + ("server: got data, forcing rehandshake.\n"); + + ret = gnutls_rehandshake(session); + if (ret < 0) { + fail("server: rehandshake failed\n"); + gnutls_perror(ret); + break; + } + + ret = gnutls_handshake(session); + if (ret < 0) { + fail("server: (re)handshake failed\n"); + gnutls_perror(ret); + break; + } + + if (debug) + success("server: rehandshake complete.\n"); + + /* echo data back to the client + */ + gnutls_record_send(session, buffer, + strlen(buffer)); + } + } + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + gnutls_certificate_free_credentials(x509_cred); + + gnutls_global_deinit(); + + if (debug) + success("server: finished\n"); +} + + +static +void start(const char *prio) +{ + int sockets[2]; + int err; + + success("trying %s\n", prio); + + signal(SIGPIPE, SIG_IGN); + + err = socketpair(AF_UNIX, SOCK_STREAM, 0, sockets); + if (err == -1) { + perror("socketpair"); + fail("socketpair failed\n"); + return; + } + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + + close(sockets[1]); + server(sockets[0], prio); + wait(&status); + check_wait_status(status); + } else { + close(sockets[0]); + client(sockets[1], prio); + exit(0); + } +} + +void doit(void) +{ + start("NORMAL:-VERS-ALL:+VERS-TLS1.3"); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2"); + start("NORMAL"); +} + +#endif /* _WIN32 */ diff --git a/tests/x509sign-verify-common.h b/tests/x509sign-verify-common.h new file mode 100644 index 0000000..6b74985 --- /dev/null +++ b/tests/x509sign-verify-common.h @@ -0,0 +1,231 @@ +#ifndef GNUTLS_TESTS_X509SIGN_VERIFY_COMMON_H +#define GNUTLS_TESTS_X509SIGN_VERIFY_COMMON_H + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +/* sha1 hash of "hello" string */ +const gnutls_datum_t sha1_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 20 +}; + +/* sha1 hash of "hello" string */ +const gnutls_datum_t sha256_data = { + (void *) + "\x2c\xf2\x4d\xba\x5f\xb0\xa3\x0e\x26\xe8" + "\x3b\x2a\xc5\xb9\xe2\x9e\x1b\x16\x1e\x5c" + "\x1f\xa7\x42\x5e\x73\x04\x33\x62\x93\x8b" + "\x98\x24", + 32 +}; + +/* gost r 34.11-94 hash of "hello" string */ +const gnutls_datum_t gostr94_data = { + (void *) + "\x92\xea\x6d\xdb\xaf\x40\x02\x0d\xf3\x65" + "\x1f\x27\x8f\xd7\x15\x12\x17\xa2\x4a\xa8" + "\xd2\x2e\xbd\x25\x19\xcf\xd4\xd8\x9e\x64" + "\x50\xea", + 32 +}; + +/* Streebog-256 hash of "hello" string */ +const gnutls_datum_t streebog256_data = { + (void *) + "\x3f\xb0\x70\x0a\x41\xce\x6e\x41\x41\x3b" + "\xa7\x64\xf9\x8b\xf2\x13\x5b\xa6\xde\xd5" + "\x16\xbe\xa2\xfa\xe8\x42\x9c\xc5\xbd\xd4" + "\x6d\x6d", + 32 +}; + +/* Streebog-512 hash of "hello" string */ +const gnutls_datum_t streebog512_data = { + (void *) + "\x8d\xf4\x14\x26\x09\x66\xbe\xb7\xb3\x4d" + "\x92\x07\x63\x07\x9e\x15\xdf\x1f\x63\x29" + "\x7e\xb3\xdd\x43\x11\xe8\xb5\x85\xd4\xbf" + "\x2f\x59\x23\x21\x4f\x1d\xfe\xd3\xfd\xee" + "\x4a\xaf\x01\x83\x30\xa1\x2a\xcd\xe0\xef" + "\xcc\x33\x8e\xb5\x29\x22\xf3\xe5\x71\x21" + "\x2d\x42\xc8\xde", + 64 +}; + +const gnutls_datum_t invalid_hash_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xca\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xb9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t raw_data = { + (void *)"hello", + 5 +}; + + +static void print_keys(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey) +{ + gnutls_x509_privkey_t xkey; + gnutls_datum_t out; + int ret = gnutls_privkey_export_x509(privkey, &xkey); + + if (ret < 0) + fail("error in privkey export\n"); + + ret = gnutls_x509_privkey_export2(xkey, GNUTLS_X509_FMT_PEM, &out); + if (ret < 0) + fail("error in privkey export\n"); + + fprintf(stderr, "%s\n", out.data); + gnutls_free(out.data); + + ret = gnutls_pubkey_export2(pubkey, GNUTLS_X509_FMT_PEM, &out); + if (ret < 0) + fail("error in pubkey export\n"); + + fprintf(stderr, "%s\n", out.data); + gnutls_free(out.data); + + gnutls_x509_privkey_deinit(xkey); +} + +#define ERR fail("Failure at: %s (%s-%s) (iter: %d)\n", gnutls_sign_get_name(sign_algo), gnutls_pk_get_name(pk), gnutls_digest_get_name(hash), j); +static +void test_sig(gnutls_pk_algorithm_t pk, unsigned hash, unsigned bits) +{ + gnutls_pubkey_t pubkey; + gnutls_privkey_t privkey; + gnutls_sign_algorithm_t sign_algo; + gnutls_datum_t signature; + const gnutls_datum_t *hash_data; + int ret; + unsigned j; + unsigned vflags = 0; + + if (hash == GNUTLS_DIG_SHA1) { + hash_data = &sha1_data; + vflags |= GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1; + } else if (hash == GNUTLS_DIG_SHA256) + hash_data = &sha256_data; + else if (hash == GNUTLS_DIG_GOSTR_94) { + hash_data = &gostr94_data; + vflags |= GNUTLS_VERIFY_ALLOW_BROKEN; + } else if (hash == GNUTLS_DIG_STREEBOG_256) + hash_data = &streebog256_data; + else if (hash == GNUTLS_DIG_STREEBOG_512) + hash_data = &streebog512_data; + else + abort(); + + sign_algo = + gnutls_pk_to_sign(pk, hash); + + for (j = 0; j < 100; j++) { + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + ERR; + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + ERR; + + ret = gnutls_privkey_generate(privkey, pk, bits, 0); + if (ret < 0) + ERR; + + ret = + gnutls_privkey_sign_hash(privkey, hash, + 0, hash_data, + &signature); + if (ret < 0) + ERR; + + ret = gnutls_pubkey_import_privkey(pubkey, privkey, GNUTLS_KEY_DIGITAL_SIGNATURE, 0); + if (ret < 0) + ERR; + + ret = + gnutls_pubkey_verify_hash2(pubkey, + sign_algo, vflags, + hash_data, &signature); + if (ret < 0) { + print_keys(privkey, pubkey); + ERR; + } + + /* should fail */ + ret = + gnutls_pubkey_verify_hash2(pubkey, + sign_algo, vflags, + &invalid_hash_data, + &signature); + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) { + print_keys(privkey, pubkey); + ERR; + } + + sign_algo = + gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm + (pubkey, NULL), hash); + + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, vflags, + hash_data, &signature); + if (ret < 0) + ERR; + + /* should fail */ + ret = + gnutls_pubkey_verify_hash2(pubkey, sign_algo, vflags, + &invalid_hash_data, + &signature); + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) { + print_keys(privkey, pubkey); + ERR; + } + + /* test the raw interface */ + gnutls_free(signature.data); + signature.data = NULL; + + if (pk == GNUTLS_PK_RSA) { + ret = + gnutls_privkey_sign_hash(privkey, + hash, + GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) + ERR; + + sign_algo = + gnutls_pk_to_sign + (gnutls_pubkey_get_pk_algorithm + (pubkey, NULL), hash); + + ret = + gnutls_pubkey_verify_hash2(pubkey, + sign_algo, + vflags|GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA, + hash_data, + &signature); + if (ret < 0) { + print_keys(privkey, pubkey); + ERR; + } + + } + gnutls_free(signature.data); + gnutls_privkey_deinit(privkey); + gnutls_pubkey_deinit(pubkey); + } +} + +#endif /* GNUTLS_TESTS_X509SIGN_VERIFY_COMMON_H */ diff --git a/tests/x509sign-verify-ecdsa.c b/tests/x509sign-verify-ecdsa.c new file mode 100644 index 0000000..e34ee24 --- /dev/null +++ b/tests/x509sign-verify-ecdsa.c @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos, Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +# include +# include +#endif +#include +#include +#include + +#include "utils.h" + +#include "x509sign-verify-common.h" + +void doit(void) +{ + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + test_sig(GNUTLS_PK_EC, GNUTLS_DIG_SHA1, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1)); + test_sig(GNUTLS_PK_EC, GNUTLS_DIG_SHA256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP256R1)); + test_sig(GNUTLS_PK_EC, GNUTLS_DIG_SHA256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP384R1)); + test_sig(GNUTLS_PK_EC, GNUTLS_DIG_SHA256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_SECP521R1)); + + gnutls_global_deinit(); +} diff --git a/tests/x509sign-verify-error.c b/tests/x509sign-verify-error.c new file mode 100644 index 0000000..97c9666 --- /dev/null +++ b/tests/x509sign-verify-error.c @@ -0,0 +1,197 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos, Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "utils.h" + +/* Verify whether gnutls_privkey_sign_hash() will fail + * if the library is in error state. + */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +/* sha1 hash of "hello" string */ +const gnutls_datum_t hash_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t invalid_hash_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xca\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xb9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t raw_data = { + (void *) "hello", + 5 +}; + +static char pem1_cert[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n" + "GQYDVQQDExJHbnVUTFMgdGVzdCBjbGllbnQwgZwwCwYJKoZIhvcNAQEBA4GMADCB\n" + "iAKBgLtmQ/Xyxde2jMzF3/WIO7HJS2oOoa0gUEAIgKFPXKPQ+GzP5jz37AR2ExeL\n" + "ZIkiW8DdU3w77XwEu4C5KL6Om8aOoKUSy/VXHqLnu7czSZ/ju0quak1o/8kR4jKN\n" + "zj2AC41179gAgY8oBAOgIo1hBAf6tjd9IQdJ0glhaZiQo1ipAgMBAAGjdjB0MAwG\n" + "A1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDwYDVR0PAQH/BAUDAweg\n" + "ADAdBgNVHQ4EFgQUTLkKm/odNON+3svSBxX+odrLaJEwHwYDVR0jBBgwFoAU6Twc\n" + "+62SbuYGpFYsouHAUyfI8pUwCwYJKoZIhvcNAQEFA4GBALujmBJVZnvaTXr9cFRJ\n" + "jpfc/3X7sLUsMvumcDE01ls/cG5mIatmiyEU9qI3jbgUf82z23ON/acwJf875D3/\n" + "U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n" + "dc8Siq5JojruiMizAf0pA7in\n" "-----END CERTIFICATE-----\n"; + +static char pem1_key[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n" + "9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n" + "aP/JEeIyjc49gAuNde/YAIGPKAQDoCKNYQQH+rY3fSEHSdIJYWmYkKNYqQIDAQAB\n" + "AoGADpmARG5CQxS+AesNkGmpauepiCz1JBF/JwnyiX6vEzUh0Ypd39SZztwrDxvF\n" + "PJjQaKVljml1zkJpIDVsqvHdyVdse8M+Qn6hw4x2p5rogdvhhIL1mdWo7jWeVJTF\n" + "RKB7zLdMPs3ySdtcIQaF9nUAQ2KJEvldkO3m/bRJFEp54k0CQQDYy+RlTmwRD6hy\n" + "7UtMjR0H3CSZJeQ8svMCxHLmOluG9H1UKk55ZBYfRTsXniqUkJBZ5wuV1L+pR9EK\n" + "ca89a+1VAkEA3UmBelwEv2u9cAU1QjKjmwju1JgXbrjEohK+3B5y0ESEXPAwNQT9\n" + "TrDM1m9AyxYTWLxX93dI5QwNFJtmbtjeBQJARSCWXhsoaDRG8QZrCSjBxfzTCqZD\n" + "ZXtl807ymCipgJm60LiAt0JLr4LiucAsMZz6+j+quQbSakbFCACB8SLV1QJBAKZQ\n" + "YKf+EPNtnmta/rRKKvySsi3GQZZN+Dt3q0r094XgeTsAqrqujVNfPhTMeP4qEVBX\n" + "/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n" + "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n" + "-----END RSA PRIVATE KEY-----\n"; + +static char pem2_cert[] = + "-----BEGIN CERTIFICATE-----\n" + "MIIDbzCCAtqgAwIBAgIERiYdRTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" + "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTQxWhcNMDgwNDE3MTMyOTQxWjA3MRsw\n" + "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" + "Lm9yZzCCAbQwggEpBgcqhkjOOAQBMIIBHAKBgLmE9VqBvhoNxYpzjwybL5u2DkvD\n" + "dBp/ZK2d8yjFoEe8m1dW8ZfVfjcD6fJM9OOLfzCjXS+7oaI3wuo1jx+xX6aiXwHx\n" + "IzYr5E8vLd2d1TqmOa96UXzSJY6XdM8exXtLdkOBBx8GFLhuWBLhkOI3b9Ib7GjF\n" + "WOLmMOBqXixjeOwHAhSfVoxIZC/+jap6bZbbBF0W7wilcQKBgGIGfuRcdgi3Rhpd\n" + "15fUKiH7HzHJ0vT6Odgn0Zv8J12nCqca/FPBL0PCN8iFfz1Mq12BMvsdXh5UERYg\n" + "xoBa2YybQ/Dda6D0w/KKnDnSHHsP7/ook4/SoSLr3OCKi60oDs/vCYXpNr2LelDV\n" + "e/clDWxgEcTvcJDP1hvru47GPjqXA4GEAAKBgA+Kh1fy0cLcrN9Liw+Luin34QPk\n" + "VfqymAfW/RKxgLz1urRQ1H+gDkPnn8l4EV/l5Awsa2qkNdy9VOVgNpox0YpZbmsc\n" + "ur0uuut8h+/ayN2h66SD5out+vqOW9c3yDI+lsI+9EPafZECD7e8+O+P90EAXpbf\n" + "DwiW3Oqy6QaCr9Ivo4GTMIGQMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPdGVz\n" + "dC5nbnV0bHMub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH\n" + "gAAwHQYDVR0OBBYEFL/su87Y6HtwVuzz0SuS1tSZClvzMB8GA1UdIwQYMBaAFOk8\n" + "HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQBCsrnfD1xzh8/Eih1f\n" + "x+M0lPoX1Re5L2ElHI6DJpHYOBPwf9glwxnet2+avzgUQDUFwUSxOhodpyeaACXD\n" + "o0gGVpcH8sOBTQ+aTdM37hGkPxoXjtIkR/LgG5nP2H2JRd5TkW8l13JdM4MJFB4W\n" + "QcDzQ8REwidsfh9uKAluk1c/KQ==\n" "-----END CERTIFICATE-----\n"; + +static char pem2_key[] = + "-----BEGIN DSA PRIVATE KEY-----\n" + "MIIBugIBAAKBgQC5hPVagb4aDcWKc48Mmy+btg5Lw3Qaf2StnfMoxaBHvJtXVvGX\n" + "1X43A+nyTPTji38wo10vu6GiN8LqNY8fsV+mol8B8SM2K+RPLy3dndU6pjmvelF8\n" + "0iWOl3TPHsV7S3ZDgQcfBhS4blgS4ZDiN2/SG+xoxVji5jDgal4sY3jsBwIVAJ9W\n" + "jEhkL/6NqnptltsEXRbvCKVxAoGAYgZ+5Fx2CLdGGl3Xl9QqIfsfMcnS9Po52CfR\n" + "m/wnXacKpxr8U8EvQ8I3yIV/PUyrXYEy+x1eHlQRFiDGgFrZjJtD8N1roPTD8oqc\n" + "OdIcew/v+iiTj9KhIuvc4IqLrSgOz+8Jhek2vYt6UNV79yUNbGARxO9wkM/WG+u7\n" + "jsY+OpcCgYAPiodX8tHC3KzfS4sPi7op9+ED5FX6spgH1v0SsYC89bq0UNR/oA5D\n" + "55/JeBFf5eQMLGtqpDXcvVTlYDaaMdGKWW5rHLq9LrrrfIfv2sjdoeukg+aLrfr6\n" + "jlvXN8gyPpbCPvRD2n2RAg+3vPjvj/dBAF6W3w8IltzqsukGgq/SLwIUS5/r/2ya\n" + "AoNBXjeBjgCGMei2m8E=\n" "-----END DSA PRIVATE KEY-----\n"; + +const gnutls_datum_t cert_dat[] = { + {(void *) pem1_cert, sizeof(pem1_cert)} + , + {(void *) pem2_cert, sizeof(pem2_cert)} +}; + +const gnutls_datum_t key_dat[] = { + {(void *) pem1_key, sizeof(pem1_key)} + , + {(void *) pem2_key, sizeof(pem2_key)} +}; + +void _gnutls_lib_simulate_error(void); +void _gnutls_lib_force_operational(void); + +void doit(void) +{ + gnutls_privkey_t privkey; + gnutls_datum_t signature2; + int ret; + size_t i; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + for (i = 0; i < sizeof(key_dat) / sizeof(key_dat[0]); i++) { + if (debug) + success("loop %d\n", (int) i); + + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + fail("gnutls_privkey_init\n"); + + ret = + gnutls_privkey_import_x509_raw(privkey, &key_dat[i], + GNUTLS_X509_FMT_PEM, NULL, 0); + if (ret < 0) + fail("gnutls_privkey_import\n"); + + ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA1, 0, + &hash_data, &signature2); + if (ret < 0) + fail("gnutls_privkey_sign_hash\n"); + + gnutls_free(signature2.data); + + _gnutls_lib_simulate_error(); + ret = gnutls_privkey_sign_hash(privkey, GNUTLS_DIG_SHA1, 0, + &hash_data, &signature2); + if (ret != GNUTLS_E_LIB_IN_ERROR_STATE) + fail("gnutls_privkey_sign_hash\n"); + + _gnutls_lib_force_operational(); + + gnutls_privkey_deinit(privkey); + } + + gnutls_global_deinit(); +} diff --git a/tests/x509sign-verify-gost.c b/tests/x509sign-verify-gost.c new file mode 100644 index 0000000..65e49be --- /dev/null +++ b/tests/x509sign-verify-gost.c @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2016-2017 Free Software Foundation, Inc. + * + * Author: Dmitry Eremin-Solenikov + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see + * + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +# include +# include +#endif +#include +#include +#include + +#include "utils.h" + +#include "x509sign-verify-common.h" + +void doit(void) +{ +#ifndef ENABLE_GOST + exit(77); +#else + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + test_sig(GNUTLS_PK_GOST_01, GNUTLS_DIG_GOSTR_94, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA)); + test_sig(GNUTLS_PK_GOST_12_256, GNUTLS_DIG_STREEBOG_256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA)); + test_sig(GNUTLS_PK_GOST_01, GNUTLS_DIG_GOSTR_94, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPXA)); + test_sig(GNUTLS_PK_GOST_12_256, GNUTLS_DIG_STREEBOG_256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPXA)); + test_sig(GNUTLS_PK_GOST_12_512, GNUTLS_DIG_STREEBOG_512, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A)); + + gnutls_global_deinit(); +#endif +} diff --git a/tests/x509sign-verify-rsa.c b/tests/x509sign-verify-rsa.c new file mode 100644 index 0000000..f527606 --- /dev/null +++ b/tests/x509sign-verify-rsa.c @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos, Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* Parts copied from GnuTLS example programs. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +# include +# include +#endif +#include +#include +#include + +#include "utils.h" + +#include "x509sign-verify-common.h" + +void doit(void) +{ + unsigned rsa_size1, rsa_size2; + global_init(); + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + if (gnutls_fips140_mode_enabled()) { + rsa_size1 = 2048; /* minimum allowed */ + rsa_size2 = 2048; /* minimum allowed */ + } else { + rsa_size1 = 512; + rsa_size2 = 1024; + } + + test_sig(GNUTLS_PK_RSA, GNUTLS_DIG_SHA1, rsa_size1); + test_sig(GNUTLS_PK_RSA, GNUTLS_DIG_SHA256, rsa_size2); + test_sig(GNUTLS_PK_RSA_PSS, GNUTLS_DIG_SHA256, rsa_size2); + + gnutls_global_deinit(); +} diff --git a/tests/x509sign-verify.c b/tests/x509sign-verify.c new file mode 100644 index 0000000..e815d28 --- /dev/null +++ b/tests/x509sign-verify.c @@ -0,0 +1,156 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GnuTLS; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#ifndef _WIN32 +# include +# include +# include +#endif +#include +#include +#include +#include +#include "common-key-tests.h" +#include "utils.h" + +/* verifies whether the sign-data and verify-data APIs + * operate as expected */ + +static void tls_log_func(int level, const char *str) +{ + fprintf(stderr, "<%d> %s", level, str); +} + +/* sha1 hash of "hello" string */ +const gnutls_datum_t raw_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x2c\xd9\xae\xa9\x43\x4d", + 20 +}; + +const gnutls_datum_t invalid_raw_data = { + (void *) + "\xaa\xf4\xc6\x1d\xdc\xc5\xe8\xa2\xda\xbe" + "\xde\x0f\x3b\x48\x3c\xd9\xae\xa9\x43\x4d", + 20 +}; + +#define tests common_key_tests +#define testfail(fmt, ...) \ + fail("%s: "fmt, tests[i].name, ##__VA_ARGS__) + +void doit(void) +{ + gnutls_x509_crt_t crt; + gnutls_x509_privkey_t privkey; + gnutls_sign_algorithm_t sign_algo; + char signature_data[512]; + size_t signature_size; + gnutls_datum_t signature; + int ret; + size_t i; + + global_init(); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(6); + + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + if (tests[i].pk == GNUTLS_PK_DSA || tests[i].pk == GNUTLS_PK_EDDSA_ED25519) + continue; + + success("testing: %s - %s\n", tests[i].name, gnutls_sign_algorithm_get_name(tests[i].sigalgo)); + + ret = gnutls_x509_privkey_init(&privkey); + if (ret < 0) + testfail("gnutls_pubkey_init\n"); + + ret = gnutls_x509_privkey_import(privkey, &tests[i].key, GNUTLS_X509_FMT_PEM); + if (ret < 0) + testfail("gnutls_privkey_import_x509\n"); + + signature_size = sizeof(signature_data); + ret = gnutls_x509_privkey_sign_data(privkey, tests[i].digest, tests[i].sign_flags, + &raw_data, signature_data, &signature_size); + if (ret < 0) + testfail("gnutls_x509_privkey_sign_data\n"); + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) + testfail("gnutls_x509_crt_init\n"); + + ret = + gnutls_x509_crt_import(crt, &tests[i].cert, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + testfail("gnutls_x509_crt_import\n"); + + signature.data = (unsigned char*)signature_data; + signature.size = signature_size; + + ret = + gnutls_x509_crt_verify_data2(crt, tests[i].sigalgo, 0, &raw_data, + &signature); + if (ret < 0) + testfail("gnutls_x509_crt_verify_data2\n"); + + /* should fail */ + ret = + gnutls_x509_crt_verify_data2(crt, tests[i].sigalgo, 0, + &invalid_raw_data, + &signature); + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) + testfail("gnutls_x509_crt_verify_data2-2 (hashed data)\n"); + + sign_algo = + gnutls_pk_to_sign(gnutls_x509_crt_get_pk_algorithm + (crt, NULL), tests[i].digest); + ret = + gnutls_x509_crt_verify_data2(crt, sign_algo, 0, + &raw_data, &signature); + if (ret < 0) + testfail("gnutls_x509_crt_verify_data2-1 (hashed data)\n"); + + /* should fail */ + ret = + gnutls_x509_crt_verify_data2(crt, sign_algo, 0, + &invalid_raw_data, + &signature); + if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED) + testfail("gnutls_x509_crt_verify_data2-2 (hashed data)\n"); + + gnutls_x509_crt_deinit(crt); + gnutls_x509_privkey_deinit(privkey); + } + + gnutls_global_deinit(); +} -- cgit v1.2.3